openvpn-auth-pam-plugin-debuginfo-2.4.3-lp152.6.3.1 4>$  Ap`{/=„J!E mC7*.Ajk8I)mT!F uBS^c l|yW:Crkimj/̄iFWL*CmQLx;5 ܈$~Fl(cl6F2UTUu@ .@25 6EIq%J=gm-jg f;1|l&pl2#M'6533a39980ccf0349c3c8a96977a05c98d3b8d9400a91aa66cb0a476ecf6f37f95c4eb412a4a2c9e2cd1a1cf64f46bc98ca08d4au`{/=„IsH[>?g>F?fw3_eO _  Ԇ4M :4v>.kt εRÝ>zQAчC {MNS݌*2/4sy šglz^H2o&%&9iL|N)) 3y_HgQpPCV#D[81M[g:"LKV+ڳ𽁌<8Є|CX*oM>p@C?C"( 4 j(,8<OX      (  P    X    0!(O8X9:pF=rG= H= I= X=Y=\>@ ]>h ^?#b?c@dA(eA-fA0lA2uAD vAlwB xBD yBlzBpBBBBBBCopenvpn-auth-pam-plugin-debuginfo2.4.3lp152.6.3.1Debug information for package openvpn-auth-pam-pluginThis package provides debug information for package openvpn-auth-pam-plugin. Debug information is useful when developing applications that use this package or when debugging this package.`jcloud101XopenSUSE Leap 15.2openSUSESUSE-GPL-2.0-with-openssl-exception and LGPL-2.1http://bugs.opensuse.orgDevelopment/Debughttp://openvpn.net/linuxx86_64CpXAAAAAAA큤`j`j`j`j`j`g`g`g`g`g2b76b05f791c3b2724c5ac3c6dff6a96404158fb83227d68093a0d3e122cfa4c../../../../../usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so../../../../../usr/lib/debug/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so-2.4.3-lp152.6.3.1.x86_64.debugrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenvpn-2.4.3-lp152.6.3.1.src.rpmdebuginfo(build-id)openvpn-auth-pam-plugin-debuginfoopenvpn-auth-pam-plugin-debuginfo(x86-64)    openvpn-debuginfo(x86-64)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.3-lp152.6.3.13.0.4-14.6.0-14.0-15.2-14.14.1`BZZ@Yܶ@Y@YMYA%@Y6@X@XXXXBX<@WRW1@V^VqR@V`.U@ŬUUv@TPT|X@TR(@Reinhard Max max@suse.comrbrown@suse.comndas@suse.desebix+novell.com@sebix.atndas@suse.dendas@suse.dendas@suse.dendas@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.commatwey.kornilov@gmail.comastieger@suse.comidonmez@suse.comidonmez@suse.comidonmez@suse.commt@suse.commt@suse.comidonmez@suse.comidonmez@suse.comidonmez@suse.commt@suse.demt@suse.deidonmez@suse.com- bsc#1185279, CVE-2020-15078, openvpn-CVE-2020-15078.patch: Authentication bypass with deferred authentication. - bsc#1169925, CVE-2020-11810, openvpn-CVE-2020-11810.patch: race condition between allocating peer-id and initializing data channel key - bsc#1085803, CVE-2018-7544, openvpn-CVE-2018-7544.patch: Cross-protocol scripting issue was discovered in the management interface- CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service (openvpn-CVE-2018-9336.patch).- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877). [+ 0002-Fix-bounds-check-in-read_key.patch]- Do not package empty /usr/lib64/tmpfiles.d- Update to 2.4.3 (bsc#1045489) - Ignore auth-nocache for auth-user-pass if auth-token is pushed - crypto: Enable SHA256 fingerprint checking in --verify-hash - copyright: Update GPLv2 license texts - auth-token with auth-nocache fix broke --disable-crypto builds - OpenSSL: don't use direct access to the internal of X509 - OpenSSL: don't use direct access to the internal of EVP_PKEY - OpenSSL: don't use direct access to the internal of RSA - OpenSSL: don't use direct access to the internal of DSA - OpenSSL: force meth->name as non-const when we free() it - OpenSSL: don't use direct access to the internal of EVP_MD_CTX - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX - OpenSSL: don't use direct access to the internal of HMAC_CTX - Fix NCP behaviour on TLS reconnect. - Remove erroneous limitation on max number of args for --plugin - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY. - Fix potential 1-byte overread in TCP option parsing. - Fix remotely-triggerable ASSERT() on malformed IPv6 packet. - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst) - refactor my_strupr - Fix 2 memory leaks in proxy authentication routine - Fix memory leak in add_option() for option 'connection' - Ensure option array p[] is always NULL-terminated - Fix a null-pointer dereference in establish_http_proxy_passthru() - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data - Fix an unaligned access on OpenBSD/sparc64 - Missing include for socket-flags TCP_NODELAY on OpenBSD - Make openvpn-plugin.h self-contained again. - Pass correct buffer size to GetModuleFileNameW() - Log the negotiated (NCP) cipher - Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c) - Skip tls-crypt unit tests if required crypto mode not supported - openssl: fix overflow check for long --tls-cipher option - Add a DSA test key/cert pair to sample-keys - Fix mbedtls fingerprint calculation - mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522) - mbedtls: require C-string compatible types for --x509-username-field - Fix remote-triggerable memory leaks (CVE-2017-7521) - Restrict --x509-alt-username extension types - Fix potential double-free in --x509-alt-username (CVE-2017-7521) - Fix gateway detection with OpenBSD routing domains- use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)- Update to 2.4.2 - auth-token: Ensure tokens are always wiped on de-auth - Make --cipher/--auth none more explicit on the risks - Use SHA256 for the internal digest, instead of MD5 - Deprecate --ns-cert-type - Deprecate --no-iv - Support --block-outside-dns on multiple tunnels - Limit --reneg-bytes to 64MB when using small block ciphers - Fix --tls-version-max in mbed TLS builds Details changelogs are avilable in https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 [*0001-preform-deferred-authentication-in-the-background.patch * openvpn-2.3.x-fixed-multiple-low-severity-issues.patch * openvpn-fips140-2.3.2.patch] - pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2 - cleanup the spec file- Preform deferred authentication in the background to not cause main daemon processing delays when the underlying pam mechanism (e.g. ldap) needs longer to response (bsc#959511). [+ 0001-preform-deferred-authentication-in-the-background.patch] - Added fix for possible heap overflow on read accessing getaddrinfo result (bsc#959714). [+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch] - Added a patch to fix multiple low severity issues (bsc#934237). [+openvpn-2.3.x-fixed-multiple-low-severity-issues.patch]- silence warning about %{_rundir}/openvpn - for non systemd case: just package the %{_rundir}/openvpn in the package - for systemd case: call systemd-tmpfiles and own the dir as %ghost in the filelist- refreshed patches to apply cleanly again openvpn-2.3-plugin-man.dif openvpn-fips140-2.3.2.patch- update to 2.3.14 - update year in copyright message - Document the --auth-token option - Repair topology subnet on FreeBSD 11 - Repair topology subnet on OpenBSD - Drop recursively routed packets - Support --block-outside-dns on multiple tunnels - When parsing '--setenv opt xx ..' make sure a third parameter is present - Map restart signals from event loop to SIGTERM during exit-notification wait - Correctly state the default dhcp server address in man page - Clean up format_hex_ex() - enabled pkcs11 support- update to 2.3.13 - removed obsolete patch files openvpn-2.3.0-man-dot.diff and openvpn-fips140-AES-cipher-in-config-template.patch 2016.11.02 -- Version 2.3.13 Arne Schwabe (2): * Use AES ciphers in our sample configuration files and add a few modern 2.4 examples * Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer David Sommerseth (4): * t_client.sh: Make OpenVPN write PID file to avoid various sudo issues * t_client.sh: Add support for Kerberos/ksu * t_client.sh: Improve detection if the OpenVPN process did start during tests * t_client.sh: Add prepare/cleanup possibilties for each test case Gert Doering (5): * Do not abort t_client run if OpenVPN instance does not start. * Fix t_client runs on OpenSolaris * make t_client robust against sudoers misconfiguration * add POSTINIT_CMD_suf to t_client.sh and sample config * Fix --multihome for IPv6 on 64bit BSD systems. Ilya Shipitsin (1): * skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto Lev Stipakov (2): * Exclude peer-id from pulled options digest * Fix compilation in pedantic mode Samuli Seppänen (1): * Automatically cache expected IPs for t_client.sh on the first run Steffan Karger (6): * Fix unittests for out-of-source builds * Make gnu89 support explicit * cleanup: remove code duplication in msg_test() * Update cipher-related man page text * Limit --reneg-bytes to 64MB when using small block ciphers * Add a revoked cert to the sample keys 2016.08.23 -- Version 2.3.12 Arne Schwabe (2): * Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it. * Move ASSERT so external-key with OpenSSL works again David Sommerseth (3): * Only build and run cmocka unit tests if its submodule is initialized * Another fix related to unit test framework * Remove NOP function and callers Dorian Harmans (1): * Add CHACHA20-POLY1305 ciphersuite IANA name translations. Ivo Manca (1): * Plug memory leak in mbedTLS backend Jeffrey Cutter (1): * Update contrib/pull-resolv-conf/client.up for no DOMAIN Jens Neuhalfen (2): * Add unit testing support via cmocka * Add a test for auth-pam searchandreplace Josh Cepek (1): * Push an IPv6 CIDR mask used by the server, not the pool's size Leon Klingele (1): * Add link to bug tracker Samuli Seppänen (2): * Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes * Clarify the fact that build instructions in README are for release tarballs Selva Nair (4): * Make error non-fatal while deleting address using netsh * Make block-outside-dns work with persist-tun * Ignore SIGUSR1/SIGHUP during exit notification * Promptly close the netcmd_semaphore handle after use Steffan Karger (4): * Fix polarssl / mbedtls builds * Don't limit max incoming message size based on c2->frame * Fix '--cipher none --cipher' crash * Discourage using 64-bit block ciphers- Require iproute2 explicitly. openvpn uses /bin/ip from iproute2, so it should be installed- Add an example for a FIPS 140-2 approved cipher configuration to the sample configuration files. Fixes bsc#988522 adding openvpn-fips140-AES-cipher-in-config-template.patch - remove gpg-offline signature verification, now a source service- Update to version 2.3.11 * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data * Fix undefined signed shift overflow * Ensure input read using systemd-ask-password is null terminated * Support reading the challenge-response from console * hardening: add safe FD_SET() wrapper openvpn_fd_set() * Restrict default TLS cipher list - Add BuildRequires on xz for SLE11- Update to version 2.3.10 * Warn user if their certificate has expired * Fix regression in setups without a client certificate- Update to version 2.3.9 * Show extra-certs in current parameters. * Do not set the buffer size by default but rely on the operation system default. * Remove --enable-password-save option * Detect config lines that are too long and give a warning/error * Log serial number of revoked certificate * Avoid partial authentication state when using --disabled in CCD configs * Replace unaligned 16bit access to TCP MSS value with bytewise access * Fix possible heap overflow on read accessing getaddrinfo() result. * Fix isatty() check for good. (obsoletes revert-daemonize.patch) * Client-side part for server restart notification * Fix privilege drop if first connection attempt fails * Support for username-only auth file. * Increase control channel packet size for faster handshakes * hardening: add insurance to exit on a failed ASSERT() * Fix memory leak in auth-pam plugin * Fix (potential) memory leak in init_route_list() * Fix unintialized variable in plugin_vlog() * Add macro to ensure we exit on fatal errors * Fix memory leak in add_option() by simplifying get_ipv6_addr * openssl: properly check return value of RAND_bytes() * Fix rand_bytes return value checking * Fix "White space before end tags can break the config parser"- Adjust /var/run to _rundir macro value in openvpn@.service too.- Removed obsolete --with-lzo-headers option, readded LFS_CFLAGS. - Moved openvpn-plugin.h into a devel package, removed .gitignore- Add revert-daemonize.patch, looks like under systemd the stdin and stdout are not TTYs by default. This reverts to previous behaviour fixing bsc#941569- Update to version 2.3.8 * Report missing endtags of inline files as warnings * Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit * Produce a meaningful error message if --daemon gets in the way of asking for passwords. * Document --daemon changes and consequences (--askpass, --auth-nocache) * Del ipv6 addr on close of linux tun interface * Fix --askpass not allowing for password input via stdin * Write pid file immediately after daemonizing * Fix regression: query password before becoming daemon * Fix using management interface to get passwords * Fix overflow check in openvpn_decrypt()- Update to version 2.3.7 * down-root plugin: Replaced system() calls with execve() * sockets: Remove the limitation of --tcp-nodelay to be server-only * pkcs11: Load p11-kit-proxy.so module by default * New approach to handle peer-id related changes to link-mtu * Fix incorrect use of get_ipv6_addr() for iroute options * Print helpful error message on --mktun/--rmtun if not available * Explain effect of --topology subnet on --ifconfig * Add note about file permissions and --crl-verify to manpage * Repair --dev null breakage caused by db950be85d37 * Correct note about DNS randomization in openvpn.8 * Disallow usage of --server-poll-timeout in --secret key mode * Slightly enhance documentation about --cipher * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo() * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo() * Fix --redirect-private in --dev tap mode * Updated manpage for --rport and --lport * Properly escape dashes on the man-page * Improve documentation in --script-security section of the man-page * Really fix '--cipher none' regression * Set tls-version-max to 1.1 if cryptoapicert is used * Account for peer-id in frame size calculation * Disable SSL compression * Fix frame size calculation for non-CBC modes. * Allow for CN/username of 64 characters (fixes off-by-one) * Re-enable TLS version negotiation by default * Remove size limit for files inlined in config * Improve --tls-cipher and --show-tls man page description * Re-read auth-user-pass file on (re)connect if required * Clarify --capath option in manpage * Call daemon() before initializing crypto library- Fixed to use correct sha digest data length and in fips mode, use aes instead of the disallowed blowfish crypto (boo#914166). - Fixed to provide actual plugin/doc dirs in openvpn(8) man page.- Update to version 2.3.6 fixing a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT (bnc#907764,CVE-2014-8104). See ChangeLog file for a complete list of changes.- Update to version 2.3.5 * See included changelog - Depend on systemd-devel for the daemon check functionalitycloud101 1620821610 0006fb8eebb3e3c20dfd20f299217f6f815c534c2.4.3-lp152.6.3.12.4.3-lp152.6.3.1debug.build-id0006fb8eebb3e3c20dfd20f299217f6f815c534c06fb8eebb3e3c20dfd20f299217f6f815c534c.debugusrlib64openvpnpluginsopenvpn-plugin-auth-pam.so-2.4.3-lp152.6.3.1.x86_64.debug/usr/lib//usr/lib/debug//usr/lib/debug/.build-id//usr/lib/debug/.build-id/00//usr/lib/debug/usr//usr/lib/debug/usr/lib64//usr/lib/debug/usr/lib64/openvpn//usr/lib/debug/usr/lib64/openvpn/plugins/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16267/openSUSE_Leap_15.2_Update/af9da428d5d26d07303ea3b13cd46e8e-openvpn.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0006fb8eebb3e3c20dfd20f299217f6f815c534c, with debug_info, not strippedP]xF 9openvpn-debugsource(x86-64)2.4.3-lp152.6.3.1utf-838af4bcc38d90710cc45e6fdf75a56bf34f0fd20263282e8f920bcc290f0bfcf?7zXZ !t/..] crt:bLL #;Jf-Ƀ$Z(>&a';}sU'LIȪ"1ܘ4q\x҈rt-?paj+GgF] v-O>9jENٿ*ka GOY[ 5#XƟ߮Z9ZiT*\/3\$_6 ?񭘚w WZg}Jx/W\=oMEX5 [N1QN&VDq拐.^ YloXWe{X0o'(F9Bl`'whkoKdv6 ^NX^USk 8?<.qCs>ycƬ㴝WS9 iO]XYVҁ#XzF#o[q$J;{$ڟuYis.~ IuqAe|3.H4@=Csx1 \Q8<3~&wL6;q3 'P|ú7ݹ2nE3Wէv盖pД秓.akоT["ڱO6LD%N%0ũbE*p=ܣBD_w3VE]0+b13:{ i`Q5ZGWh*anL k V0wҏ ݊l }6Lr̨իS)t%5:\rNSSd/],y;~;u-17F$JWv{U K /?/Sp+'^g ;//WGQlߴ:m--<# % O}-3waMDsD&]9(dJ&KNZ6RĴf#q X|ySj-_Ȥ=sTEO9fc.녁/AVF Ak:c?