permissions-debuginfo-20201225-150400.5.16.1 >  A cQKp9|Q2A xȟV/=f_CA`f0f;e')LMlfUڝ~J9+_+1} 0k?Q[@ a.`?-XمF@N!4=bК Ԭ3nf'C]YƪP/ 43 j) FUT:* .%sk&NSiw!CnqjFhh%y;J qϳ~q]mW&13c8a77815d13aee1f04acfa549e6ef2df110985718ac35d1441444fa14d4442f9d730ab6c1598b4aa260c452e0660165d2e961dLcQKp9|V6e"qb2jc{.?K~G22%L~L$Z"y$颾4ːgpL{$ $TNi/¼,{7FIgɳC3&EG x}x֏ԅM|a#](B RI^]ɧ}m&ctkWYļBB?̟ pz[ .ٝ.XypA;?;d! / Y 5V_ u    d $LxS(o8x?9t?: ?F6G6H6I6X6Y7\7`]7^8b8c9Ad9e9f9l9u9v:w:x:y;z; ;0;4;T;l;p;v;Cpermissions-debuginfo20201225150400.5.16.1Debug information for package permissionsThis package provides debug information for package permissions. Debug information is useful when developing applications that use this package or when debugging this package.cQ*sheep540SUSE Linux Enterprise 15SUSE LLC GPL-2.0+https://www.suse.com/Development/Debughttp://github.com/openSUSE/permissionslinuxx86_64P0AAAAA큤cQ(cQ)cQ)cQ)cQ)cQ(cQ(cQ(7f928d6dddabab631c7ad49a7d39625b6895ee05bc8a993a590b888baddb5443../../../../../usr/bin/chkstat../../../../../usr/lib/debug/usr/bin/chkstat-20201225-150400.5.16.1.x86_64.debugrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpermissions-20201225-150400.5.16.1.src.rpmdebuginfo(build-id)permissions-debuginfopermissions-debuginfo(x86-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3cOcEZc pbVbby@bgbF@b+9aea@`@` l^?@^ϧ^>@^^y@^\@^Y^;^:@^4]@]@]@]@]:\8\b@[@[z@ZiZ\Z%8ZZ@Z@Z@ZNY|Y@Y˒Y@YY@Y7Y2Y1S@W"W@W@WBWBVV@VV2 @V +V +UuT~@TZ@matthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.comjsegitz@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commalte.kraus@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.commalte.kraus@suse.commalte.kraus@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commalte.kraus@suse.commalte.kraus@suse.commalte.kraus@suse.commalte.kraus@suse.comjsegitz@suse.commalte.kraus@suse.comjsegitz@suse.comjsegitz@suse.comopensuse-packaging@opensuse.orgmatthias.gerstner@suse.commeissner@suse.comkrahmer@suse.comkukuk@suse.commpluskal@suse.comastieger@suse.comrbrown@suse.comkrahmer@suse.comeeich@suse.comjsegitz@suse.comastieger@suse.compgajdos@suse.comastieger@suse.comastieger@suse.comopensuse-packaging@opensuse.orgdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.comdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.commeissner@suse.com- Update to version 20201225: * permissions for enlightenment helper on 32bit arches (bsc#1194047)- Update to version 20201225: * fix regression introduced by backport of security fix (bsc#1203911)- Update to version 