ldapsmb-1.34b-6.8.1>t  DH`pL`C/=„7`zUǫT?/X; B~]䚗3e.y^w~5_R3|Mt87}@߆3ǽ!i4T+sT< 4ERe S_w2rpypbw.y(P%g /)UdKI{n\ҭ>A_Ly gD饇V-A< fߒĿͿ&@gopuq"n-8Pi3e7686f33efe9ac91c6d680aece7978d855a24cdYL`C/=„ڬȪJ 6cfpe=s/=RǻTHZ88sFDRi#gU|x♑Jm7?%5/ŶPL]ocJ/Dpc@ T=Cp(]S4x ^zRa\ڕHe Z|գ߿)7m߄<e9Ƃ(iVAڠL !ڪJC۶̎JD-l>6d?Td   >04<@NWg      $.8T\dx(8191:1FGHIXY\]^b5cd#e(f-k/l4zDCldapsmb1.34b6.8.1Tool to administer Samba's LDAP backendThis tool aims to simplify the administration of a Samba Domain Controller that uses the ldapsam passdb backend. Authors: -------- Guenther Deschner Source Timestamp: 2426 Branch : 3.2.7.SLE11_GAL_grinck+openSUSE 11.1openSUSEGPL v2 or laterhttp://bugs.opensuse.orgProductivity/Networking/Sambahttp://www.samba.org/linuxi586L_L_ a26e7f6a24ef8f254df49e782932dc32c1c5c1237259e5e676549fc6efea15farootrootrootrootsamba-3.2.7-11.8.1.src.rpmldapsmbJJ@Jperl-ldaprpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/usr/bin/perlrpmlib(PayloadIsLzma)4.0-13.0.4-14.4.2-14.4.2.3LzLrbLmLi(@LgL[@L0K@K@KK[K@KqN@KqN@KoKoKn@Kn@KD{@K;@K/c@K?K3@J@JJ`@JH@JJ JjJJzJmJ\s@JI@J@J:,@J8J'@J'@J'@J+@JMI2IIl@II1I@IHIy@Iy@Id@Ia@IVISuISuIBR@IBR@I?@I?@I6tI6tI3I2@I1.I.I.I.I.I-:@I+I%Q@I%Q@IsI@IP@IH@H,H,H@H @H @H @HHHH@H}@H׈HHHBHe@H|@HAHH@H@H@H@HHc@H@HnH@Hz@H4@HsVHnHkmHkmHj@Hj@Hj@Hj@Hj@HhHhHcHb3@HXHO@HNlHNlHM@HI&HG@H?@H?@H=I@H=I@H;H6H6H6H2@H.H-w@H-w@H-w@H-w@H*@H*@H*@H)H$. + Fix Coverity IDs 456, 574, 592, 606 and 607. + Fix net rpc vampire. + Use the same prerequisite for DDNS update as Windows XP. + Make "lwinet ads dns register" honor the "interfaces" parameter. + Fix extended DN parse error when AD object does not have a SID. + BUG 5888: Fix PNP_GetHwProfInfo(). + BUG 5957: Do not abort rename process on valid rename script. + BUG 5898: Fix 'net rpc shutdown'. + Fix duplicate installation of cifs.upcall. + Fix _srvsvc_NetShareAdd segfault. + Ensure consistency when reporting password complexity. + Fix _lsa_GetUserName. + Fix access check in _samr_QuerySecurity(). + _samr_DeleteUser needs to wipe out the user_handle on success. + NetGroupEnum_r needs to handle servers with no groups. + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + BUG 5908: Fix internal change notify on shared directory. + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share. + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support and GPFS. + Add new VFS module to analyze SMB traffic + BUG 5928: Fix 'testparm --version'. + Have uppercase_string return success on NULL pointer in mount.cifs. + Make mount.cifs return codes match the return codes for /bin/mount. + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs. + BUG 5778: Check if strlcpy and strlcat are already defined. + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy. + Fix a potential NULL deref in found by the IBM Checker. + Fix an uninitialized variable found by the IBM Checker. + Fix an unlikely memleak found by the IBM Checker. + Fix some missing error handlings. + Add workaround for domain joins using a netbios name which is different from the hostname. + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. + Fix trans2findfirst for the large directory optimization. + Fix checking for presence of cups-devel and correct cups-devel test for HAVE_IPRINT. + BUG 5805: Don't close stdout when calling setup_logging multiple times. + Fix setting of trust password using 'net rpc trustdom add'. + Fix several issues in vfs_streams_xattr and vfs_stream_depot. + Return an error instead of crashing when no realm is given (trigerred by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and "disable netbios = yes"). + Fix the new vfs_smb_traffic_analyzer build for static links. + BUG 5901: Fix default for streams_depot location. + Fix several build warnings. + Delete the krb5 ccname variable from the PAM environment if set. + Fix circular dependency error with autoconf 2.6.3. + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at compile time rather than install time. + BUG 5906: Fix Winbind crash when calling 'getent group'. + Fix logging to syslog. + Allow SYSLOG_FACILITY to be modified with a new configure option called - -with-syslog-facility. + BUG 5909: Fix MS-DFS on Vista clients. + BUG 5944: Fix starting of nmbd with "socket address" set to "". + Fix segfault on startup with trusted domains. + Re-add "winbind:ignore domains" parameter. + Avoid freeing fsp twice when opening new_file fails (Debian #431696).- Fix the conditional macro to start smbfs by default; (bnc#456469).- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.- Use %__install macro to install files with the right permissions instead of cp.- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.- Update to 3.2.5. + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients; CVE-2008-4314; (bnc#446971).- Update baselibs.conf.- Fix circular dependency error with autoconf 2.6.3.- Fix the dhcp hook script and support CODE11; (bnc#442335).- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).- Include the missing spec file change mentioned the previous commit.- Make cifs-mount depend on keyutils, keyutils-libs packages as they are required to support dfs and kerberos; (bnc#432494).- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).- Change the runlevel description for winbindd to use "Microsoft Windows" instead of "NT"; (bnc#446154).- Directory/Filenames get truncated when 3.2.0 client acesses old server; (bnc#432471).- Add SuSEfirewall2 services config file to open Netbios and Samba ports on post-10.2 systems; (bnc#247344).- Remove unrecognized configure options.- Fix the pam_winbind build.- Delete the krb5 ccname variable from the PAM environment if set.- Move the nss_info modules to the samba-winbind package.- Add version branding for CODE 11.- Restart smbfs even with the traditional network setup; (bnc#425058).- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro if available.- Only call the fillup_and_insserv or fillup_only macro if available.- Use package names instead of macros for cp, mkdir, mv, rm, and grep or instead of the full path to the binary for ln, find and xargs.- Introduce NET_CFGDIR to fit the needs for a differing location of the network configuration per vendor.- Use path macros for cp, mkdir, mv, rm, and grep.