wpa_supplicant-gui-2.9-150000.4.36.1<>,bp9|ojn+\A5KoA٨iHxQ6*z,QrB+zٺ.O "$xKwLU^FlQΊN!ԅG'TFJ`K/C~\TKG)$68WK[M=rOXW9o)RtH{&Zz>jҷTM A|$3P?U0M|gRyӵ;v$c̑C94!Tv h>>?xd ' J( >Jgmt|     ",X`(8$(9(: (FGHIXY\]^b5cd_edfgliu|vwxyz(,2tCwpa_supplicant-gui2.9150000.4.36.1WPA supplicant graphical front-endThis package contains a graphical front-end to wpa_supplicant, an implementation of the WPA Supplicant component.bsheep57 )SUSE Linux Enterprise 15SUSE LLC BSD-3-Clause AND GPL-2.0-or-laterhttps://www.suse.com/Unspecifiedhttps://w1.fi/wpa_supplicantlinuxx86_64 %큤bbffdce0bec7833e8daa4d07f41d7f1494903679f990c876fdba9f7d99a3e4d02bb88d2e4686481dd240f44e052421fe8e627beb64bf43df1bcf595ea8d4664b37rootrootrootrootwpa_supplicant-2.9-150000.4.36.1.src.rpmwpa_supplicant-guiwpa_supplicant-gui(x86-64)@@@@@@@@@@@@@@@@@@@@@@    libQt5Core.so.5()(64bit)libQt5Core.so.5(Qt_5)(64bit)libQt5Core.so.5(Qt_5.9)(64bit)libQt5Gui.so.5()(64bit)libQt5Gui.so.5(Qt_5)(64bit)libQt5Widgets.so.5()(64bit)libQt5Widgets.so.5(Qt_5)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)wpa_supplicant3.0.4-14.6.0-14.0-15.2-14.14.1b@b@`lM@`?z@`:4@`_|\@_i@_i@^@^@^|@^|@^Y]]>[<@[[ā@[[;@[@[QY@X@X]W@VU@VŲ@V`V=@UKSUCjU8U'@U/@TBV@cfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comsp1ritCS@protonmail.comcfamullaconrad@suse.comsongchuan.kang@suse.comcfamullaconrad@suse.combwiedemann@suse.comcfamullaconrad@suse.comilya@ilya.pp.uatchvatal@suse.comtchvatal@suse.comilya@ilya.pp.uailya@ilya.pp.uakbabioch@suse.comro@suse.dekbabioch@suse.comkbabioch@suse.comkbabioch@suse.comro@suse.demeissner@suse.comobs@botter.ccdwaas@suse.commeissner@suse.comtchvatal@suse.comlnussel@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orglnussel@suse.demichael@stroeder.comro@suse.dezaitor@opensuse.orgcrrodriguez@opensuse.orgstefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.de- Enable WPA3-Enterprise (SuiteB-192) support.- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733)- Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)- Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805)- Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)- Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size (https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjamin@sipsolutions.net/)- Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build- Enable SAE support(jsc#SLE-14992).- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)- Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)- Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (boo#1166933)- Adjust the service to start after network.target wrt bsc#1165266- Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Drop merged patches: * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch * rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch * wpa_supplicant-bnc-1099835-fix-private-key-password.patch * wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch * wpa_supplicant-log-file-permission.patch * wpa_supplicant-log-file-cloexec.patch * wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch * wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch - Rebase patches: * wpa_supplicant-getrandom.patch- Refresh spec-file via spec-cleaner and manual optimizations. * Change URL and Source0 to actual project homepage. * Remove macro %{?systemd_requires} and rm (not needed). * Add %autopatch macro. * Add %make_build macro. - Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1). - Changed service-files for start after network (systemd-networkd).- Refresh spec-file: add %license tag.