openssh-5.8p1-11.1e>UAI4@>aL i?Vc$j޼+l,=P*AJg}c}u-Dw>@M?Md   K  )AGN B  x5 L5  5  5 5 5 555 5///'((80"9":!"=F>F?F@FFF GF45HG5IG5XHYH \H85]I 5^KEbLvcLdM~eMfMlMzMCopenssh5.8p111.1Secure Shell Client and Server (Remote Login Program)SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.Vcmorla1+SopenSUSE 11.4openSUSEBSD-3-Clause and MIThttp://bugs.opensuse.orgProductivity/Networking/SSHhttp://www.openssh.com/linuxx86_64getent group sshd >/dev/null || /usr/sbin/groupadd -o -r sshd getent passwd sshd >/dev/null || /usr/sbin/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd test -n "$FIRST_ARG" || FIRST_ARG=$1 FORCE_YES=0 set -- ssh sshd PNAME=$1 ; shift INSSRV_ARRAY="" while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 shift SV_B='^### BEGIN INIT INFO' SV_E='^### END INIT INFO' SV_KW=Default-Enabled SV_VALUE=`sed -n -e "/$SV_B/,/$SV_E/{/^# [^[:space:]]*$SV_KW:[[:space:]]*\([^[:space:]]*\).*/s//\1/p;}" < /etc/init.d/$SCRIPTNAME` test "$FORCE_YES" = "1" && SV_VALUE="yes" test -n "$SV_VALUE" || SV_VALUE="no" INSSRV_ARRAY="$INSSRV_ARRAY $SCRIPTNAME $SV_VALUE" done TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi set -- $INSSRV_ARRAY while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 SV_VALUE=$2 shift 2 test -n "$SCRIPTNAME" -a -n "$SV_VALUE" || { echo "SCRIPTNAME or SV_VALUE unknown"; exit 1;} if test "$FIRST_ARG" = "1" -a "$SV_VALUE" = "no" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} -r /etc/init.d/$SCRIPTNAME elif test "$FIRST_ARG" = "1" -o "$FORCE_YES" = "1" ; then /sbin/insserv ${YAST_IS_RUNNING:+-f} /etc/init.d/$SCRIPTNAME fi done test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" = "0" ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_STOP_ON_REMOVAL" != yes ; then for service in sshd ; do /etc/init.d/$service stop > /dev/null done fi fi test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in sshd ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi /sbin/insserv /etc/init.dPs  0ʰce3%xpQV>>  a 5u+*s4"+큤A큤A큀AA큤$$$$$$$$$$$$$$$$$AM>V[V[V[V[V[V[V[V[V[V\V`V\V\V\V[V\V\V\V]V\V\V\V`V]VaDMKO M4DMKOVVAEV[V[V`V[V[V[V[V[V[V[V[V[V[V[V[V[V[?W?V[04b4d2d0f09ce539d27499d6380255f4806db39b6d5040f0a9740dc6df41ae2d4bc61eeb174cf0b18eabb1981324b2128342d867964cdd997568e98f75c5c4f087567ee6e6f14b9f86036834fecb1c964269b1b6c9e95d5ba33d4857605c6ba1ec9587526cb18903f4b8f4e24ae493a1246ca5e65813cfd6c978feceba87ce7bfa762bce90e974e529570c12dd5a2b54554016a33e46a06e85f15e80c215ddabe0827a9977c10a441597e6f32fbec29862db6278034b7004048e02f83dd9d592451443e60da