������wpa_supplicant-gui-2.10-150600.7.3.1��������������������������������������������������������������<���>�������,���������������������������������������������������������f�p9|��#P��],Ȗs@F.,TI�/&'ڲ� nƏ*IIc_�Y�\"_TЗVЏ-�8#˥�,}�/i�*OЄ�paΊ{xNyni
awN@�ӵ�?n.-#1
+_�:�K�O@u ͻ�)B�f۩+C 8/g!M �M
Ѕs6�\�F8f3�[qK>Lj�9Bd;ǯk�2�6Eï
�}���>��������������������>�����?�������������d��������������������������������������������������������������� ���'���������� ���J������������������������������������������������������������������������������������
��������������,���������� ���B��������������N��������������k��������������q���������������|���������������������� ��������������
���������������������������������������������
����������������������� ���������������*���������������4���������������`���������������h���������������������������������������������t�������(��������������8����������*���9�������T���*���:������ ���*���F�������������G�������������H�������������I�������������X�������������Y�������������\������ �������]������(�������^������=�������b������]�������c��������������d�������������e�������������f�������������l�������������u�������������v�������������w�������������x�������������y�������������z������8�������������H�������������L�������������R�����������������C�wpa_supplicant-gui�2.10�150600.7.3.1�WPA supplicant graphical front-end�This package contains a graphical front-end to wpa_supplicant, an
implementation of the WPA Supplicant component.�f�h02-armsrv1����SUSE Linux Enterprise 15�SUSE LLC �BSD-3-Clause AND GPL-2.0-or-later�https://www.suse.com/�Unspecified�https://w1.fi/wpa_supplicant�linux�aarch64����������큤����f�f�d0bc3642a63d3175bdc57c59ed292ac370916851027116f486085f19fdeabf59�d57783ead2cca37539bf8b5c4a81b8105c2970de177652fe1a027433593467aa�����������root�root�root�root�wpa_supplicant-2.10-150600.7.3.1.src.rpm����wpa_supplicant-gui�wpa_supplicant-gui(aarch-64)���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@����
���
���
���
����ld-linux-aarch64.so.1()(64bit)�ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)�libQt5Core.so.5()(64bit)�libQt5Core.so.5(Qt_5)(64bit)�libQt5Gui.so.5()(64bit)�libQt5Gui.so.5(Qt_5)(64bit)�libQt5Widgets.so.5()(64bit)�libQt5Widgets.so.5(Qt_5)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.34)(64bit)�libc.so.6(GLIBC_2.38)(64bit)�libgcc_s.so.1()(64bit)�libgcc_s.so.1(GCC_3.0)(64bit)�libstdc++.so.6()(64bit)�libstdc++.so.6(CXXABI_1.3)(64bit)�libstdc++.so.6(CXXABI_1.3.9)(64bit)�libstdc++.so.6(GLIBCXX_3.4)(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�wpa_supplicant�������������������3.0.4-1�4.6.0-1�4.0-1�5.2-1��4.14.3���e}@c@b@b�@`lM@`?z@`:4@`�_|\@_i@_i@^@^@^|@^|@^Y�]�]>[<@[[ā@[[;@[@[QY@X@X]�W@VU@VŲ@V`V=@UKSUCjU8U'@U�/@TBV@cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�cfamullaconrad@suse.com�sp1ritCS@protonmail.com�cfamullaconrad@suse.com�songchuan.kang@suse.com�cfamullaconrad@suse.com�bwiedemann@suse.com�cfamullaconrad@suse.com�ilya@ilya.pp.ua�tchvatal@suse.com�tchvatal@suse.com�ilya@ilya.pp.ua�ilya@ilya.pp.ua�kbabioch@suse.com�ro@suse.de�kbabioch@suse.com�kbabioch@suse.com�kbabioch@suse.com�ro@suse.de�meissner@suse.com�obs@botter.cc�dwaas@suse.com�meissner@suse.com�tchvatal@suse.com�lnussel@suse.de�crrodriguez@opensuse.org�crrodriguez@opensuse.org�crrodriguez@opensuse.org�lnussel@suse.de�michael@stroeder.com�ro@suse.de�zaitor@opensuse.org�crrodriguez@opensuse.org�stefan.bruens@rwth-aachen.de�stefan.bruens@rwth-aachen.de�stefan.bruens@rwth-aachen.de�- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
- Change ctrl_interface from /var/run to %_rundir (/run)�- update to 2.10.0: jsc#PED-2904
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions
- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch,
CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch,
CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch,
CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch:
upstream
- drop restore-old-dbus-interface.patch, wicked has been
switching to the new dbus interface in version 0.6.66
- config:
* re-enable CONFIG_WEP
* enable QCA vendor extensions to nl80211
* enable support for Automatic Channel Selection
* enable OCV, security feature that prevents MITM
multi-channel attacks
* enable QCA vendor extensions to nl80211
* enable EAP-EKE
* Support HT overrides
* TLS v1.1 and TLS v1.2
* Fast Session Transfer (FST)
* Automatic Channel Selection
* Multi Band Operation
* Fast Initial Link Setup
* Mesh Networking (IEEE 802.11s)
- Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
(bsc#1201219)
- Move the dbus-1 system.d file to /usr (bsc#1200342)
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* wpa_supplicant.service
- drop wpa_supplicant-getrandom.patch : glibc has been updated
so the getrandom() wrapper is now there
- Sync wpa_supplicant.spec with Factory�- Enable WPA3-Enterprise (SuiteB-192) support.�- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch,
CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch
SAE/EAP-pwd side-channel attack update 2
(CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733)�- Add CVE-2021-30004.patch -- forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
(bsc#1184348)�- Fix systemd device ready dependencies in wpa_supplicant@.service file.
(see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)�- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability
(bsc#1182805)�- Add CVE-2021-0326.patch -- P2P group information processing vulnerability
(bsc#1181777)�- Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size
(https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjamin@sipsolutions.net/)�- Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build�- Enable SAE support(jsc#SLE-14992).�- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass
(bsc#1150934)�- Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920)
- Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)�- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)�- Change wpa_supplicant.service to ensure wpa_supplicant gets started before
network. Fix WLAN config on boot with wicked. (boo#1166933)�- Adjust the service to start after network.target wrt bsc#1165266�- Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498,
CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640)
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
- SAE/EAP-pwd side-channel attack update
[https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- Drop merged patches:
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
* wpa_supplicant-bnc-1099835-fix-private-key-password.patch
* wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
* wpa_supplicant-log-file-permission.patch
* wpa_supplicant-log-file-cloexec.patch
* wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
* wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
- Rebase patches:
* wpa_supplicant-getrandom.patch�- Refresh spec-file via spec-cleaner and manual optimizations.
* Change URL and Source0 to actual project homepage.
* Remove macro %{?systemd_requires} and rm (not needed).
* Add %autopatch macro.
* Add %make_build macro.
- Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1).
- Changed service-files for start after network (systemd-networkd).�- Refresh spec-file: add %license tag.�- Renamed patches:
- wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch
- wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch
- wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag
- Enabled timestamps in log files (bsc#1080798)�- compile eapol_test binary to allow testing via radius proxy and server
(note: this does not match CONFIG_EAPOL_TEST which sets -Werror
and activates an assert call inside the code of wpa_supplicant)
(bsc#1111873), (fate#326725)
- add patch to fix wrong operator precedence in ieee802_11.c
wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
- add patch to avoid redefinition of __bitwise macro
wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch�- Added wpa-supplicant-log-file-permission.patch: Fixes the default file
permissions of the debug log file to more sane values, i.e. it is no longer
world-readable (bsc#1098854).
- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with
O_CLOEXEC, which will prevent file descriptor leaking to child processes
(bsc#1098854).�- Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch:
Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).�- Enabled PWD as EAP method. This allows for password-based authentication,
which is easier to setup than most of the other methods, and is used by the
Eduroam network (bsc#1109209).�- add two patches from upstream to fix reading private key
passwords from the configuration file (bsc#1099835)
- add patch for git 89971d8b1e328a2f79699c953625d1671fd40384
wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
- add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f
wpa_supplicant-bnc-1099835-fix-private-key-password.patch�- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
- rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
- rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
- rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
- rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
- rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
- rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
- rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
- rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch�- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match
eloop_signal_handler type (needed to build eapol_test via config)�- Added .service files that accept interfaces as %i arguments so it's possible
to call the daemon with:
"systemctl start wpa_supplicant@$INTERFACE_NAME.service"
(like openvpn for example)�- updated to 2.6 / 2016-10-02
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
- use ieee80211w profile parameter to enable/disable PMF and derive
a separate TX IGTK if PMF is enabled instead of using MGTK
incorrectly
- fix AEK and MTK derivation
- remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
- note: these changes are not fully backwards compatible for secure
(RSN) mesh network
* fixed PMKID derivation with SAE
* added support for requesting and fetching arbitrary ANQP-elements
without internal support in wpa_supplicant for the specific element
(anqp[265]= in "BSS " command output)
* P2P
- filter control characters in group client device names to be
consistent with other P2P peer cases
- support VHT 80+80 MHz and 160 MHz
- indicate group completion in P2P Client role after data association
instead of already after the WPS provisioning step
- improve group-join operation to use SSID, if known, to filter BSS
entries
- added optional ssid= argument to P2P_CONNECT for join case
- added P2P_GROUP_MEMBER command to fetch client interface address
* P2PS
- fix follow-on PD Response behavior
- fix PD Response generation for unknown peer
- fix persistent group reporting
- add channel policy to PD Request
- add group SSID to the P2PS-PROV-DONE event
- allow "P2P_CONNECT p2ps" to be used without specifying the
default PIN
* BoringSSL
- support for OCSP stapling
- support building of h20-osu-client
* D-Bus
- add ExpectDisconnect()
- add global config parameters as properties
- add SaveConfig()
- add VendorElemAdd(), VendorElemGet(), VendorElemRem()
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* improved PMF behavior for cases where the AP and STA has different
configuration by not trying to connect in some corner cases where the
connection cannot succeed
* added option to reopen debug log (e.g., to rotate the file) upon
receipt of SIGHUP signal
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* extended INTERFACE_ADD command to allow certain type (sta/ap)
interface to be created
* fixed and improved various FST operations
* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
* fixed SIGNAL_POLL in IBSS and mesh cases
* added an option to abort an ongoing scan (used to speed up connection
and can also be done with the new ABORT_SCAN command)
* TLS client
- do not verify CA certificates when ca_cert is not specified
- support validating server certificate hash
- support SHA384 and SHA512 hashes
- add signature_algorithms extension into ClientHello
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support server certificate probing
- allow specific TLS versions to be disabled with phase2 parameter
- support extKeyUsage
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* OpenSSL
- support OpenSSL 1.1 API changes
- drop support for OpenSSL 0.9.8
- drop support for OpenSSL 1.0.0
* added support for multiple schedule scan plans (sched_scan_plans)
* added support for external server certificate chain validation
(tls_ext_cert_check=1 in the network profile phase1 parameter)
* made phase2 parser more strict about correct use of auth= and
autheap= values
* improved GAS offchannel operations with comeback request
* added SIGNAL_MONITOR command to request signal strength monitoring
events
* added command for retrieving HS 2.0 icons with in-memory storage
(REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
RX-HS20-ICON event)
* enabled ACS support for AP mode operations with wpa_supplicant
* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
("Invalid Compound_MAC in cryptobinding TLV")
* EAP-TTLS: fixed success after fragmented final Phase 2 message
* VHT: added interoperability workaround for 80+80 and 160 MHz channels
* WNM: workaround for broken AP operating class behavior
* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
* nl80211:
- add support for full station state operations
- do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
- add NL80211_ATTR_PREV_BSSID with Connect command
- fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames
* added initial MBO support; number of extensions to WNM BSS Transition
Management
* added support for PBSS/PCP and P2P on 60 GHz
* Interworking: add credential realm to EAP-TLS identity
* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
* HS 2.0: add support for configuring frame filters
* added POLL_STA command to check connectivity in AP mode
* added initial functionality for location related operations
* started to ignore pmf=1/2 parameter for non-RSN networks
* added wps_disabled=1 network profile parameter to allow AP mode to
be started without enabling WPS
* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
events
* improved Public Action frame addressing
- add gas_address3 configuration parameter to control Address 3
behavior
* number of small fixes
- wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff: dump x509
certificates from remote radius server in debug mode in WPA-EAP.�- Remove support for <12.3 as we are unresolvable there anyway
- Use qt5 on 13.2 if someone pulls this package in
- Convert to pkgconfig dependencies over the devel pkgs
- Use the %qmake5 macro to build the qt5 gui�- add After=dbus.service to prevent too early shutdown (bnc#963652)�- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination
with CONFIG_DBUS=yes.�- spec: Compile the GUI against QT5 in 13.2 and later.�- Previous update did not include version 2.5 tarball
or changed the version number in spec, only the changelog
and removed patches.
- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable·
random number generator by using /dev/urandom, no need to
keep an internal random number pool which draws entropy from
/dev/random.
- config: prefer using epoll(7) instead of select(2)
by setting CONFIG_ELOOP_EPOLL=y
- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2)
system call to collect entropy. if it is not present disable
buffering when reading /dev/urandom, otherwise each os_get_random()
call will request BUFSIZ of entropy instead of the few needed bytes.�- add aliases for both provided dbus names to avoid systemd stopping the
service when switching runlevels (boo#966535)�- removed obsolete security patches:
* 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
* 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
* 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
* 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
* wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
* 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
* 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
* 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
* 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- Update to upstream release 2.5
* fixed P2P validation of SSID element length before copying it
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/] (CVE-2015-8041)
* nl80211:
- added VHT configuration for IBSS
- fixed vendor command handling to check OUI properly
- allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
- optimize scan frequencies list when re-joining a persistent group
- fixed number of sequences with nl80211 P2P Device interface
- added operating class 125 for P2P use cases (this allows 5 GHz
channels 161 and 169 to be used if they are enabled in the current
regulatory domain)
- number of fixes to P2PS functionality
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
- extended support for preferred channel listing
* D-Bus:
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
- fixed PresenceRequest to use group interface
- added new signals: FindStopped, WPS pbc-overlap,
GroupFormationFailure, WPS timeout, InvitationReceived
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
- added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
command (optional "ssid " arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
(phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes�- added patch for bnc#930077 CVE-2015-4141
0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
- added patch for bnc#930078 CVE-2015-4142
0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
- added patches for bnc#930079 CVE-2015-4143
0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch�- Add wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch
Fix Segmentation fault in wpa_supplicant. Patch taken from
upstream master git (arch#44740).�- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
Fix CVE-2015-1863, memcpy overflow.
- wpa_supplicant-alloc_size.patch: annotate two wrappers
with attribute alloc_size, which may help warning us of
bugs such as the above.�- Delete wpa_priv and eapol_test man pages, these are disabled in config
- Move wpa_gui man page to gui package�- Update to 2.4
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)
* fixed number of small issues based on hwsim test case failures and
static analyzer reports
* P2P:
- add new=<0/1> flag to P2P-DEVICE-FOUND events
- add passive channels in invitation response from P2P Client
- enable nl80211 P2P_DEVICE support by default
- fix regresssion in disallow_freq preventing search on social
channels
- fix regressions in P2P SD query processing
- try to re-invite with social operating channel if no common channels
in invitation
- allow cross connection on parent interface (this fixes number of
use cases with nl80211)
- add support for P2P services (P2PS)
- add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
be configured
* increase postponing of EAPOL-Start by one second with AP/GO that
supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
of identity frames)
* add support for PMKSA caching with SAE
* add support for control mesh BSS (IEEE 802.11s) operations
* fixed number of issues with D-Bus P2P commands
* fixed regression in ap_scan=2 special case for WPS
* fixed macsec_validate configuration
* add a workaround for incorrectly behaving APs that try to use
EAPOL-Key descriptor version 3 when the station supports PMF even if
PMF is not enabled on the AP
* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
of disabling these can be configured to work around issues with broken
servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
* add support for Suite B (128-bit and 192-bit level) key management and
cipher suites
* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
* improved BSS Transition Management processing
* add support for neighbor report
* add support for link measurement
* fixed expiration of BSS entry with all-zeros BSSID
* add optional LAST_ID=x argument to LIST_NETWORK to allow all
configured networks to be listed even with huge number of network
profiles
* add support for EAP Re-Authentication Protocol (ERP)
* fixed EAP-IKEv2 fragmentation reassembly
* improved PKCS#11 configuration for OpenSSL
* set stdout to be line-buffered
* add TDLS channel switch configuration
* add support for MAC address randomization in scans with nl80211
* enable HT for IBSS if supported by the driver
* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
* add support for domain_suffix_match with GnuTLS
* add OCSP stapling client support with GnuTLS
* include peer certificate in EAP events even without a separate probe
operation; old behavior can be restored with cert_in_cb=0
* add peer ceritficate alt subject name to EAP events
(CTRL-EVENT-EAP-PEER-ALT)
* add domain_match network profile parameter (similar to
domain_suffix_match, but full match is required)
* enable AP/GO mode HT Tx STBC automatically based on driver support
* add ANQP-QUERY-DONE event to provide information on ANQP parsing
status
* allow passive scanning to be forced with passive_scan=1
* add a workaround for Linux packet socket behavior when interface is in
bridge
* increase 5 GHz band preference in BSS selection (estimate SNR, if info
not available from driver; estimate maximum throughput based on common
HT/VHT/specific TX rate support)
* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
implement Interworking network selection behavior in upper layers
software components
* add optional reassoc_same_bss_optim=1 (disabled by default)
optimization to avoid unnecessary Authentication frame exchange
* extend TDLS frame padding workaround to cover all packets
* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
module gets removed and reloaded without restarting wpa_supplicant
* allow hostapd DFS implementation to be used in wpa_supplicant AP mode�- Update to 2.3
* fixed number of minor issues identified in static analyzer warnings
* fixed wfd_dev_info to be more careful and not read beyond the buffer
when parsing invalid information for P2P-DEVICE-FOUND
* extended P2P and GAS query operations to support drivers that have
maximum remain-on-channel time below 1000 ms (500 ms is the current
minimum supported value)
* added p2p_search_delay parameter to make the default p2p_find delay
configurable
* improved P2P operating channel selection for various multi-channel
concurrency cases
* fixed some TDLS failure cases to clean up driver state
* fixed dynamic interface addition cases with nl80211 to avoid adding
ifindex values to incorrect interface to skip foreign interface events
properly
* added TDLS workaround for some APs that may add extra data to the
end of a short frame
* fixed EAP-AKA' message parser with multiple AT_KDF attributes
* added configuration option (p2p_passphrase_len) to allow longer
passphrases to be generated for P2P groups
* fixed IBSS channel configuration in some corner cases
* improved HT/VHT/QoS parameter setup for TDLS
* modified D-Bus interface for P2P peers/groups
* started to use constant time comparison for various password and hash
values to reduce possibility of any externally measurable timing
differences
* extended explicit clearing of freed memory and expired keys to avoid
keeping private data in memory longer than necessary
* added optional scan_id parameter to the SCAN command to allow manual
scan requests for active scans for specific configured SSIDs
* fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
* added option to set Hotspot 2.0 Rel 2 update_identifier in network
configuration to support external configuration
* modified Android PNO functionality to send Probe Request frames only
for hidden SSIDs (based on scan_ssid=1)
* added generic mechanism for adding vendor elements into frames at
runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
* added fields to show unrecognized vendor elements in P2P_PEER
* removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
MS-CHAP2-Success is required to be present regardless of
eap_workaround configuration
* modified EAP fast session resumption to allow results to be used only
with the same network block that generated them
* extended freq_list configuration to apply for sched_scan as well as
normal scan
* modified WPS to merge mixed-WPA/WPA2 credentials from a single session
* fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
removed from a bridge
* fixed number of small P2P issues to make negotiations more robust in
corner cases
* added experimental support for using temporary, random local MAC
address (mac_addr and preassoc_mac_addr parameters); this is disabled
by default (i.e., previous behavior of using permanent address is
maintained if configuration is not changed)
* added D-Bus interface for setting/clearing WFD IEs
* fixed TDLS AID configuration for VHT
* modified -m configuration file to be used only for the P2P
non-netdev management device and do not load this for the default
station interface or load the station interface configuration for
the P2P management interface
* fixed external MAC address changes while wpa_supplicant is running
* started to enable HT (if supported by the driver) for IBSS
* fixed wpa_cli action script execution to use more robust mechanism
(CVE-2014-3686)�h02-armsrv1 1726746335������������������������������2.10-150600.7.3.1�2.10-150600.7.3.1���������wpa_gui�wpa_gui.8.gz�/usr/sbin/�/usr/share/man/man8/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:35766/SUSE_SLE-15-SP6_Update/1481ab215a0b1830ea80ceb6538f4766-wpa_supplicant.SUSE_SLE-15-SP6_Update�drpm�xz�5�aarch64-suse-linux���������ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=16b099ec7acbe82d8d20ab702f005903908fd91c, for GNU/Linux 3.7.0, stripped�troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)�������������������R���R��
R���R��
R���R�� R���R���R���R���R���R���R���R���R���R���R���R���e�
r����utf-8�1d05bd42a3d7022360e39a920c38f107273d85758274f55dd9cd0c88b6ebe5c6���������?���� ����7zXZ��
���!�����t/+p]�"��k%�pRUJz�x�+P"\�>�*LAH�dz(o�n]c2GszzF,DVr R�o;!t5sʮM}�l�=gDd�hL每_[5y��E.}z�ؿγ
��TΨ���j0zoO>g7öҧ� Ve�-�^�־�.E�
^�SQ׃2f�/H'Y C[,�ϲ[;dw�,�ISv%8�ҝ��q?�f{*cia�r �jZ@bd0��ON�DM.�_�iE'ɩ�g�NNe�ՠ8.LR�?Zj҃�VOfj-U�hSpo
r�ֆc1rl{8\Haq���Gj0{R#h��}�5ʤ yr=�mab}ŤQ�e;LB�@[�
GY2+V1:Tae:JHlߕ'>OKӦ�V�,�kDc=u �<\pc,ێ���v�t[~:r�,t)�4h=y!�m�]iz�(.��lDGz'�Jי�F대�śg|��7"�OkDz\Q6��Ǥ�Tϑ>sɔ%LWS)��mpm�9�3�_^H&ƥO)o-f&���K]�/7y67/QIltCO|X|�t-"h8;)KԳB��ӂe�TLk=+OA#DڑF�F[cF�ry׃y�7_FFv\RI�cXG5)YRNNݣ&uZƳ'��ꜞ�n�+rI�z|AG̻ZkN
&��Տ/Txm7�I͝fTk��.|:!m}^��&K�J�Rcr��)�">hs6z�~˸��rv[���-t�Ncc׳�F�~g g��2pF�BcF*8bpHl k߉pWݸӛsw�2qb1H6F&,Ch��@w��ϰ �ue<
�81X?_ +\fMZ*#PL�+l ��OcJO]w�b_�%%�
"ťe�x4)B��CAi3%:mm'RiDY.+HDo?kv��FOX3e�B;,Z8;�
~%�x|�E(;�BPK3@76+VOJ ʟ��I)σK>�|O^x4<�&7��MX7B�'~�9U4*M�Dva��EnIU�j
52zjF�hY�ZZ
I�o�kւ�33|DU4$SEO%$J�}a���ѲsyɍO|[ől!�@j,Z�Ha�QpBr�KA$W%d�T읝��:R=�R%5�v*vJ�^s��6f[��X!~(/��:#{?&'Q-MLlR�+B Nމ[�YkN( �ɉrP�Mi19��O3{6�.B[d|�J(:�
{V�l;�=>8,�"if!UH
��a{/z~h8J3JȌNT:�
Rb�8Pq��؇
Шayf)q���~ܾ�
> ){0YI� �U,L)[ׇڪ)>(�]'JFrS��HV3Z� 緅c i`
`3�K�I<��ɃQLYd#-͚�($U� ��<%Pp,j��~uEU3-11�,�K^�JMJB
g@-�b�rz�EE0b"�Ah=Cਛ@BEE{B�,\U&,�T�vA�^_Zd�
O3oM!} �V^C鲭ƧlA/'V`wN̯%J�eT'&u|PPQE9�gt[2|x4yA��'$yhTk;SS!uAW�5:4�ßg7Z8�#�;�aGv�ݎX:B#楄J ݣ^}XQˆ\6ao>�'P#��QZ�zݸ&~F_d�h?t\z�v(٘wu[?=zΥ��B�)A�x||8gwG�DK�lB:6Vz$K~Q;�K6�ka̮{;Fidq1je�co*'�#S�"s6PrhK�O�)"�=*�p���Z�y.)Ej)|b\sCbj�E4s-I8x�
)&�!
