í«îÛ    libndr-standard0-64bit-4.7.11+git.186.d75219614c3-lp150.3.18.2                      Ž­è         <   >     ,     è            ê          ì         Ä‰ ]¹í ¸‹/Ô=½Â„gþ Õ)ÃVyê?Fõ§&”Hz?ÙH\…ÅgOÖð#eX~ô4§‘¿z—Vª¾"RuD$©ã~qÙzÍv5(”Újí±£Š~|ý’®'eƒ—•Iá®±½áDi¤`Ö‰z1OÅñ\=/hÄ]B•ýi½„­ýt8F3M™›Jø‚";J¦dÂÐ~ §Œê÷LÌ ¦ï´|0Ý™÷³-!â¿ä·
µ68I#Ézå:¼7xwµ¡Ör´Œû ÓpþöÖ1„õZ5¶òTF‚æx7­…ÂÄoß"—}LÞ2#‰êDY•¬ˆ1ð˜YIBú²˜Ê›Š‰þjâ }MÄYÙ¦¢k[“ÂA•ÍcòúûGÀÃ‰´ç   >   ÿÿÿÀ       Ž­è       > 1Ô   ?    1Ä      d            è           é           ê      4     ì   	   A     í   	   |     î      ü     ï           ñ          ò          ó     #     ö     ,     ÷     5     ø   	  N     ü     _     ý     v     þ     |           Š          œ          ¤     	     ¨     
     ¬          ´          ö                              "          ,          d          l          ô          <          r     (     œ     8     ¤      9     $      :     f      >    .g     G    .p     H    .x     I    .€     X    .„     Y    .”     \    .è     ]    .ð     ^    /     b    /*     c    /Ó     d    0h     e    0m     f    0p     l    0r     u    0Œ     v    0”     w    1(     x    10     y    18     “    1t     Æ    1x     ä    1~     å    1À   C libndr-standard0-64bit 4.7.11+git.186.d75219614c3 lp150.3.18.2 NDR marshallers for the standard set of DCE/RPC interfaces This subpackage contains NDR encoders/decoders for the set of standard
DCE/RPC interfaces found on Windows and Samba servers.   ]¹í obs-arm-7    5openSUSE Leap 15.0 openSUSE GPL-3.0+ http://bugs.opensuse.org System/Libraries https://www.samba.org/ linux aarch64_ilp32 /sbin/ldconfig        5¡ÿí    ]¹íŸ]¹í  3131c12af986e2a89c926d0a0942b1edd5674edebd204f9e91b5917b35e0e903 libndr-standard.so.0.0.1          root root root root samba-4.7.11+git.186.d75219614c3-lp150.3.18.2.src.rpm   ÿÿÿÿÿÿÿÿlibndr-standard.so.0()(64bit) libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit) libndr-standard0-64bit libndr-standard0-64bit(aarch-64)        @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
  
/bin/sh libc.so.6()(64bit) libc.so.6(GLIBC_2.17)(64bit) libndr.so.0()(64bit) libndr.so.0(NDR_0.0.1)(64bit) libndr.so.0(NDR_0.0.5)(64bit) libndr.so.0(NDR_0.0.6)(64bit) libndr.so.0(NDR_0.0.9)(64bit) libsamba-security-samba4.so()(64bit) libsamba-security-samba4.so(SAMBA_4.7.11_GIT.186.D75219614C3LP150.3.18.2_SUSE_OS15.0_AARCH64)(64bit) libsamba-util.so.0()(64bit) libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit) libtalloc.so.2()(64bit) libtalloc.so.2(TALLOC_2.0.2)(64bit) rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz)               3.0.4-1 4.6.0-1 4.0-1 5.2-1 4.14.1  ]®ï@]©©@\ÒÄÀ\·@\³ À\§C@\£NÀ\}@\oä@\\À[ò¥À[ê¼À[¿;@[z­@[i‰À[6@[5@[ï@Z§½@Z§½@Z“öÀZ@ZÀZ}@Z'ÛÀZ¡@ZOÀZþ@Z,@Z @YíÙÀYÌä@Yºo@Yºo@Yºo@Y§ú@Y”3ÀY‰§ÀYuá@Yg`ÀYf@Y7êÀY7êÀY,@Y"ÒÀXÿ:@Xÿ:@XõÿÀXësÀXç@Xâ9@XÜó@XÜó@XÒg@XÉ,ÀXÆ‰ÀX«@XœYÀX˜e@X‰äÀXˆ“@X…ð@X€ª@XWËÀXAb@X-›ÀWéÀWâv@Wá$ÀWÙ;ÀWÅu@WÄ#ÀW±®ÀW¯ÀW­º@W~D@Wj}ÀW_ñÀWYZ@WYZ@W=ªÀW(’ÀW!û@WîÀW@Vñ3ÀVñ3ÀVÜÀVØ'@VÕ„@VÕ„@VÎìÀVÌIÀVÊø@VÄ`ÀVÀl@V½É@V˜ß@V–<@V–<@V“™@VjºÀV]‹ÀVIÅ@VG"@VG"@VG"@VG"@V(ÏÀV'~@V æÀV7@VBÀUùYÀUòÂ@Uð@UîÍÀUäAÀUÄÀU¨î@U¤ùÀU™@U–y@U€ÀUràÀUq@UhTÀU_@US<ÀUJ@U/¤@U/¤@U&iÀUŒ@UÀU	hÀU@TøE@Tòÿ@TìgÀTìgÀTÀæ@TÀæ@T¾C@T¼ñÀT¼ñÀTµÀTµÀT«Î@T…’ÀTž@T€LÀT}©ÀTxcÀT[bÀTZ@TR(@TO…@TKÀT>aÀNoel Power <nopower@suse.com> Noel Power <nopower@suse.com> David Disseldorp <ddiss@suse.com> npower <nopower@suse.com> David Disseldorp <ddiss@suse.com> npower <nopower@suse.com> npower <nopower@suse.com> David Disseldorp <ddiss@suse.com> Samuel Cabrero <scabrero@suse.de> ddiss@suse.com Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> aaptel@suse.com ddiss@suse.com aaptel@suse.com scabrero@suse.de palcantara@suse.com scabrero@suse.de david.mulder@suse.com jmcdonough@suse.com aaptel@suse.com dmulder@suse.com scabrero@suse.com scabrero@suse.com kukuk@suse.de david.mulder@suse.com scabrero@suse.com rbrown@suse.com dmulder@suse.com scabrero@suse.com dimstar@opensuse.org scabrero@suse.com aaptel@suse.com nopower@suse.com nopower@suse.com aaptel@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com ddiss@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com dmulder@suse.com nopower@suse.com jmcdonough@suse.com aaptel@suse.com kukuk@suse.com kukuk@suse.de nopower@suse.com aaptel@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com nopower@suse.com nopower@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com ddiss@suse.com jmcdonough@suse.com ddiss@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com tchvatal@suse.com lmuelle@suse.com nopower@suse.com crrodriguez@opensuse.org lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com noel.power@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com mpluskal@suse.com lmuelle@suse.com nopower@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.de nopower@suse.de lmuelle@suse.com nopower@suse.de ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com - CVE-2019-14847: User with "get changes" permission can
  crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
  separators; (bso#14071); (bsc#1144902); - CVE-2019-14833: samba: Accent with "check script password"
  Samba AD DC check password script does not receive the full
  password; (bso#12438); (bsc#1154289). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP;
  (bsc#1125601); (bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
  temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). - Ensure we build against correct version of ldb; (bsc#1131686);
  (bsc#1125410). - CVE-2019-3880: Save registry file outside share as unprivileged
  user; (bso#13851); (bsc#1131060 ). - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). - Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377); - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); - CVE-2018-14629: dns: CNAME loop prevention using counter;
  (bso#13600); (bsc#1116319);
- CVE-2018-16841: heimdal: Fix segfault on PKINIT with mis-matching principal;
  (bso#13628); (bsc#1116320);
- CVE-2018-16851: ldap_server: Check ret before manipulating blob;
  (bso#13674); (bsc#1116322);
- CVE-2018-16853: build: The Samba AD DC, when build with MIT Kerberos is
  experimental; (bso#13678); (bsc#1116324); - Update to 4.7.11;
  + s3: util: Do not take over stderr when there is no log file;
    (bso#13578); (bsc#1101499);
  + s3: smbd: Ensure get_real_filename() copes with empty pathnames;
    (bso#13585);
  + s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test; (bso#13633);
  + Durable Reconnect fails because cookie.allow_reconnect is not set
    redundant for SMB2; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + Fix possible memory leak in the Samba process; (bso#13362);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add virtualKerberosSalt attribute to 'user
    getpassword/syncpasswords'; (bso#13539);
  + smb2_server: Set req->do_encryption = true earlier; (bso#13624);
  + s3:winbind: Fix regression: winbind normalize names doesn't work for
    users; (bso#12851); - Update to 4.7.10; (bsc#1111528);
  + support the new v4 Performance Co-Pilot API; (bsc#1111374)
  + quotas don't work with SMB2; (bso#13553);
  + Build failure when quota support not detected; (bso#13563);
  + vfs_fruit can leave lock records when testing for netatalk share
    mode locks - causing panic; (bso#13584);
  + vfs_time_audit is failing FSCTL_SRV_REQUEST_RESUME_KEY requests;
    (bso#13568);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + deadlock with ctdb_mutex_ceph_rados_helper; (bso#13540);
  + NTLM authentications using default domain/workgroup stopped
    working; (bso#13126); (bsc#1068059);
  + vfs_ceph lies about flock support; (bso#13506);
  + Using sendfile = yes with SMB2 can cause CPU spin; (bso#13537);
  + Durable Handle reconnect fails in
    smbd_smb2_create_durable_lease_check(); (bso#13535);
  + cli_splice() fallback code reads wrong amount on termination
    case; (bso#13527);
  + LDB 1.4.0 breaks Samba < 4.9; (bso#13519);
  + samba-tool trust: support discovery via netr_GetDcName;
    (bso#13538);
  + samba-tool domain trust: fix trust compatibility to Windows Server
    1709 and FreeIPA; (bso#13308);
  + conn->vuid is invalid after a SMB session reauth; (bso#13351);
  + Durable Handles reconnect fails in a cluster when the cluster fs
    uses different device ids; (bso#13318);
  + cli_splice() doesn't correctly return written bytes as it's
    uninitialized in libsmbclient code; (bso#13511);
  + Threading support in talloc_tos() crashes when enabled;
    (bso#13505);
  + Incorrect talloc_stackframe handling in python ACL test code
    (make_simple_acl); (bso#13474);
  + Fail renaming file if that file has open streams; (bso#13451);
  + vfs_fruit: delete 0 byte size streams if AAPL is enabled;
    (bso#13441);
  + Creating missing remote databases during recovery can fail;
    (bso#13500);
  + CTDB_BROADCAST_VNNMAP should not be used; (bso#13499);
  + Fix building Samba with gcc 8.1; (bso#13437);
  + Uncaught exception at ldb_modules/password_hash.c:2241 during new
    domain provision; (bso#11573);
  + "net ads keytab add nfs" writes only one enctype with older
    kerberos libraries; (bso#13478);
  + VFS modules that implement pread/pwrite must also implement
    pread_send/pwrite_send; (bso#13425);
  + vfs_ceph is missing async fsync implementations; (bso#13412);
  + net ads keytab list fails with (smb_krb5_kt_open failed (Key table
    name malformed); (bso#13166);
  + s390 and s390 needs to run with 'use mmap = no' by default;
    (bso#10765); - Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
- Fix vfs_ceph flock stub; (bso#13506);
- Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); bsc#(1068059);
- Allow idmap_rid to have primary group other than "Domain Users";
  (bsc#1087931). - Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048);
  (bso#13360); (CVE-2018-1139);
- ldbsearch '(distinguishedName=abc)' and DNS query with escapes
  crashes; (bsc#1095056); (bso#13374); (CVE-2018-1140);
- Confidential attribute disclosure via substring search;
  (bsc#1095057); (bso#13434); (CVE-2018-10919);
- smbc_urlencode helper function is a subject to buffer overflow;
  (bsc#1103411); (bso#13453); (CVE-2018-10858);
- Fix NULL ptr dereference in DsCrackNames on a user without a SPN;
  (bsc#1103414); (bso#13552); (CVE-2018-10918); - Update to 4.7.8; (bsc#1099702);
  + s3: smbd: Generic fix for incorrect reporting of stream dos attributes
    on a directory; (bso#13380);
  + ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous
    call; (bso#13412);
  + s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT;
    (bso#13419);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + s3: smbd: printing: Re-implement delete-on-close semantics for print
    files missing since 3.5.x; (bso#13457);
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474);
  + winbindd on the AD DC is slow for passdb queries; (bso#13430);
  + No Backtrace given by Samba's AD DC by default; (bso#13454);
  + winbindd doesn't recover loss of netlogon secure channel in case the peer
    DC is rebooted; (bso#13332);
  + s3:smbd: Fix interaction between chown and SD flags; (bso#13432);
  + s4-heimdal: Fix the format-truncation errors; (bso#13437);
  + vfs_ceph: Add fake async pwrite/pread send/recv hooks; (bso#13425);
  + printing: Return the same error code as Windows does on upload failures;
    (bso#13395);
  + winbind: Improve child selection; (bso#13290);
  + winbind: Maintain a binding handle per domain and always go via
    wb_domain_request_send(); (bso#13292);
  + winbindd doesn't recover loss of netlogon secure channel in case the peer
    DC is rebooted; (bso#13332);
  + Looking up the user using the UPN results in user name with the REALM
    instead of the DOMAIN; (bso#13369);
  + rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair;
    (bso#13370);
  + smbclient: Fix broken notify; (bso#13382);
  + libads: Fix the build --without-ads; (bso#13273);
  + winbindd: Don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids;
    (bso#13279);
  + winbindd: initialize type = SID_NAME_UNKNOWN in
    wb_lookupsids_single_done(); (bso#13280);
  + s4:rpc_server: Fix call_id truncation in dcesrv_find_fragmented_call();
    (bso#13289);
  + A disconnecting winbind client can cause a problem in the winbind parent
    child communication; (bso#13290);
  + winbind: Use one queue for all domain children;
    (bso#13292);
  + Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state;
    (bso#13293);
  + winbind should avoid using fstrcpy(domain->dcname,...) on a char *;
    (bso#13294); (bsc#1087303);
  + The winbind parent should find the dc of a foreign domain via the primary
    domain; (bso#13295);
  + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged
    pipe is not accessable; (bso#13400);
  + Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP
    NTLM2 packet check failed due to invalid signature!); (bso#13427);
  + s3: VFS: Fix memory leak in vfs_ceph; (bso#13424);
  + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407);
  + dfree cache returning incorrect data for sub directory mounts;
    (bso#13446);
  + Looking up the user using the UPN results in user name with the REALM
    instead of the DOMAIN; (bso#13369);
  + s3:passdb: Do not return OK if we don't have pinfo set up;
    (bso#13376);
  + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
  + s4:auth_sam: Allow logons with an empty domain name; (bso#13206);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number
    of ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + build: Fix libceph-common detection; (bso#13277);
  + build: Fix ceph_statx check when configured with libcephfs_dir;
    (bso#13250);
  + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
    (bso#13297);
  + ctdb-scripts: Drop 'net serverid wipe' from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + smbd can panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + s3:libsmb: Allow -U"\\administrator" to work; (bso#13206);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + smbc_opendir should not return EEXIST with invalid login credentials;
    (bso#13050);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310);
  + subnet: Avoid a segfault when renaming subnet objects; (bso#13031);
  + 'wbinfo --name-to-sid' returns misleading result on invalid query;
    (bso#13312);
  + s3:smbd: Do not crash if we fail to init the session table; (bso#13315);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302); - Bump vendor-files
- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551); (bsc#1094881); - Add missing package descriptions; (bsc#1093864); - Disable samba-pidl package, due to the removal of dependency
  perl-Parse-Yapp; (bsc#1085150); - Update to 4.7.6;
  + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
    (bso#11343); (bsc#1081741);
  + CVE-2018-1057: Authenticated users can change other users' password;
    (bso#13272); (bsc#1081024). - Disable python until full python3 port is done; (bsc#1082139);
  + Remove contents of package samba-python
  + Remove contents of package libsamba-policy0
  + Remove contents of package libsamba-policy-devel
  + Remove library libsamba-python-samba4.so from samba-libs package
  + Remove library libsamba-net-samba4.so from samba-libs package
  + Remove smbtorture binary and manpage from samba-test - samba fails to build with glibc2.27; (bsc#1081042); - Update to 4.7.5; (bsc#1080545);
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193);
  + Fix copying file with empty FinderInfo from Windows client to Samba share
    with fruit; (bso#13181);
  + build: Deal with recent glibc sunrpc header removal; (bso#10976);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
    (bsc#1075206);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + ctdb-recovery-helper: Deregister message handler in error paths;
    (bso#13188);
  + samba: Only use async signal-safe functions in signal handler; (bso#13240);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + repl_meta_data: Fix linked attribute corruption on databases
    with unsorted links on expunge. dbcheck: Add functionality to fix the
    corrupt database; (bso#13228);
  + Fix smbd panic when chdir returns error during exit; (bso#13189);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
    (bso#13176); - Update to 4.7.4; (bsc#1080545);
  + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
  + s3: libsmb: Fix valgrind read-after-free error in
    cli_smb2_close_fnum_recv(); (bso#13171);
  + s3: libsmb: Fix reversing of oldname/newname paths when creating a
    reparse point symlink on Windows from smbclient; (bso#13172);
  + Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
  + repl_meta_data: Allow delete of an object with dangling backlinks;
    (bso#13095);
  + s4:samba: Fix default to be running samba as a deamon; (bso#13129);
  + Performance regression in DNS server with introduction of DNS wildcard,
    ldb: Release 1.2.3; (bso#13191);
  + vfs_zfsacl: Fix compilation error; (bso#6133);
  + "smb encrypt" setting changes are not fully applied until full smbd
    restart; (bso#13051);
  + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
  + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
  + winbindd: Dependency on trusted-domain list in winbindd in critical auth
    codepath; (bso#13173);
  + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
  + ctdb: sock_daemon leaks memory; (bso#13153);
  + TCP tickles not getting synchronised on CTDB restart; (bso#13154);
  + winbindd: winbind parent and child share a ctdb connection; (bso#13150);
  + pthreadpool: Fix deadlock; (bso#13170);
  + pthreadpool: Fix starvation after fork; (bso#13179);
  + messaging: Always register the unique id; (bso#13180);
  + s4/smbd: set the process group; (bso#13129);
  + Fix broken linked attribute handling; (bso#13095);
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132);
  + libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
    sessions; (bso#13197);
  + s3:libads: net ads keytab list fails with "Key table name malformed";
    (bso#13166); (bsc#1067700);
  + Fix crash in pthreadpool thread after failure from pthread_create;
    (bso#13170);
  + s4:samba: Allow samba daemon to run in foreground; (bso#13129);
    (bsc#1065551);
  + third_party: Link the aesni-intel library with "-z noexecstack";
    (bso#13174);
  + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
    options; (bso#13125); - Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
  glibc) - smbc_opendir should not return EEXIST with invalid login credentials;
  (bnc#1065868). - Update to 4.7.3; (bsc#1069666);
  + Non-smbd processes using kernel oplocks can hang smbd;
    (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load;
    (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
  + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
    (bsc#1060427);(bso#13041);
  + CVE-2017-15275: s3: smbd: Chain code can return uninitialized
    memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE. - Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468) - samba-tool requires samba-python; (bnc#1067771). - Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049); - Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
  package won't be generated simply based on the fact that there is
  no files section for the package. Allows the source validator to
  ensure samba-kdc is a built package. - Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.
- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
  (bso#12851); - CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624). - CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565). - Clean specfile assuming SUSE-only system and product >=SLE11
  + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
    are always undefined
  + %{_vendor} is "suse" and %{suse_version} is at least 1100 - Update to 4.6.7; (bsc#1054017)
  + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
  + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
  + vfs_ceph provides inconsistent directory listings; (bso#12911).
  + Misused talloc context can cause a user to crash their smbd by chaining
    SMB1 commands.; (bso#12836).
  + Use-after free can crash libsmbclient code.; (bso#12927).
