openssh-5.8p1-11.1e>UA(00@s?V$jw.­jHG&+\HXz>@Mk?M[d   K  )AGL @  x5 L5  5  5 5 5 555 555o5(8"9X": "=E>E?E@EFEGE5HF5IG|5XGYG\G5]H5^JbLcLdM/eM4fM9lM;zMKCopenssh5.8p111.1Secure Shell Client and Server (Remote Login Program)SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.Vbuild17*openSUSE 11.4openSUSEBSD-3-Clause and MIThttp://bugs.opensuse.orgProductivity/Networking/SSHhttp://www.openssh.com/linuxi586getent group sshd >/dev/null || /usr/sbin/groupadd -o -r sshd getent passwd sshd >/dev/null || /usr/sbin/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd test -n "$FIRST_ARG" || FIRST_ARG=$1 FORCE_YES=0 set -- ssh sshd PNAME=$1 ; shift INSSRV_ARRAY="" while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 shift SV_B='^### BEGIN INIT INFO' SV_E='^### END INIT INFO' SV_KW=Default-Enabled SV_VALUE=`sed -n -e "/$SV_B/,/$SV_E/{/^# [^[:space:]]*$SV_KW:[[:space:]]*\([^[:space:]]*\).*/s//\1/p;}" < /etc/init.d/$SCRIPTNAME` test "$FORCE_YES" = "1" && SV_VALUE="yes" test -n "$SV_VALUE" || SV_VALUE="no" INSSRV_ARRAY="$INSSRV_ARRAY $SCRIPTNAME $SV_VALUE" done TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi set -- $INSSRV_ARRAY while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 SV_VALUE=$2 shift 2 test -n "$SCRIPTNAME" -a -n "$SV_VALUE" || { echo "SCRIPTNAME or SV_VALUE unknown"; exit 1;} if test "$FIRST_ARG" = "1" -a "$SV_VALUE" = "no" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} -r /etc/init.d/$SCRIPTNAME elif test "$FIRST_ARG" = "1" -o "$FORCE_YES" = "1" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} /etc/init.d/$SCRIPTNAME fi done test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" = "0" ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_STOP_ON_REMOVAL" != yes ; then for service in sshd ; do /etc/init.d/$service stop > /dev/null done fi fi test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in sshd ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi /sbin/insserv /etc/init.dPs L e,4LT4dV>>  a 5u+*s4"+큤A큤A큀AA큤$$$$$$$$$$$$$$$$$AM>VVVVVVVVVVVVVVVVVVVVVVVVVDMKO