libcryptsetup-devel-2.0.5-lp151.1.17 >  A \灸/=„h; /d`LjQ{]X{7t+L';O}=m``Fϊt>+pOykb Iq^NiU{0+w#D%{$O/~f\`4a*_Dhts~~8ɚkx/p܋V03""+ejcHj%tۘ<zY4J6:;<&٥γNU@m6e06566e2128bfa5513aa220de0a0d5d5bbfb5bab2cd5f1b50ad77b79dafd560e42a13588a8b665d77a7bbcfa3e189e11287108b\灸/=„D<#F`9%D. d=Z%Ip\u/6@ţ:;GYA}fWV5Ě0۷ ,C0Ex,վAW:Obhq 8;X2Ь5T6):hpZUŦ>ynж}p@[Ez"b1wĩrLoMjύ\N'zEvS ަiGژfM#a82罯evn"\53B2%S{U&H>pAW?Vd ' U 0Z`h     0Px@\(89T:oBRFRGRHSIS XS(YS8ZSh[Sl\St]S^TbTcUfdUeUfUlUuUvVwVPxVpyVzVVVVVClibcryptsetup-devel2.0.5lp151.1.17Set Up dm-crypt Based Encrypted Block Devicescryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab.\wbuild76 openSUSE Leap 15.1openSUSESUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-laterhttps://bugs.opensuse.orgDevelopment/Libraries/C and C++https://gitlab.com/cryptsetup/cryptsetup/linuxx86_645* !AA큤\u\u\u\vZt{PNZt{Zt{983f3fb7fca9f257f6db4c003bb828cba4e7fd1102a46369f68f1943f2a4bd2853bbf550da05553da9409d20f1161c49b3ca7daa7faa5bf41c2d6d8c6b7f121cc0cf16a81087c35534a7b6f4a5b51109851c4c64eea70e7b0a192a137e3cea3cef9a6891e2d00bde79015c45175d8f023fe8a93c85d6f176c7d6325c258971e5baebadf2a3733a4a03954b1e491b29fb864fbccd893f71e226ea036df3269a0dlibcryptsetup.so.12.3.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcryptsetup-2.0.5-lp151.1.17.src.rpmcryptsetup-devellibcryptsetup-devellibcryptsetup-devel(x86-64)pkgconfig(libcryptsetup)@    /usr/bin/pkg-configglibc-devellibcryptsetup12rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.0.53.0.4-14.6.0-14.0-15.2-14.14.1[G[G[{Zp^@Z unlocked/created/removed. For token actions: Token created/removed. * Print error, if a non-existent token is tried to be removed. * Add support for LUKS2 token definition export and import. The token command now can export/import customized token JSON file directly from command line. See the man page for more details. * Add support for new dm-integrity superblock version 2. * Add an error message when nothing was read from a key file. * Update cryptsetup man pages, including --type option usage. * Add a snapshot of LUKS2 format specification to documentation and accordingly fix supported secondary header offsets. * Add bundled optimized Argon2 SSE (X86_64 platform) code. If the bundled Argon2 code is used and the new configure switch - -enable-internal-sse-argon2 option is present, and compiler flags support required optimization, the code will try to use optimized and faster variant. Always use the shared library (--enable-libargon2) if possible. This option was added because an enterprise distribution rejected to support the shared Argon2 library and native support in generic cryptographic libraries is not ready yet. * Fix compilation with crypto backend for LibreSSL >= 2.7.0. LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility wrapper must be commented out. * Fix on-disk header size calculation for LUKS2 format if a specific data alignment is requested. Until now, the code used default size that could be wrong for converted devices. Changes since version 2.0.2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Expose interface to unbound LUKS2 keyslots. Unbound LUKS2 keyslot allows