hostapd-2.9-bp152.2.3.1<>,d`o!M@eeeEi#F;|V6xF.k@7T&&aDOs&; ] k}mMYwCЍrP?#I}+4Z\>B* R'n$99# #e(_L.ڜ1=6X.JTX0m߇O@-I=I_%qo>~z]ِM"/.OV:*plHi&i3i{QWQC^&0VAv^^O>I?d   H (6EKRs  0 \   v Z@h&&&(89:=>?@FGH$I|XY\](^= bcdFeKfNlPudvwx8y"z(,BDHNChostapd2.9bp152.2.3.1Daemon for running a WPA capable Access Pointhostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Currently, hostapd supports HostAP, madwifi, and prism54 drivers. It also supports wired IEEE 802.1X authentication via any ethernet driver.`ocloud103SUSE Linux Enterprise 15openSUSEGPL-2.0-only OR BSD-3-Clausehttp://bugs.opensuse.orgHardware/Wifihttps://w1.fi/linuxx86_64 if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in hostapd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in hostapd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ "$YAST_IS_RUNNING" != "instsys" ]; then if /usr/bin/systemctl is-active --quiet apparmor.service; then /sbin/apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.hostapd &> /dev/null || : fi fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable hostapd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop hostapd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in hostapd.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart hostapd.service ) || : fi fiB)E>0A큤A큤A큤`o`o`o`o`o`o`o`o`o`o`o`o`o`o`o]JE]JE]JE]JE`o]JE`oceb4c26cbeee4bcbac439eecfd8576f2cbf31ab0162bbca219b1263cc342bd771f56a88fe7f663e2912d82d1fccdb57ea4f3a5f933ce6193a2865b2dfa4a3ac9ad783ce62185a566bb1a9bec9ae1019eed04c4b1dc3c2f5fc9e0db0cbbb92e10110bde2b8db5105ec0670da388c050b9d98e9d49d9016e7b9a70df6b8121cc6a64f3d56657d8fa9cdf3b26f99876d61209e67c625c619c3ce4862a6b1889ab1f36666638cc3cd90d4bb1fba4aa04a36ababf07cd81c4cb24558fd7ca7905a04e756a7d08ff4d8ec04e054d68e4f837ce5f0a1f938cdfd035368587655f99d81c4474e5adc6260c9d5590044b4cd7e90b63639a1b6ff6e42f4205fe72ed4b8cd033acd5e4e2d2a876915e955cc2eaa28b3e64dea9bd691a0197d801d2b33e6da28d97223fdce567f3e7cf718072c174380024825d2b5b51b033475b2be8655b8f30d94fb8f4d8c1533947f1cb5dda42741b6a950c06a24ce569c90dc2daba840a5b66cf10460e15b23844f49c3057fc535ffbaff9eeff46f47dd3e8801690962f1ae016d32db3a5f03e490d8d1a5181212605dfd7714c189b29885f6a14e106f57f981a4767acfa2291844458ad221bb51b5354c0d8faac97281c014a1c9152fbad783ce62185a566bb1a9bec9ae1019eed04c4b1dc3c2f5fc9e0db0cbbb92e10100973f33a74379e1daf489bc406e5014fc625665f18b876d82d6684d7aef6ee09ab50b5e0f60116b4e49027627ddcddb16fd03b160e132269b79dc59fafc3daf51db52a5e281c61ee21aec82e24a226cae5c6b94bbec0456505d32fab8a1b59servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroothostapd-2.9-bp152.2.3.1.src.rpmconfig(hostapd)hostapdhostapd(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/shconfig(hostapd)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.2.5)(64bit)libnl-3.so.200()(64bit)libnl-3.so.200(libnl_3)(64bit)libnl-genl-3.so.200()(64bit)libnl-genl-3.so.200(libnl_3)(64bit)libnl-route-3.so.200()(64bit)libnl-route-3.so.200(libnl_3)(64bit)librt.so.1()(64bit)librt.so.1(GLIBC_2.2.5)(64bit)libsqlite3.so.0()(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libssl.so.1.1(OPENSSL_1_1_1)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd2.9-bp152.2.3.13.0.4-14.6.0-14.0-15.2-14.14.1`lM@`4@_s!^@]p\O\&@\\ `[@YB@WV#U8T|Clemens Famulla-Conrad Michael Ströder Clemens Famulla-Conrad Clemens Famulla-Conrad Michael Ströder Michael Ströder Jan Engelhardt Karol Babioch mardnh@gmx.deKarol Babioch chris@intrbiz.comchris@intrbiz.commichael@stroeder.commichael@stroeder.commichael@stroeder.com- Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)- added AppArmor profile (source apparmor-usr.sbin.hostapd)- Add CVE-2020-12695.patch -- UPnP SUBSCRIBE misbehavior in hostapd WPS AP (bsc#1172700)- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)- Update to version 2.9 * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA " control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL- Update to version 2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only group 19 (i.e., disable groups 20, 21, 25, 26 from default configuration) and disable all unsuitable groups completely based on REVmd changes - improved anti-clogging token mechanism and SAE authentication frame processing during heavy CPU load; this mitigates some issues with potential DoS attacks trying to flood an AP with large number of SAE messages - added Finite Cyclic Group field in status code 77 responses - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) - fixed confirm message validation in error cases [https://w1.fi/security/2019-3/] (CVE-2019-9496) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify peer scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * Hotspot 2.0 changes - added support for release number 3 - reject release 2 or newer association without PMF * added support for RSN operating channel validation (CONFIG_OCV=y and configuration parameter ocv=1) * added Multi-AP protocol support * added FTM responder configuration * fixed build with LibreSSL * added FT/RRB workaround for short Ethernet frame padding * fixed KEK2 derivation for FILS+FT * added RSSI-based association rejection from OCE * extended beacon reporting functionality * VLAN changes - allow local VLAN management with remote RADIUS authentication - add WPA/WPA2 passphrase/PSK -based VLAN assignment * OpenSSL: allow systemwide policies to be overridden * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * fixed FT and SA Query Action frame with AP-MLME-in-driver cases * OWE: allow Diffie-Hellman Parameter element to be included with DPP in preparation for DPP protocol extension * RADIUS server: started to accept ERP keyName-NAI as user identity automatically without matching EAP database entry * fixed PTK rekeying with FILS and FT wpa_supplicant: * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9499) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT- Use noun phrase in summary.- Applied spec-cleaner - Added bug reference - Use defconfig file as template for configuration instead of patching it during build. This is easier to maintain in the long run. This removes the patch hostapd-2.6-defconfig.patch in favor of a simple config file, which is copied over from the source directory. - Enabled CLI editing and history support.