M4DMKOVAVAAEVVVVVVVVVVVVVVVVV?W?V04b4d2d0f09ce539d27499d6380255f4806db39b6d5040f0a9740dc6df41ae2d4bc61eeb174cf0b18eabb1981324b2128342d867964cdd997568e98f75c5c4f087567ee6e6f14b9f86036834fecb1c961b4c4d30bfc191f47ddfbbe34762b74eec9587526cb18903f4b8f4e24ae493a19e7e1eea90c4b66139c73a3553f95fc30716ff28a0e59d61edce3dd3d4b358e3cf7a980d6e89ab7f97997e5bf9a5bccce060e5eb3583e56928a852e89b8256b31382295b2c18d97a328dfecf9033a8ac451443e60da6804b8aafc913052c625dede223dadedf63d15c7ba3b650f4e122a1b3bf1c2688ae01dbbda4a0b3ed56ec967049e47dd61b70299f9740ca48495049739b375ff6d3c2f0acbf5b443eadf159f6261f71dc67cf9ca543fbbd42759c30753c68fe95bfb9b9152ed502da57a8ba868dc20bcef300de943ae546f95d81ab1fdce832b72b61127d0ea340beeb59789572ee66a96031dd4757a999cc550ebae9a689be41581503bcf95d8fb42c4e2116461fd65556490e24e785dcfc7e00c3410f2f22f429298e1b5d14bd402634d67fbb90fcc615d6d7116d7b53cd93b965ad719cb0aabec5d5fff99932cc8783354b7e3cb519117191c64f2bbd3ff41526b9186b7309242f926d1cc6b594782019aacbd11fb7892329a6d9972c7e7c24df2f378de430c8241bbb5c39ff116d10299b206c922e6ba485c7aa583fc76b3246679ee47e2f6ae59642e376b762059126607f07f225024542bbe530fd1ea1e88a07c9a96a7676a4ce115194a968f7e67cbfd8f07ef65e2c591ddbd6b45c57a341f6e6d995c54d919bbec088872c71d9b263d94a2da1f9d14ff7ae2f2a0b8abc31ef1c3e877aabe391eb867bd3e8fde55c37cdd2423ac13fdf1eb4f7758eb36465dbe6d2862940ad7cd945fadaabc2f8f0dedcca849fe78fb77c75589dbe300f8f152d1a68a4639514758caf805c86e28b576fc031a2c17942d3a5ffa0f67d44dbe6296612afb30e02b26956125afc61ssh/etc/init.d/sshdssh.1.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssh-5.8p1-11.1.src.rpmsysvinit(sshd)opensshopenssh(x86-32)    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ /bin/netstatpwdutilsinsservsedfillupcoreutilsgrepdiffutils/bin/sh/bin/sh/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/bin/shlibaudit.so.1libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.11)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.2.4)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libcom_err.so.2libcrypt.so.1libcrypt.so.1(GLIBC_2.0)libcrypto.so.1.0.0libdl.so.2libdl.so.2(GLIBC_2.0)libdl.so.2(GLIBC_2.1)libgssapi_krb5.so.2libgssapi_krb5.so.2(gssapi_krb5_2_MIT)libk5crypto.so.3libkeyutils.so.1libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libnsl.so.1libpam.so.0libpam.so.0(LIBPAM_1.0)libresolv.so.2libresolv.so.2(GLIBC_2.0)libresolv.so.2(GLIBC_2.2)libselinux.so.1libssl.so.1.0.0libutil.so.1libutil.so.1(GLIBC_2.0)libwrap.so.0libz.so.1rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.6-1nonfreessh4.8.0V@MK@MJM=iM-L@Lr@L@LZ@LL@Ls@Lnn@LH2LEL+1K/K;@KыKP@K@KK @K@KqK'z@JjJ:JY@JS8JPJ;}JIX@mkubecek@suse.czlchiquitto@novell.compcerny@novell.comlchiquitto@novell.comsbrabec@suse.czlnussel@suse.decristian.rodriguez@opensuse.orgcoolo@novell.comjengelh@medozas.decrrodriguez@opensuse.organicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czmeissner@suse.decristian.rodriguez@opensuse.organicka@suse.czanicka@suse.czmeissner@suse.deanicka@suse.czcoolo@novell.comaj@suse.deanicka@suse.czanicka@suse.czjengelh@medozas.deanicka@suse.czanicka@suse.czcoolo@novell.comllunak@novell.com dmueller@novell.comcoolo@novell.comanicka@suse.czlnussel@suse.de- CVE-2016-077-7_8.patch: disable roaming code to prevent information leak and buffer overflow (CVE-2016-0777 bsc#961642 CVE-2016-0778 bsc#961645)- Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. - Remove patch that is now upstream: * openssh-5.7p1-selinux.diff- specfile/patches cleanup- Update to 5.7p1 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). * Support building against openssl-1.0.0a. * Bug fixes. - Remove patches that are now upstream: * openssh-5.6p1-tmpdir.diff * openssh-linux-new-oomkill.patch - Add upstream patch to fix build with SELinux enabled.- Removed relics of no more implemented opensc support.- add pam_lastlog to show failed login attempts - remove permissions handling, no special handling needed- Use upstream oom_adj is deprecated patch- remove the code trying to patch X11 paths - which was broken for a very long time and was useless anyway as the Makefiles do this correctly themselves- Use %_smp_mflags- Fix warning "oom_adj is deprecated use oom_score_adj instead"- actualize README.SuSE (bnc#638893)- update to 5.6p1 * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. * Hostbased authentication may now use certificate host keys. * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. * Expand %h to the hostname in ssh_config Hostname options. * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication and will send them after authentication has successfully completed. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user * sshd(8) now supports indirection in matching of principal names listed in certificates. * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. * Additional sshd_config(5) options are now valid inside Match blocks * Revised the format of certificate keys. * bugfixes - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded any more), removed memory leak fix (fixed in upstream)- hint user how to remove offending keys (bnc#625552)- update to 5.5p1- update to 5.5p1 * Allow ChrootDirectory to work in SELinux platforms. * bugfixes- Disable visual hostkey support again, after discussion on its usefulness.- Hardware crypto is supported and patched but never enabled, need to use --with-ssl-engine explicitely- fixed memory leak in sftp (bnc#604274)- honour /etc/nologin (bnc#530885)- Enable VisualHostKey (ascii art of the hostkey fingerprint) and HashHostKeys (hardening measure to make them unusable for worms/malicious users for further host hopping).- update to 5.4p1 * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and will trigger a warning if used. * Rewrite the ssh(1) multiplexing support to support non-blocking operation of the mux master, improve the resilience of the master to malformed messages sent to it by the slave and add support for requesting port- forwardings via the multiplex protocol. The new stdio-to-local forward mode ("ssh -W host:port ...") is also supported. The revised multiplexing protocol is documented in the file PROTOCOL.mux in the source distribution. * Add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 * Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has. bz#1229 * Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program: - Support the "-h" (human-readable units) flag for ls - Implement tab-completion of commands, local and remote filenames - Support most of scp(1)'s commandline arguments in sftp(1), as a first step towards making sftp(1) a drop-in replacement for scp(1). Note that the rarely-used "-P sftp_server_path" option has been moved to "-D sftp_server_path" to make way for "-P port" to match scp(1). - Add recursive transfer support for get/put and on the commandline * New RSA keys will be generated with a public exponent of RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35. * Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). - cleanup in patches- do not use paths at all, but prereq packages- Use complete path for groupadd and useradd in pre section.