������wpa_supplicant-gui-2.9-150000.4.36.1��������������������������������������������������������������<���>�������,���������������������������������������������������ĉ�����b�~p9|��q�)z' ZC:JZ��z�KT1${� N!����m:Hm z~�sf}q�oՂҰw��;GCKPA3��,)E�#_\BI2cX;�ÇV�YI+�rԬX8jTBNX��w4�ܘ* �lD
OvwO o%U!)�4Tʖ]e�YE3FB?A{�YH0o'*WStgn/�g*a4����>��������������������>������?�������������d��������������������������������������������������������������� ���'���������� ���J������������������������������������������������������������������������������������
��������������,���������� ���B��������������N��������������k��������������q���������������x���������������������� ��������������
���������������������������������������������
���������������������������������������&���������������0���������������\���������������d����������������������������������������������������(��������������8����������(���9�������\���(���:������ ���(���F������:�������G������P�������H������X�������I������`�������X������d�������Y������l�������\�������������]�������������^�������������b�������������c������v�������d�������������e�������������f�������������l��������������u��������������v��������������w������@�������x������H�������y������P�������z��������������������������������������������������������������C�wpa_supplicant-gui�2.9�150000.4.36.1�WPA supplicant graphical front-end�This package contains a graphical front-end to wpa_supplicant, an
implementation of the WPA Supplicant component.�b�~s390zl31�����
\SUSE Linux Enterprise 15�SUSE LLC �BSD-3-Clause AND GPL-2.0-or-later�https://www.suse.com/�Unspecified�https://w1.fi/wpa_supplicant�linux�s390x���
`���큤����b�{b�wd9b6e468a60b2bdbb385749fe3f603679558a98d7debde1d14a752fe66ba7e40�b88d2e4686481dd240f44e052421fe8e627beb64bf43df1bcf595ea8d4664b37�����������root�root�root�root�wpa_supplicant-2.9-150000.4.36.1.src.rpm����wpa_supplicant-gui�wpa_supplicant-gui(s390-64)����@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@����
���
���
���
����libQt5Core.so.5()(64bit)�libQt5Core.so.5(Qt_5)(64bit)�libQt5Gui.so.5()(64bit)�libQt5Gui.so.5(Qt_5)(64bit)�libQt5Widgets.so.5()(64bit)�libQt5Widgets.so.5(Qt_5)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.15)(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.2)(64bit)�libc.so.6(GLIBC_2.4)(64bit)�libgcc_s.so.1()(64bit)�libgcc_s.so.1(GCC_3.0)(64bit)�libpthread.so.0()(64bit)�libpthread.so.0(GLIBC_2.2)(64bit)�libstdc++.so.6()(64bit)�libstdc++.so.6(CXXABI_1.3)(64bit)�libstdc++.so.6(CXXABI_1.3.9)(64bit)�libstdc++.so.6(GLIBCXX_3.4)(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�wpa_supplicant��������������������3.0.4-1�4.6.0-1�4.0-1�5.2-1��4.14.1����b@b�@`lM@`?z@`:4@`�_|\@_i@_i@^@^@^|@^|@^Y�]�]>[<@[[ā@[[;@[@[QY@X@X]�W@VU@VŲ@V`V=@UKSUCjU8U'@U�/@TBV@cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�sp1ritCS@protonmail.com�cfamullaconrad@suse.com�songchuan.kang@suse.com�cfamullaconrad@suse.com�bwiedemann@suse.com�cfamullaconrad@suse.com�ilya@ilya.pp.ua�tchvatal@suse.com�tchvatal@suse.com�ilya@ilya.pp.ua�ilya@ilya.pp.ua�kbabioch@suse.com�ro@suse.de�kbabioch@suse.com�kbabioch@suse.com�kbabioch@suse.com�ro@suse.de�meissner@suse.com�obs@botter.cc�dwaas@suse.com�meissner@suse.com�tchvatal@suse.com�lnussel@suse.de�crrodriguez@opensuse.org�crrodriguez@opensuse.org�crrodriguez@opensuse.org�lnussel@suse.de�michael@stroeder.com�ro@suse.de�zaitor@opensuse.org�crrodriguez@opensuse.org�stefan.bruens@rwth-aachen.de�stefan.bruens@rwth-aachen.de�stefan.bruens@rwth-aachen.de�- Enable WPA3-Enterprise (SuiteB-192) support.�- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch,
CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch
SAE/EAP-pwd side-channel attack update 2
(CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733)�- Add CVE-2021-30004.patch -- forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
(bsc#1184348)�- Fix systemd device ready dependencies in wpa_supplicant@.service file.
(see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)�- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability
(bsc#1182805)�- Add CVE-2021-0326.patch -- P2P group information processing vulnerability
(bsc#1181777)�- Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size
(https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjamin@sipsolutions.net/)�- Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build�- Enable SAE support(jsc#SLE-14992).�- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass
(bsc#1150934)�- Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920)
- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)�- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)�- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (boo#1166933)�- Adjust the service to start after network.target wrt bsc#1165266�- Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- Drop merged patches:
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
* wpa_supplicant-bnc-1099835-fix-private-key-password.patch
* wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
* wpa_supplicant-log-file-permission.patch
* wpa_supplicant-log-file-cloexec.patch
* wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
* wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
- Rebase patches:
* wpa_supplicant-getrandom.patch�- Refresh spec-file via spec-cleaner and manual optimizations.
* Change URL and Source0 to actual project homepage.
* Remove macro %{?systemd_requires} and rm (not needed).
* Add %autopatch macro.
* Add %make_build macro.
- Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1).
- Changed service-files for start after network (systemd-networkd).�- Refresh spec-file: add %license tag.�- Renamed patches:
- wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch
- wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch
- wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag
- Enabled timestamps in log files (bsc#1080798)�- compile eapol_test binary to allow testing via radius proxy and server
(note: this does not match CONFIG_EAPOL_TEST which sets -Werror
and activates an assert call inside the code of wpa_supplicant)
(bsc#1111873), (fate#326725)
- add patch to fix wrong operator precedence in ieee802_11.c
wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
- add patch to avoid redefinition of __bitwise macro
wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch�- Added wpa-supplicant-log-file-permission.patch: Fixes the default file
permissions of the debug log file to more sane values, i.e. it is no longer
world-readable (bsc#1098854).
- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with
O_CLOEXEC, which will prevent file descriptor leaking to child processes
(bsc#1098854).�- Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch:
Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).�- Enabled PWD as EAP method. This allows for password-based authentication,
which is easier to setup than most of the other methods, and is used by the
Eduroam network (bsc#1109209).�- add two patches from upstream to fix reading private key
passwords from the configuration file (bsc#1099835)
- add patch for git 89971d8b1e328a2f79699c953625d1671fd40384
wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
- add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f
wpa_supplicant-bnc-1099835-fix-private-key-password.patch�- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
- rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
- rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
- rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
- rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
- rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
- rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
- rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
- rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch�- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match
eloop_signal_handler type (needed to build eapol_test via config)�- Added .service files that accept interfaces as %i arguments so it's possible
to call the daemon with:
"systemctl start wpa_supplicant@$INTERFACE_NAME.service"
(like openvpn for example)�- updated to 2.6 / 2016-10-02
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]= in "BSS " command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid= argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth= and
autheap= values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
- wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff: dump x509
certificates from remote radius server in debug mode in WPA-EAP.�- Remove support for <12.3 as we are unresolvable there anyway
- Use qt5 on 13.2 if someone pulls this package in
- Convert to pkgconfig dependencies over the devel pkgs
- Use the %qmake5 macro to build the qt5 gui�- add After=dbus.service to prevent too early shutdown (bnc#963652)�- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination
with CONFIG_DBUS=yes.�- spec: Compile the GUI against QT5 in 13.2 and later.�- Previous update did not include version 2.5 tarball
or changed the version number in spec, only the changelog
and removed patches.
- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable·
random number generator by using /dev/urandom, no need to
keep an internal random number pool which draws entropy from
/dev/random.
- config: prefer using epoll(7) instead of select(2)
by setting CONFIG_ELOOP_EPOLL=y
- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2)
system call to collect entropy. if it is not present disable
buffering when reading /dev/urandom, otherwise each os_get_random()
call will request BUFSIZ of entropy instead of the few needed bytes.�- add aliases for both provided dbus names to avoid systemd stopping the
service when switching runlevels (boo#966535)�- removed obsolete security patches:
* 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
* 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
* 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
* 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
* wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
* 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
* 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
* 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
* 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- Update to upstream release 2.5
* fixed P2P validation of SSID element length before copying it
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/] (CVE-2015-8041)
* nl80211:
- added VHT configuration for IBSS
- fixed vendor command handling to check OUI properly
- allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
- optimize scan frequencies list when re-joining a persistent group
- fixed number of sequences with nl80211 P2P Device interface
- added operating class 125 for P2P use cases (this allows 5 GHz
channels 161 and 169 to be used if they are enabled in the current
regulatory domain)
- number of fixes to P2PS functionality
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
- extended support for preferred channel listing
* D-Bus:
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
- fixed PresenceRequest to use group interface
- added new signals: FindStopped, WPS pbc-overlap,
GroupFormationFailure, WPS timeout, InvitationReceived
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
- added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
command (optional "ssid " arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
(phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes�- added patch for bnc#930077 CVE-2015-4141
0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
- added patch for bnc#930078 CVE-2015-4142
0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
- added patches for bnc#930079 CVE-2015-4143
0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch�- Add wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
Fix Segmentation fault in wpa_supplicant. Patch taken from
upstream master git (arch#44740).�- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
Fix CVE-2015-1863, memcpy overflow.
