krb5-1.12.5-25.1<>,*\E/=„{?a@^q}a.䶩Gס ҮV`̩16&͚K(g_poU¬ ,XMj-<=b!*>-S@ƽ=,[KeEFLA#;D`8w^|AW-]ѺZuI 7$x+L,;|3[wAÙЀWRwa#W#~ ^34}xQ>0Fw\Wi /è i[ɮK:>Cr8?r(d  ;  1Rsy     s Lc ,( (;((8Z9Z:.Z>b@bBbFcGc$HcIdXd@YdZd[d\e]e|^g- bgchdieifiliui,vi wnxoDyozrCkrb51.12.525.1MIT Kerberos5 Implementation--LibrariesKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords.\Elamb696openSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://web.mit.edu/kerberos/www/linuxx86_64/sbin/ldconfig ##################################################### # krb5-server preun/postun/pre/post #####################################################zn=Xx0 cAAAAAA큤A\6\6\6\3\3\8\3\8\4\4\8\4\8\3\8\4\8\4\8\4\8\4\8\4\8\3\9\6\6\6\37ca43b68c073ecd0e659e8233ff6ca81199a965db0de33cf7fb26ede409be7d173c800ac1fefe066eb9f200c6bc6cb3931d954b7a010d2bbf07fa8c159c90bfc12d27ce5bb262210cf2d0de0598758b8c3451f5f6e34ab4abe1e281b4e44f8752127e6c2f97934e3c469e85f41059225547961c240152d5492f081e755e709a255850c7a042c1aa36cb62520b22cb17a7dd63e222552e75a7610520ec254c5cb45093959378a3b8fabf1d536ebe5c0a53742a8213392c78e8c9a76e2e9228b16405529157d4850c8c415fffa9cb8cbe3ee87296f16026d48076244c35704c994libgssapi_krb5.so.2.2libgssapi_krb5.so.2.2libgssrpc.so.4.2libk5crypto.so.3.1libkadm5clnt_mit.so.9.0libkadm5srv_mit.so.9.0libkdb5.so.7.0libkrad.so.0.0libkrb5.so.3.3libkrb5support.so.0.1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkrb5-1.12.5-25.1.src.rpmconfig(krb5)krb5krb5(x86-64)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(HIDDEN)(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libgssrpc.so.4()(64bit)libgssrpc.so.4(HIDDEN)(64bit)libgssrpc.so.4(gssrpc_4_MIT)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(HIDDEN)(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkadm5clnt_mit.so.9()(64bit)libkadm5clnt_mit.so.9(HIDDEN)(64bit)libkadm5clnt_mit.so.9(kadm5clnt_mit_9_MIT)(64bit)libkadm5srv_mit.so.9()(64bit)libkadm5srv_mit.so.9(HIDDEN)(64bit)libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)(64bit)libkdb5.so.7()(64bit)libkdb5.so.7(HIDDEN)(64bit)libkdb5.so.7(kdb5_7_MIT)(64bit)libkrad.so.0()(64bit)libkrad.so.0(HIDDEN)(64bit)libkrad.so.0(krad_0_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(HIDDEN)(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5support.so.0()(64bit)libkrb5support.so.0(HIDDEN)(64bit)libkrb5support.so.0(krb5support_0_MIT)(64bit)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   /bin/sh/sbin/ldconfigconfig(krb5)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.16)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libgssrpc.so.4()(64bit)libgssrpc.so.4(gssrpc_4_MIT)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkdb5.so.7()(64bit)libkdb5.so.7(kdb5_7_MIT)(64bit)libkeyutils.so.1()(64bit)libkeyutils.so.1(KEYUTILS_0.3)(64bit)libkeyutils.so.1(KEYUTILS_1.0)(64bit)libkeyutils.so.1(KEYUTILS_1.5)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5support.so.0()(64bit)libkrb5support.so.0(krb5support_0_MIT)(64bit)libresolv.so.2()(64bit)libresolv.so.2(GLIBC_2.2.5)(64bit)libresolv.so.2(GLIBC_2.9)(64bit)libselinux.so.1()(64bit)libverto.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)1.12.5-25.13.0.4-14.0-14.4.6-1krb5-mini4.11.2\@\4[Z@ZH@Y@YYY@Y@Y.@WWE@WwW^@V@VwVVA@V0U@U.@U.@TT$T!`SS;@S@S@SK@Ra@R@R@R Q4Q@@Qn@Q@QQU@Q}@Q]k@QZ@QR@QLGQC @Q7/Q4QsP@P}L@P}L@PyWPnO؀OЗOF@OJO'NxNxN=@N=@NHNNS@NP@NNP@MMlM6@L8LeL|L|L@LT@KKŮ@KK"@K@K@KK&(JJ@JY@J&eJ @Samuel Cabrero Samuel Cabrero ckowalczyk@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comfoss@grueninger.dehguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comddiss@suse.comvarkoly@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comnfbrown@suse.comckornacker@suse.commc@suse.comcrrodriguez@opensuse.orgmc@suse.commc@suse.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@suse.comcoolo@suse.comcoolo@suse.comcoolo@suse.commc@suse.decoolo@suse.commc@suse.demc@suse.destefan.bruens@rwth-aachen.demeissner@suse.decoolo@suse.comcoolo@suse.commc@suse.demc@suse.derhafer@suse.demc@suse.demc@suse.demc@novell.commc@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.dejengelh@medozas.demc@suse.decoolo@novell.commc@suse.demc@suse.de- Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to suppress sending the confidentiality and integrity flags in GSS initiator tokens unless they are requested by the caller. These flags control the negotiated SASL security layer for the Microsoft GSS-SPNEGO SASL mechanism. (bsc#1087481). - Added patches: 0116-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-cred-option.patch 0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X.patch 0118-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-for-SPNEGO.patch- Remove