í«îÛ    krb5-1.16.3-lp151.2.15.1                                                            Ž­è         <   >     ,     è            ê          ì          Î˜‰ _»š‚¸‹/Ô=½Â„˜Œ ¥J›<ÒGkÇˆ_í•3¥g]ÌÝ ž£ªÈ2ò:µ¤*kš¸ÅeÃÎåÏ$Ç$oµ+T_FçgPr»ªã8}˜"û‰‘‹†¥‚H9T±†›p¬h“pèÝËŽj»rîýÇÔ¦¯SéöfŽ8
ÅßÌùŽ!ÆB<û‹ÐæRr’bW€žÞ|Ï/¬úuD;Ï)ïŸ?Õ<Æ­– n,ûfk£p“»ïž¦&zÏJöÖÔ*V7‚5û›žZ®Ï†ËÂ™9O¨—$ªC?ÞO*u§C5v)M™ê\¯MBE}‘ˆo` ~ñ|,ÿM÷©Lœ}Ëüˆ)ƒ…ˆRÈ¸f™   >   ÿÿÿÀ       Ž­è       F  L   ?     <      d            è           é           ê           ì   	        í   	   8     î      à     ï      ä     ñ      ô     ò      ø     ó          ö          ÷          ø   	  1     ü     R     ý     t     þ     z          „   #          #  	     V   #  
     œ   #       (   #       K   #       (   #       ´   #       	c   #       
          
4   #       
À          `   $       ð   $       ë   $       <          @          J     (     K     8     T   /  9        /  :     ¿   /  >     m´     @     mÃ     B     mÒ     F     mñ     G     n   #  H     n˜   #  I     o$   #  X     oL     Y     oÄ     Z     p     [     p      \     p$   #  ]     p°   #  ^     rŠ     b     s{     c     t$     d     t¸     e     t½     f     tÀ     l     tÂ     u     tØ   #  v     ud     w     {ì   #  x     |x   #  y     }   v  z     ~Ü     “     ~ì     Æ     ~ð     ä     ~ö     å     8   C krb5 1.16.3 lp151.2.15.1 MIT Kerberos5 implementation Kerberos V5 is a trusted-third-party network authentication system,
which can improve network security by eliminating the insecure
practice of clear text passwords.    _»š‚obs-power8-03    .€openSUSE Leap 15.1 openSUSE MIT http://bugs.opensuse.org Productivity/Networking/Security https://web.mit.edu/kerberos/www/ linux ppc64le     !      z  n                         
        ø    ˜        @    à        	€    ,h    €      F 
£  q    ¤Aí¤¤AíAíAíAíAíAíí¡ÿ¡ÿí¡ÿí¡ÿí¡ÿí¡ÿí¡ÿí¡ÿí¡ÿí¡ÿíAí¤¤¤AÀ                                                                      _»šv_»šv_»šv_»šv_»šs_»šs_»šx_»šs_»šx_»šx_»šx_»št_»št_»šx_»št_»šx_»št_»šx_»št_»šx_»št_»šx_»št_»šx_»št_»šx_»št_»šx_»šs_»šx_»šv_»šv_»šv_»šv_»šs9af94162e38c9d977936d977f23f9acc704e08062e84b23a56547ecc2b892b6a  680a6555e3034646f026e9c4fcc63cee0fde9d1c7228aaaeef3ff1c625fc0015 babf1d06ea3a76e3b9909faa00e4a0a5c4f0e82447efa6abb3815273d79362a8       68ec7b6e995ef8395cca1f7ffeef92c1daaf773763493e8db29f8df6f2f21cff   fbd136194e25219c72e4192efab901c3f9a336c85ebba5564f5e7839b61868b7  06fa5f6307ef1ec68404d81edbe3ba302d1d90228930c1db7615fdbff027f207  8bfa0ccc0d8c477cb34e67806fa50a3070305dd53fbf223ee796de04032416c2  a1a3f4e5537985ecd80f6301874cc85a7b0b3f5b0cdceb2522b3598e82180fad  9f72a817efd5282aadb8fe8c738da59535a4ab5c8165f960ae63e491fd80e423  e7f3c4f3f1b719dfe364d9687c7980b56dea6da76dbf01b1464d2c5f76617519  9b34c4b711d166fcf68656fb4d787bc245aa263c09d2cd40e5ee5a0f9097c7c2  f9fa9b01f2ae2522926e15583583e6125c19f103b8dd7cd6b1cb460935885818  31546f34fc6fb625891ebacc934891326fc159901bd873b0936fa4cd75fc76f4  bb81980f7745d236d73bb7786057eefae48af31deffdb5f678a4c3147fa88c2f 9330eaaa794cdf3f814ab40d109288ea97927fa3eb6abe772ab74f103dd2db46 482c44fc8f43c1cd7bd5cf58675bbff7b1f7171f24945b2fdbb4335fc55c890c             libgssapi_krb5.so.2.2 libgssapi_krb5.so.2.2  libgssrpc.so.4.2  libk5crypto.so.3.1  libkadm5clnt_mit.so.11.0  libkadm5srv_mit.so.11.0  libkdb5.so.9.0  libkrad.so.0.0  libkrb5.so.3.3  libkrb5support.so.0.1                                                                                                                                               root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root krb5-1.16.3-lp151.2.15.1.src.rpm  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿconfig(krb5) krb5 krb5(ppc-64) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(HIDDEN)(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libgssrpc.so.4()(64bit) libgssrpc.so.4(HIDDEN)(64bit) libgssrpc.so.4(gssrpc_4_MIT)(64bit) libk5crypto.so.3()(64bit) libk5crypto.so.3(HIDDEN)(64bit) libk5crypto.so.3(k5crypto_3_MIT)(64bit) libkadm5clnt_mit.so.11()(64bit) libkadm5clnt_mit.so.11(HIDDEN)(64bit) libkadm5clnt_mit.so.11(kadm5clnt_mit_11_MIT)(64bit) libkadm5srv_mit.so.11()(64bit) libkadm5srv_mit.so.11(HIDDEN)(64bit) libkadm5srv_mit.so.11(kadm5srv_mit_11_MIT)(64bit) libkdb5.so.9()(64bit) libkdb5.so.9(HIDDEN)(64bit) libkdb5.so.9(kdb5_9_MIT)(64bit) libkrad.so.0()(64bit) libkrad.so.0(HIDDEN)(64bit) libkrad.so.0(krad_0_MIT)(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(HIDDEN)(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libkrb5support.so.0()(64bit) libkrb5support.so.0(HIDDEN)(64bit) libkrb5support.so.0(krb5support_0_MIT)(64bit)              @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
  
/sbin/ldconfig /sbin/ldconfig config(krb5) libc.so.6()(64bit) libc.so.6(GLIBC_2.17)(64bit) libcom_err.so.2()(64bit) libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.17)(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libgssrpc.so.4()(64bit) libgssrpc.so.4(gssrpc_4_MIT)(64bit) libk5crypto.so.3()(64bit) libk5crypto.so.3(k5crypto_3_MIT)(64bit) libkdb5.so.9()(64bit) libkdb5.so.9(kdb5_9_MIT)(64bit) libkeyutils.so.1()(64bit) libkeyutils.so.1(KEYUTILS_0.3)(64bit) libkeyutils.so.1(KEYUTILS_1.0)(64bit) libkeyutils.so.1(KEYUTILS_1.5)(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libkrb5support.so.0()(64bit) libkrb5support.so.0(krb5support_0_MIT)(64bit) libresolv.so.2()(64bit) libresolv.so.2(GLIBC_2.17)(64bit) libselinux.so.1()(64bit) libssl.so.1.1()(64bit) libssl.so.1.1(OPENSSL_1_1_0)(64bit) libverto.so.1()(64bit) rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz)   1.16.3-lp151.2.15.1                              3.0.4-1 4.6.0-1 4.0-1 5.2-1       krb5-mini  4.14.1   _©/@_ÁÀ^Þ(@]H@\Ñs@\Q‘À[¼˜@['žÀZìK@ZàmÀZ¸@Z NÀYÒ*@YÈïÀY–ÖÀYœ@Y6™@Xæ-ÀXÁCÀXÁCÀXº¬@X‹6@X€ª@XB³ÀX)§@W’
ÀWw¬ÀWu	ÀW1Í@W!û@VþbÀVò…@V¼wÀV°š@V“™@VfÆ@VetÀVAÜ@V0¸ÀUlI@Ug@Ue±ÀU_@UQë@U8ÞÀTä~ÀT«Î@Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> Samuel Cabrero <scabrero@suse.de> James McDonough <jmcdonough@suse.com> mcepl@suse.com michael@stroeder.com luizluca@gmail.com rbrown@suse.com hguo@suse.com jengelh@inai.de michael@stroeder.com hguo@suse.com hguo@suse.com hguo@suse.com kukuk@suse.de michael@stroeder.com meissner@suse.com michael@stroeder.com bwiedemann@suse.com asn@cryptomilk.org michael@stroeder.com christof.hanke@rzg.mpg.de michael@stroeder.com idonmez@suse.com fcrozat@suse.com hguo@suse.com michael@stroeder.com hguo@suse.com hguo@suse.com hguo@suse.com hguo@suse.com idonmez@suse.com michael@stroeder.com michael@stroeder.com hguo@suse.com hguo@suse.com hguo@suse.com dimstar@opensuse.org dimstar@opensuse.org meissner@suse.com michael@stroeder.com hguo@suse.com michael@stroeder.com mlin@suse.com - Add recursion limit for ASN.1 indefinite lengths; (CVE-2020-28196);
  (bsc#1178512);
- Added patches:
  * 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch - Fix prefix reported by krb5-config, libraries and headers are not
  installed under /usr/lib/mit prefix. (bsc#1174079) - Update logrotate script, call systemd to reload the services
  instead of init-scripts. (boo#1169357) - Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947);
  (bsc#1144047); - Move LDAP schema files from /usr/share/doc/packages/krb5 to
  /usr/share/kerberos/ldap; (bsc#1134217); - Upgrade to 1.16.3
  * Fix a regression in the MEMORY credential cache type which could cause
    client programs to crash.
  * MEMORY credential caches will not be listed in the global collection,
    with the exception of the default credential cache if it is of type MEMORY.
  * Remove an incorrect assertion in the KDC which could be used to cause
    a crash [CVE-2018-20217].
  * Fix bugs with concurrent use of MEMORY ccache handles.
  * Fix a KDC crash when falling back between multiple OTP tokens configured
    for a principal entry.
  * Fix memory bugs when gss_add_cred() is used to create a new credential,
    and fix a bug where it ignores the desired_name.
  * Fix the behavior of gss_inquire_cred_by_mech() when the credential does
    not contain an element of the requested mechanism.
