openCryptoki-devel-3.15.1-5.3.1 >  A `Bp9|+FA ¦/*]dn 'A1'f4M&T<nUÃ6ÂKfF!?/g _´p]̓;aDx  dFn6)r_4j?:DpfWv1g,uqWb*l3@ȑ%`'d2k&aD^aNj'l&& _hJ?^q.);+G9(,C%JRZ|PE",E n96639a42bcd5604f166c7409bd3d2df2db3d99975a498bfac026b6ce123c8b7ed8c79bea393b86754a918f2bd57d38f4f9d4630dp`Bp9|2HbV~ ~ _e~4t~C!3D|ĝ9} kÙը)n#qr Ia`ք3k3}&lkmr?e6v]tlҏ|i{ (Bxo+_8O"j8 Af@&'CНGk#FIl!WmACK]8xh=Bu H\K8ܷ Kcupi4pgoD vѳﺜlpn>p;Hd?HTd " plp -3<X f t   $@p/(O8X)9):)FE-GELHEhIEXEYE\E]E^FbFicGdGeGfGlGuGvGzGHHHHPCopenCryptoki-devel3.15.15.3.1Development files for openCryptoki, a PKCS#11 implementation for IBM hardwareThe PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).` ibs-lx2160ardb-1 SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Development/Languages/C and C++https://github.com/opencryptoki/opencryptokilinuxaarch64)eSA큤AA```````e066b8695e4d87dcc79a354c62672d32e19223ff94e5a72a57d852d3cbcdbf825cc82c642fc88043624667b341f75e8f6ff5ad66fda69626fde17dab9d521c1812cb16baf5ff8344392cc7a9ce280d2f63567f57cd21c2f944e2fe33596a0a593ab18aa2921a8bae752c9115888f219bd65c4bc0c884c01f84cc09662fdc5849rootrootrootrootrootrootrootrootrootrootrootrootrootrootopenCryptoki-3.15.1-5.3.1.src.rpmopenCryptoki-developenCryptoki-devel(aarch-64)    glibc-devellibopenssl-developenldap2-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)trousers-devel3.0.4-14.6.0-14.0-15.2-14.14.1``Ȗ@`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@mpost@suse.commpost@suse.commpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch- Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976)- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macroibs-lx2160ardb-1 16250826363.15.1-5.3.13.15.1-5.3.1opencryptokiapiclient.hec_curves.hpkcs11.hpkcs11types.hopencryptokistdll/usr/include//usr/include/opencryptoki//usr/lib64//usr/lib64/opencryptoki/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20239/SUSE_SLE-15-SP3_Update/135073519934fead44a8166b11b98b56-openCryptoki.SUSE_SLE-15-SP3_Updatecpioxz5aarch64-suse-linuxdirectoryC source, ASCII text;B.G"autf-83bf4f51d695bc3cf772e206a90ff208ec4483b1edbc47deef88aaa90df814226?P7zXZ !t/ᔏ7] crt:bLL Nn OpUT/\RMv qa%&.:tlxJdG+=5lT#T s{Un)E WZ"֊$k>96&6EϋXf3'FhpPR_*>eGS=m;>*"z BUôK']Cw1*W#k{1!QY Q,-rRf~hI=#iҬa=C"ŕ`R.P+rW~5|dR^ ~"L@l֭1 $fIp19aN.)wϥ,!