openssh-askpass-5.2p1-9.1>t  DH`pJΜ/=„&0{=CA N="P4ݱ&]wfHEHF2> gWC@+f%QyJ(zZ2knmF5&k`6:?iڂ-+]ty#˧Whj"kB*ԆS'lZ 3`SerƚV""\,}t}ẔŒ>Qr#Ԫt)dBeE!n:tK(69{fO[> yhߡǹ$_ǧ92ПkOdt-dEJ[├ <+S 9XB5I?Id  TTX`dr{    * 4 H  .H\   (38</9/: /FGGGHGIGXGYG\G]G^HKbHcIdIYeI^fIclIezIwCopenssh-askpass5.2p19.1A passphrase dialog for OpenSSH and the X Window SystemSsh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. This package contains an X Window System passphrase dialog for OpenSSH. Authors: -------- Aaron Campbell Bob Beck Markus Friedl Niels Provos Theo de Raadt Dug Song Ben Taylor Chip Salzenberg Chris Saia Dan Brosemer Jim Knoble Marc G. Fournier Nalin Dahyabhai Niels Kristian Bech Jensen Phil Hands Thomas Neumann Tudor Bosman Damien Miller J΅build24openSUSE 11.2openSUSEBSD 3-clause (or similar) ; MIT License (or similar)http://bugs.opensuse.orgProductivity/Networking/SSHhttp://www.openssh.com/linuxx86_64wP u$$J{J}J{J~J{f222516d6f883c833b16b5cb740ea6a1a907c73bc7aff8f544c6da3c08a872b1089ecec74cd107beeaa9b2fb76d880e182a3f79c9796e121a8e311e725e9df8fx11-ssh-askpass.1x.gzrootrootrootrootrootrootrootrootrootrootopenssh-5.2p1-9.1.src.rpmopenssh:/usr/lib64/ssh/ssh-askpassopenssh-askpassopenssh-askpass(x86-64)  @@@@@@@@@ opensshrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libICE.so.6()(64bit)libSM.so.6()(64bit)libX11.so.6()(64bit)libXt.so.6()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)rpmlib(PayloadIsLzma)5.2p14.0-13.0.4-14.4.6-14.7.1JjJ:JY@JS8JPJ;}JIX@II3I"@IHe@HM@H@HH@GGu@G@G~GcGY5GVG F&@F@FF;@E{@E@E@E@E4@E@E~Ed;ES@EPu@EG:E+@E"PE-@D D@D@Dp@anicka@suse.czanicka@suse.czcoolo@novell.comllunak@novell.com dmueller@novell.comcoolo@novell.comanicka@suse.czlnussel@suse.deanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czcoolo@suse.deprusnak@suse.czanicka@suse.czwerner@suse.deanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.cznadvornik@suse.czanicka@suse.czanicka@suse.czanicka@suse.cznadvornik@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czro@suse.deanicka@suse.czpostadal@suse.czpostadal@suse.czpostadal@suse.czkukuk@suse.depostadal@suse.czpostadal@suse.czpostadal@suse.cz- add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh- make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima@redhat.com for a patch- readd $SSHD_BIN so that sshd starts at all- Added a hook for ksshaskpass- readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote)- disable as-needed for this package as it fails to build with it- disable -f in startproc to calm the warning (bnc#506831)- do not enable sshd by default- update to 5.2p1 * This release changes the default cipher order to prefer the AES CTR modes and the revised "arcfour256" mode to CBC mode ciphers that are susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". * This release also adds countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack. We believe that these attacks are rendered infeasible by these changes. * Added a -y option to ssh(1) to force logging to syslog rather than stderr, which