libgcrypt20-1.8.2-lp150.5.13.1<>,]w縋/=„|`Fkg$/‡D\9Yr)N_$1>_!>.# /klgC/>I ~wQ=KWQ&Yrj_Rr>CG?Gd ! 8 -3<L T \ l  ,@hx(8&9&: ^&>C@CFCGCHCICXCYD\D,]D<^DxbDcEcdEeEfElFuFvF$wFxFyF zGG,G0GAGTGXG^GClibgcrypt201.8.2lp150.5.13.1The GNU Crypto LibraryLibgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version).]wlamb26*hopenSUSE Leap 15.0openSUSEGPL-2.0+ AND LGPL-2.1+http://bugs.opensuse.orgSystem/Librarieshttp://directory.fsf.org/wiki/Libgcryptlinuxx86_64gA큤]w]w]wZ9f002c7b84fd05a8ffe12d5d6b2aa7d8082324b7a1abf2265eda2ffde2c62aa9ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532libgcrypt.so.20.2.2rootrootrootrootrootrootrootrootlibgcrypt-1.8.2-lp150.5.13.1.src.rpmlibgcrypt.so.20()(64bit)libgcrypt.so.20(GCRYPT_1.6)(64bit)libgcrypt20libgcrypt20(x86-64)@@@@@@@@@@@    /sbin/ldconfig/sbin/ldconfiglibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libgpg-error.so.0()(64bit)libgpg-error.so.0(GPG_ERROR_1.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1]m@]%@] ] \r@\@\@\@\[@[*AZ@Z@ZZ1@YYu@YqYTY3@Y1S@XXRXOWF@WQW9@W9@VVUUJ@T@TTԬTԬTԬTZ@Pedro Monreal Gonzalez Jason Sikes Pedro Monreal Gonzalez Pedro Monreal Gonzalez Jason Sikes Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Pedro Monreal Gonzalez Pedro Monreal Gonzalez psimons@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comfvogt@suse.comastieger@suse.comastieger@suse.comjengelh@inai.deastieger@suse.comastieger@suse.comastieger@suse.compmonrealgonzalez@suse.comrmaliska@suse.comastieger@suse.comastieger@suse.commpluskal,vcizek,astieger}@suse.comastieger@suse.compjanouch@suse.depjanouch@suse.deastieger@suse.comastieger@suse.comvcizek@suse.comdvaleev@suse.comastieger@suse.comastieger@suse.comcoolo@suse.comdimstar@opensuse.orgcoolo@suse.comandreas.stieger@gmx.de- Security fix: [bsc#1148987,CVE-2019-13627] * Mitigation against an ECDSA timing attack * Added libgcrypt-CVE-2019-13627.patch- Fixed redundant fips tests in some situations causing failure to boot in fips mode. bsc#1097073 * Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch * Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch- Fixed env-script-interpreter in cavs_driver.pl- Security fix: [bsc#1138939, CVE-2019-12904] * The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) * Added patches: - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch - libgcrypt-CVE-2019-12904-GCM.patch - libgcrypt-CVE-2019-12904-AES.patch- remove section of libgcrypt-binary_integrity_in_non-FIPS.patch that caused some tests to be executed twice. - Fixed a race condition in initialization. * Added libgcrypt-1.8.4-allow_FSM_same_state.patch- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests are invoked as well as the state transition, adjust the code so a missing checksum file is not an issue in