storing a key material that is independent of master volume key (it is not bound to encrypted data segment). * New API extensions for unbound keyslots (LUKS2 only) crypt_keyslot_get_key_size() and crypt_volume_key_get() These functions allow to get key and key size for unbound keyslots. * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only). * Add --unbound keyslot option to the cryptsetup luksAddKey command. * Add crypt_get_active_integrity_failures() call to get integrity failure count for dm-integrity devices. * Add crypt_get_pbkdf_default() function to get per-type PBKDF default setting. * Add new flag to crypt_keyslot_add_by_key() to force update device volume key. This call is mainly intended for a wrapped key change. * Allow volume key store in a file with cryptsetup. The --dump-master-key together with --master-key-file allows cryptsetup to store the binary volume key to a file instead of standard output. * Add support detached header for cryptsetup-reencrypt command. * Fix VeraCrypt PIM handling - use proper iterations count formula for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes. * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim). * Add --with-default-luks-format configure time option. (Option to override default LUKS format version.) * Fix LUKS version conversion for detached (and trimmed) LUKS headers. * Add luksConvertKey cryptsetup command that converts specific keyslot from one PBKDF to another. * Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata) header is detected. * More cleanup and hardening of LUKS2 keyslot specific validation options. Add more checks for cipher validity before writing metadata on-disk. * Do not allow LUKS1 version downconversion if the header contains tokens. * Add "paes" family ciphers (AES wrapped key scheme for mainframes) to allowed ciphers. Specific wrapped ley configuration logic must be done by 3rd party tool, LUKS2 stores only keyslot material and allow activation of the device. * Add support for --check-at-most-once option (kernel 4.17) to veritysetup. This flag can be dangerous; if you can control underlying device (you can change its content after it was verified) it will no longer prevent reading tampered data and also it does not prevent silent data corruptions that appear after the block was once read. * Fix return code (EPERM instead of EINVAL) and retry count for bad passphrase on non-tty input. * Enable support for FEC decoding in veritysetup to check dm-verity devices with additional Reed-Solomon code in userspace (verify command). Changes since version 2.0.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Fix a regression in early detection of inactive keyslot for luksKillSlot. It tried to ask for passphrase even for already erased keyslot. * Fix a regression in loopaesOpen processing for keyfile on standard input. Use of "-" argument was not working properly. * Add LUKS2 specific options for cryptsetup-reencrypt. Tokens and persistent flags are now transferred during reencryption; change of PBKDF keyslot parameters is now supported and allows to set precalculated values (no