í«îÛ    libndr-standard0-32bit-4.6.16+git.166.8fb11cda200-30.1                              Ž­è         <   >     ,     è            ê          ì         F²‰ ]ÍV¸‹/Ô=½Â„Eœÿ^ò$55`á0[ ªô<¬«ýüþnËJ^¦/bOS„…X9v@¯xXê¿kàÜ	R%ÖÁ[—4“B OäÏ½«}ËÏÖvÒJü<îŸp#Q®z™Ð”ý‡Hßœ<Jš–ê¸X|¼ø|GÇô€¿™/zim"©àü4¾2šAeî6`	]ÇØ¥q‰)Cé)V5ïÐ®ýÐ°mäs*V1ëÐŸ&>·´iòY_‹£E¤Uê³"÷£š»NªdÖÊÂ ±p¯ùÛRUX»žGß¬[XÞggûîHêwUq ¹‘Z âÏ6ÛàBX†
 ýJÇ7›`P¹˜   >   ÿÿÿÀ       Ž­è       : ˜   ?    ˜€      d            è           é           ê      4     ì   	   9     í   	   t     î      x     ï      |     ñ      „     ò      ˆ     ó      ›     ö      ¤     ÷      µ     ø   	   Î     ü      ß     ý      ö     þ      ü                                    	           
     $          ,          N          h          p          z          „          ´          ¼          0          t          '     (     K     8     T  ¹  9     8  ¹  :     <±  ¹  >    •ƒ     G    •Œ     H    •”     I    •œ     X    •      Y    •°     \    •ô     ]    •ü     ^    –*     b    –4     c    –ë     d    —z     e    —     f    —„     l    —†     u    —˜     v    —      w    ˜4     x    ˜<     y    ˜D   C libndr-standard0-32bit 4.6.16+git.166.8fb11cda200 30.1 NDR marshallers for the standard set of DCE/RPC interfaces     ]ÍVlamb28   35°openSUSE Leap 42.3 openSUSE GPL-3.0-or-later http://bugs.opensuse.org System/Libraries https://www.samba.org/ linux x86_64 /sbin/ldconfig       35°¡ÿí    ]ÍV]ÍV e8a30fdc4b22f358e27c6b0954a565b2 libndr-standard.so.0.0.1          root root root root samba-4.6.16+git.166.8fb11cda200-30.1.src.rpm   ÿÿÿÿÿÿÿÿlibndr-standard.so.0 libndr-standard.so.0(NDR_STANDARD_0.0.1) libndr-standard0-32bit libndr-standard0-32bit(x86-32)      @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
/bin/sh libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libndr.so.0 libndr.so.0(NDR_0.0.1) libndr.so.0(NDR_0.0.5) libndr.so.0(NDR_0.0.6) libsamba-security-samba4.so libsamba-security-samba4.so(SAMBA_4.6.16_GIT.166.8FB11CDA20030.1_SUSE_SLE_12_I386) libsamba-util.so.0 libsamba-util.so.0(SAMBA_UTIL_0.0.1) libtalloc.so.2 libtalloc.so.2(TALLOC_2.0.2) rpmlib(CompressedFileNames) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsLzma)               3.0.4-1 4.0-1 4.4.6-1 4.11.2   \Ú­À\ÒÄÀ\³ À\£NÀ\}@\\À\X)@\„@[ä%@[»FÀ[z­@[a À[WÀZŸÔ@Zž‚ÀZòÀZñÀYóÀYÄû@Yºo@Yºo@Yºo@Y”3ÀY‰§ÀYuá@Yg`ÀYf@Y7êÀY7êÀY,@Y"ÒÀXÿ:@Xÿ:@XõÿÀXësÀXç@Xâ9@XÜó@XÜó@XÒg@XÉ,ÀXÆ‰ÀX«@XœYÀX˜e@X‰äÀXˆ“@X…ð@X€ª@XWËÀXAb@X-›ÀWéÀWâv@Wá$ÀWÙ;ÀWÅu@WÄ#ÀW±®ÀW¯ÀW­º@W~D@Wj}ÀW_ñÀWYZ@WYZ@W=ªÀW(’ÀW!û@WîÀW@Vñ3ÀVñ3ÀVÜÀVØ'@VÕ„@VÕ„@VÎìÀVÌIÀVÊø@VÄ`ÀVÀl@V½É@V˜ß@V–<@V–<@V“™@VjºÀV]‹ÀVIÅ@VG"@VG"@VG"@VG"@V(ÏÀV'~@V æÀV7@VBÀUùYÀUòÂ@Uð@UîÍÀUäAÀUÄÀU¨î@U¤ùÀU™@U–y@U€ÀUràÀUq@UhTÀU_@US<ÀUJ@U/¤@U/¤@U&iÀUŒ@UÀU	hÀU@TøE@Tòÿ@TìgÀTìgÀTÀæ@TÀæ@T¾C@T¼ñÀT¼ñÀTµÀTµÀT«Î@T…’ÀTž@T€LÀT}©ÀTxcÀT[bÀTZ@TR(@TO…@TKÀT>aÀT5'@T5'@T3ÕÀT12ÀT->@T->@T%U@T$ÀT!`ÀT!`ÀTÉ@TÉ@TŽÀSÿÀSó<@SëS@Sè°@SÛ@SÛ@SÛ@SØÞ@SÖ;@S½.ÀS»Ý@Sº‹ÀSª¹ÀS¨ÀS™–@S™–@S¸ÀS8@S}æÀSx ÀSg}@ScˆÀSZN@SXüÀSOÂ@SM@SM@SGÙ@SGÙ@SGÙ@SGÙ@S:ª@S:ª@S5d@S2Á@S,)ÀS L@SúÀSúÀSúÀS©@SÀ@S(ÀS×@S…ÀS4@S?ÀS?ÀS?ÀSK@Rþ@Rûb@Rö@RôÊÀRôÊÀRðÖ@RðÖ@Rç›ÀRç›ÀRç›ÀRç›ÀRâUÀRâUÀRâUÀRÝÀR×ÉÀRÕ&ÀRÓÕ@RÏàÀRÍ=ÀRÍ=ÀRÊšÀRÊšÀRÊšÀRÊšÀRÊšÀRÊšÀR¨SÀR¥°ÀR¡¼@R jÀR jÀRœv@RG@RG@RõÀRõÀR‹RÀR†ÀRƒiÀRu@RpôÀRWè@RUE@RUE@REs@R:ç@R6òÀR4OÀR2þ@R(r@R%Ï@R!ÚÀR7ÀRæ@Rý@Qÿ“ÀQíÀQæ‡@QßïÀQßïÀQßïÀQÞž@QÞž@QÞž@QÖµ@QÒÀÀQÑo@QÍzÀQÊ×ÀQÉ†@QÆã@Q¯(@Qœ³@Qzl@QdÀQA»ÀQ,£ÀQ+R@QÝ@QèÀQèÀQ—@Q—@QEÀQô@Q
\ÀQ
\ÀPÿÐÀPý-ÀPý-ÀPù9@P÷çÀPõDÀPí[ÀPÖò@PÑ¬@PÇ @PÇ @PÅÎÀPÅÎÀPÄ}@PÃ+ÀPÁÚ@P½åÀP¼”@P»BÀP»BÀP¸ŸÀPµüÀP´«@Pª@P¦*ÀP¢6@P’d@PŽoÀPŽoÀPŽoÀPŽoÀPŠ{@Pbî@Pbî@PWÀPWÀPQÊÀP,àÀP±ÀP±ÀP	H@P	H@PöÀP@OýjÀOýjÀOêõÀOèRÀOèRÀOãÀOÌ£@OÈ®ÀOÈ®ÀOÇ]@OÇ]@OÆÀO²E@O¡!ÀO’¡@O‘OÀOˆ@O„ ÀOoÀOc+@OaÙÀO`ˆ@OKp@OB5ÀO>A@O<ïÀO/ÀÀO/ÀÀO/ÀÀO/ÀÀO/ÀÀO/ÀÀO/ÀÀO*zÀO&†@O&†@O%4ÀO!@@OîÀOîÀOîÀO@O@Oú@O¨ÀO´@ObÀO@OíÀNñÊ@NñÊ@Nï'@NßU@NÏƒ@NÏƒ@NÇš@N³ÓÀN¯ß@N®ÀN©GÀN @Nj@Nj@Nj@Nj@Nj@N˜$@N˜$@N–ÒÀN–ÒÀN•@N•@N•@N•@N•@N•@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@N’Þ@NŽéÀNˆR@NºÀNyÑÀNiÿÀNh®@N_sÀN^"@N\ÐÀN\ÐÀN\ÐÀN\ÐÀN[@N[@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NXÜ@NA!@N?ÏÀN:‰ÀN:‰ÀN6•@N6•@N5CÀN5CÀN1O@N/ýÀN.¬@N.¬@N-ZÀN&Ã@NÚ@NåÀNåÀMÿ6@MðµÀMîÀMìÁ@MèÌÀMèÌÀMß’@MÜï@MÚL@MÒc@MÑÀMÂ‘@MÂ‘@M»ùÀM»ùÀM»ùÀMº¨@Mº¨@M¹VÀM¹VÀM°@M°@M°@M¦áÀM§@M‹2@MƒI@M÷ÀMwkÀMwkÀMwkÀMtÈÀMpÔ@MpÔ@MkŽ@MdöÀMc¥@M]ÀMSÓ@MRÀM<@M5€ÀM0:ÀM#ÀMt@M–ÀMPÀM¹@M ÄÀLþ!ÀLû~ÀLøÛÀLôç@Lôç@Lï¡@Lï¡@LîOÀLîOÀLìþ@Lç¸@LæfÀLÝ,@LÛÚÀLÉeÀL¸B@L±ªÀL­¶@L­¶@L›A@L—LÀLŒÀÀL‡zÀL{@LvW@LrbÀLnn@LmÀLmÀLmÀLmÀLjyÀLjyÀLjyÀLi(@LgÖÀLgÖÀLcâ@LPÀL1É@L!÷@LT@L%@L0ÀLß@Kÿ°@KóÒÀKò@Kò@KÙtÀKÔ.ÀKÔ.ÀKÎèÀKÎèÀK¼sÀK»"@K±çÀK¬¡ÀK¨­@K§[ÀK§[ÀK§[ÀK§[ÀK¢ÀKœÏÀK˜Û@K”æÀK”æÀKò@K‹¬@K…ÀK~}@KqN@KqN@KqN@KqN@KoüÀKoüÀKn«@Kn«@Kl@Kj¶ÀK^Ù@KUžÀKLd@KG@KEÌÀKEÌÀKD{@K=ãÀK;@ÀK/c@K*@K'z@K‘@K‘@K‘@K?ÀK?ÀKùÀK¨@KmÀK3@JôÀJôÀJð@JéƒÀJášÀJášÀJØ`@JÍÔ@JÃH@J¼°ÀJºÀJ·jÀJ®0@J¨ê@J§˜ÀJ§˜ÀJ„ @J‚®ÀJ€ÀJzÅÀJzÅÀJt.@Jm–ÀJ_@J\s@JTŠ@JTŠ@JMòÀJL¡@JIþ@JCfÀJB@JB@J@ÃÀJ;}ÀJ:,@J8ÚÀJ7‰@J7‰@J2C@J2C@J,ý@J'·@J'·@J'·@J+@JMÀJp@Iù’ÀIù’ÀIèo@Ièo@IÔ¨ÀIÓW@IÓW@IÒÀI¼íÀI»œ@I¶V@I¯¾ÀDavid Disseldorp <ddiss@suse.com> David Disseldorp <ddiss@suse.com> David Disseldorp <ddiss@suse.com> npower <nopower@suse.com> David Disseldorp <ddiss@suse.com> ddiss@suse.com Samuel Cabrero <scabrero@suse.de> David Mulder <dmulder@suse.com> Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> ddiss@suse.com scabrero@suse.de ddiss@suse.com jmcdonough@suse.com ddiss@suse.com scabrero@suse.com scabrero@suse.de scabrero@suse.de scabrero@suse.de aaptel@suse.com nopower@suse.com nopower@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com ddiss@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com dmulder@suse.com nopower@suse.com jmcdonough@suse.com aaptel@suse.com kukuk@suse.com kukuk@suse.de nopower@suse.com aaptel@suse.com dmulder@suse.com ddiss@suse.com dmulder@suse.com ddiss@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com nopower@suse.com nopower@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com nopower@suse.com ddiss@suse.com jmcdonough@suse.com ddiss@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com jmcdonough@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com tchvatal@suse.com lmuelle@suse.com nopower@suse.com crrodriguez@opensuse.org lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com noel.power@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com mpluskal@suse.com lmuelle@suse.com nopower@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.de nopower@suse.de lmuelle@suse.com nopower@suse.de ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com nopower@suse.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com nopower@suse.de lmuelle@suse.com ddiss@suse.com lmuelle@suse.com jmcdonough@suse.com jmcdonough@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com nopower@suse.de ddiss@suse.com lmuelle@suse.com ddiss@suse.com nopower@suse.de ddiss@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.com ddiss@suse.com ddiss@suse.com nopower@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.de ddiss@suse.com ddiss@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com adrian@suse.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com nopower@suse.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com jengelh@inai.de lmuelle@suse.com jengelh@inai.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com jengelh@inai.de ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com ddiss@suse.com ddiss@suse.com lmuelle@suse.com sjayaraman@suse.de lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com jmcdonough@suse.com ddiss@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com shargagan@novell.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com lmuelle@suse.com ddiss@suse.de lmuelle@suse.com lmuelle@suse.de lmuelle@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de fcrozat@suse.com lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de coolo@suse.com coolo@suse.com lmuelle@suse.de shargagan@novell.com ddiss@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de hhetter@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de shargagan@novell.com ddiss@suse.de lmuelle@suse.de jmcdonough@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de jmcdonough@suse.de mrsb@novell.com lpechacek@suse.cz jmcdonough@suse.de jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de shargagan@novell.com ddiss@suse.de lmuelle@suse.de shargagan@novell.com lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de jmcdonough@suse.de ddiss@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de jengelh@medozas.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de ddiss@suse.de ddiss@suse.de ddiss@suse.de ro@suse.de lmuelle@suse.de lmuelle@suse.de lars@samba.org lmuelle@suse.de ddiss@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de hhetter@suse.de ddiss@suse.de jmcdonough@suse.de coolo@novell.com lmuelle@suse.de jmcdonough@suse.de gber@opensuse.org jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de sjayaraman@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de hhetter@suse.de jmcdonough@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lars@samba.org lars@samba.org jmcdonough@suse.de jsmeix@suse.de lmuelle@suse.de hhetter@suse.de lmuelle@suse.de jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de rhafer@novell.com hhetter@novell.com lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de boyang@suse.de jmcdonough@suse.de lmuelle@suse.de boyang@suse.de boyang@suse.de lmuelle@suse.de rhafer@novell.com lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lars@samba.org jmcdonough@suse.de sjayaraman@suse.de jengelh@medozas.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de lmuelle@suse.de jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de jmcdonough@suse.de lmuelle@suse.de jmcdonough@suse.de jmcdonough@suse.de jmcdonough@suse.de boyang@suse.de chris@computersalat.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de boyang@suse.de boyang@suse.de hhetter@suse.de lmuelle@suse.de lmuelle@suse.de boyang@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de sbrabec@suse.cz lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de boyang@suse.de boyang@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de sjayaraman@suse.de sjayaraman@suse.de sjayaraman@suse.de jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de jmcdonough@suse.de lmuelle@suse.de jmcdonough@suse.de jmcdonough@suse.de jmcdonough@suse.de lmuelle@suse.de lmuelle@suse.de lmuelle@suse.de ro@suse.de - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). - CVE-2019-3880: Save registry file outside share as unprivileged
  user; (bso#13851); (bsc#1131060 ). - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
  (bso#13173); (bsc#1123755);
- s3:winbind: Fix regression introduced with bso #12851;
  (bso#12851); (bsc#1123755); - s3:passdb: Do not return OK if we don't have pinfo set up;
  (bsc#1099590); (bso#13376); - s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459);
- Use foreground execution mode for systemd samba daemons; (bsc#1112223); - Update to 4.6.16; (bsc#1110943);
  + CVE-2018-10919: Fix unauthorized attribute access via searches;
    (bso#13434); - Update to 4.6.15
  + Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
  + Allow idmap_rid to have primary group other than "Domain Users";
    (bsc#1087931). - CVE-2018-10858: Insufficient input validation on client directory
  listing in libsmbclient; (bso#13453); (bsc#1103411);
- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
  (bso#12851);
- winbind: avoid using fstrcpy in _dual_init_connection;
  (bso#13294); (bsc#1087303);
- Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); (bsc#1068059);
- net: fix net ads keytab handling; (bso#13166); (bsc#1067700);
- fix vfs_ceph flock stub; (bso#13506). - Fix vfs_ceph with "aio read size" or "aio write size" > 0;
  (bsc#1093664).
  + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
  + Fix memory leak in vfs_ceph; (bso#13424).
- Update to 4.6.14
  + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection;
    (bso#13294).
  + s3:smb2_server: correctly maintain request counters for compound
    requests; (bso#13215).
  + s3: smbd: Unix extensions attempts to change wrong field in fchown
    call; (bso#13375).
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).
  + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
    (bso#13297).
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270).
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we
    don't own it here; (bso#13244).
  + s3:libsmb: allow -U"\\administrator" to work; (bso#13206).
  + CVE-2018-1057: s4:dsdb: fix unprivileged password changes;
    (bso#13272); (bsc#1081024).
  + s3:smbd: Do not crash if we fail to init the session table;
    (bso#13315).
  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).
  + smbXcli: Add "force_channel_sequence"; (bso#13215).
  + smbd: Fix channel sequence number checks for long-running requests;
    (bso#13215).
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on
    expired sessions; (bso#13197).
  + s3:smbd: return the correct error for cancelled SMB2 notifies on
    expired sessions; (bso#13197).
  + samba: Only use async signal-safe functions in signal handler;
    (bso#13240).
  + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
  (bso#11343); (bsc#1081741); - Update to 4.6.13; (bsc#1084191)
  + ceph_statx configure time check doesn't work with a non-default
  - -with-libcephfs path; (bso#13250).
  - follow up fix for libceph-common detection; (bso#13277).
  + Fail to copy file with empty FinderInfo from Windows client to Samba
    share with fruit; (bso#13181).
  + vfs_ceph uses a local statvfs() call to determine FS capabilities;
    (bso#13208).
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193).
  + smbd panic when chdir returns error during exit; (bso#13189).
  + ctdb_recovery_helper crashes if recovery process times out; (bso#13188).
  + POSIX ACL support is broken on hpux and possibly other big-endian OSs;
    (bso#13176).
  + Kerberos: PKINIT: Can't decode algorithm parameters in
    clientPublicValue; (bso#12986).
  + g_lock conflict detection broken when processing stale entries.;
    (bso#13195).
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132). - Update to 4.6.11; (bsc#1084191)
  + vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091);
  + s3: smbclient: Ensure we call client_clean_name() before all
    operations on remote pathnames; (bso#13093);
  + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load; (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + smbd: Move check for SMB2 compound request to new function; (bso#13047);
  + s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + s4:pyparam: Fix resource leaks on error; (bso#13101);
  + s3:smbd: Fix delete-on-close after smb2_find; (bso#13118); - CVE-2017-14746: Use-after-free vulnerability; (bso#13041);
  (bsc#1060427);
- CVE-2017-15275: Server heap memory information leak;
  (bso#13077); (bsc#1063008); - Update to 4.6.9; (bsc#1065066);
  + Reverse sense of 'clear all attributes', ignore attribute change in SMB2
    to match SMB1; (bso#12899);
  + SMBC_setatr() initially uses an SMB1 call before falling back;
    (bso#12913);
  + Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION;
    (bso#13003);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically; (bso#7909);
  + Honor SEC_STD_WRITE_OWNER bit; (bso#7933);
  + Kernel oplocks still have issues with named streams; (bso#12791);
  + Handle EACCES when fetching DOS attributes; (bso#12944);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Fix wrong Samba access checks when changing DOS attributes; (bso#12995);
  + Groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Match WS2016 ReFS set compression behaviour; (bso#12144);
  + Fix implementation of process_exists control; (bso#13012);
  + GET_DB_SEQNUM control can cause ctdb to deadlock when databases are
    frozen; (bso#13021);
  + Free up record data if a call request is deferred; (bso#13029);
  + Initialize ctdb_ltdb_header completely for empty record; (bso#13036);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + Ignore event scripts with multiple '.'s; (bso#13070);
  + Sort the GPOs in the correct order; (bso#13046);
  + 'smbd' uses a lot of CPU on startup of a connection; (bso#12973);
  + Fix str[n]casecmp_m() by comparing lower case values; (bso#13018);
  + Can't change password in Samba from a windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + Fix file change notification for renames; (bso#12903);
  + Avoid a socket leak after fork; (bso#13006);
  + Fix a potential memleak; (bso#13090);
  + Fix passing of errno from async calls; (bso#12983);
  + Fix segfault when running with log level 10; (bso#13032);
  + Do not report an invalid range for AD DC role; (bso#12629);
  + Print the kinit failed message with DBGLVL_NOTICE; (bso#12704);
  + Fix changing passwords with Kerberos; (bso#12956);
  + Fix changing the password with 'smbpasswd' as a local user on a domain
    member; (bso#12975);
  + Fix a read after free if a chained SMB1 call goes async; (bso#12836);
  + CVE-2017-12163: Prevent client short SMB1 write from writing server memory
    to file; (bso#13020);
  + Let non_widelink_open() chdir() to directories directly; (bso#12885);
  + CVE-2017-12151: Keep required encryption across SMB3 dfs redirects;
    (bso#12996);
  + CVE-2017-12150: Some code path don't enforce smb signing when they should;
    (bso#12997); - Fix GUID string format on GetPrinter info request; (bso#12993);
  (bsc#1050707). - CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624). - CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565). - Update to 4.6.7; (bsc#1054017)
  + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
  + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
  + vfs_ceph provides inconsistent directory listings; (bso#12911).
  + Misused talloc context can cause a user to crash their smbd by chaining
    SMB1 commands.; (bso#12836).
  + Use-after free can crash libsmbclient code.; (bso#12927).
  + Server exit with active AIO can crash.; (bso#12925).
  + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
  + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
    (bso#12898).
  + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
  + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
    authentication; (bso#12886).
  + finder sidebar showing question mark instead of icon when using ip to
    connect with vfs_fruit; (bso#12840).
  + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
    from AD.; (bso#12720).
  + KCC run at selftest startup can fail spuriously due to a race;
    (bso#12869).
  + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
    the remote change; (bso#12782).
  + rpc_pipe_client memory leaks due to long term memory context passed to
    rpc_pipe_open_interface(); (bso#12890).
  + CVE-2017-2619 breaks accessing previous versions of directories with
    snapshots in subdirectories of the share; (bso#12885).
  + dns_name_equal doing OOB read; (bso#12813).
  + replica_sync tests flap; (bso#12753).
  + Selftest should not call 'net cache flush' and wipe important winbind
    entries; (bso#12868).
  + Old Samba versions don't support using recent ldb versions (>=1.1.30);
    (bso#12859).
  + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
  + race starting winbindd against posixacl test; (bso#12843).
  + Crash in the reentrant smbd_smb2_create_send() if the something fails in
    the subsequent try; (bso#12832).
  + spnego.c passes the wrong argument order to gensec_update_ev() for the
    FALLBACK case; (bso#12788).
  + Clients with SMB3 support can't connect with
    "server max protocol = SMB2_02"; (bso#12772).
  + A log message of samb-tool user syncpasswords reverses string arguments in
    a debug message "Call Popen[...".; (bso#12768).
  + The smb tarmode tests kills the share dir contents; (bso#12867).
  + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
  + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
  + manpage/index.html lists links not in alphabetical order; (bso#12854).
  + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
  + If a record is locked in a database, then recovery does not complete;
    (bso#12857).
  + debug_locks.sh script does not log any information; (bso#12856).
  + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
    after error; (bso#12852).
  + smbclient can't parse DOMAIN+username if a different winbind separator is
    used; (bso#12849).
  + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
  + Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
    (bso#12844).
  + cli->server_os not filled correctly; (bso#12779).
  + REGRESSION: smbclient doesn't print the session setup anymore;
    (bso#12824).
  + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
    FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
  + CTDB NFS call-out failures do not cause event failures; (bso#12837).
  + net command fails due to incorrectly return code; (bso#12828).
  + Fix building Samba with GCC 7.1; (bso#12827). - Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
  (bsc#1048339). - fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
  + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
    (bsc#1048278). - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339). - Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387). - Update to 4.6.5; (bsc#1040157)
  + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
    startup; (bso#12814).
  + vfs_expand_msdfs tries to open the remote address as a file path;
    (bso#12687).
  + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
    (bso#12798).
  + With clustering get update_num_read_oplocks failed and PANIC:
    num_share_modes == 1 assertion failure; (bso#11844).
  + contend_level2_oplocks_begin_default oplock optimisation doesn't carry
    over to leases; (bso#12766).
  + `ctdb nodestatus` incorrectly displays status for all nodes with wrong
    exit code; (bso#12802).
  + CTDB can spin hard on revoking readonly delegations if a node becomes
    disconnected; (bso#12697).
  + Printing a share mode entry with leases can crash in the ndr code;
    (bso#12793).
  + Fix flakey unit tests for eventd; (bso#12792).
  + CTDB daemon crashes if built with clang; (bso#12770).
  + smbcacls fails if no password is specified; (bso#12765).
  + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
  + samba-tool user syncpasswords doesn't trigger the script when a user gets
    removed; (bso#12767).
  + systemd: fix detection of libsystemd; (bso#12764).
  + Notify subsystem only maps first inotify mask to Windows notify filter;
    (bso#12760).
  + Allow passing trusted domain password as plain-text to PASSDB layer;
    (bso#12751).
  + Can't case-rename files with vfs_fruit; (bso#12749).
  + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
  + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
  + Ordering of notify responses broken; (bso#12756). - s3: libsmb: Fix error where short name length was read as 2
  bytes, should be 1; (bso#11822); (bsc#1042419). - Revert explicit winbind %{version}-%{release} dependency.
  + The ABI has stabilized since (bsc#936909), so remove to fix cross-media
    dependencies; (bsc#1037899). - Fix CVE-2017-7494 remote code execution from a writable share;
  (bso#12780); (bsc#1038231). - Update to 4.6.3; (bsc#1036011)
  + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
    from shares with GlusterFS backend; (bso#12743).
  + Fix for Solaris C compiler; (bso#12559).
  + s3: locking: Update oplock optimization for the leases era; (bso#12628).
  + Make the Solaris C compiler happy; (bso#12693).
  + s3: libgpo: Allow skipping GPO objects that don't have the
    expected LDAP attributes; (bso#12695).
  + Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
  + lib: debug: Avoid negative array access; (bso#12746).
  + cleanupdb: Fix a memory read error; (bso#12748).
  + streams_xattr and kernel oplocks results in
    NT_STATUS_NETWORK_BUSY; (bso#7537).
  + winbindd: idmap_autorid allocates ids for unknown SIDs from other
    backends; (bso#11961).
  + vfs_fruit: Resource fork open request with
    flags=O_CREAT|O_RDONLY; (bso#12565).
  + manpages/vfs_fruit: Document global options; (bso#12615).
  + lib/pthreadpool: Fix a memory leak; (bso#12624).
  + Lookup-domain for well-known SIDs on a DC; (bso#12727).
  + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
  + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
  + credentials_krb5: use gss_acquire_cred for client-side GSSAPI
    use case; (bso#12611).
  + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
  + ctdb-readonly: Avoid a tight loop waiting for revoke to
    complete; (bso#12697).
  + ctdb_event monitor command crashes if event is not specified;
    (bso#12723).
  + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
  + smbd: Fix smb1 findfirst with DFS; (bso#12558).
  + smbd: Do an early exit on negprot failure; (bso#12610).
  + winbindd: Fix substitution for 'template homedir'; (bso#12699).
  + s4:kdc: Disable principal based autodetected referral detection;
    (bso#12554).
  + idmap_autorid: Allocate new domain range if the callers knows
    the sid is valid; (bso#12613).
  + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
  + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
    trusted domain; (bso#12725).
  + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
  + winbindd: Fix password policy for pam authentication; (bso#12725).
  + s3:gse: Correctly handle external trusts with MIT; (bso#12554).
  + auth/credentials: Always set the realm if we set the principal
    from the ccache; (bso#12611).
  + replace: Include sysmacros.h; (bso#12686).
  + s3:vfs_expand_msdfs: Do not open the remote address as a file;
    (bso#12687).
  + s3:libsmb: Only print error message if kerberos use is forced;
    (bso#12704).
  + winbindd: Child process crashes when kerberos-authenticating
    a user with wrong password; (bso#12708).
  + vfs_fruit: Office document opens as read-only on macOS due to
    CNID semantics; (bso#12715).
  + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
    fragmented; (bso#12737). - Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416). - Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
  - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist" - Update to 4.6.2
  + remove bso#12721 patches now upstream - Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
  + x86-64 and aarch64 - Enable librados CTDB lock helper for samba-ceph package; (fate#321622). - Build and install the html man pages (bsc#1021907). - Fix CVE-2017-2619 regression with "follow symlinks = no";
  (bso#12721). - Update to 4.6.1
  + symlink race permits opening files outside share directory;
    CVE-2017-2619; (bso#12496); (bsc#1027147)
  + testparm checks for valid idmap parameters
  + add new krb client encryption types
  + support for printer driver upload from windows 10
  + inherit owner = 'unix only' for improved quota support
  + improved CTDB event support
  + new primary group support for idmap_ad
  + idmap_hash deprecated
  + mvxattr added to recursively rename extended attributes - Remove chkconfig requirements for systemd systems - Don't call insserv if systemd is used - Fix check if we need to require insserv - async_req: make async_connect_send() "reentrant";
  (bso#12105); (bsc#1024416). - Force usage of ncurses6-config thru NCURSES_CONFIG env var;
  (bsc#1023847). - add missing patch for libnss_wins segfault; (bsc#995730). - Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Add base Samba dependency to samba-ceph package. - Update to 4.5.3
  + Heap-based Buffer Overflow Remote Code Execution Vulnerability;
    CVE-2016-2123; (bso#12409); (bsc#1014437).
  + Don't send delegated credentials to all servers; CVE-2016-2125;
  (bso#12445); (bsc#1014441).
  + denial of service due to a client triggered crash in the winbindd
    parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
  + various streams vfs fixes
  + various printing fixes
  + ntlm_auth: do not map explicitly empty domain
  + various stability fixes in smbd
  + match file compression ReFS behavior -  Add missing ldb module directory; (bnc#1012092). - s3/client: obey 'disable netbios' smb.conf param, don't
  connect via NBT port; (bsc#1009085); (bso#12418). - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format
  fails; (bsc#997833). - Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730). - Update to 4.5.0
  + NTLM1 Authentication disabled by default
  + SMB2.1 leases enabled by default
  + Support for OFD locks
  + ctdb tool rewritten
  + Added shadow copy snapshot prefix parameter - Fix illegal memory access after memory has been deleted;
  (bso#11836); (bsc#975299). - Prevent core, make sure response->extra_data.data is always
  cleared out; (bsc#993692). - Don't package man pages for VFS modules that aren't built;
  (boo#993707). - Fix population of ctdb sysconfig after source merge; (bsc#981566). - Enable vfs_ceph builds for Factory (x86-64)
  + Package as samba-ceph to avoid Ceph dependency in base package. - Update to 4.4.5
  +  Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
    (bso#11860); (bsc#986869). - Remove obsolete syslog.target; (bsc#983938). - Honor smb.conf socket options in winbind; (bsc#975131). - Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522). - Update to 4.4.4
  + SMB3 multichannel: Add implementation of missing channel sequence
    number verification; (bso#11809).
  + smbd:close: Only remove kernel share modes if they had been
    taken at open; (bso#11919).
  + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
    (bso#11930).
  + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
  + Fix case sensitivity issues over SMB2 or above; (bso#11438).
  + s3:smbd: Fix anonymous authentication if signing is mandatory.
    (bso#11910)
  + Fix NTLM Authentication issue with squid; (bso#11914).
  + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
  + Fix memory leak in share mode locking; (bso#11934). - Update to 4.4.3
  + Various post-badlock regressions; (bso#11841); (bso#11850);
    (bso#11858); (bso#11870); (bso#11872).
  + Only allow idmap_hash for default idmap config (bso#11786).
  + smbd: Avoid large reads beyond EOF; (bso#11878).
  + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
    is set; (bso#11806).
  + libads: Record session expiry for spnego sasl binds; (bso#11852). - Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
  (bsc#975962); (bsc#979268), (bsc#977669). - Revert shared library packaging to comply with SLPP - Update to 4.4.2
  + A man-in-the-middle can downgrade NTLMSSP authentication;
    CVE-2016-2110; (bso#11688); (bsc#973031).
  + Domain controller netlogon member computer can be spoofed;
    CVE-2016-2111; (bso#11749); (bsc#973032).
  + LDAP conenctions vulnerable to downgrade and  MITM attack;
    CVE-2016-2112; (bso#11644); (bsc#973033).
  + TLS certificate validation missing; CVE-2016-2113; (bso#11752);
    (bsc#973034).
  + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
    (bso#11756); (bsc#973036).
  + "Badlock" DCERPC impersonation of authenticated account possible;
    CVE-2016-2118; (bso#11804); (bsc#971965).
  + DCERPC server and client vulnerable to DOS and MITM attacks;
    CVE-2015-5370; (bso#11344); (bsc#936862). - Fix samba.tests.messaging test and prevent potential tdb corruption
  by removing obsolete now invalid tdb_close call; (bsc#974629). - Obsolete libsmbclient from libsmbclient0 while not providing it;
  (bsc#972197). - Update to 4.4.0.
  + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
    CVE-2016-0771.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; (bso#11648); CVE-2015-7560.
  + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
    with no ACL support; (bso#10489).
  + docs: Add example for domain logins to smbspool man page; (bso#11643).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
  + winbindd: Return trust parameters when listing trusts; (bso#11691).
  + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
  + Crypto.Cipher.ARC4 is not available on some platforms, fallback to
    M2Crypto.RC4.RC4 then; (bso#11699).
  + s3:utils/smbget: Set default blocksize; (bso#11700).
  + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
  + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
  + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
  + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
  + smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + docs: Add manpage for cifsdd; (bso#11730).
  + param: Fix str_list_v3 to accept ; again; (bso#11732).
  + lib/socket: Fix improper use of default interface speed; (bso#11734).
  + lib:socket: Fix CID 1350009: Fix illegal memory accesses
    (BUFFER_SIZE_WARNING); (bso#11735).
  + libcli: Fix debug message, print sid string for new_ace trustee;
    (bso#11738).
  + Fix installation path of Samba helper binaries; (bso#11739).
  + Fix memory leak in loadparm; (bso#11740).
  + tevent: version 0.9.28: Fix memory leak when old signal action restored;
    (bso#11742).
  + smbd: Ignore SVHDX create context; (bso#11753).
  + Fix net join; (bso#11755).
  + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
    (bso#11755).
  + passdb: Add linefeed to debug message; (bso#11763).
  + s3:utils/smbget: Fix option parsing; (bso#11767).
  + libnet: Make Kerberos domain join site-aware; (bso#11769).
  + Reset TCP Connections during IP failover; (bso#11770).
  + ldb: Version 1.1.26; (bso#11772).
  + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
  + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
  + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
  + "trustdom_list_done: Got invalid trustdom response" message should be
    avoided; (bso#11782).
  + Mismatch between local and remote attribute ids lets replication fail with
    custom schema; (bso#11783).
  + Quota is not supported on Solaris 10; (bso#11788).
  + Talloc: Version 2.1.6; (bso#11789).
  + smbd: Enable multi-channel if 'server multi channel support = yes' in the
    config; (bso#11796).
  + build: Fix build when '--without-quota' specified; (bso#11798).
  + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
  + Access based share enum: handle permission set in configuration files;
    (bso#8093).
  + See also WHATSNEW.txt from the samba-doc package. - Update to 4.3.6.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; CVE-2015-7560; (bso#11648); (bsc#968222).
  + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
    (bso#11128); (bso#11686); (bsc#968223). - Upgrade on-disk FSRVP server state to new version; (bsc#924519). - Only obsolete but do not provide gplv2/3 package names; (bsc#968973). - Relocate existing lock files to /var/lib/samba/lock; (bsc#968963). - Obsolete no longer existing samba-32bit package; (bsc#967625). - Update to 4.3.5.
  + s3:utils/smbget: Fix recursive download; (bso#6482).
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
    with no ACL support; (bso#10489).
  + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
    (bso#11400).
  + vfs_shadow_copy2: Fix case where snapshots are outside the share;
    (bso#11580).
  + smbclient: Query disk usage relative to current directory; (bso#11662).
  + winbindd: Handle expired sessions correctly; (bso#11670).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + smbcacls: Fix uninitialized variable; (bso#11682).
  + s3:smbd: Ignore initial allocation size for directory creation;
    (bso#11684).
  + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
  + s3-parm: Clean up defaults when removing global parameters; (bso#11693).
  + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + ctdb: Remove error messages after kernel security update; CVE-2015-8543;
    (bso#11705).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
    (bso#11719).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + param: Fix str_list_v3 to accept ";" again; (bso#11732). - Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361). - Simplify shared library packaging; (bsc#966956). - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
  (bsc#964023). - Add quotes around path of update-apparmor-samba-profile; (bnc#962177). - Remove autoconf build-time requirement. - Update to 4.3.4.
  + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
  + Crash: Bad talloc magic value - access after free; (bso#11394).
  + Copying files with vfs_fruit fails when using vfs_streams_xattr without
    stream prefix and type suffix; (bso#11466).
  + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
    (bso#11613).
  + Fix a typo in the smb.conf manpage, explanation of idmap config;
    (bso#11619).
  + Correctly initialize the list head when keeping a list of primary followed
    by DFS connections; (bso#11624).
  + Reduce the memory footprint of empty string options; (bso#11625).
  + lib/async_req: Do not install async_connect_send_test; (bso#11639).
  + Fix typos in man vfs_gpfs; (bso#11641).
  + Make "hide dot files" option work with "store dos attributes = yes";
    (bso#11645).
  + Fix a corner case of the symlink verification; (bso#11647);  (bnc#960249).
  + Do not disable "store dos attributes" on-the-fly; (bso#11649).
  + Update lastLogon and lastLogonTimestamp; (bso#11659). - Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249). - Update to 4.3.3.
  + Malicious request can cause Samba LDAP server to hang, spinning using CPU;
    CVE-2015-3223; (bso#11325); (bnc#958581).
  + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
    (bnc#958586).
  + Insufficient symlink verification (file access outside the share);
    CVE-2015-5252; (bso#11395); (bnc#958582).