7oʊt�Ջ瘖*~�]xk�+��co57~�\\>4!K*�"�I�c�cģSZܼ�A�B^z=CUj8�}b�b½b=trZ3%1!�KM9�%T���f�*Z�skX�T5�*7$:�(=��P.�6ZDws*̕z(8"-̇ǜJn~~c�u;d<`^?M�:aݱ
9i�]�;���P^LB_Y:�IzfRr�?ު^ 0ؚnN� \UFɈ�.fRL?��Չ��_Jޤn�2B,�`ɍVŊ9墖ICP&Ejw|5r�j+8saco3T0WO$u�6�tɖN�zh`�<ӭ
jefw6�( l~~k�h�2j@
Mǰ1[FE�t�Ex�!j�`Z�8;<�S'B3kA `4�eg(PFz/Xi�>$Ӌ;
�A���UӹPj}C��
6q&-���fn�`T\Rkn̄"<ן�*�S>OB��B�
VI@T4
'�s�3�ۣ�K8ǞV2��L�WkhV�Ȑ�kl
[8�I�q3�`i�L
@I*3p f ύM?H5*s|�y!,�* _¬-M�e�5�:x,m�tJqj�[&8Ԃ5cll�Կ*o�Ia
% )~�/05ǀVHLR�R2Gkwic͓
эv��A�uc�
s(Iy�VQaJʆl�(��σgMi�-J?'0"4ۘ6���q9&=� Ziu)f%-4��ͩ]k��~n"^3�DU�R�I]6ч?LWaeByuK�Rxn*�nF
�3[Fgg�g2�JbWg@V��nhݱ�X�.,{@
�k.iǦ'Y4ܴ&�/��%]7U�l�9A 4#+2d"V*��
zҼFWp�q*`k�L[i�g!|hhh�cW�-HShJ3G?3��!zy',*��$u3F9� ߦ*31 3�ΌX�0{�*>Շ�gp�8(fKbXhҰ�B�)(8nv)��/R=Wdw`;
9OWe4
Yk�qS{�ڊx�7Vål�v8!�_XCݣ=<Ͷ
XCte��k.S?�jU2)@Mijo9v�G�z(2�~�> aܚL+�!赜h�0zz9y&�8P)�O@X
^6���Ve�=Z"BI}�D\�;馵Z7AI�&;�^zC�"7�kq!Ji�JN�r�38X:�;C��c��}VR�*4�V5=9js$~�vMIUe1O� Bu�\zɧF >ӧ�s$d�O�8�/�lō]�S�1Q�B�L�5s{��.�Vf4gP�lq�GL˘@�77j9k*�4�'`t�Lx�P�Ǯ"]'�NIo|;sc2�W�}!�ނ�dsh`iJ~Km��
܁~٣Q�He+�w2uq}'+?':ϙ�,m��pL
�wL��|ȯWdv(Z}��^1βqjq (#T5UF4�-|/T�� $�NKm5e$�D\<$x$BH9+YMU?Q��\
�W1�|Z(�IU@͕Лs�mz[*.�n5V=�*(sc-PccFmP.զ&[Y_��6�+�FOkU&p./]G�z��-"�Hq� RI>0F)V���4+��=%)SQXݘQZr9ZA�@0�`'�~�u�/ sr>�,x��}v&S5#�KnΖMYg
Rd~hI+(r_��[M ܞ&-|9
r��K��#pj㇂4_Ў8�tW'��T)ݣ����Z�;�y$W:N(`^�X5�8S�V WL4
!%8}$�l�2x�BܪުJT�"Ѭh$"p�+;vB-�"6%!ṅt#�&^�Jo��F�Q!�@v^�?ZdY9UKБ^!#�:=8S0+�~�GM}�WGe{�?A~�{��C'r-�>2;�C�6wĔ`�0�&�T�S+.Go *�٦�a@WV,��mn�Í'APÑEi�m!�rC,զ�bZ�:]ONϫ�i*ˈlj���c�>0b[ҘhԉV\� ���CX�n*>a��tu���`Y��!�>F9R̅�q2ZW}~?=4=n]6&v��m&7���DP"6[˦v=1_�^-8<�l��Xa�QE:zAR�D
�=s,�~�elc|~X>R�'�xVNmM�J}�ix�L��C{Bi��1-Pݏ��C��C�<(ӱRp۾Tj��ڞ~e�fXSCٮ�rE%�aPR��ް[�ZQ�)Wݷ3��M}�8Ӝm��Y
#:3�0.�|#�zp\^�@�j�$?�6̫6�5٦ :z�fK*erۉ=w͉�K1�x�Ŵ*$�M_:}dK@8ge���e)]z0H-&yiqaWǿ1�YOLcvq�#x=Plݚ�9�,��-P6=RP*Y���EH5⽺ʫjd�ZgGu�08"hP
�PU4ʁyhbBf|/.GU 9�ϻJr�e� T�es�
c�Ɓ
.�ˢU-x��ߞ�i�nNJ�m?Q�Sq>#\86[jfE7�j��Od�Rd5�r/|غJӱw]0PPE�S�ȿ�%=HWIhUw<�Q¢YRn(ȖG�!wۖL�="zZ.ɼ&m��A,ѩGVL��v~"qǽ�x/!E� Y�6TC���:��V,nنn�ш�8Ϯi'rC����R�pd�U�v>! #\c]'6۩*wC]]Sܦ)Bt[_>B�)}OW�>K־(_�}iΉe{O=pw#5#7}4`Nl{0hP�#;$u�\pݴ�a�@n� ��9ʼ櫔iC�-/E�7c/x�Rw��DU9�2V8G
W�۫+z3EPdoE{z*xAL�Ɍ{T'�i d]W��T��o��0t�߁IH�RH��|�*#o^�@$ � E+JmQn1|
�H=A�#�ZIV|�N�e7�%�0�g�)B]>Ңܬ{* gfNwdu$֏(>q
ɲ/�@5|3U��`"4Ut�t�YjעvG��VU4o\!鵅�5D]*j"
9V8<`s Hy.
