hostapd-2.9-bp152.2.3.1<>,l`o"!M@eee..oy\rPvLlrSQ|3*\eDWݴQ9Rq9ua}5lu!i-$~b`ʃ`ܵonaMZ#^FQ$vx0BX3LҝCI^ "Xz&7.Յ1 (w%&4C yiG!Ϣ)&H?Ks =vҮڷ_!_ud :TLA?c I>I?d   H (6EKQr  0 \   v Z@l%%Z%(89:=s>{?@FGHIXXpY|\]^ bc{d"e'f*l,u@vwx0y z248>Chostapd2.9bp152.2.3.1Daemon for running a WPA capable Access Pointhostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Currently, hostapd supports HostAP, madwifi, and prism54 drivers. It also supports wired IEEE 802.1X authentication via any ethernet driver.`o"s390zp25 wSUSE Linux Enterprise 15openSUSEGPL-2.0-only OR BSD-3-Clausehttp://bugs.opensuse.orgHardware/Wifihttps://w1.fi/linuxs390x if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in hostapd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in hostapd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ "$YAST_IS_RUNNING" != "instsys" ]; then if /usr/bin/systemctl is-active --quiet apparmor.service; then /sbin/apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.hostapd &> /dev/null || : fi fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable hostapd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop hostapd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in hostapd.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart hostapd.service ) || : fi fiBhE>0A큤A큤A큤`o!`o!`o!`o!`o!`o!`o!`o!`o!`o!`o!`o!`o!`o"`o"]JE]JE]JE]JE`o"]JE`o!ceb4c26cbeee4bcbac439eecfd8576f2cbf31ab0162bbca219b1263cc342bd771f56a88fe7f663e2912d82d1fccdb57ea4f3a5f933ce6193a2865b2dfa4a3ac9ad783ce62185a566bb1a9bec9ae1019eed04c4b1dc3c2f5fc9e0db0cbbb92e10110bde2b8db5105ec0670da388c050b9d98e9d49d9016e7b9a70df6b8121cc6a64f3d56657d8fa9cdf3b26f99876d61209e67c625c619c3ce4862a6b1889ab1f36666638cc3cd90d4bb1fba4aa04a36ababf07cd81c4cb24558fd7ca7905a04e756a7d08ff4d8ec04e054d68e4f837ce5f0a1f938cdfd035368587655f99d81c4474e5adc6260c9d5590044b4cd7e90b63639a1b6ff6e42f4205fe72ed4b8cd033acd5e4e2d2a876915e955cc2eaa28b3e64dea9bd691a0197d801d2b33e6da28d97223fdce567f3e7cf718072c174380024825d2b5b51b033475b2be8655b8f8bd5a6cc957ce76fb9631b60c849e29df060ce9c77e37e5c1cb2e922d80d6201637a9ea0460243c2840ec6f122294fdb145fabf2fcbe40490bee0e503f1402601ae016d32db3a5f03e490d8d1a5181212605dfd7714c189b29885f6a14e106f57f981a4767acfa2291844458ad221bb51b5354c0d8faac97281c014a1c9152fbad783ce62185a566bb1a9bec9ae1019eed04c4b1dc3c2f5fc9e0db0cbbb92e10100973f33a74379e1daf489bc406e5014fc625665f18b876d82d6684d7aef6ee09ab50b5e0f60116b4e49027627ddcddb16fd03b160e132269b79dc59fafc3daf51db52a5e281c61ee21aec82e24a226cae5c6b94bbec0456505d32fab8a1b59servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroothostapd-2.9-bp152.2.3.1.src.rpmconfig(hostapd)hostapdhostapd(s390-64) @@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/shconfig(hostapd)libc.so.6()(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.2)(64bit)libnl-3.so.200()(64bit)libnl-3.so.200(libnl_3)(64bit)libnl-genl-3.so.200()(64bit)libnl-genl-3.so.200(libnl_3)(64bit)libnl-route-3.so.200()(64bit)libnl-route-3.so.200(libnl_3)(64bit)librt.so.1()(64bit)librt.so.1(GLIBC_2.2)(64bit)libsqlite3.so.0()(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libssl.so.1.1(OPENSSL_1_1_1)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd2.9-bp152.2.3.13.0.4-14.6.0-14.0-15.2-14.14.1`lM@`4@_s!^@]p\O\&@\\ `[@YB@WV#U8T|Clemens Famulla-Conrad Michael Ströder Clemens Famulla-Conrad Clemens Famulla-Conrad Michael Ströder Michael Ströder Jan Engelhardt Karol Babioch mardnh@gmx.deKarol Babioch chris@intrbiz.comchris@intrbiz.commichael@stroeder.commichael@stroeder.commichael@stroeder.com- Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)- added AppArmor profile (source apparmor-usr.sbin.hostapd)- Add CVE-2020-12695.patch -- UPnP SUBSCRIBE misbehavior in hostapd WPS AP (bsc#1172700)- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)- Update to version 2.9 * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA " control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL- Update to version 2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only group 19 (i.e., disable groups 20, 21, 25, 26 from default configuration) and disable all unsuitable groups completely based on REVmd changes - improved anti-clogging token mechanism and SAE authentication frame processing during heavy CPU load; this mitigates some issues with potential DoS attacks trying to flood an AP with large number of SAE messages - added Finite Cyclic Group field in status code 77 responses - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) - fixed confirm message validation in error cases [https://w1.fi/security/2019-3/] (CVE-2019-9496) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify peer scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * Hotspot 2.0 changes - added support for release number 3 - reject release 2 or newer association without PMF * added support for RSN operating channel validation (CONFIG_OCV=y and configuration parameter ocv=1) * added Multi-AP protocol support * added FTM responder configuration * fixed build with LibreSSL * added FT/RRB workaround for short Ethernet frame padding * fixed KEK2 derivation for FILS+FT * added RSSI-based association rejection from OCE * extended beacon reporting functionality * VLAN changes - allow local VLAN management with remote RADIUS authentication - add WPA/WPA2 passphrase/PSK -based VLAN assignment * OpenSSL: allow systemwide policies to be overridden * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * fixed FT and SA Query Action frame with AP-MLME-in-driver cases * OWE: allow Diffie-Hellman Parameter element to be included with DPP in preparation for DPP protocol extension * RADIUS server: started to accept ERP keyName-NAI as user identity automatically without matching EAP database entry * fixed PTK rekeying with FILS and FT wpa_supplicant: * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9499) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT- Use noun phrase in summary.