- wpa_supplicant-alloc_size.patch: annotate two wrappers
with attribute alloc_size, which may help warning us of
bugs such as the above.�- Delete wpa_priv and eapol_test man pages, these are disabled in config
- Move wpa_gui man page to gui package�- Update to 2.4
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)
* fixed number of small issues based on hwsim test case failures and
static analyzer reports
* P2P:
- add new=<0/1> flag to P2P-DEVICE-FOUND events
- add passive channels in invitation response from P2P Client
- enable nl80211 P2P_DEVICE support by default
- fix regresssion in disallow_freq preventing search on social
channels
- fix regressions in P2P SD query processing
- try to re-invite with social operating channel if no common channels
in invitation
- allow cross connection on parent interface (this fixes number of
use cases with nl80211)
- add support for P2P services (P2PS)
- add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
be configured
* increase postponing of EAPOL-Start by one second with AP/GO that
supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
of identity frames)
* add support for PMKSA caching with SAE
* add support for control mesh BSS (IEEE 802.11s) operations
* fixed number of issues with D-Bus P2P commands
* fixed regression in ap_scan=2 special case for WPS
* fixed macsec_validate configuration
* add a workaround for incorrectly behaving APs that try to use
EAPOL-Key descriptor version 3 when the station supports PMF even if
PMF is not enabled on the AP
* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
of disabling these can be configured to work around issues with broken
servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
* add support for Suite B (128-bit and 192-bit level) key management and
cipher suites
* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
* improved BSS Transition Management processing
* add support for neighbor report
* add support for link measurement
* fixed expiration of BSS entry with all-zeros BSSID
* add optional LAST_ID=x argument to LIST_NETWORK to allow all
configured networks to be listed even with huge number of network
profiles
* add support for EAP Re-Authentication Protocol (ERP)
* fixed EAP-IKEv2 fragmentation reassembly
* improved PKCS#11 configuration for OpenSSL
* set stdout to be line-buffered
* add TDLS channel switch configuration
* add support for MAC address randomization in scans with nl80211
* enable HT for IBSS if supported by the driver
* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
* add support for domain_suffix_match with GnuTLS
* add OCSP stapling client support with GnuTLS
* include peer certificate in EAP events even without a separate probe
operation; old behavior can be restored with cert_in_cb=0
* add peer ceritficate alt subject name to EAP events
(CTRL-EVENT-EAP-PEER-ALT)
* add domain_match network profile parameter (similar to
domain_suffix_match, but full match is required)
* enable AP/GO mode HT Tx STBC automatically based on driver support
* add ANQP-QUERY-DONE event to provide information on ANQP parsing
status
* allow passive scanning to be forced with passive_scan=1
* add a workaround for Linux packet socket behavior when interface is in
bridge
* increase 5 GHz band preference in BSS selection (estimate SNR, if info
not available from driver; estimate maximum throughput based on common
HT/VHT/specific TX rate support)
* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
implement Interworking network selection behavior in upper layers
software components
* add optional reassoc_same_bss_optim=1 (disabled by default)
optimization to avoid unnecessary Authentication frame exchange
* extend TDLS frame padding workaround to cover all packets
* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
module gets removed and reloaded without restarting wpa_supplicant
* allow hostapd DFS implementation to be used in wpa_supplicant AP mode�- Update to 2.3
* fixed number of minor issues identified in static analyzer warnings
* fixed wfd_dev_info to be more careful and not read beyond the buffer
when parsing invalid information for P2P-DEVICE-FOUND
* extended P2P and GAS query operations to support drivers that have
maximum remain-on-channel time below 1000 ms (500 ms is the current
minimum supported value)
* added p2p_search_delay parameter to make the default p2p_find delay
configurable
* improved P2P operating channel selection for various multi-channel
concurrency cases
* fixed some TDLS failure cases to clean up driver state
* fixed dynamic interface addition cases with nl80211 to avoid adding
ifindex values to incorrect interface to skip foreign interface events
properly
* added TDLS workaround for some APs that may add extra data to the
end of a short frame
* fixed EAP-AKA' message parser with multiple AT_KDF attributes
* added configuration option (p2p_passphrase_len) to allow longer
passphrases to be generated for P2P groups
* fixed IBSS channel configuration in some corner cases
* improved HT/VHT/QoS parameter setup for TDLS
* modified D-Bus interface for P2P peers/groups
* started to use constant time comparison for various password and hash
values to reduce possibility of any externally measurable timing
differences
* extended explicit clearing of freed memory and expired keys to avoid
keeping private data in memory longer than necessary
* added optional scan_id parameter to the SCAN command to allow manual
scan requests for active scans for specific configured SSIDs
* fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
* added option to set Hotspot 2.0 Rel 2 update_identifier in network
configuration to support external configuration
* modified Android PNO functionality to send Probe Request frames only
for hidden SSIDs (based on scan_ssid=1)
* added generic mechanism for adding vendor elements into frames at
runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
* added fields to show unrecognized vendor elements in P2P_PEER
* removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
MS-CHAP2-Success is required to be present regardless of
eap_workaround configuration
* modified EAP fast session resumption to allow results to be used only
with the same network block that generated them
* extended freq_list configuration to apply for sched_scan as well as
normal scan
* modified WPS to merge mixed-WPA/WPA2 credentials from a single session
* fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
removed from a bridge
* fixed number of small P2P issues to make negotiations more robust in
corner cases
* added experimental support for using temporary, random local MAC
address (mac_addr and preassoc_mac_addr parameters); this is disabled
by default (i.e., previous behavior of using permanent address is
maintained if configuration is not changed)
* added D-Bus interface for setting/clearing WFD IEs
* fixed TDLS AID configuration for VHT
* modified -m configuration file to be used only for the P2P
non-netdev management device and do not load this for the default
station interface or load the station interface configuration for
the P2P management interface
* fixed external MAC address changes while wpa_supplicant is running
* started to enable HT (if supported by the driver) for IBSS
* fixed wpa_cli action script execution to use more robust mechanism
(CVE-2014-3686)�s390zl31 1654850942�������������������������������2.9-150000.4.36.1�2.9-150000.4.36.1���������wpa_gui�wpa_gui.8.gz�/usr/sbin/�/usr/share/man/man8/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:24619/SUSE_SLE-15_Update/115db8ea68d41b7b073ab75c067eea19-wpa_supplicant.SUSE_SLE-15_Update�drpm�xz�5�s390x-suse-linux�����������ELF 64-bit MSB shared object, IBM S/390, version 1 (GNU/Linux), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=c063de03da0b9b96698a66ed22330dd3274dd7bd, for GNU/Linux 3.2.0, stripped�troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)��������������������R���R���R���R���R���R���R���R���R���R��
R�� R���R���R���R���R��
R���R���R���頢h�累
^�����utf-8�da95d52a97ce04e21ac1511f28559af32e496802c4341be0b9b1b15b5288680f���������?���� ����7zXZ��
���!�����t/{]�"��k%{m{#rD~d �t�G�Jf͚tv�C�n9AdF
/htrl+
d^
n�-I}
i\v5t%yuT^:1`�]31�oSib*PbſO§��j
pl>C }J�W�V5zt��MO*2~�{='��E���,CO�_Ǵʙ
�d7�uwW+z�Q��~ϳe��t EdΣpy;Zh�)S, [g,
&����4?|EaM@l>}@$ZҦ~GG쾏!bM�t�T�ɨ�6ΐ�{`�U!)ћ?gZڽ�ЩH!rV d*,'�fvgQ iJS1�P�nH16%��<",M2/,C�28(&^Lrտn[�^� KU"!Җ��*}$�s8kr3f���Pl���M*?.1k6}qF2I4@rOش~�pT}|[�*p7h55a/�1��g?}|Dt͍<���y�'n{�+�k�T(t^cՏfkP.T$�x0::�*�+9-):ШV.�R�8)XBt='-ض9<ī�j⏳#�tIxo߄|4:ҷ�� �>/l�h.L�||?�;'&t���q�Spd^!��mzI]�gCp�@FA`�2P2�0���6D͗>\� �1T*(^9�
sW-8�jM'fZYKDP,K2�|��{%qgQ|I�a7-pk�Ʈm�t�[�|Lovzr@~[ib�`-�u1Lɧ�/YMUx?Ɉ�4a\P�P*3(>��*�Tva`w$.���s|���0�c�HWyLobƳ4a"�5(9Q�ikzi[Q&4`_�Nhė�~`qJUX��8V�z�3� L;�Y0]m[�&�7OJX~j�Z�(պp(�3�n2�\''�@=8��#r7!/f学ޭ( �wIə�]c!z_LUla5bO/N}�֗|D{����{ME3S9vg\E�xJtc۳< 1x�Ԩ(@�L�O#7J:n@�Ҍk�bwஜBǏ]�j�BwpʠoTX�n�?2*U�1m ϖm-
Ԯ�F 7z}_:|L|d��5ՒqSɑ346���]\0�r�}AZMӦU
[X@XG�e[%cث|�tu@qim+˕k!S\
m�@9B�@_V.�kϢ��Pqx9p��dKPSNY&Ɂ*�kf`�ASy�WI
wG)|dOHg:ˌT���z+#�_^�inuVZxI$Gx~uZ����6xtAWg�퉃T&�.��*�.%PtW=uFF��G(kۢMjn` ��+51Rp5~p�)w%�L|<[Cy
ӽe�s��xx<�S
:s*y�]
ĭa3~�+�/GOR6�R:��A`;,>9ڤi\3.j�*VAͅeU
GuR:&)ù41+؛0*U
~Lv�K4_>nEn@f:rzf�i6<60˹\u�*X,ܰv%5M��E
i\57J&]N�qۮw{jmf}<�[OsA* 4'>۾LhZyhB`G]N7�9?�)zƥG(��;!��]Bҥ�&5B��E��)St�v�| �
I�}ZU#ch�e�5⦝L�]NR>mx)Jm4*�j'w\L�yy�fo
~�GtO5�OgKKUD{,Y��g���p}c*ڔ�
�DO�3Ek�U��W$��)m.9S� 3QIͽJu$?QMM$ô]
�HZ1jYP*>k�|.�f_;UtlchVu?