is useful when running daemonised (ssh -f) * The sshd_config(5) ForceCommand directive now accepts commandline arguments for the internal-sftp server. * The ssh(1) ~C escape commandline now support runtime creation of dynamic (-D) port forwards. * Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards. (bz#1482) * Support remote port forwarding with a listen port of '0'. This informs the server that it should dynamically allocate a listen port and report it back to the client. (bz#1003) * sshd(8) now supports setting PermitEmptyPasswords and AllowAgentForwarding in Match blocks * Repair a ssh(1) crash introduced in openssh-5.1 when the client is sent a zero-length banner (bz#1496) * Due to interoperability problems with certain broken SSH implementations, the eow@openssh.com and no-more-sessions@openssh.com protocol extensions are now only sent to peers that identify themselves as OpenSSH. * Make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to avoid triggering 'Non-public channel' error messages on sshd(8) in openssh-5.1. * Avoid printing 'Non-public channel' warnings in sshd(8), since the ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a behaviour introduced in openssh-5.1). * Avoid double-free in ssh(1) ~C escape -L handler (bz#1539) * Correct fail-on-error behaviour in sftp(1) batchmode for remote stat operations. (bz#1541) * Disable nonfunctional ssh(1) ~C escape handler in multiplex slave connections. (bz#1543) * Avoid hang in ssh(1) when attempting to connect to a server that has MaxSessions=0 set. * Multiple fixes to sshd(8) configuration test (-T) mode * Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418, 1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540 * Many manual page improvements.- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775)- fix printing banner (bnc#443380)- call pam functions in the right order (bnc#438292) - mention default forwarding of locale settings in README.SuSE (bnc#434799)- remove pam_resmgr from sshd.pamd (bnc#422619)- fix fillup macro usage- enabled SELinux support [Fate#303662]- update to 5.1p1 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly other platforms) when X11UseLocalhost=no * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and ssh-keygen(1). Visual fingerprinnt display is controlled by a new ssh_config(5) option "VisualHostKey". * sshd_config(5) now supports CIDR address/masklen matching in "Match address" blocks, with a fallback to classic wildcard matching. * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys from="..." restrictions, also with a fallback to classic wildcard matching. * Added an extended test mode (-T) to sshd(8) to request that it write its effective configuration to stdout and exit. Extended test mode also supports the specification of connection parameters (username, source address and hostname) to test the application of sshd_config(5) Match rules. * ssh(1) now prints the number of bytes transferred and the overall connection throughput for