libopenssl1_1-1.1.1w-150600.5.15.1<>,|hfp9| Rz=Nv5QY=r *ͅb1nنMF4P* .5 K;{4uh.2Saz>~.g oř,X82IYbt_EvJPI ,c#]`j[Ġl#ciel# ];Meetv̟q\ uuK@$T[,tߢ~v*:_D?X:9qÐ{NwC ko>Id?cd % Q\`pt   8  J  \    I  T x      f   ( 8 9(:>[U@[dB[sF[G[ H\ I\$ X\0Y\Z\[]\] ]]< ^]b^c^d_Fe_Kf_Nl_Pu_d v_wb, xbP ybt?zcpcccccccClibopenssl1_11.1.1w150600.5.15.1Secure Sockets and Transport Layer SecurityOpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols.hfibs-power9-17ESUSE Linux Enterprise 15SUSE LLC OpenSSLhttps://www.suse.com/Productivity/Networking/Securityhttps://www.openssl.org/linuxppc64leAA8<( >遤AA큤hhhzhzhzh{hzhMdK02bb16cd4ee77bb756b5e67a8961c9e59b79b170251b9e42510190f13e0e3b22bc7e7209050757676784a576c85afb721529f08dbd735be4566851afb261600735f9b4d9886bf984a2770a8107c42e634938b314f1ad765c8fe1f0a14c1718d39a0cd8a74aae1252e48e2b14c591d572ef86ab96359b0ffb79c0818ec8af63e7a83e20b2f1b8ed9f086d89b189b5bbb68d0d1323fbec76bd966127a3d56b2a81eecd29acede9f12c468c3f2eb00d826910fdfc3b7204d55fcba232fa7f121a1ac32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841crootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssl-1_1-1.1.1w-150600.5.15.1.src.rpmlibcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0a)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0c)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0g)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0h)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0i)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0j)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1b)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1c)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1d)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1e)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1h)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1l)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1w)(64bit)libopenssl1_1libopenssl1_1(ppc-64)libopenssl1_1-hmaclibssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libssl.so.1.1(OPENSSL_1_1_0d)(64bit)libssl.so.1.1(OPENSSL_1_1_1)(64bit)libssl.so.1.1(OPENSSL_1_1_1a)(64bit)@@@@@@@@@@@@@@    /sbin/ldconfig/sbin/ldconfigcrypto-policieslibc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit)libcrypto.so.1.1(OPENSSL_1_1_0i)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1w)(64bit)libjitterentropy.so.3()(64bit)libz.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-1openssl-1_11.1.1w-150600.5.15.14.14.3h}@g0@gig@g dfff)@f@f?@f?@f?@f?@f?@fIfIf~f~f~f~f|fuk@ftfqvfaf8@e@epeeeXepb@e_>eRe1@eSeRd.@ddgd!ddw6dw6dtdkY@d*dd'@cc=@cccccc{h@ctctcb[c[@c=qc$e@c*c@c@cc b?b?bbbUblb@b@bbobaG@b4t@b0b0b)@b!@b b bOa@aaar@ar@aa@a@a*@a)@aapa=a+va@`m`Y@`?z@`>(_j_~@_Wr@_G@^^t@^_@^V]^O@^E:@^C^0"@^)^(9@^&^&]]]]n]x]v>]g@\@\\ac\G\G\A\@[0[ @[u[u[r@[b@[Xf@[Xf@[2*Z4@Z4@ZZ2@ZH@ZZv@Ze@ZTZOZOYYKY@YV@Y@Ym@Ym@YOY, @YYY i@Y @Y @Y @Y @YtYYX@XXXXXh@Xh@Xh@Xh@Xh@Xh@XXXXX@X6@WSWSW_@W@WW(WWV޾VՄ@VVa@Ub@U'U@U>UzUyx@Ua@U @T TTk4Ti@T\@TFJpmonreal@suse.comangel.yankov@suse.comangel.yankov@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.commjambor@suse.compsimons@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comdcermak@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.comjsikes@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.compmonreal@suse.comvcizek@suse.compmonreal@suse.compmonrealgonzalez@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comjsikes@suse.compmonrealgonzalez@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.compmonrealgonzalez@suse.comvcizek@suse.compmonrealgonzalez@suse.comjsikes@suse.comvcizek@suse.comjsikes@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comsflees@suse.devcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdimstar@opensuse.orgvcizek@suse.comtchvatal@suse.comschwab@suse.devcizek@suse.comdimstar@opensuse.orgdimstar@opensuse.orgvcizek@suse.comvcizek@suse.commeissner@suse.comjengelh@inai.detchvatal@suse.comvcizek@suse.comjimmy@boombatower.comtchvatal@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.comtchvatal@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comvcizek@suse.commeissner@suse.comvcizek@suse.comvcizek@suse.commichael@stroeder.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comdvaleev@suse.comnormand@linux.vnet.ibm.comcrrodriguez@opensuse.orgvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.commeissner@suse.commeissner@suse.combrian@aljex.commeissner@suse.combrian@aljex.comcrrodriguez@opensuse.org- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] * Add openssl-fips-ECDSA-KAT.patch- Fix bsc#1236771 - Non approved PBKDF parameters wrongly resulting as approved * Add openssl-FIPS-PBKDF-params.patch- Security fix: [bsc#1236136, CVE-2024-13176] * timing side-channel in the ECDSA signature computation * Add openssl-CVE-2024-13176.patch- Security fix: [bsc#1220262, CVE-2023-50782] * Implicit rejection in PKCS#1 v1.5 * Add openssl-CVE-2023-50782.patch- FIPS: AES GCM external IV implementation [bsc#1228618] * Mark the standalone AES-GCM encryption with external IV as non-approved in the SLI. * Add openssl-1_1-ossl-sli-021-AES-GCM-external-IV.patch- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. [bsc#1228623] * openssl-1_1-ossl-sli-020-PBKDF2-HMAC-size-SLI.patch- FIPS: Enforce KDF in FIPS style [bsc#1224270] * Add openssl-1_1-ossl-sli-019-Enforce-KDF.patch- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI [bsc#1228619] * Add openssl-1_1-ossl-sli-018-TLS13-HKDF.patch- FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. [bsc#1224269] * Add openssl-1_1-ossl-sli-017-X9.31-sign.patch- FIPS: Differentiate the PSS length requirements [bsc#1224275] * Add openssl-1_1-ossl-sli-016-PSS-length.patch- FIPS: Mark sigGen and sigVer primitives as non-approved [bsc#1224272] * Add openssl-1_1-ossl-sli-015-sigver-hashing.patch- FIPS: Disable PKCSv1.5 and shake in FIPS mode [bsc#1224271] * FIPS 186-5 Section 5.4 disallows RSA PKCSv1.5 signature operations with XOF. * Add openssl-1_1-ossl-sli-014-PKCSv1.5-and-shake.patch- FIPS: Mark SHA1 as non-approved in the SLI [bsc#1224266] * Add openssl-1_1-ossl-sli-013-Mark-SHA1-unapproved.patch- FIPS: DH FIPS selftest and safe prime group [bsc#1224264] * Add openssl-1_1-ossl-sli-012-DH-selftest-and-safe-prime-group.patch- Build with no-afalgeng [bsc#1226463]- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch- FIPS: Remove not needed FIPS DRBG files [bsc#1224268]- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1224265] * Add PCT in function crypto/dh/dh_key.c:generate_key() to meet assurance 5.6.2.1.4 of SP 800-56Arev3. * Add openssl-fips-DH-Pair-wise-Consistency.patch- FIPS: Disallow non-approved KDF types [bsc#1224267] * Add openssl-1_1-ossl-sli-011-SSHKDF.patch- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 [bsc#1224273] * Add openssl-1_1-ossl-sli-009-RSA-sigver.patch * Add openssl-1_1-ossl-sli-010-ECDSA-sigver-keyver.patch- FIPS: DRBG component chaining [bsc#1224258] * Add prediction resistance and oversampling of the noise source. * Allow setting the FIPS error state if jitterentropy fails the health-tests. * Add patches: - openssl-1_1-FIPS-140-3-DRBG-prediction-resistance.patch - openssl-1_1-FIPS-140-3-DRBG-oversampling.patch - openssl-1_1-jitterentropy-error-state.patch- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size [bsc#1224260] * Add openssl-1_1-FIPS-CRNGT_BUFSIZ.patch- FIPS: Fix build warnings. * Rebase patches: - openssl-1.1.1-fips.patch - openssl-fips_selftest_upstream_drbg.patch- Fixed C99 violations in patches bsc1185319-FIPS-KAT-for-ECDSA.patch (need to for explicity typecast) and openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch (missing include) to allow the package to build with GCC 14. [boo#1225907]- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free security vulnerability. Calling the function SSL_free_buffers() potentially caused memory to be accessed that was previously freed in some situations and a malicious attacker could attempt to engineer a stituation where this occurs to facilitate a denial-of-service attack. [CVE-2024-4741, bsc#1225551]- Security fix: [bsc#1222548, CVE-2024-2511] * Fix unconstrained session cache growth in TLSv1.3 * Add openssl-CVE-2024-2511.patch- openssl-riscv64-config.patch: backport of riscv64 config support- Enable running the regression tests in FIPS mode.- Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch- Remove "Provides: openssl(cli)" because the executable has been renamed to openssl-1_1.- Because OpenSSL 1.1.1 is no longer default, let's rename engine directories to contain version of OpenSSL and let unversioned for the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933] * /etc/ssl/engines.d -> /etc/ssl/engines1.1.d * /etc/ssl/engdef.d -> /etc/ssl/engdef1.1.d * Update patches: - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-use-include-directive.patch- Set OpenSSL 3.0 as the default openssl [jsc#PED-6570] * For compatibility with OpenSSL 3.0, the OpenSSL master configuration file openssl.cnf has been renamed to openssl-1_1.cnf. The executables openssl, c_rehash, CA.pl and tsget.pl have been also renamed to openssl-1_1, c_rehash-1_1, CA-1_1.pl and tsget-1_1.pl, respectively. * Add openssl-1_1-devel as conflicting with libopenssl-3-devel * Add openssl-1_1-openssl-config.patch- Skip SHA1 test in 20-test_dgst.t when in FIPS mode * Add openssl-Skip_SHA1-test-in-FIPS-mode.patch- Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch- Performance enhancements for cryptography from OpenSSL 3.x [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch- Displays "fips" in the version string (bsc#1215215) * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch- Update to 1.1.1w: (jsc#PED-6559) * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. (CVE-2023-4807) - Removed patches, already upstream * openssl-1_1-Fix-file-operations-in-c_rehash.patch * openssl-CVE-2022-0778-tests.patch * openssl-CVE-2022-0778.patch * openssl-CVE-2022-1292.patch * openssl-CVE-2022-2097.patch * openssl-CVE-2022-4304.patch * openssl-CVE-2022-4450-1of2.patch * openssl-CVE-2022-4450-2of2.patch * openssl-CVE-2023-0215-1of4.patch * openssl-CVE-2023-0215-2of4.patch * openssl-CVE-2023-0215-3of4.patch * openssl-CVE-2023-0215-4of4.patch * openssl-CVE-2023-0286.patch * openssl-CVE-2023-2650.patch * openssl-1_1-CVE-2023-3817.patch * openssl-Update-further-expiring-certificates.patch - Renamed openssl-1_1-FIPS-default-RFC7919.patch to openssl-1_1-paramgen-default_to_rfc7919.patch- Add missing FIPS patches from SLE: * Add patches: - bsc1185319-FIPS-KAT-for-ECDSA.patch - bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch - openssl-1.1.1-fips-fix-memory-leaks.patch - openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch - openssl-1_1-FIPS_drbg-rewire.patch - openssl-1_1-Zeroization.patch - openssl-1_1-fips-drbg-selftest.patch - openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch - openssl-1_1-jitterentropy-3.4.0.patch - openssl-1_1-ossl-sli-000-fix-build-error.patch - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-ossl-sli-003-add-sli.patch - openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch - openssl-1_1-ossl-sli-005-EC_group_order_bits.patch - openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch - openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch - openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch - openssl-1_1-serialize-jitterentropy-calls.patch - openssl-1_1-shortcut-test_afalg_aes_cbc.patch - openssl-DH.patch - openssl-FIPS-KAT-before-integrity-tests.patch - openssl-fips-DH_selftest_shared_secret_KAT.patch - openssl-fips-kdf-hkdf-selftest.patch - openssl-kdf-selftest.patch - openssl-kdf-ssh-selftest.patch - openssl-kdf-tls-selftest.patch - openssl-s_client-check-ocsp-status.patch * Modify patches: - openssl-1.1.1-fips.patch - openssl-1_1-FIPS-fix-error-reason-codes.patch * Remove patches: - openssl-add_rfc3526_rfc7919.patch - openssl-fips-dont_run_FIPS_module_installed.patch - openssl-fips_fix_selftests_return_value.patch * Add build and runtime dependency on jitterentropy - Pass over with spec-cleaner- Security fix: (bsc#1213853, CVE-2023-3817) * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Add openssl-1_1-CVE-2023-3817.patch - Update to 1.1.1v: * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Update openssl.keyring with the OTC members that sign releases * Rebase openssl-1_1-openssl-config.patch * Remove security patches fixed upstream: - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch- Dont pass zero length input to EVP_Cipher because assembler optimized AES cannot handle zero size. [bsc#1213517] * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch- Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch- Security Fix: [bsc#1207534, CVE-2022-4304] * Reworked the Fix for the Timing Oracle in RSA Decryption The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. * Add openssl-CVE-2022-4304.patch * Removed patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch * Refreshed patches: - openssl-CVE-2023-0464.patch - openssl-CVE-2023-0465.patch- Update to 1.1.1u: * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. (CVE-2023-2650, bsc#1211430) To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT IDENTIFIER to canonical numeric text form if the size of that OBJECT IDENTIFIER is 586 bytes or less, and fail otherwise. The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at most 128 sub-identifiers, and that the maximum value that each sub- identifier may have is 2^32-1 (4294967295 decimal). For each byte of every sub-identifier, only the 7 lower bits are part of the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with these restrictions may occupy is 32 * 128 / 7, which is approximately 586 bytes. Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 * Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304, bsc#1207534). The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. The new fix uses existing constant time code paths, and restores the previous performance level while fully eliminating all existing timing side channels. The fix was developed by Bernd Edlinger with testing support by Hubert Kario. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Rebased patch openssl-1_1-openssl-config.patch * Removed patches: - openssl-CVE-2023-0464.patch - openssl-CVE-2023-0465.patch - openssl-CVE-2023-0466.patch * Update openssl.keyring with key A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)- Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch- FIPS: Merge libopenssl1_1-hmac package into the library [bsc#1185116]- Security Fix: [CVE-2023-2650, bsc#1211430] * Possible DoS translating ASN.1 object identifiers * Add openssl-CVE-2023-2650.patch- Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch- Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch- FIPS: Service-level indicator [bsc#1208998] * Add additional check required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch- FIPS: Serialize jitterentropy calls [bsc#1207994] * Add openssl-1_1-serialize-jitterentropy-calls.patch- Update to 1.1.1t: * Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. [bsc#1207533, CVE-2023-0286] This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. * Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. [bsc#1207536, CVE-2023-0215] * Fixed Double free after calling PEM_read_bio_ex. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. [bsc#1207538, CVE-2022-4450] [Kurt Roeckx, Matt Caswell] * Fixed Timing Oracle in RSA Decryption. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. [bsc#1207534, CVE-2022-4304] * Rebased openssl-1_1-openssl-config.patch * Update openssl.keyring with key 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte)- Security Fix: [bsc#1207533, CVE-2023-0286] * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address * Add openssl-CVE-2023-0286.patch- Security Fix: [bsc#1207536, CVE-2023-0215] * Use-after-free following BIO_new_NDEF() * Add patches: - openssl-CVE-2023-0215-1of4.patch - openssl-CVE-2023-0215-2of4.patch - openssl-CVE-2023-0215-3of4.patch - openssl-CVE-2023-0215-4of4.patch- Security Fix: [bsc#1207538, CVE-2022-4450] * Double free after calling PEM_read_bio_ex() * Add patches: - openssl-CVE-2022-4450-1of2.patch - openssl-CVE-2022-4450-2of2.patch- Security Fix: [bsc#1207534, CVE-2022-4304] * Timing Oracle in RSA Decryption * Add patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch- POWER10 performance enhancements for cryptography [jsc#PED-512] * openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch * openssl-1_1-Fixed-counter-overflow.patch * openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch * openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch * openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch- FIPS: Service-level indicator [bsc#1190651] * Mark PBKDF2 with key shorter than 112 bits as non-approved * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch- FIPS: Service-level indicator [bsc#1190651] * Consider RSA siggen/sigver with PKCS1 padding also approved * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch- FIPS: Service-level indicator [bsc#1190651] * Return the correct indicator for a given EC group order bits * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch- Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C - Update to 1.1.1s: * Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. - Update to 1.1.1r: * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes * Added the loongarch64 target * Fixed a DRBG seed propagation thread safety issue * Fixed a memory leak in tls13_generate_secret * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel [bsc#1202148]- FIPS: OpenSSL service-level indicator - Allow AES XTS 256 [bsc#1190651] * Add patches: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch- FIPS: Default to RFC-7919 groups for genparam and dhparam * Add openssl-1_1-FIPS-default-RFC7919.patch [bsc#1180995]- FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] * Add openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch * Disabled test 15-test_ec.t in FIPS mode- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] * Add openssl-1_1-fips-drbg-selftest.patch- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. * Add openssl-1_1-FIPS_drbg-rewire.patch- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046] * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] * Add openssl-1_1-jitterentropy-3.4.0.patch * Add build dependency on jitterentropy-devel >= 3.4.0 and libjitterentropy3 >= 3.4.0- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] * Add patches: - openssl-1_1-ossl-sli-000-fix-build-error.patch - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-ossl-sli-003-add-sli.patch- FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] * Add openssl-1_1-Zeroization.patch- update to 1.1.1q: * [CVE-2022-2097, bsc#1201099] * Addresses situations where AES OCB fails to encrypt some bytes- Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch- Update to 1.1.1p: * bsc#1185637 - updated certificates required for testing that failed when date is later than 1 June 2022 - removed openssl-update_expired_certificates.patch * [bsc#1200550, CVE-2022-2068] - more shell code injection issues in c_rehash- Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash- Update to 1.1.1o: [CVE-2022-1292, bsc#1199166] * Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. * Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits- Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits- Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script.- FIPS: Added signature verification test to bsc1185319-FIPS-KAT-for-ECDSA.patch- FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch * Known answer test for ECDSA * bsc#1185319 - FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch * Enable tests for Deterministic Random Bit Generator * bsc#1198207 - Bypass a regression test that fails in FIPS mode. * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch]- FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch- Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch- Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. [bsc#1194187, bsc#1004463]- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version- Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch- FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch that were removed in the update to 1.1.1l [bsc#1185313]- FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num * Rebase openssl-DH.patch [bsc#1194327] - Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch - Add function codes for pbkdf2, hkdf, tls and ssh selftests. Rebase patches: * openssl-fips-kdf-hkdf-selftest.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch- Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792]- FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch- Enable zlib compression support [bsc#1195149]- Remove the openssl-has-RSA_get0_pss_params provides as it is now fixed in the nodejs16 side [bsc#1192489]- FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] * Add openssl-FIPS-KAT-before-integrity-tests.patch- FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] * Add openssl-fips-kdf-hkdf-selftest.patch- Add a provides for openssl-has-RSA_get0_pss_params as required by nodejs16. [bsc#1192489]- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742] * Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch * Optimize AES-XTS mode for aarch64: openssl-1_1-Optimize-AES-XTS-aarch64.patch * Optimize AES-GCM for uarchs with unroll and new instructions: openssl-1_1-Optimize-AES-GCM-uarchs.patch- Update to 1.1.1m: * Avoid loading of a dynamic engine twice. * Prioritise DANE TLSA issuer certs over peer certs - Rebased patches: * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-system-cipherlist.patch- Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled.- POWER10 performance enhancements for cryptography [jsc#SLE-18136] * openssl-1_1-Optimize-ppc64.patch- Drop openssl-no-date.patch Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231 thereby making this patch obsolete as builds *should* still be reproducible.- Import centralized crypto policy profile from Factory [jsc#SLE-15832] * openssl-1.1.1-system-cipherlist.patch * openssl-1_1-disable-test_srp-sslapi.patch * openssl-1_1-seclevel.patch * openssl-1_1-use-seclevel2-in-tests.patch- Update to openssl-1.1.1l ('L' as in 'Lima') for SUSE-SLE-15-SP4 * jsc#SLE-19640, jsc#PM-2816 - Changes in 1.1.1l: * [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow. * [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns processing ASN.1 strings - Changes in 1.1.1k * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) [bsc#1183851] * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. ([CVE-2021-3449]) [bsc#1183852] - Changes in 1.1.1j * Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field [bsc#1182331, CVE-2021-23841] * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash. [bsc#1182333, CVE-2021-23840] * Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. - Changes in 1.1.1i * Fixed NULL pointer deref in GENERAL_NAME_cmp * bsc#1179491, CVE-2020-1971 - Changes in 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - Changes in 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - Changes in 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - Changes in 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Dropped the following patches: * openssl-1_1-CVE-2019-1551.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_fix_selftests_return_value.patch * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch * openssl-CVE-2020-1971.patch * openssl-CVE-2021-23840.patch * openssl-CVE-2021-23841.patch * openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch * openssl-1.1.1-fips_list_ciphers.patch * CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch * CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch * CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch * CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch * CVE-2021-3712-other-ASN1_STRING-issues.patch - Rebased the following patches: * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.0-no-html.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.1-ssh-kdf.patch * openssl-DH.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-fips_selftest_upstream_drbg.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch- Other OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. * CVE-2021-3712 continued * bsc#1189521 * Add CVE-2021-3712-other-ASN1_STRING-issues.patch * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521 2021-08-24 00:47 PDT by Marcus Meissner- A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. * CVE-2021-3711 * bsc#1189520 * Add: CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch - The function X509_aux_print() has a bug which may cause a read buffer overrun when printing certificate details. A malicious actor could construct a certificate to deliberately hit this bug, which may result in a crash of the application (causing a Denial of Service attack). * CVE-2021-3712 * bsc#1189521 * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch- Don't list disapproved cipher algorithms while in FIPS mode * openssl-1.1.1-fips_list_ciphers.patch * bsc#1161276- Fix NULL pointer deref in signature_algorithms * CVE-2021-3449 * bsc#1183852 * Add openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch- Security fixes: * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback protection [bsc#1182333, CVE-2021-23840] * Null pointer deref in X509_issuer_and_serial_hash() [bsc#1182331, CVE-2021-23841] - Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch- Fix unresolved error codes [bsc#1182959] - Update openssl-1.1.1-fips.patch- Fix EDIPARTYNAME NULL pointer dereference (CVE-2020-1971, bsc#1179491) * add openssl-CVE-2020-1971.patch- Restore private key check in EC_KEY_check_key [bsc#1177479] * Update openssl-DH.patch- Add shared secret KAT to FIPS DH selftest [bsc#1175844] * add openssl-fips-DH_selftest_shared_secret_KAT.patch- Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175844, bsc#1173470] - Add patches: * openssl-DH.patch * openssl-kdf-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-kdf-ssh-selftest.patch- Security fix: [bsc#1169407, CVE-2020-1967] * Segmentation fault in SSL_check_chain: Server applications that call the SSL_check_chain() function during or after a TLS handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the signature_algorithms_cert TLS extension. - Add patches: * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch- openssl dgst: default to SHA256 only when called without a digest, not when it couldn't be found (bsc#1166189) * add openssl-unknown_dgst.patch- Limit the DRBG selftests to not deplete entropy (bsc#1165274) * update openssl-fips_selftest_upstream_drbg.patch- Run FIPS DRBG selftests against the crypto/rand DRBG implementation (bsc#1164557) * add openssl-fips_selftest_upstream_drbg.patch- Use the newly build libcrypto shared library when computing the hmac checksums in order to avoid a bootstrapping issue by BuildRequiring libopenssl1_1 (bsc#1164102)- Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) * add openssl-fips_fix_selftests_return_value.patch- Added SHA3 FIPS self-tests bsc#1155345 * openssl-fips-add-SHA3-selftest.patch- Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7403] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch- Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our layered FIPS initialization (bsc#1161789) * openssl-fips-ignore_broken_atexit_test.patch- Import FIPS patches from SLE-15 * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_mode.patch * openssl-ship_fips_standalone_hmac.patch * openssl-fips-clearerror.patch * openssl-fips-selftests_in_nonfips_mode.patch- Don't run FIPS power-up self-tests when the checksum files aren't installed (bsc#1042392) * add openssl-fips-run_selftests_only_when_module_is_complete.patch- Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553) * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch - keep EVP_KDF functions at version 1.1.1d for backward compatibility * add openssl-keep_EVP_KDF_functions_version.patch- Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861] - Add patches: * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch * openssl-s390xcpuid.pl-fix-comment.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch * openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch * openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch * openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch * openssl-Fix-9bf682f-which-broke-nistp224_method.patch- Obsolete libopenssl-1_0_0-devel and libopenssl-1_0_0-hmac in order to avoid conflict upon upgrade from SLE-12 (bsc#1158499)- Security fix: [bsc#1158809, CVE-2019-1551] * Overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli - Add openssl-1_1-CVE-2019-1551.patch- Fixed EVP_PBE_scrypt() to allow NULL salt values. * Revealed by nodejs12 during bsc#1149572. * Modified openssl-jsc-SLE-8789-backport_KDF.patch- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. (bsc#1150247, CVE-2019-1549) * Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. (bsc#1150003, CVE-2019-1547) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (bsc#1150250, CVE-2019-1563) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. * Changed DH_check to accept parameters with order q and 2q subgroups. With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. * Significantly reduce secure memory usage by the randomness pools. * Revert the DEVRANDOM_WAIT feature for Linux systems - drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) - refresh patches * openssl-1.1.0-no-html.patch * openssl-jsc-SLE-8789-backport_KDF.patch- To avoid seperate certification of openssh server / client move the SSH KDF (Key Derivation Function) into openssl. * jsc#SLE-8789 * Sourced from commit 8d76481b189b7195ef932e0fb8f0e23ab0120771#diff-a9562bc75317360a2e6b8b0748956e34 in openssl master (introduce the SSH KDF) and commit 5a285addbf39f91d567f95f04b2b41764127950d in openssl master (backport EVP/KDF API framework) * added openssl-jsc-SLE-8789-backport_KDF.patch- Upgrade to 1.1.1c (jsc#SLE-9135, bsc#1148799) * Support for TLSv1.3 added * Allow GNU style "make variables" to be used with Configure. * Add a STORE module (OSSL_STORE) * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes * Add multi-prime RSA (RFC 8017) support * Add SM3 implemented according to GB/T 32905-2016 * Add SM4 implemented according to GB/T 32907-2016. * Add 'Maximum Fragment Length' TLS extension negotiation and support * Add ARIA support * Add SHA3 * Rewrite of devcrypto engine * Add support for SipHash * Grand redesign of the OpenSSL random generator - drop FIPS support * don't build with FIPS mode (not supported in 1.1.1) - drop FIPS patches * openssl-fips-clearerror.patch * openssl-fips_disallow_ENGINE_loading.patch * openssl-fips-dont-fall-back-to-default-digest.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips-fix-odd-rsakeybits.patch * openssl-fips-rsagen-d-bits.patch * openssl-fips-selftests_in_nonfips_mode.patch * openssl-rsakeygen-minimum-distance.patch * openssl-1.1.0-fips.patch - add TLS 1.3 ciphers to DEFAULT_SUSE - merge openssl-1.0.1e-add-suse-default-cipher.patch and openssl-1.0.1e-add-test-suse-default-cipher-suite.patch to openssl-DEFAULT_SUSE_cipher.patch - Use upstream patch for the locale crash (bsc#1135550) * https://github.com/openssl/openssl/pull/8966 * add 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch - drop patches (upstream): * openssl-Bleichenbachers_CAT.patch * openssl-CVE-2018-0734.patch * openssl-CVE-2018-0735.patch * openssl-CVE-2019-1543.patch * openssl-disable_rsa_keygen_tests_with_small_modulus.patch * openssl-dsa_paramgen2_check.patch * openssl-One_and_Done.patch * openssl-speed_skip_binary_curves_NO_EC2M.patch * openssl-static-deps.patch * openssl-urandom-reseeding.patch * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-DSA-mod-inverse-fix.patch * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch * 0001-apps-speed-fix-segfault-while-looking-up-algorithm-n.patch - drop s390x patches (rebased): * 0002-s390x-assembly-pack-add-KMA-code-path-for-aes-ctr.patch * 0003-crypto-aes-asm-aes-s390x.pl-replace-decrypt-flag-by-.patch * 0004-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0005-s390x-assembly-pack-add-KMAC-code-path-for-aes-ccm.patch * 0006-s390x-assembly-pack-add-KM-code-path-for-aes-ecb.patch * 0007-s390x-assembly-pack-add-KMO-code-path-for-aes-ofb.patch * 0008-s390x-assembly-pack-add-KMF-code-path-for-aes-cfb-cf.patch * 0009-Fix-undefined-behavior-in-s390x-aes-gcm-ccm.patch * 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * 0001-s390x-assembly-pack-extend-s390x-capability-vector.patch - add s390x patches: * 0001-s390x-assembly-pack-perlasm-support.patch * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch * 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch * 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch- Fix segfault in openssl speed when an unknown algorithm is passed (bsc#1125494) * add 0001-apps-speed-fix-segfault-while-looking-up-algorithm-n.patch - Correctly skip binary curves in openssl speed to avoid spitting errors (bsc#1116833) * add openssl-speed_skip_binary_curves_NO_EC2M.patch- OpenSSL Security Advisory [6 March 2019] * Prevent long nonces in ChaCha20-Poly1305 (bsc#1128189, CVE-2019-1543) * add openssl-CVE-2019-1543.patch- Add s390x poly1305 vectorized implementation (fate#326351) * https://github.com/openssl/openssl/pull/7991 - add 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch- Add vectorized chacha20 implementation for s390x (fate#326561) * https://github.com/openssl/openssl/pull/6919 - add patches: 0001-s390x-assembly-pack-perlasm-support.patch 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch- Replace fate#321518 s390x patches from closed pull request https://github.com/openssl/openssl/pull/2859 with patches from openssl git master (bsc#1122984) - add patches: 0001-s390x-assembly-pack-extend-s390x-capability-vector.patch 0002-s390x-assembly-pack-add-KMA-code-path-for-aes-ctr.patch 0003-crypto-aes-asm-aes-s390x.pl-replace-decrypt-flag-by-.patch 0004-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch 0005-s390x-assembly-pack-add-KMAC-code-path-for-aes-ccm.patch 