freeradius-server-libs-3.0.21-lp152.1.3 >  A ^G/=„BveyY> pPU/0arqoomj]_0mۛh@.i/>/kPU0{~^0 Mvo[@.WqilhEqռ׏qZ&4#_ hB|_Y^ˎ6>cmN6}eo֍=BY%LgKT*ȼ{ꎕćmf}ɂ'WJw_ڦZ_jp(s=bRp>q 7y%{,ce0de7dc231ace87a254b4ea9238e7bd277114642c18db75d90c7eca34f4840d69d67f6b809737f9807bdb5f3963ac462a70e60a ^G/=„z1n[Z]]s͜˳kբFM1ffx0|ڔkbUg 9b"zO6lҋ[% ´1W p>t?dd  * Dhltx ( 8 H h  @hl(B8L$9$: $FGHI0X8YP\x]^'bc4defluvw$xDyd(z`Cfreeradius-server-libs3.0.21lp152.1.3FreeRADIUS shared libraryThe FreeRADIUS shared libraries.^Glamb69ZopenSUSE Leap 15.2openSUSEGPL-2.0-only AND LGPL-2.1-onlyhttps://bugs.opensuse.orgSystem/Librarieshttp://www.freeradius.org/linuxx86_64z(@#X 'F[AA큤^G^G^G^G^G^G^zM^zM9bb9fc2ddd9e4b1213bd24df8cae689d28167da39138ff1afe0eb89992f91b355ffca22efea1f1f23b0e5aa3d1ebe017858c735ba76cf9af9b39fb6e0c0d2bce2f44d742bae681c949570eb8eca4a352210421c2ac04fc7c78c539eeed409d66057a934bcf53407aaa0b1849fbea38be6c6430dbacca35b823eff697cd80cefc8b9cc1e5d41938be45a368f126a6d1fda03d60a3d622dc75e776be4e90c2d2c6e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfreeradius-server-3.0.21-lp152.1.3.src.rpmfreeradius-server-libsfreeradius-server-libs(x86-64)libfreeradius-dhcp.so()(64bit)libfreeradius-eap.so()(64bit)libfreeradius-radius.so()(64bit)libfreeradius-server.so()(64bit)@@@@@@@@@@@@@@@@@    ld-linux-x86-64.so.2()(64bit)ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libpcap.so.1()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1^y@^p^h^@\\v{\u*@[<[2*ZZWQYY@YlY, @XO@X@X*Xh@X.@W@WiV@V.Vf@UĝU@U@UU8U7@TZ@TTT~@T|X@Adam Majer Adam Majer Adam Majer Johannes Engel Michael Ströder adam.majer@suse.deMichael Ströder adam.majer@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.comadam.majer@suse.devarkoly@suse.commichael@stroeder.comadam.majer@suse.demichael@stroeder.comkukuk@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demichael@stroeder.comjkeil@suse.demichael@stroeder.comjkeil@suse.dejkeil@suse.dejkeil@suse.demichael@stroeder.comvcizek@suse.commichael@stroeder.comtchvatal@suse.comvcizek@suse.comdimstar@opensuse.orgvcizek@suse.commeissner@suse.com- update to 3.0.21 (jsc#SLE-11896) Feature Improvements * New stored procedure for allocating IPs with PostgreSQL Rates of 1500 IPs per second are now possible See raddb/mods-config/sql/ippool/postgresql/procedure.sql * Add SQL IP pool support for Microsoft SQL Server See raddb/mods-config/sql/ippool/mssql/ * Added RCNTEC dictionary. Closes #3168. * Added Pica8 dictionary. Closes #3179. * Add TLS-Client-Cert-Valid-Since attribute holding not Before date Patch from Boris Lytochkin. Fixes #3157. * Generate attributes containing unknown OIDs See raddb/sites-available/tls * Update the WiMAX dictionary. * Added ability to rlm_python(Python2) show a stacktrace from errors. #2979. * Add WiFi Alliance Policy OIDs. See raddb/certs/xpextensions * radmin now shows coa stats, too. * Sample schema extensions for summarizing data in SQL See mods-config/sql/main/*/process-radacct.sql * Update dictionary.aerohive, dictionary.fortinet, dictionary.arista and dictionary.erx. * Added VAS Experts dictionary. * Many updates to RPM and jenkins builds from Matthew Newton. * Added %C (time now in seconds) and %c (microsecond component of now) back-ported from the "master" branch. * Add reload capability to systemd unit file in Debian and RedHat. * Increase timestamp precision in postauth to maximum supported by each database and simplify (and make more consistent between drivers) the timestamps in SQL queries by using expansions. * Option to set dictionary path in raduat script. Bug Fixes * Various fixes found by PVS-Studio. * Set permissions of certificates in bootstrap shell script Fixes #3132. * Increase the 'nasportid' SQL field for 'varchar(32)'. #3141. * Skip processing proxy reply if there are no home servers available. * Update SQLite IPPool queries. Fixes #3177 * rlm_sql_unixodbc fixes. Fixes #2822. * Fixes when building with LibreSSL. * Fix the rlm_python3 build. Note that this module is experimental. #3183. * The rlm_python should append the 'python_path' paths in 'sys.path'. It fixes the expected behavior to use the existing Python modules Fixes #3180. * Fix rlm_python to print the script errors properly. * Bound total query time for PostgreSQL. Fixes #3253. * Many fixes to Oracle sqlippool. It now does 500 IPs per second without any tuning. Fixes #3270. * Reference sqlippool by it's correct name. Fixes #3272. * Revert 3.0.20 patch which caused crashes on duplicate clients. * Update WiMAX-MSK attribute. Fixes #3280. * Fix crash when trying to access non-existant regex capture group. * Use timestamps (request or server) rather than SQL NOW() in accounting queries so that these are stable when replayed from a file buffer. - freeradius-python3_patches.patch: upstreamed- update to 3.0.20 (bsc#1146848) Feature Improvements * Added Force10 dictionary. * Update dictionary.hp with new attributes. #2690. * Update dictionary.aruba with new attributes. #2696. * Fix side-channel leak in EAP-PWD (bsc#1144524, CVE-2019-13456) * Relax OpenSSL version checks, now that their API is both public, and stable. * Note that tls_min_version/tls_max_version also support "1.3" Since there is no standard yet for EAP with TLS 1.3, it will not work. * Added tripplite dictionary from #2760. * Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout. * Added new LDAP option 'allow_dangling_group_ref'. * Updated documentation and functionality for EAP session caching See "cache" section of mods-available/eap. * Tighten systemd unit file security. Fixes #2637. * Disable TLS 1.0 and TLS 1.1 support in the default configuration We STRONGLY recommend doing this for all installations. * Add expansions for *outgoing* Radsec connections "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. Fixes #2839. * Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections. * Update dictionary.lancom with new attributes. #2847. * Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental. * Added more documentation in sites-available/robust-proxy-accounting. * sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts * Add support to radmin keep the history in ~/.radmin_history. * Add support for ENV and LD_PRELOAD in radiusd.conf. See the new ENV sub-section of radiusd.conf. * Update dictionary.aptilo. #3002. * Update dictionary.airespace. #3039. * Add sites-available/coa-relay, which makes CoA easier #3045. * Add example stored procedure for IP Pools in MySQL See mods-config/sql/ippool/mysql/procedure.sql * Update dictionary.dhcp dictionary with the recent hardware types. * Add experimental rlm_python3. This should largely work the same as rlm_python, which was Python2 only. * Add Dockerfiles for Debian10 and CentOS8. * Add RPM spec file compatibility for RHEL/CentOS 8. * Notes on certificate constraints. See raddb/certs/server.cnf. * Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585. Bug Fixes * Allow listen.ipaddr to reference an IPv6-only host. Fixes #2627 * ERX-Acct-Request-Reason is "integer". Closes #2635. * Fix a slow memory leak in the file management code. * Try to fix file permissions if they get modified while the server is running * Fix slow memory leak with clients. * Fix request and connection timeouts in rlm_rest. * Fix systemd issues. * Fixes from clang analyzer. * Fix missing include for the dictionaries: alcatel.esam, altiga,alvarion.wimax.v2_2,aptis,asn, audiocodes,avaya,bristol, columbia_university,freedhcp,garderos, infoblox,motorola.illegal, starent.vsa1, telkom, wimax.wichorus. * Fix internal sanity check when running with "-Xx". * Allow "inner-tunnel" virtual servers to work better with "accept" and "reject" policies. * Fix dictionary.huawei data types for Huawei-DNS-Server-IPv6-address and Huawei-Framed-IPv6-Address. * Framed-Interface-ID in postgresql/queries.conf is string, not inet Fixes #2817. * Fix rlm_cache to complain on unknown attributes in the "update" section of its configuration. * Add configure checks for -latomic. This helps on armel, mips and mipsel. Fixes #2828. * Add support to Oracle 19 and 18. Via #2857. * Add support for decoding tags in rlm_rest. Fixes #2848. * Use correct passwords when updating CRLs in raddb/certs/. * Properly separate "originate-coa" packets when accounting packets are read from the detail file reader. * Use the correct virtual server for pre/post-proxy. * radsqlrelay fixes backported from "master" branch * Fix DoS issues due to multithreaded BN_CTX access (bsc#1166847, CVE-2019-17185) - disable python2 for SLE15 and Factory - freeradius-server-enable-python3.patch: enable Python3 module - freeradius-python3_patches.patch: backport python3 fixes from upstream - freeradius-server-opensslversion.patch: updated- Enable memcached driver on SLE15- Add missing BuildRequire on samba-core-devel required for windbind support in rlm_mschap.- update to 3.0.19 (jira#SLE-5890) Feature improvements * Update dictionary.cisco * Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially. Patch from Nathan Ward. Fixes #2540. * Re-added "show client config" command to radmin. * Cleaned up mods-available/sql example so that it is easier to understand. * Added pfSense dictionary. Closes #2581 * Update dictionary.h3c Closes #2592 * Update elasticsearch/logstash config for v6.7.0. * EAP-PWD security fixes from Mathy Vanhoef. See http://freeradius.org/security/ (CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664) Bug fixes * Update dynamic_client module and server core so that the functionality works. This has been broken since at least v2. * Fix crash in sqlippool due to escaping changes. Patch from Nathan Ward. Fixes #2532, #2533. * Fix systemd notify, watchdog and unit files. Fixes #2541, #2499. * Fix erroneous length check in EAP-FAST. * Update documentation to remove old "ignore_null" configuration. Fixes #2578. * Fix default POD port. Should be 3799. Fixes #2591 * Correctly encode vendor-specific "encrypted" attributes. Fixes #2600- reformat changelog mostly by wrapping lines - add missing bug numbers for security fixes- update to 3.0.18 * cleanup_delay can now be 30 seconds. This helps with proxies that have packet loss. * Do-Not-Respond policies can now be set in the "post-auth" section. * Encode / Decode ADSL Forum DHCP options. * Fix module ordering issues. e.g. when "sqlippool" needs "sql". See the "instantiate" section of radiusd.conf. * Add Big Switch dictionary. Fixes #2252. * Add sql_session_start policy (raddb/policy.d/accounting) This minimizes race conditions when using Simultaneous-Use (#2257). * For rlm_perl, all variables are now tainted by default. See raddb/mods-available/perl, and the "perl_flags" configuration item. This change should only affect people who are using variables in insecure ways. * Allow "sqlcounter" module to be listed in "post-auth". * Add support for IPv6 attributes in SQL. Fixes #2280 * The server is better at handling fail-over for outbound RadSec and TCP connections. Fixes #2284. * The server is now more aggressive about retrying failed outbound RadSec and TCP connections. Fixes #2284. * Add TLS-Session-Version and TLS-Session-Cipher-Suite to the "session_state" list. * Add expansion for Radsec connections. "%{listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. * Add notes on running "ldapsearch" using the parameters from the LDAP module. * "ipaddr" attributes can now be cast to "integer" type attributes in an "update" section. * Move main thread queue to using atomic queues. This should help with contention in high load scenarios. * Add "recv_buff" setting to listeners. For more details, see sites-available/default. * The sqlippool module can now use attributes other than "Pool-Name" to assign IP pools. The "Pool-Name" attribute is still the default. * The "unpack" expansion can now unpack substrings. See mods-available/unpack for documentation and examples. * The preprocess module now does "ciscvo_vsa_hack" for Eltex-AVPair Fixes #2301. Vendors SHOULD NOT USE THAT KIND OF ATTRIBUTE. * Allow for -LDAP-UserDN. See mods-available/ldap for more information. * Add sanitizing of control list for moonshot. Fixes #2318. * Update rlm_sql_mysql to be compatible with MySQL 8 Fixes https://bugs.launchpad.net/bugs/1795310. * Allow logging of only Access-Accept or Access-Reject messages See radiusd.conf, "auth_accept" and "auth_reject". * Removed Connect-Rate comparison. It was unused and broken. * Add dictionary.infinera. * Use OpenSSL HMAC functions instead of local ones. * Some SQL modules can now use "auto_escape" to escape unsafe strings See mods-config/sql/main/mysql/queries.conf. * Add wispr2date conversion in mods-available/date. * Implement dictionary-based handling in rlm_python. Fixes #2334 See mods-available/python for details. * Add support for SKIP LOCKED in sqlippool. This can improve performance by an order of magnitude or more. See raddb/mods-config/sql/ippool/*/queries.conf Fixes #2383 * Allow PSK and certificates at the same time Except for TLS 1.3 which does not support that. * Update docker scripts. Fixes #2306 Patch from Matthew Newton. * Add crypt xlat. * MySQL connections can now skip verifying the server certificate. Fixes #2481. See mods-available/sql. * Add better mechanism to detect MariaDB (Old MySQL). * Add RFC 7532 "bang path" support for realms Fixes #2492. * Update dictionary.ukerna documentation. Fixes #2493. * Add support for systemd service and watchdogs Fixes #2499. * Check for openss/rand.h, and allow building without OpenSSL engine. Patch from Eneas U de Queiroz Fixes #2517. * The default PosgtreSQL queries now use "ON CONFLICT" to better deal with issues. This requires PostgreSQL 9.5 or later. Please use a recent version of PostgreSQL, or edit the default queries to remove "ON CONFLICT". BUG FIXES * The session-state list is no longer cleaned in the inner-tunnel. This lets the outer Access-Reject section access session-state. * Fix typo in lock initialization for TLS sockets Found by Sergio NNX. * Add check for crash when home server down Fixes #2233. * Add username key for postauth table. * Better libpcap checks, when the header files or libraries are missing. Fixes #2245. * Allow building with old versions of OpenSSL Fixes #2247. * Allow non-FreeRADIUS State attributes to be used with the "session-state" list. i.e. State length != 16. * Be more aggressive about cleaning up zombie children when running in debug mode. * Use LTDL_DEEPBIND, which fixes issues with Oracle libraries exporting LDAP API functions. * unlock files when asked to unlock them. * return error instead of asserting in map code. * Don't write 0 bytes to SSL. Fixes #2270. * Remove "expiry_time IS NULL" from allocate_update query. Fixes #2262. * Various dictionary cleanups and consistency checks Fixes #2281. * rlm_python has stronger thread locking to prevent reported issues. Performance may be affected. * Don't allow Message-Authenticator to overflow past the end of a large packet. * Fix crash in sqlippool when SQL server goes away Fixes #2300. * Typos in man pages. Patch from Nikolai Kondrashov Fixes #2303. * Fix crash with CoA packets/ Fixes #2304. * Fix crash in rlm_exec with CoA. Fixes #2328. * Print errors while parsing the log config, and don't quit when deprecated log settings are found. * Fix DHCP encoder xlat so that it can be used with a list of attributes. It previously only encoded the first member of the list, and now encodes all members. * The "expr" module now skips more whitespace. * Remove internal FreeRADIUS-Response-Delay attributes from attr_filter Access-Reject. * Don't send junk to redis when maximum args reached. * Small updates to IPv6 for accounting schema Fixes #2364. * Fix OpenDirectory integration in rlm_mschap. * Fix slow memory leak with dynamic clients. * Don't artificially truncate debug output for long strings. * Fix memory leak in EAP-PWD. * Fix crash in "hints" file with Fall-Through = yes. * Fix crash / timer issues with many CoA packets. * Fix attr_filter so that it does not treat vendor attributes of number 26 as Vendor-Specific. * Fix reconnect correctly in rlm_sql_mysql. * Fix rlm_cache to properly use Cache-TTL < 0 Fixes #2485. * Fix rare occurance of bad xlat expansion. * Check for rare race condition when a proxy reply arrives too late.- install license as %license instead of documentation- also fix ownership of /var/log/radius in systemd unit- update to 3.0.17 Feature Improvements * Add CURLOPT_CAINFO. Patch from Nicolas C #2167. * "stats home server" now supports "src IPADDR", to specify home server also by source IP. Fixes #2169. * Add Dockerfiles for a selection of common systems. * Increase number of permitted file descriptors, for systems with many home servers. * Add TLS-Client-Cert-X509v3-Extended-Key-Usage-OIDs Patch from Isaac Boukris. Fixes #2205. * Update main READMEs. Patches from Matthew Newton. * Added dictionary.mimosa. Bug Fixes * Don't call post-proxy twice when proxying to a virtual server. Matthew Newton, #2161. * Use "raw" string value for shared secrets and dynamic clients It now parses strings with backslashes and "special characters" correctly. Fixes #2168. * Fix RuntimeDirectory for RedHat, from Alan Buxey. * Relax checks in 'if' parser from Isaac Bourkis. * Minor cleanups for %{debug_attr:&request} from Isaac Boukris. * Be more aggressive about cleaning up cached certificate attributes, due to deficiencies in OpenSSL. Reported by Nicolas Reich. * Be more accepting when parsing IPv6 addresses. Bug noted by Klara Mall. * Fix double free in rlm_sql. Fixes #2180. * rlm_detail now writes empty Access-Accept packets. * rlm_python can now create tagged attributes. * Don't crash on duplicate realm + authhost / accthost * Allow partial certificate chain to trusted CA. Fixes #2162. * Treat SSL_read() returning zero as error. Fixes #2164. * detail writer now checks if the file was renamed or deleted. * Add User-Name to Access-Accept if EAP-Message exists, not Stripped-User-Name. * RedHat Systemd updates. Fixes #2184. * Use correct API for State variable in rlm_securid. * Remove broken radclient option "-i". * Fix "users" file (and hints, etc). So that it does not get confused about entry ordering with multiple $INCLUDEs. * Fix rlm_sql to expand the un-escaped string, not the raw string. * Link default and inner-tunnel only if they exist. Fixes #2206. * Don't use both IP_PKTINFO and IP_SENDSRCADDR. * Always install signal handler for SIGINT (needed by Docker). * Fix intermediate CA flow for OCSP. Fixes #2160 Intermediate certs which are not self-signed will now be checked. * sqlippool now returns "fail" if it fails IP allocation. * Fix rlm_yubikey to look for correct attribute in replay attack check.- update to 3.0.16 Feature improvements * rlm_python now supports multiple lists. From #2031. * Add trust router re-keying. From #2007. * Add support for Samba / AD LDAP schema. See doc/schemas/ldap/samba/README.txt and doc/schemas/ldap/samba/ * Add "tls_min_version" and "tls_max_version" to EAP module for Debian OpenSSL issues. * Better documentation for client certificates in PEAP and TTLS: it usually doesn't work. Fixes #2068. * Distinguish login failure from AD unavailable. Fixes #2069. * Update RH spec files. Fixes #2070. * Run Post-Proxy-Type if all home servers are dead. Fixes #2072. * Print offending IP addresses when EAP sessions come from two upstream home servers, and rate-limit the messages. * Minor packaging updates. * Better documentation for rlm_rest. * EAP-FAST now has it's own "cipher_list", so that it is easier to configure. * EAP-FAST now forcibly disables TLS1.2, until such time as we implement the new keying mechanism from TLS1.2. * Add documentation for allow_expired_crl. * Update Debian logrotation. #2093 and #2101. * DHCP relay can now drop responses. #2095. * rlm_sqlippool can now assign Delegated-IPv6-Prefix. It also now can assign any IPv4 or IPv6 address. Based on patches from maximumG. #2094. See raddb/mods-available/sqlippool for changes. * radeapclient can now use EAP-SIM-Ki to dynamically create the necessary triplets. * Explain why many LDAP connections are closed. Fixes #1969. * Debian build / package issues fixed by Matthew Newton. * dictionary.patton updates from Brice Schaffner. Fixes #2137. * Added scripts to build "inner-server.pem", and updated mods-config/inner-eap and certs/README to match. * Added provisions for using an external CA. See raddb/certs/ * Include dhcpclient binary in freeradius-dhcp debian packge. Bug fixes * Bind the lifetime of program name and python path to the module FR-AD-002 (redone) * Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 (redone) * Allow 100-Continue responses with additional headers in rlm_rest. * fix corner case where detail files were not being locked correctly. * Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group. Fixes #1947 * Clean up exfile code. Which should help to avoid issues with reading / writing 100's of detail files. * Fix build for winbind. Patch from Alex Clouter. * Fix checkrad for Mikrotik. Patch from Muchael Ducharme. * Fix home server stats lookup. Patch from Phil Mayers. * Add libjson-c3 as an optional dependency. * Require LTB OpenLDAP on CentOS / Redhat, to avoid linking against NSS, which breaks the server. Fixes #2040. * rlm_python fixes. Fixes #2041 * Typos in "man" pages. Fixes #2045 * Expand "next" in %{%{...}:-%{...}}. Fixes #2048 * Don't add TLS attributes twice. Fixes #2050. * Fix memory allocation in rlm_rest. Fixes #2051. * Update trustrouter for new API. Fixes #2059. * Fix SQLite issues on FreeBSD. Fixes #2060 * Don't do debug logging of bad passwords. Fixes #2064. (bsc#1099802) * More graceful handling of "die" in rlm_perl. Fixes #2073. * Fix occasional crash when using cisco_accounting_username_bug = yes * EAP-FAST fixes from Isaac Boukris. [#2078], #2076, and #2082, #2126. * DHCP fixes, relay, #2092, add run-time check, #2028 * Decode multiple RADIUS packets at a time in highly loaded RadSec connections. Patch from Jan Tomasek. #2106. * TunnelPassword is not "single value" in LDAP schema. Fixes #2061. * sql log now opens the expanded filename, not the input one. This was a regression introduced in 3.0.15. * Remove unnecessary UNIQUE constrain in Oracle schemas. * Fix SSL thread and locking issues when modules also use SSL. Fixes #2125 and #2129. * Re-add dhcpclient "raw packet" changes. Patches from Nicolas Chaigne and Matthew Newton. Fixes #2155.- Fix permissions of radiusd.service (bnc#1053654)- bsc#1055679 - freeradius-server does not provide winbind/AD auth Added libwbclient-devel as buildrequires- update to 3.0.15 with security fixes for issues found via fuzzing by Guido Vranken (bsc#1049086) https://freeradius.org/security/fuzzer-2017.html * CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret() * CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 * CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax() * CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes * CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() * CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() * CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly * FR-AD-002 (v3) String lifetime issues in rlm_python * FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare- update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot-*-TargetedId generation. Bug Fixes * radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated- removed obsolete freeradius-server-fix-cert-bootstrap.patch because recent /etc/raddb/certs/bootstrap simply works - update to 3.0.13 (still FATE#322416) Feature improvements * Add dictionary.rfc7930. Note that we do not implement the RFC. * Added 'cipher_server_preference' to mods-available/eap Patch from #1797. * OpenSSL 1.1.0 compatibility fixes. * rlm_perl: radiusd::xlat to evaluate xlat string within perl script * Allow authentication retry in winbind. Patch from Herwin Weststrate. See raddb/mods-available/mschap. * Added "recv-coa" method to rlm_rest. It behaves the same as "authorize". * Document Trust Router tr_port option. Patch from Stefan Paetow. * Update elasticsearch/logstash examples so that they work with elastic stack v5. Patch from Matthew Newton. * Print information about packets, replies, and contents in the detail file reader. * Update abfab-tr policy. Pull request #1893 from Stefan Paetow. * Reject packets which contain User-Password and EAP-Message. * Add example for filtering Access-Challenge. See sites-enabled/default. * Pull symlink fixes from v4.0.x. Fixes #1859. * Add systemd reload. Not everything is reloaded, but some is. Fixes #1662. * Better documentation for listen "ipaddr". Fixes #1921 * Add dictionary.cnergee, updated dictionary.nomadix. * radclient no longer needs -x to print statistics with -s. Bug fixes * Minor typos. Fixes #1763 * Fix typo in RPM build. Closes #1767. * rlm_mschap check for password expiry only if password was correct. Fixes #1762. * Update debian build. * update rlm_counter "man" page. Fixes #1775. * Remove erroneous assert. Fixes #1778. * fix mschap password change test. Fixes #1792. * Cleanup config file on data remove. Fixes #1795. * passwd module returns "notfound" if not found. * Check for old OpenSSL, and don't build rlm_eap_fast if it necessary. Fixes #1803 * Cleanup memory better after ldap version query. Patch from Aleksey Katargin. * Rename lt_* functions to avoid linker issues with libtool. Fixes #1277 * Many miscellaneous fixes and typos. * Allow long strings in %{%{foo} bar:-%{baz} blah". Fixes #1866 * Fix filtering operators, along with more documentation and more tests for them. * Fix OpenSSL fixes. Fixes #1876. * Finish SQL select queries even when SELECT returns no rows. Fixes #1879. * Set Module-Failure-Message for more EAP errors. * Correct typo in dictionary.rfc5580. Fixes #1882 * Remove obselete systemd syslog.target. * Client-Port-Balance load-balancing now uses client port. * Radrelay examples fixed from Alex Clouter. * Update systemd target. Pull request #1896. * Trim starting whitespace in xlat strings. * Get MySQL result lengths using normal API. * suid down after fchown(). Fixes #1914. * Fix cases of comparing pointer to NUL character. Fixes #1915. * OpenSSL v1.1 fixes. Pull request #1921. * Better Handle v4/v6 host names. Pull request #1919. * Remove "Auth-Type = System" from docs and examples. * Don't crash on malformed %{home_server}. Fixes #1922 * fix erroneous use of talloc destructor in rlm_eap * Issue trigger modules.sql.fail. Fixes #1923 * Document python_path gotcha's. Fixes #1845 * dlopen() the specific version of Python. Fixes #1592- Don't require insserv if we use systemd - Remove require for unused fillup- Merge changes from SLE to openSUSE (FATE#322416): * freeradius-server-radclient-init-error-buffer.patch - make sure we initialize error buffer. bsc#911886: radclient error free() invalid pointer * freeradius-server-opensslversion.patch: remove OpenSSL version check and assume we know what we are doing. (bnc#1013311) * merge .changes file, mostly. - do not attempt to detect "vulnerable" OpenSSL versions. SUSE security fixes do not necessarily bump version numbers as does upstream OpenSSL (bnc#1021375) - do not generate certificates in %post. End-user needs to do this manually. - keep FreeTDS disabled on SLE12 - we never shipped it enabled - require OpenSSL 1.0+ - use pkgconfig(systemd) instead of plain systemd as BuildRequires - don't list manual pages as %doc- Remove --with-pic which is for static libs only. - Use SUSE RPM group names. Trim filler words from description. - Do not hide errors from groupadd/useradd.- Add upstream keyring - 2 new modules: rlm_sql_freetds and rlm_eap_fast- update to 3.0.12 - still fate#320481 The focus of this release is stability. * Feature improvements + Add support for =~ and !