openssl-ibmca-provider-2.4.1-150600.6.9.2<>,iggp9| 00(bq ~g$9i7lz<ƻ>cŲ*cՓ&-B)MX;~K429Ŵ@' ȉ'fF =nv^Ⱀu0i)teE; 1¸ٴ1w5G%fk؜̀RRK&-œE?rWp?9m[qdGܙ>=OD2kv½ ՞y&XxnQ~vŃ>BB?Bd , M2= Sb         +  8 d   0h ( ?8 H'9 ':'><@<F<G< H< I= X=$Y=,\=T ]= ^>]b?Dc?d@~e@f@l@u@ v@wA xB yB<zBxBBBBCopenssl-ibmca-provider2.4.1150600.6.9.2The IBMCA OpenSSL dynamic engineThis package contains a shared object OpenSSL dynamic engine which interfaces to libica, a library enabling the IBM s390/x CPACF crypto instructions.ggs390zl31!SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Hardware/Otherhttps://github.com/opencryptoki/openssl-ibmcalinuxs390x#Original fix for bsc#942839 was to update on first install #For bsc#966139 update if openssl_def not found mkdir -p /etc/ssl/engines3.d mkdir -p /etc/ssl/engdef3.d cp -p /usr/share/openssl-ibmca-provider/openssl-ibmca.sectiondef.txt /etc/ssl/engines3.d/openssl-ibmca.cnf cp -p /usr/share/openssl-ibmca-provider/openssl-ibmca.enginedef.cnf /etc/ssl/engdef3.d/openssl-ibmca.cnfif [ $1 -eq 0 ]; then # last uninstall rm -f /etc/ssl/engines3.d/openssl-ibmca.cnf rm -f /etc/ssl/engdef3.d/openssl-ibmca.cnf fi )$ yA큤A큤A큤gggge ;e ;e ;gge ;ggggggb2'g129f11045b3396bcac1ec43b6b8fa8fdc5450d65527d9cf18ee9462e169eb95654f51a5f6d9b3064fa033c3bf36e3faa7d574eba20351b4e75a3f85072d89e69b15ca0996b5cce68d6d3623ef6f1afb97d619a8c4d33aae01f6b773c99cef4aa731be61bc4173a05256343b4fc84079623c9c3dbfe3be444e3c92aaddc2f39e5f943b5c7aee57ec8d33f5baabf638230e0d5c3c4404eb21ecfc2ba93567257a9fd96e52b3aaa6e82f1e763105040490775e0bb7226f0a3c86469a23a68da0ca59bcbf8ca9d371dcb3df5617454b81d53035191ea05b2b46e86fa6e63c7c893a6dbd9c040f032510a5a2af3f4f0088794f79b19f28be2e0d557d081f763b78512rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssl-ibmca-provider-2.4.1-150600.6.9.2.src.rpmopenssl-ibmca-provideropenssl-ibmca-provider(s390-64)@@@@@@@@@@@@@@@     /bin/sh/bin/shld64.so.1()(64bit)ld64.so.1(GLIBC_2.3)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.30)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libica-cex.so.4()(64bit)libica-cex.so.4(LIBICA_3.0.0)(64bit)libica-cex.so.4(LIBICA_3.0.0_FIPS)(64bit)libica-cex.so.4(LIBICA_3.3.0)(64bit)libica-cex.so.4(LIBICA_4.0.2)(64bit)libica4libopenssl3rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.0.03.0.4-14.6.0-14.0-15.2-14.14.3gg @f@fff-f@e,e)1@edkY@dP@dGdFo@d?d.@dac< @b0aD@_a@]w@]fl]@[1[_[@[-Y@Y@X@Ww@W@V@V@V/g@V/g@T9T~@nikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commeissner@suse.commpluskal@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comp.drouand@gmail.commeissner@suse.com- Applied additonal patch(bsc#1237344) * openssl-ibmca-05-engine-Fix-Do-not-report-errors-if-libica-does-not-support-EC.patch- Applied patches (jsc#PED-10292) * openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch * openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch * openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch * openssl-ibmca-04-engine-Fix-compile-error.patch- Amended the .spec file (bsc#1227537) * 'rpm.install.excludedocs = yes' in zypp.conf excludes the /usr/share/doc/.. * Added a check, if