SSH protocol 2 sessions when in verbose mode (previously these statistics were displayed for protocol 1 connections only). * sftp-server(8) now supports extension methods statvfs@openssh.com and fstatvfs@openssh.com that implement statvfs(2)-like operations. * sftp(1) now has a "df" command to the sftp client that uses the statvfs@openssh.com to produce a df(1)-like display of filesystem space and inode utilisation (requires statvfs@openssh.com support on the server) * Added a MaxSessions option to sshd_config(5) to allow control of the number of multiplexed sessions supported over a single TCP connection. This allows increasing the number of allowed sessions above the previous default of 10, disabling connection multiplexing (MaxSessions=1) or disallowing login/shell/subsystem sessions entirely (MaxSessions=0). * Added a no-more-sessions@openssh.com global request extension that is sent from ssh(1) to sshd(8) when the client knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session in cases where the client has been hijacked. * ssh-keygen(1) now supports the use of the -l option in combination with -F to search for a host in ~/.ssh/known_hosts and display its fingerprint. * ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of "rsa1". * Added an AllowAgentForwarding option to sshd_config(8) to control whether authentication agent forwarding is permitted. Note that this is a loose control, as a client may install their own unofficial forwarder. * ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving network data, resulting in a ~10% speedup * ssh(1) and sshd(8) will now try additional addresses when connecting to a port forward destination whose DNS name resolves to more than one address. The previous behaviour was to try the only first address and give up if that failed. (bz#383) * ssh(1) and sshd(8) now support signalling that channels are half-closed for writing, through a channel protocol extension notification "eow@openssh.com". This allows propagation of closed file descriptors, so that commands such as: "ssh -2 localhost od /bin/ls | true" do not send unnecessary data over the wire. (bz#85) * sshd(8): increased the default size of ssh protocol 1 ephemeral keys from 768 to 1024 bits. * When ssh(1) has been requested to fork after authentication ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until after replies for any -R forwards have been seen. Allows for robust detection of -R forward failure when using -f. (bz#92) * "Match group" blocks in sshd_config(5) now support negation of groups. E.g. "Match group staff,!guests" (bz#1315) * sftp(1) and sftp-server(8) now allow chmod-like operations to set set[ug]id/sticky bits. (bz#1310) * The MaxAuthTries option is now permitted in sshd_config(5) match blocks. * Multiplexed ssh(1) sessions now support a subset of the ~ escapes that are available to a primary connection. (bz#1331) * ssh(1) connection multiplexing will now fall back to creating a new connection in most error cases. (bz#1439 