cryptsetup-2.3.7-150300.3.5.1<>,Taep9|Y#.a32.ݸ:Lr|bJ!ܕQkEJ+~J`; d>uѥEҋ >$|P.!J)nDGr7W-"n?-ۑ&]ٞ(dg9|m_~?Do%+I'cAI-ó˅#G5.K>գ:@:yS@U"G4=atTL,~C,4h4J>DX?Hd   Y 2>hntPDD 0D D D  D dDtDDDDTt(8 9 p:">@FGDHDIDX\Yd\D]D^] bcd?eDfGlIu\Dvl wDxDyIz8HDCcryptsetup2.3.7150300.3.5.1Setup program for dm-crypt Based Encrypted Block Devicescryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab.aes390zl35 WSUSE Linux Enterprise 15SUSE LLC SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-laterhttps://www.suse.com/System/Basehttps://gitlab.com/cryptsetup/cryptsetup/linuxs390x mkdir -p /run/regenerate-initrd/ touch /run/regenerate-initrd/all [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/cryptsetup.conf || : mkdir -p /run/regenerate-initrd/ touch /run/regenerate-initrd/all#Cxe N i:y^ 7!%9C E  [+AhG7".lg*tP IrjoZ  @A큤A큤aeaeaeaeaeaeaeae`W`WaaaO1d`O1d`O1d`O1d`O1d`O1d``WO1d``WO1d`OSO&`WP}Pa)QNS$S$S$SS UCVN)][`FT`FT`FT`FT`FT`W`W`W`W`W`W`W`W`W`W`Wa a a a a a a aaeO1d`PȈaeaeaeaed6bb4b689200c2348945700a6b0dad5df92bc2015860d15f36a25590814d77b0d4c06bcbd55eef2ae748d096b456a4137601b9458af1635e19e1aeafd0464c93b8594e07163db30806a5d8b99f00341dae1e26c8db23709246d94c58f016e720fbcc75c4b65171aa2afddcf1635360289662df67ff4e136bccff5c8503b682b9a468b961be1cc45413847cc3aa15bc989125be472557463ce69816286d89ef78012a99c581df2f922c8996d25fb19b13eba7776bb7ceb6b79f97c312088458203399dbc567343bbd6a5ff5d73de53bb39b7f8118af6bee31e171f6e6a3de4de00f3e0f44f68cc2a19b62e5b50369c7635b3ab80de75215fd7f43f4e9f0bde86a11c40bc50779d525750af7fcda5d7b7559fe37453d28130ddc7028ac4c6c43f6325800b1569fc977bde2337bffdd20077a5b5dd98f172c944e32b75a19556e3504505ff6feb42cb3fc27cd79c52b0a8dd446ebac636db57e47b466f2fb6f870e0b3b98db51402d5c6b54a76f049fe834f385bb0a81a195148c217776c29abb2885f985ae4dd6fa76e34b4abff697d973821ac6bb255e00ec8844fbf9fd7d936c0db4517a88ecd842a1ea48360c45563ef051ba71d51d6e5d40e240516536d8b7972e5fc2fc53522a41cf685cde1ed92ab42df50f608dad44b533a20d1468ba2ae01c5c98071c7c98d4d62b7af278c2c3c38a89a9f2aea7811e8078f34a6eaa99f921b65038a98a6281769a64e90528394c11e9f58978945cfbf058bd72d251bbd9f325cc7b69e35a3235b851f6e3d8db5d01d717afac72ba452ddca753be93df085ea8c727c1487e11b032c9357a5187ec8ef86d16f0bbb3d8f357ad4cf780c425b2628be5d85dad2656f925cee0b464f53c3a669223fb6a43dc581a27fbbbc5f6e280116a8aa26191a7f768e9dab9d82735c4b48a4aad0824763d081418a034a40f6b268b8cfbabdfe510845bf2de9d20af02dc914a3eebfc7bab6697989cc817443d3606ecf579a00565290e63c1f53c0520bf78473014d45cb7c7938a187d758112ba6c3946c2b6fa183d6a3662b3b34c09ebb40140613400e779506f22b7e005ddf07eb9e34df8ddfb5a6b053e7f1a57b4e44ebebf4c14ad2725bc3c40790fdac009890d44f3383abd33132f3f6e5e2114b5cc22df9a8b90cff57b061562ae48b74ffa53d0870533233fd1052e3f707216cf5f4f5941b0a67a5fc4a061e9d198ff7ffb01319f58779842a605461416c316bdf058e6e9091be4a69251bfe3556c7156ea0bfcd002f24822c0ba3cdd2cebfa9dc6b2463fe259b455c858bd7ebe5988a8fa6a4715c6bd4115489dbbc697f5a5b34058fc475b7c0db7f5faa108eefef8259641d4e435288c77eaa861163c2ce048a82cac90d17ddaa9adefe6a0b0f5fd155f4a31e4b4c3b3a31833d66f425462368041359d6a3165839ba3d51ee8b791da4adbf42e9b8aecd710112cf0a60bc6f9dcfa2f9caf91dcd6559d630eff407694c22b8a7f3217e5987a59b232ca2c7ea4cd3014c1c5fd4c941b0b767fd8d3246cbf48031d37564c8e6b56394dfbce815f6977954291049b53e440d880b42705939d9a513836df7abf4ffa7155ff9a1d2b1cf4c132390aaaa81594537ebee834ef41dd79e3430310491ccd9afd39971af54a580151557aaa9b9b822912260109b314fec98a14b4e525681877a2205703f005ca6aa56ae54a692356508326d024e1af8779187808b94aac22d36fd2b16c1be1f9bd7062999e28638cf4bd50f9c18e06632bc8660889bf0f45d52f09d6491d5291fe8619b329f6495be879093e92fb88c7c771bc0ba7da4f99386c80e0da2637249fe7fd99a57966d1d1e20dfae75a4967bd4676a882e6c13c121806f093d7e9426ce22275f598942b4fb7509951305b214b8b8f847e4ba4b26a3d9654105680cc2e7fdadd4c5c2260b6e19016a7ba548ea78bb8c562a4a1c68753bcab7104110d3df6fa239d54bdd8edc6c165c348ead91ad0e6ceea6aaeea0f71128d8187b4583eef22f3f3eba95a642bb9587909ff0eca1c2951afba46b0197f4b7c5428eb5a85bf730e9f756aa2859375a208dc1bb810cd2e4b073f1f6b5aad915dadbd5f03832a42c2225629c3065194a409b6dd3d911af16aae131e5e381ddcd08b58b698344d75f566edb6339f3b506a9645b7138611896178336bb6e116a0d31689723ed8aec4e11e13325b28343fc1552fc80c1896c7d7dd2c722bead9f62e9bfba917cc60cdea64838a6a2ea98637579ab402ab6e84c2669d86f6871ca6ae66ed9e74cea43ab42c767c2bc67125df067f0d6fa1a9a4f9aa405e0bbbe0972abf680102bf1a0e7292ba4dbebf11c4dce28845a7b2087675fc3c56468dd8ce61fbe1f1f30939ce8d2346c8d7d705c49522ac2e9047f37535b313e9c76be539d32fc224cfe78f39a411a2f32aa0a2cb152e6c7826e492c14a26741c1949e607de2a36d7d61f5e680fd9884baf001f186cde72e155b5ca5330400489662ef8add809175057a87661ab22029d875615ebc127f67b0d3506bb9058e347d31012676c78096d04ab7caa3644ff1da90435d9e77180d0166fb509883e10c6c846b3b7228e8d6ea553ed112c0a19cb8626f145670cce8b6a0ddd66c8016cd8ccef6cd71f35717cbacc7f1e895b3855207b338c33cc37871654ec7ed87e6fbb896c8cf33ef5ef05b1611a5aed857596ffafa55044777c24525ad009139b433028a38af6c032aa3767038fd72924659fb358c6de797e7119c92c22ff9bbce299b2471ab912ac18a77b6e1ea6666ea6c067aa763bccbf6c2ca5ed2a22c5cc474b5373ef0a7cf92b64da818833bf6f41738fd7786eefeec004e51ed4e57026fda94812342c6f4bf75a030840412af0371471c2bc/usr/sbin/cryptsetup@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcryptsetup-2.3.7-150300.3.5.1.src.rpmcryptsetupcryptsetup(s390-64) @@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/shcoreutilscoreutilslibblkid.so.1()(64bit)libblkid.so.1(BLKID_2.15)(64bit)libblkid.so.1(BLKID_2.17)(64bit)libblkid.so.1(BLKID_2.21)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcryptsetup.so.12()(64bit)libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpwquality.so.1()(64bit)libpwquality.so.1(LIBPWQUALITY_1.0)(64bit)libuuid.so.1()(64bit)libuuid.so.1(UUID_1.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3aZ@aq@`ݮ@`L@`KW_j__R,@^ϧ^^9\]W\f\f[G[G[{Zp^@Z64 bytes) passphrases- Split translations to -lang package - New version to 2.3.1 * Support VeraCrypt 128 bytes passwords. VeraCrypt now allows passwords of maximal length 128 bytes (compared to legacy TrueCrypt where it was limited by 64 bytes). * Strip extra newline from BitLocker recovery keys There might be a trailing newline added by the text editor when the recovery passphrase was passed using the --key-file option. * Detect separate libiconv library. It should fix compilation issues on distributions with iconv implemented in a separate library. * Various fixes and workarounds to build on old Linux distributions. * Split lines with hexadecimal digest printing for large key-sizes. * Do not wipe the device with no integrity profile. With --integrity none we performed useless full device wipe. * Workaround for dm-integrity kernel table bug. Some kernels show an invalid dm-integrity mapping table if superblock contains the "recalculate" bit. This causes integritysetup to not recognize the dm-integrity device. Integritysetup now specifies kernel options such a way that even on unpatched kernels mapping table is correct. * Print error message if LUKS1 keyslot cannot be processed. If the crypto backend is missing support for hash algorithms used in PBKDF2, the error message was not visible. * Properly align LUKS2 keyslots area on conversion. If the LUKS1 payload offset (data offset) is not aligned to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly. * Validate LUKS2 earlier on conversion to not corrupt the device if binary keyslots areas metadata are not correct.