20201225: * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)- Update to version 20201225: * postfix: add postlog setgid for maildrop binary (bsc#1201385)- Update to version 20201225: * apptainer: fix starter-suid location (bsc#1198720)- Update to version 20201225: * static permissions: remove deprecated bind / named chroot entries (bsc#1200747)- Update to version 20201225: * backport of apptainer whitelisting (bsc#1196145, bsc#1198720)- Update to version 20201225: * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649)- Update to version 20201225: * whitelist ksysguard network helper (bsc#1151190)- Update to version 20181225: * setuid bit for cockpit session binary (bsc#1169614)- Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)- Update to version 20181225: * etc/permissions: remove unnecessary entries (bsc#1182899)- Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025)- Update to version 20181224: * profiles: add entries for enlightenment (bsc#1171686)- whitelist texlive public binary (bsc#1171686)- Remove setuid bit for newgidmap and newuidmap in paranoid profile (bsc#1171173)- correct spelling of icinga group (icingagmd -> icingacmd, bsc#1168364)- whitelist s390-tools setgid bit on log directory (bsc#1167163)- run testsuite during package build - Update to version 20181224: * testsuite: adapt expected behavior to legacy branches * adjust testsuite to post CVE-2020-8013 link handling * testsuite: add option to not mount /proc * do not follow symlinks that are the final path element: CVE-2020-8013, bsc#1163922 * add a test for symlinked directories * fix relative symlink handling * regtest: fix the static PATH list which was missing /usr/bin * regtest: also unshare the PID namespace to support /proc mounting * Makefile: force remove upon clean target to prevent bogus errors * regtest: by default automatically (re)build chkstat before testing * regtest: add test for symlink targets * regtest: make capability setting tests optional * regtest: fix capability assertion helper logic * regtests: add another test case that catches set*id or caps in world-writable sub-trees * regtest: add another test that catches when privilege bits are set for special files * regtest: add test case for user owned symlinks * regtest: employ subuid and subgid feature in user namespace * regtest: add another test case that covers unknown user/group config * regtest: add another test that checks rejection of insecure mixed-owner paths * regtest: add test that checks for rejection of