~ in update sections. See "man unlang" + Add dictionary.checkpoint. + Simultaneous-Use prints out more information. + Print WARNING in debug mode when packets may be truncated. + Added expansions %{home_server:state} and %{home_server_pool:state}, which show the state of the server / pool. + Mark rlm_sql_freetds as stable. + Make rlm_perl less fragile. Patch from Herwin Weststrate. + Allow extended attributes to have "encrypt=2" + Update dictionary.aruba. + Add support for EAP-FAST. This is an isolated feature which does not affect anything else. + Update OpenSSL vulnerability list. Use a version of OpenSSL released after September 20, 2016. + EAP certificate verification is now done when "verify" is enabled and "ocsp" is disabled. + New dhcpclient and rlm_rad_counter man pages. + Minor abfab and moonshot additions. + Pass CFLAGS through from environment in RPM builds. Allows more custom builds. + Build with Heimdal in addtion to libkrb5. * Bug Fixes + Use correct typedef for older versions of sqlite. + Update mssql schema to add priority + don't complain on /dev/urandom in ldap + fix == operator in update sections + Don't create DHCP strings with many trailing zeros. + Allow MS-CHAP change passwords instead of complaining on large buffer. + Allow assignment or equality operator on SQL. + Update aclocal tests for FreeBSD 10. + Remove occasional hang in rlm_linelog. + Copy VSAs to inner tunnel for TTLS and PEAP. Fixes #1544 + A few minor bugfixes caught in v3.1.x cleanup, and back-ported to v3.0.x. + do_not_respond again works in post-proxy + Allow realm "~^.*$" {} and User-Name with no realm. + Fix leak when creating unknown attributes + Fix Debian / logrotate. + Make OpenSSL error functions thread-safe. + Fix crash with rlm_sql and updating SQL-User-Name. + Debian build updates. + Allow regular expression comparisons in radclient. + Fix memory leak on unknown attributes in detail file reader. + Update example paths in "man" pages when installing them + Build fixes for rlm_mschap. Fixes #1489. + BSD build fixes. Patch from issue #1583. + Be more careful about /lib/ when building. Fixes #1585. + Correct ifdef placement error. Fixes #1572. + Allow for more files in internal "exfile" API So it will be possible to open more than 64 "detail" files at the same time. + Remove support for statically built EAP modules. Fixes #1591. + Many fixes to rlm_python from Guillaume Pannatier. + Use correct week adjustment in SQLcounter. Fixes #1608 + Minor fixes to allow compilation without DHCP, VMPS, or TCP. + Fix checks for module / config file change on HUP. + Compile regex comparisons when sent via "debug condition". + Update filenames in documentation and examples. + Don't crash if SQL connection becomes unavailable. + Disallow originate_coa when proxy_requests = no. + Free rad_perlconf_hv in correct perl context. + Multiple fixes for Debian builds. #1510, among others. + Set OpenSSL FIPS compatibility flag when necessary. + Pulled fixes for the build system over from other branches. + Fix OCSP for RADIUS over TLS. + Fix skip_if_ocsp_ok behavior. + Better fixes for systems without closefrom() but which have /proc. + Minor build fixes back-ported from v4.0.x. + build --whout-ascend-binary. Fixes #1761. + Be more aggressive about not opening new connections in debug mode after CTRL-C. Address #1604.- use %{with} macro for conditional inclusions instead of hardcoding version numbers - improved package descriptions - fixed builds on SLE12 and SLE11SP4- removed installation of experimental module rlm_sqlhpwippool.so - update to 3.0.11 (fate#320481, bsc#961479, CVE-2015-8763, bsc#935573, CVE-2015-4680) * Changes of version 3.0.11 + Feature improvements - "unlang" comparisons of IP addresses to IP prefixes are now detected, and types automatically cast. - Allow shorthand form of ipv4prefix values e.g. 127/8. - Add "auto_chain" to raddb/mods-available/eap, tls subsection. This allows the disabling of OpenSSL auto-chaining of certificates. Which might be wrong. - Added printing of coa and disconnect stats (radmin). - radclient defaults to expecting Access-Accept responses to Status-Server. - Updated dictionary.lancom, dictionary.starent. - Portability fixes for Solaris. - More errors from ntlm_auth gets passed to MS-CHAP. - Update abfab-tr-idp virtual server. - Added "filter_password" in policy.d/filter. This removes embedded zero bytes in User-Password, for compatibility with broken clients. - The server now issues a WARNING message if duplicate configuration items are found. - TLS can skip the "verify" section if OCSP returns OK. See raddb/mods-available/eap, "skip_if_ocsp_ok". - Set TLS-OCSP-Cert-Valid = yes / no / skipped, which is the result from the OCSP check. - Interoperate with AD and "LmCompatibiltyLevel = 5", by always setting WBC_MSV1_0_ALLOW_MSVCHAPV2 for native winbind in rlm_mschap. - TTLS and PEAP now require "virtual_server" to be a real server. - Print WARNING when TTLS or PEAP identities are spoofed or not properly anonymized. See RFC 7542 for requirements. - Various rlm_python fixes from Herwin Weststrate. - Allow setting Response-Packet-Type in "Post-Proxy-Type Fail", which is useful when the home server does not respond. - elasticsearch updates from Matthew Newton + Bug Fixes - Fix issue where field nas_type would not be accessible via the %{client:} xlat, for clients loaded from SQL. - Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types. - Data type "ipv4prefix" is parsed correctly. - Use correct talloc context in rlm_exec. Fixes #1338. - Complain in unlang if "else" is used with no previous "if" or "elsif". - Send accounting status packets to the accounting port. Fixes #1364. - Print out CFLAGS when doing "radiusd -Xxv" - Fixed bug with coa/acct stats value #1339. Based on patch from Jorge Pereira. - Fixes for LEAP proxying. Don't use LEAP! - Fix issue with "directory already exists" seen when doing "make install". - Fixed bug with radmin related to the option "stats detail " - Complain if the detail file reader does not have permission to read the "detail.work" file. Fixes #1398 - Fixed SoH. Attributes were not being copied to the virtual server. - Used a wrong list to global statistics in "stats". - Create EAP-PWD identity correctly. Prevents segfaults. - Dynamically validate authentication types for PEAP and EAP-MSCHAPv2. - Fix includes in installed headers. - OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys correctly. See raddb/mods-available/eap, "disable_tlsv1_2" - Allow password change to work for MS-CHAP. This requires 'r=0', because password changes are not retries. - Fix home server fail-over for home servers using TCP and/or RadSec. - Special characters in expanded regexes are now escaped e.g. User-Name containing '.', and comparing /%{User-Name}/, the '.' will now be escaped. See src/tests/keywords/regex-escape. - Use correct authentication vector when sending Access-Reject replies for RadSec. - Set FreeRADIUS-Proxied-To in TTLS again. You should use the "inner-tunnel" virtual server, instead of relying on this attribute. - Fix debugging constants in rlm_perl. Patch from Herwin Weststrate. - Add samba-dev / samba4-dev to debian builds so that rlm_mschap can automatically use the new winbind API. - Automatically skip zero-length attributes when sending packets, instead of erroring out.- fix bsc#951404 * Rebuild of freeradius-server package fails * fix source url - ftp://ftp.freeradius.org/pub/freeradius/ + ftp://ftp.freeradius.org/pub/freeradius/old/- update to 3.0.10 * Changes of version 3.0.10 + Feature improvements - Do more optimization of unlang policies. This makes run-time a bit faster. - Re-name most of the functions in src/lib. Third-party module authors will have to do the same. - More documentation on contributing and how to write modules. - Update radiusd.service for systemd. - Open IPv6 proxy socket if the server is listening on IPV6 auth / acct / coa packets. - Create debian packages for DHCP. Fixes #1125. - Add more tests for "update" section parsing. - Update "man" pages. - Update attributes for Alcatel 7750 - Add dictionary for Boingo Wi-Fi - Add support for DHCP lease queries. See raddb/sites-available/dhcp - On HUP, check all modules for config files which have changed. And only re-load those modules. - Allow FreeRADIUS-Response-Delay(-USec) to be set for RADIUS packets. Patch from Herwin Weststrate. - Documentation fixes from Alan Buxey and Matthew Newton. - Update "logrotate" script. - Added more RFCs to doc/rfc for new standards implemented by FreeRADIUS. - Don't crash when doing "radmin -e "help hup". Patch from Matthew Newton. - The dictionary parser now does more sanity checks, which prevents run-time problems with invalid attributes. - Update debian packages. Patches from Christopher Hoskin. - Many other debian packaging fixes from Matthew Netwon and Herwin Weststrate. - Add "session-state" to Perl. Patch from Herwin Weststrate. + Bug Fixes - Fix rlm_files so that there are no collisions when loading 10's of 1000's of users. - Fix radclient to use our internal v4/v6 parsing functions. v6 addresses with ports now work correctly. - Fix sending/receiving packet messages to wrap v6 addresses in square brackets '[]'. - Check for sasl/sasl.h when building rlm_ldap, and disable SASL functionality if unavailable. - Fix issue which caused a non \0 terminated buffer to be assigned to attributes if the value being assigned contained an invalid escape sequence. - Fix deadlock when reconnecting connections in the connection pool. - Fix potential overrun in functions that used fr_utf8_char with a non nul terminated buffer. - Fix decoding issue for Tunnel-Password type attributes which were very long. Found by Denis Andzakovic. - Fix radclient issue with TCP sockets on FreeBSD. - The server now creates ${run_dir} and ${logdir} directories in daemon mode, when running as "root". - Handle tags when using maps. Fixes #1191. - Fix crash when CoA packets time out. - Fix parse error in rediswho - Fix regex support in SQL radcheck the "users" file and radsniff. - Register listen xlat earlier, so that it's available when the virtual servers are being parsed. - Parse Ascend-Data-Filter when given as "0x..." - Print Ascend-Data-Filter correctly. Add test cases for both. - Allow old-style clients again. They will be disallowed for 3.1.0 and following. - Complain instead of crash when "else" and "elsif" are in the wrong place. - Clean up memory more aggressively. This lowers the maximum memory used, most typically for TLS based EAP methods. - Prevent the server from unlinking the control socket of an already running instance. - Fallback to using the configured OCSP URL if one exists, and no URL is provided in the certificate. - Return CoA-NAK if proxying CoA fails. Based on patch from Jorge Pereira. - Lower peak memory usage by decreasing size of internal memory pools. - The control socket is now left in place if a second copy of the server is accidentally started. - Allow virtual attributes in "switch", "case", etc. Fixes [#1240] and #1265. - Many spell check / typo fixes in comments and example configuration files. - Better handle multiple DHCP listeners. - Don't print secrets for old-style realms. Fixes #1267. - Don't fall through in empty "case" statements. Fixes #1274. - Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2. - Always delete MS-MPPE-* from the TTLS inner tunnel. This allows TTLS / EAP-MSCHAPv2 to work. Fixes #1206. - Fix off by one error that caused some MSCHAP-Error messages to be sent without the password change version (V=3) and the textual message component (M=). - Always include C= V= and M= in MSCHAPv2 errors. RFC 2759 does not say that any of these fields are optional, and not including V= caused errors with wpa_supplicant. - Do not include M= in MSCHAPv1 errors. It's not supported.- Fix boo#912714: freeradius can't use ntlm_auth * Create winbind group * Add radiusd to winbind group- Remove gpg signature file * The gpg signature checking is broken and doesn't work- Fix bsc#935573: Insufficent CRL application for intermediate certificates * CVE-2015-4680 * freeradius-server-CVE-2015-4680.patch based on https://github.com/FreeRADIUS/freeradius-server/commit/a03814af310bb3bee74ea012546d99c48b0ea5c3- update to 3.0.9 * Changes of version 3.0.9 + Feature improvements - Make "pool" configurations more consistent, and update documentation for them. - Move connection pool logic to "most recently started", instead of MRU. This should help with pool stability. - More VSAs for 3GPP2 - Added examples of multi-value attributes to rlm_perl. - LDAP-Group and SQL-Group attributes are now dynamically allocated. - Only the "sql" module registers SQL-Group. Other instances register "instance-name-SQL-Group", similarly to "ldap". - Unknown attributes are now complained about more often when used in unlang statements. e.g. if (Foo-Bar == 3) used to be a string to string comparison. It is now a parse error. - Rename RLM_COMPONENT_* to MOD_* in the code. This makes many things easier. - Move to C99 initializers for modules. - Load modules in raddb/mods-enabled. This allows attributes like "LDAP-Group" to be used in the "files" module, without explicit ordering or listing in "instantiate". - Added 'bootstrap' section to modules. Third-party modules will need to be updated. - When adding clients from a DB, add them to a virtual server if that virtual server has a "listen" section. Otherwise, add the clients to the global list. - When reading dynamic clients from a file, don't expire them if the underlying file is unchanged. - Allow the server to originate CoA requests from the post-auth stage. - The server creates ${run_dir} and ${logdir} in daemon mode, if they do not already exist. - Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server now supports all mandatory and optional attributes for this specification. - HUP now re-loads the configuration only if the files have changed. If all files are unchanged, HUP re-opens the log file, and does nothing else. - Much better debug messages for EAP-TLS, including which attributes are cached, and when they are retrieved. - Increase default max_requests to 16384. Memory