>S4@��$w#�? 6�!kެSO�C2BZ^r5Xgl7��%W'+!qww8qjVa^Nb���/ԎyjL_}@CD<�ǣz�&DO%P^}w m �ZHRV].m>uZ b6<81#�\:dBC(]z]�^\a!1N�b�-Qo(۱+�_�fs
7�v��> lHD6�8 KCې($-LPB5>�Cio��D�6'W3G3̡�lw(uo*1#,b5n8X]
O�O,e�_S��mh;!>E�9
)��S?L�(��q��P�7'�ZE_h+sv5�[�I�&9� �x:\qSETGNv%
ITݮ?EDϪb)=ѣuf�専V��qA_ Ry�~�Y�G���cŝ%.a� հ,žW0n��kޏn��[kr)4X^�4�fO�.j�|I7h.e-0(uF84w0�qם�\�Je`��, cW�=+U��&Vx5Ӹ=;���
JŸ��;шt^k<�j�fZ7t�M>!QqhX�h�ۛw?xgEZS�S
I�(_ߥo�⚫�� $C~!���fe9C0u�Q?�kٞSG�Í�-}#s!�ye�
�{!e�Y]4J�u�(o$l1��}TӮ6rZt5���Xۊl�N�1L�1Jc�w�s3C�=ʲ~=JCK m7
�-k-��;)´ſ�
��ݙ9�O�,i�3� ��Y)>01�^H8FHi�Ex0�H*8p hu`aˢKu8V`)cɃ5QK;s'37�QOU�,u�?cP
X�bg6�gHkDF wwZ<lІ�L�5~Yh;l�oƩ5=ƶ�FA�
�G��ZS-M@%�ݍf�h?qxR0ߥF7Pkq�-=jؘ%k �Z�{g}3c9"6�\tIӵ]s7B{ M���w˕2 ���$d,0�ap�Yic'�Q��6BՎj�ˎli(�"X(=|�Et^5jiq=\��I�^�1P!iy6�]r1H�{ԫILCc]�7A}`�2:�YޓG0ZC8� n7�[q#)�Q�؎fi!(�5Иp�OYm@�%�J+B|�ٔ�dS2;�bA�Lr�6+I2~'=XLN؆9#I5 eQ&�5FVd얷N�Lap\:Տ��R�2W LhZ�nYŨͬ
?��>q�-�N��N�v*��nb��o}fTi��;3=�7�^
3
m�L.==pӥmqh��j��*[lL&��) Ti���ۅ֗0m8��)Qd(|O*'i9Q{Ѻ��![�:�۽$?{JD4,y,�{MrjqJQh^D,ekEr0�2K���]5(T��S��ӌ�K%c�1t.݈i\XGVv|�oʢy��T�@g SW-:��Qxr�QV)�4�.o�1τ�_̩X�*|�__y+"8uG@dYpajvK;.kwZ
�3p�vߵmA`gCrN50ƃ=��-+*'L(ha�Ig۫.si7:T�iaI�R3-�O ��S(0z�ݗ*;�.k:@:D'ξŊ|xMC;���畕*��/3�Jkf'"ݽB\=9ضBWm@�at N+6IpH:m^�#8|uBŇ��'W:sQvfN=,�s4��XJ&ژ�R]��.�4gwc�7O6T��n���d(=Z(C]Mz�SUsˊ&y{ӆ]U&e�)e��AW� bB̬́�lq_I��^F"�CE99`�wb�@iY�d��$5ۛf�9Gp>"� 튙is$\�!@CqW
h�urwH-<
�bSqzQN sI+@#ニ�-e�2b1d(�uy?'�Y�;*44n��.|�̜U�>}nTq)}P#��'kD�^ùa_��]�YC��sf\%s=%��%�.[K}B
�~MH�eN��p�L
/qax9v�hTڔx�Ywp7N�QI{��:K#9eきE�9zF��~a6#$C��њO�JER)�-.Zod�l`Ta�e8l^K»VNւo�|^}����:ȯZ�2J�&��8�ovMi�k]K�X-S"vYxM9S<�űSQ� K(3,Zף�Bb4�UiKZ�2ercl�h��l~KR�2t.�\
='�$�Py;9�7haTseξv>Ljfp-W��2^S~D��M끘
î(�UEd˘75܂c\B&aq�]WhuV�O�&R@ch=lG )[B��|Bx�Iu"sA�q�B(j����J�_w0�O^�~@r>Lʊj?
��-F�V�e[P*�.V+ݒYKaL&لU`qt+�/rhS>+2ǃ�wղF=qEH�1! W�Z(~}i,s,,l?�Ѵ�'ح06 �T�ܤ��3Q~(=�ѕ¸yir~#DtImw�lQ�7���+��#�`琍�1N�A��o!*cf2b|s�E9�Jʒ(�jB$>ٮvH"r�B��~�T����T�Ø)�Փ�j`v�0Q"�l��,a�Zpz#dBdנn9ؽV9��s,\ �C �:*3k�WoT�q:=4k�Q�cT
�̞ͩڑm5S��Ru='��z�& 1jBs�I�9���AYVI#vyQx~)pH,�:�F�ĮT~\�Qَ_�1>#�F+2P_�)<9�Ǔl8$�2���.w2WCZ?�.-|=<ʼ
IyǡI3�٥ͤT:*��h}��7Jb.]�h߬�$.V+7nfL8:Ks$Î�#J�|�o�3><�&rd䱥)݃٘@U�~t�rTt笞4
/,Y Z˗ߝvoI��BV�uק´,؎#H�+�hro6Y�nc�q�䂶~\Fl6��aS s�c
GXv�J2�?ym�_
WL;4N$ݱ-���.�b�*U1K�h�4�`Bw�O>`ʂ��g9�+-V�+%TO�dMcOs?�;Y�p�F�$N�p=>4K\�EH*k䪛$p+�ЂV �zPg?D;]=
ṁ�~?Hϔ:N/(��<�o��DV)6�BiWX#}j��[�HM!n:uqJN=xV`7^E
:=)�$�ݧ�1�M f&)�FRP�70E��fɸfM(Zw֓~MT\�{"0$*0PO�O
w�g2N�)?v Fn�X1Ffz��`:q�NN�/J,#-dT�̧|VHϹM�+1`��%����tNŎi�{*HIlC!�xc�O@P@ȊXR2-|Wrt{�XZa�HMj�Hs}3ڰ5ƶ�r��M��K 'I!Ja5I�t��l6l~vB:ѽ�y"`ϓN�[sݰ<3Ώ�u]u�AHCZ���H�*kd�.���?iMap�TlA-QO�VBS7cv ̓�/Kofp+-S0�QN$w�lӛ�j#2Eq''0*h=L┤9ηA�(hj�kN���uk�NWթ̲"��hY.6]2%y8IY3۲�/{�"U;z)5ڜ���:O8%.~��xE\1 gfTͺQW�|l)�{�;�D*xyNۨ7pӽ�#��[t|a@b/�
Ǐ�Ȃ\xmAywgB^
F�8@:Ti
{N9x�%%&v�JZ��ZI࿉OxRBYt"M�aYt#+!&XUy�
���TST�4��3�k��j5K�OdJ� ?"N�kdn*7�RL1L?雜b7o_i 3��䲹�Y�+7q&Xk�q�c��<#w]�i<�h�r_�G7-J::OP@�&'>?'{0Z#txd}�2�Ag�x.�gw%LB_OkZ�_J�=dߎ'Y'ih�ܵc��䘿y橸tGd���/ďq]�\XJك6YVeY[ᰜ��K4eT.1H�;?6�u�tE7�7821b5_}0[oq,C6m�7ҋ
w52zmO)2H���NHO$HWDK&+�(vWl@RPM"&A1?*>�h[�]IH p���VIxўmP^4qfA�W@7jRR�O 3Ň9xl{m�5�S�pfQ1K&2mbH R=(=B2N
ƈ�[On)M�#~kk%Q'�4_g�an:1�-�nLDZFREv�?���~yQ(pJ��-T�P�U_|}~Hdqkw�Ͽ�$�5Y#@2ډ!l�n�p2k-�:lᢶ5�G�dԫkKQ��z��eژrRl+L��}/(:Q|L�]`z_AMj"o8�/J^"Eȧ^[\u�RN/�FO"�D~GU;+DQ��6/#cXP+`ِ|S,<�sZxǬE�k�KS,CJNH2fFTJg�Ҟr��ou)
?�Wjto�w�(~2,^+l�ԛ]�4QCm2G�T�
ܷn95,{YU�c/:�K%ybA"SMN&W�k'&�RB�oY*��ʛ2l�y1q#'Y[
1�_3� `�S?+zB!(ILJ�KV�rY;ahíeH�KΒ\~@�N|ܩ~e��wli^9!,ت�fYO��`Z1U>^bjI6DW�^S?�wڛ�}�3ކ)y"��'X^7�y*o��־/ LGO@�EC�8�^ŵ�IFg`Cfb&�I"#zܾZbt`$g*N��5]nֺwI�uȰ`zͷ<
�5g=
�]ޑ',طr<^ֲ/n=H;rPmt3W�9�2y銊'KX�jض)ʆ�6OȨjZi@"V"��P�3cq_-XiyEN`�Z`yf_�,N�S6c#�~/�m^6z9
KK~%*�f̬/6B{?ɵ"SW3lkJ�14�[=�I��QPj#�笎}"]��yY��~w�HBS
vʝoeӉ%$
ž!ܴr6[w?�x�uIi�wff[]!
<ͮP^Z3րBXAr؈@; ~qt�R$R�jb��{%%
ܒۚV-�/BBE��q'Fc�^�#Uq�#"b�FI�(۟�т�ogb�%v]�p4�/�[oE2@��'W��;0O]ڄ�?Ο\$�0|G�)]QkBRY�Ent�e|a�oɁ:0�YT_ٗNa�H`2�=9�UQOƴ8tuuSx�B;�ċm7�c\wx�V>@* u3±\?S-b1�1-fs'it!$�V4
J1L�t��y ��u�7d��z�\�zbʹk�n�&h�Z�>?