0006-s390x-assembly-pack-add-KM-code-path-for-aes-ecb.patch 0007-s390x-assembly-pack-add-KMO-code-path-for-aes-ofb.patch 0008-s390x-assembly-pack-add-KMF-code-path-for-aes-cfb-cf.patch 0009-Fix-undefined-behavior-in-s390x-aes-gcm-ccm.patch - drop patches: 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch- Fix FIPS RSA generator (bsc#1118913) * import fixed openssl-1.1.0-fips.patch from Fedora * drop openssl-CVE-2018-0737-fips.patch which got merged into openssl-1.1.0-fips.patch * refresh openssl-fips-rsagen-d-bits.patch- The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) * https://github.com/openssl/openssl/issues/7739 * add patch openssl-Bleichenbachers_CAT.patch- OpenSSL Security Advisory [30 October 2018] * Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735) * Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) * And more timing fixes - Add patches: * openssl-CVE-2018-0734.patch * openssl-CVE-2018-0735.patch * 0001-DSA-mod-inverse-fix.patch * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch- Obsolete libopenssl-1_0_0-devel by libopenssl-1_1-devel to avoid conflicts when updating from older distributions (bsc#1106180)- Fix infinite loop in DSA generation with incorrect parameters (bsc#1112209) * add openssl-dsa_paramgen2_check.patch- Fix One&Done side-channel attack on RSA (bsc#1104789) * add openssl-One_and_Done.patch- Update to 1.1.0i - Align with SLE-12-SP4 OpenSSL Security Advisory [12 June 2018] * Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) * Make EVP_PKEY_asn1_new() a bit stricter about its input * Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. * Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. * Increase the number of Miller-Rabin rounds for DSA key generating to 64. * Add blinding to ECDSA and DSA signatures to protect against side channel attacks * When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. * Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. * Fixed a text canonicalisation bug in CMS - drop patches (upstream): * 0001-Limit-scope-of-CN-name-constraints.patch * 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch * 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch * 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch * openssl-add-blinding-to-dsa.patch * openssl-add-blinding-to-ecdsa.patch * openssl-CVE-2018-0732.patch - refresh patches: * openssl-1.1.0-fips.patch * openssl-disable_rsa_keygen_tests_with_small_modulus.patch - rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch as it now only includes changes to the fips code- Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Don't Require openssl-1_1 from the devel package, just Recommend it- Suggest libopenssl1_1-hmac from libopenssl1_1 package to avoid dependency issues during updates (bsc#1090765)- Relax CN name restrictions (bsc#1084011) * added patches: 0001-Limit-scope-of-CN-name-constraints.patch 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch- Reject excessively large primes in DH key generation (bsc#1097158, CVE-2018-0732) * openssl-CVE-2018-0732.patch - blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) * openssl-add-blinding-to-ecdsa.patch * openssl-add-blinding-to-dsa.patch- OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * add openssl-CVE-2018-0737.patch- Fix escaping in c_rehash (boo#1091961, bsc#1091963) * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch- Tolerate a Certificate using a non-supported group on server side (boo#1084651) * https://github.com/openssl/openssl/pull/5607 * add 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch- Update to 1.1.0h OpenSSL Security Advisory [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) (bsc#1087102) * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) (bsc#1071906) - refresh patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * openssl-1.1.0-fips.patch * openssl-pkgconfig.patch * openssl-rsakeygen-minimum-distance.patch * openssl-static-deps.patch- Move the libopenssl1_1_0-32bit obsoletes in baselibs.conf to the new libopenssl1_1-32bit: it does not belong to the devel package.- Renamed from openssl-1_1_0 (bsc#1081335) * All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility * obsolete the 1_1_0 packages - update baselibs.conf with the new version names- Remove bit obsolete syntax - Use %license macro- Don't disable afalgeng on aarch64- Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch- Do not filter pkgconfig() provides/requires.- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003).- Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) (bsc#1066242) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (bsc#1056058) - drop 0001-Fix-a-TLSProxy-race-condition.patch (upstream) - refresh 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch- update DEFAULT_SUSE cipher list (bsc#1055825) * add CHACHA20-POLY1305 * add ECDSA ciphers * remove 3DES - modified openssl-1.0.1e-add-suse-default-cipher.patch- do not require openssl1_1_0-targettype in devel-targettype, as it is not built (it has no libraries)- The description is supposed to describe the package, not the development process or history. (Synchronize with the already-updates descriptions in openssl-1_0_0.) - Update historic copypasted boilerplate summaries ("include files mandatory for development")- Disable the verbosity of the tests as we expose yet another race condition in that- Fix a race condition in tests to make the package build reliably * https://github.com/openssl/openssl/issues/3562 * 0001-Fix-a-TLSProxy-race-condition.patch- Add Provides and Conflicts for -devel package in baselibs.conf.- Add patch openssl-no-date.patch to disable date inclusion in most of the binaries - Use autopatch to make things smaller - Enable verbose output on the tests - Paralelize depmod- update to 1.1.0f * bugfix only release - disable RSA keygen tests, because they use too small modulus, which is rejected by our CC/FIPS hardening patches * added openssl-disable_rsa_keygen_tests_with_small_modulus.patch - refreshed openssl-rsakeygen-minimum-distance.patch and 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch- Add conflict for any libopenssl-devel that is not in our version- Avoid the requires conflict between 1.1 and 1.0 openssl- Add conflict on docu packages- drop unnecessary README.SUSE- add openssl-1.1-fix-ppc64.patch from Marcus Meissner to fix build on ppc64- Fix build on aarch64- Remove libpadlock conditional, no longer present- Update baselibs.conf to contain all the renamed packages- re-enable tests on SLE-12 and below despite current failure, so they are automatically run once the issue is resolved- Filter out the pkgconfig provides to force usage of the main openssl package provides- disable tests on SLE-12 and its derivates * they fail because of glibc bug bsc#1035445 - remove README-FIPS.txt (outdated)- drop openssl-fipslocking.patch The locking in 1.1.0 has been rewritten and converted to the new threading API. The fips deadlock (at least bsc#991193) can't be reproduced anymore. - don't ship useless INSTALL* files- simplify openssl-fips-dont-fall-back-to-default-digest.patch The -non-fips-allow option was dropped in OpenSSL 1.1.0 - drop openssl-no-egd.patch as OpenSSL 1.1.0 disables EGD at compile time by default - renumber the patches so the numbers are consequent- Update showciphers.c to work with new openssl- Add patch openssl-static-deps.patch to allow dependencies on statically build libraries - Refresh openssl-1-1.0-fips.patch to take in use the above approach - Silence the install manpage rename phase- Start update to 1.1.0e basing of the 1.0.0 split release - Drop patch merge_from_0.9.8k.patch the ppc64 should work out of the box - Drop patch openssl-engines-path.patch converted to configure option - Drop patch openssl-1.0.2a-padlock64.patch code behind was redone does not apply at all - Drop patch openssl-fix-pod-syntax.diff mostly merged upstream or not applicable - Drop patch compression_methods_switch.patch as we do not need to keep the compat on this release anymore - Drop patch openssl-1.0.2a-ipv6-apps.patch which was upstreamed - Drop upstreamed patch openssl-1.0.2a-default-paths.patch - Drop obsolete patch openssl-1.0.0-c_rehash-compat.diff - Drop obsolete patch openssl-missing_FIPS_ec_group_new_by_curve_name.patch - Drop obsolete patch openssl-print_notice-NULL_crash.patch - Drop obsolete patch openssl-randfile_fread_interrupt.patch - Refresh patch openssl-truststore.patch - Refresh baselibs.conf to correctly reflect soname - Add patch openssl-1.1.0-fips.patch obsoleting bunch of older: * openssl-1.0.2i-fips.patch * openssl-1.0.2a-fips-ec.patch * openssl-1.0.2a-fips-ctor.patch * openssl-1.0.2i-new-fips-reqs.patch * openssl-fips_disallow_x931_rand_method.patch - Add new patch for upstream: * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch - Refresh patch openssl-pkgconfig.patch - Drop patch openssl-gcc-attributes.patch as the code was redone - Rebase patch 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch - Rebase patch openssl-no-egd.patch - Rebase patch openssl-1.0.1e-add-suse-default-cipher.patch and openssl-1.0.1e-add-test-suse-default-cipher-suite.patch - Rebase patch openssl-fips_disallow_ENGINE_loading.patch - Rebase patch openssl-urandom-reseeding.patch - Rebase patch openssl-fips-rsagen-d-bits.patch - Rebase patch openssl-fips-selftests_in_nonfips_mode.patch - Remove switch for ssl2 - no longer present - Remve the buildinf.h parsing, should no longer be needed - Drop the rehash in build, no longer needed - Drop openssl-fips-hidden.patch as it is not really needed - Do not sed in secure_getenv upstream does it in code on their own - Do not install html converted manpages * openssl-1.1.0-no-html.patch- Drop the symbol hiding patches to ease maintenance updates: * 0005-libssl-Hide-library-private-symbols.patch * 0001-libcrypto-Hide-library-private-symbols.patch- Add new patch for engines folders to allow co-installation * openssl-engines-path.patch- Drop openssl-ocloexec.patch as it causes additional maintenance burden we would like to avoid- Drop bug610223.patch as we moved to libdir- Move check to %check phase - Split showciphers to separate file- Move openssl to /usr/lib64 from /lib64- Remove some of the DSO setting code that is not needed - Fix the showciphers binary- Rename to openssl-1_0_0 to allow instalation of multiple versions- Remove O3 from optflags, no need to not rely on distro wide settings - Remove conditions for sle10 and sle11, we care only about sle12+ - USE SUSE instead of SuSE in readme - Pass over with spec-cleaner- fix X509_CERT_FILE path (bsc#1022271) and rename updated openssl-1.0.1e-truststore.diff to openssl-truststore.patch- Updated to openssl 1.0.2k - bsc#1009528 / CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results - bsc#1019334 / CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery - bsc#1022085 / CVE-2017-3731: openssl: Truncated packet could crash via OOB read - bsc#1022086 / CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64- resume reading from /dev/urandom when interrupted by a signal (bsc#995075) * add openssl-randfile_fread_interrupt.patch- add FIPS changes from SP2: - fix problems with locking in FIPS mode (bsc#992120) * duplicates: bsc#991877, bsc#991193, bsc#990392, bsc#990428 and bsc#990207 * bring back openssl-fipslocking.patch - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (bsc#984323) - don't check for /etc/system-fips (bsc#982268) * add openssl-fips-dont_run_FIPS_module_installed.patch - refresh openssl-fips-rsagen-d-bits.patch- update to openssl-1.0.2j * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) - update to openssl-1.0.2i * remove patches: openssl-1.0.2a-new-fips-reqs.patch openssl-1.0.2e-fips.patch * add patches: openssl-1.0.2i-fips.patch openssl-1.0.2i-new-fips-reqs.patch- fix crash in print_notice (bsc#998190) * add openssl-print_notice-NULL_crash.patch- OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. * Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL.- Remove a hack for bsc#936563 - Drop bsc936563_hack.patch- import fips patches from SLE-12 * openssl-fips-clearerror.patch * openssl-fips-dont-fall-back-to-default-digest.patch * openssl-fips-fix-odd-rsakeybits.patch * openssl-fips-rsagen-d-bits.patch * openssl-fips-selftests_in_nonfips_mode.patch * openssl-fips_RSA_compute_d_with_lcm.patch * openssl-fips_disallow_ENGINE_loading.patch * openssl-fips_disallow_x931_rand_method.patch * openssl-rsakeygen-minimum-distance.patch * openssl-urandom-reseeding.patch- add support for "ciphers" providing no encryption (bsc#937085) * don't build with -DSSL_FORBID_ENULL- update to 1.0.2g (bsc#968044) * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); (CVE-2016-0800) * Fix a double-free in DSA code (CVE-2016-0705) * Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. (CVE-2016-0798) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * ) Side channel attack on modular exponentiation http://cachebleed.info. (CVE-2016-0702) * ) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default.- update to 1.0.2f (boo#963410) * ) DH small subgroups (boo#963413) Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. (CVE-2016-0701) * ) SSLv2 doesn't block disabled ciphers (boo#963415) A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197) * ) Reject DH handshakes with parameters shorter than 1024 bits.- update to 1.0.2e * fixes five security vulnerabilities * Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) (bsc#957984) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) (bsc#957814) * Certificate verify crash with missing PSS parameter (CVE-2015-3194) (bsc#957815) * X509_ATTRIBUTE memory leak (CVE-2015-3195) (bsc#957812) * Race condition handling PSK identify hint (CVE-2015-3196) (bsc#957813) - pulled a refreshed fips patch from Fedora * openssl-1.0.2a-fips.patch was replaced by openssl-1.0.2e-fips.patch - refresh openssl-ocloexec.patch- update to 1.0.2d * fixes CVE-2015-1793 (bsc#936746) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. - drop openssl-fix_invalid_manpage_name.patch (upstream)- Workaround debugit crash on ppc64le with gcc5 bsc936563_hack.patch (bsc#936563)- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 this is a change versus previous request 309611 required to avoid build error for ppc64- Build with no-ssl3, for details on why this is needed read rfc7568. Contrary to the "no-ssl2" option, this does not require us to patch dependant packages as the relevant functions are still available (SSLv3_(client|server)_method) but will fail to negotiate. if removing SSL3 methods is desired at a later time, option "no-ssl3-method" needs to be used.