is cheap now. - Added "stats memory" commands to radmin. Debug build only. - Aptilo controller dictionary updates. - SQL modules now use Acct-Unique-Session-Id everywhere. - The redis modules are now stable. - The LDAP module now supports SASL "interactive bind" method. This allows Kerberos based administrator and user binds. - DHCP code is now in libfreeradius-dhcp. - More DHCP encoding / decoding unit tests. - rlm_replicate can now be listed in the "accounting" section. - Better sqlite debugging output. - Remove "required" option from many sql_ippool directives. - Set default CA "basic constraints" to "critical". Fixes #1073 - Updates to help / man pages from Jorge Pereira. - Added more tests. + Bug Fixes - Be more careful about unused config item warnings when using -Xx. - Move more defines to be auto-generated. - Allow virtual servers in proxy fallback. - Allow %{module:} to work. - Don't crash in RadSec. Closes #980. - Return better errors when a unix group / user is not found. - Re-enable detail module "locking" parameter. - Don't crash when logging replies from Status-Server packets. - The couchbase module now uses "update" instead of "map", for consistent with the rest of the server. See raddb/mods-available/couchbase - Don't require NT-Password for MS-CHAP password changes. - Be a bit more careful about decrypting MS-CHAP-MPPE-Key attributes. Closes #1013. There is no perfect fix, tho. - Fix security issues with EAP-PWD. See http://freeradius.org/security.html#eap-pwd-2015 - Fix dynamic clients read from SQL in non-debug mode - MS-CHAP now allows retries (i.e. password change) when passwords are expired. - Allow "user=radiusd" when the server is already user "radiusd" - suid up/down works on non-Linux systems. This means that the control socket should have the correct ownership. - Fix issue which caused the server to sometimes have problems when a home server was marked zombie. - Fix format.pl because Perl is now more picky. - Fix proxy to Packet-Dst-IP-Address, so that it uses the correct destination port. - Fix corner case with cursor functions and removal. - OpenDirectory fixes and documentation. - Fix leaks in rlm_redis. - RFC 6929 "evs" attributes are now encoded / decoded properly. - Fix talloc pool leaks when receiving malformed or retransmitted Accounting/CoA requests. - Printed attributes again use double quotes instead of single quotes. - Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl" to eap.conf. Fixes oCert CVE-2015-4680. - rlm_expr now errors out correctly on malformed attribute references instead of triggering an assert. - Make "break" work in "foreach" loops - Allow dynamic expansions to work again in the "hints" file. - Correct minor typos in comments and examples from Alan Buxy. - Re-urlencode the path portion of ldapi:// urls before passing it to ldap_initialise. - freeradius-server-rlm_sql_unixodbc-configure.patch removes hard-coded directory in configure script of rlm_sql_unixodbc - install new module rlm_sqlhpwippool.so- minor adjustments/cleanup of spec and changes- update to 3.0.8 * Changes of version 3.0.8 + Feature improvements - Allow syslog_severity to be set in rlm_linelog. - Allow defaults to be set for bulk clients in LDAP and couchbase. - Updates to dhcpclient. Patches from Nicolas C. - rlm_mschap now supports direct connections to winbind, which is faster than ntlm_auth. See raddb/mods-available/mschap. Patch from Matthew Newton. - Recommend /dev/urandom for TLS randomness, instead of ${certdir}/random - Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}. - Allow Expanded EAP types where vendor is 0 (IETF) and type is normal EAP type. Supplicants sending Expanded EAP types like this are broken. - Add support for server side sort controls when searching for user objects in rlm_ldap. + Bug Fixes - Don't complain about "authorize" in "server {}" blocks, but only if there's no "server" block. - Fix cosmetic issue where debug from the first packet read by a detail reader thread would be emited during config parsing. - Fix ASSERT on truncated detail packets. - Don't use main server log functions from within panic_action, as in the case of syslog this would cause deadlocks if the fault was triggered from within a malloc. - Fix issue in "switch" when "correct_escapes = false". Fixes #911. - Fix sqlcounter configuration to use "%%b" instead of "%b", otherwise the new syntax validation will fail. - Allow forward references in configuration items. Modules aren't always loaded in a sane order. - Fix more escaping issues. Closes #912. - Decode MAC addresses correctly for VMPS. - Fix memory leak with TLS connections. - Fix state machine threading issues for conflicting packets. - Fix copy_request_to_tunnel issues for tagged attributes. - Allow "ok" to over-ride "updated" inside of Auth-Type sections. - Update state machine so that post-proxy is run though child threads for performance, instead of blocking the main thread. - Allow "netmask" to work again in client definitions. - Relax restrictions on SQL group queries. - track outgoing proxy sockets and clean them up more aggressively. - track proxy statistics, including CoA and Disconnect. - If radmin has a connection failure when running a command, it re-connects and runs the command again. - mark home servers "unknown" less aggressively. - Fix potential SEGV in PostgreSQL driver on error. - Fix issue where fields like nas_type would not be accessible via the %{client:} xlat, for dynamic clients. - Set default busy_timeout (of 200ms) in the sqlite driver, so writes don't cause selects to fail in multithreaded mode. This is user configurable, and may be increased if required. - Convert Password-With-Header attributes to binary (from hex or base64), in the authorize method of rlm_pap. - Fix invalid assert in state.c, that could cause abort in post-auth. - Fix double free when -m flag is used, and connection pools are referenced by multiple modules. - RADIUS over TLS accounting uses the same port as authentication. - Regularized return codes from radmin commands. - Fix RHEL spec file so it works correctly for Centos7 which uses systemd, and didn't like the SystemV init script. - radwho and radlast now have a -D option to load dictionaries - DHCP packets are no longer checked for duplicates. - Don't crash in sql module group comparisons in corner case. - Calculate MPPE keys correctly when using TLS 1.2. - Fix load-balance sections. Closes #945 - TLS certificates are available again in the post-auth section. They are not available for session resumption. - radclient encodes CHAP-Password properly when using -c Closes #955. - Fix issue in rlm_cache_memcached driver that caused variable length values to be truncated. - Fix track functionality in detail reader, so it no longer fails with a "Failed marking detail request as done: Bad file descriptor" error. - Actually add the peer identity (as User-Name) to the inner tunnel in EAP-PWD requests, so it's available for lookups. - Fixes to PostgreSQL queries. Patches from Santiago Gimeno. - new set of consolidated patch files: deleted: * freeradius-server-2.1.1-logrotate_su.patch * freeradius-server-2.1.6-rcradiusd.patch * freeradius-server-initscript-pidfile.patch * freeradius-server-radius-reload-logrotate.patch * freeradius-server-var_run.patch added: * freeradius-server-radiusd-logrotate.patch * freeradius-server-rcradiusd.patch * freeradius-server-tmpfiles.patch- Do not disable as-needed build - Remove the with_sysconfig switch and just stick with versions- update to 3.0.6 - fixes a segmentation fault in PEAP module (bnc#912588) Feature improvements: * radmin / raddebug conditional errors are printed to the output, instead of being discarded. * raddebug will exit if condition set with -c was invalid. * radmin auto-reconnects if the connection to the server has gone away. * rlm_cache now has submodule support. See raddb/mods-available/cache * New memcached driver for rlm_cache. See raddb/mods-available/cache * Add support for &Attribute-Name[*] in conditions. See "man unlang" for details. * Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n]. * Allow for redundant string expansions. See the "instantiate" section of radiusd.conf. * When checking IP addresses in conditions, make the right side be parsed as an IP prefix. * Support JIT compilation of compiled regular expressions when built with libpcre. * Support named capture groups with "%{regex:}" when built with libpcre. * Increase regular expression capture groups from 8 to 32. * Emit error markers for badly formed regular expressions. * Allow 'm' flag to enable multiline mode in regular expressions. * Support limited implicit attribute conversion in update sections. * Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:).- Drop .keyring and .sig file: freeradius-server still uses MD5 signatures, which are no longer validated/accepted by GPG 2.1.- update to 3.0.5 Some of the new features: * Allow LDAP to specify arbitrary attributes for dynamic clients. * Allow one level of backslashes (finally). See radiusd.conf, "correct_escapes" setting. * When supported by OpenSSL, allow TLS 1.1 and TLS 1.2 in EAP methods. * Allow multiple new connections to be spawned simultaneously in the connection pool, to cope with spikes in traffic. * Use kqueue on systems which support it. This allows for better scaling when using many sockets. * Home server "response_window" can now take fractions of a second. See proxy.conf. * radmin now supports "show module status", as thee counterpart to "set module status" * "ipaddr" will now use v6 if no v4 address is present. You should use "ipv4addr" or "ipv6addr" to force v4/v6 addresses. * "client" sections will allow "ipaddr = 192.192.0/24". The old "netmask" is still accepted, but the new format is preferred. * Allow custom HTTP headers to be set for rlm_rest requests using control:REST-HTTP-Header (attributes consumed after use). * Extend format of %{rest:} expansion to allow HTTP method and POST data to be specified and urlquoting. * Add support for aliases in rlm_ldap. * Add support for connection pool sharing to all modules that use the connection pool (pool = ). * "tls" sections now have a "psk_query" configuration item, for dynamic queries to discover a key from a PSK identity. * Preliminary support for EAP channel bindings. * Foundational work for dynamic home servers. They do not yet work, but this is now only a matter of updating the "realm" module in a future release. * Support &attr[*] syntax to copy all instances of an attribute when used with the += operator in an update section. May be qualified with a tag. * The logintime and expiration modules can now be listed in the post-auth section. This makes some configurations simpler. * rlm_sqlippool is now IPV6 capable. Set "ipv6 = yes" to get Framed-IPv6-Prefix returned. The SQL queries have NOT been updated. Please submit patches. and numerous; bugfixes - remove gpg-offline - create /run/radiusd after install - drop freeradius-server-opensslversion.patch (upstream)- freeradius-server-opensslversion.patch: do not check the minor version of openssl, minor versions are supposed to be compatible. bnc#906682lamb69 15896595403.0.21-lp152.1.33.0.21-lp152.1.3freeradiuslibfreeradius-dhcp.solibfreeradius-eap.solibfreeradius-radius.solibfreeradius-server.sofreeradius-server-libsCOPYRIGHTLICENSE/usr/lib64//usr/lib64/freeradius//usr/share/licenses//usr/share/licenses/freeradius-server-libs/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.2/standard/ed9e66b43efb9a38dbadba77403abb61-freeradius-servercpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a63009951897619a2dab2c007784b2999a166199, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4877c70d4a18bb2f2ee01977a0fdb704424dae5e, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6e8c31a9b0fbddbe7cab3f252c996dc63815cdca, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9ee6041a2501679a88571eeaf71a4c4047840f05, strippedASCII text  PRRRRRPRRRRRPRRRRR RRRRRR R RR R RRPR RRRRRRR RO3 utf-8d40f70430494e67e7eba54d81e703dbbb05cb68bd580c9d7b2e22396d7dd01b8? 7zXZ !t/] crt:bLL  !@9 9U8}.6㦌a>=P:-14pExM~S0 vmZ,(%@=ir CZ(3Szl\15Mod`p:E/(8,̫YcVUuZ }9gP ⾭Wml'ؗ}vaKq0zHP:UH TKkX*gh])9q.{ 'v]U$Y@e,F`=^@ؑNSCA\)Zru'йOB[% <TUzNLa6oHAW߆yHӅDZ #)Ac) ATD'5ٱUF-d!IGIhH OܳS\?Gq9fK01eW;ߞ CswWmLG*CBQPUwz®|A k>Z[s 6@G|hpw Y*.Y워@fera_M~~IPށ޶I(vqV4#%`}`]Q;,Ie}JwFm(\ynK`=B_Ф_$*@SiMOb!\92r㽖{MU]@31b6 tmAfJ\##>)w\{knYe'OC+EIہ@(E{2}!myMpw6N^mm QBƻqAm5>.T% <" [ ^Dܠ -o8MI <+U&f:FyEQEQ*t1l"`tQ=RX5.<2H0}͟k>g @^&:q'k1>̼ÂV~_^XY(ļk _ъʮsuR B а3騼v*G3 L_7kS?JFWza~bEم@u>81@[vs) j1(݆vcR\J1%oYл?&E;y;й4]c7P~CpцQV]8rVeJEEMw?6 x{E>XeY8MLJbZ(3͛a.L% m&XM 6߰5WI=i[i.P(L]%a3%M>|׺*YbG2\5EC1"9)evx6B #LT0d))7c|CɛMduJ׶JUQ֥7zJ>ywiXeb+ r{D);֑ɳ9ROxvg$-ue nJ}C9}?($(8EBۃ2pb/~&Z/NCҊ3*[dٍtv6Offbpj@;j'bf[hNJ͛U|Es^L`Sm,+@s ˼rqN`feod*௃X(0y]U)#ŕdR̦Aƻӭ?hէ ПvV MI_&?ܓ˶aahS #NA瀛YA@l8/ ww1{/S^@;Hr6b-U 긠>"JQ~e*qZ99_ Bc@9$fa NhU,$~~K.5ę*'o !7ֳ(hn}9܇>Mق&qu۽@Y6紾d˰kJ4idx$k0+kr5$U۽M6ؼ;zM],{N=Pk"ƼO^Ψw7oc1ޝ$D$Tf߬5PISvF9[lt[,o]$^Ƌ*6n\k~_ [}y IƀE!N z)Sbm _QҰ.k NFɕ&_iddӈ!ra}b۫ 3Su\.HH2qd|#9"!Pނ)$و4ۍӐ\UfF>΀H^vOB>b.iN;K!_~(ԧQ@%Q~ww]9\)> Q9gAoY;ْtp]ゅu}c&yrؚ?"[]]/3IQ`ZvRj;rJ9AlLU~yK#fۺǛf o]@̔m#~;iƚY5 >Vy:0vkPNrZw cdd\= %-'ZzoXc`V??VWMfb{elpN%DKA˘P\qh`v4Ё}-;GӬq70q׶IK/u93kF(\H޼si"ZZfDUuNy@bBcLgc-\!J]jec4?!L'$ѵPA\ϹEuGL_5 d :%ߏԎ _E4)U^ʪ:i#X{Zo'1˸{RTL>߱'#r9JsRQ߻'`̭Yb.Kee:ͣX<:@!S|A;^z̳Ց|}$h6]C({7Te,ľğ 2*zG=JoQ f ' Zs\$"1z$W7^ OYR0ӹFԯD Wb,O?71++dX} j[(x?p/Ix1 slOWؼ!sylV<")MC 2Ɠ*AڨRI3}py%U}')#Z vD!ƻEOvj\٤"D:5M,!DN*,'oT>+9 B=KVNչťfY9d&Ok̃!|Ho Aꔑ !VپlBy]CS6:t0Ѵ~.WVܗ}j1]3`{cѦI(qU4.AzgN> փ00JVT\GbNH$yv=wcs{WX;]ze\Gw`1`{U:+=oGRHa Zb!bUR{gķyiUINQP%Ȱlg:g$gz;{(v$Sp`МPв/z ZY2Nj3#ю˛=P5*eY<ILģjϡnW}dcgp bip"@cW"i:O}?CC`7!Roȃ*қX,4 Fwh0_]s|ъR#SNZQ3uxS ˒R /&(YS+1!`x7%3̐m|R'j>mJ9`z{PF5unt>%Kҕ pme!BPAh^fR_i߬H/!