8rnv[0�QF=5IV73ӧ ՉF=ËZT[1��Kau|&;{[��u:uyw']>AqV~�F?�) ^
]o?H84.��5]P_��gyEV�x5&mCltť��)�)apjS�ϡo�NLSI��R1t|#QB&��76[J-P��DZF[asB8.dtB]u~HL瘥,Z�yP:Bjq5V�"i�58숿VZ̚���RZ`�k3(]~�L��9ԝ"Z��fN0:0`�@atI?l�43&��=����:��C(ߜ'�+ �&�'\i9`m�}e[(sϚ���7MCݚ�*X5A�w�xZQNyoȡ�P˾}?́;�cn]wps&;�7Q%
Y=�l
���+�Umn/LXCX�u�\?|įXK#��h��
D�G]5N`d�ۀe:=\-_0&�8nTU�zJ1:؍n?�h.�Yrtuqg�;&W �ɿ?OF!1��d�g�*˦dhU%GllPfE���67"�٥չ�^p6�8�L2/㠉�r:%K^;VbC�FB��>�2����ے�d(1U�y�͍uSVބ�i{k^uutRܚBc,^)&h�Q�8h��Ut,fO(
�z(Z]pL�i`n�pTϓ�ǻ ��8,ca���e�%T��Vᕕ�zy3[_q(I[a/Ձ#�s�/!�
ɓLe�r���?�X !sgWe8;s��}a"[S
S�n~��-&�\9m�d9_G
M«i�2hL�4A}DG3j}$~hmi�@ �]S;J:lWW_�c29]J��)_q:1Ti�Ed5_QAX�E h1��PlQjp.joE>��f��R�ږ'�ݽtΣ�I�"*wټ�^t��$-gܲ<�Mk()Ϻ_>u8�@Q|8aK{M(��xTgP(0{L�Kb�;�P��Rϟ՛ʵh^dG)V3OךkR�PVX�m��o�CRn*Z'Vh���2�I�K=-G}vsJc@�3k&Ł�{]
9t�Tѫ� 6e&2YB�)`SD9s}�|T9�F{G(m�̏)=V�d`�� DJh �{y]�Q)�b-33:ipƣ.0B�C{;4 S)s�s]beJ?
|]:}|`�J >^9��IxLR�~
�աкVE�X'R�N\wvn3F#�?2W*`aeUi
/�`�ޤ<�
l>1T��J�wW0+
Ed0.5 �zOK�+ȟ7�n;�_z�f".(w�qP:j$)U͗n��܉dJ �1+OIK=; _)aΪKm\z5rs�y=�X��
~[�y`%x�Oh$�k�9�%$shM4|GMv+ct2_禁;.vg%-3#qrHG�/^�_w���oMN,PC�ELT3�ni�Ϯ}���@�f�;�W�R.�EwOq���,:m+"Q��"�h!nEN�m45�T,C.y�Ʊ K g֝ �M�,Dcr�\�6J_F�H ID9✝W"V%�3u4��25ߡC&�+SӟX�UW��I۫H�8XhS@`Z[^IpDؾ� �kH/�f=NQ+5z�vV�A��c)�t
?e`���o[�H�.�u3R�,�8�+
[_6.zpgLZvTV�-Cnq�'P�qc�y�ީ�6�ErV��mhga)ޫ�vd�4��
���{��Ct|iz�;ů
�f@]+��hߨa]�U_(#�,uV�̰��L-9Uou*YL�ڋoɮLgW�yf
�(�$�$D��AO#nFRN'�^iE]!9 >92�+Id0;[��w=z]'0*+5ߛw�.�#�Y ��)�g�8#��>�Hi�̹a�~q�d4V`OA�{j iD��%�Èj.4�g@1��^`b�HOg�K<ܘ2S��QŹS{ckif~7VM&i~c�QX�YJ=$��BsE�ǝס.tRUfm¾
ꖠ�xBR���&�.j
V ߅gt``l
� �v=Ec�ךy��]vIջ�ċ<ڄWHs=i^2Q?%P"0Ck�?~"�)7[b [0Df�a#A�c��ĖǴ.�7d�2�'�2[ȐM���S&Vյǟ�Awär)Goqqۻ�-a1V�ݨ7M_j0�Gl�o/
hHn@o9�b�dܚ�`@
F̒ܯbυt2]l48sz
�,Du:\��w�%#Mzs_�y[q�{QOH�T��>2�4�2;@�Q�z�>2p)*WPvvJ\Ȑ{�1*<:6�=�$]D2�+5KzMqFwn)m�`X}nG!e�#E9�.u h
0�=�rxJ`_v�~ �M&7fE�bF�y!g?�&�3\��UcJw���H;b+6Y40=�IpS�Ŧڌ��EQi��zђ+QW�8IRHq'�4p.{2<|��Clk5*ª{#w:hz"d0�m'S@G1)a;CB-pZߒ\ecpb_!ڥA�mn�8�֖Lq>ɶ�ׅb�l�25���A�oDUFl�sǐI�< "[�ʋ79�^OG$�L!e�Pa�aj_S$;ۋ�1n#�e�N}m5�9��}T*8�$_R�f�BM۞x�jj'B-xJⓚCdo_
�wf���Nm�bx�wW�ᨠA�7x܁7`]=R},�e�I ��Z3�BAܖ<]v�,hŞH��4}�
H9ۜ~RV͏NHPsfAY
樂]7��.ku@8���ۀ�ش�-Hg�2=],p:9kDt�EUa>�'_��rUrQ`Z|.��"Xdಈ]x_kBNosF-�r bG57x#j{ԔҘ�3x?96��v�7��驘yHG�]{]KˏG=/K�]c4w�/(VJlupkuZ�Sɚd0IńYDcÀ�^z�L.?�졉l}TƝ=_4�#�,Ѻ Gu���ns^ AEJE�GwO�|�h;{t�%�Se|@ԾV^Dh!(PZ�4c{->?up�'�y3��MH7R4X(�}yP&5���u du7-c�uq|fC�Q!4's혚:GZwSydGfC)�* n�e~�ZI�k�#�X
ώԽ{ާ+ӁXK�]�+C،#V�ZbwsH|,� Cy挭Q�zw#Ŷ7��Vr��ᎅ�,._4���1q�%�:{X$�|9}d��]qdm~$I?Yl�j1o��L�lsj�I�;'�
���B�J�Ug\4!O[.�tmI�N�$�ߖM�
+��<� $j#H�yp��7�2N;9R�Z�@/|&+f�4qʬ0߇��69< � vW��b?h7�?��6�JڏY����.#yi�s
:mjCH/p9�~ڈ�&�.�Z:IbPTh�/|Kd�v zv��C?U/˦Q�tY!Zy>>bF�,�x-.;�ay�Ȇ%?(�z177n?�!^�Md?�>���͠гٞI�"J\Km���VbfH�&�dֈ�ۄtPѼn{Bڿɷ) MG09Z0�v".qn�7z%ڤo��5�wq�k�X$C>9E=q�e�
��ϕ�mS,\�#ũ8.6y_yx����3Qjz4Ќj{�)
HH ˢ�SuP[�s(?Z/�wM�iM$*bjszlhxeZW[ҭ<ԫ�h^^Ш%1=$וȷAYg1��q�ȬJ=�A{2Ƈ_
�O`���*KnA%lz��S:!Z�.iĽ��h�_U���wW7R�@C]hL�C]ųB��DG6e?Q�dVJ��jݛ�̈��":/ߒߺRlv~Tӹ_nY�o�"Hno��TW@#D"��Ow>E][DF=uP(El%M�p/P�צ+��uY�G��-�vvTB[T}�ʸW�^�Ўd�Aƛ�t8�+�C6�0FC�uBՐ;k��15� *]l*@r6�>`o�@
q
G$��Jl
�=p�$65�סN̵4D+
lFԓ-h,)Q%��e}�?X9b��>v�k!�O{w�O,�XJ
k"$��3$ݛ(�o�џK�Um'.R�y��rV9w
9Y��R,-t|i�pUq�L(�{s*ipd�%�R(LEyE}H%EܩN�H
m�%J8�,�Sx0mS!oYsV�=$+�S*Đ3HQ�}|p5K��$BCslq�
^DG\<�E
Ж!Z %.�,Mi鮅BVC!LpO(�)רUk̥?�bBC�2S�ni&�=R43��"o3��p&6 4Vbl��'0՟�ї>W�zy QJV
��\7i/تt|�c۩��j~K2[�/zW8:5+#�����&4�]Qbip�W"3'O)^5z8zH][M?I��0uiY�3���ݗ�lH�Wd@@^ܫw>5%脓\Ӌ)f�g^#4�[�]��kC@'I��g孞�TTO ���`�P+(ԡ���)��ѽh�� bQ4i$�;;�'6И-Ю�4O>SuHU
�#9}�S5u`��|jEZ{x�CEH3:ҥ�կxm+ek5�2z0nWsuQŠ�{o�YOa�:#4i'0��;9THY݂%C�ao�w%ߋѻ7W�R
o{ӿ"< `س%P�aҏ�#1v:��Db!�or��ơ] ⌇1!�G�Sc<�mdcR8d�jme����DV%�Sp_�G�9�)�1am�~�M^�#\�pm=M
L�\R|P)�h��k�[(
�
ԭdQRl0= �9+Ov��_.HtfQ�$�L@|n�^�$(.I4$4Et��'@z�4̈́v�Λ�($+)#J
JUk�I�41H�-$4\�"[N$�'�d"52d�M@rfY@�&�dY���l^�c{{ g�!Ob�4_UlKʓsv?��1r]c/��]m"O�C,�����/#V(Ew9E&z�:3
&� +9(�F}�s*w)�Tar <���A4IګDϙ|8h�r�h0C��t5@Q.��p>E�D|]h�2爔B�4v{5+$/�ae,Ȥ0��<ڟ㉾y�,f<�>3s�06þӀv' 43mG�}Qo*1�o�!0�O;͓nn�C+y�Ӡve�iq��106^&���C?o�fS)�vEQ\Y9�JYU#&Z쟱xuL)�,Rr���:8s#,h)�X-Jl�$˥hnq'@hɳ5YQ3F==L��-˔�!l _
˦�G&fF+r'VF�e��\40��F%/ldB/́(w&VClj�p�76
.Z0��pFc�+ SIK_31fa�0h"�f�$h')�N
@�&
*�2u#���WY{{Є0!cr�w{eC!6@Ϝ+\1\hGcZK�G۱&D~�of}C^uz8�1oh?���k�Ol(��v`
�Hq�f�>=L��Vަ6 !
