������openvpn-2.5.6-150400.3.6.1������������������������������������������������������������������������<���>�������,���������������������������������������������������������cpap9|��
��xz�C>ȥnB�46T�ۂ�(�|B#f0
E)֭*��f͍���UU�AԎ5%��)�"%�q/u�|uI�� 0,@3�����-l_�);L*�F��%%Xs �-P0҆ZO7V�oZ�ԥ:ȚXUl^&$^HY3l$oPQ`%�TS�yu�i�&dr$�,T2F�p��j%1G���>��������������������L������?�������������d�������������������������������������
������������������������� �������������� ���V���������������������������������������������������������������������� ��������������*��������������V���������� ���l��������������������������������������������������������������������������������������F���������������G������������������a���������������a��� ����������a���
����������a���������������a����������-u���a���
������-���a����������/\���a����������1A���a����������3&��������������3L���a����������4��������������4��������������5T��������������7�������(������7�������8������7���4���9������8���4���:������<1���4���=��������������>��������������?������'�������@������/�������F������7�������G������L���a���H���������a���I������T���a���X�������������Y�������������\���������a���]������l���a���^�������������b������Y�������c��������������d�������������e�������������f�������������l�������������u������¤���a���v������(�������w������4���a���x������Ǹ���a���y������<�������z������|�������������Ɍ�������������ɐ�������������ɘ�������������ɜ�������������ɠ�������������ɨ�������������ɬ�������������ɰ�������������ɶ�����������������C�openvpn�2.5.6�150400.3.6.1�Full-featured SSL VPN solution using a TUN/TAP Interface�OpenVPN is an SSL VPN solution which can accommodate a wide
range of configurations, including remote access, site-to-site VPNs,
WiFi security, and remote access solutions with load
balancing, failover, and fine-grained access-controls.
OpenVPN implements OSI layer 2 or 3 secure network extension using the
SSL/TLS protocol, supports flexible client
authentication methods based on certificates, smart cards, and/or
2-factor authentication, and allows user or group-specific access
control policies using firewall rules applied to the VPN virtual
interface.
OpenVPN is not a web application proxy and does not operate through a
web browser.���cpamourvedre�����SUSE Linux Enterprise 15�SUSE LLC �GPL-2.0-only WITH openvpn-openssl-exception�https://www.suse.com/�Productivity/Networking/Security�https://openvpn.net/�linux�ppc64le�
if [ -x /usr/bin/systemctl ]; then
test -n "$FIRST_ARG" || FIRST_ARG="$1"
[ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || :
for service in openvpn.target ; do
sysv_service=${service%.*}
if [ ! -e /usr/lib/systemd/system/$service ] &&
[ ! -e /etc/init.d/$sysv_service ]; then
mkdir -p /run/systemd/rpm/needs-preset
touch /run/systemd/rpm/needs-preset/$service
elif [ -e /etc/init.d/$sysv_service ] &&
[ ! -e /var/lib/systemd/migrated/$sysv_service ]; then
/usr/sbin/systemd-sysv-convert --save $sysv_service || :
mkdir -p /run/systemd/rpm/needs-sysv-convert
touch /run/systemd/rpm/needs-sysv-convert/$service
fi
done
fi�
[ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] &&
/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/openvpn.conf || :
if [ -x /usr/bin/systemctl ]; then
test -n "$FIRST_ARG" || FIRST_ARG="$1"
[ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || :
if [ "$YAST_IS_RUNNING" != "instsys" ]; then
/usr/bin/systemctl daemon-reload || :
fi
for service in openvpn.target ; do
sysv_service=${service%.*}
if [ -e /run/systemd/rpm/needs-preset/$service ]; then
/usr/bin/systemctl preset $service || :
rm "/run/systemd/rpm/needs-preset/$service" || :
elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then
/usr/sbin/systemd-sysv-convert --apply $sysv_service || :
rm "/run/systemd/rpm/needs-sysv-convert/$service" || :
touch /var/lib/systemd/migrated/$sysv_service || :
fi
done
fi
# try to migrate openvpn.service autostart to openvpn@.service
if test $1 -ge 1 -a \
-x /bin/systemctl -a \
-f /etc/sysconfig/openvpn -a \
-f /usr/share/fillup-templates/sysconfig.openvpn && \
/bin/systemctl --quiet is-enabled openvpn.service >/dev/null 2>/dev/null;
then
. /etc/sysconfig/openvpn
try_service_cgroup_join()
{
local p="/var/run/openvpn/${1}.pid"
local t="/sys/fs/cgroup/systemd/system/openvpn@.service/${1}"
/sbin/checkproc -p "$p" "/usr/sbin/openvpn" >/dev/null 2>/dev/null || return 0
test -d "$t" || mkdir -p "$t" 2>/dev/null || return 1
cat "$p" > "$t/tasks" 2>/dev/null || return 1
}
if test "X$OPENVPN_AUTOSTART" != "X" ; then
for conf in $OPENVPN_AUTOSTART ; do
test -f "/etc/openvpn/${conf}.conf" && \
/bin/systemctl enable "openvpn@${conf}.service" && \
try_service_cgroup_join "$conf" || continue
done
else
shopt -s nullglob || :
for conf in /etc/openvpn/*.conf ; do
conf=${conf##*/}
conf=${conf%.conf}
test -f "/etc/openvpn/${conf}.conf" && \
/bin/systemctl enable "openvpn@${conf}.service" && \
try_service_cgroup_join "$conf" || continue
done
fi
fi
rm -f /etc/sysconfig/openvpn || :�
test -n "$FIRST_ARG" || FIRST_ARG="$1"
if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then
# Package removal, not upgrade
/usr/bin/systemctl --no-reload disable openvpn.target || :
(
test "$YAST_IS_RUNNING" = instsys && exit 0
test -f /etc/sysconfig/services -a \
-z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services
test "$DISABLE_STOP_ON_REMOVAL" = yes -o \
"$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0
/usr/bin/systemctl stop openvpn.target
) || :
fi�
test -n "$FIRST_ARG" || FIRST_ARG="$1"
if [ $1 -eq 0 ]; then
# Package removal
for service in openvpn.target ; do
sysv_service="${service%.*}"
rm "/var/lib/systemd/migrated/$sysv_service" || :
done
fi
if [ -x /usr/bin/systemctl ]; then
/usr/bin/systemctl daemon-reload || :
fi
if [ "$FIRST_ARG" -ge 1 ]; then
# Package upgrade, not uninstall
if [ -x /usr/bin/systemctl ]; then
(
test "$YAST_IS_RUNNING" = instsys && exit 0
test -f /etc/sysconfig/services -a \
-z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services
test "$DISABLE_RESTART_ON_UPDATE" = yes -o \
"$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0
/usr/bin/systemctl try-restart openvpn.target
) || :
fi
fi��������������a���������� �����������������Fj��#]������{���-���5������p���������������F���B����������B������p����������m����������������������������#�������p�������B��������>)���v����������������������������
���>��,z������>���?������* �������������������������������������.������������ ������������������|������ h������9����������S���������$�����&JAA聤A큤A큤AA큤A큤A큤AA큤A큤A큤A큤A큤A큤A큤큤A큤��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������cp^cp^cp^cp^cp^cp^cp_cp^cp_b1�b1�b1�b1�b1�b1�RՇhb1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�b1�cp^b1�b1�b1�cp^cp^b1�b1�cp_b1�cp^cp^��d014ac279d3e98492f0dabc15fd92180f69c8a70993f37a660db7dd851fc41ba�569389ce60a5234eb02ab47669ffe09e56886d2949e1195eabc6361cdce3bd6f��e2d9ed9278ee76ddb66cb02331a00567fc36a0aada32056afb473bb3f1a31685�3ba909c9cdce08617e998e0ece4c29ca21e7b6cd1a9c00fcfe3641227716ee0e�79ad325cd47ae152e12cf7dbb15b3b9ca61377209980fdaf6afdb6a85808a077��24438a3747863ddc4b6d997c1845378193991b83ef6b343feeedee1e4d899b86�1fcb78d7e478bb8a9408010bdc91b36e213b1facfad093df3f7ce7e28af19043�f3f07149aeaf42a691946735e6d3382bd7e7a0646519379221d4e91106596aa1�e81f6aa6fd0f929eb21c7f9c4e5abb5953b30fe333d6b7dec16db98e6718d346�0ade068198f0e48eb65d38df2448d33b46b19a4b74185286ee1237ac3ff28dec�a2f22331aebfea76dfe6d3fda7ca813c240e45ac94d30bca065bdbf7e5943fce�666088dd817e24bde55fb9b3c21feb2ac90419a925df05d32600f1c3dc7a86db�b3eac7b0a837d753adb7a4f96a0e9bdcb7068abd993bcd6d38fb4821434ab897�4449bcd5f4b0693a15f793d5576422cdd1e36b4b574086665bd58300d4988aaa�8446163e7abc5ca32ba658bbab3a4005af9151f5f3f4f9a19b02ebf3c51b157b���a66d089f122748ad4764ddbb7a972a677c4c2a79e4fc272ab76d5ac720eaabc3�70547100d533cc453bbe9b6c22b52b4e6ba73a676042a45b3e2acf914cc390f1�1c9f6676e9f8cd7cfd7fb42089c16cba3e1e8e517bd9b89bd4cb6cd79e3cc2e1��734d4be80f4980f9e5da566cb7e5729f90dd74d81011f5d38cf5064a5c37ac66�bfe02f4f47f2186cc5a36c49450a4cf824024e750198bd58c4a2999dd7533d77�bb4bb64b5572c74e7a4c873a6650c2e7e2e3b4e480c0785474fc5d198bad82f9��b83d6c8b0c38bad3cf58ca4180f6cee4b2a3f29091d5a5229654fa8aa349281d�b9250357ecab441f941a57f5192bb0b5b57cab19c317dc1a49666c2c24a018d8���95094e0ce0de6fddd5710d437f3cfa8374a4b650a7a2d37fd30f850e85ef38ad�06b7210d738c1ae9e61e049e016bad55ae28918bd51aa8f0fbb91fdba428bb84�13a03ca813f0cf2a271382657691cf4ccf0cc13d89e5fe728a70eda954d13c18�9e1de8e0f568fe87bfe70faeac229ad9b94e15183b01298fb3b069a542ae9a22�4f310589986cec0424117a3b4f7e493048dd41d2e244840808ce23727fb2ba14�68b4fcf04b1f8093ac892398fdbfed1757f03ec63da7801a312d703ba80d4244��e11347918a9fab9f89eae922b89f5e3092c74bd674a46a5d8ef1eb9915b7ba7b��c59f9ec9ea9efad8963199e69cbc6600352fbc11e13dab487f6dea64022d0851�b14b4b95032abe052c538da9a29629a773715d91fca54f217cb5e5c9432338f8�c8dc5d0b0691f991d00b911c3c1ed2f42ea74de5ea2d69e0c68ff0552e99d93e�780c106e275d32bd83fb78f76fb8f77186f91ffd8f7a876f4210e7f8aa92de06�169904458141521266c167e82b52601d3ef6b04595332ec797904e7f4b4c96fd��51c11c832003b7d908c9853babf5119827c064d32eac2f1c23a135e9bfe1094c�94930fc1541dbca4f36bf0663790bc0ee2a1432ebe9689a33879f286486e08a3�0ec779f4fa7c817d107cb8b75715c1d32521bdb4dd868ac65683a49f757d3f0c�5ee9f1b119488e29a135bb7a79f34c3bb642ecb1a1965b58db0bc5bb400a0399��c0121a3855785eb8bb4121b698e30f859739023cad3a5a6f22a14f2defa6a155�2233f8b4e985b6e06d1b86070ee59632fab2b67deb242d59efad0cb3f536ee41�175550d1749d778389ed624693dea44db1224b4e2b2757bc8842c266c4fefc6f�170c094052efa123841b50cd336f91e13fbedf25ef23bda6b5512846c4d684f8�50268307983599724ab769a8a291f81422f6a200db0c33fc087fa76b4abf5cd4�6a205ee0d81c17031548f7d27d057b39ce925d520994fee56859aca0801bd03a�8dbd93cd636f931509023c50e4d51a27fcd3769251dcc5a1e07e0c3279b7b42d�2720153a474d78b7475e8eb813a87018fdea6b9dc26b733af0aa58008275d792�50f70711d06ff00e4c747c007618652e058f25e11a3e42513a5278cc13065b84�e5c730b38b609d38aa7a42d6dcf8a9afa76daecc089982d4fde51d7d36afd0b6�99863fb1da7e17c2a333407c42ec79d533ac9212b12a80a925018f175e33605a�64fb2a51b8dbe9307262ede23db4a4926a81711d6b4a58be474eb3f1bbeda224�132e2b5f275da9b75c95d6adfb103c9fbe316ed3da3a0f3b0adecb112caaf3d2�5368a60ee36e2aadec5a