stunnel-5.44-lp151.5.3.1<>,s]/=„KM )7QŦ ?pa-~$*.L'o[ 5Cl=;O(wYڌF X:@4{ ̍@U#4 mqT-r0ꌮ!͘OA7՟@;\F}y8aj} IEJ~]{3濉W _LI{g dŌUEi#f@o[2{;,y~zSy>KV#42>F[?[d   0$- Fg\  <   \w8(("(("B8"L9":$=RQ>RY?Ra@RiFRqGRHRIShXSYS\S]T$^U< bV$cVdW^eWcfWflWhuW|vW wZ0xZy[z[p[[[[Cstunnel5.44lp151.5.3.1Universal SSL TunnelThe stunnel program is designed to work as an SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that, while having non-SSL aware daemons running on your system, you can set them to communicate with clients over a secure SSL channels. Stunnel can be used to add SSL functionality to commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers without any changes to the program code.]cloud126openSUSE Leap 15.1openSUSEGPL-2.0+http://bugs.opensuse.orgProductivity/Networking/Securityhttp://www.stunnel.org/linuxx86_64if ! /usr/bin/getent passwd stunnel >/dev/null; then /usr/sbin/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \ -d /var/lib/stunnel stunnel fi test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in stunnel.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in stunnel.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-stunnel-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-stunnel-update-$service-new-in-upgrade" fi done for service in stunnel.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset stunnel.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in stunnel.service ; do if [ ! -e "/run/rpm-stunnel-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-stunnel-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in stunnel.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi PNAME=syslog SUBPNAME=-stunnel SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi if ! test -s etc/stunnel/stunnel.conf; then cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf echo copying default config file to /etc/stunnel/stunnel.conf fi # first installation? if [ ${FIRST_ARG:-0} = 1 ] && [ ! -f etc/stunnel/stunnel.pem ]; then cat usr/share/doc/packages/stunnel/README.openSUSE fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable stunnel.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop stunnel.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart stunnel.service ) || : fi else # package uninstall for service in stunnel.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fiWH FHCai;-CAAA큤AAAAAAAA]]]]]]]]XjcNFkvT.9qD*=6:U!=6Y=6Y]E5!]]]]]]]]]]130588c536705ffc7eeb442f31d92a1bccf6d477bc5de5252bc1b3c27eeed43e4a54678f02dfa4db083732f18bd916bd93f37d1da5854217f1dd657c02fc870e4eb51e7a6961f1c054b84a33605f9709903b168f05eb3155f41b452b3daef657d7cf7832c9a7e862e21d0ad58156418f13e7eff83faaf5cf6329b7634a87ae19c43821865591e4d893906e2801b5ec4de58e51978f5563a61475cd0adc0bec4d1ee2b290e92c211b08df10e9fcaf32596cdb22b8eae731b18c2c074a4a83eebebab7201e0e5385c37a3ec1e604a0eb7fdd4aa5f06a4338227da5cd17cdc4c9623fa573250a5bce07b3f96f84c90828c489b088dc8ba7b1d0bd185e29ce065a48afb38249a10f814633d088a59bf642b509b61740d32031d57dd5c2989ed3017aef0fe5bc0fd310d5148810afd7ab0add54f038eb7da8c94244550b966a375095e7584fc19775a8eb7bd4838ca0375805ed881656d8d2bbee1196ea088709d8704b6f0bd606058980f3f0b8a5482499ff4bd0eae8db7819482ca35789f17eb300a16245915948160e1a796585f756a6b6fcc9a3d9e9da7577a716b6c583742ac18d5992ae19306d9a6872f43ada1c7a53bd3a3bd989ae9756ecdd6e9d453a7a66d5eaef5f7f6dabc4dfcd294b448ed4aafa4a2010b27a964d9958940e749633a64589c4765e962b884e1a10d10ac6391d9f62b652ef043d2770d21551916d6ef1servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootstunnelrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootstunnel-5.44-lp151.5.3.1.src.rpmlibstunnel.so()(64bit)stunnelstunnel(x86-64) @@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/perl/usr/sbin/useraddcoreutilsdiffutilsfileutilsfillupgrepgroup(nogroup)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.9)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libutil.so.1()(64bit)libutil.so.1(GLIBC_2.2.5)(64bit)libwrap.