non-FIPS mode (bsc#1097073) * update libgcrypt-binary_integrity_in_non-FIPS.patch- Enforce the minimal RSA keygen size in fips mode (bsc#1125740) * add libgcrypt-fips_rsa_no_enforced_mode.patch- Don't run full self-tests from constructor (bsc#1097073) * Don't call global_init() from the constructor, _gcry_global_constructor() from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary integrity check instead. * Only the binary checksum will be verified, the remaining self-tests will be run upon the library initialization - Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch - Drop libgcrypt-init-at-elf-load-fips.patch and libgcrypt-fips_run_selftest_at_constructor.patch- Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) * Added libgcrypt-1.8.3-fips-ctor.patch- Fail selftests when checksum file is missing in FIPS mode only (bsc#1117355) * add libgcrypt-binary_integrity_in_non-FIPS.patch- Apply "CVE-2018-0495.patch" from upstream to enable blinding for ECDSA signing. This change mitigates a novel side-channel attack. [CVE-2018-0495, bsc#1097410]- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they are installed in the right order. [bsc#1090766]- Extended the fipsdrv dsa-sign and dsa-verify commands with the - -algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch- Use %license (boo#1082318)- libgcrypt 1.8.2: * Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. * Add auto expand secmem feature or use by GnuPG 2.2.4- libgcrypt 1.8.1: * Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You" CVE-2017-0379 bsc#1055837 * Add more extra bytes to the pool after reading a seed file * Add the OID SHA384WithECDSA from RFC-7427 to SHA-384 * Fix build problems with the Jitter RNG * Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)- RPM group fixes.- libgcrypt 1.8.0: * New cipher mode XTS * New hash function Blake-2 * New function gcry_mpi_point_copy. * New function gcry_get_config. * GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt. * New gobal configuration file /etc/gcrypt/random.conf. * GCRYCTL_PRINT_CONFIG does now also print build information for libgpg-error and the used compiler version. * GCRY_CIPHER_MODE_CFB8 is now supported. * A jitter based entropy collector is now used in addition to the other entropy collectors. * Optimized gcry_md_hash_buffers for SHA-256 and SHA-512. random pool lock). * Interface changes relative to the 1.7.0 release: gcry_get_config NEW function. gcry_mpi_point_copy NEW function. GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro. GCRY_MD_BLAKE2B_512 NEW constant. GCRY_MD_BLAKE2B_384 NEW constant. GCRY_MD_BLAKE2B_256 NEW constant. GCRY_MD_BLAKE2B_160 NEW constant. GCRY_MD_BLAKE2S_256 NEW constant. GCRY_MD_BLAKE2S_224 NEW constant. GCRY_MD_BLAKE2S_160 