libeXosip2-5.3.0-bp155.1.6 >  A dk?I%z &yH@@8iZ]䤆l%nRǩEjrWIc/zAKez>Le[]~<׆jY )bB,. J06FcO@d^ϕk 1vaGh+?myJ(/ )y(~Wyg|DvUAi/ "Ls)2+G}pO,T:y %QT?ksi CEU'tQE|lb@pxu<=j lq]"8F^.≊nwZ5p_6gU&p:[s˟C]T&Bn 4Rj_T^\%c&o 5{Dbఐ& 2yxtFzGGRG>O֙!Io2xFNI1yL[UC3}fiyK w2|EQkirՎҊ. @gZpFģ\}bFajhRԳa r~( h`=̄,w3X!?0@unS8ZRuI^e Tp>A$?Ad   4`dpt  , 2 8 D   '6\h   ( 8( 9P : F<G<H<$I<0X<4Y<<\<\]David Sugar hpj@urpla.netfisiu@opensuse.orgfisiu@opensuse.orgmeissner@suse.comjengelh@inai.deseife+obs@b1-systems.comhvogel@suse.dero@suse.de- update to 5.3.0: * rewrite socket error management in order to apply them to all pending ICT and NICT transactions * add time information in cb_xixt_kill_transaction callback for debugging * eXosip_lock will now include read on sockets * [TLS] allow to accept wildcard with a new bit in tls_verify_client_certificate * [TLS] disable loading OS certifiate with a new bit in tls_verify_client_certificate * [TLS] I beleive there is no reason to cut packet in 500 bytes chunks on ios * [EXOSIP_OPT_SET_CONTACT_DIALOG_EXTRA_PARAMS] new option to set Contact parameters in request/answers dialogs * [AMSIP_OPTION_SET_SIP_INSTANCE] allow any value inside +sip.instance instead of only urn:uuid * [epoll] fix eXosip_event_wait when using epoll implementation where events are distributed in the next eXosip_event_wait call - additional changes from 5.2.1: * [ENABLE_MAIN_SOCKET] fix epoll mechanism for server socket with TCP and TLS * [crash] check scheme upon processing 3xx * [ssl] fix to be compatible with libressl * [ssl] https://savannah.nongnu.org/patch/?10046 compatibility with openssl below 1.1.0 * fix when Content-Type indicates application/sdp, but there is no body * [TLS] modify the code for TLS validation in order to improve logs and details on the connection * use time_t instead of int for r_retry_after_delay variable [fix 1367a34ca commited on March 1st] * eXosip_default_action will return OSIP_RETRY_LIMIT when limit is reached * make sure to obey the Retry-After header from REGISTER reply * use newer osip_timersub MACRO * [bug#60024] fix openssl usage to always use callback mode for private key password, even when missing * eXosip_reset_transports was not effective any more since [5.1.2] [commit 705643fa 2020-07-07] [do not use unless you understand it] * [windows] a HANDLE is leaked when loading trusted certificates * dp layer: handle WSAEMSGSIZE when buffer is too short for complete incoming message * cleaner code to retreive an SDP from a SIP message * fix crash when ENABLE_MAIN_SOCKET is defined and epoll is used - additional changes from 5.2.0: * fix memory and socket leak [major] [affected TCP, TLS, UDP: since 5.1.2, need update asap] * fix to make sure a non yet established TLS descriptor with read descriptor set will be