í«îÛpki-base-java-10.5.9-13.el7_6Žè$>èì*tÆ‰àgõÎßpuœÉ,Ù—>ÿÿÿÐŽè7àL?à<dèéêì í Dî ï ”ñ ¬ó °ö ·÷ ½ø éü ý þ % ,' È' ' d'' g' P'ì'¯'r”'0@¬°(38<õ9õ:G¾õG×8'H×Ô'IØp'XØ˜YØœ\Ø¬']ÙH'^ÛâbÜcdÝ2eÝ7fÝ:lÝ<tÝT'uÝð'vÞŒwß'xßœ'“à8Cpki-base-java10.5.913.el7_6Certificate System - Java FrameworkThe PKI Framework contains the common and client libraries and utilities written in Java. This package is a part of the PKI Core used by the Certificate System. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\Š.óx86-02.bsys.centos.orgŸÎCentOSGPLv2CentOS BuildSystem System Environment/Basehttp://pki.fedoraproject.org/linuxnoarch PõÕÖbÌ £”!& #-+,).*)&##"!81;8+70#%Aí¤¤¤Aí¤¤Aí¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ\Š.’\Š.ˆ\Š.‰\Š.\Š.|[!¥T[!¥T\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|104e693105a0f33323a500b28140eb73edbddc312c59aff2af732bfcbe4c468394551476c6e1669c47fcfc7410317b2cd505bfe5c3ecefb1e74fecebcf90f871b2df657063377311c021e0fd7006b3ab5ad93e365860dc3ecf68ba0078a90481fdd8d5ef0c8813c633e77997d6dbe23557a5112937962d5ab7b1053de866027b643b71cec56efdc737a20687bb05ccbba40c3481b2c0e100ccf53331e0fba620/usr/share/java/commons-cli.jar/usr/share/java/commons-codec.jar/usr/share/java/commons-httpclient.jar/usr/share/java/commons-io.jar/usr/share/java/commons-lang.jar/usr/share/java/commons-logging.jar/usr/share/java/httpcomponents/httpclient.jar/usr/share/java/httpcomponents/httpcore.jar/usr/share/java/jackson/jackson-core-asl.jar/usr/share/java/jackson/jackson-jaxrs.jar/usr/share/java/jackson/jackson-mapper-asl.jar/usr/share/java/jackson/jackson-mrbean.jar/usr/share/java/jackson/jackson-smile.jar/usr/share/java/jackson/jackson-xc.jar/usr/share/java/jaxb-api.jar/usr/lib/java/jss4.jar/usr/share/java/ldapjdk.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/java/pki/pki-tools.jar/usr/share/java/resteasy-base/resteasy-atom-provider.jar/usr/share/java/resteasy-base/resteasy-client.jar/usr/share/java/resteasy-base/resteasy-jackson-provider.jar/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar/usr/share/java/resteasy-base/jaxrs-api.jar/usr/share/java/resteasy-base/resteasy-jaxrs-jandex.jar/usr/share/java/resteasy-base/resteasy-jaxrs.jar/usr/share/java/servlet.jar/usr/share/java/slf4j/slf4j-api.jar/usr/share/java/slf4j/slf4j-jdk14.jarrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿpki-base-java apache-commons-cliapache-commons-codecapache-commons-ioapache-commons-langapache-commons-loggingjakarta-commons-httpclientjava-1.8.0-openjdk-headlessjavassistjpackage-utilsjssldapjdkpki-baseresteasy-base-atom-providerresteasy-base-clientresteasy-base-jackson-providerresteasy-base-jaxb-providerresteasy-base-jaxrsresteasy-base-jaxrs-apirpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)slf4jxalan-j2xerces-j2xml-commons-apisxml-commons-resolverrpmlib(PayloadIsXz)0:1.7.5-104.4.4-54.19-510.5.9-13.el7_63.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.4-14.6.0-14.0-15.2-14.11.3\f©À\T4À\Rã@\À\U@\½À[Öö@[{þÀ[l,À[`O@[UÃ@[>@[d@[Á@[oÀ[@ZËUÀZ´ì@ZŠ¼@ZÀZxG@Zg#ÀZ.s@Zþ@Z ÚÀZñÀYûÀYè“ÀY¿µ@Y·Ì@YšË@YoIÀYl¦ÀYG¼ÀY>‚@Y5GÀY-^ÀY$$@Y"ÒÀY¯@Y#@Xô®@XØþÀXÇÛ@X½O@X*ÀXR…ÀXOâÀX!¾@X&ÀX2@Wû‚ÀWÒ¤@WÎ¯ÀWÄ#ÀW¼:ÀW±®ÀW¨t@W{¡@Wu ÀWgÚÀWV·@WV·@WV·@WV·@WV·@WV·@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) !"#$%&'10.5.9-13.el7_6pkipki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarjavaCACertClientExample.javaCAClientExample.javalibcommons-cli.jarcommons-codec.jarcommons-httpclient.jarcommons-io.jarcommons-lang.jarcommons-logging.jarhttpclient.jarhttpcore.jarjackson-core-asl.jarjackson-jaxrs.jarjackson-mapper-asl.jarjackson-mrbean.jarjackson-smile.jarjackson-xc.jarjaxb-api.jarjss4.jarldapjdk.jarpki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarpki-tools.jarresteasy-atom-provider.jarresteasy-client.jarresteasy-jackson-provider.jarresteasy-jaxb-provider.jarresteasy-jaxrs-api.jarresteasy-jaxrs-jandex.jarresteasy-jaxrs.jarservlet.jarslf4j-api.jarslf4j-jdk14.jar/usr/share/java//usr/share/java/pki//usr/share/pki/examples//usr/share/pki/examples/java//usr/share/pki//usr/share/pki/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnudirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)C source, ASCII text?ÿÿüý7zXZ áû¡!#¸‡,àûïÿ]"ÌkÀ%ŒIÁG¶›ŽLÙ\(¤sVU‹SrºýM¼pÕ ýá†$Hœ×R¾úêÒ8/ ¥*@rÊt¨øZ…tôák,Ÿ]É§P‡KÊ?¹lWI» Lè-J_yK"œQ9(Yu‚³ÉEðJÕªIô"Ol†×3ø#ãÁîà‰º7éÿVÄó ån“]ÝÜühÊ² oYaán«Jl‡[ ›ãîfËDIKÂ(µâ5¤¥üñ: &€o´Ö{Äyf·vÎ½/Át0Š©Äe\ëK!®Þ–ÞÈÄÔìEd)\ýh„¥/Ä4¡[ŽÎñÖ¼•©g¾ C.Â.7X\2Rš<'PS‰Ë†qH”Y Ú½zats39JUzòœæSWdÉJÎÃêÒËlŸ¿54¥®à*‘³ÅtqÇîÇÅ¶é¯´™ýÉ½¨£ºäð-“ŽI»cŒ¬Ø‘—tÔ¬aù"¨ÎÓÂÝ,_±ÎáÏ†ž[˜|N§3šIÃ¸ÔSxUëeuËgd<Á®§¹û{‘8äy¯°êP²‚u}Bý38'vsðî“‰â•Ÿ½Ð,ã6QvÒ*”TÞÜõÜxŒ)ÎtÊãB=9Fæ»€1+|Q¹“ãQý¬µ>ŠäÑ±y×Ú[§çœ8ªù-v²à‚6ë˜)rS…ŒÈ¥Eó†µ6IŸKWú3û.Ã‰|ËD¸g>}ã&²¬2å`Mwš>1Î¯ø±ˆYÃñÎ‡šÅÖÇs¥RÓ_óç ú59øƒ‹õ¹rÒŸXIâ| KûjÉÎøø«ÁÁ¤ˆìp¥ÀújêÕbtÆ ûnÑ{Ñ,ý˜Mp7¸;.ª<þ©Ôß¼¸¬³®Þ’}ó½@ê+“|ô ‚®•4N©²»À*_¦.Ë4;TWQï@½€Vaƒ‹ˆŠ0'ñ;ˆY»çM_ÈøÄj÷ÃÓe=B|í:¥'µ€æî§§›õ•V}1¼l<(=[Ý–`À+æŸb„¯´x¥±œKDÖ[3œ½Ç1x?Úºtrkm–9ÇO7h´‘‰íª••¾J=HfZó ¶Š“Gù ÝKWmò@ô=4¥xm)õe†íýR†k$˜H¯è?ÇpÎ: P+Flm±íµyäyé'ôÐõÞi‡ß*›ÿŽÿ³ÐÝAðý€Ô1k/8ç…Ã°Ši#„›6Ï¯†]ÏÐ²-Ð&F){ƒ´AÕôÏ‰ðGÿ-a¤ê³[y3R¹p}£çPÓýÞmé‹œãôÃ3ˆCê7*qöËcÞÎ/±qÈ‡Pï_€æ(ÆJ Êq¶ü;¨8Oƒ#µ˜v»ç]øàPdžd+IÆÊõ®½×—v9ÓÎdž±sû+<ä2ß´ââŸséŠß»¦sˆ+j›(r½²oKƒg³¤ô.7Î>§°Øc×Ór1ñ†à5¸QûØÙH …ß°bž±Tíå€6*ÚÊŠa“‡ úÑ“È,‰¹[BÌ—Ÿ™¿½Y[¾¤ê]@‚âßdÜŒžŽ{!7²ÛðxEŸ…/ßÐþ:÷ÆE¸B®',º1Ì,ŒÎAÞ:¯ *ùÔø;3Ã@bÒ(›'õ>Žb^OÀ“sT#BK{q*3eÝÃãæ›æ„Ì3I¬á3ŒUâ!ñøÅžþÉ¦òÌU-þV»Ã±ºñ ¿ìñž‚ë°HµkæßN”-üÆišKÎ«“¬;EhEÙuNa¸@"vŒµË©æ¤sÄtlä¬¿]~)‡Éî¯ì9ÕÏáéBØLKgÏc–Â×GJ]½öÒ4H$×;„38cb:d7zí¦BÜ±VIXR«Žhµ÷8æ¤õi*¹.D–%pŒ¬ã8@ŸÛË/I[HaõˆËèdß¶y“ìµM¸ç#| Å üÈÿ9ÇÂVàí‹2Ky¸„|c*$Ïè|“€v•Oyt˜5ý#ž±70Ÿ»²¶ÔýšD,þ{™åpçÙ“ÙDÕD`P¨!£DÌxÞ†Ì¨ž'‰ï‡59Ûx ]È<89xÀ¦ÉÏ¾s…ç_%cèÑã)P7_§ËIda—[ÇOp)Ÿ¡F_=þ/tVêÖp£¼•ÁÒ[¸y’;ÞÎ0D=ÉUJº4¼µ„”\´ÐÖÍÛ‰f\L“`g3÷âXNÓÐ¤Y?p„Jtn*xdfæßQ*©´D>Ø¡†ŠŠƒÎØqÇ™„Ñ“ÛÀìßµ —FÜ†Q×¦ÈNÓ {I‹íGóûË›!y¡4â#Ö¹’œÍomV5@ö«êúþ8Ù{0$æ¼ªe¤_„aõBM(ìþ3bÑœ}›?—Ù¶†qÞòY?¿2¸rVbkŠ¤jªÕ-oÔ9xÿ¢ƒÖ7§ê©Ž[˜,Eü3 ÅF[S¬¼Õýá—¸ˆ’ i"ðôÜ;ˆe"V„“ –³4 ¤ˆ.7˜ ¾Ù/2è¤/™Šz}…}¦5¥Æ¸¤k:e¿ófüuÌòÉo ¯5£²Œ©G€òC$J/f©Gá€|v=*»Õ=0ÉýM±Æ-5É¢ØdÝ¸.Ûû÷b-î_¼£¢ØÇf]Ý©¤Ç4^…6çÊp7`è‘,HUCh‚+®v¨ñ×0`Éb¦—]áB/ÁÕÞNÌ:Û-µÉsôÈJbsÓ•.úï²·do´ .M}(}BWkQj…,é#ÀyåH }§ý(¬P!®¨ ÖhÄ VÑ)×ŸiÖ°àVrêT}p–!Òµ:O2U h°‡l»ºÛe«’6¤Ÿ¯Kx5·‰æiA£lÌ€!IëIEž½Š ¶N("—ôÉT¥U× ˆÍe}GÏRNÿóÆì—Ž§Ÿb<‹È½Ep ñ¸IŠvæùØ}i?gôvÖÃSn°í´ðñ)8ä z½Ké¨œÚ˜Š>Ð» MîX ´ySÙ¢%¾áÐ7œù_‚ŽÄ?S®]rêðm Œ¿E§EÎÑÚ¾Ø‡¹¾Ôÿ˜ÿ,mtçEŒƒðëÎß©ˆ“BôžöXAò˜š!© íæ[¨ó¼¿Ítá1›à w0.¾ØàÈ™íPø!‰0þOýhïIl-~ób¸Q‹(w‹ æ©å¸þt¿Àø³ïÈg¸¦x&›¾î§Žë¦«_S^z„ò*›k…çäî(2íóH"]«)Ä˜2NYø5ÙìÏì}&!œ%!oYÑ1Ö1ºä‰Üc#ÑBKÈOˆÎÊÛŠEÙÎÊþáú>÷"¾ÅÂAƒ£žˆdE¬¹J„Þ‘ÄÊÖ žåb*ÄàIfæåÕ oÀXZtÊÀzòOaÂôòÇ:8ÜMñ¶a¶A`HsŽAËòÍÝòø½ÊÅ¯*f¥9ogþ-FùÄåºÛ¾m²ø4‹[Q3ª+œwÀ¸ÿ¶M¨?9 Cü(7ýw¢8ã¯Ë©7Â[ù5Pã\—]3hÑÙi1xÆ(é:ÄÿÍKD<ÏÉ‹w/ÜýcS~i„â§ÐÁ†nä¬¡þéLÂñM¡ß!<êÜ6Õª2ùÕ2$V$‰©ž–¥Páòû×RÈûp CÔØ~µIL:¨u ž†¯X”ŸÅêi2$0íò¤zF7\nuæò80 ƒä©[tšm^+¬Ð5ñt³øf€ŽorÇŠ¢‹ ãn±I¡Íþg6Y€Øå*NÜ‚ô¦wÈ&¹{ºvÕ{=²ÂTþŽ2@rð-¦ óPcy+|šòúe‘8%Q½G·Ÿ ã?¯!& juèç³V=ùI\×/;g‹Øÿîù[(ÙéÖàû–áÿ7MÛø»=-ë¦óøÅã©ô¹¦)RV¾‚#‚‰qYžž¤äØß›§.t.øùÚ}Ðòo€1œ‘.×F›ÍŠ£8{N¤]£ Í¥’®ÌµX5‰J« ÷ÆbF"¼¶Bœ»2¤§ŒçÕÇ,DvvAöìãK«0¸%qv§Ý^3 b¿ n‹µœîÄ(^^ŒƒýEûã¿ïÛ´SÇJÁwf>P÷ZÀ¯&ôbüÉ!Á |ÂA‚£ô ü‚µÆ^-“38˜ÉŠáä¡…ò,Ü‡LôÌDÐàM7Jðëa0… MæÁî_¾ æß³ç—>Y¾uˆÊu—Eñm˜0ÀžÃ»RÆ¯Œ¼×¾cb"é…yÀk8pwhŽõ¿æ4ÁX+v,´¬˜¡0‘øårk¡ñA w¤•ó„¡ì°òÆ¿5ðšUi³õqMî?G–)ºá–ûÐƒú¸~*ÁV·Þã}¶¨c-ªô`‡ŒŒy¶ÄÏtžVù°$¥ygÇ©xxšÕ±‹ ,ç¶ŸÒ(n»¿¢“3uÙ¹)˜‹µ°¤ÛqqŽ JÈdÈá›Hú“@adÊ³ÜËrGÒûº¨É'k(7Ðå•«a=ˆ4ã¶á5Í?™ÓHL^YV:V»g¹|ÐÂÍdF‹ë^-m{6„¼˜M¼aï‘ò¨ÿ‡e¹Mq úf‚¤…ù@+‹îðœkÜÈ™éÀsZÜòsnšÞvÁökGë$>;™3¡—zú.è%Éý^x©Æ4mjK°h¥[}FF%fÚ-y²¡Ø@X‹N‹¶íªW©zB-M 01ÏG^„¸á©+ZDˆ4ú‰Ånº°ÈãDœÓ£U•LŽH…_õÔÝß¬#½—#®9•p®=s‰ÊÏ|1‚éÁUHíŽÕÕ"êYkŒºàô'ŸPý”†py‹äÀ-„^T/ìÔ¸0‰ÓãL8¸°34^Š#ÇŠ&a• ~X»q%«{¼ª$qé@‡/ïhuÅÐV{ÆÔ–Èûä°ñ¶Æ?÷Ë[_;ÞFØ Cš2¦ rù@ßIÐv™uÃ‡á¬³~$@Þ¤²<>v¿¢ N¬¹ô3wdÉ_Êñø®ßz…";ZÛ/±‘dbvoy }+—ü<_˜#;þ”íÉ˜ /ºTÚ¿îSþzÎÕX£·¸!ÚF¸XÙƒK¸SÅØŠÙÊÁ!µ¢d[qv•Åz LˆGZ®³ÏˆëÇW7!¦bPÿÛm¿4"3”bq/¿v`y›ßt8 npæo§ô»“çœ²Ô$ºŒõŒ‰•Kë;f2GçÛŸâÏÖ¹nMÎR÷ìQ ~|:×v–¢w=I¼•pL½×‰w& Ìé*‘ã¤ÿñl^U5g4åsß!î=¼)±$¦¡œðAíé0u.¶$Öp~PêC#BFã1°a,ìÛ¡µÓ?ÇçMÛýsAªPÌ¼Ü _»Rä½“v>\&$ó4“‚2T#t›6âC„B™ä ‰©xËÙmo¡Y‡'Í¼šž$jÞ,Õ¤sÄ4MMË-FS~Ûú±Õ\<š›¼ý,s†ÜÁ,~l²‰9n Öxñ»•êÛ?¶ˆîÌÓ“Ùoÿ·˜¤<›iÍv`}m¡ÎÉÄü?¢;o‡‚¯¨û¦‰çmÙñs¨)ÃüTýé¹!¼·ä€‰u„gD3ydÌCée™/8çFØq”@æOkgÊëïy¾,¾[mW?