í«îÛ    krb5-plugin-kdb-ldap-1.12.5-25.1                                                    Ž­è         <   >     ,     è            ê          ì          ¤C‰ \œÉE¸‹/Ô=½Â„Ë¡ÿq"9®ž•è3'³½‰	Í?]éôäÔ‰™‘pÛÃ‹Ä:·+eáfÎ?`6‘è‘Ó™²;(óü|ÄÒDä\®WSžLë9°ù×C¤o~j<›Ÿ°“"2íñ+#
cè^9Ê¤cýž‘&íA$À>Oe1äG¥DíQ¾gÑäÉË?™Ñæ·‚ãõêÎLÌtÝ{Î£"â_üÿõs_“tE'†çY'·ÒR¸ Øìœrå*v6ÞÚêpÂxõÛµU_"U‘¹J±ÀÌ·;½ºÒ0^F°ü´I¡`W0þøÄ£íáëž
ÇÉ-cJ¾ÃÕ„Ÿx‡±}vŒÌ&ú,lG Ž^¼®Ñ¥¶¬×'hêO¥ å†d‘¸'   >   ÿÿÿÀ       Ž­è       =  bø   ?     bè      d            è           é           ê           ì   	   #     í   	   V     î     4     ï     8     ñ     @     ò     D     ó     W     ö     `     ÷     d     ø   	  }     ü     ž     ý     ¿     þ     Å          Ì          `          ”     	     ®     
     È          ü          É          ü          0          q          ²          Ì                     ä          `          	É     (     
     8     
   Z  9     p   Z  :     š   Z  >     [F     @     [U     F     []     G     [p     H     [¤     I     [Ø     X     [è     Y     \     \     \(     ]     \\     ^     \ô   	  b     ]´     c     ^V     d     ^ã     e     ^è     f     ^í     l     ^ï     u     _     v     _8     w     a¤     x     aØ     y     b   3  z     bØ   C krb5-plugin-kdb-ldap 1.12.5 25.1 MIT Kerberos5 Implementation--LDAP Database Plugin Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package contains the LDAP
database plugin.   \œÉElamb69   kÁopenSUSE Leap 42.3 openSUSE MIT http://bugs.opensuse.org Productivity/Networking/Security http://web.mit.edu/kerberos/www/ linux x86_64 /sbin/ldconfig

########################################################
# files sections
########################################################       û           (à       ox     l¦  `·  
ôAííAíAíAíí¡ÿ¡ÿíAí¤¤¤                          \œÉ7\œÉ7\œÉ3\œÉ3\œÉ8\œÉ8\œÉ4\œÉ4\œÉ8\œÉ6\œÉ6\œÉ6\œÉ6 3c914f06063f7e49a745431be7f01aac    02f7afe94cbd1989534ae0ecfcf24ad1   03f3f549979a8ec4746712729a2904cb  799c19363f1a72c11e6ae237445c26bd 2850adf0444ffea0143293720a0b69c6 a7af7b7bb2d0c6f2f557daa66399c3c6       libkdb_ldap.so.1.0 libkdb_ldap.so.1.0                                                         root root root root root root root root root root root root root root root root root root root root root root root root root root krb5-1.12.5-25.1.src.rpm  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿkldap.so.0()(64bit) kldap.so.0(HIDDEN)(64bit) kldap.so.0(kldap_0_MIT)(64bit) krb5-plugin-kdb-ldap krb5-plugin-kdb-ldap(x86-64) libkdb_ldap.so.1()(64bit) libkdb_ldap.so.1(HIDDEN)(64bit) libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit)               @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
/bin/sh /sbin/ldconfig krb5-server libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libgssrpc.so.4()(64bit) libgssrpc.so.4(gssrpc_4_MIT)(64bit) libk5crypto.so.3()(64bit) libk5crypto.so.3(k5crypto_3_MIT)(64bit) libkadm5srv_mit.so.9()(64bit) libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)(64bit) libkdb5.so.7()(64bit) libkdb5.so.7(kdb5_7_MIT)(64bit) libkdb_ldap.so.1()(64bit) libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libkrb5support.so.0()(64bit) libkrb5support.so.0(krb5support_0_MIT)(64bit) libldap-2.4.so.2()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) rpmlib(CompressedFileNames) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsLzma)   1.12.5                          3.0.4-1 4.0-1 4.4.6-1 4.11.2 \”Î@\4À[úÀZŸÔ@Z•H@Y÷@YóÀY®‘ÀY•…@Yœ@Y.°@W±®ÀW›E@Ww¬ÀW^ @Vò…@V¼wÀVªÀVAÜ@V0¸ÀU£¨@U .@U .@T­ÀT$ÀT!`ÀSä»ÀSÖ;@S¾€@S‘­@SK@RÞa@RÓÕ@R§@R†ÀQÈ4ÀQÄ@@Q´n@Q¤œ@Qƒ¦ÀQ‚U@Q}@Q]k@QZÈ@QRß@QLGÀQC@Q7/ÀQ4ŒÀQsÀPþ@P}L@P}L@PyWÀPnËÀOØ€ÀOÐ—ÀOÏF@OJÀO'×ÀNðxÀNðxÀNÊ=@NÊ=@NÆHÀNœÀNS–@NPó@NNP@M¦áÀMlßÀM6Ò@Lö8ÀLÉeÀLÁ|ÀLÁ|ÀL ‡@LT@KóÒÀKÅ®@K¿ÀK»"@K¨­@K¨­@K ÀK&(ÀJýJ@JYÐ@J&eÀJ
¶@Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> ckowalczyk@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com foss@grueninger.de hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com varkoly@suse.com varkoly@suse.com varkoly@suse.com varkoly@suse.com ddiss@suse.com varkoly@suse.com ckornacker@suse.com ckornacker@suse.com ckornacker@suse.com ckornacker@suse.com ckornacker@suse.com ckornacker@suse.com ckornacker@suse.com nfbrown@suse.com ckornacker@suse.com mc@suse.com crrodriguez@opensuse.org mc@suse.com mc@suse.com mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de lchiquitto@suse.com coolo@suse.com coolo@suse.com coolo@suse.com mc@suse.de coolo@suse.com mc@suse.de mc@suse.de stefan.bruens@rwth-aachen.de meissner@suse.de coolo@suse.com coolo@suse.com mc@suse.de mc@suse.de rhafer@suse.de mc@suse.de mc@suse.de mc@novell.com mc@novell.com mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de lchiquitto@novell.com mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de jengelh@medozas.de mc@suse.de coolo@novell.com mc@suse.de mc@suse.de - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to
  suppress sending the confidentiality and integrity flags in GSS
  initiator tokens unless they are requested by the caller. These
  flags control the negotiated SASL security layer for the Microsoft
  GSS-SPNEGO SASL mechanism. (bsc#1087481).
- Added patches:
  0116-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-cred-option.patch
  0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X.patch
  0118-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-for-SPNEGO.patch - Remove incorrect KDC assertion; (CVE-2018-20217); (bsc#1120489);
- Added patches:
  * 0115-Remove-incorrect-KDC-assertion.patch - Fix for resolving krb5 GSS creds if time_rec is requested
  0114-resolve-krb5-GSS-creds-if-time_rec-is-requested.patch
  (bsc#1088921) - Fix CVE-2018-5730 and CVE-2018-5729 with
  0113-Fix-flaws-in-LDAP-DN-checking.patch
  (bsc#1083926 bsc#1083927) - Fix a GSS failure in legacy applications (bsc#1081725) with patch
  0112-Do-not-indicate-deprecated-GSS-mechanisms.patch
  This upstream fix supposedly fixes the issue resolved by the
  previously released workaround done by
  0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch
  (bsc#1057662 bsc#1046415) - Introduce patch 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch
  to all legacy GSS client applications to workaround compatibility
  issue by setting environment variable GSSAPI_ASSUME_MECH_MATCH to
  a non-empty value. (bsc#1057662) - Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch
  to fix CVE-2017-15088 of bsc#1065274. - Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch
  to fix CVE-2017-11462 of bsc#1056995. - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of
  LDAP service. (bsc#903543) - Remove main package's dependency on systemd. (bsc#1032680) - Remove unneeded prerequisites from spec file. (bsc#992853) - Fix CVE-2016-3120 (bsc#991088) with patch:
  0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch - Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
  from rev128 of network/krb5 (bsc#982313#c2) - Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111) - Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942) - Upgrade from version 1.12.1 to 1.12.5.
  The new maintenance release brings accumulated defect fixes.
