policycoreutils-newrole-2.6-lp150.3.1 >  A Z渋/=„h~ X0c GRJ.zL:[@N!M`FaJ\| g+Oo_n#[60D 35a35f00e4d094d14ecca2d5abfb53867e108445015366a2d5f77129e5aac0253a262a00bcd6ba5795d4257e2b28fe42fb18caf46s`Z渋/=„`ť)b r(V ht5 Sa> B]-L39+]ܟz'H]=3L7Z$0nRO4 ZP[M!  ڛxpbm|՚"z;MHi!uKn8H㚾s_*XE#h3T䅷8Do_hݹ #?B {N!gC%$4N}TO:Y؞0$Rtp{x$'p@A?Ad ( M  !KQX     \(8$9$:$>=F=G=H=I=X=Y=\>]>(^>Eb>pc?d?e?f?l?u?v?w@x@y@ zA(A8A<ABACpolicycoreutils-newrole2.6lp150.3.1The newrole application for RBAC/MLSRBAC/MLS policy machines require newrole as a way of changing the role or level of a logged-in user.Zbuild84openSUSE Leap 15.0openSUSEGPL-2.0-or-laterhttps://bugs.opensuse.orgProductivity/Securityhttps://github.com/SELinuxProject/selinuxlinuxx86_64 if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/bin/newrole fi{(+큤ZZZ5a9765e7241c3aa7f4f9ccc14b5a97048f82078b3424f076339c6853e23a9a331565726489029fbf0a7ab667e2e9a59ad24456a8557df37fbde9d2271c1c6e2565be96657f621c464d977453c59830abe08093e70fcd79821ed7453dd5af4fd9rootrootrootrootrootrootpolicycoreutils-2.6-lp150.3.1.src.rpmconfig(policycoreutils-newrole)policycoreutils-newrolepolicycoreutils-newrole(x86-64)@@@@@@@@@@@@@    /bin/shconfig(policycoreutils-newrole)libaudit.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcap-ng.so.0()(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam_misc.so.0()(64bit)libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit)libselinux.so.1()(64bit)permissionspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.6-lp150.3.12.63.0.4-14.6.0-14.0-15.2-14.14.1Z@ZmZ2@ZI@ZZ;@Z@Z XWW\@W~TZ@T @SxRRRrF@Q)@Q\QU@Q @P @P7@P|@P!@O:LO8@M~@MK@LKK[Kf@J]J;}J+@jsegitz@suse.comjsegitz@suse.comtchvatal@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.comrbrown@suse.comjsegitz@suse.comjsegitz@novell.comjengelh@inai.dejsegitz@novell.comjsegitz@novell.comjsegitz@suse.comcrrodriguez@opensuse.orgvcizek@suse.comvcizek@suse.comp.drouand@gmail.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comaj@suse.demeissner@suse.commvyskocil@suse.czcoolo@suse.comprusnak@opensuse.orgtoddrme2178@gmail.comprusnak@opensuse.orgmeissner@suse.deprusnak@suse.czprusnak@suse.czprusnak@suse.czprusnak@suse.czprusnak@suse.cz- SLE 15 doesn't have the necessary files for policycoreutils-gui, don't build it there- Drop the requirement for selinux-policy for the gui tools.- Drop SLE11 support, needs the audit that is not present on SLE11 - Fix service link to actually work on current releases - Drop SUSE_ASNEEDED=0 as it seems to build fine without it - Do not depend on systemd, just systemd-rpm-macros- Added CVE-2018-1063.patch to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)- Remove BuildRequires for libcgroup-devel (bsc#1085837)- Removed BuildRequires for setools-devel and added new runtime requirement for python2-networkx- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to policycoreutils version 2.6. Notable changes: * setfiles: reverse the sense of -D option * sandbox: Use dbus-run-session instead of dbus-launch when available * setfiles: Utility to find security.restorecon_last entries * setfiles: Add option to stop setting the digest * hll/pp: Change warning for module name not matching filename to match new behavior * sepolicy: convert to setools4 * sandbox: create a new session for sandboxed processes * sandbox: do not try to setup directories without -X or -M * sandbox: do not run xmodmap in a new X session * sandbox: fix file labels on copied files * semanage: Fix semanage fcontext -D * semanage: Default serange to "s0" for port modify * semanage: Use socket.getprotobyname for protocol * semanage: Add auditing of changes in records * Improve compatibility with Python 3 * Update sandbox types in sandbox manual * hll/pp: Warn if module name different than output filename - Update to sepolgen version 2.6. Notable changes: * Add support for TYPEBOUNDS statement in INTERFACE policy files - Dropped CVE-2016-7545_sandbox_escape.patch- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 Sandboxed session could have escaped to the parent session- Trim description in line with other selinux packages- Changes submitted by MargueriteSu: Update to version 2.5 * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss. * sepolicy: Rename policy global variable conflict, from Nicolas Iooss. * newrole: Add missing defined in #if, from Nicolas Iooss. * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. * semanage: replace string.join() with str.join(), from Petr Lautrbach. * Man page warning fixes, from Ville Skyttä. * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. * Fix PEP8 issues, from Jason Zaman. * semanage: fix moduleRecords deleteall method, from Stephen Smalley. * Improve compatibility with Python 3, from Michal Srb. * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. * mcstransd: don't reinvent getpeercon, from Stephen Smalley. * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. * hll: Move core functions of pp to libsepol, from James Carter * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. * run_init: fix open_init_pty availability check, from Nicolas Iooss. * Widen Xen IOMEM context entries, from Daniel De Graaf. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * Fixed typo/grammatical error, from Christopher Peterson. * Fix typo in semanage-port man page, from Andrew Spiers. Update to version 2.4 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. * Improve support for building with different versions of python from Nicolas Iooss. * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, from Dan Walsh * Remove cgroups from sandbox, from Dan Walsh * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley * Add a store root path in semodule, from Yuli Khodorkovskiy * Add a flag to ignore cached CIL files and recompile HLL modules, from Yuli Khodorkovskiy * Add and install HLL compiler for