36c983b8c6c005fd7b06d91e7cd3035cf9dad83c57a2��568461eb8858d24817506df14c5f36d2298c9bd9cbbfefbcaec6bcbb64a5dccd�c004604391fe65bb430b60e774b269f443b785b164b675f4d12d7e0027bee5f7�9cde07280573666d9ffe7d29f64561643f1d1086dd425503968a1485c5334e12�46ee6fd7cc033179ce5a9689b1446315ebc04aa9350f67962d691ea9c98bf161�bfab4297f53c732a6959110b05953a31ba2ee682615d95399af6921334b6e16f�3f2b4fe18f380d5e2c9590f0535288ff69a556c40d2a8fdebc56e65c72e290d2�260ea749d9491bbe27a8f29e7062a7cd95d56fe603f924f25485611b2d8079ef�5f360847b8306c074e4ffd030aa36ad1de431970f83394f92d2e60903ce2806d�558b875ce76181eaa0b71cd3276a335404960f48f4f3de32c20e5150568bd0fc�3598bf4836cc22c5347b64ff7a3f01f3ee6284440149559a1c1e1ac20ea0bee3�fcf3c7b8a66594cf92ba82b6e12758f9d236c73787c4e555a9720f1694b99fd9�9f38583b70a2fef6803de5ac7540217b2da5d3b6ab4595597f236a183bd9e794�c883aa59b5141595636e30ccb1680b46cf9b29c21a5889a72e653ec0334bf2ed�13bd26195ad751522771b5d1b46278938347532162a3b1581c7ec694c7e2e256�d383868ddbec241be6860a01ad1177cb5be91d03d25ef7f4351d0ba8240754bc�c7abdcabff545dda4480fafd5ec96ee70629aeed4de2df2e890277678e5c17a0�61b2e3c881e8b4b4c1213aab9545b29d35430478cc3847490762f1a6a8d7f45d��074141e181040b911440ad37c7f845741ec9cc5fb8e7946d90b29a8392ec317b�6bd6359067b850c0bc3d5ed68581774f532f687a9554daf1da63603b69b14239�c5a5c57b94d5fbe48799a227356e80f12557da75ae81cd7510838c716f37e6b5�80da1ed8679582cf8046ea1451adb6231b2ca7398e7e4a528a8dec6beebf021a�ea342be2017b1432b1214b1a296a0a35ac0f9ec91c876cde3dea48c19b6e3878�9a6b8d5d524105bb0eff5108a40494c52ada16fb35afb6ce1f4e0fe6891bf601�697a7bb3c90fd111ec96339b7a2fe83a1444d339f38c26cafddd0cee9f332857��d4bcbac2f6383a3d4fe1d14bec89381658d93f6954fe0eea829e4d98f84475df�6191b3e02bb86d478fdd335e5d3b9f4faf6aeb1a30a60e658627937176bdc0a0�a496e7581e8d4c6d493c986ed0ac79e31d445cfdf89168cd4412badcda34551b�����������������������������������������������������������������������������������������������������������@�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�openvpn-2.5.6-150400.3.6.1.src.rpm����openvpn�openvpn(ppc-64)���@����������� �����������@���@���@���@���@���@���@���@���@���@���@���@���@���@���@��������
���
���
���
����/bin/bash�/bin/sh�/bin/sh�/bin/sh�/bin/sh�iproute2�libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libcrypto.so.1.1()(64bit)�libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)�libdl.so.2()(64bit)�libdl.so.2(GLIBC_2.17)(64bit)�liblzo2.so.2()(64bit)�libpkcs11-helper.so.1()(64bit)�libpthread.so.0()(64bit)�libpthread.so.0(GLIBC_2.17)(64bit)�libssl.so.1.1()(64bit)�libssl.so.1.1(OPENSSL_1_1_0)(64bit)�libssl.so.1.1(OPENSSL_1_1_1)(64bit)�libsystemd.so.0()(64bit)�libsystemd.so.0(LIBSYSTEMD_209)(64bit)�pkcs11-helper�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�sysvinit-tools����������������������1.11�3.0.4-1�4.6.0-1�4.0-1�5.2-1��4.14.3�cӼbgb;�b�@aa@aX@aja�``Y_@_[f_FN_FN^_@^*@^�r]f@]�@]>]��\n\mA@Z�Z̧@Z@Z@Z�@Yܶ@Y@YM�YA%@Y6@X@XXXXBX<�@WRW1@V^VqR@V`.U@ŬUUv@TPT|X@TR(@mohd.saquib@suse.com�max@suse.com�max@suse.com�max@suse.com�dmueller@suse.com�max@suse.com�jengelh@inai.de�dmueller@suse.com�max@suse.com�dmueller@suse.com�suse-beta@cboltz.de�dmueller@suse.com�dmueller@suse.com�fbui@suse.com�fbui@suse.com�fabian@ritter-vogt.de�dimstar@opensuse.org�bjorn.lie@gmail.com�dimstar@opensuse.org�michal.hrusecky@opensuse.org�max@suse.com�michael@stroeder.com�fbui@suse.com�michael@stroeder.com�max@suse.com�max@suse.com�avindra@opensuse.org�max@suse.com�rbrown@suse.com�ndas@suse.de�sebix+novell.com@sebix.at�ndas@suse.de�ndas@suse.de�ndas@suse.de�ndas@suse.de�mrueckert@suse.de�mrueckert@suse.de�mrueckert@suse.de�michael@stroeder.com�matwey.kornilov@gmail.com�astieger@suse.com�idonmez@suse.com�idonmez@suse.com�idonmez@suse.com�mt@suse.com�mt@suse.com�idonmez@suse.com�idonmez@suse.com�idonmez@suse.com�mt@suse.de�mt@suse.de�idonmez@suse.com�- bsc#1202792: --enable-iproute2 added back as default option.�- bsc#1123557: --suppress-timestamps isn't needed by default.�- update to 2.5.6:
* bsc#1197341, CVE-2022-0547: possible authentication bypass in
external authentication plug-in
* Fix "--mtu-disc maybe|yes" on Linux
* Fix $common_name variable passed to scripts when
username-as-common-name is in effect.
* Fix potential memory leaks in add_route() and add_route_ipv6().
* Apply connect-retry backoff only to one side of the connection
in p2p mode.
* repair "--inactive" handling with a 'bytes' parameter larger
than 2 Gbytes.
* new plugin (sample-plugin/defer/multi-auth.c) to help testing
with multiple parallel plugins that succeed/fail in
direct/deferred mode.�- Fix license tag in spec file.�- update to 2.5.5:
* SWEET32/64bit cipher deprecation change was postponed to 2.7
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix error in iptables syntax in example firewall.sh script
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
"--username-as-common-name" is in effect (Trac #1434)
* move "push-peer-info" documentation from "server options" to "client"
* correct "foreign_option_{n}" typo in manpage
* README.down-root: fix plugin module name�- Drop 0001-preform-deferred-authentication-in-the-background.patch
Upstream has meanwhile solved this differently and the two
implementations interfere (boo#1193017).
- Obsoleted SLE patches up to this point:
* openvpn-CVE-2020-15078.patch
* openvpn-CVE-2020-11810.patch
* openvpn-CVE-2018-7544.patch
* openvpn-CVE-2018-9336.patch�- Avoid bashisms and use POSIX sh syntax.
- Use more efficient find commands.
- Trim marketing filler words from description.�- update to 2.5.4:
* fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
* fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
* various improvements for man page building (rst2man/rst2html etc)
* minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
* fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
* documentation improvements
* copyright updates where needed
* better error reporting when win32 console access fails�- Update to 2.5.3:
* Removal of BF-CBC support in default configuration
* ** POSSIBLE INCOMPATIBILITY ***
See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8).
* Connections setup is now much faster
* Support ChaCha20-Poly1305 cipher in the OpenVPN data channel
* Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer
* Client-specific tls-crypt keys (--tls-crypt-v2)
* Improved Data channel cipher negotiation
* HMAC based auth-token support for seamless reconnects to
standalone servers or a group of servers
* Asynchronous (deferred) authentication support for auth-pam
plugin
* Asynchronous (deferred) support for client-connect scripts and
plugins
* Support IPv4 configs with /31 netmasks
* 802.1q VLAN support on TAP servers
* Support IPv6-only tunnels
* New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
* Support Virtual Routing and Forwarding (VRF)
* Netlink integration (OpenVPN no longer needs to execute
ifconfig/route or ip commands)
* Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
- bsc#1062157: The fix for bsc#934237 causes problems with the
crypto self-test of newer openvpn versions.
Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch .�- update to 2.4.11 (bsc#1185279):
* CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
* This bug allows - under very specific circumstances - to trick a server using
delayed authentication (plugin or management) into returning a PUSH_REPLY
before the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup.
* In combination with "--auth-gen-token" or an user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.
* Fix potential NULL ptr crash if compiled with DMALLOC
- drop sysv init support, it hasn't build successfully in ages
and is build-disabled in devel project�- update 'rcopenvpn' to work without /etc/rc.status (boo#1185273)�- update to 2.4.10:
- OpenVPN client will now announce the acceptable ciphers to the server
(IV_CIPHER=...), so NCP cipher negotiation works better
- Parse static challenge response in auth-pam plugin
- Accept empty password and/or response in auth-pam plugin
- Log serial number of revoked certificate
- Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
- Fix auth-token not being updated if auth-nocache is set
(this should fix all remaining client-side bugs for the combination
"auth-nocache in client-config" + "auth-token in use on the server")
- Fix stack overflow in OpenSolaris and *BSD NEXTADDR()
- Fix error detection / abort in --inetd corner case (#350)
- Fix TUNSETGROUP compatibility with very old Linux systems (#1152)
- Fix handling of 'route remote_host' for IPv6 transport case
(#1247 and #1332)
- Fix --show-gateway for IPv6 on NetBSD/i386 (#734)
- A number of documentation improvements / clarification fixes.
- Fix line number reporting on config file errors after segments
- Fix fatal error at switching remotes (#629)
- socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848)
- Switch "ks->authenticated" assertion failure to returning false (#1270)
- refresh 0001-preform-deferred-authentication-in-the-background.patch
openvpn-2.3.x-fixed-multiple-low-severity-issues.patch against 2.4.10�- update to 2.4.9 (CVE-2020-11810, bsc#1169925O):
* Allow unicode search string in --cryptoapicert option (Windows)
* Skip expired certificates in Windows certificate store (Windows) (trac #966)
* OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623)
* fix condition where a client's session could "float" to a new IP address that is not authorized ("fix illegal client float").
This can be used to disrupt service to a freshly connected client (no session
keys negotiated yet). It can not be used to inject or steal VPN traffic.
CVE-2020-11810).
* fix combination of async push (deferred auth) and NCP (trac #1259)
* Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228)
* Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
* mbedTLS: Make sure TLS session survives move (trac #880)
* Fix OpenSSL private key passphrase notices
* Fix building with --enable-async-push in FreeBSD (trac #1256)
* Fix broken fragmentation logic when using NCP (trac #1140)�- Modernize openvpn.service
* /var/run has been obsoleted since a long time.