- The following patches are now present in the source bundle,
  thus removed from build individual patch files:
  * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch
  * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch
  * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch
  * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
  * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
  * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  * bnc#912002.diff
  * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
  * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch
  * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
  * krb5-1.12.2-CVE-2014-5353.patch
  * krb5-1.12.2-CVE-2014-5354.patch
  * krb5-master-keyring-kdcsync.patch
- Line numbers in the following patches are slightly adjusted to fit
  into this new source version:
  * krb5-1.6.3-ktutil-manpage.dif
  * krb5-1.7-doublelog.patch
- Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.
- Use system libverto to substitute built-in libverto.
  Implement fate#320326 - Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for
  terminating null character (bsc#963968)
  with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null
  principal name in request (bsc#963975)
  with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when
  KADM5_POLICY is set in the mask (bsc#963964)
  with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch - Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  to fix a memory corruption regression introduced by resolution of
  CVE-2015-2698. bsc#954204 - Make kadmin.local man page available without having to install krb5-client. bsc#948011
- Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch
  to fix build_principal memory bug [CVE-2015-2697] bsc#952190
- Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
  to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189
- Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
  to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188
- Fix patch content of bnc#912002.diff that was missing a diff header. - bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues
  in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
  patches:
  0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch - bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message
  patches:
  0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch - bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name
- bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries
  patches:
  krb5-1.12.2-CVE-2014-5353.patch
  krb5-1.12.2-CVE-2014-5354.patch - bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- added patches:
  * bnc#912002.diff - Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch - bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
- added patches:
  * bnc#897874-CVE-2014-5351.diff - buffer overrun in kadmind with LDAP backend
  CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch - Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
  krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch - denial of service flaws when handling RFC 1964 tokens (bnc#886016)
  krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102) - obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
  similar functionality is provided by krb5-plugin-preauth-pkinit - don't deliver SysV init files to systemd distributions - update to version 1.12.1
  * Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch
  krb5-master-gss_oid_leak.patch
  krb5-master-keytab_close.patch
  krb5-master-spnego_error_messages.patch
- Fix Get time offsets for all keyring ccaches
  krb5-master-keyring-kdcsync.patch (RT#7820) - update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches
  * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch
  * krb5-1.11-pam.patch -> krb5-1.12-pam.patch
  * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch
  * krb5-1.8-api.patch -> krb5-1.12-api.patch
  * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch
  * krb5-1.9-debuginfo.patch
  * krb5-1.9-kprop-mktemp.patch
  * krb5-kvno-230379.patch
- added upstream patches
  - Fix krb5_copy_context
  * krb5-1.12-copy_context.patch
  - Mark AESNI files as not needing executable stacks
  * krb5-1.12-enable-NX.patch
  * krb5-1.12-pic-aes-ni.patch
  - Fix memory leak in SPNEGO initiator
  * krb5-master-gss_oid_leak.patch
  - Fix SPNEGO one-hop interop against old IIS
  * krb5-master-ignore-empty-unnecessary-final-token.patch
  - Fix GSS krb5 acceptor acquire_cred error handling
  * krb5-master-keytab_close.patch
  - Avoid malloc(0) in SPNEGO get_input_token
  * krb5-master-no-malloc0.patch
  - Test SPNEGO error message in t_s4u.py
  * krb5-master-spnego_error_messages.patch - Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct. - update to version 1.11.4
  - Fix a KDC null pointer dereference [CVE-2013-1417] that could
    affect realms with an uncommon configuration.
  - Fix a KDC null pointer dereference [CVE-2013-1418] that could
    affect KDCs that serve multiple realms.
  - Fix a number of bugs related to KDC master key rollover. - install and enable systemd service files also in -mini package - remove fstack-protector-all from CFLAGS, just use the
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs. - update to version 1.11.3
  - Fix a UDP ping-pong vulnerability in the kpasswd
    (password changing) service. [CVE-2002-2443]
  - Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options - cleanup systemd files (remove syslog.target) - let krb5-mini conflict with all main packages - add conflicts between krb5-mini and krb5-server - update to version 1.11.2
  * Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch - add conflicts between krb5-mini-devel and krb5-devel - add conflicts between krb5-mini and krb5 and krb5-client - enable selinux and set openssl as crypto implementation - fix path to executables in service files
  (bnc#810926) - update to version 1.11.1
  * Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC
  * Documentation consolidation
  * build docs in the main package
  * bugfixing
- changes of patches:
  * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif:
    upstream
  * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif:
    upstream
  * krb5-1.10-gcc47.patch: upstream
  * krb5-1.10-selinux-label.patch replaced by
    krb5-1.11-selinux-label.patch
  * krb5-1.10-spin-loop.patch: upstream
  * krb5-1.3.5-perlfix.dif: the tool was removed from upstream
  * krb5-1.8-pam.patch replaced by
    krb5-1.11-pam.patch - fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
  CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif - fix PKINIT null pointer deref
  CVE-2013-1415 (bnc#806715)
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif - package missing file (bnc#794784) - krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc
  (bnc#793336) - revert the -p usage in %postun to fix SLE build - buildrequire systemd by pkgconfig provide to get systemd-mini - do not require systemd in krb5-mini - add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc - fix %files section for krb5-mini - fix gcc47 issues - update to version 1.10.2
  obsolte patches:
  * krb5-1.7-nodeplibs.patch
  * krb5-1.9.1-ai_addrconfig.patch
  * krb5-1.9.1-ai_addrconfig2.patch
  * krb5-1.9.1-sendto_poll.patch
  * krb5-1.9-canonicalize-fallback.patch
  * krb5-1.9-paren.patch
  * krb5-klist_s.patch
  * krb5-pkinit-cms2.patch
  * krb5-trunk-chpw-err.patch
  * krb5-trunk-gss_delete_sec.patch
  * krb5-trunk-kadmin-oldproto.patch
  * krb5-1.9-MITKRB5-SA-2011-006.dif
  * krb5-1.9-gss_display_status-iakerb.patch
  * krb5-1.9.1-sendto_poll2.patch
  * krb5-1.9.1-sendto_poll3.patch
  * krb5-1.9-MITKRB5-SA-2011-007.dif
- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
  Controllers.
- Update a workaround for a glibc bug that would cause DNS PTR queries
  to occur even when rdns = false.
- Fix a kadmind denial of service issue (null pointer dereference),
  which could only be triggered by an administrator with the "create"
  privilege.  [CVE-2012-1013]
- Fix access controls for KDB string attributes [CVE-2012-1012]
- Make the ASN.1 encoding of key version numbers interoperate with
  Windows Read-Only Domain Controllers
- Avoid generating spurious password expiry warnings in cases where
  the KDC sends an account expiry time without a password expiry time
- Make PKINIT work with FAST in the client library.
- Add the DIR credential cache type, which can hold a collection of
  credential caches.
- Enhance kinit, klist, and kdestroy to support credential cache
  collections if the cache type supports it.
- Add the kswitch command, which changes the selected default cache
  within a collection.
- Add heuristic support for choosing client credentials based on
  the service realm.
- Add support for $HOME/.k5identity, which allows credential
  choice based on configured rules. - add autoconf macro to devel subpackage - fix license in krb5-mini - add autoconf as buildrequire to avoid implicit dependency - remove call to suse_update_config, very old work around - fix KDC null pointer dereference in TGS handling
  (MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530 - fix KDC HA feature introduced with implementing KDC poll
  (RT#6951, bnc#731648) - fix minor error messages for the IAKERB GSSAPI mechanism
  (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) - fix kdc remote denial of service
  (MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529 - use --without-pam to build krb5-mini - add patches from Fedora and upstream
- fix init scripts (bnc#689006) - update to version 1.9.1
  * obsolete patches:
    MITKRB5-SA-2010-007-1.8.dif
    krb5-1.8-MITKRB5-SA-2010-006.dif
    krb5-1.8-MITKRB5-SA-2011-001.dif
    krb5-1.8-MITKRB5-SA-2011-002.dif
    krb5-1.8-MITKRB5-SA-2011-003.dif
    krb5-1.8-MITKRB5-SA-2011-004.dif
    krb5-1.4.3-enospc.dif
  * replace krb5-1.6.1-compile_pie.dif - fix kadmind invalid pointer free()
  (MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285 - Fix vulnerability to a double-free condition in KDC daemon
  (MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284 - Fix kpropd denial of service
  (MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282 - Fix multiple checksum handling vulnerabilities
  (MITKRB5-SA-2010-007, bnc#650650)
  CVE-2010-1324
  * krb5 GSS-API applications may accept unkeyed checksums
  * krb5 application services may accept unkeyed PAC checksums
  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
  CVE-2010-1323
  * krb5 clients may accept unkeyed SAM-2 challenge checksums
  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
  CVE-2010-4020
  * krb5 may accept authdata checksums with low-entropy derived keys
  CVE-2010-4021
  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery - fix csh profile (bnc#649856) - update to krb5-1.8.3
  * remove patches which are now upstrem
  - krb5-1.7-MITKRB5-SA-2010-004.dif
  - krb5-1.8.1-gssapi-error-table.dif
  - krb5-MITKRB5-SA-2010-005.dif - change environment variable PATH directly for csh
  (bnc#642080) - fix a dereference of an uninitialized pointer while processing
  authorization data.
  CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) - add correct error table when initializing gss-krb5 (bnc#606584,
  bnc#608295) - fix GSS-API library null pointer dereference
  CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) - fix a double free vulnerability in the KDC
  CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) - update to version 1.8.1
  * include krb5-1.8-POST.dif
  * include MITKRB5-SA-2010-002 - update krb5-1.8-POST.dif - fix a bug where an unauthenticated remote attacker could cause
  a GSS-API application including the Kerberos administration
  daemon (kadmind) to crash.
  CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) - add post 1.8 fixes
  * Add IPv6 support to changepw.c
  * fix two problems in kadm5_get_principal mask handling
  * Ignore improperly encoded signedpath AD elements
  * handle NT_SRV_INST in service principal referrals
  * dereference options while checking
    KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
  * Fix the kpasswd fallback from the ccache principal name
  * Document the ticket_lifetime libdefaults setting
  * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512 - update to version 1.8
  * Increase code quality
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service
    principal referrals.
  * Disable DES by default
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
- fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
- fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl - add baselibs.conf as a source - enhance '$PATH' only if the directories are available
  and not empty (bnc#544949) - readd lost baselibs.conf - update to final 1.7 release - update to version 1.7 Beta2
  * Incremental propagation support for the KDC database.
  * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
    framework that can protect the AS exchange from dictionary attack.
  * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
    allows a GSS application to request credential delegation only if
    permitted by KDC policy.
  * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
    various vulnerabilities in SPNEGO and ASN.1 code. /sbin/ldconfig /bin/sh lamb69 1553779013                                                                    	   
                           €   €   €         €   €   €    1.12.5-25.1 1.12.5-25.1                                              sbin kdb5_ldap_util krb5 plugins kdb kldap.so libkdb_ldap.so libkdb_ldap.so.1 libkdb_ldap.so.1.0 krb5 kerberos.ldif kerberos.schema kdb5_ldap_util.8.gz /usr/lib/mit/ /usr/lib/mit/sbin/ /usr/lib64/ /usr/lib64/krb5/ /usr/lib64/krb5/plugins/ /usr/lib64/krb5/plugins/kdb/ /usr/share/doc/packages/ /usr/share/doc/packages/krb5/ /usr/share/man/man8/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.opensuse.org/openSUSE:Maintenance:9926/openSUSE_Leap_42.3_Update/571efd8762c279690e1aff125557475b-krb5.openSUSE_Leap_42.3_Update