  * Make cross-realm S4U2Self requests work on the client when no
    default_realm is configured.
  * Add a kerberos(7) man page containing documentation of the environment
    variables that affect Kerberos programs.
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
  by transactional updates; (bsc#1100126);
- Rename patches:
  * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
  * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
  * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
  * krb5-1.6.3-gssapi_improve_errormessages.dif to
    0004-krb5-1.6.3-gssapi_improve_errormessages.patch
  * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
  * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
  * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
  * krb5-1.12-selinux-label.patch =>  0008-krb5-1.12-selinux-label.patch
  * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch - Upgrade to 1.16.1
  * kdc client cert matching on client principal entry
  * Allow ktutil addent command to ignore key version and use
    non-default salt string.
  * add kpropd pidfile support
  * enable "encrypted_challenge_indicator" realm option on tickets
    obtained using FAST encrypted challenge pre-authentication.
  * dates through 2106 accepted
  * KDC support for trivially renewable tickets
  * stop caching referral and alternate cross-realm TGTs to prevent
    duplicate credential cache entries - BSC#1021402 move %{_libdir}/krb5/plugins/tls/k5tls.so to krb5 package
  so it is avaiable for krb5-client as well. - Upgrade to 1.15.3
  * Fix flaws in LDAP DN checking, including a null dereference KDC
    crash which could be triggered by kadmin clients with administrative
    privileges [CVE-2018-5729, CVE-2018-5730].
  * Fix a KDC PKINIT memory leak.
  * Fix a small KDC memory leak on transited or authdata errors when
    processing TGS requests.
  * Fix a null dereference when the KDC sends a large TGS reply.
  * Fix "kdestroy -A" with the KCM credential cache type.
  * Fix the handling of capaths "." values.
  * Fix handling of repeated subsection specifications in profile files
    (such as when multiple included files specify relations in the same
    subsection). - Added support for /etc/krb5.conf.d/ for configuration snippets - Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468) - Remove build dependency doxygen, python-Cheetah, python-Sphinx,
  python-libxml2, python-lxml, most of which are python 2 programs.
  Consequently remove -doc subpackage. Users are encouraged to use
  online documentation. (bsc#1066461) - Update package descriptions. - Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of
  LDAP service. (bsc#903543) - There is no change made about the package itself, this is only
  copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
  CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
  CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
  to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
  CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
  name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
  CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326)
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
  from \cite - Remove wrong PreRequires from krb5 - use HTTPS project and source URLs - use source urls.
- krb5.keyring: Added Greg Hudson - removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch
- Upgrade to 1.15.1
  * Allow KDB modules to determine how the e_data field of principal
    fields is freed
  * Fix udp_preference_limit when the KDC location is configured with
    SRV records
  * Fix KDC and kadmind startup on some IPv4-only systems
  * Fix the processing of PKINIT certificate matching rules which have
    two components and no explicit relation
  * Improve documentation - remove useless environment.pickle to make build-compare happy - Introduce patch
  krb5-1.15-fix_kdb_free_principal_e_data.patch
  to fix freeing of e_data in the kdb principal - Upgrade to 1.15
- obsoleted Patch7 (krb5-1.7-doublelog.patch) fixed in 1.12.2
- obsoleted patch to src/util/gss-kernel-lib/Makefile.in since
  file is not available in upstream source anymore
- obsoleted Patch15 (krb5-fix_interposer.patch) fixed in 1.15
- Upgrade from 1.14.4 to 1.15 - major changes:
  Administrator experience:
  * Add support to kadmin for remote extraction of current keys without
    changing them (requires a special kadmin permission that is excluded
    from the wildcard permission), with the exception of highly
    protected keys.
  * Add a lockdown_keys principal attribute to prevent retrieval of the
    principal's keys (old or new) via the kadmin protocol.  In newly
    created databases, this attribute is set on the krbtgt and kadmin
    principals.
  * Restore recursive dump capability for DB2 back end, so sites can
    more easily recover from database corruption resulting from power
    failure events.
  * Add DNS auto-discovery of KDC and kpasswd servers from URI records,
  in addition to SRV records.  URI records can convey TCP and UDP
  servers and master KDC status in a single DNS lookup, and can also
  point to HTTPS proxy servers.
  * Add support for password history to the LDAP back end.
  * Add support for principal renaming to the LDAP back end.
  * Use the getrandom system call on supported Linux kernels to avoid
    blocking problems when getting entropy from the operating system.
  * In the PKINIT client, use the correct DigestInfo encoding for PKCS
    [#1] signatures, so that some especially strict smart cards will work.
  Code quality:
  * Clean up numerous compilation warnings.
  * Remove various infrequently built modules, including some preauth
    modules that were not built by default.
  Developer experience:
  * Add support for building with OpenSSL 1.1.
  * Use SHA-256 instead of MD5 for (non-cryptographic) hashing of
    authenticators in the replay cache.  This helps sites that must
    build with FIPS 140 conformant libraries that lack MD5.
  Protocol evolution:
  * Add support for the AES-SHA2 enctypes, which allows sites to conform
    to Suite B crypto requirements.
- Upgrade from 1.14.3 to 1.14.4 - major changes:
  * Fix some rare btree data corruption bugs
  * Fix numerous minor memory leaks
  * Improve portability (Linux-ppc64el, FreeBSD)
  * Improve some error messages
  * Improve documentation - add pam configuration file required for ksu
  just use a copy of "su" one from Tumbleweed - Upgrade from 1.14.2 to 1.14.3:
  * Improve some error messages
  * Improve documentation
  * Allow a principal with nonexistent policy to bypass the minimum
    password lifetime check, consistent with other aspects of
    nonexistent policies
  * Fix a rare KDC denial of service vulnerability when anonymous client
    principals are restricted to obtaining TGTs only [CVE-2016-3120] - Remove comments breaking post scripts. - Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called. - Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111) - removed obsolete patches:
  * 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  * krb5-mechglue_inqure_attrs.patch
- Upgrade from 1.14.1 to 1.14.2:
  * Fix a moderate-severity vulnerability in the LDAP KDC back end that
    could be exploited by a privileged kadmin user [CVE-2016-3119]
  * Improve documentation
  * Fix some interactions with GSSAPI interposer mechanisms - Upgrade from 1.14 to 1.14.1:
  * Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch - Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942) - Remove krb5-mini pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file. - Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
  with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
  (bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
  with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
  (bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
  with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
  (bsc#963964) - Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch - Update to 1.14
- dropped krb5-kvno-230379.patch
- added krbdev.mit.edu-8301.patch fixing wrong function call
  Major changes in 1.14 (2015-11-20)
  Administrator experience:
  * Add a new kdb5_util tabdump command to provide reporting-friendly
  tabular dump formats (tab-separated or CSV) for the KDC database.
  Unlike the normal dump format, each output table has a fixed number
  of fields.  Some tables include human-readable forms of data that
  are opaque in ordinary dump files.  This format is also suitable for
  importing into relational databases for complex queries.
  * Add support to kadmin and kadmin.local for specifying a single
  command line following any global options, where the command
  arguments are split by the shell--for example, "kadmin getprinc
  principalname".  Commands issued this way do not prompt for
  confirmation or display warning messages, and exit with non-zero
  status if the operation fails.
  * Accept the same principal flag names in kadmin as we do for the
  default_principal_flags kdc.conf variable, and vice versa.  Also
  accept flag specifiers in the form that kadmin prints, as well as
  hexadecimal numbers.
  * Remove the triple-DES and RC4 encryption types from the default
  value of supported_enctypes, which determines the default key and
  salt types for new password-derived keys.  By default, keys will
  only created only for AES128 and AES256.  This mitigates some types
  of password guessing attacks.
  * Add support for directory names in the KRB5_CONFIG and
  KRB5_KDC_PROFILE environment variables.
  * Add support for authentication indicators, which are ticket
  annotations to indicate the strength of the initial authentication.
  Add support for the "require_auth" string attribute, which can be
  set on server principal entries to require an indicator when
  authenticating to the server.
  * Add support for key version numbers larger than 255 in keytab files,
  and for version numbers up to 65535 in KDC databases.
  * Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC
  during pre-authentication, corresponding to the client's most
  preferred encryption type.
  * Add support for server name identification (SNI) when proxying KDC
  requests over HTTPS.
  * Add support for the err_fmt profile parameter, which can be used to
  generate custom-formatted error messages.
  Code quality:
  * Fix memory aliasing issues in SPNEGO and IAKERB mechanisms that
  could cause server crashes. [CVE-2015-2695] [CVE-2015-2696]
  [CVE-2015-2698]
  * Fix build_principal memory bug that could cause a KDC
  crash. [CVE-2015-2697]
  Developer experience:
  * Change gss_acquire_cred_with_password() to acquire credentials into
  a private memory credential cache.  Applications can use
  gss_store_cred() to make the resulting credentials visible to other
  processes.
  * Change gss_acquire_cred() and SPNEGO not to acquire credentials for
  IAKERB or for non-standard variants of the krb5 mechanism OID unless
  explicitly requested.  (SPNEGO will still accept the Microsoft
  variant of the krb5 mechanism OID during negotiation.)
  * Change gss_accept_sec_context() not to accept tokens for IAKERB or
  for non-standard variants of the krb5 mechanism OID unless an
  acceptor credential is acquired for those mechanisms.
  * Change gss_acquire_cred() to immediately resolve credentials if the
  time_rec parameter is not NULL, so that a correct expiration time
  can be returned.  Normally credential resolution is delayed until
  the target name is known.
  * Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs,
  which can be used by plugin modules or applications to add prefixes
  to existing detailed error messages.
  * Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which
  implement the RFC 6113 PRF+ operation and key derivation using PRF+.
  * Add support for pre-authentication mechanisms which use multiple
  round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error
  code.  Add get_cookie() and set_cookie() callbacks to the kdcpreauth
  interface; these callbacks can be used to save marshalled state
  information in an encrypted cookie for the next request.
  * Add a client_key() callback to the kdcpreauth interface to retrieve
  the chosen client key, corresponding to the ETYPE-INFO2 entry sent
  by the KDC.
  * Add an add_auth_indicator() callback to the kdcpreauth interface,
  allowing pre-authentication modules to assert authentication
  indicators.
  * Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to
  suppress sending the confidentiality and integrity flags in GSS
  initiator tokens unless they are requested by the caller.  These
  flags control the negotiated SASL security layer for the Microsoft
  GSS-SPNEGO SASL mechanism.
  * Make the FILE credential cache implementation less prone to
  corruption issues in multi-threaded programs, especially on
  platforms with support for open file description locks.