NEW constant. GCRY_MD_BLAKE2S_128 NEW constant. GCRY_CIPHER_MODE_XTS NEW constant. gcry_md_info DEPRECATED. - Refresh patch libgcrypt-1.6.3-aliasing.patch- libgcrypt 1.7.8: * CVE-2017-7526: Mitigate a flush+reload side-channel attack on RSA secret keys (bsc#1046607)- libgcrypt 1.7.7: * Fix possible timing attack on EdDSA session key (previously patched, drop libgcrypt-secure-EdDSA-session-key.patch) * Fix long standing bug in secure memory implementation which could lead to a segv on free- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326] * Store the session key in secure memory to ensure that constant time point operations are used in the MPI library.- libgcrypt 1.7.6: * Fix counter operand from read-only to read/write * Fix too large jump alignment in mpih-rshift- libgcrypt 1.7.5: * Fix regression in mlock detection introduced with 1.7.4- libgcrypt 1.7.4: * ARMv8/AArch32 performance improvements for AES, GCM, SHA-256, and SHA-1. * Add ARMv8/AArch32 assembly implementation for Twofish and Camellia. * Add bulk processing implementation for ARMv8/AArch32. * Add Stribog OIDs. * Improve the DRBG performance and sync the code with the Linux version. * When secure memory is requested by the MPI functions or by gcry_xmalloc_secure, they do not anymore lead to a fatal error if the secure memory pool is used up. Instead new pools are allocated as needed. These new pools are not protected against being swapped out (mlock can't be used). Mitigation for minor confidentiality issues is encryption swap space. * Fix GOST 28147 CryptoPro-B S-box. * Fix error code handling of mlock calls.- libgcrypt 1.7.3: * security issue already fixes with 1.6.6 * Fix building of some asm modules with older compilers and CPUs. * ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1. - includes changes from libgcrypt 1.7.2: * Bug fixes: - Fix setting of the ECC cofactor if parameters are specified. - Fix memory leak in the ECC code. - Remove debug message about unsupported getrandom syscall. - Fix build problems related to AVX use. - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512. * Internal changes: - Improved fatal error message for wrong use of gcry_md_read. - Disallow symmetric encryption/decryption if key is not set. - includes changes from 1.7.1: * Bug fixes: - Fix ecc_verify for cofactor support. - Fix portability bug when using gcc with Solaris 9 SPARC. - Build fix for OpenBSD/amd64 - Add OIDs to the Serpent ciphers. * Internal changes: - Use getrandom system call on Linux if available. - Blinding is now also used for RSA signature creation. - Changed names of debug envvars - includes changes from 1.7.0: * New algorithms and modes: - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms. - SHAKE128 and SHAKE256 