  + No man in the middle protection when forcing smb encryption on the client
    side; CVE-2015-5296; (bso#11536); (bnc#958584).
  + Currently the snapshot browsing is not secure thru windows previous version
    (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
  + Fix Microsoft MS15-096 to prevent machine accounts from being changed into
    user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Update to 4.3.2.
  + vfs_gpfs: Re-enable share modes; (bso#11243).
  + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
  + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
    type of zero; (bso#11452).
  + Add libreplace dependency to texpect, fixes a linking error on Solaris;
    (bso#11511).
  + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
  + s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
  + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
    (bso#11563).
  + async_req: Fix non-blocking connect(); (bso#11564).
  + auth: gensec: Fix a memory leak; (bso#11565).
  + lib: util: Make non-critical message a warning; (bso#11566).
  + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
    (bnc#949022).
  + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
  + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
  + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
    (bso#11581).
  + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
  + manpage: Correct small typo error; (bso#11584).
  + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
    containing them; (bso#11589).
  + Backport some valgrind fixes from upstream master; (bso#11597).
  + auth: Consistent handling of well-known alias as primary gid; (bso#11608).
  + winbind: Fix crash on invalid idmap configs; (bso#11612).
  + s3: smbd: have_file_open_below() fails to enumerate open files below an
    open directory handle; (bso#11615).
  + Changing log level of two entries to DBG_NOTICE; (bso#9912). - Ensure samlogon fallback requests are rerouted after kerberos failure;
  (bnc#953382); (bnc#953972). - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems. - Remove redundant configure options while adding with-relro. - Relocate the lockdir to the /var/lib/samba/lock directory. - Cleanup and enhance the pidl sub package. - Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage. - Update to 4.3.1.
  + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
    Windows; (bso#10252).
  + nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
  + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
  + kerberos: Make sure we only use prompter type when available;
    winbind: Fix 100% loop; (bso#11038).
  + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
  + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
    (bso#11316).
  + s3: smbd: Fix mkdir race condition; (bso#11486).
  + pam_winbind: Fix a segfault if initialization fails; (bso#11502).
  + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
  + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
    subdirs; (bso#11515).
  + s3: smbd: Fix opening/creating :stream files on the root share directory;
    (bso#11522).
  + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
  + net: Fix a crash with 'net ads keytab create'; (bso#11528).
  + s3: smbd: Fix a crash in unix_convert(); (bso#11535).
  + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
    (bso#11522); (bso#11535).
  + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
  + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
  + s3:locking: Initialize lease pointer in share_mode_traverse_fn();
    (bso#11549).
  + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
  + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
  + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
    is incorrect; (bso#11555). - Fix 100% CPU in winbindd when logging in with "user must change password on
  next logon"; (bso#11038). - Relocate the tmpfiles.d directory to the client package; (bnc#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
  instead; (bnc#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051). - Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502). - Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
  systems; (bnc#945013). - Update to 4.3.0.
  + Samba "map to guest = Bad uid" doesn't work; (bso#9862).
  + revert LDAP extended rule 1.2.840.113556.1.4.1941
    LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
  + No objectClass found in replPropertyMetaData on ordinary objects
    (non-deleted); (bso#10973).
  + Stream names with colon don't work with fruit:encoding = native;
    (bso#11278).
  + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + "force group" with local group not working; (bso#11320).
  + strsep is not available on Solaris; (bso#11359).
  + smbtorture does not build when configured --with-system-mitkrb5;
    (bso#11411).
  + Build with GPFS support is broken; (bso#11421).
  + Build broken with --disable-python; (bso#11424).
  + net share allowedusers crashes; (bso#11426).
  + nmbd incorrectly matches netbios names as own name; (bso#11427).
  + Python bindings don't check integer types; (bso#11429).
  + Python bindings don't check array sizes; (bso#11430).
  + CTDB's eventscript error handling is broken; (bso#11431).
  + Fix crash in nested ctdb banning; (bso#11432).
  + Cannot build ctdbpmda; (bso#11434).
  + samba-tool uncaught exception error; (bso#11436).
  + Crash in notify_remove caused by change notify = no; (bso#11444).
  + Poor SMB3 encryption performance with AES-GCM; (bso#11451).
  + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
  + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
  + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
    install; (bso#11458).
  + xid2sid gives inconsistent results; (bso#11464).
  + ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
  + Handling of 0 byte resource fork stream; (bso#11467).
  + AD samr GetGroupsForUser fails for users with "()" in their name;
    (bso#11488). - Configure with --bundled-libraries=NONE; (bso#11458). - Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284). - Remove libiniparser-devel build-time requirement. - Update to 4.2.3.
  + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
  + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
  + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
  + Logon via MS Remote Desktop hangs; (bso#11061).
  + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
  + tevent: Add a note to tevent_add_fd(); (bso#11141).
  + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
  + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
  + smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
  + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
    (bso#11245).
  + s3:smb2: Add padding to last command in compound requests; (bso#11277).
  + Add IPv6 support to ADS client side LDAP connects; (bso#11281).
  + Add IPv6 support for determining FQDN during ADS join; (bso#11282).
  + s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
  + Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
  + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
  + vfs_fruit: Add option "veto_appledouble"; (bso#11305).
  + tstream: Make socketpair nonblocking; (bso#11312).
  + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
  + Group creation: Add msSFU30Name only when --nis-domain was given;
    (bso#11315).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + Build fails on Solaris 11 with "â€˜PTHREAD_MUTEX_ROBUSTâ€™ undeclared";
    (bso#11319).
  + smbd/trans2: Add a useful diagnostic for files with bad encoding;
    (bso#11323).
  + Change sharesec output back to previous format; (bso#11324).
  + Robust mutex support broken in 1.3.5; (bso#11326).
  + Kerberos auth info3 should contain resource group ids available from
    pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
    exists in PAC; (bso#11328); (bnc#912457).
  + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
  + tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
  + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
  + s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
    (bso#11339).
  + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
  + pidl: Make the compilation of PIDL producing the same results if the
    content hasn't change; (bso#11356).
  + winbindd: Disconnect child process if request is cancelled at main
    process; (bso#11358).
  + vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
    (bso#11363).
  + docs: Overhaul the description of "smb encrypt" to include SMB3
    encryption; (bso#11366).
  + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
    (bso#11367).
  + ncacn_http: Fix GNUism; (bso#11371). - Disable rpath usage; (bnc#902421). - Make the winbind package depend on the matching libwbclient version and
  vice versa; (bnc#936909). - Backport changes to use resource group sids obtained from pac logon_info;
  (bso#11328); (bnc#912457). - Order winbind.service Before and Want nss-user-lookup target. - Remove fam-devel build-time dependency for post-6 RHEL systems. - Update to 4.2.2.
  + s3:smbXsrv: refactor duplicate code into
    smbXsrv_session_clear_and_logoff(); (bso#11182).
  + gencache: don't fail gencache_stabilize if there were records to delete;
    (bso#11260).
  + s3: libsmbclient: After getting attribute server, ensure main srv pointer
    is still valid; (bso#11186).
  + s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
    (bso#11236).
  + s3: smbd: Incorrect file size returned in the response of
    "FILE_SUPERSEDE Create"; (bso#11240).
  + Mangled names do not work with acl_xattr; (bso#11249).
  + nmbd rewrites browse.dat when not required; (bso#11254).
  + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
    (bso#11213).
  + s3:smbd: Add missing tevent_req_nterror; (bso#11224).
  + vfs: kernel_flock and named streams; (bso#11243).
  + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
  + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
    are used; (bso#11284).
  + ctdb: check for talloc_asprintf() failure; (bso#11201).
  + spoolss: purge the printer name cache on name change; (bso#11210);
    (bnc#901813).
  + CTDB statd-callout does not scale; (bso#11204).
  + vfs_fruit: also map characters below 0x20; (bso#11221).
  + ctdb: Coverity fix for CID 1291643; (bso#11201).
  + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
  + Fix terminate connection behavior for asynchronous endpoint with PUSH
    notification flavors; (bso#11226).
  + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
  + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
  + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
    directory is deleted; (bso#11257).
  + s3:winbindd: make sure we remove pending io requests before closing client
    sockets; (bso#11141); (bnc#931854).
  + Fix panic triggered by smbd_smb2_request_notify_done() ->
    smbXsrv_session_find_channel() in smbd; (bso#11182).
  + 'sharesec' output no longer matches input format; (bso#11237).
  + waf: Fix systemd detection; (bso#11200).
  + CTDB: Fix portability issues; (bso#11202).
  + CTDB: Fix some IPv6-related issues; (bso#11203).
  + CTDB statd-callout does not scale; (bso#11204).
  + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
    enter invalid values; (bso#11234).
  + libads: record service ticket endtime for sealed ldap connections;
    (bso#11267).
  + lib/util: Include DEBUG macro in internal header files before samba_util.h;
    (bso#11033). - Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854). - Remove the independently built libraries ldb, talloc, tdn, and tevent and
  the post-10.3 renamed libsmbclient from baselibs.conf. - Drop redundant doc attribute from man pages. - Update to 4.2.1.
  + s3:winbind:grent: Don't stop group enumeration when a group has no gid;
    (bso#8905).
  + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
  + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
    servers that don't send the 2 unused fields; (bso#10016).
  + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
  + waf: Fix the build on openbsd; (bso#10476).
  + s3: client: "client use spnego principal = yes" code checks wrong name;
    (bso#10888).
  + spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
  + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
    miliseconds if it's still valid before use; (bso#11079).
  + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
  + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
  + replace: Remove superfluous check for gcrypt header; (bso#11135).
  + Backport subunit changes; (bso#11137).
  + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
    implementation; (bso#11140).
  + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
  + talloc: Version 2.1.2; (bso#11144).
  + Update libwbclient version to 0.12; (bso#11149).
  + brlock: Use 0 instead of empty initializer list; (bso#11153).
  + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
    NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
  + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
    (bnc#913304).
  + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
    fails in the SMB1 case; (bso#11173).
  + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
  + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
  + s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
  + s4-process_model: Do not close random fds while forking; (bso#11180).
  + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Purge printer name cache on spoolss SetPrinter change; (bso#11210);
  (bnc#901813). - Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374). - Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root. - Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
  (bnc#913304). - Update to 4.2.0.
  + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
  + pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Make 'profiles' work again; (bso#9629).
  + s3:smb2_server: protect against integer wrap with
    "smb2 max credits = 65535"; (bso#9702).
  + Make validate_ldb of String(Generalized-Time) accept millisecond format
    ".000Z"; (bso#9810).
  + Use -R linker flag on Solaris, not -rpath; (bso#10112).
  + vfs: Add glusterfs manpage; (bso#10240).
  + Make 'smbclient' use cached creds; (bso#10279).
  + pdb: Fix build issues with shared modules; (bso#10355).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
  + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
  + Don't build vfs_snapper on FreeBSD; (bso#10834).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3: smb2cli: query info return length check was reversed; (bso#10848).
  + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
  + lib: uid_wrapper: Fix setgroups and syscall detection on a system without
    native uid_wrapper library; (bso#10851).
  + winbind3: Fix pwent variable substitution; (bso#10852).
  + Improve samba-regedit; (bso#10859).
  + registry: Don't leave dangling transactions; (bso#10860).
  + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
  + build: Do not install 'texpect' binary anymore; (bso#10862).
  + Fix testparm to show hidden share defaults; (bso#10864).
  + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
    max=PROTOCOL_SMB2_02; (bso#10866).
  + Integrate CTDB into top-level Samba build; (bso#10892).
  + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + Fix smbclient loops doing a directory listing against Mac OS X 10 server
    with a non-wildcard path; (bso#10904).
  + Fix print job enumeration; (bso#10905); (bnc#898031).
  + samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
    (bso#10909).
  + Add support for SMB2 leases; (bso#10911).
  + btrfs: Don't leak opened directory handle; (bso#10918).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: fix keytab array NULL termination; (bso#10933).
  + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
  + Cleanup add_string_to_array and usage; (bso#10942).
  + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
  + Fix RootDSE search with extended dn control; (bso#10949).
  + Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
  + libcli/smb: only force signing of smb2 session setups when binding a new
    session; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + vfs_streams_xattr: Check stream type; (bso#10971).
  + s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
    (bso#10982).
  + vfs_fruit: Add support for AAPL; (bso#10983).
  + Fix spoolss IDL response marshalling when returning error without clearing
    info; (bso#10984).
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
  + Fix IPv6 support in CTDB; (bso#10996).
  + ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
    (bso#11000).
  + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
  + s3-util: Fix authentication with long hostnames; (bso#11008).
  + ctdb-build: Fix build without xsltproc; (bso#11014).
  + packaging: Include CTDB man pages in the tarball; (bso#11014).
  + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
    (bso#11016).
  + Make Sharepoint search show user documents; (bso#11022).
  + nss_wrapper: check for nss.h; (bso#11026).
  + Enable mutexes in gencache_notrans.tdb; (bso#11032).
  + tdb_wrap: Make mutexes easier to use; (bso#11032).
  + lib/util: Avoid collision which alread defined consumer DEBUG macro;
    (bso#11033).
  + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
  + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
  + vfs_fruit: Fix base_fsp name conversion; (bso#11039).
  + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
  + Fix authentication using Kerberos (not AD); (bso#11044).
  + net: Fix sam addgroupmem; (bso#11051).
  + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
    (bnc#913238).
  + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
  + utils: Fix 'net time' segfault; (bso#11058).
  + libsmb: Provide authinfo domain for encrypted session referrals;
    (bso#11059).
  + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
  + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
  + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
  + vfs_glusterfs: Implement AIO support; (bso#11069).
  + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
  + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
    (bso#11077); CVE-2015-0240; (bnc#917376).
  + vfs: Add a brief vfs_ceph manpage; (bso#11088).
  + s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
  + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
    (bso#11097).
  + debug: Set close-on-exec for the main log file FD; (bso#11100).
  + s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
    (bso#11102).
  + s3: smbd: SMB2 close. If a file has delete on close, store the return info
    before deleting; (bso#11104).
  + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
  + snprintf: Try to support %j; (bso#11119).
  + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
  + doc-xml: Add 'sharesec' reference to 'access based share enum';
    (bso#11127). - Update to 4.2.0rc5.
  + Ensure we don't call talloc_free on an uninitialized pointer;
    CVE-2015-0240; (bso#11077); (bnc#917376). - Fix usage of freed memory on server exit; (bso#11218); (bnc#919309). - Fix tdb_store_flag_to_ntdb() gcc5 build failure. - Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238). - Update to 4.1.16.
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Fix libsmbclient DFS referral handling.
  + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
  + Set domain/workgroup based on authentication callback value; (bso#11059). - Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
  libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages. - Enable avahi support on post-12.2 systems. - Update to 4.1.15.
  + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Fix profiles tool; (bso#9629).
  + s3-lib: Do not require a password with --use-ccache; (bso#10279).
  + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
    (bso#10949).
  + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
  + s3:smb2_server: Allow reauthentication without signing; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
    convention; (bso#10982).
  + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
    'supported_extensions'; (bso#11006).
  + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
    (bso#11006).
  + winbind: Retry LogonControl RPC in ping-dc after session expiration;
    (bso#11034). - yast2-samba-client should be able to specify osName and osVer on
  AD domain join; (bnc#873922). - Lookup FSRVP share snums at runtime rather than storing them persistently;
  (bnc#908627). - Specify soft dependency for network-online.target in Winbind systemd service
  file; (bnc#889175). - Fix spoolss error response marshalling; (bso#10984). - Update to 4.1.14.
  + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
    Tools/perl.py back to upstream state; (bso#10472).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + nmbd fails to accept "--piddir" option; (bso#10711).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
    (bso#10880).
  + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
    (bso#10889).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
    STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
  + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: Fix keytab array NULL termination; (bso#10933).
  + Cleanup add_string_to_array and usage; (bso#10942). - Remove and cleanup shares and registry state associated with
  externally deleted snaphots exposed as shadow copies; (bnc#876312). - Use the upstream tar ball, as signature verification is now able to handle
  compressed archives. - Fix leak when closing file descriptor returned from dirfd; (bso#10918). - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
  + Fix handling of bad EnumJobs levels; (bso#10898). - Remove dependency on gpg-offline as signature checking is implemented in the
  source validator. - Update to 4.1.13.
  + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
  + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
  + s3-libads: Add all machine account principals to the keytab; (bso#9985).
  + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
    be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
  + Fix unstrcpy; (bso#10735).
  + pthreadpool: Slightly serialize jobs; (bso#10779).
  + s3: smbd: streams - Ensure share mode validation ignores internal opens
    (op_mid == 0); (bso#10797).
  + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
  + vfs_media_harmony: Fix a crash bug; (bso#10813).
  + docs: Mention incompatibility between kernel oplocks and streams_xattr;
    (bso#10814).
  + nmbd: Send waiting status to systemd; (bso#10816).
  + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
    (bso#10817).
  + nsswitch: Skip groups we were not able to map; (bso#10824).
  + s3-winbindd: Use correct realm for trusted domains in idmap child;
    (bso#10826).
  + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
  + s3: lib: Signal handling - ensure smbrun and change password code save and
    restore existing SIGCHLD handlers; (bso#10831).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
    (bso#10838).
  + s3: smb2cli: Query info return length check was reversed; (bso#10848).
  + registry: Don't leave dangling transactions; (bso#10860). - Update to 4.2.0rc2. - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;
  (fate#313346). - Backport upstream master fixes for samba-regedit; (bnc#896536). - BuildRequire python-xml on SUSE systems only. - BuildRequire python-xml.
- Exclude unwanted texpect binary and libhttp, libsamba-cluster-support,
  libsamba-debug, and libsocket-blocking shared libs.
- Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct,
  tstream_smbXcli_np, idtree, and idtree_random header files.
- Remove nmblookup and smbclient4 binary and nmblookup4 man page. - Update to 4.2.0rc1. - Fix small memory-leak in the background print process; (bnc#899558). - Modify samba-regedit so it displays correctly (related to ncurses).
  Changed code to use menu sub windows, seems to fix problems with display not
  refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536). - Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and
  the man page of the unused findsmb script. - Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969). - Update to 4.1.12.
  + s3: winbindd: On new client connect, prune idle or hung connections older
    than "winbind request timeout". Add new parameter "winbind request
    timeout". Please see smb.conf man page for details; (bso#3204);
    (bnc#872912).
  + Fix smbd crashes when filename contains non-ascii character; (bso#10716).
  + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects;
    (bso#10749).
  + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570).
  + s4:setup/dns_update_list: make use of the new substitution variables;
    (bso#9831).
  + build: Fix configure to honour '--without-dmapi'; (bso#10369).
  + provision: Correctly provision the SOA record minimum TTL; (bso#10466).
  + s3: Enforce a positive allocation_file_size for non-empty files;
    (bso#10543).
  + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640).
  + Make "case sensitive = True" option working with "max protocol = SMB2" or
    higher in large directories; (bso#10650).
  + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652).
  + lib: strings: Simplify strcasecmp; (bso#10716).
  + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different
    connections; (bso#10723).
  + 'net time': Fix usage and core dump; (bso#10728).
  + sys_poll_intr: Fix timeout arithmetic; (bso#10731).
  + s3:idmap: Don't log missing range config if range checking not requested;
    (bso#10737).
  + Fix flapping VFS gpfs offline bit; (bso#10741).
  + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742).
  + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked
    for; (bso#10751).
  + samba: Retain case sensitivity of cifs client; (bso#10755).
  + lib: Remove unused nstrcpy; (bso#10758).
  + Fix a memory leak in cli_set_mntpoint(); (bso#10759).
  + docs: Fix typos in smb.conf (inherit acls); (bso#10761).
  + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in
    get_sec_info(); (bso#10773).
  + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in
    incoming security_information flags in posix_get_nt_acl_common();
    (bso#10773).
  + Don't discard result of checking grouptype; (bso#10777).
  + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778).
  + smbd: Properly initialize mangle_hash; (bso#10782).
  + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787).
  + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory
    read; (bso#10794). - Wait for network-online.target to prevent caching of
  pre-network failures; (bnc#889175). - Use domain name if search by domain SID fails to send SIDHistory
  lookups to correct idmap backend; (bnc#773464). - Prune idle or hung connections older than "winbind request timeout";
  (bso#3204); (bnc#872912). - fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774). - Remove pre-11.2 patch which by default uses the smbpasswd passdb backend. - build: disable mmap on s390 systems; (bso#10765); (bnc#886193);
  (bnc#882356). - Create the cups smb backend as sym link pointing to smbspool; (bnc#891220). - Fix winbind service parameter usage; (bnc#890005). - lib/param: change the default for "winbind expand groups" to "0";
  (bnc#890008). - Update to 4.1.11.
  + A malicious browser can send packets that may overwrite the heap of the
    target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429). - Fix "net time" segfault; (bso#10728); (bnc#889539). - Update to 4.1.10.
  + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).
  + dbcheck: Add check and test for various invalid userParameters values;
    (bso#8077).
  + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for
    now; (bso#8077).
  + Simple use case results in "no talloc stackframe around, leaking memory"
    error; (bso#8449).
  + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).
  + dsdb: Always store and return the userParameters as a array of LE 16-bit
    values; (bso#10130).
  + s4:repl_meta_data: fix array assignment in
    replmd_process_linked_attribute(); (bso#10294).
  + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
    (bso#10469).
  + dbchecker: Verify and fix broken dn values; (bso#10536).
  + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).
  + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
    servers; (bso#10587).
  + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
    (bso#10593).
  + rid_array used before status checked - segmentation fault due to null
    pointer dereference; (bso#10627).
  + Samba won't start on a machine configured with only IPv4; (bso#10653).
  + msg_channel: Fix a 100% CPU loop; (bso#10663).
  + s3: smbd: Prevent file truncation on an open that fails with share mode
    violation; (bso#10671); (bnc#884056).
  + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).
  + samba-tool: Add --site parameter to provision command; (bso#10674).
  + smbstatus: Fix an uninitialized variable; (bso#10680).
  + SMB1 blocking locks can fail notification on unlock, causing client
    timeout; (bso#10684).
  + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap();
    (bso#10685).
  + 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
    invalid status check in the second client; (bso#10687).
  + wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
  + Backport ldb-1.1.17 + changes from master; (bso#10693).
  + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
  + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
  + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
  + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798,
    1034791, 1034792 1034910, 1034910); (bso#10693).
  + ldb: make the successful ldb_transaction_start() message clearer;
    (bso#10693).
  + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
  + ldb: Use of NULL pointer bugfix; (bso#10693).
  + lib/ldb: Fix compiler warnings; (bso#10693).
  + pyldb: Decrement ref counters on py_results and quiet warnings;
    (bso#10693).
  + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
    (bso#10693).
  + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).
  + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).
  + Backport autobuild/selftest fixes from master; (bso#10696).
  + Backport drs-crackname fixes from master; (bso#10698).
  + smbd: Avoid double-free in get_print_db_byname; (bso#10699).
  + Backport access check related fixes from master; (bso#10700).
  + Backport provision fixes from master; (bso#10703).
  + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX();
    (bso#10706).
  + s3: Fix missing braces in nfs4_acls.c. - Reduce printer_list.tdb lock contention during printcap update;
  (bso#10652); (bnc#883870).
  + Only update the printer share inventory when needed. - Add missing newline to debug message in daemon_ready(); (bnc#865627). - BuildRequire systemd-devel, configure --with-systemd, and modify the service
  files accordingly on post-12.2 systems; (bso#10517); (bnc#865627). - Prevent file truncation on an open that fails with share mode violation;
  (bso#10671); (bnc#884056). - Update to 4.1.9.
  + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962).
  + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX
    handler; CVE-2014-3493; (bnc#883758). - BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case. - BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent
  on CentOS, Fedora, and RHEL systems. - Update to 4.1.8.
  + dns: Don't reply to replies; CVE-2014-0239; (bso#10609).
  + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
    (bso#10549).
  + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124).
  + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers
    command; (bso#10151).
  + s3: nmbd: Reset debug settings after reading config file; (bso#10239).
  + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348).
  + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir';
    (bso#10472).
  + wafsamba: Fix the installation on FreeBSD; (bso#10472).
  + Use exit_daemon() to communicate status of startup to systemd; (bso#10517).
  + Fix adding NetApps; (bso#10524).
  + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544).
  + s3: lib/util: set_namearray reads across end of namelist; (bso#10544).
  + idmap_autorid: Fix failure in reverse lookup if ID is from domain range
    index #0; (bso#10547).
  + build: Fix ordering problems with lib-provided and internal RPATHs;
    (bso#10548).
  + Fix read of deleted memory in reply_writeclose()'; (bso#10554).
  + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556).
  + Fix lock order violation and file lost; (bso#10564).
  + dsdb: Do checks for invalid renames in samldb, before repl_meta_data;
    (bso#10569).
  + Fix wildcard unlink to fail if we get an error rather than trying to
    continue; (bso#10577).
  + byteorder: Do not assume PowerPC is big-endian; (bso#10590).
  + printing: Fix purge of all print jobs; (bso#10612). - examples/libsmbclient: avoid some compiler warnings; (bso#10624). - Fix printer job purging; (bso#10612); (bnc#879390). - Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17. - Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701). - Pass through vfs_btrfs snapshot manipulation requests when
  "btrfs: manipulate snapshots = no" is configured; (bnc#874180). - Clone the base share security descriptor when exposing a snapshot share;
  (bnc#874656). - Use appropriate HRESULT return codes; (bnc#875046). - Update to 4.1.7.
  + Make "force user" work as expected; (bso#9878).
  + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911).
  + Fix problem with server taking too long to respond to a
    MSG_PRINTER_DRVUPGRADE message; (bso#9942).
  + s3-printing: Fix obvious memory leak in printer_list_get_printer();
    (bso#9993).
  + doc: Add "spoolss: architecture" parameter usage; (bso#10188).
  + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200).
  + Make (lib)smbclient work with NetApp; (bso#10230).
  + SessionLogoff on a signed connection with an outstanding notify request
    crashes smbd; (bso#10344).
  + dfs: Always call create_conn_struct with root privileges; (bso#10378).
  + 'net ads search' on high latency networks can return a partial list with
    no error indication; (bso#10387).
  + max xmit > 64kb leads to segmentation fault; (bso#10422).
  + Fix STATUS_NO_MEMORY response from Query File Posix Lock request;
    (bso#10431).
  + Increase max netbios name components; (bso#10439).
  + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from
    within ctdbd_migrate() with invalid lock_order; (bso#10444).
  + Fix 'wbinfo -i' with one-way trust; (bso#10458).
  + samba4 services not binding on IPv6 addresses causing connection delays;
    (bso#10464).
  + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467).
  + Don't respond with NXDOMAIN to records that exist with another type;
    (bso#10471).
  + pidl: waf should have an option for the dir to install perl files and do
    not glob; (bso#10472).
  + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474).
  + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481).
  + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE;
    (bso#10484).
  + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord
    as public structs; (bso#10504).
  + Make 'smbreadline' build with readline 6.3; (bso#10506).
  + smbd: Correctly add remote users into local groups; (bso#10508).
  + rpcclient FSRVP request UNCs should include a trailing backslash;
    (bso#10521).
  + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534).
  + s3:rpc_server: Minor refactoring of process_request_pdu(). - Create a new DBus connection for every vfs_snapper request, to ensure
  correct snapper UID detection; (bnc#866354). - Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658). - Fix minor compiler warnings in snapshot code-path; (bnc#873177). - Remove references to the obsolete samba-krb-printing package and
  get_printing_ticket binary. - Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
  (bso#10549); (bnc#872396). - User error strings instead of hex codes where possible for FSRVP
  errors; (bnc#866927). - Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957). - Add krb5rcache directory to the winbind package; (bnc#870607).
- Cleanup and consolidate the sysconfig and systemd service files. - Extend vfs_snapper man page to cover permissions; (bnc#870570). - Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707). - Default with the cache and lock directory to the same path to have both
  non-persistent and persistent data at one location; (bnc#846586). - Depend only on %version with all manual Provides and Requires; (bnc#844307). - Update to 4.1.6.
  + Password lockout not enforced for SAMR password changes; CVE-2013-4496;
    (bnc#849224).
  + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442;
    (bnc#855866). - Password lockout not enforced for SAMR password changes;
  CVE-2013-4496; (bnc#849224). - Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665). - samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442;
  (bnc#855866). - Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
  (bnc#865095). - Propagate snapshot enumeration permissions errors to SMB clients;
  (bnc#865641). - Properly handle empty 'requires_membership_of' entries in
  /etc/security/pam_winbind.conf; (bnc#865771). - Fix problem with server taking too long to respond to a
  MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397). - Use libarchive to provide improved smbclient tarmode functionality;
  (bso#9667); (bnc#861135). - Depend on %version-%release with all manual Provides and Requires;
  (bnc#844307). - Update to 4.1.5.
  + Fix 100% CPU utilization in winbindd when trying to free memory in
    winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
  + smbd: Fix memory overwrites; (bso#10415).
  + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
    (bso#2191).
  + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
    (bso#10087).
  + s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
  + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
    directories are open; (bso#10406).
  + Add support for Heimdal's unified krb5 and hdb plugin system, cope with
    first element in hdb_method having a different name in different heimdal
    versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
  + vfs_btrfs: Fix incorrect zero length server-side copy request handling;
    (bso#10424).
  + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
    can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
  + smbd: Fix an ancient oplock bug; (bso#10436).
  + Fix crash bug in smb2_notify code; (bso#10442). - Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). - Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
  + Improve vfs_snapper documentation. - Fix Winbind 100% CPU utilization caused by domain list corruption;
  (bso#10358); (bnc#786677). - Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
  (bnc#862370). - Streamline the vendor suffix handling and add support for SLE 12. - Fix zero length server-side copy request handling; (bso#10424);
  (bnc#862558). - Set the PID directory to /run/samba on post-12.2 systems. - Make use of the tmpfilesdir macro while calling systemd-tmpfiles. - Make winbindd print the interface version when it gets an INTERFACE_VERSION
  request; (bnc#726937). - Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
  definitions; (bnc#860832). - Check for NULL gensec_security in gensec_security_by_auth_type();
  (bnc#860809). - Ensure ndr table initialization; (bnc#860648). - Add File Server Remote VSS Protocol (FSRVP) server for SMB share
  shadow-copies; (fate#313346). - s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
  (bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
  (bso#10384) - s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
  (bso#10358); (bnc#786677). - Default sysconfig daemon options to -D; (bso#10388); (bnc#857454). - Add /var/cache/samba to the client file list; (bnc#846586). - Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454). - Correct sysconfig variable names by adding the missing D char; (bnc#857454). - Update to 4.1.4.
  + Fix segfault in smbd; (bso#10284).
  + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311). - Call stop_on_removal from preun and restart_on_update and insserv_cleanup
  from postun on pre-12.3 systems only; (bnc#857454). - BuildRequire gamin-devel instead of unmaintained fam-devel package on
  post-12.1 systems. - smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
  path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337). - Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454). - Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
  (bnc#856759). - Fix broken rc{nmb,smb,winbind} sym links which should point to the service
  binary on post-12.2 systems; (bnc#856759). - Add Snapper VFS module for snapshot manipulation; (fate#313347).
  + dbus-1-devel required at build time. - Add File Server Remote VSS Protocol (FSRVP) client for SMB share
  shadow-copies; (fate#313345). - Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part
  of the minimum build environment. - Update to 4.1.3.
  + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
    (bnc#844720).
  + pam_winbind login without require_membership_of restrictions;
    CVE-2012-6150; (bnc#853347). - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression support; (fate#316266).
  + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
  + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
  + Extend vfs_btrfs VFS module to utilize get/set compression hooks. - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770). - Remove bogus libsmbclient0 package description and cleanup the libsmbclient
  line from baselibs.conf; (bnc#853021). - BuildRequire systemd on post-12.2 systems. - Update to 4.1.2.
  + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
  + dfs_server: Use dsdb_search_one to catch 0 results as well as
    NO_SUCH_OBJECT errors; (bso#10052).
  + Missing talloc_free can leak stackframe in error path; (bso#10187).
  + Fix memset used with constant zero length parameter; (bso#10190).
  + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
    (bso#10193).
  + Make offline logon cache updating for cross child domain group membership;
    (bso#10194).
  + nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
  + RW Deny for a specific user is not overriding RW Allow for a group;
    (bso#10196).
  + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
    (bso#10224).
  + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
    (bso#10224).
  + VFS plugin was sending the actual size of the volume instead of the total
    number of block units because of which windows was getting the wrong
    volume capacity; (bso#10224).
  + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
  + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
  + Fix the build of vfs_glusterfs; (bso#10253).
  + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
    (bso#10264).
  + util: Remove 32bit macros breaking strict aliasing; (bso#10269). - Let gpg verify execution condition not fail on non SUSE systems. - Add systemd support for post-12.2 systems. - Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
  the add, delete, modify and set operations now support automatic
  propagation of inheritable ACE(s); (FATE#316474). - Unconditionally create the CUPS smb backend sym link pointing to smbspool;
  (bnc#850656). - Update to 4.1.1.
  + ACLs are not checked on opening an alternate data stream on a file or
    directory; CVE-2013-4475; (bso#10229); (bnc#848101).
  + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). - Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). - ACLs are not checked on opening an alternate data stream on a file or
  directory; CVE-2013-4475; (bso#10229); (bnc#848101). - Update to 4.1.0.
  + pam_winbindd: Support the KEYRING ccache type; (bso#10132).
  + Fix PAC parsing failure; (bso#10178). - Unify the defattr lines in the pidl, python, test and test-devel files
  section by removing the optional directory mode. - Verify source tar ball gpg signature. - Update to 4.1.0rc4.
  + dsdb: Convert the full string from UTF16 to UTF8, including embedded
    NULLs; (bso#8077).
  + python-samba-tool fsmo: Do not give an error on a successful role
    transfer; (bso#9461).
  + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
  + Raise the level of a debug when unable to open a printer; (bso#10118).
  + Add "acl allow execute always" parameter; (bso#10134).
  + vfs_shadow_copy2: Display previous versions correctly over SMB2;
    (bso#10137).
  + smbd: Always clean up share modes after hard crash; (bso#10138).
  + Valid utf8 filenames cause "invalid conversion error" messages;
    (bso#10139).
  + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
  + Samba SMB2 client code reads the wrong short name length in a directory
    listing reply; (bso#10145).
  + libcli/smb: Only check the SMB2 session setup signature if required and
    valid; (bso#10146).
  + Better document potential implications of a globally used "valid users";
    (bso#10147).
  + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
  + Not all OEM servers support the ALTNAME info level; (bso#10150).
  + Regression causes replication failure with Windows 2008R2 and deletes
    Deleted Objects; (bso#10157).
  + Netbios related samba process consumes 100% CPU; (bso#10158).
  + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162). - Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel. - Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0,
  libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0,
  libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0,
  libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0,
  libsmbldap0, and libtevent-util0 to baselibs.conf. - Add or polish the shared library package summaries and descriptions. - Update to 4.1.0rc3.
  + Fix working on site with Read Only Domain Controller; (bso#5917).
  + Add man page for vfs_syncops; (bso#7364).
  + Add man page for vfs_linux_xfs_sgid; (bso#7490).
  + When replicating DNS for bind9_dlz we need to create the server-DNS
    account remotely; (bso#9091).
  + Winbind unable to retrieve user information from AD; (bso#9615).
  + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
    (bso#9899).
  + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
  + Add SMB2 and SMB3 support for smbclient; (bso#9974).
  + Add man pages for ntdb tools; (bso#10000).
  + Add man page for samba-regedit tool; (bso#10001).
  + ::1 added to nameserver on join; (bso#10030).
  + Fix memory leak in source3/lib/util.c:1493; (bso#10063).
  + Fix segmentation fault in 'net ads join'; (bso#10073).
  + Fix variable list in vfs_crossrename man page; (bso#10076).
  + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
  + smbd: Fix async echo handler forking; (bso#10086).
  + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
    (bso#10097).
  + Honour output buffer length set by the client for SMB2 GetInfo requests;
    (bso#10106).
  + Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
  + Handle Dropbox (write-only-directory) case correctly in pathname lookup;
    (bso#10114).
  + Masks incorrectly applied to UNIX extension permission changes;
    (bso#10121). - Implement shared library packaging guidelines.
- Correct interpackage dependencies; (bso#10129). - Define the source URL differently in the case of a release candidate. - Update to 4.1.0rc2.
  + Add vfs_btrfs module.
  + Add support for server-side copy operations via the
    SMB2 FSCTL_SRV_COPYCHUNK request.
  + Fix replication with --domain-crictical-only to fill in backlinks;
    (bso#9029).
  + Windows 8 Roaming profiles fail; (bso#9678).
  + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
    (bso#9820).
  + Windows error 0x800700FE when copying files with xattr names containing
    ":"; (bso#9992).
  + Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
  + Fix segfault while reading incomplete session info; (bso#10003).
  + Missing integer wrap protection in EA list reading can cause server to
    loop with DOS (CVE-2013-4124); (bso#10010).
  + Fix a 100% loop at shutdown time (smbd); (bso#10013).
  + Fix/improve debug options; (bso#10015).
  + Rename regedit to samba-regedit; (bso#10040).
  + Remove obsolete swat manpage and references; (bso#10041).
  + Fix crashes in socket_get_local_addr(); (bso#10042).
  + Allow to change the default location for Kerberos credential caches;
    (bso#10043).
  + Remove a redundant inlined substitution of ACLs; (bso#10045).
  + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
  + dsdb improvements; (bso#10056).
  + Linux kernel oplock breaks can miss signals; (bso#10064). - BuildRequire pyldb-devel. - Add libnetapi0 and samba-libs to baselibs.conf. - Update to 4.0.9.
  + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
    (bso#9820).
  + s3-lib: Fix segmentation fault while reading incomplete session info;
    (bso#10003).
  + smbd: Fix a 100% loop at shutdown time; (bso#10013).
  + Windows 8 Roaming profiles fail; (bso#9678).
  + Add UPN enumeration to passdb internal API; (bso#9779).
  + smbd: Cleanup disonnected durable handles; (bso#9930).
  + vfs_streams_xattr: Do not attempt to write empty attribute twice;
    (bso#9970).
  + Fix Windows error 0x800700FE when copying files with xattr names
    containing ":"; (bso#9992).
  + s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
  + Fix excessive RID allocation; (bso#10014).
  + Add debugclass for DNS server; (bso#10015).
  + Fix/improve debug options; (bso#10015).
  + Allow to change the default location for Kerberos credential caches;
    (bso#10043).
  + Linux kernel oplock breaks can miss signals; (bso#10064).
  + net ads join: Fix segmentation fault in
    create_local_private_krb5_conf_for_domain; (bso#10073). - Update to 4.0.8.
  + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
    authenticated or guest connections; CVE-2013-4124; (bnc#829969). - Require krb5 and not the non existing krb5-libs package. - Update to 4.1.0rc1.
