openCryptoki-devel-3.15.1-5.3.1 >  A `p9|BM?`쳗 ˽ ){{u LB 4F\SL[s握U G1>D#.>PYcka@@PUz$c{dU8\i@~Pt Pw+4pIUӢ (Fe~ɍn~xQJOx'& wC`2xo#zL|MӺ{VLJ K, #'fG[+:,[niC'|?&1ڥƕAIx:Ć78e5aaaef9c38f93284918b47c083afae9d02aff5a1f9d10ffc4f0e9c915df7ac56638faca55491e8f2eb659781348404b80ae4eX`p9|/YZ7B؂=$k,?["ul7[w͑H/*|,}=%+ s VnwmuF:}yGnPz-_Rv5:}G3YƏ;ӯ|J6 5bH&xvy HNԒi;=Up;HL?H<d " plpx| !'0L Z h   4d#(C8L)9):)FE!GE4HEPIElXEtYE|\E]E^FbFQcFdGeGfGlGuGvGzGGGGH8CopenCryptoki-devel3.15.15.3.1Development files for openCryptoki, a PKCS#11 implementation for IBM hardwareThe PKCS#11 version 2.01 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic co-processor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).`ʻsheep01 SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Development/Languages/C and C++https://github.com/opencryptoki/opencryptokilinuxx86_64)eSA큤AA`ʸ`ʸ`ʸ`ʸ`ʸ`ʸ`ʸe066b8695e4d87dcc79a354c62672d32e19223ff94e5a72a57d852d3cbcdbf825cc82c642fc88043624667b341f75e8f6ff5ad66fda69626fde17dab9d521c1812cb16baf5ff8344392cc7a9ce280d2f63567f57cd21c2f944e2fe33596a0a593ab18aa2921a8bae752c9115888f219bd65c4bc0c884c01f84cc09662fdc5849rootrootrootrootrootrootrootrootrootrootrootrootrootrootopenCryptoki-3.15.1-5.3.1.src.rpmopenCryptoki-developenCryptoki-devel(x86-64)    glibc-devellibopenssl-developenldap2-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)trousers-devel3.0.4-14.6.0-14.0-15.2-14.14.1``Ȗ@`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@mpost@suse.commpost@suse.commpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch- Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976)- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macrosheep01 