* on reload, send HUP signal directly rather than relying on
killproc to look for the main process.�- Explicitly requires sysvinit-tools as some of the tools shipped by
this package are used in various places regardless of whether
openvpn is built for systemd or non systemd systems.
For the context: sysvinit-tools was pulled in by systemd since 2014
but it's no longer the case so better to be safe than sorry.�- Fix inconsistency in openvpn.service:
* It uses the unescape instance name as config file basename,
so use that in the description as well�- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
- Use %systemd_ordering instead of systemd_requires: in fact,
systemd is not a hard requirement for openvpn. But in case a
system is being installed with systemd, we want systemd to be
there before openvpn is being installed.�- Update to version 2.4.8:
* mbedtls: fix segfault by calling mbedtls_cipher_free() in
cipher_ctx_free()
* cleanup: Remove RPM openvpn.spec build approach
* docs: Update INSTALL
* build: Package missing mock_msg.h
* Increase listen() backlog queue to 32
* Force combinationation of --socks-proxy and --proto UDP to use
IPv4.
* Wrong FILETYPE in .rc files
* Do not set pkcs11-helper 'safe fork mode'
* tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
* Fix various compiler warnings
* Fix regression, reinstate LibreSSL support.
* man: correct the description of --capath and --crl-verify
regarding CRLs
* Fix typo in NTLM proxy debug message
* Ignore --pull-filter for --mode server
* openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
* Better error message when script fails due to script-security
setting
* Correct the return value of cryptoapi RSA signature callbacks
* Handle PSS padding in cryptoapicert
* cmocka: use relative paths
* Fix documentation of tls-verify script argument�- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.�- Add p11kit build time dependency for pkcs providers autodetection�- Clarify in the service file that the reload action doesn't work
when dropping root privileges (boo#1142830).�- Updated openvpn.keyring with public key downloaded from
https://swupdate.openvpn.net/community/keys/security-key-2019.asc�- Drop use of $FIRST_ARG in openvpn.spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.�- Update to 2.4.7:
Adam Ciarcin?ski (1):
* Fix subnet topology on NetBSD (2.4).
Antonio Quartulli (3):
* add support for %lu in argv_printf and prevent ASSERT
* buffer_list: add functions documentation
* ifconfig-ipv6(-push): allow using hostnames
Arne Schwabe (7):
* Properly free tuntap struct on android when emulating persist-tun
* Add OpenSSL compat definition for RSA_meth_set_sign
* Add support for tls-ciphersuites for TLS 1.3
* Add better support for showing TLS 1.3 ciphersuites in --show-tls
* Use right function to set TLS1.3 restrictions in show-tls
* Add message explaining early TLS client hello failure
* Fallback to password authentication when auth-token fails
Christian Ehrhardt (1):
* systemd: extend CapabilityBoundingSet for auth_pam
David Sommerseth (1):
* plugin: Export base64 encode and decode functions
Gert Doering (3):
* Add %d, %u and %lu tests to test_argv unit tests.
* Fix combination of --dev tap and --topology subnet across multiple platforms.
* Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
Gert van Dijk (1):
* Minor reliability layer documentation fixes
James Bekkema (1):
* Resolves small IV_GUI_VER typo in the documentation.
Jonathan K. Bullard (1):
* Clarify and expand management interface documentation
Lev Stipakov (5):
* Refactor NCP-negotiable options handling
* init.c: refine functions names and description
* interactive.c: fix usage of potentially uninitialized variable
* options.c: fix broken unary minus usage
* Remove extra token after #endif
Richard van den Berg via Openvpn-devel (1):
* Fix error message when using RHEL init script
Samy Mahmoudi (1):
* man: correct a --redirection-gateway option flag
Selva Nair (7):
* Replace M_DEBUG with D_LOW as the former is too verbose
* Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
* Bump version of openvpn plugin argument structs to 5
* Move get system directory to a separate function
* Enable dhcp on tap adapter using interactive service
* Pass the hash without the DigestInfo header to NCryptSignHash()
* White-list pull-filter and script-security in interactive service
Simon Rozman (2):
* Add Interactive Service developer documentation
* Detect TAP interfaces with root-enumerated hardware ID
Steffan Karger (7):
* man: add security considerations to --compress section
* mbedtls: print warning if random personalisation fails
* Fix memory leak after sighup
* travis: add OpenSSL 1.1 Windows build
* Fix --disable-crypto build
* Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
* buffer_list_aggregate_separator(): simplify code�- Update to 2.4.6:
* CVE-2018-9336, bsc#1090839: Fix potential double-free() in
Interactive Service
* Delete the IPv6 route to the "connected" network on tun close
* Management: warn about password only when the option is in use
* Avoid overflow in wakeup time computation�- Remove --askpass again, because it was also asking for a password
when none was needed. As a workaround for keys that need a
password, the "askpass" statement should be added to the config
file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .�- Update to 2.4.5
* New features
+ The new option --tls-cert-profile can be used to restrict the
set of allowed crypto algorithms in TLS certificates in mbed
TLS builds. The default profile is 'legacy' for now, which
allows SHA1+, RSA-1024+ and any elliptic curve certificates.
The default will be changed to the 'preferred' profile in the
future, which requires SHA2+, RSA-2048+ and any curve.
+ openvpnserv: Add support for multi-instances (to support
multiple parallel OpenVPN installations, like EduVPN and
regular OpenVPN)
+ Use P_DATA_V2 for server->client packets too (better packet
alignment)
+ improve management interface documentation
(bsc#1085803, CVE-2018-7544)
+ rework registry key handling for OpenVPN service, notably
making most registry values optional, falling back to
reasonable defaults
+ accept IPv6 address for pushed "dhcp-option DNS ..." (make
OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
clients)
* Bug fixes
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Fix lots of compiler warnings (format string, type casts, ...)
+ reload HTTP proxy credentials when moving to the next
connection profile
+ Fix build with LibreSSL (multiple times)
+ Remove non-useful warning on pushed tun-ipv6 option.
+ autoconf: Fix engine checks for openssl 1.1
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ lz4: Fix broken builds when pkg-config is not present but
system library is
+ Fix '--bind ipv6only'
+ Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
* Bug fixes
+ Fix issues when a pushed cipher via the Negotiable Crypto
Parameters (NCP) is rejected by the remote side
+ Ignore --keysize when NCP have resulted in a changed cipher
+ Configurations using --auth-nocache and the management
interface to provide user credentials (like NetworkManager)
on client side with servers implementing authentication
tokens (for example, using --auth-gen-token) will now behave
correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
+ Invalid or corrupt SOCKS port number when changing the proxy
via the management interface.
+ man page should now have proper escaping of hyphen/minus
characters and other minor corrections.
* User-visible Changes
+ Linux servers with systemd which use the openvpn-server@.service
unit file for server configurations will now utilize the
automatic restart feature in systemd. If the OpenVPN server
process dies unexpectedly, systemd will ensure the OpenVPN
configuration will be restarted automatically.
* Deprecated
+ --no-replay (will be removed in 2.5)
+ --keysize (will be removed in 2.6)
* Security
+ CVE-2017-12166: Fix bounds check for configurations using
- -key-method 1. Before this fix, attackers could send a
malformed packet to trigger a stack overflow. This is
considered to be a low risk issue, as --key-method 2 has
been the default since 2.0 (released on 2005-04-17). This
option is already deprecated in v2.4 and will be completely
removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
* upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner�- Add --askpass to ExecStart, so that the user name and password
are correctly being queried from the user.
(bsc#1078026, boo#985798, boo#1031748)
- Use %service_add/del macros throughout (bsc#1038406).�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877).
[+ 0002-Fix-bounds-check-in-read_key.patch]�- Do not package empty /usr/lib64/tmpfiles.d�- Update to 2.4.3 (bsc#1045489)
- Ignore auth-nocache for auth-user-pass if auth-token is pushed
- crypto: Enable SHA256 fingerprint checking in --verify-hash
- copyright: Update GPLv2 license texts
- auth-token with auth-nocache fix broke --disable-crypto builds
- OpenSSL: don't use direct access to the internal of X509
- OpenSSL: don't use direct access to the internal of EVP_PKEY
- OpenSSL: don't use direct access to the internal of RSA
- OpenSSL: don't use direct access to the internal of DSA
- OpenSSL: force meth->name as non-const when we free() it
- OpenSSL: don't use direct access to the internal of EVP_MD_CTX
- OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
- OpenSSL: don't use direct access to the internal of HMAC_CTX
- Fix NCP behaviour on TLS reconnect.
- Remove erroneous limitation on max number of args for --plugin
- Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
- Fix potential 1-byte overread in TCP option parsing.
- Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
- Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
- refactor my_strupr
- Fix 2 memory leaks in proxy authentication routine
- Fix memory leak in add_option() for option 'connection'
- Ensure option array p[] is always NULL-terminated
- Fix a null-pointer dereference in establish_http_proxy_passthru()
- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
- Fix an unaligned access on OpenBSD/sparc64
- Missing include for socket-flags TCP_NODELAY on OpenBSD
- Make openvpn-plugin.h self-contained again.
- Pass correct buffer size to GetModuleFileNameW()
- Log the negotiated (NCP) cipher
- Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
- Skip tls-crypt unit tests if required crypto mode not supported
- openssl: fix overflow check for long --tls-cipher option
- Add a DSA test key/cert pair to sample-keys
- Fix mbedtls fingerprint calculation
- mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
- mbedtls: require C-string compatible types for --x509-username-field
- Fix remote-triggerable memory leaks (CVE-2017-7521)
- Restrict --x509-alt-username extension types
- Fix potential double-free in --x509-alt-username (CVE-2017-7521)
- Fix gateway detection with OpenBSD routing domains�- use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)�- Update to 2.4.2
- auth-token: Ensure tokens are always wiped on de-auth
- Make --cipher/--auth none more explicit on the risks
- Use SHA256 for the internal digest, instead of MD5
- Deprecate --ns-cert-type
- Deprecate --no-iv
- Support --block-outside-dns on multiple tunnels
- Limit --reneg-bytes to 64MB when using small block ciphers
- Fix --tls-version-max in mbed TLS builds
Details changelogs are avilable in
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
[*0001-preform-deferred-authentication-in-the-background.patch
* openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
* openvpn-fips140-2.3.2.patch]
- pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2
- cleanup the spec file�- Preform deferred authentication in the background to not
cause main daemon processing delays when the underlying pam mechanism (e.g.
ldap) needs longer to response (bsc#959511).
[+ 0001-preform-deferred-authentication-in-the-background.patch]
- Added fix for possible heap overflow on read accessing getaddrinfo
result (bsc#959714).
[+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch]
- Added a patch to fix multiple low severity issues (bsc#934237).
[+openvpn-2.3.x-fixed-multiple-low-severity-issues.patch]�- silence warning about %{_rundir}/openvpn
- for non systemd case: just package the %{_rundir}/openvpn in
the package
- for systemd case: call systemd-tmpfiles and own the dir as
%ghost in the filelist�- refreshed patches to apply cleanly again
openvpn-2.3-plugin-man.dif
openvpn-fips140-2.3.2.patch�- update to 2.3.14
- update year in copyright message
- Document the --auth-token option
- Repair topology subnet on FreeBSD 11
- Repair topology subnet on OpenBSD
- Drop recursively routed packets
- Support --block-outside-dns on multiple tunnels
- When parsing '--setenv opt xx ..' make sure a third parameter
is present
- Map restart signals from event loop to SIGTERM during
exit-notification wait
- Correctly state the default dhcp server address in man page
- Clean up format_hex_ex()
- enabled pkcs11 support�- update to 2.3.13
- removed obsolete patch files openvpn-2.3.0-man-dot.diff and
openvpn-fips140-AES-cipher-in-config-template.patch
2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
* Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
* Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
David Sommerseth (4):
* t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
* t_client.sh: Add support for Kerberos/ksu
* t_client.sh: Improve detection if the OpenVPN process did start during tests
* t_client.sh: Add prepare/cleanup possibilties for each test case
Gert Doering (5):
* Do not abort t_client run if OpenVPN instance does not start.