- Applied spec-cleaner - Added bug reference - Use defconfig file as template for configuration instead of patching it during build. This is easier to maintain in the long run. This removes the patch hostapd-2.6-defconfig.patch in favor of a simple config file, which is copied over from the source directory. - Enabled CLI editing and history support.- Update to version 2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [http://w1.fi/security/2017-1/] (CVE-2017-13082) (bsc#1056061) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * FT: - added local generation of PMK-R0/PMK-R1 for FT-PSK (ft_psk_generate_local=1) - replaced inter-AP protocol with a cleaner design that is more easily extensible; this breaks backward compatibility and requires all APs in the ESS to be updated at the same time to maintain FT functionality - added support for wildcard R0KH/R1KH - replaced r0_key_lifetime (minutes) parameter with ft_r0_key_lifetime (seconds) - fixed wpa_psk_file use for FT-PSK - fixed FT-SAE PMKID matching - added expiration to PMK-R0 and PMK-R1 cache - added IEEE VLAN support (including tagged VLANs) - added support for SHA384 based AKM * SAE - fixed some PMKSA caching cases with SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - added option to require MFP for SAE associations (sae_require_pmf=1) - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier * hostapd_cli: added support for command history and completion * added support for requesting beacon report * large number of other fixes, cleanup, and extensions * added option to configure EAPOL-Key retry limits (wpa_group_update_count and wpa_pairwise_update_count) * removed all PeerKey functionality * fixed nl80211 AP mode configuration regression with Linux 4.15 and newer * added support for using wolfSSL cryptographic library * fixed some 20/40 MHz coexistence cases where the BSS could drop to 20 MHz even when 40 MHz would be allowed * Hotspot 2.0 - added support for setting Venue URL ANQP-element (venue_url) - added support for advertising Hotspot 2.0 operator icons - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS * added support for using OpenSSL 1.1.1 * added EAP-pwd server support for salted passwords - Remove not longer needed patches (fixed upstream) * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch * rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch - Verify source signature- Added rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).- Fix KRACK attacks (bsc#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch- update to upstream release 2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) * extended channel switch support for VHT bandwidth changes * added support for configuring new ANQP-elements with anqp_elem=: * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached * added option (-S as command line argument) to request all interfaces to be started at the same time * modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * fixed and improved various FST operations * TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * EAP-PEAP: support fast-connect crypto binding * RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated * started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake * VHT: added interoperability workaround for 80+80 and 160 MHz channels * extended VLAN support (per-STA vif, etc.) * fixed PMKID derivation with SAE * nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added initial functionality for location related operations * added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames * improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior * added command line parameter -i to override interface parameter in hostapd.conf * added command completion support to hostapd_cli * added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and "SIGNATURE " control interface command) * number of small fixes - renamed hostapd-2.5-defconfig.patch to hostapd-2.6-defconfig.patch- update to upstream release 2.5 - removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch (CVE-2015-1863) because it's fixed in upstream release 2.5 - rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch ChangeLog for hostapd since 2.4: 2015-09-27 - v2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax * added support for CCMP-256 and GCMP-256 as group ciphers with FT * added Fast Session Transfer (FST) module * removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4) * added EAP server support for TLS session resumption * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added mechanism to track unconnected stations and do minimal band steering * number of small fixes- update version 2.4 - added 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch for CVE-2015-1863 - updated URLs - require pkg-config and libnl3-devel during build - replaced hostapd-2.3-defconfig.patch by hostapd-2.4-defconfig.patch ChangeLog for hostapd since 2.3: 2015-03-15 - v2.4 * allow OpenSSL cipher configuration to be set for internal EAP server (openssl_ciphers parameter) * fixed number of small issues based on hwsim test case failures and static analyzer reports * fixed Accounting-Request to not include duplicated Acct-Session-Id * add support for Acct-Multi-Session-Id in RADIUS Accounting messages * add support for PMKSA caching with SAE * add support for generating BSS Load element (bss_load_update_period) * fixed channel switch from VHT to HT * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events * add support for