openCryptoki-devel-3.15.1-3.5 >  A `Kbp9|;R'seIkL"6uшZ@ M5|?OM(.KNʲJ5 Ŋm!"Cߐ*>˙mT(r+צNu =~mau BAr:*"m V7) @*l#c}Q,a.SVs2Na+ʦ-Hhӓ" hҝšzIsݍ`H/? }7Z*m d29fcd5754aa636775d0aecfc667bc0fe3cad877947198d66441a4990119c074d6949c832cfba10a2ba5c58c4744d828ab053565,`Kbp9|2"k۠oAu ~?عzlPP SkfܭҬ CȽu+ZA&E>M )qDU6;B%nfH^T1&<NZS(Z+3"fr{xѰ6`T*&g!d\!&(8N DD_'}@Z`U;Gm^M{ЉWp5d 6<  ㋚0s g3Dŧ a@M:@*[S)~>p;E ?Ed  nlpx| !'0L Z h   4d#(C8L'9':Z'FB$GB8HBTIBpXBxYB\B]B^CbCQcCdDXeD]fD`lDbuDtvDzDDDDE CopenCryptoki-devel3.15.13.5Development files for openCryptoki, a PKCS#11 implementation for IBM hardwareThe PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).`K(sheep63 SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Development/Languages/C and C++https://github.com/opencryptoki/opencryptokilinuxx86_64)eSA큤AA`K$`K$`K$`K$`K$`K$`K$e066b8695e4d87dcc79a354c62672d32e19223ff94e5a72a57d852d3cbcdbf825cc82c642fc88043624667b341f75e8f6ff5ad66fda69626fde17dab9d521c1812cb16baf5ff8344392cc7a9ce280d2f63567f57cd21c2f944e2fe33596a0a593ab18aa2921a8bae752c9115888f219bd65c4bc0c884c01f84cc09662fdc5849rootrootrootrootrootrootrootrootrootrootrootrootrootrootopenCryptoki-3.15.1-3.5.src.rpmopenCryptoki-developenCryptoki-devel(x86-64)    glibc-devellibopenssl-developenldap2-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)trousers-devel3.0.4-14.6.0-14.0-15.2-14.14.1`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@mpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macrosheep63 16155830163.15.1-3.53.15.1-3.5opencryptokiapiclient.hec_curves.hpkcs11.hpkcs11types.hopencryptokistdll/usr/include//usr/include/opencryptoki//usr/lib64//usr/lib64/opencryptoki/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:SLE-15-SP3:GA/standard/c2f4798bb86e6245282691373181bd51-openCryptokicpioxz5x86_64-suse-linuxdirectoryC source, ASCII text d@NO% 1[܇utf-8dff4373ca019a5824897bba94ab678d5d884d0e574610677d217128ff113d009?P7zXZ !t/ᔏ7] crt:bLLQR |5Mv^Rj0E,l1r^JJ#f-^% 󾬣IiN-_?