krb5-plugin-kdb-ldap-1.12.5-12.1>t  DH`pZ˹/=„5u9C5j)&fd A"DA4P3jc\ ʦeIג7LDRN; H9˃qRv=3ֽ8}#_8cǬGUC}\J!'lǘ\Xw}kPĺ(ha\ eb`/ ~ig<{'9MgC}Uד]G {6 uV2\*rKY2O"?TWOӉ{A>4c0964a12ed44bbbecc8aa64855ae41c34001732_Z˹/=„c;@PXL!Pl @[Qs=\x?\hd # V48@DW`d }`            0 q  ` ( 8 T9 XT:T>T@UFU GU HUT IU XUYU\U ]V ^V bWdcWdXzeXfXlXuX vXw[$ x[X y[3z\XCkrb5-plugin-kdb-ldap1.12.512.1MIT Kerberos5 Implementation--LDAP Database PluginKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. This package contains the LDAP database plugin.Zˉlamb05kyopenSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://web.mit.edu/kerberos/www/linuxx86_64/sbin/ldconfig ######################################################## # files sections ########################################################(oxl` AAAAA큤Z{Z{ZwZwZ{Z{ZxZxZ|ZzZzZzZyc367e041cf2c3ea63669a6d0c623fba951c158050d0ff9bdec4d2c11dbde2ada15e76c5637c073741bdecc505fb65a03799c19363f1a72c11e6ae237445c26bd2850adf0444ffea0143293720a0b69c6a7af7b7bb2d0c6f2f557daa66399c3c6libkdb_ldap.so.1.0libkdb_ldap.so.1.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkrb5-1.12.5-12.1.src.rpmkldap.so.0()(64bit)kldap.so.0(HIDDEN)(64bit)kldap.so.0(kldap_0_MIT)(64bit)krb5-plugin-kdb-ldapkrb5-plugin-kdb-ldap(x86-64)libkdb_ldap.so.1()(64bit)libkdb_ldap.so.1(HIDDEN)(64bit)libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit)@@@@@@@@@@@@@@@@@@@@@@@@@   /bin/sh/sbin/ldconfigkrb5-serverlibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libgssrpc.so.4()(64bit)libgssrpc.so.4(gssrpc_4_MIT)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkadm5srv_mit.so.9()(64bit)libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)(64bit)libkdb5.so.7()(64bit)libkdb5.so.7(kdb5_7_MIT)(64bit)libkdb_ldap.so.1()(64bit)libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5support.so.0()(64bit)libkrb5support.so.0(krb5support_0_MIT)(64bit)libldap-2.4.so.2()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)1.12.53.0.4-14.0-14.4.6-14.11.2YYY@Y@Y.@WWE@WwW^@V@VwVVA@V0U@U.@U.@TT$T!`SS;@S@S@SK@Ra@R@R@R Q4Q@@Qn@Q@QQU@Q}@Q]k@QZ@QR@QLGQC @Q7/Q4QsP@P}L@P}L@PyWPnO؀OЗOF@OJO'NxNxN=@N=@NHNNS@NP@NNP@MMlM6@L8LeL|L|L@LT@KKŮ@KK"@K@K@KK&(JJ@JY@J&eJ @hguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comfoss@grueninger.dehguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comddiss@suse.comvarkoly@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comnfbrown@suse.comckornacker@suse.commc@suse.comcrrodriguez@opensuse.orgmc@suse.commc@suse.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@suse.comcoolo@suse.comcoolo@suse.comcoolo@suse.commc@suse.decoolo@suse.commc@suse.demc@suse.destefan.bruens@rwth-aachen.demeissner@suse.decoolo@suse.comcoolo@suse.commc@suse.demc@suse.derhafer@suse.demc@suse.demc@suse.demc@novell.commc@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.dejengelh@medozas.demc@suse.decoolo@novell.commc@suse.demc@suse.de- Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch to fix CVE-2017-15088 of bsc#1065274.- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995.- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)- Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)- Remove main package's dependency on systemd. (bsc#1032680)- Remove unneeded prerequisites from spec file. (bsc#992853)- Fix CVE-2016-3120 (bsc#991088) with patch: 0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch from rev128 of network/krb5 (bsc#982313#c2)- Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)- Upgrade from version 1.12.1 to 1.12.5. The new maintenance release brings accumulated defect fixes. - The following patches are now present in the source bundle, thus removed from build individual patch files: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch * bnc#912002.diff * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch * krb5-master-keyring-kdcsync.patch - Line numbers in the following patches are slightly adjusted to fit into this new source version: * krb5-1.6.3-ktutil-manpage.dif * krb5-1.7-doublelog.patch - Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh - Remove expired macros and other minor clean-ups in spec file. - Use system libverto to substitute built-in libverto. Implement fate#320326- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character (bsc#963968) with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request (bsc#963975) with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask (bsc#963964) with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch to fix a memory corruption regression introduced by resolution of CVE-2015-2698. bsc#954204- Make kadmin.local man page available without having to install krb5-client. bsc#948011 - Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch to fix build_principal memory bug [CVE-2015-2697] bsc#952190 - Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 - Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Fix patch content of bnc#912002.diff that was missing a diff header.- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass patches: 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message patches: 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries patches: krb5-1.12.2-CVE-2014-5353.patch krb5-1.12.2-CVE-2014-5354.patch- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff- Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff- buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Fix null deref in SPNEGO acceptor [CVE-2014-4344] krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch- denial of service flaws when handling RFC 1964 tokens (bnc#886016) krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch - start krb5kdc after slapd (bnc#886102)- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) similar functionality is provided by krb5-plugin-preauth-pkinit- don't deliver SysV init files to systemd distributions- update to version 1.12.1 * Make KDC log service principal names more consistently during some error conditions, instead of "" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-gss_oid_leak.patch krb5-master-keytab_close.patch krb5-master-spnego_error_messages.patch - Fix Get time offsets for all keyring ccaches krb5-master-keyring-kdcsync.patch (RT#7820)- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch * krb5-1.11-pam.patch -> krb5-1.12-pam.patch * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch * krb5-1.8-api.patch -> krb5-1.12-api.patch * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch * krb5-1.9-debuginfo.patch * krb5-1.9-kprop-mktemp.patch * krb5-kvno-230379.patch - added upstream patches - Fix krb5_copy_context * krb5-1.12-copy_context.patch - Mark AESNI files as not needing executable stacks * krb5-1.12-enable-NX.patch * krb5-1.12-pic-aes-ni.patch - Fix memory leak in SPNEGO initiator * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch - Test SPNEGO error message in t_s4u.py * krb5-master-spnego_error_messages.patch- Reduce build dependencies for krb5-mini by removing doxygen and changing libcom_err-devel to libcom_err-mini-devel - Small fix to pre_checkin.sh so krb5-mini.spec is correct.- update to version 1.11.4 - Fix a KDC null pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. - Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. - Fix a number of bugs related to KDC master key rollover.- install and enable systemd service files also in -mini package- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs.