libtdb1-3.2.7-11.2.1>t  DH`pIå͸/=„Q'5_<=r鹓|^R;| @_-O_l.=vq{&g"S Y3֢-xx{$W`MktloE:gihӨ ZE~5&#Hy2uNDiָҘY)h?"A|Jqx4<,@#iU`ɓ`t}9o ȿ ڝe-JKwpو8p՟e2affe1c097789843cf2581256b81316b7c17361@Iå͸/=„ZfH^\^Rj\`֮w BKz)/2Kdޒ(r5I :1J/nv=4M @. 'NlO{k+U;%i54Qaշ#SvZxibh+X "~xFuŻsRa|vV)Ǟ hrS( ?R؀a3Fw*68ЅG4HrEZ$~¿_d>:?d   )  '=CHWhl n p t     (,849H:c>j@rFzGHIXY\]^bcYdefklzClibtdb13.2.711.2.1Samba tdb LibraryThis package includes the tdb library. Authors: -------- The Samba Team Source Timestamp: 2080 Branch : 3.2.7Iå,kimballdopenSUSE 11.1openSUSELGPL v3 or laterhttp://bugs.opensuse.orgProductivity/Networking/Sambahttp://www.samba.org/linuxi586/sbin/ldconfig/sbin/ldconfigdIå 323342a447301c11c1196eb3b8a382c0rootrootsamba-3.2.7-11.2.1.src.rpmlibtdb.so.1libtdb1@@@JJ@@@@@@@J/sbin/ldconfig/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.2-14.4.2.3I2III1I@IHIy@Iy@Id@Ia@IVISuISuIBR@IBR@I?@I?@I6tI6tI3I3I1.I.I.I.I.I+I%Q@I%Q@IsI@IP@IH@H,H,H@H @H @H @H @HHH@H}@H׈HHHBHe@H|@HAHH@H@H@H@HHc@H@HnH@Hz@H4@HsVHnHkmHkmHj@Hj@Hj@Hj@Hj@HhHhHcHb3@HXHO@HNlHNlHM@HI&HG@H?@H?@H=I@H=I@H;H6H6H6H2@H.H-w@H-w@H-w@H-w@H*@H*@H*@H)H$. + Fix Coverity IDs 456, 574, 592, 606 and 607. + Fix net rpc vampire. + Use the same prerequisite for DDNS update as Windows XP. + Make "lwinet ads dns register" honor the "interfaces" parameter. + Fix extended DN parse error when AD object does not have a SID. + BUG 5888: Fix PNP_GetHwProfInfo(). + BUG 5957: Do not abort rename process on valid rename script. + BUG 5898: Fix 'net rpc shutdown'. + Fix duplicate installation of cifs.upcall. + Fix _srvsvc_NetShareAdd segfault. + Ensure consistency when reporting password complexity. + Fix _lsa_GetUserName. + Fix access check in _samr_QuerySecurity(). + _samr_DeleteUser needs to wipe out the user_handle on success. + NetGroupEnum_r needs to handle servers with no groups. + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + BUG 5908: Fix internal change notify on shared directory. + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share. + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support and GPFS. + Add new VFS module to analyze SMB traffic + BUG 5928: Fix 'testparm --version'. + Have uppercase_string return success on NULL pointer in mount.cifs. + Make mount.cifs return codes match the return codes for /bin/mount. + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs. + BUG 5778: Check if strlcpy and strlcat are already defined. + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy. + Fix a potential NULL deref in found by the IBM Checker. + Fix an uninitialized variable found by the IBM Checker. + Fix an unlikely memleak found by the IBM Checker. + Fix some missing error handlings. + Add workaround for domain joins using a netbios name which is different from the hostname. + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. + Fix trans2findfirst for the large directory optimization. + Fix checking for presence of cups-devel and correct cups-devel test for HAVE_IPRINT. + BUG 5805: Don't close stdout when calling setup_logging multiple times. + Fix setting of trust password using 'net rpc trustdom add'. + Fix several issues in vfs_streams_xattr and vfs_stream_depot. + Return an error instead of crashing when no realm is given (trigerred by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and "disable netbios = yes"). + Fix the new vfs_smb_traffic_analyzer build for static links. + BUG 5901: Fix default for streams_depot location. + Fix several build warnings. + Delete the krb5 ccname variable from the PAM environment if set. + Fix circular dependency error with autoconf 2.6.3. + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at compile time rather than install time. + BUG 5906: Fix Winbind crash when calling 'getent group'. + Fix logging to syslog. + Allow SYSLOG_FACILITY to be modified with a new configure option called - -with-syslog-facility. + BUG 5909: Fix MS-DFS on Vista clients. + BUG 5944: Fix starting of nmbd with "socket address" set to "". + Fix segfault on startup with trusted domains. + Re-add "winbind:ignore domains" parameter. + Avoid freeing fsp twice when opening new_file fails (Debian #431696).- Fix the conditional macro to start smbfs by default; (bnc#456469).- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.- Use %__install macro to install files with the right permissions instead of cp.- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.- Update to 3.2.5. + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients; CVE-2008-4314; (bnc#446971).- Update baselibs.conf.- Fix circular dependency error with autoconf 2.6.3.- Fix the dhcp hook script and support CODE11; (bnc#442335).- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).- Make cifs-mount depend on keyutils, keyutils-libs packages as they are required to support dfs and kerberos; (bnc#432494).- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).- Change the runlevel description for winbindd to use "Microsoft Windows" instead of "NT"; (bnc#446154).- Directory/Filenames get truncated when 3.2.0 client acesses old server; (bnc#432471).- Add SuSEfirewall2 services config file to open Netbios and Samba ports on post-10.2 systems; (bnc#247344).- Remove unrecognized configure options.- Fix the pam_winbind build.- Delete the krb5 ccname variable from the PAM environment if set.- Move the nss_info modules to the samba-winbind package.- Add version branding for CODE 11.- Restart smbfs even with the traditional network setup; (bnc#425058).- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro if available.- Only call the fillup_and_insserv or fillup_only macro if available.- Use package names instead of macros for cp, mkdir, mv, rm, and grep or instead of the full path to the binary for ln, find and xargs.- Introduce NET_CFGDIR to fit the needs for a differing location of the network configuration per vendor.- Use path macros for cp, mkdir, mv, rm, and grep.- Only use SUSE rpm macros and SuSEconfig.permissions if available.- Adopt samba-vscan to build after the change to the bool type define.- Fix winbindd crash in an unusual failure mode; (bnc#416598).- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.