Ʈh(|SO?Y8֟4J?P\IjQK5tM"gZ 89H >3`h]sv5Ât(4cKTNqGXDEDax’١5>Fs|OrMT W/{Iה ?"YCso. ) #ׁq y˒5c(՜ D4Pl}4lboe"ۙ(FYv*xڶCAH9--i]`tչqŚrmL3 Ű]9\ 6JYByY׾glR:?N NEA?e[!Ss(S' NL7s%TH /n!:-q+\Z5D+#ػyfjlg~C65۷}j;m!M%\hj$ވT A>8 u +idcØ]\d\w?? ;*xݹ*Zň;&RU zQuJ3cZ1оʢJ=Bz'#)BǕ \;ޯD <ȫ|AӓNGnkEM;<#l-h{F9GOWlBN[*'ۍOm)M02A zKYX4 ('S 90'i0gQɞ9d=zb'dTz`MzWY4X*3jWdwƖ g5l+u1bs;Hc6B#Dgn#jcnr;NbFEEWĿQ)`GDjU,1;G0fePcF)I1{$Jiƪ (AaM%h"PMpO"ZdR`Ѐ|1٧UttFHg8v|P}ImUn|,eg(2э]6/@WˁVܜn~) #=T{>+L[ {B-!'CdwP~=Y^VBr&޲@-ʎ_Xs)t~1o}§ -Arܶ%n$փ(- ٵCczFQ6(ch¹bg][Xi?O* K;zMWw~67"1QU?@w>tCN?ͯK`N;ihod8Y%N06aOAeʯQtB^y(lzoRHYL/vBKR%f3҂#X9]H$xe#CSȃy=;] 2.Sa%}fH쮌Y킵GF]Bk r / ܍3gYYSv_yOn`|ty-wxc<`~6&0]V&Ǭ2Q y*oǖjĎkyY~St~r܏ҫp`;=t-L|6޹>tN}L\{ 2ledgWƒﶢ5\ k8(Ѵg =]P]f] -n|c0ۘ N3,Ęj'oC:K\PTgʄvs-Tv0PIQZo[kqǬ0_N:x}( ι xS.M+i5amT_xiKuw;ݯI#kkLMkcvo0#i_ד,T6D TLhOw3WY8NxPpBV ]CR{fO4=5Pɍu[u2VyQYprnDY3D6,a _:t;`oäcIrJ$2yT ޖgz#HO٦A£;[;h|;Bz,=h- C_޲3Uߠ+G. zDSF =#r}&f%ay*cg#uﵮ2(##4%Dj/_IVtuI|RG$i*a` Kj"&DIƞRva:9 vw\d{ǧlԎpHϙg?pҤҚŤFC 5P2f"~*,w3߀$/L4H^]Hȃ=#:" _@ {taS3kdd6+LYD&VoU;WDĺ8 yP@bܯO1&. tZy,j#LdgB$ I[ C&6{V V,lX{V;.T?! Z"rI@`=nPM`dU V+w{f e\8C1 UYŻRvx1tGڅxχcMjLDy͋%tagXm*''H:[25|k;afzhgͽ!c?6|bv3qSCۘ4@ $86oQw9YPwľyY>vyԵI B?Q{Dj_i/ TkNy3RHW+ًZŷa$cv$7zX"6z CE0 OZ^qkE:c*~SޕMfNÊU=բ`%7fwW_ޛI#IJrDb__\Tuե&{w{)+)8ZJf- [.?chc!&Gɷ@PiK:s>ݏE @>IoXGo77|pKN\u 0@&Zi2~2T>zIX%9V.8$6> ac05s]Y Zg'&xY? S8[y5uρ geԨ{CR5 Rq WVy/*wm)P4oK£G̼l.-gю0\x{sy|§ Qk0 X熧\Uy&RWvzR=7n{ 2X!Jz)Cǒ@!F6we.NOb 4cח |u!YwE&j1o'aT0 N)=Fh1Gȡg@ <[ aݜ9{2)1p)np5Cj0.nz.m;a8x-}uRl!Ep _d]P"㡡+Fl_tJy/ k9ѣ'D BNh} ЕPmd /mzP]Siꦥ\ TL`W[xPHʩ}E=$5pfٚw<u#kE<ԇ3Ws`WզTh"MX|w+07{*ձRrzh&+YdmoV ]B&*ҵ~%S!tշRq}#CґfGoNAʹ :Alj,G凵s)LਾS)H֣u;1/vu:=yX0>DgIdkH86_C2ba#x #"\h 97}{g3(T@J8uWc!}".El}ZSoAUf9wuN24$;R2 H]*Lhl-e"-PPP>M??zEP]ɋċf? x%K|?56;/M1+Nl.=>Z" E m 0^NoM $G/ ˫~ѵ]Ua\{V-$`5 Vd5'MW:E [G?.^qM| R0sd{P+X8=Kw\izVй , t0=oVe Gsy`@5 ݗT_A5/•Gsm;ׁBsļڅ );ϷP4σF0/`8 OQYdcfkv%Tʌ0O -8`V之r%cڟCu0PhRs/{J ?IA`A^IHCKKMxuuD/\pQN֒NIg诋yh,(VH ]/0' cqj[ӿCxY2%}H ~(`a]0f{L: m^@ BƎt(tF=4!$D&]7ƿ%~'׼'kS) L1Qzn!?;"2(I/|!RL-SywN /Gm5E`yO23be6qHiz12g צ=h$ƱIrF ԩKURaqAxTo7;E $9r~PQ3\\jg˷@9MH0>.m [u>=F 8ݲd"tqVp=%BZ*?,|/Vh\6m`I EBNvy&N=ī6:z5WxCG=a9<:}B!DžWcY~p&Я\ s:E{ENjzj )pRxqѾMjP> `at N)ġ^/ܭ`\R9Yw&㦤%?L@ēR$dl,cЈI67C0 f1-ջ\n1G `'=e(5Ս˹yޔe ^GXӈMۄ$1" 乞5'Q ցVH ԫ7"g ՘J_qjGpvK~W=l`r)hFޜ@ uO9 &]$Y2q\ Mq & I;1OcӶ{rcdݽYgnryj'[.~>49: xNeMW1]׵h JVT%f &Dz#F PK]P2>б{ YywDD>1"h}}{CaMeqG?Mqo '3 N͐ߎ>s{^}2#ZY:}?fE/rC&bi[f$]%hN^Zm$=>Hc VbW@q NMqLU15cB lh@>T4$'CI[.`:؍6+l; tweM()FŃM_%Ⱥ{'jeJ@΂`AƖMm{2gNja ܓڦp̊EBYhpFwx9ן*{Al/lǾ_Ņ Byxd1 hZzE:mcq|]̈2)o]To ݾyӕ'pTV'AR#&%:~^C:àYUxR|EշiT>{pgYB[E i_3aFaǔd6 kXWhg * H:m7[)pD OZО$/3v? 'JYV-qr%JgϹS isX?ÑgdP]Kڏm2(~W0 5TO$mw)By~4mWt H*A0LfM5k r讟7ٕ6!>DS\?%xA5AglC}ՒmlV^׳o>L!7ߢE|7׀> W30Lez⬨ƗF"zM( Nt'mQ.i}@fHY?:aMcYML~] "V\)M[ۻnDo (ъC:LY>Xd)|>fl/gbč פo颺) zلz#[!_k*lGv*%$Ŵ8 P5kH/ǦlA*@F(Iʝ?wǿIV5f/C!_1)( 8bp*XkX YM!Iss[,wuL jc0Mjh#T[M~LD߉}gt|aĶ=DZ̳:;7&Dl=Uh nHB&GqOlScVg3jJ{42&Y xc䪔 Mk+tGAv{IUkGچ/Haԇ%fjv1^bGc]K17uĪ`P)XdRyګA'K'WԖo9(=Eﳔ /)yC61#˫*Ay9 êζ@e@>L|*.@`mʣRX6#? Хj^gӻܿ.V!?'Փq\Ԉù%y  >VV`zZGCb݅%X4E,r Bϊ,^WzE-*.l- AvXLRqe1 ęWڐ#< H KKڍUF~ Ȉ,ti=P3R D&SR3ܹ'LNx^n7Biq3};3Ua69epB{-/mBN%S>~e:C~*viJH Hq~VC\%`Zf#nʬd>Ǭp0ECJZPb~%Pd4KKSht0-QwlYy.;?lN68!8`FDx:lB*!(]qn$!v*c܋ [Vb {7R.B-7v=is5,Ҟ)1)2jMK=FhcAC?D72Dד_n<^O%NEuf3ʷel~c//mI7Xjʈ!ݩik"=GlB=z'QݠrK?vTV{Tr~^UFAHƻn0];[wF">sɴ~|{մƵtKXB!n"rsWjbKKu]şh4{J.[9{`:{o4Z/ b*2 0ԏOdΌ3(uƏ qKysGG_+W#nYK53V/JUZй/_vUhK+@I p.\$PHt 0NFעs;U\yhLR 6!Sl zF<`)&c+Wd_d6拽'JrR#O5h(T7>zD"8B>Ca]M6fCf:^D(6mnrs)xyhpRciI]召O[VVYtߜ`P7p>{4kAKQ5*({nF<u65H8K?}޷_?aEF 9,yj-1힝6"rTT ĕu)!EtW|)Xyv Vv]HXm42̀bۈ/O|.d+u9_^veZ5/1Tqg5$iKAMy&ԌX8jsCVTg 0$x|n?xyyp aP8^D~1KµdZ:ZQ.E<\=KOFtUa+Ω ToP+)۬Y&M=vf5Xk^D;~z,3T({--:.@Q֘N.QkpWI8D\Xrj"IeH:-:OEpU%ʸeZ! +/Nc4-)T#@표j'Ivi 4:%"9iǔT*HJe]x@Dpyv" @SoMy>& p? @[1VPBjb]REŗk`;(/5D B.K4!ƾǡ4-h TS_/r1GgRw׌?DZs`OjS{_}Iiϲ .Mta+ z33|E &dujjT`gd Cf?QC(3=丹f@KF̤lvK47ڟi&"k' A0@䚊^ }[z\iCj26d.Zǝб(TpZkʬ/5Xqg# l 7 b?s:1FÍ~IH3dLϢ|A2f6i3B>B12i7r.\qQdk:}BtzvJ|=~OS9f)Y)(N~$ގDy+I7v 9+.J=-4aB92gFnSqs؏F x6S:ۼJ7G=le±9e_Vac1j ?6;өϩ *9uBo|6ͽqDBSu<,"76nI] ۀBmRE@8qlGA'ˠ4I/iy+@$-iȈjƖG,c /βA*ҵ0s A_E޳t7NY=ʲ~IkMq`>.JyK!jC`S\H@dVVz{й@xOKJo+oLآ=N]ΗSҶ,woOj_`͔[n30:H 8S8KwO?=2M'KGk \/.I` Ly۳'镾e"Iߪ0cP~)G2&"G+v-brUܤoޣ/GEHլ, g|gx[,x4Fm0ZI-Qe9bb2ا!|N8-C嘔E Da~ϯmyiXwI+"ؒs3 b 2 cָ{:ʃ`0L,1fjaw+QP|~g(hZsT2OKx"tÍ8\ʠ9|? {zy2'. ^bѪ,@kvi@I:Z8ڄd͟KHT0^ώ 8[27vqY͞fxlKENdRApq Oڹ9`zsC\K62qǮL5:/ VݺMAAszS%*|M(,Jqg*z7.I 7 s)9dLz*sծ?kj%9%:, f%!s@͌9Ҁ@?gׂML2/K3 Vqcudm H͏cs7 N@UkvEZ&\p TVi ;h2{Gڊg罊6@>%wj ?!_%AG:ګ5הbnˆ2g/% L^}̻6{)?4<"cN!3c~9y1l Ql_觺I*pJ&C"2ދ{&-3:gr*Yh }8@1"P=~Za'tEHO4t⸠{\+bkk:<&WV;_e-1ps}Vl*j<0a/=ƹ<[ЎҬ~ncCORͲС+=)Vb)#R,11i&)(NG0̥amow8x.x (F S-?I![[j ԞT^P[ GxI$r[#A^*YS2ڜ %jhmCS\̪ocJ wIP`DP`D_u'fZKAM"@p"'n#ض R?*;hgAb.ۜ 2q3 ĎL\4&m@:0>]&2C%FAxuWxni6A}ԼFF^5#BEͳSd{N[ [էab$nWa$(^:=(@nEȀ>Φ#@n']i ?n'ua*tnu5;0BU/y,eyIL>pDhУ:z'\6`.Ea[V{hVfWc᷁\ <lSU=GY2p0k̴92o&m%~z|z JGǾ1gE:*fNVam]AXΎi䝲}&˷Ng-[c zí|W.bIp0YV*~k.HR}Ď+'/ʃ32h}G}P 9r.}‰;&e3|E66uϳ3/>- Ӳe;(bBc}@ºC GK5Sk># bT#E8v38"t,ݞ< *v6SN3djj4ejtzQeZ|čMJ6/̍9o8<5gwic;>wƋ}i-߄eO (+RI!c5{&Z# wyEj 9lk\JC+KBt&󷆹P ^kVS}\DEeO bRq \T?,{ө&&+wn߅x@F<4b8|Tۻ.(I}MOzI%mzͫ Q ۙɊ{2kۜFl*yůGSH]_gKkwS][\b*"CXTږ (X|sM6?i6H 4P r)`_~^&l'=ru[*m zK6ߞYX_CE&UrNtW#9D ?{岋ݭ΂vFTj|xAdԀݬ7Vrzb.4斣dJCSj$+-W t[형i2q]v Fu5))5WEVXJ{~㧙m XrvR=A)q'+6E91B6K{t~$h ,A@"av62-H|KB0 {ʴקo) UИWyKE k3D!7g}Ww)+K86f$qeTGKO&d38o9S=9ӱzkƭ;nG#8QjycUa#ʃI9>lMtهo. 7N)jHIS2qEyqŚʐ*@PcJ'Hٛzwmh1T.X5.յA&d  2ʚocN姆D(!5KS1 `L`$G#NcΕl`ԧ7io靉@Z5%)|@[4x31v\6.T Ʊi!]g::+h&{_BCM$8t]4xHG^JdL1t40Ԗ~y!\S "!H)3,М>D7졈# % zAUE%hD}/﫵RLPh=Cܞt'$(8G 9ig27&hd=koAF%/4O& 71OkqORҦ>"~wEN(mq0 TX/HD' F/ò(E/mPb: 2.Sk1*-<5aOjNjZf [5E9sW oh(*%yPKP;[>K.OҎs2ah$GOK%Oz;7'1S~>٫cJb TΕm |SPfAͬؓ!1oGoWG;J(P (*kJѠ^Є¹{A겋.n5lhmЉ_غpwܫ"!h.Le|q'#Wmr8G2!m-9&\r,"*Ud2lh$˛a>q9M+Cy~3.toEj yx$Cf#\)?Jr%{~[]\ط5΄;!Qs- UY̾S˳RmXQIH˗ΠD T7&>xd;1be\ҵkVcwv۠''r5˗GQs).ڀ΅%d;BK^Z.7iB|ԠٳvVĚNi̋:nڗI9gn)8D3.+B>-ݬ`^wHhGTِף'!"> TF-}7 ^yTågs~x.F:Cx0 qω:kD ],DGBQΚ. N\Bb } /P`d6ON7M}>cL0Y3̧WEZ,{)lwEPS2RiP%OxS620[ aMftzi aD!,kF0!rm%>DY\xrt47K hY[]vRBՄƚ A lK+Њ5C3%i|WGu(VB04R%+P);;BiGUnX(fxV!e:C0+m`_8[^Sͣ@Z0kƊuO&dbKp;E,N`A4БRV1Lݻ۬{c!aϾ 5ɳd"O j\kxQ#)-C\!TmNDknwgL'FJwJ5U^:N"QበT/t/^qmR0y5mNR7zOkm1F7򎮌x 07ZhnDCoX_!byNp[0!ILx5bhi{)&-Uc\#ß΄~J׭%B [`ks/@ ꁹhL!0'5$Vg`D~D@FhrDnV^"뵟H{a bHBዃOC!qvpW}- _icݷ˽vIurJA-8FSUISAPUs3U|a5n^a|h/O FQTz4,]LĨ</0@=µ A@gm| xwu`.ptp}[+Dfߧ+Dn¹l,y*2@ )^Y(>(i:Jk\ܜNW@huD!5ªc*J^NB/mSoyHǖSJͷfSgmp8{X]X$qjtW%@ ҿ!6oX ¢PoZh{N|O4jcY/?VG@ i~/6C!~ܳO"7fcv6gUZ%̏Nf>Nh7,7˦*&VmF,L頏*ϸZ2BqanߜQЖY~kz2ByCԉ+nsk>id2R[C5rnl@2MB.D%rQ?Blb Lg\9G+K(cz*Y&8]T 1'Xdʌ^JzQz/$kq OHQ:udaS$]yպxJ9?m$tsrA8.0nvv{]mPbZHx(AIt|XUꤝZK#"  엲A}6t: c5!G:T.:9(-x(d_N?0:" 6@\ϓA_ ˃c77%FsQ3qګߤ1?(4T`L}lJw45 3rvۄ%SEhU-_KH7?[pL l3jQT]"\Ψ$p*$^/;a93@$LI<̊oIimu \'oKO???$B,le~?!`KЦ'n *ЇlF2N jA{R>x2ïc$s7 r][yYںp|@XWra]\XŽ #7g$_V0&?qCչ"뭫jNQ& +2x;j] u+Nݥ^bNqe _nPt '$(LLoXQ`T)Q$fؤp9φ=P9ifi1)뺞\$|./Ǹ)1b `?Xxo|d [._h*@SCaRrLX)o %W@Тd4Ǎyym+ + D.ϝ^4yuBr;o ~. kw[X?S0 QGV6KO2ҘT'e= _Tr LR㉡!$;œ׈)!R$>%u-YuےDޥg^?ȁ<*K8dOAV n2L{oH@cTF /.AVsV=!i}pp *.حv'qV!|=3 Tv[`&5)M04#a?S/+YE|!Ks]. )F[X־7,so*@4_ǘ#)P6HZ5 4Զ˒:,G_.|;@[@D k#b9NSW:7Ruul8쑴ǁm kJo Ga³:;)P;'ßF ({Go.Sq SZ_ 1Kr @ /(S&q&8O\Wҝ4tk "M4vK/"+*Cj—|qX#혖Y%Ny-8p'Z)YP\sB Qgqf ѳXAM#т'#k )0 D zi|h'qS==cf3?BKwH!Ta,q&p6IO)@bhACAXvF 9,2Z,ڬ̴+a4Nd ~x% {<{/UdkN ڿ!zS(h?/tmR@tN912D& C4.IK/i* bgFO]þ.lqrwG(PrLz5TXHA q]R+J[OJ]վZ$)|}"d~xuJ (HʵLI% \R &" Lr2|s0z6gE4zʘ עVO;]Z?t_% <2 o}— C_ ny\×"|$0L#-`*О{B OUV?= V_/fUrcZVzHaOPѯ# !"ItGkf,~ֹgUl霳+(3B! 3". ~MGhzey+Q֥iϱ58Jנķa(RhݜCe΢GDnֻ_G6җ/gɌ q5AveɆSqf+N%ehڌ~aa%y_Y징&~ Y|$Bv‡61~4tnu0#6AǂIUqO )稤eQJaS4 y3}}/Wh%Hsrtgo5P cj['(3G%)*u& J%Y׏qA^f i漿rnrRkC>nL=C6ef)H9uЭ"|plJ=kWRMm mTSBX h0.o5~_3/+h6M}iqqJݓzߕѪ&xh! p 5N$G5q锎D[:^8hz_FqJюG5#?8VGPv».']jx穼PEh `GToh,qt-ayҋ B䚑W} CXފ1;J %fvlf1.Is o3!0$[YmxvOKl(a; nbI5w3c/ 1.$'C0(3"5?b# c--&.1p75'BvĶ :G{s7밉`r1b~osںKq>m"9*{ߋAjw^&RF~kA<2y)-d(!擃uSx[U _Z@ˆ 4L4JvZYb<E &@M= (6f. 5?X`JNPh[UyAbp3+9_ È +PNGDBGs@RZ 2೫ݣM e\;.ò]o@ wbx$}SwkI}a5p'lU sXNB(׊آpބt{Skʐ@oZA%DlB0vQ` V*J>(57p1' ԛxvOR$?Ls}Uv "Xt_ ^115IiD" h;p/ G"2UA ueRh :'sFo@ݜtj-rdKa UpCʹc$j ٫VZh>ԒM-)l=C;.*tl ,#~ד 8 .dKwLϜkC5XUʒE3ҡt6TD~n7lL-r3;IFщae~@)3p2td?C2QSJê,-h>b]*8>k!K?]F1uV_kn/]X9B u.AEe;ۂЫijQn3E~NuҜL;U C7#Ov7aYeNC|SuRiU0~CqrTdk^#.>d_sh\ bm+Gሥ/D{EudninFwVЌjd'}h"L8ʒ&&j.pWSOiC%gU^ LӄU|F,5\,V$. r>Y?RC! 2.= jib1]P:'ZJ'd㡯^UOǧl0p g7[M.ՒN?\ȄG56Yʧ/`.g2࿠pRY:6v9")J`V1!>a #譑侂~HcS} y[D57~Ek+NKO ss +O wA խX@L!^|kh=LP#qHţJC#y% Ev)7zs*U\zƔ(^-8 >Gĉ u(#6ݎmpvg=" ;[8bX/pZDNF'&s-|4lvDB!!Dul{?\MD-jW\M fF{2zyZUoRջYjZ 6A'ܔc}vBLUauo[/'J wx|k(T--#Wq2C{v7DAܘ l%8*xy[\Zn1q[dvmYh [|XpP7P͟k* (oJug(F'U}}1#p'3!C(0" fE>(;pPx 0D1@{ '^VFM 9#Hvc@ LF`2Qޓxcm}JHM`f]F@mq:5f*-HZچ\E[]V[ctMȄGKR`Ci{ut{Myq0UANǰ,9$R:q#6xcdt7]HE[-v8w6;N:2qDa a f`'קAVk6' qdnqp_GJBUZUɔ1\+(V:՞wZj oßpd'-RZB&Ȳr%J;JP3Y+uaC`BD"ˀ$BbGEYaz%A#A}p/ɝϟ}3<dy\9˨al Xpr# &~LtaΙ2>6wj Vkr[|Ao̮]g t{&I@CԲERP.ݯ݈J QXw`}:Tȩ:]{B#h>@rmQȨ`wH7ہ6qCW=Bu׷Bjn-iҀ隇G MSdBXK(Bx`Q^Pzߊ} y^|fAC󌑡5tNJѻbg L{YvȴTBI*;2[ h^G4+ m4 ( mgo8/}0~w+ I Q#,Upd*ߺu0*bH~\cv16y@xJY"!$\F'BԩuIJBj3M:졮 qg|Ցrs?3us k;=*eO4$)qQ25j] 65cjOf$ ߘ &O, '|4L\ 9( N&a&)ҽycOSL NaП˥,:75ie /9V&Nѯ4~pUIg =ܛO]Q1{-~ -9zeTsGY3oGjԄ:~Fy>,odYf-[0HVjHGw"ܵ}8w2FhB;FA`@דp@<(4_JXp2~M\m |3ijj3ud۫~}~t4=X۾ g@(NO$5`ӌ^ \i˚FN Bݽy R/Rw"ce{qrx[^X٤)qj%ۖwvx@UUھA' ;ɴ82;9-NGaBs0Оm#-x1ѳ.&QNZ[ $3YﱰЩ?-@h-Вi_<˃uOo".UE>Q ;žpi.>BΛ1]`]7OXA?n U2]Y_weY}wL:/je(ձyw?o7cpʭ7~mgk !hHCo[dU?] o5`U AEiKV O)h0*qVO:#e1dԙ|;Vz  A̙j`eEoKTEmkk!rK|~6PH|6!l0*°FXV6h]k4$]vySr<(M`&YZl1m81=, Ğ\)x󄢼AuǵMͮ$pѽ0{?ͫ2QɃ"7*Oo}Zw8hQ+q_{2eo'WF™v٣c~ G\ >ÎY*f:z;>j Ē l3w[D4_6H/RkhXCsv~4 ǖ!FKVXĒM՛1SIC~х!k.٪/`UY iO .X*N@R^zpo:\8$ɕ :ʎt)nD3 OxK 0Þ2AXX'E"l%4%.odf)e2`>k"%W=cFFU2lyء "2XyW!(HZ(LN,M0 8}uE a/ J1CT{r犨p׿W*ulKz8Ԙ[%ƹ R_~y,$s1ݒ P5-1*q }vqn2\\ )l/jfo&;Z&U.9IL˽t^1/*`Ý]sbDH#YXNjof1~':v2 Ĩyh2[O<' OQc܃0X D*i7h;UAWfY߲tLd^`RR_oE TS-KǡMI77Kv&ɫYP7ϧ{C/Qf6BNӧLHcSJ@2>3z`O$XwwL?ZMX*/K,fXJl jiu~#cC|d,;U?zё Λw>eHt^D8oV }7՗֤mj-ֱ@>Վ&vd6j76,jJ1D2\}-Ҏ%{Y3adU&%`sqʗqvi%2(ݜ-v$>2հg2wX"ve!|WMXK5P\[lقPb427"͐gAMTMrQmrxm\ uh ױfM nj^ Ŕr@A]qpB҅ʨ4}ohA&O]ٖpע424Ō8')1oNHDɷ899\ԱˊQ4yRTaMRR~cw`4P;j9Ӌ60uLxY!8x͙B~Zj!$Њ.N)yRݐD !;UZ=UQsl" NKB/깼xR FTu}"P-=6 |Xnn 'lE-wqz,y5-p7v%K@t"5(x~GAom=Úvmg3I33׌U3v֛y|z(ܬ \*OL@&2i=.4 > SH|)hvV(ہ+uJ؟R'A0AlA]i&榈]@*^b"UrH87 u0i'$)o:G$ccQՃv$t`fcʤwGF5BF Ѡ|4Յ xn<xFo ej˶xg,%l|7orBOuHc3ej1[U;SɅTȉ|jDVhw/dN]nj}6]r 0yﰯLͯxPs=@lp+Kԏ,:6ךeZ\W<^Ȳ)&zn,S!/P `R# 7e \a!>X@.ʒ-d¢<`Ƽ>-Tѽnk"!u/3&-o/m>`mrB8a q8aT~rV1ES﨟~ <,ۜ{ aY፼uԧ{N *m_B+ٜP fi?.9,aMe=.!eJkk9 . |H *=mwfr/G(MPBлIgCnIn7Te<ũsR<6:7a/EiѮyo@Z\Q !BP[o1cys"*rb5s(.S%(re#TRD Վ ͔TWṡ@OàŠ$j,r͟#_9@zMw?&]wNZ85jOg,= T~>y֢:+/*qDPR9+#-?Q|kmP +D-R70H7ѐɁSN#kOSI*kVAp lipR6T)5%y:‘g/ĉ u( )24ȕ,tּk{XD#˜8.?%vp^ }K wՎ{2cyo3R*GKXH󏚔g".!A<{ t-ol|D=OH(?-hlk(I5&r2| }9u@LVNJU#.W,T,;nJhZGʄCdy;ƈ7yBM=L|`}nNRGar*&+'S쑡q,)3"C$NsBDxF.? Bz*1B}9fY-8nϺRT\tLղ{}t"%cmζ]#Œ.tT+TQSSC ].T}m0|6g2HSb {th̜@kM[9)Bmrw:kj6W| >/ֱ69F;:+͐lb) YYAE^SGZ)E]F%PJ\$rr8 ]\7 f%'i,)C ٍ؏I?X2|G69~]Tj4(%VU]Ǚq Ks3xvZv]( 8[r['dN9?@,"Rf`q, λDQRm4C̣ҍAFrfLy v-UiJ931H(1!/ ՙ 5Nu$kW{2"d7EZ޵ѱX J+σtCVz]쥵ci$*I8MgkS0ۺؒPZ~(3P9{>zfb[B@ї4:$p沉;"([#{&T\ HwLF1WnX51"`YǽZfuēS!ӷgޕةe9euMPW,Q.d#4@A>-u;@}BTlU>yT82챻gf O /j [R)F -mqd ķҢ^z~W6CJCPNo,'wzsjU&qd V쭊SN|]g/%# U-.e PJm_? )k|k$+u+#k~I訿3B_s-58Ix4LgQav6i?dZꑧmF+*'ـj$8G`0&25 oE_[r|Jpaa"q;sʭ1s-D,inܨ%Y5;r1C2U Igp$fAJnR&N?N@QǠ_;oUډ||94$mRH*(֮(E6': Li1`ʂxcoGa&u\wZWƤ셊B`7y&z_=h)chs 8l.Hgr7V$^D?fZsΗgەX\@""*ͣJM:+z0kFA szDfs#o_[w5*d}? 4Q3i@$5#+KgJkUՊh3۰w 7@ 'T=!@& }& |GF9Kb E@WZaJBv#bb|K4/2Ϭ,s;ŀpz2[zgzR"~4;֗'p O^iLB3ؼ+iO#~i?AʊQBۜ^/IH0p n -/ OQ'LZG2 9N'HG***.Me$\彶B0)vKb|y$2kE"GwRX;^GUݑۛ ?F eHfc}/ Бӭ|U;q3W=(GȼHmVv\iP>T'_mPvFnXLSL@f$.e[ߪ)5gLϱrU9S`rBP6P+yb1w" > (lhDg?|@5}%Vw=KePŠ,R[ u߷[-x1&[.;-Ah*1Da6)%J#K>"1ZQPZHe&E\ go6 lӷt1jرAzn{>jDl4:'IDր JYag`!H"=VLs1{֠>fFv!N>,r*C fwZ70YkK;Xʁi*{# q7egd)١.}?n_*xߦ҅tj.K st> $ elf؍)y"xqIκу+]&x%Z%!=64jo-8o/Z~>Գqeצhя@hbd&s80bkCɜ 0 ~=)v)4'xv2i]QYo<N=VwI >7Ǧrc SZRW9J\xXNJRQ7(7g0S VwtUw9<%MW~7 c)yBϖ߈&.6+Gּ-B5ITү)(C,H{IXYhU+CQϹg%~-  t7sd~6bR&(Nd[ŊyV&;fo~&'(8b Rջ㈍O8Z]xy"P]F2NFGQW\" DO!ʱ;?p5~Sp0C/{8#kbڟTSx"&g 3wa8tzܧS SU6c@ԼVQb_dK1D/HU"{[xTovlevxUޞAv,zh&xZҜrK[N"npdV|jΜ@MEtݻT|.\&%Bb\.D0%Ԡ 4Wi!b V!>;'=`! @-t-TnW5n¯aXTb{ Um`^dB#߅NC´Z^ ֫6\X$)Mܫ\ *Zf*#'[[{(a#?cJqVݑFl(z5Ehl\R?wҲ,C/Q$O98&*[ڷK'zp7K^7~=U~&.\@Snʗy?*&y%[/R49z">B/ɻb|њ2!Q撝sl70ߵQ!!!*T#eDX-Vzn.,1-tO)+A$h,`% 2A>dUkS1Ohڃ_ X=/;MDՑH1zц]Bf ( lӗ@߭=PYNdu xo>䖇ۥߵ/HY(隵n;$1o |Dlr NN(Rl:J',#Sf %3 Ƙ k2<q)E.p Q#iϬknQw\Ѻ j`rv~S@r ;KE|m(~ mOV\Ka@kO{(eV'2n:gMqTr݊zwȘAj<׏MpQrGp3BG P^"Ž& zH(<~ga3hu~I]kjx@Ő]' Wy=3yJ0g6ŹLyQ5~6^qT0<2X nEb|ׄX? e3JFtA~/y2JI+*կ|8.YVK8И[MZV10s}ƗG?TZ,y~bs$'!4#j_*@#m1Pk ȩ@qNfibˠ(>ۓ:x]ZO$~9Ȯ)#Tzq&Zm^4,i5U k|7>]V  azlHRt|{#Bv{*Mp-ܰHV&&F|TE^֜Z^)~UbzJ Ka/>.ʁ+~-2[7ppa:N@No{U߱}x0-RSzUѴ,: SPVzFu_OEu*T=^-Yi }8 iWb}-^R PY h!l`!M(!'.R~­S>\v&㪳WigoрMNrSo`iiIayFӍ/aF-ZNկ.JqG=GK+f"JBV>yY-"%uD3n-C׷'Kbڭw`Dh ƙ*2zTb3U$Tj:*͍,8wFEl>DS'Ha Y^.ȍӵmOsN8ڔ5b͗ιh_q4F6zߐ|6* SM0-7z:\{N1F^[KS 4aTȕ|y!//&4 23E3h)DX&g˜\k Hq) J+R=H x郱RQ7ķ}UAUO$[1 qW*w+".lj']u$7Ir9],Y""R>lO A[+<}N3/ߩdC_eD1 Grk&' Ge®D ȫ~MNZTbP9I]ɸlgzmWM>ܯ5`ԯ4 vظNGϦaqªK/3+w꯮\M/oS i0J3[lI3g^U's%=, 44`nrz;p&яVFiqaA{g@іK"Az^תmYʉ(l۝֪J$A`s  x1sE}Os<`pK*Dush7 N}hL(-Г$L|ъ;f, ܨlLZ>;HP#! (2ѯi@UKX!}tuNOh8űdpß<%M'*7%5O&yaY?k ! d ffO6.8%bFkN9hʰQ,[=1#d5C\i%T+1*(oHfХQl#Н_Thڔ?qjo;C&%Vj{$rE#sti!4ig_LK5җ5@i?ӡQ u>dw`+in1'eqX}ga;P-6tz˯0ţ[}Z]>4ZC^x2%#s1ǎը9}ps[{bCjbh3vxNW\fāgR߆̝U3H3BF=FN$oAUKFgI&n=9ĂsP`^Iý6a]3f[W\TS2XECE+&&C}<7ǡB"W!HبJu2"z$|]~p:&r-q%B~4,5q t °3EP<E<5\ip 0;C[W˭Ą<6z>+x_yd>#73IȦQ`ѻ<_ts8oqeEs?ܩ)L}ba~]֪mۗ+z BShQhHεT((x1{rCoH AhDK O㮡\1:ziIJ(SY+r$G.Ɉ/nŵ3Q슚-W8+?I)Θs?7h8o7XVd"LvIc\Y,?_j1gש.}ª:JHL^4F*Q3Owé]ѽ+@(!=3/д׻@䜏uc"1r ĈQ71+jl5{Dk֋!n~25Q%R?XݰZXن ;\QUO{6q%$wTOVa[ )r>YwUr*ҘoU7_(q^&O8n[TfLL0ܟ/ MN@Tx(UŻ͏ 6'Nb0 |D?Lk L"2>~d&+0O!?Y:MQR+N. 1>-#߹E=,@ vSSN5QY?Evn޾+#=Q4gEWEf V{P(D'GPn0/;6MR#먼[; ev*aڷ)pF$>tY?/LӭPsM[K5YOGK0HCG$pZr_\])* h8;mU%yTؖCkw _! ~mtܓkY%K>+#%o] ZZX…>|pT3j白7ԸjJ8dR,pLQmS8j=4zIޢ &q>@)=,F`.NtƗ 2v2p=Z58I b>4f וǨp>| h[_4q]?m@7!}aNC$A@ߟR .%HSG>$9M f֭|L;M#OQ>&N+{60Yd[ю ]Iڎǧc -r _@1:F(7<2&m56|>G#A{lJۋb2aopT uf{; FXzT!Tn/<{׷z^=m'^*֙~\M]yQ~+~Mgj}b3LJ('L¨Ví‘{Xk(3TBCmӝIp] nTf&0&z 8k͒;."._)m4/]+ >)lyzshWF}Blw.<}I'v><ϑ[C$͈ߤx(R؞<ivlE! NZO[p=oARFݟUN? Vاih=wUSLV]v3pDoį FBs%mư 0cHkSs#@r'KԊ~9U–*&MPet&=A2؈T}-D=6%ؒK]tl,)&h;/t̜:yгj#7E :|-dP e%`?SD|û|GElybwb8;SH#@no;>CügcA8=?,w썧r*W/ٜxט$^TVgp}juȔc {zĥ0N?"z(Gl} +৏f~^/ 른DGJ/{V/fdsRˠ̹q_P9&xg 栠i/TJsoz͟sE3U<N أ;a{ζV~5 &Y]@KPiФm=-8A3iw!5 TIۢ%w~6"Pa` ChHbtV>PT='#L*`smT(rf\'!<p!pK9,9'ӽ}ؽDQ7_˽v :wmJ@͍,gʥ O鿸+1bbkbrHŐT4Pl+ڱh&OūӥFY=ӓXsj\4Ԅ D Ɍ!uo &,HXAeA.`;FeN̒YzQR `I#ktQ[h`(yC?sd%4y@m? fYFf*rߑomA'JWg9u$8 @W9*ywf RlEIz3_sDIM3ULj-r; ^Zh]bc,3pBcb^SmL9UY^;Wxj-yp1#Utfg3uތ ASF*"QƭGkKw!i<2wY80C;ܵ6>:28* *9.7~u"lͷ%UJs,+X'@Zk3P6 u2!IF1C%y=ZpVƿ2h6 x.6Bdr &PFcnɖ{=P{J\Xƒaxw7oGC[TnuhI ;q֦/9{k7/5,\?S.R%A2E]ge4 쉎5p6S  Nu1p̍ m<țuSg1Ȯ\fo׌ua$"@`8\ O41L53\yĒs`n؋EދGuY `1dC+Cm ʙ?