learning STA IPv4/IPv6 addresses and configuring ProxyARP support * dropped support for the madwifi driver interface * add support for Suite B (128-bit and 192-bit level) key management and cipher suites * fixed a regression with driver=wired * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management Request frames and BSS-TM-RESP event to indicate response to such frame * add support for EAP Re-Authentication Protocol (ERP) * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled * fixed a regression in HT 20/40 coex Action frame parsing * set stdout to be line-buffered * add support for vendor specific VHT extension to enable 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band * RADIUS DAS: - extend Disconnect-Request processing to allow matching of multiple sessions - support Acct-Multi-Session-Id as an identifier - allow PMKSA cache entry to be removed without association * expire hostapd STA entry if kernel does not have a matching entry * allow chanlist to be used to specify a subset of channels for ACS * improve ACS behavior on 2.4 GHz band and allow channel bias to be configured with acs_chan_bias parameter * do not reply to a Probe Request frame that includes DSS Parameter Set element in which the channel does not match the current operating channel * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon frame contents to be updated and to start beaconing on an interface that used start_disabled=1 * fixed some RADIUS server failover cases- update version 2.3 - removed patch hostapd-2.1-be-host_to_le.patch because it seems obsolete - hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch ChangeLog for hostapd since 2.1: 2014-10-09 - v2.3 * fixed number of minor issues identified in static analyzer warnings * fixed DFS and channel switch operation for multi-BSS cases * started to use constant time comparison for various password and hash values to reduce possibility of any externally measurable timing differences * extended explicit clearing of freed memory and expired keys to avoid keeping private data in memory longer than necessary * added support for number of new RADIUS attributes from RFC 7268 (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) * fixed GET_CONFIG wpa_pairwise_cipher value * added code to clear bridge FDB entry on station disconnection * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop in case the first entry does not match * fixed hostapd_cli action script execution to use more robust mechanism (CVE-2014-3686) 2014-06-04 - v2.2 * fixed SAE confirm-before-commit validation to avoid a potential segmentation fault in an unexpected message sequence that could be triggered remotely * extended VHT support - Operating Mode Notification - Power Constraint element (local_pwr_constraint) - Spectrum management capability (spectrum_mgmt_required=1) - fix VHT80 segment picking in ACS - fix vht_capab 'Maximum A-MPDU Length Exponent' handling - fix VHT20 * fixed HT40 co-ex scan for some pri/sec channel switches * extended HT40 co-ex support to allow dynamic channel width changes during the lifetime of the BSS * fixed HT40 co-ex support to check for overlapping 20 MHz BSS * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; this fixes password with include UTF-8 characters that use three-byte encoding EAP methods that use NtPasswordHash * reverted TLS certificate validation step change in v2.1 that rejected any AAA server certificate with id-kp-clientAuth even if id-kp-serverAuth EKU was included * fixed STA validation step for WPS ER commands to prevent a potential crash if an ER sends an unexpected PutWLANResponse to a station that is disassociated, but not fully removed * enforce full EAP authentication after RADIUS Disconnect-Request by removing the PMKSA cache entry * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address in RADIUS Disconnect-Request * added mechanism for removing addresses for MAC ACLs by prefixing an entry with "-" * Interworking/Hotspot 2.0 enhancements - support Hotspot 2.0 Release 2 * OSEN network for online signup connection * subscription remediation (based on RADIUS server request or control interface HS20_WNM_NOTIF for testing purposes) * Hotspot 2.0 release number indication in WFA RADIUS VSA * deauthentication request (based on RADIUS server request or control interface WNM_DEAUTH_REQ for testing purposes) * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent * hs20_icon config parameter to configure icon files for OSU * osu_* config parameters for OSU Providers list - do not use Interworking filtering rules on Probe Request if Interworking is disabled to avoid interop issues * added/fixed nl80211 functionality - AP interface teardown optimization - support vendor specific driver command (VENDOR []) * fixed PMF protection of Deauthentication frame when this is triggered by session timeout * internal TLS implementation enhancements/fixes - add SHA256-based cipher suites - add DHE-RSA cipher suites - fix X.509 validation of PKCS#1 signature to check for extra data * RADIUS server functionality - add minimal RADIUS accounting server support (hostapd-as-server); this is mainly to enable testing coverage with hwsim scripts - allow authentication log to be written into SQLite databse - added option for TLS protocol testing of an EAP peer by simulating various misbehaviors/known attacks - MAC ACL support for testing purposes * fixed PTK derivation for CCMP-256 and GCMP-256 * extended WPS per-station PSK to support ER case * added option to configure the management group cipher (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these were rounded incorrectly) * added support for postponing FT response in case PMK-R1 needs to be pulled