- update to 1.0.2c * Fix HMAC ABI incompatibility - refreshed openssl-1.0.2a-fips.patch- update to 1.0.2b * Malformed ECParameters causes infinite loop (CVE-2015-1788) * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) * CMS verify infinite loop with unknown hash function (CVE-2015-1792) * Race condition handling NewSessionTicket (CVE-2015-1791) - refreshed patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-libcrypto-Hide-library-private-symbols.patch * openssl-1.0.2a-default-paths.patch * openssl-1.0.2a-fips.patch * compression_methods_switch.patch * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch- update to 1.0.2a * Major changes since 1.0.1: - Suite B support for TLS 1.2 and DTLS 1.2 - Support for DTLS 1.2 - TLS automatic EC curve selection. - API to set TLS supported signature algorithms and curves - SSL_CONF configuration API. - TLS Brainpool support. - ALPN support. - CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - packaging changes: * merged patches modifying CIPHER_LIST into one, dropping: - openssl-1.0.1e-add-suse-default-cipher-header.patch - openssl-libssl-noweakciphers.patch * fix a manpage with invalid name - added openssl-fix_invalid_manpage_name.patch * remove a missing fips function - openssl-missing_FIPS_ec_group_new_by_curve_name.patch * reimported patches from Fedora dropped patches: - openssl-1.0.1c-default-paths.patch - openssl-1.0.1c-ipv6-apps.patch - openssl-1.0.1e-fips-ctor.patch - openssl-1.0.1e-fips-ec.patch - openssl-1.0.1e-fips.patch - openssl-1.0.1e-new-fips-reqs.patch - VIA_padlock_support_on_64systems.patch added patches: - openssl-1.0.2a-default-paths.patch - openssl-1.0.2a-fips-ctor.patch - openssl-1.0.2a-fips-ec.patch - openssl-1.0.2a-fips.patch - openssl-1.0.2a-ipv6-apps.patch - openssl-1.0.2a-new-fips-reqs.patch - openssl-1.0.2a-padlock64.patch * dropped security fixes (upstream) - openssl-CVE-2015-0209.patch - openssl-CVE-2015-0286.patch - openssl-CVE-2015-0287.patch - openssl-CVE-2015-0288.patch - openssl-CVE-2015-0289.patch - openssl-CVE-2015-0293.patch * upstream reformatted the sources, so all the patches have to be refreshed- security update: * CVE-2015-0209 (bnc#919648) - Fix a failure to NULL a pointer freed on error * CVE-2015-0286 (bnc#922496) - Segmentation fault in ASN1_TYPE_cmp * CVE-2015-0287 (bnc#922499) - ASN.1 structure reuse memory corruption * CVE-2015-0288 x509: (bnc#920236) - added missing public key is not NULL check * CVE-2015-0289 (bnc#922500) - PKCS7 NULL pointer dereferences * CVE-2015-0293 (bnc#922488) - Fix reachable assert in SSLv2 servers * added patches: openssl-CVE-2015-0209.patch openssl-CVE-2015-0286.patch openssl-CVE-2015-0287.patch openssl-CVE-2015-0288.patch openssl-CVE-2015-0289.patch openssl-CVE-2015-0293.patch- The DATE stamp moved from crypto/Makefile to crypto/buildinf.h, replace it there (bsc#915947)- openssl 1.0.1k release bsc#912294 CVE-2014-3571: Fix DTLS segmentation fault in dtls1_get_record. bsc#912292 CVE-2015-0206: Fix DTLS memory leak in dtls1_buffer_record. bsc#911399 CVE-2014-3569: Fix issue where no-ssl3 configuration sets method to NULL. bsc#912015 CVE-2014-3572: Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. bsc#912014 CVE-2015-0204: Remove non-export ephemeral RSA code on client and server. bsc#912293 CVE-2015-0205: Fixed issue where DH client certificates are accepted without verification. bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues. bsc#912296 CVE-2014-3570: Correct Bignum squaring. and other bugfixes. - openssl.keyring: use Matt Caswells current key. pub 2048R/0E604491 2013-04-30 uid Matt Caswell uid Matt Caswell sub 2048R/E3C21B70 2013-04-30 - openssl-1.0.1e-fips.patch: rediffed - openssl-1.0.1i-noec2m-fix.patch: removed (upstream) - openssl-ocloexec.patch: rediffed- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves we actually support (not the binary ones) (bnc#905037)- openSUSE < 11.2 doesn't have accept4()- openSSL 1.0.1j * Fix SRTP Memory Leak (CVE-2014-3513) * Session Ticket Memory Leak (CVE-2014-3567) * Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) * Build option no-ssl3 is incomplete (CVE-2014-3568)/sbin/ldconfig/sbin/ldconfiglibopenssl-1_0_0-hmaclibopenssl1_1-hmaclibopenssl1_1_0libopenssl1_1_0-hmacibs-power9-17 1753717350 1.1.1w-150600.5.15.11.1.1w-150600.5.15.11.1.1w-150600.5.15.11.1.1w-150600.5.15.1.libcrypto.so.1.1.hmac.libssl.so.1.1.hmacengines-1.1capi.sopadlock.solibcrypto.so.1.1libssl.so.1.1libopenssl1_1LICENSE/usr/lib64//usr/lib64/engines-1.1//usr/share/licenses//usr/share/licenses/libopenssl1_1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:39893/SUSE_SLE-15-SP6_Update/420b1087b3c2dd938e1e076b65280f30-openssl-1_1.SUSE_SLE-15-SP6_Updatedrpmxz5ppc64le-suse-linuxASCII textdirectoryELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=467f2ae9653ce2ac647e7961130286a57460ba25, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=33632982706322833f5d4a9a32361c62ff8a0df1, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=a77402b1572b7bd768950460bc40ce695a6944de, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=9313fb644c1671b92baee9d3b283d1efccdffae5, stripped-)RRRRPPPPPPPPPPPPPPPP P P P P P P P P P PPPPPPPPPRRRRRRRPPPPPPPPRRR RR R R R RR"K;먈L!R ca-certificates-mozillautf-80930beb853aa4ecddf8b087cf69673ce06392f91567fd048dc1f21c5d0b1ce60?p7zXZ !t/U]"k%+4"c /zC˼fӐ+Yd[6{l|mr_ ܀?oE*J gle B͇! Ige.Fx  "yH㟒,ލd}S4hz=î8G2?t!Mke(B#{S|;0xl8s ]ʾXz,gSb^8֢[Hk&IuA%զDqd@a\w!shV+&vf4sG*Z$֕ZWuMSg3z淾f^>*;VC9[O Kn & @"W󱱃 y i-\俏(SV zw#lh2p:X' ,5y˂MK:L)31J\қ+7ijZ/҆Z.wPEQ4y5IuN XB/[( cfўq!^S3 v-*RYIҽ~}v+;/0ꇨ3"4F ~HO)D&&AKJ:FL0% /2hXRejrhcb^PaTgūb*6B: k4ګֿH%aAuX "->#$r\H^K Töx ve ?`(AK~TiICT՛IȾ(xHN;peY')A!r& ""؉!$wЕ͘F`?2:&ʰ3v-Bsq0?6E1Bx TmyқߕΐzyjdErɂ -N'e.b.ZDHE}U"U CrJ;B(4+5ޞsʰB2GՐUbUSb,aTS OAJYW抣W{ц-FbNcQ<\(;>QѴrߡ"~ 0LbP-8龺{85ۯX-% n׈x"\` mdjw#(N?4rf^:J 4}ev7~^hU&WDDah?fZ1oerWoOt\_ v$JsCgȈ~/og XvYgb6gQ権0u貀= )ӈ4̒RM,,U%ɾrWm^=~,}R?ϷkAٛ{糟{ehV$5t6q6=OK?B`1=?W/D 4׎6Ho:WSI )tLv݌D;Y#R YW&lQyq&il wŠӤɭ24nv$IiF8pL]ٻǒHZ\~跬Mc1Ӕ㷍Wͩwbij) Q6D eI:W_N6!b4xrsNIO߭&x$thܲBJ9{3#=s_-Pbڳփ/›)D0kEeV]7O s*t `)MNrh|aӚ+V@uL#ϯ'PP5qow} Bɗ}k?=!q4^V/$4}\u;>xo}XQ"}6^ۧYU* +{8hx@BBˑ+i"B=W4d/;]yfam'.Tu`i}J)R,.;[~Ssݷ L4_ fʅ j8_"}K).%Ϗ75|BooT)7`ݷV^9yD|uCl"(mr^.Ef1 <`w4xhZX 4^fyhX^yE HC&V5G0/!: _J-Ciw0HV&kzeVzbThR`.Qn[ `#o,E]9]X9( TĦUW7tG7~Pmf3 @_'ڝR\k;Kb4]"ty.z9'";k"ۀs:)$vyqDڃQB FAm"%!vدl8(}타kQsQ#oRDK2-ʴp> 'Uw{;w&PCDm)7XH%yCJ+G_AfxFGm* ~#.ac`zs_MCT*Z aiQivyߏP`S* h?B四[ƬI[1MA|֔Eg>ӔK\y7byT~65r;6Rgb|e=2-E!>Fn̢ÜgZ Hwm2N_ d_uin!=0t"Q jӷYcx,悂lv4<|-g1p$.Ai0 mpKe-I3[EUЄnJtI*;h(V$gpyښhӄFb~Ԅn@jiP0IA-hԘc<6 6 + Pm҄ȋW汜ÑmVC#pgه:GlRXoSHǰ 0,[qM=CF2digȠ(to6njyr XG,>PK4UUݪ[h̷E LZ -`0p(sCfrNw6 5v`u.)kS |Ed1mAq嗪Ɓhb~"Jβ+@ڃ:s`!H1cOK@oMOw5r r?^!zC)u|xcR[̀NBLQFٍt3ֲj5mC>%}SfԔ9' 6wA_@? oɹ|#.E}W4VWodH[ W#!]sa#A(9;l^6݅`GRBݰvtFf#{;Z Rz^izCWPfU𫘔mB3)tT,[ j6.!µa',6/=֏9|a< wz\B,*H vkBF)6Y"$-{JeH2<.[wEw1G1⸐N}mw@ZT1)RQϕj&w(w˱^Fn%Ơ/K l㺽u׎V` U7$gb:,`uȉ[n<f?O\b}!aW\T(֦'&֘{LygHcZ*M+Wɧ'൰π}RʤIOj"E >L}/L+I]}UmsdBvq+^P$H7̷ݑn`D&9u!xofxi]/,ve#Y-FBpοl~ ]b>KaZ.?_S+)0،zZ,K'O gd,OMR4r3;,2F =fc.'{kЅ,oZ&E(r.~ _ x@&$W$nFuମ]-?j~H-4ŝscrkWQ*2"ƆԄ?V4j/cT"*8vay "Јb ,Y6.$,~cmi8fGHcs2FaA|XS8ΎvqKM&|)7N_*t#(JO|W`p.|}0H#+(\*U L-3XۘPƾxINpzk7f%kQ {7TGd边2n)*.?#e'sSZ0{3YRMO?"blIAe&mgˉ;^0BU]N1t۹,Fֵܽv?N^} ِu̍[vp#C|%rc:Bޢ7/)\̬<_T/[D7H@Y~'R$V0GjYͭiTSL6AgE7/wdߤyWCf/}V*4 axG#,sݫoE׏`7|lQY$(L{ʑQGK,OIfsd;)-x5]%(B8wvg=UANc ,ˮFpPs>HGѣQQ-?o/ eͶjSAHtHfn6Ƞ=I[ }Ypʸt^GYaV>^ܹLܧ"+@{zv@hcW]IɰUUa3$`2'=i :ϕyYP,٥iag["Pt3L/uՙ|SQF &1@pZ UW1ѳKN<8 c]FŸp vqF؋mb8Ye(Z*dﲖ=纤|)A҆5<*,8$(O)J~o"*ޤ

d-TJQC;k3 c'Yd]=4(jBlj\<= L|̫$d}*)ƊTU,>HAqr4|91!"}9C!ZZƜY␭ɾ<=os_tjgڥtKMk[3;K"HL{ d];GJbTM#PbB&[`vFy[Rd![&O!!z nZ_~U`Qa:ڜhUd)η//Ni°\PxXC- h/J_rJɃzRBNa4$K((p" sv8qo4[.PA=kELjν2򫮘;YhB| |D*(zct` *C"a+<<>ƴ@7j;Wdw6=?P͸*3lE-VǨAxs Ű1ch}q}o4E4Aq}*\17'Qx"Gf4a͏p>kIsbpn]1+̲r0%{QHȬ,Q]7I_a&=b:[C[#2;4v"1-#;!%oBjE9Tyg2 71TR5EZQDu=n!%:+A5wYaಋce@,oM6`jf@TSqTHimqXʰz} .H+QwZmإy7WjEu8AcoW[LwQ7i|dž: |Ɉ (HB5X%*b?F5pli&6,-3G8WE~#:{4Id۴:N(%bNm Q34rIKe'Ejb3f.}K%~_/SHuv/Njg\]ɴl07$frc[ҌsR*g)jA =p \X6de !l!-YTU'V`WƩɂ >֌l@$u8ϡ\)*nl''q\ oPbik -Vs=ga"k̳s"!M%oIBҫ4c /¢~GZ1Ͻ 1ᣕ'E)(oOB׍A j>&mc0yV ČbAJՏ}a*mB1dJY5 HR1 UhYFNr+~Kv/Vڵ$֖GۖIM9b'HOWded~tN'> րQlj5Y$fCܹZ4Vκ{7,ǘCSgUE8KgHS@ybQ%lnJNӖiwa#bQ+Q~$-{t{)+c3$%3R51AeiL\{@$7:^xq[ө̽+*=7X\A@#'RZ.Ght& <}- Fhc^F?9Lͮ! ,0ob™AIσf!S@PxKfkgɽ:wknO>^hiAk>۷Q}tcIʑsFh%(*۞D$yypc3$S/xZ jτN*DjX^q_aSs㠏Ռ8Ь|U'\IdM}s\i DaF+toU|r>\ʙvÁ=W/|u'HĞt#E \Ҿo}~#c-ᗣkj#"/hnY{h]6Rv \[{Ɖw&%8n=h gYM3]o/,v79#p : T6M WJV0ûyt֗c[L-aɍCî~J{W ?HRx;vy;m/ OQV! ʹupF&e?w +n yuytqY`iki4;&SG YAVmϓ˅8ey1>ථ3l?'Fe4tto ' )C-SCQ쬳^>Ԉ\ „Ht}1 U|p=oM4<ug2}/6ʵvϵ A߆eKl.'jn/ZN\U'n(J2\)(nΑc!9$5kmqns@m}BrM2Gwش$vsJg`S}Kw6oANp9V u@х0бH3jLO,m|ֆ9~k063j Kx=6X'E(+qpKS@Gg##*wP 4˝aruߣ3~G@D%ךĄ 7W&l^5ys*e,!#;mUQmɉKQV>ПfŗZcZv4i=wA(6MEfꤌ;ݥr2Qj)/I*5 / #C3@POԤl kVˬ- Ve= ,p. T1x}c~ܣ] px\ 3+$3TtxTzv@9QEO=ܳgV O^b&v?@y>JMNnQ۟ u(졋z >joa #ݖΪ:n=<}DG5^H>o7>PB/&H$&1w|eÞȟp.N Ś!  .PG|y,"xv G/nGrLڲ*7 mN9ƾ,RKn5 jː&2ph M$εehX cP`2xm4 A(@'k-q?a+߰;?J4L=g!qY&e预;wl@E;h(ʏ5H(# |rO`ʤ_x7}$am\`&ٲDք$L[Ly I{WNƻ;mJZZDxΐET+t.axH-$/82Rvp6_ke& 6:܈B&&/J&ң;i|B]s|9ڝtfF෨$;Ĝd $nUm%Kh̘Z6zf˸>˻"nf;.i6+nҧmRt7#@Y*pҋhC%4 dCSůʺh-JI)]?˟-&Z(yRgn8lz?3rLK["Slo^'!"NYPQS'wll\K덛EThm@xI}YF*Z m8b$P { s澄OjsN($y'vqѷU[#iϷŠ Z*%OM o3Y!7%dNeIt}c?Hy8Ɨs"/YO¯,{\wKPOX??rGp&+PwK 4'ڕɜLC}zh\V"A-䛮1$pA/}_ -d[QgaIq̠`/N8LiL^"V3_(>}3fk/ W̊a{Wu(!)]xz_ԝ.>;5;l0Ғ!lJ{A:UbaJLOA1 s }%dfO2cRa`-ɡlXjaWbO,>u4+L+:q̻g$H$ĺ W|P* Y񍚜jDuj8aR^ ⁩Qb{5Flˬ+FK"(ǰ8A{dj %LVEsЀlan C`VNyՔOwMid,=<׾+5%%\nDRzƍI,M34Ȗnz77΄S:_|qgyS(;Uxؙ9Hik6 b^*Eˡ 20t8 hb<+Ɖ1z9krpvpn_G:sj; >w.+|Հ(GS +!,TJYiBB/eD;z]GlܔϾjPL)T2)k8(GpqI"f.|/,_/8 7>¬vc42 Φ Fk38Yc1+{vAڔߤs>]d AQ)Q_gWߧv͆En3 A4]k~C-!9|?[*kx AϹOT @I8{]}+$J`[.MeMZ->K (e,+.%.K@ݳH`NȔϦy8rpUӪ&JS; vUj\3g$_kPș/:B xG}m\ u:nC9q-/>?nLVX87Llq]RECjBse] a=6GK05 Ɩ:xOز&oZ GMlÓYS6vG80y6jtU50|ݹ¸oA. }[ JR_]mT>^A6Y  @꒢n]'Jbea1KM>29_t6 5`v#j IƃqGQMCd8[Nd8F/V:syIE#ϛ{K㏰Wi~⶯Wq^7u8LUh}y "y&/ȠM@X݉ (gCiDRs <p (]|aUK+ 'Ҥ凛P]:W)ۄ_K*L.15 naѤܾHQ~Sz*/Pߓ7`f ?"hz54e2i--mK,'ˉ:̥d.1ç6gĹi$`?vk{܋ZA$+qЦ jNmۃrZ-Ns=,m %mOLVNs=d6:ggߓPU8Ā~fQbH>JemaQWpv SͭbO. aM}кm>ր7G(%wxalp }X5G~r.lG5K.t}{*# t6Zd0\l10A!)vK,x:Kρ/1+aPp| 3|ތvg~.K}d>"ɛ(c,J֔pYuO>"ez0(n5G|ڥBN>VlV5]>6Wm㿹Vq7"曷-{fiddu>4Pƍ+bi_@/P>^#*L؜mP ɇ;&3HK7 BL:fIC+ sϻ˩v| oxDR5HuiN F_E &in]wZ~s#`Z[W0p+1 9b`ijuXٸ"n {͏?#=I$ fMSnFePN%ipSlw,wH;'1jL^^KpG8!Bll\X@lQ[]c.gLLA8ׯcU~w"v xV&O;QFו!xb0>kVn'htװ2^&*%P^{R0KX͖Ay2# ^#<6e̼\B%͗;Ԍz|7AA4|Qdj)7H^#uQW3kljƕ֓tb1Ks8.Z,g Ȏa6.6w 8s)܋AДÿc*<[jȡD'a0?vƊ*(! :m=PHM6oO9F 6Rꃥ__9PF.Yl<`dRZ2dI=l_BvԊoJmܶ'ՙQj w cdĘ}XhˣBƱwmP8Tr.ErS)^%v&A痾(Ǿ$jBR^?j& v4V.}` q527<ͫzffF&kʾs@{)J5S.=b\1ꑒ"y-Y'Jʳ8հFݴ:, tLpHAM+z-0eɜzv?Ȋu'\qgmhjp޺j"m]P@;7:oԠEyU1}]ch o4:D<86ѰHBCY`_L?VtݘaŽWz^XtJzw+boн-_GZ)U0z!E7jȖe{;ߤ)]5V"OTrĆL":Ů<8krӪ1K(D.@U@GA [`uG::cXs#.W%W>? dM{q )B̆qᢞO<6cEsPCS a{ ۦ?7nb$7g9iy 0; 3*ΗZ^=A- c6u~/VqCZ|i,EO> B i,qN^W]CN$%^J߬OXMxДdS8BРrJx`81*%)}1PlNzg2ʍ&vsx/xUI[ĹU4]5{UyefJs }c|l`oo1:=hփ|u BGA2M .r<'8fQW$to EsY2QrSp/Ebjq tFv5b~FX\WGa!!εdpQS`\{ZCJ{{/S :]d У[2DZgW]fA&F`Yǎ}qbP> t~ct57'v}rq4rGu^A 4etB:tH{K`m6}:Z{X9_7 4k?XS7s8lS*>luΈ̛S5&:)%u 3HV־@Ei@Rud*N nj/ef]Ciڞ {/sup?'~M% 3chm$cu[Jg D_*keAfo3J"9B'Q2cJVFs7mRHgU@/GRz,/4{~AIYbp*gKQy߾髬h!VJ[oz\M3r/6~Wnke8"ۅoe9dl(.\X97%@9 R1Bkb^G ̅ 5p+w%GZɓ0!Ӗ8}KH.ALs=7~\lݻUs75E'o/p4 H~v MN [ TcChg]IP,B ;E/(5UބW|޻%0Eqg_943-⚵mAF ? ɣfiNۚvy͵<#<# \4o1~Plj!U~)e;\/2&Ӂ)oELOlg6.Y'۔韋[䲒|+*>ePj0t"oVfc:$*EjNڭj " *`8gLh߫d}wZ[< Eg 6ۍ  cس>/+Df=Q~4$ɃzC!sN \eLazFZ@x^b1Q?aNMؐg6m@M"C@9A;f6[nQ$4L_L8 oqA1Vyc}DZeU{m;62Ƥ("nx1$}|[DE _3 p_;>\8OxfQ_g Fo㒆V҂ ,/. }<+[l Bv޺2W_l}ͳNz`D mFťѺAᩤs0z:I {jMHYh\1x_S^ڹQ.7W_$ps }akEA0hɻk.+]D>ii$yNV?zSA+͔R4@T (+^Չl(f9|LJ;jEĕI1)G)^(\0**y8O5.:R}m`}>~huJsr41ff`(w bIo;$@ S'k, si~_vܣ (4:_ i"SsӒ˾hd*gufF:I"%$оmbܛ7LHRb2Qݷ&hY8y֕9y`ЁU゚ 1b#Kse~޽pm԰E5LĦS~XsEŴꭠn5)~˜!V|_YgdPG#ZQi2H҅}+v9[ ˂vRi'`j8gZ-m LNN(k(amխwJ[JR7LQ߶3y m˘uf ͷA )gi~X^]+C=^<3nw;=vC8RDǀ޴ܿUL k@ID.}_B*V͹+x~\OUu_]F"r@vꢣYA'Ȗlmloc"0<X+un/;%یO߼2L Q6@4C/̑,iG6)ṭV\6cY&`@YO h3m5\݈!t3蘽5OI;lqSpSPϋBoZ#{xб/P{=3bߥ-Zϟ%_T±C⋚vW@"?Tl6ڋÃ$wVծAd0Z0ʋs^Y'|>&F3kcJ1@&ħ k3EPG6z͖J,)!GfڃA5c ,#{^~*6/KH:5:0'ĉvpo1H_ׂ}rӊ D/f󷘤)j5p`k/XꂙKUM(v$H O&Ve=Y}\A :'E|\κ]+PZl[qC?YsSjx~kiQҖbt V;t>⬩ Fki)bv.en4) }[ŠhXPn$۔J:osC_|b ! z*?)3Ԕh%zVhC:_1|i" K#2݆s\Rj>0 -͸nP!;"ճl|(D9dIObH4r6!)pE )PHiJ;>Kxl>U]< r뒝s,h \Hxrw]vQf$ 'Tܢ(/ub-  ;t<}ՋrJV=<~ww+hIH~(N6e CH|2Vg"#'}$pje$~T[?XIR_[:YdTUÁ@}$-!nk=řV? w2lBQlզ@ }7=[p܊oMj(N^Rg~_sjHP"TbnVR\(ɷ)ua_"4*jd R>xpϗnTa)<[sT73: 7@4H7n;>l а?|{%xqԖ߶;҉6e_vZ0:{}”[vR;[ xjMyk21G1UeJ功?m7>rᏂ>0V-BWD&L VX Em{:Gm$u;9rX)2 9g8.+S3wWfNadkA[: 5Ö.Wt3^RCigDJ׸Or+s `DMx ,mݔ$è5$mJK-&Zt"XS gTWG6e;ˢkU[dI۶x:=_)6]Ri4MSȩ1B7J;au`Y9S`Q9%}68F#ڠ>kWڱ`ZC49ޤi,w,t_<țwF >?W9=C#&-GuOCG*he^<^n:=MЬބ.[`m}-2<~vcTkHq1i0p} |Ɍn<6aAzIbW]&j7pU **QV/Sggܴ|^]"8QD:aX5H|pI S[o %SL#6H l]}nE67|"!Kxb0)9X/IY)c{DאɑCvk&҆?qH'd[SGS0Z<ῌn5=#eps2hu(p "Ruu$8ܩ)9w_4Fa|Ɖ/.m) 5YNo<Ȳbr@ V7h,CWC ? PF@0ӫEsŻkl>]۠jx8QCl(Q<ÀbwW,V>-SEuK4I *&|.,4+w'*u6J~{j #۵qvwGt ,L&x)hȽk@~`a+@{BENN3OZO=>Lf[uHROY7#I~6Ët.!)YCW`$Qd.m}/ RB=MκmT~~TGy|I9Jٍ}YZcY AiH]5#n׺cdn=~bB^HT~9 긺#"?u@WbM/M/V>Nev4Ľ]Qe.N@}\U)-a/#O,YEV*{KyzF '(o‡aQNъ;<q Y:{/[#!O7t;);[n/Ѕ@/d{)[ݙb($'_q9L GPC=U>^Vfz#F0M?bfa E`7IިX \~WD{1=/,FP]MJ9+#?wR Yl'w)ShAgtx[IVjB ԛj1Ad@%sv^.b)Sn•' 5miei~aW'90oƭX׮>n@un6IFɭyqc͂˛ˍi^5L~MԶ)I&ۅey *.cŻ* uKot Wː<(W:;6Uj]CWi49-X(>6ρt[.鼺+KΣ],P.7.@at|dwlAlo}37jU4[91}(} !cyaNd9:F- AJqE)hRhȧi6Tkyo䶢n̾z|ʬI>2Xvbv=ʸ.R{CLE!DU`EIWv.FS6௖/Wbѥ^ %+IՍ) 1w#3 `ffHzTU}T鿠=84Ƌ?QXS|$>D}v1vK Oĕs'Xr,f۩Wq0/3ysoem!dK[?h[1jqoZI@?b'rhVQ=DY0m; |^bzJ56a$g,LNz -`]@% aU?H{ y+ DŪB[7{d^ y?lIzfVBVW%? ^eE֦y~( su !$TDU?Ulqύ1nB ;߲^kԡ`n ۇ0Wӡ)d(7osr`&k[Zd4 z[7w5F%c1 (z851pʼ{3:-T!oCFsyQ,lIu;bjq}vW sNt=}c+f[})-ZӚT2~ڭ%:'g;/t ^⥽om _R48zm G'P yzS 6@Ϩ\o\K{̔o;4h2Nxֱ-0!kUKT>Z5ގ:rLR_2 WpYNnXgb$.S8)J/z8maWߴٌPgveѻRx z.4&tM6vTz+=,>lh5OEJz=;WySwƯ$spMވaRc9t fqj ln5^nfE⡸ ժǟ֤ݗ%oR\`e'Q %(|? N@鱙f.TQS5>"U02^o`>x"Fff*~ާy:PL*[YJO#٤۲ix f/,(t)5ѽeNr s1;=o @)͉:) VYEjnmh[K/D͈$'-ӄћ?LͮDRIFʥu} d6TkwYc_N68xa2>\D)O%J,stUފ\D>xCGF֡u<9xCn"革]IKD RV'.Ś˴FFTPEQY}0Vq,XazU f?*[$qGgJCC-IvQ1ɮŇ`H4ίάK᧹RQ$.t=3CCyoJ~ͪeQ?X<=oNGɍ(> a`-1/=Jt@4ThK8dB3P+j!uRz2%Tփ .ԭlC3BIlMoz/VE4TƌAsk;D]PlOg:5RDV4`I">Q@ VMf) [,ѵ[[G8+f9T |qyڑ[OIkW5gb UnaбC-hAw9oEKx(Y! pP%kO]-ZJ'+^ |SdanZyd`*.gTZCmR"QN wٕ0D8ЏMcKd25xf*@;05yAT>A S:0Q d}sv@O p`0E%N_O~4={/?լ2aD[Y+ d_߂3UolʾނC{~ ᖩ/+!4JÆ"[ppYn4"^ҥ:S?#k$6C 4 .<C~VF2 7NvI ϢGB"*E[T{Q=B,ۤkf@n7 n+aC-*hϗ$ As1rk2|ӟK ]PE6upu`ڮ;[[  n҇/2>kTRW#x3LjSEaP#>@V&G݋"n#c(%RD.BzX"@J76'p dh4fI<͈+G-b±u^m%6z֦֒t(*&$xU7UldkMٵB^ P(VAkI0Džnky.d( mlV{ $P[IJbXBk^7eirHC6(ɎR@.P 'Cs7!=2TQx`T0E[Phe©Ez9UhhDB>2z_Xq^'̐t.}fYt!<ߥtuawAle2jr|R>fpuk(~FHK61n=z8zFt~[SҥCEz'gt"*w4(ӥh oS.bP.!ڸ+z 8ک-ہZ1K61+^ ]2$)h685s^,ʚW`3=pT+lL%g51m&dފ",̻a]UX?f4E{!$⯹ g wBY-^vx+:IWsц| FjRaH;E}Sӛ"\FZԪ,|`qq[lD~CB0%*sh`_*d:?7n+3ρ)5i]Z'yߗk?&P-ȟ~ CH گoVѥ *aΐJ ܐ?`i 9\j 9\㤌 7e~c"/k9:^;o3@ˆoB|B[W0R H,Eyg?l=q>kĢ vDÌZew)$uןP$އcH;DHXaGOQJYiLr$s<NH`=6SͶ/y"M2@ R덻;zaDp8J3;jgJCNev,I)w{l(E6;Ÿl qAoz] Pf=`#hӫT~X%a5fխ((Vg|\14JnUIm$R6Bb3^>O=!*DZN$v0M8uG9=Qr@w$5m֟ZdN_ +QC?W?VW . Hvuj N8 ܺ!Z2{ꃯ䕭"lBMZNSVfkIOEϾCWѯ^ Ȳ!mYhQU\>eOWm'^8ًmYFʇTbwn fcM289,SrǪQ | :ySϧ.'* I38!pCq_Q8`v/gO{泹=GƞN\ΡE(!wTD(<ë0)ևb="o5qK;ywny-_F[6 ^)-&y  IO-Wr G##&Gɡ- OYKBh>VkܴF/D9G-Z_) s{Ν9:x 5,F ug`q^ +NSi |T tFqm`t|PX߳BC2xuGii=lv)W,)i XnMX5CY-<9aXIn!h":bB.M+7k_lwWw:;BLvlㄱ0qQMJ6Se":yo7>1Mhhjdq]6P0)i#&"EU['"(W~M"0zRcy[~!CR6:|hǍ) 1s1]1;1u\XFa&NgC⪎&b5ʠ6j~ ~@/ ܜW&(A/Jxciuz̏Ed 4ǛAnX 6>"|]"F6}.Ҷ8(*Dd$ XhƁ8:!W޿hq}%>=`2j#t.5>Q[A̞/}jy>Aɬ0򭵦R8!j>j? 9yA v j_ZJ$f1RcoH??^*@#>(hJ@ Qkk8]Ydۑ|y'XipیɌ }D`NOoB>⪘+caT&>o$4.+ Sa$043?3Cr&H:^$OݲX,?0Zid]$CiA@stFUNݘjXLsxG_YSOq58x}uq@rȟj$ \cF4d x泘&>77]@Mj Ժ΢52Mq#ѨJz KkЋl@IeOS4mPu#TR/tyQsh t[U߹0;;yW\Kmd !+5xTeVR9\Rz6oγEQ,xRZDj MK D>+!HrПQS 30(稜"7Ĵ7M=&%L<0"tPv'TђR1 `yq'ޱ]2K][Ǥ}w .AH x5 ,]n"6*t=dKb9ڟ,2OYkoNHtXo/+|(X|"|S-˕֜渇ϸ%J;#|?% QQ Nu{q![0d]2UImzrldDoٵCSQc|*RPVn~:ΣC`~q0R $!&Xc[I뾷/ykbz48x{0>J5sx` ENg]vu؉eg;Hr}@ ǓkBgodᔦ%݂6)t@1 .>vh8YWNg@K *I>Z* *P8\:N~.ԄjȡP1k>V#ߌاU ;(+*Kt1\3Bj:4ʜTN#:%JWPcpȜ JtdjW$YpjR-ePR,dSEYl10~isWVc=HVL %^V=>; `l^y82dZ  wy"#.\ _JoR=ѤVi}hʁ8Oc%z\V/&G $J^?~Hձ:Ē#,7P<˻ܵ[DJ&H(XN"`Zkhy::^ TB#.gl؂/6\)~OoHYG5`4}ij.m ]Bgi_ʐF<γMeOkwQg.ekkݩ1,˟Vs)uM7M럏 {4 /hCKNSi|~U hM:qpGQ웶煶V'mt-Ylo*ZwY=r30Gjg˜o{s/"8_ƴS{Hki7Xv dv~_\nAAr# xrTpJjboםҸyJ (T'8ݷIVD`buV.4g/-){n ciUng! G hXyj7Ɇ)d N6?İ}8^ B|}h[ukm4y؟RYFk>)#+[i8+aP_S=hKuD'$dL=g{d0:Q:k>=BPÁ0lkoJ-R+s y=1p̙wDZ]&BG A(k0ϲL/ SBlDsDn !˽M3n|(t-NEe:#us&nGeuH>  xhdH.NmkDFE4c kԊɲFjR%xbgF; ~6-/Ro/Bi g,s|n79v;(jwMQp#lj^3Bf^37F\|vxxw%Pɉ=ePlhHl~(M}%h>'_㺹#'[ز*׶b9e 0}9}WHvX;/d `V\P[j?%GY-pia0H' ŋN᪷H#GA7JO{kgX=e `38>P$=yñy]տ^XzIv H$q#Tl8Jm̕4xٿAI@edo|OVBH;<墌Ҽ6*oz D/(z/c+>Fұ׼Vi.r>BD镂SG 6V\@YEv #"V*jRߣť2'!=ˡnwMn4O!?ʢ *uWūF*ǽ"Vm(h0ڸa$!(?鮛KAq2(9~Z5G%VޮO[JR `X`JlCԕƠGznђh_w>O*|i-._4G˅Ţ ǃ~&[~z-s 9s7E;[v[NF!G:\d#1TQ3>94u8TV9;{LL?59&S %qO.f:box_'/ ]JlgJ|^jv=g46mEBoc_lP0,>O6Om/j omJ eۮSW?`VQ W3"Ir)6Uˡ%i=t 6"#B$`ѤCA3JR5@EV~(BhH$˖'[pu e&oP#e5f$os&l׈I$%Td ވ wאI8fC5%^z!y)nM{jh\~Iwd;#t(9'Xj2 5QO  W^LFɅy7/\h{3bhXFRmh𕁥كTO W @֑dGq("0]5^Wca* ' cu9? $<7x+"^ @ RC oV-X(c\LCY!)cHҴMR&6/TWXUVU[Rucjŧ8O4C/ ?|JWQ|"N%[`@L) M>*PH٪ TƓ; @&،^)PVzR NM|BII"0Dkvw.#d`GFN/8pa$̛O+6AԺgꁰ0 ɠUWzNG-AGy2+7בY{D~IÍ){%8.+#zRD`r[J5hBI tM?e5tϜ;Zh$<|*@1r5~maj`$HHrS ̻P뷡0e6'T&`%>%o5~gN%! ˑZoM{C:t1!ƒCL쥃9xH\wEPGwӌJA0^)FӬU~ xu{B)b#:(.-j!%cj &a<ҖeMBR\)Kp'2DU3 ftw' j"jOwzpmvPaj :3g3t~߫Y%\ f)`GO,&]JZs/5|"[0{:!N=xo-ζpuRaGwdSWX:;.SE̕EljE]:XuV+-w<^%I4<8_wC$8^ƇPn8ɑ5ӼB c4O*T3Kot";ONpal!^w0 5UiPtA68B鸋]̌`wCfN9iG4G1$~W|Rcq5Q%pԳ zʒK aWX;?Hd4[H*|]VTmTVJSxHJm k#ߔt|I$1?qd̙(V!t+ b8DV$nҴn_PUq+m].ͨx~>̢VBzVhWpF"?yރͩ,4oi:1K_UK3Ve;EZ ]>E ZSA1!g\{M.M$ѳ63E6oz豍IVJu /SZ N/6$Yw #A{u+x 淿/bwcj1SΔ)0&ԡG4@ @nǧ%4EN#4 JI~zEr)Wqpr~ОQpy`OWʘf4KvA&LԹʵƌK@ }FH2#q*',327"Qh(ަ:y^p핷F׸Fr).T?!Y\ VR,~P4c=8h6Xk%ItHS쳛5Zss\94-F$vMLcB =7QR1Ih6YU*P3Ckw_jIԫkH,UyX`}mM ݗ<X4I.ЀPLHSu罴.\\;a(Tnx"IuT3* V㋯=G{,OvF <83M=> qaKpۀ~&`,u]pf;7Yټ=mx:|w@HI=OM~ȧη23k\M'K:g8Su26TEBͩ!/w9aSw:e*dO Q$Jj6DRz~LX>mS[=}%[f5!O?$GÓ+:/)$;I6hh~N.*䭠ilZ^,/qH10PtLoLx [-P(8H̽8;h2?oe_jwI,aKÀn"DMys+a o#YaU ^mtGN6E+o* 8"K7k:lK^dLG5L_n{xk)g.n[-%w)]^~(=/~k1E&&r6(bP#L t!ٱg#R]Ȳث&Rj~/ م}a(} nPXT̏Q|Iؕgg{~, +Eã0 Q[ oD{uWj`~ Ky^Gkvsr ^%qgB@╮N8sGfqx2G1q Oq+l!`Zj)PW+$\?;nhzz5VӞ2 4"(_,Air2\g% ,StQAܯh cX-g"N hwcF%zcwDq1Eԙڑ_RݳK%`^oleW\Qnxq{uz(|Lڃ^dQYFR(;ؖ/tfHEz&x<:oI,By^i/!{j$㦀i9q? ==*"#nn*@wa?`'Ո.mnܒQCRۍ˷HF~4̎^I)YJX+p|A%sw޷6^f3SE(;BjH7q8SJz|'p+2㱻YrQnKn6 tsvbkp>{5{Fb3yG h7_mi>F ]־eJc@8rts?MZem"<ڏHʷP"O T…YOZu^P}*-8B$PCKmO58ThYLq2%G E#~ `RI #YkٱÇ aYʴb@m\ `B]r +V_)'Fd &gj {|8u-8 5$]Ѽ_,u(攟*f%~+m UM?_hD𫢪6O=A|Np# 7)AaU%DǧYoɛ% :r!w.\bVwu$]槯_3j, K/9-Un?jt_J^76^rC \Z\xIA},*l_D*Y. ETT[ ~agF@lwiRCZo4[8wN leۍ;oJj3m܎ig5~h {j߇=c *p6U*invM&~eJO\k-O'X Y#x豐Yح7_ i<ҿ|/F#\Å0CɛS~ۣzFA~  dSa]׆_o&4's oJ9^:s)]k{{j&|yLUJ~rU:-uz9xRq|x;.Xs XzH"AOn9=Kķ̹z넝6u:>vhWLG8q;PiI&av`;|>bg& i+YT>o>"dIsAN}Glxu8 ;ܥ'p5,\\`n_fҕj8!j:&)-gi%a2X m[5x^hNKFahLN( *WW$P1HgbO+)d%}m5BBrJRT^poFbٝ@5)|[R雿0 L&TŤ=Ow&}x3magnFYTG3ۉW-+Bßo\Ž \ŸŸu߂V% %ƕwBf}h M:``W}SIj-qz׿(hPUfu~%DC(h@(欉Fi#%H66 gpp2Zmu QbUk-fixT]?,qE4HSs̪,:uZ𴌖A>ٸt i|>gM]%EA[+ŧv5jhzD8=9wIpԸ#Q*s jFjJS1U8gg~1v3T0{6 1^CsR Lý\?{EɓKd0btZ(Gẍ.pUVDT`"bb^1d?A=eSjg s9d,e)=o2ķwr/λqf~I'~8u-ƞ\*OH^,-hLC:Ԧ-su#/𪂃/NM؟B4q}k؈sFƘ)]+BvX>6'Tn3˭04!P9Y 䜽Tlv/#ɅFOXD,gk7v6:MYaX0qfn%QoJ[w|}J4J8&@?6 ^УKi|HPKDV/nHe$EӄдnŦ7{ݻjD DGh6Χ}I!,G78xr٫ur1(=wF&W=gbq]H2PF#={g상S[Ml$κ$Ȅ=($/ku#"SW7SFk\ƕ/ͿLR&Չ9'hdS ܚojxl!_E }0kaheG~/Sn]"& |aEaF[Qx`0"ςKlQqQ@@V` )<Ԏ1-!On"m3tEM h( &|3X7=Lռv1ߴVSHVKn OP69,&)J{`"iJZnz'DxI@[~tbWaV9ُ*č[\^s`BCZ8PX',b8fnP{Z+sI8ʶƓRnia>#1*Be=_ 0B־>A|@ v󘝮Fnd8xk$*Tb{@1bZ8sD̅PGJx|Oqj9*˿uTX7}.GT(|*ވrK1:2 æ)=f{?\8`7H<^p՞R/UnzshJ.bP8gr{嵆T#-RSL)yQ|fwϖNu:~cwZYu]Ol}dna(RY:+nQԝOeU0^nNՎV,RZrv:V oqOK{qpPdZDH~^ 1Bڥ_SD~T PѝY+w/֚>#eQ̒M?Qs/LmRȴ6oϒХ?TB1K k6cP4eRfU cC\c6;rA?"eRVi_4|vGt ܷ'W>VV,f~8,Ek02S)f}6|0=\,d)M=+;Tzb 9Dwퟡ:"pW`TPPvȞI(SD^w[ŏUyͅڐ61 [yej  gs5?nqa7/ɹ<5,w&@^h3&CBbDA {;ڛPaP;hq\4/pw{ir-\Qf_Y3(2- Pߐ̡֝5< <R+O=[nVq-gqVN|_i7&3^_r*b +!~}zC!ߑA:Ba-c+Í^xV=®\ ]_a2-3_˪LηlZ5n0p{SfGpi\HBxgv,Ro@C|Pc̦>lW[ά-2~nw,&e8& zgJ9>F sϐvU4mLS/[*F\դOXuM0[5^񣌷3%6=c2qt TNcw57qݨW_C{82Dp|JKQ'0d? to2zQWJ2 K[o|yNY| JhIvyi]<(mxlKwuә"d-Y xrRys\+P"BJZd4T Uq3Y*wZ0Bd>ڒJ#ʦeA#!)^i2?2Y@8tYÿɄp㣊f``@k?e|`mοi+}],O^N㻑?~PEbMlM,W+p7$4x'M7rżt#u7m BD%"w<ꊿ$,qAi;O-'8WfIZaБ& 0ok_D %/瞊M~ȔsNҘ)NmIBFx =iڰ^o}RQaTJl(K%xQko ,F^-*HlWcԘ/m?L:0Hq4!B-!dNB##_")P!Ӛ(]}Y `$c=Ջ DL\c<hh%#W/]zlՃk=_72 hTTsr:}}b_b.6U/T6cA)iMf뙺̆#ٰ)+](Vxd{e6SYa. 