libgcrypt-devel-1.9.4-150400.6.8.1<>,dp9|uR|yd-~Nd V0oW!!esgjOh‹aJvݐFhV1 Sm*vQG2,` 9NAJmeۙ鍽4AQq?bvk,|*BdQFQ$u 0tV_:PY9i#ejVY1Wblb= h|VFj'+YWW>?d % <' =]  H    D  * P   , ( 8 a9Xa:aFGHlIXY\ ]|^ bpcdefluv wxyPzClibgcrypt-devel1.9.4150400.6.8.1The GNU Crypto LibraryLibgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library.dnebbiolo5SUSE Linux Enterprise 15SUSE LLC GFDL-1.1-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIThttps://www.suse.com/Development/Libraries/C and C++https://gnupg.org/software/libgcryptlinuxppc64leA 0 yb h+57 2FHgȁ큤A큤A큤d1d0d0d0d0d0d0d0d0d a";0a"ta"eda";0a";0d0d0d0d a";0a";0d0c5f252a219dbe9fb3c4c436136070cf188200420e93d4aae8257e583329b6b3a0e375e354903f41dec4b39a6657492ad5f8d8ce09dda1b8fd57f1831e24ab90fef1c20fd53e75efa9c365f9a2027f8063905c71445a899bfa117449717f7014da8b7c35dab5491748daee13a7301320bf3da34fab946a7006c4d229cd7a51523a6f51abdab67a7910bd1d77a31e99a28b9844852fa1d6055a6da747d9b309a02acd15344cb662bbf7b790d8df34c4f025648bfdf5ad5fc2c720bfa4bf35645c30f24426ff6bc841fb6cff9257aa3aed1ec79bf519d81e0f80dd1d93438a8ad978a15616c94d11ecfbde36dd3ee61da1419765906b176519327c923e55b0aa2de7f2a88574f4c82f73ebac85522a914f930544c9500a6cae345500bf4741199f4ecec3d21e9cc4414be30f5e9505f0948479db714967058801cd2f547d6e80c22960b2cf10161f0aa970bbe9c40b06ddef4c1dc7d53d2173351aa1fc27194a00cbd022783ca6ea96fe06eb53ea530777e77d0165bbc118759cb6d33d495c5db1e6d3eb2da4dd3fd7fd4e0a9cd53bff761ebd12827a90012de478537e87c8e70a0a2dea5f8bf4a444512f010f49ed3c785de5101a8b57fe3f202b1d7740f432a0a68fcc02790f2750ba207150cc795afb2c3432f5ef38501dfcccb67ee47557b50002968fa4bb2e0fd242ae6bf7df19f8bbe6d55a07a881e46d94a76a6754e47a7f8c945c014689ab8387d5011f5a0918a470dd78263e169c63de25f8d7186413932b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f03053264969100b25b6cb392f8a73b883717188b0e6fcc728c1066c5b507abb2fd8d55libgcrypt.so.20.3.4rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootlibgcrypt-1.9.4-150400.6.8.1.src.rpmlibgcrypt-devellibgcrypt-devel(ppc-64)pkgconfig(libgcrypt)@@@@@@ @@@    /bin/sh/usr/bin/pkg-configglibc-devellibc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libgcrypt.so.20()(64bit)libgcrypt.so.20(GCRYPT_1.6)(64bit)libgcrypt20libgpg-error-devellibgpg-error.so.0()(64bit)libgpg-error.so.0(GPG_ERROR_1.0)(64bit)pkgconfig(gpg-error)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1.9.41.273.0.4-14.6.0-14.0-15.2-14.14.3ddd2c@ccc@bbX b9@a a@aLa@a@a@a(@azaI@aI@a#a#`t`#@`P@`u`-@`>`@`` l_@_c^@^@^H^@^@^|@^|@^j$@^j$@^U @^%@^!^!]@]e@]]ʞ]m@]i]A]0_@]G@] ] \\@\r@\C@\@\@\@\[@[դ[:[*A[!@Z@Z@ZZ1@YYu@YqYTY3@Y1S@XXRXOWF@WQW9@W9@VVUUJ@T@TTԬTԬTԬTZ@pmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comdennis.knorr@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comandreas.stieger@gmx.depmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comandreas.stieger@gmx.depmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comvcizek@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comvcizek@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comandreas.stieger@gmx.dejsikes@suse.comjsikes@suse.dejsikes@suse.depmonrealgonzalez@suse.compmonrealgonzalez@suse.comjsikes@suse.dejsikes@suse.dejsikes@suse.dejsikes@suse.devcizek@suse.comvcizek@suse.comvcizek@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comastieger@suse.comschwab@suse.depsimons@suse.comkbabioch@suse.compmonrealgonzalez@suse.compmonrealgonzalez@suse.comfvogt@suse.comastieger@suse.comastieger@suse.comjengelh@inai.deastieger@suse.comastieger@suse.comastieger@suse.compmonrealgonzalez@suse.comrmaliska@suse.comastieger@suse.comastieger@suse.commpluskal,vcizek,astieger}@suse.comastieger@suse.compjanouch@suse.depjanouch@suse.deastieger@suse.comastieger@suse.comvcizek@suse.comdvaleev@suse.comastieger@suse.comastieger@suse.comcoolo@suse.comdimstar@opensuse.orgcoolo@suse.comandreas.stieger@gmx.de- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] * Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] * Add libgcrypt-FIPS-ECC-disallow-skip-test.patch- FIPS: PBKDF2: Add additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926] * Add libgcrypt-FIPS-pkdf2-Additional-checks.patch- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] * Add libgcrypt-FIPS-rndjent_poll.patch- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. * Add libgcrypt-FIPS-kdf-leylength.patch- FIPS: Zeroize buffer and digest in check_binary_integrity() * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] * Add libgcrypt-out-of-core-handler.patch- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch * Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch- FIPS: extend the service indicator [bsc#1190700] * introduced a pk indicator function * adapted the approved and non approved ciphersuites * Add libgcrypt_indicators_changes.patch * Add libgcrypt-indicate-shake.patch- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] * Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2. * Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases. * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. * Add libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt-FIPS-service-indicators.patch - Run the regression tests also in FIPS mode. * Disable tests for non-FIPS approved algos. * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch- FIPS: Disable DSA in FIPS mode [bsc#1195385] * Upstream task: https://dev.gnupg.org/T5710 * Add libgcrypt-FIPS-disable-DSA.patch- FIPS: Service level indicator [bsc#1190700] * Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not. * Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140] * Disable jitter entropy by default in random.conf * Disable only-urandom option by default in random.conf- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240] * rsa: Check RSA keylen constraints for key operations. * rsa: Fix regression in not returning an error for prime generation. * tests: Add 2k RSA key working in FIPS mode. * tests: pubkey: Replace RSA key to one of 2k. * tests: pkcs1v2: Skip tests with small keys in FIPS. * Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138] * Add libgcrypt-FIPS-disable-3DES.patch- FIPS: PBKDF requirements [bsc#1185137] * The PBKDF2 selftests were introduced in libgcrypt version 1.9.1 in the function selftest_pbkdf2() * Upstream task: https://dev.gnupg.org/T5182- FIPS: Fix regression tests in FIPS mode [bsc#1192131] * Add libgcrypt-FIPS-fix-regression-tests.patch * Upstream task: https://dev.gnupg.org/T5520- FIPS: Provide a module name/identifier and version that can be mapped to the validation records. [bsc#1190706] * Add libgcrypt-FIPS-module-version.patch * Upstream task: https://dev.gnupg.org/T5600- FIPS: Enable hardware support also in FIPS mode [bsc#1187110] * Add libgcrypt-FIPS-hw-optimizations.patch * Upstream task: https://dev.gnupg.org/T5508- Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734] * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch- Remove not needed patch libgcrypt-sparcv9.diff- libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413] * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch- Fix building test t-lock with pthread. [bsc#1189745] * Explicitly add -lpthread to compile the t-lock test. * Add libgcrypt-pthread-in-t-lock-test.patch- Security fix: [bsc#1187212, CVE-2021-33560] * Libgcrypt mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm - Add patches: * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch- Upgrade to 1.9.2 in SLE-15-SP4 [jsc#SLE-17558, jsc#SLE-19413] - Remove patches: * CVE-2018-0495.patch * libgcrypt-CVE-2019-13627.patch * libgcrypt-AES-KW-fix-in-place-encryption.patch * libgcrypt-ECDSA_check_coordinates_range.patch * libgcrypt-check-re-open-dev_random-after-fork.patch- libgcrypt 1.9.2: * Fix building with --disable-asm on x86 * Check public key for ECDSA verify operation * Make sure gcry_get_config (NULL) returns a nul-terminated string * Fix a memory leak in the ECDH code * Fix a reading beyond end of input buffer in SHA2-avx2 - remove obsolete texinfo packaging macros- Update to 1.9.1 * *Fix exploitable bug* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345] * Return an error if a negative MPI is used with sexp scan functions. * Check for operational FIPS in the random and KDF functions. * Fix compile error on ARMv7 with NEON disabled. * Fix self-test in KDF module. * Improve assembler checks for better LTO support. * Fix 32-bit cross build on x86. * Fix non-NEON ARM assembly implementation for SHA512. * Fix build problems with the cipher_bulk_ops_t typedef. * Fix Ed25519 private key handling for preceding ZEROs. * Fix overflow in modular inverse implementation. * Fix register access for AVX/AVX2 implementations of Blake2. * Add optimized cipher and hash functions for s390x/zSeries. * Use hardware bit counting functionx when available. * Update DSA functions to match FIPS 186-3. * New self-tests for CMACs and KDFs. * Add bulk cipher functions for OFB and GCM modes. - Update libgpg-error required version- Use the suffix variable correctly in get_hmac_path() - Rebase libgcrypt-fips_selftest_trigger_file.patch- Add the global config file /etc/gcrypt/random.conf * This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent.- Update to 1.9.0: New stable branch of Libgcrypt with full API and ABI compatibility to the 1.8 series. Release-info: https://dev.gnupg.org/T4294 * New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. * Performance optimizations and bug fixes: See Release-info. * Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. - Add mitigation against ECC timing attack CVE-2019-13627. - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves. - Rebase patches: * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff * libgcrypt-1.6.1-use-fipscheck.patch * drbg_test.patch * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch * libgcrypt-1.8.4-fips-keygen.patch * libgcrypt-1.8.4-getrandom.patch * libgcrypt-fix-tests-fipsmode.patch * libgcrypt-global_init-constructor.patch * libgcrypt-ecc-ecdsa-no-blinding.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - Remove patches: * libgcrypt-unresolved-dladdr.patch * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch * libgcrypt-CVE-2019-12904-GCM.patch * libgcrypt-CVE-2019-12904-AES.patch * libgcrypt-CMAC-AES-TDES-selftest.patch * libgcrypt-1.6.1-fips-cfgrandom.patch * libgcrypt-fips_rsa_no_enforced_mode.patch- libgcrypt 1.8.7: * Support opaque MPI with gcry_mpi_print * Fix extra entropy collection via clock_gettime, a fallback code path for legacy hardware- Update to 1.8.6 * mpi: Consider +0 and -0 the same in mpi_cmp * mpi: Fix flags in mpi_copy for opaque MPI * mpi: Fix the return value of mpi_invm_generic * mpi: DSA,ECDSA: Fix use of mpi_invm - Call mpi_invm before _gcry_dsa_modify_k - Call mpi_invm before _gcry_ecc_ecdsa_sign * mpi: Constant time mpi_inv with some conditions - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond) - New: mpih_abs_cond, mpi_invm_odd - Rename from _gcry_mpi_invm: mpi_invm_generic - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr * Fix wrong code execution in Poly1305 ARM/NEON implementation - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext) * Set vZZ.16b register to zero before use in armv8 gcm implementation * random: Fix include of config.h * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong * ecc: Fix wrong handling of shorten PK bytes - Zeros are already recovered: (_gcry_ecc_mont_decodepoint) - Update libgcrypt-ecc-ecdsa-no-blinding.patch- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872] * Print the debug messages in test_keys() only in debug mode. - Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch libgcrypt-PCT-ECC.patch- FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944] * Use safer gcry_mpi_release() instead of mpi_free() - Update patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch- Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) * add libgcrypt-fips_selftest_trigger_file.patch * refresh libgcrypt-global_init-constructor.patch - Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted by libgcrypt-global_init-constructor.patch- FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC: [bsc#1165539] - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Refreshed patches: * libgcrypt-PCT-DSA.