libtalloc1-3.2.7-11.2.1>t  DH`pIå̸/=„<M/q8:<+KxIbFQ/t3|m*5;n y醎+}؊?9Uٴ5O$=0FGR٨?q*J"%qjMW䆉<^*?AP@}(=>A:?d   / /EKP_pt v x |     (89$:?>F@NFVGlHpItXxY\]^bc8defklzClibtalloc13.2.711.2.1Samba talloc LibraryThis package includes the talloc library. Authors: -------- The Samba Team Source Timestamp: 2080 Branch : 3.2.7Iå,kimballuopenSUSE 11.1openSUSELGPL v3 or laterhttp://bugs.opensuse.orgProductivity/Networking/Sambahttp://www.samba.org/linuxi586/sbin/ldconfig/sbin/ldconfiguIå 0eaba6dd6f098ca015023975cebcdc47rootrootsamba-3.2.7-11.2.1.src.rpmlibtalloc.so.1libtalloc1@@@JJ@@@@@J/sbin/ldconfig/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.2-14.4.2.3I2III1I@IHIy@Iy@Id@Ia@IVISuISuIBR@IBR@I?@I?@I6tI6tI3I3I1.I.I.I.I.I+I%Q@I%Q@IsI@IP@IH@H,H,H@H @H @H @H @HHH@H}@H׈HHHBHe@H|@HAHH@H@H@H@HHc@H@HnH@Hz@H4@HsVHnHkmHkmHj@Hj@Hj@Hj@Hj@HhHhHcHb3@HXHO@HNlHNlHM@HI&HG@H?@H?@H=I@H=I@H;H6H6H6H2@H.H-w@H-w@H-w@H-w@H*@H*@H*@H)H$. + Fix Coverity IDs 456, 574, 592, 606 and 607. + Fix net rpc vampire. + Use the same prerequisite for DDNS update as Windows XP. + Make "lwinet ads dns register" honor the "interfaces" parameter. + Fix extended DN parse error when AD object does not have a SID. + BUG 5888: Fix PNP_GetHwProfInfo(). + BUG 5957: Do not abort rename process on valid rename script. + BUG 5898: Fix 'net rpc shutdown'. + Fix duplicate installation of cifs.upcall. + Fix _srvsvc_NetShareAdd segfault. + Ensure consistency when reporting password complexity. + Fix _lsa_GetUserName. + Fix access check in _samr_QuerySecurity(). + _samr_DeleteUser needs to wipe out the user_handle on success. + NetGroupEnum_r needs to handle servers with no groups. + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + BUG 5908: Fix internal change notify on shared directory. + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share. + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support and GPFS. + Add new VFS module to analyze SMB traffic + BUG 5928: Fix 'testparm --version'. + Have uppercase_string return success on NULL pointer in mount.cifs. + Make mount.cifs return codes match the return codes for /bin/mount. + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs. + BUG 5778: Check if strlcpy and strlcat are already defined. + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy. + Fix a potential NULL deref in found by the IBM Checker. + Fix an uninitialized variable found by the IBM Checker. + Fix an unlikely memleak found by the IBM Checker. + Fix some missing error handlings. + Add workaround for domain joins using a netbios name which is different from the hostname. + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. + Fix trans2findfirst for the large directory optimization. + Fix checking for presence of cups-devel and correct cups-devel test for HAVE_IPRINT. + BUG 5805: Don't close stdout when calling setup_logging multiple times. + Fix setting of trust password using 'net rpc trustdom add'. + Fix several issues in vfs_streams_xattr and vfs_stream_depot. + Return an error instead of crashing when no realm is given (trigerred by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and "disable netbios = yes"). + Fix the new vfs_smb_traffic_analyzer build for static links. + BUG 5901: Fix default for streams_depot location. + Fix several build warnings. + Delete the krb5 ccname variable from the PAM environment if set. + Fix circular dependency error with autoconf 2.6.3. + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at compile time rather than install time. + BUG 5906: Fix Winbind crash when calling 'getent group'. + Fix logging to syslog. + Allow SYSLOG_FACILITY to be modified with a new configure option called - -with-syslog-facility. + BUG 5909: Fix MS-DFS on Vista clients. + BUG 5944: Fix starting of nmbd with "socket address" set to "". + Fix segfault on startup with trusted domains. + Re-add "winbind:ignore domains" parameter. + Avoid freeing fsp twice when opening new_file fails (Debian #431696).- Fix the conditional macro to start smbfs by default; (bnc#456469).- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.- Use %__install macro to install files with the right permissions instead of cp.- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.- Update to 3.2.5. + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients; CVE-2008-4314; (bnc#446971).- Update baselibs.conf.- Fix circular dependency error with autoconf 2.6.3.- Fix the dhcp hook script and support CODE11; (bnc#442335).- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).- Make cifs-mount depend on keyutils, keyutils-libs packages as they are required to support dfs and kerberos; (bnc#432494).- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).- Change the runlevel description for winbindd to use "Microsoft Windows" instead of "NT"; (bnc#446154).- Directory/Filenames get truncated when 3.2.0 client acesses old server; (bnc#432471).- Add SuSEfirewall2 services config file to open Netbios and Samba ports on post-10.2 systems; (bnc#247344).- Remove unrecognized configure options.- Fix the pam_winbind build.- Delete the krb5 ccname variable from the PAM environment if set.- Move the nss_info modules to the samba-winbind package.- Add version branding for CODE 11.- Restart smbfs even with the traditional network setup; (bnc#425058).- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro if available.- Only call the fillup_and_insserv or fillup_only macro if available.- Use package names instead of macros for cp, mkdir, mv, rm, and grep or instead of the full path to the binary for ln, find and xargs.- Introduce NET_CFGDIR to fit the needs for a differing location of the network configuration per vendor.- Use path macros for cp, mkdir, mv, rm, and grep.- Only use SUSE rpm macros and SuSEconfig.permissions if available.- Adopt samba-vscan to build after the change to the bool type define.- Fix winbindd crash in an unusual failure mode; (bnc#416598).- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.- Update to 3.2.4. + BUG 5590: Fix binary stripping on older OS. + Fix linking of cifs.upcall when nscd_flush_cache() is found. + BUG 5052: Allow inheritable permissions. + BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback has an IPv4 address. + BUG 5698: Fix non guest connections to shares when "security = share" is used. + BUG 5729: Explicitly allow "-valid". + BUG 5745: Fix Kerberos authentication with (lib)smbclient. + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + BUG 5761: Fix opening of mangled directory name (resulted 'is a stream name'). + Fix the wcache_invalidate_samlogon calls. + Clarify usage of "force create mode". + Write times code update. + Fix Winbind crash. + idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure. + Fix build warnings. + Cleanup of DC enumeration in get_dcs(). + BUG 5710: Fix changing of machine account passwords. + Fix several build warnings. + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + BUG 5736: Fix Winbind crash bug with trusted domains. + Correct the netsamlogon_clear_cached_user function. + Fix handling of MSKRB5 OID in cifs.upcall. + Fix build warnings in cifs.upcall. + Change default install location of cifs.upcall to EPREFIX/sbin. + Enable building of cifs.upcall by default on Linux. + BUG 5707: Do proper error handling if the socket is closed. + Fix calculation of useable_space for trans2 and nttrans replies. + Fix Coverity ID 587. + Add mapping of generic bits when setting an NFSv4 ACL. + Some write time fixes. + BUG 4516: No IPv6 on Solaris 2.6. + BUG 5571: Fix group memeberships in Winbind. + Fix cut and paste error in quota code. + Fix display of POSIX ACLs. + Avoid a race condition in glibc between AIO and setresuid(). + Add missing become root for AIO operations. + Fix logic of tsmsm_sendfile(). + Fix an errno handling bug that could lead to an infinite loop. + Fix handling of arbitrary new PAC types.- Create a link to the html manpages so that they can be accesses in swat; (bnc#426182).- "Password last set" timestamp update from admin pw change; (bnc#420407).- Call mkinitrd_setup during %post and %postun for package cifs-mount; (bnc#413709).- Update to 3.2.3. + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789; (bnc#420634).- Update to 3.2.2. + BUG 5592: Fix creation and installation of shared libraries. + Fix replacement of random seed generator. + Fix a race condition in idmap_tdb2_allocate_id(). + Fix unix_convert() for "*" after changing map_nt_error_from_unix(). + Make sure to always set errno on error path in OpenDir. + BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. + BUG 5686: Fix segfaults in libsmbclient. + BUG 5692: Fix coredump in full_audit.so. + BUG 5696: Fix "force group" in setups using Winbind. + Rename cifs.spnego to cifs.upcall. + Fix segfault in cifs.upcall when it is called without any arguments. + Fix coverity ID 594 (resource leak on error path). + Fix assigning of primary group memberships when authenticating via Winbind. + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. + Include stdlib.h to get a prototype for free(). + Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. + Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). + Add add c++ guard to netapi. + Fix compile warning in cifs.upcall. + Add "dns_resolver" key type to cifs.upcall. + BUG 5688: Fix orphaned LPQ processes if socket address is invalid. + BUG 5684: Fix removal of dead records in tdb files. + Fix coverity IDs 595, 596. + Fix smb_len calculation for chained requests. + Fix output of test status. + Fix smbclient connections to older servers. + Fix a fd leak when trying to regain contact to a domain controller in Winbind. + Fix permissions on ctdb databases. + Fix passing back success when a function had in fact failed in two places. - Add --enable-static to the configure options to get the statical libraries installed by the install Makefile target. - Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.- Set Required- and Should-Stop in the init info part of all init scripts.- Fix libsmbclient to older servers; (bnc#402776).- Update to 3.2.1. + BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. + Update the section about net conf in the net(8) manpage. + Improve processing of registry shares. + Fix listing of registry shares with testparm. + Fix several build issues. + BUG 5578: Fix error from strlcat. + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. + Fix bug creating files using DOS clients with mixed case files. + Fix uninitialized variable. + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. + BUG 5570: Fix bogus error message during AD domain join. + Fix trusted domain handling in Winbindd. + Fix build warning. + BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. + Re-activate 'acl group control' parameter and make it only apply to owning group. + Make ntimes function more like POSIX and allow NULL arg. + BUG 5512: Fix alignment problems on sparc. + BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. + Fix a race condition in Winbind leading to a crash. + Fix a segfault in base64_encode_data_blob. + Fix some uninitialized variable references via ndr_print. + Fix error message if trying to join with a non-privileged user. + Fix setups using "include = registry" without [global] settings in the registry. + Fix "net sam rights" on domain member servers. + Add documentation for the vfs streams modules. + Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. + Allow SID with 0 in subauthority to be converted properly. + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. + Fix realpath() check so that it doesn't generate a core() when it fails. + Fix overwriting of winbind logfiles. + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. + Add broadcasting of the debug message to all winbindd children. + BUG 5635: Fix updating of printer queues. + Release still reachable memory if the smbclient context is freed. + Remove trailing withespace from wbinfo -m which breaks gdm auth. + BUG 5540: Fix "set primary group script" user option substitution. + Fix regression in Winbindd offline mode. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Allow %u parameters for print job username.- Fix a race condition in winbind leading to a crash; (bnc#406623).- Use the configure option to enable debugging. This fixes the creation of the debuginfo and debugsource package.- Fix emptying the printing queue; (bnc#411493).- Remove trailing withespace from wbinfo -m which breaks gdm auth.- Add a recommendation to the samba and samba-winbind package to install logrotate for openSUSE 11.0 and later.- Include mkinitrd scriptlets.- Allow %u parameters for print job username - use advanced sub; (bnc#374389).- Update to 3.0.31. + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not remove the unix domain socket used to field client requests. + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend. + When allocating client buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. + Memory leak fixes in DC location code. + BUG 5533: Winbindd fails to cope correctly with a workgroup name containing a '.' + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. + BUG 5551: smbd recursing back into winbindd from a winbindd call. + Fix usage message for "net rpc trustdom add". + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + BUG 5578: Bad (non-Samba) use of strlcat gives error. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Documentation build fixes. + [DOCS] Fix use of smbconfoption in samba.entities. + Return NULL in sitename_fetch() if gencache_init() fails. + Use machine account and machine password from our domain when contacting trusted domains. + SPNEGO SPN fix when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix joining NT4 domains. + Don't let winbind getgroups crash when we have no gids in the token. + Fallback to level 24 pwd set while joining. + Fix joining w2k domains in "security = ads". + Fix pam_sm_chauthtok for storing modified cached creds. + BUG 5202: Re-activate "acl group control" parameter and make it only apply to owning group. + BUG 5531: Fix conversion of ns units when converting from nttime to timespec. + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient. + Fix a segfault in base64_encode_data_blob. + AIX build fixes. + ENODATA is not defined in freeBSD 4.6.2. + Don't reset password last set time just because the expired flag is set to 0. + Fix usage message for 'net idmap dump'. + Miscellaneous man page fixes. + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd. + Fixes to man pages. + Add tdb file documentation. + Ensure that winbindd trusted domain children keep primary domain online status up to date. + Update cached creds during password change. + Ensure that Winbind always uses set_domain_offline() to mark a domain offline. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Memory leak fixes.- Allow authentication and memory credential refresh after password change from gdm/xdm; [bnc#395578].- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.- Call the libsmbclient testsuite from the %check instead of the %build script.- Use machine account and machine password from our domain when contacting trusted domains; [bnc#404667].- Add a %check section move the test of the PAM modules to this section and add more tests.- Add a recommendation to the samba and samba-winbind package to install cron for openSUSE 11.0 and later.- Use a variable for syslog and add missing $remote_fs dependency for Require-Start in the init information of the init scripts.- Update to 3.2.0. + Support for establishing interdomain trust relationships with Windows 2008. + All changes from the pre and rc releases as noted in here earlier.- Move header files from the devel sub package to lib*-devel.- Work around bad use of autoconf interna.- Build Samba with debug symbols to get working debuginfo packages.- Add /etc/openldap to the file list and not only the schema directory.- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster booting; [fate#304967], [fate#304965].- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to 'Network/DHCP/DHCP client'; [bnc#400467].- pam_winbind: Update cached creds during password change; [bnc#395578].- Update to 3.2.0rc2. + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. + Make sure we take account of the large read/write SMB headers as well as the buffer space when allocating cli buffers for large read/write. + Fix tag as a goto target we were not reinitializing the array counts. + BUG 5451: Fix for using the correct machine domain when looking up trust credentials in our tdb. + Fix spnego SPN when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix pam_sm_chauthtok for storing modified cached creds. + Fix joining issue in setups with "config backend = registry". + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting for TCP connection timeouts if no LDAP server is available. + BUG 5502: Fix security=server. + Fix coverity IDs 552, 553, 570, 571, 572. + Shrink ldbtools. + Fix reset of password last set time just because the expired flag is set to 0. + Remove support for symbol versioning in shared libraries. + Fix autogen for autoconf 2.62. + BUG 5515: Fix empty input fields in SWAT. + BUG 5516: Fix saving of the config file in SWAT. + Fix winbindd trusted domain child not keeping primary domain online status up to date.- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds; [bnc#395578].