16250825553.15.1-5.3.13.15.1-5.3.1opencryptokiapiclient.hec_curves.hpkcs11.hpkcs11types.hopencryptokistdll/usr/include//usr/include/opencryptoki//usr/lib64//usr/lib64/opencryptoki/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:20239/SUSE_SLE-15-SP3_Update/135073519934fead44a8166b11b98b56-openCryptoki.SUSE_SLE-15-SP3_Updatecpioxz5x86_64-suse-linuxdirectoryC source, ASCII textdmdSHgbyutf-8083dce2e34524aeb411fb3233ca7ea62c7b837d8d04df33afab81d2c67549fdc?P7zXZ !t/ᔏ7] crt:bLL NnPJ(Mhzu,(:խde8I2k nB}Z Qa+PI3'̬m; 75q%pF< z?w+N'at]pPITJL61굵E8|]?vMpGiޠޅޖPf ȬAمmE8Jc] a-J7{JÕOrK/dU84UԾ]o[}taeMqWmKWA /j=*{pteב/bo$7O;F@\)Ir|8 (QLeO0@.Uj5^&BO,j&A) 3EkKd4z3a/9#uA/.e7)ϜRm uX;E^չ}hDeC[eMԍ!B$L5Fl(G,c\98[aW5%]Ԙ]֠(HBhpsw,n s%HDvdaKZOn;&lj6'D\/x3BKDV0p#*Ī8K^M JR ]COO6zҖN`kphmDQr 7n7q= x-Lb#Xgq?NHLK٠X z$ ?hkH^oK4E9+UBW #AXEWԠ,DK[lM1W[Ä)WOؙŢRѶg Ġe3ibU[?r~lW.t(ݵ <ߟ !lH@t Pip;!#x@91Tp /`7ZIUEovVC^ XFzA"۾;UOZ=d#{[rd9˻t2!\sAs\ dX?/Pht+ȉ4VO'nR yPdkL͈a+Ңye`vsWjУ,QQ݌Mz ʲhex5ak]8Z~ "3]z<:wڶd7G½J@^l>iTNQ"DT@IB˥$ɾ=j6|㚌5g? sv*[uN#̘DH@1zXu-QKL#ˏdӸ8ead`N0Q&q8j0"xKcGA&[ ֢P@ ^bm_)HM V|GT q5-Npi@D⑘lynE!>ow~4 Yf3F&aFXPKU=KɾZ#6+B7w6-z/ M$ rwP)XW^fM淎2ceiMIFHTGqP3Jx*Hap0yr:ekXcE&kbd>93sthJY|DzbΝVOcB+uF']REyeCS)J#sR lN`C k/ l['R6T[я졷rZF*{qÄ>Q26 <*DN]φ"Un=ȴe$WG O8ȳ7Y<Ś4' R6q$͏o~L&x_h}TÕ;㬚T D›Ԍr7+؜;o:q@e$wjg Ir5{cQȝاXc+hB@E^ N$d1xjd.C)z)ZUTD6+6פm".GӬ]*k/Zs3&rw k<*}DKjE0d69LHUA+2D_|ҍeytՔy{!1툓,R}9xƳe _2}nGʧ$͂ W;8CsP:[?F$Ox@)C y$,Z=Vi} +B;NWe+ g,ggg]a#Pjpi(@s:_ B~^ =rs;`gҶOS):䬤O\ȊzR|ܕC2|R(x!;> j9]9gJvNv#ip{љ/#Ydr=!Z{kcLr)LvD@"𾪉Hfk…d¨ ='1σsQ#*iVyXd'l&s!,S p9PYjnHd6}ՕF,QDXD6t#l캮ÒukzC⊭5cYits@EnoN,tҎjtYȪ#qlygѬ~פD!6;K/XG c6(O2- Z  ]ɖu׊f׆+ӿ7WI%`)Frb 㴺A2, UBk{e) dsnaj( X/z?٤~'$پ/?EQ1aj݃`Dz(aKSPxE8JULajȰ- ZuJS}p/9N|rr/!Qg^6" 1Ο`' 8}_fCK@j'8LOTZfK //4-m:p܉tn0鈨E]NjIjz(N3Z2]zmAꃌ?9[56Ю1i:|l'Ce9hЫ|fsD/]nР 4ߺ\~~PjW1vP@t`t{Տ7]zjL$Gy $* }MAW<03^8Gj"ޤ"$5i s.eurD1i5 ͦ7'-!MCT^#\1V:E0zʇgEoT*;?