í«îÛ    samba-ad-dc-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2                     Ž­è         <   >     ,     è            ê          ì         ˜œ‰ e‚ü"p¯ž9Û|‚Žþ+Bc
˜…pG'b
y)}D”•~É€ã5çmÏ»/UÏÏv…),Ÿí·â©7›Íž`‹O%olsÀãˆ™‡˜M“ø•´p²ggQ™µ„veü¦ÿþ$)›ôv†–œeUæ(o<˜DÝ	0{e4t—ù7ïõQÎûž¥èêN6{ì??IRªmÎ~´×ÈºƒÝà¥¥˜Tü+XT‰c9ép›ª(›†àr*{ñ•¸ØÁ”x1Ÿtu¹'Ÿ÷ƒ4zŽ:ÓÆÓÍ¬¨75lM/…wº¡ú(uïÚ|†ÆOQ.5O½L¤æà=·8É ˜• _Ìª(Â	‚^Ÿ»íkÑýÙ•é³xÜ®ŠÄ‹   >   ÿÿÿÀ       Ž­è       A •h   ?    •X      d            è           é           ê      4     ì   	   B     í   	   u     î      È     ï      Ì     ñ      Ø     ò      Ü     ó      õ     ö          ÷     '     ø   	  =     ü     ]     ý     t     þ     z                        +       <   +  	     ’   +  
     è   +       ”   +       ÿ   +       D   +       ð   +       Ç   +       ž          Ø   +       „          Ð   ®       ˆ   ®       2v   ®  (     3V     8     3`    9     7œ    :     I§    >    c     B    c     G    c(   +  H    cÔ   +  I    d€   +  X    d¬     Y    e      Z    e€     [    e„     \    e    +  ]    fL   +  ^    hª   
  b    i|     c    j:     d    jº     e    j¿     f    jÂ     l    jÄ     u    jØ   +  v    k„   #  w    ~d   +  x       +  y    ¼  S  “    •     Æ    •     ä    •     å    •T   C samba-ad-dc-libs-32bit 4.15.13+git.710.7032820fcd 150400.3.34.2 Samba Active Directory Domain Controller libraries This package contains the Active Directory-compatible Domain Controller
libraries. e‚ü"h03-ch2a     )gÐSUSE Linux Enterprise 15 SUSE LLC <https://www.suse.com/> GPL-3.0-or-later https://www.suse.com/ Development/Libraries/C and C++ https://www.samba.org/ linux x86_64 /sbin/ldconfig               Æ(    •ô          Å¤  Å¤  Å¤  Å¤  Å¤  Å¤      …t uÄ  Å¸ u eÔ  …t  %´ …„  u¬     Å¼      el  El      El  %¨ h  Ep µŒ  õt h Uh uh  Ep  %0  %l ålAíAíAíí¡ÿíAíAíííííííAííííííííííAííAíííAíííííííííííííí                                                                                      e‚ü!e‚ü!e‚ü!e‚ü!e‚ü!e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"e‚ü"   32afba41b11ba7de6b3bfe516bbdbd3e28d3c43a2aa4436250f3204af34870b1  0ebf8e15dcadeadcae2c6dfb33a1ab3c6c1922113a74573883a1d70d50391a0f   d8e9095f0bcea9dbaa7db0803a8c3eba5e0843499482180397bf90c4904fb8bf cb8de747119309326f9f1ef5588b4c7708e424dfd24185dfd1e62678ec69bf56 1997c89f3cb2d2221612a42b4827f31ecf78341de90ea56b49c86bb544404771 e2607071f079ebaf3e4c7ca4bd0154a03f7c35230981790708c58c8b05b2410d e96e68b2cff29267cfdd7fa738546dbf945da7e937f4bf15622e73790d2a429b 7daad33d6d42dcee9adb2151f590e05611f497c4974b2d105ea1292e342c4251  df3a5dcd94d5519b8295c6f36e645d8b17705acec248bb1e1711debd2e2cb7de 0f68b2a8c14f2f544bb903824260f5d40c3663bd02c9d3c4aa3919f31c3ffc7a 8e45019a420d97c05389f19d455cc120d54f5090dea9065c280b248e60b2d445 ff9ef7496d32d73ea74cda9450c4caa11a09806241d3f68f5ea6a230ae9e83fc 5a935f3b890ce248f35f9ed798e0083f279e22d11372f6c09b0f4071f1c912a0 91c37190f440bf1ca20b0419763a170fa5b593fb8e3f04baa5760f602e3b86e9 09f8902ff11452b9b080cb169164e3111cd789ec540dd49d324f366497dc768b 8611682899adea69b991df9db3fc95351c5d27c7d56dcf672b80a97255f8a46e 7089c16ed66c63ad9c5409253e0a46a524c0d3938bfa9d53dec410c512366fc5  f70a62b288ce8edfe5a45a4c460a7170afae3482dd76dabab6b6bf157878cc9a  f277581d8e4fbb3f695c0556c4f2cc9414be24976423ceb6c1ad470e3beea500 470e80f1e2d9bd8b985c1426fe3d0e9530d691f162d2ae22fb1b7318897e4824  5c5a4c13d40fd0b2609cdcb59c61d4406105f204e41a56f3c80fca11f8194241 75c25ac298de9ed6c64478cad06d42f3f8eac207e361bd229dcf81e566e58bac 1057b818a94499f52e3b3145887eb2579b8458765670cc855ada2a1acf34765a cbe3a2c63ba7429eebab921da6cbf5c7132be3da565f4c0700544c659cb60004 6115530b4c9bbeff080ef7ae62b74a5434186b2e02128bd84f23e5503dab73e8 1244e99c19f16d5830391a25b62acafe610d73bf0be81e3f2cdc4f31249b5ad0 94e5cc510c9ddc5a79c47bf2d8934ee637534f69a4fbe181fe828dd12d602920 20029475ea0f9fde4c3f7f8f1dcef2a7e40a61a0ab24bebee19985cbaa43dd98 974204016682cd6d4482484246ccc7d868cca8328dc8e7425ab4232a4af6fbf0 8f197ca8e6541802d7a85693e7b724232a3f6eecfc11e98371016ba2572f378d 77dc371f8166c2a8e550ff27d3197e0132c47da5fca969685a4a55560cd872c7 889ab037d8665228278cd77efbe795fa9369d97e6d2fc066f62740d640b0211c 229f32073923f3ffc57ea0e8299d6e2f698f2ad7f34ffedb0d8683ff8338eb93     libdcerpc-server.so.0.0.1                                                                                                                                                                                                                    root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root samba-4.15.13+git.710.7032820fcd-150400.3.34.2.src.rpm    ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿlibdb-glue-samba4.so libdb-glue-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdcerpc-server.so.0 libdcerpc-server.so.0(DCERPC_SERVER_0.0.1) libdlz-bind9-for-torture-samba4.so libdlz-bind9-for-torture-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdsdb-garbage-collect-tombstones-samba4.so libdsdb-garbage-collect-tombstones-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdsdb-module-samba4.so libdsdb-module-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libpac-samba4.so libpac-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libprocess-model-samba4.so libprocess-model-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libscavenge-dns-records-samba4.so libscavenge-dns-records-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libservice-samba4.so libservice-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) samba-ad-dc-32bit samba-ad-dc-libs-32bit samba-ad-dc-libs-32bit(x86-32)       @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
  
   /bin/sh libLIBWBCLIENT-OLD-samba4.so libLIBWBCLIENT-OLD-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libMESSAGING-SEND-samba4.so libMESSAGING-SEND-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libMESSAGING-samba4.so libMESSAGING-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libasn1util-samba4.so libasn1util-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libauth4-samba4.so libauth4-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libauthkrb5-samba4.so libauthkrb5-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.3.4) libc.so.6(GLIBC_2.4) libc.so.6(GLIBC_2.7) libc.so.6(GLIBC_2.8) libcli-cldap-samba4.so libcli-cldap-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcli-ldap-common-samba4.so libcli-ldap-common-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcli-ldap-samba4.so libcli-ldap-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcli-nbt-samba4.so libcli-nbt-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcliauth-samba4.so libcliauth-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libclidns-samba4.so libclidns-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcluster-samba4.so libcluster-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libcom_err.so.2 libcommon-auth-samba4.so libcommon-auth-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdb-glue-samba4.so libdb-glue-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdbwrap-samba4.so libdbwrap-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdcerpc-binding.so.0 libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1) libdcerpc-samba-samba4.so libdcerpc-samba-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdcerpc-samba4.so libdcerpc-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdcerpc-server-core.so.0 libdcerpc-server-core.so.0(DCERPC_SERVER_CORE_0.0.1) libdcerpc-server.so.0 libdcerpc-server.so.0(DCERPC_SERVER_0.0.1) libdcerpc.so.0 libdcerpc.so.0(DCERPC_0.0.1) libdnsserver-common-samba4.so libdnsserver-common-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdsdb-garbage-collect-tombstones-samba4.so libdsdb-garbage-collect-tombstones-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libdsdb-module-samba4.so libdsdb-module-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libevents-samba4.so libevents-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libflag-mapping-samba4.so libflag-mapping-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libgenrand-samba4.so libgenrand-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libgensec-samba4.so libgensec-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libgnutls.so.30 libgnutls.so.30(GNUTLS_3_4) libgnutls.so.30(GNUTLS_3_6_3) libk5crypto.so.3 libk5crypto.so.3(k5crypto_3_MIT) libkadm5srv_mit.so.12 libkadm5srv_mit.so.12(kadm5srv_mit_12_MIT) libkdb5.so.10 libkdb5.so.10(kdb5_10_MIT) libkrb5.so.3 libkrb5.so.3(krb5_3_MIT) libkrb5samba-samba4.so libkrb5samba-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libldb.so.2 libldb.so.2(LDB_0.9.10) libldb.so.2(LDB_0.9.12) libldb.so.2(LDB_0.9.15) libldb.so.2(LDB_0.9.16) libldb.so.2(LDB_0.9.19) libldb.so.2(LDB_0.9.24) libldb.so.2(LDB_1.5.1) libldb.so.2(LDB_2.4.4) libldbsamba-samba4.so libldbsamba-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libmessages-dgm-samba4.so libmessages-dgm-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libndr-krb5pac.so.0 libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1) libndr-nbt.so.0 libndr-nbt.so.0(NDR_NBT_0.0.1) libndr-samba-samba4.so libndr-samba-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libndr-samba4.so libndr-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libndr-standard.so.0 libndr-standard.so.0(NDR_STANDARD_0.0.1) libndr.so.2 libndr.so.2(NDR_0.0.1) libndr.so.2(NDR_0.0.2) libndr.so.2(NDR_0.0.4) libndr.so.2(NDR_0.0.7) libndr.so.2(NDR_0.0.8) libndr.so.2(NDR_0.2.0) libnetif-samba4.so libnetif-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libnpa-tstream-samba4.so libnpa-tstream-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libpac-samba4.so libpac-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libpopt.so.0 libpopt.so.0(LIBPOPT_0) libprocess-model-samba4.so libprocess-model-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libpthread.so.0 libpthread.so.0(GLIBC_2.0) libreplace-samba4.so libreplace-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamba-credentials.so.1 libsamba-credentials.so.1(SAMBA_CREDENTIALS_1.0.0) libsamba-debug-samba4.so libsamba-debug-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamba-errors.so.1 libsamba-errors.so.1(SAMBA_ERRORS_1) libsamba-hostconfig.so.0 libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1) libsamba-modules-samba4.so libsamba-modules-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamba-passdb.so.0 libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0) libsamba-security-samba4.so libsamba-security-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamba-sockets-samba4.so libsamba-sockets-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamba-util.so.0 libsamba-util.so.0(SAMBA_UTIL_0.0.1) libsamdb-common-samba4.so libsamdb-common-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsamdb.so.0 libsamdb.so.0(SAMDB_0.0.1) libscavenge-dns-records-samba4.so libscavenge-dns-records-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsecrets3-samba4.so libsecrets3-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libservice-samba4.so libservice-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libsmbconf.so.0 libsmbconf.so.0(SMBCONF_0.0.1) libsocket-blocking-samba4.so libsocket-blocking-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) libtalloc.so.2 libtalloc.so.2(TALLOC_2.0.2) libtevent-util.so.0 libtevent-util.so.0(TEVENT_UTIL_0.0.1) libtevent.so.0 libtevent.so.0(TEVENT_0.9.12) libtevent.so.0(TEVENT_0.9.13) libtevent.so.0(TEVENT_0.9.16) libtevent.so.0(TEVENT_0.9.9) libtime-basic-samba4.so libtime-basic-samba4.so(SAMBA_4.15.13_GIT.710.7032820FCD150400.3.34.2_SUSE_OS15.0_I386) rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz) samba-client-libs-32bit                                                                                                                                                                          3.0.4-1 4.6.0-1 4.0-1 5.2-1 4.15.13+git.710.7032820fcd 4.14.3    e[J@e¥@dÒ.@dµ-@dšÏ@dJÀcü›@c½S@c¼Àc R@c„¢ÀctÐÀc5ˆÀcM@büØ@bÐ@bÈ@b°a@b‚<Àb{¥@bkÓ@bi0@bi0@bT@b0Àb%óÀb!ÿ@b!Àb
D@b	Àa÷Ï@añ7Àaê @aæ«Àaà@a³A@a–@@a‹´@afÊ@aU¦ÀaTU@aLl@aHwÀa9÷@a¤À`vÙ@`aÁ@`<×@`@_éÈÀ_ÙöÀ_²iÀ_£é@_|\@_{
À_lŠ@_iç@_d¡@_ÁÀ_ž@^ýÌ@^ÔíÀ^½2À^½2À^°À^ 1À^ŽÀ^Y À^J€@^2Å@^&çÀ^&çÀ]ü·À]ïˆÀ]äüÀ]¸)À]®ï@]©©@]˜…À]Œ¨@]nUÀ]nUÀ]iÀ]e@]_Õ@]J½@]BÔ@]
#À]:À\Ú­À\ÒÄÀ\·@\·@\³ À\£NÀ\›eÀ\›eÀ\}@\oä@\\À\\À\4À\	@[ÿÔÀ[þƒ@[ò¥À[ä%@[Öö@[Ï@[ÀŒÀ[«tÀ[ª#@[¨ÑÀ[šQ@[šQ@[–\À[†ŠÀ[ƒçÀ[{þÀ[z­@[rÄ@[@À[WÀZãÀZÍøÀZ¸àÀZ³šÀZ³šÀZª`@Z§½@Z§½@Z“öÀZ@ZÀZ}@Z'ÛÀZ¡@ZOÀZþ@Z,@Z @YíÙÀYÌä@Yºo@Yºo@Yºo@Y§ú@Y”3ÀY‰§ÀYuá@Yg`ÀYf@Y7êÀY7êÀY,@Y"ÒÀXÿ:@Xÿ:@XõÿÀXësÀXç@Xâ9@XÜó@XÜó@XÒg@XÉ,ÀXÆ‰ÀX«@XœYÀX˜e@X‰äÀXˆ“@X…ð@X€ª@XWËÀXAb@X-›ÀWéÀWâv@Wá$ÀWÙ;ÀWÅu@WÄ#ÀW±®ÀW¯ÀW­º@W~D@Wj}ÀW_ñÀWYZ@WYZ@W=ªÀW(’ÀW!û@WîÀW@Vñ3ÀVñ3ÀVÜÀVØ'@VÕ„@VÕ„@VÎìÀVÌIÀVÊø@VÄ`ÀVÀl@V½É@V˜ß@V–<@V–<@V“™@VjºÀV]‹ÀVIÅ@VG"@VG"@VG"@VG"@V(ÏÀV'~@V æÀV7@VBÀUùYÀUòÂ@Uð@UîÍÀUäAÀUÄÀU¨î@U¤ùÀU™@U–y@U€ÀUràÀUq@UhTÀU_@US<ÀUJ@U/¤@U/¤@U&iÀUŒ@UÀU	hÀU@TøE@Tòÿ@TìgÀTìgÀTÀæ@TÀæ@T¾C@T¼ñÀT¼ñÀTµÀTµÀT«Î@T…’ÀTž@T€LÀT}©ÀTxcÀT[bÀTZ@TR(@TO…@TKÀT>aÀscabrero@suse.de scabrero@suse.de scabrero@suse.de nopower@suse.com nopower@suse.com nopower@suse.com nopower@suse.com scabrero@suse.de nopower@suse.com scabrero@suse.de scabrero@suse.de nopower@suse.com nopower@suse.com scabrero@suse.de nopower@suse.com nopower@suse.com scabrero@suse.de nopower@suse.com scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de dmulder@suse.com ddiss@suse.com nopower@suse.com dmulder@suse.com dmulder@suse.com nopower@suse.com scabrero@suse.de scabrero@suse.de dimstar@opensuse.org scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de dmulder@suse.com nopower@suse.com nopower@suse.com scabrero@suse.de scabrero@suse.de scabrero@suse.de dmulder@suse.com nopower@suse.com scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de scabrero@suse.de nopower@suse.com scabrero@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com scabrero@suse.de scabrero@suse.de dmulder@suse.com nopower@suse.com scabrero@suse.de scabrero@suse.de dmulder@suse.com scabrero@suse.de scabrero@suse.de nopower@suse.com nopower@suse.com nopower@suse.com dmulder@suse.com scabrero@suse.de nopower@suse.com ddiss@suse.com nopower@suse.com nopower@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com scabrero@suse.de nopower@suse.com nopower@suse.com jmcdonough@suse.com nopower@suse.com scabrero@suse.de nopower@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com nopower@suse.com nopower@suse.com ddiss@suse.com nopower@suse.com dmulder@suse.com dmulder@suse.com ddiss@suse.com scabrero@suse.de dmulder@suse.com ddiss@suse.com nopower@suse.com jengelh@inai.de dmulder@suse.com scabrero@suse.de scabrero@suse.de scabrero@suse.de dmulder@suse.com dmulder@suse.com dmulder@suse.com jmcdonough@suse.com dmulder@suse.com scabrero@suse.de dmulder@suse.com scabrero@suse.de dmulder@suse.com dmulder@suse.com vcizek@suse.com dmulder@suse.com dmulder@suse.com nopower@suse.com scabrero@suse.de jmcdonough@suse.com scabrero@suse.de aaptel@suse.com jengelh@inai.de dimstar@opensuse.org dmulder@suse.com jmcdonough@suse.com david.mulder@suse.com jmcdonough@suse.com aaptel@suse.com dmulder@suse.com scabrero@suse.com scabrero@suse.com kukuk@suse.de david.mulder@suse.com scabrero@suse.com rbrown@suse.com dmulder@suse.com scabrero@suse.com dimstar@opensuse.org scabrero@suse.com aaptel@suse.com nopower@suse.com nopower@suse.com aaptel@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com ddiss@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com dmulder@suse.com nopower@suse.com jmcdonough@suse.com aaptel@suse.com kukuk@suse.com kukuk@suse.de nopower@suse.com aaptel@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com nopower@suse.com nopower@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com ddiss@suse.com jmcdonough@suse.com ddiss@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com tchvatal@suse.com lmuelle@suse.com nopower@suse.com crrodriguez@opensuse.org lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com noel.power@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com mpluskal@suse.com lmuelle@suse.com nopower@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.de nopower@suse.de lmuelle@suse.com nopower@suse.de ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com - Add "net offlinejoin composeodj" command; (bsc#1214076); - CVE-2023-4091: samba: Client can truncate file with read-only
  permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
  allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
  "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
  (bsc#1215908); (bso#15424). - Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940); - secure channel faulty since Windows 10/11 update 07/2023;
  (bso#15418); (bsc#1213384). - CVE-2022-2127: lm_resp_len not checked properly in
  winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
  Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
  Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
  (bso#15388); (bsc#1213171). - CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485). - Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416). - CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504); - CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546). - Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
  * Paths are additive so do not repeat paths from named.service
  * Prefix the samba DLZ directory with "-" to ignore this path
    if it does not exists - Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689); - Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254) - Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
  (bso#14833); (bsc#1202803); - Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102). - CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042);
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work; (bso#15076);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * netgroups support removed; (bso#15087); (bsc#1199247);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979); - Fix  smbclient commands del & deltree failing with
  NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
  (bsc#1200556). - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at
  samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255); - Update to 4.15.7
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written
    to; (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
    in SMBC_server_internal; (bso#14983);
  * Simple bind doesn't work against an RODC (with non-preloaded users);
    (bso#13879);
  * Crash of winbind on RODC; (bso#14641);
  * uncached logon on RODC always fails once; (bso#14865);
  * KVNO off by 100000; (bso#14951);
  * LDAP simple binds should honour "old password allowed period";
    (bso#15001);
  * wbinfo -a doesn't work reliable with upn names; (bso#15003);
  * Simple bind doesn't work against an RODC (with non-preloaded
    users); (bso#13879);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * Regression: create krb5 conf = yes doesn't work with a single KDC;
    (bso#15016); - Add provides to samba-client-libs package to fix upgrades from
  previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package;
  (bsc#1198255); - Update to 4.15.6
  * Renaming file on DFS root fails with
    NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
  * Samba does not response STATUS_INVALID_PARAMETER when opening 2
    objects with same lease key; (bso#14737);
  * NT error code is not set when overwriting a file during rename
    in libsmbclient; (bso#14938);
  * Fix ldap simple bind with TLS auditing; (bso#14996);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * pam_winbind will not allow gdm login if password about to
    expire; (bso#8691);
  * virusfilter_vfs_openat: Not scanned: Directory or special file;
    (bso#14971);
  * DFS fix for AIX broken; (bso#13631);
  * Solaris and AIX acl modules: wrong function arguments;
    (bso#14974);
  * Function aixacl_sys_acl_get_file not declared / coredump;
    (bso#7239);
  * Regression: Samba 4.15.2 on macOS segfaults intermittently
    during strcpy in tdbsam_getsampwnam; (bso#14900);
  * Fix a use-after-free in SMB1 server; (bso#14989);
  * smb2_signing_decrypt_pdu() may not decrypt with
    gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    (bso#14968);
  * Changing the machine password against an RODC likely destroys
    the domain join; (bso#14984);
  * authsam_make_user_info_dc() steals memory from its struct
    ldb_message *msg argument; (bso#14993);
  * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    (bso#14995);
  * Samba autorid fails to map AD users if id rangesize fits in the
    id range only once; (bso#14967); - Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
  (bsc#1080338). - Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling
  systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); - Update to 4.15.5
  * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
    outside target of a symlink exists; (bso#14911);
    (bsc#1193690).
  * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
    module; (bso#14914); (bsc#1194859).
  * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
    conflict checks; bso#14950); (bsc#1195048). - CVE-2021-44141: Information leak via symlinks of existance of
  files or directories outside of the exported share; (bso#14911);
  (bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
  in VFS module vfs_fruit allows code execution; (bso#14914);
  (bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
  account can impersonate arbitrary services; (bso#14950);
  (bsc#1195048); - Update to 4.15.4
  * Duplicate SMB file_ids leading to Windows client cache
    poisoning; (bso#14928);
  * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
    NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
  * kill_tcp_connections does not work; (bso#14934);
  * Can't connect to Windows shares not requiring authentication
    using KDE/Gnome; (bso#14935);
  * smbclient -L doesn't set "client max protocol" to NT1 before
    calling the "Reconnecting with SMB1 for workgroup listing"
    path; (bso#14939);
  * Cross device copy of the crossrename module always fails;
    (bso#14940);
  * symlinkat function from VFS cap module always fails with an
    error; (bso#14941);
  * Fix possible fsp pointer deference; (bso#14942);
  * Missing pop_sec_ctx() in error path inside close_directory();
    (bso#14944);
  * "smbd --build-options" no longer works without an smb.conf file;
    (bso#14945); - Use pkgconfig(krb5) as dependency for the -devel package: allow
  OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
  package has an automatic dependency due to linkage on
  libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
  requires samba-client-libs, which in turn requires krb5
  libraries. Samba-libs itself has no need for krb5 (but get it
  indirectly anyway). - Reorganize libs packages. Split samba-libs into samba-client-libs,
  samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
  public libraries depending on internal samba libraries into these
  packages as there were dependency problems everytime one of these
  public libraries changed its version (bsc#1192684). The devel
  packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
  ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
  /usr/lib64/ldb2/modules/ldb/samba - Update to 4.15.3
  * Recursive directory delete with veto files is broken in 4.15.0;
    (bso#14878);
  * A directory containing dangling symlinks cannot be deleted by
    SMB2 alone when they are the only entry in the directory;
    (bso#14879);
  * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
    uninitialized in rmdir_internals(); (bso#14892);
  * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
  * The CVE-2020-25717 username map [script] advice has undesired
    side effects for the local nt token; (bso#14901); (bsc#1192849);
  * User with multiple spaces (eg Fred<space><space>Nurk) become
    un-deletable; (bso#14902);
  * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
  * smbXsrv_client_global record validation leads to crash if existing
    record points at non-existing process; (bso#14882);
  * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
    (bso#14890);
  * Samba process doesn't log to logfile; (bso#14897);
  * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
    triggers locking.tdb assert; (bso#14907);
  * Kerberos authentication on standalone server in MIT realm broken;
    (bso#14922);
  * Segmentation fault when joining the domain; (bso#14923);
  * Support for ROLE_IPA_DC is incomplete; (bso#14903);
  * rpcclient cannot connect to ncacn_ip_tcp services anymore;
    (bso#14767);
  * winexe crashes since 4.15.0 after popt parsing; (bso#14893);
  * net ads status -P broken in a clustered environment; (bso#14908);
  * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
    smbd_smb2_ioctl_send; (bso#14788);
  * winbindd doesn't start when "allow trusted domains" is off;
    (bso#14899);
  * smbclient login without password using '-N' fails with
    NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
  * A schannel client incorrectly detects a downgrade connecting to
    an AES only server; (bso#14912);
  * Possible null pointer dereference in winbind; (bso#14921);
  * Fix -k legacy option for client tools like smbclient, rpcclient,
    net, etc.; (bso#14846);
  * Add Debian 11 CI bootstrap support; (bso#14872);
  * Crash in recycle_unlink_internal(); (bso#14888); - Fix dependency problem upgrading from libndr0 to libndr2 and
  from libsamba-credentials0 to libsamba-credentials1;
  (bsc#1192684); - Fix regression introduced by CVE-2020-25717 patches, winbindd
  does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
  * CVE-2016-2124:  SMB1 client connections can be downgraded to
    plaintext authentication; (bso#12444); (bsc#1014440);
  * CVE-2020-25717: A user on the domain can become root on domain
    members; (bso#14556); (bsc#1192284);
  * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
    tickets issued by an RODC; (bso#14558); (bsc#1192246);
  * CVE-2020-25719: Samba AD DC did not always rely on the SID and
    PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
  * CVE-2020-25721: Kerberos acceptors need easy access to stable
    AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
  * CVE-2020-25722: Samba AD DC did not do suffienct access and
    conformance checking of data stored; (bso#14564);
    (bsc#1192283);
  * CVE-2021-3738: Use after free in Samba AD DC RPC server;
    (bso#14468); (bsc#1192215);
  * CVE-2021-23192: Subsequent DCE/RPC fragment injection
    vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
  * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
  * Log clutter from filename_convert_internal; (bso#14685);
  * MacOSX compilation fixes; (bso#14862);
  * rodc_rwdc test flaps; (bso#14868);
  * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
  bit' S4U2Proxy Constrained Delegation bypass in Samba with
  embedded Heimdal; (bso#14642);
  * Python ldb.msg_diff() memory handling failure; (bso#14836);
  * "in" operator on ldb.Message is case sensitive; (bso#14845);
  * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
  * samldb_krbtgtnumber_available() looks for incorrect string;
  (bso#14854);
  * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
  * Allow special chars like "@" in samAccountName when generating
  the salt; (bso#14874);
  * Correctly ignore comments in CTDB public addresses file;
  (bso#14826);
  * Fix transit path validation; (bso#12998);
  * Fix that child winbindd logs to log.winbindd instead of
  log.wb-<DOMAIN>; (bso#14852);
  * SMB3 cancel requests should only include the MID together with
  AsyncID when AES-128-GMAC is used; (bso#14855);
  * Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
  * Heimdal prefers RC4 over AES for machine accounts; (bso#14864); - Enable samba-tool without ad dc. -  Adjust spec to use pam macros; (bsc#1191046). - Adjust spec for size
  * allow some Recommends instead Requires to be configured
    for cifs-utils, samba-libs-python3 & samba-gpupdate;
    (bsc#1182847).
  * remove fam, undocumented and unneeded. - Add missing build dependency on bison when building with the
  embedded Heimdal Kerberos - Update to 4.15.0
  * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
  * VFS layer modernized.
  * Add the ability to set allow/deny lists for zone transfer clients
    in Bind DLZ plugin
  * Server multi-channel support no longer experimental
  * Improved command line user experience, unifying the options in
    different commands
  * Winbindd no longer scans trusted domains on startup and will use
    enterprise principals by default.
  * The net utility is now able to support the offline domain join feature
  * New options for 'samba-tool dns zoneoptions' for aging control
    and to mark old records as static or dynamic
  * DNS tombstones are now deleted as appropriate and use a consistent
    timestamp format
  * The 'samba-tool dns update' command validates and rejects now malformed
    IPv4 and IPv6 addresses
  * The 'samba-tool domain backup' command correctly takes out locks
    against concurrent modification during backup when using the LMDB
    backend
  * TruACL support has been removed
  * NIS support has been removed - Fix 'net rpc' authentication when using the machine account;
  (bsc#1189017); (bso#14796); - Fix dependency problem upgrading from libndr0 to libndr1;
  (bsc#1189875);
- Fix dependency problem upgrading from libsmbldap0 to libsmbldap2;
  (bsc#1189875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
  to replication delay; (bsc#1188727);
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).
- Update to 4.13.10
  * s3: smbd: Ensure POSIX default ACL is mapped into returned
    Windows ACL for directory handles; (bso#14708);
  * Take a copy to make sure we don't reference free'd memory; (bso#14721);
  * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
  * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
    change_file_owner_to_parent() error path; (bso#14736);
  * samba-tool: Give better error information when the
    'domain backup restore' fails with a duplicate SID; (bso#14575);
  * smbd: Correctly initialize close timestamp fields; (bso#14714);
  * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
  * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
  * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
  * smbXsrv_{open,session,tcon}: Protect
    smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
  * samba-tool domain backup offline doesn't work against bind DLZ
    backend; (bso#14027);
  * netcmd: Use next_free_rid() function to calculate a SID for
    restoring a backup; (bso#14669);
- Update to 4.13.9
  * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
  * Add documentation for dsdb_group_audit and dsdb_group_json_audit
    to "log level", synchronise "log level" in smb.conf with the code; (bso#14689);
  * Fix smbd panic when two clients open same file; (bso#14672);
  * Fix memory leak in the RPC server; (bso#14675);
  * s3: smbd: Fix deferred renames; (bso#14679);
  * s3-iremotewinspool: Set the per-request memory context; (bso#14675);
  * rpc_server3: Fix a memleak for internal pipes; (bso#14675);
  * third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
  * third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663);
  * Fix the build on OmniOS; (bso#14288);
- Update to 4.13.8
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571
- Update to 4.13.7
  * Release with dependency on ldb version 2.2.1. -  CVE-2021-20254 Buffer overrun in sids_to_unixids();
  (bnc#14571); (bsc#1184677). - Fix offline domain backup not possible using lmdb version >= 0.9.26;
  (bso#14676);
- Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574);
- Update to 4.13.6
  * CVE-2020-27840: samba: Unauthenticated remote heap corruption
    via bad DNs; (bso#14595); (bsc#1183572).
  * CVE-2021-20277: samba: out of bounds read in ldb_handler_fold;
    (bso#14655); (bsc#1183574).
- Update to 4.13.5
  * s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
    start-up failure; (bso#14634);
  * s3: libsmb: Add missing cli_tdis() in error path if encryption setup
    failed on temp proxy connection; (bso#13992);
  * smbd: In conn_force_tdis_done() when forcing a connection closed force
    a full reload of services; (bso#14604);
  * dbcheck: Check Deleted Objects and reduce noise in reports about
    expired tombstones (bso#14593);
  * s3: Fix fcntl waf configure check; (bso#14503);
  * s3/auth: Implement "winbind:ignore domains"; (bso#14602);
  * smbd: Use fsp->conn->session_info for the initial delete-on-close
    token; (bso#14617);
  * s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path;
    (bso#14648);
  * classicupgrade: Treat old never expires value right; (bso#14624);
  * g_lock: Fix uninitalized variable reads; (bso#14636);
  * s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898);
  * lib:util: Avoid free'ing our own pointer; (bso#14625);
  * HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505); - Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones. - Update to 4.13.4
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap
    7.3.7; (bso#14607);
  * Temporary DFS share setup doesn't set case parameters in the same
    way as a regular share definition does; (bso#14612);
  * lib: Avoid declaring zero-length VLAs in various messaging functions;
    (bso#14605);
  * Do not create an empty DB when accessing a sam.ldb; (bso#14579);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Temporary DFS share setup doesn't set case parameters in the same way
    as a regular share definition does; (bso#14612);
  * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
    (bso#14607);
  * The cache directory for the user gencache should be created recursively;
    (bso#14601);
  * Be more flexible with repository names in CentOS 8 test environments;
    (bso#14594); - Uninstalling samba-client: Failed to disable unit, cifs.service
  does not exists; (bsc#1180388); - Update to 4.13.3
  + libcli: smb2: Never print length if smb2_signing_key_valid() fails for
    crypto blob; (bso#14210);
  + s3: modules: gluster. Fix the error I made in preventing talloc leaks
    from a function; (bso#14486);
  + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
    via TALLOC_FREE(); (bso#14515);
  + s3: spoolss: Make parameters in call to user_ok_token() match all other
    uses; (bso#14568);
  + s3: smbd: Quiet log messages from usershares for an unknown share;
    (bso#14590);
  + samba process does not honor max log size; (bso#14248);
  + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
    (bso#14587);
  + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
  + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
  + smbclient: Fix recursive mget; (bso#14517);
  + clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
  + manpages/vfs_glusterfs: Mention silent skipping of write-behind
    translator; (bso#14486);
  + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
  + interface: Fix if_index is not parsed correctly; (bso#14514); - Update to 4.13.2
  + s3: modules: vfs_glusterfs: Fix leak of char **lines onto
    mem_ctx on return; (bso#14486);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471);
  + smb.conf.5: Add clarification how configuration changes reflected
    by Samba; (bso#14538);
  + daemons: Report status to systemd even when running in foreground;
    (bso#14552);
  + DNS Resolver: Support both dnspython before and after 2.0.0;
    (bso#14553);
  + s3-vfs_glusterfs: Refuse connection when write-behind xlator is
    present; (bso#14486);
  + provision: Add support for BIND 9.16.x; (bso#14487);
  + ctdb-common: Avoid aliasing errors during code optimization;
    (bso#14537);
  + libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
  + docs: Fix default value of spoolss:architecture; (bso#14522);
  + winbind: Fix a memleak; (bso#14388);
  + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
  + docs-xml/manpages: Add warning about write-behind translator for
    vfs_glusterfs; (bso#14486);
  + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
  + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
  + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
  + examples:auth: Do not install example plugin; (bso#14550);
  + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471); - Adjust smbcacls '--propagate-inheritance' feature to align with
  upstream; (bsc#1178469). - Update to samba 4.13.1
  + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
    easily crafted records; (bsc#1177613); (bso#14472);
  + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
    (bso#14436);
  + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
    (bsc#1173902); (bso#14434);
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
  /var/run/samba; (bsc#1177355); - Fix vfs_ceph query_directory regression; (bso#14519)
- Drop liburing-devel for SLE15-SP2; (bsc#1177245) - Register CTDB recovery lock holder with ceph-mgr
- Add liburing-devel dependency - Update to samba 4.13.0
  + Require Python 3.6
  + Move wide links functionality into VFS module
  + Deprecate NT4-like 'classic' Samba domain controllers
  + Deprecate SMBv1 only protocol options
  + Remove deprecated "ldap ssl ads" option
  + Unify asynchronous DCE-RPC server; (jsc#SES-645)
  + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
  + Drop internal byteorder.h header from util-devel package
  + Remove final code for the AD DC LDAP backend
  + Add AD DC Group Policy Scripts
  + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
  + Fix %U substitutions if it contains a domain name; (bso#14467)
  + Fix krb5.conf creation for 'net ads join'; (bso#14479)
  + Fix build problem if libbsd-dev is not installed; (bso#14482)
  + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
  + Fix idmap_ad RFC4511 response handling; (bso#14465)
  + Fix panic in get_lease_type(); (bso#14428) - Update to samba 4.11.13
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
    netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    (bso#14497);
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
    "server require schannel:WORKSTATION$ = no" about unsecure configurations;
    (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
    challenge; (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
    netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
    (bsc#1176579); (bso#14497);
- Update to samba 4.11.12
  + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);
  + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work
    on RHEL7; (bso#14424);
  + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);
  + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL;
    (bso#14426);
  + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
  + lib/util: do not install "test_util_paths"; (bso#14370);
  + lib:util: Fix smbclient -l basename dir; (bso#14345);
  + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
  + util: Allow symlinks in directory_create_or_exist; (bso#14166);
  + docs: Fix documentation for require_membership_of of pam_winbind;
    (bso#14358);
  + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal;
    (bso#14425); - Add obsoletes to libsmbldap2 package to fix upgrades from previous
  versions; (bsc#1172810); - Fix net command unable to negotiate SMB2; (bsc#1174120); - Update to samba 4.11.11
  + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
    and VLV combined; (bso#14364); (bsc#1173159]
  + CVE-2020-10745: invalid DNS or NBT queries containing dots use
    several seconds of CPU each; (bso#14378); (bsc#1173160).
  + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
    server with paged_result or VLV; (bso#14402); (bsc#1173161)
  + CVE-2020-14303: Endless loop from empty UDP packet sent to
    AD DC nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
  + Fix segfault when using SMBC_opendir_ctx() routine for share
    folder that contains incorrect symbols in any file name;
    (bso#14374).
  + vfs_shadow_copy2 doesn't fail case looking in
    snapdirseverywhere mode; (bso#14350)
  + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
    (bso#14413).
  + Malicous SMB1 server can crash libsmbclient; (bso#14366)
  + winbindd: Fix a use-after-free when winbind clients exit;
    (bso#14382)
  + ldb: Bump version to 2.0.11, LMDB databases can grow without
    bounds. (bso#14330)
- Update to samba 4.11.9
  + nmblib: Avoid undefined behaviour in handle_name_ptrs();
    (bso#14242).
  + 'samba-tool group' commands do not handle group names with
    special chars correctly; (bso#14296).
  + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo
    is not valid; (bso#14237).