world-writable paths * regtest: add test for detection of unexpected parent directory ownership * regtest: add further helper functions, allow access to main instance * regtest: introduce some basic coloring support to improve readability * regtest: sort imports, another piece of rationale * regtest: add capability test case * regtest: improve error flagging of test cases and introduce warnings * regtest: support caps * regtest: add a couple of command line parameter test cases * regtest: add another test that checks whether the default profile works * regtests: add tests for correct application of local profiles * regtest: add further test cases that test correct profile application * regtest: simplify test implementation and readability * regtest: add helpers for permissions.d per package profiles * regtest: support read-only bind mounts, also bind-mount permissions repo * tests: introduce a regression test suite for chkstat- Update to version 20181224: * whitelist WMP (bsc#1161335) * Makefile: allow to build test version programmatically * chkstat: handle symlinks in final path elements correctly * add .gitignore for chkstat binary * faxq-helper: correct "secure" permission for trusted group (bsc#1157498) * fix syntax of paranoid profile- Update to version 20181224: * mariadb: settings for new auth_pam_tool (bsc#1160285) * chkstat: capability handling fixes (bsc#1161779) * chkstat: fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)Sync upstream SLE-15-SP1 branch with our SLE-15-SP1:Update package. Therefore remove all of the following patches which are now included in the tarball: - 0001-whitelisting-update-virtualbox.patch - 0002-consistency-between-profiles.patch 0003-var-run-postgresql.patch - 0004-var-cache-man.patch - 0005-singularity-starter-suid.patch - 0006-bsc1110797_amanda.patch - 0007-chkstat-fix-privesc-CVE-2019-3690.patch - 0008-squid-pinger-owner-fix-CVE-2019-3688.patch - 0009-chkstat-handle-missing-proc.patch - 0010-chkstat-capabilities-implicit-changes.patch Because of inconsistencies between the upstream branch and the package state the following previously missing changes are introduced by this update: - Update to version 20181117: * removed old entry for rmtab * Fixed typo in icinga2 whitelist entry- fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594, 0009-chkstat-handle-missing-proc.patch) - fix capability handling when doing multiple permission changes at once (bsc#1161779, 0010-chkstat-capabilities-implicit-changes.patch)- fix invalid