cups-client-2.2.7-lp150.2.10.2 4>$  @p\V/=„Ll>ILhӻg#:z++zTH |#d4鍹 k"4S>K3_bH͟`f1AV>#=뒫{K :Lo 5(zyF-:J!5v]e 5|qjkv`Ҹ#iKb T2i{:i׵sQ~et:-kdT*]s56{ |}oX7&0]ec1e2b737cebf0d7012c52ac4cf1beb694de1f85a1c7c48f7fc077c556ffa54ff090a51cc3776ed9fd0ab5e2ca4a4f3773a544033\V/=„b|+a@7pA/,?/d ! 6 )) ) P) )  )  ) X)%))(8c9c:$cFG)Hh)I )X8Y@\h)] )^bcd=eBfElGu\)v w+)x,)y-@_z..../Ccups-client2.2.7lp150.2.10.2CUPS Client ProgramsCUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. This package contains the traditional command line interfaces for the System V and Berkeley print systems.\:lamb19openSUSE Leap 15.0openSUSEGPL-2.0http://bugs.opensuse.orgHardware/Printinghttp://www.cups.org/linuxx86_648088X8H08H80(0yX (8 h8h80(0 =  p #_! E,$$$$$$$$$$$$$$$$$\0\0\0\0\0\0\0\0\0\0\.\0\.\.\.\0\0\0\0\.\!\!\!\!\!\!\!\!\!\!\!\1\!\1\!\1\"\"\"\"\1f8f68f2c6b7d2ae1390076c2837d0cc94156bdc12389301a50c084936cb5137794b4e6030fcd9d67360bc25a538e1ce11b13125ec68911471031cd29aaf2f313516c4d7b9318d754e4cbfcd4596e3bb420a3ed7c7b06c5e58d168606905c38e127c22a2ef48d37397e8fbf649874a37e076f9e223a5eaa19ed48b2f38bfea2f8b9a39afbb9ed65d34fcc7bcec19e40c7980af5923643e7b47af312448fbd20d3f4cbc7ffad906ee39a1d656bda260777e075055e35702967c0e0f347d5d46100ef38a1e8ad0870257ac3546a6c878d807c5534017a587eb5b2f538463fd5ddb96fc241af7bfc95caa4ec59ad0f74cf7e70409a6e47e41da60440960dd9b8259b3a50bd06f884eae7e86ed8767b745b890eedf67cf08743ce541065ac5f954e648d0e4f4a78a8b0cd87fb31a5c1fcffcb46b99682573f7a5db66a7441421e99e9cbece666128ed3744996460acaa6909ae3b3e136146429d6e185ba140417daba3f1cf81dfd82ec339e98b9110d44ddf851b84f2bab853e8dbb46ce959821caf302da529e00ca83ff24875c3356705c0229530cdccbdc33d1c60d1afb390d7e03d6112cc960204a254ac9568c2bafa1776877ef59dbd0ce390254347e6c98ddc108c610c9f199c5430c2f6d4c37efcb2f253625e5f9b2e5509295a8e3ff8a069435baf1d9141efa15797956bd2699d2b1f1268dd70a32b3c99536ff64b9f06272b1fbdcbadedc56dee98d3ffe20924eeab58dade589b009ad740244ce4dd63b58146840140203ed964c4bb61d5e151f70bef803f318d2efc6c08630d73521ef8f167a3eed3d091599b381d18313b1bcacd3049491279402b6c36d08b6b1e45cd029e3af96a596bd94cbff2fd03360c1ffe638b6609baf81abcbaa8b9ae949e29766ff65ed88eb6a3e38ed1cea02eeca3854af066affba672955cd52e8427a2f9385b3d787522eba57a95edd1febf9034e9f517295af284b7cea6652f6ba78dc6f5d3d9650182cd9cf0613ec9b665f0c4e32530492a774fb868d533986255225f0462a694220be881252de15b4c6328a99ccb76d4ffec5bb81c7c4d00926a0b9ff766939a06aa03bd48705655161ab1293370eea01a338589d4cfa0299209b9cd524877fcc63e3bfd4e3591f7baaa30186737841eae1c002d170d756841429d6472c45a79726efac9912a094a44a1a08991bc927da3e21636ee2c72605699b9e4faefa1a0d7307c63c63b239b1be76a10daabf36f8b4232154b535bdc22236bf05affe3ef02c6571f9ace710e331aabf59fcbe5a143e6baed52f2863e005ffb6dc4b47e6fbce2c9f361dedfef5d27e3f235303db4d0698ed1f0b70b73e6f9c33804896b3b8a1499222acdb1adbc21eea313082b1aa711b7f48920f67ffa3030d274162cb793e1a5b7886df885732ed25e9b712c398c770d68150100a8a71c2eecfcupsacceptcupsacceptcupsacceptcupsacceptcupsacceptcupsaccept.8.gzcupsenable.8.gzcupsaccept.8.gzcupsaccept.8.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcups-2.2.7-lp150.2.10.2.src.rpmcups-clientcups-client(x86-64)@@@@@@@@@@@    libavahi-client.so.3()(64bit)libavahi-common.so.3()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcups.so.2()(64bit)libcups2libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.2.7-lp150.2.10.23.0.4-14.6.0-14.0-15.2-1lprnglproldplp4.14.1\n\['ZZ Z@Y@YB@YYχ@YX@Y9<@Y1S@Y /XXsXۡXN@WrfV2UU@U@U@U@U@UUv@UTܕTܕTܕTܕTr@Tr@T@T!`S%@S׌SSg@SW@SG@S(S @RpQ5QHS@PP@P@Pd?PE@P@OOO O1@O (@N@N@N@N@N@N]N]N]N|tNu@N-ZMS@M0:ML!L,@L>@L$@L_LLGK@K@KK͗@K9@K`*K'z@K'z@J@J@J#JrJn@JW-@JD@JB@J,@J&eIn@vliaskovitis@suse.comjsmeix@suse.dejsmeix@suse.dejsmeix@suse.dechristophe@krop.frjsmeix@suse.dejsmeix@suse.deopensuse@dstoecker.dejengelh@inai.dejengelh@inai.deschwab@suse.dejsmeix@suse.dejsmeix@suse.dedimstar@opensuse.orgalarrosa@suse.comalarrosa@suse.comkukuk@suse.comdimstar@opensuse.orgkamikazow@web.demichael@stroeder.commeissner@suse.comjsmeix@suse.detchvatal@suse.comtchvatal@suse.comjsmeix@suse.detchvatal@suse.comtchvatal@suse.comjsmeix@suse.demimi.vx@gmail.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comro@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.decoolo@suse.commmeister@suse.comcfarrell@suse.comjsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgjsmeix@suse.decoolo@suse.comjsmeix@suse.dejsmeix@suse.dejsmeix@suse.demeissner@suse.dejengelh@medozas.demeissner@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.decoolo@novell.comjsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.devuntz@opensuse.orgjsmeix@suse.deguido+opensuse.org@berhoerster.namejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejengelh@medozas.dejsmeix@suse.dejsmeix@suse.decoolo@novell.commeissner@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.dejsmeix@suse.decrrodriguez@suse.dejsmeix@suse.dejsmeix@suse.de- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118) Fixes https://github.com/apple/cups/issues/5509- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session cookie is extremely predictable, effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750)- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for https://github.com/apple/cups/commit/97cb566568a8c3a9c07c7ccec09f28f5c5015954 (except the not needed hunk for patching CHANGES.md which fails) that fixes local privilege escalation to root and sandbox bypasses in scheduler (Apple's internal issues rdar://37836779, rdar://37836995, rdar://37837252, rdar://37837581) in the CUPS 2.2 branch bsc#1096405 CVE-2018-4180: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) bsc#1096406 CVE-2018-4181: Limited Local File Reads as Root via cupsd.conf Include Directive bsc#1096407 CVE-2018-4182: cups-exec Sandbox Bypass Due to Insecure Error Handling bsc#1096408 CVE-2018-4183: cups-exec Sandbox Bypass Due to Profile Misconfiguration- Version upgrade to 2.2.7: CUPS 2.2.7 is a general bug fix release. For details see https://github.com/apple/cups/releases or the CHANGES.md file. Changes include: * Additional security fixes for: bsc#1061066 DBUS library aborts caller process in _dbus_check_is_valid_utf8 (in particular that aborts cupsd) and bsc#1087018 CVE-2017-18248: cups: The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification which are the CUPS upstream issues https://github.com/apple/cups/issues/5143 Remote DoS attack against cupsd via invalid username and malicious D-Bus library and https://github.com/apple/cups/issues/5186 squash non-UTF-8 strings into ASCII on plain IPP level and https://github.com/apple/cups/issues/5229 persistently substitute invalid job attributes with default values - not only in add_job see also bsc#1087072 dbus-1: Disable assertions to prevent un-expected DDoS attacks * NOTICE: Raw print queues are now deprecated (Issue #5269) so that now there is a warning message when you add or modify a queue to use the "raw driver" but raw printing will continue to work through CUPS 2.3.x, cf. https://lists.cups.org/pipermail/cups/2018-March/074060.html * Fixed an Avahi crash bug in the scheduler (Issue #5268) * Systemd did not restart cupsd when configuration changes were made that required a restart (Issue #5263) * The scheduler could crash while adding an IPP Everywhere printer (Issue #5258) * The scheduler now supports using temporary print queues for older IPP/1.1 print queues like those shared by CUPS 1.3 and earlier (Issue #5241) * Kerberized printing to another CUPS server did not work correctly (Issue #5233) * More fixes for printing to old CUPS servers (Issue #5211) * The scheduler now substitutes default values for invalid job attributes when running in "relaxed conformance" mode (Issue #5186) * The cups-driverd program incorrectly stopped scanning PPDs as soon as a loop was seen (Issue #5170) * The `SSLOptions` directive now supports `MinTLS` and `MaxTLS` options to control the minimum and maximum TLS versions that will be allowed, respectively (Issue #5119) * The scheduler did not write out dirty configuration and state files if there were open client connections (Issue #5118) * The `lpadmin` command now provides a better error message when an unsupported System V interface script is used (Issue #5111) * No longer support backslash, question mark, or quotes in printer names (Issue #4966) * The CUPS library now supports the latest HTTP Digest authentication specification including support for SHA-256 (Issue #4862) * TLS connections now properly timeout (rdar://34938533)- Make sure cups-libs- is removed- Version upgrade to 2.2.6: CUPS 2.2.6 is a general bug fix release. For details see https://github.com/apple/cups/releases Changes include: * DBUS notifications could crash the scheduler (Issue #5143) (see also bsc#1061066 "DBUS library aborts caller process")- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017 that got broken by the change on Wed Oct 18 06:11:10 UTC 2017. - Version upgrade to 2.2.5: CUPS 2.2.5 is a general bug fix release. For details see https://github.com/apple/cups/releases - Version upgrade to 2.2.4: CUPS 2.2.4 is a general bug fix release. For details see https://github.com/apple/cups/releases - Removed 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch 0002-Save-work-on-Avahi-code.patch 0003-Avahi-fixes-for-cupsEnumDests.patch because since CUPS 2.2.4 it is fixed in the upstream code via https://github.com/apple/cups/pull/4989 more precisely via https://github.com/apple/cups/commit/a2187a63425a3d6c05de1e1cbf8c26fd39a1aced https://github.com/apple/cups/commit/657c5b5f91e6d5120c4ad7b118cf9098dd27f03d https://github.com/apple/cups/commit/3fae3b337df0be1a766857be741173d8a9915da7- Fix typo in requires- Implement shared library packaging guideline [boo#862112] - Update package descriptions.- Remove redundant Requires(pre) line — the use of %post -p already implies it.- Pre-require user(lp) in cups-libs- In /usr/lib/tmpfiles.d/cups.conf use group 'root' for /run/cups/certs (boo#1042916).- Major backward incompatible change since CUPS 2.2.0: There is no longer the directory /etc/cups/interfaces because since CUPS 2.2.0 so called "System V style Interface Scripts" are no longer supported for security reasons (see below the entry about the changes included in CUPS 2.2.0). - Disabled cups-2.1.0-cups-systemd-socket.patch because it does no longer apply which needs to be examined and decided by someone who knows about systemd internals. - Disabled 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch 0002-Save-work-on-Avahi-code.patch 0003-Avahi-fixes-for-cupsEnumDests.patch because they do no longer apply which needs to be examined and decided by someone who knows about Avahi internals. - Version upgrade to 2.2.3: CUPS 2.2.3 is a general bug fix release. See https://github.com/apple/cups/releases Changes include: * The IPP backend could get into an infinite loop for certain errors, causing a hung queue (rdar://problem/28008717) * The scheduler could pause responding to client requests in order to save state changes to disk (rdar://problem/28690656) * Added support for PPD finishing keywords (Issue #4960, Issue #4961, Issue #4962) * The IPP backend did not send a media-col attribute for just the source or type (Issue #4963) * IPP Everywhere print queues did not always support all print qualities supported by the printer (Issue #4953) * IPP Everywhere print queues did not always support all media types supported by the printer (Issue #4953) * The IPP Everywhere PPD generator did not return useful error messages (Issue #4954) * The IPP Everywhere finishings support did not work correctly with common UI or command-line options (Issue #4976) * Fixed an error handling issue for the network backends (Issue #4979) * The "reprint job" option was not available for some canceled jobs (Issue #4915) * Updated the job listing in the web interface (Issue #4978) A detailed list of changes can be found in the CHANGES.txt file. - Version upgrade to 2.2.2: CUPS 2.2.2 is a general bug fix release. See https://github.com/apple/cups/releases Changes include: * Fixed some issues with IPP Everywhere printer support (Issue #4893, Issue #4909, Issue #4916, Issue #4921, Issue #4923, Issue #4932, Issue #4933, Issue #4938) * The rastertopwg filter could crash with certain input (Issue #4942) * The scheduler did not detect when an encrypted connection was closed by the client on Linux (Issue #4901) * The cups-lpd program did not catch all legacy usage of ISO-8859-1 (Issue #4899) * The scheduler no longer creates log files on startup () * The