- Update to version 2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [http://w1.fi/security/2017-1/] (CVE-2017-13082) (bsc#1056061) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * FT: - added local generation of PMK-R0/PMK-R1 for FT-PSK (ft_psk_generate_local=1) - replaced inter-AP protocol with a cleaner design that is more easily extensible; this breaks backward compatibility and requires all APs in the ESS to be updated at the same time to maintain FT functionality - added support for wildcard R0KH/R1KH - replaced r0_key_lifetime (minutes) parameter with ft_r0_key_lifetime (seconds) - fixed wpa_psk_file use for FT-PSK - fixed FT-SAE PMKID matching - added expiration to PMK-R0 and PMK-R1 cache - added IEEE VLAN support (including tagged VLANs) - added support for SHA384 based AKM * SAE - fixed some PMKSA caching cases with SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - added option to require MFP for SAE associations (sae_require_pmf=1) - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier * hostapd_cli: added support for command history and completion * added support for requesting beacon report * large number of other fixes, cleanup, and extensions * added option to configure EAPOL-Key retry limits (wpa_group_update_count and wpa_pairwise_update_count) * removed all PeerKey functionality * fixed nl80211 AP mode configuration regression with Linux 4.15 and newer * added support for using wolfSSL cryptographic library * fixed some 20/40 MHz coexistence cases where the BSS could drop to 20 MHz even when 40 MHz would be allowed * Hotspot 2.0 - added support for setting Venue URL ANQP-element (venue_url) - added support for advertising Hotspot 2.0 operator icons - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS * added support for using OpenSSL 1.1.1 * added EAP-pwd server support for salted passwords - Remove not longer needed patches (fixed upstream) * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch * rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch - Verify source signature- Added rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).- Fix KRACK attacks (bsc#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch- update to upstream release 2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) * extended channel switch support for VHT bandwidth changes * added support for configuring new ANQP-elements with anqp_elem=: * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached * added option (-S as command line argument) to request all interfaces to be started at the same time * modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * fixed and improved various FST operations * TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * EAP-PEAP: support fast-connect crypto binding * RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated * started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake * VHT: added interoperability workaround for 80+80 and 160 MHz channels * extended VLAN support (per-STA vif, etc.) * fixed PMKID derivation with SAE * nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added initial functionality for location related operations * added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames * improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior * added command line parameter -i to override interface parameter in hostapd.conf * added command completion support to hostapd_cli * added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and "SIGNATURE " control interface command) * number of small fixes - renamed hostapd-2.5-defconfig.patch to hostapd-2.6-defconfig.patch- update to upstream release 2.5 - removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch (CVE-2015-1863) because it's fixed in upstream release 2.5 - rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch ChangeLog for hostapd since 2.4: 2015-09-27 - v2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax * added support for CCMP-256 and GCMP-256 as group ciphers with FT * added Fast Session Transfer (FST) module * removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4) * added EAP server support for TLS session resumption * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added mechanism to track unconnected stations and do minimal band steering * number of small fixes- update version 2.4 - added 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch for CVE-2015-1863 - updated URLs - require pkg-config and libnl3-devel during build - replaced hostapd-2.3-defconfig.patch by hostapd-2.4-defconfig.patch ChangeLog for hostapd since 2.3: 2015-03-15 - v2.4 * allow OpenSSL cipher configuration to be set for internal EAP server (openssl_ciphers parameter) * fixed number of small issues based on hwsim test case failures and static analyzer reports * fixed Accounting-Request to not include duplicated Acct-Session-Id * add support for Acct-Multi-Session-Id in RADIUS Accounting messages * add support for PMKSA caching with SAE * add support for generating BSS Load element (bss_load_update_period) * fixed channel switch from VHT to HT * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events * add support for learning STA IPv4/IPv6 addresses and configuring ProxyARP support * dropped support for the madwifi driver interface * add support for Suite B (128-bit and 192-bit level) key management and cipher suites * fixed a regression with driver=wired * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management Request frames and BSS-TM-RESP event to indicate response to such frame * add support for EAP Re-Authentication Protocol (ERP) * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled * fixed a regression in HT 20/40 coex Action frame parsing * set stdout to be line-buffered * add support for vendor specific VHT extension to enable 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band * RADIUS DAS: - extend Disconnect-Request processing to allow matching of multiple sessions - support Acct-Multi-Session-Id as an identifier - allow PMKSA cache entry to be removed without association * expire hostapd STA entry if kernel does not have a matching entry * allow chanlist to be used to specify a subset of channels for ACS * improve ACS behavior on 2.4 GHz band and allow channel bias to be configured with