  Performance:
  * On slave KDCs, poll the master KDC immediately after processing a
  full resync, and do not require two full resyncs after the master
  KDC's log file is reset.
  User experience:
  * Make gss_accept_sec_context() accept tickets near their expiration
  but within clock skew tolerances, rather than rejecting them
  immediately after the server's view of the ticket expiration time. - Update to 1.13.3
- removed patches for security fixes now in upstream source:
  0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch
  0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
  0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
  0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  Major changes in 1.13.3 (2015-12-04)
  This is a bug fix release.  The krb5-1.13 release series is in
  maintenance, and for new deployments, installers should prefer the
  krb5-1.14 release series or later.
  * Fix memory aliasing issues in SPNEGO and IAKERB mechanisms that
  could cause server crashes. [CVE-2015-2695] [CVE-2015-2696]
  [CVE-2015-2698]
  * Fix build_principal memory bug that could cause a KDC
  crash. [CVE-2015-2697]
  * Allow an iprop slave to receive full resyncs from KDCs running
  krb5-1.10 or earlier. - Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  to fix a memory corruption regression introduced by resolution of
  CVE-2015-2698. bsc#954204 - Make kadmin.local man page available without having to install krb5-client. bsc#948011
- Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch
  to fix build_principal memory bug [CVE-2015-2697] bsc#952190
- Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
  to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189
- Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
  to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Let server depend on libev (module of libverto). This was the
  preferred implementation before the seperation of libverto from krb. - Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically. - Unconditionally buildrequire libverto-devel: krb5-mini also
  depends on it. - pre_checkin.sh aligned changes between krb5/krb5-mini
- added krb5.keyring - update to krb5 1.13.2
- DES transition
  ==============
  The Data Encryption Standard (DES) is widely recognized as weak.  The
  krb5-1.7 release contains measures to encourage sites to migrate away
- From using single-DES cryptosystems.  Among these is a configuration
  variable that enables "weak" enctypes, which defaults to "false"
  beginning with krb5-1.8.
  Major changes in 1.13.2 (2015-05-08)
  This is a bug fix release.
  * Fix a minor vulnerability in krb5_read_message, which is primarily
  used in the BSD-derived kcmd suite of applications.  [CVE-2014-5355]
  * Fix a bypass of requires_preauth in KDCs that have PKINIT enabled.
  [CVE-2015-2694]
  * Fix some issues with the LDAP KDC database back end.
  * Fix an iteration-related memory leak in the DB2 KDC database back
  end.
  * Fix issues with some less-used kadm5.acl functionality.
  * Improve documentation. - Use externally built libverto - update to krb5 1.13.1
  Major changes in 1.13.1 (2015-02-11)
  This is a bug fix release.
  * Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354] [CVE-2014-5353]
  * Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423] - Update to krb5 1.13
  * Add support for accessing KDCs via an HTTPS proxy server using the
    MS-KKDCP protocol.
  * Add support for hierarchical incremental propagation, where slaves
    can act as intermediates between an upstream master and other downstream
    slaves.
  * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf
    files in addition to /etc/gss/mech.
  * Add support to the LDAP KDB module for binding to the LDAP server using
    SASL.
  * The KDC listens for TCP connections by default.
  * Fix a minor key disclosure vulnerability where using the "keepold" option
    to the kadmin randkey operation could return the old keys. [CVE-2014-5351]
  * Add client support for the Kerberos Cache Manager protocol. If the host
    is running a Heimdal kcm daemon, caches served by the daemon can be
    accessed with the KCM: cache type.
  * When built on OS X 10.7 and higher, use "KCM:" as the default cache type,
    unless overridden by command-line options or krb5-config values.