ippContainsString function now uses case-insensitive comparisons for mimeMediaType, name, and text values in conformance with RFC 2911. * The network backends now log the addresses that were found for a printer () * Let's Encrypt certificates did not work when the hostname contained uppercase letters (Issue #4919) * Fixed reporting of printed pages in the web interface (Issue #4924) * Updated systemd config files (Issue #4935) A detailed list of changes can be found in the CHANGES.txt file. - Version upgrade to 2.2.1: CUPS 2.2.1 is a general bug fix release. See https://github.com/apple/cups/releases Changes include: * Added "CreateSelfSignedCerts" directive for cups-files.conf to control whether the scheduler automatically creates its own self-signed X.509 certificates for TLS connections (Issue #4876) * http*Connect did not handle partial failures (Issue #4870) * cupsHashData did not use the correct hashing algorithm () * Updated man pages (PR #4885) A detailed list of changes can be found in the CHANGES.txt file. - Version upgrade to 2.2.0: CUPS 2.2.0 adds support for local IPP Everywhere print queues and includes several performance and security improvements. See https://github.com/apple/cups/releases Changes include: * Normalized the TLS certificate validation code and added additional error messages to aid troubleshooting. * http*Connect did not work on Linux when cupsd was not running (Issue #4870) * The --no-remote-any option of cupsctl had no effect (Issue #4866) * http*Connect did not return early when all addresses failed (Issue #4870) * The IPP backend did not validate TLS credentials properly. * The printer-state-message attribute was not cleared after a print job with no errors (Issue #4851) * The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer operations did not always return an error for failed adds (Issue #4854) * PPD files with names longer than 127 bytes did not work (Issue #4860) * CUPS now supports Let's Encrypt certificates on Linux. * All CUPS commands now support POSIX options (Issue #4813) * The scheduler now restarts faster (Issue #4760) * Improved performance of web interface with large numbers of jobs (Issue #3819) * Encrypted printing can now be limited to only trusted printers and servers () * The scheduler now advertises PWG Raster attributes for IPP Everywhere clients (Issue #4428) * The scheduler now logs informational messages for jobs at LogLevel "info" (Issue #4815) * The scheduler now uses the getgrouplist function when available (Issue #4611) * The IPP backend no longer enables compression by default except for certain raster formats that generally benefit from it () * The scheduler did not handle out-of-disk situations gracefully (Issue #4742) * The LPD mini-daemon now detects invalid UTF-8 sequences in job, document, and user names (Issue #4748) * The IPP backend now continues on to the next job when the remote server/printer puts the job on hold () * The scheduler did not cancel multi-document jobs immediately () * The scheduler did not return non-shared printers to local clients unless they connected to the domain socket () * The scheduler now reads the spool directory if one or more job cache entries point to deleted jobs () * Added support for disc media sizes () * The httpAddrConnect and httpConnect* APIs now try connecting to multiple addresses in parallel () * Interface scripts are no longer supported for security reasons () A detailed list of changes can be found in the CHANGES.txt file. - Version upgrade to 2.1.4: CUPS 2.1.4 is a general bug fix release. See https://github.com/apple/cups/releases Changes include: * Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836) * Fixed printing of multiple files to raw queues (Issue #4782) * The scheduler did not implement the Hold-New-Jobs opertion correctly (Issue #4767) * The cups-lpd mini-daemon incorrectly included the document-name attribute when creating a job. It should only be included when sending a job (Issue #4790) A detailed list of changes can be found in the CHANGES.txt file.- Replace krb5-devel BuildRequires with pkgconfig(krb5) on suse_version >= 1315: give OBS a better chance to break up build cycles.- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch, 0002-Save-work-on-Avahi-code.patch and 0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream finally commited to cups 2.2 sources in response to https://github.com/apple/cups/pull/4989 in order to fix cupsEnumDests to react to the ALL_FOR_NOW avahi event (and also include a similar fix for the dnssd case). Related to bsc#955432.- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff . Avahi sends an ALL_FOR_NOW event when it finishes sending its cache contents. This patch makes cupsEnumDests finish when the signal is received so it doesn't block the caller doing nothing until the timeout finishes (related to bsc#955432, submitted upstream at https://github.com/apple/cups/pull/4989)- Add /etc/cups to cups-libs package [bsc#1025689]- Replace pkgconfig(libsystemd-daemon) BuildRequires with pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various sub-libraries have been merged into libsystemd since version 209. openSUSE 13.1 was the last product to ship systemd 208.- Remove CUPS.desktop and pixmap * Obsoletes patch cups-1.3.9-desktop_file.patch- Version upgrade to 2.1.3: CUPS 2.1.3 fixes some issues in the scheduler, sample drivers, and user commands. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt): * The scheduler should not exit under memory pressure () * Fixed some issues in ipptool for skipped tests () * The "lp -H resume" command did not reset the "job-state-reasons" attribute value (STR #4752) * The scheduler did not allow access to resource files (icons, etc.) when the web interface was disabled (STR #4755) - Version upgrade to 2.1.2: CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which actually contained a current 2.2 snapshot. There are no other changes. - Version upgrade to 2.1.1: CUPS 2.1.1 fixes a number of USB and IPP printing issues, addresses some error reporting and hardening issues in the scheduler, and updates some localizations. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt): * Security hardening fixes (, , , , , , , , , , , , , , , , , , , ) * The cupsGetPPD* functions did not work with IPP printers (STR #4725) * Some older HP LaserJet printers need a delayed close when printing using the libusb-based USB backend (STR #4549) * The libusb-based USB backend did not unload the kernel usblp module if it was preventing the backend from accessing the printer (STR #4707) * Current Primera printers were incorrectly reported as Fargo printers (STR #4708) * The IPP backend did not always handle jobs getting canceled at the printer () * Added USB quirk for Canon MP530 (STR #4730) * The scheduler did not deliver job notifications for jobs submitted to classes (STR #4733) * Changing the printer-is-shared value for a remote queue did not produce an error (STR #4738) * The IPP backend incorrectly included the job-password attribute in Validate-Job requests ()- add -devel to build a 32bit wine on 64bit only Leap systems.- Version upgrade to 2.1.0: CUPS 2.1.0 offers improved support for IPP Everywhere, adds support for advanced logging using journald on Linux, and includes new security features for encrypted printing and reduced network visibility in the default configuration. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt): * Added support for 3D printers (basic types only, no built-in filters) based on PWG white paper. * The IPP backend now stops sending print data if the printer indicates the job has been aborted or canceled () * The IPP backend now sends the job-pages-per-set attribute when printing multiple copy jobs with finishings () * The IPP backend now updates the cupsMandatory values when the printer configuration changes () * No longer install banner files since third-party banner filters now supply their own (STR #4518) * The scheduler no longer listens on the loopback interface unless the web interface or printer sharing are enabled () * Added a PPD generator for IPP Everywhere printers (STR #4258) * Now install "default" versions of more configuration files () in particular cups-files.conf.default and snmp.conf.default * Added SSLOptions values to allow Diffie-Hellman key exchange and disable TLS/1.0 support. * Updated the scheduler to support more IPP Everywhere attributes (STR #4630) * The scheduler now supports advanced ASL and journald logging when "syslog" output is configured (STR #4474) * The scheduler now supports logging to stderr when running in the foreground (STR #4505) - Adapted patches so that they apply to CUPS 2.1.0 sources: * cups-2.1.0-choose-uri-template.patch replaces cups-1.2rc1-template.patch * cups-2.1.0-default-webcontent-path.patch replaces cups-1.4.3-default-webcontent-path.patch * cups-2.1.0-cups-systemd-socket.patch replaces cups-systemd-socket.patch- Fix bnc#943950, escape the macro call %systemd-tmpfiles in comment.- Add gpg verification for the tarball - Version update to 2.0.4: * Fixed a bug in cupsRasterWritePixels (STR #4650) * Fixed redirection in the web interface (STR #4538) * The IPP backend did not respond to side-channel requests (STR #4645) * The scheduler did not start all pending jobs at once (STR #4646) * The web search incorrectly searched time-at-xxx values (STR #4652) * Fixed an RPM spec file issue (STR #4657) * The scheduler incorrectly started jobs while canceling multiple jobs (STR #4648) * Fixed processing of server overrides without port numbers (STR #4675) * Documentation changes (STR #4651, STR #4674)- cups-2.0.3-additional_policies.patch replaces cups-1.7-additional_policies.patch that still adds the same "allowallforanybody" policy but now with separated "Limit All" to avoid https://www.cups.org/str.php?L4659 (boo#936309). - Added "-p /bin/bash" to RPM shell commands scriptlets that enforces bash to be safe against any possible "bashisms", cf https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets- Fix the previous commit by using direct systemd call and ensuring we work even on older distros- Fix postin-without-tmpfile-creation and run %tmpfiles_create macro on our cups.conf- Version upgrade to 2.0.3: The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include (excerpt): * Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159 exploiting the dynamic linker (STR #4609) (bsc#924208) * Security: The scheduler could hang with malformed gzip data (STR #4602) * Restored missing generic printer icon file (STR #4587) * Fixed logging of configuration errors to show up as errors (STR #4582) * Fixed potential buffer overflows in raster code and filters (STR #4598, STR #4599, STR #4600, STR #4601) * Fixed inside (STR #4575) * Fixed lpadmin when both -m and -o are used (STR #4578) * The web interface always showed support for 2-sided printing (STR #4595) * cupsRasterReadHeader did not fully validate the raster header (STR #4596) * The rastertopwg filter did not check for truncated input (STR #4597) * The cups-lpd mini-daemon did not check for request parameters (STR #4603) * The scheduler could get caught in a busy loop (STR #4605) * The sample Epson driver could crash (STR #4616) * The IPP backend now correctly monitors jobs () * The ppdhtml and ppdpo utilities crashed when the -D option was used before a driver information file (STR #4627) * ippfind incorrectly substituted "=port" for service_port. * The IPP/1.1 test file did not handle the initial print job completing early (STR #4576) * Fixed a memory leak in cupsConnectDest (STR #4634) * PWG Raster Format output contained invalid ImageBox values () * Added Russian translation (STR #4577) * Added German translation (STR #4635) - cups-busy-loop.patch fixed STR #4605 is obsolete because it is fixed upstream (see above). - cleaned up this whole RPM changlog (wrapped too long lines if possible and removed trailing whitespaces).- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605- Add back the posttrans cleanup script as it is needed- Add patch cups-systemd-socket.patch to fix socket activation and to match socket approach Fedora has.