permissions-debuginfo-20181224-lp152.14.3.1 4>$  Ap_r/=„44/-c2ab(of'T[K1~ǫS|Ƀ1B|N-G`ƀk@A BL)' 386u!3`}#Ye}g` &@)òxND)O$Š|(BsYṆ̌';ߞ>$8䳘s{]6g>hs؉p!ŀwNSn)N b?N)`||`l8[R֘Ff !3c4b5dd529621aaee0b46378434b4620c3f0aca2e04f9e794d954b3fbd79cac70d219572ca35c4722cc2bcccdcfe6cdb2933c8e1_r/=„U zmjLCi6P+siU , $_𝍱s18Zx5=Yoܟ:[𑐕}xț$ n2 n`,tJ-4"Lx"3:%4:~1.ʊ}E5]HňMc?ݷJo:&oZ5hAR8UrTij3_Eptw{C=CnxGm:3N5lx},)KSS\>pA6\?6Ld! . X +4= Vh    D ,Xx3(O8X39$3: e3F1!G14H1TI1tX1|Y1\1]2^2b3c3d4Ue4Zf4]l4_u4tv4w5lx5y5z55555666HCpermissions-debuginfo20181224lp152.14.3.1Debug information for package permissionsThis package provides debug information for package permissions. Debug information is useful when developing applications that use this package or when debugging this package._qbuild79openSUSE Leap 15.2openSUSEGPL-2.0+http://bugs.opensuse.orgDevelopment/Debughttp://github.com/openSUSE/permissionslinuxx86_64OAAAAA큤_q_q_q_q_q_q_q_qd1e3c773e615c72a599adca6163983f106207fcaafec90748dfef777421b82b7../../../../../usr/bin/chkstat../../../../../usr/lib/debug/usr/bin/chkstat-20181224-lp152.14.3.1.x86_64.debugrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpermissions-20181224-lp152.14.3.1.src.rpmdebuginfo(build-id)permissions-debuginfopermissions-debuginfo(x86-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1_i^?@^ϧ^>@^^y@^\@^Y^;^:@^4]@]@]@]@]:\8\b@[@[z@ZiZ\Z%8ZZ@Z@Z@ZNY|Y@Y˒Y@YY@Y7Y2Y1S@W"W@W@WBWBVV@VV2 @V +V +UuT~@TZ@matthias.gerstner@suse.commatthias.gerstner@suse.commalte.kraus@suse.comjsegitz@suse.comjsegitz@suse.comjsegitz@suse.commalte.kraus@suse.commalte.kraus@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.comMalte Kraus Malte Kraus Malte Kraus Malte Kraus Johannes Segitz Malte Kraus jsegitz@suse.comjsegitz@suse.comopensuse-packaging@opensuse.orgmatthias.gerstner@suse.commeissner@suse.comkrahmer@suse.comkukuk@suse.commpluskal@suse.comastieger@suse.comrbrown@suse.comkrahmer@suse.comeeich@suse.comjsegitz@suse.comastieger@suse.compgajdos@suse.comastieger@suse.comastieger@suse.comopensuse-packaging@opensuse.orgdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.comdimstar@opensuse.orgmeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.comkrahmer@suse.commeissner@suse.com- Update to version 20181224: * fix paths of ksysguard whitelisting * whitelist ksysguard network helper (bsc#1151190) * pcp: remove no longer needed / conflicting entries- Update to version 20181224: * profiles: add entries for enlightenment (bsc#1171686)- whitelist texlive public binary (bsc#1171686)- Remove setuid bit for newgidmap and newuidmap in paranoid profile (bsc#1171173)- correct