- Renamed patches: - wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch - wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch - wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag - Enabled timestamps in log files (bsc#1080798)- compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - add patch to fix wrong operator precedence in ieee802_11.c wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch - add patch to avoid redefinition of __bitwise macro wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch- Added wpa-supplicant-log-file-permission.patch: Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854).- Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch: Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).- Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209).- add two patches from upstream to fix reading private key passwords from the configuration file (bsc#1099835) - add patch for git 89971d8b1e328a2f79699c953625d1671fd40384 wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch - add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f wpa_supplicant-bnc-1099835-fix-private-key-password.patch- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): - rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch - rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch - rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch - rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch - rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch - rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch - rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch - rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match eloop_signal_handler type (needed to build eapol_test via config)- Added .service files that accept interfaces as %i arguments so it's possible to call the daemon with: "systemctl start wpa_supplicant@$INTERFACE_NAME.service" (like openvpn for example)- updated to 2.6 / 2016-10-02 * fixed WNM Sleep Mode processing when PMF is not enabled [http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254) * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115) * fixed EAP-pwd unexpected Confirm message processing [http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172) * fixed configuration update vulnerability with malformed parameters set over the local control interface [http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175) * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case * extended channel switch support for P2P GO * started to throttle control interface event message bursts to avoid issues with monitor sockets running out of buffer space * mesh mode fixes/improvements - generate proper AID for peer - enable WMM by default - add VHT support - fix PMKID derivation - improve robustness on various exchanges - fix peer link counting in reconnect case - improve mesh joining behavior - allow DTIM period to be configured - allow HT to be disabled (disable_ht=1) - add MESH_PEER_ADD and MESH_PEER_REMOVE commands - add support for PMKSA caching - add minimal support for SAE group negotiation - allow pairwise/group cipher to be configured in the network profile - use ieee80211w profile parameter to enable/disable PMF and derive a separate TX IGTK if PMF is enabled instead of using MGTK incorrectly - fix AEK and MTK derivation - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close - note: these changes are not fully backwards compatible for secure (RSN) mesh network * fixed PMKID derivation with SAE * added support for requesting and fetching arbitrary ANQP-elements without internal support in wpa_supplicant for the specific element (anqp[265]= in "BSS " command output) * P2P - filter control characters in group client device names to be consistent with other P2P peer cases - support