- Only use SUSE rpm macros and SuSEconfig.permissions if available.- Adopt samba-vscan to build after the change to the bool type define.- Fix winbindd crash in an unusual failure mode; (bnc#416598).- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.- Update to 3.2.4. + BUG 5590: Fix binary stripping on older OS. + Fix linking of cifs.upcall when nscd_flush_cache() is found. + BUG 5052: Allow inheritable permissions. + BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback has an IPv4 address. + BUG 5698: Fix non guest connections to shares when "security = share" is used. + BUG 5729: Explicitly allow "-valid". + BUG 5745: Fix Kerberos authentication with (lib)smbclient. + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + BUG 5761: Fix opening of mangled directory name (resulted 'is a stream name'). + Fix the wcache_invalidate_samlogon calls. + Clarify usage of "force create mode". + Write times code update. + Fix Winbind crash. + idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure. + Fix build warnings. + Cleanup of DC enumeration in get_dcs(). + BUG 5710: Fix changing of machine account passwords. + Fix several build warnings. + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + BUG 5736: Fix Winbind crash bug with trusted domains. + Correct the netsamlogon_clear_cached_user function. + Fix handling of MSKRB5 OID in cifs.upcall. + Fix build warnings in cifs.upcall. + Change default install location of cifs.upcall to EPREFIX/sbin. + Enable building of cifs.upcall by default on Linux. + BUG 5707: Do proper error handling if the socket is closed. + Fix calculation of useable_space for trans2 and nttrans replies. + Fix Coverity ID 587. + Add mapping of generic bits when setting an NFSv4 ACL. + Some write time fixes. + BUG 4516: No IPv6 on Solaris 2.6. + BUG 5571: Fix group memeberships in Winbind. + Fix cut and paste error in quota code. + Fix display of POSIX ACLs. + Avoid a race condition in glibc between AIO and setresuid(). + Add missing become root for AIO operations. + Fix logic of tsmsm_sendfile(). + Fix an errno handling bug that could lead to an infinite loop. + Fix handling of arbitrary new PAC types.- Create a link to the html manpages so that they can be accesses in swat; (bnc#426182).- "Password last set" timestamp update from admin pw change; (bnc#420407).- Call mkinitrd_setup during %post and %postun for package cifs-mount; (bnc#413709).- Update to 3.2.3. + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789; (bnc#420634).- Update to 3.2.2. + BUG 5592: Fix creation and installation of shared libraries. + Fix replacement of random seed generator. + Fix a race condition in idmap_tdb2_allocate_id(). + Fix unix_convert() for "*" after changing map_nt_error_from_unix(). + Make sure to always set errno on error path in OpenDir. + BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. + BUG 5686: Fix segfaults in libsmbclient. + BUG 5692: Fix coredump in full_audit.so. + BUG 5696: Fix "force group" in setups using Winbind. + Rename cifs.spnego to cifs.upcall. + Fix segfault in cifs.upcall when it is called without any arguments. + Fix coverity ID 594 (resource leak on error path). + Fix assigning of primary group memberships when authenticating via Winbind. + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. + Include stdlib.h to get a prototype for free(). + Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. + Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). + Add add c++ guard to netapi. + Fix compile warning in cifs.upcall. + Add "dns_resolver" key type to cifs.upcall. + BUG 5688: Fix orphaned LPQ processes if socket address is invalid. + BUG 5684: Fix removal of dead records in tdb files. + Fix coverity IDs 595, 596. + Fix smb_len calculation for chained requests. + Fix output of test status. + Fix smbclient connections to older servers. + Fix a fd leak when trying to regain contact to a domain controller in Winbind. + Fix permissions on ctdb databases. + Fix passing back success when a function had in fact failed in two places. - Add --enable-static to the configure options to get the statical libraries installed by the install Makefile target. - Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.- Set Required- and Should-Stop in the init info part of all init scripts.- Fix libsmbclient to older servers; (bnc#402776).- Update to 3.2.1. + BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. + Update the section about net conf in the net(8) manpage. + Improve processing of registry shares. + Fix listing of registry shares with testparm. + Fix several build issues. + BUG 5578: Fix error from strlcat. + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. + Fix bug creating files using DOS clients with mixed case files. + Fix uninitialized variable. + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. + BUG 5570: Fix bogus error message during AD domain join. + Fix trusted domain handling in Winbindd. + Fix build warning. + BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. + Re-activate 'acl group control' parameter and make it only apply to owning group. + Make ntimes function more like POSIX and allow NULL arg. + BUG 5512: Fix alignment problems on sparc. + BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. + Fix a race condition in Winbind leading to a crash. + Fix a segfault in base64_encode_data_blob. + Fix some uninitialized variable references via ndr_print. + Fix error message if trying to join with a non-privileged user. + Fix setups using "include = registry" without [global] settings in the registry. + Fix "net sam rights" on domain member servers. + Add documentation for the vfs streams modules. + Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. + Allow SID with 0 in subauthority to be converted properly. + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. + Fix realpath() check so that it doesn't generate a core() when it fails. + Fix overwriting of winbind logfiles. + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. + Add broadcasting of the debug message to all winbindd children. + BUG 5635: Fix updating of printer queues. + Release still reachable memory if the smbclient context is freed. + Remove trailing withespace from wbinfo -m which breaks gdm auth. + BUG 5540: Fix "set primary group script" user option substitution. + Fix regression in Winbindd offline mode. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Allow %u parameters for print job username.- Fix a race condition in winbind leading to a crash; (bnc#406623).- Use the configure option to enable debugging. This fixes the creation of the debuginfo and debugsource package.- Fix emptying the printing queue; (bnc#411493).- Remove trailing withespace from wbinfo -m which breaks gdm auth.- Add a recommendation to the samba and samba-winbind package to install logrotate for openSUSE 11.0 and later.- Include mkinitrd scriptlets.- Allow %u parameters for print job username - use advanced sub; (bnc#374389).- Update to 3.0.31. + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not remove the unix domain socket used to field client requests. + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend. + When allocating client buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. + Memory leak fixes in DC location code. + BUG 5533: Winbindd fails to cope correctly with a workgroup name containing a '.' + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. + BUG 5551: smbd recursing back into winbindd from a winbindd call. + Fix usage message for "net rpc trustdom add". + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + BUG 5578: Bad (non-Samba) use of strlcat gives error. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Documentation build fixes. + [DOCS] Fix use of smbconfoption in samba.entities. + Return NULL in sitename_fetch() if gencache_init() fails. + Use machine account and machine password from our domain when contacting trusted domains. + SPNEGO SPN fix when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix joining NT4 domains. + Don't let winbind getgroups crash when we have no gids in the token. + Fallback to level 24 pwd set while joining. + Fix joining w2k domains in "security = ads". + Fix pam_sm_chauthtok for storing modified cached creds. + BUG 5202: Re-activate "acl group control" parameter and make it only apply to owning group. + BUG 5531: Fix conversion of ns units when converting from nttime to timespec. + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient. + Fix a segfault in base64_encode_data_blob. + AIX build fixes. + ENODATA is not defined in freeBSD 4.6.2. + Don't reset password last set time just because the expired flag is set to 0. + Fix usage message for 'net idmap dump'. + Miscellaneous man page fixes. + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd. + Fixes to man pages. + Add tdb file documentation. + Ensure that winbindd trusted domain children keep primary domain online status up to date. + Update cached creds during password change. + Ensure that Winbind always uses set_domain_offline() to mark a domain offline. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Memory leak fixes.- Allow authentication and memory credential refresh after password change from gdm/xdm; [bnc#395578].- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.- Call the libsmbclient testsuite from the %check instead of the %build script.- Use machine account and machine password from our domain when contacting trusted domains; [bnc#404667].- Add a %check section move the test of the PAM modules to this section and add more tests.- Add a recommendation to the samba and samba-winbind package to install cron for openSUSE 11.0 and later.- Use a variable for syslog and add missing $remote_fs dependency for Require-Start in the init information of the init scripts.- Update to 3.2.0. + Support for establishing interdomain trust relationships with Windows 2008. + All changes from the pre and rc releases as noted in here earlier.- Move header files from the devel sub package to lib*-devel.- Work around bad use of autoconf interna.- Build Samba with debug symbols to get working debuginfo packages.- Add /etc/openldap to the file list and not only the schema directory.- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster booting; [fate#304967], [fate#304965].- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to 'Network/DHCP/DHCP client'; [bnc#400467].- pam_winbind: Update cached creds during password change; [bnc#395578].- Update to 3.2.0rc2. + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. + Make sure we take account of the large read/write SMB headers as well as the buffer space when allocating cli buffers for large read/write. + Fix tag as a goto target we were not reinitializing the array counts. + BUG 5451: Fix for using the correct machine domain when looking up trust credentials in our tdb. + Fix spnego SPN when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix pam_sm_chauthtok for storing modified cached creds. + Fix joining issue in setups with "config backend = registry". + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting for TCP connection timeouts if no LDAP server is available. + BUG 5502: Fix security=server. + Fix coverity IDs 552, 553, 570, 571, 572. + Shrink ldbtools. + Fix reset of password last set time just because the expired flag is set to 0. + Remove support for symbol versioning in shared libraries. + Fix autogen for autoconf 2.62. + BUG 5515: Fix empty input fields in SWAT. + BUG 5516: Fix saving of the config file in SWAT. + Fix winbindd trusted domain child not keeping primary domain online status up to date.- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds; [bnc#395578].- Don't reset "password last set time" when unlocking an autolocked account; [bnc#382111].- Fix winbind sigterm handling and make init script send sighup to all child winbind processes; [bnc#382027].- Fix bug with winbindd trusted domain child not keeping primary domain online status up to date, merge to trunk from reversion 1801; [bnc#373560].- Make winbind children reopen logs on SIGHUP; [bnc#382027].- Set only CONFIGDIR and LIBDIR while make everything and install. No longer set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].- Update to 3.0.30. + Fix for CVE-2008-1105. + Remove man pages for ldb tools not included in Samba 3.0.- Fix vulnerability that allows for the execution of arbitrary code in smbd; CVE-2008-1105; SA30228; [#391168].- Follow the rename of libtdb0 in baselibs.conf.