apache2-devel-2.4.23-45.1>t  DH`p\/=„j|ta(YnXIƴuCµ}֒]/ǫ2h,Z/ 4 шݰ4l೉ARAaM¿ZqvpvM+Hv4|90h[NȉKjd=e-ױJEMkcF7Goͳ:ԷcTtҳ$h]ȅAL`~" >٭edۼe{H^QnX(sˆIgI`ZtR@7KG8epV9b1fd6317d17668aafad41c1ad85720e97ebfc1aԉ\/=„lٌ ͷUS9)mH?ΚKƟZ1cbˑa׭}L9r>cQMeAqRfF 7M cSvtߍ ?Os-?M^Mqߍp:E9?jiE»\ERa6YM9󙙃0B8[kyI  Flڜ.[iZU܌t#$,vͨ\u1̺`  l:Vlq- vɂL=>:e?ed  > 5;D    d  +/5`::?T?x ? @r (@8@9C:ReF9zG9H=IBLXCdYCl\C]G^U bV~cW dWeWfWlWuWv\0w\xaLyezeCapache2-devel2.4.2345.1Apache 2 Header and Include FilesThis package contains header files and include files that are needed for development using the Apache API.\Nlamb27openSUSE Leap 42.3openSUSEApache-2.0http://bugs.opensuse.orgDevelopment/Libraries/C and C++http://httpd.apache.org/linuxx86_64IIII ! ! ! 3! 6d|'a (C# HC$>`;X Pb1O Ni “\uF Z 7 Z Bq%s e Qa &g[Hkw$L&J ^=    $|AAAAAA큤큤큤\$\$\$\$\$\$\$\$\#\#\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \ \ \ \ \ \ \ \!\!\!\!\!\!\!\"\"\"\"\"\"\"\"\"\"\#\#\#\#\#\#\#\#\#\#\\\Q\Q\\\\\\\\\\\\\\\\\\\\\\\\\\\ \ \ \ \ \ \ \ \!\!\!\!\!\!\"\"\"\"\"\"\"\"\"\"\#\#\#\#\#\#\#\#\#\#\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \ \ \ \ \ \ \ \ \!\!\!\!\!\!\"\"\"\"\"\"\"\"\"\"\#\#\#\#\#\#\#\#\#\Q\Q\#\#\Q\Q\Q\Q\Q\Q\Q\Q\R\R\R\R\S\R\R\R\R\R\R\R\R\R\R\R\S\S\R\S\S\S\S\S\R\S\S\S\T\T\S\S\S\S\R\T\R\T\R\R\R\R\R\R\R\S\S\S\S\S\S\<\$\$\\\\\T\\\\\\\\7745a635702513b01302803e36da71db56bfac692164b3043cbac68d93ca58a0f4b689f8a2b5b2eb7eb7e1bf4e34e9f5e2c7ba1baa8fa838c82b673c3c8be01419982aa1ba429458a230a5252e6aaf0f248e014f80615e613d24079aacc7b4171ff7751fb4a59b0ab205a59043fde5ef45e4240d615b8d9c222b4af5883cfb0819982aa1ba429458a230a5252e6aaf0fa4a345156c385bcfa196ad30ea6bfcb873c0f90199635f159e33c28dfc2047f221f123683a64bf752586c8070bfff2be1ff7751fb4a59b0ab205a59043fde5ef3bf41643c3eb2b95b8b068a7bea17c3f804aa8fbadca25cfb96827284613c9e2299d9fd44d16275b39916a34c5ce1dd3ba4412f43e658ed57091e1a98be2c6492d264c231bcfe16fef555d2e5df38e7d68e848f6f4080b0fc888e8e6eeed6cdbaf039ff02badc3caa75fc0615756334694eba3e707fd8e2d4dd89919b7fed130f204b1ff415a0258e71d206666173e91b284bc015540375443163a702ca07c1e6ee60fa7abb26ba4349a0486e09ea431ae78f2a8c9d5919313895fbde84db097606b68542288de4b17fac26c0527f024189f996025000bf8cd7b57b67be13e965977674c55c96d5e9935c088393348f8a7eb45f76e9e61f61fecde635d0ec309f37c5aec759acde7b726fe1a29719062185fb4a3193d82b2ccb1df31930a096e44411a5563425fa9e7ec0956fe62bd20cdd7e27333d4252e046c88bebfe8e870a6c97a2f5b5ea2e885be6b6f016af67b1d9a4c554a666c5fc75aa2076125f89912e27ffabdb30939e0b6987f9005863bcca6e14f7168c098131780a366ed8a5cf26f509d8d6d5a5db134271e518367fb5d32720a8eb35778b9625786694c48f913b6b2998128c7dd9fbbc47caeca2fbb76bd7ac6d530a32ccf0334e2b9060cce0632797af94a2d4c23fbf42faa72fdc2dd34c0bb282bdb52fa59079ec664e8894c4915522826b3e72f7354d9e0e364f36794350f47f8434d0e6d9ff2874ce6d8f472234ff8ae437a684cbccc5318817adf8603dddfbc1043215f0d1231287f7b23fc5136d9b87ec2ac773780d389d3a9fdbb314bd19e5191b24624e23cc6c1fdc80f783a473f84950812e87727212ba080fc903099e33576137726d35071ca5148a4948d9325e154b119c77e4b28359aed77d51dcbbb8f4f4859e5b4dbce8078ead28df84f549239a8812d175938d72d1935172c8116c1fb6722adfc2f7e9bc176e4edacc6b98793103641ee2fec516048b90fb84b100097c848995a7dcabcca80a9b8d2137203452b5f404d79210ae1a99cbdc9449ffa9d890724655eb9cef362126b166eb0ca66a0038f51644f6995c91452b9a51fb2ed560e306e1998c613af4bc515637b7021ad3d384e6a41d13994f8705d2e51073454c05dad3d6079a719c9f6fad830b2fbf74d25cedf167031c323609f691fe89423083bceef6e7319894e51124b630754ca6243e0c50426ad4ef2600aae9b087795cb540aafa82542d74e2361a249f9533811807728780e6999fd9a3fdd9036d1d015eb03b67378fed1d42f2cc7c99c4f3395cf73b714d7a9f38ae193ed77a419f10771af1417d3b8ee0e295112c3055e9f1eb839ef29a6a48670ea5ab3a8348988a085f4e47b9da59459a5e6f36d43bacc6cbdf480bc063e9113c703a891f0e83a0cf46748ffbef14898561791c1c06d47b5f18bc702c776c1382cb91cc82077ecbe055f118b35b132092f17cdac0f0fe215f148d8a5be9ecc184e8caef21d794f7b27e43b12619a5a146f5f0e75fcf728f5cf2233aec86ec3b2767d64297a569804994d35a1b291ce35f98413c5a9d52b11aec6d54ed83101dcc2b16234859d0e3ea298f1180495418dd85c3240ae429faa6672a6307db96e3b75c59483f79c868d233cdfa1060fapxsapxs-eventapxs-preforkapxs-worker../apache2/ap_compat.h../apache2/ap_config.h../apache2/ap_expr.h../apache2/ap_hooks.h../apache2/ap_listen.h../apache2/ap_mmn.h../apache2/ap_mpm.h../apache2/ap_provider.h../apache2/ap_regex.h../apache2/ap_regkey.h../apache2/ap_release.h../apache2/ap_slotmem.h../apache2/ap_socache.h../apache2/apache_noprobes.h../apache2/cache_common.h../apache2/heartbeat.h../apache2/http_config.h../apache2/http_connection.h../apache2/http_core.h../apache2/http_log.h../apache2/http_main.h../apache2/http_protocol.h../apache2/http_request.h../apache2/http_vhost.h../apache2/httpd.h../apache2/mod_auth.h../apache2/mod_cache.h../apache2/mod_cgi.h../apache2/mod_core.h../apache2/mod_dav.h../apache2/mod_dbd.h../apache2/mod_include.h../apache2/mod_log_config.h../apache2/mod_proxy.h../apache2/mod_request.h../apache2/mod_rewrite.h../apache2/mod_session.h../apache2/mod_so.h../apache2/mod_ssl.h../apache2/mod_ssl_openssl.h../apache2/mod_status.h../apache2/mod_unixd.h../apache2/mod_watchdog.h../apache2/mod_xml2enc.h../apache2/mpm_common.h../apache2/os.h../apache2/scoreboard.h../apache2/unixd.h../apache2/util_cfgtree.h../apache2/util_charset.h../apache2/util_cookies.h../apache2/util_ebcdic.h../apache2/util_fcgi.h../apache2/util_filter.h../apache2/util_ldap.h../apache2/util_md5.h../apache2/util_mutex.h../apache2/util_script.h../apache2/util_time.h../apache2/util_varbuf.h../apache2/util_xml.h../apache2/ap_compat.h../apache2/ap_config.h../apache2/ap_expr.h../apache2/ap_hooks.h../apache2/ap_listen.h../apache2/ap_mmn.h../apache2/ap_mpm.h../apache2/ap_provider.h../apache2/ap_regex.h../apache2/ap_regkey.h../apache2/ap_release.h../apache2/ap_slotmem.h../apache2/ap_socache.h../apache2/apache_noprobes.h../apache2/cache_common.h../apache2/heartbeat.h../apache2/http_config.h../apache2/http_connection.h../apache2/http_core.h../apache2/http_log.h../apache2/http_main.h../apache2/http_protocol.h../apache2/http_request.h../apache2/http_vhost.h../apache2/httpd.h../apache2/mod_auth.h../apache2/mod_cache.h../apache2/mod_cgi.h../apache2/mod_core.h../apache2/mod_dav.h../apache2/mod_dbd.h../apache2/mod_include.h../apache2/mod_log_config.h../apache2/mod_proxy.h../apache2/mod_request.h../apache2/mod_rewrite.h../apache2/mod_session.h../apache2/mod_so.h../apache2/mod_ssl.h../apache2/mod_ssl_openssl.h../apache2/mod_status.h../apache2/mod_unixd.h../apache2/mod_watchdog.h../apache2/mod_xml2enc.h../apache2/mpm_common.h../apache2/os.h../apache2/scoreboard.h../apache2/unixd.h../apache2/util_cfgtree.h../apache2/util_charset.h../apache2/util_cookies.h../apache2/util_ebcdic.h../apache2/util_fcgi.h../apache2/util_filter.h../apache2/util_ldap.h../apache2/util_md5.h../apache2/util_mutex.h../apache2/util_script.h../apache2/util_time.h../apache2/util_varbuf.h../apache2/util_xml.h../apache2/ap_compat.h../apache2/ap_config.h../apache2/ap_expr.h../apache2/ap_hooks.h../apache2/ap_listen.h../apache2/ap_mmn.h../apache2/ap_mpm.h../apache2/ap_provider.h../apache2/ap_regex.h../apache2/ap_regkey.h../apache2/ap_release.h../apache2/ap_slotmem.h../apache2/ap_socache.h../apache2/apache_noprobes.h../apache2/cache_common.h../apache2/heartbeat.h../apache2/http_config.h../apache2/http_connection.h../apache2/http_core.h../apache2/http_log.h../apache2/http_main.h../apache2/http_protocol.h../apache2/http_request.h../apache2/http_vhost.h../apache2/httpd.h../apache2/mod_auth.h../apache2/mod_cache.h../apache2/mod_cgi.h../apache2/mod_core.h../apache2/mod_dav.h../apache2/mod_dbd.h../apache2/mod_include.h../apache2/mod_log_config.h../apache2/mod_proxy.h../apache2/mod_request.h../apache2/mod_rewrite.h../apache2/mod_session.h../apache2/mod_so.h../apache2/mod_ssl.h../apache2/mod_ssl_openssl.h../apache2/mod_status.h../apache2/mod_unixd.h../apache2/mod_watchdog.h../apache2/mod_xml2enc.h../apache2/mpm_common.h../apache2/os.h../apache2/scoreboard.h../apache2/unixd.h../apache2/util_cfgtree.h../apache2/util_charset.h../apache2/util_cookies.h../apache2/util_ebcdic.h../apache2/util_fcgi.h../apache2/util_filter.h../apache2/util_ldap.h../apache2/util_md5.h../apache2/util_mutex.h../apache2/util_script.h../apache2/util_time.h../apache2/util_varbuf.h../apache2/util_xml.h../bin/apxsapxsrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapache2-2.4.23-45.1.src.rpmapache2-develapache2-devel(x86-64)@@   /bin/sh/usr/bin/perlapache-rpm-macros-controlapache2apache2-MPMapache2-preforkgcclibapr-util1-devellibapr1-develrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.4.233.0.4-14.0-14.4.6-14.11.2\N\v{\I\5@[Ѱ@[][`O@ZZC@YY{YYlYlYP@YI@Y1S@X @XGW@WW-@W@WF@WPetr Gajdos jcejka@suse.comPetr Gajdos pgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compsimons@suse.comkstreitova@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.comschwab@suse.dekstreitova@suse.compgajdos@suse.comkstreitova@suse.comi@marguerite.supgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comkstreitova@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.comhguo@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.compgajdos@suse.compgajdos@suse.comdimstar@opensuse.orgjsegitz@novell.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comkstreitova@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgbruno@ioda-net.chschwab@linux-m68k.orgpgajdos@suse.comkstreitova@suse.comkstreitova@suse.compgajdos@suse.comLed pgajdos@suse.comLed kstreitova@suse.comcrrodriguez@opensuse.orgLed pgajdos@suse.compgajdos@suse.compgajdos@suse.comkstreitova@suse.compgajdos@suse.comoholecek@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgmc@suse.comlnussel@suse.decrrodriguez@opensuse.orgdraht@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgfreek@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgaj@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmeissner@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmlin@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmhrusecky@suse.czcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgsaschpe@suse.demeissner@suse.commeissner@suse.comdimstar@opensuse.orgadrian@suse.depoeml@cmdline.netcoolo@suse.comdraht@suse.dechris@computersalat.demeissner@suse.decoolo@suse.comdraht@suse.dedraht@suse.defcrozat@suse.comfcrozat@suse.comdraht@suse.dedraht@suse.dedraht@suse.defcrozat@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orglnussel@suse.dewerner@suse.delnussel@suse.depoeml@cmdline.netcristian.rodriguez@opensuse.orgpoeml@cmdline.netpoeml@cmdline.netlars@linux-schulserver.deaj@suse.depoeml@cmdline.netpoeml@cmdline.netcoolo@novell.comjengelh@medozas.depoeml@cmdline.netpoeml@cmdline.netpoeml@suse.depoeml@suse.dehvogel@suse.depoeml@suse.depoeml@suse.depoeml@suse.depoeml@suse.depoeml@suse.decrrodriguez@suse.depoeml@suse.de- security update - added patches CVE-2019-0220 [bsc#1131241] + apache2-CVE-2019-0220.patch CVE-2019-0217 [bsc#1131239] + apache2-CVE-2019-0217.patch CVE-2019-0211 [bsc#1131233] (thanks to Simotek) + apache2-CVE-2019-0211.patch CVE-2019-0197 [bsc#1131245], CVE-2019-0196 [bsc#1131237] + apache2-mod_http2-1.14.1.patch CVE-2019-0211 [bsc#1131233] * apache2-CVE-2019-0211.patch- added patches fix https://github.com/icing/mod_h2/issues/167 [bsc#1125965] + apache2-mod_http2-issue-167.patch- security update * CVE-2018-17189 [bsc#1122838] + apache2-mod_http2-1.11.4.patch * CVE-2018-17199 [bsc#1122839] + apache2-CVE-2018-17199.patch- do not create sysconfig.d when already exists [bsc#1121086]- Fix for SG#52358, bsc#1108989: * ap_reclaim_child_processes-Implement-terminate-immed.patch: Fix full scoreboard error.- security update: * CVE-2018-11763 [bsc#1109961] + apache2-mod_http2-1.11.0.patch- security update: * CVE-2018-1333 [bsc#1101689] + apache2-CVE-2018-1333.patch- security update: * CVE-2018-1283 [bsc#1086814] + apache2-CVE-2018-1283.patch * CVE-2018-1301 [bsc#1086817] + apache2-CVE-2018-1301.patch * CVE-2018-1303 [bsc#1086813] + apache2-CVE-2018-1303.patch * CVE-2017-15715 [bsc#1086774] + apache2-CVE-2017-15715.patch * CVE-2018-1312 [bsc#1086775] + apache2-CVE-2018-1312.patch * CVE-2017-15710 [bsc#1086776] + apache2-CVE-2017-15710.patch * CVE-2018-1302 [bsc#1086820] + apache2-CVE-2018-1302.patch- update mod_http2 to 1.10.12 (from apache 2.4.29) fixes: CVE-2017-9789 [bsc#1048575], CVE-2017-7659 [bsc#1045160] + apache2-mod_http2-1.10.12.patch- gensslcert: fall back to 'localhost' as hostname [bsc#1057406]- full path to a2{en,dis}mod in apache-22-24-upgrade [bsc#1042037]- security update * CVE-2017-9798 [bsc#1058058] + apache2-CVE-2017-9798.patch- start_apache2: include individual sysconfig.d files instead of sysconfig.d dir, include sysconfig.d/include.conf after httpd.conf is processed [bsc#1023616], [bsc#1043055]- security update * CVE-2017-9788 [bsc#1048576] + apache2-CVE-2017-9788.patch- security update * CVE-2017-7679 [bsc#1045060] + apache2-CVE-2017-7679.patch * CVE-2017-3169 [bsc#1045062] + apache2-CVE-2017-3169.patch * CVE-2017-3167 [bsc#1045065] + apache2-CVE-2017-3167.patch- remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade [bsc#1041830]- gensslcert: use hostname when fqdn is too long [bsc#1035829]- security update * CVE-2016-8743 [bsc#1016715], CVE-2016-4975 [bsc#1104826] + apache2-CVE-2016-8743.patch + apache2-CVE-2016-8743-1.patch + apache2-CVE-2016-8743-2.patch * CVE-2016-0736 [bsc#1016712] + apache2-CVE-2016-0736.patch * CVE-2016-2161 [bsc#1016714] + apache2-CVE-2016-2161.patch - add missing copy of hcuri and hcexpr ftom the worker to the health check worker [bsc#1019380]- security update: CVE-2016-8740 [bsc#1013648] * apache2-CVE-2016-8740.patch- add NotifyAccess=all to service files [bsc#980663]- readd the support of multiple entries in APACHE_ACCESS_LOG [bsc#991032]- Add apache2-cve-2016-5387.patch to fix CVE-2016-5387. Prior to this patch, Apache would translate every header "Foo: ..." received in the HTTP request into an environment variable called $HTTP_FOO="...". While useful in general, this feature could be abused by sending specially crafted "Proxy" headers, which would result in server code running in an environment where $HTTP_PROXY points to an arbitrary, potentially hostile location. This update modifies Apache to ignore the non-standard "Proxy" header entirely so that HTTP_PROXY is never set by the server. [bnc#988488]- update to 2.4.23 to fix CVE-2016-4979 [bsc#987365] - mod_proxy_fdpass needs explicit configure line now - mod_proxy_hcheck was missing due to upstream bug - removed note about ulimits in sysconfig file [bsc#976711] - enable authnz_fcgi module- remove Alias= from [Install] of the template service [bsc#981541c#10]- updated to 2.4.20 to fix CVE-2016-1546 [bsc#980370] - removed httpd-2.4.18-missing-semicolon.patch (upstreamed) - removed httpd-2.4.17-debug-crash.patch (httpd -X does not crash anymore)- start apache services after remote-fs [bsc#978543]- backport of HttpContentLengthHeadZero and HttpExpectStrict + httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (needed to be refreshed against 2.4.18)- fix build for SLE_11_SP4: + httpd-2.4.18-missing-semicolon.patch- Update to version 2.4.18 * drop 2.4.17-protocols.patch in upstream. - Change list too long to mention here see: http://www.apache.org/dist/httpd/CHANGES_2.4.18 for details.