spelling of icinga group (icingagmd -> icingacmd, bsc#1168364)- whitelist s390-tools setgid bit on log directory (bsc#1167163)- run testsuite during package build - Update to version 20181224: * testsuite: adapt expected behavior to legacy branches * adjust testsuite to post CVE-2020-8013 link handling * testsuite: add option to not mount /proc * do not follow symlinks that are the final path element: CVE-2020-8013, bsc#1163922 * add a test for symlinked directories * fix relative symlink handling * regtest: fix the static PATH list which was missing /usr/bin * regtest: also unshare the PID namespace to support /proc mounting * Makefile: force remove upon clean target to prevent bogus errors * regtest: by default automatically (re)build chkstat before testing * regtest: add test for symlink targets * regtest: make capability setting tests optional * regtest: fix capability assertion helper logic * regtests: add another test case that catches set*id or caps in world-writable sub-trees * regtest: add another test that catches when privilege bits are set for special files * regtest: add test case for user owned symlinks * regtest: employ subuid and subgid feature in user namespace * regtest: add another test case that covers unknown user/group config * regtest: add another test that checks rejection of insecure mixed-owner paths * regtest: add test that checks for rejection of world-writable paths * regtest: add test for detection of unexpected parent directory ownership * regtest: add further helper functions, allow access to main instance * regtest: introduce some basic coloring support to improve readability * regtest: sort imports, another piece of rationale * regtest: add capability test case * regtest: improve error flagging of test cases and introduce warnings * regtest: support caps * regtest: add a couple of command line parameter test cases * regtest: add another test that checks whether the default profile works * regtests: add tests for correct application of local profiles * regtest: add further test cases that test correct profile application * regtest: simplify test implementation and readability * regtest: add helpers for permissions.d per package profiles * regtest: support read-only bind mounts, also bind-mount permissions repo * tests: introduce a regression test suite for chkstat- Update to version 20181224: * whitelist WMP (bsc#1161335) * Makefile: allow to build test version programmatically * chkstat: handle symlinks in final path elements correctly * add .gitignore for chkstat binary * faxq-helper: correct "secure" permission for trusted group (bsc#1157498) * fix syntax of paranoid profile- Update to version 20181224: * mariadb: settings for new auth_pam_tool (bsc#1160285) * chkstat: capability handling fixes (bsc#1161779) * chkstat: fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) * dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)Sync upstream SLE-15-SP1 branch with our SLE-15-SP1:Update package. Therefore remove all of the following patches which are now included in the tarball: - 0001-whitelisting-update-virtualbox.patch - 0002-consistency-between-profiles.patch 0003-var-run-postgresql.patch - 0004-var-cache-man.patch - 0005-singularity-starter-suid.patch - 0006-bsc1110797_amanda.patch - 0007-chkstat-fix-privesc-CVE-2019-3690.patch - 0008-squid-pinger-owner-fix-CVE-2019-3688.patch - 0009-chkstat-handle-missing-proc.patch - 0010-chkstat-capabilities-implicit-changes.patch Because of inconsistencies between the upstream branch and the package state the following previously missing changes are introduced by this update: - Update to version 20181117: * removed old entry for rmtab * Fixed typo in icinga2 whitelist entry- fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594, 0009-chkstat-handle-missing-proc.patch) - fix capability handling when doing multiple permission changes at once (bsc#1161779, 0010-chkstat-capabilities-implicit-changes.patch)- fix invalid free() when permfiles points to argv (bsc#1157198, changed 0007-chkstat-fix-privesc-CVE-2019-3690.patch)- fix /usr/sbin/pinger ownership to root:squid (bsc#1093414, CVE-2019-3688, 0008-squid-pinger-owner-fix-CVE-2019-3688.patch)- fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690, 0007-chkstat-fix-privesc-CVE-2019-3690.patch)- Updated permissons for amanda, added 0006-bsc1110797_amanda.patch (bsc#1110797)- Added ./0005-singularity-starter-suid.patch (bsc#1128598) New whitelisting for /usr/lib/singularity/bin/starter-suid- Added 0004-var-cache-man.patch. Removed entry for /var/cache/man. Conflicts with packaging and man:man is the better setting anyway (bsc#1133678)- Added 0001-whitelisting-update-virtualbox.patch (bsc#1120650) New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox - Added 0002-consistency-between-profiles.patch Ensure consistency of entries, otherwise switching between settings becomes problematic - Added 0003-var-run-postgresql.patch (bsc#1123886) Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve- Update to version 20181116: * zypper-plugin: new plugin to fix bsc#1114383 * singularity: remove dropped -suid binaries (bsc#1028304) * capability