- Update to 3.2.4. + BUG 5590: Fix binary stripping on older OS. + Fix linking of cifs.upcall when nscd_flush_cache() is found. + BUG 5052: Allow inheritable permissions. + BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback has an IPv4 address. + BUG 5698: Fix non guest connections to shares when "security = share" is used. + BUG 5729: Explicitly allow "-valid". + BUG 5745: Fix Kerberos authentication with (lib)smbclient. + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + BUG 5761: Fix opening of mangled directory name (resulted 'is a stream name'). + Fix the wcache_invalidate_samlogon calls. + Clarify usage of "force create mode". + Write times code update. + Fix Winbind crash. + idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure. + Fix build warnings. + Cleanup of DC enumeration in get_dcs(). + BUG 5710: Fix changing of machine account passwords. + Fix several build warnings. + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + BUG 5736: Fix Winbind crash bug with trusted domains. + Correct the netsamlogon_clear_cached_user function. + Fix handling of MSKRB5 OID in cifs.upcall. + Fix build warnings in cifs.upcall. + Change default install location of cifs.upcall to EPREFIX/sbin. + Enable building of cifs.upcall by default on Linux. + BUG 5707: Do proper error handling if the socket is closed. + Fix calculation of useable_space for trans2 and nttrans replies. + Fix Coverity ID 587. + Add mapping of generic bits when setting an NFSv4 ACL. + Some write time fixes. + BUG 4516: No IPv6 on Solaris 2.6. + BUG 5571: Fix group memeberships in Winbind. + Fix cut and paste error in quota code. + Fix display of POSIX ACLs. + Avoid a race condition in glibc between AIO and setresuid(). + Add missing become root for AIO operations. + Fix logic of tsmsm_sendfile(). + Fix an errno handling bug that could lead to an infinite loop. + Fix handling of arbitrary new PAC types.- Create a link to the html manpages so that they can be accesses in swat; (bnc#426182).- "Password last set" timestamp update from admin pw change; (bnc#420407).- Call mkinitrd_setup during %post and %postun for package cifs-mount; (bnc#413709).- Update to 3.2.3. + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789; (bnc#420634).- Update to 3.2.2. + BUG 5592: Fix creation and installation of shared libraries. + Fix replacement of random seed generator. + Fix a race condition in idmap_tdb2_allocate_id(). + Fix unix_convert() for "*" after changing map_nt_error_from_unix(). + Make sure to always set errno on error path in OpenDir. + BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. + BUG 5686: Fix segfaults in libsmbclient. + BUG 5692: Fix coredump in full_audit.so. + BUG 5696: Fix "force group" in setups using Winbind. + Rename cifs.spnego to cifs.upcall. + Fix segfault in cifs.upcall when it is called without any arguments. + Fix coverity ID 594 (resource leak on error path). + Fix assigning of primary group memberships when authenticating via Winbind. + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. + Include stdlib.h to get a prototype for free(). + Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. + Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). + Add add c++ guard to netapi. + Fix compile warning in cifs.upcall. + Add "dns_resolver" key type to cifs.upcall. + BUG 5688: Fix orphaned LPQ processes if socket address is invalid. + BUG 5684: Fix removal of dead records in tdb files. + Fix coverity IDs 595, 596. + Fix smb_len calculation for chained requests. + Fix output of test status. + Fix smbclient connections to older servers. + Fix a fd leak when trying to regain contact to a domain controller in Winbind. + Fix permissions on ctdb databases. + Fix passing back success when a function had in fact failed in two places. - Add --enable-static to the configure options to get the statical libraries installed by the install Makefile target. - Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.- Set Required- and Should-Stop in the init info part of all init scripts.- Fix libsmbclient to older servers; (bnc#402776).- Update to 3.2.1. + BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. + Update the section about net conf in the net(8) manpage. + Improve processing of registry shares. + Fix listing of registry shares with testparm. + Fix several build issues. + BUG 5578: Fix error from strlcat. + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. + Fix bug creating files using DOS clients with mixed case files. + Fix uninitialized variable. + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. + BUG 5570: Fix bogus error message during AD domain join. + Fix trusted domain handling in Winbindd. + Fix build warning. + BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. + Re-activate 'acl group control' parameter and make it only apply to owning group. + Make ntimes function more like POSIX and allow NULL arg. + BUG 5512: Fix alignment problems on sparc. + BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. + Fix a race condition in Winbind leading to a crash. + Fix a segfault in base64_encode_data_blob. + Fix some uninitialized variable references via ndr_print. + Fix error message if trying to join with a non-privileged user. + Fix setups using "include = registry" without [global] settings in the registry. + Fix "net sam rights" on domain member servers. + Add documentation for the vfs streams modules. + Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. + Allow SID with 0 in subauthority to be converted properly. + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. + Fix realpath() check so that it doesn't generate a core() when it fails. + Fix overwriting of winbind logfiles. + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. + Add broadcasting of the debug message to all winbindd children. + BUG 5635: Fix updating of printer queues. + Release still reachable memory if the smbclient context is freed. + Remove trailing withespace from wbinfo -m which breaks gdm auth. + BUG 5540: Fix "set primary group script" user option substitution. + Fix regression in Winbindd offline mode. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Allow %u parameters for print job username.- Fix a race condition in winbind leading to a crash; (bnc#406623).