  + Server exit with active AIO can crash.; (bso#12925).
  + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
  + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
    (bso#12898).
  + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
  + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
    authentication; (bso#12886).
  + finder sidebar showing question mark instead of icon when using ip to
    connect with vfs_fruit; (bso#12840).
  + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
    from AD.; (bso#12720).
  + KCC run at selftest startup can fail spuriously due to a race;
    (bso#12869).
  + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
    the remote change; (bso#12782).
  + rpc_pipe_client memory leaks due to long term memory context passed to
    rpc_pipe_open_interface(); (bso#12890).
  + CVE-2017-2619 breaks accessing previous versions of directories with
    snapshots in subdirectories of the share; (bso#12885).
  + dns_name_equal doing OOB read; (bso#12813).
  + replica_sync tests flap; (bso#12753).
  + Selftest should not call 'net cache flush' and wipe important winbind
    entries; (bso#12868).
  + Old Samba versions don't support using recent ldb versions (>=1.1.30);
    (bso#12859).
  + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
  + race starting winbindd against posixacl test; (bso#12843).
  + Crash in the reentrant smbd_smb2_create_send() if the something fails in
    the subsequent try; (bso#12832).
  + spnego.c passes the wrong argument order to gensec_update_ev() for the
    FALLBACK case; (bso#12788).
  + Clients with SMB3 support can't connect with
    "server max protocol = SMB2_02"; (bso#12772).
  + A log message of samb-tool user syncpasswords reverses string arguments in
    a debug message "Call Popen[...".; (bso#12768).
  + The smb tarmode tests kills the share dir contents; (bso#12867).
  + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
  + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
  + manpage/index.html lists links not in alphabetical order; (bso#12854).
  + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
  + If a record is locked in a database, then recovery does not complete;
    (bso#12857).
  + debug_locks.sh script does not log any information; (bso#12856).
  + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
    after error; (bso#12852).
  + smbclient can't parse DOMAIN+username if a different winbind separator is
    used; (bso#12849).
  + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
  + Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
    (bso#12844).
  + cli->server_os not filled correctly; (bso#12779).
  + REGRESSION: smbclient doesn't print the session setup anymore;
    (bso#12824).
  + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
    FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
  + CTDB NFS call-out failures do not cause event failures; (bso#12837).
  + net command fails due to incorrectly return code; (bso#12828).
  + Fix building Samba with GCC 7.1; (bso#12827). - Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
  (bsc#1048339). - fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
  + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
    (bsc#1048278). - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339). - Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387). - Update to 4.6.5; (bsc#1040157)
  + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
    startup; (bso#12814).
  + vfs_expand_msdfs tries to open the remote address as a file path;
    (bso#12687).
  + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
    (bso#12798).
  + With clustering get update_num_read_oplocks failed and PANIC:
    num_share_modes == 1 assertion failure; (bso#11844).
  + contend_level2_oplocks_begin_default oplock optimisation doesn't carry
    over to leases; (bso#12766).
  + `ctdb nodestatus` incorrectly displays status for all nodes with wrong
    exit code; (bso#12802).
  + CTDB can spin hard on revoking readonly delegations if a node becomes
    disconnected; (bso#12697).
  + Printing a share mode entry with leases can crash in the ndr code;
    (bso#12793).
  + Fix flakey unit tests for eventd; (bso#12792).
  + CTDB daemon crashes if built with clang; (bso#12770).
  + smbcacls fails if no password is specified; (bso#12765).
  + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
  + samba-tool user syncpasswords doesn't trigger the script when a user gets
    removed; (bso#12767).
  + systemd: fix detection of libsystemd; (bso#12764).
  + Notify subsystem only maps first inotify mask to Windows notify filter;
    (bso#12760).
  + Allow passing trusted domain password as plain-text to PASSDB layer;
    (bso#12751).
  + Can't case-rename files with vfs_fruit; (bso#12749).
  + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
  + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
  + Ordering of notify responses broken; (bso#12756). - s3: libsmb: Fix error where short name length was read as 2
  bytes, should be 1; (bso#11822); (bsc#1042419). - Revert explicit winbind %{version}-%{release} dependency.
  + The ABI has stabilized since (bsc#936909), so remove to fix cross-media
    dependencies; (bsc#1037899). - Fix CVE-2017-7494 remote code execution from a writable share;
  (bso#12780); (bsc#1038231). - Update to 4.6.3; (bsc#1036011)
  + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
    from shares with GlusterFS backend; (bso#12743).
  + Fix for Solaris C compiler; (bso#12559).
  + s3: locking: Update oplock optimization for the leases era; (bso#12628).
  + Make the Solaris C compiler happy; (bso#12693).
  + s3: libgpo: Allow skipping GPO objects that don't have the
    expected LDAP attributes; (bso#12695).
  + Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
  + lib: debug: Avoid negative array access; (bso#12746).
  + cleanupdb: Fix a memory read error; (bso#12748).
  + streams_xattr and kernel oplocks results in
    NT_STATUS_NETWORK_BUSY; (bso#7537).
  + winbindd: idmap_autorid allocates ids for unknown SIDs from other
    backends; (bso#11961).
  + vfs_fruit: Resource fork open request with
    flags=O_CREAT|O_RDONLY; (bso#12565).
  + manpages/vfs_fruit: Document global options; (bso#12615).
  + lib/pthreadpool: Fix a memory leak; (bso#12624).
  + Lookup-domain for well-known SIDs on a DC; (bso#12727).
  + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
  + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
  + credentials_krb5: use gss_acquire_cred for client-side GSSAPI
    use case; (bso#12611).
  + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
  + ctdb-readonly: Avoid a tight loop waiting for revoke to
    complete; (bso#12697).
  + ctdb_event monitor command crashes if event is not specified;
    (bso#12723).
  + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
  + smbd: Fix smb1 findfirst with DFS; (bso#12558).
  + smbd: Do an early exit on negprot failure; (bso#12610).
  + winbindd: Fix substitution for 'template homedir'; (bso#12699).
  + s4:kdc: Disable principal based autodetected referral detection;
    (bso#12554).
  + idmap_autorid: Allocate new domain range if the callers knows
    the sid is valid; (bso#12613).
  + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
  + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
    trusted domain; (bso#12725).
  + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
  + winbindd: Fix password policy for pam authentication; (bso#12725).
  + s3:gse: Correctly handle external trusts with MIT; (bso#12554).
  + auth/credentials: Always set the realm if we set the principal
    from the ccache; (bso#12611).
  + replace: Include sysmacros.h; (bso#12686).
  + s3:vfs_expand_msdfs: Do not open the remote address as a file;
    (bso#12687).
  + s3:libsmb: Only print error message if kerberos use is forced;
    (bso#12704).
  + winbindd: Child process crashes when kerberos-authenticating
    a user with wrong password; (bso#12708).
  + vfs_fruit: Office document opens as read-only on macOS due to
    CNID semantics; (bso#12715).
  + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
    fragmented; (bso#12737). - Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416). - Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
  - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist" - Update to 4.6.2
  + remove bso#12721 patches now upstream - Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
  + x86-64 and aarch64 - Enable librados CTDB lock helper for samba-ceph package; (fate#321622). - Build and install the html man pages (bsc#1021907). - Fix CVE-2017-2619 regression with "follow symlinks = no";
  (bso#12721). - Update to 4.6.1
  + symlink race permits opening files outside share directory;
    CVE-2017-2619; (bso#12496); (bsc#1027147)
  + testparm checks for valid idmap parameters
  + add new krb client encryption types
  + support for printer driver upload from windows 10
  + inherit owner = 'unix only' for improved quota support
  + improved CTDB event support
  + new primary group support for idmap_ad
  + idmap_hash deprecated
  + mvxattr added to recursively rename extended attributes - Remove chkconfig requirements for systemd systems - Don't call insserv if systemd is used - Fix check if we need to require insserv - async_req: make async_connect_send() "reentrant";
  (bso#12105); (bsc#1024416). - Force usage of ncurses6-config thru NCURSES_CONFIG env var;
  (bsc#1023847). - add missing patch for libnss_wins segfault; (bsc#995730). - Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Add base Samba dependency to samba-ceph package. - Update to 4.5.3
  + Heap-based Buffer Overflow Remote Code Execution Vulnerability;
    CVE-2016-2123; (bso#12409); (bsc#1014437).
  + Don't send delegated credentials to all servers; CVE-2016-2125;
  (bso#12445); (bsc#1014441).
  + denial of service due to a client triggered crash in the winbindd
    parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
  + various streams vfs fixes
  + various printing fixes
  + ntlm_auth: do not map explicitly empty domain
  + various stability fixes in smbd
  + match file compression ReFS behavior -  Add missing ldb module directory; (bnc#1012092). - s3/client: obey 'disable netbios' smb.conf param, don't
  connect via NBT port; (bsc#1009085); (bso#12418). - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format
  fails; (bsc#997833). - Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730). - Update to 4.5.0
  + NTLM1 Authentication disabled by default
  + SMB2.1 leases enabled by default
  + Support for OFD locks
  + ctdb tool rewritten
  + Added shadow copy snapshot prefix parameter - Fix illegal memory access after memory has been deleted;
  (bso#11836); (bsc#975299). - Prevent core, make sure response->extra_data.data is always
  cleared out; (bsc#993692). - Don't package man pages for VFS modules that aren't built;
  (boo#993707). - Fix population of ctdb sysconfig after source merge; (bsc#981566). - Enable vfs_ceph builds for Factory (x86-64)
  + Package as samba-ceph to avoid Ceph dependency in base package. - Update to 4.4.5
  +  Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
    (bso#11860); (bsc#986869). - Remove obsolete syslog.target; (bsc#983938). - Honor smb.conf socket options in winbind; (bsc#975131). - Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522). - Update to 4.4.4
  + SMB3 multichannel: Add implementation of missing channel sequence
    number verification; (bso#11809).
  + smbd:close: Only remove kernel share modes if they had been
    taken at open; (bso#11919).
  + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
    (bso#11930).
  + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
  + Fix case sensitivity issues over SMB2 or above; (bso#11438).
  + s3:smbd: Fix anonymous authentication if signing is mandatory.
    (bso#11910)
  + Fix NTLM Authentication issue with squid; (bso#11914).
  + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
  + Fix memory leak in share mode locking; (bso#11934). - Update to 4.4.3
  + Various post-badlock regressions; (bso#11841); (bso#11850);
    (bso#11858); (bso#11870); (bso#11872).
  + Only allow idmap_hash for default idmap config (bso#11786).
  + smbd: Avoid large reads beyond EOF; (bso#11878).
  + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
    is set; (bso#11806).
  + libads: Record session expiry for spnego sasl binds; (bso#11852). - Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
  (bsc#975962); (bsc#979268), (bsc#977669). - Revert shared library packaging to comply with SLPP - Update to 4.4.2
  + A man-in-the-middle can downgrade NTLMSSP authentication;
    CVE-2016-2110; (bso#11688); (bsc#973031).
  + Domain controller netlogon member computer can be spoofed;
    CVE-2016-2111; (bso#11749); (bsc#973032).
  + LDAP conenctions vulnerable to downgrade and  MITM attack;
    CVE-2016-2112; (bso#11644); (bsc#973033).
  + TLS certificate validation missing; CVE-2016-2113; (bso#11752);
    (bsc#973034).
  + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
    (bso#11756); (bsc#973036).
  + "Badlock" DCERPC impersonation of authenticated account possible;
    CVE-2016-2118; (bso#11804); (bsc#971965).
  + DCERPC server and client vulnerable to DOS and MITM attacks;
    CVE-2015-5370; (bso#11344); (bsc#936862). - Fix samba.tests.messaging test and prevent potential tdb corruption
  by removing obsolete now invalid tdb_close call; (bsc#974629). - Obsolete libsmbclient from libsmbclient0 while not providing it;
  (bsc#972197). - Update to 4.4.0.
  + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
    CVE-2016-0771.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; (bso#11648); CVE-2015-7560.
  + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
    with no ACL support; (bso#10489).
  + docs: Add example for domain logins to smbspool man page; (bso#11643).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
  + winbindd: Return trust parameters when listing trusts; (bso#11691).
  + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
  + Crypto.Cipher.ARC4 is not available on some platforms, fallback to
    M2Crypto.RC4.RC4 then; (bso#11699).
  + s3:utils/smbget: Set default blocksize; (bso#11700).
  + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
  + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
  + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
  + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
  + smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + docs: Add manpage for cifsdd; (bso#11730).
  + param: Fix str_list_v3 to accept ; again; (bso#11732).
  + lib/socket: Fix improper use of default interface speed; (bso#11734).
  + lib:socket: Fix CID 1350009: Fix illegal memory accesses
    (BUFFER_SIZE_WARNING); (bso#11735).
  + libcli: Fix debug message, print sid string for new_ace trustee;
    (bso#11738).
  + Fix installation path of Samba helper binaries; (bso#11739).
  + Fix memory leak in loadparm; (bso#11740).
  + tevent: version 0.9.28: Fix memory leak when old signal action restored;
    (bso#11742).
  + smbd: Ignore SVHDX create context; (bso#11753).
  + Fix net join; (bso#11755).
  + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
    (bso#11755).
  + passdb: Add linefeed to debug message; (bso#11763).
  + s3:utils/smbget: Fix option parsing; (bso#11767).
  + libnet: Make Kerberos domain join site-aware; (bso#11769).
  + Reset TCP Connections during IP failover; (bso#11770).
  + ldb: Version 1.1.26; (bso#11772).
  + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
  + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
  + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
  + "trustdom_list_done: Got invalid trustdom response" message should be
    avoided; (bso#11782).
  + Mismatch between local and remote attribute ids lets replication fail with
    custom schema; (bso#11783).
  + Quota is not supported on Solaris 10; (bso#11788).
  + Talloc: Version 2.1.6; (bso#11789).
  + smbd: Enable multi-channel if 'server multi channel support = yes' in the
    config; (bso#11796).
  + build: Fix build when '--without-quota' specified; (bso#11798).
  + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
  + Access based share enum: handle permission set in configuration files;
    (bso#8093).
  + See also WHATSNEW.txt from the samba-doc package. - Update to 4.3.6.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; CVE-2015-7560; (bso#11648); (bsc#968222).
  + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
    (bso#11128); (bso#11686); (bsc#968223). - Upgrade on-disk FSRVP server state to new version; (bsc#924519). - Only obsolete but do not provide gplv2/3 package names; (bsc#968973). - Relocate existing lock files to /var/lib/samba/lock; (bsc#968963). - Obsolete no longer existing samba-32bit package; (bsc#967625). - Update to 4.3.5.
  + s3:utils/smbget: Fix recursive download; (bso#6482).
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
    with no ACL support; (bso#10489).
  + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
    (bso#11400).
  + vfs_shadow_copy2: Fix case where snapshots are outside the share;
    (bso#11580).
  + smbclient: Query disk usage relative to current directory; (bso#11662).
  + winbindd: Handle expired sessions correctly; (bso#11670).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + smbcacls: Fix uninitialized variable; (bso#11682).
  + s3:smbd: Ignore initial allocation size for directory creation;
    (bso#11684).
  + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
  + s3-parm: Clean up defaults when removing global parameters; (bso#11693).
  + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + ctdb: Remove error messages after kernel security update; CVE-2015-8543;
    (bso#11705).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
    (bso#11719).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + param: Fix str_list_v3 to accept ";" again; (bso#11732). - Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361). - Simplify shared library packaging; (bsc#966956). - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
  (bsc#964023). - Add quotes around path of update-apparmor-samba-profile; (bnc#962177). - Remove autoconf build-time requirement. - Update to 4.3.4.
  + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
  + Crash: Bad talloc magic value - access after free; (bso#11394).
  + Copying files with vfs_fruit fails when using vfs_streams_xattr without
    stream prefix and type suffix; (bso#11466).
  + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
    (bso#11613).
  + Fix a typo in the smb.conf manpage, explanation of idmap config;
    (bso#11619).
  + Correctly initialize the list head when keeping a list of primary followed
    by DFS connections; (bso#11624).
  + Reduce the memory footprint of empty string options; (bso#11625).
  + lib/async_req: Do not install async_connect_send_test; (bso#11639).
  + Fix typos in man vfs_gpfs; (bso#11641).
  + Make "hide dot files" option work with "store dos attributes = yes";
    (bso#11645).
  + Fix a corner case of the symlink verification; (bso#11647);  (bnc#960249).
  + Do not disable "store dos attributes" on-the-fly; (bso#11649).
  + Update lastLogon and lastLogonTimestamp; (bso#11659). - Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249). - Update to 4.3.3.
  + Malicious request can cause Samba LDAP server to hang, spinning using CPU;
    CVE-2015-3223; (bso#11325); (bnc#958581).
  + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
    (bnc#958586).
  + Insufficient symlink verification (file access outside the share);
    CVE-2015-5252; (bso#11395); (bnc#958582).
  + No man in the middle protection when forcing smb encryption on the client
    side; CVE-2015-5296; (bso#11536); (bnc#958584).
  + Currently the snapshot browsing is not secure thru windows previous version
    (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
  + Fix Microsoft MS15-096 to prevent machine accounts from being changed into
    user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Update to 4.3.2.
  + vfs_gpfs: Re-enable share modes; (bso#11243).
  + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
  + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
    type of zero; (bso#11452).
  + Add libreplace dependency to texpect, fixes a linking error on Solaris;
    (bso#11511).
  + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
  + s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
  + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
    (bso#11563).
  + async_req: Fix non-blocking connect(); (bso#11564).
  + auth: gensec: Fix a memory leak; (bso#11565).
  + lib: util: Make non-critical message a warning; (bso#11566).
  + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
    (bnc#949022).
  + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
  + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
  + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
    (bso#11581).
  + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
  + manpage: Correct small typo error; (bso#11584).
  + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
    containing them; (bso#11589).
  + Backport some valgrind fixes from upstream master; (bso#11597).
  + auth: Consistent handling of well-known alias as primary gid; (bso#11608).
  + winbind: Fix crash on invalid idmap configs; (bso#11612).
  + s3: smbd: have_file_open_below() fails to enumerate open files below an
    open directory handle; (bso#11615).
  + Changing log level of two entries to DBG_NOTICE; (bso#9912). - Ensure samlogon fallback requests are rerouted after kerberos failure;
  (bnc#953382); (bnc#953972). - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems. - Remove redundant configure options while adding with-relro. - Relocate the lockdir to the /var/lib/samba/lock directory. - Cleanup and enhance the pidl sub package. - Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage. - Update to 4.3.1.
  + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
    Windows; (bso#10252).
  + nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
  + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
  + kerberos: Make sure we only use prompter type when available;
    winbind: Fix 100% loop; (bso#11038).
  + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
  + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
    (bso#11316).
  + s3: smbd: Fix mkdir race condition; (bso#11486).
  + pam_winbind: Fix a segfault if initialization fails; (bso#11502).
  + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
  + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
    subdirs; (bso#11515).
  + s3: smbd: Fix opening/creating :stream files on the root share directory;
    (bso#11522).
  + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
  + net: Fix a crash with 'net ads keytab create'; (bso#11528).
  + s3: smbd: Fix a crash in unix_convert(); (bso#11535).
  + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
    (bso#11522); (bso#11535).
  + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
  + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
  + s3:locking: Initialize lease pointer in share_mode_traverse_fn();
    (bso#11549).
  + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
  + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
  + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
    is incorrect; (bso#11555). - Fix 100% CPU in winbindd when logging in with "user must change password on
  next logon"; (bso#11038). - Relocate the tmpfiles.d directory to the client package; (bnc#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
  instead; (bnc#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051). - Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502). - Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
  systems; (bnc#945013). - Update to 4.3.0.
  + Samba "map to guest = Bad uid" doesn't work; (bso#9862).
  + revert LDAP extended rule 1.2.840.113556.1.4.1941
    LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
  + No objectClass found in replPropertyMetaData on ordinary objects
    (non-deleted); (bso#10973).
  + Stream names with colon don't work with fruit:encoding = native;
    (bso#11278).
  + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + "force group" with local group not working; (bso#11320).
  + strsep is not available on Solaris; (bso#11359).
  + smbtorture does not build when configured --with-system-mitkrb5;
    (bso#11411).
  + Build with GPFS support is broken; (bso#11421).
  + Build broken with --disable-python; (bso#11424).