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemdtextutils3.0.4-14.6.0-14.0-15.2-14.14.1]{ZyZs@Zhu@Z@Y@YoIX-Xߖ@X@XXj@XIK@XkXWv@VVvUL@Uc@UnUU3@TZ@Vítězslav Čížek vetter@physik.uni-wuerzburg.dejengelh@inai.deavindra@opensuse.orgrbrown@suse.comvetter@physik.uni-wuerzburg.demichael@stroeder.comwerner@suse.demichael@stroeder.comkukuk@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.comjengelh@inai.dedrahn@suse.comdrahn@suse.commichael@stroeder.comopensuse@dstoecker.dedrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.commichael@stroeder.com- Install the correct file as README.openSUSE (bsc#1150730) * stunnel.keyring was accidentally installed instead- Revamp SLE11 builds- Do not ignore errors from useradd. Ensure nogroup exists beforehand. - Replace old $RPM_ variables. Combine two nested ifs.- update to version 5.44 * Default accept address restored to INADDR_ANY * Fix race condition in "make check" * Fix removing the pid file after configuration reload - includes 5.43 * Allow for multiple "accept" ports per section * Self-test framework (make check) * Added config load before OpenSSL init * OpenSSL 1.1.1-dev compilation fixes * Fixed round-robin failover in the FORK threading model * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown() * Minor fixes of the logging subsystem * OpenSSL DLLs updated to version 1.0.2m - add new checking to build - rebase stunnel-listenqueue-option.patch - Cleanup with spec-cleaner- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- add more verbose change log: Version 5.42, 2017.07.16, urgency: HIGH - New features * "redirect" also supports "exec" and not only "connect". * PKCS#11 engine DLL updated to version 0.4.7. - Bugfixes * Fixed premature cron thread initialization causing hangs. * Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1. * Fixed pthreads support on OpenSolaris.- update to version 5.42- Require package config for libsystemd to help the configure script to detect and enable systemd socket activation (boo#1032557) - Refresh patch stunnel-listenqueue-option.patch- update to version 5.41- Don't require insserv if we don't use it- update to version 5.40- update to version 5.39- update to version 5.38- Update rpm group and description and make -doc noarch - Do not suppress errors from useradd - Remove redundant %clean section- update to version 5.36 - Removed direct zlib dependency.- update to version 5.35 - repackage source as bz2 - adjust systemd unit file to start after network-online.target - bugixes: * Fixed incorrectly enforced client certificate requests. * Fixed thread safety of the configuration file reopening. * Fixed malfunctioning "verify = 4". * Only reset the watchdog if some data was actually transferred. * Fixed logging an incorrect value of the round-robin starting point (thx to Jose Alf.). - new features: * Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control. * SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia). * Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev). * New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. * Added logging the list of client CAs requested by the server.- update to 5.30 New features Improved compatibility with the current OpenSSL 1.1.0-dev tree. Added OpenSSL autodetection for the recent versions of Xcode. Bugfixes Fixed references to /etc removed from stunnel.init.in. Stopped even trying -fstack-protector on unsupported platforms (thx to Rob Lockhart).- update to 5.29 - system script restarts stunnel after a crash - readd rcstunnel macro for systemd systems - drop stunnel-ocsp-host.patch (included upstream)- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL versions. Replaces stunnel-5.22-code11-openssl-compat.diff.- update to version 5.22 New features - "OCSPaia = yes" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21). - Remove executable bit from sample scripts - stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11- update to version 5.21 New features - Signal names are displayed instead of numbers. - First resolve IPv4 addresses on passive resolver requests. - More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP". - Performance optimization was performed on the debug code. Bugfixes - Fixed the FORK and UCONTEXT threading support. - Fixed "failover=prio" (broken since stunnel 5.15). - Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.- update to version 5.20 New features - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - Documentation updates (closes Debian bug #781669). Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - Fixed the manual page headers (thx to Gleydson Soares).