libwbclient0-3.2.7-11.2.1>t  DH`pIå͸/=„ z C`F/eH%:~o vtQyAE .}+=%e+ϸZ\/WO+9Wn'Ӹ;w+.dhz:K9& ,cTi[ĠL˯Cn<_5_&AJIkl8Lˡ8VsӨ@h&UNDhҕ YTGE<ԧ`:dIJkcw$inѱ R>nIhۭZ_M,Sh>:N?>d  6 6LRWfx| ~    4T(v89:>@FGHIXY\]^bcd efklz.Clibwbclient03.2.711.2.1Samba libwbclient LibraryThis package includes the wbclient library. Authors: -------- The Samba Team Source Timestamp: 2080 Branch : 3.2.7Iå,kimball`openSUSE 11.1openSUSEGPL v3 or laterhttp://bugs.opensuse.orgProductivity/Networking/Sambahttp://www.samba.org/linuxi586/sbin/ldconfig/sbin/ldconfig`Iå bd766a9b2f383c909fe39b46d9c6a0bdrootrootsamba-3.2.7-11.2.1.src.rpmlibwbclient.so.0libwbclient0@@@JJ@@@@@@@@@J/sbin/ldconfig/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libtalloc.so.1rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.2-14.4.2.3I2III1I@IHIy@Iy@Id@Ia@IVISuISuIBR@IBR@I?@I?@I6tI6tI3I3I1.I.I.I.I.I+I%Q@I%Q@IsI@IP@IH@H,H,H@H @H @H @H @HHH@H}@H׈HHHBHe@H|@HAHH@H@H@H@HHc@H@HnH@Hz@H4@HsVHnHkmHkmHj@Hj@Hj@Hj@Hj@HhHhHcHb3@HXHO@HNlHNlHM@HI&HG@H?@H?@H=I@H=I@H;H6H6H6H2@H.H-w@H-w@H-w@H-w@H*@H*@H*@H)H$. + Fix Coverity IDs 456, 574, 592, 606 and 607. + Fix net rpc vampire. + Use the same prerequisite for DDNS update as Windows XP. + Make "lwinet ads dns register" honor the "interfaces" parameter. + Fix extended DN parse error when AD object does not have a SID. + BUG 5888: Fix PNP_GetHwProfInfo(). + BUG 5957: Do not abort rename process on valid rename script. + BUG 5898: Fix 'net rpc shutdown'. + Fix duplicate installation of cifs.upcall. + Fix _srvsvc_NetShareAdd segfault. + Ensure consistency when reporting password complexity. + Fix _lsa_GetUserName. + Fix access check in _samr_QuerySecurity(). + _samr_DeleteUser needs to wipe out the user_handle on success. + NetGroupEnum_r needs to handle servers with no groups. + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + BUG 5908: Fix internal change notify on shared directory. + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share. + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support and GPFS. + Add new VFS module to analyze SMB traffic + BUG 5928: Fix 'testparm --version'. + Have uppercase_string return success on NULL pointer in mount.cifs. + Make mount.cifs return codes match the return codes for /bin/mount. + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs. + BUG 5778: Check if strlcpy and strlcat are already defined. + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy. + Fix a potential NULL deref in found by the IBM Checker. + Fix an uninitialized variable found by the IBM Checker. + Fix an unlikely memleak found by the IBM Checker. + Fix some missing error handlings. + Add workaround for domain joins using a netbios name which is different from the hostname. + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. + Fix trans2findfirst for the large directory optimization. + Fix checking for presence of cups-devel and correct cups-devel test for HAVE_IPRINT. + BUG 5805: Don't close stdout when calling setup_logging multiple times. + Fix setting of trust password using 'net rpc trustdom add'. + Fix several issues in vfs_streams_xattr and vfs_stream_depot. + Return an error instead of crashing when no realm is given (trigerred by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and "disable netbios = yes"). + Fix the new vfs_smb_traffic_analyzer build for static links. + BUG 5901: Fix default for streams_depot location. + Fix several build warnings. + Delete the krb5 ccname variable from the PAM environment if set. + Fix circular dependency error with autoconf 2.6.3. + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at compile time rather than install time. + BUG 5906: Fix Winbind crash when calling 'getent group'. + Fix logging to syslog. + Allow SYSLOG_FACILITY to be modified with a new configure option called - -with-syslog-facility. + BUG 5909: Fix MS-DFS on Vista clients. + BUG 5944: Fix starting of nmbd with "socket address" set to "". + Fix segfault on startup with trusted domains. + Re-add "winbind:ignore domains" parameter. + Avoid freeing fsp twice when opening new_file fails (Debian #431696).- Fix the conditional macro to start smbfs by default; (bnc#456469).- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.- Use %__install macro to install files with the right permissions instead of cp.- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.- Update to 3.2.5. + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients; CVE-2008-4314; (bnc#446971).- Update baselibs.conf.- Fix circular dependency error with autoconf 2.6.3.- Fix the dhcp hook script and support CODE11; (bnc#442335).- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).- Make cifs-mount depend on keyutils, keyutils-libs packages as they are required to support dfs and kerberos; (bnc#432494).- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).- Change the runlevel description for winbindd to use "Microsoft Windows" instead of "NT"; (bnc#446154).- Directory/Filenames get truncated when 3.2.0 client acesses old server; (bnc#432471).- Add SuSEfirewall2 services config file to open Netbios and Samba ports on post-10.2 systems; (bnc#247344).- Remove unrecognized configure options.- Fix the pam_winbind build.- Delete the krb5 ccname variable from the PAM environment if set.- Move the nss_info modules to the samba-winbind package.- Add version branding for CODE 11.- Restart smbfs even with the traditional network setup; (bnc#425058).- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro if available.- Only call the fillup_and_insserv or fillup_only macro if available.- Use package names instead of macros for cp, mkdir, mv, rm, and grep or instead of the full path to the binary for ln, find and xargs.- Introduce NET_CFGDIR to fit the needs for a differing location of the network configuration per vendor.- Use path macros for cp, mkdir, mv, rm, and grep.- Only use SUSE rpm macros and SuSEconfig.permissions if available.- Adopt samba-vscan to build after the change to the bool type define.- Fix winbindd crash in an unusual failure mode; (bnc#416598).- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.