incorrect KDC assertion; (CVE-2018-20217); (bsc#1120489); - Added patches: * 0115-Remove-incorrect-KDC-assertion.patch- Fix for resolving krb5 GSS creds if time_rec is requested 0114-resolve-krb5-GSS-creds-if-time_rec-is-requested.patch (bsc#1088921)- Fix CVE-2018-5730 and CVE-2018-5729 with 0113-Fix-flaws-in-LDAP-DN-checking.patch (bsc#1083926 bsc#1083927)- Fix a GSS failure in legacy applications (bsc#1081725) with patch 0112-Do-not-indicate-deprecated-GSS-mechanisms.patch This upstream fix supposedly fixes the issue resolved by the previously released workaround done by 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch (bsc#1057662 bsc#1046415)- Introduce patch 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch to all legacy GSS client applications to workaround compatibility issue by setting environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value. (bsc#1057662)- Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch to fix CVE-2017-15088 of bsc#1065274.- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995.- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)- Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)- Remove main package's dependency on systemd. (bsc#1032680)- Remove unneeded prerequisites from spec file. (bsc#992853)- Fix CVE-2016-3120 (bsc#991088) with patch: 0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch from rev128 of network/krb5 (bsc#982313#c2)- Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)- Upgrade from version 1.12.1 to 1.12.5. The new maintenance release brings accumulated defect fixes. - The following patches are now present in the source bundle, thus removed from build individual patch files: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch * bnc#912002.diff * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch * krb5-master-keyring-kdcsync.patch - Line numbers in the following patches are slightly adjusted to fit into this new source version: * krb5-1.6.3-ktutil-manpage.dif * krb5-1.7-doublelog.patch - Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh - Remove expired macros and other minor clean-ups in spec file. - Use system libverto to substitute built-in libverto. Implement fate#320326- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character (bsc#963968) with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request (bsc#963975) with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask (bsc#963964) with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch to fix a memory corruption regression introduced by resolution of CVE-2015-2698. bsc#954204- Make kadmin.local man page available without having to install krb5-client. bsc#948011 - Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch to fix build_principal memory bug [CVE-2015-2697] bsc#952190 - Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 - Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Fix patch content of bnc#912002.diff that was missing a diff header.- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass patches: 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message patches: 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries patches: krb5-1.12.2-CVE-2014-5353.patch krb5-1.12.2-CVE-2014-5354.patch- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff- Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff- buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Fix null deref in SPNEGO acceptor [CVE-2014-4344] krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch- denial of service flaws when handling RFC 1964 tokens (bnc#886016) krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch - start krb5kdc after slapd (bnc#886102)- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) similar functionality is provided by krb5-plugin-preauth-pkinit- don't deliver SysV init files to systemd distributions- update to version 1.12.1 * Make KDC log service principal names more consistently during some error conditions, instead of "" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-gss_oid_leak.patch krb5-master-keytab_close.patch krb5-master-spnego_error_messages.patch - Fix Get time offsets for all keyring ccaches krb5-master-keyring-kdcsync.patch (RT#7820)- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch * krb5-1.11-pam.patch -> krb5-1.12-pam.patch * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch * krb5-1.8-api.patch -> krb5-1.12-api.patch * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch * krb5-1.9-debuginfo.patch * krb5-1.9-kprop-mktemp.patch * krb5-kvno-230379.patch - added upstream patches - Fix krb5_copy_context * krb5-1.12-copy_context.patch - Mark AESNI files as not needing executable stacks * krb5-1.12-enable-NX.patch * krb5-1.12-pic-aes-ni.patch - Fix memory leak in SPNEGO initiator * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch - Test SPNEGO error message in t_s4u.py * krb5-master-spnego_error_messages.patch- Reduce build dependencies for krb5-mini by removing doxygen and changing libcom_err-devel to libcom_err-mini-devel - Small fix to pre_checkin.sh so krb5-mini.spec is correct.