benchmarks). * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags combination. Persistent flags are now stored only if the device was successfully activated with the specified flags. * Fix integritysetup format after recent Linux kernel changes that requires to setup key for HMAC in all cases. Previously integritysetup allowed HMAC with zero key that behaves like a plain hash. * Fix VeraCrypt PIM handling that modified internal iteration counts even for subsequent activations. The PIM count is no longer printed in debug log as it is sensitive information. Also, the code now skips legacy TrueCrypt algorithms if a PIM is specified (they cannot be used with PIM anyway). * PBKDF values cannot be set (even with force parameters) below hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2 it is 4 iterations and 32 KiB of memory cost. * Introduce new crypt_token_is_assigned() API function for reporting the binding between token and keyslots. * Allow crypt_token_json_set() API function to create internal token types. Do not allow unknown fields in internal token objects. * Print message in cryptsetup that about was aborted if a user did not answer YES in a query.- update to 2.0.1: * To store volume key into kernel keyring, kernel 4.15 with dm-crypt 1.18.1 is required * Increase maximum allowed PBKDF memory-cost limit to 4 GiB * Use /run/cryptsetup as default for cryptsetup locking dir * Introduce new 64-bit byte-offset *keyfile_device_offset functions. * New set of fucntions that allows 64-bit offsets even on 32bit systems are now availeble: - crypt_resume_by_keyfile_device_offset - crypt_keyslot_add_by_keyfile_device_offset - crypt_activate_by_keyfile_device_offset - crypt_keyfile_device_read The new functions have added the _device_ in name. Old functions are just internal wrappers around these. * Also cryptsetup --keyfile-offset and --new-keyfile-offset now allows 64-bit offsets as parameters. * Add error hint for wrongly formatted cipher strings in LUKS1 and properly fail in luksFormat if cipher format is missing required IV.- Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements- Update to version 1.7.5: * Fixes to luksFormat to properly support recent kernel running in FIPS mode. * Fixes accesses to unaligned hidden legacy TrueCrypt header. * Fixes to optional dracut ramdisk scripts for offline re-encryption on initial boot.- Update to version 1.7.4: * Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper. * Use LUKS1 compiled-in defaults also in Python wrapper. * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward compatible API. * OpenSSL backend: Fix LibreSSL compatibility. * Check for data device and hash device area overlap in veritysetup. * Fix a possible race while allocating a free loop device. * Fix possible file descriptor leaks if libcryptsetup is run from a forked process. * Fix missing same_cpu_crypt flag in status command. * Various updates to FAQ and man pages. - Changes for version 1.7.3: * Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup. * Set configured (compile-time) default iteration time for devices created directly through libcryptsetup * Fix PBKDF2 benchmark to not double iteration count for specific corner case. * Verify passphrase in cryptsetup-reencrypt when encrypting a new drive. * OpenSSL backend: fix memory leak if hash context was repeatedly reused. * OpenSSL backend: add support for OpenSSL 1.1.0. * Fix several minor spelling errors. * Properly check maximal buffer size when parsing UUID from /dev/disk/.