- Update to 3.2.4. + BUG 5590: Fix binary stripping on older OS. + Fix linking of cifs.upcall when nscd_flush_cache() is found. + BUG 5052: Allow inheritable permissions. + BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback has an IPv4 address. + BUG 5698: Fix non guest connections to shares when "security = share" is used. + BUG 5729: Explicitly allow "-valid". + BUG 5745: Fix Kerberos authentication with (lib)smbclient. + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + BUG 5761: Fix opening of mangled directory name (resulted 'is a stream name'). + Fix the wcache_invalidate_samlogon calls. + Clarify usage of "force create mode". + Write times code update. + Fix Winbind crash. + idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure. + Fix build warnings. + Cleanup of DC enumeration in get_dcs(). + BUG 5710: Fix changing of machine account passwords. + Fix several build warnings. + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + BUG 5736: Fix Winbind crash bug with trusted domains. + Correct the netsamlogon_clear_cached_user function. + Fix handling of MSKRB5 OID in cifs.upcall. + Fix build warnings in cifs.upcall. + Change default install location of cifs.upcall to EPREFIX/sbin. + Enable building of cifs.upcall by default on Linux. + BUG 5707: Do proper error handling if the socket is closed. + Fix calculation of useable_space for trans2 and nttrans replies. + Fix Coverity ID 587. + Add mapping of generic bits when setting an NFSv4 ACL. + Some write time fixes. + BUG 4516: No IPv6 on Solaris 2.6. + BUG 5571: Fix group memeberships in Winbind. + Fix cut and paste error in quota code. + Fix display of POSIX ACLs. + Avoid a race condition in glibc between AIO and setresuid(). + Add missing become root for AIO operations. + Fix logic of tsmsm_sendfile(). + Fix an errno handling bug that could lead to an infinite loop. + Fix handling of arbitrary new PAC types.- Create a link to the html manpages so that they can be accesses in swat; (bnc#426182).- "Password last set" timestamp update from admin pw change; (bnc#420407).- Call mkinitrd_setup during %post and %postun for package cifs-mount; (bnc#413709).- Update to 3.2.3. + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789; (bnc#420634).- Update to 3.2.2. + BUG 5592: Fix creation and installation of shared libraries. + Fix replacement of random seed generator. + Fix a race condition in idmap_tdb2_allocate_id(). + Fix unix_convert() for "*" after changing map_nt_error_from_unix(). + Make sure to always set errno on error path in OpenDir. + BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. + BUG 5686: Fix segfaults in libsmbclient. + BUG 5692: Fix coredump in full_audit.so. + BUG 5696: Fix "force group" in setups using Winbind. + Rename cifs.spnego to cifs.upcall. + Fix segfault in cifs.upcall when it is called without any arguments. + Fix coverity ID 594 (resource leak on error path). + Fix assigning of primary group memberships when authenticating via Winbind. + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. + Include stdlib.h to get a prototype for free(). + Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. + Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). + Add add c++ guard to netapi. + Fix compile warning in cifs.upcall. + Add "dns_resolver" key type to cifs.upcall. + BUG 5688: Fix orphaned LPQ processes if socket address is invalid. + BUG 5684: Fix removal of dead records in tdb files. + Fix coverity IDs 595, 596. + Fix smb_len calculation for chained requests. + Fix output of test status. + Fix smbclient connections to older servers. + Fix a fd leak when trying to regain contact to a domain controller in Winbind. + Fix permissions on ctdb databases. + Fix passing back success when a function had in fact failed in two places. - Add --enable-static to the configure options to get the statical libraries installed by the install Makefile target. - Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.- Set Required- and Should-Stop in the init info part of all init scripts.- Fix libsmbclient to older servers; (bnc#402776).- Update to 3.2.1. + BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. + Update the section about net conf in the net(8) manpage. + Improve processing of registry shares. + Fix listing of registry shares with testparm. + Fix several build issues. + BUG 5578: Fix error from strlcat. + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. + Fix bug creating files using DOS clients with mixed case files. + Fix uninitialized variable. + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. + BUG 5570: Fix bogus error message during AD domain join. + Fix trusted domain handling in Winbindd. + Fix build warning. + BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. + Re-activate 'acl group control' parameter and make it only apply to owning group. + Make ntimes function more like POSIX and allow NULL arg. + BUG 5512: Fix alignment problems on sparc. + BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. + Fix a race condition in Winbind leading to a crash. + Fix a segfault in base64_encode_data_blob. + Fix some uninitialized variable references via ndr_print. + Fix error message if trying to join with a non-privileged user. + Fix setups using "include = registry" without [global] settings in the registry. + Fix "net sam rights" on domain member servers. + Add documentation for the vfs streams modules. + Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. + Allow SID with 0 in subauthority to be converted properly. + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. + Fix realpath() check so that it doesn't generate a core() when it fails. + Fix overwriting of winbind logfiles. + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. + Add broadcasting of the debug message to all winbindd children. + BUG 5635: Fix updating of printer queues. + Release still reachable memory if the smbclient context is freed. + Remove trailing withespace from wbinfo -m which breaks gdm auth. + BUG 5540: Fix "set primary group script" user option substitution. + Fix regression in Winbindd offline mode. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Allow %u parameters for print job username.- Fix a race condition in winbind leading to a crash; (bnc#406623).