- Update to 2.3.0 (include release notes for 2.2.0) * BITLK (Windows BitLocker compatible) device access * Veritysetup now supports activation with additional PKCS7 signature of root hash through --root-hash-signature option. * Integritysetup now calculates hash integrity size according to algorithm instead of requiring an explicit tag size. * Integritysetup now supports fixed padding for dm-integrity devices. * A lot of fixes to online LUKS2 reecryption. * Add crypt_resume_by_volume_key() function to libcryptsetup. If a user has a volume key available, the LUKS device can be resumed directly using the provided volume key. No keyslot derivation is needed, only the key digest is checked. * Implement active device suspend info. Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags that informs the caller that device is suspended (luksSuspend). * Allow --test-passphrase for a detached header. Before this fix, we required a data device specified on the command line even though it was not necessary for the passphrase check. * Allow --key-file option in legacy offline encryption. The option was ignored for LUKS1 encryption initialization. * Export memory safe functions. To make developing of some extensions simpler, we now export functions to handle memory with proper wipe on deallocation. * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. * Add optional global serialization lock for memory hard PBKDF. * Abort conversion to LUKS1 with incompatible sector size that is not supported in LUKS1. * Report error (-ENOENT) if no LUKS keyslots are available. User can now distinguish between a wrong passphrase and no keyslot available. * Fix a possible segfault in detached header handling (double free). * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. * The libcryptsetup now keeps all file descriptors to underlying device open during the whole lifetime of crypt device context to avoid excessive scanning in udev (udev run scan on every descriptor close). * The luksDump command now prints more info for reencryption keyslot (when a device is in-reencryption). * New --device-size parameter is supported for LUKS2 reencryption. * New --resume-only parameter is supported for LUKS2 reencryption. * The repair command now tries LUKS2 reencryption recovery if needed. * If reencryption device is a file image, an interactive dialog now asks if reencryption should be run safely in offline mode (if autodetection of active devices failed). * Fix activation through a token where dm-crypt volume key was not set through keyring (but using old device-mapper table parameter mode). * Online reencryption can now retain all keyslots (if all passphrases are provided). Note that keyslot numbers will change in this case. * Allow volume key file to be used if no LUKS2 keyslots are present. * Print a warning if online reencrypt is called over LUKS1 (not supported). * Fix TCRYPT KDF failure in FIPS mode. * Remove FIPS mode restriction for crypt_volume_key_get. * Reduce keyslots area size in luksFormat when the header device is too small. * Make resize action accept --device-size parameter (supports units suffix).- Create a weak dependency cycle between libcryptsetup and libcryptsetup-hmac to make sure they are installed together (bsc#1090768)- Use noun phrase in summary.- New version 2.1.0 * The default size of the LUKS2 header is increased to 16 MB. It includes metadata and the area used for binary keyslots; it means that LUKS header backup is now 16MB in size. * Cryptsetup now doubles LUKS default key size if XTS mode is used (XTS mode uses two internal keys). This does not apply if key size is explicitly specified on the command line and it does not apply for the plain mode. This fixes a confusion with AES and 256bit key in XTS mode where code used AES128 and not AES256 as often expected. * Default cryptographic backend used for LUKS header processing is now OpenSSL. For years, OpenSSL provided better performance for PBKDF. * The Python bindings are no longer supported and the code was removed from cryptsetup distribution. Please use the libblockdev project that already covers most of the libcryptsetup functionality including LUKS2. * Cryptsetup now allows using --offset option also for luksFormat. * Cryptsetup now supports new refresh action (that is the alias for "open --refresh"). * Integritysetup now supports mode with detached data device through new --data-device option. - 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until someone has time to evaluate the fallout from switching to LUKS2.- Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. * Fixes static build for integritysetup if the pwquality library is used. * Allows passphrase change for unbound keyslots. * Fixes removed keyslot number in verbose message for luksKillSlot, luksRemoveKey and erase command. * Adds blkid scan when attempting to open a plain device and warn the user about existing device signatures in a ciphertext device. * Remove LUKS header signature if luksFormat fails to add the first keyslot. * Remove O_SYNC from device open and use fsync() to speed up wipe operation considerably. * Create --master-key-file in luksDump and fail if the file already exists. * Fixes a bug when LUKS2 authenticated encryption with a detached header wiped the header device instead of dm-integrity data device area (causing unnecessary LUKS2 header auto recovery).