  + Directory database replication (AD DC mode)
  + Server-Side Copy Support
  + Btrfs Filesystem Integration - BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp.
- BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version.
- Require perl-base on SUSE systems only. - Adjust group setting of the test-devel subpackage.
- Require perl-base from the pidl subpackage. - Remove libdir/samba/ldb after install if we're building Samba without
  Active Directory Domain Controller support. - Remove unused ccache switch from the spec file. - BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the
  man pages and add them to the package again. - Build from the package from the top level directory; (bnc#794744).
- BuildRequire pytalloc-devel, python-tdb, and python-tevent.
- Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1
  SUSE systems. - Remove the empty data dir from the doc package filelist.
- Explicitly use samba instead of the name macro to define the docbook dir. - Update to 4.0.7.
  + Fix a core dump with invalid lock order while opening/editing
    or copying MS files; (bso#9794).
  + Fix crash bug from search of mail=; (bso#9967).
  + s3-rpc_server: Ensure we are root when starting and using gensec;
    (bso#9465).
  + Add support for MX queries; (bso#9485).
  + dns: Delete dnsNode objects when they are empty; (bso#9559).
  + dns: Support larger queries when asking forwarder; (bso#9632).
  + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805).
  + Use of wrong RFC2307 primary group field; (bso#9880).
  + Check for system libtevent; (bso#9881).
  + is_printer_published GUID retrieval; (bso#9900).
  + Doc fixes for 4.0; (bso#9906).
  + Build fixes for 4.0 found during autoconf or debian packaging work;
    (bso#9907).
  + build: Add missing new line to replaced python shebang line; (bso#9909).
  + PIE builds not supported; (bso#9910).
  + s4:winbind: Don't leak libnet_context into the main event context;
    (bso#9929).
  + Fix a bug of drvupgrade of smbcontrol; (bso#9941).
  + Check for netbios aliases in ad_get_referrals; (bso#9947).
  + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953).
  + docs: Avoid mentioning a possibly misleading option; (bso#9964).
  + Fix build with system Heimdal of samba4kgetcred; (bso#9968). - Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and
  OBS for any other operating system to define the vendor string while build. - Remove ldapsmb from the main spec file. - Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man. - Don't bzip2 the main tar ball, use the upstream gziped one instead. - Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and
  libopenssl-devel. - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). - Update to 4.0.6.
  + Fix crash during Win8 sync; (bso#9822).
  + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834).
  + Fix the username map optimization; (bso#9139).
  + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
  + SMB2 server doesn't support recvfile; (bso#9412).
  + Fix the build of vfs_notify_fam; (bso#9545).
  + Fix adding case sensitive spn; (bso#9699).
  + Properly handle oplock breaks in compound requests; (bso#9722).
  + Properly handle oplock breaks in compound requests; (bso#9722).
  + Cache name_to_sid/sid_to_name correctly; (bso#9766).
  + Fix 'net ads join' when called via stdin; (bso#9767).
  + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775).
  + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and
    doesn't cope with directories being modified whilst reading; (bso#9777).
  + Fix panic when running 'smbtorture smb.base'; (bso#9782).
  + Use specified python for runtime installation of Samba; (bso#9785).
  + Change '--with-dmapi' to 'default=auto' to match the autoconf build;
    (bso#9803).
  + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION;
    (bso#9804).
  + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807).
  + Package new dbwrap_tool man page; (bso#9809).
  + Old DOS SMB CTEMP request uses a non-VFS function to access
    the filesystem; (bso#9811).
  + Fix 'map untrusted to domain' with NTLMv2; (bso#9817).
  + SMB signing and the async echo responder don't work together; (bso#9824).
  + Fix panic in nt_printer_publish_ads; (bso#9830).
  + talloc use after free in winbind4; (bso#9832).
  + Function called in unix_convert() path can overwrite errno; (bso#9833).
  + Fix NULL pointer dereference in Winbind; (bso#9854).
  + Fix making LIBNDR_PREG_OBJ; (bso#9868). - Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches. - Update to 4.0.5.
  + Fix large reads/writes from some Linux clients; (bso#9706).
  + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740).
  + Can't delegate adding computers to domain; (bso#9267).
  + Fix GNU ld version detection with old gcc releases; (bso#7825).
  + Never try to map global SAM name; (bso#9039).
  + Certain xattrs cause Windows error 0x800700FF; (bso#9130).
  + Samba returns unexpected error on SMB posix open; (bso#9519).
  + Fix build on AIX; (bso#9557).
  + libnss-winbindd does not provide pass struct for groups mapped with
    ID_TYPE_BOTH and vice versa; (bso#9617).
  + Reauth-capable client fails to access shares on Windows member; (bso#9625).
  + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636).
  + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639).
  + Fix the build of vfs_afsacl; (bso#9642).
  + Fix the build with --fake-kaserver; (bso#9643).
  + Fix compile of source3/lib/afs.c; (bso#9644).
  + Make SMB2_GETINFO multi-volume aware; (bso#9646).
  + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653).
  + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656).
  + 'make test' hangs; (bso#9663).
  + Fix correct linking of libreplace with cmdline-credentials; (bso#9664).
  + Fix filtering of link-local addresses; (bso#9666).
  + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669).
  + Samba denies owner Read Control when there is a DENY entry while W2K08
    does not; (bso#9674).
  + Fix several resource (fd) leaks; (bso#9683).
  + Fix a memory leak in spoolss rpc server; (bso#9685).
  + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686).
  + Fix several possible null pointer dereferences; (bso#9687).
  + Make sure that domain joins work correctly when the DC disallows NTLM
    auth; (bso#9689).
  + Backport tevent changes to bring library to version 0.9.18; (bso#9695).
  + Remove incomplete samba_dnsupdate IPv6 link-local address check;
    (bso#9696).
  + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX
    domain socket; (bso#9697).
  + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833).
  + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703).
  + Fix nss_winbind name on FreeBSD; (bso#9704).
  + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and
    getgrgid calls; (bso#9711).
  + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717).
  + s4-idmap: Remove requirement that posixAccount or posixGroup be set for
    rfc2307; (bso#9718).
  + Allow forcing an override of an old @MODULES record; (bso#9719).
  + Do not print the admin password during 'samba-tool classicupgrade';
    (bso#9720).
  + Make samba_upgradedns more robust (do not guess addresses when just
    changing roles); (bso#9721).
  + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723).
  + is_encrypted_packet() function incorrectly used inside server; (bso#9724).
  + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725).
  + Fix NULL pointer dereference; (bso#9727).
  + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728).
  + Fix 'smbcontrol close-share'; (bso#9733).
  + Fix Winbind separator in upn to username conversion; (bso#9735).
  + Change to smbd/dir.c code gives significant performance increases on large
    directory listings; (bso#9736).
  + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739).
  + Make sure that we only propogate the INHERITED flag when we are allowed
    to; (bso#9747).
  + Remove unneeded fstat system call from hot read path; (bso#9748).
  + Don't leak the epm_Map policy handle; (bso#9758).
  + Fix incorrect parsing of SMB2 command codes; (bso#9760).
- Update to 4.0.4.
  + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624). - Fix periodic printcap cache reloads; (bso#9650); (bnc#807334). - No longer use the cifs- or smbfstab named configuration file on post-12.2
  systems; (bnc#804822); (bnc#821889). - Shift the smbfs init script nfs dependency from Required to Should. - Fix SMB1 Session Setup AndX handling with a large krb PAC;
  (bso#9658); (bnc#802031). - Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to
  generate the default share snippets on pre-12.2 systems. - Explicitly configure --with-ads. - Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350). - Remove superfluous quotation marks while setting the
  SAMBA_VERSION_VENDOR_SUFFIX string. - Do not restart the smbfs service on pre-11.3 systems during dhcp lease
  renewal when the IP address remains the same; (bnc#800782). - Update to 4.0.3.
  + Fix ACL problem with delegation of privileges and deletion of accounts
    over LDAP interface; add documentation; (bso##8909).
  + check_password_quality: Handle non-ASCII characters properly; (bso##9105).
  + Fix 'smbd' panic triggered by unlink after open; (bso##9571).
  + smbd: Fix memleak in the async echo handler; (bso##9549).
  + defer_open is triggered multiple times on the same request; (bso#9196).
  + Add extra attributes for AD printer publishing; (bso#9378).
  + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461).
  + Downgrade v4 printer driver requests to v3; (bso#9474).
  + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers;
    (bso#9481).
  + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499).
  + waf assumes that pythonX.Y-config is a Python script; (bso#9503).
  + s4:drsuapi: Make sure we report the meta data from the cycle start;
    (bso#9508).
  + wafsamba: Use additional xml catalog file; (bso#9512).
  + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517).
  + conn->share_access appears not be be reset between users; (bso#9518).
  + Remove superfluous bracket in samba.8.xml; (bso#9528).
  + Fix typo in vfs_tsmsm.8.xml; (bso#9530).
  + terminate the irpc_servers_byname() result with
    server_id_set_disconnected(); (bso#9540).
  + Make use of posix_openpt; (bso#9541).
  + Fix build of vfs_commit and plug in async pwrite support; (bso#9544).
  + Fix aio_suspend detection on FreeBSD; (bso#9546).
  + Correctly detect O_DIRECT; (bso#9548).
  + sigprocmask does not work on FreeBSD to stop further signals in a signal
    handler; (bso#9550).
  + smb.conf(5): Update list of available protocols; (bso#9552).
  + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555).
  + Fix compilation of Solaris ACL module; (bso#9564).
  + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional
    level) produces dbcheck errors; (bso#9565).
  + Add dbwrap_tool.1 manual page; (bso#9568).
  + Document the command line options in dbwrap_tool(1); (bso#9568).
  + ntlm_auth(1): Fix format and make examples visible; (bso#9569).
  + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients;
    (bso#9572).
  + Fix a possible null pointer dereference in spoolss; (bso#9574).
  + Duplicate flags defined in the winbindd protocol; (bso#9575).
  + gensec: Allow login without a PAC by default; (bso#9581).
  + smbd: disk_free: sys_popen() failed" message logged in /var/log/message
    many times; (bso#9586).
  + Archive flag is always set on directories; (bso#9587).
  + ACLs are not inherited to directories for DFS shares; (bso#9588).
  + Correct meta data in ldb manpages; (bso#9591).
  + s3-winbind: Fix the build of idmap_ldap; (bso#9595).
  + Linked attribute handling should be by GUID; (bso#9596).
  + Fix timeouts of some IRPC calls; (bso#9598).
  + Use pid,task_id as cluster_id in process_single just like process_prefork;
    (bso#9598).
  + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609).
  + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610). - Update to 4.0.2.
  + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both
    don't apply to any SUSE Samba post-3.6.10 as it isn't longer built.
  + Don't build and package static libraries. - Drop separate build-source-timestamp file as it led to a second, incorrect
  Source Timestamp line. - Add server-side copy support; (fate#314770).
  + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers.
  + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage. - Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2. - Disable SWAT during configure and don't package it any longer. - Remove dangling references to Heimdal from the spec file. - Remove /lib/samba prefix from the localstatedir configure option. - Update to 4.0.1.
  + Samba 4.0.0 as an AD DC may provide authenticated users with write access
    to LDAP directory objects; CVE-2013-0172; (bnc#798364). - Add the missing get_printing_ticket binary path while calling the
  set_permissions macro; (bnc#783375). - Use the version macro while definition of the branch macro. - Remove references to no longer used devel macros. - Update to 4.0.0.
  + Honor password complexity settings; (bso#9414).
  + Install SWAT *.msg files with waf; (bso#9415).
  + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES;
    (bso#9438).
  + developer-build: Fix panic when acl_xattr fails with access denied;
    (bso#9456).
  + Fix "map username script" with "security=ads" and Winbind; (bso#9457).
  + Install manpages only if we install the target; (bso#9459).
  + Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
  + Users can not be given write permissions any more by default; (bso#9462).
  + Fix MMC crashes; (bso#9470).
  + Fix SEGV when using second vfs module; (bso#9471).
  + Support FIPS mode when building Samba; (bso#9479).
  + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481). - netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken;
  (bso#9438).
- s3:auth: fix create_token_from_sid() to not fail in the winbindd case;
  (bso#9457).
- s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags
  control is given; (bso#9470).
- Support FIPS mode when building Samba; (bso#9479).
- s4:provision: set the correct nTSecurityDescriptor; (bso#9481). - SEGV when using second vfs module; (bso#9471). - Update to 3.6.10.
  + Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
  + Fix segfault when "default devmode" is disabled; (bso#9433).
  + Fix segfaults in "log level = 10" on Solaris; (bso#9390). - s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED;
  (bso#9456).
- Install manpages only if we install the target; (bso#9459).
- Users can not be given write permissions any more by default; (bso#9462). - Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094);
  (bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
  (bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
  (bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460). - Update to 4.0.0rc6.
  See WHATSNEW.txt from the samba-doc package. - On uninstall remove winbind from the pam configuration, invalidate the nscd
  passwd and group cache and only recommend the install of nscd; (bnc#792340). - BuildRequire libnscd-devel once. - Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294).
- Add SUSE version depending pkg-config requires macro; (bnc#792294). - Define library names and use it instead of libldb1, libnetapi0,
  libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and
  libwbclient0; (bnc#792294).
- Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems. - Don't clutter the spec file diff view; (bnc#783384). - Fix fd leak causing 100% CPU in winbind on certain dc connection
  failures; (bso#9436); (bnc#786677). - Fix spoolss segfault when default devmode is disabled; (bso#9433);
  (bnc#791183). - Update to 4.0.0rc5.
  See WHATSNEW.txt from the samba-doc package. - ACL masks incorrectly applied when setting ACLs; (bso#9236).
- s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272).
- lib/replace: replace all *printf function if we replace snprintf; (bso#9390).
- lib/addns: don't depend on the order in resp->answers[]; (bso#9402). - s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209).
- lib/krb5_wrap: request enc_types in the correct order; (bso#9272).
- Fix net ads join message for the dns domain; (bso#9326).
- docs-xml: fix use of <smbconfoption> tag; (bso#9345).
- s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359).
- s3:winbind: Failover if netlogon pipe is not available; (bso#9386). - Execute the run_permissions macro on pre-11.4 systems and else the
  set_permission one if available. - Ensure adding the winbind group never can fail. - Create ntadmin group only if it doesn't yet exist. - Update to 3.6.9.
  + When setting a non-default ACL, don't forget to apply masks to
    SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236).
  + Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
  + Fix segfault in smbd if user specified ports out for range; (bso#9218). - quota: Don't force the block size to 512; (bso#3272).
- Fix poll replacement to become a msleep replacement; (bso#8107).
- Fix wrong test == syntax in configure; (bso#8146).
- Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344).
- Fix builtin forms order to match Windows again; (bso#8632).
- Fix RAW printing for normal users; (bso#8769); (bnc#790741).
- Initialise ticket to ensure we do not invalid memory; (bso#8788).
- Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966).
- Fix crash on null pam change pw response; (bso#9013).
- Connection to outbound trusted domain goes offline; (bso#9016).
- Increase debug level for info that the db is empty; (bso#9112).
- 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117).
- Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
- Open printers with the right access mask; (bso#9154).
- Fix makerpms.sh on RHEL; (bso#9165).
- Remove non-existent option '-Y' from winbindd manpage; (bso#9171).
- Add quota support for gfs2; (bso#9172).
- Make SMB2 compound request create/delete_on_close/close work as Windows;
  (bso#9173).
- Empty SPNEGO packet can cause smbd to crash; (bso#9174).
- pam_winbind: Match more return codes when wbcGetPwnam has failed;
  (bso#9177).
- Fix crash bug in idmap_hash; (bso#9188); (bnc#788159).
- SMB2 Create doesn't return correct MAX ACCESS access mask in blob;
  (bso#9189).
- Fix service control for non-internal services; (bso#9192).
- Don't take 'state->te' as indication for "was_deferred"; (bso#9196).
- Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209).
- Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213).
- Fix segfault in smbd if user specified ports out for range; (bso#9218).
- Signing cannot be disabled for SMB2 by design, so fix the documentation
  instead; (bso#9222).
- Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry;
  (bso#9231).
- When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER
  and SMB_ACL_GROUP entries; (bso#9236).
- lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259).
- Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart;
  (bso#9268).
- Add support for reloading systemd services; (bso#9280). - Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719). - Do not write the build date into the header of the default smb.conf as this
  causses superfluous rebuilds of packages depending on samba; (bnc#781601). - Do not prerequire SuSEconfig.permissions as it's already enough and more
  generic to depend on the permissions package; (bnc#782293). - Update to 3.6.8.
  + Fix crash bug in smbd caused by a blocking lock followed by close;
    (bso#9084).
  + Fix Winbind panic if we couldn't find the domain; (bso#9135). - Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
  (bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
  (bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
  (bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
  parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
  (bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
  on delete requests; (bso#9150). - NMB registration for a duplicate workstation fails with registration
  refuse; (bso#9085); (bnc#770056). - Remove backup files caused by running configure in examples/VFS. - Update to 3.6.7.
  + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
  + Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params
  for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure;
  (bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error
  instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062). - Create missing doc directories while install.
- Remove no longer existing Manifest file from install.
- Don't creat a link to non existend html man pages for swat.
- Don't call the no longer existing libsmbclient testsuit while build. - Configure with option --mandir instead --with-mandir.
- Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and
  - -with-swatdir configure options. - Update to 4.0.0beta4.
  See WHATSNEW.txt from the samba-doc package. - BuildRequire gcc, make, and patch; (bnc#771516). - ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262). - Fix shell syntax in dhcpcd hook script; (bnc#769957). - Add missing int declaration to the net kdc lookup patch. - Update to 4.0.0beta2.
  See WHATSNEW.txt from the samba-doc package. - Update to 3.6.6.
  + Fix possible memory leaks in the Samba master process; (bso#8970).
  + Fix uninitialized memory read in talloc_free(); (bnc#764577).
  + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983). - resolve_ads() code can return zero addresses and miss valid DC IP addresses;
  (bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
  (bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
  (bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
  (bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
  (bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
  accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995). - Call autogen.sh even on post-12.1 SUSE systems. - Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems.
- Recompile all IDL in any case. - BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora
  systems. - Install talloc.pc only on pre-12.2 and non SUSE systems. - BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and
  libtevent-devel on post-12.1 systems. - s3: Fix a segfault with debug level 3 on Solaris; (bso#8861).
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
  (bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
  in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
  cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
  smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
  modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
  test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
  (bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (bso#8612);
  (bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
  return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
  list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
  (bso#8882). - Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems.
- BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and
  libtevent0-devel on post-12.1 systems. - Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731). - docs-xml: fix default name resolve order; (bso#7564).
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
  (bnc#730769).
- s3-docs: Prepend '/' to filename argument; (bso#8826). - Update to 3.6.5.
- Restrict self granting privileges where security=ads for Samba post-3.3.16;
  CVE-2012-2111; (bnc#757576). - Remove all precompiled idl output to ensure any pidl changes take effect;
  (bnc#757080). - Update to 3.6.4.
- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe-
  cution as the "root" user; PIDL based autogenerated code allows overwriting
  beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys;
  (bso#8599).
- Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions;
  (bso8749).
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
  persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
  (bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
  NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
  account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
  (bso#8807); (bnc#751454). - Remove obsoleted Authors lines from spec file for post-11.2 systems. - Make ldapsmb build with Fedora 15 and 16; (bso#8783).
- BuildRequire libuuid-devel for post-11.0 and other systems.
- Define missing python macros for non SUSE systems.
- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.
- Always use cifstab instead of smbfstab on non SUSE systems. - Ensure AndX offsets are increasing strictly monotonically in pre-3.4
  versions; CVE-2012-0870; (bnc#747934). - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). - s3-printing: fix crash in printer_list_set_printer(); (bso#8762);
  (bnc#746825). - s3:winbindd fix a return code check; (bso#8406). - s3: Add rmdir operation to streams_depot; (bso#8733). - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
  (bso#8738); CVE-2013-0454; (bnc#811975). - s3:auth: fill the sids array of the info3 in
  wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). - s3:client: ignore SMBecho errors (the server may not support it);
  (bso#8139). - Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
  enabled and don't unintentionally use a bogus domain name; (bso#8734). - smbclient fails with posix large reads; (bso#8727). - Use the smbfs init script on versions pre-11.3, or cifs in later versions;
  (bnc#744614). - s3: Compile IDL files in autogen, some configure tests need this. - Fixes various deadlocks in if-up.d / if-down.d when running under
  systemd; (bnc#732395). - Update to 3.6.3.
  + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724);
    (bnc#743986). - Use spdx.org compliant license names for all packages. - Update to 3.6.2.
  + Make Winbind receive user/group information (bug #8371).
  + Several SMB2 fixes.
  + Fix a crash bug in the spoolss code.
  + Add new contributing FAQ announcing acceptance of corporate (C).
  + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504).
  + Fix cli_write_and_x() against OS/2 print shares; (bso#5326).
  + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563);
    (bnc#726145).
  + Remove pointless use_memory_krb5_ccache; (bso#7465).
  + Fix perl path; (bso#8176).
  + Grant credits in async interim responses (SMB2); (bso#8357).
  + Make Winbind receive user/group information; (bso#8371).
  + Fix Windows XP clients crashing smbd process every once in a while;
    (bso#8384); (bnc#731571).
  + Make VFS op "streaminfo" stackable; (bso#8419).
  + Add an allocation pool to idmap_autorid; (bso#8444).
  + Fix SEGFAULT from net registry export on not zero terminated REG_SZ
    values; (bso#8528).
  + Make DSO_EXPORTS_CMD more portable; (bso#8531).
  + readlink() on Linux clients fails if the symlink target is outside of the
    share; (bso#8541).
  + smbclient posix_open command fails to return correct info on open file;
    (bso#8542).
  + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548).
  + Fix setting the machine account password; (bso#8550).
  + Make SMB2 handle compound request headers in the same way as Windows;
    (bso#8560).
  + Password change settings not fully observed; (bso#8561).
  + Fix double free error in talloc; (bso#8562).
  + Fix alignment in the non-extended-security negprot; (bso#8573).
  + Add systemd service files; (bso#8575).
  + Add systemd service files; (bso#8575).
  + smb2_flush: Don't send uninitialized memory; (bso#8579).
  + Enable inotify if sys or kernel inotify is available; (bso#8580).
  + Increase a debug level; (bso#8585).
  + libsmb: Only align unicode pipe_name; (bso#8586).
  + Fix marshalling of samr_ChangePasswordUser3; (bso#8591).
  + Don't limit the number of open dptrs for SMB2; (bso#8592).
  + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
  + Make cldap work over IPv6; (bso#8600).
  + Fix intermittent print job failures caused by character conversion errors;
    (bso#8606).
  + Improve configure.in so it can be used outside the Samba source tree;
    (bso#8607).
  + Winbind: Don't fail on users without a uid; (bso#8608).
  + Ensure we correctly calculate reply credits over all returned SMB2
    replies; (bso#8614).
  + Fix migrate printer code; (bso#8618).
  + Fix crash bug when trying to browse Samba printers; (bso#8623).
  + libsmb: Don't duplicate Kerberos service tickets; (bso#8628).
  + POSIX ACE x permission becomes rx following mapping to and from a DACL;
    (bso#8631).
  + When returning an ACL without SECINFO_DACL requested, we still set
    SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
  + Fix the vfs_commit module; (bso#8639).
  + Add an update function for Winbind cache; (bso#8643).
  + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries
    on a directory with no stored ACL; (bso#8644).
  + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb
    vfs modules; (bso#8652).
  + Fix deleting a symlink if the symlink target is outside of the share;
    (bso#8663).
  + Fix renaming a symlink if the symlink target is outside of the share;
    (bso#8664).
  + Fix NT ACL issue; (bso#8673).
  + Fix buffer overflow issue with AES encryption in samba traffic analyzer;
    (bso#8674).
  + Fix Winbind segfault if we can't map the last user; (bso#8678).
  + recvfile code path using splice() on Linux leaves data in the pipe on
    short write; (bso#8679).
  + Try ctdbd_init_connection() as root; (bso#8684).
  + Packet validation checks can be done before length validation causing
    uninitialized memory read; (bso#8686).
  + Fix typo in 'net memberships' usage; (bso#8687).
  + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket();
    (bso#8692).
  + Make DeletePrinterDriverEx remove printer driver files; (bso#8697)
    (bnc#740810).
  + Fix major leak with SMB2 in connections.tdb; (bso#8710). - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). - Use correct license, LGPLv3+ for libwbclient packages. - When returning an ACL without SECINFO_DACL requested, we still set
  SEC_DESC_DACL_PRESENT in the type field; (bso#8636). - Fix incorrect types in the full_audit VFS module. Add null terminators to
  audit log enums; (bnc#742885). - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810).
- Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). - Buffer overflow issue with AES encryption in samba traffic analyzer;
  (bso#8674).
- NT ACL issue; (bso#8673).
- Deleting a symlink fails if the symlink target is outside of the share;
  (bso#8663).
- connections.tdb - major leak with SMB2; (bso#8710). - Renaming a symlink fails if the symlink target is outside of the share;
  (bso#8664). - Intermittent print job failures caused by character conversion errors;
  (bso#8606).
- ads_keytab_verify_ticket mixes talloc allocation with malloc free;
  (bso#8692).
- libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
- s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684).
- s3-printing: fix migrate printer code; (bso#8618).
- Packet validation checks can be done before length validation causing
  uninitialized memory read; (bso#8686). - net memberships usage info was wrong; (bso#8687).
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
  write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
  a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
  vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
  (#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
  (bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
  aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
  (#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
  (bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
  share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
  ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419). - Fix incorrect perfcount array length calculations; (bnc#739258). - BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. - Remove call to suse_update_config macro for post-11.4 systems. - Use samba.org for the ldapsmb source location. - Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile;
  (bnc #729516). - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
  (bso#8631); (bnc#732572). - Add ldap to Should-Start and Stop of the smb init script; (bnc#730046). - Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571). - Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564). - Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145). - Fix typo in net ads join output; (bnc#713135). - Ignore a potentially missing AppArmor snippet helper script; (bnc#725256). - Update to 3.6.1.
  + Fix smbd crashes triggered by Windows XP clients; (bso#8384).
  + Fix a Winbind race leading to 100% CPU load; (bso#8409).
  + Several SMB2 fixes.
  + The VFS ACL modules are no longer experimental but production-ready.
  + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
  + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
  + Return error of cli_push when 'put - /some/file' is used; (bso#7551).
  + Fix usage of cli_errstr(); (bso#7864).
  + Fix 'widelinks' regression; (bso#8229).
  + Empty notify servername; (bso#8236).
  + Add man vfs_aio_fork; (bso#8256).
  + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
    (bso#8334).
  + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
  + While migrating forms, don't fail if the form already exists; (bso#8351).
  + OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
  + Fix build of vfs_prealloc on SLES8; (bso#8363).
  + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
  + Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
  + Fix vfs_chown_fsp; (bso#8370).
  + Fix smbd crashes triggered by Windows XP clients; (bso#8384).
  + Fix smbclient access to NT4 shares; (bso#8385).
  + Optimize serverid_exists() for Solaris; (bso#8395).
  + registry/reg_format.c must include includes.h; (bso#8401).
  + SMB2 server can return requests out-of-order when processing a compound
    request; (bso#8407).
  + Fix a Winbind race leading to 100% CPU load; (bso#8409).
  + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
    SMB2; (bso#8412).
  + Fix 'getent group' if trusted domains are not reachable; (bso#8420).
  + Fix infinite loop in ACL module code; (bso#8422).
  + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
  + Compound SMB2 requests on an IPC connection can corrupt the reply stream;
    (bso#8429).
  + Fix segfault in iconv.c; (bso#8433).
  + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
    (bso#8442).
  + Be smarter about setting default permissions when a ACL_USER_OBJ isn't
    given; (bso#8443).
  + Check the wct of the incoming SMBnegprot responses; (bso#8452).
  + Fix smbclient segfaults when dialect option -m is used for legacy
    dialects; (bso#8453).
  + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
  + Samba PDC is looking up only primary user group; (bso#8455).
  + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
  + smb2_find uses a hard coded max reply size of 0x10000 instead of
    smb2_max_trans; (bso#8473).
  + SMB2 create doesn't cope with an Apple client using NULL blob in create;
    (bso#8474).
  + Don't call smbd_terminate_connection in smb2_validate_message_id();
    (bso#8476).
  + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
  + Map to guest can return uninitialized blob of data; (bso#8477).
  + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
  + DFS breaks zip file extracting unless "follow symlinks = no" set;
  (bso#8493).
  + Remove "experimental" label on VFS ACL modules; (bso#8494).
  + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
  + smbd doesn't correctly honor the "force create mode" bits from a cifsfs
    create; (bso#8507).
  + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
    (bso#8509).
  + Disallow "." in can_set_delete_on_close(); (bso#8515).
  + SMB2 create call returns incorrect file allocation size; (bso#8518).
  + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
    (bso#8520).
  + Winbind cache timeout expiry test was reversed; (bso#8521). - s3/doc: add man page for aio_fork vfs module. - Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). - s3: Samba PDC is looking up only primary user group; (bso#8455). - Add script to create or update an AppArmor sniplet with permissions for all
  Samba shares; (bnc#688040). - Add "ldapsam:login cache" parameter to allow explicit disabling
  of the login cache; (bnc#723261). - Retain the smbd startproc return value for correct startup status reporting.
  unset was incorrectly being called prior to rc_status; (bnc#723724). - Prevent deadlock in systemd triggered by if-down.d handler on shutdown;
  (bnc#721598). - smb2_find uses a hard coded max reply size of 0x10000 instead of
  smb2_max_trans; changed defaults and documentation (bso8473). - Empty CIFS share can be blocked for other clients by deleting it via empty
  path (DELETE_PENDING until the last client); (bso#8515). - winbindd cache timeout expiry test was reversed; (bso#8521). - Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). - s3:smb2_create: fix allocation size return value when opening existing
  files; (bso#8518). - SMB2 create doesn't cope with an Apple client using NULL blob in create;
  (bso#8474). - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
  (bso#8442). - s3-docs: Fix bug (bso#7908) and typo. - Return error of cli_push when 'put - /some/file' is used; (bso#7551). - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). - smbd doesn't correctly honor the "force create mode" bits from a cifsfs
  create; (bso#8507). - Default user entry is set to minimal permissions on incoming ACL change with
  no user specified; (bso#8443). - smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). - Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
  Internet Explorer 9 on Windows 7 to download files; (bso#8458). - DFS breaks zip file extracting unless "follow symlinks = no" set;
  (bso#8493). - s3-docs: Fix typos. - s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). - Remove "experimental" label on VFS ACL modules; (bso#8494). - acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). - s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476). - s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
  (bso#7465). - smb2_find uses a hard coded max reply size of 0x10000 instead of
  smb2_max_trans; (bso#8473). - s3-netapi: allow to use default krb5 credential cache for libnetapi users. - s3-docs: document -k switch in net manpage. - Map to guest can return uninitialized blob of data; (bso#8477). - s3-registry: registry/reg_format.c must include includes.h; (bso#8401). - smbclient segfaults when option -m is used for legacy dialects; (bso#8453). - Fix 'widelinks' regression intro'd in 3.2; (bso#8229). - Compound SMB2 requests on an IPC connection can corrupt the reply stream;
  (bso#8429). - s3-spoolss: Fix bug forms migration; (bso#8351). - s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452). - s3: Do not fork the echo handler for smb2; (bso#8334). - s3-spoolss: Fix bug empty notify servername; (bso#8236). - SMB2 server can return requests out-of-order when processing a compound
  request; (bso#8407). - Remove smb child crash fix.  The issue had been fixed upstream differently. - BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems. - Fix samba duplicates file content on appending. Move posix case semantics
  out from under the VFS; (bso#6898); (bnc#681208). - Make winbind child reconnect when remote end has closed, fix
  failing sudo; (bso#7295); (bnc#569721). - Spec file cleanup as suggested by the spec-cleaner tool.
  + Make all BuildRequires, PreReq, and Provides a separate line.
  + Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
  + Use straight commands instead of macros (make, install).
  + Use -p in post and postun if we only call one command.
  + Use %{_localstatedir} instead of %{_var} in the filelist.
  + Remove superfluous AutoReqProv on lines. - Remove %release from all Provides. - Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433). - Use /var/run for the cifs state file in the init script too; (bnc#710304). - Microsoft Word from Microsoft Office 2007 fails to save as on a share with
  SMB2; (bso#8412). - Use sys_write and sys_read in fork_domain_child to fix a winbind race
  leading to 100% CPU usage; (bso#8409). - Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428). - Fix infinite loop in ACL module code; (bso#8422). - Fix getent group if trusted domains are not reachable; (bso#8420). - smbclient can't access a NT4 share since 3.6.0; (bso#8385). - Optimize serverid_exists() for Solaris; (bso#8395). - talloc:
  + check block count after references test.
  + added test suite for talloc_free_children().
  + license info erratum in the manpage.
  + fix typos and better differentiation between versions 1 and 2.
  + preserve context name on talloc_free_children().
  + ensure the sibling linked list remains valid during a free. - vfs_chown_fsp returned in the wrong directory; (bso#8370). - Remove irritating "." targets when recent system libs exist; (bso#8369). - Correctly initialize "idmap config * : script" with NULL; (bso#8368). - Add missing include to suppress compiler warnings; (bso#8365). - Point the chain offset beyond the current request; (bso#8360). - Fix gpfs vfs module build; (bso#8364). - Make vfs_prealloc even build on older systems; (bso#8363). - Do central cli_set_error and return the actual NTSTATUS; (bso#7864). - Add a fallback for missing open&x support in OS/X Lion; (bso#8338). - Update to 3.6.0.
  + BUG 7462: Make SA_RESETHAND conditional on its existance.
  + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined.
  + BUG 8324: smbclient cannot list directories from a big-endian machine.
  + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
  + BUG 8327: Fix the reload of the configuration, also reload activated
    registry shares.
  + BUG 8328: Cleanup of idmap_tdb2 code.
  + BUG 8330: Fix NFSv4 ACL merging logic.
  + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
  + BUG 8341: Fix segfault in libsmbclient.
  + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
  + BUG 8347: Fix regression for HP-UX, AIX and OSF.
  + BUG 8357: Make sure we grant credits on async read/write operations.
  + BUG 8358: Fix a bug in run_poll_events().
  + BUG 8362: Fix build issue on old glibc systems. - Remove references to disabled vscan build. - Add missing define, includes, and initialization to get_printing_ticket. - Use /var/run for the cifs state file; (bnc#710304). - Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303). - File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335). - Fix reload of the configuration and also reload activated registry shares;
  (bso#8327). - WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326). - smbclient cannot list directories from a big-endian machine; (bso#8324). - Update to 3.6.0rc3.
  + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
  + BUG 7888: Deal with buggy 3.0 based PDCs.
  + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb
    module.
  + BUG 8102: Do not allow to change file ACLs from normal domusers.
  + BUG 8102: Do not allow to change file ACLs from normal domusers.
  + BUG 8193: Add new command 'enumerate_recursive'.
  + BUG 8195: Make rpc client code working against NT4 servers.
  + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is
    set.
  + BUG 8213: Fixes in idmap_autorid.
  + BUG 8214: Fix smbd crash on printer driver upgrade.
  + BUG 8215: Fix Winbind unix username lookup.
  + BUG 8216: Make Winbind returning correct results with 'sids2xids'.
  + BUG 8217: Do not stat-check the share path in 'net conf addshare'.
  + BUG 8219: Fix SMB Panic from Windows 7 client.
  + BUG 8224: Fix the build on FreeBSD.
  + BUG 8226: Use c99 initializers which are supported by old gcc 2.95
    compilers.
  + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd.
  + BUG 8231: Fix crash bug in 'net cache get'.
  + BUG 8235: Fix smbd crash on startup caused by migrate_printer().
  + BUG 8240: Fix Valgrind warnings in winreg/spoolss code.
  + BUG 8244: Fix copying files larger than 2 GB to a Samba share.
  + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL.
  + BUG 8253: Fix Winbind panic if verify_idpool() fails.
  + BUG 8254: Fix "acl check permissions = no".
  + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes.
  + BUG 8262: Fix build of vfs_commit.
  + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl.
  + BUG 8264: Fix Valgrind bugs in svcctl.
  + BUG 8276: Close all sockets attached to a subnet in close_subnet().
  + BUG 8278: Fix smbd panic when CTDB is unhealthy.
  + BUG 8281: Fix build of examples/VFS/*.
  + BUG 8286: Fix smbd crash on premature end of smb2 conn.
  + BUG 8292: Fix a major architectural flaw in the SMB2 server code.
  + BUG 8293: Fix log file rotating in SMB2.
  + BUG 8304: Fix uninitialized variable in error path.
  + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'..
  + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all
    locks.
  + BUG 8310: toupper_ascii() is broken on big-endian systems.
  + BUG 8314: Fix smbd crash with unknown user.
  + Mark 'time offset' parameter as deprecated. - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
  affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
  (bnc#708503). - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
  affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
  (bnc#705241). - Fixed the DFS referral response for msdfs root; (bnc#703655). - Fix CUPS print job IDs; (bso#7288); (bnc#701257). - Make use of the actual library version as part of the package name on
  post-11.3 systems only. - Fix winbind internal error; (bso#7636); (bnc#659424). - Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
  (bnc#705170). - Specify nmbdsocketdir at configure time; (bnc#700953). - Build the tdb, talloc, and tevent libraries ahead of anything else. - Update to 3.6.0rc2.
  + BUG 6911: Fix Kerberos authentication from Vista to Samba.
  + BUG 8166: Don't lockout users when offline.
  + BUG 8200: Add support for multiple writeable ldap idmap domains.
  + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
  + BUG 7054: Fix X account flag when "pwdlastset" is "0".
  + BUG 8144: Fix setting timestamp when touching files with CIFS clients.
  + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
  + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
  + BUG 8157: Fix parsing a cups printcap file.
  + BUG 8175: Fix smbd deadlock.
  + BUG 8189: Support shadow copy display over SMB2.
  + BUG 8197: Winbind does not properly detect when a DC connection is dead.
  + BUG 8203: Winbind needs to reset the DC connection if an RPC times out. - Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209). - Add "winbind max clients" parameter to remove 200-client
  limit; (bnc#697461). - Disable logon cache for password lockout consistency when
  running in a cluster; (bnc#694836). - Fix logon of AD users with many group memberships; (bso#6911);
  (bnc#657026). - Don't lockout users while offline; (bso#8166); (bnc#692607). - Update to 3.6.0rc1.
  + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
  + BUG 8112: POSIX extension opens of a directory are denied with EISDIR.
  + BUG 8132: Fix filling printers location field when using cups.
  + Remove fstrings from client struct.
  + BUGFIX when converting from safe_strcpy to strlcpy.
  + Fix off-by-one calculations with strlcpy.