- update to version 1.11.3 - Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] - Improve interoperability with some Windows native PKINIT clients. - install translation files - remove outdated configure options- cleanup systemd files (remove syslog.target)- let krb5-mini conflict with all main packages- add conflicts between krb5-mini and krb5-server- update to version 1.11.2 * Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch- add conflicts between krb5-mini-devel and krb5-devel- add conflicts between krb5-mini and krb5 and krb5-client- enable selinux and set openssl as crypto implementation- fix path to executables in service files (bnc#810926)- update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - changes of patches: * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: upstream * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: upstream * krb5-1.10-gcc47.patch: upstream * krb5-1.10-selinux-label.patch replaced by krb5-1.11-selinux-label.patch * krb5-1.10-spin-loop.patch: upstream * krb5-1.3.5-perlfix.dif: the tool was removed from upstream * krb5-1.8-pam.patch replaced by krb5-1.11-pam.patch- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif- package missing file (bnc#794784)- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc (bnc#793336)- revert the -p usage in %postun to fix SLE build- buildrequire systemd by pkgconfig provide to get systemd-mini- do not require systemd in krb5-mini- add systemd service files for kadmind, krb5kdc and kpropd - add sysconfig templates for kadmind and krb5kdc- fix %files section for krb5-mini- fix gcc47 issues- update to version 1.10.2 obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time - Make PKINIT work with FAST in the client library. - Add the DIR credential cache type, which can hold a collection of credential caches. - Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it. - Add the kswitch command, which changes the selected default cache within a collection. - Add heuristic support for choosing client credentials based on the service realm. - Add support for $HOME/.k5identity, which allows credential choice based on configured rules.- add autoconf macro to devel subpackage- fix license in krb5-mini- add autoconf as buildrequire to avoid implicit dependency- remove call to suse_update_config, very old work around- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529- use --without-pam to build krb5-mini- add patches from Fedora and upstream - fix init scripts (bnc#689006)- update to version 1.9.1 * obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif * replace krb5-1.6.1-compile_pie.dif- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery- fix csh profile (bnc#649856)- update to krb5-1.8.3 * remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif- change environment variable PATH directly for csh (bnc#642080)- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)- update to version 1.8.1 * include krb5-1.8-POST.dif * include MITKRB5-SA-2010-002- update krb5-1.8-POST.dif- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)- add post 1.8 fixes * Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512- update to version 1.8 * Increase code quality * Move toward improved KDB interface * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals. * Disable DES by default * Account lockout for repeated login failures * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility * Anonymous PKINIT - fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347) - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl- add baselibs.conf as a source- enhance '$PATH' only if the directories are available and not empty (bnc#544949)- readd lost baselibs.conf- update to final 1.7 release- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy. * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code./sbin/ldconfig/bin/shlamb05 1510132617 1.12.5-12.11.12.5-12.1sbinkdb5_ldap_utilkrb5pluginskdbkldap.solibkdb_ldap.solibkdb_ldap.so.1libkdb_ldap.so.1.0krb5kerberos.ldifkerberos.schemakdb5_ldap_util.8.gz/usr/lib/mit//usr/lib/mit/sbin//usr/lib64//usr/lib64/krb5//usr/lib64/krb5/plugins//usr/lib64/krb5/plugins/kdb//usr/share/doc/packages//usr/share/doc/packages/krb5//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7472/openSUSE_Leap_42.3_Update/a204334070dbcdc93c633a8233d625c4-krb5.