krb5-plugin-preauth-pkinit-1.12.5-12.1>t  DH`pZ˹/=„>rh(~1M$dXhP{|m3#^FRQ EոesM +QXQ?rB9gcoI oR(> Yn=w]I zB&>\wM=ͺ eao5Z)}!# W6`Vmujnx'8E=i&Z6Q$Ja;MHMٮ\v!B^D](I3675ba2393faa2a0727683e0019be83fb6b6aa17Z˹/=„wll"֤$@9牃-ְRgv4W6BaMLϮ@_̩ȷ((XlN9hܮJBlLu&c+|S@AI1S1 ߾Ʌ%R|zZq懙4VX(y$3(gbb7<\\}TJr[HypzxZl۳/R~o&5͛VS ;#;u4A6Ie(B>:S?Sd$ ) ]04<@S\` y      0DXt`(8T9T: TFPGPHPIPXPYP\Q]Q^Q3bQcRdReRfRlRuRvRwShxSxySzSCkrb5-plugin-preauth-pkinit1.12.512.1MIT Kerberos5 Implementation--PKINIT preauth PluginKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin.Zˉlamb05@openSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://web.mit.edu/kerberos/www/linuxx86_64@AAAZwZwZ{Z{b2174c5c4e3e46fecd848ad267777141rootrootrootrootrootrootrootrootkrb5-1.12.5-12.1.src.rpmkrb5-plugin-preauth-pkinitkrb5-plugin-preauth-pkinit(x86-64)pkinit.so.0()(64bit)pkinit.so.0(HIDDEN)(64bit)pkinit.so.0(pkinit_0_MIT)(64bit)@@@@@@@@@@@@@@@@   libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libcrypto.so.1.0.0()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5support.so.0()(64bit)libkrb5support.so.0(krb5support_0_MIT)(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2YYY@Y@Y.@WWE@WwW^@V@VwVVA@V0U@U.@U.@TT$T!`SS;@S@S@SK@Ra@R@R@R Q4Q@@Qn@Q@QQU@Q}@Q]k@QZ@QR@QLGQC @Q7/Q4QsP@P}L@P}L@PyWPnO؀OЗOF@OJO'NxNxN=@N=@NHNNS@NP@NNP@MMlM6@L8LeL|L|L@LT@KKŮ@KK"@K@K@KK&(JJ@JY@J&eJ @hguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comfoss@grueninger.dehguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comddiss@suse.comvarkoly@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comnfbrown@suse.comckornacker@suse.commc@suse.comcrrodriguez@opensuse.orgmc@suse.commc@suse.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@suse.comcoolo@suse.comcoolo@suse.comcoolo@suse.commc@suse.decoolo@suse.commc@suse.demc@suse.destefan.bruens@rwth-aachen.demeissner@suse.decoolo@suse.comcoolo@suse.commc@suse.demc@suse.derhafer@suse.demc@suse.demc@suse.demc@novell.commc@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.dejengelh@medozas.demc@suse.decoolo@novell.commc@suse.demc@suse.de- Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch to fix CVE-2017-15088 of bsc#1065274.- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995.- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)- Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)- Remove main package's dependency on systemd. (bsc#1032680)- Remove unneeded prerequisites from spec file. (bsc#992853)- Fix CVE-2016-3120 (bsc#991088) with patch: 0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch from rev128 of network/krb5 (bsc#982313#c2)- Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)- Upgrade from version 1.12.1 to 1.12.5. The new maintenance release brings accumulated defect fixes. - The following patches are now present in the source bundle, thus removed from build individual patch files: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch * bnc#912002.diff * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch * krb5-master-keyring-kdcsync.patch - Line numbers in the following patches are slightly adjusted to fit into this new source version: * krb5-1.6.3-ktutil-manpage.dif * krb5-1.7-doublelog.patch - Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh - Remove expired macros and other minor clean-ups in spec file. - Use system libverto to substitute built-in libverto. Implement fate#320326- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character (bsc#963968) with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request (bsc#963975) with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask (bsc#963964) with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch to fix a memory corruption regression introduced by resolution of CVE-2015-2698. bsc#954204- Make kadmin.local man page available without having to install krb5-client. bsc#948011 - Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch to fix build_principal memory bug [CVE-2015-2697] bsc#952190 - Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 - Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Fix patch content of bnc#912002.diff that was missing a diff header.- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass patches: 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message patches: 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries patches: krb5-1.12.2-CVE-2014-5353.patch krb5-1.12.2-CVE-2014-5354.patch- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff- Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff- buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Fix null deref in SPNEGO acceptor [CVE-2014-4344] krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch- denial of service flaws when handling RFC 1964 tokens (bnc#886016) krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch - start krb5kdc after slapd (bnc#886102)- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) similar functionality is provided by krb5-plugin-preauth-pkinit- don't deliver SysV init files to systemd distributions- update to version 1.12.1 * Make KDC log service principal names more consistently during some error conditions, instead of "" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-gss_oid_leak.patch krb5-master-keytab_close.patch krb5-master-spnego_error_messages.patch - Fix Get time offsets for all keyring ccaches krb5-master-keyring-kdcsync.patch (RT#7820)- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch * krb5-1.11-pam.patch -> krb5-1.12-pam.patch * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch * krb5-1.8-api.patch -> krb5-1.12-api.patch * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch * krb5-1.9-debuginfo.patch * krb5-1.9-kprop-mktemp.patch * krb5-kvno-230379.patch - added upstream patches - Fix krb5_copy_context * krb5-1.12-copy_context.patch - Mark AESNI files as not needing executable stacks * krb5-1.12-enable-NX.patch * krb5-1.12-pic-aes-ni.patch - Fix memory leak in SPNEGO initiator * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch - Test SPNEGO error message in t_s4u.py * krb5-master-spnego_error_messages.patch- Reduce build dependencies for krb5-mini by removing doxygen and changing libcom_err-devel to libcom_err-mini-devel - Small fix to pre_checkin.sh so krb5-mini.spec is correct.