libcrypto41-32bit-2.5.3-8.1<>,Z/=„& o u[=M&dqjȏ(RIfX {\ &[Ul+n`ap3u.*'1R-"i. BD FK 4WdXW(9:3Ix*A^ 4N4&h>U}ut@ :йҩS/HLaytn jAdj%OןU 6ER8 >:@ ??d  Apt|      : PXbly(8"9,":T">=RG=\H=dI=lX=pY=|\=]=^=b=c>hd>e>f?l?u?v? w?x?y?Clibcrypto41-32bit2.5.38.1An SSL/TLS protocol implementationThe "crypto" library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the LibreSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.Zlamb62openSUSE Leap 42.3openSUSEOpenSSLhttp://bugs.opensuse.orgSystem/Librarieshttp://libressl.org/linuxx86_64/sbin/ldconfigܡZZ3d40842f6ed5b3cbf8aab4e8832f779dlibcrypto.so.41.0.1rootrootrootrootlibressl-2.5.3-8.1.src.rpmlibcrypto.so.41libcrypto41-32bitlibcrypto41-32bit(x86-32)@@@@@@@@@@@@@   /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.16)libc.so.6(GLIBC_2.17)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.2.4)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2Z@XX@W@WWWZWPW)@V@V@VjV9@V VU@UUU@U@UzU@U @TT@TÉ@TT~@S @SSR@Si@StS#@jengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.deastieger@suse.comjengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.deastieger@suse.comjengelh@inai.dejengelh@inai.dejengelh@inai.desor.alexei@meowr.rujengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.de- Add des-fcrypt.diff [boo#1065363]- Update to new upstream release 2.5.1 * Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing. [bnc#1019334] * Detect zero-length encrypted session data early * Curve25519 Key Exchange support. * Support for alternate chains for certificate verification. - Update to new upstream release 2.5.2 * Added EVP interface for MD5+SHA1 hashes * Fixed DTLS client failures when the server sends a certificate request. * Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. * Allowed protocols and ciphers to be set on a TLS config object in libtls. - Update to new upstream release 2.5.3 * Documentation updates - Remove ecs.diff (merged)- Add ecs.diff [bnc#1019334]- Update to new upstream release 2.5.0 * libtls now supports ALPN and SNI * libtls adds a new callback interface for integrating custom IO functions. * libtls now handles 4 cipher suite groups: "secure" (TLSv1.2+AEAD+PFS), "compat" (HIGH:!aNULL), "legacy" (HIGH:MEDIUM:!aNULL), "insecure" (ALL:!aNULL:!eNULL). This allows for flexibility and finer grained control, rather than having two extremes. * libtls now always loads CA, key and certificate files at the time the configuration function is called. * Add support for OCSP intermediate certificates. * Added functions used by stunnel and exim from BoringSSL - this brings in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc. * Improved behavior of arc4random on Windows when using memory leak analysis software. * Correctly handle an EOF that occurs prior to the TLS handshake completing. * Limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. * Fix incorrect results in certain