whitelisting: allow cap_net_bind_service for ns-slapd from 389-ds * setuid whitelisting: add fusermount3 (bsc#1111230) * setuid whitelisting: add authbind binary (bsc#1111251) * setuid whitelisting: add firejail binary (bsc#1059013) * setuid whitelisting: add lxc-user-nic (bsc#988348) * whitelisting: add smc-tools LD_PRELOAD library (bsc#1102956) * whitelisting: add spice-gtk usb helper setuid binary (bnc#1101420) * Fix wrong file path in help string * Capabilities for usage of Wireshark for non-root - remove 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: is now contained in tarball.- 0001-whitelisting-add-spice-gtk-usb-helper-setuid-binary-.patch: add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability.- Update to version 20180125: * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247) * make btmp root:utmp (bsc#1050467)- Update to version 20180115: * - polkit-default-privs: usbauth (bsc#1066877)- fillup is required for post, not pre installation- Cleanup spec file with spec-cleaner - Drop conditions/definitions related to old distros- Update to version 20171129: * permissions: adding gvfs (bsc#1065864) * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410 * Allow fping cap_net_raw (bsc#1047921)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to version 20171121: * - permissions: adding kwayland (bsc#1062182)- Update to version 20171106: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20171025: * Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)- Update to version 20170928: * Fix invalid syntax bsc#1048645 bsc#1060738- Update to version 20170927: * fix typos in manpages- Update to version 20170922: * Allow setuid root for singularity (group only) bsc#1028304- Update to version 20170913: * Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)- Update to version 20170906: * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764 * permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)- BuildIgnore group(trusted): we don't really care for this group in the buildroot and do not want to get system-users into the bootstrap cycle as we can avoid it.- Require: group(trusted), as we are handing it out to some unsuspecting binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)- Update to version 20170602: * make /etc/ppp owned by root:root. The group dialout usage is no longer used- Update to version 20160807: * suexec2 is a symlink, no need for permissions handling- Update to version 20160802: * list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282) * root:shadow 0755 for newuidmap/newgidmap- adding qemu-bridge-helper mode 04750 (bsc#988279)- Introduce _service to easier update the package. For simplicity, change the version from yyyy.mm.dd to yyyymmdd (which is eactly %cd in the _service defintion). Upgrading is no problem.- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)- permissions: adding gstreamer ptp file caps (bsc#960173)- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 - added missing / to the squid specific directories (bsc#950557)- adjusted radosgw to root:www mode 0750 (bsc#943471)- radosgw can get capability cap_bind_net_service (bsc#943471)- remove /usr/bin/get_printing_ticket; (bnc#906336)- Added iouyap capabilities (bnc#904060)- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093) - permissions: incorporating squid changes from bnc#891268 - hint that chkstat --system --set needs to be run after editing bnc#895647build79 16055301073bfae115ca92bdf3dc60ab2fa709f43832b112cf20181224-lp152.14.3.120181224-lp152.14.3.1debug.build-id3bfae115ca92bdf3dc60ab2fa709f43832b112cffae115ca92bdf3dc60ab2fa709f43832b112cf.debugusrbinchkstat-20181224-lp152.14.3.1.x86_64.debug/usr/lib//usr/lib/debug//usr/lib/debug/.build-id//usr/lib/debug/.build-id/3b//usr/lib/debug/usr//usr/lib/debug/usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15002/openSUSE_Leap_15.2_Update/3eb488a46785bebc2ccd039d1c7dafc2-permissions.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=3bfae115ca92bdf3dc60ab2fa709f43832b112cf, for GNU/Linux 3.2.0, with debug_info, not strippedP`_| MxEpermissions-debugsource(x86-64)20181224-lp152.14.3.1utf-8eb0c39e5e8dde00cec087a9ea24267deeb3d7c219d8cf4fa0b6ae2af121be6e7?7zXZ !t/[M] crt:bLL F4+~3 ;FsuD=itBEAo3KoOfX/G/S?-*YM?}! ^Q[PppXԬP=+Js ˒^ɩqoë<;r_4' Y\?%RR?{ lҚ#fz9~]Fs9i|6jQ*7/g[VO^x˛1k#\~0̫8ۼ{I.۰~``_6}KT0ƁpuջOşZ4ꥌڽqȸfzBslqWcˮ){ 9ŊH#0]iHQa&u̜5)H\o‡)Nn/5hXZ9K֘ԖG=(~%D])lxә"YvXdq.2%aJA;M8_X;s _\98j:3Th^@%~EcY,K9++'8E{a"a;Kw!.oVsAs[<մ#ҏ Mn,bs4,(|r7kFW(83 kyAP\#cd4 poar &(Fm"WHߝ-S̰XFlKX$ICSutTOtnkL%")YYګ\=>EXq;*9gtCi.G+~ J ʅ4pR3#wx̖Dn$s=s;+$f[z_ԟSY gM\0dmVnN ?sr=tm ɋwGl=^64 4Qq<TAVbB6ACBL^R0_~,bꩁ]D,(-I/Ձ J5G3l}Rxur铯:|S1 e~mV8,Fܟgt-O+{bs@i0*Ā؃ _"vGKjU+VS ܣ7Ĭ! _sm"y#EKy #? ہ_|^ؖXɡ⹔ֻ@ѢE#WO>,z;X-c3FL6Eԭ F@Sޅg&/²K=ed<4dJ s]C;%{nx\GϾ"gm3>77u. =N(;[KjmZd2-1m)24$?@]h6tjt+FW@hFt(ie3~8/ ԗe |ДdNgP!p%?#h.}bXQ֝Y{K![oiwP!WiMY9|7j5a/7ZO mû$Q%1LGV}VfvM@.1C`u)tFzٸ2+ŁDA$1wg(0jޅYG `y9/Cn ,chGc>{S`0HwQyXYɫd :*bJ̓SVgl;.MbDf@l"3EXk᷿ES̴{k'}2pCݫP LJAr+U{;4[mh{{{b/UY<wXK*f[e)[9Y{46 @54[HU*Xg()/`.pP| s_5-b:YE(9{ITQ 0/+] ͩvJcenf9M( $ΣJֺئ^>Fœq=R℈)5S`[qjHg-i_ Lk8K6QNholK)_ h3sL/m~9zq:`)ƅC@]8b\~Y#9JvіQdsB,TZ M{<QYtP?