free() when permfiles points to argv (bsc#1157198, changed 0007-chkstat-fix-privesc-CVE-2019-3690.patch)- fix /usr/sbin/pinger ownership to root:squid (bsc#1093414, CVE-2019-3688, 0008-squid-pinger-owner-fix-CVE-2019-3688.patch)- fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690, 0007-chkstat-fix-privesc-CVE-2019-3690.patch)- Updated permissons for amanda, added 0006-bsc1110797_amanda.patch (bsc#1110797)- Added ./0005-singularity-starter-suid.patch (bsc#1128598) New whitelisting for /usr/lib/singularity/bin/starter-suid- Added 0004-var-cache-man.patch. Removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (bsc#1133678)- Added 0001-whitelisting-update-virtualbox.patch (bsc#1120650) New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox - Added 0002-consistency-between-profiles.patch Ensure consistency of entries, otherwise switching between settings becomes problematic - Added 0003-var-run-postgresql.patch (bsc#1123886) Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve- Update to version 20181116: * zypper-plugin: new plugin to fix bsc#1114383 * singularity: remove dropped -suid binaries (bsc#1028304) * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds * setuid whitelisting: add fusermount3 (bsc#1111230) * setuid whitelisting: add authbind binary (bsc#1111251) * setuid whitelisting: add firejail binary (bsc#1059013) * setuid whitelisting: add lxc-user-nic (bsc#988348) * whitelisting: add smc-tools LD_PRELOAD library (bsc#1102956) * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420) * Fix wrong file path in help string * Capabilities for usage of Wireshark for non-root - remove 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: is now contained in tarball.- 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability.- Update to version 20180125: * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247) * make btmp root:utmp (bsc#1050467)- Update to version 20180115: * - polkit-default-privs: usbauth (bsc#1066877)- fillup is required for post, not pre installation- Cleanup spec file with spec-cleaner - Drop conditions/definitions related to old distros- Update to version 20171129: * permissions: adding gvfs (bsc#1065864) * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410 * Allow fping cap_net_raw (bsc#1047921)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to version 20171121: * - permissions: adding kwayland (bsc#1062182)- Update to version 20171106: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20171025: * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)- Update to version 20170928: * Fix invalid syntax bsc#1048645 bsc#1060738- Update to version 20170927: * fix typos in manpages- Update to version 20170922: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20170913: * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)- Update to version 20170906: * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764 * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)- BuildIgnore group(trusted): we don't really care for this group in the buildroot and do not want to get system-users into the bootstrap cycle as we can avoid it.- Require: group(trusted), as we are handing it out to some unsuspecting binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)- Update to version 20170602: * make /etc/ppp owned by root:root. The group dialout usage is no longer used- Update to version 20160807: * suexec2 is a symlink, no need for permissions handling- Update to version 20160802: * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282) * root:shadow 0755 for newuidmap/newgidmap- adding qemu-bridge-helper mode 04750 (bsc#988279)- Introduce _service to easier update the package. For simplicity, change the version from yyyy.mm.dd to yyyymmdd (which is eactly %cd in the _service defintion). Upgrading is no problem.- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)- permissions: adding gstreamer ptp file caps (bsc#960173)- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 - added missing / to the squid specific directories (bsc#950557)- adjusted radosgw to root:www mode 0750 (bsc#943471)- radosgw can get capability cap_bind_net_service (bsc#943471)- remove /usr/bin/get_printing_ticket; (bnc#906336)- Added iouyap capabilities (bnc#904060)- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093) - permissions: incorporating squid changes from bnc#891268 - hint that chkstat --system --set needs to be run after editing bnc#895647sheep54 1666258986ce424b8032a031dd8004c789396ba5cc42412fef20201225-150400.5.16.120201225-150400.5.16.1debug.build-idce424b8032a031dd8004c789396ba5cc42412fef424b8032a031dd8004c789396ba5cc42412fef.debugusrbinchkstat-20201225-150400.5.16.1.x86_64.debug/usr/lib//usr/lib/debug//usr/lib/debug/.build-id//usr/lib/debug/.build-id/ce//usr/lib/debug/usr//usr/lib/debug/usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:26482/SUSE_SLE-15-SP4_Update/cc249308f61e00752d1b1c0114b2fc64-permissions.SUSE_SLE-15-SP4_Updatecpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=ce424b8032a031dd8004c789396ba5cc42412fef, for