- systemd: Set TasksMax=infinity for current systemd releases. The default limit of 512 is too small and prevents the creation of new server processes. Apache has its own runtime/harcoded limits.- fix crash when for -X + httpd-2.4.17-debug-crash.patch- add a note: FollowSymLinks or SymLinksIfOwnerMatch is neccessary for RewriteRule in given dir [bnc#955701]- restart apache once after the rpm or zypper transaction [bnc#893659] - drop some old compat code from %post- 2.4.17-protocols.patch from upstream http2 module: * master conn_rec* addition to conn_rec * improved ALPN and Upgrade handling * allowing requests for servers whose TLS configuration is compatible to the SNI server ones * disabling TLS renegotiation for slave connections- LogLevel directive into correct config file, thanks Michael Calmer for the fix [bsc#953329]- do not build mod_http2 for older distros than 13.2 for now (nghttp2 does not build there)- Include directives really into /etc/apache2/sysconfig.d/include.conf, fix from Erik Wegner [bsc#951901]- gensslcert: CN now defaults to `hostname -f` [bnc#949766] (internal), fix help [bnc#949771] (internal)- Update to 2.4.17 - Enable mod_http2/ BuildRequire nghttp2 - MPMs: Support SO_REUSEPORT to create multiple duplicated listener records for scalability - mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3 - For more changes see: http://www.apache.org/dist/httpd/CHANGES_2.4.17- start_apache2: reintroduce sysconfig.d, include it on command line (not in httpd.conf) instead of individual directives [bnc#949434] (internal), [bnc#941331]- Fixup libdir in installed files- fix Logjam vulnerability: change SSLCipherSuite cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to generate a strong and unique Diffie Hellman Group and append it to the server certificate file [bnc#931723], [CVE-2015-4000]- add reference upstream bug#58188 along httpd-2.4.12-lua-5.2.patch- update to 2.4.16 * changes http://www.apache.org/dist/httpd/CHANGES_2.4.16 * remove the following patches (fixed in 2.4.16) * httpd-2.4.x-mod_lua_websocket_DoS.patch * httpd-2.4.12-CVE-2015-0253.patch * update httpd-2.4.12-lua-5.2.patch- add patch: httpd-2.4.12-lua-5.2.patch * lua_dump introduced a new strip option in 5.3, set it to 0 to get the old behavior * luaL_register was deprecated in 5.2, use luaL_setfuncs and luaL_newlib instead * luaL_optint was deprecated in 5.3, use luaL_optinteger instead * lua_strlen and lua_objlen wad deprecated in 5.2, use lua_rawlen instead- change Provides: from suse_maintenance_mmn = # to suse_maintenance_mmn_#- apache2 Suggests:, not Recommends: apache2-prefork; that means for example, that `zypper in apache2-worker` will not pull apache2-prefork also - installing /usr/sbin/httpd link: * do not try to install it in '%post ' when apache2 (which includes /usr/share/apache2/script-helpers) is not installed yet (fixes installation on 11sp3) * install it in '%post' if apache2 is installed after apache2- to be sure it is there- access_compat shared also for 11sp3- apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names- apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch- a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE= environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@ (see README-instances.txt for details)- provides suse_maintenance_mmn symbol [bnc#915666] (internal)- credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service- reenable 690734.patch, it should be upstreamed by the author (Adrian Schroeter) though + httpd-2.4.9-bnc690734.patch - httpd-2.2.x-bnc690734.patch- drop startssl from start_apache2- allow to run multiple instances of Apache on one system [fate#317786] (internal) * distributed httpd.conf no longer includes sysconfig.d, nor this directory is shipped. httpd.conf includes loadmodule.conf and global.conf which are former sysconfig.d/loadmodule.conf and sysconfig.d/global.conf for default /etc/sysconfig/apache2 global.conf and loadmodule.conf are not included when sysconfig variables could have been read by start_apache2 startup script (run with systemd services). Therefore, when starting server via /usr/sbin/httpd, sysconfig variables are not taken into account. * some not-maintained scripts are moved from /usr/share/apache2 to /usr/share/apache2/deprecated-scripts * all modules comment in sysconfig file is not generated anymore * added README-instances.txt * removed Sources: load_configuration find_mpm get_module_list get_includes find_httpd_includes apache-find-directives * added Sources: deprecated-scripts.tar.xz apache2-README-instances.txt apache2-loadmodule.conf apache2-global.conf apache2-find-directives apache2@.service apache2-script-helpers- add SSLHonorCipherOrder directive to apache2-ssl-global.conf - adopt SSLCipherSuite directive value from SLE12 - remove default-vhost-ssl.conf and default-vhost.conf from /etc/apache2. These two files are not (!) read by the configuration framework, but are named *.conf, which is misleading. The files are almost identical with the vhost templates in /etc/apache2/vhosts.d/. The two templates there do it right because they are not named *.conf and are not sourced either. apache's response with no explicit (eg. default, vanilla) configuration is contained in /etc/apache2/default-server.conf. * remove apache2-README.default-vhost as there are no default-vhost* files anymore.- apache2.service: We have to use KillMode=mixed for the graceful stop, restart to work properly.- dropped 2.0 -> 2.2 modules transition during upgrade * apache-20-22-upgrade renamed to apache-22-24-upgrade - apache-*-upgrade script is called in %posttrans now [bnc#927223]- fix find_mpm to echo mpm binary- apache2.service: Only order us after network.target and nss-lookup.target but not pull the units in. - apache2.service: SSL requires correct system time to work properly, order after time-sync.target- align filenames with upstream names (and add compat symlinks) - find_httpd2_includes renamed to find_httpd_includes- access_compat now built as shared and disabled by default - amend config to use also old syntax when access_compat is loaded - added apache2-README-access_compat.txt - added apache-find-directive script - see [bnc#896083] and its duplicates- add httpd-2.4.12-CVE-2015-0253.patch to fix SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic]- simplify apache2.logrotate, use sharedscripts [bnc#713581]- remove curly brackets around format sequence "%y" in `stat --format="%{y}" %{SOURCE1}` that caused an incorrect evaluation. Add escaping to proper spec-cleaner processing in the future- remove 'exit 0' from the %post section in the specfile that was placed here incorrectly and caused that the rest of the %post section couldn't be executed.- /etc/init.d/apache2 reload -> systemctl reload apache2.service in apache2.logrotate [bnc#926523]- authz_default -> authz_core in sysconfig.apache2/APACHE_MODULES [bnc#922236]- Add Requires(post) apache2 to the subpackage -worker, -event and - prefork: their respective post scriptlets execute /usr/share/apache2/get_module_list, which is shipped as part of the main package. This script has the side-effect to call find_mpm, which in turn creates the corresponding /usr/sbin/httpd2 symlink.- Patched get_module_list to ensure proper SELinux context for sysconfig.d/loadmodule.conf- Pname -> name variable reduction - Try to fix sle11 build- Version bumpt o 2.4.12: * ) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for internationalization. [William Rowe] * ) mpm_winnt: Normalize the error and status messages emitted by service.c, the service control interface for Windows. [William Rowe] * ) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824. [ olli hauer , Yann Ylavic ]- Exit cleanly on end of the post and cleanup the update detection - Remove Apache.xpm as it ain't used- Cleanup init/unit decision making and provide just systemd service on systemd systems- Deprecate realver define as it is equal to version. - Explicitely state MPM mods to ensure we don't lose some bnc#444878- Pass over spec-cleaner, there should be no actual technical change in this just reduction of lines in the spec- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug where a maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash [CVE-2015-0228], [bnc#918352].- httpd2.pid in rc.apache2 was wrong [bnc#898193]- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon with pkg-config, this is the only correct way, in current versions sd_notify is in libsystemd and in old products in libsystemd-daemon.- remove obsolete patches * httpd-2.4.10-check_null_pointer_dereference.patch * httpd-event-deadlock.patch * httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch * httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch- Apache 2.4.11 * ) SECURITY: CVE-2014-3583 (cve.mitre.org) mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. [Yann Ylavic, Jeff Trawick] * ) SECURITY: CVE-2014-3581 (cve.mitre.org) mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. [Mark Montague , Jan Kaluza] * ) SECURITY: CVE-2014-8109 (cve.mitre.org) mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204 [Edward Lu ] * ) SECURITY: CVE-2013-5704 (cve.mitre.org) core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] * ) mod_ssl: New directive SSLSessionTickets (On|Off). The directive controls the use of TLS session tickets (RFC 5077), default value is "On" (unchanged behavior). Session ticket creation uses a random key created during web server startup and recreated during restarts. No other key recreation mechanism is available currently. Therefore using session tickets without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy. [Rainer Jung] * ) mod_proxy_fcgi: Provide some basic alternate options for specifying how PATH_INFO is passed to FastCGI backends by adding significance to the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener] * ) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule to opt-in to connection reuse and other Proxy options via explicitly declared "proxy workers" (] * ) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME passed to fastcgi backends. [Eric Covener] * ) core: Configuration files with long lines and continuation characters are not read properly. PR 55910. [Manuel Mausz ] * ) mod_include: the 'env' function was incorrectly handled as 'getenv' if the leading 'e' was written in upper case in statements. [Christophe Jaillet] * ) split-logfile: Fix perl error: 'Can't use string ("example.org:80") as a symbol ref while "strict refs"'. PR 56329. [Holger Mauermann ] * ) mod_proxy: Prevent ProxyPassReverse from doing a substitution when the URL parameter interpolates to an empty string. PR 56603. [] * ) core: Fix -D[efined] or [d] variables lifetime accross restarts. PR 57328. [Armin Abfalterer , Yann Ylavic]. * ) mod_proxy: Preserve original request headers even if they differ from the ones to be forwarded to the backend. PR 45387. [Yann Ylavic] * ) mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads (level TRACE4). [Yann Ylavic] * ) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. [Jan Kaluza] * ) mod_ssl: Do not crash when looking up SSL related variables during expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem] * ) mod_proxy_ajp: Fix handling of the default port (8009) in the ProxyPass and configurations. PR 57259. [Yann Ylavic] * ) mpm_event: Avoid a possible use after free when notifying the end of connection during lingering close. PR 57268. [Eric Covener, Yann Ylavic] * ) mod_ssl: Fix recognition of OCSP stapling responses that are encoded improperly or too large. [Jeff Trawick] * ) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers. [Jeff Trawick] * ) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error when parsing or forwarding the response fails. [Yann Ylavic] * ) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e PR 53435 [tadanori , Sebastian Wiedenroth ] * ) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read determine whether it is a normal close or a real error. PR 57168. [Yann Ylavic] * ) mod_proxy_wstunnel: abort backend connection on polling error to avoid further processing. [Yann Ylavic] * ) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu ] * ) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC systems. PR 57092 [Edward Lu ] * ) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752 CacheLock error occurs during cache revalidation. [Eric Covener] * ) mod_ssl: Move OCSP stapling information from a per-certificate store to a per-server hash. PR 54357, PR 56919. [Alex Bligh , Yann Ylavic, Kaspar Brand] * ) mod_cache_socache: Change average object size hint from 32 bytes to 2048 bytes. [Rainer Jung] * ) mod_cache_socache: Add cache status to server-status. [Rainer Jung] * ) event: Fix worker-listener deadlock in graceful restart. PR 56960. * ) Concat strings at compile time when possible. PR 53741. * ) mod_substitute: Restrict configuration in .htaccess to FileInfo as documented. [Rainer Jung] * ) mod_substitute: Make maximum line length configurable. [Rainer Jung] * ) mod_substitute: Fix line length limitation in case of regexp plus flatten. [Rainer Jung] * ) mod_proxy: Truncated character worker names are no longer fatal errors. PR53218. [Jim Jagielski] * ) mod_dav: Set r->status_line in dav_error_response. PR 55426. * ) mod_proxy_http, mod_cache: Avoid (unlikely) accesses to freed memory. [Yann Ylavic, Christophe Jaillet] * ) http_protocol: fix logic in ap_method_list_(add|remove) in order: - to correctly reset bits - not to modify the 'method_mask' bitfield unnecessarily [Christophe Jaillet] * ) mod_slotmem_shm: Increase log level for some originally debug messages. [Jim Jagielski] * ) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with the wrong credentials when a backend connection is reused. [Eric Covener] * ) mod_macro: Add missing APLOGNO for some Warning log messages. [Christophe Jaillet] * ) mod_cache: Avoid sending 304 responses during failed revalidations PR56881. [Eric Covener] * ) mod_status: Honor client IP address using mod_remoteip. PR 55886. [Jim Jagielski] * ) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12 and later. PR 56615. [Chuck Liu , Jeff Trawick] * ) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade failed) messages from ERROR to TRACE1. Other filters do not bother re-reporting failures from lower level filters. PR56832. [Eric Covener] * ) core: Avoid useless warning message when parsing a section guarded by if $(foo) is used within the section. PR 56503 [Christophe Jaillet] * ) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the application. PR 56858. [Manuel Mausz ] * ) mod_proxy_http: Proxy responses with error status and "ProxyErrorOverride On" hang until proxy timeout. PR53420 [Rainer Jung] * ) mod_log_config: Allow three character log formats to be registered. For backwards compatibility, the first character of a three-character format must be the '^' (caret) character. [Eric Covener] * ) mod_lua: Don't quote Expires and Path values. PR 56734. [Keith Mashinter, ] * ) mod_authz_core: Allow 'es to be seen from auth stanzas under virtual hosts. PR 56870. [Eric Covener]- Redone lost patch to fix boo#859439 + service reload can cause log data to be lost with logrotate under some circumstances: remove "-t" from service reload. [bnc#859439]- Fix URL syntax in various files- fix IfModule directive around SSLSessionCache [bnc#842377c#11]- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch to fix flaw in the way mod_headers handled chunked requests. Adds "MergeTrailers" directive to restore legacy behavior [bnc#871310], [CVE-2013-5704].- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch that fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments [bnc#909715], [CVE-2014-8109].- fixed start at boot for ssl and encrypted key [bnc#792309]- fix shebang in start_apache2 script that contains bash-specific constructions- small improvement of ssl instructions [bnc#891813]- fix bashisms in post scripts- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid a crash when Content-Type has an empty value [bnc#899836], CVE-2014-3581- httpd-event-deadlock.patch: Fix worker-listener deadlock in graceful restart.- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch and updated (fixed bashism).- drop (turned off) itk mpm spec file code as mpm-itk is now provided as a separate module, not via patch (see http://mpm-itk.sesse.net/ and [bnc#851229])- enable mod_imagemap [bnc#866366]- fixed link to Apache quickstart [bnc#624681], [bnc#789806]- the following unused patches were removed from the package: * apache2-mod_ssl_npn.patch * httpd-2.0.49-log_server_status.dif- 700 permissions for /usr/sbin/apache2-systemd-ask-pass and /usr/sbin/start_apache2 [bnc#851627]- allow only TCP ports in Yast2 firewall files- more 2.2 -> 2.4 [bnc#862058]- ServerSignature=Off and ServerTokens=Prod by request from security team [bnc#716495]- fix documentation links 2.2 -> 2.4 [bnc#888163] (internal)- Update package Summary and Description. - version 2.4.10 * SECURITY: CVE-2014-0117 (cve.mitre.org) * SECURITY: CVE-2014-3523 (cve.mitre.org) * SECURITY: CVE-2014-0226 (cve.mitre.org) * SECURITY: CVE-2014-0118 (cve.mitre.org) * SECURITY: CVE-2014-0231 (cve.mitre.org) * Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua * mod_proxy_fcgi supports unix sockets.- provide httpd.service as alias for apache2.service for compatibility reasons (bnc#888093)- move most ssl options to ssl-global.conf. There is usually no need for every vhost to re-define the ciphers for example (bnc#865582). Drop some commented entries that only lead to confusion.- version 2.4.9 * SECURITY: CVE-2014-0098 * SECURITY: CVE-2013-6438 * multiple bugfixes and improvements to mod_ssl, mod_lua, mod_session and core, see CHANGES for details.- /etc/sysconfig/apache2: add socache_shmcb to the list of modules that are enabled. /etc/apache2/ssl-global.conf: make SSLSessionCache shmcb... conditional on IfModule socache_shmcb. The same applies to SSLSessionCache dmb:* via module socache_dbm in commented section of same file. [bnc#864185] - /etc/sysconfig/apache2: remove reference to non-existing script /usr/share/doc/packages/apache2/certificate.sh, which was only a wrapper to mkcert.sh anyways. [bnc#864185]- update to apache 2.4.7, important changes: * This release requires both apr and apr-util 1.5.x series and therefore will no longer build in older released products * mod_ssl: Improve handling of ephemeral DH and ECDH keys (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch) * event MPM: Fix possible crashes * mod_deflate: Improve error detection * core: Add open_htaccess hook in conjunction with dirwalk_stat. * mod_rewrite: Make rewrite websocket-aware to allow proxying. * mod_ssl: drop support for export-grade ciphers with ephemeral RSA keys, and unconditionally disable aNULL, eNULL and EXP ciphers (not overridable via SSLCipherSuite) * core, mod_ssl: Enable the ability for a module to reverse the sense of a poll event from a read to a write or vice versa (obsoletes httpd-event-ssl.patch) * see CHANGES for more details- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes mod_ssl-2.4.x-ekh.diff this new patch is the final form of the rework, merged for 2.4.7.- Removed obsolete directive DefaultType - Changed all access control to new Require directive- reenable mod_ssl-2.4.x-ekh.diff- Correct build in old distros.- disable (revert) mod_ssl changes in the previous commit so it does not end in factory or 13.1 yet.- make mod_systemd static so scenarios described in [bnc#846897] do not happen again.- mod_ssl: improve ephemeral key handling in particular, support DH params with more than 1024 bits, and allow custom configuration. This patch adjust DH parameters according to the relevant RFC recommendations and permanently disables the usage of "export" and "NULL" ciphers no matter what the user configuration is (mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)- fix [bnc#846897] problems building kiwi images due to systemd not being running in chroot. (submit to 13.1 ASAP)- Fix SUSE spelling.- Also fix subtle non-obvious systemd unit confusion we really mean -DFOREGROUND not -DNO_DETACH the latter only inhibits the parent from forking, not quite the same as running in well.. the foreground as required.- Ensure we only use /run and not /var/run- Really use %requires_ge for libapr1 and libapr-util1 mentioned but not implemented in the previous commit.- Use %requires_ge for libapr1 and libapr-util1 - apache2-default-server.conf: Need to use IncludeOptional - apache-20-22-upgrade: also load authz_core - httpd-visibility.patch: Use compiler symbol visibility.- Make the default keysize in the sample gensslcerts 2048 bits to match government recommendations.- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)- provide and obsolete mod_macro - upgrade: some people complain that log_config module is not enabled by default sometimes, fix that. - upgrade : "SSLMutex" no longer exists. - Toogle EnableSendfile on because now apache defaults to off due to kernel bugs. that's a silly thing to do here as kernel bugs have to be fixed at their source, not worked around in applications.- httpd-event-ssl.patch: from upstream Lift the restriction that prevents mod_ssl taking full advantage of the event MPM.- Update to version 2.4.6 * SECURITY: CVE-2013-1896 (cve.mitre.org) * SECURITY: CVE-2013-2249 (cve.mitre.org) * Major updates to mod_lua * Support for proxying websocket requests * Higher performant shm-based cache implementation * Addition of mod_macro for easier configuration management * As well as several exciting fixes, especially those related to RFC edge cases in mod_cache and mod_proxy. - IMPORTANT : With the current packaging scheme, we can no longer Include the ITK MPM, therefore it has been disabled. This is because this MPM can now only be provided as a loadable module but we do not currently build MPMs as shared modules but as independant binaries and all helpers/startup scripts depend on that behaviour. It will be fixed in the upcoming weeks/months.- apache-20-22-upgrade: still no cookie, module authn_file is ok and must not be disabled on update. authn_core must however be enabled too.- fix apache_mmn spec macro, otherwise all modules down the chain will have broken dependencies- remove After=mysql.service php-fpm.service postgresql.service which were added in the previous change, those must be added as Before=apache2.service in the respective services.- Include mod_systemd for more complete integration with systemd, turn the service to Typé=notify as required - Disable SSL NPN patch for now, it is required for mod_spdy but mod_spdy does not support apache 2.4- apache 2.4.4 * fix for CVE-2012-3499 * fix for the CRIME attack (disable ssl compression by default) * many other bugfies * build access_compat amd unixd as static modules and solve some other upgrade quirks (bnc#813705)- Install apache2.service accordingly (/usr/lib/systemd for 12.3 and up or /lib/systemd for older versions).- Apache 2.4.3 * SECURITY: CVE-2012-3502 * SECURITY: CVE-2012-2687 * mod_cache: Set content type in case we return stale content. * lots of bugfixes see http://www.apache.org/dist/httpd/CHANGES_2.4.3- Improve systemd unit file (tested for months)- use %set_permissions instead %run_permissions (bnc#764097)- Fix factory-auto (aka r2dbag) complains about URL. - Provide a symlink for apxs2 new location otherwise all buggy spec files of external modules will break.- BuildRequire xz explicitly, fix build in !Factory - Drop more old, unused patches- Upgrade to apache 2.4.2 * * ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html- gensslcert: Use 0400 permissions for generated SSL certificate files instead of 0644- modified apache2.2-mpm-itk-20090414-00.patch to fix itk running as root. bnc#681176 / CVE-2011-1176- remove the insecure LD_LIBRARY_PATH line. bnc#757710- Add apache2-mod_ssl_npn.patch: Add npn support to mod_ssl, which is needed by spdy. - Provide apache2(mod_ssl+npn), indicating that our mod_ssl does have the npn patch. This can be used by mod_spdy to ensure a compatible apache/mod_ssl is installed.- fix truncating and resulting paniking of answer headers (bnc#690734)- update to 2.2.22 * ) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * ) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * ) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * ) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. * ) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. * ) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. * ) mod_proxy_ajp: Try to prevent a single long request from marking a worker in error. * ) config: Update the default mod_ssl configuration: Disable SSLv2, only allow >= 128bit ciphers, add commented example for speed optimized cipher list, limit MSIE workaround to MSIE <= 5. * ) core: Fix segfault in ap_send_interim_response(). PR 52315. * ) mod_log_config: Prevent segfault. PR 50861. * ) mod_win32: Invert logic for env var UTF-8 fixing. Now we exclude a list of vars which we know for sure they dont hold UTF-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. PR 13029 / 34985. * ) core: Fix hook sorting for Perl modules, a regression introduced in 2.2.21. PR: 45076. * ) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. PR 51878. * ) Example configuration: Fix entry for MaxRanges (use "unlimited" instead of "0"). * ) mod_substitute: Fix buffer overrun. - adjusted SSL template/default config for upstream changes, and added MaxRanges example to apache2-server-tuning.conf - fixed installation of (moved) man pages- compile with pcre 8.30 - patch taken from apache bugzilla- enable mod_reqtimeout by default via APACHE_MODULES in /etc/sysconfig/apache2, configuration /etc/apache2/mod_reqtimeout.conf . Of course, the existing configuration remains unchanged.