- Use the configure option to enable debugging. This fixes the creation of the debuginfo and debugsource package.- Fix emptying the printing queue; (bnc#411493).- Remove trailing withespace from wbinfo -m which breaks gdm auth.- Add a recommendation to the samba and samba-winbind package to install logrotate for openSUSE 11.0 and later.- Include mkinitrd scriptlets.- Allow %u parameters for print job username - use advanced sub; (bnc#374389).- Update to 3.0.31. + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not remove the unix domain socket used to field client requests. + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend. + When allocating client buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. + Memory leak fixes in DC location code. + BUG 5533: Winbindd fails to cope correctly with a workgroup name containing a '.' + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. + BUG 5551: smbd recursing back into winbindd from a winbindd call. + Fix usage message for "net rpc trustdom add". + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + BUG 5578: Bad (non-Samba) use of strlcat gives error. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Documentation build fixes. + [DOCS] Fix use of smbconfoption in samba.entities. + Return NULL in sitename_fetch() if gencache_init() fails. + Use machine account and machine password from our domain when contacting trusted domains. + SPNEGO SPN fix when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix joining NT4 domains. + Don't let winbind getgroups crash when we have no gids in the token. + Fallback to level 24 pwd set while joining. + Fix joining w2k domains in "security = ads". + Fix pam_sm_chauthtok for storing modified cached creds. + BUG 5202: Re-activate "acl group control" parameter and make it only apply to owning group. + BUG 5531: Fix conversion of ns units when converting from nttime to timespec. + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient. + Fix a segfault in base64_encode_data_blob. + AIX build fixes. + ENODATA is not defined in freeBSD 4.6.2. + Don't reset password last set time just because the expired flag is set to 0. + Fix usage message for 'net idmap dump'. + Miscellaneous man page fixes. + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd. + Fixes to man pages. + Add tdb file documentation. + Ensure that winbindd trusted domain children keep primary domain online status up to date. + Update cached creds during password change. + Ensure that Winbind always uses set_domain_offline() to mark a domain offline. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Memory leak fixes.- Allow authentication and memory credential refresh after password change from gdm/xdm; [bnc#395578].- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.- Call the libsmbclient testsuite from the %check instead of the %build script.- Use machine account and machine password from our domain when contacting trusted domains; [bnc#404667].- Add a %check section move the test of the PAM modules to this section and add more tests.- Add a recommendation to the samba and samba-winbind package to install cron for openSUSE 11.0 and later.- Use a variable for syslog and add missing $remote_fs dependency for Require-Start in the init information of the init scripts.- Update to 3.2.0. + Support for establishing interdomain trust relationships with Windows 2008. + All changes from the pre and rc releases as noted in here earlier.- Move header files from the devel sub package to lib*-devel.- Work around bad use of autoconf interna.- Build Samba with debug symbols to get working debuginfo packages.- Add /etc/openldap to the file list and not only the schema directory.- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster booting; [fate#304967], [fate#304965].- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to 'Network/DHCP/DHCP client'; [bnc#400467].- pam_winbind: Update cached creds during password change; [bnc#395578].- Update to 3.2.0rc2. + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. + Make sure we take account of the large read/write SMB headers as well as the buffer space when allocating cli buffers for large read/write. + Fix tag as a goto target we were not reinitializing the array counts. + BUG 5451: Fix for using the correct machine domain when looking up trust credentials in our tdb. + Fix spnego SPN when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix pam_sm_chauthtok for storing modified cached creds. + Fix joining issue in setups with "config backend = registry". + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting for TCP connection timeouts if no LDAP server is available. + BUG 5502: Fix security=server. + Fix coverity IDs 552, 553, 570, 571, 572. + Shrink ldbtools. + Fix reset of password last set time just because the expired flag is set to 0. + Remove support for symbol versioning in shared libraries. + Fix autogen for autoconf 2.62. + BUG 5515: Fix empty input fields in SWAT. + BUG 5516: Fix saving of the config file in SWAT. + Fix winbindd trusted domain child not keeping primary domain online status up to date.- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds; [bnc#395578].- Don't reset "password last set time" when unlocking an autolocked account; [bnc#382111].- Fix winbind sigterm handling and make init script send sighup to all child winbind processes; [bnc#382027].- Fix bug with winbindd trusted domain child not keeping primary domain online status up to date, merge to trunk from reversion 1801; [bnc#373560].- Make winbind children reopen logs on SIGHUP; [bnc#382027].- Set only CONFIGDIR and LIBDIR while make everything and install. No longer set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].- Update to 3.0.30. + Fix for CVE-2008-1105. + Remove man pages for ldb tools not included in Samba 3.0.- Fix vulnerability that allows for the execution of arbitrary code in smbd; CVE-2008-1105; SA30228; [#391168].- Follow the rename of libtdb0 in baselibs.conf.- Rename sub package libtdb0 to libtdb1.