- Version bump to 2.0.2: * Security: cupsRasterReadPixels buffer overflow with invalid page header and compressed raster data (STR #4551) * Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was already an IPP keyword () * cupsGetPPD* sent bad requests (STR #4567) * For detailed list see CHANGES.txt file- Enable PIE for build- Remove legacy paralel-port support as it is not really needed as most do not want it- Update descriptions to just state what changed and let user find it out. - Add back comment about %fdupes - Remove exit 0 on scriptlets as it is provided by the %service bla ones already - Fix the comment about openSUSE version on tmpfilesdir declaration- cups-2.0.1 update: * lengthy list of changes see the upstream CHANGES.txt that is distributed with the package * Disabling of sslv3 to mitigate poodle - Use gnutls to provide SSLOPtions configuration directive * openssl is no longer supported upstream * Remove the with-openssl-exception from license - Remove cups.sysconfig as it is not used with systemd based distros - Purposely lose support for SLE11 as it doubles size of some of the sections and keep suppor for openSUSE+SLE12 * even with the conditions we would have to go unencrypted only as needs newer gnutls, so don't bother with keeping the compat - Use upstream service and socket files to allow more working tools - Removed patches: * cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch * cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch * cups-0003-systemd-secure-cups.service-unit-file.patch * cups-1.3.6-access_conf.patch * cups-1.5-additional_policies.patch * cups-1.5.4-CVE-2012-5519.patch * cups-1.5.4-strftime.patch * cups-move-everything-to-run.patch * cups-polld_avoid_busy_loop.patch * cups-provides-cupsd-service.patch * str4190.patch * str4351.patch * str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch - Refreshed patches: * cups-1.3.9-desktop_file.patch * cups-config-libs.patch - Added patches: * cups-1.7-additional_policies.patch * cups-systemd-socket.patch- change BuildRequires for systemd to pkgconfig(systemd) and pkgconfig(libsystemd-daemon) to avoid build-cycles- Version upgrade to 1.7.5: CUPS 1.7.5 addresses some minor issues and expands upon the symlink security protection. Changes include (excerpt): * Security: Addressed some more situations where symlinked files would be served by the web interface (CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR #4455 and bnc#887240). * The LPD backend did not work with some versions of glibc (STR #4452) * CGI scripts did not work (STR #4454) - str4455-1.7.patch (see the previous entry below) is obsolete because it is fixed upstream since CUPS 1.7.5. - Let fdupes only create symlinks in /usr/share/cups/templates/ to avoid a symlink /usr/share/cups/webcontent/images/cups-icon.png because since CUPS 1.7.4/1.7.5 the cupsd web server does no longer follow symlinks to avoid the security issues mentioned in the previous two entries below (fixes bnc#892587 a regression of bnc#887240).- str4455-1.7.patch complements the incomplete fix for CVE-2014-3537 STR#445 in the CUPS 1.7.4 sources to fix the subsequent CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR#4455 (bnc#887240).- Version upgrade to 1.7.4: CUPS 1.7.4 fixes several networking and build issues, and addresses a symlink security issue CVE-2014-3537. Changes since 1.7.3 include (excerpt): * Security: The web interface incorrectly served symlinked files and files that were not world-readable, potentially leading to a disclosure of information (CVE-2014-3537, STR #4450, and bnc#887240). * The "snmp" option did not work with the network backends (STR #4422). * The User directive in client.conf did not override the USER environment variable (STR #4426). * The web interface now properly shows a "Go" button for all text-based browsers (STR #4425). * The MaxJobTime directive now properly supports time values (STR #4434). * Fixed an "IPP read error" race condition issue (STR #4440).- Version upgrade to 1.7.3: CUPS 1.7.3 includes a number of general bug fixes. Changes since 1.7.2 include (excerpt): * Fixed mapping of OutputBin values such as "Tray1". * Several ippGet* functions incorrectly returned -1 instead of 0 on error. * Fixed an authentication race condition in cupsSendRequest (STR #4403). * The scheduler did not add the "job-hold-until-specified" reason when holding a job using the lp command (STR #4405). * Auto-typing of PWG Raster files did not work (STR #4417). * IPP queues using hardcoded credentials would ask for credentials (STR #4371).- Version upgrade to 1.7.2: CUPS 1.7.2 addresses a web interface redirection security issue, some scheduler crashed on Linux, and other general bug fixes. Changes since 1.7.1 include (excerpt): * CVE-2014-2856: The scheduler now blocks URLs containing embedded HTML (STR #4356 and bnc#873899). * cupsDoIORequest could miss the server status, causing failed lpadmin and other administrative commands (STR #4386). * Fixed a D-BUS threading issue that caused the scheduler to crash (STR #4347). * The scheduler now automatically reconnects to Avahi as needed (STR #4370, STR #4373). - str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail is obsolete because it is fixed upstream since CUPS 1.7.2. - Removed the CUPS banner files in /usr/share/cups/banners/ and the CUPS testpage /usr/share/cups/data/testprint (which is also a CUPS banner file type) because they do no longer work since CUPS >= 1.6 (see http://www.cups.org/str.php?L4120) because there is no longer a filter for Linux that can convert the CUPS banner files. Since CUPS >= 1.6 only the banner files and testpage in the cups-filters package work via the cups-filters PDF workflow and the cups-filters package also provides the matching bannertopdf filter (bnc#873376).- In case of systemd use --with-rundir=/run/cups instead of --with-rundir=/run (bnc#871640).- str4351.patch from CUPS upstream fixes https://www.cups.org/str.php?L4351 "STR #4351 cups-lpd hugh jobs (>2G) fail" (bnc#864782).- Version upgrade to 1.7.1 (fate#314630): CUPS >= 1.6 has major incompatible changes compared to CUPS up to version 1.5.4 in particular when printing via network: * The IPP protocol default version increased form 1.1 to 2.0. Older IPP servers like CUPS 1.3.x (e.g. in SLE11) reject IPP 2.0 requests with "Bad Request" (STR #4231). By adding '/version=1.1' to ServerName in client.conf (e.g. ServerName older.server.example.com/version=1.1) or the CUPS_SERVER environment variable value or by adding it to the server name value of the '-h' opion (e.g. lpstat -h older.server.example.com/version=1.1 -p) the older IPP protocol version for older servers must be explicitly specified. * CUPS Browsing is dropped in CUPS but the new package cups-filters provides the cups-browsed that provides basic CUPS Browsing and Polling functionality. The native protocol in CUPS for automatic client discovery of printers is now DNS-SD. * Some printing filters and backends are dropped in CUPS but the new package cups-filters provides them so that cups-filters is usually needed (recommended by RPM) but cups-filters is not strictly required. * The cupsd configuration directives are split into two files cupsd.conf (can also be modified via HTTP PUT e.g. via cupsctl) and cups-files.conf (can only be modified manually by root) to have better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes (STR #4223 CVE-2012-5519 bnc#789566). See the entries below for more information. For details see the openSUSE Bugzilla bnc#735404 issue. CUPS 1.7.1 improves network and USB printing, fixes some scheduler issues, and addresses a minor security issue in the lppasswd program. Changes since 1.7.0 include (excerpt): * Security: the lppasswd program incorrectly used settings from ~/.cups/client.conf (STR #4319) * ATTR messages could cause string pool memory corruption in the scheduler () * Printing to a raw queue could result in corrupt output due to opportunistic compression () * Japanese PPDs using with the Shift-JIS encoding did not work () * The libusb-based USB backend incorrectly used write timeouts () * The IPP backend did not wait for a busy printer to become available before attempting to print () * Using "@IF(name)" in an Allow or Deny rule did not work (STR #4328) * The D-BUS notifier did not remove its lockfile (STR #4314) * CUPS incorrectly used the USER environment variable when the name did not match the user ID (STR #4327) For details see the CHANGES.txt file. - cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf (fate#303515) and replaces cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch - Clean up of systemd unit files (bnc#857372): Make it working again as simple and secure as it worked all the time in the past by providing only one single systemd unit file cups.service. In particular currently YaST cannot manage services with additional other systemd unit files. Furthermore systemd socket activation is currently insecure in case of IPv6 (CVE-2012-6094 bnc#795624). - Clean up how cupsd is launched (via SysVinit or systemd) by maintaining strictly separated sections in cups.spec: Either for launching cupsd via systemd (if have_systemd is set) or for launching cupsd via SysVinit (if have_systemd is not set). SysVinit support cannot be removed because CUPS 1.7.1 still builds and can be used even for SLE11. - The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to 'root' only (related to STR #4223 CVE-2012-5519 bnc#789566). In this context a general security advice: When root allows normal users to do system administration tasks (in particular when root allows normal users to administer system processes - i.e. processes that run as root), then this or that kind of privilege escalation will be possible. Only trustworthy users who do not misuse their privileges may get allowed to do specific system administration tasks.- Version upgrade to 1.7.0 CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5. See the entries below for more information. For details see the openSUSE Bugzilla bnc#735404 issue. Changes since 1.7rc1 include (excerpt): * The lpadmin command did not send the PPD name from the "-m" option (). * The scheduler did not respond using the hostname specified by the client (). * Fixed a couple memory leaks in ippfind that were reported by Clang. * Fixed a compile issue on 64-bit Linux with Clang - need to use the -pie option instead of -Wl,-pie now (). * The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE environment variable to the filters or backend (). For details see the CHANGES.txt file.- Version upgrade to 1.7rc1 only for testing purpose. CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5. After a version upgrade to CUPS >= 1.6 printing in the network would no longer work as it did up to CUPS 1.5. For details regarding incompatible changes in CUPS >= 1.6 see https://bugzilla.novell.com/show_bug.cgi?id=735404 and follow the links therein. The 1.7 series is primarily a "polish" release with improved support for paid, PIN, and release printing, expanded support for IPP Everywhere, automatic support for data compression, and improved CUPS APIs. CUPS 1.7rc1 is the first release candidate for CUPS 1.7.0 and includes the fixes from CUPS 1.6.3, adds a new ippfind utility, fixes some issues in the ipptool utility, and fixes some general printing bugs. For details what is new in CUPS 1.7 see the CHANGES.txt file. Excerpt: * Printer xxx-default values were not reported by Get-Printer-Attributes or lpoptions () * Added a new ippfind tool for finding IPP printers and other Bonjour services () - Version upgrade to 1.6.3 CUPS 1.6.3 fixes some compatibility issues with servers running CUPS 1.3.12 or older, fixes some general printing bugs, and fixes some minor security issues. For details what is new in CUPS 1.6 see the CHANGES-1.6.txt file. Excerpt: * The lp, lpq, lpr, and lpstat now display an error message advising the use of the /version=1.1 ServerName option () * Added documentation about the /version=1.1 option to ServerName in client.conf () * The lp, lpq, lpr, and lpstat commands incorrectly ignored the default printer set in the lpoptions file () * Printing using "ipps" URIs was not encrypted.