policycoreutils-newrole-2.8-lp151.3.1 >  A \i/=„V}@6-g/uxixB{SR;Sg9"Wf+^jPJ;zX|.+pk7W/FٿDoPJq: 4 ‵40wˤL90ϻ?ə!,M,+rJ%R :v_DGd>I8} $1a Xt+WLӀR+X°t Nxi8iWASc83bdd8ff920fbee7eb479bc4152f2c48fd8aff1882ecf8a65e5e71f56904584966e2469a6089302e7639bc01b58c2f11a7f75d1xd\i/=„E&{H~_wM2 17!:_76Wp9D+㏙wi٧ټvHڠ!fشC|2'k ng[%b7Nd¸X^%bQjM5]ey! 66fPMS8q(|8JZ:^ B QZur 6nS|5c[tsmKϗ% pQcK6m%r>pBJh?JXd ( M  !KQX     \(780/9/: */>FyCFFFGFHFIFXFYF\F]F^GbGDcGdHSeHXfH[lH]uHpvH|wIxIyI zIJJ JJTCpolicycoreutils-newrole2.8lp151.3.1The newrole application for RBAC/MLSRBAC/MLS policy machines require newrole as a way of changing the role or level of a logged-in user.\ibuild84popenSUSE Leap 15.1openSUSEGPL-2.0-or-laterhttps://bugs.opensuse.orgProductivity/Securityhttps://github.com/SELinuxProject/selinuxlinuxx86_64 if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/bin/newrole fij+큤\i\i\id6c3383bc3eb83619f08800945c081855daa06f4cfc218a99b2992a9dafc0358365a6e3cce272125be65ecc7862c7397fe85e860f58c8797e52cbaa40a3237f21c2949f380bc90589b841badda751bc1abec7d9b939ee3454af5fc49688f6593rootrootrootrootrootrootpolicycoreutils-2.8-lp151.3.1.src.rpmconfig(policycoreutils-newrole)policycoreutils-newrolepolicycoreutils-newrole(x86-64)!@@@@@@@@@@@@    /bin/sh/bin/shconfig(policycoreutils-newrole)libaudit.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpam_misc.so.0()(64bit)libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit)libselinux.so.1()(64bit)permissionspolicycoreutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.8-lp151.3.12.83.0.4-14.6.0-14.0-15.2-14.14.1 /usr/bin/chkstat -n --warn --system -e /usr/bin/newrole 1>&2\d\X)@\8@\3?@\ `\ `[H[%@[$@Z@Z@Z@ZmZ2@ZI@ZZ;@Z@Z XWW\@W~TZ@T @SxRRRrF@Q)@Q\QU@Q @P @P7@P|@P!@O:LO8@M~@MK@LKK[Kf@J]J;}J+@jsegitz@suse.comjsegitz@suse.comjsegitz@suse.comMarcus Rueckert jsegitz@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.commcepl@suse.comdimstar@opensuse.orgjsegitz@suse.comjsegitz@suse.comtchvatal@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.comrbrown@suse.comjsegitz@suse.comjsegitz@novell.comjengelh@inai.dejsegitz@novell.comjsegitz@novell.comjsegitz@suse.comcrrodriguez@opensuse.orgvcizek@suse.comvcizek@suse.comp.drouand@gmail.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comaj@suse.demeissner@suse.commvyskocil@suse.czcoolo@suse.comprusnak@opensuse.orgtoddrme2178@gmail.comprusnak@opensuse.orgmeissner@suse.deprusnak@suse.czprusnak@suse.czprusnak@suse.czprusnak@suse.czprusnak@suse.cz- Make sure current devel package conflicts with old policycoreutils-python (bsc#1124437)- Removed hardcoded python 3.6 path from spec file- Required python3-policycoreutils instead of just recommending it for policycoreutils (bsc#1121455) - Added requires for python3-setuptools to python3-policycoreutils (bsc#1121455) - Removed requires for audit-libs-python from policycoreutils (bsc#1121455)- properly obsolete/provides for policycoreutils-python - remove unneeded obsolete from the devel package- Don't require selinux-policy-devel for the devel package- Obsolete policycoreutils-python in policycoreutils and policycoreutils-devel to prevent file conflicts- Included content of selinux-python-2.8 and semodule-utils-2.8. I think it's easier to have all the