VHT 80+80 MHz and 160 MHz - indicate group completion in P2P Client role after data association instead of already after the WPS provisioning step - improve group-join operation to use SSID, if known, to filter BSS entries - added optional ssid= argument to P2P_CONNECT for join case - added P2P_GROUP_MEMBER command to fetch client interface address * P2PS - fix follow-on PD Response behavior - fix PD Response generation for unknown peer - fix persistent group reporting - add channel policy to PD Request - add group SSID to the P2PS-PROV-DONE event - allow "P2P_CONNECT p2ps" to be used without specifying the default PIN * BoringSSL - support for OCSP stapling - support building of h20-osu-client * D-Bus - add ExpectDisconnect() - add global config parameters as properties - add SaveConfig() - add VendorElemAdd(), VendorElemGet(), VendorElemRem() * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * improved PMF behavior for cases where the AP and STA has different configuration by not trying to connect in some corner cases where the connection cannot succeed * added option to reopen debug log (e.g., to rotate the file) upon receipt of SIGHUP signal * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * extended INTERFACE_ADD command to allow certain type (sta/ap) interface to be created * fixed and improved various FST operations * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh * fixed SIGNAL_POLL in IBSS and mesh cases * added an option to abort an ongoing scan (used to speed up connection and can also be done with the new ABORT_SCAN command) * TLS client - do not verify CA certificates when ca_cert is not specified - support validating server certificate hash - support SHA384 and SHA512 hashes - add signature_algorithms extension into ClientHello - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support server certificate probing - allow specific TLS versions to be disabled with phase2 parameter - support extKeyUsage - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * OpenSSL - support OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * added support for multiple schedule scan plans (sched_scan_plans) * added support for external server certificate chain validation (tls_ext_cert_check=1 in the network profile phase1 parameter) * made phase2 parser more strict about correct use of auth= and autheap= values * improved GAS offchannel operations with comeback request * added SIGNAL_MONITOR command to request signal strength monitoring events * added command for retrieving HS 2.0 icons with in-memory storage (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and RX-HS20-ICON event) * enabled ACS support for AP mode operations with wpa_supplicant * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server ("Invalid Compound_MAC in cryptobinding TLV") * EAP-TTLS: fixed success after fragmented final Phase 2 message * VHT: added interoperability workaround for 80+80 and 160 MHz channels * WNM: workaround for broken AP operating class behavior * added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE) * nl80211: - add support for full station state operations - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled - add NL80211_ATTR_PREV_BSSID with Connect command - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added support for PBSS/PCP and P2P on 60 GHz * Interworking: add credential realm to EAP-TLS identity * fixed EAPOL-Key Request Secure bit to be 1 if PTK is set * HS 2.0: add support for configuring frame filters * added POLL_STA command to check connectivity in AP mode * added initial functionality for location related operations * started to ignore pmf=1/2 parameter for non-RSN networks * added wps_disabled=1 network profile parameter to allow AP mode to be started without enabling WPS * wpa_cli: added action script support for AP-ENABLED and AP-DISABLED events * improved Public Action frame addressing - add gas_address3 configuration parameter to control Address 3 behavior * number of small fixes - wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff: dump x509 certificates from remote radius server in debug mode in WPA-EAP.