libopenssl-1_1-devel-1.1.1l-150400.7.57.1 >  A e'Cp9|Ԫ D&v cyu?Mk˭B{ 5k05ycvLq p5XHe!5lSHJtb$(U>fri.r^`J`q=뱹0RO1Zw|%{ \`t [tqWYǁQA8X Wb tT? nkDBr{aK\␯uCA8B͎Eّ07636b9dfc6e7be4bfe91db64b3eb7e94402e8b8f24a2d9237149299060fd33fd9d28b58edde9be9cd2e155c1d504933a3b72e7bU܉e'Cp9|hqiz.uDLg[Dq@15˴djE/04t{92č%:;. 9':Vw:n2u (oo^E{ RfhŧPCM";!K[fb¦\'5nmŐaV+ igmAOXBF=IyEGpG7?7td , J $D]clr4r r r r "r #Lr%r'Nr))r+|+ , , --(-T(-c8-l90 :<4B%|F%G%rH'rI)PrX)Y)Z*[*$\*(r]+r^/b/c0d1)e1.f11l13u1Drv3 w3Hrx5ry6 z67 777$7(7.7pClibopenssl-1_1-devel1.1.1l150400.7.57.1Development files for OpenSSLThis subpackage contains header files for developing applications that want to make use of the OpenSSL C API.e's390zl31a SUSE Linux Enterprise 15SUSE LLC OpenSSLhttps://www.suse.com/Development/Libraries/C and C++https://www.openssl.org/linuxs390x [9_ ^.[7Vw+@4 k(?+0 eC> 4'w *"IffAeG,,.(-(373$7*((T$;  u a>~" GA큤e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'e'f6ba27e87d97ea578f01540a8f84b7eab05d42c178badce712d0cc668d8a9981851313b1176baa3d6896aaeeebef56216ebdd38dcdabb39b3eca36b6645352bcdb4883ed3aa74e07338001b31ec7e3e68546521c54bbdfe68c473b33f8511ca6b89b16216ddd35f028f5bfd3fe0db4f2ead6c9415e7749b7115b0393b427ef2f2702f569302248b8228e493177cf0a469f127f1ce5c76bc684bc90fbdfc45743ef96c716cac393f2cd6da304af029155ecd9f021869cd5a4c341ebdf249036bccacc9ca951aa523d3ed6b9df2366022633925a6729d30cd134a05d2ffe5fb15678b055555957eec2bfb4ce5f91b27bdcfdf73128026be9ce85fcca0126fdcd3dad29fe4ef37fd7c4b256b690caf9371a74e29981f6561b94436dac54a61bf74b813b2c7cff888b5b709b90d4da584afef59b5ce1ea888617d682f1af48578faf8f79b29c5ad479186acaae962a598d9868dc434fd5fa49a008eecfaff1b998cadaacb00f416075ae470723f764d0ff9703f4a5fc31e881e1be8937631de7efffa4fa292b903cb8c2ce1761ba4980cf5bdfb66dcadcbb5c8aecc45b012bc64c23722f6ea87711b7c0cb6ee29c15762c2839e5ad17b9ef579b6e81b6121f035c30561bdb2e985458e809e656c60e4bc83e1d6707746dd8b5badbc10b64198d4770a14c51a129b3ae5795dafd98065be0bb0cbf00b4d4528e85adbf629966f42f5375bf95d1da118ff1e2f143ccb7a564d949de440097b97a49725c03976e167b5207e4b0a779c957ef9026d69c0cb5a621ddc2060af967e0dd5e91ac861fdfbdb2086aa0b661ba9de9618afc948a4d1a82df970a406f6c5bb6fa60572a720a62f098a877c62723e6042e4e4740cd1a6e7799df752d9234386d73a28a098e6eb31cf64be205d08af2557187ec19c03678aa9e29f66e428de29cebdd62cd7c3b5515e54341e30523dadc09d821366f5afb13c9286d540b34c1945406918ed588fa21175f86b69b58b0cd1da6c9b27d87ab4e4ed52f37dc76b7895c210c43469504ebabfe26485cd43a80e0c476e628979612ad28a635577baf68eee476850425a498a1296c2f27189183a001af9e3a5d3c833069a6564971f5966c9ed67c5c79970be752d7d3da32a6c009cf264450726367fd69e7c2a4c185d580ce650021d68e7ab27aaf0d39609500b4fce3b3b65f6752116acb30420de1d53943074a481043f0ab6e70b52e341247c4b217883980ff1e98e4453d1020b0b038cdbf096c4ab8a53cb68fbb498e34e19e46f9d41561596ab69ccf78b1d8bdf2f312e892c060015f575c0b5c72675a6d5f585fc7efd6c4fb327b7153d389081a161933c1c34634ba1ad650e827ce2343f2f763b19ca8edb2f4240c6f3f893974485f0976e4b1fa12390d012756c0a7b90a02d28fdeb7d580fa58fd79cdd4eacd9f2fd512558c6ed6192c31d286f90ee299e07901a733377dce5d0d11aea35e137e9414b8b71594ba7304f17cc9998bd7c16539ae9a5ea545f2e0c64086d5e688caba104b6a7ffecc87c55abdb4755ffc04cd5e35a36d8b1ff2f19f3d8b9c7ef10357a78ff887503b2289f14f11e75ac739d1123651d16e841f3c74e36daa483c1fed9f8c5c144720115f55dc938075b1eaf0ca4c0c15c242f380ca09112ddeba46bc603bc8ee509e95fb89add3bd32b6d43dcf1a51d1839b915e774d7138afaf618e690efbf414bb95fb89add3bd32b6d43dcf1a51d1839b915e774d7138afaf618e690efbf414bbe7dc092ee4e49a79c109727dbe91bd5dfef7ae0edf1dce224937059ebe8fbf800db45763a43c17d78a4a0b3fda207ac0be4781ebdde45f04fd4b07a5ced460866f3d1e91ba1b7971929530cb8ac3ef934c0b82a8cd459caf224e241a3e5ad6e91447263f0a840e8135c586e16c3d858cee939deddf4fd905e391869809b4daa20d1e295f6795c28e2c9f59a9a4ea4326ef3de390086aecc41abc015844ecf713a25db04f62146f597983b908cf63856c35fc5be2d56d65f38f2e686daf25d11c54fc9b14764bc276baa946b90983325283e4754496778579231e8a73a8749e59641a5209964370995d8fb477b257a21be597e21c769263156661515ea2a6d50e052e49c246119d06d4bdc734608b7fd9e0b1835dd2d6aaed8710a464d099257276386c2273f105f54c5749f2fc854573c371ab185f9248ce295a748e126caae8bab682c5cc06027c82d126ed8e65d7dd9dcc75fa464ccbc95d7f168bd69c732d89b0f9ecc3955557687e5ec3e5f8600545a0f3fea614766159d6ba0c55ab884b8109537cee52954b774962dd7da73ac5e4a1a88b0520e1786b5e9f6457c1b4711036e20aba00e0585b96b91a00ae7792dc12501160e117d1f824833de7fe37529e28f0a8d5e2297649af298f5e3209d32fe9486edb1793cc698a757c9127066203d3fc9dceec6c168d219eb9f404ca08b478d5521622834bc24b7d45945702e4a0612a8f7e69e3bc166fc186ca44be1e5b1d020b5da8b5be021f73d48c270b82f13b01ec09c45c2634673d1b9b1a79adbd6ec32bdff94287308e2bb27408e537f4e527987e296a26fc1c06f4f896baa5f457b7e67f94957d176eed469b0fe602dfea0378e40398c6625901ef3597fb225cea86755b1634c2996800901a7db0c44018d7c54e6f19c3230af063f4dbc8523f1450528a4af15a97a0a1ff3fb3ba380ec7330c122ae2b3174df95ddecea65ff661a6152cd0192529dd1411ef3f62a15c7b96ad1e8940a4703f7549fba6413e028a3271e21d86b90593c346b4d7ae6bc73a57b1919601ff8c04f2dc9c62dbd130ef2d3ae39bb0fcdf25bc9e6eaf327a0a0e28375f57b48d6c7229b4118ea993cf71a8a45eb697ffa34c9203e531c293f5e6b7aa4728ffce4b8f8500580020dd9bb860bfa9895bbcaa5af7decd9496933a90589e6e7d9f4b23b6cb24e4229ac30fb81d9677080c2b2a8ef4d552b9c8cf32d62036d0c35d03fe7f7ddaaffe3caeafcf984ec16e4db7ed19d3e202e9d7ba6833ee5712125d1ce8f7b52437a752e40c2f4793276859a8228c0de71d35c3e0d91c6016f3c1ba70683b92fde55500ec334777defb6486c41b0a9c4e402aa29597c129c6c9a493d7e5d3af123d96040d87c4e54fc5e41aec450832cb32a634d6b7340727a0480f351823b669f55cd3989c065d373c8cf6ff8745b8356f61d5ffcdc3505c9bb9168a6fad434dd9d9a49ad630b9ae9216bd665b11051e04a709bcecee11e9fbddab20f78a018009e6a2daf287ff5df00679298b137fe9996d9386816fc66b1431d960966f5b3b04fd2760e7391d6a298441e4d571c2303150870c12379cc0a7f168cbff8e08828da72dc0e87773bc6c3bd14c4b57506339b61fa585e01e2c33b07372f559d03e9c7437a2985ccd065d24873e2069b0c0c566c878ec2b9196898bbc45ff2ab00204f93a6f20c974225510f29097ad69a6eeebcdfe6fc023442f524349685d13d50854ad773b12b8c7a153d72d615ab27dd4a3d609c238954a1df23f52362d6e5fa78df2c7a5a2ad6ef9536e489f0a23295efa0cab8c74b93c10a9e83abc17ced3a8021af7506f39a0fadab07b5db2d4faebcf68b6509c4db9081195cf6c9e5fd4683890aeb39509f2997a1989dd5a57cf43039bc275949d324b5d068e666cdcf3dcca53f28d33a788736dbdb476b888ac035dd66f57665dabb37f4f0bd853539d93c64cb8adf37fd9552dc9fad215cc8f47a991c46bf2373dfb10dc5cbc626cf2fe86b9b1c82373d799bdd6be13eedaf7d4540d550bb6745481ac56b67f450d09033e813bf8f6a5f2025e90d5eb539eab1ad5e32382a08bf9a866dec1b7deb66b4077690cee0f6caf91eb00136c5eed4e8d943d06e50e2dd5df6a0db219091cd1c6768a6d319ef6485b16e1f361fce4306784762636106e58fc967645b1312362dda4da82bae901662fdd300cff6276d796b94b877fb557a32488ad44a25420abff8279abd0bd1f4ab768e73d3e1d5c2dab36c0c5d04cfec2a9f9da2aa299f55884215e200b490a6e0a9423255262648bd8a6d1c054a3c784ebfab631d21bb9b7db3ce38167acc0299e8920b5ce6e419a3736930a45ba803bbe14007e494bb24b2ca954f6362ef700a10480efa3d2f3acb159deec1105bad1a309d3122a2cfbdc4098a33e33d50c8118e70bb332f3b7d6ef2bbb58071c66bcc03ed5c2a24f1964f45e8d1a633f3cb4b183c718ded3e25312f8c4e00c9e026a5932a2432e3cdf7defb789610c4272010e51e5ff0471809eabb7aa2dd4104ca8720332b9852f4725d4660a6cf77a52b587e7d96ec263e996c1d0ae2f9bd039ebce7bf6b6e71fc9667e44e017fc0cb7c79c023be1c965894e61b79238b6e1bbc8c53e4f7c054768dec55272d001dfbfee788a85ba8b0c069e08cbbe85903696bd5b9908530f8a8578fef47721f47f3fe8507bac7761473e925e942159f5ea3f5d2e7beb3e81db8c23c6e618e38e511c213fd93a11ef51b9ae4ad03619bb39377c702d9765547ce95f9e758b46a54ee4e2689f892033cf2a4ea57d5d0b38750722d1737083fa8caedfccd3bce574080e35692010d2f91dd303b154af69f1b8b356d649da24236d5aabdfafe047b516b2008d8d5d09da5e99fbc4b4a98cf621ac4c38a89bd010656ca00937773126a7ef348b29a14b04cc5ec5c095b531622499b9aaa546957c802da9aee36794c24c9c7d2e105ae69b47841ecdac6b7a9194b49c21e2cfb96924306d06fdd1df761948e203a9408d16899e5e7abf3c873d17dcca277cd6f6373a30a6e07e1a2c44024a0b980ccccc2533d78bf0c227769029b42ddcbe7d4a8d23e1e6fea9c6ef6c4afe7222ee2135298211eefba3ba1720c3637d765a07a07890059c7a0e24b62af43ddde3d433c4720596e36d8b4d82a54fa7e449d3fef6d060b59f6d6dcbce8af377cff0c3343e79d42619394b9c8bopenssllibcrypto.so.1.1libssl.so.1.1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssl-1_1-1.1.1l-150400.7.57.1.src.rpmlibopenssl-1_1-devellibopenssl-1_1-devel(s390-64)pkgconfig(libcrypto)pkgconfig(libssl)pkgconfig(openssl)ssl-devel@ @@    /usr/bin/pkg-configjitterentropy-devellibopenssl1_1pkgconfig(libcrypto)pkgconfig(libssl)pkgconfig(zlib)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.4.01.1.1l3.0.4-14.6.0-14.0-15.2-1libopenssl-devellibopenssl-develssl-devel1.1.1l1.1.1l4.14.3eSddgd!dddw6dkY@d*dd'@ccccccƍc{h@ctctc[@c=qc$e@c*c@c@cc b?b?bblb@bbobaG@b4t@b0b0b)@b!@b b bOa@aaar@ar@aa@a*@a)@apa=a+va@`m`Y@`?z@`>(_j_~@_Wr@_G@^^t@^_@^V]^O@^E:@^C^0"@^)^(9@^&^&]]]]n]x]v>]g@\@\\ac\G\G\A\@[0[ @[u[u[r@[b@[Xf@[Xf@[2*Z4@Z4@ZZ2@ZH@ZZv@Ze@ZTZOZOYYKY@YV@Y@Ym@Ym@YOY, @YYY i@Y @Y @Y @Y @YtYYX@XXXXXh@Xh@Xh@Xh@Xh@Xh@XXXXX@X6@WSWSW_@W@WW(WWV޾VՄ@VVa@Ub@U'U@U>UzUyx@Ua@U @T TTk4Ti@T\@TFJotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.compmonreal@suse.comvcizek@suse.compmonreal@suse.compmonrealgonzalez@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comjsikes@suse.compmonrealgonzalez@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.compmonrealgonzalez@suse.comvcizek@suse.compmonrealgonzalez@suse.comjsikes@suse.comvcizek@suse.comjsikes@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comsflees@suse.devcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdimstar@opensuse.orgvcizek@suse.comtchvatal@suse.comschwab@suse.devcizek@suse.comdimstar@opensuse.orgdimstar@opensuse.orgvcizek@suse.comvcizek@suse.commeissner@suse.comjengelh@inai.detchvatal@suse.comvcizek@suse.comjimmy@boombatower.comtchvatal@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.comtchvatal@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.commeissner@suse.comvcizek@suse.comvcizek@suse.commichael@stroeder.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comnormand@linux.vnet.ibm.comcrrodriguez@opensuse.orgvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.commeissner@suse.commeissner@suse.combrian@aljex.commeissner@suse.combrian@aljex.comcrrodriguez@opensuse.org- Displays "fips" in the version string (bsc#1215215) * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch- Security fix: (bsc#1213853, CVE-2023-3817) * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Add openssl-1_1-CVE-2023-3817.patch- Dont pass zero length input to EVP_Cipher because assembler optimized AES cannot handle zero size. [bsc#1213517] * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch- Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch- Check OCSP RESPONSE in s_client and terminate connection if a revoked certificate is found. Add OCSP_RESPONSE_check_status() function to do that check. [bsc#1212623] * Add openssl-s_client-check-ocsp-status.patch- Security Fix: [bsc#1207534, CVE-2022-4304] * Reworked the Fix for the Timing Oracle in RSA Decryption The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. * Add openssl-CVE-2022-4304.patch * Removed patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch * Refreshed patches: - openssl-CVE-2023-0464.patch - openssl-CVE-2023-0465.patch- Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch- Security Fix: [CVE-2023-2650, bsc#1211430] * Possible DoS translating ASN.1 object identifiers * Add openssl-CVE-2023-2650.patch- Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch- Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patchFIPS: Service-level indicator [bsc#1208998] * Add additional check required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch- FIPS: Serialize jitterentropy calls [bsc#1207994] * Add openssl-1_1-serialize-jitterentropy-calls.patch- Security Fix: [bsc#1207533, CVE-2023-0286] * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address * Add openssl-CVE-2023-0286.patch- Security Fix: [bsc#1207536, CVE-2023-0215] * Use-after-free following BIO_new_NDEF() * Add patches: - openssl-CVE-2023-0215-1of4.patch - openssl-CVE-2023-0215-2of4.patch - openssl-CVE-2023-0215-3of4.patch - openssl-CVE-2023-0215-4of4.patch- Security Fix: [bsc#1207538, CVE-2022-4450] * Double free after calling PEM_read_bio_ex() * Add patches: - openssl-CVE-2022-4450-1of2.patch - openssl-CVE-2022-4450-2of2.patch- Security Fix: [bsc#1207534, CVE-2022-4304] * Timing Oracle in RSA Decryption * Add patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] * Add openssl-fips-DH-Pair-wise-Consistency.patch- FIPS: Service-level indicator [bsc#1190651] * Mark PBKDF2 with key shorter than 112 bits as non-approved * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch- FIPS: Service-level indicator [bsc#1190651] * Consider RSA siggen/sigver with PKCS1 padding also approved * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch- FIPS: Service-level indicator [bsc#1190651] * Return the correct indicator for a given EC group order bits * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel [bsc#1202148]- FIPS: OpenSSL service-level indicator - Allow AES XTS 256 [bsc#1190651] * Add patches: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch- FIPS: Default to RFC-7919 groups for genparam and dhparam * Add openssl-1_1-FIPS-default-RFC7919.patch [bsc#1180995]- FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] * Add openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch * Disabled test 15-test_ec.t in FIPS mode- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] * Add openssl-1_1-fips-drbg-selftest.patch- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. * Add openssl-1_1-FIPS_drbg-rewire.patch- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046] * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] * Add openssl-1_1-jitterentropy-3.4.0.patch * Add build dependency on jitterentropy-devel >= 3.4.0 and libjitterentropy3 >= 3.4.0- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] * Add patches: - openssl-1_1-ossl-sli-000-fix-build-error.patch - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-ossl-sli-003-add-sli.patch- FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] * Add openssl-1_1-Zeroization.patch- Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch- Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash- Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits- Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script.