N=���mB5HΞ%TCj/J#; I49bFs9`*7PƗ�w�{y(Fp%Q���s��܊3iwME�s�U9em��$b{�OV�Qf.I�^jj~Y \F� *ch��*4OhmtV�#0sƪc)[�h�,=@HBl;��
�Z7Ń&PS�9�1pܔ�Քaj�}o���V/}�p|�0
��a)n5uǹ�eHVA.s�/�K22;,?$jdlb�M�/X�x_�E?' dڣ[86f{�E㲔
L�b/Jp.��Ѯ�e8(1~5L<64V=t�S{J\?!4GF$�|=GWdٖ*ml¾�E 7�ږs/$�etb/ikdU!u٠��.EY!I��0:j�`+
Bbfo
t�7'.�7apC� L˃r.�TDmnu�1950pqV}O�9^d��~ePj�C0w]w~$)+nk�rFxe&F�;К��5�ARL3 s)�y��<͒u�o�80SHmJ5�Ћ�˭ݕ!&.�qpBىX.,:%wCiʞ宭*FD;rކnZ-�GXƢx]ژuIS09(Y�Pu)^-RWv^wd#dF�bug�P�Pa67-S*ɤ+w0IO��ߓ��A(.д^Z}[)aiP�a2)^Jܷ6ׁX
mfonY��2JW~51=[�$om幦_��8>b�1;Vx@�n�-<�T~{M�t-T([v>ވ|DLCzN�UF�BDuc`Pͺ�К9LH?�xjH<�2z�2�
q�l5�+B�8�XoIu�ryU,w�듊ssks5=(_ש�QF%C߾\fii=ҦVs~(�5�4S -HBB2.E3Lhi|�ZN��nŔF�p�0�geɏQ�d:u�KK@ 2
�YZ/�#D\~9�B�punOF'LU�=J*]� Q"�36\ =U9�)i5'o��SU�0�Q-&[n~b5E�3!rU0+עGw|NYEh6sO��Y#�[�+�7fb��w_oyQq)qŘ��`i⾔aFƣA�8��xU�?MPK��,s֜'".twqoW7�ulg6��)ې�!�4>N�ʖO`�HW3mMXupJpo>-Whu$�#�@Q˿u˼}>���m1)OU��n]
ҳ�_b܅=TA�g7C8�$WEQx-��#�%l�n���Qn�髪��2Cyo=r�eD,��=5s>�:N$(7maE+GYZs�ƧN4�B$@
N/�o#����`zyĆ։2h.�O�|p.
zϼ�C֏�G^S$���2*�u�MI"O�>V?xnX�U0Ay!]O�-ƋWR/Yw�rw@ֿU�'~ xa�`Do؈5�S{�`0c��#߮+W���2c~�bV9j�O�Y/�+~\\E ̼@��e0��8�J�4yՌU�a34�R#v�t�C�Afіfe
!)��wf
C�3;:F/ߔ�&�M:K�Mk�iml9_X&�?1לEq¬�Q;W�`�^ �ۂ刍`Ѻ�xe�M|k%)�k5=&J/�6#M5`x�)2XotjyNCq��'
�ǥ@9!0�ِz2kH&VU�s�qސQZ-=:vڵ�r$~o�_;U~SlY&o^>�(�
x1v]�l?�f]%3|Ļ�_ż~R�U9��ZMOJw"l)�"Ym}E]y"�TI���sXW�YK�_~��b�bND�d���'d�<�N�$�m鼐7�pLAdg6a)lQ�XtzD�L>[tx��`'��g)/D3*�Iu@
vwMs?���lHz�\�Z�I̕���X�f'U����G�V&XVJFK�9��?Y#�JW�Q�P��gŞ�hәy?�^e06ѓ�O�X.0*@Ϙ;C u?@yH_�q�+&w3
P�j'W�Dǣd=DG?&/-:V%H#f0�*<�#�,B�#x?�ެ-ܤڧ�M
^�Ik K5!K-wm�N>0Fn{YϽ��)�](J$䦚CmtD.^.FkC"Z�4��}gcD]BI6$Ͻ8˖�#W8$?�~>Cx��QTU_7'|e\zq�\V�m2Y͞=kB܉��o�ϒ'S^J�Q�e7�
CO>`��[(��
�'/�N5${�.�`ﹳ�f:"��^
,Z1J3wD,�cmdFc��oےK&� `i�K$p|7h@i=5[Em6m�
Dc2.r�{*`2a�sv7Đ�(G�AA;/.9=p/0:{�)�� +aTƗ!���
צM�r��4վ�a.~*�l�}wZBӄ��l�ub�V�
@mcs��i�mVܱ9vQ�M{.R?dM#�hcw4Wqʴ�-V,dʽgBS jrPp*��;`j6E�o�=4C*ec??>ȓ�s4g��?nxY�.)J( Ɨ~ܚZ[ܾ�-LK�f�:4Q.0��
ib�"9{��ܴb~FFj`��4cy"7�V;�;p%�_��Bw?�^\m7g�;:�0q-�4�{Q6BMXsvn�F�0��j�j�Գ�ުI�4�-%��VF
�n�+q.�w{�P�j/@
B?�M@}mE4>,V�(kV�4�/cgϹy7he��L�FS�a诣?>JoFG�-�F���
��ޜ@71cRW���,)`ff%8� G�HQ.[1��m�sc*Jk�[w<^Z"�C}ސl�h8&�/}c�@]w}pV~�yfOi,
��A�՛㔭,��L�b�v���TJ[D��k1!y(1]�u>w<{5^ă[hL OG�I:"<%B$ q�21œ�f_�JeG�/{U�SܤFW�z"3
g']X�� J
ݡTə vU�C2/c�%wجu
b+��l�Fs*}8٤<�`ɮ\G-�$D�9�Þ5Y+%�_��d\�l)xgJ`벽HIv. Bg;)f/!R*��NqD'j?lv,HDmQiaK��G8;4/�Y���|UR��3QA�OKKĵ<_RvJ� +)^oܛ�PZ�4^j|3�Μ��Uw0)j`_w�B~6*�F8s�
tZ�QL��%x�kr/���ϭ=>O�E3Ƃƣ�"Ü�fZ4r�cg�VB�gm.*ye�x5bJ:iأzw�>�9E/viÀJׇF bK�.�
In�M9Xq=,)) �9f;m�zJ]Lz)`-���ik0il�A%P�$DM��]�-h�a)mb2oK�vk^$�Ef]Κ
K!cT�j�IEpF$E34E4�P5Hī奃�0QՌ�a��H��5�#%@C>4ϨV��ک7ax7u
5Lm8eO��N^�
P8(k�(V) _��?�7/>L97�5��\Vԋ&�V{%`ȽӉ/6(�Ǣ֢�}W�!ocA`��kI�a-�;c7UFLXF6�ܢ�]J$`M�JՓE�2@t$\['տ1��_݂;N-H�fZHR
�gNc/>xO?wG�W�͜ΆCEm��TY(��ng[م^)'�>u3ecw�[0]u,�]05euy�i3s7h'Mr���]��X,��@�N�+F]=�@&=wlKAx|bO��,I��>}��v����ID=,YkzT��<ևe80�Ș4]D��`3~b�ge#Ӗ-�c7FX-�DϤ0A��z<�l9>+�s_`�gFO�vVA/ļIs\*տbӓ��IK�L��; 8A�ĈQ"a Bfoh�qG�Ut-�YH_<�G�I.zu"uRava���K���\PH9�sKTyU_n?9} dkt����ȱ:K|G=(�oa *պ^�@9\+@�w*~�u7�d2��EγL|ayM�E/&^Ε�A|B8�$�sȼP�8lY+;yQ�o6#���G"Q^C�h.��j��H|%\�V��8u(zO�ڿg�0�2rc:8}T�`sk?Kq&"�i!%L2 Xx3Sی]
i*P`&YX߯<@#�~}A
%ʓ̾��us�4 7,@~1I�#T&,0�P�k#��+Iz%PpB'*��HDK��+ ")\^p1��z��%L51
"7ADgpY&�0߅ R]܂m麪$E*F@#���@�
�}�#2}A��\�Q�!�u$}Ȏ�~{H�BeZ�MU1�#��S�7
9O��{�y(8]k_�fѱ_T�Վ�x9� �9eSQZ$UCfE��gL`sW/�U �R^x2p�,kC}lkbm7;!JZRO-�%n&ǧyi
(0t+P^���'J[ٮ�`>�G�O1Y��e݆b�@$!2Dģ:d7Q �PC0JR
��ܵ�G/>t=up�\4\`#pV�.20
��۩Zj�gOKEqbw
����~q�+;pu\:��s�dyk(QĨ�zp;�7-K��(_?@�o�(m.5(N�3)Z�*�ྒ
�hl=*rC O3ĩtÛUOuhRqJ=EĽD�֠�vs"`N#%Gm)T,m\ُcps�PwE�a,3;��^Dqy?l*WgZ�L5��E�~�P'I�uPF�3$zR\)�U�6C�: T4]-�7o�D�hn5`Ua%a�F:�N<��Oc�Dl
Cd+�գ^t0�`ۈ+�LRY`�X~ܵmA$7\]�C`cdX/)2@� @h� �C �Άԑ+D#
jP��ԋlЖ@A�Օݛ��"� ?ءf IOFr3Xf\/Rԯ85OA6��x
�o-Q�zPH��7C׆bI=+�~�Br�h e\,�!!�ޘiD{�.+{#.�⭯5�SdQ�x?j;c�3�o`+jD١ft�L�6P�IȈ^\T"l]�6h02hUOV!lev`
g<5ׇ[���tr>�6'-�~4,/�4��Ka%L;J�Y:Jmv�Чl}cDp�r
e�E*Yn(�| Hj�t�;{v���ʯ✷㘴QQx�RJOZ�<�=ff+ԝ!f9�%�
�G2++�rz{
vDj�f�գZ79%��t8F=Q�[iHOc_�l,%e?o
jf�>DXN���0:э(HO�*(�|qp-U50H:H$o,p?�2LR*1Ot�
�I}yM[j�o&$ڍ-Ny>PJ�?GS)p�{d
���d�6i9o^IM�g5�0+2
�;s5ˠLbx�"8Y"_H��6u�Ѩ5�m.