- audit patch: add fix for bnc#545271- do not fix uid/gid anymore (bnc#536564)- select large PIE for SPARC, it is required to avoid "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz defined in COMMON section in sshd.o"- add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh- make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima@redhat.com for a patch- readd $SSHD_BIN so that sshd starts at all- Added a hook for ksshaskpass- readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote)- disable as-needed for this package as it fails to build with it- disable -f in startproc to calm the warning (bnc#506831)- do not enable sshd by default/bin/sh/bin/sh/bin/sh/bin/shbuild17 1452862399  (5.8p1-11.15.8p1-11.1 sshdsshdslp.reg.dssh.regsshmodulissh_configsshd_configsshdscpsftpsloginsshssh-addssh-agentssh-copy-idssh-keyconverterssh-keygenssh-keyscansshsftp-serverssh-keysignssh-pkcs11-helperrcsshdsshdopensshCREDITSChangeLogLICENCEOVERVIEWREADMEREADME.SuSEREADME.kerberosTODOscp.1.gzsftp.1.gzslogin.1.gzssh-add.1.gzssh-agent.1.gzssh-copy-id.1.gzssh-keyconverter.1.gzssh-keygen.1.gzssh-keyscan.1.gzssh.1.gzmoduli.5.gzssh_config.5.gzsshd_config.5.gzsftp-server.8.gzssh-keysign.8.gzssh-pkcs11-helper.8.gzsshd.8.gzsysconfig.sshsshd/etc/init.d//etc/pam.d//etc//etc/slp.reg.d//etc/ssh//etc/sysconfig/SuSEfirewall2.d/services//usr/bin//usr/lib//usr/lib/ssh//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/openssh//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//var/adm/fillup-templates//var/lib/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:363/openSUSE_Evergreen_11.4/dbc6fea37a4e5d98d3bc1c7339d1cd5d-openssh.openSUSE_Evergreen_11.4drpmlzma5i586-suse-linuxd>,FǿT?]"k%Q.5oj{6_$sђ錯ydhdUi@1cj/#:JZ-[iWzn O ȡ3N3ܴ'mu3JfRqUJΧx;IGK4]@K,JB4 NpV2/+2@KRIՈ^0̞$^ ;`lpVɡY,R1'a>WGLϬ.h5βX0"o1t87n_/`s=MPBj,^P C7VG7Ӿ$5QMmiʌ=)̼OćዔU}xBpQM%u3 Jfd)fᑸtPΆ@f) ̌y>;ת{J;5W1V쎨+St\}K&exzT ֫;Uj!ИK xϸ{8n1Ҏ3%>JC#zHnt 9lݱ/z֝/~{$ JOA9BUFb铹g[^ti!KDoɞkeo~/YB> ǿoWlw˼ڧ"{[! v`03C,n Eƈ}]nJˆ mJ7I4(I鰅00z*Gg%t2G, gCj2{`z[`J,0/O+~aWΩ=O?G<݋\yn'µm^ 2gPm$O J ./9ԯ;sFV%=IW[yz2==vCvz'kn0qP*ZyLQ$`*ۉ7ŘQ{v8N!`ꝋMX\E$o?-Y sCԌ(,3[1l\qr'Sxa3_[CrԊ^aOK-?1M&q=((aۣzJ*2-Q8l~;!齻VL8Q{0zͮ(#+@JM_(<9H\9\05҉<*ihm(pd:Cӱ<ū-ğ=LvG_V<@Dܧ$C /R>BM:L?]: i4ތ5׌[/CWNh &UO̮ Rݰ!Jxn]G-XB,8d+^VO pp⟁HKb?94F=z넮@;ߦj٬(q1hj¯(}D: 4[ 6茈 4u.=ϖm?|oUլx^ T>QvSdCIwCEQYY^Ul\T ,i 2%P,?!]+`y!