dhcp-doc-4.2.4.P2-0.34.1e>UA=tRF,6?Q|=$jW}vEe͉Bp(jĞ *6ƺ\%ŭ;ڣ>5a?`d   ), Ej/T/ / / /  /  L/ / /  /    A( W8 `&9 &:&FYXGYl/HZ(/IZ/X[Y[ \[D/]\/^^b_c`5d`e`f`l`z`Cdhcp-doc4.2.4.P20.34.1DocumentationThis package contains additional documentation files provided with the software. The manual pages are in the corresponding packages. Authors: -------- Internet Systems Consortium, Inc. Q[build30XopenSUSE 11.4openSUSEBSD-3-Clausehttp://bugs.opensuse.orgProductivity/Networking/Boot/Servershttp://www.isc.org/software/dhcplinuxi586@gp~[kHE Z  SC u.`b~ ,)\0[x @5A큤A큤A큤A큤A큤A큤Q[Q[O%P<)/Q[P<)Q[Q[P<)P7P7O%Q[O%DO%DDDQ[Q[P7P7DQ[Q[Q[Q[Q[Q[DO%O%Q[Q[Q[ ~8k from bigger ldap objects. Fixed to free the ldap config buffer passed to the config parser and append new config, while the parser is in saved state (bnc#788787). [dhcp-4.2.4-ldap-0003-resize-ldap-buffer-to-not-truncate-objects.patch] - Fixed subclass name-ref and data quoting/escaping (bnc#788787). [dhcp-4.2.4-ldap-0004-subclass-name-and-data-quoting-escaping.patch] - Fixed memory leaks on ldap_read_config errors (bnc#788787). [dhcp-4.2.4-ldap-0005-memleak-fix-in-ldap_read_config.patch] - Fixed dhclient-script to discard MTU lower-equal 576 rather than lower-than (bnc#791280). - dhcp-ldap: fixed a memleak while subnet range processing, fixed to reset bufix variable in ldap_read_function to 0 and to set buflen to the complete length (do not discard last character, usually \n). This caused a parsing error at further run of the function, e.g. while processing the second dhcpService container that the dhcpServer object may refer to (bnc#784640). [dhcp-4.2.4-ldap-0001-memleak-fix-in-subnet-range-processing.patch, dhcp-4.2.4-ldap-0002-reset-bufix-in-ldap_read_function.patch]- Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167)- Merged package from openSUSE-12.1 with update to ISC dhcp-4.2.4-P1 release, providing following security fixes (bnc#772924): - Previously the server code was relaxed to allow packets with zero length client ids to be processed. Under some situations use of zero length client ids can cause the server to go into an infinite loop. As such ids are not valid according to RFC 2132 section 9.14 the server no longer accepts them. Client ids with a length of 1 are also invalid but the server still accepts them in order to minimize disruption. The restriction will likely be tightened in the future to disallow ids with a length of 1. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29851] CVE: CVE-2012-3571 - When attempting to convert a DUID from a client id option into a hardware address handle unexpected client ids properly. Thanks to Markus Hietava of Codenomicon CROSS project for the finding this issue and CERT-FI for vulnerability coordination. [ISC-Bugs #29852] CVE: CVE-2012-3570 - A pair of memory leaks were found and fixed. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. [ISC-Bugs #30024] CVE: CVE-2012-3954 - Update to ISC dhcp-4.2.4 release, fixing a dhcpv6 server assert crash while accessing lease on heap (bnc#767661) and other issues. Please read the RELNOTES file for complete list of changes. - Replaced our patches with a complete and upstream verified patch: - Fix some issues in the code for parsing and printing options. [ISC-Bugs #27314] - properly parse a zero length option from a lease file. [ISC-Bugs #22796] - properly determine if we parsed a 16 or 32 bit value in evaluate_numeric_expression (extract-int). [ISC-Bugs #22625] - properly print options that have several fields followed by an array of something for example "fIa" [ISC-Bugs #27289] - properly parse options in declarations that have several fields followed by an array of something for example "fIa" This patch obsoletes the following (bnc#739696) patches: - dhclient: parse_option_param: Bad format a - zero-length option lease parse error in dhclient6 - Merged options check patch for the new version - Merged / updated ldap patch, contains fix to escape values used in constructed ldap filters (bnc#721829). - Fixed dhcp-server init script to check syntax and fail while force-reload and restart to avoid stopping of running daemon followed by start failure. Moved lease file check to a separate action so it is not used in restart (bnc#762108). Added libgcc_s.so to chroot, so the server can report assert crash line. - Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to netconfig for processing (bnc#770236).- Fixed incorrect "a" array type option parsing causing to discard e.g. classless static routes from lease file [reported as ISC-Bug 27289] and zero-length option parsing such as dhcp6.rapid-commit in dhclient6 [reported as ISC-Bug 27314] (bnc#739696). - Fixed dhclient to include its pid number in syslog messages.- Applied security fix for a DoS due to processing certain regular expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539): * Add a check for a null pointer before calling the regexec function. Without out this check we could, under some circumstances, pass a null pointer to the regexec function causing it to segfault. Thanks to a report from BlueCat Networks. [ISC-Bugs #26704]- Applied fixes extracted from dhcp-4.1-ESV-R1..R3 correcting two denial of service flaws via crafted BOOTP packets (CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653). - Moved server pid files into chroot directory even chroot is not used and create a link in /var/run, so it can write one when started as user without chroot and avoid stop problems when the chroot sysconfig setting changed (bnc#712438). - Fixed dhclient-script to not remove alias IP when it didn't changed to not wipe out iptables connmark when renewing the lease (bnc#700771). Thanks to James Carter for the patch. - Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz to ensure, they're not used to build non-GPL dhcp (bnc#714004). - Disabled log-info level messages in dhclient(6) quiet mode to avoid excessive logging of non-critical messages (bnc#711420).