drpm lzma 5 x86_64-suse-linux                                                directory ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.0.0, BuildID[sha1]=4267f7b9892f4782a6c16ee5409bfaa01fc4af55, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7c8de783aa4a4749bb65b816e4f16a5d4bfef292, stripped  ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5482adfacf90b1c33f0f3c8cfe684c93f9a20633, stripped ASCII text, with very long lines troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)                                                                                                    R  R  R  R  R  R  R  R  R  R  	R  R  R  R  R  R  R  R  R  
R  R  R  P  P  P   R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  	R  R  R  R  R  R  R  R  
R  R  R  ÇáJCáŒÙG†0DúÜÖ   ?   ÿÿü0   ]  € ÿÿÿÿÿÿÿÿ "ÌkÀ%yØ„O^èˆÍµ§Ð¶bº2eR¶Cë±LŒUR3
:¯`Õ²Ô…i–4Ê3šäiµ˜ç¨ðáAc½®MP¤¸ÕlûeŒÛÑ®è,ÆKh­TÅ0P[Ùóíþÿ¿ü4ôP&ß~ýŽù+h"8‰“È-µ	xüÃ‚Ç”‡ƒah³)‘‚bõz2p¹ªÕ$RFm¤fåôK¾Â¸í´á6pÐOü|fÂ~‹ôG¯à€â9éÃÉ$”¤ò	òÀ<{Ù5W]l—£)J'ÌMNJç¯••S;¹Ù9ßþuÏÜâ¥ÙF¨žU¶ÍÑœÈáWÀð–fc9¢†;qóÕ¶Èsë±0ÎÜþ•N<—æ¦¸îýòÍxFû˜QL43J56ý¯Ð†¿JŸ‹ª–™~^LËY‰ ›ûQ
¨£@5
1Aù‚ð­öã°]7ÇS{ð•®ýþ<Ë°&qßYîy—·@ÏJ€¤gjl
X†Š$dž€–ø£zYfMZd¼NÓûŒ†T]…‹pþÝÍÁ[ßR„²Dð¦6!¥øOÍ_yYˆã —?á9 ³jÌBb‚‹<#6Hëtv¾Ž²ÖÈsªý®d¹ßê.ônl ãPÆá§Y÷` `‘ùÙH¼¹ hu1)‹wø_ÿÿŒdƒªÂ¤†~H˜°p ÷GMy6Õ“bM…/@üÔtÔ*~ïóG¾À˜.4kcMÏ÷‹/ ùfÚo°D^QcfDÁªý‹xbkÙ}›l¥B/Êä%01yèõeiw™ŒîÓ&‰ÅZ¡éã”³ã’AZ÷G0ßˆ¨ÔÚó£FUFÿ*›Ç+k~«í·2˜&Õd–mûº
œ?w€75ÕHÐ†)ÿØiE—Nñ‚Ù“¬¸a7í ^çÁÊÒa-`>Nà’g:IÊ®Yô<¶ø •N[ {ÑqŸ5„1&Q&[0›P¿ø¯é‹b-wqF7ˆœQ*|æÅ4¦à›i;g}‚D[»8¼Ã;eGçåP‘õìÀYÛ÷Ý±i‘Ì•íÅÕ¡¢ÉqÐ0IÍŽÄ`dr7ß]j¡_ÕÚ¡ÅwÌãˆâÉ”AÜKÆm[©éÄ˜ëÁë—(ÓŸÄ»Ò™øôÓ‹®T¤ð{OÉ|Ê]FŸ?=/*Y·WÒÁ`3dco4àÀýði±‹@QˆÁºY5N0­4Hþ036‘ÄÁ+çÏþdoþÊN^ãK9-Ã¶*€¼‹\÷µmßÍ<ÉVh¸¯ùR2¢øUòÿûÕu¢˜0+Ü)I²˜æ¦Æ:y‡´|”\äG°WÒ9À>F=	VŠé‘~$îƒÕ˜P†Èü·–î+¬úG¨øÆJS÷k“ûê»ÌÁÃ¥äU ¥'qjŸ-ÎÇÊòW+¨WÀNÂë%Ú2Ó}bxUÌf+ò’hu'<ÓƒåO+Ã@t<*Žd( á:Š"!€UÛ¤ºåèy£MBdYIìãª¬£	 JV•˜™ñ²Œ›ýd×²+œXÁžå±ˆçÒR²Òµh>¯¥/‰•QÂØ1)à!ÐkGjäž.™²K•Ë°u‘ìÃtÃ‰+¡u2ƒIS9cMˆ$•/Ã~Ï2ß™7»®ìJŠU…¯6¨À(ÂSlalÛåª;zWNi·‘±ù\€s-]›…P4s?;ÉœRÞœi/ëWI$4¼Ç"I	8‘(Ÿ
oK‚.9RÙÕ‘prx”iÂx„—	Ý=Ö´îj0îŽz=Óˆ˜%øø*#ƒ’”Èáq+>!A¬L+-fµ3Û#ãîk¸à‚”þCe‘bÙLÞw·¬Ê¬hÆÓdœÞfØ¨èÙÅºeù WŠzo¢öÂÕÞ¤¯À˜åg‰ä¥©v‡SlóbüUžÜûí”ns³åë2ø8Z¦hä:×{‘©/ùT\ÈŠ%câ‚¸Õ©„þ“·G¹îÁŸ*ÂÚ!Æ$ÝÄq5!¬¹)j‰Ó\“XkÕÏ©=êQ•ÁÈNŽþG†,ÉQÕÊÂA8>ïõ®Ã¡Ó,È$îIuÈ•W%G£ƒÅÉð¿9”W3ÏU=H+‚…I×Œ Q÷‰Py€ÓÎ*Å.dS»?È<”˜o5˜úíœÈªÅ|
ßF¢7èrgºŸ ‘ØŸ¿/±Ö)ÛšŒ+š.Ñ:×Ô›³å‡ÒÜˆØ¯|L0èr%/'uOä’R•¼ý_ ¶{½	Ár v¢pÐsÃèr>÷&š @¨0¢ëlPÒg³e¶¬‹^ÔµÒ1Æ¢1$EA×ò’¤ -7à{ÐŽlÕ–ÍÀ?þ‘Éy°«hK‘’.OÓ±ç´Ùº™~o¦4BšÈW;‡¯0+6’îBúVopY+	Å<“9tIÉÂWÊ9/8Ãê‚T,°eô_^CN‚h¬´ZÈ~“-&K@€b¹p¶DK¼„ékTzÈò–Åú³­žE>u[½ ’7Oçtƒ?o(ÙÞƒØH6ê¹»5apîÚÄýÝQ"{»ò’ Æ)Cì˜E^ÄÂ ônv’vL®.‰3¥á}ãÊ˜V2lÑˆÄ¥1c¾ÛÝ‡DL¾ê<2«hmæCói?5YåÃ‹'8^Lâ¹7Åx¶cúbÅØKƒ¼bü"Ë±`½,:âŸ&ø]”9Â~V€”ðÜ­j‘Wuãíd[Ô_Ô¦+^FÛCyqvYÙZ»ÐíG‚ÆÆ®¥à×GL#30ïÎGh2'xÊæ»èÙ 7æ’&óQ†<8à"â‹1äuhN¡'!’êûõžmD·CÂ‹Ÿ¶ÙmµBˆj\ÐÁú#€µµé>äÜÛ×±ç{Ôÿ¢0MaMŠvÑxeS\£uÙùðó“¢L·j+v@·ëYlîo|>Üx‚ãƒ*B<ñjn"—gvi;qÅPü86ùAvKZžálŒæOìU»ñòŠÞE$/9h`W N}[¥3Ä~JÀ¾ñm+Ô]Ø£áó‘_¿Rƒ0ÇJiô›/å†À Ó›Òƒþ(nõO”\àà.Þ’:CJ@(¼ýœhºn¦G¹7«þzwíì‹}ŸáÌ5†û;¦køÓ5–è˜%­|g­ÊŠŠEKÑxšÃøxÀEÔ¼¸TÜbYBßøˆž†\Y¢B)!tÐ:Þ9;˜+ÃKÃíh3¥Äe Œ“kÚ>ð/|·„ÞXËÿ