- FIPS: Added signature verification test to bsc1185319-FIPS-KAT-for-ECDSA.patch- FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch * Known answer test for ECDSA * bsc#1185319 - FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch * Enable tests for Deterministic Random Bit Generator * bsc#1198207 - Bypass a regression test that fails in FIPS mode. * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch]- FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch- Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch- Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. [bsc#1194187, bsc#1004463]- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version- Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch- FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch that were removed in the update to 1.1.1l [bsc#1185313]- FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num * Rebase openssl-DH.patch [bsc#1194327] - Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch - Add function codes for pbkdf2, hkdf, tls and ssh selftests. Rebase patches: * openssl-fips-kdf-hkdf-selftest.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792]- FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch- Enable zlib compression support [bsc#1195149]- Remove the openssl-has-RSA_get0_pss_params provides as it is now fixed in the nodejs16 side [bsc#1192489]- FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] * Add openssl-FIPS-KAT-before-integrity-tests.patch- FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] * Add openssl-fips-kdf-hkdf-selftest.patch- Add a provides for openssl-has-RSA_get0_pss_params as required by nodejs16. [bsc#1192489]- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742] * Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch * Optimize AES-XTS mode for aarch64: openssl-1_1-Optimize-AES-XTS-aarch64.patch * Optimize AES-GCM for uarchs with unroll and new instructions: openssl-1_1-Optimize-AES-GCM-uarchs.patch- Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled.- POWER10 performance enhancements for cryptography [jsc#SLE-18136] * openssl-1_1-Optimize-ppc64.patch- Import centralized crypto policy profile from Factory [jsc#SLE-15832] * openssl-1.1.1-system-cipherlist.patch * openssl-1_1-disable-test_srp-sslapi.patch * openssl-1_1-seclevel.patch * openssl-1_1-use-seclevel2-in-tests.patch- Update to openssl-1.1.1l ('L' as in 'Lima') for SUSE-SLE-15-SP4 * jsc#SLE-19640, jsc#PM-2816 - Changes in 1.1.1l: * [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow. * [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns processing ASN.1 strings - Changes in 1.1.1k * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) [bsc#1183851] * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. ([CVE-2021-3449]) [bsc#1183852] - Changes in 1.1.1j * Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field [bsc#1182331, CVE-2021-23841] * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash. [bsc#1182333, CVE-2021-23840] * Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. - Changes in 1.1.1i * Fixed NULL pointer deref in GENERAL_NAME_cmp * bsc#1179491, CVE-2020-1971 - Changes in 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - Changes in 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - Changes in 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - Changes in 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Dropped the following patches: * openssl-1_1-CVE-2019-1551.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_fix_selftests_return_value.patch * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch * openssl-CVE-2020-1971.patch * openssl-CVE-2021-23840.patch * openssl-CVE-2021-23841.patch * openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch * openssl-1.1.1-fips_list_ciphers.patch * CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch * CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch * CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch * CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch * CVE-2021-3712-other-ASN1_STRING-issues.patch - Rebased the following patches: * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.0-no-html.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.1-ssh-kdf.patch * openssl-DH.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-fips_selftest_upstream_drbg.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch- Other OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. * CVE-2021-3712 continued * bsc#1189521 * Add CVE-2021-3712-other-ASN1_STRING-issues.patch * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521 2021-08-24 00:47 PDT by Marcus Meissner- A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. * CVE-2021-3711 * bsc#1189520 * Add: CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch - The function X509_aux_print() has a bug which may cause a read buffer overrun when printing certificate details. A malicious actor could construct a certificate to deliberately hit this bug, which may result in a crash of the application (causing a Denial of Service attack). * CVE-2021-3712 * bsc#1189521 * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch- Don't list disapproved cipher algorithms while in FIPS mode * openssl-1.1.1-fips_list_ciphers.patch * bsc#1161276- Fix NULL pointer deref in signature_algorithms * CVE-2021-3449 * bsc#1183852 * Add openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch- Security fixes: * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback protection [bsc#1182333, CVE-2021-23840] * Null pointer deref in X509_issuer_and_serial_hash() [bsc#1182331, CVE-2021-23841] - Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch- Fix unresolved error codes [bsc#1182959] - Update openssl-1.1.1-fips.patch- Fix EDIPARTYNAME NULL pointer dereference (CVE-2020-1971, bsc#1179491) * add openssl-CVE-2020-1971.patch- Restore private key check in EC_KEY_check_key [bsc#1177479] * Update openssl-DH.patch- Add shared secret KAT to FIPS DH selftest [bsc#1175844] * add openssl-fips-DH_selftest_shared_secret_KAT.patch- Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175844, bsc#1173470] - Add patches: * openssl-DH.patch * openssl-kdf-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-kdf-ssh-selftest.patch- Security fix: [bsc#1169407, CVE-2020-1967] * Segmentation fault in SSL_check_chain: Server applications that call the SSL_check_chain() function during or after a TLS handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the signature_algorithms_cert TLS extension. - Add patches: * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch- openssl dgst: default to SHA256 only when called without a digest, not when it couldn't be found (bsc#1166189) * add openssl-unknown_dgst.patch- Limit the DRBG selftests to not deplete entropy (bsc#1165274) * update openssl-fips_selftest_upstream_drbg.patch- Run FIPS DRBG selftests against the crypto/rand DRBG implementation (bsc#1164557) * add openssl-fips_selftest_upstream_drbg.patch- Use the newly build libcrypto shared library when computing the hmac checksums in order to avoid a bootstrapping issue by BuildRequiring libopenssl1_1 (bsc#1164102)- Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) * add openssl-fips_fix_selftests_return_value.patch- Added SHA3 FIPS self-tests bsc#1155345 * openssl-fips-add-SHA3-selftest.patch- Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7403] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch- Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our layered FIPS initialization (bsc#1161789) * openssl-fips-ignore_broken_atexit_test.patch- Import FIPS patches from SLE-15 * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_mode.patch * openssl-ship_fips_standalone_hmac.patch * openssl-fips-clearerror.patch * openssl-fips-selftests_in_nonfips_mode.patch- Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392) * add openssl-fips-run_selftests_only_when_module_is_complete.patch- Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553) * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch - keep EVP_KDF functions at version 1.1.1d for backward compatibility * add openssl-keep_EVP_KDF_functions_version.patch- Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861] - Add patches: * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch * openssl-s390xcpuid.pl-fix-comment.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch * openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch * openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch * openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch * openssl-Fix-9bf682f-which-broke-nistp224_method.patch- Obsolete libopenssl-1_0_0-devel and libopenssl-1_0_0-hmac in order to avoid conflict upon upgrade from SLE-12 (bsc#1158499)- Security fix: [bsc#1158809, CVE-2019-1551] * Overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli - Add openssl-1_1-CVE-2019-1551.patch- Fixed EVP_PBE_scrypt() to allow NULL salt values. * Revealed by nodejs12 during bsc#1149572. * Modified openssl-jsc-SLE-8789-backport_KDF.patch- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch- To avoid seperate certification of openssh server / client move the SSH KDF (Key Derivation Function) into openssl. * jsc#SLE-8789 * Sourced from commit 8d76481b189b7195ef932e0fb8f0e23ab0120771#diff-a9562bc75317360a2e6b8b0748956e34 in openssl master (introduce the SSH KDF) and commit 5a285addbf39f91d567f95f04b2b41764127950d in openssl master (backport EVP/KDF API framework) * added openssl-jsc-SLE-8789-backport_KDF.patch- Upgrade to 1.1.1c (jsc#SLE-9135, bsc#1148799) * Support for TLSv1.3 added * Allow GNU style "make variables" to be used with Configure. * Add a STORE module (OSSL_STORE) * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes * Add multi-prime RSA (RFC 8017) support * Add SM3 implemented according to GB/T 32905-2016 * Add SM4 implemented according to GB/T 32907-2016. * Add 'Maximum Fragment Length' TLS extension negotiation and support * Add ARIA support * Add SHA3 * Rewrite of devcrypto engine * Add support for SipHash * Grand redesign of the OpenSSL random generator - drop FIPS support * don't build with FIPS mode (not supported in 1.1.1) - drop FIPS patches * openssl-fips-clearerror.patch * openssl-fips_disallow_ENGINE_loading.patch * openssl-fips-dont-fall-back-to-default-digest.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips-fix-odd-rsakeybits.patch * openssl-fips-rsagen-d-bits.patch * openssl-fips-selftests_in_nonfips_mode.patch * openssl-rsakeygen-minimum-distance.patch * openssl-1.1.0-fips.patch - add TLS 1.3 ciphers to DEFAULT_SUSE - merge openssl-1.0.1e-add-suse-default-cipher.patch and openssl-1.0.1e-add-test-suse-default-cipher-suite.patch to openssl-DEFAULT_SUSE_cipher.patch - Use upstream patch for the locale crash (bsc#1135550) * https://github.com/openssl/openssl/pull/8966 * add 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch - drop patches (upstream): * openssl-Bleichenbachers_CAT.patch * openssl-CVE-2018-0734.patch * openssl-CVE-2018-0735.patch * openssl-CVE-2019-1543.patch * openssl-disable_rsa_keygen_tests_with_small_modulus.patch * openssl-dsa_paramgen2_check.patch * openssl-One_and_Done.patch * openssl-speed_skip_binary_curves_NO_EC2M.patch * openssl-static-deps.patch * openssl-urandom-reseeding.patch * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-DSA-mod-inverse-fix.patch * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch * 0001-apps-speed-fix-segfault-while-looking-up-algorithm-n.patch - drop s390x patches (rebased): * 0002-s390x-assembly-pack-add-KMA-code-path-for-aes-ctr.patch * 0003-crypto-aes-asm-aes-s390x.pl-replace-decrypt-flag-by-.patch * 0004-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0005-s390x-assembly-pack-add-KMAC-code-path-for-aes-ccm.patch * 0006-s390x-assembly-pack-add-KM-code-path-for-aes-ecb.patch * 0007-s390x-assembly-pack-add-KMO-code-path-for-aes-ofb.patch * 0008-s390x-assembly-pack-add-KMF-code-path-for-aes-cfb-cf.patch * 0009-Fix-undefined-behavior-in-s390x-aes-gcm-ccm.patch * 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * 0001-s390x-assembly-pack-extend-s390x-capability-vector.patch - add s390x patches: * 0001-s390x-assembly-pack-perlasm-support.patch * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch * 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch * 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch- Fix segfault in openssl speed when an unknown algorithm is passed (bsc#1125494) * add 0001-apps-speed-fix-segfault-while-looking-up-algorithm-n.patch - Correctly skip binary curves in openssl speed to avoid spitting errors (bsc#1116833) * add openssl-speed_skip_binary_curves_NO_EC2M.patch- OpenSSL Security Advisory [6 March 2019] * Prevent long nonces in ChaCha20-Poly1305 (bsc#1128189, CVE-2019-1543) * add openssl-CVE-2019-1543.patch- Add s390x poly1305 vectorized implementation (fate#326351) * https://github.com/openssl/openssl/pull/7991 - add 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch- Add vectorized chacha20 implementation for s390x (fate#326561) * https://github.com/openssl/openssl/pull/6919 - add patches: 0001-s390x-assembly-pack-perlasm-support.patch 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch- Replace fate#321518 s390x patches from closed pull request https://github.com/openssl/openssl/pull/2859 with patches from openssl git master (bsc#1122984) - add patches: 0001-s390x-assembly-pack-extend-s390x-capability-vector.patch 0002-s390x-assembly-pack-add-KMA-code-path-for-aes-ctr.patch 0003-crypto-aes-asm-aes-s390x.pl-replace-decrypt-flag-by-.patch 0004-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch 0005-s390x-assembly-pack-add-KMAC-code-path-for-aes-ccm.patch 0006-s390x-assembly-pack-add-KM-code-path-for-aes-ecb.patch 0007-s390x-assembly-pack-add-KMO-code-path-for-aes-ofb.patch 0008-s390x-assembly-pack-add-KMF-code-path-for-aes-cfb-cf.patch 0009-Fix-undefined-behavior-in-s390x-aes-gcm-ccm.patch - drop patches: 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch- Fix FIPS RSA generator (bsc#1118913) * import fixed openssl-1.1.0-fips.patch from Fedora * drop openssl-CVE-2018-0737-fips.patch which got merged into openssl-1.1.0-fips.patch * refresh openssl-fips-rsagen-d-bits.patch- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) * https://github.com/openssl/openssl/issues/7739 * add patch openssl-Bleichenbachers_CAT.patch- OpenSSL Security Advisory [30 October 2018] * Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735) * Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) * And more timing fixes - Add patches: * openssl-CVE-2018-0734.patch * openssl-CVE-2018-0735.patch * 0001-DSA-mod-inverse-fix.patch * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch- Obsolete libopenssl-1_0_0-devel by libopenssl-1_1-devel to avoid conflicts when updating from older distributions (bsc#1106180)- Fix infinite loop in DSA generation with incorrect parameters (bsc#1112209) * add openssl-dsa_paramgen2_check.patch- Fix One&Done side-channel attack on RSA (bsc#1104789) * add openssl-One_and_Done.patch- Update to 1.1.0i - Align with SLE-12-SP4 OpenSSL Security Advisory [12 June 2018] * Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) * Make EVP_PKEY_asn1_new() a bit stricter about its input * Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. * Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. * Increase the number of Miller-Rabin rounds for DSA key generating to 64. * Add blinding to ECDSA and DSA signatures to protect against side channel attacks * When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. * Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. * Fixed a text canonicalisation bug in CMS - drop patches (upstream): * 0001-Limit-scope-of-CN-name-constraints.patch * 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch * 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch * 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch * openssl-add-blinding-to-dsa.patch * openssl-add-blinding-to-ecdsa.patch * openssl-CVE-2018-0732.patch - refresh patches: * openssl-1.1.0-fips.patch * openssl-disable_rsa_keygen_tests_with_small_modulus.patch - rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch as it now only includes changes to the fips code- Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Don't Require openssl-1_1 from the devel package, just Recommend it- Suggest libopenssl1_1-hmac from libopenssl1_1 package to avoid dependency issues during updates (bsc#1090765)- Relax CN name restrictions (bsc#1084011) * added patches: 0001-Limit-scope-of-CN-name-constraints.patch 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch- Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) * openssl-CVE-2018-0732.patch - blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) * openssl-add-blinding-to-ecdsa.patch * openssl-add-blinding-to-dsa.patch- OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * add openssl-CVE-2018-0737.patch- Fix escaping in c_rehash (boo#1091961, bsc#1091963) * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch- Tolerate a Certificate using a non-supported group on server side (boo#1084651) * https://github.com/openssl/openssl/pull/5607 * add 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch- Update to 1.1.0h OpenSSL Security Advisory [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) (bsc#1087102) * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) (bsc#1071906) - refresh patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * openssl-1.1.0-fips.patch * openssl-pkgconfig.patch * openssl-rsakeygen-minimum-distance.patch * openssl-static-deps.patch- Move the libopenssl1_1_0-32bit obsoletes in baselibs.conf to the new libopenssl1_1-32bit: it does not belong to the devel package.- Renamed from openssl-1_1_0 (bsc#1081335) * All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility * obsolete the 1_1_0 packages - update baselibs.conf with the new version names- Remove bit obsolete syntax - Use %license macro- Don't disable afalgeng on aarch64- Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch- Do not filter pkgconfig() provides/requires.- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003).- Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) (bsc#1066242) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (bsc#1056058) - drop 0001-Fix-a-TLSProxy-race-condition.patch (upstream) - refresh 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch- update DEFAULT_SUSE cipher list (bsc#1055825) * add CHACHA20-POLY1305 * add ECDSA ciphers * remove 3DES - modified openssl-1.0.1e-add-suse-default-cipher.patch- do not require openssl1_1_0-targettype in devel-targettype, as it is not built (it has no libraries)- The description is supposed to describe the package, not the development process or history. (Synchronize with the already-updates descriptions in openssl-1_0_0.) - Update historic copypasted boilerplate summaries ("include files mandatory for development")- Disable the verbosity of the tests as we expose yet another race condition in that- Fix a race condition in tests to make the package build reliably * https://github.com/openssl/openssl/issues/3562 * 0001-Fix-a-TLSProxy-race-condition.patch- Add Provides and Conflicts for -devel package in baselibs.conf.- Add patch openssl-no-date.patch to disable date inclusion in most of the binaries - Use autopatch to make things smaller - Enable verbose output on the tests - Paralelize depmod- update to 1.1.0f * bugfix only release - disable RSA keygen tests, because they use too small modulus, which is rejected by our CC/FIPS hardening patches * added openssl-disable_rsa_keygen_tests_with_small_modulus.patch - refreshed openssl-rsakeygen-minimum-distance.patch and 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch- Add conflict for any libopenssl-devel that is not in our version- Avoid the requires conflict between 1.1 and 1.0 openssl- Add conflict on docu packages- drop unnecessary README.SUSE- add openssl-1.1-fix-ppc64.patch from Marcus Meissner to fix build on ppc64- Fix build on aarch64- Remove libpadlock conditional, no longer present- Update baselibs.conf to contain all the renamed packages- re-enable tests on SLE-12 and below despite current failure, so they are automatically run once the issue is resolved- Filter out the pkgconfig provides to force usage of the main openssl package provides- disable tests on SLE-12 and its derivates * they fail because of glibc bug bsc#1035445 - remove README-FIPS.txt (outdated)- drop openssl-fipslocking.patch The locking in 1.1.0 has been rewritten and converted to the new threading API. The fips deadlock (at least bsc#991193) can't be reproduced anymore. - don't ship useless INSTALL* files- simplify openssl-fips-dont-fall-back-to-default-digest.patch The -non-fips-allow option was dropped in OpenSSL 1.1.0 - drop openssl-no-egd.patch as OpenSSL 1.1.0 disables EGD at compile time by default - renumber the patches so the numbers are consequent- Update showciphers.c to work with new openssl- Add patch openssl-static-deps.patch to allow dependencies on statically build libraries - Refresh openssl-1-1.0-fips.patch to take in use the above approach - Silence the install manpage rename phase- Start update to 1.1.0e basing of the 1.0.0 split release - Drop patch merge_from_0.9.8k.patch the ppc64 should work out of the box - Drop patch openssl-engines-path.patch converted to configure option - Drop patch openssl-1.0.2a-padlock64.patch code behind was redone does not apply at all - Drop patch openssl-fix-pod-syntax.diff mostly merged upstream or not applicable - Drop patch compression_methods_switch.patch as we do not need to keep the compat on this release anymore - Drop patch openssl-1.0.2a-ipv6-apps.patch which was upstreamed - Drop upstreamed patch openssl-1.0.2a-default-paths.patch - Drop obsolete patch openssl-1.0.0-c_rehash-compat.diff - Drop obsolete patch openssl-missing_FIPS_ec_group_new_by_curve_name.patch - Drop obsolete patch openssl-print_notice-NULL_crash.patch - Drop obsolete patch openssl-randfile_fread_interrupt.patch - Refresh patch openssl-truststore.patch - Refresh baselibs.conf to correctly reflect soname - Add patch openssl-1.1.0-fips.patch obsoleting bunch of older: * openssl-1.0.2i-fips.patch * openssl-1.0.2a-fips-ec.patch * openssl-1.0.2a-fips-ctor.patch * openssl-1.0.2i-new-fips-reqs.patch * openssl-fips_disallow_x931_rand_method.patch - Add new patch for upstream: * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch - Refresh patch openssl-pkgconfig.patch - Drop patch openssl-gcc-attributes.patch as the code was redone - Rebase patch 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch - Rebase patch openssl-no-egd.patch - Rebase patch openssl-1.0.1e-add-suse-default-cipher.patch and openssl-1.0.1e-add-test-suse-default-cipher-suite.patch - Rebase patch openssl-fips_disallow_ENGINE_loading.patch - Rebase patch openssl-urandom-reseeding.patch - Rebase patch openssl-fips-rsagen-d-bits.patch - Rebase patch openssl-fips-selftests_in_nonfips_mode.patch - Remove switch for ssl2 - no longer present - Remve the buildinf.h parsing, should no longer be needed - Drop the rehash in build, no longer needed - Drop openssl-fips-hidden.patch as it is not really needed - Do not sed in secure_getenv upstream does it in code on their own - Do not install html converted manpages * openssl-1.1.0-no-html.patch- Drop the symbol hiding patches to ease maintenance updates: * 0005-libssl-Hide-library-private-symbols.patch * 0001-libcrypto-Hide-library-private-symbols.patch- Add new patch for engines folders to allow co-installation * openssl-engines-path.patch- Drop openssl-ocloexec.patch as it causes additional maintenance burden we would like to avoid- Drop bug610223.patch as we moved to libdir- Move check to %check phase - Split showciphers to separate file- Move openssl to /usr/lib64 from /lib64- Remove some of the DSO setting code that is not needed - Fix the showciphers binary- Rename to openssl-1_0_0 to allow instalation of multiple versions- Remove O3 from optflags, no need to not rely on distro wide settings - Remove conditions for sle10 and sle11, we care only about sle12+ - USE SUSE instead of SuSE in readme - Pass over with spec-cleaner- fix X509_CERT_FILE path (bsc#1022271) and rename updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch- Updated to openssl 1.0.2k - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64- resume reading from /dev/urandom when interrupted by a signal (bsc#995075) * add openssl-randfile_fread_interrupt.patch- add FIPS changes from SP2: - fix problems with locking in FIPS mode (bsc#992120) * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 and bsc#990207 * bring back openssl-fipslocking.patch - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (bsc#984323) - don't check for /etc/system-fips (bsc#982268) * add openssl-fips-dont_run_FIPS_module_installed.patch - refresh openssl-fips-rsagen-d-bits.patch- update to openssl-1.0.2j * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) - update to openssl-1.0.2i * remove patches: openssl-1.0.2a-new-fips-reqs.patch openssl-1.0.2e-fips.patch * add patches: openssl-1.0.2i-fips.patch openssl-1.0.2i-new-fips-reqs.patch- fix crash in print_notice (bsc#998190) * add openssl-print_notice-NULL_crash.patch- OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. * Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL.- Remove a hack for bsc#936563 - Drop bsc936563_hack.patch- import fips patches from SLE-12 * openssl-fips-clearerror.patch * openssl-fips-dont-fall-back-to-default-digest.patch * openssl-fips-fix-odd-rsakeybits.patch * openssl-fips-rsagen-d-bits.patch * openssl-fips-selftests_in_nonfips_mode.patch * openssl-fips_RSA_compute_d_with_lcm.patch * openssl-fips_disallow_ENGINE_loading.patch * openssl-fips_disallow_x931_rand_method.patch * openssl-rsakeygen-minimum-distance.patch * openssl-urandom-reseeding.patch- add support for "ciphers" providing no encryption (bsc#937085) * don't build with -DSSL_FORBID_ENULL- update to 1.0.2g (bsc#968044) * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); (CVE-2016-0800) * Fix a double-free in DSA code (CVE-2016-0705) * Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. (CVE-2016-0798) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * ) Side channel attack on modular exponentiation http://cachebleed.info. (CVE-2016-0702) * ) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default.