  + net share allowedusers crashes; (bso#11426).
  + nmbd incorrectly matches netbios names as own name; (bso#11427).
  + Python bindings don't check integer types; (bso#11429).
  + Python bindings don't check array sizes; (bso#11430).
  + CTDB's eventscript error handling is broken; (bso#11431).
  + Fix crash in nested ctdb banning; (bso#11432).
  + Cannot build ctdbpmda; (bso#11434).
  + samba-tool uncaught exception error; (bso#11436).
  + Crash in notify_remove caused by change notify = no; (bso#11444).
  + Poor SMB3 encryption performance with AES-GCM; (bso#11451).
  + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
  + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
  + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
    install; (bso#11458).
  + xid2sid gives inconsistent results; (bso#11464).
  + ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
  + Handling of 0 byte resource fork stream; (bso#11467).
  + AD samr GetGroupsForUser fails for users with "()" in their name;
    (bso#11488). - Configure with --bundled-libraries=NONE; (bso#11458). - Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284). - Remove libiniparser-devel build-time requirement. - Update to 4.2.3.
  + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
  + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
  + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
  + Logon via MS Remote Desktop hangs; (bso#11061).
  + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
  + tevent: Add a note to tevent_add_fd(); (bso#11141).
  + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
  + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
  + smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
  + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
    (bso#11245).
  + s3:smb2: Add padding to last command in compound requests; (bso#11277).
  + Add IPv6 support to ADS client side LDAP connects; (bso#11281).
  + Add IPv6 support for determining FQDN during ADS join; (bso#11282).
  + s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
  + Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
  + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
  + vfs_fruit: Add option "veto_appledouble"; (bso#11305).
  + tstream: Make socketpair nonblocking; (bso#11312).
  + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
  + Group creation: Add msSFU30Name only when --nis-domain was given;
    (bso#11315).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + Build fails on Solaris 11 with "â€˜PTHREAD_MUTEX_ROBUSTâ€™ undeclared";
    (bso#11319).
  + smbd/trans2: Add a useful diagnostic for files with bad encoding;
    (bso#11323).
  + Change sharesec output back to previous format; (bso#11324).
  + Robust mutex support broken in 1.3.5; (bso#11326).
  + Kerberos auth info3 should contain resource group ids available from
    pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
    exists in PAC; (bso#11328); (bnc#912457).
  + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
  + tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
  + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
  + s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
    (bso#11339).
  + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
  + pidl: Make the compilation of PIDL producing the same results if the
    content hasn't change; (bso#11356).
  + winbindd: Disconnect child process if request is cancelled at main
    process; (bso#11358).
  + vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
    (bso#11363).
  + docs: Overhaul the description of "smb encrypt" to include SMB3
    encryption; (bso#11366).
  + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
    (bso#11367).
  + ncacn_http: Fix GNUism; (bso#11371). - Disable rpath usage; (bnc#902421). - Make the winbind package depend on the matching libwbclient version and
  vice versa; (bnc#936909). - Backport changes to use resource group sids obtained from pac logon_info;
  (bso#11328); (bnc#912457). - Order winbind.service Before and Want nss-user-lookup target. - Remove fam-devel build-time dependency for post-6 RHEL systems. - Update to 4.2.2.
  + s3:smbXsrv: refactor duplicate code into
    smbXsrv_session_clear_and_logoff(); (bso#11182).
  + gencache: don't fail gencache_stabilize if there were records to delete;
    (bso#11260).
  + s3: libsmbclient: After getting attribute server, ensure main srv pointer
    is still valid; (bso#11186).
  + s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
    (bso#11236).
  + s3: smbd: Incorrect file size returned in the response of
    "FILE_SUPERSEDE Create"; (bso#11240).
  + Mangled names do not work with acl_xattr; (bso#11249).
  + nmbd rewrites browse.dat when not required; (bso#11254).
  + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
    (bso#11213).
  + s3:smbd: Add missing tevent_req_nterror; (bso#11224).
  + vfs: kernel_flock and named streams; (bso#11243).
  + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
  + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
    are used; (bso#11284).
  + ctdb: check for talloc_asprintf() failure; (bso#11201).
  + spoolss: purge the printer name cache on name change; (bso#11210);
    (bnc#901813).
  + CTDB statd-callout does not scale; (bso#11204).
  + vfs_fruit: also map characters below 0x20; (bso#11221).
  + ctdb: Coverity fix for CID 1291643; (bso#11201).
  + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
  + Fix terminate connection behavior for asynchronous endpoint with PUSH
    notification flavors; (bso#11226).
  + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
  + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
  + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
    directory is deleted; (bso#11257).
  + s3:winbindd: make sure we remove pending io requests before closing client
    sockets; (bso#11141); (bnc#931854).
  + Fix panic triggered by smbd_smb2_request_notify_done() ->
    smbXsrv_session_find_channel() in smbd; (bso#11182).
  + 'sharesec' output no longer matches input format; (bso#11237).
  + waf: Fix systemd detection; (bso#11200).
  + CTDB: Fix portability issues; (bso#11202).
  + CTDB: Fix some IPv6-related issues; (bso#11203).
  + CTDB statd-callout does not scale; (bso#11204).
  + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
    enter invalid values; (bso#11234).
  + libads: record service ticket endtime for sealed ldap connections;
    (bso#11267).
  + lib/util: Include DEBUG macro in internal header files before samba_util.h;
    (bso#11033). - Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854). - Remove the independently built libraries ldb, talloc, tdn, and tevent and
  the post-10.3 renamed libsmbclient from baselibs.conf. - Drop redundant doc attribute from man pages. - Update to 4.2.1.
  + s3:winbind:grent: Don't stop group enumeration when a group has no gid;
    (bso#8905).
  + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
  + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
    servers that don't send the 2 unused fields; (bso#10016).
  + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
  + waf: Fix the build on openbsd; (bso#10476).
  + s3: client: "client use spnego principal = yes" code checks wrong name;
    (bso#10888).
  + spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
  + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
    miliseconds if it's still valid before use; (bso#11079).
  + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
  + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
  + replace: Remove superfluous check for gcrypt header; (bso#11135).
  + Backport subunit changes; (bso#11137).
  + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
    implementation; (bso#11140).
  + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
  + talloc: Version 2.1.2; (bso#11144).
  + Update libwbclient version to 0.12; (bso#11149).
  + brlock: Use 0 instead of empty initializer list; (bso#11153).
  + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
    NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
  + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
    (bnc#913304).
  + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
    fails in the SMB1 case; (bso#11173).
  + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
  + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