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch- FIPS: Switch the PCT to use the new signature operation [bsc#1165539] * Patches for DSA, RSA and ECDSA test_keys functions: - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-RSA.patch - libgcrypt-PCT-ECC.patch - Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch- FIPS: Fix drbg to be threadsafe [bsc#1167674] * Detect fork and re-open devices in_gcry_rndlinux_gather_random * libgcrypt-check-re-open-dev_random-after-fork.patch- FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: - libgcrypt-global_init-constructor.patch * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch * Fix benchmark regression test in FIPS mode: - libgcrypt-FIPS-GMAC_AES-benckmark.patch- Remove check not needed in _gcry_global_constructor [bsc#1164950] * Update libgcrypt-Restore-self-tests-from-constructor.patch- FIPS: Restore the full _gcry_global_constructor function to run the self-test from the constructor [bsc#1164950] * Add libgcrypt-Restore-self-tests-from-constructor.patch- FIPS: Run the self-tests from the constructor [bsc#1164950] * Add libgcrypt-invoke-global_init-from-constructor.patch- ECDSA: Check range of coordinates (bsc#1161216) * add libgcrypt-ECDSA_check_coordinates_range.patch- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch- FIPS: keywrap gives incorrect results [bsc#1161218] * Add libgcrypt-AES-KW-fix-in-place-encryption.patch- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch- Fix tests in FIPS mode: * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem * Add patch libgcrypt-fix-tests-fipsmode.patch- Fix test dsa-rfc6979 in FIPS mode: * Disable tests in elliptic curves with 192 bits which are not recommended in FIPS mode * Add patch libgcrypt-dsa-rfc6979-test-fix.patch- CMAC AES and TDES FIPS self-tests: * CMAC AES self test missing [bsc#1155339] * CMAC TDES self test missing [bsc#1155338] - Add libgcrypt-CMAC-AES-TDES-selftest.patch- Security fix: [bsc#1148987,CVE-2019-13627] * Mitigation against an ECDSA timing attack * Added libgcrypt-CVE-2019-13627.patch- libgcrypt 1.8.5: * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987) * Improve ECDSA unblinding * Provide a pkg-config file- Fixed an issue created by incomplete implementation of previous change - [bsc#1097073] * Removed section of libgcrypt-binary_integrity_in_non-FIPS.patch that caused some tests to be executed more than once.- Fixed a race condition in initialization. * Added libgcrypt-1.8.4-allow_FSM_same_state.patch- Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 * Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch * Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch- Fixed env-script-interpreter in cavs_driver.pl- Security fix: [bsc#1138939, CVE-2019-12904] * The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) * Added patches: - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch - libgcrypt-CVE-2019-12904-GCM.patch - libgcrypt-CVE-2019-12904-AES.patch- do not try to open /dev/urandom if getrandom() works * Added libgcrypt-1.8.4-getrandom.patch - Drop libgcrypt-init-at-elf-load-fips.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch- Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that was partially causing bsc#1131183. - Fixed race condition in multi-threaded applications by allowing a FSM state transition to the current state. This means some tests are run twice. * Added libgcrypt-1.8.4-allow_FSM_same_state.patch - Fixed an issue in malloc/free wrappers so that memory created by the malloc() wrappers will be destroyed using the free() wrappers. * Added libgcrypt-1.8.4-use_xfree.patch- remove section of libgcrypt-binary_integrity_in_non-FIPS.patch that caused some tests to be executed twice.- removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking libotr. bsc#1131183- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests are invoked as well as the state transition, adjust the code so a missing checksum file is not an issue in non-FIPS mode (bsc#1097073) * update libgcrypt-binary_integrity_in_non-FIPS.patch- Enforce the minimal RSA keygen size in fips mode (bsc#1125740) * add libgcrypt-fips_rsa_no_enforced_mode.patch- Don't run full self-tests from constructor (bsc#1097073) * Don't call global_init() from the constructor, _gcry_global_constructor() from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary integrity check instead. * Only the binary checksum will be verified, the remaining self-tests will be run upon the library initialization - Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch - Drop libgcrypt-init-at-elf-load-fips.patch and libgcrypt-fips_run_selftest_at_constructor.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch- Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) * Added libgcrypt-1.8.3-fips-ctor.patch- Fail selftests when checksum file is missing in FIPS mode only (bsc#1117355) * add libgcrypt-binary_integrity_in_non-FIPS.patch- libgcrypt 1.8.4: * Fix infinite loop with specific application implementations * Fix possible leak of a few bits of secret primes to pageable memory * Fix possible hang in the RNG (1.8.3) * Always make use of getrandom if possible and then use its /dev/urandom behaviour- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch, libgcrypt-strict-aliasing.patch: Remove obsolete patches - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff - Reenable testsuite- Apply "CVE-2018-0495.patch" from upstream to enable blinding for ECDSA signing. This change mitigates a novel side-channel attack. [CVE-2018-0495, bsc#1097410]- Update to version 1.8.3: - Use blinding for ECDSA signing to mitigate a novel side-channel attack. (CVE-2018-0495 bsc#1097410) - Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. - Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. - Fix the gcry_mpi_ec_curve_point point validation function. - Fix rare assertion failure in gcry_prime_check. - Applied spec-cleaner- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they are installed in the right order. [bsc#1090766]- Extended the fipsdrv dsa-sign and dsa-verify commands with the - -algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch- Use %license (boo#1082318)- libgcrypt 1.8.2: * Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. * Add auto expand secmem feature or use by GnuPG 2.2.4- libgcrypt 1.8.1: * Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You" CVE-2017-0379 bsc#1055837 * Add more extra bytes to the pool after reading a seed file * Add the OID SHA384WithECDSA from RFC-7427 to SHA-384 * Fix build problems with the Jitter RNG * Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)- RPM group fixes.