- make parallell installable version for SLE12- New version 2.0.4 Changes since version 2.0.3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Use the libblkid (blockid) library to detect foreign signatures on a device before LUKS format and LUKS2 auto-recovery. This change fixes an unexpected recovery using the secondary LUKS2 header after a device was already overwritten with another format (filesystem or LVM physical volume). LUKS2 will not recreate a primary header if it detects a valid foreign signature. In this situation, a user must always use cryptsetup repair command for the recovery. Note that libcryptsetup and utilities are now linked to libblkid as a new dependence. To compile code without blockid support (strongly discouraged), use --disable-blkid configure switch. * Add prompt for format and repair actions in cryptsetup and integritysetup if foreign signatures are detected on the device through the blockid library. After the confirmation, all known signatures are then wiped as part of the format or repair procedure. * Print consistent verbose message about keyslot and token numbers. For keyslot actions: Key slot unlocked/created/removed. For token actions: Token created/removed. * Print error, if a non-existent token is tried to be removed. * Add support for LUKS2 token definition export and import. The token command now can export/import customized token JSON file directly from command line. See the man page for more details. * Add support for new dm-integrity superblock version 2. * Add an error message when nothing was read from a key file. * Update cryptsetup man pages, including --type option usage. * Add a snapshot of LUKS2 format specification to documentation and accordingly fix supported secondary header offsets. * Add bundled optimized Argon2 SSE (X86_64 platform) code. If the bundled Argon2 code is used and the new configure switch - -enable-internal-sse-argon2 option is present, and compiler flags support required optimization, the code will try to use optimized and faster variant. Always use the shared library (--enable-libargon2) if possible. This option was added because an enterprise distribution rejected to support the shared Argon2 library and native support in generic cryptographic libraries is not ready yet. * Fix compilation with crypto backend for LibreSSL >= 2.7.0. LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility wrapper must be commented out. * Fix on-disk header size calculation for LUKS2 format if a specific data alignment is requested. Until now, the code used default size that could be wrong for converted devices. Changes since version 2.0.2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Expose interface to unbound LUKS2 keyslots. Unbound LUKS2 keyslot allows storing a key material that is independent of master volume key (it is not bound to encrypted data segment). * New API extensions for unbound keyslots (LUKS2 only) crypt_keyslot_get_key_size() and crypt_volume_key_get() These functions allow to get key and key size for unbound keyslots. * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only). * Add --unbound keyslot option to the cryptsetup luksAddKey command. * Add crypt_get_active_integrity_failures() call to get integrity failure count for dm-integrity devices. * Add crypt_get_pbkdf_default() function to get per-type PBKDF default setting. * Add new flag to crypt_keyslot_add_by_key() to force update device volume key. This call is mainly intended for a wrapped key change. * Allow volume key store in a file with cryptsetup. The --dump-master-key together with --master-key-file allows cryptsetup to store the binary volume key to a file instead of standard output. * Add support detached header for cryptsetup-reencrypt command. * Fix VeraCrypt PIM handling - use proper iterations count formula for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes. * Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim). * Add --with-default-luks-format configure time option. (Option to override default LUKS format version.) * Fix LUKS version conversion for detached (and trimmed) LUKS headers. * Add luksConvertKey cryptsetup command that converts specific keyslot from one PBKDF to another. * Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata) header is detected. * More cleanup and hardening of LUKS2 keyslot specific validation options. Add more checks for cipher validity before writing metadata on-disk. * Do not allow LUKS1 version downconversion if the header contains tokens. * Add "paes" family ciphers (AES wrapped key scheme for mainframes) to allowed ciphers. Specific wrapped ley configuration logic must be done by 3rd party tool, LUKS2 stores only keyslot material and allow activation of the device. * Add support for --check-at-most-once option (kernel 4.17) to veritysetup. This flag can be dangerous; if you can control underlying device (you can change its content after it was verified) it will no longer prevent reading tampered data and also it does not prevent silent data corruptions that appear after the block was once read. * Fix return code (EPERM instead of EINVAL) and retry count for bad passphrase on non-tty input. * Enable support for FEC decoding in veritysetup to check dm-verity devices with additional Reed-Solomon code in userspace (verify command). Changes since version 2.0.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Fix a regression in early detection of inactive keyslot for luksKillSlot. It tried to ask for passphrase even for already erased keyslot. * Fix a regression in loopaesOpen processing for keyfile on standard input. Use of "-" argument was not working properly. * Add LUKS2 specific options for cryptsetup-reencrypt. Tokens and persistent flags are now transferred during reencryption; change of PBKDF keyslot parameters is now supported and allows to set precalculated values (no benchmarks). * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags combination. Persistent flags are now stored only if the device was successfully activated with the specified flags. * Fix integritysetup format after recent Linux kernel changes that requires to setup key for HMAC in all cases. Previously integritysetup allowed HMAC with zero key that behaves like a plain hash. * Fix VeraCrypt PIM handling that modified internal iteration counts even for subsequent activations. The PIM count is no longer printed in debug log as it is sensitive information. Also, the code now skips legacy TrueCrypt algorithms if a PIM is specified (they cannot be used with PIM anyway). * PBKDF values cannot be set (even with force parameters) below hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2 it is 4 iterations and 32 KiB of memory cost. * Introduce new crypt_token_is_assigned() API function for reporting the binding between token and keyslots. * Allow crypt_token_json_set() API function to create internal token types. Do not allow unknown fields in internal token objects. * Print message in cryptsetup that about was aborted if a user did not answer YES in a query.