 }Ú:º:¸úZ\_¨]
eÓÝCôk—4ŒT™¶æŽÓj~HØ\$Òk‘èi$R»Šþ„‚vé³¦3FÁ@û½’'Çdò´sÛÔE˜IŸ€-øKðëcÚß ë¦ÁÚò/#¦<v÷ÕOÎôµédœ^Ù{žlËÐ,&+—ê7ÇEsã¯ÁG.uËrÚà&5Ñ<%ÔT4vl¶•Í°ÚŒ~Dq_Ë‚!ÖÝ¨ÏÜF8ÔÚ ¸—ëx¤Z¡±Áý7Þg×VQ‘4	hl>P=“x»ñ‹‹õÊˆ†%”‹`ÕsPÊ
”¿g"¥¦Ö¡y2e—•
>´Í´·ÖÙî@’húètž\Ô7›Ùá°“èÐþÂ–QhX’ÒµeªÑtÕ+AÆ·>Ð|íŸW_žC1ÐîgÍvª8òœµÅÚüÂN¢)„—¼%½ßK4wIî ñÆH ºÑ!ŠÌî(·°ñÊŒVlÂœ¡úÚ‘âæÂ“·Úû‰COò±l7 	ï»àü¼xJØì‘Äí—Ö©§x6röEŸ%Ú$‘š³C>”›¨ŠvÓa§–E1z5£‘ò¤OÀß–Yý÷–®¦S‡àE.,¼ûÌkN°ºCÈß•ôÚ~ØÞëÄ´m{“T’ûÂ™éOoÐc‰ÿúé7yeøæk°ë²µò93Ð÷2
´¢u­âô0°UªÚm©*ÂS_*l)PpÀÎë”³}ƒ ¿V69`Få\Ì‡ô—w1É|—›"¿:Tî«ºDY$©ßÝE¾ 'ÇÅÐµÑŸº¬ß62Õê¤ÛbN|ìHHé<4Í-jâ"az‘Ýífç¢gHËªQÝÑ@ìwê9tç`JtQ”‹àÒxn|Û•«ëwæVpNÛ‚•ÿ%þ«×ˆÍ‹1õè?Êû¥Yn»!UÓ+î&Õ6|/ÖÈ²´¢m¾Ð¦IÞïqýÛ¾G|ÈÐGÔ0T„Üæhßy‰*þ¦Y1ò]¯QÄO!m2ô$
V¯”ÌJ°­T	ôZ¼³Ü–ÉýãÛkàB"}n§¥Í{_usÂÝÈ%l-®Õå€ Uµ„_óA8mqd<yÈB>Y¾’%ð¼Ó’fq-^!¦?×¦ž³œ¾•u3·f9’Bs¸Õ¡&•Gá|#@(£¥J1gÎT+Q¿ƒç´Ý¦ðw~O–mŸ÷³'á	2wÏ.åæÅÆâÑ Ô£Ä+…ÿBKËåÛÝÅ(³AìàIÍ¹#’i‹£qäØµŸDjÂÑÏ5ø^ÀfëhåŒ¤³;É_“;¹ƒ~âë´bÆÇ¦7‘m³$e}"ceª.t'š+k£i?[u{ßÿ?™.ó%ªÆ‡v™:Ü¥Éx%¿–P‚·HÍ£ËèøÌþÃ2)ZÎþò_Û}–9ü$ÜwC¸Ê6Q;uë½CxòQUþDhK÷“>OØÐ€S;ß¾Äû¤KÃ`wÚ \wç¯µKøoÅ`óª³y'@]JîÇëeÙ0¬Á˜lc—…“zZZ­îd ÂÝ,wm<å‚Š-»Â´–ÿªe@fwgÈ,6ûH]’=¹õ7M÷[Ýbÿ¥§…ºŸ<£µ6{6zH¼(¤¦&²ö½+œ±ù¤àô»öÔý=SÙ¼Ì FÅ(ý¾uJCd@ØDàþd8À3˜^NFØ½	PàÀß©
‹	¥é>1~"	âÕ{†AóÃ…°¤xLÂ¼L;á¢šƒ¨tÁ¼½	Ï…gÄ˜CTß¬÷¢&~ÀT¬%ÀM ˜hbqäœô°KÎ+¼Ë"©3ÉŠŸJCÝù+L©"’›_(îŸ {-2sxþi0w&ÊÂ®X…ÎÙÏÄHTÚ#p	qÁÆ£ ¾”q/³Fe|±£~¨2a®:šäü„’·çdÿd©
AgóœV9—3œòEëÂRzÅ õƒŸÈö$“ÆaÓë¾-ÆØ^B†VmñeS(›SàÝ%ÉÅÞŽ¿9¾ï'›q.¨¨’ëÓô'}Ù)ÉŠ€@Ô¯)ú7y¥RK›æÉ¡ãÓòl©³Ñc¤>ƒ¨Òº}—M‰[´‹ÝÒE<Ú€#çÈõ¼khô˜«t¾l™6ü Æ½¤gó±QÝ2Ãìº§¬@oå„#3'2ŸDÇ—å	TGWþ?Ñcr¥ƒ—‰àjšÚBsÌ“ž•„	96±=ß+gp*!.‹ÛÎz£<AÅmHm	i!úØlW"Àø³P(ø¤e@2ª³;^Ÿ‡9"Šä]Sàv¸IÑlGU`po=êMàñ¤°t(Ô¬*±„êY¤Èu‡Û"fÈ¥á×	ÙÙ¶§¹Æ7Ÿ`E­N§c„QÕhg«£w•GÄ4ÇOo}B€,TNvd wuâñþ·°g€6H›…{
²âõú¤;?ºˆwL<4lybÏ{M±¡Ãïç9úÞ eŠ}dcoý¯$ÉœÓˆéø»„_Ù¯N:6åm³æÐ\wÍ3’ôú*e€ÕN ç˜tA°Ö™;²EÁ`7œW7b'êg©Váq§ I‡€>ê¼JL J7~š¸ÇzG¬Ó$MD;±fÑmòr9ýÑ3ø@ÌwøI½ÎMÚ×R0–*ÉÆW÷0;B*èx%êï:¬ràÈ–‘UI0ýNôPGG³ñIú£*EŒ5Ùƒ~óøß.]Þ	ú9ò…O9ìŒÑ¯¨F¥ÙaF±òûGÕÝþ'äv<*.§¶tªŽíÒ?uVAEâƒ	®eÔ—p@£æÒ©tƒ™L¾N7Ç8ålè«Q„jôçdlŽñÑ`½×<ß¥ sô©Š„?çð5×O›6Ÿ7Qøz^”(SqÊ[|1a5Ü^
UVoL"á_4‚ ••ë›./—õð)1vËçôÚ0Ûð#èžæñ œ2y\™¨¹LU‡“ƒ‘÷ÄÛÎ8•ÓÓ²Ì‰ë‹rvÊªYµköë{Ž‘™h§CGsÈÛ•¯úe?f[]"M]’AÁÕfÉôÏ¡7ÙKX>Ùb®Îná6&g–ßqR±çºµµ÷QÓÝjDˆìµG¢ÅúÈÜ
¿%£¨ôÐÏôÔn#¼×d[ä¾yrÐ]‹ši‚ï@<âð$KuNe€/üºÁ)ÕÜ¶ÃCîÌ{›Áppü?¨(1×Qˆ¼ßìØ¢«co˜¬=“G„ZÑöÑcâ“Â„Õî- HãŸ»8ÎÏŒ<)F¯£8²Ì¬Éù«5T~”çÒI!_º_¾žýÙâÂÕÆõ¯HÅ–ª‰rÀt¬T¦‚¹Ÿfw”fß@×¹ž›ŸE¬‚†¦ë´=4§2èœÍ+ú«Ht®>°Í .²×bÍÕ–ðmÑéDøRë8êÃ§»LÏ‘¼ŒT¬¼Ý%môA§2Z¨Ê§Êµ+z¶¼¤­3s:T‚ËÙk'eìÄS¤Îefa’–*Ü<¦—0ý–KÔ:‘La†]|D8hÚczNÄºŽÛr(¨Éç²"å“d>Ó»†©šG/ªC/S”è2åÐE/e_"ì±ö…£"…[÷«Uþçðº¥ó]±îä„$€_œfñH¸/pI@¸dý‘ÈÀp…L$Ô:Uôí7úÖf˜¢6ÄÂÆx§@¨ÍRNôøíy­¥ì‘o±?hšÚzÐ^Ú¼¥nãåÃÝŠëßGi#úxÁrPS–Œáy¿,^†26Í×èÄ—-š'^Ï)<é:‘í+ô…ïwo­©Yë¡Õ=|Y#—tY¶ª•é4vœþfŠÛöl*›5W8‚õ½ð*QŸ*Dëïïä­ŠÉV5Ì\Y5ƒÜbÞGK²Xm·1£ÂŸ˜^n³2Aí'
ó•ÓóÒ¯3º-m§ð:n‡¼Ûdxñ‡øj›®È~—,Ú“%O}^»Txï¼pÞtä­¡›Ü(I®ØwÑ¤:åÚ–1æ"Ag”øp?”n$aGA¤+ *\ãËfi I