- Update to 3.2.0rc1. + Move the posix pending close functionality down into the VFS layer. + Fix activation of registry globals in loadparm. + BUG 5452: Fix smbclient put. + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. + BUG 5456: Fix missing echo if we ^C at the prompt. + BUG 5464: Fix timeout in winbindd. + Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. + Use more error-prone form of testing dm_destroy_session() return code. + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. + Fix wins null pointer crash in nss_wins module. + Fix lm session key length in _netr_LogonSamLogon. + Add -f switch for DsGetDCName() example and be more verbose on output. + BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users} + Fix the DNS Update option of "net ads join". + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). + Recognize and allow longer UA keys in winbindd_cache. + BUG 5436: Fix signing problem in the client with transs requests. + Fix a valgrind bug in the new [ug]id2sid cache. + Fix Coverity IDs 565 and 222. + Fix dfs_Enum: In form_junctions, correctly check for malloc failure. + Add support for symbol versioning in shared libraries (can be disabled with - -disable-sysmbol-versioning). + Add new function wbcLibraryDetails() to libwbclient. + Cleanup size_t return values in convert_string_allocate. + Fix Kerberos support for CUPS 1.3 in smbspool. + Fix printing with Vista. + Fix deletion of files when they're in use by other drivers.- Update to 3.0.29. + Fix a crash in tdb_wrap_log(). + BUG 5267: Fix for nmbd termination problems when no interfaces found. + BUG 5326: OS/2 servers give strange "high word" replies for print jobs. + Remove MS-DFS check that required the target host be ourself. + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. + BUG 5095: Fix the enforcement of the "Manage Documents" access right. + BUG 5460: Fix MS-DFS referral problem in server code. + Fix bug in Winbind that caused the parent to ignore dead children. + BUG 4235: Improve compliance to the Squid helper protocol. Original patch from Pawel Worach . + Prevent cycle in Wibind's list of children when reaping dead processes. + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. + Fix client connections and negotiation with Windows 2008 DCs in member server code. + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). + Re-add samr getdispinfoindex parsing which got lost in the glue commit. + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. + BUG 4901: Fix behavior of "ldap passwd sync = only". + BUG 5317: Fix debug output from domain_client_validate(). + BUG 5338: Fix format string bug in rpcclient. + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. + BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. + Fix signing problem in the client with trans requests. + Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. + Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. + Fix trusted users on a DC that uses the old idmap syntax. + Only have Winbind cache domain password policies that were successfully retrieved. + Fix alignment bug when marshalling printer data replies. + Fix DeleteDriverDriverEx() checks to prevent removing in use files.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Expand baselibs.conf to match pre SUSE 11.0 products.- Remove obsoletes and provides 3 for all packages and systems.- Cleanup the use of the suse_version macro to achieve consistent defaults.- Set CODEPAGEDIR while make to fit the install location.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Package man page files independent of the used compression method (gz,lzma).- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva in the OBS too.- Add a script to restart smbfs if NetworkMangaer gets an IP address; [bnc#373075].- Remove all references to the obsoleted samba-pdb package.- Compose the BuildRequires in a more flexible way to fit the openSUSE build service (OBS) requirements to support different operating system targets.- Use _libdir macro instead of a local define of LIBDIR.- Remove PreReq /sbin/ldconfig from the libtdb-devel package.- Install the shared libraries with the same name as used as soname.- Update to 3.2.0pre3. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Support for IPv6 in the server, and client tools and libraries. + Support for storing alternate data streams in xattrs. + Encrypted SMB transport in client tools and libraries, and server. + Support for Vista clients authenticating via Kerberos. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New LGPL Winbind client library (libwbclient.so). + New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. + New client and server support for remotely joining and unjoining Domains. + Support for joining into Windows 2008 domains. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing.- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.- Remove obsoletes and provides samba3 for post 10.3 systems.- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the shared library packaging policy for post 10.3 systems.- Update kdc dns-only lookup patch to IPv6.- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym links in /sbin/; [bnc#380693].- Enable the build of vfs_cacheprime and vfs_readahead modules.- Update to 3.2.0pre2. + Add library for access to the registry configuration data. + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + BUG 4308: Fix Excel save operation ACL bug. + BUG 4801: Correctly implement LSA lookup levels for LookupNames. + Add new option "debug class" to control printing of the debug class. + Enable building of the zfsacl and notify_fam vfs modules. + BUG 5083: Fix memleak in solarisacl module. + BUG 5063: Fix build on RHEL5. + New smb.conf parameter "config backend = registry" to enable registry only configuration. + Added support for IPv6 client and server connections. + Remove unused utilities: smbctool and rpctorture. + Fix service principal detection to match Windows Vista (based on work from Andreas Schneider). + Encrypted SMB transport in client tools and libraries, and server. + Added support for an SMB_CONF_PATH environment variable containing the path to smb.conf. + Various fixes to ntlm_auth. + Correctly handle mixed-case hostnames in NTLMv2 authentication. + Add Winbind client library. + Enhance client and server