  * Add support for doing unlocked database dumps for the DB2 KDC back end,
    which would allow the KDC and kadmind to continue accessing the database
    during lengthy database dumps.
- Removed patches, useless or upstreamed
  * krb5-1.9-kprop-mktemp.patch
  * krb5-1.10-ksu-access.patch
  * krb5-1.12-doxygen.patch
  * bnc#897874-CVE-2014-5351.diff
  * krb5-1.13-work-around-replay-cache-creation-race.patch
  * krb5-1.10-kpasswd_tcp.patch
- Refreshed patches
  * krb5-1.12-pam.patch
  * krb5-1.12-selinux-label.patch
  * krb5-1.7-doublelog.patch /sbin/ldconfig /sbin/ldconfig krb5-plugin-preauth-pkinit-nss obs-power8-03 1606130306                                                                                                                                       	   
                                                                      !   "   #                                de en             €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   €   € 1.16.3-lp151.2.15.1 1.16.3-lp151.2.15.1 1.16.3-lp151.2.15.1                                                                                                                                             	   
krb5.conf krb5.conf.d krb5.csh krb5.sh krb5 plugins kdb libkrb5 preauth tls k5tls.so libgssapi_krb5.so libgssapi_krb5.so.2 libgssapi_krb5.so.2.2 libgssrpc.so.4 libgssrpc.so.4.2 libk5crypto.so.3 libk5crypto.so.3.1 libkadm5clnt_mit.so.11 libkadm5clnt_mit.so.11.0 libkadm5srv_mit.so.11 libkadm5srv_mit.so.11.0 libkdb5.so.9 libkdb5.so.9.0 libkrad.so.0 libkrad.so.0.0 libkrb5.so.3 libkrb5.so.3.3 libkrb5support.so.0 libkrb5support.so.0.1 krb5 README mit-krb5.mo mit-krb5.mo krb5 /etc/ /etc/profile.d/ /usr/lib64/ /usr/lib64/krb5/ /usr/lib64/krb5/plugins/ /usr/lib64/krb5/plugins/tls/ /usr/share/doc/packages/ /usr/share/doc/packages/krb5/ /usr/share/locale/de/LC_MESSAGES/ /usr/share/locale/en_US/LC_MESSAGES/ /var/log/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.opensuse.org/openSUSE:Maintenance:15050/openSUSE_Leap_15.1_Update_ports/28dfc46a38ad84cc57abc88cf401785b-krb5.openSUSE_Leap_15.1_Update drpm xz 5 ppc64le-suse-linux                                                                               	      
                           ASCII text directory ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=845b89c14a914712708c65d18e429b04f8253dde, stripped  ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=4f8a9bc3335375e2c893ef836594c33705143bb7, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=594dc11bf63831f32239ba752797ba22b87bf049, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=796c0b9f4b47811632cfa914a116ea88039999b4, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=f4ef63626ec032cdc19ce5f8162a5f08db1f1fb6, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=6643cc96180d9d65cb66995be155cf64abfede3b, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=9cbbecf4081b0fd6a2dd3d4c2c821a4eb79ceec4, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=4ecbf89d8d0e4f9f20f7921be21816ad39515bd7, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=dc3d6044889465264dec56c0b7a8f7d3b7ff492d, stripped ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=dbb1e423b54c9fbfc1c4166a64e970ed706ea170, stripped UTF-8 Unicode text                                                         
                     $       4       F       T       ^       n                                                               
                                                     
                                  R  R  R  R  R  R  R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  R  P  P  P  R  R  R  
R  P  P  
P  	R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  
R  R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  R  
R  R  R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  R  R  R  P  P  P  R  R  R  R  R  R  R  P  P  P  R  R  R  R  R  R  R  R  R  R  R  R  R  P  P  P  R  	R  R  R  R  UÖÏoÈuíUÄ0:¦   utf-8 333c7aae0b739aafbb7edeeedec70f230e3a07f3310f5991b0ba861e04d00d94        ?   ÿÿû    ý7zXZ  
áû¡ !   t/å£àeéJ] "ÌkÀ%n£yv^¯âtåâ2Uð÷oK¹êÛÏÚN¬MèÝÜ	sÍŒ7Úyhôû”zÄs²É©BDRCœ!ÅjcÇ†o‹íŒÚa¯Þï0·äXåºDzLÓAáÀÛ“*Àx,¡‡.^â	žåt"E¬Œæ\ÕAäû7®)`Kõ®ŠärëƒY–uóÅ?û%¹¹÷¥G¼¹Ž-RÙ±íÒb]GD–Ju¶Ž*Â¸Sú¢æ²ÄüÁèøYv¶½c¿AƒŸ³
