openCryptoki-devel-3.15.1-5.3.1 >  A `p9|Ɖ]D1ځ;,c 4Wc+,z%e9W58GT Ԡ5 ZcUo;\sM,Ye k! fisI_KjW4^sx]9We~VuY".eD5]?m0bUyOhL?ڛ|ډDuuj@3#lrBODhmM mw˾ҜIC"iyIWf0#-_Ȥ.D BdGa Tc39715ad5315d52b345e2ab7122eca02820964f1152c14bec4e79e0373eaee509d2459db4b833ed659dfc34e749693aa1d4561aa|`p9|d"S-pVDQ@K=^֊qaoNNt<DC|Z3yءY]Xu`1!}WF _ u1K4a[\Wkzˁl¢>ۦk*wKۜ }ɼ˞UUD|b(=,*e H u}n7^%|\33Čq~+lAiD!l mCϧRHW =S>p;H`?HPd " plp| %+4P ^ l   8h  8 (Y8`)9):)FE5GELHEhIEXEYE\E]E^FbFicGdGeGfGlGuGvGzGHHH HLCopenCryptoki-devel3.15.15.3.1Development files for openCryptoki, a PKCS#11 implementation for IBM hardwareThe PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).`˜s390zp35 SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Development/Languages/C and C++https://github.com/opencryptoki/opencryptokilinuxs390x)eSA큤AA`˙`˙`˙`˙`˙`˚`˚e066b8695e4d87dcc79a354c62672d32e19223ff94e5a72a57d852d3cbcdbf825cc82c642fc88043624667b341f75e8f6ff5ad66fda69626fde17dab9d521c1812cb16baf5ff8344392cc7a9ce280d2f63567f57cd21c2f944e2fe33596a0a593ab18aa2921a8bae752c9115888f219bd65c4bc0c884c01f84cc09662fdc5849rootrootrootrootrootrootrootrootrootrootrootrootrootrootopenCryptoki-3.15.1-5.3.1.src.rpmopenCryptoki-developenCryptoki-devel(s390-64)    glibc-devellibica-devellibopenssl-developenldap2-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)trousers-devel3.0.4-14.6.0-14.0-15.2-14.14.1``Ȗ@`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@mpost@suse.commpost@suse.commpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch- Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976)- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macros390zp35 16250827803.15.1-5.3.13.15.1-5.3.1opencryptokiapiclient.hec_curves.hpkcs11.hpkcs11types.hopencryptokistdll/usr/include//usr/include/opencryptoki//usr/lib64//usr/lib64/opencryptoki/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20239/SUSE_SLE-15-SP3_Update/135073519934fead44a8166b11b98b56-openCryptoki.SUSE_SLE-15-SP3_Updatecpioxz5s390x-suse-linuxdirectoryC