6804b8aafc913052c625dcf8ba0d2f0a614b3ec77ba8bf55139f343282435d6ec09a25689508d9d3c81a586e1761c94aa7deecddce9eb62ca9a61ccd7a969966f46ee64901e64fe870fc578e69c79a2cbb8d9de6c5c30d0cb027b071da66347f9fed00d7d350f5307a049cf9cc68ea7eb7e306e3ef555e3b2bc51ab1fdce832b72b61127d0ea340beeb59789572ee66a96031dd4757a999cc550ebae9a689be41581503bcf95d8fb42c4e2116461fd65556490e24e785dcfc7e00c3410f2f22f429298e1b5d14bd402634d67fbb90fcc615d6d7116d7b53cd93b965ad719cb0aabec5d5fff99932cc8783354b7e3cb519117191c64f2bbd3ff41526b9186b7309242f926d1cc6b594782019aacbd11fb7892329a6d9972c7e7c24df2f378de430c8241bbb5c39ff116d10299b206c922e6ba485c7aa583fc76b3246679ee47e2f6ae59642e376b762059126607f07f225024542bbe530fd1ea1e88a07c9a96a7676a4ce115194a968f7e67cbfd8f07ef65e2c591ddbd6b45c57a341f6e6d995c54d919bbec088872c71d9b263d94a2da1f9d14ff7ae2f2a0b8abc31ef1c3e877aabe391eb867bd3e8fde55c37cdd2423ac13fdf1eb4f7758eb36465dbe6d2862940ad7cd945fadaabc2f8f0dedcca849fe78fb77c75589dbe300f8f152d1a68a4639514758caf805c86e28b576fc031a2c17942d3a5ffa0f67d44dbe6296612afb30e02b26956125afc61ssh/etc/init.d/sshdssh.1.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssh-5.8p1-11.1.src.rpmsysvinit(sshd)opensshopenssh(x86-64)    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ /bin/netstatpwdutilsinsservsedfillupcoreutilsgrepdiffutils/bin/sh/bin/sh/bin/sh/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/bin/shlibaudit.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libcrypt.so.1()(64bit)libcrypt.so.1(GLIBC_2.2.5)(64bit)libcrypto.so.1.0.0()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libnsl.so.1()(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libresolv.so.2()(64bit)libresolv.so.2(GLIBC_2.2.5)(64bit)libselinux.so.1()(64bit)libssl.so.1.0.0()(64bit)libutil.so.1()(64bit)libutil.so.1(GLIBC_2.2.5)(64bit)libwrap.so.0()(64bit)libz.so.1()(64bit)rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.6-1nonfreessh4.8.0V@MK@MJM=iM-L@Lr@L@LZ@LL@Ls@Lnn@LH2LEL+1K/K;@KыKP@K@KK @K@KqK'z@JjJ:JY@JS8JPJ;}JIX@mkubecek@suse.czlchiquitto@novell.compcerny@novell.comlchiquitto@novell.comsbrabec@suse.czlnussel@suse.decristian.rodriguez@opensuse.orgcoolo@novell.comjengelh@medozas.decrrodriguez@opensuse.organicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czmeissner@suse.decristian.rodriguez@opensuse.organicka@suse.czanicka@suse.czmeissner@suse.deanicka@suse.czcoolo@novell.comaj@suse.deanicka@suse.czanicka@suse.czjengelh@medozas.deanicka@suse.czanicka@suse.czcoolo@novell.comllunak@novell.com