ҽ6w|ӆF!znv9n֊QM_1;B=ijnդM ir4_ekS4Aoq[Xx~ħjqqǽA r4`v|?:OuI_f*YQU69,:.YOPWĈ,GK5#6@eHhi YǧWe$R<4r5K2Vl ˒Aܪyl _N8> {mܩes| RW>*"$!.383i7 l׭R~DL[QC5?MrG@aWcPia=@TݣQ|5<5A:?A:>3@P+Ygjbdc"w> ~~P`eChٝ'H[:(鸤eBF7)p]m@=KՌeh4:L}!l"!Aʤm_FD?1EY3;xïuxc1C.*ȴ*}q|'iԆ*4ɓ`䲈2]LG"=gp ~A҉7?,wq~l+ۯUk}kF,>S"IWYbX zAJ (e5~\tt:Fi1u=^-+z}djV笵Rb|H8R7vPBc~<_v_(&@<54[az/߂FY?[1E|aGPo:s$ǟ9}qt |7x\P fe&{T,&Cxr9'boh|N'/JsR{(,n. %F_bڒM[( <u:t ʧ)f3lO,J/ Q8)G('@A)Yd0smV+ pQ~]N$d<=#rB`SPp(ne:^e'4E+.U%AI.qbl~$oQWATLa6:7(aAfvܱ`)캒k#!=aQ1F,Z bSC:i$󛼎OOu'PW`vYp̖<1B#^xm%c~@"#ؽt5Ik#yAm +?UQ?5\cvȒEW─ $eZpT`cF8A @}FVԒ5#H 6]BXT@>R-~njG/성CE@o|]O`Jh x,}B\Z\7dNW& :;.W Cm&0TۇwѲ%u_bJЏ'k {a;ĪHa&IMm$Ÿչr'Ϻ):E( k:Da3#Qdvk=b(5s|bݸMjV Ωe)P-QtӁ%FUoelE T@n!N! u6VdR+p;b)&|L)HivcV[CtĨS I-$vg+8RH'AK_ z oN?Bi]~…X>lK^Ca»iZ_uh?1@3;'UJ,ğSwFeKo4sinjCr& jS]r.P:B)q~H>=9eh@GD1ie{!kW7In_,+zD C}+gSEs:Zx@K<\RU2/3u GN횰'(E`.?*p]Ȱ(Zbid䅐ޑW#8Bp= ZU~ռw^?J{ImMBiĉ)JeʗvNicbQJ_GI&6)C MFz u4}^j-ܾ&15577IQ8:eKTOt5U_`v$i[HVrmxys$0WES?KH9 a^*X&^#q029iˠv C-'IV&rΨ~څwc)d 9kʝI08BKvqT:cȌhI!I{ثBl_ lr;BBfRpo4]Y_4$2NH cսI`$#m_@{n^/~$N>G[ # Dz)MĖ\$׊t-5нP EFeB1[|VWBKӜ&p.>GpG 򌁮iX'10Nݞ i۽ YOL^n'PrtulҖ AWAw1 &D{v"gz(ᏄUD5 aJfKx^6aJ/Ylv;2WlKY6虗)?cͅjزb οvm[ZFu"l>?z~_,,eUibuxR"q@Zpy֘3e:K[ˌ9sku# ^QB@:FoZ-83iZa 'NfF/]ܞrI,[7@;45>HZޕvbmh{:=mKdQ'R0 e>5%}iZ-6NK2pq0t.e/:[~0I_W޾k:[rodN~9.Tc/t$$:JE0iUʛnNa+To) 5a1zw`]K *3>:h24b43!^ :< 4e[:k p-$(XBӵ^ #B` j>cGȠŽ{G;FD1 6)NM˧dF9OI0e#ns9v*|A ,ؔ!'}uk^BTCt~`&,"h{]I/h#@=ڹSu?̽N J(Js6nK[oف $4#EԭX0f80y=C+6z%#L^V;_Q1B!(\Pi]B6.z4ʌkBy ˴ k[ B?&2`GE7e ao)4)DZX޴tQ+Mx~p/'͊ iK'YO=sy4uYApNx+34mDVSt6 &`A28e_%t= @'dTzj(0%:1t:ĠxoT>դtOK[{AL8_ bc&D?7Ԙ\oܜ`(1ZI.+c(Ob[~Y MdK4%䝪U\T/5V34 kho Wɻ:Jq=5euSʃZj2u&\!1l+IS{79iDȧ& +eؼ[Kh'L"dU+F]sȏYb}F0ˍ˶4P/ *nJ Ph M-iۧ:f”PHx=$:XSp Z;J뙷Գ?\!ӥswiѼ޲ ȊܠS,m{j bR4M7r!{TݺO7q~3yVpQv ̯,:A5q{x!