there is is /usr/share/doc file to be editted. * Replaced hard-coded '/usr/share' with %{_datadir}- Amended the .spec file - Changed the package names +-------------+---------------------------------+--------------------------+ | Flavor | Package name | Note | +-------------+---------------------------------+--------------------------+ | '' | openssl-ibmca | Both engine and provider | | openssl1_1 | openssl1_1-ibmca | openssl1 flavor | | engine | openssl-ibmca-engine | Only engine | | provider | openssl-ibmca-provider | Only provider | +-------------+---------------------------------+--------------------------+- Applied a patch for openssl1_1 (bsc#1221627) * openssl1-rename-libica-files.patch- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) +------------+---------------------------------+--------------------------+ | Flavor | Package name | Note | +------------+---------------------------------+--------------------------+ | '' | openssl-ibmca | openssl1 flavor | | engine | openssl3-ibmca-engine | Only engine | | provider | openssl3-ibmca-provider | Only provider | | openssl3 | openssl3-ibmca | Both engine and provider | +------------+---------------------------------+--------------------------+ - Changing/editing 'dynamic_path' after the installation on the target system * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig for openssl3 flavor- Amended the .spec file (bsc#1221627) * Removed the flavors * Removed 'muiltibuild' environment * Removed the 'provider' logic- Updated the .spec file (bsc#1218933, bsc#1221627) * Amended the .spec file to use modulesdir variable - Implemented _multibuild environment (openssl1, engine, provider) - Added a flag and logic for provider in the .spec file * When provider is set to 1, it 'configures' the provider * When provider is set to 0, it 'configures' the engine- Removed an obsolete patch (implemented in the version 2.4.1) * openssl-ibmca-engine-noregister.patch- Upgrade to version 2.4.1 (jsc#PED-5422) * Provider: Change the default log directory to /tmp * Bug fixes- Updated the .spec file, amended to use libica4 instead of libica * Requires: libica4 >= 4- Updated the .spec file * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries- Updated the .spec file as follow: * BuildRequires: libica-devel >= 4.0.0 * BuildRequires: libica-tools >= 4.0.0- Added dependency on libica4 (bsc#1209038) * BuildRequires and Requires statements in .spec file for libica4- Applies a patch (bsc#1210359) * openssl-ibmca-engine-noregister.patch - Updated the '#dynamic_path' line, as it was before, with the comment '#'.- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059) * openssl-ibmca 2.4.0 - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - Engine: Enable RSA blinding- Updated .spec file removed '#' from the line containing 'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038) - Added in %files * /usr/lib64/engines-3/ibmca-provider.la * /usr/lib64/engines-3/ibmca-provider.so- Upgraded to version 2.3.1 (jsc#PED-597) * openssl-ibmca 2.3.1 - Adjustments for libica 4.1.0 * openssl-ibmca 2.3.0 - First