둔]8rFR@fhcUi#)/UNSߟ R$v5[­Y]ƕ L..c47_5VH9T,drg,ꥇ_dѽRM5 "G%5*YL#(=ϟu&)\i<(mQ\n%;Hmgtt~ȁaZY}Cd3_ʢvd{Rɿi`_z?x {sP|MrWx*:Y++#C) H}~K zeRZDw6Lx2wdm4^u<#c{j״ѷ6<) y5Ha_ziOv.Ņ1X.]cxvY+T||~+AUs3qiΒV|_cxՉ[ }WQ &lgFf(e؞yiBi1' Y`+o~xGWIBG{ZdD0 T7H4CjB Mc4%|_/FGnVہp}YNܑ*O#/0ͱHD@UΝ!eYL.o7 u|AY[.p[ӔQn2䊽ָ4 yJ p W?W_~Р"\l$qe? ZKSg\qT?Orqev!5 xvV}~ۅPCahjw(Fm"\R<93UG$v7|O0 m$( GkZ'@\ λh{OliE_.=x"D`=1.t |N&{#q4tQزX #w`@xQp Vlnp=".wѾz ] T Mb͒s?y,^?}ș,͈AZCuw5"˕¬YG;&Pa2aV4_Pš~͜P$q׬ 2@;Q$jub(/]vx&AXnnlnbf"N.gʸxۙKOKF┄PZRQp[Ds3*-}Vv+d )+2FS,'[-Q /d{}xi/?Vx;Awthfgk3&\7#ȹ=/qoF~/p7Z/'i/yfRn2Ρ) 5]Xb])nmK׈\%NOw)eZ!cU"9`|tE%x1e]jv4QqKVC%DVAlKx yii598!`w2/BpǀaWBUNү~DQ8nc'vB}p]~މZcEA5ڛDD5/ȳ,STM[ii߶.)gQDF+"p~q5Jɼ*ōzP(HjoA! {b`vYyWY@Z@&ibR4fBz4A3^*r Kc8巯үWfbDRA͒NK8~/b=7B5>.OkG[<ӷ-ZYmtga.j 36y= 2F HC]A{YGzWam%nBعWӏmHiD}rB7 5ł?u^Jf_czZ\ۻCm{NUӉ{4k=!L5LںAa[87]'w|\} hZ%F UܯO,`:.sKbGȽRGA2kYJ om}@p6mdK8Ѓ7ڨ5y]Q=`I&`j̀ x]&QZJ𾑦{E|#By~2 0sUO1) _oT2N~rQR#&e&g񟺼if):0= B~~P2ӯlL[$ڪ'"pP+@ש14caJLӜo >YAj'֤X0zu+Mյ! PQ83B"52ZP_{Unt~=ZAb#z B*i φ6z Xjt44Y*UF(UC4+Bֵ[,hKpbKp9Yt\Kd!I8')iJ%DV1`Ԗ~e%'+J@2+}uV[ SK}߫LꡖiGEiGCcp~6}T#ȞQ1A^:21P~V7-+kv" (EԀ x ƿ~ ā"nN;tf'Zm$T Z+/f?"0KνtIǨK$6c  dˠm'ϥE3pd9 F9DIvPyPJma?D8O68\aFr0:9\a:MŊQ *Rjfn#C:7>+|}YQ=N0!Wz> ^]͢82[P~+gc)z>M ^76L=ɖ8eJ"y~?Ѓ:mpB;S;P/f_Ł9GmU@"y6>@F-{ş,qL|ܝKbJmej~Ln&^En, ;8;t :#P^=̯Q\bW4Obv!­ަ.И7<I"SmN/"TBN^Mx#lqxI«#0ȝAI2mD{#(Ć3`s?<65;jrd4Q}L[pSAqbZlڦYnNE؈)w7%-kb>NvRJ0( -8-Qn/>“LVR̓rU#DCyJ͋BgM~C>*˖P̀ґJj ѶΨt] u{]9O+8 ktʽ1 .;ijozjhOƀBH"btl[ 7} j5ъL'7]5f ;3$oHN5XIg^>Ӵ~rӞuNe[l `<|qό@! &7Cp\M pc6)PL<9]L{5:"Xprn`ƲNZS{\!p;=to"d>3B<ٛрY$KkfJc.ِsb,³$!';ϋox`ö*S8y`DIp[^~a?l9 P'/ɶ%R1/g_4hR viWNY٥afsXl(|#Ž4ԍŻ(O(ER3>r~tu`y/V'טc\g& ԔQn,gGƌ0f7ˋGUt{$N.4aKt ;"0>1}v & P."`9=h!70ƖLa7zw!պ,I!:6bpc 67IKɷ2f̓>X;fs%sd:Ef$6ϫ3#cex[V 8yrJʌw爡(UKЖl߱2BHAla&̱H])"Öfdf`Z }q@L 6A@tsTVBC& h7.n_p/NiUmƱ;!sB`6YX|=x!Ίݬ vMF Apx Rtkg헂H)މkCe ;dlU}r3݁mM,G؎TUԸȵ*][MUc82Kq:?ˈNZpF=+ 7KPZr3C>a6-PL#ֲaHիjDC4sC֫2 v&L)N["G;KVЛ @.8ҙnN9qPd2[ZWSůfxܼg\wKoI*lژXE[?xl \w9ЌcQhA;%<It#DrKEypg5&)\ើOJRtCG񕧟{&:ZXzmSmN< .5+ o\ΑDq^ʧ$=o|nA-NsHX'\ b4(rj,bΊCwjF;m w.x|'8=L/̷SʫJe%>0e,= ޞT)N˨݊!g(;I+P\/; s#4nA%ta?߿mPbj$}tRi?SiKM7yՑ1]%~V D!1)ʈ)X&Hrg+0 u@i4z|5 8{&!(hj+^ݠq-pj?T^2ᆸS7+Tp*Ɵi/N؉ywbcA>1C)3gnP>-ulݥo@\~߭\K;pxОS:@wrRkn& *W})G?)8bܮtМ&#k?oJ`P3>8$fZdSj9q%Bo3<; II2r +V;0h1M?_S0P0/|$;& 8(@n1p'-´Zy幚%8-Iso؇t o6,m^r!/QXM;Og0a<;/4K^@'@g{Aa kP;-L,` ֬nNfʼ5GJ;'FKxQ*'Z]bh1Jr,i íC(gn0YݨV^^#LE!^>M߽٬ biDƾ:oGoIP%w=LxJcdj.yd」֦M(iƿ׽tz 7/RTL ]n. 8KPDuŭtr+ 50qoQ*|QBJ@GEm?p V);mDz oۄtEgOes1UH*6\hfg+6en??5rY1^>_v;8y81e=1@BQdqXU"4+Lv1G=O5@GB!!Q zz\biBJvƃAU5|˅i3 K,-̔T=Bv[EΆDD+bS^ts*8n)ri5 BNo9m:>cyKh˕@AL/ 1SI@މhT2\zNo*CXާUn2*Rϊq֨.l1fy$Nk|1K !1dYbc2Y$EgcRWfUjvAjS<"tÂ@sL_|P$ץvX<+ 0EkS;aݵIwq!fFLeM\{^MalmJ6X5A\ۍ.1XvMm zr3&vpQ%kG)ܑGzѓ>1$amYDwl$>f( VdN>)3{$bAaȈi|=uOBɸ1bD9auH]nq'4~o&@'3P'/ǠYeMFHz5,ҜW duم;{F'zC?@ZPtG;ه'OI Y xu|sՇ6;Qtf`0)/al7܉5k|w\zed^A%c9qwٴ df^-B9^e6 z ;Ա6J9czUo .}9;ԹR9?}C W| u1;( ^HkjW^h;=_2_rSEOI؜lIuIdҚp6 gZO;D!^89[rֈۻl]^m 憃ߴg]|,pq9Ǜ#awLZxpJJOV*fBsoTbG<تP0$ ,FWel BEACN2ѸAwEI;$"%흞X 2#!Ri]hg_sf)5k:?a03,7qgg9vA<;'pn(UNΌ0vaaCU-#鋍\O>y8?$qx9Mz h`sWTȤH)Mr~1h%65|'%ˉuU1ȐTcid8ة<KC1I3Epbu<^*va.2^ǒL2sUf;4PxOcUC0zp}W!~g<>'5~z>C ^dp K/$܆f eS3xCuDK~2wUy`>Z@Jsn+癅`dMcuCb?H>ٟY ky% XcfsN'd*iQ v~k/^Qi̳;v.I|U!:ps\dQwpeWm}(,j̵ǭ:5O*$(ʬ2@^0'ns Xfo<+_tU.pUmO4M}:323(b:nk'i4>-<8C~0'&w \ X'Ê't=#%{7C-^./$Ȉ REW;FiߐxG WH08{Wbwk9U#p"K _ԡUjOA`+;O4ԮKyLuqVa6&ydn`8l o}c )b8-l,׿(3 X`|QЯZE||(./˛2y4a< +CcW#^>}rXQ/On0خkZc p%i*i,ȁrmlD3K_y1+Myʰaf\>Ͼ4^IEe䄑 AXd$_+'qy[2d'0Y;{ƝemW7=YQ:U+ɣ%o->?b97آF?DdBG8iFr@7ߎ6?%~ QJPDzh_'$X +cr5pqYeK.SKF/6 >Q6OYŧx뤕:^w"NժII5V6+s~1p}q9@/դ M~XJDiA%1Qfpq̚j(zhPw^W*b_@h|Qg_ą_uY{J'hr@ı|­L~c(ʰ\MG^jM_ #Jkn0?+Kg }u}gߙ*wU19^IUD3y353D|m,SY9*p2DkE;44L)C.qEM#*EtS+\Ph$?_tUnF cd~=3(/ˍN,lhku/Ddra Dᆓ>v28t'‘uY.$̴Rk4˲?G懶:bt}Xr)0l8`xu'ٙ&B1$XP}LAJݦ4D`JhjϘ(7?s:_BV~Z8D$úq-V. >ײ'!&>Mked*{\O NpMg֫$cձ+D@z{^&)I#2Ы$=I;~rjWCq )- ܬ+uaJylD^hZ}AO6H_FIW?α>Sٯ^2t`c2`Q?("e{Pzdqf4pAdBN/h:5dAEqa(7UJ7+9S!,QhΆ^- =X ;E 7N¡\P='2K^j{>^?ZRzZ;ȹ V?UK-aI:!jM8bu|Q/k* @%hLv҂ BÅG(6[eV-kWƢcЇGJG]%@oõpDRFa/&$}w|tI&q,9w]; s|JZ6f=GGJuB,p,X+9Nf_Acn JrZdK1E^.ԯD1 M3:Jpx>|Ȇ#iӕ5 0^[u('m,M.ajokxSmYe~ 5yX1g7W#4sn Cz.zՐ3}Z5gk+J;UbafNIZ'v ~͠PmudhOt3c!Mg; D$vd =O-'VAQ}P^jv6eYCX#. "Y)JqӳO%do + =S;bR,R z3J LClN$Cs>_\]@_|ZÍOwaPRsݒؙdENe⌷}%S 5,Fwf䌩r|bd NAnÙl^\0:0'OlD_HyX^2a {h_9 *.6 .D^2%vN(\S8Q-:|\,+ Li`$EWo2pmm~S6ʦ-&yS>Fc\ V9'x~61R;vgILye2)EglQ7)sG72dVA7<И`@S=7ve߹l<;U| ?:NSSBvD5gfBX}MXyd!D!1U/xUl!f,@ F~,]ڛsq(9U*/ |G9*[p X J{`O_yg ؈}( ertLR^mS;E݈LO,#9Yg]PBm#ʻ`@gL.-vHqS!'C :_aX@ sԯXѵ(ϒGDvFd]дVCJWҙ2NLΧw 7{A6zR681.}Mxd}VJZ"A909 $HYK_BsvۃD"'p탋Y#G'0 }e-Cs"m~ǀsU`/:%l%.a̼~;q+`pDRO|\^F)a/kl}B$hѡ_ő51$X1N_9 'jw ^ ĹCk d:dd"z@kKzpyڑ,H]D]ifI8 "#E<@8Q=)r҇mV.pO{5l^ص#F[zZziOÄAh.IK/Al+Yxf Lk߃oSy+D'B-XG J?3 7juY.!"(H?{̜m|>8b ~f]31i!m OEew?Yt[Dz%&yA>S'IB6T#j~2"|2dvؤ)'Ĩ ]#C^~/ȴsm=9F4~$Ihg8BGb5(46 72hY2hLDUKT?CcJBl(E;seoHwyz礲hȡyR9֏ڈ|znMx{9fRt=lQwV{i񺱿om^ee:εydw{S xz[$o|=z Kyӽk(-3xLQvc~0zF_:^Gztʪ]M?弼r/L!woI=_xڿWal5[:?JSXvs)6~K3bog"5R >=N?ҤM_Ŀ+zUnJ{o >>˕lI"Z= |,tnX)HtʃF-syޟdCΰSf%>끠W~"HL|1<hc@ecO?_01Z4AJ  tg8v٦v #sHT4>F.2>’N'SfsIp=EDldQu5>te/yɋ>Z{oh^lCPLoө< h!n(iA3H~q y mqG^%! FU@񧕱䈅"n ȏId0k-w~47#!kdHH];yjځ15[5b)Z[ױL%2U$B ݙY˃r0ICw[/jB qUsY"!I+F!HID#l!PR" Z dk"d#Fd@) Uu!YU˰耏lk ~ EVCqMSRQ)*BWS\ Hh P7/FȰ XI"E4' gYV@?$|_z[dRQ$H5abzي_a_u^ Mu+Q]VO k~֙ZC܉A*7N$C=/17??x[[𑫈f:]Q>s?Sw˛lxXۚ㡇{NM|sKHg>j 3)i1qtӿχY{/-zGo_31f~Koyߧcs{9?OE~Ֆg%,=_d)5:[9Yrm]h~.VcC ֡+麵SO\ǘwu3G6>uOw7:_9U<)|ݎoͰyogqbO5D'nTi zCGʿ5Cf;k,cr"Y4: %A< xh$H`'A#\>LSM,C?i$>ӀsED;hiy}&W2b~mSyMz/ H0cXRF{)k('^Ś:|gf)t hew\U@PҀwAˉt""bfjtgr2F6"+}I F >x`;5BVB Խ$+m/ $7y9v~KVjF V#fQ;Cv"Qz H ]"1SPQChsZJ/+C*"h>_ @^I РwR]dM<]aÀ`{`]H!Ro+9io?v ϯ[@gVn"jj j@xNڇS<݃~P]h||CW\M@>E<@l Hmbp0 $spD 75M4MiQgUh 6MRC49䢛ts'|,7A -% 36GmxA T (B$gb7'6Pgp L609yyoB= L q=C`Iۘy|Vb䷅(-JdJRG1Z:r MJ|MLABF0as8Q,=C"\ AP @nS@G0> d_mcP/QڇTW{^'lynϕh?#rlfv(v^7yjͬwѬ1*m-,P$ v講`e[ZҵQڧ# QVm[ijUKKie|hwliKm7U{/oBama@P9DTHL``@ǁѝ)=bޣNؓ蠮rh"")n$wF=H]nN.9Tb&PMDAp[SJT=+bi⫳1A(}.g1潝U߫}ANr " KVDOНރ]=_^}?/_.swN}/ewMqC91OƵu " " 0Q D}]+dD U**5AUErDUnةU-Q/yآ UTTx8U9:SO1$ Ċ*H*"(E ȥbQ- T7ʎE" ( ۀg%كD40Ao"<wr* ߤfZDւQ~B#4O9MM=m['w#ߓs:w>>ZEi=Ѣ"_:|T?ЊWj"oQ~*Ȩu"%'$Q^Q䉣zND7bP~NMx"gDi:LP>"&]<қPs@Dĥ-/bkcRǸCV$F{5WJ+ ɒO3jy; `πZIްx WʵvPفFJacU X ,,5HeRikjf[O!a*O:*1c*(Lxy 698hqCߦ5b#M/E )b"뢋D@[X~bZVj(cda@ (#QUb,F(#b*b,UT@VDcIdhƃ+@P Л0;t^W?2cD6"\4ALxE׀m0&(zw4Nk10pfᵈ]t @BB$`{LDA`ODM΀;qq*eAӊ rH~x|g/R 2|h 9xpV~(=ƃj(`L()hlJIdnÃ{S`/i@ 6(AM zpQg}i|(8(=ե` PjZ ) ,DžmJm~%ܡgs5*adjfe1ake飞ڛșZu TPQC ?J/d"N4Evw{,OY5|KOv^;Y@?Id@ rbD&<@Lar $(w {,Or ju DTR(("ĉvd" "$Dv`C 9 ¶bzqM8P&솵rSҝ } kgS|݈bѤ! =DT@/ f nmPW48 rtQ܆PA!MГTxX QH),$^Dz3_5 MlV9AوqG91^`L0͛SuvijVQ*(E U.|n3=A Q*lq,Ca%s?ѭ]`T^\dݚ6:v(U-S@UDQDDUUPRڎ5<%JX\EE&q= Ծt/@ !Ԋ7@& C`}^f0J$Nx.@Mnv)݃Oi*C '@@VenR[ҾڼPxd#"TDEEF1Xwmy8-6=aN X?~)U33?l7\0Q 22EX+2( V2 ɥV,R Ѡ׏[wt;ٲ{nBw(HS"bŀ1!Bȥf P/jrOH8T!2`~#$'{<lRbݟ/l}C },E@u>WN1R5Kx86r0֐&Av%5qixD3!=mo)ܡ+CZ(bOd,;~E;kӲED Sv(0>%ԃ,6jQAAAV,TTV1eٓV((Q" (*E"($Ē)ʂƈ ۤ@[x2iSGrkjJ$$2;)"Dos&1^:Q,(rn> ]ڃш ׉LkƢPzcb1Y0Oj^):Z7f7 uLBbjbVʋZJX҃mD+ 1ZTBmdAKekF4mJbk"bQDj"2, ´dmJ"ZbE* i|fwnU$@QB:2&po,?Dߓ0&'ذ:a*N =ISfce]+ִ@1FC, @e&]ab8ل3Fʂ +1 )K-a|nWW~G*)Vui$/'w`"1bbxUbV 5AF"aPE}MzqNlJE;bhչALq4jVyi }W-^)w75᫊k1F*Ecr'gkSJ >P /*bc?߮Q45] HqI $2$HR,DXI b"H:9QM@~\:<6݀1oX+"` HǾg=LHU:x`ЯƜ))v߃jEJU" \sjR}`jaiM*X@>U\j$ FoڢiXЕR'6Xi*ɉ½R b;m,+B":{hI3'N -jP01?z mF_LQFI+ ;c!Qn=QgѰh=-Y]Z]j/H*qqЕJC&zTEيi^={q)No}Huw/󋼣D9aXARMq֏ ?߀{xw?[Eԋ{ktN w_FoU7Rl+k꧞?Yt@qT}788tȡP_qʭM@X 2V 4hODf\owTEAQQV*""vDXI!]\Z9w[ <bHEA`A)mF 0X("EXV$P'-g9Epߗc|N,#KVXJ>M.RҤPEvj.RfDQboDܥn+rg4QMG/)ʬ7||":J"#`+-45(S^%:ypývf 8gRçB@4!`1g  ""B X)$QH*(,PY@ NǛqx0EE᤬E^۷N\pSkn*dtb~mBUT1F1WEQOch)E"I!z`ŹpnP2ϡp hcbL2XjSD)XdU|=g4%iVMPjRW b(,PDX`* DUEQ@;5m?L>V&G AX1Q)XcDiP,sRbADBnK饂,E5{DLQE"  XTI&oz(;|4*"kCA$JgOՂmj]wuW::$?v@iUP,EmŋX,U$uy*ie*XFYVE-ATSgyXxoGfZS@FE" $QQYDEV" +b "1A1UI `,QDTX"U** F " AF,Db" dU#(0E,Xb")YT yGm* uo"ofxޥ69qvw\Ԁ^V6ED" PC7 RE1a,PPREUY Yőd)k",OkW'_̤8l0z5cٷ$WKSgnٴ`l6 Qa-Jb$mlJ2+hThQB԰ҢKT PR4j"+JDmmD*VR )mj ԊV[lEjTmhPF( QmQ]ajea,sE^q!$Y+}R0EQOps O k_XtdNIS5ɰ7.K.Uk dbssI6u QQUUFnɌ|k[E#"N8RPq5ϽsQ,Ȩ&,fcyB>ReWB{|f_I >Ձ}k>͡DQE"UbV *@'2$N OG$ j}MB]KFJ$rّ+2Y\\xFH( M2@FoEFVؚ hŒl T`Q 9sUiQfN]4uUU"ِ Ŋ,Y=>gcGI CIGtq!,+5Ӫ&AFR='%Ep1уFPoxӉu"o2V]l{{շ[e5:1 dړ" Sy9Qj)R&3. ^Fhkgib(nw ~mJrBPUk뉋ja~Z?@ :$ "qI䇄 0͝!JTm>=s40\yJXDV*$,F@%hG2p3ᑑT^Dl1TQHPEwrx[%HRNwy@_R:kAutgO %1b'6];=V3OKn_d?"hqͲID &ٸmӷ9((*PEEI8"$D'uv ^O'9}Ee&Mf K?ǰ<4 yeID0ĀjuA 5*->6TPcL{&՛\m_Uqzl/KZ\~юwj6GO;'};=.N[[Gu?g+~~=ϻq^y}}_OM]{gf[bm5H<ﮧlI {OGX.c~,wb;I w:IkϾ.8>yT?wW 5dR1F(EU+QDQ<ïwMx94@` A$Pb _'o5vv' ^9"%,'+ŝ^''{d*YETAUQ+z Xbx<4ADUE;}(C[ DE˼} a@3@}Db" M~_/=t@6E@EDH(x1TGe 5'͉h oH TT!D1͕=ʉ頨^fJQ0SAGDUE+f#buA$1tp4PêB1aJB,!bs?T$@֬{WsC[>,#C0Š\KCrfhçTP"!_=zO= ʨ1[1 ȌhTD )NT=U|"nX{x($ (!f"(f#5 [}ȻKH*xxfb7DF xTC g`eE41u nD`;|JQSODԂZ8E& ㊢hAw2Jd)0AU$P\xo`G@onAAފU^ZVv+$X;AHyy]@B|``;bDE(UDш @ tFPE;d4`!A?#Ś>B3T%PUL0Pֈ &)AKCs9@BD>DBASS DDS7"A* `%gU5},|*q*@1Q\* "9'@"fv)h "+#9"" \,#"9 \Dv)vEȥOp{ےfrPCRj  &IH22Ok+D?3uBE pTCT *A|TDF e/D<5n~:ƻ@Tf/펚Nh܊SʠP Mlk ϟw5MBt*2 %/aA};pE!ICT80(mBD5Qpbifx$ 2(b )P6Ԉ (2=N8wOOKCD ^r rU5T"!<B,zn~"W}t 5 *ϱH&&b imD[J){k {6:O}߀vb!% DY-Ey(h!u:'Y0a=q`Q(̊~@5dI4`&20HE@*=[">)?F81] U^ }ۀ & PtAO{z-&ɺq<΂B9eTAdD<(Oiw ~/xɭriWHЌ#Ώ'.TRM7HDG/sv:.s@\ rvPtS m# 09x\\ˠKd0tE8Ң>Z8w+[.Ulqʇ;?3Ӿ'=1:|-/1~w %rnNBSn" EGUQ{?ťG]XI$/B! 88C vk*_ƒh&9>2A2`%K 9NWpBUZIM3v/frc+!4Nn wRC)&xMuU=UHrn^L17X:CI LxD@"( Hva_5]$z DKU> "TAJӧ/MC]jN#r25$!T ZgޣQ /O|67 y T'a]=/+p~OI'ɃneiԪjR4oSxտ#wS󟠈CUP5DH0XI btD(ckή4 +4հL*.%S&e҄pp,*X"+b")cm> /ϱO1|5իֺ)qQ79GKb8g}L>7/?n= oc;τi|s~͔LTi׈Y-"qjMv{ƕ^$/as@@߲w$W !Z>fOK*sDjnua9?w!+ 2k&,_ ,t5i!$& G];RrvW@`_2e"힂c sG$EFj|euK %I%i9 ւ_9g0uj&tPapaM|nbdz4[7ԩCeP 9e,zIjڣEO2Kg[uoBi} Eov57>Jpճttg}C6׾=?W%\)\xtJƞ,b zI܃(PDeNi*EMtH4$^'qmewFvxA:e$eYYh6iCM*JJhAq*0XVF o=# >YV,p81yBQY TG.4Hp8Xp:9PHޠ43AY=ѐg*H9.|`\. U$cϝs%)~4~d؎tn^_h-&%|'>J1뢤GtS,8*1̴1㕎41Y E`)(&B/ǰkL, Q yI ކUSE}IDp$gL,+Nk/3ј46- }7|cyI]}[=^A @D2P*>Zhާ=1fi=f"oQQYuy5 jkryשj]ẁ7p3=;z)MlhQXK&S/?5^ P"-@ !nFI:qAZZBwe0=f59 f1# !8K?|O.WͶBQSE%@a.bT#U҇&fmEn<2lLP3A G"ڙW]K_{/WLYqfIo<)^]gP`Xzb($QV!X}?ff=GW6ݻ" c!V 4CdB^fpk וٛlEP*r @Rc˟N^Lѓ1ģHI1%^ j_*e5q0碻x0ފB +@c;m\QYOFkE%B+f7$FNpLpF6k9Lx߮ߢGgG_^W?UDJXP~So{T Z*#- Ez2_mg8- oSIn_m~ zt^: EA.^ſ5#:<R B"A1ʀyPsU7x~mV̷69Jڥڬ2<*fT*'J*{?OۖG5Ә>C1u-XE;#00x " eCf$J*>J%mminG `cf8r?^OaLWgE꽌ݛEEVc^ jI2jG_ x0ʈP`9_|^%/73NvZ[ 6cN'z4uImS(y۲x4޽|NsvхGeL+zr1@A"̒$Q$Ј1'J=?!"IH4.vNO4v(I "P8G_!SG҅?9wƴ?^ G;Q0v3y[GZ-jhњWHh4ji4/x!! H|Q'b"D`/^T vK X}S7 ;?|,,_X})|#"AĂxV DEL%Y6ʀógT 5%N&>vq4=eR =cyDOtfXflaZϢռ""3ro2C̕RiAZ! yXjYڊ%R Jb>Ln:)DB"+~,15oN՜ÛeCbBPiA?әrɗ|IZw:4g(_s-v;CVO pZc_nd[a1 ĤkGwx 5p6z~R%T]s7Otbl4Fl `)p⩚Pe*Qu`80k ;pa6arzI+|LYAJ3Lye͗{ލ)pH"G(9Vb X9N4|>^+'^i3yv|Uۍ9wɛypu~LG(H˖r7T4|OE!U?C+?R8z,.kLr;UC0SKZYe`ڥ&_0'" t)*F#htxdiD[{m:ZݭsTJRz2C -`A$T`+.<=͓H/E 7.gg54mwRꌾE B/8ݣ=J"O<b sMghja 56$;Ϣ:MѴ A|o9'P\0؛ =EIB :.< ÎQJkwۄƈcIaP;6Y*x$6(>j o3u(0ăk*㖣֪o#U5ìoU>}G%aQlk&pDSLI k& 7d̷+JzOt¼-X{M1>G4}E94ɺr8Tj/^^sEx*Ikv`PUI,!FFԀcw-u(|;omB)6 .~k'-}{gݩOX7T3g+_|נؽvG_ް,ÞvkeoW?ѐLˁK!Ck=QC ` )x7!oca:4[+[[gR>Bbu reȋ3pmvڧƾ&N.%ɟNš>.i#,^H' Qҗ5(.e]L(wMV\v$ :}dἏ].fH8]#Ơ4b zRu_7v8Y$_ Tn$ $flh¶ʝFY*q,J-2i%K:cA1Ԧ'Yꕭ5UwH:%D>NWЫoxZ[Uo4ubunͯu[(/,L,3n5°K_c*q$[ٰݐx=゗y-/3qic8:od@"Z;.T~}k~/2A1$d)w4,znZbGnѭk`ɝb`ZRRka)!dwiQǢҵH[۽KKv]bNMYUX5O^/(H%b~90d3ګJjd-ԜT-u3)5&[ 9MS+DET ,AE"1 (OrʂR@% b@E %h"(Ă *APdTE`S*,rR1I dUhx^v4nB`ˎG$EJ!p^j÷6`D$&T*H#tͽ bb Ѻ4 hClb$`PAT) $RE, !@G]7ٕ*nWEb F(ERjM`,  @Y"E"!FHd" H(, ,E " 1A B'N " `bU.쐕PR.20HQ$E1Q*-Y)DEkXlcX @$5ʠH%Q)!0rɉu8y|5:9%P # Iti=}6ba[i#Yu"qS8yLb]Y, 'rj&lHi] ʢWfiI ], pBUK6Ydqc esl%RSTɻ[^!5R_seh%xu0GJbXdj5qN^[38Vɔ,޼IzqIbX:&H(0ٙWrR,^epEkhmT:;&]g\*wAvJ=Z Mg}73fB`S6TP_yTjf}بj /)E76&74QШQha` G[9l`dS)M6AX/%N&.Yv`RJXpC0 ].B ][AjZT&E9CNү` ,rͣ&:'@@. N b1Zh&a,Y \ w7mF/8mmjcTY/T BLM"!@EHvT-߅! BU^qDrٴ ӱhtk`@vtޘ9we_FW㭫\)2o=U605U$ 3QM^?֢ ātJ9[w-˅$Xlh2B3_aNL8 :"yVEfzY΢$X"8p=Jy2K(kew.Mgg͔(#c{;(6Cȁ蘇X@. ,Ҽ)/`C\Qi;w(}!)\n(3ފ8Qkwńxh4l嘰0jJdr \0D@'Ep$_AfJ@DIBqLfyr; zz!4JTpjԜljl(ֺKf)a , `(31n) $htACh$P0Vt1B,N,ZBx &}_1bUBHC o9{UL($HA$3 Ãg< ݘ֞A (ݼM+: ai2D(%E;@-|ulzBJ@T@- &~;`vTF,$\d]D%ab蔭g*7pFAXDuY1MY#rM2IIJzuZ*`?\9AWa o і3~_A y!w<6M^:,:HcPߙ2nir Ǐv/l5u/l7Aw>7-gN I5r`hhūص>9#1J 8}s}\;/HHpV82 ŢޟpV g}yy`{&bӥZto#|p;"T"JT@6v'>Yz;yz;9\.(ʣ&3IG 5NGJ 4!ȪN{AP=ϓGx[U|I4z7""zPpldbjI''0 K*Vb Y,牚 '8mjDD@fU(${pw!m{a|}_uT"3SM;Yv"z+pG ]eiL͔Ma< B3Vܻuq/ߒsgo;92H'?g ga/9mx {R ~!ErQNq 'tB^i(b})8WVs|Ҥzj9[w-v_.,$>^pƫe`D!$A`H?}eNmc!EEd>$  0d;뉱}=fQ} pF~"E{ny1 (HN'[2G~A&#DFj8;` pE٦XwHѲZc(~aΝsm7)&pz_u>.2&ľv!U/0P(JG\y7d8o:RLk/1-a:3O1e4e|w*3S'IuU!@rpHAȐBn(`rys1+`Y LXAu$:pʝM+9 i)SɎI~sY˿SS ʍKu.)xR1O?+8tP͙ G'JnfPyڥZ+TO? \;ym$N^lyNOqǐ;n!S*=.K^{]V'B[؂tZ -kAh)_.<~ryj[:'ze$켭0-twD  z^o1kAhTy nz^/L=}eB}$s^h"Ŀ{qYfΝjy QunP*3˨0|r|"y#x|Zu=>~^j±d ^`6p:Nʑ;4|+3[;\[lz}z8.A6migC&=I ձ9aOiDEjBrh##f=+Qmq܆;&V t>nFx\9"u f<-,A^ 5rϹN'|恪͹ °?jP̆N3t\ tXo).Z{ȁ,6tP4kz\r0. w%\V:.ǝ~n]vSxO{w~ x\BBJ\1GW1>wtev8O`<C$gkBZq{.0j¦58n6ṦՆ44g9h{ꎋ,A2fx/sరE{f' oN%r9 rYOԩ)Dܟfg5=$.h^:dԁ$ۑI6JE4~'GhfKw\kTQX-e:#OZ#G00LJj)ədm1JM[+X9[²)b:zɞZȰWخnχo+>4tǮw~'f5RJ`"UHQy6ywV͏yF_1(3E%ԬAΤlqlmD x@yUiLc4$()"4f̫n>P"$O/Y{RgCAG!夿knSNcd[*Y83vtzXVQ"]F<eyt K(R%pfk˟ε0hdęl9WJ@4g]x#6l 6h3(%B R[S*lcR"\pC1JR48}n/:`MMHfVfVJؔm\fUTlz6fe9i[|o;N8EAqהjst>n];n䟂,ZwŜ'~w\ :hHۖo;&|ѵ][o/{zciב+坙>܃H0A]+(~9NaƸWJk{ ?@mr Qt qgTX=fi(9ŦC* &YGu,ūNe3^.Xu|5s]R܌DLֳg-ۼ~v۰^H*|CbFC?fG~7@ȃR8d2U`0SL@Y[DBӄ&c*Fa>nL Hݤcp\z?" !q#;M+bp?Ox^ )s!j -63[i|lD`KAc_"8Dw>VO'oE?k{cg꫟e)j>F'߽Su:2>熳IձWgSka>ëX pa6o8pw,Yy h_G?r@آ{0كI]XU%~o3~yz||[xu=I}z7LEO!$ $$#! Db?•`@$UPbn;𼭏k;KuwǺ~mW<;1}ߓ4&~O/w;_Qo ^~GƗVC` < F!Uu!Z&H)o}*HNqSv]IJ=,g{qHo.3ܵN5˞SN0 5^,9y dyrE*זoTn2Ga/ ggBκ:~|@YD=+55))3Rt""}RyYIo]+[{I %Ew9aO~Ǝrp1Pgb# "P@PwZ z ( 2 `(8QK3-RpT1Q+*]oqg׬"{1[hݜ JA@G x(zgS=sT)>eFv{k9rUG&jffjכOD.UEP1DmF%z_GR9f4Dt\A߲r1j;? aE4pU<qC, )@Ḁ>GcB!A)f }PDP;Yʦ HX4T D*Rq|.ڥDt?8KFP*q<͞.#sZ?B">zʐઈV\y=€oj߸5q>/ǿyG9Nws2SL|.k;wN?CG -}^Y便Gulq׼nO`&yI-TSw}{ςUm?ǦMC|57Xz{Yq1/SݪOO}ͷo? ySrn$}ġwsjdd=< c; l@EfD Cɼ|h9RojZoR׹/Ԭ# 3?% ܲ0ww2|G2]BLǓ-K‡$g 8o>㰈}ۦ,4kc*0$3J59E'![FoyoVPtD@_XĦfu:w;eqVP5)fQeE)hTm)h*ʐ̙5`Ҡ,cM\mSfֻic9kNvpGpWAqK8ulD{!U$M]Y(] NjMk/fK+tw-4ThQEkSVUEE4ѺOPk]eL|hCOvjAFAR F+d+䤢Ҏ*ԤHl%(%-fUO9(o\TAޔjJigE(x+qt_>ݧ]%PQs匑6zA)/2JC_z~Xk#' 7ϸE12Ͷ evQM-ؑw[%óvX7+˅[ ֦i1!A`**X~jul<*8JuD-ڔz#oCrH,;(9UʑjVc 9vTەn@];HJ$<$bߝH%Q& QK,W*DVñ&Eۖ,C}&׮P)7&9\O|Ҥ*6EƦخ*aݵb*dJl:d劗ݪ3Hj,_L9dWiF ;-A yNyHLמD lAz4SI 6imNOLqF\/R7)!6Ī )'2Wd4۳dz.z5_+4\򾢖۴LJpNDۊTtq;(wJC[r kx\_K+)"x5eտOr 7daE<*'@3z+O\-F䁎- ;/zވnM&ҔLz.ɅՁyYuvfEԱF]舕.[BB枻ݿ+x*spy|ִLJ A*ddf˻*0$m|̉Eǹ@HŦ)H%| Qu:뺙Jt1mf3x.vs䦠 '?u*U.-g⑀<`GY *nZ+0gnQ}s3W7Β8jn.OyXI`+vVg>!Zqz3?Oxǡƅ7rW}ɩ bP`7C) "*#*G_K]5S-CR&m H"yDK0 ŀwDSUj <|;8 )ED$Cg9H@E70P 6QTDUEMW@w1Kpw-EQı *5@>O IL =,[0K~?Do5 -seh8tϿ]ޠa1߭kq8?R>ϳu== I?k=zTn;O QCee;g;L.3#eS{c۽J59->u"m }^z#v6^i)t157߯7x_$o #iUrıA*K_JT jY~9#c2~?$;0E7l_v,1J`?n. rg_Q(WU*.~ _ظ7`"ӿ̟ȷ̅h  ݏX~eROEK Rǹ9aLgIWbjs$D2 En$Ԥ*SZ' n$Ԩ딘MSQҫ/hVJLnQngUjMdlI`:lڂq-r݊n#(t?WZy\pWN^"c`,Q?-[M9&Htި5nAb,VZlr"9=Q0]Ȭ=~'NN8Vjޅ"junS+ANTR*pA {#"yE&z"`P u  0|usa0`#980"(j b)ؔ{X)t@{ȥҁb"ށ\1StSuQTy6AE$_k@_zn^$`._ª#($ş:ĚY;zᙎMYvܗRV܄(׋DXdz[8׷aNcWGeRf~gAKw9 ͗wuo/:|j@*EOWr꩒Pz3NTY \M[`9HG/&lՒJR]y&sL^>+ϰ OސhH41|K6mQ\Zxx+$H:\Xqku_pWBݿ]%8?d$OAڜFv@usH6St$U1B! Lr99rlfs={U6۾n9日\WDW q'E.241^K53e_vMNk:IfaEC1^isԾDs_wδbO}_v9~ 8`-Ǝ.T{˃gs? ~#} caQ1K(f)@rx3fև?S ) 7}\# cc 919>U :ξ3sX6MnOV~q@s^HBԖhsohEBnr(8P2HN͋ <=|y~]fmPFď!dPvHd_÷zV-P #3?'Bb3WnݯsIyNČT*LC=ڜӠA08H8 ={8q7G:82[afcQ׻2 %I2pښ^mL%Q0J4%ͫ8y0wc 25[CK@ =]jj;@OJWPA='AEs_# }dfkh:񯖅C(ki\nEèx]{6v!=e9ƥ:Ӏgb'}ɟf1tGyv?:|@Asi@ϢA+f. ذ!?by2ѦP .YNDe hNcR{S$ݦ#+wy烈݇|s::-sbw?]Se_`_B|]-eLs݆#~G^[0OO}m}fDnOm؆<]GuwUMjr{,g.Y |ۃkey{)@hcֈ)A}bK'CvfنZ9ha+lLUo3ϣ8Qd9qU_O6ۡC,z끋!dVRK˹q8(suPJگU+[v6q6UQ.*$5yk_.oe}wUsT^F45ƫ|e eKg{F%* 9=-˖- oJZvCy /m~v-X-'zTwtBUcyA@p"=ƕ[TL5@D1f4S¨(hp}dD4R 3hFʈWF Hށz:Wl" ]DS?/GC-GJM]+\U}"sq}v >TE~gAEiQ3g6+\Zdkzƍ;Xo>$c t):qʈ5|)bq?{~풽rz%^_Nipt%2ڿP}՝Rfu=1E#i><O%Nb| z$"p$ +IS7V5ZPu%6EI :H+ҧa?U}R輭ni&Y)}; "# 3!$"2bTIx2ҟ*ߝ3N.HP?V4?+TΈVo}rhw Z1TH2XKSRzN&E|?r*qHZD6p9$!Rb"| S~i=ȓCPXDddbŊT밠2+Sv% 칵?iUF=twpH/*/~N1.2$uiVW%+_τ7wuZt.Xq9ѕYdBX}V+soEh|wx^Ky?+R?.?h~=ۛლW)Gz4,L}È@Pc}dG+hTX]4U_ME^ưXPUR* V#X*EUQAM5DPTAV,4X̡1s@Lkú?6\yxHiZgp\vH>'5><݌?b[1D`"ȰǤb"ETTb V~ EV"#Qi *1*0AQXJ vu0BҘXoL`mơ")fPCIJaJ+#6Ƣt\Ҥ̌/c9ZdFqҚ-=?(;vCbz/ՉVOH!7?ێyO1LSj|`뱁~CΫ_7Z3`^509/q؟O'#h;O$!""n (=XR[ P\: qnCYxT^B" J((`" sy2D2 PPQ AkT pEGw)>AU:8r0D1']/&qL3yئmAAMD{SOսW]o>M`HA_s=]0eM|%E]}]O`zQpA<e|i_"/}ŭE 1aumd?mv7}Џv~=c,usb*8қ̜GcrXfލuqڐ0L|qVK_ٍ<+W?j'49m} }?oEQ2D ʯT=Y2L4dſvś,RB݂65<~~5P2 ox4p~46pwh`}}q~R|asjni`? 6ADm9(lO>듰xAD`D4{PAÀb1Q #DD,DPd=dR"Tqr[T4" H({ppkeOQ^rtt }X:O yW?-?ZjO_8_bx^eѬ-39I)7__[tƊy/_7P9:UpF@ɔV{;kC`wd==qưGk#%aZkr\oJjC9♸BYQLZ.%YytIYxL*B"}ϝ5) *?1zvίg=(  eSW1̈́lϥE;-F{.GFk`]d]ۈճxzW<[\- AN,6}Űo|FNGݾEpL e>"挍G PM" oٵ)/E(\{6'0_rϳ_`{$@&nID)a1tU`k&EiQMRWQ@A*MY'*3ܡ"WF)%p &%*ߙj@X0R!P80.*Z=%<_rfzjsSg#~l3_`26q*0ۼilaPc-)ϸ)_OP';I:Kv_#_x>"JQqqNt0v?׳Lh&=?FMnrX_߇ i׊UE8e{Ӽ}8{)<%eڈW3Ĥx8agLl~ɧχQ @d  X$U$7^pGBHHc> gzA'h[P=yZ9Aig9Ϣ Gnvȥ ;`KMpLnD$BB,Y$#xh:'x No7ټQC@eK(=@^0_s+SA N>+Hm d!ViէiwS\D oGk^^R?M~7R.p&<)L7Ȁ=mB{\]Q|u?% `5ƋM6y KCx7/{UFHW]̇~%-]rmuo{zןܔyb2-1[-yߟq,7_G)o_Rkat5M5r^JL}6oflUR] Ey8춣 9cCAYi ]0acpׅ _cџjEd;x?\a1~Ik[E֯Hy Mg/TOVݣr溞~Ue[qsvVw}TYW޾fƧ *t¬/ls!?0iХ@s.PԨf@?' ~>;Ty PblP V.@b^Iqw!xXفk[RD, eQE~z%P}$G/b2\tp A+Qd粠*lAA.D}LA_Dɂgzi"){ 0~ϺW;{ɿIzޏ|0-Sz،NǏ״ܱóՊ[:^o*}Vebcm;>uSp05smv,zZ\'}޷uk}:N'sG׶ϟ6z{w$?A0~@ Fh39^R }ȞZ ()M?z-G<~$KȨQ^~z( 'UoAUD~׭u?Ҫqvf7~\D 4E{w=Go>>sOtۣ1 Uo|(r\<}iCYrHBct' .g=y7Lnt7 Z.e(tQbwJkSF p_/#``@@*{MZ4k(0lh6@Ӛy7v P*SI!P!Y*,HAaE? T|| q@dd ) Ќ [չ幫9A^H}p8(8Ĉ !l5 ) r˹!,"#E "!"!ȃX+"AHAb T3ׂ#\Eǘi5!4C׹;&̔gl:gBn$3CJ:縀}Iz]6~ rw'q"w[?灕%1A@J"ݬ=:Ɣ/'릁2Î*\\9rGTTITR]y?Ͽe|Y9u$z廄dePrg/L:ǭ>8a61us_Թ:ׇ~TBC*T%AK_E2yмXe7&?x:_6.8C0wVVoAg2I0" SgмwUܙ|sF:VӖc>G;,EtW$ݟ1{ۙaH@ȟhHt'W7iGƻַQC:8$tre)tKpLθO-dK;4od7/ ;=POno k?HlŒsr,M g Yo.Ɖzּ̙ȫH&˛KSfvO[* > Py}3 BPSUeid S:p{7w=gVKGMjߑiӦ9i&R]Hq]c//g.]#>nƯ+ʙN/9$KOͱAQlAr<\Гw}X[X&r3xS58C#$vtAJͭҘ\ $#:ƋPol>=j%cf}cw3# (}zZڀ_@wSI_NH< B"d3m(J2s+)y@ۺk#g ӐGʿfd`R_2 $Ix,hv1&nU84xW4Qe*?