  + Missing check for DMAPI offline status in async DOS
    attributes; (bso#14293).
  + smbd: Ignore set NTACL requests which contain
    S-1-5-88 NFS ACEs; (bso#14307).
  + vfs_recycle: Prevent flooding the log if we're called on
    non-existant paths; (bso#14316)
  + smbd mistakenly updates a file's write-time on close;
    (bso#14320).
  + RPC handles cannot be differentiated in source3 RPC server;
    (bso#14359).
  + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
  + nsswitch: Fix use-after-free causing segfault in
    _pam_delete_cred; (bso#14327).
  + Fix fruit:time machine max size on arm; (bso#13622)
  + CTDB recovery corner cases can cause record resurrection
    and node banning; (bso#14294).
  + ctdb: Fix a memleak; (bso#14348).
  + libsmb: Don't try to find posix stat info in SMBC_getatr().
  + ctdb-tcp: Move free of inbound queue to TCP restart;
    (bso#14295); (bsc#1162680).
  + s3/librpc/crypto: Fix double free with unresolved
    credential cache; (bso#14344); (bsc#1169095)
  + s3:libads: Fix ads_get_upn(); (bso#14336).
  + CTDB recovery corner cases can cause record resurrection
    and node banning; (bso#14294)
  + Starting ctdb node that was powered off hard before
    results in recovery loop; (bso#14295); (bsc#1162680).
  + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
    (bso#14324)
- Update to samba 4.11.8
  + CVE-2020-10700: Use-after-free in Samba AD DC LDAP
    Server with ASQ; (bso#14331); (bsc#1169850);
  + CVE-2020-10704: LDAP Denial of Service (stack overflow)
    in Samba AD DC; (bso#14334); (bsc#1169851);
- Update to samba 4.11.7
  + s3: lib: nmblib. Clean up and harden nmb packet
    processing; (bso#14239).
  + s3: VFS: full_audit. Use system session_info if called
    from a temporary share definition; (bso#14283)
  + dsdb: Correctly handle memory in objectclass_attrs;
    (bso#14258).
  + ldb: version 2.0.9, Samba 4.11 and later give incorrect
    results for SCOPE_ONE searches; (bso#14270)
  + auth: Fix CIDs 1458418 and 1458420 Null pointer
    dereferences; (bso#14247).
  + smbd: Handle EINTR from open(2) properly; (bso#14285)
  + winbind member (source3) fails local SAM auth with empty
    domain name; (bso#14247)
  + winbindd: Handling missing idmap in getgrgid(); (bso#14265).
  + lib:util: Log mkdir error on correct debug levels;
    (bso#14253).
  + wafsamba: Do not use 'rU' as the 'U' is deprecated in
    Python 3.9; (bso#14266).
  + ctdb-tcp: Make error handling for outbound connection
    consistent; (bso#14274).
- Update to samba 4.11.6
  + pygpo: Use correct method flags; (bso#14209).
  + vfs_ceph_snapshots: Fix root relative path handling;
    (bso#14216); (bsc#1141320).
  + Avoiding bad call flags with python 3.8, using METH_NOARGS
    instead of zero; (bso#14209).
  + source4/utils/oLschema2ldif: Include stdint.h before
    cmocka.h; (bso#14218).
  + docs-xml/winbindnssinfo: Clarify interaction with
    idmap_ad etc; (bso#14122).
  + smbd: Fix the build with clang; (bso#14251).
  + upgradedns: Ensure lmdb lock files linked; (bso#14199).
  + s3: VFS: glusterfs: Reset nlinks for symlink entries during
    readdir; (bso#14182).
  + smbc_stat() doesn't return the correct st_mode and also
    the uid/gid is not filled (SMBv1) file; (bso#14101).
  + librpc: Fix string length checking in
    ndr_pull_charset_to_null(); (bso#14219).
  + ctdb-scripts: Strip square brackets when gathering
    connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit
  not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without
  python3 package; (bsc#1169521); - Require libldb2 >= 2.0.10 after security release. - CVE-2020-10704: LDAP Denial of Service (stack overflow) in
  Samba AD DC; (bso#14334); (bsc#1169851);
- CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with
  ASQ; (bso#14331); (bsc#1169850); - Fix smbclient crash with double free (with unresolved krb5
  credential cache); (bso#14344); (bsc#1169095). - Starting ctdb node that was powered off hard before results
  in recovery loop; (bso#14295); (bsc#1162680). - CTDB doesn't retry outgoing connections on bind (and some other)
  failures; (bso#14274); (bsc#1162680). - Revert: Allow idmap_rid to have primary group other than
  "Domain Users"; (bsc#1087931). - Fix nmbstatus not reporting detailed information about workgroups;
  (bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927); - Update to samab 4.11.5
  + CVE-2019-14902: Replication of ACLs down subtree on
    AD Directory is not automatic; (bso#12497); (bsc#1160850).
  + CVE-2019-19344: Fix  server crash with
    dns zone scavenging = yes; (bso#14050); (bsc#1160852).
  + CVE-2019-14907: server-side crash after charset conversion
    failure (eg during NTLMSSP processing); (bso#14208);
    (bsc#1160888).
- Update to samba 4.11.4
  + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
    (bso#14161).
  + Ensure we don't call cli_RNetShareEnum() on an SMB1
    connection; (bso#14174).
  + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
    SMBC_opendir_ctx; (bso#14176).
  + SMB2 - Ensure we use the correct session_id if encrypting
    an interim response; (bso#14189).
  + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
  + printing: Fix %J substition; (bso#13745).
  + Remove now unneeded call to cmdline_messaging_context();
    (bso#13925).
  + Fix incomplete conversion of former parametric options;
    (bso#14069).
  + Fix sync dosmode fallback in async dosmode codepath;
    (bso#14070).
  + vfs_fruit returns capped resource fork length; (bso#14171).
  + libnet_join: Add SPNs for additional-dns-hostnames entries;
    (bso#14116).
  + smbd: Increase a debug level; (bso#14211).
  + Prevent azure ad connect from reporting discovery errors
    reference-value-not-ldap-conformant; (bso#14153).
  + krb5_plugin: Fix developer build with newer heimdal system
    library; (bso#14179).
  + replace: Only link libnsl and libsocket if required;
    (bso#14168);
  + ctdb: Incoming queue can be orphaned causing communication;
    breakdown; (bso#14175).
  + ldb: Release ldb 2.0.8. Cross-compile will not take
    cross-answers or cross-execute; (bso#13846).
  + heimdal-build: Avoid hard-coded /usr/include/heimdal in
    asn1_compile-generated code; (bso#13856). - Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320). - Update to samba 4.11.3
  + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
    can crash the DCE/RPC DNS management server by creating records
    with matching the zone name; (bso#14138); (bsc#1158108).
  + CVE-2019-14870: DelegationNotAllowed not being enforced, the
    DelegationNotAllowed Kerberos feature restriction was not being
    applied when processing protocol transition requests (S4U2Self),
    in the AD DC KDC; (bso#14187); (bsc#1158109). -  CVE-2019-14861: DNSServer RPC server crash, an authenticated user
  can crash the DCE/RPC DNS management server by creating records
  with matching the zone name; (bso#14138); (bsc#1158108).
-  CVE-2019-14870: DelegationNotAllowed not being enforced, the
  DelegationNotAllowed Kerberos feature restriction was not being
  applied when processing protocol transition requests (S4U2Self),
  in the AD DC KDC; (bso#14187); (bsc#1158109). - Update to samba 4.11.2
  + CVE-2019-10218: Client code can return filenames containing
    path separators; (bsc#1144902); (bso#14071).
  + CVE-2019-14833: Samba AD DC check password script does not
    receive the full password; (bso#12438).
  + CVE-2019-14847: User with "get changes" permission can crash
    AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
  + Overlinking libreplace against librt and pthread against every
    binary or library causes issues; (bso#14140);
  + kpasswd fails when built with MIT Kerberos; (bso#14155);
  + Fix spnego fallback from kerberos to ntlmssp in smbd server;
    (bso#14106);
  + Stale file handle error when using mkstemp on a share; (bso#14137);
  + non-AES schannel broken; (bso#14134);
  + Joining Active Directory should not use SAMR to set the password;
    (bso#13884);
  + smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
    call on an SMB2 connection; (bso#14152);
  + Deleted records can be resurrected during recovery; (bso#14147);
  + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
    (bso#14141);
  + winbind does not list forest trusts with additional trust
    attributes; (bso#14130);
  + fault report points to outdated documentation; (bso#14139);
  + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
    trusted domains/forests; (bso#14124);
  + classicupgrade results in uncaught exception - a bytes-like object
    is required, not 'str'; (bso#14136);
  + pod2man is not longer required, stop checking at build time;
    (bso#14131);
  + Exit code of ctdb nodestatus should not be influenced by deleted
    nodes; (bso#14129);
  + username/password authentication doesn't work with CUPS and
    smbspool; (bso#14128);
  + smbc_readdirplus() is incompatible with smbc_telldir() and
    smbc_lseekdir(); (bso#14094); - CVE-2019-14847: User with "get changes" permission can
  crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
  separators; (bso#14071); (bsc#1144902); - CVE-2019-14833: samba: Accent with "check script password"
  Samba AD DC check password script does not receive the full
  password; (bso#12438); (bsc#1154289). - Update to samba 4.11.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package
  + Python2 runtime support removed; python 3.4 or later required
  + Security improvements:
  - SMB1 disabled by default
  - lanman and plaintext authentication deprecated
  - winbind: PAM_AUTH and NTLM_AUTH events logged
  - GnuTLS 3.2 required; system FIPS mode setting honored
  + CephFS Snapshot integration, exposed as previous file
    versions
  + ctdb changes:
  - onnode -o option removed
  - ctdbd logs when using more than 90% of a CPU thread
  - CTDB_MONITOR_SWAP_USAGE variable removed
  + AD Domain controller improvements:
  - Upgrade AD databse format
  - BIND9_FLATFILE deprecated
  - default process model chagned to prefork
  - bind9 dns operation duration logging
  - Default schema updated to 2012_R2; function level is
    unchanged
  - many performance improvements
  + Configuration webserver support removed - Fix broken username/password authentication with CUPS and
  smbspool; (bsc#1152143); (bso#14128). - Fix auth problems when printing via smbspool backend with kerberos;
  (bnc#1148539); (bso#13832). - Update to samba 4.10.8
  + CVE-2019-10197: user escape from share path definition;
    (bso#14035); (bsc#1141267); - Fix build on newer systems by modifying samba.spec to use
  consistent non-relative paths for pammodules in configure line
  and specification of pam_winbind.so library to package. - Update to samba 4.10.7
  + Unable to create or rename file/directory inside shares
    configured with vfs_glusterfs_fuse module; (bso#14010).
  + build: Allow build when '--disable-gnutls' is set; (bso#13844)
  + samba-tool: Add 'import samba.drs_utils' to fsmo.py;
    (bso#13973).
  + Fix 'Error 32 determining PSOs in system' message on old DB
    with FL upgrade; (bso#14008).
  + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
  + join: Use a specific attribute order for the DsAddEntry
    nTDSDSA object; (bso#14046).
  + vfs_catia: Pass stat info to synthetic_smb_fname();
    (bso#14015).
  + lookup_name: Allow own domain lookup when flags == 0;
    (bso#14091).
  + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    (bso#13932).
  + DEBUGC and DEBUGADDC doesn't print into a class specific log
    file; (bso#13915).
  + Request to keep deprecated option "server schannel",
    VMWare Quickprep requires "auto"; (bso#13949).
  + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    (bso#13967).
  + dnsProperty fails to decode values from older Windows versions;
    (bso#13969).
  + samba-tool: Use only one LDAP modify for dns partition fsmo
    role transfer; (bso#13973).
  + third_party: Update waf to version 2.0.17; (bso#13960).
  + netcmd: Allow 'drs replicate --local' to create partitions;
    (bso#14051).
  + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017). - CVE-2019-10197: user escape from share path definition;
  (bso#14035); (bsc#1141267). - Prepare for use future use of kernel keyrings, modify
  /etc/pam.d/samba to include  pam_keyinit.so; (bsc#1144059). - Update samba-winbind script to work with systemd; (bsc#1132739);
- Drop samba dhcpcd hook scripts
- Update to samba 4.10.6
  + s3: winbind: Fix crash when invoking winbind idmap scripts;
    (bso#13956).
  + smbd does not correctly parse arguments passed to dfree and quota
    scripts; (bso#13964).
  + samba-tool dns: use bytes for inet_ntop; (bso#13965).
  + samba-tool domain provision: Fix --interactive module in python3;
    (bso#13828).
  + ldb_kv: Skip @ records early in a search full scan; (bso#13893).
  + docs: Improve documentation of "lanman auth" and "ntlm auth"
    connection; (bso#13981).
  + python/ntacls: Use correct "state directory" smb.conf option instead
    of "state dir"; (bso#14002).
  + registry: Add a missing include; (bso#13840).
  + Fix SMB guest authentication; (bso#13944).
  + AppleDouble conversion breaks Resourceforks; (bso#13958).
  + vfs_fruit makes direct use of syscalls like mmap() and pread();
    (bso#13968).
  + s3:mdssvc: Fix flex compilation error; (bso#13987).
  + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
  + dsdb:samdb: schemainfo update with relax control; (bso#13799).
  + s3:util: Move static file_pload() function to lib/util; (bso#13964).
  + smbd: Fix a panic; (bso#13957).
  + ldap server: Generate correct referral schemes; (bso#12478).
  + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
    (bso#13941).
  + s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
    (bso#13942).
  + dsdb/repl: we need to replicate the whole schema before we can apply it;
    (bso#12204).
  + ldb: Release ldb 1.5.5; (bso#12478).
  + Schema replication fails if link crosses chunk boundary backwards;
    (bso#13713).
  + 'samba-tool domain schemaupgrade' uses relax control and skips the
    schemaInfo update provision; (bso#13799).
  + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
    ..."; (bso#13916).
  + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
    get the ACL; (bso#13917).
  + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
    (bso#13947).
  + Using Kerberos credentials to print using spoolss doesn't work;
    (bso#13939).
  + wafsamba: Use native waf timer; (bso#13998).
  + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984). - Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
  + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
    in DnssrvOperation2; (bso#13922); (bsc#1137815).
  + CVE-2019-12436 dsdb/paged_results: Ignore successful results
    without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
  + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
  + py/provision: Fix for Python 2.6; (bso#13882).
  + netcmd: Fix 'passwordsettings --max-pwd-age' command;
    (bso#13873).
  + s3-libnet_join: 'net ads join' to child domain fails when
    using "-U admin@forestroot"; (bso#13861).
  + vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
    (bso#13896); (bsc#1130245).
  + vfs_ceph: Fix cephwrap_flistxattr() debug message;
    (bso#13940); (bsc#1134697).
  + ctdb-common: Avoid race between fd and signal events;
    (bso#13895).
  + ctdb-common: Fix memory leak in run_proc; (bso#13943).
  + lib: Initialize getline() arguments; (bso#13892).
  + winbind: Fix overlapping id ranges; (bco#13903).
  + lib util debug: Increase format buffer to 4KiB; (bso#13902).
  + nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
  + s4 lib socket: Ensure address string owned by parent struct;
    (bso#13929).
  + s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
  + s3:smbd: Handle IO_REPARSE_TAG_DFS in
    SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
  + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
  + smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
    (bso#12845).
  + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
  + smb2_sesssetup: avoid STATUS_PENDING responses for session
    setup; (bso#13796).
  + dbcheck: Fix the err_empty_attribute() check; (bso#13843).
  + vfs_snapper: Drop unneeded fstat handler; (bso#13858).
  + vfs_default: Fix vfswrap_offload_write_send()
    NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
  + smb2_server: Grant all 8192 credits to clients; (bso#13863).
  + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
    (bso#13919).
  + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
  + s3: modules: ceph: Use current working directory instead of
    share path; (bso#13918); (bsc#1134452).
  + winbind: Use domain name from lsa query for sid_to_name cache
    entry; (bso#13831).
  + memcache: Increase size of default memcache to 512k;
    (bso#13865).
  + docs: Update smbclient manpage for "--max-protocol";
    (bso#13857).
  + s3:utils: If share is NULL in smbcacls, don't print it;
    (bso#13937).
  + s3:smbspool: Fix regression printing with Kerberos credentials;
    (bso#13939).
  + ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
    which is incompatible with systemd; (bso#13860).
  + ctdb-daemon: Revert "We can not assume that just because we
    could complete a TCP handshake"; (bso#13888).
  + ctdb-daemon: Never use 0 as a client ID; (bso#13930).
  + ctdb-common: Fix memory leak; (bso#13943).
  + s3:debug: Enable logging for early startup failures;
    (bso#13904)
- Update to samba-4.10.3
  + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
    checksum; (bso#13685); (bsc#1134024). - CVE-2019-12435: zone operations can crash rpc server;
  (bso#13922); (bsc#1137815). - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - Update to samba-4.10.2:
  + CVE-2019-3870 (World writable files in
    Samba AD DC private/ dir); (bso#13834).
  + CVE-2019-3880 (Save registry file outside share as
    unprivileged user); (bso#13851).
  + py/kcc_utils: py2.6 compatibility; (bso#13837).
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    (bso#13869).
  + regfio: Improve handling of malformed registry hive files;
    (bso#13840).
  + ctdb-version: Simplify version string usage; (bso#13789).
  + lib: Make fd_load work for non-regular files; (bso#13859).
  + dbcheck: in the middle of the tombstone garbage collection
    causes replication failures,
    dbcheck: add --selftest-check-expired-tombstones cmdline
    option; (bso#13816).
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854).
  + acl_read: Fix regression for empty lists; (bso#13836).
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
  + s3:client: Fix printing via smbspool backend with kerberos
    auth; (bso#13832).
  + s4:librpc: Fix installation of Samba; (bso#13847).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    (bso#13793).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:waf: Fix the detection of makdev() macro on Linux;
    (bso#13853).
  * ctdb-build: Drop creation of .distversion in tarball;
    (bso#13789).
  * ctdb-packaging: Test package requires tcpdump, ctdb package
    should not own system library directory;  (bso#13838).
- Update to samba-4.10.1:
  + py/kcc_utils: py2.6 compatibility; (bso#13837);
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
  + regfio: Improve handling of malformed registry hive files; (bso#13840);
  + ctdb-version: Simplify version string usage; (bso#13789);
  + lib: Make fd_load work for non-regular files; (bso#13859);
  + dbcheck in the middle of the tombstone garbage collection causes
    replication failures, dbcheck: add --selftest-check-expired-tombstones
    cmdline option; (bso#13816);
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854);
  + acl_read: Fix regression for empty lists; (bso#13836);
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
  + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
  + s4:librpc: Fix installation of Samba; (bso#13847);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
  + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
  + ctdb-packaging: Test package requires tcpdump, ctdb package
    should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
  + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s4/scripting/bin: Open unicode files with utf8 encoding and write
  + unicode string.
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
  + passdb: Update ABI to 0.27.2.
  + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
  + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823); - MacOS credit accounting breaks with async SESSION SETUP;
  (bsc#1125601); (bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
  temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). - CVE-2019-3880: Save registry file outside share as unprivileged
  user; (bso#13851); (bsc#1131060 ). - CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0);
  (bso#13834); (bsc#1130703); - Update to samba-4.9.5
  + audit_logging: Remove debug log header and JSON Authentication:
    prefix; (bso#13714);
  + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
  + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
    CID: 1433607; (bso#11495);
  + smbd: uid: Don't crash if 'force group' is added to an existing
    share connection; (bso#13690);
  + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
    code; (bso#13770);
  + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
  + s3:utils/smbget fix recursive download with empty source
    directories; (bso#13199);
  + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
  + s3:libsmb: cli_smb2_list() can sometimes fail initially on a
    connection; (bso#13736);
  + join: Throw CommandError instead of Exception for simple errors; (bso#13747);
  + ldb: Avoid inefficient one-level searches; (bso#13762);
  + s3: libsmb: use smb2cli_conn_max_trans_size() in
    cli_smb2_list(); (bso#13736);
  + tldap: Avoid use after free errors; (bso#13776);
  + Fix idmap xid2sid cache churn; (bso#13802);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s3-smbd: Avoid assuming fsp is always intact after close_file
    call; (bso#13720);
  + s3-vfs-fruit: Add close call; (bso#13725);
  + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
  + s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
  + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
  + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
    ftruncate and fallocate; (bso#13807);
  + lib/audit_logging: Actually create talloc; (bso#13737);
  + netcmd/user: python[3]-gpgme unsupported and replaced by
    python[3]-gpg; (bso#13728);
  + dns: Changing onelevel search for wildcard to subtree; (bso#13738);
  + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + ctdb: Print locks latency in machinereadable stats; (bso#13742);
  + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
  + audit_logging: auth_json_audit required auth_json; (bso#13715);
  + man pages: Document prefork process model; (bso#13765);
  + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
  + s3:auth: ignore create_builtin_guests() failing without a valid
    idmap configuration; (bso#13697);
  + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
    without trusts; (bso#13722);
  + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
    is not available; (bso#13723);
  + s4:server: Add support for 'smbcontrol samba shutdown' and
    'smbcontrol <pid> debug/debuglevel'; (bso#13752);
  + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
  + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
  + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
  + notifyd: Fix SIGBUS on sparc; (bso#13704);
  + waf: Check for libnscd; (bso#13787);
  + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
  + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
  + Recovery lock bug fixes; (bso#13800);
  + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
  + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
  + vfs_fileid: Fix get_connectpath_ino; (bso#13741);
  + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744); - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). - Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377); - LoadParm().load_default() fails with "Unable to load default file";
  (bsc#1089758); - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); - Update to samba-4.9.4
  + libcli/smb: Don't overwrite status code; (bso#9175).
  + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
  + Session setup reauth fails to sign response; (bso#13661).
  + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
  + vfs_shadow_copy2: Nicely deal with attempts to open previous
    version for writing; (bso#13688).
  + Restoring previous version of stream with vfs_shadow_copy2 fails
    with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
  + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
  + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
  + PEP8: fix E231: missing whitespace after ','.
  + winbindd: Fix crash when taking profiles;(bso#13629)
  + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
    regression; (bso#13600)
  + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
  + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
  + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
  + ctdb-daemon: Exit with error if a database directory does not
    exist; (bso#13696).
  + s3:libads: Add net ads leave keep-account option; (bso#13498). - Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd. - Remove python2 build dependency from samba-libs; (bsc#1116900); - Update update-apparmor-samba-profile script to ignore the shares's
  paths containing substitution variables in any place, not only at the
  beginning of the path. - Update to samba-4.9.3
  + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server; (bso#13600); (bsc#1116319);
  + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
    (bsc#1116320);
  + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
    (bso#13674); (bsc#1116322);
  + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
    (bso#13669); (bsc#1116321);
  + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported); (bso#13678); (bsc#1116324);
  + CVE-2018-16857: Bad password count in AD DC not always effective;
    window; (bso#13683); (bsc#1116323); - Update to samba-4.9.2
  + dsdb: Add comments explaining the limitations of our current backlink
    behaviour; (bso#13418);
  + Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
  + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
    (bso#13465);
  + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
  + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
  + Enabling vfs_fruit looses FinderInfo; (bso#13649);
  + Cancelling of SMB2 aio reads and writes returns wrong error
    NT_STATUS_INTERNAL_ERROR; (bso#13667);
  + Fix CTDB recovery record resurrection from inactive nodes and simplify
    vacuuming; (bso#13641);
  + examples: Fix the smb2mount build; (bso#13465);
  + libtevent: Fix build due to missing open_memstream on Illiumos;
    (bso#13629);
  + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
  + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
    (bso#13653);
  + Extended DN SID component missing for member after switching group
    membership; (bso#13418);
  + Return STATUS_SESSION_EXPIRED error encrypted, if the request was
    encrypted; (bso#13624);
  + python: Allow forced signing via smb.SMB(); (bso#13621);
  + lib:socket: If returning early, set ifaces; (bso#13665);
  + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
    encoded unicode; (bso#13616);
  + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
    (bso#13673);
  + waf: Add -fstack-clash-protection; (bso#13601);
  + winbind: Fix segfault if an invalid passdb backend is configured;
    (bso#13668);
  + Fix bugs in CTDB event handling; (bso#13659);
  + Misbehaving nodes are sometimes not banned; (bso#13670); - lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373); - winbind requires latest version of libtevent-util0 to start - Backport latest gpo code from master
  + Read policy from local gpt cache
  + Offline policy application
  + Make group policy extensible via register/unregister gpext
  + gpext's run via a process_group_policy method - Enable profiling data collection - Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package - Update to samba-4.9.1
  + s3: nmbd: Stop nmbd network announce storm; (bso#13620);
  + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
    (bso#13597);
  + CTDB recovery lock has some race conditions; (bso#13617);
  + s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
  + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610); - Tumbleweed doesn't define the sle_version macro, so we must
  include a check for suse_version also. Otherwise python3 is
  disabled on Tumbleweed. - Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606); - Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592); - Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568); - Add missing zlib-devel dependency which was previously pulled in
  by libopenssl-devel - Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562); - Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551); - Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480). - Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
  (bsc#1092099); - Update to 4.8.2
  + After update to 4.8.0 DC failed with "Failed to find our own
    NTDS Settings objectGUID" (bso#13335).
  + fix incorrect reporting of stream dos  attributes on a
    directory (bso#13380).
  + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
  + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
  + vfs_ceph: Fix memory leak; (bso#13424).
  + libsmbclient: Fix hard-coded connection error return of
    ETIMEDOUT; (bso#13419).
  + s4-lsa: Fix use-after-free in LSA server; (bso#13420).
  + winbindd: Do re-connect if the RPC call fails in the passdb
    case; (bso#13430).
  + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
  + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
    unclean process shutdown; (bso#13414).
  + ctdb-client: Remove ununsed functions from old client code;
    (bso#13411).
  + printing: Return the same error code as windows does on upload
    failures; (bso#13395).
  + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
    privileged pipe is not accessable; (bso#13400).
  + s4:lsa_lookup: remove TALLOC_FREE(state) after all
    dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
  + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
  + s3:smbspool: Fix cmdline argument handling; (bso#13417). - Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
  required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number of
    ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
    (bso#13337);
  + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + winbindd: Recover loss of netlogon secure channel in case the peer DC is
    rebooted; (bso#13332);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + ctdb-client: Fix bugs in client code; (bso#13356);
  + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + libads: Fix the build '--without-ads'; (bso#13273);
  + winbind: Keep "force_reauth" in invalidate_cm_connection, add
    'smbcontrol disconnect-dc'; (bso#13332);
  + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
  + smbclient: Fix notify; (bso#13382);
  + Fix smbd panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
    (bso#13342);
  + Fix build errors with cc from developerstudio 12.5 on Solaris;
    (bso#13343);
  + Fix the picky-developer build on FreeBSD 11; (bso#13344);
  + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + lib:replace: Fix linking when libtirpc-devel overwrites system headers;
    (bso#13341);
  + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
    query; (bso#13312);
  + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302); - Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551);
  + Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
  + Set samba sysconfig template variables to ""
  + Add required daemon flags directly to systemd unit - Specfile cleanup
  + Remove %if..%endif guards which don't affect the build
  + Remove redundant %clean section
  + Replace old $RPM_* shell vars with macros - BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
  place of systemd and systemd-devel: Allow OBS to optimize the
  workload by allowing the usage of the 'build-optimized' systemd
  packages. - Enable building samba with python3, and create a samba-python3 package. - Update to 4.8
  + New GUID Index mode in sam.ldb for the AD DC
  + GPO support for samba KDC
  + Time machine support with vfs_fruit
  + Encrypted secrets
  + AD Replication visualization
  + Improved trust support
  - ability to not scan global trust list
  - AD external trusts have limited support
  - verbose trusted domain listing
  + VirusFilter VFS module
  + NT4-style replication removed
  + vfs_aio_linux removed - Disable samba-pidl package, due to the removal of dependency
  perl-Parse-Yapp; (bsc#1085150); - Update to 4.7.6;
  + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
    (bso#11343); (bsc#1081741);
  + CVE-2018-1057: Authenticated users can change other users' password;
    (bso#13272); (bsc#1081024). - Disable python until full python3 port is done; (bsc#1082139);
  + Remove contents of package samba-python
  + Remove contents of package libsamba-policy0
  + Remove contents of package libsamba-policy-devel
  + Remove library libsamba-python-samba4.so from samba-libs package
  + Remove library libsamba-net-samba4.so from samba-libs package
  + Remove smbtorture binary and manpage from samba-test - samba fails to build with glibc2.27; (bsc#1081042); - Update to 4.7.5; (bsc#1080545);
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193);
  + Fix copying file with empty FinderInfo from Windows client to Samba share
    with fruit; (bso#13181);
  + build: Deal with recent glibc sunrpc header removal; (bso#10976);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
    (bsc#1075206);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + ctdb-recovery-helper: Deregister message handler in error paths;
    (bso#13188);
  + samba: Only use async signal-safe functions in signal handler; (bso#13240);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + repl_meta_data: Fix linked attribute corruption on databases
    with unsorted links on expunge. dbcheck: Add functionality to fix the
    corrupt database; (bso#13228);
  + Fix smbd panic when chdir returns error during exit; (bso#13189);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
    (bso#13176); - Update to 4.7.4; (bsc#1080545);
  + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
  + s3: libsmb: Fix valgrind read-after-free error in
    cli_smb2_close_fnum_recv(); (bso#13171);
  + s3: libsmb: Fix reversing of oldname/newname paths when creating a
    reparse point symlink on Windows from smbclient; (bso#13172);
  + Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
  + repl_meta_data: Allow delete of an object with dangling backlinks;
    (bso#13095);
  + s4:samba: Fix default to be running samba as a deamon; (bso#13129);
  + Performance regression in DNS server with introduction of DNS wildcard,
    ldb: Release 1.2.3; (bso#13191);
  + vfs_zfsacl: Fix compilation error; (bso#6133);
  + "smb encrypt" setting changes are not fully applied until full smbd
    restart; (bso#13051);
  + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
  + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
  + winbindd: Dependency on trusted-domain list in winbindd in critical auth
    codepath; (bso#13173);
  + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
  + ctdb: sock_daemon leaks memory; (bso#13153);
  + TCP tickles not getting synchronised on CTDB restart; (bso#13154);
  + winbindd: winbind parent and child share a ctdb connection; (bso#13150);
  + pthreadpool: Fix deadlock; (bso#13170);
  + pthreadpool: Fix starvation after fork; (bso#13179);
  + messaging: Always register the unique id; (bso#13180);
  + s4/smbd: set the process group; (bso#13129);
  + Fix broken linked attribute handling; (bso#13095);
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132);
  + libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
    sessions; (bso#13197);
  + s3:libads: net ads keytab list fails with "Key table name malformed";
    (bso#13166); (bsc#1067700);
  + Fix crash in pthreadpool thread after failure from pthread_create;
    (bso#13170);
  + s4:samba: Allow samba daemon to run in foreground; (bso#13129);
    (bsc#1065551);
  + third_party: Link the aesni-intel library with "-z noexecstack";
    (bso#13174);
  + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
    options; (bso#13125); - Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
  glibc) - smbc_opendir should not return EEXIST with invalid login credentials;
  (bnc#1065868). - Update to 4.7.3; (bsc#1069666);
  + Non-smbd processes using kernel oplocks can hang smbd;
    (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load;
    (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
  + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
    (bsc#1060427);(bso#13041);
  + CVE-2017-15275: s3: smbd: Chain code can return uninitialized
    memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE. - Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468) - samba-tool requires samba-python; (bnc#1067771). - Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049); - Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
  package won't be generated simply based on the fact that there is
  no files section for the package. Allows the source validator to
  ensure samba-kdc is a built package. - Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available. - CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624). - CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565). - Clean specfile assuming SUSE-only system and product >=SLE11
  + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
    are always undefined
  + %{_vendor} is "suse" and %{suse_version} is at least 1100 - Update to 4.6.7; (bsc#1054017)
  + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
  + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
  + vfs_ceph provides inconsistent directory listings; (bso#12911).
  + Misused talloc context can cause a user to crash their smbd by chaining
    SMB1 commands.; (bso#12836).
  + Use-after free can crash libsmbclient code.; (bso#12927).
  + Server exit with active AIO can crash.; (bso#12925).
  + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
  + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
    (bso#12898).
  + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
  + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
    authentication; (bso#12886).
  + finder sidebar showing question mark instead of icon when using ip to
    connect with vfs_fruit; (bso#12840).
  + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
    from AD.; (bso#12720).
  + KCC run at selftest startup can fail spuriously due to a race;
    (bso#12869).
  + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
    the remote change; (bso#12782).
  + rpc_pipe_client memory leaks due to long term memory context passed to
    rpc_pipe_open_interface(); (bso#12890).
  + CVE-2017-2619 breaks accessing previous versions of directories with
    snapshots in subdirectories of the share; (bso#12885).
  + dns_name_equal doing OOB read; (bso#12813).
  + replica_sync tests flap; (bso#12753).
  + Selftest should not call 'net cache flush' and wipe important winbind
    entries; (bso#12868).
  + Old Samba versions don't support using recent ldb versions (>=1.1.30);
    (bso#12859).
  + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
  + race starting winbindd against posixacl test; (bso#12843).
  + Crash in the reentrant smbd_smb2_create_send() if the something fails in
    the subsequent try; (bso#12832).
  + spnego.c passes the wrong argument order to gensec_update_ev() for the
    FALLBACK case; (bso#12788).
  + Clients with SMB3 support can't connect with
    "server max protocol = SMB2_02"; (bso#12772).
  + A log message of samb-tool user syncpasswords reverses string arguments in
    a debug message "Call Popen[...".; (bso#12768).
  + The smb tarmode tests kills the share dir contents; (bso#12867).
  + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
  + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
  + manpage/index.html lists links not in alphabetical order; (bso#12854).
  + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
  + If a record is locked in a database, then recovery does not complete;
    (bso#12857).
  + debug_locks.sh script does not log any information; (bso#12856).
  + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
    after error; (bso#12852).
  + smbclient can't parse DOMAIN+username if a different winbind separator is
    used; (bso#12849).
  + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
  + Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
    (bso#12844).
  + cli->server_os not filled correctly; (bso#12779).
  + REGRESSION: smbclient doesn't print the session setup anymore;
    (bso#12824).
  + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
    FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
  + CTDB NFS call-out failures do not cause event failures; (bso#12837).
  + net command fails due to incorrectly return code; (bso#12828).
  + Fix building Samba with GCC 7.1; (bso#12827). - Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
  (bsc#1048339). - fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
  + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
    (bsc#1048278). - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339). - Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387). - Update to 4.6.5; (bsc#1040157)
  + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
    startup; (bso#12814).
  + vfs_expand_msdfs tries to open the remote address as a file path;
    (bso#12687).
  + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
    (bso#12798).
  + With clustering get update_num_read_oplocks failed and PANIC:
    num_share_modes == 1 assertion failure; (bso#11844).
  + contend_level2_oplocks_begin_default oplock optimisation doesn't carry
    over to leases; (bso#12766).
  + `ctdb nodestatus` incorrectly displays status for all nodes with wrong
    exit code; (bso#12802).
  + CTDB can spin hard on revoking readonly delegations if a node becomes
    disconnected; (bso#12697).
  + Printing a share mode entry with leases can crash in the ndr code;
    (bso#12793).
  + Fix flakey unit tests for eventd; (bso#12792).
  + CTDB daemon crashes if built with clang; (bso#12770).
  + smbcacls fails if no password is specified; (bso#12765).
  + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
  + samba-tool user syncpasswords doesn't trigger the script when a user gets
    removed; (bso#12767).
  + systemd: fix detection of libsystemd; (bso#12764).
  + Notify subsystem only maps first inotify mask to Windows notify filter;
    (bso#12760).
  + Allow passing trusted domain password as plain-text to PASSDB layer;
    (bso#12751).
  + Can't case-rename files with vfs_fruit; (bso#12749).
  + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
  + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
  + Ordering of notify responses broken; (bso#12756). - s3: libsmb: Fix error where short name length was read as 2
  bytes, should be 1; (bso#11822); (bsc#1042419). - Revert explicit winbind %{version}-%{release} dependency.
  + The ABI has stabilized since (bsc#936909), so remove to fix cross-media
    dependencies; (bsc#1037899). - Fix CVE-2017-7494 remote code execution from a writable share;
  (bso#12780); (bsc#1038231). - Update to 4.6.3; (bsc#1036011)
  + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
    from shares with GlusterFS backend; (bso#12743).
  + Fix for Solaris C compiler; (bso#12559).
  + s3: locking: Update oplock optimization for the leases era; (bso#12628).
  + Make the Solaris C compiler happy; (bso#12693).
  + s3: libgpo: Allow skipping GPO objects that don't have the
    expected LDAP attributes; (bso#12695).
  + Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
  + lib: debug: Avoid negative array access; (bso#12746).
  + cleanupdb: Fix a memory read error; (bso#12748).
  + streams_xattr and kernel oplocks results in
    NT_STATUS_NETWORK_BUSY; (bso#7537).
  + winbindd: idmap_autorid allocates ids for unknown SIDs from other
    backends; (bso#11961).
  + vfs_fruit: Resource fork open request with
    flags=O_CREAT|O_RDONLY; (bso#12565).
  + manpages/vfs_fruit: Document global options; (bso#12615).
  + lib/pthreadpool: Fix a memory leak; (bso#12624).
  + Lookup-domain for well-known SIDs on a DC; (bso#12727).
  + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
  + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
  + credentials_krb5: use gss_acquire_cred for client-side GSSAPI
    use case; (bso#12611).
  + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
  + ctdb-readonly: Avoid a tight loop waiting for revoke to
    complete; (bso#12697).
  + ctdb_event monitor command crashes if event is not specified;
    (bso#12723).
  + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
  + smbd: Fix smb1 findfirst with DFS; (bso#12558).
  + smbd: Do an early exit on negprot failure; (bso#12610).
  + winbindd: Fix substitution for 'template homedir'; (bso#12699).
  + s4:kdc: Disable principal based autodetected referral detection;
    (bso#12554).
  + idmap_autorid: Allocate new domain range if the callers knows
    the sid is valid; (bso#12613).
  + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
  + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
    trusted domain; (bso#12725).
  + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
  + winbindd: Fix password policy for pam authentication; (bso#12725).
  + s3:gse: Correctly handle external trusts with MIT; (bso#12554).
  + auth/credentials: Always set the realm if we set the principal
    from the ccache; (bso#12611).
  + replace: Include sysmacros.h; (bso#12686).
  + s3:vfs_expand_msdfs: Do not open the remote address as a file;
    (bso#12687).
  + s3:libsmb: Only print error message if kerberos use is forced;
    (bso#12704).