- Version upgrade to 1.6.2. CUPS 1.6 has major incompatible changes compared to CUPS 1.5. For details regarding incompatible changes in CUPS 1.6 see https://bugzilla.novell.com/show_bug.cgi?id=735404 and follow the links therein. For details what is new in CUPS 1.6 see the CHANGES.txt file. Excerpt: * Security: All file, directory, user, and group settings are now stored in a separate cups-files.conf configuration file that cannot be set through the CUPS web interface or APIs (STR #4223). * The IPP backend could crash if the printer disconnects early (STR #4284). * cupsGetPPD did not work with statically-configured CUPS shared queues (STR #4178). * Bad IPP responses could crash ipptool (STR #4262). * Updated USB quirk rules for various printers (STR #4217, STR #4263, STR #4286). * Added USB blacklisting for printers that require a custom backend (STR #4218). * The CUPS library did not always detect a timed out connection to the server which could cause temporary loss of printing from applications (STR #4187). * The IPP backend now stops queues when the server configuration prevents successful job submission (STR #4125). * CUPS 1.6 clients using the ServerName directive in client.conf did not work with CUPS 1.3.x or older servers (STR #4231, STR #4291). * The scheduler could crash when using Avahi (STR #4183, STR #4192, STR #4200, STR #4213). * The IPP backend could get stuck in an endless loop on certain network errors (STR #4194). * The scheduler no longer allows job-name values that are not valid network Unicode strings (STR #4072). * The network backends now support disabling of SNMP supply level queries via the "snmp" URI option (STR #4106). * The IPP backend did not specify the compression used (STR #4181). * The scheduler did not recognize dnssd: or ipps: URIs as Bonjour shared queues (STR #4158). * Applications could not get the PPD file for statically-configured Bonjour-shared print queues (STR #4159). * Fixed a USB backend compatibility issue on systems using libusb (STR #4155, STR #4191). * Some Bonjour features were not available on systems with Avahi (STR #4156). - cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch is obsolete because it is fixed upstream (STR #4231, STR #4291). - cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch replaces cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch - Adapted cups-client.conf template file for CUPS 1.6.- cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch adapts the defaults in cupsd.conf for SUSE. It replaces cups-1.3.6-access_conf.patch that added 'Allow 127.0.0.2' to cupsd.conf to allow access for the loopback IP address 127.0.0.2 which is set for the hostname by SUSE in /etc/hosts at least up to SLE10 products. It also replaces cups-1.5-additional_policies.patch that added the 'allowallforanybody' policy to cupsd.conf see https://fate.novell.com/303515 Furthermore it fixes some issues with the CUPS upstream defaults i.e. removal of no longer supported keywords BrowseOrder BrowseAllow DefaultAuthType (otherwise cupsd prints error messages of the form "Unknown directive BrowseOrder on line 22"). - cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch reverts the incompatible change in CUPS 1.6 that makes IPP version 2.0 default (see https://www.cups.org/str.php?L3929) back to using IPP version 1.1 by default. Otherwise CUPS 1.6 on clients cannot talk to older CUPS servers in particular not to CUPS 1.3.9 on SLE11. E.g. on a CUPS 1.6 client "lpstat -h sle11.cups.server -p" would fail on the client with "lpstat: Bad Request" and the CUPS 1.3.9 server logs in /var/log/cups/error_log the lines "E ... cupsdReadClient: ... IPP Read Error!" and "D ... cupsdSendError: ... code=400 (Bad Request)".- Version upgrade to 1.6.1. CUPS 1.6 has major incompatible changes compared to CUPS 1.5. After a version upgrade to CUPS 1.6 printing in the network would no longer work as it did up to CUPS 1.5. For an overview about what is new in CUPS 1.6 see http://www.cups.org/documentation.php/doc-1.6/whatsnew.html For details regarding incompatible changes in CUPS 1.6 see https://bugzilla.novell.com/show_bug.cgi?id=735404 and follow the links therein. For details what is new in CUPS 1.6 see the CHANGES.txt file. Excerpt: * CUPS now supports color management using colord (STR #3808). * CUPS now supports Bonjour using Avahi (STR #3066). * The "brightness", "columns", "fitplot", "gamma", "hue", "natural-scaling", "penwidth", "position", "ppi", "saturation", and "scaling" options are not longer supported (STR #4010). * Added new destination connection and enumeration functions via new dynamic destination APIs (STR #3924). * Added new option, localization, and job submission functions via new APIs that do not depend on PPD files (STR #3925). * The scheduler now supports a DefaultAuthType of "auto" to automatically choose between Basic (username/password) and Negotiate (Kerberos) authentication. * CUPS no longer supports automatic remote printers or implicit classes via the CUPS, LDAP, or SLP protocols (STR #3922, STR #3923). * The PPD APIs are now deprecated and will be removed in a future version of CUPS (STR #3927). * The default IPP version for requests is now 2.0 (STR #3929). * The IPP APIs no longer expose the ipp_t or ipp_attribute_t structures and instead provide accessor functions (STR #3928). * The scheduler will no longer run programs with group write permission. * The PHP module has been removed (STR #3932). * The bannertops, commandtoescpx, commandtopclx, imagetops, imagetoraster, pdftops, rastertoescpx, rastertopclx, and texttops filters have been removed (STR #3930). * The serial and parallel backends have been removed (STR #3935). - Adapted cups-config-libs.patch for CUPS 1.6.1 (IMGLIBS is no longer present in cups-config.in).- buildrequire systemd through the pkgconfig provide to get systemd-mini in build environment (to break cycle)- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes some IPP printing issues. Excerpt: * The IPP backend no longer tries to get the job status for printers that do not implement the required operation (STR #4083). * Sending a document in an unsupported format to an IPP printer now automatically cancels the job (STR #4093). * The IPP backend now treats the client-error-not-possible status code as a job history issue, allowing IPP printing to Windows to work(STR #4047). For a complete list see the CHANGES.txt file. - revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of an upstream fix.- license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 Apple grant an openssl linking exception (and an exception for linking on Apple owned operating systems).- Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked via the fdupes run in cups.spec (see the 'Wed Aug 26 21:43:03 CEST 2009' entry below) by making their content different and at the same time fix the misleading comment (openSUSE Bugzilla bnc#773971). - Minor clean-up in cups.spec (the "Remove unpackaged files" via "rm -rf ") is no longer needed because those man pages are no longer installed.- Upgraded to CUPS 1.5.3 (mainly a bugfix release) that fixes a number of PostScript, SSL, authenticated printing, and networking issues. Excerpt: * The scheduler could crash if a PPD file contained an invalid paper size (STR #4049). * Missing localizations caused empty output (STR #4033). * Changed how timeouts are implemented in the LPD backend (STR #4013). * The default InputSlot setting was never used (STR #3957). * Fixed the IPP backend's handling of HTTP/1.0 compatibility (STR #3988). For a complete list see the CHANGES.txt file. - revert_cups-ssl.m4_to_1.5.2.patch reverts cups-ssl.m4 to what it was in CUPS 1.5.2 so that autoconf produces a syntactically correct configure script otherwise "bash -n configure" fails with "syntax error: unexpected end of file", see http://www.cups.org/str.php?L4084- No longer require Ghostscript but only "Recommends: ghostscript" because the Ghostscript device "cups" is needed by several CUPS filters (in particular the "rasterto..." filters) but those filters are not used on all systems (e.g. on a print server with only "raw" queues) so that a weak Recommends fits better. Furthermore this avoids a build dependency cycle between the main-packages cups and ghostscript. - No longer require /usr/bin/pdftops but only a "Recommends" because the CUPS filter /usr/lib/cups/filter/pdftops (which calls /usr/bin/pdftops) is not used on all systems (e.g. on a print server with only "raw" queues) so that a weak Recommends fits better.- In cups.spec only "Requires: ghostscript" but no longer require ghostscript-fonts-std in cups.spec because in ghostscript.spec there is already "Requires: ghostscript-fonts-std" (related to openSUSE Bugzilla bnc#735824). - In cups.spec remove the Obsoletes/Provides cups-SUSE-ppds-dat because cups-SUSE-ppds-dat.rpm existed only up to SLE10 but it does no longer exist since 11.1/SLE11 and CUPS 1.5.x is not provided for SLE10. - Use traditional bash scriptlets for post/postun with an explicite "exit 0" line at the end to be fail safe and therefore also "PreReq: /sbin/ldconfig" explicitly for the cups-libs sub-package, see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets- Upgraded to CUPS 1.5.2 (mainly a bugfix release). This release fixes a number of printing, encryption, and ipptool issues. Excerpt: * The scheduler incorrectly used free() on a POSIX ACL value, which could cause a crash (STR #3970). * Encryption was broken with OpenSSL (probably STR #3933 and bnc#739410 ). * Badly formed GIF files could cause the image filters to crash (STR #3914). For a complete list see the CHANGES.txt file.- Use explicit buildrequires on the needed libraries. otherwise build will fail after libtiff-devel deps cleanup - Cleanup requires of -devel package, which only needs glibc-devel - cups-config-libs.patch fixes cups-config script, which with option --libs adds: LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto - lz -lpthread -lm -lcrypt " IMGLIBS="-ltiff -ljpeg -lpng" This only makes sense when using static linking but we do not ship static libraries and it will only bloat dependant packages.- Update systemd patch, Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen by another service (from RH). - There is no need to use -fno-strict-aliasing in cflags any longer.- Update systemd patch to a newer version that uses libsystemd-daemon instead of bundling sd-daemon wrappers.- cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch adds complete systemd support, the hardware stuff is handled in builtin udev rules (see /lib/udev/rules.d/99-systemd.rules). See also http://0pointer.de/blog/projects/socket-activation2.html- Upgraded to CUPS 1.5.0 (openSUSE Bugzilla bnc#722057) Backward incompatible changes: * The main header cups/cups.h no longer includes the PPD header cups/ppd.h which may require code changes to applications. * CUPS no longer supports the old ~/.cupsrc or ~/.lpoptions files from CUPS 1.1.x. The ~/.cups/client.conf and ~/.cups/lpoptions files that were introduced in CUPS 1.2 must now be used. * The scheduler now requires that filters and backends have group write permissions disabled (security). * The HP-GL/2 filter is no longer included (STR #3322). * The SCSI backend is no longer included (STR #3500). Other changes: * Updated the PostScript filter to support IncludeFeature in more circumstances (STR #3417). * The scheduler now sets the process group for child processes and manages the group (STR #2829). * The scheduler now more carefully creates and removes configuration, cache, and state files (STR #3715). * The lpadmin command now allows default option values to be deleted (STR #2959). * Restored support for GNU TLS and OpenSSL with threading enabled (STR #3605, STR #3461). Therefore cups-1.4.4-str3461-1.4.reverted.patch is no longer needed (openSUSE Bugzilla bnc#617026). * Increased the default RIPCache value to 128MB (STR #3535). Therefore cups-1.4.4-set_default_RIPCache_128m.patch is no longer needed (openSUSE Bugzilla bnc#628233). * Updated PDF filter to support Ghostscript ps2write (STR #3766). * Updated PDF filter to support Poppler option to preserve page sizes in PDF files when the user has not selected a particular media size (STR #3689). * Added new PWG Raster filter for IPP Everywhere printer support. * Added support for a new cupsFilter2 keyword in PPD files to allow for the propagation of the actual MIME media type produced by a filter. * Name resolution errors no longer no longer cause queues to stop (STR #3719, STR #3753). See also https://bugzilla.novell.com/show_bug.cgi?id=337794#c16 * Added a new cups-exec helper program that applies security profiles to filters, port monitors, backends, CGI programs, and mini-daemons. * The web interface can now be disabled using the WebInterface directive in cupsd.conf (STR #2625). * The ipptest tool is now a first-class user program (STR #3484). For a complete list see the CHANGES.txt file. - cups-1.4.4-str3461-1.4.reverted.patch (bnc#617026) and cups-1.4.4-set_default_RIPCache_128m.patch (bnc#628233) are no longer needed because the issues are fixed upstream. cups-1.5-additional_policies.patch (fate#303515) replaces the cups-1.4-additional_policies.patch which does no longer apply.