GNU/Linux 3.2.0, with debug_info, not strippedPT0ZޖWw*permissions-debugsource(x86-64)20201225-150400.5.16.1utf-86a55cabb00c6a1948b49ce608f532ad8ca3c68533627b149b1d96851fa757f56?7zXZ !t/b] crt:bLL c{=Q?xypN)`]3;sÖdToѱ2&fI{o.F#ě zK_]1=ia ]̦ wĄ[NsAt秗_ɚz$3b8 nIe$k- w0uD~MOQ`@lѢlp[;K.5yRp`mJtFuZ_: q`R>dњ/egYĐ(j2X6Kqqf>Maˉy8ݨvp҄JB}W-ycI3~5,$ԙ95:Z:~(3y\Hʷ \[47BoRژj-!fO)z1KT\V؉_z0z(])If+F`CL+s*45Zne]{! i'͏k;=ODӉU#UmNJ5Ջ e.1 Zְөaa+wӚyqvH%B:ӜocFZCz'Ⱦ.nL@bd[EۑHGm_-l q<"k 6~ʰ)qu ˞;aà~}(e3k$]ʤ ۠DF;lJ#< "cHi4W9ԿZ6Rް\%Se^Q zL#@yjȒf7w-V-RS〛1۲k%W>^SrC`pLP~0nm,{^* p)5%8YW{!å+mϔJej7<qԯP H@%O!|26&qf\={%Mj?prU4Gp&xRw) _o8rVs_VQD`R;8 l`hhVhKn+@jؿhP&{N5U&ZBLv HƱө[m݆BԔcmGLVop{0|D1"/wuH긖}pZ/d7ڲ.Favi _CT!""" 4ÖUe mZ^ztqGNma"pѰc/W &6ଗDV0j Lx."u<:v-4ooт@UdGÝtŴ-B:45!8Lj)SΡNVr}m<&^r*]s~eױ.tԪ1(h`̋a Tt$]GNJ#5Q۴.[#t:R\Պd8#"؅dl{`q@V1#p|nnL+Q7_VvIV-OV`O^Mڂ Bߒ> y+ս(IP1Hϟ'̭7:o9͢.7㊽,p_`DɑfN${kMf[N=a":,hπֶac^_y~vMNõS.x$oy'3|y*pS',mӧn┋mݠl̊ B1XNgHlpsD&  }--3t[d[(xa- !Z7[cx0C s[UvԇR5ٰi9ٚ{ڞ }`.!]NDJ(o'!IXƙͨ3e u.d#_VLvPF(lۢKHL(~AJNejdJ֜9Kƿ4)gԖ\LY ǏQ:f7c'D\ȼLjAR؈t(K<@> ]-)t0eI/gƬ.PQ:3o66L@}c)wbLѵWA #O Y7hGL \6Om.vl'0ٷ7?d)(5aelY3Gc{&yix5: IM=y"j$dG!KZcS>Z][lAkSy۾2; Z^.yf+Y,%3ZL%_5ޜ[I|孴|-eH0+"CUy9~qP`!h\}k `-N^x)KN@Rߙ( GdƄ[j%/Ei'(*`?dd*j.=Z7/° 3"V|RG5 $hPnavn3 ]C9l׊ʓI{'~,AdB4xd::0t("3Iփw~}_PgO_qnn,tJ誯?V$}e!L@*7}T74({d״3TWɽ|KO.K) rRs{g΢eg B;M:_ޟ>07tRP5u\nU>LlMO\ETK% ^ ^P2 *mg-+3B%˚?(ox)fhׂXܓp'5[]^j+ܿi,8d&zd&O# jжg >D53V4ru뇇<ۜ ;ZX#@9e NyL;?삔ʮm{#d.Y?0'NyoSͽ&)o7(B 5tћg8xbƓ+KO GM gfG`[h2=AQ/g5Ig v%:X/WF}JSg4υCwHSf{!3+Q6K$^ r 㓸Vz:=r/iH&q$u\f~$ CcZxHi].oc d$|Ç˗]5;[z\O>_䷟)AcQ@"@GoPͱ3ukG(X?פ0_B HXo( =⭶5| W"'* &RôKە4{C^D,ݣZ@hh00"co(REdtOhd"LKBkpL2:oTS?s΅ xZg8{+NaE&D0ZYԨ35P474:5ٯ;n5 0wO5#?=% 4pfT)cʾ~9uHVxjCt\*:uRMӠ/ [p{Wۃs ~{WصϴgN!ZVL#I]Gs',X& k]E5PqoN,غ/X˩ b]<ïB.VŐ~ ܸ A!kGLܲO?~"h Mepl~1䱫`D(UV1iK1ZC >|ޑIe%|8!p}1xAZeP)ci`OMJX Y̖PG/v #c~RJt>ԟ'i:O80+Ö{VᘮO2rJ]y#RÙs9sҼE=H]{H_ZA[̆ª ,2܂$JSQSZ\xW//_˖I^`,yG>nnllYRV6zG}-`جIb%$DA 4@~c-nf }OY(=ؚ)T\ޚ$'NC{ܷBʸ !Oϣql[䩾U]fE;;\$I#˳131i:n/v<)сD8m7U@6Kd*8`yP ? ڤ*ۨE^XttUQ6R~я]hדO$i!T.ϋ$\5+}eXʍ\4+5u 7#}w\Ncgc'5z=\(vKh 1$4u;n?' <Oa(FdYGQO9!rn]oTaFD ճ}iDmtuk7P-r8iJhˁG3.؉Zf$Gzp~#^&NlmP[< 2zbN`s!-/ .%9DQq1Q :VJ%8REn~E2LYoϛ:|,2HWIwŀGv/·P-qX+jՄK/:)1k8][@ۈ@=;N'I߮_u9I"an*)\<#V~M{KWG5ߤT6ms<εd'&:OpA%?zi:$PUڐWs&PžVo49ue|ľBshxtK򀝱$n]iq6b^]npX.@,XBK:ݫM:KZ^!Nc ^]5Y+׀;4҄lD=@sy^;Ҭd2 fV'(u:mi\۾9~T"*`ɲi mAYG: R6"$=ᣍ7'hf'd9>t LTLq(8s[İp^5 S>kN$/f]uU<wg+t]0BU+s8C$p# #rKm=ތ1龱ȶݴuc2 q(IM޸ u^ ?Ƽ⧴taDCLqd<':,_B~7:e5̻*ixyl.90/YJCn)3<j6!=*MG4eF:86yGb7Xp[(8Z|rw}tM>*)=[!FL&nChH*Kg~:i.