dmueller@novell.comcoolo@novell.comanicka@suse.czlnussel@suse.de- CVE-2016-077-7_8.patch: disable roaming code to prevent information leak and buffer overflow (CVE-2016-0777 bsc#961642 CVE-2016-0778 bsc#961645)- Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. - Remove patch that is now upstream: * openssh-5.7p1-selinux.diff- specfile/patches cleanup- Update to 5.7p1 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). * Support building against openssl-1.0.0a. * Bug fixes. - Remove patches that are now upstream: * openssh-5.6p1-tmpdir.diff * openssh-linux-new-oomkill.patch - Add upstream patch to fix build with SELinux enabled.- Removed relics of no more implemented opensc support.- add pam_lastlog to show failed login attempts - remove permissions handling, no special handling needed- Use upstream oom_adj is deprecated patch- remove the code trying to patch X11 paths - which was broken for a very long time and was useless anyway as the Makefiles do this correctly themselves- Use %_smp_mflags- Fix warning "oom_adj is deprecated use oom_score_adj instead"- actualize README.SuSE (bnc#638893)- update to 5.6p1 * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. * Hostbased authentication may now use certificate host keys. * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. * Expand %h to the hostname in ssh_config Hostname options. * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication and will send them after authentication has successfully completed. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user * sshd(8) now supports indirection in matching of principal names listed in certificates. * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. * Additional sshd_config(5) options are now valid inside Match blocks * Revised the format of certificate keys. * bugfixes - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded any more), removed memory leak fix (fixed in upstream)- hint user how to remove offending keys (bnc#625552)- update to 5.5p1- update to 5.5p1 * Allow ChrootDirectory to work in SELinux platforms. * bugfixes- Disable visual hostkey support again, after discussion on its usefulness.- Hardware crypto is supported and patched but never enabled, need to use --with-ssl-engine explicitely- fixed memory leak in sftp (bnc#604274)- honour /etc/nologin (bnc#530885)- Enable VisualHostKey (ascii art of the hostkey fingerprint) and HashHostKeys (hardening measure to make them unusable for worms/malicious users for further host hopping).