extendable-output hash algorithms. - ChaCha20 stream cipher. - Poly1305 message authentication algorithm - ChaCha20-Poly1305 Authenticated Encryption with Associated Data mode. - OCB mode. - HMAC-MD2 for use by legacy applications. * New curves for ECC: - Curve25519. - sec256k1. - GOST R 34.10-2001 and GOST R 34.10-2012. * Performance: - Improved performance of KDF functions. - Assembler optimized implementations of Blowfish and Serpent on ARM. - Assembler optimized implementation of 3DES on x86. - Improved AES using the SSSE3 based vector permutation method by Mike Hamburg. - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1 about 20% faster than SSSE3 and more than 100% faster than the generic C implementation. - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8. - 60-90% speedup for Whirlpool on x86. - 300% speedup for RIPE MD-160. - Up to 11 times speedup for CRC functions on x86. * Other features: - Improved ECDSA and FIPS 186-4 compliance. - Support for Montgomery curves. - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher algorithm. - gcry_mpi_ec_sub to subtract two points on a curve. - gcry_mpi_ec_decode_point to decode an MPI into a point object. - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1] - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied hash part. - Parameter "saltlen" to set a non-default salt length for RSA PSS. - A SP800-90A conforming DRNG replaces the former X9.31 alternative random number generator. - Map deprecated RSA algo number to the RSA algo number for better backward compatibility. [from 1.6.2] - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. [from 1.6.3] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. [from 1.6.3] - Flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. [from 1.6.4] - Speed up the random number generator by requiring less extra seeding. [from 1.6.4] - Always verify a created RSA signature to avoid private key leaks due to hardware failures. [from 1.6.4] - Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. [from 1.6.5] * Internal changes: - Moved locking out to libgpg-error. - Support of the SYSROOT envvar in the build system. - Refactor some code. - The availability of a 64 bit integer type is now mandatory. * Bug fixes: - Fixed message digest lookup by OID (regression in 1.6.0). - Fixed a build problem on NetBSD - Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: gcry_cipher_final NEW macro. GCRY_CIPHER_MODE_CFB8 NEW constant. GCRY_CIPHER_MODE_OCB NEW. GCRY_CIPHER_MODE_POLY1305 NEW. gcry_cipher_set_sbox NEW macro. gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MAC_HMAC_SHA3_224 NEW. GCRY_MAC_HMAC_SHA3_256 NEW. GCRY_MAC_HMAC_SHA3_384 NEW. GCRY_MAC_HMAC_SHA3_512 NEW. GCRY_MAC_POLY1305 NEW. GCRY_MAC_POLY1305_AES