  + s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
  + s4-process_model: Do not close random fds while forking; (bso#11180).
  + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Purge printer name cache on spoolss SetPrinter change; (bso#11210);
  (bnc#901813). - Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374). - Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root. - Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
  (bnc#913304). - Update to 4.2.0.
  + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
  + pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Make 'profiles' work again; (bso#9629).
  + s3:smb2_server: protect against integer wrap with
    "smb2 max credits = 65535"; (bso#9702).
  + Make validate_ldb of String(Generalized-Time) accept millisecond format
    ".000Z"; (bso#9810).
  + Use -R linker flag on Solaris, not -rpath; (bso#10112).
  + vfs: Add glusterfs manpage; (bso#10240).
  + Make 'smbclient' use cached creds; (bso#10279).
  + pdb: Fix build issues with shared modules; (bso#10355).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
  + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
  + Don't build vfs_snapper on FreeBSD; (bso#10834).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3: smb2cli: query info return length check was reversed; (bso#10848).
  + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
  + lib: uid_wrapper: Fix setgroups and syscall detection on a system without
    native uid_wrapper library; (bso#10851).
  + winbind3: Fix pwent variable substitution; (bso#10852).
  + Improve samba-regedit; (bso#10859).
  + registry: Don't leave dangling transactions; (bso#10860).
  + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
  + build: Do not install 'texpect' binary anymore; (bso#10862).
  + Fix testparm to show hidden share defaults; (bso#10864).
  + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
    max=PROTOCOL_SMB2_02; (bso#10866).
  + Integrate CTDB into top-level Samba build; (bso#10892).
  + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + Fix smbclient loops doing a directory listing against Mac OS X 10 server
    with a non-wildcard path; (bso#10904).
  + Fix print job enumeration; (bso#10905); (bnc#898031).
  + samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
    (bso#10909).
  + Add support for SMB2 leases; (bso#10911).
  + btrfs: Don't leak opened directory handle; (bso#10918).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: fix keytab array NULL termination; (bso#10933).
  + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
  + Cleanup add_string_to_array and usage; (bso#10942).
  + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
  + Fix RootDSE search with extended dn control; (bso#10949).
  + Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
  + libcli/smb: only force signing of smb2 session setups when binding a new
    session; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + vfs_streams_xattr: Check stream type; (bso#10971).
  + s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
    (bso#10982).
  + vfs_fruit: Add support for AAPL; (bso#10983).
  + Fix spoolss IDL response marshalling when returning error without clearing
    info; (bso#10984).
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
  + Fix IPv6 support in CTDB; (bso#10996).
  + ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
    (bso#11000).
  + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
  + s3-util: Fix authentication with long hostnames; (bso#11008).
  + ctdb-build: Fix build without xsltproc; (bso#11014).
  + packaging: Include CTDB man pages in the tarball; (bso#11014).
  + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
    (bso#11016).
  + Make Sharepoint search show user documents; (bso#11022).
  + nss_wrapper: check for nss.h; (bso#11026).
  + Enable mutexes in gencache_notrans.tdb; (bso#11032).
  + tdb_wrap: Make mutexes easier to use; (bso#11032).
  + lib/util: Avoid collision which alread defined consumer DEBUG macro;
    (bso#11033).
  + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
  + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
  + vfs_fruit: Fix base_fsp name conversion; (bso#11039).
  + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
  + Fix authentication using Kerberos (not AD); (bso#11044).
  + net: Fix sam addgroupmem; (bso#11051).
  + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
    (bnc#913238).
  + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
  + utils: Fix 'net time' segfault; (bso#11058).
  + libsmb: Provide authinfo domain for encrypted session referrals;
    (bso#11059).
  + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
  + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
  + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
  + vfs_glusterfs: Implement AIO support; (bso#11069).
  + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
  + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
    (bso#11077); CVE-2015-0240; (bnc#917376).
  + vfs: Add a brief vfs_ceph manpage; (bso#11088).
  + s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
  + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
    (bso#11097).
  + debug: Set close-on-exec for the main log file FD; (bso#11100).
  + s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
    (bso#11102).
  + s3: smbd: SMB2 close. If a file has delete on close, store the return info
    before deleting; (bso#11104).
  + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
  + snprintf: Try to support %j; (bso#11119).
  + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
  + doc-xml: Add 'sharesec' reference to 'access based share enum';
    (bso#11127). - Update to 4.2.0rc5.
  + Ensure we don't call talloc_free on an uninitialized pointer;
    CVE-2015-0240; (bso#11077); (bnc#917376). - Fix usage of freed memory on server exit; (bso#11218); (bnc#919309). - Fix tdb_store_flag_to_ntdb() gcc5 build failure. - Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238). - Update to 4.1.16.
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Fix libsmbclient DFS referral handling.
  + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
  + Set domain/workgroup based on authentication callback value; (bso#11059). - Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
  libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages. - Enable avahi support on post-12.2 systems. - Update to 4.1.15.
  + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Fix profiles tool; (bso#9629).
  + s3-lib: Do not require a password with --use-ccache; (bso#10279).
  + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
    (bso#10949).
  + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
  + s3:smb2_server: Allow reauthentication without signing; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
    convention; (bso#10982).
  + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
    'supported_extensions'; (bso#11006).
  + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
    (bso#11006).
  + winbind: Retry LogonControl RPC in ping-dc after session expiration;
    (bso#11034). - yast2-samba-client should be able to specify osName and osVer on
  AD domain join; (bnc#873922). - Lookup FSRVP share snums at runtime rather than storing them persistently;
  (bnc#908627). - Specify soft dependency for network-online.target in Winbind systemd service
  file; (bnc#889175). - Fix spoolss error response marshalling; (bso#10984). - Update to 4.1.14.
  + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
    Tools/perl.py back to upstream state; (bso#10472).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + nmbd fails to accept "--piddir" option; (bso#10711).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
    (bso#10880).
  + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
    (bso#10889).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
    STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
  + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: Fix keytab array NULL termination; (bso#10933).
  + Cleanup add_string_to_array and usage; (bso#10942). - Remove and cleanup shares and registry state associated with
  externally deleted snaphots exposed as shadow copies; (bnc#876312). - Use the upstream tar ball, as signature verification is now able to handle
