openssh-5.8p1-11.1e>UAPf: $c̑AdQ${蝯?V$jSa{Gdl[IҬgJ3>@Mk?M[d   K  )AGL @  x5 L5  5  5 5 5 555 555o5(8"9X": "=E>E?E@EFEGE5HF5IG|5XGYG\G5]H5^JbLcLdM/eM4fM9lM;zMKCopenssh5.8p111.1Secure Shell Client and Server (Remote Login Program)SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.Vbuild17*openSUSE 11.4openSUSEBSD-3-Clause and MIThttp://bugs.opensuse.orgProductivity/Networking/SSHhttp://www.openssh.com/linuxi586getent group sshd >/dev/null || /usr/sbin/groupadd -o -r sshd getent passwd sshd >/dev/null || /usr/sbin/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd test -n "$FIRST_ARG" || FIRST_ARG=$1 FORCE_YES=0 set -- ssh sshd PNAME=$1 ; shift INSSRV_ARRAY="" while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 shift SV_B='^### BEGIN INIT INFO' SV_E='^### END INIT INFO' SV_KW=Default-Enabled SV_VALUE=`sed -n -e "/$SV_B/,/$SV_E/{/^# [^[:space:]]*$SV_KW:[[:space:]]*\([^[:space:]]*\).*/s//\1/p;}" < /etc/init.d/$SCRIPTNAME` test "$FORCE_YES" = "1" && SV_VALUE="yes" test -n "$SV_VALUE" || SV_VALUE="no" INSSRV_ARRAY="$INSSRV_ARRAY $SCRIPTNAME $SV_VALUE" done TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi set -- $INSSRV_ARRAY while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 SV_VALUE=$2 shift 2 test -n "$SCRIPTNAME" -a -n "$SV_VALUE" || { echo "SCRIPTNAME or SV_VALUE unknown"; exit 1;} if test "$FIRST_ARG" = "1" -a "$SV_VALUE" = "no" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} -r /etc/init.d/$SCRIPTNAME elif test "$FIRST_ARG" = "1" -o "$FORCE_YES" = "1" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} /etc/init.d/$SCRIPTNAME fi done test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" = "0" ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_STOP_ON_REMOVAL" != yes ; then for service in sshd ; do /etc/init.d/$service stop > /dev/null done fi fi test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in sshd ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi /sbin/insserv /etc/init.dPs L e,4LT4dV>>  a 5u+*s4"+큤A큤A큀AA큤$$$$$$$$$$$$$$$$$AM>VVVVVVVVVVVVVVVVVVVVVVVVVDMKO M4DMKOVAVAAEVVVVVVVVVVVVVVVVV?W?V04b4d2d0f09ce539d27499d6380255f4806db39b6d5040f0a9740dc6df41ae2d4bc61eeb174cf0b18eabb1981324b2128342d867964cdd997568e98f75c5c4f087567ee6e6f14b9f86036834fecb1c961b4c4d30bfc191f47ddfbbe34762b74eec9587526cb18903f4b8f4e24ae493a19e7e1eea90c4b66139c73a3553f95fc30716ff28a0e59d61edce3dd3d4b358e3cf7a980d6e89ab7f97997e5bf9a5bccce060e5eb3583e56928a852e89b8256b31382295b2c18d97a328dfecf9033a8ac451443e60da6804b8aafc913052c625dede223dadedf63d15c7ba3b650f4e122a1b3bf1c2688ae01dbbda4a0b3ed56ec967049e47dd61b70299f9740ca48495049739b375ff6d3c2f0acbf5b443eadf159f6261f71dc67cf9ca543fbbd42759c30753c68fe95bfb9b9152ed502da57a8ba868dc20bcef300de943ae546f95d81ab1fdce832b72b61127d0ea340beeb59789572ee66a96031dd4757a999cc550ebae9a689be41581503bcf95d8fb42c4e2116461fd65556490e24e785dcfc7e00c3410f2f22f429298e1b5d14bd402634d67fbb90fcc615d6d7116d7b53cd93b965ad719cb0aabec5d5fff99932cc8783354b7e3cb519117191c64f2bbd3ff41526b9186b7309242f926d1cc6b594782019aacbd11fb7892329a6d9972c7e7c24df2f378de430c8241bbb5c39ff116d10299b206c922e6ba485c7aa583fc76b3246679ee47e2f6ae59642e376b762059126607f07f225024542bbe530fd1ea1e88a07c9a96a7676a4ce115194a968f7e67cbfd8f07ef65e2c591ddbd6b45c57a341f6e6d995c54d919bbec088872c71d9b263d94a2da1f9d14ff7ae2f2a0b8abc31ef1c3e877aabe391eb867bd3e8fde55c37cdd2423ac13fdf1eb4f7758eb36465dbe6d2862940ad7cd945fadaabc2f8f0dedcca849fe78fb77c75589dbe300f8f152d1a68a4639514758caf805c86e28b576fc031a2c17942d3a5ffa0f67d44dbe6296612afb30e02b26956125afc61ssh/etc/init.d/sshdssh.1.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssh-5.8p1-11.1.src.rpmsysvinit(sshd)opensshopenssh(x86-32)    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ /bin/netstatpwdutilsinsservsedfillupcoreutilsgrepdiffutils/bin/sh/bin/sh/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/bin/shlibaudit.so.1libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.11)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.2.4)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libcom_err.so.2libcrypt.so.1libcrypt.so.1(GLIBC_2.0)libcrypto.so.1.0.0libdl.so.2libdl.so.2(GLIBC_2.0)libdl.so.2(GLIBC_2.1)libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkeyutils.so.1libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libnsl.so.1libpam.so.0libpam.so.0(LIBPAM_1.0)libresolv.so.2libresolv.so.2(GLIBC_2.0)libresolv.so.2(GLIBC_2.2)libselinux.so.1libssl.so.1.0.0libutil.so.1libutil.so.1(GLIBC_2.0)libwrap.so.0libz.so.1rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.6-1nonfreessh4.8.0V@MK@MJM=iM-L@Lr@L@LZ@LL@Ls@Lnn@LH2LEL+1K/K;@KыKP@K@KK @K@KqK'z@JjJ:JY@JS8JPJ;}JIX@mkubecek@suse.czlchiquitto@novell.compcerny@novell.comlchiquitto@novell.comsbrabec@suse.czlnussel@suse.decristian.rodriguez@opensuse.orgcoolo@novell.comjengelh@medozas.decrrodriguez@opensuse.organicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czmeissner@suse.decristian.rodriguez@opensuse.organicka@suse.czanicka@suse.czmeissner@suse.deanicka@suse.czcoolo@novell.comaj@suse.deanicka@suse.czanicka@suse.czjengelh@medozas.deanicka@suse.czanicka@suse.czcoolo@novell.comllunak@novell.com