NEW. GCRY_MAC_POLY1305_CAMELLIA NEW. GCRY_MAC_POLY1305_SEED NEW. GCRY_MAC_POLY1305_SERPENT NEW. GCRY_MAC_POLY1305_TWOFISH NEW. gcry_md_extract NEW. GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1]. GCRY_MD_GOSTR3411_CP NEW. GCRY_MD_SHA3_224 NEW. GCRY_MD_SHA3_256 NEW. GCRY_MD_SHA3_384 NEW. GCRY_MD_SHA3_512 NEW. GCRY_MD_SHAKE128 NEW. GCRY_MD_SHAKE256 NEW. gcry_mpi_ec_decode_point NEW. gcry_mpi_ec_sub NEW. GCRY_PK_EDDSA NEW constant. GCRYCTL_GET_TAGLEN NEW. GCRYCTL_SET_SBOX NEW. GCRYCTL_SET_TAGLEN NEW. - Apply libgcrypt-1.6.3-aliasing.patch only on big-endian architectures - update drbg_test.patch and install cavs testing directory again - As DRBG is upstream, drop pateches: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch v9-0007-User-interface-to-DRBG.patch libgcrypt-fix-rng.patch - drop obsolete: libgcrypt-fips-dsa.patch libgcrypt-fips_ecdsa.patch- libgcrypt 1.6.6: * fix CVE-2016-6313: Issue in the mixing functions of the random number generators allowed an attacker who obtained a number of bytes from the standard RNG to predict some of the next ouput. (bsc#994157)- remove conditionals for unsupported distributions (before 13.2), it would not build anyway because of new dependencies- make the -hmac package depend on the same version of the library, fixing bsc#979629 FIPS: system fails to reboot after installing fips pattern- update to 1.6.5: * CVE-2015-7511: Mitigate side-channel attack on ECDH with Weierstrass curves (boo#965902)- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4- update to 1.6.4 - fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456) * Speed up the random number generator by requiring less extra seeding. * New flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. * Always verify a created RSA signature to avoid private key leaks due to hardware failures. * Other minor bug fixes.- Fix gpg2 tests on BigEndian architectures: s390x ppc64 libgcrypt-1.6.3-aliasing.patch- fix sosuffix for 1.6.3 (20.0.3)- libgcrypt 1.6.3 [bnc#920057]: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. - update upstream signing keyring- making the build reproducible - see http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html for a very similiar problem- Move %install_info_delete calls from postun to preun: the files must still be present to be parsed. - Fix the names passed to install_info for gcrypt.info-[12].gz instead of gcrypt-[12].info.gz.