- update to version 1.11.4 - Fix a KDC null pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. - Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. - Fix a number of bugs related to KDC master key rollover.- install and enable systemd service files also in -mini package- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs.- update to version 1.11.3 - Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] - Improve interoperability with some Windows native PKINIT clients. - install translation files - remove outdated configure options- cleanup systemd files (remove syslog.target)- let krb5-mini conflict with all main packages- add conflicts between krb5-mini and krb5-server- update to version 1.11.2 * Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch- add conflicts between krb5-mini-devel and krb5-devel- add conflicts between krb5-mini and krb5 and krb5-client- enable selinux and set openssl as crypto implementation- fix path to executables in service files (bnc#810926)- update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - changes of patches: * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: upstream * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: upstream * krb5-1.10-gcc47.patch: upstream * krb5-1.10-selinux-label.patch replaced by krb5-1.11-selinux-label.patch * krb5-1.10-spin-loop.patch: upstream * krb5-1.3.5-perlfix.dif: the tool was removed from upstream * krb5-1.8-pam.patch replaced by krb5-1.11-pam.patch- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif- package missing file (bnc#794784)- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc (bnc#793336)- revert the -p usage in %postun to fix SLE build- buildrequire systemd by pkgconfig provide to get systemd-mini- do not require systemd in krb5-mini- add systemd service files for kadmind, krb5kdc and kpropd - add sysconfig templates for kadmind and krb5kdc- fix %files section for krb5-mini- fix gcc47 issues- update to version 1.10.2 obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time - Make PKINIT work with FAST in the client library. - Add the DIR credential cache type, which can hold a collection of credential caches. - Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it. - Add the kswitch command, which changes the selected default cache within a collection. - Add heuristic support for choosing client credentials based on the service realm. - Add support for $HOME/.k5identity, which allows credential choice based on configured rules.- add autoconf macro to devel subpackage- fix license in krb5-mini- add autoconf as buildrequire to avoid implicit dependency- remove call to suse_update_config, very old work around- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529- use --without-pam to build krb5-mini- add patches from Fedora and upstream - fix init scripts (bnc#689006)- update to version 1.9.1 * obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif * replace krb5-1.6.1-compile_pie.dif- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery- fix csh profile (bnc#649856)- update to krb5-1.8.3 * remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif- change environment variable PATH directly for csh (bnc#642080)- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)- update to version 1.8.1 * include krb5-1.8-POST.dif * include MITKRB5-SA-2010-002- update krb5-1.8-POST.dif- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)- add post 1.8 fixes * Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512- update to version 1.8 * Increase code quality * Move toward improved KDB interface * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals. * Disable DES by default * Account lockout for repeated login failures * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility * Anonymous PKINIT - fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347) - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl- add baselibs.conf as a source- enhance '$PATH' only if the directories are available and not empty (bnc#544949)- readd lost baselibs.conf- update to final 1.7 release- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy. * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code./sbin/ldconfig/bin/shkrb5-plugin-preauth-pkinit-nsslamb69 