- Don't reset "password last set time" when unlocking an autolocked account; [bnc#382111].- Fix winbind sigterm handling and make init script send sighup to all child winbind processes; [bnc#382027].- Fix bug with winbindd trusted domain child not keeping primary domain online status up to date, merge to trunk from reversion 1801; [bnc#373560].- Make winbind children reopen logs on SIGHUP; [bnc#382027].- Set only CONFIGDIR and LIBDIR while make everything and install. No longer set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].- Update to 3.0.30. + Fix for CVE-2008-1105. + Remove man pages for ldb tools not included in Samba 3.0.- Fix vulnerability that allows for the execution of arbitrary code in smbd; CVE-2008-1105; SA30228; [#391168].- Follow the rename of libtdb0 in baselibs.conf.- Rename sub package libtdb0 to libtdb1.- Update to 3.2.0rc1. + Move the posix pending close functionality down into the VFS layer. + Fix activation of registry globals in loadparm. + BUG 5452: Fix smbclient put. + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. + BUG 5456: Fix missing echo if we ^C at the prompt. + BUG 5464: Fix timeout in winbindd. + Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. + Use more error-prone form of testing dm_destroy_session() return code. + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. + Fix wins null pointer crash in nss_wins module. + Fix lm session key length in _netr_LogonSamLogon. + Add -f switch for DsGetDCName() example and be more verbose on output. + BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users} + Fix the DNS Update option of "net ads join". + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). + Recognize and allow longer UA keys in winbindd_cache. + BUG 5436: Fix signing problem in the client with transs requests. + Fix a valgrind bug in the new [ug]id2sid cache. + Fix Coverity IDs 565 and 222. + Fix dfs_Enum: In form_junctions, correctly check for malloc failure. + Add support for symbol versioning in shared libraries (can be disabled with - -disable-sysmbol-versioning). + Add new function wbcLibraryDetails() to libwbclient. + Cleanup size_t return values in convert_string_allocate. + Fix Kerberos support for CUPS 1.3 in smbspool. + Fix printing with Vista. + Fix deletion of files when they're in use by other drivers.- Update to 3.0.29. + Fix a crash in tdb_wrap_log(). + BUG 5267: Fix for nmbd termination problems when no interfaces found. + BUG 5326: OS/2 servers give strange "high word" replies for print jobs. + Remove MS-DFS check that required the target host be ourself. + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. + BUG 5095: Fix the enforcement of the "Manage Documents" access right. + BUG 5460: Fix MS-DFS referral problem in server code. + Fix bug in Winbind that caused the parent to ignore dead children. + BUG 4235: Improve compliance to the Squid helper protocol. Original patch from Pawel Worach . + Prevent cycle in Wibind's list of children when reaping dead processes. + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. + Fix client connections and negotiation with Windows 2008 DCs in member server code. + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). + Re-add samr getdispinfoindex parsing which got lost in the glue commit. + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. + BUG 4901: Fix behavior of "ldap passwd sync = only". + BUG 5317: Fix debug output from domain_client_validate(). + BUG 5338: Fix format string bug in rpcclient. + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. + BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. + Fix signing problem in the client with trans requests. + Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. + Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. + Fix trusted users on a DC that uses the old idmap syntax. + Only have Winbind cache domain password policies that were successfully retrieved. + Fix alignment bug when marshalling printer data replies. + Fix DeleteDriverDriverEx() checks to prevent removing in use files.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Expand baselibs.conf to match pre SUSE 11.0 products.- Remove obsoletes and provides 3 for all packages and systems.- Cleanup the use of the suse_version macro to achieve consistent defaults.- Set CODEPAGEDIR while make to fit the install location.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Package man page files independent of the used compression method (gz,lzma).- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva in the OBS too.- Add a script to restart smbfs if NetworkMangaer gets an IP address; [bnc#373075].- Remove all references to the obsoleted samba-pdb package.- Compose the BuildRequires in a more flexible way to fit the openSUSE build service (OBS) requirements to support different operating system targets.- Use _libdir macro instead of a local define of LIBDIR.- Remove PreReq /sbin/ldconfig from the libtdb-devel package.- Install the shared libraries with the same name as used as soname.- Update to 3.2.0pre3. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Support for IPv6 in the server, and client tools and libraries. + Support for storing alternate data streams in xattrs. + Encrypted SMB transport in client tools and libraries, and server. + Support for Vista clients authenticating via Kerberos. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New LGPL Winbind client library (libwbclient.so). + New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. + New client and server support for remotely joining and unjoining Domains. + Support for joining into Windows 2008 domains. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing.- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.- Remove obsoletes and provides samba3 for post 10.3 systems.- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the shared library packaging policy for post 10.3 systems.- Update kdc dns-only lookup patch to IPv6.- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym links in /sbin/; [bnc#380693].- Enable the build of vfs_cacheprime and vfs_readahead modules.- Update to 3.2.0pre2. + Add library for access to the registry configuration data. + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + BUG 4308: Fix Excel save operation ACL bug. + BUG 4801: Correctly implement LSA lookup levels for LookupNames. + Add new option "debug class" to control printing of the debug class. + Enable building of the zfsacl and notify_fam vfs modules. + BUG 5083: Fix memleak in solarisacl module. + BUG 5063: Fix build on RHEL5. + New smb.conf parameter "config backend = registry" to enable registry only configuration. + Added support for IPv6 client and server connections. + Remove unused utilities: smbctool and rpctorture. + Fix service principal detection to match Windows Vista (based on work from Andreas Schneider). + Encrypted SMB transport in client tools and libraries, and server. + Added support for an SMB_CONF_PATH environment variable containing the path to smb.conf. + Various fixes to ntlm_auth. + Correctly handle mixed-case hostnames in NTLMv2 authentication. + Add Winbind client library. + Enhance client and server remote registry access. + Add client calls for remotely joining a computer to a domain (including calls from "net dom" command). + Add libnetapi.so library for joining domains including sample GTK+ app. + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC. + Various fixes for DsGetDcName and conversion to IDL based structures. + Add ads_get_joinable_ous() to libads to get list of joinable ous. + Add get_logon_hours_from_pdb() to comply with new IDL based structures. + Migration of the entire client and server DCE/RPC code to IDL based structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON. + Started migration of client and server DCE/RPC code to IDL based structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG. + Use IDL and autogenerated code for samlogoncache and Kerberos PAC handling. + Add remote join/unjoin server-side implementation. + Import the Linux red-black tree implementation. + Support for storing xattrs in tdb files. + Support for storing alternate data streams in xattrs. + Implement a generic in-memory cache based on rb-trees. + Speed up the smbclient "get" command. + Add the aio_fork module. + Modified libsmbclient API for more easily maintaining ABI compatibility while adding new features to libsmbclient. + Refactor Winbind internal parent-child interface tables to achieve better unit testing support. + Networking fixes to the libreplace library. + Add support for DNS Service Discovery. Based on work from Rishi Srivatsavai . + Don't restart winbind if a corrupted tdb is found during initialization. + Add share parameter "administrative share". + Improve error messages of net subcommands. + Add 'net rap file user'. + Change LDAP search filter to find machine accounts which are not located in the user suffix. + Remove smbmount. + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of a file. + Register the smb service with mDNS if mDNS is supported. + Add smbclient support for basic mDNS browsing. + Fix padding between Winbind 32bit/64bit client library in the request/ response structures. + Added a syncops VFS module for file systems which do not guarantee meta-data operations are immediately committed to disk in stable form. + Additional portability support for building shared libraries. + Get Samba version or capability information from Windows user space. - Add new sub packages libnetapi0, libnetapi-devel, libtalloc1, libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.- Fix build with glibc 2.8.- Added baselibs.conf file to build xxbit packages for multilib support for post 10.3 systems.- Only cache password policy results that worked, otherwise we cannot login until the cache expires even if a connection to a DC has been restored; [bnc#373552].- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].- Update to 3.0.28a. + Failure to join Windows 2008 domains. + Windows Vista (including SP1 RC) interop issues.- Rename the libsmbclient package to libsmbclient0 to follow the shared library packaging policy and remove provides libsmbclient3 for post 10.3 systems.- Add variable to define if a share should be an administrative share; [bnc#358841].- Fix patch errors with dcerpc and idmap_global; [bnc#280452].- Fix safe_strcpy error caused by duplicate domain name fix; [bnc#356025].- Fix two memleaks if num_validated_vuids exceeds its maximum; [bnc#349581].- Fix ACL inheritance; [bnc#351570].- Fix a gcc 4.3 buffer overflow warning.- Remove duplicate domain name prepend when user SID is in winbindd cache; [#336854].- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing caches; [#340332].- Fix kerberos authentication with Vista; [#350032].- Update to 3.0.28. + Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Additional cases and problems caused by fix for CVE-2007-4572; [#337823].- Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Added default printing system information to README.vendor; [#113759].- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.- Update to 3.0.27. + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572; [#326261]. + Remote code execution in Samba's WINS server daemon (nmbd) whe processing name registration followed name query requests; CVE-2007-5398; [#337823].- Change the spec file to get debug packages again.- Additional case for overflow: CVE-2007-4572; [#326261].- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].- Fix the alignment of 32 and 64-bit winbind requests; [#331754].- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0 systems; [#289599], fate [#302668].