-CX4b3;:ogPbmAub<<,F9/"/uUv}.u[x83hXjS|_ a~a&6tΦq4R:XYq AÆ4nYʺ5Hchbr8: )=+P kxE! ?ZHa iQy;фHr@\8KG )F>6b_joUk ^=l١TcR"ƉZ*|Gmќ &+Kr{׬5|S6hIQ*^/0TޡY\*sDG1O͟Y1רFʰ+n cݲtjTb|"|yvZ:p Z5; OV--:K  Vt- >=#ViJMDW!kYrC ǔ}NJYHda.ЈJؗHf(1C]C1eЛ? GOe+E'5vGD)?fW?{7-hז3)+JY أ_@% rb'zd(;BX-wlN(ްs!&_AWo}%0}+:KțCܧjC%?њL tc %@I2&foH7lqhX+z<'2\< ø0?ޫB"H-dtdQIw ɌI3zGO,ws0F7k+E1/f)u~3dN%mc.,"؂}K](]ޖn ׍p]eiqC/u&#7Y-nN\0,iwQc5jDT54d*H>Wksr?Fhsex3LV[ӿ4o/:,=s C[ f|?ÊZ •WYu|F,̌1@:{FDUvFm,or|h.67_kko]SQ$$ Up_BHN18rsw]{_-"}0;щXW]7۾}e]#}e o`YcX6!Ik?JKLm;`T@s~z3p!%a4Em!ʆpɤ/=5:_M:~&g)"U n9*$TEɏln.KIR/'dx05x}hxi) q?ͻ {C+yk!e킇}DcUlrE;/7!rRƚO:iBlQ0B ead49c1tBAuոSLIxng [1 v|&N-ou;(SByJ)Wz'ci"ag&%E"i-ıHWԼ5gOV: {ZT;{dTkN i1KKl#a^ 4I`m**iCq.E6 Bncik557??1eܐ@?|b{47%MԏKΰ'olØ{ Jãˢ/iXDp *bb~/nQ/(|C|E 'ֶ ]zeι+뵥{ rX1}-e,6%]lO,-cOLaEEz$ҢV=K|׉㺛 w;7m\q.wAgbʉV ]n_Gsu9Q١eCwbNT0hNByIdş#-#쒙JhgTaL SWi [ng﮲VtԽBl v`yZey/cל[ws̲t[2Js E 2"he5xBfB27ps>E2<~2߮N19:seHSjGree::zDvC$r=RMG["7C1lu \iP?",\2 Xl֝G>fenzS[r.BDeVٛYbk_DBR<7#`7ƚcGXhZlجG&$BǙ!^4<-{G̽J[CX<]^Mq+PnP[̧)*Yg,,ir#P)D~jSVt@ Hҁѵ*=j+@MXeR@a v_ug \P(&"WmaD~|Ac'6AZHxԒgNҞtye޴!\YK( [TUGG=k>wE+1)FEj moho4+/9.%Q}P D D,›B {KCzkjY;h\'3(a]РPt^XGZX6/䔥> tpYV#q>T B\Fao[͈ (h==gm'4ܰ0/ 1vϳ g_Al8аDF虴+wlʲoS!hE+ǁٍŶL!3̹ r0^WGHcLmC=+6&)F'z,Ãp{DUи9/fڒ05aOi&ߥ$-4)H`ʧbKݏA>6sc$cY;Zviv` Mb .SdS2P/'Czs٬ãc+<G;q-AH% NMa{}nlETb;ݢuH{Et3\aMu"Ǒ>%*VSYB90P : rh[@hlTm0lJV#Z/(U|8 (c7;WWh;OO澌v_mk "kSo (f}QƉg`S-ƔN{xK!FA Xdei;xϣC9(oP~13* =prr!~sVP8wa$%$pͤ5`dTZ61p˴UjUE i-?+)NgAՅ(0186XIKƊf)w+ڥ17+J{q\afo*lM%0d3JޟVCRrpq׼:aOZ'4zlKHRWyj*\&FcUӹًb.I)>p!T\U-IrXR3-Zľ]cV1B2+ۓRf(-@)i~bLֿuy~\Pd b6C섛q厷/W :r.&02q X!k{r/^QYN"؊$Lۥs `MSĬu{osX(=< 4v(\ytKz֙]g ob@x15J>SSLiZhya7 .fvj!B5o-%QD8 H%{IA{ jki 9F⸪ӜHk6܇י[UAUyƽ0|GY",2+ U"Nc!Ch| _wA_m%?isOZQɀv ڕƋ-Ӱ[WKl!֨c3ܧ*Z\ *,t?ƾbT&Q3$pԂ46 ;WC]xw2ΜE`z+RTPB=b`.ʑa!nD >QOW]b8FKN%yd^d)K3P![*j07yA1U"i-VW"~H?Id-m(vHt*q2i7%NS,ͧ_g/"';չ9KxoL~[7^ZW~~լA!u;*'VӷsW %B?,E/.ޠr6˰hF;5q*Iéc#ҊA]0xp|pCPMh~ UCm匼 Yyg31n[F/H a3dilդrזw`(+Jr"f.|&<=͒nq,^9ZEB*do^4t7uYLXnl4mĆG@DSy֕04ԶpX|'ˍ<\0TXu8Ńgs,B_(^Rz$%Vo;~]従`\ xȨ_u!L+Gů{m1t>CG=).