- Remove support for <12.3 as we are unresolvable there anyway - Use qt5 on 13.2 if someone pulls this package in - Convert to pkgconfig dependencies over the devel pkgs - Use the %qmake5 macro to build the qt5 gui- add After=dbus.service to prevent too early shutdown (bnc#963652)- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination with CONFIG_DBUS=yes.- spec: Compile the GUI against QT5 in 13.2 and later.- Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes.- add aliases for both provided dbus names to avoid systemd stopping the service when switching runlevels (boo#966535)- removed obsolete security patches: * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch - Update to upstream release 2.5 * fixed P2P validation of SSID element length before copying it [http://w1.fi/security/2015-1/] (CVE-2015-1863) * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141) * fixed WMM Action frame parser (AP mode) [http://w1.fi/security/2015-3/] (CVE-2015-4142) * fixed EAP-pwd peer missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] (CVE-2015-8041) * nl80211: - added VHT configuration for IBSS - fixed vendor command handling to check OUI properly - allow driver-based roaming to change ESS * added AVG_BEACON_RSSI to SIGNAL_POLL output * wpa_cli: added tab completion for number of commands * removed unmaintained and not yet completed SChannel/CryptoAPI support * modified Extended Capabilities element use in Probe Request frames to include all cases if any of the values are non-zero * added support for dynamically creating/removing a virtual interface with interface_add/interface_remove * added support for hashed password (NtHash) in EAP-pwd peer * added support for memory-only PSK/passphrase (mem_only_psk=1 and CTRL-REQ/RSP-PSK_PASSPHRASE) * P2P - optimize scan frequencies list when re-joining a persistent group - fixed number of sequences with nl80211 P2P Device interface - added operating class 125 for P2P use cases (this allows 5 GHz channels 161 and 169 to be used if they are enabled in the current regulatory domain) - number of fixes to P2PS functionality - do not allow 40 MHz co-ex PRI/SEC switch to force MCC - extended support for preferred channel listing * D-Bus: - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface - fixed PresenceRequest to use group interface - added new signals: FindStopped, WPS pbc-overlap, GroupFormationFailure, WPS timeout, InvitationReceived - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient - added manufacturer info * added EAP-EKE peer support for deriving Session-Id * added wps_priority configuration parameter to set the default priority for all network profiles added by WPS * added support to request a scan with specific SSIDs with the SCAN command (optional "ssid " arguments) * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2 * fixed SAE group selection in an error case * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * added support for CCMP-256 and GCMP-256 as group ciphers with FT * fixed BSS selection based on estimated throughput * added option to disable TLSv1.0 with OpenSSL (phase1="tls_disable_tlsv1_0=1") * added Fast Session Transfer (FST) module * fixed OpenSSL PKCS#12 extra certificate handling * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added RSN IE to Mesh Peering Open/Confirm frames * number of small fixes- added patch for bnc#930077 CVE-2015-4141 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch - added patch for bnc#930078 CVE-2015-4142 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch - added patches for bnc#930079 CVE-2015-4143 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch- Add wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git (arch#44740).- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch Fix CVE-2015-1863, memcpy overflow. - wpa_supplicant-alloc_size.patch: annotate two wrappers with attribute alloc_size, which may help warning us of bugs such as the above.- Delete wpa_priv and eapol_test man pages, these are disabled in config - Move wpa_gui man page to gui package- Update to 2.4 * allow OpenSSL cipher configuration to be set for internal EAP server (openssl_ciphers parameter) * fixed number of small issues based on hwsim test case failures and static analyzer reports * P2P: - add new=<0/1> flag to P2P-DEVICE-FOUND events - add passive channels in invitation response from P2P Client - enable nl80211 P2P_DEVICE support by default - fix regresssion in disallow_freq preventing search on social channels - fix regressions in P2P SD query processing - try to re-invite with social operating channel if no common channels in invitation - allow cross connection on parent interface (this fixes number of use cases with nl80211) - add support for P2P services (P2PS) - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to be configured * increase postponing of EAPOL-Start by one second with AP/GO that supports WPS 2.0 (this makes it less likely to trigger extra roundtrip of identity frames) * add support for PMKSA caching with SAE * add support for control mesh BSS (IEEE 802.11s) operations * fixed number of issues with D-Bus P2P commands * fixed regression in ap_scan=2 special case for WPS * fixed macsec_validate configuration * add a workaround for incorrectly behaving APs that try to use EAPOL-Key descriptor version 3 when the station supports PMF even if PMF is not enabled on the AP * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior of disabling these can be configured to work around issues with broken servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1" * add support for Suite B (128-bit and 192-bit level) key management and cipher suites * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS) * improved BSS Transition Management processing * add support for neighbor report * add support for link measurement * fixed expiration of BSS entry with all-zeros BSSID * add optional LAST_ID=x argument to LIST_NETWORK to allow all configured networks to be listed even with huge number of network profiles * add support for EAP Re-Authentication Protocol (ERP) * fixed EAP-IKEv2 fragmentation reassembly * improved PKCS#11 configuration for OpenSSL * set stdout to be line-buffered * add TDLS channel switch configuration * add support for MAC address randomization in scans with nl80211 * enable HT for IBSS if supported by the driver * add BSSID black and white lists (bssid_blacklist, bssid_whitelist) * add support for domain_suffix_match with GnuTLS * add OCSP stapling client support with GnuTLS * include peer certificate in EAP events even without a separate probe operation; old behavior can be restored with cert_in_cb=0 * add peer ceritficate alt subject name to EAP events (CTRL-EVENT-EAP-PEER-ALT) * add domain_match network profile parameter (similar to domain_suffix_match, but full match is required) * enable AP/GO mode HT Tx STBC