processed when no outgoing transaction is in a state to handle it [since 5.1.2] * fix SRV rotation for TLS [was rotating TCP records instead of TLS] [since 5.1.2] * fix duplicate packets for TCP and TLS when several outgoing NICT are happening at the same time [since 5.1.2] * add outbound proxy parameter in sip_monitor tool * ABI update: modification of "eXosip_tls_ctx_t" - additional changes from 5.1.3: * EXOSIP_OPT_FORCE_CONNECTIONREUSE; new option to force reusing established socket for ACK and dialog message * tls: fix building DH parameter with 5.1.2 and openssl < 1.1.0 - additional changes from 5.1.2: * tls: use RFC 5114 dh param with 2048 bits size. * tls: use 2048 bits for ephemeral RSA key genearation. * tls: use SSL_OP_NO_COMPRESSION to make sure it's disabled. * tls: use SSL_OP_NO_TICKET to disable ticket. * tls: use HIGH:!COMPLEMENTOFDEFAULT:!kRSA:!PSK:!SRP cipher list for higher security and less ciphers * fix possible race condition in sample code [sip_reg and sip_monitor] * new format style using clang-format. * reduce and rewrite logs for readability. * fix broken epoll implementation. (DO NOT USE 5.1.1 with epoll) * rewrite UDP/TCP/TLS (and DTLS untested) for both select and epoll mode. * Fix NAPTR/SRV on windows when CARES is not used. (not advised) * ACK sent out of transaction with no existing connection may be sent later. (TCP/TLS) * Upon TLS loss, try to use domain or NAPTR SNI when TLS connection is not initiated by an outgoing transaction. * sip_monitor: new tool to monitor sip service * add support for authentication using SHA-256 (openssl required) * only use first supported proposed authentication when same realm is used * fix: upon UDP errors, like ICMP buffer size may reach abnormal values (avoid useless reallocation) - additional changes from 5.1.1: * new API: int eXosip_hexa_generate_random(char *val, int val_size) int eXosip_byte_generate_random(char *val, int val_size) * provide more entropy with eXosip_byte_generate_random (with openssl when available). * fix TLS security issue reported by Alexander Traud regarding hostname validation when using NAPTR/SRV. * add support for epoll (detected by configured) // becomes the default on linux platforms with autotools * fix bug #56839: The cnonce should not be static -this is identified as replay attack by some services-. * fix tcp and tls connection failure detection (accelerate error detection and recovery) * fix: fixed a crash with DTLS - update soname to libeXosip2-15 - add source archive signature and author keyring - add new binaries sip_monitor and sip_storm- Update to 5.1.0 * critical security issues * See package, very many long neglected bug fixes * directly supports openssl 1.0.2-1.1.1 (and libressl) without patching - drop no longer