acs_chan_bias parameter * do not reply to a Probe Request frame that includes DSS Parameter Set element in which the channel does not match the current operating channel * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon frame contents to be updated and to start beaconing on an interface that used start_disabled=1 * fixed some RADIUS server failover cases- update version 2.3 - removed patch hostapd-2.1-be-host_to_le.patch because it seems obsolete - hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch ChangeLog for hostapd since 2.1: 2014-10-09 - v2.3 * fixed number of minor issues identified in static analyzer warnings * fixed DFS and channel switch operation for multi-BSS cases * started to use constant time comparison for various password and hash values to reduce possibility of any externally measurable timing differences * extended explicit clearing of freed memory and expired keys to avoid keeping private data in memory longer than necessary * added support for number of new RADIUS attributes from RFC 7268 (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) * fixed GET_CONFIG wpa_pairwise_cipher value * added code to clear bridge FDB entry on station disconnection * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop in case the first entry does not match * fixed hostapd_cli action script execution to use more robust mechanism (CVE-2014-3686) 2014-06-04 - v2.2 * fixed SAE confirm-before-commit validation to avoid a potential segmentation fault in an unexpected message sequence that could be triggered remotely * extended VHT support - Operating Mode Notification - Power Constraint element (local_pwr_constraint) - Spectrum management capability (spectrum_mgmt_required=1) - fix VHT80 segment picking in ACS - fix vht_capab 'Maximum A-MPDU Length Exponent' handling - fix VHT20 * fixed HT40 co-ex scan for some pri/sec channel switches * extended HT40 co-ex support to allow dynamic channel width changes during the lifetime of the BSS * fixed HT40 co-ex support to check for overlapping 20 MHz BSS * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; this fixes password with include UTF-8 characters that use three-byte encoding EAP methods that use NtPasswordHash * reverted TLS certificate validation step change in v2.1 that rejected any AAA server certificate with id-kp-clientAuth even if id-kp-serverAuth EKU was included * fixed STA validation step for WPS ER commands to prevent a potential crash if an ER sends an unexpected PutWLANResponse to a station that is disassociated, but not fully removed * enforce full EAP authentication after RADIUS Disconnect-Request by removing the PMKSA cache entry * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address in RADIUS Disconnect-Request * added mechanism for removing addresses for MAC ACLs by prefixing an entry with "-" * Interworking/Hotspot 2.0 enhancements - support Hotspot 2.0 Release 2 * OSEN network for online signup connection * subscription remediation (based on RADIUS server request or control interface HS20_WNM_NOTIF for testing purposes) * Hotspot 2.0 release number indication in WFA RADIUS VSA * deauthentication request (based on RADIUS server request or control interface WNM_DEAUTH_REQ for testing purposes) * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent * hs20_icon config parameter to configure icon files for OSU * osu_* config parameters for OSU Providers list - do not use Interworking filtering rules on Probe Request if Interworking is disabled to avoid interop issues * added/fixed nl80211 functionality - AP interface teardown optimization - support vendor specific driver command (VENDOR []) * fixed PMF protection of Deauthentication frame when this is triggered by session timeout * internal TLS implementation enhancements/fixes - add SHA256-based cipher suites - add DHE-RSA cipher suites - fix X.509 validation of PKCS#1 signature to check for extra data * RADIUS server functionality - add minimal RADIUS accounting server support (hostapd-as-server); this is mainly to enable testing coverage with hwsim scripts - allow authentication log to be written into SQLite databse - added option for TLS protocol testing of an EAP peer by simulating various misbehaviors/known attacks - MAC ACL support for testing purposes * fixed PTK derivation for CCMP-256 and GCMP-256 * extended WPS per-station PSK to support ER case * added option to configure the management group cipher (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these were rounded incorrectly) * added support for postponing FT response in case PMK-R1 needs to be pulled from R0KH * added option to advertise 40 MHz intolerant HT capability with ht_capab=[40-INTOLERANT] * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set * EAP-pwd fixes - fix possible segmentation fault on EAP method deinit if an invalid group is negotiated * fixed RADIUS client retransmit/failover behavior - there was a potential ctash due to freed memory being accessed - failover to a backup server mechanism did not work properly * fixed a possible crash on double DISABLE command when multiple BSSes are enabled * fixed a memory leak in SAE random number generation * fixed GTK rekeying when the station uses FT protocol * fixed off-by-one bounds checking in printf_encode() - this could result in deinial of service in some EAP server cases * various bug fixes/bin/sh/bin/sh/bin/sh/bin/shcloud103 1617940997 2.9-bp152.2.3.12.9-bp152.2.3.12.9-bp152.2.3.1apparmor.dusr.sbin.hostapdhostapd.accepthostapd.confhostapd.denyhostapd.eap_userhostapd.radius_clientshostapd.sim_dbhostapd.vlanhostapd.wpa_pskhostapd.servicehostapdhostapd_clirchostapdhostapdChangeLogREADMEhostapd.confwired.confhostapdCOPYINGhostapd.8.gz/etc//etc/apparmor.d//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/hostapd//usr/share/licenses//usr/share/licenses/hostapd//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protectionobs://build.opensuse.org/openSUSE:Maintenance:16058/openSUSE_Backports_SLE-15-SP2_Update/5843becda614a678af679df612e4d1aa-hostapd.openSUSE_Backports_SLE-15-SP2_Updatedrpmxz5x86_64-suse-linuxdirectoryC source, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=993419b8a7ff3b9c7a96ede28a0baa0bf881c336, for GNU/Linux 3.2.0, not strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=39c1c7f4ef2832a8486599990767063eb89740d5, for GNU/Linux 3.2.0, not strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) RRRRRRRRR RR RR RR RRRRRRR RRRRR RRR R RRR_c=j&[мE6apparmor-abstractionsutf-88b2287252736b1ff1749e9396fe5b2b7cd982f5d45e3509a85241ce4b77e0b1a?p7zXZ !t/T]"k%f'@K^TDHl]o>ɬlEf$NX8i ,@摾!