cases on 64-bit systems when BN_mod_word() can return incorrect results. BN_mod_word() now can return an error condition. * Added constant-time updates to address CVE-2016-0702 * Fixed undefined behavior in BN_GF2m_mod_arr() * Removed unused Cryptographic Message Support (CMS) * More conversions of long long idioms to time_t * Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the previous behaviour. * Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions. * Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.- Update to new upstream release 2.4.2 * Ensured OSCP only uses and compares GENERALIZEDTIME values as per RFC6960. Also added fixes for OCSP to work with intermediate certificates provided in responses. * Fixed incorrect results from BN_mod_word() when the modulus is too large. * Correctly handle an EOF prior to completing the TLS handshake in libtls. * Removed flags for disabling constant-time operations. This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time.- Update to new upstream release 2.4.2 * Ensured OSCP only uses and compares GENERALIZEDTIME values as per RFC6960. Also added fixes for OCSP to work with intermediate certificates provided in responses. * Fixed incorrect results from BN_mod_word() when the modulus is too large. * Correctly handle an EOF prior to completing the TLS handshake in libtls.- Update to new upstream release 2.4.1 * Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set.- Update to new upstream release 2.4.0 * Added missing error handling around bn_wexpand() calls. * Added explicit_bzero calls for freed ASN.1 objects. * Fixed X509_*set_object functions to return 0 on allocation failure. * Implemented the IETF ChaCha20-Poly1305 cipher suites. * Changed default EVP_aead_chacha20_poly1305() implementation to the IETF version, which is now the default. * Fixed password prompts from openssl(1) to properly handle ^C. * Reworked error handling in libtls so that configuration errors are visible. * Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.- Update to new upstream release 2.3.4 [boo#978492, boo#977584] * Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.- Update to new upstream release 2.3.3 * cert.pem has been reorganized and synced with Mozilla's certificate store- Update to new upstream release 2.3.2 * Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD construction introduced in RFC 7539, which is different than that already used in TLS with EVP_aead_chacha20_poly1305(). * Avoid a potential undefined C99+ behavior due to shift overflow in AES_decrypt. - Remove 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, 0001-Fix-for-OpenSSL-CVE-2015-3195.patch (included)- Add 0001-Fix-for-OpenSSL-CVE-2015-3194.patch, 0001-Fix-for-OpenSSL-CVE-2015-3195.patch [boo#958768]- Update to new upstream release 2.3.1 * ASN.1 cleanups and RFC5280 compliance fixes. * Time representations