- Update to version 1.7.2: * Update LUKS documentation format. Clarify fixed sector size and keyslots alignment. * Support activation options for error handling modes in Linux kernel dm-verity module: - -ignore-corruption - dm-verity just logs detected corruption - -restart-on-corruption - dm-verity restarts the kernel if corruption is detected If the options above are not specified, default behavior for dm-verity remains. Default is that I/O operation fails with I/O error if corrupted block is detected. - -ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected to contain zeroes and always return zeroes directly instead. NOTE that these options could have security or functional impacts, do not use them without assessing the risks! * Fix help text for cipher benchmark specification (mention --cipher option). * Fix off-by-one error in maximum keyfile size. Allow keyfiles up to compiled-in default and not that value minus one. * Support resume of interrupted decryption in cryptsetup-reencrypt utility. To resume decryption, LUKS device UUID (--uuid option) option must be used. * Do not use direct-io for LUKS header with unaligned keyslots. Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005). * Fix device block size detection to properly work on particular file-based containers over underlying devices with 4k sectors. - Update to version 1.7.1: * Code now uses kernel crypto API backend according to new changes introduced in mainline kernel While mainline kernel should contain backward compatible changes, some stable series kernels do not contain fully backported compatibility patches. Without these patches most of cryptsetup operations (like unlocking device) fail. This change in cryptsetup ensures that all operations using kernel crypto API works even on these kernels. * The cryptsetup-reencrypt utility now properly detects removal of underlying link to block device and does not remove ongoing re-encryption log. This allows proper recovery (resume) of reencrypt operation later. NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility, this link disappears once the device metadata is temporarily removed from device. * Cryptsetup now allows special "-" (standard input) keyfile handling even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. * Cryptsetup now fails if there are more keyfiles specified for non-TCRYPT device. * The luksKillSlot command now does not suppress provided password in batch mode (if password is wrong slot is not destroyed). Note that not providing password in batch mode means that keyslot is destroyed unconditionally.