- add default vhost configs * default-vhost.conf, default-vhost-ssl.conf, README.default-vhost- openldap2 is not necessary, just openldap2-devel as buildrequires- add automake as buildrequire to avoid implicit dependency- update to /etc/init.d/apache2: handle reload with deleted binaries after package update more thoughtfully: If the binaries have been replaced, then a dlopen(3) on the apache modules is prone to fail. => Don't reload then, but complain and fail. Especially important for logrotate!- httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff fixes mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. This is CVE-2011-3368.- Ensure service_add_pre macro is correctly called for openSUSE 12.1 or later.- Fix systemd files packaging, %ghost is not a good idea. - Use systemd rpm macros for openSUSE 12.1 and later.- don't create $RPM_BUILD_ROOT/etc/init.d twice in %install.- Update to 2.2.21. News therein: * re-worked CVE-2011-3192 (byterange_filter.c) with a regression fix. New config option: MaxRanges (PR 51748) * multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs, mod_alias, mod_rewrite. As always, see CHANGES file. - added httpd-%{realver}.tar.bz2.asc to source, along with 60C5442D.key which the tarball was signed with.- need to add %ghost /lib/systemd to satisfy distributions that have no systemd yet.- Add apache2-systemd-ask-pass / apache2.service / start_apache2 and modify apache2-ssl-global.conf for systemd support (bnc#697137).- Update to version 2.2.20, fix CVE-2011-3192 mod_deflate D.o.S.- Fix apache PR 45076- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage- Add 2 patches from the "low hanging fruit" warnings in apache STATUS page. * mod_deflate: Stop compressing HEAD requests if there is not Content-Length header * mod_reqtimeout: Disable keep-alive after read timeout- Remove -fno-strict-aliasing from CFLAGS, no longer needed.- Allow KeepAliveTimeout to be expressed in miliseconds sometimes one second is too long, upstream r733557.- When linux changes to version 3.x configure tests are gonna break. remove version check, assuming kernel 2.2 or later.- Update to 2.2.19, only one bugfix. * ) Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). [Eric Covener]- Remove SSLv2 disabled patch, already in upstream. - Update to version 2.2.18 * mod_ssl, ab: Support OpenSSL compiled without SSLv2 support. * core: Treat timeout reading request as 408 error, not 400. * core: Only log a 408 if it is no keepalive timeout. * mod_rewrite: Allow to unset environment variables. * prefork: Update MPM state in children during a graceful restart. * Other fixes in mod_cache,mod_dav,mod_proxy se NEWS for detail.- Fix regular expression in vhost ssl template IE workaround it is obsolete see https://issues.apache.org/bugzilla/show_bug.cgi?id=49484 You should apply this update to fix painfully slow SSL connections when using IE.- Allow usage of an openSSL library compiled without SSlv2- set sane default cipher string in apache2-vhost-ssl.template - remove useless example snakeoil certs - remove broken mkcert script- Tag boot script as interactive as systemd uses it- recommend the default mpm package (bnc#670027)- update to 2.2.17: SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). [Actual fix is in the libapr 1.3 line, which we don't use // poeml] SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause applications to crash while parsing specially-crafted XML documents. [We build with system expat library // poeml] prefork MPM: Run cleanups for final request when process exits gracefully to work around a flaw in apr-util. PR 43857 core: - check symlink ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set - fix origin checking in SymlinksIfOwnerMatch PR 36783 - (re)-introduce -T commandline option to suppress documentroot check at startup. PR 41887 vhost: - A purely-numeric Host: header should not be treated as a port. PR 44979 rotatelogs: - Fix possible buffer overflow if admin configures a mongo log file path. Proxy balancer: support setting error status according to HTTP response code from a backend. PR 48939. mod_authnz_ldap: - If AuthLDAPCharsetConfig is set, also convert the password to UTF-8. PR 45318. mod_dir, mod_negotiation: - Pass the output filter information to newly created sub requests; as these are later on used as true requests with an internal redirect. This allows for mod_cache et.al. to trap the results of the redirect. PR 17629, 43939 mod_headers: - Enable multi-match-and-replace edit option PR 46594 mod_log_config: - Make ${cookie}C correctly match whole cookie names instead of substrings. PR 28037. mod_reqtimeout: - Do not wrongly enforce timeouts for mod_proxy's backend connections and other protocol handlers (like mod_ftp). Enforce the timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering close time from 30 to 2 seconds. mod_ssl: - Do not do overlapping memcpy. PR 45444- Add missing libcap-devel to BuildRequires, wanted by "itk" MPM.- update to 2.2.16: SECURITY: CVE-2010-1452 (cve.mitre.org) mod_dav, mod_cache: Fix Handling of requests without a path segment. PR: 49246 SECURITY: CVE-2010-2068 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection for platforms Windows, Netware and OS2. PR: 49417. core: - Filter init functions are now run strictly once per request before handler invocation. The init functions are no longer run for connection filters. PR 49328. mod_filter: - enable it to act on non-200 responses. PR 48377 mod_ldap: - LDAP caching was suppressed (and ldap-status handler returns title page only) when any mod_ldap directives were used in VirtualHost context. mod_ssl: - Fix segfault at startup if proxy client certs are shared across multiple vhosts. PR 39915. mod_proxy_http: - Log the port of the remote server in various messages. PR 48812. apxs: - Fix -A and -a options to ignore whitespace in httpd.conf mod_dir: - add FallbackResource directive, to enable admin to specify an action to happen when a URL maps to no file, without resorting to ErrorDocument or mod_rewrite. PR 47184 mod_rewrite: - Allow to set environment variables without explicitely giving a value. - add Requires and BuildRequires on libapr1 >= 1.4.2. In the past, libapr1 >= 1.0 was sufficient. But since 2.2.16, a failure to create listen sockets can occur, unless newer libapr1 is used. See https://bugzilla.redhat.com/show_bug.cgi?id=516331 - remove obsolete httpd-2.2.15-deprecated_use_of_build_in_variable.patch- add type and encoding for zipped SVG images (.svgz) Thanks to Sebastian Siebert (via Submit Request #40059)- fix deprecated usage of $[ in apxs2 (httpd-2.2.15-deprecated_use_of_build_in_variable.patch)- Do not compile in build time but use mtime of changes file instead. This allows build-compare to identify that no changes have happened.- add apache2-prefork to the Requires of apache2-devel, because apxs2 will build for prefork, if not called as apxs2-worker (which should rarely be the case). Also added gcc to the Requires.- update to 2.2.15: SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l. SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR 48359 mod_reqtimeout: - New module to set timeouts and minimum data rates for receiving requests from the client. core: - Fix potential memory leaks by making sure to not destroy bucket brigades that have been created by earlier filters. - Return APR_EOF if request body is shorter than the length announced by the client. PR 33098 - Preserve Port information over internal redirects PR 35999 - Build: fix --with-module to work as documented PR 43881 worker: - Don't report server has reached MaxClients until it has. Add message when server gets within MinSpareThreads of MaxClients. PR 46996. ab, mod_ssl: - Restore compatibility with OpenSSL < 0.9.7g. mod_authnz_ldap: - Add AuthLDAPBindAuthoritative to allow Authentication to try other providers in the case of an LDAP bind failure. PR 46608 - Failures to map a username to a DN, or to check a user password now result in an informational level log entry instead of warning level. mod_cache: - Introduce the thundering herd lock, a mechanism to keep the flood of requests at bay that strike a backend webserver as a cached entity goes stale. - correctly consider s-maxage in cacheability decisions. mod_disk_cache, mod_mem_cache: - don't cache incomplete responses, per RFC 2616, 13.8. PR15866. mod_charset_lite: - Honor 'CharsetOptions NoImplicitAdd'. mod_filter: - fix FilterProvider matching where "dispatch" string doesn't exist. PR 48054 mod_include: - Allow fine control over the removal of Last-Modified and ETag headers within the INCLUDES filter, making it possible to cache responses if desired. Fix the default value of the SSIAccessEnable directive. mod_ldap: - If LDAPSharedCacheSize is too small, try harder to purge some cache entries and log a warning. Also increase the default LDAPSharedCacheSize to 500000. This is a more realistic size suitable for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries. PR 46749. mod_log_config: - Add the R option to log the handler used within the request. mod_mime: - Make RemoveType override the info from TypesConfig. PR 38330. - Detect invalid use of MultiviewsMatch inside Location and LocationMatch sections. PR 47754. mod_negotiation: - Preserve query string over multiviews negotiation. This buglet was fixed for type maps in 2.2.6, but the same issue affected multiviews and was overlooked. PR 33112 mod_proxy: - unable to connect to a backend is SERVICE_UNAVAILABLE, rather than BAD_GATEWAY or (especially) NOT_FOUND. PR 46971 mod_proxy, mod_proxy_http: - Support remote https proxies by using HTTP CONNECT. PR 19188. mod_proxy_http: - Make sure that when an ErrorDocument is served from a reverse proxied URL, that the subrequest respects the status of the original request. This brings the behaviour of proxy_handler in line with default_handler. PR 47106. mod_proxy_ajp: - Really regard the operation a success, when the client aborted the connection. In addition adjust the log message if the client aborted the connection. mod_rewrite: - Make sure that a hostname:port isn't fully qualified if the request is a CONNECT request. PR 47928 - Add scgi scheme detection. mod_ssl: - Fix a potential I/O hang if a long list of trusted CAs is configured for client cert auth. PR 46952. - When extracting certificate subject/issuer names to the SSL_*_DN_* variables, handle RDNs with duplicate tags by exporting multiple varialables with an "_n" integer suffix. PR 45875. - obsolete patch CVE-2009-3555-2.2.patch removed- readd whitespace removed by autobuild- package documentation as noarch- add patch for CVE-2009-3555 (cve.mitre.org) http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch http://mail-archives.apache.org/mod_mbox/httpd-announce/200911.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l.- update to 2.2.14: * ) SECURITY: CVE-2009-2699 (cve.mitre.org) Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support (Event Port backend) which could trigger hangs in the prefork and event MPMs on that platform. PR 47645. [Jeff Trawick] * ) SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. [Stefan Fritsch , Joe Orton] * ) SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. [Stefan Fritsch , Joe Orton] * ) mod_proxy_scgi: Backport from trunk. [André Malo] * ) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL has been defined at a very high level. PR 45946. [Eric Covener] * ) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett] * ) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries usage() in synch with the manual and the implementation (0 and -1 both disable the cache). [Eric Covener] * ) mod_ssl: The error message when SSLCertificateFile is missing should at least give the name or position of the problematic virtual host definition. [Stefan Fritsch sf sfritsch.de] * ) htdbm: Fix possible buffer overflow if dbm database has very long values. PR 30586 [Dan Poirier] * ) Add support for HTTP PUT to ab. [Jeff Barnes ] * ) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute type. PR 45107. [Michael Ströder , Peter Sylvester ] * ) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore defined session identifiers encoded in the URL when caching. [Ruediger Pluem] * ) mod_mem_cache: fix seg fault under load due to pool concurrency problem PR: 47672 [Dan Poirier ] * ) mod_autoindex: Correctly create an empty cell if the description for a file is missing. PR 47682 [Peter Poeml ]- update to 2.2.13: * ) SECURITY: CVE-2009-2412 (cve.mitre.org) Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow in pools and rmm, where size alignment was taking place. * ) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report warnings compiling mod_ssl against OpenSSL to the httpd developers. * ) mod_cgid: Do not add an empty argument when calling the CGI script. PR 46380 * ) Fix potential segfaults with use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. PR 36780.