switched from "unsigned long" to "time_t". LibreSSL now checks if the host OS supports 64-bit time_t. * Changed tls_connect_servername to use the first address that resolves with getaddrinfo(). * Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, * Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of sizeof(RC4_CHUNK). - Drop CVE-2015-5333_CVE-2015-5334.patch (merged)- Security update for libressl: * CVE-2015-5333: Memory Leak [boo#950707] * CVE-2015-5334: Buffer Overflow [boo#950708] - adding CVE-2015-5333_CVE-2015-5334.patch- Update to new upstream release 2.3.0 * SSLv3 is now permanently removed from the tree. * libtls API: The read/write functions work correctly with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode. * When using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly closes the passed in sockets. The caller is responsible for closing them in this case. * Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported. * SHA-0 is removed, which was withdrawn shortly after publication 20 years ago.- Update to new upstream release 2.2.3 * LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. This release corrects the handling of such messages.- drop /etc/ssl/cert.pem- Avoid file conflict with ca-certificates by dropping /etc/ssl/certs- Update to new upstream release 2.2.2 * Incorporated fix for OpenSSL issue #3683 [malformed private key via command line segfaults openssl] * Removed workarounds for TLS client padding bugs, removed SSLv3 support from openssl(1), removed IE 6 SSLv3 workarounds, removed RSAX engine. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Switched `openssl dhparam` default from 512 to 2048 bits * Fixed `openssl pkeyutl -verify` to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more.- Update to new upstream release 2.2.1 [bnc#937891] * Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API * Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL * Removed Dynamic Engine support * Removed unused and obsolete MDC-2DES cipher * Removed workarounds for obsolete SSL implementations * Fixes and changes for plaforms other than GNU/Linux- Update to new upstream release 2.2.0 * Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1) command. * libtls API and documentation additions * fixed: * CVE-2015-1788: Malformed ECParameters causes infinite loop * CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time * CVE-2015-1792: CMS verify infinite loop with unknown hash function (this code is not enabled by default) * already fixed earlier, or not found in LibreSSL: * CVE-2015-4000: DHE man-in-the-middle protection (Logjam) * CVE-2015-1790: PKCS7 crash with missing EnvelopedContent * CVE-2014-8176: Invalid free in DTLS- Ship pkgconfig files again- Update to new upstream release 2.1.6 * Reject server ephemeral DH keys smaller than 1024 bits * Fixed CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp * Fixed CVE-2015-0287 - ASN.1 structure reuse memory corruption * Fixed CVE-2015-0289 - PKCS7 NULL pointer dereferences * Fixed CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error * Fixed CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref- Update to 2.1.4: * Improvements to libtls: - a new API for loading CA chains directly from memory instead of a file, allowing verification with privilege separation in a chroot without direct access to CA certificate files. - Ciphers default to TLSv1.2 with AEAD and PFS. - Improved error handling and message generation. - New APIs and improved documentation. * Add X509_STORE_load_mem API for loading certificates from memory. This facilitates accessing certificates from a chrooted environment. * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by using 'TLSv1.2+AEAD' as the cipher selection string. * New openssl(1) command 'certhash' replaces the c_rehash script. * Server-side support for TLS_FALLBACK_SCSV for compatibility with various auditor and vulnerability scanners. * Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more. * The ASN1 macros are expanded to aid readability and maintainability. * Various NULL pointer asserts removed in favor of letting the OS/signal handler catch them. * Refactored argument handling in openssl(1) for consistency and maintainability. * Support for building with OPENSSL_NO_DEPRECATED. * Dozens of issues found with the Coverity scanner fixed. * Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. * Fixes for the following low-severity issues were integrated into LibreSSL from OpenSSL 1.0.1k: - CVE-2015-0205 - DH client certificates accepted without verification. - CVE-2014-3570 - Bignum squaring may produce incorrect results. - CVE-2014-8275 - Certificate fingerprints can be modified. - CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client].- Add package signatures- Update to new upstream release 2.1.3 * Fixes for various memory leaks in DTLS, including those for CVE-2015-0206. * Application-Layer Protocol Negotiation (ALPN) support. * Simplfied and refactored SSL/DTLS handshake code. * SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932. * Ensure the stack is marked non-executable for assembly sections.- Update to new upstream release 2.1.2 * The two cipher suites GOST and Camellia have been reworked or reenabled, providing better interoperability with systems around the world. * The libtls library, a modern and simplified interface for secure client and server communications, is now packaged. * Assembly acceleration of various algorithms (most importantly AES, MD5, SHA1, SHA256, SHA512) are enabled for AMD64. - Remove libressl-no-punning.diff (file to patch is gone)- Update to new upstream release 2.1.1 * Address POODLE attack by disabling SSLv3 by default * Fix Eliptical Curve cipher selection bug- Update to new