1553779013 en1.12.5-25.11.12.5-25.11.12.5-25.1krb5.confkrb5.cshkrb5.shkrb5pluginskdblibkrb5preauthlibgssapi_krb5.solibgssapi_krb5.so.2libgssapi_krb5.so.2.2libgssrpc.so.4libgssrpc.so.4.2libk5crypto.so.3libk5crypto.so.3.1libkadm5clnt_mit.so.9libkadm5clnt_mit.so.9.0libkadm5srv_mit.so.9libkadm5srv_mit.so.9.0libkdb5.so.7libkdb5.so.7.0libkrad.so.0libkrad.so.0.0libkrb5.so.3libkrb5.so.3.3libkrb5support.so.0libkrb5support.so.0.1krb5READMEmit-krb5.mokrb5/etc//etc/profile.d//usr/lib64//usr/lib64/krb5//usr/lib64/krb5/plugins//usr/share/doc/packages//usr/share/doc/packages/krb5//usr/share/locale/en_US/LC_MESSAGES//var/log/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9926/openSUSE_Leap_42.3_Update/571efd8762c279690e1aff125557475b-krb5.openSUSE_Leap_42.3_Updatedrpmlzma5x86_64-suse-linux    ASCII textdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fc52d1aa91fd7f18f8fc63e619b343e30f7473ed, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=617bd42e1f493bccda851bc7481357a3e32931e0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c5feb7a734c4cfbc386416907e35705b2527689b, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=47a542643d328759a47ce7f020df08677a1dc9ec, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4b6cb0fa16cd8f4c1975b32ce336fc7618564127, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d0e3605844659fb8274363070907984c8b8157a3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3f4cded4ab28c6d37700001c13fa996664f39984, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2dab7a27154581d75016d2382dffb8c15894433f, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0c1e73af67f32f5b7c9707877f920daf636f3ab0, strippedUTF-8 Unicode text'<Ser   PPPRRRRRR R R RRRR RRPPPRRRR RR RRP P P RRR R RRRRPP P RRRRRR R R RRRRRRRRR RPPPRRRRRRRR R R RRRRRRRRR RPPPRRRRRR R RR RRRR RRPPPRRR R RRRRR$RPPPR!R"RRRRRRR RR R RRRR RRR RPPPRRR R R RR R#RRJCG0D?]"k%Lyv^t7vV 03I7ElnF>`coܵ<6mm=<8)@r,ęKKi4ߥvYK.4w|`~*C"D'xn66HwrbSy4% u|G]_3%KGWՔIyy{tc(VKh\Qmv#?y<"vTQxA a%j 6[E@֑h3?>xHMB#@vH(`ي۽r iLWqgda'VZSjAOI%11.&\R{S1ܠ!e hh#P)}:ַ=X%ۖbҽ 1)MGeYM#k(S|Q ~FXuGusIW+|[h%IelR*L*,Dd}%0}v6DŽ4M&>pikSSYhέhgoK ,(ikW~GRa V]M[ Zp"}ҍmzWkKwHVY2BIҨW3v]2R\\KDLѕ5 }}xTɱ-&XraFβmNgNA\K +}#`?92 GiU+e+ajuu42Hd:JcR,VXCЛ[y0O-&x*|93F˳|r3pnˢ,-?M0 FJ[&z`-8V/r' 햓zr gY$i^(,,_ :UłL.#Vor.Cn*?R߁oM8,^ϔk,EeY*D]<vB3~~~x˟*5b1?+Ԫ+z V7kѻ'ꨊqdP1^YήՖU# F>BHAG^`1%0t*=!^[ CDP kٿ+!EH^AQ!jkh=ԹKrz$:үEkʒYvSܺTo3Gٹ0; ɹr>҆) !uhIeVtnW 8L`w>3G8'vId5$+H Y*[Ƈс,ffT'|jCxO({[:TAnal˽,#Õ3/6&qHؚ/\ [UB#iڶ~Cטv:sS+/}Kᨚxa }5]V2 LŀvHP,s6şv T 3H# GW=C-_cΞ>HifN"t'aZ??{^D~-!QoqAAEWh[VaurrT t[b_G/xaDmqY~aCݧGLŷ\(Zo BeCp078q/ grnR)M 5JN,-ۃMV;L`d#yڎL͟~KVO[8OFܬ +Y =9Dձ-.DfNT,ptHBdW]GzhA+="i@0 Krrk{>6a+>}C WoZ4:ԃ K]αs '+Д4NH*E)T~)J6Ux'i iSDI!NhkPHJBh1Kh t(jz% S]BPP2uRG+"Z2Qu]XK]}U1gW 2B}4v"ff O|}XrD2B7\!S1?fe囄X#P,V^ͯdA/ ]|,'[G/a^H-b0[;.gMåWG$#u1V$"T-{!Cmg~xnɺWb,``PUY$/'hg*/|)Ec ݂[nF48q!t!VUٖYgQQV<ԵeA6J# jpo°Qg%&v4CK\QϱFo -+<-|xZvRF#ǐuS®z^RG/OMuVa#B{܈dkC!]fNT =c:[I.i Ϗ$q.sgZ:S`+,>)ĮäQ8bI?ad&}ȋ8C.p=Z%m;'9u`(hch:랓?H9Zts-gU7b 'TPP ]+ACjg0KcMݫ_]vA:xeA66B=/@Bq$[1u"#ZWӢ :n&P_Exy)uuY{IKONvMk n=XZ^qVI.S3^MY@5Yl\6Cv7V 3UDwJ [4HE"0n궮fC7: e̎d\ 4V<\؅cq3e,R͹95q /[ )1PݨPU1)-`ɟPo]xn0Spq1%k alY:N Z?B .ݜ׃y>t ^8eC:?b0GuI\qhߓ(13DD0e 73pv%2 (QA!yqhl*(]1! z :,dU,Y*?nph w'8ۯi=KBul,0|V5` 㝪U#%B?m!mT-R#QoЮ0-4|F< iB JFπ8^вKrusTGL?{ pYR&yr+l-<C%SegE~2*#tSEߝ*3uȩk2pl,QV͒0Q (?lh\ۙiKP|r_'SkԥoqNN Qa-$öZ'A& Svxd}HǿψKҦ`Lq5E|f8OQPĴ糖RPC5-.< rRVcغoJE׻kwvCS6lmwz55BAr<#Q4:QDww@nẁt1 Z3y/BX w”|^|Hb 'v5؛ٟl*-VM_NG]CiC]Djvt&SJmw$6\LHK78EVI _(7,./U>DlxS/vZ|˟,%R_vƪYa)ཀྵ5e%8\;v>4;CIڴ l 65Vn8I*n;rY jig-6͏ 42aX?Yr>\]'?O4$`%)pk\ '%Awq(X`怶tAdNC-Jwʤn6Fpx2Fb`ih-Js20:NyX;-}gKZi^׏GžжHER2ۡ*Y4~zRh GV58i0#vhahQL@ꭱf|fV iQg ?4'p9!P.XReSiɅ,VZo[WJ2/Q(/ i2P1>JtɅȹZrSTQE_&"ZsjN,m$Ćl  ߙkq'r]/1)FkԢ#KP</CAf҂"xa =XH7t/2oW;R868]r\n~|D:yY WgK~*8U5 $@M10Uhl)f:`-~uB;^~ܗ;fjՠP $ +7]\ Kk9gON>z:w?˨{:jZ$e-n TsCG Jne=j"ʀ~3 =h m!iTBYh77pخ~{;lx#CޢIT2_ |mĭuKj.X0nInHUw%v9\#_tBk91s C~*>̿ܭ9 '&m?far> Gdfs]* [FtG1to8#ux/h׼y 4>>+uȅףh $8ٜ)?Wv|ܼ%'Y1hCBR eDr:07ۀ>[Τr(\]>AHE<d@ /,j28YL6yًu2~kmr@is;[?oElq5D[J Z sXYnbޕsֶ.ed ) q`e{bM&ٲ5˸z]Ңb?r]10BqgV#; YE'X%l)qy/y6&x=ilyD;{zS*t^08gdzFOQUCHP#ox_7$bx1;_7H4RÍ*gBL|'#J)Q["c0IjON(Rgi=DFF=,3ȯ}|9XNPUxIn~%^-dp"n`/Yr4FQ%Fڰeu9#$Pl|J70/1aڹ ق84K -_BLԦN+KSD4/pdF{{!^Z=^Vx%fAV&ܨ^/CpFOpwD6!קBӆBY*cL+ V/T@ =Kp-8 8ChP:m3È>y=/ZY*02Oh>uXQh%iA M:ϓIB#CsL̳ϭ"侐Ì:ԍ]>8mzA R [ڱr8wyt,,ؓ"6 K"L9o֑;r!>\ҀFWf}zf[7s &骉X]gg 9wTjXyV?qyE=0طRBEe8~_-ħ@2PG)֐\}ʾTĊ)L] BljAE䃾O`5.؛^vq\ҷ> BU5 3ҹ7+'3.