libbotan-2-19-2.19.5-bp156.3.6.1<>,Nlg!I%z cHeJ6a6Kx o5KQ,Jf:R j=Z'3T@Z7Oh_%΍%-)+&AɛN_I2afpa/T͓w73aT8X>@ؐ?؀d # 848HLen{     * DLV`///( /8 8+9 +:+>ԋ@ԚFԩGHIXY\ ]^;bGcd֕e֚f֝l֟uִvּwhxpyx*z 04:|Clibbotan-2-192.19.5bp156.3.6.1A C++ Crypto LibraryBotan is a C++ library that provides support for many common cryptographic operations, including encryption, authentication, and X.509v3 certificates and CRLs. A wide variety of algorithms is supported, including RSA, DSA, DES, AES, MD5, and SHA-1.g!obs-power9-17o SUSE Linux Enterprise 15openSUSEBSD-2-Clausehttp://bugs.opensuse.orgSystem/Librarieshttps://botan.randombit.netlinuxppc64leo g!Hg!Paccaf9ab7804c7227f7b5f55f48eff7bfbb538b46777d1f17677eec4ee2e8466libbotan-2.so.19.19.5rootrootrootrootBotan-2.19.5-bp156.3.6.1.src.rpmlibbotan-2-19libbotan-2-19(ppc-64)libbotan-2.so.19()(64bit)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /sbin/ldconfig/sbin/ldconfigld64.so.2()(64bit)ld64.so.2(GLIBC_2.22)(64bit)libbz2.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libgcc_s.so.1(GCC_4.2.0)(64bit)libgomp.so.1()(64bit)libgomp.so.1(GOMP_4.0)(64bit)libgomp.so.1(OMP_1.0)(64bit)liblzma.so.5()(64bit)liblzma.so.5(XZ_5.0)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.17)(64bit)libm.so.6(GLIBC_2.29)(64bit)libsqlite3.so.0()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.11)(64bit)libstdc++.so.6(CXXABI_1.3.2)(64bit)libstdc++.so.6(CXXABI_1.3.3)(64bit)libstdc++.so.6(CXXABI_1.3.5)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.11)(64bit)libstdc++.so.6(GLIBCXX_3.4.14)(64bit)libstdc++.so.6(GLIBCXX_3.4.15)(64bit)libstdc++.so.6(GLIBCXX_3.4.17)(64bit)libstdc++.so.6(GLIBCXX_3.4.18)(64bit)libstdc++.so.6(GLIBCXX_3.4.19)(64bit)libstdc++.so.6(GLIBCXX_3.4.20)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)libstdc++.so.6(GLIBCXX_3.4.22)(64bit)libstdc++.so.6(GLIBCXX_3.4.30)(64bit)libstdc++.so.6(GLIBCXX_3.4.9)(64bit)libtspi.so.1()(64bit)libz.so.1()(64bit)libz.so.1(ZLIB_1.2.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3g@f@cv"@b@aC@a)@` @`y|@_1@_u@_@_ _9^\N\73[`O@[DZJ@Z̧@ZlZZ$ZZZ0@Z|;ZWQZS]@Y@Y@YA@YéXX@Xc@X(UW5VV{@U@UUAngel Yankov Angel Yankov Jason Sikes Dirk Müller Andreas Stieger Dirk Müller Andreas Stieger Ferdinand Thiessen Andreas Stieger Andreas Stieger Andreas Stieger Pedro Monreal Dirk Mueller Paolo Stivanin Daniel Molkentin Daniel Molkentin daniel.molkentin@suse.comdaniel.molkentin@suse.comkasimir_@outlook.dedaniel.molkentin@suse.comdaniel.molkentin@suse.comsleep_walker@opensuse.orgsleep_walker@opensuse.orgadam.majer@suse.deadam.majer@suse.desleep_walker@opensuse.orgsleep_walker@opensuse.orgi@marguerite.sui@marguerite.sumimi.vx@gmail.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comvcizek@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.compth@suse.denetsroth@opensuse.orgfaure@kde.orgmichael@stroeder.commpluskal@suse.commvyskocil@opensuse.orgnetsroth@opensuse.orgliujianfeng1994@gmail.com- Fix CVE-2024-50382, CVE-2024-50383 - compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan * Added Botan-CVE-2024-50382.patch- Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - bsc#1227238 * CVE-2024-34703 - bsc#1227607 * CVE-2024-39312 - bsc#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14- Update to 2.19.3: * validate that an embedded certificate was issued by the end-entity issuing certificate authority when checking OCSP responses. * CVE-2022-43705 * bsc#1205509- update to 2.19.2: * Add support for parallel computation in Argon2 * Add SSSE3 implementation of Argon2 * The OpenSSL provider was incompatible with OpenSSL 3.0. It has been removed * Avoid using reserve in secure_vector appending, which caused a performance problem * Fix TLS::Text_Policy behavior when X25519 is disabled at build time * Fix several warnings from Clang- update to 2.19.1: * Add a forward error correction code compatible with the zfec library- update to 2.18.2: * Avoid using short exponents when encrypting in ElGamal, as some PGP implementations generate keys with parameters that are weak when short exponents are used CVE-2021-40529 boo#1190244 * Fix a low risk OAEP decryption side channel * Work around a miscompilation of SHA-3 caused by a bug in Clang 12 and XCode 13 * Remove support in OpenSSL provider for algorithms which are disabled by default in OpenSSL 3.0 * Add CI based on GitHub actions to replace Travis CI * Fix the online OCSP test, as the certificate involved had expired. * Fix some test failures induced by the expiration of the trust root "DST Root CA X3"- Botan 2.18.1: * Fix a build regression in 2.18.0 which caused linker flags which contain -l within them (such as -fuse-linker-plugin) to be misinterpreted * Fix a bug which caused decoding a certificate which contained more than one name in a single RDN * Fix a bug which caused OID lookup failures when run in a locale which uses thousands separators (pt_BR was reported as having this issue) * DNS names in name constraints were compared with case sensitivity, which could cause valid certificates to be rejected * X.509 name constraint extensions were rejected if non-critical. RFC 5280 requires conforming CAs issue such extensions as critical, but not all certificates are compliant, and all other known implementations do not require this * X.509 name constraints were incorrectly applied to the certificate which included the constraint - build with lzma compression support - build with SQLite support - build with TPM support - fix SLE 12 build- Botan 2.18.0 * Add support for implementing custom RNG objects through the FFI interface * Improve safegcd bounds, improving runtime performance * Reject non-TLS messages as quickly as possible without waiting for a full record. * Fixes for TLS::Stream::async_shutdown - Removed unneeded GNU MP build requirement, support was dropped with version 1.11.10 - Enabled check target, verify integrity of build library- Botan 2.17.3: * Harden against side-channels from decoding secret values by changing the base64, base58, base32, and hex encoding and decoding opearations to run in constant time- Botan 2.17.2: * Fix build problem on ppc64 * Resolve an issue in the modular square root algorithm- Botan 2.17.1: * Fix bugs in ECDSA signature generation and verifications under specific circumstances * developer visible changes, including deprecation with warnings * optimization in the non-hardware assisted AES key generation * Add more detection logic for AVX-512 features * Fix a bug parsing deeply nested cipher names * Prevent requesting DER encoding of signatures when the algorithm did not support it- Update to 2.16.0: * Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG) use an internal lock, which allows safe concurrent use. This however is purely a precaution in case of accidental sharing of such RNG objects; for performance reasons it is always preferable to use a RNG per thread if a userspace RNG is needed. * DL_Group and EC_Group objects now track if they were created from a known trusted group (such as P-256 or an IPsec DH parameter). If so, then verification tests can be relaxed, as compared to parameters which may have been maliciously constructed in order to pass primality checks. * RandomNumberGenerator::add_entropy_T assumed its input was a POD type but did not verify this. * Support OCSP responders that live on a non-standard port. * Add support for Solaris sandbox. * Support suffixes on release numbers for alpha/beta releases. * Fix a bug in EAX which allowed requesting a 0 length tag, which had the effect of using a full length tag. Instead omit the length field, or request the full tag length explicitly. * Fix a memory leak in GCM where if passed an unsuitable block cipher (eg not 128 bit) it would throw an exception and leak the cipher object.- update to 2.15: Fix a bug where the name constraint extension did not constrain the alternative DN field which can be included in a subject alternative name. This would allow a corrupted sub-CA which was otherwise constrained by a name constraint to issue a certificate with a prohibited DN. Fix a bug in the TLS server during client authentication where where if a (disabled by default) static RSA ciphersuite was selected, then no certificate request would be sent. This would have an equivalent effect to a client which simply replied with an empty Certificate message. (GH #2367) Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As a result AES is now constant time on all processors. (GH #2346 #2348 #2353 [#2329] #2355) In TLS, enforce that the key usage given in the server certificate allows the operation being performed in the ciphersuite. (GH #2367) In X.509 certificates, verify that the algorithm parameters are the expected NULL or empty. (GH #2367) Change the HMAC key schedule to attempt to reduce the information leaked from the key schedule with regards to the length of the key, as this is at times (as for example in PBKDF2) sensitive information. (GH #2362) Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The previous RDRAND_RNG interface is deprecated. (GH #2352) The documentation claimed that mlocked pages were created with a guard page both before and after. However only a trailing guard page was used. Add a leading guard page. (GH #2334) Add support for generating and verifying DER-encoded ECDSA signatures in the C and Python interfaces. (GH #2357 #2356) Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH [#2322]) When building documentation using Sphinx avoid parallel builds with version 3.0 due to a bug in that version (GH #2326 #2324) Fix a memory leak in the CommonCrypto block cipher calls (GH #2371) Fix a flaky test that would occasionally fail when running the tests with a large number of threads. (GH #2325 #2197) Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be removed in a future major release.