- update to 2.0.1: * To store volume key into kernel keyring, kernel 4.15 with dm-crypt 1.18.1 is required * Increase maximum allowed PBKDF memory-cost limit to 4 GiB * Use /run/cryptsetup as default for cryptsetup locking dir * Introduce new 64-bit byte-offset *keyfile_device_offset functions. * New set of fucntions that allows 64-bit offsets even on 32bit systems are now availeble: - crypt_resume_by_keyfile_device_offset - crypt_keyslot_add_by_keyfile_device_offset - crypt_activate_by_keyfile_device_offset - crypt_keyfile_device_read The new functions have added the _device_ in name. Old functions are just internal wrappers around these. * Also cryptsetup --keyfile-offset and --new-keyfile-offset now allows 64-bit offsets as parameters. * Add error hint for wrongly formatted cipher strings in LUKS1 and properly fail in luksFormat if cipher format is missing required IV.- Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements- Update to version 1.7.5: * Fixes to luksFormat to properly support recent kernel running in FIPS mode (bsc#1031998). * Fixes accesses to unaligned hidden legacy TrueCrypt header. * Fixes to optional dracut ramdisk scripts for offline re-encryption on initial boot.- Update to version 1.7.4: * Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper. * Use LUKS1 compiled-in defaults also in Python wrapper. * OpenSSL backend: Fix OpenSSL 1.1.0 support without backward compatible API. * OpenSSL backend: Fix LibreSSL compatibility. * Check for data device and hash device area overlap in veritysetup. * Fix a possible race while allocating a free loop device. * Fix possible file descriptor leaks if libcryptsetup is run from a forked process. * Fix missing same_cpu_crypt flag in status command. * Various updates to FAQ and man pages. - Changes for version 1.7.3: * Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup. * Set configured (compile-time) default iteration time for devices created directly through libcryptsetup * Fix PBKDF2 benchmark to not double iteration count for specific corner case. * Verify passphrase in cryptsetup-reencrypt when encrypting a new drive. * OpenSSL backend: fix memory leak if hash context was repeatedly reused. * OpenSSL backend: add support for OpenSSL 1.1.0. * Fix several minor spelling errors. * Properly check maximal buffer size when parsing UUID from /dev/disk/.- Update to version 1.7.2: * Update LUKS documentation format. Clarify fixed sector size and keyslots alignment. * Support activation options for error handling modes in Linux kernel dm-verity module: - -ignore-corruption - dm-verity just logs detected corruption - -restart-on-corruption - dm-verity restarts the kernel if corruption is detected If the options above are not specified, default behavior for dm-verity remains. Default is that I/O operation fails with I/O error if corrupted block is detected. - -ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected to contain zeroes and always return zeroes directly instead. NOTE that these options could have security or functional impacts, do not use them without assessing the risks! * Fix help text for cipher benchmark specification (mention --cipher option). * Fix off-by-one error in maximum keyfile size. Allow keyfiles up to compiled-in default and not that value minus one. * Support resume of interrupted decryption in cryptsetup-reencrypt utility. To resume decryption, LUKS device UUID (--uuid option) option must be used. * Do not use direct-io for LUKS header with unaligned keyslots. Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005). * Fix device block size detection to properly work on particular file-based containers over underlying devices with 4k sectors. - Update to version 1.7.1: * Code now uses kernel crypto API backend according to new changes introduced in mainline kernel While mainline kernel should contain backward compatible changes, some stable series kernels do not contain fully backported compatibility patches. Without these patches most of cryptsetup operations (like unlocking device) fail. This change in cryptsetup ensures that all operations using kernel crypto API works even on these kernels. * The cryptsetup-reencrypt utility now properly detects removal of underlying link to block device and does not remove ongoing re-encryption log. This allows proper recovery (resume) of reencrypt operation later. NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility, this link disappears once the device metadata is temporarily removed from device. * Cryptsetup now allows special "-" (standard input) keyfile handling even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. * Cryptsetup now fails if there are more keyfiles specified for non-TCRYPT device. * The luksKillSlot command now does not suppress provided password in batch mode (if password is wrong slot is not destroyed). Note that not providing password in batch mode means that keyslot is destroyed unconditionally.- update to 1.7.0: * The cryptsetup 1.7 release changes defaults for LUKS, there are no API changes. * Default hash function is now SHA256 (used in key derivation function and anti-forensic splitter). * Default iteration time for PBKDF2 is now 2 seconds. * Fix PBKDF2 iteration benchmark for longer key sizes. * Remove experimental warning for reencrypt tool. * Add optional libpasswdqc support for new LUKS passwords. * Update FAQ document.- Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562)- Update to 1.6.8 * If the null cipher (no encryption) is used, allow only empty password for LUKS. (Previously cryptsetup accepted any password in this case.) The null cipher can be used only for testing and it is used temporarily during offline encrypting not yet encrypted device (cryptsetup-reencrypt tool). Accepting only empty password prevents situation when someone adds another LUKS device using the same UUID (UUID of existing LUKS device) with faked header containing null cipher. This could force user to use different LUKS device (with no encryption) without noticing. (IOW it prevents situation when attacker intentionally forces user to boot into different system just by LUKS header manipulation.) Properly configured systems should have an additional integrity protection in place here (LUKS here provides only confidentiality) but it is better to not allow this situation in the first place. (For more info see QubesOS Security Bulletin QSB-019-2015.) * Properly support stdin "-" handling for luksAddKey for both new and old keyfile parameters. * If encrypted device is file-backed (it uses underlying loop device), cryptsetup resize will try to resize underlying loop device as well. (It can be used to grow up file-backed device in one step.) * Cryptsetup now allows to use empty password through stdin pipe. (Intended only for testing in scripts.)- Enable verbose build log.