version including the provider - Fix for engine build without OpenSSL 3.0 sources * openssl-ibmca 2.2.3 - Fix PKEY segfault with OpenSSL 3.0 * openssl-ibmca 2.2.2 - Fix tests with OpenSSL 3.0 - Build against libica 4.0 - Removed a Requires for libica from the specfile. - Removed the obsolete baselibs.conf file- Completely revamped the postinstall scriptlet so that it doesn't need to know or care about how many lines are in either /etc/ssl/openssl.cnf, or the sample file at /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample We're now using the ".include" directive for the openssl.cnf file, and only modifying that file the minimum necessary to implement the change. (bsc#1004463)- Upgraded to version 2.2.1 (jsc#SLE-18333) * openssl-ibmca 2.2.1 Bug fixes * openssl-ibmca 2.2.0 Implement fallbacks based on OpenSSL Disable software fallbacks from libica Allow to specify default library (libica vs. libica-cex) to use Provide "libica" engine ctrl to switch library at load time Update README.md Remove libica link dependency Generate sample configuration files from system configuration Restructure registration global data * openssl-ibmca 2.1.3 Bug fix * openssl-ibmca 2.1.2 Bug fixes - Modified spec file to * Define a global variable enginesdir the same was as IBM does instead of _ENGINE_DIR as we had been doing. * Implemented %make_build macro according to spec-cleaner * Changed the package description to match IBM's. * Removed the redundant "autoreconf --force --install"- Upgrade to version 2.1.1 (jsc#SLE-13709) * Bug fixes- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882) Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424) * openssl-ibmca 2.0.3 Add MSA9 CPACF support for ECDSA sign/verify - Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch - Changed the ExclusiveArch directive to include s390x only. - The code in e_ibmca.c does a dlopen for libica.so.3, instead of linking against the shared library. As a result, if the package containing libica.so.3 isn't installed, problems occur. Added a "Requires: libica3" to the spec file to fix this. (bsc#1142286) - Made a couple of changes to the spec file based on the output from spec-cleaner.- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch An Apache HTTP Server was set up with mod_ssl and the openssl ibmca engine using libica and a CEX6A card. Whenever a worker process is cleaned up a segmentation fault occurs. (bsc#1138517)- Upgraded to version 2.0.2 (Fate#325688) * openssl-ibmca 2.0.2 Fix doing rsa-me, altough rsa-crt would be possible.- Upgraded to version 2.0.1 (Fate#325688) * openssl-ibmca 2.0.1 Dont fail when a libica symbol cannot be resolved. - Made multiple changes to the spec file based on spec-cleaner output.- Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. - Removed the following obsolete patches: * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch- Added the following patches for bsc#1097463 * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch- Upgraded to version 1.4.0 * Re-license to Apache License v2.0 * Fix aes_gcm initialization. * Update man page. * Add macros for OpenSSL 0.9.8 compat. * Remove AC_FUNC_MALLOC from configure.ac * Add compat macro for OpenSSL 1.0.1e-fips. * Setting 'foreign' strictness for automake. * Add AES-GCM support. * Rework EVP_aes macros. * Remove dependency of old local OpenSSL headers. * Fix engine initialization to set function pointers only once. * Remove blank COPYING and NEWS files. * Remove INSTALL and move its content to README.md * Update README.md file to make use of markdown. * Rename README file to README.md to use markdown * Add CONTRIBUTING guidelines. * Adding coding style documentation. * Enable EVP_MD_FLAG_FIPS flag for SHA-*. * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0 * Fix SHA512 EVP digest struct to use EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0 * Fix wrong parenthesis * convert libica loading to dlopen() and friends * Add support to DSO on new API of OpenSSL-1.1.0 - Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch - Added BuildRequires for autoconf, automake, and libtool. - Updated BuildRequires for libica-devel to be >= 3.1.1- Now that the openSSL engines directory is versioned: * Modified the spec file to query the libcrypto package for which directory to install the engine into. * Removed openssl-ibmca-fix-enginepath.patch. Replaced it with a sed command so that it will provide the correct versioned engines directory - Removed openssl-ibmca-configure.patch. It doesn't seem to be needed any longer.- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113) - Added libica-tools to the BuildRequires due to repackaging of libica. - Renamed BuildRequires from libica2-devel to libica-devel for the same reason. - Tweaked a comment to get rid of an rpmlint warning message.- fixed ssl configuration merging (bsc#1004463) - openssl-ibmca-fix-enginepath.patch: fix the engine path- Use macro for configure (fate#319941) - Use url for source - Enable parallel building - Cleanup spec file with spec-cleaner- Upgraded to version 1.3.0 (fate#319941) - Updated openssl-ibmca-configure.patch to apply cleanly - Removed obsolete patches - openssl-ibmca-README.patch - openssl-ibmca-sha256-digest-length.patch - openssl-pkey.patch - openssl-des-ede.patch - Did some spec file cleanup.- Fixed %post script to update library path (the only dynamic part of the ibmca configuration) every time the package is installed. (bsc#966139)- Updated AUTHORS, INSTALL, and README (bsc#942839) - %post and %postun added to properly update openssl.cnf (bsc#942839)- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)- Remove dependency on fillup anf insserv; the package provides neither sysconfig file nor sysvinit script - Remove depreciated AUTHORS section - Use %configure macro - Add openssl-ibmca-configure.patch- the openssl engines moved to /%_lib/engines bnc#905480/bin/sh/bin/shs390zl31 1740138256 