- update to version 1.11.4 - Fix a KDC null pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. - Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. - Fix a number of bugs related to KDC master key rollover.- install and enable systemd service files also in -mini package- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs.- update to version 1.11.3 - Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] - Improve interoperability with some Windows native PKINIT clients. - install translation files - remove outdated configure options- cleanup systemd files (remove syslog.target)- let krb5-mini conflict with all main packages- add conflicts between krb5-mini and krb5-server- update to version 1.11.2 * Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch- add conflicts between krb5-mini-devel and krb5-devel- add conflicts between krb5-mini and krb5 and krb5-client- enable selinux and set openssl as crypto implementation- fix path to executables in service files (bnc#810926)- update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - changes of patches: * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: upstream * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: upstream * krb5-1.10-gcc47.patch: upstream * krb5-1.10-selinux-label.patch replaced by krb5-1.11-selinux-label.patch * krb5-1.10-spin-loop.patch: upstream * krb5-1.3.5-perlfix.dif: the tool was removed from upstream * krb5-1.8-pam.patch replaced by krb5-1.11-pam.patch- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif- package missing file (bnc#794784)- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc (bnc#793336)- revert the -p usage in %postun to fix SLE build- buildrequire systemd by pkgconfig provide to get systemd-mini- do not require systemd in krb5-mini- add systemd service files for kadmind, krb5kdc and kpropd - add sysconfig templates for kadmind and krb5kdc- fix %files section for krb5-mini- fix gcc47 issues- update to version 1.10.2 obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time - Make PKINIT work with FAST in the client library. - Add the DIR credential cache type, which can hold a collection of credential caches. - Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it. - Add the kswitch command, which changes the selected default cache within a collection. - Add heuristic support for choosing client credentials based on the service realm. - Add support for $HOME/.k5identity, which allows credential choice based on configured rules.