- fix filename for info pages in %post scripts- libgcrypt 1.6.2: * Map deprecated RSA algo number to the RSA algo number for better backward compatibility. * Support a 0x40 compression prefix for EdDSA. * Improve ARM hardware feature detection and building. * Fix building for the x32 ABI platform. * Fix some possible NULL deref bugs. - remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream via xtrymalloc macro - remove libgcrypt-fixed-sizet.patch, upstream - adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change/sbin/ldconfig/sbin/ldconfiglamb26 15681315591.8.2-lp150.5.13.11.8.2-lp150.5.13.1libgcrypt.so.20libgcrypt.so.20.2.2libgcrypt20COPYING.LIB/usr/lib64//usr/share/licenses//usr/share/licenses/libgcrypt20/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11047/openSUSE_Leap_15.0_Update/55c0e70d45ae871c1a480a90f6bb9287-libgcrypt.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3dd31532cb8a94f25979f22c850b22db0c0b0409, strippeddirectoryASCII text PPR R RRRRRRR R Rk6T6Mlibgcrypt20-hmac1.8.2-lp150.5.13.1utf-8c7ac1871b1f35cd9c6bc2a54e97de12e17795035e9eb9eb1cb08b41df3c9263e?7zXZ !t/P;]"k%]dJtZTȉٰmYCP ՜;яɋ0 x|͘2/f %W5Khvb~w@m)|i"5e{ou%rYQ λʮ~bsux+"CXh:_'yS1!:qAEx[`bmXF+0T$,`c}lN2F/dtd!g%s!M(nmERG^)X6330Vb{0?3(=3:Y6Yͷ/;M<5I ?@9NV XhdW{~f>[N-_J\)<׾{H3T''Өxmh#2}prX5abLR9X!-݃h"h/W̄Syx+ݔ"Fw#T,fo)|@+¦b u<'ּzg9 r->Nj( WzWGA u4};am;/R2Lwt!e]L7OCϟIT쒂 (i QWKXviy]OW>#a-0V*wCF]<ڊe"Nذf@\f0q],!Ҙ)y\t;zu=4Sє tnx;wN}r£CuoH6MWe ah42evu;*U:Qgkd[bD ĠJ]SR՚m"P pSx1Ҟ짻1޴T{u@G{Z˱X~FR8O*!Ab֣G _w@I bHiٰ8My. ѬteA<%1/ߡ#VH7UŤĤU{3b:z2J6p0"sjq1Y+L$%k_S> W]v1U[؁zD.88fbgI xrhI@8L xv>>3H: 8uY:Ո<5+?I%UAA{#kd}o=B#@O~IOx*}bI-i hY\`B`{4@Aˈ#"r>-/APs֛%Jlb0/:(Jp {}~)aF_?Hqs*C$9t%K̨?OY~EOE&WKtRILѲ+; c¿_֞PihBCp>/XF2r( ,84V]O/OٍWNٛS6haHD0FTKA‡ rNtD&Ɗ 7-ohRSVdmm/4S}7@(\W漶o:d;rxDzK#w1GpH웍_Dˎ%>5$RC] ꥶr CD7s#^!]Ɂl'hPWo aW>XBس{0H6^rM X&^6tݻ*fd{go ׋P@K'Yx#CrfVzB_3rǩ䣃d PQdRbE mϔ 瞖}+]hCK=]I%bv|²f-u♯Z v4N CO][Nw|*żAӶ'׷/Oԩ93|hSKU-5_0E話lD|6d񞒌&,4QF +SO185LzG .mW;yCH c.ήڰ u%[dO$;(C1 ]7r^9ոF\M-&l*LGr=wngzd_֬S&Dx~[D} XЧޫۍrv[\}em0\Eh}u#\gDP='FBFx }-#MK^ ̾&o 7y1MD4aT7Nf(x[r)C}Άwp6pa/q?\:Vю?U`}>ZCU9d5޹, 3lD6]̘!FSIc ?׀b 6H[B'(_d)FN,G• ǥϐCg\#^nIC LݲF<*CzL f ~!(cQϿN3%qfMUNR2ޮXs IEfЊKaH*i@hQr*M漶ɛq!W֪M$ tn~K~,̐cai[q@r љkfƫ| /{΃(.ߓ]xW9T},H=`p (YS eCZDKԆuhq'L /4!ZOjOG$^ !i*i w/h EFbt4re-&\>UW 3L.w?7p =M^2MkqpHپW ^w0z6m:0}DVZK+ϔ`G-DɴҬ+?>yXQر>145fiMr%} T۫=x ж7>Uwxíf*CEMgg{}`xBX܌<"4..YK'2QaOU>`veڒ,9e2ls*6jX۫:mBhB&Jʟ.# }0STr֛zW:7M0v 8Ka @v>h4NEo qlPͶ0v4qw XNJ|bƣ&P1@?Ak >ON,f KT(f`\7FҐA5U d5g JCt`*Ka0fU o6,4jCVd.TDDg&% d!yۙ<7;hֽQK_xx BhEĥahV" yxoȡv);jd8ܡp|_3'I S)&1)Ko k &(`[[+yV!r(.t\(GŰn 2Rѱ)K7km9H#z_&7MՖLd`j(.O}2lzn[=) 4vλhHK$ &A$8>3㥂@\5>t32cVG2r:U2zzO~!«N-n1o-I(LD v퇲v1$/np=Y#aCS7U|3Ip'N>$(~5IA?*륡:XPF[4;wdڿҖ0LrOeB舮!,8޽TMи tp xi*q7~UO[8'2aGDC2uxbsOK*^d3Ԃt'XG9wHfCmy*]"U`RE%C6@ϵ]9q+ ^TљIh zT0X2d}Z$e]g)NӞF*ni5lRuTKxŪV>v3EA0G Q0^nAxuWzӞ9#';%A"׎C# ࿢1X&5J5{xgɈq[gbsIF얹H6J/m /y$ᓈ6+h,xEЉJ3 iﶬVZ'8xn/_ ;b⟥MԽuoInbqVWI^u$2 ć:$B&436CJԪ,R8j8,5^=E f[ h:rp%# `+0e[e\g M1}9E@n>I<?'" I b,\?ِԲhy0xw+>d*w)oꑭfC_X:OGJ 77):4 uG4' < * ř“/q 4,"I2Yhh!\NQ>ߣZP'RKc!vʼnr9J-Ҁn$p% r$ X'"N_dޜޖ r zpPnGsTߒh=@z**;]Yܳ_uyo9bddjh q?