dmueller@novell.comcoolo@novell.comanicka@suse.czlnussel@suse.de- CVE-2016-077-7_8.patch: disable roaming code to prevent information leak and buffer overflow (CVE-2016-0777 bsc#961642 CVE-2016-0778 bsc#961645)- Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. - Remove patch that is now upstream: * openssh-5.7p1-selinux.diff- specfile/patches cleanup- Update to 5.7p1 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). * Support building against openssl-1.0.0a. * Bug fixes. - Remove patches that are now upstream: * openssh-5.6p1-tmpdir.diff * openssh-linux-new-oomkill.patch - Add upstream patch to fix build with SELinux enabled.- Removed relics of no more implemented opensc support.- add pam_lastlog to show failed login attempts - remove permissions handling, no special handling needed- Use upstream oom_adj is deprecated patch- remove the code trying to patch X11 paths - which was broken for a very long time and was useless anyway as the Makefiles do this correctly themselves- Use %_smp_mflags- Fix warning "oom_adj is deprecated use oom_score_adj instead"- actualize README.SuSE (bnc#638893)- update to 5.6p1 * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. * Hostbased authentication may now use certificate host keys. * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. * Expand %h to the hostname in ssh_config Hostname options. * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication and will send them after authentication has successfully completed. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user * sshd(8) now supports indirection in matching of principal names listed in certificates. * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. * Additional sshd_config(5) options are now valid inside Match blocks * Revised the format of certificate keys. * bugfixes - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded any more), removed memory leak fix (fixed in upstream)- hint user how to remove offending keys (bnc#625552)- update to 5.5p1- update to 5.5p1 * Allow ChrootDirectory to work in SELinux platforms. * bugfixes- Disable visual hostkey support again, after discussion on its usefulness.- Hardware crypto is supported and patched but never enabled, need to use --with-ssl-engine explicitely- fixed memory leak in sftp (bnc#604274)- honour /etc/nologin (bnc#530885)- Enable VisualHostKey (ascii art of the hostkey fingerprint) and HashHostKeys (hardening measure to make them unusable for worms/malicious users for further host hopping).