[Q\MqaO*{*'R?uIߚZWxDS^4Qm10y : 6s #8n2&V:-o4A~rEKdCVEf-@cfU_4: %i4C'0c@ #e{ uM!L^D6HS0<Ǒ:A٣2n~3zVͨy&&h ǾMI0e^ asw=U?R9L%I^-l fbM fA:,6Df7 ބ䬁' _1yN%,Əm|Ҟz9K_u^@אacAEG-{Dth|MbMI&IU!Q3`l w.VN|L>V1"pjKbUYY]鹶N[}:B揁+߻F8ώ_Ɍ,V594nt, 1n?scOc4T~N62] 5}|{e;LȴM? -h~\WOG\hz&]Z4JBJfjٜ'E )@80]䛐CjR\]B3"l5sw1bndkaX6@>{`tb|<F!a^aTN T^"p0Yƛzu5+eh+ޅqXr^_^nwe 5sNZI؆:g9p$n["Bn}tyVvd Lo9ۇБݼbEǔ97=7Y'tiuI&2#!l>HY1SF`!S|0M~pOa$A">j4g3YBb/B{$ih#pA$ߔdJZGd MsT*yANyR~Ύ㦜sA0d1i̔yݼ֍̐=l\B_?S?CD?K:bu/׃8DM `ʑqGϻe(NcӁ >BAypr" yua.>8{MQ;M>֬z5`^Ibq'QgȟWՁ'S QwV@' 3+xf[_jn8BYʓ2\;_G ='=Ax|d%k~D >۫MhsYN:gs{Ҥ!+ 8\^^"ǀЫqo*~P&>(:l }z- FX-j{s+A<YA,t=kH6"z! r$_Q ք@WTCUm;8 gGvdm^ҵheUO?H>KЖN'tə_ ']ʷLDW .Hd=#];b6&H aKSKG+bjgbǺb hiq171 ٚwĵ*΃ Թ&MQ :6#3XKu]cMO3k [H P0C3Cf7$b57\YJlr$Z.i^u>1$-gב&ThD,ꣳRPawž-8m|a%娎A2hRgGl;G܅Ui#H?4g=ElN忭v-\`71o& x ;N~:F%9M{Ng8N ߣâKMD>~ܟ ,b~BNzbOhᗸW|Hb_-.I`?61"@iXS|g?C$wB@(\} ϑsj_WhP 덜 V Q؝*"ʠL~ָmWDFNYRKپ8$-|c33*,r']l (-El+Muc0 }D%\4NBB-l'-)(n`A;}]GM}!2Gn=l{̼ޅM /' Sxy |bΨf.0zS0vfg-KX9;>A-,b7HnB@|0c^d#G (q"=UQwM$&|CW\ƊK@8G'^?]"{r)F_ߞפ!㇐Jv٢TTI(~ ڠbWq?-^*˥Xi!Bgέqfh<ʇr $8׈)8"tm:HQIwM2Z)Gт3W)+fݜKXNy];L*>[ncѧU,0VQ4X,ٍ'Z:]n X!slhw't@%2 49U>qxvw:ՆG9IoS7M"hnlVR:Dl'McLO+PY|cNή>3GBXx3BM^:He|V80eEM60}´ ({0eȁ쬞VC~pPI\]R+aFFi0Q#HhS C)f ~{|\DށC4Ê\JJ,[ Y ̺P]BRʮ- Rul# ޛqRb2D= e|C>=!=ɤ:T Ra '=ICPaϷ%RP_I%ؿferjS2FŪu+./W4rNfKa@ /FWE44c5"ѭ'8[^A>*ghetJw<>enl[(쫽#H )w6yؽ;oQK_wg95*w|yv<2iߓiN߭23YG.u]Ͻb7-fVnl3TtSJk ,"Ǎv MUn^9,,X/Ab']).Kff ˬЛu#[Ԇғ)m P3[-A{VW.7B /K6"hѦ5c+\jyho-2z:u4Z`׍y ؤ@Vo{iUt*a*Ts @'9NVtG}3|Z3P kѢ^ RTƩ"yYDӊV,psaҮO^#(?0c$'=?:f1(㐰Y?wi[ 377/EF[W@'flz*['Pǟ @6(¶Z!YC]2UnXA`qT 6yȷ$Cl LϴsGxEkKq >HaV47 |\X8oC[< <6޾z&V\yHyx/:J9*#!Q~5JW#fd4 ңOu=7viM_Da'mrUok"9ʆZr#6 E Qls9Q ӱ\9 bؽ 淂bxveG^~&5HIzxQa9ƃ!XX߁%HD'܎"!9$5ݓgUP'qUPK#Kb-+BG!-IjZFЂ䎳+iP*p4i<(qV"*ݺT82rjj/^_tf[ T;BdM3ZyCnh,v7E{ulw}dƉ|.Lq,zuhDoJ{W)G& a9RE[z70Nh RM4JKL~yl'pI-O'jv?br0&}iPV2`a3iwibxpŜ\mMVb،*X|qR)# Zp O2ATz ZަG골3D:Kh,Mw 7tEt܍%p#t?o72qLxUzuBՑ`$ln ( o<ƞۨqho*^'#jB#{t`cI/s)q)rBC<H|`4Em;]Cah8[V6HmɄn7g/p: J)oiW2+:Hb͕&/?I =&1.=tvω6"feoT}'#<<:G̜~YHHvta"\X(ߵEP? 5w2(J`$6EVPX78n(OkSx%rۭ^k 7c*ߓQ8[;uBvC=အ?G._h+3<fx޿/3z>$C[EpR}|8ao+ ]K7'%iFyJttp)(ڨangnO*X0US9Ѻd ꊺt0PĜQy†vDAuf,UtdG&r̈){dclcsJiT݉?NfbLhʖ}ஷۅؕ`} -\LGnu8VHUN0[yo (q&ڻT) |!ܓf F]m}=!.OqBtZL}]Y Ӹʁ0j̨6|U':Ҧ[۱ vOxJx]y@gVMp6 7D"d&iGߡM"pP%BШ#l]\(FLIcкNGSS0Cd`ӥ(eLFlKH)dY-di Kɢ Wf߉{uKx*ӒvȽJP l$ܯIU?8M4>9z]9JhJ.VCi\u@jaFϒSMU_uj|R6TdI0M <p1?up9"y pw=Eü%ܓsaqK{#71faZF lA3W\FȀ* d> |܉~:@ƅ c,9\?^ߝ"LmwZfM> yUyU9"JGxW+ȍ6Mt/X9_Wdp`f<NIj4B]7=ݨ56=NNG:q\A7w$:[>%t $SJwoBS*L6\N?j;>z ˋE8S.Fq?74B;0-OƀPT7zx%h?j|PqR IqN Jfu@i e螜QV>֋~z}1=@;W5B̺L:x <$-[ !?)PM=u܍g1o&ER-!g6L\oH>YT>gûDD&ÇbYfil#s|늤XHb)IὛ.|\NEM'ٲu6_*v"dE{08VA\Al?fLMsΞ9ZjcAg#M[%h/nDpM-o hǺ|ܡֆqsҏ*H #FO,NTNe:(QN/o3iҰ',POFGB>$A5;aXoJy2ɚOȁgj!o| =>rUM\xX@e?#t4{ƌyQQvB\iTHԷmal<ˤa53]1]%aHIn-RiHٍ7m iaha|$򺭝Uc92=Ƌ#njyՅ<񋖜lr61Tg'e bXƠ7:Ѽײdc6ғ:wYT[*?/&V Ko}`ƙ6# xe;.E2/0@79ɼDg UoZwΈG?͑X"a݅BHpD7=Đ -]MZǐezrj6Bd\ bh+Wٸiq[$mUL8,Å0:gyǒ@ҩ6Ml+v dh5wa.H5ć\npD|~ZD:h *la:e'r1-`֝ot9/t$m2=~'LRQjɮJ0Z(*_(pM8-Z*B@:O Dr p] v咚42*M|`h8]>>xfsF[iB@1O0I;\1Tƌ:`ǹm+M!ԻI,\"~ NYV|~M"!` a%@^e *MXF,η#GITIbcPV6C-.,N">Kav*~,sE e#/T5nZ}x]? ZI4:u v}k ea-_ȸR<q<QZJ4dA*5#r#Hu[ݱWY)i9MexُôZ:l'rqqeb6C{' r\AkF4ufc'/S֢jF> [?;j0.7)rr7ȿEy=0wle7g>ULkasI:C{@Cf:Nhp>R!)bXmI6nEHROهՖIVē_ 2Iw_P__ظ s@&Qp3iYH{zwXLDfsfӝ?i$}1|BW?C7"klCBxW bё' >_BOۙ컳߇A;7iY>Jš "o:K902B% 2op0H =\oܹ"ѥ@ ?k#gBw{59o"p'hNٺZç, !3_G4NXA25ή`í^Eixcz?O3KRx5y}^DϝUr'' <Ptd?̔!.t*Nط;8x>f12` _ kéVvAlM5>U-ˀ=pӃkXpo4J35o.HUOx'kS\4לٷ8{i`sOԽF d}D7霾0B^L,SʘWH#{@'/ܣCus POZ{`KD;Llbd}'2|hK/c0\V[3 ?党p ӉM}y:[F2ֿiTSq0n: 崧޳`|-,xxhk8qF8 Y?iK-scy# 9x .t;+8S[aSiv۽z@K>93ml?fP]4a\|bV$7J@yI]Lf"dnԏɽ ƳMk637A l\i ZK8-2\.Q ބVX1.Z-}>_`/Y4%8!Rz q\# !Fu߲%~p=Emw*DIZ^8r<)=!٨yk8.@`:n|Km.w) D|$,2?a6}2= 3t7lq6$=gܗ-厍3 eM Ðk&|ecW)cV:*d(DXQh/-}-_R `M~ե*+LHI!^ի<}S'1Ploe"(Iv~ΐ [Jt4fя8.EURuiۚAu C鉱fA ]u|ZM '֤tϢLod F`Qz0& ?K04a-G4d!N_~`,QOuÑ <Nkz5J旫r+7we6HbH,@ Qtz;u"<#"i-Z)n?I 7O&^٫lyoYHlV*(p(;油^t!CaBuEf5oK!‡DT%%$4 /ZmߤNyrw9b qI48.U+ =u&Y^g5Zʒ>aPEQYEMzJdeV agR% RB Q5-*7h 0n8-=ߧhCuSLiI".BQwwU"K"Lq7fT;9vys7:4-_qLp";5 c#G@tpotlIcѻk-TfvHcMi7؆֏/͒^FB)Ffx3< I2 A/ˇm>5,|T; A5ۤs -^!q aPFZ?|h2A#RBQFwO 9(l=\{μ~= uvP|{ v9ziN5¨1;a޻M!&Ur" d(hV>wv1pG濴JԹB|T]4NWs;!!TIS)e𙃻Kʤaq >xxv"eo'mћQ 0+P<=RT{)0Bc@LR6.&}6uH*>3~ɔ,a]֌GnPұGS2)OPLs;Kir8"eGn['P Qg7#rŰN>۶~a:aZcv %pG (2sU?\fZhh:JGm`n6,\:oze26;y83Å٦ Tƭ@AF 90.+KEoDJ_ )VC).`2itPbjVa~I0.~. M>YM Ow8ÌmMȯJ3w$@dVm@ϵ+LК'DʦE6ٹO[ė}Wͬ0ũ˜blv¨pSʩQ/4Jդ^wDRvq4x~wϺ䀣T]-Wqg+5#'y"t $}9*i^埁[,Yj7N .MsNKM`Oo7C8Ex499M|K$6Oe1ow$4U-2_)gLy+56@|)y{~ ڄ>8%i1$lQ.Ұ,K>*z Hup#-އ˲JlQ {7V$Vb.oH}y<U{3IĆf`ű P26ͳ@0'6#~Cs`# nw>|@4.D!"Zpz w%LFEA_2&wTP˅0ig@0@Neި.fyR^ا*&YH' B|8ЎDd^$3=B#y0&RV/kVr.C24_. F[5FcVf&ep>鉵d|Wq Y־7K=m)gV-iw%Ht~`˼ SY*оdPͩIC[}5:| pmeb콛܎طy&PvGL2LpSl: %֠b(ĂQ(Ǹׇ 5.Ж>֟xWݘE;9;$2J\l#F2u%"PBҍ7_Ρ[Oy͈a]MT JqH|UmhOk`pq+UW :wc7JK@ ܌7kEFSAᣗvxu?vFg[6*#TfxgpL<>(tK#oM =uBQx,,U7aC7G_#E? >8IM `GӉkyF1_%**@z㶄a5O͚DXsۛf-vTNCCXfB7ínbZp{/ӹә.7+h]zGI,޺vCMOq |Ȑ< 䋪ʄDc}sŵRNJw?>4 e-7ȭD'6W $ul3z8[>*jBaJVH^_|揾JciְU8rt2cJz=$:0kø;1έ*b2Lgx_<¹.