ubðÆ6Vâ×BõÊ|³ÛbènÛ—ŽùÑËX¬çC‰³±¥hH¬¦Æ®¢½|ê©NêLöÿ8»à1íx©ÎŽŠðDoØ¡õ9’t-'Äê~Dp½\å»ý:>W7¡>ü¥u|¬ñÈk\­ÎSm ”“‚¾åió'[%Òæ4Dÿh¿)Ú…[y!Nö¡ýÂ‡k¹ÿß1«vÁ§ˆp¸èÑ‚üÇ‘Jñ¬«U|ûêþÏÍQ¬c†Ï†éùLnMb®¬×4ÄPó)…ÍÏÄ‡’=H$ùW·5USP‚bÎ9ï³G1‘¤¤nÛ‚]ðZÔD—8ªKÜHq€Ç™”¥u
)?¿ÜSp*îÜêüc_6¸³ñîQ~d‰»J×Í—ˆ¬ˆ=³˜O1Cë­”r |îÇxs:!]ÜQâKªÚæãV©gäÖÛûŽ”­Û¾qŠð’Ö`Ë,]ôÛ+OLSc£Ï2Ë¬ŽÜœ©›PàËd4zZüŒHˆ'¬æ7Iõú¹…%z}ÞvÑäýG~íô¤Ÿ]J£@rÙ¯”êÃ9~Øþz­ÙïW„í]W¼­¢À‚.9ãåüÛ•?&ÑÀ¾Úé_Øª:#ÇBónì£à=+ëm©YScµ™ähÛš R›(È52€Ô#
†pZ'~Ú¥[@0ôÞŠœ™¥MÙ²;NX×82~¤T§wu/Øp}Ñú,GyŒ-¼„Ó[–J]žu'ÍlÈ(&çûRPÈnC…~C"9£.ðÕ~êL¸Î4Ãëzïkø}ÊÎÎ$†Ê/…V˜¾
Ô?QùaÒÚo—pÇ4p¸Æ0’žP#ØÛŒBúäXe1;ïÊø„µ‰”Ì
³¹t ˆ4? åŽj'L÷û3ÎµƒYÜ?S‘y
½Ìh–0k‡ë¤•ÚÒrRDæ¨ÅiE¶¡Æ Ñ(Á–<xÐå£´;úƒiX£ÖÄy­§¨ÜÕ+E½	´/*‚êµO•E£1Lñ·™EW\×õÞ¼ŒÌtÚ)ÂìÿÖi# JÉ¯S¾Ó!Š,su\Š¼D=Ø£N±Îˆæ"$.ílÍt`DÆý0ïÞÂäïë#Ï Á³Ó£Ó8@#¨³VéB±r5TÇM%Gqò…ßƒÜ:œ«°ÌÐvâ¢aDnë;œÂÆY–<%¶w”‹ZDÛa¥×¿½OEÈ 8´Æu«tqÔ"}¢ýF=fºAóñO;Âg,@Z¨GÆ0n¨–\ßA”IÇ—±*ùð]U	²€.ˆT–"µÄ	µ\-0 ?k»ªSAƒJEC­n @OQr°}œão,þýçr
‚Œ3€­¢@WÁOþp[„â¹XP‡“…Òž¦=¨¸Ê¾–Ñ™A‹ú:Ö©ù¼‹¦)Ÿ84”pEðF÷Av
tÌQVh'¶âÄ‹¨×COÓåŸÉÚŒ·Ó4ËÛ­º æíl\”ïïä/¿6‘œ *øâ»
ŸËý ÝMSÝh;Mê«
K( £5°áê"—X‰˜1p†Óˆø$Ëd¡‰eŠÄmÚ#a÷Õ›`†ÿQ‘òãÌýY‚šUþ„guËÓôÂb‘àSLoèxnèæY•W	däÎ@Ä“º>{UT¯äñ&©œê´º¨CPŽ0ºl›<gÞÁÈáæÅI9]!¢_@U˜Spä“`T×Ôª[[¬´¶m ^3SU®ÝÇ›Á¾ôËK ?iœÊ5QréíØn“!™úWª>ÏîŸ»6ÀÕ)tºr}­QšÙv”»Í{æoÂKióŽ8M…Nq$;¢õ»†õ}SNÍXÂõ$# át<ÍÈ}ù§xãÊ%^Èrrì ‚‹)Mm¥D’ô„”oKQ“¶¬…pŒK@–(A®®¼>…N”óMy[õÖÏ"lî.˜9NhL$È°—=y¼6´Vo¾¼Šg‘K6ÌÃ|0:Œc¯uè1JRâÍo:D
Z’¡.K{ñËä¾2;RðÉt>É~Y×®èïÐ:;Î¬N,À(ìÅ$ì”Ã®QœáÀB†ƒh(
*[ŸŸZ6{a=óä$´F=~ì·ç“¶¨\“±†fp=PêoN;kQÙ‰å+=F=!r!†¤§ñ[ î€§Áv¹Ñn{Ûî8}œ¤wÈ²õ‚Î?éÑ¸‡ý_WÜTñX1ôã²U_]}üVâ…AÚ›á„DIr€%Î8ÝÆ/“¬ è+ŒïNëN)Ô“]óY[§+_cîá´{ž™¬÷ÁzmúUç#	B÷Èx\öTWÏAœÙxbð..{(˜ñ@‘>­…ùs(Zfl…±Ä°šiÌæüa+ÛŒÎ8Oü+’Öí¥ ­„±Î7tÝ”$ÓÂéÃZS~& `9¨Ë÷[…WïÞÚÀÒ¹9ìÓM~5Ã,á$¢n”o"¥£#ÉrâxÜyp½·…Ñ+ÎÍ÷¤öþKÄKX“”)Áš™øØ¼Š¤½(Ço ÝÈ	 þ±á”áÙp«âhh}¸{ÔnÌ£Û1f6Xt0ó‹Àð·!BÔ*«uhB ðùœE'æHëâ>œ±Æª[?³Qžû‚ÞÜ¹
Ð(<G êûOá²pyØ9 ßü»*e¨šQiKö+"³â[ÀQþ¦5ßÕ®AÞe’Ü¬£(ÇÅFÎÖµ‡;+¦*…í£¡ž3+Ýˆ¶·)«eRð{Û4ÔÅ™.Y~¦ãòIO’Ÿ½Ì,fž‚ü;¾qME1Ö÷yÒ1ßo‹êÉÑ|qÓ²ØE¨@¼ÓS(>ÈaÄkF«µš¬ÿ
>:
Äto£á;—ç,6@-‘†‘°MÖmFÜô›x¿¯Ñ8¥!YÝ±¼_!çƒ (|_G×`‡éýÃr[Æá˜rð¤&me/‡«¸6üép™:6,èáÿÇ¨ƒjÙ_Ø’-)ûÛ}×ö.y±À”ž¶×Î+hg[Ë—] C•°íÿ¿÷7UÿŽ?ÒYŸv¸¼ZŽÅa÷:‡XÏ×uÚ=‘Q;;L Sðsé…€Ê˜íL¼¦¿/À­fµNN–KAï¶)B<N	WHªòµf´G™A”ŽH/öšÐÛÊð"]º¹›x²,rft$ Q"ïå°Þe`ÀtÖ?//zºª¬[QãTæEzZ ;È~w'	Ï9¸:¢ýç`ò
gôszO´ó Å;§4zÎ6Â"´!ùÔnRg ¨Sµ‹5F‚5d®Ö$V¡5·©Ùe'."ãîËAØ{ç·„€ÿX«TùªOÆCJy_Ð_®+¡;:.5Ã¾©ÇÕ[ãï«'3•C	„NÎ¤Çù¤‰1çÄŸît—xPé{€Ö“ë‘ö¹Vá¶ï}-ßLîÄÍ÷¯ÿž2ã¶4öþHGN¡žC"{¡lXsÔ`E…ûsS/­­Ö¬ÄfåYæ"æ_”	ÈµÌñÎ}”¬5" u	{iMB-eE¨˜‚mÓ°ý¦ÖŒÕÂæþe>PõüôQ><	Èqwó”*HwÄ¨t
w¹’2jõ`¦ôiC¥ÄÞCc}®\*Ÿ³ÃU¥°GJ*½œZNiEq„¶ËÖf©$Í‚¹²,¢/ù¤ žúQGig®Eo9âÝk³`ì®@;#9ºÑÎ*» ªmLÿ}ëín^Ÿã¸h<ûQSIüZçõ´<N&&A
‡@µžCÁëªD˜Ç¤÷5~P§L”ÜQ`’ÝØú[£q>æ#sÖíÅÚº©©d›àxî.	_úâCÓVU¬¬–:\ÖøüÖê±·Ðoˆ{É7wSÏ@Cä’ PìB²BkÅ;·ûøì=øiÛpQŠ	ò˜ô]±”å‡Û:)NæT_dZ^ˆ&íòf±]\9À3…”þN†åøu_
¶‘Åçhû1ÙÞaN{Hç;³éáè“pUµ›4ß$Êß„œxo‡€™ÉˆŒ_3”•‚òÖ‰F×Ú›|‡Y&Ä¥ï¸îr5FÅã3‰°ò·ˆB
¦Ìows:#ÑÓ(MŒ©ÿ¹$*jãuòÔ®/‘÷ËÞòñ1†oªÚ™ù"óå¸cüÙ>n³ÀÊãÈõ×ÃÍ3ÕAO_Ôq,û+­`4ù|Ï-¼c5²ÂXËP‚ê›å‚a”FçîÛZðFÀ©‚2“20+äŒÒêåêdŒÏÎlI„”…^×Q¼ªò¿ÄÑP±Õßº›Ÿ~Go×zø¯~ûY8õGÚAfyy7QsÈESml€¾
ï£90¶;ÄÑªÌ¡rãû‘ÏTGugþÁ\iç»•#<­\Æó³&^Q'Î	Lõ8 ¼íú´õNÊŠŠ&Ë
¤pnŒ *…²åm¸àsVˆà@ Iþó…©þ6d~€­œ^äQAlqg½ëCÞ­¥ÛBë¿ð0448(A×<ÂÔ3i§‘Tû DrÇÙn»^íÇ…ÎÐ¬×«®ª1-U6¨ŒÈDÃ-˜ë*8]åIG~®:AH·^¬IÐxz—RXü$u€ßõtúBÔÅ–jâxsƒÊ>LƒCSé@Ô9+$Èm±ä@Þ§”ã]»…~ÉŠ”|´w£`ÑMëM`Bb*9|ËS	DÌ‚÷
îîñ8©‹ó÷e›Ñ”¹ö' ™ˆc5’hèŽ4Uqkï„mæéGz‡]zg+¥QÜVly>lÀ|tn «9_4£a¢øÎ= ßnÚßôùÖV»ÓXJqíSöÉÜP˜‹AÜNé~X0­6§¿‹Á&^(·ç‘½µ_Þ+/2…
¿qœa­r)ÐêbO6d5øÑô¾+‘V$ëÄûz	LÅÌû>%5êMÉR·O“£HÉ~sÁ¡–³v¦énØ=’J€M~$¼¾úE¬DŠ‚_XbŽ.êii¤:ø‡Y,_l‡?ç|•L‡˜¾pV»å´!ZIÌ«½ ‡§¾=iß@k/tÇ=ªó/,æ×˜bÙG¼ñnZZÍ‡a{*éëüÓähjSå)Ð"±®¹C»w·I™}s’éqxþ6„ùý¹ñ¦X65+Ø¿w”ßôl»(
H‰¼Ž dÛGÙŽGí–]VµÝÑ2šì;èŽìÌioÄÇ¦„Õù-&sÑ|ÊIMeþu6‹ŒË«ôI€Xƒ­ç
µšr*'šŠ—cä|—âC+6š—Òý‰ÝtØ¨›—ÒKÖ½¡³wò_w:QŽ#!iÄKŒ§5“Ð¬³ÒZîýT±£Ô¨ŽuÐ°‘[²»ó\H–®,a˜· æÿ3(dZÙ3t@+¿A.Ç2¥b)…°&$.”—†BŽ$ßØ AàËfš­g4çÀ¸Öz£¢&»N² ¡ä‰<R¡y	9	Íª÷¼£¼^*Ç(÷§ÈÔ¦•jHºéo®¸´ŸŽl^ý›Ü¥<ÏÝGcâÃÍ€ŽrA·–ÉE4Âyé7`Ú5Y°†C]º  u˜„@âg½@*?‘ID}U„–ðÄI³ÖØ;àóÉeDÍŠSÐùÿ?"sn=¦
–·H}¢š¤º0‹;úE-SLD/Ë¢ƒ€!å<ŠWÐïHQ¿¼ž—qËÁþ´È™“P´í •ŽK#ÁÆÿ]ÑÁ	å¦c“QMbÆ=(tO5·Ÿ|X9 ¼Ô:˜Ÿ”cgV4Å
7=/"‚“¹5ˆ–û‰dm½˜-¡DÇ"¹ÿÙìûGP¬[èÐV¥ä]¸ªœ4@ðaŠ{l,Ç3¤4aG‹B'ÀJÙÝ„EEŸŠeøjdâ y+;¡	}VõióÂ©{ýù3=õ)¸Yú›kód,AUºü¸ˆ:o¬ïYròªœÝÐD1ª
âåçÎ¶àd&U¦GOkrß“/u*ÍW4YèÂ°ƒj1ž}»ÅîQm…è;Oþ‘ˆî`4«v°/u9"À¡‹§÷ñ!ã™ðs
º˜úk\.£Vá<ï‚ ù·ÑÅu¹ùÙÊQ¨Œ¤é.äev;êÐ~$¥áDÃñµS±ÉCi,‡Ç®SOOiœxÕ·>U¥Ž6Îì%÷/£©ƒ@°»™m÷g¯ã)JÅùÉ×ÇwÉÀÓpa'P6K'­ÖSŽ:£yã1ìïŠð9É:T ­‘žz“èxJ;ø\)I8TúæŸ*ºü]‡tÒ0¬Ë»î<™¤à´JÍk­±HV¼‚Ìu'PŸ˜•=ˆ5jÅr]½md379Ò’Ýÿ£°5cÒ&…Ji¿g×ßþßÅ·ã¯Ñ_`6];þ¶Äu¦–^±M>÷Õˆü4%C;=â(zÿ-ÿnÐbs»Ö•üµáéFæ¡ –<½îÇ3¡¡:ò+vQÁ¢\'À½DàÁQ-›–•Ý¼ü?XèÂ|¼ää&x.S‡Åê\Ñ«(yîcÍ¯’z
[Ï¥*/¢c¿Ù˜îœó)ë
™<¤ïÅÚëˆtUî‹6À ÷ m/Aho©–„¸4åÙ§þ~uKW¹º÷¨y§+²k¤Ÿ~†ÝM¬B…ClL[ ò ¸ý½T¾¹”s/ºúèAmq¬y"ç¬
Xík­ó|œP­'¾÷öå«…”¾ß‹ÝØ“'äPBì.…‹¡fCI2w¨õ3^î]élàÔ-h°þZä¯¢[Ý¿%
Bú:G[·³4