- update to 5.4p1 * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and will trigger a warning if used. * Rewrite the ssh(1) multiplexing support to support non-blocking operation of the mux master, improve the resilience of the master to malformed messages sent to it by the slave and add support for requesting port- forwardings via the multiplex protocol. The new stdio-to-local forward mode ("ssh -W host:port ...") is also supported. The revised multiplexing protocol is documented in the file PROTOCOL.mux in the source distribution. * Add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 * Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has. bz#1229 * Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program: - Support the "-h" (human-readable units) flag for ls - Implement tab-completion of commands, local and remote filenames - Support most of scp(1)'s commandline arguments in sftp(1), as a first step towards making sftp(1) a drop-in replacement for scp(1). Note that the rarely-used "-P sftp_server_path" option has been moved to "-D sftp_server_path" to make way for "-P port" to match scp(1). - Add recursive transfer support for get/put and on the commandline * New RSA keys will be generated with a public exponent of RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35. * Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). - cleanup in patches- do not use paths at all, but prereq packages- Use complete path for groupadd and useradd in pre section.- audit patch: add fix for bnc#545271- do not fix uid/gid anymore (bnc#536564)- select large PIE for SPARC, it is required to avoid "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz defined in COMMON section in sshd.o"- add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh- make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima@redhat.com for a patch- readd $SSHD_BIN so that sshd starts at all- Added a hook for ksshaskpass- readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote)- disable as-needed for this package as it fails to build with it- disable -f in startproc to calm the warning (bnc#506831)- do not enable sshd by default/bin/sh/bin/sh/bin/sh/bin/shbuild17 1452862399  (5.8p1-11.15.8p1-11.1 