2.4.1-150600.6.9.22.4.1-150600.6.9.2ibmca-provider.soopenssl-ibmca-providerChangeLogREADME.mdibmca-provider-opensslconfigopenssl-ibmca-providerLICENSEibmca-provider.5.gzopenssl-ibmca-provideropenssl-ibmca.enginedef.cnfopenssl-ibmca.sectiondef.txt/usr/lib64/ossl-modules//usr/share/doc/packages//usr/share/doc/packages/openssl-ibmca-provider//usr/share/licenses//usr/share/licenses/openssl-ibmca-provider//usr/share/man/man5//usr/share//usr/share/openssl-ibmca-provider/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:37567/SUSE_SLE-15-SP6_Update/a6861d1304a2419b427542ef33314a5b-openssl-ibmca.SUSE_SLE-15-SP6_Update:providerdrpmxz5s390x-suse-linuxELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=70a04bf82546e85d567e648ea857a6718ace1a8f, strippeddirectoryASCII textPerl script text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRR RR RRR RR R RRI+>[)utf-87880808e4c14e1aa5cb40e8136768fc51bc3f7177ea2bf77a21b807f36076b3a?7zXZ !t/0!]"k%N6eƦ62 GL/Ey2% jc8Eh9>2~<.f%F i~@*QkvLWwˤ"Csi4hZ'piLf~83 L)>L)LS6F5<6vd^Ufz`-@bI/ex3OD`Ӭ߆Ҋ[5W34vᗐ˭pquV᫻f,"uӫgæZ4D+Zc4$u7sM^<g 2_ݚ<&#g9Vyl a7^m&4S (;}Q;ӵp<PcmVXtŤ{@E.F-]D'ʭbM|,4$j1qi8:現i=+M Gr lȚ"y GNǍfulVHgWNէB1@;lvoIO2SJ$vncVd0d3Z1QQ:k8>=S[hb-cBF灎TBc㽒H_`ф[+Kp ']dhG';ѝ?z }APs4z^ɲ@ۙͤⰒɁ^hK܏,܇29؟A7=T_V?:%(VYJ2j{8Yo D 헂ku֐ahn!Q %뢶] (?J4N{*JiZj4Chz/ 9 -|] 2|k$Cl.%yr4#DF*@PRԔ ɂ6Mޮ?=Ho3yr9[(/g=Q˂<8gcym Kơ 0)˓Gs JA8&FBQ>PY$ja##oz ~9pބT$0#d]TلKa腎6jʰ?w~Kvaf h|q(lYF$PXr:jt\4^f q& UbVk9_ `k &}5!)Tb׃„Kb LK7m. Y\܅-w+'N ='b?I;Qb9N0iPp[a4[ Wq摨psD%18h7vm[Pw1 SyEr5qg.}>{l;fJ5KݣlI[w,{-Rd|׳z02ǎmLJܢ*` ` ~X ֢@Fx*ABĪi|5]l?Ds ģQJ_<E߮4,CPpHHZL> /OfcȌq8eD.x%]{5rEvԢ=a =vc{5F`z}i'Afecga*72?8OTɆw" ]`.à~EWy;ܝ]OOMZ~H FƧ);wxSaZ\zů!p{X3dTi1X,&RCfneEeđ֭}YT,;T5@27/:F{-dGuf 37؄̤Y7ϰ$Ue__%v8\{m)Yǘ6N?8ǃ8"Ke˓$&H`{;#Y2Q!BNXxf[<~6,nxyƄ(92hgc3Sˇ! %-3lYyΧ/!@u}[B+2d_i;!6_9th$aU _@ORMGt}HN\HS!05)HEyxY]!6-ZĿ][prInoݪ Bvq(#ed9J_M*l"j-cѠQ3UE 5`%4Mg`P?95@lDLdp <34G'Q ()Nأ/ &F{6/FKm௸޸-B|@\ qFT]$čNLoY>1ȿ= 'Aߞ{2ij$+ٟYWgNMzT}Аw1j>{dM#zx#5D93j]CiƯqSY=3^-mE?{i]ycKI?~}O މxWӽiY2]!qK#tvaLRϹE,.'Xxi =Y{bկ'&D-.]+Au.üհNS,;kȫ0ӓ1r ΒsQE>Y#?@BP@\&pS4F"$w̨B;cUaT6G`yrHrvխN7 LL @CT Qh:pD|hYÃPIg?]5ķm_gΧԩYwo3h<ٳO֛O 9V0ԡSwC (!B\@~Af'ؽ~|D7s6G7#pӌw;Ŧt#;|J/VlVy8jo'Khh!lK:{[nL+z5Y\jjKz5Wah >.⎏al$l9A wJ8#EА;E,p*8:Vk~6a3|wN-^E;̌/ 5=uVb U\K %U;Ժ,F<ˇjÛ2 (K|f$ݿ\!ZhV ^[$k`v6ot"Pk旵}61(~Z0m豉܌J<vI#A}鹔HIgX o&<;N$Hl*d긙)\N-~W"Cc~{ W# Lxܑ")Ei : 1| &%+j$oΓwGXK'cn'F^ lϻQ7&708Po ?Zc8h 'K AױPKW9Lַtr4O,MW#k*J-qz(NOMU\e]6 YzT0…jS,^1rwPZRsb'I# OfQQ @{xjpxswaKnxܢcXG ~'_);Z:tk@u<{2$KG _za fIl[;uL(DFA1Ub@zq#ɋbHk{v`)^؂6Y21F5_hL~viEil*Rg}O5.,) ɡ0hY?&ՒK^`VGhyD=bb\v8bM'|H|۬X"0)R~^3L{$Ѡni!=SEu;L 6$mb w*K^5 Wh9E^P3Y `7ZR EJ?]6!aIQu`ׄӗovU*L8aA[#xB$@~\L=\C:Q\bq:rh-ڊh}5Mp<[Yצ"pM4d+(,6 iT9X?68tJx%=8]I(C8%]r>Ȳ8b4UklZ~Tζ 7f2`0\rړMb{Q2pE B`ŽOR!P/*`ud)B+mjah=%/ڐ[xԼ2<6W7Ӳ§ nY 6zfwEΖw;isb;Q¬׉Ag.3+c $WƜGIhNhct qNB5SBG"u|q`Mb+;aKD { rf{jmsK2=ݴAR*za3D;OZ -nnb5xªe)N?@vmgGX{niC}-*-вPUv'~rAT{9Qqb?d X/ ͕.~ڭ.\*)bˍڜb65 plJn*?4Dϥm!L/Za65\9?M] ݸA]o sc [ʒy7l>L9)B;XD} ~ӄk*Fo-l.|eJ vq]a|ꅊ{jO [-"Y=PI3~#5Xb |?ҪEh^hc<1wS1wMe p1!-Ҹ0C+/O2e{H˻8 EJe"l_J1k$=8C gL!qKi?GV@Ai&8nϺqk ~[LVF2l9rf-M`.\-RtOHF9 jd[^CT􀙍 YN0lOxMj=fNbv,Hӹ1' %z*η8]"B[C4m2b5'CXq|D2z{-=vLZھ?muի♪]J7X^VJ\F9rxukDM(,kن(~cd>6b`JgɛqZ }6/B!t=ZV|yM=3,,C e,吠to_o47_85 L߆y`ܒˇQFs:yv"Mpm@1ɜec g̣M%F2ة2zY8O煉ftiJB}:7mRX -dI{+XX[op xd/TZfk:һ$Em6G,}ZkĪN$Gxy*2!l"s.ND]}c8-J͐&.mN1d룥 a5UFJ/Pm)+)S~n`Dhܝ 7-?WrlGh\ Wb÷D*"rl$ݵzgAƀ9 eݛd}Ocg