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.0.0, BuildID[sha1]=bd3c0184bf7178085ac885879bb40b67a669e137, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e8dd740f60226143368fdff2279d4a2e96cce341, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=28dbfe2713231dd4701546b8b58f2674f877a8a0, strippedASCII text, with very long linestroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRRRRRR RRRRRRRR R RRRPPPRRRRPPPRRR RRRRR RRRRRR RR RRRtkGe|ܪ?0] crt:bLL'=&vNHvrB7jOMJ"RB_+=}[ G6Uҗ~h6E? [ƜtHuV .Mj šX *4;Ś  .ri0*Fecɱ1gi 7-W< iގQ܊4Wxn;[/ iž;X4*ݵ ^@h סhH,Z>y2Az[$tS+$z3$sM޺ 4H}>hQDD|K=2έEF"O>#2+, ˩TYW|'"8us2\; +ZF$R-Uhؼ?c1SfRI0WƘ~cv)9dsG%3i #%k.Jd/OރML%4bC<dttL·^yBa Zp\!/_tVW%غ$X" ` l= ji!OMCMu5F0͔Na$"H /a-έ ¡%MFcޙ[,2{-r=gb8 EwY=+9O;:vebrc/F?B>Zr͒6Ou9[H(Bɝ^#$ԥCʑXUrm9+4/5fi*L_<#bo\h{ :Mf-~nKڝVB=z,D`uk:b Om@f쉡Á3B rػf\DfJz~kf$faG2sldG)YBT%@&SY3Lq `.A,is oLH(>i%$"?GNS+>d58< gB%Td{q2#}oI?o2gOuN<䄮C-^pN)"2O_( ‹N i,sUvҲiIwRp${)=ڹh+RG-zn#u .,dp#:1R,i8ɭ<sXJ;qT , wRg짾7$v㊙^L T6&+M| DME#4Z$A*GFN^PcvEoN=(1EL^?K^'o $ÖAg/mpuG_dHS2d 6Vts%-'mH(x'd (aM\V笃.A5ަWmNE#矅Vm4]:Nv2_ء{s?k5L5FTRg펥﫬 ]\Շ,ַ!k [ܣ=wvDT-Ōeua>ߏIi*5.U[ji6!d g9S>V+FUSpAcY[,:+Z*0 OTZyu"486D#6;IF٩ufˌq䭤l،ɲǹۿ %N]\CY?0o.=ߑ.S!o lbNS"Mݳr6XQ[x]`֭^~^@ ; G5RTu<5wanN5⭫-ąPn3X'KMԇZ{ ~EujVeYU>|VۮK˓_֢YYEJDZѸ8sJ-VE{*v嘾C˲(%f̲\Qu4VxwT-f+N}7ugЪsqFʌWVKN$ b2Ʀ6u"[ٰ60aD[֮p$jxeQ(oujAW)@¹mEuOc AGH k'앺Q p3.Pۦ* \-}[b8ᕶ]O2OSn̽MزUS$; tF΂NP} Ky6Ns>ovw>Fz{Vd}V1V\*x̝琕#q[G {Z;eU `x\Q1B*R5'z&k8jTIfE4DM7Lʣ?ҩ.GP`iyx@{GJ4$87*ܼcY~݊n> "0$Jan5mpvl-yhx3lHh᪋? WW#_Φ&ҺX^ &W*ξ&ݒ`IqnRt3wDDL`N903Ř@.f^T 0c܀˱MlOncO墑e D@(E@lll H6(z l%!ƻgBK,YW΄kCԎ[uH(6jDhpr Scw/42,DSWLV|+2I{7szԺ[P6&*p=Y`Żz{ veQFF3ZNH.Scf@wsk  sM=3<æMԴWG/4Iqf<N |{yo&5=v* :#<|%{Up>V<h i)Jp97Yt0Iok"rgp E }2B8`\E.DPr qInjPMϒo>+EۣhygS6Yԭy_/cFI:\"+>!H; ;Xړ5!s`Gޱ"V~U|:yZ#{ -K/ʣRN]i&3't(Y93JaxPa-RX/9?yo tyy腲gx5\Q+YiV==%TKȌT#pf*O!XZM4Z3J 8(z5dQDÿ/}saWQ?lN&kO}Raj0)2$]1 (AʨS'S7X΢oy֨FC5ؘE<MG?8qds]j:xȦzoˑjV%ק-/? %U^*y"D1K̩.X|+?hg4ʉ`S?1?jm+Q^ϊߢ!0Sӫȟ}]*ږKPɶ2Us=_J;RpI&6>8colJ{Q2 Ot k+a@jVACnnۿ>z0NggsglӃ'Σh/ Vkm92ݚ$⥏ƾ0$^No$VN#+`#Mv_\CLk.t- O )Z9uG3䱌eO+bPۙϯ,Bdt}\I<<%ba'42'c)Z9bQr.~~c7FܖI#BO:ɇc0Vb{4tlWGMj|gκ':YES6_O3$K }-@]\kANU c-U@g_L@v/[CLS#S 7T'c?8d%XcTv} 5W4[(p$@8bc_ +Pdv{iR1cGH[m:ϖYܗ͸l ؛aD 1h1_bc0͙@C_߭ms\By>gm?MBm] L`>z5Μ4E-xJg  YKc,xO)R~Sk60[QTdU G~OXW\cmu8x׀Q"q"Oq_gRZ_4Ik|LtCwY/ׅ@Ĝ MRܘnlsrDH:uC3Ir(3/g xRWT. 2A ѹo}v@'aYa_y@CPWa< aV$B_%qӽ02SԬri(W0$+a0p?6EE<+S(P)-<3R? c6Ąo NA9QDzBuU""醾ZTik(j/T/16REC##5k'%]0Kb7]Pr*lRGwu ܆Դ! 0uc5f|#%p|5` (P;./FS:mU-#45CW-l({ J*q(*Bf*D7z h-..][>S6/mNuS2@>*7o%uRs$Sm.?i_*&:98{}5y -r}w8{ ƅ _ <]\3d) 160 $`0jJxKL6< #}]wq &f(qnp1?ƾ΋Fd` 4=&6o$;! Ӹܻ^J'@N0_?5WͶ59M B(y2x= +9R>_:iE![拏'Fqwl9;g6L5Ry׮;eY:d3aKƬcocGK>oPwQ+2+kߪCJs60jWUB.L)%/˔`=974*\sAv-w>hƌ2_1Jj>=!Bqh_ŎPoGYޗ9Gp/yC]b3:PPd=klwDt8v'e|2k%)F6:VɺupsaXQwy_%^YM2$䒾L׍]ԭ@hcy Ӛ L+{ }%+E¹!#&hT¶Q\NG%',?Lȅnj ҙ!`GV=Dv$X*ѓ3s |[ ,~('S5P5 ٥LFX*/F}e%3eg9u .]nN5=|H`Kg__7ł?f +Le4NVGڀ [ؤV~I;[a4;GŮ|Z[ ;sa/Ng K6~F\)c𜀽$IIS<\ruI3)_ڦճ@ 2 cO[fsX{-\ځ4’4/mF9(D)TMQnL$Ţ6%HI'V&_p'igw ^wv¾%/푄Z@g(F^#/q\(~Oͅ/K#,;Fϓ2lz]KŽFghQ2ux#6s[eHDzƋ!28~MDr!u=7&!cı]~V"dt"'3?v 4yTHrdL}.tS Km[(mDp=e/F@@b#e8 DNiߟ67n)BǗ2$G#MH^u VT`J q|x&9Ve fY(fW9PG]FVҘt;zi> ;ɺ[,^"h:fvFıtmWW"pZ?kDҦeWTJk>6@0*wi潽|FiPaEq B!}|nphM6=V uR#;[\[u?oI}Cqn/U@Ȭ6==We߲$߶ IΆ2.CP*&"Nd53/Vp1lEL(0]kBn9:rDXbe0@M{#DkK\S] |UL8):dF%% 6FYÓw}M:-,ڹI5B&-0pf'١/3."aff}䤑w_(B!|jri\J9 :6Fa}NNX8պ}M/B􃍼d/W_&S@DՅV,gj[\/zUT(qUWKM񗔾irBxz' b%|}XJVC: =_&΂ Aڨ't;wZg+G'1~:P'hM*2z@ܷچqΐb1 f3`+劚N_+@iW oPĿV*?C฽Ο,?}O'7)5wf.`ADJM?0o_G'r'/D`rϝȦoV2HfT<,=\'}֧Dxw2uc[sGRōi?c5ztnT PfiZ!&t rk^rl~`#Ux|fSd| F{K 3 hnՌ)Y#H MЉ =8GؐR+l!ҽT XOdMsDJ(Vbݛ"u1Or,r _rN&2a$r1ocx{Yk/nzPk Y!K>@"c7-hjuA` 1E"m#MѓՐ3g}wqTDDZ>u#Ս+ZBjЫ%E5 Ȟek=_CRH4{_6_!Cԋ~]bY,㿄 `dFk ^<z8ye/doDӾMU[p?ܮ݀nt½}P8ʆUE߲ԳaOǖ./]$?:h<+@)vVHn4V4֭lt[7O@:\R9✕*@3nf>l=Xd%klm䪡l|1]G] [9+5ㆉΘ 0˹`i XC(&1{l'!9̼u~; @$w $bl*><VJͺXpGWإe R/"a7&P`906.;-ZTXmk||mGFԧ7SOE?۪ `d&:EC2Цk?22c%s=P@3*}b1)g\iPlz˳_)<Ŕjm26`hXW\|EP ;CQS t8WT&D@J 3XFhp>b߮ KǮ!gP,aYϱH7^Nڼ2',TPzP]Re|yFJ%RX)d&yUjP&VDx1]嶒Iʯ 0Q jo#E~OQ坳G7~oT~_8E&&/vwҦ.ӄ?RY7{4jOQWrΓŵVќ5` eq/O"+ً)TUL6D-luyl͍\5uoe=Bv|~h)] [Q|\FУRAYhrqET=H\7ZgJIz| q竴7Amlr._vGNyv‘4ȨcV*whrA͉-Rm]Wg{\͑eH %+a>*sJT"GbbrlG~HdؒO=4 UsQ,HQS M~EkT& B2#Z ψJG< J ;5NQFA ='3i+W~34P[ˋIu0n4ƸeDc -Y0cˁ¬Tr>٣pvtiҢ]_f#Չ 6Wg$EêGHܔhH$P>2kp7x{:n|c…E|gĀ~ol3FGM2%`{1>yDeniW*b tkq#Ɠ2qm'!6s]gV&ǙnLNI!