- Rename sub package libtdb0 to libtdb1.- Update to 3.2.0rc1. + Move the posix pending close functionality down into the VFS layer. + Fix activation of registry globals in loadparm. + BUG 5452: Fix smbclient put. + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. + BUG 5456: Fix missing echo if we ^C at the prompt. + BUG 5464: Fix timeout in winbindd. + Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. + Use more error-prone form of testing dm_destroy_session() return code. + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. + Fix wins null pointer crash in nss_wins module. + Fix lm session key length in _netr_LogonSamLogon. + Add -f switch for DsGetDCName() example and be more verbose on output. + BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users} + Fix the DNS Update option of "net ads join". + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). + Recognize and allow longer UA keys in winbindd_cache. + BUG 5436: Fix signing problem in the client with transs requests. + Fix a valgrind bug in the new [ug]id2sid cache. + Fix Coverity IDs 565 and 222. + Fix dfs_Enum: In form_junctions, correctly check for malloc failure. + Add support for symbol versioning in shared libraries (can be disabled with - -disable-sysmbol-versioning). + Add new function wbcLibraryDetails() to libwbclient. + Cleanup size_t return values in convert_string_allocate. + Fix Kerberos support for CUPS 1.3 in smbspool. + Fix printing with Vista. + Fix deletion of files when they're in use by other drivers.- Update to 3.0.29. + Fix a crash in tdb_wrap_log(). + BUG 5267: Fix for nmbd termination problems when no interfaces found. + BUG 5326: OS/2 servers give strange "high word" replies for print jobs. + Remove MS-DFS check that required the target host be ourself. + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. + BUG 5095: Fix the enforcement of the "Manage Documents" access right. + BUG 5460: Fix MS-DFS referral problem in server code. + Fix bug in Winbind that caused the parent to ignore dead children. + BUG 4235: Improve compliance to the Squid helper protocol. Original patch from Pawel Worach . + Prevent cycle in Wibind's list of children when reaping dead processes. + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. + Fix client connections and negotiation with Windows 2008 DCs in member server code. + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). + Re-add samr getdispinfoindex parsing which got lost in the glue commit. + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. + BUG 4901: Fix behavior of "ldap passwd sync = only". + BUG 5317: Fix debug output from domain_client_validate(). + BUG 5338: Fix format string bug in rpcclient. + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. + BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. + Fix signing problem in the client with trans requests. + Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. + Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. + Fix trusted users on a DC that uses the old idmap syntax. + Only have Winbind cache domain password policies that were successfully retrieved. + Fix alignment bug when marshalling printer data replies. + Fix DeleteDriverDriverEx() checks to prevent removing in use files.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Expand baselibs.conf to match pre SUSE 11.0 products.- Remove obsoletes and provides 3 for all packages and systems.- Cleanup the use of the suse_version macro to achieve consistent defaults.- Set CODEPAGEDIR while make to fit the install location.- Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558].- Package man page files independent of the used compression method (gz,lzma).- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva in the OBS too.- Add a script to restart smbfs if NetworkMangaer gets an IP address; [bnc#373075].- Remove all references to the obsoleted samba-pdb package.- Compose the BuildRequires in a more flexible way to fit the openSUSE build service (OBS) requirements to support different operating system targets.- Use _libdir macro instead of a local define of LIBDIR.- Remove PreReq /sbin/ldconfig from the libtdb-devel package.- Install the shared libraries with the same name as used as soname.- Update to 3.2.0pre3. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Support for IPv6 in the server, and client tools and libraries. + Support for storing alternate data streams in xattrs. + Encrypted SMB transport in client tools and libraries, and server. + Support for Vista clients authenticating via Kerberos. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New LGPL Winbind client library (libwbclient.so). + New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. + New client and server support for remotely joining and unjoining Domains. + Support for joining into Windows 2008 domains. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing.- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.- Remove obsoletes and provides samba3 for post 10.3 systems.- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the shared library packaging policy for post 10.3 systems.- Update kdc dns-only lookup patch to IPv6.- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym links in /sbin/; [bnc#380693].- Enable the build of vfs_cacheprime and vfs_readahead modules.