èR'íÏP?AÅ6JoÁSÊ l‰F;Ç`}ï1±ø¤hCRA7å¿roÌMaéÏë…/YSLbíã£÷@R{0¹G©Œ}=2uT¬¢¹·9;®ºµ-ü\¢¡–¢· €Ô•–Žá<\þþ3Ï4>K7$¨@(—N\p÷¡x´#ŸµªîQ°Ñ´±ãcë²?“‰bWer¹N¾l©? :î>ržõƒð#zµJMK8ãÇ_Ð» bÑðJÆAMÑºŸÂ¨¯W"ë¨ü~^ÏúªÞj.Î«õªæŸè8Y˜“ê`AiSZú»(¦lõfTÂÖÑ^ä«ùNø¤€j`nÆ:•!òkÈäÇg!ö"éÿ¢›•.KD:Æÿ¶Þàû4çõô!…rÉÐÙõò ¶Ó:–ÜÔÐÂñß:õ¨—ilùÍ‘8ÒS6¢Œð€ù÷C×Uæáa/"²WBË¨acøuÌÓ2Õ²ÿœ‚A¤UË-+Fš>ôÐÙÓ™–Ž…ö|ò,RUY‚™KhsÒžý5¢b9BZG×L>•«‡ÂW½ý–ÙS×ôÿ¿K,v)‡ñXÎÃOáÿ§B×ö;Ð3û‘H±êX4ÖçÝÀÂšéÛj5Çºo|Pý>^¯ë´*"+MÐ¯«@n!)\Àt0ÓÒK®M#Ìù»ÿg–vIsÉŠÙ-aƒk°òzßF1ÝÌïã®´"ÛQŠ>ÃÁ£úaC¦Nç¸ $yH\j ]oi)IÖ 6†h§Ø±tdñà%ƒßÙxÍ9–Ùìš3w€ÀA¾%ÊãLä³qÔL-aŠp,eÌŽ®é¼¦ŒeoßÞ ‚`£æh&aEÂ2£Ug–£zì(UŒ_3}™o¢˜ÀzMh7óê“³´6;l/IËó_±¸Ÿ®uá7IÁ¾æå kû9áë]ôy:ôÒõ8¯ú™:‡®Ýé½wfƒÃ}ƒ{¸wõJ\Í‚ˆ,¿´S€¾µöS{ÝÜDÌGXmÑ£e¹©åä2G6@X€Ü‘‚n‚Úž }Y ¦uKéðAœÜköÕêŠÀc6«èøK±AÖ C„ù”’ ’”Ñ+û±pA‘|Â2ÚwònÞ>îähMÀ?æ¥D“÷Àü/ %îù+T2$uÀÍE~nÀ6O¤I¾p1¦èb÷%Ç”1=W¹á¾g•¥o‡M›£gÛ2hìãÉ¡xÏk7*W`v¬cVCi”ý+áÌü1Å˜è1®UÇ$Ô»Qcññ¡»L‡òz&T4SË#%ˆtm×[î‡ñÈ¹úT#³ðC£–a9–öó…ÜòÿYè]EÓ§Z^ ×±73TýÅ¦Å¼ÓüM¡-9i¾“@ó}9§ZÉR\ˆ …ž1-•Ü]¥‹Óf4]«‚´+Ùks™ÀGÔ§%Úb!–Ê½¬†³\…œÈ Fë~m˜œS?‘iyéäp×0!ÙìîÚŽKîr²Ñæ‰îùÝ§÷m7Ó¬a²Û_eØÊ{šõöÄjªâ>ïÝew(j²ý«ñ¡r`©vW1:kˆ,ú%dýïaA0º˜i ±iÙóÝku&þòb°ÀÒx‚?ÎbEÌSMøYúì¯|¦{ò¸4:JËÑÖêÏ¢Su5Aü\QòTh8µyæ‚×°UUÓÂnàß4; iÕB½¨éº[’fðTKE²¦ç>bgË–H:c•jÏ¦(ØoR¤}"îÅ¾Ð—üâéÒH€%¥Û¸u Ô²cvŒKrhnÐäÊTük†ö¢ÉÓGAc)Rçv€zÖ9p‚Ù’@NÕøŽÇ;ŸM‘À2õOt»ƒ„×—¦Ÿþ@šùéVxÔ<¹ŽXƒÊë:,äÛà¯ÍFíôÄ,ºØK¥Ù”g”í5RX'*K-µCp²¼¢X* ÿ±€>®´êAýw.þÈ Æñj¶ÇBÆûj|8LòHûü á0ì£ÊóËhßÕ#¶¸¬XŸ¼9¸hÆ*0Aj>ÇˆÔ§Ð›Þw¥±ÂuÓW9œN,›:ÅjØ~ÄÁ©£Ó÷VœD®Hgÿ, BïæýÎPÃrþjI¶o[õ¿‰Àºqë33õ˜E$ÝYÅ0Q0ô[Ø^ÚéV!æÍ¼¡A9CSÁ§Š+Õ\*L–V‡¢i—lë?Ò»1Äô³Ê ¡J}p-|-BÐxQ9>lzòW1"l¢ùÃÛ³˜ÁØ¶™G;…”ñ©‘Ã ¯ûß7Œ¯”{×-ÉGÓ‚^ëŠìbŠÀ q²N´86x:%+_»“¼{áVe›@Û×÷>‘™ÿ¤¯8T+ê–[5§Ã¬õ…y‰×ðÊ®Y‹w|ÿjŽC,ýð£mæóÁ«;;¦gv.é&Ð^f¾¯’¤¼÷wœÿŒ.D‰{ÿ›ãÁ4]ªi'˜TÑöm†fó‰DáûÝë0+°ŸÌæ7HM€ÄÞSÈä¦ˆM'ÂÐù°Vh`(O"¡›Åd…‹_J¤‹d ôå’ ùN”uÜ^æð*—ÿgÛ1ºãªULù×p•t×—1›Ãb"K[\îu©ÃOá„FÉ§bˆ ø Š3Õ÷ÑrceÙqw+*ŒÏVì@‹å7F*æÎ…ƒ",¡ð’R{Â´™Ä tÜf1ÿ$WÈº¿&2Ý¹–½ìøë€Ð~7& *´Ç‚ó¼L$àw4èëHA*À*×®øŒ ¸‚âömÍo.Ù$âCÌ§y¯å¬§‰FkòŸšš‡ƒ ›°9v¨¶®uïò3¬åõôÓ¿õb°³ÚÜôK{{&l¶0çjÉªüÙ€E7ž‘³˜M³P“î‡À¶h’–¤éX¼u¼îrï¬@¾ì~¡¡´E9² $ÞSSçÎú[Fc|¾;L™ ƒ9ÒUîJÙ …G|ƒ í¶o³h`¹ÙÈeÖd.ñÕwœ’÷g9º=ÜñëT×«·2×›óèïNöëpÔéž“PBZ‚®h¶RI.·íÝò>ûpo;yvl”ZCá[w|³,9ðgC10“JÑ>ÅMPG‰àäX‹vÈt6$°Ý/g¢À:0YŸD˜¥tNð"/ã‘¸M¸ÎJ¸:áÖÌì<€ˆñÂg¾˜ÇV>•+„¢•o§´ä-0!Bë&—¡ýó´y ^ê–°°ÕK5‘¦¤nÑ@Y=?±î €¨Q`¼ô„þš_âjÔÖ$¤ö¡Öô+´ž¶ìSF‚¡nœkÑl»N6‡&¾ýÞèfò‡YÙ¢0ÏâN¾ÔÀql´tHQ\èÝxq[FýS7tRÝt!-:p:Lóá&{JL|ü N€‚öà‹€·Œéiù]I%%óp9(ïAx®{¦v@ÕIWÌ%éA2Uå-Ó.”HüåîÐ³*úÅ¾|[·8»aËËž„†“*çÞ"A._6ÍÑ×p\À@<PŠý«¿:ÔG5.’t§ÉÄŸ´Œ%x‘¼E” 5‡Ëø‘É‹b‰óQ¤hUÖ~VÐW8xn>“*‚¡å=É ÙÛÞ·ò÷ë?Ý{,YðÞ×ÿì]e†§©{vRU½ŽÂ1€®•ì-§×Î8keàÈ!äö=Üå+þÔàÄÁ»LÈÄÏ—@bÔµ€˜ãˆðk{c¨|<;ÖepLàj³¢(Á}îBƒ ¯XÓýt\^¦¯n(&×RÍô5—D×0C3°üq×& _=RøôG›ñî¤JÞ=Ay.„FÕem+ªÑÆ÷]ÆäOHGåS>û›£òÆ¤tÓï\ôöP”D:®-.^t\P£w‘ÙJ ñ:íJ¼öZ÷¬÷pèD]l•"¢uéù‰µ¯µqaGÁ&N»ÊÊü-m‡|=Ü—¬äßS¤¾ÌÃåxrHÂ†éh[™W¸Ãs1ç„‰ìöœ$AZée•ê“t$Ñ$–œz‘®Iá˜Í®V¡ÚCŽCo¯†| °p¹×ÌŠÐÐ«Î¤7½MI!þü²´*][Y³ßüDÞ{Kßs¤Q©‡ï¿‡ºaR ŒÓGœ h‹W¿=ãdÈ ˜V•¨e¨†.ßÆŸ¸…î&¯¯_ýÈ}ÙÇÌ-.¾ }%ŽlŒ˜eÕ”fQä+e ¢ž•Ù£~¤‹§d‘Z€zÞ#‹3ºÃÓ(³ÍoÜÿ4`í_„MŸÚû+ \Pd&¹d…úíã_Ý°žûI¢@ín˜~‰ãgó–©úPøBÂþM‹¿ *rÿäš|¸QUAõB¢Š€é*”ª¢z’ùæp¬þÈíð6KK¢fë>’`Ü–Ä°ÛŠõÈj§'Å³ž|mq jë¥Dñ…) ümÅ¯¦›ï‹@öCi€…MÞ9áJïRï}æ$òm³zy?¯˜ö¢ÝŒºóŸn€x$’Šnôß?íÁëdÕ‘õý²‘§Ë¡Å-÷Yn‘Ó&<í’ùÊˆe8m&æ#Õ|c^#jÄO6ìPHÄÂÐÞº‹z+Ö¼e‘ƒÑCûbcÜ !?B/Ï¥“ÇŒ”$UÖs`'j¦×ìWýÈö×ÅÌ˜÷®ó)É¶hN»òrD¾!°+™ÄyDƒñuì³ãªtô²Ã»íJÇÕlèšö2ä{Ÿ–8¬`ðã•@Ù5ÕrÏYY×ªñl"*v´W’üO,»rwë›P}ùtªV}(pÆ)Mã+ aP¶ qOüUP6»…„ÎrOæPCƒòœëŸ¨ ‘…Î/·±:C5KX×ÁCüç4Bf ïÉªqH•4÷y„Á šc|^ ë/D…¾¡rj¨‚ÇÃuQè.)m ÜèÞŠåÝ…l‡²¹ò÷€¹1~÷A’ˆÏ=üîž¾‚DA]K&7%¡W¿cóz´Ó‰ÌiÙö¾ï{ò YÑ|Öª°¬q*gª³DE ¹Ì-IòfU}ÍØox9w^ÇãÙ¢KªÛÃ¾u$“³ÿ†Û´ïnðx…öæ½øðôŒ?–ƒ^ÖÅ9¶çéxÁ±Š=Žå—ÿ¶›¥žaŸþ××ÕŠ_Õ= {oCž`û²åW\~E1(»ú_G%ín éÒ<>ê[XyÕºÞ‘ÙŒî³ï'U'ã*‹WLOC¥`ë–ê“¥ºóŸ½ÿ¥ÞH{6riÎÏ<'Z¼'×¬=@;2êè§8‡^„s^œËÙ&öéÁ ”vqR–JgÈ]É02ìØ\¥ädKº!I¤‘‚>žÑzJxöšwtº¯Ã«Ã)t¼ÌID@=kÎÞ‹Wp¨]“Ö„»Y'¿%%ÄZõ=÷/^‘Kg{y1ƒ!®N…ÝŽ~VóWµB’Ë2¸f`µÝv<ØÎ&Z…“ñÃ•jäÆ?0Ri1Î¯›"úDûE[Û¼F1v†1äMÁ”vàâó®4éóuøòmC¼YE¥û«Ún†ÔŒÏl£„9 Ó‰ÇÉÈ~}8 “T%QZx¼‚[g™ø¤ ØùºŸÄ™íeºwÈð˜ë'ÝQ#*ÿazµe}èlÔY4A¾£ŸáäÜÒí”Ù¾W\'Öƒ0ø½D£ hq5ÊwÞcÜÜKQ$PƒûJéÐLö¸ÇRcð° ¾!±ëp‘¹|À$œS®k¡XØÃºo¢f‘“TŸ3¹·!#ï•¢bXê·ÍÌO'qYÆŒBÒÕ¶PxrH•pRQ (a ƒmê¼ÕF`²‘‘_×Q¨yo’•Ó¤øÀ¨ü‘šÏá¥Ê•ã—ëœ÷ñÖ:¯za9~uÆX9Y>{Ô2ãŠé#Â sÐCLªD«S?Ðã wÔfãŠÉ‹²Ë¿ Àß²«cÄ*îêsØÕô“<ÌõŸJÒF'Kðù%kèeÿx³¡Fç]F(a+¾xî'ú(Jï"ºòïaùwÛÔåŸr’Wù§V¯mŠ[bâ\mt( ‰ò¹Åå»Ðƒòi÷¹«¢OvQ!yíÝ£ÃUëÓ©ügÁgØŒwkÑßôzž>¼´¾GöN4mUƒ {¹°õW!xfdcé—?e–ü~ã[Úp¡]íVÌ(ëÌOÌQ@1Eè{F¼6<Î®¸ûõk Ø€†ƒ‘bÙ=f×¹~EŸ¢#ý•9hºèã^`×\>øxg¬:H*õôç` ;øa¥Å©°šûz9AéÍ³ë<çãqÊã˜:üÚŒ0ûº»‚üÆØùƒ`±UðõØ— ‰'6ž \(|<)ï>ýPÄûÉa4`V²ã©4{âé‚'r²‰åÔ3UÙY¿N%ÑU4ãu‘ò!¸põ“ø5ÔÅÔDŠg•çŸWc@›I7=-„()ÿ›4ÊËXqÐ8ý Ú·‹"_tŠ™ó€×eMýÎK‹*l“>5>sÚ’à{(Z… Ó×þ¨ZÓ7êè½A6ˆü˜ŠHC‰Ú‰ˆª–ôqŸ7²·2è£œÛsZX¼Š”vû/©ÇÆBïó¯Ê÷Æq²{T´vÑGî–pÒ{nGV¦€MzÇàÐZÄýž¥t2ÕË6Èhï 2t]û¨ÙŽ¹ñ,TlòË…ã·ÀêCâmÞ¹¹Y…>1(ïŽÍqQœ$ºŸÂÕñ»8ÙyYk¤‚FZGí»41ê]W–5–#6Zn\ç¿Z:ÕjÚ¿lÕ6ùØ£™¨^-#imxý_÷i«çx$L$‡¶³–³ŠâhÇHëÇ¬H>í¤J¼C*¤ÇTÇcúòÈµ:K£¯öæZÓ4;Têum0ñ³üf€J|M'<ÍdˆÉ=Ì«X:›iAÅR(+ÄPˆ+&B—×û¨¤X{Ãµëï«—³ä=ùhˆ•·«ˆß_¬ä0Y¶2ž5žÈL¢²åçƒ ¸¢ÎüÊk£}eŽƒp’xƒÙ£áòŒÄãŒ;™ôì.Ô¥Pl÷†¹Ýk\dÁÜ³Ø^¶v4Ê^\ßÃ\Ý$Rü&žaºÊ,Ž¸áP6N(O¨ÜiöQ©wì$ŒX–¿{ry'tÿkRê/ZôSÞª.³q‹llÂxá†Q5ù·„&ô›-ûÄÍ’À0åZEMŸêdøK‚Æ±†Âª‹{4¹¦ Z€¦½o3‚ÜûL¹ó´ †\9·•ÇmqRËPY¹‘0$+<ÎbèbÍÿ¿ÃƒþU¼k<¾$X˜:©†…Šm›1›+F¥ïVÊ6õd|Ç‚[Í‹Ñó@‘c_yƒ"5Y÷?GR ù½–B²º†eËãœC@ôj±DæGU#·Ý³V£E’¢N†|~ýÞsáµwÖÎà£Ì{PôßN¬3Å¯Çä¾Wn¥·÷‘K‘7æ–_ÊFÜ£ÊUm)òR@–•G]ÙNË/A,W4{9éÐ%Ø™+„+÷Ù lwÀŒ%Œ]Óm¾>Á?ï¾000ž+åoÎ "(4C-^ ©ðØ¹&`ºÑ*å3V_'¶‡°züw°VöDlÛ$E!þ$‹Ž‹Æþðo/E0Ô£‚poD#ä_14ãwþ%5y«3ý=CïÓÖúFOŸ¸N*4ôò_«EdºâÐN'³˜ÒrœˆzÌŽKU¦>6øüq@–Î°#äs•Ë{¥¿…Ï¼+ø÷u³¦¯o‡9èâíÿñ“ÇAåC˜5ôRý,JÄ¸*Et @8ÜY8þ´þÌQr&bzÔ|Î¯¨HqäH`ÂF„¶$hF‘Že›ëÍö€8—üñßY«‘·ò¿P¸8›²ª±ÓÐ£”‘›ö;+Š:±² ¥î†.»ûÛFïUîƒã§ ò×Ö˜æåj<×Þ"9/èðâÎ!ˆ/_Óì–=OéÓ…Ml\q°gB÷™R¥íeŽ$lsóÑM74x{;NÑÉIÓ 8ÁÐšŠwdZŠÅÙ\–sÐO@Ò?>”©êfVtSDäÛ^Ò—¶Ü´{MMh‚WÌcj àè±ØºôfµjÖÒU3(z6£Úøl…áÏvl*Ä-È`zžjþ6lNgÑak¨~ÍÀ-cX´6LÊ6§pÏ˜ŠÞ[±d€e4ÓÄ>òÜ’=ƒ‚è>ÅmV¢ÕÅ€PVg¶LNœ¾‚öÄS„Ðëf]'º(/’%]5˜VÂg²¨óÅ¿äjrØˆ·ÐåªÒáqÐ |¹»×‘*`NcÑa*K~öÏE"÷ÑÓ6+ªx •Ïâ¾ö$"˜ ©«À‘G.Š±PlÆkÅ2ûäËR*Ö!¡ U;|BYršWéURˆxÐ±º›C¾hÎŽCrãc×Ø ävú<äA/hÉ˜-DÈ¨&k£{xémf³ÒíJªÃpÜDÖcÐ•4J›µúáÇÀÉ«Õæ[öÎ‡bzªFá¥âêØk ‡_!!x_Æ9¹RY3¶Rë˜8*©X½+ŽÒµËñpkª¨K‡~p€Ýìj–«˜ÁÊ¨ª³ýoG:{9f-:â7Zƒ]YÜÐê$J$KøovÈ»ÙmÙ÷À €¥HdBäßìlÃ¦nµ¶š4q3Ï;ª6OØ4öxk„ ïñ'6_ß’ÌÇÞÉ ¶dLÄôìK&<ñ™Ìr4cFÈ:tr°ƒvÆEÖøF |„”·eƒÞ¿5>Êr*v=E½›ÞY-½çafDM$ ýùdá,â“Eƒ˜®aªÕZc¢Æ ƒl°›/zó0ZÏôX<¶ÑYúBV®¢ÇØ5mñ”È±Œ•Šˆ†§mÀ·§²%³êþŠ±ÝÐôCæÈùÁbxeuHï; S‡:,\D'µºÿ\ö!;Um{3‚2Íæ/Å¡çXŸõLš$:ø}ÿb’ös½ØvÜò=.ÌQìõ|8± ßiöØm¬¼).Òð—MIÔŸºnÁB¬®6Iíº Å=7veßõŽÔ¬˜àêÿþ"tYyóg®nöxÏ¡YÜa¬ÞiŒd"“Î˜´ýÑ× ýì-êScU+œ‰>-ÒBÂ»>€{T'¡Sž0ç¯%•¼ôæXäv•ú‘|çú]Õ»<† öî¢vÇAŒŸ_¦x-ÖšÃÑ.ÄÝ$Ãb'\$JÈœrÐ‹I+<è©ãDÓ)5P’®y>élŽWi´üÅúùE»š0Iqµ;‰"‡@í…dš–à«0œ¥zMcT,í,Íó’ (0¬[Ñ5—`j2TŸ‹±µ« ]ç*ý'ó_¦”¤Þ:<Ýbu»í0V,ÙÆß]æ’þ{N¤Û£ÿ=§ÌšþSŸ³@¶_F§±¼€*¯Cºm?‘Û`Ÿ3AÃé{¢åHðX–ˆŸÐ§øæå¥{²?Èøòº>[sØ¤‹þí¸ÿà03Naèþ•º¿@{\bT°ÇÄ$ÒKŸ±?%‰œÓ£1G:ß‹äm^è•8´îX®>"2ºTÔñwZfóó'rö;#žM… TÿãgÇ•"EÛO;QXÅWƒÒKå:;…3Dë`_øÉÈÛÁD@–‹(Í Êlt«$˜²SÑ}ÿ@a‹‚|/>•[~KâÎ§åçŽrÄ¨gHÝfa&Ô"H ËË‡ÞJV³oÎØ'š¼Ò\|ÿAdjïÆDó¸I[‚þkÖªb':‡ä¢ïhy*œ7…¢j¸Ÿnè£Ù»)ª ó–±-TÑW¼áçk;¾Ýó’ò>4áïšC\]†5×ç0V”ý//´ß/§†v¯RÞ«ÎéJæ£4ƒä8ÏC¨Î¿Õ_ã…›×1ÏÃGÒÛÒÊ"G¶+n¦^¨Áæ»Éd\ˆ,„I'*&ÛFÀU†`ð13@÷$öÝµ˜¢ÌC3ÕñHr4¢ÕúèªgÙ´Ùz ¥ÿ©©œ¥`S*AÈÒÆS%¯ÔÖD Ó½ û°£%¿§N¦/Qw1œ—‚Ÿ(gEÉW'öQö¹EÑœ—â¦óÁˆÛÐã«52 Ì³#ðâÞžþ^œM2c˜\éB¤$m&çNúýí7Ø”+FÛBºš™ªaAWúq71ÒLuµºxS)×Œ%"èQ!à!¼Ù|'æÿ-p³Ôéa¹ð«ÏÇl¹Ûa œÃ?ÝCørôKïrgb–êÑIÆŽýß³IÌåØelg3IõS4³ûÌ~I`à«ŒöfIA¡(ÍEâõ€)|Ôc`]Úˆ 0øZ©Ø‹á~ˆ€n´x|÷Ö2W0¶lî€ô=X¬½¨Q|ÿõ4z¶o…‹¸Ó:t?^c‚Ú¹(Vzí$ëÐ3ŒÏÕf4:€÷“½mw0¡v?·ìPÁig÷^yú{“š¤F)I¯ä°ËP=ÜŒS›)¬SZ$Ý"„wæTi+~mBi¬˜ØçÁàÄî’›’“BAêÔ6žc–ºo’˜± Äáýtßf±šb†@T@Aò©ÿ_bÕá &JíS±_éìbŒÕ« wÙQ=óšQU$hbì‰ ŠÌ¯æ©AÒjn¥Ögß;Æ:ŠúAØ™X-ûZ|ux&ÃtKspã~ÕÎ5¯,}m|œJaïŸ5bÚ‚¹Ðj4¡Ð©Ww®NõzB Žc]WŸ?¬×ÜAÄYtýú¯%ˆCD@Òõ!±nOÑàÂQK1‘˜¦i‡E|:Ž+êË%³Sœ+¶å8œWù&á4ˆõJud>õ¸S$ dçºÁÓõ‡…/QQî‰š»_½•bç~ò'@Þ)WUÑ7óeÁÅõ)n×ï—ˆþÃ[§‘·Î]V¶p.Ñ@áZ Óo1x Ï¶öð¤¹ß×êyÐË¦Øg5º ’îŸµ)Ðš¡½X¥Y Ð½*ó–z–#)çKR«MCŸædZÞ“÷çœÓ¡ãàîø§]àR©ÅqN%qgç˜h‹Uµ6Y”Q¡ÞÛtº—‰•Sáè%a‹ncA¢«kpeÎu„_~‘d…0I¬Ø<`OT³ÏJf U_:>¾Àù]wÃ/&zY]¥»ÄÑF‹¹Ñ±âÐ2¼¡þ?+Õ©øcšCc~ù'û†·‘å±íUæªH·âÃôÉóy€8ç.FÓIÑß‘ÎïJuvj \q9À|ÃåPvz&@Ýux7WH™™Í¯ö›Í4wkªb—ø8JHÈF½R9:_¿šŸ®.75û4FRR@õV§JUüú&Î¹›E¼í7½ˆzv\{ +€¶n¸æ{çÖ/P»z$ÿeï‚çG¹÷Hfk³Aq 2Ÿ‰ÿ@·ñ?ÒmnVRå÷³ËÎhþdCËfÆ-"ìwð‹'GÚ$dbpšªÅ;$ºÇpÛ,“¨0ôQåŸõÒLj¦Ù|Oz!™~€hÎ?@·"*ÞÜxë x”±‘—O–S3C@û¡‹®;ôÒ›ûDN;(v‰Y}jèépFjYË¡ûAàGjdTtæ¼nBi,>ôF3âô8»‡²¨’$)E(†ß€w>³½×}ÙM¿ë±p<ñJE®Ó†a–+§€"{^3ƒ§F›'YR99jw=ÀÀŸgÕaæ±Ã”Ð+À&äGL¦UÙ<,(?¸ïjpßÏ.Ï>Ã1T®·d5e±Ž7oîB¿”æ:œ× ‚.*:.¸"ûîÁQ?ùþßzÎá],*Dó3×Ãq>íã«a´Tú3nW¬7ö$¨Yý<=¡ÛN¹Ùì),)_‰>ÌùY?Ô«„ÖÉ%sHŸºfäñcqÁœ Q)$XÊÌÞÆI&ÐpV„¸9²‘Á@õ7ßþ`ÏZ<$Ì6%¾‹| ö8Ã ŠEPÎmNQ–6p|ÀÑáoåìƒO«ØY"EØUÁìáJŽåMöGÚe 4=A=µ÷ ÂKôõÄ'/Õ©Ýú@ýø‘^…xÅâÆ‘Ñr”Î-|/€[ºÐÍ1œ¸y¡ÞµF—hé®·ºü>3—«8ÿ´ ¶3Ç+Ñ#Qc@R*1ºûùú\ïAO¾`ŸªÊivÎ¢ðøŽu_ÔòÁ Ft Åç€^nf=ÐÜ ~‰šÃ#…3¹Í¾ˆÉ†+ì”ÕÔH€Ïââ·<9ÂÄ2éÎ6Gn ¿ë»îFÂç8¥âøØG–ø³J•ïîjÕŸOm’¹Ÿú .