- Update to Botan 2.14: * Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247) * Optimize the vector permute AES implementation, especially improving performance on ARMv7, Aarch64, and POWER. (GH #2243) * Use a new algorithm for modular inversions which is both faster and more resistant to side channel attacks. (GH #2287 #2296 #2301) * Address an issue in CBC padding which would leak the length of the plaintext which was being padded. Unpadding during decryption was not affected. * Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295) * Increase the size of the ECC blinding mask and scale it based on the size of the group order. (GH #880 #893 #2308) * Add server side support for the TLS asio wrapper. (GH #2229) * Add support for using Windows certificate store on MinGW (GH #2280) * Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter. * Add Roughtime client (GH #2143 #1842) * Add support for XMSS X.509 certificates (GH #2172) * Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213) * Add AVX2 implementation of SHACAL2 (GH #2196) * Support more functionality for X.509 in the Python API (GH #2165) * Add generic CPU target useful when building for some new or unusual platform. * Disable MD5 in BSI or NIST modes (GH #2188) * Many currently public headers are being deprecated. If any such header is included by an application, a warning is issued at compile time. Headers issuing this warning will be made internal in a future major release. * RSA signature performance improvements (GH #2068 #2070) * Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and ChaCha20Poly1305 (GH #2117), especially for small messages. * Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100) * Improve performance of POWER8 AES instructions (GH #2096) * Add support for the POWER9 hardware random number generator (GH #2026) * Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022) * In DTLS server, support a client crashing and then reconnecting from the same source port, as described in RFC 6347 sec 4.2.8 (GH #2029) * Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042) * Add support for the TLS v1.3 downgrade indicator. (GH #2027) * Add Argon2 PBKDF and password hash (GH #459 #1981 #1987) * Add Bcrypt-PBKDF (GH #1990) * Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999) * Add support for the TLS v1.3 supported_versions extension. (GH #1976) * Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000) * Add support for OCSP stapling on server side. (GH #1703 #1967) * Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992) * Add a certificate store for Linux/Unix systems. (GH #1885 #1936) * Various Fixes- Update to Botan 2.10 * Bump SONAME * Warning: XMSS currently implements draft-06 which is not compatible with the final RFC 8391 specification. A PR is open to fix this, however it will break all current uses of XMSS. If you are currently using XMSS please comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR will be merged and support for draft-06 will be removed starting in 2.11. * Added a new certificate store implementation that can access the MacOS keychain certificate store. (GH #1830) * Redesigned Memory_Pool class, which services allocations out of a set of pages locked into memory (using mlock/VirtualLock). It is now faster and with improved exploit mitigations. (GH #1800) * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by 25-35% on common CPUs. (GH #1815) * Unroll SHA-3 computation improving performance by 10-12% (GH #1838) * Add a Thread_Pool class. It is now possible to run the tests in multiple threads with --test-threads=N flag to select the number of threads to use. Use --test-threads=0 to run with as many CPU cores as are available on the current system. The default remains single threaded. (GH #1819) * XMSS signatures now uses a global thread pool instead of spawning new threads for each usage. This improves signature generation performance by between 10% and 60% depending on architecture and core count. (GH #1864) * Some functions related to encoding and decoding BigInts have been deprecated. (GH #1817) * Binary encoding and decoding of BigInts has been optimized by performing word-size operations when possible. (GH #1817) * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to make its meaning and usage more clear. The old name remains as a typedef. (GH #1816) * Support for using Boost filesystem and MSVC’s std::filesystem have been removed, since already POSIX and Win32 versions had to be maintained for portability. (GH #1814) * Newly generated McEliece and XMSS keys now default to being encrypted using SIV mode, support for which was added in 2.8.0. Previously GCM was used by default for these algorithms. * Use arc4random on Android systems (GH #1851) * Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854) * Add a facility for sandboxing the command line util. Currently FreeBSD (Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808) * Use if constexpr when available. * Disable building shared libs on iOS as it was broken and it is not clear shared libraries are ever useful on iOS (GH #1865) * Renamed the darwin build target to macos. This should not cause any user-visible change. (GH #1866) * Add support for using sccache to cache the Windows CI build (GH #1807) * Add --extra-cxxflags option which allows adding compilation flags without overriding the default set. (GH #1826) * Add --format= option to the hash cli which allows formatting the output as base64 or base58, default output remains hex. * Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH #1848) * Enable getentropy by default on macOS (GH #1862) * Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is already the default with recent versions of GCC. * Fix XLC sanitizer flags. * Rename Blake2b class to BLAKE2b to match the official name. There is a typedef for compat. * Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would lead to a crash. (GH #1850) * Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832) * Extended SHAKE-128 cipher to support any key between 1 and 160 bytes, instead of only multiples of 8 bytes. * Minor HMAC optimizations. * Build fixes for GNU/Hurd. * Fix a bug that prevented generating or verifying Ed25519 signatures in the CLI (GH #1828 #1829) * Fix a compilation error when building the amalgamation outside of the original source directory when AVX2 was enabled. (GH #1812) * Fix a crash when creating the amalgamation if a header file was edited on Windows but then the amalgamation was built on Linux (GH #1763)- Update to Botan 2.9 * Bump SONAME * CVE-2018-20187 Address a side channel during ECC key generation, which used an unblinded Montgomery ladder. As a result, a timing attack can reveal information about the high bits of the secret key. * Fix bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version (GH #1711 #1709 #1708) * Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data was set after starting a message, the new AD was not reflected in the produced tag. Now with these modes setting an AD after beginning a message throws an exception. * Use a smaller sieve which improves performance of prime generation. * Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256 GB. (GH #1728) * Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729) * Optimize AVX2 ChaCha (GH #1730) * Many more operations in BigInt, ECC and RSA code paths are either fully const time or avoid problematic branches that could potentially be exploited in a side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765 [#1770] #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797) * Several optimizations for BigInt and ECC, improving ECDSA performance by as much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788) * Support recovering an ECDSA public key from a message/signature pair (GH #664 [#1784]) * Add base58 encoding/decoding functions (GH #1783) * In the command line interface, add support for reading passphrases from the terminal with echo disabled (GH #1756) * Add CT::Mask type to simplify const-time programming (GH #1751) * Add new configure options --disable-bmi2, --disable-rdrand, and - -disable-rdseed to prevent use of those instruction sets. * Add error_type and error_code functions to Exception type (GH #1744) * Now on POSIX systems posix_memalign is used instead of mmap for allocating the page-locked memory pool. This avoids issues with fork. (GH #602 #1798) * When available, use RDRAND to generate the additional data in Stateful_RNG::randomize_with_ts_input * Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties. * Support for Visual C++ 2013 has been removed (GH #1557 #1697) * Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL before 1.1.0 (GH #1698) * Resolve a memory leak using ECDH via OpenSSL (GH #1767) * Fix an error in XTS which prohibited encrypting values which were exactly the same length as the underlying block size. Messages of this size are allowed by the standard and other XTS implementations. (GH #1706) * Resolve a bug in TSS which resulted in it using an incorrect length field in the shares. Now the correct length is encoded, but either correct or buggy lengths are accepted when decoding. (GH #1722) * Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH [#1755]) * Add CLI utils for threshold secret splitting. (GH #1722) * Fix a bug introduced in 2.8.0 that caused compilation failure if using a single amalgamation file with AVX2 enabled. (GH #1700) * Add an explicit OS target for Emscripten and improve support for it. (GH #1702) * Fix small issues when building for QNX * Switch the Travis CI build to using Ubuntu 16.04 (GH #1767) * Add options to configure.py to disable generation of