- Fixed dhclient-script typo causing ISC DHCPv6 client to execute ifup pre-down scripts also while renew, when the ipv6 address did not changed (bnc#690859).- Relaxed the check of the domain-name option causing a regression, when the server is misusing it to provide a domain list and does not provide it using the domain-search option (bnc#675052).- Discard string options such as host and domain names containing disallowed characters or beeing too long. This proctive patch limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space (bnc#675052, CVE-2011-0997).- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides following fixes (digest): * Several fixes to OMAPI, cleanup of dereferenced pointers in the omapi handle, handling of pipe failures and status code in omapi signal handler that may cause connect failure and 100% CPU use. * Handle some DDNS corner cases better * Several fixes to lease input and output * Corrected side effect of printing all data strings as hex. * Host record references leaks causing applying config to all innocent clients. * Memory leak when parsing a domain name * Fixes to configuration parsing including infinite loop. * Fixed for unexpected abort caused by a DHCPv6 decline. For the complete list see the RELNOTES file, that is available also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES. - Removed obsolete optional-value-infinite-loop, no-libcrypto and CVE-2011-0413.bnc667655 patches. - Merged the dhclient-send-hostname and ldap patches.- dhclient-script: fixed typo causing that only global settings to set hostname and default route were applied for primary and never per interface settings (bnc#673792).- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle xen partial UDP checksums (bnc#668194).- Applied security fix for unexpected abort caused by a DHCPv6 decline message (CVE-2011-0413, VU#686084, bnc#667655). - Fixed dhclient.conf to request the domain-search option.- Updated to ISC DHCP 4.2.0-P2, a security release fixing the handling of connection requests on the failover port. Previously a connection request from a source that wasn't listed as a failover peer would cause the server to become non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE: CVE-2010-3616, bnc#659059).- Enable ldap CASA support on SLE only.- Fixed to use same/correct dhcrelay6 interface variables in the sysconfig file and in the dhcrelay6 init script.- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to handle a relay forward message with an unspecified address in the link address field. Previously such a message would cause the server to crash. Thanks to a report from John Gibbons. [ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902) The 4.2.0 version is a feature release, implementing asynchronous DDNS processing and includes "The LDAP Patch". For a complete list of changes from any previous release, please consult the RELNOTES file within the source distribution or on the ISC website: http://www.isc.org/software/dhcp/420 - Fixed compilation to avoid segfaults as soon as ldap is enabled, merged our ldap patches from 4.1.x branch.