sshdsshdslp.reg.dssh.regsshmodulissh_configsshd_configsshdscpsftpsloginsshssh-addssh-agentssh-copy-idssh-keyconverterssh-keygenssh-keyscansshsftp-serverssh-keysignssh-pkcs11-helperrcsshdsshdopensshCREDITSChangeLogLICENCEOVERVIEWREADMEREADME.SuSEREADME.kerberosTODOscp.1.gzsftp.1.gzslogin.1.gzssh-add.1.gzssh-agent.1.gzssh-copy-id.1.gzssh-keyconverter.1.gzssh-keygen.1.gzssh-keyscan.1.gzssh.1.gzmoduli.5.gzssh_config.5.gzsshd_config.5.gzsftp-server.8.gzssh-keysign.8.gzssh-pkcs11-helper.8.gzsshd.8.gzsysconfig.sshsshd/etc/init.d//etc/pam.d//etc//etc/slp.reg.d//etc/ssh//etc/sysconfig/SuSEfirewall2.d/services//usr/bin//usr/lib//usr/lib/ssh//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/openssh//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//var/adm/fillup-templates//var/lib/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:363/openSUSE_Evergreen_11.4/dbc6fea37a4e5d98d3bc1c7339d1cd5d-openssh.openSUSE_Evergreen_11.4drpmlzma5i586-suse-linuxd>,FǿT?]"k%Q.5oj{6oqӍWyZ Bn{@q ]R/M[ڂFkpAILg/:Fa񩖭GYm|t Yd- 6e\=k-@k_HJ1S7feY֩6 yS**Yؓ?9t/kZa Oh@!Vn[g!7  ˰X'M;]{n5 g3QT=Þh w*ޟ$^D|\yl鑐e BܫoN3qckJnMҩ[V%qT>;,LG/ptҘn9RDXRO2kg D6ՇJ « [2;:aN:$b)nBZ34 vNdm$82 o3sArotZ*2T}v,"͕$q {@ݽo\IH͋j %cF$"w'AKB>R)| oVU*RhbARgoj݋_kr'j̗+` }]fez:fGYBehJIO/GVnZh|5֘fGimCJWqLWpwcT~8pktǹ&>/v6m$؎71$5]SLј> EqZZ{RF&(gԋly8L"r{ qD?{GIAS';YMv\iT=S&~}oLXݡRN@5 = Wcunoj͠&M$v{^Gy.ƣ[F(xĭd۞-~=މU厜{N<`r $H&v51冰K_7 ml-<]-r@ l/F`P4}+ٞ@™L̼M3 #/dJFD G$/(^38MEk̈Hg6 9鍻*vEzKvF֋h`Ӈ1(y*si(7o?^,bLzݣ~>{CstH<ǣh9:LU' 0kMy&lj HtW V8Uic,Hzf0A(~*p"OzdPJr (6dyZ0&eYiYNڽWp0nSD F%9 I&g$vɠ$'Ao}* # (P*,\,a¦'aȄ K.]'S\ƱʴpJ g3[gCuInf` s%KƛCrۺpHEz7Ċ!ixjN UPm~[:'+o\OX5MW$ŀ0,>_|$]zgCZʦD{wo7 jR`Ve%Q-sjPyfNRAz(_f :FV~w+n"׌ߵ2x5mսTy]'`9e2 H]^Q(3=Tނ'P>6CFںO  ZQbkФv,2mCKR'y4Ms#I(n5$*m.%]xK%^9qLfC_%YDzdyXIk] c ~ՒjOA.*2XD1ܗ@qev}r 1e3b\3o"v|3qYfD&Lc{G` ͞bƢ2rG"WıR yܒя(*૧;g8W ~xʴc22 K 7Tcu\.:HևʖmY`w$9oOѣ/lh+{X^nO5{. h ^3qP6"~>ڨo/=@Ԣ.ME2hr.CD\̼g,B^hY[:VZsR7Y1Ti+* 6ɏ*ro˸&r,BfPH؊ln7:giLtUns`/"y,@hSyree\}Td2vPg{UcSpI;coZ+Z_OYluoA \7nedr^ 6 AZouYۊ##)}o"PN|\zjFijUSN3Hiyng.ٵ}`_IU&A"̯0{;M 8رr∷/*Y˻ uoj1&{a$L|ָ_OR;u}zB %Hri`,4~m]lI^| ?`j0's8iЁ\C2,M<5U-[lrgpE1Y^DKV E蟤 lP,KEJG}SϰM*A]hEl HTz8讎tdjRcZ*y6o{I:o;^Oh+ |K<Ԓ/O@&k¨anDO!V|V9HtH{>2 уFZŚN0w5p $m<@^c4 6m`ŎI!ݞU`в'h(\K_m(.\a_i[!idp C^}T*# ~驎/ "P^WY4YawܔH| )Gcq!?FehGZO9UۧJA>3t83֌H/ 'ӠX] S$&r&4q @qLJkW]VQwLLL]P94qo"/8QBHgOKyp͞nGye Gb6 .t{bRrrQ\ja#˫{f7wZ׃A!pdvKGIE"/o2#8v0F %xboL] QKkpsR"Uy^Y\9jT[l$SRH! Q.:i*o}ÅT-xQj:QK!b|A *vJ "JiEаgoF:$Վ\;"U J;)r p~]sBWx=LE`hxMIyKGROdBks$bh*zGP d?ˊ{H똟Q +o1Ht^;ai9LeVZ@mw1iOA(]_F`vۯb,hNY `/*kpVM[>AD{?P)EhK6s#*§Υ".QFQ8>E7h.E\z]ʱUq6!V\>w/9zK 3U /wwU7C9R4uJPAb- GE7#!Tal/+}싛B mLS0U;*mx^$CNO +skh 簼ڒM_;of%tK@lwe\/kXˏxhes Md+Љ(p""ZUzy8b+Ka80B1qs=5}F>͛`n"S׹2c%$mJb:^(h6ʂBm6Œbr z6vaU doKg#rz dvkDG 6y4X U@^rY苺:X^@X!w goC]^CKd5gWfi_8 BQmí *¯>,P:nď_S[! ]\k җL+oe!