- Update to 3.2.0pre2. + Add library for access to the registry configuration data. + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + BUG 4308: Fix Excel save operation ACL bug. + BUG 4801: Correctly implement LSA lookup levels for LookupNames. + Add new option "debug class" to control printing of the debug class. + Enable building of the zfsacl and notify_fam vfs modules. + BUG 5083: Fix memleak in solarisacl module. + BUG 5063: Fix build on RHEL5. + New smb.conf parameter "config backend = registry" to enable registry only configuration. + Added support for IPv6 client and server connections. + Remove unused utilities: smbctool and rpctorture. + Fix service principal detection to match Windows Vista (based on work from Andreas Schneider). + Encrypted SMB transport in client tools and libraries, and server. + Added support for an SMB_CONF_PATH environment variable containing the path to smb.conf. + Various fixes to ntlm_auth. + Correctly handle mixed-case hostnames in NTLMv2 authentication. + Add Winbind client library. + Enhance client and server remote registry access. + Add client calls for remotely joining a computer to a domain (including calls from "net dom" command). + Add libnetapi.so library for joining domains including sample GTK+ app. + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC. + Various fixes for DsGetDcName and conversion to IDL based structures. + Add ads_get_joinable_ous() to libads to get list of joinable ous. + Add get_logon_hours_from_pdb() to comply with new IDL based structures. + Migration of the entire client and server DCE/RPC code to IDL based structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON. + Started migration of client and server DCE/RPC code to IDL based structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG. + Use IDL and autogenerated code for samlogoncache and Kerberos PAC handling. + Add remote join/unjoin server-side implementation. + Import the Linux red-black tree implementation. + Support for storing xattrs in tdb files. + Support for storing alternate data streams in xattrs. + Implement a generic in-memory cache based on rb-trees. + Speed up the smbclient "get" command. + Add the aio_fork module. + Modified libsmbclient API for more easily maintaining ABI compatibility while adding new features to libsmbclient. + Refactor Winbind internal parent-child interface tables to achieve better unit testing support. + Networking fixes to the libreplace library. + Add support for DNS Service Discovery. Based on work from Rishi Srivatsavai . + Don't restart winbind if a corrupted tdb is found during initialization. + Add share parameter "administrative share". + Improve error messages of net subcommands. + Add 'net rap file user'. + Change LDAP search filter to find machine accounts which are not located in the user suffix. + Remove smbmount. + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of a file. + Register the smb service with mDNS if mDNS is supported. + Add smbclient support for basic mDNS browsing. + Fix padding between Winbind 32bit/64bit client library in the request/ response structures. + Added a syncops VFS module for file systems which do not guarantee meta-data operations are immediately committed to disk in stable form. + Additional portability support for building shared libraries. + Get Samba version or capability information from Windows user space. - Add new sub packages libnetapi0, libnetapi-devel, libtalloc1, libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.- Fix build with glibc 2.8.- Added baselibs.conf file to build xxbit packages for multilib support for post 10.3 systems.- Only cache password policy results that worked, otherwise we cannot login until the cache expires even if a connection to a DC has been restored; [bnc#373552].- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].- Update to 3.0.28a. + Failure to join Windows 2008 domains. + Windows Vista (including SP1 RC) interop issues.- Rename the libsmbclient package to libsmbclient0 to follow the shared library packaging policy and remove provides libsmbclient3 for post 10.3 systems.- Add variable to define if a share should be an administrative share; [bnc#358841].- Fix patch errors with dcerpc and idmap_global; [bnc#280452].- Fix safe_strcpy error caused by duplicate domain name fix; [bnc#356025].- Fix two memleaks if num_validated_vuids exceeds its maximum; [bnc#349581].- Fix ACL inheritance; [bnc#351570].- Fix a gcc 4.3 buffer overflow warning.- Remove duplicate domain name prepend when user SID is in winbindd cache; [#336854].- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing caches; [#340332].- Fix kerberos authentication with Vista; [#350032].- Update to 3.0.28. + Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Additional cases and problems caused by fix for CVE-2007-4572; [#337823].- Fix send_mailslot overflow: CVE-2007-6015; [#343702].- Added default printing system information to README.vendor; [#113759].- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.- Update to 3.0.27. + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572; [#326261]. + Remote code execution in Samba's WINS server daemon (nmbd) whe processing name registration followed name query requests; CVE-2007-5398; [#337823].- Change the spec file to get debug packages again.- Additional case for overflow: CVE-2007-4572; [#326261].- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].- Fix the alignment of 32 and 64-bit winbind requests; [#331754].- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0 systems; [#289599], fate [#302668].- Fix possible segfault in winbind which could be caused by uninitialized variables; [#253862c223].- Use FQDN in KDC DNS lookup; [#295284].- Update to 3.2.0pre1. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Support in pam_winbind for logging on using the userPrincipalName. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from O'Reilly Publishing. - Update samba-vscan to 0.3.6c-beta5. - Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't apply to Samba 3.2.- Make nss_winbind thread-safe; [#293907, #329796].- Perform KDC lookup using DNS only; [#295284].- Handle smb child crash; [#294895].- Add a global lock inside nss_winbind as workaround; [#293907].- Merge ranged retrieval optimization to winbindd.- Update to 3.0.26a. + Memory leaks in Winbind's IDMap manager. - Update to 3.0.26. + Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin; CVE-2007-4138; [#307623].- Fix two memleaks in idmap_cache.c; bso [#4917]. - Correct failure of libsmbclient against a version of Windows. - Make read_sock return the total number of bytes read instead. - Fix error in enum_dom_groups. - Fix logic error in timeout of blocking lock processing. - Add parameter "directory name cache size". - Fix use of pwrite in tdb code.- Also ensure to initialize ip_srv_site and count_site even if we are not on site; [#230963#c124]. - Use an off site DC if we're not online and talking to the KDC of our domain; [#230963#c106].- Fix a bug where samba writes the wrong default value of max_passwd_expire to an LDAP server; [#298469].- Fix if statements where we still expected cli_connect() to return BOOL.