- Fixed a dhcrelay segfault while receiving packets on interfaces without any IPv4 address assigned (bnc#631305, reported upsteam as [ISC-Bugs #22409]). - Fixed a common infinite loop while parsing options with optional parts in the value such as in slp-service-scope option (bnc#643845, reported upsteam as [ISC-Bugs #22410]). - Fixed init scripts to report correct LSB codes in status action, when the config file or the binary do not exists (bnc#640336). - Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580) - Avoid pid check error message in the rcdhcpd[6] (bnc#646875)- Fixed server lease file path in contrib/listlease and leasestate changed to extract contrib and examples using setup macro.- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf to rfc3442-classless-static-routes for compatibility with the NetworkManager making use of /etc/dhclient.conf now and adopted /sbin/dhclient-script (bnc#625770).- Fixed ldap option number conflicting with new options (bnc#625358)- Added a fix for an lpf bind error messages making it easier to localize problems (bnc#617795)- Updated to ISC DHCP 4.1.1-P1 patch release, which contains a pair of bug fixes including one for a security related bug (bnc#612546, CVE-2010-2156): * A bug was fixed that could cause the DHCPv6 server to advertise/assign a previously allocated (active) lease to a client that has changed subnets, despite being on different shared networks. Dynamic prefixes specifically allocated in shared networks also now are not offered if the client has moved. [ISC-Bugs #21152] * Accept a client id of length 0 while hashing. Previously the server would exit if it attempted to hash a zero length client id, providing attackers with a simple denial of service attack. [ISC-Bugs #21253]- Added rc.dhcrelay6 as source in the spec file- Fixed dhcprelay scripts to source sysconfig file correctly - Fixed spec file typo in arping path require, enabled ldap - Fixed a dhclient option name and new/old ip address check- Updated to ISC DHCP 4.1.1, the current 4.x series production release, providing DHCPv6 client/server/relay implementation. The programs act in DHCPv6 mode, when the -6 start option is set. We install separate init scripts with a 6 at the end to handle them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is also a link to the binaries with a 6 at the end, e.g. dhclient6, making it visible, that the installed version supports DHCPv6. - Moved additional documentation to a separate dhcp-doc package. - Changed to provide config files and scripts as source files instead of patches to the ISC scripts. - Adopted spec file and config/scripts, merged in all patches. - Implemented RFC 3442 classless static routes support in the dhclient-script (bnc#555870).