- update to version 5.19 Bugfixes: - Improved socket error handling. - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed memory leaks in certificate verification. New features: - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - Randomize the initial value of the round-robin counter. - Added "include" configuration file option to include all configuration file parts located in a specified directory. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Warnings are logged on potentially insecure authentication. - stunnel-listenqueue-option.patch: Refresh. - stunnel3-binpath.patch: Obsolete, dropped. - stunnel.service: Modified to start after network.target, not syslog.target.- Update to version 5.09 Version 5.09, 2015.01.02, urgency: LOW: * New features - Added PSK authentication with two new service-level configuration file options "PSKsecrets" and "PSKidentity". - Added additional security checks to the OpenSSL memory management functions. - Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE OpenSSL configuration flags. - Added compatibility with the current OpenSSL 1.1.0-dev tree. * Bugfixes - Removed defective s_poll_error() code occasionally causing connections to be prematurely closed (truncated). This bug was introduced in stunnel 4.34. - Fixed ./configure systemd detection (thx to Kip Walraven). - Fixed ./configure sysroot detection (thx to Kip Walraven). - Fixed compilation against old versions of OpenSSL. - Removed outdated French manual page. Version 5.08, 2014.12.09, urgency: MEDIUM: * New features - Added SOCKS4/SOCKS4a protocol support. - Added SOCKS5 protocol support. - Added SOCKS RESOLVE [F0] TOR extension support. - Updated automake to version 1.14.1. - OpenSSL directory searching is now relative to the sysroot. * Bugfixes - Fixed improper hangup condition handling. - Fixed missing -pic linker option. This is required for Android 5.0 and improves security. Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements./bin/sh/bin/sh/bin/sh/bin/shcloud126 1574421240 5.44-lp151.5.3.15.44-lp151.5.3.1 stunnelstunnel.servicestunnellibstunnel.sorcstunnelstunnelstunnel3stunnelCOPYINGCOPYRIGHT.GPLCREDITSREADME.openSUSEca.htmlca.plimportCA.htmlimportCA.shstunnel.conf-samplesysconfig.syslog-stunnelstunnel.8.gzstunnel.pl.8.gzstunnelbindevetclib64sbinvarrun/etc//usr/lib/systemd/system//usr/lib64//usr/lib64/stunnel//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/stunnel//usr/share/fillup-templates//usr/share/man/man8//var/lib//var/lib/stunnel//var/lib/stunnel/var/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11563/openSUSE_Leap_15.1_Update/d49a0bc19a3e300105c6fcfd7d13db07-stunnel.openSUSE_Leap_15.1_Updatedrpmxz5x86_64-suse-linux directoryASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=95e4efc4cb7039e0028bac34855178c92a8f96b6, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=aac2b1f46839ba3abd07a403fd8a162978531755, for GNU/Linux 3.2.0, strippedPerl script text executableHTML document, ASCII textBourne-Again shell script, ASCII text executableUTF-8 Unicode (with BOM) texttroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)PRRR RRRRRRR RRRRRRRRRRRR R duGa;?lutf-87f0892ac95f904ce2948b95847c50b5b2998e84055023814b598b17e416c4ce0?7zXZ !t/'K]"k%f?wqs93KQB͡+5#_ ?9fK&h9d\2Nٟ p&'Qs>Gn(?3%H;7,2i-EB,*z(Lڼ-z? #5 UPdջ VV5hH&vWӼEC9/}_F^@ h] ^(0$_yIl5GQ^WvH;َq,ڞ]6l2_*ԍ ȲD RTτ< ;fH:Ky/SfC/v:l-2Z";JkRo<^xb]lE37Q UёJ6- ؆F^hD!8]? ]5`*8BFȸG>} n~h٩~,i,5͎ B㖉]Ϗ܋!ӥi܋Rn{ĭb~,CJ:NkB'SC]xmשwwB!e1$ pcօ*;#d,~7:ڈ|-!+ۥ tmouws{YW,eS%=*}/TlΦ";Qn CaJ ͐ eG)ʆ;)4Xy؁8VcصkEyFԎOyT:ݯ2P1O8WF8!jho`j->@xݘʩ $/D|jVgnzX w,ޫ<0lKhdT/L*sA xLqLyǐkT(Y =;Gu*3pݐNF?v2X,q)`Tsފ{R ">1S[H-ˠ ]Kv0"(ީnZ1^2G'!dN3$:P>7WFIh婪n$'QpWh RHS@X߱iTȖ{nm>W{ w̵~ ׅ=jA^qdP7PKu::0dºH2!u!RP( ~ 'uA /ŽN!3"2d:٠}I& &:0o>kJN$+K[qi]}T9_ųįq/&Ȝ.Ng%QLT~_]2: K7 }:.k |LmۍY1\jֹ$٦s]Y~O"KC{}I6^m>hИ 'h$P20Уm)bV5R=̟)7iHN96㟮$^Y8.\DnjhfTp&Y@!_pS/!pՁQ3a:͎t۽Jʫl>*j% NA\I-Gʝ>6 Hh> -%̱c``#FY+?=)yleS~eאN~>Kͬ]?ߦLHz%gvtaјWxꌎuB@mlF*r"zvtAcrz6Rs^,p%bT@'Fm{^ԆR ݉cO01{=)=FE2jzsxyoOzO`Xlҏξ0:,I|Q'l@@rxѯM)UP +ОڲY_ PnvzpHBFWeڸmtɯQ-(1Qo*~UF;f'*'q~J) ~]Uuc1y?e7.5-R]Id>Y"}iɃ,('9{ǓO9 `{6* 0. HO&iwW @vWy&*hRh<٦ Fޗ8,"mCb"{֘qxK{]n,F4X~3֪lA[JlH!H[ Z\= ]ky ؾtNl2gƅ!V_R!`8*yM9MOߩe=lzA_?/x"j"ʢt6 /vi %Lkldo6rdF4GL7ƫU0@` VJU|đBOhuW7mω X]UF'鉾@qΎ;_y5| 4~y2'sQ'=&8DȇW*毈G3q^ m{3K'dia[$*5 &JF{GFw񲮒ܚ+8U&p7f |9h;feוwL}9M2&usP-.n$O%abg\ӸW(GQ \ -DS ހ~q`3b^Y xGKA7%qׂd"@MAUD9Ꚃ6Z\޵QODYMGjF|?&~S6s?Ȃ'[i{d[?mFִzui7Uiej+cdvUgO٤. ݒѼl: *|M;F;A)7't2%e7pOuܱvY  Z$f;z4aw:֘ ?2 3[iƅ`ƖmmE0Ju0&OXb YZ