@486`fx>\ d7ȺMK *I05U;"f ]jY!Wv:A䏠Dt`J/u o)^!T!T. 5o vI'>O*Z͌rq7&X}bF#dt9E0sC9 "W %BP, S<(܊@E|[ikZ45{Ak/N0]_›%g2:؀78B"hJ,-HoZSAY̌‹tY}x ro EWKYst> }ڳ@.?ҧ0PUc sU_*,:}^5C5HwEi* ?KS|I~ )wd 0װGMD=hBPoNz0KiLJ{*[T}jtYE\a2BHoX|wHaع&vj(q^b|Aɡ qLvW|‡AcG=?4(͙̔zVqDnb1h#&V]unkSxǒ7E~{ٚHm@QC SRq)$ףyր2UuXKRVĦGWA\2; UpQl35GÝTr\ˣ]ޔ)N"j9ΩJ 5z RBC#\j x~KmRWU5phSګP뒗VEzyce{]6nmHh -^n, K"6I?Cůw Z]^ݵe^;Z ۇ*d0s<^ܽM㻂ۭZsJ ]Fab%?S7g=Kl.tμ:Ch6!J zJ"B?u{ݍ(: ɒ2QxY>Lۆ2@7WTjEt/dhPW^iU,td})}X. Iui8zn*uD"[xDZaX`BM] ~a@.`Z4;gW 6,[S)o< f/֖GoZ鋢cIQQ[?b[:H $Y~̇+j9WO`K12*0%Wj1M0Fi~6WS zYoU559R6bOV[<ѭkO<*7g{|u쇷}oC]~e͒ u3Ǣd66Wv_:mI a2q=JV7-;E0^$?Jzet aL'Dj#-9RF ׈t0?"<kb0t~3cʹd<#Sd.ٱ‚0#/?msq].o$VoK3FڦeTjYS)䶮׿:"B0j ZX}ҧoջpfH/vL ‚LL;XBZt k穖rD"ض$}6,4kH)Dx{ 8qD]ΰ:|E9LriW՘{(2q G||go]yGj*+"lllDW|Cp 2mΗX "n ## a>*2f,rkWeT pUl[32xR]P{q$. 1 ifai'q׬TcXχSڧT̈Z[i?i>DŽ 7אW)fÉv`h|ҟ>Pٯz2?cPl#.1|n{:3{а8PO_jZ)'Qw=="V(ƪ$D9K*mu8R0WMHߪ ,eDJ8tWtn\@H^XCbj^,r-"ч9Y{KH,(}NT F7/;ˮ pl vE*yIrF' R264V;켄nMת{_# :*T>{%mw*ī B;e |1ram K`j}[w`((<&<͎d "t6Ub4G%jlu[ǩ^xxYW1AgQ­Babox i+`.fpW 2C;{^Rޑ:Al^w-9C935c0ֹ lvmgj#zn ? ZGnOOOJhDV!'9i4ݲE9W`[bpL}-mHs3Bx^9uࢻC q!Bz\{B-h3p8v;L1n^ I~5kH1 8SFe"W=\mi )ꆞ˚-[S;F-_ǗͮGY8Э 0eo)5gN+~&* m ?95[wzlL}gyäo0PHHZ7=ԜUkLqSEHA2"&Y. 6}>b.džn:,wG,mQgߞ|OtFfj]j 62piM*6Aui8)ezɊ1GusB2F~Tx].@j~:4/2ٔ-.^dCVƷbKPGӬaH=6*@8vDMekyBI,1{k鍞,iUI̙@~r7\t댑~C czEx-T:1^3" ʛ{ZMzjekuԳnG拣Ay[۾7_Uaу"rwfe @zE}D)b#jF\2tg;:Q']n~e Qpf,218Jw=/'t$0yVukZ0AlӣȖciuns9%ֿ9Ccb+ ~Q_iI 8-uT`|>2Jya;2/(A\1FjBT}7'YUF =\Ɏ8""pr4B H<{eQPW3OM(#EqS&2fdsXUO Rٸ91$8!T`v]Hȥ z~Ԓyq =T;l9b\uL˒(4-S!j pPϼ9N #^ ~Wы)9e-]3-^COzmkRՇ)M]:;3ocP @8׆/~2# i\ٮbOYq_~NO{ |6aokX:6jzrf'h4F`MYVӑ& ~;A<*auo>xHIJ6ʶw Ej6'vI(1+ J!x']uk>>ҏC8Y7|#P_e2!ϼRJ1_IZm}>I7=̦X~';)$85^5ۙJWGΗOLDeFgȯ ꘘм#/L^^|dz&'kωI@ɗ p lWR 8`D( Gm"Ro1q^b'>QR+0PIR4ڬz YB-Ps._΍b'n.[>wS[ _Q k"|ŒW;ôiL gDsD:+,#2tڿ:){f(-b!D%o\B 8оW>ɑnɞ7PIf}̹ pfgh kmńz=SJy%U:T}A9WxF7︖*W~dCj2n8w3@؉r''S& ¢}rmf,d;?ʃ_p cRQ#Lw;w.A=+ X#۰:v*jR%!'e8P]s綾̡\XL 4fKc߉X=!(hF4/ד4LHi>յY eFrثYɒ=ؗkmk]+PF'OFwo#rruդ5 fPDog@gHd{ KyV.Q79ޡgA_\C䝇8/CdKĒg˟M<>i?pBG5ˮ)Jm-fYD.:oVیǚu XM]೦'<=cP4=sw*j;vhǰ;m]"?n?ci`W%n0lt卽Alzu7FT89P !Q3wH-= =C,<洣}^N}p )_`~`ϐDp kngtLJVoDG=nA7n.t867Kl񮋲r4%@E "3?ʱ3Na2qy(Mӧ- hgf۷^xs~,7Ĵ){|l b._2aS>dfR4]ݿ3jED2FoN@gX$S4 T@R+fS4m^1nH"icؖ>Ք^Sx$-"м#w{:KKmIBʂBUTpv] ,-Q"x](b^R;cr}гRVr1 vl\D .v7:c/h7sWo+}*ϙ&/]KQ-F',I,X:̩)i - hG^ŘfC$=/2nXO|up Ø*L_wc3ZWC3"@ƕ]"?:|/0O7~ *L"O&dƫTE 0.̢=hx-hf6ϕMb>d!X)J Ò~9}LK pw }_?d_,qjDIȰzG/"N՛ڬ5豞$:rY8u3 ܃5&6M;ތM5MDq9!_jjIvNTqIlWYP'*:cO1CgsBWT qf* 8:c&3p; 3sajdEl}fVG!êfDQ ZDXJDb"kWj"k+m35Xb'IAѵ#O~a!W@q9lsm՞a,ܿR`J4xS Nnzu6xa\y)6wgg> o,c3Iz8Wfs eXWh:܊73 [QT#v33k @c"hJ~ )_o6XΈV!ƺhjab)/Xr.nZtppqtj< 0!uu"o`Ϙ&liRлS;ʕ܁} [tJ'YMˉۧy({2O f~o[ hD0P]()2:Notsh JR8Yg?G`s*&BezR`^uT}LM.ґA|Ħ2qc1tHi>E4U/垞<I/B"kNGep5Ĭ xp˜i眚Ĥ&`t TY .Zoϊ*Ҿ? ܾ\8+!Ҋi])9 |ðU^-2[۲/~B^#lst:x)Z]sNa!_iWl%4i Pz mڼ:#<^A8s!"*hϕEwNO~eTutXle|c`4F` 紭M`9Z͛]fȡw4tQRԤUt{GmcXS9-'5l7Ԛ ^$G̠⌕Ō0ؽm7)u6y=Pn@?' rب@3GB' *[d+#t(hDJFk]sܯ|@c$UZ%`A(nSM.<:G5nlhOq(H5m6E%тpjDy[{B^]-Vonu%sO<Yw;U`mѨ gu^nˊ1 Tl l(?f\-fzaʷkgwSɧs/bR)|@e &GH2Ϝ Zݼ r<^~Ѻ#|IX;BLkqgKۡ/<;e?1 |H)49 _yoZa_H`c#6uPtb|A{Fb8i% vvxy|]\?>ŵT(f\:!,)I抆sص.o>.D(LeJ#9z5縄+W ,lp6_ C:^1dQmN0?pD4ow Vv9 6̡=@jc4X@*:^pRa.aȩͷ_-5Mrnu2(M(%sV"C{)8 S4;2) # Rd4oՋjOT`Ax-c'BWdrυUoR?dr4: A\EC ~n^(BE'KI?w6j'i^xG`V@W*Em k_!6n7jdZ)FB) l._9;CG+K_*uő}K:ࡲT)0rǛ$-slw3*J74 ucVHsRlE { {(~T4Ȭx(478Hb۾FCIVr!> ͟1|ۇWYy,J%=~H%jLZGSԏ?$d]hFT4wݮ]AP~1OhDۻiv`vL[إ}NmS|I{Pl1cmPnVɁN$O훨]GN=s2c|XjO1Gcx %#JՍJӌ߲_ЁWrZ6TLd:plMb$9{5ŏVZ'NNup|;)i; "kdyhAuA >T#&e'hQOe,j7K  ~}z$]3G6M4209J1G?8g@imO R'W/ .8%jvʏUV@V V_tj֚fcӿa%Y?#waw --{R=W:gA燻vPu>h}O ~Is=c` }qså qM28)lHVN0g@asq_͒ 4i0t̼2ɴ+r񼁰k kiYvʪB̞k! ˛ƶZY7ˇ訄]G.(#-*ʡ,71$#TKFZ?!`:TjC8fVK_|έiכWQ` nE5-8 ;ktg;?8o 'kccQ,) |Iɣ4-B[**|6b%z|Fx@b,8=PE`æ: 8O44w7C0Ed k6 ;p"q (u*Tj3К`Snl"r2{"\UeY9CKmTlvzU0+85P 3U65Fi*A0)Rwe"g-)j=$ʪ {UNbf|p>Ze*&®#^xDr9^Yf28\k : f} X4󷨒K01n2xndJJj.ZhK=ǧÈ~&ol5Eq!GɆLOh4_'(9rAzY_߰\UOÍ& 9QX>L6i*y[s:IA/{^q?!Xp,f!&zv\)q f.|v/ϴ h5[~¡ihIJh/MQbGWtl9& /єCw)sɧم%WfsShKC?Lj-9~{ChXmtD#GșyR\K]q_2K2Rgk`ŁlE.aUXnue"a}9#Yw 6=ѿG IQ0m?lKu!y"LFNAȒ(I VXr}ykrHol )Rtc J5* }.7ʏ 6 7_rjIFw OrTXovq%) J *9!?zӵzL/|V۱a+|f b;ȔoqlPQ?: JeټЬ3&&⬇G)A7>RG+5 ?;'esN`ӪxkJ ܟ; sh'e:=@JA{YUEASX 8B,2\1i)gAXu1*t6ٔy Z_- eO9:kW)+kL-X+pCuu.VdPKչƈ7Ǹ946Q\t$Y279GAe۬Z]:ov+..Z?