- Update to 3.0.25c. + File sharing with Widows 9x clients. + Winbind running out of file descriptors due to stalled child processes. + MS-DFS inter-operability issues.- Update the cache tdb validation patch which improves the backup handling trying to end up with a useable cache tdb. This applies mostly to the situation that disk space is short; [#256166c82].- Update the cache tdb validation patch to support backup and corrupted file handling; [#256166c77].- Fix a bug that causes smbd to 'hang' intermittently; [#289599].- Fix event based krb5 ticket refreshing in winbindd.- Limit the LDAP expression in lookup_usergroups_member() to security groups; [253862c209].- Don't reset the num_names counter in lookup_groupmem(); [253862c198].- Make the days before the password expiry warning appears configurable in pam_winbind.conf; [#287871].- Don't link shared libraries of vscan with -pie.- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to 20480; [#253862c175].- Update to 3.0.25b. + Offline caching of files with Windows XP/Vista clients. + Improper cleanup of expired or invalid byte range locks on files. + Crashes is idmap_ldap and idmap_rid.- Fix reply when no dfs share is configured. - Fix the DFS code to work with Vista clients; [#286937].- Migrate old if-up/down scripts to new names on update; [#283706, #285187].- Introduced prefix numbering of if-up/down scripts that they get executed in the right order; [#283706, #285187].- Restart nscd on winbind update to load the new libnss_winbind.so.2 library. This will not resolve every problem with nss modules; [#174589c88].- Fix winbind segfaults with idmap_rid; bso [#4624].- Add missed 'c' character to the list of valid ones in escape_shell_string(); [#273611].- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].- Remove superfluous requires to samba from the devel package.- Ensure the returned structure size from _samr_query_dispinfo() is smaller than the total size; [#203833].- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan. - Install header files with 0644 instead of 0755 permissions. - Enable build of the python package.- Branch a samba-devel package for post 10.2 systems. - Install .a library files with 0644 instead of 0755 permissions.- Update to 3.0.25a. + Missing supplementary Unix group membership when using "force·group". + Premature expiration of domain user passwords when using a·Samba domain controller. + Failure to open the Windows object picker against a server configured to use "security = domain". + Authentication failures when using security = server.- Add %dir /usr/share/samba to the client package. - Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and smbclnt from Provides and Obsoletes of the main or client package.- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.- Update samba-vscan to 0.3.6c-beta4.- In some cases PRS_ALLOC_MEM was called with zero count; [#273613]; bso [#4637].- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].- Don't use current_user to prep the security ctx in change_to_user(); [#273613].- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.- No longer check in the pre package scripts if swat or winbindd of version 2.2 are updated; [#273160].- Update to 3.0.25. + Significant improvements in the winbind off-line logon support. + Support for secure DDNS updates as part of the 'net ads join'·process. + Rewritten IdMap interface which allows for TTL based caching and·per domain backends. + New plug-in interface for the "winbind nss info" parameter. + New file change notify subsystem which is able to make use of·inotify on Linux. + Support for passing Windows security descriptors to a VFS·plug-in allowing for multiple Unix ACL implements to running side·by side on the Same server. + Improved compatibility with Windows Vista clients including·improved read performance with Linux servers. + Man pages for IdMap and VFS plug-ins. + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447. - Disable build of the python package.- Fix heap overflows to prevent remote code execution; CVE-2007-2446; [#273613]. - Fix remote command injection vulnerability; CVE-2007-2447; [#273611].- Remove obsolete samba-pdb package and required packages from BuildRequires for post 10.2 systems.- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.- Remove requires on release from devel packages.- Reduces the number of queries made to the DC in the ads version of lookup_groupmem(); [#253862].- Allow winbindd to take local shortcut on secondary DCs in case dce funnel directory is set; [#266853].- Really remove Should-Start smb in smbfs init script; [#242918].- Disable 'msdfs root' by default again; [#268004].- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel package; [#264623].- Let idmap_ad search in the Global Catalog in case dce funnel directory is set; [#266049].- Allow share names with a lengths greater than 32 chars; bso [#4512].- Check the euid and call become_root() to get write access to dump a core.- Add pwdutils BuildRequires for post 10.2 systems.- Do not restart winbindd under any if-up circumstances; [#227942].- Replace unneeded become_root_uid_only() by refactored become_root(); CVE-2007-2444; [#262090].- Add repository version and branch to the spec file via build-source-timestamp mechanism.- Allow applications to set the share mode while opening a file using libsmbclient; bso [#3684]; [#203737].- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].- Add gdbm-devel BuildRequires for post 10.2 systems.- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].- Fixes a known bottleneck under very high load situations; [#247984].- Avoid passdb builtin group membership calls in the DCERPC funnel patch; [#248556].- Allow pre 3.0.23 multi passdb backend configurations to work with post 3.0.22 by using the first backend only; [#245167].- Prevent nscd crash in NSS winbind initgroups(); [#237719]. - Fix pam_winbind cached login for samba/NT4 domains; bso [#4225]. - Various pam_winbind fixes; bso [#4094, #4288]. - Fix DCERPC funnel patch; [#245278]. - Fix vista and share level security. - Fix vista variable expansion; bso [#4093]. - Fix vista DFS support; bso [#4356]. - Fix vista backup tool; bso [#4361]. - Fix vista deletion on shares; bso [#4188]. - Fix vista spoolss problems.