- libgcrypt 1.8.0: * New cipher mode XTS * New hash function Blake-2 * New function gcry_mpi_point_copy. * New function gcry_get_config. * GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt. * New gobal configuration file /etc/gcrypt/random.conf. * GCRYCTL_PRINT_CONFIG does now also print build information for libgpg-error and the used compiler version. * GCRY_CIPHER_MODE_CFB8 is now supported. * A jitter based entropy collector is now used in addition to the other entropy collectors. * Optimized gcry_md_hash_buffers for SHA-256 and SHA-512. random pool lock). * Interface changes relative to the 1.7.0 release: gcry_get_config NEW function. gcry_mpi_point_copy NEW function. GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro. GCRY_MD_BLAKE2B_512 NEW constant. GCRY_MD_BLAKE2B_384 NEW constant. GCRY_MD_BLAKE2B_256 NEW constant. GCRY_MD_BLAKE2B_160 NEW constant. GCRY_MD_BLAKE2S_256 NEW constant. GCRY_MD_BLAKE2S_224 NEW constant. GCRY_MD_BLAKE2S_160 NEW constant. GCRY_MD_BLAKE2S_128 NEW constant. GCRY_CIPHER_MODE_XTS NEW constant. gcry_md_info DEPRECATED. - Refresh patch libgcrypt-1.6.3-aliasing.patch- libgcrypt 1.7.8: * CVE-2017-7526: Mitigate a flush+reload side-channel attack on RSA secret keys (bsc#1046607)- libgcrypt 1.7.7: * Fix possible timing attack on EdDSA session key (previously patched, drop libgcrypt-secure-EdDSA-session-key.patch) * Fix long standing bug in secure memory implementation which could lead to a segv on free- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326] * Store the session key in secure memory to ensure that constant time point operations are used in the MPI library.- libgcrypt 1.7.6: * Fix counter operand from read-only to read/write * Fix too large jump alignment in mpih-rshift- libgcrypt 1.7.5: * Fix regression in mlock detection introduced with 1.7.4- libgcrypt 1.7.4: * ARMv8/AArch32 performance improvements for AES, GCM, SHA-256, and SHA-1. * Add ARMv8/AArch32 assembly implementation for Twofish and Camellia. * Add bulk processing implementation for ARMv8/AArch32. * Add Stribog OIDs. * Improve the DRBG performance and sync the code with the Linux version. * When secure memory is requested by the MPI functions or by gcry_xmalloc_secure, they do not anymore lead to a fatal error if the secure memory pool is used up. Instead new pools are allocated as needed. These new pools are not protected against being swapped out (mlock can't be used). Mitigation for minor confidentiality issues is encryption swap space. * Fix GOST 28147 CryptoPro-B S-box. * Fix error code handling of mlock calls.- libgcrypt 1.7.3: * security issue already fixes with 1.6.6 * Fix building of some asm modules with older compilers and CPUs. * ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1. - includes changes from libgcrypt 1.7.2: * Bug fixes: - Fix setting of the ECC cofactor if parameters are specified. - Fix memory leak in the ECC code. - Remove debug message about unsupported getrandom syscall. - Fix build problems related to AVX use. - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512. * Internal changes: - Improved fatal error message for wrong use of gcry_md_read. - Disallow symmetric encryption/decryption if key is not set. - includes changes from 1.7.1: * Bug fixes: - Fix ecc_verify for cofactor support. - Fix portability bug when using gcc with Solaris 9 SPARC. - Build fix for OpenBSD/amd64 - Add OIDs to the Serpent ciphers. * Internal changes: - Use getrandom system call on Linux if available. - Blinding is now also used for RSA signature creation. - Changed names of debug envvars - includes changes from 1.7.0: * New algorithms and modes: - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms. - SHAKE128 and SHAKE256 extendable-output hash algorithms. - ChaCha20 stream cipher. - Poly1305 message authentication algorithm - ChaCha20-Poly1305 Authenticated Encryption with Associated Data mode. - OCB mode. - HMAC-MD2 for use by legacy applications. * New curves for ECC: - Curve25519. - sec256k1. - GOST R 34.10-2001 and GOST R 34.10-2012. * Performance: - Improved performance of KDF functions. - Assembler optimized implementations of Blowfish and Serpent on ARM. - Assembler optimized implementation of 3DES on x86. - Improved AES using the SSSE3 based vector permutation method by Mike Hamburg. - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1 about 20% faster than SSSE3 and more than 100% faster than the generic C implementation. - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8. - 60-90% speedup for Whirlpool on x86. - 300% speedup for RIPE MD-160. - Up to 11 times speedup for CRC functions on x86. * Other features: - Improved ECDSA and FIPS 186-4 compliance. - Support for Montgomery curves. - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher algorithm. - gcry_mpi_ec_sub to subtract two points on a curve. - gcry_mpi_ec_decode_point to decode an MPI into a point object. - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1] - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied hash part. - Parameter "saltlen" to set a non-default salt length for RSA PSS. - A SP800-90A conforming DRNG replaces the former X9.31 alternative random number generator. - Map deprecated RSA algo number to the RSA algo number for better backward compatibility. [from 1.6.2] - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. [from 1.6.3] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. [from 1.6.3] - Flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. [from 1.6.4] - Speed up the random number generator by requiring less extra seeding. [from 1.6.4] - Always verify a created RSA signature to avoid private key leaks due to hardware failures. [from 1.6.4] - Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. [from 1.6.5] * Internal changes: - Moved locking out to libgpg-error. - Support of the SYSROOT envvar in the build system. - Refactor some code. - The availability of a 64 bit integer type is now mandatory. * Bug fixes: - Fixed message digest lookup by OID (regression in 1.6.0). - Fixed a build problem on NetBSD - Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: gcry_cipher_final NEW macro. GCRY_CIPHER_MODE_CFB8 NEW constant. GCRY_CIPHER_MODE_OCB NEW. GCRY_CIPHER_MODE_POLY1305 NEW. gcry_cipher_set_sbox NEW macro. gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MAC_HMAC_SHA3_224 NEW. GCRY_MAC_HMAC_SHA3_256 NEW. GCRY_MAC_HMAC_SHA3_384 NEW. GCRY_MAC_HMAC_SHA3_512 NEW. GCRY_MAC_POLY1305 NEW. GCRY_MAC_POLY1305_AES NEW. GCRY_MAC_POLY1305_CAMELLIA NEW. GCRY_MAC_POLY1305_SEED NEW. GCRY_MAC_POLY1305_SERPENT NEW. GCRY_MAC_POLY1305_TWOFISH NEW. gcry_md_extract NEW. GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1]. GCRY_MD_GOSTR3411_CP NEW. GCRY_MD_SHA3_224 NEW. GCRY_MD_SHA3_256 NEW. GCRY_MD_SHA3_384 NEW. GCRY_MD_SHA3_512 NEW. GCRY_MD_SHAKE128 NEW. GCRY_MD_SHAKE256 NEW. gcry_mpi_ec_decode_point NEW. gcry_mpi_ec_sub NEW. GCRY_PK_EDDSA NEW constant. GCRYCTL_GET_TAGLEN NEW. GCRYCTL_SET_SBOX NEW. GCRYCTL_SET_TAGLEN NEW. - Apply libgcrypt-1.6.3-aliasing.patch only on big-endian architectures - update drbg_test.patch and install cavs testing directory again - As DRBG is upstream, drop pateches: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch v9-0007-User-interface-to-DRBG.patch libgcrypt-fix-rng.patch - drop obsolete: libgcrypt-fips-dsa.patch libgcrypt-fips_ecdsa.patch- libgcrypt 1.6.6: * fix CVE-2016-6313: Issue in the mixing functions of the random number generators allowed an attacker who obtained a number of bytes from the standard RNG to predict some of the next ouput. (bsc#994157)- remove conditionals for unsupported distributions (before 13.2), it would not build anyway because of new dependencies- make the -hmac package depend on the same version of the library, fixing bsc#979629 FIPS: system fails to reboot after installing fips pattern- update to 1.6.5: * CVE-2015-7511: Mitigate side-channel attack on ECDH with Weierstrass curves (boo#965902)- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4- update to 1.6.4 - fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456) * Speed up the random number generator by requiring less extra seeding. * New flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. * Always verify a created RSA signature to avoid private key leaks due to hardware failures. * Other minor bug fixes.- Fix gpg2 tests on BigEndian architectures: s390x ppc64 libgcrypt-1.6.3-aliasing.patch- fix sosuffix for 1.6.3 (20.0.3)- libgcrypt 1.6.3 [bnc#920057]: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. - update upstream signing keyring- making the build reproducible - see http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html for a very similiar problem- Move %install_info_delete calls from postun to preun: the files must still be present to be parsed. - Fix the names passed to install_info for gcrypt.info-[12].gz instead of gcrypt-[12].info.gz.- fix filename for info pages in %post scripts- libgcrypt 1.6.2: * Map deprecated RSA algo number to the RSA algo number for better backward compatibility. * Support a 0x40 compression prefix for EdDSA. * Improve ARM hardware feature detection and building. * Fix building for the x32 ABI platform. * Fix some possible NULL deref bugs. - remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream via xtrymalloc macro - remove libgcrypt-fixed-sizet.patch, upstream - adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc changenebbiolo 1678305806 1.9.4-150400.6.8.11.9.4-150400.6.8.11.9.4-unknown .hmac256.hmacdumpsexphmac256libgcrypt-configmpicalcgcrypt.hlibgcrypt.solibgcrypt.pclibgcrypt.m4libgcrypt-develAUTHORSChangeLogNEWSREADMETHANKSTODOgcrypt.info-1.gzgcrypt.info-2.gzgcrypt.info.gzlibgcrypt-develCOPYINGCOPYING.LIBhmac256.1.gz/usr/bin//usr/include//usr/lib64//usr/lib64/pkgconfig//usr/share/aclocal//usr/share/doc/packages//usr/share/doc/packages/libgcrypt-devel//usr/share/info//usr/share/licenses//usr/share/licenses/libgcrypt-devel//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:28151/SUSE_SLE-15-SP4_Update/14de7dad04474f52c41cf82063c517bf-libgcrypt.SUSE_SLE-15-SP4_Updatedrpmxz5ppc64le-suse-linux  ASCII textELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=e301cd810c638035d68ac5ef269fbe7b91b73938, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=a16cedcfc01e5d97944a043f805a902619fb383d, for GNU/Linux 3.10.0, strippedPOSIX shell script, ASCII text executableELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=5108020811d87f19c84efca6f0580f91024217af, for GNU/Linux 3.10.0, strippedC source, ASCII textpkgconfig fileM4 macro processor script, ASCII textdirectoryUTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) RRRRRR RRRR RPRR śrEX oתutf-8e0d5e90c4ae7ce33819a6218e0cf5a6012b4f1c5049f56114c629beadefe4b08? 7zXZ !t/$]"k%+)^8jI/B$LGbgs\&NJmMÌc|03to?@!3{Gϐ [vq^}uqyj}Nͣ^N :^AOG1U,rSfce `ZkdQ:aZ|Cg:.WxzzFa; JgyPF Gji=PjA|>%!xpo*OUd첐eL@&K&B8m@7Ddg b\8C^^EzccUyFd,SNܠ,ۑ@V}%Ji?-V}UV(S`BDĞlupa,IuV5KcR`z⦺ZT" .¶kNHjt츙âr6+uQڎ-t8U/A7v 2 P42zUbGc@#5VАIa8 z﫳4 F G|pu;g\7z~P ֆs3 7J㚎INrWq467?d>oW%LQ!;8NÂHICٺ$$-`;Yf&bKq/ۥe uIaSB2dFm[틂zSC9Q[%ON ߠ)%.Sb0вEc!Jgn-s T0\><.i{*FP=M-'Š՟0'(hst VA%:yy9Sߡ Xh`Z3ʾJ%ҹJ3&RpGC_kf>zpEɲSe%,FCŴ&}S38`G9r'oLjNCQEVF9i2("-Hc %&sp($MPE" b1Q+dJuMzgw:xB5oZ!.%FG8$-b#~pdK"&+\孁%(h!#oMf8ԹՎ4"]y#`=79ԃ[AԊIoH2ALxGbl$GW7H)8/gwFn؃:+\SfY(٦^̿=e};OE[~PpO$ )aܮ;vsF)UeRg QVg^HBzm$ r@]'a"Ǔ,Qe csClگ5B=K-?~@ԑpݟfn52:A%ZAf<.(b/e#g3p%-qi˰j7\ QK HEC;LR#mr 0ȥ/n)}g$p d#b@1i[FU kAhEѽ]>ZA/wywzI=w<^+B9un ٖ| nuQnN[Soh+j|b;@}R: z@ lgP<[95x_PRD˄؅>xjY\"xpgpGˣT Vwxт=X a5\Tz LgNmpbbĈ4饪նnY3j0sDqy0)"r̵p/ Jw<%z\0e_KViK+ߥݘzEW+yPowBLxoRS4]n¥N"(Fl+ d)(kq:֘Հ|)i>'(|r[ V}uIh~WAw 0eXëE|*cAO7Er` T!6.@0߰x,R hNG(ʞw2 #J  J),9vWRk4=]9Uug@@Cm8לUS,)d.ЯFM$l"^,P9Dbt]n8׊@Xs.J)Ki#2]kP-9uݚ´!9S.`G_ VS Juw&N$}jF![XoL9 G(/i #luCLMOWЮ$HV{MixZT^,ZTz0ᖔ+, pOE0QxnKH4\A_(?HUQwn֮'ob0|Dբ\D (d;PyиVo7B2hf5h,~WG%4$=05D)442ܜfuA>Q)E)S8#%#Wuj͒F@a|-xl`H?d#bcL6S1cR֪dc]v.OA8nz}A_%("{пY :II8"KVu/bPu~W^uE Lڊ\|\ee0%1U+GNwVdWPP>b):˲:kK)%͇@]j0atQz R\hAOYY][mm;1d l !agg"t5|n޿ ꑄ|Oq-mn1$w\}HZrp&ŜOaP6k]:zE:'}^@iX.";0{(2s藈_BPEUF)&o7T%rBD TrVQ [=|l 6 {B<=&8ƘhRCOi0@8$m7@S@}"C$G)A*R OMȎ+ފӭ燹W7;AWôHt-bmq,+S|gR&sހ̫$G7m=,bd=e oZٍc_|&l L ܼ'c~py#Ð6`>/W8c>XH!4U=y'R딋8 eMP8 F?ij)~F 9VHmU6S76&w iȫy*&yH zSV{^:ϫXۻ )1pBچŁ1!