- Fix possible segfault in winbind which could be caused by uninitialized variables; [#253862c223].- Use FQDN in KDC DNS lookup; [#295284].- Update to 3.2.0pre1. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Support in pam_winbind for logging on using the userPrincipalName. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from O'Reilly Publishing. - Update samba-vscan to 0.3.6c-beta5. - Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't apply to Samba 3.2.- Make nss_winbind thread-safe; [#293907, #329796].- Perform KDC lookup using DNS only; [#295284].- Handle smb child crash; [#294895].- Add a global lock inside nss_winbind as workaround; [#293907].- Merge ranged retrieval optimization to winbindd.- Update to 3.0.26a. + Memory leaks in Winbind's IDMap manager. - Update to 3.0.26. + Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin; CVE-2007-4138; [#307623].- Fix two memleaks in idmap_cache.c; bso [#4917]. - Correct failure of libsmbclient against a version of Windows. - Make read_sock return the total number of bytes read instead. - Fix error in enum_dom_groups. - Fix logic error in timeout of blocking lock processing. - Add parameter "directory name cache size". - Fix use of pwrite in tdb code.- Also ensure to initialize ip_srv_site and count_site even if we are not on site; [#230963#c124]. - Use an off site DC if we're not online and talking to the KDC of our domain; [#230963#c106].- Fix a bug where samba writes the wrong default value of max_passwd_expire to an LDAP server; [#298469].- Fix if statements where we still expected cli_connect() to return BOOL.- Update to 3.0.25c. + File sharing with Widows 9x clients. + Winbind running out of file descriptors due to stalled child processes. + MS-DFS inter-operability issues.- Update the cache tdb validation patch which improves the backup handling trying to end up with a useable cache tdb. This applies mostly to the situation that disk space is short; [#256166c82].- Update the cache tdb validation patch to support backup and corrupted file handling; [#256166c77].- Fix a bug that causes smbd to 'hang' intermittently; [#289599].- Fix event based krb5 ticket refreshing in winbindd.- Limit the LDAP expression in lookup_usergroups_member() to security groups; [253862c209].- Don't reset the num_names counter in lookup_groupmem(); [253862c198].- Make the days before the password expiry warning appears configurable in pam_winbind.conf; [#287871].- Don't link shared libraries of vscan with -pie.- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to 20480; [#253862c175].- Update to 3.0.25b. + Offline caching of files with Windows XP/Vista clients. + Improper cleanup of expired or invalid byte range locks on files. + Crashes is idmap_ldap and idmap_rid.- Fix reply when no dfs share is configured. - Fix the DFS code to work with Vista clients; [#286937].- Migrate old if-up/down scripts to new names on update; [#283706, #285187].- Introduced prefix numbering of if-up/down scripts that they get executed in the right order; [#283706, #285187].- Restart nscd on winbind update to load the new libnss_winbind.so.2 library. This will not resolve every problem with nss modules; [#174589c88].- Fix winbind segfaults with idmap_rid; bso [#4624].- Add missed 'c' character to the list of valid ones in escape_shell_string(); [#273611].- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].- Remove superfluous requires to samba from the devel package.- Ensure the returned structure size from _samr_query_dispinfo() is smaller than the total size; [#203833].- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan. - Install header files with 0644 instead of 0755 permissions. - Enable build of the python package.- Branch a samba-devel package for post 10.2 systems. - Install .a library files with 0644 instead of 0755 permissions.- Update to 3.0.25a. + Missing supplementary Unix group membership when using "force·group". + Premature expiration of domain user passwords when using a·Samba domain controller. + Failure to open the Windows object picker against a server configured to use "security = domain". + Authentication failures when using security = server.- Add %dir /usr/share/samba to the client package. - Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and smbclnt from Provides and Obsoletes of the main or client package.- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.- Update samba-vscan to 0.3.6c-beta4.- In some cases PRS_ALLOC_MEM was called with zero count; [#273613]; bso [#4637].- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].- Don't use current_user to prep the security ctx in change_to_user(); [#273613].- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.- No longer check in the pre package scripts if swat or winbindd of version 2.2 are updated; [#273160].- Update to 3.0.25. + Significant improvements in the winbind off-line logon support. + Support for secure DDNS updates as part of the 'net ads join'·process. + Rewritten IdMap interface which allows for TTL based caching and·per domain backends. + New plug-in interface for the "winbind nss info" parameter. + New file change notify subsystem which is able to make use of·inotify on Linux. + Support for passing Windows security descriptors to a VFS·plug-in allowing for multiple Unix ACL implements to running side·by side on the Same server. + Improved compatibility with Windows Vista clients including·improved read performance with Linux servers. + Man pages for IdMap and VFS plug-ins. + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447. - Disable build of the python package.- Fix heap overflows to prevent remote code execution; CVE-2007-2446; [#273613]. - Fix remote command injection vulnerability; CVE-2007-2447; [#273611].- Remove obsolete samba-pdb package and required packages from BuildRequires for post 10.2 systems.- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.- Remove requires on release from devel packages.- Reduces the number of queries made to the DC in the ads version of lookup_groupmem(); [#253862].- Allow winbindd to take local shortcut on secondary DCs in case dce funnel directory is set; [#266853].- Really remove Should-Start smb in smbfs init script; [#242918].- Disable 'msdfs root' by default again; [#268004].- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel package; [#264623].- Let idmap_ad search in the Global Catalog in case dce funnel directory is set; [#266049].- Allow share names with a lengths greater than 32 chars; bso [#4512].- Check the euid and call become_root() to get write access to dump a core.- Add pwdutils BuildRequires for post 10.2 systems.- Do not restart winbindd under any if-up circumstances; [#227942].- Replace unneeded become_root_uid_only() by refactored become_root(); CVE-2007-2444; [#262090].- Add repository version and branch to the spec file via build-source-timestamp mechanism.- Allow applications to set the share mode while opening a file using libsmbclient; bso [#3684]; [#203737].- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].- Add gdbm-devel BuildRequires for post 10.2 systems.- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].- Fixes a known bottleneck under very high load situations; [#247984].- Avoid passdb builtin group membership calls in the DCERPC funnel patch; [#248556].- Allow pre 3.0.23 multi passdb backend configurations to work with post 3.0.22 by using the first backend only; [#245167].- Prevent nscd crash in NSS winbind initgroups(); [#237719]. - Fix pam_winbind cached login for samba/NT4 domains; bso [#4225]. - Various pam_winbind fixes; bso [#4094, #4288]. - Fix DCERPC funnel patch; [#245278]. - Fix vista and share level security. - Fix vista variable expansion; bso [#4093]. - Fix vista DFS support; bso [#4356]. - Fix vista backup tool; bso [#4361]. - Fix vista deletion on shares; bso [#4188]. - Fix vista spoolss problems.- Fix crash bug in rpc_pipe_bind(); [#244892].- Enable DCERPC funnel patch.- Fix accumulation of expired LDAP connections when winbind in ads mode; bso [#4009].- Fix all lp_dce_funnel_directory() callers; [#242833].- Disable broken DCERPC funnel patch; [#242833].- Update to 3.0.24. + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].- Avoid winbind event handler for internal domains.- Fix smbcontrol winbind offline; [#223418]. - Fail on offline pwd change attempts; [#223501]. - Register check_dom_handler when coming from offline mode. - Fix pam_winbind passwd changes in online mode. - Call set_domain_online in init_domain_list(). - Winbind cleanup after failure and fix crash bug. - Don't register check domain handler for all trusts. - Add separate logfile for dc-connect wb child. - Only write custom krb5 conf for own domain. - Move check domain handler to fork_domain_child.- Fix pam_winbind text string typo; [#238496]. - Support sites without DCs (automatic site coverage); [#219793]. - Fix invalid krb5 cred cache deletion; [#227782]. - Fix invalid warning in the PAM session close; - Fix DC queries for all DCs; [#230963]. - Fix sitename usage depending on realm; [#195354].- Add DCERPC funnel patch; fate [#300768].- Fix pam password change with w2k DCs; [#237281].- Check from the init script for SAMBA__ENV variable expected to be set in /etc/sysconfig/samba to export a particular environment variable before starting a daemon. See section 'Setup a particular environment for a Samba daemon' from the README file how this feature is to use.- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.- Fix pam_winbind grace offline logins; [#223501]. - Fix password expiry message; [#231583].- Move XML service description documents; fate [#301712].- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.- Add XML service description documents; fate [#301712].- Move tdb utils to the client package.- Fix crash caused by deleting a message dispatch handler from inside the handler itself; [#221709].- Fix delays in winbindd access when on a non-home network; [#222595].- Fix client-side smb signing; [#222951]. - Fix imcomplete merge for firefox NTLM handling; [#198255].- Add IA64 and x64 printer drivers directory.- Update to 3.0.23d. + Stability fixes for winbindd.- Fix ldapsmb group and unicode issues; [#143417, #216606]. - Fix net ads account management; [#217046]. - Fix libnscd usage in passdb; [#217363]. - Add the "mega patch" + Add site support for winbind; [#195354], fate [#300909]. + Add site support for net; [#211281], fate [#300909]. + Fix winbind krb5 ticket handling from offline; [#178028]. + Fix "net ads leave"; [#196771]. + Fix winbind username case handling; [#184902]. + Fix winbind name canonicalisation; [#210174]. + Fix winbind online/offline handling; [#196859]. + Add NTLM cached credential handling for firefox; [#198255], fate [#300973]. + Fix winbind groupmembership handling; [#211324]. + Fix winbind site-support handling on reconnect; [#195354]. + Fix winbind child initialization and online/offline handling; [#196859]. + Fix winbind cached credential storage; [#185053]. + Fix winbind long login delays; [#184450]. + Fix winbind crash for new AD user; [#208454].- Fix pam_winbind overriding syslog settings; [#201756]. - Fix profilepath pam_set_data for other PAM modules; [#215707].- Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. - Fix libsmbclient accessing NetApp; bso [#4018]. - Fix error handling in ads printer code; [#209409]. - Fix passwd pam segfault; [#211719]. - Fix crash in winbind async child. - Fix winbind failure mode for trusted domains.- Add realm to username if missing in net ads join; [#211706].- Move the LOCKDIR to the client sub package.- Activate the libaddns.