=|AcKFS )U .fs|-H\ G`Zu8 t30kWHC]VٰîІWHr)=LF-4.AͿB|`߱\ǵU݅-|ęIݠ%[wJ)|D0{m FFP^GE,oI^s`j,UMCȄװde L|<;b 9dgg3yxAS|O[xX[䛯j .TroY=me|L*bz6CTg~m!;}ِk0+:ޕƺ2F ͞?G)\a\<wFzp'SܜWUluIJF Exz"ȩ#SĔ&L3W= !yD۔œX/%9OAbMږԐ9~`mWp qf}:̨\5:,0 |` :X `?f7h_54JC)" !\lJ,@c\Uo ̾l3ǧDwǤ7?)V8@Ӳe함Ӫnܫ{0u, =эfs*DSVND0]O)`Vf>H@WqT(n4Ԇ_O۴f-%SX7ݠo԰FH87C0 SA>!ք,㒋Oy]D} >h^! *q =ţ=:98yv+ᅴo4i܉ Af *Fѯ>,8ʛS=ۿУJNZdk~s9K)G]Z#zh` knkt=KvVSy  mZ'M}zwpm}2G-}}V_ ܜ6A%>ېY4)3.#%!BpF-`\9Xw@h|$g%!Klj-%)'9}ɘVd`r{ovG!Qkf +#L%&"(KZڱmw/1nwxkW\o _H&˛ SY ]0Fn$9m3R^w}=*jm`Xd`lt.{cbS{ 0,W^8᳦/W5]#v:4 ]BZۊJ$,9~5XKPbFSǞr0k:z@Hz2^: Nҵ$R5NWM\cRPTt\&FԙE3ALzü{G =AsTN t4LQi}cu/xݞ:|V츔!7+2=:qC0QO2^׎|{̀U^1سeeDȳJ]x]?pqldy!4DZG`:Kt3A~UZkg/B|‡7w_Iqui[GSeW6;b܉ %kJ"AM'Q,614vaL.+G9Ram1_-w ;ufHt3Įʓ!-.՚+^Jo .q #vT͜/2@Ob!K@d4s)QW1[0$&4[`_չG)RB(1Җ&Gk{.7rÅuuPQ5&E %ecMgji:dL"MrPpdeP3FRpNޡٮ]k,Bxc̦# M\947NQ-+5bd;QZz&UqKaxGV-PH}6"1'-WA]~$ys9G MG<`'k,]+fEviT@@*u0>٠_.7;]o{…nRlX Lmy$nSڀҦU+_UVrF/E'lI~XT?f+%. 8}(7uq^RXK\-ub ΡB cB{H\[E@@F0sS;@ar*;'^!#ΈṤ ϯ2%y [G5s,؁> _?`F~@l}M\<:u<1IbxUa'cAHc}XiI,;elq{!Unl&jzhm5/]j<,{@00[H4^fl)ynI o ztfPK'F=s[ өFhw CMn Zд;p1+-CTv1M*T̥WPL! v-IN{)?)=奍51|$²'\^(mE4Vrr"g*+;~ԅ&X39q~Z_]?ѵjNh7!]wCg(΋0\`3̭&ee%[{O_[b H["l <ݰ(~$^ IK͏L#qsl%?ExO%tDŽ4k|#ĽVH$~7U}ua*69޼myYhؤa+Ƹd+d%}M|ۧ"?VN:$[1}``ڗY$[@5B&iĴ.wkeZ8yAԳpgΠ8}qӜLXC)FqPbG+>DxKn$ àU3PS%VcDswe&-7I'9]FXaSRVfгx<ʓ,\j}J'c;b3!^)ꪦu>?&f:j}k+|CbGo†G۸[b'#RGs*!jq@zƤa@W.;Nkd|Q^ygo+З_)翵7FUonݵGw\BԈ[:Wt`iy9 *SӀgBUT~[AM)Ԯ|n.vqԉf<0ssEw7 TiSunrӯ}Y,t 5%KZ)c̿ɶl\tg׉&U h"JernѓdjEjkmJ2>mT/n$!DB2rN' p5Q)z b#_b(mz\(d=}%酘K@,P͓m/⤃毲$ {"LC)gS ƳAKV/]7vd"t5Nϼ΂XVAF8y`pϫUytm촩\#1NL{ d` G*<"/5/aࣥ8џ'ytPNvR}w:RԘX3Y/Rh2q`F r j~1:$bkn793//+^)3P[Eռ0CD$60Na |Sm9D2sS8QKuT:8!V)z)E`o{F@rS7kjRе40jmtl,𗂘Xuڴ߽·/~JәnHaSb؀a!}W堘_n|eֻ;7)&!CUݙ2Z.T gat\ {*HgqA-`54J)U-P9+W-1n+]':ݼL& 7an絹K) Nb}M͢s[<Yc)G:+*i0 z"طBÆPuW_]%o@E.[z[fe4Rp} Lh#O==D+8˘ψw(u:,u:B,O] IAW☈m%o5\,~qE$ {L iJu!N~D$c( b2ݎ6>y |n8%9WX>G@r\g@\-C~)Ae3xI\1λd>`k?\QBIjn%4Rr 9k$VA@9^LS/%`>KAą#hpo9~,߅)( JIQkHOb${D,_:Ҥ ӱLGxGvwj8U s9jA}l rG<$F<&8J^P9&6ow>N+j07@i` 4{J`;`Z) LQ.٤ה?*hʒ/*̏ǡ(=e-\*Q__ڒsQvcT`2B&qdxo-xԨJVQ(?n b[eYo+_ sĸjZ?O?]x'hU7!yap8NUCvfP7~{&< ( .N7\f(ɓ]{Uqlz;ƃ"D  c#ULn󆤺s8yj^}_>hU4#;M90~-֐Gd끱<տeM΄>8< N#I sY.&c!U+%:XjyW^C @(3Aɟ^boۆj\JH5"V1;Ȯc]UZXbw# cJ'V@A^#C[N.O "v{ O-`BE֩r^ic)G_kŏBat L ~\si{>I.ݲ˂wL?Ihc0wC:&=˳ՏKcBpzQ|mF{IMK$0ӿS;maMci539%t|w+YPFS%QxQ}(ckTw B=ҁqQć#7S9Y+ & \052m!0pGH)nvVӓʜx3x@>.P,X(4d뤹YP) :bzS 0 ,Y[*2@m>HƔ"If;qhSW[adN2bKp)M{@lN)[BIꏤxv,\䱙R0۝yufU-,u[pc(RmLJɻ썡8UDsDHStDsf_]:A7ũNuH3Y|6|Ԓs mAjK7JVe,sd0ē+/W *8^\L;'Q r_ Y$>(l t`jF(ɢMѣa,큁S. >lvRȍK jgf集O*)4 Sd]@Z^,m}fb+gd/mLHdN&0 ϺĊU)eDRt0Nx=p.qC2L=!mldvJIt>j%:qC]Ea1y#džw({DG f7;#a16+_FA[Jru9 E8Ax_Zh-IdZf&@Y\)nڬ1i^kҗ4(z\Wr/3vHw"Ȍk6GvJs+@\M*g^*D݁=`](\ͣ`y Cq!yDXJh! 轄)g!o]彑KO΍Tye yGQ-#.la `Oy+i@L|ۢryWC&@ϓk#HG1Г*7ff6W h?9mw9i@*<;vyVTh&bk(fWp7>t\fY8hG}^e!Ю;Ll? E.O,1\:BS tcfž,IlĜG#%݄9kg}69ϱd7yq*LL?arJ,xD])VnY{jn{.g& <\k1hDe@,ͩ+>\O<7b E'će堭Wl}OXl:а ,f[&BC[ zCaln* `ԻyiO4>@!  :\Ky PGK\c1@UzYs4-̄.M=hqr^uӰ%nS*9-$"XPq -icG`ڛ-mwQR:`fUj0=!0-ӣ.a+=T7 $auJ;e-wl[~ 2u!ԕUgDV"R6;!CLO7S+R |Z:uu2f 0;_]0C'T8uE{WWd,w+ W?wpV`lfEc/Y$=h>@ 皌qro v9%\/NFF-9NsQ%UijÏ d$5cȉQ-6hP)VӠwj@騚FS #d 1u=rx!7M=HPb$&9?2M2 b.Xe][ ^;y'qǩB:U0_Th 8 ƣ+o ؏P>AQCpwwԵ@_jar84ԏeWGS qAD2/VBsZOЦgmo[)lR026ѮuZ゚4<澰czp-"l9YTEl'A*e%uAyҡ軤6J2@f|*}AAJAMrMֻ\!g\4ܾʃ$%Ǝ6D=Iյ\kp jRKq^܆^:vi%~3d@33.i^IR; '6J4k>sݣ;w:`Q251*Zioij /)ҡt*[= le#0r@8pG_Nf8KXX﮹tp'ⷯySpLe:'R/ZEFmߜup;sK-?_p$tB5}=PxQN×ZԧP-܉N0;A?:]̸#LO-"c=Q/=Ώ{L5In}-C*KOOgyh4 #`Κ.&m }Y ɱ@%-ao/Fj ;:'D-$(1wuy}5rsCnRTB%2>\1snMcHUu!|Ƚ[ NVW>*W:0.w+pn^\r1҂fq'+hVUX38f׉ h%'͢w(RXOdP~e=;6 $y&ξ3?)T>}k*z<f p k {M '<$rX/sl?BI%{1Q"ͼuJb6^9#rPڐ/O@<pU8y·p@`DI'9KzD͙4 zE/ _M $q^*4*s6gvO#Nt>XSŖ \p4#ݒiS횓yߞVߥ "o%5v4O-پS'ƬD z &<+ գp-M<gPE2?-d NCrdW+K[K c~xiC|q$ey7n/Q/dX10a\iFo3 |;=c@Tac+IbRjcܴl'0tH 2#$,οc^%\/`tj{T Dž_;)4.ʔ''N2o6IGѫU笼L8ZW' 6[3-ssiY' |L\l^βyN~kf vԌ%n-Qq}ÎSɁyyGD5z"Dt޻>a#rylg~3 b lv&ׁncmՔ+q!B^\" ft8o}9,զ SGe>%hj#EQ\0oFt.e@eO)ôPM yl"#Ru1h"X!;6˔lH{O xүG9c,vY%, "\V$v3G;8}aAhlA)b~s Js_JԛYG_V4D@^fl7114ۿw=<^}u$jI?aBop$G2/ W_ꚂaYXjn^u.qT"T) (vFm,3YD F<ۆQE?qۊ6]NHοŏtj{7,X;au0fgF}D˳1%:G,E_oR^m ՐQ6&G] sA&t"/̀i#3֡׼1xdDF*^NRK` 8tNBܔٻnVn"/|]xôUH`SrB=KI*2%;a(Ƒ ڡ&cHjc ?}L!!~<&p#b_ֱVY+ap^( w3v|uK[Ga0WJ\a!.{G]N{Ϭ=VpB'7=#fIWқ9#P sC0CM?BZݘ;#yCDu8n 9H[2b:p, vGoGnHW\9 _{ Y@/ bأ.t1sLm`]Z"ǼHitX4Z 6{\3sp;V$܎",E%̓J2 ,phxDar!+d^ b 򼰋MʢN+rw^NyĞaCJW !H+r#c[XN׋kpyéΨ0O ='_bs=*FHk{qO7,&qH44"}\&{U}wlaE/fvM3!ivPtQL[(r eXG,[! k| (yIIx 0ȂCp5@9cS2<%t1hn 79HɒbfWd'=|}W0 ݟ(co5o8DWmDKf'vs_Ի1O2,zvc;07[k߹vTAc^@a%d1`1q5뛓<Ne}*"ue~xVrS=2L*6XU#zvAM-=CpF@: -pܹl3x/_,bңP^3̴+"z`[y c>Hn+4(Mɧsg:O!gF~U寵B>SM1 wˀOT ,.J~jҩ'Su+{_=6AgIMdIfg3w6 s-eanlȖn:句 'zcX{߿+;lhPSЍpX&|}7*O/<4 AdQ Ȁ^ AQ( ڿ&T"IvD<!VҌYs҉ΕpȚ^L':YrNJ\_0d;eg2w/?