- Use the configure option to enable debugging. This fixes the creation of the debuginfo and debugsource package.- Fix emptying the printing queue; (bnc#411493).- Remove trailing withespace from wbinfo -m which breaks gdm auth.- Add a recommendation to the samba and samba-winbind package to install logrotate for openSUSE 11.0 and later.- Include mkinitrd scriptlets.- Allow %u parameters for print job username - use advanced sub; (bnc#374389).- Update to 3.0.31. + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not remove the unix domain socket used to field client requests. + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend. + When allocating client buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. + Memory leak fixes in DC location code. + BUG 5533: Winbindd fails to cope correctly with a workgroup name containing a '.' + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. + BUG 5551: smbd recursing back into winbindd from a winbindd call. + Fix usage message for "net rpc trustdom add". + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + BUG 5578: Bad (non-Samba) use of strlcat gives error. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Documentation build fixes. + [DOCS] Fix use of smbconfoption in samba.entities. + Return NULL in sitename_fetch() if gencache_init() fails. + Use machine account and machine password from our domain when contacting trusted domains. + SPNEGO SPN fix when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix joining NT4 domains. + Don't let winbind getgroups crash when we have no gids in the token. + Fallback to level 24 pwd set while joining. + Fix joining w2k domains in "security = ads". + Fix pam_sm_chauthtok for storing modified cached creds. + BUG 5202: Re-activate "acl group control" parameter and make it only apply to owning group. + BUG 5531: Fix conversion of ns units when converting from nttime to timespec. + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient. + Fix a segfault in base64_encode_data_blob. + AIX build fixes. + ENODATA is not defined in freeBSD 4.6.2. + Don't reset password last set time just because the expired flag is set to 0. + Fix usage message for 'net idmap dump'. + Miscellaneous man page fixes. + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd. + Fixes to man pages. + Add tdb file documentation. + Ensure that winbindd trusted domain children keep primary domain online status up to date. + Update cached creds during password change. + Ensure that Winbind always uses set_domain_offline() to mark a domain offline. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Memory leak fixes.- Allow authentication and memory credential refresh after password change from gdm/xdm; [bnc#395578].- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.- Call the libsmbclient testsuite from the %check instead of the %build script.- Use machine account and machine password from our domain when contacting trusted domains; [bnc#404667].- Add a %check section move the test of the PAM modules to this section and add more tests.- Add a recommendation to the samba and samba-winbind package to install cron for openSUSE 11.0 and later.- Use a variable for syslog and add missing $remote_fs dependency for Require-Start in the init information of the init scripts.- Update to 3.2.0. + Support for establishing interdomain trust relationships with Windows 2008. + All changes from the pre and rc releases as noted in here earlier.- Move header files from the devel sub package to lib*-devel.- Work around bad use of autoconf interna.- Build Samba with debug symbols to get working debuginfo packages.- Add /etc/openldap to the file list and not only the schema directory.- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster booting; [fate#304967], [fate#304965].- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to 'Network/DHCP/DHCP client'; [bnc#400467].- pam_winbind: Update cached creds during password change; [bnc#395578].- Update to 3.2.0rc2. + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. + Make sure we take account of the large read/write SMB headers as well as the buffer space when allocating cli buffers for large read/write. + Fix tag as a goto target we were not reinitializing the array counts. + BUG 5451: Fix for using the correct machine domain when looking up trust credentials in our tdb. + Fix spnego SPN when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix pam_sm_chauthtok for storing modified cached creds. + Fix joining issue in setups with "config backend = registry". + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting for TCP connection timeouts if no LDAP server is available. + BUG 5502: Fix security=server. + Fix coverity IDs 552, 553, 570, 571, 572. + Shrink ldbtools. + Fix reset of password last set time just because the expired flag is set to 0. + Remove support for symbol versioning in shared libraries. + Fix autogen for autoconf 2.62. + BUG 5515: Fix empty input fields in SWAT. + BUG 5516: Fix saving of the config file in SWAT. + Fix winbindd trusted domain child not keeping primary domain online status up to date.- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds; [bnc#395578].- Don't reset "password last set time" when unlocking an autolocked account; [bnc#382111].- Fix winbind sigterm handling and make init script send sighup to all child winbind processes; [bnc#382027].- Fix bug with winbindd trusted domain child not keeping primary domain online status up to date, merge to trunk from reversion 1801; [bnc#373560].- Make winbind children reopen logs on SIGHUP; [bnc#382027].- Set only CONFIGDIR and LIBDIR while make everything and install. No longer set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].- Update to 3.0.30. + Fix for CVE-2008-1105. + Remove man pages for ldb tools not included in Samba 3.0.- Fix vulnerability that allows for the execution of arbitrary code in smbd; CVE-2008-1105; SA30228; [#391168].- Follow the rename of libtdb0 in baselibs.conf.- Rename sub package libtdb0 to libtdb1.