* Fix t_client runs on OpenSolaris
* make t_client robust against sudoers misconfiguration
* add POSTINIT_CMD_suf to t_client.sh and sample config
* Fix --multihome for IPv6 on 64bit BSD systems.
Ilya Shipitsin (1):
* skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
Lev Stipakov (2):
* Exclude peer-id from pulled options digest
* Fix compilation in pedantic mode
Samuli Seppänen (1):
* Automatically cache expected IPs for t_client.sh on the first run
Steffan Karger (6):
* Fix unittests for out-of-source builds
* Make gnu89 support explicit
* cleanup: remove code duplication in msg_test()
* Update cipher-related man page text
* Limit --reneg-bytes to 64MB when using small block ciphers
* Add a revoked cert to the sample keys
2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
* Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
* Move ASSERT so external-key with OpenSSL works again
David Sommerseth (3):
* Only build and run cmocka unit tests if its submodule is initialized
* Another fix related to unit test framework
* Remove NOP function and callers
Dorian Harmans (1):
* Add CHACHA20-POLY1305 ciphersuite IANA name translations.
Ivo Manca (1):
* Plug memory leak in mbedTLS backend
Jeffrey Cutter (1):
* Update contrib/pull-resolv-conf/client.up for no DOMAIN
Jens Neuhalfen (2):
* Add unit testing support via cmocka
* Add a test for auth-pam searchandreplace
Josh Cepek (1):
* Push an IPv6 CIDR mask used by the server, not the pool's size
Leon Klingele (1):
* Add link to bug tracker
Samuli Seppänen (2):
* Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
* Clarify the fact that build instructions in README are for release tarballs
Selva Nair (4):
* Make error non-fatal while deleting address using netsh
* Make block-outside-dns work with persist-tun
* Ignore SIGUSR1/SIGHUP during exit notification
* Promptly close the netcmd_semaphore handle after use
Steffan Karger (4):
* Fix polarssl / mbedtls builds
* Don't limit max incoming message size based on c2->frame
* Fix '--cipher none --cipher' crash
* Discourage using 64-bit block ciphers�- Require iproute2 explicitly. openvpn uses /bin/ip from iproute2,
so it should be installed�- Add an example for a FIPS 140-2 approved cipher configuration to
the sample configuration files. Fixes bsc#988522
adding openvpn-fips140-AES-cipher-in-config-template.patch
- remove gpg-offline signature verification, now a source service�- Update to version 2.3.11
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
* Fix undefined signed shift overflow
* Ensure input read using systemd-ask-password is null terminated
* Support reading the challenge-response from console
* hardening: add safe FD_SET() wrapper openvpn_fd_set()
* Restrict default TLS cipher list
- Add BuildRequires on xz for SLE11�- Update to version 2.3.10
* Warn user if their certificate has expired
* Fix regression in setups without a client certificate�- Update to version 2.3.9
* Show extra-certs in current parameters.
* Do not set the buffer size by default but rely on the operation system default.
* Remove --enable-password-save option
* Detect config lines that are too long and give a warning/error
* Log serial number of revoked certificate
* Avoid partial authentication state when using --disabled in CCD configs
* Replace unaligned 16bit access to TCP MSS value with bytewise access
* Fix possible heap overflow on read accessing getaddrinfo() result.
* Fix isatty() check for good. (obsoletes revert-daemonize.patch)
* Client-side part for server restart notification
* Fix privilege drop if first connection attempt fails
* Support for username-only auth file.
* Increase control channel packet size for faster handshakes
* hardening: add insurance to exit on a failed ASSERT()
* Fix memory leak in auth-pam plugin
* Fix (potential) memory leak in init_route_list()
* Fix unintialized variable in plugin_vlog()
* Add macro to ensure we exit on fatal errors
* Fix memory leak in add_option() by simplifying get_ipv6_addr
* openssl: properly check return value of RAND_bytes()
* Fix rand_bytes return value checking
* Fix "White space before end tags can break the config parser"�- Adjust /var/run to _rundir macro value in openvpn@.service too.�- Removed obsolete --with-lzo-headers option, readded LFS_CFLAGS.
- Moved openvpn-plugin.h into a devel package, removed .gitignore�- Add revert-daemonize.patch, looks like under systemd the stdin
and stdout are not TTYs by default. This reverts to previous
behaviour fixing bsc#941569�- Update to version 2.3.8
* Report missing endtags of inline files as warnings
* Fix commit e473b7c if an inline file happens to have a
line break exactly at buffer limit
* Produce a meaningful error message if --daemon gets in the way of
asking for passwords.
* Document --daemon changes and consequences (--askpass, --auth-nocache)
* Del ipv6 addr on close of linux tun interface
* Fix --askpass not allowing for password input via stdin
* Write pid file immediately after daemonizing
* Fix regression: query password before becoming daemon
* Fix using management interface to get passwords
* Fix overflow check in openvpn_decrypt()�- Update to version 2.3.7
* down-root plugin: Replaced system() calls with execve()
* sockets: Remove the limitation of --tcp-nodelay to be server-only
* pkcs11: Load p11-kit-proxy.so module by default
* New approach to handle peer-id related changes to link-mtu
* Fix incorrect use of get_ipv6_addr() for iroute options
* Print helpful error message on --mktun/--rmtun if not available
* Explain effect of --topology subnet on --ifconfig
* Add note about file permissions and --crl-verify to manpage
* Repair --dev null breakage caused by db950be85d37
* Correct note about DNS randomization in openvpn.8
* Disallow usage of --server-poll-timeout in --secret key mode
* Slightly enhance documentation about --cipher
* On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo()
* Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo()