  + winbindd: Child process crashes when kerberos-authenticating
    a user with wrong password; (bso#12708).
  + vfs_fruit: Office document opens as read-only on macOS due to
    CNID semantics; (bso#12715).
  + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
    fragmented; (bso#12737). - Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416). - Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
  - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist" - Update to 4.6.2
  + remove bso#12721 patches now upstream - Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
  + x86-64 and aarch64 - Enable librados CTDB lock helper for samba-ceph package; (fate#321622). - Build and install the html man pages (bsc#1021907). - Fix CVE-2017-2619 regression with "follow symlinks = no";
  (bso#12721). - Update to 4.6.1
  + symlink race permits opening files outside share directory;
    CVE-2017-2619; (bso#12496); (bsc#1027147)
  + testparm checks for valid idmap parameters
  + add new krb client encryption types
  + support for printer driver upload from windows 10
  + inherit owner = 'unix only' for improved quota support
  + improved CTDB event support
  + new primary group support for idmap_ad
  + idmap_hash deprecated
  + mvxattr added to recursively rename extended attributes - Remove chkconfig requirements for systemd systems - Don't call insserv if systemd is used - Fix check if we need to require insserv - async_req: make async_connect_send() "reentrant";
  (bso#12105); (bsc#1024416). - Force usage of ncurses6-config thru NCURSES_CONFIG env var;
  (bsc#1023847). - add missing patch for libnss_wins segfault; (bsc#995730). - Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Add base Samba dependency to samba-ceph package. - Update to 4.5.3
  + Heap-based Buffer Overflow Remote Code Execution Vulnerability;
    CVE-2016-2123; (bso#12409); (bsc#1014437).
  + Don't send delegated credentials to all servers; CVE-2016-2125;
  (bso#12445); (bsc#1014441).
  + denial of service due to a client triggered crash in the winbindd
    parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
  + various streams vfs fixes
  + various printing fixes
  + ntlm_auth: do not map explicitly empty domain
  + various stability fixes in smbd
  + match file compression ReFS behavior -  Add missing ldb module directory; (bnc#1012092). - s3/client: obey 'disable netbios' smb.conf param, don't
  connect via NBT port; (bsc#1009085); (bso#12418). - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format
  fails; (bsc#997833). - Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730). - Update to 4.5.0
  + NTLM1 Authentication disabled by default
  + SMB2.1 leases enabled by default
  + Support for OFD locks
  + ctdb tool rewritten
  + Added shadow copy snapshot prefix parameter - Fix illegal memory access after memory has been deleted;
  (bso#11836); (bsc#975299). - Prevent core, make sure response->extra_data.data is always
  cleared out; (bsc#993692). - Don't package man pages for VFS modules that aren't built;
  (boo#993707). - Fix population of ctdb sysconfig after source merge; (bsc#981566). - Enable vfs_ceph builds for Factory (x86-64)
  + Package as samba-ceph to avoid Ceph dependency in base package. - Update to 4.4.5
  +  Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
    (bso#11860); (bsc#986869). - Remove obsolete syslog.target; (bsc#983938). - Honor smb.conf socket options in winbind; (bsc#975131). - Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522). - Update to 4.4.4
  + SMB3 multichannel: Add implementation of missing channel sequence
    number verification; (bso#11809).
  + smbd:close: Only remove kernel share modes if they had been
    taken at open; (bso#11919).
  + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
    (bso#11930).
  + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
  + Fix case sensitivity issues over SMB2 or above; (bso#11438).
  + s3:smbd: Fix anonymous authentication if signing is mandatory.
    (bso#11910)
  + Fix NTLM Authentication issue with squid; (bso#11914).
  + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
  + Fix memory leak in share mode locking; (bso#11934). - Update to 4.4.3
  + Various post-badlock regressions; (bso#11841); (bso#11850);
    (bso#11858); (bso#11870); (bso#11872).
  + Only allow idmap_hash for default idmap config (bso#11786).
  + smbd: Avoid large reads beyond EOF; (bso#11878).
  + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
    is set; (bso#11806).
  + libads: Record session expiry for spnego sasl binds; (bso#11852). - Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
  (bsc#975962); (bsc#979268), (bsc#977669). - Revert shared library packaging to comply with SLPP - Update to 4.4.2
  + A man-in-the-middle can downgrade NTLMSSP authentication;
    CVE-2016-2110; (bso#11688); (bsc#973031).
  + Domain controller netlogon member computer can be spoofed;
    CVE-2016-2111; (bso#11749); (bsc#973032).
  + LDAP conenctions vulnerable to downgrade and  MITM attack;
    CVE-2016-2112; (bso#11644); (bsc#973033).
  + TLS certificate validation missing; CVE-2016-2113; (bso#11752);
    (bsc#973034).
  + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
    (bso#11756); (bsc#973036).
  + "Badlock" DCERPC impersonation of authenticated account possible;
    CVE-2016-2118; (bso#11804); (bsc#971965).
  + DCERPC server and client vulnerable to DOS and MITM attacks;
    CVE-2015-5370; (bso#11344); (bsc#936862). - Fix samba.tests.messaging test and prevent potential tdb corruption
  by removing obsolete now invalid tdb_close call; (bsc#974629). - Obsolete libsmbclient from libsmbclient0 while not providing it;
  (bsc#972197). - Update to 4.4.0.
  + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
    CVE-2016-0771.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; (bso#11648); CVE-2015-7560.
  + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
    with no ACL support; (bso#10489).
  + docs: Add example for domain logins to smbspool man page; (bso#11643).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
  + winbindd: Return trust parameters when listing trusts; (bso#11691).
  + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
  + Crypto.Cipher.ARC4 is not available on some platforms, fallback to
    M2Crypto.RC4.RC4 then; (bso#11699).
  + s3:utils/smbget: Set default blocksize; (bso#11700).
  + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
  + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
  + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
  + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
  + smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + docs: Add manpage for cifsdd; (bso#11730).
  + param: Fix str_list_v3 to accept ; again; (bso#11732).
  + lib/socket: Fix improper use of default interface speed; (bso#11734).
  + lib:socket: Fix CID 1350009: Fix illegal memory accesses
    (BUFFER_SIZE_WARNING); (bso#11735).
  + libcli: Fix debug message, print sid string for new_ace trustee;
    (bso#11738).
  + Fix installation path of Samba helper binaries; (bso#11739).
  + Fix memory leak in loadparm; (bso#11740).
  + tevent: version 0.9.28: Fix memory leak when old signal action restored;
    (bso#11742).
  + smbd: Ignore SVHDX create context; (bso#11753).
  + Fix net join; (bso#11755).
  + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
    (bso#11755).
  + passdb: Add linefeed to debug message; (bso#11763).
  + s3:utils/smbget: Fix option parsing; (bso#11767).
  + libnet: Make Kerberos domain join site-aware; (bso#11769).
  + Reset TCP Connections during IP failover; (bso#11770).
  + ldb: Version 1.1.26; (bso#11772).
  + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
  + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
  + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
  + "trustdom_list_done: Got invalid trustdom response" message should be
    avoided; (bso#11782).
  + Mismatch between local and remote attribute ids lets replication fail with
    custom schema; (bso#11783).
  + Quota is not supported on Solaris 10; (bso#11788).
  + Talloc: Version 2.1.6; (bso#11789).
  + smbd: Enable multi-channel if 'server multi channel support = yes' in the
    config; (bso#11796).
  + build: Fix build when '--without-quota' specified; (bso#11798).
  + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
  + Access based share enum: handle permission set in configuration files;
    (bso#8093).
  + See also WHATSNEW.txt from the samba-doc package. - Update to 4.3.6.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; CVE-2015-7560; (bso#11648); (bsc#968222).
  + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
    (bso#11128); (bso#11686); (bsc#968223). - Upgrade on-disk FSRVP server state to new version; (bsc#924519). - Only obsolete but do not provide gplv2/3 package names; (bsc#968973). - Relocate existing lock files to /var/lib/samba/lock; (bsc#968963). - Obsolete no longer existing samba-32bit package; (bsc#967625). - Update to 4.3.5.
  + s3:utils/smbget: Fix recursive download; (bso#6482).
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
    with no ACL support; (bso#10489).
  + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
    (bso#11400).
  + vfs_shadow_copy2: Fix case where snapshots are outside the share;
    (bso#11580).
  + smbclient: Query disk usage relative to current directory; (bso#11662).
  + winbindd: Handle expired sessions correctly; (bso#11670).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + smbcacls: Fix uninitialized variable; (bso#11682).
  + s3:smbd: Ignore initial allocation size for directory creation;
    (bso#11684).
  + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
  + s3-parm: Clean up defaults when removing global parameters; (bso#11693).
  + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + ctdb: Remove error messages after kernel security update; CVE-2015-8543;
    (bso#11705).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
    (bso#11719).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + param: Fix str_list_v3 to accept ";" again; (bso#11732). - Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361). - Simplify shared library packaging; (bsc#966956). - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
  (bsc#964023). - Add quotes around path of update-apparmor-samba-profile; (bnc#962177). - Remove autoconf build-time requirement. - Update to 4.3.4.
  + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
  + Crash: Bad talloc magic value - access after free; (bso#11394).
  + Copying files with vfs_fruit fails when using vfs_streams_xattr without
    stream prefix and type suffix; (bso#11466).
  + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
    (bso#11613).
  + Fix a typo in the smb.conf manpage, explanation of idmap config;
    (bso#11619).
  + Correctly initialize the list head when keeping a list of primary followed
    by DFS connections; (bso#11624).
  + Reduce the memory footprint of empty string options; (bso#11625).
  + lib/async_req: Do not install async_connect_send_test; (bso#11639).
  + Fix typos in man vfs_gpfs; (bso#11641).
  + Make "hide dot files" option work with "store dos attributes = yes";
    (bso#11645).
  + Fix a corner case of the symlink verification; (bso#11647);  (bnc#960249).
  + Do not disable "store dos attributes" on-the-fly; (bso#11649).
  + Update lastLogon and lastLogonTimestamp; (bso#11659). - Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249). - Update to 4.3.3.
  + Malicious request can cause Samba LDAP server to hang, spinning using CPU;
    CVE-2015-3223; (bso#11325); (bnc#958581).
  + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
    (bnc#958586).
  + Insufficient symlink verification (file access outside the share);
    CVE-2015-5252; (bso#11395); (bnc#958582).
  + No man in the middle protection when forcing smb encryption on the client
    side; CVE-2015-5296; (bso#11536); (bnc#958584).
  + Currently the snapshot browsing is not secure thru windows previous version
    (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
  + Fix Microsoft MS15-096 to prevent machine accounts from being changed into
    user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Update to 4.3.2.
  + vfs_gpfs: Re-enable share modes; (bso#11243).
  + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
  + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
    type of zero; (bso#11452).
  + Add libreplace dependency to texpect, fixes a linking error on Solaris;
    (bso#11511).
  + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
  + s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
  + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
    (bso#11563).
  + async_req: Fix non-blocking connect(); (bso#11564).
  + auth: gensec: Fix a memory leak; (bso#11565).
  + lib: util: Make non-critical message a warning; (bso#11566).
  + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
    (bnc#949022).
  + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
  + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
  + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
    (bso#11581).
  + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
  + manpage: Correct small typo error; (bso#11584).
  + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
    containing them; (bso#11589).
  + Backport some valgrind fixes from upstream master; (bso#11597).
  + auth: Consistent handling of well-known alias as primary gid; (bso#11608).
  + winbind: Fix crash on invalid idmap configs; (bso#11612).
  + s3: smbd: have_file_open_below() fails to enumerate open files below an
    open directory handle; (bso#11615).
  + Changing log level of two entries to DBG_NOTICE; (bso#9912). - Ensure samlogon fallback requests are rerouted after kerberos failure;
  (bnc#953382); (bnc#953972). - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems. - Remove redundant configure options while adding with-relro. - Relocate the lockdir to the /var/lib/samba/lock directory. - Cleanup and enhance the pidl sub package. - Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage. - Update to 4.3.1.
  + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
    Windows; (bso#10252).
  + nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
  + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
  + kerberos: Make sure we only use prompter type when available;
    winbind: Fix 100% loop; (bso#11038).
  + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
  + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
    (bso#11316).
  + s3: smbd: Fix mkdir race condition; (bso#11486).
  + pam_winbind: Fix a segfault if initialization fails; (bso#11502).
  + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
  + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
    subdirs; (bso#11515).
  + s3: smbd: Fix opening/creating :stream files on the root share directory;
    (bso#11522).
  + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
  + net: Fix a crash with 'net ads keytab create'; (bso#11528).
  + s3: smbd: Fix a crash in unix_convert(); (bso#11535).
  + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
    (bso#11522); (bso#11535).
  + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
  + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
  + s3:locking: Initialize lease pointer in share_mode_traverse_fn();
    (bso#11549).
  + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
  + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
  + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
    is incorrect; (bso#11555). - Fix 100% CPU in winbindd when logging in with "user must change password on
  next logon"; (bso#11038). - Relocate the tmpfiles.d directory to the client package; (bnc#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
  instead; (bnc#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051). - Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502). - Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
  systems; (bnc#945013). - Update to 4.3.0.
  + Samba "map to guest = Bad uid" doesn't work; (bso#9862).
  + revert LDAP extended rule 1.2.840.113556.1.4.1941
    LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
  + No objectClass found in replPropertyMetaData on ordinary objects
    (non-deleted); (bso#10973).
  + Stream names with colon don't work with fruit:encoding = native;
    (bso#11278).
  + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + "force group" with local group not working; (bso#11320).
  + strsep is not available on Solaris; (bso#11359).
  + smbtorture does not build when configured --with-system-mitkrb5;
    (bso#11411).
  + Build with GPFS support is broken; (bso#11421).
  + Build broken with --disable-python; (bso#11424).
  + net share allowedusers crashes; (bso#11426).
  + nmbd incorrectly matches netbios names as own name; (bso#11427).
  + Python bindings don't check integer types; (bso#11429).
  + Python bindings don't check array sizes; (bso#11430).
  + CTDB's eventscript error handling is broken; (bso#11431).
  + Fix crash in nested ctdb banning; (bso#11432).
  + Cannot build ctdbpmda; (bso#11434).
  + samba-tool uncaught exception error; (bso#11436).
  + Crash in notify_remove caused by change notify = no; (bso#11444).
  + Poor SMB3 encryption performance with AES-GCM; (bso#11451).
  + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
  + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
  + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
    install; (bso#11458).
  + xid2sid gives inconsistent results; (bso#11464).
  + ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
  + Handling of 0 byte resource fork stream; (bso#11467).
  + AD samr GetGroupsForUser fails for users with "()" in their name;
    (bso#11488). - Configure with --bundled-libraries=NONE; (bso#11458). - Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284). - Remove libiniparser-devel build-time requirement. - Update to 4.2.3.
  + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
  + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
  + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
  + Logon via MS Remote Desktop hangs; (bso#11061).
  + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
  + tevent: Add a note to tevent_add_fd(); (bso#11141).
  + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
  + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
  + smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
  + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
    (bso#11245).
  + s3:smb2: Add padding to last command in compound requests; (bso#11277).
  + Add IPv6 support to ADS client side LDAP connects; (bso#11281).
  + Add IPv6 support for determining FQDN during ADS join; (bso#11282).
  + s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
  + Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
  + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
  + vfs_fruit: Add option "veto_appledouble"; (bso#11305).
  + tstream: Make socketpair nonblocking; (bso#11312).
  + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
  + Group creation: Add msSFU30Name only when --nis-domain was given;
    (bso#11315).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + Build fails on Solaris 11 with "â€˜PTHREAD_MUTEX_ROBUSTâ€™ undeclared";
    (bso#11319).
  + smbd/trans2: Add a useful diagnostic for files with bad encoding;
    (bso#11323).
  + Change sharesec output back to previous format; (bso#11324).
  + Robust mutex support broken in 1.3.5; (bso#11326).
  + Kerberos auth info3 should contain resource group ids available from
    pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
    exists in PAC; (bso#11328); (bnc#912457).
  + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
  + tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
  + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
  + s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
    (bso#11339).
  + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
  + pidl: Make the compilation of PIDL producing the same results if the
    content hasn't change; (bso#11356).
  + winbindd: Disconnect child process if request is cancelled at main
    process; (bso#11358).
  + vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
    (bso#11363).
  + docs: Overhaul the description of "smb encrypt" to include SMB3
    encryption; (bso#11366).
  + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
    (bso#11367).
  + ncacn_http: Fix GNUism; (bso#11371). - Disable rpath usage; (bnc#902421). - Make the winbind package depend on the matching libwbclient version and
  vice versa; (bnc#936909). - Backport changes to use resource group sids obtained from pac logon_info;
  (bso#11328); (bnc#912457). - Order winbind.service Before and Want nss-user-lookup target. - Remove fam-devel build-time dependency for post-6 RHEL systems. - Update to 4.2.2.
  + s3:smbXsrv: refactor duplicate code into
    smbXsrv_session_clear_and_logoff(); (bso#11182).
  + gencache: don't fail gencache_stabilize if there were records to delete;
    (bso#11260).
  + s3: libsmbclient: After getting attribute server, ensure main srv pointer
    is still valid; (bso#11186).
  + s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
    (bso#11236).
  + s3: smbd: Incorrect file size returned in the response of
    "FILE_SUPERSEDE Create"; (bso#11240).
  + Mangled names do not work with acl_xattr; (bso#11249).
  + nmbd rewrites browse.dat when not required; (bso#11254).
  + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
    (bso#11213).
  + s3:smbd: Add missing tevent_req_nterror; (bso#11224).
  + vfs: kernel_flock and named streams; (bso#11243).
  + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
  + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
    are used; (bso#11284).
  + ctdb: check for talloc_asprintf() failure; (bso#11201).
  + spoolss: purge the printer name cache on name change; (bso#11210);
    (bnc#901813).
  + CTDB statd-callout does not scale; (bso#11204).
  + vfs_fruit: also map characters below 0x20; (bso#11221).
  + ctdb: Coverity fix for CID 1291643; (bso#11201).
  + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
  + Fix terminate connection behavior for asynchronous endpoint with PUSH
    notification flavors; (bso#11226).
  + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
  + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
  + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
    directory is deleted; (bso#11257).
  + s3:winbindd: make sure we remove pending io requests before closing client
    sockets; (bso#11141); (bnc#931854).
  + Fix panic triggered by smbd_smb2_request_notify_done() ->
    smbXsrv_session_find_channel() in smbd; (bso#11182).
  + 'sharesec' output no longer matches input format; (bso#11237).
  + waf: Fix systemd detection; (bso#11200).
  + CTDB: Fix portability issues; (bso#11202).
  + CTDB: Fix some IPv6-related issues; (bso#11203).
  + CTDB statd-callout does not scale; (bso#11204).
  + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
    enter invalid values; (bso#11234).
  + libads: record service ticket endtime for sealed ldap connections;
    (bso#11267).
  + lib/util: Include DEBUG macro in internal header files before samba_util.h;
    (bso#11033). - Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854). - Remove the independently built libraries ldb, talloc, tdn, and tevent and
  the post-10.3 renamed libsmbclient from baselibs.conf. - Drop redundant doc attribute from man pages. - Update to 4.2.1.
  + s3:winbind:grent: Don't stop group enumeration when a group has no gid;
    (bso#8905).
  + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
  + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
    servers that don't send the 2 unused fields; (bso#10016).
  + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
  + waf: Fix the build on openbsd; (bso#10476).
  + s3: client: "client use spnego principal = yes" code checks wrong name;
    (bso#10888).
  + spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
  + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
    miliseconds if it's still valid before use; (bso#11079).
  + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
  + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
  + replace: Remove superfluous check for gcrypt header; (bso#11135).
  + Backport subunit changes; (bso#11137).
  + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
    implementation; (bso#11140).
  + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
  + talloc: Version 2.1.2; (bso#11144).
  + Update libwbclient version to 0.12; (bso#11149).
  + brlock: Use 0 instead of empty initializer list; (bso#11153).
  + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
    NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
  + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
    (bnc#913304).
  + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
    fails in the SMB1 case; (bso#11173).
  + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
  + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
  + s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
  + s4-process_model: Do not close random fds while forking; (bso#11180).
  + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Purge printer name cache on spoolss SetPrinter change; (bso#11210);
  (bnc#901813). - Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374). - Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root. - Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
  (bnc#913304). - Update to 4.2.0.
  + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
  + pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Make 'profiles' work again; (bso#9629).
  + s3:smb2_server: protect against integer wrap with
    "smb2 max credits = 65535"; (bso#9702).
  + Make validate_ldb of String(Generalized-Time) accept millisecond format
    ".000Z"; (bso#9810).
  + Use -R linker flag on Solaris, not -rpath; (bso#10112).
  + vfs: Add glusterfs manpage; (bso#10240).
  + Make 'smbclient' use cached creds; (bso#10279).
  + pdb: Fix build issues with shared modules; (bso#10355).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
  + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
  + Don't build vfs_snapper on FreeBSD; (bso#10834).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3: smb2cli: query info return length check was reversed; (bso#10848).
  + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
  + lib: uid_wrapper: Fix setgroups and syscall detection on a system without
    native uid_wrapper library; (bso#10851).
  + winbind3: Fix pwent variable substitution; (bso#10852).
  + Improve samba-regedit; (bso#10859).
  + registry: Don't leave dangling transactions; (bso#10860).
  + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
  + build: Do not install 'texpect' binary anymore; (bso#10862).
  + Fix testparm to show hidden share defaults; (bso#10864).
  + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
    max=PROTOCOL_SMB2_02; (bso#10866).
  + Integrate CTDB into top-level Samba build; (bso#10892).
  + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + Fix smbclient loops doing a directory listing against Mac OS X 10 server
    with a non-wildcard path; (bso#10904).
  + Fix print job enumeration; (bso#10905); (bnc#898031).
  + samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
    (bso#10909).
  + Add support for SMB2 leases; (bso#10911).
  + btrfs: Don't leak opened directory handle; (bso#10918).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: fix keytab array NULL termination; (bso#10933).
  + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
  + Cleanup add_string_to_array and usage; (bso#10942).
  + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
  + Fix RootDSE search with extended dn control; (bso#10949).
  + Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
  + libcli/smb: only force signing of smb2 session setups when binding a new
    session; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + vfs_streams_xattr: Check stream type; (bso#10971).
  + s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
    (bso#10982).
  + vfs_fruit: Add support for AAPL; (bso#10983).
  + Fix spoolss IDL response marshalling when returning error without clearing
    info; (bso#10984).
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
  + Fix IPv6 support in CTDB; (bso#10996).
  + ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
    (bso#11000).
  + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
  + s3-util: Fix authentication with long hostnames; (bso#11008).
  + ctdb-build: Fix build without xsltproc; (bso#11014).
  + packaging: Include CTDB man pages in the tarball; (bso#11014).
  + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
    (bso#11016).
  + Make Sharepoint search show user documents; (bso#11022).
  + nss_wrapper: check for nss.h; (bso#11026).
  + Enable mutexes in gencache_notrans.tdb; (bso#11032).
  + tdb_wrap: Make mutexes easier to use; (bso#11032).
  + lib/util: Avoid collision which alread defined consumer DEBUG macro;
    (bso#11033).
  + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
  + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
  + vfs_fruit: Fix base_fsp name conversion; (bso#11039).
  + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
  + Fix authentication using Kerberos (not AD); (bso#11044).
  + net: Fix sam addgroupmem; (bso#11051).
  + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
    (bnc#913238).
  + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
  + utils: Fix 'net time' segfault; (bso#11058).
  + libsmb: Provide authinfo domain for encrypted session referrals;
    (bso#11059).
  + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
  + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
  + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
  + vfs_glusterfs: Implement AIO support; (bso#11069).
  + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
  + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
    (bso#11077); CVE-2015-0240; (bnc#917376).
  + vfs: Add a brief vfs_ceph manpage; (bso#11088).
  + s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
  + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
    (bso#11097).
  + debug: Set close-on-exec for the main log file FD; (bso#11100).
  + s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
    (bso#11102).
  + s3: smbd: SMB2 close. If a file has delete on close, store the return info
    before deleting; (bso#11104).
  + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
  + snprintf: Try to support %j; (bso#11119).
  + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
  + doc-xml: Add 'sharesec' reference to 'access based share enum';
    (bso#11127). - Update to 4.2.0rc5.
  + Ensure we don't call talloc_free on an uninitialized pointer;
    CVE-2015-0240; (bso#11077); (bnc#917376). - Fix usage of freed memory on server exit; (bso#11218); (bnc#919309). - Fix tdb_store_flag_to_ntdb() gcc5 build failure. - Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238). - Update to 4.1.16.
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Fix libsmbclient DFS referral handling.
  + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
  + Set domain/workgroup based on authentication callback value; (bso#11059). - Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
  libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages. - Enable avahi support on post-12.2 systems. - Update to 4.1.15.
  + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Fix profiles tool; (bso#9629).
  + s3-lib: Do not require a password with --use-ccache; (bso#10279).
  + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
    (bso#10949).
  + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
  + s3:smb2_server: Allow reauthentication without signing; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
    convention; (bso#10982).
  + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
    'supported_extensions'; (bso#11006).
  + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
    (bso#11006).
  + winbind: Retry LogonControl RPC in ping-dc after session expiration;
    (bso#11034). - yast2-samba-client should be able to specify osName and osVer on
  AD domain join; (bnc#873922). - Lookup FSRVP share snums at runtime rather than storing them persistently;
  (bnc#908627). - Specify soft dependency for network-online.target in Winbind systemd service
  file; (bnc#889175). - Fix spoolss error response marshalling; (bso#10984). - Update to 4.1.14.
  + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
    Tools/perl.py back to upstream state; (bso#10472).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + nmbd fails to accept "--piddir" option; (bso#10711).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
    (bso#10880).
  + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
    (bso#10889).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
    STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
  + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: Fix keytab array NULL termination; (bso#10933).
  + Cleanup add_string_to_array and usage; (bso#10942). - Remove and cleanup shares and registry state associated with
  externally deleted snaphots exposed as shadow copies; (bnc#876312). - Use the upstream tar ball, as signature verification is now able to handle
  compressed archives. - Fix leak when closing file descriptor returned from dirfd; (bso#10918). - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
  + Fix handling of bad EnumJobs levels; (bso#10898). - Remove dependency on gpg-offline as signature checking is implemented in the
  source validator. - Update to 4.1.13.
  + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
  + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
  + s3-libads: Add all machine account principals to the keytab; (bso#9985).
  + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
    be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
  + Fix unstrcpy; (bso#10735).
  + pthreadpool: Slightly serialize jobs; (bso#10779).
  + s3: smbd: streams - Ensure share mode validation ignores internal opens
    (op_mid == 0); (bso#10797).
  + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
  + vfs_media_harmony: Fix a crash bug; (bso#10813).
  + docs: Mention incompatibility between kernel oplocks and streams_xattr;
    (bso#10814).
  + nmbd: Send waiting status to systemd; (bso#10816).
  + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
    (bso#10817).
  + nsswitch: Skip groups we were not able to map; (bso#10824).
  + s3-winbindd: Use correct realm for trusted domains in idmap child;
    (bso#10826).
  + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
  + s3: lib: Signal handling - ensure smbrun and change password code save and
    restore existing SIGCHLD handlers; (bso#10831).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
    (bso#10838).
  + s3: smb2cli: Query info return length check was reversed; (bso#10848).