N\�t1gW0w?�.qr$KlEV%} \�HAUOS$wu7b55_2�k��n��/rt4�c
s:qI"97w&W5Cmǣ�vp-~Ipt��KEp�lݖᣪ[] 9�9n63Qd~#�+ش�S�g8�G&l1z+�)�C#+D i~v~A0@DDYJY8(sAÉ��_�
BA?Pҧ4щ]~|*V�G+�N�ցj:�s&�dzqXcFC��C!xw' �f̌�
s�6q暚%�*��@v?6͚�jˆn\�U>,n�@Kq:_'Y0mkj��`{\vKcn$C-l"O?(3Ŕ윾!"\�W���EZ=ަO�� '��)V53�2gc�j`{q2"7v=�$H�$)"wq��P1�xcq2O�9Mn!���{W#{!v:1E4�Vf'To} @vsS]��nk?F< H�]O[Ӓ��z��MH95efHŤ|$&/+7얣�Ahlvp `i~7�a�"�`
eBx|g\2�1=X�o~|�9�F�kcu)b2Vp��>]�?�Yv2ѪsmD�Z�-˧K���l��<��XB%��3c�e�+�f&vP�ɤ2$N�V/ c*$+*Y)����^LDItL�ҖP>Ww\I�Tc#ש�~Ѿ��0�?8W���8eYX
U4C6�}%�uzk��Ѩ�Vbkf?��D7O�@,k�y1I��`l�H�P%䔱 LJqj)W�5M��U��tl/@k{s�@�!zt&`c
-�`5'=oj1Jtԃ7?0eHB�jl�}M$NjT�qۜ͆#I� N8CEw:��i!Ү^�b�ly���N�y�#q����z{�V�C��n+ꐙ�Wq|٬"1RZb��|]!&/��cy@D8cI譺C˔�pyR�|OǍq�}NWYR�S���w3itB_F�Z"|:ޓ�C_�*xm���T`�6�5sV8>U|W�'AP�BȰ�v;�1���\0�?&/
6̧�(yM!2"�95<��fet>ޗ�
$ZKnI8?Ē0_
S%OXwQ-7Ay�UʷO%^X.{��/��my�+cZ90G.ǓMg]O^'y�/=3��T��hG<*{�~҉��L��g)CSg�hҤzM4ԣ�ȕL7�9|5Rnex�d臸;V~�UF�Wk\Js�4ζi*:#U?�t,�N���,d�"f!<5oiE\I�<ܔU8o6�[a[N�vKnl?��RJB�dn>㉑�?&X۫dȓ?xVA{ 2V*OXʜM�m�Uߟ��ԅ[Wnӂ�j?3QV3V���Ιݘ�u#BJ́2yuɞ{�X#�&�X��thB5�n-ϵO�-Ë�突!'`{*Y7mAoǒ$cw�7Efۂ.ʤ*3&wNE,{�x'1x8s<�F�?Q4`}1_Ml_�3;T3>m"�ǽӒ�oX�|o:��qaϾ�ttj��
x
xt�Z���ӊ 7\Ub�M'�(H5
&<֗:oGbtAi�9LitKH+g9f*nI>�� �=8)t�(��Չ]ݩLNZ�MM[�+7nȔ>�M8_6< k�m�u�1/א��X�X'b-ز2�@'u3ahR0�]) Fw��sʷو>&#ۜy'{w(T]G5�
TnAlwVv����w[wԬtSDaeB��(�&lm"Ou.i2�9NৱXG�Iv
"%U2`�[@%FG(�g�k�0�6IM4면���~%L�d
��-b��1��Li(7s(�&y�NGd/rG:3a{�[5��ȸ
]prω���he3-�؆/!|�)(__'�>Ri�0�~�'e��Dd��Wd#I��@7oIɠ�@�gzL
��1�&�;f1�C%`mw=b}{�e�Ox�kbV�|YNK�.#ie�5�E#9\/���z"p]Ѕ9:bn*:;y0]o+RyaB ^?䎼�EtHI�k>A��Kȸ�I*�~aMT$�x,}Nl�oR}y4(oǎc�IQB�5{Z
�1^DIl/?
)T;Bj2߶Y4:��(�,x�a�7`=J+q^-!ky�Ν�~=Jr5�yo%2Tx��@7
�J�97haf0oQU�l,g�~�9k92*p.
6N%�ϠVX���S��I0!Բ��3�N8/H �+W˴�'#B$@x1㼩K��@0[ruW,{q�i$uΏW>ym%5{[aqx4���6k!<�etK圐�ik�TL"˱kA{�d?�yn/j8kJ�!DIМ�#li7#*� �k[>ψ��r�:$Rc2���ujUG~@⃬l
0r"�(�\j��Y
_k1dz�OQY�¤�YWi5ظ��NX>�պfo':!O M^U;T�+"f�16^��
�Y涏1QգT(�`vZ� 7\� ͻǏ{ҏf�"Gဋw �2#V4Cϸ*6ET�@7�ۭP\�Y F�~LAX
di�GoI$X�9�
&�ֱ~�%j%0�J~g�ӜOۦ::z[a2zW+3()p?؆u[�i�r̉$�@A�-I�b91�p8wA�$rg7]6[�ثxܒ]}6ai$`&S1\V2P/{+b!
�m떣>-��o^J�1�UY�PHi}hܷYF^GLsq
\iޢ".)j\��a;ҪPG7_\bF�Eykkc0T[O5/E�WcgK]&�ݏ~n*�J2?c\5Rb I"'ẻP��M{
؉?t#*]vFH�+w= Z�nu#;�`!��ĢrNk}��8
ϱsa}Ks ��pQV$*؍|5WZ5E0wK f"&�["dyÚHohj@�a�+93=pGC�(zVY�R~bAZxM Z/ķo�
Oz7dQ��.;^j.!5�)o�-K)y%!
J �a??\FdN 3qp+^pN�2D.b8�qr0Uia��s�m{`ѝz(z��~tDgk[;;n*}�Cm5.=a��KӢ�᭽Ko��rJ lf@���vZl�4-�QaUJK豫^7�&�-v�_��~T9"|*(Zb3}u
҅Ł@9�oiųk[@&̢lj�$Y?#�ڏ+;�u߶tai�Pg�}�gv�@={͟A�l�p\���)�H_S?�/=m�w_*&�>A|� �(�zl=?�N
�7Fo8���8N@Se5ڃ!`;$Lֿ{�E�%Hgm��p�6O}@ư9��y0Z�?��g�>=Fw4L�[=b�0C1Ȫ�)L�NtAR�-k��Z)|gw 7F!6����l5x`9lh"H*� bpµ�˙IJ0�ӝ# aΈ*�EBFk>��3�b\^�zr�%g��x�-aqdN�K& �_"�#gLIjv�p2��#Uw�4֏¸"^��mnm��%�E�O]wD"jx����
�a�r�<|<-*xobs/�\Sj8�qUW1�ESɃْ@�6>gw8���\Rl��("j;r^fr{��ai�fi��b}Բ�BO4J;�|3l��j=?
f=.~_�)VA6 �N
9m���>G=q㍏|Q+Wܾ3(æ%Gw@|ognnv�E7��vj?fKz|�ׇ)ٹ¯(n xcg/Dܙ�UHY�)i�k�4�s̱:ױ[i����� mC��tdQ-oQx!��A/^NC3
��SÒR2\Y80_a\@�$:Y@$|0jC3dD�"=曬bR8��kP/7�slU*,N�Ee7o#ҹ^n�f`h�M># &"�+���� F+(؏МN!v�gῤ
\W^ngzc,�ެ8~z.��L3Z�AgX0�T$àUwg;�Ű��d6OvQ;K�^�諯Obڒ��/kCfy�D��Kĩfri�mO4B5_&�*ӐwN_jwpGu�(n![]_c-j->Mpɻ�X��/�oҿi�:G( ]/-�C_�:�Ҡ/wڦ��ACv�o��RՂ=z!�A
7l�l~�`pti2&�p�nP_-,tO�nn;g6�*n1�GvpP홾Ь\�dDsJ=aa3�I0� o�wR)dbO_�e }+>dH0�!fhֳ��I� ��fex3
aW'OZ�KrgᣳwYW/y�O�m5�uI�t�P�)@�J1!Y蓷Mx�i>�6QOTל&���<>.�~�
f�*.+|l
DʪGcmFrz?yN�R�uiD�4`%[��cJL#ޤG/�"rO8�3l<&O�m!+bg6�SܝK.�$H.�w��tʟq�q�N[ Z|�;*g��lmo|�H��_z6c_1��dܬ�S|\ �"9wNg:5r}/�\'k �ugBlgmI%�dEH6c�iRů6�m,ѾS3*:yiR�gr�Y�Z��iK{:�<�G+"hg�$jgǯ�B" M*{e�NM�ok�=�Q�a>H4}�}Rl�����,7d{XF,�"bc8vu�5!��pKigT 7�6�[l0�$2X(zJp��4Djz�Pq~a:�s'?/J
t�"O遗�ٜX�WΙ
n~`~d9�V%\u1}X3l�Vl&h��D:R˵49~h70#O��
�=PL3(b;I4Q�Q(V99Yaқ~�H A M)�efF'�T��(?�8~t�ƯnkA{Ƴ.q_y�=�Е
NOM~w�5H��8n�J̉'(�_Qu{0õ1p!ޝ*��r�y(P2h|��#�}-_E�Zn#D�Z�P`)/UF*MP,s�սTFWg
>e�R��&�FԌ�܆,gT��sA�.JR,Sc�P#i7{�D_�evXJɒn�N`�8PKz۞+�_��zX8��mQzbbg$M��*�7n�rQZoDg(�Eez���e�3
~�g$"�810L2!X٘5�Q4,�ʍБ2qZ3�M\v:UL�Ucf )YX��.cYĴd
n�sHaw=;1Mck7W[~:T'��{|?�ˑTq!ɼ�._.E0 X0b$L1J��5Wqۄ��z�TBR>6a <14
!6Έ�, kрZÕQ�zHa�l�`��|G5�]-)1dȺMd+0e ��n%#�غ���4a4ϾY-.ǥ^m�F��BWR�_I,]t2;i'�?[Y
o7~�eI��r /CP�S[hRֳq�o|6i_
-OFQl쎃9y�C�$}q
rjȆxg<9b��?+�[-u]df߽wԷ66J�yF΄m�5h�K5mV.ҜM�lLko7G��϶{�jO^3?Xzx$
GT)$/L�bf�/�ؐ=:C|k*Z�T�hWQ1�R�KV3U�ﰂ�RJ+�LSƬ�����Z�R"�U ʖr���k,Q�-ËHpz)RCn"�rFJDs1, ͚Dz5~�ܒ=|0e< 5u�a*
"9�
�R9,�d2-ё���cV<�`oЃAV2#ɒ�0uq#��PCIu|�co;�is�ǣ6&�)[E:# l`84yIl,UP˽K< T�l#"E�ƗH
_�cLw�Gd]?�{q˔5w B�.u@%3~ͻ)d�P�z:���ŦI_qi �*#��u�%-4MDD+B�.p8V`F�\o&�h/r{CӸC�"p�X{/{�Cޕ\G/���.h@>:'dŔζ�Oܠ�Rsm�aE(�J7n"�8pU��|DX}Q�P*�j�D�^d+R&���\K�p��yEӇ�m�a�Zr�>�3l@ev#PuJ�5]v)dM��1l6j�ن9)L�U)&$\d�ܥJw��:g$�fdޤ��L JW�z:��I=HތJy��h?_�y<]'!B{U%ؓuЮV꤆~.*'��>�'z1xM��ljؽ[řֆi:F9�RgLQCWb﹞Qs9?Nc'?:d�غݜ#:�-'G�sw3~�q.ѯQn"(&M__�1��m