  compressed archives. - Fix leak when closing file descriptor returned from dirfd; (bso#10918). - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
  + Fix handling of bad EnumJobs levels; (bso#10898). - Remove dependency on gpg-offline as signature checking is implemented in the
  source validator. - Update to 4.1.13.
  + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
  + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
  + s3-libads: Add all machine account principals to the keytab; (bso#9985).
  + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
    be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
  + Fix unstrcpy; (bso#10735).
  + pthreadpool: Slightly serialize jobs; (bso#10779).
  + s3: smbd: streams - Ensure share mode validation ignores internal opens
    (op_mid == 0); (bso#10797).
  + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
  + vfs_media_harmony: Fix a crash bug; (bso#10813).
  + docs: Mention incompatibility between kernel oplocks and streams_xattr;
    (bso#10814).
  + nmbd: Send waiting status to systemd; (bso#10816).
  + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
    (bso#10817).
  + nsswitch: Skip groups we were not able to map; (bso#10824).
  + s3-winbindd: Use correct realm for trusted domains in idmap child;
    (bso#10826).
  + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
  + s3: lib: Signal handling - ensure smbrun and change password code save and
    restore existing SIGCHLD handlers; (bso#10831).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
    (bso#10838).
  + s3: smb2cli: Query info return length check was reversed; (bso#10848).
  + registry: Don't leave dangling transactions; (bso#10860). - Update to 4.2.0rc2. /bin/sh                    €   €         4.7.11+git.186.d75219614c3-lp150.3.18.2 4.7.11+git.186.d75219614c3-lp150.3.18.2           libndr-standard.so.0 libndr-standard.so.0.0.1 /usr/lib64/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.opensuse.org/openSUSE:Maintenance:11379/openSUSE_Leap_15.0_Update_ports/be996b7f12a3d56812e012720e2d8123-samba.openSUSE_Leap_15.0_Update drpm xz 5 aarch64_ilp32-suse-linux          ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8b915142179bc11d2387d6efe9d5f479c1164c43, stripped                 P  P   R  	R  R  R  R  R  R  R  R  R  R  
R  R     utf-8 de452e6a474b27a6efc97408b921bd576c239c6b8ee4ed14107c7887d95b258e        ?   ÿÿü    ý7zXZ  
áû¡ !   t/å£àŸýí] "ÌkÀ&Z«ÖÄqv±ž•bà•À^Uï~6Ëyå P±²î4QÀ€Q¤ÞýÒjß×+Û™Éß…»5"(î°*œ‘—û‘ÜcNCÊ‹<¾PûuŽ‰O®ÍSæÊkA¯8WÜPÔ ÝcIÏ‡}  â {[WòëÒ«k¢w\ù»ùQ^µAGŠ8MI²Ôú¤åºcQód dt¦¥C(zeòåÙÓZùÇ*:ø±ø0†òÞÙh`:À7‹G\jç#8 ¦žó&!±a’6 &Â›aBªX½tûÙÇ]Ú’ ¥~»‘ƒ<‚]¤ìƒm;ÕÈ%auÍ6o£VWµ¡9§ÀKhà·ê×ÁŠ¸!S² o
$Ð·z¢šÐ™j§©|ÔÓvpº'K¸6…I¬m_ÜŠ4¬`_[²èç@¯³‰ŒóÉ{°–)Mi‰F>Üý)‡«$ßs&ü"5­lÜK0®YšÝD}
åIæ(ÉØŠ¤F$…sÓ\âñ—ÁÀd®Î›rÕ‘5Xf“€ÃÊBw±•[\3•_£`1†Ÿ§P=€‘º¶S‘ph~á¨¬ƒŠÙk¤d³QÕx¬Íò³Ÿ0†)q¾ø’ìˆÿ‘8åÓôÝ¥ZåmYËèØ4z•n†{¾"uÿn	Y4úÚï˜Œ§vFÜŽCç éäöîèŽòÉSÝó8¨Å„Cq‰;9ZëyYø½´l‹­z>ñ)¶Íã—"k÷·"Ìý³r¼½¢ÉÉp^Þe^]EÆnhqsJÍ€I0õø9çº¯d1ž)Î¯ú¦fá¦~££Xÿ%ïé–ÁD¨{…}ViÿFÔ15o	?Qbž5?µÇ(ù’G‹M].ø6É}mÍ6¶°²ç[M¾l† Žæ!1úNGhŸðm.#b]ÂSž§Â(ÒžËvãgd\‚kõçîôÛYÿÜá¶iô²®/Xl
¾Oa¡XÍÍ]úÌõËkÌ×1.Wóo5ÿôl"…²µìÄêÖØ³ÔPagânE¢_«á,bZÆŸ,ÝÆTÂ¥Ÿ£ÊQ8BËŠ;Ž"ÈÉ[ž8Ïvã ÿMÁ€x°øxEÑ‘ÈBê?ThÑIfµDåÏu0[ž°uíÇ8Õ¸Ï%¡Nkü›‰×@è{Ü?Ã"Á•2oc”àáLm~Ã#Ç£˜%óÔ„á”‡kÖDD8æyŽxü‰È©Þ2?üÆÇ…}ª•¾¯ÉŽLæÈ1ï»0ÄrãTÄüÜ¦8²‹qÄ>ÍtÑÐx¤Û´P»fV5]ˆ£¿–ž(–ÉÎIU¤r_ìNççÔ< `ýö“u¦{jÎ}^F™k$j4Ö¡qì>¡ÎeCv‘¬j“2ÕÉ¶Â$‹Ú¡MwÜåêé0…²†¸pLÿ1l2¸}©Ú_Yjì&íŽŠº˜òÊ×5…I2¤j±aVmßy&ÆÙÂ~ü?•R„Ôx$ÏpŠ€–u$wÙýä¡c"k®çà‰CÜD~$x4·ß-dÉó®+n%X”ætsôkD€ÐØó^qX	Yƒ9ŒÎX)Û>¸‡A¹Y„6¤Z+(W ¬j«.5Ókó¶ÂŠ ´Õ+ý`¶i…Y<^h|ø˜‰ÝÛ"‰=Ÿ=øßew†=î(^u•—WX-Ý¡>yÃ§Ü6¬hÅ$hš.Ý¿o¹8jt<¨·´q:„ìãì¡:{ËQ<¸ˆ§ûM-~>4ò9f„ðuç¡ËH"â¥î!¼Éù™ó²¶Æm9ò‚ÄåFD¬.ÅôVU6 ¨D~‘ð2,´ÓŽ¿‡lÅ«óˆÅ~ {ÍàÃœø!×ŒÜÎ.(¼êËÈ‰50¸ noÓU9¼qôîV\k8©íäÑ:¾þzÅ«vƒ(Ç;¿?hûÉO\—wš#š–sE×i€Ö[Ø¥'›'ÄŒ…çí›¼M‰"LÈmBÂnÎìEõŸB«\1V•­XóÀmF»¨{[çPxÐ§ÝçMWVã$ò?1ûÂ&É£›4ã-}+€ìž%á·§¯ÿsë¤~‡E'ÓïŠ˜HÌ\ÃŠ\¾îkGpWh‘ÅàØÝ„ëDrþmN1ú³Fh$w¯ fE§* SƒkJ™PŽ¹0k g"ˆe—Un›-¹=WJkƒ²5ÚyÈx¿Q9‚(âÌquˆŽKÉVûÅ-Õç÷8hÚý6ƒÙ,>üK±™NÁ37Äl°EÄHˆÖE³öm‰‰ƒö(ÌŠ˜/–I¦´Xš ž 8 ªvCn‚Äßj}oa×}¿Üöãä6Wk¡åÜGx¯€H?‚¢™’gÃ¶HÙ C¾BÐáÑü¹v“UÝÅý·[¦^íÏâyx9(“­> —l~(Ü¸‰oÕ•ã9õr-·bC,ÕóåÎ¬ÍæAìÝRß'VE£ï›5Áÿ½‘5¨¦í£ ‘3FDñ{22Z°n¹ºªítò'§«ýõo#¦ ]l$nJe+,ü·«–6Hª’¹*vwê<`óŒŸów wªæ=
|s¸æ¯¦»õ“2/6»ÁG¡!²UÿLÕjc ÇXÊ)€`z_tZì¦ŒK¡µÓ7‘m[š[Â;šKÊÄä­i¥½…Ø’PÓ;>3ý1ºhD*ãø(s$OŽI–Ý-óu:—¢æ‡pÖëìYÇXÝ„Mæý1í©ŒÞb1ñZêÛŠcéÙ¯l¢Añ‰ãë³UðZ­1‹›Q[¼Ñ“âf¿ä_ímˆÖq®þäaÐ_Ÿù"]†f#Ñ°òüO¾œ6„Æ¦x†×t…v qú	oopè’ÃC]£+õßÊ5Bu ð 3DÛ7$ŒÞ…«¿ê0$ÝgUÞ¬8 xt¢‹«EÝ~ü©ÑŠæp±¸R8™¥É	ß9P„©cCSš!S5ï½›¬„d†¹ê˜ø¶s~ŒÒ¢´ÚúŸ‚z6|LáJ±-Ô…äŽQ,p¥ðŠöÜ$?ÿq2ù9?‚	·7Ã.zøOÍÆóiŸ—’=µÃ<{‡åQÚÅn[:òØœ}¨ñ\UûÃ­êjVÅè.Ýh¢R{‹–ó,qä;åPÆ”Ü>ZLÒÉW@EqÑŸùm1ÄÈåf×CýB Žcì>’ÈgyRÉçÜ'Hœ‰°íœø€íLß°ÆK|B‡–À\6¹ŠÖ¸zôÃöFRÔäh*«	ŠèÏ%ý™‰þÝ¯ãVØQb)Óc4åÎ;r ùx…:Â÷{ò˜=â$žíÆ?t1:ÎO™Áý²±AÒ	ü	Rúóß½H|ÒÒÓÉª­»úñk­"R|ù¨šc²(æaåî_­ayD¼ê!ªÐÂFxñ4BMÌ€·P¿ñ·ßsu4Gé:kgq8XDDôþÌÓÉY%Lm”Ýd`¡|íµ-BJ‚®•)'mâXÕ#È‰M÷ËØµS>æ« bÛy}+f50–ÐÎF²Z†iûFß®¢œÙÊf2êû«v9]rûÃAÕ~Øë*¯ ñÃ´3úõ)kÄqo¨cH~™Ä¯ÓÞbK÷~_¸Cp¿u×—k‰€‡¶Ó”¼æBü|8R8·ª- €blxS©HH
õ}|x¢Ë`Ÿ(ª9ÔÁý¿ŽÃ5•÷……¶Ð'j¤úˆêB&¼hp•a,k—˜œþ'DÞ(Ò{|x+	êòæñ$–™:=·GôA  Å5ÒÂ¥œ+Ýët2ÎçŸ²¬ÆÃ_
xDß^«VíÇ¢ xÌïLP–Òilf%aÏÜšÚ›…ì[Tò»øo‹]±	—“¼4Š*p¿„8°d{MeÚkÅ¼Qg„¹A¡)Dlj€æÝ³ïxn¦äÒMìIBªÃ"VñËVI´™e÷eÀ¹nÍa„CËób3¿÷yCyb„¾ã®žµÝ3ÄŸ	nH£]ƒ8vË¹íª›D|í)hL'v¾¹w!Ö«S)ùàÝ~OÁa~¹e°sëÞ*ÄtË¿MÝ_­ƒ…pgU›È}¶ª`†ê¯VÀp%M>™:ÚëDÃ«ÙÛEÃü®€»i¯9‰{CYÎz2X¿Š:F°;‹'é}¿FŠ=Ó$'ÛbŠ™_Lò§ž·Ô§<ÁWDz»eENÌ¤¡·‘½0 –:_~ïÑPboá{RÛ{AwFêÃ¿©?àž­´kŠ?7¤ÊL’ïäè,€ÑcöÜüìùxØ•ìpû!6Èäe¿¢u»ùÒ‘>ëÎÐ&ÙzáÊYBÖƒùºL˜½€~Ç	0Rj+Ä’&Üþ£Ëd?b´Þ	×ÿß§yÃ]NÓ°ðx„Åãâ‹Vü™×éP¡uº=ä[8xÌÜ|Ä_›pûÊ"ÙN p¨sçbG"Kq'¨‚|±³zöÖÏD/>žs)jûÁòÿ,í»Ï&½çòR?`P|×ë2àJè8¥½/:¢Ž%ÛN†à£‘§»]É÷‚Ví·Á“ÐwiJ%«tO§wtX0¬òÍÚã½çÖdX¬*x4yïÔÏæ#®æp£ïF>G•EëŸ(b¹-ø_:ãmù'g¤ù€£U0Ü‰Püxa’£Q³žª:‚1·YA wíe`xïÇ¨e‚{VÓÄR0mfÐòvÈŒõ#ˆÇ\…e­M–åàÆoEÄ˜ä_"„4´H­ÑÀB¯ÏÕî™î‚ßÎóqÍ2<×öU¨®re&òáW2‰IÌVaÖ-y2¹0á&¨@±bh¶ŒüË¨á<QÉãcA§.ŽtÆ¥9~Œ¦ð}ÚiLtg7ãüm)Æ³"L\1†ža#2:Œ?!19®ÆôÌd±‘Ãø!|Ÿ¹Â To}Š‘úÁóCîZYÇª¯U·9ŒcÐfðb«º,»uTßvW\–pF"Û¨Éî×9r›¨½%~Ä®V¥çîCl³P	r-ŽDßVÚ^iß.aAwñ|&‚ÑçûÇŸÂ¬vü§[…IÖ¬èÃlg«§óÑv<K×Éë4qò&Œwœ7u¬h2D"&ÿæ—Äéüá‰Ä¿§®·'ªf{ÿÑ„ßØ‰ÿºå‘m£03SÊ(í‚JpiLlœ¥÷ë¼2“_qÛçïŒ™§¡£ìJÑ¢ˆ­~¨3’Ýh½x²–°ˆ—Wù¿é3-D«£ù}8û>‹Dµ]jÕ¤+ŸéL:/YJ¿[wE#? sDÙ›.ûq­xd×ú˜»x®¾.hIÇ›Þ3÷ã÷äõR´ ¦	"8Ô‘ÿ‚ózæ®ëýCøFFNp¬ikgtKtX¢aõ¥|ZôiìäÎå¯„¶1Ôþý	Ò4ÛäEÞÉ„ì ›cjúa¡•ËLæ³bm“ÎÒ€‡I`ÉW!s%#×Zñ—ç˜&yš³¬Äë¥t,ï™ˆ=×nTf8Ï–@ÿNË£ûéIC‚k6.Ìßã¥*Ð¢–ý9á<;ÞÍÊº%’¹8¢I Ë3iTHÌ“€9ôèÕePNú•Hšc#÷t®w
Dö=ÚIÉ-‚&Òg¤3Ò1¾ip~£¶¾(_â]Èˆ+ó²,]'üÌÜÑQqÔöýsz$ýðÒ¹K?­-NòéåC¤{Å:¹x½ÅäyûÙ {l.EÉÙ·jpè&ƒ;äV+æb!mšXVsê“Ã@ÞüX‘ï?òš‘íH¬mÁlÃàg³ú5$–—Â?Êm'#1Ðlrº™ðVmNðÊb™>ƒÂž80ò„ž1™O,Ì¶Ž¿iüåP,Êbº”ÚùèÔÆðîZTžÉ–ou$h’â4j­’Ïëæ‹t€=’Aü…°9nN>Ü‡ö|ù¢aÚßžÉ9R›nÂåÍºóî$Y©L5k9»å=s:¸gêrÊ<æ'ˆeh(S´ÑÄ(u‚ª•E}p‹ÕÌ¬Ÿê¢ÐfÇ(]¡6÷—›Xjù¸¹þÝ"}GvÅP§Ü_£ÚÎëW'‰Hø¯T‚I¼ÏÆ’Û]kÏŸUŠž«ô å¡B¬²’‰FýOŒs’2šl\bn†0–fL!6´é-$GÆ>79Õ ®©èù¾’Û÷–‰VÚÈÊñ‰‘/[œm	,ƒ ÐgëUÅÒõbõ7ZÌƒ¢µÓÝ )E=t'öt-¢?6I´+bÃ
.~“ïÞîÍàæ¯LèÙ4)ý¸iKÒ3XÅ°v¶ý†°M±™+ C&
qs2]Ã%«l…í0éÑ'_¤€û¿¸°ë»t‹IHài4«žíªŠI~H:JðN$õÎjœ8Ñuí±oº!êƒüíçÿôqÆHœ¦Ù2?@Ð×,VŽ<O´ÆC†]}ÏŸ,y! ÙÂæE–•`ðÉP¼öS~1>ùYÄô·÷%ðro¹]1Éê®õ‡.¹
'!Ær¦´?Ó®Ç…ÉÞ‹ü§t/]®ß¨´{,[âÎtáñuMk´¶ÚšÔ÷Oòy®ÌwHµAâlƒOi=Nû¹ßÆNÄ|\u–, €E¼;Fžü¬¢ìÅƒ#Þq÷Ùÿq™«PšÌŠJ}d1
a]ìôð×â\˜ÙS”¨“7Íw¶Në¿@^¸+kÿ¤T‹{ûˆci1#by“OÀÃ·u-O%ÍŒyjýÀ_eˆÒ_ÉçD»÷IS=Å{yl¦—ÖY<ó±— 6ù‡£ýÙnHòj»Æ~¡¨hìiuR\«w@ÐÃ?vøß‹ùTTdÅq:r÷T¾Æ`zêãà$·äj=I¯¨ú>0ë\óã$ŽÇt¾îzôÆÅ‘Ñë€A¬ómÉLšª"s³- †ÝÁ,¡\Vòä…^Â©±×x{›j$Ÿmß-œ[¶ZW• ò8¾­ï¼‰Ùªù©tZ×‰{öª¬[jU:¬¿ç×Î˜†$i·^Øò©¶©é±R9",EÐÈ1ÔŒN·ö¦P¾»Š®êÕ4™<Æ[Ì8d	°åàWoŽcbH	8WÉ+Bçï¥b?‹çøõuÁ_³Ç¹¥kÀ;8€j¯·kË^˜,ÂÜÕQe:Wþ—ˆÏ„Álñ{Ü+¯–OÑÈûÅßðl`>Å®hÖ¸(¶Aç¯	†Ö)Ç)/Ú¨ýÿn/‚eò€_ŠDsFºžÔcd@ƒôäUÍ…67)0 n›ñ®Ì^I¥¬BíJqr\€FÐQý.Žt»æ5ˆyÍyu»m´M¿ˆa5#$9éIÃfTrâñòë"X ‘ÌÉ’;pŒ(5 Q€báO,G³ô·ètåƒÚé-»ãÈ?Æ†ž”ØÚS Ô&ÔäðúÐ¿iˆjñÇƒŸì»ÕDíÄÔ…6*Ø¥Õ«¶G6ÌÇç>1¨_ƒ(?¶N«iCrçµ#²:3í;ŠÁ]†ÍLòyœØmULJôB3èC™Æ+a‹ÝþU¨Œhš¤Qö¸kU¦_KŸ}x.Ãõy—õDÞØfQà‡¡ˆ$î§_C¥c–màk…½ñÚƒmèF_7‹9UÌ•E5ÀzXœV#Q…›‘¬ÉGp{žé2³0‚H
yxnïÎ~jàÂ„ß)i+—VÓÒ¯«&êl ›ºèÚ÷ÂEÂÝBåoù““Ëç`ç*ô&TFGBËãÀ`WRÀKœH°—žl8±õ”½t¾‡©–•ðïõ–ê*IŠÄúeûm2¿Ø
UøÁŠE×ð	¨å¤øàøI{–Vy¢ïEfê<¶©æ»Õªg)Æ‰œ'“úMOúÛÎÒãWÿrÝ¸w&·3t»Ë¿0S:@ åŒ§ Ï‡8H²-«V§>7y—ÂR~â12´¦ Çk)k~ac™²¥k"½I§d9#kØ¢KÑæÁ×P Ä‰”.|Ë†xjF/«áW½ËøaÞ÷_œYF“ñ}ÇWÀŒ:±Ë»„ƒo4¢~ÐöÐâvÒð,æÝDV€+,|jžÏ³Pa1füC-râûØ6€¯@ô^lå•´ó¡½£«-~:÷£ê´Œ´Ó3¯ÊÝÌXÂBÇxk;U“\ÄYézfõ¤/ü³©†y`}§Ñ¨šÇàI]«Ï„.ÔYl§ì¡è‡¨ÝQ´3³ù¸=4¿ˆfÚX þ¾]]ÕYüZ‚ž¼ˆY•­ä?(?úK¦óàL.2¯-Bm¥ÈÛÜ‘E/‘bóÂµì‚ŒJ1è{TB1ÅñCŠG¦T„XRŠ%ÎD;,¶¡ÞAaœxÁ—±OïZvŸ2òhW0Á@;fËi)…bdùüƒC"¥H.êk>Ã 0RŒ·¥‰^h˜…"¼Ã1ÈJfv&GˆNvøuAÄ€:X|ø}§“í€QæÐkŽí?k-¨N'/Å¹X>sbös8(ßÙW5Ø.9’aW÷+`Å#”<)#•,¢ÌCÌÔ&jÎ]¥˜ªºÚÂwlªòäüóÿ|óA E~xŸf{‰}ârG]µ~Sõ¡fÈ€a¯Ï(S½Ì?¢_ïVÄÆµÁ^rˆ½¦‹4êœjï%ÍlÜt‰€¬GŸêÑŽÎr˜Ýò6º"÷q÷|»¾—œúÖú#.æÁ#7?È£Œþ8;?:âÁ—™¯­w€¿/JnU[pØi š´ÍxŸë¥À®'cø°Û¾¶þ’$ØûµÌÏñY€¥¸¶âºßZšWÑF[	üÛ¬ƒñæí2)'ù™^‘£vÆÉãú¿aÆwŒRL•ªOî»9yýK×Å?ªc ÿ´_†SÐÏ­o à÷¿û÷UÐeã„†Æ¯åûÖ¾ìDo_2¼Q)·5]&Ìäßßˆô ¢e#„+_2È8Éñ½˜,líÉQ¨—1ÂíÏåXlHcCk™ï4;•ã	zo«ÜéÇšzœî•0æ4ÇÏýPXjˆ*ˆ´ƒò”îH %.úò¥z~™Ëh*¯>*Q»ÍHdÒ™‹O;ù¾:O;9F¯1 RMÚÓ
4¼¿udœŠ3›+Jó›?…&øû>’àf\H*`Fp'†è™µ×TßÝ3Út´PÐ”{ÔôåúN¨¹–×?fxŒLƒ´ìáŸ£_ã,†ÍÃƒuI'¼DBw‰Ó©·Wµ 8záM<–CvÒÀSí[•-nùKh_ŒF+ó‹Íºá¬äesIµþh§°fGˆùGLVÌ+(h8ÁWËeµáÀ„øùïJÏä?}['~jC)¡V?lÏ|ó°W&Mä	Yz»Ö:ÃwfÓyaBÿJÂw9à¢”¸ÛÚÕ-SÎ4gxÊ(>Öx´ ˆJu Ú®ú5Æy›
