stunnel-5.44-lp150.4.3.1<>,,]/=„=hRZE[ `K42E,fB UʐrxjP ?b_bFs|JpV"O%colNy- q߳/&j[D(ʟPxb0 ic.S6j($` y&1:ʺNIӪa~c T;#N90'0X*O{Xv~cÎ0x4VfG %hL$`:Nnkj;~)UP>F[?[d   0 ) Bc{ X  8   Xs4((!((">8"H9":$=RM>RU?R]@ReFRmGRHRIS`XS|YS\S]T^U4 bVcVdWVeW[fW^lW`uWtvW wZ(xZy[z[h[x[|[[Cstunnel5.44lp150.4.3.1Universal SSL TunnelThe stunnel program is designed to work as an SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that, while having non-SSL aware daemons running on your system, you can set them to communicate with clients over a secure SSL channels. Stunnel can be used to add SSL functionality to commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers without any changes to the program code.]build34openSUSE Leap 15.0openSUSEGPL-2.0+http://bugs.opensuse.orgProductivity/Networking/Securityhttp://www.stunnel.org/linuxx86_64if ! /usr/bin/getent passwd stunnel >/dev/null; then /usr/sbin/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \ -d /var/lib/stunnel stunnel fi test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in stunnel.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in stunnel.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-stunnel-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-stunnel-update-$service-new-in-upgrade" fi done for service in stunnel.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset stunnel.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in stunnel.service ; do if [ ! -e "/run/rpm-stunnel-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-stunnel-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in stunnel.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi PNAME=syslog SUBPNAME=-stunnel SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi if ! test -s etc/stunnel/stunnel.conf; then cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf echo copying default config file to /etc/stunnel/stunnel.conf fi # first installation? if [ ${FIRST_ARG:-0} = 1 ] && [ ! -f etc/stunnel/stunnel.pem ]; then cat usr/share/doc/packages/stunnel/README.openSUSE fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable stunnel.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop stunnel.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart stunnel.service ) || : fi else # package uninstall for service in stunnel.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fiWH FHCai;-CAAA큤AAAAAAAA]}]}]}]}]}]}]}]~XjcNFkvT.9qD*=6:U!=6Y=6Y]}E5!]}]}]}]}]}]}]}]}]}]}130588c536705ffc7eeb442f31d92a1bccf6d477bc5de5252bc1b3c27eeed43e7383c1e0b46ea593242fd3502aa4d9d9526c683abe108a4ed8281ae640ddcdb86700b151c0f7184b7bda2fee293d15cfbe15342922cf9d0aeffdf7aea5e38b60d7cf7832c9a7e862e21d0ad58156418f13e7eff83faaf5cf6329b7634a87ae19c43821865591e4d893906e2801b5ec4de58e51978f5563a61475cd0adc0bec4d1ee2b290e92c211b08df10e9fcaf32596cdb22b8eae731b18c2c074a4a83eebebab7201e0e5385c37a3ec1e604a0eb7fdd4aa5f06a4338227da5cd17cdc4c9623fa573250a5bce07b3f96f84c90828c489b088dc8ba7b1d0bd185e29ce065a48afb38249a10f814