- update to 1.7.0: * The cryptsetup 1.7 release changes defaults for LUKS, there are no API changes. * Default hash function is now SHA256 (used in key derivation function and anti-forensic splitter). * Default iteration time for PBKDF2 is now 2 seconds. * Fix PBKDF2 iteration benchmark for longer key sizes. * Remove experimental warning for reencrypt tool. * Add optional libpasswdqc support for new LUKS passwords. * Update FAQ document.- Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562)- Update to 1.6.8 * If the null cipher (no encryption) is used, allow only empty password for LUKS. (Previously cryptsetup accepted any password in this case.) The null cipher can be used only for testing and it is used temporarily during offline encrypting not yet encrypted device (cryptsetup-reencrypt tool). Accepting only empty password prevents situation when someone adds another LUKS device using the same UUID (UUID of existing LUKS device) with faked header containing null cipher. This could force user to use different LUKS device (with no encryption) without noticing. (IOW it prevents situation when attacker intentionally forces user to boot into different system just by LUKS header manipulation.) Properly configured systems should have an additional integrity protection in place here (LUKS here provides only confidentiality) but it is better to not allow this situation in the first place. (For more info see QubesOS Security Bulletin QSB-019-2015.) * Properly support stdin "-" handling for luksAddKey for both new and old keyfile parameters. * If encrypted device is file-backed (it uses underlying loop device), cryptsetup resize will try to resize underlying loop device as well. (It can be used to grow up file-backed device in one step.) * Cryptsetup now allows to use empty password through stdin pipe. (Intended only for testing in scripts.)- Enable verbose build log.- regenerate the initrd if cryptsetup tool changes (wanted by 90crypt dracut module)- Update to 1.6.7 * Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension) * Support keyfile-offset and keyfile-size options even for plain volumes. * Support keyfile option for luksAddKey if the master key is specified. * For historic reasons, hashing in the plain mode is not used if keyfile is specified (with exception of --key-file=-). Print a warning if these parameters are ignored. * Support permanent device decryption for cryptsetup-reencrypt. To remove LUKS encryption from a device, you can now use - -decrypt option. * Allow to use --header option in all LUKS commands. The - -header always takes precedence over positional device argument. * Allow luksSuspend without need to specify a detached header. * Detect if O_DIRECT is usable on a device allocation. There are some strange storage stack configurations which wrongly allows to open devices with direct-io but fails on all IO operations later. * Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later). * Get rid of libfipscheck library. (Note that this option was used only for Red Hat and derived distributions.) With recent FIPS changes we do not need to link to this FIPS monster anymore. Also drop some no longer needed FIPS mode checks. * Many fixes and clarifications to man pages. * Prevent compiler to optimize-out