upstream release 2.0.5 * This version forward-ports security fixes from OpenSSL 1.0.1i: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508 (partially vulnerable), CVE-2014-3509, CVE-2014-3510, CVE-2014-3511. (LibreSSL was found not to be vulnerable to CVE-2014-3502, CVE-2014-3512, CVE-2014-5139)- Update to new upstream release 2.0.4 * This version includes more portability changes, as well as other work. most noticable may be the deletion of the of the SRP code (which has not been enabled in any LibreSSL release). - Remove pkg-config files so "pkgconfig(libcrypto)" remains unambiguous in the distro- Update to new upstream release 2.0.3 * This release includes a number of portability fixes, and also includes some improvements to the fork detection support. - Remove libressl-auxdal.diff, libressl-asn1test.diff (solved upstream)- Update to new upstream release 2.0.2 * This release addresses the Linux forking and pid wrap issue reported recently. - Add libressl-auxval.diff (fix compile error), libressl-asn1test.diff (fix testsuite failure)- Update to new upstream release 2.0.1 * This release includes a number of portability fixes based on the initial feedback received. A few hardcoded compiler options that were problematic on some systems as well as -Werror have been removed. This release also includes pkg-config support. - Remove libressl-rt.diff (solved differently upstream)- Initial package (version 2.0.0) for build.opensuse.org - Add libressl-no-punning.diff, libressl-rt.diff to fix build errors/bin/sh2.5.3-8.12.5.3-8.1libcrypto.so.41libcrypto.so.41.0.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7540/openSUSE_Leap_42.3_Update/0eaf05a89a4c58a2bfda919d1bca1b2a-libressl.openSUSE_Leap_42.3_Updatedrpmlzma5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4c3a6d83b8e67478f04600748e158c1472ac4849, strippedPR RRR R RRR RRR RR?`]"k%{U}dGd|v5M[<ʪw4I`J=t(>my̜_)_7x=eVL4j|QT`SdDBLKE:UG0"pw}1shV5 ھ%a2kۄagI6O.魍q`.;bn&i 5SɚeA8H'm;PH/ ω_m 9WA efUR؅U|+~Ŷ[MY[ho  9=[+;\Q4D;mxޣK<ƶ)65TS =_r80(ZXEtNʑZz%!b wʖ7G /c,I>K'6fx|v40;nWlUj"PQU"J3_yu}::WYs.Qcj5lpzG@\n(N\zfl36?8{P?n-̛V^XMƝoU33FϏCvԿN<ˎug0+n" є_p( _:V.M^a@z\#+B 7lh-Y]17ݰVC{()rf{k>DT1Idc򿚫EcQ@^(c]kv4x PVgN=3ύA2]IX#VN;>rb#j8ǜ*Ik:,A*򺷗q;C@* HFB b.M0kDZ . &.k(KD~wd=w'Ԙ?Ǎջpg8DA_Rg]@`gPb'8 (ى\-4x}S'lHXx҆! smdJr1!_96V۶'UzbFZtgcZߞDhqwzx6x%nW#gy @b + iߋ57U<=>}ˡ8y)DIo4e |^4@-p ;T@5Dbphhxm‹RhA'/Y.=lv21Xg̙\¡&?1]7nCV[V1Go XPy8qni>i- VmjheL*WZl Gޱ2*ዥO~i~Rg m-ʀ0\ŗXqM>y<ѵ+YX}>FD .~^bˋY:e1_n36Y_t~Qf`9Gh{KKMC X(Oj@m68%vc#wPgI>-%{/eF S91%jW cA&Gh9cXY8kt-Hj'pWwa+={sm3c%4q@@H%F3yh8o=uv8(aII9ͦjpЬqЦO9e8uBW)꟮j{TʀmN'OXicTs-wǘpc=̠zz\`ZQ?P18vxix"&O6LVȷs3%CG=KYBql;dLDHZ&|?!?*}<Էߚ(- hE%<{ޥY5L]_ctoe-5j >-{Q 1ÍĒ\^}%9~;|@'it l㱯W%g?'@ Z^ oފER)No7\Ÿkkz8$akf5mFUJ( jo\%U< pOaS['Vr$e{%ČM8ֽ2~IX)@Ml1Sc7cZ[(|ܝϦJ;bm`""i.-O3I?KQc">fyY4j勅7.[@##Z[PG!~-,bǗ~<`xF_oLXޢ6JD0L`k"$ϸme'lT=^M5_Eʋ:D_5U0G҇?٨k\RơXqM^;8VTdlhlf+rV &%"]K>isĂ;`xVVK._=mOqy`6جq+\XRa"2.