pkg-config file, and (for systems where pkg-config support defaults to off, like Windows), to enable generating it. (GH #1268) * Modify configure.py to accept empty lists or trailing/extra commas. (GH #1705) - Update to Botan 2.8 * Add support for using Apple CommonCrypto library for hashing (GH #1667), cipher modes (GH #1674) and block ciphers (GH #1673). * Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default TLS policy. In addition, support for negotiating TLS ciphersuites using CBC or CCM mode is disabled by default. Applications which need to interop with old peers must enable these in their TLS policy object. (GH #1651) * During primality testing, use a Lucas test in addition to Miller-Rabin. It is possible to construct a composite integer which passes n Miller-Rabin tests with probability (1/4)^n. So for a incautious verifier using a small number of tests (under 16 or so) it is possible if unlikely they would accept such a composite as prime. Adding a Lucas test precludes such an attack. (GH #1636) * Add XChaCha and XChaCha20Poly1305 (GH #1640) * Add AVX2 implementations of ChaCha (GH #1662) and Serpent (GH #1660) * Add a new password hashing interface in pwdhash.h (GH #1670) * C binding improvements. Added functions to get name and supported keylengths of cipher, hash and MAC objects, support for FE1 format preserving encryption (GH #1625 #1646), functions to load and save RSA keys in PKCS #1 format (GH #1621), HOTP and TOTP algorithms, scrypt, certificate verification (GH #1647), functions to get the output length of public key operations (GH #1642), and functions for loading and serializing X25519 keys (GH #1681) * Support for building with BOTAN_MP_WORD_BITS set to 8 or 16 has been removed. * Previously SM2 had two distinct key types, one for signatures and another for encryption. They have now been merged into a single key type since in practice it seems the same key is at times used for both operations. (GH [#1637]) * The Cipher_Mode class now derives from SymmetricAlgorithm (GH #1639) * Add support for using the ARMv8 instructions for SM4 encryption (GH #1622) * The entropy source using SecRandomCopyBytes has been removed as it was redundant with other entropy sources (GH #1668) * The Python module has much better error checking and reporting, and offers new functionality such as scrypt, MPI and FPE. (GH #1643 #1646) * Fixed a bug that caused CCM to fail with an exception when used with L=8 (GH #1631 #1632) * The default bcrypt work factor has been increased from 10 to 12. * The default algorithm used in passhash9 has changed from SHA-256 to SHA-512, and the default work factor increased from 10 to 15. * In ECC private keys, include the public key data for compatibility with GnuTLS (GH #1634 #1635) * Add support for using Linux getrandom syscall to access the system PRNG. This is disabled by default, use --with-os-feature=getrandom to enable. * It is now possible to encrypt private keys using SIV mode. * The FFI function botan_privkey_load now ignores its rng argument. * Resolve a problem when building under Visual C++ 15.8 (GH #1624) * Fix a bug in XSalsa20 (192-bit Salsa nonces) where if set_iv was called twice without calling set_key, the resulting encryption was incorrect. (GH [#1640]) * Handle an error seen when verifying invalid ECDSA signatures using LibreSSL on non x86-64 platforms (GH #1627 #1628) * Fix bugs in PKCS7 and X9.23 CBC padding schemes, which would ignore the first byte in the event the padding took up the entire block. (GH #1690) * Correct bugs which would cause CFB, OCB, and GCM modes to crash when they were used in an unkeyed state. (GH #1639) * Optimizations for SM4 and Poly1305 * Avoid a cache side channel in the AES key schedule * Add pk_encrypt and pk_decrypt CLI operations * Now asn1print CLI defaults to printing context-specific fields. * Use codec_base for Base64, which matches how Base32 is implemented (GH #1597) * The cast module has been split up into cast128 and cast256 (GH #1685) * When building under Visual C++ 2013, the user must acknowledge the upcoming removal of support using the configure.py flag --ack-vc2013-deprecated (GH [#1557])- Fix version in baselibs.conf- Update to Botan 2.7 * CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH [#1604]) * Avoid a side channel in RSA key generation due to use of a non-constant time gcd algorithm. (GH #1542 #1556) * Optimize prime generation, especially improving RSA key generation. (GH [#1542]) * Make Karatsuba multiplication, Montgomery field operations, Barrett reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609 [#1610]) * Optimizations for elliptic curve operations especially improving reductions and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550) * Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by ~25%. (GH #1564) * Unroll Montgomery reduction for specific sizes (GH #1603) * Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and GOST by 10-15%. * XMSS optimizations (GH #1583 #1585) * Fix an error that meant XMSS would only sign half as many signatures as is allowed (GH #1582) * Add support for base32 encoding/decoding (GH #1541) * Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584) * Allow the year to be up to 2200 in ASN.1 time objects. Previously this was limited to 2100. (GH #1536) * Add support for Scrypt password hashing (GH #1570) * Add support for using Scrypt for private key encryption (GH #1574) * Optimizations for DES/3DES, approx 50% faster when used in certain modes such as CBC decrypt or CTR. * XMSS signature verification did not check that the signature was of the expected length which could lead to a crash. (GH #1537) * The bcrypt variants 2b and 2y are now supported. * Support for 192-bit Suite B TLS profile is now implemented, as the 128-bit Suite B is since 2015 not allowed anymore. * Previously botan allowed GCM to be used with an empty nonce, which is not allowed by the specification. Now such nonces are rejected. * Avoid problems on Windows when compiling in Unicode mode (GH #1615 #1616) * Previously for ASN.1 encoded signatures (eg ECDSA) Botan would accept any valid BER encoding. Now only the single valid DER encoding is accepted. * Correct an error that could in rare cases cause an internal error exception when doing computations with the P-224 curve. * Optimizations to reduce allocations/copies during DER encoding and BER decoding (GH #1571 #1572 #1600) * Botan generates X.509 subject key IDs by hashing the public key with whatever hash function is being used to sign the certificate. However especially for SHA-512 this caused SKIDs that were far longer than necessary. Now all SKIDs are truncated to 192 bits. * In the test suite use mkstemp to create temporary files instead of creating them in the current working directory. (GH #1533 #1530) * It is now possible to safely override CXX when invoking make in addition to when configure.py is run. (GH #1579) * OIDs for Camellia and SM4 in CBC and GCM mode are now defined, making it possible to use this algorithms for private key encryption. * Avoid creating symlinks to the shared object on OpenBSD (#1535) * The factor command runs much faster on larger inputs now. * Support for Windows Phone/UWP was deprecated starting in 2.5. This deprecation has been reversed as it seems UWP is still actively used. (GH [#1586] #1587) * Support for Visual C++ 2013 is deprecated, and will be removed in Jan 2019. * Added support for GCC’s –sysroot option to configure.py for cross-compiling.- fixed to build on armv6 and armv7- Update to Botan 2.6 * CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a malformed ciphertext cause the decryptor to read and HMAC an additional 64K bytes of data which is not part of the record. This could cause a crash if the read went into unmapped memory. No information leak or out of bounds write occurs. * Add support for OAEP labels (GH #1508) * RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster. * Add exponent blinding to RSA (GH #1523) * Add Cipher_Mode::create and AEAD_Mode::create (GH #1527) * Fix bug in TLS server introduced in 2.5 which caused connection to fail if the client offered any signature algorithm not known to the server (for example RSA/SHA-224). * Fix a bug in inline asm that would with GCC 7.3 cause incorrect computations and an infinite loop during the tests. (GH #1524 #1529)- Update to Botan 2.5 * Fix error in certificate wildcard matching (CVE-2018-9127), where a wildcard cert for b*.example.com would be accepted as a match for any host with name *b*.example.com (GH #1519) * Add support for RSA-PSS signatures in TLS (GH #1285) * Ed25519 certificates are now supported (GH #1501) * Many optimizations in ECC operations. ECDSA signatures are 8-10 times faster. ECDSA verification is about twice as fast. ECDH key agreement is 3-4 times faster. (GH #1457 #1478) * Implement product scanning Montgomery reduction, which improves Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH [#1472]) * DSA signing and verification performance has improved by 30-50%. * Add a new Credentials_Manager callback that specifies which CAs the server has indicated it trusts (GH #1395 fixing #1261) * Add new TLS::Callbacks methods that allow creating or removing extensions, as well as examining extensions sent by the peer (GH #1394 #1186) * Add new TLS::Callbacks methods that allow an application to negotiate use of custom elliptic curves. (GH #1448) * Add ability to create custom elliptic curves (GH #1441 #1444) * Add support for POWER8 AES instructions (GH #1459 #1393 #1206) * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502 [#986]) * The default encoding of ECC public keys has changed from compressed to uncompressed point representation. This