~‡bn)&]F̂>TukA 򵶳jv7d#3aA]{$֥ FhL^1 ^^azS],c!o\-s̶T:s`Q[+1zX٭k"o)D3'Es0UJבE4԰BTAr{4AFr0,)j(5#QQ& ⸬DEDc(B\'y#f Ϫ0?cAnЂ$Xb>$C &71gȐ>JpO7 槗LHtĩ!z LG",G%uGg(Q!Jx;O^$+d˝; e7&oR ޮ7BӰNbBFL^ fuVV#_ )H Bt]m$IfqwX[9>i%~w_dU+ld@ ^?bv+94H'܈+Ce/*K\ŹbR$=Ϻ$bMnSQQ,NA,G{Rn*-/*h܌F ,KJ$'^!͌UԒX'OCpj*fL5<^{ƵJ$1'\#`OY3Ϣ J:ym~_Yv;| %1^TAxJ p$ǚ*B ҏĆ=޶`^<;^w9>t`#T#~ ޱwL2yu 0f"mAZ@k̖-e>:fqtwфo{:p3MZ8OъZ5OK9oځCoe#\}>zk)x\m IG7' KnMV׷ "<˷-B&;MtV=\Y9SMv6 /{ 7Mu{8U j۟+ZQȲܕJY@V)STf7%i~cCF6, y_"ݍ櫿$x"5 MY[h=HAIӄ0)1 EvatfDFK&~ɳ E鑣K۹qϔ0uɸ .8倔a /K^92^M_':,yZ˻΢L%|uE Rq${(M7ܴ(ךknz]-jkwx|gcBȋLS ~W4lHȔn,X]Vs yy@~rX;"S Q~7Mdu P!g6/]TPd]Ҳ^<:K#fGikIC./y61Rz05aat fT: HpM%-t/IjN 6T^n91>L;˝ߺ'tH $02#pC="N <ŗf ٠-Vr+ΫT<&ij4u!$zTjJ$\KZJܧ-i=p M 䃵E|"nGao"+WD#}\npfeD0"YRƪ!@-C5Iy: eMftEt@&l$XcV=ZieOW~4><8 Viͥ()Ywچ\&))N#sDG,q[ X,=؏$ԍѡNPo5eC [b[z o6K{ hpp}GEmD^c`š{J I?&ϼD` h?>fld> gˆ8m4w5a}}حZy)]kDc2L0|kF.7}*/W(uT&N[#Ox v#,756^ȋO!SE3]ֲB;WB˅[+OCI )J:}Պ}hT\U6ϝlTqҟhz :SBǸn8v@ &ۊ~Ys:r| +1JOC,)  ^4AT{*zr/)9ץN/@0樅\lqcQ}BSw8eǘX?JO§A5HIq)PwyOmgdUK)n6"6|]e!Ss9 .ӝqv`=i-\` |b_R`ZQ򥻠ۅUT>i&j? 8VK8.H,yGpnTHԖГUOL>8@p'2%.uU*4%k8%%:gy>o$eZď+@˓;J=gB YZb)p#K&P)C{էkDK!UUi]Qe&fz?9ū1=U'&l4g(!~sFaƯR ?4ji*Ot{qP H86`r:RJά+bINEW{(CKOd !uLcz~nRd4 CZG~-ch+!9 #]?0<faഗF!k`,0:ٗm4J()!D9YzɖCdmuxM%4eN:1[k9uV0/ҖsV?Tbk|ZÛU"#$ސA;08;wWKO*~9ߞ&9K[41[ \ /mSk bfοX$xIڀf}?81 (0Ţ鈭h"VKIf}2VZhFQ%Xd>4|l, ."(Ufd)XmT?"ǀ]]& b[&vLiB` ?% u;u y-uKz}aG lbj.V1/1Yݖqw;>Mʙ1Pv T$Κn9uy?f=8Q$'p ٥AGq,Ȍ|!4{A O'λ㶎 mw-4/ƭf[TpD*Ԑ h-.eȓ&:̦Orn{7\S)4qMp~z?JlDa_v!uBNVXgN <ڭw;R#!4[XGj/=_U[ΖzGcU?MEMjF%o)[৉Q&  dʾl_nR8 JqCW,#%(c.ƆhAV"AZfd]Zus#Eĭd7iBb\hgk>C=/ _ZVf6VF?swgs}ܿG/pWN uTuAxnM3,g2qmC92yo>O%NjyuWxNnb|b=I .P%&?dmNr\3 -Y$Q"3C]?ȥYwFRj@Q6=p{eYa_g>^idh4Pm~a 5tUe$̚U|Q5aF=SMTz~ 0* AUaiSܲ?oR6dA]OSh/nC0\loR8=K,>Mh4V~q6%:َmNnr>&KD5%zKG՟_F8+f9 "q!2cHs* nm*ٯs7`c[%e˥X°޺>_͙3 u~SDc.ZuTcjwr哃Z H[.TՏbh:;@)T%f ްb勏4xU&Лx6|ܔ1ayZxV_aͷ1sޅװdbtGm { ` ^'( /Wv}:G2(I1p6TZp[G5E7־FkiwiG;7R9O!MQĹKslf//>!> & )׸0粵OP(8 ۂ'MFcԂ8_LTXR[/41&erɴVS8Þ@)K">%*)¹g3a 7p[ZdB[{;wT":Ҳ^?2歀j FCqp*A XbvHD\m}uRw 8-< b6d/M+:U'T F˄EF\X-P^c^MkDxv̿1d~m]f>|Nۋo7gzg@|+ĸ!PGϔ[m^)y_ɟQ])TܹwKgX Fh\ģ yX"ߵ@K*2Ko%Q߬55}kk4fE볺4,)05,WT >e+[~kAڀ]r!j[t. [O4.PWùRBi3a|)Q,DxFC PVgxj 3#JWftB,P{X5ACJ8Q}yi<+ł٢Τp~"9[?kSŮ])8Dԫx)X4qC㿲!e~Ij"/$ u)KSUZEWQ6KYTab7>%aChmnŀxLK㤕ĩ?%u?B <5#%&{?67c\E}-{[DRt{q4|TW%4"(ѹn;BVM|.֦IRR&%<|#yMQWLׁуTq͡q K }فJ,`^o cw "c>/5pޝSZ/gÒos vQ_LxfquhÜUW@Pw :I@ 8sɒFNE9>P-Q 5dvhNLԫwj W?7c4'&ClNO.a_-r#}$h:(qf4#[")S)Ke1 rw0T14IŠxdUo D;-j R*595(/}Cd$aK&!