remote registry access. + Add client calls for remotely joining a computer to a domain (including calls from "net dom" command). + Add libnetapi.so library for joining domains including sample GTK+ app. + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC. + Various fixes for DsGetDcName and conversion to IDL based structures. + Add ads_get_joinable_ous() to libads to get list of joinable ous. + Add get_logon_hours_from_pdb() to comply with new IDL based structures. + Migration of the entire client and server DCE/RPC code to IDL based structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON. + Started migration of client and server DCE/RPC code to IDL based structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG. + Use IDL and autogenerated code for samlogoncache and Kerberos PAC handling. + Add remote join/unjoin server-side implementation. + Import the Linux red-black tree implementation. + Support for storing xattrs in tdb files. + Support for storing alternate data streams in xattrs. + Implement a generic in-memory cache based on rb-trees. + Speed up the smbclient "get" command. + Add the aio_fork module. + Modified libsmbclient API for more easily maintaining ABI compatibility while adding new features to libsmbclient. + Refactor Winbind internal parent-child interface tables to achieve better unit testing support. + Networking fixes to the libreplace library. + Add support for DNS Service Discovery. Based on work from Rishi Srivatsavai . + Don't restart winbind if a corrupted tdb is found during initialization. + Add share parameter "administrative share". + Improve error messages of net subcommands. + Add 'net rap file user'. + Change LDAP search filter to find machine accounts which are not located in the user suffix. + Remove smbmount. + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of a file. + Register the smb service with mDNS if mDNS is supported. + Add smbclient support for basic mDNS browsing. + Fix padding between Winbind 32bit/64bit client library in the request/ response structures. + Added a syncops VFS module for file systems which do not guarantee meta-data operations are immediately committed to disk in stable form. + Additional portability support for building shared libraries. + Get Samba version or capability information from Windows user space. - Add new sub packages libnetapi0, libnetapi-devel, libtalloc1, libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.- Fix build with glibc 2.8.- Added baselibs.conf file to build xxbit packages for multilib support for post 10.3 systems.- Only cache password policy results that worked, otherwise we cannot login until the cache expires even if a connection to a DC has been restored; [bnc#373552].- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].- Update to 3.0.28a. + Failure to join Windows 2008 domains. + Windows Vista (including SP1 RC) interop issues.- Rename the libsmbclient package to libsmbclient0 to follow the shared library packaging policy and remove provides libsmbclient3 for post 10.3 systems.- Add variable to define if a share should be an administrative share; [bnc#358841].- Fix patch errors with dcerpc and idmap_global; [bnc#280452].- Fix safe_strcpy error caused by duplicate domain name fix; [bnc#356025].- Fix two memleaks if num_validated_vuids exceeds its maximum; [bnc#349581].- Fix ACL inheritance; [bnc#351570].- Fix a gcc 4.3 buffer overflow warning.- Remove duplicate domain name prepend when user SID is in winbindd cache; [#336854].- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing caches; [#340332].- Fix kerberos authentication with Vista; [#350032].- Update to 3.0.28. + Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Additional cases and problems caused by fix for CVE-2007-4572; [#337823].- Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Added default printing system information to README.vendor; [#113759].- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.- Update to 3.0.27. + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572; [#326261]. + Remote code execution in Samba's WINS server daemon (nmbd) whe processing name registration followed name query requests; CVE-2007-5398; [#337823].- Change the spec file to get debug packages again.- Additional case for overflow: CVE-2007-4572; [#326261].- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].- Fix the alignment of 32 and 64-bit winbind requests; [#331754].- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0 systems; [#289599], fate [#302668].- Fix possible segfault in winbind which could be caused by uninitialized variables; [#253862c223].- Use FQDN in KDC DNS lookup; [#295284].- Update to 3.2.0pre1. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Support in pam_winbind for logging on using the userPrincipalName. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from O'Reilly Publishing. - Update samba-vscan to 0.3.6c-beta5. - Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't apply to Samba 3.2.- Make nss_winbind thread-safe; [#293907, #329796].- Perform KDC lookup using DNS only; [#295284].- Handle smb child crash; [#294895].- Add a global lock inside nss_winbind as workaround; [#293907].- Merge ranged retrieval optimization to winbindd.- Update to 3.0.26a. + Memory leaks in Winbind's IDMap manager. - Update to 3.0.26. + Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin; CVE-2007-4138; [#307623].- Fix two memleaks in idmap_cache.c; bso [#4917]. - Correct failure of libsmbclient against a version of Windows. - Make read_sock return the total number of bytes read instead. - Fix error in enum_dom_groups. - Fix logic error in timeout of blocking lock processing. - Add parameter "directory name cache size". - Fix use of pwrite in tdb code.- Also ensure to initialize ip_srv_site and count_site even if we are not on site; [#230963#c124]. - Use an off site DC if we're not online and talking to the KDC of our domain; [#230963#c106].- Fix a bug where samba writes the wrong default value of max_passwd_expire to an LDAP server; [#298469].- Fix if statements where we still expected cli_connect() to return BOOL.