- Update to 3.2.0rc1. + Move the posix pending close functionality down into the VFS layer. + Fix activation of registry globals in loadparm. + BUG 5452: Fix smbclient put. + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. + BUG 5456: Fix missing echo if we ^C at the prompt. + BUG 5464: Fix timeout in winbindd. + Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. + Use more error-prone form of testing dm_destroy_session() return code. + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. + Fix wins null pointer crash in nss_wins module. + Fix lm session key length in _netr_LogonSamLogon. + Add -f switch for DsGetDCName() example and be more verbose on output. + BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users} + Fix the DNS Update option of "net ads join". + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). + Recognize and allow longer UA keys in winbindd_cache. + BUG 5436: Fix signing problem in the client with transs requests. + Fix a valgrind bug in the new [ug]id2sid cache. + Fix Coverity IDs 565 and 222. + Fix dfs_Enum: In form_junctions, correctly check for malloc failure. + Add support for symbol versioning in shared libraries (can be disabled with - -disable-sysmbol-versioning). + Add new function wbcLibraryDetails() to libwbclient. + Cleanup size_t return values in convert_string_allocate. + Fix Kerberos support for CUPS 1.3 in smbspool. + Fix printing with Vista. + Fix deletion of files when they're in use by other drivers.- Update to 3.0.29. + Fix a crash in tdb_wrap_log(). + BUG 5267: Fix for nmbd termination problems when no interfaces found. + BUG 5326: OS/2 servers give strange "high word" replies for print jobs. + Remove MS-DFS check that required the target host be ourself. + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. + BUG 5095: Fix the enforcement of the "Manage Documents" access right. + BUG 5460: Fix MS-DFS referral problem in server code. + Fix bug in Winbind that caused the parent to ignore dead children. + BUG 4235: Improve compliance to the Squid helper protocol. Original patch from Pawel Worach . + Prevent cycle in Wibind's list of children when reaping dead processes. + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. + Fix client connections and negotiation with Windows 2008 DCs in member server code. + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). + Re-add samr getdispinfoindex parsing which got lost in the glue commit. + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. + BUG 4901: Fix behavior of "ldap passwd sync = only". + BUG 5317: Fix debug output from domain_client_validate(). + BUG 5338: Fix format string bug in rpcclient. + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. + BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. + Fix signing problem in the client with trans requests. + Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. + Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. + Fix trusted users on a DC that uses the old idmap syntax. + Only have Winbind cache domain password policies that were successfully retrieved. + Fix alignment bug when marshalling printer data replies. + Fix DeleteDriverDriverEx() checks to prevent removing in use files.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Expand baselibs.conf to match pre SUSE 11.0 products.- Remove obsoletes and provides 3 for all packages and systems.- Cleanup the use of the suse_version macro to achieve consistent defaults.- Set CODEPAGEDIR while make to fit the install location.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Package man page files independent of the used compression method (gz,lzma).- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva in the OBS too.- Add a script to restart smbfs if NetworkMangaer gets an IP address; [bnc#373075].- Remove all references to the obsoleted samba-pdb package.- Compose the BuildRequires in a more flexible way to fit the openSUSE build service (OBS) requirements to support different operating system targets.- Use _libdir macro instead of a local define of LIBDIR.- Remove PreReq /sbin/ldconfig from the libtdb-devel package.- Install the shared libraries with the same name as used as soname.- Update to 3.2.0pre3. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Support for IPv6 in the server, and client tools and libraries. + Support for storing alternate data streams in xattrs. + Encrypted SMB transport in client tools and libraries, and server. + Support for Vista clients authenticating via Kerberos. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New LGPL Winbind client library (libwbclient.so). + New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. + New client and server support for remotely joining and unjoining Domains. + Support for joining into Windows 2008 domains. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing.- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.- Remove obsoletes and provides samba3 for post 10.3 systems.- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the shared library packaging policy for post 10.3 systems.- Update kdc dns-only lookup patch to IPv6.- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym links in /sbin/; [bnc#380693].- Enable the build of vfs_cacheprime and vfs_readahead modules.- Update to 3.2.0pre2. + Add library for access to the registry configuration data. + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + BUG 4308: Fix Excel save operation ACL bug. + BUG 4801: Correctly implement LSA lookup levels for LookupNames. + Add new option "debug class" to control printing of the debug class. + Enable building of the zfsacl and notify_fam vfs modules. + BUG 5083: Fix memleak in solarisacl module. + BUG 5063: Fix build on RHEL5. + New smb.conf parameter "config backend = registry" to enable registry only configuration. + Added support for IPv6 client and server connections. + Remove unused utilities: smbctool and rpctorture. + Fix service principal detection to match Windows Vista (based on work from Andreas Schneider). + Encrypted SMB transport in client tools and libraries, and server. + Added support for an SMB_CONF_PATH environment variable containing the path to smb.conf. + Various fixes to ntlm_auth. + Correctly handle mixed-case hostnames in NTLMv2 authentication. + Add Winbind client library. + Enhance client and server remote registry access. + Add client calls for remotely