-Ħ$`Ŷm`(Tmzjrbl;|GBK3-Ġ9ƊSc &s{[Jʩg܎o~F~delL-r`ojؿE-eV5N}ރ6+X,[LX \ęH-sʑY5Zx?9q1hv:>~ y+YEˆ9xbYQ{r$n@;39Ly4 hd<{v+]$@`Py~`_ uÒ^soum,-*P#WI;UގW]o1^Gr<,!N؂cKpqBDħ`P Z*b7ޡFIm^\7JT;^:HgHQqK90㊑dy&K^t]N '$ !3s3 [WOexeF-l4}wO73#eTujϐJ̾*{U"_NnyuSZ)rLM\0s!Y܈w?)HkIgTF*-f*uF"p7ގ6apN5Z7_l?TvPr?8^D?V{|yO)tdMC[Sڙ} [Ѥ0R JVs{ɘen" sM9ʋwho5|KZTϸqj_I&?[%"/~V`yH ~" :3^,ezNx=Ν@]p1]B o8 %n3L!ỜQg+dA d\IÆO ay{RW˳ߔFTx1P; kQrljGtsɔfM?̚QLk|!ލʣ`P2)w+"7՝ϙ ЗJqA+A˥e+?}yN)z:IPmj6! ZPLrqeȤQmJCn-|L=ݽ8|ex͜ &Oӈw覸Ć(Y{,ӳڥvԥ|&(fu;$ف=oؕ,h= j=2UupHN~7λܶb|E-  Tt%}%F%$3.=}nSanRp!Nx:p+{Q>@@}xb, %$=d#F>nyg5gG+2cea+#ۢ$$,7HhK'S~SS~DN*ڸx8ŏ/'ǯ2=+є .'FHRǻ|:^0[`{ sݤ`QyPPų4 qȲk*b=LԘb5]Fyх7lF㡦+G@\FsLƏW#C Qmr*IuvH_s5.%R"ȖujDO)?헭 o rL"'(Wf) ?68W,C(CX&2!4' .P$=C᮵hnˉoq@IuN ?Lu~](b~8h y ͗>S]b/d:b<`UiYOc핀[Gh-Ml QwT Mľ?%y 4k5DۏvqO =*u!ک]J v:"&(qmJg @"I4pA{zؚa}s~G7|!:6.{)KEKµѦ{L \ѠsTGʉ4[aR`ruk}B{0&ƝKV:K#+!Èm?j]}L.df?*G OLP'h3.dy1ȶs1FgR!ju D vl^!{yDvnTpXrɽwbtq ȭJ@3쨐oX.U= )sSmydw@K@d7 Zޭ6C`PQe0sL*h[*}ya85a cf1f(nZ,.sD3j-'D4RkQ F x-肋U жJb&L唣)Jlt /[lMH 1 Kvs q4ʩjmc*NV/"wq;rW+%J4t[GR# )3B ˦ ?sX,w_ 0bU9CpꓡT\/]CO\vsޮ˻`BCb9)L>[gt!NV AMw+i?Oo8)'~:DoZ4lH9mTT}Q:BđT /8^gmUUֲhL-!y12w*jS;}';|o69|q_vXb$ͼd~v>Dp+عc 0yh`,4\S~h'A6O5,+I:R̮2+P/|z,/Nb9b"e9c%)ءGʖZ>OMeMlIbwygF%a9#PתOϢI0Az Z{]&i{Tl`) 2\xxΧz0B\,2jtpk]Vh3=A4}]ןJgIbqA|v =U/Vt#v31Y#~wY4?a_p!֯QKWCni՛xf({?0 |_ޡ𙒫D+>{_$GV]>$n{oe͊BXb_(%bI(l[O9JO.Ҷ(R |<:0l@~Y9܃QFYp3f2F蛡Kǻ'!5)Ѧ=9 r)bPnjɹs(* Z&L#ش!!P y5LH!w7H?kUC)pOt٩?9b&JuI:؝7ۍ,uo(jҲZra+t|0g˾p唓GD`'uY$>* ƹ _jOANMRe S7-DF N?uz})U(9zLpaPclYÓK,f=" Ϡ8?1Y5 NWdYN+|Hhd: Br4/m=Er&GreS[auVw|f#wsXe#\ k1BؐqkH䭳ѐd ME~gl|>kv >~>-C1sDx|4 \ ‰j9ry癩ۯ"'ABB-4Μ,.ӫ0x!q /kYMūPɊXzS5Taa|6I w*gX]Rڥ{T#@ProG7')<xd"KS',a7Oq{ϦG17vpߌŀ^ݤ!nn!i\V5yxEm9eHy˘*Fb}3wrvzUh)$ Oڻrwv}TIgJ<%qX8Nl*А\(1sBBv†?LԎK0 oH20SCLvt׏B=lWdܣ 8}1B_Ud1e}VOpfd7ERiQ,a$>`$ =&1ӊWk>U)bX4/\wқ^J%D$Ы `lkW>O HlXVCڏ;kȪrT/<~ $`Zb_% P/Ou"en1'F߲L͟1ƒ࡟vtfjHFR+9R1e>[)'gL;{8q(YƭjJTSm>|ߏV1,^.a[…Bm<Ŗ|[<$jp!m")Ճ H6zԌioҥГ{X:X 冶xMMOP$YYcWo*xy%F7OF#/ra“& lg#+0l:'6E0;mRQ"S GP炧(IK"" {h-_sizZe,9ӝ+Ue#4 =Xa+ms[:@ٳ=꜁UFAKVM43hݽ*3}/Ć ?G'mw Ýq.#;doSK7 3?OQdҐWou{N_ 5U+X`I/AqIx&\TEK,xJ{[46zwwy 6APm qEra͓#9Z=li=Oo~z?W4<@/g8t0M)WNݣ2HX0D)FJc1|JlB WB AuFEJD~GyȮ}RPrҹ->#Qj+qP J%\敹Å#&b!CQϤ'+yxGr1DPpQ[=p:z41N]QG߅~*(|P^~mӚcJALoX},#a%KqKXj{|TٚGRQʂ%M ,&,ti^k ,djD1[vms.Hݹ}[|FD;a Z^Z-~]Px@@"]) )cԚ2 \xȦ3 ĜTf$[?mֲOH# xg-! pRkp0W'LX.VU%Ms+ EBG{4wE`:a<ܿat%AbHy&I_ss-vM`eEAbXS7ij [ - 9/̣`DfV=!iP iva@76MNaqphu78x$aP'JfPG\=@o,(N1tn0Q7)>c 2.#-ۓ*SҎ/G+gQD[c<$Z!ؕ>8QgD|nR>dP3L6\*+LY7i}Yn\\~q=.lt߄&Ǝ p72+ϩϋ$2e+3ys|G59آY䫔m$[*Kui8NdRg v+{[nF־;B2$J+Gx<8i]ȈT߆WV&X*E Wn:9lEID#Ȕ&5v$.m!!\rUS>x3L,)SIyZI>,}x7DX;?\8W{]WjD/{O,4Z3?QPFY6Gm_H-cz"Ztɉ nH.cf]Jޑ%GeS1Z50 ݀cKq& m i!=ϤU 4[z "ЀvC 'gRn. YT1_Dl] LbDq1¢RM=6 _ G?K\\}I~E{C$cwV?(/^`)04VΗ,>]bv&Xl4R^e P +zPc&K\-0b92s~< I284lIҍl>\*_,6Sgw3HM m`3K] HɊZ*P> qK)Ŵq̪/Al?b`_tY mg-کs%!G| I'wUޔrf$bG/<~t$e~EpdkJI2jF,bH$p.;^٦iϽzW:c1"=3"COdk(\6@+A.~T\&@|ܗhh۾me}χ}cz~Rfl'{P&k0[4Լ'.gjJ!w*|1؛[[c,fp„κ%WYDV؀)톇NN_;-x=!CZCƘYO>2x'X 69r9SaT)1 XYX} ȧ)GnT߾3ŤJyGI*{P@Jm_BU/7?wq{A4(Wq78*֟IOkL=~ KH-8B-#/|QhaZ钳D 3q^Vf-`͊; nEO}T/.@󕐩t[g< <|^Xuv,*- ҕr-3``5H^6. iTNc6\@, gk1qe&|DUYb3z|vTE"*1ҽ+@~ŽC ^%b~" Qª!%`oH%#d[xM[ˋӻKlH(rXS!ANϺ¸$}gi]=/q㤤wJ/Ꙁ_}k3P۽K-?1ASCir5WLhhX[i``+QX$5?*z\ݼ!My,=ΓXd gWx#̨06M.0ȭ/I %V|%%IjZTtiZFWNNM! VWe]¦>U_ T 1kTېdZ= *N)H($q0 șh+Z(糖ul[ ,)2|nwtP؋8P8qһTxN:]lkτydqԻ~R׍V/` 7MYTq v SJWtLȢ*Z-6ЛcBFcsҍC͜3C1\l&8XN.ު./}BNlgkN^UgN7E2k!!?}c7\CzPIokx'x;RY]}[Kk@;Y#ɋ{iȌDX&]kQjIwLr)\~bk;7F[tH->,%jH6`?qYܵDC?v5N*&?/۲U{d d`,h~0So2Wxe69a:x6?[j/;<'O"RJ=Pp!kB_Пl?D}GON/3x'e%#6;gjAGCDC'i iQeDe6Cc4M[v^HG_Rx _NAi?.G{u&X485nQ2ɂ3귝7oS1}Ojۊty7 Ui8K.@hۉ7|t=i}怑" ku֝~Pn%9BIZ'L1FK r4yȕ~;xLƺkȠ/LRWl44e?7ǎ5*赎|!;b?Qe}w{%9-g<P"[J!ˉ|j^g~PǤޠG2qO O!*{YZ}cjXx1$X_en,tgch_"e܇>@{D$nM-%lޒhT?o`ShӮ (qf*32&v>Nś}b8d@%QPTpnlj澊b@ư$3t4?Oq–(lBǁ5@x}.w,ji egs0'W@5a 3V~eޝ #:n9hun13%!*بͺ٢'k|D0Q-P ceꆽ?]X^J+Hp,d+$S3/ ?MpO Ab hī pLTgTZA4B2\)v:ibG W<| RgAMb)\Q)8jN! Ӫ/ ϥ ME҄?$hWhb-L̬ G?-ɾ:YRD֜!%(뱍X_'hQG8%b݀aA cH1WpXY;.O#hSPռAvao o ֞-բx)JAq;ykaram@f~!NXy[ه5ikXPjg4& #ah]BpPKV@<!jK2-x} /H8 Šu('R<\Q/=+䡵\cz'&R}Қ\.JPh5C{SW7Ieƕ%P1ez4ԤZ~jKMr./j2G'& ?r!_ɉJD:&%O|$Ҽ-[r=d@5?s(#b͙|S[ >9 `uuI崿?o I#r+5QQD e/SH5G)whJ3] ]!An_@8T<Ξ} 0|O}s킛Pe3XX[gV]^o fZ5,Rf@gNMzQw& ]*x)8 mTNU:QIE΃i7wCSW~ZrBÃPD63=-GZEgt{'CjR-g!4ŵ.v:k1a?Xy|sI,C'z`@FmE]IMmڦWv!(dGḃ,wNAwkv*tnZ`@vhSG{_ }fPYQ6~j[ӵߏ_D\r׊4ox%Ù& ]7_ (}fXU{Dkj{ ->0Un^b'DsOQE~e#YCigxt]EK "O8iP~pŊa43} vۦ~FYz@:91?C`r:[U3<^o q V\qә 4?K_Chtx˾Sȳƭ&H*PpEHְp=ҿ~UL1Zz 5DuaDPD<A*j^%LJjd\qmnƽ1Ȓ#Ŗ2uD"nY-Ao(WeĞ^(jIg=z_qMjhl L8iřZPX;1ժ)DfRCX@?)xDCys+5/۹·Il,2kDUEԻT^ه:2_6[; t"|S!ÐrY"j͎ǜ KX .~Tׇ G2k&e"7Z& K%h8=rȷ$ط([6،~n\_LaCip`셥[ a2*_Y10=}t%zMܧ@ 4lFRGZI60!!?#\aչ@oT-*?E^>Q/xfMUx ݁tI[sxTJ8=xԙ9??OJ# &HnΥbI doz%wavSCx8v=Z} h31dCߠ9X=U: ؚiWD㙅uGA:nY2Pϭ{LS1exwݿ5C*R 㢓)!ܐn:h:9(DeY/: :=uObz<@"ORpAF)B(}/<yTe'rK@3B GtTvyCS`+Qaa1ѕF"O0ډo4, *)#n .a] ؒ<7cf̷OHv{E.\ew-N(4?FYIn <zr͠Ms"Sy$zoEc. fGBàD8t{%:,7#8=h;e^稼(@zmLw>w̭Ǽw\tL7c0P}<4&:CƻIkQ9H7.