needed openssl patch openssl110-fix.patch - now requires libosip2 >= 5.1.0 - now requires c-ares for proper resolver functionality - license was actually gpl-2.0-or-later, confirmed from sources and headers- apply openssl110-fix.patch for Leap >= 15.0 only- Update to 5.0.0: * major API update: add a new parameter to eXosip_call_build_prack in order to create the PRACK for this specific response and not for the latest. * major API update: removal of eX_refer.h API. REFER are now handled with subscriptions APIs. eXosip_refer_build_request removed eXosip_refer_send_request removed * major API update: subscription now handle both SUBSCRIBE and REFER with the same APIs: eXosip_subscription_build_initial_refer ADDED eXosip_subscribe_build_initial_request renamed eXosip_subscription_build_initial_subscribe eXosip_subscribe_send_initial_request renamed eXosip_subscription_send_initial_request eXosip_subscribe_build_refresh_request renamed eXosip_subscription_build_refresh_request eXosip_subscribe_send_refresh_request renamed eXosip_subscription_send_refresh_request eXosip_subscribe_remove renamed eXosip_subscription_remove EXOSIP_IN_SUBSCRIPTION_* and EXOSIP_SUBSCRIPTION_* events may now relate to REFER subscription. * major API change: eXosip_automatic_refresh is obsolete and has been removed. only use eXosip_automatic_action instead * API update: eXosip_options_send_request returns a positive transaction id (tid) on success. eXosip_publish returns a positive transaction id (tid) on success. note: eXosip_message_send_request was already returing the transaction id (tid) on success. * new API options: EXOSIP_OPT_REMOVE_PREROUTESET: to keep Route Set EXOSIP_OPT_SET_SIP_INSTANCE: define +sip.instance parameter in Contact headers EXOSIP_OPT_ENABLE_USE_EPHEMERAL_PORT: option to use/not use ephemeral port in Contact. EXOSIP_OPT_ENABLE_REUSE_TCP_PORT: option to reuse port. EXOSIP_OPT_AUTO_MASQUERADE_CONTACT: option to enable automatic masquerading for Contact headers. EXOSIP_OPT_UDP_LEARN_PORT: obsolete and will be removed in the future. EXOSIP_OPT_SET_DEFAULT_CONTACT_DISPLAYNAME: define a display name to be added in Contact headers * new API options: (high load traffic use-case: DO NOT USE FOR COMMON USAGE) EXOSIP_OPT_SET_MAX_MESSAGE_TO_READ: set the number of message to read at once for each network processing. EXOSIP_OPT_SET_MAX_READ_TIMEOUT: set the period in nano seconds during we read for sip message. EXOSIP_OPT_GET_STATISTICS: retreive numerous statistics. * rewrite/update autotools and ./configure options - -enable-pthread=[autodetect|force] autodetect POSIX threads or force -DHAVE_PTHREAD [default=autodetect] - -enable-semaphore=[autodetect|semaphore|sysv] select your prefered semaphore [default=autodetect]. * fix bug when reading