joining a computer to a domain (including calls from "net dom" command). + Add libnetapi.so library for joining domains including sample GTK+ app. + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC. + Various fixes for DsGetDcName and conversion to IDL based structures. + Add ads_get_joinable_ous() to libads to get list of joinable ous. + Add get_logon_hours_from_pdb() to comply with new IDL based structures. + Migration of the entire client and server DCE/RPC code to IDL based structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON. + Started migration of client and server DCE/RPC code to IDL based structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG. + Use IDL and autogenerated code for samlogoncache and Kerberos PAC handling. + Add remote join/unjoin server-side implementation. + Import the Linux red-black tree implementation. + Support for storing xattrs in tdb files. + Support for storing alternate data streams in xattrs. + Implement a generic in-memory cache based on rb-trees. + Speed up the smbclient "get" command. + Add the aio_fork module. + Modified libsmbclient API for more easily maintaining ABI compatibility while adding new features to libsmbclient. + Refactor Winbind internal parent-child interface tables to achieve better unit testing support. + Networking fixes to the libreplace library. + Add support for DNS Service Discovery. Based on work from Rishi Srivatsavai . + Don't restart winbind if a corrupted tdb is found during initialization. + Add share parameter "administrative share". + Improve error messages of net subcommands. + Add 'net rap file user'. + Change LDAP search filter to find machine accounts which are not located in the user suffix. + Remove smbmount. + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of a file. + Register the smb service with mDNS if mDNS is supported. + Add smbclient support for basic mDNS browsing. + Fix padding between Winbind 32bit/64bit client library in the request/ response structures. + Added a syncops VFS module for file systems which do not guarantee meta-data operations are immediately committed to disk in stable form. + Additional portability support for building shared libraries. + Get Samba version or capability information from Windows user space. - Add new sub packages libnetapi0, libnetapi-devel, libtalloc1, libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.- Fix build with glibc 2.8.- Added baselibs.conf file to build xxbit packages for multilib support for post 10.3 systems.- Only cache password policy results that worked, otherwise we cannot login until the cache expires even if a connection to a DC has been restored; [bnc#373552].- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].- Update to 3.0.28a. + Failure to join Windows 2008 domains. + Windows Vista (including SP1 RC) interop issues.- Rename the libsmbclient package to libsmbclient0 to follow the shared library packaging policy and remove provides libsmbclient3 for post 10.3 systems.- Add variable to define if a share should be an administrative share; [bnc#358841].- Fix patch errors with dcerpc and idmap_global; [bnc#280452].- Fix safe_strcpy error caused by duplicate domain name fix; [bnc#356025].- Fix two memleaks if num_validated_vuids exceeds its maximum; [bnc#349581].- Fix ACL inheritance; [bnc#351570].- Fix a gcc 4.3 buffer overflow warning.- Remove duplicate domain name prepend when user SID is in winbindd cache; [#336854].- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing caches; [#340332].- Fix kerberos authentication with Vista; [#350032].- Update to 3.0.28. + Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Additional cases and problems caused by fix for CVE-2007-4572; [#337823].- Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Added default printing system information to README.vendor; [#113759].- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.- Update to 3.0.27. + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572; [#326261]. + Remote code execution in Samba's WINS server daemon (nmbd) whe processing name registration followed name query requests; CVE-2007-5398; [#337823].- Change the spec file to get debug packages again.- Additional case for overflow: CVE-2007-4572; [#326261].- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].- Fix the alignment of 32 and 64-bit winbind requests; [#331754].- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0 systems; [#289599], fate [#302668].- Fix possible segfault in winbind which could be caused by uninitialized variables; [#253862c223].- Use FQDN in KDC DNS lookup; [#295284].- Update to 3.2.0pre1. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Support in pam_winbind for logging on using the userPrincipalName. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from O'Reilly Publishing. - Update samba-vscan to 0.3.6c-beta5. - Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't apply to Samba 3.2.- Make nss_winbind thread-safe; [#293907, #329796].- Perform KDC lookup using DNS only; [#295284].- Handle smb child crash; [#294895].- Add a global lock inside nss_winbind as workaround; [#293907].- Merge ranged retrieval optimization to winbindd.- Update to 3.0.26a. + Memory leaks in Winbind's IDMap manager. - Update to 3.0.26. + Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin; CVE-2007-4138; [#307623].- Fix two memleaks in idmap_cache.c; bso [#4917]. - Correct failure of libsmbclient against a version of Windows. - Make read_sock return the total number of bytes read instead. - Fix error in enum_dom_groups. - Fix logic error in timeout of blocking lock processing. - Add parameter "directory name cache size". - Fix use of pwrite in tdb code.- Also ensure to initialize ip_srv_site and count_site even if we are not on site; [#230963#c124]. - Use an off site DC if we're not online and talking to the KDC of our domain; [#230963#c106].- Fix a bug where samba writes the wrong default value of max_passwd_expire to an LDAP server; [#298469].- Fix if statements where we still expected cli_connect() to return BOOL.- Update to 3.0.25c. + File sharing with Widows 9x clients. + Winbind running out of file descriptors due to stalled child processes. + MS-DFS inter-operability issues.