z/̀�C*�.w�`ң8NG��ِ3lg�l78�أ
\(n�^G_qե!mn�|?6~)<�հʼn2[TFG
��LrT֓�%w�`�ـ:���[ۏ.|'`1�8
N6ݪ)�\���T�@EsӥVs��"��Mok,Z@Y:hF.N3:a�S*eUDqH�y\pHoVkAI�M5�=۪*t,pt�X%��8T�bčAHs�jC�k��mM&ܪ��R^ɼjϛѬp1{\�M}�;8b�8�+{Q�R���M-7BKё*7��%Fyb��;���bUNY`U-�lh��D'rko(94,E�Z<��[8�ᶄ36ˇf�!�&4[h(뽯9_�����֛l_
ZF*5.$� `Sxђ:4sUU�:B~8,/oi�sM.X2�A
m�v,Ps�K��P6{6�~.S{�je�Ъ0�7�\t)�7��ܥ#$YP$[
|C=�zɽ�tX'�p`xr)Ȥ#ț
RNLl�g�f��2h&a�;LI�J
gG/�@R|N���~>+,9��1�q{A=O#4�U�ȩh�e?Sc�j=� mOo@>�$B�=C=�-dug$��y6Ґ��6|�5�egЉ;
6Y!S}*իA[+2L3y�Qߓ&(fs}��-Z��B�ɝ{�~٩�[=�t{~ϻ�+YoʍDp�m
y$ӽ��Pd�q�(Uɀ��fx�0o_b�|�W�+>m)m"�(шe��"�(��\j�Ȼ�ؔ\1{0SbW&f$Ytv`jzC؛�]OM�tF7F�ƴp KWuީ�$N�ѱEw�6ؔ�k@!�}�xi�
k�?F:JR5:;��?ӌ 3�}ά���5sJ:Vg\DqOC�El�o#+w} �nl�z[� V�*9}.Xj��|^:@@e
ˈ4��p}Ͼ�ۛJi#I��
n\ x
8��S$�Ն-=bEcMC�!=tE�E:O>��h�@yQ��L�V1!�詻MNw9hWo�8u*��?k7aͼ�p~�
]jR�Jsi-^;i�c}�2�� US02u.մ,UGaV@MC]TE=,T�AhoE
�$+�kp/!1(3��gWQSz%ER2}Z.>Ü$~&>D_;VQ�⢼8#KI5Q(M�=
ckT�Jw�V�м:$'�TQ�lpH!�)'�LP���ƛ-m��KG+a�3.]�ۡj
6��!eW�̿툋�]�@�\Aˏvw𥓣T9tm--,.O)24p�h�^On4 =IJ=T[r<5_nL{^䈣yZ 1I"30Zi>>qYw(�Ǣ"ؒ�_N6�B�~z!̣dw�z���8��q�m$�伮Xrmo],쁩Ql�(Gt ^����Pom_3$�Ҥ|IZ��]mx*Oiq/W5lqw(ɍk>/�$xXgpl9`�B~�R9uR
)t�(Dj�C�[�6���<��T>|V��e>>�#p|cA(�i>_&-W+uMNJ0�$s\Hr�Z�vKеX`Q����__4��
aN3
]�wu$T��I�T�_L�L?#.b<��.�'q5WF9�Zy�U%9 R�"2*mr�;:`�!|�`���eXHP;S!{�I���E0J2 /�=j0.]wxr.O�e�/�&SYIlpdp�js�(.ꉗrڡ$rW
�._g�WvmSS*��VbѶ+r�Rz\^%,ՔN�7r�6'vZsfq�_ɻ{V.e-�@@�c=�(qIS-:>�v5a䷈QjX-%5IR)3مy~wT: `v��4$/y�K^Q`��&Xqǩ\2.��MT
&���T Ps�
+�G({�up�y2,�X
Q9-r7�(5|��:x�D��BgB,NHVĭ�ʾjD``�
iֽ�ڠ|[Ix='BXVWC�d;�=dθG�+�@#}t�T0V#圗9D8���ӐOv��@ߤPZw���Zժ2s@��3k�jֶhx2cxY��:Ce3F�7^&ֹY QJճ۴R�wRVjL[r.Ɯ�9 ];'LT?N7sLBR
�G0˿=D�c�i邿5=OIO��*�d�VGT`{6�K]Og��⟮|� ]dp*~i��!wb_���\L%�J_AB6C6��5�||��X>(�7�/�Sy>�ʫ
.gb8>]b UC^{qB=yda$y`;.oqGٙQ�}aX��ޣ�+��cuL,jJl@
(AW-l^ݑ^3M &ԕ
�79{|i�>3��.P#FvLKaɲa�B�Bw��߀� vl"�P�0
;dM�@v'"65�6mB�M�r�'KOƂ��K+~lZ.��Kꟹ)?"�O-��d�Þ��[P^^#*�]ÈY{fm.udU5�0�}�tRd�":�Zr)||^bv�0+�:r>>
'�@��CyZ50R7f;2%6s�;!x|ZzF�-� f%(�?�Ի=W!�}�h̃��4��P�QoC�Nj�>�~�@�AYۮGTH�vh]R@�|ÔnXuш952s#۳K
m�6
�-"B, f�@�qG�|mgs".KxY�U%�@��~Z�u�oVsq{
@="��X,Ӝ%j=K�fZ*>j�Ŝ֥0R`8 �>�!�Ѷr�>JEԪ!/{č:3T~܁�LVMT'w
~w��`~T%r�.̧%^�JuVmZ�OGSPyXٖ�G-A7�UD*ezYQ:$a*U-<ё6_ΣeCV��]|oo3,(0+z�饪SpIa)$�Ohu
$y�kXKҋ+ݗ�_VzaGb�fvw�@9ah{vjqBgm]X3�уol2&�;��Z#w�n@VMC��#��bfH �W�SGIQd�ϐ�6>qU�<;>/yqQ7*G�]");#v�~Y�mX-vV+I!?�Wy�R�[��|���`c~K 7Ҕ03#1@�gA|x6JI3Φ�� VZD4?��Յ#�C⮞
{rt� pmz�o0�繖Se�}\��Gvh+B�0��ڡBi&�GE�2xe佴ܨv �fPYIR(F�&K!l>O� 9.F6�"D&އ9�zEIIț��0^UyM"pn
"
9iG�Yj(xP�+ "�7�uJcGבĘ��9e+n<�p}$�2�` Ri�j�9!�WN�E�y�k�qռH? K3*<1.�fA0}u�9̮2dVvT}Ic ]uF�14�'}AJhdFwֺ�y~us��Y
;�ٜf6F[>�w�m{TD��.��tg#>|]ʙ�X��qq&�dvӌDƾ�-eŧ�RS՟wNcC{,�8yo�M#Y�;288qe 4iA9�:%S�fJ3|tݓğHpTx _%9�'}�u3� j@،�Y
/RR7,(sUA=50S1!g��OA��Qy�W*"Wz%K��uW6̎:K(nrPq#܁�tއ9 tjMB�~��Sx�)��3azNwM%�P;}uUE?%o�ʦMjD
�znH#�tsΎW
c2 .lF�Ƀ-u T�[8+�b��Ɇ��@��R|ߚ�;L{.>`+��њ �He)�$BgX�2}x �p�
Ƶ,֑k5P)o��:u�tΖ�e:&aS�_K eZdன)>_ejkZ=S,S̄P+�ϾivZ�1�bip8��[l+}LDpDa-lr"^Wi7|4E⨙^=1DҬ'$1Vv��;i2%
�C�oB<ɵ�U7(�i@�[^̔v�Mf�N��ŴhX$E$Ejw#�J�S`�Ɨ"�_r~S]"Dw�
,Qe(�6�г7�yAA�7),[ɭ�Z�"5�{;��찀�)�/+�X�ѭk>2'X��'y�j`$'�D \&C�m,8L�>&Tw5�k�Ow1R�xC#��Xݯ,(��ӸtaA^c{g�e�Q9�;�
Q%/lQ@\sȆDWۂ*�]rqz�Q.�>�qƖ6 U|e+RH
dn}
)|Z��ՒO!vmw.O5_;3r&gK;8o�sByo-w��b MozTeE`4�1o��Gnc,h�`���\c+#3u#�ss9�=+�'$jqxQI>�&>?2Egڇ-
�G��MBH!S���=���KR!'l\n9ڏG!n\�L{J� #%#~Ȼ08}�.)akG+��ʖD8D[-ua?Z�ڷ�>ޥ8?RMd�s�3�ܠֈ#΅�5mxm&&5�L�AVe�=*orԅOںg8�d�jX(OGX8&@Ǝݬ"iP_VoUE<Нg& "AV�~Ӑ�^�?i�寧AIRG_�.��>g�Z(�H]/�^ź~٥�~d3e_Ҡ%r� mRI-&O.d��<�5et���8Y4Q��ކx�#2&>-�q_ιwIY�}_R֭
m��O%H[A}�"fH.�ݗ#\b&�:LLz7VNW2��:n�bn ��D:�d
�Wl���4^�\I�mV4GJ���ޔ
nJ�>Uy�\};^n[�csZ&���rT�no&@h�8vNUcCHAP)��r1e#u�'u�Xl[uPǑ =Wæ>//MMwitexcOcFP,a>g{Hᄌ�W2j����aMjBvxܞ�3�n�ѫƐZ3�8#گ�Y|=ULY S"1|0ݪ)^
�s�#*I"^
nדpg^ݹ_>Y*"
��+mrۊvgA}CJH&1-��#X-,��dc>@�蠍�)`8SB̚.4R K#{U]8Z`#�]y�RK͙(�LN'աpd �q`^V-p9�0[�1XY;γr&��f:%Ӱ7>�k�IN}.4BT�z�UU�U$H7[&s&0'r1�J/^�+� a
j��@)]p@/ʀw[lA7k0;mP�s�ue75�NQ�}]�1PTx
t\ľi����ȩ|$�y�+-T]J���gnX;:
H5l4��AVlHA+a�+�_ѰXɲ%*pMEiM$�$��.d��3֑`"ٕޯnUz�'iIo�L0
qx2̜k b
UzAKv(?9с\��P?Ejg.�,߆WME� #$�F@�@$g�\3Hf�?�:rzǧP_yjhߒ,3MKJKmƉ�w:c_}յ'$Dˇ'f
pU7|r:�zSUPC<\H)LP|��qTʇnB6�Les7�L0.���GϟނR9ea8�nB:ܵj�ף/ތw�T=4TTIЙ.@�թ0S=e�=]Bw��lG�//J�kom;l�9#b�tRyBE��%�9�s8 5J%��^�oVx$_D^i\Cg2_aB@4I�XsUE2JxH{�.
T�Dcb8>�%@[[kpS�Q�>tk�`B[p�D_pUy�W:6žvGο)[o(v
�^׳9v�K&=n]^e dbV�%�.�E�3sL�� #%c� <4j%z06P�t�R�\G}H3,TR3�}�I�
Ohzۖ/2�BEF4�2�fr̠@#906k
7R�M3(v�lxB)�"ORwf[`�k�!�g5,�N8`<]��I
%�ΆW|g^S�H�2)GRdeDs'�)/8a�s"뭑�Ѥ�!�$#c�>
U�UhVPd0pH(��KE_m5 �l*pa�sѴl��e7y1"�_e'�ـ
��k\U�_�od�/02�f4&+�N!-�̠G!