  + Ensure we always write the correct incoming mid into the share mode table
    entries.
  + Fix the SMB2 oplock showstopper.
  + Convert user-specified domain to uppercase in libsmb.
  + Fix Coverity CID #2302: FORWARD_NULL.
  + Fix cups_pull_comment_location().
  + Fix double free of cups request.
  + Make cups_pull_comment_location() work again.
  + Fix potential crash bug in display_print_driver3().
  + Properly clean up in pthreadpool_init in case of failure.
  + Make plaintext session setup async.
  + Reduce fd load in Winbind children.
  + Avoid a potential 100% CPU loop in Winbind.
  + Tune broadcast namequeries for unique names.
  + Properly deal with exited winbind children.
  + Fix dup_smb2_vec3.
  + Fix return check in nss_wins. - Fix to renew the kerberos ticket in samba after expiry; (bnc#669949). - Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945). - Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969). - Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946). - Package static libraries with 0644 permissions. - Add Requires libtalloc-devel to libldb-devel and libtevent-devel. - Rename libldb0 to libldb1 as 1 is the current major version of the library.
- Add libldb1 and libtevent0 to baselibs.conf. - Don't call the suse_update_config macro before building lib ldb and tevent. - Update to 3.6.0pre3.
  + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383).
  + Fix wrong output in 'smbget'; (bso#8066).
  + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or
    vfs_acl_tdb module; (bso#8083).
  + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null;
    (bso#8088).
  + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099).
  + Fix the build of 'smbget' on HP NonStop; (bso#8106).
  + Fix build of tdb2.
  + Correctly detect and deny symlinks anywhere in a path (not just the last
    component) if "follow symlinks = no".
  + Fix timeout in rpc_pipe_open_tcp_port().
  + Fix the build of "--with-profiling-data".
  + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470,
    2471, 2478.
  + nsswitch: Add 'wbinfo --lookup-sids'.
  + nsswitch: Add 'wbinfo --sids-to-unix-ids'.
  + Fix smbd with the async echo responder.
  + Fix the build of vfs_gpfs.c.
  + Add a 10-second timeout for the 445 or netbios connection to a DC.
  + Many pthreadpool fixes.
  + Fix transaction recovery area for converted tdbs. - Add PreReq permissions to the krb-printing package. - Remove _libdir ldb and tevent from file list.
- Explicitly state not to bundle talloc or tdb while ldb and tevent build. - Always use the actual library version as part of the package name.
- Exclude shared python modules. - Fix printing from Windows 7 clients; (bso#7567); (bnc#687535). - Update pidl and always compile IDL at build time; (bnc#688810). - Update to 3.6.0pre2.
  + ID Mapping changes.
  + Implement SMB2 support.
  + Add an Endpoint Mapper daemon.
  + Make "rlimit_max below minimum Windows limit" notification less scary;
    (bso#6837).
  + Quota only shown when logged as root; (bso#7080).
  + Fix printing from Windows 7; (bso#7567).
  + Retry DNS updates when connection to one nameserver has failed; (bso#7690).
  + Unlink may unlink wrong file when hardlinks are involved; (bso#7863).
  + Fix 'nmbd --port'; (bso#7875).
  + cmd_spoolss_deletedriver() returned without checking all architectures;
    (bso#7880).
  + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
  + Fix cups pcap reload with no printers; (bso#7915).
  + Fix bug in chain_reply; (bso#7917).
  + Fix problems with "kernel oplocks" option set to "no"; (bso#7928).
  + Fall back for utimes calls; (bso#7940).
  + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
  + Let winbind try to use samlogon validation level 6; (bso#7945).
  + Sgid bit lost on folder rename; (bso#7996).
  + Fix getting username in 'net rap session'; (bso#8009).
  + Fix inode generation so nautilus can count total dir size correctly;
    (bso#8010).
  + Use jenkins hash for str_checksum; (bso#8010).
  + Add explicit configure option whether or not to enable dmapi support;
    (bso#8033).
  + Fix smbclient segfault with Cyrillic netbios names; (bso#8040).
  + Fix file creation on OS/X; (bso#8042).
  + Add "--option" to 'testparm'.
  + Fix crash bug on smbd shutdown when using FOPENDIR().
  + Ensure we don't return an incorrect access mask.
  + Fix bug against the new Mac client.
  + Fix leak in error path.
  + Fix error where Windows client spoolss returns WERR_INVALID_DATA.
  + Fix a segfault in the krb5 locator plugin.
  + Enable sharesec for registry shares.
  + Fix memory leak in "security=share" and "force user".
  + Add "net idmap check", a check and repair tool for the
    id mapping database.
  + Add new 'net idmap delete' command.
  + Fix segfault on missing input file in 'net idmap restore'.
  + Fix 'net usersidlist' not to skip every other user.
  + Fix potential crash bug in spoolss_PrinterEnumValues push path.
  + Internal restructuring.
  + Don't wipe out all printer drivers when only one should be deleted.
  + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
  + Fix memory leak in print_cups.c.
  + Remove duplicate cups response processing code.
  + Follow force user/group for driver IO.
  + Initiate pcap reload from parent smbd.
  + Reload shares after pcap cache fill.
  + Fix numerous Coverity IDs (2041 and others).
  + Fix a memory leak in check_sam_security_info3.
  + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable.
  + Make "net sam list [users|workstations]" list only the right things.
  + Fix a potential memleak in secrets_fetch_trusted_domain_password.
  + Use the right credentials in check_netlogond_security.
  + Add support for AF_NETLINK addr notifications.
  + Fork multiple Winbind children per domain.
  + Fix a deadlock between smbd and ctdbd.
  + Add 'wbinfo --dc-info'.
  + Make "nmbd socket dir" configurable.
  + Fixed valgrind errors.
  + Fix a memleak in receive_getdc_response.
  + Don't grant SEC_STD_DELETE always to the owner of a file.
  + Fix segfaults on addrchange errors in Winbind.
  + Allow machine accounts as members in groupdb.
  + Add IPv6 support for the endpoint mapper.
  + Free unused memory in the rpc server.
  + Fix possible segfaults in svcctl server.
  + Fix possible segfault with client_id in rpc server.
  + Add a 'svcctl shutdown' function to rpc server.
  + Fix a resource leak in net_afs.
  + Fix a resource leak in smbta-util.
  + Fix possible resource leak in net_usershare.
  + Fix possible resource leak in 'smbget'.
  + Fix possible resource leak in 'smbfilter'.
  + Fix a possible null pointer dereference in smbd.
  + Ensure we send the direct levelII oplock break to the correct fid.
  + Fix private libdir and codepages paths.
- Add RFC 3454 to the vendor files. - Fix idmap_tdb for big-endian systems such as ppc and s390;
  (bso#6901); (bnc#675978). - Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913). - Replace jobs by _smp_mflags macro while calling make on post-11.4 systems. - Don't crash when publishing a single printer; (bnc#643119). - Carry error status in printer list IPC message, do not refresh printers if
  cups is unavailable; (bso#7994); (bnc#675478). - Define the libwbclient packages ahead of packages with a different version. - Use %_smp_mflags for parallel building. - Update to 3.5.8.
  + Fix Winbind crash bug when no DC is available; (bso#7730).
  + Fix finding users on domain members; (bso#7743).
  + Fix memory leaks in Winbind; (bso#7879).
  + Fix printing with Windows 7 clients; (bso#7567).
  + Fix 'testparm' return code when EOF in encountered in param name;
    (bso#3185).
  + Make "rlimit_max below minimum Windows limit" notification less scary;
    (bso#6837).
  + Fix "Your Password expires today" message for users of trusted domains;
    (bso#7066).
  + Fix maintaining of users' groups via UsrMgr; (bso#7262).
  + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356).
  + Raise debug level for "reduce_name: couldn't get realpath" messages;
    (bso#7409).
  + Fix updating the time on close in vfs_gpfs; (bso#7498).
  + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594).
  + Handle Windows 9x adddriver calls without config file; (bso#7641).
  + Fix scalability problem with hundreds of printers; (bso#7656).
  + Fix memory leak in the netapi routines; (bso#7665).
  + Store unmodified copies of security descriptors in acl_xattr and acl_tdb
    modules; (bso#7716).
  + Fix incorrect unix mode_t caused by invalid client DOS attributes on
    create; (bso#7733).
  + Apply appropriate create masks when creating files with "inherit ACLs" set
    to true; (bso#7734).
  + Fix "dfree cache time" parameter; (bso#7744).
  + Fix a getgrent crash with many groups; (bso#7774).
  + Fix requesting lookups for BUILTIN sids; (bso#7777).
  + Fix smbd crash caused by expand_msdfs; (bso#7779).
  + Fix atime limit; (bso#7785).
  + vfs_scannedonly: Switch from mtime to ctime which is more reliable;
    (bso#7789).
  + Fix copying files from a SMB share using Gnome vfs and SMB signing;
    (bso#7791).
  + Make Winbind recover from a signing error; (bso#7800).
  + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb;
    (bso#7812).
  + Fix "force group" with ntlmssp guest session setup; (bso#7817).
  + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
    (bso#7835).
  + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841).
  + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842).
  + Expand the local SAMs aliases; (bso#7843).
  + ntlm_auth: Support clients which offer a spnego mechs we don't support;
    (bso#7855).
  + Fix 'net ads dns register' in cluster setups; (bso#7871).
  + Fix 'nmbd --port'; (bso#7875).
  + Make 'rpcclient deldriver' delete drivers for all architectures;
    (bso#7880).
  + Fix flaky Winbind against Windows 2008; (bso#7881).
  + Fix SMB session setups with Kerberos against some closed source SMB
    servers; (bso#7883).
  + Fix stale lock in open_file_fchmod(); (bso#7892).
  + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894).
  + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name;
    (bso#7896).
  + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
  + Fix connections from WinCE; (bso#7917).
  + Fix opening MS Powerpoint files; (bso#7940).
  + Fix endless loops caused by inotify; (bso#7942).
  + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
  + Let Winbind try to use samlogon validation level 6; (bso#7945).
  + Revalidate the pathname once re-constructed from a root fsp; (bso#7950). - Require a particular library version even if the major version is part of
  the package name.  Using the same major version does not guarantee forward
  compatibility. - Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773). - Update to 3.5.7
  + Protect against possible denial of service caused by memory corruption;
    CVE-2011-0719; (bso#7949); (bnc#670431). - Disable separate build of samba-doc for post-11.1 systems. - Protect against possible denial of service caused by memory corruption;
  CVE-2011-0719; (bso#7949); (bnc#670431). - Increase the log level for missing PIDs on SIGCHLD, printcap child processes
  are not added to the children PID list; (bnc#666460). - Do not require a particular library version if the major version is part of
  the package name. - Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries
  on post-11.3 systems. - Abide by print$ share 'force user' & 'force group' settings when handling
  AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353). - Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded()
  returns false if the pcap cache contains no printer entries. correct call
  ordering is already enforced. (bso#7836); (bnc#625936). - No longer force activation of the cifs service on post-11.3 systems.
- Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4
  systems.
- Move the cifs init script nfs dependencies from Required to Should. - Recommend to install samba-krb-printing from samba-winbind on post-10.3
  systems; (bnc#661845). - Fix error paths in cups_async_callback(), an empty cups printer list should
  not be treated as an error; (bnc#661842). - Abide by printcap cache time, reload parent smbd pcap cache on expiry;
  (bso#7836); (bnc#625936). - Fix race in cups async printer services reload; (bso#7836); (bnc#625936). - Don't tweak with baselibs.conf during %post if not present; (bnc#652620). - Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620). - Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux
  Enterprise 10; (bnc#652620). - vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
  (bso#7835). - Replace Requires samba-client by samba-gplv3-client in the gplv3 packages;
  (bnc#652620). - Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112). - Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind,
  client-gplv2, and doc-gplv2 packages; (bnc#652620). - Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions;
  (bnc#652620). - Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620). - Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind
  package to avoide an accidental install trigger; (bnc#652620). - Add Provides samba-client to the samba-gplv3-client package; (bnc#652620). - Remove all Obsoletes from the samba-gplv3 packages and only keep the
  Provides samba; (bnc#652620). - Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620). - Reduce unnecessary ldap round trips and eliminate invalid DN
  messages; (bnc#654719). - Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux
  Enterprise 10 SP 3 and 4. - Add the _build_arch at the end of the vendor version suffix. - Provide and Obsolete samba-gplv3 to replace potentially installed packages. - Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4.
- Do not package libsmbclient and libsmbsharemodes. - Update to 3.5.6
  + Fix auto printers with registry config; (bso#7280); (bnc#617153).
  + Fix SPNEGO auth when contacting Win7 system using Microsoft Live
    Sign-in Assistant; (bso#7577).
  + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578).
  + Fix "admin users" when using vfs_acl_xattr; (bso#7581).
  + Fix using cached credentials in ntlm_auth; (bso#7589).
  + Fix Winbind offline login; (bso#7590).
  + Fix Winbind internal error; (bso#7636).
  + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651).
  + Fix smbd changing mode of files on rename; (bso#7693).
  + Fix crash bug with invalid SPNEGO token; (bso#7694).
  + Fix smbd panic on invalid NetBIOS session request; (bso#7698).
  + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541).
  + Fix 'smbclient -M'; (bso#7635).
  + Fix scalability problem with hundreds of printers; (bso#7656).
  + Fix crash bug in rpcclient; (bso#7688).
  + Fix file corruption when setting Samba "write wache wize"; (bso#7715). - Let startproc wait for nmb, smb and winbind pid files getting created on
  post-11.1 systems; (bnc#520036). - Include the reviewed french translation for pam_winbind; (bnc#499233). - Fix smbd crash with CUPS printers and no [printers] share defined;
  (bso#7297); (bnc#637755). - Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870). - Fix baselibs.conf for libtalloc. - Fix buffer overflow in sid_parse() to correctly check the input lengths when
  reading a binary representation of a Windows Security ID (SID);
  CVE-2010-3069; (bso#7669); (bnc#637218). - Use cached ntlm password in libsmbclient.  Prevent lockouts
  when kerberos tickets are lost; (bnc#602418); (bnc#606304). - Add a dependency on nfs to the smbfs/ cifs init scripts as they require the
  en_US locale and /usr might be on NFS. - Complete fix for trusts with Windows 2008R2 DCs. - Fix authentication dialogs when connecting to older systems;
  (bnc#632055). - Adjust position of conditional ldapsmb %package and %files definition. - Create the /var/run/samba directory on the fly and package it as %ghost. - Fix preexec scripts; (bso#7104); (bnc#632852). - Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient
  pkgconfig files and BuildRequire pkgconfig; (bnc#632770). - BuildRequire python-devel for post-9.3 systems. - Only create precompiled headers for post-10.2 systems.
- Remove mkinitrd scriptlets. - Add vfs_crossrename man page.
- Call make basic and remove conditional proto target.
- Increase libtevent version to 0.9.9.
- Remove wbc_async header from the file list.
- Remove remaining cifs-mount pieces from the spec file. - Fix printers not auto loading with registry config; (bso#7280);
  (bnc#617153). - Update to 3.6.0pre1.
  + SMB2 support is fully functional despite managing quota using the
    Microsoft management tools.
  + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local
    user and group information.
  + The spoolss and the old RAP printing code have been completely overhauled
    and refactored.
  + The SMB Traffic Analyzer (SMBTA) VFS module got added. - Intilize workgroup of nmblookup as empty string. - Fix net ads join when using parent domain users; (bso#6364);
  (bnc#630812). - cifs: do not restart during dhcp lease renewal when IPaddress remains
  the same; (bnc#573246). - Fix "Too many open files" when trying to access large number of files;
  (bso#6837); (bnc#619787). - Update to 3.5.4.
  + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
    from ldap (bug #7448).
  + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
  + Allow previous password to be stored and use it to check tickets;
    (bso#7099).
  + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188).
  + Fix editing users' groups via UsrMgr; (bso#7262).
  + Fix Winbind over IPv6; (bso#7341).
  + Samba sends "raw" inode number as uniqueid with unix extensions;
    (bso#7410).
  + Fix printing large formats; (bso#7423).
  + Fix spnego returning incorrect mechListMIC string; (bso#7449).
  + Fix some crash bugs and missing error codes in AddDriver paths;
    (bso#7459).
  + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479).
  + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500).
  + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503).
  + Fix numerous build issues; (bso#7504).
  + Fix session setup from linux kernel cifs clients with "sec=ntlmv2";
    (bso#7517). - Remove all provides and obsoletes samba3 from the spec file.  Packages with
  this base name have not been offered as part of a product. - Fix a NULL pointer dereference in smbd of the 3.4 code base;
  CVE-2010-1635; (bso#7229); (bnc#605935). - Address possible buffer overrun in chain_reply code of pre-3.4 versions;
  CVE-2010-2063; (bso#7494); (bnc#611927). - Update of the SMB Traffic Analyzer v2 VFS module - Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873);
  (bnc#592198); (bso#6697). - Update to 3.5.3.
  + Fix MS-DFS functionality; (bso#7339).
  + Fix a Winbind crash when scanning trusts; (bso#7389).
  + Fix problems with SIGCHLD handling in Winbind; (bso#7317).
  + Add replacement for IPV6_V6ONLY on linux systems with broken headers;
    (bso#7196).
  + Fix cups encryption setting; (bso#7263).
  + Fix exporting printers via 'cupsaddsmb' command; (bso#7277).
  + Fix SMB job IDs in CUPS job names; (bso#7288).
  + Fix segfault in mount.cifs; (bso#7315).
  + Make TIME_T_MAX defines consistent; (bso#7352).
  + Re-fix a bug with smbd serving a windows terminal server; (bso#7357).
  + Display an error on 'net conf import' failures; (bso#7378).
  + Fix bitmap leak in dptr_Close; (bso#7384).
  + Fix rename problems with full_audit VFS module; (bso#7398).
  + Fix setting of passwords via 'net rpc user password' command; (bso#7417).
  + Fix 'net rpc printer list' command; (bso#7418).
  + Rename mod_name to module_name; (bso#7421).
- Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.
- Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423).
- Winbind not working over IPv6; (bso#7341). - Honor "interfaces" list in net ad dns register; (bnc#606947). - Exclude the RPM release from the vendor tag for openSUSE Factory;
  (bnc#604049). - Enable the build of the idmap tdb2 module; (bnc#600822). - BuildRequire keyutils-libs-devel for Fedora and post-RHEL4. - BuildRequire pkg-config for post-10.2 systems and else pkgconfig. - Add "net conf import" error messages; (bso#7378, bnc#598189). - Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544). - Update to 3.5.2.
  + Fix smbd segfaults in _netr_SamLogon for clients sending null domain;
    (bso#7237).
  + Fix smbd segfaults in "waiting for connections" message; (bso#7251).
  + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935);
    CVE-2010-1642.
  + Fix a memleak in Winbind; (bso#7278).
  + Fix Winbind reconnection to it's own domain; (bso#7295).
  + Fix segfault if hide files or veto files has no ".AppleDouble";
    (bso#1206).
  + Fix parsing of the gecos field; (bso#5198).
  + Fix several printing issues; (bso#6727).
  + Fix valgrind warning; (bso#6814).
  + Fix race condition in mount.cifs that allows user to replace mountpoint
    with a symlink; (bso#6853).
  + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075).
  + Fix handling of bad server data returns in client rpc_transport;
    (bso#7159).
  + Never mark external domains as internal in Winbind; (bso#7170).
  + Fix access by multi-threaded applications; (bso#7202).
  + Fix 'net share' command; (bso#7203).
  + Fix DN parsing name was always null; (bso#7204).
  + Signals are processed twice in child; (bso#7206).
  + Fix returning of group members with 'getent group'; (bso#7212).
  + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216).
  + Make Winbind logs more verbose for troubleshooting; (bso#7225).
  + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229);
    (bnc#605935).
  + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present;
    (bso#7231).
  + Fix race conditions in CTDB persistent transactions; (bso#7232).
  + Symlink delete fails but incorrectly reports success to client;
    (bso#7234).
  + Fix "printer admin" functionality; (bso#7255).
  + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256).
  + Fix _winreg_QueryValue crash bugs and implement Windows behavior;
    (bso#7258).
  + Fix job management commands for CUPS queues; (bso#7269).
  + Fix smbd segfault if using vfs_acl_tdb; (bso#7283).
  + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290).
  + Fix smbd crashes with CUPS printers and no [printers] share defined;
    (bso#7297).
  + Fix DOS attribute inconsistency with MS Office; (bso#7310).
  + Many disconnecting clients render clustered Samba unusuable for some time;
    (bso#7312).
  + Make 'net conf addshare' atomic; (bso#7313).
  + Eliminate race condition in creating/scanning sorted subkeys in the
    registry backend; (bso#7314).
  + Winbind possibly segfaults when trying a trusted domain without inbound
    trust; (bso#7316). - Add SMB Traffic Analyzer v2 VFS module. - Document "wide links" defaults to "no" in the smb.conf man page for versions
  pre-3.4.6; (bnc#577868). - Fix workgroup enumeration, for client printer and file share
  selection; (bso#6880); (bnc#586215). - Fix tdb validation for offline auth; (bnc#587014). - Fix "printer admin" functionality; (bso#7255). - An uninitialized variable read could cause an smbd crash; (bso#7254);
  (bnc#605935); CVE-2010-1642. - Ensure to have a valid talloc stackframe; (bso#7251). - _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237). - Merge missing pam_winbind message translations; (bnc#499233). - Remove cifs-mount subpackage for post-11.2 systems as the tools are now part
  of the independent cifs-utils package. - Fix join of Windows 2008 domains; (bnc#567013). - Update to 3.5.1 and 3.4.7.
  + Fix security flaw on Linux platforms if built with libcap support allowing
    file system access even when permissions should have denied it;
    CVE-2010-0728; (bso#7222); (bnc#586683). - Fixed libldb.so link in libldb-devel. - Fix argc handling in net_share, making the command "net share"
  work again; (bso#7203); (bnc#584253). - Update to 3.5.0.
  + Fix duplicate sam and unix accounts; (bso#7145).
  + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160).
  + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166).
  + Fix 'net ads dns' usage calls; (bso#7181).
  + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182). - Update to 3.4.6.
  + Change parameter "wide links" to default to "no"; it's also incompatible
    with "unix extensions"; (bso#7104); (bnc#577868).
  + Fix printing with 64 bit clients (bso#6888).
  + Fix core dump on 64 bit Linux (bso#7063).
  + Fix failing of smbd to respond to a read or a write caused by Linux
    asynchronous IO (aio) (bso#7067).
  + Fix string buffer overflow causing heap corruption in smbd (bso#7096).
  + Fix bogus ip address in SWAT; (bso#5885).
  + Fix vfs_full_audit; (bso#6557).
  + Use the first "uid" value; (bso#6157).
  + Fix large paged search with DirX LDAP servers; (bso#6981).
  + Fix crash bug in 'cifs.upcall'; (bso#6868).
  + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
  + Fix DFS on AIX (maybe others); (bso#7052).
  + Fix pdb_search crash as non-root user; (bso#7068).
  + Fix unlocking of accounts from ldap; (bso#7072).
  + Fix vfs_expand_msdfs; (bso#7081).
  + Fix results of 'smbclient -L' with a large browse list; (bso#7098).
  + Normalize "Changing password for" msg IDs and STRs; (bso#7102).
  + Fix malformed require_membership_of_sid; (bso#7106).
  + Fix reading of large browselist; (bso#7122).
  + "mangling method = hash" can crash storing a name containing a '.';
    (bso#7154).
  + Valgrind Conditional jump or move depends on uninitialised value(s) error
    when "mangling method = hash"; (bso#7155).
  + Fix listing of printjobs in Windows 7; (bso#7130).
  + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136).
  + Make idmap cache persistent for "ldapsam:trusted".
  + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not
    only the persistent idmap cache.
  + Shortcut uid_to_sid when "ldapsam:trusted = yes".
  + Make pdb_copy_sam_account also copy the group sid.
  + Shortcut gid_to_sid when "ldapsam:trusted = yes".
  + Speed up pdb_get_group_sid().
  + Try to build the full unix_pw structure with ldapsam:trusted support.
  + Optimize ldapsam_alias_memberships() and cache ldap searches. - Update to 3.5.0rc3.
  + Change parameter "wide links" to default to "no"; it's also incompatible
    with "unix extensions"; (bso#7104); (bnc#577868).
  + Fix vfs_full_audit; (bso#6557).
  + Fix crash bug in 'cifs.upcall'; (bso#6868).
  + Fix duplicate initializer in the rmdir module; (bso#6876).
  + Fix printing with 64 bit clients; (bso#6888).
  + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
  + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063).
  + Fix failing of smbd to respond to a read or a write caused by Linux
    asynchronous IO (aio); (bso#7067).
  + Fix 'smbget' error status; (bso#7069).
  + Fix build of 'smbfilter'; (bso#7071).
  + Fix unlocking of accounts from ldap; (bso#7072).
  + Cliconnect gets realm wrong with trusted domains; (bso#7079).
  + Fix vfs_expand_msdfs; (bso#7081).
  + Fix storing of create time on directories in an EA in new create time
    code; (bso#7084).
  + Fix an early release of the global lock that can cause data corruption in
    libtdb; (bso#7085).
  + Fix string buffer overflow causing heap corruption in smbd; (bso#7096).
  + Fix results of 'smbclient -L' with a large browse list; (bso#7098).
  + Normalize "Changing password for" msg IDs and STRs; (bso#7102).
  + Fix malformed require_membership_of_sid; (bso#7106).
  + Add pdb_ldap performance fixes; (bso#7116).
  + Change ldap filter to what really was intended; (bso#7116).
  + Add new "nmbd bind explicit broadcast" parameter; (bso#7118).
  + Fix nmbd problems with socket address; (bso#7118).
  + Support large browselist; (bso#7119).
  + Fix reading of large browselist; (bso#7122).
  + Fix listing of printjobs in  Windows 7; (bso#7130).
  + Owner of file not available with Kerberos; (bso#7139).
  + Fix IPv4/IPv6 problems; (bso#7140).
  + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148).
  + "mangling method = hash" can crash storing a name containing a '.';
    (bso#7154).
  + Valgrind Conditional jump or move depends on uninitialised value(s) error
    when "mangling method = hash"; (bso#7155).
  + Fix some wrong newlines in de translation strings. - Take extra care that a mount point of mount.cifs isn't changed during mount
  and don't allow it to be run as setuid root program; CVE-2010-0787;
  (bso#6853); (bnc#550002). - Check in mount.cifs for invalid characters in device name and mountpoint;
  CVE-2010-0547; (brc#562156); (bnc#577925). - Don't invalidate cache for uninitialized domains; (bnc#538923). - Signals are processed twice in child; (bnc#538923). - Allow forced pw change even with min pw age; (bnc#561894). - Change parameter "wide links" to default to "no"; it's also incompatible
  with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868). - Fix enumerate domain local groups for primary domain; (bnc#573813). - Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106). - Normalize "Changing password for" msg IDs and STRs; (bnc#499233). - Build libtevent and libldb and put them into separate subpackages. - Update to 3.5.0rc2.
  + The Using Samba HTML book has been removed.
  + 'net', 'smbclient' and libsmbclient can use logon credentials cached by
    Winbind; (bso#7062).
  + New vfs_scannedonly module has been added; (bso#7028).
  + Check password history before increasing "badPasswordCount"; (bso#4347).
  + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202).
  + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap;
    (bso#6157).
  + Fix deletion of an object whose parent folder does not have delete rights
    fails even if the delete right is set on the object in vfs_acl_xattr and
    vfs_acl_tdb; (bso#6876).
  + Fix large paged search with DirX LDAP servers; (bso#6981).
  + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027).
  + Disable sanity check in NetShareEnum for better compatibility with
    Windows; (bso#7029).
  + Fix SMBrmdir error message when deleting a directory fails; (bso#7033).
  + Fix segfault in vfs_cap; (bso#7034).
  + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036).
  + Fix a Winbind segfault in "trusted_domains"; (bso#7037).
  + Complete and improve some German translation of 'net'; (bso#7039).
  + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039).
  + Fix crash bug in libsmbclient; (bso#7043).
  + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045).
  + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046).
  + Lock down some srvsvc calls according to what w2k3 seems to do. - Update to 3.4.5.
  + Fix memory leak in smbd (bug #7020).
  + Fix changing of ACLs on writable files with "dos filemode=yes"
    (bug #5202).
  + BUG 6642: Fix opening the quota magic file.
  + BUG 6919: Fix remote quota management.
  + BUG 7034: Fix internal error caused by vfs_cap.
  + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
  + BUG 7043: Fix crash bug in "SMBC_parse_path".
  + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
  + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
    server. - Free unused memory after a packet got processed; (bso#7020). - Add timeout to rpc call to prevent infinite loop when network is
  down; (bnc#538923). - Update to 3.5.0rc1.
  + BUG 6837: Fix "Too many open files" when trying to access large number of
    files with Windows 7; (bnc#619787).
  + BUG 6939: Fix long filenames when "mangling method" is set to "hash".
  + BUG 6991: Create symbol links to shared libraries.
  + BUG 6992: make test for getgrouplist cacheable.
  + BUG 7014: Fix Winbind crash when retrieving empty group members.
  + BUG 7020: Fix smbd using 2G memory.
  + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
    attributes by protocol level.
  + Vector correctly through reply_openerror() (which uses the same logic).
  + Fix bugs with the full Windows ACL support.
  + Add a few missing gettext calls to the 'net' command.
  + Fix up a share type translation and translate some more strings in 'net'.
  + Allow to call "pdbedit -N description -u user" without specifiyng "-r".
  + Add spoolss_DriverInfo7.
  + Fix rpcclient after setprinter IDL fixes.
  + Use generated krb5.conf in 'net ads testjoin'.
  + Add some German translations for the 'net' command.
  + Update mount.cifs man page with nounix option.
  + Fix _samr_GetAliasMembership for results with 0 rids.
  + Fix an error case in cli_negprot.
  + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
  + Restore correct timeouts for SMB requests.
  + Fix a 64-bit error in libsmb.
  + Replace IS_DOMAIN_OFFLINE by a function in Winbind.
  + Simplify/cleanup Winbind code.
  + Fix write behind memory block in libtalloc.
  + Fix result check for getaddrinfo().
  + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
    to tsocket.
  + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
  + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
  + Fix standalone 'make installdocs'.
  + Output %p as unsigned in snprintf replacement.
  + New attempt at TDB transaction nesting allow/disallow.
  + Remove swig stuff from libtdb.
  + Reset tdb->fd to -1 in tdb_close() in libtdb.
  + Change the way mksysms work in libtalloc.
  + Also build and install tdb manpages from standalone tdb.
  + Fix infinite loop in NCACN_IP_TCP as there is no timeout.
  + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
    query.
  + List trusted domains from wcache when domain is offline. - Update to 3.4.4.
  + Fix interdomain trust relationships with Win2008R2 (bug #6697).
  + Fix Winbind crashes when queried from nss (bug #6889).
  + Fix Winbind crash when retrieving empty group members (bug #7014).
  + Fix "UID range full" error in Winbind (bug #6901).
  + Fix multiple LDAP servers in "idmap backend" and "idmap alloc
    backend" (bug #6910).
  + BUG 4832: Fix iconv checks.
  + BUG 6338: Do not always display "none" in 'net rpc trustdom list'.
  + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time.
  + BUG 6828: Fix infinite timeout when byte lock held outside of samba.
  + BUG 6837: Fix "Too many open files" message when trying to access a large
    number of files with Windows 7; (bnc#619787).
  + BUG 6841: Fix "map acl inherit = yes".
  + BUG 6850: Fix shadow copy display on Windows 7.
  + BUG 6867: Fix listing of directories with a lot of files.
  + BUG 6868: Support building with Heimdal we well as with MIT.
  + BUG 6875: Fix DOS attributes on OS/2 clients.
  + BUG 6880: Fix listing of workgroup servers in libsmbclient.
  + BUG 6898: Samba duplicates file content on appending.
  + BUG 6918: Fix krb5 build problem on Ubuntu karmic.
  + BUG 6929: Fix build with recent heimdal.
  + BUG 6939: Fix long filenames with "mangling method = hash".
  + BUG 6967: Fix 'net ads join' with OU.
  + BUG 6981: Fix paged search with DirX LDAP server.
  + BUG 6982: Remove erroneous out of memory error path in lookup_sid.
  + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids.
  + BUG 7005: Fix "mangle method = hash" truncates files with dot "."
    character.
  + Fix the build of the winbind krb5 locator plugin.
  + Fix enumprinter key client and server. - Readjust the _libdir/cups/backend/smb sym link only on uninstall of the
  samba-krb-printing package; (bnc#568603). - Add BuildRequires to fam-devel; (bnc#564260). - Prevent winbind crash; (bso#7014); (bnc#566119). - Fix processing of open modes in POSIX open; (bnc#530683). - Add baselibs.conf as a source. - Update to 3.5.0pre2.
  + BUG 2350: Add LDAP Alias Dereferencing support.
  + BUG 6288: SWAT adds a second share when changing parameters of an existing
    share.
  + BUG 6435: Fix minor memory corruption.
  + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
    set while configure.
  + BUG 6802: A created folder does not properly inherit permissions from
    parent in vfs_acl_xattr.
  + BUG 6837: "Too many open files" when trying to access large number of
    files from Windows 7; (bnc#619787).
  + BUG 6860: Fix shared library build on QNX.
  + BUG 6879: Fix crash in Winbind.
  + BUG 6929: Fix build with recent heimdal.
  + BUG 6938 : No hook exists to check creation rights when using acl_xattr
    module.
  + BUG 6967: Prevent glibc error on 'net ads join'.
  + Fix vfs_acl_xattr which was failing to call the NEXT connect function.
  + Restructure the ACL code.
  + Refactor reply_rmdir to use handle based code.
  + Fix the build when no external talloc and tdb are installed.
  + Fix detection of CTDB headers on systems without system-libtalloc.
  + Fix several printing issues.
  + Fix the build on Mac OS X 10.6.2.
  + Fix net and rpcclient after setprinterdataex changes.
  + Add full support for level 8 printer drivers.
  + Add more spoolss architectures to IDL.
  + Fix enumprinter key client and server.
  + Fix crash in EnumPrinterDataEx.
  + Prefer posix_fallocate for doing "strict allocate".
  + Restore "fake directory create times" as a share parameter.
  + Fix explicit stat64 support.
  + Add support for NetWkstaGetInfo 101 and 102.
  + Add rpcclient wkssvc_enumerateusers.
  + De-deprecate "write cache size" to prevent its removal without a proper
    alternative.
  + Allow more than 1000 users in BUILTIN\Users.
  + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
  + Fix the build of the example VFS modules.
  + Fix crash in free_file_list().
  + Give the user a chance to change password when password will expire soon. - Store the smbfs service state if enabled and restore it for cifs while
  upgrade on post-11.2 systems. - Prevent cifstab from being overwritten while upgrade on post-11.2 systems. - Give the user a chance to change password when password will expire soon;
  (FATE#302414). - Rename smbfs init script to cifs for post-11.2 systems. - Allow Windows 7 to connection to samba domain controllers and
  member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680). - Error on joining windows domain (invalid pointer); (bso#6967);
  (bnc#553622). - Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165).
- Simplify the winbind package %pre script and suppress stdout only. - Update to 3.5.0pre1
  + Add support for full Windows timestamp resolution.
  + Experimental implementation of SMB2.
  + Add encryption support for connections to a CUPS server.
  + Major windbind asynchronous refactoring.
- Remove using_samba from the doc package.
- Increase major version of libtalloc to 2. - Fix kerberos refresh chain; (bnc#546162); (bso#6872). - Hardlink duplicate files on post-11.1 systems. - Add BuildArch noarch to samba-doc on post-11.1 systems. - Use full 16byte session key in make_user_info_netlogon_interactive();
  (bnc#551811). - Update to 3.4.3.
  + Fix trust relationships to windows 2008 (2008 r2) (bug #6711).
  + Fix file corruption using smbclient with NT4 server (bug #6606).
  + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680).
  + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a
    symbolic link.
  + BUG 6529: Offline files conflict with Vista and Office 2003.
  + BUG 6532: Fix domain enumeration if master browser has space in name.
  + BUG 6606: Fix file corruption using smbclient with NT4 server.
  + BUG 6690: Fix wrong error check in profile.
  + BUG 6703: Allow smbstatus as non-root.
  + BUG 6704: Fix syntax error in avahi configure test.
  + BUG 6707: Fix an occasional segfault in config file parsing.
  + BUG 6710: Adjust regex to match variable names including underscores.
  + BUG 6711: Fix trust relationships to windows 2008 (2008 r2).
  + BUG 6726: SIVAL should have been an SVAL.
  + BUG 6728: BSD needs sys/sysctl.h included to build properly.
  + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams.
  + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules
    might use the old password and new password.
  + BUG 6764: Fix timeval calculation.
  + BUG 6765: Add a "hidden" parameter "share:fake_fscaps".
  + BUG 6769: Fix symlink unlink.
  + BUG 6772: Allow outstanding_aio_calls to be decremented.
  + BUG 6774: smbd crashes if "aio write behind" is set.
  + BUG 6776: Fix core dump caused by running overlapping Byte Lock test.
  + BUG 6781: Fix renaming subfolders in Explorer view.
  + BUG 6791: Fix linking order in cifs.upcall.
  + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6".
  + BUG 6793: Fix segfault in winbindd_pam_auth.
  + BUG 6796: Deleting an event context on shutdown can cause smbd to crash.
  + BUG 6797: Fix a memleak in libwbclient.
  + BUG 6804: Fix hpux compiler issue.
  + BUG 6805: Correctly handle aio_error() and errno.
  + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names.
  + BUG 6810: Add support for finding alternate credcaches to cifs.upcall.
  + BUG 6811: Fix reference to freed memory in pam_winbind.
  + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
  + BUG 6824: Fix avahi activation.
  + BUG 6826: Don't fail authentication when one or some group of
    require-membership-of is invalid.
  + BUG 6828: Fix infinite timeout when byte lock held outside of Samba.
  + BUG 6829: Fix displaying of multibyte characters in smbclient.
  + BUG 6840: Fix crash in pam_winbind.
  + Fix an uninitialized variable.
  + Only ever handle one event after a select call.
  + Conditional install of the cifs.upcall man page.
  + Fix warning occuring when building the manpages. - Let smbclient show special characters properly; (bso#6829); (bnc#544204). - Don't fail authentication when one or some group of require-membership-of
  is invalid; (bnc#525123); (bso#6826). - Allow winbind to ignore certain domains; (bnc#539506). - Update to 3.4.2.
  + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517).
  + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115).
  + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). - Fix potential denial of service; CVE-2009-2906; (bnc#543115). - Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). - Fix unresolved home path; CVE-2009-2813; (bnc#539517). - Don't overwrite password in pam_winbind; (bnc#515444). - mods for winbind (when used with squid - ntlm_auth)
  o winbind adds group 'winbind'
  o permission 0750,root,winbind LOCKDIR/winbindd_privileged - Merge two fixes from 3.2.8 and 3.3.1.