- add libtool as buildrequire to make the spec file more reliable- Reverted the change from meissner below dated "Fri Sep 23 09:54:39 CEST 2011" so that baselibs.conf again contains only one line "cups-libs" as before because the submitrequest 85423 Printing/cups -> openSUSE:Factory/cups was declined by coolo with the following reason: "cups-devel-32bit requires cups-32bit (default requires), which does not exist".- Upgraded to CUPS 1.4.8 * network backends could crash if a printer returned a value of 0 for the maximum capacity for a supply (STR #3875) * For a complete list see the CHANGES.txt file. - Upgraded to CUPS 1.4.7 * imageto* filters could crash with bad GIF files (STR #3867) * CUPS did not work with some printers that incorrectly implemented the HTTP/1.1 standard (STR #3778, STR #3791) * Fixed crash in scheduler when the application/octet-stream MIME type was not defined (STR #3690) * The web interface no longer tries to use multi-part delivery when adding printers (STR #3455) using Epiphany or IE * "lp" and "lpr" failed with Kerberos enabled (STR #3768) * Remote printer URIs with options did not work (STR #3717) * The scheduler now only looks up interface hostnames if HostNameLookups are enabled (STR #3737) * The scheduler could crash if a browsed printer times out while a job is printing (STR #3754) * For a complete list see the CHANGES.txt file.- cups-1.4.4-set_default_RIPCache_128m.patch enlarges the CUPS upstream default RIPCache from 8m to 128m to avoid various kind of printout failures (STR #3535, and Novell/openSUSE Bugzilla bnc#628233).- cups-devel baselibs package for Wine 32bit on 64bit building (added "cups-devel requires cups-libs..." to baselibs.conf).- Remove redundant tags/sections from specfile (removed "norootforbuild" and the "clean" section).- "no" locale is "nb" (norwegian bokmal) these days (move /usr/share/locale/no to /usr/share/locale/nb). - "zh" is probably meant as "zh_CN", as "zh_TW" exists (move /usr/share/locale/zh to /usr/share/locale/zh_CN).- Cleaned up the RPM Requires: Removed the needless "Suggests: poppler-tools" because there is "Requires: /usr/bin/pdftops" which should be sufficient. Replaced the RPM Requires for foomatic-filters by Recommends because foomatic-rip is only needed by CUPS in a few cases and printer driver packages which need foomatic-rip require foomatic-filters on their own.- Upgraded to CUPS 1.4.6 CUPS 1.4.6 fixes in particular a regression: * A change was made in CUPS 1.4.5's pstops filter that it did not support landscape printing of PostScript files (STR #3722) * For a complete list see the CHANGES.txt file.- Fixed coolo's quick and ditry unconditioned "PreReq: sysvinit(syslog)" stuff from below because build fails everywhere except openSUSE:Factory (i.e. openSUSE 11.4) because sysvinit(syslog) is nowhere else provided. Now the PreReq is only if suse_version > 1130.- prereq init script syslog- Upgraded to CUPS 1.4.5 CUPS 1.4.5 fixes several scheduler and printing bugs as well as a reported security bug, in particular: * Fixed a IPP parsing memory corruption bug (CVE-2010-2941, STR #3648, Novell/Suse Bugzilla bnc#649256) * Fixed a PPD loader bug that could crash the cupsd (STR #3680) * The scheduler restarts jobs while shutting down (STR #3679) * Did not initialize Kerberos in all cases (STR #3662) * The socket backend could go into an infinite loop with certain printers (STR #3622) * Moving a job via the web interface failed without asking for authentication (STR #3559) * The web interface did not allow a user to change the driver (STR #3537, STR #3601) * For a complete list see the CHANGES.txt file.- Fixed /etc/init.d/cups (cups.init source file) so that stopping the cupsd waits up to 10 seconds until the cupsd had actually finished (if not SIGKILL would be sent to it) to make sure that "rccups restart" and "rccups stop ; rccups start" work correctly (see Novell/Suse Bugzilla bnc#622058).- cups-1.4.4-str3461-1.4.reverted.patch reverts changes by CUPS STR #3461 as band-aid workaround for now to avoid that Mozilla.org applications crash when they try to print (STR #3461, STR #3605, and Novell/Suse Bugzilla bnc#617026).- Upgraded to CUPS 1.4.4 CUPS 1.4.4 fixes several security, scheduler, printing, and conformance issues, in particular: * The web interface now includes additional CSRF protection (CVE-2010-0540, STR #3498, STR #3593, and Novell/Suse Bugzilla bnc#601830) * The texttops filter did not check the results of allocations (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352) * The web admin interface could disclose the contents of memory (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271) * The fix for CVE-2009-3553 (STR #3200) was incomplete for systems that use kqueue or epoll (STR #3490) * CUPS could overwrite files as root in directories owned or writable by non-root users (STR #3510) * The OpenSSL interfaces have been made thread-safe and the GNU TLS interface is explicitly forbidden when threading is enabled (STR #3461) * The scheduler could crash on restart if classes were defined (STR #3524) * The socket backend no longer waits for back-channel data on platforms other than Mac OS X (STR #3495) * For a complete list see the CHANGES.txt file.- Update cups-1.3.9-desktop_file.patch: add the Settings category (required since we use HardwareSettigns) and add NotShowIn=GNOME: in GNOME, the configuration tool we want to use is system-config-printer.- Explicitly set configure option '--enable-debug' because otherwise the cups-debuginfo RPM would be empty. - Removed no longer recognized configure option '--enable-pie' (it compiles and links with '-pie -fPIE -fPIC' by default). - Disabled .SILENT in Makedefs.in so that make is verbose as usual.- In cups.spec removed '-r' from the suse_update_desktop_file call to not replace valid (and previously patched via cups-1.3.9-desktop_file.patch) categories of the desktop file so that it shows up in the right place (this is particularly an issue with the LXDE/XFCE menu).- cups-1.4.3-default-webcontent-path.patch changes the default path whereto the web content is installed from /usr/share/doc/... to /usr/share/cups/webcontent because the files of the CUPS web content are no documentation (see CUPS STR #3578 and Novell/Suse Bugzilla bnc#546023 starting at comment#6). - In cups.spec replaced usage of the RPM macro 'name' by the explicite value 'cups' (except for the BuildRoot) so that CUPS could be built as well with a different package name (e.g. when someone likes to provide a CUPS SVN revision as 'cupsSVN' or a specifically adapted CUPS as 'cups4me').- cups-krb5-config wrapper script for krb5-config is no longer needed because since April 2008 krb5-config works correctly (see Novell/Suse Bugzilla bnc#378270 and compare STR #3556).- In cups.xinetd replaced '@LIB@' by '/usr/lib' and removed the perl substitute calls regarding '@LIB@' in cups.spec because since the upstream compliant CUPS 1.4 it is '/usr/lib/cups/' on all platforms (see Novell/Suse Bugzilla bnc#575544).- Upgraded to CUPS 1.4.3: * The scheduler could try responding on a closed client connection, leading to a crash (CVE-2009-3553, STR #3200, and bnc#554861). * The lppasswd program allowed the localization files to be overridden when running in setuid mode (CVE-2010-0393, STR #3482, and bnc#574336). * The scheduler would crash when an active printer was deleted. * The DBUS notifier did not build (STR #3447). * The scheduler did not reset the SIGPIPE handler of child processes (STR #3399). * For a complete list see the CHANGES.txt file. - cups-1.3.9-CVE-2009-3553.patch has become obsolete because it is fixed in the source.- CUPS 1.3 -> 1.4 version upgrade and major cleanup: For the CUPS upstream changes see the CHANGES.txt file. Such a major version upgrade is the perfect chance to drop almost all our own patches to enforce a reset to almost 100% compliance with upstream. Here our openSUSE CUPS versions and their number of patches (i.e. the "Patch" entries in the cups.spec files): CUPS version 1.2.12 in openSUSE 10.3: 37 CUPS version 1.3.7 in openSUSE 11.0: 29 CUPS version 1.3.9 in openSUSE 11.1: 26 CUPS version 1.3.11 in openSUSE 11.2: 17 Of course this includes patches with backported bug fixes via our maintenance but nevertheless there were really too much openSUSE specific patches. Therefore I would like to provide CUPS 1.4 "as is" to the furthest possible extent (there are still 6 patches left). Then let's see if we get bug reports because of this. I did such a reset to 100% compliance with upstream already in the past for sane-backends and guess what: I got no single bug report at all because of this. I guess what they do at upstream is actually not so bad ;-) - Added the explicite path to '--with-cachedir=/var/cache/cups' in cups.spec to avoid that the fallback value 'yes' results the cache directory '/etc/cups/yes/'. - cups-1.3.11-CVE-2009-2820-regression-fix.patch and cups-1.3.11-CVE-2009-2820.patch have become obsolete because it is fixed in the source. - cups-1.4-full_path_to_configure_with-pdftops.patch has become obsolete because it is fixed in the source.- add baselibs.conf as a source - enable parallel building- Fixed the URL and MD5 sum comments for Source0 in cups.spec. - cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug in the scheduler which leads to remote denial of service, (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861)- cups-1.3.11-CVE-2009-2820-regression-fix.patch fixes a regression which was introduced by the previous cups-1.3.11-CVE-2009-2820.patch which lets adding a class via CUPS Web Interface fail with an 'Unknown operation "{op}"' error message (CUPS STR #3401 and Novell/Suse Bugzilla bnc#548317 starting at comment #24). - cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface Cross-Site Scripting (XSS) and CRLF injection in HTTP headers (CVE-2009-2820 and CUPS STR #3367 and Novell/Suse Bugzilla bnc#548317).- updated patches to apply with fuzz=0- Fixed as-needed issues when compiling additional tools by using the right ordering of source and linked library in 'gcc -opoll_ppd_base ... SOURCE1 -lcups' and 'gcc -olphelp ... SOURCE2 -lcups' which obsoletes the 'export SUSE_ASNEEDED=0' workaround, see the 'Fri Jul 10 12:34:54 CEST 2009' entry below. - Run fdupes.- full_path_to_configure_with-pdftops.patch adds support to specify a full path in 'configure --with-pdftops=/usr/bin/pdftops' to avoid 'BuildRequires: xpdf-tools' which would bloat the build system but would be only needed to satisfy 'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)' in cups-pdf.m4 if only 'configure --with-pdftops=pdftops' was possible (Novell/Suse Bugzilla bnc#526847).- Upgraded to CUPS 1.3.11: * The scheduler and cupsfilter utility would crash with certain MIME .types rules (CUPS STR #3159). * cups-1.3.10-fix-DNS-rebinding-protection.patch (Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238) is obsolete since CUPS 1.3.11 because it is fixed in the source (it is fixed via CUPS STR #3164). * For a complete list see the CHANGES.txt file.- Set 'export SUSE_ASNEEDED=0' in cups.spec because build fails with --as-needed so that this is for now simply disabled.- cups-1.3.10-fix-DNS-rebinding-protection.patch fixes a regression of the CUPS 1.3.10 DNS rebinding protection which lets e.g. "lpoptions -h localhost -p -l" fail with "lpoptions: Unable to get PPD file for : Bad Request" and in /var/log/cups/error_log there is the warning W ... Request from "localhost" using invalid Host: field "::1" but "::1" is the IPv6 loopback IP address for "localhost" (Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).- Upgraded to CUPS 1.3.10: * Use a wrapper program filter/pdftops.c which only calls /usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops) instead of the CUPS fork of the Xpdf source code which was in the pdftops directory (CUPS STR #3129). Because of this cups-1.4svn-pdftops_as_filter.patch and cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808). * The scheduler now protects against DNS rebinding attacks (CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624). * cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2979). * cups-1.3.9-max_subscription.