=Bgy�5r�߹$�P�EK:he7�C�Zd�^�(�'i�U([C[x\Lti�"_UPvC�;x~>Z�#%}>zqGdDi0�/��#a�|D$ObZa.9tGN�l�-l��E8%�*Dۉ5JS/b3a�mZH�SFόūW+eR-NnY�ճWj�wl�"kjׅ,|q~oփE!q$%Bz� UJ_���E#�0n*;H�|V�i�II|!D�N!�ި�;� Z�?1="�/S,'5:(yi&~ ~~�.Lt'`�(JkrCM-SO� G�zt`kNp Q(�^Ca.˧1�x(�9,k#^ڰ%�}�|/6cd.ߌ7q{�MA�϶�NvP�F�%5�!�Ukf> [9eS�n�asSѐub�T��&�UE3�Inn�;�*%֯���LdsN�Qc2Qe#�m�U]>�� EJ!�w"k�٬_E�7= Zg�
B_�3P�r�n�2�ձk�p}\ ��搻d1h\��&NF�&9|XʼnbL^WTV%❔<(�BU.�@���O�(i{�~�P^J*G%��mKk��ؓ�k107%pE`Ń�p߉]��8giI4(+v,/��^k
'Lpa/�V&%w���A:@*�6
)N%-`�
n|zYg�[m�9anR&����I�W'~9}Ab-ZǠG�Yɸ<-
�馦G�!�7f�(>��ߔPA
{�5ڡnCz�@9yҖ~�
\�h~|kގmXիU8"Z*g#$�{kj�'ḗځ�~)'Q.W&[��.wɢ*K=,$E��{sNt={��-^v^:,���s*�-Ǧ�WKS- �L��[�>4�3\�3y(�˴VwgѬG&*[)�e8�QV�� �9znY=ؽ�90�V[��\
B�G\V黫%�klg7Lb0F߮"NjJhn�f
-Zr
b���g��G�xW@i*��\.Y,�㶿~r2Us2CP��q @Me_�n!%ՈD�4WzNl3Jy7[,��i
i
�eS'�PmYf>�sdqOiL�
nR5�1jbj�H�B͗(20�-E>ˆ΄F-Hh||�ȜX�92��ȴ�\U`vZauZ>p9h@d.j�
Y�CN
ga_&�xŦo`d\=��l&ڛi2R�Ҙ]mr��vɼ�Ǣ]\n�wlT��ZXʩ`MLŃH@]E@�=bfa۫X�1|!��n�()��u�P%3vd�{�8L^{�:�3u!6?��TNgv_6P+(PoxZx�31�T�d?�d�>am{z�'LZߞ �6O+�s32v۟NJ�A洲�~]d��%X(��G=}g<ްivm#S�w#,]\a�1spp9�IY{T4�Q��
�ɡ+\"�"cۄJG9OߎhP>m:|n��
@;|_St�[+HlTP֜q͞yrqcNQ�a=~@bznbov(�R�đ$ZxoFE�*Y#�,as^�%o�Зg �M>y�YîL>q<_ye5ೇ~�"QH \�֍tj(A5�s|A5sPy#
SoW�s=?)�1w:CeF
4�R� k)�_sHx9 �p~o�Bk@Q/�t�~e$I2�Kn\@�AvɿbautW;|)A(+�;20eE�G�|0��e�LIFr��94猁jacQB0v��0L�
�\p!g758�b7TS{�*Fv4~CqY�"�(�Go|y}�Ay5U*q�,��&E[%O�EegTZ
~lAk�6w啘xP7P[;y2'C��
Mr"�o[�d��l�_]-\YpI�N��?$Bf0�9%C8��9P˹�mz]gЫW�⬙שcvUx+>a��1/of�:�}P}�K
�y<�W��贐BUQH,WYFrO$¯ &aq7ٵ�qܻ<�:� @7Ip�xߚh�>c�L6ͮCǻ͉&J�ѵMX�`} �&ȫ��\VK!5F)4(hs({$\;^�Hfcv��\ۥ̋��Xe~|@2?��Tl)&nY,xɮ+Eb`рٔAݵ�q�.�i0QVs�1|0m5�sbA8E2�7w}LT ԋ/�8�뿙WR/4Svw�Sy�)ɧ� l�т]�Z60�.
A� `%i*�Amʋjޑ/�-Ꚕy�VÔ�I,9�DPנZwhz��Rƅ'g7?+֢Ϥ�,w5m_��v,G H\rD_*cI2�m_"#� q
:2�Bd;�vx,J�s�/ZU�FLTrj--0�ɝ|�Dg*,4= W`߈uR:�HǿV$^c'SB̳�lHhrաDih���^�|=1�Zl#x��Lw]Iby>ۏԛ�Aw~Sg��^JU4쿑�"_�F�No:�"�;V|_(AU4�; ��:Ԩ{D4W.r4*z"��,Ci�6FM}o'ޜK�^"��45&C?rB6�oRh@j�BOGY{Ka^ZyS��X�Ix:LNH�N%�Q;9O�VTE�w��˭SA�9u�kJ�jc�<��a|�F̒��_M|�
K� �'�ld�aG}rb̹[ʘt�!�,Ji�#�
�RX!΄�0Y:�p�V^�ѐZ95Vxx��bb"ʴ1}w��Kiv�<Ӗ\}a|�7�#A�]�4
Z}�)�QHs@Ҭr:���Y>�+�ܪ��h��'D#
Ȓ1�h�k/�xJCz6;�#�j�NuLW�n�~�93gfΫ��U+N�-�[6@QԧNCf"�)`=ׁw�K&5P~ji�J~nb/%@�/�Uq0e8>8N_Y8QTQX@N����Ԁ[�Lۑ
) @+nopNJ(ɭ]�3k�p+APr�}Ƶ�c<��߾ޱE"�s/26v�Rc�]폿?{^�(�Y#975@�晟�^ i2M`BD���F;�]es)��Kr
a3uy`$v -�=ڑIxi�`$D[xECxwl�5G=}w��G2x-B͵q�YKHS;?|Ƥy�!�ҝf{ʛ�!�/dxda55|O7�ǥ">*�H�R�
�v� Y>�"vȝ{ll_F7VS�55e�Vj� �O臋��[4C3�ib�fJ�褖BX�Z^
O)�e(*2xm�q�{%Y�hg�o+5Ư,JYu�.t-p?"�=/c]WeSt�=ƚ ""Op}ח�!uAؔCj]�!��Q±Q7ɵ8Ɇ%�A
H�}+$PX״X~B,�n�WDN5q3k~7z-w��Q@�9EwTS��I�K>g1M&ZI&CۣbGݍ��SG^5|�o|S�sUiU?N#,X�>ӥ�Ў�93f�D�C%Ur�(�+S=Ky�wWEv1TتPǞ�۱A1o��",aK�_=�Mń}tWLi¹5��k C6?aИ"{��ޖ'qn#&Ý�ć��39�u_^GEO�nHbq�e'?.g�[a]�ʋ4�fta�-l1S4ga�w4rշ?\T�iy�3:/F2L�$hym�&;8qvqT-�ehnР���,�jfvJXRc *L@!!j,�
M0�m�o+я,�
S|ڬ^W�);xbw
3nXΨ:5@dKUHz��T$�ҭ
'ȾɈ۷��k���oD`]�FAb�供�@< ()2�fXk&�_ v��$4����*k51ʬ_^+y]d<\[qE^��i>j.qd#��}tF=W_D?[Jڽ*�:,H%f
�8
Ak�4�%;$�-pW�\Z��,ܘ`�9�7NUsNY�k`_+~ٽs���:h$HuW=�w35�y��kky~>14qj�}=0
?GEX�R^j_U�hmtR-p8 Fe2SA,Z��}&B۔g<
)8oGkl_Q`0�&Ί��݂d .NɇM'e��L,Ar%rq�*�3"
QR���t��^+s}�eMTåhX~��ҤAmmVP<
�a\�$b�#{�Ӯ]K{|f��W�vWfVjܴ>V+%�)��O�`V�:�wYbxw.�Ɲ_у�h`1�;��yGGz!B[H
nᐏM|#Uޣ#YIe-�5>/�SU���)\Go9yBiuy69,oHS�n�p>#cEiX�f\~� �bc2V?O\�J9�9"AԾT.rS/�ߤ�Nii+�&ME_7��C6ݘ&w8�T=a�GmY|ˊ'%4)�a߯|@SnIdv^���HE6��^Hmѳ wȊ�൬Ҏ/5)��u��HuoėN�1_�:|S.<_>4+/��eq]ew>��hq���tM�yv�GԮF!RQ:!Ҷ�b�lr�Yk=?CdJ_gIp#K*D /�͵iaK
X��u�[_w�4ljeE?