- regenerate the initrd if cryptsetup tool changes (wanted by 90crypt dracut module)- Update to 1.6.7 * Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension) * Support keyfile-offset and keyfile-size options even for plain volumes. * Support keyfile option for luksAddKey if the master key is specified. * For historic reasons, hashing in the plain mode is not used if keyfile is specified (with exception of --key-file=-). Print a warning if these parameters are ignored. * Support permanent device decryption for cryptsetup-reencrypt. To remove LUKS encryption from a device, you can now use - -decrypt option. * Allow to use --header option in all LUKS commands. The - -header always takes precedence over positional device argument. * Allow luksSuspend without need to specify a detached header. * Detect if O_DIRECT is usable on a device allocation. There are some strange storage stack configurations which wrongly allows to open devices with direct-io but fails on all IO operations later. * Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later). * Get rid of libfipscheck library. (Note that this option was used only for Red Hat and derived distributions.) With recent FIPS changes we do not need to link to this FIPS monster anymore. Also drop some no longer needed FIPS mode checks. * Many fixes and clarifications to man pages. * Prevent compiler to optimize-out zeroing of buffers for on-stack variables. * Fix a crash if non-GNU strerror_r is used./bin/sh/bin/shs390zl35 1642423716  !"#$%&'()*+,-./0123456789:;<=>?@ABCD2.3.7-150300.3.5.12.3.7-150300.3.5.1cryptsetupcryptsetupcryptsetup.confcryptsetupcryptsetup-reencryptintegritysetupveritysetupcryptsetupAUTHORSChangeLog.oldFAQREADMETODOv1.0.7-ReleaseNotesv1.1.0-ReleaseNotesv1.1.1-ReleaseNotesv1.1.2-ReleaseNotesv1.1.3-ReleaseNotesv1.2.0-ReleaseNotesv1.3.0-ReleaseNotesv1.3.1-ReleaseNotesv1.4.0-ReleaseNotesv1.4.1-ReleaseNotesv1.4.2-ReleaseNotesv1.4.3-ReleaseNotesv1.5.0-ReleaseNotesv1.5.1-ReleaseNotesv1.6.0-ReleaseNotesv1.6.1-ReleaseNotesv1.6.2-ReleaseNotesv1.6.3-ReleaseNotesv1.6.4-ReleaseNotesv1.6.5-ReleaseNotesv1.6.6-ReleaseNotesv1.6.7-ReleaseNotesv1.6.8-ReleaseNotesv1.7.0-ReleaseNotesv1.7.1-ReleaseNotesv1.7.2-ReleaseNotesv1.7.3-ReleaseNotesv1.7.4-ReleaseNotesv1.7.5-ReleaseNotesv2.0.0-ReleaseNotesv2.0.1-ReleaseNotesv2.0.2-ReleaseNotesv2.0.3-ReleaseNotesv2.0.4-ReleaseNotesv2.0.5-ReleaseNotesv2.0.6-ReleaseNotesv2.1.0-ReleaseNotesv2.2.0-ReleaseNotesv2.2.1-ReleaseNotesv2.2.2-ReleaseNotesv2.3.0-ReleaseNotesv2.3.1-ReleaseNotesv2.3.2-ReleaseNotesv2.3.3-ReleaseNotesv2.3.4-ReleaseNotesv2.3.5-ReleaseNotesv2.3.6-ReleaseNotesv2.3.7-ReleaseNotescryptsetupCOPYINGCOPYING.LGPLcryptsetup-reencrypt.8.gzcryptsetup.8.gzintegritysetup.8.gzveritysetup.8.gz/run//sbin//usr/lib/tmpfiles.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/cryptsetup//usr/share/licenses//usr/share/licenses/cryptsetup//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:22378/SUSE_SLE-15-SP3_Update/8485393a1d890a5df93af49682ef6136-cryptsetup.SUSE_SLE-15-SP3_Updatedrpmxz5s390x-suse-linuxdirectoryASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=5a36fc925f5afccd1a0d0ae8a4bceccc476ef785, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=fa3c830ac38ad66b78fb3de251cd47b4e461b9ba, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=402e24b46739cdf388822bc021c51df29efa61f6, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=28315910d733c718f9ddefe8f8ea7af26e7b052e, for GNU/Linux 3.2.0, strippedUTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)'8RRRRRR RR RRR R RRRRRRRR RRRRRRR R RRR R RRRRRRR RRRRRRRR RRR R RRRRR RRRRRR R RRR R RRRRRR +jQqM if test -x /usr/lib/module-init-tools/regenerate-initrd-posttrans; then /bin/bash -c 'set +e; /usr/lib/module-init-tools/regenerate-initrd-posttrans' fi #/bin/shutf-834780e753a6630abbd9174b72a5109db805bc3655e58c129f4b8528b68f40589?7zXZ !t/r ]"k%a+ٙz |2L[OLS[~]h336g 텿ןXn&C'g l~ FPFHJ)&5$W%rcZ?C@'|Ǝ`4@tt?ӶUh˗(B_d7d_,ҏ_`鈼w=gbxc<{]$j&X>VjX߽4V抋 ؈AA˼ɕulC<]%1_*məڬU3׋Xy&$a rB џVc%*Mrd8ˠtR8XZ촢GCix ^Ffh\= &Ng=3%Z (Hw:@Vi]AV݊fX4읒-+6fBǕzT_qy# Pe=ޣa;i[-X",C?D-(5Lf4dmgȞєmĨ{`Ʌ rNahyhW}iw nb/`74vl]uSC!_g@}X@ E|m$HqQ8 м& Գ=J"M`71f~g?K}E+_ߴ3KVޔ9^>Iʠ?mj ,kN! -89 x^<(}U@Jz׳)5m2&ή7ifQdȟTl\!w[F'CƝJ*9[>AC/~*8Ls(,^P44j炀 p<ŭ' [ #%, o 5պy^ x2=- kN&‚]Zi^&֋=L+ҭ#҈m{/#ArVA>pGgڢФvýumL!y ]̒1*v҄;;{NVrNm(8)É gRl] TVM7ivUEPA_BxBdf^1538s~ڄ?~8YVx.zK!IP.k}v}ʻ|!h.Hp5p̍W5Y (fx߫V_"lhK))B8N4Z%`>chVa[]#43p BLV6V?Vޓj_0oO3rjĿ ~d!c.2,kWhKhL8R{Cox7h Z`ׅ:R =\#9%s{}KRM1"`h R =эfz>Sib>RiOkΦN3Ovl񹤣xUxm Ђ$*[DϗF87![ӺXuahјUN^+7V %*=̝ž{.B(_ͪGkUdsCCDz pmk]Ȁ7nV09 U!޾\H+х>Ep\FJ Φ#Վ _Ӣ {|𡶒ѽ ^fJOo^{ Ux\/pzORT5F^ eGCCo7[<3;}ԍ n9z+ 66(=3N< yQw/D~ DQR86X7FϦ c KPEtl'].c ˌ_9U4ijMܯunxX+R%t\4MeGO Ƶ &P 6XGGئxgXً2 7bS\eeH;$>=YK]\;m53\!p~ /&.)8\1%yxN2]3X).kls\+ٰ*L @l (5g-Xqݗ<>G-ɹԟe4_ o"{}NOoߐ1Y ]* $Jm1em*>C;AMaD[hC94H%hE}l$Vm{[Qw"We< C{4-ҹ+‡W暀Qmd; 7חo,e>}ځ拆e$[fdT>++A+Kl"D 䁕F(VG٦Pz.Xq *}qԪc;>o f! W|?BH#XEr rT`8xlC̮,k@jދ<ҊpiQΜh)WP|l6,Tlz *̡颞w}7`x9'7,CE$=a]hnHYa1,vCJ 8~ gUrg )IաZk1R~E= G9iy +;:n|.:2wI è/&pWuS$GMzx@j͝#Qߙ:\ʏ1M҉9H~ T%`:wx 5z*T#W0:QD9"~dK$洜6XV:&)aXiӃ(x^?OBH<-O$? tf8:EH#>T3;2/\N“N]no=3A^>u"@ h߾(?ۯm}`ôZ%s3tJ.6q`l!\t sJݘO@ >#J ( Og eCH,+ -O5NqV_A|ݺLTicnah]G%BlI[I޼F6 8Uqʳ٨ 􈄁Fv BUl^Y]8HX]Dl;bnQ [vmVQ,&[/::̷rs@1XW،it"/WvR8Ҝh2E"[ާ!$ =hf ߄ɯkpNEε73)#Q'4Y4AʛHv+);-q:C٩19eGs~vTڠ"6ޙ/Og\V¨.ljkFW1Q)oRw˴٩?i!,5D|K,}D[ h5LM诫Vs`^{(>KJeb){P`Ȃ콤 ^FCY_sVw"AzNfU$HXB6SX<^av;@ 3DYba.p7j5Ώ><7tsV#" Q,.)o_R(V+?Wjkmg5۬UÐAX‚kCw95dB,ͤF3?,͟3ra!氵'$.s~S(#Uq<nKE{ V Rb~P66?`u8yrܭo31,LYCt[ `U ڦl:kI\@Nv8]-d$\8x14jK'i8Am(mkO=t? = Xת2+hept2 {:=7gz&Wƥd,%ɜt;(7k9`hFm.@-g-尻s| o1-&opoQ(']C{F 4>2]{hF"x.;(-ԟ =g c>%7i=ͷw0R‹pl WΫ3+Kb]gX39>.]ƒh [\~RNX &=1:XG?m$S&B꼋me8 [dLtG֋gGG=qlLzO-kI ӂ1%f `i\^SƊ Չ{I5\ ظJeCJ[QM'y5:Iam?2vy?uBR(9|gX u,/.AԜj`i~_T0}EUQnTwo0E,4^)P;PEgQ@~lx-REơ4STUH-^#zreϢ7,ZALc$$A* wVx96P_{9p "ir*;Lt»E@$bEٛ|'tqI GIf-0R;q*y<&}K>Xd?gG%p^xһ'39L B]? Qf1{c&6ˁ } 'o$c5i 3FpbUHf2!c3[\sOڐVl=?(O  WZ0t|{99{Pu4> 9HFi(}^۩D,8a2?*0%X²8ssSŚ؛Dhm3J[R ů)c/ .-G:m16U `_H.d[Y:~?c$F!cjqWiPs,ŒxY/<(^_8&`E<.p;8X\>dERd ,xs֦b=q:P#  -aಀU>06th?uǼAu#IZyݟvx |aC^cqb̘bEO$G@CZȏK(KfvSxpv]6?,2B9F @Xd;ېhc҅v+Im!>p.!7xj/zɘJJ&@zB0ʮCv~t-(?Vu’"U.>چ艫~W߮ZU~ʧ;ZLꜱ`7%5)ں@7IRbr]nP @7q1 ?H"=jC>$G'?tls\:lf9Pt LoX9Wᑵ^}*$d)2OM#\DZz9@ .P6JuI/7x]ZA_*;I,-S8*|mQ[또)~PDglOO͡zLvn; Ifc4gkqcqy4%>$xmʢg H:.J81Gv+#~ !,OYuO%['kΣiݺ'*.wcOdQk-6O 1uKH M;GYD`^ǔi<.yX)0 O J,[9wMҵ)$2KsE36A'6m|tK|Gؐȭst%6Q8 $1JX6ev~]%6{L`/:7rA3kFV%.K2ܯOtE$┭a(S?ZAHhd{b%%a'` pS#@=U|2jѴC"T/uKp., Ss5yat*!>xƣnH }R!CY"glP̀NțJWv2:}n䥸W2/k㮲}\_绛guڕ,u2eijp҇"`1&5ߏٹD!o$'J6A'6w%X4zs ctTgJUCn_¿}\vÁFe\"Ա12ym"Yn'%5~f'A+e&0V!ʉl `{=Lx} ]΄4P $,ÔXo]D{)\jm(E[<_e>,g]ż~X,VҞYT*%<{ץi~[Vvc;:X49]KwVUqqş?ˢ Tu9g9f̃2]„_ir~$3u /w^y9ocBrsFd\%Huk:+o`yyV=B9^IX?ҙ6nKݾlOQk.8M͂55~g٫:eRW5 I |A2wJQ=Yic^xnK8$ `]}2ޜN ȴbiAJYŁ]țO$9Y@E2Gs+X] .4+7amP nS.jQo d'I͖ imbG@SM@I$J̙nX\h;V.RdH~^ۜ1b gs.9"l5vך"ø[& #퟈SÎ졠sAkIIꋧmbAHYE+mlbflӹ"^=+G!0ﶛT^]bL]T-Ũ9yɞ9y9)r{b4%njeg}ԪÕޗ:6dm0DhꜲ37D:d ^|]U"$uuO=6 brX%JPu]g$,?!ć"&GAdt 5Dd|4 Ǹ:nWr O 3ZOb.aOsc9tȠe@|~A#q<buM?2Fkue@flc\6otٓ?W)_3$MZw&Gq<߳-ԫl*Ii7>P9;\?JPov$|&󬔛IHK%V>byuHO=!F?