Ï‘WºïÙ@µµ•“7”+ŽËC=•-‘Àk[ÐìÄiÂ/°¾eÆ–‡KÜc–’#i.™@“>êæŸÃ‰,Ž½ÿÔý·ùB)Ø¥ô‰”ŸÔ6™IñÑKúÆ@ñÔsSÛ‡´”æýÎþØµßŸÇöUÑú×,Ï¦3pÞkzjˆÕñ %†g¿ò=³½qÄÁ~ÇB×"óKOÚ† Ä.Í ¸¯ ³¬w `¤ü£M¥çö Ò‰DªjÈÂõÓ Ï0¿¿.“Ó †-Œ¦Ì¥®èIø‘£>ßHTj»ïUPz®¼†"fôÉl}G_5ü‡iÔÏñéÑ–\O3Ê›¶§Pd– gö2ZWÖ²„¡/©Ý–_ñ&4N]Gl+KÊ+Ç¶{Â+ºæNÁ*¿µâz~µ]¹s˜áš°†\|+A¶Gë¢Ü_~©>üq…›ÃOLb¼W~fó¥92n}+P åäq½¥ŒÓ€È3üÀ½¶£7»ÔqQv†øâ&UBáFÅõÃ˜Ô ìSS_¿Õ«i—¯³æ'ZiÞ?Þ_œªØgÌ”UoAƒµ/@‰”œ²Ô"ÇÔ`;ÁƒÿúëÖl‰.<-›TÐÝM¦ÏÀ^3ñí5é¿úšñ¬VX[“ú,Õ\xEK-5¨8H°>Ã ÷›_X%Í`ÙÑ¥„ó£å< pW˜ö.EÄä'Ÿi0S$Í‰}ÿ{…d´à…ªiuâalÁrés@Å¯"tìˆ)Š¤?Î·aiñ¬˜HììÅE•iòH¡Æ·/êÄ}ã³a"§+;~ÎÂî/©—g—õ~iÂD‡ŽVžs*ØJµ±;ºÆÕ\¤¡9+¬Ÿ=bß3¤HÁiè¸â/„€˜:‹Í¸Ë"§Í™ ³Ü|e¾Hx¸k¿çf;ñ°Û…€"&2j*1ÉÎ(Ú#¯"t©BlRfžœ\y"hìC´Ç¦rÞ)GÈ_dêÒ±¡mÊí2™Ò°ÎÌÍÔU5FFŠœù€®+[þ¼.‘XRï âÉþ+ö:Y«„nä$ëüã_û“¡(&GÌæ0† l,”gcˆSwi¾Mo‰¦Ïå±¡µ±‡ËÐ’ 6ã4w(¡æspýT/‘ŠVIŠY{ùLˆ¢:¬¦¸–¶ô° Éc¬´Ö§)h/EO2ìŸøG˜¢©:ï¨*t‘–¸Ü'´ÊcÈ“'´*=Ë!6»ÅÆ[\Ažp= ð¹{Nêtó+‰÷·”`¹†Øç7ìÞaUïJæ*Cz¦6–s½:ón‚‹×š¥ÓS¬%µÞî°I¬þ‹ý{Dög‚œœ_žÜt£ƒ¹ÿÒ«&;—J(ê/¶6¥Û Ï¦KÆ÷Ä‘ßÜÔúÁ8À@ß½Ónã–Q(KÓ´{¼§Aäá¦%õ3³”hþÜ|·`Œ³‹y ×²Àˆâ¾ê"³;ë”^\•·Œxy×æˆ~]óö°†<2¦¡~·l¿”Ã†Æl ñ;¾ÿFwH¤Û1YæHA~0HÛ±ÈÑßLÐ–UÃ2„Â—ì•¹ˆ*¡>cµ‚Ó¦@á¾¾fÙ&~U¿¨P·Ìsž_ó!nr®¬£5mšœƒ˜D1µÌI)¾qÒ‹Éã»öÕ9Ë„ ÏfÞ8¾Hî´ƒ´<.dÏ¤Í—WG‰?ÓË‹^OÒÉÔÂ¨šCõ¶ûc‰RP¦/›–z’º© ÅKOvXlQ"›½ù¬”‘äƒÔ÷nwmCµvõN P’$»¥ÛY1ÿÝÚIrFe-¸’4ýünÕKÔfÃ6Âç– á8¾«AsSPìiÇWE0^'K<åðË 4_(8˜*Q‘'8a%çH@Ž‹KÍ0mÐ‚¸ã MÏ¾¿ˆþ²Û£º &š.P¿”%}‡oôÜÈ6%•<†” ì_Ø YCK¨o3m¡MuÕ©ææÔ#˜šiÂÉÒrx–‡°'ì’llG;ñ}Ì,÷TEòí ÙlÎŽ†Eá˜²ÖoêŽ"œï†3†Ûc&A^Õ]=5õ%rßX§O0øD•:Æð‰p§µýÔÿ1ùRÄ9}üÑë&#â9âÛØðçÍ£ÿcÖð,b«¯hs—ó>‘…fŸ# äm PYÕ§næ0²Ärlœƒ¯ÂAæª•è¼KŠÜ3‚(xv=ñ§í¦µü¢>©Œ¯3"P¶<òœB•úG„äÉwW% E~eS©D¨I¡d~0üÏ]{JbÚ²4â*›´ÍÅeS½Üó;›ë¹â ^>8£2“u¡à”¯oãì³³ ÷î~+HS§ïO(Ÿi'ùqCCÒœ•œã™q¾:†ôr ¦ÏñÛv&Ö’"×szY¶¬3¡'»PWPöé„Éù¾3A¥îqVŽ-`•™@¡€]x¬³Q‘ŽOÑ!–o¨SUoO»|zeÚ‰¥,¤bÐºyùˆ¬gÐX›æqžÛjÞ\P•K²cïÅx@“-ï˜í‰”ëèÍ@Ž,Ÿ¶›6|pjCkêÿ‚l’PÂwÚSçdêk/ÑãJ“¨Æ‡^ËÊ:XË üQ`vÃz–Ìà‡µ¤3[ªúsÏND`â¼~˜Ðà0|ÃC®Q¦¹Ü²o/íªwX¡aÂ¨Z U~°ïç‚ØßÖ üâ‘1%…Ã tð=Þë¼åˆ I¾ó•P"¶±Rž¹UÅ/k€@« u1ôZD% ®Í]s?’?3ÀÖÐù}0oŠ÷‹üäh1OkË£ î¢ÎP¡AÈÂA§€fÿ|(ý¦þ&4üK2ð¾žK5"¹¹0Í; æNZg%Oêyk:¤väçtÞ¦…ÓCëš¯J-²¡RU(:™¿ø»Cœ³£ãOq^Z}kkJ"K“p5ÇZx¼m¾ûì€x½¹´Tg]ÇÚak¢fð`Ÿ¿j¡1òëVÞ>ÑãvJÿàý¶jÈÅ£]ã†~œtPW¨´Hag¾íä¾¡Q>Y ¯ò‹¦ÝGìm7TðÜø–zýw|xF :iF’µšé=Ô0RtJÿ¬½þYfh!i¾gàÿ°V³¿sCàÝü¦N!£‚WQtÑÌ‹ö/^r%tOÑ±¨=!3ëB5Oûà%JG² YýŸ«—Z|Ž +Dƒòs¹ÿõ6Ï©ÒV—’Z~Âx íqò´8ÎÊy›µuÎM¾%'®¼Z-¥j|ð+Ic“ ŠÏ‹+¯`²Å’ù`ß›dÉÔv$2¬;DUÞå÷™úóiÀrF‰Ç¦(4£¯Ð>qFÈQÙEQiòœÏd C¬®oC±P=b_ÁÅ‚v©k#6aù±›z?\‡·ùCW(EÐÌ8ÇYÂðjRKa~LÛö·Qµ?ˆÿ¿—RÁkInDºí¤H¤]úœ›ÏÜvsoÅ&8FJ³~Ö]n:¸k#r4e#?EYŠD'€ÿZˆ|˜ècÍøq6ÞfÂ§©àí¹]óWyfoF—ÿ ©Ü¦ŽÅð]|æ6CíéÂþAt X‰z¡Ë~ÝÍ¥šÿBßVAU2‘”ŸÑ¶=:B2—øÃ%ºëš€ê¸q5S_ ˆ37ŠgÒh6²(ªøÇ ,œü›°ÁØ)´‹IÖþ÷Í$1üu¸Bü 7GÖPÜXÅé–çïËøÕ³”Ñ¹“jH¢øˆ‚O<ê“K,x«ðSüá’Z³™<‰~Îy´.fäzúb3O¤0&ýfqpæÃ3lh JxœÖ./+Õ…ˆˆÃRyVÈ²ÁêŠ_«JSª5wGp®N@zX …DXB’ùàI)ˆ¦üHVéß¿o`3“Ç‰:'cHí¼ñ§‹&Ò ÞUXcE1Ÿg;j 9mÛP˜–óûîµaÉ¬hy8Rõ÷‰ÆRÓ¬XË<ûDÀ½¨„¶‘™Vwç8{ŠX!Ò1+¼,1àðe³‘CKÁë^Ç#clÄS^f‚I›æŸ6Ä|›Š¥y}Ì#Èm4\l~c™Ý]'»H^†ÁC¡˜ÌR³7¥$…‡ƒ2%ô¸˜´&ø_Ü)¬¤Éÿîi¸¥\AåüÖCÆ·püÝ,§ÿ´è³ªŸ=2ëðiRY7“?HX[hú÷LIsâ9UiÌ§ÑÉ?†öPfrýô‚TK‡‡Ì %ûá•„$èè³¼£ÙýØ¬TËÐÛ—“/NXVJ_Qç`¡6ô8ìþ"mß†ú^'º/„ÉOjíýœ'ïãÉ‰_™ÃšÏÂ\ˆ„Ø¼w |=‰Z¹ÁÈkiúÜP¡²W¥žíæó¢ÂáVo½—äç„Š)_8î//ªˆ&qLŽ¼$°®KýIþ ]"$¨Áˆ^Õ_3âæ OÍûcTÓÆ–í”£j¢¿ù¿jiGuéTŽ-Pþo>å²cLJšþJ¬æû€š|œÁŒÜô0S'5X„O¹‰Ï£g6A9(Á0n`êÐëSUD,Þ›F/ë^››ßÍ\N^ÄÈW‚ï:C?oÒªHœxjÌÖê4ÍsFy\½>.=ã¤Ô®*=ot¡Ú˜ž.ÖƒfsŽöãö¾â¿ÞC²Ra®äË“ù|`÷3©ØÑÁ’[ŽRûÍ@ÎäD™UÕ5³²Ažò ¬L…;FÉ±ŽÒ(„/âÞÕ;ú»ÙKB§ óSîøû$ò«»·B$ùäØ¢4¨c8¤†ž‘/GQ¶³å¸¹'oN0^Ã>÷I‹Êá9–ï›t¶ ¢½t,RDÂÓOÐ'd©ÄO,“¬s™mgÃµt:·£ËxEaF[%éÄž‘èb7ºã!v;±r¼¦ Ì÷‘-=Ä?=(ž‡Å¥ó“åƒ ñÕËx‹-©ôY“Íøƒê¶bV©º¨^ñüàWˆC`PÄáCpXgRO« Žq©ÛÛò$OÙv®,®zõ”»ìÃÁœO™Âa•MúÙcWxZ¤/‰/àh;(a±bvÏ2ÎÕ¦äOA*~’l€\>°ø½Ó9Z"ÅìóÉ›jÎh Ç¦]œ¶=D‚+Ek,q «Û%°Ó¦;]²áˆß_‡õÏ˜g€Ž…Ø¸8TG ðZòT÷ Ì´³êK‚""YJPt.ä3¡bþ§IrK”·LRqõ½‡Ÿ[û¬ClAÈ“ÙxÊVsÙÙã`É»‰G÷åjõŠšù (^wš¹èúW‚_Õ¢üÕµþü ÇÌ™¼¾ª«±ÛÏ{+F&§R²»šCâl’ÙÉúÌìz¢ý¦½äR¢³è†é´LÒ<ª}# uû±{cðk=òNRF:)ÛU±‰òlWêLÐVØ/Èi8sD¥€â)]Aßú}¦Ž¬‹&@÷·‹Âc=‘§Ÿö{}aZpäÈ™Ç"ž„sŠ¨#vRÌ3ÂRŠ!–ÉRŽ….á4§W@3qp·Rv'äÙÐÈcœÛÚeDBQ•,D±‹Š44lö¹9ÿf‹Ã‰áYÊléi¸ œNtfÎiJöÏÍè«K“«|‚û»”F¼4…F=þZF¶»¶÷wÆ5±za—[×{¾ÓÏ#á™fÛañtÄ¤3hBÒ´ÎH£5SŽ°—S‹!û#å£Ô×NÀ‚€Av]W’áWæá‹ESçû0š1Hký» ¼Ô&”£!MEMÈ¿üÿ&±#ßÑƒ†[æ¥ßN§)+)¡6—¡”Ý`Lh§¥¯Ö¼OˆN°èt°AùöÜÎ-Ï¡±«§Ã"6šÍ¥åŒî×ÚøW@â·w0Ò]æBÁs"/œbç%Ô:^rª>m5mZT®è±Kd}GÑ×4Ci!":ìÀ?ÂÜB²Š]‰Éô˜Ÿíd|.Äú}ªÝšÁÐ!Å#]LÕÿ³þ"òÎ‚‘†‚Áœ)Ý˜¡U™$ý¿¹«œø-¯Á¾´LA« ð2°*"Fd;…^•GÇà^Â„)ñãµ]@B$tí&œž|ÚÆ`ƒxŠ\¹Švõ(Â^ÌÞ.CÄ¨:·™iRƒƒ¨©+=ÞÐU›²Ð&Âc,/z"³'+ØÇd^/êÕŠÿ?Ðaë€.±éÉðMÏßLP'ÖO†Ÿ€õ°„+XÔF„Ø}¶ ›Æá¸ˆûñû0‰¢÷œbýå2·MpíjöV'‡Lõ{šðmâ‡¹7²rÑ¡ÿ'È}½…Í?ëãx£vü@ùOà&Ý|¡Ô£¿¨ß5ÏCÐ¼¤‹¥‹+uÓ¸×ª¿y/ÚsoZnÙ··zKF}ŸÁŸ`² j ¨IÁàà™9¸hà>„mIa7ì-€w(ÐMrÇ ï˜Utš€Y+•Î<ü¸Ó’,¸ô‹Â¶*Í Þ×Ú‚¿pt¨i1>š¹ ÃƒU"µOZ_ýi®ŽÌØÅ›#aj= ]'“JœÈ*È^ºÃ‰¨;7`UNz£jO-!`ÍMX–Â¡àÇóeŽëòŠMÛüÑ+»†iÈæuùÁXoªEhôë•Â´åUâz«R9}/vÄ„¬¨|?W\mÃ40McÝ3Ê?q]-l¬t58Û l[YXòÊ(v"ubû„ÉRƒAIûí#ìâQ¼™ÖþêŽ*½3ÑôÛÁ¼tv8A3xšû›Qè!âÈCb.3Hë;Ò¯ãâ~$:¥%xDÙ*ú ™´zTã¬ÐQprØŒ6;R\èÆÜÌç¾,AÄÊ×’{ÂQùn¸‘åw9l©èo³ù¢àgÊðŠ+L”Ïý^}CÊß¯ÆE™L8’(u^N€tE³æŽÊ§,N_#Ò…ÕR<Š[qÄ¸§¼½&¯Pö_é$¹˜àŸöÛˆPÏ! £çÅ}AcÊš4Ìäíù6~($ZàY9îÅóÕž°Ý sÉüÓ~¾œCfê,?EyJ*~ÙIcq>äˆ;š'nö¹Ñ³*&Ž„Ì™DS$¨ÿ}šÕºä±”d{`rð ú+]–ÿýŸ8Z¿Ë7ÆnÂj>9ì#âžE;'qˆ;~bÇ§ :ÈôÈ.üq>mã&èxŽ¼Îj›6T½Æ”~`;¦>¦+¹ÒÔLé>Ì^#@"øsÉ¨û*§ÿ«yù¸œÅrOÊšæ†®4ˆ<zÛÛ”ýlUí(z÷„ÙºÂ/m9g[Ut õoºŠàß© üü7ÜÐç‚q:††$È-–°¡MNÛyß9Ó‡U¦±Á4õ1mdUT‘´b3c_BñÎ:oTy§±EàmïÆ7rÿ@@õE0§†¹ócÝW¡=iž‰ŒßWSqž’ ?[ž»*Ó&j˜ìdïB GënÜ¶ýüÅnFYQ©-BÓ…ý4ŽvVªÀ‡æXR1ƒ¿‚€Àý—È@Ò[³fgáA÷Å€áD*«ÛŸ}âqÅz½Ä $D%o0±äÚÙ+¼.›%—eÛçPÊá+m8ì,Ÿº–ž¸ŒˆïäÚ³g²«ZÍ!VÍTP €p³ÊÑçàïÏ8»éŠÌñÃ ®¬¼Í·Ñˆ²ÿJ½^tùÚãmh‹1è|í‹´0jL;Å¿f°~Ž’G ö•0²¢ÓÎræåX`´÷”ÜVkÏ0vTÎ^oÛQÍÌÉÑÒê aœð…#€ mCxb¤gÜ…ÿ®¢¬¶óf}óZY<Œ_b+ïF”1G¾`Û¢Ì]F¤«»:7Ú˜ÖÚ{¡”)Hã7¡åXKbƒö§BwY,¼}¦äP™Ú¦.F’ÓkaØô{H¢eçÂ{ÞkðÝ šx+°)Õ;šmAwæ.ñ@)æ‹å1¯H2×›< hcÂJKæ³ínØ½F›á³œ'7ï(ò\iàr¹µÚŒAtÌñÇQçæTyXJ_äâ3±žÅ9ŒZ\E¹F p=ê=9Æ˜nfa¯ª1¤Þù œª¿‹60iS!lÆJÉ®!28*8èro_‡îÀåº0f‹’^AÀz€\²kÓËÔì!°=sý#¤ŠšáðÑ¾GxdÂªãˆB;éAc‡dÃÏ\S…i5}ZlK-·`Â“³¿@îk¿oD©ñlÐ~›hÅE[FÆësŠŸt¿†!†ÉêXO!ÁÐB¼ûA Eó+…ÛˆzU–ƒÕÿ°õê‹w}Ö-³ëþÒ–ýt~:Ôìo˜jÔÐÇvôGf ÇÐyQ€hÄ)„»ÐP‰¦C7óƒ@éòx-óÚ™o!è$Éhß©×‘Tƒ‹›/ì_¬DÉJ§kgbm¹Æ(\ä^:(¼¥’=Š¡E³oQ•´¬(â´\Ù ¢Gn¶a¬D¼í›ÊÄò®*$¦¸wçNåÉÀT½ÏåÊFš.¹Bœ2"ìV<]¨T¼Ãsá‡©—öWÕºñd·†è\ñsÒ‡þVd$ŠÐ8nhúé¤AÞrª IòÖØ6 €U1ö;ÔÅn\61—8„Æ”Ö}2õa*Õ.G«‚œ)¢¯'+‹n†Ö"´Í–æÉ«¦*0þ°•ß&‘E/ÌuC§„t°ô¿8ÙcÀ·Ù0Däêç†¹¥p¼bô±WFúJ¶ÌþeiÕ]Þê¨=¯mS©WÂ-õ /Œ°ÙCq¶5¬¿dÌáè‡xã?@:±Œú×œ—š|ç‰ï^#sáÕ0ªÒâ°^õkôóFûùKUš{dhk<4 ¯FZ×;„y¸ØÃq&Ù ©Xž¥ÆüÝˆ¬±Ò5<É~Ê¼qšèÁ"`kÚ ){Õ·\¤wä`AVa¥Ôqsø«Ð¸ÂË÷ÑÄÛÏ†ÚÏUàÅu55õb„ßžªoÞø¢ß—#«z•„"]óŽbØ£q9Gî±”Ëºš¤F\l(Ì©Ú®ëý”iºKÝt@þQ2Aiý¿h}O¦ƒ’nÀÀçWš¦o$‰b‚=bC¤È"P!D¤š³ÏékÍI•¦åRÎwÌ—ˆ¢~pp™ä£¨¶P2å0ˆ´öñåŒ‡£¯ÁînÇ¨ÙÀÂò5üw d½]lTT¨d©dèMuÏÆd‡ª²²‡ Ø˜¿óh˜pZÒþÚO!ÿ{†Nµ=S¹œÙãKÚ¤¦·#“*à0´`«¤#[yìï¾¢Œ;ìð¬“åòÄîBc*8“5Çy>vâr¾ÏFo®•ŸýœÕ•4Îzx¼jÉe„Â§ž†lðø¹’7Š'dó€‹¤['»zF¶ Š¶uãjúùz¶í)~ëÂÏŠ‹VYw²9;ÂoA¼sTÜÑ>/ùÖQªÕaa7sÎ2ñ.„1+Í›?Ys*“‡ßxf…¯–FÜ* ´ßmb¹ðÓhä÷[üƒø‚ËGÂã-l´]™hÚKb (5ý®Të‹Meš¸Jœ~å¦ ¿ð°[ÞáŸ`ˆÔ=>F?¡~Bââ„ñ†U'ISë ç©Ùõ–ÌÙ"käœKlIÄ»ƒÆ|Ù*Ì²& ¤‘ °yúbÞŒþ§aüMß!i »pmv;q¼VçÄ“MOö¹g‡²PÑ…)ÍÌÝûlW3mj'WÙÆ&ÍnÙä|}ÊêŠd^WTO#Gy67˜G€Ì¦œ1¿ÏÆŠÍÓÇ@»è–gƒÇÒûmYÉ©Pz1â,O7æy–2ÿèÕÑx5Kz²Iµ„÷‰k¤ås_©ž°ú½ÂñŒÀÁ¬¡'ÕƒÞ8owßÍË5†MøÏI#ìˆ¤`ëvkàvœw½F7è¬ëãÓ©Ê1mmuòo!Ü|¹Z¥"‰hÐ™Ç1)dÄ¨f´‡©4>?^ö¶yÕ‡àTó÷gØè Yx2X#@^u=tué³DDg1õ¸ãŽ»jG+öd®ýG¥W_ óþ÷³ŠÛ÷}*óÞ9Æä¹ºfâÅ96±½eB8ïðkÅè\öuTAäÒ;ôÒÉÜ£Ã[Ëïè8jx³Qµ2Ï²~º;ìþ?×é®Ÿ€ëL#1gÛQý}]à‹aª»¯Ìê°g‚ËyÝˆ›PUá ¨ù‚ˆèPö[XjCˆU¥ò¢ªHÚwË¦BêŽÀ–‹»UA!·ü[[é$©q6cÍøìÜ)Ñþsk–åèyOè7€›»Þ#¥éÂ¯ïxöxO«Â\Mêš¤_›ß5ážfþÐ§2êhÉC»óæQUaeVÆÕ4„Eí\³<ÃÜnåÁc†wS:B¡ºÏd {wÚ2S–êÙ\=Ó ¢sÝsˆêÊY¨ ‡XÌ'í|·_ÕV{SàèFU#÷©9£ÒY(XçÃžRq9£õ¯XÑ>¶Œâ½žs-ÿì‘!Ï?=þ]¬úŸMñ¦8¼œå%›E<5•U¥‰m¼d¾®ÚCÜ…:{Coås‚iÀ>T{Æ£ÎèÄ&¥`“"Kiïfñ‰i Ô¿äÜèþr› ØFYò\jÉÒµÔq¼ 30ñ¬…ÜùøÖ?%C‡¾8I™Nuçî¸˜ ÊFŽ™‡ÆÚ[ô‹6\œ[(ÝXýªáûuO™•OP©ÌGf6Ó05Sc>I©¦q;3vÕŠ¶¦‰á?¹ð6Ú˜uB£Kñ£ÂÛƒ4{é»…2H ˆgCW|ž€™ dÃŸNô¸™x° °¿íƒM¤ô É»¼Ç%sYÝ.Ñ§x‹^—hš’9bý{º8é4ÛèëJ¥NüD>øK8cþýãÜå›x«çl˜¶Æ¬›)R¾ë=NFð¤ÿ3þV¥Yþ^*åôaBÑ€zy!zð}×=ÊÄ›ð4R•ÌêõŠ“h¬!SÎ·°D‰ØŽ¤€š´Ùà ÷+ü¨ZÐù#ûÕÐx¥ÏOºÊ^ÐLÉo¿q©µ¿nÏ¼ùf©Û%L%cÛi 3±;÷¦#žOÔ\vLé¤‘jÔ`¿Ø‹<“à3—î¶À§Â~)±Š1Õ;Æêí,¸pº¡ ËØäÌu´‰õºÄAVU%&§†Â“MëûMç)˜#9ƒÕäÙTJðwk™Ýfþeþ¯:Ïæl=“Ç0„Š]V› ´€ ð3U[Ê+Õ–óD@™âG5pë;"Ö1´#{Ñ½ÊÚ³!ÉÞ˜5ÍþÆ‚ØkÇoQlÖr%œlÔGï)É‘%Y¡IU³ý¼CM´6ãÜ>ùUã’Ç“þÖÑã*ïˆ±Â´EÝ‘~L+>à&èˆ©³øN»àh#7nî2}yŒ|…„_;ÎQAHüvm,€Ð½¾ç+÷:2îÛª¨ÁŠÊš3¤WèÏ”ì{°íœ[ºu8ô¶_ÆÌcš&þFö¿VqÙd×-k‹a¸èÒÍÏÎön=«mÌ Šõì;Šµ"aBqë5ˆºÇ¹ Jó41ÇÐEš£Fï\,îwë!úò&Êi^1lé¿º°tÝå«Ž Ø¢ºö ÷™Ò¦š¹ie'y.&mpIQ2¾qz§ºE½3ðˆ7Oà‘½ä(8äààIõE)¨4[´?ƒ©—ì«Ìåƒ›‹ñ/Hz¢hsk]—´[°¾mÑC×èM{zÑUŠ…éØ9ì{®ô§LÃ£‹[?L0©Yï~{¢W„ó²ºùŽr‹ Ñê‰6ÈÏ—ªÀ§ÛŽnÖ¬Àî¥ò;¨élÝ½kç¹%¡Ülå*+vX½¾ äÕ&ùN¹1888-T©©G%à[.ì=ØU'Ø~ñP ÓÌ´ŒþóÈé_ìÌ`Ê.å°Ãö XvîPv¾(þ;ÅÝ¨i”ÞRR¦ý¯Ctq=ß?