automatically based on driver support * add ANQP-QUERY-DONE event to provide information on ANQP parsing status * allow passive scanning to be forced with passive_scan=1 * add a workaround for Linux packet socket behavior when interface is in bridge * increase 5 GHz band preference in BSS selection (estimate SNR, if info not available from driver; estimate maximum throughput based on common HT/VHT/specific TX rate support) * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to implement Interworking network selection behavior in upper layers software components * add optional reassoc_same_bss_optim=1 (disabled by default) optimization to avoid unnecessary Authentication frame exchange * extend TDLS frame padding workaround to cover all packets * allow wpa_supplicant to recover nl80211 functionality if the cfg80211 module gets removed and reloaded without restarting wpa_supplicant * allow hostapd DFS implementation to be used in wpa_supplicant AP mode- Update to 2.3 * fixed number of minor issues identified in static analyzer warnings * fixed wfd_dev_info to be more careful and not read beyond the buffer when parsing invalid information for P2P-DEVICE-FOUND * extended P2P and GAS query operations to support drivers that have maximum remain-on-channel time below 1000 ms (500 ms is the current minimum supported value) * added p2p_search_delay parameter to make the default p2p_find delay configurable * improved P2P operating channel selection for various multi-channel concurrency cases * fixed some TDLS failure cases to clean up driver state * fixed dynamic interface addition cases with nl80211 to avoid adding ifindex values to incorrect interface to skip foreign interface events properly * added TDLS workaround for some APs that may add extra data to the end of a short frame * fixed EAP-AKA' message parser with multiple AT_KDF attributes * added configuration option (p2p_passphrase_len) to allow longer passphrases to be generated for P2P groups * fixed IBSS channel configuration in some corner cases * improved HT/VHT/QoS parameter setup for TDLS * modified D-Bus interface for P2P peers/groups * started to use constant time comparison for various password and hash values to reduce possibility of any externally measurable timing differences * extended explicit clearing of freed memory and expired keys to avoid keeping private data in memory longer than necessary * added optional scan_id parameter to the SCAN command to allow manual scan requests for active scans for specific configured SSIDs * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value * added option to set Hotspot 2.0 Rel 2 update_identifier in network configuration to support external configuration * modified Android PNO functionality to send Probe Request frames only for hidden SSIDs (based on scan_ssid=1) * added generic mechanism for adding vendor elements into frames at runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE) * added fields to show unrecognized vendor elements in P2P_PEER * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that MS-CHAP2-Success is required to be present regardless of eap_workaround configuration * modified EAP fast session resumption to allow results to be used only with the same network block that generated them * extended freq_list configuration to apply for sched_scan as well as normal scan * modified WPS to merge mixed-WPA/WPA2 credentials from a single session * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is removed from a bridge * fixed number of small P2P issues to make negotiations more robust in corner cases * added experimental support for using temporary, random local MAC address (mac_addr