- update to 2.2.12: SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. PR 39605. SECURITY: CVE-2009-1195 (cve.mitre.org) Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. SECURITY: CVE-2009-1191 (cve.mitre.org) mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org) The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules. core: - New piped log syntax: Use "||process args" to launch the given process without invoking the shell/command interpreter. Use "|$command line" (the default behavior of "|command line" in 2.2) to invoke using shell, consuming an additional shell process for the lifetime of the logging pipe program but granting additional process invocation flexibility. - prefork: Fix child process hang during graceful restart/stop in configurations with multiple listening sockets. PR 42829. - Translate the status line to ASCII on EBCDIC platforms in ap_send_interim_response() and for locally generated "100 Continue" responses. - CGI: return 504 (Gateway timeout) rather than 500 when a script times out before returning status line/headers. PR 42190 - prefork: Log an error instead of segfaulting when child startup fails due to pollset creation failures. PR 46467. - core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars - Set Listen protocol to "https" if port is set to 443 and no proto is specified (as documented but not implemented). PR 46066 - Output -M and -S dumps (modules and vhosts) to stdout instead of stderr. PR 42571 and PR 44266 (dup). mod_alias: - check sanity in Redirect arguments. PR 44729 - Ensure Redirect emits HTTP-compliant URLs. PR 44020 mod_authnz_ldap: - Reduce number of initialization debug messages and make information more clear. PR 46342 mod_cache: - Introduce 'no-cache' per-request environment variable to prevent the saving of an otherwise cacheable response. - Correctly save Content-Encoding of cachable entity. PR 46401 - When an explicit Expires or Cache-Control header is set, cache normally non-cacheable response statuses. PR 46346. mod_cgid: - fix segfault problem on solaris. PR 39332 mod_disk_cache: - The module now turns off sendfile support if 'EnableSendfile off' is defined globally. PR 41218. mod_disk_cache/mod_mem_cache: - Fix handling of CacheIgnoreHeaders directive to correctly remove headers before storing them. mod_deflate: - revert changes in 2.2.8 that caused an invalid etag to be emitted for on-the-fly gzip content-encoding. PR 39727 will require larger fixes and this fix was far more harmful than the original code. PR 45023. mod_ext_filter: - fix error handling when the filter prog fails to start, and introduce an onfail configuration option to abort the request or to remove the broken filter and continue. PR 41120 mod_include: - fix potential segfault when handling back references on an empty SSI variable. - Prevent a case of SSI timefmt-smashing with filter chains including multiple INCLUDES filters. PR 39369 - support generating non-ASCII characters as entities in SSI PR 25202 mod_ldap: - Avoid a segfault when result->rc is checked in uldap_connection_init when result is NULL. This could happen if LDAP initialization failed. PR 45994. mod_negotiation: - Escape pathes of filenames in 406 responses to avoid HTML injections and HTTP response splitting. PR 46837. mod_proxy: - Complete ProxyPassReverse to handle balancer URL's. Given; BalancerMember balancer://alias http://example.com/foo ProxyPassReverse /bash balancer://alias/bar backend url http://example.com/foo/bar/that is now translated /bash/that mod_proxy_ajp: - Check more strictly that the backend follows the AJP protocol. - Forward remote port information by default. mod_proxy_http: - fix Host: header for literal IPv6 addresses. PR 47177 - fix case sensitivity checking transfer encoding PR 47383 mod_rewrite: - Remove locking for writing to the rewritelog. PR 46942 - Fix the error string returned by RewriteRule. RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd argument of RewriteRule was not started with "[" or not ended with "]". PR 45082 - When evaluating a proxy rule in directory context, do escape the filename by default. PR 46428 - Introduce DiscardPathInfo|DPI flag to stop the troublesome way that per-directory rewrites append the previous notion of PATH_INFO to each substitution before evaluating subsequent rules. PR38642 - fix "B" flag breakage by reverting r589343 PR 45529 mod_ssl: - Add server name indication support (RFC 4366) and better support for name based virtual hosts with SSL. PR 34607 - Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable stricter checking of remote server certificates. - Add SSLRenegBufferSize directive to allow changing the size of the buffer used for the request-body where necessary during a per-dir renegotiation. PR 39243. mod_substitute: - Fix a memory leak. PR 44948- Fix missing -Y option in gensslcert [bnc#416888]- merge changes from openSUSE:Factory: - trailing spaces removed from robots.txt - moved Snakeoil certificates to separate subpackage example-certificates [bnc#419601] - removed outdated ca-bundle.crt - NOT merging the change from [bnc#301380] (setting TraceEnable Off), since there is no reason to deviate from upstream- avoid useless (and potentially irritating) messages from usermod called in %post when updating the package - this should probably only be run when updating from very old installs anyway. - likewise, avoid similar useless messages about creation of the httpd user when installing on Fedora.- fix hyperref to the quickstart howto in the installed httpd.conf [bnc#500938] Thanks, Frank!- add ITK MPM (apache2.2-mpm-itk-20090414-00.patch) see http://mpm-itk.sesse.net/- buildfix (from Factory): replace "shadow" by "pwdutils" in requires- update apache2-vhost.template mod_php4 references [bnc#444205]- fixed the ed script which turns apxs into apxs-{prefork,worker,event) to work on Fedora, by using - instead of ^ to go "up" one line. Thereby fixing Fedora build. (Package probably needs further tuning to fit into a Fedora environment.)lamb27 1554454094  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     2.4.23-45.12.4.23-45.1 apxsapxs-eventapxs-preforkapxs-workerapxs2apxs2-eventapxs2-preforkapxs2-workerapache2apache2-eventap_compat.hap_config.hap_config_auto.hap_config_layout.hap_expr.hap_hooks.hap_listen.hap_mmn.hap_mpm.hap_provider.hap_regex.hap_regkey.hap_release.hap_slotmem.hap_socache.hapache_noprobes.hcache_common.hheartbeat.hhttp_config.hhttp_connection.hhttp_core.hhttp_log.hhttp_main.hhttp_protocol.hhttp_request.hhttp_vhost.hhttpd.hmod_auth.hmod_cache.hmod_cgi.hmod_core.hmod_dav.hmod_dbd.hmod_include.hmod_log_config.hmod_proxy.hmod_request.hmod_rewrite.hmod_session.hmod_so.hmod_ssl.hmod_ssl_openssl.hmod_status.hmod_unixd.hmod_watchdog.hmod_xml2enc.hmpm_common.hos.hscoreboard.hunixd.hutil_cfgtree.hutil_charset.hutil_cookies.hutil_ebcdic.hutil_fcgi.hutil_filter.hutil_ldap.hutil_md5.hutil_mutex.hutil_script.hutil_time.hutil_varbuf.hutil_xml.hapache2-preforkap_compat.hap_config.hap_config_auto.hap_config_layout.hap_expr.hap_hooks.hap_listen.hap_mmn.hap_mpm.hap_provider.hap_regex.hap_regkey.hap_release.hap_slotmem.hap_socache.hapache_noprobes.hcache_common.hheartbeat.hhttp_config.hhttp_connection.hhttp_core.hhttp_log.hhttp_main.hhttp_protocol.hhttp_request.hhttp_vhost.hhttpd.hmod_auth.hmod_cache.hmod_cgi.hmod_core.hmod_dav.hmod_dbd.hmod_include.hmod_log_config.hmod_proxy.hmod_request.hmod_rewrite.hmod_session.hmod_so.hmod_ssl.hmod_ssl_openssl.hmod_status.hmod_unixd.hmod_watchdog.hmod_xml2enc.hmpm_common.hos.hscoreboard.hunixd.hutil_cfgtree.hutil_charset.hutil_cookies.hutil_ebcdic.hutil_fcgi.hutil_filter.hutil_ldap.hutil_md5.hutil_mutex.hutil_script.hutil_time.hutil_varbuf.hutil_xml.hapache2-workerap_compat.hap_config.hap_config_auto.hap_config_layout.hap_expr.hap_hooks.hap_listen.hap_mmn.hap_mpm.hap_provider.hap_regex.hap_regkey.hap_release.hap_slotmem.hap_socache.hapache_noprobes.hcache_common.hheartbeat.hhttp_config.hhttp_connection.hhttp_core.hhttp_log.hhttp_main.hhttp_protocol.hhttp_request.hhttp_vhost.hhttpd.hmod_auth.hmod_cache.hmod_cgi.hmod_core.hmod_dav.hmod_dbd.hmod_include.hmod_log_config.hmod_proxy.hmod_request.hmod_rewrite.hmod_session.hmod_so.hmod_ssl.hmod_ssl_openssl.hmod_status.hmod_unixd.hmod_watchdog.hmod_xml2enc.hmpm_common.hos.hscoreboard.hunixd.hutil_cfgtree.hutil_charset.hutil_cookies.hutil_ebcdic.hutil_fcgi.hutil_filter.hutil_ldap.hutil_md5.hutil_mutex.hutil_script.hutil_time.hutil_varbuf.hutil_xml.hap_compat.hap_config.hap_config_auto.hap_config_layout.hap_expr.hap_hooks.hap_listen.hap_mmn.hap_mpm.hap_provider.hap_regex.hap_regkey.hap_release.hap_slotmem.hap_socache.hapache_noprobes.hcache_common.hheartbeat.hhttp_config.hhttp_connection.hhttp_core.hhttp_log.hhttp_main.hhttp_protocol.hhttp_request.hhttp_vhost.hhttpd.hmod_auth.hmod_cache.hmod_cgi.hmod_core.hmod_dav.hmod_dbd.hmod_include.hmod_log_config.hmod_proxy.hmod_request.hmod_rewrite.hmod_session.hmod_so.hmod_ssl.hmod_ssl_openssl.hmod_status.hmod_unixd.hmod_watchdog.hmod_xml2enc.hmpm_common.hos.hscoreboard.hunixd.hutil_cfgtree.hutil_charset.hutil_cookies.hutil_ebcdic.hutil_fcgi.hutil_filter.hutil_ldap.hutil_md5.hutil_mutex.hutil_script.hutil_time.hutil_varbuf.hutil_xml.hapxsapxs2apache2buildconfig.niceconfig_vars.mkconfig_vars.mk-eventconfig_vars.mk-preforkconfig_vars.mk-workerinstdso.shlibrary.mkltlib.mkmkdir.shprogram.mkrules.mkspecial.mk/usr/bin//usr/include//usr/include/apache2-event//usr/include/apache2-prefork//usr/include/apache2-worker//usr/include/apache2//usr/sbin//usr/share//usr/share/apache2//usr/share/apache2/build/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9979/openSUSE_Leap_42.3_Update/568d59a70c20780c9a3de4348e8f20bb-apache2.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxa /usr/bin/perl -w script, ASCII text executabledirectoryASCII textC source, ASCII textHTML document, ASCII textPOSIX shell script, ASCII text executablemakefile script, ASCII textRRRRRRR! 0Ԍ>D ?`] crv9u^HMWJd_ &V%a4zQ=;Wy#N{+1ƧT3x2bMWc({d)IU~ʂo8 gh2x:^MLgzYdq eZ޶;`YpL*ڌp6?ʆ$N.ߙMgEwgT"H ۫?^v.@+3V{g/yѕ q'!iX::Pt&W:3;|el}QKR9rE|ɁP ~oZ%w.*B4T#e.3u4gcD 1|wU* HzwlJCD\&{\s~#C7ޭ;eΖ:Q9)oV1$`f`:riv\}e'6V|Y4^jXH~Vw~dL.\8N[,9+5TF>8JߗWO:h^x5'1knbL @Vt9m/j8:Byj=R:XIՎ/Yd8:L?N6"ZF&IהSvDk3@WpMRj4Jhzmu!5LԂT7eԙ#@Z2]FKVNEE騖kd2W2*#zɥE]AJyY @]O\/DCm0)  {Pn#A=ϑ;A+4"3ma\giKUkVY,`UѢnE('4h󖺳1CD~^j(RR5@6Rrq<,3C-MVԧ9h8YgV4c}y@UIp l'LK#2_g0ɈlTė\)bbRu{IV1lR~eC@r5`xo .]cCyso=7Ĵ!,!5gqVExA9V鍻WD4lŀk@>YbGCi |olg T5rA<ܪx`'F{ՁɊm*,M)GSiAn;΄" ,?ثJ Zt0uðj'#l_ԪoaŲʛM~ E\G PA?ٶ4JVl܋`-6h1w$k4s.rĆqF lYv^W 됓-f^\WA<%6('Ѣؠ]94}OG=þGdutG3@O9 óS*aJWyoۄ.mWi#ª#H4OT iMɇGG'>8ɯ*at/#oEN~>~&3-#`l _/5Mh0Iiz<&wlpOZZL])."/ МDqxUPyJ)<Isù` hm31˩D sRRgh[#FQJ8l7;S -͑_8`$Vjc,h0H(iKnS0$6Pkgb2oxCySp5%s~ D09SW<-GARm@X*GMҝ PV*mwYvr\€p^ 1DXw5)j6<Ōٕ6jR-4. 71fAťT#k2%֑h.,a~HK/u C7ណ\208,+ uyt&ξf'zUn*bW-`S alDv.F3 ro5pY4s΄#_V_Ni "q@OR8]߭lA -@a70/+b' (!@ }.(}PyS0U0|rzgsJ gl=|mh|z f bX؈ȉ{Qs;,c74 `I$D KAL죠,K^0odtj.P05Jx ,VRAqY0DrYqB, Y'Do¼t.8<Bl<΍?xbqVOz~Ydf8ۢ腰:#DJ96V廒 C䬹9gr%VUru}ᶬ?|j~#FO^cgB_ȍ '|6'5d[Lģosy_Y3id-z԰-& G^>2<}LViWd;r2N`&Ә(VU`:ϳB9qj-K XT# % KJg 'ۇ='oiSqekꙝ/{6``2X4ʑ;~s $)c|%I, p1Ըӹ 3ʄ bS&rfFE-VWh^%*r'FmrmWqr @!ga_D/4HYJSd/CpĜޗ1+yN^n[IW\9Rw6`/pWcj$܍M7(L*e{. h%O%(E8!_ o2r7\U+|ģc8>bhIKݡKiRgi!/yR>G^.]vJ 3ӒauFj!LG$֭lc_ܑ+رk,zul#zdD~ehF2r˰84(=//kpULÎ^"ԛ :եBNLE%%PK7?X)mQقDI=Ngbu-pJ4Mnz 0.0A9& ~ǘ5nPvs ~aG{S OșA M'†qn:[=F4aҹ ,5{Խ;ĺ)kځAg$ɷ |rEG޼xxYXH.pe0~}7"YK:FF6-ĽICXA}sGTCvrѪwcd"u#f\xxO{OyS4Trz>Ω\dAD;zS0㢇4vRI4V oWlfcQ 3%=#9Bו|TMҢDI$ZkzJ8t)pmO^U#avDmd0Kfd>'h^ Lݼ%$8l\H?$T/Ŭfʖ=;VIH{FhČ'9J iVI\/Yk_,b(3PYA9şgAvq>~߻+p1*82Iű_Vڰ({x3A쳏jT#{g oYl.M1<,w:mvQQIsx&E)q*P<ϛi{:ǘ#uo7/>|RwI$tyi ~pm/#xrɶO"USBWhgpQ<1.F>+؎xX[ӃZXqv4]F3xBxX@p gaxY'Vh 2 sYKg~WoJ 26lqߒ.37C˷.ezR`b/٢ g)El]w>}}fx}agUV:OܑˋDh8,f6":fmbMƹc`6.y-ׇ+IzzDĪx2N_}Uf (So#˥, _7Mz)6)Y6^tmpef ʖ z@48Y})!MhH{EW |S=`T =ъ߂L[ n[@6F7ՈnIz7QD(ix jUbB3y|HVA;[9 4\\Hk@;ۚ%/dlO~o")< Jh@H\(>LyB}gmJJzVKqCk!pa :}_b'WVě_Ic @8-gy2s\2 y:!Pܿ"JUX@b"XxUL"NPqBs ס[`;3j$ Gbh扩{"9 ~<#tJԣ>㻾iUwd)ZU9+tz.*qģ)?D&f<:Q=1OhVwRPp̺T^G2 ɯd*9&Ǚ|uV{}+{`木 >NSocyݍ.\Wv` `5GCJ=*'2]!d ';`s]BSHO`z9{DPFuh*;VN#pA_ꨐpt"̼}"|K2Mv|^B^!Vo;}u'JG%bfM;k ԏLG +Ǜ=QS?Aʡ4bx?YZt ʖloTg߃xچ׸tr ơ 0Qb{epg(agQ^JO< #mG;mlOWoֺС,L'W2C((m[+rFSۯm]mEGn?~L~g#Ds޸8#,jҢE/}.-SV@?Iə[!Cސ W-&MEcbvxK+eUR2O/pP-:k_R |MY)RDGr)%v>L$xܫɯNwӜ:FXTJ^PfTgI[gZ m! @qXtcq CI `t ATuػ*^7'F*M݆6L4DBͼ>dj*ӕ}Pݵ &c_0vN2T|cŗcTÉ#B9۱H4. :e r9=>nHW[ƻБoO6g=yG7knQr/#"$DDCCTviiݱ))B}hW[6Hp,POh n)mVIY|(?G,)wlG M'FI0%^+!ZˉuCVDI&;yJ1ȍ2A%Y$˗A Hhd<퀘$hGT02& z9]B!.J5oS&:.M`hפphaFhG@wTil9:9nh6?G[€e;"o˼V֯%# 3eݴ穱:8lZ )4-jy6B45a+;GeÛ@JPcHY47H! ᇛ] I <buMwL#^>fL$9+AA-?bAs i S<*^a`f81A9J(q3n&A$vhe\OՄm?8DM$y IdD3*C뎪{h:R%FLgaOX& !i ' aWx9 &yC4DOk=3_n1>vtdaP(u9蕍TeFm"1*`کdpv\*&>&~e?x 3p.' Uko(2C]cER{* U6;Y'Eڡ%}=)ł,!È2[T99cX%wɎj\]' j^ H'\P/}^)pPLgОcEc6HZ-"LPp~C_ ؜]l˸̨E,EWbߌϠSF@1k}OxJ,lnKDy$GzPAϚs7ifP$d_G잀L>m)ݱ׍vA6zGDQ4 1)B 1mmM2_;z3,8W Z#7ku.iqQ2PL)"5 sOI~p5?RTxV>CM:/h@9[y7.MI"G oq.[r1Km[ӷ#g'h Ϫ BcáF7jNVbD$CP‘Jögq[Ļ6*yۛ{T?q6²6 36ic:,9 2{rϨLW_{& (j0›ㅐz%؆fC#| ,qOrGe;9c(Ti(G t)-s3$Bp kpm-)z}C]KU&\r-t>o4kx_Ӝ-ѱ*ï-KgR^|6G:i-4]o{;=301PibvM 0^fkC3c52,O7iLKkՅPy}:%@#KBj:@j"3"mdXwz z):٢+\hc.BJKҜ F1^ s#+r 1O\4s$e1ST-w:@o;KХRG魹5v`4) u5+Άpny~G۝A)! 'l@tH%bEu9}yg0b]MxrQIHx$b?pv}JJ$NV72SLv?9&eO$V&,Ǣc&_DxzΊ y>JgboET* BULDK]‹"$fU@pd0r^`@G¬2+yEMp z; !D_z4@+b@7T-X}M'ODA8]FA^Qi_hI1B9N,=li7n lL~ E:KUL!)RFpWPࡨ Fv"a_&GUԲ 8?Ý"/z4@y2G^( PQґxl)nSԪ@kf\7zU=ivn%qb\78:bsu[RE8K;bvx5"g8 ği19@}n8[qMz(b@ž9™*x@agB U?Ʋe$_${`7~DWt!|IAxۼ$ѪD!IoC 1QDe'C ?iqE1GƴfċἦQ ORKƘϭr*>:} 7OLXa-blJf \ 4q+GDmh}ט@xT.?8l\*U$6K Yȝ"e!ޓZ)ۈ&JȻB?/:ݯy㱟`9,){kXS* =M,MIN$E-Q"of]._ > Q5v4un.<$; )cXyө@*-#h|yT*1`L[xd7,r댝TtKIV:|0KI]rAЙ$XD:L4ߒyKD6nibwmU9_5m8ve 7]ȋt⬘`MQ9|lo~-QurJȋb\bDdiZަxVܩiHÔi}v X`bJoMZrǤQl2j݌XQ]k*Id EBp\76K"/v\r>X; 5@"t9S ux8ٙ Ar! 7qL\[jٶB/f,ʥdxS>\ :e|TWZRzƈ"WSl!&4;U p̀{&B ӔS0ɷBlcSL!I@VCp[pڮ@8n~}?׆7yEQ\ G;<byսMܳŔ>Q8qgx?y_DW97cܚ-neW))_~(N{PnO&֑N'THɁџ;ϰ'n7fus(xб&nnLg\s~Ycýl UM$B3F.#`3 Y(_سW+QA9^{_Udʹ0kw7@#tp B7DCg>kĶ\-k!amC1hlܮoz.c"nZe8mҥht豿δPcgd4ꁍ~ˣa =he$4: aCT3/z\V88'Bun 4## $s*z'kP߬S>K˫.bӟQcRn,C>z[}I ;o7k+)֖j sOPY&9^=0jz9!'~p&ֵ%- bH[-\,1}v_ؼBr3<L.1d{f!`-y='!VW 0T!Dc?j~< m2!d'ԭ%T`oO:T+HϛJpLEqs4a:~gC`܈OpWCcdZ7^obZܞ./X=@9maLBQ@$ԯ? bjRㅯ}[|OHn5!/87%Dd"JDJ۟a{عV0 + ]ԣd|}og,R@_b~|ᛤ o0\4#hvة4WQs}!2FIcЏ( 찬o:uӛ&!(3ɭD ҄+X\ckd 3>,K =<1Rn&Jp|3DV\&j۪VOCP,7O#H6 3ߦCwU)]I O"3y}Kcyj5%9B4'!J@T+%ϻig8zOMk`#/cyZm&>Cdn{97<ˊT I>$4iy}ƛ8[5NCמce`=x7:)DVWIHhh M35b $o8S1J5 0O@us(xk a#b"yR6<Z0^ 1$qG.ܸ]7mT HJ.dp;{[Lh@r?SK9茙4ngs̗ǂrdČ@9#9jlҖNςUd,v>L5KQl $C rfEN(VCe.[bu, 3 Tl[Aݜ]hJ铤9kVvҋ0,D*-Cw";Nk v)j;9{ۛ^ +F&?}.֤D;c+\)Pt-JM_.jC(yL.P]%:֏@K ́nTn oO-T 6Qh -^ `޽tN6 qoZabq8p<$OԑfsDhuK{ Xѯm+[]')IO4uB UY.!`3!8ןǧ-atSՌTp>San8niD ,b\;)EA_bBgg$ *k](lcd*nmdžgI&kzF7lK. bܰ[^̐㘠?PɽH݇YSc̄K}:4:cHM.zh;S];@(gc'l>m{*M]W Uwde]yX'Fhsw8"n?6N#kZ# k Z㙾m/z?K?CZ_[̝Nۿc)dŵ)bzFi ٓhVE Gӥ.--dr2(mR!;DkIZ~Թ#u#Y;BЉhIқrqd 5soܢIK)-Z{5/0~:iA|ۂp%r4z(EۡyHPVƄV3KwAfA1ϓCR -nߨLP՜# 9QVwƠد|,b9+& =l &bތvfJM CM4)n*לF.