- update to 1.0.2f (boo#963410) * ) DH small subgroups (boo#963413) Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. (CVE-2016-0701) * ) SSLv2 doesn't block disabled ciphers (boo#963415) A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197) * ) Reject DH handshakes with parameters shorter than 1024 bits.- update to 1.0.2e * fixes five security vulnerabilities * Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) (bsc#957984) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) (bsc#957814) * Certificate verify crash with missing PSS parameter (CVE-2015-3194) (bsc#957815) * X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812) * Race condition handling PSK identify hint (CVE-2015-3196) (bsc#957813) - pulled a refreshed fips patch from Fedora * openssl-1.0.2a-fips.patch was replaced by openssl-1.0.2e-fips.patch - refresh openssl-ocloexec.patch- update to 1.0.2d * fixes CVE-2015-1793 (bsc#936746) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. - drop openssl-fix_invalid_manpage_name.patch (upstream)- Workaround debugit crash on ppc64le with gcc5 bsc936563_hack.patch (bsc#936563)- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 this is a change versus previous request 309611 required to avoid build error for ppc64- Build with no-ssl3, for details on why this is needed read rfc7568. Contrary to the "no-ssl2" option, this does not require us to patch dependant packages as the relevant functions are still available (SSLv3_(client|server)_method) but will fail to negotiate. if removing SSL3 methods is desired at a later time, option "no-ssl3-method" needs to be used.- update to 1.0.2c * Fix HMAC ABI incompatibility - refreshed openssl-1.0.2a-fips.patch- update to 1.0.2b * Malformed ECParameters causes infinite loop (CVE-2015-1788) * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) * CMS verify infinite loop with unknown hash function (CVE-2015-1792) * Race condition handling NewSessionTicket (CVE-2015-1791) - refreshed patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-libcrypto-Hide-library-private-symbols.patch * openssl-1.0.2a-default-paths.patch * openssl-1.0.2a-fips.patch * compression_methods_switch.patch * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch- update to 1.0.2a * Major changes since 1.0.1: - Suite B support for TLS 1.2 and DTLS 1.2 - Support for DTLS 1.2 - TLS automatic EC curve selection. - API to set TLS supported signature algorithms and curves - SSL_CONF configuration API. - TLS Brainpool support. - ALPN support. - CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - packaging changes: * merged patches modifying CIPHER_LIST into one, dropping: - openssl-1.0.1e-add-suse-default-cipher-header.patch - openssl-libssl-noweakciphers.patch * fix a manpage with invalid name - added openssl-fix_invalid_manpage_name.patch * remove a missing fips function - openssl-missing_FIPS_ec_group_new_by_curve_name.patch * reimported patches from Fedora dropped patches: - openssl-1.0.1c-default-paths.patch - openssl-1.0.1c-ipv6-apps.patch - openssl-1.0.1e-fips-ctor.patch - openssl-1.0.1e-fips-ec.patch - openssl-1.0.1e-fips.patch - openssl-1.0.1e-new-fips-reqs.patch - VIA_padlock_support_on_64systems.patch added patches: - openssl-1.0.2a-default-paths.patch - openssl-1.0.2a-fips-ctor.patch - openssl-1.0.2a-fips-ec.patch - openssl-1.0.2a-fips.patch - openssl-1.0.2a-ipv6-apps.patch - openssl-1.0.2a-new-fips-reqs.patch - openssl-1.0.2a-padlock64.patch * dropped security fixes (upstream) - openssl-CVE-2015-0209.patch - openssl-CVE-2015-0286.patch - openssl-CVE-2015-0287.patch - openssl-CVE-2015-0288.patch - openssl-CVE-2015-0289.patch - openssl-CVE-2015-0293.patch * upstream reformatted the sources, so all the patches have to be refreshed- security update: * CVE-2015-0209 (bnc#919648) - Fix a failure to NULL a pointer freed on error * CVE-2015-0286 (bnc#922496) - Segmentation fault in ASN1_TYPE_cmp * CVE-2015-0287 (bnc#922499) - ASN.1 structure reuse memory corruption * CVE-2015-0288 x509: (bnc#920236) - added missing public key is not NULL check * CVE-2015-0289 (bnc#922500) - PKCS7 NULL pointer dereferences * CVE-2015-0293 (bnc#922488) - Fix reachable assert in SSLv2 servers * added patches: openssl-CVE-2015-0209.patch openssl-CVE-2015-0286.patch openssl-CVE-2015-0287.patch openssl-CVE-2015-0288.patch openssl-CVE-2015-0289.patch openssl-CVE-2015-0293.patch- The DATE stamp moved from crypto/Makefile to crypto/buildinf.h, replace it there (bsc#915947)- openssl 1.0.1k release bsc#912294 CVE-2014-3571: Fix DTLS segmentation fault in dtls1_get_record. bsc#912292 CVE-2015-0206: Fix DTLS memory leak in dtls1_buffer_record. bsc#911399 CVE-2014-3569: Fix issue where no-ssl3 configuration sets method to NULL. bsc#912015 CVE-2014-3572: Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. bsc#912014 CVE-2015-0204: Remove non-export ephemeral RSA code on client and server. bsc#912293 CVE-2015-0205: Fixed issue where DH client certificates are accepted without verification. bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues. bsc#912296 CVE-2014-3570: Correct Bignum squaring. and other bugfixes. - openssl.keyring: use Matt Caswells current key. pub 2048R/0E604491 2013-04-30 uid Matt Caswell uid Matt Caswell sub 2048R/E3C21B70 2013-04-30 - openssl-1.0.1e-fips.patch: rediffed - openssl-1.0.1i-noec2m-fix.patch: removed (upstream) - openssl-ocloexec.patch: rediffed- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves we actually support (not the binary ones) (bnc#905037)- openSUSE < 11.2 doesn't have accept4()- openSSL 1.0.1j * Fix SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) * Build option no-ssl3 is incomplete (CVE-2014-3568)libopenssl-1_0_0-devellibopenssl-1_1_0-devels390zl31 1697096187  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr1.1.1l-150400.7.57.11.1.1l-150400.7.57.11.1.1l1.1.1l1.1.1lopensslaes.hasn1.hasn1_mac.hasn1err.hasn1t.hasync.hasyncerr.hbio.hbioerr.hblowfish.hbn.hbnerr.hbuffer.hbuffererr.hcamellia.hcast.hcmac.hcms.hcmserr.hcomp.hcomperr.hconf.hconf_api.hconferr.hcrypto.hcryptoerr.hct.hcterr.hdes.hdh.hdherr.hdsa.hdsaerr.hdtls1.he_os2.hebcdic.hec.hecdh.hecdsa.hecerr.hengine.hengineerr.herr.hevp.hevperr.hfips.hfips_rand.hfips_sli.hhmac.hidea.hkdf.hkdferr.hlhash.hmd2.hmd4.hmd5.hmdc2.hmodes.hobj_mac.hobjects.hobjectserr.hocsp.hocsperr.hopensslconf.hopensslv.hossl_typ.hpem.hpem2.hpemerr.hpkcs12.hpkcs12err.hpkcs7.hpkcs7err.hrand.hrand_drbg.hranderr.hrc2.hrc4.hrc5.hripemd.hrsa.hrsaerr.hsafestack.hseed.hsha.hsrp.hsrtp.hssl.hssl2.hssl3.hsslerr.hstack.hstore.hstoreerr.hsymhacks.htls1.hts.htserr.htxt_db.hui.huierr.hwhrlpool.hx509.hx509_vfy.hx509err.hx509v3.hx509v3err.hssllibcrypto.solibssl.solibcrypto.pclibssl.pcopenssl.pc/usr/include//usr/include/openssl//usr/lib64//usr/lib64/pkgconfig/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:31017/SUSE_SLE-15-SP4_Update/a98410faf7f72668286343b436a1179d-openssl-1_1.SUSE_SLE-15-SP4_Updatecpioxz5s390x-suse-linuxdirectoryC source, ASCII textASCII textpkgconfig filePRPRRPRRRu!Y openssl-1_11.1.1lutf-8bd213cbcf1cbb97c9b49f1e3c6bd290b0cbd4812b10270af35db0baf2a7dfa3c?7zXZ !t/X] crt:bLL 꿁 lQL3 O:d_5 0|15: YK_";A6q::S{1 b738? ?uu. R'} Lx2!်i \Ra˥6B5E\\[m"0<{Y[_֭f&>n/C¥鬒a<ğmzⵕ҅"9_hޗUfw+waI X@ DUlnRcۜsXy,A2+1o8cY,ȧ5_J#kt(&M<5>0r0EG=fHCnVX_K3/w'} ;:'s@#˗e4J^##gn]FL*vkw,$?)% դX ^MuŖZI0V n @]TH|T]08NԦ?)G E]^X'K-~(ؓG#t.oK#6&9YNw_rU\8Zpz( 5TW$!W {dJOm9̶=:Н=%ώJSm N^_"hHB+KBp_w+I'Z]M0X^XJ:JK w[Ch"0$FN@V*zK-sH' ѣ N^a۾2)Ĩq@mG3@Xp>dO3g޶Dе@Ӟ '&F&jM#\Z󮔷 EWo8~0V l p`ˠ8_ԜSOY-]` l6]*nXI_n|LLꀓ@Mcg;$j>^SWkKk]R2,|Ør**o<*')VɁyj?k[-0L 1T4]n<5BJІ}EAJD@|cy&d;⌥5J& 1= Cܑ%Gzxfh7!{h2ijb6%3Թ,&+%KFuiH33oRQ0pg#'5'f b &)9òukM: {%e !p&^'Ss~>6@kGV@/y5ɣ`6P`B!\  # [p =. 6ڪ/ ٬wţ2I_l/IL-ٴD|.(k<&#P`nf\3Y_rQ-Oцd sbBd>9c|Qp 7VEB "8it&[^$g]37v|C7PҟNI% ӲZ_6L71oxQ `/泀$BtW_s7,\NUNu?={攳~ ^}sOiX*o?:KEh`69V+"Ƞ?Orq0C/#uED]D $3WǁϒM46s}Fi8SAԃA-tellj]$01J[c!uuo;K9s#C5]:}hSbq{/oHQi=D᥃E -w&gN@j>Op"Zo=0r@Ip`y[6̩PL!UkT ˣQi57 '+!-;%|U ɤ )l9"9ԝ L]u`ZigI^(?9qL,bJ1s躝n }Y=O֗/4ۦ3׳'.{'3[M+l{;/bT% .!b;A>,4}Yp~A+*,F: ,if-2cKh8z2wK{/br om$B=z=a1?H(O yIڳcҐ G-= iA^܅ެVՙE `A}FN1dJETn@T(~,nvю*t`l!$%*ØRSKu@w M|)ߖ,~*GGfvF1}X|ξI,ݻ^cMHģ_Q޲[ɻC}&j]/gmkTHC΂z_X}Y IF1Ld @M63N)gtOUׂNhC!NnG)Qpe&.¬:CppG;i>h3DSpdHZVNx {!w ŭ[) 4 Ȧ4X-)h%Eh)i TZjx{Z_0R\uKB̃]ͶȮ2ۓ˭]rɤ)q~2o#-9Zf0G386l.MXN.u{# }}V퐬@Щoszu5|ȍŘ=,ޫ+bv/ 6D?;._05Hc U5j ^wT,:bʃL .ȀK\< ZPXq|:qfr[Sny %z}{C* B%TWE'}-w%nTx }zY5iX~L"$ ?xjǯGՍ׹q jr)=/pnyZ ;ћG4[sGBG] ~R^?iޙU9 %x# %7P=ȟE69H1!k0`p;4iP ̾Q"#kevDoŚ\ >py X=H5~eทbJSo?P.|d/sa]@pO -D̖3zo? GڄazhE &'S b-KK)2 j9竏v\(9՛웒|2FPپF!bSC .p!@[VfyA+V<$NiD~w?Ew|%bŪ2zG=̳$RWkg|5VQ$0'CݥĤ80 UE3u* rCO-RC0!Yw(`[Lj+oׯ>uKp4kL 0O HU6aP >%{By,U? W!zq#b- ȁ`Hi5΃mXu7Y2rZOBw[y#[ ݜF3R(:Ņ>$ !R-F~x=Jk/E ^,h '7.T 4JdٙFh-8!B+6 OqM䑄7=s*{_ƔG{pumH$S#`7$=lgڎ˾\:Z2)q~`۟){?i ˹ƻl. sЪeLn1 1..쥟Ԅ8q(d+~ U̐+F <Ɋ.he*7)g }0|{aZ!{lOQv^p]3z}\tSu =`_=CE)+j؆M66|:s_XKNnzB"M=[%ոQKr+s6^Ts{pz/R!}8T 6j%6jl XSR T#æ6z9Xs0 W<~Sað'JqpOʞaϴMzANid Qk9=͞i& +lH @=duFXFH;.u؇S<ppG :D!SdHEU 9#llX6{`" U+ƬRYAh @M|?d'hcȾS`J*ˠRȵ|f=Ǒr} &8ݲ{4,Z5??:v.HU,>QOp/:ry_uoKXecgW]ۡoއ]*15Vۙm[ꠎvs tpJ7oj^km6g{4?1%g zF:+s \Ω^&9q͊U{ %Hӟ]ޤ̀a" o6SUd?F N0K.>^;R^G쉬FVƋ`g?B5xcuc NJ4tBI砕oM*m=fJ*hg͌S{Eb{G1wᚫm]29D<Ҟ kyEηwYZN7.l&xtQIrW448 >4IQUhnwƋec6OQxp76>NJ~Q]JU{:D.dU1d;xsčtzRf&_ok;Za@ QSD5֜N4Ex[kv~lP{ԙE҃,no'V%{!3g6hmFZd;h24!mӄZ! &p`T IJud`2Fy7@Z ΕK 8uUF}_`Թu_3bRä=:Y96Wܭ)ނwh;`lJf}Rɓ|UozЗ/TyZb8ۑ4D LĜ-fƃb|zHQD2s]ߧǾJ,wkZ4eLjWj- hX_vPLXf ,@[-,a^R]\kQf|#v]y{˰S5cXFqT:6 $`gڜ͞%nJlfWH+ $lQ6tG)ۂZ \%_mƉ`^΂FDfGIGI;A7_ܷn}ksF{b+ 3F7-ŒZkd\PQ+݊:@j8רVKWe!Dn([uv6ӖWΣ>&T<R*o;Ynm;,B1[b[d^)9?pݑ.;kF~fr @̯̼ͧ^C@Jmf%JG΁aF{i4+iz3Ply-j&r[,vTp81ogzT- mdJw+ՉAQڛa C".9k\8*0]ZU7EkT!r9N S&^V־@ ; C?Q EbczQݑE,Jk/u@ ;: l(Qk:,lwrw4j 1#}EAZʬغD5$_vO|7,;跞NFҷPNCJk#嫢AG)[rZ&uX{TVW- >@3aǙVFԨ9Y ҾE8mN4Ɗ/KzM=n <Tׇv z*S0dl5r a'WyqP%(^VBlZk}3OUM+* vb"Aј ?/"arh/4FWb-t%rs bo MDa?0ۇ o^((cڴ.z[t[YوLsu>!?#0цY3f{ }a{ǹaٔ0,ozSaEMtWnc(58k1DlsX3\%Re7j _ 9)3/o(]ܮJb[B&pD+ hb?|tϾ/c٧'026#M|ie=,]0dG(oc:K9:z72Y;&U43n± j@N ɛf  K _[t2Yy泘 /KA#!gE6&%X!\r uq8(R>oZJJ+BeA&NFX4fASSϰM|+-#G|aF-%R*36:g+ҫoZV,Gy\=}YF # \XHrְ`Xx^ IH@oi]7$;k=.ڼtװ~P I;"F H!-K6D死|UF!:qA O*2:قaOnx`rvgU8K4eg0JHR"OQqkAC}>R2gcIc|R),QCG8ËMst!QbC\◙UDW"{odqz[f1uSY62g ĕ1͋|R;|Uei.}lQ*OU]DuE6f{QkOKbwJfti|VcX]h_U#mvݞ% 1g1#ƪm'u:GƇ5 {k&@ l6qE 1W;ݹ 0=OM3+aݔjqZXO,_^O0vY̼Ho%pؚ|kh5_XkZUXI `MrBi ux2Y\@_x4.qeZv&C5]?~;( N0quk]a>ּyIB05"Cmk=ч(! d͑ MYS N@a7 a"`Ɠr,UGXFvPvC؝sߔOG?vV߽]Ud! {@9Ɛ UW{/|IrjL)R0(,,N!aPzxZJ7UA 5^pNZ"܀Z5 GZp27 q~t6Ek[u{W3.~Yrl*eӂ(p5@>=S}|ʼn-ǽ2T5Rr%:Kke.'jܒwQO@8YmJ9+PˣU-m,ڞ縿>_q4!%#oxT [1a>65`w2C@q])zň0'z5ȗgO ν(kc2 '* 5tujXArAG{_mbt)kPGn*X(w *n•+3H;MOK߻\H;w1=`?J^Q^&SuG(y2X<\+If5m7廂A\ _J7 MްtlQ(t pQ(_9*vټDA)HwMdd4!h^R`F gvCFfz]iA|: w%FA 2C$-Nk˂[ݺ=qn2w8&m۰oZ$j R5*/j9peJ~c>. j&MؿB\f'Q>d Y 'Lj1QWϴt,URi 2p Bhi +jԔ$0=]WSFOڃG4brۨ+){:kk,ONxRx(Tr}.H`Z ѝEZy6t(cuds%yaDJt`a:ԛ293aBvU+f'[M|>71IWh0!,Tk.\aOPǾ#B.Wt^畹;Av+ev=Lj 3qȶOI pma'lC!L넮\F!C!IAbiBzR"uvشWJNQ8i'b4Yrv̆:1Q;fRJg,joiALlcpR_`-MJN03D /;IJ\]֨[wPC0ٰok^] ro{*ʖ>HQe;͔xb,$3r}Ґن`֟V ~wpU7/wL+,Ka~r' qYd0X .8>Id3żT5 (- 7W٣톻D{4*ڱ̆|lZ~E$GҬשs-]UIGpi"$H˨+ˠ)9I뚒Br14 (ceqĻ0:Q1Lx[pfmJwe2L5sG&ol4kqsY 0z:Yoǭ5adn'Gsmqu82hf~ E& Clڤ`oY~4ߘK5F3>2}~-q7Մ?r̳&㧢1ޫU$oDi=ኩ8X?xdog&O.h{Iے:!P 'jkvY-2AҡB;FcāMjizh@guXTcJg y1yB@(|'Bԓ4zU 2K m/gV?]^yXq\E8i=+*?!Slyi̐9R"^G7 cתGA-f/s f\XK$),P24 @'Q_K KaGC=Y²~Ͼ2QU){$^AQfNn(}DPGq0>Yfc]00G;/k"Zk1ӗfiToȝZegb`X^T1mJ;HG6IKXT!S =mrQHf߈0k88:Ó5jogÇlFF4nBt;tumZ%٤NU2 !MrVgfT@ ,l6"E"ІogAZTEM\jy񄫨Hb{h8$Cbu!P>Tp3$ yqv;zqލRqF${M'|]ogD[y|V:)5-I(S1sylo- fE^BF5XZ=-f1"\Z 9srXaqT&^iQ/6Q4!ȳMf].0 *qij_h(.}\i۞'ByB/Yԟ~q#o"1tY/Gd"|XLR8Ō1w8vůR5Qryz2 \'lڰo;16QRLWSJ5;?9#OJ!+U;Ђ6up7}6)6J-p_}R0de\(7'&fܖӈ-yd.}yiBф!d+\eu:Z"+0ڄ$| >;VGo+R{ĭ67M"75$q8͸C-VM{=# 52j}!w%nmv e?~>ʽKezJ_< q4C$tQ33?.vj]ͼdaYA睔_@=CS7z_g18mbÆ 2QcitU_еqã؇U CZ[Q#HǷ0jCqSZH,$k!W-#@Tw\j 9{i;Ow:-Wk?HjL!Č {'#37H`ON|2eWfQȌᒸ*NW 3 LL;:&\+nw2G\2$ ?:lӘQ4ĬaY{9oӹa./~ `}1UvnW NGhT2u&C KOsk}\"Ro7B :||"r5rN!#eEbf*y"&7!8ɽbo1{0◤7ޠ#>XRXʂ(63LQVk$ɲJAi ˚?^79{,*WfK0wϑAsv\tv ˯8c3绫%|ęe~ waz:;K6!t謧a5%[gX_Š qg̭oSR"Of(&q54bʚe;umz_R7\@W]p & 8$W] 8m$B*F\P>@!'Y@hv)hio[aӚӶ'R;!shk7XQIE. R~\nw=7&@8kľΟCj3q*:h*ҚMєl![:j}NKK@f{:ʑ}*pw}uގ })Ǹ 'uZ>- #@86*Ikhp[xz%.@;1kY功SI b\%PPU禥 s% iL~S|5O#M*Kl .oDKoO3BziJJh#+PkOCv~Mv5;FbDzs1fJGbU0ݵw­y4'%կnhuv *6u lqJ;*ۧXҵW\|~C;%GҺ#ɭg'g@! ,wBP}9yl0[ڿGZ"ፉ<=Dn򂄽.?RHn9Ud/_mzhٌNO'v"Bc>+1֒F~ 834/۟~FŮ :dfT7@b:-޴@ Pٲqrt,Sbѹ2R۱oDݧC4r;Q65uXs$bu·bTiyp|&%avrkLGRLP%%'ІrTD\sod29Sֳ]% jy|=JEƦaS};>VWg2xvQp=h$OL([G--&9 so!pf*׷bw fx}^x&ܝ TjI!H B65ic%!^W$#+Y]bޛ^ONُ*l,Ƒ2ehTDt  c|Tخ i^7Lsw~r0-r}B J`" ;AЩhʮŊe58;Y6;fn) py|M0kF6)r++cO;O#0pyJmh)ӵ,Z魔?2seSbI̼DRhOf@bpKKU*o;ĩ <#@&Sg}c㓮~x[ԼKC"njmV,LDP (ӼoB6=&/"vdxNm`io?㤔9(͒ņ BfcHh*P E1/}Z3q#i '9BU+= 9oC`>Qqj:حlOBUb}lVXy*fXU+;/ .`+beL!Η |~w}n[|GG͞H*O 0?AVv*Z],u/.սx'BIʚԪ{g+2Jh|2<'{8c]Zcg8ru(DN[d% /1$TB0 yi9Ӹ&R˝ϯ2~H-NXKMsaeo Ԕg7Ν-_t+$wU+?/s*G@{<ו}P[7] ݢwn^|C_ɻN9'}]ke3"M*`M uY_q@,9BgSl2ٙ=Ala -RʣbEUFJ#ZLE0(I֥Ė"&14lß# 3u-ٯ%>@y]q D"MdOVԾ+\Z:㔆-=sf;bvb s#GDz,1Z2b1R6[y|VbQGüN1V -Q.Ow-Yv pytxSdP}ֿnVGEH3Elg5Q(ń8 O4ǸdNW mȤ r(i6Dap.FժRdͭ'1l=Qp ^{R.WD)h{؈NȠ厷d`Se-^d{A>yf8O#R}kg n<'J8$c}$oTBmO׌a&)6Hx<4oYKXBXM5[qA秃 U23=+߾ ɻ1GoϪdc:Iv$SKPHFwSmΌDFa#r}VĹ=K] iCScE*RHR-"c;fqlq{2U preQb&h  "e632nY9?LUWwl2?MpEvo6߆> Oq+39/ڙ\Zcז AwI2RDu8m,w5"ۜ-T%݂y*n,sD-{]]_tA MܝZXƠ$bL/Kr-dyw)<*U_xu_$lK|\&]J}KC lbwgB8+csd+iG*BArB -ҥL^l|l fkݮaH^mD7U w Jˇ08Hcf2}er(v90-N^I QnȆ+_DR샌VedԎ62b3Ƥ;Vxin#oDg0w5B`փ&Si$=#4Ww6oL]1+I2_"cW>Ҍtĝ(sJ zy=I(xFc! +wk4q3Ќ%Ieܼ^"f1]+&70TF<^ęJ TQ>([E1A,>vLR@"vZ pGlQu;R jg!Ct*LG\ *m嚣1cFK:gQf𪳖4u~k`!ָz}`'+&1@yE9hgqG7T{vUeIIE珘/6B"VT0GM8G[K̻D4(@Y*_ʣU/+LؘQW'Jb-NSPz{j_d8zȟ -1SՂ)Cq|?