-m_ `ѾR .RA\9GBaϹ ]imK Ƶ&ՠuQ[_8<|Rf'AI$~gEG_: 6>"(mZs?IS*NmaO^ɽ-e3^Epf Uc*s>8-NfH')[6e?{HtkAW`fK,`LȤxaH"ltvSQgP> GZYvvx72Y/FqmEVj[S}"WQa%_e_m `]9cMa ʾ>q8K[.VK%, X>f3s.ή"T@׭:U,;f:8šLd_e)Y{ *5d.'ܩ#"j#6w^7E U!ƬNa)q^˟fi;ɘD|ETs`79&\,ORH$>w!!&hfQ:vBxRmQ۳CEI4`eCK`R19q-%SWUtA)gyqWC8=: X5LX+NA*탖@d|ceɳ5VL3iW;Hғ#`+ sS]cؼJ&37T`'~]4I.8p"^iwU!"Z^qYQևNv6nK%wV'el_0Qԣ%*PUc.6uw Cb>X${)n=n-`iXqСW;j-RN>~=#Ȩ[b0%Ėz&oG"22@|L9m_ԧSvjM^vJ˵'t/d\.|'؈ ]U.3C07𠃼qY+mRͯ rW).\?c<ꆛPG:=lxݡ%,ARƆV344gM;,r#sID R+lА]~\QϼۃՂ>T! IvO p]:n b 1s ~ fK[$筫2,V6Qf̷x`VԽpj j}CK#nL i^q 1 g=#_g>L muzU$>riz+c ULBՋgWލi*C|nͯb"TcHE~S5:8V5IـDt9L/#Ǔ wL1w̸gs b/o)`Y(4ƙutQMS NL1|5+OX#IJ1ܰM?9ϵgm.שF%7B`PZjJa:]LD?5=NF0\$˵zt:)aMZyN?l$C5xz,@\e"X/O5 I;J&7r6-.4rr7UM8Tݷ޳M^SE99Hʧ~*3L<{Kb,h3T[Ahw6qT j^״ߖO&f-ORdå*N77g)-~s6} &Rg/M/ATehM{/)(9j4;,{MZB=Xc 7UXm#`AlYޮ˱nw1残 9d|B67.ۅ6XL2US c I#洟wqpP A`(ثA!`a;n'(dK_:^_ǭwS!9q6tvRy[^XP:fZ2BY&Ⱦvh#0QHA%ȬYUtF<6}mZԯ{u!E9'6*) 5bFz\_r )SU34鯮 `f`Í!bSKqëff.#e ` /W,׍o@fysžRtam!"\*2FI ZFWUaLBmwZ֊cw  ~Yo%ܢ/>cu+sWH@q00V]˲Ð: {?19?1 rE-Z>apﱽm`tP^H&Օ v[;,lgM1jk$G@⿭8]j3[q2^Jjw H{ dF6|ڨ^#I cIF=;7$OY>h.Lh`OiՆ'o~_V/?^oU I<AD/xn<3Rk\uP=t\JY̡ȃ:TI~O+2Fs0#Hv@=>3< ‘:rJ&g.͔#;ԙK*O:;X8TWlK &O[k݅[dE<ǐaCRif/ ̟9X< =~ ̻eK6՗+.ʶ;ѯZHQa`DGk%Svwy܀nge6.v˸H{AQI"f)m‘{iV i(r!WhyLD"Bl' ]ui:tˇ>Ve`mɍ{s i˚#[\[%.֝*+׵_1;kPb6OA|mPWobuD)>J ҎmEm%ŠRSa^LAo9o<5Lo 暤QՌyHU(1PS~qe@ (7_/iź+Tu`_,mim T|j 9^o[G )ˎݠ0=|uTYk(+Zls7,; 2 r"S(Ɓړ9`f̍7}qwy"$=fP_%L"oUbQnSi̫٫yv0ஊ=c#ےvQ4jH\n.{QE[)k8Z7zfNMݮPQXT<Ԍ^JhH%OB(6':rLCP̀ߏ#|bƎY5SЌf$6h$ەozqR@ (=zU*j%p(jb]=K"=ˢ)UPutaΙRVUA2{T!>{ o87iqj0Ҿq*a{ tD c>{n5xZ=ņfFHoKWL׷8Ɓ+qm}=I<|[5}1ۓoaM(;m;R\02OwV(kiT2W D5٘U&>HܖE}W➫T107ȎW#ck^u`5:qЙj-HH@!n/B8q :vԌ>U(d1Q|Ϋ+ϊOQ2:?[R M:]zLPjN?cdG=I/Kzdܓ1\ mǏx|>stH h< ndo[[fܳɁDyU;*6NF70CP$:dhLb_Xb'p[8Ŷ}yPx~I`QZ4g:cjU(qe[aӈcs1_C(Y~+0UIZHz;[GUj yI_F7,[Mm;[R}lG%k.mU5Ͱ/S/ؿ% wH9 jl@CyĀK.}=0Qvw\9ݯ_, EW0S!BvZXlPxP>XYpoT_jnfT0gM#$a, .W$ ۺBvt̴Cd|t(Xs9㊈ rw>6ZbאɁ#8N&};L- =0*ȱr(اsI}5l(A5e,^&m##?d ƒO;P K5gF?X_b_L' ?^)I];TTP]':pfFh-NG,"alWЉ=`m~.΋D(dg!OK6:Yfm8F+$JDtm8Rci>F)9U5'qnL@qtWg5#uF3ƅ{k#e^C1$NPqC[IpA9ذ׉( JD3Em\ c oo;l;|iښRO#򗃌qO}$"{ V+m&~RܗupޯiӉ&FBAa6 焻S,V3x⽔:`[7 S"}%㝠`bH!;B}%ܵʙ8)L$0Zl5ʰQKrV;tn*Fr}{xk,N@b5pܬ%[jG/P&Ax#ѵ-5 4.-2BHfjg5ArΈ)R6њ٠A&1wP1uTeqM[Ɇ32Z. A_!p,$~cUp8σ~.lF9{PyYA U5UF:STaJPN,l+O*1Ef[Q@ BfirSaRǜ7w zfrʾ)ӏw Һ 9rzwO3CI x# NH%o׼-L;{/Q/ŧM佤ﻳ%ƩzuVZJ\v%Mͬt|1$4ۏ!) zsǰ{~DŽ>CHu!=$BP[`֑gfƛ@ P8`?ViR=DI*<J}0qaK}$#}_Ng;Tͣ WE Xc}G+\W~qi7RcS:\~h`ruh.!<CW}/U+Ԩ?Y2w ~ODE^¬QsIͰdۿT b-OCw<%,*~mY=~DKiTvr_>ΎXE"*S[ļnQѡ[~G{Xw^jԎ2V@HZQN3ﮌ~nds¿_Z=m! _ٷrZ b:?Ӯ)7:>߶y(#ҡ4U@~1 "\OB3 /KI8w4 u"At1v01l\gb[[$ VT@[*sE/jֹA 4/=;{҃+HePl5 5R 8 @n~ Z 3xhBjd/K"fZKOZ$ƀr]YCЖ~qU\J_?brJd=+cV|cCJl ^=r-KC7S{77l|k;c6Gf؜KDb'ˆdEaM騀œ;L$cqàf!pn#q%"]t7J]~CT͗C?R~YbwQFWxuKE@#6Sk~ mL1E8EZ @s%$^Zwf ]#I[Y@Pp{88ѡ_V {N3~ r&l(tPE۫Fa0V?qJ2)Nֳ¬HI>fID ~yR '' eE J@/(&)x &Yy͆R682 +L mz}V*g Y˓gpe,zZ@b 1+ыGwC6+{h^7Su't:䂻DG&OB GNY]70ăr@,U?P#rO˄ > &_} [r9UՕM' <-'.'^$C;oaK4q8F"潓@\&>~FpC[xIŝxHFMzw4H:l/PMq>M@! 5J:߀oAc9DnZ1.W39|F-"75S[VYhvRbd'Xv#>xSy%<8;(7J4VދLaP6$ }GE^s/ۥoL@Q k]b iX0t^Wq2 .vyJc='$&UR)˴/P95yʎV $F5nХcX!:8+z}y7%cL TEU;SjP[6'Tp|gksԊޝz<:bBs R{oT6t'd^<|zV%B/=CXG^dͫxxg=7nKuJY*| bH=˓ɀuמ/M6ˣNw37Bl06]%l^"զ3Vt$ӺՊ$X<=KR")kI #IYV 7gu~?7Yb_Y@&pXҸڕs%&jcXMUjvoQL 彩P9+#2hi<7zČ3Hthi3ͺ?HAdlF #gJQ69Nbw}Xz,|56j]#+?)x@GUΑEQW=}e7eV+j~ؑ[oe\3u?- fͥ"'C5!/  01>]WF͜`yjD'i.8wQdǗ}Y<"mCRIh*-H,`w.0€S&wU tϾ I ?ԡ-_TAJOLedI.+Ln|Դ|b78qVjY=W]S}d;c?ԨG :1)A+ԠQHx3?%t# >([6ZG,t`-@B#MJptGrN*Ҫ`G /o댾MO#v~"D]]CO)=1ʦާ> q)39GɁR!eLUMh1FU3+G5TRE $cƆY 4q%IG:)ޞ[軴 *dg& $yHz<#/sC:5gB5A[L&2H^ݵ 'qE5#\ ]B9kjm{X`F[?Bճ ^,` yC! ={žmꊴwy+Cj6^M2mNzDs g WRMZF];n..IcL"Ogo&燀G:+fdy=2p:y1{+ x# XƲAci2WSɐl5NLSJN`hmFw[_8/ggF_y,06RYeP ղwo(>HHϜjO`S}h} #~]R`Yq5,,>\mf-~{ߙ~.mX#u*hGYM_*;e@w_[5m%ѩ#wY%ʝ~ PL`s'm$ߢ&a ݍEmڅE4=RfMaʚx7xxO;(! H{55dt!(wKir24TIA*E˦:fuW?U_F:l)zQ8?x%Y]ԗ\'Jrtƣ˻F}Swqyй/V禆cg78^m_-zB_5b89Y }.!Tdi,2hO}2{ΚT|e*ڙQA*%E}ׄm_K72Q}VG-ټXO:cWhvShY \/ttYH[ s/'Ak:,,߸]ĵP2(?OR"vQGM% o JE9@wM|ΦmV1]lKBdzj`9) aHl^tSG=zbJr~i:`y dEjgSe8kW"HּѫH !