  + registry: Don't leave dangling transactions; (bso#10860). - Update to 4.2.0rc2. /bin/sh samba-ad-dc-32bit                                                                                                                                                               	   
                                                                      !   "   #   $   %   &   '   (   )   *   +                                              €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €                            4.15.13+git.710.7032820fcd 4.15.13+git.710.7032820fcd-150400.3.34.2 4.15.13+git.710.7032820fcd-150400.3.34.2     4.15.13+git.710.7032820fcd                                                                                                   	   	   	   	   	   	   	   	   	   	   	   	   	krb5 plugins kdb samba.so libdcerpc-server.so.0 libdcerpc-server.so.0.0.1 samba bind9 dlz_bind9_10.so dlz_bind9_11.so dlz_bind9_12.so dlz_bind9_14.so dlz_bind9_16.so dlz_bind9_18.so gensec krb5.so libdb-glue-samba4.so libdlz-bind9-for-torture-samba4.so libdsdb-garbage-collect-tombstones-samba4.so libdsdb-module-samba4.so libpac-samba4.so libprocess-model-samba4.so libscavenge-dns-records-samba4.so libservice-samba4.so pdb samba_dsdb.so process_model prefork.so standard.so service cldap.so dcerpc.so dns.so dns_update.so drepl.so kcc.so kdc.so ldap.so nbtd.so ntp_signd.so s3fs.so winbindd.so wrepl.so /usr/lib/ /usr/lib/krb5/ /usr/lib/krb5/plugins/ /usr/lib/krb5/plugins/kdb/ /usr/lib/samba/ /usr/lib/samba/bind9/ /usr/lib/samba/gensec/ /usr/lib/samba/pdb/ /usr/lib/samba/process_model/ /usr/lib/samba/service/ -fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.suse.de/SUSE:Maintenance:31907/SUSE_SLE-15-SP4_Update/625f171e9af34d04e78337ab8ddad37d-samba.SUSE_SLE-15-SP4_Update drpm xz 5 x86_64-suse-linux                                                  	       
                                                                                  !   "directory ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=d819962776c60a86fba69cd0b8c54f6f31509a09, stripped  ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7e95b3cb06e635712b0197678ad67863fbad434b, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3f211c4a7ddba6c227833223630a412d6969d43b, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8e9e33a01693e29ffe2c830e16902a7424de2fbb, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=02e9c68c1de94f2cba8a905ff6bd2bdc6661eb91, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ee8049b0d44be73c1da0b1ee9b4fb54ba5319b3e, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ffe9eccd17b2872f89d6498048b00d5cbb0e93b0, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c003e04dcab788980f223a38d7a1b79edfc2ea74, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=64e765b2979fa659fb5bb0430492877d8de2053b, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4e0366e09efcb8864df9025e3f3609257051c5ef, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=551cfb145ccf69a6ce17b91d95be2a4947ee95d7, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=79bfc1f0350cd9acd905b28ae684c69e7db82f60, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3282100b7ba81b2d52c7244636ef314b15532569, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4311608510601d6850a0ba7fa9082c81ee696542, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=821c9922c7b1727b40c37bd742f0d58d6ba19057, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8e28d1aab0151ed8c6d6dc4c12885683984335d5, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b3a6f4fffd5bcdcca26a93f3d1254d573594c65c, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=dcf6c391674a4ba5032ac7e4432e5ae72c3fc3be, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=94e400e83bb005e95fc653c6b7dda701b5de6b42, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=20aa094745fa0451e3684ff490f78f512e5c349b, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c2ed32969fa04ba81176138f9a5baeac1a7f23c0, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=37e06f1e3fe715c1938f398c7056421e7f791a85, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f04e5ea7c43e51aee2a02d8139c0c1ea76aebe34, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=257e02640f4b1a9c331f01034186151ec5b92bbf, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b7c53b2457bbfe8bc140b80fccea94a42fbf9552, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8b7ea96b3b20034ea767a8f1cc06ed4d349fa698, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fd10b736c844a3650112780eef9422dbccc155be, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c5b29093986679ecbf3eca80797ca82aca7fe84e, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b843a4b44b3f5d1ba04e0b9cfceb3e03216d7d26, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=98dc43cc995810b4709e15363843072db3272eca, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=eedc2026944ee6b092e81e9b856553a7f0809cec, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b375c346f566229089cb5a3d473e2dd952ee3ff3, stripped ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2878a1c27bc0d1b8cb1fbc3afefc1985a109c28c, stripped                           +           “   ¸   Ý    '  L      q  ’  Ã  ê    3  [  o  ‘      ¹      ä        /  M  e  ž  Â  ÷  #  g  ¥  Ø                      +       h           %   %   %   %   %   %       !   1   '      ,   (      "   (       +       '   $             9   $   5   ,   D   >   3   (         4R  ‹R  }R  ¦R  SR  MR  ‘R  ƒR  uR  BR  “R  R  ŸR  R  (R  R  R  R  …R  R  IR  OR  QR  ŠR  ’R  |R  tR  'R  „R  €R  ŽR  R  ‚R  PR  R  AR  NR  HR  $R  ¢R  žR  LR  RR  P  P  R  R  {R  R  6R  R  DR  @R  ‡R  R  }R  <R  qR  ™R  R  “R  *R  bR  R  ¡R  OR  
R  8R  &R  \R  R  2R  ƒR  ¦R  ‹R  GR  FR  ŸR  R  R  0R  ,R  R  R  R  R  mR  nR  oR  lR  jR  fR  .R  hR  dR  YR  ZR  SR  …R  BR  R  ‘R  iR  ;R  +R  ŠR  ~R  7R  cR  ˜R  	R  1R  ŒR   R  5R  ŽR  R  „R  R  aR  pR  ‚R  gR  eR  CR  ’R  |R  R  R  R  [R  )R  †R  /R  €R  -R  AR  %R  R  ?R  R  zR  NR  ¢R  žR  ER  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  R  R  }R  ¡R  R  …R  DR  R  R  R  R  ¦R  R  R  ŸR  R  OR  QR  R  ~R  CR  PR  ŒR   R  |R  „R  ŽR  R  €R  NR  $R  ¢R  žR  P  P   R  }R  ‹R  ¡R  fR  ,R  R  {R  ƒR  oR  jR  R  ¦R  …R  BR  “R  ‘R  OR  dR  R  R  R  SR  ŸR  QR  R  R  eR  ŠR  ’R  |R  „R  iR  ŽR  €R  cR  +R   R  ‚R  PR  R  AR  zR  NR  ¢R  žR  RR  P  P  R  >R  R  BR  R  8R  “R  wR  R  ƒR  R  R  R  R  ŸR  R  YR  SR  ‘R  DR  …R  R  CR  7R  „R  ŒR  R  €R  ~R  ‚R  ’R  ŽR  =R  AR  žR  vR  RR  P  P  R  \R  R  R  ¡R  dR  oR  jR  lR  ¦R  R  SR  ŸR  R  ,R  ‘R  cR  +R  iR  [R  R  ŽR   R  €R  ¢R  žR  RR  P  	P  R  R  @R  }R  R  R  R  R  …R  ƒR  qR  BR  R  R  ŸR  ‘R  R  \R  WR  TR  XR  UR  SR  jR  ‹R  iR  ŠR  R  |R  R  ‚R  ŽR  ?R  R  „R  €R  AR  pR  [R  R  žR  RR  P  P  
R  R  }R  “R  …R  ‹R  jR  R  R  R  &R  ƒR  `R  ‘R  R  R  ŸR  SR  OR  IR  QR  ŠR  %R  ’R  |R  „R  iR  R  ‚R  PR  R  ŽR  €R  _R  NR  HR  žR  RR  P  P  R  ‡R  R  ŸR  BR  R  ƒR  #R  R  R  R  †R  ŒR  "R  ‚R  AR  €R  žR  P  P  R  bR  R  R  R  ¡R  dR  R  8R  oR  jR  lR  ¦R  …R  ‘R  R  ŸR  SR  ,R  7R  +R  cR  iR  „R  R  ŽR   R  aR  €R  ¢R  žR  RR  P  P  R  yR  fR  ,R  “R  qR  ƒR  #R  …R  R  ¦R  
R  ŸR  R  R  R  R  R  sR  R  {R  R  xR  	R  ŒR  eR  „R  rR  "R  ŽR  ‚R  ’R  +R  pR  €R  zR  žR  ¢R  R  >R  \R  R  }R  jR  ƒR  “R  R  R  R  R  ›R  ŸR  dR  —R  ZR  SR  ‹R  ‘R  R  R  …R  ‰R  ˆR  ’R  [R  R  –R  ~R  |R  iR  ŠR  cR  ‚R  „R  ŽR  R  šR  =R  €R  žR  RR  R  >R  \R  R  ¥R  ¦R  ƒR  yR  #R  BR  R  R  R  R  ŸR  R  }R  R  R  R  …R  {R  R  =R  [R  ŒR  xR  "R  ŽR  AR  €R  |R  „R  ‚R  œR  R  žR  zR  ¢R  R  \R  R  ^R  …R  R  ¦R  ƒR  yR  #R  BR  R  R  R  ŸR  }R  R  R  R  {R  ]R  R  ŒR  [R  xR  "R  AR  €R  ŽR  |R  œR  ‚R  „R  zR  žR  ¢R  R  }R  …R  R  {R  ™R  R  R  R  SR  R  R  R  ŸR  “R  qR  ƒR  R  pR  ˜R  |R  „R  ‚R  ŒR  R  €R  ’R  zR  žR  RR  R  R  yR  ŸR  ™R  2R  ,R  4R  …R  R  R  R  R  R  3R  ˜R  +R  1R  ŽR  „R  R  xR  €R  žR  R  R  
R  !R  R  fR  }R  ¡R  R  jR  kR  ™R  “R  ‘R  qR  ¦R  8R  …R  R  ƒR  bR  R  SR  ŸR  R  R  R  DR  R  R  {R  	R  ŒR   R   R  CR  ~R  7R  „R  ˜R  R  R  |R  ‚R  eR  ’R  ŽR  iR  aR  R  €R  pR  R  zR  ¢R  žR  RR  R  ‹R  R  fR  {R  ™R  R  R  R  R  R  “R  ƒR  ‘R  R  ¦R  ŸR  SR  R  …R  jR  ŠR  ˜R  ‚R  R  ŽR  ’R  „R  iR  R  eR  €R  zR  ¢R  žR  RR  R  }R  R  DR  …R  ‹R  ¡R  fR  R  BR  dR  ™R  R  6R  \R  ƒR  “R  UR  SR  ¦R  ‘R  ,R  R  R  R  lR  oR  jR  ŸR  R  +R  ’R  cR  ˜R  iR  ŒR   R  |R  ŽR  „R  [R  ŠR  ‚R  R  R  5R  eR  AR  €R  CR  ¢R  žR  RR  R  \R  R  fR  }R  R  R  R  ™R  :R  •R  “R  BR  ƒR  R  ¦R  ŸR  
R  R  jR  SR  ‘R  …R  dR  ”R  9R  eR  ’R  cR  |R  ˜R  iR  ŽR  „R  ‚R  [R  R  R  	R  AR  €R  ¢R  žR  RR  R  }R  
R  jR  ¡R  fR  SR  MR  R  `R  KR  (R  {R  ƒR  ‹R  QR  ™R  £R  ¦R  R  R  R  qR  R  R  R  “R  OR  …R  ‘R  R  R  R  R  DR  ŸR  ~R  ŠR  'R  ˜R  PR  	R  ŒR   R  CR  ’R  |R  „R  R  iR  ‚R  R  ŽR  R  eR  R  €R  _R  pR  R  zR  JR  NR  $R  ¢R  žR  LR  RR  R  &R  R  
R  }R  ¨R  ¡R  R  ‹R  ™R  qR  R  ƒR  “R  BR  R  ¤R  £R  ¦R  R  ‘R  R  R  ŸR  R  VR  TR  UR  SR  R  R  R  R  R  DR  …R  	R  %R  CR  R  ~R  ’R  „R  ˜R  R  R  |R  ŠR  ‚R   R  ŽR  ŒR  €R  R  pR  R  R  AR  §R  ¢R  žR  RR  R  \R  jR  R  fR  }R  ™R  ‹R  ‘R  “R  qR  ƒR  R  …R  R  ¦R  ŸR  bR  R  R  R  ZR  SR  R  6R  R  R  <R  iR  ;R  [R  ŒR  R  aR  |R  ŽR  ˜R  ‚R  ŠR  R  R  „R  €R  5R  eR  ’R  pR  R  ¢R  žR  RR  R  ‘R  R  R  …R  jR  R  ‹R  fR  R  FR  ™R  “R  ¦R  ƒR  R  ŸR  SR  R  R  R  R  iR  ŒR  ’R  ˜R  ‚R  ŽR  R  ŠR  „R  R  R  eR  €R  R  ¢R  žR  ER  RR  R  ™R  R  ŸR  R  R  R  ‘R  ¦R  R  ˜R  ŽR  €R  R  žR  ¢R  R  ™R  R  ŸR  R  R  ‘R  ¦R  R  ˜R  ŽR  €R  R  žR  ¢R  R  \R  R  bR  R  }R  ¡R  jR  
R  R  fR  ™R  “R  ƒR  qR  BR  R  £R  ¦R  …R  ŸR  ZR  SR  R  R  R  R  R  {R  iR  [R  ŒR  aR   R  eR  |R  „R  ˜R  ‚R  ŽR  pR  R  	R  €R  AR  R  ’R  R  zR  ¢R  žR  RR     utf-8 37dc71808206eb8de673c0cd7c0534ab4eed0e91fd89cf2a5ac93685f8158ed2        ?   ÿÿûð   ý7zXZ  
áû¡ !   t/å£àþËïþ] "ÌkÀ&ÃV­ÑhvôÜ¤âM-È°÷‹„vù¹6ªûâý®Ç3âºìÈ û]z¥ÁUÌÎËË$ºÉuîürå¾ÈþtÔ„0yýe@g}YJïëËQC6noÇ¤qÐX^)X´&‡‡Ë;\µÐ¾å)†}9Þ£(*ÿÎ®9Ñ¸ÍTLxƒfÓ<÷®¡W¨þ¾ïÔG§l<”°°â-¥j3tM…·c›ÖØÉÉÈGÝI Pè%×Ï«¾íšj8ôXï>r~!V9¦vbÿb'­Â9-;XÞødFhPiIûkùY¦‡ÈlÑÇ}‡%ö³Oa<û`ršsQ.Á9#7…šç^?Ñ¥ÎbçWÂGôÛ<›þ‚óv½3=Œž“˜í*N,rîEvØ¢@uMC¶fñŸÚ>ó‚Ë•ÉOÈ„yoÎAÇ¶hg°4¼ÚÒX#1[W-ÛX<—åþ²±ùYÎ PÅ Ø–Òƒðtc
ªÈ	[M²äT`!'îIû±%ûÃ„L@9Ÿ9QÚ²Ý©Úr¾^ô"aqæ—•p>ëpe€ôUŸB%¬m2
pÒç6ß¹$öäfÍÍœÃÛ‘•ŸË}Aï–¡ÍtåzsÁý—Ø¹už'ÂEÉ?]ZdÒÅw½ò€`|Èa–Õ =¬!¥÷2ÝuvÄŽè‹»Zj.Ð•»|YüÎ%•0‹'$ß°€àý¨¬¦«Þ-õë¡2œ›öæds©€žðf>ì'ùÃ½>Å± 2öcš’¬?þ¦e¯Ukeœ?[I2Þ^,ÏÛY¯%½ÑF¬@ šr¸õäðè¦ó™½Ì©=Të]Iº€°„qZì7ÛálVŠk.Mƒ·:Ã:ßÿÿ%èq…2Çªk3<»1/w#Ï»1éŽ±ÂR5@MuR'q!ãF3(Gà  
5FÄò4OKvÖÆ@ubº˜v¤»¦Én“aÞ€yŽù¥4_Ti¾Ö¤¥AÞ‰åc¦”Û…ËømôqŽ…ywEƒSv?S‡qipß˜€éäwUà›ç˜
»þ©ÖD„ªBÞ#Ùa=à©Q™û¹‹Št6Z[”ë¶ NPdHÃ]èSÖx'sÈÒX(²Ç‹‡+åà|ÝBÿGøå-ÌE‹=S™ù'Áx¶,7&[óÔÚ–y½Gc•cä3bA´¦‚~*ÎÚóœîQtO(É<“ r´´!˜„ü©·âÓ¤Á T²Lg“Áâ¡2F‘4N[h—jš_7'”+Þ@¥¹cúj%I¦‘Y’!B|dšA!Vâ?;vksÃ
©Èt‹gÀõ*ÙZ”N1²Š†G>·6Ó¿ûãNƒv™ðN=m,y(³TÖwBjá6uIgO¹z¡G«¨ñ2S¿¬è¶}¶%¬Êú¸?CÊ:XÒiHÊ,_—6‘á«£·Ö`ñBÙ™³Ñ~p¨}ªUä6b3½"x<r?n–	5<‹Ž™‰aþ•4
tºËšðÒq[7º“÷WyøUÆŽkíˆÿL‚½ÚšÞÖà?ÂþÕ±¨©õi[ã ñû3½Kë’iMi8_›‹½‰°øå*ìÑs˜Â•ÒP¸¹5$ªí¿…Ž¾d#jÀ¥UÖc,˜rë—4{£sÛ¶q„ö$àÎ²Úž›ÛKõóû6uò.Ù§dŸLŒ.92›vM1rAïÚÉú#OÉÒÓd)îÔ½_\ÌÌ-;kO üy³	ŸÊ¡Zo³£WÜ¯2
R%bÏ)ÝíÅgöy;þØS<kíÓÅò—®‡Å0º&ÀÉEœ«p^IØ`OjÂz¹¡nZï”†â÷es°óe*ànéØy.¼{(ïd4bïàlªÖa…“¤4/8±{œAÝj½·	Ùb×~çz}‰cGß|8Ù¢ EzÜ„çötîÞ¥YwxÒ`‹}Ÿ$*0l;žšÌ©Pp”<*nàyZ(ÝSu°ŸFvb¯Ö®Šâ:°*¯®`,ùüÝr›ŽÂÅB»Mœjbn÷šÜgƒA4d¦Œå\%iÛmF?{î¸zkìDåhï)œ©¨ÊšlÚ@±`ˆ²Jê¶}2(	NíððI,r¯î4b}P¾W ç÷"
Tö\dÁ©Ÿ-fkÌ`mBªÔÁl~óˆ4zà·~2½m.w·lmÒ®Â’Ë«à”AË\¤;ü¡X¿xy×Ñ
@³îõî°›¶´n¬þåBy@g™Ó#Ú?Oªaþ/!ot,Ï'}6‰ª8k~çEô\ÕËhºyGÓàmÔ r…Z_?”hÄF]]E:PÀîÃ‚úÄµœ¸]Ü<‘hà¿ê¯wÎ¾S¬Ó@@Ò]K ÛR
"çÑ-^”À]YøSÓæRiWÈ³- T<Û,ÉD4S#ÒVÖ÷ÄËíª£úŠwû¤ŸˆÜdÁyT¹åwšGBG%³D^Útr"ëcîZõã<qKÍØïào¢lþƒHW*þÔÝ"Ì'×Âãž	`Ì·›QG§•§w“¨k{±î:_yõ:X™™'œ*žé¡¥dKÆÌÝDX‰-/Ë!¾ÁUÀ¿ßðüÒ³Â„eRò"È[É¥äêC¶þº°ÓÊÌ „§ó”úëÇ­•¯uÈNLÕa®÷iº
uãË¥†C¤ÃúèäãA:ÞmÀ_>˜A‘îÝ@Ö8¿˜A›!eI1Ú<ÛÆ%
žFøoÙþ9¼ÍFÜGO1æS¤ *ÊËÕŸ¦ðap[RI6çJ–`O¿°,fÕq g‘cd³_¿<ëÿ—ý…¥¸b‘#(…;³ b?/†wijiÛ(L¼E;rX˜öú­æFv¢¼sPá|XùásòC©É}WüM¥èHºèÆ!iê´ç›Ý'7Ô‰¨¢ªÑÌT¥2O¢¦­òZõRe#E±>ìvR§Ït£øÌ b=ƒi1pvÁõ§¦ºó5øS÷/ß"Ö†ño:1£ÏËNbUØi=+M¢ÇKÑ[2kÝþþjÔRØoÃMxÍÜ¥ÛÓw¨
â³R}ÿ×Z•Â‹¥!-ï Ê¥ÆgÜCoÆ^nêü"Ü¤K&¤¼Y¯ùÍí_‡ØÅ÷ˆ|ìñÙ]½¶ûü~F[`1q¥OR7úÚL?k¤gSyà ) 0^y¥¶9iTu×={þ(vj².’&ˆ¯¿qªÆçúÒIÅãR×’ç‚¤ªÛ¯b[ÏhËª°£sÞ´Gk³-5ª(×ÛølÛïÙ†}ûï„œS%Ã°ÚÊ]G=âäáNÉB‚Ž:°8Z[Ÿzž,åä*ôMÎÇ'íˆà]Ânƒ—3]’ÖO®Gö‚eX^¦Ï
Jç«£ütJö\<r÷*û4X9ïÌ*=M«$±ýÒŽç|ËNÇ¥üïŽÖ#*¯ø®>ÎGÓZ¶ÁE†žÌÀ4S‰¶ÍFyßUÁ¬¯ôåQÕr¨§Á w«€}GOs´ð;®Ë¼cVö;ÿ$Šú·€…*\b¬1ÙQïâ`0÷	‡_%«ìZ'c¡‰RýsuÀU³i¡–g:Œ¶¡Ò3á·»„e{ú&üm m!ÔÛ…?XŸ¨`³uL»¦¢TÞ£¾›µ1ûEØ„±V‚Ú}èl‘‰Ç·I“Z†
—­h¥—âPíGíŽýŠü•Ž‡Ö=Òã_ m·‘°Lw%
v½0`¢$ù0`X›XÊê«~œÕé¬iqÑ!9ÐÒè/–…äßA>ÈžÐ‡^a1BV—;%0ˆ‰&„j‹ŒöÛsDFÕ×Ä¤	•—øŽp¯ÛzxŸ¬µ[z,JÒB_€RôÉ<"U\dÁ$ '8Üì@ø¦+~Å{ét‹X»7/÷=“}zòô4ŸÿÚ±EË¤c/gàœXaù½é{.Ð!áúwåGê%;CicÊÍ•.»M@‘#yÕ¹ ŽY:^áåu
¤\ µ^ž½ÿJZ~Â™¯Dþ³„2PÌá}Wò’¬ˆL ƒI53‘ådÿ8Ÿ‹ü
vÿ¥ñÁîÊŒÈð?D ÄùSêŒWÇCRácÊÉ$ñºûÿ U˜—|€bJ'ËC2¼^Ðˆé¾Î5³w8r˜w6NBêìÞ(ÇÓù”ìáÔo#äÕAh1ÚÁÚ=°Ï1K/¯V],+ŠÎŠù9ž&Xs#P&ö'Œ&/ÅŠA·¨R³YLWÊ€4(À®:_pJ!6)5"¦!EÇ\(e)¦ÚÕºdj=ãÓ•	ÖwF~;—ñ Lj9Å ~/}–þ¢…sŽ&+‰„S½çºqkÎ^3ÒÃô2>b"Åê}ÝQ&Àü›1¹™‰ãÈËÁÚ]‰$izë>y¶Ø<MÒÂRâˆ‹ã®ª5qÔžu7(þÏ;3sµ°µˆ–Tè‹‚þ¯‰t`l¨´>ô€byG§¾¬(.ï×»çi¦æ÷C»´Žh òê^^ÀH²h¸©^>zè§àÉþ`¾Ñ:¡ög‹‡Ù8ÛŒ>fPg¼äŸf¦´yðÙénÃeþ—ÅR1ºÇü*ÚÎG·ðŒ» ç—S€éøËÒ]¶^×–ßJ##<õ)ÖÀ›&½†+Ò_	Œú>–«+ÖÙŒ(‚Ð×º,˜Ï	_*‡2 *‰œªÕy7ÖÒµ™{µ À'$%7+:cÆ^Ái73VÈ‘¸?³¸ÈÇ…ë(Á«5ûZI>Þ¤ý&Üv¬¶tËé¯ùòú‡åàd­Ê¥«œ2á3ëÿƒ§‘ÅQ­‘Å=ó–‡çHQÎ¦›Ÿñ²é»ˆf~[ð.ÄˆmïâS¯8‚S®cxæêŒ´9Cˆ[7vx¦ö6Ê`:â»Ñ"ù2¦TÕŒz}SL½÷#ähZiÛîº`·J°˜ÓÕªWÇç|šX,ÒæªŒ­5¨§îI ZPÉ“i~ïìÔûýÓ7Â3bp!—~ËÛŽ-
[ƒl[Ù®þ=±øåC!(Âof²®^JqõF¥Š$a€oÛ»¿Iê©S·‰h†,©W¡œô=¸”?„ky"³—Õ±"åó«+r©a ¯xCðÖ‹6ÐÅŠ1¡´[”]ªO,{¶v’5g¿Hè0š^ã³«84ƒMpÐð£¤ gÍpî-Ú_ì½¶pœ^©èR—§>£^Õ™çHŒ)„-7F"À…eÿ<ã”A‹pÖy¨ ²50€D8Ü¶¤ü·GœÑÌ„jOhŸ¥V.¬”WòÍ¿¿½”&ìysYÍÐ4CˆJ–Ð*ñ5Ó‡”îa/©#rûÀzi•DÚUø{Í£1÷æE~Q	92‹±RI;(  &îþò®]ÛµˆíXs'{œÝmŒ8¤üw4fh,T€€‡,aèå©ÃWÄü«ö3\jÚ»tªýoÿþS~6Qâ¤ò„ïœÓL4åô1`ü˜-²ÑÅÈœõÐoôzþª¨•#ÄÿO›û?ñ”ã÷,¦Ô²Ã¨k† '^RÄ~Ø­›SM±F„D¸ŽŠŒn©Y?&ñîÌÕ’t
ž83ºÎªß Ý½(Ñ½%”sÂ[îÁ¶=*†Ë”…dBÛ·¦çÌó9A™‰‚?\ 6qíDf„›Ä â2[Qr÷m(Äf©:$£úî!W‹ŸvÛÔëøgmú\¼ 	¯‘áý»USÒ7¿¿]î”{@24m°¸¿l<®AS[ò†;Í„’	×a‚åC$H«ŽÆUÃ¥-›±ÛI<úFDØê²Úid
e­?43¨]þžÑ¾0ËK§DóñwðI–Èñx*ñ~å1¼{µ–ãc¸÷Äïô¼Ö>²pá¤¡ä¼Y_ÂÃcõäy¨†“iÔ
0:´½ýz—¹ þòH¸.ÑÉ¦mG™¥ä[5’¼ïûôµëJ>lî>ùÛÎpê³‘‡:øTš‡ó$O2Ú¿cö?ˆ*WA3±~Ÿ+u”ž®`7@û¨t.Iw› B 3î×»oˆ]û\ÞPÈØšÊX(i˜UuÚ‹àÖ1ç6šIyiºË§“3 œ¨Š»Â²1]Éˆ€Þ§Áo´m-†#[ÔeWXB\ß¢x>\ÆŒ
ß`Gapâûz0ÖVåÑG2¿[>Ê›±»hˆé5?Ñ8 åQÎžS
©#Q8{Èê«¸ò”˜{ ’“ñ,xÕ ¼/l$’jÿ»†ÔÇ+1µ\Õ€—3¹o¢g7‰¹þD!FÁrµL wÖÛSÃ\È9AW¤1ºaÓ©’nIúE¼ûƒ!yPä¦1îªØÂ
D^Á•”‚[mq•ÙTáÈ=ôæfMHL‹œ7eÒrp1(o3@lðžó «Ó–.¼‡+¯¢fçßsÎþá'šnw–Ã¾5QÊJùSöŸÞ®­Jß¿‡X—†YK4)ýP9¥âÔ=’ï.•èË‹ó¥Õo>rc¥à%õËjTƒ±?'½±´½<¸Ü$_Ôà«.êí5¼j$¹ê•8š_8G¾a*7ŸÒ¼SvB¬1E)Š<¨+Òò“Û–‘ÛøãŒÌ(¹LÔÏëÇsOAÒË³0¶¯™c…õ³Nˆe*Æ[ï¿oa£–î¨½®ŸÌ2Ù3JÕ0=8çU-–<û+7¹Ù¯­t4võ<_8¼—T®0©~,‚kGöŸcòöBÆ¯†V «¥OÇÁ7	æ|½ŠŽ­ CW¾íÌ¯æÓj‘Blê®T²­u\²Óæø÷;h–)q!™ØŠaÿî`ëÝ$ãu¨5ïê!P4Ó(Ýe˜»ÑZpÕæP]½gêåø‚ pZþë‹†¨fâò#QîÚœµëM…£`c’ü6«ˆ0„Çžê(ÒŽyÜ»µì€òÌçX´¥·ðrôÎœlêhNtµf’ÈÝÉG~¬íÒÁBIÕMûÁŸFè†UÜG UðQÑÖÁ¨k?ºEBç ¾òö¬v©û= 6¶ômÍ\³§V7Îl¶W‘îÉ‘7>dæºh3Þ}9V$u.CLWƒ|ÅBP^ªA)-ƒ¸Ø_Ûw7ˆÜ¹€jŠÉ—£ƒXÉ©vÃ9¯#Sbj‘àS[kv%1mAXãdŒºVkÙÔÏ÷hÇXuL«W”^÷[î‘„ê@~¬,´!sœ³Vÿ/ŸÌ<>wk&ú!ø¨‹œ}˜/
?SÃ®Š¢M’niÅ{¸X'ß%×k?õ”ò(¹©ì²`É±ƒî4Y_¡Žjmšýº‹(’ÞÙ³#fi<dŠÜÅRœdUá€³õQ Ù)³o’­fìõ±‰™Yâ6‹'ìdl€ÓuiÚ20ÁëÔ?©”³©5¯:œ;Radüô“–P@,f}dÙbbG•ò³¤˜Î¾Ñ¢_fðÂŒ¼‚yEW®S (…RÿšuÌÄà~³ò/^ÑO¢ìG*Ç
H¸|}{¡1¬áÀƒû¡³‡I\Bµ®ï…DëœîúN°§·¤†Kð‹XMmGWbã(O¹\Š­×bXº0»®<OywÇÃ|u $mýGÖ%ÛK¡%>­ÈÀï<ðNn…õÍBÞ¸å…|i‰dWÒ5yÉÁn`©›ÕqnMú >tI6Â®‡óT~pÇe®ÍUâQ¯UÅ·¹D-KÁÝ¿·_ïÚB¡¼ØŠþÖÊ7h† zøTów·°¯ŽØ,¬ªë³™ÚbÏ{ÄI²ƒŒi :"µ·Œ ¢Ïyß„Éd´QfÍ˜§sý„VgU¸
‡%á¾YõŒÈÅ(DŽAmÜâúê½¼MíÌu·…!EÅ+Täª¤F[ `	ð(®4Á{îãØ
Lå3—ºmE3A¹E“‚7èuÁÏQz÷G¢©Ý_rÑs¬°IÞ¸ØÌZŽ1àbñCìü?¹=Ì<÷»R…Údˆ;XukëÇVc}
¡a%ïiÀk6EÉJFò}nµ9CJïÎíT±„šÎ~}¡wR–xùÖnHšÅ#?ŒDæƒ\Þ<®¦‡Ù¸ÇªB‡Þ(Wh{–’´NÔ›b4†¥3O9*“ÉÄÎ8îÌ½ ÖÁ¹Ý¨ðZÁ_¦i[mI4©Ù‹Òvc66šæ„Døî»ÀÄo[§WùOIþBÀîŠdñ&m/Ý‘VÁO‘ÂvnÎƒG³öo?d°t[j›‰A?›a¥‡ u¶›gê8CÚªŠ/T×¤XÂÕ°š‘áO)´â‹çS‰å‹ÉZî¬øÍáÊâŽ´o*`¢Ü¹eÿµÜDƒ#-*š>gÕ'4’-TÃ&“úõÒrOsïýò°îë“­ÀõÇŽ2:8ôc=ÐÛ«´HÔßn/wàqüF"Þ”i'8 ¶±þÍ75rUþö³Nïø__K»(Ã/I¾Ç[øøI‰”K¾¢á…«ŽNÈåÕÿyÝ%€¶œ°QäJn"ö¤ôh¼.'RéÆÄ‰Ô­vÛ÷(=F£PØXgË”¡†n€a.ëÓ|A|k8Çzl¨ÛhÅóôÆ­½ÒeP·Ä\Ê£­üÎ‚%N>Õq¼²ù1Vól¡Û>-|ÝýÎ¥iNj6nT¦yVàHà`&ÁfŸø]v¯6’n{zyïSˆ Ê˜a{ü½èk’ö•«ç÷Ï.*ôü»Ö£Ì½¾êaŽœ<¯Ì-P ‘îòà;Î}[Qcèbb85L á=Uðì—ya×œžmˆ am1«²9çm?¥¶MìÁ	Ç#vçTÏíü¡Äæ^Gœ/c­åñ¼i1xË„—ÒTo¤F#÷6ï,uö@³ŽÂR3˜m©$æÔµ4„*‘o"‹ÃX2"°_áUÙ»rê€ƒäÿx&Î"pä,ƒkÎ~z-¾µUä;x-Ý;¯3n0I¦"ÒÚ	’Wï×:ŽàºeÞóò3kÜøyF®˜ÓGyçhÖÍÜ2t°ç"Nñ¼Ê¥£^Ì¯µödøÈáH6þ… ±Ýj‘Q¡zOðlÇ°g”y“ÎÔŒ<÷ôWëá<´±škg4Î©{Þåžµ`ÿ}ùž;¿ŽWJoqŸ -®’B{_6¦5­'R6¤än&R'¸*‰á5Znl=É->”ÍƒÚ%²¿Ün·€SâPÚGÖ‘¹3™Ï&fÏ´‘%1BàAƒ¢]cøXfÓ%Œ+ßPëgŒC|`Å]càlµ(“';>%‘ÈÆ®D3HÞw]ƒÀ cvÔªv 1^¬¯Ü¬©‘ü02Kbô,¦‘ª²÷Ò—ˆƒ =›;ÏgïFÊ$ã4[ìÿeg`»)®#LÎî\ËA~³#Ãñ,»1‚+£5ªÌ­¹»‡íøÆ 2ÙükKåS
”.´=,×mM¶ÅJ@ÇëàˆïåúdÁ[_ßÂF_õ0"àª©±;ä´Ê<€
¬ª îOn»ŒÂÿ\¯SÐ 8ieFVZØ¾0ô…îØ·B½ˆ¿¶X°gd*¿µ¹Ð…j!1
à/NNbÈ›¶(ºÞ¼Q¨¶%ü,4¯Ša~®V^°…c‘o]åÈñvBœüÁÆ_â(Z/M¦YxHSBP2â¦tpCõ´í““Ô9ZFïd’WÂƒ{½f–+	™¼•S³î>æuÁÜÅ®-¢&P™ó7qŽQ2K‚Lz’M€´tM¾#ÀÌÁ
±[7tÐzr.Âõ‡ˆ®Ü!Cº¤î>¿rû)}Gª{×vH¤ï¸Fà,ê"¤³õ^''x\šjÇ£x“j54A¶´©NÕè!EÞK`%xR_Î„îóN5ŸÀ&Cö6FË{ó©ô`H×$„§7¶BŠ´ó?›w =[e›6…aùg$¥×GÂ½4(sØß¢"v^¦ÄÊm©°RM|½²ì¥'ìÔmIŒ,™8Eö}­S.[¬BŒñü1Àk>#²l4«8Î6ÑÞò•5dÅzåyäÝ–P±\±Ýâ!Ä%#">ùLÜz"ìÔ+e±ðdcbùUòhn¦Án*ÏçéøñÓN×jˆéÍÒ“R—w^ÂG±îW‹¬üÝrä»ÆÍàMÓqŽ`ó$¼å€Äç)Ý™Fgß"Ò›û8‰·ß›ù¦v)‚0ëúšÿQÝµÊ½Ã*•ÙJ/È_ÌÙÂtd^Z˜ÅtõÚÜäŠ«r8Çzaž`2p3>Zêž¾ä_K:äî *5ØB4´´ùÞ	ŸövH¤^yi‚‘§w‘1shàÑFE÷Z‡½˜¢#­ò±Z§iËÝÖ„FjþHYw¨ìäžqÐëÇ²²‚cï
çÛ¾–O,²§O›àaÎ6ÃºŒr–ó7Ü½XzÛdÃ`Ô´VcÎ k[Ò¥ÑFévŽÍêðÿcc0l8¯ì¸£ˆñŠ•Jb"ÿ‰ÚÏr	ú”oÈ‰¯‡«Ž¾“(ˆTò7_È›ð]&Ô Û"ÝüYcáAŽí1TÒ)OÉ•?ƒ°zøýn2ÅÝærx2íû¶îŽu=/n7—¿$Bý”?%ªm˜ûß©3l‚ÓÔVÃµÕX=FÕ–¤Ð¬znd„Þ~¼Œ¨Î Š}VÂÕÉE¸óÔ~<(á“çôàûÜaÀ6jåý«o°£ÔlO¥sd 7ý¶•õÄŒrik£p.™ù)fó)B½«ÑRãÃÍíkcœ‹øï·vF©<QÜay±Ç°M7HLk‡lÎ ²¿Ü$´&z¾½÷%kÎ‚‹6’S&TIAëÛÿèô~K0e~á|Ò‹£ÙÅWöàrzÁÏl8>]¯;z÷‹²ÐÛù‰g,¯9Cês¡_ãj†QÃDkÒ¥êÖDTëÇîpMYÃv6F,÷Ô(3ÓjýðË-Š åýO^ŸíOYŽoío@Œ»7‚/×1ãÈƒó!›\îÿùÃÇpò8KKÎu|øäé4ƒïë,mv¸3/86®Hï¨!$/q'Ä¹½ ÞC&›åî>mUÝÂ¸oÂz>»»Ô»aÂH<Œy’æv¶6§\o_±³›VÿlßrNôÌ‹]ÂäŒCóH·@þ"þ¹³ˆœð\!Qh%ó6/—y†ÎW9•K‘H³ç§×Û¸Œ¸Ê™|rgœ~9Cš[GÏ3…:ŽÄÇe9ÏF’”Ë¯¿´/¤ºÄŸÕ˜Gê"¯ñ&“.6E+,[Xª‰{]Ä)ïyÏƒ–Èe²ÎTµðÂÂ‚Š²¨(k”tpEÏÿ\ëâ»&;",	û227¹ËW‡HIæzðØ#™ø-3P¿.Üá±¾zú³23³'N]9OlÊ;¨]r³¢,d´l«ž´²nâ8ûZ—l@«Cëî$ÀÄÿ:ÏÐtGZ"l4˜8(Iõ¾M&ª£aCZ:§ý´ 5'3yô¥0€³ÍÀsúñ_ÛÐ>ø væªƒ11ËþˆžµªoRï‘Äy˜˜nráÏ®áô0*6ôFÞiåAóÿ‡U
_ŽðtfjÖràcÚÓj]9x¸'ëpRì&DFô/,
OM°"_Ö{ˆHÍgEq‹×p·…÷WoÏ2A/?àWùMú¥î2ÐÿúJ<ˆ_ÄìS`?‘8uc¦bvžz·ºAx-ñÀ:ßßT#øc_¦>^[Å“½7’K§wâa¦ …y·ðu°Ôj7w#%”º¼Þ¨\54Ræx¶…·2ÐPDi¨Ñ*Ð6}ÇÌ5¤LË-¸ôÌgE•á@IÎ<”Ï'aŒZ`çÌM°@öÑ	nùÉK(?ÚÎ(6¬wº£ ådŠES£ŽÌñ<óSÈ"›{ûáí>	]Pjd‰`ò^Ü~ˆ0ZPß²OÖYý^7ðÊ0.Žžm8 É:ª¬8›Æk šËª:Ît6;R*ÓPQ:À-¢SNú3:¿²\ïkí?ªv÷¹…½ïàºÉC´=`…ëÜÜNh›÷WŠÛê#ÀBf°ÏÛp±1ùÿñâõjE›m_M–t)iN±¿÷ß]A( sYÍÈòõñÝuÐRr-=JýªZ —&Pæ\÷ÙÕ‰Úa#e] €ºKPwáïã—'ÃQžUzl4ô„PÙþ„%±5ùó$«yÈÔM¸„ ƒj¡”JJÀ¡-•}'‚ÍNeÿçrÙkŠËtöÊ@rí†µ-¨ç9†ÆÛW¨O“ÞŽ{ukÒ÷7´EÞä` pUfk–P9¾”lBÏ¼«Z`¦hgr6>ÝBù}•ð÷Ôó|’ŽmÆúæË»~“J»V@mÙ±YÙövF2¶’Y&|ÂƒèXµôsâ¡1¼³O‰8Î"C
ñ™Ÿ½#.xGö8;’+ú{¥Iî2ÍÁ¢Ak}&¹ð—_r†Kã#½À¼©Ü¦Öà’ïœ¾loïÏaŠ¶óïÐÂÑ×`@i¡f@pºqöìµX[kÞÀAÝÛ0c$NB…'žeb6&Ò…¼±±‹ sC¸¹V^Ø± ôé7æ©ý1úÁ˜‹ZúŽH?A§àv%pdk^™…}ÇfÆþtª[åÅr¯b$)Ñ"¢–ÇMCp¥Ø@¤až­ÍýŠé)Ú¸”BwòêS/MuÍ½ê¦i@@½.$€„1*£ÙÁHîŸém4ùÖHÔÞi§ áçµ:3/2&'ôã;ÚÅjø®Ör«¥5Ûwº»öß?àc8(¯sðUè¤­N¶—UoÎ™:k‡?Âƒ‰dæÌ5ž.u/å1gk3öá./ýâ³pp9Ûòê[É‡Yød®Iép¾à}ºÐ¡^e”ªe=—(*Ã6rM¢åSŽë¼"ƒKqÏ™º„{*_˜g"<˜k‹í‘„^fšÝ¹©­;úéÿƒr`Énƒwä2osâ0æú3‚ÎïKXOÔP Œ.³è7¥£ÙW› Aö†¿xäë¾ÐÛòk¯õùƒØ–sÓqÑ¼2…çvõwýv¨öÿ¨õ:96Õ>0X ÓX	©€Ju-Ó‚‚™®ÓW·ÞPÝ´MYÚµ*Ö’áÂ{ckPœCó:\g`Ò€
êÃ[Ô´½çäv<œbßF7’Ùk}ÕñÕÓvh]VÒp6Œ A´¿Æ:æ÷€¿.Çö¾zÝ5ÖŠ’Éf>z.+ñ'’-âC¾´^”X#°6£çQ4*z\½«i¾"@{"¹\"#êB_*R–1¥'i{fîÎRq»ÜZ¼»¯u¦CŽJJžw¹ZJ³ƒÔR£‡Jƒ»†/‡
Ìñ‰ÒýkJÌ&–ñF@eÆibkAWü\³81DYL$È °oÜ¯ð§ÃñÌ
hc2ŽK(¼¼
¾O.$edli¸[2O pîL:gB¶¤ø5©9J™”ÂÉ\Ù4åUYo·N5gŸ%xÊ4¡I0€eP6)ü“Ž2çðöi/µõïŒ›¢G,‚tÔ¥&´øá
FäîÏ
úU€sr¸y48H6ëö¨Û°À:9u@d¼‰ÅÈ€ú>LìÙ>\C„çAõ¾÷6’¦…+¢æ™Z5ÙŽâDËáŒú•Ÿ%|'ÒŒÔ»MèIaé]„¼gFpg¤J‡_·»Õ”MÎóßG«ª™¯ù>#O}Rx;¡„MêÆðpê-: DD`nÃ»<-x~×úMK>TÉú¨Ð}©›hàG:EöÖ…Õ7r¶æÝjñïÃkkÚI×¥cç#n•
á–Ð¨‡õoÛNÆä†NÓJ”szRd«f—ŸV,Òåx8’XVëü:ãê ²îè
ôhîI`ŒÅþ[,p‘UÄÁ•ûþY>^\DÉ€Ñæ+ôvsê>£qBµfÁØ2ô÷Å)2de°^.PÑ€g™ƒàÛÄof¿€çZÅçjov”hå†¢t‡¢yÿ‚æÄ®ò‚ª]*7ô?1^ÎC´aŽÇ5åàqæJøˆê!¡·s‹h·­~?q€…ÜŒ_fj’Pe±)z©;£YîçœœqÕí˜í•½\“à-¿Þ@Á ‰lç ýLÉ¤ö®IˆÖª0K1j–•XUÔ[9Ù€ßfî€/ÉgmPÎ%i2À9tÏµÞ%ðø}>1H²^mlÚhÈðŠ+—Ó^º€ô­A°“sÓXr°/’&L^ºOfk>êZõ>+7€w,"Í±fã¤z+yÊ²K}©²ZQ¦å$nÞ@Ó	´Ÿ™v
giV¹r k¾¿`Á.kÍm‡—ªÅMj5rkš¹úàxsŒS™ž+ò¨œª``õ¡=ÜÑïZd?€dáÕL·V±*`½>Õ…RrÅV	ÇB‰O3˜9·€SÐÿŸ3ä™m‡…ÇJ%Áé¼" ÄÜ)þ—Îd-úŽ[Æ½tà°7vöàO|G—üÇªYÌiš6Âáoöpô?°Ë>p-+¯žœeÒkbÚÿQ{|ùÀÞFÍzò3Yðj½þH¿LÖœKk1ÎlþÄçÆ&ø–Å†5£Ë·7Ÿw42±›¡àííºm¹\OE±}¿^%§Ã7á~ÂÄcˆ'àÝûÌlÑ}ËŒ8vó—Š48õXÂÜä‹òrô¢$ù<T*ØD¡§žf<©Øgòß…”Òh,hü7¤f÷‹‰_×xg‰Ã?aÃUgÁ¯ n‡+äÿT>dZ£C³·Æ¯÷¯Þ@9æªæµ‰%ûËÂÀ/Žô9ìC×±MÖxìzgŽ—CÆæM`öÀj¶òP¿ùz¨wz@¯ûžq|˜u_M#.êM…ÊÇj%û½@¯3»}ŠVœÀ½ª?™zðŽ¦þEˆ•–ÑÿB-lÅû³ÂsñÖi6/³6q"TÊŽ5#ÑNhú­îÑ ‘Rjƒu×*VÖÌ[ãG~Ûá™G?Rsx«XÿïqHežpýÆÀã#»J‘oÏãì8&Î3¯4@ÆøRl`ÖZûÌ±®eVB‘Ê{ Ý©ãJB¾š.¾ç¿7gWªëqßƒÞ£ŠÌGn¹Å°å60Ò}:rªàX“RwOß¤±¥AOí*E€FA·ÆðÈ³+_‘aé€äóî0
­{8,ÄïÅFkÞHtx”@…Æ®1…ÛäÖ‡«Ü —DU ìf¤â•›»û@c9¯©t+P—»ý=Í¹2”öŸæ
ÇÏøA2Ð¤›'ôž¢Ü¿62‡ì5¯	WsÙß4Gt:%fÒöÿ²šÒ*Ã[¾DBOÌkÉÿK¾_Ï)y¼¸¼áyt¦)jÕÅœ`ð0à
ÁCcJ«öÿÏ\0Ì‚$Ÿ#sÈ‚E†7–3Š™š¤q¹Ýcß`Çêúâ=ÞœU#ïHláSÉ†18uÂ“yx‡¹¼0µÊÖáÍÉÒ.„u•½½r.ÆeIfkºþ´ømçûÉ!e˜ÁÕ=¬|K7qëmÿÙú:eXq'š‡[À%kÐ®Ò4³¥“9`‘”*E×¾\µÔì„F´:60ç&D¢íÜh3kŽ“­)$´;À‹;ƒY SCÝu©m’_åœ™úpXû~QEC^ûY¦Kˆ˜s[çããx›c³¦ù÷D~Pâ	ë·»Ÿ˜ËãzGBí@°r]eDÊûu¦ÁñìJ¨v›îNâÏ5§ý«sÜ`%øï-ü×¢í£m¨Ø‚=³ãè%Ý£¸^­˜ŒP°q;p¿`)(Rföì`ÓœÍH7øn­ÕU§Q³}àvt´¨ÖIºá;ÑÂõ:ø)›ÊËM í“ý\ñ· Ò¥ªC1n¨=fôÈB(:)‰Û=Éç
6fÁ¡qˆËáßDIêíŠ#•pŠÃª“Îo¦È·&ÀÞ'ä(®\÷Ý“
«•à£P/säJ«
3®Ö÷—Ùå	®çmeŽ*œì+þÕiŸálDS2°cìÂrŸ‹¸?žz·k>¡â\2j+«>.f·
Ü¾íÙW@—ôJÁh55—|¿KŠîåU¯JæPŠ‚ç}óEÙaÒÈPÆ‹C¢ûs/j÷5cÞ“„7eP%±p²FÏ§kÅûËî²kk…z,ÙˆZßK€J,uµ"Ÿ¿Âëß[JÀœ_0jÌ_TeðjõeDCÓWÈÇUH#V/Ö·±Ú>N÷ìßÛXNÊ€‹qâ½MñTnío/æ‹%Ò5g•A}—”¼9ÇV’K4ÿÿ ¦*THØ.àsõeu
w~Š86ûd8«Ù§ZH7æÑçO÷	mví–fð¸ì-§?¦iÅæÊ—eÚÄé&ÖàïéÀ&!ÒþW,ÉÈ×ÿzÕÉìÍB;ùNé"ðÑ¾¤“Š8¶'›oˆfˆ“–ïŽœM¤èŸßî;´ž.”ëR»Litèæ:)¥óuô¨º¤=ÚP/ì)Hß9å
ÑÑ¤j•THIœa­Û’åßçK™u–gåïr·n1ƒýcÔ§@7PÞMóÝáP¶ÙRvgYKœ¨ïÐ¼ÈÛ‚†Bðˆ~Îù.’TJ…J Z¤¨3òÞö³‰å,¸BM]Á3÷ íusKpà€ð×¤¾³|`« ¶/K¤Aº9f+]TxÏŠß¢+Gê¨SðDaà
«ÛÌ‘Ûµ~Û˜ù¦‡—dÎÖ5±'?Ú¼Y½X|o-"Ëiüx¹RPIt­M¤þ4÷ðZÉÐ~6kkþp£ß>8ÜŽyÀ¹ÍFU4ÊMOÈ¢ zÉàšúk¦ïù÷Ð_{~;¨–õÃ¥¼œ½°Ä­ù¿~r?õ5#À|—‡eÈÕP;äÑ†|qk¦ý9†ÒÎ2—¹^Z)ƒ¸ƒ]t[“¤]…ü^HŸÂ‰?ªÁ×üÂ“5÷tPZÍŽAØ<¢ø²;$Ÿ“¥
6úãœs7ÀRpóQƒ5ôLÛ xC£úfžgßù\6@eÈv|Æ™”Ó-eÐÁÔk år©N¿ç4ôG´ÁR(.©¹sØ[êP:1v¹¥OŸ”Zo E_³%Wô=òGÚÒ"<c5ò5?h3þ£í^ŸžøP·öZŽM“gOÂm|7K•Ó+Å‹4D©Á«cRbà÷¥qå*’¿€¼Ó]~Ù±$÷Ô_Rf
_voÝ9Vþ9›šzâ~vlˆ×@3.½«n~ÏŸªýñ‘1†ãY„tÙoÈ´y'yÏÀÔ „Ð¥ ýœp-³˜«C~9|Z»’û!Ý-Z/"Éj÷6g’á‘Hr,<¬Ël…‹©B>@ø3žcC2Vø)%ï×;{Íž£±ð(*-t´ÚicÆŒ'L”¡_¬a0—ë.1f'Y/ñ˜Qüšd‹š!