ü‘šÈ‘ø*+Š»XÔv|îûÿÕÂÿ¨€x>™ùú—tCÕo±é)Ü÷#ÈPr«#3ÜˆxÉºSÎZç§Üiú†+à/¥¤\6ÔX@¼?H\"×c®Ÿ–°µT`øŽ_¤ça¼‘ÍG40p­á’­¾[TSÞwµ?¦‡à9ÔÙÈ•5(3ÂÊç†û3ß—Û¿k…ÏAÓÈƒyž÷ÕÌ/é€äxµÈ¾ŸeÔƒ2}HIX8¢÷Œ8íšÄÐd•|ñr²\Þï¯bO‹‰ÿŒHâ·RÓ¹úA¦Ê›&²Õp2âz¦“ç÷Ê7è!yÛ©~@’zÚKñÏfzUwîF\ºó­ FIzVyÝ7@ì—®(À.c×Íšb Æ“.fÜ{	Åë¡çã­œ(¯¡¯7›|¡Ç|ÿÓ¸»ØÕáDX‡+hvž1ÐÒ¹íf¼,4eœ?ûûs8Ê¾DÉIÉ^ƒÓ!f‡’¨}Æ(V9ZùÚ-ßæ²·èÝšfp}OUgN°PRùÕÔª?¢ÕœRK†«Xº¯§@ Ÿ_—o˜ÊN…û:5}øë¨áÍ5H%fã.7´Ó>ü@k]* 9Xm]ú:!y«Ï‡¿i^˜Ðrz›å‘T-’•¡ð‡ƒÆ¼Aqár£5¬ZrÝÖ±3¾o”eJÑÔˆ”œ·bÂ-e†Ûêh”•kP½ âS±Jå¼NšíãÇÛ©†Se,~³(6n0¥Ü o(Í
>n†õ¸®Cme0&”*X'£G§{Ä1‚2ÜR@ê¼*ÆPÃØDè¼?¡ÃæöXã˜!Ë'Ú#¼6b&Ix²˜nWÚí.]XÒJËÍhåÁËeZ&É’`îåèó‹eþ¹* “êwg¤ïçùôÕªdpþ8·Pˆ©õ‡Aù·™µ¢—…¬ºÛ;ÎÓû±(0$ÄÈn >TíiŒæzö.øüÆyˆ8ô™@µ— y¿xÿo‘[¬O‹Ñ'.è[×Ôö•	
Â¼HÝ–3¤hëä™êÍ%Ûf-dB²›x\6VyÁªg ùÆ
´Ü»ïPßTû†Ö+†è_WÌ® [—4Þ< è<ß¼P,Á5,@ù§n±×VþC© 5rè–Ä;TØGdûT¹YGšØ,ÿ”¶Ãkp€qï$“¨¯q–ugš?T³Ì³êÎzªPÌ4·`N™H†oa&Ê:¾h¸Óƒcšñv²cÛ´çÆÝéo²x—%²=e&ƒedó#iáŽøî³§¹Mv:Jº„ ›R+ÛÓôÍôÅYA6{mÇ”œŒ¸ëÄ9.‚z@ï±­‹<ÑÉ#Ž²ek[Ó'¥s~Œ	¼]¯@Õê«/	áÓyœ·Õ°Úù0aŠÀþ7fÞ/nsñ&‚£sKÎ[?[ÇŒXôG†­²WGÇ¡²(ÁÜ¡¡ùXÎö0s« ï½¿¯S®Ä=[Õ¬˜†C4û‡—³¥/×Wf¼D„¾q¶ÑM_HõpØy?™Ü%¸4³èÉÿÙ•ÖÃjó‡íms†<^lkV'pçö\ž¸!Áÿ¬Gs «>ÃÕÆ7³v¯jJ<Ð€ËuB0im,MD™”®hû5/Ýbþå4Kª:Þ¯oØ×žV|®.8šUôD1XÆIïòZwð'Zmˆ%²ÿŒ>€azâ†4öñ"•ª†Ôón•‰}iO¢OÐ”“òÐÏéÝÛÄH=ž¾×Æ‹¤Žf%›g~KWz'óëQ§£µÇQ€J–îï¥s4„wPÜLŠ…5VÜ·­¬öÑW\¡ÉIÞ)‰…&L?y®ý¹_{%5æ—*À2CGå‹Î—±Ä¿è’N&éÁ`—?JÅh„ô‰ä[S{Ð^Ï¿<Í0^#K»¤T>M£ÏwÌœ*îÕïƒ+	°Á	GŠã×CU¤ô ì·›	ÔT¨¦HÿÕ—ò±ž1["ü|Ó€qÜòFôò§Cn·R$í>·ñ¢_.¶¯
%x:Ù¼Ìšý©ˆ‚0]¼¼lN!Ü
„øþï‡ˆ‰­)U£¤«àïQcIzIy¿Ô{Ôk^÷+™ 91…YblÒÐâúYå+ññ>Éƒl¢êåäBÈVHÈ|Ä²6q ‡ø/".tlHd•H&%@¨àÍ¶õ¿ö˜yÞ>óÁòl„é3Ž5y#r¹’ØS¿[—àIS:m-[=@ëÓ ±åÛ×Œ4Fp7”ŒÁ–QO?~v¡è¥
–ßF:åÄd¹ ß»ŒZ÷Ÿz¼+ž%ÖÙ9RÛÍåg‘Ä„±çÈ5ÈjWUÌ¸É5‹,˜Aõ"M$~(èJ”Îôþb·&
0­¢x¼fñFb[LÍ«Ýõ2m¦7X9¼þ£Ã	“£uYG§"Iã‘u¤‹vºZÅE\}¼^2B§"·q»|ÉÄS ×š¨hÉ"'öü¨íe$o„Îúa•[4õ± ïeÙdçChâ)ßa¨Ù‹Òue‚ÜZÑ É=Õ|*£Æ>Ð<Å•Z»áY½\ ìa’@üpÚÕw1A…ÆÊ¾Æ”–w¤dì|¯ç:cÍºÇ8Ë[…>ù­ôcW ¿yFx÷òÕé\ó6í?ƒÔxƒ1h#¹De’ƒfEïðN'kmÆ‹nÝ¿Iú+ýÐß^>ˆŸFúT6…2#€NTù}ün+nº¨…$mê8–¼Qhw¨‚ë´Øj¦ò	µÂôÄÖ–B¸¬•Só¹^gHÿm¨Æš½N¦]d(à>
RsKäÔiªjP@°b`ÈSß|÷,û˜‚÷(§%€¶ð¹e§{-ÔÆYí×JíÈ?ê?]fëkzr7œÌ„“à­Jú2íA:Ë
T?›ÑþÈÓ$¬ªõ÷L^…ÈjŽ<;5²Ñ€œºŒ«KR4¤&ýÝ«p(åµ¯±ŸJ`ö7=+¢É‡‘-íø¸Ñ4YÂcl€–MpSQóMåÑ%Ræ%¡d$'n]¥Öí7Á*~1¢.‚Fk›äÐã€ûÎf»áù¬MÕÍþ‰	2„®	Œ|Ä½>o ïjpÄÉCj ˆTm÷D1ÍaRbù).q>FxSWÅ avÓgmÿ˜L*Ä³â¸3>,á†Ù¨(AñC×Ê}µjŸúSÚ“Î n¹ŒEÊ	­Ìã¤G¶½+orKHW¥ÆêÍ5¢œXÃËPshÔP‹áõdxEpä¯V÷Ç#ã¿<±¤ÐP°$©ÃÏ)-î©Óê°Om2} (×[hùV\€Šha»ÒnK/÷ó±›]Zå_'‘ Ñ0C"¡1%"M@á’pÙHéóNÑE¼f£è+o7spœ5—(éBÞo¥”H¢Â-)ªßýkÓæDdâ{ô«¬5 Úå“$l§6ð+ãøFoÔ0NÞ 7â””é.,¬Õ[öç—1 ßŸf+¹+síÈBfï8‰ùdrMÐ=Jyx{€¯›©”a8•vƒzqpž#OIÅô{ÆÄOéF>¬³[—ý—V09yœ§fnûráâØsýª¹›¯ìRë_%	&šÃ>×Â½x×yLÙ|¶@–+	zcEÊÓ›‘VK?aÈÃ54‚01HHZ;Â=#0Ú…ÿ-žåò1ñòŸ¡Éþ¹o{?ïd‘3@ä/e¦.Œ+1\™5vÕaA»ä[Ö\ö·òdÙ
`þ´ünzéÅÂ 2IŠèË¤»V2‹¾,L0ÄY¦(¥[‡:Üàœû‡™jŒÄ	›WN>NDÖnì|¿Êk8XcÓ™H‘cSEûƒqŽ˜ƒÛ¤þ(ÂŸZ¾Ï[\z€J5¢Â2ÐŠ‚ðEyæïÎD'©ùKêaÜyÆ±™o¾Áªþ‡–¿Fï¬ä±šk{4Ü´ªÿeÒx¬°ÆœJqyä0xy«³•¹mË(U¢gàßµÈ_ëuiû·ËîÉ­‘ž«’\aìíAº+)cŒé¼èv2û²
Eˆø :Û¼µþô_5ÃÎ=ÍŒ1‘­„…sèfílò}Xß`¥–Êš>]\G»há‰”Ë7ŸkËc|INèH¹Ç×y®ÎØˆr¯%ŠC;­^>‡‘º«Yœ[È»¯ý4´fñŠ"Ê³`Á	I6@+ˆÀ	Ì=©ÙµJ¤Ëá¡†òµ5îÄê_¯ÅÉTxÆðþãäªò¯5`¸âBšÔœQþ¦9áÓ­è\ÏGà®P¡á~|¸»äU*&µ„„n «(®¹‰!{;Õ×Â¬„¡1Î¬02§ö†È}‡þÂöEm.é¡–Ÿ^QZNëEyÚ*\É«&jÂy kgš=<¸Ï­@%m?_kÌ†_ýª{<©†t	¾{ãˆ¾àdÞ;³ñ&Ê³\ÉÏm#ã$™táÈ˜ÛAÂÓšHßS%8Ôý×²áûïåý¯‘xªFöI‘ûÉèš*±‚ïº’ß8@éh¶‹=Pá.ýg”Xê&O–ñKaXQ®™GÏµfù