- Updated to ISC DHCP 3.1-ESV, an extended support version release which includes a small number of bug fixes (bnc#592178) over the 3.1.3 version: * Modified the handling of a connection to avoid releasing the omapi io object for the connection while it is still in use. One symptom from this error was a segfault when a failover secondary attempted to connect to the failover primary if their clocks were not synchronized. * Fix test in dhcp_interface_signal_handler to check that the inner handler has a signal_handler before calling it. * When using 'ignore client-updates;', the FQDN returned to the client is no longer truncated to one octet. * Clean up some compiler warnings - ticket 19054. - Fixed vlan interface check in dhcpd-restart-hook if-up.d script (bnc#599702) - Touch dhclient.leases in post-install script instead to provide an empty file, versioned provides/obsoletes (rpmlint warnings).- Fixed dhclient-script to call ifup -o dhcp and signal "complete" to ifup when all configuration is done (bnc#585380,bnc#518219).- Enable parallel building - Use large PIE model on all SPARC flavors- Fixed dhclient-script to use correct sysconfig run dir path to not to break the defaultroute/hostname setup (bnc#555095). - Don't request any specific lease-time by default (bnc#516459).- Fixed dhclient-script to forward new_domain_search as DNSSEARCH to netconfig.- Updated to dhcp-3.1.3 maintenance release fixing several issues (a digest, see RELNOTES for the complete list): * Remove infinite loop in token_print_indent_concat(). * A parser bug was fixed that segfaulted if site-option-space was tried to be used interchangeably with vendor-option-space. * Two uninitialized stack structures are now memset to zero, thanks to patch from David Cantrell at Red Hat. * Memory leak in the load_balance_mine() function is fixed. This would leak ~20-30 octets per DHCPDISCOVER packet while failover was in use and in normal state. * Fixed setting hostname in Linux hosts that require hostname argument to be double-quoted. Also allow server-provided hostname to override hostnames 'localhost' and '(none)'. * Added client support for setting interface MTU and metric, thanks to Roy "UberLord" Marples . * Fixed failover reconnection retry code to continue to retry to reconnect rather than restarting the listener. * Fixed a bug where an OMAPI socket disconnection message would not result in scheduling a failover reconnection, if the link had not negotiated a failover connect yet (e.g.: connection refused, asynch socket connect() timeouts). * Versions 3.0.x syntax with multiple name->code option definitions is now supported. Note that, similarly to 3.0.x, for by-code lookups only the last option definition is used. * Fixed a fenceposting bug when a client had two host records configured, one using 'uid' and the other using 'hardware ethernet'. CVE-2009-1892 - Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes. - Merged dhclient script, removed obsolete CVE-2009-1892 fix.