relevant binaries in the policycoreutils package (bsc#1116596). Added make_targets.patch for this - Removed restorecond, is now a separate package - Added python3.patch to use python3 interpreter - New runtime requires: * libsepol1 * python3-ipy * python3-networkx * python3-semanage - Provides and obsolete policycoreutils-python- Adjusted source urls (bsc#1115052)- Update to version 2.8 (bsc#1111732) For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt- Rebase to 2.7 * Rather large rewrite of the SPEC file * Significantly, support for python2 removed For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt - Dropped patches: * policycoreutils-initscript.patch * policycoreutils-pam-common.patch * loadpolicy_path.patch * CVE-2018-1063.patch- Don't build policycoreutils-gui for anything suse_version >= 1500: there is no reason te believe that SLE16 will have those old, depreacted dependencies back. Fixes also the issues for Tumbleweed, where -gui was not installable.- SLE 15 doesn't have the necessary files for policycoreutils-gui, don't build it there- Drop the requirement for selinux-policy for the gui tools.- Drop SLE11 support, needs the audit that is not present on SLE11 - Fix service link to actually work on current releases - Drop SUSE_ASNEEDED=0 as it seems to build fine without it - Do not depend on systemd, just systemd-rpm-macros- Added CVE-2018-1063.patch to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)- Remove BuildRequires for libcgroup-devel (bsc#1085837)- Removed BuildRequires for setools-devel and added new runtime requirement for python2-networkx- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to policycoreutils version 2.6. Notable changes: * setfiles: reverse the sense of -D option * sandbox: Use dbus-run-session instead of dbus-launch when available * setfiles: Utility to find security.restorecon_last entries * setfiles: Add option to stop setting the digest * hll/pp: Change warning for module name not matching filename to match new behavior * sepolicy: convert to setools4 * sandbox: create a new session for sandboxed processes * sandbox: do not try to setup directories without -X or -M * sandbox: do not run xmodmap in a new X session * sandbox: fix file labels on copied files * semanage: Fix semanage fcontext -D * semanage: Default serange to "s0" for port modify * semanage: Use socket.getprotobyname for protocol * semanage: Add auditing of changes in records * Improve compatibility with Python 3 * Update sandbox types in sandbox manual * hll/pp: Warn if module name different than output filename - Update to sepolgen version 2.6. Notable changes: * Add support for TYPEBOUNDS statement in INTERFACE policy files - Dropped CVE-2016-7545_sandbox_escape.patch- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 Sandboxed session could have escaped to the parent session- Trim description in line with other selinux packages- Changes submitted by MargueriteSu: Update to version 2.5 * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss. * sepolicy: Rename policy global variable conflict, from Nicolas Iooss. * newrole: Add missing defined in #if, from Nicolas Iooss. * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. * semanage: replace string.join() with str.join(), from Petr Lautrbach. * Man page warning fixes, from Ville Skyttä. * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. * Fix PEP8 issues, from Jason Zaman. * semanage: fix moduleRecords deleteall method, from Stephen Smalley. * Improve compatibility with Python 3, from Michal Srb. * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. * mcstransd: don't reinvent getpeercon, from Stephen Smalley. * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. * hll: Move core functions of pp to libsepol, from James Carter * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. * run_init: fix open_init_pty availability check, from Nicolas Iooss. * Widen Xen IOMEM context entries, from Daniel De Graaf. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * Fixed typo/grammatical error, from Christopher Peterson. * Fix typo in semanage-port man page, from Andrew Spiers. Update to version 2.4 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. * Improve support for building with different versions of python from Nicolas Iooss. * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, from Dan Walsh * Remove cgroups from sandbox, from Dan Walsh * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley * Add a store root path in semodule, from Yuli Khodorkovskiy * Add a flag to ignore cached CIL files and recompile HLL modules, from Yuli Khodorkovskiy * Add and install HLL compiler for policy packages to CIL. The compiler is installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence * Fixes to pp compiler to better support roles and type attributes, from Yuli Khodorkovskiy * Deprecate base/upgrade/version in semodule. Calling these commands will now call --install on the backend, from Yuli Khodorkovskiy * Add ability to install modules with a specified priority, from Caleb Case * Use /tmp for permissive module creation, by Caleb Case * Update semanage to use new source policy infrastructure, from Jason Dana * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent Bigonville- added Requires: python-yum, yum-metadata-parser to fix sepolicy (bnc#903841)- removed execute permission from systemd unit file- Version 2.3 sepolgen: Add back attributes flag to fix exception crash from Dan Walsh. (drop policycoreutils-sepolgen_missing_attributes.patch) * Add -P semodule option to man page from Dan Walsh. * selinux_current_policy_path will return none on a disabled SELinux system * Add new icons for sepolicy gui from Dan Walsh. * Only return writeable files that are enabled from Dan Walsh. * Add domain to short list of domains, when -t and -d from Dan Walsh. * Fix up desktop files to match current standards from Dan Walsh. * Add support to return sensitivities and categories for python from Dan Walsh. * Cleanup whitespace from Dan Walsh. * Add message to tell user to install sandbox policy from Dan Walsh. * Add systemd unit file for mcstrans from Laurent Bigonville. * Improve restorecond systemd unit file from Laurent Bigonville. * Minor man pages improvements from Laurent Bigonville. * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.