* Fix --redirect-private in --dev tap mode
* Updated manpage for --rport and --lport
* Properly escape dashes on the man-page
* Improve documentation in --script-security section of the man-page
* Really fix '--cipher none' regression
* Set tls-version-max to 1.1 if cryptoapicert is used
* Account for peer-id in frame size calculation
* Disable SSL compression
* Fix frame size calculation for non-CBC modes.
* Allow for CN/username of 64 characters (fixes off-by-one)
* Re-enable TLS version negotiation by default
* Remove size limit for files inlined in config
* Improve --tls-cipher and --show-tls man page description
* Re-read auth-user-pass file on (re)connect if required
* Clarify --capath option in manpage
* Call daemon() before initializing crypto library�- Fixed to use correct sha digest data length and in fips mode,
use aes instead of the disallowed blowfish crypto (boo#914166).
- Fixed to provide actual plugin/doc dirs in openvpn(8) man page.�- Update to version 2.3.6 fixing a denial-of-service vulnerability
where an authenticated client could stop the server by triggering
a server-side ASSERT (bnc#907764,CVE-2014-8104).
See ChangeLog file for a complete list of changes.�- Update to version 2.3.5
* See included changelog
- Depend on systemd-devel for the daemon check functionality�/bin/sh�/bin/sh�/bin/sh�/bin/sh�mourvedre 1676963937���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���Z���[���\���]���^���_���`���a������������������������������������������������������������������������������������������������������������2.5.6-150400.3.6.1�2.5.6-150400.3.6.1������������������������������������������������������������������������������������������ ���������������
���
���
�����������������������
���
���
���
���
���
���
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������openvpn�openvpn�openvpn.target�openvpn@.service�tmpfiles.d�openvpn.conf�openvpn�rcopenvpn�openvpn�AUTHORS�COPYRIGHT.GPL�ChangeLog�PORTS�README�README.IPv6�README.SUSE�README.auth-pam�README.down-root�README.mbedtls�contrib�OCSP_check�OCSP_check.sh�README�multilevel-init.patch�openvpn-fwmarkroute-1.00�README�fwmarkroute.down�fwmarkroute.up�pull-resolv-conf�client.down�client.up�vcpkg-ports�openssl�install-pc-files.cmake�openssl.pc.in�portfile.cmake�usage�vcpkg-cmake-wrapper.cmake.in�vcpkg.json�windows�portfile.cmake�pkcs11-helper�0001-nmake-compatibility-with-vcpkg-nmake.patch�0002-pkcs11.h-rename-interface-parameter.patch�CONTROL�pkcs11-helper-001-RFC7512.patch�portfile.cmake�vcpkg-triplets�arm64-windows-ovpn.cmake�x64-windows-ovpn.cmake�x86-windows-ovpn.cmake�management-notes.txt�sample-config-files�README�client.conf�firewall.sh�home.up�loopback-client�loopback-server�office.up�openvpn-shutdown.sh�openvpn-startup.sh�server.conf�tls-home.conf�tls-office.conf�xinetd-client-config�xinetd-server-config�sample-keys�README�ca.crt�ca.key�client-ec.crt�client-ec.key�client-pass.key�client.crt�client.key�client.p12�dh2048.pem�gen-sample-keys.sh�openssl.cnf�server-ec.crt�server-ec.key�server.crt�server.key�ta.key�sample-scripts�auth-pam.pl�bridge-start�bridge-stop�client-netconfig.down�client-netconfig.up�ucn.pl�verify-cn�openvpn�COPYING�openvpn-examples.5.gz�openvpn.8.gz�/etc/�/run/�/usr/lib/systemd/system/�/usr/lib/�/usr/lib/tmpfiles.d/�/usr/sbin/�/usr/share/doc/packages/�/usr/share/doc/packages/openvpn/�/usr/share/doc/packages/openvpn/contrib/�/usr/share/doc/packages/openvpn/contrib/OCSP_check/�/usr/share/doc/packages/openvpn/contrib/openvpn-fwmarkroute-1.00/�/usr/share/doc/packages/openvpn/contrib/pull-resolv-conf/�/usr/share/doc/packages/openvpn/contrib/vcpkg-ports/�/usr/share/doc/packages/openvpn/contrib/vcpkg-ports/openssl/�/usr/share/doc/packages/openvpn/contrib/vcpkg-ports/openssl/windows/�/usr/share/doc/packages/openvpn/contrib/vcpkg-ports/pkcs11-helper/�/usr/share/doc/packages/openvpn/contrib/vcpkg-triplets/�/usr/share/doc/packages/openvpn/sample-config-files/�/usr/share/doc/packages/openvpn/sample-keys/�/usr/share/doc/packages/openvpn/sample-scripts/�/usr/share/licenses/�/usr/share/licenses/openvpn/�/usr/share/man/man5/�/usr/share/man/man8/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:27882/SUSE_SLE-15-SP4_Update/a5987fafb0e912df8b6d987d167bb181-openvpn.SUSE_SLE-15-SP4_Update�drpm�xz�5�ppc64le-suse-linux��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ������������������� ��� �����������
���
directory�ASCII text�ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=53058e13156e6c6e22e198c6c50a9f51d33e4f4e, for GNU/Linux 3.10.0, stripped�Bourne-Again shell script, ASCII text executable�ISO-8859 text�POSIX shell script, ASCII text executable�unified diff output, ASCII text�Algol 68 source, ASCII text��Perl script text executable�troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������R���R���R���R���R���R���R�� R���R���R��
R���R���R���R��
R���R����(b>fM_����systemd���������systemd���������utf-8�676e0e4f0ee1b5d02688c4e27fef876cf1363ad4d86458cef9fd83fa7e1e40ce���������?����@����7zXZ��
���!�����t/ᶧ]�"��k%w!n.SET&b=;r7nbM5R���rw0r'�94zpռ��?y��6U4��Ro=E⊮
'^$g7L s1@eo'�Cb@Q L
ڭb@�8�)��.ƺ)a�tOh1���
`ٓ�����<[u;�ԗ��#ȩ!�(GDqWrs_pBSh��u�y&
yY:Yݳ��],nҫ]Րjv�_ق]0 �9�/܌W]WaFrJu/_s3[H �0)EF�OOH��Z}
�E�5N0VP�p��WF�i��U`�KV{�_p!�)�/Z6`aV�$=_z�ÓI@�Q�^R��CL<ڽ`���tLyK,[ ��tܔ�N5Im^4ˇ-�rbrK
C��%���!�Ҭ*X} �MSqE&�/�;?W"@�:�
2ߚډ;Vjs;
;�.9_���^(b0(&�2C />e�ynWt�BT�N����v M?D)&)SۮcM�G]-+͑�}�gW�n�^J�a�Ph@9�6;��K«jډ#걬%ŗ�O�#!�OʹZXFWHRt:mTWa9)&rrq�yT�T91&-t;bqIgo�d�t5T{[C&掿xЯٕmd�VG*�ѣl��?[/AM�4F�H6V�& �.X|w�#CѼ $g $.RK�,Xf�%q
��HK!ƛO��2�^�-�lC�pNp/>jl��(&�Hg�a9׆Io�tԃ�f"toDBԙ�j;0M��H�ך�"?bA#,'b`��32��Ӑ�V�@aa�!�S;pGK�W=>j�ϼDd��+Bri����#s7\CzY@Ȅ耛
i$:R�]
�r�JSsz;!5>14́s'Ga {PHh N|�eխ�7'�>�fK0+d� �S:6R��6ťc0\�;�O
CV!�Ƈ�O=�d;wA��>�b��Mu*fs];7�ОJ+�c~ �
�jXsID0;kl;OQ�v�_pޝ�m;��:wfO͘z>BfM 後ϻz̡VO�?#u_�-(��x�3?o�ivN[HUuo1R��36 *o�%G�bY`Gu�sM
;ތ
^j�2\:Ӽ�� c��j�K�^|/��[=@)t
5~ʬ
!>�.(yӤ)ټeYQ�Uz/
?p"pM,w͎ig�ɩ�^��me_�9l%K@Ⱦ
ծ�wq}^f"at��0�w,��;�'�,�,j��4��I�h8b�;�i"j}Tj,���W^RT1-QV5F
͖�Ҙ��c%mPG%