#VwCBb[g'gƷ=fw7בrNϠ,tkk˶^Ulֺ;` >"Y (ǂaǵIԸOX՗밸f_$Gނ?t ߵ!UH'puaaY{l^DK+aMy#|H$eEϽY;P;{V-롬)ƗϤ2,'ҕ"!~^$$UK|K$t1yvܻ(spPF`9̡pط;vBHfbAߦ 4n-6o5+ *J!?b=A]ofw_s/ԣr?4sKUJ-,ʐ̮_`isI:E:FKL3%ܾ\\ {h'FsQ|5>^$:祙kN`Ěk޶O"*a? Aerټ`Ӻ>|ۻ;=L^Fc^`cL9ጒ$.zc=c! ( (⢠IdVl](B,(ATWn-8iw3WasPJ0]B0lc|~€ :twf͡[%8׷.pA}?H]Mj۫ CA/1xnu\߉_ۦZs)zrM) $؈$ΥNh0;=ׅyn:~{8R93:~e=&qzî ?2'\cے˿=U_Pcr%nQ,Z^gYZ;_\iNݟtuZ.y!V А6-I0a82%KgM̿8`vM$sM<0<[N^PVT Hq t^='e3Lq2?c_p3ϖnH@ (d(ٕ2KL0J \ӢʠbQLt'=F_)Rs"䔙Ml:&+F~Dm-EDzHnr5)bKr1͗Vcb!&q޾]% %즟mQM4Q2׽٩Kދe@|}9իae7nM|V/0A#Vy+9s S._D9 uen+1N[yˤU*ӯ]Z₅=W>`/J_#PIsu 39c͌$vs#ׅԷ+I{8Ѽ(:4f[F'治f6?=vTMik>@5?ipJ;Gq>F\j0 {L=_+Υ 2r P#6pˮHmC4t R @3 k`zQ}EǮ |_Ai R\EX L˼UEOiUkPBP9σl m"FS?DH9"S@n@A@sK2 $$@WY(2?GG:8E k)hkb )@@ğvj hvb?vz@=E[F/ '_u-A~b}yzk70Gysˣdpr#Kid_[~b]aD*>v"R}nO}DzkW80tF'3a|.8Kp=-DKؿn :4}-; @ (\v~gQE2C ;ɫi55 OTSS7#sv4@~V(^Dw5LŢAQLT?"@S1hX\`v juRK,ػv\LGx !9>+Gه|f`YWU7'(H s2Ѩ§׬L 7_pߩ_N=Xs/U~Vׇw鱐N`Xk*kOMD-kwto `Nl/\TX#dɢNn !)2TEPq+_o7{qS`#YBߗB]o},|P*Ԟ5B'"-[/U1"stGg.Tp_o)>|Ȇ_]ޥ HxO HN{z7V@+rfc븼lz,13Mv5w=y;{|.{Q Xj=VƬi9˕W2aQF*[簯]{wWkyx5m@7ORD!??iPtTA_w5ܶqZ Me@T* #j-(t@A" ]}(H6]+h _M=B qԡ~y*G/zOߓ 0xxG]`y6vZAe>o/20p?/u3C#J c(c}y9Ѕ]Eupx qܖcR ^b?7g֡ac_Wj .^*  @|9:{vN dW!<-g / oEcqH >.g)9 tQS+Iz=m_̓VCu-{یOKݮw%+7z=JDT2cUa+}.Z*P@T_.6xj>F{orK ʂ1' b3rj@@"H wico-7Gձun8BP @UW`4IC׆&uନu0৵qm2 3c";.'۾_TO(ffDB.>wi]P Ĉ"1VE‚Eg_H.3eAt}8)_FnD Gĉ-fL%b|t%2ƅs^!ĒYݜвJUp{n^>ҵkh 9Q"FD%?ݔ\WN_I[~y{;/S%!34k/?=~`.y=-ᬷQn"@t'K֏;|{,*tR FOŠw)QBj=F:T_ܲ:טY%U?4oM&1KIǟ1 c;.*{c#cx*H^Eo~FXo٬갓{j5G4gN'O}x}нHv/oj^Z 5@1ad'w3~Nyj #ATbD*W?"H T,(~*>7@\WP +_MT5p E9?@A>Mד~Z.{{c=zvO =c]LN>.}1HxamՑ^bZ.Nq6I 7oaD$d[JbR6{}J~v^i>3e.nB"VWgY"J>S uNv~ϫ'~uH92Wn6[s_+k[_O! UuGG7{xu(>7t:#썩$w:t߾< ~qV @8؞„:H@c~mt,"pE|F[z(bD ,"%%s?GɀQ^9E ;Ґ$Rx`yO篾AyAʬ>g.g߅!"~PI$H ,T>?ХvRŚnTjm[̪c2Ӆ/ fѽR.Z?x݄vT?؄WЈ[,]'`F0!fк ӿ\0]9 ߺ3%q 9K%-a>^"DB<Յ&e>֘?RCIEw+R|HgL2{;xm#HϗDw .4#~󿴺wH ^3Qw_QS@?Z5 g@ ;NLr!eR2L7j_r ?O]Te3 zɉSTTAmsFdJXϡ/Nz^\WNJFM>YTLm[==a϶UW,ƭůgnH꿞QWr͡,KשwDs'~ܕ'Nb,"o4*s츠QUwN4d~y(+qfmY֕{bռ;ΥWu=71!u$ \-2B3f4R: F=fs\ϳwlٟБaʡf"g摴y9#ݹ:;Z̀}6#96k.)9)!oƦ~\3{1b$.!&h}k^O) /Uϯ|Cx1[uCG! arR^ Hf\5"u*'g- @$tn6]es Aӳ7ӻMg2Onh9v"[}"3 _m.%)v{<9β;Kysa3͊[K NPqK@ەxBA(PT:U(p.O5u.+ ĞuDp,_ CƜ1j(6=$LJMA}o~"{M:7,T$öRlĖH{waUhK+1#0[Uޞ-8)v *8'7 PDŽۏ|l{Yvq.-kQ*ukSBWaL[3.Ϻ1v8hmid~+w-$Zxr*jLXij,h2=UAb4c3&a;H 0ga~wfd'` SU8پpý\fOtbZFƗK5~k {o`9_Rxbȑ['Ox}b S_z|{,jM)IlT-*OHqjltiΛ )SjZbM9%](dwEezWU:c3ȓE0-)tR8gR ,:a c N=B"`1D -|gIO0bm::шE`Hɳw\3Ҡ0-1}|mDJI4KCNqo b}/o=!֢j&;=>[dqLٵ8RS"̦DA;vpgv8R>%d2VkzfnfKI9y7Ug[ϒIQm~\Ho'zvN9x^aL q@H%6;z.+a?mFoعzO&fw/\jҤ7ovwkLj&bN,N*҆*]i;qzPqЊ;*{Iruc]5tq4hE:*[3?|rdƶ?kTQR!'d m' /TWJ~?§ښkdװ>>wFmۛTpə+@z۪DomiXѬ{.>`Fqz$Co}8鯠5q$F=,d߭X^N{ӂp%- ?"bxIyu)Z:hܱ^m{anE)AJ(JɣAŔ¼*^/';(@<kB|u /=>CWvՔ_HzxAA4;kO"ugl=ˡCrWM.\Y5wDz'}ƟgliΕtm!=kӅXVaBG48WceJMCd\)'NyVM Ǯ`5ˋwGڇ}O7 hyQ">#].1̢:M{mR`/c We{J5mH@O,JH,:tc~[_?W Ԭ@R6I=w6қO٧xpë&daϼs.:B:~%w oq/xM +r!ϼ͖8$:s_zUUNUpX:0v1J[)ь]ݧԫ~CjT4~*&F ǿbYRj#Xz.(ae{㤄ݮ,Uȋ$sJBP0 <Ԟ%CVVWO>0ut$C;_54Ȭw]Ggv?񙈎nظ0'*:&wk5]L Kwci!=i#w΄ |Kwsh8fCokov|q7|X iꉧsvzӁX'FDjDruWeD 6 TAkyEQ8RHiT|Uo}|_*^+5#Ju4'`>):nN&SzLK6G?I귶>,齉^9ZJR)|c@Z[*NR 28쇦%D,Tq-@9q `3Y\KCnAy6p%~[^^IKؗ #OzR`(xٿrQCSw1h:>_[!e3ЃD @`@]qax@^5\S !pO'2q<|=D=NֲLXt0~<31g"% B1-:@iI%}O)dt;bhL2;+r f-h3"@'AvWq ֥Q!vOkMY"*@ s?|7Da2y g Čl='R>=YV*G@QMM Q4:t*#_Z0 vZHZղ}n(6 =kn:*I}[Q[\cD~ Et>\xxz<ۿ9wͳlT.N*q/˥(-TZQ'z0(B 7PhPA;6_ǪWE]e=%ѸT& c1gb~fNr~01U믨.47 Yݍ/k<вRDz/kny AMکLHYDB /xI<$ *u_R}b5*L.*ܱM8 ojsy4Ea BHHټ`Af7ek묒,ʬT2 (" * bHR$A " (#ЕE$PaإIV AXQXH~Ј,U ._MBBd$Dl%Q$ R( EXbw{ O̍\3(MB^¸j׷Jml_ QAlj^41 zHZ88G4q`n@6nCX[So 6$u\5'a'7f],1 H尛y`G'HR$=9-=h7`M1A9bBf!Co JFOpqTJȇvѻ0\B(U^n7ʻ9b ('e ((,( +( >"Qi 0KR *$#z-g}fXۛ3 Jʼd M0Rfu6/܏x^o;"8,`ѣN4k-Or/лq6{+ weD'PMCT.ncL fHzwHQ8Cm.t?# Hϛ_E!y>C䤦!Wϭ.wP*c@p\g쭐]@d6H$D(DHY"1qOz=GViar; !ȇ}(J:o_eBR1aK"F (l8 9v`"[_aE,R,VAE"E`)\#gvո IyѵKjnIrdLS;ƔԦ2zU_hX:߲Ȃ*"QXU,PU7oو"l 0c1E"F(PDŊwFx N^Q9vOLm=ww5r (E)Mg88_w8""2 5ViHPo%MH v7\?_5QIXzP/}a^sk ?W_SK}w_f}DcҒIG9mm{@4Jk:)2i"{]Ԯ?mDobՐ n&X_ndH@)9Y7[;)9Go ,miWm Tގ}-S'JZJ)KP0')ťHzWRzNmCX&^ryĩR"de)NlĥIPc7cy|BA1vpa56rRZze6^N s4PljzZ`0[eN)P@DBQ>Xxny-zJ O=rDpy<}(nswwޟe7.3zNk~94?N4y9ϳK''u~T8zZ AJ%Wo"oI(aTYg!3)-xhR%z@M^)_] ?W/ 堖|NCr_Eq㉍DG~Gz3=hWf5moປ>..ȷL^.Q !brܪe~&y)%BV٫Y;҈Nߊ.Qe \,,` a$H&D ܼoEuj2#Fy"TxvI 䁞JQPy<[gykt  `Sب4PkIgCB woHnWK*Pq-/Qȼީ$5_݊b;=yKc0 >9> ߇:Ecu74{8*RPz؜E-Em~ b:*: Kp`_⠁C'o0n+}=#.ckHy3=4awyS͖nT@gCg*8g=yi9صDŽIAE8Xs}EˆGYnMw.C+_[tr9rE!@(,ӊJ*GkQF%C|_/ij(Vi,є 犚jr+o 4fIpħ]͇BRZ޶5mI?p~gK척 WSY #vC_op }7sY%U@$!$UDbD<*T`Lpaf0N{3;0b2h<Z*t4#9'OlOIS(jTY!?\/s-DcV^H%WP$Z;;M}[KTJ:o΅:C%f5cT^D|k ni6C<6zz(j6%NKmv+쫀%˕b/طYM#h1Ah((HÂHٕEM9JǰaT%,2[}_\鸍k14R Q=0<.˹r-Щ~ 4gVu M%^HӍ1@,& "_>nԵz7j'·}oỀDǔfYg_9#ۨQ.pH C&u[=A-YeҨf۠h{chys_{Ь( "Ĉ Iʆ BP9{NgVh_ƶ딵 2RcPFg Z=}-DzYedCe?ugUa%jb&XUZE+2/iU%@B'tjږZѭg> Ck5:8) t7I\y D8]ҿF T縪ϾX<$Lt3/GNvf^h?=ApAs=RZ2eYΫJJ<@R;F%V*>[:="FΠrBg#.  #ѫ2H@YB4t_|NK;\FEk%긱'+ݪgEux#}fe߫9kUŊnMۚ[J#yŖM9.]4Z e+v9@yjh 'k}P.sLtkYLn0i]yyБ `bDs%6ǭF7ʤ?rtYp?8f n`/3d4EMV)Wf8є"}feLz'?zy֍E' i] {_õgZuv볊g|Y+ n.wZTrBr1kr.c/F$vO) 9 gb{* R6P)1i )Q`e@ҭ&:L{vo Ⲓ 󙳁G>ϹO4;iår`m N]z̊7aIfGŮ So "&eQQGaB4 G^gr]m9Q%w!Ҁ<}}?/,)+5a]7+y=\o˱?^6 DLc3U0.BA327^:6AF=&7CREj=j`S[_^O9eډ}6c٢}%K#~BOm=#Hܶ? R?—mGg՞'8>7S7+oiv @8007R##@c[WupԸ%0onf`5N%D-=L `A`nȲ[k)iYS׶i1yqLj!@*)ͷ*p($cnVNP[Ŀ& B<ÅߥaُlX Z;3,Nа4W78zLݜUpo=&6g=En{[a[hU=|dVǑקƕwV>J/6>B:s _A(ZY *flP9 w(p 2FґGO{'fD4mv v_K -;~yrtd؈80.C-C*-"A5V;u`g!T' P/>^-KlN<_tIV1c3ٝ(\j O[??spٽZ nLj7Ո 4 | 8}Eb_nzL2xx}]꯾^舳֎f:qOj谲|ߵ)fX1g,A[o.ٟ:o/lˮ~5컔yK Hh]Ф .a 4#)',wGfEа"|JZJ!!gq=GԜ}= x)E`"nnҺB26Dž0uOiY?~gUf*i;លonA i">ef\d""U"*t%H<i x=} 6B%g~ }_aP u+ÄË]BS2th4̍GS|ě(9G]9(}n}rhɨ5mz3~-w,/=­ Uf r"|mD '>EwTvK` 0޻#cc^d#@( mrkdor%uS@$YMBaa K4Iktv#_[%#ۻÔ1~#O$A*)0"+8o͉M㙒V"XH9[J"ypgG 8yvB% -pIy*6gg|6m'e_S :uBi oybb$xN nw-JNq{.6E4uF\o2]uiY]{^%'њRfN^{dȶe|u2B\ˮ hɐPIWZx#s-oSOb(@TARrjg敯qW}HDY h3J g'7x]P J]uQXßQB~@=zG ]sA`QhWI{PB"Hk\dhy26o<͌r[R+xe~g!g':y=vi' 8tvBS@UQv̤oR:MxlU-&JP$A}kJBP9Hjh B v בeU9-P=M/6(5AKhtؕ VX~C}-޸0ۿC4ϻ/6Nsf/taS^'7Vc7'7?Qt=N!Rkܦ9[#Tbu.q?x^hjq Yzb[|ͭ=Z`::lДd[eḧMc&ATLN%4$d[c^\ {Vr OF ! !,$ugD.Q>Otgh6tG)B" nL^c)> x>o>ϓ+Ի{LmխX1 ԉZ!{AǨqkk\xջ1u2{Q%bJdYȼMU$h\}|*ywgў"vCOET+8{԰:" DL"!)lFL8,Ϧ7Ȓg {cbZxwd=b>qxP`K=K{:`ك1Ԝ|a=ޞ} w'ägC7y/?]GP6A="ZfېYUhϱuς:|\P,G\g/Bڴ1oBz^䥿ϳ]'*T]3Ix>__ݻRu S7{vKZCY2Ӂ#'6o%Ndi}п2eTr<͵mTr"Ft)Vcl.rj&f~w4mxUyT _.-TZa7(w%\skw `RAL/Y}[l:l~6v>8ɻo矆I9~4t03g:)ь'PwaZW=#m:Q:̍cpfP Bx\aly2O~]{%Bk{¬_nR}. H7HyA=vP8^(>a=7"#u<߿IJQ\om<y4S}We5&0yT^X| T$N/Ƞ\ x=AK Yc8g9rΪ\ xMP;RGmp>8'^q>NӠ|]^ڸ vg׵I ;QR:߿23-{wk\b*ַ]ԝN  Ǽ #:=& !}^`%\% D,>i,nׄ)_#^J7zq=4 SOV _eI?#~Àg QO>G=gRSWAEj6L 9qKm:>y׳C8o.[xN2)!%CN%{~y:;@_E$n؀H&?*#6!񬱏?}a<}GW;bBY1A|KhSOfs~OvN71"*1 >+)$R "HABn(o3kzi.oŘaKD/ "򗯗7^N:TzNn 3,<ۖ?̀Bzȷ2{_2 ># YXdوh)V4#UgW8ʉv/+Pj|ʒ:T$\8XOk#Y\Qq(v48O[|VuZ>gbBH(v5|(P 적w &W/! Ђqx ryÒ %ٓt5dsKyB>,Ѫ73ѰtmD{~6PZÕpq۱lu?aBxqȐ%Ma#UbHx`Av̞DLJ)hTWfR^~GnkMuέ!c ^YAef ˓k-]fchu{NfG%@aIppn{Dy9mˈ„ qQ2m$QHQqj_oڛ>硻H1T`%f'@㱋= W,m!|J6:62\^4 k`d>Gk-R'kr Cڙ/95>'[񿆟;5v}Oh-Ww$P=jHdKզ`xQ <03B{_Ov)eZȠa?Mir>J׬e{Uf̻J<:5{Zk9[f};@ nX(+] #t1Hf͆JPٓsNnZQw%*gtp~|8K`Fl@A.LYG/^A5@3뻄捗FpV#H%+NlABc4r*CC[ll? [*(]ZA-qv?['j/,^BW0W}S&a6gI yF:۪5 ©Ӿ߰XHEt3jXQm׿V'f.'O}WȮU~[lvʗi7nIWː7k''e^"Օx]JvUoۈo·gA\gn[A˩G+OJPkgЌOH+fHae$} Jb>Rxq\8Y1A6JbGP MPbhH_򷘛sڥ$|Y-z`CLiIBa'D;^s)U*agҾm=Cz>ɻ"""Z,eBc3WYJ# њfWdmXoK5ٽ}qޯbs8ƗqQ Lfp\OsƐIy5stk.[cW4r5im<(rkG5?y=։[ >IXQV#fA=op%2|O nH9߻` \: 7[S¥h4T98L3$ FQb@se&B`'5~kUVdnqɪԅj S5|xej$d+F'tc4;b_l[^Zؒޚ|JrOT|kK^r|,E!ߚ&x׈2, LlnJWz]dᾗI)ub"*lǩ:^ iY#dt&IdTDÖ+l`]ɤڙ9j|zs]YudĔ* },e2e%rӹ\KqD(,Wq/w3JeOe.$Bt52 4Y_iAdǷ(:A=~E[&T1va#+TnRI&c\~7}q)z64bzr3tyy7?EJ\d+pKb[CM%iQ{5bGy3I!Ԣ~MsGGti׽ޙUbR-N1ǵ&<˜~:Um kJ_wEXuvvݨV |6ʎ@X(DY JH s jmtV~o5gʘqDžLBD4J*;k`sT~P ^T91%Fs&ЎoAcruC$=PFkAw$N#eLُØd5Y_)ݯ-wG'@b.eIHRJ7ꌦV:U3 W%%a`/f^W]9@j>JC( ;IJmr̓쩑{l]C9A69~G .a2.tnM4PK.  71.E t}IDtO 00kH`nP3{ +XN^b".?@Ooחrp@. 0,FmwI4x0w2f}`p݋3k@mَ Hm6Mg&,ɷ b Vb8V?ù?mtothvQB hlŻebzȦ#rیPVrUqQƂ/~ѿ{]?>K$-p]%Ct4UH~cz*18/WZBB9JHȢ(*v߻LAaKuv/ I]z92(b}Lȁ3;HVez;C;&29/iP&(ɬ-< FYGalWfGeo{#`}|I/R␎ŝ{+%:p+9crh|Tʋc[}m)}%!l%JAvrECB[e^ ҊB'Vu|LԜޢ9sL<2"~ ՕZA!Vy~?#He/.5nqnL_W1j~ٮD2S̹,*m uX~!OwW6ưX qXd>d HMJet9}Qj **?ε@OJ _jBEkx{l/Fnz@>={4KwYI{oq?2̌7Du?56m8B5|'EVn$Ɋ4MN %ZV/?t &0&-jYW0e;,>b㉣ӎNd zy˚ P<&ANYeBP"oQxI&mi]$'#0o 2i҇G]n}iQfslǍtyLS CJQ,` 5͖ՋN6'vt3l!1vlsfNYd 8E:/}h}KJPq}U)ov"UUU:wetveq׾У$G*Ш`$wl7[k쀍 t=4. !S`nūI"DAgpY͗9kq B:2z]6mWiٶfz%/3 []q4рL^ r& O)>;.%+ QD}kg}{}}׽l}SWMXJ)cP2RAES0jR0D3Kcg1$ ǝ=ϡl0QFBԁɫ$Ϧ{!o3zop_hǘB=CsW'늃ن+;?Owv鷳ϟr!mhmjL`,YE(R&LvdAG) 0_/g%@hTu z{/8>CmYaO{<1o*oLZfj!,#m8Wޟ7''f/A:r8 fUڜI^ ^͵ 〧W~ṕhBRWJRr$ r#QSjsʊS7~n:]b?>ۄc%o_Y#@J`o_{i)Ýl|flt\lo3 Eb$n](jb!i ]{W(SQir-EAMN;((%bw$Vq|.j씛h3{}M[wiz]1etUIA}S&+ T, 0J{ '7jO 0 \$-RQdW<z31p:zlK vGDa5b'7Ǎ js*C W" f'_׽x~ߦ~2 bCW@l13ǭ@[(1v0eȁwGvԝ¬9 R(-p߈V0yeSV$+}rkpRĨSGr1A^UCvZZ<7o:hpc,Fhs|*_b% ѾШNw雲&o*+*,J= T.$kyG A*U\4ʂ0AhQ9"9Hy %zXV;)PFBl.P$DUP;8KG?3Wk2 fspO v4u`!F!G Ƚ+ <6e3,9l+ CS+K7t_TX}~ SˀUC[" ʆI /M1ŘXsawcjUuS?J( 2"2!0W>=|dMY1QLc`j- 33h6td44d w` [\M)ʉ+ci_EZ>Hʒ~U{Ya]P^s ߍp/6kվʷkDtudKK^EnׁIJ0W/<ؖgBE`2fYU,>AV`*L|!U1N^PT&8DW ">c>+̾Q[gfddy$iJ&F2hҖ~>s PU|[޵uБtͱGon[/%)#0"4+S=e]wȨx`:G5am G8b TpcvoeℓJ_ȌM{̌)͋[˟ڝ*8u$R)2}o#rx?PUev*pc,,\*SJo[nнu=J2fO|$e 24#5]ξS䛩)E>\"AR(+[]OIYk:J(JBPXwNm 9%Y8p{cÃ(yϖ- ݮ)zf{Hӵ̱ht0S @-^cjHuD 85+j2$ȑoBi EYr(E$(rN~,si@C% xFNs@Ӹ-eFA=tA9'5 L]wW\f&PXġң"$S{X&7ᱯtpy<džo<n/>;Ӿ+ˏOaT0VpW9`3.X:w =$ .=T,#+@qw$O! I+^B/:F12,#PeKGMK-!iN:U!Fm{Ѷr[E#x^sVjMqZ!hOU`:@`tsU.3 H#}oȗ~nFK[Dd̛=;wK% zp[$PǦP@VHmmqrF!<(65EzW֯M]˚)5YQ)%z SJro.E| lD -;J4~i8@3&R& I<%00 b\۶ViG*u2Ì:絏\2YbU^(jbY n#AEUu]ks]GzeZ~ul9RM?mP~ˣƧktSsCq3Q,Y'u ,(F_tN$Tn]q{DPݧC-e]XRUв W-m@J.rYգЕ/D;Ю|6"\>߹/h|dےel8٥T{[<5t_~s_oE6ܱv187yƄ#HkfpBk.h]]UmŸ5cO_dqr-+BAi.Beo*;0E(lw ,'NN 襡JҩMEұvy Sstr͘UPD"`UV .RՉ_x& (pxTӻ\Y&*65H*  өogk '.An(`\+2 `c V") T-x+%r`~1} RPԜOC[-Jo-vv8&Q@y~q}ڄ~\#7ռ A'P#7KjXqsLL$YcZk-\綜<[" ח|.ՈԊ#^H>yJA'4~] y.%Ǖv41NsNcNIX Q==KVW2Q@xQ^N(+UG>2җRn qWR@"7AkIpɶoL̛$! H$ LHaT( :u{ڥk`~Vv4I@] `)ﭒNdqNwo֜35z9ZgȺǗNb#5!H0+<l iל""oiZՓW>J6DQ#@X`ruI|hO<,i ~ s#I嗒ƛJ#V9(sNK[J,O,#i{z?-N1kE6x ̟ 7u?S[.w AEA߮̎Ot(}qDx_岓pilIL~%8Pfq?I[|Ykd1;FF=n=T0(Ob""$t#2 D% z6E2e@هTws=:InN H9Y&!# 7Tx?O[%O@2i\8a!!q)(,CZDpQ'Lf nXVC9$2a,oW`H Ro`(y):ǗHh\" Pr# %>cr4s4#c>0(^hn +]&0  "}A72xkpqqoQe*oIZ3_jU ˰;С6(6/Ϛ&iRD( sX/B҇<kUU3ǺsfhBpfl!!DZ j7_ ioڦ#WqNw|ʋX8M2o<<^#>]t4s$e$O=㜫T|F$,?? +}Zļ;o-{eHD.N0f R9.Mg37HB i4' NBx=HrOujSFV_S7\ ؛ ۦO*#^W. ekw ybYs"0HbJ%|(@9jҹ< Z`0M)hs,Sc0N:e7Z)ٍ+9Ԇs5%᧬`уL<f'[9՘]x2)j}) ӵ >j{b}gfMo4k_N|JK.r npj#">?6ϥYOhdJUnkg8}K4?6tsII9R XĂM'kٝ,^,}hvlFOEQ}+aOڢX:l?$,< fB 95 $|N&Unj.Z$LhwLRkcI3+%(0d?y]ϡN DI3{͗c}]N݄˙-d%A@H<9´GK8T"j~P|Ti9U-5 #>%Z'[/yLŸz*H͟ 4颸(h}NJgdf|{Hq^E [VI)?={۶[2R¢(1?>ڒk}c2 g X) lrWWMf]@L02%׾nl8P^!}$TS-z]u/>ʍP? G TCgek2zkT*#40i@kyl,8$SDCV]7kF5ٲh[ }? u,6?k Y a35,.`a(&0LPIG^2`S? fpƘm7?>dY`+Կ7oܨO-e,gdv6b~De wJN|7~VAnPCthܝx=OT'jdX Ĭbڡz(0*VTΪ!ĥg8] Y|dv)6Q/B@s vrR[Ķ!SFƆ5[!9MGfh2OPCiXL|nߝ|Nr-Byo #T>ӣBcZ\ŨBIt /ɥAe2-b*ba{U@: 8U9tDx3W=_7F!<@#@f\ Ds0Q88~\ҐP ?:@jPw^)PrDr7N 1/شI$?) X8m_?94EX*ǰ*Ǧ!2\-e4^:!$Y$awHPNR?$< f 7b1y0t|U9 wWdD]Iֻ's}FB QDUnX#tz0/=?-Ah"Ѩ~u$_%N-:Ef@4+oٳ}ݿIkߎcwk=RXK=z"WO2܏Kf0!/)Jȯߵtc(xhwiUUd-23uj/~o>ӤG4-$ZǑp"?+{m9\`q!MEYDa[? N]|-qs rlzeTb[m┙/w:3 22Dy; 0X_Mui;=~>ʑm/_u,g% eR+"Yx s3sfiȜH yG\4CgɚlrST>$wВ @>Wǵ6sMðvqd2<$;Vs@X#v3v:Pd"h0ToP5V]k]iїgW2R [/*-~{I۾캐rx\ oZCJ (qtd Ėj 8A'z"*@*e+c$tHNQӣo"էVk|ڔO"]*ߴ!o& !Xϱxawڿc {F/MJmA|arp8&t~S>ԉUCლˈZ~!T1`(_rcW7]h0(V*( +788"ϗca& 1v :l1ha0J1e*.7,v[Va"OaCӅw8Uu}Ź<-43bJ-HLWcp HP{i IcuAd]RO/.Flkq&{PR#nC;fGE$17 j%7s2& {qH--{E1`fTX+-VHaq Q8lY(D\<vQ!r,z=M("WbTR Jfg6 CFob ̡PZ:?̷|5@ QcQVذ\vH1{Ypj8LH~hf᥿|"6F)J Ы&&w;9"+azFcKa&'^Nu $o)<@`nJCNwSgM|˦Bn4UC1bIU _.OR3tͿ0l`!?ݼfVuPdѩ *Do\߄re8cXAw㰹U}~| gUnS#jmHB:)?n$k\``,psK % ,)U+y]5v*0ߎnzmFA Fy J?y슓U6@uRxG.#.E鰦\7z! *pHhَ'4q^]N~cO#j3MFrع6uڧu':4TS{‹ o/Yqy?7<}8,pLQXR_ `9 [}Uyl+i\T(dIxyqǧ)@j@aH.K5h"=6JQ~A&yJ'菖~@^t /+$0k'h$egm7Q-39T|' Sq~SkbYZQ3>~W;<vG}>F8_1,>Cd_TJqe:bf:9;z7 Uw?qC[8IRP/$i`u-1E8m:k#W_$I66ᡊ] RDɱΩ5I* @ :`J[DJ+YH!G),]%^cI1]~ɶlώ6V/\{;mܹq.%pVGJ1/ޚMr꺏zP$q~ WG3t$$H49dGϧ'>#TIٞ.-uHdIk5=EX1"!>x4f֓3-^aPܫëj#* o ?(D6꒱QXeZ Nʊ@(Tj@:P W@ oI_Zq;ypyTTYEc\p,)85P 5?ưo#y:-_և^mv O  *Ɂ[gl?"v :z )6@LI @|MVDN07|!=ۋ-)zk)aĿq4Q1fu" <{M*@D^ |/_x LmnpW~;\ Zŭ 2Jcu1tl> )q7^ \_{ u۲ˤdp<$4ET*%BP;tF b`m|~Zlvbaz9팺ϻ{ !`X{}fe dĆeTys0LyzG,P_1z1lգ`eiI-2V CQe% 4AeJTpi 9obCF5ӓ9VmM5#[Yap3]*BYVThR`PefPz,d%2Xl'' fRNv97ֈDؤ ɜPNUU oc—dɀr AUXH`(ٲdzIRful \Ռ6VEmV­ QeJ(YdƳN xomkmV6\41 LtԚd.AB߽4-zX-Ko%L!$-[MPj!C]}@l 6DjaIa!u`!l3jHSx6j"BRDD(uQPSoV{\#;ǣfS˶B1QU 66pe=OAvI)L0 \^#yp kVF"ª `f3]SuscCeӔ9 ܼ6tgj<?UdTBUmݛ%:YOjF~-3a Ypblڵ.=Ӳ:uY JD: a9VZݱ+ d)Q"\ !f ,00S y=K;|zsO}puc=:>%١Y-,h?y* iL|H V!)xie.2dr4joJ1F3mZ[r5lRi,9,$݆[niyx1ěQLVp7ɧU#5㱌"B(۝5ڶ&;^a?ԉC7,$!*:XN3LkT||f!>zʊ5 Qr!F q}Nf%)aKLR0:gJ6,vt?VF7Qଅ=Zrՠ3!]rA0:YrpP 07>dS~rxKgkPVq꺣g&tRhiskg9[>l )sr + uPsnX-#Yi ~,zع>ͪύq尤jZ*^SkwR_G,@Ah؞i^Xή+7nfCa$HdX51VI-5h(g[&h~?-Q;JҨ*o{`U>#XElKi’n^V]x̯VԸ8 :qGվKUoHYh7֜;y.'P޼KȜy,f+yf'0O閎\zVս.L)s@Ol NrΣl`:[hҜYUZæ}U"abRhf}֩10>1d/)YpuP\OԾmL8At}m8WӨC3T54D~\S?@ڌ (_#Ԯǚx?cxxXǩZݬ!ǫXBEנ4*qW%dɆɘͯryW4Ӱ@^t=d#= ] ]lT6]Y\9*TZH_7L rϖj#D"(`^S!-\ A]nIJ jxbu g%!Є;&̒`Bl b @-P(Qb"+Pjf3%l!Y m(Y8ʑdR($7U)*+"ԬXP`ѩ4 #[(2[drY *L%U@P.RQPjVB07`M;6nnR_]5DT˩UY6}e]e&Z4W3RT冹PT B%(އ;F Ԋ D$# b@H a!+A$¡:þ7o@Ǹ̼T$DgHN?W{ڳT4\J3廕^HU8B%SDt of8;GxSrW [:QMģ)+'Dub8l.1Hz(T)(.oNOw-t7H0F& %cwsvKLEA! UTȾ@FdmyU4;bڒh[n _Q`rB`!Bnn]fӧ_w Ë68VW-*%sdRĶ1o/̬h-ʩL'+q7>rnIi:&rI@!:VƏϦ[g'u ͕|,|}W=YG4"35L2`E!30(;~ݼ武yOFAN7n2/J?ˎ،TC$C~O+'?ﵷ1p_aq$ѯ/&[어!ȳ!d* 5a[>,SGyU څx|!f \ 3˕|F 0e9DȚ ,ahSJ5 9ǎ 4ן7a ?Rۖyi,\ko)@O [zʇ\N o2_|ꖂ)K L] >%q!,<=O:,%7p Pq)3I??x(]S9sLWVY=;M/[HtGRPF* !(tĩ6U5o E&{-i .1Q7>y` !A @9|aJW r7X)"5 j?hRHS N@Rb0a/ɠ(ؗci9U<ؕ0ڬ WA",!rF03>NaA!@: ۠QSg| GŅ9wL<|ؕ(>ԱM$s$<}ݮ,դ %P'Kc@uq%3qg-}T[*'>sJu|~l /?gCşL>QF(F6C!nvxd 6،(CGnOA])N~bS~}ToH!Jz·k{F`i\C7N:$tCCqw:Z@Z !~pS;<:TJsY[/6x~w}.7)Y5 n8oU;ؠvn]%VX[IK+;f3UhMpa'ܻ:½떴pmFsrz^R{]tϟSv>'x^ڟy^^ksk!܋oͱ"K:Oun{Z{wxjZ w'$>H KɹOTVוaEYnzÞqBV7G/5>>)(0el NS=Z5ND+ 2a6D{yP%y(o{N,8̨n^n#o-jj+Di/!P<ø D?BD8sTG&ed+*_x8JI(``Pw'4#&:B[#9K0뷶k[Xh'ݢW#Q"fv;]ȨR9*G(%Y8x|,x[>nrmDd8N=J$$[d Ih;m(m Iaoj|Sy˽ͱY,18S&MkQEJ\/6R` j%i!xA6b6) ]sD02ד[s?Ӹ0V/ə"M@`3M+WmpL@M*0>>/3J&_֖`B.&4 kCԛLneHSGӁn9\vF} GRlpEu/Pv`xl;誒ͥ[0W8tv?L-3-5Mwggn8_ykgnٛٸS{)}.zeذÊ s.eeAd<<&,bQx; @9$.9psg _-*>DF *^-<;BϱK$wZ@Mc21Rv23Llid_𜾒s8\%KT ~6аggGcPq5\7O@s[?X ^M3?m;N& 465v c*7 Ejڞ,}t>yIY_̭e3?L,1E``By} Ĭcv$-<מ6NL!>7:mLl{J5L(|2W,d1'縳s)1W.oit(w{x/A_T - o ŷ2K-m^S4(|@@2b~l |y~Hl3^!ɶxܖBTAa7l<=hSlK)f{ 2~Zqzu$oZ۸tE4&)qť2VB3fOQ` %W)ۓv1+4ӯziFhI8L7/SGtʶossaFNøjF3tDL2xww%f[)U!YTC.ҿ{;C“T_Fۛno96֬D 0m`&]vH돮{ ~ESkD#IYUrƿG_:]Ԛs@Q ŠێoNn mZ<5ݼٽ+3:I K` @E Ө՟/S_lj:!A'c`HSd[3kXVɢPBIǤb)C `e+4IJRh*JCҏWjD3{](iД`&iUVD?B6EsfW< <% 3>* 1*;zܶQk ;O#Td|li^9XjůM]CYtD>)._?5$Ƥ@Vq@~}/iM{mi h AFx5)5Iwvi9$32 ^pFFFALa4(A)$$;=]p[[l4.*F9q r7~C/xH}ﶸlr<;S >p1Nʢ$ ֑Z bh%_@ZC$.C~znmMPvCS,)1cfrfyrh4`.U02&[W&@$&!1,ڵj`I$p h#4]IA* D$.1Q !vE5WK,ŃKϽr7*"@e LI32[K  4[af}4Csn'o6w;lɖeAhvҟ`gʜ96u:Se%HH!bY!EuJ虩U}eRX>lALjYȟ¯)6A@r٘$'U*t(iiӺU ķxW4~/4|*SF)cpJE4~Z"9`Ztk^:.'ꩾfo^}ɜ @&;-k2FP ޷{AJKXZRUnT8J9ODXc$~׾Wp 1(39V֋BX_ǣ7cy!eAueschZ߆oQu%CX:bp:`yZ  1Hnii>3nG[Av-$mcWv6rpO1 y/wv{fu fCRli3j47lD42W+#qu3zTfHE^Y,BA/GU;_WvwmL Ea b 0Qł$~<σg`RXh(eLF8ߡ+{$$T Dd: Acxաc&#?Yp<>"#l 爌F@Uam8. ]PX iQ_Y|ȊS/`D}gm7rk}{T#?s|s캗7ט ެ@ B#]?`ŃeC96lA$H0^zߛahA:”᝖P:(pR"RA'Ey&>+H+&6W YG̔4uBY(SI**\XKPMI=E75 o JO&>#ê Zѯ}NuNt37‚k){zp\44ݛ&$ aG}`krv(~^l0CӮ!|L$ [hxKZ- ۡE# N'xؼ1v4nor `aa"9<3Сlū4$Jݿ a} elLAH !-*ۅZD%!% aX(Ci @ 2ÇP"N$R g8⢍0@aZ) WyB0Lw{ LZhJk=kx2.wҭJm, !jl&>Pu`?e %rajtOw Ⱦ,Im {9C9ԖdG*IiP&9R]Jx\ k Šڢyv_ W宖XZ ֿY}ntrfXS*@S9yX"84i %hQ!%*H)9dC*lZ*5'zm Π̃+m;8P}&)uW3Խd\ݥ+þ.4qyj&{gDqk󴦂?П;ׂc֠Y'g9%j)``.0=( ڕ6)XB1?\ӾYF(DaS#ޜVRBe ]k1ty5R$rZ\cunL&#aRLZV+u,]c=ˏeXB?8)x 1홧 b9VR? _'o <,-c4:ª, 恨H;̼3 >_M 4y*cUwh*ru|)ׅ 8MYmYkm?G7޹\|?z4/o)cv/շmzd$~"D?vfqճu*kj 0!,(KJ}G?< ː*)xڂEv`&&y|w!  @38VuF`O9Mׁ'?2_.4̷8)<3ZliBvYuy8λQ̐vCJ%TQ8m'UO-_N`p`#&\(;ZPÝJ !T@A 12߽L6l84[kڽlykkS͔C{ DJSnROzw=kJz/٘ӌ`ʠ#ys!&DРDA:-$2؍K-aɚ R)HuJM81ձ9aQ ?ߔQZ1SM2?\ǠGFXӊbB %!ۏk@^.JDޙRSV/7yi$7')2.Hׁ8:eŐE9r\`g"IAH VdAYAV(A DAFE"0Se#>(Q("V"" "#cGfBHQQ"##$ QQD Q$E,A" `UDS9`i3q=تUFnmJLjI@To[ox9Ѽ\@>11kNI %Oufmn< ãHC w: lR$ЅF4 .kY]GV2j %I/ S|8^:/"vVB2w V&Pvu ʠE bh!vMb F@xWN[6fOD@SWgYv=kd ^ڿ_"כy·AO$G}S bIa7<-,)((}]{쓖;qrr\5J馾+C:QMc:,ՙ;]GhC|n>&o|'I'sicG{ 8@'@#򬁅}nO`v;ABi@0JPUY-R?DLJ}~+E^ѝW.m!) SnB7J~3t2d7ePPo[n_^A7Y%Y 6|6#v*P3q&v9,~ƶ(Z{~3y\,?=\D Y@K7 @gv՟C}DB_ƧXXw$`SlϦ][Qhg=|Ly(8ClxXq9ד/ |^?@W;T&☢`[iUtQGNp.Fmq5i]]DR[tsʓ)oз}ͅZM~n #՛)3[kbVʠ^ Cub 2m6es}GQ ;XjlSZfmMe7PiZZ55 YGsm3M݄_/!*98SO#Q)k򛴩!eOAJTBU@ c{e-~'Stڎ%P,"$\Y\P!uSVX#[$Z1ZlagZ»LS'Ab&<(ۛ 9M@mI Q+I@ LLKK$H8LfגwPTۃ#uk$L'r*A0C& UbQjNw< ܺij84_2@tFgpd98rBH_nS:_}݋k<͏ m/CK%1&L}vWM)P@X\0+ ܝ^ V4 8)VEnZV%¨Qa`T|&&A DI h`$G*ܛ&}%<ܮש_rbׂ܆QAAYe織 |_vܦ|eRdU)?a z)5PʪBr0{_h!؊R.whՕ ((`b`ĜA,q"s[" ";')$@ah~pmA![t@*޸ n+&)ejь## 0뎳‰ 8mg_`.1g(XU*PTZv, ֳ&TW;y7[4 J%JKj_1oz@h*9HlUIz7 }B:C8%CGubqo:E#UBbsoB+J zNۗ!j];Y 3[%R\/8Y;Go3[Sl9O)^[U @EW) s%m󻾵(AaH$|ӌ;t-9vI]MKeM6Þ>>:]'+e@ڌeNMMÇr@;{'tsFȭ\u(HX7n$ڑd^TIy<2H !%\,$HuZd[hahzqTdAŗK^/ECɑBBsRzwCa>M`(!Ԩ YeV\!i<10K+([?f~,i-0W"1_XP j-'TD ])Mz9c5^GxM Kry{EE nxϣ$a ;3 NT-:융ҨFŃEg~3; . vdB'IȜa.NHsk(Ab),6EIl SvK!JZcA%s1#bQP&U^7ry"`"H *#Dv"X@;-E rͪ(Q~XzڢgFp-NWn~}ܰzOk P <#nRp$%tw*F']@Ոx!M R\C!Ctʆ5vK  H  t;Ñ`=֦m;YAC,Uwϴ/a8x{@kO4Pv*>g{f[? cM4@aB]>}LҒ"e&eJ9̚(rk .If,K1 {fV-z۝̦wri/j)F1M r y8Z=7EH>B dPI\ VJ(O')D VS7t- HV$.di2 vbBnb#5%YIBa :N!~30$}vDf7`?sN|DOBҩn@".$#\'~#Q, ,46\hމMf9FG0fox˭{+OaҲd A$KMtzM% ZUw@1*(WֲLKvt3bEZZkxXL k}ϏSjr=p=s_cgmWbz6-R7 f<5GEc6zT m+o`֑G!}7>Sa%Fj(dbE1"*(ȱQQF(*!CTe$A( ,<|]G}xFʾu}xki^ǀH@!%pvm}kA zRpER&oV2unN B$X6Hi=>;1h"J?ڿn~'!$az#]8׉%ֹ]؜vVPj" tjۏzߟepP+ k؜gYKTE>Lr_=m/ Vd^̼&Q x)߾ (D| N8rݲg0~$`OcttlCE0]Mv)"Ml7k"E@ЯWDf|ȯ!]*|tUZBDCɰdvα"KzCd*l9LPBڍeo ip<jt* 6ں4i>̀fzI,}[WC;!}z}2R0+`FjTy23XOd >¯ҪUW3gϧ IM3r>C(wJsV5mC/qBƋ|đZcn牓4XaM_k{AGI+fe-2,% n_Sakd8:E XRe4'\oftYw iX:eӚ+EbDHX5Bcɭ uLY0<'?ϡG=}6"hhQQ р饖2^}H>3nd<(( sxB9̣NfMf>) 5:Y_J][Aʁвb[׶y4u *nE#i" Cm Ƴvɏznbqn],9 E?N9.VaոH$ UNOԯt_6S>#,Y{r"!