- sepolgen: add back attributes * fixes build of selinux-policy * policycoreutils-sepolgen_missing_attributes.patch- fix issues which prevented accepting to Factory * mention the dropped patches (merged upstream): - policycoreutils-rhat.patch - policycoreutils-sepolgen.patch- update to version 2.2 * Properly build the swig exception file * Fix man pages * Support overriding PATH and INITDIR in Makefile * Fix LDFLAGS usage * Fix init_policy warning * Fix semanage logging * Open newrole stdin as read/write * Fix sepolicy transition * Support overriding CFLAGS * Create correct man directory for run_init * restorecon GLOB_BRACE change * Extend audit2why to report additional constraint information. * Catch IOError errors within audit2allow * semanage export/import fixes * Improve setfiles progress reporting * Document setfiles -o option in usage * Change setfiles to always return -1 on failure * Improve setsebool error r eporting * Major overhaul of gui * Fix sepolicy handling of non-MLS policy * Support returning type aliases * Add sepolicy tests * Add org.selinux.config.policy * Improve range and user input checking by semanage * Prevent source or target arguments that end with / for substitutions * Allow use of <> for semanage fcontext * Report customized user levels * Support deleteall for restoring disabled modules * Improve semanage error reporting * Only list disabled modules for module locallist * Fix logging * Define new constants for file type character codes * Improve bash completions * Convert semanage to argparse * Add semanage tests * Split semanage man pages * Move bash completion scripts * Replace genhomedircon script with a link to semodule * Fix fixfiles * Add support for systemd service for restorecon * Spelling corrections * Improve sandbox support for home dir symlinks and file caps * Switch sandbox to openbox window manager * Coalesce audit2why and audit2allow * Change audit2allow to append to output file * Update translations * Change audit2why to use selinux_current_policy_path - Update sepolgen to version 1.2 * Return additional constraint information. * Fix bug in calls to attributes * Add support for filename transitions * Fix sepolgen tests - Remove restorecond.service; use upstream service file - Don't provide support for sysvinit and systemd on a same system Use either one or the other- change the source url to the official release tarballs- fixed source url - removed old tarball- update to 2.1.14 * setfiles: estimate percent progress * load_policy: make link at the destination directory * Rebuild polgen.glade with glade-3 * sepolicy: new command to unite small utilities * sepolicy: Update Makefiles and po files * sandbox: use sepolicy to look for sandbox_t * gui: switch to use sepolicy * gui: sepolgen: use sepolicy to generate * semanage: use sepolicy for boolean dictionary * add po file configuration information * po: stop running update-po on all * semanage: seobject verify policy types before allowing you to assign them. * gui: Start using Popen, instead of os.spawnl * sandbox: Copy /var/tmp to /tmp as they are the same inside * qualifier to shred content * semanage: Fix handling of boolean_sub names when using the -F flag * semanage: man: roles instead of role * gui: system-config-selinux: Catch no DISPLAY= error * setfiles: print error if no default label found * semanage: list logins file entries in semanage login -l * semanage: good error message is sepolgen python module missing * gui: system-config-selinux: do not use lokkit * secon: add support for setrans color information in prompt output * restorecond: remove /etc/mtab from default list * gui: If you are not able to read enforcemode set it to False * genhomedircon: regenerate genhomedircon more often * restorecond: Add /etc/udpatedb.conf to restorecond.conf * genhomedircon generation to allow spec file to pass in SEMODULE_PATH * fixfiles: relabel only after specific date * po: update translations * sandbox: seunshare: do not reassign realloc value * seunshare: do checking on setfsuid * sestatus: rewrite to shut up coverity - removed policycoreutils-glibc217.patch (upstream fix) - added patches: * policycoreutils-rhat.patch * policycoreutils-sepolgen.patch * loadpolicy_path.patch- update to 2.1.13 - drop policycoreutils-po.patch.bz2 (updated upstream) - drop policycoreutils-gui.patch.bz2 (added to upstream) - drop sandbox init scripts (shouldn't be needed anymore) - numerous other changes- added service unit for restorecond- semanage needs python-xml and python-ipy to run- Fix compilation with glibc 2.17 (add patch policycoreutils-glibc217.patch extracted from Fedora)- updated policycoreutils to 2.1.10 - adapated patches - updated sepolgen to 1.1.5- fix seceral rpmlint errors and warnings * use /var/adm/fillup-template for sandbox * don't use /var/lock/subsys in any of init script * use set_permissions macro and add correct Requires(pre) * fix the languages to new -lang package * fix policycoreutils-sandbox Group * remove runlevel 4 from inint scripts- patch license to follow spdx.org standard- updated to 2.0.85 * changes too numerous to list- fix a typo in the package group- remove usermode-gtk from Requires of -gui subpackage- remove incorrect and unnecessary rpmlintrc.- fix build by moving _GNU_SOURCE define (gnusource.patch), thx darix- updated to 2.0.79 * changes too numerous to list- disable Requires usermode-gtk- added libsepol-static-devel to BuildRequires- updated to 2.0.62 * Add btrfs to fixfiles from Dan Walsh. * Remove restorecond error for matching globs with multiple hard links and fix some error messages from Dan Walsh. * Make removing a non-existant module a warning rather than an error from Dan Walsh. * Man page fixes from Dan Walsh./bin/sh/bin/shbuild84 15504324032.8-lp151.3.12.8-lp151.3.12.8-lp151.3.1newrolenewrolenewrole.1.gz/etc/pam.d//usr/bin//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/75205d2fd750c29bb2aba6e9a68c697e-policycoreutilscpioxz5x86_64-suse-linuxASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=971da94ccc4c8759c81a9336df0de1d097e8ceef, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) R R RR RRRRR R RRC7TL麦^l@utf-8cd6f9382f88cb67c4bea316a4b80cf26500a016862011b71631b53c433fa6dec?7zXZ !t/r)q] crv(vX0}i׹}h5WpU0Ey(lmc>4bNdXN ʘ7\$Z,l{ v8mD0%-<)NK Q՟TBnT;Ice+jIΩ\d]qН xPSZph 팢i9+nj-Z&iӣFUHX_f1B+$gѸ^`\ϧOHx#~G?2,nruuX/5IhUt,^P"{ߚTyDׄ8򌬫R3& y83H=8~[*m*sݬqOt;>V0o\X',tIX_Z.ƨ~1"%^vƬ2@U|S~ݤ %g~S!cS݀`}Joĝ7(Z`V66{z> !