4­ó9X­¤i/Ÿ¼µ*­Yûò>AÉÐ•ÛïJ¯ÆRªŽËDfá¢¤èKÀü†—	öÏ?ÖÐ¬£MÿNÁümcÎfxÁ	Ç1FŠì˜A*xâJà¸~8+ýM×€íºÞ?#ôWL5t«\â©ëÂCÏÄÕé·Æ÷S(Ç–xÊfÖ=0–Ö%ÆóŽ½2(% 9\pÚC h¤°\
C|4?D[/ ^tw¶°&_ÓÄJJí?@ô`_Ðóã>Õ‚)ËLÈ&<j  EN“kåßŽé}'[âö]õ3ûiŠ‘§t;ëÂÏ”Ö¡ÄÁ¯¦|jÿâ±ñó¿nÙ;Zúy¥zôäáÊoÎ•GKAê"=‘þ[ød›‰"'%
LÑ‹œÂd’Í­\†®õ~±ÁÄ(vmŠ÷Dá££`Df]ù²óé¦ Oú‰£­©V”¶B¤ö‹Œ;êKt"³[ÿîH—ÌC£l$y<9üG/8ùB¥¿spÞŽeÓúq'­SÛ43It('i!èÀ¨¼ÉÉÔ|Jþ¨J—1*v~Û€F{îbÍ”‹ê¹¼32‡¶+§[{QË†	Á˜DO&gžù9ª¬Ó´Ö.Ýu›O=»Š°÷(ýyÊyo9ÖÂ”ÈÒ‰–4ÃEFŽ.$Kk¾ÿãH¼{—Ã,#QŠO¥{–•n±,‹Œ¿Ô–’pê=©!6•
ÌÑh‚ÈÆSÚUu† ®-ú$Øeq"Ý¼ÆUYýPý>¢-Z´T*fÔìÚõ:§EÎê1"æÝÙ¤É û]Ïcb<=6Ä3–t±öv‚}¼Ál„‰{*—ù¨¾„àßûÏ–•€Îl‡–Xø"^!±¸©MßN×žwñÞü–Mb¦™	¢ÜeøO…ÿ:uVüÄÕ
s_X×íBà(è[ñí)„­jÇ`³íˆGµ †,,DÓu8‹¾!†ksµ,“³L@®°Üáb”kAè„™l[u{ûQV
gÒé)@=— ~âšâV¥H¬ï¥YÞüTU¯êÏCqí†gZsÚ`Æc½¬¬é1å£ý0O´Ðü˜¢r¥áä}êƒålÚUI Féèù<®ôa(sZÑO.}åQåó‰ÂùªLPSÑñ-ª–Z¥+Îo’×þaüI]£L3éq¼÷ï×yÿPçiÛ	øþ¶NG·¾e°ôÅŒT©ÛXL·:¹Â'¦33Ñï¡"iÍª]j¿”‚ðÈ›v*“è6	Fí……s_¡ÇzrÒECôÝL’ÌÉµ3_¹*ý'å—Ñ±hÜ‰½ÉE~éè1Înò7ÄB Ü5±.–ÀÑþ²ë»/ 	%‘Zêh4“ZØÇŽ–™\Åòwn@>}”ÅT'-?“˜¥,ÆX*p0ÑY5¥ìì0¾;+s¹û*†<su”(\0'É~*ÆºRŒ*uŠ"é²4B$²°Àv§ªª+dŒ^§[¸U	²µÛÂ‚æ|*xµIÛ½!ÒÖ¡d&ˆíb”‰/&ŒO¬Ý ÿ	Ã²È¸2#;‰V0_‹$ çäl(míÎìÿ©±[à	¡þÛ»ÍŸoí±šöŸüew·rT \ÀúYQoz$ýqŒéîèµô¼ðw%[ð2urUµ<vÁ#,¹ëdj´@¬åYÎ~žÌÆqü;—ðÖª¥¥šžøláÿIXrXÃQªüÄ… ½tXÿÁw¶AMô·vƒ5óƒŽÜARº¸cG#¼æ“³Þ}ŠqJ¶lã Á% ½OÌ“9$L§Tü eÎŽRŒaa½Å…éƒP•;A4nŽÄ+ŠÐ, g´,¨9Z;Ì²®oöáªû‘³p'ÒÒAN'Îè½¹&'u8¡NlwƒˆÄ­S¸Úä¯½š|Äs@!ßð·Ée‡;áÆÇêîµp­ÎÈ}4_^H^ªBíI&ûÓãþCê•‚ß1•ñvWæÝgbÎ¦ùuRõ6Ð#¨~Q”_w¯]Ù…K¢J4œdW{ÑS?oçTôsP–Ô{^žÓÏå|Cß)Õ$(žKà­ÊÓíù&!ªa8D¼+¸±V;aš‹_ö¯.³óÓþX3‘¶'Š¥^·j{Y:N}7.$’
ŠH\;úyæ@½mÔ]ÁÑO4 %h¯é½Ç¬õ*Z_"v2/ÝÚ¥Ü(¸ß±gøK¹‚­Ë½…<DØXšE4ãÎF«³¥æ9®²õšÄA¬×)w[¤1dÌû*‘žáE_ ¡D5nÈÐžÀ¢š/cŠq÷ãmÃ¬UCªc½¤*‹sˆ£§.5;æôç˜ã•è Í.Ø1™.QœšâZJ4‰„'cUÈUpR‚tMÂÆh›¸DTP-Br+HÎþ>ŽmÅŸé.ñÃðm„Ž™ŸF!Øk ñË[Hª+{äG§‡“ïúžyª4:± ò%‡¦S£ú+Tóò; xìGÃ3Æ:`Š„Ž3ñ=Ô.*ypòDûìÚ§™G\w£„ß¶©–qþwìc¯IúÊv·v&[«¢‚Ç([u¶Þ…f‡Ñq¡ÁµF„?¹AIÜ4Š@ìò…wn²*æYø÷(zuhç÷(’çWšgÏgð66øEB–g—’à•–±ûÜÆŠZ8€jMœ²ÿ†Ñˆ€¯Ék4Bf´þI|uÄõ–†ÉÇ@u®·æò ž×íË!KF|¦>`8Ö$I„R¡x‚ñä™d-ñˆÏ\
¤éà|gS ÿ?¯ »­N1«}m“<5	 ÂGÄ!'¯H¡whˆ}<øˆ¦ô}Ü.i“GãU¹Oºûû„ñK/â+ï¨p0îÝÑh<Eøå¦±Öƒ'©¦ö1ä,ù0}jZe>ÄŽ÷VÿZâ­¨eMRžLÞ‡íÊ‚øž.Q8pdÙ/e••K†»ÔÈìBEäe%¢ÃË%½Ic¤z’½­›]ÍÎÚãœ`'Š¡²spC¹¿’¾16\{sÚ„,¸¨*ÒK„2×téÎXÉ¥YƒŸN™Õ¬~" Ã-/{ì¯Ñ-µ¬éR|v‚ÒÅ…bïG­ÚHðõÀÄû»§ÉYµ=•1!J&©¼“‚Úìm<2XŒóºÏlqvpÑºRŒµójL3!L6¸Ý[{Ðõ'ÌóìÍr{ë{)ÂÞ„å}¸2ùô›
ãš"ãÛ¦oMâÁ;´™Epµ2jTô9Àœ^€é4ã0K¶Œ>ÅÛÕ>1Ž§Œý$k–±¯§‚6o´Ûž—îHdûLû°ü  iBUÆúG²;¼Ýáë„Í€+X@U+ˆv>Ñ„	¯¤oþ¦~	ÈzrØ>ïa
¥ul#Í ¼ÍC(á.ûÑ©7Jà7až%•Nê‰½h{›Õ†ÓÐÅ9#	 +|Åÿa”^¨÷‚ïmŸ…›ðÂ¯Aº@‹ë3'gà8ç5ˆŒ¨¸©b=gþ•fzÖf–„úI Õìü#k7dØÌô¨SŒ8–zá XE›º!ƒwsX¦o©ZÓ{nÑ‘‡õì¥B¤ÈÁ£àéøi°˜²TÑ™¬õÛSÐ	Ç÷ÉíEPoåï”–IÂö•úÖ:mÁã‰"ºå›Z <Ëª>(†4Ù` W×ên…“½Iº§ñoFxlá Ïs¶lÁ™[ýj¡N¦*/²ª.½EçÖ¢q¿,[–bC&Mb5ôJÏ¢^šüþYúm•MÒ«P­Ü…@_öC¶íÉBp-1\OÔ#_ðN¢O|ÝmC¡`ÊÃqNÙ?¬V‰O*h#ƒŸV¼Ÿ»Dš’‡äy[©`jóö^-uì±®“ë´c’dx„ü­ä™tl0 ¯Fá*I¤l Þ“é~P›0¥4)„ýì³w?×Ô±îÊ6DßœBÚCcYêXx0šÚÏ¬‡Çx Õ3ÑKœ	§S­‹˜SË¡’ÂLN=ž¨ÙœÍ_örmn¶§B=vHü
÷OØ~*ÞµÙê‡@Ád×ú“¤Z«²8h¾šîñ}Ý°åÇòæì>¦N%âæY¦ÀA¨ƒ$Óç=°ëÒñO£ãäŽ	Íæ0qú:«å£ï>2:‹I±×‚ð$[XaM™"ÅÇYˆâ¸,æ¼Rpq—¾Gv„xÔË’ñãÀ›&b X¯ÎÐ«nˆŽ—ø‚ŠMTo^0QRv%{'„ÿÌ—ò5ÕMøÉ—­uˆÁÃ}Moèxeè”+øý4`Wsº*žËol&‘þŒÆi€.j ¿ƒŒ›7Ó5™¼§ØNÕ;&€†wˆ"ª.Ñi KÅÕ–è1"³5p³Ð¾>Ø¡c!(]o¤Á­CÛg|§j\x/Q)·ƒ÷Œä3p"-ð¸ò¢þc:ï-w2BqÆÿjG+YT1býÂ!•¤DXúr¬7£Õ€…¹•Nfç,§Ò¤$¿…{Æÿ]?À¤p!4m1ÂvL1ÊÑËä–|±C¸"tzŸZ.sÎš@§¤½Ç¢([Í±?mŸŠO•—ñ,¯{F·‘òÁ÷ÂM˜)öj…ˆçÀ-"³:;Õ„)nPÌUøA_õ²u	wÈ¤åeÕòL‘ßyã0ž\Šõ¬š™jÒ4 s÷O‚ô×Äp† ¶
äÎÐúd¤xp¾ äRf,é†©¶LAãlMŠÃ­NÜ×{M|×%«vD¢ƒjuAÞE
Ovc%Çy—Pï’íAT$UXcÓC˜eeÅ>Ïàº÷ÏÝiCÊØæÐ\u“yXªø§¤SSNï©ë;¢¶³&¬‚~œÃœDò75 xaªKÑµ†0~‹º ªá·tøÞ+AúRÒFD×`,Hu¿Ø¿•…&H$â‰æ¼W8{!‡£>Šý`‡µýb„~ë
ë»áçÂ±q"¤ñ ‚·(¬Á)r5¿\bÛt•l‰Ä™ôÙ9Z¢Ûõ:r§üúÑ)ã;Úœ"fž´Ì4ÑWÊ/@ñ!d°xáïQ.íqjR1yv*âßM£÷@ß#s;FÿÖïŠ›ô.oéäB·ÿgž]Í]h%£Ó#"8¬æÓŸ L{ÁÃôy·D0‹¾&ˆ—íáVjF}n¾§…×Œëa|q-f†¸ÚÀ j}[þrOËyÕ«‚>7ZðJÝê_š|®Á[›î§“Í2Õ² °—Ó;³ÓR	äZ\Jª§ì\±|úKcØZh×â¡¨õ%ÿDN%Œ²ä0ÈZñÄëséÒ°3-bÐãd^A»,3ÄŸ~ª%|¨xýyb,¹<¨×‡ÃP+RLlô&)Ñ:%œ²MØ?É8)ë²«ÂßÍëIu’rÜBh_çæï6•nd¿­§Š°·5Ut&ø$™ÉÜqXJ{Î"»A6Þ¬Pùöä
BòÉÓEÚŸGRF3›êmV61Æ›MþhåB¬F$Žb¶ËÐ ÎŠŸ¤Šfà”êÕ]ÿ™¨Pt6q“T&âqUôKˆÅSÃrâ.9€AÆmÕíÝmàšéü˜É}Ûg>~“ÅÞèD²µb%®3P¹äµÒújþÁ >fPyÃ4rqŠÏ*R«bt¯Ø•òž&âB¤&$Ÿ^…1XžÇiu£TÆRÌ¹Ûr¦c3]ð3í1œ²çô­2Û…›Tâ½åèn¡)›©?«û„ö>É–[Îÿ3—FúõãZ,Ì%·šäÝUŒ%‚õû©-¸ã´á‹×°‡çG¢õŠÖuéK“°”Q´lš`è¥a ™ 8!Xàö×ÞÑB¸¶’.SðÂQŽÿxu”(1†-\YñJDF…™ÖÉãi76nçéí$d€M½”Þ”vI7c¹ëÈN³£f­ï5ŠŒ×{f&ð!vY_‚^xÔd;àdRÅ4KAõ|Éù „c/"®ÛóA§*=ñ%ÌÎýc9KÍæ>Ú3€°bFxúýÌ¢]ÇkQ%¨–Á&ºIžH[öCˆ¹®RófR¨„èP0dhÞfØïïÅ`hªéqñiDÃ
?dWƒÐ!øŽ7©Õ8Š)u$÷Î¹ _¬¾nt#l6å&8%v'5×}É-DgÇÀ1^À¢H†N¾’Il÷²J’½áB ýëˆKB£+Ôu–Jâ'1˜uÌ2/.ÑGÈ	õ'¡5ú#2…ÝÈ§9É´¿€µù[é‘¹’C°LÒXîN#*KOâ­ƒEâÙùf}2ÀÏƒ££-vi8úºTWÍöLnÉSÅÚQJ"Ôèe´!¥7ý}¤¤uñªÖ dÌâd £ûÆ3 Ovéu/ùˆ;óx¢àÑœŠÒŠ‹ê1²£˜pD·"2³AcÃ¤8$ç®Ë‚löC¦ÇLð5g`>L;Ð9÷ŒQ÷’Øõahæîö›N–OœãÙ4ƒrÐólùã§ÈF¢‹¸8ìÏ‘zu ½Kì0¯ïšF°—{»BŽÿZ}yosè\  -åd1¦E¸"*ð¦Ëƒ÷ýL½ÄUÀz‹}žØ˜fêhµ÷
HaŒå9¶Q¯¶Ü0ýxOÿ¾dnÊ±>AíŸ1ö­ÿÜš%… îÈéê|Óíõ-‚øT&±ùm¾ò8$ÐŒ
‰Ê{.Já);|ë”½Ô3(x~@Ó˜ÚèÛÝuHÅ¨
ówåÉë{X} bf³`>*k±­eÏXe”céáßó¤ÊD4Qð2Ý‘€ÛžéaÈÑžÀ)Uyë¸“Þv,(6ýb!ÝkìäÄgYEó¤úGº[–­VcJÈ‚ZažåÉ ˆiY• è¨Ó²*ˆ—ªN`-Ç€©Í@«Iôñ|õ–ô€Ž“I&Ð#«äÂ+áãã/Ë¸`Fí/‘áv{2[ç+)5÷†r9¬P˜8	JƒöâÌ˜³®c«œÍw#¢v5æ»öº«ä˜¬H/ÅÏü7PQWQ¨ÇrK•âÀé´T "ùl¡+(¡ØÆ¨&»eqÕÌñ„ù+ûbnx"LéÂ|ßÐ¸u¸¶…®Hæ$¨â §Y¹u¼)!gâÈ¬¢÷Ø~øµýÔÑsÊ‚4ð¢Ø¡þä»“5ÇÍL •UÉDæ¾H[¹ùAnÐëÅ«øöÝÓ?Z“ZâýÓú”ws&Œä ëè5/,‰œËòð±õc¿<ÒB3sü™y¼f$7Ï‚»ê8NÎcªkHŽèÄ— ¬FÒà*–/È].¤Ua¤|¡‘™˜`»)R”Ìä| cz(Žðgø±‘o…Ee”,WmÉaa´Vz¶Î5/ÍÂí‘‡gÿ`Ãk’Êå¤2Æ†ëN{/™{×A%ÈJ¥‚óý¼,ù… Ûá2©’«>¥^û«€›R¾¸2ÄþäZQ"?Ás|âæ’˜f„ø˜–¼k-Ï	Æ¥ÂÆ„)›&Ø½žžm;ß)gÓÝë£Ü1Ûml	›ðÑ›¶´6š›ó‚s¬_áU|7Ê/'8­4HƒS¦¬Þãx …nŒÕÔHìÂÆ3?óÜnf«SèœB
®L±8»·“ÚcS¹ãœÍ'¡El¤{ùu ZØW$T)6&?1Ò¡µ+œà+ ûÒP,¡Êf ¤ŒŽy:Ž>™[Üz†G3Aø£‰vU…‚ÉK%Æ±Ð^ù-xt">Ñ–ÕN-&‚pÊ!‹q¤hø2+`tÊ/CfM… ‡GÁb‡ûûÂ×jÒàûÞ¡³Ë¨Z`UØfØêø4!±H±E“Œ…å+S²}èôêš­ön`øâNt&_b@àgBbÙ¯4ÔÔ
›@tÕ¢ó%=$ŸÁ’ÞÅ´žÈ^DçÌðØ‡îé3€¶µO%Å6/Ý=Èâ¢qýúÌ£¸E¦E	*qåÛÀgÕ0muÀ˜³zIgAïDUr%2*Bnþ;¯5(ÝQÝï#^Wr/oÅ¿ÛRð¨ò•áq>‚OdBYvWÄìå¤Õ1m{÷ñE;ÚÊÍöØ¿5oõRÚOSz$Kìø¡{Ë¦Õ…}¡™˜švž$B2›„gtÏÛü}cu]˜‘`„†•@Š<á<â<€Xk^‡¬íÕUtwx-.%›^˜m-’p²G½ÍÝTKuÊS‚áÅT¹y6Øç‡u&ÒW, ÜVWä5”›&—‡çÛ{+Š9ÑhfäÙôr)µÙ~Äíh‡qnç_øñ ñs©æ,â„%}Ö¾l8ç››,3òwAÎ°þ%ÙzºZoŒÔ2FŽi‡û¤Ž(†!´&á0¢Poø¢û<-¢
r*ccNb† -þ'ía€7ã°‰5XÉ)‡ŽþÐ^`ÕÓdÿú°¨ýÜÁGïešX“MIh£ˆTæ£^ð:‰5	Ž•Báh…¢¤¬ÀIàêÿÔÉAJåj„D2°˜íKsEçKƒª•˜”þŠvóä;~Î¤3ù_Òô­+[*¼÷a¾e$ÙÇÞ!ïªÖ´š¤:N[ucèåÑŽgÎ³EºÿW $ã‡ÖT~Fv,é,êå_Ä‚üŒÔ¡ÜB§ž í>G8d•1ÄÞéç¿#p³ 'vÀ™s¹«lÊe{àß: h^Ó¸Äñî·ÓÜx÷† 
xÙ3É|ë”¯k Í…)L¾ëQXÅûdpTûGVá1«ÍÅ¨“¡ê5ÛºhEçÓþÏäwˆaÏê-þ‹O¬ÛÕp¬¼°Õy„¡Khd¢(í=Í•çâ 7æµóÇV€ÍêZfs´¡ƒŠ$°?èR”9ªDi-òÆ€P¦Eäè
îA“ñ|`~ÉCÂkÖnÞ’™j• Óÿžùóä2IA=®An£,è¾¶Ô‹\ŽÆÿªòžÞq©Iâ(S"ÃõDí)¶þpéa#NkyªÐµa\I 27ŸP9DNéIhš>bÙÃø­õæƒÇ{ß”¾r%æh‹“õ»ˆ¶dÇzÎk±°^P ‹Šöäû»uþDÐÒæ°SÉÀýÓ‰çby®¸˜Ú€Âé”åœIq#§Î÷5¥‰Ç%1c]FÉÅÊÝˆÙC|¡~Hó¥ÙXË™÷‡.þ¬{~[&"7’Ð¶9ž ¯þA,ujƒÞ›ò+L¼Ÿö`µÞì…"×ì aöäç*°I·<S-ÌÙÂv÷;òè¦}gXÕÂ‚Åè'Óîè\S}„é¼Â•ÎêFqàm"A„‰~µ»Ù¡*`M]
ddƒ• mhýZ=rŸã§…ŒÏ—c%–d;œª1aÏ¶Öv—àK¯(`¥Š$äà,F÷%!ÇéüÔ	‚ªøå‰KQš\9.ÿ{êùËÔ§¬§VÎ¤›Ú1	¼”¯‹?<­˜ "žŒ¦3·çjH_›ÕËcFÄ0º[~ÀdÄº4V#o"OòVÁÀ†ú{µ<âu#à‘Õ5ŒwëÑµwþÒÊ¦ábÛ¿r8#k4D¡è³»îé!Ó|©ýu!Rö>GîâºŒ€eT‚·PLÊÚO¬Ÿ9CVßh ó¢ôU¯6Çÿ\G©¡	ˆ(ŽJO®¼aá®vfQK³ÂèJ6.,:¸1RõãÕÛXÓž&“Ë×Á=j‚¨#é”ç?ì{ÓÙWÏRù?T1v÷{«Þm¶$}ÿòZ‰‰’
¦‚n4Òi©ï>d¡éuU³ëèkÌèu‘SŒ«àÙNþ:³k]}_iå‰¯?Qà×íÓøQ}Ê‚ò8ò'’ý?IÑŸ›¬G¨¥únÚòðtXHHuÔ×Ü»b–Pÿ¹uÈù8léž·ëÒ#+Ê£‘¢v?¦Ê«ì}õkèœav¸æä¥‚wjù­¯¥.§Bø:J±Ü÷ô“PƒûýSÆ™9…‰‹GPXo5V_¨´(Kæß„i”ü¿)ÐgU
42`C2¼–S<Ó½ÛÅº`Hè‚ÖR/fÒUôå+(?ƒC­ç´ï¦ƒ¨2gá¿®¼š`¥éxW•÷;cËÅN“Ë)‡~©÷Ã“üŠ¦Ÿú(t´¤7ÖQ	FMÕ<lÃÖ>^\\}EOdx ìQ—1È¥CÎ¤fEã°i¡ï:nSúêV–w*SJHœ^3 Æí²¢N`¡Š ;\{'¹-ß·àŒ3Ì¥úyßIÕ™9—•n´rÜyæ¨“ å'æ€•›³Víè¯x©ï”2˜ó¯NÛhQ—ó¯ÅhmtŒyépw¨GpKìµØ«âälFhÜã'Èºï`µ§•ÅyôHÙÍUnË%ñæ¨5òô ƒåËé‘fªÈÉx‡Æ2å‰×FÉœgQiú-ÔºfE«ú6¹Ã­§pZ‘ìœH$T†hû{n€ËD§ùK'»qzÃúž|È¯r²…uAq¾àöë9¼ñ-Ò‘Õî£ªóŸÌq»·*UÒ~m<Z°es3ÖÆÃ¶AˆùÌ”³pªmöMóÒF´©æ'`)XQè ræs;}ÚmÒ»ˆ^¤Ä†w0¤-ŸmÌ;þer˜øB	Ñ”p ¯³_,¤ÙNLWó@Ñœ'/,k«_ŒÄi;'»µNÙ½±Ñ"¢œÍ”Á“Hßš(ÙÓööR°O)í±IâãÉïxm"ý•}Ãâ´ž”0Éšÿvn‚…üeâ¡ôŠÀGNöÜAßf™õNE•-‡rC¼Á …ÐzYiÊ@¡	îvo%ø„ç©{å3©&‹ªÌ¬«ÈòêðÜcýŽc­,7lÁiœ?”³ïç4êÂKŒÌ}ùÈ–£JNy›ýõúñd…þÅñáJR±YËR‹7uTzè5äœ‡ÎT¼ê=‚º/žïÈ]¥ú¼T¸7ÔŠÓÚuÙ¤>ÕÂZ›fÍV®Ûîã€îä}¬Ò±²ÑiW…À®à™±}Gñ/ €çé€ÈRo#û§î´ø¯U*,öágË«ð¨"òÆ™ÖÇÕˆ¬;½o÷Á»%´D%Î)Ã!eÐ¹þ™¸|´);rÄ0w®ëÛ­vÑÏÈ]G#+UÕZmþ&SD²†ëë¹åå–å~.X~ïª!·BÄš«[vMóå†/!=yøÒÄdà)H£\ÂøC¯!*FŒŽAXlCÒ­«~£þr½ÐM¼öi1rw¾Gž<ÞÊ¾ÖvG¡BŒ<à:Ðm™}ŽÃŽo]Y-h¤'\&ƒ»tp4³÷¤â‡%¡ÂŠÀÄl˜…Y);&6cmO/XfC4%Øþ¼tÝÏ *„;†–òªýÙ™‹·+ë¾9›¸½`CÆ¶ ÅiÜèÈ1/”-…CS:Mö}ù—<ÑÎ0! ku0$/ª&%ÃõŽ©þÝÏËqöŒ
â¥ñ¦P‹‘ô¸¦›€éù  Pù¬f/¹RÆðS.IUýJóŒ[ÓŽaÇÒpŽ¤UÂo#bÞß›h¼«*NV²~/†rRfÞ›GÌ¤°°YÔc%úR†T£ÅI_~W?™‡Z«ŠÀí¸É%='Öm,9²gPE¹\Ï2ž»Ëü7¤_“`-ñï‡r—¶Ò_E”ƒe¤¾}¾q"ˆVjUVHø¿[+6@ÉËÆ@#óŽh@Æ¹ãÉqÐÿÛfÈòÎô–Ï!Î1YkNÏcÃLd¨øÒC=Z&ú… ’ôg+Ïb–2),\æ1¹¼•ª±‘­èå®že!Ñ'½­KûßØJiDNgt6ÃÒ®'÷ ‡þm’dšèUB f+–8ó +#¥Ç0†Ë—÷îký×û‡Ke½Öü|íß°*`ÊA“/‚ôÀÚ"'é£+Eyõ>Ñð@²êäC¢¥'‡S1Ô­ŸÉD†ü„N	)ùÚ
y›]D;XÔLðøX…æO¬Æ¹Eg«üø]¶"óùÎîÏ×WwÒ¯îÀ¶êÏ¯x´Ÿ:Ci¢]WÎ²]ûýœÌÀ1ŸÊKüùŠäŒÁ¤9‡£Ï¾’E°-åÝl´Ž7“2¬Ú/²M•eù†„i$6k²N[x¢ë6Š:K2žÈ]öH€;š1QQw—¥ ¡¥	;wê-I5ó8A[¢”	’ÂP3†4Ù
\‡–Um ËJš¾ÞcÎ8†³<ˆf@A­ºdÃ‡kµí‚ƒjÉî¬*–™{e[ø—ðSË^2ò§OT_ Mgä“t9§T8LSh´É»ßrÕõ˜¯"<ùzH .ƒÏxW/qÀCe(f¹”s˜j†ül@+2àºe¥ú?²¢}Ù¤ÿÊ—AˆÅ”jhú‚&åZ–âˆ8ê±‚®]Ä¾›`@ÐfºŠJ‰­@3úY¡…hAèœº†N'ƒ ezŠ¥‘ps>8~zïnÄð†©?äß:vÇ0®âž/¼›î7IÍÅ¸¥ Ó'ö$À²TïŒžóºãCôÞA*UüÞ1Š‹ä²ë3*¹áÊ„Ì —÷% Õ¿ï°wdå–|¿¥°‘¥AÍ.‡°Ÿ`æ_ÀÄ™DT#¬µÌç²mc+¡É¤—`Ýã¬éÜÔÞ‚íµb…²·“N8ÌÉ¤n¦`W