- update to 5.4p1 * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and will trigger a warning if used. * Rewrite the ssh(1) multiplexing support to support non-blocking operation of the mux master, improve the resilience of the master to malformed messages sent to it by the slave and add support for requesting port- forwardings via the multiplex protocol. The new stdio-to-local forward mode ("ssh -W host:port ...") is also supported. The revised multiplexing protocol is documented in the file PROTOCOL.mux in the source distribution. * Add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 * Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has. bz#1229 * Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program: - Support the "-h" (human-readable units) flag for ls - Implement tab-completion of commands, local and remote filenames - Support most of scp(1)'s commandline arguments in sftp(1), as a first step towards making sftp(1) a drop-in replacement for scp(1). Note that the rarely-used "-P sftp_server_path" option has been moved to "-D sftp_server_path" to make way for "-P port" to match scp(1). - Add recursive transfer support for get/put and on the commandline * New RSA keys will be generated with a public exponent of RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35. * Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). - cleanup in patches- do not use paths at all, but prereq packages- Use complete path for groupadd and useradd in pre section.- audit patch: add fix for bnc#545271- do not fix uid/gid anymore (bnc#536564)- select large PIE for SPARC, it is required to avoid "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz defined in COMMON section in sshd.o"- add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh- make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima@redhat.com for a patch- readd $SSHD_BIN so that sshd starts at all- Added a hook for ksshaskpass- readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote)- disable as-needed for this package as it fails to build with it- disable -f in startproc to calm the warning (bnc#506831)- do not enable sshd by default/bin/sh/bin/sh/bin/sh/bin/shmorla1 1452862563 hC h? h@ hA h9 h< h: hS hV h_ hd h6 hh hl hp hH ht hx h| h h h h h4 h ' / * . + , ( ) - h, h- h( hQ h* h+ h) i1 hK hI h0 h/ hR h5 h1 h. h3 hG h>5.8p1-11.15.8p1-11.1 