[CRa1¡ΏG-OSsMx_ I}߾|6 SAs r A&*]thBrɰ@r6Ӎ|LnlgAtRc{T1.L7)YöB[Mkh=2I2HG&{x( ;7D~酇0PYI|; 5-A$ YCN044GcåB gGk@3s?:Pro= 0ߓX;_$~ "] )u>7zHh?uG!f510X.`#M)8 ĭ3VP~ɽV^LL^UñwU(s!on5O:YMh1eb +n]`vCc8o!@7ڰl͟XlpSJ?'eY.rT_`ma;i0IA&R*ucގ|CLN!eГLFWdH*kѾqtbr.z7{ҵmohТ΄lge{G@HxVce%`[ 5ђ?D%&XI*ƹA"t څ| 0Cv5/֣K.|yv@:agjik<[uY|-V<8^g/1`In08EŕgWZ76o= Yʨ)C~XCUJٵ $|i!ptΠ C--iHgkJmfqL):)dޚnvr2167O0N^k(b!/R !۳Y؀ZMjb]xeQlHU#w K(M A d%r3!9x3?Yl YbD~ʊ$4h&y;JF1r>!7סmK;'܀"M;,Ob?8qQ;Q%˱Ԏǔm4a,3YF#vaԘFjh̦j?8=C2 VJ.,@ه @acw&3sIYbڳ.`*Bay֔}NS]a9#eaD_*RQC7k OV>ZY4,?zpS/ǥ^iLĢ-PVR(MBˎ~}.E2OT “;NvYDؓp*czIJ ka3ô D~ҿdO$+jV߭ʆLwp{jɓN>]IP_Nvm`D1wrHMhlC]^C_2?#xx+TD?\wk;| (#[P?6g,!5CxTt EOf%P٨kÙA lNҍ 1\"arEݣ!sblލ]gU--Zrd NF$Q'Gn+pumILJxFw$ҩ*}G%oqҘHbYbZAMJj#3G3(d,4!X*ڒ㽏߼f#x!>obaU:Ș v!@ք0٦Wf=ak8v ȍ2^@`1-؉ϗ+N9M*iV{{< (*#?LЃ2b kAZA OOPXIHTEЉpooR]ZB7FaΉՊ uaW5-iM^YI 78ɽlOPP>g%cW7F}6?xwl.7`r-)ݖZ $>VͻXLPa‘-'xbQ-%BUR\ZzY*t%$Û#h֡ƫ6yާwGHrvKYf'tQ,TDݭS1?6<_ xTEC.fAf}.u}`n` uSXܖiڟԒЏ?3|ޞ"~x*%G8J&q]>1>BstHx)^ O}A3bΛ7` Mi~;$v].kb9n=j KP>Ys{}(BlzT`E|t%R^6 =.ِIԪH@1,ZT:O˯Lڤ ]3O!~{Gb`&!z&-7(<Н;+B=*1:W-eM0=sc'xλ}H!񸱧L "+OYt$$ o\q،`- `j :q(4ͤ?́,TIj"It:T#δG?к"4ŴȚ论[Bv'|ixDeWk/mSYCosV]9MI6HRm4W#*~u+ W՘cN,yvmk%Iv ձ& x#"m,b.|u [+4ׁj4ɴ҆V>`;/VYq#ifZ%@ùs=X^ s5~{KG8ҽ]zykoZ l-6U5Jo5c&<<{[ Kt;mbkRMEӒ}`@u Gnh*t)pQۮP!fUfRtc/nĄPͭ$XZMzf%QD+)AuC@/,\&b[l:?uҔ2zr-}r~)IxA6'UG‰[ͨ* gz޺OB=֯$T(k%1td;Rsu5-tYyè| U}}Ƽ  `Zb]ͨD')C+z84f!n",,OhtU`,!*-s2p@r!m%0 xY6 >گjC١3Cgg(4U,F i,<$v魯cJng&kۥK}?wT33on :aS6 tu Ol]3rfKھ T=I3#w$\KOϢAXP~7^0|*%Հ)3ْQHE"vnu*E!Pgh/ =޶0%̭Z E\?$ǰO.6+tdXU2㏣L +"tMէjo{ caF- hV՛Xyغ y*+m*< Z+6fK6VDb4o 7{OA?; hc&tEiS9$Y^QOr1|[z$x0I檺੪ g#WG~yu/fZd;7N j*8V ț/}(݉.3?6]Pzd 1ϫbH[4k(CP1{Fܽ Rq z'2zMiL4"J&iFЉ|MOq(WF 0<&xkܜҤ_=%U|url)32b!P#ql_w<Gje&b!9[ j^`q/]5 )zΉ. _򨋊Cs">i܀s@`ğ +Rǩc8; Y_T RxrŞk6uٛVrĥJhpHY"K_].,8u8)VBZgϞýIgcW{% |iqShP~PcN`Puw7q6N.\ #D1%;$ّ4[~/CyQ?0;2W٨ .-eRpAH{bax$ɔnm>n'2 0WVKp+_}|H2OC"9Q:5b@ӕ`Du*Ɂ]Ʌ~dC@'JZ|0H[*VQvU^LKvv<_r0ye3QmPtyϫ ܪ$ϰtA@K =iJ!S/Iw-QF*]jihM\䉌*nK )W77h?Anf\PjCЪj鹪JX!U>bWfGƆwr&Zy%|9]DaÅxˇZu_ͥ"{ FI"ފhˊiEukw! ]Cr/& ݻOziėwavY'Xt^kv@U T}G9X*"/ƒӿ:&PI_;!OS oRq?o/azvєLeأ(ᯏ#ԥZ?x1d*X[պ^ '+2_'=|dY)p[MjANрOs.Qf\cF'(DՅNTu2c^V/2d0rZteDO{{pzGN3`A6|]jqL#bWB)g^f+uǁKQaŃa`lcmcJQEa';% Uֻ6 SI%ʍf8^ h15gf]+oiO )@7Y ?ܱNٷORm|9? &7LeI$rri R^sQc*K`R^ImB0V_{˕GjQP.1bPtt[F9wWsLA+ݓ"h-(--21ؙ@.-$@ڥVd{=4/$>Ru5mq[?g'֡3^݇VQɅ,)f6{-p,їSLaO[B$n|R[?mwkc qxX e~1VAﰰ`n$*Mx2?"_hS0{,x]BZ?XNḰOf$DT .*A"`b7UDᾣ xhA VP $V@d l8:2pHۙm$ [炉 ^ 74 D#CrF`>/[V?lp~{S1o˨}ysfj(U r#!V,:7uKVUfspA06-/s(x;2R=rC-*E҂Aҋ'ѲM+N+=}Qg$=4cp I׾@8uOZC/y'#_} faoY&51!ĐF;xeF]!hK0[AN Hm{y 1c%o{X{0j]̧1-%JO [MC_?a7UT xUlňA>XxV1U!jBŦ% 0twOD)ΦD10S}̽OjJ}cj=wnt:-/`4'}!M2/;-30X5fȺVOBBձ(aX4YnHTlZ^ &Eh߼ƘâF TChE$qC'U4N5&$3OgP\꟪]ROs}(R)llȾ|x2<16-Cm|wQ=)bj7 Z# Z -wA/ K"nsG+v=lLvD]lHzkEFtet5cM2'tiCd(F)~%v.04θI6 w?'5xQy BR7t9JH.;[ >0yBJK\QˡPT*[ -Hi2]_U>R})̮H!?xGaFaΙ0}s5P''w+E=G iPÄ# "d9حZFrtd ]X<58C!CDݣiOߨc4Ī jU`4{q.~'w`"lJ7@J4_1rU iMlkK8\RvfՕ>dG:LQaj Y6ޢE/>\v0q,B Y0Ө6ىye:v+ТBKtbe5\?~"fbDw޲n|C)gހ!ĵS՗6? ͯ7IťS`gFņ,yu`| uΚBȳNq9vt(/a?`b+DzZYv+|Y)+di̿xٞEpND;%΀l<6qD"5 ?9F t&cE'Ja? B?ĵd'7z 1N7vd4Q? j3M-hNU,`S3߁26t̿0bt8/"@Gk<~?Qp4]ktOÍ>d+L= w H_xԱ~%_跍 <]YPl*Bcʰ]*Y~( 7x imk R.tjoX 6m3KԤ"[brCAX~"cT{cZT|G8'2*3` jCSGvH s 7j.1b*o^^O/x8W?3C3Z,"^"b6/{wd{'t1ۅظ Z@Q5ܧ'[-8FR7lfON+4 J/5veJ`iz7Qe,;VEXhꍐP/BʮI(,jFo+9 gimC*5PJ#Aw:ahum)EԠ1f$&HuM/-O8Fi{J$'QA0J#C^^䆭ǞU꓆us Hvz*QZG[[|iI/ӢrJU^f{}ۘ ރ q:}(K_&4#Ĝ?K@LGyKm'/ߎ3g+fJ$GN3' IƶVq;Z΍CCPfڵ%o6\sG$NS-xa4u1띷 KKIЬ%>3z9z q?<! YߧoJv=lyG˷eʒÅ\@U!h *-@. $Iw1`0DH\耪9O\bx5>1|0 n!]נ $Cm> DP3b(Iho8oOY%u,XkwrxfMJ핉 ,ŋYK`@HY8 xs쭀Y LW0 s Olω.aӳsI?n^\3'+RpXo4Y-ܹr7X ;t&mM/$Dr&Xnb!~CьSF:Ktn{J@.{Oͺ(ps;K343ɘ T<&gbr*WOuTv0uVLUsH\[Ko&jCkHRwyВx]_iJe94xt!V;8Õ~bv|ϹIc~xZ MF[rn=P CUX<9bpM۲\wz<3]PPPT P?"ʗ\[zqRaD7?#Ҹ_ծl/MPB*a\-<1jBR|nX"!R7*eY632܍l%dTQP<) liXփ0e68;<̪֎ȾWP8"B"T.>u嵯df fgT_ v + H "/er6:M){"_P}́oCQfz[!C 6yjq)hd񣱕Q=d#N%Nm(LH&5WlF$ F  PAkK8r9O%S(_35$ҽufs}/bL6͜YvlVS!`zMP$=P *1'dI@sʮ^V00OsۜrWU!ܓA,ԺbY49W:癧:/(LQ:6eF“o02s׹bwCह$\:%6} _z,(f 5B"`,l'[DNk"/)A`=l? D15w78yk9u)E2C@RO]mC0S\^/!ePn] bDwc-T,:jǓ~B+f#?Oӗ̍1pz9$a;o9;||H:5[ZN4fF>w Ck~qļ 8p" eԱFjz pY>b*ߴe4\T$|Qj$EF$qnC {v#?n!(y5CDG]̄9ō,2B (Z1Zs::z9 /EAt,& y$:vC*RV+LXSIVE-D PQKTW!uN0 ĥimKK#īن|ub2V̷phU$wirArkW/[pȪ=W$hSg%*x.E / {y 鯜reqyY=Yt:փ" ɿԍ+@gW/Vd2S2 ;u U$|,{E)D  &ݏs*KoQ"QL}F^F5v ^Ou0zt \yʧ:4=x%Άy%84V,o~?jQNV6L$|Q9>(ΕWTh6--,\)2+le1US-(Ԍ|G`.C" ~jAd3 %Y}=9:Q֥!5 9uIArVEb<]#6uD `V,{L=&*J3F \c{zD _59;ٍ$d@LGƒ/23{NvRbNE.F#-l\!s;9:4jTcd`%0rܾqU@ޛ9Atm L$3{f.ZvpmwQ'!rW:&3vٶ! SxV_)e3,HZRs-b|{\[?<5L<{ި;^G# H%[Rq_ɨɿ啥AY]b$}ʨ^ Ȓm,B"=uk`wP/rPkiR1?; $\;Suz~]y_TbxW R uFi#y5^:Q^vO_Ԋ2~.9H$(]bA'FApnHۆppX?=Cx!B #@df 8 eWl.<YVxw͵QHe&=i.b̡!퇬ŘX@{$ 1?qSrV+Y%f,oXcpLr)y_EC`j%gd ke 9ܪ,o- d\}f 2{7;p:6DX|7b:'4jv^AV&GQtDV_u\ ݤ{~U-P&YJK2.3|d ϾblAཷN+ O!GΡM>`~e8x&Lrğ%'r& $]V/ Wˉ@`ǖGMvstZSt2eLmq'UQjk B"~ώ jC^# KIdgRA<7:&)cz-4b[YpKB搥2*7YLx`Ye#Q<*+QEҲ[{Ts]w#;(ZϽv#.· -w]({Iewqw0_D’KnQţ'#p\w<$t?S>V[[3W8q V; ue"SdP|СN$8%KkbD-;o|>9GzO~ByEuVsESPo_Q}c.Rzk dh@8TGo<MMfj)r,W, ]&ӰYzI=[;U9m67=??wYV@#׍1Yp`zg% V-:CqhP܊ Tc$MN -pY&2HL|`ibTKv\[F=znXݸ{֟<,۷z'\pn8R'ٌ[J\ZdڊƤ ȸ>BVIbϵ~ 1)QןE).(ʪ X>ikZ…E9UEj!o3oohp.f7W_>y6vW4@8 ];<^P~EnED)0 $E @ŴFFѱsg"uC'߮L5 l5Vo/­7 &(}TuVNL@C0C'Sc奼*TT.^Ce;դ' Cn:x| ?x?Fd1jzXr 6z/j`-~?"Xc\ە ǽ&U"NφH˼jI7l*Ե(˧6{o) x|y#^?`u ^mV_4IlHkD>RNݚ<3`1TK?rU'/~~۠t9%cs5+=:)pv:n[_}ԽFxg ܉q,aˑ#EwOߐϘRÈr Vwq'ߴ1h_5(]rP< !ԕ{KzQ*uqu b/뻥}J1Z0bI/ /lP0W~)z}oۚM>G i751kF=jU璏3\o@7X&>e̖טtLa2ixЃUk@"$mZ4*Bτ9qPw;E;mB[hj%(5n]d\O5$̛;_{i'4o ?ZdH/ bbmoڇ;1hzI*w FaX^uZ`5qĕ:,.!٭<_CKCp)CT& -0N0{@hb 9ՍE!_+Dxߛiuo7822FZHr{1gٸ9.ރ@KU_v_șkধ'aYt[-7YMQavv#e^铬jv7@Zܔܺ<2kr[VmE`0׼#~:  *lez :7DP_ݱE FXZ^ aߕ᭍scDuGIT*YtsS_`Mj Lb3] W?wc]r@ْ C$DlKmtQĽK뗂_A`| F}%YK*;(;Xr܊W:KTT'Dlkhq405w{CF(nsP(` ]˵=![{9Jss`gRn _ Ih7 -PLi/W)AVmv#;O0%A߸Uh:0/lfCr6^yEQumCY^ ba4E$nV7c昭\FnsP<'<[{K-Jrnp➹)Jb"3j޻ilGy'g ~@ϻUAq!*ʋ!ώN=TM(읟=ZVĕvϔ˻h”*.즿o|N-74z[kngfCY7=azwr ҵ7+=g X!4xF(6lWy†ƶpX F$Fcop}o|(y"]]Ztq>%mYQkv7ѵ#*Gpz.D3q!=N|K'^8wP{y"7}#dve'khj{,Aw~vp`Xf:E|N2l V=/TciU NǮzjBcvT$v{f rz|:RQtTi_ {UHU]}k]:v/O;ߙgC j2ave^CG YEc9[É/u ؆Ğk6]]nx =4`ZD s>5 + 8g 8cBc ZYzn>pjr!jd=BMD!@F`)宔ʣj   OV"ױe9z'ΫOA`\ѧKT0Og8g`J,{P&}6. />ӻrzEoeb⟵~0e[y ~vtҨHͨL)B9̜Nt)5U/b[W4NrZ(uSWy'?z:gqb8A #@{qW:%TY#*=ət͗BZe%*$Hӱd'n+D46K@_x;'v#gOAo cCg@@AbO ܣ 1נ2mr\ ?6Bjd?(]V&D0!4·*3ꬨ{wFU&w{Z'0Lᘬ.S[[ $|򁠌objsxoUUip-QVS*rxm۽{2?nє"؋tSӗc9/òm| "XZA7"P6f2ê4Jh۫ >Ym,PR 0]YTyJg`Ka@ȉįf&8i4]EdIƏA D6pV w Gj)/ٙX ONBmBE}n4btMknYwP(M""jE"JKHtڷVm>C[9Er4[ aͮ[)~{ $X!~C/Ivv "[|j4>ө+AUpJv lXonƅ.`iX0C0I^ OP0pEB ĕwsԺxf]BZz{~SCCh:z+"J;/nׄi…F9!﫵7y;-iM wKm˙2W`yϜdf[:k :}狹ԌxZ^R oUPդzYN)]K3ۄ#Q]";5ǺJvMjd+t0g.Mz~ 7)[+J]5UX.#Rs<2]Ԍ]Uߖ 4dJQ`q0^7*f8 T#ph{yOok~F76xt0 ;{};052+eK.$.{Hv1v2M-&Tkxл՞ܝ,ꡠ!k{=pGոקRPܺSKDfy[hղ{_|v16 %)hSO5g9poRj0ƅZI?V/+,^W|EN8cS= 9FhۅJk>Y=GĤ8]W4;WݪbbN_ A eyMV|r c=8\*J%OrC_^0rM`s|L[Iv< ~ Ew(= RJ`@BaO2:V7gf`_% ID tloӲ6{A&M}#C(+oSӠ6@Gø˳ΰBЙttp$߻yxG"tI>8CkejamzuSi|9iד]mfMx,!!!@+P0?n/-A 3xDU"#>sϏOjBrPɠe|?7l/)=lyA}y&ØR U}΅R;%j{2. ^91 =}=%/B͵\(Ϋy1ۥyN0{YQO֬f+N>rrgK`]:!$ejXn{1Ǟ1Ʉ̬Leq`S,qvߖ`WŻ+DWUгEgL?C*AU.Hg*n]]W؞H@<)h7ؖfuzvAaB` ͅ/L-{ES;l )E?Y׬W.Ti֏;hF+z;`((''у0[inR!"oPGHo2z!Fжh2y٦qيHՖu I ; 3¾L`OK/_-hC‡X)*]n0yXk%ЂXg f6ì#T_\sV? blr OG?AtISaoz0ujʼnBfx:QHME]xr ͢9-Mx@g=GЇ0P፵tP"接C#%CR[w[5n%/!o PNJL"3wjMde?:;'~q4y6Xo}vygpl&ᑗg>]] E`c?i1yi)=w4h=<I:V-veaQ.Ҧr>y\}9୑T(ƪ&"\*ʥtNc#`Cixm XMG/ˌ6D9Osk ך PMd\q^'ϙ'bdhOQ pV$?1cL7a3>@o7$lyN彋n? Pxday1oK̇[AV䄌9K4Eђxnn 5vy(D÷=ǟL O-sg ?U2}J'Hd;EX̩Ѝ7g<9VfFJ7߻Yiz>n H]8R5ܽVTo>Yx`q^FvS1gĮge>"}$s$'o\y\@&"Cm 0H?f(;I6LHv!*B)8>?&3 .xeSj/ߡJgkhkZeƬ>d/bo&klXgdkr=Am @Z,D.e6=ݯhI}>d-y,)[70U8`HXYV)MXU0[eM"ϔo3]JHV& _l^IOZP~*]TV?&Bx~lX"$xx2>y3[QKom))#d-]E7זXt ߐ-)!1 yZ/CdۙIxN,$Z(4_kgdt 8- ;ZߕT? @_~6hu28=%Oӆzx4,1MDN00~r)LTtkO(*s&/Kd2;,V0ҥ 5nIvבRhǞ{nņrj6w?!̖hgѽ8E31_Ҹ{Ptmc;LGNLm(ӳ P)\VQվt"@WjWNEPp} >uaZ_$[y" 5]@إa:d%:Fm>|2ur:n5CIDLGY5HT̂I :H=J29|,?woF[Z0A?hnemzFJ0޹ϥ5QVbZkIre$m+(qsrhMt o2e4q &?I̥ݡ)"`-0CVLdm l~ҺTfL*D,+aC8Լ9wHugaAraeKE9<"> b@[l#%-`Zh+X"!uhqsLUvk`fƴfҌM(Fkd ( Gx?мMP/4mR`$*ȰG j<`0FΥR|r3ʑxlWe!`z %gikLh+S轴,#rץ@7H;[ * dX$pD' `!!wUkLf;Of\lG,:k׸;573aX J9dTν%7S=BɊY>l-@5NȨ Ludo]UG۩drR),e Dc(4-{]8*}HeGTFlYdf:=ќ{Q$ ߳֫ͬ͝rVޭBhC^ɘ!sA4 ];ni.JWloںk(?unQ(+PʊKSMk".2Y3 288k1t({IEM0wV!z~j191-Idu8z(Vi1Y]H=x<[%=V;Z]3@\dY /v GI dq9l+sF6qo8d@ń~7L01U5.W PHWNݿ6~v 80'NBImFS=0Rٹ[}\(VE/_ t8X.գ5jccq)^|g>8 \\ 16JtuvT9Y&60s5*]~n g'KauN̹QK2KڏDdrj`$3A ޹*H_:x hUQCBRyN}]"Z)KF`; =Dz;nSXFgLȢ,bw!oTA*ՆQ^;&ȁQY~I ^ N37Hґ(^7"b;+l(1B1%ٵKH.ع )rŠk& cقs^c>ܥJ%wŭ*)/uqh֛qDu %dݣCFDvL/x oIR4)n˪`OBa{ Z̰DZJGx*KivbQZ4:T+ec^(ʝ0 EWk4a0*e~`'PXYc2goAc-//?+z:&:; c~0s#^"*)y˛E  p}{o$՜n[=%#xgU* pLnlӴ-AkPROmXw)G&n${)LePԨιK}(f%BB G(~ 6d4F~Q&dRd9,Zrq/"VSW8S?Os;j1\$" ^H VY8|ʹGt蔨+G5a4EGsG:AfOFVhs}TV,>NRJD77N3sgɓhx~J4r&zWQiPQWG!>cgY{=8r_euIr+ EvҽaRڗ8 (sg|5Ѧ}~a*K2Dmę@"ahc=m(ջ'DeIHx=Svܰ?$D8ER o*a`!7\F- '}W=/͵(P j8p|`-Hġ+}!ku[LwСrJ+ίX})?w[RZes!ZfPn"pb jNeű>X(DMyf; d *K!G 5;ŧaPfye?zp?^h(n)K$M/mpzrR uͯ!߳zPp/, /źdSTّ[ߌg{06,kFeuc<3U\ 3}_6:tcWOmg CN@IGvIw㷁V??z/ZmC~ oH{QP%@V S&hQ@Exm'|rЄG/XrVr* ™cyohaPEIq[Rm-a^dF[87B)!p`oZ߿l1HS""Eͼ"s*h 0rNw޻!/pqYgjP\`߅K=d+SuqnJ%Yu<оKOݶcS"xpG.S]u7FpC126%BE-knw] (R℁ :Ͳr~洏wߙy =2ow"+!; Ȩ:W@WAd@.R/4ԉl\7/khdH 8$% z3 (т87&ܷ!kUΚwW8nȷu|Q ,j3=v~a3SoV>Ӓ j/jU*'JE짥=?p?#( {;WO:j(F-+zf֯F1/Mɽ5V ?&3me{5-kzsAM.>Ҿag[PF;WICeB賛o{V?U:AIL-O&8*@Tl7$̺v,FXncIhZb3-m<O:kj!mcmHqⳫ"Of6yݼFp rB],ke%)vGJ*&K>Wy O!,T6~.nL瓒QP|V \IOA;wс`np{"+[Yh 3"MkCuW\ 7U%@pIN8HM IIa=VqgXWNBl1,`el/M]Q\lL:Wjl&'KY̹WhuGԩ+8?@yLb8KWQO*h-)24&XaUD<̻ 8壠E5 _\]HrX r#J Q0QUcaΙo(^3V? @4sl9I? T `]MM}O-0v;d'^m8ؕ k6e2m]W΁RCXT ?,47 =첞0ȭL n ~KPsxF*L4[p3uYxL#` ]6`cX>8$4[Ǵ P۝I]v74JBК;HGS@k/og(˜H5:VPFhAoW">S+ǯgŝ) U{W~Zjk_9릥#OFUT^g8O7G'*i&%dfQrO'~x7Ǩ{MN *8Ʊ:ߓL4VERDd, j7iŕ\=Гm`ZK>ռ2OِjyM@@6SP*ai5i#ZLsmAլgWM`F3u#Ah~]*n7 GvY!+@_rXOLK*x)*pOO:BF:l<%SU74^@8`bcȩ#DXDG\!(*tx%JRe/Րt%5JK[xlRCvV7h& quqT 4\(1jQp L{ζ3J/F昂0o?g\ S}xzp;:l}Y[z_Mc6/5zG4?wԓ'VЬ쾻qĠFD]!O%%XX4w$R?̰YKyNCNL? ^ИbJ M'Z|LÓj $.q],}t^]ۆyݷ0xN4_rEIz+n|r饏4,i&]d%n!Ll)\)6"eA=ΎJ|.-0XX0r%z[6?dd\$) *U tWތ!Y+<;&j@#y`\_b Z$3bοq mn[\?ZO<&.fsg0Or/h09Xkm%1(S/0,Nv HG- u= xӷn=39CULؒm # 1ӕj'̝bx%NjPNR+hf>࿪?FC͟z "*@9·}1VG%Gɋb?AϴxN:?r<B|-VK%8LvF?Ow}+g#t0gAtr` dcx6͟9]ZI0nT90U=QٓX5)=$N_cC299DJVcz#㒟)&[VP0dh*m 6.s7IK A&OUV ;1)7/zbbEc@nϲ3/TD,aJɖn?f eo9jvl[xmqV=x k! 0JV@Hl|O<֌"AM*EG]c&uAEdƠHygnۓ},uˠ%g+OpV1 `% MoH8]1"d}LTȍ9>iCӪ-y{CX4뀯I:U>>Kdrg1 5zK,`lNiO4LOc:̀o)פWr/ x!ͬ;bo6|]K9$QEoD(%F(g! x^9jؒVHhS E>\ͅnRk255f7&臷J.FȚӥD?<ɼF_YLQrˁ"i]CJ{엝nE<\OWO'quo3S qɓ7=013$fԉ{$: eڦF-)uRvI^Nw);+f{sd<$g#^mt><}'?w S|ݧ"4UKv|+gW@3+WPss2KNgI M:vFd#/ْ'ppTz͎ݫl)$El⍴ż8 MɰC$X8 BUB;T_kba{.L&c's陣S-ځ|{2۞T}>tUJ<=IY) ȩKQ~Ъ;FcZ`vWD't+h{˨6ϋ!w N[xz'.[$?qrId&3Ш@} G"`Ģۣdёd)pEYʽda'%Ddfܩ ۛО)2M9Ž`sӏQ<Խk֑#+jL+"S9kqO 63ߙgvZJK)*YZii_!=X#ѳ O L3Q=Z &5_F)]<А dF "OSt38ִјzġ5'|i^-kM_2P|F)EV]csc'Y$TEr |.Xf>Įo!8 iI47_qC6,)~GlK?ub. ܘx}m*;^`ǘM :#z4' nqMYv'F%\ $mgD<긤\I?긷#2x;tyvKcY| -66o\j+)_J^#7C}뽾<-#.GVĩrh4}ϨKV-圿+}ʱiوwd(e /N*KD"No; P) k!,kaq#C3??ݡx:ďv~hc4! 9C<) aǬUd~D3&fGG"ko_պ{ڥ%"[J KBbP?R-:'ݳWv o4!x)5ޛr[|8\DfБ6\@-K7*/eCMQ9 p ߎrv|4}&͵!頵@_蔃SUL 6״WBpdy]$*1ҷ OSQ 6DagR~ɽp `W0+؉'S o-xyihz;gAÌsL0>fث*NA UU8<3 F]=¢ziq4 ͬް-t-ɩb650$:5BD3XYzO1/vK\xEtJ4e|w-l:1FQtJ׫wB'&M" Q7,<>6-/92.[M.XJ`z/W E em>fdO=,n]تAifɃ7ƧaƁ|Bect-3ÄDOsz>۱*t)@A7<ٱ߼$"|;ǢPCX ˎ584i2IܓuǦ(tU?-'db9|K ATb  mNMIB®:CH/1!̒&|?r ؛`B]v"?J'wغeCDYw,fcd#=/zA1M{A-7?DJqF3эe0"}[9MybFlй)~GRnļuw֫bPZZ0wsrzN4t-ƽ׏/Ć@(殶x$-|.~şn3DGtﺍ)a07Oabzo1KJZͥU=$3ta i{2s꩒ @>L&qMT,\{Dlu RʓvOo/m&6MB6jZFItO|a;#[Sjsu& @4Pż~*ե9+n!lk[Ղ)&׎nq ʰgVte<",H;]ї g+Ou(S0]׮Ch=)7l&&e [glb`ƵbupIҘV2WHL)crÁ SVlۙ>dij=+2p9I;5x7OsxJğ`[?u[FS>E'!*,E0=- bCwcL$ Cȧ K7UW=AJ9o'D2x[o#a܏䟔Imy:05k`Hݯ+BԐ#:FHTեfEXRz5fB3ڠh2> w7Y^o!YtSA'Uؚ^I6)3+'R"d)cV['j=*[w,"rbAOE sw"`Ĉ<~ftݢ"U,e.t>A`mG=٩Ij$X)֝BFoɗ& R*yjj4vE`3$)nju}D,4}\;@[ܵۏ_pʙ=Br%͈[>kY(ay^ AHzg$&Cg~xϿY ý'6–;NRܑYƍ/ms,D>1}vg7MǼSb Yijav6tK\E ;" s~b>C`_+t;x|IEx=]v+ɲ^0jpRʜ8+w‰AQ =rU/G[niA: l=mz^$?AvM`)waK{^Wn^c=ԊLsb# j1D,~lrȴRuC(6wi0$T@m<Ļ=0%cRNg9GEpZ?ݾeEqkA}w_j톤%tmL[ S֖1J( ȡ=.{nsjyѝў]=&Rd3!8e8Y)>B6#|oOtg d#Rƫ=I<.X T>(^ (xCL#bv/3/;G>ORZ ~;yg#؊\IZfAO-%\ C8zc[n5_5s|gl,4!Re[In\AeZVSe:ءY뭰k)"Es/"^3~>m(j/~)ztC,=gMP#ęӟO 1&lQι#q47re@7N\&REIfFweA"WGWhE KYb}ަfi^He(_<>zXZc̩~sIV"+4/RR1 ^$v7YM4GBw䤭zarS9 b[4 7&pܥ-;xȜZ; EPOF![b+Q;( \ US~t؈E6K{ʃö֡1i? t|m5/F_N+Pa`o{r@7Q&әfx#qtl|`&~GYߛNPQ K4BDUcnĀ ifnulf&ǓMz*OEHWFfC+ F;!h{m_鼟+g*;2gP.Ы2|i3 &JϘC# .yMYȣ;Źb%i5[wXSrV v7O-Je$RUD @k=0TIP4ľi:O6~>&|#0TBlcHϡvnvZgk/D Leoui?y/=R#_F?﷤!.0BmORi䈕 s lhÖuug29,<­zkj /HLsX ̘g4Jg3%iԍy"JҮO !>ma`EǙ|ClԹ Ku$ok:'-PΰYjzw~d7 l*M\m8YϺ&2aQnpr'zJGaB $a޶:o젝 .֩%xb#f, tZI%'JC JBm)?"H6sw3S)|ğۍ/2)/ `d}:.|tQthj!tT CDz̟z ;i+>ԁ6Mt%|chT80։k$˭%Z,NI翐E(f?GU[5L7s 1P:h/K3q. OJ$SY"y8(8'TڑqFb*,q萩`؜3pOV5*,Tۍx%rS)TȤE{3qW#2c 0jyQfePLu.F 0NZ&\d +-`enę.X M޶u5k `'IJ$"8u ^-0rv{ 2$`/5\'>rInHE&&E4ca:Qzk K;Ȯ"}EQ[He>o?lu2x?]5WI45 vRj)r{݉;mY&ܜQ,~Wjs&9?R;r* QVubZɗX4<,"P2͕⬝q GL#{M+F4ʺfaN3*Z;&diGe+4h U7.HG;`zgzCa5B'ɢ 319"pxs´.20Έ_u<6gb U<[O2YR0Q˾ _ i.&Z2Z"YBHzJϦ~Aډ~~fM}ykwͺq ~#YZ%<ϋfS^an)(\:JHbё̧&aRRj/%T [x kᚾI9 l QcÆn z4̤.JO0Vʬ%݋yc{x5s-gLqvp21./.5Ucnn=OIsW;[f9eNwr1!cv7ՎC vZ:i8Ix ^}1ezF'C6n4Ip\,ݵBwB]JR)𭪬OO;gcׂKXL|O~: hz5uB*+OB8{v? c ;3nyWơ<6jTH=6\Mכj8qikʌI"yXc/< &NY|\uU5j/B^UF?CcG72}FVϝ#WPc^뒻ieX-rea;&Ȋ~ZFE8 _׳H1 3,pVi6M 9óQ0g@yw6xkIF6ު3P 2nf۶%{8˿8nrtq Nf|l+!nsNfm:-Xc6x7$zP1^5nsxV&#Io2_fn]xM|酨X9Yj; \hg1Pw_bL|v-B!]"+2bF!x(z'j$=ryYYF]/Ho$2=:P Ren+'?SW2@镓. bgW <fYcAp"-ўqB^c&(uˁn za`1EyuZ|XU3#\p;g?|%%Lr꧵ }F#)EP8ZX:|eU::/g Ub-F9V$g^s+)! XNcInHf#2~I{| 9&3w(\ kO`e/1ڌHv EEh-|]zo#!EgQВ|ZDH*J^ "0u ;q@W&hn=̕nS~/pM[*x[vDF^w̚VǝTӼ]*(e*]7mt&= xcAM&ǦUNHv .-O67p^c W4A1ԯF7'l"]LxeQ}L2+Cz`ZRcFR7@NuxzFmD|9z^ӭXsՁ}^t:&Ӳte0QEAE) !o{fJ+7 qXMex0A2ޑYÉVchaj(-=vt:O'+?CV9i|Sl߫&b(@+FE;iX@N44]Qd{]Gn[{࠺T僒vfØDcPkwѤT2 E}'!#5hB˻|MR^tTfc1i67tj$ppQ2/iA鄧ѡEp;? _f@'g^W# ޼| oıE~)qvQNgkvIߕEbTP}B/chrKݮ܂@ 9!"1r_\y3 T& nznkEgDe?=zT"$_/Hiqq90@*>'R'(3vq)EHp<;9gRډ) jzyވu~!mU)w*]`rJL&xdŕ;~0~ALU 瑩@oG~A-P]<^I!:mZI,BA=ﰐ$>^oSz-4' >vqn?9J E7CoHO[R~%Ь;ܯ"+c_r/XP_G8WIq/0/d}K)Đ%fC3 1`B^AW.{>(D3W*BXkd65;5,@|Qd;kzDRP/+CW+ǦU1r7YyQ>YOH LmegdF8;nE4GiH`e#r]yzs_҉Ĥ.,.*V=}U ,bF:睂~n66ߜsB!#0,qh.]GF躏'0:^TkW>dpy".[bɒJXGo-̦OM&"r1>̟anMۖ#i>̑@M_X6cF\!umWhZA7*@L{īɇ4XdպmWeX}7";2(X!np 㹻 ty9|),ͳxYot= 4$䟧}VZ遘qAl|z&Z',e۴mdx82ɹ0xiwjuحq<С얐Ɣcv[fwti|* &U~t:6w{d `Y߂T&p-$#Rd 2 #zA;Q k9,N"#}U(@iJ_Ps `Hv]HqDOl%u+-dY#(tZ (.ۡ:8D (G,'v |Y>{5ݺ02]<26} 5C}L|ѯDqƌE!;Sx$\@nsb 65R8g6GBhB/$DMpv 10=Rh ,|Š|?K^4u1}z=t%xTKe;~sHSUTn6❔O5ڬ>1:OO|U\-=|؎,fyt/+  *K_X0ge8~ؽi 2?hwOf|'`|g,k<B kS_{"ydyB'X)]6j${7%>Th LEohV' eCA{²>N\,GTԮ$BAʹsk63)=I sȜ`P:r3: 4(5AXvyV p(3:r`\+>(%H3 90ڠq|%j.