}/¥æ¥”9j«ðïhš%fìL€èLH€+×B6Kä›¦œ—Üð6JH„™jgº$qN95éÛºDžCyÙÊÞnÇÅa¦3vÈ!VÏFKµK_•¬òù—Þƒ™àÿ!	{	÷9éñ¾În †Z&£ŒŸ!=NÏ™@&y]/Ð–û^+…ÈY2lVÀŒ0RêodQÌ¸pwMå…WÊ€Í¶ˆ¿ÊyŸÄÓjlq0eAéØäûÜ=ÓÏ0¥ŠÛÀI_Ý¦cw³üËö–›[žìNJAm‰}Šp@÷ÝDº¦¢*©ö¨í×ÏØë:Y´ŠßérÞ¯¦¾¯Î%Œ‹£NïØDéƒÕ~·ñOPå
úhwY\«+þÑ±AU7”u’J1eîOCú!|ŸtÖ3…ÃæreÕßÊºÈHkÁ˜Ñ‹ª™µÉ[ TÿQñêÛ.8) .ey7¢Sï£É9Ži«÷üòtsÐ-=Mhöv\ ¯tl|&±é•Î®+Þl/õÅÚKÅsC0Ú†,]€à}mÿ‘k|,ê§ÍâgR>„´›;ÞG²PQz)P®ÞÏž:Š¡^/tù31ß)ÕäË_–EûÁA@rõD8ßú8œ67ñtÖ?·sXD¿`9 j…^¢é=a¸ÃøF;5¦2(Âx.¶,Ô“ÿ`Û@ïi^xÆÊ§|¤Žêïúl2YÍœñÔcƒ˜÷˜W¸t©˜”Æ×ÎÊ1M}‰+Ä>¯~G+y#Í«ùqÊè YÃ-±Ñ6´¾"ˆÌKRg³a·†¤>ã<5Rí†¾ X>–‚|$Àhp((‰É4ŠÅÒîNä_TßXJfÀÌMÖ¾¾°áÏå¥XlÁ÷/‹Áa°Cy ©5u’æç’×ìªC²¥¶àýb&€éØ‡qýTô˜›,³[ ³Ê*[ÃQAÀþªxb.úÀÐwK7bj3†ÇˆeðþüWÀnd!U)sH‹òè/²´Ï‡¦V+ð'¢
¶én»î$ÅÙ]‚IDÜ
Gœ»çHsûç_ö©¸{J 8{kÈ§E1™ùÇä‰b_0tÍU)©qUÙ®i[ž1øÄÀ·ö±!qAË@ÙÝ´¿½O-êzžW˜¹$,º¶‚>|„~«â–º²š›ÆiºVs¶c"è#1wÙmŽ$ªl.§çŠ¥¯q¾8D:–²10PŒÅf:o#âKÐØB€P¡÷hÖ&PLXÄúÊ¦!ÅJm Q÷þòÙw÷Ï•ï8¢éêþ¬Dð_Ì!²+\î‹Õ;Ï7J‘’6˜¾ê$JŸßfëºõÈ-Rt? ázŸ»—-áS¬Æ„É\zw›W¢C~ƒÐ˜0Å1 ð‡÷¬ù_õÉèÓ¡,÷!Æìe vC‹þ§ÎEŠìó:/«T³‹eKä‘êÄDúIôÓdxQœcÉÏ?þ í$ÿ+^/2s´“ª©d–·¥Ùq‚–?l5ÉB™­y¤IŠ¤è—ŸdqZ@GûšýMvÜ1ÉpüqÝ$ Î?Ý>Ip`9õ]áÂ©¾€“?ãÑZ·šn›¿1òòÍ2Ô—=Ø—¸ PX’»Õ¨½­œ
ero>SHwÂ+Jõb]$ŒŠûÆ:"Ò¨YïÝyxÎ@âè6ü1dd±qØV!™lZ|4!YM»wQqÿ³ä:]RN²eaE¬Û¶ÿ:Z>fÆß¹‹QðÓŽÛ{¸Œó’ä ÙfNÿx"
G¤øŸû6©õ-­ØÉËgNbæAPÏþUÿQ²µçS½$4*öø¶¾SP¡3¨åã’j[©´Ó»ãn¾‚f‰ÿs›=_ø1Jx:Gü_}K-QT¶ùRC;´ ÓdW˜ ‡«e_ôŒÛ8 Â”SbåkµBÿ¿@§IÕlÞ’®Ù¦
âGFWµõuºeáLŽëÃé‚Ña’µ#¡Œma…d”Õþf”<>ÇýPÞLçåSÏ5Ãƒ9õžd.ÍxÝÕ2 W§8 ^î„Ñã6jšªBO Ÿ*¯1çäO7µ—Åù37!¼Úº~1“,c˜_t&ÇÁæ ©$¦ul\ìqE?½IJP¸ë«CûÑÏ[ëm…·&øËxè„Önuñçj¡5Ý}%8¬9j>Ë–æx ôQæzXUããvPRùC°4¦DöÎ˜ñ²ßÜ«ZW“Äx`í<½{}©]Úw­§¹p$ÌVÚ&ìñÚ'dñ·@'[>oë…j«4€-âÒUÛž;Ú+ÜÿÎ¡í±ªª@N+óÈ¶bÃËªi¤cédÌ~y$åHÐ[Hx˜ojÐþô¦œCnCXT@`µ’Eì_+°ôsNm¿ÂÆþ"2‘« œ…%‡½ápÿ\åèFºY¾€øNUÆ2£š	¨Ä©*žªöNÅôr] u. ³çå¦Í0#/‘d¬•<Ëù!ëyîHç8yüHh+=Û³%¸§°/PÐU›Ü*µËpÕú1<©–ë¥G&`zÿDÃÞkÅƒYÛd˜U‡Îœ4c:>l™l5º´ãfÑ`Ê§MÈñ/ã–EèÕWËõ·Ø5M›5Â·© úØCç7Ó{2…µ’÷4´ã‘,æÁÔk™@„m¦F¦)§iîeú‘*þÙiq¥ê>
·ê?ÜÒ›óþr†ésÓ2çõ9å-©|p3ü“ºì1æ²(ø»HH5it×’S›¿U)ÑnÁ„gdZõådvO ÙÔ]%÷?.“ÄN"ð òí¾iÿ¡TRÍãpÿš¡š ^DpÇ‚
#oÏìÑ'ÐÜeˆàwã+¬€¬V UWäüòqÄ¯YkØù,Om¾=þ­_¡¥‚#Ò©ƒ˜R¬Bà0²&ƒØ#úîjÝGî“W»S@©6çQ…áy|S7pnÈÌWáA­ðHÁ
›&Å7Ô¥w{í'wdÕ‡Á‡9|›b£€€"^·2’Qçè¿Bí\Ì¨šZå+šïòaHé3C†`š™¢ü™yŸÅ<z5ÒFË'ìŒ¾™y³ßsqr®‰¤î!þ(¶Ëì.N×ÊðtŸÍ†ÚOÅàYh¡Û Õ™:Q;~ÎjëÌ!ÏÜy¨Û–·ÉÖ?2ýÝÍÞà—f”½ˆ‘žúÊæ’'Ÿ7q?‘<«ù+$âø”D¶Ð/y)
8šÀq„õr¿¨¥+5ˆï“º\Ç¾”N A·<99àÞµ¢‹4ä¼_™¨]0±ÌÀx_i}zS0X%³~Ðgç!áqÕ?­ü{•!_à³÷‘8|-(uGÄªu'ÊøžÚf\räØìÉöÇëž6§-Õúægé:š 5(Gj“\B^€Ö<“M¹Íi³"õõ‰8“Gg$q¸8õÅHãaø'‚¸ŽO¼ ¢gyF<ƒÛÕÙ“M¶‡^ 6ªØ›.Ã{¡þ
¬âýÃ'q?¸ù®$ª4âZû{ÈU#àZa„=¿8$U3³èJ^€PV‰ÐÇ1è†ØÆúÖ`íÓí”ZX"æã÷Jb«ŸM®ØÀj¸wØÙ¢o ‰`Ü×ÿæghRüE³€†þ3w:¢yµø@#6”¡)qãÃNà‡Üº×å#Ù» ;aWþ¾ïöR5©êðÅïM…²3^‚º=7Ç\#å³bù,:v+cù‹ã¿/¦Ø˜H2öšìrstUˆ¨ç¤n¶˜pþ5b`³Õ,WKQfÀ¼«ow3ë$ôlú #
„•Ÿ÷Î•wÓÚŸ­AB@ßÌðˆßoq^›äµGÂãª!*WY¸›ëû~ªOö&ça1Ö0Ž~3‚§ìkÞA˜k•"Þÿãò]Ùº˜½bjIÎ]Ê ú?Ø:°›ºI„W/&þ‚E‹k
pí„…­¼ÇTVà%¬å÷ía)Ûˆrj[§hàÒ—HœUÒZ±^š•¡Qø,Vþönï´%Êß”ØÁ!åaH 9eYtdà|¼iØ\ÛS'ÓÐ‡ ÔúŸK€³Sƒ©“ š\ÐÍz3÷
árÚfï«Ï™9^3º«œ‹îdoÆöƒthÂ`I.)4¯çÒÁ×UAØsªÿÜQ„ŽÞïˆ ºzüŒ;OyÇ$yR-0žjÆÇ:3­€—ÏnÉÐ=åÈNžn$­Ü9.ìÀ\ç>³TÕ±=Æä›ÿ)O[½É°¿•Þ\æ•É¯®3z;‘t§]?PÜóï¡p˜3´U›ÏŽ@Â¦±Ã*¯§ÿ«ÖÏrÇ^SwÉè‘z¹‰–‹¯Î°Þèê7o_ž°§ù»eŠñ¬ÇÈ¼åvâî8….¹ÂÿWnƒ±¾÷M[X·uÙjDíEòìãüÃãNàVŒc'Áü;fÛ1¥yXb/)µô`™éçÖv¯ÝIñÌ¦³ üaLg}E×ËzUèùò*Ñ®ßR±“tl3Q¨^,_YÅ 
eÊsÆw©Ñ¤Ÿ¯yßl+OŸ2à[¤^íÓ~„O¤ÐfÞ- üEx;~ ©õl}? yu]…8Iå3EB»lLx	93Š €­ÄJy·žaAm¢Á¹d!LYó™ýýáÝIô‡ê-™~–9IÚ'–ýÞôödzš£doÑ‹×¯$1³£r¤¸œªß§Ú¡;©½|Œ€ŽwžL{xÒÏS?Ò¬ôòu
“ç­SÇ‘zz™ã»e@ &¾`Ö_óóx–jŸýáTT¡¼Û$uàPÅ±0R ‹¨à%tç†'}ƒ‹«š1Ôø0ÓžÓfó6pV~dhf¥@í×ÝE“àÀ—x"Šîû¯–¢F«/mV_ÔtÕïjc¨³tæ
…¼O*örÒO-.¬ñGIÃNJd*¦Í¬Øæ|˜¸®9ÜJ9|jíüLÝyÓ'i6ùŠ|Ü×ó¡•LÎFX•¿PŸ1œf 4¦§7ïBAÉµôô“F	!¸©¯?Z›LàÚj	ÑÉæp¯[¿|ãœ—GŽ |ðJ¾/¬‚ŽkìNÒ´‰k’ÒL«‡8oÑ¨-£Ã-¬ZAsÚJôvÌA à.•~©{ÄLIKÃÙ4‡“­W2H^-çÙ1zK¬F>téÓÜäþßæ¬SÕÅ´¥T¶â{²}«0žc¯ÝO™ë2òÔ(Í•žŸ†S§ ÂÈ_¦–ç›Æ‰¹
ÂžÚ+^Ý©ìjI’òFrÔæÓäŽjñþ
ÄÈ¢ ‰µ{>ŠŒ³äƒ^¿#çÎ¸.éOÊ'(ª¿‘î¶Ä‰ÈÊt†Dhhÿ)`¿€´ñë~¯#Ö6Ö±Ü‹Qï8åb9óäc‘°j«nß‰Íf[ wQ¤ ]·d&øÂÏàæºã‹¯Þ’zMâ®¢hÛÛfó³*ßT!k=+%÷ÚÃ’„ïGÂœûÏ‰>æc.;çª;M¹s·\MzwwQž1{è)‘dÛ¹ÛCPTžCO•7DEW„rZ}âF"‚Âå¬·ñçc¨re
~\ÛÛ¥u÷õûH¶û¦]*zŽ¤ÉüUr™%K‡1j}Î4!¿õ«LŽ[ˆëŠ“Gh
ÚúåËs”´>†p‘Pl4¡_è¸Lëq
ü=jÑdLr±¬™uŸ.$¶Tãä¾!‚KÅl‰>ÿÆÉU ¯šÿ.&Æ^UÆÏ¯ µÖx­ïðSÛ×[yL'Q%©UÔ†XÝs'ûÈAÝÏ?ÐøKÒÌ>À\hH¾‹äP&÷–nAøÛ‚¬/ì°ZÊT‡[Öˆ¦×GÐ—¡
ñ†ö¬õô‘à¯°•ç˜zÞA>I›ºÚ1Á|¯RÕ‰ÉÍ £Zók.þéïíjŸ£º¨ØYvøIÞlï¨4°û>(©ÃÑå#GšížÀ²L-mÇáÔçãšE]‹
öwØÿU0ZÃU³7=+°‚â)+M[ž+†àÊT®W`ˆ^ÌãUKõAznn5¤à7Ï,L”îãLO/2ß¹¸æ»ºûm9öƒjŸ /Vg/ÞËÐf¤…€ê™m—K#ÕK†0"'‚„Óÿô8uaZºR(9gìpO¸QÅêt¹uß·º‘Q‹„*´)_¦‡t•¢mòAQ‚,â4Þ/Ð°i¸|ûè½Åþº’Ô«d·2®,r]>4^¾¤HznszÊGY­ÛR–øNÕ÷ä\fÝØ`ÑZåMhŠk>1b½\~%	i¾AÑUc°²JNYÚm—:ômlØ‘ós¨?ó”:°j7e¢¢$™›É<Lèçìv‹ÛŠ“–^ÅKáh¿ÈªÐÇ *&•ÿIdB|2§ý™…Q-Ó(-ObÄ›úÿø± °~ƒ½UA6^ I–YÆð{ì@c/®¾æ½ì^d×¡…ÁÃuüà$ÛUO_ÿKú†ÃÆ˜”°%u\¬\ÍñË¹Éx…ä8äj–Í[—lÆ¦›T}¨€EØ’ã1Þoï¢l9h›—ÈWÕ›ñó#X”©ºÒf 5”|$’Ýçç[óðúz`HD…i«g‘›iá…"#ý@®7µÚµÔ}Ã×½×Ýc¦¢§}$¾jJ-ù!Wcâä–ã;9ñ
œ«ÎG¸Gügúå››jX²®ÁƒIL&ÁÝ4ø\_uñ`¶l“åý4›.6¯Åzõ”7úØ¦˜*ÿÐda§Ð–èy;I^ß-
/ŸýÆ¾È‘Ú"Ìs*O¢{ßÅôú_iZpáHfŠvŸ-›ÚhPù­vµ¬‘ÿÚBm‚÷—Þ|!þzŠ¨:éÌ	] –ÇüÁ«1bH<æ¥N+	úìøkï·9Í4À¬« BDíš…ÿ2´w®‡D¿°…l¼> 3µÔH˜NVè I¥Œæ'Óèso;oë^4	{´Âu©jdGßÔ»—ò€Aƒ=óä Š·øÔ¿ ~×(³Qy£®×7¿Úv|ìÿù°—#~ük·ÿN™ÚˆÖå×T‡Ã0×qpü¼pMiÎ¥º<8â,2+ŽÚ'‰2€%’­îØ–êÚ™ëß!ë`YÑÊQ,k ð;I7uÆ»±Ð  Óü¶tÁ	â­ïÃß1[¤´uŽÆ‡b<@õZC¶þàbÌ	‹Fªù	$M5Á¾-­œþ‘‘?tzpƒç'Z#·YEÙŽ‡¬67lñµ-jª¦†`×#ÞÌøÁ‡ì¨iËeHs&ëËŽŽž½¡ãÍ°ìtQ÷?€%L{ßhˆWù#'W9ž+•¥Ý)NêÛa‚¨ÏbæEüßá·SÖ+¢¡1™‘9.Kµ~ð±› ©O-àðü1å
ìˆmÜÄpTÙRþþ·Eû/‘¢û(¿'m|}@Ê—D!p±oühÁ˜Ã®ô±#VI) ¸Îî' ïÚ£+ñº,.üF´ìsWß“ebéÉD2¥ôÂHÃVN þ&‡¥9Ôìag^7Df"žwÁƒðâq¡ð÷³ž¨Û-õûvÄqÚñ­ÚRV_‚[Hªz]ôjY¸HGËŽ=JHVH$Ô…o%–§ô*B)P·(-˜ïo¸i*U9SµÞP``ª‰qT¢Â;šÈ×µJ{Ÿ%,R“Ž<3bìdÅÀ¤§çBG½˜EsÊ>rì¡ð+€ï¡n+
•ÐöN¤9ƒW4›\cC„ÉPòlã¥§[!†ÊcOðu¢Çõý¡û× 3ùÝ!ÉÌŒ¥YŒÌìEî&5ÿ[+@ðÎoa²Ík™þ¨±‰Ö
õæÌüÑNukÅI?ßÙµ>òDˆÂ{L‚QþxT“Ÿÿ
ö±ü‡ÚZ›q*L
½#¦Åç8Õtœ3´¾•*eb
iXOóôªè9h°ìÍºý…6­”VCÚgOp÷aŒhõ	­•PvÊÄFWõvLL§Ià[WoÔVp@Æuîsæ÷ÖÃóÉà5fìÌ‚8iù?=»(–“c{§xÎc½­Þs1{È`ª)(Ôwk’»]Nzà{W Ä0ö‰Àô<%Œp»ff¤d¯ƒê@k±I!œ(û³,Ø—FßEÛI0Ø›a1ñô[eÎÊàFsÒU”=1§·T$HÀ ©Øv·.¾X"Wß”ãIr|6m¡-×°,qGZ(Ì/Þ3w‰ÚÝû”Î&n~UèÎ±ÅªN%+¯’”C2È¤÷¥tÇÜ”(éË‰hÐÕ*ˆxT~Üó‘Q)8óA®þZ~+pcUïjÙûçH3HG“Þ“lxúfðÓº•°BKªGÀ‡TàqVô:£²¶ºqÍv_$PHZ£sŸ^÷”@y‡Å31Fö£hPV9t÷ 5äu‹@7Âxm²:e4]V•kbhÏ>dR¨=õþxÜé#ã½{‡|–PÓ3ì[Ös¤%•6ö‰ò-…}Ì/ã‡ÝhÓ%è,0"?pw4ö0ˆŒ÷À±®Ä„B”ÛÜ¸?`Ú›1­›ŒÆOFw7ï/£]ž¥ê‰AòÍ©¶á‘‘k•9(ouýÄ,ãVšO2u¤Ô«âÿŠwê-ŽµäËÙ›Ú¯2{Hj(Œ€z¯¾†SœP@©àäÿè­ì@˜¨]$Iv‚ZaõÆ	ÑÙ(TwñµÏ	]Úi‹~‰J¿¼ãiPhÉê>f4P(+@2VVNÄ×®U{Øb1ŸØíù60m©î"²¾òÉ›ü¶²wz[IÃ
~veÉmëH<ûºå!PôXÉ'	+$ q’ÆÑ(…ŒI:“ô¾{9ŽÄh¸W'yc Ö®tÔÌó;4ü0Èå©u½8Qˆ—RKÖKe0\ß³:{Ï®ºôD÷L:Ø®PK¹nøiyyt1&c!›¨ .HŠq¬^¨¨®{™Ò‹‘²Ò„û\7ôÌ?XŠ¤Øl¹ÇÞñB'yVò¥#Ù~|óûD½Ö•j©Y>/»Z 3ÿé8å„©Çù˜}Xy÷¨nü}Ñ}OO6:gÁK“üÞ>æ+„Q¤e{vª^gy•\ècçóGP¹%’ÕÊÎ]ÄòÔøBÕ^×^w#z#Ù?GÌb'Ñ¤”RÍQV¨$(ßJ[©\»ú÷ûAH))ƒ0½ŽéŽN ­ïÆÁº?éŒüVfÃ‚ïóÝ]YíÖ=±‰£ƒ\ƒ"=tÇƒ,³æU]ín#û¸-¸¢CÄÃÔë²•ñg`ïŽHwˆ¾'½å‡a÷^©Üx+Ü-œÀ2l}Xo[wxÞ"qYþÓ~üU'r˜KV‰Z!œŸ÷æã¼<hÝç_Û‚pÂŸö2º®œm	În–ïS×ŽÏ¤ÈÔ8V#ïíçOw·#¿Ùãh!ßWüH¬#”ÍB:Ûp„o¡þó…£©Ó›•Zt»jSÔn™=ŠÇ³]!4e¹Ö–Ý2”%Š2ÅCD2›Î45mÂ˜õŸmó];AÎò—+çÿŸx`ßQå:.NÁÅÓÅ\a\ôbu’¥«Ô§yË÷ü=Šý\ûýéI?†18WäýØ1öÞ/¤Xü¬ª=ð&0³QW}i–Bè¶ì¤ûø,{Õy¯ u5FlB,{"Jç¾Ës÷ý‚»«kƒÂûÄ–»Ã"{Cv»Þí³¡ƒ€ôú,>%~än$µ>m¸/& æe#«øË¾ÞWûD'ú¿(±'tô5r¥Öusa$¹ ge ”ñC§×7É‘žY™´y¾{¦ÈÂ^-³Ê2¼Ç¯Úšj;ðTIA¶×÷ˆ`±±™§@kë`Biëk%ê€`ƒ ôúæ4ØÜäò^öÄM'6¤Äº›åÓ4ÔÿÜ.õÙåjÖBcï­ˆ¬m¼_Z€øCld«a!ºÞj?|¢=w“Àc~˜¶5(ÜceiÓ	”¨‚‡bÖ{…$C«E:ºŒ<MV—‡ÛÚ»ìŒ£·i–ò¦N-Ñå°±$V0”ÊÖ›Üå‹Tqâc,XÍø¼¶ôŠêÕX—™ÈœÕþîzýQžÎ„ÇÇã/NßzU4á¢N”ù²»þÌ–ë²¯\K"ÊAE|›«{2D,ÓøÞ^æõo)Át"³Ì’ÕåZ?…ct©÷hlú–A8‹;•ÎíÄ²´Ö`· l‹ÀkÌ0•ÛM´ZyåÛPL X	UTZÓ:Þ•ü¦Ä%'<:ÈÍ
APdÍŸUAÓÝ†šÈ^T•ê«?¤³ñ8«_OjÃúñàÆšØyÆ•8X áb&Á^ºHc
>	½Ú3™àÀÉE_q´5‘[Š‹ÎÍ[R¼Ç»¯7î£Ó{°LI)FCq¼‹s†ïô<6@DÒºm_ïÉ·Ç_¥’hq°œ(¬ä›JBTfó/<TËÛH¢7‰„ìÄ6m^®°®cl‚“KFÖé:ò×)ƒŽ\S§žf}¨X‘;%#¢Y¯L:žû}€aùÛ=—z¶8#ß“ÞuMuxQX”BòtÎcªýlì›_L®iÝA„Š
6cSRùÃ96+OÃ9·AÃ—²&|…;ØÄ‡ÀœŒS|Ã„ÅKÞ¯¢Îˆ£+sÍ"™t“qÝ!–<Iþú˜Gˆ ?’œI†í¢_5 çt
yÆ;þ;oýfÝ‡ñÍ•ƒ‘Pn)c¦áì2éT[S´èWž•ƒˆ»FEþ‚šý®ZîŽ³(Îç£ŠèÜBÀˆá1$"ˆÂKìß<å¸fZŽ»tÂîö-êÎp€Éó>Ïáø”…ÑÆÚ­D G5Nj[ƒbrîÖ…´Üý¨lç‹¬#ð…Ù;/sÂ¡[‚]ùç˜­Ì»Uz‰ÎŽÒÜRÅ÷—ŸF÷ö†Ÿ‘/þ"×r€XuHÄÿwå²@$
~l&‹ þX,5ìñ	©Eanl› âY³cøçö—ª=ïæ Ån)þ‡Ó¦^ñÜ÷â5[µm>&ZSWÚï~ë^nÃ/áµÆƒù„ÏdLÖri¿’ —Ÿ+œƒ/û	ˆ~¸¯2ÿ£nÙÛÖm
óú½?‡LDª¸ŒðIwÛ¤àzEÈû_×Ë
Tµ\g²©Ý3|’mBí¥ë˜á›¢'’•ßZ5´"—J ZOQÏÆOWK1ZãÂ“Þ¤ç¬5œ²‘	³¹]Â³nâÚ¬ˆË'é6Lò®L±ÿÄ©Œ¯A’‰;+ü(‹>¤àà»ÒP›Ô€Xr·šÜ¨4÷ãÏõÌHµ‚Ù7jNmà®
Õå×ÜÂ*P²ípY€Î4—Ì!ž2
-kûo2›¼\ë»«	Rš:õÆ–Þ½À¿¨W‡`¶²{Ž*¿€¸qª­…wöG9ÅmßüúÚ Â¥+Sîæ£‹G£²2·Å›öíq0£$ñXsW
àÐAìo¸ 'O÷ýë,·±“×‰1Ë›C¼S^L²³-µPrã8$£#G}JËªcùPåý¢A+²÷rLý´ôâeYfæq8¦4I€´ðáòªÿèk“zæ©Ôj"O´Áß‚»Ò«	õRã‚U'YÁyKà—Ê¢põÖˆ¨Ê÷
%öÒaW«‚½½ÎÙŸÕ¦úñ¹~Mµ¾Í×¨XeŽ:<®“ÐVPbtÐ¤bîmÏ_n‘§ñ5 EtêjÒ”uVÿë83¥³/¹¢ f‰ìc%zn~(·—G¹£1¢_îŽ£©¶ênB•ÏÜõÅgˆÐ‹ñšŽÂ÷Q˜ÔðóºW‹2‡ïÎÏK\¼|çãöhy&ï}×¹iÞµØ¬>eˆ*¿Öï7é¦\Ë—„áèø¬`«èŽ—_Õ75|¥-“6aBëZ!§rmï,ý9}‰[Ý•ð9¨ua7ÿäh,]´4ýÌùn,Vw½7€Ûÿ8ÓßÄr^î`x’)ñX12¥ó^Âk89è§¾ò„‚À‚ˆÄœ‚¡ÿWŸö¤Mˆ@–çt£zò[Î›£Kv€÷8ò":Wy°“úÚœ¯ësºlÑå³Í¶(¿©Xc^Ríî˜“å 	ßFT¾ îÊ‡#n1!Ý{*Š,ŽÆ¼ŠnÔÎÂñ~œâ*G5«ÿ6®EÜ§¯†5#ùën„_È*O·\Ø'âý­¤³‹@‹g5UUáUê?“ú™Ü ÷ ×Ã¿Qj\Õu¢! Û,|<NÌÍWÝÀ«Y	*ÃÆ3ì@ ö‹¢2gÃÀ¶,²Å· q6ÝzpThj®°„ÜŒO¶]0DGQë æÐ#I)PÞ^ÙÖ\{ÞnÀý%Ôk˜’
¤*Ò*$®½ÿÀ“ý—³Û…³’sé’l5•Äc˜nXQP’sºÎá»Ja\Z³LæOÍÄ`l*"=Ïê@ç[ÔQLŠaîEËã÷TU#ñ,=QõHñBÆ†-Ú)Ÿ%í®Ý°ê&'²åª„Ò]ï/¤'¶M4`æÓ§¬—¡Žœ«)ÉP¬-ÇãÑÙ£*ÿå[ŸÉ¥Yû¼Âµ%­7Ÿ=	PÝÈŸ›Å;k?¨š¤Ø©<JîkûùEà@ÌÆ~äñÃGåR8<‚¥<×¬i¬ó«Õ–È±QÓÍB,¼#¤¸>–@Á[x	ÉJCqLNq¼,/­ä4BÊB‘=­2ûRXI#Osž#ç_wŠ,¥,Ö÷\ZYW·s	˜9|^(gIÓ`Ã°à"Î‘‚kj³Žïÿ¶[ßß²e2dáé7Yð$¢ýG«Ïn=ƒ¤Ž]æmv¼vGåw<â*±§Qàùú÷V„ôk}JX›ÐÎÎµÀ>¿DÀŽgG{—–—¯­%Cã›ÊØ¨FÜ#Z×î
¯£ï¬bšFèˆW'°1–S5¬éÙ¾.&:PÚÛÅ$î²ŸÍ×|™&ô…