2}ï
ºc#¦xFQ78Ioÿï®äÅŸÚ$
Ñ^:n:Y›F{®¿›äV²:‘…^*IIshˆ4²íI!mrºØv™h½ë,˜Î‹>³wd÷`ŸÃ¤çœüÜ×NÙæ®i<ã}ÇÖ5NÂ¸×ñ¾W±ÉÉoáÝø*db5e_':¢Nš%Ô8ö¯6	1Ïúþ…O]3/Y<Ðf{ïö Â€àð7­´PöÈáýÇêžÛùŒKÒJWExÎw“ÓLÃ›jÔÃC=¹a¾©aGûœŒª¥8ÅìNyLxt§£ë‹þ™d“%ÇIÎ¬~Z¸å».ÔÏ»GUÈ|›x¸c‡ô³0âÝØùóöÉ!¦6èºÑq±ÍÎF2•IsO’yüMàÈç¶öîÞX…«TK ÄÂe7bÌPüþ”ôßZ“jÕ‘KÐI\š³Øó;
FRäÖ}æµÛ:Ø)œÙ”CÆ‡)wm	pµ™_?3j±¦Á!mÐ?:ˆˆ1ÄÀŽ«»@/»e¢'áüœpÏþ{ñ&H˜ÖòÛ.ô	9ó×'ïÆ.<E#(^zö$¶§˜~ ÞÚÈ€2”£¢ÿ_Puée%òò~[Ï‹*ïÁ6Û¾$”©Ç…%_—±TGÉM‹
N{ çéªÞAµ»k´š›˜ÑRˆbÂ€t2‹`.d½BCbeÞ×b@í~EŸ~%‰¦mTl5ØVß${®PÊm’ú°^¹»ƒf}¡žÆ)@«‡ O|Íj‚¾ß‹ÏäßÅ•Ld´Ë!Ÿ¯™}ô„¨Z—·tŠ6ÙÓ:Ÿõ.¢–ÞÇSþt´{q>Jõ},&¯k]8n4cáï$ŸÝñŒÑ&3Hð4îéuÜ$mêâ8f…}Ô.¤÷•ÝH&÷‚ÃÕâ¬ÒÌ¦Ämyy	fgHªÑC¬í(to¿kÜß
w$é£eC‰¨~º¬z—)—¦0WÙž¸–Œ5u˜ÄJ\?æ;VëÄ!—.:»ö ‡+Îcx„vµÿ2œ0¡E1*té'.%Ù0IMI“Iì	4Ã]™Ô×«ôFW¶ýÅœ2Tp«Ñ|„xö¡+„€ç¡ƒ”)X¨?l£y‚ ñçv59ï9ïÊá._Fàì¨h·¹Y:wBlå€t•ç¥Å ¬—l~”W_^‡%¯ÎÝZër(ðŠ†yÔ•RTj:´S¯òK±muW7è£.OQƒvD¤ÚlºtÊ£õŽ0íÞ6Æ³ô«Ñù„t1¬z	ÍvVœûŒpòpD¤µºOã¥¦õwåu^Št/ñ4ÌoÔ8$oó#|Ó Ìm§ŽiÕøóc6XZñœ¾"{QòO^$ÈùŸ
´b*Q‰äÐ…‘Ía¾ÛÙ.¼9ÂUd:2“5ÁZ”m±UQfj2´!Rÿì¶YSâêPØO¬Ÿ@n/¾ˆ÷;†Šqé­è¦aræqg’Äï]K3w%«tæóÊ-RÄú}ÜWD˜aK{ x~q‰JÏØ`DfHñæã<F§…¹Ý/´½aIß*Ç³íÜ(±ÄJ|ºD­=È3€W>æŒr!¹ã•Æ&aüŠÎ`ÖëVð»Ecî¨ø(Ñ¤ Ry³=ö!øóÎ
Çæ<wßS,)±Hî©ñ#óÓQü8¦Œîís]í)>‘rcìÓ%/hù‚­Æ²cËY@ž‰Ëï_ˆ0Šl2gèz5PüUé%ýˆŒ¤]QKŠ+z†õÓÄÕ†ì¶@.5J×°2­£8ÞÙÝEùGÇ	 kBî,‘¢gÒÊ{:Ñ
ò€ºœ5«Ò;i”ÔÃÚDôxVd[-¸ÁÙ¯€'iæ'˜Pæ–’BPÿúúìÞÂHMKÜÎ³:í™DuzÄ)>úH®‰Æ —Vƒ«Ò8ƒYE©rÜÒðLLB·¯]Ù´¢¿àßY% @`é›ÏCÚä–•‡ýÏ(ÇiRªÙh™6@Mš#á•¨²z·9C{û¢Þ¶_Š©îÅ§×{¶PÔ¡€å9æg2M0à¼Gñ,ÇåáÄÑçˆ
Âÿ·¯#¶ÿ¾h­îˆ”÷'’±#"6òûH ùÊ®BŽ¨¤-«òs•¿}1Ñ^¿cz+su›×e”YK£	†¼”–Siø6OÜ+Ä«¿Œ€. Ï´^£ûã™’ÜfÎ¤
ËèÍßu
q!Ø3+Ú «ƒõÖ ¹¯qq‡ê§i}@ákón:„”íßXgMXàCš6™ ˜:5¨ªÅ8˜KÿÔm™6%`„Z¯[ïà´ò\â lg†a-‹Xî§„ýóO7öë¾ãW^Xz}Œ6÷‡9{nñ.œ5ÆY-Øœ7æ©©ƒîyÈ9ïu‡;Zût0u¥GzêÅ¹äŽkA8…+¤k™Ï…ð==«MbdD«øŒ™b³¦>?ÁDü²„
òu e¡¸úû÷ Žð-þ‡J-§,ËqKbh²Y‘¦¨à”$©bÝJ~Hg‚?4£Å‡a½©aŒ—å!ª7¥ÿìÍQUíæ…þ®fÝþàë5°QÉß)ëvÂ”ˆ!ZMÿ»v3òt¬¿Èk•ÄŠ¶1ˆ. ÃOu)NÔë³-§dþ­VÛÛˆ]ï¾$±~ù!€» 7ä:,ò°VÕÕWÅÏ’¨E0Si&}4íq®8GÎHÑ——]HÑ¢ì{àxøÒ‹hèu$ëëíX8ÞªO*^UÔ±nžƒä¬áa që­½Z—ßßb[7‘ot{µ&˜å|½©$« è·”¸yˆ_5c)·ò q¦¼ëj¨¥\M±¦ºíä-zCtavC¹É9y·iL}\e„ò7U
´—½ŸšbtÅ¾baMt" à—kºŒÚ8KX¸ÖÅRgZx0L49¥ÑPÃ“AÆz
Óý† m€Ñ"öm»¹*6Ï‡·¦Š§g¡	d¸k:`Q×0]ÿY§µ‡K¼f86Ëÿ€£øÎ9ÿo´â€¢UÛO³üL!Ô*ˆçÒêX^ çò8ŽnÑr”›e°Ìn	•:×ê´4¸ÅÚ£Z¾OÇ²öüÁb$RªÙ$Ó[[sŠk¬üûµ»	¶¯¦ùðAqQÕ<=h#úNàF¯] É ÷ ä•î’Aþ«&z[^|NÓ= çÀõ‹	«3Ž8ÓšJ¸#«ó™òÏKðþík\p§z¬âÜÍV$¿vx·EŸÚ];ÔÚGÊÝg—ß]DˆgGh›mò\P¦{bÌÒ0ùŽØ0és}Üä$pñ$€\©„W­þñùw’IIË\³#'™B%Î§Âæ‡×þŒ‰”M’š˜«,¢jŽ1ÈÀÈ%R:/tÓ÷å½ø]%;Ft‡štM¨®püÓºÜÙC#,h%X¤uF÷¾ý'Feôˆkg' óþŽtXŸ‡¦¸.ò)ÇÍCfaær~TŽâ˜j<›:VµcÎílØÿÚzq1 Êd‘¬A4žP:»¸Ny£˜¡î'µA6šì÷É, +Ä˜ð¥Úî`æ¥±r	¬h
Y2-f¥ÀeJt,3‡4ß…ÞyRVûŠ!XàT[ÂÝðýÙP…B½ÿÌ9Dàt`./\²KîSNžmz¦…µùÅ¼MžõÑ{,¼YÉ¯ŽŸ€ÛtlU·Ç½Þâ‡’~C™l%Àdû-íÃÁÙ®î‡Ú­ÌÙ®ß­ÑY¡èæÔ¼hÀ*×¥	3hg%ºjÀFÔØbÇÍ±ðšÛƒw¨P´¢R1ÀiR~Š²
¿1x†J’Ù†?ºÂú+~
Z`=/6”´ËWtãjµ\"•}¬‹¤„,¬µ¤ ÐÌ‰<J¾¾1êXºˆ¢û›ŸŽ©¾^Ò
¬‘ÊÀ¡¥½~Žå³	í Sl(ëARYßqnóFGZ~4ž
¢kZ’­¶11ß)YÑÎô¶³-sMNª!1·dî4!{Q«Í%NŽ¼¡‘¦ŠšÙZ.oÐ\',¼dÏF÷Ý(§ÅƒàËu¹RVåî´dçCÍa«‡œÓÕÿ_ØeO”
ö}Å4%ñ¨úS¬¡¡èÛx-Èr  5uR|”L"33®Þ€`öB+ƒ®OÙœ˜ÊIŒ˜0\
7þž0Ú×ú‹ö ±:ê‡Ç¥*‹) ÔI˜<~ŒÇ”ã]âáÑ/c#(uµZ´ü™ÀÖpCžAÓ…S=“ªû_ú.]Å%#ScìJøËV“5—KÂyíÕþ
Û#__˜„«‡L/ó›EÿÕi%ï¥x}<ñi˜³-´œ-#¥ŒGù$] ¦n’œA”*ø8X6Òá˜c–;`Â~ÝÂæŽãYJ}ÒKF5'œz¾kÐú=³\ÿ”£ ó„ñgÕ}‚"üXæ$±,sSeÏ:,‚oT?o+–&†ÉqJ}oWú¹ªÏ–Y0Ü»÷§±­JsÚ¹“®s­_“wuZŸJM|LÌ¾œQÉQ¸Æ|ËdÌj¤ÔÖR‰ÔlºœTã—*K«„Š²FÃ22çßÏ ±ë5vâ;àçsØÔ„—KHùñ™€=êôM]$É·ZòôÊéN†+§â£ašYäçZY
2ªøpø„CšóÖæ«a?Òw’·«JÛV²-®p "y5ŠH™ŽÆiúußßwÍ{ªŒTu<ü¯œud@¯,tDÚöŒ¹˜.ó*±~iša` ¶:÷ªò
 0ºÛ¬ñÇàSeJN1øî|?Y;¯›¶^€yñ’Yiøˆ„ ŒÓÚÌGÏÿô³Jé¸b²iÇF"œq¼¦oÌ/œÍ¿}¡œ" <à›áEzŠÓ¹pMµ¯7/$×\È¢ŽžQ.Ö6r4xƒá·
ìJÜ*¡ŸvsŸ<‰Ó±mOØ—Ç'+@\~FZ?hU`šg×5-æT²;Ž\™ÿeÃ0z¹D&žÙ?µÊÑÓæîù‘c€Êù¥7þ5Q»Ö-ã¡ó_pk(¾éßú÷Ýøå~¬yb² å÷¹cdî|ˆ€~#íž¦F–û¥‘è³º÷ÅåÏ»mêÁÑGdï‚gÒÏŠ¹E(„R¼¨½|.·vÖ‘æÔ]ãR¸;8‡Ù1
!	T5¨ÆW.tjr‘°[ìû­hvc"ÔHäªÐŽ:*««ÔÂe¥Æ4µ[¹"õüËÜ±íÈs*ì–žû]fcÝ3ÔŠ\Ë¼±×f–ÙÊ­ÒÎˆ¼ÈÜÿ¨8oÏ_õVWc;êÓÆvL¤ªOçrüI
Mùò'õ{åðFâA2äøÕR€ÿÄî]FH%	K¢û°f"¢WÁOx9f¾ %×ª/ˆŸ¦k²†)„0ñÆ†øÿRX¡Y {²æí¦bO<ŽƒœUØ(ÑE&ZNf¬Q	hªåZ/w˜ö£'ïIf-è÷±>Ík’[\^”OUUn™‰}×[³ò·//:œ•
Jò8Øà“ÊßÙ{7·¹N3˜êòN<Ùlïy¯zš•òg=øÀÉ–D<VC‡Šã);p&ƒV¾Ð¾ÉÂ’¡«›¦Á|É$Ò½	Y¦Õñ“Œc¯ja5ƒShõÅì£™‹µ×™Â
F…A|H‡àÉ
‡ò§­M{Wl‚¾°m9pYç¹ê-pZ·nwn’×ÀÕŠr9›ˆ­ù[†‰±oÛªè2–âÝÛû²ü%>¦~diÁ¿
ëÊ«°¡‚é­ÆNît¦§ŸÃ‹v ™ÕžØÔô«Ú=g‡däLûd´€÷o«t¥*méÕ´3‰‰}[l×!DÜž}õTÔ,ñ°BADp 8?wÉšÉâËq;iJÂ¬ot2‡·Ða³°‰FŠQõÊAý…8ó¨žÏÌ¿Ü½n§žØeÐe3
ÜƒA¢LÄÜdÑ`W{ˆ ¡+nðý¾§ÀLµ>K?˜ñÍ1Ï8Ìÿýß!×e-
-Cù½Ï@Œ[|¹ÂtºµÊÝ©JÒc>ôöÊ˜>rÊ‰ÃS3É¤ÌŽÞâVd@éJª´Ú ´V¿ÑŠÄ]æˆž©FŽÁú%3×jç®Rõ7è~³Ï÷Âwl¡åCÄÜ<ùWcÀá#ÏÁo]TƒDÒÁJ\=Ûÿsw…ëmÕ3ÌOEqØÿÉ•’ë ŸÒYÅ<Þ„œ±öDŸ,äY¶~ÄVÅmcÙ'b±ÜGlP(eÑ_ãëpQîó·ÓÎ´£œ;1_×+J3€H¾)ýz–æ›™ªõÞxÚÝ‡$¿yjèñåÞ“8%?Ó‚§ò°Cú‰î—ú÷ÀÏÆ½6òäS,á¢e‹¢{ÖqñÂFO>1«çóf…Ô.“Ãç8-¶¡X` t¨+çÑKO•lUƒ&É”»LOÞKo5eT/£¾Â/;õÃùJKõ@<¸¡Sz% 9â%ý]–û—‹§˜Fn©à“ kÍdño—ÞÇh¬V”vàZV X@ÒŸ©·œÉñó,èãžiý ël2@ÄUÃäç#’ðñÜFò;úúgD>èµ'¬ÚJJ q¡ŸJ±,íü[Ó»nŒ.©BíÞWÛºÚ
±o,Ó­³ùÉ/7ÆìsÓÍ°ZÎõ´µKÈº‰Æ–+dÌJúÕuº©Š"údœ,;ëkò¹Ï¶rqççî€nB‰µ!Î¯™ý§m4ïÌ.ØóNÍ¼k8Ù$Ê‘Ïø:âQôWËìYð­žb·vXI2Áú”6¨§û/aU`©~ÐËVw¥«	c£¯G¢®šj‡Ã{Qkç;—Ví&þÀ"àü0V5G*wß0Lû­G
]{¹—…çðÿ ‘d…À.DH0Jµã ©(´«sçÇ<ùÊÑa®•?ÍY8ü{ÃúðR†üâß6×Í¤P¤6›3«¿Iûy©92Æ‹ßÔFŸü‰`ªÚµmžHÍ]¹]†Ýê>Y)˜¯yÓêÉÆDè è „ µ:Ìõ‚þIƒ6ÌµÏÜâ˜ß/+¶ïÇÅ¦èèúøA•™ê°Þ^èÒ|1ÄìG³‰ ¶µáìŸöñ;¦•PÂËGÜ(ý¨N^{¬Î…à¦áu7ê¼[\HÞùEªèË—…ÑXmc'}¬"eßÝd°*\ùYC1àV »‰¦£'’
.’K}Ñ¾1ý†G ¸­äØÃeœÀÛäÑ§ÉLFÜLù~öã)Ñ2FÚ"™2Ü®
,ŸìUzƒ¡–«R½<°¨D¸‡m\]çš»˜ÛÓã1Ž\:4NÆ„¿W72P„[$+„š•·ÖS êÝ@nÜuš<uëÅ1ã†Ñyj	ë€?¢bd?híò§B6Ù6 èãþoeý°™ùÇ/¸lÂÚ´pÊ½Eâ±¾¹Òw·ö ‹á•´=Dl-oÒ]…ô_š…•#Én•ÜÑëö'ÎK Ç1dñ¦hŒvkOãcþŽžuŽÐ_©ÖVêpI¹,w´±çïPÛƒ›M‘ûø&0ù§ùÉH\Ÿ¾Osñ”µ0Q~L•~½ŒLê©ñZzø×˜þÚšTSpW¼ÛÛóJ°t¾‘U èÎndÊW ã<Pý®$Gò!lG)ïÃ#_Oô9Sv*×¸D.R)N¾FwûÌ&ðá¦PAý›@3®äŽ³-l¿J_›
ØÒ¸‘·†ÃÂÀâh¾x{-8ífÂƒ¢â¨@1×úï‡ú3š³>²ò÷Bþ1¬á_ÈÖµþy!‰ûiNÀ²Úæ¤“~[xë6¹ŽòsÃ‰Zî;‚´ýÖÉã›Vi†N{‰dFÀês1qÂ	­ÍÅ9É}Î
&û˜‰c“¯™õÜ­‚…³¾F†s˜×:±Ø}{)ûh;zÓíñ0¼5òº­eñ¬ÒãEÝFÕÏÙÑöüP/¶‰ÜU»¿Î„LØ«6÷K‹°®—Mk3zW†‘_hµn{Ëq¾C’"sc•n¥öÁÞ3Kþƒt¼—²$Â‘"©ãvæ¼rz\rþs8GÈìÔö1×¾Ëx°%Ÿ½SÛ¿»Û’©°+à&$¯Ðdÿ6­:P0\ß¿œZL%ZBÅqûˆ<¯a.é¦ª7”Ïužt#/í!¥âö‰äYƒ0l¶t5I úŽfŸE Š˜½ø÷Tóƒ98JŒÙ“ßÔ<˜7‘ÍÔùÄ8¹ÌÈÅ´‘¹`k/`¡ôB'I¥ìoJk=ÿtG5OÝo2úAÝ?á ¨;Ñ;A4š#«¤ÛÂ"`¬‹d7v~ÍÉMÁ¢ÏÀƒ“lÀ—¹y:¾>QsW‰K<v3æ>õ'Yå=† ÷€×&­Øà33„… ”è¤}ô;sƒÄ:ìt>Ž}©­_QðFbô²Á¦µ3HÅcÅ¬ð%©H)GIóæ !N¹–°©yVzªMú]$TgùÖäˆ^ðq2äúµ†=‚Bæ)Zé~©ÙÁŸçyRªCÎ1ðYÒ\¦(ê†."ÖÚRP?çOsØ\À ƒ(76Ð6ôð1m–uÔñ‹ÿ,sv£´?ï·#…#*Œ‡
üâ™¸È1l$®k+–Fòö€J¢ÆP›øÚòÅ„”öùeÁw9(yÑœÕÙ«³e¬:ÚTÆ2­Bñf_ípM÷ô?Ð(d4&`‰7¸ioe÷Ž%ÄíRÝbz†¶[lÜ[e³! Õ;ì¸!¯Œ=s‹K?ªdÇp ”` ë‡¨Ó'9jU\3rƒJÕ-gážãœ`7jk|[
ºö·Ñ8õRC"ÛIÔÍ=ê7«tW¡bßH
VÓl0Ïoè-¡›÷nûå,Éƒ¶ú“Å¹÷<,¶¹À3ñG©´8ë‹ÖkŽ¯(npÃÏú^Àøß~÷+.€>¨S-vC.4½v7Ìæ¢1¾ã]Þ—Ì uwDÐqËÎ©55ß’ ×Ý³Åƒ‰”XémÃò MªP0q…¡—æ5¡þ6j#.yØ¹_õOáªJUD¥’'ûN&bóy©Îç²þ»m×y©êÞäÂâgá–]ü¸Â?wmXlŒ,t­àa£M¥îAÁ,ŠRiÑ!uŽßZHía`h	Qj‡m‹”´ðÒÓ²3qQ ™(:Ú²ê¸™ž‡lµÔéZÌÊKZ™µ,&ðŒ4çÃ¤®~å;N%³jÉ@àQÉÞ1Ø…ìý;}Ü?¡{Í®Ó]ˆ…Yµ\åäðXÈ¶Ø 6,˜«8s‡ªJ‚›;÷m®]jQ/]c£ÚLä¸é³ðÂ©ù»ÌGGøR/£÷dd”j¥¯‹¹A|/ÏÖ`ÍadrÑþ¢¢˜/ŸwØ)Ü>þS‹Hqp'§‘ôT)æ5 ä|QUf§±Ea¡öñV9hµYo`=`=10£HWþ6³õQÊ!÷äžhÛ¡ªpÞ®™Ì—Cá‹Z×âîð±Ã­ ˜KÑ óš«Kâ/à¤?iíR%æ¬¡ueöjÐ1Æ¶‹W2kYÌ¨óù-h}k´.—<u¸8¢>îØ±M‚›¬µÁî”NòÙSãèŸùéÃÏçý3¾´Ë¶]Îjˆ’%æ©eOuôÌW+ª 5ƒ¶žLpâ¿gçþÜ¼ þ^‹R¹5çúBqõR¨2÷W½Døå2ù÷*¥Qvµ?"¯Cí¶a‡¨õø‰Í7¨-  À7—S«W¯¬¨÷W5¿)|B	²T³áª€ÁœC’.²qôVÃÈª´~zªjºˆåm‹ÊBk¬0Ÿ•'×•¬7ðdûóBhæv±—¿Õ¡7t·Ïâ‘û"eö·_Çô§is¯ }ënL8¯Íy•¦lžßØî9ÌóæåØ¯ Ý¶òþ}NMÖ™¡êt?ÁgÑ,“ÂáÓé°÷à}¢¹‰‰’	ÄG]ìãº+HíøãªhžÔa (§¦XÐ³Å )l9& qÿF¶XïØÜ°ÉÈžÐÊí<ÖwU­
K]D‡¶è°÷òXW)NV	?Zë‡†½»Z½ŸS+aÚOå,“ËöÔ&/NíA§ºÆcff•¬ŒYMp7¼¨~»™ãÐ÷\Väþôô{ï·gð†¯´ÉHÚÀeà*{Ñ\-ÙQ7{)åw4”`ÈYŽ÷âPC)sÙ“‹@Ü$ÒUOÉ	E0(7q|zSf‘)€Lnó¯PdÁ˜¬MŒºŠÌ{a„‘7@NÔùDÀ*'¥¾Ï8†{ÖAÇ‹’üÿñÅ`Á÷¹[šå 	VÆ«!ÅÉÛO˜ÝÖ“}b Ì¾ŒÔa9r±„\{/“$wªØqSºÄ÷ýh1úðÊ‚ü X³S˜úÕÔaå4g¢àVF‡;òP˜Ý§„o÷NÖ«@\ùƒT¯(8â¬á5¤Ue±‚Úâö‚ŒË ¤Ý ¸±%òF½­/Žfb¨YýÉ¦úu––îB¿Á3!äŒöñ4V›SJËZ~†2Š&¦5fåâ1F³Í[;ŸÐ’<[Š:õF\ÞÅÕfÇé‚–­Ò<2µÂ	C\¤D4æ¹g¥:lºõ^i¿‚Þw
±2>-áwx/y3]ôwûjs|w,ìˆGãM	wà²´?µº¢S˜0H¾Ú+Ðª¨œ¢D[rÄ×¥S
—=`ïGîÅ{±o©´‘Ò…d‚ëåm²\`\™F(³UyrûmäV¦ñO¥Ãéßnd“ÞÈã#¬Sþ“I±Ó	£ªÝC÷l9¦å…»%\âcc›ç3ê…ÌæTiç˜}`r\Ó;ß<Q4Ê¸Õ[/Ó%=
D¹`>å[ fÍ¼&p¯	Â¸‚ÈÇÎÆ±t1…"µÿaÀkßâ=f»"Z©zÆfÇg…ºÂ=ìÔåýðjîsTÄbìÉ6uÙÏSvÓ4­DÞu}¢ÎÐÃ";8ä~6á‰œ¼Á«"k?¸\wez2lÖù©’›«;‘æÈ îÇw£Ã| Ì"»¥ì%XLºß©‹š3zXËI‡|s¸àrõ‰IÖz
bèÆÅ‰ˆ&§ÁGÅö2kÄ.§ÔéýW¥rÑ‘àð­5‡ªµšs
‰‘ý»á„MuÞØ6NMÜ4l:oFt3ê×n×™©^Ô‰JZ¾3˜ [ô¨\²ªWé¢Ö–æÙ÷Â$…âó¥zÁÕÅòˆÙãÐ&TÃã„p=äí3×Ö(+HÜ,®H-sŽáF!‘Q’‚¹ïz÷„|h¡LüßÎjÂæË¡8Û=]Áýíöi?½!Ìz›åý6ù^kÿÀ%bôÊ¹ç"“‚¶FÊVÆ"504Ù!µh‰8ÒØì&Ñ(aŽ™ð.™ÐËû{ä7Wê'S,§sc Vë†4Ã†´ƒ×ZVì³Ž©„º>x.”5@R1|)Oíç ¼õ­
à²mÜÒ^|¾þ.»4%Y:N?“…žc6¤š[½ÝšÛºâƒ0ñ“¡©>î¤×\¸‚Ó·ktÒ}„€ë±¢sÉ›ÛjÕÎõîGL?ÙFªùBÊûósÂA¯»«ZQë•’¢žË0SÆLçŸÆwÝ~»F Öñüþ)8‘È6à‰„Ä¹Î‘{ŠIÈ­x½nåVœq§Ùþïç´µ84>ŠÖ«1Y¡Á½ó-™Kp¸÷á^OäðRff‹'ã«Y¼äD¤„-.f’×¾j0Sð0±BÁ ^¸§ý«i"|¼D-–ÛÔ¾WŠ_Ñ/›R>²‚`náˆ@ZŠoç—82àÑžÇúLÏ“vŽ|¯ž½Ó•žvÒö0¬bæ4gáÒ¨–-ÊÞBMœX/ªyré§§ÖïiY ¨å2õz+ÏQóƒçÿÄg†F©S|RåA¦AâŒÏè èƒÿVE*ŽQ›¢¡ÐÄ< ä&HïðáÃu\WÇÇMm¨?W®2å¿“ê)œù1Ïòò¼J½Êy»¡(ƒG?‰ÿÂkB@åébû€yÓÍ‰Uý®‡óWá­Uj+	Vœ²dø–PRù£ÃV™gÁæZe1tÐgçûcÄ)ÔsÄø¡É7T¦÷Õems‘/Eƒÿq’0ì»`åÍÀµ`[£¬–ybp§‰`{uî´CÆ\²’k¤,o²º_Sà®5¼¯Î«”J@mfá&Ï¡xPVk¦ÐHËœ¡PÉS`gŒ£Lƒ=@yïNz¤\Æ“Å]÷I).ØÚŽÃ¢õíŽ¬‚µuÒö«çéDñeè­V1UÝe*u—'C•£œÖa¹§4ôÇ8)XŒ³^ÖOÆIóÒÀƒE¾#fs^Ùž ,ð/ga€  €¿µÈ³r+E……-¼Óî©wùú§ó:—~¸‘‹Ùß°¦êŠC¶?š‹Aå@8Í[˜æ¦v–ËÐCnPßÍK6°n/!°ÈTÅéñIÌ£HY{%mR^Ë=°ç=ÅŒð±>Ë—šØ3YeÙÃnénÁ–Y+s”%*k7¬á7ýIY—/>ò”|Ê	;cG®Z¡”šiª×¢¦%u8IˆÌŒ*3GHÉžæª‚®—!”.à˜âr0ûœÉüÌË¢Õ7[’TbW^¿QÁÓ…ˆŒ"™¢%¸1{¤÷òÍ?Œc™‘ÙúJØ'!¿³¢ ›™zJäÐ¼¥Êä#BX,4|B#ÿ%o¬n¯zL§K=G? äÁyÎ“¢ø“A¿õj²]ž¡„äôþ#†
KE#¦É¨/lÃßpÄ9zÇuænw<GË –väðÌôê=hÖþñgý•#q&¢_^ô³Ol_ïí/ç¢:Û£`}¿MûæPqt5êañ‰o@¬XHÇ%œîkÒ	ï¾.ÿö…Ù è¡#a&31@8YhÝòS/d?Òö‹9Ç‹‡VV'$èÁ€jŒÿ`ö¦¶N~Gåæ¨úA¼Z7P'NmÛ?ïŒ«l?gƒva€¼tà ÑLí’Œ.E_ýp?ÞüÒ!Ó(,X*¤* "aÊé+£$`¸c÷n~WƒÓ4S7TMpZÙûjÆ×ß¥F[­_tË†@Cc8‰üt0Ù¢ÞµM¦lVo’V¡$Hsƒš»Ih¢g©‹ÓPÓ»÷$ˆîw„8{Ã1U£O¢Ùyy9Ô¾Á<žÅÓ«éû&pá|·‘Ý+Û•zÐB”—!B.”ÊÎ,]>‚¡q“C­8µÿÈ´8­dÌ¸ËP^š·é+ÓÐX/´zìÈÝG€yþY„"«_ÝqÛÝa!#¦ÈÓ†ÆóMbîõ0M°M#x Š¸µBæ¢AžHÄuÒO›:Ô^‘^«›ýïwMëõi6Å\g‹‹Ôúã’ì²_c!·4Š³jÑÞz×¼Iì×©bé¼VÀ(Éwá=}(¥Ï:¸äzÖúi:f±=!UÁÞVt¿FÕ¡fÖÔµ£M‰uà¨Ç‘rº®JìÙÒ†PÍæÜÇàÏç»œ!â<Þ¢X¼V¥oq6Äÿa H»(]xAìÙk»ôü<Ù¦|Q©±«b¯¢Ú&X®rT‹oÎxòzúÒœ4i›SŽ‹!ÚúãzÌæv>3'Úž•Jo"Ý·dñ¥ Ñdmj| ¾ûß«íŽ[ÁzŸ0M01FQvÙÇHy¬¶Àr‘ª¤¶DIäN•Ÿs‰`^'lt…ø³-©^Š-2x6ú…–F£:L¼€ˆÇñ,XÆÏ4ƒC.p’÷±|º<1?þ‰%:#Üº/sŽ.ê_¢yhtæ? Ó?áÖØ5qx ADÜHu1º%Ç°è‰c˜åž¨5že­ùà±P¼[˜ÀL.XtHÏæÃ¡EZ¢Öû Ü!Ÿ
g…ˆ6·[ÂõD4O1•³.ÌxD_a»bÆ€fçÀŽ±F¨SÉ{^ÛúX!‘6˜2¹×¨;·ç"i©ûðÍM©úk^;>¤d‡nYÍQìÎ­-h~	z¶GˆöVOsj>Ø;}nå8eÁC¶sÓê²›7{<ëáç»–g=UÚ¹,ñ8Ù@D˜ä$‡G&î²@’gëwi…¸ÓãJÅ—cÇÂ.4¦x~”‘ù$äv9^ª+XNž¸tE‚RÈowNªiîðÓå	C/Cü·–«$Wø=›ÃÊtRƒz?ã•Ë"]Þ{Lbå¼Ö«væCfT“&Î›±È¡YRÇ·x0Ó"$iý}ŽÏ5ü8žº‹WÕ.é±àÉ±P;›¨üt‘w’½'Ê«r¿'É»À<ÀUøB»§~¾Q8ƒ©Gîžb yÝlj~Ùb~io¢óê)Û.Ø[³‘…$o¨PÍn3?ôö‰ñbž1«©gW]Éz8"Rá,/1c,ëí¼0„©é$<÷CÏt_~¿s)¬bÕ6Uç;ÂêU¢ÐÀ¹få&?oïŸ­9#õ•QV‰‡JwÈÚÖ¹5·´b½gíÆÜ\p¤ó1Ï÷&Äðù'î €A.