- Fix crash bug in rpc_pipe_bind(); [#244892].- Enable DCERPC funnel patch.- Fix accumulation of expired LDAP connections when winbind in ads mode; bso [#4009].- Fix all lp_dce_funnel_directory() callers; [#242833].- Disable broken DCERPC funnel patch; [#242833].- Update to 3.0.24. + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].- Avoid winbind event handler for internal domains.- Fix smbcontrol winbind offline; [#223418]. - Fail on offline pwd change attempts; [#223501]. - Register check_dom_handler when coming from offline mode. - Fix pam_winbind passwd changes in online mode. - Call set_domain_online in init_domain_list(). - Winbind cleanup after failure and fix crash bug. - Don't register check domain handler for all trusts. - Add separate logfile for dc-connect wb child. - Only write custom krb5 conf for own domain. - Move check domain handler to fork_domain_child.- Fix pam_winbind text string typo; [#238496]. - Support sites without DCs (automatic site coverage); [#219793]. - Fix invalid krb5 cred cache deletion; [#227782]. - Fix invalid warning in the PAM session close; - Fix DC queries for all DCs; [#230963]. - Fix sitename usage depending on realm; [#195354].- Add DCERPC funnel patch; fate [#300768].- Fix pam password change with w2k DCs; [#237281].- Check from the init script for SAMBA__ENV variable expected to be set in /etc/sysconfig/samba to export a particular environment variable before starting a daemon. See section 'Setup a particular environment for a Samba daemon' from the README file how this feature is to use.- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.- Fix pam_winbind grace offline logins; [#223501]. - Fix password expiry message; [#231583].- Move XML service description documents; fate [#301712].- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.- Add XML service description documents; fate [#301712].- Move tdb utils to the client package.- Fix crash caused by deleting a message dispatch handler from inside the handler itself; [#221709].- Fix delays in winbindd access when on a non-home network; [#222595].- Fix client-side smb signing; [#222951]. - Fix imcomplete merge for firefox NTLM handling; [#198255].- Add IA64 and x64 printer drivers directory.- Update to 3.0.23d. + Stability fixes for winbindd.- Fix ldapsmb group and unicode issues; [#143417, #216606]. - Fix net ads account management; [#217046]. - Fix libnscd usage in passdb; [#217363]. - Add the "mega patch" + Add site support for winbind; [#195354], fate [#300909]. + Add site support for net; [#211281], fate [#300909]. + Fix winbind krb5 ticket handling from offline; [#178028]. + Fix "net ads leave"; [#196771]. + Fix winbind username case handling; [#184902]. + Fix winbind name canonicalisation; [#210174]. + Fix winbind online/offline handling; [#196859]. + Add NTLM cached credential handling for firefox; [#198255], fate [#300973]. + Fix winbind groupmembership handling; [#211324]. + Fix winbind site-support handling on reconnect; [#195354]. + Fix winbind child initialization and online/offline handling; [#196859]. + Fix winbind cached credential storage; [#185053]. + Fix winbind long login delays; [#184450]. + Fix winbind crash for new AD user; [#208454].- Fix pam_winbind overriding syslog settings; [#201756]. - Fix profilepath pam_set_data for other PAM modules; [#215707].- Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. - Fix libsmbclient accessing NetApp; bso [#4018]. - Fix error handling in ads printer code; [#209409]. - Fix passwd pam segfault; [#211719]. - Fix crash in winbind async child. - Fix winbind failure mode for trusted domains.- Add realm to username if missing in net ads join; [#211706].- Move the LOCKDIR to the client sub package.- Activate the libaddns.- Add version of the package subversion to Samba vendor version suffix.- Update to 3.0.23c. + Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. + Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend.- Fix time value reporting in libsmbclient; [#195285].- Remove update-messages.- Store and restore NT hashes as string compatible values; [#185053].- Added winbindd null sid fix; [#185053].- Update to 3.0.23b. + Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". + Errors in 'net ads join' caused by bad IP address in the list of domain controllers. + SMB signing errors in the client and server code. + Domain join failures when using smbpasswd on a Samba PDC.- Fix from Alison Winters of SGI to build even if make_vscan is 0.- Update to 3.0.23a. + Failure to strip the domain name from groups when 'winbind use default domain = yes' + Bad token creation of local users on member servers not running winbindd. + Failure to add users or groups to ACLs using the Windows object picker. + Failure in file serving code when 'kernel oplocks = yes'. + New "createupn" option to "net ads join" + Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.- Fix pam config file parsing in pam_winbind; bso [#3916].- Update to 3.0.23. + Improved 'make test' + New offline mode in winbindd. + New Kerberos support for pam_winbind.so. + New handling of unmapped users and groups. + New non-root share management tools. + Improved support for local and BUILTIN groups.- Prevent potential crash in winbindd's credential cache handling; [#184450].- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].- Fix the munlock call, samba.org svn rev r16755 from Volker.rinck 1284464487  641.34b-6.8.1ldapsmbldapsmb.5.gz/usr/sbin//usr/share/man/man5/-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.suse.de/SUSE:openSUSE:11.1:Update:Test/standard/b58f2aa7a1a202ca90400172318ac447-sambacpiolzma2i586i586-suse-linux6EoWS͙q?] c;mV;j c1]o㩷כ(:F1l?v8rq@>TNEϖhuZ'g˟ VJ|*1AK< dwkхkKҏ|^*2EMvީ[ m>J(x猓p|vv3XlҸpL}3ɨ-sS&HoZw'*R 0ydKr]#'(U<77LcmHWPPr;MCpFhmgH0mӉ8?c.ȱ6ӈ[X 1]#y$W&8#G5 0+RhazPOp~\vNJ>?=ţbߡbU֕*OhqN[Yp~zBIGF".â- $JK=X93vV%79¹>6yĆtq'dIG 4v@!mnU8$R:[HX|^G4b2 h\dJlRRֈ2^'f䚦\A7̎h/7.3!V%`c r:B|MQ``(_e<.05yMq;H «mUl44m|^=M|dv ^z3A9iIf@)x.%%beGa‘v "eae)*}XujUg%۸JEPmҎ&Y*e~b lĭG:~Wn2s0/Rz.QBF8K4WS]bU̕ gJ ({!B#sЭҍBsB:e(Ⱦ&S`֣sa5/}n\mRX{dT2-{\4;/a,>)n==B}¿X"T&VbI#Ԡ\s?QLR,衣 ѳld%E>ybPo520ø9?,fEIci4{V%G-lIqg2+-blLޜ^q2UOKoJ &I% 4NMrG- b$Ϛ|3pN~U-fLLu#l2A$3oo~Ms&Jפki="sbD]$Bf6^JF';Lę&H ^ j` Rبf-YI^MV6 Qw5庻T:NMg:$.