from R0KH * added option to advertise 40 MHz intolerant HT capability with ht_capab=[40-INTOLERANT] * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set * EAP-pwd fixes - fix possible segmentation fault on EAP method deinit if an invalid group is negotiated * fixed RADIUS client retransmit/failover behavior - there was a potential ctash due to freed memory being accessed - failover to a backup server mechanism did not work properly * fixed a possible crash on double DISABLE command when multiple BSSes are enabled * fixed a memory leak in SAE random number generation * fixed GTK rekeying when the station uses FT protocol * fixed off-by-one bounds checking in printf_encode() - this could result in deinial of service in some EAP server cases * various bug fixes/bin/sh/bin/sh/bin/sh/bin/shs390zp25 1617941538 2.9-bp152.2.3.12.9-bp152.2.3.12.9-bp152.2.3.1apparmor.dusr.sbin.hostapdhostapd.accepthostapd.confhostapd.denyhostapd.eap_userhostapd.radius_clientshostapd.sim_dbhostapd.vlanhostapd.wpa_pskhostapd.servicehostapdhostapd_clirchostapdhostapdChangeLogREADMEhostapd.confwired.confhostapdCOPYINGhostapd.8.gz/etc//etc/apparmor.d//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/hostapd//usr/share/licenses//usr/share/licenses/hostapd//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protectionobs://build.opensuse.org/openSUSE:Maintenance:16058/openSUSE_Backports_SLE-15-SP2_Update/5843becda614a678af679df612e4d1aa-hostapd.openSUSE_Backports_SLE-15-SP2_Updatedrpmxz5s390x-suse-linuxdirectoryC source, ASCII textASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=633cc6566d07e35e925fb1bd81b67b6aa97929cd, for GNU/Linux 3.2.0, not strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=f61809b5c258dcfba7cca8b17441dfb6e3658aef, for GNU/Linux 3.2.0, not strippedzlib ERROR: incorrect header check (ASCII text)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRRRRRR R RRR RRRRR RR RRRRRR RR RRR>p|jRl$apparmor-abstractionsutf-873f1eaeb0553b0a5d7c32bfbf6bd89ee69feb83e6bdea72387046f8b3177d9eb?p7zXZ !t/w]"k%f'@K^TDHl]ER񣜸c<mE=vɽ0fBәo4I8y㠭 a<?fբ`1geeiʹa'{V<&Pk-]٩N Ͽ)}^ٻ?RȗDOӾ甩\>GQj.209#!%xweB_.`]NͿ ]`?j#EJh \)"D$^mC "HgM޽+/pr pzDʝ+=gA\@F67\ʍ#"5 7Om"O|~,yyožW*!^fӚFn@Yz֏m"bߐ#0u5]9mwa[[%Q$8a .6Mj n 7Fjk{'J]C3=V;(Ԑ<%hnʸ$P2lU4QTr=?hq;S-;qՀtCPUXnlr]C5* ?nqQ$0pJ7 s3)3$:y$Hl:!Xi(ݽr܃svv~㽴+)?lHa;ͣO0ogG֎a1I`*Yt?w3!]_Y"5'L;zȾl?t,=W mAҩjڑAีsCkkGNIexj?|v}A|k76YF.~yR8e` H!*~z#5 Z 7 +kq=<qf`Nrz,AQ$)zsbm21Mw 0S0y6X P"rU`?Ju',0$˩]uDQiIY/HHi 6躤H:c}tRXޛW!-#H!hd;Y+|"Y!'Kŵ中,z#gW]4FTR!HFޕZkpG/*iAdCX3+n&A0$܀է淋|[MYbαm qb"E8PJ7}M `nͲ+լs‹2;j'Rǖ?栕>3Y.}gʄ}q+Ar Qn:zQ3n$9d4yzIIã@9xmXt5̃(^϶81r]h LSw[)ϴbt Zn| |[36B-j ?* TOG|gE pC$.\ !~(BK1%}?atv-AcUE^q1BgO Z}ƪ .U,wgmQ;֭W-Cl)gɟ yW3]^O.CEP[?$Qxb?( (v; J>!JکEMn?RnJ:;>FJI6N>Z}muklʛ7łi0'A{MVCu&{@G1@twir4'hj6y'nZuco5 `D>AJiC_}06Ē!jތ|b ㆗|&*L%1! B864Q]ПLf/+Ƴ< "O`Kf4tjÈ5+h!/!nux[YXw3"*vX}bΤ'4܈f&**)~}dFBC|iN"\B;~})c#Skˏ镌h50M&Qc?߷09[4yJOqZ+ н15[V+L 〱bg:; fUO8K^"BpZEZŐw@-fe{C;pA*V𚍂7LS̮7`Kf9-Y?"BVRJA+N9.^YUIzyP޶7e!QG88rG.Iq"vVÚz̍o&9dm3s)Dqp~c_fS߰2H4Jkwܼ4vW~!`۰J|3Vn溹|i5߹M )p@­8^lmcph# it+PuY,8Aa$ol33qΐ}6xS=/}J/Ua~#{AʮC)SHL1yGFL'8iz`'y߷M8{饱K{ozg- sKpK5i0 ߃ֲE H7UǑlBy'w\ ޳ #yS M 524bÏ~xՑv) O7Kj P'#R`6|;˼5ir[Ь?<q ϴbӚ7'#&U,hUFy]r{&L4ڷ}>sِ*AјV0>-/@FGybыD8C^2k56MLvAҬ? +?P9̏.R״4BOn] 0_Y'4湥Pk \+!&BLXߗRb&lk`G0 LO5ލ01G1Fgy+ .N LnHmCQL,s.26'4KV*nA%%]#<\@ /GWeIj̀k; &'p$ԙOsIev!J4 N$Ry8ͭ[MPDp/; %t8Lnnes&?1{S'A ~OuH Wk]~5 g]f#J8BWsN(FZHT&ML/>d0ɑ2Q$1H|MOV)Vd'mB FP,my*$/2Pw87 M"}Tcɉ-K jL?&XDN Ϯ|)toՆ"6R3u]$H"pij(;mФo=PFr}k$! xJp%q@2ʬu09 o,_ ?~^+WLL[x(Pcg+D A91ԸbqN|Dx^AXg39jyaB+w4υN@&.;udw2IQL#B2|u:<6O.>9$-0$-'EV?S>!,.|YmΒӡ CyvC%TΡv%ioզyƟB=R%xMB٢+\\ İJj_xyߟk~ PK]0>Z@qߖYtX+ŖH:ÁO=y=}JAsay$H/xegyN蒂ٸXG42Tj"CJv29Ea8`ODkX_BD8oיEP`*K5٬n[ }KA >w~@E\",xe+!_!FL۾OAc$C`k!})89xmUCfH|&,V"SVلB!\ Z t9-ן=πAe/?wc tg!h ULoo3J_~%}ƅcֿSE묗 c,+/[keos;WP8$l<-B2z^/5e U6^iZf8Ʀ p(kȻy)c*Oo}f_yTgƈ}b2Χ}:[;#6?Vvr-i*=#p\*fEɎS8'L H/I\/LPԠ?sv3p+6>p K *,C#9]?{㝿@{sJE׈ڼ1U rpMh- I∮+[Z[OTc8$Hd+9WT3b~栝+ =5\Dcoja=#'E{8yhDL Cٜfk@*kI2z M D,,)9^Xw !1 {w3&~X?st! i{(򝷿 0GtZݛMKBGND{x&Ara ;،l!L}O#,!9JiWr֙L'[oÐ)nSd& SÕ4SÛ_9XNҌnGW%޺4I+p$# p5P<_<syĤP%$[~$x},1K|%R9aw5eqb"r` /iS8tb'mR{2~,L<ÞYr#Jn桳xR$$mۘwO62 E57 }#8;9W,N{yqic :u޹>|ߠKuiaW?o3.đ&:o"z3+6^eW F״o# `q8-p3=6>6#MCv^-ܘ ?ћi5MaOQ* z{ju̫%'nجUe:+yVdBR Y j'CKU.^脴I]LC38.?r K(^O3a> b=saNJԥQj̝6E&:!jEae*Q9xuvn'=oq9A4%wHR.sU 6Bf{C2bE#y~sJ/X6רt ̗ Ku"pwY2hNQ7)ڃ [J_nhB$nmY wS!`qU'6oQjL& ,;8j٘GC(l-𧗌#g8)!>]oZCPCƢiV2+=ubm aDE(Ad+qdjz@"` B^LBFSWA6␳slymJ6EWHʐ skzQyepP@@xGY#.%-aN~'m)h| `̵dYkUV 'RROhbðcu?mvl4شΜa++O{ce_]Ѝ8/%i7k[n5ǵE^]!je[I~"*^Pqo8.M BLA=ٕ\3i3n$&uժLmQ5HQαoCN_=|l*`]F>] 93X=NU= \B=>u+gہoUvOՒ]NQ3[݆0FJXh Ҫ$IFm 3p5b=}p^&`8O3Jx<,G%J۸7P9D,tj@(?ECs+.grvZȍxYK,'9qwq9CĨX;}K4WtQ0cE/8s7?1,jT ]jK)uvٶlN][3 mw9X$\\3,fK }F6hcgE/frnW~ Ӏ5xë%+<\W9xkbXij;Ŷˤ7䧸j3`֣Wla(Z.9w~2IoMI֡.`ĸ5j⻫YPYU2>Җv3BA(ڢn7~XO^7,U%h`/vŃٕ gq@X.1׿i ms^ۼ49x}ƒI+bN3ac1E&X4 e?^| 3ȳUC`٢F2=)jyQ1,fҟuJPݻ6"u\𕡵R>KEi%πs{iypl%.hQ~:Xh(s1kAkRg_Қ<\mAt_0+{%; 3D)V?g;osҵ-ghCd6Xi<.t{q5J-S7ep`o!nq\qbS:RYE ԩ1VwCEѻr^> 'Iwo$B[!/OR-}T}2uk_,>YKN%m6dP -tz؂-#j? _'1tJr7ro$aRo^5)d]'`n0zwtFʤRy(K26٩aYlǧ&5YiI߬84V0 Y# s>G}r[p#*itp앜鶨\/_NVt@t4Wy* aUqATf |QdDVk>t&2HQ(|ۂF wP+to.̘&jL/A6מO/h!L]_;\g6<ĬP@Z t<1$3. xLKxInw[|腳ꗍĤNM{ Ӏ/w{'⥃,@m5SND=o4ww|(EK60CJȳmE]8VfPK}cEwUO$Xg\FIZ@k7_4lά [@P yL*+ims32-)6y=UmYUEm*b&SGJf<182 YCv^Y I{ ƸE볦 . أ`~BMg4g`Ϲ38ʘJ>.xE%w^8DfH.$t 96+)So"OL'qR mPK(^cssr1cO*WE%9]]Nڏ ~fY-MyW8iq8IkY_981ley[' )%c~Ͽ79*T?R襏wicI C1e/zbZ&g%y1VDi[(㟬vVPןV^XdV3Ҷ蜅h96b枿8(1>y:Pʌd~bfДlUE֏Զ̓K'XqŽex[s0 fJ.LYL$Qdu?Y`xqFS'is $Ґ%5((@-0Mi@{MxLeM"~y_4~HT=`ZrG%x-4#&[=Vyne+eJ$29f]B1+`բq`Ǧ-2Mt=Q+1DxE w+3/.ޓmèIUT 40n;,_fkM:ӲVNN4eSuƒMעP_r;emcB)|*\%ʴ?~-"cKQ\iΘy5\E_ҵ [iC۲`IT. x_kDKi d\kw K~84@8]Tș'6OO[ch/B3xu^[R3Fqbgc[ݖJk 1o{R<\e#HM+5tx\$_ejf;2ʻNʃi8 ZYNEb}Υq:qdYA\y]Xՠ Rm[G<` Eن$ܓK&mPeYf4Q}icWM;[Ƙ8s>L'NcL{Jj>,FdUm#mH0]]Tz.z.FJ4 `[c^bq8Ruy/a|rk,oep\^2~7XF)Svsӷn !xEޗ$` Ԗ:-J{s R *b<&ggsWn?