bªszoéæ•Ç“œqmÿˆ‘µ
ð[ôÐ³“X	¦aU¥ó¶ß“Ù£nhŒºØÎ×Š‹HÁnÏùSv˜+{åÞðˆÍö¶Ì2¥öñ9«¸èÍbKDíøu©ŠÍÁDÔô¿å•{ÓÐ0Œù‘ìÈ˜¶+_ÒžÑ$¹C,¤ü5‚àÚzÓ_ôAêÖÆf^'ŽÛ˜]JùÁfÅ²…fš}aFõ®/ÏªnG'§þº:>Ïš1?Ÿà-«ªqøY‹	°§$å‰÷]ÿÒ#VõP_Tµö©Ž*¾ÿoÁÓ÷fÝaL«1^„Ý™Æ!b¦>'KZ64™Ô:M˜\+ZpSÿÔåõ<õ¦ÐëÌD¥ÎUúÏåãóz'rh¨¿Ê 9$:&*ÿõ¾ažûÆº)rVNðì.P*Þ1†[Ø&ê²\\¢]û¹Bö¢c¡ÎŽSÛ·?ˆ:Ô†”{NÉ{È	dí·kØÉ@¬¦Ñ<=E—¾VÕ÷­¬ò-B\_©8ùÄaoó^%7[{Z¨*8€Ë² =Éþ	(©)Eš:‡&C:&p‰;ÕQ³·ÑÍu”ày>c`ÿjõô{žîª»­nå•Ài!¡™±=9¬Á‹ƒ½Ð³Þ»Ý¢®o6ìGsÏq×¼­ß°•@‹Û]Â¢öÊ#¤æñÎ­»†ñ!WTžÛÕƒOªd‡×žütÆ{…=O†q›MA)<ÙíÇcÌ-¬WO] ÕòØØNü»~Pµë‡¯!øˆT®·¸Êsœ-£¸;«^€!™Ü$ië¹>ÚG7Dgý¿¬QÞË?¡ªÊ­ˆÄDKŽ>ë-Ž9Ôäï”¬ÀÖ:­RªÄ_4²>Eƒ&¢9=‘ýï#T)Éw…E‰½ÆNkîéºÿ>Lu!°†y¹@²Ck_vÔ=k•„”+ÐŒ6‡ôýï7AÓm‰×2zß)ë}ˆ8&	÷{\Rí
o–†ÚOÀh%	ïC}vŸò°qøƒxãZïlKéŒûOÜoÜqv¹ïŽIj¿• ËM))Š².¡ÿpi•>…Ìë›?Ã·ýÜÀl%HÖ²;	ÄAÈOjÉ­l\‹áÿù$bÿ°L ø¡rj9ÎŒ%m(«2,³µ5^}³#K‹K¦î)É³$Gn–YJ”JŒÄ·šciŒD?vz½;_k±7Ÿøa„_É¡d“hÏg§@“•}v`|™¦ã%ÀÖcïÄ’-tuGµÃ×IWÃí€¿Žmú·â<v®B9Œ(.ªÒùGV—.äQ/×³,¡UUR£mü®ŸúFˆZ&‚ÓKæÍÓŠˆëV)Ûð3œVb^.™”…]P‹xaŸ¯tpiÇM,E'PÇ§½ï8ýL TNb—–Œ©Â –M£ÆŒÝDéj›Iæ×øÙš¿ðÅ·DO#¬~ß½5It;õ,2röÈÜŽÃyå#è”AD÷œF?bGž+Ôÿ¤ö<\oìƒÑbUûHéÎße»~]Sõ)pvDD%íÃ7•(¹«2P(á›‚›¦ìŽ¾~%|dzË;“Ž%wådÂŸV¶¡¬õæFYñð9]ÿë^Ö‰ºµfi ¬_ÁúWéÈ
Tø£’Óý†@ŽQ[ÃvÃ‘¢Ý%ù EnÅ	ºÖVžpBEe¹JpÎà¥7¿Ë—¢€¥ÔCµ?¨îV ©×ƒ÷ Woì^EN$Šxv2Šk^£œ¶ðÐ{¾ócè8ÖÆ:ŽkÔšŒÓÎ·ìå®ÃñØþâ>Ü/Š©¦kìq´•}g(/ç’Û/G>Z4dâÒS[¦â5}ëÃ2É«ÊäÇM·ŒQUeQ%²,AO; ¤ÐúÈ Êoº©Ølá9ðåÅ{ôâûS~gEþ`G€C/›¤i<¤fÑÛ{É·$:ôatÏŽ²Ð%3{ö‡Ý˜?–ŸôŠ¦G:0¸ú¦¶‘Öxz¸¨›*l]\6iáÅo1¡‡ø\ºRŽƒÖiè®‘jë'l|Rá.n+/ ÒêcÞŠ>Óñý#÷ÒõdT?þÇÎý¹Æ9^£ÖD©Èò_/°ÙŒI ná»Ë›ÇL€˜ÿý5‘&¥sÖð™*$s	€nË}€ãj`›å	Ëºâ) 
¬É<žˆÝ² ÅQÌå´<xøú}€{Æ¢Ã?š»ßn&W1[aEAë´6bûi{ÂŽºe Šp»<äKóÊÐhì_3éZW¨ÅÀ·ÉàFÑæãm¾¸Å­=·nWðÊðºè’Ê=çÔIì¥Qöo2pG‰­Sv_ÎAG\õÉEf:œÈžvêF"Yo+ÅŸüOXp(Ç™¢\Ä,_¦M‡Ôã#ø`¼¥EoW]šîkJP“¥[*xöƒ#yÝXŒµn” M•!!;µÀE/ÿèQFž†‚ËN\Yí>Œ×&VÂZ=9²§élà‰ÿð©ÒŒ\¹ƒ½7ÎìPðEY ´&ˆÕ·zæj!×7îï›oÝx–ª–ÅoïoÂ§qR@N„™ ¢b¬³>„À™Õôè^&W"=[s5h±áY
Ó	íÚyò:¹ÉLçR	€å·cÒ¾ýð
if³ŽÖU(’‡wàû‹t­º¦Êd]¥á«®ö€pÂâ7ð3I®T:­Z¾£R	üUÐNQ
¡Òl-~ÍW;eì"æ¬yhh !ÀAq¡Æ:0læÌ˜õšF–Ï8Ò2ðŸ]k>öíŽ>Ê,è[H]"2”Ž¤ éY<KÛåýuof¸š*(^úQçÛ#|nçp{uír:«‡¦þ‘²™ÛÍ7!õðcÜ“]w;æ$oF Sl©z=òhE,&§GþÂBY#¸ i1…ÇCZû®|3R/ME‰F­´‹§h¸Õé¦4ùßÍ÷‡äTIñ¥Þhp¾Ö˜ìÈñ «³@FJ
pÉtÁ[u´´¯!¹³éW`¨ââ:ÉKÃ`}ÃH¹L+"æ_º6þà„}G*ô²a[Ãp"ÕhwÛ-6CCéIüúýK8¶*¯E˜®¸êñ«Âgû›þá"ËÊá`s”7µ‚³’¶Fò«åœ´L£uÓ%Ö÷(éW3Q“”Ò†çA²‘¥Ô õmj£öÒpË	",‘	œD7Nnšù85ÏMV©—„ñÎgôºv£%ê3¢¡Q~·æÙêÈÞ­³nèSákód/t¢FA®+«³&}4’ŸÜEý
~y~“5ƒÃ`³Y™/.Ž6”Oü5
BÙÜe°‡À¯§ªä)uº[$¥·o‚
þÊì.ð=Ç-À¬‹9`îÿW†å"äò‘ÚZÔ^ò<^l3yèn çoBV€„úèÿ¾{Úò1k†ƒ_¸Pâ/èQç9U™ß?\UŽŒ:„á[¦ ¦zw=ÉŠ-Oéã8‚„o†T›K¾ÉpšXâöIPÓÖÉÚc2êT–5~µøºml»®§ìnçV£«ç®Sü`$ê­F,íj=†D¼@®Ä' @ý/ï¢Í™¸ŽdBUhFÞ(¬;ŸG±~,X&àÈ3J¶Ò»†°!éò;Ýsã†T,Ä&(ÐÃüÞg&§è» ªi#¼Œ·p­šé
@Èï‚=¾hmßÞ7ƒò½rýL=	å¦v!Ña‘ÙÔhÌb1ç-Hã·Æ¢Ùï¯6×+ÌÌÖº3WKZä7r4©´¶À	ÂLÃlÝöX€ã²Û˜oÂ×/™‰ã©8Åû±“Å¾…5a1+`K»_–$+ÙGð…ïG(Ë#Ï	Ç,-ˆÀ8t‚ x`;RoðŠU…{ÒcæQoú_½#}Ô&w½›ÿÿ|ÖE ‹ÁÛš0¹º¢.š-òLtªüH²½1¡£Ù“S‚ôíc_´°1bÆ{˜Nâ÷ÖpÊd³r¡¹Þ±ÅNJŒÆmq2–ìîÞ›Sqõldj–›.¼¡JùÊý^ýNµ¸1ÑßØ&ÝÍã?JÚÈ,—}ùï-7€Ö5"~xžÚáE6bÿNm·ÞrîÚb1u+¬Å_luãì à*p[}ÄÝü©…IîŠýDªÔ€ !Ve®ªHr‡ŽuÉM8Ê‘xÎ@Ò–à†õõ’ßg$SrLsôÓo2A°Ÿì$âÂªñ%%}ßdXU§›+É¢ÝD>Cæ¥SYrCFè‹M6!BNAÏ%Rô;ðˆ­E*“Š†>MRnîXþuÒN°ÕXŽ±zh}•ß:ÃxÕ$\ÀJmT*«5ï²ÌIxÜ„Åçé<À E$'‰úäÇ-Û"[:#8eXÝ’ŸîÖ±N…ïÙ½uöX²‹¹¡ôÝÕ[‹„»ÅÁTiß+'ìºÓ¢L7x„¢…dåk´Ó(qÀ V‰mLK]†¥Â¨!ÂYÞþPæ{¥vË×w¤¨õFë%½0éÊN0œìã™I]–!UöJÅŠ3ã*_ÑßÌ–æ™…F6ýxÔš?ÃaN
ÚÜ<Ÿä­ïÐìµXŸÔ9kkýÚ-††§“¿Ú ä]‚n&ÈFÉÔ`&Ò{é/¯Ü®r‘Q‰“~jôÎÿÊMÖìíÇ&G×)Í…¤›9ÙpH>zO_û§–ÄéR²¥-BÂ/D€yMXe_é8¶‹ïõ¬«iñ	©“â_8(õ`zCâÆeåé.@Ç@êmr†°oƒd†ÇîÎðœÝ¡rïñ¸5…›!ŠßÚ‰k¨†
$½°ÇÖTé!1ì"ïén"ÚÍ#Ë	£¬…›tmøCºø¼V™Ôyzàˆÿ—edÝYKh+*“^‹Ÿ>ŒNYcB°yþØSæ^·žû(â5‰²än2‡÷P Å™› (MÀË¹ÛNEÉÔ¥4Üu¯BƒŽ‹™¼‚Ú©õnÖ{>)›Uâ`8Jéô°i„gpÕð_ùÒÏ$±ä=04}°‚w RÒBžÚWJJ¼Gç! ŠF-Ôí»Û¼§ú÷dIµDÂº£ÊxjKºys™ôCW_JÂ	’î„Ä°$‹"}e«Á,O68‰@LþlêÚìa£,±´NÅóF›,yY4ãR¼†(›¦å+Ò0¦&–Þ`ÅDœ¾itz‰ÏCôñ8;Ëõ{RDŸ³ƒà¿z¯
K’Ñ#Â¸?y[ƒØ|§BÖ	ÝØ6Õ9'÷N°J¶Ä®¦½÷Dw]çaÈû±HþÁ¾z}¹×>þ›Â<ü!à`þ™°AjŒ±"/{ÊëVÓd…‘4Ö<wINÂ´Kš?ßCÖÏS·&!	ñ{¢)ÜíÚ1Mð[ØqÞ‹,¬*?ƒÀ.Ø•Ëúøb~]F–5ª q¼\AC8?b&F›ÃØ1b?ô7¬:özÃÜÈaßÍ¯¶6	Yhi3k‹Çv• R·x?wOÆãœ\Õ*„Ë|3å°çO\&Ú¿ûÔ\±ù1tÏ:¸‡>3{ÅÃõÙ]â=ðâJÃŠak¹„'¤r3¥ŠÖ¤Ô‹áRd±29(L:öˆ-‹ZvGæèP·9eŒË¶ñ÷ö§Ž±#ô”ç‹ìù&Ið£!r	Í°R-DÞ€‘xš¬÷tÖÝŠ°;DQ—!¸˜9Mvºdu1Çï|ùu?˜¦§oùó
¦RÝò½.ú0°Ò1BØû³l”³ØÈ»þœßLhØþü;$áÁºN4ŒC…j8ô‚ò¾„/¶•Ð`)+ÅHujz÷?éò\aò‘8yï…h½¼'…ñÖU'Zç÷§;f†Ãð7R:QÉOTÄUNpü¡=:'l!`»îÂ6Cû¹´‘—Ež<	¨Ýû@Ñ³š±žy¨)™ƒO7¦³'6Ü\ÝÇÙ97ô¨Ê33£ùÇ­¦ÇÊf‹2
fÚ~—”i†á—óÌu’µ>NW©ÁxÔ`Nê
 œŸz·3D“òÞ³nWYoPt•=J^2h„ÉXo; ‰ËË^›>E÷ˆHÏFSÊBÄHŸæ©xmZ|ÕqûO»äK«ÂcS¤ö!†¥7^šˆºÇ©…QüIw­<:Rd¾7¡¬“LËý™‹ÄUT¤&jo½ÚÏ– ì¡Y¢p5‹ü1ùÞ‹œõrd'"ž)fÙ=‹£UXà[ƒõÐvc®Â°˜Z‡>¨,±ìî¿ØÇƒ‰Ãû”ì¶	Q{qÂ;òyJOf}UiÛ5¦ì+	u‹rc'
Íf—e—Æƒ¯§‚'R—JT®†ûééJ²àMi_ÙŠsíA¸‰‰ÏïÌ[ö¦ëd<oë÷?WVs›3âò‚KQíåwLTy] 4½·œ—˜-bÞ…±ß3—zÖV«>8u«Äd£Ýd‡Ô[Ÿ› ±Ñz(ÍlqŒ–ŸúP‹¦Z7AŠÒ¿ê9«TÓ-ú÷–
©´’‰F=•™¬xñu”Ž(ïøoùò-C43)_¶@ÇêìEÛ&l¤=ï=/
J=„^ø¸â&KìÑJ‹3Õ<ê­T§Ÿšï;AÑØ·è7ÝÌþ.¿•áëŠŽ†ïÍ÷NGÝ·Á"¯K\·¹q]a¡?0²N]¾5dHœFïmW®ï]‰ÉÊ§­hTcõö—ëAàšæÙƒPó¿;¢hyÇ»áE/u¼ËGàùé:×„0”TTO4"­L™-öªŸ¸F&¯²ñqrÚ~#µ¦RábüŸ §ÐÊ†´†²Y±’Í&_L‘2I©ûD#7ïDÅøiÛ÷_éÙ¯H:AÎ0äZ™å¿t°â÷†…xLüª&Ap¯òùôÞoôêÃØÎæìùØusx­»¿îkÓ9%¶Ã>I=mÓÕnGLƒèÎÈR…kÆ„èÚãszi£{ÁàÞ~#x&Ñ’7¡kz!bájZ²pµqiE¹zn’*€›i!c°í“„¢bMW‚DB¤!øBðöqšž8è±Â5ô{‹LuÌw£:ÌåÙ•¶ Ô§û’°—œBò»Œ|Î™‹¹pïØ^Ètö3‚·¤©˜C_Á®ÃèÕßŒv”à$®•sv”ªÐŒóç+Á²Â¸yé›ýfúûRê*%Ù %ô™êÌSÉXX1¸= È	Ë¡u’†Ëö[n«–=Rs~CÓ¶Â%’.ÆBüòt[þ;t“ú«ÝÂÍC\·«7¦"E?ŸŠtôbÃ†*¨TC€Œ¿¢Ù²
•‹‘XKZMÿqÐ·ë,Vu
32Ñê(K,g¸ ¨fJ¡«aæm·§yìõLÿwZC@1F<­£Ç„ADtÚyÄ´[œMUýÜÔkÔ»ï—wŽ³×Ý1n‚yŠ|LRðÛ{"J¡Z…pZ)o$‘ç¤jþåmL7îkâ=¼ì7 Ç;~;9”é”XÅá3ÚÓIwñš1÷¶IÛ’~D+²Q×ÈÕr6½›âUöo]Äæ,TÍorÔñè”j¤cpíÙ,IŒzÇƒYÂD+¢ ƒ‡„êTkÉ"+˜	n¸Ú©ï
×«‡cß>'Úë«s|ûm_	‚a}&‹<|4ƒmÎö¢áU@Ê@ò?ˆ	ÍXÑF	Ø=¾q ÇBFÇA$ü+>Qûaö|rà÷à–PÐÒãxjjdYæYH¦*Ã54÷®›mÆ—Ñ˜Z€¯ÌZWè Þ>EÜbNèÃ¬#"z6ÕéèK’«®§y=·Œ-ú³`Õr|«qz‰$¯KÿÄAéÚÌo6,ê+§;„¯i Î‚©…¥Ú‰Â<ßtñ¹¡ˆ¨fÒÔr‰Wg©W ¯èµ2[ØÑ™Gž²=$	C#Ù`®ÅØº›”Ñ-nrö¹Òaeh»þG¿Dq.é+IÉæ =Òæ®ƒÂ´qÅÒ§ŒÉá4‡su W¡‚#óÝRìË–T­@g÷tO ä¹Yøv†RM»VGt¢•ñhUÁuÎßÕlïe•³§„AÖ¬}êùæÁ‚Õj‚ß€hIîKVœh.†y2×8ˆ‹z…S?`wÇ<Ç›5óìÒdÐ^«/õ^%N²`g91µ§v¼Œ§›oCÀ.û‹©ù-TË«ª¶z9;«	Û_Öé„ÓB‘Û‰lGoÌ¿‘ìB5Ø‰±E;Ô_àž¬ï¥í·’Zý3yý¤Þ¾w/¦,Ó4²\YiŸLñä6œ˜*+¬ÕËP¿f¢øŸOçT›~þDÃ’qì„v a*{wCx=íkÄ‰…ÇÏsÔæMÎiÉ$•Ü'oq‘"Æ÷í©½¯¡p3î¶¾²¶‚*<¤=ë,¯æcPŽ×#ñ–fÿÍ7è¡¸KyTîÛ=è!•I•™&eY:‘Y( 2gH*â_ºA%0gŸvŒË%f%_ŠÒ'ÀÌUÇjkÝrjï r]Í´Ÿt‘½Óåj²ÃÌj—Ñðyºð~$xuçMlpã	}K¼PY
_¥À…[obÄÈ×æÕß½°‡  R>&ÃW´ä3‘W0Î{Ä4àr:K
ÅàYÐ×fðT©=z*TOõq ¡zL+ý¢É}ÞæØÂ÷tœ?3Öï›/_tCª`÷ôûibÏ#‡ØEzeÊ¢Ü¡bNƒ¯÷läÏ€N˜\e˜¯ÛžßÙ"åŠý×¥ó
s01º²ãtƒŸ ä¦ï-Þ ¯ugÝª½0£•«´	¼-ü®oKgOŸ²êwLŸÊÕÝÐö\0‹Vü_Jf/€úE_ï„"ÖïDl-O“À‚XŒqú«v[°bùÉê-!²#ÚMÀØÛr°Ï³Wó”è~tJšXšýfÖ{Í»kAPâÈj{˜(F~«'Ê2!ê Éaz»õŽÝ™cyKóô/&Ø'KN\Ì¡-WKæí¿â´ÏÃ}
ƒÍbÙ™Gü~Wòê!$ÎÖAé¶Ê›J`Eh&ðñ‘¢E.Ñ¿ÎU"æc}Ê¤ó´ó^•}"+¼HWHK5ÍÍ'’Yl^”ŽøO J,TÜX¯d4kXA‰fÄ’KØMAýkl°pôeôeç÷“dý[¤ÛŒ«`‘t*z– þûñ„Ç(ñêžÖ=‰Ó_ ­Îd´ÉEü'k( eH ëçlçÔÈ.ä7â0)!ÙÕý+ÛÍ/Èµ¶Ì#˜Ž«v¿bV0&¼8.LbRò
Ì:9iq¾°v‚É”Ô¨£ÁÒÂõ¹~/žÀ®`•ã×¬nK;…eRñJrhªiç·–â!TF×ÚÑmüÔYnU™Z#Rú:~´¶ÄåÿjÁGe^qØálâ»a ZT5@«¨í)Qó¼ÂÈNº\¯±i„] SV9«Cyz”÷¥‘—}Þ¢Åìì*4ÄÝUÔøPÇöÕ¿k#8t•E{EeÂâ#8s”ý”‰LöµÝù-i7„JXŒ¼Ô§/cÆCÔNŠ×¥0¬ÁH20¯|Œ=}z
ƒoµYÆ$Sò»L•üFŠ¡èç˜š¹.N{5×Õºö—û£¥£ZožR7¬)ð^›isbŠŽ”hþ3V‡ü»é–|+‘£¾÷‚È\ÞØÉ¸åÕ¹þõ©ÇìÇh¨¦íÑN¦æhc¤Q;y±ÑòÖ.ŽÒ	ŠmÎÜç×¹ÅVŸüc}ÇX¶ðyÀÚº"u·±ôþ@ó@xx"³Œž7(n>f\Õ)yãvë»
s~“+œëó@nîx†N›ó•±U’·£@Íßúã‘¡³JF^âpÔÁïC½þ«Tœ†úýê°ÃT>ÎÕ¢þF6ië)r½¡BÒE_MæOks.ôhÌ†`üÍÊéS®NÄ§HQµ8öTätÌùÅ~°÷ó7=dlp^Å­[a›S¢ñðÂtE-óYÄZ"ÖÎM+0ì´=–Ïœ·4­5|éBr»§;‘f¸î5¦êy˜#qX$ÜÇ®goÌXVýâKZH)Rýk(DÊK"_â©g³²²e3‘ùÙå¼nî–ò¾®ªÌJ|l¯xÒN!kTƒ]á¬ÏÅ‰’mø5ë‹Á¼Q}°F›œÊ¡R'ƒò÷ Ï”Í±ÄZ®!’g­YL%Ë6 >ƒÒ5«Áÿ*–îÌc ]kgÐ›*ÜŸ.×b+F²¥’êHæëEîâÆú‘ðÎiñGååœþ,Dô4sõä_Èâ¨—<ž2½TœÐ9ÂÀ–‚~t~*dÍ5
YüÖU±ËïÓÐeI uÑ”›ôn(eB¢úÉx0ê•Á?âïpÁ‹y‹/-d‘±¬Ô'7 —II$,Þð•µ3zx4* š¸VèxF ’‹äÿÏ>­‚aŒŽ¡|óÎå†mYLqË¨½Þ3 ½¤!”–f–VGu’¶–#t=eþµÀc¦†ÕÃ®õ'µÚú:Y´w–jr1g0œ²5po,ð2‰¶nÆ\:Uy=@þï8qqð@8Ö¥ÞÔÇæƒÒ÷#f:<mò>H*¦mTµ‘<!~Ø!F¶ÂR]^k^²~€¹‰Ñë·×Ä®ŠƒaˆÒ¼2e[ÃDñŸ™±rÄ#ÛùÍ£7%0‰,X•ÃA"—ËJPVÉLé|¶)¡oU£·_ÀiÕÅb%*H†‚CwGy¸POôé±Å°›¸^x~¢#(´9â5áþ*š±Púj¦ßµ-–uÎ®‘“_w pâ»`ƒ•Æ_ è`ä>Ic†‡+‹±=óßãøîš9ÍÝ‹BÆ¸¢×þLy^·Þìœ‚á•!?¯ŸC[{§6ñåv	†–ÏËàLg|8×iDññ‡GÐ]èpc?ÅuY¨Á$çónÄË÷¦—I;Œ¾^µì?\»4Û–ø¬YçR³>ÆÂlúÌ4ªË÷RÚ)ÅØÓ\ŽÎw“Nƒ$ž“ö;1)Ž‹Ò–Æ—€ƒ¾ÒÆÃÌGþuÙR¢îx‹NëÁ‚Ù/$#];@[½¡¶þ‹*yºZÆ÷Ø|c°ÆwJý<Ö.L_þÌŽ¼Ð.‚H*}£¶Šçâ1CDiU"ºèù#çxØ}î=kuI,úû¶ì¹Œ„Æ®óŒCéÌ¥ÿG–%¢«”„çf	èNká´‘ˆ C*õ^Ö’Lí9×Éþ©u9 ò©JÒÝV¡èf¾+ó¸òœ6v^úŠ·xgÚ2¬Ÿ¥z>ÉÓ¯¦I®âéÈnž1‘tÅIä°úQ‘Ý§x•ØíÌH'è4Î T¦d.`5#³¿MmUpUþÌ§þE“&ÒUdÔÕ—Y×VÔ§ÿ—O&:j›%È=¯dÎX[3<±€ŠÓò¶¹OØ!5y+àd¬IH•HðµËÎ¡‡CK³–N¸1Ÿ÷º¬Çt§ñR*ˆöçguwÒ-¸}'ª:9q¤æxÎ!¯efm.hwVÔVÊï5{ß‹Øö5·­¶“3øÅòM'Ürb%BY®Ä^ë[(\^–}¨´”üÊ)Ÿež¿àv›Àå<5ªä§’QÎÂœ÷3yEí›Ã€¹áWÁc¤=i‰Ú/ê4qSI&ºËc|Oœ“
-©ù:šÂZ§”–½=\FŽ–‚Ýøôú#–o§¦¯G‡ D„›‘Ì!Óà8Ö™£tÐÏ>“#Ï‰QzßçÀ/N«'Ç2gHrÂ(xPs£Óš%¦4y†ù«ëHñÑ]d–ƒÕ‚›Å¦èüše˜¯´®_}©Á^Ý…Û•ê¯ŸÂN.q+QAK‹ò4S÷vjjýþ:ÜórûÜ¥DJ,\é"dÍUÏÊó—Ôc“ºsÉÎ¢Î'j2
ïüÒ›íùe¦õC€âÖ¬‘òëé~—ow³š<Î§.ÒÈƒˆ1®I8ŽSYÀ`F^kóÃ”Ï7¹Ž£!cÞÍ^h½JqWb<* ¬ÕJ½$àªHhžŸy+Æ|h‘èov)J8œÕ	ï“ó²>ƒ§²‡¾E•Š¨bQúÈí¢ÉïŠ²&¡Oþ#l4çåˆ>zŠ¹ÛµâèéYF`>„ÂåÔøÏ¨½ãÛñ”)ž3pwÜoE ïÌ²ä'ZÁÆ>Át–Y
–CYÉêÜÁ©§ê†l²&ò«xÊmB—.—JSÕŠòyÚSt³í="²–Iñè#JŠZAT8Ô*0(º0=O££õÖˆFK‹_ŠB7)Kú.ÈuéËù¸oT&èü¤ß~J¹|×-=5(ë‚w6(qëÿÚ;ÇÇ9¾lœº.½<áHe]ësM‹K¡¹IN¥ü|Uìà~Èer³?sòŸ€ç·¦Æ€Íç·mé·æ¶…i‡üPŸ5«·™âÒ±ÌÂª·  ³ZIÔx‚¥UÔ/ðÏ¼¦ÿaJb-G‹eÓBœ‚Âü¾”==l¦N–\;Ã²„ßÙ*žŽ+ÿØO¹
Ñß­\I„É‡òñsgµm0Ëí-ä½í8SäS8õÍOÏ†¼ä¥V-ôûæq¯€ §6š†Â¯é(Ú¹µ•DäV+Ô_„Ë<Óú‰£™þ–]¾æ:m\ÄÖ‚[ã>)š š=6×ö´¯sªÿ,ÙøhKbmÛcÌß5Vì¹õ¥'»eÂÅðh“‰-5_®ÃbÂ}ÇK±ðÂEä—µF˜‰À¢×¿¯óÏ:¥Egã,é8ÈIí_ZuÞ­òÁ(±óFI'3¾¶a®…G´„À¾Ê(Kãd+ÿß±‘”:ý¨lw     §B¼.ä!]·u¨Í®_ìžz¦°Í¢»–˜“[?‘ ¡œþ¿™ã¶éß    
YZ