>oD5 6$b6Ym F%1}ѵ1 q0"e"HHInMc^[lwKWs(`|C57ylu 3IqdiBD_,,Xve#:Enfvhl/ɪvߥ&;!b9@=0Brv5s=0߮.Q-K`dFALc)0wbjl 4paC1;bz$'Nzns $1M3 MP QW*r`|9cvO4c:= ș5xmi8D U ? NRY$gl* `]d9 Oy].o[ :>v~b{rxh-̘cr( 5Z,R_3,SB` \զo"vTljqZW?(=3z_w)1*z:2ShAn]~crhb?x\ZjdyEN2u2[<\c%mj0yʼnFI- GR>[ ֏jI?W8k6I7xU0ῠ@41 );w6dq{;RMk7v +pM=*N_|E $QGԳ} Vp&w o`dL1XPbvבB`M 1AO: nBQ&mhpi+Nr_$!KFX>WJ.{i> D`ljo5ɳT[^R.k^~Vj])} 8%vM ) N "bu *{,X46lFn~:JNNzjܔ4FoIY{A,:*4Ѫm%OƆ5K3 C r٬62jsqU8߱,_(B^#Iqy|4Y4i G/F&1Ip)B$^l["sPN;>)Ȧd!VuG<7蕝}rb̦Ol } ;J ФH ;46+7R,Xeд8e\PxTYҍ+:$ 6>YۓxfR+ n>mts0÷W&Vb:}ʇ -bv56Un]ӂLQ)D]F X:%CfN)h"6B G7MKsU M4gzOCvva\}wgM.D(e )3SI%:k?DzGWP𔠙O W2=Y,^n^/ k$vAJ5ʟal*@ԋ|A?ޝǴ`bxAY\rE>drJ`"0u`ʔa m$ 0ÀCR? ĕ+͈wۃL/錷jimkV/xiOչ .v1?8 5/3NQ@'$ %(Aa v=quV;1[(# (,~HBD9p͠ R뚧`}=#a"0zN[P)O׺'G+۫gqng{=ī qiɘ( E#yj˩6Wx_*u /p@\N*h`>bC rhFӨo!n{31.恚~[C`&uʎuNj~Pu<dvG)hĭBM{Xk9m6C~Xn/HХE\TЯ}C\gLU`,iF;mm7 Ԇ8-tz`(S.~;<5)hM8) Kh^A˖)v4$ /4n!VHtdHTgxv?דedZJ|~(jJX^d h`^+5B!rǛeL#Tqfl>P?FAw30vH(66 χ *`dTi[hB衖˜(WwY~n,3Ia>=ݏIBLc8xy\ ^> 8J<ÒіFgeRWLobBKy -`Si$c؆Vk}`݀\qW0970K?\'S'E;;eǕ*F7d+ ͘WxWlȐrMmԣɅte}GP'E"y)rh+2_d^u);$in_JN'>ųm=PYzZLeKDB qFA73MR::<\IǶ`!xk*Mąd X ;5)@4j>,]86=yk9;md sa}ƂZKa;_rP{j(1ͥ!p"w;1 -e-Tm$kfΘ{ZxƠх87moU/x4ڄfq5_ ԅR=x-_GrރڠvVC)RaTUVP:`t ] HCp7HɺK辀2V9+3% (bk8GN{sMeCBɯ%K'3Nu`0FLF697 +@Â}b%r:Qi \vg@iEƵ%aKYҋHx%]d [Fđ<{MrW-WtsP٪zc@ vuLXT 8O&.J8UB7+sDSǙ?9_S툶~7kq^O2dw8}Ը;,'q]s>sf\̰[ԝ_s`C1 ͈l"i9]!e=@znav:2 G fB%0?!qK*3"i9`^8RڑF ?<^H{݅\TJ~6NU/_9qcq odT6oER%jn&{cF:Â&&jgw7 E^HNZkD0hб~m87%c|s_KsdH%$Qq = A&-[FnEdvUĐS3Kuqs_#w9-r$z")q%b;`l4Z.6 C0uR%\ZFh1#7BDH_XpYb3GDA62p¬'EBkP0)4m޿] `}I2z7kϨiȽϋWoےm=bR _!4 {k. ⹥wG}LnDjCj zc ̼!9l4:16L$]<$iFp-Bc ɜʂsv)s5SgF¹EO,4Fv)[źeOWs"LFZwfGlǩkI%qVm =H A{C]zʼ"H2E8.SHՊ \RgjU.@6S&ȒBRqX-2遆xq|<)L< Ql}j{ȬM`-=D+-2Hkx9e1퀆(hfkVazw_EmJVu.Mm9s#i K-2}$- ې GFdrdr;[+.D4\5çive["|?$VubgV/ Z"hQsf #f\W;ӂ)>xºG'h6G[HVmi7k7.#j Sd7d]*tpL[\o_AvH[,AR6(Lr *6,[RKM+Wj 149,cc>$.N{p}-1hKmw XP@B͟k zwP~YM.El;\g ?e%)˸0aPBɢijil(|xzP( S`UOA}o\vC/(9|m/3A-\A4e Wd+vki"4F~@J7,1/f`0>8@pR\[m g-jS0-A~5$* t?fS2HP/K)UkIT:l&) S<גGR p𥺪iyk,V#ghF +2ͯ#sO$Z_/mD_gf0P9?Po^G44܊rQd+=$7,"`};+䖧F,YJ:,X^=KQGGÖ9$" څHҪ4 gE]~ϭ͖{^FAqWْS>">ؖE>SyIn`z@ ޮPx0.EaQ 9[ޜ"߄3e+91(>uMu䒅dᵫB BrW<:V=2ʚM{(TZPp6peD"rZuYjZrs\aj]Yj^u]x"@]e2'&9^uO#ҡ)_8J`d*2c"(q~x/>K|Q' s+Q(QMkIyW~NWV K'= DŽQ@bsa9>vf|7pDWh5\LoBzGUl {.!by*_?n?*;'(ݶ?l럲q%KސQO 3þ%7Zvy۪dn5^bҩP܉][.T%|5)uYr%+yJ]:|G\B]p)`IʘJmdMh a/Q-ScP)_g`ϓ8Dv+`5Bbm.&SuU&r'S ;I}ΙT%toV4!DGC]vPO3aGHd??CČm;3#1uX'f4 !9U&֬",(ŊDT!k2fT莨?kTK3!Xos5G} Yq;9JVWYK2ge*I,v;ӥyOY`)%5Q >Q #h9YJz |gs d)ILR==~H,P[nHeIY>e rW#.%裒#3l>7U%`nEќ.lİ]nmfvJX| +m+#I{2\i]P5X1Q4QJVwyӲlrA E• #=V''3/3N2ebb,{0JKs5Ǔdo{sZʺU 82\"&YvwTiɺ*mM4<[Z˘*Ή9z4ζ]!ڊ :A$#Z@[σCx fL#`gwrqrzk2&$?g}Q, ]n/P RFQN؋:vZH2XYL`-$J b«.=(o};4xtZ!0륥V\Y ; "c=҂J(EùGz4+ɨS2 cHXw]!0 EK:('8NҁYݶjI zpsgy]]Lwx b;.QlhWB&yL,~ L|3D?[P;B*J櫯A8nށ- BGuڋ*~4ȹ= e2y$}1s`]6jq}` AtCc!mI ⴜyM;EBp^XFf)6+V"ҿ% G[qC7tMQhCL&O^RC^͈ u0lYW/ `ĠpF \Uc([%__㋹o[u肹xk]>% z60XLS NlrrbQ1g)h\lm?"Jk~Bd1C8HviY6piv~=ʃd3r4oH}JV*"EtWeQ_,^y*lϱ[h *0qNR3 d h&n\Wǝ@J.8=\zwv@GCGB!y9[i\D~\ J69Vmf}xbQ2@1WK NV.Wa!џ`Z`m"]KȪlZњ3&hQ#` (-c8w溘oʬ($2IHb5}?GfBs&[b3G\QdyRl8 p )@ɮn eŽϏuC~52H wnll A\uSQgsGĴ#WX=@`řy)q}I"U uW<hRz=ko]RIgߧe^M|qܱsdC_1i4t3Xtc!@23W5B kd *ߣizLQ/]'%C1V}J򟒤oP0g42@bzMF|. G|sVFEbJ2R/2vA%eK?vw>N;KBBݭq34x4iéqZ>{bA2o,ICdDn`2ș^ SӍ×I w8P8൭H*uZHEئU2 ^.-U}Ewd~R;YvW"PxC%yd"D^̿h]uf9<ҍLOZ[i޵ܚ8aWm,G]GYWP4s'Ju]~q~C%yzE hyJZOV)8r 16uZab4Kŋԫ*SSOh# 5ls"]xǟ_HI0#AjkGN"p"B٥*uIO3@5w Tp-IÎu9׳O@T}b.\^pD쬽f=& ٹfQ{hI rFX\ԀE)&b(C-+v\, %73h.e6,ާ.hը·TX j=p&qvO,ĮOmGXiSd0="8vB~^dwaڶV]-|!X%[m *u؟:쥇 r0U˜^oo}/l:蕧EGluzrj;~K2},LlIaonB=YAvj3`|w|dq {h!] adrʽm8%@kH[(mP 4wtY/Kw焝XjڻH~LɝR|ƽ ɧ]H( F0d$s3Sbq6$+2X* oY 1 RP߿:\G>h9/eo6a)d14^e'!6ߔ3Oi}cԴ BGfM,Ŗ O6n&-L4Zz XTYG|8N_d !C>srނ[=.%7Y>F}u㛣X̿>Nݶ3O<{fV}Fi8O?'3x Ƣ`갡GbtM'I()Fe]_t2L9L&f8n,Y[ZBR7%U!FX٩Ĥ\u&Fs_άkx_؂>[ ~4c̞߇`ž*R+\^=?Xz9nFqJڕnJ]#/Fqf#YJtJΏҸ,1h/@IA(Fvܦ4,%}U zb' +Q0< A_t*&TWCjvS,FzYʏ6f;y%I$eFR`"3ƨaPb&Ze!ދ@sRRjJrG !hj˷ؑ`﫺-vpdS_DA$Z̬=Z>fkKsMPSyNu$NE,a{]x6D%8-)ȧPdA2 sJyC8-R7J1"8c>! x)~a!:TfbTۖ_ Uڍ3YG ~ x\E#Tv9#׾ц.†FOMɏ}OGft QWGkj| DޞQE |OIu?rZĒM@]I}4Dԭ#~X XĈQ=Qď6E!,^?Y7'o+"eE?xsQ=x1檿L+{cl+ס6h_Vpɡ=wz7h6M35;7-&*^6gǫ{;5?ukʀ) Pj 4ǿ6yF@ę8Vhck(W[)*8hzGH)>i %r?AAvظIhD|1PIm* ua38w@KaAFv] C Vc'R0_LߕŶO 3m\ב͈+i'4]Ǔ;bﳕ}0ؐ;6-82O+rMD.աH|Pک1 lYi}[ "r_{2ѐ*ǼLQˏ44M*;*+N4֔J:@n$" 1)_ J1aQRXJJP]v_Ѝ0QXHO.w&=kHHq$"/`q4FhjŤrVѹo'@9ɥ)=vBkA iu u0bhTϭw5}}˜85W;R#1iJ5WT jcҪE{x !OA7zxy>mzQg{F:]ޓ~HOg)2]+  =f"W AT}1j}3ͱ#5܍ME#"=SB|H '@EJE t f8݆v'zVY=&HPKz@)(~Sq2XnAp8d>%Yyno?:Ot5HM<*~xG8Yؙ?(E. )̙ƅO Iu+\a p!0%pP WwHT[^tc@g*G~ϟxify5N י{7*ɹEdno_"V3E3PpO,y.0 $I:2arʘ6BBW`g6򜤉uqTY;lxOb2!_2b{NuRG~l[ODť?q}Y&l^ketrǑP?8vܢXn~! MZķڑŞUY9k5r^R)ꠃ pmV,@l'}u^Ljft #3[J(&8.1xnŖD91pM䃟Z$&4ΈBG*!3$/w/E͠-|&IKƆzInԼ<M4UңdM~cbDXYmxtЬ2)7\g#|?jOB/S 7KpB"jE?J=Ph"^e+uԽ-rSHxV@PAIqϿ_USWyn1vXlc>^BIS{rce<3.VՕ؀5Et82l uEnée)'wëo@aWGG4m WmNVy`LPIC54s"{J+@)ڛ:s :i ;NʽwO=ߕWi@\Fxڼ*Ӓ.ß>[7&KkЪ.BPnk{ &l-óe5Xa"NcX&b.yYc->=5bЛWVOkZ#Neђg ~X{&yRL: |=.@ȟ?3ui {P0m2SM t:e"[GbJyw2$*Wf7g Ci\.W}䗧J$kPfnB;y˻2u)SpV34>R+Iwk5 n":׋9%H||NgBz sJ^%dXa &М2M@cf q¢;nig6eAEnS'[38NUJz/,E'Ȧ]$"@=sf31* 9b&WVR q^sHXYi;۸GELoH )/#s"$–=A-Kګ_4ZѲ+FBٜVܮ-C|.ĪQB_^"?^E-F;cpMM/!ߔyQ:t>%J} f=p05sS;(h/nJ ;82Lk9Klb[. +9\۔3ڢ)Mߌzq3ェR298E)<q];GL%4?Vw~xu pL?ڡ=8 N 52T$]pQL$Lкe"N ";f92.D|v9{ʾIK-"+?e%dEܗF{(株>4(g]n=E|MOJ)IU!Lrdg;W{y(`ǛŸ>TI]ADCe)gkv)DhQֶE[ze@Icye+ĶY󻡾%IY27'+*X,'߄o WMnΊX,V3ݕ{}j"cxp]Dg;$@)Wv'.o7Af7{`5O F+FVܭP\MXOv r,d;(b.DL9}՞sJE%WW$lYo}{Yt8UcvuwQ`e?+D(BB5՚e˘E9QN.=?Y~INtK:5eGvi|>]@ϙ=bu.207~z0G+YKK+HYy>hsrzX¥]Npb0^GKYQZYwUk-rJ2U W(/U5z#2['@NOn߾Ro &uc0 YHd@#pOPZ6:45݇,~T^^wX̀lEN:?[>E52zސzW?c%*ֳakL ~m;͍ %|óg>rby6}qHn;"}g9GB@NzeP$ȶwU1Bq$(g*{miIgdhdhV2FW5%o/慷p";?OP{nӽu>ؗYv ~ʕo{-Κdgn-2) sDl׈ޯdKzEbm&zCcosSco' 2!:Z3sE7.c7<͞nL)huq-]`Z dN70\Šn:B\K=gT -q_P3#! C%`ոe٨rпm#gMȬy C+q1-VzF׏zPUi*C\fw+P_łx !U,.TG$VRσ#yn袗o]5=b43vַLB84H&Zeæ:XEiۅع=Ҭ8al)5&}= K_ug[捉H#-eCxLX7f1vfc4l>0!|錛ݥfoZ)DAVB(jjGyϩG@R8(y n#LaTsGՃcYۺ=e*ԐCتY ?9s|1,$ |ft_ıQdy|zG-G` [dݟ8#k^4@2`8!BQ hM506ʲI$H#@ICø *HȒ%^ }|+`vd9AՃ #6rMN)3*HNcrNp :峆Xi }7I8ܙ? O6 .88u{ԓ ^WW}>ĚlsI ZBґ!6 ޖHT){b$~fWApQF!5D sE`78-2-x.w\ *^wN}lh%r2)r#Gre~Kx$T#1N HI}W+ ;ĄLKW189+Li$:kЙ 6o>MuqcTĐ<3c׆yC#YvIXL{%#1]/qbPLc/[$Ɩ0D~+/q.L gLν .FWz/ 8['Yb;-*˙S̠Cm/R7'PyKHVc1vnG ,{|R?