sip message longuer than 8000 over UDP and TLS. * improve eXosip_add_authentication_info to avoid duplicate credentials * if a SUBSCRIBE is rejected, the context will be released automatically * add failover after a DNS failure. * fallback to SRV even if we receive a NOTFOUND reply for NAPTR. * fix route set with strict router. * rename usage of -DHAVE_CARES_H into -DHAVE_ARES_H real name of header. * remove warnings mainly related to socket API (getnameinfo/bind/accept/recv/connect/sendto) * rewrite all loop using iterator to improve performance (useful for high load traffic) * rewrite Via and Contact management: both will now contains the IP of the real network interface instead of the default one. * improve NAPTR failover, more reliable // add failover for 503 answer * improve interval to force REGISTER refresh upon network error and failover. * improve TCP socket management * add a callback to simplify/optimize/accelerate usage of wakelocks in android application using exosip2. * improve TLS, add TLSv1.1, TLSv1.2, disable weak cipher (FREAK) and enable ECDHE cipher. * add support for SNI tls extension (openssl 1.0.2) * add try/except on windows to catch possible missing qwave (windows server) * implement a timeout (32 seconds) for establishing a TCP and TLS connection. * if a connection is failing, report the failure asap. * fix memory leak in eXosip_call_get_referto * remove extra connect on socket for TCP and TLS (not allowed for tcp stream) * fix to correctly discard INVITE retransmission with same branch received after original INVITE was replied * add WSACleanup for each WSAStartup call (windows) * do not include contact in BYE and CANCEL * fix to use sips when appropriate (in Contact) * fix to avoid handling negative content-length * do not start naptr for incoming transactions. * fix bug when rseq is empty but exist * add support for QOS on windows. * improve connection handling/failure detection, keep alive options, in TLS, TCP, UDP. * update static IDs (cid/did/rid/pid) to use range from 0 to INT_MAX to avoid possible collision * other minor updates. - Drop libeXosip2-sslverifypaths.patch: fixed upstream. - Add openssl110-fix.patch: fix build with openssl 1.1.0.- Update to 4.1.0: * improve timer and use UPDATE if advertised, INVITE otherwise. * improve PRACK support. * option to disable automatic BYE answer. * option to enable/disable IPv6 per eXosip_t instance. * option to disable DNS cache. * improve network support for several eXosip_t instance. keepalive setting is per instance. ipv4/ipv6 setting is per instance. improve network setting to avoid conflict upon transport change. * fix tcp and tls connect() for slow connection. * use TCP_NODELAY on more platform. * use Authorization header for 401 // simplify