Kd@bL\²«ÆvOŸS®é™P–'d>Ñ`žpA`PÛq/ÜY‹œ˜ÔÀ\¥d[ »|5±ûlèéjC¹ °÷Ê‰M»‚ãÉÖ:Hµ@ROåGîœï&½òÎ|3ó<p2Ö'ÄNÊ!Pûe°­÷ÊÕlu…£PC(Ä&áŽÙ{:ÄŽÏõmSæ»ß·&áVÎâïÎù‹#ÜëáÏzÅ~ì÷
ÁÝS=ØÁ'(=“éÎ!žmÓ9ÛÐ§ tfHº…9ÇÀì²Ò­}8¤Ô½5;M«ŸÏ‰¤Y·¢áöãhÉL¾P ;è1@ ÈÛ¶Œ‚Æv^sÖ¿­6/;æÌ©#]Ñ4Ÿ›)f7æJiØs‚,ÍÃ?þ¢™ö¹æ
ò¯3ê° D9&6UKn€[U“äØž´îü3›úˆ÷ã|·GÁùcÿ4ôÇi_”°R>w‰ÔÐþÉjZöMa l-ÑÂØ?ˆÖHåa	ùÙjžÏ˜Â¹D„P*G ¶ò¬š‚nôÑº&›Ä×3U)ÎÃ&PN%üÉŠ ’²ªÐ ÀãÆ-] ±Ê
›X-™ûj¸ù`Ù™®âÉµÇ=};\¸ìâµVôYækÊ}ßj¾S×e³c#Òø+üScÉj«'ä»Oowö^¾èdEc~Icó–J‚ñg•Õ®b¦øUfãû¶R!#Ü€ÒmêVz¾/²ÆÛwC.ûõ(úÝA€À¶ì™ã–`¡[;hãðžlJ÷’7!2Î;
ÿ–ëÀdeïÎCŠHªiüH++ÆC×¶ÙÕF\áH¿°¹uF6L˜W2ÕÏqH”XéÞ6å
}Uè|ú=Ïê  jŠmmˆ%_¢
½iDb°F(Ósu÷’²#)j½q­ö]Ze±Å§®¡{°Ýtè7rïüá7mŽ8Š‹âÔ§&ÅÎÒÍ”¯veµ_¨eÐ;¤›Å‡iûì×ÿb	7Œ>ÑÀ8KÈ	À€kÒr°khpA™âÇ¸ÍbåÎ¼Š*þÊ"_¤VÖåˆÃµÁ†ëäC8èê› Ù|t=E!skZØ3ºuß01öóÇ‹zåËm¾ˆÜ?ˆnÛçjÞ†Ú>HÇØ˜uÉbøzNAz3+Y ›ÆanÏÚ,9ö)ÃýZ‘Û7È[[dÞÛ$¸ê,·æoIcMÔíîc/Î¿¹´×q“0êù½Úrjå -cHÆŸôó-ÿáÞç®@Í5O~îr$åøÔ”B'Zµ”úQwÀ3CNÈÐ6ƒÏ»)Göç­0÷×Só½¼0ð%Vß•¬•1m¤˜äÞïzñ5™Ub(¼ú(Mž¡ŠfX!mR¸´3Ç^XºBLù±m… kö–qÖ„“)æ§ë»ÛåmÅö¶Yªã5È¾Yð‘`]c'Tdf¿òå–R«¯¥¡‰÷³…¤pÇ¯zÙÿFl#&NŠßúk¹¸è`‰FFS»…G`îÑ^¬%EXì¯m£ˆ1õB÷Æ±¤ú™<vááú‡u–CÈ7[tºª6ö¨Ë¯ER<€:á «TUN±‡£5¶øPÀbði[×e¦* ÷ËcHÝ7K4r°Û³éQlúüßEžO0n¬öS»Ié˜½	—ÒˆB +LHÏO"ÆÃ/äÈÃ’œ³æ2KÇ‡t@„lä§aâƒÊpÛ®ÄßFÜL°4’ñ(um½n‡g([BTdó‹Ã÷C ò½=ÃCóü©:gc¸VúRyÔ( øB¾T_†œ3-ÿ*µ§!Ùýª«å¬ƒÅ“õÙóƒË€z|ñ0Iž¼CÔU†Y‘å{˜¹[	lk–"ip”çŠF”ùn2ÐðeÉÉÁ3Ø'ymÙ %2¸@w"wu™ú­¯ q˜àWYSôE½Sµû`À¢äRZ¢þ¶+Zš‹'¾ÞÂ)Â9ÉOaß‘V–9€5yÕ„ÿ_ÖxÃ¾iŒ‹­kÕ},‹3„âDlÞîK–«)`üN÷÷æ¢W€iƒ >êMR.ù/ó"›x%vß´rÒ—³4¢7kLh”‹‰Õ§øTk6øduœ_è<¶}aÊd?øúœ÷e@A|ô>1ãÓ¾ÇSø¯à˜êÁÁ!¿qñpøÈÐ6¬,é¢5DÔ‘ÒÔš~‡ÄL	‚u¾:‚\OÕÙc¶¿NkŒzœ?~”å‹*pŽ‘a‹«üÖ\Çi€QXŠ9»òKÖâ¡ã`(+ø¯@ÇEl<Ai
‡„.ˆaXüP¸1u'‹~É•4ÿ0Á¾ÏÂö\"Ü/¡i³xô†íXvÅŽLl31jÂ\aÕ0*J¥ø7Ö£yãJ§lN¶ú¯6ö‰¸ÈòæÍühÐærŸ1'˜:ã25×§¢n·âÞß¶N|ÔÈÍ5fìð'>œÐ0>ÐŒ&£¬„«˜PÚeûpÆÌ;—-û‚?«”æÏõ¥$È¢ÆPfÏD³¶2HÒq›Üx¦¯4ojÑjO%á{ð[Ä˜àûÈØ®‘Åýç†FÏ„í#%‰
%†Ý*ôÜ¾œíÆN“÷$‚š[a¬¨2ú66‡öRþ‡ÿÅØæ¼è·³_ª´=Š<éÍÔºžG;)èF sƒGÓz6rGm“¿¬²žû¡Ô¿HÏ‹T\ËT!Eo™‹ö‰Ñ¾äÉ÷ê¬®íímÿ®‘&U5J…ß¸_M¶WG5A_„hˆÄ„Ç©-_>ÞˆY½Ó•?öŽbàHäØÂ&†¤e%0Šð’QëI¿ ò`3Gf)(2s©í˜Â?âÎ§D4ÎTì¼Ô¿šÄ$±MùÔrÛ¶YtWz-—é_ÝÕÞÁõµ‹F¸‚®¡õâXæR*$;4•ÆOð  æ4±SXx} ªìRHZ²³7oÍ¼ŠíwIN3€¬fu¬ÿ—xÍæìÓëÓ¤†VBJ,¶.Œë	Ok“¾33-Ì:xY€VzÁç•<
0’3³m½ºNÓœj26¶­Yyù‡)Õw—ãkZñÌ†ÿm]œ¯Îjz„©+õÓ|2Ë‘°dô5‡ß^’’Ü¡z{ÏÜ‹™ü»“ÓûæDQª´ßIF™[wÏ…ÞðÃ‘­P¼uŠa;ÒoÍˆ+¥vÐ¤Û5*½ŒëªÞ˜Ô‡ÁºN¸¶«¨íLtNÆjŠÅ+Ï¬ˆ0±ä`Æ¦ókiêz·³øê1õ2ì\½…8>–ü¨Q.†D™¬Ñù‰˜¢7HÁÔýq”‰q~>¨¶ÚÈÜî'xc4Qxþbê
–À©‹ -Ã›èK¨vV•¬ÂkC¿ õ}6ð<¿Ã—·òò•²–írÙ 8±ùØXý7ö ÅÝ–œ¥‡Q	KŽä²ã[Y)p¶¬íÖÆ.ÁR2\Uð Å$¡~îy¹ªìV}yïketö'ƒ»ÅçÖêéðBužG‰.ú"®àƒ½	<s³…¨;TÊÑ¬k„Lâ#LœÍ àâ¿ÁbwNnÐ6;qoÐ¬,ÛNkÇÄSCÛ¯fhã/Ø,ºàÜuG…"ö`Ôÿ\J‡( ±ÐÒ6‘o-1Tžu*FŠ¯ÅLúkìÐ‘ˆDIW™!3z«„MZ‘Cã[n“íÙÆKŸÍd^TÿX¤¥«7Jô¤ÊÜaÆ{-‡É¶ ­ÿeÏe¤KÆ:nÉè	QX Ìm±¿¿Z/q@	E]ŒjÞžHÖÝd)¢ÂØ°®S* ?ÿ 4°¯u·Nš•{ø\	z-<ÿPrÑ«–mLÞó~E‹ŠÛ„¢˜,°4oË€¹íÚi
–^ï‰$á~âÅ#5õ<lý2Š®.´³Ò* FUH‘^[„k«@úE¹8æ(+VÄ˜R†+8C“(e´.2¾ô^gÒ*uá©[D´±ñÐÒ¸ÑÑûÜú ƒtæeÊåT•Ÿ¸õÃþ‹Œˆ|³~#‰?N‚¢áÝÊÚºN·•–'&íœ°	q“û/›nQhÓ”}vúÅJD…ð‚3Ô2Ë›'¶!ò.ëÙ¢T™%<ªÛçÂë2â{<*Á³7ð,ç,ˆwõËƒ•·AX]!ê$Xàcúš{'¾#Rns~&§'ôû @½¿´ž«~2Þ,”gg$Ý¬â-Çzà8]%XyûbáécÜ2ZB»?©¡¨òlH?”6Dº™Â’a¹âV°,8ª^¾K"[ @êï†Âß¦ËX--õ•ˆçÃ«öÓxÉ5¦´”S³ó(&£;¶@Jn‹¥_²@›Î·‘5Þ-Ž–Àô(¢t»YÞÅ¤LP¦5Àyyî_öËÅñÑ¿4[Å:>XGÕþ‡\ñÍÛyèl÷Ž«Á9UˆI_’D66þrŸs2±«N6+–l+qspSŽ^õy“}ÑÁc†è."Š@´kÛ©Iæ"d0@_…=vpÏ)_ÀAT`»ÕV=9MæêMü®][¥¨WÞÂ@EêH/PR³É±^é:mìËEÃ­0øèÜ_x'	 Soì‰t¡Øžsæ†N[±Lœø—Ù{Ä-¿ ºa0ÕÞEÕ³†Q›Ø~'™GÆˆ›;t[2JL~CFI:
ã –'hâ¼¢ÇßÍ»1  ]»ÜMøö„.xc>kzVÔ-Œ"/„Ä™o²÷ó\©GFøŽÅÁnØ˜¸DâyO‰‹JávSÏO‘œÝ¼”ö¼ÈOFÁün¾>™QØÿ°3&ë
µž°Ê_ã5Qy¨œ;êÙg[ÒÿÜ0ú‹eo«YÇhåwh«=•ÑB‡æ»c…f¹ø)£So,@>½KÖÖDÏKYƒì,Uâ‰Ý´“£L+ñ•¨ûðœÅôwÉZ¿2wAU­H ôåÐÄm¤"Œú¥—è„Ÿ:KsÒ6¾§¾ãø¾ÌAr÷^—šPÍ$‡•U¾©˜,bÿâçn	ÒX›)Ðj8pÏ›lãüÎq+¹š™
Ãjã>ÿ³p{¨üÈDëª÷  
Ü`Q8U²hÈ¯ïýìã¿Q1€fmªÆ:Ô?jµÎSq]D©í6D©°8©ü@@?s?À’½šèË·Q?FSäÅb´Õ³q£ôZº”K ÉA “d©¯¬Í+¶]N˜£÷ƒÓö,6X^­Þþ,t•Ê¤NóZ3v ¡*.¯ÓiJÿhÝCÁ¯#ÍøåQK:È­æ»³ä«$E†¾½IA>„”šõXö”.q>Ï|,G²•8`’žZLðú€‚7ß0àød©i=l_ Ã‚Eñ0:èÄuúa°äõw|Ôä¶£?>øº¶Ü=ÈsYœòÀJ‰Ðå)ÒÀß\õ:±ªœ+NÛOdSjÊØž<Ä÷‰ç?Ï0¸bQÛKž}†‰ ƒøÅ„#þO©øÏÎCÏaˆËO×¬®œÁ»ç6Œ°H»ÏtèZeÎ4¤ŸìžÛü£­xUi–RÙ,Èç9\QZO«kÂ*¾Åb£õÎØÐÜìÊÂ5µ¼ëzÐÑà6	GàiÆh;£$×=õ\{Ò=9¥{!”Â·ž}ê)Éæô9UÜƒ©þ‰H,’{:Ê»í”Ýr½‰Õ…¹ÜŒ•>b‹äÇ€c·ÆU"PM‰Lø?|jô½Æk-µn­!²%F2Ž^E’XW–@œýe´Â•jˆ;ú}ãÎpê~Ç|ö§z›¾%ü~èü¬¬éz€†(q%æªfPvüº‰¢Òr¨2>”Â¨cGÝÚJbbÇk ¿³ì	‹mî19Ý-d¶g)ÚžæÁœEig<—ÛÙ|Ôü~Bxß«¤ÇoBçjxhÝs•Þ5TEÅ'5ŠÔÁIx¡åt¿7¡
l¶7lK8ç&/Ýsä3™™¹*y$¢OºÆúû
V*Ž›DÕ@€û“$Ñõöì¡õ97 ð‘¿ã³ §~™ÖˆBg=«±2à©È|Ãâ°¥ÒÔš']\·Ë)ütÎé~ß£ÌÈ“ß?Vs‚„=ù}YZR†Ý$'šB|9Ö†Ú—vÃshggãUæ+|í#UüÆþ÷£8cCØÀTÃ8 ÈWeŸí&¾õÉ8*®*íC­VJÕgžkg–êX:Y	OG±cvnmúº–ƒõ-ÆÝ£°I,«r°m1¼ek}«.’&Úhñ'WFˆs´-ÉþìÐG+š	ê¼t6ùÎq,Ü£ÊÆ[sDB$ÎßÕGá«“2ö­=cPR½ŽË¸@¦Aû°.ooÙ³¶"Í9µ‡Që÷š?#°v9çÕIÍ€¢¼Æâ ×§Ëí}†HfÄž
:Ì}”Çyð®>cuàÏdŒX(ê•lHñ¡À”w,3·W\ÐÍ0|3Š8a•¡‰öå€dzå—Ñü«ãxÁŒš&üÛ§Â/)ÿ~v]ßæÿ÷Ú¯çª<j#tr5K¾/‘õ°r¸°š&p0<FÌ¿vû}«5_eÁgu¡ãÊ´}x¬Y¾mùÉŽÝ·æƒŸ¸.ˆx‡º#&­jƒïH‹Kã°‡qCe3r¦wŽÜìûÕ-o<„X»^ý0©»Þì}‰ ëJÊÂô²¦L¶žÃ.[T•zÁ
Ef¿­ÂËJQò ×ÒGlÿrÚ1è?ù)’íã_tyÛ•Ý<zA3ÛnúiÒ”Á¯/§!o´H	Ï²…¶p÷[ Í_”SºI z=u×„âÐ¦0å\ºõ6Ê5ÏÍ:´´;K Oˆèy{˜ŸÃ˜ê5wvÂXb 'G*ùÚ›á1tÃl®Àê™KŒÎEÿNC[€™Ý·ÑÐ1dHT:]gã‚çEÃB:þ¿è¬¾né–ŠšÚêÒ4*œ§¡OAý°¿­‹3Bá=7f%×‚Ý¸PJÅ(4&!WÞ-iÁ>ýnõ;µ›ö+Í¦£ÆÀû:üô$µt²sáØ‰%Fë£³pæ˜zÍu"Á0s>ãÓ<9¹79Þ¼ììº/¥™¼ï•í™Œ8•!Eaú5Á¢Òn¾Ë4·B×s¨‡ŸúSs	ô&˜Áx¼†Ôª^[<Å0r èZ{ž79j=¥¯“ìsöEé~  ½ì„>FÙölL”Ï x" *°­»U¾(—MD‡ª`Ÿ2Â.xðñ<ó%m–¶gÂÖÒqÄUÜ]om™ÍÒÈ![½¤|e‚Qœ"Âû×Þ'9˜$“bsÀyRozI4ãÄ7©0".âG¾}gÿ€ÿ—t¯Ýl´é.Œ(Þ×*^^°,Z©	Š%ˆù©°]?§K½ˆGS‚ŠkkÙŸ -Ñ´~ŠC§ÿa¦Ž(I¥/¥¢ö¬¥½™+WrEIKHKHœ`üÒðÃƒÕºõÒ½Š'Gµ÷óL#Û}h½ËUm#l'¬šG…X4X¼Z½Ÿân¿+Á+ù¯´°’¡ÅzLŠÿ¼§0$š%ÕƒsýÌ8ð=1!ŠóFy²FdoIÓþÕ?ïoÑy->‹«2¨dýçìK¯•Ã&€’$.9"{jRlª`ï¸5Á¼Î{ðÀRãÌdÈ}²[ÊÆÊ² “F™Éî«TçÁ™´b§ó×-J93ÇuÝºváùAWÓ¬ç;Ûd`ádn9Ž+O–sóýmü~ EãFö©`Õ†_Zâ£@_çŸ¦‹ÄhÉ¦ð/»ð5›sMÎÝÊP@«0œv@Ø&›wÏ2Ü4Ü70Ž†mMŒó·Ç#ÿ¾›b[nÁí~NÔ0¹p©²8[5½ÃE —ßŽ†ùO·ž;{Ø³SuòÁbŽÃJdÓ2ÜªìFÛ_à,j¾°æsÌçõ³ œîûùµâ+áDŽ „ë7ü„+mjcÐ\Úz ¶æ«¢Ã%÷ÒÀJ›þˆÙ*‚xºÌæÊïÛƒK<¦Ú·Ù
È¤æucÝµù’¦¥¨RÝ«;UBSæq›Ÿ+ºfS%¯ÖÍ«¹ü`Ç9 eáºN¨—ò„W<±Û†Gæáê9¯Ýa~¹_çì•ÏÔAxÖþ[ÛÐeÎ¤Ÿ¨«§>‰ú ZE¨Í]mV}—@RzÍÖ•¯Î6‰Ÿ!i©Ó¹„úk±FaAuy} µzx@«/M]´L(òÊ{„7ð3Œê ‘y˜º©^×Ä¼IÉ—A+© arKåŠaó¦BweÕˆo†ÖLá³ò‡úe;ˆmO´*Á)9âÞ$Çæ˜W Ðâ dÚ¨¹’]ùTÞÓ«£ —`˜ÏÙÔb ¡|ñ`o3zÊcÓö[¸V‚ ‹'ýtÊ"?ãý„MþLV%ë‰â=Ça¼1ûoÉÝx?rU»@]Jl££GTàéä‹àŒ?úœì¨¦ÙY÷pÆŸ|‰—ÈW¢èù­ìÙî¨ãÓŽÉS³¹Š‰šëj-î³6ûãÛj––¦TýâÔ1¯*Uk°è°g–C—;xÎ\¿Ji¼ôd_·d0ÓnqZ•H¥§Î‡±€š”„ˆçæa)ÌOcØµ‰õPò”¦æ>«ã Ð‹gr2dˆ‰ÅNO.<‹Ë)—ÌìÎYübá4VIÃ‚Üø»Î¾á¿ÙÀ‹eíÈÁ h®ãº†™xT–k_›Ý¡P©c·)¬ •º¦wø?`cÎÖá¥Œàµpä6jf[H‘ÆH'†j}UÈFÂ­
­Í÷/ƒØÈHvÂ¸khÄ!=YPõÛÙxùƒ4ô­ê‰›Å^¸P¨K>|MÈ}jh@÷0oIÅü#,+¢úÛÿ¯½"EãKÕ‰õûíMK=(Äg/¡Oô4®“‰¡OBG‰ÅàìO®ú ²:>Ø2-!=ø]Ð%ÄÚCˆ1žÍ
‹P}Wl([š«4Î†"™rÜudgäØ×e—Og'É.ì +ô¯›sà.òvÛi_#Cm£ ¢¡½.	uëþÎe«¹&'
ÆîXÚ©Q³é–É—FOìü"‘¿ùûîQòyM¼ÜîäŒ)G8âŽQu#úoÆ$ÓÒ(íï\æ¡ÊCä)¯mªc‰cØ¿ÅÍµ±"ìý$èL4*Ú£` Öù\>ð‚ƒ——É`']uºê¨Úª£˜|ÎüÍJ:×RzšmP?›Ù^"»Ò‚&Ö{nX7é×¨¯2èŒó)a 6¿’´Ð¯$gÝUÕrDûF+ºXý³H™YñâsááÏßøÁóÞ–Z’„Áâf_?‰Ö:L‚8Ð`Óí6ŸQn#ülvîˆ\UkËU#„Zâ6Â¾V+¦Þµ
Ú9Yæô}5Üôƒ/ÍGÉ¹ßÆB†•”EŒ`—>’ä„ªR™BŽbg÷ñµÎ^ó÷UPnÆl‚Ÿ*»&*9$BVa`G<l@³`>ã³ç&Òüzªs	µ
kO›@FÜ³Âáé-D@IÓæ6êú|?šXY6¼–ˆ†
bÉç|í+wº”`¬ÚV±'A´ºô§}·ëE¬öƒ‘‰t7oÁ°)A~äÈýÛøL	j½ìHÒ›(?ÜÖ íóê	¾¸6îÁ’F²ï¾o\rò(±;eõ(ú‚ß‹=¾¶Ì±^áU¾$µ™¢fm‘XD ÎMjs|ÜÍ¢zHXÍŽJÎ0ù½qŽ›	jÅ+’ÝÐŸÚ
SûéŒ”R}[ }-®ˆòDšøèc½C´;ã„&
ÙM/à\ˆ,(b¾zôŒâu¶ÿWÏ†='_!ˆ£‹lfÏgX>¾§éc~tÙÙCñá	ŒÞðÀÙŠ«m‘rƒµ±ð•Ç	ŒE×!Jºt–9³Ù YŽTÃ R0Í£T^±ðA+`Ìc’È†1·x»c|7 ™
}”@NwõMFÇ¯ð<'ìv®èÄhkÅû'}^¼™ÔŒ ÷ÀY’äyGI€W*Fp·Êµÿaüe	ªý´h¥Šbx´&º¼äG™2VO×5Ã+ß5]é”.Úþ7?á!OØ'Zß¿ÐGX¥pÑWSò@¾ä„A®±KßÝŽ5Ýê¿Á ³!<Àäù_[ï…¯çœ£;Yá}vT)¢ª­r;—K^ÑIj_V#QªkéÂO6LC}œ-Ï~³Ø·Ýê½æQÝ¶ÉRaeg³•ÁÒFróÃµ»5ûprš| ¿üí)×zd”Óá²ªÝ¾1g=8Š°y+!nœÔßÆðïÙÇ@!å[.#þ‚ø¶Í”¢ð¦4q/-l4BðYŒ.¿Šù‹t}sI‡%7‚Üj,ÆV¢û•lÖ1fäbµdç?°QxŽðWE<“>ÿýÙ­mýœZbÞØ„œÅ^ä~±ã@F$˜H‡…èO×rmšhQxsÿó¿£$ž¡…AjÓÜ"³Å±¥–AE=MÅF³ÓXéúåDNcÛ4˜Î·"ÃÓÐ•Cv½
éñ¥¡²(d|^äJ$ˆ®_Ã&…ß+œè÷ÿ7æY¶é	ˆm+BÀlÑ&ÎGø­Èûo}Le‹fÂÿ-Ø#Ë ”(„¡|‡*`.@ÉÜÚÕŠgµb-TþO[ßn´kh^«F¼Ž¾h ñ#ÓGÓþY£Är*4¥»ƒôƒ¿›DÙ»ÚD{gz†HGNš<ë-é7ó¡­‰¿ß#ÏMâô+^W´ÀY_1¦—òØ0'¦J)ÁÆá*ùB*½Ð©ÜÆ‘öÙƒ=ªDkçu=/Š6UYFñ6ÿOôÿLµ.ÐW˜öän¦\‡‹#w§³á_ŠH~>ñY”º—GÒÔØ„( ‹_§‚ïR™Çyq¿œµí.†¸øÍöå°ðÁ)3ñd!ê@Û’_ä'Ðïã\ÀÛ0&Hd/ëØ”?‰¬BqöH$Ï¿ƒÄ:üúGÂ,3q¹ ÔÈ$u™€Î¥"¸XQµpÙ}±
MÎ\G *,a¡&¤°ZˆI #­œê417Ég£fwXa’ÈÜùA©ûv¦5Ã¿—$£Ð³ÕÓpê; 
Znu©îLÐƒZ$¨÷‰¼ÌŠÁ6-VÎBbV¯×û¬ÅÕfK¢2PjÚñ@ú0¦úO¹_Ê‰cÂµ³é9uFSÁàd€¿?÷ü€¾T/[âm«`IBÄrq3²B;òJkû›q³å÷ür
³Tûò½°rA¬<|Ý´äªp6þŠ–Å|\¶ë!—ˆ[^àØÏ¬ïfudôï–&S´	àå£Ð)0OÐ˜À×^5³>·°¡N2oçmœ,ž”]Œ}IÍÔàr«®Ž¥€ò…°
ª‚‘œ–ó™–Äºs¯²2ŸðƒN÷„–pFe–­òšô[ú^Qß_.±³ö®ì~:XÝÌ“«ðØK½¡)‚’»Y7'e‰?G±˜DJ@– |‹Žœ1„«ìs]?ÔÞÃ$ÔC‘ÂƒÁ·dTŒXð4€6í™V«´Fáë%Èæ‹³¬,›ÓxøÐQ¢kœ¤®wÃÇÏÆ¥ˆŠß‘;.Ú(Þ×Å»…GíÃ6Ò¦ƒX€ÕÌ…†°íýX€èE„Ûš‘³ë—Ï„ža¶Ñ3~¢°E­ýGtOwÿ4°€Z|\}A%×ô¥òý›Øš?yùÔ§à×-Tüm˜¸0p€ºÎxîGævÌõ!7jª¸Òã·ß$mÖã^:¼¦EÄ²–ú|ÎÔ$Ð)÷“gG„Öz!)§›ƒ(*ø³‘Óà2X)ØN•D¬òˆ‡w|UÆÛA/“S-/<O”óù>;ç…Mzí2Ö¹‰V eòqhJq*“7§Vðmò{6Y–~|)æôC463+¡Â¦‹J†aïÙÂ0ÿªÍµ¦Q¤½¾¾Ÿ;1ƒD°÷˜AÐ¾Ð^:é€D¬žû,•ñ\!¿‘÷DØx"
AA¡‰.ÕéÒ #Ð@ÃÂ?¤ü­ÝÉã±‚…³¯Hšj?¶0³–<Î	'ÈVO‹œ[],ê§ŠùØ–ð|–{#BwO¬ÇI¥Óal}žƒwà~6pü_§†;î©!Žp`„œt½Œ3›"ÿå¿wòM•®pë+ÊŽÐ–sÂŠU4 |œžLiJ×šù';ï,éÆº/V[{F)òðxo`0´÷ÂvA¾–pä=-ZCœå¶Bzž"*ePõ¹.'LzÙÎf¸Éïp:$Ä¤ÁïÑÿ” Ôq y™ÿªA{wÁõ.ÍêùA¦9èœSN€-#ÎlÆ&üÂ<¢ ¨gáðª ŸÃ0±Ø|×ˆÄA
-ž‹½ìTÙ¸L1RŒ~¯N|mgn9kagœú†WÌ®ƒæÉInŽ2¡|a@~<Ö;j²Ì¿·ÉíˆzñˆE,,9ß@ÂTÑtQÉÇEŠù2˜E²&t£R1öüç@\m%Ý£KLEåðë‚[ãš[ö$%FîVrÏløÿöE Ö Ç#·2u0¦ÔÏV¹tÙ¸jFBÏ÷­‘Ï3’M$Þ¦â{¯ãZqrá.âo\NÁ†yÇ,4½1‚íZ0ž, Óçeéf¥¤“ê?ï70hÁ7
òÞ™ÂÔgãöÈ ^iß¨aêÀõµÐ¨S¼ï_1ÂÛ§_%¡­˜ Œÿ}Ó/–Aÿ^áRY4xF[_EcÑBi{”s¹Fçz—ÜÊ‰vNjl•{² #€=g¬˜Š'«J=úXH•¹4WŽ¶¨‡B+Ä˜ÛZ¹Qpf¨Ñn¼Êœ˜w‚Dö®TYNQÿp	J¨1r®«t_ðuqU·†ƒÑë¼˜-Qà3;ÔNp(œŽùô>°¹Î=s´SQOi>ºùõU,Î¡V%s¡ê’õrmC¢á®Ø/¾‘óxXÇiJ½òÇéÛy¿ƒ‹DªÃªzUó×¤è*ñåk¹R´Î[-[è·œøúC°^b®v÷hw<9ù˜[³†«‹LÏ_!KŸ8±x!Ê¯æpxçFáÎñ‚GI5÷åÇ!ñB|ìjy¬
Ü™{¬Z¿'MwšäñÌûBÄFëÊƒ¤Šgã¥‹„$|(ü+`û[¦ô²ŠK›Z°HZÃëÆ‹Jf*yŠ˜ØÇC”úØO`¡:Ñk÷X_ÝýS®+Žöú)|f¬[–©¬óojô­¥ý¼•ÿ‘®‘¹Î
fôe?üõóO@Q´\ž5#÷õ&bxÆ®{—?“Ãüe3Ñë?û  Ž,"ï~Ó6Þ( þK^mÞ¶•¿i¥ ûØ}¿}wrÐ›ñ-o§ÚÛ—è%{tñm5ËžiòÌ(Í¤­—Š`m†Âzn­š0ùF.à|ù¼k«_îe’æ£ ±Ãvv£Ñ¦Á…9Ï¢ÎÿÎèñímk@Õx>N0ñSÄ¹Ç¼ºQÇãg²°S#»)dÈÁ»ö°í.Ljr©âHL$âãÌ­wË¤ÝKÈû™è"ƒ´Pr‹]ï™3]pn6“Ýú-ð^‹öW&$mWQA‰yo¢ÀiÛE CÐ$B¦úZPúÜdU0c9Ïd{C¼ß¶ÍÁÊåü¸Ms3fý¡½ÁÔ†œ›Ê»MÖPvOÅã¯¨‘«Ä}ß£$ãŒLÊÍì²Õ²€ÜÅ—1£íþ`–Ñ©Tõìdª«Tù²SrÄÜæ‡ï@r÷%VÞÑli•OK
»ÞÙ€£ö}–›Y,&±®íõZ«‘÷Ì¾êiùµ,°ðò£*É…á„PR×.ÁI'¨‰¢©*o†KÓ0E™$P%9Å#Êû“¿'·Â¤½ögöúü~ø½vÂNÜï­‹¯¯ÿâOæiÅ'”¼Ûšz¦ƒ/;N¢P0pnçG@¤ad=’zV(;°$šÝ·Ü´ôms“·»¤^ôÝ>¼TøìOÄ’í	¹¦Ýþ¦ÂôA6íáð…W#ÒÔ®h©CT~0FëóÔôÖì­$÷o¤É“›Š¹giwhjwwëqå»â¥5ÝEÌ~üTªY7â5aÔ;]ûÐ¼¬õ¿Aœkáåòg‹^~ä”:!¿gü¥\ÿ\Ñè÷’µôÛ?‚Ö/»ì*î‘ü…$Ó¦¶,xïKnÕÃeä¹Rðf–cö)9á¿! —)E Ÿªë’O¡\§0ˆY*?}!Ä av¬#¤þzÛïOq}ôeS·ÊÔÀg‡AŠg"Ë€ÿ¨œ#½`9Ž*| aãûÞí=ŸL/Åµûâï”´E¨*”û:ÃmÂðõÕ!/~OÑÄ'àdàB‘;ÅšGZñ3iAÏ½…ÃÝ¯~´)˜{ÆŠ×ÇOqÜŸ_¡>ªUþv^[Ñ
NúÁò%…uû›0t<ir–ÿxôÅ'r´§ÇÁ|¦‹ÙÏ³FÈJ§«T	5” 2ZåÎ6~’ Ô±oÌe_Å½Hé€B
”¾&‘°@ÍÃB<°"ðÅ(bxö‹,AÖ2L‚¥’ÌHÏ÷„S(v4p”_­¦ 
Î}NÉª•½>KBÌî§è1­òó¥X#rÍ ¼¶Ëˆ²u°\5xªß¯µvÜc)6Ö¾]²t™	£xA…ï«waD`\›>Þ_z×‹ŠÏúÊ¼ÌÅXv8ã@œÙjíWEùûÛ›õ›C9±} ?zÔ âD]"h¯õ»³uJªùWvÌU2dKÒkYžÆ`øuÜÙ]_Ä<Æ;«F™
½»É…z«S
§Ö2åØ³	½SQ¢úüXÈ¢Ã5sç‘®©<-IéA¨ØS-9««Ë&ƒp…“ßÕÈßA”ÙV5ÌUaÜ›KÄ,ä—–gC€r+ëBEá…3à›*Ïœý‘×ÜÌ•¸^qiœCð¿q-šúêoØ 4+ð–}2(mnàê„%góclúìlKW¤Øñ´åMøYìÝ+çù]¸õ’Ò˜&*oÐøÔÍ…ü
Š;ç(”T[‚À‘rLÌ·gÇ,q0ˆÉ¿™ùˆxò:~R·¿ÛN×Ëz·µvf»óRCFz9w˜»÷ÀÜ èˆŽ¯6
Â‹•‰×&~‰ÈV^9¬ˆ*ê¥q£ÏgLæâÚöosœ¢´(á,wëÉ€xqdéNì­	ò°Ÿj“9LXÿ=gy‚N€xÙ§A4ñÖýˆê‡Í&:Ÿ©¬b	^˜ÞÕ!#‡WW +¾261¸uýq…21ø`R•­i'ÔærdíÚ]ØƒÇVƒ—µ‰ÜQy²eˆüï˜òÖàdQMMR]ÜÐi<¶ûÙ8äÇÂçÙ–µÕ4Ã‚>Kœ©}@Ïéÿš¤eA]÷gdØvÁ´™U8%ñWÐIW™«»*q boIßœ¼›HðVöÁ?{”ô	õÃ|‰íÁÂø`uKBú ‘Màü©[gœ¸"ŸLËÆ54zþßD`uyLRºÃüÍ1i€™Y–|ûŒ¥`FqVÙ½U·H$‘ˆµ‹üIA4µÁ+”'€Žoµ“0‰;
Dó!&4À‘ûv˜.sNæ<H˜ùGkÊ÷ü’¹é­ÅãÜÕÀÀõnm5ªÒ‚QåÁšP	½ŸFþ°d>ŒÑˆÆb/nh"îéíJ‡Õè8ínö,Ã"ç£Da3b£tŒ5€øX^ÛÔŽ8€†¤Ø¦WØáÄl§<üszÇØråÏ˜·$‰Ÿ[Î6¬ÑÂç(ÎÈ1úQjHPºV·6òád£"`+ã¬Økæ«‰
Æ6ÐÉè÷—Vç°º›èãÁi¨
–†«öünnC®YZ5ƒ¤sPïmð¾_ˆWîÀI²‹Ëz
Ù#à\–L0ëÍb(äÜ8˜ÇÝÕ¡ŠL–H÷ÚÔúùëPþñqõ á¼4 ÿMÕÆÖ÷ªÞÊ[FÀm¿{Ð²4¸„ä;âÚ1u~+ì.ùÅíõ&[‘!yàVcL­í7÷I'{…÷`öëtŠ*ÞÈß¥~0AuçðÍŸ¹Ë¯Ø;ç\¶½äøsÄŠKÅÈy÷ v²›’/\üäA1Aõ¦Š5Ï[]dW¯§ˆú¿^î¸›²QzuB!cîR<1Ú»ì'L¦lÀÃiN-BW^Àn\!•'ÄùV/nÝ‚Çï P×¨ p›ð>¼ðíðTà=¡¨/SnËäÍE+WÍ§¯­÷øè1õ+KÏº`QOsÒ^™Çô] $Á&rÑ#‹ÖhW·ñ>=2½–Îµ~có»@èÝOcÑÌÈÒ†{Ãa*¹C€uÚ•­žø‰Œ¼É@°®â¢Š”bøïÅ”„sžwÍ¹«âÚí/z€O<ÍÃšóÀJÅâö‚ž§{‘§gS.èJþÄwŸ6…gv\z¥*Å¹vSuLðE!”^ò­Ë\o"‡á+xy~{}#J	7wäˆ˜å3€ˆÓ,Ó½Á{4†IòÅŒo“Ez]›q)¸ŒE1°m‚0Tãn½)i~ßÂã×Hû­ÉÄ„œ›Û1ë¸é/~iÜ5û+ä9îåpåR&tÆ*(,ø4"ùUÙ oªþ_$´Ô/ÚÿúE¸B¸¡¯2AËAOm¥Vù]Úuaã« U7;Oâ<mÂF(
]? rC€Ã$2 9ƒ¸BúV³ÓnMo¤ï$F'}ØdV›r/õëzIÅY;LudÔàQ×Ä ·ãïXÕ¸ÙÀ§ª/'Æå<Òÿ^·Å+u3¬¯²ËeGXÒøøödÄ.0ÇGGÒ©hO.Y· ^Äo7ÈÄ”Õø2‚g<nN¥ÛÁ5˜ñú(\&+;”Vp“ÊKí†oãiv²QOŸðG… ý¤:€ºíÒöºÃVó. FùAt×Í¦å‰-7}ñàxIûÆOv{£bËKRFÊÅÈ/Ù¿´.·eòëOƒ>á"o‰(ÿâ0žåÍC>è3ÜŠÙÍúÌºÝ|§¹
»øMú	Ì9^$¢ #ÑæÊòØ$úæ·]&¶Ú%³ß}”£èPkYc5áî­‡1B½Šl˜dÃ4u¤k¹h…=O?plvþ6,±Õ¯Ó(ÜÒ7ÿÏÍ"þÛMIÆ®#Y¦¾X¡)`ÑAkøˆ2.«Œm8­ma=¿m––Wâ€ŽÍ5š-åŒMÝgîŒ¯äS­«Ì–º2¤ø»’˜½»+”¼<¿ï×}Ë‡x ¨vÅÓÎãšO²r¸íLæ‰]órÊÇáMÀ”c—X•ý
FÀW|èÑ ÏÄˆOßÉ${÷ðï=–¦¼„Z×ó’¦*ÂüùàqÄHW¡Zˆ|w¹sýòµ*éûÕ¤½@‘3)ÏL¨²¨øR¹7÷Îa¡}~Ûñ^#Ìî­ðk©ÓozÂãXÝ# ÇìwöÄ
â—K"ÿDj¾|´_7R§NþÚ¿Ëï²@Q©ùí5Üb_Ë‰¤€ƒZKŒê`’*[dÒE¯aãëHà}’Rv! Mÿ.š¼Ü÷É~+c â_ÆØ¼<ˆ“•»Ë’™£³ÁÙôÄÙê~^v(H «5©ãhjE*;¾zñUÒa÷-àcH0Ëo)(+$u(ÉÞ§7}ÞÜþ>n÷³r[6@ÐJ*CFjãþ¦vîÚ©-«8ˆ”Ô"·A8ñM’^°bãƒ·ùuzNi8øÃI˜ËM×µ÷"ƒ'½:æDk¥%ònïk
Ò“·–ÎÈÕµØ“j( +YY˜§ø=fnhvµõieÆ(%¿Š”$¼©’-z”|L*ª}"15–øp²¶H“dêNð”'@ÿü{WæÑ9Bb½DFJ‚# ¸“[JómÔÕRÉÔDwèC®²óÏM‹û©%¥éà¹"ºúå¸V_Õ‘?P’´êÃ‘`€a+Ì;HÏt¿+]iÁ€SjE@ÈÎ÷r:3Jû¸=kwÛT_N¥¾7'0UçB:œ}ÙQÓ›HÍé—ñOÌ`Éúã–ª[ë‚;°²-ÁvªHØÏs;âd.h'¨-!Àjk2í1íX'u~ø5ý'¸Åçi â—ñ9¡¦âþègÂÄ"”Ö’ÚJä‘,ÑçKD¸®ÉkŽöâ@";<!J47ÀEÿŸqQzâé_Âf}ÒD!¯@\Œ_·\7rR3FÏÝšÍNV±å‘ºc'óTÚT=}ºŽÍd¼{ZçFýLÏ8éäzõ¿Ä*Î$Ûqÿú¬+òÉ°×”Oœm©ìÞ>Aç2H)œ~+‡¡D)Q0…ií/Õ]»0èÃÒ¢’¥w’:¯òŒýEèÁzÎ)7.Ñ­eCk&d:&rˆ{}¢šûLÅ–ÝkõZ	‚Ë¢•ÙnŠ-Q==šÿé™Ö¯=2Y"á:4£áÞ¿}ë^³÷ûR˜Ÿù62~1ƒòˆ×—;w=æŠØ©f™0…¬,8Û™-WÜÄGTÆ5 Ög`Ï7TÃVgfË5$ÆE +T#¶0€0ÆiÐ8J˜G©80ZðCFÕk˜®Ïþd¥É¶Õ{þ6#ÝG’1d}°èHdA&î%™˜uáŸý—±a²]¹´¦tnNãA+¿yÐ¶“¹îA¤^zDªQ¥)_Ír ŸoÈBÞ¢½;UŽ·yÅ{ÕÖëã¿_ÊKù"Œc@H
”{ãòî4ø©7Š¯ÂŠª*MªD€„ØØ±þ!ž%}(Ôq£§@Œ{SÑöŸ(óß"ÁY¢iGW¯v«‰ýžÇ¼ÙJ Ùx¼÷Q×³GÖÊe<ìj gøåˆ½a=±ÂúÃY%òÐdíùÐÏcB» å°«6 1‘	*w`¾-6"ý²õÌBð‡ô#{Ødmo/><•¿ßdHŒw)D+Õí¤;p”SjJ¶pÊ¹B™òåV£L&Õ°!z)FiXF¢½¦Ñ+úÃ¦¡ëÞA‘)¬l¥vN	Fè*Xs1BYj¬dú1ÔˆR á‚ÉG)Šô×±çk9‹};l‚'RH$L$»Ÿ„JÃG±$Ñ­N¬Eº]ïÄ˜Ñ­šAfÛ…'Iië¦ 9ŒÕK7é	§Ñygit0—\ò¢	÷˜Ï¿8	ïC2öéŒ½Ë'$Ï×ÁlÒ¼õÄxA³Ñ€”À£ñÌÔ¥Îê¦À=šÔÞÔÅœDûˆ½e3˜ÆsHÏÂ{ÙÝM1oR¼êÒãÄMmv8“–yÏÄØgFZ`u4ÐãÿDÃoc„8£"l®Âœ,D%(€QJF‡PÀ§L;Jµ/ƒ6õºôuï!ÐWK  ×A©.z9	Ò‹rß[~9D×—Ý,›w:E"-.Á<-BÏb²™,»šX°·	-öE§•±Â¶+ÂFL¶)õŠ…<l»ýr]wAÝè ù?ªø¶e'ŽÚb\ù8 à¦6Ç_ÌÄP£õ·Þ?‚¤°$™4Ác?l¦í³‰¡Ö8SKƒ`b0²V²½gZÆ=5!˜Ê
ß-ƒ}Ã	ñL¸åo¸E{r8©a¯ùâù=ü¾°LS?Q;0%5:†œRi­–wIÊ¾ ÉôÒññh$víã	FW:§ìH¢[NE+i|iHçåàºhµúFÔ€âPÊNƒÈƒ&›¾(-´Xh¹BíC¼1¢LÕð5UÅ4æ¸ÿÆ”sª ´k:¤`yÝ8e£³Í1°bí×Ú*?·kq Lhh€üjg&êÖgØIàÓß»s¬ç1<4‡Ó]+©ÿË“É‘Løíô¶ó†r8ê4/Èíñ$ÜžLJÓlöó™ÈŽO}^éøSÛkü±Ušåª}“mWôROà“¯8¯.Ïç×áËXm¢+";î9¨Æ^84ºÏmôWïÔ ­ä1¥®m|ƒ^'`¬Ä®‚6ÝäúÌ&¶zjNÞæ!œÊÁm•L6dÅa‚‹DÄ»³ÇñTGîTRN,K U¾ÒBÙì
Ì'„—’3IË6ñ'‚õÑ|F±=r\üÏ9/Z&2·ðw¼NæPNð™®_j/ˆüHaŠ69;;ÏÞJÈ+º?þK½ˆK 9CwM&dxÄCU@1$#»«¦,¤÷ÜüÙáóÃ#žÇ/ö-Œ 9(šyß³E˜_<=ÌZ‰@–!