+M& j׀IL* (9XBң0=L(c# eZʰNK ŽՉd|Nq+Җɷʼ\pW/|C)5'6L;KrTqp` 8@s2Y%OZ Em13-=Lثl^ u+ʤaDP~-X<9 !]r/3ġ_hƠ(OnO/*:hY u3hm .t.S~zKJmlm)$ ̼bIRb0$+VW71ЎHHja#._ Ѵ- 6@}+KG Xdˋ<4M NKZ&2sCɳVX{`4y.Y1 <<X 7NfI|%IE&fd /Gz+ƉO+ a2Z{&s;sQ0鈤;0h3HPi¹(_ vC;.6~{=z;ZopÅ*baz4|#\;9uMk4y"ZkРkzSVm9`)\75=aci чKu'"RۿƢ(qI){yd{ ό ~F%bQ Q%XU^2 bDXǫ^O&16pGCi}0\IOb"?f^QRŚroQ,`72f@~$6M?;&#_+I#.qhmoa&7b; EC)Н.:4>zf(5xNt!":"#"gܪU|z״dⳣRFʨyrsAI,ea;Bpvkhݫ@sLY1Fe@(Lw[!o~E_tNV|rZf,.!?PPFI(]+'rx',! ^nܫ&$gS[^ jڊ]0ʩ@u9G[FY]"ppD=rcI[gWu}V6h-'J ܛP ^5d a]Ac|V]çg!~`(C[mQo}~(HJCOYjKy~k njGD콮Jť1Pz6&\ wqh iR9$obRx*,sU#)_3'kO@Ls*K{(ň<|HRW[ZY][ZރE +e}<Bcyn xMHjpLI&G-2󭜮@tU Qk$S)ؿ(Y{!۔.vb6bChB&gCJCrRƌ&H;0r:@B(ԐB#}fcE3U:!? m-.^iS7EaX=OCp{,ӵ/A=%ɗYظMw5VJ{ 'g^cf 3tSDfmAۨ ߗR-b1=%t&xp˕aBj̭ue԰3,7ٜ5|2hy>z@.\,LI/-ޱ%D Bvsr"XB"ҵfc6!Ә$S(yКo1/yɬ.gsfPC*tmCv)jvl}5OWkʦH¾ Mٺh*g|aI8U[!UuH`\K|`Oɡ%!!uSݫPab,DPҺ,Ә \L;+LaؿWkBT_D;*}2>ʤ)6+arqs/㇭ 6cZ8igۻy7ĭU<2y-P1dCC`᮸R)$OQzQ ?R^酋PEHxI'#d^ 0)Jaxln 'Pc٘Hkm4߸ƔZ_` @\~x9FsBF|Ś >2[L!*.)oKj7m.v;tD7]Z$E ,)amgƿhu`YRO a-} ȇM@'K_L/[To'،-IV7-^v!jke<ƪ8QRUz/Mr֝4f:IY9' Oqbzi@c 17 gh\[Wј`0-~?ҧ066?S0pHŕoS!3KZjӇ%s"X+Ll4C"{*$c@|u6 W1!)nZRXbR+i?2y2aXZr`0\r{81@[t:np R:[J} 3jrf7K2.WqxxemX-8!K>7}oU.Gb*[ >Ug0N)}~(narj|`dG ֹC{X6e6[씯ݭ)lϱ ]dmFXY U)wQvܑKRC-rq_]tAsyeHoG hnC2v(We$HpJ73;"LN!7l[5IȾ; PF؏TaT1>L;ol, ow(NN.NhWa+[BX!2Vs^JÇrt6']^B)IڽcQ|U- E 2uBy5'JUןJW/ӗ?az2~Hz1.rn>c1P?0.i}0DB}46viYFW:jHyͳBD+ѭR~F_β*RGV'ϯsxϐ1\5@ ‰&)ц8o4LZКf­^XWC%{-Kn`!^kxa3"E 7 fp's֨ (y40MRi,LtPv1V= ö:; &d@~Em< Vw|{nC樊}G6FЎρoz&ci]l,q?0e_y1SSK/b9zHhd/dH~[7%7 e~Uκ6Oϙ Lif'_I\sҕjInQ=}?_m!{ lr۸$|z/t?(P#aV*5oX:QK ȘLy]Ntx][YNHhghp..jˏ oǭv˕ZOz3k0ܤq0%wl TٔA+[=+!=ܩrh|/N12?_AK}ɿ=tu˛4yJ*HHᲿΑMY7HRq\6U[yJRʲ.IYXC4/_ XuL,FQåp-S)k:Ru]g,w(獂p-=%xDyILw b.9$3=|ѤDF)PR4- [I;i&v;9N51Ml uqdkIJ8qpLkΨӧݝEZI,( V'oo_<j$J|A0Ջ1ZӰ` ̮5T[[& G7x9 {,0yr ?RaTe0|~mtmA_Mh}:hN ׻Y p2!AA џIڭH~;{/iik7$=hZ=̭#_5 <:z u0ڱ[w7>zބ5(/8¤Ft'` E|!d:ջA&Kmb[3G8jq 0g#/3،|0Cޙ¾EG\_uB&^AR&e,%+wsl &~mPz mW%Bϕi+ .p&Ype.h[Ul|0qjM4 mPt Q0Qql28@5^&9z$t(rp|y } ߡ _AA47.L5/nDKvtnMqltษvծoM=g)X4TՠokxJ(G]ƀ! P:shI|$4ld#)|lR M6>#$)q_iSv') ~pf]N58{:>q>Vӳn-v4Ԩ@Gfnq]OpDd8i6^ kˆ@𦙾l&N4@]bve[HO j)A&b25VxW $w) OK*h+QɶE֤5=Uf&1MQC(F_([`beիB R,z@o1JGRbT`^Ȫ[Bxdb@'tBBjڪSUe &&T7LeNQ?A$ ^P@t+jڴը"Oa3 0A5E@۔fxM7Dž廏|``(4LdY,!VRַEb KF!,Li]61OQizsGzp:'k&tL/ Z#/Hcyݚy&Rm@Vj,A60AVe$~R#dw{RX|}񌳵vmVj3VmAB_|>'3=#j`tf }'p'_J/i~<>*+vĉʉߺ\(j3>/LAdgA%#z_"c7k`LX"|=+;$u`mdڸkr9WŒsu^eKlNBu_:k6 meAAk^;ZI[i5qXVd\nrj(ȍ=Z 21x2,0% *A g z2'xMjdb!E[(^$+ =?H v)7^mh6ʷNAȣ_/<[<)n;"3vjhܤ1In[A",^4K fh?ۻd"XYXwq&Ak6y.G৿JMZqvxh4!=eUyL rT>{s7 .gz`Y-Ί"8h)DqIz6.,;7B[2Bw'-11!JȠ:*w9= ]#UL$s\ir ks:*( ?KgX^3FGdN۳Drv3' 9 g]*_r,tpB'WMv7QɁ0 tHM-B"O{eoQwwDh$rS(J o%͈x=`^+;/^(j̴[!BD_FF OG{]+?b,-/>%;GT)vmqGh UQ;Oj[Ĭ2~CrmKxTxfM*2n房Y3"SH_ y𞘓,rظ:.e-қc Xn}2[<ѲO1{-R橌H#\G2o^5aIV$EPgOaj YRP!/؋껵Y3VW3ׁ&ARl;U|ȹWKJ\Dr<$Ov̈́epުe5>s`J"# v$-HT17қ2xO{3t۽ʹ hŽW-KKhgJƋiPȀLC@hz:'ɟJlp}h<W#/H wSZ*LsGNAfʑOhl$4X Hfa }V+L۞paUW6ɔs&xKûVjܴvjQ&=2ss(-Zy?KY F}ۑ^mDL$BSӲ$N CwUAkS)W({ gճ @w %.( XMnp/L{Gia) <|eNbWz9?\ҕU*7i>Sv;ֻ-!&4Js$zk蝅,;fh33Fq *ל-tSt6)7]zKӕz}y{'x" ֬ u+H8ulDaL{Qyx:+,~ωۧ䔵ųi084OV` ZZ!L/T& ͓,#֮يh Ge] iS8eMTel/>Βym]YA1`G /Tߕ,1pttAWFTV/ŒůH?;MEŀu)?TEa?'>!]Bw+s=d`.pS;rP X++r7޽zO=|l[\;b>vN9f;9$3fFi D [k+? rWu]+e:"V ܇Xj&a`=n|}gQL~C/Ξηǫ!  -2(t;.4%7Mi/TU

PjlU=G= :Q`Ŀ>D]ݺ1Dץ|Z BAWmYNiNZ0HjZ&~ےdMF4hN$P;ÁD\"[դ?H/!z6Λ8k,$WHfѨf" ,kyeiPLrH0)^JOy c+Yon<pU?-4pܝ'&4Nq$1J[-h5@g482J,r Ń-<5<Ͻ-{Uwy4PWy\H Gف~֩6I]GV`%"Ω Hl\z 9U}CcJ{UMr'8(=1֪>ub 4A}؝;3iB/M4,J{vc1[ wD7^5&@P ?XRxOa˙fAe KCv}DX<auPQ(brD AĔqv woPrȜ@ ʚ+2h -0#y͝"3pb_JΣ=Di3xsGyG$jp&1FĚeAc)Bš̈́@D( f> 'd CXФ[W7XJ{4ǖS$䑑 | *-Ncbx4WM}hsCƼQKPw[:rR Kk.UQ4(q;Y5< dF%Y!ۛ>qie#Nr{_Tq@z& ѫX7qNr( }$/}}D :΍RF* 40}ϛ#I#RQ3KΗPZ[%ONV&N k?*|fC1Mw’kÃ}GFuYmF[֯sHV$O` 1n(@wy85o]ô7Z(rkt@Q^('~ pg#K K%ŠLY i{ IƑ= J:FLCoŎx4-E6̝GL+dmo7b2@/<~VЗƨ l-ZQ^"XZQ#' RYHR{Z 쯂YE2"#_-=z,&&KlhŠYAR_7xo @W)f S ϝUrKX WnEL&8q9I/Ubp 16#ηJ)bI)-Dm {`iC6b棣?JP򽜢tlUyrZRp&Ni6VULf .%nL#ir*oͳeĩ}"d `_>Z1F:(d͛nX9`ɒ8̷Uy'܈-i=Z^ +9S} .2눌Ս^.+m.[XzSxN!6g_/0q×Tot;$Q~VL>TSQ1H\Тa>2/md9ŷw fJ-j-ru`4kqfK _P8HˇW@>~3NEξHռ S0 zڿ|3t\Kro}1. Woхը႐nVB!tW븐-l;NŊPJbO]`]G6>g(K%i }h-KY.1* Yo?S,pҩ(,tt"z8׮qR8pmEśce`;vV6ڙS_]ht;7uTCH[6Y&QC5, Q~3eo)ر867#bI jx[:\\S`pSPmp6tM]))B4l".]Q.6h=7}ٯAЬ'HӾ=Ϗus!D-({$9aUP̼RB wkmMBdγӺETäNM \a0ƬCi h sULprG;ܶ]mV/nlnodC\j\nB{C" t8 {*U@Tfoa?q.^T# Ke2XN|R{NVFLKfzJ+̚!;iZ0+-˂$ٚGTHt=ر3JT ̦ if ӵXnfH_|]4 EL/d/bSi/Mo#H5Sųjjs^r'O(xҽ)fЀx Sh^]ff9(i4% CDۼJG5^7{jH8#UM5JLx<jj!2ՔU=ȒVe\ *|W<\8yx\K[eZg"Tc bx EgkiZӛ8F_e@Y#c]EGR@Ҿ7g$^xwr@]5M>Ea<pa%I C*ޖhlXl i`Ut9+m]n!rD`tޘ^n~d8EKN8Zd?Kt 6>-9VQ}otfZN[F R:+CM`Zӑ%hqO jI}1 W@.,%B/&H_?ow2~If(!`뱗2J=66IaTTWg$@@ D1iXQ+]Ɋwt +W֙% 2Ŷ>` | W1b#s ͱSc\NlCp![:kXɍ2 ><`QP?jw#Q4BT 32Ӈ/^)?GJ: +I уQ6=#P\/J%һȤY;WލʣrxT= DCCz--'>_>?S:#"Qh|ŜX5ڪyrh2$4!eK flߖq8Bh}0o[k{uF^'~X; `(hk낛yUxWor^_P (*`'kӦhh"Oڿ}sEa3 %~</mcT…o0u pzeѲD$h :ǥ=V tciլ8 jctK![L@>U|Y\JpﶅL@D8k8RiK7SWoBHf)3r:Ro@HkJH1T(OY^\.':*;,Z}di!s,n'<&!V# H=P]1jfnELUgZ9ՊCnC鼄ͤ9 v}gG,H_d~)6 tm.G__D7vw &tx8jl-RVube$^`*?" ?]cM%@BWDzy/GJ{*;:@=T?""?7k9qdwY[& Вˠe#b*`bv~]aa6D(.N;Ւߕi[Vo{v?t : ' N3L3@;$}%Q 0ۂ3N<앞}@Mz;YnaA9 t+KTӑKyhuLZ$]AV 7nф  _)q2tT#A_ˬy y?n K[HW.@u;N^Z:Ws ,NOrMmu"n k}i@;VZ#ֳ8 vmuK4ϲ$4YW%6 !_/es?Ӈ3J'"y~2w792 ^,7iSRx?IRo34fUGቂv^` [&`NJa"+P@G$_]ezT-8М,rDc 8-#q!5o:' Us.dht>XuL=Ա6HHsp'7m)iSiXj3ؙ: S@Zc[sK:MVykFU=Y9pae2AF-%bEY6PCL3Lg,WZ/ƕ9d5&3}XɄ b8:!C;*L0’ W]#Jfstly]^"e@Yc.al:NE܎rm!ҫY壵n#~.C^9Y=Fq O25GUY"K4u"F؛ Оo{"oOfy_>āD6ڝWj3r,QxEy) p"$IP,Ņ*Fn0 듦t[DH8pF.O%Bġ^b&:= p a${lUNNn/9}!zQ}ahe: '7'8{;?.H|7WㄌH7yG"y?o =y~SKb ;OlۄZn ·WGyJ8?WaI\D5~@ vw zU|n0w0G&'$h:e$;Pt#צ>}F +?5Sl Gr3T%Dbb "I?T:@Y~<\{LsSFǘ8>99ц&D^I5k̉JT8tAo3zK?w !0ѾGy;<gAuTA7k^C.q-ru ֆR/o=,x<%I5" j*dBgoo@).o5/*xTMP9N%>Qj o@d, rF^;JfiUpbBnD =ܔY~)OCl`b7?!tinܒH00h!'|P>JG`+}t wvZkcwm3(J"}b=zӆ5A.$<;:̤9=*:ǴK@h++R^EEy4c`ͣY`- Mr:[#Í5-9l&d9t֘$Uj4Ě=$$Fp$)AndEsCwtVюo2mD22 $j?WtDѣ*\{| M+f,߯VZjv;$sz/KVjfn-s""PkB-s0F{2b ,Y9j{h)0I[~;!SlM2[hy*b׶Lԕow.W1]=˨ZRA@d.OgH .+9GaK,ǥBM# YQb.%o֠:Th5RN(ɖ>Q+!֫H/i3EX(dX-Hd {c<48%do-A̵d%*s5vYT\Y:[y`\̴+Ieg;pD6. ]bkOӽ+&$U#%),L`T˨SR e G|\onLG^v fJe<\mkmԦwFi(N9It`rg qM]@cQ)Wp׳mQYN[7@nk|&dL{ |fx1$9%#F_**M Sݯ%2Igd[.g*YkYhzgO¡I/J>V{ʮ n^HnmҚ"n³|2 pR/Jqf76/`Xhk%k=er$ǀ-*fkB8.+bPʢ)t4 @J+$V'vTo 2'A]vh˝8z{ǜ.fN~|.tV_Eu[?RSL*zX[)Ej$Qa>OްQϑ_\fؾ @lh+1;dy,rZ5;F3 PK}%Xg8C>q">:a~9{ [}ɵ_sb`^B!w=rPl_G/XQxѠP3ld^rAH@pɟ*'Y_KpzS9GVS6"\k~cX9_Pn Au=}LvFȯ!i6쇨y~ҕj*#5M;S`Z3US)L_w >N/>g0r8,> g`C։|2Sl"I\qb.hw*1u_-ۅM,.PM:/S/f{M<>%Yr044C!