improves compatability with some common software packages including Golang’s standard library. (GH #1480 [#1483]) * It is now possible to create DNs with custom components. (GH #1490 #1492) * It is now possible to specify the serial number of created certificates, instead of using the default 128-bit random integer. (GH #1489 #1491) * Change DL_Group and EC_Group to store their data as shared_ptr for fast copying. Also both classes precompute additional useful values (eg for modular reductions). (GH #1435 #1454) * Make it possible for PKCS10 requests to include custom extensions. This also makes it possible to use muliple SubjectAlternativeNames of a single type in a request, which was previously not possible. (GH #1429 #1428) * Add new optimized interface for FE1 format preserving encryption. By caching a number of values computed in the course of the FPE calculation, it provides a 6-7x speedup versus the old API. (GH #1469) * Add DSA and ElGamal keygen functions to FFI (#1426) * Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402) * Fix a memory leak in the OpenSSL block cipher integration, introduced in * 2.2.0 * Use an improved algorithm for generating safe primes which is several tens of times faster. Also, fix a bug in the prime sieving algorithm which caused standard prime generation (like for RSA keys) to be slower than necessary. (GH #1413 #1411) * Correct the return value of PK_Encryptor::maximum_input_size which reported a much too small value (GH #1410) * Remove use of CPU specific optimization flags, instead the user should set these via CXXFLAGS if desired. (GH #1392) * Resolve an issue that would cause a crash in the tests if they were run on a machine without SSE2/NEON/VMX instructions. (GH #1495) * The Python module now tries to load DLLs from a list of names and uses the first one which successfully loads and indicates it supports the desired API level. (GH #1497) * Various minor optimizations for SHA-3 (GH #1433 #1434) * The output of botan --help has been improved (GH #1387) * Add --der-format flag to command line utils, making it possible verify DSA/ECDSA signatures generated by OpenSSL command line (GH #1409) * Add support for --library-suffix option to configure.py (GH #1405 #1404) * Use feature flags to enable/disable system specific code (GH #1378) * Add --msvc-runtime option to allow using static runtime (GH #1499 #210) * Add –enable-sanitizers= option to allow specifying which sanitizers to enable. The existing --with-sanitizers option just enables some default set which is known to work with the minimum required compiler versions. * Use either rst2man or rst2man.py for generating man page as distributions differ on where this program is installed (GH #1516) * The threefish module has been renamed threefish_512 since that is the algorithm it provides. (GH #1477) * The Perl XS based wrapper has been removed, as it was unmaintained and broken. (GH #1412) * The sqlite3 encryption patch under contrib has been removed. It is still maintained by the original author at https://github.com/OlivierJG/botansqlite3- drop explicit package requirements - split binary package and documentation from dynamic library package and make documentation package noarch - merge back Botan2 package to Botan with changelog history - drop Botan patches aarch64-support.patch - doesn't seem to be required anymore Botan-fix_install_paths.patch - doesn't seem to be required no-cpuid-header.patch - SLE11 not target anymore Botan-fix_pkgconfig.patch - this seem to be wrong Botan-no-buildtime.patch - not needed anymore dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there Botan-inttypes.patch - not required Botan-ull_constants.patch.bz2 - no reason anymore- change group of libbotan-%{version_suffix} to 'System/Libraries' as requested on review- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just need the Update repository present.- Rename libbotan-devel to libbotan2-devel. We can't have clashing packages in the archive because Botan1 and Botan2 provide the same -devel binary. Botan2 is also no API compatible with Botan.- fix expected version after bump in baselibs.conf too- fix unknown flag -fstack-clash-protection for openSUSE 42.3 - rename to Botan2 - drop Botan2-INT_MAX.patch as not needed anymore - Bump to libbotan 2.4 Changes and new features: * Several build improvements requested by downstream packagers, including the ability to disable building the static library. All makefile constructs that were specific to nmake or GNU make have been eliminated, thus the option ``--makefile-style`` which was previously used to select the makefile type has also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346) * Support for negotiating the DH group as specified in RFC 7919 is now available in TLS (GH #1263) * Support for ARIA-GCM ciphersuites are now available in TLS. They are disabled by default. (GH #1284) * Add support for generating and verifying X.509 objects (certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and [#1368]) * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) * OCSP requests made during certificate verification had the potential to hang forever. Now the sockets are non-blocking and a timeout is enforced. (GH #1360 fixing GH #1326) * Add ``Public_Key::fingerprint_public`` which allows fingerprinting the public key. The previously available ``Private_Key::fingerprint`` is deprecated, now ``Private_Key::fingerprint_private`` should be used if this is required. (GH #1357) * ECC certificates generated by Botan used an invalid encoding for the parameters field, which was rejected by some certificate validation libraries notably BouncyCastle. (GH #1367) * Loading an ECC key which used OID encoding for the domain parameters, then saving it, would result in a key using the explicit parameters encoding. Now the OID encoding is retained. (GH #1365) * Correct various problems in certificate path validation that arose when multiple paths could be constructed leading to a trusted root but due to other constraints only some of them validated. (GH [#1363]) * It is now possible for certificate validation to return warning indicators, such as that the distinguished name is not within allowed limits or that a certificate with a negative serial number was observed. (GH #1363 #1359) * XMSS signatures now are multi-threaded for improved performance (GH #1267) * Fix a bug that caused the TLS peer cert list to be empty on a resumed session. (GH #1303 #1342) * Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows using a DH key exchange in TLS with a group greater than 4096 bits. (GH #1316) * Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. Found with tlsfuzzer. (GH #1316) * Fix several bugs related to sending the wrong TLS alert type in various error scenarios, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various TLS test tools which expect the underlying protocol to be HTTP. (GH #1315) * Add an interface for generic PSK data stores, as well as an implementation which encrypts stored values with AES key wrapping. (GH #1302) * Optimize GCM mode on systems both with and without carryless multiply support. This includes a new base case implementation (still constant time), a new SSSE3 implementation for systems with SSSE3 but not clmul, and better algorithms for systems with clmul and pmull. (GH #1253 #1263) * Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b, Blowfish, Twofish, CAST-128, and CRC24 (GH #1281) * Salsa20 now supports the seek operation. * Add ``EC_Group::known_named_groups`` (GH #1339) * Symmetric algorithms (block ciphers, stream ciphers, MACs) now verify that a key was set before accepting data. Previously attempting to use an unkeyed object would instead result in either a crash or invalid outputs. (GH #1279) * The X509 certificate, CRL and PKCS10 types have been heavily refactored internally. Previously all data of these types was serialized to strings, then in the event a more complicated data structure (such as X509_DN) was needed, it would be recreated from the string representation. However the round trip process was not perfect and could cause fields to become lost. This approach is no longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The internal data is now stored in a ``shared_ptr``, so copying such objects is now very cheap. (GH #884) * ASN.1 string objects previously held their contents as ISO 8859-1 codepoints. However this led to certificates which contained strings outside of this character set (eg in Cyrillic, Greek, or Chinese) being rejected. Now the strings are always converted to UTF-8, which allows representing any character. In addition, UCS-4 strings are now supported. (GH #1113 #1250 #1287 #1289) * It is now possible to create an uninitialized X509_Certificate object. Such an object will throw if any attempt to access its members is made. (GH #1335) * In BER decoder, avoid unbounded stack recursion when parsing nested indefinite length values. Now at most 16 nested indefinite length values are accepted, anything deeper resulting in a decoding error. (GH #1304 OSS-Fuzz 4353). * A new ASN.1 printer API allows generating a string representation of arbitrary BER data. This is used in the ``asn1print`` command line utility and may be useful in other applications, for instance for debugging. * New functions for bit rotations that distinguish rotating by a compile-time constant vs a runtime variable rotation. This allows better optimizations in both cases. Notably performance of CAST-128 and CAST-256 are substantially improved. (GH #1247) * TLS CBC ciphersuites now are implemented using the standard CBC code, instead of reimplementing CBC inside the TLS stack. This allows for parallel decryption of TLS