_È·]µ}ÂwŽ4˜}_þ9JdBo‚c-+' ¨×c÷QQgx]s)ùb8ãJ}¦Ó›2ðŽñ+Ð^½ÀÜ\èöŒêº¨ë RÍWÞJ‰MÀFDÏ²eñ½Z/ÜbËâ—Å(¿Ë‚îVâbèu,L©%0ô5:‡ã/|yúûu¥À…çT·äæÊl3k—X©˜²UÒÀK‚ÅÚõŒÐ}Wƒ_\ŸZø½ç…KÖÈå“yüçy 7˜ã@¿ïÝ7ÖÂ‡FùiÐ–kê³*’ñ¨÷]¦ñ¢ÞÏèˆ6ýÎÕ<Á‘g#"6ú(^20£Óþ.±+R–^J¾ÈÒµÿ}qíˆ„”N"±«}lÇw7s)~‰oý÷-üŒŸÚš§¢cö¨˜hÚÂ7Z–¹¼´*ºu>OóQÅŒÄ,…§ 2fŽÜ,zà×ß.jä–6¹¸øà–²·dY¸rÒ§pµ)“4rYÔ…\¾ï8/ý“jE¡’:Û× ëÄÎ°ßÇ¢pªEs§ÂÃtD{»rˆ+!¨¢–DŠ,3¢ò¸Ænéu ~†ÒwgþKaP%>WÙœRkËTñH2®h l^e ©¼ÞƒéU¿ÅIÑ‡>N'ðï!öÉêüÜ÷Ó€È–lfÞ@Š±Ø,Û.Ð–ž±e…h¡ÆƒýiAîôm\qRƒÂ¿Â^ý:R¶ ˆT<^1q8Íäw/á†•3YQ‰¨H²À&#p„"2‡uä~¶äK#kÃbÛ6â1±ý@`Á‚]Žv[E'ÇäTw Ú Eïí¬ñY|Ïû Äù+ˆÓ^µÔå²š“YÈ4ÊfûåW÷N¡rÐ‰ÝðÅÉ({¨©é ðZ&ÃºŠt„S“<àD{®ez&€}çÍp«u’º.ŠªûB¿çëçËtnvöéõ¥ljÓï>X_3‰«IJ;j`+Ì\’BÐŠ9èI>ê²Áw×j¬f3Úl6€Ý0+³Û/wŠcêÛKìµño™0Ó Op»ò<ð~ÒÊŒ°Xé´‘¼D¼®[X (8§(áy$Óó9‡rQ—öUtdÍGËû6cÏ‡üº%VþVÊ‚ØKu¸¾ )ª~fÎ˜ì™ îé#™\pŸ¤uüd¹˜=2‡Eó÷…|:#¨±Lª…ƒóv:ÒRp('—ÛO‰ Ä›”—‰»•ä¡ï~_.*9K2cIòp® 5šÅîºNso¨Í7†2™ß{¿µØÕªÈ[Y üêX·7§ÅòÙŠÀhPA.ä$5(àmÿu›ƒhÍU~OÿVEh²QV(Q/..>fS/¦âÿÄ+q¿I-¿vG&ëS_ÆýÂSÞØæøç—Ì{"ìªÎÝY¹LÆ¶¿:°ãHx»¹sL•íS`€Ïª9ulçl…ÕáPî§Íž fÈè‘³Ûþ4hkûÀn¼L¸ÔµÊ±ßõb¯¦mLÚõÎšØ÷ºî%X)2oØþuß]ýØIëôæ<Ë§}ÏžLP]éEêž*|z†ÞÌäê Üê¿’!Ðr]0Ñ±"l%î£Î©Ögª9Ñ%çÈüÍB*G¥IäÔ–A®ç“¯Ÿ´Yÿã€ÛË^kË²,g}hŽA*ËÝñþr’öm·ÔÇùÌë”S8Aö~)VÌ¦‡¤eç‡…Ú€:óY R¾^Sþ«œ2°¸CüƒŠôÛ*þ§H£fé£ñ 2dt¤à'á Ð÷”¡\¢œŽ3´ŽZL…A ÔzmÈ(Yn}UÀr÷bµ&FÄÄÀûÀºß«y›±'xØ‡«ôNY‚éí’z³&.Þ£/ÙaÌgÙKŽÃÞü8ÚOƒT¢ùÄ½—X2}á8Õ`!&qF]âRË¾çIu¡‹j+ 6”©$íK¢aá =œN_«ß¾A ÈGá¯ ÂG¶5O>¡:Þ;‹·ÂŒWû5ã< qÓ¡ÅÑçµí¾%‡#ÁÑ²mÐ‚ýƒS áÀ·+d®œ‹ÌðÐäØ‘à›ô‚âÜb|L=—.Öù«„`gç3ûUBÙh„üÞ&¸ÁþtNFy!ãÔÑVù¼ÐåÒ05J»ë¼šdÉýºÕ{HGçÔQy‡^œ|Žóþ³éÛñ³Ä&'b6Æv^-o°Ù¾ââ%èÝè-MÂojTÔxTÒø§1ÈÅÄ¢¡ì‹ÃãMO5‹8Y&u;€ÇDzÂNìº¶ãfŸ <ÏáuÑ—ˆôÓF¥7Ï@SåÂvo2ì›i;è~v_Œ›Ô§ú}-p ÇrÒ‡œ“è¿¹g·ÀèÔ26¢A_Íjïi’Þ-W¯©Ú›!Dy§|xúy®Â°BgŸ²yçº©úá‹Ì)õÌCfu¬ïKÓÆ¾af±*ÿNP~ˆSûNƒ‘J-¶{Mâô¨F†O¼’ëe³…˜…Ñá&°1äÚH¶áÐÜ{tO³* u éibÄh[ùIœ3®DƒÆš ÕG[;‡uÚ6¤cß -L|›i);w`¶íOÚËydàs*eµ2ý‡+º¾ÊÂ^À!³•½ÊîhèÓü{²]É‹àˆ‹ºÓ¢âØ8à /k(ÜŽ¬M¼7{!à&ãÞ*h$Þ›×ÀÀý…Aÿ®)@ñq[;-…@Uð|ˆ¡c4wok—õÅýuð’ eì}†¬P2Zq½|ž·ä6 ÿBSÄ¼½Â—Îrî˜zF³%:À1Ô¿Âæ ò®´•öSey¼¸gVµ@öòJ“‡hGÉPë°-õÙš¥y,)s Ï´E¤A¯÷[žðœt7H%û.[ÊÄ)Rî8S—å8Ò@ðäôð_ê£×jŸ3„›*Êk{¼è€þQ—P§6ò¿Ò›% |EµÒjÇÛÿG5p\Ë dw”¥R&¤Aðqã}r,C8½0à'«¬;ÄÃ¿kD/ Ž®ì½»! ¤ƒ°~[HÎK_ü¦]PÄâŠ•mV¡K«ÅJÍP+)J•àü*_Éê£ÈwÆ7a'zúå§âŸED4´[/å"â+§ê«,GtDÔÔáS%ÉrƒF’ä'f`#µ’¾yË– t±w]¿ÇÀç\9xÃê="Ð>8ùƒˆÕÇ+¶ŠTæë¦bm Ý^mÄ_ËEà†¸¹Ÿuõ#9×ÕÁnFÍðG$JÖž²3Ü¶¬üˆ‹Šå´íÚ0¬Ô&¿=¯DbtK¿´ýa ´ª—À»ì¥Í:Ú_C}öÆ]Ø,š^EÙ’~oá÷gÆÛýˆØ²$»åÓ&£“á_Ñ¯ä|QÃåöˆ.ç}òðÿpó5 û¬nbh%bxº8¸Î{#dØTŒhÙ¹'Š†%f#ëÉf‘á“-^ŒQŠã¨$än{BÍd¥SÀ µ¿œ3c”vùé’¬ý GaÕê®ƒNFæëfVæÑVw€,ÑGÖCƒý}¾` ^2'ç(-Ã ¸“.€„¢á"=é=v~…é&†JÖàþ«Õ]Rãã"=9eCèÌowUF:À‹ /dòÖèNœ»èîGua¬ƒÐ_”cä=°- `ùZhT¢xŸ·õ5iè=vf™¥¸€SB£*óÉÊe+XäÎŒV^NñjF˜¥n¥ÔîeÓ^zÐÌ¯~÷µŽsèÚ=[[yþ6}l³‰Ï. ì7¹R?=¯‹ýrÃ×ãþžËØ¹ŒýWLø¥àôXM¦O1Ó«éöX UÈh'òPzTëh¶…×OvÿnÜô‘x'p>-âì‚J/s>ñÓÔ#>6èâÑ[L¿Ø7”€TÔ ¹ÑZL=£g~»ì9Œ …ùWo=OîÕº#2Õ½6+.ÃO•@v—\7Pån/À½ù|ö?Ä^Ì¾õ„”L|."tgÉz¬)!8:øz%Î*g‚7^ÿäþTôÓ'â½†vu"†ižÄ#ÒvS€Ð*UêÈWÇmâÕØo¿ )–Ÿ†9#´ôì(Å¼Úi§ r®!™ †â“çZ+§™T|å*=†¬,ù‰|Z^þ¿BrZíZÕ«”âiTÝÌn4|Œ¼5–³ Ç/ Å¶Ð¤^}DÈŒ°^¿^9|ÁÚqcš-‘j {³&uRæfüTþ²ïúîXªèõ%ËëÎc#Á£ñ³Qh±ñæN² ürƒ´Ì1“qF]¬ëþŠtôì?É.Ý›bÔˆóZ/,ÜëYÕÍµnºÙ}>H+»¬6Ç¿Šæ×I.µ®ÆcÑrü4=~ÉóÆ×Wí-±gñæ¸3é‘zçµfèÉ0ïyžì‚ìVÆ¦GL4G»ªjS·Y½¬@_àsÕÃšÃ¥! öBlt½HßR«Ä<àO·,˜"p:êrÊ+—‚‹?ížè"!˜4…!ÄíâS?²sÖ‹˜’¤°:#:ìÖ“4–˜RÔ/`ûQý3L1Q˜ìŠóï´êsî vÔço¬Dz›Ä `Ó#¬) 0Ìzy=¡®îN$Ö †I†^¢Q5I`þsº•à~KWàµ’‡3Û ›U©¹#©ÓX†ZƒÄ„DÁìÚW¶}Ôò—`]G”ŠBÓ×-å_²8_¿”Ú„5¨F†÷m”4Oœ–%þÍDŒ‚lwÍÒ{!Øø=4»ÎË}ÉâËé¨7úß(A[GçAPQºükÔXëæ†éTA¾}òßlO°0U†Ù¼é.0ÌAÄeâÌ\Êqv<ÅŸŽÑ,QÔxÈ0=™ò=úÕY§Ï™Vþ0gkßa m×Ê»O{É X×ÑŒIM©÷*¿ÐT D#ºèÜµ-IO´zv˜{yþˆt"(²+÷Jáø±fÙfWì¹îÉÏ¸{û}á\ö‹rXùàù™Òø©»°â'P4Íl—]Ž,êü* ,Óã”º ·h¯ËèÂ¹®ðè|¬])¢[$4y^«†b†Žøî{—ôšcï¦_©!mAE¢Õ›£uà””‰í‚A4wäwŸ¥ÜÛÑ…exZº“ìy8yñõ ³W‘6”Õ³æ.Ÿpçf`nKÚ'Ã¥±/¡æ”ÅÑé\ä‡êƒ$¸ uóÙDA'ÐJ‰ö«Õžõ‰´ðØp/‘YÌ-¿D]Y>Ù¦eÕá »Áâ¤†_tºösküs¶OQÈqb‘®¸ÓºÝ¹áVÝ¹"ú‘W›§yk©÷ÆO™åŠ¸0-ˆ‘àD¨m9a”ÛlCŸ«Ó²|¸èŒ¤õœi×µµ˜å$…^î¶oøp¤P ,íV«6•Ü;Í[ˆG…ÎrHö•»éÛŒIi8¦ÿùÎ@ri=ç©6-hÈ¿È¸^»³RïÆ“˜§(õ4·B[g7M66§ÓKÆ^õ1+ŽÊ¨åK0u Tí±ŒˆÒaMr9,øöð:[n"’‚ æ³{m©¸mCo®U¥úeÂ¤¥#HöÑx.DÇ†ËKà‚Gr%4Q|õ!(©/ëÆíœÖü„ ¸D¿¥R;qÉf¼{…]SÑý@"Ž°Øà*'i7ñ|¢•G2N=zE¨ë™™ÈŽÃo#›#ø®!/ï³ËD"[8¢ø'ËÚ`§ø.¥þópþ’/ ô¤øÑ¤`®QÌ—;þVÈQ¯öÏÈFÿ*êC{2¥í“’òÉåIG£s°^ß{ë«jú–8SâLÛ\jOõ¶ï|Õ‚q¬2Ü˜[Þl¥ {j¶øeLNºÈ0Ö½ÉÌÐ=[‰×fÉHú±¨?Î!?7bè`qt*›.Àt¥èÐ»ôªè<Öè‡jLèª]vc¤åQ A!Ÿ<íàõù]®A¥Š+uƒÖ¯ ÷[–'XP–|•«ª]ÿõ/¹Õ‰7³‹Áuæ2À‹Œ)så1~‡<à½|ç4ª”u}úFRRkWá°Æe¾hÈ¸ØÕÂ›¿¢i÷UQFaEÑÜ2å]AãÇ\|Aªnñ˜Š_ZóŸ«dB{`h%“X} õpÔA‹÷ÍÊaÐÂï»S%^´¾î<µëã2_Eù (¤UQPê=52„£ŽÝŠD€eF¯· í.÷…`?8ß*´Õn ¿c<ÂíØ ÷LÃÇ&CyYÝQÛó‘7Ã²Ü?Õy&éë-øß²ØñÝ¢¼€E å<®0ÛJÆÑ$Îg4ÊÍY Ù!ãfß>²Ð2†–~çrÁÇ]x‘ƒÁúƒ©>„ƒÚ‡u7Y~·"Ý?Õ;W‹ƒ@ÙÊ4Z…v¼NÎvÊÎ$ºÌð[D¼ãÖ#•$ÈÇ>|ÌH&˜ËœT9£$ZA0È)•=·7Ž)Æ˜áÓ6)é|à‹—2èÙ]©î8q‡7ˆi&1È¿d$Àú¦Œ—`s³P‚@QÖÅùÁß¤i”D· 4RÒß.ÓîŸ“²SÛ´— ‚;·ŸZWVdDIÍÂGW¾ÀJsn˜ÎFƒjÊ²¨¼—zœCM«9ÎâL±ÉÞ`/Ñe'ÝB‡¹ŒCXjX½¤?u*wÏüF"^Ø¨wŸÊy€ÉåÔ¹Ð–„„†©ù©´¢ÙHŠ2v+0XKàKp'ÀísÕ±zš×ùD‰;«Ùà½®™¶Ûõnea³Z"£n¦™7“ŸC¼ó…´ò`ëào^ÄÜˆõÂkHÖ²H“ ¶?Ke¨Öé«˜Â-%}¡¥p?0ã!ªZPêµ-#bèÖ3s W–”ßˆŽ|&Ž…'«–@IÁÃgVëpéâ{Ñ–“ÿ$¿þ³Þ‘ÂÑòE¬^í1¹êuBÍCR¸CYØ«fŽÁC`®LOíæçâ/É|¨\RÞ4MÝ¾ñé¥¹ø(ŒR+Þ°c^Ž+± ¡dªh§¦4›é|AedÆÈk$9;D~½2Xu¸ÞG¨'| `´Æ+ˆ©ný€+,k°øê”ÓÐÑ¨š‹Ï‰Éð>Ùäg¿ü.@L8ÍK¬÷#¤L/úbÃÿ£Ô–Ú½q4A,A“`æÑZ§°/YÔã:œ|f°C}È./±õUOþ‰‚ÜÌÌm½Fð4eÿ•ú¥‚3ø6.…ï"yòõˆAÍAZ@ùõ÷’ÓÜéîÆ3V©l”r ðžùCñÚÊÔ8ý/þIZÀF¿8Q{]«ÚŒÃñj+ôÚ=¨,œ²£–>ýo;ß¯'ÒWk“‚Z‹ïM¢Q%@4W“võàšÅV¾9·Q2§o¸ ÿè¥þ˜wÝ(ij©ÓCè;m¥‡ÊäÀKdÿ±³éÚˆÒËŸBøaß«yÉ†|ù‹qÎ”¤-ñú%(Ùò‚WršÎT[ŸæE´U8îÝÃ²5ï>âV™©íF`´–<Çùur#«à2'D´ûžðìáÊEg3(ù)óŒ¢Š*Õ4ì5ll"èiç«Pz[qÝjc ²ãcÂ b'ôeš¹M¡þ Ñ´Ù\O{Ò7FiÇN`{ÎÜø((q~Šq bQ>0²ƒ{>¥œ¶œôw¥f'ÁJÿÝNw°¡•è[°:L¹°Ú„Ezx˜Òæö -uì¤øGæ»'ÕbšÛpÑÚÜfŠ¬¢¯]<™`±7kªGX\$T *– H¹.@a©Oìþ“'Vr=Áþ„<ºËóž·[ÂF ìŽá0Â·&î¨€>ÈeaæCˆŽvÎKÒÑÌô{9$i1 r)4¥äB[À¹{ÑF!e}˜œ³Œ¦ái:ÿf}öˆ$<¢Â¥ng_[žÈE/ŽJîÅµ&‡KKJêÛïÏÙRüZDâí‹Ê±ÖÄÃ¹˜~9’Ð|0®j±IÉë‘yÂ¼ôß‹ÿ§Á% ,8ÂZ è~òùsWÛýÏûØÉÉ#§[»±ÔÊ 5éÿâHâA”/I;æI†n®("S–1]ÌàÜT?zŠ©äQÏ±‹!tN”¿JöD „ô&¶»&[i_¼WÍÞMŒ<tFYÙrRÂ[¯ùÔ¨23ÊÝ%S'²ØÙ¾"ÿ—}VF¡`«„ ßØŠÞf94gnc×ûí8R“ÈÔ™ªEŸEfB_6æñ¸BÈÌWÄœãïûâ-¦Í½ªH/kÛTZIÕüwa³@IÉ® 'trö&2µÐº¨#¶ë}Ò$Ù²Ð9Ž~¿úlÔ‘·6ÉÕiä‰PÚ\4žÇb”Êäà>&S½ÛÒ–›Úñ`} õoñ¤ôw¼V{ý•ÀÌnŠÊÁ—zWH?ˆ2el†ˆú»¶R¿v+ë<&½ˆâauu"Ñ§d,Y¯\*=^" 3ŸÛcÛ. íêVª'C€ä³³*•½ýÄÚ³ÐîHŸ5¹•fÆFHãYpš’ú'9«a!ÖJ†%Ñ‡¬'ÑÛ8Ï:î¹4·7€±‚ØR™ùd*1•¦qJ¾’Sd“`wA—§S4©þ+E,š^Ò¸i*ýƒÉv!ŸGÇÈ·³‰ü¨ö,Ì…5ò]DT¤¥[œ£_Š .-ü¦â›;rtÉ2ì, Ÿý‡JUòNäjP˜#Ò‚5¹eÜ£²—•OP?B*§ˆ(a4#6z v+c,]l£X–â;ƒYué¾ØëYÊÖÞ€%ƒSñ³¦Ê•qïœÂú*wp˜-ýâÔèZ•¯‹÷²œùýx€ñÓß%§»¡!E ž±·~4J,Å)RCx’{¡Ò˜B?2êG!G3ÛˆLªŸõúœW×ëÐòzEVø_(}ø¬pDÝ%dºŒþÈ£ÅQ51³Ænƒ•ØïI+&^„6Í«KDÐòVºy™®J<,Z¾ŸË¥£a3ª’Ì?Ã#{ÉF%•N$Í]PøIªä|qqÎT—ó×ƒš_•|rùHežšÀ‘±0½ÙÌ¸¼5Ã=ùoíCèV¥½y‚‘€$„o±PAŽ!«'S{ÏˆH-Asg$/ —¯d ~4pX™NÙD¿ÝôØêhLþ£Ý2o¥=»©ÁïÉŸý;Ge?~I—·'ÌXùhKÃz”/áß ¸C¹~0i+]cÝ³~Qd¥äÛ”ê¦˜¨W¡¬³aÖÈ!å1M-ÞâõŒæ1¢PN>x]S+i¼öy§6Ûõ…}‘^3|ÔrÒÝ5ZIº¥¯Å·*=†¬Ï<,êœ†,cYÚ#94ÉÔR¶"¨ÒhoÃMæ6?c›Ä¥æcÜÓ#j:Z^íw¤¦ÏŒ+?¦’’—ƒXsJ#%Foù´H¸qìÇ*ñ«îòU»÷…¼¤N¢bÂ¡Â&Ãç¡¯mR+íÒ<€Êø®6õ„A¢‡DÃaÅ‘t»à^WõA²Õ™ŠÀL>TLÏ„Kãìf8/þÒ¾ÈÑ" ü,úEÙåNÚK|rr³•^‡Å¾¶t‚½ÍÖÙ77ú÷ÝÕfÎ^Ä‹P ©ã*Õ}çn¿‡n|±Ê¦ºû÷©j±½¬!ð}6Á,.p¯[| ÇGdd¿Ëï^Ã6Òb’6ßT8-j'?Ð«w5ŽIAUU8^³è|“ÄbèðIƒFiìz(êŸ ›Ú¸XŸDx˜º¹úZê$í|cvÓ*Õ–%¼ïcÒŒèék¤ðk!©¤áptùy˜›¼i^_ ˜¢ãïšiÙhq;þäP¯¼¢ö&)Pzäå4zO-Ú˜§QÛLÿL$ƒ(Ù™]-×}WÏêS«õ õOü kXûXr)OØÍç:#§…£ f¼£Ç. 4Å’œKqÕ=ôÏYBÃíjÈd>\œèlÕ1U=Šu‹ñÃØºü`3Šíÿ[?}³™£ë!? V?úéèˆ“-|eßòÑŠŠ¤jµ›ÛØà›ý6Y|€cšb±UÉ-ì¬TVsÔæ„!¤ê@Ÿ*j’BÁy×Dð˜( *üÓØñM—êêh¦„p8@¨9\hôcÕ°}Ž:ºÐÃ˜2þ*H-]Í¯RB¹sDÞ6~jgÉñè*Ø?:#š¥1îEª÷K¯“æ×dé†’w”¸4i4íéÓè?jáéox/c“aðË94Lä£R“6áü³šVŽX›]ÀÀ¥îÏ Šiµ×N-vÖÈíWùf«Ã¶8ÜŒ-oŒ$™¥(v®q°hq¨Ó£ÿ.ï`Jõ×¾.¿ÇõüÕ¬CÕ ë¡é².ãmjlßÖE¹W¿…ó¯–Ûfµ”bBµdÂ¡íXPÇøZC9@À„ÊU¹0~˜Yeõx¸À…È9oºù]né2Í]*‰‹£o!˜¼XŽMŸ=Ë>Äˆ”* “(s^ì1ò®W¢Feœ,4£¹]]ÏSI( ò¦É¯b$Ä\Sæú:L÷ÉæØ¿é+ás§RÄ&ñ‚Ñ 2mÃ0é( âåÖ¥Êó¬e§OÜ ‹”å‚¾@ã%Ù<½{My84‚Fäq#Õq3œDóoŒôÀ#âƒ‘™´H·Ñ–¸•5S.¯`g’‹çãM0ç»^ý8‚0OÜfÞà™@Ê h!ŸènØ‘ç@*¥ÐàÐJdþ“AVú~:Ýç‰úraÙëŠpºì· †:ÄžCZ’z>ÐGâˆg‚ÂQ!)K–šz<1Hþ¿XZ,À)ÊÅÉÈÙ‹\…MYšDû¢òð9Š“Ü£uÒlÂ2Ó4æ’¢Ú$Ï82k½2tex²ÞÃÆœÅF (S”¡ÅsìÔ… +‹ì½¿êeˆÔleÿËÂ?ðÉ§ Ö™£jxÀüø¸½aïÅÅ¾UŸ|¶ûÄž0ŒÈ4«Ñ˜Á~« KwÓé_Æ?¿¤À>‚º…;Â÷RIp´…~ŽxÌ£¼–Àª'9î¯&Hý× Ìï‹ïG]Çõ±dïòçÙÒ¡107(²ƒ–ÃR%ÓÀí5[É ˜…ù÷bÆ|<÷©5S—©ªìÊÃŠ€%6ÅD*¨4uðãT–F§ÚŒ‚1°5?t<ÇVz Áfn¼áBø‹ý¬Q¢—]Ÿ•§k5ïPû„YÁÆn³Ïú °‘Bb#Ø+¯Sh;ñ§ô¡W«¹çÉoÿW…ÅÓÚ›M@¼è:¢_Þ[ïÏ®´êPJeQYÆBKì3#T¶]ú(`A~DGM[·]_›œwØÏÀt}$ni§ÐCáK\¼»ã«Ý¬Ä5ÒG)êxÅ÷Óš†Àün×_-¢R–ÒCÀUÝÀØð—˜,¾KËc²,yÅ_hh©×zÎsÔé·p?ó€¶{Ž‰Ö4øeÅ2¯Â`á5EçNÂÇºÚƒñîôÚ!€ÊÀ›½o4³fÁkHXì|90å7vÌ,µõÙ#íëÀãªc<üÞ@Bƒþ]¦t½L›Ûµ™ÞØLšv–ÝÈzn?¿1§ª‚¨œ~z^XÏ3LxO7&n?…0|f½§N“V+pï—’»·(?-öw÷ï_k*åF·WJ¬~|ï]]v7W‰ÁB+SÇóMM¤f>SÄe‰“ÝN’š•ù•7Ò"|¼ê !6¥N¥u‡äµÅÂÄíJšUÔ·TÖNv9¸w>Ä±gàþ÷›õÔýæ”î8uoßÉ\”SÛ]êà†¤öœ÷'è,plþÎÛR¶Þý†ézüÐvTÞ7Æ÷qžJµ·žØëËaÛ´fDÊ?öñ…#wßölÂÇO–þ(Ôó!˜‚ÛËwõ-u“µq”1PnñÞ‡ ‚I®ýj&'ŽÆWÔÉ§Lÿä¹¶dŠšÎµijÄ\—‚[µSDnÜx$z%„T¶VŒöWµ§Â'¡ðÍgòÚÙêM`©Íô×”[Ò6J½Ã.I¤=÷F%§çÿàÊÍdåLWò·òtä—þèÊ‚on%;JÇ"¿åÄÒôÏQ<èlÊ«hbfäñ¾ÀÏhŸÝøðûM®Jõƒw8™Š£<¢Ì”±Í¿1m¿´¯i²”ÌcÈ¼¯Yvå/øO'#‚ku±¹Õ¤z|zˆÔ2MH ÂqÞ°-=ÏÐy7>©$ ëUžáûAGQsùç‡€7Û{5‹·0qÍü:•û¸øW¥žñïØñŽ|ú¾Z&•µ‹¦ì/œ4‘¦åö_dó((z!eµ12²!NšwGˆ[!7~sC²¹‚lP ˜ãí´Ó¬•øzFc Üƒ š@´ =¨l¥œÏ*,‚_(6úðQ,xª|v/°'µ±Ò»Ÿ˜D†x.