source, ASCII textYQ5c Zutf-8a6adea0232f5243a46e68fec59b62d40f74dd9c9247e596345c3d2cedb899055?P7zXZ !t/ᔏ8] crt:bLL Nn eslPo{&) qd0dEԏ>ҵ&lT!K!8bB6hZ̆.q?V4I_PSB}k 0;R3iH𫜳z&.e ` ٤ʁ⏰VN4!sIk9^WlIBv%-P@&)s_0)$ca01U=Aɐirh@)DA<"fn^Qx}eB>b bϐ0Wv']mMvGKՁ_q&hZVDn7^Y^2E\حFD5+\_y`$;F_٢\OeԼ%H0CUPoy03 /%<'\\`}X2/76m̔Vl!EʥTm-s[#L[JaѪ+6'(IewF 74N٫M"Nە <F-^->I$ FǂHTV@kғZn0-B^i¢0&`k \O*07D55ej1?%[jz7fa=NIe! CkM҆caڸX( EI5jOQf3&liXdLK:YCX i~-eaiW |X%VOw|C"{) IA9ŦnG) Xܴ4׸{ƄOdY~JG9;s"5JoJLpmx֐eޟ=F‘y؀83׶T)62ơ7j?80/ǾS&h) ~?D7/!}iGGP"@`E+sH x+Ey+/Uro}`4'YpZW_o\f+kFSRO vkF\{\ )d(5,퀡[6 I&0?ϭߥJ`^rw3N@[]i44}=&f7P3ﭲ߃R-:ѢKQ+/K=$?C2m[hB@l`1\֬$ 'w7aMU3F8^ [ L vTvX)4Q *I䍷sPz׋(ںmMOό`@8j0#* TH˕ؔW1X\.|STrяUdIY|t`0jx+K|[P;UvgLY%*.[.cA$"؂#:?̴,R̔r 땾L"@s@7>UYFZ}['.^Fi&KSډ~ZMLa79aqG/ ؞OldW **=~oTv&a &G'p  44J+jbݻ?R2'UƺvqcRz;@R棝:8>uoB H WR}3Ԁ`Q亲Wo-DJ f$%+^[w:4ADِMSDDz}I$bA?7=ˉƃhogRT_T̊zZE/p7,)'hLS= (C]uR<(:P4N^y0c~5I#N}rR`+MsZ=j+8 Eevh:-P6)H4۫er˳UsT*q#LIƣ{oZ{(ɩlSbT%[J>Q6E9Uta JlĴ8$wqqkx)bfޤsi8:kBҕ{]SePluY߈ sak@qGg4Rhq,>gRK?{2%Sj2ߠ)&x29AMNa j~h U[Q|p/$ $)cf\'%ڗKޤPTq&F M7Ҷ.+m6(y[(/S1C^Em?*m1b$gUzJRIXŧܔ"6AZG@ߠg46 cÛu%dc7 yMEqB.Bz# YO5BAدʾo$A),B,WAk_713Ż >9Ѯ5LNgɟ 2qBvAർ!cw10 l"4m8})ӆ=oG(pRHt-cxLmEb y~4#be ,E~vLTy ̜ZL( |=7ͪ4f5z90׍{ӒLi4-DTԖSXjj[z 識N=H숺$#7ǝѩ߬tY,!Dz؎=kZB?щgR-M*/xF:=1o>IN"\Sk[98<􁃹:y2BT,ʚI@/"vZ'< . Wv;<]f73/ZMA!):tS?"K6 l8лϙϺOBMQ-p'mGK+{:!5mr7JJrSvo9GL r«wȪr ٌH|/9@bw07#;ǃ:G[fyHiGU7_\"͍~P=yxEàPj;V50dӂ ]nhW64~؜ ba|isy4={# D G~~CEeǙK2 |9ӕXApC+U #6&*>zdZKLBW+Y =7ӿ٭pI⌗R?:tXgKr DK%$bLg\oKBVb8j2U⎶$(Ƌj?`Nf/ 3$8]4WlCL +W>\dNA== 0ޫ˕N@=#/)?kjO!ϋ3 ZU,lshzt1z+Tdb`a6+AM^K j $ p+ S%780Pջ۽7Ac%Bmooz.~krGtumh8Y'Qm48%͞g+/늻PD(cafpZ_xwĖ\5c[zPrƗ[.