ǐtExY�@�lg��P!Shm<Ӻَ`3L^ɱe �բ���>J.f�UTOx:܍iy�w]Z+*w��@ ~��Y|
H!�߽k/EXB.//lKh�3F8>�ח/UqxA�īs$�>,��p>�Po��7�&k
Z%v�{6�Ά4N�ߝ�8/͊�'ҧk0p�t8Z��w_-{_:[Gh{DnxDk�(�fBv��ڛ�4ҫnbhAŝ=*1hd��ji;NຝX-[Au�C��];m8My%M#P͝}.,M21"ݶ;�oa빅,#ӄG>l˯/�ڮt�p�dT~B֟�4�:oR�bQfj5 oft[e $�I�9i�(☈bnܿzB�,n�6v�n1jgUi^[q� eǮ{rai�USΜMа+?+�8��;_n׀�yynO�YADB,l[W&g�͇Zlq��_Cl�pt���Q+��Aes*!�/�$�Qcu�>D> k;e>MA�aP5
LMGi^9��2eh곩M*nJjsy }K|cN��C'(`� f6ꦊz]ww�Ł�2L7�bJq�
�<���Mm/]xF
�C_'X,C��(�H�n_I܉$�hK+tY7NAG�x�dQ]:�4f)"��EA�F��!UJ�V4 (D&pʧI�,qأZt�_+BtZFK`�_X5kzt?�m�
���,4wu%hT%v"?�(5$ڽ��Sw��F�����D��T�Lp�~��9�]\;])Dp钮/dXП4�5�_5q��5PA���VE�%bQ ��n*9)+�cU*SOܽ'<^�G+x]44� ,�=hbhoStӄBJQ=i"1Re$W~8��4iKPXYvaN|�-z��]�(گ_i�[��6%lZ�ldlNЖR{PY
}"0[ļHuA#Rb��m_<{
�`P#*&�kg`=�LPBm&OHgc�t#Œ�=Uә�]�+^;O�!6#n��=;Y�
Yށ6HJ��6DԬ&؇J
z�B HxU۱�{V�(�W�<;��8wk s�@b�]��eCȒdSeɢ(@Q}��H[S%�w,
]Z 5��\{ڿ�6#ژPPa�:Sݐ:p8y?%ISLC8u�/sc�_�M,�k?i�^4�����pOQ�Oo~mL�m�⹁!#��DRVckD:��-6e�Yu�RH�fc\{ץ(
Q3�83}�5q�F
| }C8G
��#�x.+?w-Rd�o���t8Ӥpqpj]�,�?i9ТB(5�^B/�=H�)3�Y< 3�Po/Y^H�(pQ5Q�io'~n�oWB8tUEyRύd�TC:k�soY�s�|6�-�ΌCR:U[M߸
{�cw277Lw#B]ђaQR�[�}T�#biT�}�b*ܼ�,U� p�*.^(ONZBr� .h^�`% ⊫Xiy.�^7�Z�q(⋢TR1C�G�#Xr4�vCKE+;rhC6Uz,f8�W쎁q19#DZ;&V [�
Fp"˧HH�g:pdXok_jְ'�\kj}$4?P!B����#Fy+�p\�7G�ɯ�r�ogI*T{|h}Oϡ->6���u�Dv�A|;~PV/�<�3�B+�O�Ea8��?Ag~=nՃ3@;g�αTip��_RXX)4��zl�!�+�1�U.k),ILs��ma"�$�h9P�:58eb3~=OY{M�Kiܽti𩫀`>;0ɷTvF�/��DzՑ4lA��)�{=�#*�m|��P']?F�.X�)�bV�R�%yT~��TA2 h���>)>I[VXS:jZZE@ysŷ+t55�}�M�v�ڟW4Kv<&J[c3ө .41�%��p�@]��NUU!h7Çf�u1B-?t+lo��Bnw�ꐨ"{2]O聵G0wx�B�Qz���ﺠnsW�^
0̟fC�c5�o�ז�J�ge vZ($u�Xp�[�4:X��okL*9l3Cr[MT�u��t�HT^@��³I�c �r/Vn("j
��ce\3s�h*I̍k*$�Y.q��և�f-��#F��awck�?۔vj6^*f��}܊�A#hi�xWk�CJ_'44��-za���)N6]ތ'�nyec ◮ϱ
ס#X~S�ʦK֣;i��.h��#0YN;C,>07���JhOV\U4`��6i�R��eok;td"�_x ,KL,˛�*~6".zk{Hr#�=n`9|�:�K3L{:*x#�B!=W),3�"#5KN1���43"yXjy��)�\{�mH'0F-fvj�
8D.'گJ�}�/g�TЏ.XR\�qΝV���2AťO@��4`N43OwR}zlKa^�wc�%�{/U�1Y5�yDqy?RÎZFL-|/�f���WY0�� n��Sv�� [� |흸�]lKVV1j3wky�FfimԌ,3zݥ"+,z49iQyP[ ��uʠo�QO>ūόs=[�Be{DC7=leJP�GsqE/Ept:=.�,_T'Kd>"lLD 0|')XZRlP*2vcƊ��b2S!���jz9�˧0}~Y����g�T+W�\P/
WT'e(0$|Ô �$�؋
&?˜H;[n([K
p߃~�~J}չ�
j\��W$Q�[{:pd1zKA��OZBn4oB|-78$wl~H
Z23"� ǵN�|֯Rh$��T�b}yD�n�>p0�ː�:�GyR$1�Ɋ.[G�.M�b4K@d�m*�@yENs>2- �rD`Xdi2�IGȱki)3�)#a��Q6��lN��Qw�#Mn?�іu* V�9h))k]Q�dj���.̮J*>4'mt�bZ*ґ$"kNvu7�h�C
����w�_
H륔z A
X# Z.N',!Ugg8Ʃ[Xk35f;ݫ߱2�d��w�+S7A�-͈FX4D�Xh^ES�xsS$��8GG鄜3,<цm>6J|+f�pFG��_ #]h7^$�H���*�v4,k��C�5KkYydK.ܕ�5ڄ T�OS�!�OMtTSH$@T���Kq:xAc+�i1;q7�-�~cg��f~��t`
$cin��SV7?>7��0轰L�#˿2
��>C{ڂMpY⛘_1S~^ISMj%�!JP>�4d�Ev ^0�1�oq<;k��Ըgg��2hg����6L͛�zXޞɿCg�K6:�P���H=�.cA.*nR/rĨ,XBL]5t�75�VI H}S7F`"��Qrt�J-/㧍p�06.?�t/T��0w�?"[zI6%ށZj1tcE�WR��0_J�5zp�bf՚G�"i$
�PWڌ
JM'ņ}Jh]>o�H��IC)h�z{AHQ�ǟ�A#{�x�=\5;k�GV[^Qֻ�SƆf'�8��cB\LOs� b;=�0V{C�5�l�#HQ("]=ϼKV�~
T:y.JHI(ga���zsȨ�V^fOn͎U�{gt;zW%��S@ft��2a2�9d�09/C*\i�}{aS�;@/BT&�(5��/?!ǏdRK0Շ�;�ַIzW7Ը��VcZ�oR);ɚҔeRC5)�@Ĩ?�{JC}VY����)XHrV�?G,bQ}֧.*
( ;(�3�ɔ`�!�Uua-Ǜ��w8�[Itk�d��S.W~MZ%�>a�Y}tleusGH��͊$+o�=�YkL7bb2��/&ayb�)83jr
\k�'[�H�)��8ǘ%C ��2*gg�KiX<+!�ݗC@� �o�R�
K7KG�@��\O3ێ��-GNƀ��7Uc��D.!�O7�'O�V�pkmxL(5�Bɭ'�B;_F_�g%3WK=�CK�Vk��zb��7?Oo3��탋f#$EbXk����=�}^?{,�D0/1̸pB�ٺCsݔ�T9hƴU^��76��m�V�bCl �9��7`CjB*�]P=H$6�\FQ"]#Hc\�X�tYuG',é疴-q;�_�$}Πe�U-VJ"s��\��E�-A>j�3�}Ws+<7Q�^v3IМ{�zX�>/'{$>�eDJx_�EȌJ�(I�P"��][PxC" ϝq�,�E�2A}_o>�)cUl̈́(ȍ$s�Y��<�C��:&�b~ոE[9TqTjf\(�yAJF�Uqi� #knւJ[�V� )���JSE�Fn6�Ŀ>C!gs_��F}sXz��7ޙ`oq8�v%P���q�&^ߗ8m/!s.G$P݈\�2R�̧D�r�V�ّ4ǡp@1s,dΟ�#֖'q+f&�d�:&<5�-Mt-[[=v8�SwX��r&yƑ-Z:���~�I`fd?�
2�T&o'^�ME�K,*\ (n13)]+So=ba:D�Yb,*�'
\��T�R��T-7#*�7p��9o�DPr/b @n]Ei|c86QpzK(˹eZyZ�@tu&�@^�KhgrhxyJ;�PKLܱ8jʴDcsD.u�Z�qhnk՝#f9A}�N
Љo�Y��tN=U4[>fÎ!�*QfhK�3wXt��Y�z�+APRzQbVO-#,$�G >����E[Vx��+M�i$_D=^RGs�{LrGC,8u7�:�r<}�~(́gJx-rcY/3mJ_$V%Pl$)\(CF�7e�([EnG.�*�r
D�YmPb()Smģ�F
R�;
Hb@u>k�U�tŚ�^njֽ'� z�Ku�)�4�@�g&ekh�s:�c)�F
N'*EǖRD�_�E(pxϣV17B�Cfe\ۼj�K��S5t9�3.ڡs7À!�_%,Jƪ��4yі��L[BĄn[r&z��pw
_z7��SmEҝ�YJil`^Rf]P� �9ؾ�N% 9ٓYg9'���?�0Ehߟ'�M_}uiʺ6$8��HYB��̊9.Naw0ٗ�HL.E!*�M$2[ԝ� ʷӌ{Tag*v<$VG�K(Z� u�07~dŰy5y,�Q(\k2�RA�cZXmvAf*G{δ$J�5&f&Dի-;Mi��q\;qk�Yx.-F�[Z;�kߎv;jqQzoX =Fq�FhK�;.s�Bm�6�i�YK�@5N1#�aD)!9��$]ӨX��NZi
9f$
�6&����:�� 5:��=lIf�2)1V�[,adNGQ(�2~0I�.�e*Y�_IcbxPlqBJ��1"~vJ1A5M�;Os䠴X3_~\!d�[Wb��ynO`o;��@��*)L1H�
'.tYe���֢�@|E8JHv�KIy8as#;^I܈�ph&?1�=�1[�D�;��6�i���Z]xJJF�7�Ċ,Wqxy����5〭5vZx/?�!:y~�k@\6"�jEU}A8�?-wh�N"euY�� Xm
m�#�/%58��Y�ĶN2҄�d9I[8N"2�&��9Q4�7S�*
_�0;8AW>xq|)Jϥytk1
?�w^���v�I~?m`Zn%]Wʒ~I̐o�ԩ� gg�@��kZm*\՟�`��ňdAom+^l&KUt[6d�z&o*^1w[BٶQWPi͂?>;�pqtml* rv7@BJ�l7u[jGщ$v�+!*EO?Rv^�g"H8�U;Rj
fk
�}tޝq
_0J;̱@pYi�Ԛۿ~o�:�$4fe�A1߸�T^g,a|JϗBF��eʲLC]8l"cφ�VB3�ȃ9Z+S=&S>�\Y^� `F���lL{�a%[:Zj�;3+@�/Kĺr6}bS��.0rtZfdb�Y]r:'�r匩iW��VC�{�0`t�&Kp}i(�?_2g~Mh'e�3L$8;TIIvVpqˏ�A�pF!L4s��&,?f*�kQ�}'-�X' ���ay�ɓp'�A9O*U$z���!qă1wR^J쳈q�/S1$Zt^40BˊC!Eep3s{e�HxF88��$�ZU@AM�cuPڶ3�";f/K/.fuH4i_P�MYB,�l�,PsFm�vay�e4?'�OϺ�x T�~�z#�~;�mA7�5d~2̋B-QZ.0��v���$n�F�v颏`we/Svl�"b/b0 ��|3(hR!�er��2�_1�rT;��X��M]��{T5/rJv|X82q#㾓ʀ"�Nw֧�n;$}�.]E_]�f�= ɚ;lFv�q&
{23,v;�?7�|� +l�Z�"_'�(ے
{r-+[7Kf�Z.)#3aƭD�&�\�ϗI0pU̝;�/XVu�R51~CܕWs'}�lt�[ۋ婐Bb�r~Wy1&8?Y_>hr�ͧU��&P7�E+@L̒g,A`�nBNWβu�]<ӳ��5�("r6 ?F}]�Ӈ:H;k
p�d��ri.݁bD(Q��imCB5��79#6�Y��>0
1Qof+�!Q
W�13YI,K`w�x#B�T_3[szx$o͕GYk<�2P��yQІN<�[1HOA>%�lH�?N�S˕�**ƻ�DWdž(ey���=L���ݩC��NU'mCxT�8A�4)owshD?`�ړ.?ɜ{LM؞ l���g�HhsPZP] ��J[+S�
Ia�/cdB�=�=xNyk�,ek_llkRXZZB�Id&0�|.Dخ�)X n�F�
[f'ZZ6s$MhĚ���)(#1��XٲyZ}%J}��8J!� ��`d�Pns۪hX+o`ͭ�pGչi}��};-.O�wF5I7T�GwhvMۥ�D�z&:ȴ���]e�� u|�c'�2�A�X�5�ϰ�r�~DOo�L
n:*K7(WH\e.#ɟconZ�&Eس UNj� �@==�q�qb}ܓ�vH̫:Cxm'?NA�LPN"8^��iê$VF/RH_Hv/l?U��:|uS#�_Pn[�+Yá}>�sUvvkkXY�Lj9
sn+d��[SZ�g'�upL
c0j�!�>t�4p4dӟUDIJ�{�sEN}�F]NvbERBzSG]b`¢��W���vZf>[갇W7E\�eSzH��U
x �TqssU�"Υu�Z4Q(z�k�-|ڛAG��ctk&!
�#.+&J� \E JHр_OA9#�CFR:�U`�S~{_:SnG�m;��)�ڌWAޱ";PƼ>h:\'mti-
{@i�;�/�gUO�s�vИߛ�_Z'�m�6rVvf�/e�Y�fsP_��g�$(2^SwhW,5!M:�F5ms�+�D۫˝f08Δr.�2;ݶ�ΓaU( V�ϴ)�r��O+�v5ͻˠ01zzR%7%A�co@BMy3lQoR~��_@y�GKbLjZM�Oy -�}hU/M��kl�'lC�=8�B}t�$ �[�@/��)|Y�A�D�m|l
j���\-B?�,��Z̼NJs��
ɋvS\T^�j@M{|#J��X s9R;g�*"LӮD=lkS^{ޚ^yZQVa�^c�0эb]8"#S��1{lwY�f峋�N�w>^vX�� k~ۗ�O-i,]��si��
x�$
~ +{i8j.Zi�2r���&*�Rg�$V�f�R,-4Q唔[6�BֽH,Q��6�\VKQ�$d`-��D!�jѼ�o8�8�tX�A%�AQX3q�Kз&g���@<|�
��
P&F@G;8@SN\��Jti
3W^wӛf@�o?+lCu�#MzԌ6F1oy�Ơ=@$+ZOl�zx4p^Mj%+JkE%8T]<�s X"�3W�6z^Fdls��\L��msF��85��,bHn~>~AypY7��14nV�+�"v�|5TlSa�Dp-㪖ft/V�`RKȩ)23>8LO�o�+>�AL�-BJ�h�Pexlf(@|rl�d�P�"�,�#BɸaZ
<��j;> uS9JL`p~doN�PGx�c2j[h]��o
@|P�~��~�x�@{&P2?<�;<҉�+=̩4l}0"b:JSŋ}z{<� ,
n�2yx*po��]rQv*lى=u��yϲu��~>0jobpAy1!ߘ}nDd�2�vdeK�K
[N����[HOn��DA&ll_9]|��=j\H_ys?�l�?$T+�=�]�X�i�:g);�"SC]u@[!�7Y`��[PsDSa((J9r
�}n}`3i.Wq> ��>7cIuaHeK]�?B#t
Un� ]V�>�g
3[$6KrL;nDp�'c
mK0<#=Ѽ�`gc�K/C3F
~%~GGdb%��Q8_�2xRh�XW�
vP��N�r:?%g,r䶪D\�/�Ѐ�]Y4\�83��2�D#r�q$Ԑ�{[KWRzj��IPTă
�G4ɎvAb�-cS@�ݥ,�k`{1%ϸ`E�ͭU!q%<�RI�ؔF�@5+Zz2Lpc#LYʕGVt70���|���"QoZL{q?5'f.b]�1HWt \5p55=Öƺ#A��C.c<{vU\u I5l���|�_�ף�3t�c)Ƨ6Tok
�
}aD($\ioh
Ȥ,IE�#دQ9[rlGQ9d6:6/H,&z(LQB�䅬 v��{V)F �gn��a��ZT�nk�4"K�b�&\M�Ԃ8%:9{0-(�90�u"�]Pdx>=K$
{�u_p}CfIF_��4[!R�L@ߥ7ݺMV4}YϯY��rWæpf�]!6.:Ub|"��W½�m/��Nݏ]ɘK1̆;4Hdpk8$S*';XF��
8($ss�&X^He�ߦYs'[>G|%�['e�u�Lc���1��P7tg�ƁNA�&'/DFwH\n
p;)Y놃��ƜxH>��ޫZu�
B\�L[1�z5hҐxڐt�5'QE(1Ss>#̼2C��rW �oo�Od8!5�4 (Wo~$]n�#��Oƅ=/^��L�[$�]9z#S�d���U�Ϥl%�`97`~�"A�`
P\fKp �[m'��xMRz`~?<%@#IZ7cSQ%�pz�x�@â3aDb3��>F EґV/�C ̘i�]Kڙ6IOlL{O�ëH-��Ô6��?X�(�P�*�}bOڰE\U[!Q��#OsomZ8Ji`2Ƴ ň�gjԸ�%({,sd4iJ!'|9l.a�C9
p2{q"v-3�ƶ�e8�O9�QY�߄uw{T=�{/-Kcx��YU%,}���n]
py-20�4et ٥|Sk��%�4�pf�.1&=�-S�Z$4؏H�ꥳ���9&�Mp�f,EȻTP\xmM�Z_gxAOc��s�զ��64�/+iiLq���*)��
bP6h�>ZV+6'BAS{=Jtep,�,zlBq0Z+"ba=�>ʑBS[�z]LFZ|k��#
8$R4P
[Cr(c�tׄ~h(ό�(�~S.M�Kvܛ
;!Rճ�}&L�d�S��X�hLy�+i3��<\SӅ�lW1A��kdTFIyU"R!�hnAm*�
$Bfؔ(Ǐ(d�;mؼd|zq#^��}� J���^KZ#عs2N�K�Tv�[X#ȱ8sac҈%L{Wv
(a背2�[�?dp�28�gD#/e9aN�1�]WJ[]RR-AѸ�x]O�1%u�Xo)
#3�2T�G��I�2&4`W0�;�8,"�0M}J��gIP�/dH�R�]'WvI�f�A�h_x�QWK"8�۠roJ2[eFRͅt!ô(y�hc���ZfE(u%R8c�bp<
K�sGd�w�嬶9[R zY�v!`vHQG1�p�>V`ݻ��@)�C+x�i�k�`Wb�uwH8``߃�(ؖ�L+�snF_䬎�:Zo)@';L,<��R3lYKyBj=l~��-'boI˞l#Y��G�5D�Z|��0�&�4q�bĺ�s콦����2=2���p,�^U{S��s Z>ľgHNlJF� [ 1��Ưd&d4Lǯ�7ry\Gau�k�Na�o,>jE����=J>�ӑ:2Cp�U>'y;�?<��VzET3f6Dhi|P�pKңˣ[.h,�h�{�G4*$�KZ P'#8Í%]eZ�8"K1&9Xb�7ד<��Y��ܕ�[N~W��f^���$$k_IMoUecl$^@V�L3}�-�/{SGKM+�T&E�IF?n���[zG~
�OJ?Hclx�q}��z�!�$u�ǂ;ܗȃ/�_�2�Fm$`"YS5tMd0�Yd��o��+\�PBD�����-ϫbK9%6�ȓJ'�=}/53An�"<8-�hZR�nU1]`w�3�r�xDcr+qМ5^3Peg&I�+vB*TrfeV�+P쾋`
2e��_pkj�Q�/�']LZ1uTf�$M����7:&߭�k�� Qˈe"Ned[i)x<<�Z5L�Vˌ {.0���Q0GiM�J��F�x�jmrש}�[�׳�浖�^®5&[$@hGr"K�,#9�(%�tG�]Ґc#azI`0i�G~_~e|f�
P�}'l.x8�9W�Λ0ty~�xb�q}0n|$HWv��|�36=5'ϴ�3#ݾだJG|Pc4RO1�JM
L�rz{=j19:/��s"C-r9bZ�ܦ(ၩ��;|`K}�Et� %��h�268;#R�o�En&Wݡ��)etH0j#μ))�RöR9]T
VxJ3fO��{.`: ]ŵ9^2%'��L�I�]�|�s_BͣwR[݅?E�fC�>7Y��y�Py)5\W+raR3!XKOiH*�N_lJ�\px�k�8�70g3��*CBJ�}3�)Q{=D��FZ>.6�u�=r,Ʒz]I;lͶs�AzNx��sE����BN:˱HT>N.6Sg
&�U �5H6[�'Bt{�-l8HV24JSw>�/1,Q.ٝ4Mb픶EJF'H�ֳZ(pɘl ���t:6�I*Cϐ@�lI�!�ϖ,-E�MF$U{wqk|J7T͚:քJT`r��P�ɻp�ut09Ki�8Aonp�t�0Rh\ckˊߺ�[*𨲶x1kB8}{OP���G�
#ڨ~Aŵ�r8&�[@�F3cW%�凓�~�q���#_B$HS�H5�Bƥ�xB,Pжef2Q"�`,�roL˚4Y�[G<��2R]"CAh0��! nCۡ;çPcW�U2ϝI
/6w=$䶐ȝ%G��I8ɕ��z�Ǯdo���:wiOD]�=%@z,�D��go^ˌmf
'P�R�!,9JPu*l&LɝC�:hU̶[�ll k!>m0O[Ɖ=�?Cϰ5D�pv'�2b8څ!�dz: BT[N+鲡=�;�\�3�1:R~?�֠}G5g4~+@Vg�iגT�QG�mY# =1�̞t(T�{�-�M;�]P>U1L?�Ga�P�О3^V.u��9�䙤�>?/uxo�:�ӶvK<ݺ,w���X䒒>J䶔�l
ZpX&G��7�bfl%i�C5&8N�I�� ohk4p?J��W5�$h2|"ջ.H|PZKɢ��\b:JYnLRC4C�PPD��ʄsA+7lC0*2'-��H�
ߨy�?ᔼ6�67�gLo0iTݘ=�?U%XD
fO�=J@P�H(P>ċ)�ߞ=ET)9S�E\r�4*:37plu?W#Y%nSͥ�?+Ťht:�xtcO*h2"S��b�K�o<ɟDS&8��-vE0-
}HnG�BTe{v�
p�U�v g�⧔ ��Q^�쫭L �B^I&�]�Ȟ&j$R�Zn$NgO�[u#LђP|��ӥYȭB�Pc�^i{&Z�ynG-�,%ܲ�{)0#Ptcx�).Se[�i? <ε2BhO{8J0
2UW��gS'�u�RY��-{� �E, k61g$:7ȡXd$=ň~�YRӄibQ�4~�z�z-�xSR�16Rc��v9�vx̐" .8 oǀ�y�TU�@SeKJ Ai7WSFy27ZC��]ʑQ@Wv�jQUzs�ၶ60��~*(X�&�
��9�Hs٣M�Z|aC"�v~)��~CSuXfAHִ�sIP�L=7�E9c*� X�헕�ͬt5Û:t�~�@�t86nz.þ
:8*¦�i\㵹Tq=�I>o{�rAG�� 8N:6nvDG+P_P�kALj Ҝ�ҥ�d2
tЃ}vv�~;4w�"D���`B)E^��p�j?bqHl�u�#(��Ŭ샢*+tZ[A�6㙌*ڽ\
4�+'RCPy �[[- ]ϲe]y\=ia���i�?�+OF!S{%n(T8ǰata��+!�N,bқ�)\B#5�@ Z.[FAxW�(�E)[huHb/a�V#vdžǑmv$7��"V���و����j0},M�-/zpc�Xbiq^+s]M=Y n=
]�h`KWM$ y�s9
9ZĨw�T�2ѻ2IZ�@F(V�:��τ�l(QH
a�0/:f�}2Z�ԓSݝm3$l�wI*U�n�de7.g�3AG
r-Ũ�P�?-�'CeRE(H鉆�yu���u-�M�n�}Δ'({u!뺗.9g*rOOi�u�go9[{
sbgo8P3
a6+��%U>]IUF�n��I��&�B�fʿ�A5y!�{�swX�1-#Wτg!]{�R����4F]��.�"�KTT+3�jp�t�2g��e6ك�L>�G,iI�fB0wN&EM^MdT$Y~�JiXTjco*S��g.3O1�-VvmD6svr��Ds�� uK
\9.�K��LBy�0kEBŇ}jT-4:F|��Aa(c,M^U~I�4$k��{k+&zϛ(Xٖt�=4~E�1UU�@g��+Qd6
YKfY�=m-}3˹Z"Z�x:K=cV�֑��ʪ@[A(?�;ڏH>j]}R&'*1o!�Xw>�?w1y���b+|<7h�wᨕKC���
xo�K뵖9+0V�?Ώviu�4.��C>{!�ʃ<([��."@t={�.GTYn~XzO�1gHʬm|uo+_0`n}^Z'r�=P \�:
�硥OszE9-75V� YI�
Ao�N/v �urK֍��/I~���i�̣꠶e�"ߙ�C?%�rHE)/WR�ɨܼn�إu���ܝ7Q*z{ĸ~�8{/�%ʞG|7)t�w*`Y��闪~��s u(rY F�+E��85�F0H���`s�(�C�<#"]Ҹ1L-FOW|�/?�kq���C�A�[cXjt\�r�s]��X
{۔!5ΗININ�i_�!uK1�"|���#>gv�:�w�{y gi�E�m8�v'�!`�Sr+yQ,tӒ,ҝ�֠hƉR]-A��"�`چ�t`7�L�uH] �1�]N4b��U٩ֿh��i�Ld�g����d�o'7?wb\ FbeU{dǥ"\XX7f1i+fǞ??a݃d3wY �%S ��xEF+Y3#Ea]��e�fp+d?yX͑6U�Ɲ�!qއE?'4s$�>Za1Ne�<=('5fls�lZRb{�x�gr'A].�m,�ػ�5 ̂xOaFl�Hy9r�P
]�tތnSE"$G){6ıO�w5!RCn���J^?S,C! %~uX�L�5n@7i �=A��oK;)�i���&'�RW
δ- �Ճ0CEׇ��/є0]4�j]�#lգ�2W���xS,$vR��DaMLLʷ�i��|8�/mO'�) 9w
1">�IdLaz_r6~k%HO�8�I%i1*S0#��,Jqa,w2?T���<�;ٌ�@J�\*7ux�
ku?uc0*��$�g�uv��~�ʞu�ޛnv[yc�h��Iq#&}_xmH[ �c�I\Ƹ884��� K'GSN�I>��ͤU3�+�n۠ AC��OԢa3�ۓRv>x�G�@dHnUr-B�⋛'�Uy]]KzD/�e�g�ҩ��n/',8.*X])j��芢4~8�8�z�Z6Uhjn�l# ##ވ��nc�C[R�.=셭dɏ^I_�5]S~���Sfiib�;szk^V:�,D $.ɍUFhe�ݓY
=E~Pޟ{�{<%2K*xm~N.i�kz>o!�DaOy[�$Tċ�
Z?AaЎ>5�� Q$mFͪ�~Y�k�;�3AVh̃ȣ"Э|�~cMpoH[�c){
^�`�"�2~�WE??d|�ݬK3vnqVr栶JgXz;�9[T�
� qL/DƴTD)/y#���cz'6,tXz�-mular�_)RX�R8evR���Ko��S+쪾�y�-V WҴU�U�
��v'EC4��A`27�:[0�lA,���գN�8j�@��Bhgɘ@zE�R�b �'G[lℭ(q
k�uQ�s:*Tω�e.Z�wF�9�'ƽwFWB
|1 CXOՆ;G0zȟh�����V�Ѷ[zd} b@�wmq�LQ�ޏ5|�Ny\CU{|'\���XCI�Г/VO�P^s�y�(]ԃO]Ħ6'ln_#��P��r�ފ`�+jiUK�
O�di�vt\'�*d*�jV|-qіyX%|Ȥi�<���>H[N)q�k�\ԁɳWqO�gm.Tt$מ�CH
��ڹ-�U�)!e`�%4}Rsd�o<lv�&ĞLe>HFJ'�(A@_Dхi7tp�b s%nۣ.R^ ɍ��Q>�X�# �(}`"��h]f/Y9°�F�p��zM�V&�Te%I?+R,,'�c1#Y&hƿVՖnr$O}�/��tgW#�С3ǿx{^t�)��50jNg$eL_�F#��;L?%Ґ�:.�( Zu2Xzcc!NҸ\ev��kKox�,p.�ſ+Ъ`��Gwr+Q==aQ;D�
twqRK�mV%꘠
�H�v,oź�Q~%�F@���¢Y.l�a��F|{H�y�D)I�#gV��uvD(L�sO��t�z+"m0���xچb�50uBUgwC���D>w�g~H:Ykߨ_
/x Sɗ` �'��@t�`a�r�Ǝ�ڵ��P�Ŀl)a�G'�LXh~l�yН@h��к/�̞�H-ZVtE@y �jUw DŽН3m�ֵ>̄(1@Q|JL-�v�I.e~��P�5h!1U.���Pwp�fi`3Ugk=JGW&.ty�jȢ"�C�.BP��ՠ}�3ca"SqZ��}^ٝǬ|\5r�|n�8zZ�ℂuȠ�X"NL|+9FADSwoĉ`U7ʻ[�jĐ�Djv��X=H}=;sك{0�Y��,25[t)m2��ӧڦ6xK3L5�"%Ɏ�>}Wo2cR1z�zK4>�~�n 9vYs])hEuw+ʜJ�β^~,�adK�>c�BV"Z�W:F��
uƛ�'�MwХE�8�X��.Gۑ�nd@t�lPlVɍC7={xz|�.�Aa�KHU~��,@�Ճ�A+:Le
CơI)�Q.I�BjźA�=>*7p,�tq�*Th4�0��rϭӸyZB�-)m�V8�1�5�kI�
|1�f/G#��
5XĢKML'0k�j%���|{Xw�[A�Ԙ�uimT��&dE���Ѝ]8� ��#Cy
$upN
U}˼Xg9k'�"��E���$UFK�,>@66ktx�Cs2b�3L2I�� 䪗z{-��c҃_&E��?p3j˽�+ f0C42Mތ}�@�`�'?kA�AZ��[K(�+\q%=Q�=Zwd/�=0�veo{[fݠ�L*DX�[
Qhåݪ`,rJy�{G]�� ?��>zm\͓�V�"��
D:|8/6i1gZ/�U rq�D
/�S<\'rHP|eCP�EWҾdj|qzQk�
�P��hN?"N�j6�@�#_|;-��3��YA`a̠θ�q��M�2i].iSA6!�?N`BK\qU8V/�0�7Ѵ`LC|�RN״6� Z�73^�IkH~44|\vi
7ĩ<&ݤ9�)MT6']�>0V�ƼˡnECŎf~nI*p�u2QD�D�egphSo�xkU2TF+�/q
n4
`"Q<ߴb�.1 |�6o;7o�7,�}q]+x/{|܍Ϛ~!bg̣oToi@�x,"<.^ѹt�'L�PC)u43�ywc��xW�AbFK҃j)ʴ [2}ǐ7HSZ͢���td'��F,Xn�;"p�zF�种[ƽ s� d睃MnfZn��Y5�moQVV'~(qbЛK��~bK8~>{wl�]LC
S7+Z���/;�c'$É݇dP^7'\gO4pȬ;�7w%mhD<NJz��Z@v� ͚ˬ�.bz�^��dִ^:�E�)�ڻ*H(e5
Gvƞm8'��3l�Q�Q-.��YL:(؎ oo6�u3j>xyyS ��ѥ���`zY,�E/Y3c�%b6�? <4]szeyM�0�e!ا8G:AbX^�śz`0H�}:)]�J�(a>ep\]vt~y_�"8�)�*Iݒ�Dt���@eN8$¡L��т_"M/�nASi7 q$�}l~m9l?�ʓ�4u8�encNB0�!_yo*;�YE��gaOȆ25��r x|U�%aVMutO-㩥)MUĿcPN]�+cb�JxؑXq�k�=;T�H@�?#jOgL�Z
>[ţ<Ĵљ�V�6�
r&Db;�GZ!V��7�P�_M�eNFq8zTg+�2��-f-N�Ѱ�X3�8���rTQuks(̫{KUD���>|Û�7&Q�y'f&B��7C�Cʏ_�u[Gxa`?�&$����;�v{in4B��Xz;8ƛ:6F
h� ]G�<��o�O�Qw'�gr�YA��+$;D3j̷��&�$iMߖ��>6<~F�d>މN�]D1d6v%�:�0Ֆ-~�ٜXK_]k
%;a-fY��瀁�n,A&8VG�Hv�G\"IΖ�wJPyWw�S���buZ2�47ae1-Hg$C�fe85#kUܞ@ØoY�O`�\HS@�)[�9?%��>gm*;a:u惿N#:k�2�"m�Ѫ̬4�*U@��`�faë7Pd))Z/ݩ|o���Pl"B$-�^�}(&Sb_*kJR"��`��bpa30zfoh4̬�6�hY��^��GNnyz�rSNLJ_VWE
0v`JD19\)��'*�{(�`y�2#J^>��*A-@&`}O;%��(T��Axd�WS*��1Y #o�D��n�̴�jx:%�C�eTX '[&H�an0㌲S�B7�<퓏"{xGE�NϡfpU�^&_M�j��1&!0-A��:XXi&�A0k=VAQղ8}X m+I�ubs��8J'x+�BtFlwCL
����" s#^}�-�#F�;$��*gv5%�)k�6>
u1H�U&p5u 8H�́ŧ�k�iw���ɉ".7o&�s1(<�.wJ\o`(��8e^>ŹBiwp2|}hH٠�Ns(~O:7@e5k3B�翆+ݾ/�ޣ�.<ϊ:Z ��5�f�V�d�{F zǑ !jf�P>+��!0�ǓD`�I�iBc�!,WķZ缠ѪOO��+?dV�Wp7^�Bwo4dśޣc٠?|�/w$C��E�iUpQ]D0E�}�[""�29$�f*er'�H ERGH�cݴy%�W(oZ�l
kgkx`�I�rٌ(}c�6 ˛͘d=��+[Y5{�q2qܯ�K�tItv�d�blU�g~4QKk<]�b@b=%P�1zd�#]dE�5 :Ed7@׀f븫T^wު߂J*Q_'
+�P�B#>⯡n�WwQ-S%ΡK� n�{\:b!X~!xo���gW�mB��6u5Yb�RVʓ���&���jde{4mgo�`cH�[)�_@JX'FIR}���k>̹�-��Mp_91��
�"��@�Msg}�7C�䪔yV�xx? wZsr�B&bXL!)OmʥNns-zKoM.ul*_'�Ի�
��]�|P�k4ee�R
V2~d�XmCd*K� S!Q7�O�ǫ�vF�]Hp帽4s㙓G_7ٲ8럜>EQ|[?hEv�;/lp-zt.~D�
҃]�х7Gn?_ɩC@/�b
]}^(d?,ul�79�RV}&� e�A�1{b>-u�gpȜ�WO��?�Vע(D�Ũ(�h@R[�?�Q�v2~5��BBH�v�&U:ut6fWͼHVC`�I�;Vhi!ʚ
$]J�OA6ug(3/��ȩ˓4Y30C0+5<;@N�!JM2�Gv;=:� C.�9w,h yK\ɟl�WZنlUDO]bcd�1C�n|?u /C�eeo-:,X
[ef�G�;"ϧD,H$kgu/$�)g�_|WM�H�<�=$�XMnel]Cԃ��4��]�ff�T/%r�)kfտT�'ΑLtP�o�dKu@v��ś`-6vP�[R�_�2Z~@ln
�[7�ɼ!�!.Y.,gɩ7R|x2 Ir�_.w9;wlL�vtHbk�c|��3;��=䰙Q�j�� pI W$tLs~�#�v�cH'7D|�yt-ɇc̀�tK=2�9tV]P #p泂�|SrBә&s�i�{ݱ%a6ְ��Ϗ��OP�MiG$2rM��٤"`xE�/�bM﵇Q�L� ��j)EY�Nn~�Oq�HlTʁ
ۏ&XSx@(
6\xXy}9fGua�ۗ2s:P�#Q'or>�v�[\Eٰ��\!�0o��4�(:�:̂ɟkgor|Q`E>X̱^��xe8wn"�v?j
�+��1Rt��%pZ�
yT��ʹDϱ��ȷZz0
�Ϡc[Ö���c3%81 &+gEB6S�?�(k�ȀXf8v�`�"qևD=Â�k܅c}P\ߐوWOQEXN'�CD.�
>�=�[�x�*�Qö�6@3�dE7՝a��ď]9��㸰ży2�ex�)fZ1�r5�VY`vj(-)�l�&
a�dIa}ālV#JćT�Qnz-5`Q;7��Em|ޖ|8 26
@��7{�`#�aDg�3OLCò1 �isw@�*1l);@>ϸ1HmF~ʈp�ܱ��~֞1�T�-#Aa�%rP4WKE-lna7{~$$K
ZN;nԜ
=ŬM#4MYDBglQN#2j䞇�gFma|kIe
<̢=qĕ֎k�6oky;il+/ZG�݈O�NK5lZ�7WC
�
�7��&!��뽁Ց�]�}/����j��9]�U�h2=h��Ǘl;B诓Y՟߉b+#c7uRi�=�QP$h[+?3e wP&E6nDCϣ݊ۋfgw$8P���/*�Ů7o|��WO�g�υA|�Ko�
P++OyA/)(�,�Z
Ldi�MHEE�3x)W
, ��DVuUD�ЀL7�>��yPaT*l�q�� +؋a- bƵx;j|Ha�a�@zZup���yy%$cc ��(�C2ɴ 0ǹ(c:lJI8`@-߈
4BS�Gf@^�a�5�ZT\$!uRQ! 8l�W@`2w¯A�o@f1
�i{1+n6Ê&X�滖!�*;) &|Z2i{[�U�Y2-X>�Jڭ
�O��ZPGS3iŵ19G}źfQL�P9wQZV�Ys��M�amɶ#(�&k
�2@ts�#5,�k�O[ �LQ1ק{���wJ$�Nc5]!�[pG�;�~HFC{5]v >)>�:?xodDk1~gD:z�L%LHXʎuPM�zG�j��mX+Ѯ�pĎ�ZPLB
x=9Ј+w�ٟ\Zi*�n�⼡>GZ�̪�Z��f�|��^J�b�5ʨfHg3p]�Ej&��'_�S�w�"1k�x9�v��w�ԵHd
�Հ�gqgG0:x1�j;}��\<*uIE�� ]L7@TKl=�c�N["yP�O@+>�}w�x0\DL(�$b5U�>�,Rî@p44�L[_�*U`]%�!&�"6�ùkW�X@U�
,j�>
^!D4=�S4HV@:�J`NJ�Q�FV��m_�dk3�O�r5^|E� H #�2vցx�!F��9t�%0n�p5�m��\�`�U7F�G:]t{#�?ܥs1��2;5Z��U/�]Cg3�L5n�9�k-!&M/]3q�˹'+v-
�OdOۚN5zQ|�Xb~NLo@]v�8\!jpcJZN5�nȟuh3���VKF�W^Br0h&!M�])W�)����L/XtAJG�?F}lFD4�,˖
�xT�M�-L�Yv! MRBl��L�HYVk�$�xil?WAKWʪ���(L؋.$6":�rDؿ�1w@�*\LkfF;�Ba*孝+
wS<�Ҕ�ƑyVV�U[e
iK
Dq{;.z?D}�iMb][cO�+0�A"�}DeXy�>''υc��Y�/�J:��]5�,En^�>'E>g&f�y& t@ܑ��#d^[`גV
�0
G&�X(Am�wWͺ(U
mKql>GZs87o4?0͔-WnC@$ �i�4g�D@Lj_?puE�슦 EG}HV=g<�Z���5oV[�]::q3m*q;%z���:\�Cyrq$Ğu<$7|8ڴMhp�ٞ�e�FI�v�$0�r+KHϨRȝAƚ6#)9OO�wZg(.hp#9 0b9�4?7>
Ӹ'r�㔸!)DYA�S:v*@=ǭƈ\PQ�v p*�a`a}�g_WM&C6W2h�i7D�/�[R*"��
PO3joYPڷZ?-r/I�<��Qju=�$D|
(L �~�L�vw�nY��G�?ԇ\u�ט;�@j`d��KE��
.hZ-4!��ȍ%2F~<�o�gŵߵ�2vXb-b>RaFp�d,αP�5�/�~$q^����ы&3eg2ng9&��&rD�Ռ�� "2))%xx�a%_pƊ�+�ͅ�Vݛ�ػg�c�\'_Z6}vS�
kjU0ꭀ�.Sڃ˕#|~uU}l4]N#�!H 7YT�F��n7˚&X43/(|,BIc$R[Zg��4� sPI1��WF#Q[�
ۡU*��E`�`Pv�c@�B
�T
nХ\d"
�v r�9
n~fl�x橫N!&'�wZaqC<4}�ܲT�U3�ӰՎ͐'0YjZ{,#\퇧,]^m�IWW-/@Bg 1Gj,y\BɭG��yo,7(;y%��ZxMw9Ε�
6߬8$�SVQ�� �IʕnE|
./j�jJ7��p%$թc?se�'!_68�Lio�8LN-o $nNX8:nJ$HXL�Gganwa@�1c�EPrn1r� {�YQUu�'ww̍)蠌FK&�J\f$�
zwkM!ty�%#N*l��ClG��)W0b�`yOH?gΚ|��Dzg[!l[tp'C(�x>� ��CGŕ%NӣbYL�*X�L
WY�XHuĦO��d|~��m5AAeL܁�ܥك`צ(uv2��W~YҬJ?6�js(.C
ݩy�f�18fJ�~IM*a�ۃvX\w
K�&| ��%FǍKdU((�mwu�z¬��z��טbױ�{&HnC[ .�aγӉ3!IB40(���s"{|�r14�x>`�sض�E-
Uݻ�!yha`�?g'l{�G|,A�W@fSIU!_�c�Z�}�<�V�_3Wx0p^�sHj�g\">ц;|�U
`vwn ��UiTs?l�4��`C�WGs�AbJ\ě
xMa~�`jc�tQ&����&�={[UȺe�xއ@іgC휹|�9{/�z*Nc"��U&�+䆋�urؘ5ܓ�a���2.G;,�8;}'|�$,[^H2{<:�$ dB"KV$(���B�MYx6M/�y�fntK|YNN�r�Y{,�pf?yJ-7!2�y
s1[
EΎ|Zx� �h�Yދ[@dkew3e2dKJw4קr�(Mԁb,�<^igq;侂˯�I�yQ^�CU�ǹ�Z_y}Mk_C�^�T%�謴>7tN>H\
�v����f1�1֊Kҋ�q�z�bM/?uH�q0@ �{i�ove�
�f>uSfBjȓ��X頝v=ha�Nf3�NԟiD �$՚r��k1�v1&�������W)aS��oΏxgtQeEFR-N#V8?s3ޞZh�ن@� U�%PU�ZFP!_�
\3KT{A� wX[n @{(���;B8��uj�#b��j�_p�:nBu`(݄3Ğ%�h�pcNQY��roCǞIY��B-%2~켟T6"l߂*Y)k�5"掷33qâiR9o.C�>%j\6}Ec|3�G}W8I(�yo�Y�u�;��]*mǪh�[=yZg��w�1C"b,;s37OLXnO�4���ө�*OC�}�e�=
Aƿ${y;byd?q6yR=�yZ�-r'r��@=Ev]'T5_�z�܃2se�m�!J@{�e1�߇��8̜#�,��;�tɫ4hXw(�;y1+p�
h\RHR V�:tޚl���n.B'4��2�QD����TS(4~>�/�Q�#3C^T)vӠag�(C�`W`g)<�=�ħ8{|uؔ2k%'^ig]8�O��lkP;kJ�D���W?7D?AM$>>.�È�]J�L%�ͯb5|!I˨Xj&]r4K�
mc+K
ϵ�nQea
.��x^�
.5�8=�w]d�ERo�7?"HZHp)(0e&h�>cĩrGl�T{X@^et&Ս [ͅ
ވ'п~B%��)4��e[R~ay�0&H57]2$. Q�O_V �3�xshs}J_2?dn*
U�8�c.�ΛwL<")n��s*R�yO͊=yq�3�جf5Y#V�1�& A6Ywj �`E�iʫ2!O�=Nx[x��yT9�
'(f7�/)D5�䫭6�KH`D�!ě�(�c P#�~��(���Я]2�g^�U�}81O*u0ܑ�!����txd������
YZ