&x-װ¬`򾛽;]Cڮu"*QoWq,Q.UoM+d0K+Xm)0_p{m,32l `\^֩RTy4S*f;t]S.\n*) T`ɿY-]k~Ē3T|o>1|i_ U#,$RXRh~pQ ѹ7x<eF-L(+YNiBHd8- ޝuuHkvR?(DMG UV;9D'1M*CȽQL3~~P/rfOtw4o3)C7\\x>>0f l"8eh&="^~?+Zg[Et1dFYwKp5rAk\ =NNUO47g8/ !oB2—t=dmJS.3o)1,~Ooa*$ UN]545Ap2LMrg)m*YԦC:w67 4 QL'@l̾0.{WӟQVlD=궟70O_ONT85 &Wč0h,1FԦ &ݥ2s ᴖӅ*G.΁fc{d Z$ȱUTWۭ}ue_)~^$965u[Cqv+-=WǸwě6ModkO6R%jwmZ>ˇgxL;5.%ys@tvup|}~4ꇷԏ0GջdI{SǍ&f= 4.Ɯi--\5IIYX#&)W{ﺟ؏mi6:?8v Ȏ3@Eg^F幪ٙ]a> OW+`Z ]|YV֖w[Rn<^v?y(x_KK S{@1dnS6u2[rc?"4C *o| c|Aā1G6Olț]jZWo\@%@(??ZEVoq裩\C9Ji>M }X/Tjx59@b:S_jk]FF\R=(k5FB +| q), # yDԊ-?ĥ>-_%Ov8'L@FsbUL=v=[KnSkVl&8,/-WVx-(t}NXY6&nKj\!$Zgl[_蛢D`LKR[@PmP¼6Lj cW 8oS:@{JυNV#}@[?R꧚FgjUfvBB@8Whf_LNdacxmUy^@oQ0 znkp ;̈ /d7yfomsB4'L(CyЄm/+y Z5n. GsE`.Ŧ(%ѾcŽb-bSF`K?+faMC>9/qTz=~:6s*~2A=geG@%cǃ]\s ;Wd'\FwDvWhKh0%s92Cw~J|etnr ZXƸJPkWJQN£VhJ}_H8]j~uͧ[ ޖg7DZlzWO5])KkPUI gR,T|zN\QvęI}`ؓ"Y: ϖE[{ot OcF/o_h&%--0F.iNH i(-{(-xxBЅ }4'C;u2*~6lY8Ծpd&H?UljB4_=KG'@lcFn iZR"Դw1% kHMDTs. ;EuFUg|5̈́h>}%C@< ž6"ܱaIqkHL>F،׮qI5zY=$\iCEc&=wSWa:hoTaV+@1a=u}q8@$fy5@FhūahQ~O+bla `4?У>اz=::Ran*O+&+p2 <)H]XO4zv-ҀjY]u,e>Yઠ$w+E_vW-kw90'9P]U98~OQ+V'@/)xt)#я4޹ڢ|+\ 9^W+Sj'rp @<(j3Tkݔ@t PEsR(O-*`QHPm{`ݜc`X"ۻ?HxAFQڵJc"4 b( RK!eh7c?դm &e{ʋ0qJ~Lq.eKE^ &΄>eMgmؐjݰۊy(W"J8^SP*-MLw>ax0X< KIJ^Ô,V QKC0ϙlg7܏jM$OpeYW?~;Ւg]?leƓt,H6Zl~@!mQ)\CG~Bօ-6vxj4AV(CNJγG@73>EUQz¦7ZeAW!h9!NU?K?t,$|:L_ csW,^GB*}CC(zIU2{Z? ؆TLĒ{wtU2@x1!j"joJu0kW\=3X67#iv (W(k(G ;nY)l#?oudyʿ<pO99_pwcg&{jG$t?&229#!zxm@q4uvZKNVZܺTpbgwxkg>F轗| )Ysp .|]uӡVv'ـ_I­>XLRYAjșaa$э쩿KO\.CMqQtuqk J*=/_]eX{d\U \;O,T~OIr -4ș9P;ĄGݺIx_)ER̈́~i~̟ޟYɔ|n|%KcA7]f=?y(^- ɑaUhF7!π:-ϕ*gAw-,|4P/Q\L7vC뾝ҿ(E/S+ 2Iڥ5^_fz9}5J b/$]=DJm?;/aҬCw쎉+lX-&n= w}M߿yZHDw\~:u6@%[`q:Y !m7]Y7/K#[_MȏRGf^y"8Y;[]n,m=⇛L XlQjժ&BFa $H9X]AH#!aN(l('XdrjN/NO(3,kqπcYR"h` 0J8oMpA{@wOv=o<)y6w;WaFy}Ώ>δBQ.p |»t Zh J`Y:ď㯒||4'N p@?<å`Sܜ:x./xGe[|`'R Ԩ$L9ycO]qS[Q9Q<ɐ ![x6Hxa>$ \4 e ܾˀio%Q`-%;-ky\Uk4_Ea/Sd-Q9zs| ֎ZW8cfQq'@'1ƀO7?j;b)8Fsv gǹv'*0~/tU*H`-KVVzD6~7tM&B7)d˅ݛܢAExEzxE82 BZ : ;~~r*zkCGL-5& xe \+^mB)~^_[#&4l}wyR/S& }XXJw婹!̰rfyS(@UؤHIq{`O8,e,*AOi7.P)[<9j߮ %Վ/P?$'b>B\XU5&:cbцы^TBGShF$A7x\Hhzs#QXdk>>zeYn`u sYvdanK˗regԫ(#D$JÓBGO/,)B}l5!_ư4kcݢsE CѰ<7 낀Wy SgN^K>${P ҴU"IJjnd\R6;` eYҰwm[[=ʩ\FO7*yGW"?O@ܿWpfgB:ri&cC2zũ/߮d08ڤ֥ĐטRq67%PQS'lsɏƉ6E$82/GM}x,K¹OeڸT7$.b\'"X\g|S3dsyװުlcTc=>Y _[$qt݂Lu I\ |Ågv` ,R8JP”)oDڰ lƉMlJ1u/νyI5f4o#`XHJ;uߛiʨK,!E_Q>~=pqD{4HK|Y1 4[s 屣<& o;}vhKpPW*k5U09@cOD$z5vmBD? yT$~ <~TrJ&GdB;?n&XdzJnכ>F,{eK9e"04.-|e+¯c_F}էz*M$q_;Enyi9v9TK+Z͌"ߩR%y~Q esm,n P7Bt ފWb8ы卵cPxL)EiOZseگϋN^oa4RNd:G]g1r0Pb#r8l64boM^])-hx e9mriىGwvpw.$? :*D7(2W:ybiyKȲm)5{~ogh 5 vFnTT`1)<՜)_zOn6R GS Y(mLl?