ޣ , $|bTX}' <]ـzU9JǝOԥk5}E*wUR) `7G-GȬʜhjX.%հp>24/ð2oIz, oW̱֟o61~~~8ב$%Dȵ._Q_.m|㭀yavU lw17E[Mm#8 6*}#%"pWBeiiݣݿA桍l *M@˘eb.SV `@F-v\etXz0F +'25I-(׭r,6!3+pEve1g1V WVޥ#ӗ>Wf}7lr;|() q:yЭ|J%*'*龜fW:L滉 wF h2(\}&߿}#nvm @ӽc5>,Y|lV 6d82KtnBYRXU#'CQs\}k  aᴱ!>Y P~.$4[^]FXi(k,.V7WB;nAyW6!m r#1(v0QV7* ޴K{ndRA@3"Ffp0aRȲSO}B[7"w%0`hM)mW<ɹ(:fhɢ"`SV/ȟ_-\Dv<W -'8ж$Bu|oÃ' tˌC N ċ9zRRЂLN[) fpGkK9d;@ESVOhT"Nh\*kYXb;b{:&G,ME w S-M/Msx/Aς>I Ms8"dNOR5"!ExT:tz3$K(=beR&LΝkL/gو(yь'Bwͽ)k*~w#ðnY(f naR8ɔgwNu„yry?^n {[3'QL2"-!,&3Pu{v(0&:^)ypOFcdzѶ4I^K$kttɖ"(R#T5gC"Zuקbg*$!S۵OC)<I8TOib_sQ(Zw5}JAW^G|˻$Ww(ف6jY1TC)6U re(9t}^h^lfG)7UY43K`g9W.h@Jb)I1>U×PbS3'5@ju;VUltL1&ڦvbIXQ6xAv ڡp:Cq`mRqZ16&oXBX K~U8}t/&f|z=OtQr_ѽ p7PˆVif/y)Ei+ѐR:g<5)de>ADm11t`e:xЊT卢H eX, Rq6]cZ˃ SCb`]wpӡ Qa vےX\1ĩ6@{ܟshJbSt8%P/Z7FS{TRGW}-٪wnit_򭯘\DW2Dڭ i_`mͺJ?HRF0H $KߔC:xGu%STͱ9SseL<4UOFTv4ғUIgBTCߘ![\uK$e24LyaܿK#A )BI~]Vq?p)? c8c * u1/Z)ZuMϛlJ0rMss!{P4O\a u?}) W;~/6 XrƗ ^B'MM?PV GZ/C.6+uvԍASe~o&B^0*Z1V=P>@ca<"?0 O1)-ΔgO|4q"JʅFƬw¬B:\C0ԛ[os.)D:pbkcsD,JJiro!b72k A}sS;v_ws\"W&Ëfz.F;2FJ;S]sv+󕅷fG5Thx3\9I@+p;&gf&oCѴI\Q<ˇ&]9=""#f8H g➸JUTNdIM.2haC5ݯш5p.Մ>e1\t51p Qzl7neJgʮ6+ vZ4/Gc֠YX } ;5B)ޮ<IP(1 hmjA|Ij4%̴K'h[RٿՒbY+)^I0"~痚ꀓֻ+8R²Uz$Fjʼ@M;-W#^&[Gdc$(x5Q~ӓRb`pCK[Nm=q&xmr].FI"}r(y:~\ȣT:%JONr?Oyv<ʰZfysXob } /(Gjy*ü=+fU5JOIآzTg9L).64NY>2[ Px7`g5&2xzdúwlV7h, f1J 'pr_YtcɀV0#>]w0Z;g1!R"e +TX)#9R”8Zn43eɊ_S` ;~!:P3 썼q T w5 D{@c0235U8BD](, p9rN_SO¬jkۼ֍H{[Ig2a!=hK6<ViPzؑtr*#P^lZԋqE}YTQѶFnJe@%[ň1TF9H(Xf,z9aF}ͅe&({þD!wyCl Ilj)eaԳwLgyuL!HWs^UdF8zeG)OEo8~@(W/um; C7JS~}SaƭÍ䨰]뎳MZ>XddCm-9H}1Khx5Vw6e/ԽwGڛ,V"M.J:IĽƈaĥ`ҲO F%Y`7اYvG3FEexi3٪]4{YQE*S!ݕ9U OG0D[͈Lϡb qq28ץh{hRAIaN䆟S׎hd<' '9*q;)&̧6jq_ 31r{Wn3ho9Q&Mjq\, "Ǟ᫃9˧_gY;j#YNtK`8_SGeM ~6UYƽZm5'SNQonHY\9M])Z`t#Tbźprᘳ^-}Vb`rğڪaμW_hi)!>M3%H/bC('j9xwCD(z~}3bOJ_=Kfa((.ǑtX y]Sy\)R(! Eh92{O{,PV dK ~+Wbmza9qۏ,Pq|w>zQan3'PnM1Qz~Dj@)RjBG Bhg]q%* ٩ckU]TџXWDtP#{]\'i{2=tG[V;CG[-nkb f颹 :6H1G뉈P=:UTeÇ%m/Fb{;$|,THS<-҉; P%!mS];Z)GBQ-z3E#\L9Ж(W ' s``,1?*f{Bpj.6ƮxΏ"d!g".e<.#)t!oax4dxE3N2kZ1.(3rByJ Iٗ$ %"җ-ҳ *c0˙0ͅގY6DXZ[ :)U0XenAG|cMEs,WA*b|j'WHok:F4d.nKuN~MKfq4ˁņxI#hIaN|}\=vJmoQg!`\&Q i$z/ M8*rP9Q[xCFgq/ߞ sa)ö׿K:АFt{Ę\8~#wݿͺM-"7WꠠK?Q`eaJ/FCγE77@$*y=xp1zr)TCˮ ۻ]4ӜيʣN,Y(#c|tj"d45dc`JvvU発'\3otQgQjv`|h;Z:u B68E()*T4Y33|rPߗ\TÞ+⎱bw3R dB׹v~B8F^Woej %`KE트Kg2fo)wEΦxU}8Fpu*@/\߲5ΧCF#˱bL:3p,a}Ф߳㓑Ȋ/uM2:O\8?/FXE1sFgmۉF{/%2t$P}p ѥ^P^h*  nMcJ6MeJ](Zawz:>FD8X+g `e,grɉQjeim3 2zxBcN;K ߄[BG3뫎z bø*.ԐdK1ߙlkL[x=ޱ..ҙ)Se;LGs qcY4?iӣ.m2;6x'32XWgi3"4UOL4m9Z->T<.ssĩEb:X?C{0+@_Zv Y/l\zR\TD1dO:E]s@A\rkD&LE$R]D<\A\!xNu.ҀOԆbnX]ޤ&?:P=9̿! Nјۄd]|~½kz!r?b?Xzv~$N`GhmIknʲmZ4Ljk[ژtIP.o6Cd߳SB*C7F9tsleܼ4m1Zf ?OŶ%7Ed@( zb`I` jOn.YD:kU`=rN1!;N}P&& M^,ZANaco>YZ,{? MP`zh5.P. }̆U͝AIFtbaY Z䛈H9p,|21S+i6߆s $= {r>11=@ѠA勈;lgO!Wn2{3?E_-kF0z7sMDYHt|)+uаT)caߗ0x;T@fs5Va%y,!zL0P\`!R$E!-EZ}5U>}*h *> #wѴ^BΖu y40  &Kvۺ]&~Ťmʰν>GR]b !癑y:&̢pbUHd(<3@XeGgqV8z(V LQ>-wNtӧ^/KfKR}3+Cmj.M_҅|v)ܜXIRY ^,u YB©`' '=JNIFq4!Fڜ$y3f"lq0 p%=%0ʺ&`2\~ :֓ ͮ4>NFXŴ5 Z1cNJB8PUȨ"ض6@Ŏ>8n6NLvz\]$Vd^rur `AhӪbQm3hӟHvv#qxȄo 5iіE(aO.L4.jJ෫WH8 ibӇS!?Qd=d%\M1aL̊goZ7IQ2#gi2%hPQ ^ @&268GJW4\uu/r11ESZ'% k75`'Ɩ0nkV ap7lGBR6I9I1:"JV9~AVBGh0HAdp8Jf GlȒc ]@ 3ↁ.zd$˘:LQY[(u&h 2$.x{b\OИJ~@U$ UF n35V> ;qBQt+18hH( ؠ RWeyUbE1z@}yM6\XtZ;]\]"qWve>-R;˸3?pk :+تNE`p bbMco"$Z'-HVŒ19 nygi53=XH OevȮ:/M]vgRt;PQK3rL!ZFER"z KNXG}{کH"ۏHA_ a$E[^syERRQ^9閆+X>b#NnWvϯt#Uy3wSu#|{i}"6S.4ظVY$ժBШJc<5\ٸ#z'DKE|IM2a=EE+ +N~k| Je5 {{/#zz~0c13fNh&zޡt tu5L&iC]$-~.òqjVKicMGˊBc|$M2};d+p'@UQ)9$1ߺ,L4֣_t|mN|#DFHio5ZY}dީG姵z0pJN^\N,wrZH$Ğ֥2/ 3IM TؠX`N[mԈ"yTHu |"iWο*kt~6^D]ùB/l9 rx'r>J\>=]xdSx3'7/RuUD`GÜU3+[҇O|V"=$X{ROìGӵF8|6'01-q7sS=FAn}>bȁLn(YtK:j٬+zkPIhC}}[07ٺ>qCI=[,b ecŹ=g2Mzc}%T˦lCNӷ&/ /H@B8):s f>pL<[˓41sWY"5 ߕ) >ԼgzS)a#|)(/[֑7uT6`]EHh,lh> 䪅w C2 _t1jPsΌVR_ᆄy^Y4E=Ȗ&:Cy|taVl!0 Io&6sPi\4ţk9p}^.*ok[M܍V/ƯJ\_P;;9t`X|Cd 5IFAZR(L? K%t 8԰O}z& ;>g1\:$ci?|>6XX^_3ԞCXKѱNQx6hwyMڡkDQ M͕B&NTgc"TGZ^sG]نB'Qɜ7!>~1J!OvX Jk!WYL\#eBUA-$+:0D:+TUۨFiړdb tl;ҹq5!R.MK JJEI؅ƈخ ݖ=K3DRhuVK?gӗw>\_iXv{ ws} E҂m26p^|"\nU"R'ZZDSFOTxa>C~Sv|JiFtapThEٝ4!J}6NN Yʹ92zQ i⿟7V$6K%%p%vz2YV7Mf¥Tl%|/f ^HQH׺fME&o,13oaPp*@|_Բe |h-@߹etYD{/&a+@v=ȨQMSxd(1bJG1z(sz' 7e$uU2Bc%/I}Ik$ Hf:ˤlK Teᐶ+Lfy"%d,aě&*v@3^H/PLe9f!~J-;>Ah)B3G$J彵v:^OmX΋~):"8.5:QR[IDt~q ©d}(.Vnݾ]v ׁxSw +OTD(K+U_ѿ[u֭oAɽצƈЮD楽rOeLD wts R@#i5IljHBsF>1wP[OJN'lO=:PUOf8ÝT|Er=7~FdGIR=Ci%xR.HzA4QP&}q3L!JCA[^9j _ʋI<¨@SQg>;3c} b#ܱ,wu\u>+nS;<\KĊ._Z^7  0Ծ>8u.WqB) -+*# (X3ӄe*R8QD2i-;CbImettik]!6'SVrt`t05TdyIUD(X,3j)x}ᗚ}S/bWBԲcm:;|qJۓ+;hXiYuu?LțW0F)q63s/kSbi9_QfTEٮ d}: 8]DVHq\G[<8tog)w!XMIՕ2 4 Zf Pj+ :kJ3S CA X/e@S}XU075n,TVMgrxu"nIJd'8٩M|3OV]/L`NlE-pxɣ*׌ܑMXfG5w^oJL;A ĉq ;nVd.F̑ͫjy.%/pΠ20Fx7xG|CWtS3މ ;GU3ԯ Z–Z@PAYq8XƸxBnSFQx27BdYLм'"ʘ?\|>C}_$~- B~ޖKygUDQ Ga +_^"af03De+ioEφY$4YSNAމ#@k4&(%Q=b3<2rVYL;O8 ߒ]AoPy]IdoPQr\T7bܖGN̚|ydesfژZQ8Z_% }hfh 8dt\"YJ\Ng^Z kQ^"7%=[";[>F/uu ?ۜTϾ&D՗ӵ0-6 5opi3HCE:4_d:R_&m+Ah1Ma'S&tnj6ѿCÕ#M_ %AU ,~g|E'KR?Xls Fb:{>,|VB,K6 Ќvnh6:RdBsTnѝ#%csD  מ=kN{ro ^xÁ˱b[,AʣmQ85HmE)AՏւ ǒ-!Yo VQ9OsI)/t?I5C}"Ygc!l[T|:I-[3N*nXX4m5&J޲M(_eO^L~R2Dov@ȕE PvFP9so4gP2܆4|)=i^Oc{+,n|uS=3)B"XRv*)|+ksX cP.`GJwau'jgBnvz,uZK 17?~PP14'>6!R_d[KR/g!?AF+:OXjkrQT L1V'2뼗 jӸj0zI::5Tx%UL0cD'Lv!7hXmu0Ӓ"DG>0,l1[ߥ;4€BGp3|Qy]HE*7%JZNY{Bgip'/lr@l"TZQ&I+ W/^ܚg/p[t?ʛtxz5K"""78ԟLu㙁7i:P t&cFGP|~&3F`ݔ,~.o4K{εdE=Db)F1=J7{Hc0O| 3&si <)>Btˀmuuۋ^*x@K5:/fs8F9[qW7&k̀j]l犍JXVd'ZLX)fD? J5+ '@GFGQ=u򏛄T|Bk]Q}(~GVb}cy&S7E ꋃ[Nlz]rDhA' IhݓCT6+ݠ^WhGYE7'Ո]L+P߃{ llwh|T՚>FYuԎ/ P@C  f/F$2@ͻY?⢨NQfH/eJy4 GrV'uhU-AqX"=/^g(5r@ >Rp5|T66$@v؃ݦo m܏&6SW~6ߌaz2Øz5-,֮eѹ)vf*c>G A+?2qʷGr|ȱaV|ENݣbl?O:"lЗ j~8 h*O\U A?^Zu!{n|#TzC@@3IfW٦!١mJ#E>7,7 "Ak/Ģ j5X]TY~Yf[ݠӍl|D8]Bu[&! Z%呗l26D5 A s Xfpjx;7{:–iۿXtx EKoB §wP|C6sH*-BP:rj(|#S69:OjdcOC4(y }yy#jL>mV<\y3\gitۃ^4"؋ ^V̞WBE]Ӑ g.:ę>}{BLai+E۾s`z06n}vgd4pJOڠ*4^D,RBA(| W](I0|PLe˵4٬%kr VJ 7 u^NH$ܸz!ГoRʛ|\\:5fEB;I'H2, `|ʧ7z .ܚgh+XXMġZVA Y X )sLA.gra `Ɖޞ\e^4.mw S0U|C%o}FPo;t kDJR8ʊfk,^5+R E}@#yZ.U eRW p;]ȰMXw*hFibe_ nf=U\[盕ANSbNdk!۝W Lbܐ7I)8,NN܃}sԥϑIH`Y1p̕͏[}c33^]YrT~Tfi4E#V8 DI2tvNeY{ sQI(F_Vj븲?oBbHt9nm'䤞82KC7](tOKU_$qD'쪪WLSQr5~u˳F!.J #T p͠\)^)## z}3u=.. utA$ NWaQ tQ;l/fEށ2Q[ wҀ5 dž06^Z/=S iTÍwX#V=8U" ֙f_l8(TmEKKSX@=pj}z*_0{Xf5{O^*sdp!0#8lgYyU߽^=[ f,a nK! mY CXBQ~$ 80 Qmb9?;Pc~y6)KK-Mb`=[<ǮxIi&o QkAܒ. WHIYI6?SS6Q)z]jY?DJ9Գ "J ߃bt;`b:267%OyoqJch;/Ҙ,ELnw?2U;W|gDDf/})5hx%:|&,OFtr/7/:Xy`6V/8p*n4Ή;J{!GI^s\Uqs J`,"ʤSMmK4!AJC:l-8'I;Y>:t'l4W;æ:`juM w cMOlURX/+[ɰs4e&˰q|I)W ^lPhO/ ې G5o=j9Cp.Pc"'9$3 s<;.tS4M9-ZRkn*F̗|>AlZڗ#$ 9ȼ[8;Qt c|2#sx N@UX&1˞fnq+sZr8ZKb9J\SԙQtPN:^`DIYK$DۡGKNmZWG+*a,e-l-FrdVvlyS3Yj7(M/p<o*xLG1bJ[|$88i">^)@c(JS%OtZo5ڐc fq f֓n+qFUe :ػ"PlgIہX[@2W}k*hJL|cW!uExz+ulvМ,߿7`9:ؼ6'LLX80S#:3 O%PgT M ہO3OY<)Ջ]T R;B.