- add autoconf macro to devel subpackage- fix license in krb5-mini- add autoconf as buildrequire to avoid implicit dependency- remove call to suse_update_config, very old work around- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529- use --without-pam to build krb5-mini- add patches from Fedora and upstream - fix init scripts (bnc#689006)- update to version 1.9.1 * obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif * replace krb5-1.6.1-compile_pie.dif- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery- fix csh profile (bnc#649856)- update to krb5-1.8.3 * remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif- change environment variable PATH directly for csh (bnc#642080)- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)- update to version 1.8.1 * include krb5-1.8-POST.dif * include MITKRB5-SA-2010-002- update krb5-1.8-POST.dif- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)- add post 1.8 fixes * Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512- update to version 1.8 * Increase code quality * Move toward improved KDB interface * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals. * Disable DES by default * Account lockout for repeated login failures * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility * Anonymous PKINIT - fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347) - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl- add baselibs.conf as a source- enhance '$PATH' only if the directories are available and not empty (bnc#544949)- readd lost baselibs.conf- update to final 1.7 release- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy. * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code.lamb05 15101326171.12.5-12.11.12.5-12.1krb5pluginspreauthpkinit.so/usr/lib64//usr/lib64/krb5//usr/lib64/krb5/plugins//usr/lib64/krb5/plugins/preauth/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7472/openSUSE_Leap_42.3_Update/a204334070dbcdc93c633a8233d625c4-krb5.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=cdf88b20b1ad898ef2ea44a7927f986e274d61b1, strippedPPPR R RR RRRRRR RR RRRRtkGe|ܪ?`] crt:bLLDJm.7LQ 9>@@Uʯb^-H!wCl?bя=wrc$eenvGOP+͓XEabIt{#׏R2z\I`z7rUǿV WuCXz6 U,dd,*QoG7z}l+}U,1@8p=ϥ,ثX%J\^s@n$wYӸ?0GA_/v[nfWu@y U-%n5(o۬O߶)DQ@M봗|B?pk}4fdU{2h!Cgwa-w2Tl'ng ˰t{>fgʬX8_q=viI{!(o}1V2AB?LѠnX({]Z÷Ǹ9s7hM.sb#. ?pt0KבQ5>' -5$b_SPƊV,AchhAYs!: {b@=8ՐGV S_<$x/N25vQa,Jj?=3P#6=U:h QHzȪA楇ae{( _!`6Ԍ?T9v ^ZF <]'8hW9B'67QlвvX52oJj$7b愈$}Nt G<[mZhvE߿ʰˍe6NԞXEv4^8Dq0b4 C|ZJoJKWH)f"v7ȸ7 7'_ќy&_02#RS ۬8wfx^#^6萼*ltpNG:t?TojR8뢜+^+1ŠeϨl 9G:5@!,|@. W2}ukͪz&ȞfF!=RuOW p%zIOJ>b\@OES:8jܯs+DU^-i*"|~Y^*ҳ5GP:4'b1Y<`< =rEイ.7J8$=ex<j:'6:'M)暗D*vڒ;c$2"3\8_xxc!Dvh0oB{ɱM -AXBNG {)򞢽c o!Pא%b Nvh7LPݰK-tG1 `Qm Ǚܿ@vmYyY%RMۈS).X[T~ v˃*.6;87(yhb< R蚋Ew|.^_{G/C3|vx)ce`uɢW)n} o&3j-(I 1?֘wt~n%VezVJ^Rb'vZܛe?,UW 9g %֣}2gS=WQ^1=߶JM],\H(|&_? XQk3my>.,gIĝ뷟%VG:GDXYtĈWs-QjדK]]ע̾p`b@^вɖW˗\ ױ+ n䉷sےtL@6Bu{;jX5}@*nYbl_0s:`DSO犨z~nUG@$]tfHAO[ lE5luzeF$K TFR#j!!qZb8;4^](YIf Ti_4ӄfV[c+k\Z.o Κ-mOw@4I5a͂#nQ| dX#`a#/X~q]UVRW{GQqդ(bk~ʻvy{> W3+_߯)&-΀LE|8h}bBU>)&6k@*Хa 31${cEW>RI-c*}{MSOip])'%Rz6W}atkpBp9w|NiB$s02 &w5|ܠ$'MHkZ|BZSpװෝwA1X pGxad1J V.p϶K짵͡l3p A >f:c&)Y)14XGX"&l:--Ct;DDOwqk+/`{6YsC2Pye)na2I%5*$~q"vWoTOv̻ ,z1k!!c!5Go.