`'bҀ~yHQ̾7"do&EZ(@@ Ig ű}Oa:59vԤMƥ챩sN Mʺj6٣]NI:=T+#~׸S.S't._J`HyCsi/rG_&/0H{G).1ҙޤF;m04 hR?%#tVA OO$kLaD1NOPL8 $7;GLE$ ypYQ (%oP ^&z_K+qEQDc$cqY [8kQiEwH AJ 3$hiH8R=xd 6s* wGv,G|Yhd+Θ_?iוZcyFHLyy\KauK^^8@c ġkox= _R!oEE )?MFYˌpwV67v~3 1&=2 \ 6?6 nk^03W?U w~u @s8X◎8ab2W0>)kBh=Mm/MGX÷D l;_LH%ߞ9 NKiLQ3ʊufHd%B>)%Z^ȏYÚЃN趯wzmN[w1 #xU,h^r \2>P7":|a8fOiEBR ɡ$"GwpAT\3!>Tngxk)+ފ 8%mVgQV{$_ Y|zhq> !ğ,c*ԟt]5d+ ނa;>/E^1M;VBrf'KJt2TLJ'a"X1GA9?侵Tn'OHf$!l&QJJ@p[V|atf?nRojl|Q2;`wlD}@k~hePZB1 _ECfz*Qq`xqjTӪ-$.?79?Hԁ C09B*GUaܓ.vmTDR+!.7X( әN=t(}Ի66/ OwpUS}!*~%JrpP-Dȳ%=c+gxT(T@O9giQ룭p?Frw$ 3BH^#dhA-aWՓw6ΤI1;;k(~4/g' بћ.C2/Yx.7|֯ȩ=o-w:O+c-C. w-6/ 2$KlD%2F_t2{={&#Bw<r11Ǜ,NQhךp7=d^^ uF&.mfDEy'|߬H#3m>U/Ul<'ye}xbvXIYǖbQ>O UUsb dņ^Y?s g~P7Ce<F3gV)'%0n~>=pZsȝھ` Pz 4ɏY ,ݹ̜dcVy?;7RUTLL;(A=:CpGGgyV8er)r8~ fIGK+Mv3nӘa.!=WAwۭ0Nh  9a8 R-RNE>gBQf-- 01"{hgqv٧{|L ":y=fy={ÛUcOZ뷯N_fM *'L``H"*"Ad]| ]Igu2޵iĿ&D@~I>Td rS gds?; *UŤ%oB-p?{ϩOfKax.|]9 r?ݲȪfqL,.4j. WQڕ:P #v/P\Mn?:2n(zO'MGGyo7YtYT*"[buz1UI*ejey;bDA ~OYeyUku:R:m jiDMi)×+2F6Rj33_ΎyqjH3AԹ"TϜx7~"uPES4S,ov/+8̆"nS#ͧdVT4~G̑ID5r3wv~vo!mC.aeM 厂L.]2lw)}]}L)R%4nmڥJ1c|ӒꚕFA$<?è~J=1c;ӖE)*C(?{Ŝhce)c[fk=g:$wG5e |@ډoi}bHOm93&6˔K}8]W qiq_te5k0ox3P5q*S~3iqjn;K9 `] +R )P2IR@07w'?f Ҡ9uKzT|| mM}.rp *@ I +ݰ>nW?/χ= M^"cE⭅4Jnl6yhS Tʑãs/JN.R#:2BRZ.IJUP nSF#hA`UߝMsKzs"3bpYwVjFDA\[̴#w'`{'r]c$Ds~rR'>B\i UUn~RȘ Cg.\ûxdlf fRЕ/z)vl$#!˹ acT~\ˏiwyǩN:3}W6 x:z' Uәx'x/Ԓ7UM1 (|NuIp/5N̆Kx_35OoBةRm_@jx['paI7繜-—?t`'8e[Sj]ArWHɜzQ$Yd IԂO&qECBvb{asg 4GظQ5a~ތR> 헩[u4xC%J2_|(ɷilUufV P<3vM;t;nt-feE8Rgzltb"*"AǛ|Ncg8*u #2LȰZ*dR&,fq1;,Y+a7/eG N%ϠQ$hZF+dkq &$C; QB"/lPᄵw bh`X "_5aLH=TKGnt~@4J٤ڀ-7}wb>MwVР {bldibtbJlf <9'v6y$H]}CFNR]c2 .qvT%5h@9h|T~b× z dho˫֛ի7ԏz43|_Pc3*Ƚ)/S=!HHjKwOf6N|bdd\.EJ8PRIeͳ*9>!Â>]*'2-a+ڱ:Z0Ae6M۲+:Gӭ 8!xI7[#r۔cq%@!i 0y(KBŲEX2}qڀ)dȈVt"F@Y${I8"ݹTT)_֣{]N!εwղ#CllREusm,2YObEϕd.d!;'դd=Ussi18Fq5u..%醜31H4K$Iz7"RO͊BE^8 FM‰ ,^^ ܌# zFg%v8YZ0]/X,48m-IZ1uB[KqB:PC˖" } L-.7~Tus]-EJ):MYAp(F>]KYf?d(> s̟v(jeJZ5߳rFUN7ÿ>e2$0(h3z|^7"%C,tKzuDIH'HELSg-|{MN8K1zAQO㾠~8>M|*ȧ̧FIeg/ʭGl6P-+7.d4a:h *.L4 qYDmf*|U*)`46jRݦu0k0I"0NyKyUOڶ7(q몒Aq0D#R)'x'ڂPpҼ6Ќh8Cf(^,ů:z DWQHL˜@KM7'`YŸx`HX_]Ig79gPEJ | Kҧ|W7><#s#&O?KBydZZKoٲ D DXTEX" B?xpMfFNrKndr4'ml˴lqF -5UT>a@a3hIKlkK(4A"1@HQ,0bH(ŊA(#:me7H;Ϥ7Q&g'pVw<_۷场CܚV& izb2Q.$cJg%NE%eEB٬0Y1;"!QC?ey No4Ծ-%+ U^]ɛY\6*7~ඝ'g$Y3J!#tَzlȠ➭| $FVk&#O yMP/ w8^FTk"\jf[V~cߐeqnӺEA`Y}o%0)X!SM@ys ή84}\Mu%jO.CR$B2 QAd1**)m:Gɍ~YTTk jO6UB!?+y̫Py Çif h ~ў+u]P2e]BbnBk9G;6'jgOxeFn{efAX#"9T"jY[UpżS´?> w[#oX v;˕~[5 %ISԍ#s>AE@n! ~B;fk"ȅN5T -+刅EҬ5t j<'M)s4OuAm P(H HL,HRi5͎r-9neۭQje|mBAw?[",L],ބ2o=D0p@MGhZUԼ 7\,1|Zq6,ia4[ $3 ,O.`7`Xe`)n#G_#"ρ^)}bq$:M89\>7B,} }~~ű:Hݿs\HH%Ԡ23xD\ȗRQ/l^qdEd":ZŷP /ll>#v)VVֹ5j#1jU(9_:XBPbȿ\/̈́&\BźYG6[8*m̛2Qt(ZEfmD\xgo,RΡ;Un+0"b"#^H{<ҡ8(QI*H<W}oW-=AN6h3uq~ݽ" ڽ _vZA 4p5ս7ɐ]+qY̥誮Z:M(_KdBM(,.ˡNe wJz?l&x>(A[R Awv2:*7&l`U'NCvퟮy=v^ ]Xtg6+-+n>G ^ /Vj DD(|g9)$/i(HV]DQXmq7eydaQ1GČl~Ʃ`֖V0S%5=̘|$%ƘSHVg04r#ȕV2ٶʥ 0l,|V`_OA֪ Fvit eh !ƥ!dS1==|MPT }{O?wyOχBY_TGT;90UmڑBrh[ͯ<` u`1J!汷q@ B(Or-`Jw^WWFmEGҩe7QaRF#Xz:xnafw> %`zMiM+1+5Mt-wik.בv^EOvl/\ƆHUaItj1cy7Γ8̸E>\6jA#Y_ >U˳͑ACu*T?/۟K=QbLQX)?PDϿ4%?\ff &F@a<>.tWn WVW;gJ7oa_K$, _+oSZZ OI8_z$Q5uF糧]%;ԋZc.xh3)z>;jWbM UkP÷uzxS:Ss*4^t Ej;oܻ W{Gg ԓ4w $W9JHOkkrzY9e"|lX+R߉4$R76b qճ M &G+(T< yY#q+ tne]u~`xJ]?]}_*|tUFRa?]RЭFsT~YTA*(nn}2/m / }?j -nD#x8kzNgv t&Z`E0S1_vP$VƓZ{AC1f}X?e'-;6L0,ZRSBIb?`si XbɈAɻ/xSPQ*::VOYbKDoCwQM+3*ꂹ+#4OSe*Rn1o̷ ڞt}GatX}}>gw|+n%_%Iƚܓ3Urzɘle?G^ézƾCVoH'=ZhWHly I.u$xIri^D(@cj^o4cKxU_r/zҞr=lh;I#A*CKEcUAN Jޟt쿠Ly(^w?jԜUYE(nWw:8"O=~Vsp?1X@N&@T^; y|>f[>8#S-6DbԲG0#>iy[:9<?=9sKUA($d~G?(:Ch`@$sء]0uo(y{n,(ry c 3! "n9(!~Bn5S 9``JQ159Ǧ"'ιSemI/IkvtB +OB#Q =hkw|Q̿)F=3 AũxunWV@Hi5{K3yc.ġnFg>uЃ G-t7k;1V#ytG'AfCw*oޜ %\8[LTDߤN80&nKv־cdޚL4d G;IzRs-|==&=>4lͥgx;0kxRGO9n&彰(,֫Eբ(Fc JRAzFRHL%@H4TLWWY( ~w(1H_(I44dj AO! 34sbdz:Z§:ڼ*qTHPΊ=3&M yqR@0"#s=Y/Շ1 fi/~ ۞@Dn jy޿J/V+M P ~'o_i{hl E-z%J *HՔ}'5; O,/a7U23kqDE↌bb-s}P=|?G[luQ \`4GRꘈĘ+)+G"E'( (\0Km*_1(ZөX:nmM{HFR?y $A$}]|q$)<9iƎ.dewqmq;?Z{ߕs;i>k4faE%( EBuJ2Tm(+E`APp Op4L,C7s U6_ɚKVWQzB (\*J)fr˸ߞ2h#1lTT%-!Iʔ$ wV>nYH"}]"9۟[SLn/EFoO\$wQjHz nZ)c 1OJAk^\fItI MˉXH,Pa%HaPB$ HĄ V, V"]L!X՟BDI D׋ Gw0SLRaYkɦZ²Yh$?p`cc+l, Dm \ue_,8k8}rJ`K4D(szϊ5Ka<86sa}8Z :RTKxk- ۅ, u JIDQȯ@"Woٳ5:4oW쐕.e:>/CnM_pO{>l.8Pڸ#}^?\ $+Fr R^!miXPp{w]5tc <oлmKE{^k^ oOTG&%#"$ڰ:f\k!WJzoL:c%p(r}`-=N#+ ;wukZ6j*7#ضq / TkDz)Gʩy@fP_+"QE$ذ/I"" #e\r*"N1y%%ԑzqDd޼>I_>Opzjk֫Z63D`,`BMs-jݤSt,)teiA8 9_ut ND !Pa]JeURFb}6kO0)mdE$˻PEW괱>,3̞lB=5dRW c&A 1yp2Y.Frp3xu_߿~yr ֊[d.ٖ2*՜Ѽ}7|g^Z ~ƃrQ(IʱZ'sCVr}k< a˗"k$T y슌^eUQ@aeO_[ =ar&CՖ`)0kZ}[TAVWb _VCk9Ӟ&s &D ?BQM˄G%5@#YTՋ'\ Pz -iu\Q^f!4%D:Q: D?f*PF73 ^ WgD|?iHe=r4R='nw  oW^۫/|k.a"/&****րKlq&m܅J&#^A}˹skY݉ꈭۦ'%YQ`))7`.`w;{c)nihlx>^6O+!(̜d@<Ć3J<4 , 7һ[_->(|: WJFbK.VLu9?VJ'-h c*EJq_}nKCA"~O[t>ooxs᧣ΩhVdYKL $fy M9zu+:yɠ~ǵЄ%ǡC4^n8[NSVj%N,f?<ׯULJPV]2(9VvU;w!)}ZHB3ͺ^WBG$$v3-UJ?y0 0E=Sk(>ƞ=]s2]x]rU_+ܮM`PN|.M> fOŃDwĎ0I?-()֑7, 'eZp)Guzq *P@$ *$bȢ 826^+l0\R8Ȉ>yuDžuS.H""fї8tf~k=rK|_鷪›:7ozv0s^l̸r IN5d'<1],U=}R4`UK{DiSfHM?1P>VXoR#Ks!VD$?9f.#8])Naw0GP$EY͹mvK76!W l%)>;nAQPKʇȅźV#fYO=m8t!=K(wQ%J{TAR8sU_=keѓ}Lą|} Ϛ绨@DJ*L7cx7)D ,M"mJq4luB+lbdmAi!5%(F?uX#sd'"*⥭9ZZ. eݳl2'EmRA6Wng05Ւ J{±GqP+kمBx"{ernUevI fkS:O<#5MF Ji@89D;2*W܊/[Ѽj~eY8 j[G4@\; {˓T*-t23-7V0h]d8+zbu^K7O(pm儸};V=BȈ>3_6,OٟP݉obE:r|f]>f<'u2˟5~-_ 9EE|Pˮ޲&NLc&ƎG?;cFjWmȂc5i04޳N5i>; 3hyzg.X/f]ޑtt}WWno}|3_[>/csUܫogSy[H w%b lW;&ӆH)'!Dlf}xGwO}F_Rt*hUd }|scebUfyNܞd ]+OmiRt洚rym*pڢBSҿ^9X.R! >:N v׿T<*$(T@J"‹<֯'`$3n]ط} g1T 6*Esܡp\G:U|i>&`oO ? &Ǩ0+08O1Ier6ކ,5:{,s9'-jz`=oTbP\C2#<8!#xI ƁK* `R6$*wCMJd12.]onbc srfR3UB~PH1 lKY]ڰRBe AU4 f1e 52OL~sdal /k%t\B\:_V/Ж0Ri'ވS15:cA" jn7qU-uÝ錄 5Q jpyԁ Od",mT T^b?T?X{4Ul=I/>AV7wo7aQ8x|–+N wg>l(=X.۷qښ<͔[lJ]nH<|X*SMIKj'*=+ dOXt fbXk11Bww K{dDm\qȰ?vS(\ΐG cܐTyӿs1?yzi3{oDG]lф*,2qo}7 8YǶ"m -X mV;GxKB=:WVn h[&a!k:llHuxx!Ao@ʚ-6Gq: p"u'Q V$ лs",v8@< A}4nuH8%fz`__zZjIq|L+9l5+@^!"V.C݁݅+qALWO)e༏BmZjuG=rN;[DLgE^M v (b qvqޜ6=))4EQ*R竸}'xZMVoK*.xtj骪6igwܞwnq=q: ő?& Gma/c6o+NNujԣClϑ Jo LlM.7(”dǘap]')%xH3)[!QiN;gƀN1/GE>&V"ꕾvڧyޡa'p^:/n4$2/WaNy:dBqGžո?1QG|-?#GZYfʗy'俙 ||Qv hq|Z(}R^>XSJt,#~0)A e(W bus[hm9Fz $zvƠ{^B^KA09Q걏ߴŖ=E'rJ-]6vm݈``}9GN8ΓLiVKqtU7`b@K&m:u{vͪ\~l7@b$mJ9QhXkި{Fs7!;l.tΩ~b<qH!by!v4C4 s3g5mIM}3K[[Z x Nh›kK U @?,C¬ ,YR?@ c/9@}%\ JЂ)M#ުW0=F+أu[杀bG!C,S CTs[dxvŵrT:rͩ~ROIƸag >ɷQUh_uJn]=(QK WPT "^WpBP; 88_qLp)O􌙵JVQt~.x@uk~:& 5Kےpؙ7LZ6k:VG_ . X?-=rs),7Ym<((8YM?㮕eڏfMݽ5ȭ<@xpo>iuxe?]xcP'S9l11ezm\?BwvQ~2f9rVʶ|ֽ KP&N23%nF Xz߅vkTeeqmTz{JKzG*ZPp$dd5S1Cӣdo\4w㯻 ;'1ߪ?xJ8\iB87 W@1ɸK%=mMH1[6Vb ۙun+T^Kg54QK|ڄJ֟4@ґa<]q ğu7_/JR6<`@=ޅ#kBDžP4rW Z{)RNn\ZPB0f̓:"OU8 &L.cDS-P)Z/E}?M [.O[/r40*/}X>{l@c Md(`׻oUu$h>9BHҿnJ  8$+YS/M&WaBkTjCh=e&RhU~a_Ro cz;@,t נ~kY֊[Ut;s,=P)3 zY-s )g9<ޔ*$k@*W߹E!|zcF(g,\Uc&Z̄5WhCJtwB+ɪ4?ܑ-ӬTfk1_ -o:i7\@뫕Y0?p'ZS#Jk)񹱪~wnӟLq Ra9Nj챃LV>n$fX˝ S5i8ԗgw󸩧xT06J>a5m9%&JU/ؼ*L:Ikd!id0"\˙Ox$2yz%UZ~!yɍ˧ #F=CҼQ_$j]vobm ,N0> rlt>w3[;w Ha U/=8mɪ<_iOǁ?9d]GPGD`X5)i /G ɛfIƹI Byr(an ף,wa]/6jo>nT _'I7GtVܟD̅f!G,ڥz^v; P´=C 3Md-@^i}WwڔonA bN,dL^Hu) :J@B{,P~ϔ!6a|9EYFoG{-_%_=DM@;ɪyV L%^2ԕ]lp+_HX)է.4aNT$}\}zZ4A\ݖ5YY=T aY OjӉzuoIn-PcsR:)y?1a/I\Mc" י"&ngGl2]̻TyJR<=S nSO>.0R "2 f1bhe8XJ*Ů}})Bn#U&:-&V7 V6ήUrnuaWohzL9S_23l>fB `'~s0JHƪlܼآBèƨ-?fz~WgLq 2to(AC*N2jGzLA*RFHOphnamD"3Rv3~? Rp+"G9u:]f)Ϡ'ňT&E̊_?1Yb2!qڂ!UeeރTQFpM2_og!Z/*¿~߈ HwbǢAl&-6WsmU&i㯠\8UyF]k"1iȒ)t(>V4N,聊m ?5`Wqj{+^bӞj T$МJ*$Dqj%Gҥ3R-c^6PM rW`AcF-N QUbQ͟#T 7ZPIyM mݩ#.B99_u6M@llFs[ΣTIbN"G$$*hxBzkһCXGE,k89!r9ab-UÓCNo+7j$HͨF+oH?[sҒ 79 { pd}w됗o"G?bS6}7`O]v/k㝦lzAڊ*pm y~`4Br|Q@YU1L@'Ka[p|pHOLC%}=Xt7R!Y7V| ++?gKJ QL/Ëv72$(,[C)$nJs |ks [ye#WeAc,Z0NuJ6jDoH|H)"<3Oب~A] Er@*X'sBp71#"DW(Va+rD*#={?񊛲 wHڢͮ݀N{չ| <Ot:k /l22xuLq-wPiDjKa=ە oav?pNF_ k_SR1_b vCNrpGs"n&s|HG6?;%[ "LMQjuncVO3Hՠ4c1ZBHO9 r˹0l 9u}uzPSR]: yk|i 8Fx3U=Ք?b`]YK>] X疡2~mMUq8$94b` %~w vHi&IU+e s]>1Ocr%? C PsP}9bco-k ~Oջ7+(bMaepऌDN7b1Uy#/&'ߌus'%7;8+Ugc)'(ǙefmM4>j [ƺX`Kgᕈr<&臈V'2ʃ+(<{VqdUbubwUXA?-3it6 $p[bu$6/qw4cR4LFXo rT*H8z2U ^d% !.ly.E^Ō:"J*S2 eC] eɐ0 XT'RjUCCjI0˪#1ZFsgOJ鉍bmk߫ę~Hф2 GR(Rpo_fQ7{i-&@@wf;ہ(2oà2[YMUG?` īZƆy\sH:GmD.= aw_-8r"-t`Q hV|}v*wNyHEGZ]_M3ʯCox/+.4WÌs-ߐ'["|{h'R"=I7f$h}u5?^DBxڄ "Mb9d 4]dC-8..mD(0iA‹ %̝lͥBL .;]'P6 z>f/|s v:$ ӈU{sdq!z wbT7"p%_7tmYd=ȗ1q}XE죾)WS *OǓdQ2y]S6؍.,ᆊRM(ǫtkGO=nZIWms]pBF YgM@#^!dι?jn(lwpHܘ?ؽfH&vlŚ3 Y]3nOhހC&0Dc[_ósEf78NW0VhQjU)u2~ۃMԣwDkp;:u%ce; >U/`H<'(q`{*@DClKޞP3IrK_Q΂=QkIו wjڒOr1^"J&IIiI^vZG]QpfpF͆ ޥݑjxuv¿zN`ꧾ?oطc鶆""W_ҍ>f׭:=/+u=aBx95+sTy5ŸZjɀRx21H}FgwiZLڸ݊.ZS;mڝWx]xQ3YݓA@Q2W"u^`Oij)F_Щ)QOs54kD](Jl\@ã 8K|qkbEWr؛Fܻrc[ 6,_Q]ݙ $WxSNǎ+ :]<,O~`;\2>Y#&BG; 3VrS;ܩ`ߑ)΂.ea#6Zqj6f3G;{Ej,yP!MCiQb枝D}u23#䂉+6},d#`Xy'RINĦ`P200‰p׶t>ueyln0đ`Tɔ8j63j+M~(NLĮ7s',8;'0f<\6_]P/"ڨrIeK,%\<.+ N? a4̌ IFHsQD(;Wb9a`G?VppZ)SJy 'ܳʎI ȃtO-i\b$v@b&V c-o 4ÍRMɩoouY_̂'D!hEYY( g{5 &|XZVkw] 7Jnkt;KW\i̷kޛ6a`X/)/<ޣd\ t?;'jR""qxhLbZw;~]a"e85F:+GlSrW@f0~ކ:A`D{mJFeMx6W"57OE ^ ⩰Q %B ;0Kq+= Z(q'DTCȇte("/ܕцFÁž^( 705+E6ؿ`0sDJO^4s`-G6R^ Fy*=wQlYݮHJQ'S- 'a0P2QU۪K~a~=]n4smpFE .OG1!YQ_bQ@U O'X0H222h M:jQ3` C|}ʹhԑ=RxG0m2,uYW1}jyu3 W7(1U:JnN KJ3I'D#̚3_k#_QuGxC?ҤV'C3RX1Xq;ZEOiKRu1V!'$2:Fl?erm1:RFY3 rh֨bݳ2n505s?!ܰtS>z{:S#ר.8d},H `%4hx}lW%4'~W2*S[ VXZŸfYCP9j$r]i 8_3v&tOa"|ɪ,I u(Qq;缦Xh#ftEY3% 5%1$ e57 &jgK{hjr>*lF]%kx`N"|+tJN 5`:eTyJ܎cZTy 9ʨ[ .`Oz!LuXU9xDA)/A<WT١D&lh2dj;Fuɾ) x ʏ1,Rz6By"m M}Kͯ_bsW >{3)*|jh+AιK@ =Z$M:5+5у3:uI<}<[y q D^aUŮjbƬےׇFC|_[Xm4L7-CT"Xp>^34]L8~1gknhCs&:3` c{&Z9ܟM'/ǩu j,tN*0<0E?PGSPʧV :cWn edk L#.C&j9yFgxQ%jXCl>xwxŧ$Nrkjà>I H'Sn`,MS|5k%v#,.$NB.Y(@ h#jc̀h"ţlq:"dz =T,Ӏ+,\lV#3&mmYv;}]rd:Z*I H j6c4B2ЀTWgm~r?q*+QӃ4ȲQ'$ލQQp{ o# _`ӭt amaW9:AiFo`7OY 6<%F2y?tPf[,Ҩ֟-W<*s So&3 򸟎Ha4 +c>^.fIuo¦iUr£>8,.:6Ht`9-j1/ʹn ={_+((z,_PqA>QT9o6 " cͪb#Uݥ^좚ƌo!P[Ƒ(U&Jɭ2PΓ.o @`Ѝ_cWϡso S{C:Edd>&tb-!e HI7~D (Ayk@s$r0܃Q<ʧA\Ŧt bbPNii+!)[V1D£`n/;44|}Yifֱ3ŗN/q'͛cёo%3%f.LUD,(ƿ tz>F0bρPYGDNz#) U9.ԇPCEn I]ݓp+ׂs/2?wI?؜(hj2r5PXNVҔ:b7,8_ `[)}3v%jˊ;b?iC$Ӏ۾IX/v M/8~BTͬ2{/! t,_=4[ A/Snd*ǝsxז/}| kF9k}o0ŕ";iFH-k)9_+9|J"ŁTO k<:<䂕S{ؑ)- :-DRY~SHw;v}y9ێ#nD@&9?JZYJsDܕJm<+dM3vbe +&h:ft? ,,28ldV Jy:u }b l[[KMҍ$R[7XkW\Ak/wkO[4?Cx f$Z D$f=u u:'CK7C@7to1aJ*?ƒ+8w&sKgKEv Άrŕ$*uc?WMr#s]G+"E&@|Re*@\u i&߾.}!d6fP#iGZ澜KC/{z%aCЛ / 䁿޿‡v s4&t⢉??UTM֎NLb,k˽%/;Wl?FR'~+t'|vKA5}!<62WP`)WѝfcBrbZR !BM`lK*r -4h/5fp; Zr ODNr >v~; `/Du|pAhve+=~w^=/tK"wymw,vz fD=d"@m$N"`2ˆ;"(7'!>#o%d: c}LʹS&D>s>?׈G* ϯ;QMQ]Dׁ! ?2'A_1a$ ~^Y/jE08b>,Ȫ XH~_[{+ːC+9τk.W\ƮuP. :X= |^wqʯW*l8@1* -ymB}dAf:_i},8X0g)&i+.̊2H;-{~Dۊ͝} in R<=Sd!&V2WOj'ws AMD `E3Փ\#;z'JưfCN&@ۂ@7XO#YS2>~=bK=1'N`@Aejymk1v2)nGpwF?l,#ID,k0|uc6 =Y2bkcL`,[:NeVhĕ 93z]N:=(?hH$(cTW0Lhtj舠dͨ*09MU>k>Gҡf ,6ȯ ͺcB PD+Hޑ%-+3nդypՔ.ehy[ldIp׳v_R[j?d*bF4,anyktAZ(>'U9g[;4:BQAE8WON_I֯f䷨z;Iy Z ؙqDnYWj@ Gv?ÑA"8 Z y$v ^,UU$*,% , `:X$,5\lN*m 7RMkA >5]ǑLI#pŴPxrYw'ډy#ǧ<=\D#;8YT ꁦɩvu## Dpz@{H &wwլx0w W>%y)Ǭ1eN5hè-uS blִ׍ݶ;{ģ,*9H803 Q&1C.Ld0Q;tg̥^ J}ҎGzdDFB6Hآ9k2\ZC$XU]?z(bB8f87M;\4#EgZ?lddxr,CB=#[o"FVz~rz0O ;P:RECYx糲K*#ܙܤ EJʺ}PϪ~ nG"9qA _{&y# A&So8g =YaV) J?1i̡w,dDgH5+/=w]Cwܘ'WTRGGW4z<-Y[#FfS"aC(Nz~tV\طh=i?ErԽMc$UVvC)xel cx(*ȓv>t O&5WT2~h(i 0ٗ95*v"u@_}U@$> xoeӪ+a[Dm8T'Vקg2B +27[.5DG۴~fDq2%Ҟ)jaaHv}l_n߃n,K£k%bUܣ hsqĶ%ïi|هk] C"WgT RR!f#cABl=N&3!D}E78[ioN\jFWkb8os sf¿5 [ )bnNEe8/>?]0` X<'%`+UyVxYގY-5=~v K{I{ip 6#4H J4ߨTkdᒅ:D K? :~RmTkw61׬O (PqAs0B&Mvg|YMqǧgB/ :ɔXq.>}dMj&>Ix5e3N8+o'~ߤ|S eňm;||ܝ݉Cg>FܥJF\? [;T~ș\:ijx"C0h,.l|: I ` -Z/vOR/ѭ1l4.M/b9'v#Xh`y97~6esG CUhE('['op\: %[%+=b Z6 cJ+U :Ou? @^=%;(*%UqOٝt 9}2Z!H),5.nQz4PͦRג& j#*?ojr7`kl0ʻ2ŊeRnN6qEO7=αQֿtLrMO'1Z<^<V 2o!>z4t!Ddp MvY#BOs$ %UA?[w!J(ó(յaX52=t+O)NYDBOO/^ (:崗J&N @TkWs(QTKpa F*e;uSů0N`*MoþQQS ^}mghd{uP[|*]FCϒexoP[O%~^vEӟg! iڕrL4E4CO'"W*BZ|1EUAS֤C541TFA3,c`՗PdhcJa1_ügfT4?Y$cLbd%eѫ'p"^\)$ssDEzKMt QqHm '[Y Lg)uZĘ0M>WTgA %$H"҇W/U=٠co}:"Op2)H{EBn|䞍稇6yk0EdrGۅJDPbAom͢;+KA0l-NYVY Q|pM}*fp czV]r;WY+S+Wn;*}|HVD={0E:@uOnagzs?ZxKnLBHr5ײS/Gς٪ú'%unfBϏٗecG7h)`')2Ei챇>mƃG/ 5dpDXbHH{}OmW, žaN(EDc)2#H2׫D۵g@,U@W0^4| _γnj[ua[g;g[~)l4T Y߸@9GaV%gh[u=:#KNByaE)m0\W>2Z&Xb{ `MyDѣRe|'e{V>H;LOs-bXBׁ-|Lbr9Jif^aʎդfV+=e^H|K&Z>̫-fBbqd~V]9E$ʢYع_Y,ɍ) k/}9ъLL!n^febc1Tw43SB%Xȕld6zVIMӶH_S=&`&v!,lj=z2 i<|)?_#kQ)lb|%+>5Y)'ϬWIJGF&r SolR#D~;^gmYEŽ/55?uEǣj/ h(NfOsP'dyt&&WCLą3Neqkě Zs׽-d Z 4$@jʭ\Νhix7κ`1x15z XK!3p0s7!Ys zmtC5Zֶ@Gv|0,(pt"a5Dߊ^nLm4eM6)c+F†Hu":'6Rmt 7 i|#y~wF4F K)12u$Q4G޼.40Vt^Az@pFxdH4i0k&:vBg+V㾔˧Ѹ<%҇0EYi8I@w$\m|4 FsJ4ҥg ̟U!Λ"F-{0#' b 8D~`6] лX`\>;<"f'gā gbW(¥j"H [.ئ{:5;C?zNN.|j$Uҩ2G"*+iw;z&;e&nr}V)zv_.jfz삁p'8+:@s>vWVdr^~kug+4h Z~HP= ݆v5+H6ɩ׈_ZAK S;gDA0ѿvwrVgyx!tS؝ oUKԀ58:QMXzRi1\ p_`C0@4)*i#<-ySoelh(y~O8LjklLJԈ uy획+7g`'IM?vaU Ji@m+ I* /p[Ⴔ>Dkއ,܊Cl0oc9|0\U?)4"Kp+[Nܚ@T[&9sQiY hTaKj +ŐBD`~\w 2 )K /Y؟w8^iOR[Yg R!m,?p ,ܲWa6])aJDs@6PqVdopgVVz{lX>*F;oũJeۮ?&3) .qZp,N8'2(K6(EH<N=ރ?XB_4f".+V#Ԟ yAgvz0<3-QrA@ ȵBZnbn4QVsMm[CkP'>ơCynT4D:u9N~:GS Hb{cҽbFQDŽ!>蘷E,sIjᒰ 2s b*YzU?51h4tdS3Iz-5ǃG%ݱuqZQΙHIMPcV}ĉ9FܵLsVM g;]I`@ cm;^}NN[-~Y XzյɼZb#уTWfgZ˷d4.~[Ȩk~Yqȥ5܀([ٸ0b*H$l-#e5![l.f1!C|V"}7@Gh>{`KCʼ5OX=!ZlNhX o|7]횸ݱ&@^Δ!Pט``Rҏ]Lpz1pj6D<$_nMcrE59%9iFeO |S"!$lXo={ H4O-&S?[OD[-*F5^Pݶv1S$bzٌ%{kdnKCYu_:6j]G L};z됗ةàS8,Ԃ JЇYSjPRwUK8iY9 w VC0sh`ҥ2D/3p&AWvXYi}V{ 5e)yFβ#\ 9Fb` x'+fqc 7^j!~9!Ac+FiڤaX4ѕt-1P]Wx0)&&͸y͒5W|^+߸4 Nݏ})YpSngl!CU ϙ5GbvafLd'4=ĖC,}+$,xi`Hz Aa +{ 7adZV? L0wtj#la5B[m&6.+25]mJ1@Ox5ya'Ϫ̿Ky*v$Hm6W_`Qo*l,=;]]x`^Ez͊$}J" 8I;JrgA%-`4YE?Ӹ4-V! %vdn97HV lxt*;e>AT~*?a3-sZQMX]+Mlޢc"gm;C4^.׎wK}g5$|$AvF `@Mh66(t(#>/&AO~@'}wI(s9oCPfl5J++]&|BF1>>Sw$&Kv)HxAsFԺ=[ G&fɇ< 9e]E= "w,dvn70LW2%چQ,M\xwX@ 2ykEDzTG *dʠ| 5 9\/"eHg=^;"D(1 a @WkZPmuUujR q˾ݜRwmCǯa'@'S)!xb} Mp,qgyYA,NyvO^ժՏTpnP99yp7Gws4ߚkyRX#l{>|nMT eyǀz* X-rs/_;Y+M&`RS( U{Uv.r%>L7Rq#u7A$]G"⿙s|8ȣ ;XZ+&p3@1wƹA,9v'iu&u8> s 8JisVW) W8@ˈk &Al<Rߺ&>i~Ċ*|Du5/5Q jh#s9:sܶ nB/w/XPEh6< 5`q%S.l";,F"̇ss&.ٽ=A @ /8f3XL^e'y9JpbF6$TO|iȟ/?iLD\Ŋ GhW 摇zg&˂,}ҞtaKlyY/˅gmz 4]%"/pƵr?!A2W8캆 s՜#_i䙠d Nwp)ƾ܂}=F0f .@l1}:]Լ4.Bû3Ӝ4MwVdIQef=(Ï ϊ.waCD64o *c`)738|fBg80O%ݞM邚Dw,Gm,CV ɴ:6L7|p2 EЩa0)Apӆ 3Q90J7!%0Ty}EY5TQ20(}EW'quE)JrA37FSFTc(@p֤ 3·[u]| nF\ TV6ޞ8DY3W*GHH(y_e{Aį-ε Zb,(dv hhs۫0I`{T0=-1ib:kK*휄0\e٤RSdaXr R+oGKIm iid,D V,d`UE˕^g]֙%}?DR1.Vd)C05xavPoJj ӶR?k v 3j-3)ϐ޴,ѱ(:X]\S /'7k{cc{J߈09) *^dDWN= ˟C&6+*__\LG [Op'F,/A)ɤql|4qMVvTLW9N`]{{\8˭80Sx %|rU(qyA'S:qvDi@c"xw,1ߺR $_ 1gbJAhH sSU0m^4`p 1v|HIֵ:ր{ ɫE8}kk*[hS# 9Zղ$.Qӂk;b'&B|l?‘DqЅ+]j ^v7b~8a3ݫ%8JHWGLKxƑ_(W3LҔ, ^(GZGpyUH{& |iRd4ע/ 1hcvg}/^sQydZF3̄SW`󁹴͕O­C=n ⪭AۢK$-esFul?H*X}ft2zTca^tK 76@h=6 -UǟXgK h!uC΢d& ݆϶:3Xk::[56 :epI ;dny*2+ZE)dMg/Xǜu1#L XwN.mM|9;2̊EŪGtb}- ~H K.|i[Visn)IA߭\;JUWe+\`" nz\hJ<- ꋳ§@LBԣ[ղEojRu *X`T@fu:BQHU%n]%,< NlwZJ`!M$.pL,/^Q840nL>Bf˝+NPMLywVe@gS_ձ(T9{)}y'g{t˼U\&X8xyf+#NwnYw@R61}>TМܐd`!SJlM(h?3KlW~>+- [|-W%T@BKgPYa՗UV'2c`˕o`&vc 4?{΋Jɛ9@!^uV4TACf|/o1Jjb`wtAϺMPE hɳЫ;]{`'JgܥUfXPCGI$Df7!lj~%wp} $N /A`3)JƢXrkU P@N= 'udxmW :wrLI+yKyX-3pQ,;XullA FLcNSSEB^|4Ml2'_!p>Y@c>4ÖN23T 3CEL8k',1E]wǤ+'ύ@/(ݑ} ϰ Xw01FTp0kwk1~CGkڈ֕Cĸv:&k$>%:+o y[6m`AJ61fyױc)jw[nVrO^Oz w b;%&3141\,{nCCfIkV5Qɱq?C>~?\I֗;c;F<_WLXL/`!RItn 1L5\pBʢ}(pz nt\x|sYD햷_ Tǥ׍S2{CM`Y5BiRv*gH1 /S-"gkk5O4HULJBi A;ll?G+6Ktq>uCW_1ngYs`5G0絘 e$n:]Uέkr"^n4 j O+N_:!b-dt~n-2S'.)!`)_ze7 !nJx*t^lNދ2ܦ? W"pog;jP1)GCn;#UoYP#}ٔBa ,ׄ~< 77hr1|삧B]3% k :2ʓ.#-Fk㷇ݦ\A:س!R@kAU~P؀3_p[H1uojQn^me5$R*`7J #ڌY!f̀}cfY U-uKpS7[eڷ㉵k :>'OۏaվSreDV$U+cczqd5=u5RXM^cr ^E tMe'Y1 PYiM2S.:) r sI8 | o?A8v. ?h߆:+*brww^uxr冮qIeS"kgh%Eyg}LwLēRN Q_tBڢI dϤf3c׎{&JZm@&y7Ϳr.`0yEUyI DcT:p HM Z(%.4FϚ˕U!(phV5pvtŽCQ× $< B؄\/w+HL7sE׆ѨPz,h{˜1[\FqN%$X!y*F3=Abř$(<9!DIH2+ hHkI6X Xpъ/ߺh~֭9_7$D=4+p'V4XPOM[rioV9 ,)mwo& Æ> @XD||)ʆ&j?oJneV̂,Veb=|b 2vci[5.ʼnpGqRa"^Σhawe#2u~vCd#_M#ג]e9.u=w4RO*(hBk E|PAy"Q Fw\ GhM4ꂴ Hs~Q[.)=MK"6);|Lj[E$zUzt QdX@ et um}V> ,,/>%ivZ_),I ͿY75u:g:ֈMBUTI]~{BkѭjqO$~YhYL{f5WHH-N;0bOcl剻Dk75Ϗi1gR}{6!^c:A%(Ll~ֽwk ɎB\E 567@uX õ5f؛X *P$K9{5ai wSݢETc&![,&)f^!VHxo(kqDFI/^BX$ Awh0o!A]@KD>n܊)W-9$ZEжuYdEs f$ӻAϧ Jx:qaw3=]TM1q2=ۜy}/Y!DŽ4۵':}-u+:[<#1QWS/ϯ899Eܧ)wj> 3Rs="~'tX]P,1#w:w`s9yFkp) \m NB;e']$Ne܈Ec%M࿴ (lZ'PGs&>>^yp/΃JE dYze8:,{! Qy:lO RLVnjds!g/Mh qޔHѢ5(u&,w,U [7nCDmtم)^uos *o ϙa XN@W&W8lyWzP}c=t DN ]iBֽ_FY捛PWl(䢿`Y$o QG5']8o(Uv?" ,$?( 8N`[kW\35ijκO2B7jMϰt @!a*1 H$ʨF`.=oVL[=RVuvw4"gkgNOljP'jxܰ""]J7=o*<c4`ʦơm$TЬ`eѱ/De%#_ γf$6ɺʠk_UUة̴LM%>MWyPF(Y}B&7ć1PdgUvEy7`}L)ozraML+"@ߧ:L,vE#D'$3cI_dVȠbfcwٱj aYMva\/ӗ5ZW /V}]۹\7hE*tF൘Jν {tG-8YB tvYKC,7>s2lڂTSjM9L'_0aYpLB\9g*#F dFMs΍@!=v0`#,ɫ5-1Ӯ"pZ #w>(Ňh|C<S1v/^:r'̉lk$nWF srJrxQzQ=88CX OKx bJXnr5͛9~K*vbSɞ"x[|ri4TvuQm,MQno1XL)ܓﰋҳn7]l_3|@,GٌTowm>{7xڊFx˄.=R1l_AؿW)"d1 H;gX ѐ޹[SֻVmۥT;wq2a669~jl}c>2G 3 o)KH<>^eؿQAߊ-8̧VZXWuqӽXl׃gs=}Qgߺ[ro&,~LhkԥZݧ`-H+꺨:xO߭Aƹ#lL$#nZ rB/;8&@ 'ͬ6UK~9 dň}*[hp&/gE 9pO39,QUbc$dQp'XlJ coڋp ׹«73=0,&`YڛeQwi 8dtu/lcѹ$ډ4H˸q~rYU+Kyn_'^W1dmŜQ97@t>%^ /ɯæFeµ/I]!=YhrϪG &Й}}ƤLiVpFHOpK.)$Klj;Qn3zbsWBB 11I.X2p:-ō`R$.^b>,)Ƙug3խޛ&JFnj1:21ݽxD9p3YhU\`GzM Q{+ Z^mČ~Zo 2DaX3iVV{ІW{.+'|!)(ߘ r-+ˊߞkGN+']-㋵Vd08 Iͱ+< (En 8LQq7M ˷AY!t;h %ֻ Ud>/Tb+ b?Hgd8}Le*&!&9W/\r9y-$(X j"bcp]5h?Hy /Ep&5!K әcfGhyZ]{PwQb#/̛v<:H$)HYZ꠪X)d7s# CKlm H\#nI[$j#'~q-14%Waֺ֯ @5[o!!ޥgBp7zT{oq~aKƔ_K#2?F0f+B{ϺPpu!1%,2"2&3pZpb]`? ( ` 8߾ 8! Mؐ]pB ܨ%}Hgc<]liO/\մa4^YC!-c{4J)P.Sq*6F;ΒRd/}G1fĥL k;|衫Hی|CR?TX綴*2rowmXS5YAjuб_`+M>ҨD3&<3Nt5?<4?"1?l_c4_5 ց8Y.h.^ В&ʺSGApi7<58-~![D7QZWrK*ȭ^:"SHf,M-V6Z}XO50W(,l35|s7m< ޮǥy_7usp 5'anbAJU5َ Ugԥ~Jni #(+#)@񫏾=;e#Z'-':?rYXZ_nȚyq'`\0I;s*d+_D~e]/9,*jqqwD'p HVj IsJx4B.s[GgäF6}糗N}F6J"u _!k)~ SvE-\J웦tܙ' ъa>Cz N[B+RSKy1ͥTD7j:սRA'4*a@؍aσRz+&" Q?287(pS@$:H+| z+kZƒDN"[۟8tYzSnR½]b''ЉA ' []Ҽ[xԸﶿxPVMuWNeE1ro;x&@K^ n!}j -i3__؎U #WZ\?B˴l\n[1Y|Ifd t:iѡ߀̷NURmx|TR*牺[ 㟽F,,$qe ,ҘrZ17:?1p* /!B~U>]!nPNTțwhϽP-Y'ūGXoa/R!LLgSy%>+VF vpdVdܐ(}¦f Ǧ,brrtw}_ &KS0~]b=nPDl؅ڸe#Q눼~9 :Zq5Gu-Z i2aASYNX8 C7p $a|,}C"r1 Drh=Ƞޜ!=gV)=^ u՝~ݰj-Lj1vջoIzE@N+#!:+0Z9{5n°\ŗǣٜZY INAX*txإTݖ:$UWg@~u M6KPDPM]z;##m_t9 *21 ~%{D7lZ3',kupoʴ0wVE`~2ro٨!T%iʜet[Oz< FZN`x:5~+бIQU]bݼʉ4"&e$=<ښw.U5Oazt$>z]7Ak&8G񮳣̼)=irAst_{ӛϮa/٤Cls~l a; Ua03; lY(SAW4jw䡱΅ 5?¯痩b҄iz>mH c6$BNDsOw&Y|3?AtbM*!j?)@HWRzDj Ta+,I0 :zMEW+LI hHeP WbVYT\>{vO[o}h/NpPmvpBc,5YS=H%>kŚYΕp{e,XpY=!ث7% IC{B$f3y:/%b<`6#%Dv:8B'CD؊S#&H=i~[XE3sA+ _8č}##R!\UftwSC(u8 Bf߆NHSzd]`T$t{.I\#Pu~*|!'WU)~YsW,v.:.