{xg!'Pé !]Ӿ*c O:2_p]RL<-Ǻ&J ΎkVb 1bUz@ LWՠ%^~S&!L T*l÷{GiD SB(,ѩcRMy%$`I7B>9$:Ը'x /R$ yrZZǝ]>+;Qf,^ kSPQ1] ¦.d̳HJ T!jxXXH.Ek]i\;p %O%U34@l@ kx1\4c$MyYX.)՞Y[FOJ6zpeT9WxCx똓V!ݗȇNΓ*ӫr᫡6YuXS9|E +{}7va5{FrViG䒈9^^N`.V-(5z Eٚ6V[oիzG bQ񄙾:Ƭ,;$6\>W ":^P./'8$C>r{/YLTqQ6F( _qf Whex.)&ZoY0ZٳbؕBZzj)Ycvd{c/_p{Lԋ8bg,ff T/`QDvXuݹ`t0*;>n:qR' xItx%lm?RËV.M]{K?`e+$潸N[M1g@Ń_JJ y$%tQ ks drBwsU)@-Px?7bØW&kDZre;4"l)R}_2ǢBc31խu*nӇvH6('?>:UʿU)̏8D\O^1OVrO~N$2=PcBE(2 NzÚk*>r_}%%ǭ6U$GP޹.X&NFRd͍5a)% ?xC' J ZXjqOkJ,H?*T;;%+qfڜm㈳P P#o7 tNϛz(l3rhdZod/UxYo!%L\|bp|1/_]h,3)= \ 6Zy~NH(pcuo}3#-=BQK(}h) !l/ç7Mredu|6mu-5NZG[CM~,ΫqLARzMuz61O5 ^$T\] h&\ ˤG%'q:Sv"uEL]rY1ZǍ$eHJJ$ n3~nhrUމJΌМzJwNҜx z-<~iOe}[*UdX}QMV06&ȸh8` f4yB^"xQD NO|Cfw찇 5mȄbG3_yi8T X);TXCzk 17?]z嘡If6A#[į`Pq_^4q)v݂GޡDp<51фldq̹l jX^cLI]aeOf-Nf+Oeem|~fZ4aAfj[!0.Bqd'0c^ rk<"P8\9C"4چ~! PjW?& zd]0Y̓hO ޣ UkgnN%@r2/.ps=AJP µ9oaR*4 ɷ3?o \[ţR?%R' XX_T{n.#nwA`xd,ow, Ėpm(WІ / Xxaр 0?FM,v'U= :T鼦S lے6Ūyle&&ǔYV53j8G\Uu1XH}p*ֽFwgYg0O$UP!'PڟGH 5F夺8YgdD.Ux菕PvۧHq9SRU֙1脴F3*Sq sw=nZ=\'12M},Cf=uMgb,Cy JrYiZm7asErm}-F8R$+[XYPv<-3ߝ=`16|+:y܅?9M?u;ĪM ["QY1q>B8p5g`jyO)G֔U?(Kb#^ɏ"=qxB*.eXɐѴ.R¨xfd+I9W7kNcD(@)pI}޽P_qnRDrbSq& {L8f8p.?Ob41 w:2:tHH8KuU 91] "dNbߦ&EBs9+b/y$K}$sʚb{ɮ/n.#_kGUh^Iwr_Qe(7y ָ< _8N=:ϳ"a,O@Rlq3c"HKcl_9X*@d'WUc0 PYDRwFLԗx̍ OGylvȌ!A!@ؚfR3hiK~ ˿ŭXkf[Y:ק*72g$ٸ~/=Ŗx ] M]{[\ɒ<Ȅ8X: mw]?2hڀ"~n1zbq n<'*0EU}PT:ڐ;I9w- [^6uâב@ZЩqqi?LL3@aDsnL/ -, $A򝥿GHxI0{ٵB=#u‰ VD ͱZ6,a$៸{4M^!6 N`đ4sBKZ>i(1Ăm)"j@1[bJoA*i\աQ$4zf8+4:l!Bd;C@ %}õ@DtO"ZΔ;jG_dLµQc8Ł YڇaEf qp~y@WQVFDK=)ԥ83枰A`|Z ݣTsj}jԬoQIUfJw`jzN(0k'V lwYwgǼaۜ X9wC5'$i5Mb Xq5xro`%Hs.ZfX`0g |gț3;no_Y dRdW! h sʷBoPkYMr3OS*hbEl,-k<^Bǵb =L bXC\bY*/ͣbzÏx`<_J{E]5P @@m<%=;,k+pZl`5DLIe) Ⱥ Vg0 G/NkV՞F& k]N:2=:Þ)*mi< wE|_J41|`e\*a=,$ץ?^ZVFfx'_aʟ籀KDx+<7quA꜀QEHL$FkV9V?\I;FĞ5D4.^=TmH2ߟ3̔}*Y~G1 S) [EqaZu*w(Ȋ[q_[ -g:*+rY0Zz ,{RBrnYV|'碬F 3vpQ+Xd3yei$2o`ub[ZP@-T[MuF3&}MVL I=xccZO pq{ah0>;L,,^dE{2>i=e~YaL\3p ~!)3g 7ϒ~f&)* H(޹ZaDS]l'_MRjFTwUӖt0w bw¿dN[wY°LL khˆ [N(~<~21v5HVQ`VFŏ:񸺮Zon!G]vÐX3k?sIáT$MM14 ےJ񠚤 mK8upN]\7n|6Tg&q1,ѡJƓS7xbDB}I9cZ$<ۦ4]Y[<'\0f5jw\.$Z:Kw`[ѐήJ#9]Sr\{;G}A z6L3芌i/+ڮPw`ޜZEٚ>a]& #(D& ٓyfc/qx%q y2IE#RזWDdkecZA'pEz1'hPSТ?hQ>קQS Tb6L_8u<\C.ExU'ꢐ.>|Ki:gTA#4 JS|`:7pD#YRzSr o /I7OZSUGUr9~Et} q+nCm`#i1R}[#uTV2B Tw<|R&((h'=횩3 cW0JoaN11Z)w d @G:^xݑ pcl,q#_}ÆW]1u% ]$5Uwmn&&UxrH݁LS6!p寨pFGiZBm??_6,u@GN3hPMf傎k7ВMRRDx:}k#>:T#"!QiyݝVIFob9tx_yzu?fҽL/i^@b87GtsY˦eIM:q(t2=4w%C2'NM8ŞW(2n9ӓ~E6Лe[#&}͎a@-_WMo>'2إց ?/e$f'}50!0e;找HTZ)`[~frd;oIҊqӔ.=R/a ͈so!-~Dd sZL6kݐW6 j ~ )E,q U}ܑ# fjV_LYa4e=*g0L!gLD~ }ZϽ}E%y.ٲg])+n8 *K],N૯I+ʉ=@qL8]>LcX+d삍N^,x(9_K-]|aDae]i[wUP`N)< N}D #GroVj ҂WG至!