-ٻ#n} hrH80 sCI΂%Jj޾{+}{N oai֍gs9dTncʰ޹wV=܃˳T},;󹣗@9}Edzi/LrC,Ɲ㙤4$kpQ;DZ FlƵ\!8}I D BCFбf!ksra`Wݔ蘙z,JV`aBO!Iqz1`#xst4έUq$I=w82WνzQV%6'6Brvc{?8Q:|]ci%UǾAzZfxe-;4L)#.@H&->='^qgrFZ qtX(8M]KTsy|XyX{l M/KϑR۰WW@ DK@+🁻vVǫQt5HjXΠb>=YEeWkaV>'ExwSlR%QbܖiI9<߅ӛ]6+ں/]O|,8 |YGEЏ |%1l <aE*IgC~k:[x]ꏍM.?jz|Cָ۠|S'0 WF-14 K)JX$;e'pa%vQD>dÏԋ`y6 mN1/В&W#_H;tF6CE%n}?%fU}s`3Qj.6cif&ho;Vc73t,~1j5Z½Л5..aI ڢ/ {%2uC9VꥡcM d; |:>nڧ:k(7(p OwJMz:TMn+V̓Rrge%W"#,2@}Q'[<+Fnшc=0;4g\g2=PKכ+3ωTdP61c'*Cº0z48B,_t%y!A\KVbYKeLmKw:^k'YWx}#$c2%$d_DFd4'IB^mJxY 8%IUpII$'p9{Kkx6dXp(AN?:^(G >9ufp_{F$* ((/TֽZY,ǚR(@. n uEI1~tFBt  Ql& 7R*#ea8QkI[֭avgNz6%푩uA޳m/ LVQȜj;ϑ "K{k@/AN}w/"̂' M(1K[Q)C|>Չ؛X;Ģ9j0ck8Q턛<7ϓs^>xכ5J; In r򅛝kxzSvma^nU*& l} յm}{,wŎX4|(tS*oc{$U@I xnXDvV}߅aX = ݱ$5Q/+T7owuIc}*gjI[]Է5$;UɌq)Mȭ#};FãE$ k2EPs:>L:h?irz .GI0|^XUM+ IZi ԗ.R=/Jω4E[y5=[е+XC]-ИO)e4sPR 9w+iM7GZ QkKgCv#M7J c8pzWH|f_WS<^<(힌?``E:mEOGӅ3ǓmwCs9.Ce|_$]@s'!K3>d4{GD@5g3:J|ǫT}V{7ݛb#0FXd d~ 'a[8ϒg; <`΃ V19гJz; уU Qm]Wu>X9 `i%O+.:n @ӗ>-)zΟ+.jjG|IaLk$ްΚG90M =`ϖ!j9_Ri:,Ħ?#9ӎ0'.rG^Ck9R[`!!vop (QAX ?>p'ŠY3k" Gi;:G^XMw*wj-[T#4NEĝH2sɥ6^oc<˚Lg(<2:ptK A ;u֫Yj:eU" W5PT5LUJ ?o@).%'m&D9_٣3È.є$J0"Bss!W^fʼ҃xANIeZ%[ LYO]/̋oBa !y\ANsFU%quyU W6,noH3ig1VPj4S$xxe[ބ';`V0J߻Q47|m^!6 F%H.zy?C9[Y WWQўaՋgey#/' .Ot`Er=2#E)BV.,m7ad_!A2s 0,3qMw-n\LXU夽mv!Zi mZ`cIcP@7\l+KҨɊ>SN%EqX6tkjӵ$]iCem7SRR7 T`VeX#g9-3e .1_k XQ$κw|PxT ;lϭReXbZ:#T D;rw;;}=#T.67Y*xczN e5wLw5 p/MBIz5\+I}\{QOO_Lө^6pڹPrqq.^ؿC;^fëJȔzXWFTR -*Flfl3G&sC\\eNEh`*M\K~[:p坺( }Z)2R@ n{2S{rk8O,N$11ڔ dbߑL׌f7b@XzOmH5}uxVt$VZe6; P|IBH7=sgCqG(!paƝPo<`ca?bqEvUk #uN01rk[e+l9k}DcPAg㈆n)5o,u g4Y?zv{73jzQRݢ?N 'ɇS|T ErH!,9A6W WdtϜD䤆//Vs&7zn~J_\|qhzb/ !M<ҷ|l+w1&` O~/Sތ< z$7_Y0,{)x^[hQ6Uτ(#>b|VbDܢM>f}> 7𨒋Vﴱ~]hf;.tٗ NIVOC' q0;7̋ CVfUK]covdl"1q1d( \\O`3@>Ƈr^rD" ~ f#I}T.}#8tq]߄a@lѨyVP'(u#,P8|[7\8 bToLt$tć??봡!)vM{YN<`EsueU J?H(MAl6V_B5c:l,a8zD:oH$|\91cGW_4bLP\k/KxHܦk<=Lmx>f 5NU/[x:M:k{D-rvYʽHo!(,DcӸ0Wʎ=G]ŌN'X<Ţ42 t^bP!Ԕ@*]muWN3|4O?An) ڃ$5H(iEzXͧON %V{C=1s wq”S`W.O^SI#1wس5?}e܎S"x3*H~T?`YQ02ڈo{lq} 1tCg@Xnq/Uݟ !AH-b+CT7tm^Rz=]!!:wu!BOCj*O =ZxboR6zۛJۯ[>.@U l1=4k}(jhewPu&oSxXݠfN;Vv*\OX"`.( ZW:C4wOx3eN粸c>>Pqmv=mҎЪt=i jOA;v o/TH#ǿle]?SrO#&,PS?%XU,C6Kq~Xdty"93`(1bt PKVP.g6OݢyH:o䑃WfL1%}ĕ-t87:A@@pYO `O1 76$oZsĿU̴kd=ۗt6Ci;̉r>?4=qI|*eb~E:Wg0ϭLp]~mȞQڊIka$!@ǫkpV;2(1 vuBdVa$nNĝc#5S:!K_pk"W'A:Rz2G?~޶0r\`8ih}3Pcg];Йp1 ['~Yj9V]#vS>Cį#&,~/ Nm(6,$1(CrN!V/K\p3/~@BhH] F1 +D˕q w-$Ad5 @;KN Xh}AE"Tmni&<! *4O 1x(E6#u aw_4\GV2;][Wr%ܮ{w`7bh{f:ZŖW=XIQKkK1 b8ͩK8xIJgE6--B ae2!=.!\̏L B_G9Xx~(ENǴCMkDd\v=Wl=y0㩻+`d\ZYbE$yЅ %6&=d%sXGuMXOR 3 #GEpKr9S4ؽE}C ߷ݸ9"趱T,T+/[=2N,Q35X/!H֮ۍ&#y"R;2 GNj/27PD\0p~4r:?Ly:Sx61p3s5,ApƝn89ϲ( QP>YW +P/u~>ϐb xɿe,Aک0B[h).Xg3Bz#cn+Q$iS+Ye;]ޢ< Ġ'Mh)f#(q §d(m^^Ä#Fd7JdiO;٨W#Yi-TfP-oͰ