{v h{2~F3MEE3* ,W45ZBxsg髼CXrEJ.k3ykZ "O{`M>>2^[K|opx`,Ji2tTtX q;0UFub@~0l0(#mZ@6HpMmT UCJEEܗi)w­ԭv&tͭ]ֿ_y~v5\[c"k~OGwfy!5ܢ`Y~K˜`+K-(aQ6n!h֞m=;A|ArO[oh" U%д|3n%C2bu z7KjO@Au2~66d zOEb/8:0 Clڭ[_ʖ !pZozR݆5_Eixd:H$*:̽:ܫE>s:$5 TaΫ'䶃CTwXge"^`C AɊHveGܐj|zlSnnW]X'pv\)&[oQ-yv|k`B1*Lx)%]Odž)w3ʵ. QF{@hm$joN0&M@rV+RQSUPʶܣs,"fh U1==nRZnnEr#Y Te,o0@2a@1=y):kp)St'57:)Joc4r~L!*VoAU-0wy qPfAY5j~ٶdUucZ6FOnױA5evHd 9Mg11*<0L΁+йsjJh,0L1Zug9c3),җZwr @yiBS*@dq-hG$CVw߆`} 8,)kA*鐽䈆*H.UT1baᠶ% XdC#p|¢&$d@r#бӣVE^1\aY9柶ߘzټe+k8Cw7½wҝ=}lõdRn}2jT'ɠlkdkږQ.BN#竤3i뎁BGߜ٬(4b &fJɡ_^r6f_Ңy&͋9ыc+= ^DZkŊr/(xkf Yi)\_'A~ʹLo*nNOtOhfo N3.'fOc,'Zmry5c1:T F! 5&*q{"H>*aI^O6-8'QU^YSe9\N|TLH5&/|X3i)Sa)o39I5oQ}ppH`Af$B=+oAdԳi4)6@z} 'Ŵ[$[ WZB-ui_ˬ|Z%^4 h=+qL1̀0nI٧9 qss}uP\?Tz֕Wo9c>BKŎ\WGt tvI X #Vj>a)`\OlʞG^yQgw]PǬW1 QD3W›wY(|߸gx=K\CTӵ*2)GWR؉00 *?v&XM?ړ3^$]+%#1?OBJ QvE|_1e9pgu|I4y 0@LMt1 ?}Dk=/L~q~cg ~YMۨ> 1$m%o'WYaw:CX׵y7L+B_N]a1Y&m`kL<跿%n+e0R AٻKF-Ks$ݶgᄋ5 2%ľbt ts1R& L<&y X9{_"RՃ -SYgJi!&VŊL3u ӵHEA[c!Y-D 1'BA;PDusCƩD}r]pSS&H?i{m0lg:*[,e)tb =yWyQmnI)/:4-B&ې K%v 5:(sw|&5x;v9XgEBtYF {!b\'\yӡ*96 Xb:VF s^hr^C@S^5(.P` P4P(VXxni#QyܾQjZ&. HVs e-h KiuHY%nsח"R -]bBov=54Vz5[C ?<km$2S~IERzW"9 Ц\#KR}$Aﲾc@yT\C)U(s+ea`.+Gjy_w@PeDڟN-jɻG}iG]y&8zmX| ˨J f,=&9 pJ/?fG)-M<ݱ6F.ᯍQ->U-G2.eYuM?,9D%^c[=AP# wj %1/W6>Gb%a(5ݵLܢи w.HE Xǁv+Q9gpxӥ_&=Fi+% y!r'yy^Oz#Gt,%RF0Jz~n;@MxB ~0[vY XB0Yfz"7fnˌ` $}ZCol E':i2UPaKwѥq aPq>w O*&r=o2F^.J~q.X|ty4O!"Ay*Ll7Zu74dYb,m300maz,}!)|7Dwu j{O uv8ke~7qT?/r[bgO rjA%3v$kx!"e eF7vy[1Vf\uBkvᓰG~iMJF?V`uRUPW3f9ƳGt~uۊw >&'+%'eR3E`L V&Rϕ?So +>`c$מ?i%jL{s$}hJq qX>z1[iAW|cD@fr{-&)jjqh[yy{f" ]rT:#pOYW.&,mHahEC駫 m=]me<(t؉r?dV;& gnTXCqHe`׾+5,oi,3MtBlU-@}C@ ^|ҊkH|~Wʿsopێ "5 k;5L 2a\YNgbw>#&C\:hV1lm D4Weo~qiЀn|2_6CQ~>\98q ">M:b.%[Qj$`I1M?!'yBUs?Orx,v@N$͋GME6!mdtP< _A5~kcĶHߚk Ƣֲˉa nDE=YU$smxsuEs~[bO2s% }BD„ $2 I߆߿naoHH+a#v36./JUL:ix[1hԷ q Ƴ]^mRmVr0A{jDyД\Օ[#c`ѭV㿹0z۫&g N793lj%iv@Tb ħ2ڇHUD#yW9:n}ʕ}68 k{l\ x(8^фM|(]?y,ϧ|(72J3ߚeLn,$[h+^ MY`>n Hl9K;N,#͗a,ybr.h!=\;, rGPMZU3ЗmsDm=7љtX)Py*A;a9v X:|&_8 uN[pnҝmMj-qrͧP(J{rB@6-v$rJcފEK~jB=uH;ލ@7f+ x-Z X)KJD }pRյ:h˽t2egI&`]Bw8A[Z*f"4dOɅ4yL+C7j=Xe{\cPӲ ?6kUۦqH:f_91ܖQŏxr2tɵDGJAFmk6L0P1>͝LWyT0YYXWnm)pu|zдi >Wo?dY|PQ*n-*3LBܭ;kx?Ւ".!˻UM7t=4%ʯj(  4}ݧ >`!|&ŬsR22̧X#Ŗ7S~hv><&T c^PZ|[+t@ܙɧߖ 7D 5'_BTy'7@ȫ gb@E;ǰnkhD ?B^}*yzvk+|γt"/Hh3L k <1j!6ټT2zp qE՟+B T*s7x\KPnw~N7p&%p/b|#WǬwZ rJ'^wwMn1vIJ&pDIUEʮtn{݃x'`=\xY!ݛ^v_s$ l+'*\HPELt&'GuP ZXӯ%Uy.ޑ8j'="CӨ/ՀV(PQa$B.]5wdW+㨣4Iev1\!Eߋ1aRWyU,h=ڢa\F+ZWѧfY鄤L[ <[t`D]ZjhDcI9{Bo_~z)tӍhFPq#4js&B`z$˛-- Ʀ|cj(]XZI2'Y**m252xl2ÊѠFMdA4V/ףxΘwT-w1j Ss4yDHȣh2.wwoS*M@r6~ o):*iI]`6=Jn61%?\ݦ|a+P5#j͵OndUeuX"~AZ1{% tI /㚌vbpwFS@R(Q;Ew`kv`5vHuu"r@s&UkBE'klWDHov(xMvR!^F889r2Q)Cޥj .ۆMEQv:, f@a٨]q5FG}aO&N˗PD;HXǛL!QG]gz;ma<':QۈMMwA*9@ؿ27DIctƦ9z0M!BHI+;򼤴,~ 6*go}c#YP%N 8Ԡ]u$BX3~{jk7mҌkM{`FfXu ĒfA ]\6A-^1w)#us].UnS v,L@- оDjTp? Mn[[G! F}sV_nzQﮩAoo62uTuYBowہ|kzu|zPfvC%,HͤCuX+jhKT=^/ I!Yu^304Ah fҧ%U aQcat_H zfH, hlWʅȡxOf=u! iChpYS)di got!N zX|,;mR2yaPn8nXs5 xMКM^WZj~* /93rи8aK>֍oʼnz;xuQM!:x95@@l-0@ʨ\ՀNcf<孾=y/搥KXf (Y ~4騲[NdeZV~![J9 Akh| b)2mpNyiy?i׌J-e)~" cfo o øF k4 QͿė5WU"ܯjV\u!Њd?~yѽC%r}BNކ"![| \צqW 겧hD?Y^!GKVQ;=#a4߾BUGu )&|w /}0(c CON2X):x4ԋ+A?Wryw۩sP$^\ϴH8V~}X #qE/Jm\gb`&9Vq7I'P 68H\Wdи!F-{d/c/xW˲V/^e>߾4REeNycUNrh=ֳ-mP5RusۃZH?ˬ-ʟӎ2N"N>R(`SS$W^wJLwK(3,dOcd${ U6W@)f7WBz$R9!ٓ}WJB[=#IK59Z-2q; M 7]]VKT;RnDiԻ ~0!+TDyME<%Lyj;9g -e4j@ƄbO틊P"ݳ3=CgCLX 蔦@%tN*ȒpdS#w6wi,#BK>3L!853j25\;f õ}8 CV'Sp}Anqv>H?@+#S[ #He#7v Cć[X:>Wf.+? _T(Gs 2$a)1 \|F;7#3K*VL毶tM+[?I<yԳ9/ob#6(&Ics\0`S_YÞЃNdlPY{A\c:Ld^汍D@h 1\?_5ԧ ?t*&}k(!}Rs We/yp-w6ZbD/[_ 8ӪI36e}G\V5+[$uh)=0d֟yq7 p)yEN|[?%?Z|#S?^d KT /Uh,[9= 8Gc GbJ>[åRkXTZ_CHzpPnȚdf BMs% ^x&{WjyM~.JCi[JYA]Ge<Cnwf=c!3nOSt\mG􁙎{ g`AƭYPYbr &yDUgK*ߒ(;C_V `$,qȋRu>gb88}v\TcUשgb z+A 8[|xEEi1ꓢ%v[ec06$ Iv -^1E4~+MB!5\V}tXaH}^lc5?b, O5WAK_.5C"{ ?{kzely7N !yc2p#(m=[d6-TNLݠNv('Dt}љ|@Wk2Q $ZS?bT_Li&q"xyjj;A=P>"\/ٖ'h\\B`N}R&#̞Yvs$ەkA/&c)tN,I`ӕ i.b c80/ߨN$u-Њ|^QrVE++;~sgzN}ÈҦ|U[fL? J] J|?h!+3c.xCh~ ܌#)R-5)04RaSlQ"NeCCٴfUr:7 "e$- k8<8 pLeҹ8YuWL=Դk&`1dEq&T/5ll"̙#ߝPp!_JNR1gDuŦR:AojšvJϏsRqR,M ޡ=࿬.p誩umT$'Sޑn%L).׺Y}h ΒXyT#nyV@\!3M8jGM`inf.kI )ܯ'(L't Iky8)`"`ÙZZ;ڌ(aR;!BnIH/^fnΔFʭcq4eXJ+o6`Ci&ȫs"lG1>!5a\!׽ #ژT[Dt]N=Mif aokqHfdV#:{ 훴\e)?v s{`?>F#3[@\ކSA8"}1gZa\;)cԳTݖ qpuLagF|m3Od;]:>Y)}]ҘY#h6mmL 5k]>Od׏^Rjw糐P'ͺo k_;L{Hݚ)qHJ/JDvaWY%`#hRP_)Xwφ7%z m2 LE>Hc%r gX€wU PH#ReV1Uj]>85s,MW aQe4 ?_3-@2}b{_oXWgJ_u@/\IsM 3ȋom(U턵:."!KSچ>fQ؈L1OZ!1+=*{8ITeYt[ Iӻ8m+V(TH l>߯*q_P=J1ZJwx^^Qjm_Z9C-)Z*C9v`(ns2^. /kI&: r+hI*$1}(l昤kg37L#: tڷT䥘2t( CSF@ҹ^.'lG6Z^DYf4=:84"^̴ÿ # (._6u?(OԋWDTy*T١ӟ]+1M'y9۪LiydTlrC5Ƈ o}oŠ (>E|bB GXQV`Lk9@US-AǜRr;jw%E`K;Fv}ƈe?cd:&`\B<+Du.\#ԞSVUGS  T|j<~ִ?%p1jz &0ϑ; &a!ö>Eזd6Tu{ߌ>@' oںVeAevc8:ϳ g,n }n=FdfOuWq#!:z߮ Y.@W)-{qk^+r#ɹCkg,Fopg[`R RϙSգsR+-+x7zk] !5i); zzHj|)l\V-o]:o;.ċ.M~"y33J Ko+7W?l%s(ELӹ[5UҪqZ#p5*L[Q,#5F)N$hPo½aoj*]ȷ"jOe%0tT|&*a2,O_Cdos &fS,?n^v$Xt7z^6(iV7oKYFۗxOgVԉ%Av:ZWq@'L<%3g-`RAt?J;/_/r|M|T6IG \f.ݦoa`=A4:0hY] ?%E_x[4q]/40uOVȎ}6K }b=”t T5prM p"u} 97-Tkr7˨RW8HYY=1Cm'@Ӛ/(1Pzz}fxOƶ#tҬ',l\a@El^= $H$0{1|e]ުAkY&|h_ TJ#,uZX="&+UOHC<~"?9l6[\Ҹ D9۞۶8$Zl_&kO0{}y.-*3I-_^D!Bތ('FhǦ?=6y!qPb2;K'+8,39ђYzgé/V`/O5|d~wsIM_B5 `So~f1F~jdaa-8FeX{yD`E2m5Fqհb 8txV@ԵO͈ l1ɓJ8ׅWPtzĄD=Yo q-xOB[T)+e&Mwj_c/=e!i"!ˑ?LO*:iȆ0 nzzvKu QhwgcZ%e;-U[\=x=$-i wM.ƾź$L(0J75z)k^,}Kdg̈́< T}{%*ߢ2 AػAEQ47X U7o\B[L$˼ߠw]4BpeB'"&d7E; :<.xφ0ec(F=J1t DG_GTSJ"aiXD`|Fe^!qsRi 4Q}c2J_%W/0_2 b>jd9 Vxk;D:HOnXPd kɂ@:p?8;!('ژi1Rg2ɢi$cl8t?)|ŸB"v7dGcNhAx$ Я(ş[6$oAz۩zٜ'݈B^lR>M 2?3]&ۍfX<>F0U(4(Oh \n:9'.Kcc.&yweJ#tl@Fd; ؀c=sÉʹnN~F'}D[E`[?;G2 V儬@2.=^}fHʺ$&^>We~n^Ye/fH;f'c>898ʘC7c?c4.VU U]xK3_cH~L[|HCI7+Ywylzr@u,>$3pQ(*uT4# HZI;lr |>>ܱmwfC8G_f fn`G Pi0ĨnτۿJ[65V<XN00i_}zhZx#/ (kjb[9AK8P:͜@Ӕ ZNE™qm HrMpL A0ĝ7N< !RDP~BAEtp\kЎ'qn ƿ4PCg#G_7 *][+;qK\(\+:N&Jc: @a|ZT1b2\r6)-1ɴo#ak0⋌5oIe[ämmL}.W\ T 3K&3w${._|G۸~әCfGLao!f2)3-qXi[`1TaĘ*tznW~KPPn6]DDܿX}hH+i柿/O\7 wa)a$ 2[I#-5rw9FDA1930#͇7+jekw(݌PFۺlW, NpyMPW>\О<#:1xu"+b`#Bae9Jx ozp[VNg},P 0Sa= L]|50=>Vc*k|ܰffJ pxc7Wy"̧qGEo\"g]$D+-Ϥ XZ²MwsJ` 豙@sqX 2 bAyr?Ty3-h5R5{: >mD;{+ia:h`6ܐJ@i )yn}Ї`\bvi ǯڍ/ oFĖ>,A $sN v[9)ɒ;h+w9?rAQ PR=G 6XD/\-ZUloCOnzsd1Tr? #Õ3f&#IWPdLbFBXKk**5Lս Um*On гϿ!+"$ef3ԉ}Z6̳#p;d k4'FZ+0MXָ4嘎;z\z_;El`6ߎN@\""[)gd{u!"֒/cqഓ}VW]CV^(XxFyl9{WDȤK!_EﴔhmmUY&"^#TE.;E/Z@DWf8fkmGU ̙`~(t:{H.R!+=^'_}! ~DൌIp*r4}DHMecͩU$Ԥ}oUbW7bcJM!ýVqr3 Cr⑥urʡXJ /nKF e $0wb ag`X<tpqEMX>wbN/l?MmCƷd-x~7-h]cFi Oy !IUr[oh˖V"6K捲1..;;A "^!D,Xc&#,8wh CI1(y`K(Kw|*W?}UKϖѤbq^Zd6H lG9tɿ⿤m]{ \ 1[\ o/ >eecjw 3Fd8f0j 䌾n$m\4vycuz=ZiЬQr>:VMHTNT* (;JBgӯ@s>P ]N5qJt|ML=W 'ȋod>]^80IRnB ʢ))葷/+SĦ@I/(pG_jh5B_ 裏,0*E xj >eVY>-C'6G ,>zߖ9"9g)`[RqR!>+=t?k:#cr 6%+FHYJY?.-rޝ!pzRjŢ"jE肠%و$Cv y[S8jqP\.