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (no CUPS STR but mentioned in CHANGES.txt "The scheduler would crash if you exceeded the MaxSubscriptions limit"). * cups-1.3.9-filter_png_overflow2.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631). * cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2966 which is the successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543). * cups-1.3.9-cupsImageReadTiff.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895). * For a complete list see the CHANGES.txt file. - cups-1.1.21rc2-preauth_security.patch and cups-1.1.21rc2-usermode.patch and cups-1.1.21-umlaut_printer.patch and cups-1.1.23-testpage.patch are finally removed since CUPS 1.3.10 because they were made for CUPS 1.1 and were no longer applied since CUPS 1.2 in Suse Linux 10.3. In particular cups-1.1.21rc2-usermode.patch can no longer apply since CUPS 1.2 because RunAsUser in cupsd.conf is no longer supported since CUPS 1.2, for more info see e.g. the "RunAsUser removed; reassurance wanted" mails on cups@easysw.com. Furthermore we neither got any Suse Linux/openSUSE user request nor any SLE11 beta-tester/customer request for them.- Replaced "--enable-static" by "--disable-static" in configure so that the static libraries /usr/lib[64]/libcups.a and /usr/lib[64]/libcupsimage.a are no longer built and included in the cups-devel package to enforce detection of other software which might be built with static CUPS libraries so that those other software could be fixed to use the dynamic libraries (see also Novell/Suse Bugzilla bnc#509945).- Set BROADCAST="ipp" in cups.SuSEfirewall2 source file (which gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups) so that adding "cups" to allowed services in the firewall also allows CUPS Browsing information via UDP broadcasts (Novell/Suse Bugzilla bnc#498429).- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow in the "_cupsImageReadTIFF()" function CVE-2009-0163 (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).lamb19 1553535290  !"#$%&'()2.2.7-lp150.2.10.22.2.7-lp150.2.10.2cancelcupstestdscippfindipptoollplpoptionslpqlprlprmlpstatacceptcupsacceptcupsdisablecupsenablecupsrejectlpadminlpclpinfolpmoverejectcancel.1.gzcupstestdsc.1.gzippfind.1.gzipptool.1.gzlp.1.gzlpoptions.1.gzlpq.1.gzlpr.1.gzlprm.1.gzlpstat.1.gzipptoolfile.5.gzaccept.8.gzcupsaccept.8.gzcupsdisable.8.gzcupsenable.8.gzcupsreject.8.gzlpadmin.8.gzlpc.8.gzlpinfo.8.gzlpmove.8.gzreject.8.gz/usr/bin//usr/sbin//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9816/openSUSE_Leap_15.0_Update/d15cc97a95df0f61419aec243e733bb2-cups.openSUSE_Leap_15.0_Updatecpioxz5x86_64-suse-linux      ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=df287753b6e62d4a77844cfe369e3664cba72bd5, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=227f9031788f611ff8cb112cd1bb99bbe56f198f, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=00a6b79b89bf77f9392e5fdf882074894e9dc1e0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=4b00d5e1ed0fba03a779601b8aa5eb8121bd52ba, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=876bdf417c229261d4812deaf1a541709a1db3ff, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=21ddb5dbdee80f1f12bdff5a80f7fc46dcb75cf0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=24b25e5d82ef1b56f80c3c0d8d8968d07d185e61, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=6585a30b86c3035eb654543f8d3a40f946f9f64d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=409aa4fef1c0bf95168bf01aa7e10d552e83d0d5, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=73611771eee2c80a4b18f5459d1370fd98aec0f4, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=41f1f1a86d31d467a6624e931af57407ea2070de, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=3b70431640e628e7a0c22da13b069a08fb453714, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=0eadfc66e54e7cfbfbb3db1b59bb8337f51266ab, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=fe13a7b995974c849cc273f055a357c7d93f58ad, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=070b1cb162b0b5485d195a582eeed21c5400ad42, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix) %,29=CGNTW RRRRRRRRRRRR RRRRRRRR RR RRRRRRR RRRRR RR RR RRRRR RRRRRRRRRRR RR RRRRRRRRRRRRRRRR RRRRR RRRRRRRRRRR RRRRRR RaH˒ͥ 'utf-87f27ec7ba2970693f435b79894238a9b635925cba912d4ae608e3c4e8a8bbdd3?7zXZ !t/sX] crv9uA'zyºAnͭ.eNک81:XuBRY~ |_ O EĹ聾ࠋ*0s&e:ku&]mGDծ jgbw_FϽȝ0.[*Mucc{@mC1];MV}?_!A- m}NF%y8D(nƄphyY $ T'&sJprM )وi!OHFpP󀞤}GCE0\`5;x*u*+M>W+XyFDةWG?W#q4Hv2ID3sMa\+SB*-s-`Og=^qb-lw*Zcg=@E keP)MM<eje}5C; 0{ڙmC;a 5Qd% @!<0s?٫;j(+Ņg9ase$x;N3 Sڱio}F{+Gy np1`ZOg<.DElx$]jlyy0E#JQ\13 _*ډV3ʄ{`YՃsݍ(,Y8ÄHy~,NiyYڝUK̘8I{|-7j4=sDjAү}Ir"gRSQUWrF{h Li6jDiA k`Շs?]:_s%AgD_Z uJtC֠ZNfj,`Ȱ7"ϴ[ZN*]Ut-r Qb@NoʽT/wQYz=|C[Q̴3#>'  6 XhwOKt]|Qƶ {#؜*Sͯ˷lJQw >m&v</mGh<߷*B w_y̭`h,Ac%pp/r/ $H-GK "ֽSdG˲R$` 2/ÌkϠ:H G^B0v+ i\P$s+/ #J+3=n*=4XRM햎cn u/FfQ2oO|gWf=4-V{c8{6ofq3V9p酪( M;A .|yoEAH Nlpwwr qUrjد"9dvy^! b3 vDG/)_at/}c3M¹]i4dvFقBE0Njq`. }bD0+?;d{W_X]rpbgy \ +ūEZ_ZJI?\zG`cF"t,.dQS%u'*c4Ϸ:3KnwR̻gY(Q^Ƕ<0j-C5YfGDq.EtVacRbFʄy!uԿWѨ-BnN:!n6n6 p,IA H9v g6\sc4gӬWLznU{A GB2de4$I@MG}9P3 y%(M2 L聹 =K8N=q+o90ە${YzVT2.-+V|i=BA)o$zzzܫ# {9K#B4`hM~ k:<ǰRoZ\<.БF}@_"V౜Lv5@x[Nǹv'8˝EE$ȫOc 80BvrԆ&8:}zWl h]ۇ4 -|jX\Ϡp}/ڲ|}K !&5de;MHRwa0 [糅shx=zAZFF$EQ^`0dTwabt$W_V^ hwvs ;_GBL5F#VT:O׫Ie#=6XoVENU} D/oY; J${E+Ѡ=nY>NgY4ݳҿdxǰ4'A tN,u?DqW<Sx!aF9.ŷuJ]N#&qj }Ηeosp".MT;Pq |tؿh7HQʔo*~\HNAۤF" kFPE6` \$ǠӞև|v)m'X?*;ajhu.Y`~I y.K2;o!v ?!ai@\5+#e{.r`\Um̳dЧ&zvM6 8]$sŅ\(oA6ԺF}m2̤)dNW.#tZ@gK3*OUJD詛PٲiM֭z!IyE$tML¬tC`;nhȑ/$kb( <Ȫ@BWQ{!QN(D![&y3n8QƮc\f]S%~d㹝)^H,ialD4IܳrlynD6g0+aפ: -haH$_o2yLti ɤA[-H`PUFDq79m%nM0_jdDf=`.d.2SfO( yjX-pΛF݆¼fnyp^Y̘4]Rh ,0|jg{ 6w\4WsWV`m3S9c:Z C^{fa%Tz폁jw|$MI.ɁG yrgo0FǟOi`m{d nK%r}30T^D4E|^*7la ں 4 Y}SDѽCy!qZ'<|;lQ@e_8P-ٳi7`Jˎ^s&O&M*N _Oi/a'I"OxZf3LzWd"@Tn.; խ=?r ET1S DR!4Sڜ&K VYdSU\J{[$E.RZ3ZO`G<*d Z$ &燜gB0R'_#,;m&oQ;bJ 6`ICr;ΞXmV4o_~\% 3V c(HZ'Խ{IϏN(0H҆hxE@Ǿ¶ʲ{\ѺC,X#3Ot +,Aqd,5'n͓m{5HN\j z q@qFEkꢻM},HjIl# xdIUr:pt*T?&\3ʘ37/Vr()s~t7n/m9 e4eqM۷"=OF[j&9?|%{cQR K # Ȅ"q]u^M oîWkTjTNRﭰ 'aPI,bk5s4EjBr lO UO7)h&yL4ӋTV!iX T |f/|,m5A,g]j˚N0Ζ>_$۵SE#b"Biw@ϼ5\_'ۿ"9GpFD.xĴ`2nWJa|}rlu6we)"4~D_ Pt=e5%Xnw,s`$qa#m]* 7vUKY:utb(Y`z'kx5@Ul[g0nGtۮN=񟽋]WxTM85g_ʣ|Q5d!;TGQ"ucm^xqjbAZb@޻>pKlYo*d˨YdgLjl8agzBcXePﲘ h3ΐ)-[O5tA&r](xDeY~1#K I qP Gx鉅G.i' oQ3sU=#.T)37 ѧܓF jǑo^.2~&w~֏9J$HjA~ PdCOМdFoY0ckzjY%Sc#'̿OS>rQO$) ^v)km9'U~xA(UcrdȤkdVd߅\ JAvKGLia1L0=r[5ӝ%4?6dxo `B]@? 4A_;zAvN' cR×4Pñ9-hi '!F$H0Dh$' keog-(&0X̪t_a)Nh}۹Ƀ嘡^ߗ!OkMؽJ` S䜰jmWx2N,+Rk1b&ySp'(ЭFs'(;Pcc]q'dͬv)JS0h y>+ٿ0#"HC-{]:HޠfYg7'+.€E}Xh*Άu̕EJhgkv&oT%^A.\[I5ܦ1~GDX]lj;0>0,O/]v|[\7%>M2MxNط: "gŘQfk?DP+ekd cZHu)N:+ϯׇ8SOeƊA֪B F14&P7_8 Nb7`L[c>,Mt(/NL4CBDkP*QlhӒP%Ӳ5s3>ǡrmX`>FPrs.B5J~.>7T77mjq 0g1Q_r8O^NDV"]yUoo4M֪ȷ$PA{碔ާH|X^m23xI>jgmtXR(G E^F u倄AV&Ȋ>Ɛj1Bꐉ!O?+QfSz|Vc2 {8[X;Cp(ɵ`8ش%^\~Bd4X? V䯞4ݒBdD!orz˘,ʣy`,p%P5@D1H6-tR 43dl(f.AXNk"}W [Ҝ"{&RNVib3*P:G(~n1ԼWO8֌FK!1B~;W@>% .;0Ql<( &KT1'芺|%Kd*2t<'Dls,AhvؘN+{9v"܌╵VSD[ tee+`|c1[ `4:+0TXS rA5,3"*Rk #A88r⣕SղR_Bj.#W:i'a/+7Hדǒc^7bX~tseu{ C+wS@h m@MR5ZEb*6’ c*VQ+d1fX#/M x)o鮎|82媔`hY uPWc^% N!Dzn}D>9_Ҡɀ$\M2;FE1ųܣ|\hBRJmXx ۪cT .]~2(Kԑ52B H '@9{5 Bc Ŧ .U8]!^c 1yFЀwE0'3B6Dܯx$LE(R3K&Fԍ&U8*Ѯ)mVx0 y\y7s Mak?gG*Rۧte 2ӕ_5dǏuù+y~7twFޞ+"a X#_Bjp>s >X*/?5SH<,h}l"X' E٬pg]dlulBo'';`xCi4̶ZxH`D x(BBtJvOE&bb˷9Fu9BDAӹk) >q`΁bqt8t%ʐ/4onN؉)EfN[;h@ϲən '^W%(bq/AF{@ f .ufuނ1 #JzErfursl \1ãCI ,-nOfDհN9"'$G;h&hA7Qp*WWK;4 Cbj\+7YǃZZ(m3I]=>}R^Q;`¶_\?RN!_^}(*8WF`3;y@xܔG=K3L<SJ΃TP/PEJD0iGp9\r*FP)`,Q.Yi4gUYO,_oNyATJ[2 |$sv4dVg D>YnD)ߨ-riƌ)dm~\g{ڎo|y{"BU®Z$YP,k<e.X2mR(qALJ#}1Ҏ5)s$[RG1MgeUp Vh*:@Z5oFb-dZ{{ӟhNZb:pl&,-f"uʵ~?^W="0:2 0od#e%Ŕ1)}P?f|4fYFaaT+!Y, gUKPm%ILWn2\m5R؍0ezЎ!J52N>{IC=$LK9z=oF91W.pEa-ډ`3/d6yI\X|Q-OBM6Wnݾ B!dČK+iN.*#y3\x\ 詣f =@ 94.?(Q;0=bje!W&ֺS+i@nzqZRɬ y)O M #t" pm=5QՏ=Q M鐅xosͫ_*sM1qtLOW)8 ܾ%;%BCZ$jI"_]-m[95lF1 ;*C`\v7ya1}y"˫dj{^ {vEIx_RH$:(ӹi̕" b6Z+Oo2J&+{C&yT>\U˛=t*Y^Ӟc_Ⱥz4 -2[:CT:s۲ l]S[YLI5A"Cw1V4/-,vѡ(C0-{cW􋞱 Gy06-EO\o1a9UI-}'2,1]t3~p:Uk@ik`Z7&,y auvdݶ/40\pv/׿![KT{&6#VY&3ʊ 3x+!t?KYRTI9Jj[1`*"ʬͯ n͸0&rQ :y^{{ˎmD/>CqB gbbMή wm Awzc̎Gמc8`(_iݪYىOD{,ցyա>ptjrfaeCO#E@/h3X'˨k6)uo=oNk KߖZ|fd)#w&VrUP}]C)>{o.Vȿ{菲~|&W ^P'^P̆9w}I(!C=hBTF 1 *CmXgC)bZqJ/,`  2/Ŷ@Lw3e(؋ N4Q;`^ tEo{ͤDʦt3_aq,K3t*EG~<ly9pG6&9KnVKCg/}dNΊާz88_V"9 9(Z0 V'X 4'E5 9L2^% HKp'R 2<~! Kd9,9fLxe>u[%OV-ˆ˂Qݑ`"2XDZʀSo&vŰ_|7K P|ղ1C@\uV~NLlaU F!-V'mCuRyi ō4w,JZt'Cn䃪†%` 5e/v=Oid&NNDoX:G Yo7)[܉"ɛL ƾ4sm5czঃ^]8ok g 7QFb;.#.T|6fƸq qOPf΋[eq/>H3Ѭ.lX>&r*$ȯ<^䫁? .žSK[a=(8 lͅI %omVV_P n·xDߒ Pq /lD4ǂܮ^**U1>\=jhX֒*dqhhf(r*;Eq\zt4- vxq )AB!bw`}N(ZID96u"tq+zߕH?Rdr<0"9尰Bl*3Nm ۠^!Ggv #,80릔kZyC@sa >B@],b[Qlѵ]?M? N"oىwO Xw_Xff(x9wƦz/NÌfگWl;9z)%{؅l>~T<\~yg۫ F%Y MDcj4$gVvZ/wuݽzuE^@/$썳ją0sQ/םjC(9bbԱW;V<F~Jgšq0Gz?0w?.^ya:֨-{fYȡDj)*sI9ѕk\H [ uшe~{]Չ-Ir YNjnjF{=6gcn&܆lЖMXMScq$Rt}͙Q5 Eq."^ȶjLy Y΢venMبGǃ㘓al;HGP}XfP*ﭮ' d2X (qjQ&QC$]T! +?LE H={HПPj.], )9Fxsչ*Oť%Hl3)_Bw5 j91J]ye;5 1s` ?430MIz{x<-sg%Ok oKB3сNBQCԢ'cb%Ea0'IHIJ]ib;9v.pR4Y58 O2#]s~jZ͆uHA & tyB֯Lg5gx2,(scQTQ%aDtxQw^Xl%~_'* !qv$^^ʛ.RB0@}; q;P\m EǞ݋#';#5ToE5M![F=}*5 '+ɺ^ ,u?uS6fqj4SoHӾJ/y8k+D9j3L=Vu-%H$dAyopgrUBKwn0a+wHT_=@呎uNߘH"uaѰ{apꀌ40v k鵟y5y#i/72ppWEȟrI_L~Bzb3-H7MP+AȀQ(KEBpwah 2P20v^6C[̳t~S5s.`6p" R &1+]8>]"oֲ!=B{Z AR$D֎\UdB[cufυ(#򛐿0 #VL6cM.ڔ'cP5΢>yۃ`PHR1Zh(*4_Y)ĵNL$Tye;,>#GyYMSk+l=gGR@'[3aٸ]<VM 3զB.=|v ;2e%6p0 2/}q}k3uy'|qu˩cJb641~*(LSvJ߬7#)]`s!25IGm42N!C巅7ld11q`o/a}G%cP}*/ J1ٻc,s)m;*dGjmal,'3Iܟd .Xjx)㨸z,Xm̛1Pd!{/Uq`d4rQN`mEˁ?|e]՚0IrU|]><d\J+d} k2۝Rdud\[ z@>C}Q`5z$gvjeVGdah6l `"ߋŤloAJ?|kHI#1kn (5B[B\7e@chEKm@W cdl`|9gjP*h \(pȣ_}5L(r. v[/$CV\ה~(FD $q8/`x4tj̻z)Ŋޑ:poV<}^{אHK|n)BbB טk%R[9CQs}x1kDbs~ sUMcIϲdLi-Ng9GnfPο?d;.գ_1nK K9Dr CtX%4D%$'d|aCzB?V)0쬬rdX> U\^ F!ik"]_ħoqi0 dzx=X ?ZIj薪 .=K5x> @ U%O*.B Z7OJ#zU%Jj%t?a"Ꮷit~BEk%ΑXB2j]ʰM%Nl8W[i =Ym(ؒ3\ӀΘfAde'!z]sX>DGx!;9BV 0 BA*|l2t_;T^$FP,0O ~8 PٮwI pfxij>atNHz"I҈Ҷ?&ӹ?*|sG!2}Hɞ 5v{H ^4gO?3HX:-57wXv܍h+`_خ4aB+Ae#yb p=$zG67@o0ꖿRE츻]Kuҥ'3`$ o<ָ<=A_܃Xh O㬫oI3xegvIWs{rdAtae[m3= 3;k 51/ۋ~VYxh24u#T\g?nQbiIK(9!b01K3&#şD ⭋xtO";}OZ߻FO|6/hG8 d[ZÞC;3r-AE,Z״EWr*'\ҹB֊.-ylNԽӊRQaƬ܍|a0y@T]^83 Tqcd]tɣ1~L o}2 .t1n.䧬7o ݨʤAx\}wE9;7&B= P 4,Cw[WNoCp= X4[݈*^L<ܽz%" BsE+5_ [K(޸w& EȢU1@O-<@d#Zy.eƅvq8,]Ǘ.#)2fiPIn,m-k]`rw{~#mj}cJޒ-ծ`2H#dL5*׳R:ňC|(cbNl W]KHF2s4l a ۣ?|N/њ |G/%\1 @ˌ2(ǗτoRJģT2{I|5GPn,JTr ŜqV AݿwFLiwQs7&ѼVh5PU Q>qgcuJMfRԊE jx~m{_.֞i["|gY$`kmc嫦+X~&T3l?c?ljK-y}Ǎ"G@Tg ,PGXm!yS]!ElLwZݰbATjq w&gi_'%mcZyF$ RP#.34vuU<ŵ܄ߦnK$2e6m$ҽD:ll9|)tJ %8_xlˋ!HpXd|8@&ض`*2jo0ZAem+{b&-: :rnԝ_!xoL2k\`ZV8;bgc 'F1 Qssوm9AaZ0A90$5J;,k8 Ѿv 3hfr_)YZ`P]pNFM y%WKtʫ ]`a62*۩,٣xZ#ƴ%\U5D\ew,P%yK,ˇxvRo綈dAQ82"yIأvX+C3^و"M10DVM*?$6F-y:+37.~ 90Seuh<ԋY\]!s " XZ żrsfD kMrizSUO5mԣj ;8iRH?UqbXZcᅦKw7C`ܴXwm)ȭ$3Nj1 +x"Q\nϜ6^2SKrlpwIa z} U-*de(hr3]{\筜Yβ]zmҒb.E!A5?V _ʞsV[?CZ, E.V񾐶@nI$O%Ј ?:U/Զe }\2moAr*۔-s>9gu  slуQO2Bq튉<q[kXS˷噝ݓւ].yeME)_C/T]^ Dp>!J/la9).B%ζEֺɞyslбvEʢٛBL ;b^J7l&F-Q{ʕi[j Wl덫 '2{}je`ƃDUK_n&HNֹ{E*߇92 ~ڗjH톊 捿¦Trdid+zy_ͨ M, BQ[Z3{pf({uޏG V|ﳜV4\ ̝Tƺ(v}+NJe 1'+"۳١M#߰-RDm {yo8b͵<7QrL9H*tSg.WrM /I2I# Hʀ;&mh>]<=B;sC[}\M& 㾜|x&\mOK&YSTQ*xTG(v|I._Ǫ.I4;C ]o ypJ ilΓ%&-`F@  kQ!yy`ax>XrR$nO8!u|obDIMj'UFD l'!89N/RZ3N  #HTF ™ԡ\c Ki&xG3j(;ޖYJ rv(*->۔ghaʫ Ŕub5|+wŚՁFd1|s@pZ-Myrzr :ι[NSaJNmEB4+#u*mKͅ`yh`p~Z\@t O7qN2, [:cgG# s'SvP;coI h|)RW;ƚNǤ'V `PM6͍L]T2ؐ1h 5&}8w*0U%8(ic!}8c>2#< 7[A#d±a_ce^}2Tc_#+; $u'dXH10Wf-aD\?:a:C_NDTbm*í4NՖw}ڤ;&sUZX); 6c)&mM)(H/rQDo0gլᏍ=zZ;0£[4tsq`S  кۼ @%)Kp +pH#L_k%an{fޚ!R%ʨi@=4$ʈ@߮JG=P߃R{/m雈./zo'r>TH1)MaF]3@ 7 >6 p N*D3’M*+k e}f<H%=h)Z]z.xa7t9^,y)Rsp n}.Б@?>"2l<@bt"BDa,sNol\e:E jA~2 }׊t_A(0v]7 !(jd7B@OBwg6KB )vL(Lfz)"q4զ Z36$3ǤݲTvH򑉍ҸAx%.9׍q8>FQwc{$#[`Az qx;nqjj q_{ǞӺP] 1L a~XSmvK>PW7e[o XEoKL癩2; IUi{hl#$ d++g*<ٮ:rзOl%,ɩڰ61:Ik51݉Sa֚a-9aYB8dp8px7ZPGJQLvsFby;B%QL:DPO\'Y*9z״ܵY [Arɕ؆wNzG&\ 8MTۯ.8Q+J:p 5AƷ4=lE |;O*W|\e[G9PH\VC3 v%Rk@HxȲlK>?훗tA._24HYȨE33:r-ߺ#{N-Ä˼]P*@4~〞]MfHu#L[k' !WHͯHiJ|KOSo{ e׀m'ɭPizShC6s%Ui\dDL>E|o%5얼N06MwM嚏g>hk}ֻXĉ@jwu_UÞ5]Zau;yt&P)!Lx#BTZL74},I#u5lE4=-jZN71ZeL#:1ҍMЉ?pAJo]{ef'Ę!;fC)OW1NֿG{|w4@z@aͺP/mt\%d<~ught~EuBO'Ldv>ʢ;4 L/9OR6U)#t{xX'Mez+">0pV4U? ʃ<(2q6f6 `_o:+ns3x˧)P^䧆6oPtPw`PMRVAD$KW^Q慳Fս LR9Dl5I8 /#ώo,2#4k"8 cU094d$;B|l?:(:NN5)E.bMԟ*FHzeʴwo:E<[X+żR=H"#$\x4/^"}#  贔ʘ, Ҋp ɳcwI҂^м={^؟}Ez;vNS\!xɕߊzвD+ +v/d7yQ[,,AdSN/o"eds|c-[#)+Uo30ӵ.w 2 6b<mvd3̈́C-ۤ0 GO6iEp4}|¾ܳE (S5M=+*\T{mI(P5'js17ׁuq( C%6[#J1S9Am;A0"a>1E3$tQ<,Q^5UgfH>Av7uGիْSI,__I@C sk_Ȧ<+R$UyQ2=i^m{aRA'AA?Y˛ hG?|=1P "9'졃C GR9o4x6| V뫦I(1p:O; 2 B ezy̑ٯ KpTvVyB{x:(p"*99O,5Djه!3`&>f'[bű:Ua 0j@5k4C0[&YGP[1z :;ۃcNb%1PCUx:=-SU7k[78M{Q,kK~* YJfD(CrZ_}i?2RnOIC`C8DjƂd\@EA)lef'}{kP~ wKo97yIB`;ilmE :vb? ]>i2`\̂LXWeX83R{{B|#k>.cdb}Y4tNfFt1MG{1aa%f i>T˗z%ckNS·fE(U`q#ы?6ՃpE\aD 70{2j^˶aF#rdNt')̋%P*ԴdH?ˍ0!~m3ZJi)0<8?72ASWDe֯Ƅfae0D_q\jU?>1)idfT>LVY8ڼ_6H4LN1~#,]Ib-[.6qc8k)- 6wA4ΣO$ niu6:o2ׅoA*N,j5Z%Zlyo ٤zJRnS2U \nqJ$G8]wIR.