+2}5+ BG`Œ䟝rJ-Wb1a*;|@Dh7Q"p\>̯{ZzlWT|gnnny87FCn-bݦEgx`5:%D+RRYv!0xi g}>Ӌ2=&|'d}J= 3eM˺FMҨQ&5_@& Cѡ*ڼhdQr[CN[sYQ<.`T!/>&DʓRz(fR7uϹV( R6LM>lBH,bo%?w󔃑rnjqH( )sT}3… }6 s6r7==<;9JR,9۩|  "~$] [b w[KSrϢt]'){xH RJ>5|lv1SHsOW=^~Y6ppbM9Cjd)cwj]}0>J4Ar|-p9yLڹ ˢ`36 ^<"D̈́=?AnA5-렽jI-$h1o.g:I+YuH/qUuؿ_eS ?ɫe"zO9pA=U8\Eq>/lZN 08a^ep?Y\;Qꦄ=kQC6?F7)JY,D; 'fKAsyX/d#/\s?P -F8HT-2섋˚mbmʵwGH#ɋ!_:5B9! PJՓOpr7lȍ I:Vc~%n b^ERhMx\ fґyU-&0EOvDH`0$rGUh6;"tqs?c:,gv Yn3 c-ܙ>@vzv))P ݹ  W~jc%moqG,ms8{5E.1`>T0<0-IS!uzC,oNJq@ξPBjス5̸OF=6O"7qI h KDw8 Lx5ԕppf{P] 0ZR&#@vx٭Tru~6 "%!Чk@9fJ0s1 tS`,m<kZ+a'39&B}"ȼ=+Z)-EI\9 d} gp"?9TP{]:E7uaO(cx-C-$=6G9tO[o琽 e >U-r%MIdr+ϟ[>0C# DޫΫ+Msn&Y_uQ+k 1Wja,:Z!BmZյX8O]p9|H_Չa#nG\?"ٝ|uU̚5r%pmI/0jO 26  (Ӽ"mZW9Kdv8$9( -s*WrPmbt:KR4m1`rJ@.uBD"t.}Ş$ia–TVj"..|ퟃ˫ A( OHoM7`'ikƥ-N'F f@Y?6dvBs`-ꪡU hZ]Z8R"0C0{|~|٥#*<JH;bM;gNɡ6cV[ϭ8E/Zd[%wdgx\GeH|OwZa.gcixy‰3h1ov1jcW91S;$'`ħ[)l˘k5[}x l唥ueѵgH!iuV۾=v&uǭ. P!6+1 ~7S';{U8.myӘS0ר+gCGe+BS3|n/>EvƤ]8[n0Fx0{}o//ڐJB;ס1(TIy+Z[  |&\q7LY>d!9sdEd'Nq} q PE1ڶH KיA;W^[z=ir>_?ax094rэ}eP $l3|=Yi<%E%;J6eŗzUBESuY']x읰88Jg/ qqNsT#/RI/&!k,CNLjWF/<}^/$19~XR s'BKg@Wee+m2/$OkIF&=MC~ Ӷz-az+^^Jc8Km@#H4[H 4tP [Vc-g ۬,e ?|Óɱ!os2pci 2-_WPq-!s+ؼt,sG[Trnȇ`MjAaߕQ2I,lw-9{{ٰ fgȈƅC6N՚j5fvJ3r;,ٱ^ |C:?0d%g$YP ־|em$lwjPIBeπ"`(-[mdF& @qN,e]N#j5 <0fFHqMRV:HM&T ct4Y6wG dQ8"j8W?v =\RA)cm"(Qsbdɚg³G(Mtgu]N&-Ӆ\t|dqҪ2f'^BP9>OS{]ןQs?zmdɟcue^}ieapm&hnŠcÇ7 TA=8 GBmP&t~e!&-_?vhaߑ`Lzù}D8I(lqLE 3\H}>DS4" "t>F(X:ŋK} ,cg=[l3hpDAF߷_P6| P~J K6 6;y>b%FI\W(Y hX $.4?K 7aTP  uy E0GŠ2GB%QOz=1t7X2t ٣ɜmܭK9~06rC>t;Hwy;ZrtOVw=1EhE8GUKfn5ߕF@V"e[5 L9WIHl c 2_{ k?쁮bW+P5fuAwW-`BDeh9y޸P}݌?J DP<C Ll? m'vL*RoH 2* |dU>}j`]?I}=>0>nd@= Ұ9,PI{e;SZJ/i 8cKj@y&p`?$Yj"N:+D#i2U95KLJ%qÂQw 4yYζGz~z FU̔]3 6hCKKOY,F: %䦋ѾI6=#HI"TU ۞ȊEWDf>mF FP7R E@>wrhI`ɘCQhɨۢoJUtf,@%N鱑BF>WS-by>V0s_#;9SoR %eJ)!_PkQRtۏŲ,> -n#ɪ&q=Lߏo r޵.;%GxRG'0#OA׍A yl}:u.U2r͸{y0.2< zO;~X?$BrGd$'eW<Oy ̾.|Gbi]jEAuǨDp縫j௭VfC߆l 86 >oD[; ]NLS<*d79/VϑYQϝ3ޢ5OVB9z"TyX5).R.Tmie&悦?{- }!6'pː0;Y |>㶽A$'ܿyl!̙=mw5O ci@ b(#u0f%hNɥ+|J>DAUƋq@[Qy!T_2&]&p[A${J 15^%tۓ,@P?]$76iX= Ƿ m(" <%!m5DG_]31-V(T3ΑK/@B[$cFո'/陫m=O<;!3ܪGH @UF0D$2U=m1x@j!S'b3^_Sd{<ͣ!6>\Ž]Aw?ˮvq5*7I^fz{`Ɵ?͑{ێk:#I]{+@ߣ e'WQh@9VV=!DZlOx_4atUNK4k 9QR$ZB UeQO[O\&clYG( ~+zIE:IZ@)ZOt:ٯS>b 6.3$Y^ܙy:*p'~p&ZWlnj_-NC3ˆǘ'%e/{ln=H?\a~`7lLW}'>yG߀ޗM+V zaXா`զSCA3jLłD4УrQmJEԅBi"&3̣0 {)41iif00ÎsdesE,+7Fb9oܑ箽YՆ%q4ʩ( ‹,+4]|egEOJ'd2w"ѵxݕn.I̞)d˗"eʹn/YS péﲛDS{gy7U_5\yl#F/_[| /DqQwC} wn+w,.f #7߭. 4j2_C>{+s%o<)BOGᙖ|-&λCCm=cC !@B9׮t"GĢtS6)kjî='Zw 8[~Qϥsa{؃Qsz.>1Z4c ' c\=C J7ʍÓ-EnAseStcF xsЕj BA"{ђ5Į_*󐪳؃$33Y"9O_:YUduf]$Ij+̸+YfeI`&COb dN-ZR۷g{=P"_ID1@Y5N/Tuю[lg\jM~X6iɗ 2iyKؕ  S 'F#tp'sxV?Ut5mN=ʄM)u=kt>:~O2, yN , :>P~GY;a^[0urjɦWuYҟ8)",q3ޫ%dV~-utv(u9*hmB<;hyy*$ѹ}6/*z Q@ 3aUr('A0p)QhwfT{ΔMzVjsR 4>']މvy_H* cqZ% O f_QeP9*N0&.WI]2$,%? o 96\R =E4k/x(bw5^n)-_OmŃY[!bDlOZ?3s$L8P4%HkCtTcn7g9$e|XrӓÝˁdPu 8~p1q@ _t@=f?Mxx3L 9zy/6\| [N=/š)_F_S;hߓIN jH_Vp'QĐ4gQP=JCm I <;ɤ\gy`wrD׌66;͐K@< Nptל NnY/ GWDiѢOLfh!C_m c+pq(?XTࡷ*ju? Ũl#b%*"<@1-K󰈐XvKAF( 0kzɳxUj|U[c8XC%pѾ GÿP]H8gpGp9I 0. ylجHwQ8qlcEGy.U&xl zhokHWEXi~M7{V7aa*?;E ?