authentication code. * minor expires for REGISTER improvments. * copy call-info over SUBSCRIBE refresh. * allow more TLS error if verification is disabled. * fix if NO NAPTR is availble. * add support for Windows Phone 8. * fix to use cache for TCP and TLS. * fix possible leaks on implementation errors. * add TSC experimental support. - eXosip2 (4.0.0) * modify configuration APIs to use eXosip_set_option * fix bug: do not create new PRACK if it already exist for an answer. * update to latest osip // test time compensation for android. * use ephemaral port in standard TCP and TLS version. * return tid number so that we can match the response event. * use system independant time for osip_gettimeofday on unix platform. * major API update: several "struct eXosip_t" can be handled at the same time. This can be used to have several transport layer running at the same time. * many tiny other change. - Rebase libeXosip2-sslverifypaths.patch.- libeXosip2-sslverifypaths.patch: set default SSL verify locations (bnc#871099) - build with -O2 (--disable-debug)- Remove redundant tags/sections from specfile- update to version 3.5.0 * a lot of minor change/fix/improvments, sorry for not being able to have an history here... - eXosip2 (3.4.0) * handle keep alive for TCP/TLS. * fix when receiving additionnal CRLF on reliable transport. * modification to allow non-blocking socket for reliable transport. (TLS/TCP) * fix tag issue with application where tag is missing. * fix Contact header in request within dialog for non-udp protocol. * remove 481 auto answer for unsolicited NOTIFY. * fix static id range. * initial code for TCP fragmentation. * osip_list prototypes and warnings fix * fix transport matching for redirection using other transport than udp - eXosip2 (3.3.0) * Fix when 200ok include a contact with an empty line parameter. * Fix for replaces header longuer than 256 char. * Fix SRV record with more than 10 answers. * Sort SRV record. * Option to disable NAPTR requests. - eXosip2 (3.2.0) * Improve TLS support and add an API for ssl information & files. * return new error code for all API. * remove automatic answers to PRACK. (must be done in application now) * remove automatically outgoing non established susbscriptions. - packaging stuff: * fix spelling errors in descriptions, other rpmlint warnings * rename libeXosip2-4 to libeXosip2-6 (changed SONAME)- update to version 3.1.0 * add AKA authentication * improve compliance & flexibility * fix building SUBSCRIBE refresh * fix compliance issue with refer-to to-tag/from-tag parameters. * fix bug for retransmissions or ACK with proxy that resolve to several IP. * handle the "expires" parameter to update registration interval. * handle the "expires" parameter to update publication interval. * handle automatically publish refresh, and some error codes (423).