õLZgfxxIbj}Qg6"o˴UDأ GRJ S`0lcboʫ)b- c6WVɞ`2ֿKKPƽe1XQtq,34.NJmuIML7ՀИ;`NІ5$qvsMaQӖ[@6C3@ަa1@1^ʦd@.!kg5B5"$| >NGo;iȐ?[4VzLkO?<:z߉3+SKlXv}G A#p/&=Kժ#/hhWMfy+D \1CϤ O_ՇMsa2ag_Զnm>cUx]`MaS(/+dl0/wߑ"K PAb؁w+?Hg`a܋ ynIٌX (5nU5┎{v˓8/b%W5&jW'J[eve&tسD }uwEqX р$fcRcZElY@}1$ DJܺ$غZW$jr=tsMYx6'gw>KXx FJ.<ȹSGsť1:dK se1oܔ,SպsތI, (Oc8A#^G(@61Sl4zA5g;ZEҪ$0 j…rWMJ]Q zuLg K_92~ц& w2W{|zFrxM|]YFfO>|Sî!"ڞ@$oTKR;)ӫMA>ݛ;/LWֺS$HZ*a׮0Rn0 Pv[-JD?S#qѻSL_h`>%~! 06 "mAaZU2d-ռL0(^u 9|f%>"bֲ֙.iRWe)F(0OyVp*P.!YJ/0>8t7tSҥ\=~-#cv%@~il!i"&tC^goxlMb )CB&G_RUX ;?!N}KT|^_S-pZIXcnLSOdඬL#sG D>KF^\GT4K>+{KWjb]Su|#i45fDtJ Gobٟ͇44$\{+bqH"$U#I%%:8_pP4M8Kr/XR&Tt}h V* Mu'XPOf2> luv+F*ZxhPQQʩd4F _>7yO.$^ވ!|}@ YՄ3<"uy(^s26]9rř7!hRP͟;'eX%( ЋE'Dwy )Xg5>tʼSdO77L2  "mMaP$s Z+("@y,fOӨKb+"yLjm 븠xB9^>(IP_δ%Ii\{]JEt B\-olE(v"1.Ŷe~/R,2d AWzd;T kC*>=Hy$8†qL~  %7F0^d;Œ4읩I +O8ks}k7ys|Jexa1BInabk3[E\=To:z3a D5! XHÏclrBƯo=٘!i95/0'W A-4jd h/59jў5\Ω/m(-QVHb"NPx{P m)ʳvQpOxR?3BL;fafe=`Ϣ)f'2"q^&FGw@J,tKkِ3Y w#@|Pjee"#= 9]5e.]~4!}l Wd3ȳ/tłåX;7l)ڸ;7ŬjoyM;<'xn{=j%2tնMRL!k5x257u++m `؞F"Fp2jzb/~{|YH28Vn@J}7ф9 D܁Ha-0xZ`g/˔8YuKz]ss .D|ɸGC`|le.F)qbp}TپV< MUXvfiH$%+C^CW[hmc՗Q ԯNa:@)'@MhܡZ"͖]ԩ5,:%)kحޥ-%P~d }c9Hv!~'oh *9PRV#?jЫtDVaey`H||o1*$ ^pH-_KNw2oMϛo((>7X%`qbR uڄds貀~nO9xXg \gmEi6IG=ϣ%0#rnc~C&|J4Ȭ5ǘ{=5V(ʞ@rMݐ#"^1RҌ/dv8݃imf AxB2~ӱë{D^oi@foޥ2x2'M{4e4:kOr>[v=V>&] ube*tbhs(8@ quۥ0E1&eHifnxXuu?UްܵbNZ= -{ޮkA5}aR`(Y&!Y%[Cd{3B<L#I150zԞ±JmƦ$ \%U]&JVE0:[xr$+Sgom,"H5whsd'++t%n0ķj?Sٮm-W*ӡLj:Sq9dTu`O/P2b>*(-uz 9}k_;نcw'e[XyFaFEHQPP;*Kf/k:-#FЎ%Tӹ4U[JFY0zY6KSM̝u.5*6]Fy TY>E#|Oix7rPjeUf.D,3j F:byzUkDamGLߢeN;9W#b:!rHk2z@A> fgx/ɥelƤs} (i}PiԢʱhOÁ&o,'hA~ C} TrʚBMei=tVX4,+T)]c1אvekErF*T nY!$sSbdiX WthT|1Pa'<ϺQ%/%K[YP%_4kK"@ xg#!X[@[]%ekk2clbË~p~#6eVcO=X%~YҿAlðGE{6~RBŨs3kWDS}t1r٦ۭsMɋ}({9ҘԚeQbj4^.W͕9 i?K+~F&,SCӗQ&&-Strzn )0G+UA8{mX0P~~sXƁ͸NF'jXXv V_s*ocҍU;s~01JLQ+O4#C&pwVt zpD"v1(sJ̌QѾs[ 8Edv-Zz,/U_ٍ=qp;((F Q.xt%]ocfd #TOȦ\z\> }OåPcmR@V5 #A1چkXE w)o2u l--9Td(pdϛ>=/7ơPrsa?H *'/Qމ.|irabY'rI[+ e 2ʈ[Wr.RlF ]lA"$ddm Rm,U]~ ҍ #vx.ECj5hn}H$O뙇V\vm*tMzg93 I)ATtIU>{;ԷMG0ƓktGNNl)LƼ;ydBѸ}P'a`WFcV>4G zc_fSߍF RyZF"r B{B<%NqޛiuvUIPipJ5$ITg 6hi Wdr u^i G?KkbG|Gt2VQOT5ꃦ^.^GS$q[;FHS> -vAӨt`&;f< ֘ZG @YH(Hl¸"^*0jfgN-F]9nBG0t4?U[Z>|,C %a2P ʖ.O59FYkJfg#Yg˓2w:/3B}vP{T*Lso89ZH:'b=]w @w1 *ɚ֦Bόت Qys킷7wJHC5ea6*㢯m{*aZpbJ?3 5BWXҥxU_x ~n*ZYIw .H^:+= R(+nQʿ*G2 EGXN%ת|#wWRO:<$vq;*:\zKjo9B=pʺ{(&+Vg_9E$%>=-Xn@({hIюH[^ӔQQ$0BdőЈJ7T٘cg&i(=]w^HϑZ2{6`,b䜶鼼tTnKhNSLd~Yf申ᒓyB/4q9I |NP|pNF0Jy >%: j|˗Xh@g^mg6`IbbA%MCp(7(VXtpi? #ȩq҂X@x# I\MуkOi5Вo#YrQUgHֺYMy(yu))묖jC(sbxt0& `I;{c ԓ8āS&5֐ZA4 EEXx$#ğjl"p. LJY#wnj8o[Mnme_>'Dq 7i Q*둙F$Yzd\êkSC@=jG4;$E_rkHN=]oane^jHFtEs ЈeKfWjMGB-06_l3pÎٳ:/4^#zQ]͟CUL}@$[i6|+;a#Y_H;R޽q.׉ hC[k%Αr6b%QrieTBSdҤr+ 3^y dEOˣ>*8|ԏYhb opՍzGt$d-bdId p}T/ ][`4Mpf|'鹎/jp NJݥ"nR99lMͫHXk_H\XԻI Oi(JYj(yr7 <쉍9"W}%M@8UӜZz)LRK5qMO\}Ew l=s,.x*C 6(ܔ_FX 3Xs0; }V2'#$V>} G5ǹ T`S ݘ7N7Q{tdP*}9tЌ>~sr$u@Qڤ6؝[S'J!M &p&kl$7m0dr0:u] B3EreػW!AQŬNyoeN̻(ʞ?8XX$Cm0r}MzGOZz[qf 9֖ҳTy̭>}~_$M%Ԇ ¶-bfSYӺ8@DUձ䳭*T%.jUe>?T,f1gET(}ղ&tDvy'S ;!I9.þ2FR\S;ИyIuxrǸ`u7GnhEԯm/,s(%\TQѝ@+LE8`mdb4ck\7'\_W%3b5*CR8K 9'(ⅇ嶣ZubאuLg0Qҋ6?;Mqq`-풼TVj:cok3PP( 2=IOޘ.~&3~"PPQg@XG*"'9z^kiUV񒇬+jd )KǞl@a(af2/>Jlt&ջU[׋PiI'(\E;Q_dW [H)BiEhL51{YjL9?v/w`W¬vCP-%јEu"+ Q?p;h >jX Sε3?{h35G,]$%b\V&jy`f e4*uw\?G^`ev#mu28{a6c+ϧ9@D#+Mֻ+pD*viw-R*{qxW췵$]L/䤋^om!;wGxFյ]/lW1ܠy%KXu٢qm8\DkHsֳ ìh-|Z.UO Z&2iVfXUu0Y~S&蕾=kA:YIOt%#SsEhG2v9fkˤ*螧-g2cKtzlų׭eGCjd Íhw?m1/#t-GF^E:_өX}DyNנz@By0/Hƛ}5Dh+h3 R)O"թʏ/yhJH7.B T+) Ai622YZ,r7\jq=dG, ֪_Vλ bws;,k9bcht5(߽u1HT[X*?RC~3B A} t}_" ݐ#\~C)Zq+78VV8r"eo#Aby:N>DwsU|h,ݟ:cw-nw*a&rZuʨt ZNK/ϥ4ɓ%0Fb·ܧjSI~_K*6.9 -il8ߛ鸦9Dhw=91/M3Oit'( c1)9p|Y.md yEbDJzP2U`Z2A^qiIn[$Ɉ$<ʰe @X(M844ek=%W}y?v0^U=sUNOaKTt&v#0} la x8{4WoV51چTf;szC?5Hmp: z2[q-4:"c7矡?XX{]!'R?e9qG+X~@-/:Ӂa:yȬ.Γi_<Y. +["7wJ/$af)xXÍm๼(a@kSD,gd`fJ*<)!s6ęc98?I2%/qp 3mr8ri] ˭[c~Eƻ` 6ήʮCV\3Bb!E =nv:zr2&-"K{Ј[Te'(Knuo%|`n% lw&X8/i|_'pAh(s9y/&G-xwqy_^3]>< Zp #}rz 1%%߾Fd 24h&ð8y/7u*HosMhpѩU.Rt} {=!] )+UUЭq./N^{vX bP_Dq}*i%^,wS9IFA8z%2_6TX՛5E#?lzn܄β$$l/Tm`}KAW;,C9@x;I$̱(]Xz]̣)J r(9m"Wak,.b)S6A0 yn2 GX߉0&[]p+IR7ӯs#VӐEOwWA#k(< y&b2E ~{Z_>ٿtVY' @oP~ lLggA73( -%5צL}mkB 2NM0c\=/=CS'M<6Fu0|2i>b$ُ4!y'~ʯ\X&qEEX )Կ3sуcFBD L}:)-թ ,xтyv>-AZ/:1B㑸*R$|;qH6{P-ʫ_@M//;#5& dH^m^[lzm-r04>}mN3e(d_hGj|$mJL]?V@8\_{ìѦMk+|%3QHC _v8YK# y+κnAH2s7z *o IwIS 6+R)+08BVEKVA|ʑQ>#Yar.XtO(?R!uT#޽b  B6Ak\ U-.i׻9_.C9w 'VZ7w@R:g׽bİt?'I #R1Ll&KtڍHꮳ5ʦ+GM ;b(>bܨgWpBן^Um#DȺN8!f#MT%8K `AfLl+mE%D^1R`3]ՙŶ-g?Jz|%X*҃[5/D}z.,Rl,)<^V *4<__ms*i6oc] T:3bKtO \|VvIJf#peV>:j}NJW׹K@#SŔcĺқF#,@>Z։BN!fIB7.NS`S%Re Ԭuu1dcn=qc]] tD}N]S\YYĻvܳsH?fYD,Iwr͓i>\t5da&6,uvڙ)Tג>e.,u3CTuKYbKuE&cGbl6|RתVA (ftesHH{`w \5pin,|]y&Mg ( Wٚ?zPzXBI"5j`x+2n5v}XBlÊ7cL/-R'vM&"ޕ^e!{'7% G*Fr]s5qVݧa0sJ kV6r]F6f2uBøi ^&5^ EQr9Ѽx'؛tM-6wo02. \Ph%пX. ^:=c\!F B"2KqJchk^| A|vyFS:$(\Q%=q $l` ș`S"t^`v3ʪ{𿫬ѝؠX7q>A/pC7=x}1&.BbLG@V91hK?yR#.4ˆQb,S:T/ծB^{O?rtա|a*vޜ՘@'I*SO'*ңJW!< 4o -_onFX&Y8Y$Y8ՑnfJe (?HeFV>{JF ˤŐț~N)ܦɖ_ce_lMℚujX4᭮ͅMd0܏FQ. G?y0-_BV Bºr@\ h>t-jDLZ U oU)> zN~씿1+{ UtnO7 !o62Vt*to $ +c$Uvb*oOW!qem!ءs`O c sf0`{̝ ^8l<)J$;. 6N+<-0J:AS ʓ.QHӶXYAnqaUR%GThO3Y`Ya:҆ hF2$ eaȰ#.So(2 4erB.擂U ,PIզ!mqYIÑE6fZ4T]x5fTeT *`?={6אhG/σ5^/ !A~m{d@.CƧT!U1nr9)<]Y \aq"b?;\H2Hi} s Hxd,m-^{queGYjâC1"S׵~$hc(7r[G CL^QR ݵ}FttlUB-UrP>$*xs%ÊI)lh08j2:~yc(_XpC∕0^pZ`3:%b8'}EZn3۵5w,~^NJ<3d8 QJgZŦ#e/W~3ΫRX8$~xkf8!~pr ֞r),G zJ\.0xW[M|RiPYY?h(~CnfRdUyDHm8&}Rb|SJ26mL$||\lHJ-КKU{غՈ=fk6n| ̙7jOtZ\!,JKh5-N)y^I|[?}32W}Ȇ+?*lӓ68T+e%ϐrI峬1`^@-n/(ڀfZx/+T*/j pe^vG`,m5Q~FC:@@ )΁)*i?i *i Ө?8-7Âvi5jsi^M3v ! t:Dc̃D~vDD#ꪙbҠQ]h;%irl ܶHZDi8bMQC+}5i4IBcBmaUJ[͑.:p bA7~@I-B-rKy3 ptK$"p2 =(xS%ϿuҷS1O{O~Xw91G,M3A 1^2Zශ|w Lt&<`@8'\ѝi#y IѸ噝ِ~p2Oly(L%"έ ,BZWe $ŷϣNގjr_5  3!iٸV9AQXu . lС!&-iOQQdbROޟs;؂jG9Q[63I0pzc[3iڳlߣc󕦣H)(vYk¬46aFR\hvQƔ xt[2fgTcvgs.8+b$/}%oϤq-2/aP+X4uo!"=m|;]-b}@_@@@irT]]lh{ɽIѲr%VPowv'JvaBI s %:~VW6TqMݖ2LӺDy3_uP/[׎i~Y\_b+) 5CUx_`9*h IXx5$2/PK l}2.NSB.pp,#vb4}hzF+^|̺xcf\!FFπ!_d~.֘зC^*'f{_X n1 n*1Ȯ\)1koaWlmm \m:U^|l/ٯ(R+;1Q[!aTzN4:_U(ORVz'IZQtkS\lϠyZW0>q2#ǖnyfw;C0mC[i49I`6'!k!CoQd\`VW@#Е<p(P$Ѝ$'[IōdwǫƠ]ޓ F E Za0 -|i'8L30bN$\紱KrpoMyڽ.=.N[d!e;+ :*E]Ž !t: )`Cm-̝yj(詙 Q"CHEPF.N5LR󙞯?״ mq6cTtdo\1DR9EQQ΀4[h RT3;L-Yٛgw'2X]h3]{yk/#gVf vk vO;)X ]dƫ ?C1RBt9 KpQڧW&:CTՅ~j 3Yk'";ϱdjbQ ]X)xC8Ǎ[jO6ӑ\:"[TrW}֜*έ2I9}p)USI(ub#8f2ocS8yf8'VkTZ/H9kSƵdu_xgY= 5Lg zՀi6:_l'T5b+s;a rXW?̕ DH/ UH2ix'L@AyrÔ7IX~+*_ek$[ A? ]SUÒSB+pyu肬^{>[U=L@d(v3EGPPº71ϠL> ^,ڭtxZ4=Ak#X&āXeGE] M-,Yd:I(!{ƈ݌cOeQei-_e6k x_[ςqTDg p:1-y{!p̻BW|2oX[V6eU 5DSٶ7 mܪ NKv-X͌4%#`acdνkqe>T DG=br'eݲ/_9&؏ڒ{=gSWMȯ E[HY < TVbckvp̍%oO`Qf;L| WTw~t% ,xO ^2@gFw~=SϣKqdvGA.m/ˮlnyg͚LE<+'\ 4~虅:Dm U˕_BKuP߫)m,M*AŒ7 w"Md}}'E}3h#R;/z)q]m3ƝՖ}/_MGYÛr\Stۦ r[9D(TVlZQmSkRv@ZAHt?gԺҧi,_KK\(˕l"%zn%RhDN@jFGd7 2"7,jۏa;J}bbߵO2_E^Q!&Q@\TgyΞ3s7AZع̍W>H%M҃ k,F.TPK>ݠWŝCI>IY [Ѕ˽V4@o`| N>t叱%8҃S,E'l|5撚t1y?lj%zFk {VT\:! U|}|¢ʸf @OR}dfN w=[g);XY~1_e\9u"EI+BV١Kx8ؘj4*_hǝ?V"eT@% Es^CgX|Fb%}fKɀ6os9+EFh[diķdzy.wiidgm=y n$Gxѻσ2{'t|h˂vqn<=f%WxdgUƉû32\$ȧ;0}|rF2-A!HJUj#|)T~#(r6PkɢM*t"FA +`EߓiiVog\J{Ne\9G%4+HÖad]ٕ' ag` 51^cO.}\>*ē HRj(C;#+'GFۯs4VZ\@TM"kE,}"4T{$N~r4I={0UkShq p4.xnU'ZS0?^U{rTYYˏ+M%XiSzXB褊 ۍ"A`D}F;_D_ yM 7T!w;'6h;smy}b{5RT \CqfBtշ8,eMAP8D `^Bw(`YQ}9 e3K\t݈9#AE妁Mk?euO3@SŁlDŁKȠr-{XH*WDa8"X@izUKX~VAR_:nzuBMg!Vq*6MÈ Z? v5MJLvxİC?,Vg!Mw{xJǮRXOrE0>C)&-rHiV k 64Dl$ϽI@6,V,͐%S!ti"xY4< >f*X2U8g|c~4ڭ~ MIUϤ7lWLO@e>1b+geF-ysg-qD:w-ZԪTECCtɽts"1>g{蛭7T;S3uOG9++m:GA~0AJj6@4#'qHW~@P!99^,0@nrbҩ< Ϯ 6`_=A&Qk=gB,F|:loD.}AO[qOC$Ϛwrgk<~ rsyM"QYe [ YBtjٲVR`n~ͪԊr90 Uk쾂k3c i(L]&%ՔsnP1yZ_LQqX: iQV*rCK+ arR JѝG߇Ђ@2UK0.LU78Փd-/PP\ԋ_x%ynSUp{],uTjaEbrt>hL V7CEp'3B%1)O` mJT0bоmƟj٥(1n3o|BI~-]N[)3(.tͲ5$0AٓFUY߉7L퉵5St@BZE-$j!@:; cFqg1۫;// GXDp2~̂HȟNelk?Vd쳆Ug}L(%޴-egOch'1}ε}oWYvrJ9j=9Tد04v~ԩAZp<.j2}[:ep9_X<,ğjQޯLpfU?t; ) *@Q H1=ze]B3k%x}Uῒt~ 7w@YU)Ň`J(Qq0ZΖO\?rNքܩhJd`; G:AfN ZقMAJc ,z8k0\@Ц* ˿L"RQ}й+[*gif$;tϻ ^ _9Tһ ȶTeG4N/F &@*8ӴӔoTH Ĝs8>+7SӪZ>Mr˃H'(8A\Z,EX#+0ru5ܱwKCqC=Jh~H&|8-4G}(̝V-EܗtOH2> ^Ŏv U~qk On~֦{V"5STħ6yGD47?1⡎U|4#_JZ(fˬKvaaÔ@Ljkų  Ūh|n֘zΤ &-bLJ=<1KƒE 1)<归a|z,QDM a-ޠD$cޫ>Pk.kP+Oy^(ЯGtCEU^j iAYl~>Y*mo;"bM%@"x`z+MGT4ڌ"GPJ +k'P;v9+L R"OR{,F[莅h6@gmyS{;(w7bʩDZ:()A-1x )'lNOqDW4 KG"3bxbAԇFljb%.⍜7%ֻZ~ D P]N&ڠvA&G=.6B$;b~+jHn#SL;Bf֠e^>W*FhzׂzŠ n[+*ԯuH!uY^GMa*RR%b0/=J29KwCȯFՍyVxɗ2r {]<~*̃vDLP ~By2rSQcTbC豜&uQ)8᭒ػŌ׾\)3)ExBpo ŋKPQ-fR'v 1{2gM$w0 ߍ)^< n"+׏zD-"Y RF1̶¢OBeg.,q`CfWZ#6pn6I+ˢB~zx%t"|1 b 4XD)|:jiX ޴<^#fDFC]Khx- Q nKSB-1 Zy p_9띤JD{(#FuK [ l%b|L8Ss ?sÚ[r}&ݼfKgznE$"dF O~K|UUk&m8h%Kn }m+QEfXzI ZT! Ӛ~dڣfu BҬrIxIT# Vi&k,vWV`-8UC!"pf[Ǵ#`: 'ϱ9^. mÈGOA\lnC#0R]1[tMۧ:lk'`^_rR+.pB!פ67ص7S'C5K m,6 U r =}OBWL}tيNOT%3?H%Si+<C!R*|'z*n]K"kOQzkDY MA!;?1/ؼ!Is{dG\Iǽe8ubDv7"ST.ŮpWV/ι;r!Ğ7UU*64X:CkN5FO ZMPxgj4N͝:JQ*k\9(bwa/ kЌ13?Һ0 ã5s)j[JWd" F3ևQ`v'k>Nl3c!OA-&rĢ)E˾w0%jQv=[pp Ӊ)AHy.9v^ќLxmR"Dω?YNO-iҌkʃq/bv^;'}^vCCiC S8.3zoIχlB|}26iQ׎:Ӛ?er7DەN㪁ŽGn\R)^\JVјPЋj#b#ۅn4J%SZa6".ȁȬ.oCu臘hqF;f孢 kn )0Ajء(? 9і%/W\{Hzg F@ &K]+~: ̃T:ɁSRNS|[L"=i%2'b}!*2ބ1(T1 PQPoQxE:IYr/pvl &!"ŨPp"cM(;i:hnk?4LQOV)Aٍ$}*!!d\T5V( LI@Ԭ ^ʁ={/edgDit}40+ {6(Zi)&uZLWlu]ev86L9psŌqjTBzux@5p`'DV0l{j"e >޽/nT[wݽtڶBn{UwwfL΍hq`Ju|~/K%OM`<$pib9(?/.tG?2Uj3ĉXf /t c2ZЊl:O%n)J.? 6PrB6 T+cw ”Z|\e'~R2k/q[6dR%qP7Y3<^z4ypNsͮv7 SE`r o/κṞ}D;Q loX` Dad 9%k@bBlŧwKHGAMa[?q( 9@dja?HVPqX*%ZQ.nQ,dLը0A$aBWeYW5?0qCDMF :ꂕ?7x~# sl@]nL#/7h[117MkA_21 Z[yB̍bu+s"tt2G&u_= i.(XTظ.*<0rU$UA+ ]87p"vr@S 3&I} u_9<Ó>Ս FED[~&nHHwŢv1GYM96HEo_áDE+^_~/Ȉ}KG8u (UFܯ1efSHާJbUy.@fC"g+{Pg=GoJFָ 3d${ eI,hʶ"ʱv3Բ VrgnU❋l@bi[&KgR J, mQs Atn^ߚܑܟ gSҁӱpι N_ȄAH"^ ꀆKfxE/4bAԘ,OK]qo?6EPv;i']T^"J4GhSk_Ɛ4HɤS@â m+DT u-.&& }uС7O4 k^~dCQ+bJ`~ (BxY)CN5@-:][>^;yAs~j Ȥ뛿r*fcxג&A*H l<* v郆Ľhd{8u x\ ZX)Nj 3|NE2n%e7C6 Q)5&6z^3n 0/2bGZư^>| o)3`iGmLL.. PDUnNfo=_=6\>oSwo$rser9"܈hաCp$pw}Y(o.m:ԁ'v8IAKt! "`nt/&EWx3crIXn S[lh)jv-} 584;e+N1ĥV\]5mahFǺ*`x䷧F>Et'+Z6v+n#cx:D>5>HόjGzuyӁE, 6NW3`|_ekn?>`?X5luU7{ؼqv06?{8weIZ,{囧!gԯ 5gD49VW\M @Jٱq ;AALą&(Ӣ4U1rܴk!r$89aXFH ޞ)|=]0PX2L גO ͺ0 P4EJb}<%qq!8z;~g0sjb^~Q݀]E=!%O'0<84yh%P{ݵFa _I\ދ I;& *U![cg0+y.'SۮI5gBNE^.SۨJr脺哇 '2Nz˺:eX.F9kdW#zmjAf9`hkvzF6a|c-y`ANTH[BSHxgrg%А/}`.ռߘ&F.EV"Jhh K,z!Lf~ Vyft/ćJr)s+C尌^{H/)Ȍ30/Cz]zB|n&'lYw}W"ZF+G.Yb5_lRFkU0E9"YPLA-Vhf0NHnHf3j#m5`̌t "-F KFPކ#ةD"#TR ;Lc~NXHyUJD윦k.ޓv!gu#֡q3%Zp٨$yA<]lW4ϣDp͐t BDNל7I;ωg1:&YX\sdi^t(^95fii#8[,/Ug\?not_.]CFa4V5*}ÇPxS$K 4 "d *( YٚDa$Is 3lz9k0v}/|'Smx='A-a"جP XwE27r >kP:E=˛ϙ$ (/}B8gztr`:T 2*ccZuWed|A$N[:׾Tk}"T eb 4= |plGi6% a. f}:#ԡN0%ńog L6р)jb.q#@}T+8fXĕl,z}|=qZZ/fUw=K٩MPIf\7ŋսuY@$\YFi.'c0'߫ ͔/sJwmΗ3B]N,L`"(,m8As r}%(}941o+]Q{v*qU,_3^ 3QOb5Hv tX>|R*jIv)_?F YQpm/Zv (Z,f8 ;Ы2?ߛHVx'^}7<XB|@bFO娏ؖ$h25Co )[ "˅| \bJׁzTmxA#fҺ̱xyHGֵz8xg-^b)̝?::=΂QR{ 'e@-4 OI̷ m1H7:\ EA!(muǜSMQ]EUD`f=; b qjj^ P)'U &IZ)q3~f(4Mh )kbBr+oA@%xvZއU_ FaOK~'kܡ d\*Wvl%?&.NP0~le-KK-(V$2YId( 3ţ*<Wn`.0VQ~Kj# xWՃ $".;L|K>XͻNdh$GoEp>""U+vW4kp"q}bnȝJzs zkҘ^dl爓g6Z#vYQRQRgY"2;}V0p˳8;9‡a#)9\IX bڲeZ t ވN֎/D$Dbެe]1kݾϖ@v>x56>>8T0`^'i̜ZДjC/(su N-whG|"/;MobxíGNV]KUVLDMt0|D3GI~ 'Kwǿrv"l+=Dž\PO(nKDuXFgVihyRٖyD9UA::dSy 3ʳRXE4LM0aѷW2l7- :[-a^Jc#0zL#ʟh:v*F.FcF=$]/Errwx#+hHR˕V315!@ö!MLO$SH7N)}nGlNAd- oqqʢlxɀ8Wiu,dmZmbI~RߐjJMvl wƑPѮ10 STML֌v:s*|8︿ ~ V  s.mZ=.m*ď~qfE տְĆ)ʋE\-@Hb0J8쒨|AGٔՆxE//FU2 vRbMsc1X%ݶ=npZw&M\n\&vF6E~f)BʛD>?+65/2Qde;*;Rg@U}^:q;Vag?9qS4#F)Luo(MUaey?{aV )@#}QDq8wIo_,}JK Gx6CšTVB2_y $=N3UQz.\2,xX{Xm3Qjϸ1HK9{Ou&e):o"7/ *N=^IpnZ=uXcWzD1ޢ#M^([l]y.b 9ÛhQ}MYX3ut9L`.UTxǤ#eINCd>0e`[:a^v^Lty !L3ݭ]W :<jM Ѻ#=}4yG!ʭbEt$R]wTޛDy.bAd>Blde9M|+"Y:EcGА! H(D#*3\Txb Vz'NܪCwo@OަN@IҀd4=;1ski ҥgK\˫A #5Yw4rX22OP,[t76P[MWAUNQ S_rظ#bAf~ZĹ#W+H N/G%<.m%;G Z03D%9Y`|ok]ݲuLE9zglJZI˪c_Yw a[wQ<+bmɆka1A Ua-C5g񩱳`ugU,sن}6AP۷ZV(>j-ǧLa݋m,>h?|][8=W%rXJ2;C{w#'9~6J@ ,#})0}6^) !,t{tC ÈszjٴmYS -RytQT~EQ#uQ)_ T*%P9>V3޷d[Kĸ [?_ Q GЃ:kKͫ}~tY[K+UӻwOЎĹx Rf&6>O܈'L20IJu`v+4֖(͘)PrT\p׼ITNːEUoc5]CxagİY{ \0T5Q]4lU `2b\sc(B09i6 sq0;D"M>dElC3CcG.WMaR:dJ')co $97+uYx~D۶b_ ˘~`v\ϙe0."mI3A]5]媾.⡇:jeMbcWS CC}Q? Qߡc9np(7+2ɘgkt,>@]696{A^\R7 #9?/JC=M6b3n;QLy K7FqybG=nK3UVv'̾R67Pn>b®]S[, P|q9ۦuqLUb[p, "vRd|_'GN os>W<*_"CEG0ffuͨ(t#VF;` Sl`2ՈVfu(nCC 4Ms FV|=T};F}pP^V7szR(BH(oI[H{zRYfcpnToѮ[T>>.w ]q:*>u8x_Lj(T bTIdS#<@.xgf/H){K];;\f5g-3Z62$M{<"N&Dν {_.,b iXElnMoG='ꁤmHP'y}GjZtPO{64/RUxu7;㝌P֕A3C^ES4FKzkI-hV@q_tb"ߵ`xoc{oPجPpDjd2ߕUMD׋{:@ċεOU;kㅝz^n0BURtQp1)QbWDy[a/'5uUJ1SȆ|%.7|j дt /!Q-_=0-"…9j=q+ƶ+o.32A~d֝uk8D㉵xWNjXR]3 $FJ("9o%fw;bWɷ]&h|88tn[~OrHCD}[aT't[?ݮ ʄ 0 VS.,d, F[ "j^("_.f dWSA=)E3R#?E{/VuMQB6`-RYqphOR| *I-ɶO1E:1fwӸ$I[R񼭵."u?! WRqV\R Fϔ3 _*eJ@WW5ԣՍh6"џ{9 ~嘥0[*v{Nl;fVX ]x|6y_>G:i]* [>3\GU Lf9ҥ"G.>Hp궕M e>ADicRqEZba_[P\*whzr;my }>24oJ8'UQ >2rCxwCR Fi[1E.wVaٜ=ЈGdEЖ@\ ާu:aCph'=¼HB-"\il`|.Š\| ؎v |'sm‹z7,}' 8XäݾE{`-uH%7yImvm#)ꊄ*P.cPmym X0ū$Wy:P0hH掝 !7 GqY-j;;vo_HjbWې>://2h?aPJ_&Et!j`7^D,@zQ>EkC-y43KwpR/+sE1b"1+\59B.X9Z]Or9{[cH꠸Wl!4 KQ{\XE=H:}*M5%k&n-ņAnc o+FMB 3MtH}TהpU0WCS">s}~,YX($)(PƮ0a+J|. Pk KY")CUKi%s/R?&EVp"n$N!.4v0e紁޳}xGزWmAU3n*۾YHR}Ooښ+f_JȆ\Pq-UwӰa`D9º1Ӯ \Qh;xU6Rȱ"j#M///I?o8Iאti'Hʚ:b6m#&Z7\k~dYv:1}iYg巇l^BU(WA'e^ֳQ" O~ft?Ђ#% ov<柢2a+g\lb-„ dr'K1ѱ?6|ae~ ػHDǯjg "Z3MH1a}C-t^^vZ3~7}o9 $Ss9 A`D Сhshs1y7 JR6D>=-9Ʒ˕5 0f}@4 UQeMVaOH/{_wZi0σ8ʚ8 wmaxKoD v{$b`f(q+[mϣ,O"J$Y`,6'|^Ą :|M I U-;%tl,Fr +Eiytd맫f?%yxl #R{Fj?~-`l:!j$g}譪0.uJ5uu^ms{EW1?.?yU ϳT6sTh-D؏=lq[5ц{W /5cK.0݅s ȥۓ˓Hr# XH1TȒ`f&탴^q»HʯF'5a027#2+0:cԙ]ryk~G5KYlZ*]D5_5)vb~66IJ s Bd/[ Ftd;ɼo |~9YE2_LTܩ۵DX@"7U -UG6|ޮj16o16Ns9}#r `(̻FU/* IY)hfdRCRsA4Ji*{HhiVVZtSU$lL8md cj&gT {ZG$]& .,jM`YnkyLE\*k#n ")]kWx~6Am;?ME5KF+ ,4_]0FM;m%|ML³wNO|̎:!2s /Y˝K݃6t"gF !w4&M%nTDfP=-H+̚ObH>^_$"=\*/nSNӆ\)[uԅE^M%C#Xj6y\J=ӌ'"X!|r4h ՟+\aD;I'_(}¡JLxN 2Fdİ\jr#y爴Hipkt/V;eä |)Tc~ {iQ(Wzhx&&bXqfF%ߐerKQ~/Robv-lY p[4M >fջ25V*"ݴBC]@G[Yj}82 hfW}-F 5PT|!!V76%T{< @#0&3%}}i`^l@ȇ_Y*eҗq98UU9 RiLh"~q[{E^QPt@_S\$.P(E+Uú#\~d琈JO[uS ÛGvk<3n\b@\FSs4  8J8Yw@Ձ jؘvf׽wYoJ|ڢ^$J$2OuXݸ{ b";}iCsO#q}HS08 Dp(<բ6q.zOGZ- ̯Ҍ$F,^4iuF\:t6RBxd%vˡF"B1ķ{=k{&h*qs:aCHʵL:Reru4D|C".f qf'r" ͡l%0:^ =; 儳1E@b6ҲZ0\>֪,o.f];[gͪ?X7c_f&jW  }Rӎʅ޳蹖;0jړ\uC[O᲼NGlpl;/DrG5>5nρ,\.Y{ug24wHUVUOhj`-B5!x5x񯾏X,i h*[p\A@nU0Ԅ'FJׯSfB_Iwb\GObt9`Q䯘|QR#H=ˍR+B=I\ԝv3?"-dJSʲ 3bR.?$cSdq;e`S+D%jFw0 ;폙%X'U"Dkc?0xFnIx^u %6oY\cn͑)iH ː:ɬA%,bSicdTeޱ)=h+-adIC&K6e+B4u71W()X[9q*֔j\#JhVȇ73ic_Y`bL,0o ,u]]S ΑTPFPA4s ~i܏Aoa{@H-. qP&nJdDլfd1p{t!U98>l */!@rIT'&)FF65OCV7*V^#_j<q/ A_?¼n(n RD#|`~ l_EJ`a>JXmEÆ.,oCj{n<h9ؗ=G6^dEB)Y]A,ekHt5Ĉ;)TWD額1V}3FHE8[ L3:=~O9ecHQswRLLJJT+Z~St\lَHݥo&5 ֜SXj>`UC K+ab;$0_WH=Fy[7\i ,(5cPqjVٛ+3{0K5 )ډqx\N=IBt tv'y}na5@gl}kILûu0ȸSg){o9IU*SM~ f vugЮO%\Z +ʉy􍴌rqGj<%ʇ*@؍/ft6p?Q#--Ai9]6(ܹq2uEձ' fN |Y9eՋ& ?MW.x Iԫo?cx#GX[26-ǣ #4ľH׃ A =4]} Oij7`$! ?Ɍ|6=t"GrCܞ?Y/-yjKHCdڠIx[H,ѠREF[ =(D݋LP"_Yc ȴ !