0/+eñqee.RÄjÔ˜.S æó²,‚ÐœÞÏànC-ä½Ö3'¦·IÙ]*¨D ‰ ÞD3›ŠœóÍæÁ}ÈÎ"9F7h>ù@R1ÈÅ 7Lk^ ^á¨hÅÜzª•ž6âRqÛ`šRòæi­àŠÎ¾[: lWúQºs:°ùwÎy¹$äF_©uÃdï£ð&N ƒwàEþ³^ÏËQ)ŸVÅ=QX—ˆŽ½Ð\4Ym³5z?I÷)|!Xá>ÓäæPØÇ=„âç–c¢úy’Æ°÷rZíÃF@Âé,óÑ€–Ãà÷kt±æ0SgM#˜nöŒö­o½÷£z·žùíß>›å…³‰¾žtƒÂ	WÁ€1KÛé«ø”æx–`P]@ø,enÜƒ *	>*u“›²ãªÙ;ð]Ù^ð.æãã° jÕç,ié‚“SHn2™Üˆ…•ívÇbÃ,ˆ¤íâéÕõ/a¥Ù#<UœŠrž÷ƒÏÞ£ôe·±¿Z€ÌPpt¬.Öp?~9˜5ï)Ð@›xfÃû]³!ÕÂ'v%»–j°öÓ"öˆA(Òni†™PF¤U#ù–9ŠºÂåØâ#îkKŸ“:òŒÿçz‚›zãÐÿÃHîQå^–Á5Œ•ú‘oýØð ‡&èÁÓ°* ’_˜F•¹Éw·s…˜®î?—ÌnîÅ“žö• ÝCÚ@—OÏ\ byQúU—JO	?¶òc
wG\ºQ?fœÁ×JÈ’„rÄ¿54Þ³„³¡Ì©0~RtÝç^+ŒDþ¤ƒŽ²Óhê³V£ÿ4r*{›uµ?ûê±,é“¨§žlæÂ"™j3m|Ü6ÁFïï¬Í6F„Â8¨Óî•ÜIxÂŒq–W–µþ[<:à¥2éþS¸E\dd_.LxÊ“Ðš†â©Ž-Ÿt?¾9Ë—ü)Ê¸/nG½>ašj˜þç„7‚Ñ3‡]‹åj»–Î¾À5-e'!89(—RÚPâ4ÁŠù£‰@Ü zkB~_÷õ3ÃKdüoXÂš‡Ôý¨ð¢yö±í§Hé¶óéÖ«7GX<=9µCG¾F\Ní¶Ïð}TŠ JÚ"¦Ý¹æ›S}µö\‡j	p!—Ÿ€!e›~“z-l±¦~Œ~#Žl‘y zdÅî88M+MVÇòmg¼¹1Mû­ù>UB‹É–Y—qâŽÐ8–Ú¡æï7gìåz†¦Z‰7zZVÐí°‰x) ~^OsäûÏi	<nÿ”IÌcär”.ƒÀÛK¸u$âŒüs¿ÛŸzÔ1/Ì`užëVÐ‚qi¨ÇB©=1Áë×ÁJF½8€ð¥Ã–±Õk8íõwÙmUõhâö¥ä*.Øg-lÞ%|§P~*@ué•xÈó¦Ìî½}s›ÃíKÞi7`ùP…­Ë*oçSiRÌ{~)~ÝM¨= VÆC4Dj¶¡©¿ƒKtüÂž—ûi$Ù0OíW|’ûõzc
“|dWð7ò\ùÍ}Jìà«ÿ'Û*o$ËèS²®»êá°‚ßÃ^ò=ÍUná®¹Ùþ&J#@6ÝÕªº¨˜„|ý˜MwŸÞ.yè¬0Â£X¥b¥VòÐvYgVÀŒ-{t‡åÆ²üc"ï‘|Ié¯ryif2Mµ»­æ2pE´Ã]+¬TþjPiºUt’7 Z,ìú9u´.d%‰¦UºOòXõfŽµŽÀy­‚:ã×™zù¢`
­OÝçN[žëtéÈÙÌ¸ŠÌ¨–5¯¬6÷¬a«ÇÈÓCÀ*ºnšƒ(Ðà,:ÃÍ¼ºUÃ€×@•kÙi–M¸
¿SèÓ'R5+@4iXšRÆ­¾o9Â üôÀmB’Tüêæ²¦»¹þ·C"+P()Þ‰Tm¢:º	¯Ð'í{ )ÎÃÊ½ªrýÀ­XùãÊ${ƒƒ÷7]u:¢ÃÀót%ŠŽÛœmy‘( L¬yóe5”B¹ÈÙ1l¨¨»Tl˜ÒÀ³j‘zÀ{wK.„LµÇƒVñ`"r?ÿ_
ý[2Ù,È^;›­’“‹+ØãÝá“ÿa]£Ý¨‘ƒX´ øR ÅØòîv×^ÚTÂ¹\±-p)†fØódwÆ®Â<*eÛ'¥œÄ•È­»º|F
5–«rÎo~^¡u˜¢D‰ùÊuMÕ&°>‡þ+‹ñúcŒi¥µÎ4”ûJÂR  ß+âWóPáðî4
jÂc\!­óZ’Ž¡Ô‡³'5Sç;ÛñWöY‘m{¿¥÷Å·nÁêG	ï¹¦sA`a5påOôUOAÕ*€^Kâxm0mGâ}y”¡&C•17¶¨ºMUé»ðØ~…	£ãÉäEM_€Õá×Ÿ­Ñ499!¾`1_°LÅµ9,cùKm}FÞûŠ¯ã5HþqIpWÝÄq
š>C¨èŽàäuû´\ƒ$ìÀE~9t;t0JŸ<LhŸ'AŒ~øÈw27ùJ¥rNX®xl¡R+ð%4‡nï~Àu~“(€Ñë½†6à†lô6	—)u¢VqnÀZ ÿö¥^ÊB•Ü"O2Ø1F‚˜Hz÷Œwàõ‡ŒxÖJ¿ ±7ëhf`ùã*U×eå…¸áÿ)‘mR…;_[öùý!˜SÂüDÃø$5Ó Ev•áÇRE—Ê¦d«„µ‘<Tÿíi:ß\Ÿª\scÂ)ØíxÁ›Úx	áˆ—Z`šñã²¸må¸ñÑÁ¥Nð7tÅRÇQÞðÌ%3B¡É ù"-ÒÊDº’“^=ýËn•p\ÏË×Œã‰xîÍ²÷‹¨¤¡ÒP¬¹nš|ÏÁÚ{ePgsñÎ•–&¯
eþ¾¼”aŸóÿ´°ÀT»)Ñ`e”„ñŠ¢N6Góº–P’­]¹bÇˆp%«ÖÁGð¥–IMä¡¿¡Þ°ü’TLåG +ìè‰¢ÔzØkÿ¥ã	ðK*?olöUCwál6¼­èƒj)6
ÊÒt¸ÃÒð <u|¶Ÿ5ï >,áEÒ^ù¸È÷7“³ð™öã+žCbºÀµà«—ŠD8-…° ~{T±áÚZ5¾²¶ ÌæK-{õfáe#— F+85w“ˆ!ÀH±Ÿ*`4wS¯ªWêžHl‡âò Lw Á‡Ýæ³!9T‰C¼ÆÅ®¡”<ïßœ³éæç¸ym)n¸[zêAµ—Ê9‚PxñeKëìŒé–Fç^/€»†Š»PóÞb¾Ný±C¤(ãE«¬ã¹õ£ê‡›ö:>·©
Ð= |²0‘ïC*‘[Ç––(œé¼E_Ìô-¨Å·H#¦jßŒiÎ£PÉ£Ÿu[¦wsòÁB³(à½cÈ¨ôôÓö‘¨Ü?Tó¹;Œžù FSíŠÐÀ#¶„â]»çØö¶A.˜”]«f4Ž-­^Ÿƒè–öºrÏYp¶‰½qÖŽ&¥€ØEx‚;ñÇ{?’ëÔà2Gs"roRÑšÁŠÕûå‚Á“iœÖú¾ntÚ«€ð´"Ñ‘]p C<¯v’öÊµI|2Äzuþ¼y¯²A­ïŒäØ?\¨çÆÚ¹Æ&¸„¤énûG˜Ù¸„Âqu À°ÌºTµŒE/‚ùµÙ´FøÖ½Ö#³¥ ó¥Û#3È˜@ÆBŒZ²f…ókÔøBC¶y•!ÁˆLœ1»NûAÇ`«ÉŠe
‡Ž0Æ¾¬•{þ}irÒƒióÎ;=‡™Ñór…·I [–:÷-Bœƒ“«0´u,|Ïï¢Ö7I)çî²øï{Š¦\YŠ»óò*|zˆ iéÂö™‹ÙDWR\¼O€P1Q†ÏÄû•ïËG~GèLó4ùÀ¤¨Å3‡ÄôÄñe˜¸cøL©ÖZ­Èe‹Ò@+kORrSÅ2Â	ŽOOþ™@ì±Õ›š|3/Ö½Æ›‚=–¾ô…Ÿšº}kfžc¨D+½âu•p°jÀø.Øbi”w9P¹±“„c„	tâ ‘UäÐ