&qa[y/ 8F'ayPyki.QM Q&RՌiޢޙBX wje[:Ķm<&Cn{CsC-V;cdԡ}Ë%`%X!re:*x/{F&Ӹgf7Ҝ"b8ғ>!Z}s+4s-+ڜڨ+,d njѽ<9#j񀰿5AZ! #XP˂_|tiC8|M1&㼡K~R>iQrdNI-dтbdސ߮NjGT9?ļGZFb.~}FzE_ok ̌cvw &a3!١JXpvmB9 [X0ٯ㚭ׇ/EjÏx:X>vr]5$A=#)27QC{:;i{37\T/8'B\mwpFE6D|5t(_U2UI׍[6]Nl K*R T`OD ywc I_>S,uўZ9ޜm!!a5*s>M' inq(9pp6%fTAO>´N)罽sYHI",M''L^73M2HJHʖ;:)=.F_K͚+zƫs?~r;,dz-rx hU6+.8u&c8(9*e h~4/VTQ Ĉ]R3T&^*:ؔ($Ǥ Ύ/8jUe\{/`;"!;%-Y,O &Œf۟to=ixLJ{tein(Ũ$ zU#$?i%L$/]ijߑ6!Bu1)ڨln֨=SzzNs]Z5U .Xb+[f}!Vgè/j$ & 蚲i;?=F/[*L(.t(鸦BX'缅a!xIK=cn3 (| ;m_{kzVX,yf!@NBކ SL=Lt 髾ǒZ0]ih\R_au+i"JN]'KḏA cCهJ[GXAg`qՖ,RbA֞/}`uRrXvpH!Ei5x]c754|~ΉۘRqpkSw+ay8"kO%Ь ,}b $@ᇈbAptrR{xƫU ]{<;<v{3]1fԾkI3qVơ:'>ID!炡.ZBhFNa|WE\&F+gb9:Y,=vPv^3L>=| ]T)5"+wZ8XgwFfPތUp%y֜?'&3AlHJ8F]-HEmh&zG{O*aVW|?j# :YD>ϛtAGJA:fY9XetO_Ў*azhl!^ah`SLG(&sr]|v.s%=x6t)ΩkWgr,;h"mXǼߞc #;K _y*M- dzEkr[@n|$c=(֟(c%esw.WZ~e|?مBPpDl:aH^o{S=154^O㧭m˭JMlLˣa{Sjl8(A qAM䂃U↓QKpDEৰkՙuv4$5v!6%a׃CpI38đ?o__C49LpPlϸiS{[/Q`}/&gjM.@7V 9P # q5Jx,,7i8wA=Sы}5+rur3+1ʚjn+A~/gmn m\V@Z2̊TZt9T[U/oTRuUR>OK8bsLLI!-N I1?)8 AӔ( wtPJ?!ucnQR¾+2Ƨne5v_4' QVFCjAxb(~9Ug32R=GKG `/Tqq4*z&56g0cbOml":y +R gf1_{P2$ O-&qSn@{RE_lX "-\/CaNpcQ0-`=;n@Ш8QN>a\9\[]QIf FSpF*Fu5hY!L[?Թa<Ӂ;~'4Z{HGFK'A}/o֜}MAW\rb rߡPeG5ݟ~!Wϟr|E36ْnjg JRQ "n?^5ܪ]' 谖#sċ[`/WP}6:gw\8*YSP&Xإsvux R4(k51ЪM&ڎ-l9˕n>`5t kp{Z"*ggTtr]p^D|ܲoF8q4Jopq@~V#LjQIZj ?qx:CzlL.xr*}Z fֱo fGSJ.l>Kb5[iAGx13l56%a/}״ؾoNT=CE*dτyWj8Y`ŶLI/;yHhM]Rr|{CI_ԑ+u6v:%G78lF }G6% dr;~*,je:&xGZ(3QkGdZ ʮF I =Re)d*:퇖s7^bJV0ڱy8Ml L=x[K2*nLg~4J?$9Q^&15+h#a@)5%Cbd;jTЖ1ǰnjwCͥPY$ 1#9pNd^nHWh'nRiy66REzHDQl[:c丄/a0:7Y@ jQ'ɑ*R%G.ܥ&kh~7/JWo}FF63`t8/Ǝާw(X|S"0;/8eSSȳj}3EJGV3u|C!ël! CQҢ4? d̬r&!3AjwJRsgl`# r^n~M4YSm Cޅ~1CUŊNTG.hTv:Yʚisj|v$7җRfmkO]y- w#&􏳝b5O1!!_ݵˁѮRwvh#+'1B{^,KH L4U@'G3O5]{_,p6}!יןy4Nk1;&E V^GμPK6Si (~eD^A[EMYOyګwNl\kd=)[6q0~fG& GU%קHڎ;\Ҍjs F*ɟ 1S- TqO'h"ө1pa]D嚂Z_x$\p-2_@8Pi{8-x$ Nd\4#أ,EѰP Lq>ũgϚ̥y5~-e @Ҵ,?8t\8H_=~ӊ[&_ϹW`*fvMRœۊ[uiҌX˧C%srTݮ|x,0QŬ_bݓUkftd :&Kk*NX'fzl1:j [r@Mgnzl0nP@Ʈ5Ğ^A9TPXْU Zң-E#- E<ihw?hyƿm# .^@mT{qm w^ ѿ4pF0 nG|RtNh ~bOZeVV e-Etu"_3)ao8iz+yU!R"\ovv6 ' Қ uVvB;k"<ob)n\^S0R`ެK?o.~h=[R=X0%ӸG& |kkǁ;_>|ֵ7Pz8H:b;TwEB3/?h`=هdSB-XUo9S͘06QIc^.ot>ڑv9IrNiED^Vٮ <-i/& p -ɡ$r!?Hg+7`Q.nv7l܅R~C6=*Mw8Oe5a˲LϢ04jsV+RI״/Pp/φ׹)},˥Z$3ʕ :)Ǧk1OHOR- 2<UA\?%"!kHE![S ϫp/[YݟfAV&ΚkާdAt͡ci- fjS9Ԯ'W3(eC}àƛR]j] `ǧXkmoKa϶;do!Q=N44|]c k-0&S_:9{ $į`(Ɔc!ít)ؐx1E"?+O`|*BZLyຢ/aQx(>4y[*bi=`x1RMpQfWr<Мl)+f/ $멟~邫mp)5*v*k/zZ!2;ZOqE;Nj8E?qkT#YL.9waηA}͑ 4Jg?]{l {Gsas70ޛ;nI K;jkD5"~_G Jf;\FYLMm-9CPxTχQb'zת20[ WX^Vޥ~ G€% pKxvi#Ґ$+[JúS о:!'}'̡&3>0208o͒a SGө;  m@xˠ*Iuڭ;=*hU`+-BE{% F+"Mkʫo^-xo>ϗfAQP{'GwƂtÈK]Kan%0 SH}ZKL~v60&@j&00EĦLLC'&~I509JrId$yKn> 0 bZڙ@,{Š=DnDΕu\a]d4zuw?dWD:zGnu\,ِ`{YVg4V:ԛNYA*\(Խ@/fDzZb2 ;:~(cXțڜ\m;+Vx{l/DwKYOR(>MT#Fҭ6\?@>n߃{T9%zх@ѵe V}Qv )yl;fuޭ+m@S9}/˚!U 0_ls5_C5vĄD>I K#w k~[AC${ds mbZtktDT;($1KxYYOf:Ez};bFVaA@&4eSq`ՉeS4nlX:o2Ō.[I^m]l?;;8.+'FS Iq)ϮB,+jxj2G)b"_-3od rh> 1L1r}T nWPKkw3R`poņua3X8s)LGS͢~dK!DS_J'9̙)i(QK+KrdWu4W*M-dxrødy ٟ Q3P)S..U' u-bSwB.e,Tck& gKGDOcԗM]yۼ%CЌСɒ /lj TЪSb,p 36G'E Fo篈oXPZPUcw;Y@kJ*L ^bXޟe)T.1=H 3ɮGMVJc $W&$V7"OI_1a<'#8YϴlfEn§}:&n64G +o&U7id˟ߜːp>u?Qѷe{Hc=U5Ќ6*XOko60R˼&@KV0vP._ɓVzK}]/?ѷtfיMJPHRB‚~Dm$/7 vR7ѭG{I6{s|{V?>č 5vEĢWw(OZ;]95r28.'tʹn=R3T uCs*ཿDԁSev,Iex\8H GqM{,aRyz?xf|գ.]\$QMMyjlK72[i<*`tkQë ,Yz~ ,fP]eP3p@6_]$| 0dvwo!UE~IW/C3\ PFL[)#c%r USHVFش6mlhj ؏8dq8Dfeo"c-ƕ. T5JwꄮA L&dKՓbsԆk$]L S=~&QNT?3 ЬbkRe:8&YS>N19yaQ$ ډ,a`zJ GEhc)*1$L8y?˞rd9oSe(?MZ  &_)7k2((2$KCrMFLQ>ެ9#?qτDpG8H3Ft\u%y++k;A'jpƮS`lBcz@AԴ}8~M6'd?S"{C?U(2HHV}KZQ;s !txF @r\^iTA9դ:fd{)p+\l`Tӆ0_ I\}nU߲Ϯ%y+}heJɽٗ_ߔe.r;DT" HנYI(cZT/ȰAK$$ "lbqDM } '&4-fn*lzq Gd,C ̟lQ{;t;ߛPx&4ƇRR6wVT% GE^tF)q#5lKPfĭͲt1 IHY/Utd2fvMf$ %fS=M3t0&;qjȺ.WjYPe'+Z%H-gkV t1if|7kɞzZPz[ %f]gqo6Y<3'.Z]E NB.hg)9}:!eP}"z*!϶:KxVٵF0q#bDKZEeC4AR"Wd?[Ij3 L&uv7$30:߁gxR^2}?MLebO͏^ RׁYHu -_x4Eh4)fD8TŽ&؊lv_I`3-T)RXanuE~A4d2T *F&.t,?UyMwޞt寨tL$'.Pm)2DCaWdzqkAZuNrP3%sGҪH9"XPc5!%uHܰh zpwJL?PNѝ_r'Zsskڤ! լ{R"Vҍ!do1)y r7;Es{ɦF$$Lקּ\@5/U /?r99 Dv}-7T=HH]za(83uX|, ]mE:tgaxu3*J7c4{ε|O `8xB 0 Q)Rp3F4SK[!V=k +D!q1tzI`EHQ63Xn{\SqmMh{H癱tu#!)#|^~I=" =N<lxZU+8E@ , BUpnWø0}.᳋4V[|oUgNJ)a!1IdK}cM'N*8toԆ,_h9˭ӳ4xsB|=xBIuZwƖC`U@} NaҮPO $!`o#_{I w}o"F2 T;l;gwGN[91:倃ɓ;e~wFIe[c wx\Ds 䣫Ÿ$(}zԹۗYI A<&DwO" 4,_=MTKRx0mtR4qd?]ȁt:QLpYkz2k8P3a| pS, M!:嚮:fB5:[o: &alUJ/]F FSIgW}HJoں!QI(<u8ax!閆M6r^YHGUM.^!);ٽ4H縝a 9[BhJ9$},+]ҒQܩ -' &gb_=(0G͵aEq2wigh¿>K7q12'Fwwv#oE<77T?=_Ȼ]< J\ׯH{⊆Ž() %5UNͽo4 x?qOvr+Eu7$'rWϝD<]-"@.i@ܔ-s T0zaj`Wy4M:ɚi:T2ݢ}(s9:QYQ< \ּsgs|XOGFE\9pMlc0C|%V;ddQ{Ij%)tdL>j\F_DAq̪.3naR%bpTaKQQm y#-Dbno`McιA. ہDU5f>C'Y^Dl 1D# +PΪ%fUE-+c-N7$?T4 EmHtE Q/s{& ދ6mD$Mw̝ίl޹e9ن =9tx( 擆[" R!+`xo'ڪ&P}vkALIN+gM>L= š8~yjT^\b0BB- {2u<ͣWq-{T譡c!R Р:zZtm0ܝȸ@n>LJKZ_ynYmkL l"dX9IFWQ2޿n1jr}Vu0T1q q-續õN0LX.بMY4 [ι"rt })`.Q^cV=BQVB++k?! H -%s7=TIKV{{|3Fҩxr g H7HBH}V+tu@lÈb G ԶU [i:"pGđ1V`i =6=Vd3?yZU+d7zR}KsAB%4ڙ<\۔f|:,v'IJ)H,-YK~*VgiFY$·^aWQ(qC# g,y %>urA]҇f1:{@`wu` XzȽvk/郭EgB[${ dWaן' o-O䈛+.H=ĉťMDѤ $~˅aD^ATʚiLhn}ؖY:DͼAel,=3tXHGۋ6ΎDe2TkH իKƯg)T,thdbܖfl3@n{^ba*I'N Wt#yםR5_x/,&`#iq5lޚV (v #UXPfQ~{Z`LfW\A-2XߑGLV:"83jRF76Uf8X7ϲ{!V[f!.+p-מ\FVC杀uI5APș&mwT#V-χGL9pN>4U·;wiȃlw>wm"/u'.}[>;T(IM吰I lDLA}@06 "Gɧ  N't?Cǭ~I~AR{v)=S FK@jV|2d߲u{$+wyrԦT2:vC't\/NdbZ;*]@P#a{Hg fmǖNY *NsK" јqhU4uN<.vwr``ð4AM#w<6$/WJMn+* ({iŸjQTqܽ‘y2$%iOyRoi^^PylL` c1*ik5kU{#|bŞ^~bb-c ؏&…/>]uhA y:rBzdz9,EJyCsy]reNV0/۽ho[hP a͐:JӅ[U87}|%Q`vw<ÌtGbx̛5 moDѠTbZI ю|h_|=ukKTpYZ}gak AN3&Lk dOmwTh>BT~[Yԯ ^ 6&ͮgP>eƏ\6.3㾏Ii9T8& R1uRf!?:f%k^P#WBA컞d3` 05% 18_z$|^"DU cźe?t)B$C1F,Ҥ1z^+WWUΦG)U!:[mbcwO\8z5م*cwYK %YR_eMc9;EiUšݫL O'EEǡ䨓\5+?Gǐ mZs2w嚑\d53.(/kv֤mqfmi͚#S<&C=DabHkĵ 7ibAUB[65{P{>Dp~^%h. 7^=m0h FhoH'éKT >LRb`v-_d[! 듍T;a>iч={mM#n|  wǦ->k,"xn[6Q^{9)d_|Ǝ&mML&}fv&z b^ ڲTWbO:nq3$WHr1R+дw(􎹖c8tďG ONl nbi/Kd) jהš#8 :wѡKbߨ{ӵ)*{I\N}Y=>EE JkeDb0i߶ >_~dWkhX"SY]Q|9WY:0ʽDjHGZq =j%ޥtLܷzvqGpIuuc#arLܪ1y?%HyEVUլ~Q5-Y`TgӐC5*~EIyikgieƜ$2hШgNJ sl%6v!;)`@,$7kXB,7re߅[¡A#p8vzD!iY60UJ5L!!|70K\4H|`o\x\ H%zox~a 7}NMNe;'o˾+']}|+'16?Qy@9G?S_nf`Dmxڤc0,afNRrFw!OgCXy͌7+ A=xH;]*<(uMjTdžv zK].!oUyb:D z ֲ)g|G(O] CIP'V{9yĆW#Xo4m'peN˄Z*v [Y>"? tC؏#sxj ) Z4'Bex6V. &ivt `ɴ)@P'4G}-(ls/;Yl% 1+m~2k!ss\zY8CfUXO͎5-Y㲺}.ZGYMcsB#,E T$ m g9~kSպBo>:*Ƙ*xB;O`.[- ᤁ5/6'gt<\ܩ>Tͩ贡5wduR0!o0|^ϻLEa Bu oZ}҂XĴv}*u–%yNL[e~Rd 1 :x̏lt$crʨFsc2yZeTUПnWыR3qN\~(֮b WmH[uZѷ\cв&>Uٝm@߭=ުކ&V3n?,Len%Qد|uK¨,J/.C^^QTh.BYJ5%ZNv)5Qab^/us n\[Uj!9I}~_/lUD^m?1d˳ JmrSd yIHل^#_p>g%ɅV0G3d "EӖ ˥%ހ{ "y«+j&`=sP8i zW)\jU>nLDFAx۾cܘUڤ@`,.vGz]\BΡc.Jq$: 0/ut B˻rad AU7,c*wdG@AŒq4t;m]>[{y*g6o*+7{E yF${.7"?NOy>wh!u;/p.j/Af]$>Wlqwlk AL)wڒstV|5fj`"u|+*Ǧ 7Hie٦CȚ:WS=YxK.lfȁSdc >#^<}31tb0yU]w Mi$.ADCHPN7B O=1[VD W&U*Pf?r0 tc'>nyyӳ@'z1l3H.gVP4RtM ֭gbi OYCzdD9@^ԦWٺ.,Y(qn{#1R NޗۥdoGw#/\ t{wRqlm[p~僜;zb5z\P'`ebOz=_#uYDM+z~-QnıOT$g:DrB-{G]}fs_k !>BcP?j sJ~. ܅BWIT*`<^L7E_24@ ":BY;U؃E0\=]ӹ6F2pjq0Hx}dRE+ =/c"WY&2ͨV&pW]u{/P\λyu*vfԫFpo"桨/жMEl')*^*W>5Z] X  v)7`U&9-";Wv1+zIshϯ(*5]"(pljIM~gaDz,Dt>)>3@P2%<̆$!}g̨A Pe,0tD/rLRٽE$fYט(WQ}-:foxW@̄XҶFZic[pNIc sqNA\0-4 ]1 BjL<ƞ ψQ ^ZU@'Os.ĔUŦf:2mAj9 ٙ9$\1(E=8fBV&YMHs s==dG[ Bh( HO,tLaaW^׋G!5ĭv ~9pT|P۶7õ},+*wy6<^ڞYh@<"L<\\Q 3 3;>ydQo̦Ś\ِƦ*اA@-W `V%sІIf|2CfdҠR |I}]5D,6?Aiݹ&THU&I_茠 bd! ˠ>Kxv!xS^VWBBi !B#4bin鉲?hX7ʌ4p ģ`F>xY@΍4 ^ZهͲK2lJ!fm%-0_0:.Sد/ޗwHiKӚ χ?т'Hs_yO , >wW (H<n0jU.v>VcØQ}YOgVP! .q;"ƉqB0*PDKnYU/yDgW3@"PcsbYeG7RT>z\'XeIE:m$9 ,Eqb0~oɄ=<6N8my@WdQ>էiAN2euMxw<@:g[5Fb|go]I<^´\vd0jf RS_00s5q"h]}VQA!8 S+[E? I! ess!ԸĴb֔Á+fR\Zir:3vXo>϶C}A/*o(,!n(ߧR vzRq0醂5򞺂rL$9,rHmZQ!188:CͅËmli4eQjk#H }F8 Rt2|] +gk׷vaQ`5OڷFl~y2FH"4ey œGP8д㨬 o:~K$ZS7FEpȮ._20z@{B_zG0baNpv &E$Gx^N) 1 z*/^w#U KmkۜLi`16wS{q.j3eG?fBPJ3R1RCȞЮj>5"[}s&E8a5>|" 29_8FУ<2L^w6}Tv4VY C֎М%c碾ͺ:/3fr#Zq_,ۓځڎ:IOZ'GY.%ۻR+)8wRÇg!T72[Gs#:QKGvlOrh<.kW 9S<cV5M K(:GhߝR/Hue鯢Nꋩo-i)wĞ IG'%|Ul- 틝 tClb쭭@C XSY1Tw)e SIڛ_IP~GO&?B–ͱJ:\eN`D5Fr`LcqL~R3_F!NmDrLSdZ(.CCM On,S R]hD9cp.b*Z}Mb>>8Y.jg="gv]b).| bIúYc/g>6,;1IyhVw)3^ ]]X.Bfn0Kq:?(heGqoË!1h cnVx'WWqpЯtlʐ3`][?+6hٛ|doBtBڒ>{2SMwaxB⁒smo)[yf"ph,RC<:=j$_hnc7>kSBmTSņqi<HQHcA##ٛvJԁ L"We[[j'<9D/!sGx s=)GCP܄-OJu"Zf<߅4Sŵ6`rMV 28)l'V/RNĞ&!$Yf|,%ӵ]634fDSn&,w}RWpЙ%'x(ƞ$]j6(pV yyi]LyrTSz:m O)ub 6%!-3"lJZqSṇxOp )Uwd7t1 \60"ps >$>P $^ ;\ Fln6MKAlN'㔉+hԄmfAxD_JBZ&OO/^́tҟeÂ/b.ҦۨDO `PvPo0i)!-^ 7z_3Hܬ,SY{IiƤŒ Ti*t4 'vf*W NL rЙ"|GAw2 k|Ӆ#[eo3eyP=mC*֯6<̪Z<uɫ;]^;hep,Qތ;Pnדdh(?tnG)U;v_l "/GE?jJs{K0TkVu0X\ِ2s, +٣b0{Z扌,Y8~ УUy* 7 *h;I[Be@adkߦy˜b%FKR+ z~N2׬FrpMsZ셠Pdm.#U3>4<,'/u2 h1CmdI@,3!,HiDO r|}JS5I;tj!Y42Ku]v#}sgJMFKuq}?riLhڒYPYި@gخ+U*qtG/[_|/h ūN3@]8nC+o`6BޡBAՏ oaQ JRܝ'}+#٤kM2\?@M74lϡsݝtX[W9\d0"( On'ŷ zD tӇHTw|\!ʵ Nx7^%8Co~`o>tYwyOkuّ!YLɿ۶m‚l/TTvX&Fg\ZAT30pd|Aђ^Dsw=@M\#ZL'֍&\J[Qo? 34J;@mԍSP)l9 Rb( r(m>N\9P#đ/Vaxw V- 4?yH!6{RTBZ !!OgaO>ϥ?XoG3jWj!לiqeaIGB[\F,WWgu1|ƔeUmcђ4kpu2| ,;u*}s,b4@6W{&Ȕ[YQZҋ[B* ٥*[yKm`9靡7kG'X)j1$mgd# BXP<=Sן;"rB #+͘*YPf| ~ $mglg Zia}UOYvk>٪Rӎ^ stjHCrC bV+nlh|(͝?"p0P5dWE 7 d4RAr *iSd%\/3Qӳ'ϔ&yOLrds/y򩭀OqPVtv#ZzCyũn[,}2T YMQd1)嵭Ok9]^4ukm* 7B5޽#X PZ[AYl39 V9VVv׀pc#q!-B5-eʆ.{Y2d#AfVA缷s i7 |VM(ty# f sj B]\tF6em1op[3r]hͅ>+J|ϖ97XORAL^KgRaA @_ 89MŶd\1''K?T5'0ܓ^^x7d,)(6v}2}R@kЊk_R6 X)A,>EgP Px¹@Zb r``#..*$rw?{aM |n̰܆AaD?q4*rh)M¥`ۿe:TPAfG:+z>G@!dj@ߕqv dsY1Xizo]GgK4^_3Fv鑥AVW_[̶qSA郥j &=%6M2Ķ'epJ?uF^I3}b%@U$cèi *I4*Md1f7nˉbߘao< p(HaU:IDc4$v8{,,dm2p:7p0 }^@~8>@'R]+lI] )yL0uQLa$wqa8C;$ gJ/-J7A- 0-ObT&>*܎]1rlc-3c %|׼[fПe2PmR-StjmO|saJHTjuƀT#_:eg}A }\H0̆0LpHE:_*s]SLZ%WoVgNL 62 dѿm6iL ߿:4<=4<7猪S0О^5C[^¹,ڴS rwucy< ҙϐ~]HɢiK5b}N,TrJZHzg;yiMATOnw jL`JًE%fa|Ճ~(G'S2,0:`/Y"qÄ 0Zw΅7M()Cm*@9T}l;rvx\XvҷS$ +ԹKQkY6}!'BW^W(89> z:ܨHͳ{7=mr[0[(W$oL-U!*!qp; L;8(ZLS֙û40"UQy{2|0\wC5klJWZ*\|?'ꒅn|3ْFr\,  )$$u0LpJaF8Vf1/k沃<rHzUycX3Z> mma-*S% >;Ά-!6NB:#3a+!wЬK{Ns[9y,)Gض\ Gɡ1wM 8 `#$B6k7 &mmTW_qUƬys ǸEOĪ=ʜFciHdw dz'< u_$xvH<W|`8=r,n 3Zl Sw'v8ؖeTK=@ \.l5T UFc w'Ij%fن4 y@!hTGjU#3?6/3Z nxv{Y>N/DVI\B޵*:Uc~3.(F^6wMx5kbYOuLaҖ**ͱ+ݐUIٿt5_&&fG cZFj胥5]Q' bo Jx}iFBO91-:ܼכv>aJܠ-]d2"F%+-~M~{G±.+tc}tv\zz=,f͕xjV0Kn{.U>g)2B bЊ:e0$EA) g ˧vfEv#ɾAO\Rvw\퍢Ok2ty!* a%_j\fןewIdnu ՜ag<]^Ƭj"d$1T]SS=wX7Ld("J#|dN#XA2s/ZB ޥ8%m{E_Y@5iL9,n8Րf7\ϷvCFmenbK  k"0fs!$6[)sdOu]Rk?@%l_> B1eɡlEրmh Guݻ1Un_gt{u+"W `.܈e1hT5{y ~  Ye>œ6KΤg[ k# {goUd2 L "I'Vg?F&olNMY\)g|;a.Aa[J XlvW8Ӫ _Q#O0>}SoOS[ ,p]#\(Tӝ7E(Lۚ5X94(UO6?I fQbZ{ő`ABbxT5-J!$c>[S[&s-㤳Q )DϧcoF^f/(OYEʊq8!|IZ[L`km7TM&`%YfovB} R˵* Ct)薉 !Z>ۮۺ\5ws W_mfj 9xwbRvY:I9 K9}IS; PrdԆfFFs 5uĴ@ ?]Zٶ/"ro`MvM3wyc-+K|VH01aQ=*P?=+OJe*@:/8'd󽽽Nj0%5U'GNsjP<>V!uGԕY UWlvCJ ч5Ԝuc+ҩaYB |['5^6}ngY+.^aV *=?Nɸ~nj0u>vb*Ctq^d8>R g\ F|x&k@hIQMuTGr)]WKIu6N}Y e3`}F8izT"}i~Hb0܊פM8 F8|O=үl ^YEp}b%aq)鐭3|h5$][ cb1Qnup` kXqht?_zV&3?Lme>-wI%XG GF8@_  ؠ5G=cZsA?e/JԺ.q!w/)-|`k35sy> ҦLقa;*:#L'dܚ~6ٽo;L$!HΟD)O `=2XؕBRfX:q#Y^>/)K<䣺>U@R.Ng[}ta&ե w|,PUxJ1.ᑾ\^svYz7YJR5G90ҾC"  @S)ۻmڢENdhwܲLBns N*O:ՄBLdPnP!}%POo2l#JшBcx;_r?$ds$3ǡ.#ltъ݌L S^F-i-&Q$RQ!#M=IkX Mt3{ʗ7@+9"=MȌv;-(_zWFHyP; 5N0 (q M06vүLQ9`ZZRi!{¶sd[@fIpŰDhG.ӟ4=5UVժǸ-?o4WB$h87!c/j1+-X/g~8DF6x~rAfwW1%9e 0:uֽi4m1Կ2;y݀JfnQi㝙0,Kf} ,yh8n᢫G7A}ZL9 %ީێSgtޒZ@OYtG\EN,]]@z^ѯ$!~^ՋV,Hnb`$#q^4d@@#OTFvs&oO!#B u< VL3sLw=9a.8Lץm1btV D-jr7kc9%r΍ ;!2Ms) :CM[6m7|Efځk,-BʡK_p<1nH0ijCX;t=1ĶJ!Xia>:neQD"^ b~S3БyZgʯ܀L(w*`Y%2joTCio;tG G>EJn^ShCΦY?N5{qZka]^סϹ*U+~i.ֿ|12=O T,EN;k@dEóm֘MrfouCe˞?6l%WfVGWlM8;tߦ~Ӱmj7+6Ckw vA#Ҙ)/p2Op93 FXI!Dܿ "Ӝ8jxBi%e{>z-|D?TE0?O"g؇3saN "u>__\am{3{v)W=4IH2"T԰Lۮ#ʏ"K7yIwSS&$s1[4 $uY%B_ՔCQLvh>Z%q(SSag:c@N*55Y?,tJѲ43ѧXL)^ tro/Qķ0c=DgȰg燶>]d^n wo; n;bY[{ GrYt5Zmtp Q-_%5NYk]]`̧ XS]hiC#"oݰC;VpAwOh?ď"iSA(sD "7ojb iC Mϙbg_cbge6گs^.GlV 3NL]7އ+uq cHLr_H,ܷ$>)8 ̻lDftYY%&v@fï|2_mb\9_\ ?mM{mYB߷h'1jiʋNAgO%}>RL=[K|09"%d;WT>z<65LFkxp}w`.i.w4w [v؜媾~=c/ 9MB. `豫= ; jx>mɌ`F]( ]c6'WtO2 uX%DS*~u  ܖL ]N(=8繊˯Χ_*eWd <8m?C9CeRێxX+Ȳc[OŵUHT|!R?%*`R'yH魧q4 hE[X` oM}<޺P(J+XDB:ȦlNPg_JϼC.얧/TEHx|NVnQi-щ@ɛ.{b㮡_k;qYJbs _4I+ _i]G)`r=5+R{aJf]؏$~ulDD 1"a/_IuWڟ`bΐΧ!V{rZZڐ(]邷#;_*2o˨hu-O2?>0L'$bŞБt/ 9Q ;BƠܳϣ ) #8u^=l|˜ĐbԦˉb|LBxʰUX ޟéO^r:K/;z7t#2~dBڮ!޽'.^mki~CjLokmD˅pCb Tތ풶CiQ2 .{_dR.Z}x9m 7&![8 -ʑ74kݣ>AfmRC*"9 0Dvo!QK-f22Ljϒhy6RZ1ʽA矙^c*)Ν?dvH~Y5p+vO ]tvrdqWl{r%9^=ۍe$ cq7o0bb(P`br8`KK6ÈO bVsLqȝ/JߔOBƼumnucڦ@|?{,EVu2]qB?(tK7d %`>vz8~S$ ʨCWr Mζd<ТVpRBٶ8h EVBtMqHzķ& j::-Yqwl|lC:{ HZ B .I ̽w=i߇V?9UٸVV6:8o4wM>g[ſnUK3-X j}nO=Pa˒e\u`]<DCjsgo1&/;K[ӌѫnB.KrHRx˟oS\ߙ 4g-hOk 4ѼL0؅ BFO<܂zȭE[\ԲM-!Ia:FV?+P~ȇ|+Zhk9ㆺO<(.+!30-}rI0~J1jWp;N tt?OP[f4?DO5Eٯ(㄂2Hq9)8"u糯pw`;+Uh$/><0i>[ Is\Kor~o}&/*fˎkOL( Ʀ_}Uݹ]ED' M6)JMq}[Ap3$ZkvxR*. IL%+؂c*n&)yzv4! h/xj|*oҁqg Šْ iŰsP]F|'T6ϒ9߾pdvr K5.~z90?u M63^=GըAUY(xӴDUO̵4MD{1BαnXݑ LF:O~}P/15ϲ(\B9CҞ"2dnձ+G"r` ОC䤳OӾ7G(~RKM- hPߒCZ~Lr&KOwLI\`"9㳺Y7ɦj+V %i_ 1Lwйl܆DQG%[.7 _3B@@VU(gC:V޴^&s 5>nOmHe v3<5y\$k ׎nˢk:0*}l}+k-^F/N˝2^gյ(hȓ~jܣ 43'Ĝm߼ORA mB` 衼 q,[y<,qܢ~e(\"xk4dk>0}B0'e;dZE{M*8 7.rMtjH֙BcKV+0Qɟ(w?г搦)r-Ub6KCdx'{Sp&Ֆ#)(`$2׵QN}tkN4-z8{PWwC^xw]$aHuunr]̫r?SM#eQ(}]:Ab>Q=_X$:FsZĆh{6^;DmHcTh?o"Zvj줫;8,zgϙPԩ=) DtUgݩ'm{ 3% &؇Nw\0Jy|5c$xEB<8yd^A/Z' c鏗4Q;/9/KiobM8~W n60:Q䬽BL0LЙ2Ƅ5ҺxG<չ͉;*4/L W=r.=<%\C9툪b@-12gpfk-{G/BE qI{'3$ "@TlnEPkIX=`?Xƣys VF}kQ3 :.O?VӸ#4"M8"e;~^\S~ ӰuNMa4Qǖ&dd[P¢bAQ|״i-%)]9>NkXy ÆYv1{C:gZn9}o]p~ UݣU{8c'kJ0M/ZP73Dw׬{9xԻH%օS462U hℬsصQ37ru2 |zp؟(s0`OQ>+ T?nS:ƴ1ҩ΁_e087p#GyD1JK}~WFloD=8SkͅudI72uK՝Z"'!;7$ـ_P3B'9l$+ d%+y# EcXDsB+Ff^oHn ίb e'x@"d5廯^n+u^ۜn3krH9ƇR"ov4Ǚ͗")WEq;VbwQTP$"v@C:rYJt@9z?@Oh|e ^^p;'wd.XrbM@Z$oIr:S1$-1|SL>ki r?\J6{xW~AnsZ<W+z`a0=ap+;J앃s1>b7\ }=({Yd"*oP8'$8kBR=Z2rexjZprZ=tUһ>ҊXH?o~m)oT2,)!̾:;Di­1ePW/*?àV3VHfcӻ#űdD5q6`n OFjie܉XClxKM9Ҥ:ZvS)l{7'p.t1(q_tƘywhL%36i xqe]∼|eA -TZPXW3,rp/`g%hN{EVHQEXT;l[fC@/*T艘Wkm'}k[Y$XI͟:Vu:_MMRǸo]L'6 Hq[Bo+A圕NX}TJM -0-g,LO{ۦ!j ;nJ~KqQ>s:]BOa!}ǽK}0Ꚙ$$gB ~꾅l|BvT.9A=$`[Ϙ4Ogjo$aExZ䘄>c$fe#"EpB lpo/V*U[_!unQMl!\8U3&''qkqz$\_ZoծF\0fQ e Isʫ0cS!IMh\Ɇj9qV5mD(aEԕ!Fye~, SҢgY7{W|$!!#Lt 1,[H^)[l]=_Q3pB%ԠoZ+֫ʤ`F6첄[(G?FB"#ިv+EL)8y^h* ^9J*}S[+9îO7˾1*Lzדhev /ͰݽンGDJB#Y '^N^]h^C9|\7Mw=cD<5P"C 5lmx>Ni? M Ay+Zl4)}:rm ˒80?cػ3BT餩,1؆ԙ5¿Fڂ+ κ|KzxڇM"%c ]MXH3mZ:BWP,jC*7uO j|>T@=ڑl]QIyB*2E8Ӗ 0TиbFrբ[2R)<}؟ '=b)9}ىxnB_ EO|513nç0f睅VWuPA\P&z81o̴`TKkS 4;c-vԆ%YAB9w|~W>vZCeZV$U{sB"cLDM' OҽK"@I!>[ pM=s!tP3lI 5S8]ln _rWIc.Y\5,ދcc.4X q < ldS6e}r\Kfۜc D' 8vZL%2g0' 3d"^X׽^l3}vp;NS|y'vS2T5OZ\se{ CL hii.:Qͱ10J*\gd?$j|U8#̓Sd$(D%%ex|Rhv IRZA%tp+TV1jgOg{Y=YO~55꓾4/.m6hIa vSW"EM+'u B`4"Ra!/twU-n_w T::9p>hB}ϰF( *?