"a| d��{�ZQO�j�Gdw9��X6>lF(yH�!0�h2Ar;e0�2'% )t*ŷq7q�rpk�V�7l:�Q�f|���4
E3a�}T�r�8B3Pd�; ;Tu�br�f^+�H� }9kۦI
�n[E�D[ qdN�W~Ra�̈�<3��s�ҨgR*`]Cx;`�{]qel/�ֻ[�WϟkVFGbm؇`�Ryμ,C_P�*�jK@مs
A��4�@��v$#52~(?s96U<<��:K�A��NX��FknBu��DB�\* �r�}�6��Mö��j�GbQnebi����.y$!;xB]��Y&M
~dX\hnϷz^?燲 KtP"�ąf_-qEpjY1zH~� C/hȽH��IS9*�;#p09X!�w�F#�sЅYGF*:Į�Ww&>KV<�@vQv}&vd:a,�:
Ϛ_!Pp{(�|M�Dj0y.hSϦ�l^n^/H9yj"Zї?K|ЪZa-[%qV��pS�T,(;�/@��LRS>J=�aF2uJɽJ3ћqɕ:~߹
�bD�hB�19�a}�[�j|�uadSoH5tܐo�_P\IO/�NAn>�܍RB�,.jU\�v>h0�PF7PʛP�8�y�{t"9094Jė�f�S?Ƭ�_T�C[PBX`�p"+�)�B�i�F�����B���"b^
� Hm��H\{K3il�juTt�-[3J,�gf�zG@��q
u}JT|�JG; 8�Ľ4\֡t۲gX�/qN�K^��*v_lȂk���wD���
.C <7Ζ�tzH\ͣm?3�õ�AvӨ�=אi7���Q"ovcfc
}]s.5 HQ!�_m��tp�b(
]b4/IR>`�D8�r@Ϣ.vFT:naE_Q7n+"T�ItHV̶ zK]�w$y8�3i\h�{)Yf��nFL",>�G�3�"G&֦�q;M�5|sNL ]!s8�j� uA�_[i'�g�|z7�t�S�|-��P`}Xu��U�ו^}i�㬶N8@C�̯/Tn�wI4!{,Rv?�OiOou_�#bC,�D+e6J)�!M7�.7¸VZq�+9�Z-�&�P(ZhU#~ȴ2�ym_�/]Y^sL?{�S�
D��jt�Q�+dE�Q�fLoOS4TȖ{D̖:>xHS�/\�H�_lը��s��_
)oϯ8E�X�6ܲhwFI�hky}H^D��.W\m�rhlQ}��7�+Y�}�* CQO�ڞA*||DZ����#hZ`pvW
G�X$j�شrQ"bW%aE
��"Ǘ~D��V�4�s�&Ak�} �D�B(9P*I�@RQ
?-:qU0�Q02H?18Xit^k(1�bMx�GnL;�
�NݧT,��Q��|JaUiN]=!`�7=51y�U:��e]Rb}qi҅Cr٦I�e�\a|OvEl9�EƕX5p'궅PnUM(@@�)^y
&1dIg'?gج;��
R�T0�hGs{(w̄&
>Mg�Т8�_Pu�,2:oŮcSn^�.�'6B=xB8b
}!Kt,!t1��mKG'*��/F}i���@xaI
i0Et�J-ã;vbƕ-C$AUFV�H-�)>��
e�f�}Νn NUvKj!�գ�A�XCYnw(M����W u1�}�ڔ4~01����Vq1��zdaq$,)�~pҰG>*"�=ަ
,L
��$\I�p`w>�'u�wjPkfឃL8iݍv�
*P闉Γ۶ʰB0u]l2߫11n<©ü�Iy�Tϖe**]:j@FB�n�fbV��K�E-]Սxz4�Nw4v�ǹ�
]_:iZ�YW*��{�G.ӈ{�4'jE_<( X�nۭ|��Ru ~.aZջa/7`W�wK=�j1raZB�u
��v�,��2�wq0�3~G+;��6GF^m{���d�r4;�/ABW�ڤtj
vVc+rmoX@V�E%jXE�_B^2/cːvtBJph-���Ćo9�F#y^gŇ�3Cj*hcѪ/Z_mI*3)={��n�·W+��� )0�GM&�.��i�}=.T#zɶi{�л[>�Z�O*D>+�Nl�r�t#7@$i�Qޮ�#a�),1ȀP"�f
ɟ#�)�]bf
jhY{7_1'w7=+a��lハ{"N�p���&^#wc�AO�=),\�#H
�S�/W4�|�@Fzա)�P�v��/Xs`OT5��&YcTQ2Xp�^,BXlZBB&DN>wU49fZU+
�=_؝Ĥ85�z.
�v�K �?ly7,x8
�B%�Jވ_��ijq0u#
�pV�MhRu�g�Gt}�4=ߝy���\ U��y;�c!�g_eY�)�%gв�@l�]�Ju��y=(Xv��q:?`��|ZUU$H�T+X8CBgVf_
cx�)�6VHz_rЄ�����!vCy9���jUb:Uu"?Rِr,�c Jꁜɳ0x7�XN�l)Uͥy5h6âZ~S/̤�3d�mS>VY�FB�
Zq(�6ftZ�N^Q:�D�,(3&}͵0;ަ�l�̺,�v0\vHkgQ�
s�
`SM)z w�Wi.�.
Fg$p�H�a2ob,G`�6xdozl<֖���k{>���V�ל?^É˴z cRÏ鞦(j�k\W�EԂAx/�#
./x7&�8�kl�]P�g˰l@jIG
yeS%EJim�nS<]*莐,�TC3ߚpA4ٷÌX1;r�Yu*@q�gTM�U`�5r][d�od(cw�\^`�>6R
�A3$1{K�LX+�iG�{H2oF'"f{�"Ίy`*S�=vl�fH{� �b�`G�Y)}Qd/��#�%��ڷUD)U�',t\~+#�/4%|!h{5rMk �g}|^-�l�ؼih6[!B�;wX�SϡЊV|s
S2YIȽ
^IאU|B%0�ȍB,8q�agYO�RZ�3ej���b�!s}ơ{ުD��T. hG�s
bxu#:��u-�cĘ�_qYNؿOs mS?Dv>�H�rq2K�^h!7xa+P��>шzY
+,Y�Z }lg�Dc�S��*{e)����^`�&`
,'e,#WA��0m9U
�hKD.T:{X�5�%L�}
�D!!zf6�R𪴇��=5FJ{-!NQI1N& g43�q~6�w`;0ʎ�ni^>�LbbS@j�!]@AXy-8H
;��ӌ�FukCe��xR%p<K�@nVP6��
/Q>�⍿!֧DsdͲ�E(9��JsYz/��KCyIwT���1"���7&VQw.�q%���"U|uɄ0E�P\ɹ{��cŊ}M(,J�5[{v�EEP�Ι��+'�ݴd=,MKK㵆!,Ağ�7N��QVt"*7*#W�w~
�,SaW�\m�J:S L�đ@h.*K!Ȋ3;nţegO��ػ�A$�C(]8�՟�n.l*ᑽ�r=�/�4Sg[#=�=D�.ʥ� �Y{�@:Ƥn^t+{
H(ܖSYUۋ&�<5M3L�ߒjMAuG=E8�<==3C4�h8
>�~i�Yлh.{{Tf"WXV+ uvp�z\c3+k�KR4���SR�E�&6g�H6(EEtj(Mn%ŞH&Ƅ:ó`R҇>ȠGCTnԸls7oK�AUa��{/(
i8K��B�c�p㯶�G�6�aƧ�a��1t.�>'*xbi!o�n�~mR��Ll0=%S�.kj.`f^Sa\Ks|~ݮci:C�B@eWx;!C28B$~0�l\��Gm�r�VU+`W^9{8xä;K#^�ۮ�|PF�'e�/b�5@*x��Ont"��=?��uW��^g&��. ��j�Ž5:`�I]@�hFŅ�XڊMxu2h�l]l��VH
"
)?�\$J;=U;�R�mlB�I�Vi̷E0g�ҿ�
:
FL�@�|R�*ddwoya)# \�<��^�':C^�cL˴RP9sJ^�bK>Fj{�]1#��mu99+豰*h�<@f�.{�hrwT8lVk%I$#Fɨ :8!v ]4/ei"�#.Go[j= ObJ,&VB3�d�gfX8*�&�$p6rZ}�ZiBi �ғBE/i4K�IE��ALu<(qC$�3�P�ŏ*/�e-M֫ت$Zk=lJ>bD�(�SJ#�GQin%KwǤ�2�r�(GK9vB[/lQh'H8\G#M{-y 8س^�ߟn�yLɉF\v96[�*ZCly)�|MZ%��!1+W/8���^~})%�>|wL��ic�66�bp-O# -��vOgc�UP��q ;\�!]֘ElRE L6D
bHpfўЂu��PF�zze�뫶���XDl7rVe�d]m2Dr�st�e<ı[Jp)KHq嶶MRF_�|QOCx�t�TXgX�Z^MY.'�Z_cy�v8#si:2fA
SQ'�lf�K�/Oq%=GwZv刨-Wul�Fo��]�xXljH<_$0@��eNҫXv3|3v�: I8�$Z̩yWh@RvFa���Ʀ �ń@ͽ=%�>L1HD52UP�|lA�(+�Y�[EXe3w�A(q ��L$rC[AHP._pX��Acp��¼�)�NG4�l'+cK\7Lï
f;:��J?���ȴr
L�rZk`O>!P.=(�E�B,ϥAKքjɩ
��z2
:eKS^@�f{!��tTM@K,�vU(t@S&MM�ʢnHi}>t�<�z̻5X��[|Ye$��MXʱxw���DP7�k6e��gu�Vk(NA�e-:�nd{oC��TtG"ջj,Q �kr~W"}�e)�1�XG6#=c`ήd�O��Oe@p>ppH�ʓSH� C&˲Wk�$z}]~CK7�'�Β|�aQp�WY.T�5&jC>Y�3To ]7 �2D+cuK�L�u`\cR�mEɝ_㨝|Q�W?;�^xb`0`M