and preassoc_mac_addr parameters); this is disabled by default (i.e., previous behavior of using permanent address is maintained if configuration is not changed) * added D-Bus interface for setting/clearing WFD IEs * fixed TDLS AID configuration for VHT * modified -m configuration file to be used only for the P2P non-netdev management device and do not load this for the default station interface or load the station interface configuration for the P2P management interface * fixed external MAC address changes while wpa_supplicant is running * started to enable HT (if supported by the driver) for IBSS * fixed wpa_cli action script execution to use more robust mechanism (CVE-2014-3686)sheep57 16548509532.9-150000.4.36.12.9-150000.4.36.1wpa_guiwpa_gui.8.gz/usr/sbin//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:24619/SUSE_SLE-15_Update/115db8ea68d41b7b073ab75c067eea19-wpa_supplicant.SUSE_SLE-15_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=01ee917c1a6da1e19af9edd8fa295fd02ec849f2, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRRRRRR RR R R R RRRRRRRK*ڏ?|/utf-8d7e0e827f32bb547120af47ec23e13827c98f5ce85c24350fda5cb1a1e451719? 7zXZ !t/j\QE]"k%{m{#rD~d tGJf͚F`=6鷎-?Lll8ME]߸p~+~0bK128{W_N䗾UB1shY5%l4 ,'o,;eُ=E VC/ݝ׎ݏ,) |,y|=B35~lVI"e=y*4DE9ÎSMǴCuCc}ۧ1s񁩬Ŗ9)%h\/zֵW+xl_*P%P'`t>vs:x啰ދiU˻E."R'+t 6TziQm?Eܪl΃$ɩ$9L$˷,߾cBG4JoH n+zVbuڻf;FLZ%pG[R=lY44O GJïyA(@TW%En$0,@^h[w/ic?zBuWvwXRyo+oz[&tœ#2g4oś$x vڰ%7yϚ4/@|=?;cx`‰#gY\b?cDʇCZ5U@$5IO&Q"mf4Ȧ`- m|<j.e?:uP,zdWۛ,D.jz]3ʇkSwNrS,L~''&j9IHDds~OMgvbWU.XWՊcHK ~C(h-f "EzImP@n_v[zy.3p_1Oh+ގá+I5é6}ZZ}@܏f`u9/|*WV,㫃-[6:>,Je^Q>_˾4qz2@L&Axo4ok1Sˤݚ麆DkK(VNZ%F;2jG:|C^ +a(e'\V8Le䝢f2$Eb܉ Q:q YlL.+P2+ik^S*ͦU}cqs:-?8 A)Wl",5;ρ@4#晗DGCBYvJ~47,J8wԂoKbO2\V\w0_G8h ljEȤ`s;9:FXPvl+MGǂ(0Cɝ@Y$QqiM8 yyϽNߚHm2 RO7r5GIx]2ۣ'*D:~Py{a] gy1{uD@lgGU L; Q2X^=׆1ԑ ֣20>K` b(ב-§V_NPgU3" GN6^iNO2l|ؚdd IcW B\9B<19%咀HA9&G6#LE<. ȈH'-v?vpCYw+0}iVnXCܻ3Ҷ=/B8-\W #7H)猞b-~ I9pk~c9'6gRMT@&~`ɟ;wVL9f;ݼmPǞۆCxٲۥqzW~P׀9pyd %ܸ^5*&{cSNLݼcEs&(0Cy FjK:98|ژTvu嫷*ԷVWbp|6"t ^Op8`DzsQVuc4VA|Sʏ:'|w\.$h$5Jꤜ,$.0KN*Z< m5۪6/id6f4+@bBG}IZPrz SKP߂w2$GXi κtO8rթy5rхݽJx{aqɁ~7*>Ҡ\J!^eE)B_m8C%q[bWVxd~|->Yh2 tO<򡣤Z U/U"*BqӊY7~ A"|_ "')lJ:qRĵn #F˪z닼s"WH'טFaʱ(]'P7?^$F.Gm<Z[IƁrdl{ .,şB]vd d](/[B 0AeMh%OY LHXqb :z4j=]XF}]}2G &v1`2gTa6 ̥eC3D!$0kt$2x4\'o<Ԅqfue)LԢ@ⵈzY#-\#:Q6]CEƩezBG]yB {?}v|'n^z‹7ڏyxPvne?&j:22U$m?iU aKxس>nV࠱=A)`U|A ]3yCCo\9 Л~*bS>1eRo/̪ jBw@P n[E༄ Z y,G@W1v|؈MnKZ3Zdyl޹oG.(8N=i#mFwOpBeK-,DWEi'Y+hxgYO#|vRo4#xxrT`Tثt*d=F۲= dv">m)ز--[iU0P#) JVjRPCĥ*Ե^{JICV-;]ѫ.' )SFUȪ^ڮeinիuH$ƕdW(W"e# V- *.G'B@/HsDloL=!ópC㘬Ql\9;Bdf/\Xx<VyږT Շӯtf7H[p6 "W<󞷸`Ynhw=4нVװnşAN t`8,iTP'sϬ8*DvA00p2鑍z>]?9nm+3 s^qbn^. zzSol]$^m[YeQhui1|!&Ҿ]=nP?r9Y)FJBTߠ Ohqflt m Zj[;'D5 ǼvޗX_2Ŝ:D@a-ݢ@XY /7jH`|ᗺ0}+CĢ*H!VqңgeL(?||Wzss*432D@!W`!@}ø~`,2YO^L(7TA~8?"*ĜKڅ($̙YXW`Ue?P(0bF1 v:_R|(k_ Slj@:!]Θ<ǻ<2'po&L'1hI-CœZw*M{}~vE?' <} H^9zqqmU]pTgpyX/{= HUfr|؄TzաEU.43߲z6]wM=ug9}X@BO#\of*He.LH\1Ral]_|봜>.6sI_dV()l w,@H Yځx#vߊ5DRL.U"Z>k) ٹ z:c=3Ckfu(w݅dbU _P\?3Ӳ.N'8ք{%.بL>dd`(l׮Jk4_R$g'e.w@౑Ow3Y6~7\yΗultmc xwWNʅp eX>9o/WLZxu1RRXD>7`B,`0>DG(sL~R,]|?l^eI3ʻUO-̭4M*.OdjD]w!ڒrwWւTZ;(P7vFv|N4"DܳS*JXU˨I%/R3CuH@4I0Ńvf㱟M%u󭃪\ON#3Dzn ay-+\<>|lo҂> e{OkNqn!\%@ɖr 3=f >^Y[HkaEЄ;ńgdg,E9Jnim '9XKvLB¨BcsoDD&U}[@GlΜR:1fh NqYlv'f_9SI;M5- HGWp{2ٰqTQ/ߎ6rA?Xp` b}Qp]$*Kj&S M]/2FZjl4­'%ZNGlO 澺$Eh*ΰ-U`1\ =ATB;] b9hK|[^ڪ if}X"=P9W] }DKk'3)`3Ci#2>w2#Κf(ʟBP! sODCPNk}N_P%ېDv(κ#z{&Th't7dXCgVYҦʠ2?|ݹZɇv^UF͛4;0a GRHёað\0AEGt^ oݹ ar]+#@^TV\6׭"TMh}ӒZ^;U6tszⰋnbuKj A7rԌ=WZ@,gAz7qyt,]Tۇלʾ7Bkhe{e`ۮQK^78EJ^~g m+'cd/ӣ:Sy,KX",-7 |v /G.$ \ ,+%}0k2I=MR/ r"xHKg0D _"| T׭"-RLIk{,Y񗼴pj4`9j  %ƞ*+D.7aEBc2da'& 6::[o,E #8M:gpd\B՞wP'5$@T|n x ]46SJU_# ]g  4w(";={|"MICmsXn؆ܕ:Vo l(p?mr"?22c: b퐢6>s9Aŭ"Ǣ@qz3niI7U0&4tK⋋kCIsnL2u ޅcwXdv '~P٨C dMGJ$)*o$ 42+Q#0= #i(o!.AأD}&bCR $l 'xE4{a oEͬ7~s9O>{jcXY#iӣ=㜱Ⱏ\CpTZZNuHhcu#ɵR"}Ȟ<ʹ#:O B&vJuql!