ÍT}äcn?•Îý‹øA‘ºú_ôh›™1KÛ˜N‘))ßáh'æ*Õó	twŽic€èÑª¿åÊÖG¬‘Š“ïÛÛ×Z¹¼+epÏ[(ì¾‹”à'úÜB÷|5¯"î [Ó©_6’LëÌÜï¾[ÔéæˆTÜÂ±ä›TT˜™ü*µª¸Á· ¹eF8@úMU¦ŸÔÅ¡xœž‘J&õè/©§°¨w‡-£ü´lV…/°xAqëæú‡jë’:»üS³©=„²X‰_2R+ç¤dÛO6¨mURä{ØïãLÿqFÙ -ÜMæ²-HN±m!ùö÷ˆFÈ/(ÿY"æX‘<Å?æ¯-´íÙþN„eûlºÕ˜š^7ÍSŽ€å1Ì‹‚ŒGp@ðÜ\"¾á„}KÈ(Zy¶ð–þ¬sX¦®…¥;&ëkà@tðƒôÒërK¿«©q/Øc\´¬ïðPÔ]|‡±‡lÄÕõ/Ø.-jì’.gMEÐ<ß()dü=å`‰J•­žp6ªêÇ„s9&WU¬€º¼WºéOÂvêJ‚bqŠQnø¹Q¤*>‘†s;FU l&å'é¨)>oXåõ¡[%“9©
 ÆÒ1…ÕRÊ6ŒxCÂ­š‡ª¥nÀÉ*ªÌD|»,õÕ¬ýRÓÓ©«ì{wle6ì#PÝdîy”)Ì*¡ä4Šõ_´Õ±8`ô'TÞE¥¨Ds‡ÛŸÝÔÝ n\õN‹µ¶ãúCOtÉh–že0fºÿ÷2ÌÀ2Óë›€N	J´`J•CcÖ’jHÝÐÂ ï­J.ƒÒÚ¤l†¨;Sò£ÐxÄŠ€Çˆ[÷¼Ô*u†¯‹§g¼tòº5ÉXC"W9ËÜyŸ’¤/«Ö8‹?É÷€íY€Ÿ=09JOÖñµ1Ñý@7gK/è»ÜjšBÂbJ¿°A9
ÚI›±D ½„£ož©e 4×Ö1ob
9=X¾ Ð±„í­ËƒŠ÷C·AÿðÝâoñªNPBl—úT«’@
€6|Ñ°Ó€—¶gWÿ»›Š$IŒI/6­èüèúœ@Hvz§ý•]…Ò73oöÖN aÔT–pÌ³…ªÍ±?{à%	Ê•wUËK_âlãiQ=,)t„&Œ„m‰5POÐ´Ÿ²™/lñï!Ì6òûŸñ\}µÖQïYºwÚõòH²™í±)fwóÖ/eFªýß LØòßÌYì ykƒ±ý¼0Ô7\[=»ˆ”#—Æâ£_Àl‰[k±ok ½suY±%£žúþ¡l0uçDšs£UC	<Ÿ¥`‘Ü{Ý¸zêš<ø.YX?|A¶ø×	”i\–¥„ëŠËÕmF,uÿ¯ÆLhRp÷Hº˜§`R((›xn™“.°“!\|ÂÖÔ0.é‰—˜„-u›nÀTëÔ{6ÿ–ª«ºL©‹ÞÆ]T™8ë">¯4gHrY4lx3;9Ý•±Õ Nã`²Ú9(ž'Z¸hÓ^…ºH’bÕ‘‘—ó³8Ç‚[ä%;'>syò,&O’I» ¨©hZ#è1ìhª
©õ#ïªFœAô%¢½l²#=žÖFIZ/\˜>tË¿üôDFî–†
¢ñ‰ÏL€àÖôX7ÐuÎ!Æq‹’?6vÖŽk/‘>d(‚z¾x¬a<ïp»¦z»)\P"‡©¨»'[u&‡'jÖºT¯Š@æ(kóþÂeÃÅàcnEÇðÎüì´\SÑËÊEý¬Æ˜VáþHÖ]Í×ß4@]“…bø5Öo>hìÃë?Œ&ÞŸZ¬Åœ§î•Œô ö+œ¸‡²ÂÅå¸éV·—P<„óT~gÀ^Øœ=ùJBÒÐ Ý'¹!Â´ƒtz91Ãgÿ ‘:æC˜ùŒÅÖšðUÒßÑYx¦§#å!«;×ï¼HsQ¤×ý~Ù1$uÛ'è|˜j$7é.¨bGzuÍßˆCôH.ký"Þµ¾raµåði/ƒXµÜ8×Q6©µÆ7¨'ZþL¹öèÇîub5)Žã—ºÌ8=~WºÃÀ…3<2ÈfBi­2 pšÍóß—ª?>†38qUœCÅñ’¡ÿ4¦sLq”F÷>v‚p”_ìÑ•87“ƒ¹£¬Ð3°¬¼+"’(ê?v¶t¤ój“‹¯*ÑÁ@î¨Æ0mDLÅùaíˆoVMØO¶žŽ¼Ý_m0‹§>ÂvÀï‹ÚßÄ¢ƒë{Q±ºÅé1;l®‹ÄÊÖOvŒhy¦ïK,Y§LÜx‰Ø[é"½ÿ]Óóá¢V;ª7¨è6ªöLj·¼íõëMþ$ž•jƒ&âœ»¡â,“áu92ÌD}Q^¿úhVqß!àÿS„×Ò$3§	0:?Câg®XÉ ‚=‹AQLEËkCš(»…hò}oÅã>žà¸@”,ÏP`H4+:¾$\ÑÄy`–K)žº*¼8wUXZÅþ=ü§L‘ñ9:…’ŠÈ$HýrM«8þµ«JPl‡…”·™íp©VÄµ´†S²Þê—æŸÍ÷èÄv—ÎgÔ¥®·á…|ºK~Ì»ŠñM¾@yÆ÷y&>xA|õò=ŠÏìn1|Ëµ¢yÚUçøñühD…õVrÀ3•Ñ-<U~°»qt|ÓHÕ;©‚žáÆ|†mß»›,~û^®­5¾TŸ¡µŠTœßÀr#gÐCÍ88"”“…‡bâÝ-3oç?]Fn¢`OQâÃ/´nSÒV€	áuKjè\‡ûTVÝœ”‘¦7Ì]éàbì·§þ;9]›;q&ä£KèÐL‰	™›®¬ÊáÒós‚bïR
métyÌÀ?(ëøFq’U]¹áFÖVí¤€ÉÏÆ·ÞoN6å½‰3…dõl/"‘ïã?’òÌk¼KEWñ™‰™tÐ¨žl|ØI~¦DZÏZ	›|~”òÞ–G¸­LT(HûrB1Z·™Õ·â.€n¿µ¢§äüMËWÇjÎê@Kb |ÜÅå•âoŽ~,m:Ä#EÇ…"§Z‡Q_æLŽ+”ÉY¨óûŽ­E±e‘€>þò?Eî¨¦EË
Ïe"Åë›W²€[0$ÔßU¨•Câ¸ÔB¤WË0)€{§ÚÞm9­‡Õê³òcÞý§ókÉaiùª7å"ÝR—K•‡V¯+uÂãl‡£|fÎÚåðTïI_V­BrN=ÔÎ³ÖÓø¯Ðìë°‰Õ™±vDGÜI¿á+ÜÇ *Yêø žÎO¸©Œ¶…Î–‘,AÁ-:îž3nÞw‡ÂuøKªÔkƒŠPÄWÀ‡?2¯~Dw7Oaäjxaéå‘Í—‘›Š7ù-ÝÃ
_~>Ã¢œØB
,â¨# P•²J"¾ÀâÒB…î?ˆ&á¬Å3A7Ëžµ¶JÔ¸œóðü_±Þ¹·6`Ö#¤ëàWçgßü}Ò
EÀ-ˆìPÅƒ«'Y|U1í*[5î¯æ!xk]MCëËjì2ÿ+ÎªÒ#-\À²ü Ç¥3zXéÛ'Æ‚a¿˜NÂ¬0¸0ÏñªñoN ÂSk\Ê6õ_aå`ïi*¡…ør·Ì%Ý&\†€SªzÁüÄõïyvŸHFf%B	OdÉ;ÓD¼R	ãã*úNÑK7$Y³¢ó0”mÌ[çšCôé‘[áaœµÏž¥4A‘ª3àÓœR|— ò‰£ù˜µ[ð¸˜|øG±¨ä:í"%Mí‘±zÈcò+	Þ{ñSd•öF:zœtÅp^x¤’Rc¦z4¤EdÌ/´³„^íÉr»§.öaþ?üµ®JB±aåÞ7
Ýv¾ŒÖgIµ…Ðd1—IóÀK<ë#þAMÛi•w	:'TÂþAr%
ð”à"D¹;KFôä+€9<ª¤£%~á÷QA!S|R=XçD0°S8‡XB„SÃG’¥üX8d\o šk?k×0ÚW°Q€w¥Ç§, 3`1Á¨Â‰ðý«¹ö+èc–¡3bËúzÙ}ÚìÅf.^'»Ÿƒ2fˆ%™@‡¿µ÷ŸÎVf`KY²Òý”ghÁ¨-°;ú	Æ#êÌP”c¡êeI?‰úœ%r	›bBZ…Ó ÚôL¡súÄPfœðïRÅÄjåD.ø¾€DâÆæu ŸA?_sS B×JóOÛ½ÈzÉÆèôuîÅa2R¿¶A®Í*Lé·Ý½Æ ^øÖÁ×â¤ÄÿBüt|YÂtÓ™Ï A‰	Å=¹„Kx£–]BY\3CÇU)Ç”çY&¡7>šotS!³Å¾Ú¢ìÄßÔâ Í"Wd9X>äÐp¾¯ÏïèÚìÞ],T}ˆõl¹¥øtÍ0!º9W²¸;OœUbÊK ô´JÆÒjÙÈã4È$ÕÏ55Ðð7îrGqdÏ¦¹%GÐîeÝGÈ!_½ï4 ‚êÑ»Ž(ÁÙßˆèæÃå–«4d„Òo`áÑË3qYŒ›_û+Áä”\Z©¶Ýl)žˆõE9™sÐH›@ªwàWÒ¥	gÀ7|×>õ´”âšØ’oâº[¹ß‰ô§ïVzÖ]´ÀKºÛÑÈl#œŸ…+hV|”}UÃuQ+‹¦#]°W‘”N ÆÒ"EŽ-ØÄ–·hn.?=÷ª¹Í;xïõŽØRž&Ž>u}¹¶&ÞîÉöNLPD„*©TÉÿ0R•ºí8£Z>–%ßÄrï Â6ì£Î Ü–t"ÝÇî,¤ëNüµ"ÁÖ‘.äÝº–åÓæ•~¨¸0Šò{©1¯ÅŽ¢¸Î½aêLÜi’°¿µýe …‚ât¶*³è=W@MÐßçx†«ý¹·@­á9TßÂ½ýçe#A<hÑT`ùPÈdtôÎ„m!%pmÀ?Þ¬zj«—l©í*îSê.Æ™‘B±W6!ò‹úuÊþ.´Jõ8¾ê>¥‰B¯äx Èý{w³Ì´f7j1ûOT/UË.êÀnO ,?£*RB÷PpR&Z!î¤7ø¥è¤ˆZ¶}Ã Å†ÆvŒÌÈ¹°–¬‘^¸ÃI/”›~ËëÐ^Â9Žu<˜ÒK?zÙ[Î_K×âw9ðó[ÃNWäµõæ0Pwˆ_;ì…Df´˜‰ßÖxü¥±å>Ë=ÌŒ ÅKlºyg˜+hÜ à	±Ûêfª”Ûµ&r¼
”MÏ€>H_lkÀ©6)(+"ÄéI:ªWåG7Ô7TòÆl­÷ävþ¢ÀÉ³uH+ûá¡Á‚¥;ÌlKH¾=|á×§“oÓ×Qw(ÕŸ’¹ÿAÅñäüük.'êûÏDSÝ,2å¢÷/ÁèM‹Ö8l×7 Oÿ8RŒw¶IÆ'¸›Œ‹Vêì~5Áz›•)ÏÀZÆMžµA¤ž9wdÿMq‡puzž,ê8!b4‰S€M\»Õ±¬{ÐüëkTÆ Ø·Z%Ýovú®ª8×õçØÄ¤§çGˆÆ<kïd¢´\Gn ÇÉþLÆˆ`¢ãôžöÃ‰Zñ˜ß8TsòVßLÑ#&Â•[ìy ƒ55Ôh
² ÿ˜µ^ÍR·1Nh”"¹ùvîúœ¢i®F~ o»ˆ<„¾ÀvìÍ!Ÿæ«Î"š;An=œ´ qkS	ÍÌ›?ÀVÒ³ï@Eº[AQ“"8ÕGJ$ªd<µmStýÞ-&îÒæÙëÄ¿×RéM±-Š@NÝ wñ0O4ëqÛGŸÑk¦4Kd:ócG@Yê¸ÕÎÛ8Ä¥úÚ ™ƒHûüÛm–ß¼™œÁh ØRË&îOlûÇY¬Âm?,À‚â®+F s–PÝÞ%eÍæ¾ÁRÑRÙC·êÄÃ—¸[‹®¡Mà1ÿH;µþŒ—Ï¬!QCô¾€ŠK~(îÓtQ2SêŽûGKSû@pp]”‘­‡ÑV3hïº\ÃëÄp´)=·‰öÂL—FJ†Æx€Ù":Nxm§“•k‹µd5s°Üp]ôÉNzåfÈ"«f)"HýLÒOÏk¥uäl-¬*§¶Ñ†‚XšA’edjÝ®²~à=S†·‚iýÞ:*¹Ý3…ÈóB!iP³x¢Ím«ï5èy	}ÜjD	ÐšÒ4z ã{…x.øOXgÓ>Ô•â3ê§êøò¬¶pBSÞ¶öhòBBb˜ÁŽˆ¦ºF­·|·4Aùêi ÿ,=X~¤œ@åjùR×FC¹=É_6“e,J§ à—²î"¶e¾9ùpŸžãëvf›hg““ïAù}h«¥øYáƒ}œVWk˜:>™m8H#Q3ÐÐÀŽM=ÜM&Gœº”ÖxúqË…‹CŒýP®lG'7ž»%f™_Ñ<PIÈþõ¼»Òä:Šææ¼¡ã1Úaz?õÉkÎÜP‘ ´[S§Ú] âBŸk†‘HŒšŽ0ÄE½UR|É‚Þ\tHà@aN*<½8 {ôæ`i³Þ]·d¹¥çinÝµ^!† :Du¹¶2a›ŠŽQÊm¡»)î¨’5!?¿üiÛ&°ƒIªÊ‰Û*LŠF‹÷;ª¹6WŸ—ž¯trÄ«ÞWž$_g}¿ØÂ…°LÔ^§¥®In<¬ê’-ò*ˆ™+Þ6­3@ß07n¥s,.œhØ·hí%É"ÈoË¿i-×´VêñršÿB˜ÇWk.B¹8N/¢çhùibÅ˜k·ƒ1Rî'µoõàùÓ>¯²´‘ì¨´»OM­tî¼Jßö5¸ã]îç÷KÀPyÕãDAë¸wp|YÏ"4C\ÈíÄþ}Ëÿ—C½WO¢^ü}_­‚” (Ö„£'['¥A_» iœ::=ïsÔáˆ¤a{ŒÕWÇ"c¢¾rÔ«Ô,uT•ãÑd˜Ñ	~2šlLÃÊ‚™•zØü[ÂD›±/Dct·›A–