bz#1329) * Added some basic interoperability tests against Twisted Conch. * Documented OpenSSH's extensions to and deviations from the published SSH protocols (the PROTOCOL file in the distribution) * Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent). * bugfixes - remove gssapi_krb5-fix patch- Handle pts slave lines like utemper- update to 5.0p1 * CVE-2008-1483: Avoid possible hijacking of X11-forwarded connections by refusing to listen on a port unless all address families bind successfully. - remove CVE-2008-1483 patch- update to 4.9p1 * Disable execution of ~/.ssh/rc for sessions where a command has been forced by the sshd_config ForceCommand directive. Users who had write access to this file could use it to execute abritrary commands. This behaviour was documented, but was an unsafe default and an extra hassle for administrators. * Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) * Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files inside the chroot environment. Please refer to sshd_config(5) for more information. * Added a "no-user-rc" option for authorized_keys to disable execution of ~/.ssh/rc * Added a protocol extension method "posix-rename@openssh.com" for sftp-server(8) to perform POSIX atomic rename() operations. (bz#1400) * Removed the fixed limit of 100 file handles in sftp-server(8). The server will now dynamically allocate handles up to the number of available file descriptors. (bz#1397) * ssh(8) will now skip generation of SSH protocol 1 ephemeral server keys when in inetd mode and protocol 2 connections are negotiated. This speeds up protocol 2 connections to inetd-mode servers that also allow Protocol 1 (bz#440) * Accept the PermitRootLogin directive in a sshd_config(5) Match block. Allows for, e.g. permitting root only from the local network. * Reworked sftp(1) argument splitting and escaping to be more internally consistent (i.e. between sftp commands) and more consistent with sh(1). Please note that this will change the interpretation of some quoted strings, especially those with embedded backslash escape sequences. (bz#778) * Support "Banner=none" in sshd_config(5) to disable sending of a pre-login banner (e.g. in a Match block). * ssh(1) ProxyCommands are now executed with $SHELL rather than /bin/sh. * ssh(1)'s ConnectTimeout option is now applied to both the TCP connection and the SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand. * Many new regression tests, including interop tests against PuTTY's plink. * Support BSM auditing on Mac OS X * bugfixes - remove addrlist, pam_session_close, strict-aliasing-fix patches (not needed anymore)- fix CVE-2008-1483 (bnc#373527)- fix privileges of a firewall definition file [#351193]- add patch calling pam with root privileges [#334559] - drop pwname-home patch [#104773]- fix race condition in xauth patch- update to 4.7p1 * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and GSSAPIDelegateCredentials=yes. This is symmetric with -k * make scp try to skip FIFOs