#&.or=qɡ2bM$XM9xͬ! ; +HŒ{B ie͋m@v^QUYVRW)QR[YMł_EbFӮhbWے3Ix["EjdE|j@ֻ+yro;o "5xt"A AӐupgAX\MkZc>ŒOI)@MrfѺ: hIV9^VȤ>,A:]Fw2p%wjFR Չ37HGJ#&kQM"Y~PF2 ݎGjuƥo ,}& diE”.!K"5otNvY@t3,hFy1nŇhJUyoaN8+.і.5 ݐl-8 SΣpBU.JA9$o}dyՍ=Fr{^[$]dף2 1D (Yv8rz8W4P;מvMFyz?1wJ*<* C F/x!@)lhvh<3%c<Hs~8/#5zLwvqu(SG3("D51At1t4{KU>>qܺ\a)ށc7N rJcUM z%Z"Oy/"ޞRbnNt}7vRabtd=vǟ~ffK2wcۈɂ7'z*zhba@@x lk`tb'"XQdS}dR鸘G[u:ˤlx8- 6~@!V0sTRN;m~<G<%x*§Z\T)xl>1`zj{꠹x&]ʷf|) ߓHo-"Trm;D h T]̘3Hdz19Òe~EP;)nC?U#岽]PxgL2ll}H1=uylQX͂љQBW|v\ wu  yݔPywp9vIc*e TV523CCKu/spX]bXREdF%Q;d`t?dK'Ea9x `Q˖ȀƿyCX2eIH%L8Hu`eكbHzvH[~2SΝ'.ؚY8T]@Q}UĬ,!1!!{Zz\fN3Cۮo Qח]MFOۖ 288>Ih\FHRgEeԐd~3"[Wr MH=: +m\nDh3qިŇ=DK{^d)Oԙp?xdu:DKOLFCVn] ި`Tݮ7&{%p\43cA9^֔>ruɑM㡓3nfӣt,tW#N "}e8Po7赩xy)'Lு88XXH6=D=*u uZ6W&ݭ)C$лm #s s* K Vo꠶'Od<+OgWߤ.K``C,<<\,ZtZJTb2,C[ tn%I+W_"Nz 0 w9yw'̿&fC(܅4$J9WzG?Ξj7R)Jp/$֚/QK40̬f.n$W+&3@" H[ kcYNV?6gSxae{[nN~jU Xa3eUE^dԩ-h&F&$ 6XewqPb&^P xD"߾qc]([賓b5fD}(h@>=@5L$33d Ŗ=v,Y++Ӆ">NKP5u ƸP2m/+! .4h.Bm !c ɆZU w%l5(,oDa ²FK'C}0J_/;$?[In'92F/LocHzf+<(<# tw֌yHv_*5E-9 A>dЩ{'ˇpʽ<jz[ L#J-{.HsM $/'ǂ68r=,ٽ~Z`1?J "kqpA}C _ywO?׼Mʮa"~كWqJu窿+VkYa6#~9碐9n2Lw70q&-lBfOh6[]20 R37>DWv3R&Ω7K#`4Vy!JIT|;o,>FPTUȕ#wydYuRGz#v]lϣ׈͈ TIK`ovCOX~Pd<)]FF7pK~'uN,`C إC`)HEP5ʱ`" t+SԫX 6FmF:&pKxM4$`r}-Zź-D4$a R(=0}`͋2)c)P$KiD%њ\=qH\2ofGP cJ Y9 ,ßV!fWӛn&_T`KR>޸)uJŤU`r̼<8Đ=zRYO2̦yo1gmaz+A<#Ne]VfBE '*_ v6 RA$!;DҁrTQNg)I&ܬ#m6BĂfIʥٔ$FIXUtH۝Ҳs b7]Jlj`WZdŒ9рvDuoYYk|M%B*wL'op0flClEoApZX ]R6eԋ+GC=* "U z\UDx(0'ݸAa€tֿm\CCJnM\Rɘ*ځtwD_Ok?YAX?8 Nh?9\Z#U 2 0QhN.Q Hv%| :)KOxEEbϋܖ}q 8 䵆^ňriR,j!tɺ0ďiK}v%]y7$w2睴}4<6'Ɨ2]A6_}U>RqAش;Se(%z;U?plh*iJM{t}k_EŸ%7ȨīWʔ1»u4k>Yh?q6cЖ4Ex9Fv9slvIR{;JwUޘS{MQM  6}NzPc4!_ztN((XتCY3ψ yF 6cSY"(en>Zˇ[jFz l{Za`w̄]cMt!QyG5J9-VT}LF =[>}^\f,(keeE vI-1Flmv*|("ûA]@]+g"3?&hsQsqv'KjFbWٔP}EZ ( 9^83hN1_-H&'}a~1Y7fiKn l/4H^Gɧw ($aBPHu T)epG:wKG]ϛNKl[\i FHjWT4(st7ʩ|*3ֽrNhRꧯlm,8FT>  K\K(`*9OHA]#T^FƩ+ؼqbD7YlitlgT;WAk|hYg{$s/y`( /*C- 9.H >^|Xo RIˉl.c/2X!@P{x}ʷ&4yީ~p}F.\4k8ʺVBH%ߙ܄oj-1 s)sǏbd f6-臘-HFݪ4O8{8)a"NmO(bw]Nyz-4ƄqPGR8ǎk?]B"h+511<gRo}pe(0v(|KDO'1(ߔf"z !gUy8cb3ձ|oN> śɓC<,]'\gDsW&%l@2]KʥXL'6x ͞x s Օ}9ԉQ3 ٩`X9.*|a\%(ߚ]aMf%+"314ӥK{ؑ(!(O-)s'Q[w(H˒Vluuj8m:n2QDv2)\v za\݀sg=vI] ^\;y>jU뚜c/%ɞStn"wPNAO |B9m Q`KѴdVMe"hiD5!,~2 35KllBդ X~6yW0sP pCGZ_@EVr̉!I]]h`7Tu[׏}*ߑ-tNZ}׉3!l٥F@X"7z(t8&KN_} cJiN)v9N|A&bEKPuBup_蕻ZAmE4\3VS'寰ӗ!] 5 ?庞DdӬzR'}p6tNʣ)żm_056W/bm &ċF0`sr#N򈜛{m/UUX a*̎*.W CǼb8ȰXvĕ:iE@%gM6">h BXb$-zվN֩S] :"r'H?od6e{|Ĩw*S߸_@s<(1],]*֛&Z%~\YPWؑ6V|!F9V#tbJRF;@ H4)BDk!OMӱ $?A+bA:!$-]m# ,(Auj qHS dNJPX@H%Otbo;.оsd ]=VD5&P@$Iu EB|@o旔u!2kL*\OKGp^#V,X%םb$_0TA *QMЋ !윰ך rwEE2\)߬/Oo/d)NvAʒ]!AqDbzi2_<*(95+d_Y*{A;|7_ vCe__KK~jIm"DE{~|g@h:~ץab<ߛg*.ΕA24bG[yCH$4a525j̈́Z]11вb~ AXT|Mr,DȹEwǔI_`ꡍLV<2}k`s3!Ch!^(C ˟0&Kvr[ۉLqE]31 RX Q?ʹ p=ͮ%fѬWqeY'մ F9)t ݡ#?L+dsC#ITe#jmw!h=i݄xu(I? ·yN:ÔU:(wxhT -I5@!#ӄTT i -LK3@C[;Ȣ. \ġ{1 p҉͵%.R8qҨ|~|~%`RuyXkP+ɓ} GRX@uًY5&OE*k.Aq:K$Hk(Qn67H<8;V )'_X/f҈eJY-3NSͥrd796R|ٳ/{{fgW433`[7Aic,Qݡ6sv1tOC;0fQsgoY1t4SviI·pc4oX+Bhs$w]ntdǼ /\[1t 2GsaLhtK{Әq)Q5֤Q?mT' Y֬>:6J2kK$oqژPIl+<)J8,PTDqo #.(V0ꕢWӯ?-:)I7 Bqb/lNZԄE52AO8:HVA=iT7$CSx veTj5W=GǘY 1L` ohQߦG,fW-K@{4621s䂤^B׎];mje\Q"j68x5,F: BnQzk+c3N MCα^IrwVCR@ΗvgTBłbЧuebqe2 zWP| o|6T(HCʈ^GTJ(myPSFsbcJ>GEN*; lKq%N2ex/psi5ۀ.KO9F/WarQ)78+TS%l_YP &tRS;|[bK|-C}B ][HH^rBDޱY˱.;c/V[ f`7KFjGyNDU|pl+nWFc*A1(ЌMK6~kߥJ \`n~Wy2j =- #Z,YQM@NNo"$%VjIEQW|-Nuv)A :qj 0ٝtxo_i%j_| $ʘ QnD,n]D/ ~nN*_ RSŭ sx=U$OZj jTi8m10QKP\JeBԯ8_} G(9`{8Uzagg8/F[|2?@Lm@`ﺅz1曫#_%Q2$Pq -J`GW;1iv%*RI@Tw "> 9ӗAZ:ME/M5׳ʈ!wpr/0o@LY>IVlyA_a(}.*䥪  aB{nSYZmOL%ږ$8Ixm@B ܿ>o͋1p-4C^w?5Dɽ{f C~v)pb[7~@nip=ޯ, ~Yn^)ef.[=`b"ȩ%M<*.RehK*B[Qm MI9$9InYˈc'$hr96/t;džG%β#x |IֶvRYBeD.(~Po_c#89;cX`*C ^o͞Ɖ+")h?nz6MW~a+/Ԯ1Pe`y,~| (}Aeb鿝](Ǽ=Hg%by5Ʉ*rl􊥇pos"mZa Gb =ϤT E3|/#P~OyP:BMdɌ{`DÚo[4[/vLW$ǃ(g hO-8F>MNŀQ}~.u%3!FOLMRqeΗg';.7רetf`0)'@ˆu tHֳm̨;2ϊEcfMb)]Z5[ڝ7 DmdR;O˪^㯡+#XW.:ai$,$M">~c`~s#ysi"ׁSb7qg"FmBxTC;hck7odJ[^'ꉴCZk8.Mt"ڵB:۳'MbdAS{t n»سOyYuSY"優!Z߳c>r1-`zD D&aFsa z2ϥ302oEW}٤S~+eYJ߹KU?`Jqkh򬒦S!X/A):b{Jq5R$^]p^kzo45-3SG7$Dž8P K+|@!'ƻ9W˫G3x" |;gjIDdj+&%2PH[ִJy$p\P2pUSbI."|9Jعzj`˜ ]2~H;#"nS`rW{hg>~& 5]/"A\(?"QZݰ)L_y#CR!C=wIi'RK`"?n-\)KG9Zi<5k-\aӟih9g?R)q@yAQ|4KGh ASMp;q:-Η/H?`BwTuC*o}+wz>k8Qelw2jy\Z5T`Ht[=!F4;^, !wZA0#H\ W'l4ٙ!UجM> bܝ +{lp?}]iή.뎿uư{/w~"ܳ\5tT+zV%x[ +Gw U\2Yo:U;1*IèΑRWlfm{-p^H4<^ۅ'9jE5}kʆSY7zߨOЂ3<[L `_3Zʛ% $jv^:h] lcY䒄F2(5[pH5um?؎;Ӝl=LکMIL[k$ZVv5^šɭ󊭢rDdKԿVu]UdY+Bo&iT5wE3zz=*&I`ɝk;o{i%Vϒ6&Ѐo#s/D\= N DTJ  eXkfDL1OtMZ)Ҡ߿9]`xϷMS%1-j&UUY3V Nq,ꭊS, _@٪"cG8sP5pш f|U1 ;q:1fLzNعlm<,ƤP9x)i+9nMMpkQ8xx.]u⃅5MD3, 0__F7VKͳ{؉Tab :㐛BކPFl7MOʣ0nƶF~C|@oeP2' cDv"mϚܟ: 1Q80/[.fd}19IrAd>FVŸ?hJVh9<b4yc1u9J<J~j.2AIk4٨-hk'$)3@:A(/FYk]'6?sMJ=7ەh_]VpXn|B!ʵayJA [$Kh A (`9:x=~x{fGHZR+ϕH[=,UaMIwεZA\Oeb~ #jB$ɊU8Q3F,Xka}=2IkPV*H/'сfHM"").r@ϱlP{P a_QP>%lj.Y".Zd'TZ"RcNgޒ{8,) 9X*YZk #x ABs8Bk&HSأ8LH^<-ZڂZjy|71 7kP֝p[(Ј#2mC Ӊ-2= ӷJ|;qXtPgi9z'I Gu&su'Q3*HqFxdg:YKVʯLLEyz8*M恧GxĘ*dA ZrmIdP\Zrkд}9Fo`8!p'dϟT!\^me.fCr/#UC‰3MY(ܠdy~TYQH31Rg薦"H9onn-TA1%rݠpz\tqZxqby$p4B|sW \+ )#G t`ˋ`WQu; &w39*$aSX4ˉp9jF}yH(4gd8 8Zl;ZS:r5':+>;ѻ?I #?PD! flluc#Jl~{lpVAo:Ӡ·-.8Rxi]tus>1nW>xx/@u7$eqDqb~}ǯuqtD jjqT~Ka*CĬpr* m4+R`M9E^ϡ:AQr+du=$j7Rza4K̖S?wwZ3%amNME,'bAS,Z5p#3t!& 1?:NOڸd,^N1B!w45/A.5P^ +8NwU b `Ip!QH7n l ;o.Wm_Rťw9uDsUٞ9l/8*Zm;qIKTf#mTX<.I[6ot}L+"(NnEO#x[s~@_N,[Ht_r6oʻ bphHwlXH|EQ` D_JBjdU/ ; auW ^ D!Oق:I¹P8YwV >V|nʂ5]l"1h-PLeH"9Fhb^@CaMًWtY8M7!+nHqi&9]@DLz6S_74LF]P_ `Z=X<|,KO6Fd# s.tSDf/}_O^:OlAH f4ezX5&(4.4w2[ׁ R˼tD8պ ;_X7{d&a*0DOe{p Mh3y5To;19nx0^ESUkA:CG Y%φz$4'$UDYT[l@1:_-6 b܌T[Q `PTK 4Ǐ5֡rQ|/9D ?g62r޾{uH4D{QeyfʑΫvaL$ޥ]˸Uk4*4';}YcK*cN GCm융 Y ΃wO58+3PHjGU-/+,Rğx!&ر!VyŚ/zPN /EAicŽG|>U8|4rpG8QJ*5 9XκA2=yrRSdPik2ci?jkwe9)E=dc.Cg':dς{Ȼmf=ŤR.Zd3OeWG`FDX:di%+g[+}`TrY`ƪ~_ۯHͫM"=>gVg ܦݭ׾Rg%5YxRUo-P&`+%@9Z/L.QTO9Aľ !$}6]JzjE iQV9y')nn& 4C$.f:]XdʯwH=xm[2PM!OZuFAzx4ы%k1ulG#;Q˂ pW~Б yGRZ:++ɟ]Cd>0 9Q i,@:x&$471ҬBJ|k1*͠΢cdrM3X|aE$(`k.n nMm'_T 츁C|Lel>GWb~A{4^MZ/ILB؂;R2Q~Ǹ[㉿_LaoƗ*cO)87f9JYw$Lov {C9=1P EG߬tU;lda U 0G`,f[ioM-;bF?ӽb;k N,b,Rsڤԣ-S[W)T n'RP$[f _0aCHSIeGx^kx!fȌ5k萕h X6=ı&E%J?1umvj?C?8&h;lb֖ߘ!$[X6]@F'_샄?Ѱ3ޅv+Aϱ6[NȺNʈyΰ<1\oa /c1o7$[%[4u$0'}>(@@ }f2ap|Ixޘr6e{4c 6ٻ!R"U0EuV7Jf7Ge5׫e^+k @S}-(1T!UC0DWkNpB ^_%5?saoӽ6{ ^J%ՈV.p`#8׶0G ;~x𰏀;QEzi.&޳L۸<!n@ R8 _4Tˁk5`OW18S9i_D4/6P;7+ntġp3_7)83U;Uu[EȔkIB%``T-笨򿫮feؚ!򁟼V~]|ǴN߿K'ۯʹ۳tP}.r`iʖXm$, b9p3H-7n5(ܪܐobRܻS}ɒ8N Ǥ 'E'>Qm!y8~hD:J٘<2Rױ'y&᭽ws2 ";;3UX?e\4 fA"?0,\p rYa{eWj=U<KQ䨊l;AiD5O]EQzTU@ȉJBY"ty/5uYlĄ`݀n잠(,\= sp573Dt"3ިئ-\U jܖ\e7&fY7iL= Mˆd4C%:l(nKzƖ*|p d+L3:&T=G]/~w KQgۅTE%>0v n#G$ ;@fBvv2ַAAVljC873p`*ᡉ#Dq+ =TS]&$-LȚ&m9œ_=% T8@Y3.ԳnT(sWd?YFYP:2F'!QnbU]~ O|`=:i *L8KF(FZKpzy삝|/>S&}j Qu+ 8\55,9\$y ]eYzU+^r%X*_' 'dS9µR 'I@+F\˺Cq:fxZqU/ψOB Pj ^Kp=$}J'[7/)Ư Y60Z Í@r>7BN??RCN1Uv ɗ}ԗW8-hs)=Yj{@<J Ci}n{ɻ+EFa 0pᘐԎ7" iBg r|">uhQN~R*@KgC ΕtN /U0O^T/b% ;Xᵭ87"vR` j0A'slXmvu ;3-ׂ&NdKn_8swWoM#%n# Iq4ijVmREsH! )=1M(j/ǎO#B٬WmȼHv S.DW0[nқѲ[jZa=z?56%!\ş3C'.l:"L v38dW}t4P N>[ݯҝn26)TWn=tdmxy{ys+5cx(т7b+;aXd-Oe4BhU_$AUPS(p o"Dg Ov1=h N9vmZEǔ.M[2I }c̬F*%]!CA_<&\MgRg"C";U5}PiyM63D\QYDT"eY4\g~/E+\ƨتG Fߗx.Mc`ge<$~{V_acrOvS^?kֹ"$9kНd=S˽9D4ؚۙNuj Y0~!d(T[N2,UDQ?/gn*9k{4=Xo sbr3אv'ڐՎV3cKz7 M(e7Dr_q\,q* s*_;܌"Lk=R8^M*,深fs@R;TSOq!Ā"`)dp ,gNXL< cc{ķK!R$d~CnR6297q"{tҊn=wjMsQIrek=N(_˶pT+GCk*M1J j/m-Ao{ä͹/E?+ ݕRyȯ2p LVNX`Flz NmW˻_ĦIx#|u;!i%:TvE KmT x פ[!mM dǽI+Qb(y3J`Wɵ$WcӲ]({W{5Z_ ^+Q#&IAKz[D6ZSRu ZvNfn˱fH(>c 3ޛtmZ77lr;M3MM?Vp!V%U4*P%լm=0Xxچc)!'E,4j($pOKXzo X:'w&&Mr'IM9=o,<\v$)8le^M_ ǝo=#DgpGrMdG'u7s-γJߚaݫ% S@`ﭗaU)]}G}eMj^>+4[r6P@W@Rgnq8;c4)I/ LC bgCFe ,F)}kbE=fp Kt*E0Po_?.8:P}E>r')2Ӻa!]Pc7^9t)* .{;p}~o/!;f9n5nS-ixV赖t,py/ʳH"/0{YO}IAfxÑt<,}f@4ߖ0!Z*@OpY0͹пM֊{b/DL)6FO)'Q6J]])R{ ldNcF\Bt{Ѓψocr4*Ʉץk$R ԙm|΀ƳI bmuZ6H\j055/3ҦsBIiCsDpήh#aN8mH{$zUok$r#lqVse[ ɷ]:&)V|a"= [ȠSb*t.%~t4VreH_zg&!luhH5ZܢH^S>'bG[Xu [^ Cg-Zm={#!kGhyeGWk+tu4c +إ$>(3sIyec?U2 ~ Aoaj'P.&򴻓Uݪ{@G>H:*c , I5g0#Ȫ5/K >ia"j&D ?tΦ DC>3qZEB/vq&ZSGK# tR0? ~pMH#TZ5'}?rpj/"كdf _d~)%v&͚\E "XVx z:&I\'8AannU.|~)5Ƹb*:Y:=Oy2bZFno֝3Bj !'(k=.u;1t.ExTN xF3|_:fnZL87eyfUտ/Et=FF۷/J!{LSl%c fC':0`$t@ 1P@Z=Se&q'Mf (--",։g;6TG6fV< 3 h써u >Ȭ6 ﵩߛShaۗY~kԿⅷgO(.?v#%/0{|2V*+껠LTo4P!/R:ju4`6'ľx3ԱЀ"cBɠ!SPBO̵䜎}_2VQλ#5vD&θ΅ͭ\dxSxQcڹIIY !Q*\QtAEga9÷b1V#H$C۝Se ]C~^Ho3i}$r,*QF5Gw~͟Hz=or:mp}&iI81OMK/dd%h*})0,$t%~1'W|{Ttm҆-aF؀N9ү[!k<-s#5g=dܰLLnlAZk /o1 e13."/,jdR\i?({nv02kw$LH.[aּt'(!8u :A%Чh2V%)zeC;o+9N哖]^ZJ ˆ_Ųf<|VS٤1XzS+orE! st'{ DJg& ެU>0h| 5 A^\  0Jҗ=;9 W3MĐl2:lո.DEv7YrE1(_3$Mxf ̹] BϛĘ=/ 9nT/r8Ǹ9A:/hc(I80>Y\I4tSaR9?ToY)sW&. koY7kV-[u T_!)g,V: 㣹0[)D"ME ڌ I–u%gP1WOEA$L,(Iʃ:aYXK[Zz+8RgCYq< 6ۆ NS;e/3Kp}2l^L;b;.l_da1VXC\1DEgm).ݞrXEH܌uV|gn'OۊKYz|Չ\qg(;/2ʄ"(H!˶w޺w,!<~Y} n[߀#doXToQtA?,ZR9sp>ʢDV҇:|$W=[jヒ_ eʻ _Qer"CQ"Ju-rHsQߒFˠ19i$*썅?_ 9K,)&QM'VWJNSO̤`"~,uC} 8=u(2s"JW( dQI}-9б.sk J, .;ҕP(}ԋ %IDzv';rH@Vrftb*[¥ Dš08 {!aHXwqn}sGؓIc7U0Z+59ُ(en _Kr>': ĒƳň2-D]1% u% k`@w\45poCo3(.&c gXO7]&!7}^z>q\%!z >Qv }sZtⴷm^Mq+Q׺9P70*Lf%i8mX݄J{at"Z|*"m'kEZmK{mj\PZt6T]uQ,$6Ʋea5w YN~X]g;'S64De;ju^:QFhTc.%=F=JD^Il9BB(yBI:t-ӄF DTf@(zT^߯pL@%}yz} OtD]P8jRMoόMdi='Ćb $eD3q|- -;ߩԺ]U~i.3\CEhC&-Zگ!J!)'J%y$Y;˲bXِoȓ \/5s܀BntR5ZR <@{Gסgh|\\BW%ݐXnl%& vj92M$e뤑%d#¤2T֐2hbG]Bt}b1+h%t;&Pxlw?szΩS*a((#kHZgHY '$(F=(˅ú`Hh-N(nG]XpK@=B!7(R @1C/T'-\fD}U7 ~QφgLrH^ōo݄;rvzZH3H2wߠ}+|)ki||' T XV>Hm, uLnsn:KJQ 1RflP%"`*M*SNG'.DOz:p;zTC"` v\ty=6Sn.}x\sw i+ =&a=50X'@z a%̥3QBNҬU$ʾ1JwY\8|n *Y*-MN"y#`k ر{j.Hc|?);ǦPy18\`.uyAAh63f(軀S=հGܽsŰ!{_ X͛zq wRq ۪#I9?[M6xpBƠ璮/i|p&rBk]c7SEA| ߩ<\uPYrq+Nq/F7*pV`dwSo;V*] Hf>𛒻)cCWRi֦pfeJi *_u"5ZqzJD <&DѬ(zYv=OuzʇWppl, s^KU9L<4PʫMAdj_ڌ +H-Q7 0(3|X ^K[x0Ha֮Q H"z@: ;G_9'牐o)F3fǣwx%+2ɈA 4ul|n׊268O/4涔~;c'S^trm6$ˀoܸ(aCڴ n96\\=ni|Nuʼn_gz^t'0`56($ R=:C 80"|vEι>AliPib6,X45@Z<9mgp%n)Z>G>݌7Bs, p2uEC[XRLz1cxM{\cwɅ̨j O27>s3d*k.dA+|MyS%'Kr ӹuKĹ'"˾%4ېjiI8՝gJM3Uҗ %yfӹkԋ7G%I?" D̓n8D) [f:K^q|(ۇV$Kj5,Ո3)ӹZz4'*凅:yc>*Ņfu\_؝xv[ TT=h񭇷BwMM{n)\l[\{WGv ^]:l*ZpF+F7L;O5zfF/"ZYu{׶S,X ~Mwwwy6DZht2 <͸ URgR_qHf| t [!mtz$ۨRfH2ַVcNxZ4 yI9X[** &oB."VUg%dƾ7I1~T ΈELO~Z{*6;ۋ(\QDW7/G}"&S'XjڎScg-$㝻؉P(s:VPWkd]'n[]WɿW3cpqV}F A wߏCSv1=vjrsGH֌H ?!{z2D/maahl`x;* wrP;k7KnpT{;fvjTYN`0Hʭ'|n^#%&',5E!Ooh"IdEދ 46rX= s*1)Esغj<*VpZ:8 ,KF[F=P_ =7%}[ bܡ5Y[Ft{4-̂Hbh<n뻖|CIC5T]#>~qEJg٤XowzVBV<\F~QV븎BmѤ AUB~_=\!D"vbT ުZCWk}s|Wɧ=%^-E}RÀej$v'S}3%=5de8ͬIÐ֘/ZXk3t߽_9i{ˆکOIo6!&V:  p\" IDw  -0:ɠq6ŸUEOqxQ0u`pG @%@MEʚR tvIondŜ$ ZKi";4q(Z d$h? "(?R@O59 ̝_us\'J%I.{eet3ݡ TNw'TQosI,a(:@`>溼SUJ"&"wKKXFk2\#+j?Q řV ѵU0E\FcؘחldXCl􆮂צ)`rC8cOMR=ܽYm0#<|saH d54 &_f'{x RkCc4W&AU)r%̂ ,4 )R"z 2dui^c.a+t60B~p%σjɝ7wYc~]{ BПUpL^#y%$=]fL-1blrZQOD[< !oE Bxu'9$[mUbOtUp%meT4mx9れ[ad𜁎?V䏴RckF/״e{XzGX IW/%({w"f[cFZwf^m O4$gIKʁWVN LW,1U嫐h)rW7]1VDVpQ5hor\h;!a@t{ 8s='ZYdQ7t%Kx\GbY۪ZrmTHyFI!EctO~1UWdv?A`֮&~s 7nϳՖӴp&.cMvS7*3p:9緦f}bGu̗ngG65BR 0a PaHSZn7Qś@&ӎZGFq^ ++@"~z&f*0!P*uAA_a-Ks&]i::v!Sglq繁 n򫦧izB*V=|Rn^q2v U@Mf\Fشqnۦp*cwͦJ3O&PmWjɮ>Cwyn0*N ku`ybC[}ǩ_%"B7d ;4<;C&yEFvj|D,g:R4m Ѿ}t4<&QP[!Dsr_|^5}."kc|34Z)Xa^] dy|?9 ص.+1 +ݲϙ FlȬKm_tD#ffu>4*Wep "VA䇯~b'7ڬX6Ϙ2h8r<;[X!rVU?xT9H= h(-tKBl;ҟzAƳ=1ՉX  4E޾ zSVN.]F4` nޓ3nG]%++D,,ggǭ^@{#Rv=V1r$y>>{˗QjACMPHMj3jÌP(RY (k,6Adz"Vt&!Z<5p)8/t;@vqr77S*GzY_5g#Ze.`gP3@) f]uby3`߮6 nT2}6]alQ˛•A_T`8Lb|"-KHbfbP}WSlw"e<yX3P8 x sɰj5&;#.Qڬ`4mj0&;鼿:ܦ/cXKV>PfyUefw⮀Ɓ36~֩@6P"-aSk ՉP9nNL#kawʻV/70V*w~Mjp9s5Dz7 6#* h0ŸNչהP;ouč\.bCDM鉳8_kW2 XI)V#㐋ٯJpM|>i]ޏZh|HR4s }&`K0{\TOC1qUK<PVG"ItŽ7ɍb6e3f`bs #fEX5FD*NB%mhMqFWs)w3Ҏ9#"~oKc )7S_(E+{h?#t{GIs91 fj , kV%V x)A =y2|sPui"%Xegq`Ibv5hUw'V듶(]@S ₝r.)΅nb N{(M.(Qw> e}k|.C@U*,jc,7CyJ兀PZK҇jÔ`Ӏ9@|ݧh%eX3 ) rYF,:>D:+vFÌF3_" Dir2ٍ< k&qŪ <bj !Bh6r#'cdt7oڕ'pW!wx^&>C =F{:ɥVRC(F)1'/.Y̅8?ˁ:RK ܑDK -WB 0i;l ^cqHY_ctN͵)4"sҿjT:(9L=GS?Bu;PKV4S'cJvh?XvRT=90Ƅr Zy }ET0@]^g,G5dBZśVBg9]F4ԲX՚ /qağNj\oj.0wݧ|7 v1֣)PȚuRQy:fk }0uo&8q@1V>"H^+Q'ez8R lQ~}TJ 4W5mӄf#[e-ƾَ92B r*τ󄭁m)= @2 pm"qEeA> v>y*LԼb#q9y5.6HymԎ_'r/dZO" kzFSG+-\rb}*L}BW7K{3uvRCh3X3VMms8MU 6؛t'J|_\W h21"}&ӏkجMI~!b^zorF[7ᭈosQ/ 38xW+nĔmew .M1{HU^[|!Zv6`X61,*´Rm 5[n >{I WWˠ="|͇ ƽ<XrS;yjzJ+.8&Ӥ)y)D<ѿaD*y[L?NQsYߛ 6`efVc] kӓ9=fE݌#wcw+? 'nxQ~zRŬ 8%QlV)TOMz\&.S} s*06XC\VƸEKo:O /_^jwY !x`2SLPg^x8Y "_,/L4a2-&cyח0hE.$Q B@@G ZfTM'>^3~m\;sBߟ3Q/F7t}-& ۸UBH?4elmYCOLv`Ib6ШD|] 2QldVy]1k7[}0BWj׆IH񋹠bpe@`ZTHm8ҨܛPVٹJX@[C}#jKAqh5=DB/_KOF~3[To88fr@\`I T..H_^Qb֦ 88U ӗxH#\_mcSnmӻdMG3֪_`S"UFPcX>QbjlYeAU@(t~E7I <:dsBJjvTZII}YNh΅7@==gc(<eҺ,'!- IdR=٧tSzʏc HD̟G܌5!/jwh=s2 m^GEndȈO &AIܤ%dެty_^t뜗mI(fpZ:$vS:;t~8}?`GX7'1V|g 3+% Քnʿ9޲awCYY ȍQf/Uf0.07\ r0?R (% ^%}0n27PBP>Ȟ}Xq3Aمh4!cW Ǫ絆^E  @%#::EH@1\:@͂zPo)2_N9΃`gJbZ(cOo?}t-(qKثoǥ'?d|3!4B.8Z|$*s*.G!0lAw(Xa/eM.rwJ,#ڮ"&X z%^3j[&nFjW{vL5ix$p3V?1=D.hZꏳO<+(Τ MQs!3u&eJw!uRG3S7))W8yêԡQ{)~e.l4+f ]>Ӣ0lby(YXi^(Mz!* cl|V?fV֊*wz ޘkG"l4lJ.5[1Aۥ.GJvl6֠u9 Ҟfm;!9u,sdu`} :~Bׂ?w㐠Vٚah,%NߡE%|NuKɓ~~=7~;_3%0yz{wPV9J9PPP)l|p?v_Rp+kI rn0`t6Ӏo{O#ACQjT!g?B;m{.?';GA9*Vvmă]N8}d@hZwxT=:hΞk_]7j%NFܞSh?4yî2H՗=0*i-?e֔b%).d~]1f_HAOYJqM#+L)oTɕw?vR~U2#.Z+V- ` 7n I1R=F2Y!*2ɢ>}ST MzL,^(-̅Y8"hb{DY{C xfOL5]V?P~OYHLh&[K5SMҒ\B=2`EfЫ܎Kx5'@6APk.7j#&4I"Nhj݉1]Sy쨭8|%H71!{V(߱Rnq Lq1GK̿+h?F֌30Zvs}Asb|U4^??ͱ檺7~f~km(3+ݵ'q̚d!EzǷm& Œ<Z(i٧H;_:DYu3(snf!̙!BĜ|R2N5h翴#<xq3щg* y%Io3Z: T1c.)V[b WOa~T9](Goi\ZVONoh%|E~ƈv +\ř"8,vz +a4$H1کsgmfj_l!