CBC ciphertexts, and improves performance especially when using AES hardware support. (GH #1269) * Add callbacks to make it possible for an application using TLS to provide custom implementations of signature schemes, eg when offloading the computations to another device. (GH #1332) * Use a direct calculation for calendar computations instead of relying on non-portable operating system interfaces. (GH #1336) * Fix a bug in the amalgamation generation which could cause build failures on some systems including macOS. (GH #1264 #1265) * A particular code sequence in TLS handshake would always (with an ECC ciphersuite) result in an exception being thrown and then caught. This has changed so no exception is thrown. (GH #1275) * The code for byteswapping has been improved for ARMv7 and for Windows x86-64 systems using MSVC. (GH #1274) * The GMAC class no longer derives from GHASH. This should not cause any noticeable change for applications. (GH #1253) * The base implementation of AES now uses a single 4K table, instead of 4 such tables. This offers a significant improvement against cache-based side channels without hurting performance too much. In addition the table is now guaranteed to be aligned on a cache line, which ensures the additional countermeasure of reading each cache line works as expected. (GH #1255) * In TLS client resumption, avoid sending a OCSP stapling request. This caused resumption failures with some servers. (GH [#1276]) * The overhead of making a call through the FFI layer has been reduced. * The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were incorrect. They have been changed to use the correct encoding, and a test added to ensure such errors do not recur. * Counter mode allows setting a configurable width of the counter. Previously it was allowed for a counter of even 8 bits wide, which would mean the keystream would repeat after just 256 blocks. Now it requires the width be at least 32 bits. The only way this feature could be used was by manually constructing a ``CTR_BE`` object and setting the second parameter to something in the range of 1 to 3. * A new mechanism for formatting ASN.1 data is included in ``asn1_print.h``. This is the same functionality used by the command line ``asn1print`` util, now cleaned up and moved to the library. * Add ``Pipe::append_filter``. This is like the existing (deprecated) ``Pipe::append``, the difference being that ``append_filter`` only allows modification before the first call to ``start_msg``. (GH #1306 #1307) * The size of ASN1_Tag is increased to 32 bits. This avoids a problem with UbSan (GH #751) * Fix a bug affecting bzip2 compression. In certain circumstances, compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling bzlib in an way it does not support. (GH #1308 #1309) * In 2.3.0, final annotations were added to many classes including the TLS policies (like ``Strict_Policy`` and ``BSI_TR_02102_2``). However it is reasonable and useful for an application to derive from one of these policies, so as to create an application specific policy that is based on a library-provided policy, but with a few tweaks. So the final annotations have been removed on these classes. (GH #1292) * A new option ``--with-pdf`` enables building a PDF copy of the handbook. (GH #1337) * A new option ``--with-rst2man`` enables building a man page for the command line util using Docutils rst2man. (GH #1349) * Support for NEON is now enabled under Clang. * Now the compiler version is detected using the preprocessor, instead of trying to parse the output of the compiler's version string, which was subject to problems with localization. (GH [#1358]) * By default the gzip compressor will not include a timestamp in the header. The timestamp can be set by passing it to the ``Gzip_Compression`` constructor. * Add an OID for RIPEMD-160 * Fixes for CMake build (GH #1251) * Avoid some signed overflow warnings (GH #1220 #1245) * As upstream support for Native Client has been deprecated by Google, support is now also deprecated in Botan and will be removed in a future release. * The Perl-XS wrapper has not been maintained in many years. It is now deprecated, and if no attempts are made to revive it, it will be removed in a future release. * Support for building on IRIX has been removed.- add Botan2-INT_MAX.patch * Fix “INT_MAX was not declared in this scope” in openSUSE Leap 42.1- fix build. python3 configure itself is useless, we should make package python3 too.- configure Botan explicitly with python3- Update to 1.10.17 - Address a side channel affecting modular exponentiation. An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. (GH #1192 #1148 #882, bsc#1060433) - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase. - Fix a bug that prevented configure.py from running under Python3 - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will [#]error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later. (GH #753) - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms. * obsoletes CVE-2017-14737.patch * refreshes aarch64-support.patch * drop ppc64le-support.patch for upstream version (disables altivec support as per concerns by upstream)- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA implementation allows local attacker to recover information about RSA secret keys. * add CVE-2017-14737.patch- Explicitly require libopenssl-1_0_0-devel (bsc#1055322) * Botan 1.x won't support OpenSSL 1.1 (https://github.com/randombit/botan/issues/753)- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030) * add no-cpuid-header.patch - Clean up spec file- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605) * Fix a bug in X509 DN string comparisons that could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results. (CVE-2017-2801) * Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834) - Changes from 1.10.15: * Change an unintended behavior of 2.0.0, which named the include directory botan-2.0. Since future release of Botan-2 should be compatible with code written against old versions, there does not seem to be any reason to * version the include directory with the minor number. (GH #830 #833) * Fix a bug which caused an error when building on Cygwin or other platforms where shared libraries are not supported. (GH #821) * Enable use of readdir on Cygwin, which allows the tests to run (GH #824) * Switch to readthedocs Sphinx theme by default (GH #822 #823)- Update to 1.10.14 * Fix integer overflow during BER decoding, found by Falko Strenzke. This bug is not thought to be directly exploitable but upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error situations) an exception would be thrown from a destructor, causing a call to std::terminate. * When RC4 is disabled in the build, also prevent it from being included in the OpenSSL provider. (GH #638)- Update to 1.10.13 * Use constant time modular inverse algorithm to avoid possible side channel attack against ECDSA (CVE-2016-2849) * Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption (CVE-2015-7827) * Avoid a compilation problem in OpenSSL engine when ECDSA was disabled. Gentoo bug 542010- Remove Qt5 dependency, since nothing is using it anymore. - Fix double-prefix in botan-config and pkgconfig file.- Update to 1.10.12 - Version 1.10.12, 2016-02-03 * In 1.10.11, the check in PointGFp intended to check the affine y argument actually checked the affine x again. Reported by Remi Gacogne * The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an additional check in the multiplication function itself which was also added in that release, so there are no security implications from the missed check. However to avoid confusion the change was pushed in a new release immediately. * The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915 - Version 1.10.11, 2016-02-01 * Resolve heap overflow in ECC point decoding. CVE-2016-2195 Resolve infinite loop in modular square root algorithm. CVE-2016-2194 Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239- Add gpg signature - Cleanup spec file with spec-cleaner- Fix Source0 URL- bump SONAME to libbotan-1_10-1 - Update to 1.10.10 * SECURITY: The BER decoder would crash due to reading from offset 0 of an empty vector if it encountered a BIT STRING which did not contain any data at all. As the type requires a 1 byte field this is not valid BER but could occur in malformed data. Found with afl. CVE-2015-5726 * SECURITY: The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer. Found with afl. CVE-2015-5727 * Due to an ABI incompatible (though not API incompatible) change in this release, the version number of the shared object has been increased. * The default TLS policy no longer allows RC4. * Fix a signed integer overflow in Blue Midnight Wish that may cause incorrect computations or undefined behavior. - Update to 1.10.9 * Fixed EAX tag verification to run in constant time * The default TLS policy now disables SSLv3. * A crash could occur when reading from a blocking random device if the device initially indicated that entropy was available but a concurrent process drained the entropy pool before the read was initiated. * Fix decoding indefinite length BER constructs that contain a context sensitive tag of zero. Github pull 26 from Janusz Chorko. * The botan-config script previously tried to guess its prefix from the location of the binary. However this was error prone, and now the script assumes the final installation prefix matches the value set during the build. Github issue 29.- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel"./sbin/ldconfig/sbin/ldconfigobs-power9-17 17300279352.19.5-bp156.3.6.12.19.5-bp156.3.6.1libbotan-2.so.19libbotan-2.so.19.19.5/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:18630/openSUSE_Backports_SLE-15-SP6_Update/ac5e71d0a1c84322cd3f3900a8e15e30-Botan.openSUSE_Backports_SLE-15-SP6_Updatedrpmxz5ppc64le-suse-linuxELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=76e0f55101ecefbfed012dc16a617001133ecf66, stripped*PRRRR*RRR R RR RRRR#R RRR!R'RRR&RRRR%RR"R$RRRRR(R)RRR R RRsdX#8E,8utf-828ab398aa20f0a4753f8df1e61cab93d1934ad68723d0a2ca52c53dfcfa2ed04?7zXZ !t/]"k%{TpeWypbwʑ;iKek|֘7Z)cd'ȹ5zCn ;)"`r\xu^;\!aC@HK?m^1ڙRsrrCchY~Lf x -GXTK!|d#Ő`V=q%U}$MBP|P2 A&hR֒(l<wX [KK$Z|=ouЍ1XDuqG3~lٿ7]EMqK{Nw4wq^jGΡ_` ߬cPm/_ucﲥ|n|YC; t!w-`mTOCd| nዛ4ń1kƷHȸ!uhX fz!Ǖ| F {Ymb:8T`%"!G'p'ac!XӢ+s׺XƠ<"G{rB\oB-3k78)=xr$&9a:\P2LEm@@8kv@08-+6#WTɟbdK_ k?Tk#+C(%O djkE.; SW<>,.PpM $|<(b0MOJ(JMXvX/1U{+yk0JʎȸF>y>(ԏzЧp%(#k4 5=0Ti_~?ٴ:F9~ST]t-  OtQc.pueJa&v%#HĿk/ Kpہ] &0TJkPƧh޼xG1qł=l@b 23ٻ6(D%k\wi#_:R>"w+htL]S< )No5 Uhvm #=ۦ;=3I ~܌mdtfUrPNgB^ħhY,֩q%JԂ `XmXH2vx6~( kN UNZrXP6eΩP]zٓ_$T&>C(+ L'&к o*L9uOw@7uk2$-յz{4kq sxєj6c9y/p/;g!$Z[} WGHDtd MŶ:s3dnV\K^jlyEC;c9 .Yu0ۋxr(HCqJ^YTG+1A՗ֆ r{ ’Ɠ tuϒ)rJ'3rsُ?KY'`[3fkB^Gy?JeњXy B汒z{_܌u]vC`rI>^y{^KI<%ʠ 723\n[L}IJFHfy7Vvwf\ _X?rq͕wMBd]ҬR ޠ)JZU T2ۙqj0.'=@4Z~XO!ܦy*rn\(4 3aގ^>6z` x*n1 |ɠCl0|E2!$Bk:@jrD?g4NXMgsBcLr)+=۩ i5R w*  Lj]:nֽܜ5(6@T_JC,x!r\gQKxb+ɑO$W(?ML-Hvl>LwriE([R1kYkƆh;ls6HEB~Oq}%~T=[һc/T55*ޘ;+Ӯ%D_+۹|%`Gkl=H6I{Ր -&,,0uP'I$9z+uA'-ǽ]+PlEFɚuJ=Ϥ~4Ix|Ti 33!m`{M}NG7YI (A3S-.w;zdU-}|^OwW1\v͎r7)C&nws|'|7US$6uqkC0 a)?" ZՕW]HCoqL.uж{sNtTzVǀU@B2}S Ei}C/HĨ_'d;7/pѮ.b[xlۻ:̙8]f38X”U2f D2Lwk8"!ӳ-aMa=30H(0wY 7?Cѫ`\L#!ڼWÁ@o!5p>96TllW36dl %_ᄈ>՛ /W.ԉ(3F VsoJ)v7QΰjBS@s~ {^6~j\j.~aȩxTN;h.6q[lbSlO{I$j'-#AllT§gU14qL=D 0ݸ< ]@yUC?SRߤI6Sk1jj :)qB&٠x.c4]Abƨ^ pURRk}EQhg=|g6R}!Yc_j6j( ot7,gB{^„)nC(-?)# ٿ`:y M:J,>=2Enm#&|VXTbF9`뺈 T$,.U/eIME[Z4/}*kx+0xӚ~'U ds6x-D4mAΈ1.Ġy P6LHqߎ]LlM"acȮ0r]8H ί 3j~肽Wܛ8u/ZWup҆:fUiɀGlh,Ok6,ƃo;j+%U/YlqmQUyWMN*'[ mӒf Rcqϑg3K9 K@UtqOĊ L'B-`>VvCxIbi:8ܺJx1曄AY5C [qb4z) @ `-ΐdj_Hҥs"TNjpJl2bVs|4ZSE|0\XRq 70\Bv{EP_ 'ס}%|bsKUtSaUQZ$ xW,DƳʺm5 :19 ]P+'hU-TLE3_Y @KcJB5+1B(0U)h``A0#qJ*x/Қzm0܌ Vc;@@=QLRV<:XE6SgyA 7]~NZv u/|i ԀS`IC_Č[8|J |68zwKWN*dg|3]AXN)^HrRyVFX7;a<AQq(=tCD@Ǩ~PqV㰐fCڪC_yȬG@+ig0XSR׀ 8~(3~x^|̃J9oR2c&,bԂ_t>wWOL\:O/M972 7d$DzYoXzh aGpwuȧ>cA\,}q!^g=+n1Ʋd]޽n[ Y+Zlm7ZЗ\+6ݼSv$˅I-D {%휈=6-]fE;;[!y[+ l{fpHU3 ƻdr4>EI襺ŝ@J4WMʥƋz^ eS}& pCfD[O|rm?dFFx|b-0@嘄ԇBǝֽ|p!d`=H2EhLd48PI$OZD0v^|{o˵Ū UEN/¬\VKpo<9iS>{P?fHX+9Nza;B ű9E8ǭI<;][O P!S%يxgf)e" t;\HY\ʮjg pDWQJ[/3M{ɡf ^/(V8`˝3F5qO]s$_a]hf}u86;K+|FCb&8}f·$"O*8`;q1G3Nbߏq|-nvBCi+e$mP`6>YGoʍ0jwoj&A1smoظ&,<} Άg]<=ӹ89gO>/Q^pS'a$m&ek;V|dM Y73|,4᳈NфNMzc?bh*؋̈Č!)Vy[ 3O B3LHLIiWc=|f`g"3 YcQh}MJxГۃs[~5ϊ6e?e+EɭfJ C䤟ݦ#{N]ǖߒgH?߸sˍ u JY8m{Dݺc-bvڭE)ONKW:01*pq^R  J+b*%v7uuEP ~f4e;đs[x@q<4҇\S,A}Q_&uUR:-5%YPj Hτ/gP7.V`Ͷې@-(O9ki=8%XN)əzENCMN:a J6#~s%D2玏pW`<[6;랬{NclbbP@7w$Ҳ ;D;n@0V(TĵOvk,lq;1Blr󍢁@qi;WEi)3^g}aZ7nkkOEƧ}*Y WW-7L']c)kwvd}2{W?gT0tvT.o . p:-Q[n AWfyM!T%;3$l [y n<ǐ-kp *%lpg$ O^xB[˧SzLe_#֔#~9qzwYLK^6x>8q%N l?ȪBo =!A{t UfHXU!3B;23 cYz4zn!PoDލ$DJOl.~敝?hFj[`"цNq~ل"/ׄWU7kmm!BHi`a(er_J; 8{n~JTfc*'VMa2p1)]ڭb4_ {N>xJ03 ['ߓ筃J`ƺ'J=쪼p2ݜI-Rq.x(C Y BPTGq$|V 77M?_E ]96ʞf A5}7:+*xzp ә QvWOmTLz'@Z4Ώ{\rzޝb;?  SQ y kз>8bIp&so7iJZ2#,::aĉ BJ[ 4TUa x(K8vk%Aһ{jYd7|.%kXik*#*ĜʰQw12T'NHAi!lmbZFUu3 l֚Bu!~BReDQݬRUY$Z^8mkxKcpe3/9֯jdnc%ź6Ǫ2; {82$s9?9ƈ5Q(mK)HO#; d.{I@{3RWs F>`OwIU2r~i?,Vf<dN"6e$O ;lqݠ"YTg0Uh*ߔ^dc&DRKKs?nP )LQ1i4=ϱy"F%*C!ێ8 TDbI d/jx|ۑ芷2 l' RmeԞ^9F-3"4?Qmm1{$TOM&V1܇܏{P -ZT}jɗӶEH7)3*ߎ*`|gQKw* V >>PRe"=̧f)sjc$}jttT-=볥2󾲓QMmKa-I̻ ;S"b~LtRe{V (y%r1qtixt˭WlBWКp6JNjT+a|rm+v.ѩ//_b)D_99*$ŏ H)D#MwD]g9}=*`<Dz C͑~nԒ>w*:;Y_|)JCK41\6[;r@Y3l2v9ō>oqOm6 ok]D}bX׋%0`/ٍɵ);WjrZ u %7h5m>,_m"o a m)GI :жAbwHC*G~';:ka q]|!06/i'w'l$1>EU[< i'B|RWb+6w(`PU&NkMآ/qs4|#Fڀe4}㫘2! BV 1MQ"v&X-ndPޖ(vKqGx>XݔhElVs{gM0SVrVO\䪤Uz *7b~[`Ԇ2uttAgͮJHʽ?t4#Z nX)M aID'shbی,f1a P{ᄑ|1ޅQ 9"j8ES)otDnp@XԻ 5#$\z5Y^ܒ׸߉ .b5}2ϳ<6?OL$t Y>d1Ɔ)jh*4w%_WTԢR3" Fhz/1_wDZ{|IV x5 ׅKP/3_nLO繽1S&ሐ_ tʼnTCUE%;VgШHyg@Xn7m6$TՊClJBq?G4EXZ0fD\țsS77ĽIRO42k@u3vӃY$ciH?g*ufM}P><ݪ::igXΜO7ͅY?uPk?Ҽ:ڟEW`N6x( ǤM˛[ QqWtxmO\0F,( !_ ނeF(JiV"sC\lҢz=Se%*Y[ 4E^*+2EM;D aX@H~d;“<kk\m7fCm$oP.R0U$9UjSiyxX`cV!׋܅Q&@c1A·l6p' c8=3-lySU*$a &F)sgxrʭ|tK<=|݁Z||Ы 0) 4r\cY76x݁"IxnC5;$ՇDr>SUsU G©i6,w|יGR}_2fQ$ty+¡aaPwaC1mTNLa?zQMS=1oa>$=\τ4Q/1j^Zv{(ma$hh?:g7;hiG̐8ٟ_Xܤ=+輇M"fuT֍""925&TVD~Nj .Ԧ>9#jhPq5R]=6|Q?lAk (l+`"\?``cb8eɽ[0NT-R%^[!x8 bw_Ug{P*H8y1*Ϳ􂜠5hZpX"ϵʜ3>ʯ ڟh-6P!R)qroH\B'p\5X Elm9'1[t^3c6\ mu7LFɕZ,e@iashh_ 1;2yfw.OLలTP@;}#+ڳ?|^T[f3TzUQ4/C"ך*܀b6-Oy7S%r΢W'BrS¬(-959wZDmV1r BЙ!Uf2Xv5a*At$Pwgh#Cݓ%:dO_M|Dė -7"Ts: h9l$Jl!2S Y}P*.M=#1^4$QRjֵw'_4 }I;/@ӑUcDJ4A= З` ݨ8c}4> Ƒ(*Gԇ`0a5VeM'ퟔlK@ ʨ'Xڄ13gP'{"y7Yfk}‰ ȜUPrOn- lGD 8 /Nau*̮m/'/_!W`N;ƣ}$]1LLCz54A &lF(' v:l-Ci ߭nB.\BLp|Wi[c ߫ydyEd4o5eP)3fB:(Wv"A;ԍ:}cSmۂIaVfUvx`kJ:#pdmw@O&F?׺x֍Ks GnB OǨ3*h1uަg3ŨN0BdS-ɖHE}-tGÐLnp  nF Pm2dd,v{u^tJ\;_ +Zãevt@7ry-f!&c/\3ϓd`SXRFT&3Ͱ:޵Bš. fCՆlbN1< })Fb>N2Hhn kEK%CO=/,ץ+/N;=_~u1[$G>yŀ8/:yjx~ % /WdADI_Qω=3vWRPhfurE!8= -8!,47{`$F ̠B}"^nj|No^B Kxr]kQוߐa?̠5@k)FT)9RYo1į$rCbS~/ί2eJע]>8&! Hqd$8I:n| DC_U^W :OL漷( 9\J]8%7$MO_,M 0p44&YdKҿ4K7 J?:4pi4ز]o JK!Y'v{W {AÍ>OYa& jG _5uYSs1RION=YKmeM˨4nt_ f5Qh^\H틻{M!nӯ`Yẅ?!$ uQ7uH |Sғ U4Vwʹj!pMLUC:ۣʏ@-wxC3]_\~]5[Oh`tBRs! /YCc,@dcu{D(%͜{}3օ gW{@(®3q<OfAvPcM>om9k@g Ki|X]WG߱|Sxķ2U'^lYC:y2 Dxqg;<\>fxB4pd'j^'y+V3C"\HU7Y-?,gGRXҿsU{l*E/Y>XAc6HZc#L# r{vA-o>΢#YʱfZXp3nfZ^{KVOڈ/$p/$7۳<` `gQ?i˾mG!!m&׭u, 85 |X*~^WhLv=: W*" GuN)[:dF۸禧wKDyBؒ$iMpd5KԠ ϖ$2 oQxt-rހ"|qNYS_f7 @ظML ^UZЦ~\8-Ro3 MksRLȓXИwNǺbbXU]&:o- |tN\n-\"596'=TAx*63qo Ɉ@!nqS^q&[&!mJw K_8ؠ,Vq(+CCAa1 >#کT Nx0ߒo? kAJlkhΛ&y$\"5[ɋBF۱qaJ [N Q{p~ct:=]Ak/1w:=+].5!SXF"Bѕ&D"si7ka<(wr|Y@w~4`\lT\H#knLM. SZU Ͳ1Y橚2ZMMmjw:W:~+|#ryڗ hɛwQnr듌`^|4M}. F2Uȩo]iXjy퓃6]<ڧ~-I lLl`'"H򋷴8ܕ,C3~4eQ7}UUVvqfu/G%oPKmX(wKJuʁjmUW[>Ba`)LRþx8߹P'WO5Zޯ6yHLW%pc gz0|Ϣ"-~qdkkrBL@/flTGjiR@ q>茦oaKvK&[qRv!M̰Nf`j*; ~g%"jf59޵9A/E271/2y(Ƥ3g !>G8`FeؓBLormT|oEzV .HT;ʀ =&urH}Ta `Э}CT5q]XgVœ"<<AġOƂz0NxM7;;Yq3`ť=MCO W#(2VKf'L" >h)skGHl "JVeuhYu(m<͡~p?qM@Ħ~rR;#Ӑ-RQ%aԻvwiטK G%58h0bP*0;&(tGm90ŭAny+zm@ƈ81*[_D~;os/ Px֧ȼW*}K猡"29yS1?g9C߸l(A^ӂ6M ok>j^S$ǠS ꘠ 7}1he &1/QrHֈͫ4s^ݙZ{:+f=?! -rSԚC80ɯ.V0+M&B+pru}P[ O }L)߬<`uhL^9Tq'-TKqmy{5dR}(5ɠH=R Mpq2brXtACy*?T-*ͱO~T78g^2M8ÖkT.\xeEv$SH UbA蓞fXoN61IH@u[rk/,bKpKR:(6r;~t ( O^$Xl9אT~nsAOA@ R8A=et8l-ר=d3ѭˏQYJF3}9ہI;2>U̫4nz':ܟge+D+]xthp*m+ܓɟ*4JܼQG~ݺ[I; \qTcƀ1PO\ =Hi$;C@.m06.P!,Rz:"ys!5'z Z(],ճ!@(KCJy>TX*HhzT{~dk,h+lO-ݫ1/#)U>{a5_iQgZ*Ds$6C0 *vsWUʩ*W/+ _TO XA<IYOK8b#$H+gK,` Tm)dVPQ4Gedъv^%öLL(:JpHt'<97% QfѾ4M^:d->eIi]Rw>SWn^dH#!H2i i +UGCD풆0 \ѡl';y'#/~cӡצeSKWlXE9DBH?l_@&!k`V'b L ԅ9;UF7Ϳ}Űm*)Th٬W6H5RcnX(a_<`%rMYxFɕ$IIU M&\6#?5j6Aû~ +ڎ 9`?Rɂ͕Mҧ~t)nD=k:a`y&\e@VmTSaJAu&8dܔ\gw.فG,}JݎQ"KZJ]Amo#.̚\mS:|sn4( IpZ#-$﷛܀)98K_\8饃[W&;/X({GBW.pԜ!n mtOӶw2 }G10:]yZeߚ<J>A~)won܀whG?F?5G̲;/Deni8 UWu?|ōA#d=C^GBQb9QV@+51/]VED. WJ(qswqaqlT}YX4A)κ.ϭ5N#3j 8O!HkJ޻ވdSnED eʬ'rU5Z.wZ"kڊ@8~x׸ΐ]z9?$㱲Bۙjv!̍i=f}!S"wJlν'o*Џ*hR]FLCN0ivHJ}LKj.m@~*ez[X'6yzץֳއwZ[[)?'HKA$KT E ZCOo]\:.\<!2_&ԟ":'mYR o? !,.L~raq"ԙ];9 AwP.~8DєLUYOܷ;S9!2 XDg`F`G _hϾ̫6Ow}Qt3*t `/׍XI2-U,7&5֪Py ,n$N:Kg8aT?_c(uc`M珦D|靡..e!'C)o?:b[R;Aj9/P6wub}=C^:#KT<', thp?* #Kk+ s:TMrawnI ʶXP'yXU筋^&MT_f8Rb*ڍ1 j Tj{\&lx"wfp}Hh+ćحP*MٍR0 (w1lnu9ak7ݕ+d`%Y0#na S.?tKf C$0:UgWkt,ɩ%f0OImg֠ʇuB)J7t>Oj:cRqIVj8s#3㤳}Ƀ[1gz2l'I!=l@GAs!s""69ʳ+ B^g6݋]p="VQqf* F{=2zCWGmɫ%+ҽw\!R![u: Ə:m fW}UL {yG1/' _u} ݕmV>? FH{tf|5ê 1-(.,b9Mϖkh7`ͻoVJhwrF`&Șuo40ekllo8*O[HŐq>g2DߝWW"uuxsN '0LъYɼ'Ɵ`ڠKLB0[@)=i!fvק'f۱3bsܷouoM:/S MءYP,WɧiYބ&fjINdE rȏJ{{GejHZk~Y{+RRF /AĮ5gQdk+SqCt83&3- P=DZEoo3e#J8h )Ll>@8yVUr^(0mK#Œu<QYjʏ5u$9b32=}Zqe GHaxR2& !'I.pN ^@Vh%;`Nc m߇V,*;}ɹfgOU=̡u+P`|aa<GL/C.Z 6Nhbb!3Ds'dZ|x 1ηә<\ SplOFpyAƺO%RD@T _fKW{ 9OyFk>q*)%Q nU:%ݰukd#>'UeSqoG3n6[ eBK$ط.ű NOp?oL'gZpk~I-2|rK/_FB#y*[,)% Rt\+DVߐܼ,znwr~}հ+qH{C#e/H.PF>lDNfBLFi5T=tS ok]&ӧc><=bCW{ضX3hlT0ګ.*W: }D&^#ybbMc1$ndϒv Yܭ^ՊI& CkIV5>ٕur^%%yn9d LpP좽s2jlw"@-j§3zWW 9#ۯ`˥)/N a]`q;Uzn4/Cdy;8 eW0 wѭ% ,E=3̉^GWxaJv9!uY 9\;0rAAn  bFd1+Jg)KBd$= ]l܁"*r3@ 5;eEmR,N﫤qT$`}ٗ؋zoHTi_#XWw'A]ƀ_62ĽGmw.xBU2G:7-Mf}]PM17}uJL;pE|}/"L_+7=!tPPHC4F4W ~O E:Y~A~۩c푔~q)͙-R: 4XUƶѺpd6<{z֙Hޛn\j~\/oUISv|PEdxǁ i}*lV*v2+_kGvA+|,tOsB\cxǼx`f"49=5^o-,EBSia۶P%y7Pmrs COz( <6_[VtjO))H]0$9[Nl癔.FA&˖{༎;2k&ڶ-ɻϕpz5_gȺb]z(oR>t۟ye BIYz{ m_#4yݎ }l0+7j/-k >0~߫(L4 8'MnavS%ƇlhvX9FEWM󟱫Ex`u}0l<>#+X ` U,4q(M^R= w/G&Rҧ aC*%_q)=x%_5 48nFSi<,ReXs E3{3 ?0NTTH9~Lpyў@: r:_om&~|Ѥ! hZ:MVG {L! x0p/|3~IHՋ@q,4zyM:i89w}.H+n7P'2U߱dYMH+0 n/w<'$qC](c*^B|f EE^(2/7Ysk,yqGqԣo^}lBBZ:7ӕ"k;emY P*N׉ ;9u?x0ļ,ׄiˁ쎐+'_|&/?|cQlӖux mL~]K9y#4ƚPA-2ЩVj1_fC=\/3)H\ jV(ob8 F(FGc THu sxw*"`C%s2f^ „cLaVB('iɛv9O4ќU#ą1>8+St~DZ6 #u} :$1?W6^̓_ZYH:qy<ݽkW&#wqTz@G(\}VJ(-xhk!㬓Hu{٠ub:D. FO9' ˇGLD v[WS9.>zY MX.] k-;}ԻAFO'^CT^^~pߞ̸4= !g3V 񉍓x@]p>,vFP}dQhZr 8ЈL@ lH-:NIX̗PE#:KyhZ\"cJ݆.9.j EGZ>Gl0"@+8qۢ`Vq58wLD+VZR*~7tۦ555tM8!#^#QZߔdYÕSlpoRQ o㹣{Y8{bK.LNRJ5.{WvzjO)OVįՙ&frg;zЫ5HD J΃ٖ4iά**w'8R (T+R:SD{#" 3Cesiq5UO-յVXKpWz%fUCEWڊRq}iCN -.cǹ@>hcQX,;#S-7_Rf3 v])G/3H+IŽg2R⧽MJtM]S)~Vls@[7B9+<Sj!$Ԑs푹AzJ;km҉w?a 3i0 _ {h):2bܺ.JXG,uN; y> HlU$= i"{Va@T8[̽.1O#fPnwd9:q-lC:-4p,%pۭ xJև Fm# $SDOZD [*vCup |{#kY%QsMw)q*tli#=鹪 $pVK+PcGFÇIjR/NKIU-zG{]1z%VW,Zo8 'mj^JXZ?fp`g<s(4 W%כWAdsFr_D$y#|ɏZ䮮<@R>KݾqwNSve ЌeF'x1"8l 4<02aPM2XVڐ܎6OSKZSZ!_]`8"nB8pǺ~GY.*&vF0ӞÒ`fDF#qCi]vphe ~ÞD@_5ӘCuoC9[vyK#k#a):*Sy7*+Tɢ:MKɸu/Z}oXь@'QК]Ie4'$\穁>[_)E`6{'> 'tgp @1xkaT{fMDշM)Y}pF޾jmve\(56PUPQeQ3Z?rt+Wܡ|Qai̧в|qa]0{R@タW 4$+}&Q.k"~Æ2eIFHw2eLSɢD6v0) G`i _@.(7|,)6NeTh PR{/\$i[[[xÉm'=Q{LbN^ٝ^GW 5j0ŌF@!gM0dPl' r *v\1E_&G2& ֋s]&v*Ё!HWU$waCgoeQ/ǝ@iWժ _Rzd?7zn<*$SʢX$#B U>ޠm .i6@C^%U>Z6j[!b9]yO3~h7:|5UN!xG&By{"RPNatBEKyd+Tٕ! ʹJ:#Rcj"/,|3 FwiJLh㴮^_`C5Nq[6uSCvL>އ`T@:և#y\)RJ}h:O%>'ҿ#%hϱ`$eto^zFxkXE/ab]V1psZiTqk]^ckRzK1m^u}'=)44nUg2RA%=}ftdOۇUH> }|t!!OpM8ԉK,' So]ĦmkO %#BՕ/APWBhԨxkV_ճҙ|b[jYaط}ay $饸\]OKZZ\E2<Ֆ 1.U ?\^wwrrT A =8QWU_ŔJr_t"vo-8vyg(ז} 0O:SQZYn]NM{N1ExZ1[dŚ%jJl"n W쒉Q\N-%eVI\7'#(Q xLR_v0L-ItvHE!kZcXʔ|?^2|4{x1(`%aD9WG =+nW1,sd?0֛ƫv M[8Wm sy@ ls$\m4A6rNޔ*]q[Lӭ.9ZxC6u #=0JIq ۛ"ds,>_(#(lU o%9-@(0P 2Tîc! D u?_ˢS$AR^{fXpdAAPwTh%_18Ɗ@B?)m7 $&_ p:81ޖw̥,WU*pnvnI>tDLxJ=| sb]YUYx\%iNkbx#y]*8y hBk#)5LfX% 5ckR&w0#WAMFnRKeG5X9|Kш:!uJ<7O!