%Ep0ʰ!X2B?]Lkfwᨔz5zCx:U=l HTee`k#bU>]+u[9;KI {K˞1[ge9k*g' T8CB^92Ga6/ùvb{fO1і4&RG"穰qYQ.LOekQȈыp!|X 0T7L"R~NS}'_nR0peU%0H%v#G\oIP( L,?$ Ndܠ!K+T@~c(gPP!Z퐍'y0qdgfS#ޚ" BAmQ`@'skvs+]\*L,z?z&Xx1?Eߌg=Ȫ (dw_n3ڬ0OLJO *rxS',_W;mC^s&:6͠|`xv<iӁ?lzo@XK^UX.[QU¹/H/L~$P9Z&ip9WJ)uRǒ{ Q;s8#B $w<%!6,:ڎ19 +j-*5(`vVTd u9N %;SܬbPȸ!neCT7v1h6].+bc`:p~$F7:ZY %銯%Gv.(S`:޼ ~ 4Osrѕ/he0)Fb_%Oy4eD럄pAv8Uʴ ,|5q?x VRe`ٗjɥZzo{<$+L.*R~W*lOd+VW0eA-z϶Β[J `'ܙ1vH`"٨ʨzKȆi&X*cIxMMU73_-<1 (pH|lT ìdU&,:& m2*ٰc2|&՝10!YHܜNGC9m.rK_4~$Qheq6dd<^v>V:#"SDd[L!X߄o3Z:C]'?@yEnp]>dLI-^a[#!~c ȽK5pMqV/O<"]6: B#RL nW:O3HnxuM@@md= Ie R"ޔW륫]spٛXiڋp*Jd OzĤE0̸.V{>L8fp\Ze 3;@n6!%h%BMNѥu"i04NF/gK帳sF;ri1iD=l[A\e?B?n,e //#eg`Iftc5/P i>Eh_Urh1r-۪C\㚉sL~oqlߑsT[v@U rÜ-ZeeZҞ]yjOA6уD렋s%2ׅ$ ؂oV;%׀K$S֔ua8UH8k H$`漨 #5xSeW}?g'Ә.ö16)+Gfc^Gƌ{0[#F:#NC# AESGf [R7?9;JU8@$(TFH@^LvWD)}Tۺ9GX$H&d"7drݚ 1#\ m\4QN+t9]>;2 a=ho+}4E0E<J M6t8nEA՜zaG A_S!l>ay\.N_6$~AϹy\!Ou5PhC8,40@>,ɗ_JxgkD* ךb|> c=VAU:?1$S7UrЄ ݷc}IӯD2-~7BuІCy wC,g\j)n ˜_bM,+go:!7g_A Gޘ7WW5Eb1ahX~b@j5垺OҥF73֦uԎs p̀ o(bĸZ ͔Yf>,6T .n R8q׫szvbs:c~؏:ћG=&84Cb OdN0dҫ1cKF\촮INΚXw$@r&3NyEwaWF#@ `#+73^nܖʨu^Y|0ҭjD>#~(2_.OLL 7 N1^ݰp7GpBK`"F] }5ǯ+Aê`>28ce @qagW5ݔe{?Kw|YOV:4#JeuaD3[cHb~P"wJm6.*}Hy )P506җ4:͂_4(dCr }dfJ[׷ :&k `"qc>Wq`^NjkC|c-?C߶}bd^smykCuȌ-94HXzڊ;\b:O &㲱Xˆj(Y@sS|`ƕGq%)fƑ%T]јWzA@xWF3igt@, =&";7#q>f,nfO}/bd_@-cS0D'ɹuWm2ڦ0XL(ɠ[cƌɵ9q!2FC!vf-ޝ~{wK-,P =[.?-w^ z.Dcɚ .i4@jɯ1ZKij8u-{5 {勥 [G,=({ɑ\ T= (+gJs!*mGO¯x /ChOϓ:{Z dlD^m ibMA -[(P6|x1߹/~q7q,$LNDtwvх _/ISkkzu7ȹNS8Z?w76O5$//GП <O|F`)ƛN_|cJ=ޒy8r+MG9aE`26‡5k_znI“K JA3--uL0? :L.er*Nv` _-@kA%#Tvz΁~P#霙h-參(caZꅥL*^!1l `=){o,,ڥө!vtA9DهE;~k(4;7؞L7R!CxYƁ)rjhv 1 ņ.>s~JV&h/v =4V%w.{VEgE8ti-.G̋9P1rQ\ CgKA=C1˻k b=}a/Ĝ75G\/h]1l(L δ;sysх@\%FۣJ=c~'vN[ q,K~VĿI7 mϴ2I_qzNk B|%=9x&"DXK(pm,g;q&~Mڤ5W7m)}L)]&|^X%\z*LmYw4`-z8#ȳ.H~P0UKwY I[G6cIr("7 КUqʓXFEAp7Nffdjx0r4!n9 TңT2Zڸ @O gj\!:P"AYU>R*drI`D:Gz9On(9уNDU9mJ͕u+GR/i`3-H~wokeOUVXZWW>8aVh5|)cc6Ǐj2,픗Y:t]O @V0RTZ~LLn/㿙\@~b?^HbZ;B>M+'{[H1+5i 6cXX> x;\{U/ `s0Q1696ڬ$iE^?/UU%ZBFלM5q yamlth40pv–R~῱nٰ VW(冎V¯D 9>o[&? 뮱%ddZ ߻ULiq3Kʠ fĈUYI뿃MAm -pPk?Ӟ `W\ !5c.2|)iİut[tyư9(\ig5ɩ뫕IDF a!}rRI-ڎ*95}!)#J7PkZ4h~,CŸg3&xk#QplYVC=֩f:~UUu蓙*bE)M*+]N~?99QVK!`,dVbAkn댢[wesh)Ooth?ZW&]ȵ2^r3w, I> -[`(^_1& ؏<%T{C =cKd7LqDi+NYɵՆ9`b{QB$V>;) 9MpM9`N}lnq,"jZq |&< h;<Tfv_ `?ޭ060)DX+Wݤ~`KpR4OBoH F*'3&Ls_:O,JׅK6`6 c4S?hy-Q@c@뾃K'D>_}l?W>mO^šB肭2Orb* [n vjA"{i]#f˰OD#'vb`CD)FQc %gDC!z4+bdj;]wy.|B^2Q2ϑKf!Őg;χĘs,¢ -WR@rFHo(| L 6(l棄=qJ)5k6s[F,9˵AVX5඗ @z+`et 3-Xeԟ`&ws{ JUvJttxWGbi>̴8#Bڳ ÆqVvϺ;jfzkwԉ)4Z $;iACޕ`.e$5(py60[O?2f%G~ ێ%{1ۦIk98` Ke~yd 'uBf&:g8`3):^- r߮28t8lk\,.ld궸x-y wRL;csi5N>ShMA}%ĕv. LSFT>6Iv% }&4R!ƉZnk*:*]#:y}-wUǭ^"^XоE5yZظ{+!ڕgi pyY1aynh=AMfx,(1SӴl:e^3a>;%4 G@׵;*f* LƺL\f񚑱Q [Ըo5{ͳr|MJ" zʺo67fڷJ|Y` yLZo3d =dV)A<$RģWבZEl4~bjtx)̂Glͅ/s9O)ò][> lϠy#45=1Lmˠ0!0ّ\i,&AϬ vF "Bh(-#4z.A,K|HH E֊WK]o>&%Jwh.1@IcUӫy0{ѣfQV۝ձƶ&rcԃN,of212s%پF>kpgH^c=v@ hv&se/^/4ȓ#6a_Ck? lak#Nf{N4;SMJ_fG չ$(i:ME>wc-@&DiK6DK+neT~ H@"rlXs [n@o/}U{;7^'Y͸ Bi~ܞw?hY@xPDN!/Ftz۫f@W77/ŶT( >Qp.D\d6EMKqImT7xMʷKe"[*5\s*4e8 (Wpф>=%k٬WZܨxa{k7㹹q-(Nzwo!ܖ2No@ɫq"o"YoɲDE xL>>WLS5~ʶ -6Iiow$!L_P\L:+`bQJ'.HDŽ L%!-;5e"ZCDBFĎ( .M6:ųԕ%rMO< nVcі評A෍|/^ 8fsVgчs"/R~:Q$ߴ 1;͞5GZѸ.ƓW45M(א`2Z"|vb`!IƼ6n9xO?$Dy{aܱTm>@nu|ԩb"wst Rn x[:SWtp 42|RRԋ'^+tÆ?.M:ST5?cI &#RwhizpƟs~5\`'QmUSD?߁~S+qXF_ŰbYBkV49$Ɇ" 0o"ٶ4;Á15だR% dqp,WL}zIPsNg/}hxnh턞G,kY0Tuh}lX|*?M }Uj%R[$gsg4{#7îT`z O*J EMqN;n} -:hhdžkyHn49T4Ůg-12߱?pb Ч|si[-G0EҐ™;I⤜q,5hOT[EdINЊϺI0YI[0{М'K,7?qNNl=꾍{,Z1$hǼ LEeb9-nReܩk94gj+oL/T8Ӆ;P%LoRQ/g-)W9l,zB2J3TALѢk&IŊ)8MC|SÍ!ה:NXϤL % ;52٥%/8VOv oy;T{.©dn"qerfzulׂҎDI}F r]VW( Teۏoyi! [ѤQZ*ByӺ_ߦ$gH_76#dۉ,eOOאl4HC\Rm"),A<ChodT2"ކBݖ(/tNϭG:>%4Xm1x9Io ̛$Zq:BۻGB;>J]01A! ]]R~b6Ɉ_9HZzP jYPu10/j(t{LHd \XK$B?*GK1Wؼ~[\tZxPUFڋih6GeG3ڔ_-= }6=#0k@Í|d:fn}}U~~w#11jϩx:'#}Z5$B JL=JH7I݌Nc=P"8",-  9 gaLtsvf>=xI4C}$lVpvPE.F!%gtlkBqSwRssj"1X .(/ujye ~3`U}~ &}髓{V=\,)|o4&Aƪ:D(XRp5R+oX7E;*$˿glud G Rˏt _8x)1wF-fO?O{0@8gQz;2c' nۢlsl ׶`°ue[(͆\NѺtD:S8+)8D BmXa!G#5xAm>AKf}jucHɧc ۜ6$n%;@z\#Yx?6ǑOU%)tȧK[ҁQNgЇ,;jH6M@~Fd8rL(!XɆf` gk0ئ[[4_ SnN#h, eǘtL:<"d;i,N}r $r??  )H&=RTXN4Pp@oP>G $ɂ1*0 q=%B0&n(e֘xw?<ۉ.pL?5'0{X/ZSG8gmj KBB 9EMK2PebX0b!f]Osr+>pг4FqɧLJ wvKm4GwUG7 #hfI?8RcLfS3^}A/A"=ܬTBRp_"&Jy^O- D RKD5|łԂ]m/!