(ޡۈZzE{Hj:K.0")T6 v+iC8-hUBY2& $ɀ{vg5~+Ĝ՘nC$( HÜ]DZuZ83֌2gqp21U3>B}7'?(b>Vw1Z$?vT: #|>PIH8p3u~n8v+~l%? n <^A;qDH?xEotbXis $T,̀POu@]qzc)ʋ "nhbU^#̕~WzY`N_ OkO(co/dv3[Z6fە,`|9>9ו<gPV#oZX#dڠ}sn' W"J9p e4_\dK -%zOH5{38(~"q{.+}{x*n;~= hC!+wD.-9/w!KF?-_~^'iJg<]NsݦԿq7Qn4HD \UzQ,sN5qBU4D?>\.Ai`Vwep6#zzXJ:fI0'g wPfIl!C_BJl|cn (v4q CկijOiBlDViԷiҸz$>ݐm,OFQ.SK2' FuSq ՖMة-@;-^H ^gҋ\jd33m6 S4# "Gxv0gn;"$$ m>j%; k&, IPeJy#ZTZEҙG$g#6so&k\nSU{d/Dݩ킒k+ߐZ!iwͩȴǷԛ } 8Ku*<#J].;*u~Ġ&igu%m'ϔfyKMX/s5Ck6#:{= ݍfhb[oGu<#- u|dR%q-*dL-B~C0cA$ئy~ o)Js@l}9-H9:+޲׬}_7h E)~m@؏-V{Iz ܷ+CQt,B} O ; "tS7_BS4@WDvg39!_n%/ T6}1zxB>mH&zNL^=inRM`KOC*aK G|K% Ck(4D5kr:$1>&zZa)  =葖JB[Qr.jqu1gyp%(=$9Afe痙. /WNi"1R@_/33]ѵ3VP''wrb_:>4< ']}W}r[{% CF{I?_h6eꪩ`-Bx{ߎ#+lܼ^#i82kh\`r6jɩ.wl^?3i&;* 8;zkK.?s= \nWNF;7m㮃&)7N"V5 知3uߖ1]xNjasԶxlŽaGUQBNg8i^Nw\<Arq swbaJA HGQrc5jl(ԮE4Ny?E:hNvF GYf }P\bAP~:[ m| P:͚O[#]>lS+29!g2DCb2$?>֬[?@Ll_Vmk1+6,IϠYIJ7=i3xqμ+mZ ~vVf'uK6-(x:aYQ" !s+>]"y)O0)K1>2YBBkzW|;\<~̠lD.Ƈ"76ԅ1VɌu;0#_gV 2ԱD!VPTHl͚5}[ !Z`)0֤b\v^N \+;BV- K[a_uRefFL]/UKl=h+rZy{:eZeʠߟ!Ͻ5-D vӌvx WQAAj&v0e^Wd=G3uFGjX"kDzA0!~XLvm^~̣Fŋqy MJܳ-]4d̪#dmscR?`EOrHdWGG/_}q~Va9Ϙ1iUB78=#~_f%>H+Lrꮒ+B؉\:q,2vf,+Q:Lg71}oY17Ѓj#1,N5Eya!`RGϐi9 z n~v!fCP #mT/V3N{$8)RVz?❡xA;'5|Ow8렠C˼o)yE}JT\dAݧނ._ fGWHQH^,IaAЃ 0~"=jWrt2x0 xYf}KB>#b$FrpoWfb6elyD8N&$ )| Jaa/mCT^Ú굴dO6tJD s>m/Ԙ?PE 두0PujYA(fkj.t/D) %h,җ#[ހh}~#=)G"PA=ey🇣2H|M*ˆ'" {fpQϷKQF5,ڤK0c|\Lp!ȴ0ŔkS6;[oƀ_VJ9A!"s|n!\PٞtGk![窐"ܽ, @n?W0.8.rff HcY~ -Zl!pFxabJUsQwB]Lp(ד!h,w|€/28[>-,+~ 'L-E<'&U!5h0״i&Yh$<e!"Z![aS`=@7(O>BV~Ζp AVUbEV+0?7};qv›8CRUfA1ATjkə'8zPS`;iw OxGmܡв 1f֩YB]'A::&5Y6!3β=p+{)¯xxJĵG".WcqU>` @~4Dt`Q:=7hEkP.+(H~po49[ϩeց&B|-|c ) "ĊވnߜVb_.0zғ21[&t]1zF`=FfdNcDH{z9;{|4vjE8u0 ??I̜a?uJ#y2(\-^hBvvU-uJl\yT}/]P54>_y/ޥKS>]X*:tdn !fgm(|p7[a;#vIUv5{r$Ӏq=7 aPp|fduu/U\x($_EHк,񡂆041]J OPpz[:7&X3; A 3n!1Xl8ٷBy٘IOf IKk%RhqP\>cՊ,s$~t~Vz;Nq_]'&:H^UN|'ݬH<-㰸mWU 4 [sh SN{5oiT8h]Lsa0xpهwCau,*":Ec[0cg>}8B'2O^d\_%b{5Gc\J)kӳ7=/| ;}ilau!r(\`( fKۗIu&w7p9E}bjW6V֒M]_$+aŌpXG%W_YQx`%I!^wܕ&u$V[ϋI Q0٢;VTSYϻ"%=/wZ[#tPU2,}6?kq^7 1ˣR>GP2!o,y?H8ʋޮ QеGL9}q`渝ɋ(2qRKEdўՍjEMg2񶛉x\ζh֠'R5 2ɰ\M-PV1dfQjw 3 I[b?n=Ͻ9ۧ,'0.*8a1 1d:3 Nq0Vߋ>GҵwgC?Uf,OǢ = >V,hvZM^uB1yk䗡UOVĬ lsM56)QA淍I!_Po5:sYr.ӌ^\zƵ?5c4 -+߽Uľ C( $FT S:-`38Vx2M1a[j4gp"c'sB=:]P#ndԜ$M ӱoee=X9i*~?)S(%C?p"B`a1s1ĭfCm^|D}UeP&MdBF. MEV Qp i{jBbEỢT, Q/;.m+LFئk` %ښ$ /PDe4<#wΐn oI58aJ1NRSLbPIvᛚdWzqYVG&іVHB T 9|$$~fNDOSF?0ۘh֩3|.[vٛH♉OuХa`)[~"a%{F?*k[ʡ% BJv%!ߦzU}͞3ip(#^M|mT -RjgLRpO:W: #8 yϠȪIl5FjAd>;xQJO(n@!/2-4#Ɣ{SM| KDj,01Eq$g ~Ol$'snGX=?W'iRAag<^:P/5"(h`Iв9']h61o|z;kC3v9oBHS[('3.0 KQ\8H࿴{Y6S9WRcu.oX*@B1 \ѭQ`RQQ<[= BfU P]01R.Vr3X._,U$Zg: ?p>IB8zk5vD} EP(yK"n í> F/-~[> v(SEMvدo_g{jz62N 'HĞ!ࡈT鋯qǞlAK^R>m"#U}!?VQD FX<S[MxŁFZgdD{6>1gіd) J\v!ʒB[ԳTiݚs'uE\0N./LeyNxT GM@r-hjpE>En2Kȡy9W<&t#,T*-X533˖ղ X3%4GQ(㞯.TG&2MdHN/U@j=?=e;SYv'U@T۹{}؞O YlΠ- :,w,G钅88vSw YZ