%Xɢ^~D\H  ȱgxc oEj!ЏաaP9!idְ;agu"*ތ9j61b6]6xFQX.'&>zLɗݿ䉪^;(3,2|@sLՏAygךz>po&NW&qdѩ >ZrR'oHZy5KvBPr`7pԱS }śmJ( x덍"a)fkÅmEMlY ;v4ǹhQȃV]O0հVb Qwݺe*21pNZ*^+@RS }6/?OJ m|5~Boo[rϖ_GE(*(ܵDH;SM%2+3.? gHutZI@m@ewpSG=Ԙek~XvqC[=QdwsXKqu$ws?O՛4LB!Flk'):U1h*ȼ{qq@ 10;%y_*N rG]cRbHm2 XN6jS|~SFo.u\+.ͯ*0\K"90A?%wuQHyuHQygh#R cxMOO>jv4]wMJɊ{"pǪ(NRJ|c=[LeYOt%&|y46C꽶\U,Nn0~2Z#7%Ĕ_ܹ{" ǏlnE>JwXE:9ߥՉVkGw8,Ԃθ.Q8q:F˜V᪘.s Aʬ5~|Mƞ,FvOfc>O)=" uNz$?vS+ e%ZFq]}jA3/];[TN '".xg NRwzWI?<q@3y?PNRGtHCFOw'ƿ,}ܜ 3yG_gv$*ACW5fȕƐ" 19VK 8GdziT^\lu,Qp nJi 2_gS]s56Aircf}EOy`.5s = ~6jZ(4%:"RI/h/^IE ڻafq(,ՖlxIɠ㍫mOOGÂ㦟/\0|(祚)q.er.X}b WEZ@e}AjJjDCFwizp2#ժV_{#WW# -qݓϜH"kng;_7!,LhԶ˦\Hҍ, H-nlOJGDoz!קg~jchx}m]Ҳ eC"T4{Iu.n+H_,~7dˎK3pDo #H|# nKC8ѕ;?UtˏPq쁌hpw{ oģ2 *HC.{S>ɰ.yrp#$d}&+%Qy7(g~k*{ͦkV1:x3‚bEKmS KqUc*B≍쩊yV-O1Aә3uh.mcxA'8OzɯfyoғI[UP' if+W86Wt4ۀ0NkĊL^ KLH:9YTKW=D8]D*Yub  %SKDbxoE5)͐)m/w+`Tu]>bhAkX\e8ĴoY~,u:UD f+[# 1kE}W)*$<:0f?6g3* +/EmcpC-N(P&FXwù> CDi>Aw}l%,uLl{)6=]i}$99Haj=9~K\WS&WWB] RgM?nP ]l zI&l1J-DvZE3ZLJ8;srą9+qΜN+i2'Xy®dF&8ţ8FTlD | y:v~xL=s7` [1%G5 >na)Rt1rreo"Òˉ*mAfZjcIeoOg k9We9?. 3D'Yx< iʕ:V$,; nE߇$SWU[_a >j@xє:Wvbu;#`!!rRW_Z7{q$$a@D'#obBs7L6[KFi bw@^[ga5юg*vS:w} R<}gT=#u2= gy~is:y35\/gѳ>־'q qX5AbO /5pw&ٛ,Q?S_E@mE#7/<%3a j`nAԀh% &[ M@Q8uw}q\H+ ;zdaLBr>GmFła/Zd<#V7 O5wjdO)u6jiG,R#&_mtts.b*Dj6,r%#>< WtdHLJiːf!{PjF7X XLgմ5 Z "Ku\:A,4L4E30',@|I;LN_?xd V<z^LU8fW`8CfzgFMK0-HZ:$O ؠ`kEGr4<|O`5<8$;gﻬk&f|ÌȅPۮ!qM®: =z:7M+aw1rĤ2R+<7{7$2d )V7ImnUмbJbcM Jd66c6•>CZ{er6ʙFqǸGK2(c@ X ȾfP˞k^< !p`fwNڴ]`d?WDo\$=I;=J鰧ҷ܎KY䩋 ށƐl#5xMsi %I0*6I=`-l)ktϘӂI:w %0Y3c;B5:#4#TjN7D& }w+žA =D^)#w)1??Gm+#sPtɫt+WP!O>iG +1$iѵ YWˆN21O1-;jE0%451NSR"]{f '[ ^wNTp‰ꃯDq& D Fa[|ץ!﹥L§?Cj?\Q?m^2HTRYAȧhWtyU}gBڭ@NB <`ܽzia"3w8ݝÒVda{udvB|-*ץ(\+!Cu7 Ŵv(o@׈x7AҤw'C7۬}U6e|{-^h &ZCqg._TQ$:H`@tz 1r 1C "{I𳆺\b_ߧW1U,|گddw#Ma\huQ!Xu:bHrbyVvԾd860_g]Q5( :ӷ^BDHpCdPi(IJ-ڰ=S]2p)b.&b6x.Ҁl+(fsu7- f3{N VJ,2m qcK w >T~H^!y+oC"e^)BA2=TQei OynG{5[q{Wjp~zr* 3vLJ8t2/a. ' NF.O=qq. E@N@(L1߼F3sg>|"DKNz@|trg5!n׳CЃm5JW@bwM/3F&uw~Wko/5]qLrKJu5Sv`QvIHEܧ&X` KGJzMn^,e !1quqt!ȶT(.-Tr˟>\VXwdoѤI2?h~Y-; C:EK) .V\Q!ɉzC0)֨s!#tR{+G̢FTv`xJq+ l&8lM xVGA L#H %({ٴaeI)_v"FsӢyGJ>-}"VU *11y] _{+:./߇NGe _1f压9;ъSV:/pN&-\l5fJ&(洖d ;N6 g'6ηy7t4} ,N/iPXA_|y 7c C]>b5>F˚)_.4CWi۲!njl>#Ba}Ɏ(WVzis>d..` Z[\YD?q;.9kj;|`K~\ꑆ O] ^FHe,5-WJoZ|пH87OxEHMJR/9肜A*79Tjк# T>9~qmy_ 4ﰝ3`kym,_L]HA\]Hʅ_qg&aCv;c6Kl%ȅlnG/DCک1`!T`LVxHKŦM 'x,yL\Ч~zK–H?