\Kڛz遣~Dtƺ.N6Lv2횳qt8zn˘[ O`_@>IdE(w3 lYVDL, ECTpL INa>C NYՏ[J -. `2ˤv 6sm{ᙓ?./䔶sD#m?A{ֳy@;+t1}?[X /RⰆa?c=lVeҎ}v6]T 1nj4ߑQ:y9.V \x{eƴh1cʏ)#g v@OϬ_j?$ʵ)4<9&U*MXn:_ȑi>\>`U HPỒNVzb.Hx͒% >Vaftnݏ'Kj=hK=ȕI9b)u JmAd-C_Zk$h$K>hDSnz TQkdv-ғ P$ 4_g涜<2FV6++ T?H= ;}kX{P+*8*JP,h,mFAFÀIU.?m'?4QتC%cDTeha4Umgx웜E׈HUt%w[V*"Rلx`=oXF6h+OcP#bDa³P2Nw k^ "J^`!lj#m}reсg4C/;qG%Rj;wAa˘&jګ *劓{hùmqeBWҬ}ܑZFX&cEcA% QI%[o%y#{-p)qNwr>X0~? !x@B{@ } As59MlFWI UW<@g.x羑0+}%]C@ Ts#ު0c2Iuk.% 8g0"6c{(JQBQ~IIߪ{U>Q/]'t_"/ͽGhD3&]IbU-b:L+b@yX WZN(? UCôsoPZFْށFo ~1%Qi-OnF4\o9XCc3MjMIPp/& gwi Hî(M~ *KPZ` mR_d V9~o:YR֜{vGQU{6/S?{|Wckx]O9kabpJx5ЛoN1oʤB)k9aOOb)ݲ?g2AY8O&(B(GZJh#ӏLWXF+{{pM*p$bW|쌪 Ĥa),jp{6IyGKlfO\{GQؿ E><1 #V8<*&h-LdGp(o3b})c |F~g8sz`WFo6A~qX2fd C~SUwp}knCA$#$#. y-U;!{eKlа$kKdǧv8(+"VMwYgɼ,' o+izT12p@S%AI%u(¤86䦥hs_ ZL,S쿮mR$bTBgOJyhM9ߗv1 쿨+Upݸ3.Y%Km<}pYjZNͣS_s߫ giۜUVbjڻhwɏ1a\F'M <)R=*Z=3]!cyHneM1{U{@Z9UŒ:P &W@@_ʐ12SQ;{#]A!VU K/w,9wL9QraqΈi,Uq7d`| hAj4 be/yZL}W@vGKT9;ZL ^a7 Lu&\?`C9ȱb4w@Mr&54b$(ԙg@<>"WAUW]%Te"Gg&aՈJo|xNtՆ#,Jt9 |NxrO\du;Kke=& N9rUx3%,@Dpkp~K'6]ȭN8(gg.w=G4,7 ٰ8h-/:c䐨8bhdv:`3ŧvp|B%2&2v& hHrayE&^Dosg<3<{dX [V k Rq$GӼC<]Bj&'J0U@83ގ# L"Y 3jՙ*LkuHBВdg?agk͢+l;^r}6VȨI˯ mX9>79KcňvrDNXO,X.cB?9/eҿFSfV#] jPguw$Y<7by;k%W{ԸndHl&gN@}Q<_Syj/Mousxd17Z!yv*\ d?m/28g)[N[ӈ/_h(p\,m8aNN:XI: Hugʟ|{6$ k# ǒw6\ښĭ2U)M%0 R&|{|{o1k.DrZ4 F81i\ |m,(5-'8*}e*1 [+; ϊewlq|p1qM]XyAnFbX1H `t0L|N b>ab8I 5vߊ@X Afu ߊ:߬dN,N =^ @ BI$>k̐e7T RǮv{+.9m HuZHXoy,MI$Auݠ1i&6k8j\f5,-YY5 sqɩcxKsvY$[qǯ3]MC*[=CS$c}nuנڵIUrدmzI^1.+S ֘s>(2[%HdԔ03Z Eq:Sj;owxjCϗ 4we1=nA #5m"zzTckK@P|J1!Dz_ *Mfi{;mvy>,{y]ؘQjlMo~=pYTGla%~/Eu.·ZGjC]")o-` tM.,仕 {}Ч|!  jL%Y .,KnT4E_HzQbN+ /o|lRA/_P ]p;C^zC)MrtIjBlM/1bkH?vH SW|x?+T[Z|x '֚|Րݻ.7+r)ei$h$~9;.+٩xÞiy.ao6դy%i;wBڃ)P2DH%I+eǍ~_twGÎ< -Du?\DT@ MʚԣWD7VcL(z:̑'/>H<#d6"$i-0Ԡ/~<ۻ!+ "< f DRcZ^IUlh俑{'. 2VȐaʪ %))񯎜}f&9֏Aia w6?'la8õÈ7 ݏ5)B b ɔvz(%V 8GcI]}û n6zmowxˋйQa"&*ǒV $n[.͌FQ %vCG _2w" ?1e uBXt $6a+ pӁL׳?&oDeuY`PCN6p,L<5~}枒S!;ΗV\|jc6۫셇-!``j|N;OrY4@hzM_cwM=zz1e@60&MiLF#J?:0-F:pJNEǯT4LHxo T3jBs^vx= ۉ= hjWB5Cr)_&۞gVaTSOwih2Zm8435lDqϲ%PlAmJR4byopG-\aھ}831! #m01@90Zd$Vb0kqĮ4Qy8qSrWZJ.16+a {\Iy57:a$:Q oviX`=:|GCD8kUŵ,]zэP?ib!ގO &1: ~L0X1ƋrGz낄6}"k^:|^:S0h6צtHukhsVy[@.iX{\_H1¼Fe%ڪ4ڛ(ř̯]%d{L%W tsq 5Cobɏ!mbXqk;r hnS$D=N( _& I f0t`;quC|KrEu_Ͱf> ,+˦Vcj}4Gp鶭ֿK`yqO|}*"z9\+:_~*$VPy19b3mbD,+A4?I!q"H/#ua3z~a2$[1B]<~2QbGԶ@2Uօ4$ٛ,'FohO|r gW.ieh7*pbA`ؾN!H~9"Mi]WJw0_K_1+"qAiY̟gxnt@Z'!^XӤ7Ztp3eUF(JG>9\;`@V.Vc=ޠ>&Iyz}YɌup&F!B[1Iy!J0s엻LԖ ۊ VMe:(L`2k!(PUY)+ti:ʐʾ;_zIlBe?TwGܳcPPsNPϒ7*O,v#(HnϢ< ߕ;)l?~zmz-MY^q 3+) ͔VAWzQ`fTWyi*b4=oC 81UOLN(lrթGoIj" _t\O/f%U=<;lY ֽ^T`^jOBD#9 '!G{CΥ秗ׯy T; n9rǶUZ &Zq5\׫;ݚM(Ay+H|F5 u9\gKw۹8y*,]=*EbOEڌ$SµT 5r )ImxqvG՝O{cd1ϳs䄳n`p=a|v`u<064ōܠά?p%C0!q̩WF_mhe 6Tka[Rj9_zl{krfQE%#>AD"zn y+, 8H/Ӟ= 1j2Irݎ,݅V'/Orm$3)Za 9\<u$EZKst?"Fx ]HzIFPiH3u ";f^yB#/POSyw` U߫A V'`5"H`A^IUG0I]U\K u"Zȇ7 enr6CYџX F|6r9XY|7IjCzl "c5nM򕔬Cʧ4n8=C7FK7idTO3!4] 9`|̒td}ՓsHͺfGOp̈vI=%m5yP7S,"vfzG)0rG\Y\Y_\5XfEj'v$vll`e\?nez[s1Nhؤ+kM}quiGbRgd({sdPwH༏(H vSBF+5Bե=_(m(iVyaTN 8>>~N:P=AM+/c(@GcmlVdH}P7|a:mҦ0sV-'wS#jjF,f&3fd!ޓg7M  ]!4nV,|ġ,6ܱ[QFtFEޯO0Z\\mQzq2]/*>ǟu[\r^NfLb`_;/ )? ޘMV]U^nMunaQ"|c5] `X]%+tH5S|f'\CÃAf4J\wS)qWKdX3Cto$=PAp(v޽K ?^VH< ̿,FE M#E Z}1;|Ѡ&.8%$Dѯ *ae n o͉z(=j96]߇BL_zDcߍɟؒweb%&a hZsd#aܞ 8`x?-C^;ԀIy#ZF"ݘ'ƨ\:~Loڌ_pnJ]_S"s,Os,c'Ve6 TH"&UfGߙ#W\h8 YZ