- Replaced mt-02 ldap patch from old git repository with equivalent one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).- Added dhcpd-restart-hook if-up.d script that restarts dhcp server while network restart when a virtual interfaces as bridge, bond or vlan goes up again (bnc#517810).- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).- Updated to dhcp-3.1.2p1 maintenance release fixing following issues: * A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option. * A double-dereference in dhclient transmission of DHCPDECLINEs was repaired. * Fix handling of -A and -a flags in dhcrelay; it was failing to expand packet size as needed to add relay agent options. * Corrected list of failover state values in dhcpd man page. * Fixed a bug that caused some request types to be logged incorrectly. * Fixed a coredump when adding a class via OMAPI. * Clients that sent a parameter request list containing the routers option before the subnet mask option were receiving only the latter. Fixed. * The server wasn't always sending the FQDN option when it should. * A partner-down failover server no longer emits 'peer holds all free leases' if it is able to newly-allocate one of the peer's leases. * A cosmetic bug in DHCPDECLINE processing was fixed which caused all successful DHCPDECLINEs to be logged as "not found" rather than "abandoned". * Some failover debugging #defines have been better defined and some high frequency messages moved to a deeper debugging symbol. * The CLTT parameter in failover is now only updated by client activity, and not by failover binding updates. * Failover BNDUPD messages are now discarded if they conflict with an update that has been trasnmitted, but not acknowledged. * A bug cleaning up unknown-xxx temporary option definitions was fixed. - Removed obsolete dhclient-no-dereference-twice patch - Improved dhclient-script to apply global dhcp settings, when there is no interface config (bnc#480922). - Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1. - Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git and the git changelog at the begin of the patch.build30 1364918433_fg`cadebhij                           4.2.4.P2-0.34.14.2.4.P2-0.34.1dhcp-docDDNS-howto.txtIANA-arp-parametersLICENSELIESMICH.SuSEREADMEREADME.SuSEREADME.upgradeRELNOTESReferences.htmlReferences.txtapi+protocolcontrib3.0b1-lease-convertclearipdhclient-tz-exithook.shdhcpsyncdhcpsync.8dnscompr.pyldapREADME.ldapdhcp.schemadhcpd-conf-to-ldapleases.awkleasestatelistleasems2iscRegistry.pmms2isc.plreadme.txtreset-ipsethostname.shsolaris.initexamplesdhclient-dhcpv6.confdhcpd-dhcpv6.conffailover_dhcpd.conf.sharedfailover_primary_dhcpd.conffailover_secondary_dhcpd.confsimple_dhcpd.confja_JP.eucJPdhclient-script.8dhclient.8dhclient.