>ⳏŭNSa͹|V#b@cWvM( * Bayp.֑&;9T#<٘ I2^ `nem~z=3Gg䙄oQij=On5y߻! v>0J*!.簋 h"&9vSrK,,coUuw&VE6JX[9LUw"GMYj@s|ЌEIv}*(1L;lhZe~&y%1 mS :OA:#/{z>)QIk dߵ(z V=60sױA).b<@~?`GC]Է[$KWOnm?; `d/=_HY:s24ҁr$IUF?>Pjm@s|\z ;qO00wOrO*dkٿh!_h*:w*Dƶ`y/θL O#RvH=<"Inω()ʻv34o"2 62*R|4g*g~=1(O5᱕rj s\mc~ieyVmXԮ2]/Fu=e/nV&qu̜ /75 3L G¿Qb~(In hZУȍR1`M4ɹMunAVb>ʴjA&4 s%ٛ^HYJ ʎ_`jM3lhm4EKY~HeFy$7ihx7yxP` 1ծMƟ)îŊk(wLv*O6jLs=$52CM!%gs TIٍuFP3l',):8m^nRq;5ԶE]lw1FDƋ;M7r|ט:\ %/^N@DU%̎< G,Nѐv7]^95Ɛ.2+O.`ŋ⡯fӷɾ)vԓ#I5\lbS ԛLEt06:%5{7PIV8/WR }ayD'_faPbd\SP4OI7Wm5aPY/`=57y2Lf]tJ˸p/82s)? %ԍGű2 4&:7+eE{2bWtv[3[i0bˡƩ39c-ɫ~j+pO0j-L23"sp sgn~]n~r x]NP'0[1ve(|0TM6ή-G"-ZA6m+R~L=0=KF9cV|2+@1/j|Hg$)Sw=v*yqBr~9KTZ951\>Xm;:|982mZS~Zvv;*<+os+{+ yXPfI,.7˼ 125`-ރrϡcf]> B b$wT"7-m[j3m T8z72+GSg]NK2c,1Co5gl3snQwSqa 8ـx6@d}uϞ:?H!;7iD <r.w<'Ve&Mzfl6XIh/x-XzĜJ۸e ^85 ݇[ϱQ9,v/JzHi> .\\TYU([{Ȑz9p$/<SZޥ^V菇CD^%N,n'I|qqwBxX Ҝq+ܼ*tO.Xbks|irͣd: {j(U!dT_i3Pұ[]'ܤ: ΒnzA;4AMҵ|R@9=ƻg qaT6A\ypejTee 4 _,Q) yi*ÎM:oP<-Ro`sqth]}ɩBl"-nYܩ`VP%K'o f$6%<rM궎/8D5[{Ў"W|~^u&3`S CGu-/;lia1Ӌ]frWbnf?ݧTIkN0C *Iһ-1z`A MO^lMl^çF<;ܸʽ?Z<)I!Lw٭[&Fu.K&b`nl|Hp\P^wMiM]R.~Yj3(Tɒ;0E0MNQ7!A]е1boD -7F c,c!tt"K >;EIR64d0[Lw]9ESIj(tRmΆu\|7D`Wڿy`# _AGoËΈ5кcM;Ws5,bK6LwKdt -;U͒ҋ$y2K[]w\UB{rڣ'xl6b|F؂&mLJ[hUIbnM@ޱ*t A]?%kceW?@󺪅%|̄Pе}=g"nO}AVJtsEz"b@|h,i!ٮL݌F},r % B C[ pgp)$P)#oS@YD3ZLW /i\[ˍ0<ճ"gZ&$a/eT3ld* [c_dR])<ugn3hKRH ]h+c0"t 7MOV!$3QҠy=u!;Z60O6"}[Llk-{yU -tG;$sULDZ* zc8A딯CKNw# MR5YvHIQߥ$K7S.\Ϯ 7b=z[?")J r}B,7`4F`e|A,[_h[m7.2o>2V44JC dj{̥Ԓc"Dx bmT#Fp=s;8[3sZXIڀЏx #A @Pn6"QB'hI?%٣t3|s==g|S Tʚ yfl3f]D,eHx>U}cl^HLi\`U}U`\5y@@b*/mroʇܔL*;]JIYЂາy=arєS1 Ǘؕ eQxxUeDߝ!lO9 71hwKE[OD# _qӃMӭc%LѮaL$ѽ#QC5(e]zg ?E?vUF6v&7ʨ.Iedc3 W=$N1k6th0Mi3Wߣ2zzP8VL 004}DMwjֱk5S]AE@SZ"Ұb޺(A՝'J*ZB6 zI (w|Z5RKJo3cۅ$*{®G"+bGkSTUZeY z"iӹ 8ƨ4_'DԉXz$ЗzWdm,vj_ 04B';-Cb@`NpjټH (߭GQ!FQœK.s̷,AbI&Y!('ѓg(`͍>\[𰇼VU:C@3jrѳ@jHt X6N^dogtG|B{ak>q<4$-"+YGC+'ـtp63R38H=|:]!6L,l`Y-Ҡڴ8D;v׽c1GI/2~#t 89a*|VdGgX,̧Yky\}F^ڻ`L7.N|e$;4@[ qݯ("`"nvB=;,/XƾawTj>@H/A0?Y?x!8ށT1_\*6SݬPD-+)*WÂS+iv+_Lh,]4nB"Ĕɧ2ږl2cU4e2Cρ ǃ@)xǥmCaI.GfE^˒_/x2-k"*^+v*5Pi@W( L!kKw~}9w6)CX0+ɧ%yq`Abgɇ,gHU]PoGc0)@)+W߻U@e%1Z D FFWff Oe-TUK8`XJM:ƏHfjIXJTVD+,C'g-><"Oz`и\vxּQ1y"Q"l7韢' nb۞Ӿ'`aQ]ɰln ETR<-EҋL3L}t*gvzkUd`/$&#-'NN\yc Bi:Jš,pN>ƁW|Ѣ!rr3qZx^-fͪsZ߅'R)A -`65(B!$d^2Z#ötJ*<˪L7qCcMOj=R+=n0+gIdSy6n)]AN7? EET1 9"*[?Cgp+&WkdD׊) >a3/.O[g 8VkqAM? |CXQ(YQLS{MMԠGb w̻g?!0h6~C2[TnE{;MumUY@,!bQOv9>Vu'4ao> -  #7e\X([j'NN~GT_{* NŇxA 4b;XXl9|苈1'lD5"?f{P1SH=ȫ&bls  kAhI)"̅y/wLo> 7TQJ?6P + 6,p3S0/K2÷bهΝOg̈&u+P( 3)}1߶ֵ  4@#Q.uQm;qݗ2l aJ/.:έn/qO MURo(MUj-7ڜ rX2/~=1Բhs{~%) V |"| y=Y H{_F AȎ}6<pj]x( ȵ/t #/vyy$G J&K(-BSsSG\Kg( ͖HlldZ!4‹,/U[çSΦd+ȫ""Kwv漱O:1FC™M ]` rDfGvz>?h+JREj6[4UeIg̖RIOڌǰ7臢 ~,c(N"7 dg:pY0a,3h i rt𮋸n0./GMZҩkW:aEA0]EDuicKC5d7ّ6DWtC~z}xsd2t3w!{sUWU37rDm1 Y.^KTGpȱjv0nAc#g8 Zw| ԝ.qK|(b= c%^=aT7RJk~ OJ,ىi#;%g @^F.`ԚvD IS6*˧>QݬדtyEG,2 Uk_ +* zŽ00=|7h3vVZe3!O@X;L% dmPuPh7|ެ߈ĖoXjl3&뭂/ -Y ߂*糵l'9<*>]RWqu*S3пM.=9t; p&Cկ0X!vV 3%ugx }K9jZ ;ʠoRp*=(\(Kn7$' ,bf0IDžqf7 K4T J^x'4s֫dL04nîCެWc J}B:fsCa+`xhKnRgu;cA8~WuuG/V6%"zh=(8?