- Update the cache tdb validation patch which improves the backup handling trying to end up with a useable cache tdb. This applies mostly to the situation that disk space is short; [#256166c82].- Update the cache tdb validation patch to support backup and corrupted file handling; [#256166c77].- Fix a bug that causes smbd to 'hang' intermittently; [#289599].- Fix event based krb5 ticket refreshing in winbindd.- Limit the LDAP expression in lookup_usergroups_member() to security groups; [253862c209].- Don't reset the num_names counter in lookup_groupmem(); [253862c198].- Make the days before the password expiry warning appears configurable in pam_winbind.conf; [#287871].- Don't link shared libraries of vscan with -pie.- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to 20480; [#253862c175].- Update to 3.0.25b. + Offline caching of files with Windows XP/Vista clients. + Improper cleanup of expired or invalid byte range locks on files. + Crashes is idmap_ldap and idmap_rid.- Fix reply when no dfs share is configured. - Fix the DFS code to work with Vista clients; [#286937].- Migrate old if-up/down scripts to new names on update; [#283706, #285187].- Introduced prefix numbering of if-up/down scripts that they get executed in the right order; [#283706, #285187].- Restart nscd on winbind update to load the new libnss_winbind.so.2 library. This will not resolve every problem with nss modules; [#174589c88].- Fix winbind segfaults with idmap_rid; bso [#4624].- Add missed 'c' character to the list of valid ones in escape_shell_string(); [#273611].- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].- Remove superfluous requires to samba from the devel package.- Ensure the returned structure size from _samr_query_dispinfo() is smaller than the total size; [#203833].- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan. - Install header files with 0644 instead of 0755 permissions. - Enable build of the python package.- Branch a samba-devel package for post 10.2 systems. - Install .a library files with 0644 instead of 0755 permissions.- Update to 3.0.25a. + Missing supplementary Unix group membership when using "force·group". + Premature expiration of domain user passwords when using a·Samba domain controller. + Failure to open the Windows object picker against a server configured to use "security = domain". + Authentication failures when using security = server.- Add %dir /usr/share/samba to the client package. - Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and smbclnt from Provides and Obsoletes of the main or client package.- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.- Update samba-vscan to 0.3.6c-beta4.- In some cases PRS_ALLOC_MEM was called with zero count; [#273613]; bso [#4637].- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].- Don't use current_user to prep the security ctx in change_to_user(); [#273613].- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.- No longer check in the pre package scripts if swat or winbindd of version 2.2 are updated; [#273160].- Update to 3.0.25. + Significant improvements in the winbind off-line logon support. + Support for secure DDNS updates as part of the 'net ads join'·process. + Rewritten IdMap interface which allows for TTL based caching and·per domain backends. + New plug-in interface for the "winbind nss info" parameter. + New file change notify subsystem which is able to make use of·inotify on Linux. + Support for passing Windows security descriptors to a VFS·plug-in allowing for multiple Unix ACL implements to running side·by side on the Same server. + Improved compatibility with Windows Vista clients including·improved read performance with Linux servers. + Man pages for IdMap and VFS plug-ins. + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447. - Disable build of the python package.- Fix heap overflows to prevent remote code execution; CVE-2007-2446; [#273613]. - Fix remote command injection vulnerability; CVE-2007-2447; [#273611].- Remove obsolete samba-pdb package and required packages from BuildRequires for post 10.2 systems.- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.- Remove requires on release from devel packages.- Reduces the number of queries made to the DC in the ads version of lookup_groupmem(); [#253862].- Allow winbindd to take local shortcut on secondary DCs in case dce funnel directory is set; [#266853].- Really remove Should-Start smb in smbfs init script; [#242918].- Disable 'msdfs root' by default again; [#268004].- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel package; [#264623].- Let idmap_ad search in the Global Catalog in case dce funnel directory is set; [#266049].- Allow share names with a lengths greater than 32 chars; bso [#4512].- Check the euid and call become_root() to get write access to dump a core.- Add pwdutils BuildRequires for post 10.2 systems.- Do not restart winbindd under any if-up circumstances; [#227942].- Replace unneeded become_root_uid_only() by refactored become_root(); CVE-2007-2444; [#262090].- Add repository version and branch to the spec file via build-source-timestamp mechanism.- Allow applications to set the share mode while opening a file using libsmbclient; bso [#3684]; [#203737].- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].- Add gdbm-devel BuildRequires for post 10.2 systems.- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].- Fixes a known bottleneck under very high load situations; [#247984].- Avoid passdb builtin group membership calls in the DCERPC funnel patch; [#248556].- Allow pre 3.0.23 multi passdb backend configurations to work with post 3.0.22 by using the first backend only; [#245167].- Prevent nscd crash in NSS winbind initgroups(); [#237719]. - Fix pam_winbind cached login for samba/NT4 domains; bso [#4225]. - Various pam_winbind fixes; bso [#4094, #4288]. - Fix DCERPC funnel patch; [#245278]. - Fix vista and share level security. - Fix vista variable expansion; bso [#4093]. - Fix vista DFS support; bso [#4356]. - Fix vista backup tool; bso [#4361]. - Fix vista deletion on shares; bso [#4188]. - Fix vista spoolss problems.- Fix crash bug in rpc_pipe_bind(); [#244892].- Enable DCERPC funnel patch.