=鷔Y}#gt6g-֩XuZ3ʠZYFPxigWy񇇜gE!O ?mܝe)b qVYoQ $Le!/.h3h *H|+R@Ыn"yl@~x:E4gn;O {NE+kƙBtaOe+5oZE`\7b47fy5+8cNmnc*&I~*"@3N7^9 n:YI u}7hNۗK,D )7񈌨U-RO-㠅Grb>*'ZW,k^KfNMq±@ѩc=P` h@oZe"3j\N-. HgfcMY'dF (jkk"/}cM|-mN /!|zBAr L#lm mb7esmZZN %pܠai^ㅕui]SE xEIΏ;r"{W{VCłۚZ'#Xg3z~Los=;3.q0o)C:[,>+w .nm(ׄ^T!zX !\0$h^Jj&ӟr._Hޮ,6,@ky@l H|uܡ3}crf j gRv%h#94 zNhyDِF0Ij^YL##ܛOނ-זȡ`x8s{ש!f_26ͯ.1^iJYT[7l6kOCUkO!Pź`mݰry#gse%z4ޤ b\Q3# E:qA|^~`aG|ɒw7bDV*<>ii7/19ooj2^~*Irw/ i Mus;8Y`99G|AƎSl `ywANNQho- 6M 3:-.E9C] P8vGMf^:$ j`[Ӝ!8hNUL0;12&dn&Mkz֌J>/ FA1̿?ct%xSϧx#Gs`*oƟٟNp)rAta Fe>3' JՖN] ўXJ y&~g2BsYQq|ۡw-2q'GATH@NzY˸zj%A蜼 a{ʳvΔU`WN~>wl{4Edc ĔCa1>wA&e8?4 kKmJ)4Z$ZB(1nB؆ ==Tl*Gs(4(VփbŴdl2]>DüA|_FW bp ,&IPS/{C;*˜8 5ޒɘ3Z4]aq^a7ǬP] Noc2g2'!j\#vu+18!AGXZw O}3mL!rTCOG' 9HW`XL w\:Gby-dGc(9ٲs/kr^JȂ[PYw3M0=8ۭwa_5#i;5J:I@ 1jz7h\Cw=kiڃY-"깼xI%\V@UCJW[V̷).z6ͫQ}=X,hUIQ!0 )"fͻT;L˺Xj\Zޠ4|X {Cְh,9Ȉjeuhx E)) eqnJ^t X,Ѣ'hܣ e@* p8$^p~:XJ,_Rj%t[k\'8 1KE:#A@/3X_aOޑal' r,e~s Y+V8fZ+"g"h/J䄍Urv$r>!dp ~<6X}B͞ÇB&W#6}J8GO.#R+`YCxx*>xt$w²̳/1i=|8#ozMځ}.<,Cnu]KD", E ז7*@YUd i9[M0}eɾFo~`4Ĵqޣ/J6Kt"fmCh\d#QD}0>t0V1o$ñӚH@hM-](єUʇ]9<|wد 5Ll4#dƁ5xscX7vg"<%b~~[Պej.Nwը0B|lxcBD,L1W*@RYa"pineOك~Ч~ÏFik1zFV4\‰l4鏃Fo6tEK+^KgגD$ĩ^ȬcHBA~?.dW]Xbc+8,A1ٜGL3U@3^x@+@@o! }܁i_(8gCdY4ZX"#")f˱jlߘ8p (wS.dD0"riw/]f y男iiɑ8->DWE o4YD'BF.7'"o涄UJӧϝt5xYi֎`Ƌbc} \`®V++(.#Z^9S In~4~8D]iT i1@G3e֩4ڒ5<{Ox?))$u%r;sWhW@_Ar4]XEIfYܿ d"{UB.YL_9m*y'ATj(7&t,"^.\w щ-۱@1-%{TEi'$|c-~r pֺ)D>:!ƟMO爅LCFK<\SG X)[)MwVz,g7*^FWѴ%Dݦ8G "{{/l o@e=> ,bjAٞj5@,+ڐqWOW6wwx|:o].gK.Z^f%ʗؐ?Xn{kv{=<Ҟ\ %pJn23L]lwg'w1cqe_$ulK%x/XFm,5}v19̠\̓]\/ֹ;L/:Kqe"^2Z7 &!0^| VMR*?[vv1.gP }lT񒨸?@35/|ҒNb-"x^ə /v/QasC&J2-P&RL] TK|\% ;<'J?N{.R|m?}j^kNc@緄- ޫsx3VBkgq@^z@#$b aV-pN{jȊiQ4zd$.c#[>(>9BF{jJr[kn:dC<|wGP 0?yuD.<(P!P6KgqA[ .?Zc % s I-+JNMt}I j7(mI@-! U+I^~q%^Be]mq77\dF=a 'u Ma8tK AZ+,@B/2ZJ^Z5;de௩19n ~gdsB@پk;nʕ[)Fd/w> o<%| Y/SH /ǥ9_EŃR<_]plJ0{LsvlI]_ܛ5HJ5Utݴvq;] SR)-uJd\Pi^Sw~Lu]glfMW%$1fc#;!E߽6 )Fg!