䒿M%2X+_JRv_TD}+4EDn}`w$o"Hcߨu R'kAb*3QM`KKA GnOx^CZ\Fx^H$Y}M2_8WI˙vqϗ'?Z\bNyI<̿a?psT#ϼnq[FWky/ˡe*\?,bSkcpYUg~!dքť =-llb]|w$:cD޵F5qQ?$*秌HQ=[ϻ"ĦkyH C ձk֠ZwmjWboqly*t# TpX&qqhE]^ۛ*ϴa!V"6~n^ww8ϾH|rta |@4O5.RT Yx7 ΍g'aE+ eCYVu+Y \cF!6qvP PCLC%1[7GSU|سuzK ڒ˿YNA%q-pGy>-ͽiQՆHZ5"KY:-p)j "ut {Zf{F7@2:x%)llw|LXM! 0 d~G. ZXtfu㛉x euSڽ9,&=Y8wuuM~Ω sH2ue֎[7GSV̶h KpszԔd=[Inl=N#K^oYT/CT[ R-Sھ% M%8QbWV7I;1N:~vUkYx=1:A^ Z ROZ`Ɇlqzӵ͐"pN.iv~ӋMӃXtNu͐SmPzFZ7?~6=ܗv; Ueo WذSTgd8twi8.L>Unt[yZ'do0FϹ ]uwSFhT B߶ Q%]`sGUf:4_vd)fYou~_m#owR\\o&fls T.ф_0iX+I6 H_qXQ*>0{)AafA#EiLsQ(=e7A:N롃kD @.7[)RSՉoBM7Lt]Dqx:J=o=8td6.1Ȥ,b7K ;7o tSi46/f`3Cc׊Mrd v`%d1>3W$/ai+MNPY}4܇/oQ[ & #<2/GcIBY1c+'7_WD+9RH3 .ՔUSɑ#pkWkge(<=%?Ɩr3'xPu s6Y}WPorvwpphSVdUIU. ]H_z>,wO' n WɔHǫD, ʓˉyAMA.XhV@mϬh&Π^."C]5(Tr843O|$"RwSɰjX_9!@:[:Csʥ7TÃ;06NSG[I~7*ƃrnECNj k9:ѬoqrfOHF !|RBB.C0;lWzEȘu팳,6i!qu.{ΉUr v?'^Ye&yZ wUʉD:NJAB{̆KMg&動 u4\o$Ϲw+iS\dE7yc5YMŞ/Pͳ=m*cPV|Y _z0KU%n3I7Yc]g T*]7 ii{А07!@wx!qiN,6e$E9QJE4f!"`*'U+hw1Pq8]LRվ\{ӆܙ<赆e S>'"T,j]NJp/3V>^DEf4K[6y_Cp@>D3C7L 8 `U(4z |gwrrpX(;e>sc.җ8T(wٯM{i*ޓ1 [%uu5~.8L]Ծ]x;EʂI/:Rʤu82Xѻ wlUu-=I,/*q##\Z -j?:ɟv #@е;5Bt W0E |XIlH_aehXf|ηPhQUnķXYpa%0$V钨Z˞_ҲO+A="U|A2ff3?:ZMԷ4)rCApUцNb;X+ȤޘP_o=kAb!dNo=rrGJz}6_qOYl6[+;&%2^EKs'NwzdH@JGKH1or#uPt U*6*K[D'IN7[Yg(i-,&#:#Q]\Oxtig ɒq/H_;z&at9amBAgI0! p~.KzJ B,F oM#^5ܴv}7Rku/dYUg)X.xƉOPƱMwǠny<2 9޷a?қ19"|Y_&ՇEM& =mX5 JNA@#@Jm /0E  ́W=3{ s n{ӀS0Ʀ9mO}x2B.I 7;'5zM"/Fbh}{!/b5)XR Fўw /)БyW'}7ӌ ģmP@cVB,N*Gۂ}XY pL>Gpm/bXglgJ VSY)8iw哃r-:KW61Rv&bd+cJ.kI=Bɷ(8Hog =F=k\jr0YcIO7Vam%:B~;ip:9Fq <\:JKh1=.+@}9c}PQ{0N] }YCUI_'W"P|`F?'ѵdQ85|dǒ4!>@XQB[Cmfss$T,M$@8^w6_R6h~~w^CQ/:O6 62sU6鍳;gAdžOm H ,,a4tvTpFP\ޮkok?Rٗ VEpO0}ì.;r:~#IYa,Wp߳Ym!/maav= A3*KjNz)Qbmh7ǯDf[axλGEŞ$E=3 ZiCش2B_MC@'tXV[pmfi.&ʯyY/DSZ.W˓wA]wOG; ꒽|Z<}=+K GCz56=cj1cgU0t̚ [=%;>} F Q+b 'L)5}$p;%K<],\̇]廣k>Q$l/<ћ15I|`H&=ɜ5sB1ÅԎy5p>szs ^}J}KǍq AtY3nJ[7ʺ>(&>Քh`ͤjø34ϓ% EZ?Qb.$ȶzl߉>: >w*< 3@͹^A̎~ob}Y*OJ=H%>G9VQL/c [AGpsח MƈJ_Q$8^fZ'f# ؤಀb=$\b淟*^C/c{j] gs&u["~f/8^[b;m{SHkw]wRKF8A>K;4$\ b!T&c<4;tI1!G!>k&qbDǁLn.*0~Hݝ[Hgԯz'c®37]C[4{btv URO?OەQҷ.n`J:zo~s,u*dR)Sr{)ۋ1h) PfZOåAfzi@`v}\Wy`H ,~Qqyz+ ':V>:RcA\pbW*Q@İc EYXr1"U+5kcE,H<*⾴k|}OHY1^÷Pl]z_Ќn٬!,yۼFEu]s)pec$e4z%?i}5L:UOs N9EB)R+Mɬ7['t*;QU |1kO2l ph1D*kp^Pc2Pt=_bܙ0Z+LnE[L"IAeJ(L Xx-ݜ_+L" 3udLcdM|; AYF4MrD,dp%B!n/ۊ]n~hh2x-z%(8IBw(\Ǡ] pm5dϿs1BXuojܔ/ )V-!niXp璭)A oӲ&o Ɩ$+(:!b 8Ps"w.yF:uXְ`Vgl 7j&zDSOuo!M2P5R_erl[)6BSBqQGm*vK[l̕ S?;0SF_=F@xOHB9/;{o+ާA=cOaltJ3y ;4 <Au.>~U?$p%4Mz=8r"t_4E.h$Q~"Ww(Ο%Q@4}8x)4aiYd-z0*m "e%D"SQG/@m!߭"Qjn4А3ޙP M`o|̜,(J:(yxo$8Xq5l#zlJ4_ ӕ)?%Ff X_']eźz2wKYʣ2|l_[]o#z|1|MK!0*e,GCoҜ&t&ƨ JS3/tê_uc BC׆wQuKR{+| 'jI)Jgݚ(% zF6uiU&Vr!mV -ه1-ҙ+hC`Dޗ,b&#Mt^Cػq0* +]@,w0i3M>;N B=-w$c~ס EDs8eA)YmX<הx7d姴u\APa yXg .vNF5Y/qC?YS i u|ez:͜1F'l?_`9Va_^Yn'Jٓ0[|7\)n/B&f HJ?q8e I7% l Eus-dȬepg=eܮJWLlJջ". 0 j ] j ͜j5>x.ܘ(u <>/L-f@No;2'.v ԛ.Z!>J#-|=\oE&S̻'s /uDYyy: tm u}@X'ƶ&a=(#Jmbs#v6.M :xtX#"-2 YV@B/E_-n,!b#Ƒ2  l4(ve͊U,R:U"a3woWڝȆT1bP!ݟ.-j'b@:Qg`?ǧ2ӥpO8C 63C_xX|R-23ik=^Ps Ìzl"5jCBpӰETR 'E9ΨӎXv5|FUJ*/mʱ9z<Ɛ3^73w._*~թ`4mP_c# ɿ$XnYSTX`s7̑Wƈ)PD.DQVƂ/Gp^4aJC<$v7yh_EfWm;o h<"ޡ9&GVX$BA (D B=9]D *d 7uS36 7\.JP)M lb^~nJr>S}.p#JFiT) ^DuT(zԟx'A~yFz ݱQ@dw*=`?%K~i"#RLEMs*`x'{oY~]^[:~$3'O.ӂMW#Z~kO;gGaK9P[& |-xNyXn9>[ۚk{֚dRdkVm+ #J#ܙ1 &jj\0e湕j)R➄W=&*|lc hF2wSf(f??1A *-vZ FJȃ28ƅ ni76vPQ6[Y'VƕtH@=MPi6`Yv\Ίc2}kgxW8yKR.EU]'^%^Hdǁ1ZUȲ7΀IZsE:8S0N62c|YIXNlmLӇ*-郭:H ,,׉P^14v6Cb^0zm?Q؄Z#3ORz ?ҲAB &`P e] bT- C MV% ZXuDWt:=E:&۔|j].vr0NHI|¶]A V6E;-Ѳ b ^ۧnOdY;),P:G3ь Z5I7HPʤב_•'ETkP͂2G)~BItLn6Mt6#D}I:zve?Ӗ䚷Ou4‰)&dW2|WNڑYO=sxIcޔ'en,eT#}ON%V"' ESFm_:ƤgU8ypXV{2g7vAIk) r_s7D)#1JW4 YBfՃ?:L@$pf|H\_:S԰!$^Ol` q#`^7p2#[θLIl_EFu X+-13tC\^ 2XחtyN<4m >|"aJDp3䏁`gSAnЄBC7ڊ:H5 M=qT^ZP8HqT YZ