#XŽIaV/]x,+ F#;XUkvٺGWt8͌vy/Ƅ3 TKА.lV9^{ִ GL)L`BQ awsTGN=>z&Yf0< qC!N\*3wn |'(?P`I^a2A$a`!)C?C "QW{kPaЦã>3<9r,yUXX*~20poOi; `$ A=Fc߅` fUNzBLV\曥xD(ኺZ=v]sA&N n7?ThO1 P i@闯5+kak=4NJ}R7&_zL;ECF ĺm`u l$C nf^Tnl_M{ƴQv'nCå"& y2J|Η *ap^v%H5!rXز ݎCXc$)&s̋s0,(_pzVl 9Zvd ;mu٫x9n=Xq^)Ldk$$z:n[m NλLUhPqۀ(T pyO^n1} l$_X0jvw2@0J8ʎ_o+(N՜xJHG L q0nXC͵GQ?tcL43зj<}{QT:ǶFiOc6Rړ&:n)͆{Ѝww6D4@CBB" THũ[X% I/ WcnڣJhy{\8VuT2a| IvzF.pi ˩0ՌQՐÒ:c٦ @>P-frƖan W/6x|\'«̖Ֆ٪M 9(dMY$'o`ϼmX4ͩ2Zern=\cOK *Cߥ Ȋ=f ^'QWek N]U BTR06fuϰ2;8_VP LOꓯB/zw+Wc;+d9s G[]']QvpirfサڦTkk :zXv^ O@==$^8'\W iES ܕ:ɆqcN'A$__oJW"ډC [Q8_!=&*8w,)XOΗpa.dV)A:w|6BMbIfAĆU|$B;L~\ť%Y̽8Z& +td0u p FNV>/}/ϐ5h['x}7pOA$ܰZF?e<&^Vv{^I]u`!tp4vw2hb^1\P;J(:%O~X/ d*r@кrET\'Sc SprjFP&[d81?k#LNo{ (?mk\ 1W/`pr$t);&E?4K/Ѐ: Hŝ֮zeYoWJ$Z>O}. ZKJ ]9Czm0kYi /' Z]ܭ>+# / (x[ף آKX%hv{A<^=#mgכ]儺͠(rҜ)SKV?8V-!SAsh% F$56K$i>Q>>uyR[BU N"2 SD;y'yl8T4!7E柧z;WuDIk{ԄF BR]:]ІдDtf;9)ʫ_/HbJ voʊMYܗՓ]: ; r)"n#)(dEuE!᱈wnjx]0I ݔk *dW??"YACj:K<&jgBBLxQLKO:؝ٍ07"? 9~+Y+S*z]"H 6i36A.P%Ȅ< cB@CP2֠ki xtbO<ܛ'hk"No.u'F5"FtiL1^|eO؛Dޝ+?g$ =[xnHGNcUaiUVD !ݘ"kGK=NTjgFw#˃s.%h _C5y:pG{< 'p");T O6.wY18qoyeEG&vm%";tѷS'luj$#©T&#`tPUT  fx1?_&Qבs)J-3Ĥj5O%;| R#"G 5({E1ѰF#:EcKL%N٪rNZ\eDF9=9a| Aji? wf\QJ5yc}EE:]Ík3t5y/wdXߞFOΌ6&qg [e1Ҿ8$:@N5g:?3*k?N=v# r@Kj][ZU͓W'\W%03UD9.{a(bz%Y:}Mk@~麬? u)L9cKnj +յ$}KE|R|b8#2,ny:>4p[ PnETΕeWA QDWǚؿQ1 [T;#eZs4u&5GIb O=2*!Y%d0U_¬p8:'F%paK`.`*P@><<MlE'gsQ'' "~ Xv(ẘpX>G m&:*CJ2bsH{X*O7:6R/+dKC0A חkށY6*|ߕ㚒'ȇ==O>`>,Ö)M~(bthF*9C#M+j 2'eeۮ,0`\R*w {~PH>DFtb7:E ec+$60 a6,$uk}̙6ذjMQ6d ]haztf7_ښ12 Dr9\#FA6huⵗp<za|^^@6Jˌv1fo 0}x )z %+Hm^3ĪwﻱenKM ώ46<8e5\y:t^CgdbfȿEl9p)P"ft;o#kƱ؂sfsYÿL2r !pt-:HQ Y+ LY9ۛ?Bx,x,S~Io rYJ$K11w@p=*9)Gê }sI'~HR$%sKC m>m;kaJP;?5)A\v S/{n3XĹx W#r#40W*Hf5-DZv4݀y3:u&*gd>h$63xE?#;v8p_e[ IbѭkkoCk"7ced0r$zޞrNdTR_C.>3H 25(ēt@?uFmVvF~Р 79) TI /F>$u=m~V(6W_ |pH&%Q0S3gVcȘ̽!꽻}?-4Cj?(ɮ0|~!LCr<|Bu(yx_߲j{73/aSFu✷hN%\)o~I07fT+s$?ghX7ݟ{q4mxRPߠDxbFxr7`C!D׶#|NN0NhnMɧtH jN8TߕADU[݅B-lT-?_8 'Xz,%i9Q[ ?4O䁟X1NW Lf+HbP @9힖>I ?͉xVLUo =@(FL6Svo\8^Qߕte:S4%buP[mئ}?y BweցKAL QYY`1DbTؼF}$V8'ȢI4v iްעq4Fmt^ԏzf _Mmarha?q3*XfWy`VUNV ot I7̈Tz㷔Pp#U{:ٕ<[N5b%ĦIˌz ݤ|X#AD;3@uxs`_$ T$KAe,ほF^ni=j`X-574r؜)O!T'p#n; 7Xة_^dW+QnK")YpW >ae#I7C 'Ry!8IWL4`@揚 % )ejL? q(|y)#L1&3Yqo'q#<kS1NY+FHWŎgE؀mW^V#t<|f[XF`{kw)SKDfwǎKw#/0e #3R8W~(TZgLVsč (9\1jݍZG{=֡dԈ\6X}maqݕ깋%a}58K8ܪkHTK_ J9{Q^d0F7e`a==RK4$ˍ"bxsP%8^ 0oB- ZԿXF#뛴DTe_,y2&{ڞ7_)g& k1e9l£$,S% gIe`zJDnF)Y?6iĸOcSkI\N 5dW5MJ_?aSnCDP҅kIMEA;dр+~A{w Z52Ct:g`oI\(^(hc5oBo"@9ǟ𕚸[VesoVtwk?VWEev7d͗IEn)C(p)[ڨeE:j>ɋ.z|d0;d6! fE@P{H Z@e42%ᡬ,w?Y c Wt)޷ hzg`WXlqȚ߉\;Q.A֪h(6AQ5CDcg4_Uzk8,جEBܩ` xUP!