&Ќh w"@‰{f|[:HsI7O] q&rAM/ĤUPu+Cd9$"-:HxdjJ ),)NIIr[+ %=-(%~l=pn~1Xoa|\.1j19ҵY\`ߗݚ)U4xj OZ4E·T{u힍\nCisgFױK&E]Ve8ϣVW͈h|WSرoEbw+aFWo%Hz2BuhDw } F$ .g4 pwE(/ srmb+w/8;>V}vt@i1 j6GEՃA:m&6k'hqسcҾ6:r&8Yp(/ŽW(\I;\7ʹ;)Ú i摶 j`[͝ esqx"@"(T'+WGON}=L97Dn'tty|Ojב lYÜN4uVw_fk_o'AWU `5@jѡ 5r&0k\Q1Vc&cE2~_~;Q"CY/mzc 8/B̥N_ Q{^/ }vv OeqBbA׋[ƚ 5{bߚ5y-~kN,$`mAc ɑTz NVZL3,c1ܣNYպ&BqӞ8=)0`w}`ʇ3 X$׶`8^-޻P_1q 9E$k_s=)(&6N@0X o|Ḇk+Ń>(Wg ЫfAz (~8HnP?uO4t;VNFbd5O7ԉ$GU'f%b#(Hj c1.U0xht%>*ߣjECTe G~6:P3uGJ:*}_r}C}<~G&l9ëG6L Y'¬ju%8c^<< Z˶Z}7.ەn-hH/;S@w]Ca}&8ePtr&2v rvyR"-In,΅^V1Ve>t_.]\zzD> \F9BZ 6O=M>N];R<ٝPXuCj+^ ށy&J$,$QyT'8?OYd9Xu/^f S2`.,I;:#=lB&54:@;}ZYa)iaz\'4TQjPAva)6(Rzw`E6ӝ4"r!E 6i9p "bv$Mv ˃¹Ʀw aCP.FxU8&M? E ;lsÁ ˉ "ښ3GQB_B /v&| giիZ DyC@y&ʲz>E@l|6Pv(ެ:ouԿ!e2uV@W<ld/ry w쐔^2r!l[:H2=KPr G &e"wFi:p>2}:N靓yYU$NJ_c9J 4U2pn #5t Cݱ$LE6!~3O+t14^Whg@j?9-'T^}Xbb3}9 .lBSԜN@nF!XN(@$EAHUST>xd>ⳃ9;k 2ȘQͣ.&>*"-iW)M,H)&3 XCh땱'&o8C9>}?{m#kJFAuf>`g:HJ}892T"JIM]#uo*#,FH6mF4E@iK-ʄjr_zT pGfZj_唱A_';O߫5WZوU(CzbASLWhB7tSF/*pf726ST^^ M7>vmW dyc]a;pmP DȖK@,O+JXHt \a˿=1[j5h:H~܊XqjkqG>LnXO ȽٻHV-=艚g鶛#M܊@{Gv*;% +C1G{E'[;d4፻)zhXliDYF ̗ΜQ'hS]3<$" ⁋-h0Ճ}WL ybԐX6o9ye# @Oo"QW*=ɯhlw3΢SM`=sZ>tݾARb= MLhNC3C_𻺕drM^ 9j.Z{ݍh =Gmtr4X$0La6_p.wex|ljS =yfNRyܴQXP‰mlhQ5yzY 5ݾqjY>Q@|1EQ$_Ȕ'nk1C>o%;@cgE5=>A{bԳPwXW̵_G!#bh$(csm-/k |.BSkk˙@ekU6FƠis ĄS,w8̶@/I_:|I%A!JB߈pb) \E)IoG12XV/P6?S1ĖS $%iZ*MyT@^D"Mmxvz}bRKo'pKN#KX+t)M0(1ԣEtd'Y[4Xw͹;/7r#|'<ԷlܰU4Dž,4-eu4>om@fZ*UK*T!3qX.%s䶴/p1}o R^uw.K RqCpU6WaYk_Io,PkH]+*n剜&J 8]2Mx.zӜ6`]eTAJhq| o~)N#$.Yas<>}zD $v`M/|DDJ)R]St~aolAEfπ ޚ Sd/wؿv֤9][z ]LE֩#X Y;k?F*uCn(a,i|^'J4,qoek 珗,C}^hi.vpfHF1Bwt̞AؿY%M_Z/|GoB5YI;RA5b,?6aW {\Awt {4!;Tis4@ '=pxoŒW9Е%~xuJ=6 gj_DM_5Y YW6Ku&?}IÁHʡ.]]LvK`!Ե%+Ak!w5'"r)HU&eD1$mLIjbc, wTj)xX/phmO<#=1(hP?^_WZ70G[ۿ}PPxw ]g0b5|mKS _dD?(]ҷ~=(g_ǩrDdS\%Yݧ T?pKwS!W@?nZ/l Qzl2 B ܓ-sqXý84''~A{^8UsPE"YiFaISǀC3 ͥK2Wzc-+6nĔ; k7i~ @P?7s1[>/NmzS c`P:Q`jS_j>`#)F'Ls|قr-%H?Ӕ:$lǺ5ڜa}t}nDcSoszdSa&d)-螖g^2G"sO}$ xES- ybܰgVdsVg@RR >lj h$@1P6^xzKXmbQ@R{×<q[p¯;)!Ux!+嗗[УlOiISw!E:aadC!K;RBOQl RW#'-4,Bhq%jԄLZo'u˄Geܥk0Y0M(Kk-onSUFY'&0ؒYF?U"-niMj9eT 0I1~ 2Z >X(sM7q?Qn'F23A&矡,x>Y}<`Ɩ]ΈfQdv4 ;|xYqO@0EBp=?QvsЅrk+K -D~؄8Ȏkc3mw#izQ.tY[ɦ qըG"ɧgj$ ˬ!ih>ͽV*DTin}٫'/򶔰bM#쬠5ۈ@{A=Q~wu֫du?:R(h4=:5]ne֚?(] @2$lI12p׼W&{.[|.N` m0D?Yxp^3[K 6`EAUv$ Z[8J3a8f'N>/|]] johu||A}&6¯: Hplf42^* ozjvWp #9TךMTrQz3<"0>φBpA1}EPB63aal2W1#Hm9E}͍,yY_Sq||ʺ BM~tu@1o8oD܅沍ߌSf;~V;ۭm$r/u| <;pG?6S/,V ?Ca7J(+w4t&BԬyOkl\>?TPPq3hZ.&Y$R x?sE6|q.>(簶BS!w1/뢀pA[Ge*LeIvF q# aXpBLzAm5|4yG^XT,ׯ }oP"/dclE csJ ~/Ba$'o.sYrq4ygY!QWlʡ(7</+NAY?џbnP l?%EWCɝ •L>ү\121i&pA- ?W(Y0\!zQA[E7*ȟyj`T}5t9]Z:ʊ]F?3{xFZDM *q1ۖL0!.\=VzHӪ4Pfl[+Ꟛ =5VC"aQQhp|V]"9q5TN?Le1Y-8}Ᾰvr~f)Ͻ! {q}8C|>%PjLuCy !L ,"K[ DK2d)4!tXOO~w EhnC$a+ 0?rF =I(@4@/Z(C|{r`1y磂c" P*_sT^P􈜒:$뺠 KS_r~PUZmF*2>?Lqlr=Թm|8d򛯤Js3Ws CjM/ ;7Gp`_T*xgy2 2E"#\B, Q!L31׆eR 5͝yf32=RUcʿFK K|kbrmfkʪra࿓eP+CBDbnRQKW^1IuUwce KJtlp u}siESxp{W/ >TBJ&zWO_gWt.=;y/;ᖫ۱'1?Y;t˚+|FVWsCWb8YU.F0>hӀ&Eh1ۊ(F JJ;>uCeWR̋ȿ5@v1e$$Ea|ԅA>ө:^۲@ U'GfF㭞fcuW"g,p `@xcj篏DqmlU*mFU 1RƎ/փm&>>J譡K}8irmF0##/.>c Zza%DGoES^sMƝbT,i l# LZ[ _͋k-縱BmfgjQd1c?FVk3o9/WP煶NlϭQAhMqmg -κ᏿+@-}׮kIQi3 F)3RM$mDgńХ+n4lAQ֓2on@wĶ6q޽,Hֿ`węcu KwcߑLK}wbEֲCL33fJbF32)?HB'>0,4\4x0F# y Ň[TUo^7@#iV)è<€lR" ;OՊ8ट㲥Yf4Yw]YѼWX+Cgf:53UeLr N}7[;aU9S_YpYuhӭr"+I$ *RR,}tB%z#wlW#ݍNaΜƦS#c`)ZZU^ܖ;3=:YFƴݗ㹬lE1&A Qrk3BkCae/Tn|A2PncЙ1Kwht"nW3_Հq)-AãwhΔGGcwiO2ɧL;ᐤ0i]wj9zSx;atCmJ€X!cͤ3(2Z.q*?D,{r=hGB96(B7jlg ar?%dVk 9Ieiһe(6Q]䃙W͓_@VGxW_ɰ9}В4fc![OYjK,8bjc4N;Pu@>Rz B\{@6=>O\|Qcׄ O QMbKhF7DQRE&Z to "VDQT((MXvBU`iDHJ 'KT@sPsͧR7j2GzK$6y @1yT`͎T£n \ƚA8UõSVVdTxd\XBBK =1Q2ٹ{PS<`~ߴ;AM8?kۙw۔x5U={^HnnD T,1 ҆ȁkFI+N֪rZmJ{i3x88 N /mmw>څ+RВR[Bwԃ̦NQkX9cz>x!YAu8VP6d Zy uLio1/6!X bPzvoKv$kPGebCTmFqvu8|$Zi~]&x>G2)AnRKW \YyS~̯Qa^}j>GU#>/>]:qy}I <]:[U>m:5wґ[.FRqYK7ظcw*6D;)ƪ9aI(E])jXaP9KOo/R)ͷ{r;Cx+ w+Ε՜vb1h-Y(3C1}chG6}<@q6y7 ;`4COX5Tn77%Je2%Z)јО)__#ۛWQg1!WOcU}HN_X `11!Ȣ|/C交ksF' jH4 8 |x,W269v9"Rj`ޚh ` 5^Y;I4dO䷡f1WB(0CONY!E{D]SA-'@]c7+taOaq|#!h|Unq'|hFWt7cyԊ+S\~mNЦ#i =Hz Tv<<ļZOoDκORN Zp{|#R/"ϜFJvgl!]ۃl}DW05o߹;Mjs/wA|K y3 *EVrgžc//C;ƔEX1\33J0\mo(o$өQx[YGڏa[HUH(A}_id}sB4ض@N(_m_@\=IQ ƫ¦ L|j,tmS+0zxO3m$@=U6DMmH8;FڠɿdĜRn͡xV y8[NGⲖEHpJ7fa,Ju9EmݡQ璅_ʁuS_)^oaT(2fFIHGE:Ѧ/" RݱW|+{lRmhu \9C?ڔ*QrWr61V%B e d~—+9{2AQpLq}M)")iC_ۉm~>1(3*6OGOgGp.7)@rpJse$Lt&UE yܫ.i"`UׄS 0u $A*1ќ$/Wu}{u*\dYrMx'0|Ϝak  %.pڱ>c^ /? ].hN9r : "\ȠqZWƹK=A.A$d6Ku|FSM=J-'w$frE$w_Mٿd,ݧޠO+Q?+Rpt}Q?Mbס]1;[>~F=. 5iarXC&$F<!}+]̛|u4:7ho-=q 1IY{тH, [űP;xϙcFZOD5"mD W5`~#kVoŀIoJux$a} > 1f> KSiwkWhL&R1 ETQ:/PYBC yˣբ)4uڝs]{Cjx?+gd4B!uViK;"B;?zOJܽ qZbqYڎ 8/b.hul&+{wTHcF1-d#ɐ-n"<^7g8!9VŒ^gx WYja֘ wy)Z:&/[p7r hp6B,: ̠x9;^h_>)e7= "Q Q "&=;@pzǠpQ%ES M wt|Fs!TRl|Jа.j>y"pQřR֚_M ?ptᗋ;7r`P:tTZ )G3MElW':?֟ޑ!̦wK3zFZBu0›" XU.][=3sىofoS mtv+bQ[s% CA<9C=v슀 cckPiCv MZcx&I\iQ A/Gs:uuv՘="gBǁ1%n'6G(mFǏllPp{FVT*'ьSpUaG܁/ǠȈ*TU.[X~-&Fi v ~D(Y+CDŽPĉa@P&0q`̋1Q KgO.HlA31> #δ ȇ"ɐ7o@79-̹Clv W;:hPn;Tj)9Վf5jR K R&hxޟo,RZɘ?],# um_}nRJtW.S)kE.p{Cl6E \ l22>n [WWP@̕E^ qM *$/lLLRaZ6 K ݜJWh{G{>@92{u{yG\ C8NP-n#/;~eVş<9]  )0[ KhԨ(ֺypYƧlajzիh[Q/N.>eͲ`MۛQy@z D1Zv 2$>;ֽ̂v?^=G;m3s hXPzv 8MVJq& _ZADeb"զ߫)` 8أsA[ tIZXV/!jr5vV?'( ;7눖L@ 4z` ҳ&|YNa:ENaUs'\0@ DnzF&әƴ+kC|[?y5a84\{g;7=BC6fz0RJi^Z|`d4.s&a\uh &~uu2WM}W c\.yS^̷t@ j\J!h$r꽍 Y *1FRVF<пSJ}؝o锲*ߘx. dv D(<*RU6G䘽3 );k8^׈vr2ו59l8I/=a/S.n(UvG`5VEi<⿐7W̘=vvxXyd$#^*HY%(#= zOvǭa FFZX-j`D0I57jȉQVtQ*x&~Ζqe@CaNS8Y9Z~&LoEpGDZl"v޿V{ &Ab-S Lv^4U!,rnt)(8}ɪxFjBB*L0ʭP2-A/-h5-~ja5xOۮ~5-/+mdK7 jCڞUǐIR(vja9Z9޼Do=|*G}{ X- xpճ7~ayj06|ɳܷ*Rc*>&莴~gl{dz2 wuvҕJC\cͩ#+z)YKz;fDJ<>:/ `Ó͵ҿ,n|X.!4)t+Vb'gc!Z ۶{c9ξft%W3I= tpa'+/Qsնpb_U h$U~|v3&k.1'PoY1Iߵ~Ch=\[DIj?1T(Nu#vv2Ei' W MFJOߴuZ=39o +?JsʅohCgu aMܚDh2yٮ-:>~H~}y40G^ rTh'v+~w _Y#& 泌?!&S|{D/\jY)YmH # WO𗑁1;o0 > lp!)ot2S1\all)ck =1283 JB E]F7 xYB bJY> _yșL '%P5otScayIpW&8zbz j7%Y5Tu-bHLUY,.:88)X-#n)w"1ZSҹSYlDDR~31%a9pВ) 09qfs;(GP;S@tئbFRיq=[Oާ ݿ7hsbHќu"M\wN}O'dGkG.E|ʫ)jˁºICFdRxey+p %7\.g[VT@5A9q] 7NƐ ]aUg{_POW&ËvJP z8ڥٔmq&0y1qV;5==hzXU7oTayCh .GF ;U{C.N(S[UcjԿYTĩ:s?wQ;VLVy:j2A^ (8'{̨f#)ggNjfɪsE@TR1h"tPFk:J VNnrȬsXeT(ƭ .ڷO*ؿ (M}^[]G>L0Z \iZp^+3ajnnO zˬK<Jov G\tk%qg81b_{8ϔl_"ɾ I*ּZ0v!4fi1>%A>.tݭ{ˤ5DuI̪="*h'."t!%1;ٻoAE>˂{(Ue{مΌ:2`mWP}E/d(.gB?.mj-.)3Q*/X|RUOx <~,XAR| dhdRjBPiĂ3 ;PTgASaN%kbI.mL& 01?=XJeubޏӋjv98Pvg n.׹0_.EP tbbJwqB'pڏ8awue0rt:;$`=C>02j z1Y `u};Hn p$rܭ7B.%{]SGVp|:T4] ;kvLO_)#5{,hݓ'A,9rhY^P7lFfyS@*^qc icǃܬi,Y{MþBz '*B6ydO!)iU(׼9h/q$>T }NCZh;n`A͖R[#=,]\Q)OG~eIUV/X;jk 7ۿ\}ҝűI}U  R6]lm| 53VӍ<,yoOvdXPo!.VMϑT5BFO7pqpU3ܪvg1.ЗeͅNr/{mFDV{2(6i E}4*Q&׳?;o twu*̪#shIa6S9(L( dᵊ:LO#Ъ4iz7JYvIk٧giI<8qQeL܀!<}eu 12eZj`oy7cJ/Y[w9a2UÈu0bd:-Yt?SVvqj uՈ`dx4Jb ;lԋ72ƶo> fm?Չ`'uo}SS!a,[W5|(뮬Ϯ)v[P-Zs:-ܮW7WݢLq[V,l^1{Nӎ+"ŲP],3]`X1|ූm_d*+&_U Wul5}3|e7$gc&c sDI%>I!ИAq8 n'CCd/b.%Ag7?Y$6B vP;gPσcFqls~%y.M^ob%^g97ZdT7*Cξw+Xms\ RoE7@|qJr12 D6@ڴE< $p&z4%'o6)9YLe5Ig{ Hj~jW wIY׃q4<˛1`_..&={g ?RC v~:P5$SDE9γyF؃`l/Pᵙ H{ h$Gss]MӉ0H*F26.18Z4m?R|w]cB,?GzD[*[b󳯶i} G@oZ>~rTK+\d  GE|wa5IGq+EuW4JcFb"%9|P{Bq> ,*{7N%{ۘ'&J~G[Ƨ⃴֎ԍk-7m#L+^ Δ eOMk^BҿPut#8kA L7G mn1o{|ba>›OH(.sMB+?F3VkKHH >W;cNwbybCLn3ꆙ*I*ޔser˓Hg6𱊯PjsnU=D"&)MgM'0{M>,TIy:%@.[q.[ (}{f )Sp4SQ7#F.y;d)eHԃI{oxEs(ڮFeD92A+ )A\sLLcX_csIPQ>I.<*Y{ئH&gQ$l4YO6ŧJ1c sȩj&$jT/wYU fq0f;:iA#5&=޿֘ elF /]vT:ӡ7=X)4`DžpgJGm\<T_z֌ @Qmlӑlof2L&O EY:iF>w( |mIRu"E2 BР@gRu"-Y'"r>(o J<3I\R 7TfJ$5LS@ǹGmJAF婽n |&m:\^Ųyx'DӖDi` \ǫ+jw%@KݬՏZg̟O︺n2٤8GӰK?Y &gT7q!%\Ş&[S(-83w{.@ؘe,>V$^"@]bWhI1ɒ\ƹ+xYg!{:q(A ^ȡuF'c݃ݱ 5c ޥ Ս#%zf-?0$b?Au(]5̃]Y߶Pf=6."s?@.vUt>}U:kreB*>e*%nv>B,'E " oY7Kr K4|zVfSh@LhB*$Q41䴱@Hov]_" 6 qqRlߴ ̏M;3~.D|cĥ_л: ҂&`s,9zΤÔV*)6 D&|X&=_htzH)x G u$S))a 헫I'BS XBGO[@-\/A(oiA5'tI̊.ǏFoG ׾[BX;GBmIIGT{`ĕ虻]8<(~j@K KkURY=0d|w lM7e8}h{UVִWY=] 9"JfTM&̍~L)c%4"g`lY*-uZX-8ˌ\Xjus$ƔRLLL>̓؜pw*QgB/=oxg*!7&tH㘳;(ه;Z1®/ۙ9Kˢܕu4}*0_BF1'7v"0#z_IwAɣ'4MycM8j{l5P ȇ^ćdEǒKa+U) RVh@4;l֩nkt9F,B:(war(6ްQY(73<%NM%y'5a%Q/ފ8mI?V(2_n@R[G(޽1$R[ )mn@s}!({*MpAm6mukȚTNx`['yvX $!Gܨt?R^{ Ɂ?X͓ 5T{if1ISRA[=ՅoB@xs:ŀ⃪wW2N}kɳZ~.H^Xa1bcYV}T9ځ^A/` "|[l d4@;莥3ZV{wwZti:}uwX *zk<>[ȣSrR!-׊TyOF: k~itH"EhB & >X?Wف69jmEZWidžøhq!"]BjTB%pǪnNp.Hp:"'3ɠx<'v@HU@+i`?t{+7,^ZpPI?}[g#;qOaݼ^POU8zmb,ƌKL5HZ 7Dv!(_;)02 jT]ifAH vaIp'vBUXڿ+~ì+$} [`*p<.]1}[Oa KZ Q)RPAsD;hnf, .jцK5e HnwAHeR4VdF"Kj"Y_2DVd|y4l ˋz8g0]MfdXG)D)-h:T9&pm%B`̚dYKڳqa,/36CYN;Z'X 1Hi^M:ǠE: swT qlo^^% 0rVhԴՠTu8H@A2~=BiTDͿ-I|WB۞IYM|U'%ؑX^ͅ ?ϞS>8T-q/W) H0/IPK%~Ы6qDEmI %]nf˓J0\k|l߼ȭyNPO}^{̏1~H#5ӄ`DI7t7s X02#7d`P { s*.D/+\'Xie.iJ]/<τX;\)KצZd)#H o]jF:q1KSփUpf`mHSE Wƨg(^&\M10g~470~M^0W0ʏHF?^2Oy='<^k97u6+i9v5.qU KCPj7ŦLY_lG|Ď", ɬdՇj]/+M$ZTe#EgzZH86}@.x6&gY6b\f"2fHǟ^И=,Hb1]Mn3&Jڷⵔ5aN/l!:@8B+In?>wCMaɊ.!vVLsjMSŧ´@[c 3x zc&9K?M^Q8S /<8GYRy]j CRtu= (ifHV=&!摗ā"-H}d_ޣSB YɔS4Y5vB~/ir 3bﳺ T{S-mRb3iaI.. u)(,+o_3:$ r@Ғ\Wm5Z^shCsi LL֦4 yjoҧ8þa$Յ ZD^F6 Z^Ʃ$"2~6cus缠>3̭|TPE`s^-q"|J:iQw Gc{g=&2FMMzpD +gC g3U?L3Dp# oC$l}ĭf78NҮ\=4`)8.4<4_5ߟfd@LLn|i$9y77\IRM( 7-6*#.4!2e\!06. 30^Nkk+"B@H ^N94@Q`Ã_E]!b?HbjBqtg1JaCKC+?`t꽌 Px)*~e0ȉHP(;#/SLq֔4mki8A8]Pp{ =G: &Vf_6h#] [l;Ί OuB<+oli!3lf |iߗtTxy[ 0O-%yBaAkh81a4U~;F\5ѹ9g$ѧ\=: =]vd\cBPfQx{\}uQ7PrI鯉^y֘KY^T4zn]2 #ߧ qZr^u |)AZ6[NZqԦDWəl(hi/0%P:r d_7UKF=O,7*DFQgQKa.wHItE!ILD\'f.o)^3i{ vހV`|UwT9%VyٞU-ƹgB܊#p 3 q9 l)Ӳ>ϫDĩ&~Gz 0RAzkᜑS(s/:q`Hطڐ킟n+y j͜ܢ^#coaԜNg$0a.-eBcCHpѨ*LLR9%oOo)Hn ˆm+>4x R8_ؐ+f[Xc1Xa3jI\P4s5\Xdn6CwX !v}RK561yRMcxi9ui4 aHMrܧ=߱d9c6,Y43 O/7 0[#+||(bn;StL *ָ ?/u( Cre?6 ZzU Q?^%mFk:ۭ1[NܥFL6Ppqt2>M[rsy4D !KS@x6&4:G86ю8 4O9-pڋCW{t-ȘVR`[ge3}4(cGJBII/X٫!ƜY &GjOmфB˔0_[vIS/3bg}4Vt7zNi|Ԙz甌 F\FTGӪ.sD8_ױ ^Q)0'*wl#7,ȣoD33 ycB{b4U'QoPb ?H :6x}r Z: дo=K6%:&uc"ۤ':iPGjZ/-G=\ Σ w@G?0ul70*y G+?EDچsiOԶ C wGD8h#ZBblPd)l;w@O[|l:`{}Wn}URiP q,&v.@p@`jBW?Z_Vxmvbt(IOW TY_OKPBS^?:P.zSȫ8G~՚;_ IWvYüע߬ `/vf=!5JE[xHˮ/j jfY0ig'ߚ!tz_]%àK:E6U+)dɒ([&y%tl 2V|>OEe9Ӑ/pg#ΏEc Cz͘} =&b%&&gy"LT0| 87?qƴGYrR6Ƽ9*ǓS (pTayz8FR$w6"6 gZ3COyfܫ?w^eUk\N񇍗69.p(wfTŴ)_Q*VSpS X+WRIg9,TbmUGG N%lIfO F'{#%tڶ5q (QyB^^ׂb+uQԒ涎 U-S>h $afa&·%AaUjZck dP# ޔof [ޗoOf Ft 0p4XK L}YUH[E ݀lo)KCP#?U`;Զ\#KeF\BLKSdC0fC˩bgReF%&rИJ%涢}O 9T_DZihڑY`j}~cQKd08UߪCwQ+83Kjˬ'I̯$IgԏAd`-YyRiXeZ5BǷPj=)#WmɝݙElpk"#Qh0h' jesh^nů4VhiB\n:$~)w>j" _P! L|mAvr?3.gs/q"lѼnqdezVT񩢐-'@JoeVn۹PXGlÙw5oLt7XbܴFb*D_~ ;mwP'7T:E oK[rwSof\MK[[jռ2}|ֳV ESC7MFT쨫鸊iFɷI? nVu]ϙGЮWSəTTٺ+]0ꎍCݮg~J+ɢ9Е2E ד#Yڞ[iR /=o. [&d(~8zTeJ "Kl̤A9Lb+!$dwA3Ifz+2&顛(Q'_3<)z,> u r(רaUh+vd,2mv R>|up kEVu 71sXe>G9]KʬCq*4$P=D#3ۙWW@OǵC v׊ +7򠫐{ҋ?j}c>VB2'!A MPv|& +b}iYe4V)#Д/ʤJv2_{ 鑌 ?0';c.+2%`b /i1LHYb+A׽~ ^6'#B/`Q=;V_!*ZyBP>WsY:zqUwݛ^L2*Aa"V ZHu{53gc a)i*k"UjyhIۺ:SLWRWq0}wհ7/z¨9%S();c`?P/.'hzKV4s`Z1C8ȑF$SrDŽpbd8Q$bhSֲm Ӗ waO!Q>7&V?'RG%U|)Wq+OY8fd$msv LjW-CS` HXW\Wj[FlQv=8i{v-U.ӕNW;.9a7QZO-<ƫ8w"^qT#Ct$I[ǰX OaA{iͮ ySfXQjD)adjs- i/s<}bJ 4&1.ȼsGsk&\?Eux^݋68p;3Z7[8#/l.׉i LD"i +U\8pji\!Io2D]{fyK MBoX؎U d^~Aҗ+HBζÖB׌~ Z@͹ϔTD>%5q Y?EbW|"bh+T[M(( DonI~Ќ}!h64t{2KckC@Mj77Я=q2瓝njUi5%#M1QPC \rjrx$%f,0P`.xnʋjB"-~v j]ytc$Fٖ?.= ֮i9+T mʐR=#J[h7eW,)jd?'3 Br}48uiẍ́-nkUTFmR$iD Ŧ/WH;&foUWs؉V+ 0ۦoUWTP̌ _%Uv4mg-ki" ~ PA}jhU#)C 럨ͻ{e`9K-$04D`o ?\wC_[ haY6ZfEZOyK0f~4nǜ? U|J'yªiqt_MthٺGN}7f<A=oʉ"K.dhN>+)prAQ)2yC8pxU֒?֦'hz]iRK@&dVeP%+;@q$mQ57F!砕!nѸbH{Ki Rj`g4TH}l4 _ ^Jg(DeKw?VvlfFMwӂ5Lm" d6j(WM#)x(:gj-Mľ(s}]ZI5Qkkjavae"|Y!\ZK۞;pvM2%g EK9Sͦ0;k;aUdp=ƌI&\7m r0_'t7i:(%֙K{/tF3~ҿ~Te nq-&tF(?gT B\{=k1H7) k+ݲ"z8\ qH1 wei( %P NDf8jmKIPRwf͋bf[3"TjOڎs:s8 sC6(D/ϻ l8wݞY%ڿV3Mo"xyP8~1_1G>m[(@$s"`ϒ(w(pa߭b e+W+ʄX};2 j@9`tOxVE1Tz+CF ZyE_#H}!"RݧTF D^Ύ0(=&, ][XLf1|yدFy^>Cf B~:5(i t#Eq[)\w(ee*&C$F)#]F4F/6U(yrb})O E%/gyu˒WӔ2CC50vEiwG0Wˋ\̫2"t@pq%ti?FՍ޹_6o%h49FrP"t9^j)OA5/^\I>9={ʲў#BkI/m\6.!ED:,mvˑ.6{2pq.~eB}-FE/`T9օl}-t#~+Q:'/'ѷKxyowEo0:Ȓ9 R簖(6Xb=# l& xsZd49dO#Wa{$!J&b2h_-00nӵsnE0.}`$%6j~yXhS7s 9Oi?@ӝ,oKgV"0 .ORrqGWXc\Wؠ Ӱ'_DE=~&{ .jbTm4Yq's]T'zqp /A:nzo heTN`5nMm5RGy)GPAɱ{W8G|Y_!q~I8U.JkЫ8. (#8Ԣ%ёJaN;;e Q1P㸱Jfdf-=M>WDj)PĴUUC1}M9jSH1Ʋ&s%P7BJȁMA~;~dCf~[Oy i* lac8PmpLk-1Ԡ1hnMS(Hzd~(Ul.&Glf'ex9q6{¸1`T3). +3 $_/&-ߕOj!hy294ok)En Z%E< kE0Q n>zY_ X`[f D[")OLOWw (Tv(k.dcCߎơH|Q'vCRFNfgGnK ,T]$ྤ ȹaCҤ ~:$y-Uءl4^z@x zc*\iați"5Nmbs_K 'P-ghP 8. -  iY)#6Cl"g{=׻Km}1?p@PzQcHtZ1Ű5]bU;(2 S_gx@ @;b=Ei͛|[ Cˉ0aXr1lXbzǼSt$lXXbPh+A+\3 *.8ifPܲAsyZitLc65:=f6s4>,nGQp G-?Q_I>) 9Q?Ne --9&M_0jo+5|W1>J3*,PD|^n D'=h örv?ĆMy1]zfX~L<FB5*Y%_P/"ެOΏ](-E⽯(oCI//:Q m<"Ͼ@5a}WQ,&l5EP50z  (qnM@.4A4tj׾~yDN*a;ao3-40ڡHɭC=WcB*-FJU K$ "WT~؊#T<#Яs&z›c(>f@=bo).s2r~mwSc+}03n9ۉ=v ]#:VGiL<:2pԺ4SX7oY)1wqB pxp8o;2>W;_wI?_G;y8~ʴ'8=Dp?4J4K79y)R.v{w X%—#"M/jLO+ 5Tܚ}=}atEx- gMV7,82æR?3"=xφ6ӒCK6$L/dHi?0pN꽧=0/X[?>jauRQSC\vFI4xBVfnt!|צ B,yR8 zR x֯xʡfQ\8!NVM^_=,'ݱ6֖ -Ot .,OTW!C{+2A0Yxz ;οM)I%o 8~ |9eu\8uyZw5 Wģ>w-V"W,XR%ytwL/pTo0ҥ)&%.;1xP?r:?9TIPd[>ˌZ8n? s7L  I Wehhvc:xŧQ7Q.CzGk&l!Z,\}Z۷2Td6M8K?̠6;Ϸxv3Q-6BRH:fTM`K4r`R\>4/1T CI mͱ8ވf9,%[7+D@HJt}iX .سYϾ/[j&OP˅fvj>YFӏ2gm=* -Ǘ;v}aR4"VKK:6\حuaгʂh)(.|ܩ: 0)hg'y!i#p8ve gtgX8H>ڞI9A$H T j,2("E*ƑR֩Ah$ֻư l:H~]wQF,n܍i147&4?&ƙ[pRM:r(8FlR1` n!;|L<&dU+Tg6vy=%<ϧGi %yFnD5tc+7bxG?N=>b01/,S zI.)LgxyHÐ0TN=vB.0fHv?ˡGs9m-^+{wJABE۝f& %ltT+0Yu!Hz$BWF 2!p"e]3)YΩa<jfޔ40)(H[#${i<`.N_9,f"8op/Rj]Av/|R87K}S ..⠌G(据f@OPı:v搨V_v?:I<_ЁY8)ۅʷ跭@t"xtN2\z#QT "b1V |tUs mY_N E}ͻ}{t&<?(qnP.{ AoIߊFgOj&!-cpW ZEJ-EG;Ko.h,#62 M[ 3O'K0׫Ȋ6$r%[ WRϵU=Fa؁f&EDul\d׾+!Xm+FͭqC4mڝD$[sƻUfH<ܢoW@\iGj羣ISHV,;DVj3Û`5W sM/W^ߕV[zت-F[NI|!pGKa%Xs(I5IV8VΗ |lH{G}wEܪp zX@VdG0W )Vi 2xy-rGv/K~9 dg5M1v 8gBTԢ$g< "\mUm Nk˾KB; Œӫa 6 oɄUw5 r/?;i%lio[v8$lfwBruhhY%A/g3)>MvҞ#ʕkcgQ5}=Uz u~r Y2~1G6egfaЈ,l[&TY&!)U#ؽw59<AxBa΁lc7*zW-~. #COf3G@}*>ƍs ĝd$|C#NG,&-wI~OFB:"rQ'vAЂtd2\g20-MG{g<;YҰ1ȡ7ƣ!S)l@&+U%$oN,E\1Bb!@6DAQq1@Jbe Q]Q8/]<#L^6ڸT=^ 6 G"@WU͎JX;6";l؛#7p=`xUFYQlAwwnχ+Yc:.Ze`xq~ЛkSxB)ZS F.001ə'%qhΜSZGՠw/J˃"25%E&%+xe(O;+MgMi8ljxr8kg?D^q-tS3 FJ]dߪhy'E`"zS ^9i0M|6)]YZpǟ MlLhtcu2Ã@N$ce#lF|}?qJWW"D~uTV+u `Ŝ=/g_W(,lDKR|L SFOilePy+7}ߞ͚QhAjP,||[4gMq<5[[J5Rpg7p{X "ÔUx_ĭaUNJo$}}YIVX نP3&Ar«w+D3H`5GsG҄BJ_QaUxWr [/ҍVt[(gG$>U^0 Hq$\U jhpOQmm|(≲X*p=W 1 #bUj~]Oy?&jMHx@%%H#lv ::P|ȑ꒷G N–fS f/~Ѐ>;ҮSIb.ʴWW* RϠ^req粡4xQ,S c/Vɔ@&``@<w $p ?p8ʓڏf>: /uRi nYBWωYN`Y%fܠp] n_O,\bfxdu:wcPJ=vx @75|`U*F@ +ƒw21ͨ c'zE?o4JŎۋ_^5xԜD`Ymv~_ VF ;kh<df u>RACV F^{J 6mn键ѓRa[VO+`.:gޓEBѻBdlZQ馰2%*hZºh):kDP!(S"Ynm%!R ^3I; &G[ f @Ok - ڶČr5?7!+wlM:g {l6=\ĉNaA0YܸJ庣  ҥ )M\XgT4hЎT9""m#f|Z18-g6IxRw/_0:cp@X%o'0cZ$0O>uy Oyϊ ]N!YW* .N]Lt"kÇ[os<$1aɉ!ZLvHayv^ 6ڃ *iJ~ܵ`Eiq8|VL0/<ȒX>vZ$6#i_ݙ~_Q;W$4(+;غfd6=WfOiP(k쳔+Z'=1(7g-CK2GvQoް(0sΠxHpfzٰW'iнQswPlʧ7F? |kk% U3^6U#tܲXͅH3Y @%{*}:lfTg夾ZןtsS} AF<Ȁ;ϩ;"N-4 ြ|`!4hBMγBErsT=F8 p5lKds!t LM%x/Ѱ^m[~$I'YpM ӧt ?6NOzgq}j5D0] d$_):0^" >2.H^!yAƴdQY)X:O |IK۠r%#) q>|(1aܡ;/CKA[R#ejj -59k.fNL7F4ӰՁe'SNH~>F`>R5&Y,jo0 a,AK. /HVD?~rc3_q iHnyb,)QϾT2)ks~ڪ6*cxc B;M|c#9F#!̼|5U#SU  32|r,*ɑ/ř|A: ^Ҕ/0Q<y/=2]ȋap^[b "3{|Bx ]Z~PCNeۑSLdJޫ*XÆ4X[Rd*EsW}/"2'cʁTBepe9_T@G٧ѿ.H<ߢF,rU熣ͱ _3\ M# "r YZ