%n-z7geDwk FIUjttqyD=D t% )hY̙2P&R/Ȋ15 \VJ$u8aYw0$\秺:o(cJD^8Uv߀6n׺FO8cX9 u(?c6%?u (S׏j 68[VM8&; y @'(:A^pr&WG##Jw%K ky1??Wnm; s]HjAdW>1~1 t:MpJ:j`a+Ez F'߾ ?gcuhcq нC>:)kqeZ̒mߦ7wu ЍY**'}oI _N+N[)t 5(ϔzy ̝`eZT0(/I=K=k@6˰:n X)MAAN>::fNV}f"F끻D^HE TsxB?|"Y`3`8!m:(Da- ,<MyEydXg< ~}<\CoЂߟ3\ثL7КLS*-fD>.ߑ\׷h'hR;UH;o#dhtd T;t_04JeL:?ꇁh$uZxE'lvrNwZi>u^y[sL{͗]b$U篔yR^a!Իy obsQqt+/Vq^\O֌Ńp; _2V;<%$j];3F(syLhcL魏h{MXgs\R~ƈ^Pa]p9q9HܚЋ XɛIy_iݮInQko ػ_8iY"+ E_ߺG- _uEIjEt!.ټ1Vҽp~Uge#x4! i1+t7tu<,2+pKH7ǖJN݉:f2mgYS4b^J="úѓ^U 5^2JfQB HAL CLCu$Cy4Jhes./7="baz7ihP+Eyp9h*ߜ0 }Q̵ivke9|xpM,Xzi$+H=4aqgM>ǐx:y{j!f/tIgj'( d&A|/X,z ׂ3}|jX9jZVm bsHNSk@JSYefG) (ٮ#\^}<ĠÐ|^x"kЧFj- Z`bo"u:fV @ PlLMu\|T5gë&5caw>7ea0v3&=,{;lO:= :0jX<5@p:Zr0*7U4>ҧ /Cj`E/wJq$KOBA,)+5> yLe<`ؔSԣnQJ0&O<[+ٸBd>%~jҳՆd;uEx@nkG:$+)jis|D;" k#ٽ2p%RٮLښ_+WRW"噴*fcӺ(W'&5 UrިEI] P00FQ~Sy ]';MI!M6]BDGGAJc@[Y7 5YgɆˈ^ih=_c=poVx~nkkMrLKS,?Jͱ3 F`'MU VebT0Z@_YL ,`:#@ƢNѼa!)䣭" &,C>ĔZ5JЃDn 6c6[T,cHj30B,R * *KBG{vAINA)CGr䖣K:LNkTъ$IvKw]L ^犉fp?:e"u }T]5 %D] SPJiI - ¢΄&)}Epމz_;t'AoJ/Sқ5^XӲ6DbE1+) D_P=+Ӹ@]FwDDs %1{d-6]q\9F<}8߇~m Hۅۛ54Ms/1 'Hq`/gUW^NRz(_Fܝc0f\:ɐK]"/0:9";(xxcAdՒ"I4}N 6WdXF g:M Oy脜[ooWYZw`k$?'`AhbU}ô䣤6 yh j1;itE`GoM֭WQ.Ԅ$IL?6N7͈RfYrOe ꩿ up[؈C$WVQvM X FM2\,ws=+N~uJYVEJ܍(^Ly P, r%3c²CD"@l|τ\|# # :FX;Fz3n-e?*B"\*C%Γ*?&铹"vSE2/Y2T<|YMc8'VxMyZ$ b1ah-ڴꚒR^]3$VlV`x4Ϭ-<_# ᘞ3c,uoN3?+P4?즆A Ӈ.Ȥ˘exĈQi\Msqk ԬXdh[ujP; ,$ .G^3nѽa D,H[Ujڃ۝n ݴ_dP#J7n֨߁XA(O of$9nr6^OuV``i,!H8Z5vJw'W9+w ν*}nf EՂYM)v 1_=re}i0Æ_:N_ƃNqӝcZ234ouO!P&R#U"7ޞ}n@-ڠ[>=,S0e( ek"#s0ѕI-)nt֯ju$&u!x˻Q-n׳+9g˗U]|ݞWҝ!$ʫٔZW6O[>:-iXX,r_rTxޭX$6~b@DQ| ǻӔ ObXi. {Fj s +Rnm0P%Yͧg GʝkF1@ H̰*"dTP `n?HbaA # {8Tm6A9\ظ*՞;F$`1d!6c,Vj,)TEZy[)Hڽ< aܚ6h5RI#BMF}O)KԔ{enOLOx@iHljud^3=8-jm;p޿퓄>+<X1qY(9 GՙN׽F3Z\5>,Y]v7Dޞn {FQ.h gɭ0LBqUk,Y|(~I#}? r:Z}ReR'Ij+zmk}5v?=r!n⠥1sMgz%@mьq:Xu[<ޖ&_0%-R9JAEmkeQݔx{|Z3 w>ZIaK%8$Srz! (zVDK2J#vpIX&\{X]踼HGڙ)8(ިpiW[7B23/:MV+#_i|L-Y:bI4c@+ٻ:p]tcYjQzeR&E}6c'{^v_C@no7^O-JWzu`.= g^/*<n0UG2Ճ܃J8MH'VF kEP/eeb|P<ׯ5+6//u߫<98vcJWZ"ۧgQ fj2aʬ#0'ĮRSt᡿j^`OiM0eI3H%B={1/.ڶʢU:8{NCY~[Xghrj:aodi.JE2}Rwf2 Oz1\`U9L6r= ¶Fex| |y %L2s.*|P\A%**t׆yUӂ*]ҁqN`Li}Tyb1 \8Ҽ[-XS&(&l(rj\u_}ry!9v3&a;g&5]ZP׏]9Yۛ!=5Ke0}9QOjdki|odˋ!գӊ3H#m>akKZW#FW$W.Зh+$1WB>F,s"-ooT|bYV7Jg2b4CCł+jkVA=MLB6]ivܪ4Gk `8H"GMe]?(qzwUx-b"NJ9zDd1Ix%R&@z&}rQs9SAJ@_l"-VCY-I&ِh8u@6}k<ꌢDq>`% $eIESzH,˂E:濸 }7DKi.)`&fЙrxJa ܻʭ1˅]D@U.DNsA㠯UWr\B.Y8dO=d4#Tzְ}8]b;`H>~RI^Z 0z->JuM3 lgϬ9g d}`tA2d P9uT#7LJ,M2m=1dHnduƳbRn⦽@@8$K6@KUuBsT렡w$9{їՍ%EyPGpU5OLD OP!%H+(u~|x/X+p(IpՉo575t0:--gh- G6:* ^d| k9F\8+:}\[UѶP(yv%[6mUwyt찂%_O4pHͿ͢MO$'TQ ψia w ٍ8*ݫF(jK+'hrW3\ѽ 7R'H"pB̼p ZRXBu!ɘH mb̾\`N ؿu)PdqJ@ 6y'mzI:KM0p,cPc,;2{ Ta): תw9'HQ5U0ZO*{,^/8h)Q^nWRہbfR)@//U,-`g_E ,36SL3gSm•[rU<)wHiZ'(S,90g;m&5hur! &=v Sc*Z(Yc⌎6liUDz?ޜ?"+`#3ZcXiVf䜉i veUAoq%dHbk 'x'-=m^u90'W~qkG&Qcm_kShV4^4/,˕ 6e^Pp0 9(vZ3dɗqT1ΰ>ǹ-wVw\‚-Z!j !9qt^X?>0*I0s5i-mVőy$4T &'sZIy<98kVf-~:3ځ<2\`eXCߊ`]j-XY0"`(̤S$g ->(}|Mڣ>Txh*BiTu dX04U˪i1VLh$B̂T>P%?&qa雌8S(/W0G9iIAZ[sӒٮ'ͱ6Kbb޿3n\߷@PY[NԀ)W- ">̘8YH-=2HGljH 5߄΁kJ ׉H;.]0#8>D TӀ@t[ ST чѧ:px\GZFw\TH &!0_&Y|qCS{_3S4aڶ];&xqXE AͶEWr&X|JtN+ jF @e<[7'<|bsQӢIopV|GnΫPɡJ:46?d)jrGº!f{)=k%j\ y@ ~k&Zd#IzX̃SaVel "eTYn򸀫]Wd!fJ],;90%l( .˪h7Q%'DhJ~Fr3SMO7(X񽳗 z3^Cirٵ"2 m"+l5Z{ 2}oX=`b:mgPKׂYͿƢ! :HٮFzVْe[ZU>dHpzTh@[iEGƎoF-S0Fz{3vˇFe$A tX5؍яz5xHhE  FT.;*xjsPk[L/Xmٻ3ps8 4P?A$Ckv0E˩V$9oUu&3\<@$- ?>mQD0x P+ 9Mp H]XB fC{ ytS cJ2p6[k$%ab_GML :Lݣiح<W ɨmHͷ* סKpE0|PRӿpo]Lvyc؂:Pwu86B92qY>!I+o9ŨdbNDxK{|4&P(eC'X729|e 2 2{dZFF-0XsF=ܕw"TΟ(%GZ bͭVȭmb+Mf.xzJp+ƪ-w}k"GB0%ZIRh<,x5D/Rm)ZM7$HMvW!ꦇZONWuV1@!l2vw8,nЛHthꅱNډؙq?]ЅXY]љ?B Y7s8,Uf^vk!*ZnBxfJd`j+l36ަY%i-EeIw)qI W޴ S E N1HMoJ@⚉es,JdiP~TLㇿZ`Y'8Gn{c~/B]ʁ3pO$,nKސ[Ԑ~cj-MVQFѻ;9FZh7,mhhr}{{li&&2ixfIYrŚ{V#-KT-:y7y*lk=ħf|;6LPxMEgmA֝\q0k -B[-8b7 R>yÇ\L9 LwKؼOw@A), U'~C.SAk{avN|]t0j֌ Ș6R{a>欖׆nܓۈ7k'Aϸ. xhR-o?ơK ~:RtJFPxFƑR,{,]]9#"(.4=)!4|| K &HwIÿ/̪雉_CqGDX^1mfCY3V=$% .cUSxlSNTgis!:I+YD´7CKh;7ǝȏTwmhzm6Y@/~%s;m=ҩD8%>m>M(g:Q@rT 1U)#Hw`!끕'U)o׿y,3֧7ei+:0'QѶf->ޠ8om 2Mc[؅U?^PNt3:UpGo,0rnqxi,zL )HG{IW"#=l s*`hĕG1~5ïr?7?(NLo]amFq& Wҫ^JQC~/D̏@~N~|/"]l:MeU{:/=V{=8WxⷮR;|m =.ŠҤJO=yORs!K]@TGt$#MKP2iX:Ĭ1Yoa Ed|Ϥ:((!M"?8 XH9#[xܰ;OLZᙁXQ "o5Б^`O?! @£ITs]ol%j'6g~^h? @æ_HVj'kc[c<w '/WmX9nIիnxnE1Ꜩ 3a]>ג4` g/OgXdi1?#%+W&VxoCm;ئNK5$/>z7lɓpT.ba f2^&~gUw PN| SJ YXk[YRXZ <b۱ɕK@TH}0G ytHqTm@L_,G|}"mSH2 3Hk>t&iw{h$x$S_|ݎ)oSPyo8SƴۚaGIVŋzE4Qh IaS~>4٩m`' !&^cB#LaF4`[vO$p9<߿&&)"P]ԫL$a$G*^>@Xg_۷kmao?w3YVXaY :XX%$d[f_襤EXr@u~TVm.Wb$[yFu x?XC 4@ih>Fճ=:(F6Ѽn-tW6%Qk!5ō 4qih164n|ET_^+c++Y>: YߓYw&PwKg +"1 Y!;bslL8jknzQbò)/cO x.SHL@2xZjyG!ۆ*, ^ dۣN %`w>.||b 00&Rsϱ1sDc{`(@x% 7^q Dy S0g_x5 댽 D󜆘%4ME927R^FS;q #] ްBhg5r Of1>^D`^ul@(Z浖\܄2 =3F?44?9RM622|tX*'<D xFP|̊׹}h_xg'_4BKd@K+b-1DB 2u!h=iOR*\@< [/}HEs",GE`YP4lpGS6yOX$x$Bg=D}7>NߍkYVi[oP\}#g%{7w)4n~$&&QlOvxPFa^.to0ERNpSL/œb`!||hϩp^H9*A E3[F{Ls~feA%9ϖձ0l⡡L"$ږ'yAMч򐵙C{u ͕eX. y>ṶyLXIO?CEU~2f< 'PeWd*9mLhxjg -֜񉗜@߂&6D-tpbY8|YBͨ?ijv)z~FR K\)vֹ_WL9HEU}!f`KA y2&?&"5OcT#I|Dp5~OphJ^JfsO 'cmNEyel.EV<@ 6yI02?PE1#-Ƴ^@kQʧ) 'A{gLhָ[I1gZ \!#\갣2ǜ}L Aqs{vEi6ḷ$rg4)Se|m-!Թ3*$̨_aB =N.n wĪ |_3ڀuN IxBEs%|) D\ɵ1\ ]zf 6MRe`*cj0\X&8on13= ;Q~H32<<#>pa= Si>zc ? awF shpZI"C# 4),j!Q u-3(vzI*Ңϳ~iWnb3r,b8~,blNlNiFfDJ\sO="qѤm׌Fk59.=D8BZw>u$JpݹU?))3R0 s#ಂb7ǂ5dBL}_fTX8*ۉaAE5_3ֹm(H^ c2ȿ nuP.Nr $A^іL]*\ؚ/aˀZr'BV@ ]Uc~bLC}41PB$%B!m j-IyF]o5i'[;vrmJ'^ BVbE0ZpL՜5} [;?\LgK_9z($INn ~xLH N76"ŷjK.PADM  wzmE3)gvGO&s<k)z8$0YNAT՛e)Vׅ5P%K騕Hd1ئ{`0 4 qtoWB{Yd1J=[Ga'ZB ̨4;IxI;>`:w2]bsXㄻ2[?+ whρ@-Q)}|u9SE'`tJ  9'A[HK(o#vD!Եu9Zi*7!eSQXx<~W Y8IÿF~'=y2@|8q;`w}b0M42_œܧBF)rYۖkԏExr 99;ZNpIZZVC$;kr09(Q)&䋵@bODtRphI,4Ai0-S(7 ZF9e=,_ xς @~/ڔ\aC87ӛ;tz>=U mb<~Ը)qS*J|%yF.ARh QT=QSoF'78 i:|9r SR\H<)ҧ#6x.,xOG48BHcZl X?#55 G;52'Ui;gAB<82dyWPb(Pg_J#yDrږ m1Rv+.K S)4Wc2P|Gt fNxYY]SD@wz Xb!cS[ $,MY9W#%뒳nET,(FuAGq>1S ḰRGDZ?T15,/?ՀQ1wM&^#T_Q&'rLHg輮D:}rm 3倶 J'wإ73NV*UcmFIDr/pXq$ ؝ ~=P g#1ȥl+d/wNzAi;ʷJm{w?\鸮`q"luUƛ ޕP +nB (@=Mpɀa?¨V=3(V O@&Fw_ؗFuM؛W\FF "Ƃ/+}@Dguϧ # 0AKV7!p9s%wI%[ ^)lkZ_$c֋&[sE5G.q;2$GS:kT B6h#H.,b$fssX^[)hSӌwhIxhajuT̿bXmP_E/(숈5)# P>|k@?_̡0aܼ,~%.,ێ S]ƙ⑫|c3,gD'&bsTҽ\k*+㍱r8xn3`5LDM2tj8[eh }Fqt4 {O՜Cn_g64HV˶'b|.,X(4FVvcA?C4&sI_! a7۾@:2zU u茡D4C/jʍc^%f2p2mؐcCٸaM覓E@?XK*®vȣw7g>9r_A:>PtO;:LŖe>Y8a;7RGqHlAN"9}6Vcaw/ckkhGF*ɿőg4U~~@;z2rui_/d$R_$%ȇ mE.C#mBiډ^Jzl7^DcQ2AaU[uʬ˞:ܺjM1Ά"KI8y~g1P _=5i+".,a|:?~/. _s z"Xѥl`i!W|˂uV/wU[bS =vƶ؃qr,qvE)=.÷!.ex*z;C`8,2qդ%*{:esW΅4jpI) x?]Y6x c h5PHOHY3JV- -a-)TnB <vGV^ $=au᜘V mYp'\w=.W)?}hbԂMtM. s8I/ ~rZ8v>V/ Fg/*L)c#EGԬorD2A) =F˛9`@&"cֆA9!P}I騣ܯ^ğࣈm]\$+aDPpBV5[3rN+>N½/5W^mPD\gy* ]uf)¥O1c}'@t#lFp6*؉|gRTC2-!VaϚ)a:8X:OxUvr ,lg(g2gfGomvp tIr v:f9t6-7qup$ˍlK$v<ɍ2r~Ociu|jMJװ(i'0_0:&?*^et1ߊ h/ czb5*0Q=3@Z> )%Ϻ/˶@?a7/=jnHs#b6ÿߥϱH $4S.ys#YWE3ow2+z^Ծ5CSx4D% fs'\a&ƶ1sl/IgSqNԌ@ƪy)хP^߅U]mS*l#ƾZL3[5jst/駺QI_ Og?rM)+MNy\3-ҢI{j6E}I"vޭ'=@Ȅ@uyɸXd74uz-CICcu%,ӕEǸ Q94BƩPC`'b_fϞv69MEd&g͕Ȫwi0?n\4\좤\}qE7`3Boif0 -b1(P#z B{#$5x@FndEguȡ1©ٴOB V-z>u .PS9չ݈=F\EϽ.TfV9UBEVwfdz^w Fmv*WFگ>ktd8Gƞ _ ^Hu{?P+x'ب `Tf/F]j. U+:حc [.#$2AԖ +PmZV?7G0}.m(#n*bCϥjƷ@2Mze K>GApw n;W)xX{l5oTo" )Q?q-"h^I0\} G2ַv[O8 ܸ7N3g x]۱.