policy packages to CIL. The compiler is installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence * Fixes to pp compiler to better support roles and type attributes, from Yuli Khodorkovskiy * Deprecate base/upgrade/version in semodule. Calling these commands will now call --install on the backend, from Yuli Khodorkovskiy * Add ability to install modules with a specified priority, from Caleb Case * Use /tmp for permissive module creation, by Caleb Case * Update semanage to use new source policy infrastructure, from Jason Dana * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent Bigonville- added Requires: python-yum, yum-metadata-parser to fix sepolicy (bnc#903841)- removed execute permission from systemd unit file- Version 2.3 sepolgen: Add back attributes flag to fix exception crash from Dan Walsh. (drop policycoreutils-sepolgen_missing_attributes.patch) * Add -P semodule option to man page from Dan Walsh. * selinux_current_policy_path will return none on a disabled SELinux system * Add new icons for sepolicy gui from Dan Walsh. * Only return writeable files that are enabled from Dan Walsh. * Add domain to short list of domains, when -t and -d from Dan Walsh. * Fix up desktop files to match current standards from Dan Walsh. * Add support to return sensitivities and categories for python from Dan Walsh. * Cleanup whitespace from Dan Walsh. * Add message to tell user to install sandbox policy from Dan Walsh. * Add systemd unit file for mcstrans from Laurent Bigonville. * Improve restorecond systemd unit file from Laurent Bigonville. * Minor man pages improvements from Laurent Bigonville. * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.- sepolgen: add back attributes * fixes build of selinux-policy * policycoreutils-sepolgen_missing_attributes.patch- fix issues which prevented accepting to Factory * mention the dropped patches (merged upstream): - policycoreutils-rhat.patch - policycoreutils-sepolgen.patch- update to version 2.2 * Properly build the swig exception file * Fix man pages * Support overriding PATH and INITDIR in Makefile * Fix LDFLAGS usage * Fix init_policy warning * Fix semanage logging * Open newrole stdin as read/write * Fix sepolicy transition * Support overriding CFLAGS * Create correct man directory for run_init * restorecon GLOB_BRACE change * Extend audit2why to report additional constraint information. * Catch IOError errors within audit2allow * semanage export/import fixes * Improve setfiles progress reporting * Document setfiles -o option in usage * Change setfiles to always return -1 on failure * Improve setsebool error r eporting * Major overhaul of gui * Fix sepolicy handling of non-MLS policy * Support returning type aliases * Add sepolicy tests * Add org.selinux.config.policy * Improve range and user input checking by semanage * Prevent source or target arguments that end with / for substitutions * Allow use of <> for semanage