@s:3m4*:{HCbե&ԏ ee"}2]lv[Y y?5wwhp.2w Ei~`a\COv ցA@ٮ-|o)_GҮ[H ^}CםݼW'sCj&]|"}L^wPAPg,(a~&J P*F*zob//O ABAq~13q:J^R~u P0gcTw*í~PJW,a[ҧQހVܨ;OD>vk/Rwy +N8(0~nkmZ}r٧8{D|2 U< M@~'Gcfv'$:-&T 8↭)얱0.w}EUmQ2n^L _Jz&۾ yȰdq1(HF,v_1džW',ˤgd\4 '*}`|G"VίTh6F b£49ݒ+RGn$u]6$o5|V!`:Rp֏aVeB_%x!'ti3nnG親7/jeg1tC=pCѿ*~oMrHVS8eni!'aP *uXŗTBhp@ũ?!lkqЌۆ{e~iv@ɴyt~^%HUvCxOgCpF*9_Y.z({vn7leIĠHEgP_&01Sv A4(I9?Υx F%å;iOi0p}@I BY= 0/<&|+ Vfb)E > j0R^ 2wT16j+X+4IW嗆@pU=Ynts@َts|-Jmt=ѧy j:^ 7j r'cϞ 7d>źl86ӅXJńqv?2L3BkeFhJ̠ :D7VU[0]Un͂-Y/^7ei>;1`_V2(%T \t^2493R_vOHD?94g ~ǀBA43˓w/ZW–!wيA֣AnqQ.MP?hE\%Nbu h,SӕfmVvl&Tby Th҆|'Z.hS; ( ;vS6FC4-R\ c高VL3/rG 4 ZߡO(-2r=7^Ԧ޾cf[+^ќ9Ř.M{J\ۃ$e8q>o_9T@ 0~f̛n9I6k}7 ?DRd[<M; V1VmRC,$Ǫ@yg~ˢ쭭&az8l1k?@) tk3t(Kb@.?_!2)g(2~h$ݷJ1zK⭸-*wr>;5iE;B|yuh `P9K!Lvz@Z@s\BYJT|⋷W!b,!̱=5<a3}&{X h"n&GV1֖Bz^7$PU! >\%$]0%u7`mF}w:bPlh m0t VH[6F>:a=|c[]L4IgAmvhNƸI{f J&޼TGv7*d\]tKnp1nC] *v}F 43Dž%272u͵on0ipL䱒GÝIͯ.Xr3M۶YR KlYĉ\\M d@u* 7- Ҧfq( ~S r(^Uz(و)8;d+/O<QO_tѠ3R-*-[=R gxqE9lMwN_R5ձ'߆ @ sq[f-)%.ei.PvObeL(S9Stc;E uJi)X'. JxM*([Ul>Xxh{tWH-á!m{&3ڬ.Ҵf@DQ4Ԙ,ZD{u C7™xmgߖÒ,B-z)牗?O-`_˶qZA3֓]c!`۠͗ޑ*.ro j@EeɛwzHMnrjkfz $u L\$ >7db:F( *դhIƞy!gz_E'aZ~u8)UAj+YXy>z+[O_եN}ޔ--Hf,r`/<fr>>Mzv5(4p|"K6MwSb=R.@-LO,3|xLgyLɟpQ*Sl΋ kCzg ͑߫Cj@}muË?|E{PPgV=\EhED@ Rh)>^x&k R@P⮫z9g+ q/@l(P_S6&deB.8/k.(7kNv]l@zL(U8|:G UĄx>30t[KVʱ%Tg4f(ë]ԇJYeՐM0 ^2@,Q$R[u1H#øDnM{*S+&ͥ%sL+ͬ z*IJ:6* WR zt&bj;OK>fP{>!Ƥˈ#pOmRN.&/ b;+ EcfhvC`t}ʙSC'2L9٩ PGd7 ƀ)Lx;5W97:~TލI]ӊd6CˊUzƱhL׊2!L\7[m3!qnOۋ”!PF CrC b(ŮeE1ß{^jkW=p$!#\zO I-{xX2d78zʎk`P܃[+1/УMHi0#WbPgBc"w/.i黧V)"+zdy<\GղO1xO;'e~ =2Hm{\|!N+Lhri+INu'6 !CsA߿@b )SpY YkBM.8ׂCjcD x_rL-LBHdR[9wWϰH]NvPS^4Jjm_oV? WRlž)t"hXoj Y`ԩJ|F{DFVP/;3/Iz#  8eVE&["Hg%&-.o=ؽn\!$ȌQ׮ja p׉t:5}x_' X<Fh!{L(3_X[UQMY Ǩ@LiTF_H;H{z P ©Uc$ 9jRH~<+zL8_/*po'- \y]*䮿-Hɠy[!pXa5fX~}?6M bTp\|ɻ?Sp`I Sxڈ`|@B# CŠ1zt|4;Ɇ|, Ocg̍/J:^V,Ja?7D,U faMU4ҹ )‰HyK,LGASID\V7c2J4T۠aK1a {ovW+̗˒$,N߂zּ,٤.ukΧdb΀9!aXGHL`TVdUPd_]:ܒ~K8x' ) JRz Ud[8 o'Pʖ#i h]/'1,>Ts¾b%DJ-€JDSoȣ|-.DYk} >xW)W~ qΠߓ5GBPȠ5 2ñZǭ^z#EskÝ A[졐QHHn c,j2 @)O~0+X"U/аE NcģH]ܚ+G\:0w{yAxl,N_ p=. C@8  m+$Oa^_[|IJE3* #o\9?n)?d-7%.,7Gz2kz"j _ݯx͍xBD93_OA{fg >D9f(棐z Dn~#s")C;{"T -|Ӗ*z&380^J2]&z7%EvS4I:3ءq[n$G%8² f<RK7~7HƇzj;5:bo>!".pN YZ