>kÐܨGTWqu0%!}lRm /#uLD\%ᯞN~NL@s`|?GPygh VK3sD"B4mɷzjt{ `_\;:y]_ҍ6N)+4OJbB\ʠ'25DV㳟V?3YbwhJg=q#ڷFV"r ^wCܜ: OӛBA3IEʊjTI,6/sd$25Ihdڞu֘n/m J$ 0hܪo< Xf^QYK!QI곍s^=Q*F~;XrltEQ[(@aǐ$Ƙ| 6b/ ܘ(_g؊>v< 3-d+*qX8B2evڲOF']-u2(H(/>!{΃Q0>=AC8}U?h2W9s1H;|@Ÿ;duxMoM%2iWc67X@g9{(ꉥ-𢹗8 u"0"́GBX?G6 xȾe7 }BZ(w}4lyW m2}\8]n' l`LP| l': 9ȻUP'0hQW{5) 2)iB+Vc^ ͏)2C;F0D>N[R,N?2geLk]'t6x7SH WH΢̦`L͋$ْ 5reZ^q*"嘰䬔9lUug6RqP,,GP:qZ,^S{g8߉CvǹE?o#G#ۅiw(@O?ÒJ5%&\̃C_θo;ܐڒR HOo-s%F)ۧxo o!S(*1FgFL>4WumqG4,CA qeh cF4Wt[^F,-'&i;BIs"4w*յҋjW\53(I:EVk= hϒ-jN2rwL9|7w O2ń -g 4r+َ1@BiD's(!h4zLz:=ĒzS0-jM" t4 8}iy~ufǔḧJdLI[%  1.,uȖ\xx* ZV\d:*뚪Ch6R=OY̐Z~@QZͷ5E,E^i+14wyVD79APn}%o*Alg1PtvBc<6仓 ]gf@]3 |cC >s뿇2RY,ɠ q[@8ك撡%%<yͮp#4s0ɪĖA̯E9ԁߞQ;[s$>\hP@dHlq 4~(P{PsCYX:zۨx}zn d#ˎQ-u_7($+0O{ğ\n{zh H 5Є58s82>>^ ^]=hmj;&xCHo  3p0^9~݁$ca#P,`v+b2c'=5;`Pag. @@6dz z \k߂>|jqS]_\Kod¦MS8a%*rt˳8P{*^įdjI%V3Mm-ԁg8KX K@$EW` j3!-oEgA,Y?n٦%͵9Wn[GcG]A:isVs:8kHh@+W=,/j%}%q>4J uT&ߖ"hjnjv>zktKO )BYyXB}řʲ|EqוО.lwLt#l<UlI5;ٿ߬Ұ4C -Z3-RXtFb 4э؀،AQ6 Y>NǪc7Cumb#P&H.3;3åb%kG"[foÇdwZ٠y6+%tQULyI^DX3DūәHSK[*WUˌռ+M izl@Bn0ꬪ{$wʔx|viת}+")Ңn-W8e-\ap^陭ou K/NÙ Ӽ+4^q }` mPd^3E&G f5<~16TK;jQOؙ</ c: IvD q'W`8>D~;Z[񠈆yPI֏L6qV85ۇMFUAM&-q {rw.XD0q:x )KL.íJ(4+iMJy߇x6aT_%$u9ۘDZbeB%+ &C3,w\;VxKEriEGDkmtcv⿕:"45=Lb7Iv,S#n_vQ C)Q}l8в^8mBJN@r%"ttV3)0AFy)o".ݕ~uiOߝ7 vs'TBy.MJi>j(J:nZm%*\ A!,܆aOv3φHw{,ܵRRҶ Yї4r̕~ns4ν 0,4:^O׈[S"09u֞*nSPF7(0wtNjC8B?/icŪڗB>ֵEqwgt"]q6@'PXdL`mxT=NunY]G!kGe!7WY#vxXi,I {V RZ`be oR>k(wCo2xvshRygI ~H*n}mg!|֐C;DC35%JP!@/} Nȵ Eۭe1j gs.Ag௄>6T1nr>ħ6o8]ߪAQpfЍdSTIt($*kڮ|#aܧO)Z톣gNv o*8#g>Ec8!BZaćrR:)$ؾ@BxѻyO fq 1V)팴7.gy _V>Q /]bˏ2>$EsQqWpNt!9cH7>"Y-Etpm$٘_K8^ܹC[|Ҟ^c]#S%9-俺 ~Q"("`~JXv՞uDlg c qz}mBb\21˺ o0_LR %#[O`,X i'TRh&"{Q`A1*_NApvr"Ӱf SC~`nDDɧEt9wQ58dg3.SvrI>Mrs VvA?Ye?5IIp*Qvuҍ\IH82"U dlζveo LN~v@UD` Ȝl6\<}8S)v9w#皨&3+{Xt܃5g Iy ,Rsu&?FeiJLjo^mlS(7Q K%toGR}(@T#Dk#3yAyK[ā㗤XݟI΢0/ 񯡑CmEMZDoxն{xL8Pk3u:Mc)WP{t<Prxn<\!d)+8Lk%2uWB@l$څ]? s_X ;6᫊۞o)lCXH[hU.8J pM6s?@_{HT+4D+ _ zat)]H0I3jtdCu.ӅOn]s%Ք]Ik5\46d ѹU.уfjH_q$ -Q'n^^4m`WDFq%P} sG_G:( $) $9*'B,[\Iǜ7 ;AYEęd<\H&/A p PayA%`N)+kjg'Ãy2I=~H\Psc2;9v +uzrd2%aj` Sǫs'x) O{Es&|/o @Pϣ>8vBd=K`m7_G zo,ss j`Xv̔WD ,(\&U[IJ/Q#w}c(;+GI e9 mNnETcZ a$=gYh]`dڼQ-[9R=@L閐2qU.SLsh4kDI#M fh(I&i϶y E/>Oݸ[jM|vj70)Sn?VK!-f~$]QSߊ܏1*q]JxX\br)KΥ&7?FANцzשH% H@2 Qӟmz' 5EVI%!Hh9CYn_-,#%z9E /L\EB\nB4 70=T)mϷg/4JhT8pbNj֐%g ujc1jظ58 [bfte*8& 3s D!8 qІ@bDC#>]d)a[|wT^Q᧢ee8m~A }?::cYud+Rs&~JGgFv\h pdwokv/p/,6<^8@zƥ: {;zcTëC6,u>uo-hKKǫ˦l~z>[u 2oIK&\g0Ij$6ӆ+ 1r'w*f,#H k60|^>Nb81G2hACokj_L~  L**Ӯu'"sN Gm_::H ֥Q?,b+C}*{?tP>mjt`Lfŋ/!FF xcrڠr]rI5/r_LŒ:|>QmCHJ)"%n GyBY6v;][8,N 4w؃x'X: *v`_li0â |צ/nV`goxXY %_ j ;\>2Nl+ш K\kOHȃBdʽ_ywifAhAm /_4 l5Z ?"q,]:HƧ+$Qզ=:qufWu6 4]Ʃ#2 rUľ}]J5hL6[{7, AMʹPcqh\'&,Q/~vcITTFuP69 A2G%ƍBl($hiϱe(;{|:Ru2Q=X腋LwtK0@ }/[ީc9hܥEuҊ:FlvS)&}ɷ&#!ra>!s}} 2f3qGhm$ ǣ(bk*_IC 2}8w8ǭ[Q3+$+`"׾^yl_jRU|d͖bSL-H7uBS~3qsh&Q:Vh9M=Pdkql+Ш¹\q'qVȭNkXIw!BWJ_xZK ᛘqE)os -RBYF 4D:gt] Y5x(-=nq3{8/[!շB!ݟ|\yđv#^M2#5W6x(yĨ'U.vy6_U`#66RщSRK1i3>R4}e+wW$wEi@]W:"|JTx$WG57dLp@3=vHW0 0 Y[:SHqۖ:Y- XD8JϽOU -Ee{O [ٹلP%MtyPJ+@E7y-`l#FF1 XTկ+5U=jfĸ]qb͠BptH1+{D ӂ6l Xi}tF9eJtw#꠸Eu;B-[i4*廨AsҬÑZU͊+ihd>,wڥd_G5@8+F6ȗߧ@{s"A?Ȋw˅}W Kx+޳er*i`GKWbׅ=}^G o;&Rz,Y*qFDf= {kCNh\I8yEq* (}Y7?/[|v1=7Ȕ )Vo~\?x^kVf`n2C! tf|裴4ڲmW?Eh3sz0s5paiVƱ^T Pjn{Ǩcg mLk{Rv)/n4.&B@TP96OCd.̎!"aSڅG{ߢI wAl+\,4:lwjZ*V DOI`bCY&T)ahp9|6+zN>aZC+lQR(D;$P,-j7)1aأC ɜ !zRIo k&z˼-W:ʻߊipN;!bn/oF`NT&^p(9BbH\(ũe.(ZVi"ff E7esWR)աh]hN!r.FUؑՉqNV jMV|""TKMPC/͔}}jS[LE&<̪i~Ş gkv c^ۥt'x_7u,0a`!zNy\˲Vp kavc]4JA M*y| ,^f׷CjEIk\.1ڼ \}iLYɦ" c裳"{a>I1]<({L`Ax<;v205%$)Hi?sCAˬ~jqSws T=rfN ^z>Oyxc0qVӼk!F[ץiilQ8HAB a@t:sy[AC?msY7`gKc#,ܠAiE ۝ņM,8ٴiݏW&v e#aKw1/}Nǝ }GdծyQp5z\fqe&U&(rMeX98ԅk0ApX> \vUt+ uuej9>ϖNY)7O! b{GITYz)pIm8Q/1pmh.iG&ڇ~?$2t?ZCßGl6s![RE/r  ?-_aqBRd$E$)=dhCǫm~J.!=el:""ezM@C ƭgoxyѳcݞ1h/Lc[XGKId_.?Ϧ0fɨÉX0`tm^:xStGխڂ/o V=-2?3ytnmUڑ?"+{7B0p`R&c'y҃qOLPOL i@tS@A#o 徬R펁k$D.ByWнl$@Nhk 1B >)l&5 1|;52"no >sI? ]6|pn!#Nr/%D1Ǎj7>NFfب*BR7hEvlLXj~ 8M[/P}[@YɢIl~[MlȻVਅ+.gްv*͂]_ ̆n'eWG+4/8gOt ,؊J PsaYeTCF`'{3B5hȅ 6`.<\;tޗ_yaODva記O05Ob3nEz57b2(Rcp9rqMrZBL3"ۯ^3eOLyzT]Oꋾ=!le8,^ DiJIª \X{]}-S IR~?E߈Iq{)_nXhV0Q.zUɧ֒(#-OƵHJ`lȯXyi۸wk}XцpgdV9#asLW:Ϙ"NVބ\ :BX!OYWmƧ1jˎb.n Vś779IXL{xPx}D֡q<T$ ʝeM9RzQ8΢7J B;m`8CQ1*:m;n4Rt{s$JJ#D^ 5٨l:Nж⮌@&N(#7믺cIoh=PG32}^I8+j Qs=qhnuXrՎll J]^f3в yTƥL8c[OMf?xdDŚQ 2G'EHVWB]4zO */_o[l &›Fm1VO̹\jj^ gBK-^ԡKBjȀ76UZ(kA6 LsS{S, 1$F.u 1VK]Qi8\ωJ[ֻoǗ(ΖtD!6#oxeoLPRZ47Э^}ʬe{ @tUA 4;A6PW<Y.xj7RG\f}l~OgɹrZu#9h#YX,Yc9,[{F`S ky |~Hݼ['`ئ݌_à%Ϥ5c cշDBz\CN* 1U͝uռ70'(a5huf G!j m ;O-+@"C%:gud,zpl8N@51v#Y.~N[b|#'Sz;5E" ǖN-e (">"lb{ Z2mq4vvtgЕQn"NXpa!O^O+od27I ._]JnK^< _^M^2Ogc)#QG@[,vva*<ŹYK~CtbfU1b.h@[Bg=BW7:Bl93hgӚCUvV#ftF<WcXťϢ(1@Ql%=ж;Z5z|(N]zr qڔp:-P%Ry-}p"ve7֧YA#ƭ4ϐ`:2>ړ4e݂ 5͓Ұ;W Å- eƋ{ZoC]QAy9vWt4n8 @ $}^tx "@y~ H[>؜{,俈ݔoNOQ/KHTx[w+K[ř$bFBg _|G;VyIu0["y]42 / Lq(T]BާL+>_ªsȧSz CD,%YfWcW PY9]Ս٭o 7i捳 mUi,+3Otb8ۇ? + t+eʌnwy4nK.LdeXxkTVcYj8?[,?TΐNH&ss7NZMbD `#r7>ר.BE4EGbrtxR|Jt8#k;HL1.rWA> sB#E/ዏM5Z1iR(vkr>ѵ("pgIFEFN oźP뵒4WQ[gŗsqXny!1¯+ @$Gy/刱xdLJsv4Y+QKl?ZU#n#P֥̈́7LKOOf9r|Y|CK|Ǎ^#dF^` 5izWV~ ad3iˌE5RQl `;.uo8v{8BHc7'g!fEA:Hʏ(|27o\3iokd(+`g{U# !萪YWr_WC^I^R0Gs$3Sp\,;03pٛMq!%~,)E hD$__A8v ݫJW ?z"3Pܭ.FY'ޭb[n4[mf~Dٙ]˯[ HH)5ϴsS;@Lt})aya4p(` _ܑh%Iɵ$';{AKI"\ao$6uwCb0{?Jdrۯ)ATgf+fj. sVp KKr(ӑK,RÕk@(i@E (!?۰zT1eHA}O FӣSai"Ɔek0^履<[3Ve'T f0.zۄDk*"gJs V$|ax_)h;tn#RoD :Ea A5'ROGEVdi}|ecԎRQ@wsWome*Z.[d@ CĄs6k-A`:eɾ-[æxí 9 FbքqgHZwξv5ΎW3ds;#U#@ CU*ŰB4,Ȃף:B̒je:#޷JΔyWub6;})Ұ@䖂kޭx?Go3@A^ƍk%)+8t$ESN743O=|$S )N@?1aAכB=$saطH''_# xn25'U& *="}+M*@SqOqAN'22xZH*]z)YFiŢdDL^`&E/0LnTj 3Q6A?lrQQn*1@ -sc?Qo|3Me?4 *1ٟͭ5@+cmb 4(7X C~fίYXi3"BG2rT3^+h:7}[WϔNa"'.KH=0Ug0ZHEA(c0/ aXĦ}~$0aKF#3vs\"А$f?HJb~ޤFzRG%O $Iõ.]OZw(>7}+g@h6U))'dڋfҳjnPIy4OBtsr0<9*3̒˔^(w}NwT & ޅ".5eYd, 1rCK\AU#B32iKku0^P7[rsI q'^hu08]ocV\T|P\LRpx]BH?*?/F@74/1`j<]"A/[!E±kՌ&%! aNv,ᖌjv|6Vj@l~ƲSG#em bAQ ܃:'3ၜI:z$GK7p‘ƍRFң+)%bT v־9E~0Rijq DO]f6À/tBbkδ>E|9<z\] hJ$r}LDa:)MbjʉUKb ϮWz <)t3'ubw%H}:דB@X(Lѭc 2B,W$"wC 7*IX2qU,O&bLra7?5&t̡F;~H Ue\y)UyܛWZX'㘔CvfX)BaE| |M)xxΗޭ1!>'Uي4#ZW˝x&HoluaM-*F|>(*0z@YH3=NMrN7}0,A 18e8[zC9 dCtZE+4)KBZԆSvBlp CKG9 B<#FnS}A&W9 6ku2p5ܚ.$lytٔs@`(i vWh5$;n!=вXIl"T5]\t WqƞC&Bo>ʥ;s&+tp-Ot:V&r?TC(+WWWuGJΒVjJ,xrb,G2>NyNE2d4//)-4;hni~T? {?{Qv7_ 0 8/d'ϗ ϰ{3Rl#@w5w=1l>qMǗE-#Y>uYFR~4ɁCh- \i<]*$kHj*X-1b7j'8v IX[;{jchIBov+piBJwS?纤b~M~y1VYfG8ϥz˂5zZM/\+, K&[ɏܟsZ~ ͳ%Ҝr;;:H+cTgrv:; A_x 1ye:B=f[8KSiK:Z w =.BީzibOcC[Y&rYR~O,)eX8o'-s%ؤ)JRK,i 1w*s̻ w\, PBCMse߯-I[**DwO)Z -O,qF5gcPWńyH$LZ\7 )V%d #oփIj,:H.^Dmq6CŅD:TrtcA{+&f]ϕ?MbZtf?8@y[țdSRv~iKIe^SYxmQtEƜdL?:, hR{) STB~X#̳%ģb B#*G)یe`K@\LWjVyXLJKݨǜ I^ño%WqA:\9~!wV!\H!p5}|6؂X$cE,n0i.zB[!ʎt>oZ`Pb]؊y?y/R kд~"M5N/O4DZ{ckltol6}CUy`q`{{ zA؅~ulV'"Of%t[}.(Xwkkj+6 xi/8 T4GO(HPigഷen+CofI%Qנ)v~wvᩉs)8*tFupi++`X-a(ӡzw\8.lbhQ8A4]xB<u ccB_{c3R>1xds\Г]C>lߠ۪FqzZZCiz7U^? `n(5o@yx5t 3;e˓&RDl r$2gJ.VWt-TͰĄ.dCE~e9|^@Fgq5t x<* :2)WoN#xz%BE9^JE!]9Ve4ǵteD0ÿ'5AVC"Q䷫=%*Ս;MmPWCG~zMz#ǜ1 /oRV@sY AGS/k* taSCe[qɃchC+9Q|@,aeJ jj ͭIy QwҸo!pfǻEdf3*=d`Yxu]*F$ΛwPͣڼ(/XB6L}Tb(IAR7)]ĉi1_-nScCUZ1<uoAvR+qj<jH\ DUȖ:`pO;iēZۗӝ,h¬Mz]_GȑF|~s@d +0EgOZ,_?fI-Ǯ=glf*I{9`1\6p|-hyLү cmw _+ ;$@0rհ^z7y#T82G[**0#^ϤA(<QMY8ܽSD Kp>}:3P4. i(t%߄eQG3Ir6zOѯ>D^3,s@%}g|;&0"Q@72GaU̡MRWrS퐴TDW zx/zY:^g=.e5I~F/6XQp1N`6@uid% Jmn5c)4KAOz14l.e@@x{7 BBᅱV׳ʾ1?kkn <'ʑqJ5 ,>?Fn޵ްjVǵhQT*U>4QH8q* QR,9H'Qtьe9XWrզ6|?+)| #hc(vi;S8Y/Rİj؍b4Ǥo;kGW>̩Bs(Ȟ&mDg⢜}nU".lվ}yg|k>YvԊ?2 9o(εK>"JrxY ۅﻰTa-7#0#~vn/)p~:#ѷLȼ3iU_\V7~9S-  7p0*A=T('7ހ Ɓ$ѷKڅf{6 xv{|/&U6W f.&rݟe@= '׺G+`fj5KP5Hj&Ҥwm>N$5\6aẈ0lQ+gI'\`yXM U$ AP*Z&KuNա N RQ݄@?OT@&:bRU)\T|$ Cyx>H| bΖm0E6ekҿ{-  ;hEK kFW/_&KgmHaE L6>0]4nuHrPM#ZOm&u%DõG<vS% !{a(vz<[>  FmVI}_? 7{?@!:Ph@GJjzXgx֠(8AUQn#"e&m9F aɛAz%-BXw.0Rַ^/y!ޙV;U1!eK pFvԙkCeVO&1P`تQ_i=t&EsZ2XFdѷ!z۴+!BRx"yulNbٺP6Ko|H(j  N"`݀r]^KH,rk2hKR5 mb#j3y=@BF7޼I.ëkЋ5]~drV<``e/6mTIJ m8jX}oo;栩"X4[z‚V9<Ҋ Ag{C Qq1ETK+pY"b٢`Sdm)&ssi7D D,eR{2P*u8ns}R`V|'^b3x)Md;x&[=@1vŭ6`az0Ӕ1%6 Ό3*%L&VY%kɯ|2WsWHAa^3Ja 4/ކ~AK7 `fPh*P0 rI0C^h,H/AҨh$A&cC&]yU"|qPudhE$"dpFT}ϏPj!?mEsOI*WLHMF;2-33LSZDŽT"K7,9`dP :.cq ҷBHSsHFǯ+qy~u?J.>JwK¸0@ G&#E_j#J0s]&HDﻭ,V! |(_NA#v`W RK$$N,çu9X|sG@0|2mSA0Ef~olVإvUD#?/iDi'JW, 2XA,ݓU|͂| pk:>βzXݟ |q@B뾻۽BA %yG0CP 3^8OXz|޹(1 ncqX:-kͣ!z02/t#'vhu%H3y$A[8`,~/J0huy ] ":z4;}p{8Sܡh{^|R4S%Yvj5WpF가IKBO8`EțE0502WԗiO ˩zU|cEDAHQ\[4^PSDP[-9ɮpR.V(=цTav"6Jr`gBf[&AU&PttUi#ж-n(aσIu)U_=?Vl۷6 IRZHMYnٿ<+\o q5}8F}`1 _tcMl^yg)֡FL(*5OOۭ)i#}7VkZbw[*E!/^T>Kdʜ2شahVIT-\̄f{κ;-  UlydsѣsMO~fivVXZ .Ě&(j2/D]S?LA6-lޓ' "@ pސ65L?^ M-E'E|3>tÖX"Ai&wڷn(w"z%pR3 M=p?Z3 ĺu_n~Jc'~sfk(6b'bp^zg`d^rE#9'3U ?2` Y?\ 3Tvo~i!wQ*٩z~tuqcB[SV9y]jF|np+G‚C/v6-ZJqUh?O67  g~ "}u]JVjE|TwDB>vW[B<6\jىYHfL@64<+%yaUn6 ۤ"24u8Kn);[wǴ٦Ȝ{^и׊ڢyx\ReĠŠZ}CD;Uu{.*|קyWTpA UEh)"C;ĝbNOՙɫ*ښluhgv <&0I2yG6-}$)rM`^iJxnԎtσu^YGHR3Q[Z->ʗ LWe]&#솭H۱ZM1I<jxʐ酕J Y;zNA֎?ySߨ U~#όj [h^ = [*4aI㈈>`ݧ:hhW"n ra7rLY/'ߐw+KtsVphy@I1 X/n ՕN uO?X+ލK=ޤeSPI.q9J!l`v' @^\' !E XHb 56u/P࿂.O{?9akT6) ?‚ hR3sCYq t6ݴHF͇l]U5)@nwK!=R$̇Tj. z;|~hm ӸW\DjL{`V}D@%L+ŕ*.p c "?S|!\B]Z E1u#MkjQ_I;Ń\'v)=nξ+HeTr\^=,"ncHg/,xz8j`6r}YT4r _@SnTOK9] yt,s1O &*V[JQ<g5,UJQ9ΝJRߑ1疢h0D㵒D|qN9T1rs_ECezDz\Rg(Ec3 <+ ;`UC(HC`Lt)s0#ߊ2(&d:Wh8ާJx.W*XC)#XqcD Ҍl舖T!O?k H>0f~E>-p/ e~U+At̺?U K@bU1{קs(*Op <~W>nsWx%b>!qjN?swn~}dN&\V&%/D☌ͺpO8d˶Ң4!ʲY:IGAeqX>cC^6QQ)Y|pW 5V(|o'a%sիkBo;+WfYMRa[S+G5OnynxLXW*+n$|4 (ܝ~8b_}AUF@OXɘǚg>6z G G 3hQDc7@خ񀮡qҝd&7r2|6b$[96Re . fKINρ_Kc ߭0=lg":TfԜrKeY8vzGFvX۲L: lW*4,huDM^(iifZ p!Y}1CS,*-;-M. [Q-YD3MQcX<9ygq1>He2X_5 g&q@ KdwWgCoe)}JM UtsI[ޗ2@$ L1YZ7,myAHjgN*"OZ.\GƩB.?T%gHoQ>:!p#B~Mw/~s1 uljhJ1[}OmU ii<|ƈf͚i6fFrmHg8U>=|j#jގ*?ss&P|-57zJkL)xk'FFhkrt:QڕsXÓ!C!AK;\imEup<r> 6nHߐ}=foMf%S$%+Ԥ;8?ڶyfyll?zNkuW ܱڗ }yU +NRm3d6|yP4M c{N桓@vmU GFvWe˺ʼUgS|nKVE9CVvطwiYtHVn{})y|Rӫo_]ׄ~dMc) Xo m\wҭv)^$>-!4ZË >X~/6*WaG}fj"> -c@.KwA\tDthHQ@,ɶ~me`@{DFaNR1l4[jw~3)AX~I'o4%ح"%2taa:kĔ3@B q:3{むl^7mDŐ& i7bw{{V61rў8ZI$ddz軨=|Xz7Mq}à4RmshYLŝ g<6aⶻ)qzػ\lvMM,mr/M!A,^Aa%NXطMUI k BQP_K:IZ:ސ`Qň%=cܱ+ϸ5^_ݵ¦C}RTRz]=IJ,RyC?At(Jh!b|V]_\QMh,*2gM<ԣ{3^׻캴 `41񅹪-%KyY"CΜrf#B8 JG$=̷Nfz(`BdcA,Y'7L<B+)"Ez*l\T7qIaDlZkB~EM@$٣ݷ&8ځЎ"UWJFr;#HlğVF.w[(mwz@dw! ,wSi"itϛ^LB.>IGGJC<z:2f#c㺼+yo-eM"+aNr{D]IMvPRDv>kHrx%ߨo(8*)l©94;;5gܧq%o5۲)uZ̔'>/I(ЯHc 30*Y-K^aи@㲁'>>SyRF稱E%"qKk<_7 )n*I;3m[ xa!{ b`Ib١@έ>EmM,5X;'!،j I4,PšX%Oa:c/7SFܒ;7 dڔdBb&ir5+_vm&Pc`~{\`{_dwBWfavwlɖD#]:a4E2;t\=`$aL;5/n0eFV/ݘM.isB8K/B7{ސͯ, ]?9W ]?g,& Tm8s҆uujTZ6G'auۅX]HDmRm C'3!+g퇉5 6ŧl4X^W>W½_E Q_1bx䌷ܹ;Z!x[A YvVju>25ɵS6X\up4#=گe(鍃ka(smVC+:O ΜH3BR}LEz9Vף^;2@a~KK4  fY'KYNbH&ijd~bvbаax3Ø 淢Ttұ+.8d30C{K ztAtA"YbxJQȇ[.3{6ҽ]x׭͏<5*Tfj8U$n΢׮1pj++?MU1G|0ɦXjkչٴw( iD2@2.ַDx [w$~XHውKAd~]¹i6LCă d֞9$Z|5M\;RbV%廮BP+ 0:xHjQbal0矏1H2{OHOVcmW9Wqױ:-Ϧ%kj/ks hI:o\^FMC\[--M(eM6=s g:98b))zup{5_]-TCv[\MC4C5&{~`Hpy^7=b dIܐ )Q,fk\8"Fԣʦ\IgrUb$QթON.׋iޯYW@M }9cZ<Fɨ\~Ƽ璁$&:a-,ly56%|}7T=R«g* \1IVA},\m0fwk)-gv;~TV]@,Λ*g̡]*Pw cģ1(U Q (O櫕%蔫9/`X8!QU( Sh@moO#j{ Wsz`!˓K{{Q#?em?=8Mtaȓ~j[~=|kov!(a lj&KWe8w%\P?gVeDbR?sמöS,LvDck}įg?}Bt59x0Gez`/BܓU5Ey!CB&GI CH˯־mH:q15qNF"ۉx` Maw<zq#L8݊eAU؉)Α st'ـHɘn!J!8V:_wlnx?\~s]$XMTb/XK_bb@~C/+XB\g vq[tfGB}%7A lHoq,!2gͬA/bL!ѵ+Tհh31Y{Pr/PY/5=Skuϧ1fM+P1X2X2Ɛ<!&z|D t%IB4ݘ38rc `;1)cV](Gv S1ɒW0*wOQ@Q$}HL8)_9Q""S`FMT Iޘ+g:l7xХ(|ʺl9sC Fkj죦®wLA9aIkDmߴ:SbAcе&8f욐x:fN>)FϮ0ϿS:ac$nѧgJR]+@j2+}_#m5LyM8~dSe .v>O[^r1uq.˲Cw3-e |'I5 vKjN*C/-(ud(w'o FƞYZ 4IhBRvZօ/ ~NʠKmyU\n?7 1~+{ik)evr9- o^b!&Mh>}N轀#ecQ p+qֲJ87GG7i8yKн|x|e+SȌ@ǔe \(IVSu2߃5erRۄĶJ-L&oGjާ4M3pVdl(}4Nw`8 \7"iJ) i~J( ̀At,`åMV+O4mfwylPM5 r6j(E|nW*,4?jjDK{ݘb,rTKtI>}`Mifek/Xv)ၲȆjs}m଎^i˃R"Cj] v- طb2"ˬ 򂽯5 (&XԻ :)ShQG,=V, v+vz2W?4I nţH"1#Rץk*nc y/XKe@)0À $ݘKeH>5_@)6nj ]uGGlFS}jr"MG/,%Vs2TSn~]@qMPb 9/Uea3*f/Zԕi,*Yaw\.\G4)/H. -o-n=:ߕ=bSӶ{e'`u-Щ{yYm*=,N/ϕL)AN&7tnS7]Ogn_h1G%~L`Fs$S]PSkQSW}HV V`ݖ\"̰hW@\qy,] X|o kY/C;N-QظijA JɆ|@]+ù*ph2] aTu% /2O7:៾ng sh'F+9 WQdz'oա#z5_mA+6(NR41=3QPG oz ȷ*ׯ!rٷ^yҊ[g\PvE@Xz9w>rč, 9(S+9^1tڪ\ꔳJju[_gfX4^ޣ&}5}t(WnY Z#khqtCT#-\~3o~hqHʙUѽ 9jUIJgd8 cG aWU'~ERH`oi['BP% "ΰRѮ1$/U{1foCfٛgqiW3OAlSUsz)e~Xx;Gm7T0;h+V$,P~\ Vȯ?~dBP"rgEА.\܎Sޒfk1ЂR]gX`3 h9du嵪isF:;3)1~NYAz&}v ,s)]> ,eus+/6QW碤PoZ:uRz}%o Z#_ʠ7'J`1N(Afe:s.ٟ2l,iz5u?X 3T2ӱ^qB-Xg9]@*dR[7ru<F;1Z3Ÿ22?8\OeпcA #8>/%̰+EcnHz|7]7f=,LrOxw|( D/$ZRH-^2 VP8%uI΄ ,fv}c6ƌ?XJYd:C,.gYcJ,;H+I2TL ;> P~h9̏:/́j4ml)Zy+XgUWXfMQR1ab#t /P"?+G&r3ܛ_`Y5*XWksY1kpq؂*ƌ@oV-ēio*DA_ly?E$CBc+p~1mmpp޵Xipb dqh' _`2:d?lF$D5O2 ;*Ec&l_fhpFV7 i33SW* _9&t3^_ >%tA(4gH:<Ŝ02aЕE;mԼxړphKx -9iWaFnʿE/S`Ɋ?AŸx́í*0*$LA8_kY'9;~}Fއ#E6hލ '> a:| [ eAљ6n}XȞigv`\o,B=xK #oz9'FJ }1N].FbA2&h6> x|C_P sE'~) BցBf_A/˜ϙ lU1(,fH:]NJ=b:3<@ZNPǽ(-dNUz( C^wgui(_8L.ߙ*MT k9#EdE XƷg@qmlsRx}5W_lDAf({OGC*ʋ)>;PHۡ])+ug_z+o)e.Ey& 0 /e ϋ@ek?v?[]US~;b jRNb-'uݨu /bq)NtOD ^-ӧű O| 8sJ=W %j(Ć{k.6 zi6>)&ȱp/^@<΋Sd3_qF/vMŸ '&DfY1ZMzpbF) sy(^j:qoqDbB9HGB l)y7kkI攩bL9!խ1x)a;-%w9KqB-XʛaSiAIWU‹RmDgw:3E)Þ+!iHUnDP.!^@+mjշɎH@ _K5+dV1Ȓxrx7$K:8t+.vEkt:d8? {M6컍nE\ȞV۴-!*@+dؔ=.:~Qb?KWnfHDtT(SlDE̽TKc){ YtTKc#Ŕ/"V͞.;}RA˨q*(yX;{.Xni+mXM d@(9X%\9-m0kIu޸V8֨r߉og-@ wfq@l_i]@CY[kȏ3?]Uxk:dOl{6jM)!SC_6,>~`\[`U1 J=X.& Dj|cn>թ/܀uc%/STR,΁N1KN׉/ކv ю쮰&dWys3#.R h[\yWL˟9fpL%B_T i4|+s//G~mG͏bz t㶱=%_3P?m^cPf?Zqk]n$7F "lߦ?Y1@fI;B12 WC@T;55c9>x1q#V♛h"^1^N?JD*HtSj q< .ݩ4~?f;OJP%ml/^u~IV5}}mu&8]<0cclaaoNM=dq $k F U0}OLOp!yq{Bf3V]kȱt^Jڂo#%b S~@ 3?i1;L%.V>ž"_(8z^EZ~] k*Տf-A# SSJBR;Y˖a~pO+4MrЪ%aox%uU/)XͅɪnM/iBOiڂ$Q ;<,a!P&ˠ!lg_x.&>&l:s~W{=s@C(#5ȁ4qRjVh{@pN՘Pc(\T*.ڶ\wڼ h%%ICЊOL,d&G;zT'f"W}!htaA*(a%:TJ"RNQ@B Gdbxf:G(֖=j`ߌשJ8_T!~6m62z/qs&=qQ8SAx>O@.ẖ83qaoAe1(iq.xkuղg7uM >J\ yD1g yFHή1e<C.U=wb}H`:5 1t1sh`WXER\LgG&/ ̷ F<7s zNq>[Zn@9G,OC+v`v(_S2_XU^gF-^J (y&H?>NS+ZBu.V1x[dx+PMdZaRU &T1~WnNg frkNtAg-4R8bxo _$HKm-SAun7u]|2$WT DBǾw, ÕoJR5 oьVoWm庰X0qH`KhW:*ЇL yd7D-֢GNfXr BcoA_g~pTx ^DhM㶧"4ڶrsMxI!݀C=OTcRh:'C\ _!tӮ%A zk$1-ǫhҳ~jB/ǻj1|ֈ8N G\pJ2∖oKA 7IdɊ{7:<gUt\zܽ@a{O?a/BhF8/GK| Jl%pƣ- kަ ʟٕ|*z5*<~vQj4D ZXM{DQcgpoYs [xBlW=|4:]Fa3oa}hc\ŒG^$dN0򩮶>:7/+ai('Kْ̓C^ȯ$Cfv&mGBv^MY]^u0F,!wsЙEhc*}E}Pj4%p _ 4fB{6`G׃6EjO赬E)bSTٟH/hll~]ߍަbHЂcyoM/&wPќ9Nn3ެ-m}kĤ٤ $H`uQ(k-;Hn>)qPc `ugrz< aM\#²!'6v%7nGOXYiCkSZ}l r癳>]鱑0#gFm87v03Y:Eb?" 8 ~=8)Μ19%xuԖ8 #jHQgd]] !DFvAC>|ݽzBQJ7sBO~Sye0+B{cpPԛB)!m3Z2.9HQ8c9'ZeP!oQiO?zs+1!odzAis 09SJ߄P:Lrэ]lË3q@dlq^! iMyg4pzSfoU_iYhup7MM2˭kq,5s^"&<rNWUI*ގnVM\k>7 &B׶I}(Asht]K`g2hۈj&ٵC\`ۻB!KkӷP}^ߟѿWʵLCÍeP z19|sS1=8OZ MX.%Xk.fdwUΩFZ)Y87>U->N0%4ߢlPrtCi`)$^_S•Th"7hq"I](k}+ռEChJL'ɩ{G4纓mY4089R Ԣd GXZ } =@sK~|$<)Jj!UrْNzUb/}FH|]..P8"%TR:_4K bRNt׼ѽ0R txcE*apBeDtM, (y"qک2s[C_aFg9hȝJ2GNp[Z35BxIZ^L3. !