}1bذ. PyN:o>J`cfQ^85?$bb"xגX_ [ 2e22dҬOIZz!LM]6 `E #z:0쳏(h@N0Oy>9ZX4׊ He'9>_WIdV@[Zy7sx:"5?8v6fi=K;炖O1?r)|0NAbB/75]7\8EͫӀ߂y-=3Ĥc*!-gSvSW\q* k,ס`ɿB&uFCGCU] ]3(-R}i!V9hJ%'OWafK[CyEoC`uEO<7P`lI$:\_!ǏR l6z kdvSQiVaU@eȾ0d偔wy ~.Л'eO\=ɅgʚG^KM FB?pɉ[Q}~"-W ]ƁV맣8wCp{66)T*vO1<&k?]WPShΤ:1ٷ}rpe>LOh3ULb TyE `K ݕ9-`GFz2CF†_Z|D@/:1Jz A2UrɁ=tr="¢w(@`H*dt$1QB!`!'R-DZ4tI$MhKh)%.8RA{λa2w0adtV)V[ЖHrD͓Ke[H8 &O4O`m;"gI)5-}5!S H(b6dWňy'Iokr(AxReh.1ݒR 5l\PQhhnH(oӥbgۣvbN9乚g%J+"]!-H|LPMw-| 8+ ,Zy O5fB;Лnh>l56?ʲ^089XKJ.PTr>HJÙ9<8L`č0!M:Hm8pTU;Io׋mFCƋqo8t_ANRꋉ;"qJP&T-j7^D" P2ePYZM6JF1u8qCs{uѭS~TiJkrI($6Or-\œ uʦX^/ ;|W "TNnq.MOFj&.HRCgVLݔxuؽJBHԘ1J?%?@"R2D>I3]169 4ݧY\|+ ]b_0D kq+!O 'l|@zf7A7]Ujle}|zNүI,{hدɍ`[}=>}˄{Wlq#v Ѩ \v׍}!-ĈD0{GJ?QQ7v#hR\Ƀ ǟ}lO%{VҠJYsn} R\Lcqݝ2e1QN>VKAf=?wwӤi)+~=然'l$hxq&2?ĸ~j D"IV^As]\X<;cH.t_"9OsQ0*Ƅ9wk?j)-^898;Ⱥ@!^w\%)ě&GsoW}̵m>M-ʇ+&vӠm3ֈ OlɿCc2-@#j]P>*\T$k[lWS= 5Qܫ%e4oXt4 MՠdMi;ŧ.U {[bq!![䱇?kOQRHZ2Հ0o泖"Jj}3˓8$cZ4 ^ mJkA=xѺv@`Ӯ4%f7=ف7g'3q@H.3^~B4ܕ  ={/'l{] n?$"ڏ&o+,JuD'xm6s.tB_JX,n0v_nr"l0 4P]-9^&*(䑵)o ;.#܋h2P?c*BҭTY""'K?1 &7>hȇy#Aq˅ 9 gsP*7u0H!8;{a_ϥ}8XgE{.i<~9e5s% $StW>!+HF[R>:+wBodeWs"?J9F^3 MdD) pUCH'hi&+L|\,.<-bd}ioP*BR.z΢4{DhX'B IQ >[ ^}R5si=_2ph-[*B_u\t(+g7`hntZ9Bh dávrʒPY͢|=l~> [^Q9rwsިejIxEa(9}J9m>w[{tC)G/3C!cy˻u*ꫯY,fZ<+y=3E7޹\o9[+R %IG7:f9TMޏg5QGT|Sk@bxd7۰8"vHɞ]M^R3Hp{('@bZ[aj5Ez 0gQX9PVORtUǓ?ENKYD:= p̾ۺB$(|m 2; E6j2ڧ#'fjK)xH+ Bz= M蕟"0[M-XZ<@#Ur֝db;S۾hӌQP{Ay,-$W,ʊsЅeb'$K ;c56#t.u-hͶ, x|K3.lr|^uc͟jVH ,>-utMm3 /wSN~qc;S3ԗ\!_8!yǫߋ % .l(ZI#|!@Q߉>3S0;exdkyM{83X5[o"w3v>kZjZ7eױr4吐gL>~<U\LULk_K6㩝zFC;i4šnBhVin!EBI" 8zSu+6(?G0eŇğFi u*SxuENᖌ^Y~_ݗooޙ(&>prj A$R<o8ۘŴDL9;-*)g0!g;Fmv6KuSElACk+8ć_7F,҄ oxZymsŨEj&"ᩍOEs,0%Od F@-PT< :v5Whn5׍Ccraqg"û<3FP$U$Q(V.@^c`u@}K)I\lIĖ1G"RC]63~4lvע]*&[ a֍=ҍkޟVz_dK*b e.}1-Jz2֝}%cgUW1UtE6NH!-> Ln ,yt. aJa1@m?Cʗs+'4,A 5,y|LV:V ޷?|t1$U!'VZ}2H[~ذ06tFJ&y9.Ψ!oyQѠo;<@<@9;9HB^QoSrUHfaF9˦̗$SFeѭ9N3kYP¤11V4Ekŏ*9h_q+fe!f< Gw>x 1%E4dBۼҞםd.>q_I h1\v :Wc?Fck^T]R߿o+z켶;xT:}@Z?Vq[K㎈COo6@`Q$[N؇}GU-$s?A+&6؞fVc0pp! [.I[D/\ nN^TΣhtbnFTq3sSvȕ_˅)ѹ__In%r&?#vQ>ika0k!O gONwΊ-֢B|.2T`!"ewIοN@k*kzuq'2Z\&P ;S̰y6rB5>DߐaO;v^L]5B(}bLPdjS>ѐŐ#_0pr@=`ᬙ>6w!7]yAJ4<9J֊(&iAq~?M UMS̅e-'^ sE()FZ''. W+ViEit!Lg S& =\3 ZsujȪY+kRȖؑ+}TE>#_ WNQS'TK+ng#%B@Aߩ]2.8ͻ"Gr9FvUj`퓐?g5l MlNE]GDXtVmbAF6"^du&ty> RGA;XnJ3:['A!',epw+Hm5ϣѴݿI_$p !BfW<̍/P\h 8*99ĭipopǜ ]By`cWѕϽ}t+wIMxY+ADSCYjuȼ>hQ_ɎðCusHK\lyjM2,?`0vkKSp[jli^4}\̻de3#)zGYz LILOTr sǻ+OAlN&3貄vEv^*H^|6 &0c1B@JW{j 䱯go&8fffTxFe *G|+(Ve9~D9o~/,6n&i.b@P/gh,Ļ/ZElSHj OO 2Gm5+[\(:k'oR)j5ߦVhF׋2p˖}@\KUSFkɝ2H|^#W@UfI}E@Pe0ע}!gY}rsUNX{kT|o8M+ؽ13WߢOA1$&JXu-Q%OOs{̍g(/=fJcY+;- ϾC!xô5op|e*[+|qx+ amc\#`S!;]V >H]yxZ`wí'8{wT2;s`Wqv>.%ch weGaF}TX8{Q 2`P*&iNf.)ueѥ؝e.nn nl]̳[jO7mÔqҍځBp}EϏ~?@";4+|}s-#W`p3Z|6];^z&F1^"ToM P6O9|X!xBWQ$(ނ_BB˗"$Yi?C}Y@2jd&%XQQx 2:aHrHh!jb1z{}N(]a!1`6o}u~rᘌ5 {vjo  "nT2tRt97TDjBʒ7o5i#qg^OIť͏=u1Y6;>Nѩe $ uLcel2yC"$nqd[v;V~ѥmWv4)[pn N'')@iѽ{ZR*ޑ/<~Gvٍ/]& ݿb/݊S(}J.< ~v1v~5uNƙ>DL"CԞnE3T~rB6S p KIG2LOR'db\q(Ǜ 85]'_- !MUJXSkU9 +?b{/RjP@HeHǔ+ qW>:;/ ( OAǍKy ҈)c_MxԒtB]'pIMk2{]@iKF-d4̸¡6E\h|h_Nޢ@:öEqJ5n4MV^ / p[_hٯUU⪽nhu0d1;9cؔ:dF+fGGWyԁq M6rqjɏEb7cfPcc E)ROy[ 1ɫP"m&e8G?p#=eZy8aRBoUU|;vuK\t̋.1tƀAPȞ[:]nJbOhM+xn &,R=k?4.1@$!Լ.4qjCqpHVttΣY(H$1m69# kP#!~|T52EpSs4J1?ez ~џ[_Ezhx  ^f9ܫP!GwXЙ')W먵 YxVIjp)H'ͽ)=UDpL&ݼJO^Jÿ\ʢF$Bg i6_}2fv!3!w x9n ]gx%Ipy!A%ԭb6]h#OP*a3oq/ּ+Vm܎{ )ߵƋcd"rCUZ5yxJiȃH%j?@B.u!@rre|+FEqjJ5uSe#0PVs mE$\3T<*ՆSWiMP+A(kV9I.8PWX:&nPD(lDob}<  A /f K`a'^`pF݈UpQU(AYF,l@^#ET7G&A0mfxj7F3VCAV2Vo}x&ٛ#KbVx !3ouM^e_߮&{rI,wQp?ղ$.' ~h]mUrF8 `Il N5 t0-؃2녙>M[ʔ\WYþݚSsFWֲQxullj@/ l);oDWyMP'8X_|/o5b ȍ]w'FRd_3uZ3ǹEۛ@)ԬB%h6;r^$ ̷.܆τWleg= ^W*kPrUgC- 8=XxUae0#"QFRD<(pn] PN#ؔ\@߰9ZfzT{m8(}!lw߽hvˠ33 Dqaۼ#&b! 8[yuF=tMc$م@v.D*'qfpG˙@@gIiU*0)@gb5e =y}&&ݰJRbq[&~s) x*Dw/zYQt8o@gv0Thfx\H3x*@+>,.A|CNj 8%AƔx|T80tY>-t: l9C k3v;.~ ~Q5 3)ovL-W p T"^GLvLU9$LD3răgL rjm+5MIQ'}oBVW6UGD!?#!0دGsG~-idS`;*\ޯC+4Jqs½TYNmb צ8VE/A =#u."H^R8+lnBѶ{`ܐt{\I3:6jru O EQ:6 >Í, ,>y&nb"@x,ffsy<[8gCJF(j"m l`xB$noli:$*EUQ/ C!%ԟ3~>\LF5m =Gf'>_K4MO.-w(!Bդȇy2`$Z3p1%'q#7 ltH K^/*eyU%l8pG9~uf~[{E|p
 VU?7ezp&,U#5- '=$N5@ˬ8%ji A{6<~[5< 2&taugkUV[)uWF= J`HߦުfaG:ؕw!wyeX&Tש-;]bU F( wو΢TcMFyңK5. U7Se:m/o]{^brPELTW+IG)'CsaVVW}/)}^ꒈeC-U(B[՜Zs]U6RY%)elmDPx9O48Nd9u"/C'3}:1{hnky[8j 8^(W c ߭jl2 s9λԷ_NE"a1fz4uDTΎ{[𰨋+Õ:N"YB5<,~)P J t]uq]YZei l,̛3ZTPuH #qmTi&Zs k T{"2go+63 c#4sg|g=jפdO6;ms;nŵHe S[0\>ΝsNI/+Ht!Otu/R݈@]Fe*ef1s 8c8_ɩ'fvA&>$1:tM ͠0`޵&P4SOE/MyvvA;,DƲڳ6zrHC6.ž jqROdZ}-Qh`(S[pNtT_ڼN .H[(P}FSaU0%U@_Kw ppG_ݝεe&*xr; u.aɗفX, [f )pzU~e&O.cӯIΞN{)svn?{"O!邉\@IRqf\^7OS}g*PY( 5|F%Rߢ`GGǖQO#暯FbIl#qoF"KQ* 'dS\!UwDUg|4$`Gd+Lxm`Ҹ,d~'F ͟8Yrrɏcqg>r& d瘀L]a' UD62ῒ4xV8i2m Õ2MdZ%zĬ>\𖝀V}<^XHMdY{ E҉/O?q%/AfzF%!. O4RbAq!kჰ+\6<$nsY08UKݒ֟4*TGh)~ĄEmt|CĨ$FwڣPanٻ\^;J[hwtH6)y f˷jD9Ou{E4 t w%:.?AW: nby5ENYBUKҧ^ᖼ^kܗu*_7{3Y`K8}SRD qȉ(dYkquKEܒv;Z|с-4İśgץ6opi dijx@O.FRA81AYΈKYՄ9yVqQ}`Z$,*yvOï=c#LXfVk`e V#icOU*e?Cc\`܁r뎻'e,9T CgHKiYNDS+`DpW6$X*gl?()ˋO<%LVBX眤f6`0ܣĸq`0={eƇuc74v[v02!tm)Pr ܩ$"*k1=4kr}ȎlnUJ㪻hr1˫F)$h|-K-YE(RWBJ<̷ n'h]56iT_3^K.ϼ: \d LdyfXWܗ0BM8ҀcRHGӻJ^ݢ<_3c#`w*Ĝz^۴Iբ7%BmݬQb,eD߭]y}*7ஶyl{f /?O千j]2'$0g ,"i3~N4wih&": XYNuYԈv)*%@f,# A7 '@#(6hOﬥ\nY}g&>>w [[$U*vh~ VeމetO;48qt>9!]i]l4̒n W3ܫĨ(x,㨻)f&wN"JW] >M>HꍙkDk7& H`g{DdƲ-# ̷#Csdc|"y#iqXp>Z P}贩rJ+' ;2٧^{Ч\N.h4^R/Cx74a0x?1jHlN @ɮ2K&I<<#e4_|0+۳68%Rnt@dg}Z7bRI#~@&j 1 mTvI v>~6ǩf$V3({{ՀM;J>~cm :VE88x/AKL [,=D;k෢]xH>뜶j?'h\XN%JibYR?kzwy2{F/eF,],9d"`qj Ga{2t' aM pswiGj/6<Zq`4L_G$XCƣM3CF474 CSB_4]w)i17 cD lzb؝PC&Og\gf%<W$q#1+4I8a*JM.JE0̔˵kH,QBv_PoX\ucS8̛;yo;+T}U1~gη=\`ٗkɯ2Adl5Enz>STN$#ԋi8;| 36w 5j!apscԡE9se6PzRLߝ,=x QO `֫]5aE͏q,IZd#!٧nh-"bK|JOl1D4F"̓,L"|TW% +]RP4:~,)S='W,Q*ړv5zȼG"mM~`N7EŎ#cg/QhD!-)5ũ`C Õsͷ(TXN栛$ _J.gGw+"Py׶W5os2-ۓ<8.tpT;_WB!pɯ2iW!ceK+'bV+5d^u_o[ E 2ԛoWC}`/ègj'9go1|ׂsvכКwٸR (\ 0--p0&a $x偿>wm~ouF9RB< O67 LeǍ(e^! 5f*/x/&/5<) g/| wtpsݒ\7]lq~c#+w q\i"Z(TIoan$SLЛoM b)w;G2KN4[UfK #"-IWKIVefֲ@uV[4i0f3 c>\"^c1f+% Fj2NUw͕S1/apKCc׶/j͓m)ONlբ ]a};ZeA80X:gwƬHkpwQώ9Bdb.f N7p?