- Update to 3.0.25c. + File sharing with Widows 9x clients. + Winbind running out of file descriptors due to stalled child processes. + MS-DFS inter-operability issues.- Update the cache tdb validation patch which improves the backup handling trying to end up with a useable cache tdb. This applies mostly to the situation that disk space is short; [#256166c82].- Update the cache tdb validation patch to support backup and corrupted file handling; [#256166c77].- Fix a bug that causes smbd to 'hang' intermittently; [#289599].- Fix event based krb5 ticket refreshing in winbindd.- Limit the LDAP expression in lookup_usergroups_member() to security groups; [253862c209].- Don't reset the num_names counter in lookup_groupmem(); [253862c198].- Make the days before the password expiry warning appears configurable in pam_winbind.conf; [#287871].- Don't link shared libraries of vscan with -pie.- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to 20480; [#253862c175].- Update to 3.0.25b. + Offline caching of files with Windows XP/Vista clients. + Improper cleanup of expired or invalid byte range locks on files. + Crashes is idmap_ldap and idmap_rid.- Fix reply when no dfs share is configured. - Fix the DFS code to work with Vista clients; [#286937].- Migrate old if-up/down scripts to new names on update; [#283706, #285187].- Introduced prefix numbering of if-up/down scripts that they get executed in the right order; [#283706, #285187].- Restart nscd on winbind update to load the new libnss_winbind.so.2 library. This will not resolve every problem with nss modules; [#174589c88].- Fix winbind segfaults with idmap_rid; bso [#4624].- Add missed 'c' character to the list of valid ones in escape_shell_string(); [#273611].- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].- Remove superfluous requires to samba from the devel package.- Ensure the returned structure size from _samr_query_dispinfo() is smaller than the total size; [#203833].- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan. - Install header files with 0644 instead of 0755 permissions. - Enable build of the python package.- Branch a samba-devel package for post 10.2 systems. - Install .a library files with 0644 instead of 0755 permissions.- Update to 3.0.25a. + Missing supplementary Unix group membership when using "force·group". + Premature expiration of domain user passwords when using a·Samba domain controller. + Failure to open the Windows object picker against a server configured to use "security = domain". + Authentication failures when using security = server.- Add %dir /usr/share/samba to the client package. - Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and smbclnt from Provides and Obsoletes of the main or client package.- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.- Update samba-vscan to 0.3.6c-beta4.- In some cases PRS_ALLOC_MEM was called with zero count; [#273613]; bso [#4637].- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].- Don't use current_user to prep the security ctx in change_to_user(); [#273613].- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.- No longer check in the pre package scripts if swat or winbindd of version 2.2 are updated; [#273160].- Update to 3.0.25. + Significant improvements in the winbind off-line logon support. + Support for secure DDNS updates as part of the 'net ads join'·process. + Rewritten IdMap interface which allows for TTL based caching and·per domain backends. + New plug-in interface for the "winbind nss info" parameter. + New file change notify subsystem which is able to make use of·inotify on Linux. + Support for passing Windows security descriptors to a VFS·plug-in allowing for multiple Unix ACL implements to running side·by side on the Same server. + Improved compatibility with Windows Vista clients including·improved read performance with Linux servers. + Man pages for IdMap and VFS plug-ins. + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447. - Disable build of the python package.- Fix heap overflows to prevent remote code execution; CVE-2007-2446; [#273613]. - Fix remote command injection vulnerability; CVE-2007-2447; [#273611].- Remove obsolete samba-pdb package and required packages from BuildRequires for post 10.2 systems.- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.- Remove requires on release from devel packages.- Reduces the number of queries made to the DC in the ads version of lookup_groupmem(); [#253862].- Allow winbindd to take local shortcut on secondary DCs in case dce funnel directory is set; [#266853].- Really remove Should-Start smb in smbfs init script; [#242918].- Disable 'msdfs root' by default again; [#268004].- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel package; [#264623].- Let idmap_ad search in the Global Catalog in case dce funnel directory is set; [#266049].- Allow share names with a lengths greater than 32 chars; bso [#4512].- Check the euid and call become_root() to get write access to dump a core.- Add pwdutils BuildRequires for post 10.2 systems.- Do not restart winbindd under any if-up circumstances; [#227942].- Replace unneeded become_root_uid_only() by refactored become_root(); CVE-2007-2444; [#262090].- Add repository version and branch to the spec file via build-source-timestamp mechanism.- Allow applications to set the share mode while opening a file using libsmbclient; bso [#3684]; [#203737].- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].- Add gdbm-devel BuildRequires for post 10.2 systems.- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].- Fixes a known bottleneck under very high load situations; [#247984].- Avoid passdb builtin group membership calls in the DCERPC funnel patch; [#248556].- Allow pre 3.0.23 multi passdb backend configurations to work with post 3.0.22 by using the first backend only; [#245167].- Prevent nscd crash in NSS winbind initgroups(); [#237719]. - Fix pam_winbind cached login for samba/NT4 domains; bso [#4225]. - Various pam_winbind fixes; bso [#4094, #4288]. - Fix DCERPC funnel patch; [#245278]. - Fix vista and share level security. - Fix vista variable expansion; bso [#4093]. - Fix vista DFS support; bso [#4356]. - Fix vista backup tool; bso [#4361]. - Fix vista deletion on shares; bso [#4188]. - Fix vista spoolss problems.