sshdsshdslp.reg.dssh.regsshmodulissh_configsshd_configsshdscpsftpsloginsshssh-addssh-agentssh-copy-idssh-keyconverterssh-keygenssh-keyscansshsftp-serverssh-keysignssh-pkcs11-helperrcsshdsshdopensshCREDITSChangeLogLICENCEOVERVIEWREADMEREADME.SuSEREADME.kerberosTODOscp.1.gzsftp.1.gzslogin.1.gzssh-add.1.gzssh-agent.1.gzssh-copy-id.1.gzssh-keyconverter.1.gzssh-keygen.1.gzssh-keyscan.1.gzssh.1.gzmoduli.5.gzssh_config.5.gzsshd_config.5.gzsftp-server.8.gzssh-keysign.8.gzssh-pkcs11-helper.8.gzsshd.8.gzsysconfig.sshsshd/etc/init.d//etc/pam.d//etc//etc/slp.reg.d//etc/ssh//etc/sysconfig/SuSEfirewall2.d/services//usr/bin//usr/lib64//usr/lib64/ssh//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/openssh//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//var/adm/fillup-templates//var/lib/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:363/openSUSE_Evergreen_11.4/dbc6fea37a4e5d98d3bc1c7339d1cd5d-openssh.openSUSE_Evergreen_11.4drpmlzma5x86_64-suse-linuxpFpEBd]?]"k%Q.5oj{6_yݓp%p(fV(ץc6 F /Ei!Taxd3t ׽Xd^2/=C@&IH]z#)aV T.e;xZ@KWgy}]I⚴L.lMo?LW>-E/5lC1jK\#d[6#:4DBr4ޢO[x< X*R1݆#}sr:XVwqDn)\Pb"[0vĹ|  2S L"sz{]8pῗӓΕ^⑨c@P.FkR{sL*S*P]4Km-VPN=_MM=ߕxXtnϸo 6"$mL_9f: U"YR:HZ6$ }B K*X'A(Hԟ G; Mf"GiS q] bmULz0!ošo`@INroldV1 vՀ7.='DJTWN3q\^LBvY,}.0܊x A|<\]i:'f>.Rk+kwyl3.\U4}ca3XUNvz֞i)Ð/lO֚SkH550m@oE9pވ-gUԵ֨ 6vsvdأO@Mgx#eB2uSB=a_<J!ϻ/4?i}ˍpB:J,gJfX hM:p\ }e)T_ʳAc3$Vl`ME AKkw;~>y:y"v~GGڬedH)ZdhxS`dji=:W*E\9'xvB Fl)w|x.V[k~#7.R&*S0|hk˯VQ+I>Q87ZnNx}=5KOGWOB]RGؗ-)fRjի<&LR?mįx f͹I àm/S)3rNݕ3#h\QԸ9s۶D_iCUS|,9`nSHQ3Z,q63boB9ԠXHVւZKUO~džn[h20=Z_$GC*r}H~KSAl{ݽH_wG?ZZ-~I;K9Kc(Lc$p90" ^_!"X&au٢+'HJ_x'JgLI6Ruw-s7'Ilz#"Jsw\[o _`rWXO32۸ݩpg& cL& NE#{jŐ>}f`+YOB%,HyyW{Ta4E$ܒΔBa+G+kLd`A ycz=P?j ǝ/}Pd៘\Cy,䬲]lKIJQ/<g`07z%hsuw}'Q|=xvѧa^AʽD4-7J$]gP2(nof`f"E6n[{{! _ANb(you;1F)2X=p$˧uڿ/uXv?g Ur5j?ܐa}[@spI`v1) ̙ɻ;0BۿE5NZT<ۜ{Hbfr$e@֚T U._?dcg2OejNpQ^OY$utt6:t?tPm|ᾈ3/p떬>vK&N7 (ZHEuh3lv^\pKXQ [PʸoBԒ6 -! 1EFp䬢8v(ΧF=$씳G\NÏyDkT/ztVʇpu(= o颚umPCrӠ9%vL-;I)uE ޝW̾>ߵrOUL<7S%n<4aGD[_w2oBKg-P-*θ~{#U2voOE).C]Crڷr e캘)GC:*bwܵg6WҢ18 't}^hي^ rN`<eaXv[.Yn!mhkSZ@ڀ(*IGuF0Rx Ma @Q_Nbm|C m7x+7s*iY+ k'N&8xY~jƈ&ޝ-2\A3ۦ_)^l01xP 54?"k_Vt!֭US\+ U(XPVI˭fne!զ޹E- w8J#낑A~A+Q0_5#_ 3*XA\B=GK?\kyqbBV y/x ɠ7C"(xvqA@ 0(|ht \A~2miv`4r&"gd)R&Z,<`~hmN](@EoB{#YuY>oZsxUl[2s3Sw _.eWHDm9:">E Vs4ޝ!$ h֫FĎ+A"N g gs F&{JyH+yP2N:Y0a*y{;4kQ z[La=Tͷm;FW3tGm̭}xRT'f(HYEz!2<Ə+Kqp*DoǞ*7ZfpLG4o5f0iR<)Ѭ 10ũi7g=jI#I>BZ]Yp.)D"͚.6%"7}7G+5q";Edn%V#61UP#2/X o!5X;HИDcYi4'}} ho٠wY()Og+?Ƅo2]otԁ(=q`԰YMل] J!kCܘ!%0BT!AN"bƵ^#@EhʑTw^ xudktoo8/ "2L"~>)rmDpOWm7~O&G÷[Jl l)XvDf#`eYJq(;2OՂYbD5E*_NAz^9Pq]X Q #o-:X Tf2gxyyH ;EsxE>2=Rsd 8+W{>5 *>̟њPUa+}3*`fwv:yr䴴P@1:e.5.d}8C!5,0\^vUUp]U3x] A,{} b`fOFq\8 T/ƴŒRh$mPèPu~K=No?x4E` Zg*rFЯ⸷ c>1[0F' u*69<0]P y*&=!