��'`Eс}b]ۏ�A�M�
�՜_OM3[h=6#kZP�ޛ<*:7�qaQ��>>�h?|yL�-Zx�%Kta*�c9e2Qy� (V�ITR�+ԑjz��p'K}.z8�]?W:�ڜ�5��^z{E�+eS9l5IћWC~k�C�T�E�hp�%\FxV*�.H��x#ɡYy`cQ�`(NSF}�l�I���8A=\=T/X�n(\r �E4pq�2d�6y-~*�,F�5�aAAznԙf�I9Y(*�3=1%7�
.�<ҳ�n3�VR�Ug1X/.@�]T0-�+h03$;8 0ڷ
�쳜OT]�/�wq(iep�.X��m'~:KC%+Qڄ�
�=S8y~|)֬"n%j�^^�>'28Mb�2yI`veoy-�q]u��`n^~ǀ�Za1V���E�Z:�
¦c�8)
tIN@,\�ͼ�|8�)=~�dfQmV)�iySKNiT)lJ�a�8�kh M9Fb~'Iic;p*Y8!!V�^$ȵb0ٍBx3���(`���wT⼇�6�(D|)&SP�rF�c��c}�wc=;E;�(��j@wu�[~ie�rԁ`2ONɵ|{sl�ٶ"iq)�\6
�:K
�1iB��^fQ��hBZG9xlb r+%�1�g7"M$!Sjۧ~Ŀ ǿ\R�f \vW+{*D=$�S2 C*�6spBZ:R!͓YU�VPk
O�p)��2]cf*�&&&m
E+%=ydH^W8+�ȔbZ"�A,͈�Rچ+PC5��R豵"(:?<�n/Ü䵾1gdߌΪ�B��.9}-�UՉnV�X�ْ (Rբ˽@#Nx~�TTKB`[Vsw,�Ed4`t�G4y@�yKcoĈulW(L֤�4XC�*A�Sw>Z"[\CeV۬�І"@�Fk6,+IJ�ڑ���E�B�}2� �7DP�;^�@+0�Rmv%�k0�J,Qy&*/ǚע{œ*U
b�9ng C�N#%/@^'V̩Hf�{],U�{pũ� ��%HȦ5�ҟNQUpbơEcfx�"f)戁gg4X}k!P�6C$�\����hųɈ)�O\;�?X䪱ŧǤ�7�r�
H\!HX<�Á�n�_=��rx1cd101�!�,�Ln�ڋ�aJ\�hhdnZ-�N�(�π3 =;0�g=FnS9xh"ExR�崟OuFc�r�di~\iw#87Շߘ�3���v 5Q"O9a,Zx�"$t¦"eo�99רn
3,`$o�N)hxay˚LP1'rl&mfij�/:��&�65`KbCn���c9jz FT?X' =�0GMvu]�CY0�&+}Cj��4����Jg�B��{,1�6�:�F H+vݺGQTԌWvi3q�[#�Ŀvkpv7p)xzQbvN+ZQ�L7Z��ΏLn_q(G6����Ua�ב_2V{˕`Y*߲� 19}�A��aǐ/4cL����L*A
HZg')W�0��L�vP?ΔUBtN&Ji箥BDTs\�3r�/��]7XbkPȕf73�;���!
n��&=mcB;�NϚƿrL��Cvs="> R�H,�t�41}�o�$X*m"©r�q-\M�L1�@)p� �J)�i7�Z`��"MG�AJ6niqܿF,
ecuk`=g\`�/eW}�*?'�?Gy �D@V#=r�nHH�A⺓6�MٱL4}�f7�s�B�r�ȸ4f�P�/1R��໒j+��@�5g`S�#�IF�c�Y�In5�7/Fؿ�2���;�d7ze'
5K m8mF�!_%T&*3SS�n!Q.d)@8a�+�R��f`CK�S�BX�mRR�&B̋�6#43�ߝƏާb0dofz
K4�2|;v0FW{t+>BN~5KZ.2>;Y1�ޭ<�7�覜zZ08�l�.:�|�^Ҕy 51t_#DH@ț�,jٞ]R^>h
I;֣}��n�|?�02�굒id$Ůj�
!�"G(lu{;%+]�gr
2Y��Q$X +.R�f�X.
[t
�79�w$W`!J�9pp�����,[MאM:k?�t�,Py"?�$MHEkՅP�rYA�4�j{��
뼬7:��
�,mV)�Z$d�QHP.ΕzQ,-�:@A`LW'k@P܅@sV8yV\�yl�\K|�O�`NUNC'C`(U!1iȧ^V�/kXtqn�/CuZ=45;2[
9�oNAQ_Ae'k?uً|[и~E�v�S��C�:ˀ6'eE.}BW66J/<{ȑ]4kUA_8�=�%447x;|BPbxjyi��|�ESA&d|}#&Ԓ�|�{�����>ݭ�QϾ&�NB�V]]Fx-&Zp'sr�rV�urֵOb&KyM#�,&�O!fh^�bt
UvĬp���ޚ~B�>E#ey�"w-�Nޙ-�:nakh\�\ظnf�@_64
wB:\ﲭ6�/��8ʝ�Mx�rS(�xpג˔� DW|�Ƥ}=���,j��Um`7vP=Syw!5%X$L.vD9cU(_p�pg(,Y�q;!{X
{Md0�qeBK)��,�iv�$-
uݹB!Zs,�Z^=Ѡʾ~ۨt f��۪x�,S�W)�@8I0Lo$6q�b F-oB����&L�Ǿ_A6z&@�`cU;�q?�Λ@�m7"�:H�7:i�AMbVԅ3l�D,6k k�w/�7OLpX܉�ց*2io ]M�JBU="!8BUIR�a�bk
IN��Sc�Zg/�;B��lءrA�O#VERT4�LS�8SElit@Su]�hgrٴZ#/�b�o*7b�T�O9>3'j~E$]M�'WExj���\<2v"X>���e
A�s[Q5m$a�14{Y!0רБ��7yC�h�[J"
�O�ۉץJ�BYM%k��|<#�w8l.9���̺�U�=QsX6�g�t�%�I:5i$ު�ڱ�����5��U|kMR�O4�\�yajU_�H=U95#Z!�1t]q�Q<1�l8d�i� |Tl�P� L�Ԥu
�2*]ūtp87kl@ FV(��2x;K���FyƔtiO,_��kǪ� g_os��TQ��%|tT��tu{�m�H8]?Z6y�*HZ곐<�P)<-2ʜD
I�[4Vu��};}��r�Z%#����\\2�
��9�>Fl}~n�x�e9�#r{n×'�eԎdN1s�~S_��p |:gw�}�eX�2]�Iw{%�L��T}cJ:
.1{�/��ֽT�4h{mqvw
X_k̨~g�g>,E�S+���e�"m8'�w:���N�'�~zBx�ga�040Z�7�7pٝ�,P�9F敓W\1��F
uoHu�lD_*?c#�%2(z7m<�nI)��,o?#cBZ;s+l֣Xq�br/N,^ڹ
��9Hdx6�Yh:8.6
aJz#/AXy;�87Ƚ/[�ZmY��,$K}�SX�uRK3/hg�b��eV{�sm}g䌝�ӞP�K8$䊕 ́Ӹ��ӷ&9cx2糃Yp/�I�a5�>X\�)4�L2*( W%/$
Obhg2ʶULf26v�֏���!M jw?
h{Pg/J:=0N֘�}�D4bUĔ(�Rrka��RN
�9K,�ke�K
uтYtكˡ�쉋��$hk8{{DRh�W�|[/t�1]zŀct5{YЖjCO\�.II�[JB�Q?����@&+CТ@&M��nVldtV�eu�KKhɛсg�v
�j}i5Ѭ>�
(Qmf>ٚp^-_I�@S__<1&)�34��?Yc�]FX_m�+�i8e~:t u!*=Am6�/�mTvo,/X-W3ڇԧq��!śkxG4e��y*���M�}I�=�hb /8YG0u��é�G�ꊈh\ZeNܮf'0̾{�ģP۫UNxdm3�M�c���/D6S/R[H!&٪6�j2p<�iQhVP�>�cO
cª���2kH}Sj�S2�I{"�!Vc�j⩛�{5ޥ�ϏK��}
ͳ^/~̚|ы�x(�X S!⬿bQE#dZ~y62
q0̊-wJ'ƶve;20uׄn77��g���#Mˬ
#%տ/M0�3l&b��ЍS0+�ڵ#1&�FQm�QXf-}ҁ(�a}VOIAoKsOZ
�uƸ���X̖�~�W�Y�ЯR�,v��$�#Fduys3�m#ZH1ke ݶ
�T(EV^��̑%z
E �7m4Q�/_�X^vD$^ANu.C<0ӟjeMҕEZñ�E��q�7+;:G2 sjJ5'iŤtK1JLJ$5C2-}e&:RM�/ysPVI#zG-(EԘ�VLѥg4mzY;=�*I8Sf�X*nxlp5k�)p+
`GΞN!BL�cCX�E��m<3ߺQ;�R ���7~dyQ݁!�4zvM�5�7YW" `�]\!CL˚�ktĒ~�HT�ぐ���3��8NI�SA9n[��� !]+u(&�6EI$Q%ȵ9����zV] `a8�H ǥ*D{o9=dO\1�vV)3RٗRkߊ&3� �0pgc�z�+apkbmQ��-kt)SAgZ X2aD48%�ˣ|j�ԼMY:�!�Ȭ@Ca�#sν�@B�|u^ATY^p
cn�aG]{qj�f"͚M�yיꥩF![��*)��(iVӐ��ę#dj&4[l|ؐ�X71C%l>�}횼?yg]ޠ�R)xg9{a���/A7X��٦ �X�+7j.ȍÜm�
GFǩ
RvQB�0(JJt��\r(i}m ��htB�C{cB+��ϑI
CtkT�\V�PH9o9ԒQV3�Ýit0م�[:�eLD6f�&Y��7�הeֿ'"*O`o�!��1!�L!rw,f8C�(A膄�lSN
8'ԗ%~W`vElZj4ҋ�ߌD3xpO#�l8
9U��}t⌝^ԓq#%5\�д�ޞL�
Vor!��)�z }@��7�6-'3ր&ëU2�{5*iu�$�뷖 �.>��1K�;p)anƟF]�;7� eT4v}�x;ulr�p��sք"5��"�*/� pb^ni(��dg57E܋H;=A
*lX�9YXM���"ǫwb��%t�
ã4^f5Yw�!~�v��b6)m`'F���A�|`^p��9�9B,�p&CWmcޔ�,&�[VP�oSh.:nCpܕ>�;�BJNaR1ǝ)4�P-)co3'*(� [[G-+hIm�Z�<#hgHfiTE�'1r3G"�(�qP�pU&ψrU�g�Qr�续AALgW�迪 �{S(x*h�H?P0$s�:$j? Ǹ�%�l)wHp#@�v$j�;]+�$:{DߣLƭE.a]\.�SA�.8Í7Q�$D�X(wfK1I�Si�-yĈL�)�{��r{Bw2Ӯ�w�f.5S뿚8ܥ�ytoQlFOH8j�?lRGB�-&<P�=�2趱R[TcU�88U�?^6��
�|+��/Q�0X/����L�oB�S6Qn\vpe
(ՈuBSUk(J,t
*mH)pzpjQExN:!("���Q�Trh�I�U's�(5}0H+�U~>C�ב�h%Sx7 ۊy!�M}&cMώ\�$�'Ⱦ|l^ʙP�|.G2ڃD1K'l#UJM�1�qLth�_'ϰ�x�.RV$:c__7Ԗ8�gg[.>�{�6_RU%%vDdUmm|��:4eLZh��Evq82KS�cڞ7Wf��?�3ؐ�Y�;fg�dZ�\B'y=_+�a]�6&�G�R`�)���1s�R �e^g0p�nPR=�$xQmGyKAx[M �(ųͦ8|u�m� �ON�O�_���(�I�Q̴f[KW�_E(JW@M�_zh:K�,���jY�0�� ?&�@���gGC#+%9 #�Y(Lrz[�ZnTl/#q(̐~�^/)@?F�T:c����@H�L]�qØ##�㷇�LɖCNcL0uVlr[�(�4��PDDnzBȭ/�9B!z�c�1�1Qcp�?QJ�U pd:�rs�Wds0G+�IYWA~tٳ�ULVY�_Юf7�cL{8�s8*.MmZN�!"\�E�k֠#u�{|64D*�#\��^{sS�'���H3���sh���B�Y��p~xvu�ި�=�tSb��1�xf@��[�;2Ϟ!��دq�
[)I�6�AW+Wson&�Wv�n\�_1>rs��^�����'�`ޘjl�}8,P�nYi��3r1~�j/ Yo8���sѼt�\Cw9(GBz24&�}v]G[�5wM(��JƇ�gC!RGraB唽kQt�J�9D&"sOd+ه>%*HRs�O�ibtk�?�
�|i�7"�;6.h
E��4Y
J�M�Fǃ&_ ���x�/ʥ4134;p(�+4 FA:p--D��֚NO~R[ڗsR5
z���vq%TI�� V�Wu{�{Ճ��QO�>|3���WK9yb"k"�>*)-|�~k⯇quz>�絳S!ߺ����U�6ګNZ)
�"Cy#
7[6YAXin�feYީ��f2snXg���`v
V"/#y��l65F>7M2-+'�HI^ʫ5,OB�$E\ˌ�`��
uHG3jCGP.@R��zbu>\ta/&�;PAtGu��XD�"��wXOԄ$�E@8ZFfh,*Uã��Y(�{g[�s[hdc`qF
F�hIO?3k"sA|LQ��c�<�^�8\Ń4ɇW<�[a[h#fQ>5�:��]&�5Ap� J;,~n{nB,�u�?��%9[u�#u̱Qa܍֞v!�/7LIwTB츼O8)Ŷ%ƀ,��FDou��
�&_XP5Y1zrınsfLMn5ޮ=r���\L2�GqG�AGtF+B�H�}�oF�0e�/�{͔�6
Ko)ãV]}OXU1�l p�T'�TCq=⟺יfkgK#�B25m 6?!4�eUReF[ʝhňZ%Ƥ6(Ϭֽxn-�,��K\{oX#g%h!{k4V�"�T�rM»0e�ï�^�@�" �m�#uEԃc��pbcc�'N_ ̤h�i՛�٨XM]
@=�
�C!)i�GGOr����tI$IP|B똪4&߳1Ŀ��
Ʀ&^�}V�lp&B�_"�+�Xp= Jus1I�%[RS�<�3PL=%lZ�hh�_Qo244O!�N"~GǸ N�j�h{��=��^HD��Kסk�y2)[CX�/1!;Z �V섯P풴Jپ~�f7
dˀ2r�EV�W$~c&ݞboӝx + P�
#0YR;|!ȔPd:�MU2j�\�,O&!�;8�zM��`bŕ\t#
��Ӧ`�3~9Y0qyKGdcȨ��$~fс�p$sK-cS&_zi41��S6Z����O�8FGyM!iEbUU�^��$,C�R�ڄ�b_�b��#�o%=-"��P[~FƌϥC'*J�C5(HUҴq%9Ft',tm~{LSl>+f�v5 A=SO+&d�]�<�6�ǐ?kb
hwu씃1Ci��m)��˘`���Ӄ�ʢR%�ou�r�fR;�!�Oa�^�]�ʶMD0pN#¯�)(sKA�j1S�Gb4c�Yq\IU�b~>&f+�.4D]xP�_π�$)|�%�U8ѡ��ʘ`$�8#nuA(B�>WU+Tn8f},!ͺn��'�XC�"�E�Yt�='0%s`Qf=*�В�kZ�!@_��}
џZ(e#JԘ`W|Na/�b�,y�q&WEy5V��yqׁ5���Z�}₅>{1u��'Vn3���DĹk\�N�o9/3l�Jk�6@�!�1�pj��uh�aYC#@!�^u&Iw4,_}�@�u70� g�G�f�A(C�1?��n318Pm\� K@lk*xWuZ
uW|����7_R2
QFI|}Ss
i+�dԞR9�Ї*J߉O>L{7x{PEʪ s-[rZDZg(`|@�tV_xZ'UՔ1ρ��C]Q8B�QaW�-ax�~�EdS£$f%�;@Zog�O 4�Yk{H��q3c5�|V�j{%f��P��4�ȫ:$�9��˃mv:
Z�PM1�$u��b
}c:Zav`+"t"O5p3G�Ҥ㟏L|E̫��6wd{=qf'Y��]Y9C#⦨~uU�n?Rt#Ѱ�7�*+�<���"c�-tco1ر�0W=:!K2�LA�x��rbcUS
[bR惆u�vODu~-҅,�S?as
PI]us#+"�@Sfӂ��QΡ�{dmj�b
;'<_ h�`0a©�RfIT��:!⍱Sh|Z5$-?t%Á}�`)OXRv8,49H3TOM/#',�bMF^�" ,I�B2Ep�k%VAjLT1�$`>
c05Ύ:�\U�0y9c=��Tf,O?xfʶ:4澁blMou�rf���K�9͝gH�Ƽ`p>�\%Q���O)+�>Pl]C9)E_3�#zZi<��t�cą$$+|�dq'G�Y�ߎ
�%i%V&:Qav!p�AC�RPF@�n�l"Wa=��S,UM܆�N���L,�E7e�U)�(�*baFW�4T*a05] 2ξmꀫMTO�PLr�1wkƮWr���8�[��R%uG:��{�!�^X('�;ON;�WcF�bh
�u@��6 6Fa�$ ~3"c!]
@�7�+s��*Ѱ�Xe��~`�oUU�
Bw�xƇ��J*ÖQ<8'Gc[��Qah�n>5{yP�8�뾛`3SA]~ C.Wf�SC���;p[�]V�vJz�!
Q(9hMJ�Ԩ�>,SALU�qﵺ�2mRlZfRn8z��7~j#'RAN�5�ܴ!3��p5�ߙ�}V&ǍHNTl۽"9jY�!LDfOl28.mD߫�+u2$WwVTs�]ߢ>p�i"S`u4VC#BQd�H�>ֶBpZ��[_�UJt0c:�ûi ?jE�%|.!Q&?Km�7�L#aueAH�|G�IuX̯UIў6
�gȒ<2.X(AKH:�a�ŚM�3mО"nЛߕ:��7=,*�L� b�'ה]n@~M/4�Y'>B�6T��ZYV/sX2
Cn0XtYʆBb�v$OD)_+�ۨ�·q`�e�6r#58Q�91<'KdtJ\x֭{WP&+r _j~sq�kk�gӜՏ%R{+ͪ�AH�v���j�M
-o���ZA�8dZ
>�)oaNH
!ﺞrU
Mi��][��6g�-f�#*�N�J2_}-Cc=N[�l8|'k5^BS+�IHz�~�S (!ܼUz`RF#rV�aD�;=p�d4�3,ѯA
VZ�A�h}k$�Co!�s�H&�%+�kTQ9-0+��pA?�ƿ61d>-(q_*N��Lz�;Qs Ï$^`PgT, ZZ遢)8NE�U
�Ag9a�h�T9-G
��?.��"s�v:s|8Lo4u�Ѽ?B+G:cρ:fQM2%h*˪Dk?io�͜�S�ix@Ib0(l�:q�` sp��b;�YM+JO$�fmԫ2<#
\�m!w�W_�v:~�iS^qcQ`��j_chyP9K�O6��
N�
~d�>�
@sqޘw(��HL'_>~<(۪oD�P�p�FK)Ipk*/�ZN Pft6y�9xq;RJ۷#=�v1�gUAEY��\4�CxdO%W"�B)y"Uh�ԍ�(ĵXJfvпsּd'&8[J�y�Wρrj�5zƆ�c4e�EH6O߿C�.Z�/'~~k6'Fbwvة?��)A=�p&)&
�jĩ|5SjENdz8 �͆aኹDOU`rAZ�v��5H(d��r��=Q0J�*�E:o�Rㄇ�\l"x18{@ɳgo+Q,]v1)m�dTãYj'̱u*[J0[�[ *S#A[`��q<��G�[<ƕ=C��|UR �]��]3⌼h�yam%+)3HMaQjh��<�$ry�UlDTKC��5��ڨ�ݛ9zY�u^pK}ˀ?v.S)ųa4hU{-�b�ۀƦ!v-A/�7k:n$re�q5Oo�1W(^uذ0u��eK�ʭ�WȮNR
cu8��\>J8҃N�&�II��-* ��0^r�Aim�}+>Rnc`.Z}_B�@`RO`�!rQKqӚ"$Bk)`tҽ!Ge�TjK�;�&;�gir~G;-ċ
.�Xm�zT㖞�y2Q.�n*J>~](�BiB~���19Hvζ%.$]95 0/5S�S�E&+S���ө�y��+B8�d wpO=rf�i)��"�V!�-w1і@�
{(Zg���V`;$hJjQ.;Z u�8ϝ�D�^J�!