ңArƉѕKR;ΪFbQcHi%?!U>·kǪv3ȵCMdxXܤxǵyI3 jvg41\(Ί# 5u]Ҕt"v_'AYu mk[qgZ9bJ}1y/eMRpdŵ7%n(Z |=0\@ro"P۷$/eoܣM(vz=fF%ۦ4 'xPΪX1F,៲H~{E+ߗ>a-3 OiƐ+)qƑ[6=@`/QKvRsQ(G R#G{C5d;2(G2co lW;1)ba%gOTt|_Y MVTkC@gJ޿{ed/{>w ZK д+ Z,'ɺ0"MfF -r.,*%5&0a޻;>MS!;+JiQD de*kz%/j+W1:Lr -8,ǫU k8EOW!-xHROhPѺb؈o6"Sv TkďCߓO6,Y%.ߧĸW]*b*jTZݹ2X լ!916+-,n"c ,[-p;B7"$ Čd Z_,[|P޲%YFpC uzqV%jew@WP8\9-mn|ן - qgaؘTK^Me4Қ#Xሴ# Z&챩~Q~a"'ǟV}Iͦ2u¶6ly䀑c)`WvuG KP1ѽ?}դnHA Ո2)R( F\;'BhTt]z)DVr +H=W# '+fQImyµ+@~bMӒ&LiMP5^*REd?4rkHys6S,*ˀȎ09c8W[XOG6K6 Z8aa6jQy 1C#^xr.>m\Z&1NA*7 )>ȇTP#HѾwo*E3D@Wz+@.?])㌥)@L؎~< qm,GTU* uh\)^|ܘ wQZM?aD1eĮ;+{IGe/dn$`TC|,ȱzՈk.d&#b(ZUua*'^O,Tgx^dᓜjh, N/0G%DWu)ϘK}ۏ&pFȏ, Bhsnqx^$i4z.:~BÑ5pЪ:Np3|Tؔ'ٞjF]t|+EWd\U!N `CӼ*xkTU|9.!3&!HY&DI2ɰ6w(l8 x̹ ,1F@ƷsvAOc;gW"g}}kRc39!L0"d*ݴRB | G}ZnrYߔf4i${%U m u]& kvxJĘ }LaO'm$3D(/sU}P\> 5rc&&нX+?~z+ d8? *yc'J4>ߞ=,@"a-H.-.wze\P -H6tQ.-yTQgDU>{+r e2nWR\Sȵ! )Bi}YUľGQ0UooSN ҩ$7}WNo$hJ+z*% 3"!.#``CzrxE"̂/g'aݗv`U)[$,KfXJĒ1鱅we̺ x{ /njT?w1ƌ] Z4lz)7 ukZXQ9*+t4q;PS{i j ׂt8ŽwRs-dDJ󈤈*D0hL#ʞbN3%r7?,5iK9(Q& ܼie)) [7ɞP$éU*Bwxn! DmopF?)F=/gfZ#yS%{6?AKqEhOd:ڂRԫhecyr*Vעr;UKA@RM lw/k|pWKG&*.IX, BV7UAJ@25&ҋZ#eZ 8ЬSơ(/LWR ԗƂ"{6K r`T$YS][-7Qx5ϬsTDszJ..[<_v7/ 8Y!`_MilIƲY+ՕZ?">񾔝@tc% r^2Ωvk]ҟ'Ψx%(wQ(8& r ykvP,ʫK}=> z{UrK#yB4?% 2د%wש9 O",s'sCe $쐰w.:U:0Fa 4@Nn*\G hmFO&Qvs*I`Q@_$B[ 7ua26J~.Qȑw?3o(1=O m?׷ zܲ J`TDbb.!t3 Va{kBLniЪ":'ו݃e0l4x?R`ÿD!D1;ŶHҺc('ul&hx*&| wn1Tѭ Cw [)tDv2\szhYxl6bCV!ScQo`+h( p tz2 WXy] .5,_0C%ÌN9=KAHU>s瓛`âbdST <ܽ FKo =$B5PFS?ށ.l7M-G0z+OJml`x8$>;za +|<,`M> ]:#zR"*/ ɧBZ [(!/DAO}o(@i/᫵&D678?1t[uc WJXȏ'+M8*xya7055qcEGeT&Gq֔>gA=ymOCPэEJvm԰`8g3wcJPOG|gu=+C\MyiR (zr;"!\zPc6V;Z:6[s$fڪ0`rgzJ=b|JH6CHUƘ+PfFVYPߴ>j@VC.1~Tj2!B.kЋJ4;N%!2 ،_ވ̲pr;k\P4m`o:D#.0[ח/rm$?*k>記>#ad@]/Sr7~pnߥB)]-=D~YחXU)PWAAE{"M |eH iByluPˠȭ{ng1Gd|@Mŧ"8 %:\ Vm.YH $BNMQttErJ.#kz~(L-6~)ߠagPpp̞W:^G\eQ;8P~$1zE݄l׉[x, %Ƒ2z8f5CqwN}k@###] gg|7p|m9LK3j(5ug%OVX{]W+ĝX|ɬ7Txxvۉ|W"68.Rw~y[uH(aPqCYjl[L3=ng:aHh ht^wO-mw*pQ*rd@֪DO7Vкe/$43nɛ0*D:N\fMj$ZR`{I3%Lg&ɨm3+ʑ?JZ|k ' nnyiP ?+}`MA<5ՒeUO-K-~dR&µЎ$a;S 9:KfߒF@4oFutieO?lxRdrT#ja4E>~G8 ]#s@;\ 6j) sN" ZIOiaɝT ĨifpWFg!EYEt{|؃XzR.Oe@ xDؼ-ZQUI΋Ž*n7.Ro ee,wo|ֵ>V s} Hڴd`\"@xQ(C_&TRq:15C d<Cx)6:(yRz{(hh@e(rS*E&X[hMtGFueI&k- A6^͚Tʜc=stNV-0_O;Kk8z7q֎xBB^AE;]b4 Tö;?T k;2ފ3+WBUC2P6mmMF#%%;^F7Y'IfbCDώ/J`X8</m[^E/߻Ɛ>P-Z\iYvg% {@\6S|3!+2x.=]U+qUpAz{'o7.pcRoꣳ_L7;w`0D]vq"E¾w;vhXP0ьcC?YO,Cxy!;ݷEG{a[[Zd W+FK=0;I.`,;!kY_ ":VpS[sX*cB-=Rmz~E|o *B:Yнh+,^`RB=p[VT-Pp_c02hzkT$"GU{r42XvS8*ԨlȖz $Њ "{3 [dz̮&qC8ؚz$H 2Γ8n+(\mS1ȡ28;u}Oxo]ttBgϱ 4IAC1oD33' P4~Q;#fl {ϝl~ʋ>:PRcJL я˓U{JYKgT6U(*HB,]Uj"Ղ *M>wMd%>s}3,0FC?:J%-P- !\ND:54{͗O Zݢ+)TRQ9@t\LSgcވ£U' /" <4M{dJvpYHqvoL:s'i|*bm3 n] ٍkBH2oӏ_sM[% ; ^rXybְCb8qYmYMĮ,6؛c3D&"-wr%kw;9ًƬ7x;Cu;T?sQ$.8Um)El%f$mKIQo+}ݡF̈́]{<$Fx2yjYƪߝs9M"* s@";zW2#qGk.tyaq0LZTC$N 9AģjtrIjr[z=/:={hw40 [I۫һk(8|AþN:Uk /epnXk6RӗJG {?]\(yAG9x=Ɂ}2}(l). ^z\~Ә0;7eJ?# = -sFjy(rI,+wȺdf؄cVl\}EVuAO,%n8JV ^q xB \E;,,0z/杪Yu+x~[:'bnBV9Y ^wn{h* ߈f$]k"ԄrJ<{)ֲ L( :fN Ql՜ ɺy{X[Ә& W,r;|MۻHn Вğ4%²YsP#˘DŽk3T ׄfxwn.)uUgv]:rv̑T*X(f:f" !"7*[=hkZQ7kX]+7dޕjt|+xʻn:Ԛ9i m83ԱhX#/%Pʭj\ɺ]A%}$5 g*_`?oNi!b>樆7l1huQ3/a7 MP\,i"ă̭ÔB`Mu":MV\|1OL_ Yq}Xc) ro6Kv]_iZ)"&NS`Lcq0I1XЀKŐy'N, $_r+(iɃ95V$h3(9x oҶs檛wrsZD/̿edXThxh s(!?z٭2HZ{453yl i ^0]:e`R?)BC I RTD+B^,nƠsɻ Qo!?); s*IJAdK c ȁM}y$<|$}^~c H_5Bm.PN7ĝÕ\x&p* ?da0LZD@Hohpل/!p(UߣFNc>`c|Hԧ9$8vGqu_Hknqj3|V*` KR_l?v0 m2w DŽhthb]zT¸/ ==Ҫ\:ځM+㡿G퍁;>xihć KCyIb4uɎLlWA~9Q6(*TޞxdSa4Xd\ χro)>AbNMZ0s$Xٲ~a^KDjȨ?cLӋQ[NN}hV-ogo6h{&``M'ukzZJ!jȗgLn /] (d l?h&(4[Ӻ Y׵c!3zcR׀emCG^7c. '#V5g;a]/T-?1X08aIߩl6LL&:MXKSmKCMڒU]Ku&1E 0Ĕ=9z=W-%w6 RnOiw0Uex"|j& _Y$-(F:}ǝvL:Gh{X7>eEmXtٰ 珂l}ːHR )`r4);[r`ȳ4&~/#  $Ʈ| LgMI`D~iT&`"5oq12]; $SI -T7NG:k&G9S &s'('.8 y EI> :\J$kG> _yZyg6(4z͹ NXUՠUwkj#㿋Y?sE#+>#~@ok4 9pf 3CKʡeF50<6<mi/:tDV;㡅jڡ[hGn&✬|Q7sVjލQ8{BΚZ  lV]#j9o~BO,(5xukV%A31.?@Sǟ/>4 :d 4A dvL#N '$k@oF2kbi:n,0֌~dcs %Gft?f@JR(_"°Ԅχc}( yEl,'^Miť:.3s{ K)-*>\2.LGar-Cfd T)+?VB:ق75%5Nmux2]Z I}l"M8 zCM~Rf4J|Еewp{AㄸmɆObCw5G9^!"]: e>rSαw&5H+t4``)|V8ԭoMrS6If -Ĩ i8/,N r<9},|5ԧDcBܾet.>1 $ӃGm3~y ND.CpWAC[XyUsŰ5M XFL,cH_|МD؁=_ 1Wu7B-K\J{)_PW?KG`0[])Vīo?Vm74 ; <@Mx*Gb?f>``›" Rj k&fP?u .AhC弎t['z'/Ck; lr s?4敝dH@?&&G|DmoK½ !l!'+o;ZV#Rn9Yd;?Hpu-u N@5M Vj3MݓgIHk[=_G7[n3>驕.i_HENӐQ[Ml硼Q Iɏ3zJ.+P( 5CsZZjsxy^.EAvY2܅,qg0u+Ĕ/*]s͢=6%=n;2y{|)~a$jvjih/kEw/Raq -N;mp-Z&h#3[?ҥ##>o RpTՔM00)w3EB/>_B SRQ6L򋠜V "!N"7{%BL`-٨*."  X,SR-w*aLQ?[V"͐ 3a{]t3 f2e鮶58ץGb*-үfA6R:R^Fmw1$=7K81KeaMXGYmE4^HwN6":w;+QJDuYR dM|Χ}.,2O )*1}E1aU*aivcäK*uwvxy\c>pC} [J^g"I(MCREMfNXL OHͨ$i>uxʵYW+x74kJdy5܉4 uoٔ[dE ag j!8뢏,/-ˎ@ܮۑs_+#| ɕtLQ+ g=H0-h9{e" Dd&`"PM2H<~ڽK2wB-?"a&3kWu K_ίtkK.4ă6zٻԧ1G8V\@Qz(-uq%A*zM3<J*rCuC591 ]PYhY^0_P/ ߳Roi3B7\Pi;I} Tpowݗ ߿EhWe8DI#Qbs9x$g˨kFE`(Ei!730mrH-4v>x("rۣHqHBW^X|]D6xIܯbFLAI2&͠=b'p6f0~`[:30vH|dkڬsw[V~9msrhV`.TPǡV[M)]_(oIqeOL)+/ꁁx[Ϡ9 X0+mgַod|YyOL] d ұн{ΐ-^Tǻ-EJyzoX q(F$_,~8(ԯZ~D7/NY2H NVwC*@fOsLMVgV:oܕG5$GĎ  ~NH'cƂw|#ߗ(O4QbZK`J{9*"@u]e}  4 }y1eeןȇ~q}Kxpj6V#"JS[X?)o;G:IoG^]-cHȀ=ADN%瀯]7dRo|Iu72 3̻ҙTO)ɢ#0 D5 zk1rdqE|n-A^[9rw&QÉ_f/ɹ͵h1o &+Z 0zݱiߤ,r/&}*z"^gY J;߫m[̕OR AAiy*S4L i}\8Zy06x$h=.`ayliRSRpxXW@n =Q7x VdJ;9AfI;_4bMU-1~hZR.UPtt لY*-t,U|ِx.ic-x6vQr!:=c!:egp32`8/WLw!yYyJ=R1S\}ZR{({z|) l7~޼9WNҟ1Te!&#g?bF_)%ܔUYy1gkV#E킷?WtϦЀ{;pDKEZjAqSS*ry &̢|#tg!Ƚ*j13KEs }o #XS!ڕR:ĦQ[|5Yj]BJ6cw2t;C@"XoE(|DaK^?g3(Ϲƪi!e4wjtQo٣i9CBY%޻j?\P9m4ZR=BΆocg=ki5)GK<ݦSuTHVT;Q_M.(#q~'. l={O0Ri~[*,jExe#3:n<G`T,S^<$;q5QzGGb9eGپakM mÛWaB>K6ڛvgU{@a7]H2n2M|ߌic%%ѐqtk~HCX*Co0.YQ\YIDBTSQkuYVZOI'~k16Cd :A`9e@'ŵoh _Npqt>Kj}C4sa,\ݨ>V72*KlBM D/ɺ>u=ŌA DeY#^`gSG,rtM WE}Ԙ:7qIՕW[Fʙ#F7,_> P W+ FkiI̺u3 ܕW鐀 ec.?9w?;ex+=m4fYa;H|Cщ>L) YE}}l"ypù$RHTATMGTtU.c}_?]M~[Jdsxҿ䲉@8# ճ?5\/cڋoD`kP] k&9.f+wl4KJT"#R,R/]9caHo^`e!XLI=UU7 @˥gVQB/: sI7ktwͬI˫HqRkA0?:X库{)VS 7>;UkeADG7M&TzUE'(Ո2p_8NK{ԕ7ZLs*₝k3ոg !yh?XM,6U}z1)}IuvߦNj 3#hy"2!~#G'+ʿ} ;B}{)$\&~F H߻Ey7TO)f5.a<%1zɓ>6I墳s:۩Ny y_ ,KsoJbΏBU*Se.(SMHIcy.Z=}?cX <?-㥧-qTZVo%m|褐:PYpFYB2?$Lt> y뀢cSvUcvRza@7N:r/^:gBuşrқ9ucum`M܏_K`~0#G&V/Ȥ͒=z>Ьs=9,1G)#\g7T$pOWPv,mSÖu/1G5u%ݽ)L]8A5%\k]QPT4?"tE:WU**4@)友D9Gu(՞е'u8Q6=PpNh95}SD#~p 1I*'{f?&F2RBnpy,Acp6E~_ӋCޚN{3Wt󥇏!usR).)|b)=XHַ):HCEE\!+T>F-Xl_<sNxͧvjF5AiJ.Uwj4)!^p榞1[%+$bi2r9G4e,c9i!U4XNB)|O{ޏԡ0}1zKƙ38A 6@,[;x3]6soIA1h;kiEvoUU56-7bE[Xq۪ѷڜ5<0!PmymoxdPD끮ǃڂ?'+8k.7ъ#e<"/<|.P:INFz?eUf'&ʮ%)xф4 )Cu:\2sq,^Kꊧ[7_J7$B/2J(o!}EnB,kF+Rpٚb'=e6ըkR굂zDR)a?uE[b`z 8άjU,>xEDžUV] TgϸQ?Ώ[2dBp`0vt-}ʽ z$_TRQ1Aw!`iADϸ=~vj7mHiVEt^N1c'6R ]53zT3uw$܂ ~t؅ FA9սc­\7}.g͉WYƊ40xSU\ȾΜhKL s>Udyy4ֽ.DSFSglnjfH׀} 9̿ɾ'\Xq9>uCyMzQG٨` @xesk?%M~y Y'&YJ \&I XN5YN~?*ul :CϺaCY:Q\`NAgNXU<;u 79.]hPFY4y3mO k _LsSDN\8eτ0Zu|>Apu EYW_`"Yqk Z`.J s=d}.mXɜ,՟5?]ږۥ&澽jܴzntFG\7U E";5y5FaET*-[;̡cٜ &Ps:Ӯ瞀i6֑rn˦; ɥb%ˏ]G&)~vIQj G=&-[Zkb46.Ѯif}9j G]- < A2F(0KlضO"{ablS)Eqn֮6АuS@b@]4˽?(K{@0aH|JO"WVQS䷭?(EI7 ^Ȣff/ʱ:!܍"RP"͜[Qڞg$Q Z- aBXO9664XHt5- N"Ӂx觜H@q{BŘxxð*檽 m}]U NQALrθA_J)]c||K CKo}>hB@V_x{T_+W/tARCoDX8ގ^U}Pʩm(GN)FEu=bNьvF0~G'k`jf @ cF2mg+dJ;T2ֶwV uypzn~]tɲ MU} Tܖ0v?ӕހlL&9a(ŚQU$qZU3>GSmymmXJ3sDD#J1A_TXa@UӲ ߮S 8%L+\i Ã/.ÇEv= (_@wOjZ?2S7-7T)ICM{t!5\!Atq)d\ZՏ".$"(#Ǔ*t5[; oʏ 򺪿p(-]IɢÜJFw(rny?NiFĠ0FGy !F?NI)fEċ+~%#@ RKk\+] ^}=xhjMͮ`/; iiy!H< 1Ҫ.LIg4-#$eWJ-L+D>LNLuz!n` fx|.0O3`5aI.ZĤB\U3ċ: }'SÃ|x`Lm4Brx%Hڽ֪{G?#VqĚfZ k,{~|ubgh.K.ˠ;yaDj2/SMqO}%M(Rp];o׶#Pݹ1G@ jmaq C` [] 4 S ӫ3 Tr0?x <=,g It;?%fxZnz[]XG㬡4ں:ZjzXL0-yw%3嵪ê:<= m3t5S,fT8XHs ѻ!hI,nR9yb>=gcRRIf۟vßf f1̙O^jM:uR\g{dZBK]l4wTQ\K^ty פL0^ֆ gLz^i'1/o48[ "$M(}+hWq}6 k@x[]wZHnمSX,(&{1A3d' mP*LVXh؟p<؛Yv8nTY35ӹ;#B`ό|\S2l)^m*[UUȠB酰[h t:lzQ<ژ_ 4S~r>MҾkOYu?sꀋYgkv'a`z\YuQQ%? >(ulg٢M0F.i%A]X?DQ [aIsOjKZD[әi!2e2J ,׀NCg ShG3}pbg|O"vV8+՛xxx%z)1䜱)<Ȭ[S%\6v̑ua{YK90k[0]*쥰8>S`NB 58R"6g~nPXԪ8X.ۅ2(W4kr >S/wFC`L bQ+*N4 u6$" ;z1tЋߘ}48 t1OKZEj-T=ٓ$ 9' SR+%hH|DFb@'Lpo zL ףNUH䯟W2hL9&5: }dp{+@1u&i*[vJ+zmj7)1yݎ@ai8faZ}*F<"- 8-EݗJ#:_?Q.Xj6ǠIK]vh*KB"zњcjܧ3}c"P J.oensZVDN2jKK%hVcW1 ccf:lLT">(,#R-۵Nl2]HÍ1ۺq߬UM-))S7Pj뗐oJzSdB7Ks濋Jn`(O o-ǃLeNђ.1̆]#Kɧ3HO %QB?\ˈUr"yʇw%Dsv8ȳ>plZ۶z\:1.b4eg>*O_8dyaPjm;Q񠁮0fjHPl-qyg Xު׃GR Cb/+?S Df|S(#׌?==Wl>kdP#$3-RX=&Ye]yhe+dKFd 5UtȅoBaɨoeZxɒ˄kVƹڇi-I$q쑝.sFR밦p݀)FoE)Qp!J"ԩ<;h}O&;^Ƌ6KɁN'n*!kėz/6g7фOtVnLTzXX]T o R joJS֒FaY >T$ݢy˥r7/M.Dď9eJvƻuXcR_^25?Bo\PߛZ\c|EkUͻrX- UÜ+Xq\e9)vjܔ HT׭c|&n3[n፶Ut/6iu{+/VD "= 6>[L*:3<2ybY[v^ơA@Z\WsՕha?CW;m5'2;(-x%D|ą3[4I^ 4ZeM1pL[bSEr*MUl27NY0ygb]xe"*wɩkZ_ j`(7llޠ\4l%[֖UmŁfI-p?QLCx{vC%KF.u4* Vy4ϳaO[T &2 LYgs 8ECGD'>X6’ %\?Dj5:63Ͻ-QŴޛ"D06pϺ=WO_&?OJMe%:q >oVjI :h "5Y4h#3aCb8%$ȮM!CE!e`dY"e\& ee) ̥*^8J.(Pp7"'?T3XȰ95L_ʽ3/825zҥ,N%TʃEA# RP%Ju| 5)YqHg&PSE˦T&Z-ِx0|~w\TM!ϴ{Ir #./i;([1Ǿff])<+C޼og-*I&_ǜ_{B  {`or^w3U0^d W|ׂP}hPYacoh6KD Xb<eH:b.vTPπu PJܵc(M?= $$:Z?\&{xFɧ {,ʯǎɂ0R![m滸@J\4@%%:&D3$1UC"-fBmCk9u erNwnzMl^۶4' t+?rOuFB~m*)xqУWH[k'gE1PB1/>*ߟo54GAR@an7?3KC&ОӬ&o[@YXT* ϤGFP{)˸67mq] r!rqp _ەPjv9f?MR\bTQ:|,W=×OfI{5 ʕt)7)ұs e 3!(؍y@ż)l E0='aIa>Xڶ(ҤtX] ݺJT҈Ig\*G5 9"-҆džex{ZG¼nӐ>ٶ fJ0܌mrDU"꘾s{A'،4:؈w1^u3sx~fú9g֡*D$VBmm_bCrlfPED$(|E͘_V q]!JoQ\!\U>؛R{ŘTyɮ^XJ5:cš۫g>e($N#8J0X6B澰<#^lz`{0;K@Z@P;nǙ&}?w8E>eo-[8|5?ȭ.C?QP`P^5!u\RALYQʅgZ׽2Kt(U~ϱwLQ% ;a.˪wsw*Ir$}tI^Ua{iZܡɂb9NP:%d_.@OD#KefZ{h2$Js#lȇIJiwi0ɚO~K2<{01D( RjE8VqW8q8Ul HnD<$EC,E5["מ; M3]ؾ<_fRY޼L~n!΍QV+^gNk 3V˫|Ӹec[nX5G+#c8e Z,d#`Hy+s؊񢺳 V?Jk@ M].L\죗TB5{TsF%] 0)FJ OIR[bu=2M_ ݨDxA0> 0E~>ܽd%PdkE^~y5.y @oXmkFdq7q4j& d[h1h\*{<} ϸ/"泏%L">1IVq\2z%ގ$wyfp2T#X5V'C07@Qt=tBmi.W˄F7GZ=n=*mj7MtgL$h@1|QAI eoC@"hIue!&_-tT} or}&u"lgqߍU3]`k5tڵ6ik kNwo$Qh&e/)JK-yT7k喦'-y'f=q*}9~n)xx'![ՃlwT~%ȯ2xt[ܦͩ&xv+ 9}@S45c?y%C$1$bXdW:) [C[^\?%o$ubLj=ɵ_OɌZxNP8"2`Rb9mS>S5?8xg@M_<`)LQ ԥ, {=2RAl鈑H$ŭ Hf*mE 1[ΞJWԪӏ'~ū_fO#XGX;K@2%Ww6zt˜:|^2g&[CJIlo+[5Ʈ"m!|]i¤۠w/*α%zj8n8b!xRv ɛjVS_vHp3CKh|甖D/ ~Y,c3p$H<""t{4x.dڡա]JHn'r iZ'x~!8Tupm ]IJ7mkk#g{}W&"nu't683-,L@M {~~Xm5݌JfBghY04O^,D\ump^dF"0ke:r זky~c6 /VaÛ51sL@ϭۗt 2WPImvC,n?s d!ٜB{k 3 ]eHŤ \X恹69%C㩴y;x_ GZScha(H{U;MΠ}Ukx mkPߞb򂭛aUo!?ܑNzܼG2M2D>$&H+㊍#]~N9&7T}iF]I;GU_~xbPqP޿x.e5\&>&o,%bb%YvSRkJԗ=3[}Ew*̜mEGy.4EA=jGRݹ=`mJU*z_ ގrfI )+gMN ]l"]|' x.bӞ&ٚ 0(*UA~$G QeL*;ԵTrwLR?\ƒ=x^NݲLlp|V.'zap[2{ `| O#n״v*ק= ^<-i; tHx0Q^9!!:'ܜzĺ'J 2R|P?VNʬۍ$9vQT_|v|2FIHl^_Y]_eț4(5nFˌg$k5BOs.} uK|H|Ax kNײt-ЦP-%tW6ϔ;E,0{GJJdӦD,962!u&XQ?T%6Ik3ty%pIBhn&BOh#VW-쨕 gϲzNr?lxrqJXa)|6-Lm5{ܳ)mYaۿK-(PQшC =H#s2`9Y WrT(#(ZUwܶHHk1q[;;QID٩~80i# U&Ah ͇Ag02(n@ U W kIS;] 3Q@3HdϞ"CX9" ӕ2DJ!עJ'1i%~>n*KXe=8 nZ f?O0LE.ouS-ȞsuZj9w[dO6g9S+}|04Lq\tsq|ܲwԶ;ǫ'/.EJĵ48&ɹrۏKJ;~Bd? 2YtM҄UjLD'_eoPiaKᛤC]7Fσo)UQsV`CT,!qˀuA5fE*n[arl㏼NDJ.D'<}iMb0ktyCzlDTQC$ ?ORv+$OZuf(6= d1Q˸=%h)BNoٱ&U%B_yTOjK+4F ό/._h% #s!=&jels{rцF^/FlX0%''cȓDauɺٞY}N+&hȐqQh߿E|>ѵt ݦt=>-Mqo 2>E{(O!-= b@sA l "VG=vܸ3J~oITkc'(|)#wp:(b4W3kJk@fHgw'xQ0vףJ.aEzvڗHVN61'~[*ɰeIi"7:F *f< 4AV֝a>CQY|ghkշ? %xbc`ߙNT]v{BR~F$`'zYs@z|X2g'V j1OSaaA 76Ԍu}='kd?Y%-GɎz4t%~ 0`;M" T]ئ~pnKh`_o3皘.$i oiKb&t;{bhBdPOâ#`76*Bz^j"N)?`>.W!o QgbCYhhJ]m!m75 \_y{~6@/%d-DB{ :d:.w7:7P"^n&Dd\=޷ s'_V]J#u0uhNg5}~8#6(Ü͡9i4bZ0axd8APDP*cB4Gbq$Kf }F}An%@@-Np2yXIrFogI[ZP,E{5"|k}#+:JK52Gx@Ũ^ӆJlO3Q[Dv)-|~-#BLiLLh>cANzVf7qh0ש]G}aOu" toZf>1T;|{Y9h#bH5V~?75U5$2-ӷtB\ AOsBFd,`)Q~'!vbͧ}@>B*Owu^wǕs*N\gs]hRք: (?8`i:1< 9bޔ,N $2"4x ?R&y4b?Ia;2tUܣ4vAŎ"dduv[J}L*51\Ո33 &6E&50LQuF nQ%: \%[盧C=Nx紀rx*H{Ja͍k0 H*DԷ]jrLI8#t"wʘvOW բG5.:Ʊ 5װ"׏kB4q#o7'em`݊}a5ڧ>؇Qme*m2U7kas1^Tm ՀN8w *CX[ghC n 9}=N/z Ae EXhks|7L-9I0F2nCH6z=.3M!B4N5xOiXPb'm 9UUI5{'4_dO-t|D9Sw´;<#nɤ]P"54mO̰%{jIu+Ѥr5`[^qJG^ x+D~P mތ{BL)@ECxLRzl${DT-ۑ $qM D f\S+ տ!!U 'tZthD,u\Tl흠8d{-qr>zX׵uFP m3cNC`Yxо8Mun?= ( @ߦA+[AK!Е>1 wʯ C4ݎ淸jf۠D| ` $Li그:[ /#1aӱKJ:sRmI] ,ƽ%N$3uF?i`6Z>`7pk1>}$OWdX\g&V+'>D kfI㽉$QgXs5#ʖf`.LfGaxeG-w4[EӰx)T:V鰧,1٘/pxىYۊ9zaٺ|օclѲOe!a H"GwGbyL|Y7*(Rri לg?Ki-dI) 8 2dlӐ/Ycu"PQr]@,MdM݇lI?rų Y `. ƅET=Vm'9rtN3h p{ռ*lGAO}*4l-N!bB̝Er-Qn_G, Mު~ ;[a*F ]KT蠒YӢ}ɀٌoz J'a(ͼ'YDNڬy@üm{Vb j>l2G7Ý1 ;0$.#w^5YRB+.iA~BIC{qǹ7L}#rpC @-aiXXF F*(TKǔht̹ދp궤Q5z96Av4Oǽe*m!ѧce=].g uOie^`2@7ȡ/x Yu 'Aw?oFj/ce_@Ȭ8օA+ #1gGV#Z,GxkA/gGi#BY]H0? [u} =n4”?# Ab\ʂ}3AAf*;-@ '&2}nC:SHIb1H("JC@WB h? k^$Oμ~M5(Ix& XXɕY|t `X{cK}V^Xξ9rm21w] kv|S latu\Un_f ~fT@k8,]6xT{E3-'bh-WMo1uatVʒ۲lz o|oi2+!0Yѻg B訃SF" 8Dxbe\>Gw_+AXƄQ& g% Af wOh}H-σ:7J=Bd:k ÇbЈ5ivky\z%[\MBITR8ЛW Aozpa8`UHww}6>0t0AВەd !I+WR)<y͐z d (;lзq.s\7?,QZ%aZ3"}g)J /9t>I顢ݛ[f*QW>>l+`|Q,.Ua0xqk+KSȡ%6}̈JM.|p߱q! ^:cz9T1iN5$aŊHiwxGm L$eh?1֔o!?!^ nK  _?yQ_z$7_YOx NG*r؉R<.O-c+-Ɂ!v&[7  -]K,ݜ I;RD]Zc?VMX1FcQ@$,a{2@NU#F XeKGݽڑ5ߺm1A5_K YFcC:P`IWO -H6lPJ`N ޺l[0Iz:W"ShmmsdܿSh^'} ջxf[^9D(#+FCyhVJoϓ<SH~e<*lf.RLp20$mti(=BNG F'ٻO] cB~D]{r!=Z Ogޏ/ற̉][P.O^X o5bI!C LM|Su0RCR wH!uY8Ƭ\elOI+t9'c:DWۡD4s~+cvAd3ڍD=YZ@Z߸|P6;z<)=gZ'A<,u'znMԯM_D;m׾in1HJz$l-4\ N+ѧvQf|6ߘ t0\[>)LچvCXD,t(M7 ;lr66$2>Hg>vAD5KxtQ?J2f{\bK|!c'_C*ax!8֙SZ7}[~R9=Զ/oD2}#ŽMRk90rYm?i,^|0d9@+oՅّ8ݼw]{{k(<0>sH=@L]tfRj w\j@"QֶĖoa>8ƣb7ƷטRԈ}}p @7  4dQZ#ƄԽΧ t/J>[ڦL*,@G7=DNxZv3p3:Clȉ,-< HT3xmHS'%G]PXNu &xTqTF V#ʌ}Qb!)Gfe.IV?[z 0e &z AɏL=>?)nQFJjgȅÌib#"/)rmZUN+v|\G1U@ʟ2#mnEJ< Y=/vd r0``nqS}nÑev?шzi|ER&T/yC.1YGYOŋ99/MUMtSp4|m4S!d?TʲJ gQecQ#Pv.q%}`c.@`dtJxŤ-;BS|bN  M;tP2!nR㪧 ס5A1IƏLe .x,Ӑ6E(O\(UTc% PLw'Fp:N|WN//K4(Wev8>Ӿݓ홝4SfOCLb5ߕ.ޔY\Tlg̋$$f.ůPr-\<>::;GGlGd1,RHNS- C(Wg[<@ȐoMCNgDbWoG.pV&t4_eܳGR &49+5MPayűhf%_]y[͝=qPwځ1P !q{jsDlL ۄK6hD|cٰrF6Xv۰K0gSg?x*J>]vr57+o6&6ϝ2zsi>m۞g5mWG_+B5+(pٝY=~ F1ǂMF|WU8Mz' n2f(Ȏ =&ke1ҦC1h{"NbǹY"3BV/ՋFSa2Ac,8Kv92'Kۄ^񋦄 uÃ'vTbl/Csu$!YR 1ga*GLW&mD*v!Ĵ-Dj?cA)*vR~ZITPiRQyy &YK`A:KhD]mvN11%6oI=e9_ta`{C.ڻ ?IjAOÃp +gଌB a:%YM}Ճsp$Qv2ȀpԱd3ݒӇqwA]pat틩DUZsqfDM=Hh reWN] ox WԳz_n?^I 3=.{e&2VD h [.)gH혷 PbG TIl.-jh (y.&X5t[ j7k:mJx_g1#3~Yͱ|MRIdcԾFMNL3rPHN{S 'Ot(˵c^,ů8DR4 >f ;&8(myFӇL%{f~Mڞbn:RN [[@NeW(#!`jX8nnc[׷uSSx٠q4 I`+)^ޡ4o>S9 |#R3d(1 2y|go?Ct ŦӞ@u8OCdtL>Nh)tQ[A5o@P|bO2IʹK$}q5Ϥboސؔ^?ړV"dQ9rmt1h % uGF7Su]&=Kp_vځRܫR'^`P^UI\#U֞Jqk \8f1 CĆ꬈lN E^Pys`.w63WRJE1]-`j)"ֵIksxZ%jo/^P5WjuIAw½}˜Bn \T3>#R) ՜PZ8ـ'IļΊ,ތP=AIP7꧵;Y*ɣ163FIwHb?zğ {](`n.MKQPj/ )?R\% iPs)1ࡪރK1c!D)ҝ'S6+8iك(c–}̩tR:m+꡻iθ:u!hpW6(9dh捖#ATֳG'~צr^}/8z*!vgKfa/J~ҵ:[ 7װZ ,3'3Z[SY : p666w.]LyE(|fMrY0:'2I6?. f"EȕAB#?d:`$Vw᷶[}/"yʎNMP]2q"{H m*HO>GST8EFΜ]=*3,<}a 6'}A3*Eo09zA,)vLK87ldSieRd<59$vc}΀*H^QH"Z7xg,cj\s/Qu'T3}ܣ<EU)s1,g@ZDBpIa'pU2Җ[R\45RK)xxWoSzia${lU%4~!C`h \-{ 44<9,gY:}'DAQk 33YAĜ*JHb^,I ӧ%2Mi"c[%3y= 48.%;Mu.pUߍϘ.YKaM'1k(qݏqy"Ӟ|A'KfoLU߈Ʈ %o@d1ȵ Jɰpu(R:;{+h꨽Xn$Pnd3 *Bwe`f|v[ȩO[˜HFa/@oώC;ZF[1"/Rk/;d&uj (nao#9\_C[_zE>;:9p_fvoqa{WF[S8)v GWe &!t 0`VoGRpBU !謧(#{ hm:Jd_\W5 +{@ui[%L$$BtǂBJ~2v8yM<[:VT}}Q1݊dX u? i܀p#G" E&ݙ3'D N{i|7/Z̩8%G) Isxeuen8?f)Pڷ ;@9q7C-HXAE>>6<~ݺ$h>gkPlr ƲOZ'rB!aR8df Nn`cozu`EN Z5չV7|QEp2Fa`TlI_On~Cnju+_ R[юdV?dϏDT0sms'+0AGƟ aDH kFu ,[Lxڪ53EVU~,w8G#ˁߴW6?