ĦUG̗3{Y2rxZ˲ׁ?R5lti @ 2g]!ce0w}[{b ڭB~Um,M< #NC!17Z~lIF6BpaǢW(ٷE-Mtv>)F\2G&aW„g( ZYU$e_L$~Pu "e*'E+~; b'1ˆ l7e7>lR6h}f/fH-;c3%!?si 83e[ c J wɔx0Mcy{zO]E ZJ`[xG<,.'Lx::?ZY)A4t'3#or;@pg/_<9+_(*B-3SlQk'h/#3Ŗ!b`#`;t}t;ے*7 {N2Rm=Kv lzH+ j7<C$ֶ'GG#a$5B{V#:؃'O+0 4&GfR$fm{UǸSQ f%ωq$^MskeS.OlH"JO^k" ?Az!LCwv╟ۊ㳯`1"z;uӅ|68C UwPm'?7$gfi6.;Qڞ [M86^nKb*?xԲBSeEi0#:[aL) -w\P=s') / [T!S3lucROpzcKkpM@1kTײ *T ]ؒVs8ZBn:_{SZLGdlD+PUO=^>! lKLw&'H1o잀hsmt>55ҹ>;UL ` =_՝MGe$7AYWє4py{}|~4F?~%W#znjѯo'2E,* mi*7ZuLO"BMc 9Cc`C;M@'@77d6$JQ !HO2.ELiP? `CB$@GQ:MLq3Y1lls(~ĹByQb\A;q ~ypH,p?NFe㺷kslExIɻ ECf)C%<apؙt,?!\%} dt+E&ra.4h | ?rKDHš?7=M("Tx-C8!` $>x:Y ORℷT1RuUbPشpX},(7fdDQ (pOo=[iߤj1W$׹Gf[؏Lo nnQ0z6]8BB8P@w^VCjhF`qou5&δP d֛X*cݙ2IZ (ά6pOj,Nȸ?kf#S|Hݯ]RXtDO~,!Zdڮ@W(fF~f,W%Ѳ%T2\0s{6ٕ`w<4{yX\䆉dysqKΊtVs:V]4Xs\޴4y(ֺ7,;ނ_ZDGbvʗ./dLY\ Fաߛ>NQ`C-AbySw#|1nWU>BNRfya4fPB{!Z?w!M7sZ0wY'>އMub-MKKKImC;ž]aWOD-J[#mӗ5|󒴚+`8[IZԣm}L)#_g Tb9 魿X\CEoR;b#d=~KG:!0Y+"pJYd,+zࡪX+6: = (.:NM?{4ۿ G=EpMǐlDqɌp3AX9_d|kTJZ (Qe g)6j5 /qB& B_o86ɥZm>D a=q4<"uc]$jLCnUDs+\V_+ zb0Vѵ~GY!31`e3VIzWB䎮a_,%^P⏨`ΰ*_-E` $pHU]r&wJ$ƕη$81z;kh[5.38Jp͵|57` 'BΓmDŽ:ŝ" <~!ە.kD}Sh,+?׊)Z(m L;Tc ]qIGԵM (cOҰZmrժHXͤ;ٮ~3 5#4O_ـ\"0~_]Y>vAqT/9ɧ+o8!+1͘C(GUӽ'֟a, թ] N1| Й7*ıu/MhfL'SOXFQ_CT0OwzgL87'F"4ݙw3.p?ߓ\O dU^=*ZEyHnW JhU,{޼GB|˛_s.Y2̹R.L+ Z^{ ԉ.P@ߴXx/T8r"ļ V5Q0ʼ&YzJގ>ٹÂjԌjgg"JZo daqB \؇Q4:M(T%c"Qim~[u/6m%#~=hlvi\$oɣ:>U[\;>l.[|Jf&޻aK"xR!ݓo3<5%TU+' Bݙb3G?]v Y 8'y`ae$X1$eI!(,Hiy3 )kLs 1 8%Bx!dǤ!+7ܬu,n' IU G̚v:9뿲E;`FeҊ?'i UTE9hKƀƳ= Z̀[LQy=xv]@4uvi,jyrV%) %&O?}x1Tkȃ?,A>/7pYq&{|^i~~t1QxI.".wt@K$ҿ9J'%dx*`u'n5a""rm/RL EVxT1_@ǘϦ@z] #REBQLqm.hnf~RB/:p gS`, ] "\ٷk*p1j9I#(>5)ރKVҏ3SiT*Ue"o]>g7NU@#;?Eժd@y1o2 ߴ5]p,`%6[$ﯱ1KY2 l&2Vq*/;J"J8e,uBiӋwij}McaLׄ~ -nɪȳcw7# ̟7 #(wx@bC #/Įf+wYȴ 93b%sa͐v>Wd[S[aۘZ1f3#?L|шɳ1_xf1`El@3UJ>!Gnm7_>R5Ԥ{ ʌCo a4}Hƹ6FnSf`Ldb郈߿7A.e=acr;Z$-W_EmXKr |Hb ; aw h 6p(8rw d_J\ %@S[t\)4<)!d K)lPG+,2MO!*J;`nGu( Puǘ6dNb$e ^g0>L̥հOGz5\eb2: h$D;t_+ݕ$A~!!4&d*!Ƀ#"2hpd#Cz_} $z|\ DWoqSjqn]$1FhUʶ>ҒR$art:Mh~BcOm ҧdTU_X;JʈmjjȤ j]X wgG,kB}HhVD-5O͊xܼG`F@gn*[Tznr2灨hO#6Rz5٦D/QUz{UڷGQ$E/wKhc1]HvҫɌOO%|PRQ2"~=d#>[c?`|P]Ì6CܖP%x'5" >N9u1|lC&3oٞmn#YE_QNp^G#yHt(ݳkY׀ǡ^ oiU'mƦ[e-u;.ċ'Y1O f=W0`ӴP}7@ (k:uT('7N' 9grDl{[AHbb27j];4=5Fk: |&+\0| /j=6} g~5]93NCӀyc,ѵ|=b' K~^JfF6H}2ZϱPg]jY*$LP?(?CG#;M!ӨQئc^҂3B3ovoPZrMUo8`ޯXqswYj ?=w_䳪ioBF]o{o{eISWID1F&cA 0ڃpk1׫9 uܲp< X5ά/I?(!޷q,xak^ΈU4FPEP<$ñV߳) zaz-f3e}w.oH!~W;<ඊCOm3۸7H~~ ҳUlA).Wр# ] ʿ{QlLqw -EJ#ȋ2d XuѣT(0] L/k>m`À0J ؕ>lPb~4jcV*ݷӺBUf)6]E 8i$s:߹ha܈KK!