- fix build with current libosip2 (MD5... -> osip_MD5...)obs-arm-10 16847502425.3.0-bp155.1.65.3.0-bp155.1.6sip_monitorsip_regsip_storm/usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Backports:SLE-15-SP5/standard/efffe8d914ca8c9f85449d68da892f64-libeXosip2cpioxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=231ab9445fe33f52001420412ec9c18b5156d60a, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=598a97ee19adcf8f0cf6e6d13dcbdb43b9ef7e75, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=204a5d426e529be84baf42528fabe442bf99a40e, for GNU/Linux 3.7.0, strippedRRRRRRRRRRRRRRRRRRRRRRR!pd Wހ*(utf-8e1168594b8c4cc1671737bbe219adfc54e1aafade4d091c6a79b9f0ac61e4308? 7zXZ !t/5] crv9wCr=$:u^ u[4 isR:?43Jۺs-:V'(Z@O.s}WCA鬝gZk#,|^s":!`8:[?~7F> o'?V++Mg.J&Y:QX&gz@6XYGۚqp7V)d6}AostF3Mx6FCxMӰơMhS0cktP/Ӊg=}U'J"bJ"rH#fSSjZԕ} 6( ri~'DS@e'..??P7))acieclcXZJ NUqntiXhtqyɵr&➲E8w؈hp)!.gԽ #'fL2:c)[1+P\ ~KÚ($^bn5>$%%PYx8G嶨-x"0%dռ@%"c3Yp΄hR5R0fl{!T-Fٖ\̐?CwM%wq7F>T;&rZ>r*tʺV9I@j6anH725뵜\k -}39W2iG#"7~V_3 尖߫ d;UD@<~ HJEdWV̶ǥ#WV)n[1S2)m6羜BC94KN- 1~e&j$<@#xNʱ#00pv$-ӵ -"ݕҜRhcj'ds29Ϡs6_.JO8  @/P[,&+Y{I@&рj;L᥸GUq~G%BkuS.^Y*Rs F'zhA}& FcB20oî%yks+ 1d8D<,[h8n+g4(-xǘL`W.6Lv.k<;@ 9He+eku8O**$$ē%zknL C;Gˇf8a~,ډ"^m9{ IAN|"*t~ۿ4wwv~H(y󕑮iO$T!z|IxxVHt%0@O.,T2y*:8:Qh?}/Wa2!a?I&TP^kI],U?Jԃ/^0:j?d^w1^?ӍLUV%s#tc41l]}<|/B_ĚV'ڛ.ߵI㹢=͡t=3vB_E뛝cĒMV,Yx3}p~`Rg/ٖ63]H5$ $@ ~ ʿHLޖ TpSÁwI܇X;aYU)wa7㼢[uR@b,z`pA+3`_}UhoΦ `|9myX&e?akLHY$BLeVYD~RnB\u:j3]򠇾cƐ0w;[ ɤ._|>[?w,T$t l({:Ae*,\xhƛ&K˴ۺdlﱒxNtDP>xZ@Q-cg.Y!ڴɩ2?X:0vtǠH4Mk#8kopfyN.kCrǧ>erimw, D]pXR_f6K&S,`<-k ӷOM<f^$OÈ.Bo /=FGtLfFVW;9nypT4GvW;ٓ^STe)R.TlA[Ň}OU17#};PՈܢhiwRVh$m$:S9i]Qs~|%D8CYHپؠ[w7`U#VÂdcȗ5W5`"lDl1O@<%,1.OVynUjA뙨;c+`iMΚ!=pȓWAU; k('^zHd#%iՏPr0x;qxO;CIeZM}BɈj#H ,;P 1a|'ysz_PjoLMo^=>Ѧzєo'Ni -hGEHoF| 0V _(Y)k1@ ;*3l&HxO`Ev G}?'PP16 nUIN6ΒNBZMBzϒ`5ҋ2ԝ:{ _p_{Ꟍ ?pYT)[;OZ&aZ`ڭTUj`5s CD!t Ip4@Z5xG⡭u/Kv*'aT!Rx RWmG/7?luZv lDkK)3y?2 aJ #53L-}:p4w#5ߍƗFg^::PK#o'MQB ]nOXl0$Y~+cA\u5cX3-i:[?A[O5~;+*CM*ef9š'! + *<_q0XH&?}0=> 05ۂMw]/#4J:fYhQHi0_n5vi:u~fܗYCҖU$q48ɥvF@Bb3a<8vhY9]M oIH% qCu_r~ځn)a?&cv3ҚȫGu?ʰis2F(K?yrxvǾr1Imq$U*VUhj h^nb\m_l/gfdfp*ӬȬf(qz(vY>K8u,v.6 VTǔj'yRf6;OBs7pcogd)/ vՐ3e.XjV,,(GVTn>ͫfӭZCmY952kш+[l+HkolWl#JK"6nlldi&^pUI5+!vR_庴B1 Bh ykUMH@:{&t-+52ݒНu(^aNCjmT۞s]xht] WxI;ȱۮ/IT4b ˖E?1mSc!WQERS<{#;Rˆ V#Y v!r͸b+s&] ,2zVK`+ZHiR t;ج`}gub9* Hs \튯T̟ \z/-XQ3t(yϳ'C;:8[Q" 0+o݁vS%ZP5[jB _{mW  kfM >i/%*nG@)m]mq*t7C2:^Wp>|l$(ձls|ciDH%(!y_2=sSYMҿ#g8T1`mޗk"߀n@V[%y0 VoAlVHU4]D8M{cmrp t:+wQ8Bz쫐, oYƺ3mZRyR:yUu / T~zj;ɀs? /1㞲qe?}.!&"#[e8cОN"9 IY66hivQMp+ \*}A1-Lj:%+zGnD+,ReNw( t\NdBeS%%Ym˰+N1rl)!m G^i &K2<e0\Lˇ0GZ:iV ڲ=),80/&d?E&忊<$#8#]dB`֙9Oz⃠W(_SeJ8.NsMde/;6y?E6 '2ȶF̾Bm<u[BƏS5Pt`#e8(TA\KfJ|H?i j/ɽOCl 1} 1qYvCϩKfbݞ[٢_UdBR JXC+WN1ώ\\1Mq\QYI6=!=N栋,cj/H_*;-.