|%Z*H GNF goVOg.t->#FT[>I-r(חPAO {aU`ƬCYz42S& 62X&+\9<3:QO[ߴLiVl*#@C¶l%.8+lw<&0qҚvZU˫ /[5<"mzLB["l߄b즉O|yӠR ~.' )OiԠFG4[ N?P[ i  W|+٨:8TBs"F1?F k\ͤ9Hs\y1pnޜt!thj/3j/EݢfvADcJлKB?0HHY@yp9،I䃊}ugzy;H04Jg6F=!Ij#ŃnQ'FwҲ O]ydRXCNw)1<ljSl-aUSѢDh=&L,rvdwBxgb]^)ؙOII?gEp;\[ӠӖHV# Hsmߘ69o}f{/`Z޷!ϼ)9cz[%SZuʼm4^v/]"atپoJҗѕR$&fJ􈟷\SksbO <|_^g8 "<Ds*DͲߎET ,sO,֌;׋ajW}ł&԰köN0Mh¥; iWL]5瓺Ec6s] M #x+ȏ.oDd߇LmrFC+䤍R8gdN+Ol6|6vg?c9ĞÇ!jeٿM6?`ZR'9=Vv]?˺~P;` f/ .-&m07i$h+*z+q\**f!B^ol gѻ{2I|r? [ZsՄ tQ3Р&Yu9TGY*Ma*eŎQPH "$R6 !;x}GrbKPO9x[3)ޓ-D%0k"Tiɢ(glLoy?§%EG&uuTsŰ*JrOXU]5@9.n>$vlLB|vcU-|''CoKBJx'k{2T,˼6Yb=;f] jrD-4a۹y[g4|@֝h971R5u$͜|>8eK߮cD_^y,$瑐Un+tY|^8ͽu&aq nQ2 Ȟv@$g_̧#EcF:ЁԷ>0~vl1"wcE6Db[V2+䛫SH߿UGa뾼{5?+i2,et}1+m#o^1ӭw%U<&fn^>s:?/o.C>L婲NԴN/Gȓk2x<ЅGV?tyC& c+)Pc@UǫrfoܸT2[bKgS;t arg43ask6^XPh5y͡gyKM t4"ϴoy_9gA9g^{/"#6DwCS,3+"HFTkrZ>e¨ˈȟ`XpJ+X9g9yЃ#kvAO'C~҆8׊H*XaZ{*,(|#rlPt+OdK,K9YfE -1d=TYjj]2F =;s۶+'j[*'Q-it)Yw}7|wӪ~7!)f%p0s%K9dhpQ7{Qj$H4oJ2<}r!BLcVv/|!YgCԯS=y=]BKF ٬܄?+y*NKAu+y,FDW~ c-JOJ(T3S*| w"w7v%fc}3艐{Ⱦp[m4 Ԓߙel4fKӒ"Lu8p|̢? TUqJzzƈRYFVٍp*X =F2nSMX rdtm매..iIy*x:W/6S?7s\uf 4 >۬9Tϕj M}D AX)w. ZRSo@P5)e!:|Әk݄M0RLU^+{ZMU,4|z N}NůX4t߈:WT+`6o8>>"F@t(4Ig$왓"= l (?)A9ָ7=Sqﴥh`}7+SN>!kOFQ(d*J:鋻T~wn:;&%+QePؔgX" KvQ} +@Lw";sh? ~%]@s zdt%h(6 ;ee_7FOiYzK,^a \ )NΤ#j}ㆄbbGfvWW@ageԓ72E?%X@pۏu&.V(3䧥 ̨Xx/1K?si4YP@/vH=޴ʮQ 3E+ ,"P4mrΫPs[7Fʉ^6z31ibO.C1lYQpE)p Q'3jUOm l7 6JFe=Pqc`LnI˖J&EhDh|"D$Z i6T,&ִhF<¨? pVޓ(Q7QLUU,4EȦyȕ``2[Y*l4Ukm;c:&FY\bS*)(yL!53|)"d4#Pku{ c;cϦ0 ,~-[ef5}= d<skdy ;WRT(~]O`&"gg#oxbX;e2zŁe/̊LTzy]=W8`rrƕ%d\ ش%Ε"3P{6^lN߾j?}:3"1%XF~p厲NKfg)|i#Tҫ(fi#`qe6G{<_,of8r'IwR8GqW:ʎ /{N0\BWC=w:۶`0qRe]ю&Ql=[(3>%]`_UD~+٩(! ׮Sƪv{Hf<6ڬ vȴn[uŤoY4}OkWyFB RW”ӱ+Or;"~kRҒ[-yQnp'k/ˡk{~rf]vY+S6Rofjvz uœn.V_ML@(= @ήiZX`;2D+dBȲ:k@jI_PD|mT2QdH=D 'ff0yد y0Rx&Z\|ooc^+kiRsTuպ>XwEӊaPjR}vKA)Ѹ_ُvѿ]˚t<,5_1R2Vx0$dI[6Н6oFRx ouD^2KmdPV$wsXb7 .7FtcX/cuPZ}c K!#7ᮔC~ɇb(}D0*3MFpY+͒IkAu%=q0N[bgFPv6k ڪS=.j4c vB~ .i41 86xŽIc-%"itgy;5KXm囆!Y}əP\~WD &e:Tg<0qenWNM<Դ wi/5+G 9JJ.<4Z\o,*p>Su$xelHGГh͞e#I,|FwPB{aO`9n*ЅHtg n+wF3QףA5m8B.pg9 mwNQ;l*l` 1IlIEYsx[O!a-ك3lUIJT mCl]):e$Z7;m/Pl2G"$18 cɽ0^L40=}<6Eoΐ i<\01rVu3AUnn<\ z7 ?b Ln7|v8%`d2kn²#sǨd )Xa@ءK1ɍytE(<#&C9B즋 <+է|u)z7o!,S蛶v͢^D ً*R0c`tZ`-=pxSlH60J`uoW]@a]ԆoDq~j ?XG_=/K(O&b-<P"[Wz_B9։K%vsF;x|8fS*h( އ%b%(Gx@PJ(j*p@P߯Axh-0B9: pgmWZWEYJg_ਥջ&z͞|X)vaA-JPxt% ] wS_s9Mr׳9zH[ȬC.i=;RU/9]JB> .|'n+S(fV!sǭ%WO_MFp\ο?ȣ^i#ӌwS\KjdW@bw$1=6,\.{K/XUR?79E sR%aHtQ"+#D]Yۆ{d 9 +ʊ6a%n#@ j8k8@VN΂ TDv<[N7Ǿ4&@M 7et<)U5Az['xՈ\Dm p&_r*Ǖ@8!b_~)^fq>)$g=8 Z(U犢ZlY8n+bxqRlHYg#sfUi{ʥ:+zܩn:a듵YJDE#O3oG ݿ_}Eu7J=vrɩآ3efH$rcHo(C}ɸ\3ݖC\3L7瑗Gόِ`&!ۥg 1$TU^VqzUeHm[oy˙8N7uhkrj*4VG$'IAG ֶ2r)arnr2 Y)ԄrښϗN|(݆DB6ܧ8Soo9[I}ž!=ISnJJѲ,6Qy`Pa޻7{IjPKb$ .>%_'ұpiU ھHQ^uŞZBЕ~;frM-eO2t$>`'_+Z!Iq'mt1jſ(5 7T_$&dQ[V1L0?8{$1*:x'GoХG/Yw.P@:Fٗ>v4K֧#_JZE0(Sys>rր7w1H@{1w6YpV'|oPymZAh2Pgۥ9;սd:8%PodkY_AC;:̂)|b݇KE)sda0Emvnohdg{( fVN%r?RwX=8*eiЀ' V@OѦn"KjPז7j ܯXDEֱW5>/x> z1#O{9f0/fn}Ůy]At}<8jd͝뎠(Ltamv)~TTJ h;qpm&W+TbКb_ .3 r ҚRYddnI y[@zE>)uږאqɀq]ѥ{RDo謂S+fffJx1!2l8ML۔EvhAw0<["D-'z=xư}!ۆb*Uћkt 'X)ҍB9<OQ~FUۆ^D{'= KkfФVa8y[ĔrTiKLb.^L衜rNGASy:WF,̭4Htn~j}c#( tqUIܡrCķoFdH[QʏcHo$M/C׏2!)ZyZZ Z}2x! +^PZn`o*I]m]!R%U'}?/_Կ2vX2q'Ődu./c/& $ݘC #YC԰6ڕH0/O!vi!KďU‘aW] )a ȼ=ʜ(2_~x.>]9L;s<@˰M(Z cײPwcdRa% s2 ُwk'ȩm7Fc1d0p1_XؼIŢ ag)zZg?8 n 跞UNxo-xiPQtxlR~!%@XKQ87ۇ{ EuVv|E_[3QO ˲х4@Eh\V ٨&Bp+7cՇ[p1PE"=grmE~YqWǰO# h>;^&a{u૑6Ͻ-c:XWOb1ɪ3V;,6Í#3ǿ4= {wҞCQD48/].Xۍ+]t>E,ǺfeoPlWƦȋS;_r\H]T85w|/O3t7δ >/hgș`M'yQp}8+¿sv&/v)e }O!a|)Ѯbvc o&ŝ iao4p)B!efb_M{hvLpc/ջhcri*XƗy-F{u1&.k_D&zƲy 8As rǍ%4Z9=7g<&Ra;b(tC댍؋/qO> PDXg7{W5*q3%D[+!5>$, !'kFmsSӮX%uLɦ׫o_nfp=QXc,{" ~Wh _ qŊM8 f}(;3(eO$aF%]$G"õ?~DBmN̻]a1R"Eoma粱TK2(d[5@1T%6ׂc=lF<ρ~x @4ux.) T$JYDWрaKbv~9s310BX?ljX#ݧYQ csjS犸.6!G v>Ixg  H.cqqkՀiĖ6w$mF0\+iZu'P\%uR%h*- ۈYI;Q6pY+L"Kwma(A5sZCЫ?|A$K繼T0ܱ mNXJIG'M,Sf0Q@&%4uIxOEJfHyTjIix E 楟 GH)h4X|\Bv"uy1RJȑԒ%?0,ݥ UGs`#7=xHFXMhS-Ob#;ɇwJ4uȚɲ^J yrk-c$[zM[eDGU6 HڝZG VX,mN>s~Fx ~< h_^ܘ&Iێ_چ_ĉt;Kq8h9R=vpM:O~LLU&5S?G=žPd YrlaRtc8 e |vs 9mqǿlς!ؑ ro9 > oB^'} ^̿N³t oL,{ASpY&LDRm RaJO.ͿibLG]6F6UA>^n9S _k/}g\LJ$aTJH.W4%QJ 01A4{6Ms \҇4qO2:P2,E,@t _)ӂQ6?X,k ۀU0&`GN~W,(-z,x*&TGnT{E\{,!u_m"-q7 Ҙ:KDcޜŋ.}u3V5VE(N{ LMR,=Ȁ}]`v=3(Ӄ/] 6~z1\ uX\# 84^L]i$E:F;FC1eA:9(^Iմ E&E|˒Ћ-C[1RW͞Tt,)1}I)?M$;QmyQ{g[XдfVE:e $"S'QkN|{,Jr |9~J b"_7;߼, R0"2.TI(M~[˸73rczckGݜj(OI_XL[hkXɵvS_m>y5Y" mړ>ABᆷ Bp8(4Uld]:'&0R0C$$U>5 ־POEoV6ږ  (`WH<3< k㺮@8R@cTHdw돱h ^49SxaH^QA&|\[{  ׾9/6uLoMEf"!HcOu`])^Ʒz,:y%7N]n45K3kܧ:@ך^|G rqD[kSCGŮk=6((oaAa/=Ia cCHcy Q0Po7׮ۡQp9 I%# \_~NB dOH=ZW 62˻`bI rNMhDJ2JϥD*eQlV> 6钀m[т˃wʼ&/?8?S5mω!0bH/L-#CΕ?{1twfKDӶI#H8\,|Gx``BS;H?`QlKWJzIQKkFcەa$j)$ѪS'΢m=%H)33˘W"$ړqGs禼 z&,^䘪 H؟ F)ot&O-b-ߴ @jiݲ@ x.pkqF ^y#sќyÛD ?TR1GKR:# QV4KH-u#Є) ߰`ÿmJVP!#l)W]8?M5Uy z@ֳ6&@|t]4yXmwSCנBHLkNcnD$+zLQ%Cf2~x ĻRӑwW+Kyku@T6|$gQ^ 2oUDkS|9(ȿ*}sm:`Մ" ^Fmy'4zJ:֔@6ߦ!N8"i pG{=5Q܈N^.(hD:ӫj3>Ӌem 5$>h>~8׊󇧸v2v3ܔ29[ 7 NrF ʳEor]d)b2 cj iHP'BoϲYO[G=b=ˋԬ)xxrb;L~55 湪fQ߹H ?<4 yo:O M5M`W>r/9mE1j=Lhn3xn-2Nd ,ԻZMT\B^$Ri6.o^j_X"]g21ۈhcoyL ۳l6ui:F70#yV׮r:M%̧At eЋFƺeʅ<%ol5yidT ŖLw=lYb'ihsƸ̢ks"w;bWA*I %QdL,]JN6*O`D$ 'DK_TjT ڦ,IfpM[ka k+2okO?4yMxbo'q򠃜=!p%tQMpoBYq҃ 1ZT͍ei6xb.θjME. "3vוG?GΠ|XEUjiϼ+.>O C _IƲ;DkRF;^DO96,F^,C;WH? y$ۉ$QXtXqq҃O+slj_1bjqhy0UXFUT-DY^i"ۡ !^a^uHT~T+)DÅ&rְxeD<vnYIO քք|њ}Tg? 96ӫDaFBU;b݉ ^y>>IM*;z.Gdsl|Qb\ *H>ڂ!K7f?A +Nz>RRAw-Z$6ܑ]O7tYcƛ7@M,U43x"la(O?5{A?1F&l$¡BRxf՞?Svd5Ժ}Ps8ǟ8,Hk6iTcSdVHʚۋUQ"V!6@r쮝H C x՜6f_$Ç2n\N:Бq6 C> NLvwGˮ+%8 P #;\dV" Yڷz0 }wXjOҧLp|t531b5C\x?$#?,IHDAls5 !JwN>B͓tla2o,i(sXҊ+m1H}$L8utФ 0?Ld8+-%O FBzG,: GE .J^2vRTh㖬D[Мc`w*(f7v=ncjRm*v,Btwc']h)&4YėN% ơ uriX;pga(I&^.#h`:`^G,d\wɓ9?׎߱_s۪?ms&"ճޑ,w.42 T@VcXeZ)xS}$-|-}1f xSž^a8gX!"!p7U@/:aS?҇b^ vy;>GQ!d)C~B8a$2AQ"{ Yfzج y) uä]Ah5GҌ;ۑî7濡g~PF1G. xļ+R1RFPUEvl (\N &v|}hcMS:7h \IDLH)>k/7L;#NbB[`gRNRtg[WylCI tBqh3!wlM,xiDRP}8@bNë:yqI@ڸJm=$$1\)#)uZ-lAcg`"󈹟_ӺD_KÖXau& [iZ$AU^*.̭h{f}eQX6G9]YLSrьêK i34 :Pi_@Pm{[?ΧۃTmS3q zshZ̦5` 㞧xԒ'.0;4iJ_ S/%{ q_ɍEډ":RKN@tw+(ב ̤C|rA>hV!FDb!FII*yI2+=lS-cBڷ$,ߦC d켭#z;$̵/8WM+N:{>,DNڜ\'T!k86ב1 [(EdrH X a K7c#F*W!֮5C1LlIq)]?JJ ոb0)yCOU"sǦ(7UY4ݼGwn͂ZȪXtNQ͍H<1GnK$c7A԰P =m^_{Zț~8}w3B19P|qu ~CiF윰p$CnJc5Uuygn劏v"kWtL$~bf/,^u^{p)M( y_4`XFJF`C 5_94GWF@C0^FP .jް.j !K[之f?`Y ob)T;^de{]Vڷ9^J}BTp5D][}!nxԼt$bDi+>sp]{9H\( 9]QYD5>Wܿ{~WІA>8Ā~vgw E:U?8Zڢip\Hl#|=EN}a .H%A#ۅÃ~ G7"ڳ)`6Ţ[hx<  %סy֔%&99VTF'|6W;]tV2N 䵚ˈ`SKȲL`g&+I`>N?`Y3>.jK6'dQ8UM~ I}D?%4_ !rQiaΰLEFd :MbUdo;e/8 hӰ5(AJ Ż$l`Mʑ{<[#sa;H@mHs\_҇d7,b9Rև(HY}!=C3ͱx`(gMuo)җC] 0 bsg%+nq~ȾikEV~/4쨉 n)nj3S>n?XdD9G6{SPQiw5k;1?3ES xS q#O%~BJ@.9 Me{,ў}Qsa<&Y<;*~eH9IWu8A܏ f1,ѥr' (!DV۵Lg+zk NJ8SlP) #6Q$X$M%^/46$f *4v(^N"'׾Bd|e4k`#N[:2QQ&O_TjU"L߳; ٶlOr%^Zߜ~jZno!2Pop٨94K^R}ni4y #o^ @3g*?=2Lp:)UFN"LJ j&XM _Zi%aEMbAY<毖`5bbjPڷzVm[2y_3X>;{%0O&CRg uHpE4-&(%{6s!M saYAm!`/azDq@=B ΌWP63(|Yf s˖@zsq_n؞=W l{f#u:(fH9;V/Oy_I8<df|}u/Ou>lkj Wآ.zAAW.|وtҺvTxW X@R8O4I o6RgO$nmE!] h2m e/ ul?;|}Sq2#]o*E12mr"m$%(_ǹgAhb}o;HDQg$t;]wՍ _d(!BA,5@(EPhߝ"φAQ=?Q)%J2q3nL(u^ lLo~G}I'9/ƨ .