#VJ5l?ޚ;&rКcQ{Ny96FLKgb7\ONIBpʹp6%lWoޛ\ RŀD&՟JN:9(ktǗs4fW['çh3|i? qs?_Ι~בʀ|9I"!lS5)f]K0Ip-ڠt"ݠCs"Zꄵ-D[]O8@D]PH?6DkN]U^2"z7h\ 48OMY]OI?~5}h9:ZLWg:9mM6w{. Ī۟8o ES[S^XZ,Kb @5*"ZO\N{w޽)^iڻ:w1=Cyuu?+B{ #ѸeE g%jly8> ("X[, nV6mS:d?"Z_Kwk?3mÂ/c؋ Og"0MR!+dLM0~DessK&D=\z+ kRF oNBfyKM,bRDEcsoNGw9g 3OD+MDI?'Gs-hLL(=o쳒(oEO7lP#EWË7{'NWQ\p[~$}{|Ox0e7SNFq)$$>kPQ,QR#:Ӱ)D寒Ge%IeC/E{T⥛a$w1nNH6:?w""a7:ڧӫk+~XƳyE5Y(fEY\[:pP]9vh]?r^E$+#4qtSB{A)"bMD5Bo_GiqSMM*IkJmcd_ӎ.u.Kt>jׯ` ;rlZ (VXYʸ5?snpfy 6ehgpkc qBֽ"+0śl!MU7@Lo:43?OIx+g!XOʎDQRѣ 8ۋVtڣac6S*xђ:&TJ?%cXNbgϋꀾ?k@e5T(+_h覨ܦ[5nPhGB6/d,8,FExLCu͈_9 |c!;PX" b@qRgV\i*XDyhIrv_@MƋu'#m5R(ɦ9uJ޳l契LNqסV0.W0+e/sSD@.je風X6 q7'qc5Xk循c9fbΤM-MV-X-BmtYh82wOXXlK:j=h츳/J-5ǟ? BMO¼-MЁKLS Ĉ7C(g,|ሴ}SqH53\išZ>n25EGXV YT `џRM/ B)cCi E@h!cg`t^2ߗǨu'@B4V^{)dR٩mKO_rC@(.+:X:E Ը|Gb @?ڒR)f7oMh"T ^P" *KN|$ d_BQxmP[aZҒK{_(P9Xz0)v&k>;%C(m~q/ / WDGk]DdT ꫾Qjmfh_;y|りdW1͍E|3ǣq :qHƑl%Eϛ%3D~j}`, : K1AFEg|-LBe޾#Bk'LBGN8yRYT@9JɁb 00HB M#]ci FĎT[/ZY2 =;oK_cM&ܕ`CyUv0r)Ρ9ܿ{+0&JYFmn\j7^8tG)\NJ &X #\~ Ő}mUܸ̱'W,Sl =u-b~>j_wK Soɭ<0&@aRl O-$ ;ȃѱi]#]ka2%jr%WmP3DB[|+!VmyQ9Y[fYdUV ,PN,m?0^Id%Z \"{y__0 /MeA}``vwGŽx6oCH/FQ 1Tݔp=eV;5Ddhݵ'(k uqVJpiyou< >F } hI:eJǶEJc#8vLjm (]7Xc+ꂼe3ilz`΁<5FkHI28|O )"v ߂iF*J_p@॓ '01Y6 %b8zy[5JmopuQLAR 7V@rC(R3*!)@q'9gZ)lLZ%PuoC ^jEηuP%EݭO(bjg] WԍUD_8]:|0Aj y+2ofJX*|¼9v(ZBhvOa:[&D?g&WzgayU].@-B?;D8S CÏ$'u5H.*&k#K;2x7{c;G<{Isb%qG]si7+ivq։FmyD"̪k/|xI*T;W:O;Bvg?IK {?{/BU4j/|=ÍEҠb&G#ZF=켓Y$. gfYכŧLzvc}U7yVcnTH&ȼyx8WAza=_h X~Gد߸(Ҽxz "mfGqvtI.\SGSUw$GWk#{uI^옼G+6 i!SxLЊ ;z=g{q&>(܂pn( Cd:̳m?d4e?[O IUºKzո ^3hV^uam\ݟkB|WY?Fq`ǹY;Z]:pfQ"gqE3Lr=i}Ux# xsf%횘x%G3^%0 ]}pWBh.}*1Q6u3A\>?v~ȳribV>]=gи#qa\a-:ee{#pJSCKvbTٳ㹾U6ӊt ?7?%Q<#=/Rx Ua9Z /빡i`yc;sԚAqpȢ%ԆᨶX1kL:ZT ݸy6i4ulv[1ng,> 9]ѓډ2aԺB 3}89  ̅E;`}DtVwl65Fy6Wp@U|U^&cSC[p!A4:Z; "GF$~+%}[~Z.T[ oWUs$D)[B@1v soAE.g]MbcbYƀ7lA={fKõs?lug_5 \%|Yn(]%C+83H1g>}>/+\¾hQ 6%H9pI|lJڏ+w 8VL-_c=wvuܳ`jAup. )| q8jƅcAu":%!_ (dP*cu ݃–S.ʨA7f5 e/.b{ d:"Ќ S!=m^ v.7-}xD2=&"n=:'|EPZ!kf6 +=g.kH `_oI=QLo_;#I7r 6`)e,T,݌YIN#&i޹2=JMDW$i'$zovdvzЁĄOd;nx2Wښ9,i>5: OSޢvagd }0 PpS]U{- T35̐i#w_ҽvէ?Ţ4wR9\ZXI`NIa\ͫ N]<@8r? )t?~/_P9SpqgE @}36]ʑC&_r^uQUFOk|m*Ԛ`; EJy}yIjI}* MH>NlgcLn4aŠcr_G Zd "긗,>4^.amXt/I: B}-QK[;MG'& KF*ZqɋgAA~7HvFֲ; ҜojTX 4l?d?OtiGP =“S>:q@hcή{NX # E H%!<)i`jlOEwVL鸛eU#1pS2;0PΞ?Ίxlh7& rX,qFG>Q{*wVk`R梤52^ޑpqzq=EE4Ƃx#">fꨇT|V@ZyezFlYƦsiYo$a"IP \{4|?H`s,%͐aq5DCSd<ƕSՒNM%64t:|w'a^)N;lPiI &{N_:%ԞfolrJ"-w}:ugDwꪣ ?pPהܰ 2!d\ɹi"BvypYC'v@X\\7J|vax4{$ rz圢o,HzIʃk/+Y*)͠큈^Xb>Zrx uSƹAx*ֱf: Bd jH3tm bؘklC." 0;V`l]gI5#oc_3/'[^ hΜJvdap@q0CwMyF3Os ,#Q fp|{pG4G◧ɜi*)o l4yV\;CC\iK.#'FLOjO4*[[fS {ivAwsa> 3'ÆqpuD& dkN7f\ >כcj}z"SQ:\|O֘X{1@k~v]@"2vxG@nʫw:9;Xr _pҌ[(LRZl`4E#Q8iBe=%D-Du0,"{! փ -ЀkMNܑ@CYZ- W|@Q#m[07b̂ p(|?2#2eqﮦ !Ag5b2KGѰg YuSjw~xWIR7m|VcgB?i zۏuՇi߃68I%IML:_oEGtGnU+~b*1JMec QXg Zj_q81EqJzDH-|7n@s{IW. =դ= [ƻ,?0B2&l(Sǟ5K1S[#SSG[ gKS/kuϔ$Woi: t]9,8`_o07LE]HV.iU%IStu)02w׋Ec0bWcJmFGmղ;NNmvK)̪"']g`FT$q-:,aY[S4߆p$++~$єw~[ oŽ7DD.UL%F" _,y &*b[78}G[Q3Xva; d63=\ T^bdyA$@ퟷ ,taU9ɮ1^%ٍ,;.f?0 p&q`.