훵]]myZX'4s!tIЪz` *szYźuHAϲV"իcY4X,_$:߉1kAow"#?:RqܖۀFcx6JCnf]>Uz|xJRtAooE&7uqZJ{6JM2V95)=WʸT~!M"0BuJ;fIஞA2M CPP"'z{Txt!Zȯ* iϊ; /Rn,s"~M15+V|؏[A~moZxXMD)#{UCS+g率*)Ymv4_aJ}{T9C/ ?G0ͽVUfڤ^Cn;*O|5P/ '>Ż߹mMz\,U+{@B YWUŒ.OI[ C,/|hY.q<-(o`W"z{Fxd_ H܊*{DZ{;f_t*ʾަSyl$ƉIZRO[!7Q-٬چE2Dme:ژMl1(( ڽL RfϖI=r<^,t st6쒘ga5~wc)VIJd#3̏Puu4CRYҠENg]-`̨r&,Xp"t&I`fu!} g):f 2TI^W.Qxm6:ԩ  u4-mM ݁D/gM)zZMRzRE@Jin!du(AY^֟ۗud&(@lǀqpGޱyx$P򹉇X |atun2r˱k}ooԔjXr+'ꉲ+7_V1UC[;H˝+FuS( /WTcCZ!.,6n"U%(t &YG.ʥ $h{{C=erB;6̵LHA> E%^M-Zm*51 .J_V Ԡ3J<k U7}ִ~()g0<ý8@Ts tU"N~fTl:zeYtG /y~)C㖝wǝ 9~-7qkƥjPJS )i-i7䛇79]c%unͥHvTGؾW Tat:fQ(AްJI[& c?day\nA6E0殑-+kp)$LbPw5 $eji:Uԃ8f̀nP:/+Xf +JCs@25BNzO.yOhԨg-^G]h$SXͥwcQzڵ0gDZ8Ụvd؈aÓӴOV+)艡μltBTa LW=1+KI?#fG?o { w wy]u@ zNia|$D_P2zլfd$C: ޛ=p6FDzg[ٞ ciRҋmǾ4BQ8[t~1r9SC 17˷-y= 8usXTьw8.StAZ(Zx"79[҇&N1ZQ7 nn0$~_HGQ;1F{<~ڥvExb׷O ()^kaT4$&l[G-ȊV(f|/‚Ѯy3ngI(,Fko/=}1A 3[ `3%jѴ[u s04ء)MghYjJ*X:Ik&(:vaC mvIXl)5Bd+!p"//Ygp-MEz~>@|:j܁z._Tu]HXW(N8|Vs1[yᓛ!Ǒ 6a!jM֒f,PM'T%WgςiAuC(u8pk.8PekAQ":1^i=Ni2 q f@zHe*b okR'ɟkUF'YܥtTx"e]\F!_ID))DQP^<x\ے 1"Nmv(䳂Gfn'z[T$3gYM/Ώ Ɓu_'qRO菁0a:9h64~k)CpHRDGjkpߜ9S(Z9vx+l*I!jB9OP7qroFVJɩ`8Y&rC2q*7rCۛQZÖާ+UrnZyx.~|cSٚ;U87riU|nh͕HD ]B=}B'3[ˬͳ<50Qα^-̹ĭ*)\<_yk _{)tǢ>[D|%3 `M݉7O'i$8k&2eWJ:MM`o!fT 1YA$8|xsѾ673qu4ahLZQڈ3UE^ 64k5?iӵ+vTi ykM$x¡2(E,F7$zєlHL5q*V0)y=?$X5M3dS)2~b?/-MCb $Vz?:GAFIg1N.jd*~7QksnoqfP;ʡ|K+ήb+tUұENڤMvm#~' I$F QCwAe;ƒQl~F j^)NnPWnfT?%RMU=M rd(IR9MO~1 ,sCHSӨY;+*{KΆe"PE#DI YJo E ./:=szG{'qSҝo%7FyG74RXQMuFT<@6[e?ژe q =T󮆳4]<ѤW!VQnD<Ɵ0fPzm3é!"-Nb}YG;i#4Ȏ!VfhSuga&t((R37}Y< 0L4)朾 화fg.0׺ȳ:L*> ,i3zv k"8רxr?%VeVR.m7E>TWBv/q=㠝[ Eנj'23<~o{䄏#nINq"=?|uKZ,xX^Fn սI*dX3{ֻl ml4iGc3СLuy`Cj&Ųi;i |w3i3#?¬_m{oPVL q )mMfyF!ŪI#Cs d:ZJ6<ܵ=y*ؚvN΍bxU醗Hį࠙x+q)a; ;uEjALdz<9l8@'EYymh[oD7%ǖAԥVt@1}c%X 3}0 D1tP7EQn:F1|c?=go[K ^S6ڿGfPn(9X DSdM?O4MheW*F^niOӡv^ a]q&*Y%ih OCvzq\V$b BU1D*/ҬjFG+7J'~^`'Rdv8#(ӱqC$v >ִn5D }kT0Ȁbt4F S[|D n7XltZQ6V2OmtN ɈuS\{q:X rR|iׄ;sR21(}*v'M)kA 荦!n}ŔR=ɒ*r '-Mc t'2 io~xdfgǽg:?`)#e⧻Nj4dY rBʓ:[G}ǔ%In JLcjL4clئ?";x-pÖeA PP':|FшP`;/X?S(Zi$lo٪qX) $;e\nfXXN\vT]m|:#] !IOU`rR #:T/m2gO?˘IwpIh+FnĆ>+RCYmϭDCk69!#v,7/s&ȪIhSuuO>TXeԋM7ѥv|1omKғ~e9h_y38-(ƒ1=?wU* o ]?rd"< '/OQIӼv,R w S.T[2͡)mKN6C:!`,K)sfM$kܢk: FE| jqʀ5Wsަm"kq<3s=t闥\ٛb kk^\aa%qK1y,u} ) cgLF^%2} [F |H)m'vIɕ/O53"`14zߟ >VT1RA>yPW?c:?K7e؊*5g.oo}Տ!=oS?0km,aѡR%tKU^)ȉe ojX6IC V #J G'"2kFFviԫ[RuH6{U*ԇwB"MQqwX&^btXC7%kK Fy ƗIa7t_!KqC>l@7rߢAU~HPso{_l: BVNZ>J(Ӛl#nOwKZ2LΦ*s;\~-چ |S'$)JB)tN";Nt1(ʐ~Y2,o 57nԯm@ gJ"t߶:2~W;߃"ֵ6Ԇ\E%!ݗ%h !&(IInf3u\ ME!]Eeo(q>s rKxܲ߼zDvV5juwUϣQ;@u(@fvw2^{e=w--0Afr~{ ^"_VTUF.fH F)Ĩ% Q(%AEJd<{g>_@³'j6]S<`T}>ˮ @Q*wgK- } )I~D:jlōn 0p1. bOAWzO}n\99Bɮ^j@= A`A;G2C;7gZh}K#-O*h߮G-Pjz;iECFYuj]}v?fsCz#]A?xD }T%ߜn-B.,Qfi+&̷sZP*qʕ\ O=؂.