  + Adjust regex to match variable names including underscores.
  + Conditional install of the cifs.upcall man page. - Remove supplements from baselibs.conf while %clean for pre-11.1 systems;
  (bnc#520579). - Update to 3.4.1.
  + Fix authentication on member servers without Winbind (bug #6650).
  + Nautilus fails to copy files from an SMB share (bug #6649).
  + Fix connections of Win98 clients (bug #6551).
  + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697).
  + Fix Winbind authentication issue (bug #6646).
  + BUG 5879: Update LDAP schema for Netscape DS 5.
  + BUG 5886: Fix password change propagation with ldapsam.
  + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe.
  + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab.
  + BUG 6437: Make open_udp_socket() IPv6 clean.
  + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient.
  + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in
    NT_TRANSACT_CREATE.
  + BUG 6532: Fix the build with external talloc.
  + BUG 6538: Cancel all locks that are made before the first failure.
  + BUG 6560: Fix lookupname.
  + BUG 6564: SetPrinter fails (panics) as non root.
  + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation.
  + BUG 6585: Fix unqualified "net join".
  + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo.
  + BUG 6601: Avoid global fd limits.
  + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
  + BUG 6611: Fix a valgrind error in chain_reply.
  + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient.
  + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
  + BUG 6650: Fix authentication on member servers without Winbind.
  + BUG 6651: Fix smbd SIGSEGV when breaking oplocks.
  + BUG 6655: Fix 'smbcontrol smbd ping'.
  + BUG 6620: Fix a bug in renames of directories.
  + BUG 6664: Fix truncation of the session key.
  + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes".
  + BUG 6680: Fix authentication failure from Windows 7 when domain joined.
  + BUG 6688: Fix crash in 'net usershare list'.
  + BUG 6693: Check we read off the complete event from inotify.
  + BUG 6700: Use dns domain name when needing to guess server principal. - Update to 3.2.14.
  + Fix SAMR access checks (e.g. bugs #6089 and #6112).
  + Fix 'force user' (bug #6291).
  + Improve Win7 support (bug #6099).
  + Fix posix ACLs when setting an ACL without explicit ACE for the
    owner (bug #2346).
  + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the
    LDAP directory.
  + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
  + BUG 6089: Fix SAMR access checks.
  + BUG 6112: Fix SAMR access checks.
  + BUG 6279: Fix Winbind crash.
  + BUG 6291: Fix 'force user'.
  + BUG 6099: Try to fix domain join of Win7 Beta.
  + BUG 6386: Groupdb mapping fix.
  + BUG 6421: Fix POSIX read-only open on read-only shares.
  + BUG 6476: Fix more smbd-zombies in memory.
  + BUG 6488: acl_group_override() call in posix acls references an
    uninitialized variable.
  + BUG 6504: Fix SAMR server for Winbind access.
  + BUG 6520: Fix time stamps.
  + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
  + BUG 6340: Don't segfault when cleartext trustdom pwd could not be
    retrieved.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6465: Fix enum_aliasmem in ldb branch.
  + BUG 6484: Fix searching for users while adding them to groups via
    Windows usermanager.
  + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
    owner.
  + BUG 6526: Let parent_dirname() correctly return toplevel filenames.
  + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
  + BUG 5798: Preserve CFLAGS info in configure.
  + BUG 6382: Case insensitive access to DFS links broken.
  + BUG 6481: Don't require "Modify property" perms to unjoin.
  + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
    'passdb backend = tdbsam'.
  + BUG 6560: Lookupname failed, cannot find domain when attempt to change
    password.
  + Prevent creation of keys containing the '/' character.
  + Fix join of Windows 7 RC to a Samba3 DC.
  + Fix bug in processing of open modes in POSIX open.
  + Fix the negotiate flags.
  + Protect netlogon_creds_server_step() against NULL creds.
  + Also handle DirX return codes.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Add '--request-timeout' option to 'net'.
  + Fix a race condition in Winbind leading to a panic.
  + Add workaround for MS KB932762.
  + 5945: Fix out of memory error with Winbind idmap.
  + Avoid duplicate ACEs.
  + Fix profile ACLs in some corner cases.
  + Zero an uninitialized array. - Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271);
  (bso#6615). - check in .po files for pam_winbind; (bnc#499233); (bso#6602). - Add ntp and network-remotefs as Should-Start dependency to the winbind init
  script; (bnc#515629). - Update to 3.0.36.
  + Fix Winbind crash on 'getent group' (bug #5906).
  + Excel save operation corrupts file ACLs (bug #4308).
  + Prevent segmentation fault on joining a very long domain name.
  + BUG 4308: Excel save operation corrupts file ACLs.
  + BUG 4370: Clean-up entries in /etc/mtab after unmount.
  + BUG 4640: Fix guest mounts in mount-cifs.
  + BUG 5906: Fix Winbind crash on 'getent group'.
  + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
  + BUG 6099: In order to allow Win7 to connect to a Samba NT style.
  + BUG 6279: Fix Winbind crash.
    PDC we set the flags before we know if it's an error or not.
  + BUG 6085: Fix build of vfs_default.
  + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work
    correctly.
  + Fix logic error in try_chown.
  + Correctly use chroot().
  + Fix bug in processing of open modes in POSIX open.
  + Don't install the cifs.upcall binary twice.
  + Fix mount.cifs handling of -V option.
  + Prevent segmentation fault on joining a very long domain name.
  + Don't try and delete a default ACL from a file.
  + Add workaround for MS KB932762.
  + Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
  + Fix a crash during name resolution when log level >= 10
    and libc segfaults if printf is passed NULL for a "%s" arg. - Use a conditional suse_version macro in front of the SUSE_ASNEEDED export. - lookupname failed, cannot find domain when attempt to change password;
  (bnc#520645); (bso#6560). - Don't link with --as-needed flag on post-11.1 systems. - Stop the smbfs service if an interface goes down; (bnc#517768). - Disable build of static libraries on post-11.1 systems; (bnc#509945). - Fix missing zlibs for cifs.upcall and test_shlibs. - Update to 3.4.0.
  + BUG 6431: Local groups from 3.0 setups no longer found.
  + BUG 6459: Fix build of pam_smbpass on some distributions.
  + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain
    not.
  + BUG 6497: Fix calling of 'test' in configure.
  + BUG 6498: Add workaround for MS KB932762.
  + BUG 6499: Fix building of pam_smbpass.
  + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
  + BUG 6512: Fix support for enumerating user forms.
  + BUG 6514: Improve error message in 'net' when smb.conf is not available.
  + BUG 6520: Fix time stamps when "unix extensions = yes".
  + BUG 6521: Fix building tevent_ntstatus without config.h.
  + BUG 6526: Fix notifies in the share root directory.
  + BUG 6531: Fix pid file name. - Package /etc/samba/smbpasswd as %ghost on post-11.1 systems. - Fix net ads leave; (bnc#511695). - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164). - Update to 3.2.13, 3.3.6.
  + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with
    file names treat user input as a format string to asprintf.  With a
    maliciously crafted file name smbclient can be made to execute code
    triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478). - Update to 3.0.35.
  + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
    data value can potentially affect access control when "dos filemode"
    is set to "yes"; CVE-2009-1888; (bnc#515479). - Uninitialized read of a data value; CVE-2009-1888 (bnc#515479). - Update to 3.4.0rc1.
  + BUG 4699: Remove pidfile on clean shutdown.
  + BUG 5456: Fix "net ads testjoin".
  + BUG 6081: Make it possible to change machine account sids.
  + BUG 6253: Use correct value for password expiry calculation in
    pam_winbind.
  + BUG 6297: Owner of sticky directory cannot delete files created by others.
  + BUG 6305: Correctly prompt for a password when a username was given.
  + BUG 6328: Add support for multiple rights to
    "net sam rights grant/revoke".
  + BUG 6333: Consolidate create/delete account paths in pdbedit.
  + BUG 6449: 'net rap user add' crashes without -C option.
  + BUG 6451: net/libnetapi user rename using wrong access bits.
  + BUG 6458: Fix uninitialized variable in local_password_change().
  + BUG 6465: Fix enumeration of empty aliases.
  + BUG 6476: Fix smbd-zombies in memory when using [x]inetd.
  + BUG 6487: Add missing DFS call in trans2 mkdir call.
  + BUG 6488: acl_group_override() call in posix acls references an
    uninitialized variable.
  + Improve pam_winbind documentation.
- Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions. - Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user
  input as a format string to asprintf; CVE-2009-1886; (bnc#513360). - Fix a bad memleak in vfs_full_audit; (bnc#510035). - Update to 3.3.5.
  + Fix SAMR and LSA checks (bug #6089, #6289)
  + Fix posix acls when setting an ACL without explicit ACE for the
    owner (bug #2346).
  + Fix joining of Win7 into Samba domain (bug #6099).
  + Fix joining of Win2000 SP4 clients (bug #6301).
  + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
    owner.
  + BUG 5832: Fix build on RHEL when ccache is not available.
  + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL.
  + BUG 5897: Fix shutdown script example in the smb.conf manpage.
  + BUG 6089: Revert the extra SAMR and LSA checks.
  + BUG 6099: Fix joining of Win7 into Samba domain.
  + BUG 6157: Fix handling of multi-value attribute "uid".
  + BUG 6289: Revert the extra SAMR and LSA checks.
  + BUG 6297: Owner of sticky directory cannot delete files created by others.
  + BUG 6301: Fix joining of Win2000 SP4 clients.
  + BUG 6309: Support remote unjoining of Windows 2003 or greater.
  + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event.
  + BUG 6320: Handle registry config source in file_list.
  + BUG 6330: Fix DFS on AIX.
  + BUG 6336: Fix 'net groupmap set' segfault.
  + BUG 6361: Make --rcfile work in smbget.
  + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a
    directory.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6382: Fix case insensitive access to DFS links.
  + BUG 6415: Filter out of range mappings in default idmap config in
    idmap_tdb.
  + BUG 6416: Filter out of range mappings in default idmap config in
    idmap_tdb2.
  + BUG 6417: Filter out of range mappings in default idmap config in
    idmap_ldap.
  + BUG 6441: Fix the compile with --enable-dnssd.
  + BUG 6449: 'net rap user add' crashes without -C option.
  + BUG 6465: Fix enumeration of empty aliases (ldb backend).
  + Prevent infinite include nesting.
  + Mark registry shares without path unavailable.
  + Also handle DirX return codes.
  + Fix Coverity ID 897.
  + Do not crash in ctdbd_traverse if ctdbd is not around.
  + Fix a race condition in winbind leading to a panic.
  + Some man pam_winbind improvements.
  + Zero an uninitialized array. - Update to 3.2.12.
  + Fix SAMR and LSA checks (bug #6089, #6289)
  + Fix posix acls when setting an ACL without explicit ACE for the
    owner (bug #2346).
  + Fix "force user" (bug #6291).
  + Fix Winbind crash (bug #6279).
  + Fix joining of Win7 into Samba domain (bug #6099).
  + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
    owner.
  + BUG 5798: CFLAGS info lost in configure.
  + BUG 5832: Fix build on RHEL when ccache is not available.
  + BUG 5835: Add keyutils-devel to build requires.
  + BUG 5945: Fix out of memory error with Winbind idmap.
  + BUG 6089: Revert the extra SAMR and LSA checks.
  + BUG 6099: Fix joining of Win7 into Samba domain.
  + BUG 6279: Fix Winbind crash.
  + BUG 6289: Revert the extra SAMR and LSA checks.
  + BUG 6291: Fix "force user".
  + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6386: Groupdb mapping fix.
  + BUG 6382: Fix case insensitive access to DFS links.
  + BUG 6465: Fix enumeration of empty aliases (ldb backend).
  + Prevent creation of keys containing the '/' character.
  + Fix bug in processing of open modes in POSIX open.
  + Protect netlogon_creds_server_step() against NULL creds.
  + Also handle DirX return codes.
  + Fix a race condition in winbind leading to a panic.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Fix profile acls in some corner cases. - Default with passdb backend to smbpasswd for SUSE products older than 11.2. - Explicitly use 'tdbsam' as passdb backend in the default smb.conf file. - Update to 3.4.0pre2.
  + The default passdb backend has been changed to 'tdbsam'!
  + Samba4 and Samba3 sources are included in the tarball.
  + Changed the way smbd handles untrusted domain names given during user
    authentication.
  + Various fixes including printer change notificiation for Samba spoolss
    print servers.
  + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
    and spoolss) were replaced by autogenerated code based on PIDL.
  + Samba3 and Samba4 do now share a common tevent library.
  + The code has been cleaned up and the major basic interfaces are shared
    with Samba4 now.
  + An asynchronous API has been added.
  + Made parameter syntax of the net command more consistent.
  + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
    owner.
  + BUG 4271: testparm should not print includes.
  + BUG 4831: Don't call openlog() or closelog() from pam_smbpass.
  + BUG 5681: Do not limit the number of network interfaces.
  + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo
    access checks.
  + BUG 6099: Fix NETLOGON credential chain.
  + BUG 6136: New AFS syscall conventions.
  + BUG 6157: Fix handling of multi-value attribute "uid".
  + BUG 6253: Use correct value for password expiry calculation.
  + BUG 6291: Fix 'force user'.
  + BUG 6292: Update config.guess from gnu.org.
  + BUG 6302: Give the VFS a chance to read from 0-byte files.
  + BUG 6309: Support remote unjoining of Windows 2003 or greater.
  + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on
    malloced memory.
  + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event.
  + BUG 6320: Handle registry config source in file_list.
  + BUG 6330: Fix DFS on AIX.
  + BUG 6336: Fix segfault in 'net groupmap set'.
  + BUG 6340: Don't segfault when cleartext trustdom pwd could not be
    retrieved.
  + BUG 6357: Use Samba default command line arguments in 'net'.
  + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4
    and IPv6 addresses
  + BUG 6361: Make --rcfile work in smbget.
  + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share.
  + BUG 6372: usermanager only displaying 1024 groups and aliases.
  + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids.
  + BUG 6415: Filter out of range mappings in default idmap config
    (idmap_tdb).
  + BUG 6416: Filter out of range mappings in default idmap config
    (idmap_tdb2).
  + BUG 6417: Filter out of range mappings in default idmap config
    (idmap_ldap).
  + Change the way smbd handles untrusted domain names given during user
    authentication.
  + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
    spoolss by autogenerated code based on PIDL.
  + Fix several printing issues and improve support for printer change
    notificiations.
  + Add 'net eventlog'.
  + Add asynchronous API.
  + Make Samba3 and Samba4 share a tevent library.
  + Add two new parameters to control how we verify kerberos tickets.
  + Add 'net rpc service' subcommands 'create' and 'delete'.
  + Fix the core of the SAMR access functions.
  + Fix SAMR server for winbindd access.
  + Add dbwrap_tool - a tdb tool that is CTDB-aware.
  + Hide "config backend" from swat.
  + Fix linking with --disable-shared-libs.
  + Fix issue with missing entries when enumerating directories.
  + Map NULL domains to our global sam name.
  + Fix driver upload for Xerox 4110 PS printer driver.
  + Add "net dom renamecomputer" to rename machines in a domain.
  + Inspect the correct computername string before enabling/disabling the
    change button in netdomjoin-gui.
  + Fix join prompt dialog test in netdomjoin-gui.
  + Only gray out labels when not root and not connecting to remote
    machines (netdomjoin-gui).
  + Allow to switch between workgroups/domains with the same name
    (netdomjoin-gui).
  + Add NetShutdownInit and NetShutdownAbort.
  + Fix samr access checks.
  + Add a security model to LSA.
  + Also handle DirX return codes.
  + Do not crash in ctdbd_traverse if ctdbd is not around.
  + Fix Coverity ID 897.
  + Fix a race condition in vfs_aio_fork with gpfs share modes.
  + Fix bug disclosed by lock8 torture test.
  + Fix a race condition in winbind leading to a panic.
  + Detect tight loop in tdb_find().
  + Fix chained sesssetupAndX/tconn messages.
  + Fix strict locking with chained reads.
  + Fix two bugs in sendfile.
  + Fix memory leak.
  + Fix file descriptor leak.
  + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.
  + Always allocate memory in dptr_ReadDirName.
  + Fix 'net' crash during domain join.
  + Zero an uninitialized array.
  + Allow child processes to exit gracefully if we are out of fds. - Enable cifs.upcall on versions newer than SUSE 10.0. - Add BuildRequires to keyutils-devel. - Remove redundant Requires to keyutils-libs for cifs-mount. - Detect tight loop in tdb_find(); (bnc#450974). - Fix lp printing with kerberos; (bnc#476913). - Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all
  other build targets. - Update to 3.4.0pre1.
  + Samba4 and Samba3 sources are included in the tarball
  + Changed the way smbd handles untrusted domain names given during user
    authentication.
  + Various fixes including printer change notificiation for Samba spoolss
    print servers.
  + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
    and spoolss) were replaced by autogenerated code based on PIDL.
  + Samba3 and Samba4 do now share a common tevent library.
  + The code has been cleaned up and the major basic interfaces are shared
    with Samba4 now.
  + An asynchronous API has been added.
  + Change the way smbd handles untrusted domain names given during user
    authentication.
  + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
    spoolss by autogenerated code based on PIDL.
  + Fix several printing issues and improve support for printer change
    notificiations.
  + Add 'net eventlog'.
  + Add asynchronous API.
  + Make Samba3 and Samba4 share a tevent library.
  + Add two new parameters to control how we verify kerberos tickets.
  + Add 'net rpc service' subcommands 'create' and 'delete'.
  + Make merged build possible.
  + Move common libraries to the shared lib/ directory. - Update to 3.3.4.
  + Fix domain logins for WinXP clients pre SP3 (bug #6263).
  + Fix samr_OpenDomain access checks (bug #6089).
  + Fix usrmgr.exe creating a user (bug #6243).
  + BUG 6089: Fix samr_OpenDomain access checks.
  + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
    "msdfs root" set to "yes".
  + BUG 6279: Fix Winbind crash.
  + BUG 5329: Add "net rpc service delete/create".
  + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
    freed.
  + BUG 6263: Fix domain logins for WinXP clients pre SP3.
  + BUG 6286: Call init function for builtin idmap modules before probing for
    them as shared modules.
  + BUG 6243: Fix usrmgr.exe creating a user.
  + net conf: Save share name as given, not as lower case only.
  + Prevent creation of registry keys containing the '/' character.
  + Allow pdbedit to change a user rid/sid.
  + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
  + Don't access a freed structure when logging off and re-using a vuid.
  + Try to to fix password_expired flag handling.
  + Make sure to grey out change fields in the netdomjoin-gui when not
    running as root.
  + Don't look up local user for remote changes, even when root.
  + Use procid_str in debug messages for better cluster-debuggability.
  + Use cluster-aware procid_is_me instead of comparing pids.
  + Fix smbd crash for close_on_completion.
  + Fix a memleak in an unlikely error path in change_notify_create().
  + Do not use the file system GET_REAL_FILENAME for mangled names.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Add '--request-timeout' option to net.
  + In net_conf_import, start a transaction when importing a single share.
  + Fix writing of roaming profiles with "profile acls" set to "yes". - Update to 3.2.11.
  + Fix domain logins for WinXP clients pre SP3 (bug #6263).
  + Fix samr_OpenDomain access checks (bug #6089).
  + Fix smbd crash for close_on_completion.
  + BUG 6089: Fix samr_OpenDomain access checks.
  + BUG 6205: Correct sample smb.conf share configuration.
  + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
    "msdfs root" set to "yes".
  + BUG 6263: Fix domain logins for WinXP clients pre SP3.
  + Allow pdbedit to change a user rid/sid.
  + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
  + Fix resume command typo for "printing = vlp".
  + Fix smbd crash for close_on_completion.
  + Fix a memleak in an unlikely error path in change_notify_create().
  + Don't look up local user for remote changes, even when root. - Don't lookup local user for remote password changes; (bnc#493507). - Update to 3.3.3.
  + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
    correctly (bug #6195).
  + Fix serving of files with colons to CIFS/VFS client (bug #6196).
  + Fix "map readonly" (bug #6186).
  + BUG 6195: Don't let smbd child processes panic.