*L-a!bp~Y W!=cZNyh?1 `^P=R]+<)㭄Rn~^zQ&u*"Y$hQֹ5<>KH9`*xp f!/.s^ᵈ.Y9؈k[h=ΠpAJ;)M C+wS/Ts ~T˳-~-3{ 'tc.?x wn2FNjY!>)y4μ|8N^yD=hҊ>"}_Y:LSeh}++9=$?elQtب;UڡevB@S6[XSC/2^jgqܑ?fM(Wr31[(pge伻 8<;E})c?FE}xG ݬR{/5U]0aTaC-u*J_@0 k Ge8¨)nmǛMBe闐]{% ;(qVaФ㶿JЇ#[r;uT#P+@a6_E-=hl׿! '[k9eނReđ߾HG po͂\ԆE`d#Jhy!pσ5- NB5DXm!6yٟ(Gg7LzgRhTt6րC5L5v61&ŬTXBXAJ,KF)χCFFOF&_ot-\;yZ`C<b)|!ZoB 2?|k?;ì!LJ$fg]/ܼgčױZL&kiߖrcPPSH%.` 5H?WKuCm6KIX"7*?pj ?:!` T5*kvZ4Vpk'X9Ud>R4sKGZnf ٩DYp T4}Y1̍C tN=fٍhǞ5.ʨ1Gt[Lf.=?-im@$/C{mR-uQX4rxrW0=*6 edj'?;Y:$=cZCs~9k!2Wvv̝1|1 !B{E5r4 lc<}4&[kJk&^{`x, E~Oe '.uiL<$cҽyH^'%$E0w8ōN`%0r+[h!%~ p(oŎ ,]ͽ 5NZ '/[ `|3G6Ra2?8bDYO)3x_\FU7sN6`꣚?UT.QTr;u 7 JfAX, K2_i"5Vd1fވ#}fvԧH˝/r3 f+n|Tr1@ebcgb, 1hbeG+&yk:9ٚmn-p^fgw_ ;1'St_N~_A2m܅\,g|aҧQ=I9WVhDN N&&(nC_27A ߨ(PK _($@sH[Gzhv5谎EVdE[Hk](!e|9!z~IDJr\RuUJSԏ4Òa'EwЄrÞ]R?4; &K'gNe UFjLͻ'i9`(N[7iz-3ܟA\'qb<6cw% .%[X[}J9Cz0p[۽LP_̀u )D a}s |hXNf Q7ҵ~OxP'Pb+n(@+Wf=s6'My7f?g#ybr@"2b[?-;YڹvbmrZ44vxT(o=Et#ofYèٹF!%͚nÚw`'-( KKڐ%]/wȦ#Bgc$7j #&^@tPL̲d#LCh6Fźay>햸WGlƜ"yyͬ3AH@L4Af9VR2?ɩ(۠-BpLq+g{C67ygazfvBqƚ$tǚ*Ϡ@6nD鸩Zet~gGh)p5,NIFec*_5"9p(` ,?ߛwXLio .0rˣoDZ#x6^XyN KOXR%l 9˃[?eP,=U><7ƒ?ƥZ ;ІQU6Ei`*@d-[Exvg(M9 qΖɁHp>*$uJ h'h"xZWnT /͊ 4"cl6g8j){ f $LvsMvˈ􌆻2s>ie؏d}()"`zif)2Ig)dzXb'b&rP!I..:=c'.0,C`*^"OHnܻf#OgA<Ө{o>qF" 9^{2kc#"TY@w,,^Kry%ӳQcҹAME֝xo(FXJ9A1g۷Er&5[1**hƿ  i}:5.fiqە[leiu-}MHBSu?jexQ 6oKg1pJd5eӵ,)%adttMY xPO%678b4[J)7cmʫ/Д Y\=8= =bfM#o/ZjUz#hLIA'(^ M$Ntܢs!ewJcاP T*DnXpa=6jHS:]B~A )<Nּ198MJ!gZd2I|[ҀuD9qLJQF󤔹C9kj+1LoT??n>X\&W,SBcRJ+H}jgIPC07.eBr!_*RXj?ݪ*oDO~{ɪIJE`5U w_s dCJ~9XY~^x]En.HEid6dPZU6 XbI15&n¨E)+,&4pZ<"8(ha̞Vf\n8Ԇ=?euOKlDl$iu8B7.S[ P:QL*g]FTlAGȪ-{=˞)xm[/a8FsMva#5\y]$ݡZ=@ ?\p#nw;cy@_!QGh^b3{YĿoR - ;[w3̲b5:؄`VgNwX2>9 yb \v87BRq~U 48GZڀ%&ƪTnF&TO%8T kqIUX+a힠txu[j9Z^=0}\Vopbۿ0ZM Z!1vQA[&c:E,=fS}"y32`_a I]2uW d-> yع܁8H.K0YXܩwxC@wT0 )֏⃂Y,%Dmy͐o(Y;I(M$OwpS" Ha;56?fe5s=2 #VD0o ņ͘BÒf UGGcy6٢7&,DZ6Z8pOhf䠔k]h$6!{[O3?At4n{45Խmr͸iT4<$r!iv{bU;',ΦQ}O*%bh=l:3ty>@qndJ M-ۍgw|)B.czSM(O) Jn)UZ~E7{qpj-o7)GV1kG3̒D&YLj ,ݰ$Iw)fO9=U[c_}hȗx*ks0T<)ZB:߽ k8atK_`4(ǬD)6`c?:zH4 %?) 8n4,AɌLKD4D v[j #-r:tp `I9M LΒf p[\3 - ^NтwV1yDJ6tE@0=ֺ60+nXl ɼڧ b1{9Sg:sE6[VM7<=^ nTgOnǔV/* #m3tߋbKshs*<$W<a{{ T)\㑍`L:jk 4ޯ{3֓^nȌ;`h{kwUFVgM~{jpSF 2ziETSz\ g#Q`{(_a?*q&Q#3rKH*],(׈')G#apDfi9}:<|Iw/rZj El z0x1Ĕo݀3$,cb-6#pDʳsuYn#l}@4P{FT&e\nhj1ZF$6vp來Ϥ~HV&<)cX-umP^,ZتE@G7&)i٘nQ^NGAs̞t;ӪoLREz-4o3Ar. hg,mӀKj=5n$m{5oë;`!BJY9?-5Jzfr^x O4ЃR<ቚ6бp!CefI.-%gQXu N#:.KP#:,p0!C2˔CUw2'awLnFj/3Sn/^D`RB|HnPX1:W%Z~Ro'G "|;U!8Mx%(Oau(US;S/5HP=і87*7J6٢Nzߔ5$~i1 nŔb*/^YXYobRf.$upΧ) 7*K94.N790Ӏb%D&R8 җ bf&}4[l _mt'Tnإȫ~ώ>/%סu M[UxEi7' d{tb8󲮝~C21"5kQ`M `=j%F+Tcwꞷ2xa}WoNW`D!v$޷.C"^".mGd`4kdQt0J1If_(iR804;[4[UL鹢+ذjcg="X47~! ۓ{pa -l%As؜::KoF(u/U2S\TK%c$je^Uhͨ"WkHŚ'%+LؑaeȻTR8F!VBU.3V$QrߛT3 ]XUޫn(xw=%~[! z5{euG\9HЧ `̝D SqL͠b8Ode?c=~Ja2t@D& >hSBK#̙ _$@SȮbA _×jaZ` 1k9eqZxꍂ0Y T9>(|r86 ޘGn νJ\VNDcRWmʙfB|+l}0<-`L`CD)oO HM4vj2ټ{-duD,EPu5v;^40^%fW{`o6e /zx}jy{(hc;#dAZ?B؄F&DKм9\%%,m֬pp/43n_?Y]2:܇W`AH`e΃̥߭ȫ43,T<3')6 VE7K4G0G0RE؊y!p9wC;6Uev^Y\ ĎZA+{ .?EB-L/G։ єgDbBPW뭵63ܫ>aJ࢜oo\Һ^vtijl@ﻩ+4Y S~Pǧ BBǮñ y}`P32?f{ uo[;lk>Xu̮9dUHP2q*I²VFZYɷVx*2 fŭJ.^aOPJ{~YkgeۀL\b,].KC{F%lvۤ%F2(XmlΡ1el!@0P,*4IclAEKψl 敪8bʠ@ޏV8IlWi (4ϙIP:hZUZl1X9) , Ŝyu 32WY=kJ]Ν ?I9fVȜa5(*T~mb }d?% -Isn̊ͯU mX:Y]l~KV >y~x+6 |NtI[¼W+gWtjK.NPpVd# Y}G JN6*\3e KhyÚ?U I !fjLns<,4_iqggR:V \?G Wc{mNX#.pdžvy)%k㊥P]qrvE F;~^,dwjY[ԳmQmڙ0x{L?g[dtHǪ8gO۬*0W@:z&J.+Bh#z Snlf%-|;4.Ob v.9JW+N_ǁ Ǡ RmTx9?0:,kKccScoq~ Im>I&wCq o .ؽ+|\:YZ{16М+9~5|q$Zv1`f= *g{lC$Ínxk)zjm_~*Nr)N+-5X\amO^N Ȗp1^70iSV8h -~&/]e@կhaf' )S8vV}f7T.00s5V eޓ$c${?,+{ vSsBg+f\d-F\ѵsnQ 4z&D{\eqb~ H8:Rេ= W1IږhӎkRymiVʡi GngVʭN3+ )xnp'a9K9;*rnU* e,!B>r(qm;Vh?4^#g:o 5̋'!&ৃƀq"_ȱU"HV~̔r>jVI=8rPVY#!!cƬp]NT8ނ% AC8 eR=* %jM'<[ (b cdM=ۗwŋCqIxTlEѭ*45E,ͩL M׫Z{xOVSeRbŦM_#w; AUbE:uӘeiT:ƺ(Pb:Iq p *t*@\}zP.Xc! )t3YU4˨؋m#f\ ѳx6קx/OX:’;>잇h<&/jbG ?N?%l^ʽf ѸEk NY3Ze$BgNnyaɫ/H IVş+`{̝uGa +,SڧTU uk 0S,`ʧ ~+Fr?js\n?Dk'! ݀d_ ),j DyTz={W#m:S>aCl7&eJ bL.QD鞛Wg7צ?kɵrl%b)m/&(7?@7 ^)J3\pszj!Re1"KX]eJHM1 S ty?;0mz;n3~EqH  ?.NhƠ]2Zu&n1w|g`Y>bHC&L(RwGќQ;$w24W&Wn&!X6AMShˤ")1ś