^]Fw+s W>(;, `-/"\2۞!kEk~mvӜQ}X1=_wPKUTP.o7v}W^ oWnM^ 95Vk$sڇ֠ťSҒ;+vHݛ_4@IhGO䈩FҤF>,'q5RG$xP92[ݏ@wu]|j FX>7nk!'r`mg[@0e7o؄KyM( U~Ǖٚ#T>`zjBN|#9*A2Ucgl_-3ZXۭd7öJxב69kbQ+"+6@M'~nYE(>14aBh.˳klQ1#M`89>LX~ԃu%lY`?\˂;vg8X4(&=W'TJ~n޷/օW͋Q~Su t.Z:ʟ7bە$dg&ojPG[GJk "J%&?/x7 E>s)>c?gޣԈ $rBa+0[9ӔE@n}8C쨹v~<TTt\ v{~;~3U\{Z 9󶍍87ՙΣ(iiWZvZ{Hel\,"ǽLx5,PRg`7d7/r䤞vd1oU^G{e iRSaϴMKtmѰz,䇿6t]sbقe"9\oC#_-^\iZ "cQ\5QU~;Ȥ }St7J תG"\5 ;js±:E|KM A`[%iޚ0 feH=s?o~YPZ^ u, HFf9dOC p7uGm }(lgzߟa$T _JN*eZęIJ_#c~#Q{G 'h c2fHq7m9癀, Tרj4/ᄉKAlRL80 A iԼ7 T$i Tԃ? ;lXsX%g{labHc+γAVH!\R b]ZY;[4~)rQv*yأ?qj8{X{8$a8dz{ot0dz^g_0zεR¡ KjvA(&ѱeF`ҹ3{X+%S#PkdSbm#-(\CC\D~t٩yB@X>+ī"{AaVrNPV2*Hd}')ٻҳnn)uFZ'12!F-5q=:<T9 +n!J ]^K{nvooc;[ƚ+tmL1J-:' Y ZںN*Q?n^5$PwGtET@ pO1Iq ԆxV†x)-)F4䖣\ϒMEi]x~dD.gYFf&}4calL|6 %8x*p1GSLή_scXb+6GKyS5,pX7\W_ѷhn Nv"(]6(Rpl Ee$N)auD,2QIxQ!EGh>-[W1!4"#%r(~eNh}uj]l۠ld蠚DMw7s)!D['\.-RNrWR}FY3AdU4$#N9$`2`ω풛)t6ň4L78\E-O5ִ)>%!#gJȐ);j9B)3hf㐟OU/a3})q  }Ux I1bY$ 0(Ѹ=_XgBʞ i!*Ья\T5shá1^֤+>]Y f*㔉dο1jM2+CI{LZβLAj`Dvo&7 f9R"״f1UA[">y1^]Xz(XHqK-)U::C:Ӕ JrRlbU3| T [hc\7UbʃZdkO>R2,Iנ½YͥYqۗrՆU2F60I0h\}0L0Wu@2K MVzn$|wp[ 38E=]JpI=ͯTPҔlp֥sǶO߻V(~h WjI609NCz? #{'3p=YdY wƆLsco7cO",puX ptDآ֨^:̋i$S]RdW.- T6D ;XT4Qݩ5&4 tlvA/w~(σK{yv~O7X祮A/ي-x/WJj(˟ O!v)tePіR?0Da;S'Ԉnjpxm .1J[7]佑߰@A/u]B>xC Zu;w6=|O y)oH{ ^kNn<ʶ>v5[nB53eӍg~F~GS?H.5^.xtKSAQP]?aӚ;Clbx,lǢhR59H K6yD)][늣vatbi['Ɗ Zl⨯e:Y;#b1!LxUBnf{'&KP uT<,p>9~Kď^/K9T.fKgl3w{:ްn|s2vn]}|D}'ENq ?\YtV%(f"T:(dlY| bT6IO<`n/H{S]y/& 2h ,3h3{hUs~Lxz+{0y|=cKq%EP}h Ų&<]&vKڌFЄ^ {<YZms8*W:¹aAƫZ14[N?FE2`NOX&\ ?ڒ)@k=pLЫI'  c9gZ_|)aȀByzCI(HѺX)i" YI8^ ,JXo: t$s3ca4} DK31n޳őu@N 5R续h+U5ONX͠j VEik?g %b߭# U5mA2S>om]vt؀Fڍ7PzTfSeKZhJ.`ZV`ƥ6qfR<̂g*^xgnX+e(_b5WE"u qS[4tPy)LP*f_ϦyEyMHi6ҋԊrMg\!!N"ؒw!M5F\kd+u)g ~ t 7xT*ExEBTRUDV2L8Y8E$4F[#pDž YZ