- Fix accumulation of expired LDAP connections when winbind in ads mode; bso [#4009].- Fix all lp_dce_funnel_directory() callers; [#242833].- Disable broken DCERPC funnel patch; [#242833].- Update to 3.0.24. + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].- Avoid winbind event handler for internal domains.- Fix smbcontrol winbind offline; [#223418]. - Fail on offline pwd change attempts; [#223501]. - Register check_dom_handler when coming from offline mode. - Fix pam_winbind passwd changes in online mode. - Call set_domain_online in init_domain_list(). - Winbind cleanup after failure and fix crash bug. - Don't register check domain handler for all trusts. - Add separate logfile for dc-connect wb child. - Only write custom krb5 conf for own domain. - Move check domain handler to fork_domain_child.- Fix pam_winbind text string typo; [#238496]. - Support sites without DCs (automatic site coverage); [#219793]. - Fix invalid krb5 cred cache deletion; [#227782]. - Fix invalid warning in the PAM session close; - Fix DC queries for all DCs; [#230963]. - Fix sitename usage depending on realm; [#195354].- Add DCERPC funnel patch; fate [#300768].- Fix pam password change with w2k DCs; [#237281].- Check from the init script for SAMBA__ENV variable expected to be set in /etc/sysconfig/samba to export a particular environment variable before starting a daemon. See section 'Setup a particular environment for a Samba daemon' from the README file how this feature is to use.- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.- Fix pam_winbind grace offline logins; [#223501]. - Fix password expiry message; [#231583].- Move XML service description documents; fate [#301712].- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.- Add XML service description documents; fate [#301712].- Move tdb utils to the client package.- Fix crash caused by deleting a message dispatch handler from inside the handler itself; [#221709].- Fix delays in winbindd access when on a non-home network; [#222595].- Fix client-side smb signing; [#222951]. - Fix imcomplete merge for firefox NTLM handling; [#198255].- Add IA64 and x64 printer drivers directory.- Update to 3.0.23d. + Stability fixes for winbindd.- Fix ldapsmb group and unicode issues; [#143417, #216606]. - Fix net ads account management; [#217046]. - Fix libnscd usage in passdb; [#217363]. - Add the "mega patch" + Add site support for winbind; [#195354], fate [#300909]. + Add site support for net; [#211281], fate [#300909]. + Fix winbind krb5 ticket handling from offline; [#178028]. + Fix "net ads leave"; [#196771]. + Fix winbind username case handling; [#184902]. + Fix winbind name canonicalisation; [#210174]. + Fix winbind online/offline handling; [#196859]. + Add NTLM cached credential handling for firefox; [#198255], fate [#300973]. + Fix winbind groupmembership handling; [#211324]. + Fix winbind site-support handling on reconnect; [#195354]. + Fix winbind child initialization and online/offline handling; [#196859]. + Fix winbind cached credential storage; [#185053]. + Fix winbind long login delays; [#184450]. + Fix winbind crash for new AD user; [#208454].- Fix pam_winbind overriding syslog settings; [#201756]. - Fix profilepath pam_set_data for other PAM modules; [#215707].- Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. - Fix libsmbclient accessing NetApp; bso [#4018]. - Fix error handling in ads printer code; [#209409]. - Fix passwd pam segfault; [#211719]. - Fix crash in winbind async child. - Fix winbind failure mode for trusted domains.- Add realm to username if missing in net ads join; [#211706].- Move the LOCKDIR to the client sub package.- Activate the libaddns.- Add version of the package subversion to Samba vendor version suffix.- Update to 3.0.23c. + Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. + Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend.- Fix time value reporting in libsmbclient; [#195285].- Remove update-messages.- Store and restore NT hashes as string compatible values; [#185053].- Added winbindd null sid fix; [#185053].- Update to 3.0.23b. + Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". + Errors in 'net ads join' caused by bad IP address in the list of domain controllers. + SMB signing errors in the client and server code. + Domain join failures when using smbpasswd on a Samba PDC.- Fix from Alison Winters of SGI to build even if make_vscan is 0.- Update to 3.0.23a. + Failure to strip the domain name from groups when 'winbind use default domain = yes' + Bad token creation of local users on member servers not running winbindd. + Failure to add users or groups to ACLs using the Windows object picker. + Failure in file serving code when 'kernel oplocks = yes'. + New "createupn" option to "net ads join" + Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.- Fix pam config file parsing in pam_winbind; bso [#3916].- Update to 3.0.23. + Improved 'make test' + New offline mode in winbindd. + New Kerberos support for pam_winbind.so. + New handling of unmapped users and groups. + New non-root share management tools. + Improved support for local and BUILTIN groups.- Prevent potential crash in winbindd's credential cache handling; [#184450].- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].- Fix the munlock call, samba.org svn rev r16755 from Volker.- Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]./bin/sh/bin/shkimball 1237558572 C3.2.7-11.2.1libtdb.so.1/usr/lib/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/8a43981f79128af8d20299d2e006155d-sambacpiolzma2i586i586-suse-linux\#R~m~^?`] c62 B@ ȱ9I*ȕێwәGQ^4@ZvC=zp{];`LP2Мx`*(&F v[xRbTJiCFO54hK_ &OMwЫZL-\XC7M Tl‡G: EBAw4z K^Al>E7[@ } 5J^nX%{Msn֥f^ʹ*/o &* zeUق:!Qӟ`R[4֕GĹG69z, Im@/*!P'9AOY@B5tD@0R"mKM:@.bD ib|K0o\} +S=ْ1G`MƮg;S%YnAMJ RCB(txR*^jXu䀿ʪi 9B۳%uS{ide)37BXfE#q 7 i ʰ>U|b.V-GZYjF`Q]%4) "Y5KRweq^*O((-ZŠ.%xQʹS+%ǼN*: Lgs.ʫ-< AB[hrD5! ͈a/ ]L@&3\HEʳROxqXBRUQsRxvz;- Y"É͓Ghxy1OhRIsH ۩6du-ERIB$-a $NnVyn'@>L}u}U*ht+mT=%?ie0WyFHɔ;8F<C@P $(WSɚ2 q^_}&_rFk&绝L&o}!dƣʿcaPG3=Iٞ)%0c"P\6GX1GLR0Q>1Y=͵Zd낻5&a])y8 [E2izvd$u-S#+)?OJ?UZ=򚸃?x5F XUp,o]<ˢϞS`kS0DŽJo 'qhDVF"0k/ӊ}]< , b|USό "5JH6)0͹g˟E׏I$gK`ګ5,Ю©|NBe]קѯ5ǎbDV%Ӝ,gE.t lT^O4\4צGcwOhK"늵?5^9YŠXaiاg3}&(KN5e"4ӿc:[]mK-[Zމ*QQQhӷąjS8DvUW# @gʀzm3+rb(|c} i.qvVֻ_'cO`A ֱ_z/CG4jY*NG"ˡVna^Lk}WQt=ZD&uSe8[Oanf]d1 ]Jk%w䗊76?