(Uuθ؛])]Q,\>B$%@e濕9 -ZTtܧ(<cQC<3̏[_D[@fUgj-a7Dttx:$nkɍG97jI9zUtBh-nٽߍ"Ӡnr}P yKLKX01F4`7OUvȼ9(9(C!WJ;.7N32ٍ /D`j[rcjiL5Ou3Ծ{0L1*3)*:3<P6ekbr}WMl#?gүֆըʦ)M>d Ѝ/h ǚ<ט>tXs`^?WA4OҚT,Je. {֊7[-FŠz}#Ji;Z\6\hWr?.gf֠<<ꬑOU1~Er q֍לS8pXȧ^ KWH~e|Ho8G ~ e(?uUQRiSx 0ޘ}cp< ,,s3 p8i^ED- &hH -wYMgJY<9\e#@HӞ_jN*56Cܤe"XuE(oX}&6[O%cVmeaRbgS٦b?nG+U8E 'P"+`A኷WWxTik\ lJ1G4J·qaBA_SV:U)55̥aDU<bhP"r@w$ ŒV,2Q >ajAkl 8eC֝?T]hW{ ;P/\2Vd5ۍ*~?f0fvPƝqqgޱEª8֍Z)rz:W+]jm4QEu俪t]B ;@j6D{]N2,`BРHOusBgߚ\}+ň͏nmg)8t=s1"q(cQ4lP?jy" J6[4p RNdd#@ݢ&|#8YRn5m,()qāqҋe\QsK4[ٕ19GzA Pڱƶ'-EMyeI7i#c#-,X ^ې 8x /7jJiy?]EPdT9~jeR:0fKVkm&ɳJs R|^l[<Z)Gipr`Xl!mH U07Odr^mOE7~I3ٮ[)Y[yccWQBX7^YU#񚀷O<޵>$_QlX8 HYohӄa Z\A^Pޒ#Y"p24kvΘ;.˓Rf88Kw~d٩s};9 V|.!}Ia(;d"ޖF+j(, Pf?wݦ#kp@]H]:ˣ \Z5W~ڳdaCyc)yx7}Dys` V=ZW¨C1I!Ҵa;E"cvJk;V3t+gsl{Ԝ'}ͲDFTAP8& O"ӛRU*9G~_dzg";3GmC⒂{?AQ+9TylMi [o궢p߱xgN_  ^vx\<5{33tawލ='f r`<@t٦exX119G^65q OY`&Ӑ 0`B7xE3) !l7@ K{)?I{ɢ߹[%*^]"a4Xn64geSomw[Ieu^б,XD~&hਓ2ާ8]Ɍ:yؕoԜ}o*@Hc(;1D]M[8BZ=EKi\@*!"LvNAdCƈ(C=Dɵ6.e! P'8_r9B`Bw=L{4-0;95rg0m(?ǓjNfL7E(;ڷXVH8"5C.RaZ2Ɠ; 0$:wι95(!u%>:([$sG$$Z&A9}qY].=)?vv Ⱦ:$hk.gY$ȑYZ8y8a:B oԙ)/q+T⇾?^;yי:xȄfrjn:9*ƕm\`A6t><$ͫ"sB'{q LkzcdGQa9[WPf`ԍSn.pؐ)',kn{3B$h#vRݝĝ`uQQM)Uzy&:ݏeo򚡭V 7Y9ϖGT"z T7,(oU]&w66Z`iזe9@iغ3j/! ?қlO;:xu<%~?HE]܌/zlP*>Q5DJ ;pϷĆ zzԣ3A6_``îD}M0n73\ CءwU[6tٽ1 z~='|sc!gt`!_a~ΦcۦݛTC‹^aC7_@hkhg͖UQIw yg1wy b?Cid^zZl/IY`fR+A^M)ʹa`ؑ³n#ETe@GI#^A1s!%IR(fZo ͗`XOв5|5&TR:W#s 1VRw bu8^zF{2?^]'at"X(NqiG:`hՊЍ̏U|ɽѷX8W/8Ni}D|oo̤E[9d [}̵a;-V_`+r{f2gڇI̗Z2Tak=6_7FRₚG̙5?drcߐ"ZD%! !Firӥ=v7Yۣ6Aͥb 72l]#kf'ǡ Ǐu=g٠Z xDk JlX>طm+ctl7 8`z>g\eF/tAm䫨}T.FjYu҂)zxRgw7z0i omrΠ[%@ ut4O{%Ev?7<3fWZJkiBL ;aV|u (`#B8Bɨ;f}pEbeB+NK]'[ aFCK~{lzbKklc9Nu_=m|KNi2䲗~,m(O#E.d +;,IVPs=~׹|̙d-?\NCh.#cr [ļe AV?ЛaA Pw~,0T#\iY i# "Q2,6rnӇvrI4WOZ,57Dn';@mŨ ,Z/}AB#er 3<,C{s%7o} EeȓpuV 4C mG|Wz *ݞ50~)/"=1J^c?.D0s'3u? )}][@(ŴFbE5q d4#],7̩ff-@sK% &l:K+-&.s 8E'F݄^ًE>hֳ/ˊ8႙?іr:4@>C4|Xw̪܀#m"N^Ɍg~M5v2? 30lWʧ+ >rn;{%4P|Dէ-M ?Pr=E]Z̡^!?eTDiaDE1c-QDféWvTfa|{]XAChgL4@H#g확p+BPNFɝ%̇ ؿ!Xrΐ8t}))V25pC=DӢa⠽t{ѿTO (/}‡ӳqʤ٩4%_>*K~iO0ui O[c!t?$9I\ [zը݊@EJW 3\]BOF:U˯yY,,v H0;a3i d1GYDUKf wpiL Lz.b7DnBHrV 'r+ @'R3CШ,P+ΒݏFQ׫i! ,^x8fו+fΉکN*t?/7yU8ȿld8 !.i͐ls#a}dmH#ܿi2t^Yxdk7Ǘv X?t]x?G""Y  Қ*2Q)vIjz}7W-<%%I~l0=GūR4|WM;_m j-bN[pw$`QQjKlR5\ $Kir-5SaΗJc0 {&P0L-'?~{}\?;1T= _wqhYkVZ3cgYᛮL?3O_AW|KX rY$o/@;Pz+ R+.釺 96}m`^_o=ntdׁgG49?~1L)>ЋRIFTbK_d·1vf=8U:neh( 8Z78s##'GKz0F Mn#)S]) $Ө{a%Aԃ̗zOLk_JXCkH?8F @1Q#-qy`z&0%hʵ uj+}-sjj%ʗq]4 p<(<Q̵~y )[>@x2䥗r74G;EٴgKω%55ϨW9B?.x$vO ?2l]2ϊc\3 HE {0YN-j5Oά<WyIzXVd.d7;ӝzp{19}]Ja"M;h6.ʣk~p Vfk;?-kcs+$Uz8SDI-6WEW !