Ȱ"S=[b5+s+*l SreȗܫU8/>?~ wa}WA!0A}`a׹-q+ߨA?8_s&Oۮе%aaE཯vlm*or`H9X@FˊS#Nt%?l6~^`s?DJfE~UXWl(Tf {\רSc۟@c@カ3zEN/RngX4{'\DC|a8˝Ej*a#n 0n1I99v$ӌ*I>/b@$1xfBa!N [<;nV)=5wk$ %K `.Ņ9)Q'oLdn$^gygbDw6vP93S> r_LG2tF$Y}``1zj'4y D < 'u; K"A F(lo(}h0zݵuνpnN<6\,O5,aw9*_AjB p2jyݚr5؟ v W03mc"%;=d1N)-u@.*%.Ιbl6 !W)C}P3%/gXj3rrV\:~p:U'6AJOo{ڛr0 8]Ƞy.튗Kӊ>}or_`z wdt"o;I:‰#P6[ˑGHaO%5cz<0.lqp <@wP'~8IU8Zx9,xrn!Anu !:ڲv3T1 \Α- l1dDAPW:LŖ:TpwN'gHk(k9<\:eW>O7B4 A" [jHnvO;^L6g%I2@fc kyA  YvNJOy(Hܽ}Ͼ靆fk!d`&O+"J!arOb#U}Dk@GD0ZfOh <=lPwedpBoJ{q @j^D–)u3M WȲE>& . u$.كbiSRSK+5+T\)"_s4nj:͋V|VweMbR(q hmd"AR=G1&=ů0w3? $8ma&ˆ#+9_R-4J\ř lC^n燰;GVlɸIk-nHnfk%J)-3%kjXI6_~~2 )ܧA -uERrK%ծMVy|Pͪ"9a 3hÍU(J{:O'oópUD  s~(|{.6V;1E*xw1e( Z]r86h%a!\rL~hyWV;tcwS|vmD[D M@ֵ $Q4$~FpGYûƄd{^ٷso$ 0HP-{1/mKJhD<_kB%J}rAa2L*oAw0aA~hK50+ B刟I8r,W A yi}J,v$34ex9,M:>O!R]8@9rrp=.{q#!tѷth&_BB \_BaM|8C*{KdthV4l94tCWYBT_i|-@G.- ~?Vrxf@z{KR:TuvĒ2iJWC&Ŀl;T2_ʺ δ&"B39WOPr | 0 .w\<GsHß^J M$!5}T M4{\i/ᚠc'FI0ijô?WFlLJ-ӶA<P%>!6@3/jGNUH%3?,#ZMg5vyE ڲw9;W([5t /㨻0XtXf.; %3Mz?e^ Ï>#B]yu>Aרdzů!XKET<2AEfY‘x2 ai[EmPz 5uzm\ђDD?ƨ -i>T䇺Tb<|:w4r+|s` >n톦7ogr!@<9+Qӣj !UO~ K <Н36g1[r;ŊSr|֞!64da#lOğ%d0#HWB/h#nBR _-umV:K p{i3}/}$znqw\l_Ěm#W;qaҥ[ r\4 @uh@nMYZ\ȭ} ?ڐo\C=sSD׸AuԣPLj K(r|N~r,+6md}.Y)2M!CC~A #Uٲ-ΚXe$~DP]<# @]ɨ0CE7@5X B16엜sςa., RA̡NdGѾ:Ϧ05~Nɽ8ak`K~ևZy1l)]Zߡ.~ 6'*U[2T؅l+̒z^zif'|,_= \Ij7@JnyӚ0j&@Ķ'H{9^ƯIj o 44b1|<)6/bzcʻn{Sv 4/s85\MS˨AZfT5dvڮ&x&vyME6,/d!A<vOz>rw&T%iZ :3Uvy>`=(&Q-s/SgA^8΁$a*m|VU X d\jVY Vkr\QϹH! 3#"&=ԋ3SAK;V0D`dšhp -}eD&c1$(aЇi @FǩؙQj'iW;81r[qύpU>B)7NV糙r7u 0 v%ޯ.>C+Qr8uDo[t3E"2e(.\^lY@ar_ ^ \E2UoL7h#lAߚqU뉹ꚁMSՂsS9/npbzUAJ vd yAIy>+JJFFgf^A(Ud8bϤGI;Pv3EXU0ppBa5@^++DatP~ ٿAN3=$^L=G@OآDJasYK/?Pe2+4#v3@˳. V TVHuI"\mx?qի$l3/mHk<1aĤPڱc?3Yhx$nK8d/m9 CHG&:6[%Zx\Pq}#RY/V4nܾ;~D1g"T3:H {)9鰛 ITNOT~Bż'Ђ p&Q(^JU7'zZ$ώw3FˀPƦ:F֫bX|]1of_QznPT`hYhv9r{ʨoDJre)'ꝫIJҠyZ UhŔ p]lQz.C,n0CA>4Tvpb,rzGɆ:f},S_W":|#r93eA8h]Ȫd% 79Y% HZg:G&Kkƫ0I$BZsB:M`Cwҟ'I{*%PBedC{mX'PuBu5 zRL=cQO؆45Tel 2hT.6y#NQB.c}dx89n|4'l@ #wUmKUsQHMܺmW=D:2I#z&OQ0/d䏺310/Q "DeMB\aƹxI॑eDt#2n׏Ud$G(2aDb6p5ʕx5:R=NmPXžq![9[ж恛8jw.n*nEY K)]ϡژp$'HYola0@|@?' W͞=w՝QEH1/ox+03E?2ް#^-sCJK\.Rۺr5kXWE-DOd=Ϙjydŕqս*H~ϪXŝsXYӀZF8DB-s{7`s({Pr]N.{R]pZ?1 >i+29C2p҆=Z%CN̨sAb|Oq֞6uS=: P,laG/ TjauCj[1&04ʙmH"i/!jDHxo1g2 Y&h g-= sH2guV )^ls '_ uH5Ct%&Hͧ.N|klC>+'`ytwٓsšpCR80a+|:27[R>} 7&gfeMYj:|cFߥ XKXlTKZ hMOEsO{}ePG= lOjaPiD_PO5 co5K([^>?1q6[ pXWrn#o>Ν+cj{ y!E>Un!hyx09[ScD!E]hbKaƍ;5₪ 2iZݲɻJQhm+\4䲕O&F܄_\/zX;Ka(YF9-ǗdM|(4Qm?^ʵ\ ozm`NiץPF"&jr3~5Ff?3Pqꎶ6,av"_rHmd2MXSoM`{iWz?\8,àG?fE)ڽC";L# L+++ɟjiAxǫn#np6ܸ_CWQ|cy{RB̟ bB 8Of+6X==v5 刽Ŝ9û<~xI=Mb{˻ g;n$ riBo"QD`- /-)Ue]F)14#^"SZ.԰H֙+j(Zc%~K̆i!M[f"ŹGw4l[sխy .MяzN['?LP|{djo SIx160cQݣ:rhԡndˢutPom$G8oI; l$#ﲌMK7c).0IK@:$dX=_vUl.N-vF\O\ 8SK d@.(cE ',akAޏ0G`cjs FZN\rNpKyMRopqՠ%TMYsqio( ? ~7!ӝ{XL2 0ua墦Bİ֟GK{ki_gYɒo wbBuX ^^:@@G qu[J6ӼeM d<ґ(oWhڒl& rDq|4R].7$^#l)RC )$'"9gx~G$E91-*ɾĤ2ӫ U aPh:$ؿ$.‚tFoĂRRACbDhrGinGSusOԉ;`w0 STj vU3k "$0z$Cm\Z1QRWyCHRɢ#F) 6 :QBW;e{pyf"πSۈ+JׄnHXFVYKĮ$/,Beś4o@$¥/ٰcxF } z[u̬zzBS}H!tNn HCܞhmY 6żuSr`p? $ K٫ct#ƋzF=^$:hw y7LAm2`}gWxd܈pHDx0?Bϛ\yB,MwZEX.ڿ ^XP o茖j9;&H .&M O`QWEn$IW0 ^^.7̙Oc-ޣjwA-~M1uD 0=+76G:HF/YʿAwX˯@÷LwwhvUIp3Z΂'rZoh0 9Z;樔3w}Ƀ+׼pV_nFIM]oz7ZjS *WgjBD-ё*y6D?m7wnSwylrƩupN߉_g/2@35)dL/!OӚ+uWQ$&S=6OД)Fh넮~OTEi &*&VtKiib8i?I1znyJvx?KsXŰm~I@k4KFk9B8 ¶L&e`5!BM f@ଋ[u)b!b~s@ e֛uX׬@Š?wmC+IQ20K?L68Eq+ܟ|Nkv J˴CHͪS^Ioh`(z#IRȮCcJ5bc=%RxB;ptØMoK}*H+ m쓤7hz3: ­yfU4柢ox"~1p

:{|zն- VrB!E_B×b:A~ ףEH?|֧e9]Q Pv`%VAg:0=4T{kE9\yjq_{ -:vQo#z{ނIn:sn |'4ޥDB:G*(mf"Ϳh'jڤ^z#N:*I-V:KN̠3ޜY߈0GW o &<}4/Iu6Ysڥ܅]2mF +`<呂>I%4CI0OB {Pe;Ghη=vIهD*k%v4EM&yiZV5?xcb7Iؖڒd r$݁A,ȢSMG¯C{J=0TL요u.Y{iAT$ El0OӾ^ Q^ aW9v%+uEx ƐysED60 mˆPL+[0w۸H0%0-uo҅ENT%wgCrp8<-sf&%s^a0EXI2AѨ|'_/nZM6 kwՏ|W4~]J_бdWWT xQz!A64gθXO^ԧU.#m}d%AZ]JօS9SSXSg|?, 8>L1b0a{ZopM:"5w{ _E:(Rfb{"Ɏ %7A0TnSk, Fi z`?f 4rqcÚ@кTZ`Z3s=IuGWewH}]%!q7]2reLqd ]0 {ҽnuBHL q\zdQld&UvHӌڂQG{m(ևXiӫ _Ӊ:QTZPoݵ:/]"`.j&9P=Avx.O}ۨ4*b}|PsGne^(эMz7]2pnGAçN~upxD=W/b/j):JгRbAlAtDlsG)wC\(-u-YW+@Q[Kz|7ǚQ[c+w?cGb$Q2sܪ|I .lxB4=1Ig l"f_"? ~B6_N>'|˦;]ta`z H yM2U) f3ʙF|5rF:\ww5?pFg殮"?åO^Pb.x Mr+"0/0fV꟬SA#H[Y4*0LؽRHtKI@3vJ<%= U[Ff 5ҟ le6O SLI tWldBTL"V(%w8T>{X~#r#dqQFb?[RPvIwoW'Ͻ0Y6X c 0) jb3KW.8#":jQ^[?_L0!ZǚɊ7}GƊ;ڛ?1-_:Wl$~Ńq Wބr+{G =uw,Uny- V/~(Lʓ^9poXHև`TS,<3w =)0m(V">|~lHtFEfC>#O/V{EXf^,4fP@ Gȧ6Cj;Y @(\JO?8+3'<5=A I8oR(%i֯ʼIƫ_ѡ8_)QK]aucʔ9J˱g [`Mz/(8bˆX&ȠdCu,U~HȖR9~7:3U:BQ4ѫ[]!?g>,NcJ}z] )`2MNRhIuaLiN xp0Wp`L{ZP /iDZU\`0A$vzEWEᙷ>mpU]FAGy@<*<|"h귬nfks$V>w$P] vv͔(BuM t0jzȆZ. s_Yzo/ÉW.A/ 0rG!OWG2W ZpD-  ?[M|_T5\eL,3^)arIJ>U)pemzrQj-7{qϰdlr T G.W1Eo IxxTKۈaR"亘_),گ~Q?mgku&`Mqb|.?(zzSE)?!2]0פၔ*2:,VSN}ۿHZb6$>L]\y^"6nr1\wQN,r/!9 5܈*wȳd%ke235;Q22Mq:J,bQ{"L]9afvz`X"lP3`1éׇ_:Sܞ?ܟtHECh@ZجeBO1K3nPmpCPx+ xyNH'W 3\j}ݨlM$:"s1hH~4 Q 4998$e2pF5aF̩mNAP~G*ClLJZزqfuGewk搕_{Cuɨ"0;$6a0qol ̒uh|B뫉p x2GN2ŒI[6#ҨxFGz;2cb7 mkz ?Pk{  ܸUTY'}+[vP*)"֨q+I/`}qN ]JSފbc=&)Tb?tK!m֟% D7bû'ay7G:2 z3|?ꞾC$lES(DK]QMakOU]Fg:]-hW> wWAҶ]h{zR1>6dۉ+]|ea!wxcwQ:uD` ;be:.Fj.Mqz.ZwO/j.Aõ,^p;GЊi*J|Sjќ j!mˈ,*03͆?ݦ @6ߔCVo7=CUW O C\pSuC7#tz)x7NJ\8rBO{QqdtqYN:P!4| 4$Bf"QTt28: vfCXU \344mw6D09G[+&#Y2vj [˨)ӋsȠ:g]n]e$GaxeG<%84wheX(LUON~VPc1ctXxu:K\vȸ?…0zoVP;=:R:|,kj oHi_&bh&sَȏcz*݆$bo&=*BYX&[e#iNP=ܧŐ,-?v^/0܃+ WS HF L%; :GH5(EzRS9hɃz tqkUI+yMTceV|7&o}+bɳZ / kF'̩A7SNgRP蘲HE{:$Ѹho`$"ay^yQ'т&?݊nI:(* UderxU %լ^"y`ȅiQZx#9 ({?{ozSg2{b$!Eb~uDI`-VaXK5ۋW:s)֛R@n=Ř{ :l;D%8.z':n7E(( &,ں *y$ǮC)\=*2`Bn\iCduڦ߼2쾤D*w)ϩJ1eɏhR[Su_W.JstԑXIL3n+tm0i |-K6Mو 'Ok{/&[ނ:)4eG~P0EPƞdkJ .D FS&ڐ?ùX{Wϼƞmèzx!&U1Lg yTE6;L:r P<"}>pRVSl7 vhQxȄ ^볹$b$YZTpF\BǢφd% OKHBӰ5Qed_l:G<#ZcSh;^sl#ԙWQmUR g݆+_?1/azMQ]\B6+Еv  OZŐT4<80-1xA$:H3V’%Z.KSwB+χrؓ߿K .?k ϓ6>Iڑ1C8A*+]̰|>H ES1bTϚC; /c-9=dht{?xզ.sL!Sc_u\2|l׽KMtBV5ޓ & ߿IP^|؂?ac,dH{ޤ Rzbӷ$7GSMyeD"-bjwLp?eFX?J`#Ð;:}ʙF w`_7=+U=I7y߿mDs(GI9zkCW]dP~r *K@PH7XTCC5 aZ8[Ϡw eptLpycdA'L惌ˏb373Uz\ʶNFz{^o " [Z35r /rqV,W" =)v23l5I AD ǟYT(֟%#Ƶu8 Ԡ+L3\և>&ȔDdϯ)lG T8R_n~AjJ$ Q'y*m <)-#-K)@{hcD.M_~?