чEpw[Ӈc:RC)=DK*wT\Z^;ml0z<7ƕ2v<ԭu* KIߛ?^#XI+_\k`D&k/?u7y<ZtN-˕Wp.QYaT&mON5,vVL[ΜhCw$"jq,eO| 902>F)f7'>L,kldR24. tbG.ay E+`5yjt=HnQ{^~ w0++vRt;"_Bs[e'vrSCX` c+% or,=>E,8A)6OӴx JrdS6 =DB#k]ӡR#0'ȴER`f1 IB,ెn#{fWfbiъI78KNͮB6QQov{% 3r1s${ ۜVǯNjuwyhld,J4#P|5z?B,<=;6 *6?G4:suhCԙBk5 q6ح>4k.<޸Tat̞MhVM?_muYW?Q9gfWWAJ_r} paA *~I? B !SM3J _4(y''E>FIK?miܥ6p;co X-zh9݅deQ^-ӛ,W?.k=BY"\ !aDMwH^RqCjʈ=yZ= Nz" n:Zj{t4nxQ^9_x⪏-c!!x$lo~爁98XZ3>)jt\22G[{|BlW.(TFkyo7[}`a>3{tKfb1 A*MPlP摀\ʾť-Ng`Ӱ` p .!۞('":2rUc"ÈPƭhM5_oe[}q8)p_8jD<ҐA}h-#oMS*Ό))H/BuNWw"4Dɏj:TD"xNj,Ej7X왳30Zu}uJI0/4IGTJA*jqw;(v[ق"ՈGOy}@Xr~HT\!̿1 epj%34Ն87. L哐viS (o ew1 'E:en¹x}VdzK}$rϞUYS DF 6yj6>$U j:Q qd`!I#BZnVa mJU`c۽HggIdDսCf )ȇF@A^::ve,(ڻy*2U2I3o TEe[{c{xqjEV0awt(jNxݾ`O8n%RlA9+/|9CyM=I_*Q!it#NyrL-@:8C?-KJ/wxg_`t4LF [ .$JJ_ji0Fn,ɼfWnƆU~s44)S!r3 gQ ļ)]q5&R֩ Cd⍜((los'B?lp|:%m;- UZyKDrҡ,+FI̜y7'l!Mw_hLAWz_G|&wmʼnwX,3J|5_ 3sԐn.#';mfRP݃mC 2UyI(Y HSi3tՊ:+%q; 7tM9 ߒ*.X{۳*!46=%j\TIFϱPԀ#gyhmz^_ ik* ,Gs1-%OalG#YMӴujFC(v pSX n\2Dq 80m#sƻ/͙"{o꺋 r~+f5/ƣͅ`F[cJTOnQKj+_n Ó%Œ1alig@|(z&XOlM->z&L<?UXy}kؑ";dr!1<dXo7S\}yZ$nO;ҌE٪8I¬)dz6e)ƂՂŢpf58J@{QMɰz6]R˒D#%>m_[c86N\s 2hPRԓ W˩rS;!Fւ[ }^鱼27Ww!2(֏|ijR Nfߑ#(ǝMz\Ꮬcv5 XpӭBPX4,%V-x+c/[j>4''UG¿K43{ypt= hrv寈ꛯ! :PƊF*qH" WWjZHvH@e /8#s]+*z!eab$;w'l,u|qD9jj!SRZqҐ|IÉ!"} wXǧ֯O^d&"QZϚㄏYA >1h:MB\ i KRb*fc_' * *6{1 ,ǯ;]S|DykqSTjDH+Ʌ񹆻(4V:/F$s gڨ& l6-Eu %|;4|GEg_lj^w(X**Q*̳p6LIᵍG I/iBoen?eU_-0ё֞.M@ њcJv%91Hyk$X ۞i/Q^j4$fh,c瑄¬YIrdID?6Sӣ{##\V^s A;vEM=Ć] aO[4AM3 .$FqgI[v%byМ@%(KB A,AXɿ& -SNݷ"q)`Iyx[ "DZ 6ގpdƍS(hH[d5x_]AZIwf.3mrb ll&}ŏ1(-qPQPŘﴢL%)s~$WX8??NwJ&wh!pg?aKy9WU<ͩ]%ܳKrާrsmJ`GI B0h!hU~k"Ko+,OÝԆBA}\ReOIw*;5qr8sFC0 3ZCԛr>wkݐ1V 8/6^c Ŋ8֋AiGeHk*x]@{lkl/)֑T+|+ ս4v+Vd?_鎙iJ.l3C$+GF3(i, ywt~/CC e"Y[llꓜ;^u p[`e{-f`$.f=ibwCXՎa3%U?uhzര]sJ7J1Y]|]qؔԦi: ڎy< ?!8D/ ft F$MR[@h$uLTmH/|G9OE\5o6δФV%x8Y!㹻?VCa39r6\?U Y)O~72o˵>JD1TȠYi.|O}V<3ke OTXH45B8Z,DcאU\"2 vc1ie W. u2^H [Z!$e?3 /LZ*kGÝAY7c2\ (? -G̩mM}v6t6 ,TɃJD;iZo#m}eӘ5gVH)5{ÞP.[68>7iv [9M< ÞXۈ*#-|aïѹ/O)oyP%-9APH/)j4Wȿe7C`5S| lK{Ql!PKL5=K>iPUul*_hĆiDJ݉ Qa\2̣#oDդ%Aeū Ӵzȭ/杜<ĩF w;oߕYl}5>"}BjOTB"#7\_$'}YTS |J3\n{<-34*ZI7"E=54RĴ)K{su a!a+d̰ [ut;~.Dꎲa( V =jcWʇ&g&zl\ 2mi]jv"F :h* bBҥ3"'Z,v=w>>YEXb5B2*|dʰ `2i:LڝO1#zh遬1ElI_B^o"&$>oCX+5o(h;$I7^%9We()MyVHą\ X\I;YxQ":x fjhVa k[h/a/Ke/ӣl 9MK=g?'Kh+.m9o!Ğ.6m=pSU):d%GIE.kCcKwQ!5'( 6BH߫hF]STcT J%&#cVlkiKa݋U: +Kj(A_Պ1m_12鞦#DRù0/˙Rı^no. u݆T.