  + Add backend_requires_messaging() method to libsmbconf.
  + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf.
  + Fall back to file backend when no valid backend was found.
  + Fix a memleak in dbwrap_rbt.
  + Provide transaction_start|commit|cancel fns for the registry tdb.
  + Speed up "net conf drop".
  + Speed up "net conf import".
  + Add transactions to the libsmbconf API.
  + Reduce memory usage of "net conf import".
  + Registry cleanup.
  + Fix handling of SAMBA_VERSION_VENDOR_PATCH.
  + Fix build of pam_winbind.so with static linking.
  + Tidy up some convert_string_internal error cases.
  + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
    run elections.
  + Allow DFS client paths to work when POSIX pathnames have been selected.
  + Try and fix the build farm RAW-STREAMS errors.
  + Ensure files starting with multiple dots are hidden.
  + BUG 6102: NetQueryDisplayInformation could return wrong information.
  + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta().
  + Fix notify_printer_status_byname.
  + Fix Coverity IDs 722, 762, 774, 775, 776.
  + Fix build on old Heimdal based systems.
  + Fix compile warning.
  + Use parentheses in if condition to make negation clear.
  + Add dirsort module.
  + BUG 6147: Fix detection of the GNU ld version.
  + BUG 6097: Fix smbd segfault.
  + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
    members.
  + BUG 6139: Add missing whitespace in mount.cifs error message.
  + Fix a malloc/talloc mismatch when cli_initialise() fails.
  + Fix a valgrind error.
  + Speed up "net conf list".
  + Add sorted subkey cache.
  + Use StrCaseCmp in the dirsort module.
  + Document the dirsort module.
  + Disable dns_sd by default.
  + Add avahi detection to configure.
  + Add event avahi binding.
  + Use avahi to register _smb._tcp in smbd.
  + Fix two memleaks in the encryption code.
  + Fix a scary "fill_share_mode_lock failed" message.
  + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set
    errno.
  + Don't use reserved words in smbconftort.
  + Fix smb signing for fragmented trans/trans2/nttrans requests.
  + Parse_packet can return NULL which is then dereferenced in
    match_mailslot_name.
  + Format the header check for netinet/ip.h more nicely.
  + Missing break in conversion function prevents tdb password database
    update. - Update to 3.2.10.
  + BUG #6195: Don't let smbd child processes panic. - BUG 6195: Fix crash on passdb conversion. - Update to 3.2.9.
  + BUG 5920: The length of the memcpy was calculated wrong.
  + BUG 6097: Fix smbd segfault.
  + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS
    server is invalid.
  + BUG 6099: Samba returns incurrate capabilities list.
  + BUG 6100: Implement _netr_LogonGetCapabilities() with
    NT_STATUS_NOT_IMPLEMENTED.
  + BUG 6102: NetQueryDisplayInformation could return wrong information.
  + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped
    members.
  + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem.
  + BUG 6161: smbclient corrupts source path in tar mode.
  + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
  + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
  + BUG 6224: nmbd waits 5 minutes before checking to run elections.
  + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno.
  + Numerous Coverity fixes
  + Fix double free caused by incorrect talloc_steal usage.
  + Backport delete semantics of alternate data streams on a file truncate.
  + Allow set attributes on a stream fnum to redirect to the base filename.
  + Fix use of streams modules with CIFSFS client.
  + Fix more POSIX path lstat calls.
  + Allow DFS client paths to work with POSIX pathnames.
  + Ensure files starting with multiple dots are hidden.
  + Fix guest auth when Winbind is running.
  + Fix memleak in get_remote_printer_publishing_data().
  + cifs mount fix for handling -V parameter.
  + Fix guest mounts.
  + Clean-up entries in /etc/mtab after unmount.
  + Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
  + Enable total anonymization in vfs_smb_traffic_analyzer.
  + Don't try and delete a default ACL from a file.
  + Fix remotely adding a share via MMC.
  + Fix resume handle for _samr_EnumDomainGroups.
  + Fix a buffer handling bug when adding lots of registry keys.
  + Fix a O(n^2) algorithm in regdb_fetch_keys().
  + Fix a valgrind error / segfault in dns_register_smbd().
  + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
  + Fix a malloc/talloc mismatch when cli_initialise() fails.
  + Fix two memleaks in the encryption code.
  + Fix "fill_share_mode_lock failed" message.
  + Add S-1-22-X-Y sids to the local token.
  + Fix smb signing for fragmented trans/trans2/nttrans requests.
  + Don't miss an absolute pathname as a kerberos keytab path.
  + Have nmbd check all available interfaces for WINS before failing.
  + Initialize the id_map status in idmap_ldap to avoid surprise. - Obsolete change from 2008-03-05 by removing the needless examples cleanup. - Update to 3.3.2.
  + Fix "force group" (bug #6155).
  + Fix saving of files on Samba share using MS Office 2007 (bug #6160).
  + Fix guest authentication in setups with "security = share" and "guest ok =
    yes" when Winbind is running.
  + Fix corruptions of source path in tar mode of smbclient (bug #6161).
  + BUG 6082: Fix renaming and deleting of directories using Windows clients.
  + BUG 6154: Make ZFS honor admin users.
  + BUG 6155: Fix "force group".
  + BUG 6160: Fix saving of files on Samba share using MS Office 2007.
  + BUG 6161: Fix corruptions of source path in tar mode of smbclient.
  + Fix some NetBSD warnings.
  + Fix bug in processing of open modes in POSIX open.
  + Fix use of streams modules with CIFSFS client.
  + Ensure ACL modules work with POSIX paths.
  + Use fsp->posix_open in preference if we have it.
  + Fix more POSIX path lstat calls.
  + Fix a bug in message handling for the change notify code.
  + Fix guest authentication in setups with "security = share" and "guest ok =
    yes" when Winbind is running.
  + BUG 4640: Fix guest mounts in mount.cifs.
  + Fix displaying the version string properly when no other parameters passed
    in in mount.cifs.
  + Prefer gssapi header files from subdirectory.
  + BUG 6176: winbindd -n should disable the winbind idmap cache.
  + Add a vfs_preopen module to hide fs latencies.
  + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
  + Fix a valgrind error / segfault in dns_register_smbd().
  + Fix build on SLES8.
  + Decremented by 1 for ntcancel requests.
  + Fix creation of core files.
  + Fix first mapping of uids/gids in Winbind.
  + Initialize the id_map status in idmap_ldap to avoid surprise.
  + Fix initialization of idmap status. - Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc. - Ignore return value from subshell to fix build. /bin/sh                    €   €         4.6.16+git.166.8fb11cda200-30.1 4.6.16+git.166.8fb11cda200-30.1           libndr-standard.so.0 libndr-standard.so.0.0.1 /usr/lib/ -fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.opensuse.org/openSUSE:Maintenance:10483/openSUSE_Leap_42.3_Update/3be556ce4b1735da54b485ec0dc8850c-samba.openSUSE_Leap_42.3_Update drpm lzma 5 x86_64-suse-linux         ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=61cf054a215b186c77cf55326617851522f725d1, stripped                 P  P   R  R  R  R  R  	R  R  R  R  R  R  
R  R     ?   ÿÿü`   ]  € ÿÿÿÿÿÿÿÿ "ÌkÀ%í…«ÖÄqv±ž•bà•À^GŸ…†+æ¦C›èF°Ó¿¤ß¸Õ¶’‚Fá+¼kŠ‚ô8ªçvÛ°¡‡øÂ–XÆXb,:àÿH§B.¥€y±|À?êÉmK¬l·!Ù¶?.+Á—V<¥¯ëÛ†/3íù|Nžª´;Þ:n¿«YKš™*;­ö€ðö}µÃn=gúýŽà9åº÷¨!†x èâÅ_sÐb”$B0€ùŒ2}íÊm9 ˆKÖÚ|E¹©ÓÕÇ1š'.Jãî9#“¯¨9^ õA­x…–FAGÐ4-"ÀÛÄ“™PIèÐÓ­uÁÎ ^ ¤#?Lé‡³pÅýìª7›{›xÃŠQÃ®úš¬Žx*¶ó‘ÃS—O¬&ª	^…Œf:!èyœ²%h9Ëšù#M’Ü\0±)î=Gàéºå' I0“Äìn´2r+6j`wW+sÌ+²}5"F›%vÆZpéA?íåuô·5¢xs¼PŸ‚ˆp$9aŸÄB`ˆ¾~ð#y=ÉahŒúí–`äÝ'¤]K)°×’×Ç•ñ9¤öb­:½€¯¤÷ûfœJâx„^ž•n2®ôÁD¼à§Ø]¢%Ðî€ùÌ±ãˆ”]7Msœ…šç5{pÒÕIéÊùˆ§O­4ßà'ÑÃÓMœí¸¹µß&`áÄ£¾Ð¯ %Æ%L(õ~Ëg«ýÕbë"èIæ:æ"¢*egúú…N®bÆÏœäß…áÀg¨8¸`˜Ö!†HšÚ\·lÊ8ðäŽ@Ì\oðïûÔŒQ—’°ó=('Ú÷0!×&![U‘W‚ëŠJföMàÝv¨ëbÛô¾S4ny¤ªÇ×oòÖ\ƒè¡¶‘õÕá4Å{œšh€½ß³¡ˆß€/ÄàeñƒŒ?²@%_QƒŸ;eŒÂEÀ˜iS­Â¸»ò,‘ 
B	þ2M¡µŽ(©”WápÞ ‡ý”»ª“º*e=Êò"Š˜1'3Ò7 :çBŸúÌÇZeœRÐbZbrîÚƒ•šr´¦¸N‹þÍv…Ã|óH-+:Â±6³s%I‘¯°‰ÃT)ãÏÅXm†Æÿ¸Å¤IÎ×!æØúT-&Flü¼À_\A÷É5nê·tZ%åŽ¥ÜlË|Á‚7ÈÓ«vA£Àe£Ó—oÍ½¹@GÉ$I5""zÈV8-.§ýWŸþ¿
$0ØjÕÔî¹>aÕãïyTÞ´'b\¿h7Uè="Ê|<®ò‹Ò¼®IZilöI†cq[Së–6ªOpcl
cº›Ë`ü¹æ´$ÝúÁò[ážû³ŽÛ?o¸è¨†Ñ†OÎx× _´"Ä!Â¾þ-nª6L4UšÏƒK\§=¶
è„oÞò,g3Ÿ54ì‚ë*ä!jäÞy£ÄwS!²,ÍìâhÇÙÿñ±ÿg¥·éŸ«³p£±¦|ðÚ#Ý6Ž+K>oeà¸€]ÔÍ\ÚQ¾4&"üâ‹G¢Û¨þ<µ¼n—^¥n˜EøçÔ®¤†´#öí’OØ£ƒ\Zà@šq
-“LþºúÖ˜£™°Þ3™ù»““™5…""™)eØk¡¤Di)r†W‰me´ªâfw,Ý<ì§bMÀ”o±£·ˆl74ÄÓÈ$¢„^4ÓÖl*g«öû‘©m2£–µ™¿ÏÞ e¨§å2 #ãÁåôÛNB–ÙbÞÃR­ì
Ã ÿ•£„E¬E¦ò“¨1¥B}S•¾½¾`ÊµÉ$û[ç ¹<ËŸù£jÐwÉ9ÿ5¦áÔúiäD`8
ŒíD;ô°T¥RËØ3H¦ .1§çÅxSv.37fÅÏÜ0n€S	0/9>«U¶i—#PúìÄÌò?Ug+oz³Y³÷v‚å#zfK>òÃMÁÙ5Ë`ª¥'þµ=†O[ÍÎEˆ]Ë¤m7Ã¢¯žÛDŒÁËêáàO›:C	ÝqûØðmÈÀgSß5¥E‡Í¶÷Õë²1ßf¹Ô#äææ¯gLÛ[á:xØ¤š¬ŸS%æ¾y¯2¨"à0k¯ßÞâZœf"ŸBê¥\›Ž3}ÈBwò>KuÁ"BËbÉÚgÞ£Òi\l‡WR,¾ë{‹Åye¨\¦^pzS1Û†›Õ([.áyÖ`¯ö';Ùú 6®ú‰5CiþÝy¹É_óª‹ÿûã¡‡(1 /Àû7r¼ó±¨+$yŽÌ¼N-ž”Â•Ô­ïÍÏ7ü”ÒïÔ:Ìäí…èˆ½kÕÐ Àà÷LÛ£ü#†RãíÜ$SÀ(HÄð'McÚÎÑ‚I45¦¸#ü§1/§ED‚*u/›ìfi	*GÀq…ãBPÿa¯Î/¹YYa†‚kÕwOãàéª:´ó±¢SdO£Ói¼…^‘0¹ÐÞU2–x'RMcæ¢¼‚{Íù(€›_ï7ô®)‰Å`‚{H1FoV@6zÓ$ªÝgÐ6ÚKÈcõIÕÑÆU6È¸•õKêÌóïZ±k'iç¤‰:eúZyÊ4ï¤‰ã¼ñEõ×ÑkLWØê®¿*‘lÑ«pkŠ²×ÔŸf×Bªðµ–r-7úÝ+_J(\
… ©³-".:<í³X)jMºSW¯	‰_Bæ	×ZA
LÉ¦Á¦óæÇ7zgW·œ¶¥úeŸ·TÝ±~èbÎEW•JÁwä^±™Ñáƒ­º¿E•/ùLÂG
ÅÝq2{"S×ä:Á²ÔÍ:­‰ùø}ÞmêbDª S¥`nÍ\e™Çè ô8RNB ‰¨rÛ6±¤4šÔry?±NñÏó¯M£ñgk Óàÿ1¿6$PÄ>œaj“É
²ÀB­J™½ªŠö¼ &åºg6ÇÅÉ	ƒ˜ÂÂ? hÚ Xp8÷ß‰ˆÚÝIÍ¦X,~&Ør`ˆ²­Ç4Ÿ¼aÎÆ´¼“x3!JÃ¿àÆQ*žšalE€4É ßž'ûyÚKˆ3ˆƒè–¾\yÑL½Ö’³ÒÐ‘†º É‡Tî°õ~¢¯yÅ6˜'‹Z{q&¬¤âqŸT90ceˆáFÚÜÛ~ º"ÕEPøØåqæ–%¶ÜSE`ƒiÅm÷ØH‰·ëAå=¬Ù˜ Â_&sbøÊˆÞã¥»H£QFoáaÒxh‰h¦ì./pD^K_ÜÈ ]czt]×
>ûštÓlGƒI¡—h=CZ¼Ö­
8øLK¨”Î"À!#FˆŸÔÞo4nÈÄˆ!•âXlWêLRY÷@5©{ü±›5ûØ¦š®¯|(9÷)[;LÖº…8y;Ÿ%ð?m±*?Ž#«‚¨Ì´4JpÚ€ícêA@rmäþ¿à/=~<æ=s¯Œ/¯} Æììý…¸­-Ço€Ø¢a¹UŒ›½àU©s:ÓÄê®)ªùJüûh¢¸³"5_¯ŽII"„|ÔÕÁ%èHðÏAhƒ¤rvÛ·”×’3ßðV‡n6¦#bÑÖ¼»Ÿœ—}„@ÀÃ}|Ž«×m›NK?ô§`?‡ÚfÜ³‰x4ÐÖ÷õ½]ì o®	wŒ+’¶æmV·Œ.éì
mõûô«lzehõ¸õ	¼…‚ÓjÀÂ¢CCÚëˆYW€ÛdÎAã}qàŒòïPŸWºÀðŒ£¾ãe\2^Ø¬@ñû\„Dœ©‡š‹nîÉíY?”ðj½³ôjñ—VÎ‘ÝXyÖçRêPß Cjøœ‚’l2nÍj”²cjÍŒ9ðZxÎ,9G¥…2?O­‚ù0ŒìP‰Qš9…¬‡)MS÷z¶ÌµËJAðÌoQ>´ ºRJ•mjÅ„'ï¯\Y;!Òzû³¾¸ì¢—;X¨/w*ªNR.îmÞÿŒÕ3L¨•…˜ÚêÒÈ|tÚüÝw~uqÏ•ûwÍVÎï÷æ&ùYç$äóÕ¡CÎõ‹Žüv¡[f$—/#³LSv\œ:x=Áôr-Ot8–` T®>†MwðTXÌÌùÔïŠèQÓÈ(s‰@vaj7ë²µF¿ƒöt²¢WÅ²£`¶9žeN«.oY`zF{R5°AõT8X.Zà5>Žžä¹º_ÿð=,eátÖæùÅ­MXâ[XÜÏÿ37îïÕÓê=ZÚ'kËœÛ½¢ìO¨P²í
ní«¥Õ,!lÒ[·¶Çƒ4¶ÌÿÂ¨Y>)5y£ßNí¬sv [Ø Tk”Ò3º"ª5¸½ÿÙf§“@1/Úà‡¯RòOx¯~¦Ä‘•l&þÔÿ61»êëÿ¡YH‚$R·ËJÛë2èjNœ+Èõ_‡øL]ˆ]XÚñ_Ÿ;Á€Ù|,^YEß#$†U. û˜<æïMé£<EPE¡Ö÷nùõ¢“žL¬ú7¾­ptv¢…LÌÍÃH]„ŒlqG;õkJŽ¥ˆ‡Qò}´X0YyŸu_Ú:·Ÿ¸Ýq›3ÓÀ~ž<ƒSY)ßwz:6.	õç˜€F±|*VJ¦¡ÉT*j7)Ao¾¥œÄ7ñ:ôÛ˜¾ÍØè,;Ûeb
 B,°k)ˆZh7ÙY´ÐTn½MD«I£Dw¼½UøPâ­¶sT6Oë]Í‚PËÆùOZºIU.Ø—àá ÔVb#mR®¨^“z¸«Í­²æFæªO. Q[ƒym²ëA„b?3K È”uYVÏ”Ü[éSZ¨=ƒåÐrpW¶Ÿq‹‡øÒãCç:¸×³êÎÏ2Ûpä¯KÈ> ìÞ Ö±]?oWcé÷DÂ6ùIÐ~,SeÈ«}`æõúv×Åòv=È×‡x*}¥9šž¦²±­$wkFªù¬¼Bš,Iè±hÈuM1B#¿ë[lXÌýáÕÑ7Œ¡øãU|Éa·%žX–‡áŒ¥ RöÇ}dÆ$ÅEª•Ì¾B¹Î9áJJgZìsÙáXDIm…b
S‘M4²vý:š@0WŸÅÿ·¦ÄèUžã¢;ÕÉÊ[þc›<Î¸S QIPO8GØw¿4§CÕÓEä€…Ô½§‚WƒÞwÆÂÖRË“^†Ú…Ò|w	ýß./¨N&ëŒ{äºäæžú~3¢Q8 Á¥5µ`’­¦:;üÍ\•ˆ–Pf³ÄƒÈÕãÁG	«²ž6§LDÒÏWÊð{FáëáÎÇk?Œ\2®À¨LÕ
*°k4d~ˆwjGÆ+µâ}T4ZsNÿ;´FrEåó»0°;^oðŒÿ–ÉIŸÂ®ÇUlÑ”3Æ€¢¹?ÔŽ¯KšçE`ü”‡xQ‚#¡ªX&c_YÔn÷ØðP:LX_À=M£žÏO*À?Ô­èÙL±´K¡UðÛ®º®Z-»(¶“]f ÈLs"m6ŽüêyøØ¬ªŠ8þZå\RaKÙâ

N*Ê9žS8	‰ÎƒÙ•IJ˜ùŽóNÄàBTüTÑñR$¯¡‚ñ¢·v­Þå‘ûD6u`üeRÖ-¼#%Œ©{eñÌÕNù÷RŽ1”‘ Ö—sûÌY¸yÛaÓž¹ÚŒ†|F­Ý2OwCx‘¢Í ÷a¾–ãøŠ–©žPÔÙ:ÖW¼®ŽˆwpÔÿ9ö8U;ªj¤¬´Öòð8kŽó9óL[#³þS¯Mp·*y¿ÑuÝØÖN$Hi×óìóSÿ£–¾ºJoÌæ ºmú­Ž«|/µ¼§[²Ø
²ÿ'e­]"zõøÚ®4á#!¬ÖiN›î!À<á”ÛßÒÑ›£«KêQWMƒ³yûˆÒJ8Ó½ ßV@øÈ’ ¨‡}E!ob9å·³lK“Yè{b^šsò²Wè~œ_w¾L“ƒ <£\=û€½A¯eÜ^çpÌŒû†QiJ.ÆJ4D.	éÛ¡½Ö‡s_ƒ:…<Ì©á|µ‹.Þº#f¸O¯cšúw'ÙíŽÛ·iØs3s¿¢¼m–L¥]|9‘ô(Ãª1¤«Ùkx!pÓa2MTVÇÈ£d§b3mŸ =Hu“+™‡n×´é…kT»ò^Ú\¬2vA!Áv`)Áj³"û…¤c–ÑI?æZNz³PiÌF 9,~þ#Ä[¥gÖ*Xb@þ K»l4s¿<€"ôUÄ"®”\æÂåç©­¿™ëòHrPÞ&L2:–•®2Ú
âO%wpÖ‘C#â(R	NÝÏ9Â•(§qà'aÞ}ˆ±¥Ù#û,…Á6±Û—ÖÒ1LqØ#uiÞ~†n³ÅÃð”r>Ì`(Ï'ˆ€¥»Uæ6LXùÔC„mã2_p‘ð¿Y«¿« üì…Ð²ã‡Éa©¯á [$
¢C5y:DÊÑ)Ð^§º	¡%|—}{¦Õ·bFz0Ó§½ÓJ€=FP}Fè*2§Â¤|8¦kX…IIjcw.¢E†Ç§CÔy£€êsÒPþ³®”,ÓùR@"â,áÚõ¦‡¤	hq#r`Èê¤g[q|Àž°q¬%JÏèN=¼”Üª˜¿X>¨Ls\¦<Ðwàß®ÄH´îÛ)¤V5p’21:õ¤Æšˆ
ÏUÒs˜÷/Ô2SÉèB°ÐlØê4‚›BÑm*€£ßî¿:)ër¹$‡³’2¥4¯•¡Ù‚WÓBºlxbX¾›Ÿ½ÍÝH‚ÑÂ×¶mh®…ÇÁ?À<byÉ{({ñÜ…såÎç"öür^%k»™tB~žWÙ^Ý²ë¸©k¯¥Xÿ/Öw+W8º§¼Sk‘¥½`\§R,yŠt.ùf=Üy¥3c[ˆx>a;œ‘2½ÛÚ|‚ ¯n0×lÁöHÌÌRk­îp=÷Ê=
`|9¬fx1Ô²@—Î(úÒ¼‰Ã³“·PŸÈ)GtE¼®îCŒ—‚´%ƒ#œømÉUV¾x³6¶ ”jî,W=ÊïèÄP	ütMé«Ã;uý /Šˆœàn¤áV)ß’jü_g0¨ùŒÖØ¼óÊOžzFÐ÷wÇË~Wó•û’ìwjë¨rˆäCŸˆ#{HðL1­(‘ÝjŸðès2ö¶%fÙõW"J¢ }uI,WÓë]wú<IÃÐ“)ÊNcÞBÛšà˜X¼ð'Újë°?Êus¬F2^f= ÎÜdëräWWt;	H¦ïÇì42·dtä×Å[ð'>¬“¼5Ø4¶O¸]Êí[>m÷Åîûx
¦|gÝ©LrdYªÌGÓÅí2Þ#@)–à9nônE}Úz{Væ><_<_|=ßî À`¨Ý+£¨J.ˆtóÄSF¬r¬<[ÿÎ]ß˜É£¹IRBoçæìoxJRTêüDáô@†EÚ£dÚ¨¼êÝ´gØíŽrÄÄ…qÝ®,©,«[*½¾&jyÕ*9v³¸ÐÞVéYÊ¥:j¤ æË‰ì÷µ2¯ Ò—Þ3iÀÑ™{°r-áh†ÇâØÜë=µš?¼ïA-å¨gs6}±ô„«<,€ rÚKx~Ðø_mº_&Ë¦d,´öû¾ìå
Þ¼ ¡ã”cØKQXYèœO6æ’v©´bû“
šß1PeÞ¯ð‰gyëC¢6- ~þònßP´÷ÿ´Wy«²F¦xè§ëõe\6)ÝQƒT 3Ì;ŠWÔJ\RÐ£¤¸¨ÈAt]Q~6J‚:‰øÛX¤Å Ä:ž¬W/¼ôÞDÂ¸¤Ìø°—S²æ‡[;X$ãæ`þ¥Ý‹ç'ŠdôåƒgbÀº„!š)]{ÛoÝ^J©YÑ¶™ä”VÆ­KGßøÛAü´A‡œ8n^ãÜU×}SõŒØ¬*{r‘4az=.ºì6†}M×³CùWð®˜Ç¯¯å¤¨ÉœÍ’‡$cidz‰©,A%vÇí»z=î_`qß)bŒÇæÊ$™Dùô‰øD’‹*v¡$¶.½G™Y»jä{Zv_ÉBJ!6wÒúL†öbg¼«d1Ö¨Ž‡X‡Ô$¥Äv1w^g+NHþ' ;Õñ’¾»Øc¡úèYŠòã¦?ˆÝ‚Ñ‹«¤‹¨Úi©Àê…mïÓ »Å…mLv‰‰Åü¾ËÒ•›‰AãN Ï}%xþ;¬cp[hü~£R ®æûK¾VöÝ¸µ,?¨nBhQ22S†•U{›,%./—“ëAÑ:nÀåiÖÈô”î«Ezñ,2&÷ÿh˜-:ªj=È½Cöc‹áæ¼Øm-xúŽÛH¯9ÑÒGSd£-Mõ¼öGF]Î¿‰P„@$Ýž=Ä S^¨‰{°ÛŒ×js¼ WëÕ«‹ß¾¾Ì?…¹ÞØµÉØ˜ 5°¤‹Cæ¾Þõ(«9ð„ okó8%O^ÞòÖ• Ç†I„‡Òj’ƒpn¬/}`D5çˆ-GúQÀo”È½I—¹7´:JÒ_ƒêXjE[õˆ:²oo¬bk%äðºz™þ+ä:šaÙ"´¡˜oq«."¿‘ÙìdT-ÖènU]2íÎ”@ÄLkMM
ò¯õ:F 1é”ˆi—AÝ^CÝ¹§¤GsÂ)Ò‰TJ¨y—]¢ŽŽ3ÖH1¬bEªûÉÁÄæôA/è6zNAuÖFõ¸HZ+òb™LÁµþ:ÞBÈÞ¢<‡Å‘Àñ	ƒ{²fJó…µ«$‹yzù3*qGíwr\ÍUk4¬&×7“³ÎlÜi™ïˆÆR®Á¾å´IhzèÎ‡J?‰ŽðGá-±
>…@ ·èT`?àD®ÙF¸&ð®ÑLcÕkÎ/émÂ>v³š4	jiiÚ‡!UX¹%?ÿ]°gÁU*ÄÀ¾®Z`džÉ°/äƒ+r-ïÎ‹­OAÿ+1šeýÕºCö¥Zª$3SoâaKŒ·’úOú)ˆB) { ƒëÀ++KŽšë|Ý½KùhÕ¤¶©MÔÁ  KGv¹ÒvAž6 »š9ºÔ®è÷Êþ\.?àRû†7§:ÞäÐ+¬$W¬ù<%¶	¹¨Áønu«_ƒÁ¨s‘Ž:ºö(ÛŒ½þnþ¬»s­'‹+¥ý:Ðíü[vñQ¿»}ìÌ1EµæzÜïp{¶K¥ê8¨÷Y|a™`ääi³
ƒ’s€°¼5ñÖG&Ñ%P!íŠ=ÊV oUL×åÖÁ32÷éeÑvÙ{Þªïs¶‚Æ´š ¬ÔU‰†;8®…‰+…­3N\èSùuÆ¥ çwJízÛÇDJ¢´ª!£Bßá‰ÛfKkð~êSÓp1Æt¤l»û ÙñëË_÷Û/¬˜¯Ò¡(è«	€aXB¶ãø=>Ë›ñx|Dw‰‚ìûÎ±¹|Ü|·…ýžïn"ldµž©\x‘ZÞäÎ£úŽb_å@ñÀ$’ ÓµØ½}íŠí=¢÷ç$½ì¡ì.¯ÖÉ#Ê#x‰ªe¡MÙ*  —ñ+iL.l¿Bq-‡.‘æb:{¤]1ûµÕP¨wvövY~F&è¢d††û«6ª D¹~Š¹6vöÑ©÷óV’+.D~Lƒr4)ÜÅkB)B ëÅÐºXy–WcŸ¼hÁ×AÎãó\®˜¤ÕmŒ3vÓø$‰d*f"AÝ¾^Å²<b¦W±óº‰ºtŽ <ÂS™dà4³I›®É`W‚áßÖ¿B˜£ê%^ç\I¬ó¶Â-›ÅqfîD›XRkñÍ­e0.1Ò–43åëHçÈëž/FžŒ¯p±0¥÷°íB(ñfŠ€œ°¶ƒu¶LeaX÷£®9zù +ƒ®h®jT# û÷lÀmTÊ'®´v\»Yº9ØfÆÍC08LX•/»•ûŸu;d»=Åÿ¨8Zø®-c	24Ê ÷Ó”‹ƒ‘íŽGIs¨ÝÁ0’§åmfÝTo±}ØÁzÅµ¡Ž0Hl‚QÄl e—4¤z &Š	eÏfKügEûYÚ†“ Z# Á i²kª´Õ6íú3ô‘º>ývÙBŒ®§?þæš9î¦ÏA¾óÿKfXw¶ŸfÈYÝÛOÚàŽÂG~õ’ö‰,`Eï¥ï©þ¢ã_·á		¨À×âQ÷ÃŽ±ÿÑÙºùº[ á³6eüY¥'• ¯Ž/&Á@·«<0ÐQ$A—Ç«{Æ´†bä#;ÉçŽîže·Ñ½+&ÞjùâW@Õ°_Úé!òùanÿÑ2l<ÿ|mÂì´“rvÑpÁ,ûéª”r"áÃÆZëWíÛïZJn.sº%’™ðô±/K(Øâ‰õhÿ½ªl_P•nšÃ¹_ˆÏ5pÙ´ÀF`=kÚ!P¤‰°kz1Ìq‹{ýÁýôÀ%ËøDæ”øê2î_GzuÏèx›Ã”é4Ï©=}%+:{R*ð¸YÀûóö.¹¹žMLs"ÑâìÔv‚+T6mæðS£J_y1…bWÞV€eUiú|}RT

¤ÄJTÎÙóP)[%ê7h©Ó–"èªºæ/…^‡ùìµbàØ¦ážR<<"÷A “i+Ž¥ã;7ì…Ð«½Þêÿ6¼~RÔK1<;á0+•Ïë\æk=Õžì{!ÛgÄ÷´›_CÌäVùÎÞ»Õ¿ZIã?ÆœB:&8­ÝEÛöFÝ1²:E›À\›¨óýVû{yÉæ¤–# Þ8¸8ÝgÖêW@ñ$nÓ*uÌ-‰R	ÙÍž™N`=õñó£Ù£:ž{3ûÌyV5&Ò”©3·Ô”†˜ß3ÑOñÑeÑŽÏ	¼5ˆ![OåKµœCºšä“¶Á“mk-”é\R"¿CÕ/B®æ,Ò}üóŸnš{r«÷VWÿKu²Çe/;ÊžT2^)Ñ¢ú_NŠ\¿ÍéZ/ä{¹oSo`áŽð\yêFñ˜ì?Ðá%ßø+­ºL'{;óÖä\þÉè;Í:t%‰<Š†zýIÊ6½ÇnmèiäLUÁÇ˜“|³1n.š8‘­ÿif³o
Î03IIG+ºåJ@Ÿ’qÄÒã™/ïÀÖE1;Öu;ñÙ-¾¥uìÓ%õêh~psô°öèh®–ê‹¡ùX›ÙÊÉïw}ª±º¶_t‡ ¥Û r“¶1x"=¼ýLI£Ír!Ýõëfj½«qðgçæµãv}'„óãFTZÅ÷!e0ŽHÅ¥½¾spf$ãœ	‡PG‹yÀÍ½Ñ"¤hwx¬tn©p]eÕ«O¸{7äÊ„èŸ‚Óö ?ªF3o²„’HŠ¨i„ï*Í„•–=`®$F˜Ž2JÆ A,ÝpÒ ªN¿Ùêq,tcÀëFó“‹îZ×ÊËâà3jCrHqcš»U-ÓaæÈ¤2ü½qç•›=]¬¯“žÝòv‰”F#¹£[ ¦Ý<×Z§?·Ìg_cÜ¿û*‰oœ^r"Þ-	Í†	¯*ÑÂ(üøñ÷H<e5ìãW)ÕW‡ZÇ9$…9}¦P5.vÊÉU(TÝ*£Q|™'yXâ¯3mmŽ^hÐÆÜ-o=Ñ˜1n¢µÆVPá1JØš›—¾e‡üâ¶ÉrtBðÇô¼L-H}`wì»Yæ>Qþ…·A8aïÍÆ¨Ù‘·\–9!×%Þš^–zÑÊ&ò(?8n*‰˜Ì²J ¬ åÿ*ÓèðûuG`ç‹{W[P¶·p>Ñî{­T¨zÓ)ž/wP¾4ÞN³C¬B¯`¡ÌKÛ.“ÃÒ3Ò
È%z¨ QÂm Ã
ŒÃC,ãåóÕŸ°Å¸%µk&(‚ ¹âÚÑ%Îªš‚ƒ‚_…=íI¸)Ù˜ÔF½Àf3ÕJrõZü¼€²úÊgpâº™ùÖòô§9Ò¯Ü«›ÑÂâL “œ½ÞÈ|©Ô.Û£õ|P¬¶HÃTð8S²Wœ¨Ï·7I´A”÷AŽ(L‘ku`Sö’[4V†¿yƒ´[Ð”?›vÞ>¾6ô_!^%ü‘Mš~Ž+*
ç7ÁTš©ÜÒú˜Ô—|ÑnÐG±¶¨7c=©¤Ø»l+zù®{©î Þ2;‘jÒŠêôe¨G²ˆOF¥dÇ-²â#ÏÿÐ~E2¶u¾Sgæþ–ì QÐ—ÑP¬„Y!w2./à[Ï_ûmÐwVZ’’¨ã”
-ÊO×rÆE«$‘¿Û)+Öw\Ýç{T^Hí¥R˜ôó?°?î|{DU\YÁ¦uî×‘5rƒ¬eUº¦o~GÑÎ‹ràÕ·	À´ç¾p.ö1š†Ô©&hTmš¢wÛ_;¡ :‡ÄZvÿ	±1Ù8ÛŠÄ×«©VÞ7ÆHnkê`¬èaÀ\"¹’Æyãõ³õÏ •‹hm×ú`BŽ8»=!×ßoüY=ü×Lã9ËOö+¨‹KBe+N²õ†1´8 ©ñz „¯8XŸY¾p>¯e¤%U ¢DTÂµaÌ
	*V‘}Ù–öŠ¼²¿–)*¹öòfÈWu4^L!	‘ëaàÆç™ÇèŸ³ØñÉÃ3<üSt·{!4·è’‰Si2cç
¿°í¾8RÃN¾»ß|ÇMÓþK¯Ú&/ˆË|ËI÷ÃmoÔgÒ%r×ü×:¹øìú1ðo¼-´…Õ@«ÑŽ“Y¥çÇ˜¯Ñ¶ç³?Û§Ù„	0}A†<Ö_ÑÈwã•¡€J°-áŽ#ásÝ×ˆÕ¬Ö®y«*hõò'UÛ
VM-Œ4»®ü‘´©'¹8S o†çÖ7!Ó­rwf"— 60ó$Ó´ozl!”Jhð5iº3&-zd\Å»ãSƒÓ°Ndh–îŸ}D\Éc³ßò-	71R$¦Åö¥!)³	’›|·¨ëÇ7¦ªÇ‘¶ñÜè’òg¹‰
xÎóq½ØÜb>ÎnÁr@îøE…µ¯ùö€}øq¦ËäÅ×,(žì˜rŽŒe7²[s=f¤nÒdõ	¬ÙÓ·„†=…þZÏtcôÞT£óÛ7Íà$åCy…3¤:ñ½;V<ÆÇÀÒÜDJ.ãƒ¸q{/óü±›°¸_Ý—	‘v‚ÿ_ P3¢ ºÄ3Æw½[gy¥Ds(Î„†:QDžR˜~*t4ï¾MŸ1ËO™ì-o7´á%Æa˜ë¡|88
Š6”ZOÊLo"µÌÒË¯©¥H™ÕÇQeòØHs¿eïš
†ffWë»)–]n«w›ôkm}4˜ ÝÌû>‹Šs·¾Q‚Àà~Å§ÍhAÃ ¦ÏÃ”.C¨ëo¢'Ðï>€! ŠÕ¢JaÐá¿o1F)9™óûŠ~€nS+…ÌöY–Gi&¢ÌH˜Ù“‰ÑôSQóÖ£ÒÊ¹8!ØPUÛìü½‚+êókã†aã¤©IßÛ½4&u«^Q:äD	þ²W5ŸÎÕ¬Y	(²|3çtP¬Ê˜èõçÕ{ÄÓ$B¶™Þøx{rIMPW3´êºJ¾†-8ÙïnôV³Bs~t}×± ¿¹ÁÂYôÄ%ŽÍÂéTâtÂãPúß´›æ'Î…/pE ÒvÍˆiÌ6SìÍEí›ŽKu'"ñpi6‰Ýk}^±ûÙk¥TW‚žGþñÎn¾t™®nÊw3w\îV*¼vÎBã¶úWœ†ys5—þäL[õ [õöÿ‚NÍæ3Î-ëþé•>`¨p§'Â‚l{¬Ñ¹‰Þ+UñÇ¡1šôé Æ¦Njò²¡ç¿Š(&ìBµ-À–°JX3r)©€·Œd$ŠóB¹J©yd4c¶•v³(é’ƒT
VIå“êq™d >/z*?Gî[«%p!—øø¢t»9E$de‘3ØR‰oëŽÎÜÃÊâ0'ÔF¤¡±ÐvÅXÍ#öö˜ÉZ¦ôã)9=k÷±9Ú~½8¸‘cü¿†Åƒ_'ÀÕð,v=Çu3¬É!õÒ÷3\¸dæM“î_Ë1JG•¸¹+‚;=‘'jFûªÍ}(—}J±…UøD´„.u|2çl Æyë4Âi˜âkH>V\ùmÜN[NÂùmÝ¹²{EÙóh)gLã5@T?ý‡°*ºÈJ&QµX¦r“öbÏÖ–@š.€Ùš“ÅþÅ·)ÿl¬·;‘súKØ(¸Mö¬®Õ7|?4‡}k¬¯šÍ<.eóQwí^pjÊiÛ¸$Æã§û"–M®«ƒ]ï YQAÂ©H£HÃ6W¬è$’®Q•‡	çôpŠx”®Ðö@Ö+"zuŠr ô$³|¿ A÷µ´%¸™Îž’|.w9%OŒ®"à¡¯á½ò´â W¾Â}Ð‰Qé— 9¬á'š9ZÒeƒ dë(æhí#k­:g64¶ÊOjè€8´t"Wf+÷š£îþï‰àì=JŒRÔµÞ«­ Ïo"°Ûé“°Â `÷Ñõbm_ ˜cÞÚ³·üø„NEõØ
Ù€Å!?ÊI–wX²Üì…ÆfšÒšìWs4ß›úbÖ*Û»øxúäáhÒ¼ÐoPà=ÌNoÞm#@Ó.ƒì“žh~päÇÍc=»X÷6™‰c¥xG$®;2+w© †H¤aÆÍ™•`öùTK«‰‹"JO¯¨€"àŠðGÌÅ$‘Æ]±_üX:Ö›é|n<
ePb ¨¢Òƒª;]¶û‘˜ŠXÏ´O~{¡ïs‚£Ê[W¡kœ°ó"C‚m/‡è¾˜ˆÁ5ÔÛ*¢ŽR:Å¯è.ß†°¢Ý—Éãç’{ m_+¹ðû€A­åÚ¢HÜÞpIÍŸ*ë—›Ì*½K„@’1œÖ—Ý•Ê+üŒñËáŠ@Ãá¶²D9Ü¬ÑoUÔzîë;Ësó—z|þB	£Ú¾Xå:2=Qé¥«SÖîL|ÓéZfC6tŸÓ©ï>¼“6Â«ó¦ú¶†h‰T*T‘"f¾W‘ËðTDr·0±gY¾ì• %ñsxÈJi0’qA7rÜ)0®„ZâêXeä(wl·×èïc&Ùq,ì!\nVNg¸þ>ézWÞz¤ævÓkÁIjN×Þµë˜¨ÜÍ€äQºäÃƒ•WêHCÁèæ  €…ÚœZ¼í¹ØÏ§EqCáÌs9|ò²ïß.JÊ³R<«ì¡É…=yV@’ERˆ—u¸ˆ}†D¢‡áo½–:µß™êç¿(¹n:(~ßNPâ9`ñ»9àæ9¢ñÂÃ÷oÆ]VÒ¸°¶/iðÍ-tÜO#åØp¥I®V¥ÛÚ9j´x5 c<ÀHÆÔŒ$äl)([/Eòç2läR À{@FåŸ¡m¹qÁ0×|ðÄ‡Ó‡Iüs ø½ïŠ›FB…PœSÃ¹;­{ÎˆãMr¸5„ž¥i¶YÚÂÀŽpœ~À‰ösþuÑ‹H PîºrÌã]7º^4û[ÿ^WW¢Œuí;¡yÔÑLËù1Ë¡°<c½^@IØµBËÌã-Ýœ¢.àÉÜY™>M6•úzëÍÇSºr‹m&bøâ¹ Ylóë–õÿAí hîFŽØJ.®ÆgòR@_MKÁK÷ž²%—“Y†M˜È83®f‰v=#eé1§ÞbÐ•HW5á]7ê€˜ßÄÒ:Œ.v%æåRgP\ÖûÉ­•nª‹>_Fö AýßóÒDm"
ìvÑ'küë2¬.à¢âô‹(ß/CŒ^2-ç_ýE—¦oèÅü™)ÿ€kA²Ié2X#U–Ùˆl÷œ±ÖÆgåLÐâ$ïúã_ÆóWY+Zö‰8(aÎyòD…9¶Ì6–!ySb6 =žnçÜŸ­×ÆºE°zƒ¯Ý<TíýwQÒ²{ [VVšSµfsd›—A'x`vIý<Öl¨e‰š4ÉÓvKÎñ½GP’ 4ÞXHÈ0ÞMrá:{ŠóO;oF»bí‰/A×ö¡ð9®ÙÛ½Ûý0ŸÔõDŽUPÀ}²u×q…sÊ¾!bEjMŸ24’«I)èãXíq¶ôJphne«BÙÎ,t •U‘lƒÁkY÷ç&÷0¼iTßnõ38fŸšWEKS®÷ÓF:w%dÞ¶«‡ë8«/±Pz¨xQù¹áQ•W‹¯SnáýB)1M´h.ñZHÛRžÈ.29,êYø/%l§ ðzÒ‰Qr/L\|XŠyº@›Æï¯™,Qã)ÇoŸ'éÞžÓ\ÇÏo:rÃ½°JKÍY„S|:¾¸'Ì½/^¿eÜuàbžL´Uå‹'_ÞØ‰‡®…g&wùÚc/Šœý‡ˆf÷¸Qï)Ú¡lq~Œ³Kì§HI¯F½Þ¡ÚË@ÒÅî'ÚAtÿüÓPs‡üq¨ÊãŽ â“móÿ`8’>¨HóZ‘Nunw´ÿBwÁ¢Uí:¢ÆÊ»	€	.lPHÊC~/) dŠº]³)QMh Þÿ<g€ŸÚæ[$ÿžµLÿI>ÂÖ˜Ýe*ñIù|rÙ‰6àù"ßæ°1å"ÎQ²\ZzFr~Ù£ËZz)‘ƒýêˆ‹·[é1âÊBÎ‡+¹c´D{ª¶	ŒíoõßkUÌù*Ãêè‚ˆ¿Y•&ÜÎ5bµ ËMš+záþÉÊ]gØà=n$¶eÛá¹{•©A¯f: _i9ðÖ$~Õ–Í'Ñ2îQße÷ˆ±p5ÁeçÈÉe¦WÊy¯Sö‚›0ïrÒµ	ËÞ÷ÿ3ä[>	uC{•cÞj?þ	jI;¹sªèI«-¯†ÿ0Oåêa0ŸÎI‹þqïq©'«<SÈ-Ek×òd=ë—"ÍÌš€*ã¨ñ£{Ð·¸ò¼¤õómÛ)…HÂ†yþHÙ€ÂBÅl•cñõ#¢þÁ<}¯{ÑÔ]N`¤ß{¯"jÑ‚ãfÅä
)=ÓHDù¯IKgï²þí¿]66NÖk€v¹ÕáG¶ÞWÉr°=¹9Ã‘mv­Óéþõ{!ëœl\${Ã¡]lRcý{)õù$¤¦ûê„>”â
UÌãNÈ89GÈ}6ÏhFþ›­œ”}ë9ß´yÀÅóI]Ø¸Ù{²›î«þ:u7ï&°L:EvãV“6”c]E\=å÷¦{Ö0çl_¤fõt×<[¨ ®ÃuôUÌª¼á[_RÜl	Òaô±¼’ìÁ ê¯j 3žl«äÑ9å×CµÉ=ÅÇ(ú­·W¿§íN!çH"M®é§Þ×b40Âc”Í!^Óþ:¡}Ži|FKÛ"=Ï1ép0¿‚C_}¼ï£YJ©Ãq®ÕÉEÑ÷r¨‡ÎóÏ"ÂjêÃUY=í<e7]÷©CT7ãÿÉºâ…ÈÃˆpØÈ…VnS9·Y\%Î³J»ËBý­~-¶¬0x·ýòùYACvb³ÑÅ.éÄQ£¶É‚ ï:HøS†ÕÄna«–Ò±2Ì^»T¥%×AòÅrÝŸ]ÌÉ´#¥:&(‰”ÑÁË®ÞHkz7©¾ë~bÓû9ßºˆ£Ï³FÜ÷4¹UµEŽ›+&s9çi>¦Vä	Bã†ùðV”\ÚŸŸ	JúPÙwÖ¿¬8Ì´€ën´eÃò^_0z°ð¸t*	z	“ƒ¤6E-ê2Ý*([óØ¸QfQ.Ç¾:.¬5
õnTXî|ÃþÊ”L"ƒòlðcÔ™kû.ôÎ¶I$BÆIò`€h0àÝîøÿ,‰âSâøiü]EÍT4gß4=ÝlÆ>ì¹<ym®¼ÝÆÌðNˆwüŒ<UÂNgá€ÚP±ß-
$ÀûÇmÀP-<-‚ÐÝ¡«JŒÈ±ÓÔLÃÔg*úÚÖË´m@F’êãL+¤—ílk ×†{çhÕÂ•v€qmÐl—ƒ*zÈò^ûýãb™ú.M¸DÍ´ÈÒ¬«7}ˆË!{MvYBé“Áð~²ÐŠŽz¥=9h™4fÚÑµß†$ÌÚ
°èyÃOy‚»˜a¨óß;â7@[K.ŒåVrß”éi?ó¾W'*«$}™ÑjitÎPz•X(ô ¼Ìð{'ÖX¸ŒÛ”üf¨Œ— ùNãUks¤‹"ïÅµÝ$¢ÕuTòošÔcã^­’]
"‘+‹ íöµKwR ƒ¥Ö7Uºb®kÏuÑ'7špˆ;sÕœ‡…Ž+°–½¡sVÓ]\~Ö²{c’:ÆG¶9ásÌöU„Ö£²ÀõQíÿ#nîÇ¹ElŸßniømÿirÖüô‰3ø\@Õ[`|ì;6.‹í£dzà2‡cèW€²‘ÞÖ”ÔŒãËÊŸn*ðš¹ÀJ3µ°VÚÚvÖäIÃ®Nl+ñ<ô³$ïõ-vp®À/ó§aÀ}ìkK·]œ¸â~6ÿgãMhAqè¿Â-$CÛÙ&¨µSì	¤6»BÙa“QCñ‘ÍÓ„“Kªs82cXÜ¾–qwï«ó×™Š±w“øƒ-ÌxÄlË¹~›Y²èO|O¬$£Ë54‹*Ô‡¨@o‹Ý·ç«ä~Ô°4Jd`ª±xÏk‹ú•ß'Ìˆm8šA	3ºD²Ò–‰XÎBýIÎÀ~à‡@Ñ‚…Ÿö44¼ÀÄýp©¥$©~õm“7Á9µ¿[#9¶ø@ÙØÞõìávÿ£™?Ï“w§VéÚ\1Ïü\µþÅbØ+-ï>cÔc7Ãœ9“ :¥-1ÑcY¥«]É©ã“buöË¤¿Z/úÆ +1„Ìµ•¾5"SØ 7 €
AWèÅ’´ÓRÍúÒ„ˆÕ%ÃŒS¤ãÆ%GŠ¤Ç3ÉÉÌÏˆ"1XÌUKw…Í{Õ;Ÿ=˜*+«nëî8”JI¨‘­Mð¹3›.Ë¾9¼%Nvë¦¤ÀïÞ‰S¾YÝ´¢ÃH¤5Ä6î@2Òm·öÀ.)_¤¶Ì×yù+;·„d:­ÇÂx+'vä]?klšMèaU­.†cþŒª’Í…š%âq½|O’ÂYáe&¹·ÓÆR2"#š>I@P"è(Wš”7Wù‘_¤ßð±iÊðqý%všpæÚ¢Pž²`c_Š¯ï¤ºAXÃÌåç…£Ä	ÈsmC6(-4†ÚÕN4Ÿ#‰×N,m¨?‘w¿IT+ÈÃI÷Aˆo76™êìL¿=ÕdZð«u2ð²ø<¼ÓÎT [^àèÍk¢Üã3Ò&|Q«ÿ¨×¡ì§‡Šã¶^PËtxrŸ¢+:*Ú Åqí¢¾V•{,÷1âß_I_Ü=SF›ßsqyó*èwEš_¶+Œ>ãPôw¾*r5-,àÊõÄüps5_
¾@‚»é˜@£o”§£¬p#„3ãûêD²ŠËWô	›ÜP·eÿñÜPL·`Œh”£ U43Ø —ñj ^Í-·uÂnÂà/Ñ¬Ã#wYçsî^Ò‰Þ'xÕ,“t>™Eß\¿?|5¸”Ys2½8âR<Ø¯s˜,k4ZR“‰—÷â#î+Š	@gý}U™@f_èwïe¦^Öy¬ö›Cñ¡/«csç“zêŒí¥…³À¸K:Í kÊ-)h¬ÊA‚=%¶GÞ[C™b¢wñÍ¼ð-îxæÍæ&Õª¤4…ñ’÷èª*ŒÁå„“ªfyŽhF!Øä„îù™Åì§îÖ#`,Ù)Ú‹n¯´é ‹L¡A¬**%­ÿZ¡¨aãx¶f´:kfH}DÏˆ§D'ÌŽÑRfgQ)ÊëÈœÀ¬zb„‰{ÒÛÊ÷€ø
7½óÊi(\H¿fÞ¸ºümÓ1%-oçÃÑ~¨{kOléÁg$Ä‚ÐéŽbè$™äÓ›|n›˜«Ÿ¾®©bÿÐõËê«ùßâIJÁ5—Âýñêu	Ä‰À8?…ŒSèþ§ÿƒ¯åžpàãŒi'þ@ÐŽcžË(ß!gc~æ{fÍ!þ®CÀÖq0‚tK½îÚSèëvAÍw—Ÿ½fÙºSš@çP²ËG‘éùŒ´ty4Ýi·ü0±²êÆÖýÒð†w±¾ÉŸ‰éÛ`%ðÀXö>h\ö³Û« DØN…^‰~û??ÑŽ“Ý$sôè¡š¨Ôé‡ØE	[Ó® tdðBUØýg |°B»'¿®\~d´cmf£Dä®Œqk§¬¹!Ì äZŸ“Ž¤Í\³º&WÈìo.—2·0«Ù‘F¾F/V0ÄÿšvàÚ[[DÝWÙð@GiZ—–{±–æòu0–“ÿð·C6¡b±Z†Ìh);ƒ£Ï>M<hx'P…Q`¯ÎÐ©îý\ÑÞ>bºs»÷W[½Ë!;•¿ðšFc¢¼æ•yvx€I¶|T°ÈòÊ3ó.sS²Ž³0Ä±æ`yµêr´Uœv¨µº´ÞÄ¿@ž„¶Ô:àdO›I.•žo:¹“{ù <õƒ‚~Ktüœ'òüi¡gí=ÚÑ?eË
ˆ©ÏÄy AcR¯=®FîŠþoæn8×;XÇ[$}g'Sˆ'fÛ»¢Ê¼CÁ³ê3©¹b¹âÄÚ·XgßËkáu­¤f:ñ¾ó-íí£Ò“>Õr+0ð|UOÞw{8€×TÐ92nª]ÆI	ËºR@GŸj•?¥*„“ÿÜFqÅìª{†Ý}20–v§)Tyù¥ïeŠXŒ–M+Ê->a ß`¤æAêL›`4g3LÕàÜ¢ËîXÎ6+¤J‚g2Q8A*¯×ù­ã6µTºª oÀé¨[[¾´”¿ó˜njsÕËÖœÆBù?,†#ÐüBOI‰‘±ˆøòf²dMøYÏÏP.©|†„ÞiùËO‹ŽBžõ%{L‹.K]FÍÈ®ž1'ôÿ©˜üVœÏŒ	#œu?¶idxýË‡B­ ¸oíÍ)|™RÀ3)'"Úo=l‰SÇ§‚¡26a ²>—H¡˜bŸ/+c‹•ÆÞøƒH¡~˜yÌ@(Y5€‰%ÛíÇcžj÷ýC"Ì˜—îË—ÿ©ó‘sp:ƒºBŸbYio€m¹¹F5ÀdèÂlÝ|°«\Î±™Äa½¦¼Ç]ÿˆË”
]:qøÕä[È¼2Q*$ðÂã¶º³:¸ª£æùçIcœVŸi­zÞPëŸ±¿U»ÚwEÇÀïOÛ¬–b$-^Ê¶„^Åâœ[ÃŠWÊµ¦dã1ØS7BPJ¡ 7$w7Ž‰¼!‹@Ê&œ’9€káXéNtn€2`‘¶ÊwÇâÇÇX¨Çï_ç]YÃ.Ä<Æ]UIBàbWõõð€ %îØÅïñåR®üñdXíIX"•âïôêYi®÷(ù¡æçã³T÷mèYü~kˆ>Ûgx8æ^±° íYh9oWzz“¢å”¨‚7£TÜ•` y¿';Ý¥ØbYÇV9éX·¼ÝZ\ÛOÈ6=8å3ìÕ^9y/IaúK°m®Æ¼À–8ä£Ï,b·…XsÑB÷áóãä÷À¿Û ®°Anu*"tpZxZ¸ÙÀ|2oÆeº¾Ü4KZ&5	<›¾F~^Wx_Üø  @!ö 1Ã*ÍÖø¡ßž1Äÿ\"†Ê0¦ùØŒ_Õbår<VÜÈ² ŸÍQnNwkŸl6&÷fƒŽacC#rÏ{Se Dþq}ÈüªâÇyôîz¯õ}Þh_2,}Q‹º1f¶ß3EV@Þ/É:ÛÃ)ƒù"¼dòrê4Û5ð–\:ÀYÌàM{L(O.ô@
È2˜_\-î±ç?°ú^gcMh´dNó^u ×W€¾Hš²>˜-Ì4>ô1Ú'ð´˜sgÌ0(¼èðÛ†
û¬.üzÎÂfFûN
Îà.7Ym£®†EnnÙÓÃãÿÏ×™.