Ķ¦@Q3CV5cg|@LL:!z0S^9CJRL+NK82m<\jebA"vNX(ier;%#GdJ!PGkyR(NI)گϻo!!htryFf%6sR {D3d%32Hl95͕ h1\ƩV D"ͭ4o@z)aHRvHLW֮nFpi/afG0 8U.i_P0jk-<+E N1g#r}敜cpSɒX6xya,}Li#5&8uOZ™nA;Z%̌d$j`iר"LU'"V_*+VGEUE.E~Zb 5Y^-+8nh7!imHSP/lj-j ͔l# Ȱ!6KӚݚA^jNݫl:>G(~=pߑ8$6uk)@nh<.apĶ5e{ :[&wn=gK:3!1h\r? 7 udb݋GH};ƞY{A(@Cxrĕʭ=lL3D=Pot60[ PPڲA@-Y:ïGc{,DE7ta %tQ♢y a(,yʜ,ENk3 {v&7焈2 1mdș@6](;$TDk-DۋxUd,T \5uC:wlq-V;,_"مdFkl^0)ϏDÝj6[5rrAgj-w$a5Ï[ż_Ŏdyɣq 䳛J[, OYj}r3$< f}=>c ~Q&]h(14{N`Y yVJP$D/1؟$,ET6w@$A;"Xډ$3>h8 vzAPzzީ)n'U*cK `2lT6"tspe}ތcK $ۏ+:8Kס䩺|aDTnr?+os7: LԸj-=2ˋq$ZIHKg_du}2Ms:WS?~h#;CvsV&,Lp#>n\6Z"Rlps3h룉QX؇)}S)Ic8U]w`{COa;GX}v?蚥mTĢÑ ~ >:rQFC>]p^)).%vM.[ɟa7}%Qy 2ZG6DW(.|>DŽ?NA;eJ|bтz)fD+u47shw{<>}T6(,;%ۛLasO'%qA#]%Y蟢IďάLE%Zz~=63l3uNB(5Rw<-ožO&ɚSP@t&jn_i#Z$+v KGG]ʪ5߃YkAxXHf]cBҚ|a@Av^bRNLGC~bbs?;h iӠj3 rcY&~.~*}y?{n#@L bŧCi*<2oXY,$G]C%X[(ԟ'k+zNHcSF(IFNJ#.3wAT{,Prw&kNb7w y_~GGl)~nwӫWh7>5"<@Tat㬙S2bz8#&C۩EkF(HP=x:ᴏBpE-B֒ ysp+8VZH:PA if><|fݡ=vc8y UF1t ~0 W@1pE8hQ"î}y2]Ȋ{4xE!!y&%q]M61F\O<A(~ gbt&/nCڮ.5蓜?mU{Y譽lTp߆R>W3y1^ftm)0ڗua N1&"p|pRN$;U\py Ϫa !E4\jt2!:nnW8+XTzϓW[+WU}bt4G\-׻i|zPK(}W&X-_\kᗦ.D"W &7GozDq JN& ̦H4-H u֒+vԏ Gާ7}{nn?ASt#D:WYH"zat9 E_oUʓ%y$}`7ҧTw v;3G6n,h|*A;5NA$u8TI% wOumA 7U,?|[WF"b6-7p?ba%i2wP`'!ԔR V XT!]ܰv__42e1xLJFe`O}Q6U9FY:b0d?Gue*ShkP >%UImOg>!J24n9 C`bӜjPT|!^zT^J 娏gc(8q&oJt#:TzҹE@ƯՃ9V!t@~3UqLg ,H2#9 f#҈t}L-o mѫ #[*.b/b[ UpEBÂ-tҀ7COSo&[G1$$eoϞh}@aSpD,VW&49Ͳg;۝`'ift1óu2'w ⾥?sA4'VDXU,/4jU}\rK|{k0.HܕcxbPuve݉JtM+P??fi{OvkTRcBK0N2ͧP,A :ah(mlĉOM#&JMݐ[ɜ>H4cp=y DXe+uo+tK㪤.3,*%|'((:8=/d½KL=m^{Cz+! `OҮbF Fuk(b.sZx;|`Ⱦ\YVlM`8υ n+4οGu4a3"O)1$,ڢlbRW?kTm:֎ 7=c0E)|@<"X&!T**M~$6nhmclժ@ZXfh2P .Jm5pt5:=8E-씰_.@Շo/pn:QN)jl 5, J*U'IR]'C3@{9GC#d3&\Þy >R!|TS> 9vR8r]3޽ju?@ޔYmHK*ADf/\Mߟ*q&s msǞrJ´+|S|y|IJO+pg>5P2߃)~4{uDK# 桱D:8v]^%w"   tv c \qz7Sc@ w%e 'Xh4!XۨdC=1W05㍮Oت`X R K*[.,z_ |/G)`S)"7|GX q7Yju(bW,T ȪMlDcBMEcE+@W {r$w&<\^y¨+^= \)XOjȮ6q7]&BQ*IW*^հn#"/)2+_d*#lh^!OzO&A]Vtu,A( SQ>DpD59!*!p,΋bT~LS΂ Z?,vFW}Ը ֨u aY&A$ 80b^C'`5aTYoKG'oeJ!a ӳk1IjKWc]RP70g_/V бynUI6+a4e|Trw7ȒȾ24eq޺/{t[7 i2eɗyK NԹf8`G1$a-5Xmxƌ'۸$Kj KIhK1k#}nS׍4s- n80q3ll;CpxC#>Ա%g :L,雼 ŮEߔ0zs.=xq1IPGcD!EzC=5}Xny& u];!l1_\E܀+tSr># GdYGKJn }@JAufwF[Aމw OC20+ZrFJhVLVrﮅ l 3vi x 'T&QR?:+ [1tJNZN}ѓ<¼$#Zw_ wp:dUtghBV>VZ*/{|F@?du 둌c4uuLSe';Q}DKԳh 8EWy]AIJ4iZY٠ UIF8 yKN_7d*xW^ 3{%05Ɏ0G7I"</}^_hӒ[AE2Y<>- -eЁ ׄ%DW.{Q\H`spІ+7(fWqSsvn/{jØܚrZNJSPv 2juN`1/B v8B'\Qun{Y*T88\LP@'Amoj-tz&GDujGC(@SpjVЬѦ4 g&ߡWɗȪ^3j;tBSkd' õ\i]F ڋdo:Vy8QRgCk^"UI 5*VaXrA_5^<viNTAu騢|zB/ј:-4;m\m$6e9Zۺ~x@fh0MlC 7R.WLv*ArOc{ [. ( }v448˂ b7a;'0N -(]hͫyOoO0C^Ebܓrp*DQ(6U{~k I0Jm:2H8S!^x3y Qũ` N`%Ko[r{Yǎ(6(CLwi¨(hqc /DJHv {_SFX8vYhm=ڗ~ |DW&h2[r&Bե8qN˔FJꪇY}4 5ufeg:Xܱ#҄MSq/?x3W"&(rBIt mw"c]kxrԱ ˔bW)۱$ \} hPltZ_EygM]=Vd tݘ:'x18&Q:(D]%t|ԂQk:zwα8=H8/bBC'bqhKZoC*ŢwJW߷U^x1$qeU= *e,Jd(m2*ʑ BgW α%o[P\TU,땣ȿ%lpl6P2q?fRw!a&JfsZ_^ZRiO;L=|衼= .)VՑY̖^J\%94( nk+Pt@-4̤VM1w