>s+܀w` ݄]h $e14ۣ1T7sg' H(ްr qNȊ<*2|I4o=uJ33& GiQC^$xoAtWTg nqx1-(pߨ^ )mF$y\{[>ێPIg-`89iR_,zE"8A2F|_hlڸ hL_6n\`-5i:򝳨hW$+c$&-@>5 0pQ0x=h_̍KaB򉙲Ӝ2@.8]T ~X"|Ϲ]mS{l RSנRE:SUi/*#Y+jZQYs Χ-+sC Q2_N BIBXywHe.a_=jφA۱y:8mX 31mYIl\3P<@X agD(;dFF}RG74+[*onl8]\/t[Bh[ lֿ wt妶ͶOP*!lťfͣކudh3!ftH E`sok1l0xlO\`^Yab*ZSɑ0]眩[~3ݜuR$|֙\8RƮH2v=7K#1W:B^ö3u2nȒCN4(P+D@^N3iI /?Kj Rtm[vA3} ǽV|)cfFQNՍ0wsŦ7ٜsq-8G6t*\H [<BYQE&iaԛ%ّ:ZɆ؞a7 ۝ѿ[4y*VG \H: c\YYjd䋷Z-RPm2]BZJnSjqdE#*&  xFҊSD*z }l%^B~f̋_pkT6MՏ.k $tIq`O3$1{ w?JFM'ټYD;Dxn#I5] 6%HUYЏ|Fv[|xij6UD`I)-!7:eVq.ABw棽yփaԝ$#e(!Êυy;6J\BF ] i_y٠? ]fm2/'MbJ6]cTv8dN\>®@ZsjYW%9@0I*ir|ɓR]IºmHN.Qm@C<R.3) ֋5xK ?U=BWHSEccڭ؍.1"`FuXJg *[-S1-lF>eÈʴҮhM/={hKĂ ?-CzgP Zh&j=-Gt{LQ{baf l}|́kb2ju5X`J}m \6 0ry $BAql;IuͽDqR|HeVP+p{ʨk<'4Ci谾>du SSx:|SY'x+M/-wgZGZB 9qw`J)QO u&lnm,e]X|&fep8Y-;5Y1^e0䄚7C 2]*ۉ'4ygnз kFUI~Ê@LYQ!$?bp苼vyj &slPA7-ʜI5Wq@1)b66 bC:_Y!F$(4+KyeMsV[w%<=\!QV+]d;T`%1KJ3`e^va 3ݲ1&au&\`z+{kABmIJ~riJ\q1i Ȱy3T `ney_ Ap7fbBLB]~dk %Awu2I(⮊k{Y*BRlpY =yY6~bun衅_n;5T&BUmk{u)U}ރ ^,I} Am;YzdklkfgMнY5L v*n4}_H˃›uD 1pw|0ȤFtD]0Öt*]B%sbZׯt7̽f"qINHxk +='Rߢ͔[p$ =`STD/}# !["?؋C'Οsn썒\WuIvh_Xҭ_-]nVWBp<J.H5œ.S^bEv;hp]1viLg+&'ZơB] bɞM.VʼO>#٢vgJO>Mᗙ@`V=ϲf̖>S-+/LE:g-HוL1n̎!VZ,m)@$2잳-$nZY{x!طn3Bp<1ep$$HEYE `JCx+"2Pت|>(4,rq~'RQThG߼:`أl輊sh uݱ:܄r'z~(Ŷ D/16HQwiBK}u' w1NSw1Lc_[C$56:-n7[y!VQL) }b:yQ43,a)R­U{MĸCܠ]'!CS0}{ Š&} F`6+UkΐE? 3 iwUd`e0i71]r'n.npc~)/CQ?ϣkf}`~iBr2cMWH۟KZ89iN֭']x;pA͚b3a`-oD Rb{tۏϋ=F?~ =Y][Ƈ tCն+7/iRa-:geۧx UGMavP{eOUks=gһiFi1z PWpўOk].V Td0n|.35r)1)cV79~vr>F[- DNg /y|6u3 M0"ĆrMO5Lߥ7i@OKģTomU{: m2Ҍ(JY`q( ݄R+X\ws6ۊvn؃V~$BׅZpd|$}fjJgm$aI 9*O#Y"8VI ]ROZvn8Ӫy~]Bci" :Ãwr3T^&)h$zIXFXA8E6kvP4+{pj58l:־,_)i΃sBS%zP,WیA'p>ܴydCAΌ> W*"I6) O18l<"7l>b͎G>QuŹ@7c+I@f]Fm0]; U%WYqnxǙKØֲaieZv@Kku^*rg7$RtBm?on+w]I-(3r'm6<zLrtтʯ{:@sR&ncBŊM&O_=pOKed8ЃwŧLӍ{nн"}DY jՆdbr4rPb a`l&cop|\{Au3HpE=zc7a/eg,dlw)7!L""HN fO|v2!(O[=#T>1HtG}fIw\]A;5^l)2 䚯}T5A(m2@]mh mJOo/unYɒyûӫ^ 0!Y?M&h9V]ohn,s ɢ^ $.0D6O4S\qxHwwBLXvKJYcbMoʖT.f!`WX6hOK2FΔC W.aAyݪͬS'NjY^Mٴ᳭L*qͷxq Fn6ZTVg ?=- $5qGj6jAv4u A@0NmqLbJ^K%@؀o*!M+Oq~\"n;RJp$}BCA ]->Ӽ: @ i-ބoȍO47Y)ؒ\ir$XB?QbwWb#Ӏİ%\;^a{I X@QUp˥dEM}{gԨ詈QT=؅!j$sB d|LлxD~q/"+D8R^E TFm2jJGP\>\Q?Hݺɾ=) ,si6`f)(8Vh݈դlC'Jl{9dE:mcc9ٴc,[YsON"-8X5bERlȜYipq߰Re6ЁYr5b3t'&ˆH /h5 :gd8,wmcf5fOj^YCTD(3 owyzi[_=zϋnG1L;[HM'|uRyP!;WMe')^Svaٶ#Y?SVֿWA`LVّfX/ ]^WS ^\jW>;) uST`NgA,%JYk}#۳7Q\.LXWxp)), vGR(1JQ Waѐ-}~@O ͥN[[%L$Yfsyx:q'`;|@ł$HH%-7d9I?G\S:U,ȏ<~WcY:US۬+]21I7#bZ/^r$,_lOSDzN̓8]b@|$]aH*7=_66t(t=\՗Zl$iLMN:ULy[; L%s< rAzq;U1M(Eys_24+D( ~:4o@$)S 3=A.U\q-VE!ld0qj^W l0' #u}:BdPvjTǏ.ɹبqCwH6#Hx24XSZ{نhEVdk޹bwe0]Bjj7(\$P ,e/VL.3( Ã>9b^Rny~8Bz鲦`N!7fnnz.'Xdɗ)[=sQ{(XێpnQ {@! _ I!7D_Dݘc s)nӂ=[l@d_pҕOrv{r>5tNߟy&LWhrP8ӖT+~igw~"kFc3,E*T+)ʹ9joWR[Xm顏zyug6f~A ~ lH|a!tM S|^~\ւم] m\Yl)٬ޯCSNsss.MF9M@Yl`l'7}g~6}o⋆еܼhPO8#Nsi:C L7y7ydH ǃH{WY@Y|jOfp tm|Uzuc|{M~ׯEVN{c7(²cc߀HB8R5t@M\Dg)t;BGMy><%)KinEG~|<:7]${OO|~YAa7+7;:589_7 gxv{\AYE^#dWW7.9E 'sd:2t|yJxvWZM.#& \q>΢/ l>v$i#5%4"J}VH*0Z an ԌUan uEfjrgNVL3Wf #%.YJ6M6r>دIF/iت0zƯb}9k:;FaUu'lWNB #U'˄mY鄲 BGObXmm'[[BVo$㎠C#`:)0AvAeAk"3F&"S4J3% Hը;#B)xpN7Apm#19^ޓ}4PJ+"+Yo:myߢ8o.0 YRC u})(Iz=<>٘R"欸tlH6!I| d!|*k?eן;FX9뎯#2\MY:>)cO&g}ȆK)Kr5 e=N'1M4ꁏ*BL˧F$n;x ԇ9iȔbDR9kŠ%, $xXUeCuݔ 8&su[MzbGȿ N 9Pf_7{6DlW"xi!>M  k/^={9z6 kA>n(PQ} ~ιOlNB[e6|~X"H DŽ:HΉYO *IaT|AoBd:ͩ:`Y0^"ǁ-D9QMu 1wGW/&>R+9|moWdWnByO=aHm,HՅk<#zxotIBe>7Y]5`ut\O }Gڙ2ue^4U,tVGrwU[pF7Ā!M:Զ79,Ҩթ0[ʅcc`c-TahINՉ>è|L8{6l8}dž7~Rſz ǜZц!M"j9"}W`93O;1Ƨ35.IA~G# 4ޚn{Aj> U ޥzV#dN䐮@6ZARaO^=ZrSF^.a&luI<վMA N ]Ml'oaUdqe|7I!A&qk̎arDTRJ}ga+5[ /foĊ'Ǐ߾’Dۦ k P- jL=Z,b"QfhO^-w`lx%g%i[dLW3Cw᥀owKs@# '.} 9Dz ]F+,7ˉ*.Q:|t{(MHqɴ]vk%$:ȑy-d ?4RzpbxKgKcu2m QF[q@]}LѳŖ+=N`oIpkNMSvIj9A0>XUvïm0GD:3eXK +WRă>qhe(AkLVDt .ͫ5VO /R8peA3i Ro2'OMj;ALMh(#Ǽ*UY_@5|ۄl]ͻ.T,w!ɺ";)қ -W]φD κA)l+Sݗ,Yg{~É )3lv9ݐrN4ml4P_Zyo$)>P |UW}XkWGՐsgBX9ñ Y/?Yh {H \bV#7~b~nb5x*Rof%Oju Q|Wb7WqϰQp?c ߋn+B[+w^2̋r5MT/t?g`+ꕆ |T1C*'' H<mZ e9$er@PAt[+8] &lQD^w* 5N59c ͮ}/74mf*~ݭka뷁 WpJ ZUmۣH'[l󏇼9Ҷqfx*dB(/(ĸ@vGQp~XJ(|w7{ݠo]p8>AW2 8ZnX.qZ;wcfH(Ka$Mk!vx̍Tg56%p>j^%Kai kl^L%[*SP|>5 sw}'_L]=4wU4f.Jc\R:S#3krrUmVP4?y.Ss%{%z4B08 t}C66 H+@j1Vc݉dK1)pAĚI Ogש)C ^wl܌>'zH9WQ7{mBgŸ:zɭ) @mk/#'p}tg ?o :69+3DM{;/$Mme'h)"4 &FgWgtcxPhj`I*,l=f) 5W$ʼn^ Y]{Ow /x S2]XSY,M ?jT_n]gUܑAlno >@`W'auNo( $5x.68(xWGUJ Ң@*4SnlT0Q!'?}8sRa^ָ{PeuZSMU^ohVK[8,ѐF@ k̖A'c(eg%l=aV$V5 SZO1%zJ% g۪aA8 OuktU* 2쬦'LR(F\d 5]NaRi~LO[H}R}kJ"pJg\ױ REi8|琉4U(InUs2 hz95/۰]q6$]ں,|Z(!Di£_}8 9=*&W:/ITyOEМe,jD47a$s9ZmSٕӲ^'@ lG;-ezбf$ z 9giQ#ܻ2Q<8 7L|r r]ɳVN~s$gR똢8/쳌EZ fpYڬt1~N ^\V .Cl-&pcVQ &s&8IipE"v.{2;y !GL֎xzڡt(V)=xajL8dm֢ty-AkoL?'!v9GPn{1&W!U%< _y2R0ٟT0|&!z$# o yFnTL~DP2rl/ JyyMR`;Ēư VO+䩅7һOMdeN}6DX(&<sY$,-0<7LqYȈ?9>:myݚ-,/F{Օ`܇(:6R~O" KTj <4t}z"<Oj4%>d #GNȫY!fh7DUJ};Tޭ5x{9ݒ1 '1l.<#ItaY ?t/CuYIԟu˫%HSɹ]M)`ӬbYG/r"akFǷbm (l'b<*נyze,qk.ik<_elA^U)XT>Y—s9O$)ߴ/S7#S[jb5fJɭ?p⾞d^h)TB^31YB5Jt ;j Y +)k);T OH}r] <:8Rz:ji1}cj`#$%c"BbY˼8u6N [(A"G)ഝ@!ž66iݰEȄp54҈ ;dNxRg r.-.r,ՎFKǝ[OoLЯOqry"⶧.JRMF#8Bžyi<= G i LpOѮX37 ċFc.̢GV95L%5M_OSF'Tb7 fJaGPV5nZ&;v>ECULW. 5aPb_C[Ǯ[t̊ <I9t4٘&T)!)5>?:= ʌ>\*emȑ31jqh@#s@~**|lpy~N(zEZ)>U' p/̽vuShnh΍r"˲X8I^"hB ak-g̭P1B\3Rp>OtVS9#ٌ2umFr1,Cd+ O.d qT 0Ht <⃽@o+'nA&k=EdG'_P>\Pr'[cxe/Ӎrnxspz`W2ohUq#s3/ .eq78.v \&g\me| N+[eX`@vH~K鈎6+rrAS8F={c8 t!=jMH9(sjfuiBrؕ15mo|]04u&\b7a ZDF YsR.q[SqAS妞2hNݦ6#rhk]1K(d=@ 0ʵ,"a%}M& F z♣(e{kv'^F=[!03WA2MEK>,'Efmgkĭ>{9aiTr$&;kv)3Up y58K9Eq5)6k*#{M޽ F;I*cf!SN,)V>ʡ';s&; D`q98v4WF /`*8\؏6B9 o@(/jGl+PwJ±F1hf2}Oׯ1ZnM{E=/sZdoD>]RG&PnQqגI3ֺe%j >Qt4GCQNlSWձΧYzb%cQKINWMK5aԣn`v"I;5[{v$Un^Ă" 3N`,a6K.gB_ҕ)!G(`>X܍jŮmN#\zQ."cTYyaIh7 -m V-}keYn`jjB)l!26i}3U9Cc;3=t1F'Oj2Hm%F7eA"n\SQ |9u~v=//0T0'EЀ;ʰmo6Pg#wcuj]wLqT7B''?n,e[fmRVe;i_k8r/@ld.gG9&-%dlwJ ߥNᚋsh:DJy<+Itoo$(Pn!MCDԈ hPKI@6la%s4[RX+a4f0xcH˸?p2'\|DcS-ćs(sM W-YE; a*(bX UU[;Z4h|R}#х .4S3QƷU6ag3+ Hll^}˓gim 7'.M۰u_{i/kjTF 4H4*RF!d7k]P.EEގ8բ@# ZMKt%p{{6t4>KG}SW&(@ [% ҂`P%,77^QniFnSTy )<Ѽ|Ky.Czd2}/'/vy! x<}jnj^gA:5p[%L7&6;u2NH`婟&8( z>{lt~s?޹%w2w4p(SNQ-c9 %ԞN=_} d5z"ςX\vyv@)|aɑDEVxlw7hqd"6dCtc=xlR;!](?a_ͥtPn"fG(rɨ)D= Жju? ?"2o)TBm$XW]\@uQb"d͐e_cz VqЁ+ 7{-f{]9֡ԍ;LɶTh2GfB@yI}`o'g5LHln ̫nLĢfezz]Vn42>K3鉧zpvMSh-ÊE2 Boo|j,i)Th.&Uoٳ%x]{2"A gS-LX7# r q.f@'Xplee}VZF?g >؉Qi21{Vʇ]zom)eՍ4ڡ; lEwnK'ޙ_G6yuނA(miLEZ ;Z -o1tXVćÍ}WV?rP"ž9 &}2 A rC/@x`WxQNS IiփRSIw褄Th CE?h 0s`~.g=ܮ1Ml`ްı(̇DLTF c~vf_Xa`z͎a7%7J{_BT5dQ/46 xD҇eg5:I(gКpi< `[|֤^sC0 _d?nh C N{]R9v/0K~),- ;#Z6~/T{ J|D Dr_1vz_?omeRf5VN2( 3J7RD'ZAzUzi?jW%'݊-T݅7D80sN,S'%5jRXzvTᙹKB+6GO7gT[qE}l-å4푽`!HpXFRQ]6y,XypV|dŭ@{|^% 5["#B塍oko(1_eS s7Ŝj={}B^IbB_lZWk`;: ' ƇX*gCi:JЏ;%N6ƨkx/xW,yzg(x@)NVv$ɏĒrd(K~.v:)1&߇T@?G>½-p&Џ->;EF*7y{ tN'K̀cbw(z&'чúlvU!9U7g:y"frl5/Px6Au>j]IN4% 7cx~*2ѺZ9`^Sp1{BaTf+4XYFoyzg"H>„+Pԣ,M 31;[逧=wD#35I1cX#Jyp+'iQx#:u]I6.