̊ÎZ;^-fc#Dp ˩+yCippğUP^> x L~𵴢#'![%3CNߑ@ uP!en2pLdHFXrO3W 6K5gY.E||"@r+ЀzUp(OX x?igL%#gwwJd`2H_Qb6oIo«S_q?NcBt0c?uX9Eh!0o'-!zv<]LMȅ~[5F<2W*QtXXۄBEIzѣ1akS@Vw7ٷ4MmA|ZߜU6 !me }jj"#/E,Øb0HiA_0͛l2P;ɫd,>CZHγ}d1n| D oѝT~5ܛ[i^{[aX)7-}_s>%8' tՌ?C*pԔBv"q=r^~ո'2ho[?q<ٚrʿJ%̌YO[dP#HHm{iGsT`sN|iKTJ1TPӷkHǟ ekUE0.6cc8'Uwx肑[(ΕI{ /7䨹7}(` У%CJZ8hE3R" (7.mA+ a gCØ=|\ 4SV,уVvyu?"@72m*aF&x̑Mɓ/MlY w~f`T\i1Nt͘-:xb]r)q:: u\25byCI"QUI\ƜNjLRӖ w4PF:hDF4dyV,,)-㕏8&`Ոt"eF$/|(lu1R wK L > BRV\ułL\ٶ1R? S| uZ$fp3-DĝN#{S({l^IPLjKkVSkJ|8x|yߏEF UKdm$V QYnI+e`gnƏB ]{PKM J0ϲέlVߨ5.ʽV tD3Zp~e*e42E*i*Q F6r%7"wUJhVF~G]M x< 1 Ed:Z.6u]AxWMu}7,V8բs+)C@}ԓO5/K/3!,Npmx`eר`,AG-f_57T .qrr)[،~ \n\H|{gw%\"ҽ@Pџnh,H$yKJ "a>_Fƨs?\QвU[IĢy=Yx21YlЖ0} +lg@YjN=W# jwD&_dDV?zr[! 4g GEvfFnZJՓ1XE )c._ݝM3T^$O@:f2$J4ES?Q>Fs`eo8;[J &;kT5 ka/MSY0nFӝmDޯ-6]c,gɧ돩U;"hH?'<*][,` z{>ٯ6kqħs` H!N0W8oޮZAz َV-~Ox5Reh~2: u(^c@q>L`H?Xiܒ9tMH- ,+AHeZArL 2ûN-6dR-gh%! 1eG&4 y? -HQ<ǓgP')gR%(A@Y@"2JMR#((4P'uO`,E1Ѓ&gm8:El CUfʯ0IH9IwBF+b7,uX0[8^s|0谿ή 'hÛaUyؖ%9p%Z !Q!y3aeR)М;xA8HTڠEl7m6),{rktKPD0 rkCc8bqwy+K-m>,†4tG$/d.s[ՅȂW쒌{yku&p 1N |]X(#C'90O, qyo"Ih I⿯}:Ǫo۵%U>Ji~@BZ`@*8y)YHr;!sw+Vb]dsGoxT1"Fؖa4IW ktQmۈBAz HfxCzVVIDzXOQ/kO8\MYJ3XdpxZعnWjJ ϗ\fdpAJ~d/TN53+pG_t^;\ڻbw ^y_R9tM9e^(_O7m{h% p5c\յڬs1N9(I@./Eao&NdBr}%YF0)j8wq͍DDm)*zӃnv :*mo0P4 !MufFΓy&dТ+TBMA~ɊbJZJѬߖ顉utd{,r3hC 焐vm< }!|}JD ! 8 (gR9" ]c?%KF](%+^2FS`_Lb񥊦M^yQ_aD?uɦTHO\g\SnK@[:+:pkh,?!\ݦn}qSTu]ںtBi [3p[Re*M3GLxێK4Շf7WF?_̪vLⲷ9jGD>UyIל4枀kJ֊vdSfec-q2*u=}tiFģmBM2R7oVOno]=0l,J\VQ+8AgT7r#%!c+vHr2;>[_F\V(er(j/7A$_n,F\zYhW7utes'1rC21g9vO 3y-v~ (_Ѷ NI |WM-]lcfZ 1<{hLWa- h6-<_wg^4(z!>Zf.&boQ5v8X%D*~z}aĺG`;-%x&_!ĺ|^o$a:w?֒boZיLoekyU/9 Yh)bS. Ή$7N}?ӡ@iU aϼлyf%S[M5aFN MsNb6\m #Y !Upiag}]*$$tJ~h߃m:+JPCP)1ݣ}t-|V蓕!P,x40nU*gC&2ʍdG?R-hvQل$VJ5(G_7{IAhBfRI+ ӓҾ :e2ZfPr|9:+ gm^uA5 mR߲ID9 E-'ʴ58KV/=+Ƴsvmh̡:?w d>e3|} }d":kQV'J2#\l=\Ps)D `/'&mt @LkNCGQe)k>S梚BWhއzJbg=Wfo h;^'VRT]ڷ8'xѷ|2l 7j*FA J\lx}NZ<ɖvg% Zbo~ϸ݃84F/<& 9&&S:VTCGJ"02p.1'TcF4簝MzJIh^8[MHAHpꫝFٟP _LJ 6 HN6|0.[ 8"igxCHmf 8dG/6 ~RcsPN,4HdmeiA.B/=, $*ΖEI4lM\q_Lea)йnꬖ,f`gaRkqcP*ϖJثn-j3 m3.;D=@~5xW"  tD,Y/C~kFOHXS_eNkk4}Su/O6hGaG>%NoMNwSV)׏}jk U|{CeZ2c*ݙ1@ {q٪_ӑ|`rU4q]5"4HNŶcp^9AEJ!~{ag,JP}T#-g rvvRF*SW&5חQ,vtVIF[tvxY$RӉCG$;0WEIC.xsPPbC ?]-Gd\y4'?s (EbR'h^G@o9c|Ed#lvE`\b< <'V_, Qz^{Vd \ mH+Ŧp0ea3;Y\v/ |;pQ6)#`>G3FpSZT(%6 nU߆F&'eL WD2B?7- ?%C\ߠHBs(%NKYd u )!^qXM6vF ?s1 y'`N6]6z4Yz@J(g$?ҋubpRVHV 3P{0lP"dbY~a as r+_e W]\ XE` n7=-02 ٶ[ G\{"sPJtqsV6κA3W[IMYi10bH)N>]VItƲ& L4!kV` 6H\N<FstlCr08by1 6b`&B‹c]>U#a2GMCcakN;Nw#»$pTyB ރ#h/r,t?)bUk)uR;AMwخ#k?a=l,KWŬe8KK`˾@IXmҍAf2 T/{˭,'vSkYZQ PHzO1#2XH σJW5 ttUp)J.=henY_<[eP=MS54bȪlĵB},f0U4+*5˚>$z6 J&);p J҂*oޥ .<v!ʠzǼN߭G3D!{] { '糺>b: \h<$:L{~2uϼ!,mȔ+T]`BLz${; av6u DǕ^WS OoA*>?\ RJk4H35Bu\`palCw3,@ rzxj WGx4\{:\-0e7b YC{_X*mw4J){^(*.@-B$?$FR C>/č4B2c gd tJ 7MgڂeKh~kfU.*ݱ$$:Z`",`C5qC{}BǘimGuܴ.sp qIVYZ䷴۵ Ï9U5C"gO Jh)\)lbkUhyϽek]rBId4͖~$s͍=$y\kS G,\v/Zj%:llVj)Fn8sph@"Be#Q/kq|e"GEdH=U8 = 8А,E3 sę.me*-ŀ&їSǼ*Wy:P#bT#<x*<,=Njh%)X񙣊mka _dy SƉ`NvܻΦ]˳ YB0( 2\Lj2e!\(Ixr#WVdWE z- NīʲiKٗuEEVcW%kgCڐ0)8䆁)3knjYRI2`vI'P+Iv`}g3Sil:r{̽mVz1 ;Fn >cL}<ﱺeO{ޟ؈0$uMgφ0bbQc³S&3`>حH?XR7GVh7ߣ,uꊗ aUh?ށ庐OZDDEGX{טX^t׼]/l.+]!XW6er ך*=3K?k"籭39-;f鎊x1B?D:vVNƵK`ybG|u@`'z*fTLn-?Iqt{5Q8)VX>K|jY2W9}I!/.0ai٫ )2"EԟV`Lx`Nͺv` ɋ2Q-8RTA,1S12j>Gl'_ӴN{oIuɾHZ^> jqo /*.!ZMG6'-Jk87Wwy*d[#)s'V *v/>$4m+;u SP~KN9o8dǬSCCSc=Nj[PwKΈ\3N_Eh(@6.K@lrMOP OVLPn,6YhE1\\mi{[JJ8Q>s%e}0t ֩x[ W(>X$3ϊneI3'M#/njjSC|HZMZG5fY ͓kd5r׵./lYD@J/(h:p?(xɊI n0 []^t Dž8d\>L"L5h=VZvoKrt.8,Q-+ִ &D!m2a' lji}-=KG?K >#]zoJiU: 3+9uBmh zݕ֚c\qVc8rT[!qӷ>V&6Ԭ t!kaLW\"M)M6PعigT$,W}y^s_bG_0]V?>R]1 &|FJSPoQ< Iu, }Img0V_cgE7w279Br61H5n.Ba3&QFbnZwnScyPM4~A%Ӹ_e̥~*?q|IF*MX=%4{{Z^Dɞq1QlʗDoihJn (L5>VJŊ̤""_1_=E{*췽o,ږ]iBEupTb~NY?|T䪝Uo'?݈9j>'%z`WpR/ڪyBllT(ѱMxWPIGV O:6W"̳Sz,P_ă\WWWˬ}'KV1 -dGNk%RTjдd4o]aae׽PXWBdH;]!mpݑa),Ӳ)V' 5<ULrg--XpiHNV[SuJ*:w$2j(&ݚzᬓ\\63fYj)yքPhoȭz3UUfYocHb??!ݺ|q%Լ4g.nBa[١L0, R.`Z@@6wIpdTm>f[8RֲM3v ]Be)JhĹ;As$?Mү%=qMV*0h| +#Xa{mrc AK\y}0 < /;O̍mM02%}Ľ^s%c#гAhS3nyu+Py3 9kˤQ#˗q-fj'Hs$rv) y8b쐷O Na.:7%?rڕYaVG16Y.G<?.ad׺I*BQ$ O~?~vTv nU*W)2Ey;iA(ӔMBEtTqIoki5K 1L:܇5u U O׹lPPOI{S#5N(>`ȯߗ@:ʍ.5cߣͧ½MAA /hB:&Gx|wH+} |ZP'Pl5)%-dWh:@LD8ΤDk^*C~Ӣ"?+?U $АSXl U>X߽CVۅBڔPSnP7)ƯwͰ>d4'yKul蕣҆{~&jQ.XQ '/ -u! i+2OSw_sҨbҁb*Du#3é b#kw6rP6:#UkX4ͤ֋Iu9Voz_[i.bʧ!o7;}GȂ,G{;n"cy{&Z7ATCv1jlȄm{4E{w)SII3sLq(#,`(E _,6S 'R}M6WNC lo/Дz!f1 يHUmV@` W)z7VtI?н $3 Y ~e;$yRZ w x/E[3 r !Se'!s4-[&TXX3GB.lB;sXc5ğ0TsuZT<wLGk>< ?~2v(n* Zuq{Ixg6w֢x1낎*JM!) ey>^TaNﭬ6Ɲg0 6s;Lk_4}mWhb\`4@1[91n%ro썡q ͮ!xպw6.!P\ p&egsel;W,%Ws{pKȝ<k#]^iN7W#NZ]XyX$#3XlԨ^C '؇eF) O\jL8Axmޔw۵= jv4  Ǟ.)%Oeh50(TwwWK#W3%qƀ[5g{/WYEyuW!^56 0git8j"FCGԮhbJږ7q@wSTZ3WJ%֌4_vGHETvEpi [3njN#*A 7dbJ,`_4E2xz4pJlH∽胦K fH7U ֣b=[}V0SV&; %pF^\vBƍ*Ja20R  p'8(QN[ F:ܭ *NeU{NQ$^6mB9`|>8<"Qw(Uj8iIvHdzs&&HtTs~td[q+= hրΓ=gL.x'FYFwMt[=m dc@)i'ǻ@̨K J@1jvdǼH<".pq437z%KMzacJ|G7ܿh7&- l"fJQb}ri F?zۘ7]wMl7rzAڍ٦TQ3.V[#;oIm<Mr+Vn!O {s.4k G,YnMFjsqϕynL雧ʑ$AyxpS,l@ʶ`5{aT4WL`seɐ/µoli/ƊgIOg.z! Wp͂qbK;S"s Mej =Al.;6C,eGD&))Gt\)OȡNFE{unW[yVLa>D= bu\*Gz\ -m=Gy}FD o+}D=۔kKRѢw;.tS˳J}8 NU=&s-|2ٽs_FF`j&.1YXNӉژ/घpCU91K^`Ԧ{ߡ#w0 WV Pco>p1Y^ʇ"nh= eը@(ayᄿ|lEMT 6Cusȉ 1v;5sQV@o(1ª<^8hoa-sUn홇)B LvY(r~FRD#5B/#I+ϩ ͯ~"H(>̔g¤qf<4l  僼3I;4ǫ"R'9BQD}"+d`Y[yQJc|YpD8qSH ~D~4˚;hډo^;E̓͝FmYAC3hc2ITc5Tzh)2XOCnΑj| GX ả'}Džu7Yld!_ϴISR8|F);`Z3^1~Mm㷔>LȕP#H12,+RB4'Ga5vZʟ_J:pM5p=O\?_5:d Xj_uKGRktp]^7뢱! qCpJ` baRE>ȣ{R ARW"  eslη,+xX죁 ) Uax q *`24ڛ1ֺ&t(XZ&j9\ogFS —+a#M]z DQ`Z+ؘ#埜r(u;bކ!(Wt` -–`i=(loẔ 1CVqvvP}"RĨyιU?$\ {b3‡*م}Yʆ3ejMR!E}Bw6_à3^tlsV򅆹c7F'{#_TL85~8?M*񭩉y:Xz`k}~f 0uʵM翲Z/3o69V>^x?Fbo>?'+9gQ/` N"IQaߠ]gH8OaJ 8VFl`(Q boJtʭl}7B(jҿJ1*-9mF,VrLDS̸|Nl; WZmyKAHr?C&<ْcZHUji9{I(#0i8ؗC ^~1?hAFZN AE|^E(Y~fYTgĊ ZBÊ}Ne{3uS/h=/w;Y# Sp˹voҥdY~gI!g0Y>=;+BhŞp Uݕ7)i*jS> UA*yP{G.ys5T.T5b*KT3]k9,pBxVTc4w\׃Ԃ.Lt|;bF|rRO(oUYI@ǀ!z%rgܨ ! }8q#\COkFӉvL"[V:^u|eqׯ>*m cTHaQת?Q:NCc/Q3)=gLlװ&fH t P eQC{q'`8-1[UTp>6ԅl?e]̚s%C,|pQ*)a>̙sV:u na~MFWR;5UDD.p]Q PeO#ۂE52b̅咯Ӄ"-?9Z햌7cnr HQU1]+gm1}K `.l̀~.H|BX1 =.']{&<(DJ;EB$>9|!}}<2U_wߥ9gGKF&/ޙpņmY@-ŕd4S`ө`[{uۮSgo-l*iG{:r0  FJux{ɀo,qx@|=z@!/F2^ڹo*0M S7Wޓl\z1t\ohOQkovӸ aЬ_eC6N FE@V@?G&+dSwS S-*"iOJfsm̮QNwCOP_IZ5צulGu2d/vW"lóiFxJ2D>rK@aZXru^).o:9d+'2h|S]Sh'&CHߙo Gv)ʙjOyeF,^gW\ugU'ssAgݽ` ,ƬJM쏵A.> zE\Pejdt9ɱb=Tvl.L>[t NjHWW' 9Bt"?Z]r Uv|Q`3o%ox=G{e \dr$_c@]ߙ$Ϩ}J)KhzI\KxS4o" HڼoR| O$. +|`Uz|&)I0rW~m* 2AkSj73&kN(,(=WӿQhoq͂_5_o(*giJ_y{]b[$N5k㄁unEA~&4 %B1{h!z-%)I'5S\ @A(U⺦ťeL㿼|4;έT^vc*u4T&q:a4Zp; |+i\!Ϗ=vk*=FmZ&%7Fmg` V5n|ZkZHGۣ3;:LJ%E7~~?:"5AVH4J-<C0֜2KcҜ2y 386E,2*wk&Ǜrf@m2bceiMaGԹVQpqyTcX+Bٹ(nESa.Ut?9vpuXQIK6|\ Nd[,"*uҍat0Y1SmQVC(Y&$:3A@7(Sh1_^ ؂Du?R_bDQFGu!Z^B[ljwaj#4pc *tv[rg֤p<?9rCSjri &S:Β\Xg墖U9?ؙ=DxLs, 8Wr{6֩Nۓh0ilu/RZ:FP:WB}]`!!QR8;NVIt (q|̀/9y**ۮ̢75P7JR PY~Uʑ3R,1p k`&/?A쪡iV5,$V}t&9e[Y\Fc4s}29>] ']+ &姃b[mYx+f*&*+eo+F-(e<@eqmD;sEEsxl@-W/91G;v9Sf1\kC3Nfc̚;ݿ|V 0`_O†㈍"\c3(EЀ#n×*jX a%cJf` ٮ蜚䟤V=ZOߵ _x8uCϤB텰#:[.o~pTF{3&4;|E2o5za>篱Ke%zBY\}~\}/9wՓ-qYP`hdVUl#}-zy 5Rg~y܋O\O%q/3qw"/s䚉F`N*qN) GA&?u';h.S-nrZ1tlanUh?|1WkgNSu=5j+9{#%$\O~g2;  7ĿY`F +Z$WoXA_F/ C1_z)1WB7׸U6,jucj-,VCb\v|?WE;蹍v%(b3߁͋[dMNyZlMChzML;^:;xrƬ a! \Ö -"-Ȕ\UӡU%ZD{_H-/s7B<5: J-" 4ɄtiOiqRbK[u+ܾiKv3k鹖"ҡ1=˴ Y7mQ! J;ZeXO^H/+()~ڂqirݕLR ||j g$=x1υ?;sd'żbMl@WI '6YG(z# PY=㉚!Y7ft2$/@ۀ=9p6܂C02fP#t&p_LFwx1zz۱iSsfp;l&BDȚM; v5L{/>isL;*>z.QVBf4(W"h~$-&"r<3|T F^OZ)/n|j񦻵zQ:7 H4]yھ?[y`Ʌ ka8YC>7)3O^0ydzbc h5@?UY?z) \NQi *Ӛ L%9x(9*#_'!{{nH~ejidgL]fL:e= zWZ#cWS* $ҥfC'u b*_G#޸C2Q!)S.>wdۧHWS9t{s4Ivf@y6 %=QNl̈́^ϳeIPV8h>$p O, | ^_4 3u j1 }|f4xWyo_1'x["4J-C85trnKIJ=;l@G!"H ~ܤ1@rI\:}db.W+ с'+@Qg0ڕMN=*֟]6s3}9ȳmб?!R&'[IlRѽVk^Xț\UG$ ⟙G_)PRPU"&ʖT6# ͫi!Dg y @Ŵ:`aH?n*CX[֝aKxe34|jhXΌ0-Y(h,n cQALr60J/.;΁6UdN[@|%;Knk]8k:@x$ph b|ig#ch׽FZܿơ?oʼnⷻ:xZ[du,;3O@Yq[=#0f>+CUe?X4"ۧǩͼ3| .'>_%BЭ,*T:YPBa‚^Y2fO,.=ۡz^ZKͶh'3 Kp\p $l N.动愕&(2U aQ5/^|"$Kў9CW<h,2dlǓТYȬ6hdΞVB0Yy\;#,+λQ%߷Tm&)J!m3nܓq k4ȗqt+.KRgi?jK=]]9 Fp6x}F;oIн! `\7Z >/9r wobdU9r= ds7eãIlxay ؅EHLjР&xI'bS vu( B-ˢTqCOϙ) 0}T wPAG(XY l# g:ߣu:9cbؐ5|%o 1ә@p`ڶW9LztV3+anZCIUEq:WKvWM|) [*NZU.Oy \=O]\+}=Q<0 ˰,W;^/7'a8ǏшʣzJl. Je2SvM-#^k7O,Mc.RYk6FdB&&}n :/r|(aI`^6;Z NbIsMބf< H3L AnğS"8`V j]WsehLO7 \/5ܝ)34zI("pC ,y%5Ihߐ -G@G 8ljsjC&fb.J Qnnnh{4RP+h)3.IڥΖw  !%ɸΑ0qaaWםlJжDuP܅K!?לO-X (1K(QS\( rjڅJri&AU)ytP^JI~Z"J]LHȂ;xbcE%.)ԉz@Ռ,i?z@7|x緰=zq8AaaLr}gy,p5y6;ISfTIū u)~m`ݓs{qh"' D!/F>ò\@P9Q3+ї΂vn0W)q`ʚN-i}߈OG.' 679KA7K5htЌ =IaP8 U=ޱ6t񚄝s3{:*Dn{UKݖ*43C9x0=s1+r3tA`񼔟r)ƱzAsqO_dyT͠JVtl;Z LBh>is,xawAK6.ryX&}Zy{¬w9 T{JPx2uzh|5^k4S_dsZ_Ϫc ?o<^f- s>D) w'U,c>G"ǧ1̖R"!i] ]{c1K-X|'!6BFEQ̟ZQQ_3;!]ȋa-ːysD֛z̢:W0TEf.XPEJT8U^hDg";b(L[ >4"7#r+kC@-pH)ǴuMYXy EY/;-*q9/jדcG9ЙKʠp;1g+($P {UB((ѱ|;"t4߉OO?JP.4KB}#mk'׈󦿾@ %G(n12j^oW` A_ S$0} 4QaJYuFG@ <ˮ\şe3'\ѓ16/6X&r1L^ >dP ^6Gva ۘ'+as}$|8 ժ'HUYD9sn1GWm6Њik&F,T4~+ERkPUu:/+9}3{,(1@585z_Gm }d=18^Sy)R |wv. "05zsoZ4c^/@/N]Q.Y8R hfPy fgVnNA?hbJ&,Uz%2"b2K}:kӅmE59GivdZ8|}fax @>M @ ͹Ta| hʆ?hhTF"\Km? kT ÞFx1bNU]%D?fz?9$o!jx?h5y [sl@PzX;d߶Y"4#`*>n(,ݯJԪ wafHvn^!yH2勸C\H̺r -y*9;d<۰c>.7:oc"Kh}"(nc3a}o^t17vzROt\$E=2x3fbs 7DDS4'D pߚzj9kFI}Epq@tg}vщӬ/JXbq 4oC'L4(/Xp+0A!\>JJ{2nL$B=i`hK<!]= ~>3cq#XRriNW& ur%%X'WmY,9* EkPav'R) k'`._ؕlH`h pX)sRPb.B[a ʥGTlνsـӀ5 B-m¸Zckן.qDÁp`Zwv-T F3oq2 J;m*tew?:D$akH߅+;D"ЈjN'XvCu|z p_ʯU;tL}uǪܵ <&?+p?TnKJ|8a6;6>)b ^P7lL_;Q#FL.q/l]l kA4 <;XDK+}*,Mp訹)Q ety`i}?ButAbp'X-#~6\]d-> GOY_ HIjaߥE" pbiKJ>5bqfccT[!4JĕecL_8X+!2 h>g3m-ʁnF-3/Q tJ,EA}D[.؀C9Є`ڪ EĈh.,9[P0 >޻զ6W}+ IO>fz̪̈$ݱغpcՌ鱊Olў#1Jξ[ԉEX޹/ҡƌ-N-*Jy AKFs*2CFhm[ЉM|ʊ,:ӀfC#@={#+{ߖM5 M6wy.X[ .Q*N&[Cs,3rwnZq"W%!/A3IH}vS-y(58/hSNQĞ1xN2%V n[ \X o:Dx͓֯bfW`3[r&hT[U?:k ܅l4CMh, A)ZJ"^;wWz\^ ]L3Ѩ_@=r3j : ]&6@ﰁsih\shbg=/:}6f$F\gT!GX?-KvnϹBk tl1c|saa#xSVӟ㥦h9Jf2RJꗻ#ݲXn"SڳX"&˒W|웺jF]+hhkPY}Vcձ9nvٙPff9.h?7S[XH&ߔɱ}BjR1!ztHH qRb_^)s{o*`Ha%pރm.<uwk] e4)6+&}hŰlpU]SRtC8u5-4ܽ'0u~Z;;Pp֣;Y9h0o.mqh5['fUau=+O8oPWȱEMf| }gsV7W]|8<ٛ0dBo#f8vw+[c&e. 2??]?[B%mT?RuZQ+뾴sc;l+kdE +SH)|z1fu|d畐Jc@=ރ8YSmXY3FOB.Q*L ӝObaT8Y^(#ʁ=#SyCayFt-*SK VJOPϺ;",k\S,^;Md/pFe?q7塴U?Zm?1EآO=X nLWJGO! Sa3"TzSM%6 *Tb޼?8_>RX__o"=.pHh[=sW>Q8U͜~v.,2V}5p\-.phׄ5:|4y]lU}bkO Yz(QP0J\ܒi*'K2$0maw%%̲k#ޱa~et%Yg/8@'va?7*'5<'+9rXUnH eCI@zIx5)RC3hLTFʊ8dS"4 pCd/KtJޏg6G] W@KExhi~|; B+^$Z&!oPŢhn0\S쬵ǡȵ_@ݺx`#}X$5xv EPXFIX>MC:@_u@7Ikd(b3JE/S1Hmמnk·FAhsvOAcH`tg:; r#4}vS¹ ɹM:MPR03K=ݟ̶Ȕ?,CM!gMm*' 蠜Y)nɹ*h>bt}9_Oٶ[_$Jٜq!3D*`L_!^j Gv{pq/UMj96G3;Y]ڧ!,1U cJcgrCt5g<]vo Hz~ho{bEA 5O@X>E"l$1\ǃI`,gqdUj{2)>crl3gU!DI1MZg] !g^xzF1FLBO8 ӻȷ3Db qyps p9VhL/Z]cot[ Y"_̻*',{@'q W֪WfG,!w2u}j ,L 㴏D-yCCKLӴ.7XZ=,$Tx~Ӥ,wd|tY۪nL3`I~Ma~hmI,Z(ePЁ"oWbWLU L/+=4-r k(s#sO|ʠ*"|x5~UDȳ,9F&ARK=_׏? ^<?~ /*xZs~jǰq2'%? @dD2I]j @  j/AUS.ū D0gLzŰkS,XBoȄvY0>Dx1+FMp} ~l**y}%L58=tO9.Z' 0Dъkƕ+GPqA^"XuZ{ԭQ|WݭY9jyi߲=ERk=vq'N˞2L-l9dΧH$aa2(:K[j,!x\:6Z>f,C.}+&Ʀ{]5Z6*C;w5Ÿ-IIXUE}mcC]YX )1=7*ޒN'f< "z>AcŮאd6>awI!M@F]{-nuv 'o]{3/%ے\<.@m:\MM_{.6=`SM[IkBhĖؚYלACIi5jE]"BC5>F@u>Ͱ(J,W:4!CW-9*?`"s!?ؖbܺC/bT` q̒տX6 O(aŻy&e壄2%p/j]im^tSᨙoϣEL{\41ki̿ D`9OgZ5q tJlUI bO(ȿ)9p\k0ޙ]fݓ'/[I1hq0a"JɓeAd.eC)2deR!p!(Kf[mcg&.Es3 Ya}v>&#jij/^9n=xOloAEr'I7MpUEjUʹҖ`r荤u?ll5bgKܬ#%lM@Qw4D QCE%CvDӓv0S  g&_nz>"FyXez5&\]kA9X? gB΍zfǏf~..;VX"p4 4OmP1ڴclh1V7&}:EuT74(zSە,ZaDt@w=G? #fJ,+Ѫ'y"a^mJDA@8d-:wj['NU [v7Z3}F5O2a|awO]{׹;Gi.qKB|7?^Vh @b xaukLs׉"H3E3]1u}0b+ gH,o-<2y_s.wjAfDV㒵]"[d5~fߵa$} b<,bG +,;yX_Id_tfۯp`>:u.>\ <4W6S3zSX?۠sBUdspZu}L008YF,rB kJjΩnpGvXVp߂"dj 6%b;Sk4+F_*A6L~UɁbái=@x.1:ѕdF8DYDQgqw./QĐNL-ϕ%LhGBr=(xv|j4,kFg INbWm}j֚񵳲GHab0Y^Р.ɲ藓3G k?N񿲌eOZ{a A$?hnq"YL$2'JdycA$f8GZur!w Bv/p6*Ÿ iJu،/jF"  SM CLstB[Hp/ZBqW&ZC~e%XL> ow /~ f6! "S?5g&=-T>}*5?^TN;r4z05W쯔-fx |y*bȲ맠Z3d>YEf\sN*i7UuSt`@pv. ~*Xx9"3bf?yAOCōklRUH"dBb76wvVRUwزTf+GDNJo^r4̯JqR׉>9:p| hWF"JlPCu/nMҗfcV3YKua V"ظgFEFgwҞҲ 5܈Sʸ&_ l/ШW'=G:Wq|t)*jN-V[U.iT6f>U L[N}4 U_5#(Pp뭻< pjH) ݯ 4g 9eD_㝛~P&0 {_#L4x4MpbBDy zrpEb7SYڽ|4.,cxAзStFU#zkk@S%--f DZR )f!yi>)'a-Vbs&ǹ *<7#!1D?Q|g8럎62* _"R舰8&:f,-ě!񘰾c{0G6I5Y~G(sgu֐v&N ޭ&D-K'vP/oqPq۸pQ e&mʧ˼>&/dЦi.1#2*}OԱי+ d(>0ʅazRSHIMM8An}B74 >X,GĂPƻdW5 Tt/$?QKtCD\Un)4fيF#y^8%#!LyWo]i)K͔V[i 8VQ$P`LrY>ޤWʧrƎNY\Yxޛnٜt [,`g> SA,Y9w||.67JѢC:C%i[h"b>O0sC|(Y=`C dc'QlƌaC& /((NOS392AǑEl$zaqh)kIшӧ o+;3㓤9-߅δ%VuhRhζx`#Gdi v@ssmpO'$sY=GN7lA81i6sgr쒫ýdDɢD? p`'a֫őY6\ 1 Ta c]NnѷY37m#ohƍy@y@uTFŜsyL1姑 N_vnIhĝ/E~YGH!N'y@/zTZ:Vr"ZK4`q(k8)JKȧb*5rcl4~TE4$ |9Z FK~ k6+d+Q<mekVSL]tteίD} ^Q2n&6DM#X ͂(tI>lw|\wsƹ]:ŁeoFG2-{*1 HLV'n~m˯+WX)ʳWL{e7lX. -~|CJBJkXbN~ɸo%T1+MW?8%-(%0¯4f9"pU]ӴFz@w T<([]XB)Cfri G Āтb_ݯ^M,^6< Fԕ P;=92ON|4{_*ҹ&ԩ.f 6K }o6!- T[lls3-(X4-J;!b‰B =ბp^J~2V[A86gT2ġ =RxV;GTOUVd?% cxHIvc]`&"!6DAx$,H)v)%K#&>G36% =ck-KZt+ޞRQm*)U[tmEX1UZ֟C!V,ܸq-cjviB(SJy?Bq/TV$[Q_Ԗb=M zʼnh[fΑI"DuʐqOWNΣ^_vm?uhl4Rˠ^⎋<~\d/{_YJ󥴟}W]9)h ~i4p*:9lcVRB%W,^{[zI#Bz 1OM?: #Fex⭄$1?0~_þc pI/fu-E*/O<ggg %GK'*!Y©7XھFʒqnտl).GR4t y`sV) |@̺͗@ 1lx1.8c}̇}}9ndLT$G"kup@D=)PP|k_Z]Ъ ^gƋ8o<6ECxI_N 8l!5[7z$6M*>No@:VAH56⸳HJHz޸cQ  D2ɋo|zƗQhU8/YS%a~&f_,bUEq|[s,OCS nHfpp?:(hOC.屚-0q)u%98O qND 'ȍ?ZLzNpƍ~kñ×jtI"^dٴpYv]|:ŧrIjӼ@کJENt0O&Y 71Cm}[!ד!e{%}tTi1g'9[kבVSTqRn'y Жk! _e)8*8a0+8Ra7Y,A;̋$t}_\G/ldozS+~A6i\ޤYڛ|gw +- CxQ oyO;}r=IAيa! hLXncMk{yO ZS1cn4] Hצ;p#.$oF -Qy:YUpc@8ayDyOׄ@'$̺AU WSЅOFO ώVw{sؤP׍TZrڻD}V2Tc[kq1PKaxǎorrfKkj|H]=wMJ,$fDގi? ?aQZf2n{m\[g(y+mFQM{V B|Nwt<`!xB4!sup-y~{0sRfϯ_Qe3K`CȊ=Ԥ0OyM~?<f.KSflɬv!Lj2ISGާ! ea}p@,T!b^Ocel6lhUNQĘ_RdzWGX"++5pb`.܋pS{db'zyPWAmӍ~;HBϱV5UW^ظ^hxwgt ]3BXu'l*4v j؇yW"*5JxڒSl|OK8=xL+l U~" _2 Ѱ̆mW]1[4 rf H{}e4b8թxr4ʓϹy<ƅ@L2]EөѤ>pɬ|󲶛 TfcA)l(|68Cexi>B4UG& g;![ `R bo$ >J}崐B)4Q r=[܎?KKyi%^*Bc|$8ƹ{X9$r|Lb#' YF=n9rTkN |QpL.ʢ\WNQw@&1b*yI Uh!a|{y_BGd .yS#7+1=;%ڭc.TxN0 f= Z"DE֡ԘCr(Oa JFH~"49ExxB0UZB 6ƻS,AF ܨ! n6_8BV3o HѩnLL\(Gc_G˫ ҍEpa jxw0EhW<0 2W*4./s Ap7L8<`NxLJ&u 5DO^*H![Zu^P-rEy]v~P8¿Qh/gNМ E]'F'yv5٨: m,d].>eKk,ҙY,`hhU{ DU@Z[oB mZ!J9Jq P":*3qaGk٪}LEvv* e2}Cw1U`+F88b2S7&JoA}&k'z@Cen+[BM%`PT1;?ݝŞAYmz\jxovXy+b~n%0ie<#-m*4jW?OQXwgq|:>kΠ_+ɣ b6EVd|'D$K*@E}֧u ;8TUA!Tt.ujל ̜A& _Yq2-6ie-*rpj*f;A設053*xk\L2$aF941\X{Zn~c9spF(6C9;(ApW_4[,4i+Mpt}i8Ci?mSƻ_)wֹ3%ZYMf0~-fz@3RbͬiNRп?=JoӻP;O:ŜHG~u5\uLxŗgZ IL^^ &N/4j(q$ |ИH;sHU$"qz.Sy v0fV230L QWe\LzzmiZ@QDKZOuLA59]*DCܢiXޚY%S|Ioس]ZN qmϐrJbWʴ $e$ҼCCŴًڥ:SQYlV Daj{(e`%Q?764)b jxFB$_t9A臭.b˖Vd+6*FcgU[_rUV@my39lv4wT\[|\֛H,8= 0ϦD`6Pk4]mS9͇Se+H#- k= w~،vJh*JU݃{RG c^D"JcbsSxqC5ٰ:R[R?|hbLYwBHʝLBa _9X ӏԆ3~FXV"_ᕋ3}fsUwLbΨEG5![)I96TL7z?#0 j/? ? ;RЮ kaf2`f ')k-*[,W魧SOTJ9sJ<ݕ4 d+#JJްU<33qFyxˆ:/Sy|f>^iߡ%sDmC+ygt.,^@ۻtѬ}Yɡx,^OrF93 )rauVfw4@wW/r8Fn;-Ggfkڱ 7| * V6~?\_5$9TY &Czd{ڰ`JsVۙI#}BI/BeExmOYn*n3OaPQK^ڐ5u\/oCY‚83'_mb+" 8058& ECq&7sHTӈ$J /ns[ ̕K|c,㲅|YhL9Q"4Bl`JQX`w~773`~5 L({Pd(˝SN!֋X;lbbJ܈@#) | kH"U1*-X̿x<._N&C=~ӄ}inYNl &7@*_Etq6z0m/wb ؞p|F "M1p0YA_@.s%jqA AٓX([Fdh2ǂӵ0ODB˼OVbRypEbh^D.%&Wn #}qФVP=Ff,UǍ)!V(@p` ) 9=U U_Z kgA]%Sn+͸0AKG,EB)V,?e`RqvaO0WKdO</TwrGéD&A &=J7"Xq@RmSX~lJ,cM'ԙW^4B#xL~ RMY$]YE,G^}8 NH\[xׇ^{; ?9WпACygRܘ͒10ei+%k2K) "vZr֧7RCrEPw$;\r i׻ ,Zc=tkT"Ozc-%>:\Ll#aVE$dvS.y(Ca+Ѩ$sG?L$+ 'N} L{ɢـb?"wFL=_9<'8E;Ojr8D;]!; g*z]\N7Grzęzm=RP+?NzyE3lz+2$2*:BǾ7rWd3U#$+bzWpt$W:ጯq\ SfvXK_Z=4FC=GAq,B'(fV廓(@.ݷ`2=*.IHTϗFN`4'pA}mxW.9#=T vϜ\at ; -7Dr7Y:O_ s69 b!o$ 9jot4C,61)-Ji)FnD xd"lEО$R.1=X"WUn+sN35 Wv3e T,n6I>CI@HOnc䝰 [ $ WQ/8J𵕂s"z~FYOזyB-4vX{%9;cwQ:.e]qAy0et <LLps6+<ցjtw`"S\TO$.S¶v*(X\ 眝t bIxi(&WΈ=/A?0kehj[ vSM%Hh @5#6!=؂fmnǎQ"1LQlCR,lv::n)Il/tn2ho>VG޿,M]H6Ż:r3ScJ]?;r?2/4t,=Ms>N<@ACKEX^C0TEi!zOt8 [MH,g^W2:e|E4iT2hav5btl TvQBf;ŽBP8HD Ŀy2 i.{˗:~۲)6@)Ըē-aCRxZQw{nOEGJkd7E82g2 ~ASo&}YPUM6p82͞gJI'}V"܆/FP581\gX{:!5Y01yt0߬I;]q3Q'6Қu>#=:_xԢi$"'rAOJn"uB5%CrT#aǝJ;ķdvS{০4K hVb]&8jzRnۅ^0ٜI;o*QlP["#&PΙ]w<|x!Ӑ.ufqA {}}v.e^ ,p<x/ >S'>ғ!CvIzq'B`m > ]I"J&`v4 Bc~ D.6AI7iMNf#Q<qSB3l\Ccu2@MoK)Z/9bEMBj[m,έ,3SM}i* [! 5ג ;(Da뀅S^Oqirc&1nReslEIK L-6̼چopAEDB/OnxkBRbxK{yQЙJ0} ^>ͮ1WINCo0 69T3wh"gz)BЈݵ5c0fi >~6jݲaBtA)C ZG/}|K?x!EL ʴwËvҊݴvՙ?ƿ+6),^+rZU͎U#a{pN4\j>w|DW}i)1!(CӝE' Τ8 `pʲ}KGMkw6:-0+p¥$% 8WYW5GLF#88pWͯM;obKVJ~lߤ$|&S_֡F "d3YA+[w'fB[q+XEoW9K޻ćʊ"ga{~ޝÕu᠂~h;QA֍,~/Iǵ7Rg4d1OKHke ss :+ojlp)S'MOHJ.$i4*ӣ6 '_bN7K!5ݸRۇwG#ɬ)6n~++x=g) \f9Pir#]#U~eHhۢ7]D͔ͪD K.߲MvE/H85*KL~E$vbG$81 M8kT y\X&$<782Շ7UJ(jܗn W_y]A/Rpl_'vJ~4BQ )Zė2"6O8iD&̏:k6 Vp=)Gș%BTt_N%ݕ3iEyM2g0*wL!g9nNRi4,q)fٻ9܌"!`+9 Q^iNoSҠX*L&)],04(<~xwɜ'/7)yprf{K:77k)FE!S2/:RG Xk, *q~%;eJ 5ڸ&+ nhRFbguë@c菖[vig")_F?W,F>ȥ@f;%!aEB V_T/LWoe;3v: m@>) CAP>[?I9zQh~ HrdM*FF5،ʕaT:qzMApTxeL-D{MM${t+O m{Ж|{L^CjIQ*&3+H͌qzY,?zeFUGF}}/@M9 '""Ղ|@Qa:u"!*)+6%6u3]O?+?᠆%? hg3o!A&J``R-=8t4 x!JSQv O5*i'ޔ7%l9JHx>^fVtx7dΚg|"ΠBM%[-LXsJlƧ;.˧︬q򂗠Űzy8OKh7l) l^&>qg RUA c'6V~OM xjQ*:`zs@W߼:Ǫop鶃mYۮ4}ukm5zx  }TSM+> U*ZbYN1.Aݭ';r_x[A헚[8ûluBq}WP\/ӧS^xh6~@=`8 ].x)3!U,} .x/?1S 8qBX_4Fv?.Zb1u:;G #m5%5%Z v YEpZp?6x3'ȩ#VhT pBKLM(TuR0ճN5Yz 9q[ڥ`V,KDowPI2*cZ Yd+ 7-6Oj̄$UpO")Q[ O7X9Є>ZP U|n4x<3#J9j4z ʭZFxf5@= X`E m:Ё-tcIZ+ujP7ǓE¬UJB"ҝ֋| 4Wj:D$p`>6vNBukfLCt,gHR b] r}*G&:5\9A44C80.6. M 7r%|3fhf\.@TmLU?phk74>2]*!5wpI>ukgL[WYXM+odů~'"ӇK߇ԹurI4kڨf?/A0}Wp%ϐL#Dž֮ahު_["65H3բ\KBH~0j\"I'; оNFY1F@$f=׺=i>$AOFjfԠ!A>d`3](o^ g2Z|REu’nvX 3=߉qQ[v1 =@U_Su XRyk oa\OzV_Ou]V9rH?FudC]rE<#.,8` (ەnWB'€E?nW(6?Xx E~|u(:@W'F, :aEUCu[?UeiB =|Xe};Zïm@eT=ʇ(G,_ Q7۟;0 D8oQ_DL,*~dcH==ȴkuJiYG m7%yy˧40q17Zn-fy,U g\%q`c9 1&Z"h?pM В,ήȓ6xWjHk8HԈ#C) _: pǷ}&t "o@g5 fĔL4`wS].GCIaW& [΅"F8F8]p~r~Hׯ ů?ŷ|)nc$|;;W9N)|wUvj[|ĺ!2";}[XLZH'S{Ӂ^r`%unyDk6{kq(n?2ӈOB0gԐN*3\ͫ>,["k:/zh@'LpwkAA' ܟݔ@3| (_0*Rgs #Š$}|joU͘)m˳{i|N j6GD&Ev} L*حGoSY-fա:`ah:,?g\qnhhݞr]/};k0gnM l]̫}oe|hӂwaCB4.|>Q&xܫ5^#d͎ Y .gKQVLv1J3 \'h]ct ý܊/7''p;8vVG/ǣ!;z[>/P\o]fNNQ\YnfY_RR ;s.wdQX ΝiP42x$klzH-n* NÚ:6I/Z[~P]r]L#sϿfZ$ x| ۴}"*Xl]hG%mt; o.d9*b,Mʛʃ*N;~8dKt BuJ8hBbafFiOVƜ7y`'7`^!z+ Jɜl:u Khgw1lܟ51h950'xn}Ү +WKFqeS|v+*$amW[Gg^ds ¾kzh˖G=&?]A~OʞɠB/ݐgoug4Tk_6cWj2W_5 Ag{{f-2d^=S/ g+7s ?^DkBnXw送Ms[sq mtms;Gk%C@rUL6QЯ7?ʘY)>ɢOY2\`l nk,1fCǶHtƕxQ3p#бaVkxJ˲@kټTvwOf3D-9翆'ȄcN\o+ ^nO}|d]++|zQ" EeHMnbZ$,e5}9x@Rn UO8 O "ɐ±k_7i"-b_,q͇]<;v}UoUŖ[V7k ¥oՅ 3e@Eh") Z d„25uRM 3spt.jfIo2о ;4@!UV7un׭ 2LÔ褦3YH.>$ Ӆqh^+lMQBôsY4XLJ9@6/sp7X 5?|w ZltCGqGxҧDE1gfv qpm9}O^{2Yay_6Ůu'U-U .v<$Ho^PnY1v6\4=<*o D{)"dv_åd24^/ˏtq,N)4/mpm@K]ѽ<)ob hSUm sv QY=7=tqS&]L#]R,UŒ=GύPiy;=0fA%0ʉlKٓUp lYּ}Vi^c?1!fh'V2T;iX^rjck';_[:>aI$]z o I%¾ ΐΞCb9e3:TsrG