&}ԵH'ieUS4O#Ù Ҹ.MHT7 Ω?u_Oxِߙ`Ujfk%؏=6a,'Zh@5onO*5A lOL*;==" EV'B^tʴ=[W4 o A%clJmB6Y6~1~B"ڤg[`Hm>~D3w~&>aѶԥWpW93ezߤa1p UՂbq*U82Oބ6Ա1 ;S(jJgֈUۀڿ1o=6cJ)FFhliW܈kja1xxف }lTF*ux~{ 5 e &RT1hESkyxAPԷPg['dZy^*Ef4"n_Uy>VdJpPe!m1iKg-e}̗:4_¿N^쫑¼u{%KC}TZ(}TAId>I/ZUOAX@`q8}̞uNvG CDo$л8Pa3 0J1't <|.|ITe22x.PiJ1db^ >0.*;Ru71{BfT%Խ#xߋAba;,槵zİ$T=u0+5$}{5 l?+dT5ؗ~{S*)++X 0yJHtBLF-SpWj)j:@d_ D _@4Q^LݍO}+ՁA'$òzo? rwFs$n'^<. x%{ۃ^‚deI.G3.YM4@.y>֒V@t܆E|K$3:sO_E9PSG`, ҸFuU_=&RK dtl^>ko5սީcBo5}?UK[[Dm DQb1a1LZApms˂p$> JM/)nçջ6F+x9?Zrr?MKfBrz xy֥umG'wcBoP@|uj +xdo53[1&|~\r9 GH7!/{6kA?;>8 ܔu;s{LF})fpKYґjG& .uWЇFVy;#MF'mn\K^~G3v S KWJ?~?W`߇BM}WAN?tcxzZ]Ey,dMpXʅ*u e2pV[rpEQj}gQ+Rqgq[\;7r5[ofJr5"OtEʣ+ ͑L}jE7w7;3۾NJn zO"],W.!0JRUgnE ߄ueÅ\1|wɤE/.A,#P{5)XymH@S ?P \,AmF #~Y;շyF#N pb+qsʏ1 ˡ?yt 1?9f%͉d{UZ[kZ_#Ӽ:}YyJx07X"`g)5j$UBN>fc7')XɈ$B~%sS`w<YmEX!<rcSfad՜n]GkCfZ'EW,5&+ wTWdM>0o˷Uo(Ep}Hkt(.e:Q~GI c67.ut] H9,6xAH>g0z% SW&l-[1P@ Ƈz>Ԍ.j=mGUNuM?v=]DĦS!PJd@2@öE*l#V?v#J(;f]ɯms>whJzb X.LPRkDžf-&.Ƭ.哇{er{Bcx&8jS_Uё=\vW0ki]pFǣpWUhCcchfњ^@*dm*nШk0 ƙEf2:BĚ@RZ`F2iN+.u`6$|My\eS#HgX2uOдތ<]"}3e3+m[ң.dOrF͢w z], ȗ`$-ǎCikg)>AfIȶg`1Iлe"0uI+FVp_6T;X^r!vO?f Ը6-u5]+r*j.eӠ`USk5>gЋ`f#CV*ƣiz=&ijSmE@np Wx/TrB5$F秭jyAH =u~y Vg,bs/4֯nǾu*Sֿ~@L*e=8 N@kY7׵?SaJVizgZUCs014R˔߷>k9 78͢uY"|ffNBWUG\$B$pI4-ye?GOӇP뷈n|Y-\9MD,_3@ kGj`"YCELkV`Fㆨ8EkBv7TD1rlVyCn{J) 3V5M=|&d4񬧅G0}ګ4$Q\7 o8Mz=9y oW+S_$Ar\&1A$V3UtɨZ1nZuQye6,]|N+K%4jWTOMtQaikVP6$tU == bM*AԺ3QB wx:C4iVSws4D^6EI@”CU)Cd0-yz"d@tL{]FM8 2Ԟ-!p Gн.vP`rI҄P rwĜ6J\-OhrTM_;Q0^EѪ7?0P4IkV-By|:-`L~.YhQJzfykm?Jسob;PhS WQ9"X6)4`ݯbM&,?ʹkZQ(~6d) h+jӽ1(I DWdWK hRe;XQ~lPո'(, 2ƻ ,;Wh6Q&B@#ڥStWGeVeF(]z;ށ2vaӋ$bu1+6 :x͡~ ]DsmOy$koAcД]DMX۲ͺ́D~GZ5W@]t3~u0D8Rhԏ^TG>@hD3Gn&e~pFr7dߊZ0&p͞ &<͟BƈGv#K5P <&q7v?:MmGePHÝ_n䤿離,(*!sYL3@ޖ3xZmIڪKLv&mHT3@jyn1s| 68%s<ϔ,3T+pORXJ"Y%ޑGզ%|fƊDׁ4XCT k+~͉'q~j+cq5Tn,Aӵ$&%-`-p 䏀>Lj8{ rRO,DtE`&W7<.Dws5M\dTרW}Ffw .Oq,L aU Ux]`HO$)7e{O0f]"͛ Og̖='/u1(C%5/-hG nʈԃL$l XU awऌ|0Ry$$mM֠ AYd,ꢜ~I]6^~hɀBK?Kҷ١#.KGZ |h.K5(8Bv&S|یXV1ƴ?$8o98wTBwL%:fϬƬo%ֆ;+UthC%1V-|*#sڍ: 9" \ 40C"ĕ Fuˁ|sU yb #MyS4OF}Z5}тDùc"27&݇v'd#:Gvv6oFpxg^·qFBG<y\ǣ)0HYu~3E0 im\ Fjj_* Lh877D!65K-+/H)7~&vuۊAsm9d+晢",\yuxPc4S@m'?ەIc(G,j_noy'}lr4 BӨ-j\9#saG'S}2UmȫjpJ] O8;8YdFw8Iǹv-x 8'p^#Fy;H=Pyb?\;E:U ^2p1Z*6^p [oR+!=8$DZKjxGiPgy I|F~>g.eqΊ:O-.oaz^<ۂp XDe[L2*m>tha%BMpf46 ϴz?#~Ď]{ypP 0 q*hc!!FA+n-Ȧ˖>~)XC=%f?F8;p\DQc?Χu6Vy,Wz;Wj=z¿@hܦ0riܦtdy?`OZ)TqOw-ɋYSzɏD nOHt$|}.A?U*P:NGB^IZzҡ]LC;>F}.D䅢vmI oi>f,} taҟ3ZҤmgF^]kU)tv쁯Ͽ\1kvHC܆3q9G&*JAMpfEU-aj%85Sv]hx'7V)r+.Ҹij U$ߺ#($'RlW,vb*\򰃶+_OBp\C@7}L!aڳjP+^]8'/p5+HDa#/k^'IDJ(g R(|Nx€nrHJz""vKD?DkQXdw0U^ IJѴ|ȱ 8΀~sliO l$a}`s Y ,gp@MpgY﯅3k_^!;就QVUpEl%n4nbE>`%p:R9v^؉W 툶ecxߕc'V٨@Od7T$6[9|%v 9v+dH5 Ks44#( LS|M5PLlnIjm9P` |% l 4Rþ;qB5M\'sۖۄcfʺnAu{1LEujS`>띩]u%i{KuU6-ٞ$M}rAl:9]xNB] \ )c Oy0 "J%)*; Òim?1;e}hTFN`д)QI)u:e0OTx KyKp" 茰$Dz\w˭xVNT 'tpCKKkYG֊R@H `m,25Ƕ5kLAJw=&Ck9Y&k>d+_8L}\KFlp=Y*L-^C¬m\-q/ n' І<_w5jyHAEG+f=H# ]jB>ΠF_>T%̔EUxeӨ%ћNžhUxÓB$yw+xAdO<sO[ "k#'=oZqG\CJt~)8%a󃯬YwR:!]Xơfعm"h(Nx7VQa5,M {N\$h?5:3jK(j?g{8F/[E-rSNʌ3?nl0"sv#N=|V44^&>lUN!1 ܾΑkQ-2|fxϖ?%*`_h^:abc~sL;n0"=>6}%+Pz iBI w2}uO/#9 J.&y%y}L^Re= ~>JʱV`'eKTu?'8wڤ1A@촤ۉ{Ud6|?,*(w{1+UCLVRB޿^tgFbiAٴ~{`z[s'O¿h|4$4c\>}Ƞd4K{|F /!!@enG,좚W|g-u$w*={yC4̙h>n$tMzB"څ_oAkf&mrԮ*p\ےYwJ]Ps x !LXkeP; =MXƸjѨ-b[TݗpPm~|:@Y@[j\TUӐs^<!=$ ȈP@B`FM>@&^9B_d+G2vF bHxNUO8ymgU  6X$*^Dn=#>xQَH]LȠ` ыw@ˑC Kңw5 ,f9P>؂ ,8dpG0 ub6<z.fXB$V7:.+* O]¿ hY{7{D90Zj$FSG{?7MS^=;n>цhn H i!1CG&q dZGBx1}nfS.bg0"[-q(& ؎GTNˬhWVjO;EYu"l:cz =Ѧ f$dZ4Hr%sG5W9Sr <1W]2u3g> UKg[-Îφ7NO'D\Ct)Xof|Qt6IKv~X3a+ +"2Z՚fM~R"l1W]?mF~#Dijʇ a1PJ^DhG_XG&q"1Y1JK=N1FU0kO$j; >Јʛ7@f4νSϕcmOcaK{2He&1~psw_.a`dTUzX~Hn^{RT齛2ESVr6)Hz[ſA$Ev0s `H#1irnM@:)+Ș~eZwzFP&"LfGNZBA*y^GPkV ]D)7Ww 0*A3s@}q5e?m%UqƙA"=:=L[%"΁`aMcZ#&(X R 'Z ra€)§=8Nq} ҎAp{fP75cEN}3 #@ܰŞU2{3@=A`3kvEZk(lĴE!c[F2.x םkCTW%L$t ڬ"fͯQ24bx_=J0I|lCekr+4cVXMpqVj!3@yP$N)Ysٌ#vy4\|\bRL[sظD%)lo:d,9 $Vr@c'Er ZKHf8W,[=K8EUN]XYs*i%^.NH7&0CR7>J'mA1cg0mxnPrʚ1y"Ӆ{$W,s% geكC.h]ʺji1Š7w,6>8U k>hLo\b4aRtK #L~y R7?|8$/R$?1Qk‚БY=P\iN/\)hz0y "= !6rIZ,y J1fQ$K1ЛX_ be4;W []FB *ej:OPz֝*;OT81Q,X!HPh]b~ԪA;lOح$~rI9l2LlĒQ=V,@◛l>ƉB߅i_j} վXd+,k6O(X$ wjH-ʛSY5቉7,&Wui0ŰdcS z [>sx}˖/L`R zj_[Q;ˌ:Nt#Ӊ\҅56SS-g*[ (yf^J׍֛*Վ})jlF<Ņ:`OL",Q ~ɭ1/et$cӠ/ O_V˛.*m05$4r虝ЊV䭍Xa&]3D=]e,|^ޮ2QRr-`ffpR~aS_DE+fIVXiɔ˧{=vƚ\]L<9E1:uu.43ѱwyYyKkGKRvO`.O7(\? D2"vv-z,IF)P1"2v(Bl^zvo=Q^s1!˧w:6K.'ڏ¼N~C8~fMGlz7O`7DzJ38kHek >uu[ ܯmclEܼy(Xo_NicMD~ ȽwaCE#5|4Z$dH>RNm8ԈAMxKnx0]i1Rͺ=detqpFFl; =t2&)py,3]>)gX;@Z+0QuL%I3Vn\9WW,wwtCqw\Z9w; Eh,?pAD&4zXx2-8s \8,-aǚXf!kl"VA*Mx~0(rhU{ʹMr?~KȎ_-w_LyXC6il쩘m<*Քh g?)75,U; 68RL1|&hmdE/_@ {\K/<ʷGdڕ5USٳ%-#X(E̔t#oo Ouĕh͵hwߪňVvE&6th9$X%NevPZ_K TNGhhh]" ͓(|a"ZTy"I[2- o3Wf6PT_Ns>ST2kk;?8?b=Bc;NfEf&=@VA"@!)|W6La V^`2A5깫ONrn{k[;AqCA7}a5ED8m\gyL*»¢*Lt+ĿkfhH`yʹ lV@ TpaRq r,%U]K6'~ԍԴes2e3"Cfra,_iKbX+|뛙(>C_sjL$cOfgtW/A$=?$gDH֞R8?:&EpzG}|b Ry38eɵ7Ȅcגb*Ky.Unw/xI38RxV{I2]eȥI.o)sc,? 2˓^)LvZvݝ9 50ef Geܣ x mOZēO&&R% Y%=7͐( V{34 |[my_f) ģŒWq+ڱBHxt }ߜH] PaV@dY}-CFd7fbyB}ī ȅM$1G*H$1$+ɦ [`_ ¼svz?sE6: )7ڏwk:zFmw?ӿfv%ڃ<Շ|/ "tOٍh2]3:ނ۽9*픫\{_;Pf;\N?M^!ł/>3-!ꙩ5Hguˆ&XODw>b4Z:;U<4ۋjHA:-$]MϜ5a}#PY%/8o81-bmW1~o5 *5=\oWȡ$A vG:$RmpYbB,]H:Rϫ>.E5$oYx&{ÜLTVLTx~T_G–iW啴1LmTa~ƺj-M)`$ҌbYj/aMae}s..-5R|i|[dn{ఫG8Q4K͐;ormU| = {d|GürZ,of0AǶ"㻮;)%5ӝnVlPtkÕV$P~Ҩ@22zmeJX3! 1quNn0bCv{}08 ;\Xˀ$dU8%t-A.gTR1u{pM1uOMO_AyRŌ òO^0y , αr4M(=OKTێ`7qwo-K`J݇<& '-\,PŮKM49,1&,VECh:up iw\뢆d"yBB?R=uzC[C :#:FhLݙMoV[{e瀘*'oqx_ҜwLB1pv(UyQ|«@9f"ƫOxRdEf^WɎPLjb@Qzy{pDki>&Ē' *{w~,QA+"W%$T2rE ѱ>d[mS7O~%{;_D*BHWqz HMtr"Sz@iV9?߬%JFp'];T*:Vwa"0RW$nRTfTGu\%JH'(I/dikg4{48JJiat"z̰fpŲ.F`ox,%_ S=.Wkwn9F0<4u1gsVUg̃^@H4HyF|6Qo@N˩!Z/pG5tRc\sq7ǩBWjh\,-5Oos#:^%ٳ}{]h&9H䑎?PL"[bYDhaEq"N?3;kzo*X̘,[bIk#PFp]|;F3v`²H>O'Dnv3#K վ6Z.iS?<4W_ѮYe] &a F#<2)6S yh,q.pgmD@$ Iʥ/aOX!XKv@+)ZS J@rΘk|j%8 saCZ: P:gd+ZRwѸ:v)Њ9h .+&+ ѷ?P&^lbj̶Mʦ!<9,!:&ӷ&=3&} Ai3 F~nƞW1כr$2p#\&"g_q0 uXSw@ڦ3'c'69,8GXЗ5"mʖ=TS)e "$d5VWBZse|K=XU#:*.p kk_li%(Qȳ\wj?&gXHmTOW]M]Aٟb<&.%exqg6=.[ٗؼ1@g84o%eƊ4'##*`7!pzOo{T*\qb{qiup)HBX gS L~LSYD] u밓/nfeۈ hܮ]ތ0<ӌ;HzU f,|i_ cZA/̇(|1:I wM,'.;IjCH6@'QiV[ā+@>vmx_#8C}j˸ os_ چ,ﳳA'wurwqph=o%wYO3xt 8tt)&enq-AΒ.\3@(fɞ7[<jpkLI[$}iJWZ~̍FZs.z}*NL|%>^uԋҨ"W6zqB7 I0;Y! ix-^Ɂ겿J@ 1_Mi~TĖ4Ŷ|by:V=2瀅j~%^ѹ([J{Y B O' ʣ(vT2WA1+q?5!"£IJq8qWc"zyKcCɨ3 Z(zƁ Fqu9G P1&3^C) ~` -8fB ȧR [)-+`gJb'f{kfr/B:bd&K 吷Pxm 5tBzdG,T/M: w: yƅUv¸pѱsEXnr&CP"%PX%v'C 5WCHxlC1&]BMi/mտsŽAD 3 S0_^T.œ2K"kQ"KІNIBwSnEdHz\!_ZC\=2L 3_@a|4Ҹ^oh ySG`v׎>v?ӕ_ W :ݹw-s"`İe&D F0ЪUǍn@74yU' )i&bWA57V%tB|Q: ,G%>dD2,lRE q7+iE1g622Q?Pc;ۖ0_$˴)% ZS%x)A+iSPW5I\[ q  ^r Mp1 5涊 8C[K^ٺ%z^>Y$('%AgʴaJ~vV,,jfݠ}x"rjDdп|_b~5Цt/;{J&zvȳGK쭻deYOmK;FfBHLŶ~z G)+H+^ J9ٱHygI VTw4/jp/e?%KlXRN}G3\VF'. J[yN}Lz"'bǡ]oiXҒƽS\/es~lo7 Few&bE喤xHJ*/1+~P `*7ȳ"ƽɨ}h7\<^}%͜GPd2)͇~'7yb25Iq܎5O[Զ价?DtX*ɩoY!M+;Fڅ.:}+{=fD:Ms#hJqjQ]GT`}:} B(cMIlvQ,!4 T9Zq1\S@]nhMi,&D&9K5~>oRR9͚ۺ\6DAUȽSF= 9yL Iq{Is׸\0{El5ݓy5:֏o,E~#ؘ 7u*8;J̳S;L-6hѨ!h09b=.[!%:n!EF^8:Aݷ s`ymҹ] b"K}S$3[͗5 \P.!&ygvCu 1v_ԜO>$Ytl';uAL^BN4:c8"$CNjw)egN?^e(r,BpKUl2ض> t&?*= "}A+O'_W+a*?ˆ>{ídה^@^ը/``I“v JLD6}2=K{Ӗi!J8 : W(^R4'3NxUb aJ[A'Fg2ܼVjê7ӛ1#fj}LF0j'3CS^W0B *fOVY{3?IS^|cgLH(BALpI)9EMگm7>,7?ja{LPz -fp[i LFQ\% V[ius+[=;_ޡ}5FW4MP&noQ#mA`\G΅dscvôD$g >2i?ҰꐽHx7̇60?_Qb 9R}mt ڃiIuZt`Ų҂K%Si^ntjR&|5By!;"@B/8iA=WgtDmqW#Hp&qe LZMu" ͙tb;_l^Xi' 3@`n/ B:a{ o-ғ#EzyE@2bo 69I֡  X]{9d[iןhίL=j?9xL .7`Oo.#n/Yy렒2v5ԥe/%Yl c 2^TdTJ&JZzTyp%-VқXJ}* MZx]w"#*b 8`$F/q9f#KÔf3n44;$ӊ&nH6.imN[{B`pgOqqΰB34 zޜY䊲|YY1J( ϤgUC ʚŠ ڳՏ})ZB( IPݾt?j"[沈m  ~!rYn&AC'#KVh}Ջ|@ KbY3BkFH1eImG{c=`;]b݅ƻHlemrB69 0eca1ـ1[drJL^ :Lڷ.&!CXg[+сx2qJ: -lNn$%!G:ylY|<7jrOk,zxٍFT+ !k[`ayJ JpWb~k(p4Ew_DsD<ƿ?YJgΟlbV|&fKR%d<Aa;,?k+1-U؏!S&G>y$ōF5ƃC7Lz~Hcz8[6tC:AфNg恅'xid5!) v7 qcco@ y3t#;4M/gȠ8U1LYLBB1qJ<'ï_ҫ؏BNa:'G7nӿ§KWqgh#?|]Q-7@*_Tk msﴥ1HJ[Zj6w*Es<08m%Z0~e[5E$/8 UOL%T>0cZ9a]A3bޢ wsHw8R"N1`rA@!>¸!SP^*uW%}f*^YU>cnwlJM,Igp8 A {HUC(R*w9h0"VҒ<g{HVP2k_ͬכHF[/8 @ DF| ƿ@0;<8GC$fC`,Q(j14OkT}19/wpu]u!@VXA.B(el8:2n.ьRy5egt8ORNI7&fm=8}1{veɓWpnn2'Ww orEx{mˌ`z9%, YCyk+X%S7E "2zQ |%<7>j;#4{*rl "+S #SS="8o"9jdY_S tyR@Us5pv{7rբyHSAHBVSnF#OP]d`-P{#p3޲ļfLb!05`^Ѳ0LX#۷^t oCE ̹=o.巑[ F4}&RSbރʉ-݅D " |LfKpJ6@ۼn2z3;~*֍E:n? ]46WtAw>9"ϾuTl"țGruwNtTH j*hڶp\?hjyK^>ˬ0뮴{q:`H7j+9RA4J~j2 gkp#lu轇rbNe*pp)@()Oǐ74k WzQhr^Cbz<8?l}9ZkeiC3 0l]e3(4Bǁ{5ޥYb> &;,d"h^à׾ՋA/^,Rdꝱ!X#'a":\ nX!apiDdm$'$A3 GYӲwGg$Y?.:3 % ]C4'); *'պerS؂؋+A^Ӝ&(ҥRl;-½h!sSx m̀(35ĞK1a9]I,(h~yE0. Ed":\•lB,(u2 >?8M;9!@`M 7 Z^7= wQ)G1WC@~\F QAY%T +jQ%)5Mzf5q$Ccc$Kus=:H g sS% I4OqcBt6qDLWp^Uu8=Jm<壳Ptc_ӱTA#A1dF̲胙ȓ[x:^q8Rtڂ)zʣ[:` $%iAR%S闡Cpgv{m0^Wu.IGm=Թ KޢWPԎz1[6\E*Uyy!J>2-q#V~CN[.֔KЄb;xA@ԙ:i F7LA\*!K&W4.PMaS:ESԀInZ՞ca9k/lSֿH3޷(&:BC +d&E~zHϽ.N۟he|$"Eunyi D#GHRa]U$ʠn*#SCqwN鳏$-b>SW/qJ2"_>n'?6a9,7ZptӜ>߫|ql plcsN l?? uo?>kCHUg:xW?vGJ& LFG2Z{K $q]ܓpyBBPN9C4f4XPA9Vqn-!Ʌ+B90v> u_kڇW1 ڥYp]f0Ź2w ?Xv"q4An.ԐՎ);yq6a jwfxK.Mva9ƒ,L!#$TL jUDOCro:?p\`缤u:TF֭Nl \&I(>r-fY'B"kRvv^mH‰g0tsٳqغTʷj$O[h iV`Ԛ+XQ276p}@p91s \?ɠ狜`[]l fǘXrޞ"#BXMm 1ŀL!bh 7K8k;.nl# #aub Ew{fܟZJ$/]XOȕR8a#5D񏭐}!FCj+ $j,dVW$]O2#gHvɞ5i;Şw?(%7zbhU/ƅ`8c[$5oM `f2ϫ%OM-˔+ ( Eȁs”\ h?^,ǾlryLQ_K۩߀јMPV!BM6!L|ق NpH>d@jA=CC䉩=%tSKb,l~6={{rG3M3&$tf +h}ٷ!7p`bP(_]}D+ݒX>:!7|Bo=yWl=_~9 n~F7\a^N*Ϻ -/,=p>ff`m̈́n(7uԎKB~r8/xjd{!=׈8iJE^5y&P].r`,KNB9V1c#D͞gF ֽtE{%(n˚T$֑] n>\ٛٛvͮX NX EϯmVBk2`ye zsx‰8KWEPvn^*rޭtĽJP~X tˬk(/{Kx̿I d7^ҶidST \B+j(lMhu%NJ/Yũq5d(ݶH4[]B`ҡr<Ӌ{Nhe#3f7U1ԈC3Wye {yP|RE+ȔϡKYQ EʝT{ 8 G$`_\(=GALۻ"7eJcQ/}H}7xWt1=T,Deiǹ>ČI ܘ9cb?o>R;+@THY3Yq1p~RV6_f燄Uߥ؊3ijW&ya%y09h~cMg3R+dHgb~#_BBT0S`}]DW8~jGd`eYwpMiߎaiHMV31I:s+V*PSS(1xF5-ȁ6)?\O\y[j2 fq72vwXa/#n(:tIr?D D>?9f`>hDG0 ^с@BgۀS:D\ 'IyZf<ל <5ZxSx_ .NJ,qʑa vS&/"^ؤTɹPȒ1'ܚȐgg>aTLg-xxkXy9x[jS] Q=ӷL 'aĠ7+e~Ft<4ٯN1,Pկ1ΞDuٳ/g %nK(ԏ+J"dA$S mwEד$u8DxOn)GdrTqoR)v6zAtG$ ֏ԆV<7k4 v{@Q;݄Cu #wKsKW\"۔ؘkݣRdDPy1\+:0I۸Y|O9U OW% $H;G&L y*E""GF#+<13w¹ARE &}H̿ &$..O.5A| PE8tQ;ARE|c$lA~Hw"z[>%%.h-Oj"KR pO,rrXw5sFe $F ,Vd^좈qb=L\=aYn9:vS3jMXGŊv/rb!`G%`wi!#.xlk5 m.4c:btB/?B#$!@{:EyJx=/7S֞CVď`+N cJ7v<;JB `I#nIo[ G?Tddզnigesȹw lR:֢)jR-Ơ=^ίn,F'ud{N尷hҨ.{څ70vskb+-j=]b^Rcn2Y|$V~smGѕt49$C! 1H|4[y/]3"$c7P}c&3ck;0Q;3UX6^:o&4pޗ+nz/H|}+(!-l!R~eDc)u{"Sa9tN=|#X]j !Ӡ:w Y|ޭv'tqyGUR&ܧEk|#CVNZ+OI*V^6XEzVXtKǧR? o:eT&a&ŁC0'_ۼOg$4C YL̦{&|]C,dr?EC7y=WL:v)(AVDa[53 {m-&>40hk)4}Kե d"WjOD,7vC%#0!ji, wEGnU ,r7"A'5؇KMxv7QWS %_>Ij~4$x㽴=aN'Eنy02AY5ٍaȔqaMkwhTq}1 r xr9vq'85[A/Hw \,3ԅU-XPbg B_'!Geycn/7a41Im`ì<ՆCɔ&@=S4ٙU34HU Bi/r, dzbKC*G)hL$eQnDk2F1L)bd"_M] QL+tə/Z!Jd*Z!1^ONgJsL!miFѐZw F\EVrx*Ǟ#p8>ū=LժZmz"sKncirabD`2 [@j:pcfՄFb "0D nov&m⸐w?z2(ѩ?gsfXݶJ&> ;Pl:= TBʮwc_BPSW><$"]S)!+eRU0>l XuйSbp>;gVt{D/H;et1; qmZ7n?x[J9 FjbeOZ_=ϕ~ 7W՟)Sk絚BӺjۯ,MML<<Ia ApmQF+g"Jh}-~/[ܓœh$G?d)] @NT nVI51 ёJG}cIvKHU>gǼoa\PЩQ3NJv=ޒQU*Vhe/0%1X/'*:2vm Bz9';` hާ`҂ICJVȱkH-LɋcT`sKq+ᒢ >Sz 6lM3`j|'fo''12tf3G}#+g?Qp;8)"'Y= ÊDs+lԄ/(s98; hcI{[&O'̯J^uؑ$Ǽe(8fxLu}'˹\".$FͲpMjg3J|Lj|kUBèm͈;(G80tr!QJBjNr9,j!V_ dS׫Pv#!rO!S.lzձ>[ĊlN!iK~n myi_ApOsr%DɌEw$U>`{oASKߥ>mRUb-ƹ*Gbo)6}Q;Ƨ&2Y6(%wg9{<>DkN/)_Ye e3;ei[1qQZJG h "ɓ _Fkohm`<.p"Nu2J1_9zѽޱr9Sugv+R T~?'WFC3L|t"GWD 4uhU sI3#bUcΠK/ԭ`R9;QP/w{I|@iMu1޷(?ĕ /UôN%"~ .-Nl\r%#nRҦVx\$B,uD_FlkȋFضh=Su+)/< NpLR1x &H!IUm6 x 劣!/'BՀHyf!N/s{M{N*p(q08 {c(hծA"ќ%(y,V5J᎓ؔ:kIE2K$DN^G Tb&ԡ@kTo~ `c~E|- }LpXHz_oAhyq/2:/m8wJ]cs/GԨ!4NX-1mD4a~/<dH9hqN3nSHE: b5e"u Simb\fJP2A{x/7irͺJg0E]Q~)[1 LzSw\ʆ_S:-'#mwBRۤ$g#zw'"{5 c ADvSm,thLlMuN0b5˦:oHgV0MFT;5|ܙnf8l˴šN]Ƒ#[$|7 r!_!%sIz I'nCW&읁}upO5 | 7 ԠՒ>ΒAY G=׍s˂ wZx$6?Cx41Q Ы/Ļ$OS7S]x89cJ !U+^$[\_] H£=(ev7nAF'V5/nk F˦ ”9*DU^oҫC?^ޟW~Jhx@MWF܎"_{x"~Mje<N.x }!#mn;;}yxq/J7?%vV J&K+^-@CetZZÑ xL^e!W^61f,Lxנj[Wv^X|˩"0uA2ic GA$t>8F CU%lH6RݚgѲa12P`td>p@$]S9Vd߼dt'ꊒkS.΢Dhg84UBtqxjot5OD0)&:C)LCeۼu7Bn⡴dc>!)| MmBxȕecKn3YV \VV= g4B/B ü JzvDAmabvn6!뒏2qн4ZvYCVQ-+czh%jK UOhiҽ  9V3;Hcrv"?H5p~gIO_f,՝lֲ@n_ﰀpqwB &E ܡmw_tn(!Slen-^SOi#=! Mq%p,R)#~, #C*L`Rۄ!l+ `gKŁU>]hh O}ծg:fuw]X1·d'X?c:ׅVgY[3RitPna?#J=lkÔsW!j|/rC&)S_N%V◺Ҳh/N#vu{eLw_/rќdt&:."i 8YB?)5CѩW͜gpVExd„`FiD='Q7}_gfa9.*8tѠCKRk-ZC4?E=+Xw).:aI*Q*P:RJF{DԗaDbɞq t8 '↕%ۆZEV>\gھK&w\nĎ3Y%-03&5UdLHVg7DDY*89h9 Khj;O)0Bt*);7GE$ ĬG/Ki>S /V}$S p/$+cݣ:؄{4o1.`n 5;TEI 3olhΤȴ9ڗ(A-3E\tw*L^Gzur>\0J^?}h P:ِ+QD׺qA)VE_E,r_0B ;v^&-T<$ñx ޑO{%5Ag7\syK}==|_AR'r%X7odaD̳hy, +5oYڃsxP =qZE|Ȇ[?Z١eRa'6dYNLluHK;윋S NWP넵 @BV'P3 $>Y[4 !EGHU|z ~()[AMkaZXRftk016Dw6eK5t3U1lGO\#_Sh!`Hڇ*3owCnE:x 568z\YHɹkRNEo*Fd?V,W/K# O8MAc٥zt^Npa-m2Op\z|];=_Apf<ހBD]݌3OZj1UAp?y8pk(0h57&] XiC]HڝXlD&BZ]H 6fqC\suƧEvs`Zjܐre>w}9(wH+K2B?,/qٞf^N#ئDyǒ @ AMtjˡ@(Sz1jp mgX ]Gsp ashiNA.厕85~IJzDe2GP DϧUْmy߲)`~ )">C&VݙM(bNH5TH#Cفp͡WG+]tȽKѮuӇ~Oj5 @$&,j~3FrJVR)R7MI$Դz#MJ,YNy~at:sI@eӽfk<\X8gT1>65x@NJH%^s)cӁԑTb0J)M:MK]bjB "nFM?c0K ~r :e%G=sy2ʩ)n6EqX+T!34̴:c#^U ZvޓqqIsQ^|bӬ~ iV3Aƥg;+,W+PPWl{Cg'I&{(G=Ui9HPjZG r5 )Oxtў\CsNs0948E]/C\{EYdTr|7?9BZFubq[Ц"fګ~\eE+[Ϭ!HXH~,mPR G`^ȁtـZ1|EZaжhq5F "KNcp+Fؒ"=eh>$T5l׌ܜ[|ߟ#U sr#$MnWdX 1r]@l\Ev62\{'? +ۺJ +$%[붥D=;VZ,'V o\%Џ,}<Vmv ^7 U ]t&$ǚF62M_l3Ih"#[8Uf ġ{uy* !,0+oN1FH8vN1EEevK Y֝MeS9 xJ ȇLy&7[Ro!7U_T0~ TSXbsv6K0CA1[/=y!cMup1G+5.M⳿{LIjNP ?EAAà{h/e&>|dgnO! C:QNZ1MVEbX7uBt Bb'$hEaR|SGrNq+B_L*&H*:oIkR›+m^\-GL9z'!`CxNf1;[X4k$(T%,.O4yf#q=Q/ą'V< ]^yh+}.=r&`ҦBuxA-+I^u]z+c)bVVEQ56vVkZ^zT$i#om+X 8T_Z#>[6(C5`ehI30/2+>Ҕ7w﷏GāZD=?c͈׏=![u! 4; 7t67"84C!.ZGZ?|x8Gp%FD?$2!#ӄdb@h''Q7f0Q4i5K!C^3ʪlѭ\28`0D }89_PMɉ`: >$;caP7muq (prѸ9z PNl4pF /5fI&fBVk\G/W_[&rjǃzT QTh\ ~1$$HyݜrCs!Ac cƙ~;tkӊBJ~ W1yvRXFmP#3w͈k9)Ѡae`ȡE ɉS Rڶ@D%%Pf#A u0>תɰɇs6~qEƥU/#{;1AO QD^K&S4 صi.7\S!)#>_!W\Ov~k,4V#> #i@ƮwU1RPE$!0+t4{>(}fE^-S J^י`G\Э.xaR#.f4·3jufyy#Tlװxe3Su"&v<Ǟs$V'XV9+@/O U\{ Q}2pEI$ \qz(oAOzGeBC⢏ţw"GwͺÓNڴR:T 8BƿhQ9Mf$V?FUY`m+seȕqf$vք,\Ng牢?êrQ}/o3*K(ZN)rsE [_;+YNr%mQVae p4l Ɍg)!(6^`%W==BlYUT\$q,{AҢ@gɏB?{ck"r7d?8Q8r$Җ%SLc6{R6v<`O"X0ƾ \sZn+8hv8 w;j`3P%K_y5"[JA5`S{Ϲw8z>訨}:L :Ζ=T/v]5)l%cO&ZaY䲷HMċvEڈd@՟3822|{]vo`#=K\5|d ga3"j)Rg}Rj?=NC0- †cIr*;i; (H V?( ~A6iDLNJz2S[2fک[h'I&k ,q]ئvi{2# 9,҆*JHt|aP,u`:3q$kN!bq%,ޑru ~/ʦ;b^+/rezLJĈ $qhk^ϖ|Ďe tѳm^՗(A5l ::eE"5X+_J8 *kZU~aШ=c̐1bڮ^`gdW?Zyy=k#U:`r!W_-ߠvZ—[kGU^pѕ)3  `|3._1޿%JD =K9(v\X2ʃ-qx4 r#YSo,25Z/ܨCwΰ@D <1=ؠKcV:|J>̯via.DІ4tMZԫV`r]`4` 6:yzcW&t]Zg[ *–3`F3tfLyo(rWĴ[3e {ueJlL(辮gQ`qh Am1vE6ҳ5JYϟqABbryđ{ 7UT<^Eq!Qyc=HD:jiT ;ɣFwK'"5i Vgh"qg@Ԛo"x6{xP^6Y|mH$XDF/VJ'YsQS$KR˵'m{aĠT:[piem qpY ;HzY|BЌp?7{= FW\1n4' sˆ`h9l}<~4FD  fɶ؊7D:|8? ЂdspNz`Bk'Qkr 9m.