[ZF9S\.i'HuKJwgc{}  f}͖ӯMU<5̠ "6Sy#,D'V;BdfIٯk#8Sƽ-Aq D~uU0ќoZnq66B~C|kiDr3*qR8ᱍ{An&* {{ħT"g8ܿBKJ"xh+_~/J`9ڎ[= )ʌ|oBUA`dNlM%:@Fc#~^>sg`fF%i ɺW,??;CyH}H5c6ϵpұNևyTh k` uf EGa%\n}D&6 KiW;z9OɟⳝNΗTiB|E; ?ˉ9{W6sGzOU$y_jS)\c2(_eU6լ.71&z+̽cG9d+8x\=Yg3J[-:.& M7`3H, C?QW;0-8.ƀ)k%NybBNU%&,BVD hD4#Zi+0Ej7ܿE V}iX=diیn:@[(ɫ2ПbJ>ɲҮC#. f"Л<^(]u)u#-8a !Z:+w W@tqHSxghz|C* _`>It=aiH`iWKڡFqФ& 1hRe3D__kSɊ*bEq'5ڻw ɡ_+sVt": ݬv"3*u)^q v[lAϣy0olxS&*eӀ9(i$5@,yI˫A!5w+`JU(V2˺L@]%n!%k*>z6uHftB4hf9Kf2 ~?џ3OQڧEb#(%,I1U\v.n^j$ڛQO˒/t"(,[Hc~+z+3peU}j GZ3_`g(-)=c'e$`A,?{5Pė%.ַ}~.~7s~)]jmV: pk(\4 HbVO:Z8r."*KD}3hSݳ0EIMQh}3's)3}8z .,???0OWEE՟!^6̓r`,+|G{v:4SEH*E\wftVRB^jaZRQ /meB:?/S VnJ~/nޙP\T}CF$1"DH1\~UP}2KU3Gnb߮>l⦆$"Gb?*@jX+*EVhOPGd=gZFN[Jg rtF*QeJ &356f;be%VGiA#9Gkr@?.f)mJs=V"$`(U|rҪXu,<,W@@vpHN۳2FPUYgZh 2^M$=qSt/vU( C{]^LVjLeҜmY|H$EvOKdUH~%}T"6d捉9N @dKWRUEׇEm@ _V1Nܠ~*:fp}z1ڬU ŕ,R3 to/.#$_rtP˖Y)D a_(| B6gtM񽙸Q%\ R}0-rv-ZO+2!갗N 1ӹl9GB'%b5UB;i cRm+'9@ѓaX5 uIt7b MBwe_/0ԉqsQg_`DŸK|OѲI/FvgݝgB-eSS@:iHPNJ g+i$Ĥcmk,,,/jR>̍Fux?Xj{U"EBTTWuѷ",GbۊbMLWS.ޗz;Cu68&fja)(P4:%hOGDuꈑ X"FQ35j`P8:X24m($$?XeaLq$dT };LOjQTh&fPUF[wp-y~Yذg72N1]:Ƀ:<0c!Oq57cw*aDpLUjlߥ./\fq4bvODZ Su9HTUJ׺5|*)ӫn`OvHD%wuu '8іʫ *:ʁLuc(>$k%؋g'㋃K+vQi!YcJ)#ZCY}ˊx#tsH#+9Kc-V;IRW}ޒ70zӼ~\R=7%1Cc"FPh3hYUT݆\4PTr,1wDp~zao@h1PObx&EL"R>H\GCreA,KAL޹:-^͉jᬀ[}b=DlM<*^Ku Fߑ5%,@7\>(bbs;V|Wmkauƺ1 HxrɟϟW5A: 쑊Dԃ;/־LLj; Qu>#o՞,y;`aTaVwhgdE:DW'@WrOac,˖ vp!;6mnR+7WG>ZXɅ`>`B"J=\2K/h ˋ&;$/[at @\0^| lM;B7 =5ymn-G%0-+5 k-i\T@rtwɫLbl(vZ qYض}84CPɪ1 Q};S$qC te hpi!@dc. U;(dLyh!VAW .clQR e2ז7gSh߂Qӓ?J0Vptwr%!:Ƽ_p|OiϞ=㇃iRAkYN/գ;+Y*P4Bel`bo(3]E(!7G<̘-ܑ} YXBhM K7R8&~-weFShҝ.e%PsW'T{.ѳCJn@WF a z%@io2Nm=9: $t^xI 8N\1s(msrǍ۬#"m'z#}%M<h(&jOkQݎcG#ͷ%|7 a01ʨh B'=^ 9O6%g٧!J2S:UQǡkc*s W+"tyA.V;;Ċ6 =+ yNVBE8m:F6DL^a$,*>xu‹yǐsDAS_LC  ̥;V〄4?3:eTZ3(ĿĻ:V+.ܒ*Xw*2 Rsە}R'$iBx2iG05h9`:ϣ{SMQ*dSjdU*[~:PаLJ?lKaCvʟ쥋 qk/8i":R)0rRӆM'ri1xW{-0r}EN'T>y|Iܗ_ _qPǖ-qkeJ_eO#cߝ.¨^QP@SnUyiB71߈RՆ+* kaDBd!0q24qh#[`8g&|ȑh"I~:' A?{m䧔 N=)mWI!zjO׬ͣ <__\&~t˶>n؉7܇uZ| [0^<*hI"9fK,0!dd_?'҉D!g ;+9S|D} $GRl vf=(dWwŊgLJ4[\}Ջo?yn yX[m!4\]LO/bFIFoԠe[z|&PjknۤT#>p_PZorH1RI$k_jU7\_ڇ @"$'؂x;gQdkh&DC YJ L"ͧ}ͥ TFBq\KKmAť^aJ>ɽ2 +#b,$H>>P@ʢ֫mXד? _C& .4uK}AשRi9L{jkX.__(1pZ9Pw/J|ߌ F><{ݿ8J;g6S`@5>O/? rKY ݓ. K FSvH,18v-Bf\]9l$GU/ L_8-2DZ/Vȗ=;/eq⦵oo"b>.W[MM+l߲k{ oc0te)Cg)Kx3$(\S؎`kawg3mM76fvZnv1~baV\\j EEBP$ 񘶈[ 82SFrnBS/֒P_C95fҨxPY@@i e_!GgƳRQ(/h7m;C+.&77F- ]DPEDe`R>%?{1iNN00#qJr:Jዾ( =`oLȶTQ#2h> JLbxzDKJ _s]:Af/Vbs^^=z[J%>;v  OMxG,f, 7M4#Lg>g[{/=E}Bߊ>5˦a~P% ^ xvS#/#Hzh>a\  -Ȍ.wkI;Ta?Z ~ EXʂ@؉9I8] PHF0ugDnvNɫw@&veN^]? %+M#KpsX^+N=s=bp54[X4ӭ  D_FE%B$oqeb 9~Tب;ZrilKaTT:EE̾(` ~gm!HǀZ/TMvT/T5zvf/킪4\jd^dӃWo(Sx=!9>g;kweK p~n VV+JΕOF:&c\I9|eL%O)d X:)o[d^K4C7dx3J%߼%%_/ ی(k4fCH/56AY0Dm?jvF 7qtp`D&7݃1Ҟyr8Jv4J>7'6XXO9;-9s=3^Ojz^2`cߦ7ϏԀMx:HPLVeL~>'ݫR[OyNZT925գH\)Uwj̈(tHh~ by*ЛO}& SX4nS1ρE4+WeS>(&TMI@ a yo`j f1aqd~ e^H]@?Ki&l~Uj!nFNC0w= <ы<")6Aa$^r^G!|ɠ6>@edffE&HO5O6KCEԮu(`qRĢ׶ u՚$yS|(!eI^΋f;GB]9$~V`ncb՞ZCoԡ߄I-EJ06p\̷8#cL2{ԯ m 4KR v4S2d0hucŅ:0/yZ$-rN<ѣ(bKjL8toniK׈0 Id@-ի }ヲ񇃝 0GC> MC)^rIɁs` [jIHq[t(؊ \cNKpa^9Vp[F-E(PQtvVPK\;[Q=) e:cXa/ִ9 oߴ}.\6Z/4qvQ1Y"scь/[5 _\Ai}ͯ*]Hb)ؕ"}H?ÉϱOL=m֛%Dz2(NӍ, ~a\w}d,[= Bp^Vô+⤫}M]*;xũ7eܣ$& O+%qAqw~ ygDUC'F~}p._&Gg/m [~FS#y2lbL1UY*sKK>_i0Kb GX%/dv(C"v1LZ;9HLO1Tved].1.Hh/52/Z\çE^ȑPͶ u`Sg,uZ3 R\ʼn@}ҏҝVO>|(&8,ba 5mY &APGv,ao #J;iߨLUHQ ҅m仢1ox@7g J Tbnp2Pb>;%}b>OCyxK8Jd6+,+U4 [ ÞɑG+qRh nqU2 }F5/`C~lm϶NdPH <1DCRD7,#LC$-&We 0VnNHF(_C~G.^|bj*iʥ (CP8j+^bH VA39k'(aJ {k ?$1AB[yZDQTYVEbãڜ<`H_ցCWډ7|%GH |gnC]BѮF wb&R]c ٤uF1)X?c;SuLri)c}bv-G%W'@#FB_S0CY! +rP l묈~ea-9D/.+ND=8>J8LczkV.pga$7(_0aeZ5NҾtVOaܜwM:7fKr4nG]zdTR2`K]koj[m0۱ $tblhM#R\wN_'r_M ~ !}@M.-2ZEMMzۼ 9+bm5mq\-eֵYP\2AtqtϮWiGIs>T/g&6w? kcFYo~ vNR2'ȣ|vxT76l̖IevrT* l,z1QWʃ3rJ00 % [bx\~Iz5E ,\ԯkڙmŕzE$q>"&`Wh v8+Nxayֆz, \:VuTs̑ֈc˺/t̆kh^D2$CwI!b/?$H(b8ŵsFrt DSU}H!O$գcC0Y8<I&QNoJ!X fp4j7l[{ N8ה1y25Kkam}# )[|d kga>Pի'EI>>2d QƳn7 bއRY8.6Ro9BgB i]S0bhAc(/]-wUšWvJ2v7{0rda7b3)mfZh.==ezehN{G#> ;)IXk):>;o@F( ԟ7"vΔ\]CM $BDZf*ɤU/lĤb8IK?GY5S8 ␮˥C@|M&iR4ܦQ0̱OLexN -Z97;,Pz"Rb".'wzʻ8:(k bsU&aTސTlK Nk8-oQgU+8(6V[=j!AQFM$wggG?$cu*B(fwQػODм-} _C1#b1Qqĭr;4'Ot%}GY$OTLq]%Ua*M?_eiũ8z66_RgK4YU!%ȤSI`#jR=R!f5Ơ#apnI}/Bj琹*sB#ƀ^`q݉I㇚IY-qyŸ4 GM! *&%R|e;X + XVi->IZ!E+[lqNMy%T&'E\S]O\dw>Rtc01.bʅ6f2dPRʮ|5Q%lꆃU<L5#T..="P lL7lo'2ag5d3j6 ! X#Ê(.[Iֵ2`ͯӿ,+|۩8f"X *ErX%o߯&UrxC-)(W)~0;:;W0g/ hʞWoξ_?ac?ϓ @i3J|hw8r` [ByগWso&grUki㋣Wwӫ?fzuz|yI^.wcqr, \ T kyaOuصޑ,9e9J%y wavm6[VL;Kp; Ԁ9HB.@G;=-!aߵK;?!5bZ=〡"Zmo8_A>bI۽n(q{Il@K$D*!%KNnQ69rK1 L`v;-Ef̷)~ƙU<[lLf}2L+N/Mz4EG@.N5%D"Q*xI*ܦw7t8 bG'Q"d4x`ڟ dz<*VPgxY{B:#8TT*gK nʊuH+u6R23kJ`*B8͸=MWV{Ry*-i\FQL';EH@QyWB2 uM&}6NXh:mI* ]Pq"0߲u\ aFPݞ1L^H В-MwbTD|t3jPC^5P4| 6SS3m⍽ҏ 1ړ6WiX\puIu2}!oȡ〆H9m2IZM(&ԬF POdF,=6`sGd %gNlLbiJF R2c-3\IQD=!7%<"]?K %OZ7ש{PU ٘ O qRc+HDJu'4mԼXIa_bQ$\f EQcS® $qF d#8\񓋟Wyݗ@V0] +_4k .ȴ"kpmzKGD&T(2/y(y5w(si%ҵ XW8CtE+iaiI!ZR>t- &x*¦Hofoon6BMxgE:#O:缞V+&Ä|T, ܃3-BIZޜ*}e\9Ś,v!ǟMrm ;An8+!>{8 6\aRc tOΝeG;ŨQuaQal%h%X%#ҫ/PUm ͞uF'p#k  хgd$:"vƄ#9|O+T0"uPx5Z$]>lHnownPűs <1qX]d&ؔY6[Μ){;g@>U⻩g\~t'䕃] w'w]C玟+/fCfxg0|#b{119rW_%K2XJmB7"}ѷPk>\wڷ;ڝ `;sW eZ\ ^9$E|`+>*;F*Ȝq 8NV*a_Z5'ցiXyA=hg?jK#T٦V/:yD*]@ռw(A6"٨:  G)];ngo ]lW_چY_p7EB,yؑsyh6tZ=tM,\!EɳBӢo:w+7~`׽*7Ws%(?+ڳH𵂱[]NC7/0;h9N/9lN34R^c !yE55  nT8_r] w?fpv׸ګQuZ(4C+ܼ4tQ&ŝ,K,C|Y"[[->G !Dn #h] ZT9Xt}4/dءTH/J㟸vX wOfa A7d0J9,}r ^YʵG%WyQ'ihugT!b 鰩Ju屷~w}*wDz 4~^?vȊB{ݙhzs?A%bաtqN/ǔZ4 ^'&%vG$ޜ|{Co#җO>_\@*m}SGW? ;au"]|<,7=Lԝx4!/SL^ROI~F:DȬtwY1+|EhPx RW6q؍ԧ{afjHW )oSds&E͂6+"%7,#MsCcnghw#N|u2Q}3q2_v~ܩ) 7&/<^=Pק?tr* -0 yt'Y9 A z(Td% Q+{qOj7+sOգrpz0_nf=_1y8Lh"zb܃/oz1GӁ;t0X^EPW͇֮eluH';־R߻*|i 5$ml؜\\Wv4'6"s6_}=#)4qFw2N"! 5_ti[ Aٹ/d$g]vx'ޏfŇhq=o{ײ܉gGyJ]팪-~]JW*yye2OL/߉Q,OZ$`HխJ[XVm֙2,jj2%,y%^ʘ !˵yŋߌt1\E4zFF%*D\+P=o"uc5vJA|mQĶ,nu(LEI)s+An[QQ b%?~ݾQen =Ϧcl؄z!YNMrhۢ6(Q@ovy2LLd%ٍ4+ѹL:'0KMUMK:q$R` F=h/E,sTnD`FfY)Rv+a*tD˝88-? pUQ)+j+nQEe4UIfNnSj򯡘5TrUB%>8+^rF응aݕNRnW[YP&R uMw:MIR בa!us:(n{Yy1@B5l]~607~p}o(XYF}T:g0$r|/Kt ,i׻Opp|r1Z啼C,I: -2I'mݝJwri󍺗 ;K/#0u9Y %=qpU>m AV,! Ke)T=tF*:CG{:]i&rpCrݯ\7ƶlg;y`6?H[ bl7 m$$]ay"/| pb{?D)N lLe-BHҟOL|lz'˄ KrYި]7,} S-MDF)6>NFsP]Mζ,AqRA%Pru XE$\k+ 0Q $ЬŔV^ÎKxMJ dnc7T*]$1Z^4)ALΪFK 1?xou(ylKIwq=u-q!.77ͧy-Uً~S^L]vrՋsI|dtȡJ n?X Lag=klO>`DZ~V\Yװ>x)R,>4¤7x⨦C~bOl2UC;2Rv*1vDNa-nXH=K]N}*[3;0KON7]`2!*g+Wx72Kgꩆ8:|;2j?|׭n6tz s Y*#&ӊ:~t ;.c+S I[-*N*ˢ f!]tMIx6z,jij,y=/ iRo|XbS-y[ˁlSlv5*؞M?1jQwN·!xBh 8ѣYp^4Fu\0I*Wom2ةB%$N0o}yiPX]sF"/IYz91+]W:034@ɉPl-}q0X1uנstVhl!F!enMzdĀ7d*aB>/,~ z R6%O R~LujL3~?69loYj ޖ=5p .AH,6sk'n 7E[glFJ:o̢mZU"dh'6v9WMx;Xc=$`d [?>Ll9`ֽLz`h0KwkGNe6 =I1E]U[8\ @#ٟp>ٰY(}fq2hoٱ ?S>P ',<q|4b0+~`jIn7oͤwޮ\}qu<=ϥ1<~.iM=2:};%x tv@_?G*dՉkK8Glp2|N 6`Ew>-gW|f4-0/!1PN%hJTFrہPF#_D@,ڡ>ڐ|+j);-I)񀝅\jӲ } sG:^Oi|z|oJ@p(~lMk ΁`a3 0QlK;PQo_akyÏ1_f:{u[M?$(sHnyX|q34 iO~?||XlN[6'= -\qf uz4 LBiC1q]͞V=g7]60 S;)Xȁܛdq{Npی?`@l_Vgahth>hkn [*X aRzW05-J6m{#a^E=S+gNn{qϹSK+9M!~URC;JI'Q3 `d6UgT5vCnk~1#Me( (i,t󰹕toI#P摽Rot=`Ds^q^*"er`^'rO;L_S0X|20n]כJ|< qx@kAwԦsl-Ͽ5lpE ݚ;DƁ.G>ײs5Yjae)jZb@xq5L2l&׳d>FG#qv1pLE ~SU[ӵ;Þ .6Ёӻc 6߰;}7]ў*M^#,Y+3tKɿO|es 6o7T YZ