rather than blocking when nothing is listening. * increase default channel windows * put the MAC list into a display * many bugfixes- block SIGALRM only during calling syslog() [#331032]- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]- fix blocksigalrm patch to set old signal mask after writing the log in every case [#304819]- avoid generating ssh keys when a non-standard location is configured [#281228]- fixed typo in sshd.fw [#293764]- fixed default for ChallengeResponseAuthentication [#255374]- update to 4.6p1 * sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. * Allow multiple forwarding options to work when specified in a PermitOpen directive * Clear SIGALRM when restarting due to SIGHUP. Prevents stray signal from taking down sshd if a connection was pending at the time SIGHUP was received * hang on exit" when background processes are running at the time of exit on a ttyful/login session * some more bugfixes- fix path for firewall definition- add support for Linux audit (FATE #120269)- add firewall definition [#246921], FATE #300687, source: sshd.fw- disable SSHv1 protocol in default configuration [#231808]- update to 4.5p1 * Use privsep_pw if we have it, but only require it if we absolutely need it. * Correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. * Clear errno before calling the strtol functions. * exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests) * include signal.h, errno.h, sys/in.h * some more bugfixes- fixed README.SuSE [#223025]- backport security fixes from openssh 4.5 (#219115)- fix manpage permissions- fix gssapi_krb5-fix patch [#215615] - fix xauth patch- fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch)- updated to version 4.4p1 [#208662] * fixed pre-authentication DoS, that would cause sshd(8) to spin until the login grace time expired * fixed unsafe signal hander, which was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS * fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms * implemented conditional configuration in sshd_config(5) using the "Match" directive * added support for Diffie-Hellman group exchange key agreement with a final hash of SHA256 * added a "ForceCommand", "PermitOpen" directive to sshd_config(5) * added optional logging of transactions to sftp-server(8) * ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested * added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established * extended sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments - removed obsoleted patches: autoconf-fix.patch, dos-fix.patch - fixed gcc issues (gcc-fix.patch)- fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch) - fixed client NULL deref on protocol error - cosmetic fix in init script [#203826]- sshd.pamd: Add pam_loginuid, move pam_nologin to a better position- fixed path for xauth [#198676]- fixed build with X11R7- updated to version 4.3p2 * experimental support for tunneling network packets via tun(4) - removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch, scp.patch, sigalarm.patchbuild24 1255984773!!!