633d088a59bf642b509b61740d32031d57dd5c2989ed3017aef0fe5bc0fd310d5148810afd7ab0add54f038eb7da8c94244550b966a375095e7584fc19775a8eb7bd4838ca0375805ed881656d8d2bbee1196ea088709d8704b6f0bd606058980f3f0b8a5482499ff4bd0eae8db7819482ca35789f17eb300a16245915948160e1a796585f756a6b6fcc9a3d9e9da7577a716b6c583742ac18d5992ae19306d9a6872f43ada1c7a53bd3a3bd989ae9756ecdd6e9d453a7a66d5eaef5f7f6dabc4dfcd294b448ed4aafa4a2010b27a964d9958940e749633a64589c4765e962b884e1a10d10ac6391d9f62b652ef043d2770d21551916d6ef1servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootstunnelrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootstunnel-5.44-lp150.4.3.1.src.rpmlibstunnel.so()(64bit)stunnelstunnel(x86-64) @@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/perl/usr/sbin/useraddcoreutilsdiffutilsfileutilsfillupgrepgroup(nogroup)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.9)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libutil.so.1()(64bit)libutil.so.1(GLIBC_2.2.5)(64bit)libwrap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemdtextutils3.0.4-14.6.0-14.0-15.2-14.14.1]{ZyZs@Zhu@Z@Y@YoIX-Xߖ@X@XXj@XIK@XkXWv@VVvUL@Uc@UnUU3@TZ@Vítězslav Čížek vetter@physik.uni-wuerzburg.dejengelh@inai.deavindra@opensuse.orgrbrown@suse.comvetter@physik.uni-wuerzburg.demichael@stroeder.comwerner@suse.demichael@stroeder.comkukuk@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.comjengelh@inai.dedrahn@suse.comdrahn@suse.commichael@stroeder.comopensuse@dstoecker.dedrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.commichael@stroeder.com- Install the correct file as README.openSUSE (bsc#1150730) * stunnel.keyring was accidentally installed instead- Revamp SLE11 builds- Do not ignore errors from useradd. Ensure nogroup exists beforehand. - Replace old $RPM_ variables. Combine two nested ifs.- update to version 5.44 * Default accept address restored to INADDR_ANY * Fix race condition in "make check" * Fix removing the pid file after configuration reload - includes 5.43 * Allow for multiple "accept" ports per section * Self-test framework (make check) * Added config load before OpenSSL init * OpenSSL 1.1.1-dev compilation fixes * Fixed round-robin failover in the FORK threading model * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown() * Minor fixes of the logging subsystem * OpenSSL DLLs updated to version 1.0.2m - add new checking to build - rebase stunnel-listenqueue-option.patch - Cleanup with spec-cleaner- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- add more verbose change log: Version 5.42, 2017.07.16, urgency: HIGH - New features * "redirect" also supports "exec" and not only "connect". * PKCS#11 engine DLL updated to version 0.4.7. - Bugfixes * Fixed premature cron thread initialization causing hangs. * Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1. * Fixed pthreads support on OpenSolaris.