$|2լ; t]0=?N{,RQHN={h-׼Y;ӅV Fg@Vc)a2c>IV*jE@Ec3A0&Y9Z[_6.tArBe7G kR jrO3mc١cR˝e 7HNHn瓖z;lKyѩj#ӂl/av14 '숟3)1;rm:.ֽ#FtYxXЫ^iMI`X:P}"5lE l MNy~<öȚ)gs<y ?0} H4R/| 5l>V7,{5E[s옻F!!' KΌբYt0AuEY j\@$K1kh1h[VTY(R4+4*}Xb}LA9Ԟ#qXOHǁr3SoyrW6΢_"N3Kn?\Ku:KϬ] J0LҊ) 6Uu0;Axq*xlLJ+vL]e`L m5:'tGb 2R6T&Q8of!rS5U]=Ym,d=(}r@gNX2䚞$xy(vuCqGcEX@fzk+&C܈\HJn |篆-3w0݃nҒ>~G*]0Ʃ0t#t1Qg11ҋ) kDB)VQx=j{1f$I1҉ _%9\ٷSak94 V}>OUGRv djrV+[e^ԛk_f0B$ϱXL@ڼ ?p@Q%0-I湓S7o4p"Iip[:*-Ҁ9puzZ4?/]>op2^e9[bgELhdZ}g) g8 4iTlpHb&~O@V19%@(F} QcD6Cl3S8IJZeAn2$^%8xk)&t%+'9SBkT;Wr4&2U25&{`SBH-- ?)sG6So:/PT)Yb iJC{$_xH3,Nf1Qv[ [\^Rdna/ Ia` vWVٞ؄TES8D#,xzl?hG,P x͗cwhC6ٟOoJOy^ D|@:/ `>5%u~`ިw&KDF/GnὙ %>uhQ=:>pOm\y,h,ǦzCr%ͽ[ЍƾflÜXcwu.E{tƒ ai_2*(MAO EvLW PaOS!h€^`*|<0OGPB*v1睃uOmo#z_3Q4OT6ja l;v߂ ]J>}u7զ=RX"F6;Ҋnt4N%ٸa* /':Sdpf| P/r,ՈskZ\OY\OnL0UF2xc(YQ`HcRr @_\;& h)>h^ κ_M.mp 2qߚFQ1$0r.'.H+"}ʨQ?hjua>D:jH 1Zޓsd};|p9C6_ B`ُYm" Rptt[}H)ԎW쐈fo]> -!FYOJ_!A`ƺ!B,YŖK3i41L@̈́M?l\3a'>&m}17b.Uk<ްE!yPɖ? :w.p+9/ o"X3RJ@Y791P1IOAhֹ0! đ솭r@7oflq ?I.|mRBucN`+{-eoJ^`˒Q #{~klʜ[{t,P֋6w )f8!l؜sQi9,OC%ABnCuŘz҅ou ΐٜSdKrrܞ ~27{DDM Zp#t9t+bQ9 R YW>WMðd$9u~$Jx8 dmZwhn TWն4"rտR껤6]BHC6pDMŋ:uJqSȀeˉ[Đ*Xb=a"}}yiv'zuc3J]< p`=BCn~f|2^ '+ "_Wuu8uBNeG7;#;.FQos&6,j(VM,S0Wv"<{^OC#F3E̳ȇ#a $w0F%DR[PjbSd r9'>,1nzzM seN)eW} TR(5m0# ^3S˨.U޶b(af,m]9x!K9efe׮z,8j{vEmruZ[At~o9*$g}2osW)ɆP*!QsZD7t wxChݫ:}o p:}.Q*|i qf',E0O:4y3 [taВ'@p> z?VPa[OhFenWr&Wɣn}xRkEo v=8][ <慛ي3 A91UŚz ~ Pο` +T8{H7'e`X@5iZ^1$6ۢ!+\J+(U?~n E/Z,(!Ͼ\(B(F")q_ጌOF8Mlruh#:hZۮMhA8*+J0)݀b6U',ae؄6X|{ 6<rP}H\MH`*Jl[3EOse4[8&A=pY靫CRvʌ-;21 @КǙ*2*Z뚋%%/#4?s6 -6n6V"n28 mGF@{4g]_q uL}]K/GWn|elіcB2lwlLrV:B>/bӨBx^SKiŠ)=fI%?Z/.'8b~cOZ_̡C1 [|{')Rŕ9%S6Υ-ysq1}roYHL`f0H[T_o:\[&kzHe,}ܹ @LaTg J!P5M'DqSj$"3>jwLo>NΈ*kбu!X$#}A̞S^QǚG匒j̷ˬړml)1qHag]atd|D]kOWˌ!x1 q;gD}u Cb]0o@6h!3R r@c1~coqlބ5͢H/q6yafj)ϋaNpn۵M(-$|y9 =mRߥ߰jkHϧN4SZm9(hIUU^_R!Nv3TzQ㶅K5[ikN#.ݢ31MOΎ f#xj fJnbUDTAM(U_ !