ƒ÷Ü
hIÑ–röG@$¶@:¡ûÞs÷î7f5àwŠÔÐÎÿãÅi¥?¼LXÖWtAìÙlÕîÙi	èjýìzÕ4ú L"äp
L«bL“Û6ì³±«vô}(Z#É_2Rþ„V±>ÞkýIaXMÎ­ìOL¹sPß‹\P¸¼¼‚Aç!àî#¥ùùKW³òdJ Ø¿%”öÀ‚pÜ•‘Ë‘àŽÖ7Qv"wÝ‹ì¢_¤ÈMÂ
—w‡0ÛîSÞÆéaúò±Ü3Š ·sò²|¥*0e2äšª¬\–^p‘äoÝ8ºúõâw”òÎO*7VÿiðËåŸ³£±þaµ³=OçS&Àðb™‡VÈë²KÅ"ÅYúO:Ê+Äl8Š¦Š€9P&¥|rKp&Ê¿ÒUè››©Â™ï.ò7rñ‹lÜNãIÉpªC.ÿ.¼z6àG&‚±‹²•cƒR'«ŽÎÝŸv€¸¦ýIK•!Ç
$?ÔñÓE•´&K²ÛbÉ.p—Ý?ÊZT×[ˆ»³g²Tƒ‹åùôç‡ŠÒÔå7|@}‡Ä]nf²˜äý|ÉÎv«¶£ÆìllßÄ­§yx‘*ÉZ–JjÔIŸê^æ>ÈõÒ„§ÖCžzŠÏ•#J ¶
‡ "ä¸§Œ¹9àëå±ü-Ùü{]<ƒ 1@ŽÌ&R…rÀS9G”ÓŠE€WÐ°FV*íÿyØ#[•1jþÌ„m\67–µ(ÊòŸØ›:“N¥ÇZež>GZ|‹UŸõâµ F†¢êJÈÕ¼Õµáô}±v„sùEÈ8øiwì>¹~‚A«¢Ë ¼whÑë d‚óžŽ>†¤ívØIôQ«}>GË*ñ6v9€d 0%>fÉý@@—»\ØÁŠ…Ÿˆ‘ƒÓ 2¬²=˜ŠÈÚ0ŽtËÐ—­ w’áÌîÁÝ²,ûESÁ[×©Êß&XU;ÁÊÚV™2
äð#‰êÅ¢°|&‡ŽáˆdÕd“Ç/8CÜñÉýÌø°¢Õ&}8¿‘£Ñqåh.WEö;”­Õ7î”×ÇãýËŸQ'ùfú·N,Pãu5Î÷9\]™öuÖ	OÌo‰ì©:Q!š´(ž·íãM‘{5Û©ê¤È1ÞzÌcUŠ«mÝlç²Ó h4u{Ïü¹´OxU‰`/É0ãÅÄ"‡æCs5h¹¨øV”Qö¾ÿ¬
×N¬k®t,a^@è.Þ®Ã‡¯|CêÞÉR>}Óbgxá4‰(IžrA€?¢ ¼ °®@˜Éõ)fdVú_PMA£gÅÊû×•aH¨Ÿ·?Ð3!`£¼¡y¨Æx/-ÜR£°]U‰HåÚ#hcY"À3Æ	HPž9!šÜ:„RQÒ…ï©<¾©}Y’}c’óœR£#€ 4mßÓ„ST1J!îÃR‰Z4úág¥<”^±»ÏMhÓŒÄ|ZK?a®H|»²æLoµÉÀz±s|ZC˜Š¥º›ºÃ§"ƒgÒrrµ"êXêwâž¼0SÜ´WG™à]ôÀæÃ—76n¯²Ìä)óf®WLy½¡æ6YW›™ï.% ƒ¹·%ÊÁ)OýÓÞ{rþÊµÁSàr'a¦¬é·á]ûcÎ6…ôï¼˜Cy¥;¨±ÚÊ‘+ªSÂr]!>i®í1³ºæÉŒì÷RÝW"WlÅgî¿5^ðŒµzPŒˆù(ÿé¨«¾$ö{lq<ô;•Ñk7‹Çç½­#úWNV
®%Å­Ð¾±•È©×Ðöí¾‚õúº7÷	ÕÓáŽÓ™£ž¡‚¯–|«þ$}*àT?°‹ÿÆçøF84j“R©ƒg‚#·òƒs¾T,æô…ÃM«4VPçÌfç@…i:ß±°â˜gŸ÷[³/ê§9Ðš–|mÔ¦±í†x¬^íÿ‚Ûwû˜KÃo~JRÚÐ•dxK€÷CÊG;ŠO:W(ÎãèÉ¨ì}ˆF§iˆßxÈŸ^ó½Eåx±Ê«ßj‚‰u¦Âûä(a¶îêrGF‹¤ã<ÏÌU:ÁßX:y)Ò:å¯ˆ ´.8 Ž¿”o-JÐA0=è¬¶—v2æUWTÞ<„)FÍÜT=Þ^GÐwî·¦x—»¥­Œd¾rd‡õ>ù;øÿ'!yÛ°³<’ÕÖ{ë¬Æíß¬~Ãº¬¿'Mo:§pÊpÚÖí©jÀ–cüÉupÐôê¾Ë{QÐò	ÜÅ…¶Y¦è*Ò²ømÆÊ\(Å3-7§cV§}F\w¼×ÐuÉøtaßv¨øct—d!A">Yøí?^%N_—Ù¯ê8+¸°«aSc là_á9B:Û•ÖHo$¾¤\dèÀZŽæ;ßÛu<AéÐoø?Èmž—à;¸A¹	¬>„cTÃýìR»Jä·áð6ÌžÎP(8ÆLªSš±õ•˜ö‰õç!¾ú.üòºÀQxV×¾8ÞÎvÍ~…¢øuÑ(ºzÆÒêi…¸±¨ê~uÛé•Bð¤¥]+´ñ*PšþÃX ­@÷=!"çq2é»qç"Unøé3k~˜7/Ñìž±qÛ-¬V
À™@Ès;û„wÛwS!‹XC—¤¿Ñ}lØ(;2Ð¦¨ˆn­~å£šîöÅŠ•5"¿ñ@éq'ýðŠ\j. ±Gã§u•"^æ«'HõÖ ä,I6×Pªß\?7 Ðz?+õ½Aü`çˆ|óCl{}d#¾Y4›V]ˆ³ÉØZ†Ñä¡=c	8ÌZÒ,¨æØ@qÊ‰xOÚÄ’ý.w†È(ýÚ˜°‚fq9Ì‡³Î©òi%.zÉ<g@ËcÂîî­máÙ4ý“snæ¿Q*$®d'J?Æ ¯=¸wWo¥ÅàR`¶F¹Ç‚>–âœO;ëŠ¶wõ³2CüŽÖÛàè‘Ôë;&ÄÃñË%2>±.†ÐSo[êæ?5‚Þü1 uR[Ä~»w<yŽñ¬]º‰”'MÈä¶a#¶6.
]ù©JÈB‘Zý©IµÚ«à9Æ;=_Ã}s=è&3Ù±¸tZ‹Ã›Çáær7€=·Iæ­eB›²î-Ç?¤‹YÅ~ÜÌÈûÈsQ¨ñëÿc¿ˆX_ÌèÛöxäøäH:±Ê™uRÕ?ž.•U@n?ÖÚJ+ÔÖu›˜ppÚjS¨Wðþ$XCP
ÁÌDÑ(Ž×yÖ1µàŒØóEŒéß;>kÛæâA]É ¥»q^Uß>ƒ$ÃâË+ï¿“â\ˆ!þ;hoåué)ieåÆ:ô±©ò]"_ÕJÜ ´AuFáÔTÃß´WÙÿG+ªoqœUÝt.C4õ¡0ÃÓÎ‰eH" ÉüHK^‚ÉàÎo´U±zêÎÍåcËŽådƒTKñÜFüÉ…íÑ•kñ¬?ñu;D
t”€Ñ6ðÇ°¿¨Ûu9ëSäÉ/ôèZÉ›|ÓüóÏH¹ÿ¤Ì”Þ ƒ™ÎR¦:…ƒ~„o’1°2÷–#*1ƒS×({G°vä,¿¬Ô¬`§¬–{vu wñädùÝ’jÅ-+Übõ7âŸ
òqVñ3{2m™Ù~‘ªp€Eš:n1ä ¾.	›ƒlÈ=èµúŽ7RÏ‹ôGs{•¨‡?é:QS³dŠ˜«3s—U5£÷•É;]lJ“¥ÍØŒŒ÷­È¦ÊX”WÅP%‚ÛØrò„„©•MÖ+Ð…/D–€üZáÿ¶p°§>DTUò§åÇ¦ÌfqsC«¤ê¸u«Ø‡>?¹Ezó:L…–T
`˜Kžbs¡ñà<®€cYƒqâÑC[ÚG§láFá–ÝÁ¸Ù±°–‚Fþí¢ÉßŠÞÈR~N¾€€”Š” aGÑ%£a£¿oÈ.¨Ã™©ý¶ê‰‡Ë¹·è0@Òèƒß~Bà×ì#¸˜š“¤G´—¬á4®ë—º0<¹h³×Ð„\:o2ùZžŽ4i§†ÉÅã³œìo'ÙW ôšeE,áüÀ1…:ó‡8&cëÓy­µe´P¢þPJ§ÍÅ½knTÃ.ÆõQ|ÿXc´üçObL™ûDe£Ä-Åú‹}4½š¥«vˆ ÂI„i¸ mþ¾¸§ú/•×˜µŒDØ-l%¨¹Q<lÿo}À}rQssKÏ§²àQ«Ñ#©Öð«Ç[ÄREŠï„ŸŠex2êÐŸèwâÆãòœ¹õÕ‡âÇÙYS)‰u»ú†]vJ¬×Oö”oÉ» ¯—J¾­HÂ¨MA'‰ºÍœ"#4É2™wÌ=å'ƒŽÈBè@êÛ¹Ä eþÒÕeX›rª• •¸dGrëÛ6š¬,šÊt‰rEöô,‰«wÐç2ãö‹ø¢!"ªÐàÌ>Kjµf™É
†ÌÇšx+,80X²JcÿÈÜµûÄZù¤¼rL¶ÕAàÁS1Ø¤Ÿ¶IîË{Ž5“Z…Îº²ìmÓþÌãâ¨=ÞjgÍâ‰ßPæµ¡x—ŒŸ¬D
#1ÀÌù¼¤í·ù!nHË•·2C³9˜•bºO£©	³-pe’6ZìQ«ªº¯‘U;~aK«¸†5©žÄë³WBu)l'€½8-;Z›ôðK¥à™>°IØKßàê¾¢1!Ç³åí»à°…O:—þøÕÐ ŠJG¡Š£OÌµÅ9HI]¦>s¸¥ÉSµuŸÉ!•J„ÚåJÁ\vˆvñI$ÎjœÐ4»¢7•,ª
aÜ¿CÇ§DûD,†7_ÛO	{€WáÁ¾ì® )7Êµ–ˆ‘yUÀz»gòÙ
HFßr&$(Ê=Æ)Õba›–»»Úè“î3¿#éûiêEêümÿ¢ÖÜWö§²®æJü™1u¬ÚR?ék‹Òsq;ö9©gBEïàn4ˆôéjD'Ó\PŠ¿´Ç2s²‰ºÞYÂEíÝ‚©:èÖ¼¨XN¸-[·æÓçIï}ßmÖWÂšÓ×°!Âd_¤æp,òH)oîÌ¬DìsÁšú7-…åˆ—QÝ¦8èÿ•êãÚ,¸9$*q©»ÂÂq¾M¾sØC÷GaríüEM-Æ¸Q‘
m6(¹£¯‚Ö|çýÚGÍ+Iílõã|ÃI…Æ#uz“¿nQªÍ°±/†%oÀÏtVãm{0ˆ“GÓ~ÏÓ­[Š ›$BØ#µ“}»¢¥•Ù·Ù…£"1È Qê( Ï¨è ƒÁŒ	*Úƒ%Ç];b%ôâ'çeÏpŠUÚ³~Hß–Ô¢¤)"»[»AÎpÆJ"6ÞÉëô¬j„Kp­:hzZH­^X	àæ„Íy †ÝR¥²l|C‡ñÄ¹êç½ªlpüB , Õ7XÇ½#ˆä{ô¹}b§ì÷£škPacY×SÁ»Ãu½yh]¸„<rHÝ3ž,ßñ‡³Ý\ç~wéN·òï6:råf·ó·©Z‰Òn«»÷<¸ú9G¥&qAYù6óJn;ÖËT–à{ù%T)ÎŒ$~÷É|q\}Æ˜jÒ
†²ðS:ªâ3ñüðÜü<9Z_œæÏ,*A¶2(ÊÝÂDå¥¤'®âˆVÉT1šŸ=då±QØ‰ÙFnôR¸!ÄŠGc=Â‚`n3¶¼iæ.©w‡WÕF±îF›´/ûì•NCg‚¦GÔ“€ÄÃ!ÐÓKT¯¤w€ ÑúåÜ½²Y‹]³ÿ×!IAJj|Ä¬ËIâEÛŠ9¢)]íñ*E„Ë^À:”s¬À"67Ä»áMÊ{ÈÉ1˜QDoÒŸ¿ecƒ´êÕ’DŠQI¡ÚúV‚ß…†µ<Ý²ïÚŠ÷è~Ñ™ì¬#ú‡¦£¤5"`·£†Þ½œa1riV®E»~œ¯õQ4;‹…‹ìÙÜ›/óçuŸ’`±S‚ Ójçá^d®½‰„¡µ¿Á[wÔÆ°l'*q%8¤”¹|s»5¯=Ï3{VV-p‹;dšFùßrñcè_ÄÎ?kð7Ú©{¬1H0«Ñ¾h=O(Žô‰4nÔf«Z`Z.¾³F®“A8M çRALg®‰cž—.].ÄÇm+i•>w±„d¹DøvTè¼¢ÂPê]	˜“NØë…û|8ùù]c²¸öoÂü§Õ¥žgd¼Ã1®8D×øËxPvÚ!7ŸàØH«Ÿˆ0(ç?AqºÄ½ˆ„ùpÜ7¥	Ënû?5›ªÿh÷Ø›ð$¢7­Ñ*Ÿ
ªñšt~Ù-¸Öï	ñ¿ËnÈËÉì„­ƒÂe¯¥•6ïqžwèæDfPíž]qyü5`Êá*&VÀ
kÄFT57Â½™zÒŠë¡›¡±Ý˜¨p ô™'þf#%çuEÒ½yòÛ¥Žö‘…­Sß/Ðì•yA~;ñ_ÜŒwLÈß[>éãê^˜ ¤HVs;L"R§®/¤n\«^5›NCÁ—žå'“¾&ÕS’”~)ÐY÷i:GŠ–š±>¨štnÑuŽkºô­Þ~È;)Æ[`…Ì(žÈoi1‘r·Œ&Î¼¢è” ±BpD65ß
‹Säy³˜)Ú9%ä#`½š‚ÈÏ4‘ÔVÏ…Ðl­‚0yF-P‘×ˆ@»<ŽœåRËš—ö¸Õ¢cÜA1ÊûýÁÞõ^ÚZº$¡.Þ4ˆéü£‡Éaæ–Y×£ñ’Yó–>\Õ)^_ö*Máñ 0­Çp>|øqUôwø×P¹¤9Ý¤=À‰Ì…i‹{Qµ°ÆYˆH6uëÊôïjö­T‚éŸ×áq<qƒ¢‰Èö ~‘J¦¢—µ†p	†¸™R;2?N{Ø³>gòLÊB-¯8+(#·ÒœvÃAÂÛïÑzq•?G	Z{y¤øïØr>9÷Uç%˜RçŽÄÔãƒîn—ø WÑóÀ°ŠüJ|”ÖtU©OR…[0P”x¢±s5	ï‰ý‹(/Øo˜dîô7ø#¾àUW}{y-! 7·nY	gD˜ÞÇå7ïö(³•Íc™;“i’Lãªh•»ª<_tŒ½k )Y†˜úÃ.3ùäaˆH æÈ€5Meß|æç)–£k²´tt4½fo,h(.Ò4*Ï}I¤cÝn»1ØÅq£]©Þã'ZW§œƒá½M~A›gÒO|ªäê‰Î£ö£xAí4â+úl‹Xè–ø“Ôú x] ™,KåÊxÅ®¼b,z­þÕ€oAäûñ›ÁÈ	ùN°Ð´à<s ©Œ§Ë/-r}ãÜ˜"sÞYY¡øw&åK—ôë‰õåÿ„ôQñg=s®ŒËG‚IÖŠ¨ñ¨ÅœZÂßÌa™ðš[~Dì6QT´¤
ª~ÌZP{p3öVLË¢Ëºã/v]ÍÌÑfÚ„k÷Ø˜2Í{ÿ0wCû÷{Å­¯ïÄmÒTVÓñÿ,‹B£ö¸Ò #Ù¬É’}	žKÍØ›ûÎs´@ÕeTÜfWÇó(6Ž!eºÏÊ¨Ç™+7è®?æV–¿·€Ž©>rÃ“9ñÞF–ÎL!.ØÃÊÈb	ÕÚGßí:›Ç²1 ÅÃJ¿Ì"¡¨œûš¿ûGs-ÒáHV\|EšdØ%¿§‚t§ÔÅ¥Q:ïôKwéd)ý‡÷q&Š¿¨ZŸˆ.-\àðŒBð#ulÞuô~—G¥}£ÙéR3œ(¶3sÂ¼8`ßûI¡¹x‡ðµxK¿'ABÔ€"¬w‚„.qÇ¤gEl²j†$—…,Ögò¤Gþ|³s~êØµ7+´)‡}S…ƒü=@OÍäý	ƒèúÇI§ŒûÚO[»ýº7€u/óûàu–=Æwúò)	ó0!iÔ¤BˆMÅfüÿ@”¥Z=‹ål°«þr9îŠÆÁùL‹ø;¬Ï—Dfnë¹u,—©Ye˜[ø<} ®â§Fž"¥3êZôÇéF’xëÅÜÉ8¼q£­ÝüajF¬sÃ‰'/NFÈ·_øpŸ.îˆõD]+ÿQó)÷ùÜñ¦U²ªÀþW·‡›ÉƒÀß\6³žçÄ šmâûÞ‚N_ÃeúôàŽØ8ÊBä©8õL[R|÷\`UÚWâ¯J¦6Æþ	º$	n«ØáÏÅ¦trFÙú20+:V•UŒ_ÁâÍûÍº±þÙë”V:§mõ¶e·†–±@_™­4Å!bOaÕ½ø‡§Þiõ¡‹¾-|^kªŠèŽÓô°/"zè¶0å*+•ýÎo£ò²ò7+z þªgµ„¼øÛhßmá)YjZËSéßEi3ý‰¤›Ì¼Ëqé•¹¬~@HªÆY-K×(äLˆ-’=ÕFÃ#F˜e¿H „”-É~i¯äfOY[ÝGrOÂ·¶óÛœÝª øÔSìy+qÙuËUj^1H ë‹Ýrƒü”ãßÀfS±%`¾/cV¤õ5ÆNÉÄiÿêž~±
„âA
”ò&g9?ÂßàØ/S1‰ó Zéª–›ÒE''H‹Sš¡Áý1)UÃg”G—”W%æ‹öß8¼9ÏPñÉî;8Z`.§sŒÍãKñ†M¶Ö_ sÆ!î_ä+
^5&döÃ¯Õ-å»Ð°öj±'¢3d×KÔ.·×ýß¡[s#}˜û\§âªÂÑit»‚Ø¿WÈl-tšQ_OÓ‚”YmÙÀ°Ï|£Š[Æå\ÓÇE¢9Ñ'è{m„¨Jžl õ-9-M˜K×N‰LA0ÅžLS~f<sÕÙ-tµušþ»65"ñ¥ý!Áa,âŠ]\‹„?š?}2þsã±£è,ª ?ü?þY“¬8Xz–©1ÀvS¶ºØBý‘WE’°ƒIÖ•5|’èðF|‡aûŒ>Å<¿ $Ù(¢ð@&å‰ñGÁE÷ÙÜI‘tñàúŽÝÃ,)ÇÜ§ÎT›d1.SNÖ»9~÷•Æþ¢‹kÍ¬R+b~çŽŽvüéž)e:ó¥É ·~%•«œfñ*V\¤1dƒWøº&H ¸œÀÄ§i.Ç6æ‹¢„ÇV¢¿RíMsºtæ.®$&‚»—Ñl>ÁC¬©qÿ0È-uW=8Ÿg”ýºÉA€Vn&v—7)*Å­—,¢BSÞ3ÎI§ðÆ¡Üñ/Ë¨«UiàÚÎÌv_Ò6¡:+°~¼£Q/4Õ¶ôÆ7UMXgjõÀÆ3üRJj±ÚÏÔ 1»k{]…Œ“z ž¿_åºQ’ÂÈ&
0/h@Qœí4îN<î6Â=¡’Áß>=lÑ‘éÓÖÐƒû4Ç€-áã•¹%mÐ.*Ïƒ&SiÂ†éL r_'öGø2T‰81¢±c†Ëž.†µÍ}Yq¿Õõh³ˆÍum%ú¥lÕ¿N}  ¬ØÖ¿´…µR½Ù/mÙœ\Üm=fà¢œ,ýÌõ9ïä¬ÍL±çÅc*Š£üG£< Û@Ä$MW\Ë\›Íç÷Å?l§ÿÍÃøhçñ±iœôæç- (Gc½€ôÐ)ÑÂfàen“ôîðTì¯‰¾VŠ(TÀj/¢—­5Ð€1«HÅŽŽ©¬Eã³ –ì¿)`šãR<JgÁŠ8uø¦Ýyî¨2æ+{4Ö@f‹µVp`÷½#zÏ1£ Ì^¤—xœ³n {ý˜3m†SV~zÉ+Y||À¯·€€µÙ
5žÝûqÖ~z5!¨)×vM„e¿BR~xîfËÕ«Gƒ”S¸”ZS-ö»›çâAýMQ{0Ñ{3ÛÇ	ú:%wuä\áläb—ZšïÈ4ÔÔÐOuæQÚHÓõ‰X“>§…4pæ&;‘ç†.ŽÑß	q âÄ;ŸÝef]©3%-ìesó§s0s¦õ”s•™øW®¼ú¡6Ô4õdÔs@9yÉ3•~À}VÀøuÚÈ*ÀÜÚ¡ˆLPwŽÚ zS®Ÿ–ãüŸçŠa-&Ü~‰RÉ~÷ #L¤"xÐwP›ëÀúhìk¿òÓ\ Ç3áoüû&Ã4v´·¢ÜøL«Ì”‚
ªYW²ƒ7{å¥äÆ|*L×rýgÒÁ´È„}q«GŒ€ªØO¼ejï•ü«Þ´¯C0M»åï½J¥ðñ3Þðµº=`ëÏOÜLõêïD?dp~ê¢+ðÃ
«©m3¬h©	‡í“úÿˆŒ¸CQ‡,Å‰±·E³#««h¸„XÍ\lG¬³û6Ïû
êºÚQå:Â¦â!…NÚ;¿Ž CË/6šØSÇc
 >è÷p0øTZ1«nÔtbŠìÏóƒÕ\ð³1aPé1Š~”fx­É×ÎX¡hÉJºÓÑjÁd4„ŒžÓ UýšëUÃ@µ’Æ kìŠÆ1óœÆMlb¶;'«ÔÈíÔO’™v"$è~öüµéq7Z EÀ#¹-.HË·s«ü¾%íÆuòGèÓ»àŠ)MOïöæsØë`.Áú…iêèÛÛésëfpíïcó(¬¿¾™›&ÊO&Ÿ^/è ß ÂZ{ÝXÀ6J¢È`“â%ÖSðBX4$u2E…;Œ®hFÝýZgH0ôM©
É}±{e6l+xR¢.!Ä#· +¾_*3Æqª|w‡êº ÛëNÏô÷ãGâ©ï‰î½P1è‚„Ëˆë®¶àaT÷)?n±‡©§n…ì<¥uøOðWÐy¼ë¯ÏÖáÏ$yý¹‰súrLqs)_mä³7×	ú9tÖÎm¦t\oß¤…¤ÜJd	œ"è°MåzZW)ª¥x&B"Bêû$]ç@ÅòVçï"h|Ž¨%CÆºÆ[ÌåÏÙýa‚O\Þá—&{ÿð=àñ*`å×H•)Ðr—wVóÛ•`r&‰@µXW0S%Š'!êÝ{[2V^2ˆhóbÈøâõ½#„§„•®ûÊ(H Œ*jñ„N:¥í‰ßñ•=Ûô(ïˆ}ê´Eì^[â&wY$®fSF¾+ïiâu„8vîô±¸€(‹¯'šŠJùPSMËzcì³K¨Få–m÷“ÂµðßýÅWŒ—¯Æ\Óñö æcâ¯†#šÉš ƒj‚czŒ[ïÎ‚^ç~“—û–Êâ–sÃóÐiæ™	Ì_+ú{ü…r<¹Rœ´7«A>°²0OåˆÐ< ²RfäÝ—4µÛ›“_Ã^Sð{Õ>MêŸÎ£mElÞ4»IÞ:0? ! ¿ùè(0¬G{eÒá)§gî;°q_ì×–äÒñ…}$;'ÃššI—Ê^:IçµÎ1r`0å-eª—®dt©¨	¯Á î’µ'ŽZXH0Ëž3ˆëÚÄ¶.q¡@‡?¼‚Üú3þP2V:‚¾Ä€³àéïbÙ0µsÕ¥ÙXþ;ðYÅ˜OEm]D£µàMT
lp*1tÈé;‡­,n·Š¹åO}Æwt«u*MBÓ½ŽÏvÿß#8lËSì‘¾"\š÷2gsPqäúÂÈ\×<˜ö¢wÝ¦[çw?ÅÍN:EHnÃnlŽËÑ¤LO?æa¬-Z“}Ì}8_©7iï
ˆI_kë§zô¬<ù„ü¸ÔûiDÔ„¢SæÊ®\*Ø€T#´Ù1iüçøF4x}Pä\vVqÝm!lë›7¶{ááÚ+Å¤„Izc–à6èÍãbÔÅi‚¨ w/›ÕWÿ¹óÃ#	<‹/‹ò-‰°—l\´ËŸ¢:«å©ÁkiœÝ„Nä(òëû·T§HÀ_Œ
ŽPÝ»ð/õ0 <_Qäe}” íHß"‹)^•34r¨7MtÍÎ¥õûêÒ ó[[øEÝÊN;UUY©/®'ZÜp!|“µL
o¬‘?•J©›Ã–Ö é•‰‰€ÆÐ¬ˆYÝ(§Ûj¸´n ñ¤6TI¤*aR‘ýä;Gá:ú{º”6Ù9’Œ3ðCî˜¸iý—©—êƒ]ÚN_ßåªzŽò«ÓÔü†8í'ð¤¥Ö‘¦ÆZ‘tLL9tèÄË¾sXàªwsUßÉà³ØÈíä·|Mõß´âÃl¥6]"š%¯vrÊÔ®)ï>#¯î©“Ó¨÷™
€h ™Qóó¯§·Ö´¯ð-¯`ÀX•>(ûÖû«Û«‚Ç‚¬ºêåª½E?ˆˆ–Ÿ°“™Ì–>²A¨‹ï»(;±HÕO”Ÿ{Ú Zíà3ââ
ÿöß¨HžñòÉë©1€_[ÿ¸ëT-9‹ë–¦-Ó[÷è-CŸzn±÷¢?À1ŒBb¥±WáE˜ph¶”BT¿èÐ’ ñîˆÛ!"pH5¸6stvSq£Ï®‰AÈ¾‘¨ÈÔøpM+9)Ð'}KÏÃ5/Kµ4—'¤XxêlØÎÎbv½ÆcŠ»òAŽÈaf­„xW³FŒ›ŽŒu³åE%±ñ­ùAÃh%¬j®©ñ˜ÉŒ/t$—h‚Î¼÷i^€n±øH8¯à—ÚFêß·ì+ü¸_Š ç'ÂKÂ†„€w´³ô=–/·ŒÅI·zC"µg'úÏ]/zR?$bIcvÚë²e¬Ap§¼Š^!W•ÞgÐÃ´-{@Í›,sü.=¸JTBZéLüq“¦ñØ31Gs4-¯`¯@2åfð
Ìè$UBt¡œØ "He•’ÿ„&(†G›ôRÖ-1p¹Ä{Øù¥ã›]a>fÐšŽã\QúOÁ–rº	`Â.)í5ãæñ-e`ÛÞaw7kª¹ø[~Áú×ó ?×á¡€låMléC‰ôåqÄÛÎ(°íèî¢…éýàamá&+m}ëƒ»‚þ*sVn-9ÈÆ;/5OT÷XfM0ªì)ålPýâ€‹ðUüM;ê.+_Žkê
d	cÒ½¿ñ1¦þj})^l#´iJf†O¶ï_ÝM“R¬ÑÀ\—vbˆ‡ü¤.ç]Ð×Ùçµœ‚“˜Y6 9ß/úŠ<&Q¤ŒÞ×:Ïú@Há­‹›¡ÿMuâKå‚ÙÌ)x:OÍŠ ?#2—Ò¨]L’S6…/1hä‡‚D§'¬r¹8ïó^X£þnÀMnèƒhÇ5³üöª)·I=,$ƒÞW/Œ¬öFlxM¯t÷Øhá³x(Ã‚míDáK­‰üÊrmBjê(zçv8!q/ŸISt–Ü¤ ;Ç§Þ =÷ŸoARCáÚ2
dv`Íòé§	«)ÒÝa¸hþ‘À§uÌ©k¦\t!Žõ•	M!¦žGRÕ«÷m8@£™–ˆ÷n÷ü.J®[_»xX®ô!Û«¸-—õÏR3¤Ù…ê™¢Ú.Z*,S…ëC¿é~	L…Ô,„æDž…–¬:˜Pã
)†€q.VÔ½ØL&€FP9˜ÉÛèÒ£?ÇÓ¬à6ØT/ßÎY1š×8€¸˜³yV0«
?öÒóØ|—H„äyw." álÖŽ0ki•±.VY¶ˆ¦´¥ÕØ‡ÿšzh±ÌER•›ÜÓGR¿OY1€²M}UÝ<¥è\x³R©æŒc?üñ·¤­çÀDb“ÐŽÐ£)¶$§R`²¦mðs‰„PÃ1€³àØBø°J—«<¦ë Èçð0Sê{H~Ñ‡—¿žâ%KÖúX£_›÷<2Á(·„Bœ×}y$·][¶ÚPQ©¯€Y)’Ðø	ñL¿ºÅËœe5]7V@¢éå R û¸žè¡Aw—·B`&Ãwƒw/œ8Œ™)€Ã;äãÁðrW³¦]ÿ lÅ™¼ºÔ+Ã«‚²Û#_æKÚ eb)ç;ÑÌtù¿KÁ¬…¿wâxþ©íâ¦Ô)œf·ÛÒÙ?<ò›Ù;q·‡tWº½É†oq¾”U‡Mõ}$9÷îƒ#ublGµÑmÊó–‹£t•k1«Ö>Ï.}Ë©DûçACùMüÚP‘yå——lÆÏœê¹ÎTVÍ[»å‘½±Š}ñÁÝØ†FCöTe›«Vv9ÂH?=gRýdÜSyh-tÔh"/;ñž¯IóP°P^Çé 0`q­3N½Œ*È¶hˆöôÙ¹Í§oI‚”ßQ%K©«Â²n†«O\ª/½"”\C÷=†½{‚^¥|Ç‰û†•s!ú}„x›Ò6ÈgÓ¦Çf“É%*QX17'qÕWªµÄÂOVÓ1…ŠBµB=Ý©|y“ó®E×Ò?|ßá=j1 Ë^Ý€×ŸoÌž"§R‡mßÈ <öWYâ>÷íh—Ï‹jÄ›ÁM›ÿc¸Xêÿƒ¿
WH¹h)ˆ^O…¾Ê>„áßV™ž
PH‚gJËpÿWp'5E´0]Ûr	„ô.*aævÕýK©Šõâ#Ä¨ ¦\¹úªì=›I‹Îú·(ß+Ð+¢hŠÀ:?ÙY¢áº@ÚñnºÇ‹ìyÅ’¯¥šIñ@ Ò¸^Òr÷å/%dûSÜO0Š¨mÀg—	_É¯4?äá‹»i¤fæ=Æ°ŽøÆ È«x{ð4©nSŒqƒ/î^/³ISY—iäa±6¯ÕŠõÚïî Õü6Ê‚±¥æÏZ†µàYïb|›ôâã‡Wy¸k¬	zìQN“­§˜7l3N’ÐUžê52†‰:sèiþMßù‘¯KÆJÕ­Ìýùh'´Ø¢MŠËP)güâ×	ðkz
sc\”äl¦ãsfV0ìØ#¦®V~¨ôWXâVK£#Á>ð Ý±P?jíBy8ÕøZòûº"mã&(e‰½ðpo@——A‰ÎžƒcµpºÇql¯+£øœ àÈ2='ÓeÜïkÁd†¾v¡ØKÆmÏ³·ƒ 1Ó¯á“v§uÂÃÉøçô"úàD4t]]~t¸L”qªrmˆd‡Ç›Ÿ&Ùœ§®#Ï0ÙÑ—Åm-Çø…­ÅHnä0ËÀ&Åt@[#"Öcü)¼{ÿ`ýC6-fìÆjWlŒ‰—6[€F1}½}«ñÇ7§Uv}"¹t`n6-ª`?¬¢‡_Óm>âÆwá>½Í ˆdœÛúèÉ*C•SžíIøê™wÌ«2Ž]Ò¡ýT2®â‚É5A/ªÔ‡ŠX—?	¨Ã¼õ£,eWÄ«lÓÉzí”›Ésk/¦qÄc!— ]©,0cžŽLr“ÚJ2>.©_®9X[>ñŒ ^¡– ˆ‘ë7K<G¢¦Š¢WIÖ•æ’ƒ‹æ½Ðokïi¨å]‘ôÐŒwÛ‰¾:Çñ£N<ÃËýÔ“Gtwi‰¿¥ª=QÈ·½¥>ŒŒ¸@òçcþâj‚
¯êTn8u-Ëa
„dÓ9d"§xoR‹m®?¿¹Î½ßkúzp8œ*0ˆ?(u†#óýžrvà[P7Í¶P“Å.»«ÍÍ¢ZûÁ	óú‚ÕÅh$½”CHpÊA&î_K}_ŠBb‹|Ÿ“™jÑ|Daû^P$-‡TIuƒYÐÓð…G—%	Ok”7qñ{g/1©z{ùŠ¤”®Ï"}Y2£¢½Mì?‘Ñ  ™C<†X¥`ðÁAÜåùSñòÎÇµü-|äg
Ø™æ÷ùI:§dYc€µå€!²ˆ&@90SfÔ´:(À2rPœfu5ÃS‹ƒ.PÅ›i|6¯Ø‹“S^©µ6¿ôÌ\½¯Þ,…EËQì³öÃ¨Ù®wüÔZCP©†’Þƒ c$ƒGÚàôñõ±}ëTÈ#C×É8~Ÿ&ø5LØ
æÏü*F	*óä´êœï/ôˆ‚x0,úQ?ý\†»Hlh²Ç˜–øw¬ù²ÞEëC y*fÆ‹}ø@åU íúávW}øKìœ´ûµâ'ã‹´nwðO9/‰þxï]®;®u¤ ” ¾»@DXÒ/ÏÐŒ˜€7'Ìq¥&„)Ò8ÏDÖx§’‘ÿ«}#sÒ‚éÄÄµ-ÅÜ‚[þÓÐñTMP	îQÛwx¦?¹ÿqp¼-ãÅ¶–	 èÀjÍÊv_áEˆ{ÒÑ­×‡ó)>+ …–*ÜÂ	T)½q¨;FJÅÏVÞ…È¹ø¯b¡pâ„XMæe	ÙQ8ømÛëàÏ—0±Ÿ^Tq¨S“¹$ºÐ'ðÿY3ºmuèòQ‰îOzo€£Í9F=™êKTY©œ2ÓÝñí|×I%½°ôïÓ>‰q3Å9ÉwŠøê0ºÕmå¬Ä{Hö›ì“Ï%¾[ŸCJÁqTÅ_¿	Þšh8žM””Ö¶›ÝAµØ¡xü-èYcøí¡ -dsš˜´z2ÀèØB¯àõä¼waq­~/Éð	–’ÚÃŒÿ<	F8ÞñåÛ–ÎNß	Î’«œR`¿½ÙŠ*JË—E‹´hÊqºq¼ô›†™ÈŸ"Ø Lêøp:…R]®~ûãú°J©lÒ?ï2G¥×	ü
%JRH`ÎÀ˜¾œ´€Œ¯³mv2€#½è>üÐH7æ[¢.(øÃëT”¸<û¶ƒ]·Ð?/hG<Ã«XGr{eÃçz¿˜QmvƒªýÅ»téžÐÔ¿·æQ€•†hÛ{:Ÿ`b 3¿s~æŸ¦R¨¢“{øÿ·¼'<Ž;µN\¡™^¾VûÃ›ç¡ÿ"Ðo´ü1]Aë˜–¤SùÖLá&à‘xçýƒ˜P9!X