~!x!z5.2p1-9.15.2p1-9.1ssh-askpassx11-ssh-askpassSshAskpassssh-askpass.1x.gzx11-ssh-askpass.1x.gz/usr/lib64/ssh//usr/share/X11/app-defaults//usr/share/man/man1/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:11.2/standard/24bc9affe06613afc7bfd85020beb068-opensshcpiolzma2x86_64-suse-linux6 l2Bwm|?] b2sf$gSiѳ M4I90`PRRF-̟ ky~7+"y>`l.e%pY?M%6foA.u/k-1d‹:dկq'Lq{@ l_q.TE3w`FVf3{u wg@@MBQ$y'(Z>Oin1# CݦgtdϺ:V&EJz22VN  <[iPγ/Zp64M@9OK d @]"(tuyYQ)8PTPeaUB7T]5Pknp\4i]fRid""K8r[izs$_1y0Ooqa%#qewg L-¦ *!G d_byzj&E1{!+{U[<ݐ|9x݃o&_c_,Om~GA$2^ wVC0DLR/(" F8`mO2~͜4k-veM3l ,-!ghJ푿}6uV^;@hF/Ⲵq},._-!z~ JMzSHǺO+ Q{Em +ѐJO[;1ΙNE.b;zƮ"53ﭸNg'g1tq>"JJun s ;* KJrP4|ݏK\Wi7w5KN"ad*==%lytHsfd]"EHu#\&2SM熤GPĆx:V]ȍ v$gm oآ&c׌?.MuzЯjɔR7-[t҂;a|Sey)R`.p=vH-=n\@"ݡ62lIU8.H*UZ 8,ZTVt7ۻ,쌝F: "cTf>2=0P?@P5ഥbιOxe@ enm`ܐA.KeQ"%qʜn%6{~2akVe_Йs=KMC!,-P ,.F5u1`@@tcNl-_bN0}bm˛Jڳ 720$g!uɷcWoiC+)_R^E"; tK0W(HOg_A'k YOy/1PG/=100qqBݮU ɹ:F,;MN2wiW[e;aLhحFG^OADHa"2Do]&}}-knQ]fPJdNt:Xc"1Wx ]+'EIƐ3as6f* ."3~ tv[5'/J.Jj)P0YVѳLaSw K b[TڌgHTK(k(hEB7Tʥg&Vz7eNë][$הM\dO^ecFƇ&sҏ,rk+ Y Ʊܯ }S[ˋC;o `?Ic$gծ 褰f&:W?(Y9nq` s\aC4 DNU#qPXtCpGJHWUS36@nL1$DJ/,1n6C'! GPAv`_֥͏]QV Ŝ&}jtӰk'iShnAu69$Y:" i幦 ju'ixj&ʛˎ\D&)(b̜y/ b88tmw+\B@aMu!R?55 oHW1 7BxM}':_sH)? V/DJQ a՝5.W =ب?o02 wՀs]MҜ? fEL>}`PF1BVGjO0ђe'G|Xi&%odrvT>!z-lCİVҥܨG.svJ"k\n@ Bޣ!"E%1[$A[_ےGԢپY'~5C JR4|ZpgcO! ͨ߼ܰNl#cOճ /ޏ?qm?6.o9RF~ɔPy?5rvJ whRĠvw P 6enkeMc鎓 d`38duf 3uY9kbԉmW[zN&,/WmygPe"O Mb@7M-b_Z+8_F@JHW.=X 3ced^yVk%NGkNS`䨫q]z#"Kz Mİ1 ;BiMF~,lߚũ `nFT!lEDcEԲ6gh'LhybH}]ŏl@m,nxzӞq yL)A,A,]͊ y1ONt>K%)Vny,^M T*b1M +d}P,E3yW{]B~5e|"81;$]{XjVƀDָ&)͞ 3qG-ы #A:~[R.Bbn&T4{KmⲲ/;2[1dB,E̦ߺMt$1 QVK7J@3VIxh_+6SeA6TMčYZ[D^ _%:}/j?PtկR-6ڍ=2VO٫u,[e`h!I+(qT8~2aSt&4JJB=ը`<=b+/K}eô$'x(نDZIsNw; stKCeBaQA)7-W8լR]DuiT52^PK1w,{C5HJiyo: BIVpu>;MpQ;zOC$<ǿ]/~D#'Åf *sO#ZDJ«.C3טE_U[w b%Ghkr2+\gB LD/U.sT!4~G!K0[kp⹈ pWow,Ne'D{1 [/7Lh=m춑Vno' й`n,NEW9iʪ$Oa܊"r1?~\T staZ7#/saR<{8Z~QqajXƀk҂6%TfyhO8Uv~8o'M{)*yvw˩@dcHLjo~]JTxmKә1kT质q74ۨ,ㅮmX~RlY!{(G ITA >g)& %7hEfdHp&Fz!f]IAP8w( %smbMq1 F]| ݾ%Rxj-u&gu!=ښafmK%5w@Ȭ˗#"܀3+J;st53)\p6Q\ WB͊Jdm9J| K\q [Z `G54Fk׍~uI jUc!LZ{ EqQ J-S?[SwkAX:{VG<*(KWd#[['}tӇkFOۚ1I+J[oY-#:?ª POV̩>>w$=69x`"^J`'8lݡ2{#[#Q[ ZjC®10/"lҝlu$k >yaȵqY_ G|U`uQQf[^3?1lerڏ1Ml,GI[,z*%>_BvF6=B`^D?f}g~D,Gws@!F\6;jIHn΍6` $qҸM 32c #;D VW)Zݛ^=\Pܥ9<~bNoph~rp9ٹޕOdjȎrI&g C[rb\S?bu#~-! %lnr\R#3}͜|]\6F_Q8{kじw伔@ 5U%4,ݠ@2CSY$ e-Nv; VI%ǐyij"1æP=}v=,jAXΗkhUҹK{(3%(4QWH+xp"-ŀ' 4\%Qn 9􌮏LI_feWqW8QE.*| b1m@b^l SIܛSމ Ž :2u&\j_*Fo%t}?ZI*3#&;*إ`/Mqz^o #C2 Cͺ&Fp-1.!1WiJ'z5)CU5ig$]/y*/a)_Șt}zHHKZN|NqNcUoM7=aIJ@6Ap- GQsUMޅNRR: 8<#.sLC[ѫZ--u G++T4ɚnU $++-Rsq#qQGɉDw4n]{ͮhcq>]~)k4a4 3kc_jClwsu,IEwCP3&&ǿ`Veгc/R BCl Ίvc.3[iG2CY<LaAY,~% NeFF MHM-( o`Q<%5l ύ'9b,]R IDz!Ҿ(% 5OF0-&XPH+ym1tuWHsaL57J:EorZшԆD:HhHL ~eq{PwH<8~G '`0͕ze8. /13y VS),ԾLnrN'`UWgVfaIOgE@BFt>g&E鎡g\bsĩ>3z̅|ujߌJ!*G%ZL\~\6sn#uc8ݐ>pC!NSdb~v@ܘUo8(<~qs ]i{e (-߿,GnH|xg .S5}S:5S=b.['ݝ 2^E3c$ uԖw&Ri)Gk%O|=odR-^$FJ=jK?,+-,(Ji~ fAs[x+ɖ߀ mL TXdC|>~`ZX?xA'oRX,['b_g5[ za/'OuTi*1B`nvſ,V!j$U<Y)ɤ./*=ʠ3uV/*<ʃi'rNX/X!!