conf.5dhclient.leases.5dhcp-eval.5dhcp-options.5/usr/share/doc/packages//usr/share/doc/packages/dhcp-doc//usr/share/doc/packages/dhcp-doc/contrib//usr/share/doc/packages/dhcp-doc/contrib/ldap//usr/share/doc/packages/dhcp-doc/contrib/ms2isc//usr/share/doc/packages/dhcp-doc/examples//usr/share/doc/packages/dhcp-doc/ja_JP.eucJP/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:100/openSUSE_Evergreen_11.4/8504ecf06cc1ab41dfa60ec61bdbc73b-dhcp.openSUSE_Evergreen_11.4drpmlzma5i586-suse-linuxV٣xڪWˋ+?]"k%jYa9Em/2< 4kş־{pg|mAR]MU1Xp8^I҈'zDݔ&Ba$$\D8/Dn:` [V(8!y<tމi75G!ñAptY_4IeԸ¥+J nia$jZ5kY9 ,۶>~ddf[8Xliax̟GKUڈGZť/oG,_K't@;N\ǞGQeA3'm; hko}ye8yA z'H' O] zA((Tm[&74j~d4ǐM&Of 1;n52-IkfBam{~a5<NTL#dmBP1 /H?ٹݵ}2tzMNHbG{|tjŷLqoTkb7Ko}S+PhJY1;|da ,4wx+EZa4mPqxziӔbnP䚈nSȳqɚߒ~ p5[ʲSCNnL.Znml4[  Q3Ղ N'̔ >8qZs>z] b@zc-iK3d1Mu9{mq`WvFH>{ݯ #FڮUUXwy(UT.3''QLwGE~cgb.;_ێ97d%)qq(lMLY:ABO/i"-fO5vijzbP+bzuu|{|h ̞NyED[G)MvP-'3Grv$lO"cԈ1[EW"Ϫ+{7Y B-p㞋};I(/ i\)x( qJì4  )ShY-s͛c2:酒~:zhMj6#vk6⫲tDyR<} Fֱlhʡn-"Ɛ=̪ZYYx'4Yn'&Ըɋ[[eCQ8S37QfYƠMΘ,@R31mxlDrߡݣJeIhBf+MuYyZsmyf/p(X`{wKB} trңΎēH1Ut ((T+km9̼DNXxU7GBRw?gƼebYN ١~NF9hiDc0PpMR< {ז;C^]@~ךx !v{(-};# |wePi>\U 7H~{̑mI%[ u" 81~4ޔfcQϵ*^~$i#iԱ}LZv嗦=-3AO(Aw<6ȁ?$gpp'N5B;E:S,_ )Qy4@YAށ`LN(B8"*>k&/D?l3 ug`J6)2i?)!הfs` >5N`*(]nPT H;b _VMty%OCyYJ/}r.u/u(K{&BэX~A֠++RZ6GXxmr{ eP:4&Do/d f[;q1:(?˭K]z?֚~o64y15L+Q\1r;#@]VYlLPx^0.ȅv`?OBVՉR'G>80{`9"BV-yC`Fֈ€b6KqحWny8'.-Kσ}&~2"{ehX??U URjP E%ˤc~'-nkŵ Us2v/ˑV+sTi qC^zFU;uS+>K5 ˏ*]~ ;oq3^stAP@Jƽ03t%#oHG(Ly2?;2_;2+\ӸX^?qX.>!0-9p. mOufc?ʏw\W"J_O|k]΀= &_d}R2`Ncvn!Z^"{6?F& v9Y &BW>1fOB]0 2~μk\zae*Kb -5#ڇp8dh[V} j1p_~zL4Mؚz2(SbT*:u`'grc[Ӄ?T < $I)S bs8Y3qTr%Qf7of,dtN8RtGSOa@Xh_^7]GE޾c) [qL|2L,Қ}7,O=˞Ns钘$Jł?dzpSoSݔԀQޔ3KsKqȗPwWte((lNhC1&8}AD!cNQLk`be|xtIw-8݆Knt2P_.´ѦP{+'OnƝ.eo;tx&1?+J5 a袡?{wm`ьs$!;K;α Ǘ |C0DQ'a/!ĢeaEHKA|SU`?WHKAɼ"+Ef91vC#84#I?_P =7ïPLmT93wf}!K\ցl#- e;>dߝSЌ廸M=Z*,?>2lUA# b/"S Nfҥ{*~:NBUF0g<9*C(fhSd-Ӵ1Uar~H. t+xxyм} ⹛d"9URkSdNȆ}7n8-<# Ɖ;hQ{yEo/ 2f*0CiEor6^#xI5i?]K℡j7bԧgKBpwU}1lMk]- f'ߌnIJj얟(qiVzBr{K2-"dDݝ݊b:"ӿ~ߢrB9 ȱtmpw)(^yX?{^ kK(Sl>raF HAc4rHS=}%Zr͎, 3 ܿr]ŴnK">/2:lJ8R.xmþI"DOC-;e 4q~TBrkۧpo=,u4⇈ ~5# ?:z8W|hl-U>"߂##--Ӗ$ح"ŏ"䤍,QskOn axKa;x$7+d?_13lhUTe7z>LpR_Dsfi҉s*gh3L:';C)lq3HCUc+((>5P(ĕ|}Q ܃CvN? BcbUuKQ8S9Ѭvי"MocpE )3aǦƽ+MB@>'DhԳ(>@I?/|! -I0ZuTSΫMX{CLS2ÝlLښz,sQy ROฝPt~ugB}گXLS!8̘g]S8NjSO6\\훇¤\g^A/8ẕsM9y[$7[@2&{> ! )u"EB=e^jCzPFm_׾NUEڭ;_68?gS HHS nG"AV]_4K.G5Nlp\z/VG%9?w@JSgr!%oƮXW^V̲?5>bߎFwG̦irӋ?mdzǦ2r!1r4s7jOD-_9RU#3*vfEafz\ ROxws:|.VsRzXեˌEG޼bT~+\LJv#ѳ+l6AӚxշ(5ym.K6JA "d(衯x`#3 @<*\r郺Q1\aqt29o r(`7T3 rn2|*h1FAEU<1~""à 5A!' ]/>@K(GDW:o%0us>hC<UES?S&>#j)u`lyrq+~~T=1K#/0QR6MBl-T7d&ӅZ64,݄Eͭ_S੿ml/m{m|ls*B?'(%% :4;ԉCO֐?'w'swۺY"VN\IPGBq.Pbٞ|3c(=f4A+7OhE&H7ky*LoE!Nl!{|.5T]V fGL| nUg8h;x{gp'Hn}H!6s($LAUS[y+!'Ede+c ů5&XhE,ƌ~|2eY^Yhi@0Sd|vt\+o㣻F4 7;ƌDk"*oaD@^1}cA,u,w4 RI sSups[1;)whC򯈄aI9`7DU"Ehxx 4HߖqxS(?#VH쨝+&!Qv6 @oQ<$o";S>)V~ME\2s[zt%QQOޒ'Ð|UmRO^ : '9yCA$W j /?9fghՅ̵胾,ҥV㤫{S5:t0Aw,%cSu5(t{/=JHv)H546mC$%2- I}ܴUC՘:.7r+q9wuoX{VKV^2s+-Xʲ,r7SQ$~;E|hC4dGoL ^u,$lSF8kg$.