^v—;B4.'SkjzvCv]Sixj*Mtog=w|x7DA«rNjV`r1Js.v~O#:UC~?V. ( ;LC#'J%lnL@/pf7됺}W~Q-p R8ĵB|`@mwF&uT&}K^rk`Wڌ3ΤbHH%ӏG78gKo7"A̖|R:.ͮYʛ5Q{I&M*> Q>ko~Cy/Wjv0 ]2}E27Mҗa:_fNI0o*Cl+΄{fF3h7SK&FLɆ\;O5 c39k#D?4vЦ5Ibs 7SGl*m| ZV}PlrP0LwUB XGڃn;R]c}[4榯uy%x bPg#Sc6Y9byZJ7 ӻ-|,,Z'qԾ5,u_ y,: AS*O!AB)DcRV,rWxo#YOB)W>O|$_4I)Vc ͤ[=QӃ2.rsT]>4fA͸TzG˖eOS$4{[]s(Tن'W֢+Եs݆} ! y˦ܨ6n5'8/w}r78?{eگ$"ݎt Kd\;yѤ,*!Rz-]w^A @&iܺtP@s'aRŝS 9[UܗiĦo_>򡖈1i(-{+@??碌KIn]5I\#.VcBΗj#фNH> s*ʖLD;%D*=>ǧc"!"yqRClHRdFm'j \Q#;7Ə+!pf3w[?Иρ3ŒQe,>ש25z7^[M@">f%)Fqƌ 㚈:n)J.3uQJPyg]j f]P:SY? 6 gOӒO}BH|VZ48Fu@w0M].`m_S94xpZ)[2!dËzֺf;FnսP/jW'k/WA1>Ү%!Ƭ9p* KĞn(? `c"jZ.fo}0(W0Wœ$\"ҝ֫L )y[XeZ_>In =1Q8FǿMhS%fQڬ^w+$IwgSt\Ĺ,jkKwpZW"2Ottk%մ1 r1t÷B;E-r+1a.7~- xJzp<17#ݔV5}x\WՏwOHjQI ;|,@4!͓r#.fR2-zۦ&443*jt</vRգQ̈́aH#r+DUͫ,Y1&*!3*,(b6RQkx9RTY1kE9XEuE S R7ީw}Ɲl7]?N/a^])CKyD%^7X-E&.KROhO(ehkU0e9~1yYm~] Q֠K1g?E^`kHIoU:Q)iF/%eΝ z!Nbw_**l|Nb?Ahҫ1>P{M"N&#죦8MrTzRbm5 /mМtLo t3@5w? j C"hV#I;OZ$"۽G6C/Љc]ߧ2e+x4@`~R3cf%T3]r}C6q@ 5A弾,nøRh{ib> Vz:b>q--5C4tɻQ]arsV.Е.OI1:ov֣^cY j+в bB0*C ;P ;b?&" `͛'!o.ia&61|*Q0]OK~ِ+G]յvbɂX\ Em8~ /ˏp苄(R "/B]яs,vU,ÆAu+Caỳ/]Q>mt9 kx0Z֡}B5m .bzYdA,:X,=?QaccY۝t Yd58H‘xv:wm\dnAq>ݣEiƐK} I;)Цxi"Ok/2:23J NHEF^ ,'P⒲On6mPJkRȋ*,S MIguanA՞WS&b WOlxć4*je~ŸqɜE{j(?ϛ7 BD1dT?0ju(Ge܀tXluқi?7pA~eĆo|ǂkGF rYW.X ı(܋sZ Yv\+Ck(0EX'T`Sp *[30W@_T),Y՝8=>? J]e@Jҹ[Kqu8U\=\mO5y*5<݂2fLQeBjoT_emѢQF f;ZDPqhNXMrd-ш%~|oU5',g$UH du}eR_={rI[VVv|6 gfat~v 1 L@sy{ޕ{2Ѥp hJsUdG|2Ntߐ |AfnpϘm/#a!jPK]9 n%k8`Ffҗ|- `ǼO2E(`5Q,/"3XbU.+1ury7NYA1a*%*7,ڞT},G?Å\#@iV.٪y.cEnUչN%鈵¦w;^r0e̬1#V*keF B{444A=J]Swo xy55C J&*񳏉+ >|V ~~fFBJYЩ瞮|0BD*K+7<: m8Qۤ+pn엮o7=k%n̘y:;c*[n_OGMN<]ȍy.£4QA @׭"؞zD!YcQpDPn| M*΅&(BTwgewVfp$JU3jʸOA#բ޼;n*N8x'/RQHsפ(Cq:)(N)+F-f0TT,Vo %^.#tXwBAumxbY9F`{赯^dS\iw%@ O}ZQV#{-[>MKșW]EPFe;x۾KjӔAtc1~$CI{B"nW|Sp"my#&Ng]7On) FϞ6rQf06AO2a9ƪ_gU.Q3ɯަ=5aK8MࡓNo$ڤqn;CV3: HM/\hI~f"wˊC4$0_z;`"7LoW~Syi80|ܗ] f?5:Wd+hZ!'bYcj7hl@btCEMw͇Z#_WB!F y0r^" -Udh`y%W51e)XQ_$ ˀx!kṙ 2d 8zoj:0nl|L2,Yky$y8 8ֆܫ,W'zmM#`CVap<3e/(U ]UpNr"T/bHwzTsw*F\| ' wFvLڨUi] wijFE-?G q*2f:7p::\6~/R~/)X᭰J:Xk}RT,ાxnP& QIZW64 Vw\8|$|jyY~Dx-6И\([;HtNu\?ׂ*O!`tIKL_ݕJ8eIRU m1 5{sB|&GNC% xWeKrH:ĬMenB;s_0P׼x8pk2N!~<ʫ^)OO8R{9D <|])SGxj&s 7{p!(o^Lcwʟ- BGxx6oW3dT&'^ i\|E+uSNyy֌VDK#Y5melZEzb S>-eY\,X&ڐī8 Ȭ˵oK쟞*D=H {$Vnl`^O?^BK.'BmX˅+^CS]^X{ycWb:$ITQi5]r<ڡW>km`XjReY둫6`J X  U"=4yT2'<ihIqG< L$' (CP} w5\,} 'q2 f pnԡc鴢r;p(^ 1Rqxl"JqFSd],d:c@kukA_|(g[ſkB*MZ 6/,ʒ3Tc\.iBo7=_VRׄti5ә#5^=A˔ hs C8=Gc4sn].ZDI^l`SPrp ezJ㉩ہqĆG3SS4. mB~OSW=}&F ñmxHM_]YgYBa#%Q-ތʾ^PiMf1z4 Q4Ncp6m{2֬ Ϝ<@/օX{DÙA;C7w3 yv9I[[80%u t3g[-Z;y$U36ȏ.v[m[_aCXT6xQv+Rf<V+ýu-f;?틴pk{QXLI0/g{ >T=+j5v?j4QgAa\U>>YM:CՑ@b^ۀ5gHꅪjd.ERt N}v1 |02T{rDs3j *;(bl+H`'ZsH hQ&;~̔1.3[7ՊKl F qj\ɚ-p $˲#3S/Etk aHQ$fK1UcEAnGSi&vEMɃ4~JN~/45,<0<ʏ!( z 87G-*H“XUW;CqrG0aɑ%|Dl`;N!aTb ֻ a)䜦w#Fw=ņB1|C%LNKDz$IIіfx:>/!IfH rC L |ۗb`WM[ "bIo("2TBC%D|c j5-*fjʫgjN쨄\ 3l + q&.&o0=hZ%̈UAuLr|T\юQ*ⵓCMFtW`Cq ),1 =<PnS/ 3J^ 2,c4W̡, hŴ+ytMpg1!Ѕ7 K|#;gXd׋RjM?u@Dl"*[]S3XuIMCDޒ@ع,x`Pu>tWj ˌtmRFg5פ9)/Al>:JHo;l%t" %Djĺ! qcWU#tM]icBvqx%iUu8Nʘ`nmGӎ_2渁G#tY3P{m\A MFvPQ-m-J bOgѱ/)]xj]cf:Yvm^zGϷtZytp莇2kxg=5