ɾ@uu- m5^`fX0g j9r\ @ wwQnpW ُtT7lf Ps /0pg7(7jH {lA?(Ki mjOœm]˄Fr\^A$Tpf~af2Lpq(l9,kE']t$Hgܳ!NwXeBNj)?;J괦x^U0ٴ4bš IR>C׌PAlؓW0=aACqdVӴ Ckf ?YϣN`͛n}ݮ,%h"\,u͍d9899SW+&_ (U`!㦿iC$|I,h0 cJL9n]n| d)tنh9%?K2NL`E($"HnOj916A!j %P??# FBZf>3}LӹZxY$3=M#F/H/P!c(x1.\[bHy Wو,vօ*6v||1(Ef+t,5ll4kX41CGY&8/PU")Z|ZLG3>ٗKI ό=\;l@E%u2F3[cw4:Rl*FPi0KgiH#]gȸgOha+rƼX zZRкŵtIސfL+9, TwyX)(2J"ڵ a2JP{'p?grdGJ;;mU6ZYg%;0O!% |>[`du+OWf^ R,jpvm"䥴Y AaԔTB/.8-t*dRLU[+!<1z1%<\oQ7 ڔϽ@( MOLr"|޽ۙDmY`RN\9bMWڳgP t!ѿ'EGQ䚮L|fY`'i0I!k!Ч*g . w z]Q{t#)P:)f$kLf#8/]+2DxEvGj7LA@Ka9Sx5C̔ cWe kvˡ)aj.Z 56XWܴ㻱mq<5-]Cl ۘE<7k>R|:-Q61XMnA(D[+@T"'گPL,%缦XHS񆾨>gLe;FG?K3MVtmDtHť9؊_`3InW3'`+ii(Xcէ7 ^D`+&ץxq@YX6w2N!KE}30f>h-;pI/q&6G -tZuObQ|9W0ڭ2R!_kkȪXv_E. & e7cLH쿍^{y ƞ(w~e V/ssʇj`Q#GQf6.+^݅ Vn X:C V>8˸1pYSu(*_Og4,i9D~吝=ǵr[ V識`#OvжȂ:5E= I[m93/ٳI&Q-|2l!# 0҉}+ӧBPO>=pv \a%"+#<vQvO$,q@d|òS|/m`jnb_ȳ$F]iF,@|r ".O\Q[?9$vjy  lo|o˟f-}626)7}X~1 cީAZVG#\L= %Xz&1a˂j!_|nd_rQ+k7+pfdukE^OURR \8(U،́iڹ_.3lOmJDbΛ> 0$A&Pg[f[h+ļ:m75LGW04tvl 抄MjCx%{E>V h7 x()6HChhoJB;tں>(C/#Hl@zeG 5u1Ȇ}>п3G쾪j`Q#/r \;9%آvןni|(ymC-\~*'g5WqC ⧸dؕ#;:X-|WGʙ2cfl`r:pg,{~7w#& 8nYypobD97y%Ti+Ug!TOՈ>Pc;M=R.7߂h= y#_7;JKϖ50-IA]T~ATGE]UK˛*n0#*W@wv}J5:}0U|J袖&| &3Qe8HPW֐dKSgoTY(&2KjS f⮡~ēD,pXQf.r%/؃TUb۰*傍6MXXTxf%K4A[g  4YĈ7K9B+1%7sF?NbT?(ֻ}\򳢰J #fFP'XϚ|LYE"hf{_X)t'8J aJH@cfM0- OW`YT ! JltEAAeNp SJN?,<_v.MoU@ SW-$&h3tQF[?ԌXH NޮFbLý ̒ԙL̓Y׋ԯnHQ$K. 8(Z|a IN;'-e%:#tڱ&n5T"rw5c}na (rP@+Ks#֖Z6Q{jkOUejr7|.BS34eAB]/|hM꣰CpU<檼{"h6)K\Xvцxq8 Sd⥖}Gw,0l +ID(5&%忒TtTc{tT<# Kȍ +D?P[Sp<2 # 6|_?$wnB& oXP1NeRjum;`t#c{?& } h E!1ViʆJPc%D,]mq1ʭ6:|HVn>dUu:vςãw@+%TnZ8uזҏƀ]Q3BPeM;O;-U2r~FcI.&,X58Pb#KW$8JV SJD)TB4,\n&.IP=46$ %ςnL-'#0Aki,~Bk]|M^)©k  V~I?n$Q5󸯖ȇȲ 48Ii>P6,gcÈ$.?$oA\o*IS׬n0K]Vvr%-n=7\ P4v_93B?(:LtJ2ASi TZawZ:ac(1;ZCGyEsƓLe9Q쁄0`a10ə$)k]_{[V{B,{~rۖ PVZe4hQ)>At.u 8.+N]X zJ.6U5Ò=PǢy9Nbs秐0Sy|ʂw"dO2Ϩ1M}/ -~nMC\}"H=V`3P|FsQB'WDԬx]1c$V@ﮉ}_mȊ *5@<(;N"¤钷BW_'Q6ocJѲ&:t$9xF9H\mUjlORqrF3tm6FLJʊQ&I)5aۖR0kg$PJ^Ipiӹdê9 eմ>t()WŌDϺ2F˾BC.[$nMVk'ɂb{z&nv^SjEB-|-ɌNT^cY,$_(,m;ӿKa]!|M"ijL,4 V"(8EzX_貮ǟV\XH"n$5I댲251m9g&y[on- cKIMb-Z LF=dlniM1_n8 U?z{t_JͽЛ7.5(MooS+rF1cm[؁ք'<*\Y[ۼ;jD_zw|ҰO/ESsIE֭YE#n^؅ p|8:`CiUn b"^зKr KDgΏH3T !* nu{ A VQ11tTQ4Jp /&f NJB7=k)LI>\B V=fm _1'Mڼ#A4't>㗔qJ\f6BISO"Ldc~4HEs90O%b g\*RsQq43bxx_ (^BA@u C&P űپuˤ*p'7i!_ 3M),u[ P{SLPjv16h( {C7`D~{&6 xվK6:u=rC$ Ӕ+i;?951G{Lb 7CFl[,}T/(-3h)O_4##b`T%De(\GqJL/YM|\ (vNӊ;g֍P1BDȭna.ܢ^apHK_&CŽR-"=4댰ǰM)ҫw`ڼlD, X}Һ8pe^`6WEӉzu*:4Xmh30Yȣ]%&"NXI2[X*5eV25h~0_]li5;>lLptLJR<=>Hٸ N gTn[ 2 K&\Rǫ }r%{84mF?"tU'XEW&4;WxuPWQv#RMc26um\9ů͂+[A5YZԊqD]Du'ըF]NX&Rؗo^jjHWU*‹.Q:;ގ776ת,Q0;A\V"@.d)tf`J/@]nmD}p;LҝnOElyQvvPnB &WRbcϪY}-ر%{*2CP$9n"CYba z[|Hrw^u}XZB]?,%ؽR=2ԙ:k(Ϸ7LEmܪ`vIPȭɡ}U2ށ8# Ɠ?݉+$þMY LLЅZ!W`Ԟ&]B7F~#-5aAY6CD I3}HPebG2d77\iF<`y[dGG-j4'uJr%1 O~S>5jNJgy/;w,:)j3zPfJ Խ,z~m%[6tKT -4Oq/;5mɴ;QNo,ر<"a)Yv|E-]&!}_VI.2`Gnkgۢfg^[bgO֜Zurz{zjaxNṳH N~wƙMgAx‚yf?cffBwp*#k~m)UoZ ڲK;ON:ǘ_!AFޣX.w' klDpBUwQgt†Ec}_ȋ\AB\bF7}FV~0ٷ.A?=8GD^/vL]L0$wxw2{wo:B!Fv=Lh?>{\LNg㮗C-zPׅT .zFh-@#6Bx=i1qXcx3ÃAEFw':xJ#//s8VЧ=zY$e_~o5y0̵+]bl騻 ?}lp7SfpԬHb ? X -wb2)YuЅTU50G^~;nP11 .݂c|hw&ľO聋ޠ4!^ Urx hڹ0PE˹1Xں T-N F xf)Ҧ[lbK&lڠHjo5<61Ffi0:Yؠ+u(#RЁ6 {!9Ɲ GځB qA 4۴Xӎ⯕NZQ+ѱtˆ,v8v =$`Wp1N,6X,elxvbdW r`gQGmbth$"[6 "60g@i[>cF< DrHɿ6eF@:ta7rߓ+* S1 N=.%0Zxu*h}+@+ RXWA9j$g_-xQXJ0fh\Jz15_.jxk0p*fOfr)* xE^wr2 (2*i&}v&t- ruGAIPLMx2x `\V$"P*%P {"7¯^r,[ةrfnB?#Іov141-ZW;pY4fY-wM!ߩh'7dJҜ'n_d<5bCMew)fەI쑩=hKd2\ё>vn*1)[Q}ܖ/ua;I#| %JL/ܕCWˆ^[eMZWq־aǓnug"xYtzB}{9wlL6d[Q!pbn|G$['{`Sw.^`?Ny!:#讄n3øŻ|Pf!m+~5`HTcn + ~Yg$MumԆ!!vuO F;G;D :6ea֙*")v>NUG]>i'L4#$SeM5]&$şؽDž7}"T4QΦyީb#ᬁhjn>3C%f|?~,c+Tdi/UY~@W"֥Ù!`"̽]eߤ7}%f!:$08d u[EQ>|eҀ|Y[l\ ֥;B1G],$ !.Eks$o%n@'-rJN΍}L{**~~ElO KFxBW>I,0.:Q)N}/T7NsR#DLkd#kUb o2*'E+ w2CsYZٳv\ ptlHc(Gх[M%T(7,*~Țb^x{ :Ae G&cƁVy=neڜuIUs`X:)<#e`srALsBfa^G@[_ =}}! p,v3!t*ۓ}[0= )X1kI`d7h4{{~tpxS"P tf`x{%Y%JUY V=A%?>> (¾!k:YI5ߡrnÆmPO6J[ 8+i-g!п3n),KI)TMY a'b I ޴@Ϗb?y%sʠl8y*= QsYi'ߥ %^^ 6:5@ss0S7L@y~wgL&lmsv@w&RmNr1ynjx0v{!Ug XK{S_{Vl*besOnI)f_ cFX(X?kq|[C=zG0tѮ9삀B_Y94A#@f̵TS/*H [#|tY!)yX-^*mi3Pbq{!*c&EJ#Vp,109!#n2d=WۮًUGKȑ+)gCMl;bL>Xjrˉ}b`ZώR|B*k}jHX2 rڪ[q =]PWVJe^ݳ809wcn9>1s}TWຳ=;rF7C.Ur~iU`*D"@i S(o/Lf͞c![qj& a;*Cq懘K%iƱa3³&|li)Ai˖d07g98֔7Am̿Y>@A5yf1A$SR>py%֓nK! J,(!C::_brQ1_l+>"dS*F+= }jO q8' )]kU)bj4ȬMzXeʁNz`J)?51P؄Ά rSrܡ&/{ħ7gM"v jf﬈ͷ# _8"pQQXr|H`$qړӗDhjλSxX;JC|dLлT9ftTXċ Q-r+'%.ܰ|Apx2Gcdc:2ʗ~(&);Y39  @ bA 9df&8` $:.֔Xl\@l\̅8x3v]cyHFj8>=Хl=&r͂3m4c1/"gb#WʓC Bp'pB25[hF l Wk`%Ti % M%3K?"ӕi ~E&xoKiD7!y,)ٮ?nj1)jqhf0KB( .MC$p`xg*BnYꚍ|kx b>On@NH-f8KR:vegnګ ƫt_,Do1'KC,n)̋r[d=˥4eYQj,v[և^;xߎ;VS Qngov 3\[Ȍ=ßh^I y)n/@[3E}4>|츉.ZR4\tNb{?;>jwT7 |;>ou/:^|=s.qs؊?v.ޟ}BoH_;G?Q>9qo?vN?!ҁqu^ Iu9-Skoh![nMg.F5vۇ ƭ]7IOpҰqQw:>E7Giއ6E8>mëv!L}tykۅN؅u )[@.@)0F띣K^*!SǞ~y<*Oa{C*?G5ylr\4m bG{B46Q~HH:u<dz4>Q</3x|O<{:y$(%cNGC@yA@ydSAydRPP~ qWxތ/wNw'Aa8+}avׇnhP u &ىiF§y͛u,$dUyzpQx_j˿ݡ_Y/)pCxɠNa.U={UhPr1&nn6~p@/ 1d;j8-k8Pk⪃=ƍ2L2'j8FlirK*n?p&Ӿ0XqvѬ{_/Q 񫉓7j ?~|p1?4_&wCg?|+)}hz+:h4ʒG,Kջx8 Gtܶtz{}% gN]rmY?8fvBRGTf[L{׼|r}12k_@Q1r*9k@XwiTR[~ Jqw/\N&E}9^7{BoUΫ 0=}l Jt:%WV~KFsc ^_6PcB:C6387"(b6#h6=nFs@+v{R֩(ϼ/v*dl!w[tɔl R)2j +?Ղf3_.($<*tL/>ChGN;|tnu|>5Nh@{@&:jAJUUכk=V{4ߡ$#]ܤָV}ui3]~_;]4^ݿ/>[}Ũxc|2W2:;jwܛ:bѨ~\N5g_\8H㟻/zc#n[xt't6O<9_ o^U{^:ص)(+Aܔ:λvwuqsxMGh줽r"C>6؀UYdAqJ'u0`dr=kT. ?{G8ZoU:&]-)2:ʟ2"g%T甁P0ao~'Ϟ M'EcsƱi[GHDK}_Q罍B4ՎΩa")u=:>4=/^|sw>$k\dq'5@4=hd0{vuq=~䁉ljϩ渧Y4tW_?rkMy'6 Uxw0_$9?w^93yB;F?f)*9bݎ$w WD''׻{?]$ΏSYaѿ_j𯟙KT:~Xl"u>ΥIҜ>LDuIJ-9s7Vj75f*u}AU\rGJC)yJ˺"4"kUr:,PQɫo]+ l^OI!mL16j7-0)9uwOrڑzM,(leN,VLEάnvJn|}_fobf~V AJۺ_j-PkZ4!Y\~L{FïxQ05AYIm\F` ,\8wVuޖV+ Ã? fNTBAFeqz4U4x]Q t2z+^??qCvuHݠg6aH:nFZ޻Wd):uL48F6?~_lqF֐z2_\,Wq _#rԏh55>R"2`)l"֗D)jV7ZyP(4 |zׄq<1 HoUp07'$ﶮMU=M{ 7d}co A)u-=PS:jel=d1K;/I+><1?] ΀Ƣ!г(N,R_xmaHE5~"c c j$v[ˀ}5MЕ&"eQC9^0l:rLl: \Oy7q6XR㈥%޸,iI.Jc}D%,MSh'It؁eBR4eq>bS+0[Ckٹ'vg"=_W@3?A,pv@D8AEq8\Zdnw 4r~0 {:H[= Ǒ,G=":\B71r{hqvfj6B;$| ZJuOwu S[.1Q.heN:$C^ra:mTn!pbvSN9Fw>=>Lvf 3Pg\ K cmXɍIqyER3rX\BKR4KH.cCٱuY?;px-* :͂ȍGsQubud)\Fh s".Z@HhfYtm`i 3Zv:tz w%@r,'H6xGRP{V"uO7Vg 0UӃq&Elؤ]Z)ϛy3ܡXB嬆)SYwa? T f|l>y 70~Ϯ鹅ɽ ]_G֛'380/q`-$aEs> gr z߮6>Sk^{)yI["5H`B#բp,ApFK(89( vκ -ƠK:ʡgP O*]IVʨُ;g$/TTD\:uVhi5mSMbH1u/;'=5J 2kŕ}-Ոŕ|%Rc6b!uU&^T_D\-vɕD6.eaQ8*boCTMv FN'J ##6j̰ig"rsV/0Qo&W7?07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!MXG' {hݣ@?h[٬Or H YZ