㴁=RK޼J N OGEsʷ]\P)(LT-:V)/x" ؆1Ĭ8t".TJ[Da$]XJq5{t,;M'`%S|:u[NblSu/ al8EY['!p&6֋M߁+жuN\oNýWؤ\859μm(Mt َ7A夈oƶwD%h]$41*O4[̪^X8 Q\mLAKo@OSS\Z4pK`wJ"{0tg>vP*2R Ti$ cLx?2hJkf_*5Ka(L& ag;TC>IaT~(bjNMJꥸ5$V!}xTRzwmΤch8Ýf3jLۙC L >|It4 5kqh=/A)X=64B=?z Aj;x$-m2q ۮEkϗm1aǰ&9/B}pA:v(@\zNd/cQmduo9☒S7=I [ƨ;SkW{ a4tuQp e ځ|-g4F|,!}2 8ᚓ>M:e膖Xjx><_z AH mom_h{8t8t^#u S ^A%g E6E-OX-3B _0C+xtY1nѕ-oGr4; rB54O^u ht kUxN!\0C[≯~^k /w^8b5I`п RXw @FruGL^$#%'QoaGy=3fb<5]uyD5Ƅ֥z*F70QQU 7W=Iv  ids{ ;UwܢyqQOF.B݂*%÷l:~FC\ݳNAQNx:EȌ+?Xd ?UD5yfzLU":2ZЗ|#<3.ޱPLae,]P()d!USR!_8_Pڛ P֠7ںxn-%>u\Q5[w&4)W%UXⷛOtWq 9-K|3XrUEJ+G8`cԊ]-G4B[<.Gsds0$0~:V(Z앑ItzP]_04s_`9`n . qd8$˽1m(C؞,>wDuE>:mt- <.Z="7Mh+~! M@l=?6X5Atq3{J?W0(jK $1Ax7u笯/VŠOqi(ex܌\*S, o-ߝr뱱AܰX#+yL<ėְSC mޡ>-o*&}JVԣu];93=3`m vSsx2xˎW4zN'HſlgeoV8/)kYדHn)Fkk) Önn[/ f 둧Qj@$cv$K Sv_KR\}<;wDa٣KIY`)YΓ#L^\#6ȏNM?+ͽB>Hѐ]L *!&[<+UCM!T'Ir1gAֹ ,Rlu(%5QZhBPsZ XO+x% 0B>r}.(%XӶIF5"`K4z (>C^CRj:fqS&ɱ-} 9-%h@l@tsMno,] |MN*hvB"N:=y7m# Mր"xaS<{l Cٕ{E .- $E e֟J6O[pH0[)Fy\sZC,4*;b Հ X.\dJW`RJ΄\Д`:#p93eS.R(AKa4dژT8pm<{Jb2D9yG79 (rU|E = ޮA%.yO-=˪RmqBVs1 I<v F¯E{\*C;Zl#a^mוF̈́Y#1=В!=is ~l(jk!J᪽L')Lbp=z~mzȱL}3 %g]ܯjphFږ@WGI3rh%{X.m:ElwF\A盲#2)#Ɵ xÓXsspoVhSEa<ZA]]BSTRsŊ=zQ&N{=IfrdBC2 qSik%y\| nmR pqE2韣fX$\~M !xߴ;m FEՋ5&<:X2m_W8)-;8K3/unA= g?k (H~T( G֎Grp;޲\U=uĒ#YO*tK?v ! r}^Hї"6._>9iЮb;\9~d4׎`?V`P]譫qVdHǶ&Sz hLbE#mWE+CzC; *X*u_qO#D!NwYTP] 8E[)tcεu: Y!"-񶅢90n7Ttd+@KsYp޶Ž$sә {m̞.As L%f`E]l$P0)Cw&w?Om :5J}Qalv$6cbw0vCG䗆kd-yNqn'O37ZHEy#<6Ojѓę+9Ƶml3bc@'Sn3E{L "aP8EV!{:J}%x gTOﴤ _؎ƍ]* MEȏzH'8{'zɦzGNK7mJ'z̕NDM_uՙ=_M-ȡ~IF"ctJ ] ,;]DӎdۯqS@s@׮"3Յ2U>wdrJyg;()BvnJӵ@pVA U&>I2_@1EydVmZoBkuI,ϓrxdd5~!0P%O\?' 㙺(OɕKAƪ"|M&fHQʓ ŝJq]߿e$7VwIDaqHs}"3';5Iz/eL<sq`!KR4+X|v?N)ɏF(e甆T!NA&1޴N"*ovM9ni73!e} i$ߍkR㮶Ҭ  9(mة) U1TÉN䫤o$Eeʬb1R t`"2ZV/? TMR2FNfijz[qvB `W(HT tP<'*u33Y'8qe z֗7q[ɤpYTFrt QYWu^Ry>T4JA(9qq%Ahk$j{_|,,EJ