{YI)|8#dOu$M>^WDŽėPO-5/nA7[g"yS N;Id86f<9f>ٙw>܇9cөJͼ?勉O*NXkH{~LJ4w=ych-Y&0{o!tqe,X]kA[63G5dtN,?P_Ra=SL$GMFJLa6ٚg6@|Cak]]d0 z8\8f;ʙ']!CGՈ`ܤe:g\-E6B{A-ڟJ%z,Kgq^`E84FԿT=l7Y6bG,f<|U߁^Hfy-^,rfN[3h?%W&Fv}$=J%\EEJ7h_z1cf7-|cI{]G7 E'M}k|u2X/?- ԟCMCqwLfNX3w0#(ڊ!#\, /ÓW&n"$夎&3k3\ҦWa0;kVFȏA"žtYot&'I`9c2=KJ_ RR6B|rED\Bc{5`?}䉁a*>=7tkWg;Ȍdb m_v8"Yz? *M_ }WIn%+} aBF cEg jDnuT곅?nDFg4gga)cK.N\LTwۦHڞa(pkTj|ZOUȽa)53:ߢF5tET Xd1imCq`QP )jȭwJ4}/B_K=1Q!۾XRşc $ԭw1t6K_4..g^p[?mHM=Y\T1(^.=:o^?>+<1zkdt*JGNg&~#vڡ';$PݞZ:g $ L8pszhow Q3T@IܼJwx5w vӢnEnYG9ߗ=]N%S|7!a{6GBŤ[nr ^]G2Q!~P4m! %lNs$FɔO8,t>^8&V6,'h; {\3'c"rF-Vr xӴq5~<ׂ8tH3" oGȤ;CZKsP,r5?š^ AuChQRFHy gJVc:g yArp `ie[GR]=j 46 yZϸS23ʖڇѲCZ1nE*<Ӷ),A1^ VZVJok(jWGXKiVƭjyH'8Y DFK!kS6; 'Y vHpZFD i._x^ rC ^oI z[VERxv>>E6 #I>bZJ;oS4ADoERpch Nt +­j fB]0I=`k#$C{DŽ͍Ĥѥ;K"ڪ((Y$ XYaõ)| ͤ)-?:͊MQ#n#M*mn:0W:hߖym#+cb(m%CF<ٍmZT6ݑit-ѯ$zeړʳ՞[ tP}M,)#HSi VͽpoywsJ]aƗ#[̬!YI;a1:c?C;.L J5 }u{{ D,WF ~׉}i=kp;N.1Mn]; :9sGaz ik["bxe^X[:К%Եm,!<*ƏIr L/7%19`f|wK.*EuaqU!\RQR?1ȬXj,gԱ,q+{po,W?oZJ$ g 8qnw"[0C(@f*o  "C|Qhֈv`f]9O ԴqdY"$7PQ"ӀMgY#׷)` OӏSPdr.;NbQ*ǫb-hkaM\40=mxaornZs%ɬրtc_OC%-\yxG8f%0r+Z ^Yưcչ5J0(TB ٜZY%V[˛LM (8Gcg֩A9pe9 V7gbC_CLBUB.v63cDge hFsX2FӳGQ*Kfh=- Ŝbv/iF,s0O7WD7ؘ%8[#UDIާ7ԭ%Us lW;~LAVЉ`M9Ƭ&|~j|V,:oߤmJVL-QRd8zPDmT @Dq!["Vމ P3]BX]2daAaРXeLh H0//CG E˭}/QYn#^O{e(fBI2NYϣ/7Ț%E ~ I:;2G \/'=]reqkkYz$(Y8mLP#]W9zIߙnm|"N۹L9{4SDҶx JTfYMVW#*rʪ2W9a!Nf`6rk$̩JB !=Zѹ^N2n3w k' \,䣙4c B2T; KB6MZve/%J5L M N s/o6@e-]Q*q6bU&jd4) {,OM:ti׿cڶKt C)}1'Ze9sD'{1R ھ!k+R?.+,|i^TKlʖܺbw3քbĵNN`X3m9.Dncq?5>Q'90X[[(rSCbnQy.+;˚8=dLSjպe@b{fet ` OaDkHk"OPp$K[N*&^%H>m?-OqUFpY?;j6%%O9 @VV\hWPnH  &4e3D6B5HxYQ_5Д+D Q7L.WK KX2õɥߒ}s4tvLŶaw4 M)_k]ӍƳsnBP?eE ; 0֧OW.(M[|J:DO^ڌawH}~mEF6_@ V;#2%y5 Ʋ| ߤ+3Bgj|k@5% e~HCd=^oXJ-S OFD3yQ?vPs?:=$YLtnMƥYH:OWe3u|8|d>s\ifs~=konÑM!S68#Ұ^텿NY1JLYʀCPI6x|=3t bbFVtodNMDAzOdT ݠُΩSopUR/xx*'ŀ;/5.m Ke[a ӂN%} }d  vQ5@K@c7Bgw*bTdqV@EȪQ|߬iЗ< |2 " ۄy!RsyNz}<עyH ybh{5`G&^v /l!V[g%Ҧ;Hh̾*Ri>~+BѓC DƁl^ԚlG<کO-u2Tʁh6Zy`qݥ_HJL|C\:a7T7^hH0Bav~jCd]E)hbQ5rf)gdU?ڳQs!-CH VlS'B*E{aҼ |TK" 0 N:{u9#Ǣ셮[f~DIf_>p1k>f*_#g# n3Geg9,Ђanի&n}0kFRg#&-H"Mw]U`% ߚSlEml@{ڂZ>5?P52 [d?jη(I;J0-1Q33_/ʄxV@zLX4ޅOpާa'Re}Ңm4(Uf^ |^>`+E|"EB)c kg1l["ۤ x5nN%3̍<%|+ԁ8Ta,z9R-`Gi q(aQjg߬p4㏪67`6IǦJ rs$$ _S)C4LxژUW"2en 0HYb*] PY3`"j $1vH•ǟFۄ \8^f4}xk^gJͥe!̕p-铀1Q)c.65P-f  =5& +>etD!LJF@B?&򀷩t`'(yb 쑻XHG]oh^uYk$3Y7k8ci4 w՘?j@}zOA~nAv;JL-wtOFcE:vbq`685-gɃqۙuM2ビj7Cy¹ޮAQ\6beB{7l,PlQUFւ37Նy|8_/S|[;~{9Wqzr[&P̄ۢQ4)U ?K_Bn dI,Ma_#7 {5f|/;Xa6LL,>c;noι]ƃʎ:)%ڇwht7UX:zy<}2Ħ^MﳛK%)n/\M?k͌"а ;4 ') mp-L*w!PUir|ܸ+})ںJI0CŹ4YͧdBd.Qqu;=H1<ô^V{y{}iR)5.xfvM)Y:F|;6c[!i1#oD Yl:z= F^ZiQЩ\H;J?N |F_wF ׭ouWu&҆AE,!<jׇ?EjU52TȖ/b`e} ɽ_o޸ ݶ*IBFA#W̮;/5)jF7=AH󶟳cFqJO |~~T:Yn1Fyi Vw@#h}Lћb3DPu %Ĵ4LR ? x׮0A`@)׺VP̹2m q}]&qH3}0F?I{j :]b]Dư십=Ss_z\=8/BQkʥG>7몫P`%ސrl"XBǒT3}tđ~M,Om)+~K@i^RhA(\hc# fƝ3.㨆z0ĭfӝ;AKjsMǔ+KfKҁ:(Q_4bg(`=U23 }r5F{<`uªT&@q,N(&lsISrM1f2^G.&PD#hu9 KODHh`]W/V)sʵh,e O̖e R5Di*a3+.