݉�.�Q�OsuܳivG?+C>
�; ;-W%/S+,ϩ?bŻ1쏴=0Ւ�A'5D]�Մ!y�F*.�L�@8
@�`o$YyGyxur3%�'Hʗ#ʜV$^��SJN� d��.H.�.�\��F8��|�M80(ҭ0Sj4�7kئS�F֎,2SQ&c1ŰKsǶ\0DJx9�8.K�@w$I"R0GmzK7?8hn5W~2]cZ�N�}8tT|�ekp5���}
�VގH(y&MX�Xo��PUҿ�S?����7�3õ,�t]ĵV�A�U<,?��$�2)6[Q!ԄWp_6]��j/d�[B�0$#n6v/(XmAH�0^u��;D�|�.5�h2�o(͓�m�KcRRP�ڷ2Qk��Γ,ttĝ-�f/.X}z�:rHe�%�V�٤~r�:Pz�5+PngIU�ǵj{�D�D6y3 ��]Pzx�?ߑ!h^[�w-)��U�f�|%.�`G)_�{ڕo
N��{߫�ޓ
"{[v�lM�_Zǚ<
waO..h95/縝%;_CBś!X3kL�GѴ+p�:FF�v�g
C��F7�Z��0z*'
��ۄ�h�/>M>�8+\p~
A~,� ^�ѲhW�ݸ�E>���ާ��\p#�l`u��dй ��mՆbu�u�LU1qY%��\s9ӆt�;'jR:�lz"༠U�[1ay33)'�8�|||;n$�En8�t�.vuH��ms�
ki, t5Ui~���b^~��k?YE&*�{K*<"niVŨ\)C@�%fLZ���ە�J@/�w^9z[��
C&4Gh(G�`Hcp, ���Hmlc3$ㅬZ$h+`���-@X�ޮi7�.ѝ�@.h|�WLk|Qb��2��X:ɞ39�&{n��
uMOaڄA=ӚDB�ccmw*hG4S}]�ĦD�L'xpC#[Lyd5�rM9�4s
!GWk2q.9~05/ض㹆�n.o �a�u
v��uʪ`�wIld��ά6G,�I͒(Hs�{x�P�q�)䫴dU�#̿�ˬPSmnt\ �Q�qTRz7i,_)E$=ڙfDH"+W�A2L1�*��lj.J�tL&�YS@$d `rHA
l��meibcZ�i9c���m˺>ev 5����M���(x�(��]S�^x@j�Oaj���bb)nEmEɖ+5Usi߇�UhʄY$3pJ��ܳ�K1O#̝O1Z�0V�@O}Jg�<]/Z?JE�5w��PA+jJ ,� *�{$z6xdbxձ
)t�W:�>A] sҁi cZ���l>�����?.�jL|˘=�.Et|ZЯ,uҭT�7�ԭG���="X�&
!5j˼L2,
5-lP��60�?nY�7�E$�lYb��:4}
,�qgU
�fz_㣘L`JDN~+#g>l5Ng*�&+g!cтJ�_bi2ƼSh� ϡÿ^�9'm�m<�`7q>�E%a(2-C1Nm70>��!D7S%dO4N�ydn�C=T�X#]�=bfTVngc,⍆�����K'k�˯ �̎�)ܼwE�KLڱ&68Lf�Z o.�hv�`I"��'Jr��232gr_'�N�F^�-SbzC>"|cgq#St�ց9'�IW} _Zv^B79���!)Z8X0.}yv+Fzt�:n7#�1=�'�褖d�RRTZ�r>6�!7�x]%�aC�b[?
E>'dN�du]='bը}Ǧ��̢E[�wJaD'�<5'8�a8��AYA&{�i̋Z51}b8$&
:gk11;WGE��Ch�kOsab^L3
-*n�71=3�� c)"+*!6x��~Ri�%9T�go5G,fx=�x<{��
�j>Lnm)iOJ�7FV;{dVXl/zYs�uɝvsx&^!d*ᨄoz0,"Pr9]��!#al�3r:TQ�* y&;��58C?x�.1�,b.4'r�MQ�9| 4d��__�� 8"J:>�$u�~r$'�u&Z�%H~�4{uE�zt?^f�Ap�PRI�:L-8"���ҜWȮ9^u^M&sY
�lm�*oa�^B�¯OۡZl枪3իdܲ��Nj�*E(-\�,B
C2v-ބHLJ3dž+V;��v=�`שּׁڪ�3݃z`-+�
8�O~�dm�{\sV6SE�0 `pE~T춶�["xTR}N1o$IK$�:4-�T^)EV{|3 XVF�;v��n \�=H$ߘ�4%��)��K҉j6!)qF~md^Й
�bjS5���Hn�t�d�ƻC �$˾vRV8ݸx�'>'Y'BY?�l>UygDb4��A3[4ť�;N4�$ܴ
5OT�U^�G^�̺l$w�`
E˄59�m�ZFX�+�R*�/tgpt~́Q(yh e�w=i-Mt��|\+DRL%Qgwћ�i}m-Ow§1�k�a'�}�(��K�^��{�{bԟ&FkeE�0jD�_sa2Ie�*
Бԁņ��"bPF
/<]`��=JU3?jȳ�h65Y�pe���c~D6��[�\xN{,R5�*�3jb�3�.׳NXkPO�F�GN��U36�/OU}A1�l!Uu[g;�U8f]
���1Cӗ�vY|�5� �PpH
-&�a� n
~�ͰBЌބl4i}5NO,/ ờ/Ov|0�QۙD�'�%THW@ N_M=~
HaSW��?$�o�b3X�5cʍc�U�Ê?Ho{�V�l�k+O�cfk�A�Wz�}|9��h"{�|j�ĺ �{krFĝY&,}�!>e=�nU˻��Vq�&NN8�l˕»�w,곳Э$Bv
VU3J@�YIih��_29^LI�}@�r -�G�Ӻ�Gz�C^g+;AAu.6^�j$Wb|*�h�o�Nkn]��vJ�[�܍O��ڃ._�}=#I
��.m`}�,o".yO|w+����制D;Z�q;1�"b�f=[�-�c깐�t�nn}%@gCem'��8aڻ3k�D�g'!4��rp#a5W��0���`|!g���+_L� �u^ʂb}K�J?��SE-[`�3y��D�:Bǂy6[zR=Xxٱ��1T5&4vdQ�г$&�L%b4�
8O$Q;Ņ=�~lv�.d�ۇ�6B,�nVPV�?�h�:Z;Ka�AgIkp0�\w%h6|$@RtPge+�$+>\AmbӪtp#��(Z�۫?�Q]D�ub5�<3�m;fЮ�Jo8��ÈR���~HB�-V�y^�A֑Dg3QR_!_ Ѫj4xpu�cx3Z#=;Ǯ(��S"ǽy �͘\�eФoh�$*�W;��D]�dq�[�L$6RDV q'rm��\ͪ'>?�p{�n�:2d)�3F.�
��}ir��^�x
|]d)�Z&e�4O֓-cr;)�pȾɃh G/G%�sA��rZe�Qit76:orM�]ʵc/2C(�bP{h#L�x�tՃ'�0[,_I4@E�J�ۆ��
�q�O>>���؍jK{�x�3I�q�Y�BS�goO��O:�EgS�222$c<)+�/*џsWp~w�Mq�ǹ�zgl���H��FOO
aG�`Ͷc-�[cs�Y�k^Wh�s^Nw�ʕQ�)��+PɌ"4b8l*KB�[m"�p��)bN'Bu�a�v�mr˧p;�Þ(�-�/W�cnb�snq���+Cf�m"'1�aMҜ�'V6>�PPZ�z�jZ�:"x�]&%OhL=7z˱]�_%Τ$>�Y$
:];S.�x�!�pps�=� �-\�qÎR#.[ѓ�"`�(8�ȍE�9u7%RA^?|F(8H�0;�u�zϻ&eyugGo5�|_�@[;zJmiXyr��s%�S05��߉w4eB3EsgK(�jFP{p1J T$VfhM(\kA�3�j)�9
Bx4O15�b5sq쨎^ͩ�2g�xn�Wdjo��Y�2?g9;Ǒ3]7���x6��Cf +[��~2$<�I_[C-ݞJ�Fd�P68&��)X�O-틔8M�"O?OG�8 M�ީTpg��ߟD
{|v�hF[�kp&@0:
B9�]xa�0SQlrUō^w^.*@�_^r35+~{Yb�C{W*ZGUC�YEBA2�l1<�W'=OEi�$i�@Y�,ʭYٻ�j+�%�e>bԳ#X�ҵ�K��P�0 Xh�_T��]FQ�8kBASilVBvH>w�&=:�WEria�{�QAǴ&lX^� ë�O��n`J=`<'�/N���%O6&A<��V6ӽO�wv��
hZb=YQ$pΒn/2�P!8W� ،NH&c~aJgf�0}Y�l�`Ym�L1q2=e}gMV�e�U0HN֔w[/#DHZ}x�bx4�R<�$B�1u�
.&(,���/S�&�
�dI:6/A٫�)�<5{]3 _�6YJnը@S
Pg�h/��c>$@�1UjA� E��"(&Ҟ! �sU.g��^y߈p{N�6j4
k��F<_T�c�{��v/�p1X1y�0��}hs{]�/���k8жlȉ�B1�E,1+cKq~&;K:}�3v}��� M�pVj%h(Fm,;�v(�C<�bl�VӅ�kq3o)��^wO_b�T@�IP�'6`�|нݪU:�u�9N�ʜ�zGc_(^*II]֙��z۱~a�Hu�N �n:x~61s(:kvzqTvKR9_#c}#zG�)��AX�;C�:C(ay#G\k�L{C#s:�xk(�ĵ&
sY�EfdYi�bd,�t"V&rt�ڿwHÛ)\6�{o�d�V���jVַf�F��!%��~ѦҴDKOlηJ٪Q; Z9+Rq�JuTw�Or%]`[u�zty��eħol�|1�̡a~������\ z]qZǰb'~���
ĕ������
YZ