ģsR),f%4?e8zV\G|+u|`'1ulZǶ!C+t+Y '[;?lP̓zNH'ŸJ+ $I'A;Ժn;=Ԭ}3br ϽRu`*XYӞj97SǔH "I6+?;mJ!5#UKa 0zH:1(KO-Eu;_ 8䥋^.㙆rFع"\WKn둋ȡ3j>]bX u=9 ˓:P:5G B:F1,H! CBW(* #duPQr> "7 Xi0}D\r(m@{1 H䐱j׬mq" pZ> +X5Zk-4F[~90XȴG-.Ќ` H4QXt0C4z֡S\[*ʔdqr>$Ҳk{ t˔6=ZP˫bIu>B0nolPB2G+/KZpAGv,vN~ kXâҮA;kLO#uddv8ۿƨ'}1ysƼ 4ý!DGozvC~x(cb ӟW\z['Xz-k@uXZaR;Lu7w[[0tc StXTK ls*0 ҏfP2RQi)O%~xTW!q`,>(V;l14X<~]1 H IvY(O+OWNkxQ"801(ZU+ (>)Z INk:= x$(Z%K|=37 d#IƟ BOT~(UI0D>[ ?YIǣNax"Bޓ)\ lDrA5BFư`jp:nH1?fc.1BΪ^ uHk[?xbSBL()J~?B: mN:@\~?n ]0+Sm2Py /D +UDxoٙ^C)$*N#RޝOcGbr݋p͎<0"}dѠTeCHC],ljW-^ߐ /_~eO/mFPLa/t>`t,.\Y^?`h"2%W;%wg*G/f~+#6Q2VzA N>LF?NGlfmП/+Y Bٛ$is3*Ho >v "[:)dm|$Ǚle-=u0r$y PcrEXrRYG*=I+ࣜ$eX~* >pƴC~64^Y`02s@d !Ԃn*r񁻘3X.Mz5XH ~^u"mvQbpc{"Ri{w_ɹkڌ1 Ku=ʈ MG-[ F9\xdV^_12@HJJL8+1VͻLc.*ɗ3SQ[p|Cc˫'xAk#_3 !![#6wFbfWTC'g?DKu $fH'(;FZL5N4x C^o: t8`nj;(=-lj>4Af,4{p99QR.*S"Jd^7? k8Q|mĥ. ۥE;7(ZC2caL] RǏijd8kHBe j)?84h P-S(r[.!R Uya}gdf )iBtj6àU-v}"WWY} Rol@=Yg%ï۸!pd#z&wseQFMlF¬'ͽwGƴCpUKdgEBRj# D^y삯IK7VؼA fxQFQ:G*H/x>/b gwPS&# 7wv>}xHt0"`0$=I01L!jJd\G9ǧ_,^/֗KZi]&z;{9p['bBn4.>*^IPQdo>Q'g=BQ2Ŋ%"LެG)*Ӆv;e gC#_ޞΦ*t&,|< 4gpbLYXd:42[aՉ/te 舾֜s\kmلNeY+LcıUȯW1亟=%m.7SdV ;I GA7f3m1v:!<ͬSX|_i_2;] No\ 3*@ uM .I =N̋'-d6dnn w>73i9_ "F"3Æ>O{+:CU7)&K:Q7UfT&j4t\)U!;byX U7G&b{xKc&MYs`4[YaxW}$pGdaz/,9i4$47,l&*p,MhWdz>ty"'̤݅8zK1Cz{!i5츙v5iR9t֎ٹ BVD}F( ggJM+Ǟz[ ňQ2,XZA $C9uoHf?-7<*M7|T!ghx $)MU60r@ I#RͷqMbJNHLL;O9"B:S< 13ni2 'Fu4 ^O՛wT OFX$ K)= ^'͒!\C{e?s7e!ͧ#|B9 ֶ>EI(ɀ/z6Ƃ"}K1!"qNcA)p٦-~׷ ʄ|Et=u3(7ȇ&e:;&-NyB~5@I `$a=C-:59DzރݮOTb4 f2$?(ֳGmiTzEXeo9VѾ.wf!i-~n|֧{ C!T\MF՚Y#Q0#vNyX9D?G-B!C ~akARאlg"UOw]">Ĭ\e>K?辧B?'Ř#OI.<TSS*(`'SZ f?3b؍bAiB /ܢ,?H|)v\`pqHh9c33)M+c m+޶0D55EW;jTDu7#q |}zmVxZ˃`n9' ioP:|&._e^r きlՄ5Aru8yZ7vB^gI[(Q,u6>iBEQ&=P`% 66z@S Oؼl^p_wZf1fLh RZݜ ~YJVG@^`@{xxRdUdgG5~ti\HtV:c'9hbq߳(P7FKu0'tPlxY+˵*u'ы%N\S6I C[i_UtS? H-^ tb>o}o+*'5F3Z:U  T亓ѕ]r41|){_6/wԢ&A*\VgxF!q`x0B! :GbVHӴ\rZK@+lkYAXŁloKiK <6AF1qKyI);שDِֈqXb\PUS[82 alr5E99b>vw|'{Llo82@=Gt[jp8wP2۳5 cqpB > :ڦ J{z` 6}\L@.pxtu1aqwu[(LgaM:rX ƞ,X<0fgYohY:vG?a)m;6n'9=4|5C[f8\H v .5XR<{*2`[q b&؇ r/E4 O:1TVSnpuiGRs({X$E^'?-`MO"n1 DͷD @@{ԊcXw#k{rF(5ղo3^ңZ^]& <-+QJQ@ a0'X"Fb)T?1^O&ԄԆN&icX#լ|c2F֝|/R4`y};<;Y@li`L\Kvӑ4,pcpIΉe ay5' #/*lP rْdrnRJa!Ky=ЦDŽYo^9 άT^HLx {"uo@)Vw(1p:&K5sU 4\]&ԝU~q-5(^DN3yZ'BXUQm; ^"8!uhjqtw+h]vyS뢰U碁25 /\b${ݿUrTC+x apȨC)FB{5bRi"\) dh҉Ѽ_ѐm#J@L[ΤyZ2ۜYbqMP@\kS50=UM/@ 7nKTty٦FX͔7=B}HGj^Yn0'@mKdb,{L{"+eO.֟M&6RO EׇFڼPncm'Xq:P|E\g:3~wĶEf l^uzKoᇵ_ Kl-ǓR 6]{0Cñ ^ 'Zz prOp:ٓ@sozsߖ$)[$^c~&9IB0}8}0u6uvA)ZnoĴ]ѾN0lp`CK=@$[g D#OtVG`82si6˥)dB`gU*]À ܬC<\ fb}i.Ik_s2>_Cw -e J=Ѭn aJg4>9glXh/m0DӕR|/S|/ayh6[RN䝭aJ CRL^L7-zͥt=a$2' ,޼N\ލ[ =Ƴ5_g< ʕ_ KRVS+4HH֌ʲga8x ,Rz}Od=pC޵ Z~F 2Pb~ҿ2!W[^`NUn3'&QׇW{ ȠY(ůA+U6-A|uZ\NDi6}UO? 8Uń&DS<< V{M &Q5M[YTV)3v=W`_OQ+)tlb%e 'rpԈ-$xBy0ԋ F-ndwq{x<LPHn+&vg+՘VI'c;}wKIHF+W?s~)$j3B^T @R(CLꚟN܇9 :(](mgA`ܻ߱|2P N JQ2GؾPO iyd =dyHΐ1ޭS qTG7l,Sh $lz72ȭEpJ,_7M M7"3fOnBf!&;ӹ/PdS8fr0zz{W]tTRK``d.w4EM $1KSaYISб(U X B4Mc.$Dϭ{x&']Cڷ׆!R +]DvEۤÐk^զ:(ѕjHg¬P웝txyvʜ?{ 6<ћY+{ރoJ6zi|<2KJ?B,{PM';*Wo)DmfleV,w׾;=VRacVt yб.Cs\BQ!{~߸ngN1_)VB6[ҼQTӿX^49L!\宀lKs1m )YHk){@aaz$w<;SWhNx4g3 P78^\WRM@M  _#MW7q׿%"2uGk&Q;1427GW~:ޛAc&\` θ_xMk͊ @xP.S;sQߔ=ĸB3%lCɵOD1#+U-6oEIr /%[f5ꡕ*֦F~L 5m1Sv*Zc^=y$Z1&V#Aӫ4cppSYmb"=Two-"^~_Jr+1(e1rZyqւ0 -5Uq؆n_)mSJ"kʼn,dM.MF7#a<*.^K/ iER%?U=^-8>H4P r?+S%x}n;~usX{Ne6#",3B#~Y}j6I,g槱Q]|1S1GLeH܉w(2,kDTB1OD|)%޹.VûuI\(TCM$9~ YC3PF*>=U͊qy.|%UfCT-PP&EszfC~ܸ8;H=c<7St0`XIZwK#qt8dCu:"ji iN-C< \wճ0@c͍~/`5YxFc{2!gy,yn7DhͶ((~P @8x|!.Y= B~YX8+a0֔@KPq=zؚf7TkEؾ ϖS #cw?&8vbLsh@b=/Y_y&30LG6*]ԑ)Ϣ{tj>gֻ& W/X <ĵ~fI.k[GJ\rn尞C'O9 ӽvIjGn(ߜ`n§C/`g+ޝ$Urwvp"!G!J|u5vl ^[ǯfAU'$FHIڳm6dVb$^COnmW ozLX, ^+Q)iנGMKp(~̧}٪&I{ԅp7+ڔi>̫5rЍg7KfWh2}2e4YC\GRx 'eaYA jlA:^9"Ͽw| p?YҥkIg7޻.jZs)G/NLM(s0獦u౗+ܣ:°[ N~S 49DLiqm(Wq' F(kg0r|jV(=%-;Y#,;um{hE Oxل9Hw YZc0ZuCX6o;뀏[Y /].wh:6eRJxg +I,`SlMPN05%#ЬZ2f&XI# Lq\B+#HuqۨTo_Tdʍ I>uE&@x[zb !HC.@I}-qBa7te o+=ɱ*RKFL+x/E$XgPtnլa͖iT{̅Fy R&4VN*`w5W*!.FP3kՇZS0 ֪HF.]6B'-=[Le=Hn&pmA!~z Dm֭,KB+ЊKqJ=c,JϨ 2yo;`AQ9;Rl54\jO(u׉DxhwCU@W&D8W~+x#l9*u, 9N^?۷PT7Ľ6gn7o~K],b!Y0wt'aNȳ&*Xf|Hl 991&_*j$0'Zv͆Hu`CBӃJji+,l F:IF0ȿV7S1ᠢ69c= 7 ֦;K4ev%P:-O9W9%ؗJ80y:nM!oZ A|+G/~Qh\*''iuo6 9#tNLmz ׂŎ`H|Tڦ(qje,ׇ[8މ\qLzVxG_Ė 4+J][JV4$K}I ?+vQ]ޖ6?Ի%$#~Zn{$9аH_m!vCF95{lZ#=(x)6gk!5oOr6x祒ZkTT 4F+Fe1DǗUxf09D?c 1]7 1(vgsV״ rXʷ?Xjz}HIyz| ⊩*IS3Unp#R6c=~<`OP Q;?}r[ QNn8^|3mNu.WV1 D !G9eB ~|=b/zS=MDxbƒJOC=yskB6gʹ!0zۛߧ̶U-':p%}s'A ?l9%Y*\Lr/fEg<Qu6'=r>5Ys`"EZz@;=9!>N$@{^ OX¿u\2$yڋ/3HS?bG}mdφ ?gJ2QessmZi5}$;.0&4Uz%xh+>QcCXE"q ]zp !u71Cy{7f/{(֨pE0kE=g;{o8ZE2P7fLi_9+'p-ߠ#b)Sun-Yq-:ǣA*Ho#[uBܱ1ԑE@݇߀%Ce4;FNh)xۙrv%1.:bYřb*'1(Dq3^'b"*3]Gs28GɑHZo_qϕǺj힄w-v!1n@,T?mM ߴ?\M~("QbZvJ"dѠ4 1&GURL=dP1h[ I$jX N3K-ɺK1eH–8ڜ>v0ʁ(jbgv]Es亊K%)yvL̇աEpNC0DF큅dPͣߜ,s0dǺ9gt#k6bj"^ͩJաM+{ްOad/3D\+(󡨋SMvŐilE+|!u-V2L6l3-n!-6--`&?ZB驯dyV2YJ*5&nHd#X{(𰃤Y$>ɂNo(\9 Z̀-HvFx}ή`uk2v53A!阿TG$ӉE,'# Wij}\O mА AL0w9N0osTuUH![(2+&UBӶ%7 |! jAi^a$ͱjxՏF6_x9KQF즆N;cjΗռ^ `: Z!!1؟p,h(|- >LX9OXw_qEZYdm^O5=eLxz36ЃFzcbVhY>o4=~_I$B(«YNkJ K͑S}:fd 7qՈr1z&ӱ@cZ[G^t_|m/!14r1" k _  ӍզW7ln9<O=: \Uv40 ./gHm ƉQ5)<` 78ҐDiǾ ko]S' ->:~mm*e SX[%/=d4oN-`h~Qkc J:[".R=&*|e@RH[Y#ots Z$kT n@Rg<2/>Ge[t)˝nC'*; *XblptxbmfY]@2n4]Ac4iRA,j\S\z]]-j]ڠmHOPU|jUc²o1hE N:%TỳܤXeWS\V"'XmNIc{㟉?s0 %-̩TFbsUtd<3:~_tA428^S_|*I+٫ ;rn봏JܬZp5k)lNM$r}>s!|$0,4_($r$Tn6`ݬB8݋퓷 )u8WKKG  ŋ3A}RSF#$˫M[Sr=k4i{UJ3#74%`u' G˶Lִ7>W ;~ ٔ͡74.s vW%L/ T_QH2+ry]dW~1I"Hίk:2T[m;&c~s+R ;+gDR'[zJk5ЧV:(V+4j( y©"NfALvh۬|5`)2朻KM C.p+8P2׎_wpħfai}b@،ѣg*9mRD̀l (@EDFV<@IqB@}loc^LR\4H|ICZ$ĖV th[Qئy$sb) g[eE1MGWq} 728]s;Ys٠k3wO t 1KXEU A-vG{ʶǞ}?<ҲY9UNK skB[!T':,NE^{QcA>^,J69O|i#<$}قdS6&I#1A9AR ȋyjȇoCJRZ7KirP9^+l^GwO>g%!/ XS/͘.ȪO< {ǯL 5V:;1o "k:Q1Х[ Q\Ƽxr?l1ƽc1ټpn(}O?ג0fλ5տhw., /tB;*GpGMccL]47&}>T:ay;vjfUVǖ{̄q  =P1%c]&‰`- SCJS^;zQy(ƅw.P@ڢ6DkGi=hdPwM~<E.`FHs)R;/}iKLyFO0QM^j+Ɇ՝I%K,RRzYs*E6f"ml|#JʐҎJ|byf/뱝L\ Ƽj͇Z#vLUPI۸9  {Jbn"LOPdU_ON@ygnk/1L#:HLy|{3$E1 2Y{؀Xq+ ):%J52W!ogcQ1&7ڐ6p* 5$oaC܊hXBlc֒P4(KG{ig掔h|Y^hb63!1V VDHaN)YK ֮X%nk2h.VWѳWtTC'1O@RQݍbYwJǟd/688.p豌XfX{ RO*9M og(/Nϗ%nD/dizKKqo0Hm?JDx#$Ɖ(rƧo ;aIeڡH skA'maXIS zh+*avB(DMCm:}w(GǸͽře[Pu,M(ZhlzǢ9VM)_AѾ =E] tIJ(~o$3.wLe!e+TԏJ@|⎨Kq}NHI/jNy;dϛiQ5;Ͼ0>KLKva`,Wys[{>Ç\`F`r=tWibիZqȮdFZe(`_qx3]Ȑ52]ea˯7AYL,,:3/$3"CQtTWxB Vf%cL˯P-:st #gY| X"p+3e՜ĐE*Ļ9ʸx.gǽ,ĖxxґJ ;n@%3XoGJfߑ`ǒV69 &=Ca(7dE%f'{D0ڍ >j]%/r3C O'[N-Huab^ejV"^CgyC(|1!X?M_MyT70@O#ފC>9SUqǞ0y]BvRL-w’g{'8'J&qYS܎-L! c֎ʬJ"(ƑgV,&tW_Փ p$]/p`5P+]mb+O=8 bxb,~czGl>*$%My{Zۣ Nm~IY/I1+iz2'Myd0ַM;'S5^F@ rҀ\}Dgk`;BFAд,Ȯ9 },6d!