ՓmZ' ; wZ+<,M-j~@?bN49;PltOXye {Y,ҿ'X+eΑd(ړ% P:sFWf{ǩ~eҲT0vPkj2l<%*]SĄҊ31%3+1sw&$MbCfgћ`jѐ*蔙 x+I {;{[iX5-v,I~artm/Ж,8%y(MP^GK%D [wUE]˽gOQukʹHAlJ#$knw,SP[d7R)Z^t9&oT)ఉU>__hgs}bʏ ZD ًk[wxҫ9μ=p:J_7 $]A.4Aii|LԞۃF%iE+}<2ؑPWs.eXض-UOI55I'-k,]cldqɱY"ud:u9…,r;4+L a1oS˒cZ5`D}Ž$8'͠wW =I_熹>- ~(-:UmXN)8_e=pUyP6s̻"I TQ? m/k4SL*wFI25{Ci} #[S(WiISħ/ ])|{Zv'GF{Vu@uצ+RٴwkK ES1;Rc8SuQc5Wo&TC_ur7~m7lˆ")Ёu]}sad[4Jtݨe%:GI4<0*&fbMϙ!sgG(n jB?Laf3XLWK=34Fj ޚnA7a۩"c[}غPp V|J|׈)upd l*r2 bĀC Uty]T$ޯ(]֩# Fϣ}|\/Fijty'isGk&FEd2/`V=\2 D>+FVwh\'g&G+xbDgxzev#X J~o跋q;T/@H;1Aw/^;G:aqLnu˾+;4=͜'-AjGD1ۜWVڱ nLe=@(a9VԇM2vDhM蠊Jj1 9^H,^ӕ1`6Nr#Eh,0IeR[:4HXL#rDI]B-Y4͟1zpjIq3.a8vV8b$IY@O."ğjTgTNE^E^O $4SHM.fsz$<ֺ(8EAQ~\NK7Ωn~+t5AǵՖ2Q1#,HI#ZZPnMFYх51DoO1ĝԩ"YJP /+3s^sҴ̿Z3Bdd+ HZ*&Il =Dy$S&PɧPrbfq/꼴k$!tK."Eph0JC9).A@r9ž!'|?b!YNRBػ"%%6b4\/f.,3$]cNY-y%ɤj#7xM!Bx2.Xل,k9peKܞean'X- fJ5S+R#;~kְ}A~]t9\ZMՌdy%RFwG˙fD(`xĹР z'`5Fx]%S&,:}<] rqZkU{XET ЍW=eJl%٩_[i#4;w>tPOb(E bƌnWȤQ~6m΍啮-p)Zߥoѐ*{ޤQ㗠RD׏{ CX_;1\`|)M螳 zn0lC!b/Kң&Sk"5U8L> VE5J*c-$ VIBWR)۵Nƣc#ra\ĝax23?xq-ތ!񏞽ȡRϑ7W:Rf6(3bJW$+q ~1Qx}{#+ ,q莎;9~=]H%?Y^)fW&j 7cޜ鄢 7*jLE!`D{' QﱾܥJsɴc(?m о_Ѩ*/L׳fxA%1 (J< )$;| X!PBuܶ ud'ͺJF>Ÿ7rHoB^'7||wbƤɷ=~.AQ"i7:/wz*N*xy4!*$Umw39lPkiEܰCcʻCr76|Xڝ'zn=4@$& ;fgfCrpБoOfTɻ`mǿPjog Jr(,1lj%=j pF*Ô*/Co!8ow.u,`D2;d7)?[bϤCH@$ج>r)(aR c3~5?VPxe P:_jF\GI*`"pcq v,rHmCYͦUrJ)r OBS T<[R[k.m4,lnFy3L|֚2Uۜ;/%gSϒyK'w>f LSH, <G[0Smi6x=txE2?ѩ\@HAF#C'Ϳ b])DнOJgCϺ[5O*J([f~WJ4 J8G=s:^*P-aTuLf0߅ \f۞۱db=<t OGm-xX8 isr<ŦxN$kw?i7JM3 &w{MB~ ?d'^=tl%K3xPίpv2 ֟Ǭi3mzFe+45sصfet֨IJ-Q웈!{sȨ jx[}w GSA(HJbd@7fj",OA /:cxi;f?zfJH|%uBgپS]hQC1b4`bc|tDRAe3' l,Oi7u~ZS)/pg:ͬP$%`fhN5<;9L7/B킍 K $v;PawBx>KNλˠ~ \0Hi@R`42LWGME0 iJ_LUk (,%[CVwUqs)EU۵N1~䓺҇A1c3*;A,az2׵g^iZnd!Ӂ|YBhz6 ]MS0>E׬V8A#|篻kQ9x!̴ Xӕ0+}hIp4Im:񃻿[sjZ4_:^]EfU%9'v@fLpœȭ? # ހ!(^uqTlV"&vDY2cav#씷V0Gphu 4c' 8:h9-M,Ed/~/xpO&T/ACa' 2~JLDD-HXO0B.ױnψI_8*-fbmSckipX֩aQju6-6nL0DPL5ԸqvtHȡ DcZiv]j4UNKrL4iZܟ@ =T"FVp:s5 ,7,E o9ۡL{KHHB#r5I+>sz Ȍg_U 9ڀyfp]s5Ct.AƤIW(Uz\S}eN5e i (l51k2HEw<2aT!tJ5ͯGe8àXUgN ϹXbe20uO)vu`D7qEc5NK!쓇XҴߗD;Kg㎿}\a:Ջ ֗*t~ 2GSP?A)LpCPFrvr(񞆮4_;Cϊ[{?(5ayJxTpRrՇ>?xcg4mt r{̳_llߺj \o30% w>hI]l4`Ub1rQrߴ 00{i?K!|2Z/.b^oZv/6mEB*``MJ<7K04Zep Tc3㇫k$G)GHFn[k{ GO\~2 bcu ڔě ධsO1yiGBՈV{es]O ID-ؗy`=)eTcU|0W oAVƋ[+|aTIdkX5KJԧG-#(C(-X7YS #||R^u/BOƶqzvtM>$Q2\ˋ;.˰40:Ϋ}89-~5Wm#{x->%Pw0fCUb W %8'ŧ^y뉇{hgo4m}7 -;+ 8/68]>l5Fg fBoOb*&`w?I% IXՆ, --+:_-1z8kؠvSBxi_=4c*'xUm hl4{[HHA0rOp[$$x6#$Dk\G IyJ$ 壚lL%l+fJ?y ܹqw/TAGOf* ^2=N#]ڎk&zq#JL,U"#_Kh2BM{,Q`,5Hk)_@-aFdHCݐ,#bȇ f>S4Š$qB9Yƿä K\ %/-#ћP"  [.1Y9naU}>輶md<3srٮUݴ/ a&exFYkY?2p  Ko攥0Soߐ(e&FPjW3\8=񼐗IL% [?9b m<7KV]yPڂ=ҺeZI p՗v1R'Y5rӲϻH'}tЦ6iZƵ}0kdk.gvr|jU]z&秦+Aq~J^T],D{֦> *v;j ׭Γ+bi5EXV=_dU,ES" y6$ ]!;(jvUEf(PDWjmH@f;ד 7PN 7wUn:BXL['5BMxq OH:.D#}g~.v"X?İfޅS P*\Dk,)+nElx`<}o9K)\yX6H(Gb#'۲4 fO?}Zm[.t!>-Vө\tS80 2^IdSOQ] t{A[+T_GzZؔ*uMQOM9X7`)au f yM)s:ҟr6``@ n'l}3['FEumUdˆ{NyAvD1IJ؎G `,lLyE)M=c Hn5!,75UR*& @kOF `r6 A5^[F8anx&+ؖg8xOAjP*UR5S[83q]Kpo4U˞` 3nPJqe7˦Moxq8[L ^7 Î9kTZi-BYS.X悑 akzg%;qy(̨H{i\&rtptQ;%N6#nk&0[%v~ݒV r8.S)UɸQ]^!WgVn1feU<t{N͟ޤ>smY*3[((w%g2˔uü*Wr{B;< 򀝄* /e%WW+Pz(bAcqN7=+EHPO$_6 wmzP6G4'bkփlV}&wPEd'f9le}e(MŇ|~kÂԠ2,˂H"^x qZ-g ;8M@b$M˔I&T gaH9 d`"T^J 9{}A'`0 [I`7{ݐO;>\?BH6Ϫ֎c;*eo^ ~+:S߈G9F[V>wEvk4ɴr -p[`@W`zZʦ: WF쭋%dFDyVz.|:2Ha{7KDhh&q'n_ `&Q%K5ڊׂ&&UYб薋y -׶sև} ߊ3XrrViP}ղbIWe(X=%g7cꖫd0y15%8%IIH@5ٍUOwx^:mS@a]nKe.8KE[42Ƕ7![p@U-_pҀsPہ BGK6V'TBGzJzEr*KKX,\0H"6=6|ns' VCѹӛf*y2XgLeGG<5y㻩| dQSMj< a)`e`T4Y^J3xXP$&]<$):T̉}'?f7@] <研%d|K)QNN }LHN ڑW&~OeD:fLu]Fɱ|/lSh]"#I8+9+B2EC)d )y8wTߜ|KR$PU0VFa%께X0R&b_1~RX)Õv8Դ&B.>jDaTA{σ3M$$KV0Qs\l[rFXJ+3= ˹T}H Н5%Nߖ=\${Э Il9CsuE$|mՒ~KGF1l9蛿Ƙ]K_pt+¹46\z̘9X(/+1t}!l8#":8ވ3ObJ HI'r՘"ap/(Vpd 2b[i.LPɷ [ QOV@jU廞DW:5ڭ X#Zk)*QL944$[XHL8x xcU%qubLea6˺̸!Ӝ9/JJ&:+ڜ q OڃL*S WrCILvwF`-BB@Z_<"(T F] yQܐ0$\iE$al<`2Ջ7!,>\n \mT0ѣuk1+@؎1VK6olªi";fх!rrlDn'^ӂHJUHv[7V1._<+Q'iJpXESCMV:2D|~d[ ua*CG*[+6B=b0J 0IY$e-dl1Tt;X\Tv.Vd֣>YF)8 sΣ] ~K,i3F5}/:^"J[ 'т̦wk|{@qaUă7vM=QL`mc49*0&XO߯jU j \>0489$kW8ir߅}Z*w 7@@p}`ؐ?tY;Q4B#F+Ȩ@Oa0-PXѯIY1qNI &LBtS]Y9^ݹ :>#`X&$n{Â>y!WjyenQk&%5mKIByatC㺓z!:B rV"QRBGB3yg\z03JxN1$븿+w5(.cOI MQ۟$}z`DDftN}bm6" GloȁeUXy CSlO}l\>pʊƗsyR L*>; ycоIUyÁ:lO6_3-ĈW&pڮCɂsa"\齰J ǽ8!;1Á jU OJWPJ_YdX<kfõѺ4!vJ?+Rx<Tg AG yt]@Iѕb%ڼRĒDE<\r ZU^FB |T"$2vz``[&5TVjdr,hULRsTy|vN}Qէ+ߨ5&0]Q1Cj&IP[TY9g&ƺbo!$uX&O4m7q[ۀlb  ~Vv946BZ7i{68eks2v ]騳9x+Oyn8)t8.6HhZ`; v"F3=izp6 )=*.` $]/ cY6qޙ-m&?T2W,Pl &ߡ;Jd<-gUFr R82[8ɼ󍙊a7Y q`GWkVmyr}vw4]twC6,MlhƑaQͲjx:Ndh !^9r :I"`+H2`Xk\;ҍk#v 37fƭ%sؚ~!F)̒8Pmׯi! z~v-^<$:Nz;պq1nnG4j.Lp{:1*iT 0I@~UP"fK]< pK |8^wNGY )>0*Fqkl+'{*NN$^" NoҧA kx^ѫӧ=y!}x%[rol+i6=#+g84Ds_'B"pᆡWrlDiA\?1 d>C Z"S#ΗTD{j>>:K0$x}.jq?vPFp ҩgR_ʥC…ݫjG/2J }b7lo-,{ʇ3s>A\+ $=X-, HC*s0ed>>Ǜs Ѫ" ¼*9$+w,gX +U<15]_"b | cH$a<^Yi]8:p?k?RAYF0snغh%6_{op'q(q3cB=2ZVR{s' "V&X?+2ribkX v`bDwr'< gr3-u-?&ܦt8C00*e@{v2h,{y& }˕L޽-qL/ 19MFVXÉ7tIIfzR\O*)̷0]Q }$lI_w7|lKfbčC!iCKq ״ ,en5&~8"#<d'x"-3b\ Ě+^W239'-ﯠz>a-j7o׏eR텹3?ہBi6}[/}f Ѥ-/"mQ˖ [:֊>lcZ0)0 N[7tE'"?C)G(_zʒC'"{ &ы2ܭ}]({'vC*vӊ:iz>Q&LL cmpڊ_˕NT?N#2.VƸe骗ԢMLygJ(׭1>⬄~4Dwi6\FK gߵ97`lPGF!~t2NTw2 E>[K/}ŝmM)攰 /)|3\ oApx\@)x!bcTrl`܎HbT:zKV0 @#]]D~ )l#z<=f^<જt#Gߣ0{Mnx%C7()ܤʙlH k pIK#zΡCJyFDW_o8S'd'nѰ1쭪Ģj>/6py ?!j%+3*4jczt*&)U*w##%~'S ^)v#=՜d[< J1tҶ1r\šR{?rM'/ra,6 %7Xx15̉Պj2ܟܡSjRT,j8|RMq̜k0/g^\mtU:ԝ#1xmtӯA18T]C]u'XYQ*xdZ8Qɻ4?/ دQǹ22G쥽`L:z" Hěl(|{g,bcMm@- unp3Nٶ+ŽG#_9{5vmk+z0wW_[:z"9~Њ;W7[zI!C)D"hľ 0YoLU,&0X/\ֵE4ei=JlY핅ݖo&\!mk{v9k\tcȑvP%Yh A*8ݝ*i6^h l,JeE@M T_0Ymֵc`G2fsWɗi6zX1q^gC#g9M]nO'+55l `cԍ)O198©KpL`"Zb_IZ "wiˌ@,0p\NoS~(\Gxg=Z.3}³ Ggc!Qj>1g-$ɼ~+J5Yr.6.ḵ̌NSZ?r}FqS761GE]'l]2ԡx V2q.`T[GƯ*mv0p7y0tC-8Zcq֝E$)&QYU}@O 7 " OHKT736hWاDWyHj֛[!oEv">]'4T2`QtM׼"}`- `uǀ^֩l(^6b_7&e S*8\Dp4o߲eyoͬ o|AM*VL'Vh=U|\ wij@1]Rr@h=9SCO~yk|KGT3>a~MrbnE5#қ=eP%xJF'{!&`;5F+S!* >^śz,!|UVN L=5iٿ|2*_'G\7SxcQ&7rb0TKR&4g<@(hk4+(}ؾ+$Pnqӽcۻ)^P7RQow$Ʀ-^h5rW#`Y4B띂r]p2)05R*yŀۈ\3&YIՐB.,idAV2v d 4w'L0Qb"|{fAn\jXPcSk xju6ՕVsp^3}Iǹ(i:c _4-5FT8Wo*[&xVc4 n<'8~m)ʠgO~47DV}iEE{#1(0$AѸV`UK T $ E=(m+iAhIW*;bVwj&tQEO%-6Faڬ PZK˖y7%w טj,yHQ)dMɑsdG۳/Zeĩ=]$C,IzIx;ܥ2#, ur!^= oAʆ(.mij!Coݙ/&x;@Bl7;r3 mƕ?MqrKe&L4V >UO)4CX2ʛ7 Ց},j.½\L? h-u#8yb({x<;1L؜4Ł'f–P܎{m3d iQa_xE4(F 5) $67 MhAV#1tKUI}Hlр FgnOF-/$Υ9v江cda^0'+O7kEw]h |m=4-s_X;4*#3 |kNOlxQףdby/eNzu? c'Lk;67gIR9 :gRGqzkaTAT$DyvUd?& A`SX)xw2F.HO< 'a2kugH"b)O'UHGrR)8Xb pP4ohwh?plG~iqQ_6~ύny6hlɛklJj>mB/y`uʫV"5V_HG\B{;ݗA4 0Éo9 񴈚&G爩Hc*DzG$SqYb\ wV]QNdYEBvi4j+WDhU|.T !`|$nfϟ#]嶍ĢUc -r&i:\vGDյ[#8{xS)B2OY*\X.NVYǝQ:z`§$;<룗f