àÂþƒE7åÄtœÿÏL…|‚¦Ä•”}öãÇp}=š ‚¡á†3,žjóWYÍ€öÖzî´¸{3vã½^{	°-Ê€>^Å%ÜòÚÕÂ`ç¹z•púª‡:ðV‰Ù
ð®Ê¢±š%Ãža(™ ÕIá›5ÐQÁºG–ý&8ºá¥å¿ÂsOúÙfV²º±©]Nñe³šÄž¶wPÐ½ÏAB’ûøÑ	¦ZÁÐŸ§v'Õz^Íi(Z<ì’qÐÝ)ñSôZd ªÎåÍÓº@Û$r¥ löUFÉ))e? F¯{ªÆR§jP=†aóÎ.À4 …?µ7ËS¥8ïýÐ…¦êlù™àðlœÖ’0’ÞùFHŒx=ùÖð_Lù±HiÃÃ’jMÆL~À*¯þŸ¾øeDë>sÌ]½rþ·é
h/l}TL*‰ÿ‡9æå€ÙûúÁ	a:²&5ÉX ùÜ8¥IúŠl­2+ ˆ€‰ …˜É‚ )ÐÖµ?6ò|*N¨H]v%›¨>eò"è¥#>Ÿ½´‹ÖÏŸÒkoX¸Ü%ÿQÝÐR=anÇ E¤Íª8X(2<’:ÉæºÜL¢ô»ÇxqŒh©š*Sb&ˆk-	Šé7ß9M¸«‰ð^T¶Xƒj@V—Y[iQû–¥å›wpµi»iÜ.¥V±Z7¹,ßûÒþQÉÛÓäXxÁEæºìçÜ¡’Ã_äß/òŠ}m*›ÊûâÚ¢O›€(¯-<óÎ­^²§Ab5FôE„ªL©ßá´XÛ¤Ø0Cƒ×É•vÞåfÇå,jPrÊ]Ã[kõd`S1K{’uJA½•Ä(çÊyð!ãÃ6:öX²j+I»´ƒÏ~þPP•¢z×â(Üˆ+PØš“)°rC`Ñ«€`FÃÈƒÂGÜ‰ng{¾.×Å‘[f^¬'x«w½@Ú[N+²¦]BUÀØÔË°í˜Š+[Ü;»ºÔî”e„#o‹L­YFT?^³«4hÎñ(´ŒàæåLÕ6cÍo3Ê÷‰?¬îŠdD?ÊŸ-Õåf•îÛ‡žGÎ_[/G@î24Ay\Å0J³Ÿ…¨-ì`.À…‰lw¨ÑQÔÕ±ÇT”ô#jT ü›ƒfzÊ-EInÒ~'‡H<ß0 l²R`%¡m8ÛérpøÌIî%—˜uO>Mö‡1áNÄq+’Ú;þ™ôÖÿyvÑ¸Ò*Ÿ¢b­Ã
6Ýòu8Ð}?W»'íeÑË‹
—d*út˜:&ôðE>A‰¯¬òì@˜ˆðœ|qŸ ›ž¹Ak‚ÓK©å„i€Ý'T>äp_ÿâùI7øŸñ%‹$V±-nÔAÀ“Ã%Ñ‚‰û~k+Ý“Z|ªª;ž{O‹Úhgõ’ Œ’T¡vjC,’“Çlöº€ØÕ‘-0®Ãn:q«ç¨àÎÄvñ%o–ïõØ_+§È­øííûÒPµk~,*%O~ÌÆæâ/q ¬$²%ÀZ¢yHAßK¡í€ðÓÎð°°gß¤€dÎì½B35tÜ'Wß‚°½•IAI¬Æä1U¨Úß¯3ÒÍÅ(í©UM¢c~‰\8j™n†×>›€¨!Îèµ—b ¬ÃÅ©º×âÝ¦p«8áƒÿÙ} \¥±1öÒ¨«Nïåéåø¡@sÓÛ-œªÕi@Á~ö?@Á ‘QD‚ «­Ç“lÀv 4«ù:oí Œ(›®5ÈÎþÃ±ÄQ²ˆ
#¸ÃìGYüÂ€‚?Ðz§´ç¹¯~ŸêÉvæ¯u¬á î†kÁ§ÇN•‡„ê·êè
ÑùH©8¯åÜRƒSfB+ËÅ"ÞÂ]ÆB§®sÌ4¡3ó9‘KCÄÑ¸ª&D±–n¸NàŒLÏ¨@N™áëÀØâm3Çz¿ÀUþ†‰5qïeÜ‡^!µÉ„÷UX¿Ú<*×»)l+&•PÐ´H¿KšQLW¼”Yö–£–° êÂ¤?N
) eÒé«Š=!%DÖZ-g…¶AÎ8*"‹˜‰ïKNqCáÊd'‚I¼ÞáçÅÛvð›Í³fô
]ý	z˜Ätû–qRöêèÏÃ;AºÁ_çß¹à ¿Ûn©ÂXzI•&Ÿ´Ì(/½²ÜïB´á[2ƒë²6t	êæ‘BÓw¥óÑnLuÞÓ3ß¡Û;oƒæ¶FÚ‡_ôGæ„Ñ )b%_`ËFî çÃ;/TOéýaº2cùÄ›ÖtxgÚoÃK˜Å¸’ít ëì¡\íåîD½½¸Ç6úˆádx+1OÕõ¼Û:%âñá h”‰DÜZ2FÅæ:Ã¼$Qö®Ð§úÏÃÚ—Ý8œz¢ìÈL¨Á„‚áï‚N.HêÌ «ò‚*àŠžGÊêùp%I¦>'ÁñÈÈR€þ<£’0½Ë®î’ñSk†è°Î›ˆ¶…ƒÖõbÛ¬§N„‰Ad0ÑkND¸2P†®Aª’&×°ÚO&Š½bßñ;£	¹B¶
¨'îS"CL©£éJ"§Ÿõ÷ù ôECF4ò‘£Ï¡º‡ë}â
M•ÂnÅá2Js×þoöHŸÃæÎ8Š{_p	˜2ÖèúåNázÖŽ"3È+XóÖŸ¯‰h;{RU—ÅåøÐ{Ûúò) V ±_¤ãõÒz¼£Âf²Ö§´§$^/‰pÜj¼ï­ßŠÞ£¨‡Õl´ÿËÂçZ¥ôíÈœ¿º$?‰:¬Bâ8×-RfÔÃÖ>p¥J>Ëhh\=OÛäp$ýï#º,C
¥*DŒÝ‡4h©&S…ßÌ·úÛaf&]Ònš>fßßéY?t~L“ý9Å#§IÔLGæ>÷fîŽ;Ñ·Jš[oãƒ~À¢*åOÊÂûv¨ÜZàYÚêvòÎäºHoÃ²È¢^˜«æí±“¾Þ‰Ív$,+`æ²^ÍiJmàøâj«úærÿè§Ú§q«í\œŒúè|CCæ×ök‡Rot†]øæáž5è*²À9Ñg‡d! âD
ú¾‡c
÷Í&\î8Y¯–ý33m×s¾“‰KV—7M;Òä³ã
P}ËArû‚í8©TµÐhYÈ¥×ï$P+ú-Vó^hòQ#×’ú%×pkƒƒ&´x¢Ð³˜|Gî­÷TY2!· ¶éz²"…Ô¾ÂéSnhc`{%{)f2qõ*Ñ²SøD_îaÓT?Åú5™˜ÅŒç§³Àò¨ä¸Ò¯ü™•.g€Þ$õÙŸgq}Ž¯SKD•~ÀÞEÍÆÜ2ˆù”ów%r‰#R%êƒÓŒ+N&R³à|0£&"H¾ÛÔÐïÈÅ[Žhn~$ L™Å—ºrã¢{]°Šôiý2š®N_Û<Qf‘[uÌú»õˆ£ú~j¬žóÀ^%–Ÿ%bßª 7Q™îeaeVmÝûˆ«p9ÙÙµ}!e}š¶¥ïÜZ®)µEõbìÃtÖóŸ3fÜÝk·tYÕ¶àÄ{²©˜ÆÊ«ÞŠy$iÞ¦"Î|óqÝÖÊ”¸‰ÿFtÜd3ò=¶Ëœ#¸_Ç¡fÏUÌæÞDÂ|iWSû8ÕáPžŸáA+ÈÍ7­1K¤ÍG·L`Ëå°§—ÀöÎÎ;}Í}ðtˆµºÄN5wy³:·4çl-©SeÔ¼•Ãk9IÿAjÞ´²“ é´Ü$˜¾Á ä¨Ã’:ýk›¢ÀÕ„Ù¬”>`Ddé.¬Ç•LÇä¦ìíöVÕàS3Š5;=Ê°w_àYšýÑë]qç tbØ<ƒ£HFáŠ05yÏ>øu˜	™×‡ù¨ž6ƒàÍ˜‘Û@¿T=¬‹öâ¦wÜ0ÏKŽ©u?í¹Àžº˜SmÕÿ£DqËìlù2CX¤ÌDd¡B’@9PaŽúçª"\¼ð
Uû[RÏX7<k­ÿ»+R½!õ8hÄñ3Vénµ¾eýgBk_†·Yºþò’Ý§¹°Ï—J(s±²›´>Ëæ"ÔóþöbÖ¸øS°g~ÒhSb#õ’œ·½´i¡‚µ–ª-Öô„å	®¸VNìvJ©µÝû±Ü|˜H¾ƒ›dhýÛGh®„“ˆF·ðí/T¤€Rf‹]ø2*0	x§kW‹•.XA¨µÕjÚ[îÂÕáÂãÍïÌö—MàÑ|ÒPÅz…êÌ·o#¯øëË…¾kž ¡–ôc–Þ—¢`”©þ^âá–§§½ëjÝm­­Uµñó¿ß¥.é%}l£é‡ò†“Ð“ß§Ãá•û`[9ÒPÌ¢/d‚sîKd"jä®…!§“Ÿj2C‹•§T "
è³|Û?¤¡¥·èú•“B»¼ Ý®Ë&Wúç«-TÏ`ø–d=´¾×²€3£+Ò›OõaXæŠ`Ž ~/¯˜U‚æuÜƒìv¦’•€Ü,qÆHe!9ªüN ÛuÂê¦Ÿf´ûWÐµb€¼>]ð*Ï¶•!h°LØONOCº†BÑ6Áí³pEÃ£>pF£j¢z’ªÀÝs5Hðö¿P/*Ç{u:—;“4É5³ƒ×D‹v¾mÐŽV9¨ÞŒ3•/©Šªogh4©/ŸF3ë¯Âðávˆá~„µBAÐ(žPÇM>® ®®œŸ¦R‰xÄwEý:õfm2é‹\á¦árÞf3ßÄg× ÏBI+â»ÈäñÑµduqÞ…–Sýf~ð[üéïs@2>£^­ãª77=¿¬<šŽàÇ–kT~LSþ––:å]{ž
¢T÷ñgwo8ìÃÕI4	§ÿ†gÛˆ6*Ì'öh›Frª&“ºn¬MÂ„qûzPøóÌ¢ý V`GYÕ˜‹ès†ÒC#WO’|þc?Wº)Û‹*ùª7‚}8ý’ª3Æ[Ùý³®Ì¬Xð[’ñïL5u$FHæM‡€­ÊT~8?N&ZWSlþ°+{'}o9m²°¼@ZRC/*ÄëÇ©$ïÊ¤°®D¡n#}gu²˜æ‡«€W—[Úóô^£ +>ÉÜ yD6wVµ‚Œ°±KêgÒ_nI¾J·éÝ¯€¢.¡³ÖÇ,vLÏ=¨RqØÀw’¶KŽKŽ1•¯“ÍÈ¸NÇvp9¡ËÊ5áÜ>`íEe qä&/S{¼ÌóYð¤C)h¢¢LX©‰?ï8ÝÄpey£Rq`ÜCZ<ÑÌ¬Cì¸}sR.Ÿ>à€0J#!@IÅBîôm¤ŽóTún6ÔZ£¥·—ú¶<Ã•c%— dË•YþÌ·í€à˜Ìh°(“/4õLmq%¢ÁÌ-?e¢Îì@(¹äe¦ýYFŠŸÌ˜oWunP¬CÃ[W–NŠ¶C­±:ÒKÊæˆôîud*mä]¥Ì—ÙuÅ±x'¦®w‘¼š˜8š…LF]}ëi¦3Æÿ°‚ˆBzCá—Æ £t^.®M·Û-W'^'wdI7â•òB9ê~€EbÊáÛ½•ÒëfX¶{ò©ëgrÝi}Ü·;úÜÎ BÎÌ3iè¾%zá{szLûQÄÖp¾ý>cÎŒéŸòL°É¦ì”e *ä+wî½UÔÂÞZÌ15>µc¤3ÓKoâÄtùDÙm<˜¦“›öTÓ9øÀQDÀ¿g#ÉÚAQ£¶ù«Ž…Ö°œ}ƒ¹xUÅ/KÒu÷{0­ŸmÓ¢ŽÙ”o~\Çîë¸@	âªo0ÍCÁ„IÒzÔ28ÞW¡”ÅäßÇª­ïs"àñ
‚žD1‰ËoP¶ºÙn$%ÔÐÿ˜Ô}ìò1FLñ6âp¼2’ó×’øÿ0±Èû^{ïW«—_X&:ª÷Ýa«¦IsˆŒ¬œ]¾¥Ùpr¥hºo‚é¯çø&æâú£ÍsŠv:Sâ«„U1À BO¨dwc€‹ê@àQ8AÈ{ŒBÎ²ÏüŒM¦ÛëfÎ <N7ö¬ a‹”8î;ñ3Cãß¾“Ðï•DË»¯±ÞLfûL$N)/äÃlE¤ÔÊ¤h"*=~AMOÓ^þ*GsJáÝïöw9Ç„ÃcŠgw¹K²°
Zâo¥(#½H¬_Õžšµ¢ü^ÄD4g„îª.