zeroing of buffers for on-stack variables. * Fix a crash if non-GNU strerror_r is used.cryptsetup-develbuild76 15564081832.0.52.0.5-lp151.1.172.0.5-lp151.1.172.0.52.0.5libcryptsetup.hlibcryptsetup.solibcryptsetup.pclibcryptsetup-develexamplesMakefilecrypt_log_usage.ccrypt_luks_usage.c/usr/include//usr/lib64//usr/lib64/pkgconfig//usr/share/doc/packages//usr/share/doc/packages/libcryptsetup-devel//usr/share/doc/packages/libcryptsetup-devel/examples/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/b4f2677e51ccc8d514844c421ab482f3-cryptsetupcpioxz5x86_64-suse-linuxC source, ASCII textpkgconfig filedirectorymakefile script, ASCII textPRݗ'~zAއYO\utf-81c61a0fd4888c6bc6db4788c725892e04091b0196732a2cf280598cfe08e1c8d?7zXZ !t/&G=] crv(vX0~Zʉ&;*̋{A2XLg*IJXd9/{R[#C xŭKsֳ?JԎ/UGμ:E|U@o[9HE o6qC~x+48a:ʬޟI/ Ϡ H\Zg"M0Bhu3B˖"9d5|=^T%˱XΏ|hiQ vb'A@:<=\U٦LJ.N]=}/>}RgbB99爁eZ"ln'Ӌ[ lz$jĄ)qjs =Ҁ/S 0)&OWLȂ֪'>~fw^>rk3~-(f`Iq!QB\bUTK^ J4•CIk4gpیtt /j4J*I˥ө1yţ]BBؚƔK8E'W5Mc? '8K\ oJ*8~n kpE3L-t7?⭒e셿y{D!)hV_1K_;EImN`ct]$iM]}@3Ϭ٧+Q7@hl~8^7J YLkyVz\t)k^'))b:t䘨9^jOlnR"<(V5"!vXdG:~̩<5O|K0ucʁlKZ,;sP.{Lܝ |ѥ G`]K[qz A *@v:z{>W1z՜c#3Uy}IwFhxj\V@qtX6{?Hw AtT |~F_xCӀTQ8c,=a7>z`+KCM-=;U9NK0T{EKƞmb~9G p,jHՅM#CHCqǾVk"v]˛9șמLH@!_ c !<7qí&Kè̮nhÜ@R{PwIsVʆۊ{M+( U bPf CND]W]6-5f ^w\&XA/ :mk:|; NL?% 45PΠu%KD^/y&/1dfMz-/- %=Ǽ3 VhJumD=3'@8ˏp^gȹ)YBaD؁UF`]k)NwSo3 R~s.*4zHd;jmJ)rӃ \,dVH>l }_ֲxZpV# =)k\āQX#Ya`qt3̣>c`yno4O<2J[o.*fAO]]…QR 5ycGs `_4flA,$&mpJ$Сt 9 aDYI|;{/Яo'36<Օ?XŸ ;u'O\&91urS*a"VTED JE|iו >yH3n&BV H l2XUKh*Si̴2:Mk_D\f_.SӫTMvDɡ/,(y3voKde- yz2,۱ Z"^jZEu3[s |otT},.Ҿ#?\/O(*&tt{&ncZ }U)yȿEe\}!cʅ,\ )t]1R5qsp93oz8nܽhџcR./$xڤ}8ZG5)ғ:xuu%R|RK7i_ vZerySbJYʦSck p,VU*#S~8PyΐzPA=E (^_F<ڰ k@*3VYlÖN!7Ak I%<}!ko~"3q-VR?Qt ˀwO,h: ߟzwE0{qwh9ӫ^B{"Wgc~8-9yp&!POa (LV@B#^|j= T$F | CJy7ZrU@$5,@=~ 2CXoe=*6bI|.DF,'AF@M\V=,7LRdkf3cS6 ^h[_آЙk'!@@=B@Yn`v=c2zjTy+,$;"EF)l0.Pv IH6j KohԫzW]bH$[?.c}GVӮ<+%3wV|d]͚iy;>D a_dk 1mИJɾ1 @DpTxQZKҎ Õ f^tÜP$+L89@De}ֽ:,]"nNfiPT!_hLkVuϘU@$&c}æ$7؍{w bZ_6}!R<`V)6Bb ){50r^LPCZ:g|nX4!*`9C0:唱o7вMBTqW EoM¨$r19a&%fq@l\&y(d=c] SA.6޹=ȭH<=vuu|xiE>ʬPb~^ o֥Eٵl @ybt?AT!&X^Ck;SP4jD{@xW|:(۞D_FԸJ[sW#Q#kn5 PLq^~Dw(o.{ UdO rjY'qʕ\Z yH\]xR4AeOʐjHa7D_E `|`+anE""SSieGՒ(낥EI:\' c&MrYUnFZFVyap3 r rdE$h<|(sQ"pej|eBn}ڀ=p=P*n݂ϵ%V[>:tv]|UğUP  k &;YS.GDR`C_N,K%H@t\sXd0v<ͣ^T8`ǦD[*z{'L| p)Lb~?(eHfcde^(}ޙn40v-z/gԧNla8.R,dX t=4YFH,\"$q|R)Ab$`ME(1#ѝG=/gin~{;%D y68H%X=j&Oq!ԧ81KēOJզEҲ:S˜2j&IddYp@o_^VWUSVYgģBA]OT| {mFy TU`Si' 8 FB<0΍`SLŬ1Z^Qbe׹"`'I`NCu|~Zw~3;s HH@mhoWDC E 6S-姻?@8r`:yM`n͎;BCsBmtS=/9d 쉍%-$X ߦiht%LNj]V$CT vcMFgV]kO~&N]ƞݔ>R qR{tS[tl.aٕAD/%RHynŶ60/5SYT0ѺFPɓbv K ]րXRrƠf;UK:ᄚ] Z[5bt;z[GV/LWf(+wʃ~-mE نs7-&mNKVS<<僣])|Gti~EcaB)Ph<g@:a@m7č 2vֈKyT3\TF#Tյz3 E s&o]hIQqt&upQ,uGdi}Oz;`'D:LO@s k6]pLkgkENH|cG1`s\ZrsnCHcΌO}U"N0qbIHm84qw?mC|k;E[핦8-"_ڑp`3z;X{K.­12"@cg enu6vu$D#2h>C'p>R8 z޷ZrOqm'°InJ2dKRt z d:Uevђc'b$~& t"oC`FqB‘{pxԼw\+JqLp먶t d+xn*mľoyE^ܔ1)/,hx**JԲw@66n97fW3)\U{T .(Ptu,q4}*,~F!:az\ ߆/_rY8ǁr%*x6Vj6-KIAÈ_>䘐dǼi#lEm!ɋ1f9|?B6HsM*MT*=}{0JwqjTNetmur[: yi9HT2Fh Y_~jCν/3맭s5pz1qejT͖uY]^'޷Wm;DKT 83.u+'U;iيZ&]ݡ&~ȐpݫV_~ eJEhMg~wZ5ܚuu:Nw%AƗ$G ⡩XhP˷q(9-)6}*-$Z1 ɲkxuJi׺( Ǡǝ}˄_?k))}K I$@'n 8$C} ɦGBXiq`+u<,#PRb痐ڏtIi.S)5WVpd V hisRMNN*šW%q_BJY$b/~rk&kCXgTfi7,cřKs7ֿsh#Zq]6Ԍp(y-l3 vNC YZ%ߐuIg´JEm To9TRJpMW6&NjR: \0\癨h"=bYT_p=$7 !'AB,d|LOЪ$G0xy9V?