+n7H+gωl2~0Sd)v lGl_^粒q(.e UiiЄ0pq/>S~U&({T314\N/)y@_-jtƱ>QI/$^tZ;_4&ptDA=I$LJ m Ey\|w3Ѹ}og:jOΆwBhm #R+CYW*eP3 " &<q?\+`CPkP@8Pj. G} er`*r.C  h޾. %יԮ˦٨?|kfw2qpoZG{k&E1By>{YH샭e37.KiŪ)m7h1_E%nx˶V ~K ]+埌kUf}U 5ǎe܍9buYx3 v-=ke?XQm$eQt7m^ep+a HڂgʼnU3PHgPLoHc˼qmO`w+VUD/\֗Q:FMl΋1gK 12#n0Rq2^(äUr3>y {18ޟuӖ} EF)ޱ ѧ2NiOLaqs& ּik D#ϬM%Nqd> DzHyHyu Ď>Jc9^bթhaϊO$>l3Sq "$](tSf&dE;m"Οu_x'SoܠZ>JN,1II1hGmę&[w*Ǭu< ,Q筯yW>; .R&MiJܷ-CqI00>2jj;U_2Mldezv6Vx85tte{һ;5x,4E_P F5Ucׅz ٿtdVg@X}}|L悔&ET7~%Pd7m|Zzsiu_! ^pyVO]_ldX] -Umr[VY/$1Pe} ,nS!JѬWiXoӦ!K\Y@ߢ o0tHW܎uu"ָWN i&qh!lVȋ |ߏ^2tHDW<tp)WE45j%~+<K)4Bj ]W`bсX|I 1 ѲkUԞ6x=4^pC 9s?ww40}P8M`LalG%c+i;vUޅ[NBXɕ-6z_dOD-zYš)T_|=g#X/S=UG vB~뛣@OcfngP"ՔbܲOѫW>7pf Nъ9C5!׉tRU LctX aU7#+[cq=7];4U;35LV)D#-7]qr9X}>ӿzՅJ!D֮|>6>K# /_@+&g5T=0Cc^|xE+6QrhNUd$t8η{&|*U.z9$~n!;v~fLB $ϖ6-3X_ep?m;%'~)dW|L))vWK%B䃯^8aAEaaɟm_ơwPMvLJ^;X \w hw$]ҋxԣ' V` :5¿N'!CciZ'rDzS]EֹU*nnL19]Yq @2wtq1lG%?##J`%]nKJ *Կo)-x!zi.w5_}'+ mr=(P]E&[+R-FcTLD۰Tg^mrZ[r}ʫ3HQض: 抨Êӝ_䝜[t-ZTm@:MZ[oB[O7i_NT2EDѴ"0$fQU♒|}BƧ/2 \&kubvg7z%]~ߪZ6&Xt4z *Tv"mg:z/DF>VO%b:elwQ ?G }?_M@ _>d][Z"xT@‰ܿk_1v4q7E= &9Nh[ 狹xTX褵EK.7_(Ǒ fVb U)VzY;NJ\E`m|bd'RbJ fl8=H)Mb}C7C;4eHwa'J2업q%*R/mwW./2㤌F+]ݳ}Cu htgHF$8O[V w\(^W!|N:kQ)Dt!jC$؋*>߾d]:8 M#d)!2,?x6zVSO8=,iY#_^gs,gW.D$&YwEf[ 5K8Oj_/ߥԹHґ0n†Ę$ڔ Ӊ^:<oM5]s=?鵉Fheq_#׋_l!)k - nsypM{#JJIy !$\nX[rZ[㵓7O8"W~ltDiWI 4;:oZA *_4*5/ ?_ä`e5?GKˬ`΁(iT>TOH39'ԟ6kx8$ o)oK!AQ<=$3u}6ӵcbOZ}s6=o~CFLN0~,mJ`4+UcN@iܺb?@?ŃD j-SXo<:PZZ}OlJB gpV2aWX ʼ(ȫW^|Ri48J% t)'#C>f,'(f7PNBq܏ ΍xUl3.|s+9^!$J#fpٖ4y9DZ|My ~fgRr -TG 0-5tc-.G>FV]b 렏M՛G c2(>2 t9!X%lRwJ9_ys/fFʬ 3lI:ʅJ_WŮW?́rBs!cc l ڬÕbY;sNDԻ.0*]ti!gz -pPs৞B)Rx,2mL Ne 2:rXo4%`1yt>doѹe7FF]hA6l)qd,׾/D^cvW& fg}YRg$Fú͟Dɐϑ&vqNΡVL jz]Z*Is斈[Pҍ$faA*}f |DW  "t#.[\NyT _&і-^]y v,`%`Emw{Bd6! xGXD?V.uv3ȡaֹ->*aToڴk|Ma؍{/o>9`D<: &۝@MHs N*QpB(~5SbQCLwgsMhJE"uht*RvEFhsWN*(.+~/Q-ZF.c@V7I6wNM+P`urQ ΑH"cix :.k#-z, ɳdxxOBO4`^&I'"i ҫH[ՠ}T.&T_2@8_[ZwKQ,ٖ eɈHF|QJG(In>AEg adNcӈ_eA6/&cIvʓNY<%Mk&;D!i)pH4i]$;:AYMlS/ dX8zj~ [{8PlS"ztf13;cS;k4OwOui\H0Y~S? v_9|% I|yc"ef\[CrzYނҨ+!Ṱ#$RkLDPR+.tQQejaOYGKIMNz of"PQxfwKAQR M&N2G w͖';(He(H&E ,g, WV̂~9ʨXЎ0HV[g# ${:Yhw7j̻@io6W1!BھjwI/Fg<6J-1Hb9KJy(c8Z6 }r|6=tOA9qF-DCϵ?WeH@d vPS;g[@֋Xʎ|˳)ix0Ӌ,g:;HNŠ]E`hnꎕ>`'đߕLn Dm0|\$-?Hgz,hmGhrSE^ELp}T._|d*΁B>v3AW# ehuE) cf(+}fp1!krg҃ejL֣s'텝`ߡ:N?Ȇ T~DMz!Iפ{[۪&x՛2㲒$?3ОĨm vBhT-8p=(2 c* F:u̇04" y>JZ3ZVOc2nrSP(L(`z^1#[+hvzŕq/+z>(I@ֆ;NM=̒wmgaR源[9WLI9&jZOF>О QM?7k>)UX'T 0@3R[~"1I!]0K]k!A_0$-1h)jtQ]]WGrZ 4x[ &-<><مG@[e)ƞbL հ!iDd58a.uJϜ+|i {-o+H1\~G6zZ]¦.ЁTPa? G_Y*YHفY0Z[@/ZކgJetbt3`r!Ab|#SU=>SPv9ͭ sZa+-)M:sŰmp%Th#~`?xՋORst7{x8)YL u\8f/)FjL+iV r9]I住5޲tIaE#-NIu588`/Ö Mʄ/ń;k*GM$ 5./ q;Ǐ'{ HυVm\l=ԣ.@]QBHC"Q#kTH0(&7k&`{`K<hDC.ˆfjilleT;x'/ f-A}֯1EWq$~9d`Ȥv?_PV(z/H3 $FsE?ه#aVyS[ E91[h1d/ ?uRu+TaTBOS8[t!$EUt_B׷2&?(-R?lCRJ];3x(z w9mlZ*-ڐ/A%ZYOh}r;\Z2r*Mfju4֖gƑMjBBEfB]UDN}0g iWmSJ l8FR;]W}BdQ-UϯqȴW ; P k2)>WG tכ~y7 +g\gխ J0(׃z۝*^oe v' kmMÌ8 mf.l-lҨNWsI[=v5L8r6DfwF3aԤL}oYӻǀэOͰ?9Ń7pz,/3+-lXS'tnR9R+tꀠoj pXP^V*fSa)FA\ t+@͋G u4vqCNb-G{xn(Ȅ7e@L\+4bR@ruA$5ؓ]&ݿhlmRM9(o 3=?ԼqLciDW땞Ö+M& _R 1/gaW}<26 $2߅˟`DʵtԆ_y}65s*32ʄEhqlF9~u_i D.Y@>3MYҋRq^zW^D0+ KJ%Ll.|H֢ 7t{ +Dt( I8tlN&GqU3U'Z^PcFyX^qOdI.q7S00uTSp-"7q?:[c qu? ˢ4D/]LTMO0$98,N+\̶ci T1n MsQ*2Sj 2^2?Hc֧.u`쨭6z9n ckwn)Q=6Af R]幢e{ j)ygyO峄hEOoF|*ſgJpi=GN*-]΁~+Y{f/"5*$L u+=frAFE[L%5Uz}AYz;lz4>i1CP,R^KU O&痼+*u ,iSݹc}svQևjpC7ĸ3 vyS8N:I,GA؜De2/ i93Y؈$3s+=2o9Gz2 ydӪ2/p%N [χ,TxdQC@ad>LT>A~F\mZh}) xnP\'_.SzR72N.nR2>Kf|Xw5[x~[a  !E,\oFbPw3 IDoC+h%~6[- Kѥ-1}t5 8k+2"L1{^m~%cS_RH*`Ud\O%Uvt*֡ w t>cP "X&};nS[!=aڽqT,ݖЖ+-dr`bsQR\!éao+ӄr cmw잴$4#+hy=:{[X7!N/ HOE"fmd?}<-DQXyq?W{/Pvxmcܳ͹쌭X0rm#NeYH (ϱ( imbJ rZrGfԹOɥB}i%['9FhtCףؓd%avؑ}& ]'mOhM3$!Ϙ 6Иj&=~0o\qP1}M E\yµC%'p#s4h-aivKsfo?6:/5@]}3>U:NJQcnF|H*%K`щ)l U4TYH} w,u8dhenF"SJ{uлzëČr0[+Q?<̫6ѴW0SO1%aܗDVy 5<{NsC2 OFQUf5:+1@7BcK-Gg !¯lR"fr~fbUQ[$Nl/|k/[`p#b@HuGicBPgcM,CD&]~  ~> )]Qn84ݙaS_St-GzRl{ > hgi(zI)JݮQa"HQ`b-7C$RIVktKpEK!qDKc#_-R5FewQrZi~nvv3K4g6xեe0i]&}7rt5U_Ð v `l_^H4>$5$w~ {c8P"%@9~YeՕg{v^ %98wsx+3N8 ,U3gF5<< }t!M'Eׯ TIU4@3}3w+!.5BX8 F*J9RgV ;Vcj[,a i }`.7/H-!|lTѢZl H/ZvjxOjJr75(t|<ՉDݬy-҃YwĹyLUO-+HWiF< BcU}b1m W9&~Io&kHL'H3ZEC[-ʰP(Xds05ntߛ\?` {WД1_&j*s_A4qd%0Nm6V`%scdM]ZLiWAvы.6ݨB1Z\ !g~n8[q~N L(Ȫ VnTJ\'VrM)j/S6g,EI u֑q^$2PMYm*r2*Un;gyY':O,{_ ] xWߴƮ >+Ū򽸧yuMdh()2p Mx=So=pMHQq[-W΀QKδPDj=s>kXu| 0.R)snԾ"+ 纪zu(%_."ky|ukVzG;lpgٱ @X >6PǞ\jˉ%+{d$n_\CXjh~xϳɏ<c {Rus,8^xyK_$TZ/Xjsګn&\==;~?00bDpVQ$yoMYb$R&@O Eûvwm !2(֍_,hB,-{w&"KE>Hm]UZ=2c& q.q Fpy=wh[m/dgpo8KsTs7K^60#D(aܱóHkǽUL\_8j{{([ pжu yn!&siwT LB7."Uȸ#ou߳h 2 PKB6'?aJ9zԪ' 6a! ll1?蠎~OJ1f һثdQp\-9 `A= ,N.ԩ&BGḎlMN7`+Ka? yjfY=6u5Z=s} /{rGw95 خӿIrAŽXG5z7sdvt.H|Nh{,{yC\5lgheE5`DZrB~d0hT \jc}6fCAċUg%%yl2}?}G,}0I>a?]8&qk *9sRxfC&_|ُ5kJ*$ة^[OUh81)O#Ğhf;NXjɋq"@~+5?N`j4i:Oe\oBx~/Clf݃al wHٍ|ܤRFn9a?1-vU2 )"!?"=MJg*5j}tKHwɾc:++(8UO1: < +{繋K,-VU@A