- Fix crash bug in rpc_pipe_bind(); [#244892].- Enable DCERPC funnel patch.- Fix accumulation of expired LDAP connections when winbind in ads mode; bso [#4009].- Fix all lp_dce_funnel_directory() callers; [#242833].- Disable broken DCERPC funnel patch; [#242833].- Update to 3.0.24. + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].- Avoid winbind event handler for internal domains.- Fix smbcontrol winbind offline; [#223418]. - Fail on offline pwd change attempts; [#223501]. - Register check_dom_handler when coming from offline mode. - Fix pam_winbind passwd changes in online mode. - Call set_domain_online in init_domain_list(). - Winbind cleanup after failure and fix crash bug. - Don't register check domain handler for all trusts. - Add separate logfile for dc-connect wb child. - Only write custom krb5 conf for own domain. - Move check domain handler to fork_domain_child.- Fix pam_winbind text string typo; [#238496]. - Support sites without DCs (automatic site coverage); [#219793]. - Fix invalid krb5 cred cache deletion; [#227782]. - Fix invalid warning in the PAM session close; - Fix DC queries for all DCs; [#230963]. - Fix sitename usage depending on realm; [#195354].- Add DCERPC funnel patch; fate [#300768].- Fix pam password change with w2k DCs; [#237281].- Check from the init script for SAMBA__ENV variable expected to be set in /etc/sysconfig/samba to export a particular environment variable before starting a daemon. See section 'Setup a particular environment for a Samba daemon' from the README file how this feature is to use.- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.- Fix pam_winbind grace offline logins; [#223501]. - Fix password expiry message; [#231583].- Move XML service description documents; fate [#301712].- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.- Add XML service description documents; fate [#301712].- Move tdb utils to the client package.- Fix crash caused by deleting a message dispatch handler from inside the handler itself; [#221709].- Fix delays in winbindd access when on a non-home network; [#222595].- Fix client-side smb signing; [#222951]. - Fix imcomplete merge for firefox NTLM handling; [#198255].- Add IA64 and x64 printer drivers directory.- Update to 3.0.23d. + Stability fixes for winbindd.- Fix ldapsmb group and unicode issues; [#143417, #216606]. - Fix net ads account management; [#217046]. - Fix libnscd usage in passdb; [#217363]. - Add the "mega patch" + Add site support for winbind; [#195354], fate [#300909]. + Add site support for net; [#211281], fate [#300909]. + Fix winbind krb5 ticket handling from offline; [#178028]. + Fix "net ads leave"; [#196771]. + Fix winbind username case handling; [#184902]. + Fix winbind name canonicalisation; [#210174]. + Fix winbind online/offline handling; [#196859]. + Add NTLM cached credential handling for firefox; [#198255], fate [#300973]. + Fix winbind groupmembership handling; [#211324]. + Fix winbind site-support handling on reconnect; [#195354]. + Fix winbind child initialization and online/offline handling; [#196859]. + Fix winbind cached credential storage; [#185053]. + Fix winbind long login delays; [#184450]. + Fix winbind crash for new AD user; [#208454].- Fix pam_winbind overriding syslog settings; [#201756]. - Fix profilepath pam_set_data for other PAM modules; [#215707].- Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. - Fix libsmbclient accessing NetApp; bso [#4018]. - Fix error handling in ads printer code; [#209409]. - Fix passwd pam segfault; [#211719]. - Fix crash in winbind async child. - Fix winbind failure mode for trusted domains.- Add realm to username if missing in net ads join; [#211706].- Move the LOCKDIR to the client sub package.- Activate the libaddns.- Add version of the package subversion to Samba vendor version suffix.- Update to 3.0.23c. + Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. + Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend.- Fix time value reporting in libsmbclient; [#195285].- Remove update-messages.- Store and restore NT hashes as string compatible values; [#185053].- Added winbindd null sid fix; [#185053].- Update to 3.0.23b. + Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". + Errors in 'net ads join' caused by bad IP address in the list of domain controllers. + SMB signing errors in the client and server code. + Domain join failures when using smbpasswd on a Samba PDC.- Fix from Alison Winters of SGI to build even if make_vscan is 0.- Update to 3.0.23a. + Failure to strip the domain name from groups when 'winbind use default domain = yes' + Bad token creation of local users on member servers not running winbindd. + Failure to add users or groups to ACLs using the Windows object picker. + Failure in file serving code when 'kernel oplocks = yes'. + New "createupn" option to "net ads join" + Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.- Fix pam config file parsing in pam_winbind; bso [#3916].- Update to 3.0.23. + Improved 'make test' + New offline mode in winbindd. + New Kerberos support for pam_winbind.so. + New handling of unmapped users and groups. + New non-root share management tools. + Improved support for local and BUILTIN groups.- Prevent potential crash in winbindd's credential cache handling; [#184450].- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].- Fix the munlock call, samba.org svn rev r16755 from Volker.- Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]./bin/sh/bin/shkimball 1237558572 C3.2.7-11.2.1libwbclient.so.0/usr/lib/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/8a43981f79128af8d20299d2e006155d-sambacpiolzma2i586i586-suse-linux\#R~m~^?`] c61ӯTу"n.xRv)GbY2N?C{q:^jɬ qʘ!4C}0MtǕ`FpapOG2m jGʇFwyy2/iJT@H3IsdE oҮD 0)4RQAxu<mVv392}okfP.Ӹlp]t r;%-0Rrҍ?PS^paj_ŜH>BFuMe(9q3EaRUVr49њ1❎n <{"%;߁zc)ǠR~ &ok˼3~jٞ 22HI SKP&$URP3<7eN15!>T磩~d&\J W yHOrn~Zp(%W^4)6 \aAT!- #GKOS,T䪠nNj%Dڼxʌ௩xFվ~`籿V8Ȯg=Rrg#02yem/g-<D $,"+ |xT\|gm-.yp{3°':iΪ޿nGBF;s:7l#4Jky(]|e\i>&:7.B+_4vx\dM׀ y*OQ9+Xt3z 1ٺ u vz]_dK,f!jJ4UQlKCJzO ോLÊzEeI^^fXk ؃piC"GclNKko,ag\9wba)Zh<+#l|F]6|KD~پ8y7M~`lw@Lem>T  :OAu4ɲOt8e΀kTݦ3R鲾%puf :DXW DAH놪_LlAPspa2lAcFFlA"L\sW"h /{MQ=<&EEɪ#CV͕M@wv ]L%t6"D-&(M`_ζ u\Jj1^;:s.~9nCMTǸF弖_=udoI[R&8LSgSo so ®8G,R|͐6Cy^~wĵQ,&QQPlC]DN94ǤU a:_vr~N|Cv%ԍp)}<{G<6w;CDNTI]Hs^+ afNbǕ jߙ/U[sHq"`ΤSJu%jf'yiHFNjy;uF_ZGA~B,Zx?z0ƭe%LHbl CG["c޺Rt~. R^9͌^/p '9S,d9F.Ȁk(XJi ё`g'^eIo08%z3cɸ-G>ffJl@-۲wYZ΢pqXґdIL.uŘp+h`YSm?Iq#odlN֑9+!/H.xnnQQpå 6aBW V l_UxR&jT*~zjQ^ċAhz)l{hL{COQC4[v) k` Yv<#73֘;YɽJ}w8Gj`=_zxic]C%GRwPTrwβ FHQDZY.NP8XucRt";S ̶ /ANSk aݜI@|2ޠOyxzs^͘Z{[ M,R#G7uiIGƨq)8ar͵@r-3EbU+xWZIے8gM?y\waXYH /?F| ;煥,v[nɳ&pM*a.AK^К:/9O*T'o [uM e-Jο2s*y\'I!Dԓ]'`v2y+PLaԘ|IHJǒo\(x?^ڕ 1,2?Mv(TkYHƽwOaOn&sp@ҍf}чU*#9~-Up2?G63bt [wL3y|pԔJ>ϐ(/R>9԰wU_&K6% Ev