=Ht][|ǜM}BC @(ԍ2vHद^wtImeԌpyܳd^~f R:dE6 L%= e1ڝ n%wvZqMՎfd1wYjǩ{F@bu?Hk'Hx&l7㷩#j,o}0M;''Ω1kZxggtr l%)|cЀ7 ]x'w k0|D[BB㉅4iu>…1na*}Sc/[K67Nxܰo٣x;h 3` BYUx/akw#8ȸ&5V3IԙqpM}ʐ]G򨬔SX3-!O[8{*bn4`I8yHa-O8G76)/"]f]꟠h#k< Bs &Y[J\IxTf9(_D"*35/j,Ko|}{on $ix?8 Y?~|Y]&"0;\|?֩?CGp&R "[G[H4'k0yOA8 [8tH.h=FN )%`FUof+^2UHܬ-h`ھqɠRࡁfdx |Q/Sc:[4&7wdQ 1\P~HHثo| \)M9k &Or@ęR;ApJV'X*g !$?\F^LtU-:5!H^jDHL2lv//XXB%QmBAù7ҪD,1+%H<:r=T=.DM:``6c. j.G71iHaYtWT!ù*'}P9wN]Ci^-b݆:']ygK0yG!tl9GLN·Yї5*@̉7@(VNHF\A:${jvOPӌs57 \.C2\?(]VM|~1 %fD͂-Q9ZUZ@,d$k0Ȗ¼ٙuv L9ggz{W͔h/Nt h Y]_{>UraAt̩a29LOʦ[Dx3e&0!!2Z tʉE,K??\v1tܒ{z /3^l!?Z cqőR;\>Ҹ5p8ivǞ3` /zfGgm)o°}`(:4Dr/naK"e$ԑ xwO{[]LŇEmҠ=6L S^<-%MS0+В1/G!nTɰXFoC|D]߀声KCna<}*2 wkՅׂTO..AӚW>S- ̽.1&RB9`'`9ˣ#vYƎiO{>kkЈ TCo6 wQ_|b,58hjq\L4C)H.M镸@M#[f!W4 ңx;=[ 1+H%_1~8++\bœTh(\siaEifMVDK~FĠx-_.a[Ի8V ]sq<2><eumš3tf7%dGeLd#|hOʹ  Յ,plt1 =bXb/[=#qYXT,3ZwVZ8~'xg@=$X%ĖM{]ѴU<=SP!F1\n{b >쒷ãz\[ŁU6`7gZ@Ĝ4|# +0˞lfq´!J [~'<~F"iˋj""LWP7]]l~H)8% {sD@Ƣ,BH#晭-mDg^2 \ۙNA/}T MطXå3.Q;>;Ցa=4BLJr aBTUK8U?`=" EOr|_In' Rn~m߮!aPv]|zAfZ_񧘊`IN5^?f'fFRMnX:n=rqֹ:!|^OH $m^9Īir6{tS[ {u@$#і ,*1B]57 g_Y\q_#%x<]臎#f2ʬ;bNfyBD.cDT]")7od] $ZU B <0ٸck\6I z)$e%7YQ o Kb|L҅!tAYĪlKҬy+K3Rs}*Z_A4بY H63jN>Y쿴7:Ԣrx3nW5ulILOxA(ݯ>}'ͩ>.XOjxvPb֟i0Y^.lE^:.{qD1f/eXCo`Ro !(Ɇcf#"š^|l)WVtǩ8*JH8F :S*Cg5m4˓,od!MVGj"XqB~-Ȋ^:djn{V<)~C6K|6S¾zW]O)=l 3 lH ̈́n!I/WSn=j*MD-\K0Z)  C/p=^š ?){|^[yx+ 2R{( 7٧y&X*it"Cw@tn P.Oi }&\\ɯb~~ӈ/[ߎ~[,ԕǎ'7#Ok )} kIiV_N+g7C)VÜiCzT_E?dK*2E`yzk,rUVic_n!zK(F^-#P_JF3MMn ŵށwmn4*:c@|gl# Ue0|M:|5nndD׭cGUތ9$̜bK jpDbkv, ͥu'Ӱz?}f6gAӣJK2)R  T>QaV#^ޮ=\7KH8$~/?O$ho E~u=?2zФcL͝K,+b\v_q\L!@o+gegi6/GhI5UVa9Нv-&tv`CUsk}kfi90tlp-3 `g2`3yIGqf|BI w'YC7p1%7F)ȞTxPIT~:{N6q+y*ٽP)(/C÷XӇZC%J|mU'~7bR_b6+xbYcD_ȃW م5K8EK+%0qxr >)pQҤ.q@c)BU,A(WyM1fxU7) s-zpOijO%Ho%-Vjk(|}[H'.bUM}"Cp@Lbjr@؅ҌtxYy+M4R?3\V)qv'0$;be9Ժ3LJ3cE6U+MleojgƈQ$^V+4Ўd( `uSJuQ<˟y4:ݶ`B9(z^H uIGu{s}]`G(`Ք4?Snl.òvL9 `v i4dI yٝiG|CxD H5[w]~NZԼh_/RI8@nDK7 Z.S6gPmZ Ly}y9MHw1:{l~! |q1ed_w+DҺ*BDw%,֙xZWsA(j#LU4֤SM7wws=!Ϛw*YRn`)46dUda6~.瓽i^K^9[')Į p鵢"% d1esuuk&t5NWGȋ=pdrSlx5&aIKEE.@jr1Dz*|j{ܺ֘͢Yʹs$ {TIVkE ?:BQ-xbzOԕ,B=ҌWMb+f?FI.-Os|~Eok!;:9o2gcw܆V77(rJ*dh ڱޝY<àoiF.^-(+w7rE{o !P$M"I q̫H;y;3I "k'+et !fV4M!SʩBJGo6z3dD]@|G 7jS$IfSy߇#4]QtY 6U`FcjFДH˓ج[btdHIܱ[jgߏA,, Cfy GfS]TAne^\`zlc`%a!(Rx>o9xoit-r9y7I%"1Ko ,rU=iU$ 5K*xPv85YWy]fu[Y"N^Izz23(tZ'q`2..t [i*U9(>7<+Z#׼LU%rͰJEA6xjqnhޓ JXV ĞfcݏMG<w^" J P\O ݡN>xkԂ=5O0Q'9)p>0nw?&o ^`ڄj @gL8h+MLl5c;s@nsp9ӧt;q`!60Ɍb$݄L>>#/r< B)Qnc^JZi> *aωfc"ni1[wmSq={ |~DPEK1ETc9rdgF7~.̉m k.@{H_R>Pl,jf9;!Sի_HdۣKb#0iP;6BCۣe8BEmA(\K]6$anRYy6#<zZ529x/,r2 ;Nai2gQl7F &Jsx Pí;!Јf}{4h`<.H3 UjxDj\fI/л"hE]@Ru.-=fPfr"/"IԆ@'HtGk\8 %ac~@X</NJ] ɬN-yWB*L-g fiԾoņ7D EՍCKKލQjYLDTUrB'H>_8^&MTzA/楡/\;@ )zjs,ѯT@PNjzC%SXiFZIb%_]}3 9u 7Q3$ʦ6vL!)O3w2A<耲AY )=[&!"l "Օa>AVOS p>1e$<8Ffs@hBmŎ6A_ҫH>},'lR"sq ƺG=qϯl@t+)-lqX`̫>bHdg*=Ed˷8~`qd5*p%zX-D pV=aQ&rhI*\@F;#D/Oҩ/?oTQsvK x]%t˴O>ّ |Am{OnRѸ!=bPҦjp~ھ1EbDOɹ4G͓ /W8>z&'B%OVVSpN=2HzS(5fsALvA wB`MC)B:ő`E[m|7umDϠ]T LXդ?)PFR:󺨃4"lt0qb Kdm8c]&:=2 ؓ'tii%<ا(jk>Lvh%U;ZĄ~gywT^&^ɞ+.VrG-020+(ׁ 5ycݓO4o6hGV5k hlAβ%\x{NOCewo-gH:nďf6rqIa!_'`Yݶ~}Htv ΁Jt*xqۍ ARw cG}UJ/I{b!M(x/tҶJbba(zb4{`٫?anBGW {2"TS7؂N!0\9GcIh}xq$pFt]zdmج30s6* N _/ L#=n%ј= iy(>q΢O B%ɃPj>atǦ%fa"Ɖ:8hIcg.yj4c[^mg&;3Q<91Tu8dKƕQ`g l@wf 4~IоE 4=9 |쩟oҳ)H~㨲CZB_|+&,M1l]7U;@TCijcں0M6*<EuSjp fkإf3m1VX7I1Ok^w;P%KB%k%`}N"f/\B-Z,?$?-9ڻ$E1u cvasFox1 BqEnyz9"T]d3%Mz#>OA1KW4x17C^iVѵ'T ҈ͮ(d{0/?(I lH?Kx4F[ o值S_*>~6~C=9~eY(eV'  L* #"nkR)ρ9F/-[[GHؿ{xD¢Br9/o<# UQ)tOߘW.FƝg 2.!Pȁwjx+)jw=mh`LnNca#}1xLjXÜ YN,I]1H&~t>7 Ѹ3 : ~Tt)1ī93NuBPৠEyΞ1%O}eC%9,Z>Ѱ;%i#p"pC1u!zJ#uaR@j:;oqTu2m ?w1y8^JeDlŝǽ^iu$G;<ܖ3'"Ď_\()! &tZ$<,>rv*`Ii> uz5gH aw2 4j|:F`N)rr2{ם~~^<75[kL-La3$d^fr}/n0pF¬#K1[]#gJ!,^1Mu}bvH-×\? ?Yb-o 4i.K3z5 h]!\)E!1~uzidG6/}%Pxf!>[~jqG)iD W ;q4";-g _8ƹqԦ~iàoYX*\QD5xgh车/l]p`_1CTh.y~[ydjvkUd̻ ?lӬ7 YOX;txf=( I}-sg8,ËoB2;Lu2ߣIFpX5ZH;:1eR1UKeC0jYSktƱpYYEc5gTMxlpj0%=Yi3Xc3@&HJc'6?*3k :_2>/R[D7=iK'J A-vR oFi1;qŃ5B}ʙ]4N!1H.A?v$Uy- ZJg2vcEnNL[bq\ތnP"}Tx"/ Y+B}c,-6t2+jp!siw7p 'w9qf9$?+H/m'H G6HXqPyDl3iS{<@Y>d 3W6iD'YLͭ7Z?\R TgT*+z~;.+4:5#Fa|#T'C ֖f_~)]1Ƅ18b0as_/[jO.ALZB:*T!;ZWDG{4}f-Iarq 5C]'Ckr 8LѺ+-ьړ(ge!oa-3gn NnpX)2==l@"]nb>O2X5^;l3GqF8%N ZnWgTN q 5BWyFzvZpƕzQlUeL ӖT ~Z2A-CR+J aDq8fVȑ --u{L3k Us=stV„N-~"}k;^(mj_C>)x[= !9Æٚ\!vT/{qn34iG#֐t-RW2b`NlK(O6Ν]T;؛,=pޔR阧9k4PcdcxP+g!~`NHYe5~-{Ҹzߣ܀Ih 'n+<<X#, EuG=pqu,y[haJ]M.z5Lp&0k81v}3x Is~g%5i(V,q h2[{a`Ib-X&dh<$Hj#2@%qP:YXCL{^| !?H8:P gb'g*_h^WhE7Xn-1/xD_}n"*OrDև-NͿOhdN CxrF k'^\>ɟfZ,D[ !#-5CoxO*=$Q(v85ɋ{DZAKhDiPg1(q׈$8LxERd46]p.EQC;"dn5?fW?7<8,3xҳߊqxZ|rЪb5J®F]|fa}#ғJ*Fjd8ve"vtx;ѿlY!:7#˵rVݫ{kvbCM,Z8[-qfQd0ʼnC Uˤ]p*8kod \sEwJM@ mC.8@pn`8# w1q󺱠Nt0UnbqPFSn4gٳ42E<9yvcYtX"㓉b9!V"IQL U][ϩBEmr٤zht*SibceE'ߦ,Gʲߝlh&~ii 3&2ZKq'͂ 2lhoLFRv 1b cE+c4?r"?Q\?B18n,/DRnG 'Yj׈?WG35V}L^;),1=&4' As:_9LY:8QdtOHFO(s, 960o.X,~hI ëҩfB5gpe|Jh{~4ұH߷y)^>3̉tB?TFy} x`mdž.g44OrpRAz/+pD8;蔊->Ʒ E;WIZnyUݟjZaCzoX#~%3^/[KQh3VS.kV @ |OG.@tl_qbP_!5 ǍqSi - |NQнU$'U6F AFz~ 2sRP6 :ŻǮP璹stŗ_<-ދ,de5as-W/Yv33<Fr258!9 䕦]ޘV?z9Ga~joO@EG_Fj^:4Ӝ <)1?l+*w\*!;@gȉb]D 'p9JPV-4i^Ud&,w- NirfJ4iK`c٩%zt)H`F7%7NcD >beX*w%Z$Qi Rp`Jm w4|*xҸHki (TBl#|׏̋[ݠ.Q@l%Yq|_(R s̐RVpM@ ۋ^c>/W"N,{C%aBg =& XВl5}Ҡ̃LӗtKmu+$4U۾D֏5+!92~+ŨqJ.;h_FbOdc,Wm)Q"kmFy] ΓD.]$:},4av& 5dɰ@ S#=e[օ+ʲ7d$8.Y#v(Klk7uDÉY,yhjT#FI-x[wpBlq0'MrnU9NR5+UCIgd m[S|'n|JRR"ewƧ}6K?jي9hgmIM,lAe,5,+wQ#Vch\eBT4oaQ򾦵ts ; ќh[X %Fi:yL۸ Mr~3e|1PvP7AwG igED@]F4P~H _3V|':¥1ʋD AjrMA4Ջl[ cPps3RJCմI⍉'d4#C㠭<p ۗ:ԙZ3%.i\CWDKCVuCkz+tU)7nl$Kh*q@ZSbիȦFm*>8 c/g "k띥%LBekZ~Y}-zU4<&:ӵZA BaՏ'2{}0Q?+=?2a8KxJ3Nߊgՙ,&Y1ݢui%\TUd|c\=UGRYCfdr&-¨be68a!G(iii^7et$ûPDƢ* 0OT#/P7 aAsX5Q41(>A>{ͪr;}hxjw?؀;e_ UcQC$fٲesCBmyev c&LY5յˎ[A1c\2 #s { F8 NjD#76# '|鱁# gy 5,FO;¿%"`w%ɍ~yM@(Ntkz0o*vܚE5A4Jj'rٴ 1Xb3C)꨽Ȃ1V]񱁟1jF[at(\M"CA: Ha.M޽xrG9s7ao _e_S՝0|zxŸ~y^ފoQ3B9~@ȵ^r$6?l𠈡AF8G/h˩/~Vl2BB{~h\™jQdN;͸D%ϟRg'kI'l1\m2<5x1y TeL[olwV\wqfgc~4,8P/GK[K]` $LsU3c #Ei:P/Y\hrjB}0]?_CoQmU4+wI'LKy3QxQg%n~!{&$qdGߍ9?yR?Dz@ liR#8c#;9_1b V%jES;8{ObR*Q2_N"7'ٳe|̱FvR(ÆذZPG=8p駎YI]xD WwE$#g +f3IU_ey-uM*%AO: C&[iØit۬J+1_ s_&*(;CFeP-k(Z;xrS1ba`j#Ŵ HUv%̨瓆Ms,|6h蔦oDȜ. *k:};٘c)m cM5"s RUv]U׸cja:eM=IR ~A<-_SMf^0oUfSUEUV?|֗qԳ0@ {j:=+(*_A/\FmTHYmŖǰWH022}T:N02 0E Kp4bzHM?(2nt;ՙ \Oo|eH\ 0'\8*hʷyYCƓЮJ7ɭ w :Nu=6! lAX O{nkT N`-n(f)հyo|q~WnM]8_{E*<|p5./L(*O^}J-O]Í6%aFNT̻ Y9j|9D0x|Ҽ?R QˊYt EK9Yz%&6c`c&Aw 7%.ؕ6,۾Ȁ`ˠfeQDT9B#M