~z}ʼHis00ц,'@HY̟g25hOP( rgΟʯB#&=:-LA<{bþ#.r5n}ī<Uu9=0'1&E##>l{ݼdL_҉taF޷kBZpfϦąU޷wSc@F ;jt^ (͖(ES_%%t8@S#~ (@\fsj6+mQEhP7PZI"uL!T[r~&|p-3+$sp SBփd;|PZ56 [`{/k/+fV6*o  ڞODK_DI=@})2s7E,z0SyxP2x!DKLh,W;Y" 䦄f,oD<n\\Un/čdS,]ZJ6|b#ݫJm@0aAx/V~]C f$63"VaNP!Υf~p8sŃ]`Vg<`-KO^h-t^7X3H~/qۻMZ8۟0 dYkMKJ+1}dpɷon^5Ӕ^SXPѷa]}u9)8 aRu:Y[=TY)j:j ܛ{*t*)x2)dC-I8#^wF p PFPXjW>" "BZX(' /_f*F~//^↛-|@5u0 g#j=y5k8 w 1ڟ>_ѵGLguC#6x _g9һG4I'}AYӤ[;|LO5qF D@ڡ<2#0?}<4^C4 xXFGX[VDk3bё1P33MAVͨh#n v6)0O ݿزR|0ROeZ Bo Ȏ+z֥fWӣ}S = W*jLSX8ıHҧMlq8Ã8+?^}?e{=A*n[63( ,o$˼AN<)Sܩ'0T'dȭ9練 ZȔ7 jf[/9Om ͗ri _#$Cѷ7T̸IH [Dg(_P%^(Kn sr뫕5sp(B w|F/ٚk|9K9@W#vFU6⅒OQG3@rAdNü+D R=.PW{V !my>xNx"H}\bdtfEܷD974hߢJz8{NgW1G${iz"]:V)pWUS>iV.Kww&epB>+`a6?hs &h+8)9LGHѬ5,>hM tM/i`2=h~5뀟i jNFf [\<՛ߴQ:,H,eY5coJx%GvzN=1KZ!:WstS5К p~r)cH&l@z&pIF-a"W% R 1;eў`;l4|yU>NW-?׍:i! YrWtxL\Micjۛ)r.J."/GT$Rce^@8G_]d {#TRhfgc xL-TE;49tS \~F1qPA0JAs[rKt,#l'zid)*yjrߕ[!-( }Əb~sѤ1G9th |f)ip*o'~׻l죄Jٛ9N//y٨/2J4/eӵQX5tW I-7ijICNT-tOY9b|}zle7O)|W֫FE!dU!**z2Y PW3{إT*>ǖÚk4=ut8a)B^[;KZ^u t"EE1M"<تﮘx PvDb>OCfD7uy//_]KA*pXq)ӊxPw3w6r2z?!6& v<6:<u>mY)] (^!Bܦ*6p Yݟ'I+u 0} }-!u* s}OљO3!EqI Kxhr`߽TzEG;0+^>DOr=@&IRm21\N xF-T}&[Ofo|-ȃZI_ׅ؈(kWғkvhjrI j^K?fWYv\BL Fjt1ݜd`@qM6_ ۧfО/"IZib9کS^\i8Be\ ۧP+[O8~N 2Gג&cct\ YI |©/یcm :~RF<շ'l4<"wշ!?z2C{_yAx ׀N!l9N&^UlߘNwNj2 j;by37 ʅax!^qRn-@-a,PFFϵGbxv$wZy튠ߡ+:B֢9 ƬG4os!+wW0^f?zmiyo27feq5PUK>n+=2Hd;6&vK:t*Kȴב5ŴM[ceTh(8G%%󰝪d $PSA 9GFoS^ *#Jy5 ݦ~@s:C^ 5TVkFbѻfv)qq>N{eJ[Mc^({Up+FmO_CLzq8U?ÁڂADsǑscN+z /΍&x =J]/Pv`XJ3~pr[Px\ g;'h-LςΫ}iSFM̤| r"и;~;5o"ZЮ6wFZ.$)_@(ɇK dNʋ,F:Guxu apᰁ"yōa:W׀7:i{_ɽH&~I;d_ ɞpRp.Xd>#OU){V:ճ<|b^F?M9= ""pu:쮈'Sk8>nm'K&`mm''lDYdGL0]}7d+똼`DeT +|x宪9=xl9«R1d|.L_<|cu>׉6DLbj7|&M9h6E~^/`?ܘ~Lxw$3"ybmb)pxc'(%DKJTa|+rsytܞTg3P[eSǗ%\*>A9, j'B{v&:wOolFXh䷵#UBg _0F]GFYDB_K*ڥo:vc0бB ʦ@8gЂ\*M?n^ V[gq0Rzl5O6.0\kR2AQ"_ )@,4ST~9̷|?r ydl{=Wr]V}$JͣT+_m9a?F@'oTa$vmL3 ejlи@LN, mrp=\ g~ҥ*~QT1>^6`~8 O^r?ݦX*짉k( a+#?_uIcLؠ7dѽiS!dd_(鮼F@\EׂHLKOiKáH BbY r0h]Hg1 d0Ԁ-ǘGNat\V)%C6pX{s=g䇥;$j^h-Xu`пAM"U%yyu65t/g͇Ձ@eRSq!FZp2jv-hzޝ{fx[߷p,G{@={_qqրjBa!K-IFY O11.]2ކn*IjzT|&{Ƞ 8q̈Bvn l.|$%jJ~`@J&*XxSLFK:D,q6H LĽ:)qIv"TָN:D|:ܨeh_- VH~ :aϛ +SYvgLk$kk.$#ZNbjuԟ&@-f6O+HgB2 }\%mlfe|?Œ.lG8MdДH-)Ӊ3JEñV<`S Qr[hn~~!QEBR5MsgIo2 P&/_F=J O÷BPUbPyp\~hѪ&.<+"U@xU,I``P~׀Q@Qv0n q]`ȥfjchl S8pFA$?@ZD>#?NJ\D8?{k+ gȃh/t?0 -nr~;R$'TAǪg}US#y' / 5IݍVg`-$ 7La3ЌdrJ4?pۧiP*6-3"syٶSJeu Jr#E1*_Kjt\Xp Æ())%2bq5T>z^[8ȓ8_7 &q^b!%ǣA¬> 7Snъ$&,yj`2Kb]x^/*NZ%^=Iu{HL!pov?#!JEcD{ 4r|oGZZ@ǽQ yޔ 6J[ ${ˋuڷs nli &ukYԵwMf_ew!U=.톍KtY:ns |CWB8 ¢ n^ENׅ_@|1@&qQHd/C?Z?F%*R0?~We XㇲEb22F`aחp:vVYV8(˿+7pQ{jXQ"<}U [R/wFZ RHQƐ )CM3}$fS]<ǝ^Աa{YSi?XS^t["%+S*n 長q(Y}+@䂗ǻ L&ŅTf͹@9ZEo}dCPPfvURe41ޝE lr?Ohn,vz!u>@qUiR &! U["e4Nü7ۇi5w؁=ns)f'sq^l#T;}@;4aىi^t@>sOP6ݚGnNGqWN}Ѐ%Ɍkk 1Ș[N1L yф:b[a@lG\gYcrI怰;vҵ FoSF"Gd!t]*Scq]eqB>\*P E~hysJO!:f{1;/Z*C]@{VِBeR"Eg z>gWرU:7bQ]ZzߧYl?x7J2J~><)Wgsp*KLƀjҨ(ɦIx &9u۔}(ҙozp7{Q_S^\72 WGskPB#\/Cj :-N gB& AL ;kPcSS%1Fuә;x$ sDmӺEhwIOfpMHjk8 _W730e;>P~3`got\|j bB5It]@抳^^w;cIgpsJ[!e͔EPXi{E܇!|亸xr,`srY lbЀNGU~:%_؛)78ϩjBhjLțDRJ>',@)eHM.od05KX.uIPκW GV +|`^MPF 2q6=]̄^Hli=<7++g}vzO&a@$c @38|l!͇n@?.+ljmbj%OR/7R@9ic{Kޥʧ:^r% cE⸸8ihغK;f p`_ITrW4os-Kdk1_&_/m-`9jޟC{ԌSPx`b)Atpxs %w=7BDa Z6)"&/RkN=Yڣ69N-Ik{,QF3hVHuB/|lυJ[` #3\:LJş\R)n^[ϒ~]K2[Jʹ ;_ µRsd/*(cghM`e`fZY9 qZC(M4VbِYM׍nwN>W/f`8&-:sM1?c_Pmu.sva˪+<lD+zRѩ  Flq+6/0  Oif( |KI!2,cDx 5 K; BLo١Ce~ܕVhm!FsfZǂn$~wpّfFB5v0hMfܲ NAA y~mJk݇Pr2*Rb!eؕ IvV`1 yI{I\IU wbAHVsJ,&rGk42t$(ޢBMO,_$m;Aԙ9#h6ѷծ7yp1Kyp>l-ioV 3"}Ȼiڟ1" Mf{HaWmՇ,4=oe{<Ԧ LZL9cȭ l{8Ɉ^=je;V'hBY3V3D }捂jDsbP[?8?n煚tne Tru.k@ HVlf2ߊbu1d\W; 35bmpu\2Bkգ="uneRHk&%Fq#vVSǕ2+b|[oy'9=]H+ڧy¸Z~˓do-4:*VxaVi,e3f+?b"ll bWr5ke96mvR]ư m ^ov.-((f F+hUx*l%@NH=cL/47\PbG ]0w>""GICVc!fuL{Q6P_@;9,FJ2 n{cl-SZ} S,V0>k޺T˜fg$UB2jv*]"l{i| kǘUr#kTK/>gh;nv5 [8P^(B|g|z͇P x Ub{y]``۸w6\:Q ҝO*֐9MtB_Zcb9b;+gm~'6+ >*c ڤ>G%.&oeu8.,댞wpLS :fz:J\fOB"6)g iyʋ[H"7 Ո(`Z OrS2Mك._E XOtAoZ58f퀂`njj>b*$J,z"ʩ\腹9]/ZY IU Ҧf*0AhրT3,RND?|λhiH&T\2(ߊ^[,ⴰ84?"#4ǡ='JDLi@hO70cj( ɴ p ([. _&Y]gHImqIDצXܫ6Ñ)zp|AGSQslfXn5yjc7 3>"rw*Ժ>:ln:{H&0/Fcn,qѨ?L;:C r2{t.|S hGNdO/@3y'82";+!=Ujʿ5gJy=VWLIPPah`@V21 ,ZBn3l|e ˘aK#Ixa`ɭضSOC{oo!O_9Zl4dL,S⒥?`up=հ.. $7A өt;&G{Fo/U}#OzaO<}:XJ1𦆥8GV_D@qUtPqÚ S6j쎻AAu̒⠗=uUk8d.yEφs<6Ąd;kb`'JYPJYE9`aNp ȩPYCB &)oUz˔~^6L3~o#@1l[1o )B!)-:Rh>6ٕ39^E{6>"MG ɺf=! 4# ڇ5s 2h{iHӗUF:ٽeE^1X콥b0=nR]1[?ZmcЭ!R*x7s\VLIއ>OƏK*{Q2}༌+Ÿ`8,1;yKh"w&Wu Y&S{Kg-[UgqBP.|$-w.OWw˯ll!fuqH']xrDg?\ iO~ 47WŇ_kHJZ˅b#E\OZgjIf% `iIIk:,x}3YhByD:B'0!Vxɿ)FH˖Qjs3j"*G>>]^З5VC+青wp$1˂Lrvb*|RGJ]gfVyXT뤀qtҲzYS6ɡDуґokqw&ɜýϲ wj $MĎ[גqDw0C+‡ωde K'ȞSͨGr8O~tq-Injw{YړZ"p'R3VYUC˵hjn†USNvЅf8;F&mxkEhgB' {֎}C<&OFi5]*LSR(|"k/$C!h-\^r }d\pcXM( " d¦oQGPlc2eCu.aL'{ʢ_`kyXQ Q`'H쾿BC셿~NNXfo&0=`ؔ3zu~ʄM=}) $т>9o9a]q^OgYqJ9\#~]^2;5KWt> ^1pHz?g>r~Wty(-:CPTcN"2'&iFyN>YX|73Vz}9  i^$<.zKu[UoVN5Y`TJ OU dwJ~ R*(5%e`G|$8t-QԔ,7D&tK/c~΅ZRjI8W٩3@Wm1/ ÿ._~0' zh H3?FwTd(e+4]dӄfխ&}ṈiәQ -J#e7_{yEpHSu(q!~g> ,=i'.^sBU =DZ?oV4j CwߩրX{JJ CaXƚ+1$A~ *E ^֊ qw{NEK+p#~Qm&-!N$ӧ w2ۅ !?Wnyx@" Vsd'7EnOs"e_br$5Ha7M[8أq\vr ?"Ã6X ^J?7ueLGtҴmn#$cVC$cw!jH,nb5ȭVݮc^,Ud~Qʇ;n8\CXb*I"U4Mx<0"Sp to(Bss;{uGKw(6ȜZbyAj8s{G0&rq#./9@]h|ޫ +'h`b肫nop(9[ev*G53QmK{EAW:JP1\4s_Ibbx6t^_̃HPv6U %j&|&5ࢗ6v +2`ct4jLVY&K a-ۛ9mcJW r[.bv+#s  젎T_+/ULUS - $&5oXA)hZ\:ɨ}f8>Wj6օoƥg.x!u9ޙo깃tZ@yv(UfOZb *'Gc'D YtN#iY!EǐT1f }DU=%~4zc/ז))i\R<. *~bX=[B^^ I]9A*I}Cnn+M!*G"[o^aj =Tk]:PhUјJ2 ܉CZ"m֫)F P0NkQ,V[ƪMk#PJ3ʾ˕ZM+PohNAX?$tL{Q4|SI0X[lF`Zw3!bL\_^RcICcι,R{dT8qVs#XДd\qy`LxRD bhi?Տד$񣅡]5IOPq _ZpD&E.=#? WI|S"-ٸ,f3u*JR$C]tfTF:#1FzqBqƁf{}?cWfpYT~W뷋L@ 9q)&﫯'd@/&V^Y\sSδ2PNq11c0v1Xd"Sp1ўȕpǵ'<6i[pv%(pgGΦ4jˆݶݯ` O]kԍb[H o!#}UnTn_Yt 7p(hLɫ~m.*Mp@ٛAL @_}ia‡EoصAXF=NqDnFX HLvfp~9i${ZXC+TGd>謶ݤ=P\Ty4ޯH;eE7Fi#1}" $w,AdOsOu{)9A?)aMhݧgefb\r={Gxc]-Y~{tDou]5W§p)Z N^-n/<1UKǝ"Ïs(N߫ ,a'LA0V@Q6KXblkxsn 9AhzٕJO[-,AV%S*Ũt!-)wepoqtKyS vKM+TSL7 }K8%wy"-Άy`Cqe 1Y WP (5qGƿwblh.rt[ ،cf8fEvTߖ_wrOTj~:ZߧoQdD#r`t<]J,CfA f§64E*@ `;IQ?}/1~ 98h`]_Ԏ6!ýycL,Fo+cz1ʏQ̈́$78e#- ؁望Mvro,vp7ʧ_Zij1jڪcD52[ϢDzfc@o_H$V9\--Yvr$[ybӾD|Wx-%bd*k 3 ڦ b!"g`GQ* .ezgdcKm)kF oٕCM|~:(:3 aͨeh3/E^KԙmvT!*fuc´g;#65@ o"B.&y#kTVDDh1t.-Dɲ¼YC@xHj 7u^0byXscO!y͡b:g< pu0*̊+/e%/G9>&_*D,VR R>NjlPQ=Vu@ ,N|#11DTX}!=}PB%]0 ,PTꁼ23;xJ}Uz-ӶrB AԻBqfR,p9W@ue C28Nh9"] &VfW G|zL%G>g-W8U-(71Tf<  cuZy:x,+` BqAƬHi“#}>:/aWҙ9/)I@Nhw[P)::dȬeMHy-W /4]WC~G+Kh1NW>@']4w[``>Qy ND~ ޛN r> EefѪLi\0MIEA^8 uS i8 f~lNJy18Ǟ¥et pe{ oۯVCe< 2ld?Ѻ kɏ8@߀Tِj# E$elߪݕMk>[Gu^H! M +8H vм$L+FY-yS=2S_` > 5k>_ۂkJ`{ Adw^ѵ^Pm&KGשF eO*ViB?d_?eŴ]:*N,a;S2ܧgϙ-CW&đG_wT1Kr}JnQizلa|x7 "sU.kiۋ崽D"[XJ! )S(T4؋_rIe9xO -;}eRSIkvTT&:n_0)Q%W{iwq Rc!(5!sQlK " |C}{ ;9,j釿A?[|q{f~U{AwLD Q~6]8fwyqφ/S0hY*Y^zQ E~HM$uԄUli+h! ɛwqqv'4C!Z-xyfˣ4d: Dɾ1!;2|:-rH}1iU#ut8\ y/&X,)8f~b֏fkIzkkh; yU8l{iAoHV-NQu=v/0~\`\WBD~K͈TpJR]ĢE(!@GXP ^/0bQ:0{:TZ>}'(Z]Xz۸A1Ko_yG-袔uBͶ_8o JGF÷}q;j)]!>{ mR{g'uz,4<% xIJg)tP>\X>\|qθmu$Jvm)ՃHcTRry'lEdEULkh=xH I5y~KrCoцS!B|`E2[JZ{yM"]I(HEey&]Dh!+?vA8fV"˰+1tqM{,zAwzG顱AԒ& s,h"r@އ4Z:):"0V4 {,QLW=WG *3&;TKs(Ӭ uPCF^K7&,9F;DrW^5t"2skyR|""/Yh@ u_(, :-Dqα6SL[n=Qt" Yxho]PTEI#] ddvEQj`nt+PTLV:c( -Y2s)D%>}Dz Vq-s ng~5_~ːs|BJC҄phpg;o$.ѣd}k V,77<=qw,KTecv(E]΢D ] N ; =6F)d p/qLw"dcpȗY4TiNZ░וfF CĚuR$I~v] q,Z* &Nه&YPW,W+<Z Ki ey- ( fxp–tr-;[X;g-`3nT Lﳊ3ZT${53>8\i~i*,-1e|e2M4Np j*x[ $t1f 7؄* YW q*$K9ep_<#ai\ "Y B8p|ƳHf}|Sa$mhv:NەiA,8Za(ykߏIOn8f-!c+t_L.Q3+Ln}k0Ƣ2G#?:0Mmq  j+i>7'e'LJ// T[O_XN퀯%ljH#5 s.NU$}k_ݤ#ƾLUe8kہ%@:b !.usfP ;Al* +2¨0' ahg8-? Z[t5msA&R]˩ & 4fcrYyݏKo3~֦btM{N_O`>P4n#( Z9{@2r>n P{ke櫛vCtm(ZW.K_y3-,!W}'cC/| ι/C2WqB=笝 9`KF[@C %Һt<3B|x* `@}03JAN<9Ӹ27 D7Ѿ > bo'}$.a{jG|Z$*BGƏD6OeY-9tA{ѓZ\]r U c୮UBPed"w ;Eڃ,@81)V]>yv57T˱DT)%bq?zFXl&V2>'wfpھ l-B@)p&P: ̅\3| us4raJ>N5__5_`%!Zl`Gswd,W5a }VxS{sT ٥Z7wEŮ [Oa;#o{v's~iGR={DkR`zo{~n.eJr:AouO'R^eB(.Tux HNJ)ځ }=Z먉tb)f[Q)'| HXmL, |mw]@wT%-F'C YE5R8@-՟MKdx{N@ND Fpn #<e ̪f ۄRT qH~gGhxac@T!|~ԝfn|М[h%_~?1nE3>Rb pO;*q2ŀ' tfu(n}njSSшJ]IYۑoh/p6-'fIf ΞR'=8Kb7$ϝR:l#kFjt.׼Ժ0q(*nU~ rAx+$^ʻ-/q&.^UuKP{S,Nշ?V+"Đ"b_U~!.A# ) 3fSo̫T9⯛&g-rezE uߗRu)@=MСU$zN|~i4LEŴ(pb Nx3?9g~6ML;Ȁ/UeC|FkL,0[Uq=N ]gcUJDcԫT~ˠ6EO 'zMA * ugUٙCì a|lɭ #7,uoqZc7 fbﺱ?/h@AѦY`}R>l .u>$@1ߝ9Dp6f2S ˶cRl?%m8q1h+yd5r /U#]cؗ\qHznC⚚Iڇ7IƧ%'4 Ű(z):,_p* Y0!wlA&[+X _XؽL\6aR>N%ԗm\0CK(8d H\48p3`L|yȒ%L둱h)[P)') AU:y c)@ֆM|.0w!)%5.]˶tƶ ֚ubauHʶ mjkGhG]N=ZbG.IϦ{a> a޺'6Fq]8:!oPGTĦvueWY+.Tw0뉲'<%V] ӷvޓZ75cĕ*E"_԰."R+ 톫ȃ7*)X9J RI';޼lT82ӆzJ=yPI21V3r$'$!<@s$: %=iJ7h2[Vpݛ5!}?"|+eYHEޫ>XIe};Z"HqIqq]~Ê#sGP[}#(K헻,xs^B Ts Mz1(3:'6kA<3$GtdP[!}'w-or5X\IUUXrCq4B)uj,UzUKH&1i~'"o֪oxc@5!JWxE_&4WJ^|`"lcEK8m_(>/E5SB }RhFWIOLvIr @y7QNP5~$mٶA!y 99[bt9'vU KzH@|>6.YFHKJFE_~A<p?7ZYm6l19E8GQ}~vdk*'yR\.-JYN+m+lDĩ {3neܕʯoZntؗ 1xB(Z^ !uŕWAua︐0~mإ:PhYivӠ[ =i \WZ)Fp"O=x}'0 G?'f; Yż:݋/SѥJX-X]YF`W9Sum`KLݗUlBqF\ma6Ab~0{jLf2{oB"VผŖ Vx|M u*$:1m?$[ĭf8P)n8ؤȃ#Ȣ"32e2sG.1רhmj\ }WZ9׼=kcJ+P. :ӖbBF]օTK#v+/{I8٧AnruIgU؝HZ##1gL|Ӽ @'e~#kR%F047R,GkuKSd3_[0߄(YJl|dhvXĀִ]FӔs*ˠϮ/..zaDJAdCMd0yR5uu$ _8OzHpxB&cI"kWϴ7ul<=[K/vzф ?FrqљK$&ؗ0X$zVUd}*=,]úʎ ()_Kv[w7fHR۹Gtn"y'^rk A+ýqKZr~&<z[O6x3 /_¿1IDv靺Ӕv1%߉DO|tLO1kwnJ&F@L3xʺu#oY0Qgbt\ÿi08בz'R&)h+;bSs1K5 Wh(Hdv7( h[n/?7>ct<~#5ճEȱK|s+唎hLřdݻ5qF F3f j0jk`Cv@L(9ʥQUu8,vLuEtc.TrA5rĒN?}&څn ] r̦ؑ8NP,ۋ#vB1&S<=&6 zH%<.zK'Tm8 $ra{@c&;$6(dEJ1RDz5M'ڣ9Yv,8SJZiyA#cO^JlO}.Z77?o\uۺ#{LkxVF}×YN2d}\N;]j|]ʹ6Sz fcCvv5GX7iǗ_#FgRh$L4@SժG9 %a=܀xw`qQjwC e|iC#4e&|:/А 呇CCn`8)[fn$ ~~;qkNTfKkF0+`h_`bp9UuSk ɷQD)[p&^ KoV9vx"=ͥ`/3vb9o<\{5${ZUeM\+*JnԒK9U65\cC4eVYs^,ߙHzSqMwhi1CX˝l2WgjE 3^I F} vC>:,\zO??C32=犳+'zykJ*:K>IbVcԪ[tvS~^+WE<6'kR^.y i帍M5 ES/kN+-5@0ރ^.;2c btz56fO660(A{~m|zgaAi6݊iZw BzZ+͆k "OMb)XnxQ+nhGwj}Zr- Qu1oQ]##'cV{!V|; 7Ux FŢ~*dhFy7Ll70r"bp<^ 23 N7xkJB_r`:N^-|15G^ڝI?G/1ū[;Ϯ6c:5 Ћ l4aRAm#A:Li[ mW>J5j7ݹy%] `-gh]i}#c-̻b:dd&5m]Z[h׌.-:zIqO${p[کo3yi7)YG6TZ9P(&hs3=#owu[h?Rk PZ(CU*ZܚVl!-eN!j.q) JYpƦ@)2&bhb`ExZ\P2Ց1@iKfDwfњ̓qCVmMDcSxQf P7nl-UkֿNW^K+Qm֖I5=.z-HlKT+۟+y^w^w]v_]BƏyZ3sILܯK$KhVf^Y:TNx(o=1ꟷr$Ez!t/ͻFt1gP4dnevv<<̋ImpkkzJ 4$R5ƞNq-/qԾNdN ,%Ru;]\Z#(%iӞ/}]s6 X)0W蜑͝S#s,g0uO6|gVT Kuc>!_=p.bMfIq4i٥Xoov[lEپf'!v0sܱAZ ]i盛Ş S:qO/JV 8+5yvst.z[ly/Ӟtև5ZyLiSܝ=ܸUӴ~Ơjmmfw7mQk4XWWSӵ~-b]98Obyi0Z9uIq7*[CViӢeA CI-"r&⚥&umcNC޽KY4n=cDԄ(+ `LQhȷ_c Y9rapy񐟷-k9r .!;{Vgl~Mه C%]rf҂"Tu%kǐ{NJ]9uYt;k1<^OG C]9+XNsb[S(j!%B& g?=cI{SB  K :YՑrvD $ 9(4TiGZ~h8_Ra36Gş"пe{B[oOC`2c!6@3>n@(HXPP("H/7 _toT~Ь"~pC %W:(TSm)]GP22ŷ)Y&H *@ͤ1K-ߏh=7ݔ3.