&z]W1вܶ-w{??mS}2,ǵƊRrl[ 鎅Ky9p*)/\S=Tu9'yd7(iCaC JHJqŽwRo0[73Sz @b:L(L k{Ϧ){*.Zﻰe†~]8'ʟW{Z5, r'솳7,QϽ}/@$385n_ag9hrFo+ŨmnZ̠OܿFB}id!;< ;ˀc9m cGM^'u8tXm#1S$zģXPGoP1GƷ;{VDؐ SյˍLkmtidhU2pm`Դl?3mt' 䁵vql{c E|%~m;WFr^Ͱ=W cSm f=xԋ0qF uEis`Mb kD \w`@3x@ɔ?{q{siY4m@F=yQHq[&:jowb:Ӏc (Bf Ϫ3!haCn0n@^0aV wV.mӣ"{ \ ;I) 255E 7TuI,fc x'tgSFd鑖DeI)UTV7])"_lӇd+(eta/2.Hm3y#'D?F<k׉7^{(w"Zp| o uXl*p&* 8`ކ'|="W *a dR0ܷA0wiU{h UXZNUp{{QӒ8Nk^bqX:o2iҦBzSv4\\HWRG 4}Ub x0eSVv4+I!W!$, !{VR$RRx$^"%%5l p|zO32,™;knAX eT,yBaZuxb!"~ϫkQ jI#s jnRYǜ,;bC&<4|œ"Q-OY4>@F>XOU,{| u }(Ӂ0z!{=sa~b`_MFT09YZ;|/N՝DKlQX6pOtw8JZFFFnHPklwMj A2yCOq 6OCr<,[N_[Um6S9-;4Db(xN4‘W^r~ږ _'.Ĭ8қC8t<cS`3ՙ/=(IU5ǟ.dP@{}ww %xL Jy~KrBCOjzb;?PDf3Xے܂?H'<6PN`@^Y=55r ${m'zPtb b%sQ>ke;Q&R"`UujR$H60DA' ڱ07f /!㍧z%(~]{MܫmOv25 P]ϵ5SYH]2h04{Ms܊U{WzEM} -y׳]f7_O=>,XSsA"D_BQkS/-N k[I !m2bj2D 9Q,Kf=JV5@ T?FӮ%!z%Y7GeVxLEYg4 a;RL >[nvcP[vig :H]d ]PxY<:V@ o2Ζ νU|/XGWZcA(O5WPS8PD28Q.l/]vmحC34 ľœ,R=Y(&_ X;el\tGȔΑ$Dn pS4\=4XvVƀ+[&vgaш ! !M(d)Z2.%44%57a%5U]8ljε"aVj)VfqXL"5;kX |gG!ٻ+_ q*f<:l-kM,kZn\LfR7hs%M1D) UKʀE}+KIb9Χ^Zf14!FIe-3>WRd@gis:)𡘎wlR9}B]RWav@^~`3 H#k~.d$f֣hV6mLقOuT2 }F+ s~c:c3 D7n{"#TIC{оa86@ӻ%N+m1CF9 ي_耷C-H7ˈV m_b5/)9(sw9:)Ȫ<Ҷ°.7e u੸[7t1 b/tCi*T/0#Ł3=)k-L018cbzxa ,I I<@SeC#6 77yCF,D y8,g[f\dO7.g^fP;CZF`q׸Kf7?Њ3rwp ι-^JEl bT^:/D$mڢ\{> KWStVw5E! μ)C-`&fհyuRf&G8XeujE5~ĭ7zxgl(څqDž"HvAZp,0`mIbFzs 94AƁML#|_%C*^L#$ECƂV~p3f!0z@dְ_$5Ho s ?OOzEGc;%CN$Ng]4ݜ}lIUqy-_+P4kT~~Fqd;͇& 7.bܤ%~W~vt~ enmAKG9ɣ*-tZ۩k }}/9pp>ۧRL/UPq2"9Ԗ ͯs!xzIK7 \ ^4[mf{ZD-  S%p=aռ%.׋BʏHgKq8CO`lR&ss˸,1I$|]Xт7K%%.'iBHs+%qB36QۺöFrT.[8jw}IbLkpuq!fowesX+jXnk2 #7a>oDY.=k`ܓAX/. Kw6ܬ[jܥ0eyը=L*TJBuUT?O- FޝU˚  C4snj8q g ,-T~a&| Ú_@dpC`^%w (^ h.V&]%`8D9{Gs#2fҪe=,@'zպFo OYVs2fznrΠ܉' LZ)">CvPס)Q#鈞*85`ވX4XPVP_Ɋf48sB-$M@.V VrlFDU+tR?Z-<ؚ!=} ܱ>^'qUUiA|Ű ͒3Hܬ &ElN5DsD\ggCMeڷoV1חW v x'CŜ.5]ݸ"Xx ?z@Ug)>X'['3MɳTRCز㦽r@FOgi!E{=&psv/i-*YUS+ D0K 5Fug0_hRj>oAo űs X{n'x)%I^ 6Sw_hMk?PݕҏKh[`Qi=[]qGs\;E!{V@8%`1dN ELJVI[8PVP+ĩL))9iV;WN髽p] "s2i¥3~U&i4{pg.{.) =Qv ?Fﭏ'[mj7q_(t ?Q0@!Jb]RZrJ҃z|Ȳ>{l_Y]>8 ^sKwIJ=@'ŽbFWMk ~E@([L[?09Hy=Ko$ϫlRYNiɚH$w)8Όa}ի~%p" Wc{>?iA;leV:` ΎҀ@,Päs{< MS a{_6%xK=LHG7HD`h3U@UM~՞egB4?;ksvEʙ.f@ڣf6]C7({(mts0StIlXA#,&x<+0ڨvb[ǖ# c0)jg?eV457[i'4ZDnUo=͟#7R:3!]#F<]>|`zf9?ﲬeܴ\b`:q~@?'C\ݰôo2pJT?Om؅( "e$}Lo99S*xd?`Mo3<+)nPjHa^3C*peUEPӯn֮ Fh.lIK00,XDw/ &A*֏_Geѡ]"]7OcN)SFl j*?zeF! $<#(d 2˱K'm*u׆-;#}8唭EN:qEb5YS`8aG-2͍t:f#@RF3L>~]` 75gF^!0Y%:݄))X7̰e@~$d9?FM9DSႪwx.V7/pd;Atx譠ԩMUj9 {eHҘoFȃsWpJ6 mgOIBHÄoOI=q0#%⽃V>Vzu©6FJ]ټ%R0'f޿d6Le@vGDUa5RqNuF9 $buql2*_pѩTdl> - к-嫍vAꃓLz`t³?P-HF4Tÿ&0VURm/2AlOOb`1Un, M{-"FrɆP_ rGXsf[ "rcqFE`ZA_7^'—^[㊈Hde5u}CO`/1PQ% ,Vp|TFH#}[c$Co8t `7/@W[=y$I1Ik5W޲}4aR#*e5Gҍ/u9 q/lEY6]u;J`UAn<'+Ot]Kv_C#t :,I) 8fQͰ,Cwʛ gr/ g/ME%bNJ% k>8U#FON>i\p(~l9ZUDZ֭:}֙pb{:O FfK7E^4]()Σ—NzE6]R,o5Y4ۀn`W,>I[{?i7ZB&T˱F xft SFR%yk7pc8*6rN &Y޳-.|UpbgU%гhny*1(GgR%jnA*Z`%C' @T7D1^߫Rd1{1 GZŅ`MUf:F(tWV֮t] a51Us7*RxFBF^oJNΩeǔgjFrdi 3ܸ~' Ts[ì)@y-c*sPV#zRYoGO} ȂX-%UXQ19^fb6@&f1Š|DBvɝUB|NXW=H"A? y Ee0hBh*6EE|fBvLsJEƞ͌B&Χse}gZ$=rqn~Թ{1iɝtæ=uareVZi#0pQ53s`p`v ̂HoM Q N; 90TAN$.iZ~1@7d꿶87E8w"vgTUH.dYc5X> xbM ʮ@AЏpqs]:y#)`4-R&p#ºU_M J@l.)۴DYw8CIKJQU-e'Z[:&F,?DYvPr@̸|jܟ"eҢd΋𩘛x\C.](@4cr)z- O_ (震KA95M w`z;X< Ǻ=*BMld%!aҟTI( l%]g bl'jUyǶUPW]jl>%!PeC-nRQrԫѾ cnCgr+MIJ֭0-Q}p>ni(g{tVU"kk:PiZs~Оe}x;`D*#{an5Mc .{7M)whޠ\oU1E5?ը&fF)cߒxQ5"O NhIk~|8M~T|p I_-~{5kg2YivA!JAc=$i g~>ڙɌR5Xb["`=n.-pgԮ]Ͱ*Pǰƪ?WdrH<z2sӕ-:+x"Wp zu^x], r}: s>n F&#Բ^IN7Uij {N S;qE$5wwOo(ՙ:ya!:FhsSӏx*i [x55{@!g@EɅJ83^7Hqrw3T p+@gm _p&urp66Ov."jս!F ¯(^cRQ944@^HEOVwQR猳q%ͽG ,Nn1Y'(S|!Ǖ620= z׻S!g'evc7jTV ueyGW=+*b8V9|3gp [w{|I88wڇCҧ#zļhvKo)bR>&AB j[asCaBwx44`Ş-"oѻ!֣c_d;`5AnNهaIa*|4s~X8h,t K,Oůhؒ?]6AX њC ~ULg9y٭!3 =6|ľ͚oŝZ\;K1T aK?K&WQU9:QVd/;>Gd!G}L +^rN>MWӳ8oE~ !]:ӯUIJ[!35;YNtZ6y:g7fuI 6Ag650.5}Rݱhy2p!f4v6Fw$Hrdp\c{O ^\3z@rX֝7|Pjs.XWZ+|ϙ _KʲvϠm\wa'߼[0 #t n=i“6c;k\"l2I&28TJ OH`_LpŊٜ/NkHذV.i5lx 3`1>%?R]#sS3K{? / ӱ!Q$EeHA5fG2~24L0BnplHe)I u=>5ɬ}nGL x 3-F*t8~e&mKӿFWj_L<ׂ;ſzDr}vqj|Ѕ`jrU7;K|SɈUSltLo #B0Ľl$1q>0&wyܓ5caEfVl.thͅ>) xrmBkDX&Ni 7T)hΚV%o'HF6rrtmzq+-z8;cTۦIF'N1Q-nAk>81 .Ey VގĤޝ/HLyuM%y+zCF#YVi{&18eŗcoHt18?ՎbPϨ,S BPT~B%ӽ zdW#vΟV3h'\-{G1 ])r@GJB5tg=.Hoci'.B6$]g QmLr܂J//%7[3Uu/;8-߿{P 2G;xf{Uz,PǍ/^2#HRaRs\?T({+RtEވQ4i,z8ZM/O8Β]ݺQP~Hpo>휣>lOXӄSTƼThZI Ws2)C..昛(apJ߲5O()M`L-=E[9`l0j@ !JWH7ME.IoʧuQk\s؎RuVV)( ^ ^&_0)DLA !Hdͼԏ;;-ȀWagTf k< ;V;ԏO$-a䊩~GGcyu9%g 吉!/bݮa T韊=CV`˜p#/^2R x.4!bSu\T~ v \eog.{-&:5nR yTū&!Π(9a|, Є~+n_>wĹc#*,o O~~5E/kyRle$si64WvpZgw817>#εzko);4l@o>#&+ Ձ<(Nq,LDTd|U!U+M9, C8D㳲 x^)+ %~1De C>t?g*^ҌIы#A 'f&]&'+]2UEj-cb4@V-y{ɏyEϘ*?wMcBh9tjTt7l*×ţFKIDxΗ/#u·xPX^ΜDf7>FEh UO<[ Ӄfob`)d5WS/Ҭ@OQfjqӌW=}.]qj½!psP@|OЖFϰ!JKbg8XҴpw=F[œl3]%1 |*8U:+- IGXNk] 4:ӯt1j!wO @m}s N|9_Оn *RƍF=H >EN. dh>GLUƤ&\_ dn tQ|77oh)i ZQzOSzvϹt@ڣD*QSAӖ_(4bD0/@gb<MjOnNc8^jt` SH ` sv7q7OEW=2Jp6hw,|BPH Hs/C!8֧݌SnnZ(h;5C#x <㕴XZ&w|" jsdwGbo3u&7!E\-]f'A 95FlSFT~HY"DGkt# 'Z쓰K=@,l!\0:OȔ\ϩ4ygNhԴ[Ɗ61KwօHhs&o^.R1sBtNMѸD/M:Ĭ3[j=XrS'IsSk,*]:V5yj0F&|b !PK *\J .!AL(yëVH *暨CBJ m@!V}y~~aU[Aݜ c0FZJq:٠AƳϨx[kGfQ`~3YZ{+HK%5QAvC -(PC-JTA,8dg])?+=R~n,!xE~, hsR]I _COJY#(BOb*%H,Acнa"l*էRnU~ w[|}uuV].G&AG1xjFѤGD3ңQIÒJE3dݸlH?U+9LqjvX*"0ȆvMK\ 3.İf bߵXdy&wI͋~M;6Q" $< t:^\# 1 J  X+h3 u_O0bS2KiA{+[Y 7#<ͳPX3, P !"vQY?A_^5 c~5O zSD4>p# a%nFz]ŲpK3zѮ]?~aR4_pn!E-}*{NPqGT!k*Ӵ.Уdj8Ӕ+gAE1E67v:'bW$'`ȘfRWe 2]ӅM:eE>T A6jOY#楩lR@:~E=2dWhnQR[O+Dy|!ǁ r )(E4o@AÅdz$QwtdcTC%P:4mA99_~UZ @>@AW1uk[qbWLFzvᕽ Z>*D+"qkA?䤳:Ia ~8ZShg9jRxGr ^mc+$t~յN--Jh orTO9Vo]5vח_}8ɹ~1d%E樱Pnz#{>Bq9p,r8I<1UNGKL"FtVr c%D5`oA'-l22Rf'CFDpɑc,&[JLƔv[HY1t9~/``[p/m1 .oPt5qd $6F?37>vtUgu܉}<ʗ `#C~[sEGNx `c͏-Rn2Jgiw2"[4"+AG2#͢oyɏ>_}.UK7ǀD륟|4swi*N%OgL1R4*=5th[OW ΃-_L'r,Ý/q3~X=k[@GUkҏuFܖ})Z^Uls$ `_ ā5  f@) /C)3QwְP<-j@9!,S>^co%|ytN>2ܺ~ѹ*"z VQnR32!9MhednAialH\!U@c#벼ZXz2yZ]mkWq_J"̞H-<ԉ1^@(Oův3$_RBs\`JR_8Tꠊ× ZՊX<!/˨ilkzϤki6lL;:[77(oVUsy혦h2;C6Q.3 IX$h.A8"6DX03"!