_Y c?}0&.0Rg֚,k9=B*C .Ht컵}ӬTf!\rxU1ƟOA8}0pLwwPNa&ukQk\BPsj"7'N(y0}(8*.ND'ܠ aUfJXK=2͸T,n t&B5DmlVy%4`dsGzR!p Re22 Y90^ w[b׺:A/xRA Jo!;"w{mҊ$'|_qeL^n^{a Hv<6kkY%3W%h|tjd`_"] L>}vEȳ~}VFS|8.~rpS8+"w(,-fmR397bkOeutqicQiӧ:ӗN\'ěNߤ jpYi}ujb֑A1T1KGshQbڟ+<|ߣ}"_,ԌK< M%ڟ|Wdʲ:'PHqpOaլ=/(˜e ɥiaYF3)rt`T.fĬQ_z3)P]*>a! \ǧ5j!Y~DSԋhH&dS8bʢ 4Va$sdҚj#D3$tT@Lc;&" &[22luQ"Z%HmIυGO;;կN,H#K :m2-c&QHsNW9 \J~IՄⅦtD|hgԿX2Mkmm/vI&ʥIjN_!JzPnn<<9H̎!]~߈j*PD3_qlǯd2-4/u+@bEEePXsTxJ`, os3%6[n6df'ݍ~v#&恽[ M4 &XP~}x~|u|[KX"1tWR2nJkbf}t1S衿,)c䥖m6P~_=t턓Rd1蹇1L2UHy^pp}ͬq_=]dV' W޻JEa,iB46|WӬbgZ9^HCtq &ԃ`"%+|N߄S,׀ahGaЯZ\\)sPKКob?Vdˁ3V =d./!N:}cr8.QVGȊOJYZ  >9j."Wں4F.į}y{Zhmb vC36hd#KUҹ%0ꋆ(\d zv4A,+U^82hv; 9,11Z(՘~>:m` ?.S T|'鸟ͥ:ENc ^u?Q470Hk0󁳣+;R/YYDOIMp--hM>79oM?>'[–XelqggBYS7.֥s'FI./ sRnG.6|,Hq l8 ݶp"[bxxM #I=S52ؼS˞A p赔/<47rݣ\V2X+:Qf%HEһg\: QeI@f vQY:u9'HJ7 %R͡V ]J) 7Q|/R\ٞWR^'별,44h7V-f "'6fW@=T$#@<'c5 m?aC^yՕ:#3fh YhG+O--E6Gϊ#hjB57R^]txvه8"{BV_X]%]#w[/xRStr$k ] h|G 媏UA2o ͛qF>T8qbP_1)2q-%7%{}?kQ/_xMPu#Pċe47b"Oy󊞟{]c'UoIXZ:&U"#qς+lPY!,rI'ңٓ{rMvILg2x'!F>H}(_f.ڰ.>SWpIb tC6wy=!NFwi}? ((ٗIٟn7׃VދWUU%ԧs=0j#8 e^2**V+T #%v-Y+I3PlZ#^y&^#Mekio'=~p8̡gŮm_3#JL9y ٭qN. 3qI[jp_k.bq^zp KO {5S%˩R['3͸z`Jw*1b'Ȥ+{+g4%gX{ٝiZV#>~)cvkW],Ho%f5q.A\fMNNiܷq SLroDiOm0[%k_D˳;V9aziA֔ňJ]U 3KqL 5я7P[LzqřVcJA}(Jvr"gI )*~!cZ%?ց[!`_fԢFonC%24QGmZH1ˉ8'C\:/qYpۖ!CVŤZit̹ >! 3&r [;s@@[io E<{X\OF_kՃJihbT]FyTBF nV7@ bh7GR% =*%Pn%D2"lR9%};]h{c ʽ4Rj.*RmۡEٷ>Rpߪjޖdp@ OhoGk{oX06;N)YqV"ևٲR4m# EnUƙ]9@ q̍8Eoy /惇p.?$(>59M2Z\tzAmn8+QB'@7 jM#:| ɐ: >X^t|<5ͻSۋL}Mtf7U\JRTrT4UI8e=va?em_S{ Yq{g=bt0ε3K'38jjU\sr}\А@/mnraoהG>HX&27.4 㠐5G%}3yl;@V"{M!’?S}?c>MrtoOrJ!EK/34!_?u9I7Y\"@RV(1b1(cC9k\%DZzVpl| a'ɃzNhz,nbת,مou[ha^hlCH Vʍ E>7}LBV~xƚLZ(7I"`)<"?t;OO_u<6 t'^XSb|Y_gO艀RoY ܝJ`ߓ :pbπUF- Kh~}H!'  W 4j, @$OIH ǔ!u{4lz3_A$$J| OWښ9R)m l`ɒ!mMxWo]*Aпㅵ,(;%U9Zu nrykWGf^ySBg+öLΙMo bs]2ب?l Y(9\w*׿hl}՟5ALf:jm|V*7JDJB࿍p|{)3WH*Çൟ$6O,3dvEHޔE4 \ylDȻm^6>bH-eb3y,={a8F|uCY|f2|?gOMM5 Nܬbz@>Cة)oR;|>wO .ޑjzd JTFB>O Mx()" p+&5L"֖szzk B}^6uJ!ÇF%B˩)nk]ISf9&OafI,z搥PYTcC&2XIl*X %mTNfBh<=,Rm_ݗG\" a$8%wvkՃ n 5?1LA_1\N4PLW쇏vPqBu;ANz.80#8SMx$p2Z m˄db-oba{S&j9ժIIAI8Pq$V_0Pſ*'¥ ++U{L2eOx;:NSx( #_CmoۏD6|[!1i!3F݆b/7$'HݩZR%VUGZVuo vM]l?E2To+TGl[:Āqh^P+dѳ   |. dkyt˧L]>NuI(0ClA>>1g5(ȼV(Z\ƟxkwVCaY5PGԀ84zJ4͘Zz5Q4cvKV6HbV\ZT9b0bX1@Y`'?yQ\Ψ%U33Hmͱi]7fcM!ȋ W/'.=x)QfEҷ~xq"fC5 8 \XXD&MJ9RW/#%iWwlv\/ ?GWtBƘD_-C}v> ';%Sdu Qo&!# L$Giǃnc1ƮՋq s<(\e*R \hYUaBU`|9t-ߧ*_umUV;e_dOZ A 9c~:}@v%'/hzRZ^@5 Qv?wD AAi5:&zu@Ӻ=WLF6(m6SX4r 7߬Ts @N 6ј ߭Giib&l)Z d!bDVPD0RR!oK7n&U&6]o+fx&Ok#VHn {h C<\a')QTI8&R ^cY*6Q/RCD'>T[hT!E:HU[iHDXDkt+&O9$̥6{_O,o5y>xGQ㣺{]0\i\q+w*nmN/ 1~drG_"`(R>J.#o~( "G2aGe_fGp?xa7cF[aJ.a{_z!MmBGENK*pQNݿPliGm"`oH}EYnIk}H}Jr{O#\J7F%Uӌj4Հ }bi> CO5zU47@a!`ǎݎqy 쫪W_oxy41&U E@ pG;vQkǬ]MR7- F M[kWx/0E.7Ȅ̜8>ſj,=^k\`^c\.5JgH[s| И~lg: n] n6B|ȪT>"!2nMA)yEO#4"K0ԉ m)zuǣWxʈWE1i\$MzM7w+1$N,cb{Tu@LN>rP "^Hvzf:D)O?greWL~\ܻâ/$MH\`X HYZF(  hd1ElUt^Se }́±-\+$LJY@Q/dU/ &}`ߚ"BN NROc9Wk=RT = -<]o tϻ/q'- ݀^(~=Te  !%㫵.2=[-iGssz m>faIF{aP GyțĽ"2w,O٨+F#MQU\MDUM`5_I<ʿ< RRwGb$ Sѡ=BF"tMo]O7lɯ!z1,*h)ո£#5Cx- o!ssłܙecykW>CtpŬ "o'yP]{.>5wU4XŭDqiW."߮ gFXu/ϡNY"?{Xy YZ