\ (ÂÁÄ«Ü¼ÆÍ õ¾ƒªüþ,e¤9[¶ª/ßžÄÞ‹¹lé…Pñý€mÚÌeG ÊªœX½óA#93€TÙ.â/—Ç¥áù!QWe>Ž ®*² @3W5Ÿ`Sh
Ýñpƒð×f¤Š§-´ñ%G°ê|±‚#ÏiAÿ4ëaháÏcÿÁæQÓ<«dÊ‹‚›¢NŒ†–+õg\kTgìäy”Ö¼M‡Ë*Ë¢´e« r)Ç—LBúùê7}íª/þ@]K_PŠa,a&IAô8Z oåH0B·oÇ›{ˆC½5 Næu	Cè°ê±…—y®l=dhÂÊ{÷€˜œj­¤ÔTö‡D—ÇñÝ€Åòóë¶_Õ* gê7ìá¥Ãø“†… ¥Ú²ñlÿK\ƒ~^Kê­|ïê¼8ÑÓðåôiºçï…†‚åÕ—Cv§À9=õZÒG*„ÅÆ‘úD¼ÖHè@ËTY-|6ÞÌÁjP¾¡œÆ ˜VÙÅÅ‘Ç©¦þ3¢N¬þpw7iügf~¿’I»1Ók¬Ä™ÍTƒ¸þä°ÜÀìÑz©Äfêê€Ÿ¬Æ|Qèžubz—>úØãðt ­è¿ë  ’±vmNï]@¦Áã°1‡1ÿ•o„8Ñ½
Îþ¿Ù±/išìV^â¯J;n²RCñÛA	bˆØø‚ß=ù`‘š”üzïuòQ"ùx£·fæ^®ä¦˜gÈÎró¢ç!ä.JpB‘NcÚ—8CÇR ¬î ôÃ4Ð3y^vÛJ×WE×ãu¼C‡ïéé9=Øpfä	@Ë¤l–6"[­›ëRy]Ak’ÿ%¬àú{ðXNú®EÂjšWœTJ×1 ’¨¦–5³ŽE§ª!í$ëÀF‘»ÌJGú¢¹ØXáHo>-1Z!±‹$@vÊ¤K¡SºØïõÓÜ¹èRTÃmªÏ‚l’ÂK¹¢Q¼]žM{–ñSqeß@¸qTìWlì6Pâi%¦¨XQLG~XAêí3Àñ³œÿ¤eXŸqÖ×Ú­l¸¤JëÝ‰p¢›|Kou:Ÿw»ñDL€Î?uÆV@X’Œ˜£ŠH+Ñ1ŠS¦EÝìýö™S çe~á›ÐSü>ï{¹µ}V_¬Ç~O…`;õñ}„ÌåßM5Â²3ªÀ«F¾Õ`c@»¤£ŠH²ØgƒtŽ®cðv ÐË­h_Œ8ÈÈX¶†CCÑ¼jYSO¿²<BdÎRŒm¤eËƒ’3Òìw^ìSÖÞ®úáã§õ°Lh•&±×˜£½]e¡Ha4Zíµ/G{v…¯
vñKŠú0[Q1?n{&Êe,ww?¹d—ÿ7÷¯«? ”€‰ÏÚ…€âÁIu×]QŒ£Èü²éÃÿ6“pÖ¥-l”×î½[yÇ¬RoN8ü'jßì[ùî9pàÝìâ­í˜¦ûS8uGµ#_‘ßòl QUL^cS÷wÿ„\‹%Sû1Y—l· F:”&–Šl¤æåís!*`9Ä„ç#É{£[Ô«*ƒênüedôh–üD¿‚œ>Ú¨Pm¢z5é5(Pî7£¶~Â¤;çs…¯å	vr‘ÑÄ	¿°¡Íˆ=Wgri™þçqþ²ÜJÚ ¦X
˜²¼ÅPoG²ï­½+Z‡…]fæ4­§líÔP#sö¥ºŠ(¨?j*öÚlöcÝ””twxØ©Ž+X¿Ó*ñ@[ªÿJ%ºá4Áèc‘h)ýZüÙNYâóåEÖE†f•?™PÞ1Ž€¡íd°Ã8dH‚+ƒ¯YR€®)Ï‡yœÁŒj—J?Ig¥Ž˜ŽDuÀÿ¶#P.ä¤'Zü8Ï$6:ñ“Ç%úpqTz×t–J× •ÇÞA>ÖNùNå)Þ%!3jÙ‰b«Ü‰.y¼|¢^è×	¼«]\‚ák•c¨2’ûÏ„î×îFZé^eeüß½Y!MÊî˜Åf¤‘Éàcã•$p:Ôƒ¯«/ÌönûœçØÄ'cÓø=„KOƒŸg©h€‘Îr„rØÄ8*Ä¿Y÷ï„ò¸ÿ(Rwþ=_
Vú*´ªuä—U)Z|¤(ÓCAÜQ¥ª‚)Ð¬ïi¬¾ß„/…[½J·ëc/‘ìÉ¡¥¯P‚@ŠHÏñ÷>M8c|âÈth¾a…ÖUd”==?¼âˆöÉ%Š 6¯éí+˜|áR	:ß¯WLðÖ4Ü±üxü"§\	1ŠwQÌÖ]§hzg‚¢+´À•Õµ*O[;V€4<GÌ'©WZýúš zo–ý×#m}t»az÷ŽÿçÐÒ£T™z7å…Ëüûò%Õ™ñ=»Å7ÅŽ˜?éû…ÒÍ'™åÖ¡ÝçQ´G»î·÷€»d…šßC[·#ÇBWÙÝb¢íÕÝl£[P|¨7ŸÜd'¬x¨beÊù€¤Y½½µŠ‡¨éx,eª=î«!êK‡¬VðŠŸíaï‹ «éòtKÂHšl„¾ÃÑðÁ¹§'uˆ>ò<²zk„+³]«SëÀÔÌ -$ïõš@šÇ‡Â¼Š0ª:»,·ÀòÜf„*iþ¶«ýÅ úÅUÎäf .ò¤5c>u!²=nK/ïææñ¼¯EZŠY žvÊ‡%YªóAR÷X£1ä+i‡ö·Ò{tï+ÝvÃAô –O3Ÿ{´9$èK ¸ "ÛPŽCë•vÕžÛ^`œ­kŠ7ÔeŸªtòCt*N 	¸Ÿ8ßC#EHî!é»ðlKòæ/Ï­†:–Tö.´ÞiÈçS¶Øi2QM§|¸.î´0.ïÍÉ©Çdà¤j#Èxhˆ¤ßˆ¹ ÿ…Q)Ní£œŽqÈîÚ$fYû'ÍE`n¹,ÚS}ù'·ðQD-r	æóZ´ž¼w­YÝVCEiÜ‹ty¼ü::‘ëK#Cú¡„úÊRNTÝRÎÚ([³ègCasœÕIaw›]lºmÙõn³©õ½ íç‘}îc8³9È±nhúuÇJè÷þ•ÂÈõ^ B,·k1‰Écö»Ì#°£µ*« ô°høçY(õ$8/L*òìf4Éfôo†/ˆý‘¹t†«˜Ì›ÎÂqTLÙsÞ 7è¬Ëb³GbœsóÛ×hLž4ffúq¶Gjážò ÓÏášzMÇúœÓ)HÞûj¼(}	Ì|7LÑ$žíÎ0g4eé”_õ¤~™:³û¦³Ð…ç­µ'…!~èÉowí	OWÍûÐ,á¿ Ã]ddýpÝýÖ÷;’kùUšF1¸Š)á?GLj½§P‡·wÿ‚~Í&Ë[=››Ó—wl¶:ü+9Ô8š*®¥>Xêht®ðSnkÖVëÃK¶Zvm‡*†òÂ€*T?žâü/T%kŒZÊÞùÆÈ¦qZ#$ä6˜©M¦Ì¦ñ“Šg…w,œq$Âª¢2É9èeëÝ¯ŽìuÄÌû\Äbiá­×ÀT¾¯ ¤’vL®‰šwí±³îôÛ;³ïÇáî¦ã€‰%ã}U³šD4{yzÈXCêäe‹2­Ð´x¯ï`y?Á/’£ë{èS;÷¨‚;€™7êß-Nª†¦U#“Ýò»èŽ6©‚Ùp{Éù
.&A4VvXè²ýäˆ	Ø¼(#åÔö±% 5b—˜{Žò<û–£olfT/Ï¥¼¸°7Ú-å­6ÙÜ…ÌTIœtq÷ýœPŠd-_cÆáWàiCøŒæÐ=‘1@1‡øÝVP‚¥ü°@×}\Tð9ûÝáy:^šEA½8òø‰>q¼Ê–Nå%¬Ùb g…âÄµ#,æ´8ŠØÊDð·‰(á‹fòd—„¡Û
Ò"²Ì— 
ýÝë*ƒØ_¡€kª•÷éã¸ÚV[Óâþ³’f»Ï0ï0Fºw½ #Fê#F«uø…yu¢Ú÷˜N³hè)ö»âî½:áÐÊp/?8É×‹úñ@ú?Fã¾AW«'[nB’5ãtø4  /ì¾f;+Wµ_….ÞÚúRS8Dx\¶Ïöùû~˜l6"<0F‹D.QØF‡›¸vïwÀAY-iË6ÖÏ¿µÂô³?è|¥L*àæá{¯B¨ª{ÿ6};P/XH‘^^CŸÓPªíssÈñÃÌB*Ô«Œu=IBrŸ‘³€_™ngx#R!A;5»ÞÝ0²ËFæìzïhÚã]”é‡¦ PãÕØÀXã[ÇŠŽŽBhZÀ_[(p¬`kã§HåbÚÂW€„é”òt˜Ï*DÙ•­ÕuÀòù·9tPD0ÿØ+ÈÅiD­¼Ÿ:y¯LÂaîµƒ©‘¤~XmÄ…#[ØO¿›31²oSc€þNh9É¯1ŸÖ}R›%?ÄÁÍÄ›Ï”ò[‘ïGD-‡ú‡jô;oòm´’szä=."K ›¬Û3<æ0$åû¿ÙPµ{=`ˆÎdýšUi‹`iÁ0?XX±¶Îê0’få6þVíÃòÇ£ã2a¤Ë	 ©äá_iJJ£²izÁÍd©	ámxå':§^k	ú¹„"hR™à,<f°diùiUÇq™¨Žœ8ž â£âŒ+ ïßñù_1ëœaKˆG-|Ï<Î¿§¶éæ–Îx;H‹!ì«™È:›[ª£Ü?Ôß.‚ƒÎÖM§te‹OxlÍÎ¬r{*F ë¨ùlS]&:z€     r•~aÚ=ŠðÚ ²Àî²ð
ïÜäF…k†IŠkwý µ•êË{òtÓ¶éß    
YZ