`^E‚½ŸI°hXÕ¤më>0{{Åpàb¢êdÜ3ßœDB;b—Ì•ÖSÂ3g°×ø…L¸ëg®PDW±}—Wï°'™lÃ‡:2Hû{Ã«än}™"™}u‚X °§hRX‡4ð²›áÇò½rÁ}%´mÍÏ ßÃt–çT—DÆï©}—o´#s&,¢÷IT´Áâ”Ýìx{$oÏ©Ï<¬”º¿ƒÏV¯î…bGl\!Î ØR’Qy«mYãŠg›Ç<¡Æ =‘B&kÑÈxÛ„—åiÅ lÍáÄø·s?êßüò¥p3ÀGEÄjaj6K§è™³«¹Z‚¶3"6¬vW°Ž‡½¤¼ÃKo–àâ@¼ªfv`g SŒÆ>Æ&ïvœm¸¯Â5‰O”lBúà*7p†Ú¤¤¢¥xÚwA²€€‚¶±‹Ì&Ü¨q¸“ÌÂ‹):‘OµÜb~•Î5ºfyòð³«\{¶·P§š¶ÆŒ0³¦û^ðVø_‡<™Øñò:ÌŸd“ÕëŸØÁºMÿƒÄymè¦5lÂƒªyÒ°$ Þ“#IÚitDxšè„I!´¸ =ŸN@® åý3„K .9Þ«›ìÕo8…QÝŸØÂÑ.cvþ,1ûYæ§}¦ü– Þe~og* ¿}EÀ$ëÈã‹í±b˜T’«H(_OFÛÂžäD|X©ŠEKˆbi0ÞÀC°X™Í5Ÿ3À4_0§6$‘¾?}7CÈa§ †§Õëxã†»ÚF†&óÄ¨í›’ÖÎkýÜñ(¯“t'¥ôw¸¡G…™ h^W'¨ü'¤‡5w%sÝËª¸†=ì¾ÞF‘É)v–“aL[+ºRÉÊþ¯ÇÓ÷ù¶$‹€¯vä4GÍª¡Hèua…„RÙy½æŽü.Îêyl’…«ÿûîý%º`GÛvÕÐ¨à¹î› ²ô°` °éKþ¤ãš–Y]”²-Ör>œ¥!ñnd%-ÕÚ°D³¥Ä(‘°œ½ŠbA¼j‡„PûÊ„“2‘2š;4Íü0Ñc9öÉÔ¾@Ø-£Ã*¤‹žfd®ð"vü"“”ZÙP•“E#~~fo5¢^áõNóp C«®ŒÔîµˆ<§¯ç|Pñ'š]_Pœ’ÜÕBJÛòÔgTÃÜXhÑ\äÁ k°ëcÏ/>ÚûiœàÉï‚ÁµWxTl_ëÕ7¦tö4_N½Õ˜Œ|]ØµB'Ó¹ö»^zb«ˆa‹7¹äëaæÐT‘nNT¾`†êOˆÑYMRË·ˆcñð«àfü¤¶Ód±‰l ¿Ø²G€Žc5 P?Éõl±(WIØ_÷ËWý]Ï!¸Ôè÷¸6)Ä 8–èwâþÐÞ¿}%ÿö‚öUäûéö ¶•ß¹ØÆ%#~Å€ü_g…KvƒÑL•>W Ý; Ø5 ¦py¿YB¿rîFe ¨xìòß` ì¹Ñ2÷Ï€wR²H¤ïÊÍ¡épÈ^²ëü’Ùl§vÅp²†y–üÓF<=ö5‰²‡ñ‚“û‚ÅšÈÂÍva;/s=lqcçJæé¸–Jùà¨Î«gSjìMU¬õ=wŒk-z„‘V&\Bª‚J¡H%Î?ä&8ei»ßÔ)[/PÝWöVÊÉ<yQ¶!PRÊýwÙ¼;¦±Ý<˜ ôIŠ¬‰ôYRíàÌÅ_–¹M*þi‘8‰ê~qÄ³ëŸüaE°"[YåÅSÜp![SÔ£Y? Šu&Žâ+›¦§ð·t!s‰Bú1væê€=ì¹äIÒE•<#M6ÁÝqÊ¯ï÷@ó_™GÑüŒd³aéñ’{¾Q$ÒþË›ãÿÏ0x5Áhâ˜ÇÑ íí¹7[x4òáe© ¸¾ê´ Sƒ\•‚™fÖh¢€AÛWª´1C‡:ƒHr8k+uÝy¹ÙÑZO'ð‰abÓtt¾pý^|sBIg+U2#ûÁÑð}&PÓ‰¢¬N[’q£¹×Ê€ô‘G~×žŒß‚<³Â.at?®àÓß¤Íw¼ŽûÌÔÉñÇ7´þr É|üjƒËGÔzÞÍoI¦Æ’c…6"r§X¬.ýSÐâ`Éç7C{&»ëB·’E7ðŸ±È…†þÁ%’t¼ý5ÎÔ@ßÄÛ¬8_jkoÙ>ìm´½ÁD:é¤²”©‘ãøýå( ;$›ËÇZ?Í°£BáðO\„&'*JÇ{d«Ë…iš.›VŸ\ÍûlfÒù ãÂžAÕ#¸Ù\„+ëä¡Ò=ö†1ZåžpÌiùI/ŽJ©¡|>º+§åd{I%_Nu®2H ¸ªöú‹)¬•ïe+<±lø”bm•;œÙ‹µ¡Ò7RìS:ŽVïùi|á_l z8MOæHQ‚Î‚ÄÀ^ŠtlÆÅüÅÝ$,{S$ó`9œ²B ç¾ ‚ufDsò~›ç]—&HjuBöR˜`•ê{-çL]g“ô;ÓÜ—Øå]¸'Ñ§Â•‚,×°ÎMØæ_,±wØÜ«e"¬Rå¥Ê…‡‹{67›†•R•èû“^‘qÛ.çÀ 3³öNï{¨1—tº/u†ñxª Œ ©!étÃµåµ÷=g~íÙŠa–‘ætI_œ_#Ž‡Ðû»®Æe¼ôu'·8·–nÃ6¢¤# Õ7‚½PŠ Y%ÿø.ªh½FŸ±ÁÃ{ÐUÖÐ¾åé\¨'äÐÞœNÇâw`¿«*¢@áÔÚq¤IÇ»î7ÄîÈ íF¸b¾ëôTÚœ.ÐC(^5JR rÂD<ÿž(YýÙüâ±"WôÀKuŒ eË€ü{À½Ÿõ„g•Ûš±>h?V•»³sqÛý"h¶U©¨µ¯Ökb¹“èÍÑw[5q½ÇÒqK 9)d 9onÒc“RÛ~xÄXÏörè§£Ð?¦Úf1Œ\inIf_'``4Œoýïÿ˜›h„¾vŸÙÓ’§Øj™t3 "¯]Kç¯ªv0ŽðImpýžª"½b˜j|“%F;Ü=·F–Å:àV{/Í“ T|Ñ…fsA•Ñ¶{ Ý¾vÌD…ZKFÂÂ+”`8æ xvâÉ'>³™êx©&ó|™"/",¤=>Ç•V‹¿_ˆ(*ì34“PÒþ’^¯h›úšÞPí%ŠÜÍì2uYÃbÚDçü(X$½ü[tò•¾W©{jº“uœFÇ×LŽýê¨fÄÎy“þt|\>›N åL¸'roþ˜LuœCp*.°%·ójy2˜/) e<Ÿ‹Å·ŒÌ{cñîÅÜÐHã@×êüs~¬döëûÍ+,Gp%~g‡Ø®H÷1ÿ Œ>ùÌYx#É¶¼3úg={ÇÓD\óHår¼€nÊßP:@VÆŸ®®È“•½²E†HXŽa¾ö!ƒô^cSöÞ¥rc2Þr çŒ‹kyCŒdwñ Îæè}6ãä$Êfìƒ}â´aTÍ~DWLQAÿDò¶ÍÝ»M‡Hú¶ý6€ÿõ¢#:ä¬¾éÖœ¸i 0ÊjUH¯åƒë 2.±¾x‘ð#±«9Hˆ€À³¾–Jåâs<Ì—Y{^~C¨(}7Î»Éy¥á«™pS¼8@ðG`ü'•.ÎÀ6þöm µPàºÞ-ŽëøYÊŠ4Æd v\¡°ŸFp¦|¶Õ¤Óz; Å*S£ºÖ€˜¶úf‡”; ›Oç7¯ç£Éó{5¤ÅŒ83Š€ÆóƒÙYÐB¹‘L¢&~M´ÅòÉMì!Õ¢›sLF•©›“–±ó—!lo”-ç9Öôo’Ô1â‘ýÍÞó-J6‰ïx·€*ôJ6”ª*xÝ:IHdò„8²©df;ÔÃÑù§žp‰ó6Y D¶ Ó4_ú7],€ÐW(ï³@ó)Â<ÿRÕa”ª©Ðˆ>"É÷B¿Bß lÉ]@¶¢’ÿªÖpQyhãk³ñÓÝ,–¼ŒÞÐ«!¸6LM¯™ª}¨ì*Ãq*mŒÅLktÒ—÷†ä?æ€l7"ï¥6LÞ"U åQ@ÛêÎ´7v ºê T™¦€0Þyæ•F¯¿/kG¡öóÂnß^ÖÙ"ÌFU8¥JJ&ëBÑ¯À¡7p$=Ó ÑoË€Ó²Ücø1ØÌ³¾¹Ÿ iîÇI—2JíH¶9„ºÞÓØ©Ü‰c>Cu]õÎ´ìŒÄºøŸ"v:úXÆ=&Ñ;hûBñì-2l7Ž L»†É|Å‡BXÊxêò?™¡øÃ#>o‘¢ƒM´d ]éËcŠ¸ŸÆ, £òmmo×1¹îá®™ùÈŒ~Ñ$P€—ý¾OJßË%E÷Å‹Ý H±âeS›Ù³9ßZºÍC:¼\t„%äÇ¨ŠDœ;…¸ýôãWœ±-–WkVRz˜T8Œ¡Ž4%[xb“L¶B$‡xh ×ÅéŽ„p%@ÅiæÒGêH! …ô]cÊeìH®à„ÚØšõpXño <¿IóY^AÚ`bœÞ¸¹5@#:»Õà'z¯kÁµ‰Qå_À: BP¦o“:ÙërògviÉ¢œ@Û&…—b-üÌNîhLyË}û¢{\s£¼¾©/-EJð}\%_ûP(¶žúäŠô¤ÏûnÛA¼b¶(†zŽÈRdÄåWå,¦&ôÍÅ'ê¥–iã(ÆnÜQÝ-%¢Ãk§KüP.po3v$9fð Œ5Î],½¤o¼O˜´bñ2¤©°gÁÃä'.vµ'T›Þ"!aKŽòÑ÷4„•?)Z¦hÿ 9#L.1˜ŽL-æ¿VÁæ‚ŒõíÃt æH sNôê \«?ˆëhA;eõ\.û¬èŸª:„]ƒ4åû˜Œ–$/•»„˜`yâOé»¬W%TÑõß$Ï?8VÁ††i@¤‹F/!÷’/ÑvÇ}h€$õ>ˆ»õG0)³Ä–CDç›:;øŠê]tJW‡ÍýÁ"ªÊ¡¨ÓŽ~°ø¸®©le!a¡½äIÞ> !—ÅäÌ… WE²wý>¡-çzÁÇIøåÿv5hèü8©d>ðò~>a²ÌkßÁÕP$dÖJq"Ò/1¹úp®mNÄÒb»ò»äËôS(ÿü¦àDµMÃ†wÜõœ«V…~†oõòut%¢"C±™ˆÝmÝ+GLjpK¡¦êkÞ[ÂŽ©Àfæ%½±AG¡ÆO’Â—/Ç‚ƒ›wÞ&‡ã'<Ç|ã"æJ¤§5š}îÏ½”™<Ù7m½aA¸-ì¹2üÀ ìÌü{d÷®fÍä_\ŸÍçD"ü\·Â¦%e¨€ÿÃÔ³=LxˆE‹¤WÉ/7î(!L¼îÔ’~ƒÜ"Õ= NNZ'ä¨í§ýnQFsô¯fgÚ¸3ÑÈÞŸ…î2‡jbåA;)™h—y”‚ OÜgƒ‹Ñ:³äM1æ€#±¢¬MÀýÔ—`Ç¹¯x¤æ:8—²Ñ_åË¾bñêL±†El$¡eKY›¿B`£^»¬×fÕ‚µï(²ÜéKžEÛÊ¢.Jßð™&˜vV-æÙzÖõ×Ì)Ç…ùŒKž6PK:GzSÆ¡º¦ï#@Ò¸¨Hu]G#ŠÏÃ“,…àÛÁ0z‹4ïöŸ}ZñÓ~—!$ã¢žoÏ?ÑÆ*.Ý]cÎO33/Hã¶wY¨å7Cé&ÿ± Ã«êÉ½—rŠv•Vt´ ®ÌIÈ »YÕ^³„|RÔxªrZxŸQÄÈ•úWÍ¤‰«¹ëæC@qHëu_ëíà‘½KšØð;e‚œÉÐ¢ù“u‘ò¾”S:]ìéÆÕŠ?§Â÷²fÂ8 â›BƒÌÐ–Jû–é&¹´dÒ0ÁnU÷ØXüR—_v«í¹RK¹ðøtdKž4kùàW˜¢ˆÁ]ÅHgÔ±ÙÕÏÞLµvæÅÔ§E#E„-*Æ“‰îÔ‚x8UO3;Ž¥†a…yÜå8àdVsÐ+ô÷=cýñ>êQùêéáP2PôµïbIýÿ—¥q,Üq}¬¬Ë°ôž¤ÿÀ0øˆ.^Û6˜›J“F«ýñZÓ5Ni°¨¾*EcwÀØÝ·yáÔô L¤j…ÏkLÍˆ»|ßœ{œñW¬@”RÞäW&Õkåý*uDRµA·Átt°‚oÇøÝv}YØÞ‡Çþ¬’÷4ÃdÔ›†o±g¹š<N%NXÑØ'ÂÕr8 ,ÄƒAå±ì¥InAmÁdDÎxêHI²À¿D8/ÐÉ Ás ×JµšM8&ë@úÐGö2ä²j•éŠ>óÒ9ö£ãü#@G5ön5òÖ²&äN‡_lÔî;¹ñ](3‚§”ñ@0¨¥Ååtà¢µ«iñ¿ß©~G9Ý{+dËµ¹\©I§9ï‚”¶4<)cLš!r©%}ç]“âR9½ÊF“®õ> ÕiŸþ·ÆæŸp-Æ«Êâ8Ñý;ÁoâòÚ)s|ÿ1²›(("õ¦eËX\pL/L£P™(Œ“+6Ü0¾Då††‡ãåðc°ˆ¦ð–7éB÷—¢qÄVA O°øâþíçÑŠØë.¬¬Ý~TÞ„…µÒ¡"îq>9à¥úÝÞ8ËØ¢Ð_èêóCWò|À•›"*4X~ƒÛÎ˜Ä`Ü‚±ýU¬LÀÞ±”1:¯žb‘^Ë"ÂNBÕ‘ÅM$wé ,æ–ùlsÃv5dV‘?T§WXÿÔ eö³ò›MxcQiI—žwDq¦c¶“ R4%²¤Ñj¼§U±R¸[ ¿IŸÁ ÀÃÒ’ˆ—Dõ^ºËÎwº<-Ü`¨ãRÖj®ïjLåp\‘øYw¾ˆ°Ú´ÛÅbªù&Ïéœ(ˆ`o~‰<UHfØ@À»ìH®M§ù¦ŒK[s|ÞÔÎ’O×é´@O”•äòhÕw~ÊÑ(â¹ÉÕKw+¹°Í¦£) $?dZ0Âu ¸ÔRè6%‹4b/Tlö{ã¦Nq»€ÚÅ^Ê£CÓ=·ä:5BHPUª1ëOcÊc/Z÷ —(ƒ(˜VÒß¢PÛqÌ±v¤ÌÄn0Kø¬ßN©5M ìr>÷¯FKn×‚EñìÆ+ù…×± ¢à?…aa¥.£†_Œ¿Hèô“TOÄãd¥2Ìkï]ñn•*ÿP„6ˆ¢&H÷ªÈ¶ aä;×nS¸8†3ZÏBEäèÍ+Ùó=ê:Œ;ÌãEq‡lP*y¢íœ—‚Ái`©‰Ö$<ÓMòð5[ï.\à€ü2b”gso¥Fäk9›8–³c;vs€¢|çã¢Ù¸ÏAC7¬^W9KÐa‹™æ_7OªäÑþež#¾›xúKÑu¼#ÍÛé¿d Ñ5dqÓÉ…„Q'zÄµ*ëø*ÍRâ§tNaÑðÃ» <…ÔÒŠ3¡bÍ‰Ÿ¡¤îDgP¶éY$0‰¦ôx¶ô"D3ö)¼ê¯H”ogç‰¸3sq¾:â¸âT´!'ŠHW^üÑ|¯—º„©‹L]ÿ{ƒ^ðYù¨çmV+†¤æUtÌÑîë S}6ïùJ2 ø•ƒ2ÙnÌØ*Y‚apQÇ‹(D¾ŒîÚ£:Í<Ø…ä|S¿_¿Œ¿ÖÚ‘lí¢hÈn•DdºË$³oäÒ¯±‰^÷º\¡‚Ñž‚¢¥ÉÝc—«c½3C%e^×YÌ_êUBí˜Yô/øÊü…ÛDh×&Ü«zk¡€ÓÏÙ¼?óæë:âr]þ‘Ók‚©°(©ç‚˜üí^ÒOÒðAf:‚)J„ÒœÂ‹J—Œ'wwç¯´l¡ñ‘Ša»tY: X&û³ähn¡]bÆ›Ð*¸ô)ß×}d®‘Šb)FLsmÍUÕ=OüªÉ©ÓÉÓÿ´ÏUÚWÌWë€?iÅÙ»Ì”f BÎg êØÞvþ§KR‹» ÑŽõççQæ3°@ª¶C"mQ¾,g’/¸©³™”ïén¦”ý´ö‚ðÚadÅßI9ž°‘!ööhfi•$of"û9EóÀvõó™ÜÉÈÇï€MÔßŽó8Ú“Ë–™ÌJ‹ƒ"Y&ùQøóïÕÓsÉÏÂáÅ¦ã„—nžpKËol|_2ªŸ”¼lwJÇñæÖ|¢éx‘K=Z]ˆImÃ™0Þk‡ÃÚ€—u’û.ÌóÆ‹øÃ¾m@xžó{ŒÃü‰¼ŸÕÔlöàÿ*¸¼.vÙ_=>e§É!ZÈÖ0¼ˆ½–‚|ÇÉ—ÁEeR¦bÌ P°)4zÖ—¢,%sþ†eÃ¨›#øUÀh*5e'—ž(M=à¦=q ˜¨sô†£$7«Sí¹r¾Ëý˜CrÞë¸Dc¨¤òURn:•†Û$N2s8G†›I”uÔÑc `rmÁ´Õc¥Ï‡ÜÜ×åhh²| QžBÇµø¤I÷²ÉläªüËB/ÙEåjYALšÅYÕG\¹èÞ¬L4ÛÅ.:yGºnÁÆ7Ê,Et¦ê€õŽ^^xÃ{v¸É[¯[Ú¿°³ñ`ž BC‹®”@‹‡'±„BÅ)´–»sÁ m‰#$|”®”qú ù†±LJý¤M4LpKÖÅM9<¤Öà1zÃ›rò¶íz žå,¡2.'‚e¼·YË¥ÄìƒBÙqÅê'j®"¼!¹á©q„I]:G=ìÓ÷ÉÌLÅU×ë·\2÷B •yüZäÂ¬ÓÞ-1;D±0\ðšEŒµÎ7e±Ì³G‹@ç•ð¦óü›0. –ÎÜ0ŽS¤ÿÄSË²k#Cž±I°†‡<Ù†–ö2¯žÔ4èØÁKÿ3=Aõ;9þí!SK•ßb^,"0,¸¹ÇF—Û°#»üòÞN:º6›0íïÿÀ½ùg¡aîkÔ;I{¶ý¡“Èk’(gÁñÁï°”xÇ¦âl«êUhPq¦‰ôûm©Ü3ez½Mú@±ú¼e )§è~¥€séÕ¦wÜÅËð×¤NL¡ÇõÂxâŸæ„³fc§ßí# ðí;&-@N<©QÇìúŠ‹oQÂö®áE7ø2ûnsÒ¾]@Ÿ´ûßƒäUÍ9h*Îî!É,Y ÄËl!á4ÖŽ,V¿&v®ÀáDIfO©õ'Øœ-^Yº§)cg™¢ˆ&€~ÔUi1¨PÜæ–À‡‘Ì}Èk¶}‰žDv¤òÖ‡?<¢[ŒÈbFh&¯™M*t¬~š¾þ‹ÕóqŽÍ,X¡»=ê;PT9fPS: TŽØ"5#}ûWNv÷vÛ{!Ùãèª>%ÃÑá}ÃíÆp”R±£ÿ%ø}^Õg=í9³Å2NcÖkÀ•š(¾}xP°6(JQ&Æo4L,+$¤Údw—Êöc¢©i×ö|ƒ›Q®@Ü˜-¥à’×Vì}M˜^·‚¾@YÝ„žIûAj!{Ï|+73| CÈ3j¬æÈ¦%¥è8Ýr©ÉÜzþ‡ƒªëì¶%š5„¤‘Uü¬þ.d”Æ›v{®–‚ùåÁ#€ËàÏX?E«îªNÛ…åûk‘œFá-QÎbn§üÒÍ'˜dÉª;c›†'ï†hµá)±éŽ€y¿€<4%õœ'vn†¥„$[¿]}õo×¯—Fï€gñ<¶öó"‹à¦ªëŠw? Å£õÒ#Ôý>AZÏ%ÿë* >\íë^Ï¼äüçú_Û¿×G“jy! )º—³°f‡GQéìÂôPáf,S©-*Ÿ…:¬Âººý¨QêlZ¬4’wt\ç–×Ð3*{Ð›.aÐèÆ7/x&H 7©N*Mµmrï{õüúâÅé8Äc?¶»Im§±uAîòßÊ#üvó„ }Ö¶l¯O\™ê*¥L,YŠ`Á‡ÃÜ¯SàiUà¯s@›H’BeP‘$Ô†½"^µHô¿äwÇ!K ’@në‰…N®î{‰ïÊð87è¦UŒ˜‘ŠlÜÔ<-»þ{[Z)ax/ðÈÖøŒ¼{zÿÅì‹—ó#±•|Ÿ;ˆ3H>¼J Lt9‰p¿ç"7Ñò$Ð¼ÜÇµJù9«–L” Ž˜xûX4‚÷~.¬P6Ó¯¬‚n¨3'¸ßzèé–âNOHÛžû—w7À[û0ÈùÀšßAÚ¿³òº\ÎHæ ‚w_Y¤:¿eé4Ý5Àþ‘ƒ9ƒˆy*v á¶ÞÀ«v»hTŠ?z–5Và ¡áÍ>I½gý@ó<›qüØ%“•=£ä„ð…LPåÞÛ:õ}Ôš`¥[«çÆ¦¿G‹-q…Þe§{Î½ÌC‘®ÀÙ‡çZï ?3£~:*NqÌIõüj%Xá‚ Rê¶cªk2MØlO,¶n7^ù{—Û!qƒP›ãd_Á3ÏdK4ÆA'ýžš”I¸S¹]vÅ3õ°ºjó¬Õ³oñ&@ ‘fRÞGØª‡„Ïåº™7 Ã,œYlÉ_VjÜÛW0‹O.)Nçà‰î—¢m^”Nj}xiÓ;¡!QK"«Ó‘.jDîÄA hT|í¹«±Ú«£3›8¼˜`"Vq8C·&q ¼Ù’ÚjdÔÌwà³?{Ùþ(d|dKE³ÓÞÔÙ ê€Zè‡©|ÃsÉJÇm¯2ìÅðý-^3”üû|-¸·Ñº¸Ò„qS{Ç˜ŒfÓ) 30÷C‡ÛMÝNŠúàÊ*ô§è.%@þ®Ä×Ç¤©‘Ü”Íÿ5‘À]ßÀ™–hý¬·9E…üí^“‰CéÞ»ô6dËÒ9yÃ#)ŸÂÌt±ï²”¸Û ¢…E„§#íE0½Þ%ºé‰¦ºó9\C~½*¾§ÅaÍV&á†þ¹`Qîãºyö±y¸ þ+-õW£¼ÞríÆ`u"Nm¢½y6†TþÀÂë¸D&àï7¤FNfÉ®¦´³©_É¨ÜßöÜãœw™÷jÒ `}´Ž`éãPxóâ1JŽç²ñ‰²øV|ßgKÔê Æ¦×ËašËªé,‹×U- O½ƒ<¢÷¯=ÒõÌÁ1¸ÕÊwÁ®rdòØƒêX62ò’Æ–ŒÖžEŠ>I8%!pÞ2•ZZZ/šê»-jTRnO2Ö¹9¿}še|X3þ¢Évmö?~ÔlÞÁ J3m†;Î^of`º6CÎý0¬ãÊŒaÇ¾ ””ôÂ[òÜLâ°åT8¾@(ÎóþÀ(Þä6n<´f¯ÜÔ>³âÜAÂ&Hü"ÄÌ‘Â´¨‚ÿ&’F;¾ \ßÒP"¢2€ŸÜ ÏÊsú&>*‘\#ÆxbÖ‘ùÀÅîæ¯Á9y˜U¶ŠZ{gq:8ó¥P·KÇÌï´ðuÅbÝvÛþóˆ¸ß†ÍkÚdM³Ñx†õ7\ÔŠzÉ]ér™4ÄÓÓŽ·ÒfÍï(#úbfïäÒçÝ×™M`£ÛÏFCìñ>ðc}ÊDiŒÓÊŒE·{v8&¬læ. 9?ß²—§w›uŒìÿruòKw²âgÈàHö¿1ÿÿ"ã»Ï-&Þ58¤`ÏÅØ—»ƒJ×rÐøn 0~‡W@é¥ËÇB†[óÀ´kt}^6FªsðGälþ²…µ·v:Y¾ Ôæ#Pzˆõ;—Ãä¶ASœŒ:mÙ–MìÀ²úv5¦q©ˆv Š±Mškàe%1Y/`Ï‹%šQ|.ÿà§ZW‘ïXZ»ÔyÀ“A–Þ |ìàd%n²yHù?ƒFà(¡µù¨¿Á¤T!