ӻ| )91x aoYrT/F}Iި|,aMbJë0v@>w|Y`^Hui@% CϬ*~6ȡVQ7.R,! w"q+>>`pF2%P %_ykSʍcCAhb j/?5/k{:6=(% ޻S;Bw.{ kD9 Ť Xd\~b(b2ILeI*,>O> ߛϛEDl=h<2HuËzn d˙YodgdIoMk,?7@$`ggJ BADj iӪ]:!TZO:h 9< \(5no7_STnYȥ;JN@44aD).b^ܝ?[b4el(C8|`t3E6ZVbh\ &5oͱmF-49j)w!Bsj? l 8ޙrJ)( VDrw`\H 鮦0v[Yc fH(HvRp n}t#h!4!RˣyאP6"ao8ۨg;Y?1ex{l5ƣhb1~ nu1Ia荁-m1;k#|ΊZ _{:4 p"B57>:/(?Q&Q7!Jp͗kWB*.EiY\66V%:/ʭb\$wgݯsߪHO {M>(xa6h\͌h7KIu)-;$gպE9 ཀV a.yƞ7R`i0/lXuvQr7\B9WrZ'I hHY$-p=- ?a %׀Q⹞C!k1 }Q㿮e3!TV{"k`bQLir0ܶx\ɛlNMh 4qgYh>=fKxJ3:[F|]o㴽:*Og'?RH$"Af.SvbuP2D[3+8V~ã3Yngp,H򽛃-#X[$)ӿϩyJvVtӌ C/WxZT~^fX۔9V`=##lt':Ez>cyL_#DFmbw0$yJh2*A.iXv+t,ھz5 Zƃ,m*'% 拝2&)Yc49*+c :ZI'7_oῺW!ڢ/,LCv\XH: lO=mWӨ*b>^W++_IC_kEܒ|zţI~zikH90P~9LP6:JtH|ZjT3u3 o:Q9(te_ۑ;᱗Ş|hW=!VΓ4W̝GRi`֘QNܦ@.*5NJM$RPd2g ZK'̕jiHU,nJvRz'x,a1 nC ^-8oɩjAs?|zşKhsPQz8y E=y䓻u$6 i}mpe%3c nН19u˕lmze KePY -qg(yzt lwzHǩl.>PWth{d|@9JcpLFee)VzlpkwE7x>³*)X9=>O%p"]MlYd<)$6~j=cûh2!FIZO6ABll ˫XI>s,rΒ uǛQJe\2Oz1x7lF6]Yg#ƂhX#[w)EQ ksx`(B\1(^F$QҐ{@HIDq ;(=sfN`|Vʲ*O w }`fs q ԼMrbk7;'ˣO\F`B;+)OY}JJ6;zs(}a"rD{@oX6^X) j^@[ mf-=!A44z\!/ f ʻ#n{뼵1[3=XW"58 LcP!f4ø Ĝ2N p ?'$\b >v8]O],l7m^#!QA?`F8H,NN}dndxg]r+o Dĵ#86uJInZ]nC #uq~PAq!~iݯnuIofAKLXn #̒Hq"3Df&@Ĥ4}y59q7ܻ6;?LT̴f<&ɟd0_ݏucm~5ay] cdA#/C! U.ȵWZ;hk+=x|IQ&ֱ nVw5l4\<+)dU&d 23p"&Ssrz ѶXmM ,CS |11}UfΫbuCHѽLFyHAGJj#$ ݻ&¡&KiYJHP?0 FTʥ+i/| Y$ 4 dS|6׌ jPn'cV 5<دIg!4 )xI23xKD-Q%!fgsZF^݀EφZWc)x\&"HLr-%~c̤[ X&VgMz`R!~ug%\Ϭ )k&cg\Oj>y,+p-rSa{FS5ܪxWoҗ[@ &-UՊY*(! 5:gQhGm*I xĮ"Chi~Kvϔ!Nx5g%3ƕJ='˙rͷ1V]oN/;;guĒ(j5@+*gςW7Y#U )y3;8 FS|7E C]-/른+bWxX,YnE32ٺU=Tq>]1WN9QƍB$)kɆw5Ot6\LAtag;8Rs,_H5߱ h +,=F{=)/,& m뇣61ooǺ6@JcWt/{Ln1]e<"5 9, 1{2᪠ꂑ<ʞh_,7{?c/h߂ͼ>ηoG]3w"*0\Oj7H8N;zJ^̏%X~Xh9x;w/ qtύWl|یYs'iͥUW,Zj8I}!ݨ ?J7fۙNb:ND: .:Q#t_Gdxz\Ю*CQ aI>G͆Ь?,wZñHI[s!<5dtxE\moBШ}J G5HTū 쇌<6?PU|YKl&Z4}T!U\S-Yҏsj< sv_V\K|P Q'ReJNP~NyG)Le1NG"r&dz]߸1oСGw 5̬@x~[Cq^.!"19 QKɏMV!e-J#saN$&V~$Em)EV`Pyɵ"fTdm?LG.XX -vqd􈊊mmb.Yܱ7Z:7͚㟬nQ8I6 }X"Yީ'jG]Of/*J38ۣ[!$ eP)m#zO}vb%!*Tqcɥ bd "luyK@8 HpČ"6s~bWV Be*9J!Ql ?>_4`td ?gpG& j ( ,SYyE 9\ ӡu4dϥ*K*Xֺ` ט%6 UVR)e\B}.# :MQAv*K'pE ;!cv0dw TNZ~35U|`SAVwu׶ď{;^//* |!^ʏxTh'u:DQ!Vfl6 MZN}rM.ip8 Mqe[׷`FV{Y&kۻGY(뾳汸`,_ H?~0lX\I%'y5kc^-A$\"[&f?><'ހtk^C CN5#kzjPQ%G" ';▥Yw0p^fLngggMoX^)ߥ3=;  s {JW$njOԸ!t2I%|QiT{\8q>+ P^̮ɦ%񅭷ٽlJVhXgQ_1Nz[^Jjs M8OBӡZ2gmg.\sPy T1Yu ]垄)m0o߲uMlt qF!@*5a鎙l ;6 1μv9]Y|vyYk|?4u0(V鉪>[IHH MU#5+{7"xbiW],f31U qa7|i1U7Hr'tOߴ,0 -R|aw7x =(ʪb򇒻k9'[f~tFǃ:(3ÃR -3CуC8%jV~'ןe$M67GB;ɲ%7 y$[{liu `-IW黲-[XR]1{g?pCL.Fl8m, Z'UdNXLIDWX:XzXȥ@r{sUP kf@|wu}Z n[3!!v7}O+ 9Lh a9X5l!A>g%qg.ĵ{_p  )Aozh0\>).W *m+$NGZ5 'wo,pN51Bֲ…&#Y'EqC?Z:1G,q|w'7MgE+keITHptKd)w#3Mz $dmeSy @+3z+?7HxfBnxl_1U&."wP@1-E'H98 w)!9S{i oB %m^N(ޤUlnu\\C9(Zf8}1,rx)-M[‹tx۬^apw1&hQj$3r.t6IMMcJ^sRы:C+IoawHr+/يڑݟ 5::/IC+M|?HDj=$F:+%'F FPaL9/W`(uI RuCUy5eղ6RK c`Z̟(oztT t ݳYwoSJQEa* { ~nVdM{˲5~j]nKļ-3pe 8D ۝!DzyA%~r_nΑ"Bow׷S>uw"F0l~lѪJPAy+m$qr*Ld9[ӣzBFΎ0@N{_׊ٌqhŒ B&5kI?/oPYT>L'bdH%2K1_*4`>k:2a3 Y`L쒹)f\VRzQD 2v+"Zz .k0gj&X<1/E[.xPDͣ+ %M|<@וr'Q; =+Uh`,yB4t&0GQ9/jʩg=DF[.աzw R6 1ZM6OT=8P eܐN<;@g"L IIѺVhT񚓜KX[n.lpr"ۛɏJ#"L(ܺIh[$m5"[`@tOƔ.Dй8/u3T;#'̣iX";Rh nQ&i&wfV',Y.uIz޺E"Wiz}nVltjQ=s&$SPtl$垦|÷c4/b}[@`)}_a\0$vgAA8p@k>6~΅Hs,Ο+)$Nȩ-Np.tq\)n4:9+t9:=ko%!d8L7fN8B8Zb6!SѣxB5RvG<4;|lZ? Ik4Y_Xt]sGwލSG._gK B6^g8Jmo򙊉<FuvԚ_iYd&%ֶ񠪣K>EűMsy.na2Bi߽XqzC'DDY:84/e1~)=k .gT+0^2ɼI+OdBr>zOI(s7'Yܾ2-aj`:\nGԽ_ih[[eBEƄQuǪ1ap+*snXxL=аo|[0񧄛[n&4!7k8h˒0Z77 q}Wv%WG;}oB`y - ognqg/!1abH $pXIdT. x#CԎ*!b70˶EuĭɳE$O8CiNP]z&W*@ܭ=F>}nzkנ. 6 ? -QX#R5g’:k.]@2K6)Fÿi HΟ8V$#MUУL*+~5 xJSs#jg3F!=Z05Q'!uyun\CZ F\`Zxo~)up!/;@ӏE9^=YX񾄏;-tAm4@")>T >߃|FGb 4O6`gIJm ial$×cY-Fwu!zdROWCorZgS J,9`"e(n<%"NoE^ S9IK6:dXlb*bS#R8Kkv$8/ #1hD=\n.*MTPzOZ*.Moy2Vrŕ* o`o67jiL9ERpSm|Jk5ά))[},@̺QCs Ye%$ IB5hދt=[ 7M|bսz2rS‡<͕ "\[Dz.eWd]fwtWhX#X;rN1C*ez*0FZV{^c6um P 6`&^4^ʃoưZ@TW.OY@S.XW~mrwDUW+h*܅+:N@ԮpQV P>6h5Ȳ3O=j s~oȅtUA]ܕ6=;S=/]Yz:Rx!*eO4}<^A~qUҀCS亱gk_NzƵRI/cRʚ!(xIɣ=&Eyx$MW@ JG:ZI|m?Q]8N&&O7 '`qk~#O֋t3/9Zi5e1Or4=3[8gNɵ_+)h Dt9>[4v8pIN1v^ƒL1v.ѧNT CWOf ir0\]nom5؃T-iSQ]]0)7-dL2>"4ݒIԞa;?8DNs6"pecw?ܲӆWNɅX<8!`0#[๎}r] (^&-l9ߏHR,;L:Է]Ͼ&KRN.Kړ/JW,Ʋ~lo1 P4a16:֏zhXPN/Bԋ9:E>rtV,xiU+jFvm 7(G02ه C˯bs|h.Z37?ƝmVsP e'i/:Q&kF5k2i n(=J p0ph37ۛ>DQ'[*'ֳϖjG'υ,LPTRBϘDŽͥ$Ofmv8_y'96w%޺Zj>2fWg慠 | g;Ig.! 6`oRsӭih(оƅ1xsyeDKY9Բ6oo=:DQ:NU>vc_3O k~"c7 doH}XO01*W yϤ֟h.[Qˡe?ˀ ~Yw''n2iޭes/WL#-ơJo&C&᚟5C>/ʖ ]_Y\u&"<9S>0@?h4͈? 1h(-.q7:4bt71Pە7!QRA8J$7 [/D35MV$~<$ o: #7izy?k-ЕXξk6`;3]WL#Ha = nۏjF!}8>^wm UV<>}OnxB5 'eWm薸|UɫϏ_Gvҳ1f%k؎ipj["a`[M?ikm_Gÿ[^))T(? jp9z-/GN@8C|Wk7a db@L QZU>] ƾ3?a,%Gl-=c%5b8e3l0ŠGlr li(QBt,~6&|ǃRw U [@"cWCc襉d ]q@nUy?FGb%zzx0|8޽^[ew]R"jl.hƮn=l~G/8n3:ڝF;8:48mu7 t@)b'^GꇢXT8@&0d8֍f eΔ?BՁaK[4{1DC3Y ]P=&w =z$b3eLa44<6‘HXm :*U``t1'V_M'wV,Nhi9M<}k5iGMQ_qlődQ ôG `b2jV #;%77{5x:DFit3lb@*|L -αКis1"SP>ԝAuz 齟gQM`—MQh*"3:BjP]Շ"se";/&7ow#$*ڹtUE"L?;טeU<ȨʴzQ\ϥ>r[FZZeWky'?l'kT^cw)tϰJ'̜6Ŧ.hy>7 #jz&9ku8u=f%CSF솁^X__.;kT Q|K2pr/?];S 3gV>>3<)xjXeY6ivOʌ _ܴY'~| U7=c̛&夙:ItiVTƬyB\›RĹ+@ 8mwZ"^x#DoZUt!IVH j k,ݴD a;<- IOҳ} #lw !zz #:v?]0!0/Uܥ:IU?.M( \lB6p0zw|{ +vÒ.L}Ϯ[s Ԭ|Z(|7vYJSa¢j<:F}WyCD+"MG_GGzbB];(*QM>gZSW؛$}>3*>SMl n#2#`ȵC=#OFY$$`:kϊ:x&Ht7A.=.7 Y1`bڂb9 P͊&&bz@Z_hBcF\]0/U?rѡB -յf7f=g5TC/9Q;`ח/oQGL1bA*(CUD @;'+F xmTsV[[rpWl9 ^,>J-U~D/oz c=C^z3%/ ؋Mݖxm)7[HSg)K橁-_PN.H 'l*t-auĸe9#Kn/GS_ucVv#M#]VZ[z!m5wo>45L~4-,;휜[Э$SbL!GHHw+oP Ʒ֓O HҔJ>b7BȤb%}w#_ *CRadF9gM$՗&'arĝKou K ߹aq>:LfɸC39y"~yc\oy7p&n/T1߭SnpOQjAUOAqDU-wTZ^hKl]OsAk6 :bqPoLA.ZNw]'}.mrC 7uչK8TLͦ-o4m'j8ߏ"GhʰJ#fxIdY3c.wCopL ]1iײr[Nt f G0=nh~rL zfͨVpA}A1yk6<]ѐtp.%V_6v(hҤP?̣Vf)KhbR up@{6u^XyrզFܺ7դⰸvRo zţ))_N{{XZ[G@snj8EBme>Dr2fM]ڏ!edu܇zTwL3E Wn8L: ?:CMJv>>>o-lMԒ1Jgӳe}e_O!%w _TŽd9<zs-y&rءݞzڍ9275K&+To 9V\wOPF>$}"X8>o{8#j^4 -I͂ccnd:(N%l*tq7KWPTIGٱN>cxJin:K#ۂ{%vF6"x=Pf)au⢤AvmR4{_1IݻW:RvRMn!z'(?thg""Hoia8"i |[FDKTk|_pѐ#Jf: -30>a۬ ݢWfK׾<.At =@;~<>}#3nرCsa8خjlDpNpS0w:*~lӕ`dHUs%@^Hfg @O3Ր6"_m itֶEצȝF'?/_]~:g_!B譲'Jw~9Qm)0l>Ev4zbf!'{bGw:2i3_yEy!֫-`ɴat.?u]9zEȝ (k9^:mC%LIR>')# 9ȕ;Δ<_CY(2Xtm69ptL9¦t>);? )?X1Vgہ%c3|'eNsX@PSlrfn%xմo˛+TxG8 3RV/28۸.牗)[Z#T%|/ gKVK۫!hX^.A׈mOc:R&sQQ:`@Q;(rmLfǁcv6mdFNb1 >_ASk^7=V.J3X0Ҧn+[{Tʐ4ԵϒD%a۫O^%3[,p8k#(IcgF]E S.d@iHT "OۘzxDXdFV$@;_[>翍hgaVjG|'Q8,np\b}sepuӽ 2 9DP.e~2zBFPY0O1Q|ч ZLA`_Ohup|f?|䁋<;E/a*<(n7L+5{Y ֳ.6lb_ě!nk9@zv韝׫Q˝h]fI9E0k*#5,`S77^KgzS :(Go~ֻoL̛*ug9eY #YA >(эmX\E*GFa SJLj‡~$!H=U{J N[- J#9p%z`1Aief(gZ~@=K(Qx *+X֩}(g Y(sTC>d$!5]ZV&6Ln0$G] CC ]d-й3on6Vh jp"\/oIt牪 (3, \1͍>(jdR>m~\u og&W:KI8"Fӊ,5f?8w-9̏ܢAvO(}^M-9ukm_(5X'1PyH '$1V%qewd=!,pMI2 /zHVbUޣ$R 4'\"qXYߗ{<+XGY7?M)2G2AxAruk/>o]%Ro5$ [*@ E*8NJkMcV-f[;{XhdZHy+,rv Ǒ&8wNχVd H%\uEX +#)Hzp}ߓ$-X#[\ղK9USt[`+^6lɦ<ǜ}0`/Mb^*zI+:-eai[F/03խx|e8 Vv4tcEj.4M $aJ[܉3PV=&͞a,M]Bm5v$ѧ>(015 y'+ oP%ŭ kGK +!.*UtDV]gy>ycjnk\+D1אQhjEQ@]qiW hI,Wmóa8:Ȇp?7C3u1eg&gӒBUl c/^:e4O$b)q*X}2حv^B.cBmnlK3))ry=xG)ovp߼( 4 %MA@kP@B_u}*"Zyf8WU&R+ғ(M wgPZ 3i:]6+Og:xyF札Ng},gt4/sqq(ZĐ 6獷Po=%*,°Go^L)Qv3OSM8~]9_MQToY^/"m^A|U[M8kۛc|B[ P0'PńvMsi}~, &`Z] uʰ;Vt=H:"\5%s)4Mz4 nuBcmAǪ)2mW>O w}Sti&kmʷ:2NDNL:CoG(LB2/&r8z|zgiy Ӏب\RJN/0rꒃ)K,kOB3GA12m}o-KT5|O9)Y$O;* ܣzzi6b?|yu[msvW`^ ]7 reœ]Mp3[@Wx3=By9c$hsi<,H툯]t%q'" ow ^ ^E1ԭcq*ypxRlDZ5ÅdE8YCLv[2ħU9VC 9(0ќ`51njT Kt/4a"h+"RQla 4q%HIZxXODc 2(mTA} iF3Z j`.>y_׵Jʭ'D8A䌊OJ>-? ӟX<,MGWW}17|rc2GxUM/UsM$)BRs 8b;Ψ 噾P-Ƭ%85|^dqoaǼ_Ej9"E)]AeãRGp22ҭ|Z:Tr}F{A*a2:l$p%7Mn@] ;Qu[ &L#T 9W|%`!]WTYVCq>S T:o6Vv;B !9zj&[ځ1ޝ+=-JNyi na(xFE$tKE3{쥽gEKB.1v G>*rnw_TG3MߧMmB?ے-UQ(DEdᄵ(tt)‚WiCYDmgO0yo e@pX=m+ev}$I_MSzi6g:'RH 9c{u $+ UY7ʅdEhu^&ALez Rr,R!Ẍ́Ul5'$hnkv}VE}X*jA#^&@_XoskNIxPկI|FQ5ŕ9 +H7^Ʃ ޺\%VV|A`R[Cxkh `anT`k(b]V71MQ{\XuWDA tZʭB4󰱻'#O`a "6HO٦W //%U nzK3Fb(beq-_$mYO_F˳MȢAZ"R/*E)%xdTZ b)B=vG%R: <@3u"\\*n 3%raLnmgһr vZmƙJ8 ,Orm #_bnMF~鹰 R`mߌ@߭J2ujDʔkqzW/K! t@Wׅde>s<zH؀.unZ˔,PB$Qs%1ʢ睷I %ĂAܻ`D@]p%?d X&RBSb =юƮvnԯQP-;g3U8(|.m~ojoTLQBrx~'TGY_] Xh*N^3!gyQ^mGn[uDE7?WBS8J$YWe!m٥̆ϸ>dXhbnk3^_$YorQN [\0c@KCMP_ ?EA<(rW.Oφlͤ>}/UѤ=~>w}kj]<E,KȉOjE!?n ً<#JMN;x  jJ4dV1s<^ֺR([)n"釈bp06e ; JZ MH}@3?M'or/{buE_+ 1\< HQ6a* Snu_dފXY6x23_O`2P0p^д SN9Uߵ8J2K )(گASt!GY{0 G0aQ/4kE *Ӳˬf0r:|ZTP46}UpwG;DxmrƳdct*Ec'yiׇS TCw ]K!#Z9F(tLyʦ -[ jY<|yZ;pғFꦚ`8y:{ɛ䕟(ewV I%BTks {0~J{Gb ^|Y0 ?)~{kaLȈdgfI]=3my^RS VDP𣤍@8CʊE6H9-8a}Hwᄇb1)G)H'?yoZYa3Vh Zŋ)rlʞ3@zQKAeLtPMZ&"0ktc&;+k-‘@3>9 ^ Dz%@2G.p5'(}o0瘗1 PCh຤Ef UZ[E}C<'Z/%_dIUZdǠv!  r l2獀*t`0\̓Z00<9$;r!C[(A$Ń$'AdLa2NBn5Q 7zb!W#ܚC]uy"MeE2v,?It4+w`~f&rb˿efWZ~Hm-n9#? >H^ܭi !ex]$EםrW{S$fPrW"s^?}ײ}fԜT0;kCAw{C0镴 ZU'`> \6fS͙a _ nm/HmaֳESD)O,/)qٝ չh 6xĹd5KiKX55AOZxUY$ty 8ڬl'{;9_{*Dtܒ\٪£W.5k͇FSlÅPZ]="'q7l߮hЁm<~oJav5bL[&,Y~i<=8-JyG9)OϹG\Qb]em5, '>7Wf?3/f飄kj[_%ϣQP[_4E%^/@򼶣j+^'(iEE_4ߞ{hxF(斩DqJHL-ŕC?D;}'C] }p*X#=׾Ml?Pض9Wӷg(s0-B; )ss_њ;|7D<.A9ݪɋйb&L4ze۸u +"9vpIa? ϪPq@nT~jB'sZLoKiu>/i-HfehQ7AH,Yc陟MGx[/ 3N|?\Ư{C+8boVn"g$}y뻇]?.> 1q9Dnux\F/q9P:fBjEBmEQ&Q)R H p{!}xM!WWDaIk(NmI^eF-Bm ;i|t!6+u˼2uH*h]gLwb޹7GX5Ӽv|wG*+ ,"]m0=I*ψ 82zx;CȭSSgHlN_ HA*zU8mj:t-4 219֛BF{OBW▏{q)7p;Fv{coZp[IeO ֽT0(wkxZyFae4E/D}e̊>(OΗ9UTM,Lct6M/7Dƾ:yrwy$KS 4:“d8tPs;GV!&Tm{pWI`n.V4]=ٴX54G{"/n;ib5/a2 (gDN/=tʵ^I2/ j8 Y7$2{riyk:}'p|!SVĀn3TUԂm(_4QmĤߑ9u9$5+NZ +b40(vƾ#u"UÒ`鬃HQ;·cGWI-H+\ V:0O>.Zx#<93##.*s+3t 6'ᗻkPT3|`W[/gmiKN${R$d/ cIƑ:j`Y%-${M哇 Ov[Up!C >mm> 6APYK58l3]]N{<Nс' @!78i|LoMMzpLEyaik)[lxn:y-մ㢑( h'=jgLMV.fEa ^.#8-% 6D <37-nz8 {C*/\g;y!L. O 88Vo~UС7\rds0~"w^3n1#ㆻ6Ju__vУN.>NhأyqԮ#qi஋Cj殯<_i,Xnܛ½H|]ڛQUL[MXLHk Uҟ m3WKYKIy4G_`M!_PF:'Rd3YL(wpVAuZ3teqi䅀{Q*-GhF?1I}4H5+zesaY48VnSwAw aH'ۑ[OI9FT-8w$^j?$8bV2bkz,kMPY2_68 x޶˨[ FznJ bpkG%.@U g:c~[H h#vo'UM4ц2=Ϡ4KpvD'-!h#L;VI]V|ĄMSQ.\Xs4ij-~dUBO]@qa=`{lѤ+ ?a@;=<$ц c\'%bb'^ǦD<(I4#OgR{OTKC=Y;E]/xI 4 KN9fhU#-%3 l| y.>7Ey*ّbdYemM+ ~Jէ[W~]b\CIXmg f~UJu]~;>0)u}rT{qaٴ/D A78/m+Jprf;ML«mNf=0h*2s[|濟:B*E%'X"ۛj< "AE?(\~ < K]–w{zvz̲b9TI9dAT,<=v( 7A2^Ji|LK4֬ALW0?s2TJ_zyr5i$K,1,-~pXH>a,gW`&{.W^RMǵdt\a6!:@["njޥ~,cmF, Ha#&a&W[|8nP\#DQJg %e8)sηZ>]] ۆ{hV'VЛX3Ox?71 `.ҧZ 78|#vz櫸T{.v\/ h܀Aȡ'ZKEi'-}fQ2Zٽ޷->Fkȋ/b%hIcJx `RN5)uKzzVUE.ydw$D)f)`@Qv¹Z91M;;Lhn* /ȵbi T:b\z embO] @h1k\9^8:w zR e"m=Cni{yxl%BڳN:LTO9o2rY>EOPjDRVTO#!   w"+<<M&ՋL"tGhI 1@np[r;w}c=VYG_mY cĨB$ѣJCD<h\g<8Őyͱ;@]5_^JHz㴥bK4Eg Fw3.ik6<% X ,_jRO9}%i>t)1ބݛ9fAъs_ywh7%M oLE]U*TĚ bcdm0<^*rB{N)]m `8 pƺח'8-w߫>0($'D7]> /lqwIsۓJb1cޮQMm2{VZ0^5c {c~% [8yXb#$e=J5HzPUSzݍmGޯA4eV,f`uGH%w.v0W[]37 z& M}D]a|ٚ` k2f%4i&LV( 8qrkBzJ:$)ylu7':J#a$S"O5dbh䛃i5P  HT6A(ɭB؁cim]`UZm,v!th*!>7_RhFVVc_cI tLo tU nP# t0(9#|{|!C V4T $6;𧂽'rL 8Vr5yt^B1d!y!b4g%pk ~cz ۝Oĉ^}hذ6Ϸռ-Te||p>Fx &+vn,"sTIZqe!R 6m9P}jɲU*A*k_I0$2 \LVqЫ<9]#/O+#\)j`uy#qKqXʇHdd$Z$op`Im\0gNwŘ̐=jڑjP_*-,ý*eJ~ҵA6~-;V"[{&#\lFiჶG 26hkڲz3H浔+Ac?BXB;b1m_ӪN1>/Tw#gǞʎ0t㞚x^eO. 6KoŻ-%@\LfT8aik_0YHeC_bs M4r^/Y| /&RtOe,ٹXde&9GI lW'3gBEMXAܳ=J*v ~2w#k)7-q[jϑQtoM7J11+?v*FI<0XUcK &{e(& x=ƿX B g^z:,1jؚ_/v =, €;p6>}ژC ֫vN`dJY={ !>ޙܿpЋ=)/DCLXs TTbtlznòG6DbaLmGK.JKF}St-6´ 5MGGښ}Z!l>ɎV_/LU]ۃf>$P UM)G(Z_ Je8ګQ=-"w/=tn1"NpS3DyOLS`>%V]>s2q)]5R㍺k_8A6 "+=C'oʘ-?n4 pQɰn8 8wOL=cqYQip˥pf<7QiDhdq%y:ϐhy:d4LdJW׀LM3p1 .h6~C2Phz/(nt %N]6cbˊgiA:0SᩉUx{2L>o˖iNxd@Qm^M283YUo4G(UGBd*=;>F:P=߭=ؼ  V]РkQumQ%2OV4fӼ]Q\Vi)a1%,"Y$5"4̇!Az/>pshN`(#JKI4ƷOz$CGC0錫b,(zg3»a媑JU'mf㘻1H3d-G.WҔNmވP=$"O]!S @zET xڃ/t87[$5ki/J(>?_prE&sLh y#ο2ѐ)`3Z0`ti+ (f莨S7?*-?!?G5ta``W(μ_ ~|ڎBm(5 K C*㚚?G+!JDIDv1~D<;~N '  θHKu^ Y'@3u>i&7ľ(ekZnQVn˰B [Яѭ)^K9=pKߖ BbP/ ukM.`oœ>O꺦}הxjt5MXa0tFBY'tssBf: =h{]n1w̻iqI>-ڵ xȑ6 *7S17Ȍ$2hzd*4rs!{/ƶ"H‡/[߫y^مN{(HAL,fP~hAhqii~].MZH(Y6(6V&efZ.R2Tv r0Vz[LDZwta߯aݫ} ɵҏ$;|qToPRbӝAS`<#zl.xV͛"Ci{vK[Zy=5 dܙI,6UF7،}Mo~։= OKfgVX$셭l6xqΔeVz# 3$/Ed[1P(RjP2z* J0L$=QBx9# D\X#)wF͚S~}-3<=!,Q+#>'z_mclEj2odh?yE a`ļzJ '*ә}ZI5\pMciw+cЇGS5fZ4Q"@,5l bQxGl #r/x^Q~u^utpC<V ahό[Rc窖ڒ?,%,򀳊/W'[5 ^HGIņ5ŮT ?)i] C#_uQ'APcZx7OWIJF}L JŬ)ό/S%X)%W+'6"Cny'W8Z5zR8WbB⾋7`ELf |;>5E7Q;RyvhnTQts* 5֧I' 2ꝒcOh3_Q&+ϷvНe #2B2)(h)6/WgNV'R3+Țƺ|noϱzL0 yZ +lI]HoUp{DUVk8񠥁Ei7 j Éhbl Ezl]OLҖ`o @ae/w̟ Aӛ|JA]ML';Pկ8grrcKo oI8dOh̥x$ 3C$!Zh' $FAQ RBPìUda3D QXO1 ԂEwd=$^T@$[_N-e3kGiKs@~X3ʞYSFq#|yv+rp)Oh"߼?sg_ sS[2R^X[[巉h9DՀHk_AmH[^o, >#ebǶE7UK򇏤l, x j\[)dGȐ8i(„_>X:φ>np@{%%#"¿vN؄GH WX0:!8w:W+C {uzۨqd->ufsY"R/t3$>=rWH## 䠌yLwl=l;괳a tjTΕ} C?S!B-{=u{Zm9-5{7aBea~7IƐ ٍN:з0֫î =y$bD)rlEcחH ҒL |Gf; 5>RsSrқ C}ún PTu=QC$ҢKJ'tSg gXum(238] ?qm?-q^ט|S^1WitWbZnnjtb+V DH *; `gs`0\9v4hd> N̅[xq6E6W)LDW6* ʲg?JBJINK{'3_-v5$k y!l5ҤIryA*MX}d^5wJn.QѪR;P.j^B/Iπô!0\mS#^w%At{a6l Z y/dT& 73AMpVoG~ږuhLJvE÷Y^,em"`K#_F364DpQ l< @,n/r+.ڏL#þ,X -OKh̫cdrr0zJh~RoiЛMG-'L W~Ñv]*O;Ł$dt\V-uHww >,6fg|ۄ:$|>2c۔B/MO!"qP4K(jE=̾y āܔi2&l4B4#RRJX>dj};U8aibqt0'ۚm 轼=ta2Dt/(l:PWPropdv)YO_\2/AA ~Ӹyّ`G%6Sʏ%`c4gIuwN!Y_x˜r lO09 Ӆu*Y{ujWksŽz0M.ޙȣul["^5x0ZZۈgtՙj1&gApѕo2_eDbB$"rơWֶf=:")zbCPTW]hMӏ(ϰL{\&A \&_.{}T^{3 ym!1UTlO+J1&bi 9(%{vZΏz>ǔD2Q0D ?)3w.D8?"2fo$:Qrmc ?>>ٕ}J۳^3dS46c$;\բ5T~ÉVwr(T$$XЮf0I*rж-_U/ȉoUgK-f : ,u6S(j"JÇƹ1PµR{?FKc܋GL\i.g붨!]r~ ]8*ŕ')h^*0u b}X1?AZF/x$@W2GWӄ%?(rqGXZ_!EFF: ps MHI԰U%Rm2mޗ-^ xwdiIȄYS̈l+,LF;ƎbTm6ɭ#nѝ`v/B XJ`,4=`YDN'u1Ɋ6'~8,H>pK#ޞS-*R}UlfHB+uԫ荃_;W]+)OdȠo|qK <>k=5)1$5譂}4Âxt.RLtoߍmI0 ٢bx9Vw*,/,rگd~vC2[c ^DrF w%o!ȽZ,u=o[hdfJMK?rT#6#c*+ 8Z1m&Dvc|fq.K,&T =NmW}6\jPD4TIKY.//U!nT6=&qn]qۺ$ -N r]'pD=JtQ]bǡ#! )ۦo Ξ:jB)\w_V( jY nԝb!ϧ իzNh-`qۋ>\Al uO6WZb!L[z[vͅ:{B B~cs,@!ʲ ~8P"Te{pc/n^FP ttOw"2৾c}UԼOȐy?ӴUfxO㓈vii &v#SU8-|U+Úqu*[t8Ks 4Zcg+5t_ .CBOǢXiӲy6cqN48t`3K$^ z6>Fv`BD VnM JGrXՉ(,5؇ER?U,7($Y}Cf$?F19lAӖl$a z=E"Q\"].a6)\?Y!E~mZdiǼE"@M DwH/`kRWU_@s3؋%Ԛ - 2 )}o0^)lP-8ɵ/N'9LjVʽ,mjy 48g BKMxΪ̾] Z['ދě/Ç&? u"dB24?a}p bZkع0Ac2 VI{owt;WnZХ9[<)XnXx=v4nH!h1hKfQfrTwk,wY Hzm 1){O}IIL*p3y[rI\xlmOnqKdo+ В/1ڹAEFmlRUG]Et;No|'x >7};=^ KA=GxnͣnG2W%(yh^uJ5o.[r Gsٍ=$|]9Tu';`πs#@fDRaCó,*` ?}:j }ȣuJ{ޘoV}jyoVKvX-1 X%jB޾_=J^h} xT:9+Cu/dnx p**pb(4'\R<7t_rQ[ <(m:|q[Ne{ҐNb3G˺yL;74rC}(Y~{W2%cKtɛ:\kO ɵ*ץ*ZD҅GcCIB.1Asjb?HȒ:/z4d{v3{yD KBҴꉉ\_PP*wF$fm`G,^TR >qawKĤ&rDI B ڮRA<.p}RJ- J3t_XS@Z(#{W&Xl~y >BPUp5;mo8TpJw9w*j ]׮GQ_?Mw*QR_&@J9.}=u'R^:ǚ=~G>0}!AtR=:_Qou nJQB?y+FYf뚫A48|/HK+~nw۲RUؐɕz6C0Zw")VA3K=ފ/< AbX֔Lu&{P*zUڵ|^x\HV=:E{Pj8;2.C{NC}֊diez%N[V@"8AIlyēxrĎVo6٥:m8ie%~6!}F-i ڛHu^`[+Gl_R}͵E?dW+wsL*zW bzrV dlhKu Ž퐝}Ȝ2!9 }煲w-%ǽNKe8z s8_a=En7Յ!}GI<9k^(0\0,gU`ϮEK%X {]k88(F{c] LQrm [ےݚ 7 pFPR:65T2Pu.\ m96ui6qLU to~Dnp_ʧC-ޘ껷pXWdbvFĔ瀊p t|]i:M^$EIUnLMDd zB˦P.:ޟgʖI W @Yp z-f y$ICnlƿ*`~'Lt+W2T4 ,R> sDnWfh`yH/]ίl/%`ZcZc[?-PJ:tDA^cBnԵp>ε @ΏCxS@V3Un*Nd)-0Xq(!4|$d Gaj56gĽ#9G<.A䙖_{a ET+pnN?#J clҊ+&+8 ܶ^8ֺLi5`A=2,,sXYWO1ghqԖ3DaKeQ"!ݸSc_(o1p1geˣҕg 1s#pAaOUIxBOEUY"]C墱XRX> 7z>h~4d=0I(Y@Q5pRRJ9+S}t#iev ݟ87;'j ڥ $Wi,ìql%|!Py5#n&ٝ 'tLPt"(ǦOZ`d