fcontext * Report customized user levels * Support deleteall for restoring disabled modules * Improve semanage error reporting * Only list disabled modules for module locallist * Fix logging * Define new constants for file type character codes * Improve bash completions * Convert semanage to argparse * Add semanage tests * Split semanage man pages * Move bash completion scripts * Replace genhomedircon script with a link to semodule * Fix fixfiles * Add support for systemd service for restorecon * Spelling corrections * Improve sandbox support for home dir symlinks and file caps * Switch sandbox to openbox window manager * Coalesce audit2why and audit2allow * Change audit2allow to append to output file * Update translations * Change audit2why to use selinux_current_policy_path - Update sepolgen to version 1.2 * Return additional constraint information. * Fix bug in calls to attributes * Add support for filename transitions * Fix sepolgen tests - Remove restorecond.service; use upstream service file - Don't provide support for sysvinit and systemd on a same system Use either one or the other- change the source url to the official release tarballs- fixed source url - removed old tarball- update to 2.1.14 * setfiles: estimate percent progress * load_policy: make link at the destination directory * Rebuild polgen.glade with glade-3 * sepolicy: new command to unite small utilities * sepolicy: Update Makefiles and po files * sandbox: use sepolicy to look for sandbox_t * gui: switch to use sepolicy * gui: sepolgen: use sepolicy to generate * semanage: use sepolicy for boolean dictionary * add po file configuration information * po: stop running update-po on all * semanage: seobject verify policy types before allowing you to assign them. * gui: Start using Popen, instead of os.spawnl * sandbox: Copy /var/tmp to /tmp as they are the same inside * qualifier to shred content * semanage: Fix handling of boolean_sub names when using the -F flag * semanage: man: roles instead of role * gui: system-config-selinux: Catch no DISPLAY= error * setfiles: print error if no default label found * semanage: list logins file entries in semanage login -l * semanage: good error message is sepolgen python module missing * gui: system-config-selinux: do not use lokkit * secon: add support for setrans color information in prompt output * restorecond: remove /etc/mtab from default list * gui: If you are not able to read enforcemode set it to False * genhomedircon: regenerate genhomedircon more often * restorecond: Add /etc/udpatedb.conf to restorecond.conf * genhomedircon generation to allow spec file to pass in SEMODULE_PATH * fixfiles: relabel only after specific date * po: update translations * sandbox: seunshare: do not reassign realloc value * seunshare: do checking on setfsuid * sestatus: rewrite to shut up coverity - removed policycoreutils-glibc217.patch (upstream fix) - added patches: * policycoreutils-rhat.patch * policycoreutils-sepolgen.patch * loadpolicy_path.patch- update to 2.1.13 - drop policycoreutils-po.patch.bz2 (updated upstream) - drop policycoreutils-gui.patch.bz2 (added to upstream) - drop sandbox init scripts (shouldn't be needed anymore) - numerous other changes- added service unit for restorecond- semanage needs python-xml and python-ipy to run- Fix compilation with glibc 2.17 (add patch policycoreutils-glibc217.patch extracted from Fedora)- updated policycoreutils to 2.1.10 - adapated patches - updated sepolgen to 1.1.5- fix seceral rpmlint errors and warnings * use /var/adm/fillup-template for sandbox * don't use /var/lock/subsys in any of init script * use set_permissions macro and add correct Requires(pre) * fix the languages to new -lang package * fix policycoreutils-sandbox Group * remove runlevel 4 from inint scripts- patch license to follow spdx.org standard- updated to 2.0.85 * changes too numerous to list- fix a typo in the package group- remove usermode-gtk from Requires of -gui subpackage- remove incorrect and unnecessary rpmlintrc.- fix build by moving _GNU_SOURCE define (gnusource.patch), thx darix- updated to 2.0.79 * changes too numerous to list- disable Requires usermode-gtk- added libsepol-static-devel to BuildRequires- updated to 2.0.62 * Add btrfs to fixfiles from Dan Walsh. * Remove restorecond error for matching globs with multiple hard links and fix some error messages from Dan Walsh. * Make removing a non-existant module a warning rather than an error from Dan Walsh. * Man page fixes from Dan Walsh./bin/shbuild84 15250923092.6-lp150.3.12.6-lp150.3.12.6-lp150.3.1newrolenewrolenewrole.1.gz/etc/pam.d//usr/bin//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.0/standard/4321900e6b428c98e6fc12d71c83b04f-policycoreutilscpioxz5x86_64-suse-linuxASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=ded87d32421539013901422cf82f75f9dfc08264, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) R R RRRRRRR R RR R emUкK|_utf-83324a6317450802d10ba2f6cad1dc6bd375152a983c3abbf3ae68a9c2fcaff82?7zXZ !t/-`] crv(vX0z-$3Ъ_̮ oWT1H+F0r7eo5F1śo  PC~dw\RM]O&}vok&NJcv^S,%Uz<6HRd~l%.ïP$Q3h@[xtzƅd ?$A6|]|ϼvS/1.&o)Ch*?$qa& F~Y^͔@/YFeG&s7rE:-V;ɠCS'Zo ,,ˢ>*ftʆ(F#_$a[Zmz?ڍs( ŋ*EW:h^#mLO"Y Dŭ gRœz5kYPɾpj柯xXCq;BoLj1dꛎ=4?:u圧ڧL[U =ŗ|G\dhc?؂{;U=,*P3JW'jɚO mEvx*r}y~kCD6a"ꯒJKH|7nv:EdU\/GjdCP~a'#})[vx.r[јV[YgBx{K!=kk!,2fӫӱ)/47 v샊jOXjgkh]ob e[ yP@]n|Z:J'g+_(W#!*LRB.Hd ΁DzD=5 IM"[ $֯>U`?S)%fk g%=*gjX AbmP? A-HpO~Z;K(Ig33 ^S TrD+U%6DD"yy%xVՒx?;G恀ۺA/9ь2HYOˏ;6%됒ymfte[ĞɼYegX+Y]fc.AKz!B,j}N5d՛'Do}۱>ܵLokY(k~WdWEyER "rWd)GS@'xA{b<A)hNRa _c7r*n+=c3u^^7g~"/,mk~aPS+YD\1B ]+'#{# t1уyB\L ^Ƹ5s -`њ_P8ڬˁNE! ~d;YDN:Lf\9.R 'b2qs/q>%Dʑ¥LW_ bUfqdNK\@ H"fd!i0g(Q^gL!ǐ H׾QᣤOaCtGv޽/.˭LK~yJ&7 P8iq0|a&z*EH1T2XG:)x^^! {M`t`>!2@CC7DȆҀe&P&gBw~7цlI. v#rn=(<\B$ג3IJZ#;3`Fx NL xFpWph3mnS =x/py~ Wխ\%6bm~5˵Y/'uO _!e s?O̾jJoMRi(L"EsP.@ޔLgVB0@F/nJ;)sߌ{~t+8ܣ?X,,Zzgf!GѩK1tncSlt݄Hc;5ܮHԫæXiSONPzL0H=E Ǥ3Wac:\Y9Ng6 Pd7>>-@sNy#[pgm'Bot$)yJAA.