{M¾ä¬ž$˜@Yèø§|j½ÀH¡~ûDL” ôòJ¥M%ÀÛ+¨x{Q_øtÿÔs°¯*ûsü¹5.›Å¤#ïO)YfÊœéñ~x1—{Ù1;G‡Ú·sËú@0ÕIR8ÊákŠÝl(gî…_Zèg È¢:gØ50²+µ$ßj+Ð£&r¢Ýª7Cb>i¼^½KæßKãJ~íº»Jç´êá"¦ÔˆRµb] !ô¯^½sìã¯óPo½³M.·qEmWH¹ÐÇó ˆÄãó*g¯¡ªŒô]ãHæå-µ§/Šü·c2¨Ãç™¤ˆá:ÄÏkÒVäI‡\hü‘bŽiy3rÏb{¼š†®lHÍ6¶éF¦þöÌÊ}\TF<ÎÓ74f©áµjÈ9l :m+y"w/]C1,½Énê¾à¬kû¹Ñ®7ë´·&f+ÿ8™ß¯·+Ïœs°ø°Ûœ%ƒw¡póÏ;ÑÉ/«Ú3¶Ì#ää¤Áö}Ô¢½ŒÎÑh‡Vk|©z“ã‰œù›xäÁýÖuM€„K%‹ª¦Ž©òË2&¯4½b¸9™ùµ#š‡.¼}Ü™´š‘dÑ©]Gï2]éž†¡ß³•RuDA½)ƒ!¿¾L³Äl¶é®«¼C2…RÊ¨'c”œçAbS?Ç¦—¬ºÌ(ú'¼+k¾Åv\£¬â÷†mW›v¯ÚÅ‰“ÒMD‘5l°$46Ø‹žJ«Ý¥dWIË.À'÷D1”sý—`´ R\Ò2QG7ólS®Íc ¿"rl@ZÏðîÖµÐ{1Ôúôskõ¾Pg}Ü·¯9Jgò|Ûvc¸][˜®}]ùoŠÁkih)Ã¹ûèÆÞ\ƒŽF6YÙN:°pTDÅ:‰~z!-ä-|÷öÃ&m:Ð×ðŸ™¤F¹No lfžQûY*Ç´"¦Oµ#›&¥XÀ CorŸôìZsŒT«¦°×f‡³$££g6‘±*Ñò-Ã•õœ•ŸƒÂ8ÍÀ‘ñó’‡ÃÔÁ¬Ãp„ÓÀ°—Ú©è—8#I‰4O©IK÷A÷"„kç›bb…êXoSð$KØ#=N…ƒ´Üô¨3NŒã¿–pý"7õ ã6d>j‹2ŠÊ Š'2æuÖÚ@ vK*ë‡·Hrcÿó¢|Cµv€ÜšG6øò‡£¢½îd¶C`Ùh…ÜH¯óžérÁ{…L$Zš¿ùå†¨²„<}ÕF M¸ ª%>¿¤G.ó´0–‚)7Õ.ˆ"’ðAîÔ·r¥‰*¨Ü¹5¢Üè;•·v-ŸZ —XB#ùVÉVètš Nx o2öaÍô`yâæ=ˆËŠÁ‚7Ë™ï\yUð!æ¨(:[ýIkIË€7!^}Ï½]€\ÓO@Æõ¾³{âSˆúüeï"½šcÞÌÄçö4¯ƒ¿:½ÛsŸÈeÐ³¿ÛŸ•Ôµ•)Ëž´Í^/1"„~d#BÐ“‰§ƒ[ÕÏ’”×Pç£À±ö-¢*[*äU~/ÜÁ4W?)‰í{çSMÅßbÐ";K05É f-<+ 2£ÂOæ"BÍÓ¢f2ÊÆ|»—Eé`Z×,Ž‘‹²JW4n5©Gº\@Teñë Ûå NXŠcû!he˜|üGÂoùOÈŠA.ÃAE†zYÃ‚x6&Q' S†ÔùßxÎÊl©@0·¨_Œ-:XR”pëÓåýƒvhbY|ñÍ,"mtí¼0 å3Ëë8Ò‹Q9´ÈënzžQè±+9ä¢“î$yÉ¯2ãKÀ¨”9¦Qwó¼SÅ°nçÂI¯ Š*\é½¦»¶zÒÑÉÆç„pšì¤—çK«“9&ù"˜›ÜÐ±.¥ŠD"Þ+rkv||Ë¼ØÕIŽïEM·-È,[‚¹YÑ%°ÕEtëÝù¥ë0«î³¢”¬¦£så~Úÿâ] \°´è&„“¦lŽ²¨„O‚í^Ü?„í#Çéf«¥T=.“½ŠÈñJ¡ëx&¶+@Z Ö]œÁØgø‡¦Cy´0"Çý¨ƒíl¶3Ð>ÜO¶ôÀ)£ažª7V¨®ƒ¦ƒ÷Ëf>GÊÔî‚%Æïþúˆ¾Da¨–‹KÒ\;ÉZDLú#nÄ‚¬¿³h+úHŒ½åe¹Ã–êûç¯µ“Yë%¤âx³Û×ÉY§¼fÈbäFs\UuþŠ4õ³\cÆ¯µLè®FK˜HKÕ|X¹_þ¦*+àSþ`¢Œ‹ÂÌI…¼Y‚ \¹J¿ÔÒk¹Œï<ªÌí£cê<Ý^\þ+ñ ¨ôºãÜ#µº4.ždjU ¡¹l™geã¢]-Î£¸k04H:jÖâ5è‡‰ãCÚBñÆìIêÒÒomô%±'ÊÒ-u"©s ÔDWkµ0],º—ák}ÿ{õ‘_õEÐ^´ÿÆxDµ³IÜVzëZ”{ñÃ)ô;"Ÿw)$$éo»@üì…¸%°UB÷”\lH:Ê‰â®æš8ðæ‰€²/„±Nï²jÁ^¹/´O“ü/gx]j3W&V¨°ÎŸ€c;Ã\o\8AÓ¥x—yåèÁ´õÁ™—ßlwàEþ0ÄRBf.@èYÂî.†Q¹ªiêL‰¾Væ~Ž òéàú´QùýïÜKL%éîXõ#èÐ“{ÏB“qê¿ü^èæT_t¿ö¦açDƒÅ‹p%$”~—QIöpd<Ðèœ˜×I.gVvFé¡;Ðä»ž)Q3×"Ú‡!¿½ O>üÈÂcðo ÖãÎ/å8>PQad„ÿˆ@µë¶¹¬U¬¼I—ÀÍÐxFFÂSóö™Õ¿¬ârŸ¨oÂÛ~6•Eé`}B;ïÞøGÉlššúŸCHÁL‚‘º’•}Z"<â}îÄÕ¡*y×#zc“Ò˜$#°ªíìï4¿XÀâ)Xiæ }ÊÅ"”Îè×Wõì.8Y&§Úü~¸´÷†¬î¬ó‹«p€SyIóL˜ÂåÐÅ"NF¡äYÇ,ý«o:ŽêË1– W#mÔ PFrÆ+)y§\#)8R–·ÇÃÐ»±IŠl6ùî‰,<ÄÚI¥C4$ ˜£ér›Èb ŸÑ€4oò”J#N~ãyßûàÁsK þ˜…ßZ1žphö‚½ÔI2,f\Ôœµ7åF¥µÑ÷?yŸ•éÚÐ2)(ª4‘Þ<•1#öP1+ÔçMhð{?ûÌ¿pþ÷aS¯â-h›àX‹¾`¤${úsbm¤ªLJ¿¦œŽØüw ¬f'ï‹Ž+ŒX×$T¨ï;wŽŸ‰Ÿ—'d¢Ÿ_aŽµ%ËÿoªÓ£p*Ø¬°öJ.HiÞOpØNÆäY°ÐR ôtÖ©äú¬ç;§´30Q)Mv]Wò'mV™‘S]}ðdKp~é©¢ž÷I*³+c¶:ö æ‹,òlaÆmj#51c|BjYaÐõ¨†w ÷I‚ðIâGwîh-ðœ)b¿u>e%ÐÂ>ƒ#íèüæ½=%LðWcÚ¡|å~@Ð>F~¹þ:’wã#Y6¢»ý/ÕW£-ÚWÂ—ÎExXmŒw¢,Ò,E„qÏXé£S‚9‰3¯¢j[×¦Ô"d6Ø…Ò^¶Õ«Z$¯Ä ¥>ÝÞÂpg#tùŽ˜Ëar·90î²ÄbR³€²¯i©îüÎ^þøÊ*lBuÉpŸª|‡œwÄðdñ&ÔhÝfFÔÚ|Bìc©N,îyaaÈðÒKwŠx‘‹Åˆ¡õÿ{ôZ¬ %÷ÕmFßóV÷k6µ„xO„G‡ëš|•µ€œ?8j÷›ÁÁnQ™úG,ÿ‰Y†×ša|4^É–ÁÚ{eË Å@NýÓ7å3Ž½éÎ‘ÀY®Ûï0Bœõ·ÈëH¡À´s¯œöå/á3š –øƒMÎò$Ôx‰Ì¼yCJ˜ÅY^¸-‘¯¸—óV¢J«â ¦Ž1a7-°”d;†F^<Ì‰óSXy€’Í¢\ÌbÌtÐÃå-~‚5]âMœ¶æ&r Í$Wá£ôçG<âåú–åÖoÄH˜—Jiš!ÿcÁ ŒÓ®£]Ë˜é~˜tÍs!¬ÐpPVÙÜ?¬Š=rY×˜#»òïxŒ‡&«xïÕÚ6õ’l>1/ÃÛñÈEB{¨øëÍßÓ¨ûÐ*jJìòF†aõ&©j…ÚKÿlyÛk^÷Èªá„`KäÔVC† †Òß†?(ìˆ*’Ýý¨…eA½ÐÇÙŠIÒ4-ÑÉª;Äo¢‹«²ëÙjÞ0{{ À}pùa"h](5g§ÕóÒ›˜k¯½òJI¡-ÇM¸{Ð]NÇsz ««Ï"F%¨{‰”ø.ãúEf\õ$=™—*Î¡™™’9{P\P~w÷²î-E~Ó#û¥Ítô³à,•†g 'öîþºã9k²‡³¥'Á½ìçm9“¥ õý:._•ã)vžŒÇŸèjØ‹˜¿$’°÷`²G*g_}”«£ú?‚¶2lù[´«‹ÅFÙ’Sw®|£¥AXcR—ÜÁ2ª×Ží Šzá}6“&Æët ³TL;¯Ÿßÿµys¹Ë3õg%ô™Š$käÌËúßT¾Vï=.—aÅÀœLáZÀ<ƒsxî.iX—• ²/.™ Úó¸¥NPž¶ï¿w1%Q’º*X„N—¨×¿õèýmìÌ¶œû_ÁX(¥^*É’`æ“ýn{Ôà'°í<Ÿ€v21wžržü!ùÅç‚r:œM”3÷ 8$ô¤8gK¿©I[Û–«ÌKa6)©5©D·²Dž€”ýWªf-;]È¤<Ë¤¡®[¾Dø²]ve: 4ÕnùpŠ¬¼é0ý›Yãè=î)_|öËœ0¹BË\´=„Ý Á+¾~0´sµ Lˆ1‡×œ[€x„‰RÑ£#æn*à§¶ÿãÚ™‹{¸ÀéÊ`.0®Yi¢dÛýœ©ô ßÆ0rÕÞ/ª·CƒHMDXŠZ=•˜ ³^eî×´ëçÀ¬÷˜¨ä=õä*°žä0®ì“»´ÖAÜ`¦}©šµdIGü_ÝQ^{ì8™|¿q»O>ÍMÝîiÅ¦Éö‰Û?©^ÿöÔ1R‡C³Šfûï€|®[ÛãÑlyàämU^0i÷ŠN†&`ù®"?QKKüõsv¸Z+ÌÍ°µn¾Ð@_Tß(¸°£!_¿ÈÙ7‚täO(KŒ|‰ÐÃ¦´é¬“E8îž¸ÅÚ¿‚¶=ZäE2²§cÕµþÚ‰PD²JK>¢ñGÝùò9˜ÙŸá g¶R“na¹¥Ò`Ý¯Bm•ë“bºÐ|$Ýƒ–ÉJÓ¸ÂÕÖ%K°ÏA1Rãt‹ÌÞ›²9‘þ…Ú—èV U¤]ÉÈìPfB)Èžªù¸šÏÕs j®ï´ ÝRÇm1KŸ”©XR£Šáƒ ´– UN—}v9Tj×e5È(=ý )F9bî¾Þï¯Ì0ÒÆæýë“QËŠ¢èkiAs[Î€£ø´¢ù Z«cÍ1ÿ2!ºS“÷xSÌ‰„¶C Rë›Qy\?´ÏLÈ1?ö¨Zü0›§VììÿÏú,È¨7äÏÆgOÒÑ1:ûŒv!uþúòPüQuŒ¦$Ê wã2‹N•¾õ[îÆÈþOºT—z rÖ–9ÛwYÿ[Œy¡i¦7]H” ¤],9Ðù{p%®1`7E()ÊƒÌ–«)+ÿ0îjR5b»ƒâ§j§dŠ^¤½ÇÞj“f}(œ5ô†l‘Ã¶oi¦}[þ>8ìEêù^p$¢Ê9Tk¯.Ôlû4¶ ª ™|kHŽ(¢‰uÃ§ÅÓAM+‘€ Kœ“¿ îìç~’?;AO¯›t òDç%8Ü ¦dšÇI€–š7)G‡˜‰Ø‹ÈUú´õ˜„¬¹ÓeJµî^5èƒÖçåèP ]4´ªNÐöþ…c.Î¥’—Ë^_ÞM°~XÒ!)½9BHBÀ‚q]Û„Ê;«™ð¾bË¿Ìî¯†Ä8Ò0Pi–R ‚w5E›ànS]W@tËby¡2.6¨`~¬Š‘ï/¾n”¶ŽÁÀ·‹úÕS6^Mù€¡qWmî}€S¬E}ÇU<9ÂNâ9†ÓÃù’X4—Z6a¾#·^W$À·æ?„ß2&n{G–©m?G¦äÒ§ffùç¨ùÆ»ÜUÏg!+é©Ša!4ó=&â¼-¦Š‘°/cG9þw6”²µFË×vÙÿ·Ž¯w-s‡þæ£›ßÈû°‹ËÝ'“qv KÚ(©cüjàîüÁþXææ©pTº:¢"5€jÊ”ô—_ùa |™vä râ`´´ ¶¼Õ‚›Š/Í'™x¹)¸©X<0ÀÌ³óvs>`i×€ˆú¤¥Å‹’C³£M0“ö<¶~á°YIaX¿ði‹¡¿ùÛžë(#dµ*À“ ý7æÛõòw³°âêX%´ o7-¶‡\úË±ÞËÓ¦• -`†ÛDNøw êIÌÍTá–QÒ›øµMS‘‡â¸x£!›ñóÎhrtÌekÄÕ”›'³¸#>µð›eÒjÿ+J(§+ÇË+š•–pK¸T["¯ä¬;2þ8w]/qåu}ÛÑäSGÆz[%ùº±D[ÖÑø†eãì´G…€TUã@J®awª9ù2Cðæpy¡ ^3°ˆàw’)sá°“5kFzóS}?¬.ì|'Ð%–‡R¨Q™ÿFKC AušÎÅ+åúÿúuŠ//ë¶ m®¯\,ˆÐù8Ö(,x¼ óîí…pƒêÃÚî®àƒ;Oä‡’-c!ðD×Ž¾Ð$'ÐŒéÙ¿kÈ{È^iö[, fW”ptõ?Ï†9P^ø–Sä+™…+;·ó·ÛÞ_‘ [¿¯™y7fOÉŸJ~œMQåiëåçg~çzB4œ>ÌÅ+TlP"ç¨JOP¨ÆÎ¸ß0x¼nA«Ñ£“Í3Òbvº=š˜•&ŒÝ¥XG¾|WG“øJs|L¡ó’DéûARÇÒh¢©tvÚãdš=JîÉa!£¯aB4Úg—AŒ¸ßWì;mÀO²-)@X!`o“²aé÷ÇhÖËM~}´ ],d½ |[nNt {«®}œw³åì-ë#'ßÁKÆGL¤A+@éÒF¦æÙÑXŽy¡!3ßÎÏ9²H‘‘#zZÆ\·:gP¤N28k÷°:.ì¢Ï¹GÍû@îðáþnßžl=;_IÐI+Mz—Ÿ¼ØïhB†Ž±³ oÌME z1]5á™¿Pú &ãZUã¦7õ²Š^ß®`^êÔñVyôßØÆNYÒ'CD,î‚6ÿU"sÂu~eÔECO€Åà XmÀ…þ½‰Û*ô_d/kJ¼Ÿ6g9¶ŸÏáä6S ·FŽE.öo: ÷ƒÆQ“¥ßÒ_ñ½<Ýþ‘tÌùwi¯ä,àí™d{ÆnZÌÞL ÐjëÒÑØWÄžG%g;ƒ¢#X~xÔ©Oò«6¥ÿÅ„~Ï³JûM$MŒüÍxOëÏ'é¡ÁjiÞäjX†!ÍCž0w"ðË|AìË¥¦Ç¤WaMýå)*Æwòà çÍ²f AªúPtoTMªMVèû…ßïÇyÁ¨-•+\<ä<´²<êÓBíõ©ÉÌó2^2K¬œ´¥‚pW;ùÐ´5Â7ó÷ë_àÀèu{†åï÷„âìfI¥_‰Ïúê±I¥©k@î¤4@|j+ÐÁ@Ô×6cúôpõ{ÉŒt ß«9ºdGÛæ¶R±7€iÀ]³€ç ß°=Ç§ßŸQ`ÔÚ…æG¢P/ÎÁCì‰KÅMvÍKzy jvÂGÅ†?¾XËT½IÝ¬yË_ÂÙ,…0pzŸÈò]út¾Ð0€@ó°«•ÿÉ 2¼wþM¤YžT7õö&WiÄ|]h+‚rQX} Dr~%¥£ýøƒ_žlZÇö¢º–yT>òb¬’²÷¶gÀwž?¸Ÿö%v:¯‘ÎéüG™WÜIw,a¼ñ<´Z¦ué ’÷Ô´KÁQ¤UÞÆíRN_¼®¸¾ø<£êÀBSúÛø*‰:#Ðø *ªKM(~¥×u¦±“'q³JèØ’‘¢~¼ÓýíÿJ¶ŒLÓÿm˜%À6=TI{°<Û+Q¡ÅBå‹-Á]j'P% ÃÍ…] %Zfîg{¹³¥Sël·ŽvgÔÔ°1ìP?•þÁ‹ïëƒ£~Cçán\>n(uÝ4o¥8IÜ=vi]ñÂÚ~ÅÜ/ô²`9zï—Wî]ò¬@œ¡(±·ïäÄø§ö|¼ëD£ï2U–š:W:ÒU©kc}+wvR o6ðß–v0¯Æïª_Bh`á¨)T›ÕV,ÁõÈ€eÀç¹Û â;ïý‚Ð#Ø!ARRV4…_¼!ö×|sÐ&¾bÇ \Ÿê1€AiÛÓÇÔ2ÓÍ§Uªß%†áe5ßM-54hYº¿H‚5Ðm§Šh¦BópÃÄ’¤ãÓ‰eÜæ±®8ˆˆ¢š>Ï^Z÷±ÏÙÝ8$òcô7rîßâÊÆ»ÍðL_?’§ˆn¥@¸y+HÄöõmÅJ‘FjSUj2H!›£IövÕ¯–Öml¿ê_K£ÓJdb;t‰ðXGÿfø%¦êþ|Ô“M7ŸÒÍy ãÞABF †¦šÇaJ Ö2Œ ÕŸïè%Ûžå–aPd*·”ÚºIdlkv0î(Ñÿytb³Eä»údÍ ¯DBÏÎPq«„èJ;xÚQ(Î+¶ãÜd)ÛÑŽ$xžôv¥í×ÅÖŸŠÚh±óCˆÏÖy}©ØÓ_¯^4Ä“•¢Ïå+É°#¦µèP@;²*Ø[óêU°ŸÍtÇ³b[”ˆº~E@ ÜŒ&m–¶}©Ô¨,sß¢Ÿ£{¥~qèb±Î/U†d’Stì”x“,ž¢«orx¶è gêÜŠAÀàÆDMÂ¤)~iê¿3êÓˆ eüb©{#lÓ®ê†pü™’g±c.ýQ®«y^c"û%bhn¼Ã›VÚ´²³3nþÏÐËf½auì4†Î€Õ%?Ä¶Rú0AÇ4ÕvîÀàEìkê—†e/N0à½ ñsô^Mÿf@È=4BÄ©rÉ©ŸJåw¾rqþ¬+(úØ}D²ú1Švz}Ø>Åúy‘Ž·Có:]X'—ú®q¿naWÅ‹ „eg>'@OIrñ×U}£T°cÂq¡ $ß5êtY„ã“B÷ˆ÷€^BQõšWBÂSØ%UpÀÀèÔ¡ë3iab?GIÕw5D]`Ç½Ú|ÄÂËZöñÕØ,##‹†Úàû7æíñ‹ÞnZ¦¡(;›VÔ©ó@<ÊœäÙƒ1²07ë·<û;Ü>^Çb‘Qî_Vg9<Ûr(z5ÏÁ(ú¹êï¬’ûå—'†àõË2KoŽ4^Ï“Ò[íJÕ(×Jý@õ”í3*ìhoÐŸa^œeEŽÎëG0 £Z=ø –d=®ðê˜¹²WÆrUT PÀ¾ÒH¯GÛëþý0™ºÑ_¢|Kñ’!œYB4_U*tð~5W*IDpº'ò8b+YSÙÊVEäÿIl!Ïr‘¦ x}Àœóš$ÂSMS‡.)AEÌ[VéŸšc\(ÏâŒ«Z¢Gj¦Œ?ú]és³HmpãO-ÉfÛ*Âl@™Ô5ÃneWã^ÂTã`8—!AÇ*õ³ KÜ,OhC´\:¿Ñ•ê;“Ö÷Â’…ÅZ‡žû ¡Ó¤¢¸ñ¦g‰¡-ñòØûw’„î*\X×«ò!Éš“]ß’käQ¿Èmcyˆb-ëqozÂ‘eM^Nxƒ}’Zì‘½PK|w·üaix¥Ø †¿+×q®¯J¤þ÷ªáöÖ ×òñ"“n¶Ý“Çm)ëœtó3¢¶ÞFZ ñô_Ü$¡à†IˆÞŒX ÂYïâÓQ¬å¢‰A¢C¡Ò¡-Zf:ÎÆ6*W"§<ô¥ˆyÝä.–æ'm3«½©ç¶>U!ø¹wHäGp/|˜¨ƒ¦_sÖ¶´-_Ø¯çnV>‰îMì~óñ¾ä“~ª`‘–%ˆ.^Í¬‹Ke^äwmQü™Ù"0¾5®¡lÖÀ»`s+Ér¤`«@ ¥fÓƒø6ïàùå™PLx7ÔÅžŠ˜,X ‹£¾ªeRã*’µÑ£'Å"vÊN:ZåÊ.Š›"9QŽ‚(àø/VzŽ‚÷KyÔ£ùwþâv¼k= µÿÖj\?Î¿©÷·Ünd1²ø¿øÜâ‡¹à¹êëÛ.#ÏÞK« “k”ØFAã±Ãê¨Kª˜x=jêÍº|#3ïl|÷û«zDñq[a¶/üù2n'¬’cÉÌØštÔ+BåãHµ+¹kÛÓ»UƒØêQaèÀV q/÷8L1‘Àì{rÍÜì%ZôŸ>ù“5Ú„ÍÑiwŒ¯E' 0tÔé ˆxÌ!âî¤#ë*ú 0PÑõÁ:[eÝ6a(¯ð÷Ù6òÛ«c›q¬>‡IE¬±Ûš²çt¬[K)Wº\ç÷Ëò›uùÍÁ‡¯™4áü? ‚ŒŠ)å*H£cvÖ!-ˆãÇõŽ¤Ó …¾¹~Vü[` =ÙÎ Ï#„+PÅÝ‡GFˆîðAîØüÂêª_tãÁ=·o!ÓçRÞ¤u3lÚžƒÊÉhv¬ …>Î©é{#ƒµÞƒƒ£ÿÃTajw|LÊÃóX;½Wñ1cÅwDM ²¤–#ð}òïÏÃØQ<‡ °]«é,Úwâg¦ÁÝ·õ>¾ä™'ó²Öì1ýí¿( 1è‰Î†>Ð‰nãNò¬ûào9ƒ›üù^g`Mšúyñš¥•%¿Ô2<Ô#gvŒ0œ³ (F>-¼ ¹)(t÷‹ÏZöjË“aR«ñ8 1’×•F™_RGÎ]qüû¢ßéYhÉCÐ¦º¼VCýs:Ù=zÛt“˜P}P/{æÒÞÌÁ–{vÊC°N 3ÆÀ²»nÛž ´¬Bz‰ÏÉÝ°ó¥ï}`ù7Oì¸5§ÎuXåÚh!üüSðüÖLàWžà1¶wE‚Ý}è™jª Ï˜ä§›XxõfEFá31[‰†‚ûE¦dÛ¯ÙV¤Š"ED¬<‡–n-ŒM¤ð¼MÊ¨çu$Q8 sÙC–1¯›NØÀVD“%‘û ˜w›c¿*ËGCÖÊrA*HÛ¥Ô‰j>²î¯Zq•ÿ‚çÍà¬¢ÅÃˆà—õã§ÕÚ²¬h¸ÉŒf_X”ïÛŸÏ\]åŠ[kéÔÓ¤fü£]"-pû¥>ˆqQVòÛŒ¢‡êëIüÙGx¥”‹V|»évºÛ]n¤±+Þ{Éövå‚¿ÖÇf3té%mÃm¶Ù ºÐµñ¦¾C°ó‹ü9°džô'‡'jfÉ ÞûŠ6;.N¬³Jæ5¶6®^[+dí·¾–kŠ'b„TÏŠ¢ÖœêÜRmGû÷ô*WòLË/È#F>+pøm£4y>–Ëåk°í€¥ÊùBVn‘€‘[åM ùHóeé¡É„«D:JO‘ü)e¶ð¨ç|úaØˆ?[b¤m@„šÈ7YOeD¿™CóBÏë>² c:š7'e2x2öÕš•ia0Ô…™èJ*øùŒAcW¹'ÔL}MÇÆ8\.D<Š*åU?ª(5ÐnÛ©…ÓþX¥hÆŽÄÉ µéÿr~ñ¼3Wcß*¨ò]¿Fé“•uõ²ïfYSÞÑý7NÇ}þÊø8N†D¨×Ívs>cj¤å»Ûè\÷ý.