/w+vĔ z1Yg8Htt8,BnQ$QSCٜ77s58!~P1Ǚ}<]|!RBP AEBs'!YZS&(Ș+dOwjn|zߨW)1sIXn$a^:V9/`,ő;G;ӷp0~F!PS4K rߗǢtWE'/BxHiMe#d 6CMF| E]Jvh ݘ4Bش&Ϲ@cg P_P'ʿ2<΋ f}Mt4 Jx+rV߽1lV Q,CR~aw75S^Wt-hFo湳 9 ,oR^Ig$lby1[Q sH\,A;S4"1=^"E8jiYOip!aѝ#t+3~Rש!~;%oVSk{4s"l8h)}[,\s ,M0[,Z^l-7FZ3Q (N5eD}焴 V&Ҽp)Emнf++Ƣq֣TX 6rONΆԵyp9Sak>9Sb R3Q "y`C%`'[̲ywۣ,BaN-;}"ѓƀ{A{x!Mˎ_҄zmr;KmKZbض&6ynR S,Av%B|b6pdTёU,L&c8YK5t)4 +'c^xNW5 bu}M*O22ǃJIfջ2N*ߞ~x2٬JNFJDgxJR(5-AEpNinsZ' uH-}j\G1،D;k|%y1zivE|L Pv+eT, $zQ3w+G+ƼP̏, QbBn)2w?o3HTL*bqnIbe>SI{?VN{C;xZ{͔>M˒yXӀ W1aL*"quS]ǾPUe|zzO\u*Mދ(J]cgbjX={'U~X|[h0NK@1$M>Û) }ضxe|Kl"_`Չ=շyz,{ZO>"͐BO&r9Ejl3E\+xEC)ZW$HJs;2pkOgg] Wh˞E+#)[n{zf} ^}Ԡ%DoȢ۱DSnZ+A"L5y$@s"OrrKm"nWýs 872?62t6myc1K &˫Pdͦy/,ڳ 9=3"oaڒ,vtjm_@Eȭ΍ovR5::a μ%:i$8%˩ZCi2΀&xGAO h Q{c"תːik:rm ,`*kw)RR1 ޼k3S#isء-3g2[M+Pgr*>kp_ wC#UxHL^.6N6F`Q&"l:ɔAa_оK|8=S9ڢUJKx(ֆAǑTj+ӀyR0{& 5{SkBˑokԮ'*XYJ rSDk]ſϜ`7*&(IO /!s>*7n"0< 3+nId#QC.DP@ClE`A<:ttAUL3z c1B5rrd#g3Wj#3Hb!뀣)WaBč}?Kjbo nhyV*Lzz ?׶ DrG5̄F甘WP|2ql-pk7i'U//GA/t`_@T KWGmڥe?nS{~_ z_:_u]X8-]tJ(OqpZ.T: J0feXM<|^kh3YZ@W'fq%:>LLqr˽+3݅SrNGC9^CFHE%$jz?=|kJZcRj_fƖ9E7^^"#7\PϦIsۖ/$ fR6Kָ 8l~1R*pޛ94a3BY0NB?{ ^pw2r0e bfՇ+=?tD)seH <{V)}ME߷DQja1tBICLkl|('OedcZԱ:N"st9HGm| EEwi.๊іj`Q >#EhJEK ֞3-N3k;l Pij|n'-f'c>y9r巐|kaǠy%X)|8}jۅ{˼lv}=rznJ0scN*+;`f&>8#vP+'C>DS<%'IB6oV'D!#k 㑒I!"7kD* goe4@D?c w{a Rd_ xjJ/:FT)Y)Eg%$#S>~/p a2e7npj.r:]kDj 0ohӐ1؏_%]CURx4ZO|) %/.r3` Zt78Q@!ǭzފ=dP2Vo9Ǝ֬82FsDP<֍rS.5{8uYG^cRec70PG}Zٵ|ƮYdg͙oq|ke> oX7 nmW>bN($(ƮZP9_Zlj ('&"PbXFBUGSA )@c@\UUU=)zErYoÂW㕸%($ΘVTю(;-aGHR~<ڕv/ԱDG$ {8-ŧgv2+*c;0T !r]i'ٟWw/dT| p5)A@S sm(;]r2w"FI禍aqvz0q*bcs \ :+(KZ6wvjBim8Ygts"0K+΋-x}HCRhK!(\"`r> Al+!/F4O8Gק!?XN]ܩK}Y(dĩvhEa/eNCzyW8#ULB3B\׼[{!IMs3W*wWYnvvo]/bW.,bp AYb_3FI2Ql`T5Cl3kܠ^Rχb&B'!%oxxh @ zL~LѧH|KOJb}ȥS`N;=Ln-oph8CɆ%7RA Bl#H<_R#ߏcuKDwff[h,+_HòmLt4]% G0TgcNq/݀ cv#XTs\,uA`,12Y0hY@d6imH.bvȠN1 0SAYasw/Q[Nj52y*;B?FPb(YQQ*H . 9z0_ؙE(fM |O J>Iw`OKvn&AvH &A  ^(im?l5&K|uk=UHzZ;++4"yiQe8z. ڑY 78OoB N76~xo4M?,PC·rQ{f>jHZ eUak)E2p[C#my2ƀ 8f&/Q}qb4 i=uQ!tLanքE71մ|J .USoOH=i: F"Y׏-6_zZqWL| ;WF$k6j  /m!LHTyԇ=Gٛ߹A r>n1j0xRÙ+d=$`(]qxL~x;bd[qLyXw?kb(GR,<T ae$N6+`:р8܂ {?6U_<~GWD.fu˾wX=č!*'r8 Gyw]&]li&ּ=~-Ho^CͮTv9 g?; ͯӂY iƁIv!wC?2J/-odyrM(=vxͿA16>rįA"F*,^ڎxӏkwa |˚hrAGt#wIJ@Īr,Q  wOvKo%$0s9HĞt̀Jc_ySoT"DЅgՑGzoDQ&#.qbg95&ÂѤG1&^{_9eUZRuv3SznBK3 tQ[GOX0xO*w"%PĉJC4%Wi}P4Š,8)61@p@g-xc g*Ψ=2a~cN)Vxpg5عu~9aB:AdqR_7j)##\j &{PS1r]sMZO4ʾz NKALP{ۛK19+u~J~[Qoף@MT <^>/S[ U `"aSdZh+zy?^z> '0rlfzbH|<߯YƎAܩ 6"i&arlG`ͩ2?YVNjB|wEE$nE7l#-`H5դprdǤ+c469)g$ ߚҲk DgŬKO1@X*xwxu7x:L}R0_Iш Zh#bWؽC2> ۗuh1'':yAb7~Wka >+ ;368,#[F&Gp(a'I]<_Jk -Q V 1>חpPj,^2:Y旋,\ߛTPWd7 o/WZN!ljTJLǮ%pdZJm5'!zcN7ABHhG`\0Nn쨒[=tZLmS4xn X&K4v' Ev@s_g؟ v zh{Mtf%S9]:P(Df`#^$4hm(KМɾb>+eT?ɤlS`-wXH\WџWFͪ9ݜF&9bJ[uS& oPӺb%=_BvE˙UYmB!}Fd7@!Y+X0 s'˫ʰYK>8kr{_V΋}2OFL1m򄜅4<F3qbK.5ߕx.1CݳAB$ޙ_a鎺$Y&t0Z  U#Z>Ga+vշЬʚ#xl>Kx,\dc VOW1ULM0)ƀ: l|p ÂF[=8:֌R,afXM"p#uy*-Gv?p*38:CG(*{U}.ajo ש 7SV1 5X$BI J"$!.ñCK̭DùJ-|\*1c:^ >ⲫWlgwރ86[_u hĸ{,͙9]$mWe@c6 3ÛT4#>a((qE1G9Z41FE0EL/B 㛔]EN26zx_nsV4 hά)6G)TM$_m Zj?}i%gh= vȏpbKt1lZ;{8cL PYsЭvjAJGK4AߗonwzxꝺPlX!Sê\`|@Fu檈J '~[͟JsyQĤ9sk1.0ֱ/GaK1 uW3\*ߘ6->^8)pEX]/}nJaPͼRYCw],l^%8ڂdXB"#VY\bzQh$?3}_pvUHvˆ 7QAoƊ~:X$|8"!J׮/h5|K!鶎KcUIOmnڊq,Z@$`!,V:mUw4ʹETRѢ?1!< UTj@1%#Z0~=(=~Ԗz>}-C [701HO ǐK/v& zQY@JhJ!3P׈f5z<Zp@v)wP657ۣ_9gT[';=Uqܪt5v|t` 㶚'|l2h.RkJ@oaQchG;_OLrTC-g$eϢrW(Jr6KwaLxPҌWF#36FsF3@Y{JR4-$ @QꞄ~:.; s&V1 I"S@O̹Ze(LAﺉ9b dU#$A@jF =g6pT10qƞ Y-8B[lSt1.O;/ fKOk)M :J[ qbstwlSt|jgv~;: \ %/~wyLb;jHCp̞z$խ?s$( '&SB,u?N$VyU!ճ?Km2Naʞ`PB}a{@IׄD+ g=R'8POV:11݇Xe],zPji890Qڝ~ҹlGղ9eܦ &?BkJqZ9ƍt(]-P)_HG#sj v,VY5ջ?l󤱝YwʵaLH'6a2֞+laYz,āqϑV,Voz @S\>J_kX^Z `qhm^zrs;+m3^{G_CSk#'d$hE1tk/ ai'+F۳4 14i(ZjԀkvu 'rϨwgՖst:G^geXij ! G6]j7ӣ\gL|8(j ' &%u|fR 8u5~bk+f*gx|2c ; FcRqYMi>zRۺ9v(y\ suٱ֢˹]dC9O0sԄ6{OGs?{m駗lBPpwF\B^!Z&ySW ;8 $ޢLc4qܲG;(V~e=.QZz{{?pPR#f^Isz8}Azx2&d1ćS-\(m1y%oڿg^6`Z I$f[rqш߯*ǁՙⴐ.4 `~aY %0&:#>z 3;H ^EWT8DCE NTLlLr `Ig9/u.jI%{rΪN-K^l1)#xMm$j|ZV!9a"n\Byʩ6G1o7cU&-I7j!Fچ<$4Tx@+*uXk7ʺUZ!ċдȅ+c0qQoˇv0xV;R~'O:S6kۙ (28Q$N~'_;+ZH/%4X!D%|_h]˯,D!{n禰wxc19jy{sɦ>ʠru41x07ȱ&mjmg'KN3%ly$kAiLD3TߙpUN:uOZcHσ>ٱM;@/nh*o کyؖ[i?;47a[/Y)[%0d2O/\@bn `tzlҘ-x˭Hw2aq~V_doՋ@ccAVh_6_Y U)@_Zl/Q X;x+H@l] kB|Gh $,.L {hℿIk"ZQ&YU`qV~S ^В }+rڟ6I?Hқd^v^ Gky{9ĮA5Pmb__B!p Bܱ.hnkc~ɘNF H?Jm^Mk]gR/L#$SeMMplL<*fgFS|}7y͗kښJ̆((!H_z%WݶJf)-ud(aAl1nq_җܯRr}/oHuX,W@}b5?I,},a+~+PLc2ԧ P8^N0ҡV|p-8sfk6f71 b7^"|0nRqBl|Ye]%CiNQ|Ge!k^p)!(,%uЙ:ACd R-;pʏ0V<zWȜHMuXiPLeVL{yN=11aѥ4= r%*F&4*1L?CxJ߯aY8`$+D MGU:|6gqk(N H" 'p̸j`.I^MA>~=+"$5&h1X|#IiH6/o(q aT/s76M3JLiʸ8)8r~UulK{Vi,s{T|ೊ:e;՝t.K/-צi?n՛JY,6xGnijMh Fn@PD: +;: lsU'/b+\L[Ök[D_t#oe5>j~lISeJ#69@G# 6B*fߘN&G~ּ> B/ AKHJ|/IGcp.6 Jx v3cl<׳j(ŐVc*bZ-Vdp@ʐ̊t7>s'Q ,l ^szOKA[@D+krL?IE36#.9`WNdaE\,uV;| q8uBGiFj}*9tfջ1IȻ6+BOn>-6i۽PjBҚSFa v܍+ԫ0ٜl.uD.;9QN,P`}.3־aVْH\ZߕSKhey|]t;H m>4=`xe4=J3"=6ȡ)bBi#4XOvibAx„w}7ۨj/,saU jdyn鶽/cCkb3@oܢR/yW! C ]pnݯD>Pq5֢GaϪ.|=<}`*ц>>ӂth'"QTRLTF@-}Jޭد4 S\$E_aKS{t=#kP%ѰT7y 7OP 'ga46o¿sJrGB.|mV>rАK_Aϫ*G'Jܧ(tU04s#ή!Z 8b.iW&W !2?s?,%pX1|\1LCv{r/ v٣'P3w Eޒ\+:^n%kY ?tZn1Ղx;oz^{#r=>%ߨ_f 5]1^k=7>c}: 5?mdppKD ȉ NeV_S]gqA7#G&z?r* uSlЅdzK%a`4.G oI[ &*X`1R=qf5VWx_Q~/؛+ J vLxȻi\ȅR8`Whd52 t3nCM=+2vcID<hр$Rn_!v8龒U[(r~)(Q7C//uеt&B\Z! 2Ar4y,r7FըP{NK,ڢ)}5G _AD?{61a4ߓ~ɲS1Wξmt)귨Cy#w'ue;Z;ܧ׋a{qcR1`=cZFlp4_Iօ=f([fG}+^fSgloYX Y7ͧZ9[dؽkШ%"aoJ2eţcxAy=;C dl7՘v7Xí4*kg\<б/ghnG1XY˚p}hqa1P g=4zQ=_殽sƸcgv]57ֈ7|gwqguK1\*):6G!WutF )HՆun!+ 3l9eۊ`Y$t.!]YS Cmk|L 2~g6x:4xV!㓉D`BlJX_Q9(Tr< $#@>1c>h'mW }1T0i7?LOOc SޟD{ʀ;O cMU{Vi  %"_>J>v96IZjÜXo2U[V -K!.U/JУE $َws-K%κ_fo(WT^cՑr8<[RɋTQNeR8^s82pSu>\Ϊ(#"N'`LDidhu>x<nPt$Dg=]8}H98AAe -f2pCEL(vE,=ki1pf݀{*㮃߽/#EyNOA F(FJpt*q!Cm 㚀g/UMϿ*|rϓ_"M6DW룉Sۨ!>5#m@T1qUa;=,}05S㵞= U[J7tl{9j W"j4Ǖյ!@KF c7D5`$A4AOy1O2Im#~1on7By?# $yXzX d$#)Ko-ˁo[Wra<VBHl*D8qL8V*g_;Up'0f^""B`Xө`!kko#I*/jc\߸/TaL &Qcc͘ۈƮ9^*{>f%O~'EV2N[:A9T6h &WKc_-*aR%o.W95N _g y%7J_ū;䰲BU֫cKCTCFgdeKDP>5j[ y1d{Y8FL"KK { Q欷Ѧ m$0更)Et.lp` p*EL'p=dǥ NoYaKo|$zD 85JY!(ANJ狕[ i04ٟb&0a!&HYl_B6M =%8:me:n7>D$=mkiX!7sSy;z=E9?Zxwy`)UBʄ`Q=קL9f%3RnjO=)`Xq*t}IXF[/YrlSC34GP)u.aJߓiV?+'Oއ,1ʇ45a1vJm}E򹹍)`wX#3 >.耢[F Q7Dv>8cG`cWWgP3BRL MP0 ҲZ+3#zs}|O}cI ,hI~mVP FKLR=/u&e>zێ&d}l ^iݍ z q&HȯD <>&-xdtE;vQ*oܜux[!>z:κnhl/vkO]ND5RXGfD%Gy!cl3TL^;)e}tIþ#~b?-s Ph5a_cB?C (Dk͞7l,}0_ ہaFd R'*8oʪ|Ϝ t1kI I'aHdi.Fd(N&rJOatmyJc8'1YMQ J#zHr&˦TZ~ta5fػTk6 YBOR*o6Xd`` ך"AAㄵK 8 #m2-_ؓ8|(sU{{>rc # \߇=lv!yԫB,Z}b2n#&1TҒC"G0z*~&vt^GQ7d5sԠea