*JOx~i/ SQM}AiꜪ ^CTŜm9/sRfI9@AէRQ;|Lr53;BE;l1nI>9 DzvPaդ%cy*Ѐ3TCMt~=~]\ 6L kğ?W@gidcL@)~]*f*ULj#g A؏`.VyN ][b,fTj L3yb=y|op]oSJz3 A8o~oܗQ~ř6=khzTY/q>Q1JE/T $Ex<?׃6G/2.0ABBWGjhȚFrDf:#JQexyo`V^` /`6+IjBܺvm34u }&{7bX3b/2ei*޼Ky0>+bvrZTFֆUp 6N7T^ԮkqٚPDRoZ~}Zг Xୠ$4vu|ꍢQkUx}aPgP]צ)rcvѶ ?QĞE-rDsROZ]DtN#o+7ܦW}@^.4kRlp#ëf1G]iCjz$@ qL8ESWo@Rj1>_~d?fY h9\eS$/(S':~]шW: )%Wxƒ n̗C*!߉W>'?؀n٥f:El`1 jG0i8煕 UZV״/DWKQ̳%udNiB{8F=g.[eopjƞ"' *., l~[S[ wN-&fXlydFP2\ Vȥi(Fi^Iȸ;Pʹb vFaQ>y~S=i:l<س}i!&$#ޚ݄+A]Ė#f{6|O,cl=C`frXH"S !"(&_|HG"C!!>c~Be~vb S9מ;"R\`yo-x8?? Y)),QdGjjGcScosbny^#6soVvUԋrxDd#} 7D(i|UϕV Hn3>V~u+#La*wZ0z6NSN?W^WºX8=P͠)UףWq I[zF %T Xg$>}*Dj(&;M'*HI+eIQSRa >;1f jP]Fq0z ف9hK F"߾<kTO0;0?+ bGAN5˻+]LmRwJ&;#}#l}^9鉥Z!>hraQ"_qIcߦpN1Z/84}vv1uoO*C^=Վ J_o}/~nj<1[_ br?%Jr.Q+wp>T=YyO{ ;g`/h:jP˜s2 e&g3iN*F S+7lCwk]֐5B4:\ T^{)ic3? 7bZor@>.WƟNU1hcWqjB"qT*fl/m[P3&?ma 9ɡn)W5$e折~}8qe+R#1|uyNه''jՄ},N"4qI2de]-LEt_8xKG@\\5Ds2؊=7C#b1&NZ`e؃~>]'wjt\bU}g}ΙN;{"?Ƴp7@_UTqGCl`_ -n ۵;d7kRP:D_VAUdπ5ĥD6d9<bQpߞ XyhVPJ1u%JL(UHyw2EWbN4wB5iP<5E: N$!Xj&R2kOVT2]p+QW=Ȓz>IjDnw􃜃`K7"kp[u7h#Ј""(}`|p?'(oe@9g-k{sA⓸nyEXhfiZJTz.#Zfpo_ )A 'ŠIvkCB Cxf؟CI#\J c$[ý[ Sⴼ&yjhse "Ĥ.%] \E.![@Χ[wm=CSoYbhUؖk\X0XCxúv[>9q1*#Թ{JEH>p} J=71fQjwm_ج1* y07}n Q|2ձYK p(1 g͉|5/~xa &z}Z[qll^f~B#vvod17`vlaHFzμ:)`Me'ŤQI ЮW* {Im2nq`rC22 JF7ȵOoX+%\"߾`,]sk]t P9xl hxyH9`txn=2j(u]~ !KbٜLI 1c>%Zpmʚw7A'Z~{"?*O5aEFσVy~u(ɛґM!4j=nߍ{n-x< IC2c.MɞHɅ&HⓊ@B!йyL]kC-p(8"׿ZK4~lL=zx*A+W"soDDh* cKbm5t;kN% .+|muQ Ҽ Ğ}x"1:ZUBo#!:]S.L5~4L' MɌ Rn eZfFHaH6},JViFP)]GiA]1KreŲujF.ecܵ&%-}]XjÖuãaZ5":ng`ȁEv1>qgNgsC#7>8>J4D)V(IeNx/tNH%[ .Us\ "0[G3oFɜȊqT8Uۚ?3M#6#XhmX8:2Sz : ңMy,*_O"~SgKrk@5STJ:MD*դuy;սֈZES4Tx=;; %U]e]XuxG.{¶x˫$xxN)Fs(+a%Ӥ#ϓl+@8}o,p# x7sY ok }ֹ9wZ[eIufTa@,˾ ū2P.H:G!$)! W YGvfDDF5AAWzPNKü7kEM.Wd 4X9MXm F͹LbȐۢAVejܻ`=pzB1$Hc,Ȍ%7gI/KFKԡ( #{8k*`(vA:2_қKЗ >c"2Y'[ct]\Oo\SIw:‰%t<,X`M5h ǔip![y݈%mh&oUވ Q 2 LCd\:'}OAQPD~9`V/4In%3? OSURJqF :K ,WR,Ɖt \[B. 1; (SQH]4VTb)-<% R(z1|,vxJd@9)51bM<5E=& /..sS"=' _INVF.Kn$H8-q1\coKoLY5Ω R~m@Y&gGWC!m1hRBȐFίVǒ x<pIE]:U۲7m{[E4n0HiIF+z)kv-/t@¾4XNCL`,2b{uH*E,<|R}dl:&lqŵ8jOp oJF=uv;z;I>ҁֲ qn!9.[ /0n&k[`%@R U(\לY x_6TIxuC/&'5X%Zw7F+2%#[jwЂqTԞ@q "}{aC5҂5fF.@ ((==mcN@3[-O%x\# >t!D kꙣQd$+'T'O^jDg5S[7SQiʀZinq<%#sߤ;[x cLۅZ4^/h.i^BY̺T"DR*DϾcl p Ҙ)J-u07 =y EjG?VnyID[]%_"N RdfCW_1_.FV/v:↺ )Ƕ dcU)Ͷl <*YDMe!bj|(5[EI# ݉=yĪ#e 5}@{26ȳk/T0`)QWL1!יiqd>yra,:&Qj=Ͼ