^%~66KUA~CS3@o1I9^e'JϕCw먷+]InǓ/T!^jY»? UNfm[H@bKdzGYBF$[̻x 8mBMAFQv߁BG/ndv59B(ҥH*@Z|%(셕1hӲRa?kwR9VW^ 8føiAZ8d"7Q[;$Ӟ Tډdž}vbss׃fBSJGk,< |/әeקl'(AE;@hlxz'"tcmg4RTLM9XF“j'3G T}UѭchH4 sΩ}mjk\y4+~jY:vg>Y- 4*ޕCAYW[˧TyK~Ӏ!i5di2+03ф3}ߒ5B^ >QmG#ēkqrXxlv|MoJ<꫆X` 8wt;6SQo oyW>×`RNxڹp}@;gt433*;QR(ţA26DbthSyrGȓمDܢRVukT+Nqd ;9@ԬoT7oc[;H{(zt >ma׿ꆔ ,I%ŃCї+=5:ፇ o|lMeƈuX=l3cTc!3&@h4XUL] a vOyiϭi^۝?ԩ%Ήm=ܘ#aV9K擼ƴF+<_Ω'䪊>vxPH?m %h Fq(52^ YX#5tK0-= sB۶FL7 3FSS;DX{>i+=^ {q"M\p]pF COJs&ro&0u0Z?ݵ7, l5ܫJ%w!y"Ic$t/CƁմ \9ᎏ#clt,t4 9zb^;΋NK5.|P ?B>a$][3?M5qG>Ĵ$t֞{े0ּept !pU{=T'"q 7HeZcE[AqE)"(' I7uF@_?.%?+( ,\DlπjL-_Yo~Yt5d)}ڸ0 ɻ$N$x@&3S|d ܕWKiد+5#ga5x{6ĩꟃK%U\sӔmk{YߤldA\B uRtvm.Sxb45BqRR/.(`oMl;=sW[ y;C|0EWBmQ,HXWh(05ʲB}V—~`<8غ=e\\B ZK˘9 /BGcُTF-[Y;g]ENj))׭rrC3Twͫ d%pcc̶[M?ܐc=e`EnÀUmh0̠&@6g*o٥4yPlZ_Q5{v L! K=~zNOb.Ǐb=U7ӵ[FS.:f奬f osmN"l!(hǞbR?tJ~EψQ+QUYQx`x[;u5}vрʀDϾ!Z>w\BFn#t-U\X?CHļ:VKYmMyUH@K{6hy]f^ nnaԶ<WV3[̙; ǵ-(a 9ef"3~0\gàs4ߝ0.<onE??-׮nu<̘n*=x T_N%{~_Ԇ2@!|EzS_b]w ㅃ Ʒ)8KXtnQ2'V$#YMδ{Ʊ/ O-4_mW'úyI -C}@"fsuL8~|?m4L؆37z>Qr3Ok;Kf;sEοd}|܏WC?  bwG{}O1`xk`PC#}Gw^,+jW5lxi-Ï9[hT8L h\oz}閻8w_rsGV[yBͲt|h3oWBZ``w ̼鯨J_n.м]%X856\Hyqq K&iTxnbW7Jf$ny' sxx\g::cĽaՈ '@\$BJyF ;q8뾸y5轅$fl6MZ(-+l,Ѱ B؋Uf l3 :2e1X>:'GG#&%F⾝Rkk4'u~|)cH O{~&-O>GS7vBqsWS$Q?_JFO&˯ucE!-GW~Ub0?{SZ6 \ ?O -?K%y'FI12~ݒU3eK]3ˁ8 Pu-Áp=HDW"p +r xo. w୸@>UMjz7j{&sP e3]3 Z ? Eڬ2NOEy =4.Nzzfyg[0 [>(G'F$֐%ކeY13 6b}d"&Ѯȱ~&ŒW?#{ĊLșpTAb~DB[;mYG̮em(S^a( t apd#0,܌5&34Y)ZV\F+VaTDv(+?C^^m=jCl[i'*ĊjƿF d<>(c4Fm("QWuA??>DA%pWK2/nZ%$Vj@c9 ( G T1a3,t^rZ G:5쇵*sPƧWS߭ӹUjG&Jxu{le.vFNfM~$ATH9iɎ+SĴ73{AqlnS<%yGʅ(OJ -dR5:,9a-g 4$PIh#AM:ܝn#ߒ B#6U od:= Qπ3.w[buhXઝlDGc-3/D6 ]F4SThj30~DVY8VƐHfw"-Yc@[SXd/j]UJ0; qbuy#yPD>[+QȻ\:PrLbRɡ~G9^.T#f$%xL E3@2Ms>A2ς&.0)>cO}` 2jpP9}GB"+ O5_35jStmyg=@4)ht w;{[קr5']ϏmCZC)$d3.e ?!BusiӮ\$^- mә8/2`<}&mUϽ0f78]]זfeVh ah[_EU.Jq [MΚÂNAlD;<_Tyݠwz&EY; W}kax ]Wsm 3`$=;\|D(e ?4s w  ]j\Kc^-1ì} M5+ѣbskN1>XAD+ }0>gFJuB1 dA #/aB/# =2JM}qqcqA}Qӂ$p22p)+\gnT}O8&d,3U?ePy^Ȑ+e`}'g*~+z#Pm~PvUmD֡;86Iu^yynACaM`dѰ|;1ҫ(_ބtTRzfngsEJ3A!*j!e$>@/FIO8"Y p{Jjux l(oX\SqM kni}}vuzo;e>N?ۼ2G@;}rbk4&&(KXѭ>zrALrY^T4%M,e0ճԠv!^-:Yr@Rg \pzБͼ\11K(y?">v$.| W!8Ԯ㝏mzb{\9JøgJoW8O 3zjs8X몞P3諷b%52եxvHTWN="nFA5,,dfOlℛQu;ϫ%(i _%~çnθnk )DRy{bL,q;M9DvIp3Z8w$S?e CP ]]FT،]C 0Aůr0nEב AF!̶[I] ~򛺺} ty45sᒕ?G7YV!!z~SSb1)\wUfI#taO/nԏ!z(SXsm$ZntHtn򜉮d&pRCA^%U YYqߪ:x؎5g{b%C{ ⪘~U7e$i]Hi%ݦf%e#^)Ы,4"նMSQjm?#3=``I 3;@*U!/ 4h`| uerF3 y= %+S|C/nqxW_ǯ>Iq(`=@c+{2/DJS$YHR%PU\Tk{ruxÐwf]l QWދEq̈s\1~mF`tmwIuU#mʓ{޴(yt@YSSUO(_!UxZ UtI楸F0I?QQ<؎#ܶ|Z 'm:$lt:uNxokeVL܍xDjNk&QLd& 4k6Ohb)c'3h 1 Aۇt{GU9m{+MBh;P(!;٭luJZ4MJ̵XV=; \|&u[:YhLzT3d{-:|7ȅ-Ym`r+EZFJ~.: iQlz}=  @G27XRD%oڑzB߹C(LIvnsGUH{TDҟΫL"ObJR SwU;qhm9Z DHB݋)f6BKg*-wӱBHeGYxZ6RPy}3y4NU \@˼OǢzAW<t?Vu-qħ;hb( ~{I]~^ĩ[1NV%u& tYb5K”E\f~9)7쬑)^)+ߜ6}^"UY6[#'\!7jȸm#{pu2%l켙ܥ-1&Qr pK%Uk<75})}]F 3# 9:RΪ|J])$P7kuzU7Noe?JL죫YQqP!SjX=@ Z='SH]!5Yݸ$puު@.Km/PJp]Hc-j1#:gśb^E812YhvűsV&q%r dTU,Hq).P<:Rg!q Ȫ7-Q41 /,/?K$:ͅjbl|@D% =3 N.[WҠ@Cȍq _ɵgd쵤^ID&o}S,0>9,&rLZ;Fngr'glNux)ɽInJvaJ y> ZIrgG%/T,ĂS'^>&͝fC]qd2N0|ʭ<Bz `ȅ|&ulo' -|EUw$!u ʪ?-v]yN3QW Ykg uNɇ YdEĹn18'f憜XoF 'g}-ӊd"n|R?3jX\pfQ-e%*4Kw|2CUQԅ3$mEy`# 4?8k}Y?+}Ǭ*l'ޔ3yyۼGp.FCPdr>-zub15 v}:/Һ4Rp QFi@%-yc?=ȵIIڴ cF3G‚-k 77M.'Gf3'_q-j54?1R¶Q5I%6V()wX:ﶂI욖a3{Daze@G >gs D N V2~]<]o*ҿ1`uTc|fAm?Ǘ7߄@a*'kIoz< mdt o8Qӓr1M|潙>u˂3R}5~+0+˟1=eA}Xmw Tt!Qyҷ݄fphw|- lXd{2H %{yHCh<(u4g;N @Xp߭~Us?ۺ*qì K`pMh+9^M{  gŚhQ-B"|]oNlu-WK: bt:e2#L7P,w\4/) KhkIvOnJnٯ; f2+߉P^]GǷgiBc"=672=Q"QR~9Yz Vr@'?X/`)K\bNKu!_?} =ԓKJ`p瞅7Swcx|p20yz}=b7l@j5/HDQBr+<p|hX؀7nѮ[ kϧdL|V0MQ7# gMVAY,7Gn{*.j XJbu$j!u- EēR[>qAк!Ҟt~wfaDF`!?y+MX z\JKEmFh䣛UlVY -#Y\i.9[e?2W@ԢNqW'tUkSxo2TLKtP_(8\icS=Y%Bs.RšT4̧#&N' |XPfYebt DE4UHA'C/ qyy=@ڤfԛilQ&mǐ<-Cpmz("F8T}s`{  ы\G}}%omF'P{,uȦyF ӷ~9 &auerз!㖫/^8;+`Sl-]o&@c;~4VImuՓza ܕwt>>I2`e ha {!MP|l;G׺q&u w muEu/ QOyQ~Fx[0{(a{fB0 B^5 Vw6 Kdly }=^ iSM I69WKbp3hqo*9}㹫Fh.z y9.l;#6v;.%w9e:D@s'WCYott_q^jI."R^T,[x>lj5M"=/,)-FD㵸6^lo&`LsЬ4+rEЈ M)l68o\P:v'{MlZY;_IStwaZh{;Qs?z 攏_"ΘTLc mtu-5M*V{Y=U-jIi5$jCu܃ɧ_IlWpdZVnZHb]ŕ:QP?ۑ1Ϊto%1, } HNFV"BBoR3Ml>BFب8|(0]3E-I92S>$6]ƃ5b`\ݶ,>ƽAWԱ!NN3uEUh a ۥ%&~bׄuz cL^ɃQ=9Tt >&% V:y^2|^R klF^{A6wWڛZT ^&uf&Am"6-(DaJkv誫6_,E΋Yu5#d6CxE3h[ɔL.(Jp`~gJa6l'=fqGʆ'4eg`ԋT<?w|ރIr{(fszGwRqEƭ 7jcs-b Cֲ1W_r?; ^B/i1p&o2N>`r$X-CȰeΫḎ DRNߡ@{ͣF 1łg8bt6\On(#TF"+" DE0@׾N t#GF/vP;b(#8膽^s`X, Q7y.PHb Kre|aq_-@g81D ښz`_O]ݭԸxTNϡ0 1wpW8?4 #'Xs_gu8j(]5Zb Pl #`‹Uf & ,r+TH2_z#ecqIbdVMʞT[/T.[%N ;Hy FjI,hJ>-Maw|#' uRF ]G6fɵ7;.)@^,GyϼU0Xoܘ5VwBzli?&.l0N:ʿa,{AF %6Weo6eY%77VONy%O g_z=77] N֣-u_IuڕxB38XDL}N{Ųr2&_s },L;ϛzEɨ%\+Z:vӺNYx7*u'49oq"4Y}RMz/e<ՄfI'3D  9S;N_Q;puWv;4A N]iԾ}ʙ C U~jycMf1Vj |bG oBDZH]4\ooJŒ¸BlTxXhIYhx\ȿi Ѹ+N{~,?)*1ep8>,"%yj^,gKrbOR~"2mwc A/\=M!pgJ D)Ux Pl(Z j[o*0H/^wFL̃V`kMzj0,j"F8W̰n8,977NQTXr9*l6.idQpʕ0ZԆNri<Ȝν.Y޶.OZAJKiV5zͶTfeNCgF[*M}KIyHXS})h7m!ؤ {68%P%:fգƏ\ vh=A *QK:K|_ /M%F-tX;QcıYIyP@ _9ˆ]s:ϣk y#s6lУmH}8JW.z#܄[EƟ"L` Q1S=##! "a}|6vdYYH߱PI.>.i6Be Van|Z;b A3D);\ly N UNaѡ9hdkSrDJ:)+ 2uFs ^ʮ9ʤt9H aDPw<] wnX=sC`⃐*]a4̎ޭ yMk IK]dC:ڭ;α,_>Pu w('2c8Y6W=<ANݣ 9fc s07s^#&"x[1)){Et@+P{|p0nXӫt|Q 1ח݉ aEw{}b N'X:y? ZP/]>ہbG=3p@LRz/+K\N)ҏU9+5 |?Q u|nDUus0> <6͛WQ):9Cʱ{rc+fnk(RF,g(Njtv łHxWҫ  nbE7a-Km)9KpC{Hj101@p1E<84;iUY^3`-DnTKU s 7@cPN\ k}Dv帛gIx4 Udq妷bxfo]*T&I2?Xd"Jev2ٓmqpJV+wL9Kn}<3]LEP DC陇 wL ?=iG{P2<|^zxB|lV5R9ڶGУ`ϡF|P] 0V7 ZpT0j·YᦾSn,<\M1"\-sY+qǞ2iG 2Q=07Q#!N`/U-h2l[4m++eGGb`\LY3q,cY4ħs6_;M̼\aQ]w^xFʤ!DѣB>Q`.es= 1bJ*t-kIR'i5*BSPF2=?/PEgr6`eYI$9ɕx"Z\8谦ߓxYBǝȩS1[b*hXY|D;l<,)lLϑ];",` dgU'=e~ tU5=b)xe T0c5`ou\Xg{ i `}E V%8aW{up?Ɋ1A}ۡiG0@*7 i;K7P'$؇'KʛmF/3Yh%X 㖚:ԩk>F݌lNL^%L.+Ch1/BʀDc>f\iuk@M; mp;TLMb$N=KfDeQ $~^58`ےU߈67o;ZLf每l[0:+RyyUch} A9_h\5t8@_Aٶu][JSF&,t17dݤ>qAvRa/sE'/B b}Z- K-eԎ! ].QV@lUN3JYzH͊@ v@Nt#lhU)q|*ratK!lQ*S@{]|r݌!d2o˲R3p벹8AϨV"K8QX 3լcbE\yCzi%xRӌAx7Ё?I8@/!Wr:{}Q"bƍV\!zh܇XζK<,| gU30S$vV]վgQ;S0l}() BUA\svz5$o|č8F@U5 j: %$\*FiOPVW= IN2wr̯l3k]V2Gn^FV$] bQIO+X`sTťG>": `\8_>Wb|~?~ڟ+TԸlǹG{tA; BZ$& ?ϹkI=΁a˶rn]L+0 `JES0Aƥ{a2&gG\NܼF[̴]*k(eV;kI|{Tӣs4mN\lj<Ϸ֙Mݐ^^bLTbu ]:l١LC.DIۍ9)(*^jKޔTS\BKV{ng̟q(lxea+)4g;:?\m‚{p L.wƳJw8&7(AzYL߉\|J / ߘhE,K96448IZ袌L^ Ϊ%_J*Wnk:N^Bs׊:@OIRRA۟F+2=[p#W&z).ga!f~Hdb|GU"cs"A=c ܳRN%v+D>y3ev'# nYFROBn ZڞoOrefG'U3Ű)Mnp"uTQFW/ۻПaD+oQu&Wƶr+/3ӟѥTs&{_R $ZDvSD>P j@WWGzo^aW #,{wҨ yrnF}FWN5F2 A*cO]/0%2KMrةs+{jnpIQN)3 1s9-)]d+v߈5r%3us3Ƨ<*ⰰag e@81wfėllDt09R]o Ud̲~oVVF_`ʕ;u3$Z0򂏁˶`7Z7b&-Meh>oGR(vÓ8@P%=omfls<_sL? ,AU>bM:iA|4|C=*dyB  U:Om &q'ILI.ԎV y9*yJjw3Z$^Ԃ9G*KΚ\R:ɩz,CXcI3F \;\g]^D3*qxf%JS$dsJ'BxOcq,rmbEad8DR*bMhaLf^:w?V^qZzRZw%_^;Go/z:nGSBJlԮdV~ݏʘ%$#ܧчUas)F%RN"YƓ'7-b ԗD"oT{lϿ؃Q߾Z/?-wa81ʈPm:up7?aŠ,Kqd}ޗS:"ZH`aRnGmO/eXVg|{`aeK$>.skPkW3zʷӎ\BѷhQ&v~5ex2oU: ^a͜(K%1'jK NO;M7!`h|VJ g1J,!عWS%-taSfI|SK*H_<<*]u .s;sy|9̀B ;-1[&16<"@[2mRP$޻,\xkօ:޻yWջr^aU֮FR5hX E'=S׆=(-Gh6?jm'A7k6 5r-NW c_ !|਒8p9"v̮`,ZWBͳ0`#jƢ+AGןK?,DŽl<#l RᢄF=rV5ۧߠK)mB@Ѓf}WYMMHsh_NuR~Jeŏͺy5p(EtW"zؗU] ,x HGx˰igf:)hWl fl _nDLBT !LQl9z@nA 0փ^J]1t%G#o*k( Aw96)Hr"~׫AF給ȯbtEZ,zAޤD)Vk4| Ky0*,"棗08BC0 1xwkn6뾌i;湦a&)2g&[a?GVGAޣP'0fWoRMiFM]$Xq!OWL?wYj6j}x3uxo `vQ'Yq11SwcNz*N edp'xNi^4DuRA,[6\6~}Ai}&FKQ6@eTo!E_ bThgQlKGkH??#{c,/3HflPx^oO>[WoF\a_cfPxRkM`% g܂#%:scġW[p;gE}-qR2j)6w"!%!1>//<^A p ЇR F(+8X+G!C'GP_ceXLD2>v3F❴@!7%3w MY뛄P(7H–MeYՔVh$uYx7soL3zA*M] PVytkJ (,uGy{\w(nr6FW Xw[ȀY֏&sV(\<Ս /gphMJ&@T$w/T-uRMT44gXOȋ2Tu0awI:v%cWG=kj@ u!~͇Q[c[dHq]K25b>1hD_A? #(Bѽl RM\1Y]\vrR`. q~!Q0> #?E9IXw ^eRA) s)ej)OaJ4\~ V.蕽;z$~TMv\.v f)JPR  &tXgϖBF(v[;t7],A՝F8 &4ݯkpwNP>痌n7;Ax @!-*lZ<bC PuQS. `l?=N$.n*P.g!1lGgW=ԛTB7%+E\бʿeEׅ:  5JQhߦs- 6ʖazʑfȜib9[Gj& p5K{ϒ3xq[!7 b=$HPQ3Fܪtc'iGVT fjə?f6r6SPsy Sj_W()\Thw5:^+)6jd8P[ts䫥R&dۄa@8A؎9#{s4zxtFJ20ɻϳް"~7 # ;-j]x"O# X9Uu\+㗜 wCR@5it;\~Qq7?G iI )}^JspTqXoK]bi#{usAAzFʲ-ARlN$ !֍Lލj3 _D2щʀx~2`9A Ci)7n<63[ayQq5^wCb8`QwJrB; W6SngP [ gx¨~%ڦ)n$gֲʮ W;dxI Jp -f\ F{M[ooC#!phb|b*}Qx/۹9~0_Y=:_)3Mol j;Ӄ:5U!&I#|xL `}wZٳ4:+[8aD`Okl ]e/wlTЌ֛ ˜i 喺%~ &/pyo2c;ix'"g"Ͷ>{2&d%xa-uqQMVPCwI(shh}"=Hw2AjZq|-OݍLB@h<] x){2Xe8^fU"'?x2/TJabݺڞ!ܜHl[#'? t_pm/LX|mb),U&p^|`la%oaeQ AwԒ@өʒ}V ?w(bv;>rxܦM}u5,M@ή&&:L#X+q:wK/Yc? xDw5I,^,->Nt?< Lx^6i>=(zu!ggmO߫ol!lBF].Pm06u⳰HFe$&`߭4=Lmlnl1(YU¢CկOم}udEy5sz5/-xhh{S#0hoKӱמ<yjӿYaș+hTRoQP'36Mj%ڧO8~RF'jLj7zUbڇ{׹HjG&GFe8JJm'iqx6PFη%Jƺ'i鼸`'*?V}WHJ{vz5tP/`#8G-I-"6|r?[|l K.rT,R'l2PN1;{5w4 q5Զ%\oиOdj=*/8?`&}R|7N5t"+v=&RRQ0ՎЇp dLžoe:z_y*G72ʏ'(sx.+ҝNp*2~^ :Ha>\ƆWUgfdy߼y[/ In <#g2iFm(@Iv ĨZz YZz"PAT`{؛a/Z#K5PH)nJ.4Kslj2%/6tՕ҈1lRv-xW!` ,rѓ Y_wdDGvXLmՔEo{^->>3^l]rpNyFꜮ rvp3^,CuUCbQX]{.f+KnfpE.*3hKSCeЂpgWc%OJiwS]ІRnJz2,b;,Qʇ)hrjq"1,w5pSv1n R+끇WdXkȽn/: Y !خJS!_r,)~ ʤ0L/%=vV3z e?>~@XKvB$i@dzDW2'z IB?i)6͗ [Di{RvzƋ]BʨLb/RB[s ŽƟUE*T_٠ Z\l@L'RHDc|qmin`d a&qk56Xͩ EV γQ,>JG5v_P`R DMtR5"EGBuW(jLZ& 媑vq.F B'짇eY{U8R=mMھ-ύ\?ҎVٚ)\*0+q{~~1xY_4;GvCQSmi?oiWRPg1c!M&2pi/x̋s !ovBk)p| 5ɇ3d}rJZFichf0:lsT~@hҐT%oGHLm BγpiTAԵ`5p0ǠRj+KE :7=6[4=yPOzDINʡB)9*-Y%wCmNR%N;NlT{Vh#@;3r +!j[ (橑~է.Σ:Ք!\yxHlAE`|PD)4aTBpe^؇%1 `M8x0zLMn1?הB׊ Nhӽ+P'nf8'E 9ߓZ}VS '/F0:Bf2d*@X\s/{tLdmT8 d"E,50j7a;/jiZJdiɶ5 itHTdD"[6*Cq˖y}8ՎQUzU;&l!Eݭ"HA2KJ)S/x;vg8 qr7DJο^Y @'D?%HL<,Wf;uK$ggGg;w{$Ph( st?=И]]HKƩ>0+\\рauP@4.'`#ӝQk4 ^XE>4/OTO~-PtiUDy b^8RC_-Z*^>y)KZ -(Ysh_/%Ola'ܼ¼u7B[3Մ{nMsf8}2s(V? i˭ze=F"5+>r(~/ $Ekꗻ?[g!ĹJ0Fg R' \81Mi6_Np .ojd3\Ov5ܵ/F'S;d}PDq`sӭZ%~-e98oLԆa.%lEhD)f_2Tdǰ>a0;͖qYPZ]j 3c3."DITT_TV@J8aE~[k \. 2f#_rVf )-}&yى11HwS=z&6YŦ=)ؒJV)-mx55 )@Bec9D: 76qD6Ӯ-j[(TL[vܭ7*D${C*]kpk:oLX%oi5OtƆg ӗE”'%N6sM9_r7K{x/e7OdBٜJ$tCF~ԚX: =I5'ؘ~/÷- Wq%%rrw P H̾>FbsEEX(7"^o{i`Oͭ@s}aL)T̺BK̏,zFbgtIPDć)_:Ys)TGu򵼦 ʯb{X(N>P-;Dgī1TvݥAmm̅X.B?ouF ;*Dƈjx0aèS>\:L ?͎ظ^Wg]єDsIPfP-]gd%"Az[2Zs\388ZwI`*0,?vJ~DHdn0ʳnzSZ(d%bVc-w94ͱObP%TNi8k|5TtXH:(bJmmg4 q5AE${ax\[rcʳsN&gIȈg8^tӶQ`e, pӸpWxH 8MdL:^ſە3Ib]ihk| 9H#W:c^5 DJDx\UV;0j];/qCo0L.熒%WY3's.aZY6ޘXϧh?Ep5*_o_ w 'JMyYޫ'QmvhE{01[Qle=?p"j/v8tcZ|#‚^!U:t ?ô^=fu.fUݥ!kOTM3 R)ek+38&dk$cǣ:O1 s eFC|qT ԯ7x=H"XqTgK^7vғ?H1P\ B ayR ° -h-c:MEȀ_{Xy 䗎f_60L:*Gq;Uj:9 aR/!n{wD4D|s.)sHO  *U6Ǎ}m6J 3K_l] G2C g%R]ȰӍATaH dgI>n.")J lb{d7 X*{7PQi@2nr x!7}eIa - 0+ʷNAvLR5 YC6TLR^%" @(d*R&="r5FUtɈ;\Ɓe Q9&q< 3©_^&,a\0sc*CW.S㌲Kn'pMh[zҽ46/NcVjh渾L/UƗ2@^;H&=&Li}#/ ĭd8oIϻP5 s 6@*}'<Ǟ&tsߋgAiχNF|Pz[p3}3 1E̙*xcCq2rlA,Mkklt0b2JZHx; % n-g$61m _{dLi&kG r[% Hw O*v'ru K` m{r ېtЋrS* @Tl^f fݝ?1!3oqum?wV"ymjY HR.;GVtIėڛ". ydY+8񙡎wJv2 e>őI2A B#O֮hǁI?bP jm2;/D{KO(+룛:o%bE+q> ^<)aw cO@=J 3*[x}SNIqV^i6r c J<0Q H g$kPƳkd%vނkt'zJ N`({֎CzR# ʔfST) m[̙׌JP|dĦs_Ud ift͊#!$7.Q k@NXa} /+ݞBJd!kKC[{k&5ffth [$ۀj$RmC0n0%O~cHEK1~=Pp=VV|yDHE83P1L;(,(?g([p­noY& H/rm/QJvZ!:<Geo.N0%=)TcqM%xuVw{mA>gzjaKs|/+w>0ͯOF^::xu?PGfO87$GS."2#B}2Uեm{%0:~;aS/2y P!]k~[=៿S5 `=>N6mEbxFzI p89W ]o-,o4ND?b2?[9 &bc3vc-NHGW-)MtӫQo!P_^O?Eׇ#H۶cereN^n;"?=J*/#281x,7 )C%F偏QUvϨ\?3EG`*nD_`Tr'Z╫6&*{s[W(_|ybA?#8`O"U\{3lCK["=ֿ<rd̏mm F?1iS)\\" Yܗ@%znI=z^ֶ&+e䑻vЖ9yn8 %y |, Rʬ@+T/úeUsATk.b7/ƭthp. B v_oo;gqI+PE,;b{5^ݺ]0#'T1IU@.郋O7?O0۰L$<*UN3Q!x4VYΕMĢnb 2+hהvX5]GC5垲yq|hPV48ʗ,j/Hڠ"xjSYhnwcTu2?AqH;/8mn.ccIE.?J&8]_.VU|7 T̷ǡ%7uwlNO&e -M|B!$RKt=V{>FYhQ>i(.1*З%qҌ4yZQ]e:#:sFQ:bCT-標2o˱&][5e1:v9v= RrH•vq-2 )#5;A/K;ۂ7Hʷ\̉v^+9mmN_8{hϋ6jXZ@ V1 NBBgRO:~[2#^B=A'L{ .t85>p>7L10sUo/vkig7otA~zPY@)nT|" +7G]);ٍ{X$3mKQ'-|/"~Nݨp7)l{o!PfC=”eMm# Rl:ӣV-xʺ NP[v*Z Uhn f C]ߺŋnf')LMܨQcp0VÛcԯr%ivzʤr_35yA,9xv@<;%-_7 ]gĢ8S3L/=KXUAd9X%vc]C`}!Cwgé&oS{AQQRPܘ$>=?.8cg /})h%1?"'EoF9^$0@Jϋ4xz(MeU3S"і3,,M?>d"=A)jmfFhm~7%)lv/[n/[.\zvdzlt`KyC ͝pLaUd ¯x;T5/t^\Z4mAh P lد.AH~ y9A{zʗ ^72M3U [MGMńBPrK -L:Smqp4ĘFX'z 9`!nEzSW/-Ur!X_"T61G_(E8 ? &VS1<=Ț\oW#БD|Hԃ]gy ͛FTPgl^(h8M#ζ\5̻:dgGOg#$'t~8E*BoR+ /2?kc9"ox]<ȎF~eQ+@e"abn/! tb]{ ] 5N+-EOՍJ&=1.aᨛ#䱨=o@ml~UDJIyǝ|#ͥoc2Q52^쫦x 3[ĉja #Cm>R' ( h-,KN29(<_{xV݇s QY`q&\"#3h2%y\VLu[!ׂ1iA<庾Rn.O@) +_>~]ZۗyS]4}p6_xpKܝr1TR=p#ܬG&?8mN-Q´A']~aQ^XjNÃ*Z+7{lnBfeq?)/nP~lC'5}9H%Դ٠Z91[RH-NEIoquzsT<^ oy}_.٤w.Fno7wv\Y;9.~?ee=4ʢ@kJ H_Ԇ(.R0rN,Wwښ3"3Ƅ-2?m :cx5)n(bOat_e|3JrcE\x7 ^;a'NkSm|Th]*Vipӥ&[csIc U>7W)lIh!ِ+%u5]6vYSr. L^%a8)PWgRw*C4Kocm27 wth| }֒ @#ī,tb p븽M煚Nʪ.F#00gTRO#848`7JT6J $[wńc42o>f,S?j0J5fy;pZY/٧sZkX:ZbEX^VKu7ȃ &1>YU/5s_>DG wm(I)X![OuD3QR!MSCn##Se^}enkd=Ki̖k(;ñ+PESs>?N ʸb%26Vg\#%щ^fFrռtnNvf?4GKHo&oR6Fu{/T:[]g>Ť4'O/ݘ9-?.uT8ה88 PFZJ`c(}H}CWVxW&LoG3c_>X9U;QM w Q% ktKEM1 WtGo*}hSw6$pt:eڿ=[;kQv~C'j;c:6x0~z_0FXK@M%2Lho.@6ޕk_6#l܃55k\/'4󎶪sg)4GGAT}2a3ՇT_˕ T6s'Xsk:W$J.E)T dx=F3nQ* #y_a%Hl+MF,/6S|IQ(^ْ^\w5wTcF}{_Kz9\:gPz@(YWs}+\8PWZz-;w]3b˅ ‡e# FyUW7T),*f5|`-qŜ-di΋s8ok}PrP x1lLGw/y"|3yc@N +l ?J闅C@5][NJ+oJ"ߞ3E_zsĀYTJRt@D}.שjy !ڿIPO dN/m<55iQՏ+H†XO2گoJyE:]m(B(} 1i.KMݥi(~KUGopCv7,G)< IwYi5loDY~!cM*wŸW)]lo*P'P$xF .RT,Q Y绠A[ghG)-Ysl$0V{ٌy՜4])ErB/C!뇬5eY2 gf# g f#Zq~޹uCrm+49 ^~q9zݥ~`|ThP""Q1_p 11Kl1g#.d.l8acc)o7sAR1[X7dޘ-R=갾Te=po`%Oe2R]cZD. _pMr,ǭ%8ӳ±+C eÊ>S#<o n8Xq象*agYW@ҭ"b3}mk72=c?ȺGBh~nz+/J -8§,⮸?Hv[=t"1A1@YF5 pُEtΩa]E0y!klX0q&=M,~`#ByEW&~ϛ0DPQ3F6QKv2CVT]I}?Vp FO9VA&Ynq='gwHDK)E3!zI={.}hT/&t0+t~ _c1r5`q;yi $p'vtLɼz"o]U+ԃ<ΈV\Hvhy).~zHMdWcۈ}6 7 Ua)2eI@vp:K!~vт%a7OeZuZYWlo +9Qe[>WC+i~bzOv8f+Z[zr+X]FoەQυ*UJs$A@N4Q0uywW4um rw+U mS_1py˨m*,CE;?sԜEj1uAY\TZBď`ePW~z*W>g@ fZb7 B=翭a8PqZQ)}!$g3Tuj :ej"ec:h^qTuS+/A-F9'ߦ-gBF?XbB3Ũ̘uLG*P#m7AFBLr(P3},[V% iŬi#ĸҴ1,vԔW`s!DIhoogzXlrqvI'{W"IvcI$c|TUp1ʟecy:"TWlBzSѨ`qT" <j*Jw,POSh 6ٛ9 }k\s8(C݅7T}Q)TrX;tcFL8= ߸ &5 #bEClߋ LIpuZi7NɐɺM*`Ѫ# B#NR8tqnZEЪYp=v2eA 'A%s˶HUлM/!Y!ܰ7O='*qQM2nޜy1vBOVȨP\8j FXR=y1hp:8?E`5VZT@פB%=߫,m\iIGpK%j[4V_ULJ%V)U]V$=b0nlrriGuB9!;TŅ-W4XTXZ6ÌJB{13: VEiQ`;:|;׊[Jsg^&ztO"(Εp6C15{!L Uv>L_82,?۠f?~ gcxM5D=&ꖨߋWk_˗ "/ /dV*g華ZƧS?X׷qGhKEXu#5IT85qk{ Cޝ<" PZW lno|܈g'>8x:Rq#!-3F4L䘦Q~Y3*SpבnP}[T^>1~D0%q &|*sVx>!9=Qb 3M?ɥϧʀ\Z{v:q!onM +D J!%$דQ!fҁP)7]ՎY:N8-3U"q#:9?P@F;Gc&G"V-8V p#)ڎyghAh ȿTUVِhfW(} Ko7xiR,.: !lX,<@6dj4˿&SQ@uD?S'uזjWoުO '7Y!!VGl35/ͥ|;WuTG궒? ^f#=t皴zp:ѭ< P5Hrv $ed\GKAIBG-y') X`Hg)փ)s$8$s~~3 h8k9D EH}n'>dlDD%P_IW_ͮsGTYE,!K L˳nzI,XTPPx#%o橸앖Fc,7D?˨ȦzI]ȶ?)86(\ lta.^z88bB1В. /3gB|tp?,y(w{ݜhKKyh1A3D:q@[3h!)/H햅i-Һ+`IC".FGOɬI,).ԞG6s7O[cA#nk! ł&XՈTdpO5R3:|ـڪa1i U~xfr :888$13U̬CXNGyڄ.C{KX%$WvO`W-˚wР[JDʵk~WYAƪXPD|p=V$Q9hw<\mZ@j e%qr 1:h]$TmJOg-GfOf+'rWf?LSV /zJc%_aCyiIҩQ~rVn-ZR OXq'l3< _͉1 V# \NzΛ'5F;p$$$}`H':5uDD^T]c3+.1sMq 6E@&EӺkSKt -^OSeSBꗊ\Rlz<*ԦKn>zu,A$ ʗQ{B.+MYc7KhܤWltP8P+ܚZx|f/|8L/ PKv,R:T ۥ>6!.BԋWtkz' <xPynZ!ahRux?