|afb Ay3 6U'$1=͈<6SvZ4f29Ue~Lkym(B+Ar< TtIS Yyq2:+;9+o=Ín@L6A>|5(,&c?J3I2n"H\*X)L ׉WC˻:3,,&RȮ3gRO[Nr#١'dSsۈ>$ \ i?f!A-ǡT7_[__(aCYhkBU].k\!N[!IrO0`/hQx就8Z(c, .a.%eK)7P>$pnmZ=m6da)BKsW8^ 4iȾX߭1M=HpX_zpo`X$= bÛzX=qߗkJ^^SV0MGD1F8H'dCPdڹB)?E3 ߍ7ӽ$P|*(vKnN2'+,OEml3(>>izn&ZW:Y ym Zrɷly|"dH$kN&!\}Ow? ɽ-uAM?YyeNy 4Ӿ9@(xwLhk]R+fȿ` x" vKp'jalˌ=d t& LH 'W&=z/Yt;Şxfy5C*`szW٧ew蓰0NI-~㧎_OZc&:(͔c ݬ||]+K:נy?EɊVIZcC<#OCNX;(?lt}Y|{x 7Z/H${wMn/&q=E/PEwU[a)E*oIQ rKoT _J~LnppWej9㷞'pn3|r6z1DΚ {9ȭ-L =|rb2gi>ҶTDX=e &~dS¾SӓrL8x%*{K >k+ݑO)wc@VsYwD"P{z1}r[{؅5Iy/me gPm G0A‘6^ 0*WxkC0vNxӭZ;̅248LԸˇGNlYvy&c}}͹Õ8ؑ0Mysnʪ^ ԋRe!M۠sӑ;Wԛ3ְ]N95-ͦc wJo&j#m.!&}.6`oG~-N<>ɊkrT`N.~:_Gp;5M0h( / K7ET>0X0[̜~"̻,BPuC;gaW !`$KjCIFq' ڕ:ҢEvhk*8ߧQ P]Rs&mO=ܞW ,)Ƌž$Xt*4~h%B"4G49tUh!zb Ɖ/[0kX7o'Uw4?}cYtTfNĮ1kDX5<M" "4 wEr-~'E&(F i]7 (RE]eȩx*rbSzOCXGHv a B+j.]y| cG+[nhWT<v% &/b]5tK Ů.lON?u|]V.R*{ 8ITwKunt JhQ|L/I\آlV& k&wNA / ']Otp,o*qwêp.Zm+H|%b١ [ NW!X~ =u96xsw6lenyM4iYܩ4ny oZM<Ƅ8EbW R1 Zu36.2S9&=awQP lVyIzT\QES$"+;pbeZE@^%!8Cs<0&LmД؜[f6a/bɮk %ѷ.Q)bSo>=̪Z3N7",7sK޸;[f@ګ2/2+)p((ECEˠ0ҽgW :j  2[x.oZ"[z$1{&ѕH1״ѹ"2]| iH҅fv918/T~Q trԻй^:qW{')kIK{VU.~ >'Y6/$ة?܍I #!.=BKsWm*e7ߡqY=fvȳDޅ(琴NVK|Zͼ=;! eT u\jhB $RDx%p~\Gf% 1[ D"TfjR`hsV> A-vJU$`nգ%+C5ڭ^Y"1^16Vc΁p̅եVدӔG.6C Rn0ǵrء)iWZ=dR(!{i݊*(S" lx ;z/ ];4Oΰ}w>@j]`DpVH֐JvB&8rm d`?)JM v a"̫ LGo(jO2 =MOrZ?.TYDTR#:WHO "}f \MF4M8,L~tc@7&\*X+OW##o1;v瞦%r *`?fg;xTBukf܉:9ğ 6i{_ |J&y1G|Xѷ⵼M?A_4 "`UŻ[ b)_5naD*0^3`Ze Xw&"`#a z)Iry5N O@XGl89|藌\LbgƨM)Qzşf1X&aG*)]bvN-S+ژ)cn31NAvЩ mPĀfZsLs>bH/xeӄF+wcN{9FHQkZov6ؾ2RAH@碚ӅPxB}& 0VS㄁:$18ET,HpI9ӏĹ>?tRb}c%6_.94ē5\~)CKĢLJUDro3m6gSfd2U<C>KMbLk ִ8TlIKOG2ؘa^1.^̯gz?[{'*lpl[(UWɜIn $'NϾspȚnpԿؾ^_fz(<#8&~CPTv\,'{o 'fqR Vz/="&nI( >12OAFfmXb|=.X^ իc\U|v )ND"$X")R gI`/u?A,)CTXΫ0#0/bmDV,prnJ۹Ɋ$rcY+ Ǡ [&>o.n{2M h/cߪK GRx(%eRPLG)PڏlyY]:ȔKxWta`bƴ+8χm͉pX(]AHni霧nW}ހ%w@htnp>J4 ( v~syt`sdI2A VƼmȟz r#`^j$5rR/Y(B32iAtz}ATQqv-zh/ G~<sZ+IbF(ADh|>exa[w.Ԥ*ɈD{dp%sf\icQb(ݵut̼J[^#żWS!-޻4h"x='zbIw ;A9 A ΖjYtv9H~е*g>0KBԎx]/К Q$>Цm YSXn:ľkq8O Dl"p }3ANL{cQ և k1j6?}?'7;XF2,SiweP3sm46.;^rN͹jǶ#vn+~#9h'q +|CzLI+km%<=iĽ? [U\uͩʦ)GJ.(Kިku:M\Uooq v-%1 h)*3'/_q#ow062 t C [έ Ig}')Κ(h(B5޿5CcqS-σZ8-'j+M E `2GaH\8x; %f{kMcV]Pŷ4 d2m:?Ë5o2F-6Aw8SŏDrq~S.Iw͆bzzvd@K顺:XIcW5Hq]a±zѶLek(fUD8͗j~za%nn\h=)WZz(4aRf\h1&C qr@-t`db'* yف y8fz!s ,mCV'Ŏy^޴Q K,9`9!g缼㥀ic e+pg OLd N Q|n+zMqU8qtZdMR%`{\Z|IC.ӱMmV/ O1֠q\\r "*?hĀwEh~Q=DtH6X\_.Ntl6;,ֺP}ӹ119Θw^$ѧ <K`'0 fn[@2nziS[a耉3VTfI%J ռ_ZP:.Tk/z6WU6/[R5=;M<ǂ30 *ݞc92.(-Cѝc 38, a 58}cOOww6`}hkCsTZ<uy8'QvX@^/B'fH˫A8x%xIP0A~1ApY(lfXPj8d(ȃ2[ET p =eʷg茴Eiq\O*p#KB=yxTN\KvэF3Av. jH<`K=\el! |seHs_0;Yz l6,_q^#\C[f>]PaO&C7IvT0ZBТ&Q#iQj ? .>_=Ɯރ.bjQU%xɘ!o3;#x[f+a$>tֆ vS*F2Өx',x& ^ ۅ? WPpdAӖ H:(9ҙ Ƽ:~GNҎcAP0[ݱBEX}^ߨ *wz)5U)#я]gmd]>8fkwG#s|c"Rc^hB/ohX(+C>+coLb g({v=88=ה)zN8tX꧘NP'x ?½hR[s"w#e ; I?/QVw(@:bAmn[CID9 ~1O΢׋Mky\Ww95B'h եlՂ0`O]p#Y.an_-Ʊ<6ӇYc}a :R5Ϊ01޾f=, zjHċ}tQVWv}m>~ :5- y7ӗlYgYk/twR.B Pt3BwKSY`{m}1i7 \2|R!$[Pxp4pJ9n`\H<&qD(1bOUQ,V[# [Zt:NйvNČ*ƎL_0i@:*skIЭ/~L9"