={.r%T}YX:~@1MJ=[֘kvY@Q e#aߥ;-1i*;e Te'.P=qÂmnZ91 no[0Kp,J \\>p#<>7|UO>eyA}QlDi򣡏PR ߲5e6? h8 d2=^R0W? mن 0"U4oаz^3a)ϧ"D6ZXra#s_xɣa/@U0H]]zQb9Yܑos` 0z y4 y[Q 5|o`v%S@$A1H{]D$MVҺe1 IG82D["`x('Ns6#$~G64[$x6J"*y]$Ja@4u:0Tś>3+U8s_>0J0(*xE1o$#ڀ(č:1FӺ]_U0 jIG6JLS9SzPvjԻyQ;cKRn yNɿOF0ZQJKokn( TIzw9Ş$G µ1e8A$[{h %C:\' voۈ2޴^7qgty녠cU_Ճ4qz}4'h+ ]O.HpuOեGzjRlݮAMD /,5݂}"W7)[Z$`ydj`u}N/|?P#H Oh H*Nmwz'r]Coox!4ſuRə"A{ҧ@]h:rvwjW=Arߪ' A}.R\ ։M3by}`\w6}eʸ0]̠.^ i!ۆ8yVܖzVNh +|uh@C//Vg,g_0 x]N̗ /K3M =*pjZ6bW4 ^b|bMQp 0=~J`?fP7uA&3#Lg"V:B(zn8[JfRj)8|ЎwǓw)ȯY4]XD.IA +u< [:c`* F3b^َR<Ɍ;uY^>u_^yISR4w+Ν=48=405PRM=SIjv*C#Nh;Lh:f[:U^^/;LܟT9IFuPe#^тW"[6ov\Bӥ+J sA%nZ;]ݩTcWn\M F$Ah=! Uʈ7p9?\ٜo 昹*0G:ȱNOɋ8jdF3#+?upˆHUlQ bq ;؟6>/qϯ7Pv{Oć{%b :=ScIKDdY<7S鳐UÏ{;Izx17&)+Swy,/`Om y705OE+anf^Ohzg)rh%bq'$gsA ,o׼{=RPKuj`0Jhy9;mc}<${8w;Nbd(Vy,FWQl4N&&՟\z)gbG Pz0[,/,P9i[[zeDW7[uCܚG+ B!!/+A#l+}iH\!mu˄_ʷnXښ{o:Q$^Uw 5&,2ZdT'7m)SYZB&`[0hɮ Z(hWJQ]-;鬜FePS0(N~ Fo9 ڶ;,mS ix_ F5 jwtҦ[pumF[z9P9۔+lP*0&u|~6@9vL>&Wqte\z>-4|3(;2Q'Rk>kb6i`ЯR!~HOJU6O_s%CXڼMgY ;N󊒫UW\vJw^IkᕫRM}"P&زScn[N{ZF+'#vKdZL"!o4$:Mx8j+'gۦa)[)VBao ]Ym27_׵5)kIOuOqtչd5s :6P:^H̒`6׀jYWŬ )pl N[EFI& ȣrH7˸aBˉ.ԷS; h'r` w!!Ȭ*B>D^ZZ@XuU>Z9 =z>يY#B9pxZa4ĽN~1,׹e,;lv ". wis&S/H죻Q𔺖5Peoׂc%|l lV\s`LhZg '\H{ݤ!Ѩ TI(ҼV=_l (_{g}M(oQnP!%3{M<:Sk0ěD;X!\3鞫Aj}LJKFHl]st[߻ŝt"GfE3?KiU ACflGW\0t3p4 =?GD8@bek0R6༃ 1M"_lNsӬ"\o6p5@%`\տ=M0ۨ Y>Be#B:*И(^p73w{ ́?n & t^w"vkURƁ2 X%x0韾 SgeKuY_!L^yfM0N+^kpXMQsFE3ĚbH#v >2Qv>>8C-wH[5:w _o6K-=:?aq9H/'Y*s{U &Պ[rd@Yʖw3nIZ FL?t Ϻ..hyꈿ+(Au+ E ZL=PZw ɮq0Ż|V>ݐ6b|0¢OQ>nPΗ%BdMb_rGbc'==.ҕQu#s3CS 62'p qTF׉Fz Cz#rX\^(g2hu 267K\(2inl G~*-ZlTMZ~@1K^)YTo "ɰ]Wܐd%hC.)5E[QIg͒t>أSg}j cedo$@LaR8PڵSf!,JP[ j26Fg=>:myE`X聇a-c1TE1v}q xt _nM Q-!mŲ˘ጹoG.$W[U bGQI9m~՞ap(,ݖ= R\_H6a6iT|<&TV:P7vӉ>7`zRȳYUJh'/V"WҪŝR\d 8IVe*:ns/`2 !k4AV0hi,Sey ]cC@m7*TmIX7@&nE9́;E2`SW tot۽ odTdl[/T[+$5vV7̠l@&6-5E3uF eBZƠ8urt@4b">an8Id=S0kg/ݐ`@sW;aeŲVwlg=GRlT!ܤ>:":TuRԅ2/K|' ]Ū^ܠֱK:[?v3|SݤAδmģI;W+Q\K8Hb N<^72 橻XXnwiuHK""MtjuvPKuh؃UЃv^V_En yivIG]CV|2pJ7uuIa.~#"ń#SSkb~9?w%}s/@q.huaٜ EClfrOr{N|BT*#.{J9*fjnt X+ݲ n+j1$|&{Kz' tP+C]9ݝ֤ӯ&eSbSǒUR"xfIJx:&HnǍ_sJJn\-nr\L Ǵt3K#qIvHHXIٞm.1<$u ?]\c=(n@?/X^{c X4Hmb/h Kpxrhɀ)Z I,,#zL ^V@ƈZ1(>&Ւ]ۏZHͭu'sѪh7r@pr|2(._e2FS5,, 4cĕRG~k!qbRiw!{O%|򴰬Q6m8(^BEk fZ͕w)w޼<*@UJ#,~f rTS/BKm^* 美eohŘFm kh1 ;50>=9AʴNG,P$45|P<lЎ 9;z`;Brc X-դQ]6M+vExq:,#: "ޛ+Ώr{֎΄ Z|uS5nVHi2Qaka}9#.(Q¾!xhi>4 hgdC;0yl$1'5◴z"MW^=Iz;`eNHFYŋYiRhCn-.%l8;{X[ e&uP?ZҴκ}4AރxJ'MbŒp/-`=DXr8v&D;'̗+͙ȨE-C,B >Zƹgª|+w!:DnK8ucc™'*JPꢡQӬ_`sG(HjJt9 Bn#R@ )Lv*knGj<(B1Z,dAPƟ @sm- Z͎ͪpݴ /bT3ٜd1Vk^ 7Ċ`*?yY)H={R,V^o"ǜ[Y7 btQsJ|UCtV) g'(~M!:t:S1Msq0yBAJphG^a{3۩9#q1t~8@IhM.a kőm^X:ߐ;܂{I7x!\⟺ M^(镝ijBۧmg} ?%it'u|<㫤 0""aݥ#.-QTM0t7PO$ F4ԅ56 =YuP<=OZac|&M3G'M51sK9a_U+8Nm#k |1:nB+ߚ< Q͈Q{#Z01Uv)WhNJO:b"'m c V/+M x%XQ^L̂ѭO3.`v6.!%4>Y (;mW/YӖlXndiZʪh8%rL\AXa!o¦`d*1g>bsXt*ɻh(@wqIbKZ2[@MCGfNlVkS?֧TjޯPъSrec.[b G1=\Lި_'ZljsA`0AҨ|YP0Ն`+K_*679]Qw>tt$H@rCW Ǥ"j/ւSX趜>VvV_?>Uq'zt|gY8nW`Elƹ۲p OBҭCE F+q |/.ޝn]Еn=8`zfSXTT-QXO6w\(2@K)[39Ī+)ݜ^0+tn˵:ܑ.