#a62V @]'ʳ΃tpMra U_fEC7P*қQ"CPc:&`j+b. u8>|4w%, PG~:iq?fv#Xl}_Bo@:'*rY`!4b^VWpQ\56OdRNf\=(%7ƚLuS\^&k2'8N/IKMVt&Z 2L,R? #Kݢw[!NX%.l Ҥ`h|87qү/!gI?ap%iR@K:$ "X=4*cӊ+SĆѕVoUhm& 7%HUXQky9fȨy lod)eqJ"[3Kۦ3 ƧeyNi~)H;V9^ h{`gBqjAv51N"RPM-jMY#.cz{"4;)Ö&&ێ >h [E 8U5u>A(Y h?ʾbQ`bH΁,;oY9KQy+h[]뭯whuVTLzh9 r1P?C/W@a_7jiSXwCM*VGN|I1nEQ:p#rUIK!ݠ^XNH)!z {ړCg부D"nk='A *dGW%G(YP R&C|>3W;!9]T7̳5d"B,sy@toyZ#[LOpkd{j'^`C|#őU)F v(ɠDe !2QB@$gaڕ|hԨKif2\zͧ!DD,d 㾪 *y(´BxHrix/Ij9F\SFx' w_-\TMz6s=Y$ oA W|,xB?QUr\rՌG&&Ģ,i5yigDp1\Vr/kP xIztDYmuX_>(0G|ED- O(h(3Z(ĉo_2b\Rg!Ӟ $ EC6d<8옘h-o6์Ti")'-TEٌ>WqK H w=I&8~[tFqYSHSmj;]aPAz,w\Wqi?oJ~T9Tl>3]9$pm᭟ QYwS1K*n P6w:ij7C:=j('?s 9#$6g|x3T>]!a5lzG2-xxJ\iDZ8Ⱦmo4ZHxw͟PRr|s{/[(ѢBJ40Ǔ7\#2#Miԅ{guP`XޢMmU p# $Lon !BArU=V*ܙ|rkt9h+!bܷF{]wE,{$'ثV~=-7x>m5(UY6E)0ߚY`|8qu*11la8?O e'rLEc.ncO ߉Nb$%=472]r36# .6D)>$UEzGuviC;KEXBr`/\|tD/NT0f(0ѭ{i+y`G7onv.q!=ZN%7T2=33ʃ# ]`(*=L%6똉!š!$7]mXEeSo Ymn0ڇηvpRC|o 5"7Ė]A^UqBDPԸy zBޯ,-"Juifg*,L֑;q) HsTqS>LkD4sj}3+rKXB{QUiN[&dIKBƍ {M[Ev&$O&FzɡQTz#+K2D 'j^ Fՠj4nމ-A)tڄkm(AɢkM dNRZw}pm Įj2ItwrԽZG2ThXhC8֕ $uV2+׏!֚[l^(^Dg!a>kK沇+Dv1Dk%4c榋V|/0M$ղ4%1R苁t>mmoT;% |5PN1I/^][Lp,\Slu~&際0KMJb_(L&yV3MѸ#/"A'xEp%Jc;F)s[j8ӕ-SkYۭje b4 UyN}KY$nF,`~zhNNJ`{B۔''T"*3G.&üׁ:Ց^wv$\5nٸ(w"c()~&lMI |I$tn8)#J2g`[vF[jU Tehl+[J!~F!Fߓ TWahآ~Tbᑧ q4w-Gv1.ʼЭ}0'ƞ<]3nkZR,{ Ԭh0~E$@?%L\s +hObqr`9\8i5\aRW4 >% ՙ,x P˸Ƿ5V!? KBk)*^v$eX~eFtZn&z ҧgDGV,0^ iYQYBanUQ?J% Jl Qd)Y &oa@*8ϣLhSjLl)//H@Opp/ &9M& Q}@ M_?m$mme+O;C~vYYoIu|ٖl/ Y*zcZ%hVp3Gl/4k\˅v.C I#NC ᱌RC؁v?jFBx"wZs:iQ3ZkxA{|'ؖv3/ =e@c6#G׏i8 oK١̛hPЗ6qG }'B%a.b) 4[S}"`)cdo}!mGVM6\- pKesw1fbR_B826sc' <*?f%rЩ磮dy8 Q x{_[oFE_٩\L&yP3* cQȄ.qu{!`$ A-HۺYw OM5QxBO—vњ@;/m Ic)kԷݙP7ДnDnl,6ڤn1n9!KPȎ7iaF`j[qJ'%,{{l_qD@g"=ԉU4J<==枂Q&U rhW.T$,y3-Oo9 E*3NDܢDw6?(|z4`Q؜N"_0 L>^gBd} F?gp$+v'~ |#*_uv v[ûH7185fS1| #n5-ՍJg㋨";iG0( W!CDR≿>]/}HJZGx2ja lSƴѢtJS9е&5U]$wFKv2@"Rd|EWz9!mځI28QDvls km&mv(?ΰ.&$Yܭ w`,s@>,W}%ݜh~6E~ցvG"ds!F283W6}3s7rE٦ UXW*h$ Ҙt8u42EEp7zqoiT^ekl%D9&bͻ\RI"<&t@[7+P Wj Ș5}wxn R@掠I q~Tb<=)}6; e_ʴ⎒!DESCaQbM~,K-% M|F4ßW`=%+WcVJnvT?B71ioj^JqW Xۈ*m2"( Ѭ`S'9*ܦ60GCz\+Ůd <\ V=W8ʣXgQ0DqSV D,alNsg%Ceg7Zk&~PX;#FFG&u~])΢BgnW¿8!/V'͗O]~0YLc䫵`@%||/M-')yJR*^mI^r߫aT&"g4_C"3]"lWR#(ұ^CizPgJX ~Ԫ(ג9BL_Έ5uоn6iL(GI*I`ŊhO؊*X^FTgcR/hP}Q|`si,#亯;?~*$bZ\.F1`+9/EaF )xDu`{ RSmAz{w1{mlʊ;ʺ;wnUvډcц~CaHb|&G?48Ga+t& 2p=!y<4GBIA ?&UӞ? nFpFf&αBUhv(؆F|=$Jh]-*<{G9QFsިwm$IR%_~뿦id< 9lPSn%/$/®C{ 2fI␃ ΰ8;(P x2CJC<+<4-䚜: W4׎9a|B{i=8LW}` SBצoɲ% 2$ K<{KjU/ z[)jd햋SA0nke p*rze.*+7kW9DJאUJǗ%eV}Ỳt1^Gx;߽kc/` n%q9+?ԲJJ.;4cm/4}P7X T(}$_oZLը`Hυ(bL^FQp@U`}h_X"P8f^Ý Σ'XMyQo+Eˤ@7 7bccrjג`Yk4RQҚ`eO}{ er(Cd8ou6[:]b.1 %~1 {hNY#\khJE$'MA46XTm@N0?2fy %[S 6L)XYa"cܘI!F2 GtK;U uQF^p^N$?C$0,ۥciߝp*c ·7] ;mR\Ֆ ^u^tp k]#Hu Y0Iهt ((}E`*6"s~EO0#,9>8(Qh;]3G}^U4U ~t߬Tx3jٖ)@ Uw}OZ،}J:K" 3p~9LwI_}( 4 {/^zJARn~[gUHb N'oILL yR#^(G|-;&ՇGL1?tq+ -z*yDF>–dEHuMr ]x26M.0Q 9B?z` I?=е3WFߦ3룫J#`5B0;x ǓTFjm#ax) 3GD^U^`@[wݷX\[P'߷Y+Acd+1l/ڸ;H X` DRc@OX]fvQ!F@S^ϟzgTܑv9+OI$>Jz}Mb1D VFX7?MY 'V B&&2nY'0Z !_YDO@1d,ʃ 2KbG~` v!WRѫSf"jjsGiе tSwY9A7 xn\脟(Fa*OygvmeT4 9H^lA8rM).,T^;2j⸇~BY K:ɅN:toqnNBN3ykX5 M@!'=Lcy=HHI}fGH<&0π?_G3;y&Hxj=$