- update to version 5.42- Require package config for libsystemd to help the configure script to detect and enable systemd socket activation (boo#1032557) - Refresh patch stunnel-listenqueue-option.patch- update to version 5.41- Don't require insserv if we don't use it- update to version 5.40- update to version 5.39- update to version 5.38- Update rpm group and description and make -doc noarch - Do not suppress errors from useradd - Remove redundant %clean section- update to version 5.36 - Removed direct zlib dependency.- update to version 5.35 - repackage source as bz2 - adjust systemd unit file to start after network-online.target - bugixes: * Fixed incorrectly enforced client certificate requests. * Fixed thread safety of the configuration file reopening. * Fixed malfunctioning "verify = 4". * Only reset the watchdog if some data was actually transferred. * Fixed logging an incorrect value of the round-robin starting point (thx to Jose Alf.). - new features: * Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control. * SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia). * Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev). * New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. * Added logging the list of client CAs requested by the server.- update to 5.30 New features Improved compatibility with the current OpenSSL 1.1.0-dev tree. Added OpenSSL autodetection for the recent versions of Xcode. Bugfixes Fixed references to /etc removed from stunnel.init.in. Stopped even trying -fstack-protector on unsupported platforms (thx to Rob Lockhart).- update to 5.29 - system script restarts stunnel after a crash - readd rcstunnel macro for systemd systems - drop stunnel-ocsp-host.patch (included upstream)- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL versions. Replaces stunnel-5.22-code11-openssl-compat.diff.- update to version 5.22 New features - "OCSPaia = yes" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21). - Remove executable bit from sample scripts - stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11- update to version 5.21 New features - Signal names are displayed instead of numbers. - First resolve IPv4 addresses on passive resolver requests. - More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP". - Performance optimization was performed on the debug code. Bugfixes - Fixed the FORK and UCONTEXT threading support. - Fixed "failover=prio" (broken since stunnel 5.15). - Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.- update to version 5.20 New features - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - Documentation updates (closes Debian bug #781669). Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - Fixed the manual page headers (thx to Gleydson Soares).- update to version 5.19 Bugfixes: - Improved socket error handling. - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed memory leaks in certificate verification. New features: - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - Randomize the initial value of the round-robin counter. - Added "include" configuration file option to include all configuration file parts located in a specified directory. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Warnings are logged on potentially insecure authentication. - stunnel-listenqueue-option.patch: Refresh. - stunnel3-binpath.patch: Obsolete, dropped. - stunnel.service: Modified to start after network.target, not syslog.target.- Update to version 5.09 Version 5.09, 2015.01.02, urgency: LOW: * New features - Added PSK authentication with two new service-level configuration file options "PSKsecrets" and "PSKidentity". - Added additional security checks to the OpenSSL memory management functions. - Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE OpenSSL configuration flags. - Added compatibility with the current OpenSSL 1.1.0-dev tree. * Bugfixes - Removed defective s_poll_error() code occasionally causing connections to be prematurely closed (truncated). This bug was introduced in stunnel 4.34. - Fixed ./configure systemd detection (thx to Kip Walraven). - Fixed ./configure sysroot detection (thx to Kip Walraven). - Fixed compilation against old versions of OpenSSL. - Removed outdated French manual page. Version 5.08, 2014.12.09, urgency: MEDIUM: * New features - Added SOCKS4/SOCKS4a protocol support. - Added SOCKS5 protocol support. - Added SOCKS RESOLVE [F0] TOR extension support. - Updated automake to version 1.14.1. - OpenSSL directory searching is now relative to the sysroot. * Bugfixes - Fixed improper hangup condition handling. - Fixed missing -pic linker option. This is required for Android 5.0 and improves security. Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements./bin/sh/bin/sh/bin/sh/bin/shbuild34 1574428287 5.44-lp150.4.3.15.44-lp150.4.3.1 stunnelstunnel.servicestunnellibstunnel.sorcstunnelstunnelstunnel3stunnelCOPYINGCOPYRIGHT.GPLCREDITSREADME.openSUSEca.htmlca.plimportCA.htmlimportCA.shstunnel.conf-samplesysconfig.syslog-stunnelstunnel.8.gzstunnel.pl.8.gzstunnelbindevetclib64sbinvarrun/etc//usr/lib/systemd/system//usr/lib64//usr/lib64/stunnel//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/stunnel//usr/share/fillup-templates//usr/share/man/man8//var/lib//var/lib/stunnel//var/lib/stunnel/var/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11566/openSUSE_Leap_15.0_Update/62f30403837cb942c9a37ded2095f2ff-stunnel.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linux directoryASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d3a0c867045c561e169adac051028c4fd26ec765, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=5e70eab32aa51460fc294f3624e6bccf9ad39296, for GNU/Linux 3.2.0, strippedPerl script text executableHTML document, ASCII textBourne-Again shell script, ASCII text executableUTF-8 Unicode (with BOM) texttroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)PRRR RRRRRRR RRRRRRRRRRRR RX$Fl5)wutf-86872059137d4d0f27042c4a9468b96bd101d2e747a4e87b77301995f3228ae1f?7zXZ !t/7e"]"k%f?wqs93KQB͡+4֋S 3h$6-3%r0 ',eؘnw'{]$K>5e|Fv,2½]hq 5=Kۼc"NsFzMK'[釋;KDZW4L56-k;JFvZ_s._;ךCr x ? \?