Ä×¾Ô†Íâ‚¹¶®‘×HyŠéð¨ÓØ˜®fÏúsêž@„©¯_àÎ:uÓË„}hÂ7rWþ÷ôÃ±ƒ8fN¥XSnaÌB(oË ðé¾'H+*¼û%èÑÆõ¡Ïé»žî&ËÔî» qdÈ¸Ÿ0PÆ’#ñ’”˜m–Çü›øQ2ªvÞ³¨Dß•·AòáO³õs…yòe±ßŽM¿Ú8Ú.úOÂWV<.ŸEj¿sÒEþ–BB\ •2P+TÙlÝÈÌ{RsØ:Em¸¡ÉX ágmÍ˜µ{ì;c„÷/NN3HB_gT™¶eaŒ©ºûŽ¬/9sþaê[µÙ›ë« ,{;ùåœÆ¯¨ñðåÝ°Ÿ"U)µæ&—ñ`íwTÐ,…Çhã¢/*éb$e (¥r˜.ÏÜú;°ò»ÍÅY¡¼Â-°eN $³*ŒYnª|L¡--€F°P¡]A=@|Õ«-MïðO`RT|ß±ÿe>€SXN´s™_°Ç´ßûfú%“d?ÞEa±à¨¾Ã§P*0Û¤SÉ,E2,©]é¿sø»g4ã0÷õ-Ä»Gê€H`¯ïãÞºmµ†ŽôL–¨»‹sFÁ|žFŸ\œ‚Q¦\°†Gäú¾ /…ªÖÈHnþŒ'–ˆ“!±U\+ÒÉŸ«þ¬}8e¿ƒ\Xäh”½ºOøËª'ÙñHù¡yR|µã\ïçãã`3²4Lã º“yßTtâÏðÝ!Êwiô' £AÔj££¥9ý!s¢$Ùsƒ#Ãpªl·4ƒª1¬ÔókL`–«9©q=Ñô“C.[¶¶{hcJyXÿoÒ»zE&2µ|™·öÈuJbÐGÈ¹$á9G©+~ÊcƒàùY¨Yýº»’ñÓŸ?räue©2)Ðåß’%m¸L«Óf,#1dp%0/þs~Yè/ƒ 3 JÐŠ®dÙÍ†g˜Å[ËN©jz¯ñ!6ÿŸøê÷„>IW`(í¥…lÖ9Sv k±rQ‡NÜ|Ïùûg•ˆe,°r5è|ÓG^ô q˜]eoi'ÁKYvá ä7n&> ÏÇ\XêÈy œ@ÝÃ¯¸½©$!éZ‚8¾4×¬ÖÆa€BwãUeD¾Û–³ž'‡Œ¦Í¤[¶}SÛ„ódŠ|Ô‘ÌõŸŠzÇýs\eÕdª©RÃ{ø™à¸m2‘Üeñ>â1y(&‡7Rk“¶äœnŠi“R2žô2×ä£iŠ®tR}7_w=peÞíž1Ô“E5\WªpMíŽÒI,ôøÊ›„àuN¶¦Y$HrdY7nµ0l·UWh7øf ×Ê€VLç_U±ñ8ðb#4`†šaB<~N2<j$AMÃ‚ºF*46Ò!?772 Q®2ê@7£.ôÄÏF=¸ÎhA£ Ü`ø`~ž``¦Ñî2ZÁÝˆ6öl•ø•¼™DvV}Ðdâ¼KlFÎGÂäï ñ‡Éƒ>VJÎÂ?æð¥äÎçóÜ½\à“ù¢8y¸3YŒŽPËèŽú÷]¦2³vŒ}þÒŒäÛw§ |8á*ý!8™ÏýAúƒÂ0…`)%¥»ÉÅ<Éå©ÅÎžÑ¨Ñ£j×@²Ñ²ŒÐÀc°»i²$ËNî£òÅžàÕ¸Û‘ìz¼’]¿ÀKˆBTÇ©,îŒS…Ÿ©†¨šgøJ¨ÆJ¨žãÕCÔà“›šy&Æù4./Î·›Æ‡iJ¢ž#1DîÈCnRÐ_J¼ŸŸyM¯Á§ÉÞ„2šRÕ>@#°m7@¦q#d#¡‰1 `4ÀèdÜ}ñp â@c3&Â$ã¸Ý˜ŒÉN0V´^‘<Îe¨ÈZ‘ÉyÀ,ÓÔ ¿”¦|!š¾¡úZhLÉ˜º1Mò¶êÆcÑH««-Õ{e©Þ!1;Æ(ö.;ÅÎtãîÑš#ºË¿+œ+yJ^ˆ’¡äÅfÜ½&$FÙºl ÅýÂ|"¿ýeó}&?`Ük—y-hÐ4›ï™Ð€ÏêhLM3í˜Ú¢5£·üC»Äé¿¯ŒfE=ÓêþÿåÉœ%bNqDJk£¡I^Ý^5ÄÅ#rkÞ+ù½*)¡u¸¯1‘oÚ|Y\›—Wó÷\µÕu¿iÚÅïb:aˆs>,.æcÏ-Aƒ{,cÎÚÇ ‘ñ8ÙSo,G#[ CŒèež…áÆ*ô2«a‘±0^€'—aQŒWa»±Þ46Â!cü`l^çV~5¹¯¸Fï#Â×zü¸lòÜ0ž‡·WøIñê±Ô°Æó7h¯\†Ÿ¢Êq"÷ïjçbÞG~¦CŽÇAOkØ‹A ü.žßCÀA\à4íÑ–íÑF“¾ü c&Nlh¶»/qxÊi=ÊO %ô_¯ãJ<×/‹Ü½ å´>¯ŠÎ¢+§ %È34¾Èsè¼k„Åâr"Åc1ÓkÊi“È½ë@6¶Cœ±m»ê»px ½0ØØ7ûÑ÷€YÆAôýïÁ½ÆaXj¼«ŒàeãÃª{Ýì.”Mç°ºb†dcƒ¡œeœèÊ4ù†Ñ}õØ?Iâ~ÝÅ/º&§êuŸÈÊ©Ÿ@aÔå+¦p ªpµt¬A4ÝÉüuÚ”ß‰á/Ûx•b‘w©tchmQaWÂeCþ;ç8.8_@+ãKô•' ½q_¡éž‚1Æ×ØAßÀdã4Ì1¾…yÈ»ÇøÉ~W¯igeªÒ K•“.‚BHö9×[¸ÜŸZr²½PÖQ<~SB›ÅD5Æ,™"§Fœ Ì²÷Z 3ižO röñß"¡-xÊnù-š+Þ)Óý*¡»„¶ôó7§Ék…˜ÆŸh@5.‚i\I –I¡¾©@3S ‰ã¯YxÄM´,ë²é†j¥ËÞ ~Q±V^Ùyðk&‚a&A¢iUë9ó2yG\¿âòÕ•åyA73P^f5y5å,×‚ÅåÕäú‰)ÃâÜh3Fö—Ó6beÖAë‚efÇÈ¬õ¿Êl{¹ÌF(³1ÊlRMfm¹Ž-³ƒÑdb»…Hþû8±Û¡HéÊj6Å¦7ƒ$³y5‘uåúN.¬ˆí>> êE~‘ý‹q×¹¦G›TNÛË— oƒú¶…³]Œð¶ð(œgfõá*e£ë_ewBÙ!Ùì#»¡s/:²Áº€¿•Íßãz“<-§œæ°hñBf íÈƒæ€Í&C£ì«8;5Âæ?gƒ\„vâËª^s9$‹Ø›KëŒÁD‡ÑEû61¯˜½Qñ>¨x?H3ó¡¡YMÍB¸Ê¼zšýa€y-\o„aæ ¸ÑSÍ Ì5‡ÛWŸä‹ÐT•©rãÔ$ñó8‹ª½E$7‘íß#!{°ñVAíÊ/}UùûcoÂDGõðV—Ñeô†Rzãe›DæJH0Ÿ«V[3çÝùö)~;_>ZJKŸEGŠ•ÐÀÚó‹ £¢ŒÑÈHDÆÁP-:ÖýæŒØ21_jb¾‚«Æ:œ¯bŸ‡ÆæÈ57BsKÕ™5ÿù'œšË-ì²µ) \›ŽŽ6ñ%ô¦‡õ7vBÞø/ÙÑ ³œ›9 ÞŒþNNÌQ£¹UÜ‰*V Š» ÃÜÛë8Kß€væèlîƒîæ~èg¨z£?C•ÖYÓéÃlÔ:÷_´ÕpBˆN´µåÝáqÇFµžÄyÿªõÔú#Ôú(j}µþµ>ŽZ‚ZŠZZŸ@¿üw[Êl×ÛÖs³ëž0½UDòt²ûú¶©3çEZ#®9©Ü6#¼[\¼Ñ6o’‹7¶8Ú¤Kùê˜¿b#Î@+ó7lÄïÐÇüòÍ?a¸ùŒ4ÏFßZogYÕšÐZnÓñ×bµSò1´Š1Î:Ó]Œœ‘ìbÌäŒÛª1.ÓUìUÆ™ ÇÅAR\<¤Æ%@½¸Ð(Îâ¡]\ôŒ³ o\JUÇ§rËöxªiÝVngk=Ï~•®¿®æ+%“¸æÓ"ý…MàJÍˆRÓ953J%_®Ÿˆ×â0Â‰Ë+.Òâ² n\-hWšÅÕ…–qõªÍ¸uññ.µ4¹}ô—=GEô æCI¬ŒÞ¾î÷(;¡cYôŽ2h? ˆþèNñA¶è]âƒbÑÙâóñ]ôÝüÃV:—g¹%tnWJço…«=½vÂR.mµPÈY$„,îß;—‹Þ‡€¼ûù‚nÑÐ =„`Zôa„8‹.Aˆ·è# }¡†E—"x,º!Ñ¢!$YôqË¢O $[ôI„‹>…jÑ§Ò,úBºE—#x-º!Ã¢Ï"dZt%BM‹>‡eÑUµ,º¡¶E× Ô±èóu-º!Û¢/ Ô³è‹õ-úB‹¾ŒÐÐ¢E,ú Bc‹®ChbÑWÐ)¬GÈ±èŒÙ7",º ¡©E7#4³h1Bs‹nAhaÑ„\‹nEhiÑm,úBk‹†ÚX´¡EËÚY´¡½E·#äY4ŒÐÁ¢;:Zt'ÂU@èdÑ]èv#t±èë=¼ÐÍ¢{º[ôM„Ý‹ÐÓ¢ûpì›Ù¿“°•¶Ä$Ã¢ûÃô-\w„èÛCã0=ˆŒwÆÂô2Þs‡Ãô}d|à0>Ó#ÈøÈa ÓcÈøØaÓOñ©Ãø,L?GÆãD˜žDÆ—ã«0=…Œ¯Æ7azß:ŒïÂô{düà0~ÓŸñ³Ãø%LEÆ‡ñ[˜þŽŒ?ÆŸaú2þvÿ Ó³È8ç0Î‡éd\t—Â´2XÊ Ê`$Ì(2˜ÃÂLF†â0Ô0Ó¡;#ÌLdÄ9Œø0K@F ‡á ³Dd$9+Ì’‘‘â0RÃ, éÃfÈÈt5Ã,µFí0«ƒŒº#;Ìê!£¾Ãhf ‘ÑÈa4³&Èð9Œœ0ó##à0š†Y3d4w-Â,-F«0kŒ6£m˜µCF{‡‘fÑÑa\f¸ê±Î£K˜uEF7‡Ñ=Ìz £§Ãèf½‘ÑÇaô 3OY?‡‘fÈ(t×„Yd\ë0®³Èè0…Ù`dq×‡YCÆ°0ŽŒã†0»#Æ¨0Œ1cl˜Ý„ŒqœŽWyo±›ÑI‹¢œž`±‰nú‹MrÓ·Zl²›žb±©nzšÅ¦»é›é¦o“ÜÔí²›š¥¸©;T7u§æ¦îòT+:ÛSìOµÂw{t79×c¸ÉyÓMÎ÷Ä¹Éžx7¹Ð“à&yj¸ÉÅüb[y'ÑMÞëIr“÷y,7y¿'ÙM>àIq“zRÝäCž47ù°'ÝM.ñxÝä#ž7ù¨'ÓM.õÔt“Ë kú˜Å>vÓÇ#Ñ®Cb±Omšòu‡dFÿ ”Ì>ë”“ÙýƒJ2;Ù?¨"WÃÿÅè_Ê¾ÚJð,v cÿtZ„øZ3"Ä7‚˜é<Éy¤?¿‚Á~$ÁÈ„7¡>ì…ì‡6ðt†ÐÁ`8L»ÁW4¾¦#à:ÎÐyð7] éó„Ò¢Ñ=$ž~H’è×$þEj1•Ôcé¤ kBš±<Òšõ#ØpÒ•ÝJz³¹$Ÿ=J®ekÈ`¶…coÑì2ž"·²?ÉtI!³¤42GjLHíÉ½ÒÕä!iY*M"OJw“Ò#dµ´š¼(“uÒëd“ô>Ù*}EÊ¤?ÈNY&oÈ©d¿Üˆ”Û‘Ãr_ò‘<”|"ßBNÈsÈ×òò½¼Šü"o&È»ÉYù0=/B/É?ÐJùòßˆçQ$FÑdû[RÒ3™¬ÔgŠÒ1‡©J+¦)m;0]éÁ¥7b?¯\Ç”AˆAVCÉ<ÊÄñ,Q™Ì’”iˆ·1K™Ã’•yˆ‹XŠò KU– .ciÊr–®¬D\Ã¼Ê+,CY¸™e*¥¬¦²±‚e)ûX-åâ»¬¶r„ÕQŽ!~Ê²•S¬žrñV_ù5PþB<Çª”5ReD5VY51ùÔ:,G‡ØˆùÕf, æ"¶aÍÔN¬¹Ú±'k¡°\µ?â@ÖRÎZ©7"ŽaÕ[Xu2âtÖV½‹µSïF\ÀÚ«°<õaÄ¥¬£ú»J}q5ë¤±Îê«ˆ›X5Äºªåˆ;Y7u/ë®¾…xõP?d=Õ£ˆŸ°ÞêW¬ú â÷¬¯ú»Zýñ,ë§–¯Iˆ+ÔÙ5Z2b:ë¯Õe×jõ³Zs6Hk‰Ø– Ö:³!Z7Ä^,¨²¡ÚµˆƒØ0m®DËFh“Ø ÚÄl¤6›Òæ".d£µÙm â26V[ÎnÒV"®aã´WØxm=âfv³VÊ&hÛ+ØDm»E;€ø.»U;Â&kÇ?eS´Slªvñ6MûM×þB<Çfè”ÍÔeDÝ¦'²ÛõdÄt6K¯ÃîÐë!6b³õælŽÞ±-»[ïÂæêÝ{³yz6_€8„-ÐG²…úÄñl‘>•-Ög Îb÷êóÙ}ú"ÄûØýúRö€þ8âÓìA} {H±ˆ=¬³%úVÄRöˆ¾›=ªïAÜÏ–éï±Çô²Çõì ý+ÄÓìIýWö”þ;âßìiÌþŸ1¢Ê–¶ÂÀ¥ÙHc+:ì9£b#¶ÊhÎV-Û²5Fö¼Ñ±7[kôg/‡°‘ì%câxöŠ1…3¦#ÞÎ^5æ²õÆÄ{Øc Ûh,E|‚m2V²ÍÆjÄX±±žm16!–°ÌM¶ˆo°mÆ;ì5ã?ˆï³ñ +5>Gü’•?°rãgÄßØvã<—Øv“²¦Évš ˆI¬ÂÌd»ÌZˆÙl·™Ã^7›"æšKÌ1æsªyÑ¼Û¼TÎ‡RØ÷>èÉ¾Æ¾ëâe7‰V¶ñF‡Û´q°lìocWÛØÛÆ6vµ±“llgcksmlf£ßÆ&66´±žulÌ²1ÃÆ4“mL´1ÁFÓFÍFÙFAZiãÏÚø—¿Ûø«?Ùø½§m&óG„|\Å'œø¤Óð¨ŠÇ\˜ƒ*¹PÇ]ÜëS*>íBœøŒM8,“ÏÊÊçDüó*žÉ€Š#²LµŸÄT<å‚OdŽÊø´Çd<îÂ œ5Ó"3èÄ)‘9-äŒC2~QV¾äÄY9çœ_–ñ+N|UÆ¯9ñŒŒç¸àÂE<ëÄs*.)pFÚô KìVÐÔŒEüQÃLõ¸áF’)3†¿½+Üf˜Yh«5’á(˜Ô±Uß¡[¨‹«Z¤=O™]fÂÐ# j3PÌŸÇ&¬*²6eæá¦Œàòùºó÷ë4ô^#¡`†Ý®™EŠÔì}K"dŠLí ™U MŒ¬Hõõ £wøi#…+×FFÂ¼1OÄvèá€÷èÁm æwÄýþHlO(Öý[“I2öwuu<Ô ê¦Q,Åí\‘@,5‚¦Ñ«@Ù¤ ,²*–¤ÝÂz´ßO}CÑþVY\Kp±|i(2oPPêiÚ¨Àˆõ¼GG(j¬IEzŒÄz½'LŽÏ3nçÊ>·~9·•#Ô`æº ¦zFß°½]0U]&á«õxö®•»‚FÜÅ¢IF‹˜HUs†¤YhJGÒˆrró·Úbšqÿ*’Nc{ÊHšMÿ—ŒS£•)ÎÒ@ÅzCÉ‘ûLè7Ì‚øŸêi#&Z˜Óò°EY0‰àâø¼">*B'*2,So¯N.°‹”Nž+ÇPm$}*(8\j†Á…A%"Õ“‡×ãZ™ÈvDôPT¼¼y4®i#‹'ë¦Š¯Óö]±T"h´…$B&Š{á5çˆ˜†·áV 7a•†v¼YÃ[Ð¡a5ÖhX‹unF§†.¬×°5Ü‚·jèÆ&Ïkø¾©a³L¾¥áÛøŽïòˆ¢kÉ}¾‡xë»® Uú4K…{£fCDßf4d…K"ú¢†(bâØ®`ú˜~¡A6¬o[,ß§Uì}.«/1(Æö’ ~ ¡A³Çä˜Ì> Ik£†hÌlªÒÃ¡=F¯†âG~ŒŸhˆˆ±Š[ÌzýÍ3.RpÍ¸RÅÏ4ü¿`*ÇÂŠT(l™gÂ°Y£ý f¬AÃ/ñ+Òñã^¿Öð±õoñ;¹~KÃM+éößóx‘qÈóËñ' !leƒÜa$’äq£?c/{[ÒÔÍT’^ì5Èû‹ðTÚ%iAþ*S'U1y=Îÿ&s×6Ãˆ·ÐZ;×ð¼Ì ÇÄ¸Õ¹íÙjš+/Š&å¸íÜ¾_.í4c30k=í¶Õ8ÎB.ˆÑ9œ¿öEÙ&§Ø!/§+Œ)cÅJžd—ÎøiDÔV1-)åh}(bÄRRPo×yÏª¡ùÜ‹½åœ.iö¥q}þ¦Ü£%¥#[å-Ë¬Ý`·¶<³öF»µ3k+FÖ,%Rw 7=Œ¥µŽ²C¸¿Öáx•TÏ½òÿ¦Ý€C9üZ2W¹ú˜‡ÀÌÊ#¨Æ“pã)6™£¬eÇØ³óž`½:Éº’f%9ÅŒ9M×ŸÁ/á~œÇË¸€á"^Ã³JžSfâ’²ŒŸ›Ýx^Iá¼²/XÙ<ŽW¡«¸CÅÌéWp¯Róo†ÐpþÝÅÿ>K³»ÿWëoUÿÍîv§cE Ê"E„íX <[Ë ²¸-ê–Gñ9¶ÓÎÎ¬3Ób}¾ß¯ÄÄÄÄÄ˜c$Ñb4jâ>ø7ñwf·»-ì6âSæœ»çÞó»çuï¹üù÷Ï¿ØO4lÂà2Üƒ!!'„<"äQä1 E«8©¡§„œrFÅˆgåÇãBžÐð$žò´ü|Fˆ¡bT…©a5J:a©Ó°%ã*&4Ü)C[C&5LÁRVá ÷TTT<«ÂWp[Î±-7XÕÕƒQ#H¤ÏÊŒÎ™¢7l—-o:i^¤‹zBµ("œ.ÞWK¥qoË»«µVøzµj¼ ×àåãV˜wƒÐpMÚ~wº»°¤ÉÊ1Û-I`Ï6óÁf½®Ðâ¸ŸÙ³ãÀ‚È³³‘øEý¾cÌã-[wQA{èÍŸ†Õéîf¯ÌÒÝ•5é“nEçPºð/d³6K„6†Î—üNz¶+i>.RÕ{ÆŠÞgq7__›Àû Ä¤ðµ“Žq6…ˆ³/·s»éNþ:B¹BžÊ\’Q~DLH\HBHÛeNò”“®E’t;·èÆ2‚wx¡×N {kC„Œ‘¯o™é¡¬»*éÎ&¸»øØë°w×°Ï9NÞÓ »ç*Ú#ü2ØÊ¹Ë‘ï²Qéž&íÅ:ìc0‚}œéç*p.vÂ¸Š½*öñ_5xû¹,Y³‘k´LÏ:E‰Ï!ù}Ý«dÖC„“qŒ/Úµ‘nUWù’&ˆßd~@ü*!È~‚šùí#D‹oK%®`™¸õ‰¹hA¢³mË•¾ä/ÐG[ú’"M%çÐÁAÛÕˆ‰×ÝJ»ŠÔOX!£9Üvº6ÉñJÎaÕ%< h#‚q{*ywüÞ¤æ©ä<™ŸZW˜ïÑF?^bnVGücTøWôXø%ú.ü[>á«‰˜Œféÿ“pwáQícŒË03} ÷ã4ß g8;Â¿Çñÿ¦0Š”ˆr§1\Ä8w²ñ)Ñ¾‚ƒ¯QæN¾A…;ùø~¥†$²Ë:þÂq×]cØ“Õ„**îSÁg6‡Qñ¿Uæ—[qCâ¬%ýÝ•ƒÀLu0ñW°¾/‘b07¤]¯Ïá®KhëkÁÆÏY™Q€ø^dPîd1Å”ü‹üOÑËœ9Ï¹‹œ½Àrøfdt ñk¶ÕŒ¥‘GÄÒ£ü›ÆVítl¬¼¤œ€'W‹¤ïÒð÷(Éãxm}ŠŸÔ¯rùº²ý Gç¦€-û ï˜ÍhÿW‰[T×ÿ=™ÇøDÅˆDG2è€*¸†AGHfp«fž8:›³¸5‰©1IÛ$Õ4KkmÒDMij4 XšÍÚféòïôûÚôwß¼7ó?Ë÷Þ³Üs~çÜsÏ}|ýß·´â_6lÆa¢ˆ•#Ž„Œ#bNÊH‰9-##æ£2Ž‰ù¸Œb>)ãÇb~RÆSb~ZÆ)1?#ã'b>-ãY1Ÿ±â9Ïû/Èø©˜&†Ÿ‹áE/ÉxYÆ/dœ•qNÆ+6,À/…ìU±zM¯Ûð~eÅ¯mhÄy+~cÅV‰åoxSÆ[6´àw‚õ¶ÐÇŠ‹6´ã¼ Í¸dÅeÖã°°ù®Xý^—„â¨P¶ÕÓÕãñK¨ö º"ÁØˆ+N†c#*ÜñX*Œ¥w#•Ú½ƒB[yt»;°v¿±Y' é,¿ç±žÀ .—ñž‰—U’ñGšÛŽ…Ó›$”:vJ°¸ãÃtRéÇÔþLtHM‡"äÌŽ]‘‘x2œ>ŒoK¥$lvLÜà‹'G\ÑøÉp$tJ¥\¡ä‰D:î „GbÁt&©æ¬ˆàé`èp_0¡{©HÑJ¢;I¦š¦‡E=ÉR•¶Ñí÷å÷ÎÎ²Ôd:Ï³2 Á‘°¾¨åµBÁ„êJ©¡Ažpok^ïÚÍAlóF‘N+®Xñ>«… Áæ9Ré0‰(tó½ÉxT;ŽiüìÍòrNBÜ“s>Ó*ý\`}ñ„„Q¿OBóôÉ(bÉï£…ôý¾¢‹Å“Ñ`$|Rnh€•)¡¦Ûö«G¨ž&Sª u‹ÓÍ,â™dHí ‹C,{V EÛ°Ò¾ž¶c²bLÁU\Ó„«u¡‚gf`kWKŽõ§I¬ÁúD°*ÈZÝÖžÓ7˜kÖµæ˜³%ïäºæÖ°èq+ø³à(yƒ‚wÃàéöï¦ÁÓÍ Þ§‚·(ºrÅŠ¦2épÄ¥ Ùr[¸Rüt{¶xûínÐÛëuw z4®‚[¸-aFxú{Š(ÜÁmŸás_àK óLÖ´:Óh sr&ÌÜeÚöekíï–~O½§k°K×Z2ioqÆâQØýž\xúí>o`P×n(PQ]Á¯à+ÜU0(VÃð[ñ÷pøàVŠJû«„ú"·ÁTÁ¹»*¡nªÑÄáPÊ¥_Û9ù:7mÊrÃq—wÀÄµ%ÖÚÃ){,Ñ`üMÁ×øFAlÃKï‡ÝïËBÿwy· oVwæÀ5©à;ü]Á?ðO„Åª¼ÞÀÐ!5”ž|À“Sµû)<½NU! %â~×NßeØ Ô#™`„íož¹=dÁu6ü…ðÀOo¯hŽ¿‹<öŽžðˆšbœÿ×ÛRÄÒjÃRm¡Ltƒœ°ç>Âº";Ù5î'f¹Ÿ˜½Ä/ð¸§u¼pªÌä·ˆÔä¶ˆÔäÕÆÏ‹d:%gh´xž¡¬Æ†u•²ˆ~2xÙîS™¡”^,5¯·èûlá‚§;×QTºxúö¹ƒKK ¦ÔöÖa5¤}ŸÌpìíŸ+EÑ’_9¢¦M÷žêöê2ÒtÜ¨ý²ÐÁ`²‹)²8¼ nÒÁD‚y`Bî©d/l'–ðËn3¿nË8ÿ]ÐMªµ¤Ý&ºŽt‰¶“ö˜ha§×Do!