&̓!`k@-9jZiLOrv{Kܳ=ۤ&}TQ‹c؇$:̻dvfCZv!=yՁ/ QG I /&US Q70\ :9`M۳q?-T^M C.^@(֓#eϪtëxW Y\zu~IHc6wȉi9e6ܓSEtCS|F(d y606 XTNa%3&ssӚNaOaSTľ\#J"E+UwFsdz1ԝ=ul#r?X1=0`[,>2ɶڢ{B4kԳf`Bi> xAӦ{۱e5#MNv[Sr0~ge^2WN䒵)T%ϦmA 12Y[Zۅa.%fVsKnuEVf>XBp9CW6|4x e-9Bq-H 4pvE]iO X̓ӊ`v+JżE{zשQpK{0Yz] uEedH5PKS AƛpE_ht02_ ݰad3j1 KLd] %*WE095kMJn$G2)oA1f.bv4PjFp}%^?1hTb IWYZ{frxfHĊx#l;(2w '-4Hٙ`gF%y@zWhw-db7)tW]{ sE ޺Y>?]I dr&u!QgcHo跤 &6w,\,0 *)/}E`X܎*';XG 1/|߉%]f~ %^хTL ׁ)/a?>J`,]Bq*skf?2z[ҙ&% Ct)[7-qALd!ˉZ籯{s׺!ڐ΃rnv"2%tj0){-pԐu˳ E&˦Ӵg3ei6avQ|EćϠ#Ǟz"ʼoe2Qyr1ʑPwm*6nrj|7oLT֡5gkԡK5S2-vpy /3Tmp4V YM7™'(~C+`c}Š ؟3Un21Mf }JtvSN֫l[8iXga脋tmx6X5nkogXI>%5l69V aB>+:3He\t|[J{k3ib\DEw/ TJ~ o4;k\Æ4B _i*DrdiQz%+ܚT2iu_[ ̀hd݀k'Od\.ɳ}JwirǏrBܹillݜ?=QV&k#a1uB 4yChϐtηY쑰}D(-a‗z:jlB:SX﮶jA3Z-sٿŸkk7R,t&&ch2԰.nKMhruF,`Z/p}Nd&߄]LTr݁E`֞Jwg T ¤$,+$⧯H$4Vg&LȂԡmi߆zՇd ;6ð9c6idXfki'|Ӱ3?gԽg`GR#yV.Vq rDf C1ec۫h߀"S] M~~^8WzcnR0yCߴ0UoC?_m?JrQvk6Khlc-MROy@3G36n I\#epo M2S {!qoP潩oôhԤ-_Y >7+Yd~ƒ|~9-;|֗\a&;l J}Bb 'J93[ t"T \{LhSʮzhP]A>mRP=5g֑&s, :}&d\ &tptův1Diy*?۫8'yRF?\ڪ[͝G{ypLs4h7q`*,g>x;M-/)(6.y4S[h Qx4;v;){VZ Msr]kb,Fզ8 IcRWqcs5o9w u\SMz^6ϵ3i !P] }eۤN=(,+ҷ|Eg=WaDm;W~kYZ^8_96 z'g#U וH\DݕN֏/֪&mqE2bY5=+g=o&9% wĎ>&hDAȕR]75 LQqdW脃Kf~ͫ3[ k94cD "?pQ][eg#ӷNzNu} 5Čn3 dkq0fmxm5/L6d<0,ldW "!RLF6E:` J$FEWʋ.ayX,S9}Ndq-WU-2ˤOJZ'xs䀭T?HfJ&2ö9WmYvT<]jOP郌$= c%EYp eiA'd~? m. Yů ښ;p4KYzw5ϭը5#O@,GV`I+y>q-9k̎Oaݓ@,g82OĞY[x[ JgA iJl)|K Vr1|bRN8s*`IImOe]QŁrg$|`uՙ}O^UհijDe*OQIc5)/v`tV+&:@N;n TTm~r .^]!gdhYuQbE\eOWf1fEaJzA/ذO/ Tf\Hh'YNOt+xM+P F1?"1Zc+QCMٿ1 x]E|t<#~*PgHbs¦~c0Zᫍ *\ qYDCZ2 {*ش{ @izd3W8BLb[L U!@g!+QN\VTat!3^Ii_j㣅&x4aW՗o#aXs=K[iVPnx7Vh!34$JQ+^9PZ)۫XRbӖD.[.Ao#l*,/)0bffRdŐ{LS[Fu٩r{*m+F8hCYJ6#Tߒ}{ J3|;PzqZp&5޽O2:u>?//S)!,ކIܚ'Y7s x $I MջnntMI6ʔi_EΨ֥T?#J/|U8$dwOp@Ħ*njicuOC[2kX扇cm16}0gUcQq!{J()yv(ȰjYן_2*i½pGޑ0#eiMن~z"^L< jFq\?vRmKpsm8V F!opK);2yʞr:@s͊U|h׌HqA)E&GbUQR(jtΊ Nnm@g EV#F bNbMUP2ZZCo,9ܯ^D0fc [ͷj3TZ6~dvBtNgnÞhYptgק&-ʦ۲=`۳ BFNmpШlko4ڟ cZ& B΂gvr~/(ee?+(X|~c,Z1I'0@jiX?:@8eU}Ŀ0k_\BU4_f AN {eQ-^nnW?~T풍XEKkHeuǨIˌH-jg܍=+r~#'cnXBx%_}f8ߎY5 &$Oy@B֧\D2}`1ͻ'b9p ud "G"\uU)ZR^J ky.3C" [bu+Sdsˠ-9 .y3O6)^^%Q?rNQ˥Yc^cmg_H6 l:R.v" Q ^̟Y?90ϾG%!;Ls2+E0KMEK5Wz^^=Tt2Y11C̏)"D sup"=A>đ =gb阭\t3~N:6F _~Bg$Mۢm ?<#E!d Ȼ6kI#JWu)<̱~F 0G3(`ت_OղAZ^VBrPn ǘ:UIDs~h8+/F"p;ZeE ;ti\,ǸuLD "U@-CMPDp_t( G8(F"_IJ2D$BŶW@/p =n0 i 9Cf?K (8oGL'#MuJ'++:3K-+/ƪlgEm B$**Ĺb*eZE-,p0)ޏV%$oeTy|fX GOpAVg|5_K}tԵ7{҃9f_v==c)ua Y8?6BnjFpI70l?`ecTHx/>t0/-V~ }J?>7L[Ӿǟ_UTSǾ㷈 C^ލY ,uѮQ9(%cȐ/0̐@c9xdt+^—I|Da^)Eإ^bп . =!z<}:`t@빉(v_J҂8eӂ*<۰;M92ֺ[xc v0D(KQV]u;@26b6ю!s܋WXE⨛g+6KX;ܳ(J YZ