}IkYEKZē}Y7 pQ#|׋u,=I$E F-M-sxrG+bOЕپmf͆ neNpyĩѴUm"PT+:#c!4/PMZ=$f`]LWdyLoVIyߩ阽D&>;ňUi|>!s3u|0)$|-Dgh_|`kwtq=idFr۷f>n@+uBL% G6hzԸs0{ߦey){ #4$ 7&Luŝma`+- IEGB^[ة󡹵`BӤːgkI 2JñZډ@"]kNrZd 7ۏY|M)+L=HIZ}z6&V&O>J m!)tuMO$?EV; SMd8* ~6_[yL= hH]y*ծhY!!gFh_ݖ29%V1_D; XiM̴_0L즖b}&/{|Z4+cˇ .ڻQ`|C$7ottD S |(z +TvnG1}Ws3K_`;SG McE6'Nf%[9ۋQCaC[]ϲ<56܈ m2u `X*/@J^*/5~ݿĻ/᳂QTD'sZjر6w,Sz'=źT!:b(TU5=jxyYsl*kiޙ/KJfa6a eսXZGfl9D M&lȍYRVx4'<(SۢwLt =0 ;YƮǹ)ѯ9exZwsxv-N[M(A}6 Nhh_b{!@؃Bfi719(9$T#i@C:܁g^>ij͆ {aL_7y_ MymQoOyi(jw~.ǻ/ 8_T'blo~Otx%Od|dSl2cEo_[dc|7. GlNۭj &* )!8$K vhsOlsp: 0ι\ VF>J6C{DlS`')vZJ EfbւokZOGt vVSt5YdHZѷT*אN/h0y|(tTpRDbIeg >hCȇ3n$"R?`y1;,紘pkzu1;.D N#|g͋CnS!關;7 vz rl/SY;r0bD^_íDŽ]Xʌe+u^rpa1\iݥ6%'v=2I%7mח3`רlk:}H'n7 ;rSȞ{Vp6i̵M3o2Z%&'#LxJJy{gV ?-Ym ':OfX>/sNpL<ˑ^GvoahcT03|:CT?jGHA8,>jӶg]zpqaaDL qכ|KP}XL[j9lA =*/MX$[fZXj΢Ɇ?>FUy܅=f@ԍCjϾ-q}Nf'xI]nӇ% <+YV BJ#WJ9@ﱓ0TiUvL|ХT-ĶwpyaGrKm4D="]6ЭO/KօeRPz4xZ|c~v5@aAcN]Bivg4xJfj{;@AY+wNfpx](ȉi+'O?PV ߞ՜&L3+HQ^;LBFj!`ߴI:Wg_1/=;wcrKCAaY^㊺/n3jiw&B0DI5=`zfQTeظ ܉6,z79 ~Zr?[VZ@ >5*ARrgb5J0LcH|b)+БǪnY;~Nl,5V-1QYO=l+Vl z>LνP,+Ș(L-u21):a PwK=V]ق!}g긼u:&oKIit9r1嚗0FP-G6U| 0nX.sNf% Gq4 3\Qnꠏ Ǣ_N @Bfh KœRW- A.Wa~gW;&3Y{,sR-t> P4DGUJD;u֩]. 7]" ;7?4*6cݤGRȊ:Nk&Eѩ#@N!X' e㋸]uHbV&Tto!UhdgYg2:}F_JXPf~-kvY"x-]l<"JPcUKؐ7dtR'c08yue4kgQ! fۛsos'6-^k崤dO2k{cй|1o w8b<YXn|oWtXi+WE2.!ST l^#}I"n-/@ Ԁb :b*Km3UZW-+Geʎy4{O/z-":屠+O S?W$1|4Ս\:f@me~m*w6Rijv!eB:bοX/wcb9o.΄!2hu:^6ӕbݞw\2X*:aOF`""˭!be.0J R)e;#3dim;CRg2EE!g'b;[[Jpg"~ )ck:w\McX_4mT==QUBJnωEŇ]=lS^TfI WfC$(EoiK`YtmwiICt⭾L.@߭*gLeT":LaWA*m=ct(k4@Ylsh|,s=n+ijԳ~͓Qd|8x pm.zUI|qe qn$b"woesWNGMOo%+1hM9 HΥhD Cr-i׋0uIOr)Abqء75:Ӵ,+UFY8" %鰄 $h`ytpYHwbEqY)>EH#cV]y1'wM҆ ")$(Ӱ䮞Iqj&XDhLx;cMdC2Rve }}/˙Zgpfe. ^`0_bS䔱Pktl&xP w#\(Ck n?XH@胱/(-!ۄSȒ0(ɆὧSm+M4;$rQjPG;EcT H25i%Si]fgޢIRy i?x$OYxqϻ+&?pZ*ٯ "L:nڇrV A~Rփ&ĴWa_tJ-9tߝTp8; "ׁoi"S΂RlԆHqѐ ˴Π$ L+i{4z5]H> V@DH[ mMW_o533]{`En75~cA}7K9#^qT:vb(Žf d{jȀ(_ְDϒ o*C$&]2c{"wHW!,xbmdPa2ң_44/0KޚB$ƢbxxSHZdYj&|QG6)GŎ&$ӗ4cCt,ulf,Kx x=N,Whm+!t[=АޡD|&ʎ)/=2M<ȭx%4I >n5INJnwގA>9.A:/M4 JY6I#/E^~R_B#L^G>#m eMٌj_h!ix],>[7,br-j*^Eh?2͕Dum {ӟ?9~JX+(0K|Aqa^tlb_nb{&mE E->U~Y쬗0[;ܓ ~Ü\\ %=i8T|´_?F[q+."&/F:޵yiӕ /W06\t)_QwyQ>oedBޜ6\`zd1=ZvXjF5lӔ&@ނc0Puc< oy %G\(5Yԃ_LƃA5SĔG6qJ9K`Z>cdp[Gu.KP `ʘ>BP.Նi;~۟5Wd4y4Z݁8Q`DFѰR;| -n1bD8r.ch$ԮS@ JhIDnUE`zz@9H'9ѓ\g&)x?/? Jcl;#W@ɧݯ $SJ=Xgރ1Y0!}vި$[j G F@9t^rɰdF 0^H*am;!b'hVdmYrS0`r+XΊљ{IV6"yPSJ\;Uw)FXM:toRwӊH@fs"6 V9m"$TbO<`hŒb a?RM1\cxG?X)k\kz]!L+;}ޥwjHD^8.Iܨ1'<,EC8_N`xjb^N+$Gͯ(SV) ̷;H}y2]]>ڰǵN?VwW;+;򚎕zALG3PA`oc\38čfW1X?Ncl;8F:[H~tQ8r`6m' dC/9ohgals)^U|'M\4 dƏ(O ACQ/@YmHzP+NNsg{!2}2zqh"!_|Deְf|;RQQb,Dx h6<"K{ Y@ l. ] Y!s+NEm8]17llMN3a5dŝ5N =`XPA*f+kSᾳ P.&9SJ d5&sz#K`!p- >EMwMvc~*W[V{faT 8IAoK'vh;׺o>QZ$t.5%k~wt眙Kβ%:E0=Ug,?qOUßh/El VZa{"${ԝtۓΚkc=<$G=4W(`R'$r8um)pDvUSP.c4շ4[6d\J49ux8wA7[4~IWo'5M2SGءe&bקG"4i}eVXXg#Мz/=lt6+']`HS!ay'cف)ؒWi4K'v3CއUBT$@=1Ĭ3 Ū~MڮfK%!#hC׌uBwAkj vhg'%KECTnQ #.]pQLFQp-s}.qeɣF9Qw]?f*۸3Ǝ5r`ӳ(lclmLD.IL3А `C,Nk{Y nj >!(GZEt`'q*ݱcdl*t<  ;},x/ acʥ ԬV}g=_%p,r{szuUйe6CP):`< vDz?bV~͜%,cl(~ZOYL&XK)OHp?PЎ8ԲSq>@ŋK]dY^\dʀ# xc Qg/[nM$)ֵ_&.Ҫ] O O? AilY w\!}GZuqzP[dQ|gנ6kKmO4j)U-w3ލW*AV6jϪvYdpcW`M%hӃ@{]pO8؉Rԃ)P1Y$nHpEA*D]Y),'.E ^s)Q`ZӉNbC~"o>lDU 8Y~#U }KZWm4cLH\C+&FËa?*6r]-SMIBw?E|צN1S=10fO1oX Hs4x3%+Ip}և$l\Ϟͻא%mߘL`/[Õ@QBV Vp˓,'i>=:[pf ߕzMhm$ڒvOI7[If}tUqR-Vxo u;c҅`,U*$w++׵:΢!o R igdBL (gg6uDl .7,(,SAep}+ ]aѐJA@XqNÊT*wv$=Fh FC]S~WB\^Q)Rks%q ʕZVe"vZ8ovi{rbCN:E%zA̰.Ifq_I@i)k1?tߎ=]Jپ*n}!LS…<zC+/B`/' Srd4J12 a )Ҷ+Ii2P _Q?иL} ݱfKq .nh$m~gL s$EY}Me}hF9t6GXK\H:Lkj ?y!'HdOVGD*rˡ5 {uB--sp귪k`>WOSCGO˅l3rd-djޮBvț8VXQ&wAe4_` ½B VYY xUxG-':2ջo\HG.up5smH.Č oR%6,4V𣢬 C2hEau9jf6 ɳ,RĶ "|0PjiT&"Δ˗3pZ?B@1GaoN )$8 /+Jx@(9b"EEUJLQsnυEP&k K qNHϓE@_rV25H^(@c"*r:Z_ zT">/ľ8)+j9"èw9-oddCZf0SMI69s_~)} &fĀ3gf@Ϛ1j݅*"q:Yzj$ZMz땗sփO1\D0?oMW2IzKU@x;PU +:Dۨw=`IFtM> `2UI2y(VN \L F_ w̔'(H 2½̍N[ JfHC|?pG'q5W}1&$nȵ{4!F[_J=-9L mU9z d2{Q/ժsHTFacÿPO H׫W?CnJ?2Lp*!`Akw0Hf^ 7$˪3 ƒOR" u?{ѱK8(W?܉%T5$-pS⧽$04BWM?e}L@:2@D!\;/|Y{̶$\L" 2U=B“fB@Hp9V eq&s_t#{4PxO I=W[ *웊.Bի}b|[.ݠ}dK0Fd1@<`MAC%:'B܃3aaqrP%:s~=ʑ!@ ]";n#ª **ͫ1RP u% Nh' 0$dSSR-'Z "?܄[hpYP4R %I|Eje 4"KzFN&B> Y h@33֩ ,Qy~mc F*m..* 0]lK}l\mv[ֳcK{hecNUOV{ q KM%5f*Bjτ)iL3:ԁG23><޷2l)4F$+i%xPѲ^FB@je8XAl~4lEcɾ"+ ON"Y! u[^ |\xSt-2dpv] l 4h|vƑ7>B:ʿȧ;[-m7p\w۴dKvS#,Cdz (AVgr;p OP@)kf2ې^ѹA 0$B84\īN oN#i;/8l\r 3r~̋ZϏǜS(uMaݞPbЇ%8{$s_PnH;ݍl'%2p.d%dtܫTzE덦oqR=~ʩR=/Н?lsV٫ԁNwf bB[GQq.kI.Mp|6GT.ul;8nπDcM葠[a6\KDHJ87>ώ2Q#9e_=dSN >E!DWu8ܼĄD HI#e4epBL`K Lʙ+%SMUܡ+jUVXHBZhG*R8U@1Z~'o(gɡer p^}J+ch{g~-f2z{53³`BaAEl ̬w+FGp6&FƵ_%ѐ,=$90զx F`?%>/ _qŽH?v'/eo uE M t)H iLG6w>Q@SWHG@xlf遱SV"Xj\RܵĆ`Q;Yᙤtj3?nOdAs6?tnYrD9Ӹ[5|)e!eK̶أB4Eo> %!Pt;N,a'2n_mTNP#5W,%Ҷ0O5 ,~nOWARH٩H,bIvfT8>' O68# )%Jf+/ <.0wo3)zËk[؂㖠t\dl`.%2!v,mu K×ɋQ;*aG !uiDŽ"GW ߖSaYߧzNTP}~ !zdSRѹ΋߲AlY`$78dx#L;R[$ڝ%B: Rѹ; foOv<%iPTm).a t"%z)$~j#)^ T ]iJ3H۽YKJW_"vީ-&şmEc;=[M?D61n0@3'u ^ -C<:Q=Dad!F+}5m{/ff!oYTDV̖t;mGT3?+Dye[ζNN«hcLHM;ݢgE_^(a=ϾQ(UKV)]b'UEehߢzp *LhץZ [pƿmVVPI>rg`c ^.MFRFCj5M 6lS(ƪ_;"`eߗ櫂7<1`ڂf$,"1#p|k&ۥq"F&OUNe›% {56Ѿ=Vܑ_Ւx~ {m-$˧Q}i庥K-bvy[whJ)] BL |a-KVWe~X`~R<}2__Dl }aPNY$SUݑ..Xc|ԉζ1a% ph̚ ڌ!Zнt\M!jc\G'+s[pڨmU%"dMS&N!6L7HNOxX i#H]R«4mhuNv/6U 6]p1.l݆cׁZʄ_f6FyPUVJȒTz|_on7zBљatEek5Nw |SZ :ުAxnsv&W:fBQh:5e|=Dh8T6 F^IfЊ`A1{ܵVLK=&[7.=X;ReN#ZTakIApI( ;NvAH-i:̠@p8]WjOgN$w֞w-<o8@D$Ň[+|Ga /-,̩Dn_F&GM##% l>Ʀ,Ur=G}*\ʯUN5Rg p B"{q %Lj߱pt8f4|= H lp03+lw)IWYWeXj\MV̱z2),ۉݖWXe؟㵨[ŽA V|u@DUz)| AZ>AqtvI8^q7c>*Fp#ŀ7NI;g#V IDe(bD~@6fȧ{Y.g}% GXלabҠ(m6P΁mE'蕉 MbR;2E6Ң5%+zFQYEAmI<80%;=p+^L%g4]؇,#fdHg`$\ Ew h}IxUHWstC{b"JezYxu83WKlyaىq &I|9gnGG ݡ ǝEJ' DpJ*c-G5Db9hZ%ec8m$]l iWLҐM9j1@WUdžL!͂9M{(ɋ<J(eJib /|A=fЏUtm]%kZܔ%hq AaƋ_ۘZq\AIrcha}iJY0fZ)IO6ī癘d$`)j:v>ITӜٛ<;~QT[2[z0cuKްFTObbYAiobG Hs&ߤ;߫m5w.. .LRt}Lg |qPZ5BiF?Vۢ|t 06oޓK$5QG 1`"ރNـLOU= vv1mUBq7+͍`Ul9v4q-6M'OHguw/=$,yuf;vzPsTqh,#\ J :Ӷ2ak+3WY1Ig-t8Lbu1d T:Q$+XN#yLpa3eCqG`4&ń"5=˅ţkͦ:bfϪUzhHUÀ{FuQN;SFk#:~Dmlm:Jw6%LSrW]zS;„sT]$  4}5|WdzNkDeGl܁2fϒfzbز[b13;D5 xxHn9cz0.q