- Add version of the package subversion to Samba vendor version suffix.- Update to 3.0.23c. + Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. + Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend.- Fix time value reporting in libsmbclient; [#195285].- Remove update-messages.- Store and restore NT hashes as string compatible values; [#185053].- Added winbindd null sid fix; [#185053].- Update to 3.0.23b. + Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". + Errors in 'net ads join' caused by bad IP address in the list of domain controllers. + SMB signing errors in the client and server code. + Domain join failures when using smbpasswd on a Samba PDC.- Fix from Alison Winters of SGI to build even if make_vscan is 0.- Update to 3.0.23a. + Failure to strip the domain name from groups when 'winbind use default domain = yes' + Bad token creation of local users on member servers not running winbindd. + Failure to add users or groups to ACLs using the Windows object picker. + Failure in file serving code when 'kernel oplocks = yes'. + New "createupn" option to "net ads join" + Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.- Fix pam config file parsing in pam_winbind; bso [#3916].- Update to 3.0.23. + Improved 'make test' + New offline mode in winbindd. + New Kerberos support for pam_winbind.so. + New handling of unmapped users and groups. + New non-root share management tools. + Improved support for local and BUILTIN groups.- Prevent potential crash in winbindd's credential cache handling; [#184450].- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].- Fix the munlock call, samba.org svn rev r16755 from Volker.- Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]./bin/sh/bin/shkimball 1237558572 C3.2.7-11.2.1libtalloc.so.1/usr/lib/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/8a43981f79128af8d20299d2e006155d-sambacpiolzma2i586i586-suse-linux\#R~m~^?`] c6GJ}4metm49/҃ .7Gp0UG9]-1fNO6iTwB;j:`(Q\qMQn~TMY7hKL6&/X_)H6wNY[ھ0*gyy6ƟC)< r\(pբo+U9:D"#{/#e1.^>#Ʃ̉ \zL幧2t=, FdH #=M(\-'1o;&T82 )B 󖀶M !ק[l)wwr̼s!,fBWٺi0GZ,D-X"$<}ŎfYWT?s*9vt5/;ugV(-΋QZBMfCA.<bFd,xfhɟb/:9I8VUC*ל, S!b]:ܺ\8)#m ks {M忾;$l W֐"/%~<9NUZd_~if)s@{IWSIU/jKUBۢ)F;% qGe`ʤꓤÑ!Ztx=_" YVA}d{ y[8g7o6_[N#/Py_kN1K &0f ^ ct|!GXpnU](`t d1 .?3m{:>t~Iwfn5 Qq|4u2;w-D|[.GCHF~\;^kS, ~VݕOެb&i]Y;|voxa$ Pi3+9LZFH'NM-Qƽoj+"ޘ_̄,PWÜf(xVmx0" M zUiKn}@rI,Wʑ33 ]"  3*4v"gHuMCQPE.BC.EZ y.0WkeLL8<5O _@`{8P 1l>7 @^K XNkg*kI"`)$ǤS;÷(h(U*&[taESCl#X&kb>_;V.";93SXGFVu 3Flß|gˮ\u,3TxY'._zMr*[:ڣ/4c"F]"׻ ;4فsܫDZ9Z}wFk?x&e+cHZ|L,̪]yJ]/97=*)5,n,l%7M_ KgvJS+&̲/FʚG]Ô07R~0% T!A}jq-+02*)K\_3h˹r:YZ`Cw'%pDBQ|x2'/+a$ C/VZM MޠfmvmkZ2?dsj Jd8Yˑ;וSg+#{½mr'xARt"g0\/[C0<=\ 0Ts^">P'x.<*Oitm> !2e/Di@8PטԜm%3`>RwaǑ r@֜}& blfa-H 9oR ;Y?E>)Y&_ݍ1^SZ M$)A祆{~U:wuu6r[uKTt# k L`vRhF$Y>lH࿉C;VHlrʨWBfM~D*|%Sc*+]V?BM%` "W Nkĕ~FWQݩb4FaF*_ ~TدKG2JF4X`FqK7 !';=>T\Hɶ7J^bJn}RHڍ?8Yݴ+P1a+ ̅ݐ$( Ͷݳ:~n26"6f ]n ekz#Nd ?$(e;8D&2TX"Y%kbK7;Ƃ3N" s2.UߟwVeDd.%%K2YwtD^-pf87 A"yȹb\cܢo%{щ66iP)ޘ23jք4qXWyA)" x(5xiEP\3m}B'('=QvX6 iIq*7WR1l}jp+ɛ~ҤcskTe-"la.Ǒ NvYT1iAGBgnB\C+$(yC U\U`cyڊFV'aΒWd^w:mw6!}c]U aJ_ -y/itnM[H_&(Bω,gZQcmKZֹӴȿ;+ҽ8@ &=q8Ɣr${+]cUis; )%`Q&f-Q_4 xP`7, ;4PϷ W:!e#9dr2s0SyJP]!?m,jP'A05k)$T5axۊG˱6Xq 20f{NLP4u$y!sZoWoTܺ.]h-HlLAR<[lRCTb7%*?/F!ϬSM>=4x@FMNi^62&GCTM+_uj*Aimj< v*_Mu3D{(U5OH;<_ރuXZ,dۛu=,UUmh3zDg'th:Y\#skҤN'\8㌌!%Kd"?R>QfCޠDL#4t6[Ӿ  'ά P?I6l̓u_³aH0rdw "G7 *!hi\tj-)M`SR0TL=v wpiM[ ư*]~v4ݭj8|U{L,*QIdvI0JqӐ-K#uD ً[E,&t窞D4#Tr9V]i=(+~`8l9g5(mօ!ެ=ڧ8]R;{͓f#%嬎@,IU (t˱K=CqtRz#wnsֳ\d(<@W9 )IҊIH[* '^54 P V gtQGPY$n9hUYG)')n|㪝3k@ʪ2T/jZ%ݧ7~4#BYUL52EK*[Y ێr[U bB?<15`х[UƾmfWkSLܘ)tnsM&F*oE\ X΢g0ϘAf;Ԁʊ@@:-,M;@Ac|o lwf"$E+x Փ0,F 1=.|!t{4f~pY PޫBǔd|,Aa?3g` H)B@'}&T w7JBZ3ܐ6C;O_3Ko \?{Rt%KfnBHO`$rԞ=dhfV%6DU-ĂO8'.h3)96DnʘY6Q/p^eWuRH6J&v'<WXD$[`K9{[WIqLϤ!Z^Qǽj*T)t'' 4'`Z\jśibJ!Nh+d\R8 "kDL i_5y KE& 0*@K,_PD3^QDۆ7g[97`:z]AT|~x{hWLN$qN UCe_kŻJNJLsTkkUsmS~%@V5J9FPe( 4(<9R^5U%f35#>UFŜV ,6_StX^XCW2aqK!SFuG[H*:@Ag/\'ަE6CFS:RxG2#z1ccjo脨L|}l6GHM"QlELXNuM`5ސecEo(F:L= 9cc䕕n}NF@+$XT^dtOD}A(͖2T*R0K@'GՋТz86a>1NJ&N'Jf%$kwf0 J&#}Pa*H7{dNMt}!JtGv%1O%~^a{W-(6ݰ6ch>6n/Ҩ-TMIA /M k`T5iyjTO F%2VU8c.k˭dկmϬյ:Z*"7.xHM5ë`RMwR}lK! F_^(f_03gإ⃷N;-.fRhOOc,A@ƖAF7wK8݉s-6I3d^v#9-Zle|[~vn\! HX LI|Sr{ -sKȇYq٣xdz|M#zp$Y8KOSw.Hc㶕Ѝķ(4PdX@Q]+_għ%25DUe!nܒR TU'|?vP gD[AX=oJ{i(<ٮG( a:YxorKIt!*Hr5 "U .}wO4;:mКS5=nbV a_mo;o<%d5!'#"`(Rzvo9yе몾1a.jUKC IIAR=[j|:B\N7jA[cBֹa&쮳gQatΛgm ˃9H+ნ.7r~ E$mu,Doݦ0\935>V% T4";Žs%f#QSIBAZR߬.\y&rH#D㚠ŻW[KnɰYy?t?'w[GrNg{:i 8 u8).)im\?&cyt~YfdviFj':Kb t0n{udiߚb>r6DQh ؒy}.bƵO7$sa*/rc~t L]`[e/OpQ6ޤ']_j'[<ÇQ1e a^B)m)XfE˖¼Á,5\-u)YOk-IVs/qvZX:;/E<|@Q]$o{)6tuf $}S<:P 9#|G-[M c,yи̙]K<&Zq°/5LT9<Iy˷Rde ސ[puDhmWL'" ƴ(/p#K)GYGrBC]'A̜}q`F|TX` Wۨ.0f()dlգ梜jݸފqU%SI KZCAQgpr:uVXHTJ=jBxu**pl;v2P7L!zݎ~htցlRT&1m,Oo_=낞zj4@6ryydI_j k%3~I\hl#I1<>u^֯τ17iRq5KU2&Gp[ k+mGM̐S@톆pQ~DC' oʹoMXߌG/|J~O )\ vW*EKxhir.Qt/MEZmMR|Nxڣ/RI7GJ]>|ݦbpU7γBCM 9JSV [EQB-wgg8~@|bבf`zǧn'e~~A{+M7A9.gߏe5ʱ=?&fyyjh2i'Ϗ1rsV5tծBcu:ԀqjC2~KsPduބYshX^ Ji?ea?e1cAm/H'OHQ(L@߰k.\[.NC&G_t|t[KMTl4v-ٔrOI ;0=RICkQ??ʴJzFM8W )EVx>H#F{ZTYgaAI @ ѼH`*(왥jsg(B[Z~rFm_hr7&^pEVM9,'5#Kו+}}]Q u VTd9ŦtiB*xRh L휚\ }}Fi-? LǶ 3y4v Pf8Us9 J< כm+m1$ż'eS TDv^o8)*:0F@~C[[(8G+%$8"qw;\N[<5OקJɧCxv$5uyJtEr1LZ&0J v[I/:jRp g3MFO~Dp 7r2rS2Jʟ[,e$u< -~`7ڛ (:Q3:m4nu&Իyf 2}L^su)=#MohLr6K4r*r+ .CGu, ^z]"fȐ6#4^zeվ1h$'8۱.lK1| HZ^) ZB d-ŝ([#xαNo85u"«}$p ob}h -LV4Kjy6$C GdŠ:Ѧ6`k)}6*LjҖ/`T/YG1msVW !F@W ƪ3)/48%NRbMxfc7+dݽ "3,'CٓD(ݳ9ڎ p0bK9\v::tr;?(<&ۦ,%ekjIK_ʼn5r?%&b):ڴ *,"KRIw?>n*0Jg'BVͲ aPxkN7#&#V8bO^E.߂zxB  :a͍ Ŀ xo8WFnKa^ /,W$&R^DaKoL1Y̅,Pf''۔be@p()-|j\SObMȳAZ.oKU}%m+pK XGl1s*ҙqrJ/KU QT|,ԹHR[{f3ZPY~.u(f/& -iE/ MOͮCi4Tuˬ_D?Ek ^2U*y%-cB59Ep/?Hm {3:CkcMBTՂSuq^nzbL: θSF7kL&VCe: l?㝗zf a|RglJΦbhSޓW IM&Q+?7md+Z.Q.d_1LtUnX t4#2I]ԁ1HKmAF(w -hUJtm}st>i g79A޶=O9mq(‡ Lz'֯\S㧬Ro 3C7owlq!r4qƱIu%瀺x_@mӟ‚ ݢ kuͣK_ڷg¹Wrڊv7oG{2;h|0|."o1HL6?'8Kvs"ۨ61A˜J]PG]!>jŖFY@b}swyJ 5Јj2|y S`٥-չYmD}}3/>aOjrDzi j5O53g_"? +S~,0$%8VXd!n h /EVk<ځ'#pq*&,^ s[mEH$Q') i4%by0տ0+;~:cl;Il&`Ƣ0ZE<3