|^G߬p`dI {D {W'|߿Ib$Hg*~?~1^Ypڐ.1=% eY& hw 3|OsfAR/e EN3{{ EIr_~vu VM@ xGm~; ¨0Fʹ~T13|ijZ^6ߒ3,)ttߗR#.挹2^;R9ENBFd# '+4^4Zch VNuP+[jOyBtR{5}0?r\M:?p.ՑU2r2!x?l4Rae]Po  s!kOR7蹑 v k~rC(uC= /|ȴ jE4N>7Ă'S`z%fE]Ov˲zh)hQm Wqy MAa4*Rz"<({܋ hK)x@$BIIzTA)`ʁM< Lt]r.*Чptɲil3w./S33ov)?嵄|C"@84&G-9攢x#S gL`ޚD/ퟌK9Yf}E@|$ P{1qЬ $Z p'\Lj*7uɐ%wgIAJjQ%<+8G33ވG' }!ܣxD{,Ea?_6BHCx- 10^\Ʒz}.{ GSo1|8~NFJ!L7J7-{M/N .c;;>L^(ԽĈv5Kt'7ESgQ]bj3S{y/7-(i e3A;P73TV %غ LG~Q~c$*னw|$jkaPQ8ڴ](_&CkeyCcwm PG>P"fyr`wyƟgZ4Iúb}"uL=qO<8cIi,~wG7>|qISw5GABT`&z=U / , x oʠ%/K'IٓC[y4Z=[ 9+]ƒ3rq6ejU`EjBsq^#U^;TgL0fݽY00gi %w^N (_,@,1Z8z"/Aj-۲ EK85.gJ cKhÃx̧Iށ<|r*uīV!k[2qV8^­LU% .ϋ\&%2c`@KIPiB6 oil$*Xzd~̟8fm{39 pF .O mR#9%j1/Xٙv_s揚F-q=Z`=`L6EXo= %dۈ_p`˜O&!Ȏ)^aЀ 2?"΃#@׳8rћ×9s3Jy_uT?P%j!Ԓ#U*'@3윳QֆH2- /$Ѻm&.w FUƴj**}D/U]xS k(;^)N WOs\e5>ѸpK!4&i@"ˋ;Q: -5-*H8hC>u )"YXlK q)7Nmص5{Ni# /Ń$+UZީo }e8\EO ǃ,eG}  `/5>ѥnlM]}} ^w;\i5t%+ՎA~u me[+׬{*@z71bܮ)uqItHѥ+eLՓs䧙y=ʿ\> &߇ݩr + =U.,lm4l}41s_$lwtA j*;DuFD4M:ްJc: FپqkfaQ5d,)ȈMnG\w7Opc2轒F1pTk03>@[#֤~=i2ҔG4 {^ za1hiޜ-*Ie\ J#dQ5bU\3 -%~/%Z78x*<h^O@fi;0ȉ A9 .%qcyRD*EN: pludd/)n3X8@W'&V z~̧zh(bYM!`=|C[G l0CXh U@$$qZQ[&1afGV3ڔ?V6ð&O1+,m\lE WYα'A.sc{%4u yx,lYʌVY^Mchh Gs,anZI ,q5&ԙ+*7W sɫ&۞-rD38_4QsRLe {0:ZFbP?=Ƞ%xadG0èseAC DK^~ mDރt^8[Z Ii, ?#*۱ak-NCRG6& &ʬsxHc+D;>Yvc( «vQZfC=x!y46s!N>ٰX:ģLm&^A$+#$iP[vUh܍Mzx9Gqx"+7&_2-+J.Ȥ䴙Qê6VwShڐAn$9`f0wkwmW\/i*lڀV\pU+ooT3NWnǬm~ïHA5i 5󯥵֬0J93A5LȁE|N5~E%ncnVMCjd?-` `TseǛD6@f^ҡя+@&7ۊȢ(8~:/Ja5U%t ;SfLUan[f kbKqn9I+kg=&=Q+㎂K Z:Z;0CϟdÚd 5L[pʲu~y xطԘ]RzxZ 4UtI,#T5~!=HAVj]/5 dDD?#AZCg: LP=y 9c#;H?r|l?S]B+ttLʖ;o #4Y(狠..WtqL ~ZbOnQ,z;E4>:=-]CΒrt%8&U!-Lk{58_iF$@ %?2֍5? ? P`$3֯/]n&$f8PUS-g.H- w>(O1ԊH6ӂ꼊%(RN xL&й976o iȐ )xzt`1vapPUV ^D 1^,qnߨ4pwgY ܘe߈ۛC^_$jŽoo\(m,_lRĿ=Z|) @V]b{.X>_tlj@Z6FzhFH(Y7S6&b'i#81PTNoj:ūGRXu emkm,FN<]?/5r5Wѐ{.!&qYSt,ə^,:2&wխ(⏄ks\ gn7DcM ;_g~nq xG$&P@m|w(Sh|嬅ɶ_ыYX H|y2h)CJWm1iTFu鋟r94#DMƭYŪnGERB ^lmlo?=*gһ 5 ʠ{j+JvtW&B6$Dlg" P=дA/P>d4&{?kCͽwuAK$Q1v 5P (f tҢJ"~{x]6~"^Hg:K܋[$9{A{HuT7o(MgZ\f|? 6s#4YwB+g MYNᤖδGk( |vgVVؼ{qK$;gS0FPf`PYܑa&N\"$ -k)dCd4R!BF I2 ;'Ʋg*ҧ%)ͲSNl~Cu__`'WTZhoutRC k;,pHd-գkF %$A*JfW/@"Ş j\yZ 2˿huP ?r!@Y]ihj\a^'+?s;AċE˰ w@Q.9Ơ^Nt=&L[G}"g ׸ tB{ >)ocC]jjLL߇Y*WmqV?դ=yKW l}~>eǷs A9 ⦉?nGO?y脷6Ć/i7l;]eV0gҩI4<5ux;Uu5ghr굔A'QcC.d]db98v>,&63y[܀`fzXXN8_2M6!50i Q燥J{{R2ѹe) f3l2aI [IV;ap(c0Bʀ ^T|Ֆ> 5juEک:IZ[g 66G_he:KoHTr˷8cb{VcbzU$)Scbj1o`P_VBgz*^e-. 9XexHe-[,g©W]T|m< ְ\%'s8PF%e=]bSbTĬːP0d&Ɂ7ѢUW\Wxs"BbLɃvE@ 7>G_e$LLK)CՂLG>*ncd1tKdhH[&f`"-80d` <&ؐmLv-,\io&RSF୮DEUێe|6T@'=gfJ:l@.mO_]-\dWCĺ v"E{:ǺBO4pvhzQB0xn+7; ;,_CFKܑ6)!i<^y'df"jC|"$v"-TDR'YUQ9_Ȑ/F{Xb5Q