>h㑃(gkMg)D1il&2GJQ~,xVODvthlwki$CU&Rɨ4K 19Fڗ呖2*gNGOeR.C\}oaH'v:@76h6h-L=lĬ%@q 5SGK#.P*2caKOhۨIT{6/1E=b;V̇FuV^&3vt؅Y$^0מE4; (Wg삍Dbf 158㵿R~ ҇QѷSMGFǘDw߿<fX{e+`GGiy"ZՁ#sVcl^Y\p5bq WM+D{  ࿚_B.m,d-Ew $箑("r+]Fݥ1YdHSE|mm`z \zqkdXkI/6:MВApm(ֽjKTێ_gtc=2!OaS&ZSii^ :mv2l=?ompY 'z&Zl?(˾,ziOr*^]zc(B})y6ԜK :w‹ś('9 .=bH ]V &u"|6Z&lf`|@RN?$"660ItaAĭ{:(;E{u%)tg$mVK_wesΧs/Yr LJ]h]nmU|}`;=> T:%S0ڝ)|}{XO!flY0 v<& ALLz#s:;A9lϱ6"f& k,q^0/al֐rִ?Ș׮';Q!ѱA5@(*#^@wOd(PJ"Qvh%`s۹JMyi}@<9^xѬZ( 3f6f5ܤ,1*"-=petd`^h [" %ћGu!MQ?V 2(Ey`>xߛ[xq1l9b~ni3d${|e eW=eV @䅅P$ d3,C^d8ﴐ}vt:tZ Ϗf0biʷcpbA:(cTSϿ^! Y'H=gtliխہ'/sG$uR ;u{^_ A;I24X\Q9e! qN,/9}ՃY Ra[*)BkmΗ#Ns[~#X#d)DZ Ѡ ZXVkhn֞]*P<离m@ 8tR;FUm`t<5TrZmq'[u響HhBZQI9y,$E>s'S?ۻҡȝ;C1 qeBH# B@Չշ.WoT FN'aFm@5"GpPܺ?HCQI%!R|*/I%bEPdeb@"Fc[MjY<(&0C⼕.f=0SalMgl{\oդ$D8DIRHVyqk]1wH{kkL6}2WC`U9/\bsiB?4p.r2{X,H Lα 3νY&G1$sPr?N+b`x0msؤ s;l-{"F:2}H$>cuq3V2O^Si=9B]N>5tA}E%G oO.nz6I:^r A}W[u)Gkz067߮/5}ҰS^:.h2#L'Աm]ɋfъbȸ%&SR bN zZ&@1} `39cbhd Di~H̀ubpڠ)~N=ho߂hhdG_S0w.$)|p;!^FIVyP=z rL١؋Nw,Z"DW1EOD(dt6*n`9hQ ߲w;9jִd1wz>]h/SϟA$gJS|\"Q6%+x} )B.3fm%aО*yt)q7l}͞|l8EeE2dsz!#n@qͲ{}Lѝ]C!sl g"4D;>+<}o|eȯ.ϕv.T̑ U±@CzHU >U0ݘs# m9 "tJIPziE!Bd"h\,su3ԶU'Y^<Q8^z菁[c7!m &Nߴ;Kg!N^R_77c9+X<(+@E<;(YDhغ҈cϺ_O?ME#=őӓC]8u]7qsz1N=zFOŕaFC.EÄ=G1"@nKP:(0G`D\T]j rpb,{1)yvZV5[NSreܽjEg;cS0h1jk|kǴ(dz%6&VUwFi5={p M@kE#/]_=$Gvߑ4=gP.Vh4u4 gl-5`q-*^8y4ac ~>aX͕WC'rR,nZ,>tvE.L5F>#H LtM!Nv=ܦ? 9(vYS*=QQQaTh;^3&Q> k۝H>1@&FaH67V} Tx&4%?0 ~x!kH;nL zEx(=q;$$>L)R-FJ?6>-] %, ;4[E0;:^Y-,T(+в]2!C ù!'/Ԛ|(O;-[8OC xcB;ĉP&cxBzf?QX֠ GƑ2L=\GyoSoHp2$ddkEf vlh :b, I/dS!8wfU 2XYI]],U+D/MRgj oÇa HnDbD:4wE.]"60b?d\%b6ѨiF8y; |'"_7@:AOc&9{V I:G$V.:JN*P7X:Yd3 /Exnŷ_~Yp!r`MYX8&$*HlmuX"|&Cgafnaoܔ1D\GH̹fO]SB$sv#tyP.|nCR=#Syj_$Ѱ&֋i {Zeoc+gWeGK}dX QݢVм=|b"hS!=g`^'g`&?UC5nֈI5)eV|fԸVowX]pHu-'I(: uj);<`x/J4`uOXi+/%9XڇIgCu^Pqn,|"]1v,G'ITI(^ ~IxuEPV?k>Zm?KV^yŶ]:8ӀYYY6h2)%$O`aDdQ̵0L^n`v6æZ]2$]T_o C'|F^L)LRN-$nbJ375tRWy!+}Aj8') |g2Jr5Ķ@r_.:b8NيK^QOzTTƌ/ ]znI42 k,,lsԍ9~zŒ֨VشFA ٚC3rU{&gXwfd:yb0He%R;pLx-nF.q149V}l|l A:>߱̉hyV{m|K?ᴨ-NM-0}小|Hx$IJPw|JU7gތaI/oε(m{m,{]DؑHBc'vET@bfI1?Jҝux,q0mM^ O)\Z4Ϥ `x K&p-ۊ-pͥV>6n%hpHŜfRuXd}Q$? ~_QrIv'APߟ NE${޴t7c }SRd7g;]]ԟ˛]t%oCLΉ%xDk­70RSj}8 PNe!SZ w{KX"&@鲝8}{pr \VؕVa߯sɷ@'Y{UzӄsƎ܋ZG&j,}I-;}|P8goڀwN[kQS[._^O8pN YZ