½ÕD{¡pÍ–£œ‡9Kœg8' ]åBBŸC0£ýÈªJs¹]p_qV—Œ£ô<¬×`sVÏ0ˆ2VƒI”„ÄLƒPHTÄ,•QEb¶AT“˜csIÌ3ˆó â¡1iL‹LÀÞ‡ù›{%*øe]3ØŒeüÔ®Çj®Öðÿ‡VlDsÒÎ<¬e€ë°‹×{ÑÁ'¤±G¨‘Á&<Í39Íóx‘Úg™ÁGi½3+”Ü]ñÒ“ù),Z†ÒÎ{L(QÖŽcáyØÕuãxø<ækœENþ Î¢áq,¦–ÝÐZbhÙ %y¥šV³z™¦5ÛYµL¨T-ÉÊóIpÂÆ±—X¶ð·á!vÃÜÄ“ôó…ÙÇçr;Än- 2XÊ–/gÈE²OÄaDòˆá}¹á½QóÞPè½–ö€qÿã\íG5ž ‚ V ¤y³ ¤LøÌùÊ—àu¬+(ÁªîÀNª§PŠœ¡ïúëplç–_ãu8û¤þ›hÜÓ4¦þQÌè°¬ãþ¹4ng-d¡-…Ì1Ê1ÆSLÚj¤©s”ZÊi ä{2,VìÒ~w[±’ìh{µ$–S9c|\‡uN‡ÕRÖ*ËEX•–›hÙS½zkî¬Gkc³Žq OãSÄxŠŸ¡Æ³ÔyžZgˆñ9æÓáÜ'pîŸ9 çÌ~Ñôµàl8×NI_ó¤ô½ÄñeB;Khç¨ñ*u^§Ök”¿1¬! Öäô…r°N–E® –Ó'õ DDÔ7Šª~‘8¦lH]“WÉ²ZXîÇ7 î-Jß¡ü25.²g^‚ïjàj¸…(ŒL™„l8Wš7ˆ¬”óÞ›X¿g¾Òu¢ì/b‹“¸³Êö6ÊFÑš%*4¢>K,ÕˆÚ,a×ˆŠFÇ†]gJ¤Ñï'Ç±1sÚ x!\anß'ìØ?D>â‘Q~•mêŸƒy»?a8Wx1&´°fÃúØ¬P¥¹lJåÿæ1—‹O?=ŽËzýSâè0ÇQoŽ£ÖG!ô¯&C_…™oú-B¿Mèwý3BÿœÐ¿ ô/ ý.¡ßâtOƒ\…²Àgutàsø|_à‹|IÇe|Y-êø Õò†‡uñˆ†Gu<†!µkQ|¾ª£«Ý¨Ú}MÇ×qEížPËŸkxRG.ð õü‹žÒñ—xZžPTÏèø+üµ†g5<§c5þFÇ*|SÃ·4ü†¿Ó±VÂø¶Ž¾Àß«÷ÿ –ï(ÈwÕîyµ{^Ã:6ãÿˆïéø>þI½ûg?À•¤Ññ#ü«o<ûàßtüÿ®áEu¸¨ã'ø©ÞòMüÌÆ™!›{hÌŒ·iØcEÁ« qºÄ¤PÜ]òíÜB´Çë&÷&rˆÇë 2}RPí¶¢§$ÓöuÌ¢“ô½ç¢V¯K&ÒšhôB4ÙÛ'X]½' ™w/h 3EÌw–Ù#X—eKFê½Û…oÍeì (9I±`ËM]æÔ)+eu±ÌN+U˜¬-³ùNë‚édÊv5K;Ž)lqq<½Ç´-B+²ò2v,QÐÂzQPÖÑg[»R)³/½+eí=“1ãÎ§û)ÙÄí½9“´-Êžßeeq(ö¥’=G¨LM8Ö‘èØk…RÏæXWÂ´3)FyëµTÛ®¥ÙqNF‡™¶6o²²)3Z[S±|2bc&nÇTíÐ—“áÍÄ[î‹,çÎlÖÎJ$S=f@Ÿ.3ä&Ä iPK£4irÈÃ*In–#>†>ý`×\•LuEÌ^“}7Möô°©FTeDU¾™©¾HS.†4“DZpV“VCŽJ›ã~CnQ©[1Qén[’§kŠî-*ÑUpîb6—èKiW=¦jÆ3ªßõª¢pƒ–”µ¦ø—.`5ñÆŽfR)+açÎs¦èäBU»åº [‰.›íÉ[]¯®,´ÛLí²Ý3é;«*kŠÃwÃŒ:5èëŒuÅˆì«Þ]¯4ØÉ\œ*;ïèv2ß—”gÒð›½½V‚ ¯ý?Í1n'˜š9ª1v)•(à€u.§E9¸Ž”™ÚÍ*¡®ùl«ç²«³3å$a1ã[××dªð†®¯Ù4:rŸ=1[dg åÚIÐü4A×© Ðõt¯:Í‰uœiî‹Æ“ikòå01ÞÐ{n”}j.«ÏY1mnq'‡z'¶DÜ\ÀqÐw»èÅ,qVÕ’¼ÎLGV3§Î4$§ÏZœ‚`œz;ö¥m‹ •æ²”h±x<–ÎñqÐM•Ž³#òã bb0?â}‡M›Ò+þSNwe¦m3e§ÛbŠ"ÀÊn‹Ó™Žt6æV×Nàô1‡âÒì}ä¤fK&Trúh—ëtÎLwBiÉç»áN&nÛ’šÙÉƒ¾¹]Õò¡SŠí”©(7›¨)ÇÝf«¾¤ÛL7&UØ—UF&xÍ8*KÁ=XÊï–(Ôo.D*\OñTÅ'oBøBÃ‡¸tqõ;Àj«Ù%‹ºEƒâ‡QTæ‚÷ò4ô¢ßVÝW}=ÑO#î¢K1<ü“†øûQáÿ:´†°§,Ðö–7‡}¡æÌÍAuá@G`„‡PÒ¸v3Û¸Ìº>ïeÏåBK “ßì!Ìñ\†—ü÷¡žÁûqÀyªóÍ(sÎêYäèw”ß¼àGh¶ðòF” –ï¶b¶aÞ„åØIßì¢Áu´b1öbyìÅ!®íä|qM¸•\ßŒ#xnÁIô8nña‘†DÙÊ5$ÇU4ôªåÌ~ )?Ý’†õâè?Ÿ™Ð3ðÉà(ÊÛCC˜;Œy ží•j{ m¡Ê!ÌßQ_¤+‚K†P1€mUÁå±>t¡HÔÛ`p6{§}áro0Ø]î;yCWñI”ñ:oá »ÙY\;éA‹êœ¢7ºQÉP/c«Ãõ´môf8ÃdK3Ítè¦i·;–—Ãï %22†JÙxÞ«ðÑÚÛqöÿµ•Ó½ƒÖ¾•êÜIkÏÓÚ·ÑÚ·ÓÚwÐÚwÒÚ´ö]´öÝ´ö=´ö½´ö<}ÿ¶öú²Ö~0›òûGQÕ>ŒEŽW.aC¸lñ–ÐÐ¥?^‚.[ª@á,lËÔÑQþ[T~ùVLè¿ŒY|˜ëÝÌñ{˜·Êœ½!|„¹z73øcŽŽ%ð¼]Ã²ø*æP··ÒØ"G·eÙ¾à`eÛDcÐª¾Ÿ–|Ä—ðó¤|îr)å.hüÜæÒQ¬jÅêvv—êa¬iEˆç0ÿm£fë†i*»¡ÖËÊ]ßy|l¨õVxŸÿUM…wÆ_Zû4J ßÄbV¯XÖ5OccÍÞ0€µ.dK…÷‰ZßdD…ßEÔb…ï‰‡¨tk±•>ñ²>»Xáêy†Êž¥éç ïbÎžÉû1Å¨yú1?M}a|öóì_`ø"y’óÃäý¹?‚6<ÊêfÅÏeÖÉ—Y’ó %=LYQÚ#tÙ£Ì afÎ>€Ç±Q'.Û¡¿Žˆ†·kx[ÃU,8ÈæàçòÎz ÆaÀO¸óWáÐßœþá×^¥²¹¸lf\Þ…?ÎFôaªV–ñµ@cˆ~zcûŽ¢P^ëa%Ü80þòCyÓËÜ+Lÿ'QŠo`!žrT3P4¦„¿{s$/)èHzO!I>GRídI[Hz†’ž¥¤ç(é›S$½÷IïÃŸd+è}YI[=Û†®x;/aãBïI·Š–‡nUnÂ¶O¢”û¦ÐB›C•5ÍNÙüà‚p}nB‘Ud |‡)þ]Fúy,ÁXï±j¾u„mâ»ZüÐQ®¾1±²g¨Òñ¹•ý~1WÙ^§Õ±emß¹xvÜ{üe;G°«nu¬öÝµ¾¥‹ì™ƒ½÷Þ’ _Ùþ!`ærWÏ]…Ä§©÷cJz‘…ûzâ§Tó%Þà?£Š?§z¿äõ²£ÞLxÆô¾†å^ T7Ê‡˜\®nV¶ë¬] _y>ÏålÛ™ÃÞ®Üè€ýÂ¹²]é‹œšþ5×ßÛ+tÀo±¯²@^a¯ø#u¼Åc ºî¸;‰Ýâ„Ž&¨¶•Ý4„†~Ìw6ý˜òªÞîíBÓ`hÂä¹äñÁ+~ø9!Ì+¤ÄæE‘¿ŠRîaosÓ.Â§jN³ÈëBlŒ‡ÃƒùÞ5SÙ-sù(‘ 6D%èÏÈä#øhVÕ-|*&3ö#ÀÞwó —#*¹½ÍA¿?‹þzWýz³¯ìõÄvN‡ëGé(Ž·‡ÊNãÍMÊHuz‹:±ÓÞÚ|œtÛ²É¾®žKÚÆ_dX>áÉÍÌbÈqzòƒ{+fÊIÅÄ<éÀJéÄ r [¤Û¥{$†›ä64Éél~{y¹rŠºCÃ'tåˆO:|ø=6;;;ïžÜÿÈÑ˜Ïd¼‹È 'j8Éœ¬ãæS™¸ÀŽÓ4,d£éQÐÐp††3u,rAoœæ"Ñ,ÎÆb&%LJyÔ2¬Æ9Ü:’É\&å<È<&Gq·nÍwÁ6œÌÚLr·VàÑl²ˆ[Ç°Ýb uÁ(œÌ¤’ÉqL|L–0!Ó*¬æ–_Ãã]K¹_1ã<Ääa&0ù/“G™<Æ=örk“Ç™<ÁäI&O1yšÉ3Lžeò“ç™¼ÀäE&/1y™É+L^eò“×™¼ÁäM&o1y›É;LÞÕð=æïkø†jø‚»Åß\ë«›ïon©ml8ª¨g!ÄLklh øó}u~G5,Ýûê°ªO¾º¥µÕIÅ þ@K•¯É?ºÅ_ÕÚ\X9º5P[7ºlÉ þª@Qµ¿!P{|¿yÁw’/ÔgjÝÒFjÔÔK€ÖA=œMÊ|hwÓú›åÒÈØ0ËÍµ K<æu¾†¥£MÙè%…Y•Õ¾€A,*’8Wá˜ò™S3+ËŠ(M8+7/eÍ C¹™ÖHÚÈÞÐx8³EfË¥Æ &x³CáL5œÃÓèæºbI’••óOYnÞ?däëÈÈådÞúj)ˆè½úêÜîtñÖÊ")…ÔZ;µZf$õÈ3‡‚¤°¾sèôµºuÇU·Hcya‘Õ+Ìóò(Üý…Ü…¼.E":ÝRåv£òFÞ¸Ô ìÎãAmD‡µý-µƒ»w·Ô{ºx[ ûtuvçhF?n•Í(-*Q9µxFÙÜ¢y3KÊi€E‘X¿¹Ý˜Ç‘g#ÉûM-.Ž¨ˆYê„’-Âá‰I=ÊÉöiÕ~ÚIqmƒ¿´µ~‰¿yžoIIútÐJÃ}a;ï£OK$ã¸ÄÚ&ÍG°ÑÐc#i#<+r3Æ…_T=ž“{ÀWub‰¯I®•ÞnÊ¾ÓWTùåIÒæôv´Ðf$ò¡éÑŒ~,ËÂBzjôp¡Î µ µI©‰=~YÙC%=7?ôÙã‰L]…þ¦f•/à§H5ªýUtôæNå1-ÖßP%ƒ!å`n+k 4µè¼ü¾z9vTµ¿yºêéUgZÛ8º‹Õ·T·jHÅ†=1iQ†ŸR4Q ”×.m £úŽo\bO¼›ñF9©*)ãzgbÃ«»òF£J) iHZ¥2%ñ_ @ÝÌô@£u%Ü$4UmÕN½ÌBg^ÐÆé_Öê«#Í¨žùáè.7Í\‹”ë5¾–ó†Sý»8äþªêT»Ê[›«üGÔrrp‡- g6àxÐ€‡àa1 adçäSÚXÞZUì¼¬ý»žRAkm…”ýÐKÙºµB¶‘bädu‚Ï ¡<›Ÿ`àgø¹é¨±yÂ°C;Œ-ûø~‰pØ!.e6+ž‹ÊÂ=TÖË 2Í$ø›››S ¾„:<ºG~¿Â¯)o˜‚©~ƒ¹~‹ßðì60óøžZð“YÖ8½êeÀý¬Ø~oàø£?áÆ_<ÈÃ=»£þÊÛýþÿ0ðOü‹®!séoöqŸÐÌ«in\ÎIÕÀÿá~ÞæU¼Åä@ðn½ËäÃ×¸õ:/`?…ÕË¼·lž„Ýgð„lR9B7Ÿ‹JÏÄÒ2 xŠ5N³ 6kì4jð´%§G\É©eÀ³r$z2éèôxÓ%*¬=ž¢6m¦¿®®ÞGQ8Ó€7d‡BîÀÕyærY²˜CfŽæVlfzVúØœŒôÌŒŒœÜôœtZÖ·ÜËàeeåX=¢L(ûôéÚ';=SuÈÍëÔ!7¯»YfªaÂ;ì®C¶ÙüÞ`wrÌï¹gé2]nZ6ûÍ3³ssÆ¥gÒ_®¿ðÆcBû˜k9Ž7"A\„Ž™ä²_žjCÁž¼£î{Ò™þfõT;öäuß“Bìwîé¢vãï5îcÀÏJ—®Ë2u?IÍ°Ü,ÜÂü$ÇèÂÇ ¹ÓßéÏXqI»¢›>Í€7Yþ“?Yi§w"ÝÀdÎG¨Ñµ KM03|BkƒLÕ|G0¡(ÕÃtl`¥xþkÀ£Lc²—É>&Á~xŽáóL^`ò"“—˜¼Ìä&¯2yÉûL>`ò!“˜|Ìä&Ÿ2ùŒÉçL¾`ò%“¯˜|Íä&ðÞÝ]¹ÈYÁÝõe¢ø³’j¹ü™¢öd³äÚ}F3ßÌfªk»·)j&½°)Âs!ÿLPÀ5BS“¿j ´ˆ5B7=é¶€Þg¤!ÜÆ®3&u_t6•¿œä«3wM%Aè½~ÐQ¬G†²´7Ç-’?÷TÑ¸cºßê!¾¢+þ©ÍÍ¾•á\P çx>ÿ¤ÓjÖF5J[ëêÈžZ¡ýŒHìQêXN ?×'ÿ¦ötTÕ5r¡ã«®.om¢ê¶¥…‹Ûá» ¾i²KOt´Ü`QÒ| Ñ° ÜÛaÄÃh§+½€d»è?½Ò²MÕq;?Ø’S!D<žï«ä*þ˜â{ß§øã’{ù±”üIÅŸRüiÅŸQüYÉãù²Kþ¼â/(þ¢â/)þ²â¯(þªšï55ÞëŠ¿¡ø›Š¿¥øÛŠ¿£ø»jþ÷Ôxï+þâ*þ‘â+þ‰âŸ*þ™âŸ+þ…â_*þ•â_+þZ÷·jß)þ½â?(þ£â?)þ³â¿(þ«â¿)þ»â(þ§â)þ·âTI~Àä\÷HŽ’Ç¢@Q;¡Á)dŽäí€mÔ@tuJa)!'jLEWÓ¹„¨$T¦Ã(Úë’Sv€Ø´uIépÀBˆBFƒö•¬IKÞ¶â”}0d7Ø+vƒ£b'8=Z;èÉô¿¢v‚«c7DW¤ìƒ— ä°àAªhX?DÁñ0jÐ ‰ø7ŒÐ0{É€§Ì@ÓöF·9-N&ì$Í5´£wÆõ³zWxÜ;!¶ƒ&ô”¦µCŸb"}7€Ž%›ÀCí¸’T²Öo–`¾=eôk‡þ`4µÈÖáÔòÊÖ@jÅËV¬\uêN˜oßÄó˜{È·§îÝko‡A˜ï vTj;Îwxí^G;ñÚC›<ú=™6¸ úÀY0Î¦#9‡6{.$Áù@¬†±°ÆÃPWB9\‹a-¹f,ƒõÔó8®¥ž7Ãyp+\·‘õp5l–KÏ~ˆ#†± Ø5ô”4(ÄÆjØ'Jÿ ûÝÚ[º5Nf¼ ñ€jëü‰£âeºŠoòN8,w@“¡L‡PB(„âå‰í¢A&“+Šh‰³É÷‘;î§ éûD-b% h#žÔÝÉ©·ÃÐ½ ÑaÚôôH(WvžbMÑAˆ<þ0$Â#ÒcÀläÓM´ÎÎ{ôªM ±úFXPh{ý€é“]æ~ ãÿÙùÛK×¤|6*™6‘ÐÃvÁð€›ÀUÌcâV¾Ñ¼¿vÑ‡o•“÷‚X¾jrªat?€’³ƒs/J®±”˜=”tûSÂ@Éu$¼%·¨8RÃAÎ°}Åâ`¢Öv×Ûad×»þ! ÿQ'Ðw¡º~é€4Ò<¶FÑEO,ÁRÕÊ·{íæ®’˜YW¬Àæ-Ë5yÑM`Þµ¼ë}Í×*yr,rCJª;ƒe©)tÉè&§Ó}›¶âŽÞSòíi¬ÎÜ¹¦$×QêµwÈ«98dêÉw¦yÒTc‰×Ñ±•6z]¬ó ƒ¶¾‚.›Éo¤ n†{èÎ ÙÍ›þ/7ÑïÈê{:â`=”ü'RâŸEI%ü”ì+)Á×Pên¢„¾‚q=õ¹‘ø£ˆò|€k?Tj8TÃaDõ0„¯-ÅãpSTäsAdý?@Ó:;©ƒ&¶|–¦®SóyP§v5Îýê¬Š±DµJÓ"œÙ”ð3Ë?³‘ágæ5ÏÌ•&,:MXŠ;#ŒÎ‹R-C\Š:G*'I>–P®,M+IëÈwvµÓR½Z˜³ƒŽj%œJÇÅG´.W|íêFÊŠ·¾œÜ¼®óQ¡.zá<è‚xJéäŸñØfÒsRJ¹ñ(ºûÇ`_¨¦¬v"¥¡etS/%~9õ[‡^yTÇðQ<*í‡ô·%ÁÃÃŽÂTIa¡:=-$†°Ãë”Gâ(•[×ªûYFI.«˜¤léðjåPk=hÛ ·P^P>Æ’eù¸ <ß’oÃÐÃ$ó¥÷p8#`0í!GB.-¡¡„>5yó1àü¼”%m}è|™ˆIæm‰fn½“=Úa¢œcR[²g²¦˜J`Ä%{ dÃHöL³Ô…¤žnI°¤3H:Ó’YÒY$m<ÅC Ä²/µ¤e$clGZë˜kÙ–[êy¤>ÊRÏ·Ô,u?R/´Ô–úhK=€Ô‹,õ1–z±¥ö’úXK]i©³Ôñ¤öYê%–ºÊRW“Úo©·ÔK-u ©k-õ –úDK]GêzKÝ`©-u©—YÒfKÚBÒ€%mµ¤'‘t¹”Iö¬°Æ\iÙlÙ ±7©´K=b0úáxº„`4N¤8›ã¨–›S §‚ÀG@Î€f,‚U8NÇÙ°‹á*,X 7á\Ø‰åð Îƒ‡ñ(xçÃÛ¸ÞÇ…ðVÀ_x4ÀETâƒñ¸‡à±˜•8Ã‰èÃ¹¸bi«qúq9«p)^†5¸kqž€÷à‰¸ëð>¬Ç§°ŸÃFü›ðêñ'6‹(l1Ø*ïÆ(8<Æˆ·ÅÒŸaÐÿx[×?V ·‘;’‚\Ü`ÞÜl&ÒIòv:=ÚL]Ü4Þ Œ6H9¹lîÞºœ=[Í>OÍ>,åaˆ^O¹:å!ˆn‡¶^ðêv¸p‹mKçý *YD,Måþ¢MgíÏÍ9˜«føH}³UÛ'ºTÃÛš>iLß]tœ%OÉÉ åCCrÚó%A¹ÉE;\zÜÄA¡5Ê/J1„ñb0d‰!0KKD‚\g PI+‹1>[ršÓqÎ¿ÄtÄ™˜§6´Hú;7“D&j!ëÌ9ûì÷ùöÞ÷•³/œpN±=AXØ€;‚\vªHÊß]rÙD ½A¤ÑD?nR‘ "[ENÃž J±WrHÞ}öKÊÍòp‹†[åá6 ·KŽ;äá>)/?Äy8 âÓAÔá3rù¬ŠÏQ½*î”ç»$Ç^¹ÜâóÒôär\¾¨á^ù{P._’Ü_–ËW$÷}*¾*`dLÒLm²2Ùd_úÚÄjq•@éª¾tÖ6Óö&3•³üß[øúKž·”9ªÙÓ“±²YÏ¶-±~ÏE7®[ÓF±U^&Ê—§Å$Mž åÒd:i¯8?².mÙÙn³ßjÎZÝ¹LÒÞ×œ³“©æÕVÆ1´¬a“€oU_%P¾.™¶Úr½]V¦ÃìJ‘\3ÐmõÛô3«âkþÈ¶)°0²n—¹ÇlN™éÍíL2½cÙ¹ÉYºÑ6»w·šýŽF¾žŠû–“?×Ó‹—,m^•X}M›e÷šÙÝŽÆP¤¸%½ßÌdËÇ“53²µŸÌ ºÃ²;öõ3•§m¥²<-×eg,+Ýí¤(ú~ mÏÙý9›¦,³×qI³ûò†fDÎu‡@UqH °—z,ù°ž^K.™ê±2n†ÓÉ¾æ–}¶Õ’Û¾Di§ £ç´Þsa¬%i'Ò¶À¬Hq)Æ]¾=™JI£…œÍ*’Úm-‰†«HŸ‰¹"*.!H6öå2ÝÖI™¾ÊÄz÷®Íìµš¤:Ëñ€Š¯ëxéˆáWáj¢sšŸ¢BÇÇq½ŽN\ÏTéx‡UêxGˆ$â1¾Ê4Š®´ÒVÆLI5L†•Ùnv‚ëx«ˆiòLD<ˆ×KïÒîŽÍ¸ŽU·HÇ“xJÇyR—49ÿulD/›tÅ1Éqœ§¸ŽØ¦ãiœ;ö°äíuôí¶ÒÉýVFÚXãhX2]RÒ$ž*S b"æ©ðtè8)Î¸Í×ö}™^Ó.Èëø&Óñ,NÈå9¶™x\æõyÃh•®èE»Žoá¶¯ uí]»¬nb¬Ê!`‰öI^ïMï8ãT(:GÏý€F%PÆºmï¶-{\/âÔ³ooÆì˜ÍÞ”H4…»ÀyÜ]ØÞœ:š¾hè¦šL÷XíÛ¥õ„¬¢®Ð}î§¸–Ítw³¿ßJ÷,.Öí¦íL&“ä¤”‰©$ÞµÄî[k Œ{*Æ,¹ºûriÛ*;D m äìnIwX‘)efÙoÜÌ²¹®¬«¶:’(®·hg>•”•Þaïˆ|¨³Õ2;Ílk_Æ÷RsFÓÿª‹há»a'ýÐsøPƒñî?Êééá‡‡Gö(îkñ1,-ÐãÍ§Pº¥²l„_¢RË(ŒÖ|”ƒ(‰.EÅ®+`z¦C‰VV£j³{/äÂáŸ1„H!"‡Æ$~Þ£•!ç8Œê‰çmae‡éø ùßææs".Æcì³<Á@†ˆ¬'ÄSÄêQtá1w7qŠpðÊ<•Ãÿ.æ«¸VÅ¦ºŠ:… ùáÆ|ƒóïòZõæÕ>Ì¢¯œ)½‘ÍcVÆnFxóûíDqV³¶€ç‰Àa:7‚¹Ü_ÀÑ¼ÆÉ´÷‘Uþo‚òû¤`ËS°ehGPŸ7V“76ŠÙ£¨•ûâ¶^äË}›Eš¶^¤ïN¶e¼ƒ îù•ãÚZLK*¡F7Cßv¾Ú/³‘ñóÎ}…ÐÐ¤»§P·…¹Áœ¶ÅÃ˜ó…|º~ õ[Xøó¾SòuÆüµ1%¤„üçÎÛBÆù#8?®FCJXÆ;(ç7C(‹û¢!ßqZ«gÝgwÉ‡c¯~ÈYð#ócö»WÉñÞ¿Æ’þ)Kîg¬Ø×(óKJýœ˜ÿÃý•“†jùÆõ*nïBâmÌoQqcquŽÇåõ1åüiãìŠZÃèŒùj]ï£§ Œ{ó¾þ½ÑhÊ·¦†FÙ¤®¨óNŠû€ïLc¯s‘hÈ'{Rc\©3ÎÊºõ:ô†¸V*™îhL +qMÄ"ñ’J¥MaÅR%—VBª_*ŠÂlÁ‹€"H ŒoÞ˜Ö^Ælùa²Æ;‚Åñ`Hù ¼Œ_ÜË^–ä/Cº¡=Š:Çµz”GaÐƒATÉÃä—”6–KM‡p±ü/ —Æ(šcLŒÿ€_„Êm¿DÏÁŽqBþ44ö}éE"äsìúwöÄürç¨*ùUI˜(¿CÂdƒxP.ÀäuNï|¯ú=Ÿ÷ Nñ7ùü`{x“ÝþˆâOlæøùÿÊ™þ76È°Ë½Åúø'zð/ôâß°ñÎŠ·9³ßÁ]ø/îÃ<„wÙlÎ²¡ŒáGÃ áÁ³Â‹—„? ^åÐøµÐð†Š€ÐE¥(3E™˜+ÊÅaˆfQ!V’Ú&ªÄ›Dµè"Ç.1KÜ$Âb¿¨w‹Ùâ¨eLõâ°˜#¡ôQ1Ï±‰Š1bTuæ¹)ä?Ð½Š9ÆT’8ÆO}â’;‘ýD>ÿØÎ`®¨×|K16He‚—ýÔ©Á)K÷Ëã=n€pÀ ê¡¶)1QÔØ)åV\·©ƒå¢«f¶éß YZ