~414D |?G kjN ^SWMon)Z]Ub) \UeTSz/)J^Uw$U.n8_:kd®=yw9L2 n>ȪR1r6]ػ3a傦o2TL@3X!,c^'xl@l2T|C+^33M22BsjQ{>'*G70?m&7:@gty,A(TӦhJM%w$)}A`lY0T*wPR ԏg4څ _C1#3I?vR#9 zεR4`}o?MB]YyUH!HzJaO0Q״3Ȑ~$a!):jov3+WUJ@ _#_j F@x<:ooeؓ_BSuNhV;o^ #PV8=U:{#C62m=?1>]\a,v~ T`"`vY1IeY$ީDeR>y׍ұ$(р`IAQ.=Ӓ:gkWBObPT;:08E7\Un)J22N%wX{U'ct$=ƛSxM +E xʇ6."s`|G٨L ,q-[t #>jY>j4ؓ"~_+ WcE~KP;}Ux**ѻ`_u+~ 1Fcӗ{?9vFqW?7L Ztױy5ul(o [meèe<\3rO mðt ^rz;_A~~ﶎd[/C[-hu*bסmiET+ &?w`-"[l5OݫujwCDMHWç08onU: U@MN79&_WzxJ7(t >Ȍ ބw\.kL2 :}3 \a*Հi_!6^ Ga+ :f@w/UtbtO(Iih/2& NWZf;z"UR5 Ny/{k\ٱvê(䊽gs mRGJ#Pv-q=b#kB[O11x\:7\,UQ*2&g,'s͝ߞ7 z<%rk dЕb"ϧ?!M="*|$YdC2"W${P%qpn–Zq?t^'RJG0Lj-OIpD3m׆Tss?Z*6YwYDFh>r &|UUp |}xWlvEJhiQ$lO՝۪%Eg8C ~lW!JEjc?<[ոS 5&,\4[DzR 1[w) 6Gk]ڷ{ʑ  fK{xnD `+ՙžmE~ xU̬GKAbb>H[o 4zݷf5(g8f2 zxSFSF~J4 ϲ]#!;D- u06oDS*F^}QMsd ;Xtf(=YZϏ•e +Gkk{T;S%z};"<ơflMX߳hz\uYB !"L$iutN@63:WKBB&{Fh Ra,`;w2b іT:z+G7xO758=T0[?K>3* =C u+T$kV9, ?323~&k|,?}+4E%Jq}c1):,ejja} ^/\ K3\w=*+A'\Y`\+R Cmq> ۡ-g ~!WZ;YM=IPϜ|E6Ha3iO;'zMp;e=[܆~.r۝&N{k.AHGK(QXqg+fGgr~̏60OT<1{$bԸDfT$s3i8RM-QDD_=1w9L͓c^1-ĠuS8XC>3d6}d{ܗLj!e&a4qd34\WbbIl&>`ίmX 99 hrUӳl:d !!vxws@*s֥.:h˻y)K|5tFGh)9ݠi-Ca\}%udU…%Kg |;a?w+1R b5k2laAy?y`('5TESDžsNTsfSL>꽠 Ax&k):H\AK]fc:Jq&%J,QsWH'UwT,W؍ kvȁG#}t_DZ=rg_6wWčPm.'y{;$!,ޫy] [óArb.#l^dbWp֕<C }:,7C0ei<4\1xկG]O(NoTSHX\cn 2ݯYC7i%H.xA&N6ӷ^2gH|ekk! bEl5fȳ.w6Lqr{u lS{1ٔ4XO(r3'+o!5Bܚy"ItZ&ie^iS!BM|ai2pqVքv!gkZiYMX{v˵o&y[ܓk Zҥ1z6--l."j 'PKԚ~@"`ݽ:9R$,[ Һ4Rs݄bE&dY ЅͲp~2m 9^rwV(\1v(a}:.ۙENd0$rNPO(h;iVsI!l2}{OD[i`p#i=]3ۥ 6Os"\#ךJ sH\*V2KRܤ?%)q/^㿚)-˒X@ԫ^jQ5'tN\PZíV,&tdϒףYU?ezNͽeku% Vԩ=yOch:$XL+J"aMnP!Va_,j[q:SHoiuFvvq Eo(rfMr-s# ӢrMqwg`?[èuv8øpwS̷:H_,_Dn@H}`GcgS?i kį`I)]ma)ԙ0]#R+LcH=8-@ceWA M̔iEcU<2l 8CuwS/N zeJFPw@i1 H ^/q5-Pʝ"m3Vm+u5Mt: @W WkTh7Q^_7^H"RjK)e=F2zl`z_XqzϾ3n 'FC> bTH*&>KkI+T,M|vam=16߀fclC⫝̸;<&N|eeqcdBd%z+P2(bxM  L\iCF2}k[cu_` x<ž PsNwxqp xN88Q%>*W#lPKRhMxH")rl,ĸKG_[f5ͱ'޻|ZF}FUۋ1 Y|Cޜ45l|qQb[q8N5XG^z A(Ѫa]dA)ӨTM19^hJ48-WoRde&ڝ3ޙ^CtFak¾d$?FO[u,{? Ua@|XE,mƫo* 5QF_-&g\?YeeQxi23}ʭ#1 Ob]5/#~yn93^ տ~7cͶY_I8. " ڿJf['G@6 29.8aR0zD][tD)]yw'*ףgڇ 8H @mH) D:zN@ge-}=B=/40cRuS2DQ $h#I0 |ON 8H2VпAke&}r@ƕ .bt~e~?Tʧ.϶t9fV`7-+ XtV>JvBr`z a((,'Q4v(КgGV_U OSұ"u$ leKXL`V}T/ g;okǵVh:4I*QO^p,?{.(I&Ti#ѽ!U{(ȧbB"̾zǤR]mA 7肟g#)`q%QrA&za^4m 3Ef\ԍ9s-!*V^ jVX }Eqv~Rv?p9_].ܹGKր BH/IJ{sI͈Ԏ&D8Q~H jdR!Vo/z3B2+R֋#67}m]*PfT20&rdG:'-`-)]P֓b$P&}y"0j -~RdzH"wɩo odoRDsQV C=·:Ol- ԙM?܂5PZz(f؂i|T-wF8~P3'=1ȃ4ޘȷo s畝ktx8ɎxY] +g-#7jW4_Է &A,uf!tW|L b)5eVoZo̹w-ю']'% ݕ6;'f7:YG+gˇe-NJٽŮB٩q7uʊN&FSG 6U 4 7!p@HiԽ\8@ٍVK` QVP:R/YWt [8*=XQ}dWtc]\c ;랓|܂pYhH}ޱ5$:"u y[ȖMI!Q 5BH^bPcCK %+SOkg[:75RgWz*GJr)h %7 <¦V⻋ɇ_eOVVryN}i),$xk*ȻfvYP8tT=QX8+dNvK !B#s-KSU0"3pWbGǏ\< ; +M_ޗgwj}Q9^KzS%F0XW.6׷4}>0(%Ma%!nv#M{ H'4m0;#T7 P_2 8e6$HQd$fẒ< Dާ|;D+:74g1\Zģ[`I,!Foٞһ,uc?7L+k%288 fBZx௛C;_U]2uk]#Wu͕m΃9=ȱ ` JHӑ}`wG43-WB(ͬyj GF|k"me~1fj^/~Dո.S;6龪PQ$uݐT/I6aE4b"^h> 1Lsl20+)SdtEcH ]!6GמG[vl還 Ѩ]U ZK $G-W` 5<>-O=\sNTh0#T8F/bCY {JF.n{ Ghi4")M=15/B?`E!I&CHdUQS"SY\"j_Ǥ OF~KhM{,VJdk3Q3v%KT>ےHi6߄eK# r@Q7uM xm ;s8qu15[*#Zj^<].\l<",O:N΄xv82wӦp}]x\:IyNR|z9n*:%SdS]f)0,+9H`;ŤQ G !C+kqKre~~_ 8JR!~Р|'oYs>dU,=(8F&/^lD9F#CA;79YbqTD&V@ϳKuO d 5 BtoJDSKN5`n<Mv!a?%fѲ =[m S;}\l*)Ҧo3T&xnW;b;4jVX6vj|?*ϟ޼1E ?.9ana$skw› iaS~ȓ MTfa8o &}4A>p;Uʀa +/gVIDBK< go\?GdS`'rўR+af;cwIb): O/ډEƬ#$J0@(*F&G|镮 Wf0!AT3SI䀔6v"7y;M,Y:^g2fvyD;E>T.3.:'CTBsKY$jy8F,+><+u5oXDyWӅ\J:O{v>nt~ۏ̳Po %