ъ7A'VKoگ1 &!M-yli=7)U'&.jBGYk&,کOy7X1Yڹײ-T[WEM}JVi!X >n +P'F'uG_۫σ OӑVbyF6\#LnhbE֨7! :~FQrU'`odp /jo\O半55. 'Ҹ$(@_Knhh]ڃwKs 9dw%O/y|tH9?Р=`P`[;j'c><y'obs$a*6k}'3ƿta KG&4ԣS*EK}6G}ְl-d12ʲFZ~Oy$X]j 1ц|2*/4-ՠmdO5|'fWM"ܣGVZ7 ?$ZH[- 4VO͌F[ {Co )#b,iT\gA#ϗ ۢ=k8-١ W0;Ϗ? CMgS ݄ ڛ,R&7Ős3K;zB|d~@f"SR.^3;]ҴJu2Flc`  SAKj PK=z$qU7kN%%nMb%BHg!~g$._׻V?n4: q-Ep-F3GQ,CwuI-'یâ=JC˶^@l1z6IVr@f=$(.y*__xKb'$B=?7>ڼvՊߩО9 F{-הz?\ Q : a'('ˇ3^I١c=pMs!羡[GA6xsVkǛDعKO^7M m *)De\ ܬ! @9|dQĪOQsaEsu<ΜQ@:h|Y;R?zM"<|Lit!s~\fV/2QJ89ĵ*r:vryPFÆdxD #/,i}r|cx?Wr*S\aͱ,v]!7LkQ+%W< Ӻ|\e2O;h'|:;麈8.WAo5RsܕJAjz )f L[;|,CK+r)aq\D$^0N O-ry9Z!" >B6iZ BWjMXmYerP{󻤝MU٪<=v<\C([`e (Jl0hM<[/'iZt(LtX+6S /yB׺2~p(P ^05WU S*YUM f#,Y|pkvc_} o n "5"&3"yuѤy퐘N$)yt8,)vImpg! N6<عuCpX'3?j#qU=V$=ǔf=D̒VUʼnx^=V~%t升,8'PJ?&bhߊD . GUW jC~!JGI``-)r%Q Xx??DJgW;aX9)5&0j$YE;2 |Pᱍ >@EQxEmn55Ƥ~SE2 .B:]]-OoN_qhi\8C`X⎏̃&8u+[ Uġ(& 0,4KW4 eg6(Y+<<Z+d==VΩ+EI5ڨuS~~pvIzjj_0gnk5+̀+n`(o2dsc}ιDà ɬ6X׈0;;Kv[( Xi݉VE%d1-I~ljK {Ō |⏡̚>>< ?i'Akz7eHxt.ҊR@Y&&?J<64JgtݐϒaJ+گla;"Ux1y<%H$wag96W0j]jŔSE;F tNcrk?Y@' 9u}}ŪC :,{2Ves/zA-dr*E7X1iz-1깨Oz{+|PHR㩷(s;r*z!tW& F`L1gWQFOQa4AC !)tlw^A,Ylpp>=s "jˉ Kľ" l<$%Pav",l Bo"N5徾U!HSt/&ps-BcwL`dP<(44OneBd%ezŘi9YpoBuGL,#ǽ Ϸ3kuq36nBzȞf/. v.s7?3Vu7O?_R\singl/(\^@0Sk RUh`4n3, ~ cpx[Haw "6S%iB5Ÿa>yDWݿ7"%# f3 `I$0Pl=b47X@z{8wbII#+xDx#=s {Hf{h#ӶOD>嵾_3det(d5Xe)/)Cf=T. ǘl_`neG/ʺC㐏W{gҎ^R!g5L~Fe` 2(<{PWyk(qlj-b0jCq\QyLņ Jw ~2ŤFB'VJE1U\.+@}hM~@fJ'*1 _ \7]6~rڙwcoPƺ)!6jpxHB ]gx`peJ0<:/EP=Rғ9Nq rMjs~ n&(@R3~َA@m->oJx+ĩk!utXTt'0T;c; aI<@qFsn]ƬcMVYɓ>FjHSnh28ua>Ef/=]0rrbXy[@q+ka8G|hi,+H}kG$7>Dn,;Ee%&MNK;alװ8g ku1P'u^GB[È_@rǑ\lw 2ǃ`hע 0ȄhIcSڙELp5CcW=F+Kiڵďe+VpԱ\/n6"5;f;DnȔTQx GoϋUL 8ыO !L@v]WlXRN5?}^U|SdpvNy%uYhPe^F8Fg)#[i=0BVvIq*岾.=^ڣ;L{*_֨ݗZ=}8f! 57 ٯ t'rYU5Bm㞜U__@x#\>WuEq5AaiIۈQ6bz]E% zdU9cl<.BgziJ>LX.Fy@V_q(Ŏ[~~u| 0N%Cmv0': CKV).m\[薯$RICoyW5bT 22_Lodf七r(B%`JD*6P4p78pD/s[BBcJOp. fa*Hxb;V[&=^޽et9*Tc;7ŠKjM!;4"iƤv>+aav M&>!|BUݢ!EawQz;>FRٸ8Faq&HLVYEnvXhx|`F8mw}J֜5oӄhmH"̫&xn/FKuoj̹)Cl30h ekXKRu^[(Ýgl?xXu伄yx샐!G#Ծ\]A\VMY#bL!47gs7ap*Sr 0aQa?p CdVƻ~e <# 05x/7'aE+_Wo a'!$p FbsySڙَlqiT'<~br]HlaB`Pa9d.= bGeD~Aa5m5[r('6vƥާZ 4T?g Xf.XY_ EtUԔ=B+VBmTtӼ;O2Ro D?XG~DlVTZ*ĸ5WO8ՆY]?v~ SHZ7NsB0~\)+6©<|ȟ4Ck_aA\S?zh4ej /ڤ|ҨQ8ߍq\3RU}(==j(5W9%s80d #]l~k`[z J紇usJ ,ZPc9+$y9{=w&LXky`+0Vz!el1v\sُKuAn&9" V| tOzz(>8QFu(H1#ԷTU3cdu%^ 0\sHߟ+gohBT?hI!FTB1yB.C@X5pi,%HJs1Գ{} MbEV[ұ^8L4ǽ:" z %I1vԡqx–ZLKE:t^X+q!2GzRE̔2 &2-F" }oGOT zV02硏 ԃŀA˔.vǃGsdu/침" /:t*sK}0i(7{&kJ HhQcIKW0Xr|PnקrJboln+Urʚ-3Ҙc 3QƷWy^>TT1߳Ƭǵ>5 wz@1Ve6[3"K˅B6lx0 ٘(XP# ]|°~xN%wc/N5K#Q\n8KI9:Fe塚8RdEBoq &U,!AHTǓshܲZ\?Z`6ܼoJ8`3'Ic /^+&⾆Bȁ)?b0\/R,?nOTh5 nmFWO*{b*V t@81c_?5mnYcp%x7vś8Jŧ&o1^|&p&qCޯa*Ӫ/ NZv5@V;\o?kT0*:HtxvKc|T1@Q,!^DُqdG=$+U7})V@fd%)a7ywɆ>I}T}'""vnQupEԬ Χ*-DhɷzWb ;2WQ7̒#x_CM RoQ7-L&hUߌ)\)7!J9x]Kg+"Zla7AZZI/L#DG>|MKu)ų:S\T?խ5=Z*)ښAH(8pgUT\m%踽^/ZsU5N<,-](onHiĵ Ux@6)q8vT0]@dR ig97{vjK H4а HXZ=< Vfܘa[(8g[;rzلo_pJ4 Y?lJȣZQ_ga `k.Ca;:Hgyɲȡ5z(Z}V0k4P\k(xe_`L+Nv z@\8 [Ke3 y~T7!e=^\3p~v5`ͽh |4h\9}dmJ쪳f Q wy|4Mp>!\X<2Vwy,r;:9 grrzxr2vdH/ V{VL}F sl6iQN'VpX+PD2˥]@࿼ׇ݂owM옭]>Tnr5.r@g҇zs7_lqnڠ%Oc!5% ߝ[ Wv}ڋYꞷ)ͩ>C/H??cqa0?)%(Ьnz>)'jtXԷ4$dܡ-~b|픟U߉FIyt:" VsPDp^x[FIVrqUci] 67/8lfѴ,uva)U[)R3m4ZN"߮60*=w^m 6-Kio~_KpKp?<%AO#hjxև%4s-`ٙ3¤ ԽNK% *2k`ኄ/냑E x>d nN(Ư4F|I*i;P˳NѤxV=nܞ+-R[xsdBl%/@_@@s6K5*=u$5=;DȅEO-XEM0=X2D EV H3}"r| h *w`H7FpؑDZ$cwqQ%$QcPWG|ݨWюL얷FHܦxRUgV & KQhKhIֳ0M!;K7qq>8va)Ymn{-)Wo,^1*5ڻ&R#1̏y{)R7ᷗ$mUeҩA@4mhs3?+ QOUGHE up=W1<ĸ53h)4;,AQpN')C[m(flo):˺-#+Cf|mzÀ6h5ۗ&9ƒ%8~X" !k'֓+ Y %{nnb\_tN`hbycC-Rl~2;kˢĺ™=3?ڠ *ಙc2&nRR-P+I^els dXpe׀zu)@rL'8560ϕxjM}H(3Ta 2DWR7؃^d `@Uj )~M6F*)CU{bGW]MS}K8<ux!L5{8&B^l8ŒpG )27s նzOso1\3v$i}.vd(ǥ?\B:GЃ_]}/DF%&]KQ9^gO^n&I˔cBjrY TmE 6{AHU&6GRj<:W0&uSқQz7@r:H.2A qwxA8%C4KfmbrNWY7u ?! $$U's5V|bcUo+O7oa>|'ֺoTzr֗AHL7GktV'xzk4: W{{٤6)IbQ:dN;}6[I9Oh:V"*ͱЇ zmrQ N٧D+?C1Q+>to߆5XP©b|+?ػ4^y8V8i./:W0zk;J6Kؚ!_g)̙^ b󣭧8>٣{]l"K[ی+׊P?,IF z2Sw;]Sc?Ra{-&HE337HOQ/ H7@`8C&56Ԯ&9XAؐmslA{̺m CG:XԤ6C"?> 6^՗3Qx$ "* Z.;/h !-O~ &е fPd'H /קj%TJY+/6 X/x_/ &3:\YQC{c$e\*ց]p>|j4aH!;b3t 9I`R@=ɟ$Au;u?l7 ;,re-iYGjs8P!8wvuK` ?to2&1%6l(;(?1H^ޅ* &BDv׹8! [P})mE^E {r1Ѥ< x+eƇvXR!10g`ẜ\dw:0*y "9 Af3P1)Yم )OcZlc5>'DkE//HlP/kx:K:2ikwHn}|%6gD?58Am8YC2l{l2kg厝۹N 2QF/ץ3/w0[Z+,w 3ͅB/·A\t83Q/+ǝRlĘ k`v5W07<|M{Ib ~Dn:HԄ;$1roX}$XYSz.xP P`Wg.<8eݷC9UqqXRc))1ij`19)ൃ\;B Ti#aU~B[~%K,O+ߴi0قs 6 6M< QmQ&|(rf@w%&fkV[^4?0eajjZ)}f-ԞDmA_aJqD5:9duCjXY/}l1JTF dq6,M݇g<>΅hk7;{"*ށ2D,n%QbL3RhRy6Fϵx^̙ؕ3Y0oCezd%Z˪/U1FI s cE?Xx\T$f79DZ@=X-eɖ s\MFX1 UM5 y>եĠ+$[ȝn9ZRU#.׈,> |շK#8N;_aWr]ڪlPjs}-i؊N% AIPuZwy 8,.H< >Et5۵1_l +ˣ)M; O2NT|mb2"ENI$J";Q=ܽ9ˉuGDtOl"b]p70 )'X-EoL hx죸:m99-akdLoEkE1ѷ%>vTp[X&n 4<2xq!YhKẪ,[[o.7qNؐ[:.{ {y": |G*M qr@= ]p| Gw\2 ].[Q2d+V˧\O?$gt$?ե@Ǟ]ݍq6{5姱JJeSJf)˽[Ѧ2i谿z2}''jP EZ%Ъ&:VZnO+{mԬ3Ⱚ֬&~@Vsi-7FLYQ2G@LS*iZ܉B_ޛV40Tt ụZMklpɲ8JPAo1 l酼%׺] Annа3qM]3mջ]M=WLt~)ROd t8 =9 !(DlsiQ(PLA69¶z&Qzp] bŬmm]*'6meFZ(+S`:dwT3M5"!Hfb=k~wV;tg5'^c䕥G8zL P !ocNFfx Q5 Z|iN!1zsxsX@N}RzD'a)uWuYM/Q0ډnbHm~;Y6jrճwXބdua©6TI#JSˑ1mo.y͂SɢOM\v[e]J{e !-–#ʿ*/4LEgPZ~pch[fcz.^Iۃ뻶6jЖcԓKP~`6RnTсkr;}gnrP˳S" st 9I\DYOTt!'q%T%>!Ya'R܀wk,bXI"*O7:CSo`xL|{ܓ}mn~ik7x~I'o+[Bdb [kf4CMS>fuXvb6R\^qT3|˔R=,hŽ>))QB`=VSqeS{ͫY+Wn)lnULl8߉ IL0+ ԧYCo엜41Jj[!`{G-R]\$G0E,uNuc'e3Eiޔwqhp*PHkj(Hł(~)%;XV><]r  ře*]H{anE㔥q߰v U:0'd{e0Ttm) 5/$j"HHP(7˒ d}fnu| _6gxnKH00'gljNIHL;Ka3Y.paR;K+ U798Nr/LsW=˧\zQy)WO@]4Һ g/CEȘ/+LpU+Jf.mԍ~#V0:V#vbt=fѻ"HX =5Za>w.ᛋ)>s=)i_ Y' C6)RH8<ǵΝe{ (~{t88h+49,;G13anlzH0xppBH ļ0<+ᯗAIe73T1x<#6"/m.T(4 fY %6z1Sq5Ķ8eyY֤Idv~AP,Ӏ8=Č-uN<- >%l2OFk 5CtWzvGeUS$,B;uJ[#- yj-J#eex{-1-Z9@@^u+a;ؑT>EI̓zvXI-:*K`]ԐY Wv3?-(5Z lza\a+ E}\gNSPuoNs`*FWr -6m:Bָ>Hum y}чE:֨q&&A D2骪%epf|J$ ֘sV J=ˍphW/zG/6ttygr ZP3WޢcY2L< %WZiF#?4pEǐO[R${"/q ؙkMQTʟMkұSӜ2bn7nxa@ IL )mq%im,!c z0CEQ1Fu=*  uXХ"SLW K:iS@Aa5:Kxp/)~KiōsjG)!(W|uȨj [֕,CujeX!{GY^6%Y0]Iu-JSr! R)s0;8o4`5&EtC,bpϙ6/'f*7ҴC-L? W$9 x D|OٮoT|qVf:m ; .^Um\.rk@A*L06a@b7 7;O v"<}awI`*@/9b,s:|Bmp.aTEPE-ɡ:fŴ EbdҷgS mL}*bkfLl} = R`!y.y>Ƙ UUMd `b*`3Suy(Y*8~NCvvG_ T-1<_ntM.XH!1_YgPoy ߳k?I0Q{od ڷuBny˯94D&3yj k<=Z'h{ s5;VLbb9EGl`1zJ z4D3x@V~OD<j G"icǖA6 I6.ǖo@F)/t-X~̇#sɯfcr31Ub5_@ srT\;dݪA "3-P)E;Z $˖4X]rm}FRtG- &-%;?fGA 6-%n&3(]jBu̖Rew j%y3=@ c|׃Da`ٻ:^yf W@OCQs?ܦ*tF7Ge90.\ 6{< ?D6(J |odÐn*>oq-r&%H"^,!)rJǦjڢi![pGI҅*PC#~:ZH@W}v摑8עQu4O(‘zKb#p9q7'l]kw2/tlRQ1貞fYfC@ 'kz}B/%&P?"}v:6 =4k\ M_Ȭ䚥WIkc-ߨ#SLd6_WPb+ 1\pM xFSW}J-Sc-KJ-B) itl{ q5fj!kF$lo4mJrK bEAcF!\[L۰ӣ l )[)?x,NHU LbWf1ta>"q\z]je^>r*7)&(;ԿE b\!7ǍԢc8wb 2;5~m7jh*1~ m JKՊKٵInHI`dʪ^9r}*FSzF`O ?,ϘB&.dNEq]篭po"Oa~ *pՂ&{'{"}ZW2扪 e3'z5Q}V3 2M8G_éW <ѫӑdM6XVyVTa%# Es=_{\7r2{*"ngsZA|10&^in.i.yG 7zM~$:,Gmhg*K _WfΪ`O' 9=g\[jۺĜ SbrЪa, "Ys!#-"FHհi;hdo=\*|t<)5;>VN@)|+$0c.h+~¤Ҿhw 탊&qm.:?bcOdu!\Pu-vG#8}F `J %jksl$ x\DfCX4J){88':#+$H .Cȭhar=6$=@b?T #w񨥺PY'nX<>vV6 ԒWgFب^zXbw++,Rs{|Uyt4FUh@uudi}=#{0`VsD>aLaN}*2[]Rr[I+!s._B`!ߗMVrќYǼԝsCqp%uN Ft5pS?*gcKF96Xo[ܓbQv1MD|Rܞvˊ-8>=J}*EUB >tF~/ӑaiat v4oNMʾQՓik Y+|=ӳ~Dc҇ uy0b>+'Wg9ty䂻&u$C[Z69V `)=Tu#`PJR[㠕qv }5Fwʊ\9B&.0[+HajWWv3_SUhS' .c䆿yؒ#Zu2 S<$[&ϙ s],KZmSJf{h=OO2+4pbMK<_^0o!Y,p;0}ڵfp}Rѥ n<5YUr2қimuExT| ~KtDqOVRZ &%,wG:Ҹ'"X>;pC)_8i"pyϝ>iBBpN?d ~d6cuozĤ˦K2Y\f wxI& *$%ѤgR<wnIP_V +~ͷ#թ3c3)I: N5x' ?y؇ Jt\৤Mٔsȋ@ϝcOubC4(!OgұhH#R3i]3q@<6U-O궈`ϛQe-gZr4rh-} ב2rƵŠ~X[(6e?Ye]_iLfo (~NsUi^٨.BUo4M7 lFn/\."ZT&u6Y}%DT&W>%2 x_$#xM]v)x6(;U[kN(J)S)8rd4!ADsia[Sy*"4 Xz)(L.gˇHikI$ITctogRgɱ6V@{0_5ޱwOz)p]KN`2X#vk]>5]ψ?MևŰNh7:&{&B6ɇ*HYI`X,Y3R#Pc_m̋oىm pn ;Q1-8Ӄ#7C3NVIONQE {-XAՊ eǛd6  pQkj1Z fADva 5΅MdIeŲٕm6ʟjlO-۟Ѷ\FTci"=o/5@N9/  ,߁U`.Ś𘗭 liAoS/z5'n 3ܗ8@7Wb{nl |c@gip(үyIs门W*P1аR2yU=o:s ,TW 'y|9HCHǠ[Ϻ#Q9߯/Lz'.%+ŭqf£EiŁ:(|yW@j@˃uDŽ̀0 6H+A>dCbτRPy ׼\0dǀ:eCP+lz h"- T@bޑ;z+.#!ȱڱhM-k&BXYVI8ӷ[hD% ny%>vRu{Y WT(/ zub*cćiYw`t[*ߋ7nMLaR>`ڜp8b-`BAKfm (F0Ӈ'-"5SLȞX.YI/Olc d9ɯ'CS5N[)oqW'!‹x.e2?d\Sڀc^d׺d8{ӟ4ٻcSG: +<&OQ b!"n ;q> iMIð)p&Wl2 a؅trx֋}ۊ Kb*5q8bR) s~әzHL>WڨSy&ul$_0K?(5EOo WmG }R^3d@݊ȳn x@ÌK,qru?0TIl-Pvgڿ|M dbPv?'Q8~1g(+?>!M/\Ҙ9m/⿰6,p}U;"=׽gR7mBjA/9l׮=pe :H{@iFMWd 4vR7&c΍VUKSXG6Z;'«NqGM m *l$H6TgXJ1(NFA1Zdd&m0跕68P0em%OD4eO$g6ohOsPn2ԼĮ,.&_icԽim]SU*s *uYi] !iS"-y_J,r[C2q̛aQETX1l5mXlƎ1u2#0 ֡?¢DC;ze;}:{q;kH8;Q@3X\DW澁In G,-ɑog'jNC+6cn3C(WK.z^Ks_?z`SLV5Ԑ0'>&S]޶Qr3(V^;J*n+ݭUpOW6p!@r1ho_*_r笁M+^? zk&y ecG"ԭ+[! 3l6#d{LҒËP dgC t dU1n{ I4-p:t"\Lq>fS4_:sPxbNEu+X6m֟8}r(5M3{l~0L6# ::!G\7wtR\or&g$yѳغZYo+p2yKQ P^qJ lL3 MbL}c%)tJDW:yfݎC#ra+7Ѵ&k#kV X0Wcb\h/6 SwWs#k` OH"ucr%-$;Cr5Ov rno M?)Xqy Fag+$1a@]%V]RP97}'h\ҾwQ'ּ=n'NN]gR[R ^qi3wi.,sC9aMs7ͦjjh8Dzz}eۭ#oJzE9MF-?[K1(4kA"H-扑丰]^]J|cٔ,eRn5'}Xv#ork)EL_5TN{}UT1t˃]G U+ .65S(z%S7击^i nTѸߴ}jArzmCD\UՆ2o'@8~*4 X瞌;')0ݝҁ(^~`qA/ʢٷrC>gnf<\ U4qq2au4ign[Þ-v6k8l*t߷_AgXëFV6j nSD|6b(^A$ٙ2Jkgz/yJa{y^X,ղ13D[AyG˕YTY<0\˩˩&/+$IhK?wR#װGEP'<^CM1Qw&r4}=!Gc1dW ǫн&]OpӘZٴZ-DopgP@&ƮhrB`תT']{7\DM4ut?XR=${"ZW\HlkܓjG}T8E(c0.5%rÜk?k`KM)U#fj_B ϩ\lM5T(X(s17SW7UG$YxV9_5U-c2OՈ =w_ 3Xe8 B.bcBd[)6# 6Fve.:oW1EL yieߍPiYH]A}lj %:l-ֆЯ Ås>#;e+ Fn~A}vQΔOmH>Yqb6 d" 66(_u ~1oQ=?^N:`hquqmWR_bo'4/ #(s^n0-fV)O)bCg@%{_yA0h+Wg+|}ƌE,l8cKNل|l,FgMlaYx+-_{BsQO|*j`fMi%"ηC^80R9AX ˬ|4ڍϿUYqߑ"휎ж%S>'ݛ6 akP[xEszpJY)?vr5aGܨTmG2"DbF#1NtUSF4YCy!?rFIm0Q1x 2}ڋJ6u2r%IX1kL 7e8SgD˦k!Ĭm +~#$1PAk=$< ]T"0n:' |^o)"T"_ډSfh@;A2G/Xb5i.|PF 7I ӠtS||6xp!Gq")ǖ2Silft?T+qmhWW+ Ӏ@BĞE]9ku&?="~ }*:R`7I#H2OlwDFļ֟Ủku_#of9ZG>WiRWCo8 `d$-~E; KVQȕl!N~sQIE׫s鉀%bܾWU^]1-Z82հ[5\O&L M@q_:kVE>׼]P9~nP8eEQ;W]!+5s+i| "!s*ތl N4lXQ".\%6aN^CF;^s$((.L.Ц*`>. gO6N1;DMПEB )tY9r[ HC)!&5l>yp3[;a,Q-֤Z+Yj<cY]2p&0>u2_&e8O!*gVMpn8=2Sw6w `3'Kυm8-' AxF[ܰ<'5ÎmoboXnN,C0 [Ȋ7RʤFYzzK_V'h{ OK *Ԟh^SkB"_4Hx{EBj0;Ng]_%] cպ3;pۭ9P&O!1{LmmkaF/1LXƋy#E\>9+"ͨlUpHQyG@.;Hw t@UDy"l]^2MNq`sJт<Skhobȅ/؈wQY},ɦ@0/ 6''AN71AlJV{Cַ(7OPi% ֳ3~΋ANcu0mЍqN75ݓG; !S932 EsИrQg@(چ/\XoH]G5g *S1WqK?xL(~|@s} aN]G"R|Of$ "'Rb 9 h.#=|e=OFZnU-?oŻKBoMΔ5b/*UxN.N'̅ݪeǶ&kkO?3jZ=rB/_'^!nh,e>ag ߫W ,623ww7' OUljbMQoб)oQqcO`a~*7S"!Xk4^CBܝlZp_[Oͷ`o-gԜ=fft"V@~6eR:EU`DfvPhKxѣߙ}[PPt3T܁`)79s@'0O?(ANߙnj"l<`O<.V}|wOK*X:V̞Lȧ kU4eʳ}}vz ؍~g,`[wGiFQg:$)gH%_7fhJZN:AMvBǙEa^cYRe:%]`/|Q޿DE.̖vc˰uV&գIdl?w*V0n Kf:dq.N%Y Gз+f22mw4sBR76rzyzp+\$/VaYL.X*c=q kQ>7py8^—_ בwTM۪yzrζ$lPWZX{H.CģTƒa:9EVw{w)f\u!aTE[L #N=i4\+[cgPȫp&x˾i1ٻ0(]&^ز(lޯe@2զo,"CVwlCxpw.9v)(vOKl2`-2ZUGճ9b2`w ({ܶ]ý'eK*Y|7j#i3X)<(1nW=wshkBU[{p #="PQlR(n[?Zˬ*w,#O#q=3T/`g8$ݷX>꭬(8H0c(}@ gaR \RD,LJ8EƞW|(;}b83hIg~ 8el汜w9[#e3@J ڎJϨ7J 9ADB(=sQk|[9f\h{mbm>{Ec voAFkq2[u(X]9]$C7Χ=Lr4o_rӟÚ[nO4+MbͲ* \l; l>wÑEw\}eFn_ȓ}}xL%D/4[ۿ.\.8I8ܢBM(o fe"+Ҽ7J)JDb5Ed2a8 t !)I;Q!U^FD뵳C^T-Lmc-P,H!X&#^KN|ÌNu;euRf,G'u 7%Ġ8Y%L{D;?z84*hv_Xz"i~#a M+OV3}s{0a9i)H,7/$,<*n.f*.~̂Ȼ~Us5* M֩:x6FeacYPm}cuxaiyZDAIF@F͘"'viVݨ.v0r c0=qɤ`˵\N@%v+M1.YutE`R1GWĄ7GfL0oꡓ~gUhSθ`{h "LWAmFR4Y"\r}srZc(Ԯɉ=4h_qYT;$7_dߌ:N6$R 6Vc)Jh)tɔ3o<]$0ڶ*XQ~tN B k7jDP&QHkKb^n*fJY+y|r+W}3o^pNB@ĖV*x!a#= o!Xi64%NW;;ߡC*|YNS {ht:)%#1H~`ɂ#`"*+׈Z^6앺GGB#BS2A{p9 LeL)z'oxO8|Eg;!~<1IY'J`mMl&Jgy]WTa'Di FLK1{LǔƓ݅7!ޠ}0YXD TzoTO!1&#nv pNHA'^S o"/7PPa Pdf1M:"v7g `^ɱ@jY"H'`4NZu<k,wO6I|aۡ}~oR2JK,&Ȱ^:W XP"˟a4fi֍Uvl\y+ PO wk]pR4&pz-"$J *QqJǓNrǰElgTߒBhB10nj9[i)~6D g |;TLeFְ>Owx5"Qˮ&g>9Wkr`O04pL/v ݹt#4UH|b#0~-5;]]Ë' Rt˟٠Z({tn4@>l+AL&TJcpkp0M^(\;y\Py!5le;~}b? 4*D '--(\s0=yp .SMƀ*f ō{mG謣 뽹;q@GOaN2k! $.9ς0C]Co Լ*WXZ}P7$`Kl=4<́(n! sw[K/3|KZ*~oYGZ-gK!c]i:01'|]d7f$GsvS:\K/"Wy9zW|puU3wM^;ep_XdN Gx#&ԼXfg̅&عS$`/Ku>YPu7, ;ȃYQG^*jHd^O734 ̿D%Ϸ$>!φ.Nr:Ѫssgm=@ RƀQ*~yIZ/8ST|Z3.73JwbFjXR"JVȂ=&iE8pC^Q 0u}O4wbܢ&!)Zs Ug{3q긝 Eއ>H гqbg<)ml ؽI0Ys$4ʟPgoI> fP&U. xKkb7_"P!۬$XV%1=O`/xjԏJ"Df= {Hy~Ia ))k-29 -ǖgP:{O軥mkZ ͜qNS䕷 zjRwpp%)džXhs8~ZV^g5-N^9z[wX~u!_[>c_f6FNx<+mji1USٻ-?xC ;fѽ2~g!ן%lD}yQVNJ||@vܩ? wϵyV$}kimChow;9zyoxfL]=ļAC NgGGr*U '+$&fٞUF}}^\v/DjWEOѰ,5JiFl Ƿ2V:W}‹ڮ$ N2 v=cd3aOҥJrkzۣ=0?c HM T{o V4Z4 Hr63h->-P .Vas|jԀV?~^vO. l@ &I W) گX]\A9$ o9 RK*h74Tg$#;  _/'*dAF*:C|%u>ai?C=!&c|G+yT1SG㐺 1ԦG{<yb%k*JjH]]QP~=ќz:L-ZvVжWvcFKŎChq\*`5l>X.?046`'Vu+:_N=†w95:cID*MJA}sI=ojgy_]-N:x(i>BYt/U߾Lq']?&;|\+!Ea>ln?xH2u𤱓O {vrt$#(9BH$&egWZu9 hn5~2QhY7¤*WuE~bz=*/VTQk(cnaw/qngg@D?Mtƍ=|F$U&Y#~%pW]b9bI0%:\_|PM"=ON1e7mw~Z-t%աe+4?ndet&(rqU2^dV=ܓqΧeL779)ğrdp![8xe\f! 6U^tڳpvv; 1*B, 54SGZuz}' H1Qg.$gnY[qUf1mgB7{7>Z ރ4M;F,ڋ+Gn7JL{ee#o9,SjV #ͱُ#ѵ+lW ~@c l9 yءwkPk's[ ёCʈy!TC9+o'<p\WntsS ZkiXFQK.: Qo )3H𹻑-4J-3a8_C xnԖ?j ]f Jtn*VN.Eͫ91 UwJ'0-5o"i^WIS. >V a' [)uvuDikW˳)U-Yi ubAUIvKs4T痶V$!kօo J(uNltYؑ 99ʫm (غD;LP~ngjV28XYhMeU8 tl zW:"HufC`aw,N۱GæQe FhD`ΡL/$ ߜ HIB45TgUb3_6 K#,!htXAuVy> \4;?--/ۋZ'~U9x~eC'ShSG9xԗ9@H.(|˲l5V T5 q?~ŋ/ZÈê1-IZGJKe-&#y 3 x VY$4\J{>֬@/_f!.ih%LGqSC:̊'ޢUqHιJ!tNf}IWIs^U~ 4?]mx"4Un yrP > B^h-Bwa[evm GrMzchIa$wtZy2?\?8}͘ L;8>_2S:tBfUm MU:jTtR o {%&8SxWѴE뼦/~@O-ҵ G*1l="kW uK}o_)[ e~iוLʛEts!Giko`oS3k:c[evqb 5js!W[LPNB]]߶9J˝γs˵p닐4 AE{Yb[[1>r^H!U2AY^>8%F*]t0}?kxyԏVꂙse:*+ziO4 3 NfstKl;@׿_$9~5<|M1:V8>NٯJx%Ιynefj#ZK`#F_~f%YY<=l'd%LՊZ8@iYS1gB>-b6 ؔ;# ӄ>3 5M<ۭ+).C"nz HPhb֠z 9DPI-̐|hz`TWnx"mҢyn'sלoc}<+KsMb:#GDG/m%QE}nqU?|wl$DF`ur7ux6yiU[Nm=XQ)T 0sw쳇E'%aR ߘ` ׸̝IdCl!=_Z*.02n`E{sax Prכvcc ~w~Ҿ֧UBa&0-M.㸢EEStaycX'7S:g Ӵߝ.{mT:WTl 3U;k F9H7zuvBx43/MKDuNjA&w8nKaZmCl>28a1Ȅ6t#8*t 9ۦ_uڬqzŰje DI)x,|+&qRԩnu0<0v7G=B\fHwxʹ)ď5<3 Ze+Ɣ$73dxBHO0 eh#eȞ 98+"lP6vhwPF6D{\,2EcMWW[Q?M SKl`* Gc\E_EH&c^蚫c[V+e`E\I{Lv!>t1'?;y~[z1]XUNc}/򗜗s0՘ᓾk 荮 ,ё4Dr7:zOyfEQZ>Mڎ(wNu%SĀ܄8$/-T}ѹ;~6J`^H%6]TN}﯐`!>zDڤj3)X6; YbA@*F2%@FD~8p J.(*#H׬']B38ERn\.Z , 5)`vv1ʭPko^-<:1n&Ɣ( tWbg?W0@͘_rgiQEIjm6%M\7uSobL%Ӎs ={f.+b_@ j,F%>\mo^g~x'!4aŢK['uئRN9( (m Ђt}دr¬~WȴSa?1Cwy z^([2ڄ1ޛI?)R.Q> Z d6s|yNZ<s?X$c~F8pv]HJ =(}1gCia E"t- h"KC6c@ <^ Ӷ_,bm`z,rwG%hJ푉C_An4[n ^DҶK YPO'4oeㄝÎK$AXei]d_8`y0 =>ͭDQ#d"[;[Z+#59#i9ᘄte6A7Qb5(GAPrؑS]ۭ=-*j\;+hh<-daU3ơ*a(B! !+m]7,fwt#ɄBL'yWx*C]!D;ƻOrնPpȶIܫ9ࢮ.[+'!:z"Y8ENjog-HA6=2Ea訒;9 Gz\*C:pS@֊;xj2>dqF zp x}Dž35 xVf%rAT~&Tv3M&3xO.̡ك>F8hv "Sm 㔏8vEoE*vϤ!ZқJOT_[!z1C*ʣcfIc  A_Q}I2B b Iѻ0=Xɾk/"@1dkٖ ;S@XM}WI<Ejojތ"MjW5O1ȑ!v<wdq&0S &)dAOzܟP\RzJ$aEZ=*G =Ź e9\4z = k%uh2R_LHΔb߂W1:~tFWu(es͍_&Ro+oӏ̓R"[ sLoj#n,4A#q }D]$djK ?Ɨ(TdR7R- dOAl@~v 'ϔX9kd<`8-SO ~*z/^@Ir' C>G%9KC Rߢ!xݱo . -ŧ }´93&'2m58uң0wG*Zu`b mor/)UEdE=ZvZg5< c,*';Fڇh0 @ d?sIe[!G5ѳ;'4'KĞ8h.b`<դXMzw=,ܵWSЅ#eyvi() Ixz4%/;}pvhUNTKZ<1X] 'P]@}rnC?9$+̘Yk/:= Gvk3H}l"f-Ol}Jj6#vbr_G\Jt;m+lY'i_1D).O=e.[ YQWyMUm Htr/P@LEwB YtT/ $μM(x; *ʔ(SEXSe@-C!T phDŽEuTdz3(;$(l'˛̹}d f =~ť%;Vn5dN @6Y> r̭u a:= ?[UŤ%@"q%c œ V&v YZ