$鄧Vl2.j.d:\}xj#%rxj/sV;hY6eiPt28-Kj`v7c D}oAD f?%hJ3ZSE︁NmH=bZ;NfĬR#Fx:U`}tJ"A-fY ^~wҐU{Q%<Ռ:4'}.תOS"P :}eShRя+a\}Re7e}K'CsZ}M4ze-fm>6WbntÂɓ=. 7r>XvG2J__v59Z" 9)>-N HW,p]tb94l&$Fʱ LjM_Xs幅]g?e%.d1%{m PG=WT|qUpQ݊Yb5eg(CR_,#K%L{E&]U3G1L|0Nwji8T%Vhj1J .L;p 1IHzmi9 V\ >%buOyl*_ )Dtmhۓ(ަٔ e7"w?9FOKi*\ѡ\edQŗYCYI}Q|9P"3K,޸Uf U bw LFSd EjWO8a۴%8Vr4kY5wܸQQԀ4 w(Iṟ~`M6JVrjdbKT~_͌lT;`2-m XVͫ,/kse7jbs[ CcM^IEV0LI7?uiQ{'JuT~`)Gխ } T WW>>jke:9ߕot5j8aȆjC-PhK{SDHl ?#ms#gĕVi+*er!>Ķ()ܲ_V[S0)9lW̞3#Sv@ ,d*׍tGQ ,!5DyqJjM{T@)qa)ޚ1x1FcU2_IS\_X= ޽b{y:"x%4ΉBژ r^ F-˝ɮ-tI@g$};lT'|OE1$čKЈKrUZ9ߏtȄfkaifXACf G>el;j5+?m#CyAz1AЮlVˌyh/{Bhy8שׁ|lv}O&t.@wrWVdh:oVdG2~ue@oJ uk{Σ}23Gr_}UļH:b6*0m#W, ̃cW<|HtzYI2'dGJ]lC%;'&LS)Kʢ vA~P B'B4mNdc Ɇ6I0j.aZUwD@IOWS3ltOI W6A혬з{^mE~%D.|Vq;|wv||{ \YLPp8$aDhl5kͩ.;3jܝQ!v4:&g@:*YşVTx6y GlL.MA%>}"%C*RmfǠYV!Zs^]' ɣz6VcE(k+mfIufC"0CX,b, i2*= :xq~D#*MКK ̦2.Ed €i/R R<<Оf_oxiRz-9P#wΜM!dtk_[dO!"Ў}0Q)n JO d~XCQ-udGp_FNrp=OgVy}Bd$_|ؒ|c B˨J n @X96<`a l,-Vh=z:]M4a,(_]_=Wo/9c#oLC*(Z6$][0;#N1#Nv  GfL|qX%rK䤌tꚛ(>,J,LIRj(mI !2d`dr8’&챎#|2=pK* O"KŖ9"HW@2uK*R@92`5$ a}HBK3d4o/y0j,w˕}{wZp~ܴx2;0aӒTTU}\;ɦ?5!?ĵ6;4)lX5a )j'OnFmɿkV0߰euH{xC3ҢH-Apzg'-<4sIFP/\R݂gJ%+`{}*X{)B(0"U XE(}r'B p%?ylcZH}`ydw1ba'X=86y*1ŮЦ l%3ǫ5|<]=Z9z':9Ek0i!!o=Æ(禎b|MtD a$$~|GE[AGi$srIId ]1bKO`wjy * fE# ۽-VFLiܿ4j֮ɥԻW{5@6csjx qaRTUB~zF-D@3#?sI"|yO O}Ix%Z}[75z#`bI`i[ :{?Ԇp/7Q5r/M~ K [@T9(k cAI %6v"}@ntCN%ѫw)Y"UEp$O3&[~}PmǻٖsXҠCXS~Y8;J8Y kJnt#1s~A8ô-4n)~nR}>i-qJNgQрTKھr3p͔Op̘mIٚL__]cob?wLr͜7p{,8n}{FdڶZӣ~W|5/'A+WN 8"75SjC$m{7gRE5~TDz`3Sϣ(̏nI|?i9* 'V|Z&.,>(}Cz>H#%bo]^\ojIv $[aKeq|;`-mOܷg . c_>< A3ơQ sC8YEfnGfbtW0Gjv?㇥CMӑ\DD_z]4*p*jP` ~(KrxH0pD?%m]Tڿjw+=`y:w*G jմ@mJyk#res!tBEc`X0> Rbv.S5z6w 9ލ*GLWa-}c0~ l_m0F ㍇(j?Khw>[0;m?/ ?<+_m\Xrcm}A9݃7Ðy$a9b{ }tB<3 fԮ{uK( iY=OHYyzDIcj k;ɡ_˶\rH1pܕ+Vib;|_)z^b[y^|TC"kJ{_PX7Vzlق*–Fy=:"++…اg:d]ՠoCCřRn/6V^9B=kFpGQCҌ[`?EJ@],LrKiHt_D ! I+CMo6vYezC!Ҳ\F\\w 2`_qfy a.rJfRQ/^qI.A G{M[S&a|UaU-rnюP t<ԕ҉ m>SQ པpO9gp"%McrG V1xOI@fzXbRZW]S [CyFxl\̱V9g ]}k:c%,`O9&P6'zC.083()Λ|'0OU+ʀ7O8ԣxu pk_ԵEH%A ti zY&{%pm""(@6i}Y)f|nσ`2sf5KiEa҇DZhH~.#Ly FfEB4>>8u!FQROZz- nF]3b0 >4#&5IQy+*K:GWSa|Ϣ'\V-- X3G{čHu$9^ǡ9(qYˡ=hpēY ) B7+, uw03/m' &T"kŸ!%3W=WKʀw!N$U^2Kn"@H`3Cf%kZAG-l~bDZm /E:Ce  R.QV _ȖA |[T"9> km |emȄ::͵ݍƯ]GMJ=\!z>982j"÷~-je'$_th+{`L|!Z"2z9S dZ*x[Q|o(ũQ;Mu? Z;NG]x;Z&nq bQ"7J<^)x$sK`(L qȧaW/(>*wmA:W ?^8FM3`z[,Nڕ ToH)e~'Ez/ ]Re@SsyqsjݭJF o#;vr^ Uj$O;38Һ`G^'ƃͬ !Zw WYӬ+8LYUpeF>e_e@rfd*Y*vbk% sTRKKux:eXPפ~n[=OȦ!Zk c!VP3^iu+j4@rޅ6:+ia߹E(E\a9\y DE%ޯay aD.S+8V\ 0mV}k $$yQdH!j_j*n \ι k2y "c*֓F=6r#xW_7,etþwQޠjvFD+jƄ o +`95Ρhrp#@ ]@Β+UI5SWXhXBȄ;E W)/HJm{z|0sE8=Q+yq(G%f ;roNz2܆ejNΜRœXJ#e0lѤ!-/&]b}쌇;d9S6r:BA(2 G$!$m$ %X=KTW*#GQin;1?'5qu*\"K"2U`vYJ3BzycK J|"p+\MyMl~ *8h?T߽W`HkV Ew-@boYzȧAoC[)Er,,s8 zNa}_)<ϥo7}r&nդW;`VEF[0o I,wAHn 9lW)qn wp|ᯀ.>sx̭ݳӺÃD46hأ`ЗMvʼ؁7 "애 uݶ<9Rj}Ɗs^H`l?oƻt.IQU#!%GM =&[ڟsEeNz5kWk*ri3dac u‹YF뛲I3$r /pPd-Q3DU;ҝ _vbr; #.1_ܹ0]bnժhqbul Y|G'ϹM_ѤNmJ[9v(v.e3L] Diw<-zsǵpEMgi6SrwUUMbP/