��ʥ(XoNr�\S�E�4U,f�b\{vђ��ɳ}=��!C�=M/wa^�lP9*4%+Y�7��)ZTф�},6gc; -GΜxfe*ڼGA;!3�̝}ΦXACYʬZЊ;VY^S�`OӬqB�C^=��,�=fy7�F�$I���2Kށ09g]�G@\or�Ӭn�Oܑ0͘3ܺKϚ��]a���\bZB%ko�(OM�]~=t1��1kX��1�:r\�%|�qzzVN(Tv_dfE�6fP~͘kNL-`����{'
�8aW�a�{�cCz1, OzAVO�+$GDo_W2]��'p!=9}b(g? Wז/?Q35
hS3�'i',��/(^�yJsAAUT*�pR2��v1\N�Y%5��>�zµ!�Wn��"`paF.�cDCQ��.�Z1^�[��WAӇsm,J,��F�MW�b
U7I!w?}J.b��~l�q\ۡ��-I_4}](z}�0+K�M�ɚؽ.p'/)`Y1���"k=BdÕI&,7Ґ�y7(Qߺ�|9.�옐%w$k/�2X0zΥ;=ZDp&qa�0oe;ĬEw/Lr4UH!Ն83WL#��5�!|FT[%$xdyV尤oӔ;#I�Xw�dj>tm �sQ%K�q/|k���.RHk&/, ҧ@�+��,On�:�Im_Jf�?�hL�d
A4�}j6d>��uUۯg�v_{��k/ޔt2X�M(�HrץPq��MWTgiLkkw"2��bJa<�j%�8F�"j/OP5&ۈ~|~_,�:�'Imd�I�mTt݃`�%�b'7MZ�A`5 J*Uo�[�I° 5ƕ\�X�1s�J�n/��7(⋳zVR<"l._ͤMg4@�Y\?XC�Q:�@3`O�zJZ"m
~/��U��uV�a��95ɚ�n5ֱz^/�bT«Sx,u 1Ą�i@<8~כ
���
�S7H����&_й�W�|v/C3���X.}�,xm�Kwkc�}�)a$0Z �S����
�w*Pq=dЬ
F+/G�N`Q��Z+��tte�=@- % a�4k{H���a\Pb� ~!ji[G㮷�fw�$�d1`=���inٍuHdnDEnIN�j5~�0&,!2�r{/c8ʤҬlhT5�x=�O\/~�D3N6ZD7Uc6O<�ʵ�a0Xs
s�{,皳 P10�ַu51FI
b5E8fCQ�x�DP}7q蘊墇-?̩�|Pԉ
n6�i'A�a
c1�DX٠�(ʬ|I�10f}I��"$ϜAy\'t�+Qphqt7W[+
>F_~��a)��OeDwAu2B[ܧ�s�=^S2�ynBd,˺ Io2w^��@�f j��#D|xo)ךȜ���CR.�l=xr�_�Z�m+9��AO^VYZB˱�T7
EKj;)m|�Wv�Ӆ�1#l�v. �ՠ�w�iw6�}Hv?ynFs8ֱ�Fw�4Z\j(�ӌ!�]Ϝq )'
~L`�TifݐybIH+RJ<�؝�r*
5ڢR^)=�#=
�ʻYG=F�Q2O9$W�
z;k:3� _(�^�f#=N�Md�>S:�|�A!GahaۑQfk_-7k'7rr�u7Ny�����L2_��L�Qܢ$;_7aQ Yt���Z�繡-R)
"�T �Ah�J3�"}Ym��v\�^;?d}�!_jvVU���.rG5�vHofXq�ސc#o7ګBI
�Mj/�@ ` 1��L괠Vʴ1O=x�N�hJԤ��͌ū!No�4Tag�|
f�
���Ec�*j5C*vH��:�]n0[v?��ì��BsMRo]*4;�9u��g]aCWFBqO�:h�uV5�m�R� X�瀝��<:seS�Rc�}6aܠlF��k;׳%ILpX"`����k`.qģ��ߨ�sD�jA+e�Kz�BÕA��2{'J`y{0qU}gBv Ժ̀Εy_�
IE�xj
'2I3?I=suG֦Uk@j=s~ ]t-Fw=�xVt/IY��jrY@Q�N+*1
w
کvc[h!nZ4x.=Β^7bէcx{M'oi�.YϏي�"�b2[;1�p+^>/t_FۗW}3ߟw�k�7\J̐~7o]E�2SP?% n2Z��&ٌu,&�7jDLr٦[�/��,[t={�(d��j2xNI!`؆OhK3|o�D�S\v,k}їV�(qs,+MQWXwr�=���5[+9ޟv�Վh�˭Xs�0Hs��;O�#J�S>\Gݔt�_��rϊ�-İ�)-s&@wz$r���?Sc$A.
�6A
q���{�c�ÃΛQnkء
6VB/�qm�|'C?ykI���*9MN�rQj"O
v8Ѡujy qq��� @�"A\*Du%I8Sv�[pȯ�£#hb��d�땎/�E]zIl}RI�sBI_�pR&
؉H/4i?�p��-~:70UctEʃ�S�JfK*xk'
赕�Z�f�|
O��2Zfޒa�J-]�{1j-z;mSU-Cȵ�6S�=�oC{;�
S�U7&�o��9�8*}֭h,op8�uI�l�yJOSgkXo!&l��c#yh?SpF3^ZMN.yr�;`ܹ"���oP��+b�H{�_H(;�;]m4ڌީ[쌅�rݠ1@gLd''�Uk|�� g�A^�:'G[̓2эXKCI�Jdh�hz(�j4m%@.i+�I�pZժ UR>/��?Q:C積2�eߏh]el#ˮ9���2^Y;1,gs<ķ3�'noifHI�
x�1c<~P�[{О=Zn:h7�[x&^dL-v1E^3&G93��j$�m`�EqWt�1
ʡ��;r~�ƮY!$c`,`(�/*ɍLJ�� AN)Ve}�b�PyO��
���c
+kJ1|_@zxĜ"W��,
3�Gq7cK�֯���%JioL�.;kT&q�t��N�eHY"^`y5�15OiD��ӬM�!Xb
x-�GļǕ�*K(E@)w$
.�"Ԗ�]I|�$B?&8�FSV`/%0ڱ^UiƯ濫2nu VdZ{��|1?:�DtK"חQQU�M>)����eӚ��)�5o�ʢWK sCr�� DO�k~x4�.ڲd'zGxVj>�/�ܗ��X�3P�s+!3bF��^e6ȥ�2l,Q=�nD%Ot~ ʁtH隢�Ry�yt�->��0eV4
%XV
)
�HJ_O�_N셗��(I.cBX >u�Y֊=���U5���@|fD_q0F&���Գ_smg=UPB^<�'�i^�
S.@G�'\q�EDc�nz*f`qb0�k�BbxX$�C{��u�i(�q�l{I ITwbVҮu
^Or3YW/qy}gIzc_�u_���;2Y
6+ d�?n7*8Jsg擴]�i�:�>T}1iGFq5�vnA_cz�c�CWT�q:M4 ʓ؊dPS�;}M8#e�OX�7@�9��Q[@6qԞ^yV`*{^2W�&y�͡t�aU2A0e�?^�jEzæ(1�tm+TZnh|K&2Rr0AyZ�$T!�q�#(ZR��O6jr}P8%2�DR-s'A]-7%R�B鿋o��Nk�<;[f�u�oF
�xn+I ^�e ˔j_i��9O;�8maK-Ȃ�w'X=?�NM�3<�ÿ>px�k~�1R{R�I&&ܾh�m.K䲙W}W&нH�.+c�0IԄ��/|na@:S%�kj��Ͽ"�+�=;&�Ċ�8 t斔Ä�d qgk%`٭�Մ���Lu��$yq'lgK�@�_�P@4(��elUšњ7Yd`pW})BNn}U
��9pNl@t9^8"��X3:T,ex'ir_й>&S�8o0Q�
WC7V߬r)zS�o��@"%h-> ��]H⤷�E��%qc}(~���$UVHB�A�LW|�8ug =��y˚-ӧ?�D�i~`�}�Mڔ3&j:Mo�;/Ɛf-q"%,,9�� O(~ilM�G1:ѽ M�lma �zQiѠx��pj'D\`�*b8PBit��+Eh�^h lB�
i5�C�5'μ05�w��)CmF�A;�g�>�
#�F�Xf5�h -rGT�Ga)J5�5��ؐz3XDz˂�m4aY{�Kwѐ��NQ�ܸz�KM�_�+Nn�݄~�/�,�i�X
y\BC��z��"AY�$��=;ONӅv+# �ֿ)qC�FV�$JΡ8Abg' �_}JD]bʬ;>\W��*���Ko4JXJ3'"�đs�|{n,� "0VC8K��ݥG{�y��z1ae.
�/*��j�$b^�'%]Sp�(�#8Z�z*KV[}ڀ䰨VxBFa��8�FTY�[�2a!zirw)(�qDGxz�vhe
�GVREoQ��Wʯe؏�}Q]��MY[�R�1��w5h}!Mwv�@K��\'=q#C�Bӫd^~\2�J�0v\ AK�wWm �B�Z4�*G '�rCӰ?{vfQbܷ�8!�.D�ov`@�6>atzz
˿}y%zmފ?fއfx\�ڂ1�2[
9l�oфv
� #�?XPShh�scg�;��g1kLIY�W
jFq7��="$`'ղ�t"XW�5AD FO�zbV;P¨q(�h@F@CɺZ`5�Ɔ�T���l�1P�ȼD^�GZ3ɻP%K齽��@ɜ��#p/q�|v����
<$ځiw5*ۅ4#ΩЧl86<�d}G�OQvmga#qɋu�U�QF P/�j�� �L? >٤|t(Z�MO��.MkK0=\j/6!"����8ˈPGc*]Dg2;>,>l¼(24X��ܦ�e��y"�V&A�d9~�z�P����o9u�۩y�֓�eP잯K77d�D�~IFN^D����[a�>y17�V8�c%q�e�2EtF)*�rر�AR,�6�mW%8؈AK�ޯ�*�8y�aI,d qp�^xH�'L�PY=S�gnaNK`**�"3v�"��-M�;C���Ҥ~�
S�qXMY��*I#;DR(},"j*i��=h��z�;�MgCew<+v,�p�-)
sК=`G6n,�jB:y<�{OcwGr6��!Cȝ,A4s�3�gzt�] @OS�gH9)w!֑9Wjw#TW巾)�-e=�Lߟ �Be>GbC<�초Moũ+ֱnzt�U�8�պ�Ba~�҅&ƈF8NZ�W�?\/<Ђq$�q�#^�2:Utx �A�O�k7���S�'4��;z?RID=g>R8;�Ml_x~STz6
C5)J���HKCY!0SR��KȬ��13Qm$e�aL�#RoA;cC�&&◻�H=H�D*�L*vB��*As�E@.h��,n{/dt��[r'##]W&dן�#C.|nH}9/�[ݬG�ܨ~Tm�tMTň�d&_�POOU�ep�WAZlk�z
:CbPb3
R%^1�j5>
O8p�E?rRIMK̋D�$5�*R]�QP0M_���%Ge�;��g(Iq^MY<]K&�[��/҆ܩXu,��c_^qB��)�):�nNO�I<)��"x�w]Q�K�wK?�*F$2�5�j�
l�ς:F/;&V�%BɊ�@`�7U`RPU�ozWy;�PM^g33Bݜ^{\rP�FgfO&ōxTz�{Ry�B0�6U'۞5��[
t�*
%5�(PqF\uvO�g��wFF^XGQ7P2�;VnFn�Y ?9�[#+�FXٗ|
Hn:K(�`w��
{@) Y�Z8b]�<,>��eG2qrL��J�n�j<�9�'R ,�Y,��TⳐ?zO(�~��zVĢp%�yT�(�w Ŕ�*�)�)a%��������2�Me ViGT�2++7R�bbe���Ͳ�
?XL������
YZ