C-#0rL%GYn?>gP]VZ4kdEHԅ6X6)'VϳHLil*c]5{ךWu=Ăϔ^ mܭ*0>2mק&!; /oLa,!ʙ2OUzx>-1|3+w`qH ?,pƵV ЫYML0]aZXI%s:5đ=-'vS Ivbn' #9e2X^@d_68wYJ͏k/- eV6!&nV(ΣPҹ~c\VJHڞVS؀&%3I}KtCջ(=I/aKcL$VLҪ ߺ%W5|klx*w~ .5kdoUze)@yWp#_QJ>]2οf!YCCp=Xa9O_::b&suaUEfV}=6' OcBДJӬBwlVNy AuGu4h6 7 ?W댙aά178!WGvq_oq-겠Bms^ iDY/p^ `cUBoܕ8@i@^FZABCeO^(FAUIP: %4 Ho{afJ\*HsJ8 đdYhx΁Xv`"Y{q"pO:bM$:qf7}+6pFξ&HwV݉PJ0 ^J133H`)\8ӂ2F8 o|zs^l-&4.BcNw|rWcfMbY~=+guˈ$*?g)S!QhZo_Anq.B OcQQSc~vUh8 󜺫ҤBlV JEAPg?|Ku+LiZ TP!yGưd1|g;Ԁ< &u3|]t׊>r- O%౫sMʀ/W,B ZP"  fT€Qg泠l`'4)L=*s-_Á@X0>Oyc,͌ay@&Mj)mßĦ`n4[a $эXtOωl㗷]&^dQܶ4q )4t88wO z8ؼ6CFt/l'NZL/ J?!|UN B:a(K+#'{,[MP%cD|jp~-rM'Mʈ}CuYj\mC,J4N?a捭=X1 NB A#~m%w$iqu%ʵB6 a5D[J@%  `^[ GꝁEw`q^ߐ9`%/N]IVu0vIZcn$tr&3 Aֳ}[k ȥ},\Nު%ߌ9,Z4;.DΥ;I"+K5HW uOT"fLw<0-l4w^=O;׺y%t:8C3 ʽ!m2& 3w8SOEiW_z4)GŮrw_n_pHdЙe#h9u_.`تx?SygqJ̥30)6NwUXOY1Wj-KttyNN$,TӉ*f^?Y~vWgݩI&RFIQ7Ft$8":|+M[@3ߞe^|TQ,l75{7Y9ʁlG4uopWx/9D  :xX?L+ `uq 7 fłd#(6RB4W6:}\"6dNj%㐯 4Qq& {^GfKV﯑rLU+WpFE\~`Pڈƛn8H;Pn.OQx waͰfHˁmJQ S kJ_x}jb.c[Q |JUnR: |N~}C!)(NzB2Xo4? ~H3,,mWgSlQ} 4‚w78?Pg˾Z^]dab1"j_P&|a}x;mFe.H_6fu aǨK7$ui:qEs٫Kjxl܋d/!jEK1ps_ Bw^!AҼ_ʴ|'i/4o=K\ѽÏ.~uy-3`*NqZq,LrK q$ K r+k+0PvOgBR_2l$ <7kC<`=ɹ+.ބK1zn6 VEQOh"1 r9EI1mT:Qdolx AyˉEDՃG|ϹfZ8 Gfv$l)>q(AH++𥗛S3͹D_)X60 +Ԓm|=ToiQoridz@^'}< #v .ȅ\%*`g@RZYU.ϐ (f5Ƚ}=^a xlk.*L)޺sowS^xd8x'^^G2oS(Rmc4=}=s<A5` tyx6<2 S7&_xG8zZEhi0(}bY% $#;RՋ'Oj3ԩb-Y6 @d}$+,xTAqM;Va ?x}ĸjw%T/ʓ?Ʌz&e5+&KKGxH9a;K]@{$#CY Gk`UIQ*Nh0Zf` Wpy[XPjYuN7~*x=?G*؎jKJp=v 2G Vs9ŗ_2=Si'V47CdwW ^\ 88qCxc?@Lzltv]1Cg=3' h@~%0=Uʬ#⠪W'cdL-;O0<*#mld\#v٧˩gL;LK])㈯) =ctZxԝn}0$l6כAek’hA*i4B6$5^]/C3[ &L*9^<OɣG{(6nUJ4 WI~xjn/S"(63dKc}?﬉uJiiJ ?z8 MecltI% Gtbys h8Jy!X4<,'U(CS5B!YKdԠ z  Iŏ&V K;_52(ztuNa"=xB;;KŔUgA8zziz-L]FSg>uעǝ>X|/[v~(Xձ~Bvii.R SFP?*r0p1uj(um]sZi<ټ T h\<}Ou!͐cMd]l;#Fиj1iD9JcI 8@T"\*eŤ߻ cPz KB^N&yAB8_> 75{%Oe8(Uȑ$ ԅ` e2!Z̥=2%j(l?2[TԶ dav1^9.3w؆,_$S Q)-}]ߌLYİo-g˄8qRA8_'f}j9=Д!`&(\Q)<,@@k1 zTKuQ,ճeTL@L܁l\ zb?= n1?!#xm<&䈗lHq!l3$ӓey %k[)˿pTY: pA-r[x{T~d$D?ķ߳jys vNt[<f( 9T\ SWp`5_koU9;6q^ɢt5ҷ̜AH NuA FFYr%e~ :R{hdqk%x u>r9LDh*_CBXwnG.x]΃wU@1";I Y=SiאS&?pM{xeUfP0Y rl!U51s;2tR>#Z8]oz4X3*^9M+lkvs%a+f&@ؼ#rƢVK0pӡ'J\YI/J#|S}U(}<om\i(@M?WHwu]2e#jct]'W'&#y9P)7iЍ&Q +m$1[ TB}DE1 Z ?sNH1WP^:_tVhԬ,g"FT_ʃіY3T}DMdA5;8{qݰq4ݙl$ɢU33zC=77,Hߙ On.r8`RbY[%C2v?9 Ch3@Qd@d.ٯDǡ0ӻv487Z:RdY/BcEнu!~,a^d:ɳ\4:M}c%4{'VǑTJءe%ַۋ_,7 ~ Yf^ xJX ^gH!>jg'GT%(=&]jO?9@ $T=s>sѣ^tKoNɨnbLy+ e^T}gKȱ/kgf LY>W'a,u%[a7\GeFN&ȉqUK7eL"X@}At;)ҍ"f{C츆UJֿ56lLRI;۬w,LGtvjU JX5;)# t;`Sڿ/J@܎ޘVR/M%wlΥk#L20&4˛2 ܞ->0*q0@VyM!jt^(3֮2R;mޢ}(!;u2KnZf00fCklDjQ$xj6uq :>hZ08LJ1r!8d; V"5GVFoHU7apV'$[vR6o^[Swo@u[k^Ä_ĻUv%Emjĺ{PcT9oexU+Cr^7<3 14qOtypI-W&ȅr ј;,f_Olc% ="?j* "< 3_<,ߖs( U27uoT L}s]$[S9lKĸQLX@}'H4 W60-I~.:Қo] 2 # 9$&BE,& ۏpfhSpQls.~)ЍjuJ7!L'{׆j=K-PzlZ se ɏ'TTRn&RmfrKh&Ie遣^g~ BZ2п9g@XeG}Z$ ^C堩eB"-PNT v{&X$?O"[Աteݶ+;MbN㙑,b_6HS$#u cTmӝJiyѵ<ߪ4oHlR.l3| pGb]G_@~cHU![#^xϩTȠP5$=Bs2k 6¿ta4闃} 䕔&I+)re}>F`8+>1@camA5u."<;T=6eq4v>jA5? BᔊO(U.=h?YHڳf7=7h'$剆 d|LWb.cu-'İQOIِXf- W:{%PUGquĢ*2u5 /ߌF Ɯ' 4%gK\.uWkIu\S^ShN˺׻a,p1%yWIj%pkI[ޖ%F>;բzs/%V_(bfJQC+Jm]02aZ+9h`-F~&ΖYn>Y8>0u5‰'Jqײx q/-5ҞU> @*ՏWumb{ǰ$fo0_yپmZFWny\ldȯq?RGW]e6ݽ7y踏sjDyqfld#xtìqϤy v)sWmJM?85/.ȧUhQvCIz `3hR~/k@6~V\]ޮaįJ6X[غipZ$7cۅ t$ޫfˀϢ\K>CsoZfao߽ҙxOKV`f/1Ki[ GAb9 !3?We~isyq}?Y*Ω;EXKv+HC%(4g Ja)sB@x =Oȸn禍1@p-@ώWQ^P@BՌ9U;LCH oWcNJ>AaNcZjg4 $H'}T|&0 <!'/Τ}.L;ݛ֟% b []_3o-!{59Uح= 340>p}sF;<Ā"JENa$fߍ`Ck4 5yƧx.+O?ST_}G+Q9 G'5`̂Ap㳧43$G O%K_e4>Ϝ¸FQL(ŒV]O\ZG&h FD˵(k^y3pLafy`U&y,ljnA+u_:f*}w8F3d 8 3f[կ dQN@f4,~Abwrk Ym*H*vziyrhy~c:4_.K zj[fKba0:9O#/`LO거$!С`Flr4kƷL#> ޲m^KvYBU>(Np̄a*sݜ|~Mٮo@ӫ7#YfIEYtCH&\U>j\tq\6˾`u9|c!}{+ Sg^P/4G 4eĖJHT1 ( ܊=XPC"hcJ Z;c u;υ:˂UŎfAEt; ]OM(Wc)ڱ6(8CGí }hp*RJb-B`m;MD+Q LVo=c^޻p0S ̡M;nq?"*BJA^ֵ#:lxVo(^Ȱ[?S#J Wmx1s4B\UpC:&u#{v:ˠGW?p%&|G7 ,ĖzqT^&b0N{k4$@O;tՄԜs\*ד/Ӌ [cY-Ngcᝃ:1*,H`nu.:ِr A%PT 3'‚&5{w I5g*޷#Gnb! {@h4Ń=9-uH |8Z,D%ts] 3XW'?g~xn. wػx&gf\EluQ/f:<D? QXA^ZWI{<_8mN,ay`;{D">ܧ҉׵7:'R+ی [`lǑ$R,P˷cS;Y]V[3l;Ju!͓wUUAjx*{L7{ΚObX2jc}i?oq%l9haHs -ʉ;/c U&jo}_N.{1j}P1?{EQҝ@r` ]{g>|N1^thԹg܀t(kQP]:7'Xz(oq4d9Ut)TϽ`RV<[M)n[7mLR8GP*Y]1Fuj/lbe*s'B/1ZK7;X[\d $YL9}%]gB<1Z80n}~ٖ G7˂tHէxV쮟Ew i'gfKǀnzVij8ce^uK1,4t}Cťib뱩[sD%QP]}(]fMθP\P9ˡ!BIGŸOVtYJJe)nk )sxNmx>9|tEٮRg"HrbTQ<&BsZ **/(IܭԣxpL}sO'0@Ȩr#Q p/1}K8,UH!LAdJguRjZeYM#*r VR KNFaKs/O'44 Vh@ỾA+ӛ-{P)}[6N`p-8\KcgiJM'd*TUf]bg7N8Tl- fc~|`;eI ɤ/$͎c'.u cߓ1%viFO9D`.uOA?hn$)3%EWkgvZZv]7 .;N>vZJgqw80>;3S_ YeB㘘%Kuvο:@kTؘd9L@IqbY9!7jSk_bu}*Q/MU 'WU~v~x(4*9gz| v]N ѿqպX&Z$ DYKw9嬞 F[(<о 3:^>9}UG a",K!y4*~r[.veG/+k)sP4i DH!g:5 σdtH 5Mcr%\DYTpZSy(s)BE?;GkʹP7瀶e x{}oc~,P fFE"?dվ~#!tI 8ŋVZ4t%FD:]0#\n(峡%s0*k hڮR$6di)ךbgDG"myJl3W#1xTl^2 /D=EDU|CϺ ^M>`2s͍?Vz+4 |,0'OܝYuv6F]&m9$DF"gI0tH2+w:_M&Vz Go =i62ߖ=I_L{ha))*i'}(Hr9rK\h,KS|jlc^zifoKPQ؊|iц1$T6\xQ@rKDÑjx`lM΍Y~=WA@0 H=k <g"q`exu]\JB P9+f7mz 'ɢ.]Q(|) A̺/ܮR ;]XY`%i3=$ := vq(_m3s]JL(? t52$rQ0kr\mny&oIA}.9DXVV?opZ+nx'c6y܏iwNJʇ/ TlCSddj3GXyL~ŪYAeaa TYG7f.aLg *7;9b4e˘&62 ~k4LFS7&i/ 8"֫D#FV\`R`d-~:jPp+0ӂ}+s{%/w0hoa6d*͝b{y8S@DnȆiSEyxRuļh8 çw$2Gu}cܙ5*?a |D>(n&͛x~,b4 H((J7#_dM_ނfU˙?$C<9 xi6u 5tҸ88 Ī־[W3y/FSrJVÝ$kk葽A,L)Xc3j{U({ل:`_aWq!lKJ}R:Kp*^ҍġ++407^9E FmD049sodk:$kx9~j DI&:Eiخ^9|:hMIXBEsn_97~qg =i󺊎e5,3cxãw&HZ@ʞ"-Y9}V,E_YV6g$'ayrmxw{$@X;f&y#r֓hԲ)(W!CK`r8,F_Vj>(*(Gz- t"|}9SpQzi+'^)R)fU)@]N%nfV΂-|1&36"X~Rw_L`FEi# o{bi2A},ͣ}XY)6G ~&5[xMZAxRk> > 3Қ?]rST&ob+AK7vAnmwskyvq$S#]}zI' nk~Ei`j.3cetɤԡa8 }SHxLy 4`I ՔJ':Wmvd' X+L?bMBG [9;.4)sfEds!OOG2-n0InmziND:B暡>[r>di E'cZMU~+\Y ejSyUgڧ m5Gi+\,R)f'֓icPn¶ 1nMǻqOb,@#ƍ _ho lj8y[_"`Kz<ꑼ,LBz Lw,}N%x.H7FJ*ȝ[t2:)~sM Ar(C\_ I+­_kN=4*YZG,LoGG )9A3Gm߮zX{5D~S2v~eh{ZN8([qzLINeK~bQN(.xMTdX͚-$c:K62H/޷>-,mDU芷 Q3#j(%N+(:hPvjF6i:AR#$mn&֋r$/ouk3e8^b71`r-OGCRJ5l}/@#"ë/v4jA}ԯs7/~(Fp7k?sDO@DdV發 K?1 ]4s,2 k'--pyW4ўܫ:\p"VJ#Ah2d{W<۔byg˄(ea]#2=1XV[E#=M,;@ QlVfc 6h"w8z0'kG!#:7@ӥ;-Us1ӑ'bZ= 8Un%_?;JnEʘ䥤~cmm?DE@b@IM8^ƌ.`ϲ,0n !cf 'хC0J0GoYaT9!sAh5