ӽ?"#Z pfu*c9<j2*IywbaA2r,bm\q0nG .rz4IlsiEjnb3ڽ'/yɆ X#L]*¤T0aWѪMo$S~W%sN2#)eC1$ܜU GfczqwpI;fnHۂinʖn(aH>2CY ~rJe{>/Ͽ6 /DwԐ_0da$(u# ?h!$%uW1P鷯t)&oi$iʹp:ܹ^=[])O_<#%*'V*ǀ(J-t0Z{)|69#IwSiDt~4ۑ>Bwɯ&(Z~^=пĤZajQւ:ጾ,-l\(vtF5Uxξ-|s[\{!_ۮV2PkM+jێTGZ:J!ZL=J 7>atI}|O=ɪƨ:=s6Np nkC^woߛ Zb2"xoX/FJv/^" C-[IV>*#? aǐ׍ɀ9x]Оl4uQBWfs?Ǵ)jb/6rP0hZ V@[A ŲmK 5cᦤZhjš*`Ux~`´_p2pV,LGy+cf.U] 1AԻ5lewAUCZ|]o?tC(qS+3wa<4XϓN"Ry&>])1;gs_l'<A¤#)Ze #xۓԛ~&y4d(?g=}"yA<|k?Sh"RD!z0 ~KAx82{!1 NQ+{{1fG3#ԴxҶ"IMq#b: dFʼ+xuҒ1\ .1Ws@qs!P'$&WΟhyN ´4 Ih?LX wVɇ'D8P>D!Bc[f:~i?FVՇHOpC ĭPʡn88Gb5Yd*rMGoۊi$qIXxt^JBV6g;'eTޞ㠅 w-4=tW#4$7 يdSUs=/T}0ʪIw٫8n4dfN`EzkD?[ٙ?zx`0ۄ8%] f vxL9@C~4NB fXɄDfGwl RINڞnx쬞Z W%M ,3[bDV 72JU P6@Sw5dCSWT)" epV𧲣2 ݵaik{ps|5A& 9fۨFTRcru>RA"S3N> -m7;NSL>ݱNU-j(,  hJG9RO-?Z %TdkQPw .⽩OP*څohw/ͼG9yKJ'[e|qАUx">jk4J4="6`E6m#zKk|xS).N]dshE,\S !OUcͪy]^1J:OFmNWUwN8CQ^Dc|PkG$?&yKvvr7mٜVM}LҁIO{&Jet3Ms$G+Ȉ;p(spE7F@udV4sjRg(8ZL-5 !J_zz$d`_}ǠbZ #ܵca̭]b'O瞶۞8^VOL/|Z&"l! J@Q׉W&Xxi`lE{Ft'Pj/'\p6jwp&{?Z[^ݲ`K\\:GJj'LUR:dEGF& ED"R"bG sE7=2W#WO|.hnG{&p2e mC};!k¶FtڌN;e_6JK`ƗLN>~פn#OV,tX?72y>OܰSHfv|e8i7? ,OX!ӷVB7sXC{/H> c3-%\^vˬ2Ԓ]^6knnbWHJ=z)ǔ-7Q|/-0VK\ HcmV)b:M08h/ OMYl CԱUs}, 5ĝI f׏1ܩn\2/oԥ> l6A9 `/!*ʐ 7\:}]Y)io[]%!PN~m:t@2JꏂAqW]q)TY G]_WShގs fz8H 1u34Fou-p{27LOI.kؑ2><s=iS(;?׈u6Jճds ǯz_$ hau\ݺ%k8Q}'޵meH!8v ĭ}tdx3ܡqj#>1][!.\9.u՝%1 ދBJ?ڪ~`yԏV` C4F]_: jb3gFiNk)Qemx8yU-#4 G!aw&6oe A4 9 (Ƒ3V׹7yleZz6O%:2ij.;.ҟ6~,A`n),y^Mό+*k~.isLhM{'%h^qe%pj 8͉LĬH !#\H N0vpة~m˝7Zpx6z?2fxoNH>JL$#LvR`tDKIE!@=B=Uf2"cؤ,`L+\PvpFM! ~#0Xw(_ j0MZyKOz3g>b͗ê[-v|sL0ə'=^S%EY"vo*cw& XǪLXuo^ x3I56_42c>"iVzGւFw .Jh DXIfi+D 7 RK#s}혱aV=K[JL& z~N#/<փg0LLc,=lUQ܍$qf 3,;k&9p1&_oS@_.L;ace7_m-;jQ˚ 6(]f3N">3d\_iWñ TVȧRˡd-.To:i [jzTW~2-Ka\084 MOEC(ߢIBRHQx?kD6pF`#PH O|רiӎeSAWohgj$'kH_%\1V!XlJEgUU.)U;=3\5uU SNL)f]"m5 *g7~f>mr_Sڨۨd>H_a}kyf:it)| v0Z/Wbj-yD0*eZ>9o!6:ڭBrzrbv.s;yEz5z0]Yhvx\@q*r7W+I&4itv˘G5`7'a(g),ou(7*Q)T>͖O&QHhfLE nP IדGO^#F/a#rB3W5Ы0&aR52rhV{Onf$zM\&P '!yƐ~b+'uQ*T`>HcjI|R<>ehm$:ZoCi[6 7S8j|s F@h'Kz smfL}HP(M"YuXӆenZhg˻7qK\>XgAEQfHÊnQ\TXsVivnq,<>WHsWSvSu|~\OAR"('2"4^OnVvӀhWdWP9{gNŸq|.0/_.m=fX-[A>$?]#H}xM@ȬD4չgts7ԥtShT=5L i}*'xoh謔_p&͹aԻ_QHTD؉7M=OuH3l@jwN\\Z?!5yqcVoX}a q^#|s~ӿK#i;fuXϗUE) -ם}fs@5#$cʉM90ɐO(tY pw3 E "틾0 b'qۖf돰sXD۴ C6xn[C Q)}ۃ-ldŋВ0 v}7 M)5(HB! Y׺íǭ+ܚ}^`Ǒ?e  /=*4* ._Ix xAqT_A1)a7e^Pa*oOIFRY J<k-BP͟\y`-ىˌ_ f9Y上flȻQIf@[,>.w{aKp4kkh9}2=J!+6˖&ah"E9 dڵrF&6cS C9Ibr<ZW ,gtʫ% (ogկB ʠ.t2@=g5 Df#4j <<$F&:?CE0=[ʌWJpaK;d-|PĹ{U0,UnFluNzYrzp[֔ǵ.IAo&/Mi87Ff6VC92@X 8(ԭ ^ kmY]dדI^<82( {i3+e҂ {1BvLNҫGTOcbK: ʥ>)zd0UpP<M/e^דF/p)Ӊ7w\7n=6(AUm ! 4}4F?n[i5cQ)B7R^h1#Wz3nVGA>X^e|pY 9:oU| -K)o=dE bIa3P BڋJwQ4\ї.P 7.Zib1FD}(s$}RWYl^f}N=Fk>iv9CRU:6WKA2͛4,"KHs%jQffںm $euCyU:NmxIVX݀·=f&8"$0J_DйFpN:\rmv\YtL_1D >z:7:+<ɫr)wېD.CğW끸mwb,_;Q~88Վ!ϗP!j!E\g,~ٔZ\&:nqOvrb kwci$0E^$1Ӝ}s7üt67CV鰇=a'lu3%!o僟ylk9BxW* jbJ|~lX{ 3[mtn{< gWw1(܏{${*5 \*Ƒ]#IŹɻUTE q=2? $.]xƕ*TҒ,/אˢ9nŏ/Mo4:"SwnM`AV766\Wh: &}ÐOcp~IϴpFv/Ds yuuIh[@C}f|m{cKޟ@jic.'T_֛h0O"!&;*ͱ [ YZ