@jTB§§ë«FÄ fiß¢0”0
ß¶buÏÆâ¢†«§.çYYÐe#Q)vAâETš;bK³4ÖÃxË‚ˆÜÂX†XÀKÅÌÜ]ä¶è2|œXÒ’.-fg/¸)Íy‡>X£FÔD@ 5‡ßª†ñ[ñ²ÓÂ3¼2`BÐX7@¿ÊÐbâ‰ïÃê]c¾Êð^¶’ð˜z³ù||—$
%6= F›ßçfs<IùÖB[VZe1ÔÐª7¦+ Ëà<¨æÛC	©™'Ù}ìñýÌ xiè,«MãWâÐ3;XÞLíoÂÍl|þß¬•ŠãèZ:ñcÛÙâª^\3”Q!SË›DH‚^àp_2‡~òO«Åc–`!x ó°3M£ÙßôiÉ”µÚï¨,~ð÷ËzX¢.+õom8ºRCßî®”[HÇS›˜N{8âàw‘äÊ³O«ÝpDiI¦ÿBŸip%žX³¼éxáøv¿K£;ûeû=r² »ŒNNíº:Š;v_Z™X¿QmÒTµ£/iÖ™&,Ìáo(ò
þ~=Jm”@
GãóˆV5f øß³ûƒ@û)úÈ8¿ü	ÊÃ§Ý9|ÄQ-©§Áw‡„¾cvÊâá|‰ÆÍ·C¡NË÷Ën÷¨Æk8Ú² _ö¤Žk“˜;7I®C2› ö»ožÀ¢¡êÿÀœÝq¹i hdý’è5RìQÐÑå^)(ÖšÇ¿5´¼ñC9‚Bªéýk»³%¡p÷+(·¥aPÎÄa:œw¹¿ÝsìJF'…¼ÑŸÇÕfn›º LÚñ;2(X5uXep%‹}§"OÏôŠ7øºÜ³iñŒcŸÊqo¨ÇŠ¹\T×Žôó,éëÔñÒÊ#ZŽÃ-5X-$AgÝ›r¦xå:ÿ
éÑ‡:çŠ—‰%ªiÖS?Š¼7B »vJXöcœ5+ý¬}Oz©K†³ã|Ç|ô 2ž‘y’7`ZòÚsýÒi‡ôé‡”Ž# Ô¤NS+Õ½Î$AjLÈ´ÛÈÜG/ÔÌÙo	Äõ…¾ËÐI¥NÀt/<9C˜¤•À"”/òôÓ
É Ä8¿‡.pÛQP­îCë§¡w¾ÓrøàåÕÏì;×tÙ_%9Ùc9…„úzç`‰Åds®sÖ#ñ:2w(]šBÛÍL:±[˜‡?á¦ìk“A]õÊhí˜¶ƒ£ÃrdôC+qÇñ}ÕPµ…¶¸Ôî\âùwË´¨“s}k° +_¿¬ÄI§îëÝ²fÿ?4{g“f'ó¤G[Õ a &V@»¹ÑŽ¨ÌÚñ;Óú$ömnYœkÜ¸ø
¨‘»¡Å$¨f+Ê"´#kY¯bàõõ#vâ§îXb& zc…eÌBK½"¡‚þC8>úo¢#s ; õñCß7¼1õ¬ªêÈŽœÃw¡lhòQ6Ì2QˆVÂ!fæM"ˆgóç¸6:§Û!rÁÚµ§VòËYÐ–s«;pzè±rµÂªÌðé-ºëˆ$’x$_iY“; Cå‹í3¤/âÖ3ÞÂÓªjº(D#¬¢³0n×„÷}f¯™(ÁÞLšÐÂ/9Â8Ô9ˆ“§2’É¬€&<«²j³y è&i•Çle<ã0^’j<ºWæWaàJ¼µHÌ£/ç*_ÛÛå†ÿT2Ý_ÆäKƒ¼3>øèöÐËŒ}2“.ÔlÂ
"G?ëª¡~êuWÔdÝ° K|¹“Ôüe ðáÉÄCtK‡ÿî).;¦²—ì»‡ªI….Õ]A7˜„d¢~X+í\,?¶"ÞÿÐ°©]!âJ­†ç°ê—@”Dj+5«=ù\(=Ì·ôn4¨"=ÈC²KKƒ†Úö@ZxY»á:ãbà‰ä{çxZ$ƒ‰…’¼T„¡‰×æjïy]\¥½àœ™%óy8,ÊÑmˆFˆWÍ‰Lþ°¼¬Ê«ò(MtÌ3\ŠZµ±	©NZ‰
›À_oHŒ¡'%4ô?{œ;b±FuJR§ÙåÈÂiÅ$;Y3éÉË:µb[{Ù;.|äŽ¾§zœ¾ÌÄv§ÿ–ŽŒ^tp¢·NÒš¦6«—Ç•ôõ4úñÆ|fÎ¬¡Öcƒ0'o¡æieïBAÆÀs	ù‰kŒ÷’—Éû²mZŒ˜°cÐÏ—‡ÙÒ0¹©X)¦×é9\OX¯¡£Ý~O¿	L÷=¹«å-Ôì-<ƒ8ÙÀè$|MR·ÊJXN¯»Àsr–Ò5éS9ú
…ïˆˆy.¤.ñÏ»
rØs¡Ô@aÐ°ìì»¦lOeŽ>ÈbÖ,¨¶•]uƒËÅ‚´u1Š¥—wê”nQ H‚w´LEœEáž¬–¾…›¦™bÃWÞÞê…ä³s€ër ÿvº	Â‘#É»²Flk©+t“‡z²¡¹1þóó§3+¶W ß©ßÇ?zàÏd
ÄªñÁ(ÇßÊX1G’¢N/ºÉû^kïHÑV`áeÒ3r™ê7IšÚhBØn‰–œ]ÒÄEÂßsIµZSO—:¶ÍÀm¡Ôí4n=Ó·RúË©s½mLµa‘Tñÿ Zú¶'ñÂØý‚ÙÓ,#,6VæÁ1èßqá«Ð·…€ØuÞ‚Ÿ¹®ÈÚt}ÑŽzDâJ”Ýþ•J 	Ò¹³e/ôÍSw8Q3å¦d*¡>öûïêx?BžgmLÙ¨ó˜ÄBÛì8}„.´ca…)®ÙHUYÄ¦ßÀîëõ±4Õz€rº¨ŸT–F¥ –¨M0=ÒŸ˜…h£4Ö"Ä<“çÙn2#«o†Êï²9ï×ë¡æ¦ABœ[Ž.éÇr$Rcæ#w®ÄRhûûÒâDö¿}t£5¹¾á×€~ì‹Mm…NëcšÐ“na.ÑfKU9ké€÷“‰9í$Ex'_óËq"ßE¦!ñ„>KøY÷r¦0kðn¼#6b‚4Iì”YxD)6ìBîaï:ÃåÇÕE-Õ›õWcaÆæUç÷½vd¥ŠUíÐ2iQ¨0‚º%›™MnúÞYÊY¨Àñ?uE8NMR€Y¢Þ¶#Ä”/iÔØ«áŽ”°ÀÁÃ‚Q]ã ÎD8»¶˜ï ú´¸t%·au}ftÁ
ØqVW`o+—95îe^.<IŠâã?<m|üaÞZ97—ÈÞ<¨t&t·Ïõ‹K®(2Ïé¢’bb@Ü<ÊÚØgõâAõóé#¥Ð&$˜o$ yþN:±†ì‡ì×°(î¯…ë¸Ô)SjS÷9HsqkÝ·Ÿž?ŸKRë3Ö7KO  ÿOU„û7qü$ùY–¥ÔÀ¯r"zÝsm‘éÏLM=\‘Àás[Èð˜04¬%ñb\¿Éú(¿]!érgÑ[Nãˆí_‡¸ÑJéÖ±º	Èëýô^Øò)yK÷ä,Y~">ØY©dAèJì«ÉI¼ô±QÔU?.[l©A˜aÏIÄ²	f,k°ôz;£d~NˆWi@Ç[w'ÞQDã‰¢qÄ.ïHå4µ÷hP¤Ë¬ïÓ«˜8—Á¬xIäÿ˜oÿ°Â#\Fx_“›¯Ùy;Å¥#ŒêXg'Õ¦Nü‰Œ~!¨‘™é™Ý»kX$·`­ûB–»€¦Âéi^ütö…"yº1ÀÄMƒé£é¢)AëÂ#+ý´Nr›»ÄQj^Z»óšR7’ÿî"V@ÝXöÌ ÒŽÆAŽ§,gm¯gde°Øíœå> ®´’Ö×Ø³ä¯Ýá¹= L<ØÑ Gnn	7ÿ•þšµ-…Å1!÷÷–&)&jâïÍ¨à è3i›Þf~>=°ºÂÚH]m`xà´õÁ1Ux´£,Œ0§O½¸¯î TŠFíé© 1L;cÌ3U5¬ý6É.¬‰hã³O‹/ßþú:¬oéaplJOUN}­-Ž=“–•ˆòŸ‚VÓøu!¾ÒÒÖÐ4Ä Ùž°]¹SÌ“ é¢ÄUyf¸zÆ@ÛØÝÊÁl©?d€[$ë…îÞŒPE„À—„Wç9 êQT‹;ýWâ€ÈÓˆ{S×æû£BZ—¼>öE²#ŒúBÒµ%<të&ãš’xÁÈw1ã‘ªæqè­²R Q¯Þ8pA“âP#”Öžr;×ìqåo¥R|^Q®ƒÅãýE§¹K?ß'1«jw<òÔjÃ†új]#ÊÐ¹ Ç(¡UÌc¸6 Má¨@1[z°G|þ§ø  £ªGª®D<=sëèþñÊûÊQ²7b¦eÑFk?€ýœŸÑ)A9À8ù˜ÑÇÖs¿9WR¤“`ŠÖ´òV‚?n²›K/ÄÞPÂb^³¼J²;ÞBM`¶ÕÎf4ŸuMuSx¶ä–Ü]äh¬Å1ÒñgšÁø£‰ÎýÜ€?±ÈÑ¸-ÁþJe¤{•U$ò˜AîcÅÀÔÿ&Vß`½–Û	úk$øW†+†jLP@3yÓ^VY‰}ép‹ˆÀ/Ý6Ó™WÚý ™aþ¡B¶wzfís-[eõÏõ8sú+#ÃvÙIãöSb—Œn?8HÍ$¨	æðƒUÍ^àÛc
©œÞ¾…ÀÅŒ]ôCŒ1ÀÔô°K½µC|+ñ8“YŠžÞ–¯oùÿÍs{EqŒžÓf[«³ÿLð÷§-ÐP¿Cë±³~<m¯\©œz¢×|Eu¹Öd4ñD,”ßf—:°V³†”ïJmÉ^©ï½>
!ÊÊ$5®BöÓjé7_KÓ5	Ò?‘¡Û¾ãñ%‹2¤vq”ï6bÛ$šv+%ÿr¥ê“ƒùµ	¿J,"‰z§Qcè%†UTŠjyšé…D¤pµémG5ªgÄFÀÅ{×0ÑáYSEoE§XÅ)ÛuÂâv/w 0ádÓ Uã%K½4fC¤eœxÕ”XdP$¼ûÓàWK¥|JçBÖkš¡wŸRM¡»cúˆJm,#Ù¾¾+wîœ(HÄ7P•-±<…6.ö@CuŽðm™Èu«ÖDÇ6ª|yÅþa/%½†{£É].êýgáCƒØqD ø…#2(µÁg*^ºÿb¢—ìzU­”½©Œ–€Ò‚‚•)vmf:&“Äî“ë°8&ªª‡Ò€‚da¢†œÊ|ZÐ=Å>€¼J©T†¹±úçv–Ó£ÒrL„œjdz:U·\†%˜åya´ð‚Ú’;nÉŠâÿEFã%eLðUTMDì`Í´\”{n+]%¢BwÿþûópË5¡¢„•äËG—WpP‹XÿñŽ‹˜ %1nîÆÍâ‘Ý§’»Žîå¨S@ËŽ2À•¨Ü)ëhêª…ôyÎëîÕ%¨R¡°Kª¯’¼ã<¹¦öñ~†ÞPõ´vwì~7Ð¿jpŒ¾üÚÇ¥áãá·±É/Süzˆ“Ç$H=+
}<³#»	ÊÊS‡V²ÔMÁJº}®Ô™³GÑ…žOäuÒ{Q
|oF©[M/œß³ÙŒSjãQF#üpûñ0nAÔj>á‹ØZnÕ#™ÆØê m>pr\-sÃ
IØT4§1ÖÓç3*NÀíæ¤|psDãyÏÙ5B³0º†îœX“ìJ­·‚‘Äl*ófkäl‚"Áåe‡ë¸é–É¶Ë	9¶	£½ëÅ)e‹7X+sðÙa+²ŽhÛ]Ø›6 àÀ=ÉN•$6þÏ}ÕÁ|ïb6¶…=äÂDÄxa]±3èOt×c¢‡}SÌˆ‘Øb§c˜ /Ð¬ÌÌ÷%úŠn+BO"ŸÒ¤7¥|$N?"<¸gRk~X€Þ/÷E•gtÖG¶[1=(Ã¬¬˜Oy	lI”Cm=ƒœ]+žþ8;&‚òrÚàõó·R†I¯Ý¯Í
<³üh6²qØ¤$ô.¢ÑŠÏËW™¬SO„7ƒìVÅl° b»q(ƒMþ˜È:v&ŸÂ`yÚUq”ª2;Ã·}•Ss`/2ÿ•†»µ†z rùÆqB4?2:oIpß—7(ÀXê"š³M^ø É­¢å¿£J_$‹·¥ò{Ç¯!Ä^Ÿùáð“ß^—\Ü
¯_-7~¡V¼v½8CêÈI˜oGmåÂ£¶¤»ùŒ?z—±ã}´Å„–˜É2œWI—PËŽ!uŠ£ØëXÙò;NË†}©œK[5’ºIFw¹øèÆ9¢P;·¦s1ŽëÇÛ‚"’VïÇýQ¨ÖªSçsýA¹N(|ê+“zÏàPpbÏ!ÊÉ…`õ‘÷£! gãmCì2¨H\{\Öû¯âù!°g§öàs>lÂÚ“lŸ#oÝf–ÎGªÜ·€¤nÊˆ‹Ÿ³°½;ãe\jñæÓ‰¨HÈ–típÙ‚ž(ñƒ½ åK‘š}@ªÊªªZ3ë†ßDG=.~Âç_ä¨¼cžŠ“¹&ÜòyÐ÷%z®d’{~X6pª›ÆŸH~³3Ä‘2°*¸E+w1)K(Ò†ZSqÿ€M%¼Æã×ôynS=4l—õ'6¢Ž{h{‘ð•8MÃv5Ú©¸câå•Ó`œ»zA2Áé*AâZÛ¬uU”ëº~7ŠÕ1]óý¾n„Òë>dC‹2P:®yö®]ô'
t†ât“7ý²X<‘¡ÅÆy&Y—„¬abÃyÝKòïùChÆýwÐŽp´Ž¡¤¿â±OÌ§ªU:áQlÆ¥âPaÁaB‚‚M´Zî‚6|Š!ë„NÝ€§1ýgÂ·|ÞbÊl4sÔŸã’Q2î6ó>“­wS àr šJÊÞ0ó®ÛÌQ2Ë¿ZVŸš›`q–¡k,8™¬K!xñ…ý¥$:%y¥ÅFÂ[âž!=Ëª±èN—If¶TÞù§!ìê‡nó4UE&žKGV`¨ÚÁûýÖ} 3M0ÌdÄ	RËãÇÍçÀÕ÷õœÂ6_‡D c,W¢n.Óàm,QZÃ¶l¢ð5p`üeýQÈ|þAÆT#u‹Ç+è†¸V–3¨ìzµ«&gUFÅ6•fë?C,å–1ãë¦8×à»Î´à:Pì[ûÀ»õ¬aNf+ïƒ~£F.*‘ZJ5ÿ'‰­½?¿•²Ñ2©wU\s¯Ø¸œAŽ¡Ðë•w+Îq`]ä±Þ¸•ê(‚Ñä0±úúÓ¦ÍfajsT!½0*lÓlàø"\²*€2|°ÀUÕàÌ:¡8FÏ°5ú‡ÅŸTTÔ›
+vÆ6ÁÕØ±à.öeö°šÃÃO$UùKï”Ô,(?¨ob¨VØÒni„w­tjb3_–|vá,b]mÒsÌ ÃÐ´ûEÆsÕQÞ²üLS`,ãæ%ÌŠäl šIÃ)Q"SFœ"ö˜YØåqí–SôÁ°oI
Â®MwŒ¡+Íê /4j Ç4ŠWõ¯²»ÁwƒwÉˆ~K%â#èÊ±.½Â2{!AHmQ G`Mî(‹×dntð3³SÕë»æpX¦L!˜æ©´™y®£J_‚9)g]f–.'™ÒœÝ
ÆX;¦ˆÔ##æ(–WÕÜ<ÖÚ¾Ò/{V5)Ÿ\Ò›rš¤YÐ˜¾ù"Ú,–ÊkW_¬ÈcZ×]oÖôéc*6C5xü’R SÿlCPK%¥ïÈ¶¾ÍáPöÓä_¡Å-éçLxr&¢ÒÖ%íSíà—/,…,n¶3ôd‚ÞÌ›gXM¼‘v‡oúíÇ+ªZ·ŒBÅ_6aOÊÍÂ> j±ô°pÈŽ”ÂD—‡’Á|Àç·°*ÆÅ%½êš|ô¡ý÷ˆ„ç|Ÿü­sÒç¡(w1ß°½ŸæyQ#ªYˆ–cÏuÉX ‚éý^ëÉª{Ð}`©ê ¨â½Q©Àst’ì¦×™i5ÿ
PŸ	‹…Sƒ…D'ÿƒÝgÙJÄ­”}Ÿê5znK‰]9¾=Ôã<¶¬Œ¹Yá'Š?­˜6HO$-Ë…`!°.¸ç7ªóß™rK³Èùø#*ÿ8‡NË]iýJØKÉa”ðµúxß.Nó½JsH „¯Ü…Òó&É˜s÷ÙÁýñÈãôq÷³8»À·f&’Ë\`[3Å÷ÆCwõÛäFr/W«Olš„ÏYÈ•±j@¾5~$nÊo­'ôŒ.ë#ƒÓÀ€ˆÝØÿ$Å£=–[ôÒË¡Ð¾ân
FD5Z¼]Ö½Àû[§ß,š]zí”|½'46î¥9kš9ìÆgÈå«§-ŠïÍ#úø:Ê¡Ç­FˆýÙ²H¥§‹#K3€¥âÚfsy•ñ›Büú3ê6_iIW‘`¹µi44„ô—¾¦àÓJN–¢d °FmÄF±Wl`_ØªD“ò›âÏŸp‘Ðjïç7Ð`Ó¿
¬ ¸ë¹ÒL%h`›5
^úMPaƒ˜¨÷Žä}ûfâFoÛr˜i6I>áöÑ(ò¼Ý_…Dh:eåÊ¼QsËuëW@_ß@8Vb_Fî¹‹yüàÿËRp+ƒT3Ø'ÿ—³\çŒåqn2ô«[žS½ìÇÙêûåj†·¿´úºakpñûiL ^‘L+á«EÊr}ƒT²'¡É’ñ"wpÌ –Ít&š[1f¦Å‰öêÑþÏn»”EzÉ«·3×ûæéï4G—dSæ;y¬)ÕPn· ?¨êÊ·2¿Å»;'Ã7åëÑQ j‡Ÿ;Í”8o#ðµò¨ºÚó’¼æÄ•0ÙYË2œ}É¢²‘ô.DÅzõÚþÓ„uïíŽ7?Ãx˜dÁ)‡ˆÅO8ÏÎùtÛÉÿìÊWßåþF†VÉÛ[ÛyÉÇH­ßö7ÎõHÀB\gTÛyKŒcSÚøÛ^½£%î0v–Á‰)3sö§,¿N‹¿ T©"}(ü‰¯¬Ü-:jÆUR1ÅK®‚Ä,òþ–Z/ûß¡_I®éÎô·´.ÐøaŽ>}ÜŠêÙù=ÀÃá»šÑ¶JÜC$@†E•ÞÓÙ^õ$|ã‰Û’Š³'zY¦Iøû„|cö™yqÛ’$­V‡1å7ªœø+C”Š‘€J™Ímâ…±*oHGþËÁJíu³fnXB‘¿?9LÙÒa‰¼Æ`<cûv
öµìÕ’Û<eS0F‚sáü\Ïù"]¬EÓÄ½Ï´ÑÒW,‹-{¨Cç±é—-åÖ¹¹FPuIÑdÓ_jép|óz™Ø¬f„/Sk´^§mcW„zÄJÌš(Ó)#=gŸZ‰æGÄbG	ÊfÍ´;‰(MZ¡#ã®Œ‹¨„ÔW©rÀÅ
º¨Ó*ÑÂ#8síyz´Ñ‚p@ŠAež±ˆÂ$ÝQß…3†üNÎ3ï UqËJ-'9ÏZ¢Éy?pÂšŒÂ§a#Õ“Á·ü€Õô°Dœ+ø™ˆZË<)@Û3±%¹Õä‡^øD{j†cq6d¥ 33ƒ·•DhGR÷Ò^&¡*ªdúáçá+…¬ÐvGã
xôßa7³·tËdA£†37uÕƒ:äÚ_Mü”Á•á+»½ÔòÅ\é´šÍ“§©ò¹¨Ïž:{lT·&ÎÆÅn%Ï[ÝoèTêëP ŒxÅùP½Y]¾ÌcÐ™ž¯ÖºãniE!=ÿ‰Öºì¢;C—ºÇ¯ŸYÇ`4ôÅø!Üj®-EëÕîˆ:¯Ø¼ªÀ[¦=ÙÌSm›2@SZÍÈY¡«¥Z˜;<¾l·¿)€GZ$Íº$,\=@Ç<Ã1ž^#ý"IM˜3eÀHØÆz>‡¬æå¨p™q´…UD´ŸI°,¼9É¬rºé,ŠÿxeG–Nöƒ¸M†÷Ç /ÚRÉk>ôž¹O›º~Îù;žö}˜Š¡¸è‚eü“X÷+°¬§l—½²2|éF6Ë‡9ruwœc´)¦0š&B ™êð§ÂâþcŸ	À. ö0í~"	— úÐEªÌëwyu€uÁ9]ú{»©ÈOÏKÞ0ž,u±¼Š?’4Dêu¾c^¡b]†©Q1­ÍRë16ç]™êè¦ŽaŒÍF]©U»·DkÉ5š%<{s, ô9‰|z±éFÐ¨)í¤R@< S5¾¼\ãÄtêýIÿoÿåY\3iÍ„C4åöç®~6Ík<A2v0føÞ¨øódä´iäç#Iæ‘o[(-à…¼U±'/’2•e]4xŒ/sP¯Tœ'VCn2I9.@fó»>o#[¦¯òF³ldhNÄ¥ä4¬¬§¤ä©+`‹Õ{ó­DLÒ¼Àô9‘2’¼-ÜS%Zï¦nÉUÓ‹¹È#Ç¯Ø¸m½sY¹.ÚŸO„"ä%{¹´Øû¿ J~!ÒÒ4X™ýùÂ‘êÈã­	TI:7{EŽ-¬Ñ,¡±-ò‘ñË¯*úœ/&LHfUÅÕÌa&Ÿ¼ÃqžÖ;ƒÕŠ9bì’Ÿ¾¶œÏ°(Sâ½û50 òùãvLOmývÁ ‚µÙ7–$®/ÎyG¬%GS«®<öRézéìà²PPšMÃF×zOägÒQþç¬‚¥/„¶É{)™s•´Ú$']E¢%8^2»e½ êôq3T¦JVúpHQ¯…(MÆÙÂÐï¶J8*áÍÝ-Ý‚¢À¹C&Ô¯ír¦Pµ«í»i~C[À©(¾%ïŽd‰žž=¸$¦8)2ê±›ÛŽÞLúwgÊUúEÚûBx-ôÔ›ºxu	}~ÿWÈ]1Ò/ÜUèbÁ|eõ;Â‡JßÁBm’=¾|m7´ÁËEˆeáŸ3“úßÚ¼ªo+¨0Ôì˜©ÂAà¼þÚ.c‘S$Óþû´fýÜD•|é ¨…27÷{q¿@°«óà«R¤/?ÝêãÔÙ¦ƒä:_›¡|Ž>Ç¨‹a±Uwn³ß€ëÌ±Ñ òœp²Ýìô| ~ÖŽZcàlòqè{÷KÐìúµëg’ÍŒÏÆúðBµ2†&ûçý-öÌf9Ôµ¥@$ö±­W~ÒªîÎPz:·6Ò„Ö¸.lº(ÈÏÿ(SsÔbB¥V[Çr#ßá$ê$‹jš™@_{CÍxŸôa/Jy L%a=œRûÜæ½°Û1ì
•TÜ›–¤àâ·y¦ƒáÍB6!­
OûhñºaòÇg'ËyÉÐr»H—Eë<ŒEÈÄ¡˜þÁw5?³$KCÛ«Bœ¡{D=ò”Ÿg KûŸÒ—ÖwXÖká¸º1ôÉÂð$¢Kc®x ;ÎàØ¹fœŒºÊùmŸ5V8*õM±OD»ú²Þ¼W`œ*’êJ<Xy¤ƒ·§pÌ—†à€¨µ †éùb´;p–²Ñ—ÙOt;a¥iÌµ
 ’å[íQ³
 àŠªš~€},47€J(XëŸTˆç2¬éˆR……“ÓòyZpŠ(®Cõ“Ä\;“”,ÕsþP&Ý§îñÉ~X"·—hÖ-9„1ø‘Ÿ¼?ŒŒ!c¬ýÉÖ
¢Ñ×PD•×?nþÑæQ»ï(âQ¹œ¿%§t97ìI€¹ªWÏo£‹Ww2;j&ÚdÞ0œÐWÌZÅù}/G9å}êu’¬Š³2N]@åÿïP FJñäÌÜëF19ÐÝ–þ„œdjÜ[°K¦ý›×ýÇìÂ°ÎdÚ$ªÁF£ž”^ðìÑƒ«ºË»ÿÃù¨ä6»n«Ý0‘€¹‚†÷<C³Ûô@bžC“­Ú=ƒ¸oï“œÂ^3ÛSßEjæjÇyü#ßV­;Rz³ýÈj»:5‡ÉÔÈWnöUìQco_¢ƒ!1Žù+öçhVÏd±áÙ p¾VžŸäæt<çÌ1GrÆóG‚ —Y…G=6Õ\$PçÆúET?²:T–?ú&yV	+I›òÆòJ+ZÀSvèz©6tÉýýZ8]eùt²æRÎ[Ä‘½eëÂuYüvv®}Z*e6¸{ÐnØküó©[±p{°åýþU%³»QEÉÖ²7È_ÉÃ¡£Ìô¨ÛoM>]~Ñâ¢t-s…´*Ýž­«ä;«Ãb‚ ÜÊíöð¶î÷ºAÄˆ¨¶ÇÏµšN$KC]c›ëÃø˜DÏ•Ù1ýáü•Ê­é6jdƒ—â$3á:mÚL½Ñˆ·øåË7hkö‚®tjæfhÍtVªõÎŽÎ6wîÎ…`øêLUÿ1^	¢¤µzÿrŒ¶´º
‡=XZàºæ‰%Ûš×!ÿX úµ¶-É‚Š±ê34L–:X;Ü‡ðOhÙÇÎ19±ÙØ¯äÉÚÏ®O»gwÖ›!M¥b}ñö¬x+-ÄˆËœ€Y¦ÕLö}g1ýX!£}³ÂÑŒœWd;ÃÅt’[ˆÓy¹/öõ°?`} 1*ùÓMfvxÇûY³ ‡¡»2öR7¿²¸íÊ~Ù“KÑª»Œºš=P1ËÞþàh>¶<ßÙ…©Í‰2âüC%ÝJ¬dÃŒ§´¤ y-¦RiÜ8>Ã9/é‰[ÏT¯6¢Û»ë¥9vd!ìÝèÝ²üÚž³Ñ«i<}á,±ñýÕÔ­4Nã tòÿ¦ê':.c“¸øÞÄM@yÝÊR£Í±Þ?Õ·ý¿’[—ipÝš]Ëì:»¬V‡Vå8àt2Ç†>«ž?Eåæ{Ì¨H[Ä½ž(¯Yµ8ãÅ@qE³±«äø…ÂÄæ‰ðç——sjWÓ#ŒõMü»&«]6–üv•Û˜¿Aô1I½»VO½î4ÿ¥¯8× ÙÒîmÅÔ‘»ãñ#ÝŠT| ðÕÀÃÛbo§Wýþ@w"ÀÆ?SŒyYæT°|2­S90k:·zâ…dzUÔm€?†We¶Žs&î“9PAûëÌÖ]!ø¯IÀ8à¢çüñî‚Pî0ìûÃÒ+‚]êåþàÍ˜*G.¯øûq!0_.ú†Õ=]«½·ßJ£ã$ìÔJå€g‹ÿÆ1—n…•÷ßM»·MmþT=ëœ¿¸+ªA+X*íQ©¯¦l’ÞÕn'tQ	€c˜æ»õQü[`<[[´ß¿Û{Ê‡a°Wøò{GE¨Ÿ
n :­ ¥8ÿ}@ªÒaMxäì¬Šyé¹_ßÍ¸d¦èv&	ì+™z;Âyvã0ÆÙË`sƒÄÿ²ñ¢äÙÇ‡ F¿…Í.uÏ‚„œÑÇ0†°¶íG¨KÌŠÒFÎ>áÚ¬µŽàÜ±Sj™÷™„ë‘RÝØøF˜ê@|RfÁì„ýÞ xÉöÉ<i)uþ³NuÙT§“L n:a¶¶3~
¶±é—ä	òN[8z<ÉVêóCG0uëIÒ6‘#%µè|'æŽéçe£*=Ó8‰ôÅh;’ñþ¶,ÃwCÉ8¨Hù»ûl—k½;&œç³`5pË=˜ˆ§E£Ø¥Ï0yßFÔÙþ£“ÝË(&!ÚP<_ºœië	n(79>zZ*MÍÅö’¿Œî Ed‚õâ.×£’/Zx§þÆ19í…q ¿oÛ	ZþˆY(á%Lr¼R’u §A¬Ë M™~.Ì¿-&Ø™Ï€uç2[ÈJ2Èyìüßù˜¾.än·c/ÃÓWøm¼%æa
¤øåHÚ¦@=6Ã—`ÃCZé$íÜ ;þåqÆw0HlàQ!xHBâ.½×…2¼«ÕiÄîäBR«õ†Í’í¼"´\Ý‡ms¦úÿ­û´öå¼§xTñ*"sÛ|º³`Ýeð›µºâ{¢r²Vå¡kîôpõxâ3-yˆj€]Ã6J®ÇõM›J(±?Ø6û-Ð!Õ>ˆš´+µ´M	˜#«aÿm‘&£Ð€†Ž'êÉ6n~¢x¬ p;Ö qE€(ö¯€’d³Ñ…§PçÉÿX¿ëÜÚÅiÔEI)rß%)±Šm“ñ¹)A=›<•T™k*V×³‰¯².n$œ†Ÿ¼lR©ÈLÏBBò¤ûÈ~åæýÂS¿<oâuïº@#ú»+˜ýñ¿ÿH_ÿ.x0ýcÈÉ<¨§ƒŠi¤ˆ C,k_(=ºjú‚%¦üé\Ž[hÝ‹,‡Ãæ
Òºš$mÛ©¡Ã	$naÁNñ¢}›¨:B¸Asp c¬+¶4½EÃ§6ƒáˆ<Fúž/Zxòy™µUƒ™¥M–®S¼êÅ¶“‰³Ž¨iˆØÝPAUYõlÃ‚:¦EIKéèçR‰½1:qÂÆN¢@ˆ
Ö¹-‚þx^œxºØÛQÇ¤#,ôyËÅÊ…z­Ès]Ø±ÊYÇ3JJVñ@f6rººPWÍ‰aBËNC¡F>YÏFKUWQÆ@üôäk/×zeêj
±Ýú0ó¡ÂÆaÂ”MF	—çûd&éÄ:>_²yRy#k;Z#XŸðNÑ(–0Å}÷pý‘‡[cÿN½õ¬™„@ìT•AM™ÍY5sE9öÙŸÄý,Eü`æ¤«|6Uº»ÈŒs„í"q!bûfÖ¨úo6ÐtùŽñó,I-J|8=ÞSµT³Ô‚õç-¾«$D¿¯	ª‹Ëhô=:øÞàÑõ>r›ÿ<›°ÖûŒÒ£Z¸bEkCï?bý¡MNž
 °^m¼¿¼ œ("Ø%à÷7‰“€}õKTüÒ™±×!fÂ Ù˜Ðÿ?{+ƒ±á˜ïy‘g>ÖuR…çµS=òW$©ÎÊJ$7eÓ·mR:¢iäe.àÔ[-‘Ê·/õª#.éâ€JV/ÀõùüÓð‚¯ðD?' J[¢vª=wúÚ¾G†!Âÿû<Þ­D¬«Þ"‚b†.¹¹íÀÅà/½×ç³ÁºÑ«ŸüÒ0Fi¥-ÂÏÎòE†±; ¤Þ-n ÇµÕñmû`)uŠW^’,È9ŒÂ;éü’0ˆSñq=PÙ!y–Ü%yz_dSãàpÔÜ£‚¡?Ã‚ìBŽ‘Ãq¥eÛI™ÌØÌÖyy,‡éŽ®x®{×H“¥‡Àw=mÂƒ3ðxkô}Ü#BYµW†Õ*ÙàÜßò5Ó7×ÿÝ^Mã¼›©ÍÄ" TÙ]QqFåÖEÏñRv^]ÍÖßdÝ×‹éÈü9×á›}m?á¹4¼)í•ãi'Û |Uª1)È Õ6‹O‚<áÇVÇH˜S£zémÚ9HÞ»Sš ±Í¦$/ñCD†’)¢!åTL€°Y¶‹û™)*ýYÜVäÛˆE*¯–èVå­BLõò†’’äXp¡*…·®Ò¿Sù\¢˜*ÎÌìÁäV m2:‚Š4ÛXÕÂ;|±—A.Äîà¡ÓhÙíR³ìbú% ”‹g6,ÖX	vÕªLc^,•¶oÅy®$€'rÊ5¦ë0·w!Âðñ–Öæ"ž–µ¡qó_hÆ×Ù]É4¨iøOw(ÀûÝÖâ§Þs5 nÔDv¨Üx¥A›-f×—âž¢‹IoN¤ƒ²XøhWÏL3dWM}aÿýY}%¬L“´Î45ì1û3dtÖ*³n1‹—iWÞhsjX}H©Ø$“S·=tºÉ”qEö¿‹ƒ—¸cÆú1¿X;ƒ“5d‡ Ì?Ì…²ÛJQúŠÂ+S3ìñ.APœ¯¿-£Ñ9ã_Å½{çi—Ù¹Ü~¢œC’Ãâ€P8+ë*(m°÷Š8E¡Z4NiÝ¶_Šc®‡°iƒV2¢WõP™üq<©-[‘8M‰ÿî ’RaGS ÎFšoÇn\Ç…üt;#e\>ÏásŸû%F™¸%Žï³à6bÃÖ#+,œÑ/µÇ¿F‚ù’¨§~lioÑæÍÏl¼©°+mv!¦‘öqÊ{•ÁEzïk¹ó„ŸG°~hübŸ£Îx=›>K¨%Ø"›ö)öùï÷+ÝüÚà„‹·í®à€¶þâ	¹ÝâÊPë$%ªcR;·áXH0Ä¹Pátda.]ÚÐP‡fsnõò¬þ²ùGäeVÖþoÒ #0ÅezÒ²pÉ¿¬šZéž—<Ìv+®õäÞÄ4t¼šíD{¼=Ó'[gÝð—ÝY†Yrº’,\9Ë\²ö“z~E 7CUÿpg¡n¸çÏºö©!äÄ‰ZßiÜ‡}$a¸Ñ³p{Æ®¦¤J&cá`1@•ÒvZðÐzà¨<ýåÞ¹Š"³6‚í…LŠ`¡ ‚b`áFÍ‘>¡ÐQ8*ljåÅ`­¶\«µDòÉ$šzXš¦'¦òŸ€—Ëéƒ‚ ã×rÓ˜u€ÖV’Áç>m9y˜o†RqîžB€ ¶·ñÕœhÊz“€DÃãîœíËnö­ˆÞBQ‘™ôÙ'²x¹¼
cBÇøH±–HÝDm¡Yr•Þ–2—r¹)ÕüçÖXæ'>¡Õ1sô<]ë)ºTœìË<T8H03ÚÊHÓ²érH' ‰ÿ¢u> úrä¾*³¾dQ©žþçÜÙâÀî§¨R5Ë–B9#üµ™J[ñ$´$bÖ¿©ä±ö¡z?ÃSöZÚ²”4 êl‰œnã8a“1žP öÈÁQ#÷T‰ìÙ—ßÍ}vÏÌH=×´QL’6€}?øiŒFîô_X—"2$^ ¶Ÿä§6¨J·-–`®å±y„_ØK ‰×úŒó(®mfŽ›Þ{æ‡ó—uê°Ñ­kÐq¤RþÔ³Œç@Í¬‰º¾Ý­^"ž>Oçi
r´³¼43Óà<Ë.~›É'£þ­eVYÊz»öníúÜvnœø¾4tyüþc´rŒÓÌ,CèMeÜŽ¹Ø….8T/’.ýÖÚüöß·)w»væx³ÛÐT¦ÄDhZöÝ:Ize7	•]gEºã·ÍzÝ/-’áàP»ÐÈvåªëò
ž"úrsQ°e>Ù„™]U£ÌßPb”ƒâLÞ 7ÔØƒ˜%ù&ôñ•?ïÊØ®tžúŽ¸‰€W 'õåšS#Ñ69M<ÜûìÇ\ôfKl“_Î€qµ˜	~æÌ½øæëÔx7àÃNu¸¨ùŒÀ^«_`Òý¬Ð†UEÇ»Û<ÅŽ¤íAø¬?ëÏ)a‡d˜X‹ú¸é¿Mt:ÿKä÷µ›ŠÃÓ@¦CÄÊÙåËððq¬
•ðÙÅÅävú®‚èÅ…ÁK~¡ívVºr³Îðüxº{ù†özÎ9Å‡KÜ\4ÚEeÞŒý]<¦üÇ­ÂÛxÔežiwn¼4ê¾ù{Þ\.ÅT(øC	wôôÜÄ,²ômDè2–l7‚ hpèXQEú
œs{’¿[ô°$‘û[CØçÅòc8~¡wbâ9šÖåt¶SMÔM¹ØbWXŒU¨e ÏØïbð?yNX?Û~Z‡So`'óÜ)—­hÊÑle‹-ÀüÉâžË:FÐÌÅt_¨Dæ{öÛìŒ(†‘ÁRîdZÀ6gÌ”ÄP‰61‡²Í°ƒÞ†nü×	n8¿‹0¹¼œtnU>daN^¬ZØ”š¶.Ätö™„ÒèrØá:pòÎŠX
³Nsa´<	“‘XéôqIK¡-8éêý6EÛçãWz…c²EWþæ¾F+IÄ‹¨ ±a§O™ô=ËyK½´¨å(á¬Ð {°¨Õ¡³!Þ)ùÎH(¿I©©äóŠçÌaÚ•œ{¶¯Z:½Uò²zJR¯C2ú:ÝEYŒSØéV™
á¢õË´î	5ÙM¼åC=ßW­®ac#&­¦œÒ,ikD"dÿŽ-µ«¢1r™E«f‘u…'Ý	Î.RMÞ& q9ýS“,ÔVˆÒ±za
¢°ýñ!	#¹"sÇ!œQi¼ÎÙ£ÛTÍŽmp±._ü¹ÑQ¥ãnÞÊãïYº+Á¥#ÔÑ¼ˆ/†÷¶9
NTíU©z»2kS€Æµ{lõÉ¬¢;Ïl}0Cî¦ˆ‘Ô*AUd>h{OG'éHñOegïx=|ÔdÙá.‡,âÍŸLÒ–ox~0¥à×³:Wûiàþð‹ØÜÏA±‡Å 0YÞcH
*ÔÊ_Êž¿Í•Œú&$(úJîœq¼–ì™ŒÍ:½§2–$ÒøÀ»1‚þ}…Õ´¯bNÄÏ
MäHuN3¹!FàwÄßæ°C'œD_næ©†ê$äÑâÄœâç¨
éª†Î”üZTà€Ýh&å²¨lî=¹WšË™ý*H8ÄÃÁ×è¡ß4æ“Û?3ÁÁ b\ü÷‚„Ì½CWþúÄ-iŸ!dý)àxî‹ãz…kœŒ¡<Y4ºçDÚJ:
§®g€9Sõ|ŸDüšK ¼O®åµ:1¿EA™zYFwÆ“Šafç~šé•Sf¼ZÚ‘>=«Æ¯ïÇB÷ßŒ~' â@9&z ®²|Q’ÕÇÿ\cšð’*¥¯òwÅE°q~AÏôÀ5¢˜?>F†eC;¯½+°?hî×L[=UÝß—5NY&±‘béš‚é¼yO­­`#1*—öÜºAM«¬˜Òþ”ý±ß"ž^‰'ÂÀ 8ê2ÅžÙÕ¥à´É ðßwŸ-æ(²If¤€?qK«	=VsÑÂM—Ñm…@)—y5·YTXÑÊ	’"ž›
µ`iS*ä9ÉNÎ¿Gw+æò³6+Núž:°6ÞÝÜV/ÝaåM’i9!‡öÁ°QìŒûÿž‡XÎ©e¯`·‘ÎcÉwŸoF(§ŽâÄÍB‚3ƒû_eIˆµÜÑ»}ƒ6ÅÜ/º2ì`x¼’ ›ýú›«Þ)<ú8ß±Ï·Ô~­„±®Q^8g,å,ä¶õFô@¶Lž¼ú%i‰¥…8ä˜³ƒõ+uGnH¸ÍÏr%)0S;ÈÄ„åtö+¶˜;}šÿ×Ø]r»þS%¥EŽz™Zÿ4ú’@ëˆ7aPèÂ xO¢–ÉT[QÇêºM¯¿Ý¼È6©€fL~ñQ7ËXÒ5±BÌŠÿ¯2º-íf:×ÑÊÓÛˆ‚î†°ÂLûwí’—qÌ»á“%˜·Å¹­¶Ÿ‹gÈ¶é¥Ò\¦š'rÝ´eâ)\XÖD‘_ÄbDZÔÖ\/kH}òÌ4àíS`OÇº±aÚ“²SßÃ+øñº ÏaÏª§”Š™¢%+myqv«(YÂI5›Ò3ƒ0QÐÙ“ÙRÜ¸–]t:æ8ñO
:Éu ‚où¼¤²ð;”Wöìy½yá°à”\“[2Ò«Ç orIIE)ÒçC£@v­7v—ÌÄIð‰î&ý|*}§Ó¯z.7Q ÷ “0†‡Ä\ê¥-$¶¯3ÓÒ¥Vj†p¹z4Ä9ºåá{¢!À|ÜCñ×
4CN ” ×m.|Ž„y¡x¹!(üÈ‚±í÷ä,–…~&Éf>>L„Nä(ld†>Œ4^)z_‰ŽÖ¿7|Ý™…óz\ú'gC¾y)ì@T-‡dÛz$ŸPÝžk–ä‘8l¾‰Ê,KËÐ`|Ðu(lŽÚ¸hN48Öòô…›ÎêþÞy1*ô[ÁåÄ4/š0¨{œ˜¾Þ¥§Qe}¤±ÄêbUöSN8ÁÍÿ(tBÏyýGç§pØÑûg»'‡ƒùFEk‡ Š o8#õ½%+Y0bÝ1m03?ªX,Ó“À-Y ìŒ<yå[K[Ç´ÉE/†yG	o…ŸI˜nbÂóý7S’íKB[´Ý|­m[&dÓPx‡”îá!8rCz|…ôKé=Ö°Æìù\ÜÇÉA,µÿq15z¬5e¾-]yÙRlp‡SdÂˆ›xáÏ•¡ocY–Z¦b…í ”61Ô¸šß¹¶ö
Ž bŒnQ6A}ñ´×º6UýÝ:3ª°à›®=pÎk²œfŒjÉž6£OüoHìöíäF¹§ÕÑÃš˜D„ý¼Å}°c
.Âç¤Ÿžeò´ÒÎP¹múàjŽˆžµËJ°ü	‘OdvK·³ÝÁrØvÚô¦8±4[„YÆÑõž—¯î7È^6¯3lYy+Œ·XéÒEt`êÊàºH±;êöÎºžoV’ñÎI°1Á†§ÌØ­]E3cÅ‚Bü[eF@¬á5ùØ1}´"GÅþˆ`„JÕ¨™¹ÞóÎZŒâöžÛñdÅ¬Þ¦AÈK0Îï°{¨ãs7-5•Z€ÿ…}pž•5;(}_tv?ÁøþXÃìcg= †ÙÃ·‚2=O7_z„®”k~é °œ?Zßi Á%ˆÎÅ£)÷h¶rH
.â´ãe}D/‘­&‡BRA\¤­¦KjQL}`b¶¥JGöšµ0¿,ÜxéY¹‰Ë;ºK´(¨Šë µvê÷OÌˆY³JçÄSZøü0úÚ¸ÀºøôAF(¾*XgÒ@$Én2áå¹/j4eßß=é´|ë2ßGe¤…£Ü`òfù¼GÖAªAGøãØibtsqW8µÛì`!Áª'±[)ÏÃ,[êêÂÌ…º½Ü—û·iË¸Òó%ßÅ»§r†3AMX*
ŠhÙó§Sá4«næËåµ(ï” ²ë@é7båßšjÙ¹?¢ïˆ!«ôp®—Ž;ú=
åÅyüŽM.a¼ˆû~?¬^BµçR$jíºÒî+ò»…$Ìw…~A×À%|>ÂrúW,Á~Û™ î’YC£ÇWÛ}*ZGWãÊÀ zÕÜ‚±«¢bøv¹Ä«iŽ>g¥zÒ‰¶”hß¢B/D×Œ&D¿ik‡µ®ÞÚ&¼ëE·À+4	$²¥zÅ¥…×äV`9apI¡è#sme„-kPcÌ÷Ovl¡îÐ0æf'h~h39‘,°ŽÔŽoÛ³¢qÓ÷{å‹îG±ß#[®WÓL›_ßö8žX‰É³ñŽ _,#î5ÆÐ9£3@^ÊG.•1®|¾@0h–~rI.YT9<àÈþý‚À}Ó=—RÎ×km¯“T«,ªÅXÆìhÙ‹îú%NO¡äá -^T”	i?=ÀÝù8Ó~ôÐ™X§å0é]XïÉÓé!ÔÊÿ”ïQÌ	¾b–#]-ö%^âiŒŸjõ€ó6órtøíHbù·™!aWŸÈµ^ òfÐt‚ª×{LHgÀ,£2WÅœå¾71e2¦ ‰Ûå«NÙLË³¾œ¢Ýv^|þE`‡fC{"JTÕ‰´PeóI:‚º¾JÿØ1+/Y÷×w*·x²FEêŒ+‘—‚Lk»-†Œ™"‹CålªŒCHæ…áœèJ¹ÂØº'0]g@ùMH®I\æÀ_ó†oŒ°÷öM§É™'gÂws¡’
«DÎà¬}å'©|°‹ªöÃ‰¼´ÜI7!} míl2Ë bˆÍž-p£÷“­¹|2æ¢°ßˆQäb&°—[|O‘1!^y»½ ¥
ŒuCÎÐºS.iq¸kÃO·kC@ÃU]‘¥H;ºÜ$à×
ÎÉ•a“Î¬V‡çµ$qdŸjÌ³_¶Å¬sIÝ1î§K*û†›V÷`•¨2<]mC[Tƒ,žÖ1Š‰gb§p»¦7´LºvvÀú?™—éŠ„yµS‹9a²˜B^‘XëÊÏ¶ùØZÍå%&V#?ˆÐE¸Tç¥n$ðÅÕu+„î2¼l±ÁòµÌ¥"™)'9§]/¹¾­õå£qû½Ç{a„zº½¼¤^_¦ææî¬DHeˆµS Ü_3¶PÇño­¿Ä¬ºNN:½+„X"R¢ZÇ$ÝPšM†ÌÁC7x‚zËÆ“£Ó­kÛJ\‹VÃ<ßWvZºº¯~I~óüƒ‘¦Å£¥O2Þ­Ú4MhOÌSãkt\«˜R+¶Â"SBïSùšD)f4M¹ü¿üN ŒmãvÖÈ´†Œõý÷:"žýp^²`GZaw6(;W}‰+À5$úÏ©mí
¶^ßm®†ÉíŒ×R~ËÒxÓ‡Cä…0jø¡$”(1Ñ÷»§þþvÝá™¢ÓÃtÔúL£ÃEÿ.Rß‚ÁuÇâ4›‡4ô`	“(ÚéöþãC¯	‘z!