׶Br9H7Q*UQ͹k3[5!L'gMPǾֆ3K҆RI3y>dLƨyĂȲ@CFA18ɉ':B2gIC$B)X CHt5mz&[g):z 6Pcـi(br@HsCeZ ii"QEb%:x!12Tl\aAع}+SnS v4 H'v~2Or,?ATF )k2X\`R,a$ƋK 0J,)(%N jM2uޘ3{3dhTDE}~mza6Ay pP$?\H|5hI"P RO!"I$l' I&N)BK$fr`U ur:pM$:ycCOL dPhX$`V)(g΂ $8;txYXW\kꛒ!ˍlj3 $ @P3)11 I8jsD$ѱtђ 7Ma[o؁b:d, 0i"UY tc4n`Irau"*;Wϛy 87]q.Y@"1%4=>hg[ng Zz]H#ZP;,໼CXzʈyj2H5I<Ext2_\=s6r{<[1( uM G+/ICOfZql8HC=0 kYNØf ד^~&Q?붬4f2OI:x9Bed\ٺGdN* SZ$e8|x]y3 `$>n&? ؿΟ| ;LV‚,g/aB%RA ncɵl۞##ITkBKe xA-MR%IoG>5[ cZJ]4""(pZ(n%k=w\y2U䚺Vh%ʙluC:nk{.W[/5ʰ_,tBsMf!7i*GpI>uTx\MzZL2Vy8_9SFdE6j*5M=epΙ7yn0sc? yݯD뮶4H"/O0)5w=~fEhmN; j`\_:Ьl~=~`.. oc.6҄|]شԠI{ۧTG[=9mAR.GvvԴxNU?9UZq]oyF`}͹hӖ][u7+7tXXr>ᵬڼ 5cf $w Lf֥p8]8V-ki.7knn?өn;+P@;e.ԉkC lC:2IxZ;d}UN%?Me+n{ھ'RyA1V86}][s/mbU.fB@.nI_-}Nͅ.'ٖF1';͑v>ޮ武x͖x\[M^MIi}Nf8ss5To)*NgsϽ~ݠwGۨx)UrO^k^F Ap*9v0+yza^UcLPC"˞Zs&w٩ZXIB]xu#/"{]HئvD"Jso2,N:F=>թ[+&7#aܐ~h$v++NDҪS#8] 9n{xuʙ4p6w^?|K]5{WzvV:u?ճ>$i8vm RLN3MVe5ne{3wpYqwܸu7/ԭo)_JgtZl{fW"MTSa}OQh=틜V+o[B俶 YN~+G !9#'Ɲ!FkCH!#8vpW;Oa57j`w 5Z d a1!2LE,ۚIpcRBECm+ٺ:(igv`0 TCID Kd di ``$P I%`h zvCy0z,2a]EkI!H@ )"lZ\ڴbxm%,ݡ 4IMB$V&1HI!6bcZ歶ѭyլHII @2! TN&0MM!kB\"0@$- ]uWM bS!f@0wB{ bLd W{Q&8DA^Qf}9~#hvvпz=Vx}0 f!15Sm(PC?pʡr{$8n 48d!aGcg}ʐKz!0BffljTaHgt^)3])u (FTXǝ(͊H'?߽]w7(9_N:$d7j+ma1cOS=WWH|ċ{-H$T|j͟fA^2a@xgSڊ/џ˭4E~"P}$Ϛ|t|Q7IL9>泱g[ϓїX~Q;%<>0$#\@NK}ZóȒ)U*̙.l`g4C'ҥ} :T_$yc V̔ I[zV¥yQ_ jVǨbK*^gPؿ'}.K;hoHb=n_v+.Xb B3wuwt'R|r wn:MTk!NG'hN3[<&lTwur;LBpX"F0:Uɼ;+h i{,# $J  VE%{"E)Ѡwlg} .ABL:f[$`7qj0X.יѠB1F`T yBH ~1okaH2Qitx;vsn8ǭ0N VAudΉqDVPH@51Ni jBT9~d);=q}̪JpB/Tِ!&e[ r)&Yks\RUn +1D5]mb|VNgU.čCZčgIP2LRl+D!2Jl풙nt8*nr'tϫ"H1AT$4H[=P9ݲ<)1҇r =fPˆǢPjLʱ>±[<6g&+ x0X΄ͨzk].GÍ-執ܞyVfGMPU~=#_7Q90~AZ])8CVXi%WYbvUcL+8vA )"Ю8N=n#Do ǝyǛ<7Ɉ@PѼ]11'4O)u^:K!B's F,wzl;>2Ppb데.;rM"œUF*rfN~G1Vv)p;C1>D.&ST](D|=Z"dIǶ%`CI9QKt. 7~ ] {& w۫I8&S~+)䟑g35Z){m󵔬yVz!kVVb5-Q<.(eN0c6V HA3p̷lci֛}\,\ 3hT(UE/ϓ3GTS%*m曚^n ⯢dxd'o]@0XZ!$྿ ~ڣ@ơCk4ye_+K7f2oOz??>8WgI!}^Ii_i]K %!=  -/- GM{ip@*Tfo1>f3@fIEP EC^r_g?-..ԛLs@vU w"/j'+Q1˭ߦ,:?'Lpl83!'gp>qIBe- \IhpHD /%  0BM ul2Vλ  dRiP HZ0_ɠyRKT( !Єot&fV}@"x3E@іpꋨsL.A//pLƬ䓉v<4S2Gg>xud7,ksS}[@:B PqS_-ڙcuFlMHT 19 B*$!-"t>;7VŘѥB-]G{TJtQ&jrohLt6#cTRG;D1AWNɵnʀf 1Lµ^湮MU.ilWNJ#( c"i6Ѵ[ZVmU[k*k[bAd!P%Q3)dl5KD %KຆD $a`~}Osz,03}'/bhAJd8K*dIC3#ιV"ͭңm]YK-hX,@Fjf CWŶ浵zUomU2(bLLUb5"@C cY)!c%J\ !r$IRZ]mʭb$$.i!t: Ou6:gR̐9$ @$!8d @kV[^:UcXۯ}ybkګZl[[cUkkѠ7eb1I4 k$HfdoYhdBt !{$b0e  6qdfԇ3yt q$)!"xPF% #RC}aR=΂ ۗW6T̓  L]z-ώ;5_ecJ(3vѕjdP<|3e= z:!J']5)FTr4z͍M\]~WSZ'@Lu>sojeա2@-(d wWCvBfT:@g_;(h7Nrb^c5) 3 i$!D $~)I9Ľ1xh=,1@.IITBsNI)Mif_?Psu| 仟mO/Zuj!_Rv72b?踡:YĄ( f>GF19"q򴋌c,wٸ"n)4i$!W0XRQ:wVNqkKML1H$H)6HYM]f+bd.k:0u9:+ijq b#7ڞ&g3n;McShEvm`!ňR`}3 Et8(qH""hëI<x q$=~ya;No4y}zt6;',0@ \쒒Ҥ>GVꀴ׎n>aY,!#iv*E(z?/}`80 $7iQՊ]Ɗ7.F&a@+f4`h/2׹>Z_8>ocSO!KAJWyQ6]]1Z ˵ў+w {5ġvK6z{lfYnsuV]l?kDg*2?kR@JwSd0Ab.ve. a yXQ.֞ Cs .KhdU:?vD ܢR$:U'iкZ?*v*;5X$S1/sVKx_f0{W(ih']AϪ=I֧۞u?GZ?l$u}˿i7jٞN}hGF09 xơ=~}M]M-2\ _,lRcgzΜj7돩0p9 UaH:)O"-ۛ(;. @ϕ,C^|yuNH=lJ.Ũ4;9qdht 3JJU2܅A(R5pE!EAARB[ZG6z15=f\8R=ZSTo>IJ;8;wl:U}W+mj:?rfjnסTRd׹pK!~%:~Z/ LI*8, 6vg;xz}Ekl3B8衯©KRk4.=}\L<SzIqp|&lq.t2j"`HAKCAT6.{>6:nDDEqtp8N͜}7Hk+($O;`häfk*prxxx-'kpFzp|^Δ`,6 !=M T؟5l^=DzYn ծ=/`k %л ۉ  I`X %k bu׵MU !SCLv$el$6"vX`0M.j+} DQTxix\X 6xyuNR<񸠸9cj,҆-Qc2 ʳ #F7Cqpc> WHQMa'F(pJ ݫ8HY֯aI2ΎuǥE 𕰪Y*_ 0N!Աҕ+ ġpM de.T49$aE/`w Vl*!kVi}̣oKEx5H'OPjl}n(h/pUynf֫o,6(+}*쏞ApUc "ߙTiDp+F5cȡmYL®Pʔ[ "kdYǯ ԋh(:GËbZ$RRyvkZzF[E:˂dx$u)Qqʬa֥I294<54CTI._PKž~%kwxy7Хx-m>ߍ`.OdݑX^/Cx8~vqZ}U}j k_˧CuuW%"DejeLkWkd8z0]ګ4n-wL8 H[$(vFExi7#6qz%l l<iC&ODuvemZ-1.r z2-ed%Eo/&.P%'08V nm Cip,9`܌\DEUe,x\"ժlkK,O5̺v(֮ !rY 8]o'jW$X'*&M0lP|$&=-t7DgT5+eZ.5<2>8Avs0Z )$}/QX#7̄)ZJ\Oh8R< 9_Yv˟0ݣuVwdk4 0r#F &YDCg}k|7XS %ʝfeB,Mul~Z(:0щ‘Fwո~JLN8Fzb9Jn,Ph+6ݞ})%U9\ڹV@օ]ѽB?mtn."➩8hitӕk[bY]@E"_i`!7P"V+dBtܢeSc lc}iQҶ7ҿ WtXϽ.Or֚,t{ZUC$(5-R2E88aė V0nST## @[\$w=ьJ~Ɋ'w2G gf֒˄ڀí\ufp&U pŒ`ewm|`{]e!DlNSSjvj42>}ƣ*MC@N4|RJ͕`fP:vR=8؂aoq#:ԁ}?lft95ݬϏV [) 9 q0@)-&f}C] cvcY$Hky.vm $tnҷsn^vIe`6Ԝm)EBu31:qf!d g"lq^LIHє9HcUKwnb7\,y*XTý bi0B]WM=˙t͍WY,R RRMBDXXVjVp&6R` *N e<-}9Q9OCl;EXwFdQ7]BV HRX Ie]iyWfF+,j 3QR`h7b8ޯu5ʐv mumTQTXdÅᆊ.M{NIiZeˊQN%DL>08h @g&SƵUQ m$,ŮU,6K .s#mk-E&`pغn, z8)kބH`Ml>$ ֘͠bIoVRL=l:H8l^ۣA2SYx,]B5kRE1hHb鐁R$ 8TndH 5RPJ>'䏽:simZ ֥1v-BȆ09F!6ިĜt \ƫtb!T"7b,x 9Mvxhf@*,j*K3urIMBNNG{<xù2xi Y0LÓެC؅ ~&k a) xeϙp AJ4C rЅo_{ /MezݙB`-(UdPFR rfVvU X7F5t|~J񊡷9hw,7CoܘQ@!X^/H{8 s̬h=7UWYpػqnfdEZR}ߧlO3ɴ71Ɗz4R/dqr]ȑOh}2(Y!#~!>A!BA,4 $I6ҴlHS>"z EMG16Ɇay!dkfi ΅īytoj?b'3?*C@B;Mq@D`e8 aKz|hSh؞ɥu0D639i֐'FɆ a"t<.,i=6d0h!0cc&|[cqׂB7mr7\@ϲx\[ 2#(w7t5JSa rSZNd?f>FIjp;: ӺOI+ӳRQLr@GhbnJ Ӡn aZzTގlPWk_l(I $nM1o&~tcP`fұʻKIIkePydUI‹N,iZ "m,CzUiũ^d[L^8:EJ*BCrj:lR >wpUP $BVPInKCv %}Mn ZI?¥ƉO"r*H) {k_h}ܕ1[M~mUIdkե)$&qISV=\h`=0*#P#D5v2&V~c % ،ЇGtah$eIubkkt;j]x՘ u/ (dB4_ A X\̲aJ}[6}^'_iW` {\zVhǮ]qi,$ m{YEԠ:!({tL#c0-&`clGGC~~3DJ BUM)mRcxm";\Z|;-YDUQd:K˰ߡF݈Pl$D+jGf*_;@zTi a^AWl?߬>;$b*MZ2>,QѿM'H0E>E8 k7C#tj; _)%Vf=maSS2p%I"TEqى7:,6\m 8NG] HO?mpjBM9}$y6WQn UK̫oB&،L&8mUvH^8|zNV紤- d;sP7{ v/x+ϻ,\7p)X[e;Ⱥ47+GB$?bsTuU~T<ȣ``;e^7>P3<¡qοU~$ \B[O oj.4/)~*NI|PQY!PW1=* KavG}#\Ph>ًP`!nQ#!lEl޳=g 9݀yɞcXRHt@o_x7;^9[Uu).l0T[%2&[P\MIv1#dA+ :EGOM؜,\ 8~G{n;-[[D g~w/KO V"( 9Y'}iΉU`02ͼH5HKS `Qeܿ0saJ[Smia_t5s);[ZU爉{uMs+ }EƸte *ۨS),*IqhԩJv/3[|MU1ƒl[V*찳@z ќL@b:[ JW@vf'+"{bó3-" $jRǕ){ |Nxkϫǝ՟Q\ eC[e<\XZ]) DRFm 1>1(D`zun™W >c#ob\dnFmQNz"qa!9 - &zWaD^LIlh0N-ىKM |Q}kg.O:4ӱSudu!]YTlΏxaݷA;)$˝ 8 7ώ6d"FşuvPo-oRy %.W2]^RO6ŕV$tHlEVqx Y5xOVʓ0@(눙AЍLGסr j630:%=O;Lv{WǷ wh]\x:ϭ w~؍ct8vaBwXV~J#i,ߦu#:LPR;C1)- ~ZAm2gJ=On?9KsG!6 AX||ĩD>٣M\Ƴ`#{"-LVMbmlQ^\ Zկ[{^◵pi-cCf2ݚvRlj\DxǔGUf{4vk[XV)uさvpmc%5oB)L5&2fV!H5 R2;,;q@eBaLr}@1KL-v{"ƊR92[ &iPWܱC8_80dy}+6+8#(#Z05eE̛ WU ~y\@!FW9OZШV‚T[VE :T~n-qMWM`` 53Wj-6;Ps)uYATR% &c >q7,s]8EM1cHs]jUʦ2BrY?huIƢq)YTbY&Nɜ%Q%A]9`i\@.D'£X}>س:TX4^A``nHD s%"^1VpJ5KΝ+<I+QwL4CǾg_!$߷ 8;ʸ d;#IϯYp09g -q57\ZKޕAqpRi$ ~j #XlB!w>uļEZlDe% Y>@uu@Jt4z7~]kf^^;>j.Tr;m'DB>c Ӌx/~z鑌Bצ T˭Ү&Pr.+hYhB ܵW$p[qID6K(ʍ XA.n% tiSO:D)E]\y3 o}roÍe8%P*@c3Җhx N" b`”siq0ȂN(qneT-d;m-zv9j*?D'p> *$Pnj@za-'>ǃ崙gnœUI$.X:SV<)&&B7E`q"D@ gRȚWxM*6T]6m2utw (1cJtbYʓXUY0kED"ɘE6u" ^4!Qնe#*i"ii V.]".{et5ORP1+qsB9س]؄Ѝ /uE{)pʁp?Ux `T(2$Ŏ$<,jݕ@:T&FFޏg^a6u8QmF $$Ӻ:_~Lh J-]]1? i8ׇ)Xv{j_MgVS){`Z xg|`M~Q#$:&MTWWII8qc /)hP,9Cu1HnuRv1 Uxѡ-9֢8^KVv+Ki 8UEre)e2.#=2ZB`'`]sdJ@"hq)Ե&rlx#^vɯ7E}'0&!*Rc.=] !~H0 }9G@/0iJȋ SR +VgҼ7[4<>1)UX=I\Z,>R"nAr:ȝEVf~vQFS@QYnLMqī!}A% $uW~X,90V&V]A\騛2#n0mCofa](*-+ jU3WApF,*黑 Rz7T17ϯq0@) &KznVVZ30,} mn>Sjcm森fF߅}=?'U@ y(~t C sLT OҨDt[v`=N=b%X,… jnn.޾gK@ӸeAW }~W~}%ه}{ JSkְa]فI V:Ƃ˒ )m4FBAt" SQec n{%+<#gMBh7ed\ˁ4$3( }.SSEcknv09TCTV!ƌYNH?>=KLj ]$!fzhhkGg]xr8E *2As#.dd EAh@y"﨔rFhTfTiԷamfi^Bc!HAY<5  _2iU1Vna?S)cM8xr䦣d 0&}nEŧӔ* ( g4*uE7byK>k&xbG,E2$t34k ;mnȬ޿;7]0bKweV0e&lWc ~ mTg$eOϞ\͋6H2 IǮ*7|[v袯xI=B41\DZ%jgMZ, KL~$a X9I PgJ .OI,( 9;ޛ̾ms8͡n/gfҢ'_Pd(C)3}al/AsX *9YgReaLQ^Bv@i[w a~;eާc݋~`śBg53wz꼧`@eIBP#:`!-mmyn'iK?y8T&/ݹ*BJR말$7{H\6`Bo`b0l<d'Sx I&$@XRZc3Yri1^j,tgT 2atQ g}_8=mc6p{.`{%2K Rx_h2f&8HADDUp6@>ݚl+ǻfivOWMrpH$F@}@ @$$l yt~7NɚǿDobIW+M1[& lSS(!T#lĐݞ9 1,ƨH]G[• $ R ݀͞cB'`2,$2Jd_o[Ws 0j?}6sn3љm7Lp5$$d!\s5kDTI0j4X֔\ޛmFd \c]Um[-ԖlhbWQVdjUy5t5jUZ+h֭EV.kZj>0 ROk]pİin qYUXuL'F2̨fQ` d@~GtvLڃ~tGr7VIdkz?yty` f#gqY.,%Jk.8^*/ 밒0_HBY;>G\eI\Z{r8S:4f2ŠKM03%ĭ`?t塊52I?fʕ((+[%{|R1Ygr{ rq8+yծ&Buۖ'gi7/h6 W(Q 0"Tx JnoYs%`?$Rb)@S[TϜ1V,٨ EPTUHTH|3ܻ? D3Z6 %OP0Q> 9(͝ޕd?Ji_F Zy B?v:@MkhS14Z|mqnu#ٮZ%圑Գ+IUUOĕ];.9uZVAYD{Gf*W`jȴ&G M0"rޙѷ6`5acϋ5v];fJ[ koO(AlvbTI1#ʅ ?cUz:4]S^}c.`M6u/C}w˻<~CHE`}wOa~'B[,r>{aR 2.G,j'w~㣊Ԁ @ @)s+%kT޲c&~աvlGtxYMc룤i#3e0d24H mwQ4iBdzLLI`s)R-wx۳FS ,"zJܴMҾb}EjэflhXi,'I?w@ZLLzw\+cEBTp1XV.z̸XQh }m;w;mOhjX]0{. {Js /x2#E}Y3!E'ӽ[|mc&#(p;[!w Fhf"^BĊ  ~69uOJw"/ jlx.?uAXOX(\ h/CTA|DW"ZϬ-PT5\ԃ;&S&υ@Pٚ\\{XV &r~oyoti mndB+FkwܨU?Յ5zjiLV kڬEDx{ʐ9DR2=u`85aZfhCiv;S\%dAOsMQnU/[{23vV9u TWOi4 Rw0ӘK 6]I]ZY&ROWxloбУ%%jNC6=ogoM0zK8, t p |3L3o^͹8BTy@>Gz{B>v?!+u өSOXx::**>1/TPQCR8hb OV)m8#y%>'M;i7MAn/#=x Pmۦkw9pߛtf:R=!{Pp D0L?㩠&7: 'Vl2 ;Ftxs컋sU3>v-!` .)BB"z9X gZ;\%& p=%#IDM]ζCm@Ǝ%'IO;f_˽4%q?24o:! F'ո|{ mӂCk&2B7[y51T_o 臡^ K'HbA~k۶h@=4d4c%EzꐡY&-IC~5w_5>oSġUB*YU#΢ p;C^9NL*(-,sM\ÏM!jbЌ_4-6,ۀ #^wPٶu@_b ~z}ɏDx9# )]89"<]TpI'KJr) ïP{o4&isTTάKPG_{*e=<^FBQrJ&e),QuFOuVz2v_CĂ>؆䷬~@F0u4،&&^/F߷ȩ(X^[^􄤳i =y@# $)n#Hx+Q7Cvô@)6JwLP_ HH ^Wk%xbZ Kf`i* ,T n Ǝy}{ZG꺻 gHUUbFY@JXF`B׊%J2(k u q@%Hqo[6E0&2ljk@ PɟEh >>E]eVYE`FoxL{@(pgYjC.o 1lZВ2BLLZ&fi1է&b6 4BIHi64TX@IP ^Ѹ[cBp<(`v+f=;N坿Xy&gͰVu_{9_?mc^-/i\a%[h֊O1OiG`EPb?qM˭ -2ە-OkCĦ>ߩLbf%Jw tECJiNn/n;jfftmOl WlZQ7Ow݀:1TƒC90 gKRSI5(ƚ'bT:pNҢulr6,^Έ=nNã$JP AȮz49i|KM:H"^J(>uyXon&L.aPSv˾QJZ~3M6OprH,\fwkY-]*b`Qb#|JTW)QC y\aO9V +=юo@QKhq)VڕU3g'uשj|'Nwz"c=ۈ0<7oͲ͓T/wR&U]kt6VTҪÊK)Òr׹lM P %h^Zj(R'{t{Ow|S4"LO=xw"3oEbC F<Ͻf=b>{*lNjb 5=R%q=e@ "3*+drH!g*\z*}U,ĉ JO?^.޶+#;Nj|KV-h (!L6G29dS8_ Dī-ڗ+Hj?SI}^}2O- o;b\>GtoRsnT;Œŀ:"*GޢJݵWq_mB.%V[Rś1@(L|wo_';/QV""3څdOfٽe^pf'iz}edRX | &rO基B$<]1iٕ?qx8OwZVLg4M"[~7lkQ5Em+iA/+.wzˣ 7{T0.yڷ c *o%S/ՏyD7w}Q6Xb`A qÔ_{rsSqCqAdξQeTu2_@Ln2rIrb}%^1 53 U& ?p" d<MNүǝ#hK-ispm#>LK /,,5nYz5Zlx~5)jW@ 5 (O`ne->~e1ۘ&}زb77 G]o1s;x G²^ lJZ0{Q’X\=iJ;7bتض6e(|ya.ko(H@.F{7GۖT,0D}8e.LhxrN-ӶއyD&ͪJgՙ_ vHaB{O3Q=ʸ=-OcFӥ&"el,s ujPIrIPEA@&ϫA|YVH$1ؒLÂĿctpqw&a<̗{@&QDA,KJ_TS@HFHD]3{ MG9;oV[K뽆 rۗf#?C3޶d(Y,X(.DO|^^VLS)˪e2#mbfoc:;Qg\wG3̈sm\wZ _ܔwS}щIBO(RogŭDV\gID~[wVX וz{+*: 18UY>o8WabPPm9}-s'_JQ@ M< _B. VX;I`Qj##<瘇Yp([mLfOug_' 흯Q(gY*ȵH 6OÒxS( @cPX.9@3p>Ҁh=!5'ੀf%$eƚb%SD:dwыdoQ_$ "x9}vF|'\BFh;5~;)~FҏUЊ)>8 -h5X|eӱYPt5~^ϼQ%}xnϾΉ0c~:o}X 1ÁTS~KrEHKkfһ?q)mrz.eé47 ɵA,~گb-$`bdm?r6(?rV-!X$W/Aoz,8Hs/K#_l;.B*e{ %b]cŁe?eHr67tn7} BJG(x6$l rmbp?0£Cͬ ⦱*UQ(:SEsԜ?H<]hS(AUN;88u~^  3njkVVT<2*ƆMl"ƍoLh_TØ`2ۼ܉8H~ t dG=q4epl*)Lv/Pv2L/%J_2 ݑ\!4xltoegWd>Oblo ፠BV; &,wKLG-G4ma+{go{k1 ƬW'(cA+s5o疼TÇ+; 2;Smzvͽ C-݌Do:?Avk[3 \g I{'Kb'vnvp& 6}wVy80[WKa9HS.L&φIMSaTl6[oͤKTQx\[:K XԎ 7&o{pd:ly%B"da( Ğ!`3k=k&Oc+)v4:?5uQ% U$o@O&-W9`^IFLFajhg1> 'r:]QjzO28TGf@%uAGiFAX՚lK"lln}4* &Eji {*t(em;̈́khIYM"79qOFlmEN"27 ~g"M{kf'+! ( .ì4~'uˊFU ^5u{ŴsðwM@~CRllRHO2)Np?&־[E\ea2<2T8DyfnӶ-VlԶ׊C5 iUU0T [;P/%T,cVc^='M/-z۪01aZ eL* B BbXJ[HG<&ߕ8bBr| {dMz4TPHA`eVgG ,3քz^T v*Pr Rh hRe.#9E"ng|{(~x;UƺL0e'K] +rPwi:iro-b"T}gT6EӟY.d酱2lJa7)yPC\֬BĪIpr $嘊h8ʛ?<+*G|mҷZ^UWj<*JJXAbyu;?a1e>0VF }<#_