ÿÕ«A“tCP´úr`f»áPSdUoˆÛ2=§U>ç’'ÑšwÕÈF=S—§ÏÄ'Õ~	~þ7˜¿ ½ÉÖÒ@#ªFrÚydøR%„ôÁ:àØ£­¬ü†ÉHŠLÀxºøhÖ²”MQ'¼7äªþßÍª­J‚	Šp#~býLîäØIÊ·`2´7õ»òþœAPMõnB²sBJÖžp8Pqø[\ÎKØ(k—Ü$ú¼;ÞAt¯ß tÄðÐÎÌñ²ª+ªö'PÄ¬‚÷íØtJq¥F½©v,#­AÆñD¥ñ‘½fœ_ÂŒžïÚÔû€ew–e}ä¼¡HÙ.´ÞFI÷ ´œ(Tz†;àB+~<Z¦±ãðåa…°çìB¢6ì¥ZBÏUEj¿Ç…¹WÑTùl‹ :î9âÇõi½÷ð¿J4yT\‡ñšO"o!K‹Ë´=ä1È6&UñüEtøB« BµsxôÖ¤¹eƒÁB)¼$ÚÓÙ–bŽ‘/lípÆËÿ[ãÆ»”1Õ¤Â¯V,SÓœj2õ¼~¬HÏîðÀ<¢Bzr"‹^%âø8[lþ`~ä!#øÐ6¿\ªâ™$œnHºìù×G°“k2»ÍÒÝEÖÐ7ëÄ¨ÜI3³Ÿ~FyHßßƒ™®Pùví†|eŠãŠüWß¬¤:¿hU‚sïs¦ž*NÃ…P&†HïWá©GÈÆöLOìŠ¦‰q¬ÛmioŽŸ³o%SOkÑ«uéïeowÁhrt ¬±ß2ã¤Vù\Ñµ¾ŒrxY©¦oÝ#•¯Öiu0)Ì\9ažÂÞncX0¯‡ú¬¥×OHàvê’æN&ÍžŸö>KÏ£ê’ãüL­ÌiŸ÷P»¦W­!‘9%I°žP±1ˆ_ Ì2²Ÿ€S»$ {bÉ“.NïpõæÄše$æ,B^K’c‚+·‚­ƒÜ.GüÆçÅ%5’ª³¸S8_ýl´E(¿ø.Œ“Šþ	Jÿ#kæ.%YÍ»=Êx¦²ù£z:e1ö²Ž=‘ßÉOÙf)ÇDî­9St¼@‹ÔÉÓ?2éçf}È°8^G)oÛ5]]o¾P¯?i›HëlÓ*’'·Õhç§÷Øšô ìÈÉ4Î AÓ´AÌV²~}Ó(Ž·A¡V®žçÔÇw¾+øžNHFª3qt5ù~ÞVµßWÃ^ÉÑz½nb!LK^‚{¾}à½Ñ„Š´èƒ“,‚S'^SŽ<sQ%\X:ßØ¦ªa–AX,rHÿ?:dîÑSÄ¬H"†»<T…Ðð‡ßºK•[*^Õ›—»²‡Æüu\ŒtJs	õˆ/ïÉLjñh€8œÃ4hhÞ|··OaŸ³D¦5	ƒ–ÍñT–Å]d¥[ðŸ–TYÒ.¤ÈXÙ²yòã`ÓIA’«¡~ Ý3p(‰öêppDßr–¾ÊÖûœ’‹é·5oZç\øÔ¦rÜH#Í¬P›˜½µô\JFqÚZÕ&h@vHB¤’ùc1S·]*PVÍŸloÜ9”ç‡åq"Kf³ƒààÂÑhq,Å¹£®¾IõzÑÅO½I‘V¿ß*OEÌe|çh1‚ý=Žâ'@pJHÞ­Š«wÆE£˜—œÀ§„4Úƒ Ž:CjÇ~8ÈiÙ%:¹íe¬G`<: ý]“ØÉt© ×ê}Í(ò›bŽÍ%óR‰®Õ@Ê¥+ÌM¼«Æ¦æ™^ÕEaû_nma›wïÙ¸Hfmû6Ùã·8¼|ë
8ö9t÷ScãÂ[ Önþ"›‘oe.õÄëÐ‘h_°×kP›µŒÉ5ušºf/†0Gœyô5`$&^ò÷96V0ªwèpjL' *æô>©óBëÚ;‡AÎû"ƒö‰=î5*ªý”/_ò[ªGHÄÃë$JØ˜³Ò)¢jZ§—¸ê^óVÏLrÃo¡ÀŽUOe¾	ðpqô‡þY!×ÂCžYÝnÊRöúé9‚u•Ç²«¿?\
Ófë˜€ŽÜ"Ç+æH™{saElî.@üO¤àW5&ÜØÉh¹Sw
Õ9 äÈô&ã0¤7±±¹/Š]qV]Z!Ft³.¶.\yVY,Ì;ƒÕ ¨à0 ·6S¿9¾î97°°Ì+¼È©³Ñd.•Ïs‚ýÍ#6{éF}TôÇI>æS[óSÛÐ! r‹½kp0í$wúÈÁµ×¶÷6ùŠwBQÑ°bÛ*sâŠé,-ÌÎ¾ó”gãfáòÕqâc»	1XÉð?Pš–³¤YÝÐQwÜ–k¶6ÇÜK	9b%P†eÁ<Urè–£{j¥púšš¡´·E% ñ!Š×5©œÉMÅß;Ö÷º¸â^¦PJ_z<±]0Èà,ÃP¬Àoèä³}W´÷Wò.D?ä?–Ô…‡æ¼xBÜ°BÏ!éæ~èV¯!¯Ã¥©39¤@<nÔÐ%òX¾¡0‚RIÊù¦Mr½Õÿ«dŸÆ…{:÷WŒ6m!p„ðŸÆq‘h®/ÿÊ^\!]²«¾Îý&?ªIÞõÍ"ø•1fKNWìqð¯õ ºŸ$÷à#L’_Åîãßc0ðeË²h;`R»a‘‰Ü qÑüÝvÞô@ÎrD†×LP y*ß5¦÷’Ád”1†˜üÜÙó1ù–„\®–|v^°Ñ¾Œ0“¯ïÆQ—,¬ï®êU\®‰ÙOF÷8*òêœ0L›?wm•]CIË1¡·ªJ íEÁežƒbÅjNCËkð•ü~©ÑV@ÊìšË2¶ 9* á0«Ð’zTåKUG"IHøcŸ¹ÌÌîž‘
2¤öŸÄªAÊÓEóÊEjÀHÂùûÌÔCoö­hÜšgÅ…ÿ¾YàµŒdú@Wy Ä‘©ìùÙ¬U^Å'1-¨É@¶Eê½ÆgñmÚÙã}*´"—ù»Žñ¹±Vê~d˜êV!MdbcØö*RkWCÜ_(ËÒ‡:þkÉ#««x­~5$¬úÿ'|2ÙÞ^Q9äÝŒ,v,»,™(ÕØ1dMV¬ªLÈT#ÎæÖçêÄî™‰{q»`íT³
Âgºî›DîQí¶CQwùDìî’¡ÈÀìHâO¨°D£Æº2½A Šìú'ùvhæq"|Y£­‹'¼^Š	€3¶ÖfWÚYªñDviæú}Æ³}yÒ@W|ûÅó³EÚF&áY†âToÄ¾jÊ–ºBoA ìpôŒËÓCH‘ÊoôÍG»œÌ‚ÅðõæqIRâ—ó¨c{úëù ¦Ô§®ÍH{rêKû¡P¸”k²î×¨œƒÇ+U÷ Pêñ+zü—
ï¡ôÁ«{o;ÒgÏé°KˆšR½ÉÛÅ4G…Ô*£œº+E-KUÁ›±diCS´Ú»}.7"5J™ãX’L`ˆ„·"a	ÏÆjQ‡»¬4Ò¾7TºŽqÇï¬"ÑŸ ²’B…ý%ŸÍÔ£-fp!XÕ´}Ta'xæ´»>$(ÇRÏSv—[áá"FÀÓPå4j
ÄT³ãP·²’ þ}ÇÄÑJÙvl€t2™óø9†¼,%ŒéÔR9Ëz‰Pÿ
3@ºydn« 6O¦WûØ±jNhza,Ìt´Ïig{3z‹hK››^°Û§‰»’ÖR‹]ÈñugÃECA6šæÄþ6m®~  tÉbÀ·èÖÿ§Ü‰Íƒ2gh]±µß>Œ@¹gš±½2üÏ‰Õ,B[ÃàeÔ…%¿áã‡˜ú£©6:väÖkÇæ ñcþ0 |þjÌ
1¿†>OÐ‚ÚLDÜ\Œ—Û<1¿›j)ærôZ­7†+ÞßÃ¢ŽŽ Ù„ •ËC«[ç4ž:Ug2[vÿ]HûöœS!âæaŽ‡ï;Ê‹Þ—uûK3‡oá¢‡Š˜ÙªÓØ$b“b	AÒlÖ*5Õ™MŽ®Z|cÊEðm©û;ŸH~ —´éX3í´éA*Óv3*H‡YˆlyYQ·}˜ ¿#séì^bØÌ˜Åý–t®2èóý õÄ›øå}`#ð…o]”ay_+k	^%öQ4úNd7+u9¤"x9è=é„½Q@‹¢®m7u¶°Z 2;…xW¸™‰›kŠê‘Ùl8p` wôÆà»¸P¸¦QÔöûÑzÕ6f+YÇH¿ÛúÓ‘¨Ö!%c/#º	ýêÄw°‡†è;9êESå£Q¬PUÞTú‚ØQæ`,uÿÜÞVToèý0ùâ9¶«¾•_
QŽÜx„39`&Ù¡üŸ5¦ä Ë·Ÿfí•mæt)@™ÁQƒßªNÌÔ!ñII;Š‚zÁÙuÅà?%é-ä&3/ùS\^`4 04ËÍ“Ê(#Ý±—M+2&#ø.½[ÑÆfiañP	}.ô"Ã…26L ”ÈÚ°+»¾mfÖÑÕ>IÙÂ$˜?àø«æä"‚›×ÒˆìÜ¶ãÁ àº/Ê@þØØ¹q\ªmNØ³E>;8ÅŠ‡ Pk
§_{pq¶ˆ6¸Àô—›ðíg{Ñ´½|yëƒ_X¤þ¾"A§”7&·êþ?ûz!âç­GVY;ÞãƒAŒ"X®5©Í-Nr®ÀB¹QQb¶ÛÑDÁÝ¶pƒCë:Y8!R·Cgx&ƒéFÀUM¬hÙõ;\¾£ÇAð´œ¤?Å‰4Åa£la_±4>*LfØx°_"ó>§A=ÔK‰·!´¥"øÚÃóÃ¯Ù¶ÚJ¢¸Ö…k6àláê®‚É1a042ZÈ`é3ÙóâV04@Hÿþà–