~Y0	„Äûx§w,\Ö‡„^yàÆ6ŸšÂ÷Aûøy7†/
8EÐ¶Bª7œ·Iêù—ü.£¶óî$Î¯a&àúG'P¸Å¤›N§ÖÅu…·ÌzªÑ£}ŒÇ‰«WTpnVž!JÕ‡9Â“‘ÖÑ|k™áË÷öþ§m´ïFVÊ¿”‰u0–À¬KELƒm#’õÂ¾{L5³‹˜xœ4Ã<Švò… À^0˜Z%;[À~9iµ±K2ã`nô~ÒM›ÊDN)Cðµ¼OLñ™'/öÎ½iñGÝ>NÄ9£ûÏH6þã=¦ÃèTAéJƒcmñ‚‹9ˆYé6Ã„Ø_Åÿ­ää^mÐ¼«:LÆBsû $ª)Þ“ÖÝM(»Ó‚OyãÛÂ#¨Q›=ô—ém¡ja4nÇ9èVãIk)NÒ)¥B¤óÐJ+N² ¸9ˆ¶kßÂÿ+Rš,„R5Žk£³Ónµ˜´'“Vù$=9¶W³E‰ÚzJðj4¥GßY®•ì
Ô×œô82·ð‘X¸«Åá\4Gf­Òq6ƒU°»É¸3ù¼DmÀ*äºëÎûµ„BÃý)ÌòKüS9†9,˜Ì„—¿Â|%š'Š;GõåWäÓÏkÐµÀ‡ŸÙ­èà*¤¹š¶ÚíÁ3NuVl* ¿ü¯IÂhWt(ZK5h$bnÎ ×À¸“u¬¼ŽXI»@"Í•TÝ[_š YÒB}W¯­ùz^•ôT	wõçX¸è_"œøÑ—yÕÉLÂè’ƒ:ˆy!=óÚñÆû³Ò|ŒÄ©Ü¶«¼ÖAPþöSçT©t¶m«Q ²jvéG5'ÕÐ9`ÒBzE’‡([“‰UxM©#Á¨ÛsÉžUª£%³™ÐC>Š!<PÊ’&ˆ†€Îe¤ e-9ÜE‚8èoâ½v;juŽf'ZsŸE×—óÚîð­£Å¹l(â[ñÎjÉE:xŸAxÞ+qÍ.ótn†NÐ€]¯2kþ‰îµ1(BÞ^~Ùå¼À”™ÕÖˆ­R.K•o.ôYwŽUt=£GÆÁÆúé¥SÌivg;²Fµ±êû˜,ÛC­Ó¡j»wD—¸Y×“mÜ@!å[/É@éŠ²§›¨›·WÄ~-0ñ+ýõ××P¦Ü/mÃÑ†ÀË’ãÞ»ìÜ<ŽiNÅ¨¤|Ö=P<´ä©¸_*y„-‚ÜÈ[$ÐÑÍÐ»+‚’pŸ)Ç|Ñaö†=ô¹€§Ç¯"ú.h“,¼¦‡]kïKõiÎN‡Ç%~ô)–”˜¦‹°<ƒáR©öUí†œ€´ÀöãMý	&Ô'± Ãoÿ»t@ªß8°¾å¼<äBæÿ6Ð”~ÐÀë°åtj*“¾ªô~xì7¦“vãšõ«™#Ä~¯»ú;îúNS1×ÎºI?P½ÆL ¡€Q\°˜KAÝ‘FÇÒE–¶dT³Õ‹ˆWÜäQûR~ÁIlN,hgÎlÈSAâœP’ê`U¦4!6æN*á†MæùªCƒ²-’¹šSn¨_1V¨BßBÏÌA9ÔîáögÅjÑŸÇí’«üÍ7¾—õ0XtÆ¾ÛKsÈ H½=ÁSb>AÐˆþsaLMVÈùÝâõ²(^Ëñ'££ÝèkKÏÊÐR'1¹>P¤5fÄ†–i"cÇ ©å®ð$»*Rùdß<ÀÉd£A¥Õöü¿‰¸âõiNˆãVµ‘T‹¹Ã>²âï5ÆõëwùJWmRDíDz·t4«¬¯
´¶3pTBzíiŒ_\8Þ
¦•†–Ÿr"!÷Óùà\ä’vÉ´×OœJ‰QO6`“‘æ#ÒL‘ØõÔR¾¿f˜AÙÚü¢‘Þ™ÚU#zÝ9˜ÖÞÙH6OY±ñ#
>½’UÆ…F"1ÛŠþrMÓþñË2»á¤U(°¸jzD
NŒïà5ª	 Çe`åëA¡·Hœ2½U˜­Ã¡NsÌwp¥,“MÇäaq™W“ìøé¹“XyCðC;Ë¹—SZÐÏ%;Qšõ…Ì„‰QoÎíbzæÂŸØba’³F˜ÉRnÁó‚ak2ho	4…¸3*ëc2ï´ý¥Ã§Û,«fX´]ÄÅ:!¼ÜˆŸ`Eš˜aÅã«$¹ò:Z# ,k[ü´Òß—¨ñ1ó}”5siîÉCTÅÕzü´XrV™æcŽ3²CH:5êÐœèü_{ßËzüÎ±{CÕÔ!Ec[úvì_™m¶†Us¨Ýsg_êK5<©Û/“ôzüèârõ–[*u¯%:¿W>eÂRÈn¡ÖhN@­“åÅñ¢ãtÃ¿‰´8ðEÍŒ."Üˆ\ˆø‘n? ÓdnÁ:APjëâuknÅÒ{k¡®×áÚ–ïþÚ´íGbùsHa‚ç˜Ò‡@ñ43P³Æµ »e¢¾.½R;6­¿Ö¿ÚÍüÒXspÃwûúµºloó½‡uG	-¼)’Fö7?Ø\Q"…¢Œ5½4m›AiRhýí„tLq|Ä¼×D(g)ùmz|ÛW„vû^p±cƒ‡uÕ‘ûgþ!pukýC#Š‚Ww¿Œ¼˜&¨™ƒnKZ!Ëd×ºÝ©®i¤Påþ{?–‘Ç»éj©| ®dsî{«ýŒ,º©xÑsˆH9:L‚Vâ<®3,F¾øÆ©5IÁµÃÞÝ$³ìs³ËŠŠkÖÅÅ¼C¥SíõËÈøÞ´«‚Vàþè×¬èæ}.—?–÷x§×’Š ·{£çÔ¿º¼äÙ±3³ÇÕQ/HE®ë¯Â™Œ’€šû¢qI\V ÑnÇv&PÊEn;¦.Õ»½üqXYð¹ÝþÇÞ›FvÂUe¢1þ‹·&ê–y¿fZè/ÕÓ††vÂö Ž$×·oS0'@å§ßO¨"a)?åîh5íNu–Y¡~œGÛ4aPßÍ"¸™ ô+ !¯b™Œ1%ei7‡ëf¾Q5&if:u‡Q;ÞKTZ¾ÓÇÿàÍ-Úî	.Tu›',;	ï¡5CôÐá§m ,^¦¦œï`ý)ÅÐÐQ]ÍÃ§ÄQýøäÔä)*šÛ[&•–³äÅc0G¯Œ#´”É)ë£¬ºÅ‹CM™OJf|]ïèÐN ,¤œiÃøÝY$£ûÈ3M`¡±Éé.éå9›h´MDYéå“È=Ö_ê…£ß+%Gk0Ã¤|¨{X/ŒZ°1m¼&HwZ2K!4ÅX%ƒr—4”¼ÞZœ.ÐÞ²0åpH©Ø^ûòê™\¸í…F+Ë_¯ÉPÊ¤ÎM±‰ -C$ñÑ•ªà—€¾¢Ñ§hÿ„J„òÄsTU—q(±Ë3ÀsÑôÙãT¨Ò$ø^Jˆ|TØóØƒv¯:‹4RÑLàãÑ¾Ù|»^ÉòÈÓdQÏ®bJ‹ÚHà*ìÚíK¡!zËÇ=w+é7S×8÷U-ÚÈ;Þ«ß¥mg Å6CÐ ÷¦\þ²Ø=æÓÜdŸu#ÉÕô¯}}Ý‚‚i²®Â+´_«K›þÆ;Í«wG×O$³ÙÊþv òY¯¯eÚêxÅ~(“Ô|¹È+9²hƒÀ­ðÁv­áÄæ£«Û ú3ÕTLÉ¬&{÷Wë<rC/ìFq~‘fž4Ðâ„'¹kt¼³ô÷¢Tt©:¬
ák&ëŸÊ‡¿¥8L’¯â
rñD÷^-=Èàñ‡qÄ‰Æq1j#Yáñs5mæ+{Ð+Py§` œÝÅÚ¤æÁ©!-~ ×øëm ¿ËãËq¶`L÷5m‹F¢^?{Š»¼0Ê5£GTžÑ¿æMï²ó¥S¹miè&ÝÓ
srÙÈì¾"íØ±bhxá]žùr¸½ÜòrÑÎ¼C'ÛV-½'²éíÊ±#ÕRbíÙ„ä¦Œ¾+,Ò™ì«Å.8`½!6r,ð1ˆ#· 5=·‘Ù1(R©ä]øÄÚÊŒ©­‚¡HZ$}$Ås»ÏB¢“sÜÍ)^•Üš&äaçLŠóï8í¨xh*%°”¥Á€Ùµ§.uè6žñSà*)Q½SÜ°ŽÒ€]ckõÌ7‚œZ–µYû¡4î1Þ[Õ,•$+;˜ ©Šû¶Ë[‡6›åGú©\s=Õ‰ZÈÇQdóß*7·!Š˜>ðÇtûØUiÆ—¾þIÈÃKL/@a,DÕ³b|¢ÕH$åÀè{J‹¬ ãé_hü›ß×Äúl= Ò‚W>mg.óWKÀCÛ¢§uhxš<wêº5W'¹=¸áX‰)Z_déì£²G†qæ#øùãkáÇ¹E9	Ü‹mŠÍÛ!šÆ‘›Î˜Ù¾Ÿ‚uPÈN«ÿô¥Ž¾S”àùp7ýÂ*`·Ê"ÚJú¦e§ÄÉ\ÂžéE\_b†í[ÇÁ^šÆR&mÜïCáA¨c
²éˆ<’7|óÄ˜Ã£¼‡²?s.«èÈ{äUÀ\è½LIå$ÎQ þúkað„G24Àùs<aÍ½)zTÅC<mô$~ð!^z\é'`I3N'h¼
RhCÙþæ—pÆ©“ý¨)?RDe÷±Xô3yžgÂ]÷	Uã]}‘Ý»÷Žv¿Tt(‘âZ¤zT²½`Ö¡‡=šöÐ¥»>è¢“ß^óC½ÂÖjá ›³«<Äh¹6/!˜‘6$ -%ò¾(ã˜*šÞ	ªU´3*E÷PoÄI²ãÁ’^D kb%ÑES½c£sAŸ‘Œ	Ô>þ
ÞÖ®|1lý´OéæQ]LŽñ¶#‡:™b±ÓÊLŸ­”ëÚH‹;ÚOŠæåI“f)¡M¡-mK¿^vFC²‚™ýRMmƒù/cÿq0S%´’ “R˜zíÓâˆ’ßª_—±×)dážpr!§ÇàŸBp×•Ì¦…úá
‘ð¤]:ÜÆ×€ÅøTp®OÆjÉL\¹³_Q‡2m`Úá¨&y)™®Þ‘2å‘TŽhC÷km%¼×º©YEtQ”½¹™?3ôc1hºçGæ[ÐEcNŒàW€˜Ý.R ŒP.¢²Kõ¯Šô`gè#.¿cã…©FC4TË”®t7¸®Š”­ÂÉSÎ@d€öú5ÈáäžåÏ* uè'Q×ôŠjzå*!ÞÜ$… ã³$o(Ê¦]ÈiÇ½®mÐiSíï¨ÇRò|ÔPç±ë>5~ç#X-P1î,dkîãærŒ¥mU²ØB Í“vKµ‰ß`S†Q˜Zì®°Õ”÷ç×[åÞWÁSï~‰uÉ˜¦lÓºô@÷8„GÆi.ÃM¨úaíÚüv¢½6ªŽf2é	ˆ‚’iF}uh£"+[Ùç²'Ÿa¶_ÔêÄucõÄ™oRú¶Ýx´Ÿ5Ks¥­áQH­˜ãøºýÆ‘%5:pÏtœW}e—s‹Je» ðƒ:ØûW#YIš©#ïM>9VfœßE"Ó·À$|HÉIÞG„‡±Ó½ãÿ¸ÞŸáb–žPÅä	ökÐ!ôêß`'ŒÙ*ÏË–AÁwÑ’šãÉ>B7ëtIÝƒ£%Ö´Œ\q—æXYN²á–I2ý›;ù)¢ì£K)éf
OM¹h7Œûd„óùtgÍ(°CfÄÅ’"t`‹J+©”YÆ·cº;
q/C›†¦:v×PÙùï?ÿ}3_›‹ î6¶Øqú$â–¯ßpã‚!Ó±»Ùà}qŒ-^ýß=Mbm¥º 2à§¹’že^rµ=K|5š#HµGwåE­è|ó3ÞØÛ°ãF?„—êÂIˆû¶æÔ•Ëœ;œÛã•Š%5ü0óë"fºNˆ)š_
y…ñ%ðt,4Jô(˜ûvà.)Òfp¢Pòô7sŸ1«âBï 7_ÑÈÞ‘<1â›p’’ÏÂµkfòºÈòü¶îq,F5Ò.«ß•ýqrªºØ§’?‰	Ždâëöv\Â	³ün
Lÿ¯™ÍBTÒ„“¾FÂà=ë¶˜ì% €.ØH„·3}VÐüß ÆœæõFÉu¾8X Bé~;O¢Ï/õØ"[º¯0³Z²Q"©˜°æ„ê}ÓÜÄÜUÍÕi,ŒÐõÿqÿeDÔädÅÁËür0î[D¨¹®>ƒeÒ¿]²§¯™Ý'©™6ñËYÑnÆwÜú˜¾Ú~ÿW+¼£ôûŸòÕÃ7©òJK`q©¼­²L}{1ðRUæeý5‘„ô]@Êçù:R—S¢¢ÈWsG`5@R ï_—x¸ºÌë§œ¼¤ÀõdFmámêëC,\û…Œß4ÙÚõð."ÉÃ0@XNƒõ•`¬QY~ßëÎr]jâªaWéíŠHS–-Ó6‰<™L7ú^»|üíK1!gEVO¹uBÙÞÒçš.Ò8k{sýÙß×¹ƒÛÙC›ôvWÍÀq	Bº½ï'Õµ¸ð<b•¡‚KÞßÀ…¬ÌM¦ž1w)K€¬Og(±ð”¹Ão<Ù'ƒô#ë©Ÿdñ_¯¯#‰Eû|#á2'˜í7û{?wýFHÂhÕ¡WqUtÛì€ŒÏ‹dZj)ê«úq–xµ°Ê³¸5ïœØ@µÎõ›\Dk–õnƒµ8%%FÒ‰òg º¤VÖ(Èé}$Þ	ˆÚÛ(š>Zm–ã°†ý§@¸½=?S—;ˆÍdàÚ3oŸ¸<ôÖkÎ	j¢ñávÝAå$K3‰_)uÇ"ßO©²ìåŠfqÁOXù.;L+áõü$*×ò«ñL-Z‡ºßT…:Cl—.Ú¨Î-ñÁ€þ¶S‚I.å¤ÏŽÞežNÉcŸsrßÑt@Gj‡œˆ¢ðÂ|¯i_¦à¢¹Ç +O¸Ö™Ä ?vs‰Ç8b²¿V¿@=’%_ÿaÂÍO¥‹_á©]Âb™ŽˆX1C¢-ý/¡ôî:á¡I7Þªµˆ}»Â!ÞÙe€nÄŽTûø„õ6°ç%ju2m„Œm0ê:·ÕDe™òM)|Â&¿fw@r§ìL?k{WL¯iH¤ã+ý‘ <ÿïÁ[—¥®’ØŠægÿÌìCXu;Â¤–°èR¹ÖTpx\Ë§)®{;†‘ˆDš)í3Ralð‘ì|,G;¦
Î Ãª:Nú]êGÂà½€SR.8WcÅÙ#G†¡0q¤¡³kêæíãÒséžÓþó²¼™–ºå‰f”MÁ41ñjL|$ºoþuë/YœK§è;*kTi´8ýöe¯V„¨CT.ÛéÌG"#@DíÛ§05ú¤ÞiùÜ­¿
@hlÒ”eByü™÷ÀÎÑ/œ°R—;ç`³ÞÛ"}‡Qƒ±©)Uú2¡SL¡GåóÁ˜$ ]"Ä±rOì.Œr¦wÍÎªxC¥a„Š¨öæzéÕÛþt2Ÿ€JNÑdtU*[[pYð/·=¾E¹Â?ëö(_c^8Cú…ÓÖ¥ô²j›¸¤st»yæÈ”÷ßýR­·/._l_ýPu…ŸŸâÿ`6­’¬’ |‘ú#Ïå+U+Iu@½þÆ¬¹éÎ›Ü–B‚'øoG§0¥;é9¸L˜RÝ·ˆÔÇQç’À’ùã70äZ¯#j=².i¿Í0LÆ{˜×-uA~@¤ðTLÎŠ^&	RkHw^èTXÃx½A•× ]YE²¤Šhèuþˆ<d§Þw“—µÔ¤v[sŽp§sâÙq#l9zqÒ–ÿ§ÒÙFIáÊ:ýí¦%°< žž…©PÂbb !i.þãÉ«ëáÕKÿˆ 4³òPË¥¼÷ švC)ördïü>ŸÀ“´ôóø’ug™k¦°»¿o°Ð‚ºš]•Ø²B³ ¥6þ2¼^ýòìºðz:Êe ­ÝŽc6	ö¨¨ÂÐÖ­°ÚÈ¶í„sÊ	ˆ,ZÁw„]rd
<Â¦TõÁŽ5dbN«:¯gékFCd!%$Ø¨ÀI^Äß[Yå ÙIgñŒ1§‡"`s]ÂœçÝüv8ý8‡‰Kþwð¦XË‡'R$™2îÄ#µS «ÀÔ7ñ¸\s§q?ï;³¤¸kwÔl°yçDa5
çE|Š‘$ád
}“‰^cþ 2xˆI>ü*ˆ«d®¶û_lÉÒÃ†ô¶9¢UÕ-‘
Ù-jÔOwûØ/VÌ.Ç¢"§`Œ’¨Ðà1R¢^Väûßo¦yÝ7%µE7)‚!f±ñn4Ýž«ÁÛ7 Û&ÍUì-Éƒ£— Q=4†ƒ ¯<ücñ„íÕkÊÂËe^Ä&Q¸‘à½>ÚÅôÚ~’GOiîÊ¸AF-	+¿ê´&7§È‚™R½¼ ¸cÃÎ™ë
œ²(û`‡³21`Áß¬U!"þ¼0}±Ü
ˆÁ…’6—ó‚”û² ´Ý«úºÕ |= ð‘€ärs·÷W~uR‰’“Äõ¢	ë—N}q~ñ–‚CÉc8¾8„]
pÄÛïºD¸YÂï-ì…ßÑ”¾”]†á¿åÄ'ÍÏïoÛc¸X·{Ö–ú`9þé´»í¤®ÛãÓ¹›Q9¿¾Ç™È™þkã×äÓxÁ€?‰W£ÿ%\¯çM“8ùb®<Â8³WT3Æ_|	;PØ0h-pßtŠÇ–UW¶¬ÛÈdþýÈ‰Z‘b~ŽW1/ãm\kªaóÓ¾À!1|c“m/xw¢,žûñÑ\­­n,Üp£ÖdÒ$ÉWÜ‡QÇ‰”A4wè•ü±Ûì5+SMz÷(8cJ•ü1¹½žÎs™ë*7.·¿çÌÔ¿4©Ý÷¬¬DLA=ÝÓªÒú´ÄÊ†.[ÕÑŸ’â<}@F¡–…qö“, 6¸“[’3'¾3ÃV¼«±å‰Lëc—¥½'pVBÛ¡D·zœ[^³7÷acÿvä˜f7Çs…§¡ï’\.t×ËSµÐqÿ±õ«yž“ó±Í>þ½ÖËÝZOGw„{t<k!oM’áøq÷¥ük½¬³ÞÅ{
\·íc¹8è¶åVÜãžÕµþ›“`ÄÁ~÷5Å¤f1M—s—´Kg~Œ·®³2pÅ¼ÎNÊ„tèøè#½GŠi¶4ËäÃó“oyÝå¹e¶7/WYÔE£i¦sö–³NRGX¿²fï4Ô½©s²Ê„ê˜¬v>üA¬ÅuH,Ü!ïø¡ ªÿ@ÐV;î?wû‡“³«mÂƒÔW°ïÛîø1?ò8¹Ô¨Û!ÝÌÕ‚Á<Õu!Èìk<« ²£,#¦Ø.Ù5;NýP0Û¶ÌxuTùég§1y„#Ž¨c
(ÔÄÞºó½›¸Šl¢É)¢â >"ÖÕç;P^ßø4ˆ^Ø‰£xÊÃèPÖ-]§Ú.y,Ìe»@ç®ûÖ€øí!£ì·t;Îà¬ Óxõ'ðõ ‹Ï¥ÒK(1Ãäë"*§“Ðœ?a$Èe¼¦Ä±“Qâci^–¬ ëQµt9 ES½þÚ2ªÙÀÄC3ÁpAù¥Ó5Hôãtqgj¤òš~'¼(iP?“»Ö	7Ç_Ý@(¹8f…Grü•ÍAï Xêª"œÜº*>¶y¹ùp÷¨¼zv
1A”çMâŸ2Û“Cmû)ô/–Ñ£ÑX’¶¶^ "ñy)ï-’NO•¶	IBvmþùhðm~§ÍvRXÿÒæ	§-Ö˜ÝXÖƒìbé2õ«¥Ã·~Í)@ÐÅuá»ÊI.]êk‚¡8ƒ›G'H¬þaí9V“ä]Ž&& ±¬2!~;ø—mÔÐê>s#>ùì¨T1È}-²ÉWÝUH¤Ç«]â°i_×Nÿ¡1-N¸÷Z €Ý:Ê*ê_|eß€ƒÆîÿÜ)Í ¯1->}[ Í¡¬›—IÄJ<"úÔ[Ö`À;]²Ë0æRaêˆ‹œçºz+±=(|¼Ÿ^+O(_ð€	Ù¶âßwÂ6à/q²-%Tv¬ïq{dÖ.Ï¥´Ÿ%Š§‘ ¦õó:Ž‘ÝGme,•w”þD†‡JÛâéGÇö4.JŸrÍSºçÚ÷Ê°&¯˜&xÑ^¿þ+(qá‚?E¡5[B°ûº.Qä\¤¡øô|b“ëÆäæþøˆAü„,¨ÜGÔ“Xöy”f/Sä–v-¢c#TÃ5lâ††tqþêzÂ:Xº@1ïï2Â&“wz9O¬÷ÊŒº{µâ¯Í³E‘äâI•üØÚ_}¨wesŒ!Tý 0ÛãFUý"ðGYá €pLÿç DŠÀ9òâuÇé;µŒ¦ˆÁêç×=«TO´jïuyÙSüoîá:d'æ†?Îvqî*
sT½Õzî^ÔÎŠ.kJÐŠ´ó­•_j,/”Þ„µ…™þ8½.ÏÐ]Öµ­‘ä…ÎºÝßú+7äýµç½Oú£_|ÿ…yõ*<iÁ‡ÏÇ@kðM\§£šc—Ib·¾J¨×PÑBoysàR0²EÒHÑ·›xYØDë}#/% ¢ðqhÀPpy#9(:ü‘Üo@ÑÅ‹;Oó4J7ê¼!)‚ÁæÃrè1¯b»âñ‡í—9Ê ÷—]ÀaŽG°Ðbòõe¤Ä’‹7È4Wö±Â.œ½Å¬º$¦ÖÂð÷›Xg
HŽMã%q„Ï÷H’´Y¥|£QË?¸±ÈÈî [Þ„ºY·h-Mèùc.Óõèm¬ÅÄãü>ëšå¬3²“•f®x­eðŸ~Yþ2ñ‚ØOñ¬hR˜˜xÞœA¦Ì`°èÎiº¢¢qäµüàO:L9O{†Ýl9>‡¦’öÆÓ‡'!e^Æì¬é 9%ÓƒCkãDGA0ôÙÃS¶¯iÏ=7–leeÃlâ(Æo¼ê|ê®½Al˜‘v‘‚¾šIª­2ˆ†c©9ònèç0XUÉ,^»—#+wÿqmkÕ«gIœ{3¶« ¹g¡»Ê%ç_F×MA£âÀy÷Ž3uÓîŸã±S7žÆÄ…òÐÑ4Ã~õúPÞfpE8³†9©^­ƒÞvpM{ŠæbD‡³_ÈþøôÆÜ¼¹¾ÑOl¤º…0b÷ Š“Àì7cyå5OÞr'òÙgòóìAIWë]¡Âwn¶Px!=ýx’©h×3[¿ûøA
³¢vˆ(#‹ÿÕ‡:’œ†ª˜â«×åö$ qFñÊ2BÔˆgAQ³Oñx¤ÜÜÅ§vmq{¸lå¶>mMb´_´Œ<îÔ‚>Õ}»NÞ0¥¿~pŽíïèØÍŸ¿TÐö;’SFIà©·Úbà_ÈÓL¿èr<å'ë­:£‰yN#¢ñÊD“ây„w¦‹¬³”ÜJÅ9è=¤þaV–0ƒÃÔ=Q Q¡?¤Û¡êŒ KušjhàB¹9•€šíÏ­ ÏSd÷
—±Û¼Æ™Õ#å™2SJL;iÈÿÖw‘kk	œÞýP\tº§-?x,ôæ¯œE,¡6}'R_[•õxâ‹Èº6+ÜÎxIoðV›Ùý‰Ïý¦Wó¸ÙÐ”_xT$£Z¤›¦æÂ?Êà‘~Hº¿ýÌ*Ã§–“ì©	Ý¬KÀÑ^ZÁmªƒü†Ñ ÿØ:[9­“Žƒ¡yY1‡bÝkà":ÊSwšzŒYºº	7(öÀÆÆKÙí"z·ŒÙ
y3¥¨¦Ô·³”îÞˆ^Þ%°ZÉŒLÓõön6#ì @	.K½¨Û¨z‰1WKø hì½•pôr×OÂP #d?mAœa¼Ý™Ý3F}ó‰ªFûäðMZH"„Ü­NåÙ·®å­Í¤²v½böÿ¹`„*F¬êê«R-þéÂaéÇXE­CŽ¿ìÑ¡þËÛöƒ#\?Œ¦j;Œ wŠÿW²Oº€%ÑØƒYl„Í˜ w{ù@E}nÂ†Qü”ý¹÷ÿtÄ Œ_´€jýp*yµ¦¢×WQó¾uí÷@kâ k-9`Ø]°¥¹ŽAÃ£¥ÍŽ@¼zà¨*9ýæ¶9CËõbn¯8¹ì™Ç¥>tž³évâ}Püh/O:ôD¦kB·Ò©NÎ[Á7îøÉùHÌ7í¥h0¹¥;…2‡~%ø¯«Ø'_×®wº‘½È·l>¤Kô­’ÅÌþß›Eùs^£*°|Ï8kVÄ®x’nýëí¬´É9!üåù%WKÿº,‡Úßªÿ‹gR¯ÜJ£NU. ×ðL7J÷´ýÈ%nhëhà¼œ»fyÂ¢…Á¡ö¾7…RêPOh¢ð“•²>Þ4,T	Ím°è™š/1™ÝÞÐÿ»ÙN¦á3ý'mo¿ÕÌ´%*=Ýñ3oûE¿9S ¥»Ík£Iß½¬.Å"C`×Çvª…¿QIg©ÆMTAÿ<m|cÃm«^’Y/a…IMzÍ79ûS¼²òá§æ.o`”}Î*ÌLÔRå{>\KR¡pý|¡Q°¥¢bQè´êý&ö?iE,07ÝIþÊÔÑ¿|µxt=èØO!¦Þ—eTü¼»ÏYž;.…;/|À÷Y·7¤×SVÉ½œÃ|Äº|Î¿¤ÜéŒÚCHèÒ<ø´ù6Í­ûÖœòê×û¦÷¯!eÒÆ^V{Çùq5<®‚§„5ßX‚š4ôûVòæP½§ÙÊ_‰%lÕ‰Áör©á("o1b¸0¤‰wOB(Á-Œ,ŽªüFÒ¨04êØ2¾È…Ì3ÿ!^82ˆ¤†ŒPR/H¾+/íz80ÏpD(‘3¸\L7ÓÍ4	Q0‘“XU±h]ëRœ.êb†Ž]·…0‡DO¼Ñ§k‰ÚBÀæÊÀÛ[Ãz¼öa1WÃ0M[ˆÌš™®Uñh41ø-2Ç6<u¥-@»m$ÊÎk‡_†E3HÀ¨¸!V|ÒBA/0ê4&
“$n²èW}/ã\"EŽ…“×CyW‘íu‡yÖ³Å£¯·‘DãÝpà†áz”A únæ!Æu½wÔ`UÌ§zÙbÐæà[Á¦½°Ø„"\/$X%oyct"FaÁŒk…ÜÎ ÖbÝ&Jf#J½x_›'B#(#qñì”ÎºF”o¯BÎtCë®ÏÒ²ÿ]'™‚Õ_ý$ÖÝªàäÑœ×`„ÛùÒªK