*eЌvh݅ߚې]RKLW" 56TMH {WGs64fˍa;gA1=Dl;gNn.c^_Dwzfe5@^)I-@=ң>wJ1{tɆCeߊ ͢'TM `F>^i_S_\W_}S\܈]Z:n <(jC(?OKJ?ܨ8xs%O\yW{3-\ouw4}\1GXNV Qm:C.VP~CxM_$(?ʝ{"ûvms52N+bgUI n*'.mكC2q_uɭxà͵jZ:ޣ&[gY_뭄s) P/oZWfJ±M)>P-Ȟ^N(|2 c %Q|%cΥk=cPc?9?Pj%)-Rg۝wI5㮉EnETy/{PԼ~5brR5/dɳ#BAٗq.L޶ `?G%g 2j%Heb;ZP4z #.WXxvM+k)9Ih RIK\/~Q3r=>z^jKr%U \޼))#4,=tW%ˇ f*,w?>>QdXq>? gFhBfvndrY.ՄLn]J=yw=3XB sB &xwܨ>/-A)h1yR?` ~v?m]h"4-5ڕ}ΠwwkX[bPVQUROJȈqFQ$!p4XwAa.R?㜻\EZ+XZSekRE:ۗ,&XL|m: ӈɷԗqp5z6% vN0oi%# , ^N5BJoF~J4 !F]qa1s6+n6Sf^uKۑ8nK4l? !TPUm@+kǔqXPf(,->]' ~%\3;t6kZk0-ȪC+G4L1=M`Jz!1vzw2>3%*guhs@PAD'u=BxV'p%yY}4g-HKɥ[,xr/tUj&ehkR5pjJ/XE[9PV ߵ Zv*7:8^{y INc~xcJdk\}R8qsDIJ3OgtU[}AJ1jۋ'i"}2h`Ŕ18uٓhnp(&U"v2<:8g5[BBxE[UMtD%UR$>꯮ţbdO$`:#%{ dovnٛLJ[>FLm2D4J2-1Q:>/ ~~'6#M\$hP1_P7Ѣ)~%|U[9Rofhk7SMG>;"s/ m-Mcёl?m_OhNI0k_R R~oELbf ҵa}yQNR ;J*κ{,BA]^_ӵ"U&BLb8*k<CZ ŧb9r#p H4E'6>d}@ ?@#ႆv:GWղz<~z?i*HK]<|YNU| 5>̰"̓P'3;a-MO[f?eoT-'Xd|X_.t 1bkIܱ"Ȍ\}:CX!trȇfL^rNXM"> ${sm˜mydMI67GNrُz1 wmNT4[>1\W!:,m1hPufcUF|xBn pt!(infӪE5>BRJ֠׭]xBU܌<}N=Bh q]ShUV >9 /hG@)Y])nGP z\PKNPOWKHW:g=o1mRFx*mv;5t3D0jXN/yyk!:'1x ʮ-%U| @]QNQ`pNObPqzRd6g[*#O(gaIh?/0b?0>_+ [נ"ĀL8Pq= ˞0`$ 8̗Pg0o<Ǚ)9' bTh5}p%3~NK {: Ɍ0+] [jsJv_7De:-Jk7!TëeudŠqg8ItOaEn8{*qv2ʛ;\~?!#DveR| GP{yyґma6?W|hE]ii.?PɻdlQ̸˥2wͱiU+Iki Y&&#Kp3`Ϻ4g'cC#`4h_CEǛY XР7>H\sXRʱ2` W%b>sP䟬ݿYN"U4FXhvO*GxQBfIx(ab9xY!/B:i褡129E VOh XfOw.Db\Eܮ"%sխ*J wV싯`[ !B3}\bt}6"~A5rݮjӄ+SԘj8;da *i^ sr,DoPa쉚j_ܔEXAR5nl>1mKs~d90#hD`,>ƌx&n>w5 C,'S1Af/YAO)KOuTO3cTL"Nu@̢`/O:` Ro8*%Zpa>`x#| ߽ jKi&zˇ\F"5:|xdE\^@D)P q،H{&fcyTF:UXBϕ$/h^FaeWj)1yYli/Mwd)I?wI)ZSw{}IrGv(+9qkG@hêMCB]ut&ᰢ.1R:I+:ni.\N< [%aɬfk}KCKFntqJbc^uiv`yэv:q $s}mů#B~X[OϏUsC0 4tFB=O/ƴ~eQʙDƊ'M,D(t4v[Ԭ:S%~>%mKwU> OhA;??"9lcikvΐ\.x l ?ߑp.(⽟mC{ ゛&e,mB)p~b{=|o":ɖ뇐`r:b@xg3~T mMJdޱ,4X=gߑy\W5Q4Ux4(d)20gDbts<ڸf@| 1=8+o| z[F9q޾ ߷}!Wg; 9v|P(g Q*O/c[ }Y]|[߉TbE񍾻wK:'2z{F QPKKFzI$WC7qj&Zvz[/ܷgp"ˆ2ļkjAT$hZj CRw䀠55Cƍ(,%Yă!"vqP]8;lgV r5,#GN3 yOJH*a// kcOGa3x_rX0z)"Q_o`jz*HVtZ'_@gizU@^h,k2ޕ<0 DOYu nnbqvp_s\)M' E1qKEͱ;sƺPY KVZ/4FwQcɆp p8xz\3Yu< .Y "ޑ^%S7e; iD|e,Gϵ#:u(.h*5 |iƆ8}0, ()d**ѵg:!>k}w>/b)ɽvIn(7Hm<3h60=xW!yQ9u[vćp Ff]߶C"9x)C8jvo~tt\]*aȲUln\_gU2,A oE,/GhB33ۖ]pgnsXƑV]37zu\p&Қ8Y(@=°4`[gyp9 zRIN/JBiĊEàpǺZj@X օW_OWIy띍WRGS@G0]]qMI#d~MBBeuK>ΔrdDƮ&2)YlCPq4LMl>pn[.'ni߇ *e;\GYfM堝_y|q=Kr,B XhHu,T#S aiox9gqiu #hͱ{6[]ZVEGɬ=cA^-xٖ֣@s'\oyS'-IOa@+.vf2dg:} biyYz>)iC)h,% `?ycoAcOU0}Lţ'[R'r8'Z1⦘&BrI OҢ-@z˒~>)(>I]P65j b9ѓ#ο/s:Y+S==EC'mWp^ԅ7RA#;QƆe]X;X|9fu:K^ykmS??dX Gu!]_Z@n 0~7ppĔo 29 *ZcxLS0_9 xIb B,#~=P[FioF ?cu |X1.Mj$w]8V1/l IIpǃ:E8ZA0)V+=ٻLaZ q;/ ‚GZ)R69 Z̿*<$ثزwxg1]2a9ϊz;MIHTY/˃TR$ˀ]F^TyR"z~xFvނy>e;LzTľ{Lro\_*LKa.kR0!vҹ7m2i;p`#CN0j"Z‚R~(tْhJru"xؑ=S8{7( [`Yq-&5l'T+, z>[Yȡ橬'r\H՝0'K,BXה?b?;ɸa ZоlN흭bD~}<)O\k(`iW"g}O1gJX;TF>9bWgzq/tEs[ wlɉ#\uf # SE73)-Xbu;=&# ;47ʷ_pwcZʢ~ѳܧ,ɤuJ9>AJj!Ԙ!ʕbWC \/IjGM;Wb]\.BC[ZAm's o6t\FF :,-1qK~AORܬ&A}a+>&R+c փA y 7I03fRFe!͛{cJ 9;lسh mU1IH|%4U$P!BEZ(F4rb1Ϧ؄wXcm{F$#c?֬7[*JdCtF}oj6ǖlU/8?*[@Wy6k~$K.Yl>F%7 _pb  !%0wWw%:$*ük˕V pp^J4`c=0H"(Y AY393 POf bRPr7"b't r%KNuD=Fr{j,Uq]8h:Ȣ+&{EYOjK0N?MSd^B(h5cO *QE|ˬCⱃX3*,2cҁ_PጜڍXh"e;,oD[Wy:[Q[Ϩ%$O~U8sjho B~=M),>EktW6},PGa ̟I@+8^ 3䴔k̡d[ETmnL zŃZ?-xL?vU8!,ñPXS-=5:A$Vk5勰%GPV]iT&[jbz![n U< [G˺8'YQjTfW}Dw}2wAˠzP%=9ov1A 6M5C "ʻVv(#)s d葐IO[3Կ\Nt|f7Ds̙_?鰃B*Y=AuT*(3j X!<d ڦRJIZ<<1E9QcYY6YOedx]X{鷭\!,k1C̳J-3qywD>r< + yGk5W@8Hю?2}s8DV%Kv.^\2MboᐗJ$UvqQs/E9u$lC~ӯg.& ̂21 F[ny*Ulv S[mPxj#x:Q"OęgDugͮ_>4-r] b) M H{~K f0O`5[2  L@.~:zB&׏h|WgێM1XHRtO1|{*ѷz Qpu#:ߜ7XҶ182!BL,1Mp])=3VO3ݦb.d1x_8Z_Db2bQ?1"?n+u4jf<&mטA`Ty%gIXֳLû_$(6yK+ǘڨ`(@.fY*u4H6?gfTN =Q)a: MDÝR %wRKJUqbj<Ú_9|YcnJ"FAOOܼ\rB!C0^D+]e?Ir? xI 1V첁<ݣFA\bqiuJ5&* @s:KEz0 爞vFVԥ{4awKMH &)Q~=WhL'!R&Bj\3`R$NZůT0vڿApLM >ta e~~/Ѭ=[4p_5nqzE =w]fRADubJ/lLgO ,π)ʼn?F'7| hN`5`kbWLD8D'?afY]-LjZ>-m][cS &#b &Og1Hm;drBL 6T&@_jzloe):ܘ0L׆Ȫ^6/uZ+]ir}L"@e-F6z|}Ҫ%W&Ā ^q?7?(;Qn*V}d/&fKK/7+<vluS,|ANcDUӡSU1t`i~g(:1v F^g/2f$!o֭1jl+eH񀓋P15{#N_~^~ftC$0^|5 C!DɨL~霃DCXKcIJrK?rGw ec'1\a[d5KW^BѽRϬa#1+M\]"C'" Mx`Q!&UVh$v&\wB_[=,x{55xb7~qn?]#0$1g3Sa( af|׷8CsI%0_|P:*Cݲw"B~i.Mm{kl" ##v\37Kɫ142ٜyYxU$Vm>u,Y+-X"RdQ P@k @x]9kZ4S(?8*&P0ןfiG͆~Үdn,!IEXk1@!4#q @pb>}H}"\)FY9Y/w?0;2| %'Q4`sU4j3~4z}T jGa}熕WaijFFHOn]e /})p|{]1.ҍZ`K'(>,A`dfb5FFʴNE4pT8R #]oS0}eTV|lB ?y ePUG6|rBWN}\[ͪ(.)ETwhIbf27шR /(6ãA+erϐ[ Ip~Hg,sg|+g+neA30Ex䜝*1)({!uxFDƆL̍ĥY&QV#${QHV,+op}GF#b-"|y.v9#k8-z xM!)xe < v%Bu#ͷlF3ma[) 5LHS-%Dj+լ*-X*\PAՠ.q mRgo9MV(:c6W"=ҒmfU0>1yu $,"=Fh)Vd.A @C7!bf'|t )OdUY$+!crs ;4TMFVhiUQOhoo5aS jzn%7EEܭ{<9n# g]\ilv(9+6C"Tdg7nV˽DETZ )ލ5S ?ػF[K=0\V>Fv(*;'5:? h{N?>h7wh wS!-auE~ETʈ>0+xt5|lc0ޔCj S|;YfBGDRk"As|1nh;S3\QtvwgP|wZqS#cQiBh5C6> "أ\Q?@8{?eZh?#O=U@D;T;t#k\sQg}^T9eyCu эRB8?$XcYeWܺ:R wD_ Rk(Wv3'Y`g0-lU(YQC c=.~ mTs - ӲGWj?M)wv^TxΨYLW'AL֗hg,I'.vc|,˟7!|//?ib`TXnAÝKm]r@^)BL4Gψ-%  \2׳!vo?bYյƏ7{0O.W2Pl[; GiveMc۶)vUlJp; %&>^'"AW\iD=ٹxO 1Ab_(F/,hMO‚uݥ•G'mB3EeTI їcTә 9I!LS2(asZytL 'Į^Pi^x GJ>=[Ц%K:{86KCQuNQ'tvI?XN[a,o&O)r*\#L;}S&0зK-TU}¿ ŗ.,HLCF@ƭ #B\|~ :0\u^%ǁSo9Sy,pƽ ~eDYp Ȍq$E toJaIHy{UlmDBå*3P #@HJbySh`ۀ'Sv~K9j 7ﲢǖm3\v\pGJ*ڦU>)3?'юD!tJSͽ z!V `_2e/L$*ӆvU\-IS̡6sL#f\s3;B?ԞK|M8AkF ]6$C fxmm{@FP>#`a^QLY 2Q'7{9" %ܰ3+K$ nlg/|ĭ GWs.Y@wǷMRCɻ7h?#Dvj:ޢ˜,ɠb"Cgqj"Cd˸YCth]MBnU6E$=<KPgZ$aJBӀYwTn/C%=7WJ/&zB|eÉoL7 ߱#׃fS*\UfSD溓-{($0 *paz 3 9ڱ=}0ӡt B7N;<@kſJP#y}`dmKviBS&9~eb;8e=uL)g@?x\6%-*//D(љ?I7z0:F`~#Η0蚵㒐 JhgWAT*KIb _4%yBP[5Ѡ%gM.5?PDx=MH٣rQe_x#xmM ؝ NDhՉ>~g&ke.'j5pWF,dԟ.e$O _n/mJs0 sfw/Yʀ'|$˄m]D:Un#7ۦJ$VT0skdqƴҜ7$1<&>jNqNP)E٦؝рY/dPBGpS}h.h|ReW;V:_g%y"#Ux2d*1LUOjmh/,Й4RHQKlV=7*mag|o1afV -cvc*ix6F%tppG \;0-ǤY>_,Fr`Z0FyI2^aKQ"U'O":prSaGuBӃ$7Āamu*U[q.Ia?n*DNpLP8G,ڙt1Xo.}о &k7SLIg{r#M){L(p) 04,T,y- +b$;ҺhFR y+ӊFPqc&MňҦKh̝~>D-S:[VY 8ob!fEeM'|Y)] f[~rv#2ccqk_ˤ7FyTUpQ-OFۙndi&˷Xkcգ_5y-to]f]l p { ;" s&2b$މ&@4-%2K /רP"`tD0,H3{x Ŗ5K^?.X% ea㺠3B5:bك`e0&"PLIח<1Ly静^1^@ԣ{鵱6L_fn+swX% 8++c6@*iǻԒ]SM^da5We]o*z{QZvq_v8x:!ztPn`Vw*k/EC@ą ;5fx#شݍ/ӗ6=(wT m M\Rd,ˍT7V xubAS݁a:3ѝ_* >H7IJO:cx"Ef"dU%:ƽ7rxecRr F :5Hc,3u^A=wJŘHk&(0j_?ϑÝ:G-2G} uhjN@CMHJEk+4e@c~ć4Z"a˥Q5Pbqr싡d7"6sM 0&&{F`b_wӧUfIpEʆˍ42!z'3g#֋^.QU( Jv-, ll'N;(/8d:!UzH y$|a_o`KE,b>(Htrz{L+gD@ /lba5ˇkx7{2o-Aq&x:SM9b9tVR 𣊝J9Iз!zF~㶡*}| !014TTds$r4p2H\WOIխT3{DuKڅvAzmC_-w; ѱy. zg] ;; y=!hȞx&dtV#_+랰rN:X-'Sp E+$Sf_r$h=T0ǧbGլJuLk)U'hB;YT,BWqN!y齋::x`9:L1n o]\~n-vi.Fe$ Z\ݰ )7Pk~4=YPaCG8{jH;+V 0rKӧHs"踥Vp/&ٷ7sV-xނ +?bCY Ssh3Iϼ浼'iB/QCRveʨe#Z AvA=3ҭCxf[v^GK['FWG/¨Y|sdQ׭LCr+cf{U:m?cn (,- 5ջ "(}5Wj G\Z[9$5g#]<$%/sᥫpLQ0_j<CS}V6gvbjMmWС  "1{haV"IbKUIL+D"ۿYTqO#1:_bd=n=KY;AD.w% iq@[ГX#8`ģ8Ó#.HN7+` =j @#_,̂Ըu<;k囕 rgA?}mߒhE&mX@@#/^"UT3 [_|i8m:ZÒ4&}eC_W?&zqZpAo;TS;߬k>jGOw'6*w\o*=GRVgVH[ JO\YauKysxt/e-ED)neoP\WKyuY4ذ޶J}$2쫊;U3f$zcJ(0J%UT_CmZ|OGH6ҒlT~'" Fjrec͖0SOEiq9= KHœI'w1J{6==4I6:YX,/*wf -;/oI@/Q2LYN(Gl'ZįZ5k2gD*Z %bC#S(&UU8UѤx$>!>%!ry@5'|\N$^J 19Inu1ڎ,)뒮1g;iʃ;) cN*t6>A4SjcrZ#hat1\#dm_o: wFBIt#.8FX~ZMּ %?+.ُM*P86˕k*z ~D i;SQ?%0HО]]16GaXMbYB$M2iIt캨2 `\Ȇb}MO1v1^DdRƔ!c|l4XWKSQ K)׻tɘ{/m|wg8a'e. <'nLg{洎AZދneh#0iL?>vg;蘣UUwm0Rt*`@ [yf?(J襼{{J( Mt^rd1v^#m˪ %5>+9M˲I꧹ADK1F\w|knJ<6rB|Q8 oüC9z :刟.bM'Jb GߗƮqi1Q- ˍn Żࣤ"Re Wp$G^oۖߐqwg<)##be(^X0`ic.Y~9jC-a]=>𹷇_cZYw ;W)i~pa_;sxzWꂬ7 P.b=XWp'nEDzеFԮ@@l`=U?-_\gYuaхn M5Zelk;anTm,vz,t`>alIߥ/.HIM6'nq8<??Qow79l1ԩv+ 9}=ZUQGQE*a@ۢ͟!gX+:EšuW VIܒf|f2n۵7 >gD}Ym"En(wjv#W^&(RӟOcrqy° yI8ȯ0{ޣ{C "h`eP$lL"4k}U.)6FO+(yJOVY]mIH7@xluX:j J5x' O|廈-9P{fhXJp|r[y{Eg$66񹗪8]u ]j;k5~r0$B79W×f Z5{0RtTш#@cG|)xcF. }V#pn12Gߗؐ5Lg5!j/ﶖ'^M@ oB>tpjvās~*"EHt e`/^3 oO;nsow)*|/v_qhۃ5'Lɽ3ˇ,GdQFp2Ic6`V , (>M+JFEÅĺ]7n ׭L D=묀),l>x]4SbwVQvD]|HT \}8mY|IHU BqQ)N=%]s0KsҨ (%:B%v!1QBK "fe)A!nӻ<7M~uic eDO1\`}'rZRd%؀mDlYV:,02I-"d{; =ʍ@;MRPR6%j%qaK0 R]PTeR؄+е0s VR¯0ᭊ<9"@#~"kBSh$s4&΋6F+xh(LӬLLk9s874AyAOHb>\e ˧7*e逰$6xGڳJK!nK+gO!N3rPJshy]V qH;1RFQ7m xl%iL#׵ՃvfTv@[s]]QPt4!tpEKVKyܹU:Զ&?0˗܄p"AO\oܨb(d$a"es*eǥ4靤p З`LQN?}g0`㫮Esw^aa('Y.tG#lT-Ao:'eo(XXӛ8oEfy&8me8/.ȁt1hw=Ƙ`}V Y}xWR/6H>ѵ5QÄo@A}Х]]хG~jH/ELJ} rhq_CZ9@͠Vک6I#I.Y<߅$ S4 StY_O4a6R9 -pe%dOu,a%I{FlV,$qN"z}2#Tق >0*ã|V׽su蝀R~Q@B^\PF %K }vt*p ic3bWJrVr% p[G0r֤u.Ô-*&Jԣ& D49"N+*jjOv,H1g X.ū` P+, u&)"ɿKcྏ~<5,lG)h<嵱(;211TsR5+lWU'}Lnfy Jĉq~nV{#a1ԡf y81_HM>9}HL=vڨӬGwxz MfHj\ĥ`AUĺ8S2ӫ'b'(S=VOv ҙhdő:1JbVWyT#P7(,uɯ kLш3FwS {~*0{4$= .>H+>Gs~9Y7rI"7*otu~N颵7Ww *@nMWP [u[Űe r$$y<}IHghimp(\a\裊=[4"vRqYrq yq<1`)]Mvjwջy;5 S6 P "sǰ;G#N׊=ou$@;ď ϩ^ ڊ$~"Hzք{Qd"{ <3Ǡ?2 )"f(Gl͝#|NПczLJ`Kpj] 3 ӅfKUД2BA'3Si!O r0 lxXMXDj!|Vސ[(cX bDoܐol 0_quUc![ Em珪-axԂUXу;f)x; ‘Jn3b _ qƩ^HKNf&.<4Y<>pLQ_:'դ~oPkמKj D(}9|iEF-̷k&Y,|\&DJ}S)-(pJ7 90&EU}ih4$} wE}H>4/pp~\EӦ++Nxo"9CuITuw+38s& :M `j;{(H|NDj?v瑋ƩL~EK$ cz[P5!% ꒷$1{/Iկ}9A"VQ'⥋a[Bh :׽.[R;AFuNA -|3șh+Ghg}Μ9.?PP8u8Tbv8k-=6 d;G*.@Z*1JᏯSP7[Vi/4qk&;6Z zS;8$/ ~70r^z#CZOb{NsP˸_ &€qicD'tτ\wh*ӷ߿hojq#hէYzl7A$%5Q2Ǻ?ˆ}Ig_\'CKx:˱[$jǤx͵BgǬ8qԼ2 9MO WX-L:]rM:򓕂}SYͺ3p`5l0v~=VrEB {+Z˭Y&ص“q.^V,dhs iwaoJ.0Q 9/["!-mpzR+g%sg8H"!wX͉̐DEI~enz]4XƩ1!';h|WG`8~!Vr&W?{ubZ%~֚1:oo~Nڰ̤iK`􂰙 }u̶JɝOosۚQGGt.]؁]^LO+Wi@ 3̸'#p>8lz#) !.D.p0Q׷ofŗ qA9B:EIgyXA)8-z\$jOXf i%FI.s;z'X@|:L=B88Gr)\3L4d2Yz╁kdxo Gf`+?Uu2K: "k1C[ҰI"=-&^0Nvj 5>z\գ ~ :JQ#62=FrIaV䔚X~xVZb4v:?Fa.}֦5Ƽ@ Fv+zCYd0 MX%lv\bq" (3%ș kd+z+NJ׶\i\)K˯@>-PJ XW 4zoH}vbkkҦoZ?i}{SH3,̜05yA׋Ms>H$AKGEC^᠙vGѱ0gi.EW#uepeыUϭD*|YŌ`fRyoWgÅG&|(nrY$[I$7{Ft9iՇt_HS8|iPa64f.Fץ 7J'Xޭ_M>+iznxia5׮yOKvgG TZv^[ &o>+ԿnO;w]f]ƞIM$W[qg7T~JOY&5WbtseP-s۪ń'MjNȷzi !C,GP'ꅔO&LD(y?7/28Ţ"qO.OMXG5d ݚEq~yP1YQ"sLC4UhC`f`8Pn!fj$p'zzX6ס56&D;)s+S:9@"7CN͋;t>~821TOP{k[)GP X8?ⱔ"NPꞔ{eG~pI $Sj,]v#HYW4T-K37d5ÉooHC{kI<7EA?nmȜJ?yU6d-W{.\1у'$+zJ]H_i!wWZƥ)cnښ橙/;㓅iȰʚtD[6XO.&8X+_Ъ$• 8vd# > =)I&?p&㉾-:)Vyi`/^?xr VD(.Tyȥ9 }e"<*>)8HJ\-*}1Dsc8p13K2-^zܡ`([?5|[8GJ^F%ַe$U"r5ćLew,Txl>< xjUN^݋LYnf~EH7+jiiԘ{:W-3ՠnnD ay؊ݎ;9,"-| f7e*i1Mm1_!v"F^悩<ێc~ҘCNEa1F1rUHDIPtn~B%t9T\0dzD;7gKiZɕ7GL!;k&RvJ'zVж{Uȍ؟}O0M4&֣KULu7aTb`;$J򛥭sO)TM51J2m_A9UJlNGe˙H&*FL 4Nv\>/BCHcV˼ #ІtRXH( } 7 Tpzb/ pZ 錞=؜hJ@.fӉ+q/NJ3KoTCx6Bq?I /u:OkVvTV>ʉ(>kx<3\cHq`던^D7 ^<; 5kVʁQԼP$lN9Üf<;d,+WJh "}D(6$/xlw&HFADؒsxDZiR 1V(x>nebY]WgdNzw0z|=j„juW7Qvy6Ǘsj?tEߥ3GЬv3 yCzQ{lm2}٥zle> ʅ-8jhMvv ԉ?#ܶrk@%=ٌc,Cnq\)_R1QVb~Y!^H!] \3bq;픲M)='xZ9w}w3 H[bA eY6R z%ZԍEB ܪ))|vin)ݶ_F{J&9m,rL9(#Fل;̥:Uҿ#Nh5FFJ_ |H;QVV̸*Sk6M*,ǩu_ e.}{Rd(Q~8н]i{U-S6-y(R]?{Q T?%ω%-sC4гfΏ. 4 dkW$̻#,$Ҫ,hCVʻ~͙}L_3h(~Oo:WTrfXJ˾٠7SvqӧovVV(R (ijgO8a s:8 Z"KqFY#vGHC=t \@lh+uH#9sN`,aN^ YRE; Q~R KE/U+ٳ|7O*MxLЂpexF0мjV+!!g^)\Q=PÒHߘ]ra2FDdd䮗8$_NC4!|̊X5QpGr~ Rخe}~4`7}D^G 0Cbl„s;7- l{RPgDJ1wv~Ȍ$낧MӴDz /ܤ5_úaU2aB>Wn0t8?P!${hOEJ6P5zÄ#xۙӹ̟W-GyߕMWRTԐ C) 4=%1?!!yD mP"EmzkNb=`Ӯg/ZD u_Uq"U%IgN9iuGCO׋{j*> 5\5 dy+`V2yp?hVc˩m;b1؀[ݔ6AűZb4՜AӢ24I0T";s%CU=O,Ê ˯DެL4y)\V5HJ ½c{FKYsBT|],ypXxѷmŀN7fY3YlNfIQg;@rY|]8eQz@.ʄJ G,bn6*ۘ18T)U=F3rĔ!6 DQ.jؓ!Ѹ~`9 ]Y!DOY$D&56^?\4 .rsp uQ0PП `g1lޥkP=H%w!jiޟ6rZ9=ڋk1{]ђ3bȮo YZՇJmyk:ג죿/e>} ^ny!I!t(ɏb !14\Or·a[Nm>jja*`:l+1=IZ]"v}kpHNI5oݡʠgP~?/E8#tr*5EN>_zߣ49wFp-G9yj0%RU6%~sT62` )%sIO yH13Njނ9o! ,0&Vܟ&@y$QAx!ƻRO?fH'i,бO?nUX@m~5ݸKKToN"##?=`AL[Gƞ&C[yq*܋̒nAkYdO9GPJ_-6bEZԣ'XX]"+ b#b\p7{"`V {C P? y+atF= D=5KI5f<"O`%\OsX *_8}v-9&DQ{$ykL)"_[&ҖKΆ42̐*_p޷-<BC&Wr {*YMCynƐdٽ  $ꑹfP2)!Aj!o=Sm^ }N'9pw$G~9CL1,.7E _lF ˟b%Kɛ?1{ҪETd &&z %V}P@CHٛ|NVd |Ύ~L1웻 Ox CR܇Ps,&m*}dgGA*Д2RzzEy7X+>A=ߦ$C`]\[uꓫ&FƸHjpWH]dA Jd֖׆(>z #zcq:2i=#J%ߨti34 Ct?5F5% %ҿ]o,+0&!RJ!D{?>ʦ ZDzn'쬥RIgA1lO#FTp4gy̝9ٛ7^q_ۣi{q9It;pǯ)rQ eD^; "wAς^jFiLyxR]۷Iyd'{˗D37*qRJ+ Ji7}6\ C1@M;~8' Yk#Z)Pf Wu=c`" ]%U]̈ppb8OM^.\M-ZvC3KCMm(렾"(obK3(#pDE``P"ήhZB͠jv,x |OO3>uH{RSOݘY؈ iL{ {潶89i&AćX8=)XCj *H=^Jo>!kލ}XRW€`"sG-u@>J4!\ؤgl-{X\Cp`iZtTV!۞?qWPcBRߤjG[ky?X'mk)?7n\^U/]ou3| ^J߬[_f&`h[Ӣ6 VH#CHr1ŦD[F5h֗!rAeͬv@%jV\pq\br,rճ;[d3 1<ŗAq?8M#˓)s} Q\'9|k@~N-.\r泹A00gRK< lw#{i_fbf21 Yp.]FRS.i|p pIwXǔyVSx:&/%uK݉b]mh`8*d;'ԺI q郥KdJ mTm+ eq3>, %[4^$~_⢼Jn.ͨ3l(Ô4#hg/S]gU`k'`rEEǐQQA |M#k`M#A2z3T\&tZLU7~ RdJXNd|DVImV|ԔzV@մ9.hg͝-\ҥ&:sY5Y}qz`=n6os,'f'P-)VÞ }ŏ7J4m#,/j֒ P臫74q>[a]TO_t&)^Z ~ @"J6< b6gg+^herDw (1 z?:"ΰ+TQ˽Kz&^AQ LFF=+HJA1:`Qsmeb&xM{Y#ÛK]Q]ڍ)1&A*͵ 5gn3N-T1'G L'MHk-M wy"pHvG|u{r-ڜ:Fq69vJ@ b5\)o<&^p2f[^6H ?IL=_4drOХ9 HqwۓztzMtuڪvSQ;,g [feFN!7 ')BH!uT Q>Ɯ?Hq5x=[#=46,x<7Z"G Q/,gJ^fKH >c=]l2X}:8[ QkUo wZ)7&&!c=OvnXHۣ:;ݪݠcf^Q˔zP`'|0@9UXa%_s8uˬ"EZZ ?\y®ҁ9bMb϶з/^2 x&KuPGNPؗ0{>h8_C~~zAuwILEމmyOܣe7\z1rTZ1nur{DJi$YqPoҏ. ځZO4 H/s/ ocʦ?o1s70nAju-;}`G#Ą`Q_# *pY.SVS8Z: (,%m1Y9h MҸsȏ[q`FKH:Um.!:$E=6blvMMA-/ MŞ}>Y^`\<cD N@oȋ<<36 , #GN1b`Y3,Vѝ.ӓ]ВJ09soM6h.|(h޹V'RIv`D%z2&B$dK9f v~|9-;R 4-73]_ 1@V O~$i^)3> *[54v whH#;%C@T_&ױ-LذJ*JG6o޼|amlP>C.ݯ*~ւY}0m!ANlٞ%vw "ptzPgmНv^څ┻w-{-z)¿I9ڢ<>3zV>5VQ=s)eK@i:)񞉺ZGгX9KvrYy UDį8ye^.cvldG= JhA&`:gM|vl.|ic:T\v2;kFxG>yozxK#W ]ntΧZ/*o>==@ZD 7J2~9áECi> r0њ@`xhvm}{ExJ:yH?|Nt2hj}?Lᑬ+HddӞ8mtXVvMtG85 f#*a8g:!eN^:cPANJpO$>;5_,b|Szu8aMq_L)#a^zh-e- "Ro4kϪz[ZgUwnHv,f_FPScVղw:!Ģ] qvSO+Aȗ5?Ed S P=KE[u} q+s)_ڴߝIĔH+\YOW(ʨ`Gkø"os''kw4*8UpE5[ ?~UnzBcg)%ɤe0Xߔ;|ódt쭭зK c,48h,)\qF C{PNaIzMaR ^M^?JAZIx+#nfS<7A8g9lc4 :?>r5St> r*fGg՞2o>Q<L-"tZFTe".|;1b!cw"}v4/9m :mXo-4sIbməL)k}=纞Qr<;*(8Q=XmX (~>/6jwLKУd~%{)є^. 9n2nnntbM(N3H( kAJ>s(C̡bs].``cu ASA<ᒡ L*h e8OfFB"0TM]ZЗ6+ 'O![}p@ц7/Sҧ 莝ݙ )P.x{a<,"|''Z[%%S Ɠ؍ B'iP'PRdN%/Rpl㭔 汗5;6%nRrsӦjDxr$n73"w<H-RF~QUc9naNYdXŸfHG)2d)^) 9; |j[i{YsTmC}'H6"63F0UK('I+7Z=IZ#gn,piJ{,DP.STV8|qiq IحJ> bVi<$,XUƸÜ{p YZ