ҕ"_ %7+Ly◮H $WblF]nD,Lz5=>@n&RbHI+ \=%: Ĕ%~J9Us;@ {U}<"JAz" (~UE`œ (?{ap"θ ZZeu/i"Z=Rk%lU'GMbTPMo2[: 'f8u&ʼh=s$iFئJkPÜ!s[`ݭ]Jd" 0({5NNNzc]8( +Fz$?YGwPmWmmB>GNf0a^]Lx̿dΜ3 YR -UzKM C6ll}sD ׍ վGXȰ& s<&Ewv3d=IEH̚aMaNQfѻĠ)w*T9W&ٕk^M K=']HѨ0T|FR%VgK Ҡ}5*6v3>kPK찑:l(|VDL֢1I2lI?6L33 baFl0ץB>&EW:3$=þO4{1h-oTt8УNbsT9D3Q#B>XNtK2=3MQ~g|:XlC V-zi{ kG(h$^вAaw6#w..5*ilemW!= 7aojWTڴ  J>鷍r>M@oK_PѲ]OhXSи5ߔp1C?|'g%pqM=aۣ J|̐;_$PEȆE`Ŝw/:8n:;WKp6B0L&TZpSƪMJ¾-I [\U9 ,cɵ!Yfda$(l~h^ ,8ntC Q|t_MYHrD P]x|53J9z$у\.XMcJB5M^."nƄvcX@r7_ƅzID})`njN\zfcVsU[3lSD=;T΋Q Seo҄ Q@~QkAOD'@R$[Gx9BQ 9 2Vg3rKLa30xji:?܊xNzԖ߂ 5pԞh#1JWF',֮pvtsX;]~!+w%Uӧd V"o9< -GWh{lAly]bW?ߛAIyœb4qrLo!qqt?,5{hs x~} lvun&=K O5ݸ.De)rT_;E κڒ O_Hڟ́\bx[?PAzǼVok4I0c =2www^OܷG5 ibC8<22@e<$)cu_ `pTRݲ?j3rLhc(;N 765ks 6EȿYIbҘ&ET8TAl }=T^ iZߥ!ݘvmA'] |JFZJ!d_%2EQЏ|u]A}gbHv̖Lа|͊'Z=dW \P#`Rr&PkVRa HnpN0o`&-Xd%7vno 4PHfMN#u6tG]`oK)4-&ZxŖ}; ۛ2 !gDs?-sbː31>f-*Qd?YqAsF+ôOD:T="!{ xp˘fjFOWS`^Z&-O%M.E s0MEäSߑR 9;FTUNLJM~ 1]Ň|7*\v3oǭܡ1/vM' zek< "hm "q\s$֤BQhkor6/m0CiFf}(H4 5-$aP7Np†N{ېlBL3)xg0~ /&Rҥ?)uw7h葥n:hv^@3WUʄ4 XaM66%*h:&k#u "x?4'PͩmUmFaKܲޠ|bN?HGwPFLSEWFrZ{ ]h=.[LC4nms#EL>~tv:JB +^enO9^73%;9tim(6e ۜɘ-0>Y>{ -dlj[֣̿q4j"?7NfWhmx߻) nNq=[$k{<6lk$:Xqٵ%2%@t/|_Xss~qCo tk-NY t7k:u_>ÚL? 7hl&Q#{$a촦N龝%WDZH-p&hBJ,~K7dQ=TU,a}%쐟;ٞj4m_7fNKb;κy ?o4?Iky/6j"%OI`jt FHJ]MR=CXeJ*NNِǃ`OxV:2JҊFmӈPԌU$c%e]/RPpx\ }ZܙLg*UUeˤO,уJ'N8]gFQB#B **/H_ѭ%KNIHzdE3IVz&JZ8x`VI''YQmuK'E B爏!p='D[F"ft_R)m`t<稝$ZCe,vЯzn J8pmsM<:A S{BjZ$)^D-4!LwYrn;(s&!M̘38EwD6‘a=E&=v釫Śq w*}HU/>GK _'֔CC[W`HG 3z"`E.aw:IS0ܧb ')]X(ZKiОyUDj&l- 'R˰L+mY ٹ5b-ZS^h8c^Q8Wb*wPrgE=8d+FIK #VT`p0fX^UoV"LzvHxDn:d ,'=sA5sh7j3X*H h^(X>l7'ڙ&yr.̦v$f[Sw(sL;V1!'(y8UR8=kECjBv=gfѧac޳/ S$I`ǒ&Va[Gr#"\/U1 t@wL4AF6X8 f^1|?+קy$=\66AFyjk..p|@P495U7ZyL`vd푗z23"F`GW>T4YqNDe\V*fVV +1~K2_84<9ob\ɔЫ^k(fC@ri-Z!Oc {݃c!mⵒ!6g|zí"d|J[ I!, )8`TlNDЉ3ZՉF3뽖-E1)lԾyl1@ԃ)n7󣍫5Jmo9,<ս2THxˁ|Q=OԤigǡ>%ۮ&̡֍@BBZ¹k~Ҙq ek"%Id+xa ]?q|`IA]x*c|2xcAݽ fIѧ {G4h&Yp nuP$JR)\[f;q^^J7^Jc+<MV81QO @z\11BJWI v淚%SvAܤ!F1~1tJVJv*byV%ßߖ hT{hZ>oQ܊rx͙ϝ|ϩ0?47׶3Qz92tф7͒['X~&_omE'Ax1-5_0Ò{o%l׈Lo?)0Zy_JjG0B#Y[= ₁-WĘ[&?d=]xX~38W[P§.\ƈI6kĠS7Ki@A!y68">sئ|E$/"$Al >Bت NT{mzb#%`'".CXcaP*oGiǀ4ToAV#\e_n&.֕[}ZJwI4A^#ZG{vLa;e6l'rq[H7چٷ34wC }jKDT؆w/#u44\.\~W<{{ d8l~I])VဉoxLskgcQ/|wIpq@oZC!>_JcڼNxbx{|'=LHɧh駌"6vk%EuJ'#2&H~o > -qC9 [R{=zP9Siz(ž͆Ϩ-nPݧTѫq @QGA:vIC¬iw6sBOaq,Ga !kstoLl;+IO;y-=7&$%Y2z)Jp#t< &o!}"'q:˩Z@ߖ #2"brN)% JfxjgTt^UcH[5.JmiDIŚYJ&V~z}8U8T*Z$.NVП $TMfWh'ğGbJ"2hmc 2^>I?=/3E%7Xux(gCjpnౄ6fl˲Z?I)*A宂[]|406a k.4Rc[鼧O3Cz1#s2pY뇟g@Y5*5gsҤ~Ԕ*itչ#aU]QWfXk"$cTd ;f6G͇H^U ɭ]7@_)Cs i{`[8zA`2(J%j,t3ł< !4Jl?5^ͮLeg.)3-]Մf BTx=zVW۲lUi9y%X삆ʼ&NyW +b_­"6>]A hV ?xJ[A&%=m.kv2A3چs;a$&Zn fUyuo]/w; 4, TJЯ^;˒qެ?ߺo6h;G x;h8E7wxapId٠K|{ṷK\yZzw#F `$jFz&e(N\]p}6J4gwY9#5q#쟃s:e?}İX55H/A9?FʹV$s78ɂ?L2l =4 T3b|~ MKyuėowj]9@(vj]Ѝ)r{J$iWWE8wvtkM4CP".3O̢,q+x6ikO OMOI'^,mKIUKWVZA Zpc94XʔE7.%ͪHSn% iKd«礀4s3lrbVvWLfi!io衸ȇŘ!Q Su<)fy(1嚏D$\J{iVQcg~B?k-L>O'#w  uL25kD";ǜSeCP#Ky+#(*tQ `ATLD)Fl-N?U7nliy蘅ٸS>)POܧY>X \ʦE)+D=}EnOD YZ