¯Ìþâù´ch›‘bÖ¦p‚Ê®IgæŒ?ü|:™žmJ™Á {Á ÚÖOs¦+ÍÑ<{^àØF¼A/3‘kŸÇºØ•‹ª³ºÿRR¬Ö3€hOá>Ó`8®¡¿çˆ`ÅI¸ŸŽ¤åñ¾Ë½ãFÍ&?ìÛ”Â÷î·g›e$¾¥ìUe‚Þ8Tè=~Œ%7R”›â€^¢‡cÊÍ»ˆ*ŠZ“þºÑðxØ‹žÎ2›/š°ZËvÅä¹Q’Ç]EB#Y[œìg(t!ÙøI¡vŸÙ« ¤òÂïÜŽŽì¶Šà:27¡=ÉÆ‘ŠM	£ŒŽ¿où#7·%ÐÚ£2Õ®À£pÓº·ù:$%kRê`Ü_Ú­nÒORGÓÁ³N­a2?%LbZRV}÷¹­]ß§uÀ-™‹­pD´DhZˆsš«Ú»:ÝéG‡$Ê˜O,C|õM~~ê‡—ùqÞ< ­Uù/Šåš’¾¼JÉª©Z‡âQ:1'ÌV©»¨Kù‘‹”í-8	Y†½OUÁÔÃÀìó5˜s+,mê`fôýt!Í7ïÝ>‰þ“ó~ûDæbŠ’‚ÁçI#åUi¯êhI¸u$bˆè;{Ö[)ìÛTÿFÚ.ým·Ä®‰\Y™ÊÅÓû¦Åk¿ª½Bºû&UŠ¸åœ8ž8ÂÕVfQW,¼’£¹BÀ÷®SØ'˜6Q9 kÔåaX™?Mb
æ‚,ùHa6e
Z#åX•Âµ
“WÌ#Ö’C=ÌA:ÿ­õMSÊ='}`ÂüW5`úƒð^Q%æR—(¢LìNIÉ7à*h=0aã„À$z>©6m¯ÐR¶#/³µm\Vc“Ûœq†7û‰LeI†¦@ÄP‹r‰0_)ÈBë ëKªúáÉ	jºÈG®¸,rX#Íá”³¹T')ìYÌ@ æWw¶Äe3•ÝýíLö?·¾fTSé›È]P+&+s2ñ9dû‰‹ÓÁyË›ÆöEú!ˆìŠóˆƒ¬+ÝV=+•µÆµ|Ç4g§,æ‡ÿ]ìíÐ˜¤YÀ‹%ã5!>oJëÅ/WUXÀ±ÙsÙçƒrf‡ÌdR©’e“4¹ÚÕVê þ~ânPÀ¶ìÞ;Ô~ØÇ$F£³&B±Ò]ªÒÍ´ðÄcwG7žðF{—àÂyìk1´|ôˆtRÛ¼úø\Úð#„	à¸YBˆž»b5bÃ>¥ë dÂ£dÆ„Š½4z>kŠ Z$Y¬¼ƒÎa½‰§{óêiž—Aû$ÒŸÄ¤ì˜
‹ÿjO›HÝ·`ª!áz¼FÀ²ßØkŒp(ŸÀà„ºÍ‰(H<©ÒeNìKSi<†s«(lA;éÖxsjG7GÁKìî›GÅa§E³
î€„³c%ÇZ_©€£Ÿû
P:I1KfìšÙýRÂkÃKy*õ“(hä\²+|1•ßO,‚Ýî—›dôîvßøÖ±N-ÁÛVJ¦%Ò5#Í¡ç dÊ–»–\tèÇ££6HS>í!ÛþÁâÃRLÃsd]#ÍF³Cÿ½H‰"‰ÿÝb!ØÌ™3Y 88@YUôº.9GóâµCçà!n'Xœ¤iXbÍ¨µ“Õ0€JGÈ‚LÌuë¼épåÆ˜…Þ'Eš+>Ù®Ú‡RÎ~šò/02Œ"kÖåî/ÆE5²W­w†z~µ nÁà-v¤p^°³fÈ4×îTÆ>\ÃÁæ1Í7--Ç!W¥aî†éùv[«?Ù¡Ðš×qž"·ŠÖÔŒæXhý¾Ã”'½a1Å¾Ä
ï)Ûvä,C bÊ¥xv,cüõa‚Ýz#‹qŠþ%aò ³¯qmlç°fxv)@ÚH›íÞtH¿Ÿ@)˜@ÉQVÒ¿=¤ÿåc¡°W•Ì;m‚xN½qñþŒÍƒ—Pæ¿˜E\§ò¼o½ûûýœÜÎ¾d
…’„/¢Ùª¦\ˆª½v¯k(ûÛv¸t—£ëùè‹RÕFËÿ4åsù^úô»%õ‚FŠø2‡eÄy|ažØîswK‘¶nŒíêY‘M¥&d6Ó…uÖ\%4&óŽ>£}d7Lž2ªÀµ!g‹IÄMôcöåƒ"!P¤V¤œ¸\PÃnqÚ+ü»|ðx]•@4ÓªsÍÆá$€ëÄ¨HÄš.‚Ô0xž	Åû|RÏSÛ¡¾“„éqìšÉ¼h8ÔÁy®8.ý+]ÈuÞ“ É?AŸ$ù¥±µ9¯ˆžß=Q0FÍ3€Õå¿ƒéV|ìl°>·òÞñu/ä¾]î¢Ž‰ºïÖŒ·Ìì"æú 4Þ˜j¥|ñOÖ£e]QîSÇé}™«,¿¿òå0ÐßFV:þ¸Ê ÍÑ‹²”‘7‡hàÒÉ:75`ùV³jÆ"ÏéÔ™[‡bÔa³êF” ¶3€´Ý¢F*'È+<$ÈlV_é¦:p’õÓ¦”©:ÿ¹¾äëð;ƒ·ÒœððVÊÏ·ÝYôÝ$¾^x¼1!”ÏàÐßãÕlŸÜ|4šÇ«6xTãy5¤~Æ]MÁSŠaûÔÕÛ!ú×Ýó™7áÇSŽÙ…M·˜F2£E?)’œŒâ´ûeä€Ò1ú&w<yaN3Vm –ôâÒâ+PÝg&F€ˆ¿@N±Í†¿‹ëýTóåÇÜÝ@à@d\1ûy.^Ó¯£† ù$~µv‚x eýÝSç‰ö2 Çè˜B&{REJ'Õ_–tÁIÞ	‚œÒ[vg¬€NïIcl+Òó§=Ä}ØýŸæb>²ŸŒ»‰î,Ö69¤äû°&Ü?Ç£3Áôšü2ó$°Ý²á\ÑÉù´è³é®Y¬™íK$É!m\725«dË¢áÈÝ1íËêmúoéÎãò¨„ï«P8Ó%Gé#–({Ä£{á?ª&²¾ñ<hÂ^$
>Qøòpµ+D³bÀ9	6XYîM'.ÿ°Ë÷½hÖvrÐk£\†fˆæjRaPœßþ„·ësöh
fsù[¾ûäºs|	ò™b/:NNy	­›¤ÜÜ±_*~Yâ×ØÑêrÝfvHÚ£&Î×V³Ã¸Al³MŸÖj¹Pc ƒ)” á-+QÇ©å¤˜—™½pÙV0âC]L„¥œYïˆ†$QÂN£Ÿþ‡RBxV.a’#·¹µùßóP„ß7“’âŽ¬ü q¯&ë°žàáÖ£ pR•ö³åÊò" h†ä˜ƒŽb‰˜¸µœ«£–Èúß*õÚä¥!J@8Ë=Óùh†¹”Ÿ’Zýa¬œ5ÄmCÊÜ*'±¦3BàÊ¬C¾òD/a5÷öPtqQÞÈýSö»CÎ=¬SÝa…EBÕ%m	Â¾*þRÍV9"Êî×'a| ;¯šPaöiì)oIveëIö‚ÎžØý~‚×å;ÓãŒ\´äJ0lOÀÒíxBùÇ˜§Þþƒ$©% ÇÉ‚pcwËŽ¿y‘?ü»^ú¾á¹ÉX:gãN,"µ†îYÅ)—ß-h—6¼ì«™÷VÇdÕ_è\&„¯8ÌÞ¾xÝk³.gïp³a÷°?ï. 4¥ÏínùÂéä×„&ýµæO	!3=Åû…,“w©û­3©pJdß«!o¡*A’œàoÓW„¡½BÏ(ŸC°±Â*)â§ íMådÇ™¨üegÓPˆÍÈŒÂ÷õ0°õêÖ?&¾CxŒ†ÚÃ!W*2Öÿk\Únó}Ê%wp±	äàgR·¡žšü\áÞ>ÆUd—ìÕ¬]%}VœIÌï¢tøK(>0{ƒ|×t2l)v®9YÄ£yi¾#ÕZ“¼†—ÿCMh\×µïüø³]‚‘K"¢>å&UY{7_)·V7cÀ.avÖm¤³~Z¹2ÐvJ Ú4–7s‚¦`´ÑjX@C [vç4m ýlÚØõçI9ÍëaõÓº±kÒl¶½ŒÞ[Ë¢_Ó;Þ‘¶nõ"F=³«ÉŒ8½òÿ{8
Ì)×`*ÙŒÇPzd’‰¿‘ì¬œPÆn-ZCÁ¿4HE¯p0Yžê1ÀÜ›Ã@‹YN³=›èÖvR®ÙÝe@nNH¶*Z?Tû÷‰É_ñ`HgH6Ò`u 3j?âáM†ä„6×ÅñîæÂ
k; ‡ÉeŸ´tðšÖœ¸¡ø=&£ÌHüé^X^O0xì§Gm…(iee½ö?ë«Xê?C?œ}tzê’¢‚ºÔÜsYçÃD \2¬[B‰Bû±T™Ý¸€Ùò&S†Ïw¼è9™_Q32´Q§JÛ€»>bKìÔ>¬«ƒ‰àÐ#$’Îe=ìÄwñBZ+BY+úª23]o¿6Q!¡83˜zI>y7÷üðÏ;¥eã¾-"Vðà~WÈWÙ’Å{“+$J,t_79N•Ý›,\?É†ÀÛH7éÌb}>|Ò`¬2Ÿ(ÊØ‘bm†‰@Xæ"çB_¹®Ù-~Ë—ŒÉ¾ÜŽŽ§×òF¡hú"*XCýæÜ¥GvÀn Æ,|OnVç%‰îžwåáçÈÎrÁ„yS3Ug!+ìvFÐõfŒ^EÍ2x=nvñcªÔ,#—Æ¨€—ÆÝú%£Ûª3CBNñ˜.³š%’Í8E!¡ìk¸~ñe×iz_Ëß¦ù$çù¯7¢Ê¯eÛÁ‰¬	;˜Ça%b_Ó¿ó‰)ÎÃmí Í’_F¼EÊ¡g =´çN
ÿ»aOXgq1¬¡bÀäs¸°ÖVƒZ·Ó8Öl«Éùtµ„/Ê>G-ÿé$4«\‰X`?ßÐwM² }‹­¬ËmiÝº»Pù©ä}Q½ ~Ýz8_	P®ÕÇ­BÀ7Ây·Ÿ¿™Xâ}Ô5HÙ%‹v5@®ÇcGäx"ó°µi×1Ì–²™SöÄ€!*78#í„0¥¦T0‡råOÚ×Êu,=vˆÈtl 3éXÁu_óJµJ%°l½ýü÷oÓ:o*ûb@Œ,¢TK‘ Ã(ÚðbÆ)’Ø ²n)Ê{áÖÜ)óEu›8DÙpþ
±ÑÄ§˜§N 	(³óv˜R¾3´+÷/o)¿Œ'åaÜÛýmÔ–Ùí>p…–Iv¹—=v€ãàªGììÒØ Ž³Š®IøîµG÷[jP¬¾B´˜_3‘- ŽòMô%_htŽd„ÏO/_²M!ÂU)íõvÓ|pU˜=¹Å‰¯Ýš§5×¶ÞZ­³*¤T×}ñÙýõ ø+ào©+½¦éÆâôØÇÎûÍc
¦‚{GÔ“¤VÀ¼·Ür¸W!™]V?¬uŒ¤ì?gNnD‘EÊ-˜g³ÎÅÛ:jD–åíØÿKÿÿV.§>U'ŽÄÊÔbÆ8ÑµR|ëƒ¬µÎåÉ¶â¯Œt9ò_ñªi†Ã&ž8••Š\_K=¥9:Á?-lcÑ#³Ö Ê›E„OLi}¦š@è¡oÕÊ‹.ñ¤u–¸ÚºP_Kn›„«Úÿ|ÍljzÜ&´iï ß£d©¢Úi«:sƒ·ê ž¢Ç¸œŒríJ#˜=Ê'(Îˆø™ÐPÒ	®(<¨FµYDœ>Ûu ÷9uqM‘®T¿öÏ~Co_*ÕDÂÿFÔh•€ü"™`âJ M•ÆŒAÑ<*ãˆÁÆ¶ê¤Ú3–ÑþÖ6ë“ÑökÆOã·’Ó¸ÍM}y~ ê>ð¨gÖí÷/¾"“Û?TãâwAö¨«=¶ü\­êw¸ó´JU¨"æmÏŠ&·’?®yÂÿ!Ãj}VfÚ²UýËQIðÙÂCêïVü}¸B”eÐxÃEÊ¬ª¯)Ëxhô¥7w3ºè4¢@ vãÑÊÉ:/‰¥µ¹>ðí‰5˜ëîÞ4.Þœ¯&WI¸€ðQ ¿ÊÛ6x1é†sk ¿‡Ö,VÓ÷ˆIå(ã^æ²ÒžY%¥*s%¬¿²è­ÃG`¹Kªä&ø$’q“SD²•×`¹Ñ@oüÂÉ8$’Ó”¹aƒñyE³…+€¤ë8z>Bçg.·¼< \‰+AßÛ	ïUKr¯®ƒï2½b¶©fc‡ŸÛD]#ºÖ!äÇÓU”7Š¤ÝrÉUÀ}€{,Ñ½Êÿê'¤¤\fýßU,É $Ì¾-¸k+´a˜Ì6ëº JÙˆ}ãWpÒ¶MS“¡nçŠ‘4ú„â0‚xZöæ¶>‘…7“ÈvnK…¢íl¶¾bZ‹žAÒ3<ÖUÈcÕ„-ù<XpË)ïÓÙ>/ ¢q`„Ç}ËR XÉ@N]©7’jøš FO!Ú1U¡O—c-‰WÊ¤ºa/Ýˆ»¢&í&Ì‘³@RÍKsÜ­–È½èdívÒ8cu¯wX›|°„¬þQþ” öb=¢·M °¿yÕÖ(‘Á(¤°œ^µb§Ëé+ Ðêxò¥ß¥¶<¤9
­é—Tö³	Äc*'bøT²¡7[;@ö/Ég§B`æ$NV¬qÎ“+jKK?·. S-ÄÕPŸ5é9KVÞk¹9g9µfœnŠ	:€K>e™yeHn‰òV[’dŒºçtfM1ŒÈœ5Þ³ ýžæÛjí`/ªQ[ÈjûUÛ¼–¦9Q-Ç³ÝY,h!FÞ¥` 9ê‘TCºúêq&ä~®Ì‡4ì$ÃDÐaUà<òÏÍe—xK¹+d²»ËMöO}´ ½†h²Q ˆ‡`nˆ÷ç$ïF[ç9n6xDDÍRþCa—YáÕaÕ©Àhø¾qV;¡@Âä9¹ÅB³â¨Ò”G±wÑÓÝK½wœfS‚
åf[yB=íê up[ÂZ+µ_¢G8ÃÏ‰§;åM€Ç”&šöÁ¦šÞ}–Jýr[ÂºýN’ý­ƒÐþß‰)‘õ3™vPU5®QFaX€§g™.ÂŠd¤I=µÕ‹ß+'¸xªTûn7$¸#Æ^mÎùðr¤pÒ |ßŠ¥†aK`eX!U7û¢ÎéòáõÛŒËƒ<ö¹ZßÊWg5¢®Šåg‚›k@§åŠ¹‰¦Òº]—0ž÷ÑX·L[HuÖ CM’
ìÒß³°Š¹!J%Ë«\9RYŽŒ³t:¦Ü©zñ1ž“ŽáÜhuç7"g¨œ@ófd9›òÔk`OÄú«ÇIOð5x "]­”jme™3ã±Rœ:Iæf‘A‚„ó®? kôS/¸Þ¬º“ðnrï…¼Í€õ¤p¸I	( –8Ü5Xòð›¬zß2ó‰0¥ùœ•˜[ÍrªùÀKcËÔŒu¥vWN$‘œ˜'¦çå2=rÆÄMäœ?TÀÌñÀ¹ìo\*•ªÅ‰` Þ$1„rQûœ%Œ!x|¥«d×™¥kkˆÞp<Ê$L•Õe¥`¸±¼:¦£j%…66@„²qÎ®We;MÜ p ê±4Y7}@èØ•Õkeøpk÷B÷Cu!$=ÀË«•9hÞKW­«6…›bÞ ~™4Ë
e;!ŒŸyÖÑ”nBnã\ÄCc@Ë8:Åë\*üG¿ÎÇ*ÿ–IÌîõNàÕÉÒð*/ãÊ"Î{ZÈDâá<áÎ2O†4ò-yiÖp>)ƒ|_zZÝÜHßÊ·2·MˆLÚOÕ’–%´áìóI Sxàäµ}mf¥7Ú:¥VƒkêÕ¹à;×° ÊŽ‰ê˜Xõ^öt=ƒ†ðFvvCÆ¨˜ÿ' ‹¤+Q_ëd/N@æ6n“Yµé!íçÖ#ÈWÒøòŒò®wÃ~Ñ@‰ƒäMÑA{\µ›$8o6£MøÔ¥tÖä?—ÑC£ïÛnúìQZ?¿"rxÀå¿ª²@n(×³b<Ú5ÝHNJjSK,ækO8iAüqù	ïÇš(üpYEnHù·þ4£Çòc}³M(ö—‘«ò’*`@P2s@ê$ýaÒâÍ’óÊæºL5n³×xf!Çá²æ™"C×øT|+'à¡ýžÎC'õÃÃM“üÒ@«èí#`9ÚúbÔpÞÂÕ¤Ï7ç1ÊÞÊºe¿	e8ON_¶½Z>w[Ö|›}esSç¢¬„˜ˆ˜1:·ÞÅ¨q–ýSe*ol{ xtT’SWz­é`Ç[-©‹¤,ŸW«ŒžbX-üe¿¯5âi±µwN/ŸÂ®ºÏ¤¯ßtO¦&b³'Ò‰è!wáO´š0:9%	±o(x%`ªúk3úí¦À'•v^"ûxµiÁ<uv‰L>t|*›«û„ïã0„š¥Ù	8–÷U¬ÏÌÑK—OŒWÇ»‰M+™1åÞíîìG€ˆpá©‡šŒ§çE†îÑô"ê25@+#QŽFÍ•#ä3çf3cUK’ä‚~U»\x`èß¦6‡WßÃp£v`££IÂÍKÄ©f„ç²Þ ¥qõãƒŠp‹_\¨dÁ}ëÞ1´5Y4™â~—
$ÿ‘Bæ±?ˆ‰óÓp7xý¸d–ø°N;$€sJ§îYÍã­	Á¥¶0;×£÷*9þyµÙá[ sá‹Æî«¸™³:JHEÅjÌAÛ<Œ³q³˜¹
·¡µ&f•n”Xü»ò¨Ô ý¾š.ß»šþLŸý™•˜)hsê.¶TÝººæ¡nÏÈñ,å SÎ^î8%Îíí!äioU©„0í1CÙPN6]¦ClVlG±ÚWÄª¯lœêçïªßŸæuÝFÚ)ê’…'ÒêvG¶ÈE³ã¡‘_Í@@nÜº0ªe-³é Í‡ºfËÝ€º†Ë ±ÝID«;Œþ ë²cIý-¾bX•²JEÐúäƒ½IwuÀ|§QÏH¿FôÆVµ5&:ZîùÁbÒI\»@új7•“µKÆÀ|Êü°¿üÓ™Xý¯p­Áä¢¼|é©ƒ_ªÌ>ŒËÃgÁÌ.U–lŽõvç•.ð§çæÕ12¬´½Òc×–à=Â¦d&Í(ží•9.@F_ž—bÌ’Ï8	sþæt­·­Q¢1™åÈ!82A)¯Ê?Ÿ	™9Ž©ïÜ§4/Aê&å2Œd42è5(|3¾MqQÅäú¶aƒzÌd8ræ›ÛÒe;¤òöBý§G±gPúf 7m&/ç ¥á,óYÐ#ÎjÞ‚5£œ7 X£Qñ­éR.KN\(ð´yhŽ&1®C8üuÄ4Rœê|pÇ"C:²êC+"E.¿A·M´¼£užÜA
6¸œÃ+
‰|hÊ)iÛ,¿Ìúh#¹©Èér—^<bj‹ræ|
”!Ø…ÐÞ» ¬ýµ‰.PëîÁÌkÀŸ·"9[óf4=A(çrd³Z71ì®¡`(°‚³ëNºÖƒý?ú¡¦Û{%¯³R‡|ý,Ù-*$5ä·n4x¬uaFÓ¾‹¬wQÂ2ú:TÁU†[`Ž-ôHF™ú¢¦^$ZÄY‹7˜²mË_uÙ»±Ã’¯d…êe2õ:Š7ÉlªüŽ>Ôý˜wÈ{4	¹vþ–šÿ	“ßÓwŽ~‰L§~Ä·»Wþë
RÃè-€š¬q+îò]‘\Thÿ|e>óï‘BPˆ~Ñ
ˆpÔ\”™âµŒd5_D2AOËÛã¿žjäÏY—Iôjr™–ô±ÃÞiC7±”Lss¢(%Þú`G±jmËÏ€ÎÜÕŸ’uÌˆ~(,ÞŽ!ÁÕÔQF1‘}˜¸7Rt{è;y]ROÁY ¡UÞg9DSïLblòò¦šcÄÒpzÊ›dü„ägˆ)¢®Rp@‡Ó¤|ªÛÇ¾}f{š`§gc¤Tc7#|ò\gh!^È!î:Çhâ)0ÂYVà_F‰ÑcQ‰‡*3á¬ÑAÈ·¥6³ÐœùcÕvå?;wöv‘"Ý(¦(†nÉï½»Íå®P÷èõ.F½Ž.¯:_»0Ùdâ{'œÕe±	Óm	úë¨‡‡6ÛŠ[@°hÃý»$§ò©Šlq’EW˜&ü¶V×Eg
:%Kl<7èÅÀQ~¾ Ö§B*ÿc$D–¢ ÍFŒðÌ·7×ßÕmMÌùÒ±‡ƒ;¡Ý72šzº¯ƒÉH[Ý‡{äXùûô’b®ìeÏÌì-Y}eßduÿ7û!5>uQTå¤|TZßÖJ†`ìÐ‘¨¦0´îÜ‚ú•Þu•y¸îC94qÂËó(þÉ2·‡©Sr»%õ”„Ì]ž­Þž©ÚÞÙç÷Î–²0¼¢±Scé(æ‘A­Y·[	RˆšöH„È
Ìµ^F¿ûD42ÅÉo“èSK–ÝZ|¹ŽmíÓan	tÆåÇ?a8Kð áh€ÔïÂ“²ûQ±)bA]gž†T¡£îÆ E+AÚ@]Dl¿Ò ­mgeÙãöP³GìYÒ»ÇN¨†_\0gp&ž ¶‘ÃòÐóÞ\SšïGÊC¬ ª¡Ô­±(Ôj-#c”ôL4]}ØK±$K VgM[‘r·d\€­oB¨Á°›cfŽDÖçÍÓá‡‰ðy²UÃëé’Ð6äçpî9êžfwBVç.t€Zè]Ï7ÉÔÛ@Aœ¨ì¶uMu`Â‰ž«o©nÔÕ“ýåb 	øË@!µ¬€'•‘oArÚ¥ÞšL0ŽOmX@ýPÍz¢ïÄ\ÞW¢‚$jJÐ¦ÛO·Z/Yˆáåõ9€™G„ü4SM½©£HïS³ÐÜ¯¡¬ÓpÚóÉX´_³k!/ØÛÑÜ
Ts­QbJÈÜ:ÄxÛ­˜dØ{3] ^Ûu==Ç¢¦å°â ê˜|âáW%™ÙñÂ¢7ä‹pxžõáZ/m„ÞÁ=z²*Ør>Y 6™§ÛúÍ¥aÿãI~Ó“³ï™áí±Ãf?gHþëÙùÿ„=+É¾¬a² Ö™L"1\ò’ÝífÓ(Ëéê¢Æø®wdFòunÙµ	¢}Åö|ùÉ³N$è¢UBA½-QAÇûÉÿì~ØÞÙ©ù¤olR	"ä!HkæI”î®`2ýe¥öEdü ‹8¦³“|¨ãA-Ø–Ët7AÏÇ¥ÒKí)2›†ŠÎRÛù‘ˆéR>ŒÉjA ºP§D¥0ü®œ©ÂðÄfñxRh¬!GnÛz‡-\Muyd3/M7jüú¢¨Ž
 oZD+éÃS;¥¸6RmXK@0oNËÔöµ#;¥JhDNË6ê™O?Â’è«àñQ‡ªEOÕg¾ûÚ]uriWy„TÁÃÃ;þe¯n5$}»£ü³ãQþ{­Ï?	Ç8° ÎR³beßiX8ÚÇ2üÈ
C’±1BŸ¼ú®$ì$Q×]îÂ„v{È4õ.›™•)‹7aŸÑ0¨¿§Þ¤ˆÆ²{ÙïÈ†Pun+¼‰Q		n€ªn4aF}oaOO¿í·úó.¡!P¥°Ž.3L?~mAhÅ´àÜ!Ú¥³á8n¤ßÓ÷+ö²[ð™'a-& #¹™I=<v:t±•Ð±ä‹Rq4ØŠe3`~råfá!ÝçÀ9ƒ‹z-3•0 ›5‡þ<•#C–«&„¢ê~±Êí!•²LµñIãniŠú¨¹:ði»£d³Øá)¢’¨AÁÖúØéäófDU<öËâìYcr[Yn„	ÏûzŸÞçu
òƒ>/Y];
Qp²êË;µJ¶žøÆL*'EÙž6£¶€"y•î÷ ÔŸ\T[¸ “š™oð£›d¹âŠi0N027í]úîz5I²ÙpvÌ>àŒÜæ³§Ð¦s¤Ãà¾œ¥Á¤… b¿îG¶ @é±Ì+€õåRÊ/Ú!¡sÅªj°Í¶ža¡!Á†¬Ù‘‘?]ÐIÜ¾_ ¢1HyÆð¢17>0äÍÄˆ¾ñpÓþ+ïe…«i‡‚¥1\"#ÏM«‚k¢j·s¯g—ÿ—_ã]^ŽuU¬„Ì™Ù0ù¾6Å\ÀPiQ¬˜pØJ¹hÐòëÊÙKÀ$ïhõ^¶¹¨"s°PË}¥…†Ç÷]¾hYßú`²¼Š”5öÌÓwN„ƒ=ºCAŠ³è6xöiÿÃÇ»èyÇÚ¿ëqñ{ÝWûÒX³bSX[bmÜ"Âb)ÐÉ]¨Ô>œ/t¨«$ƒQZ‹ô¿Ä_GÝöý·j›sÿ™±¼€€s5º¨W­^iG›DìBlë¤ëj;0N³:¡ÜLÄß39ò§…sƒÕ¥Œa×'—	¢Øúh?X0Š^×íÓQ¿+Å QFúé¶´\¼E÷QÉþr~®¤7Ç»Áû´Ög¸·ÇåìBA·u2 µuªèö¯ŸªS‹ÓÕ/Qþþù>Emnÿ1íÿtÓ$ÚvÖ÷!œ+Y´=?! n=ˆáI%–nÒl–Ö\2uö?€,ˆ‹€³òä%`zµdÁ¶v~M*ÖÕÉ"XD|ïWþ¨ qÖ-µ¹†«uµHâ“§~lsÛ
¹ºfÿŸ´üùHªm,_OqöòÜøj²×¹ý01ñ5Õ—ÿ»ªË…ãRû:Ýy9Y”d£^ïHÛrkcYÜ9% ‚A%¼ÉÆzGÍ, T(!ÀCN(¢ ‡t‘¡SØÁ6'wW«¸´Õ~]žü~oým“Á÷%—ŽŠ%;èˆ»x£ÿì@ÝÀ äONgZÛ¹Ïëæá)¼›¯‚+þxï	=5ÿØ~ç?!ê‘áàu5Î’=>úg/7 öÞn¯P™Mw‡3móÃRÝáÿFÔ.H8>žáe1ó´©÷@˜P¢@…\`ý’™7ÑæmH-U%RÓj
døú6æct¨ÕKh#ã"¹ e†®…ÔZvq¨,ð¿6ò3{G¶7-aóµ€ÀÄÑç|ýïOƒmíô`®Ÿt½Ÿ6iûûûõºöÎÀA!Ü®æ QxÃˆÜtyT|¥új<G³#¶½w]ún¿7Ø$x—CˆúëkŸêç¦ä3øûA/1uÄ÷­/Žüô¹š"û®»Ïbþî·‚†ãYÇsž³ÉZw;û­MŸ
êC½!‡Œÿ3NÐû¿zŽ>†'×Ñl[ïå~ÿµR›†Kêþmk*Àj\Iô\i4šE¬Û]ÉR‡Ñ6\äe¡3Ê˜ÇÁYŠ	æó§M}‘òûHß%–‡iæ°û,@„ . Ó|ÿeñi(œG¿w“ç{«„Ô”+Ú}Üqe
ôI"@@ÝÒ1#¡ÌwìÙªØÖêL‡áütÎº$ÈêñiÎnéÄ1k^Í¥¯Æªë@š¥i_ˆ%³~}ízßý@	Áênûuœ1æ»¬³ê.vœš{n×q\Äã–Î7O}
 ’æî„¼÷•xCÊ‡_¨ú¾»´å ütôáÏ‘JÂ²[x¼“"9˜x=@=Guü»çfŠ*½™&Ìf;]óîÆ5†òeµ»è®ÿ††«ŠÉ¾FÆÓì?‡M&~Ïîß2‘òkë`4Th÷›GAgÛª›ŽE’6Aî`? DâÂs]Ü«HZ~ŸaWÅn ¿2'ê¦°éªÃhª=ÞÎ›ß.©àÜáÉúgd£[”‡">sÂ¼} ‚ïÁ< _UD ÌææN³÷êTo·«5žä[TNÁeûµ½÷^pµ”¿›öz™*ìOÇªïÏâ?n¶á‰_ë•ö†­—#?®ÈUygp´îq½‰ÃVRBe‹dÛòÁ A¤:LÙ¾N96háÑÅ´M’†2dÐË69##0 éˆ’Š@%õ„E´(„„tn³ÝÌø%ðÛ,[ë	*ÅŒê\-q 	¢—J×\Ÿ©¨ŽR/¡‹kP’$‚2&HÙE- ‰ „ykp¢’`©T”ZŠeõ;”ŠdÅ4ÐD€p'ãåý;«å!œè8™"kˆCÚøòJrp‘Š´TAûPüTì{“}nÕG¢îÏÓ|UåèÓ×r³«çñï¬÷Ôæ»9êÉ.«ÞbsEìïq‰Y[Ë7ž£¼òÌÎPöb¤çU¹áe.èS»˜zþ8>Í½Vƒý7Ô"ß¸‘Î‡Ê‹¼#ª¬ÀÌx©Pr_;YÂzv;š¤3Ì>?;¬Îjw?¼ÕH¨÷þ•YžLgŸ…^íõé¸Ï’®Mïx–wüú»ç?­nuRÙp±ûÍÜYl$ÃhÎZiô]šÄ£ÞJÒ³ïIAyiÓ2=vKß>vøG†\¿dÉMòd ß¯d„'ôÇ! d@‰XQÀ·®…¤/çZÂÂŒ‚#dâ´<‡@$AL:ß'ºÏ^û‹þpb.u{Îj6MŸÙè·³‡ö§øªÑË_±oïV¯ß¿õiÓ±Ë9Úr¶>Ýƒïƒ1”÷}š·¿OËÒõ|õÓõ<(áu¯ŒÚ—¬¨Š¥ÿ½nÃ¹ªõ¿ãuk7EyÊfpXŽŸªS]Î¦»ytÆqÿÜn`G5­½¿ý‘˜N-‚’,’t”B/°ÿ(}öÛ{è÷ˆØGÕNç:S‹´úN“e·ãÏÒÍÎÝ`P[|êÚÌs!¤ç™~œ§æh‰¬c„qþ+ïNe¯k£E‘ºÉ+þbôí¾âd¥¼õÿf’SŠgÕ·óÑâ k~
t8F;ÌŸíõé4€Bhòvš31Öo&a¦ÁB„nã@LºØŸïÐ[	€­¶EY+ëújÁRÌ>vÍï§ŒmËo'½ËŠŸûÛÉ‡ŽY1²t>D³`Œ}QüÏß|á`ö+É‚”k.aˆ`¤Rs	\N¸ÅÇ?¯" }ˆúÆÔF1‡ñêiˆB¶’€ÍSµÐµƒÖV‚(ŽýßÓýÊ~Ì:Z†NÑLaðêW$ž]x®Aù‡R³~+Ñ«
Fé§%Àb¼B2#£as/N‘žÙ=“ƒ.J£ñW^²X$¤WJ€>Óû…Ùxö]@YÂ Znjwï•ª±N;bc F)’dÝœXQ #B×K4i¢…š‚Eh²£›Y¤á¨Ä&g´¶23º>ŸÖ±C«õµ¬üÍ»NîKã)Œ©}¸f €)™uÒRt¤§c©±s™³‡>:±"Æ¢;1ÏÇx§ëÊùá–9¤ÀÏ(@DD™ÜŸ¿è41ëù¨ÁŸè}÷ßÇv%Æ·3jUá¨0‘$„‚ˆÅ/ž!¹H8µ™ˆŽa@S3Øîý}¡ÄœøZ¥ƒTÄL°@,2v±Ã NëK=²©¶¤¬iµ¬sÔêêŒX¶­¶±îÆ/úMàë®¨ªQÚ­ü«åz<È4ãuf|ºDrŒh€ ‹8€¹‘{ÞoæÄãú—ª.)¦Ógf´"‚B,ö¶ûî¦…#ˆËe?«÷q 8ØHê[$"c0CTü‚-í#¾.Ïñ+aÏøˆP[?íˆ¶ýý8Ûlvk¦WÃÔÇ9Y0Þú51 &oxüî
¸6—D4I$CÑN®8üK,"«[nAuÎú1Ð;bÆoç2oCE¸SCc¤Ø¶”ÑÖòIEe`I,Xûh¯„À66¯:ìdÌWX°“eB!îëw—ÙC2mö5¡Dïxÿ¼ãŒâ‚éE÷cd )7€‹X°8¡>t¾@2k<é	ˆR"ÛUv¾·ÑÏ|¼ê"‚>µ^è^Ë–˜5¬3É3›m¥SÒY¢êÕ¡²‚Õt.‹îx@3ÌÌm,«	EÐÐ¬ˆÁ ffÁ‚cciœ‹líÅç\ðÆ³(. yžCƒèÃ¬™´ëX`$‹KHZÉ¾PÇ‡$sŽlºaßq|Ž–áZÖ4ÃLout¡QC¡ØÄ\mësŠ	)Ë7.}!HÊT¥í‚TÓr9ï¶lQV¶¬­Ï„j®Š %ÁÊIE"pŒnXÎŸäóé	ç!FÕ¸5´p[ŠÇ9ê²Œ“ä—ýM¾ËÖMYÛKÇ%QÏ¶£HB>þëç÷Û3ŒªÉ\ÊXbÒV¶®¤$qŠÄU	¢žh®h±'8½^Šç°èÕ4œLJ%&Æ—Ð„	Žƒ¦&àÚ×œÌÙñAJP!V¹Œ×Xæ6%X%U_è_dW ÀÕ„Ü0t5Á«{HÿŸò%mlüG=ì„¥iÆŽ…´F;Q‹î|A¬ùªJPˆz³@¬lYI¹Îcœ'Õ”–H­‘tÚ´jy=ˆ½øßkxOP·	»Ê¡®+^wß_çÜ*ñ,‚O´‰-¶félP3—¯±Ûü?.º‹€¶ë¡pü'Ð¯ÉòÒvÂ¤,Ã=ªÆ7un•»ŒUŸ“6å?p	Æ;¿ëä —~‘áXhpÃ²uKH+?E¯—‰•˜Äê>©aªÅ1öæŽÅLõrG¶ýþÍ7ÏÔŒü®6jž{t›ÍSÕÛ#K¢Á_C‡ó?ðÿð0+…Ÿ;Žäž”CâC2r,éÆÝß© Z—üÇDA2¨Ätˆ¬»ö½gú÷±ØøÏO‡ŸçÒ”£ÒÑEm¦¶»ÜØÎ †G1EÝ -˜Ã¤‘(‚DAŽ:Génû×›è·_CP	}W°’H¸ë… 0>@4žÂ uÒÙ÷wøuh²›.›
\úY‰™T^Êõ÷Ü¿öªRçÕwóî[uŸñ«ùýý&Óò“¾Äå|p;êx­fË©}‰Ë§ý±>¿É“ú £kÿ¾œvïþðãq»:£$?¹¼gÖw÷æþQœmŽãuµ±ÉÞf§ûºg1@A çÔ·   ""@zH„„¡›ïAÚ­ôÑôQPýqúÞ,ñ¿uf‡·ô¦„•»X|ƒÍVòÒÐQ+¹¾9Ít§ÿÅÜ‘N$q_        Ù~GØ~GØ~G    ÷–‹–wá\+]nøÊ/ý¼|ôto²Í¬h‚–u“® íý„›Ãz¸¶éß    
YZ