í«îÛpki-base-java-10.5.9-13.el7_6Žè$>èìx¸K»÷Cnn./,Þ¦æf>ÿÿÿÐŽè7àL?à<dèéêì í Dî ï ”ñ ¬ó °ö ·÷ ½ø éü ý þ % ,' È' ' d'' g' P'ì'¯'r”'0@¬°(38<õ9õ:G¾õG×8'H×Ô'IØp'XØ˜YØœ\Ø¬']ÙH'^ÛâbÜcdÝ2eÝ7fÝ:lÝ<tÝT'uÝð'vÞŒwß'xßœ'“à8Cpki-base-java10.5.913.el7_6Certificate System - Java FrameworkThe PKI Framework contains the common and client libraries and utilities written in Java. This package is a part of the PKI Core used by the Certificate System. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\Š.óx86-02.bsys.centos.orgŸÎCentOSGPLv2CentOS BuildSystem System Environment/Basehttp://pki.fedoraproject.org/linuxnoarch PõÕÖbÌ £”!& #-+,).*)&##"!81;8+70#%Aí¤¤¤Aí¤¤Aí¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ\Š.’\Š.ˆ\Š.‰\Š.\Š.|[!¥T[!¥T\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|104e693105a0f33323a500b28140eb73edbddc312c59aff2af732bfcbe4c468394551476c6e1669c47fcfc7410317b2cd505bfe5c3ecefb1e74fecebcf90f871b2df657063377311c021e0fd7006b3ab5ad93e365860dc3ecf68ba0078a90481fdd8d5ef0c8813c633e77997d6dbe23557a5112937962d5ab7b1053de866027b643b71cec56efdc737a20687bb05ccbba40c3481b2c0e100ccf53331e0fba620/usr/share/java/commons-cli.jar/usr/share/java/commons-codec.jar/usr/share/java/commons-httpclient.jar/usr/share/java/commons-io.jar/usr/share/java/commons-lang.jar/usr/share/java/commons-logging.jar/usr/share/java/httpcomponents/httpclient.jar/usr/share/java/httpcomponents/httpcore.jar/usr/share/java/jackson/jackson-core-asl.jar/usr/share/java/jackson/jackson-jaxrs.jar/usr/share/java/jackson/jackson-mapper-asl.jar/usr/share/java/jackson/jackson-mrbean.jar/usr/share/java/jackson/jackson-smile.jar/usr/share/java/jackson/jackson-xc.jar/usr/share/java/jaxb-api.jar/usr/lib/java/jss4.jar/usr/share/java/ldapjdk.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/java/pki/pki-tools.jar/usr/share/java/resteasy-base/resteasy-atom-provider.jar/usr/share/java/resteasy-base/resteasy-client.jar/usr/share/java/resteasy-base/resteasy-jackson-provider.jar/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar/usr/share/java/resteasy-base/jaxrs-api.jar/usr/share/java/resteasy-base/resteasy-jaxrs-jandex.jar/usr/share/java/resteasy-base/resteasy-jaxrs.jar/usr/share/java/servlet.jar/usr/share/java/slf4j/slf4j-api.jar/usr/share/java/slf4j/slf4j-jdk14.jarrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿpki-base-java apache-commons-cliapache-commons-codecapache-commons-ioapache-commons-langapache-commons-loggingjakarta-commons-httpclientjava-1.8.0-openjdk-headlessjavassistjpackage-utilsjssldapjdkpki-baseresteasy-base-atom-providerresteasy-base-clientresteasy-base-jackson-providerresteasy-base-jaxb-providerresteasy-base-jaxrsresteasy-base-jaxrs-apirpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)slf4jxalan-j2xerces-j2xml-commons-apisxml-commons-resolverrpmlib(PayloadIsXz)0:1.7.5-104.4.4-54.19-510.5.9-13.el7_63.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.4-14.6.0-14.0-15.2-14.11.3\f©À\T4À\Rã@\À\U@\½À[Öö@[{þÀ[l,À[`O@[UÃ@[>@[d@[Á@[oÀ[@ZËUÀZ´ì@ZŠ¼@ZÀZxG@Zg#ÀZ.s@Zþ@Z ÚÀZñÀYûÀYè“ÀY¿µ@Y·Ì@YšË@YoIÀYl¦ÀYG¼ÀY>‚@Y5GÀY-^ÀY$$@Y"ÒÀY¯@Y#@Xô®@XØþÀXÇÛ@X½O@X*ÀXR…ÀXOâÀX!¾@X&ÀX2@Wû‚ÀWÒ¤@WÎ¯ÀWÄ#ÀW¼:ÀW±®ÀW¨t@W{¡@Wu ÀWgÚÀWV·@WV·@WV·@WV·@WV·@WV·@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) !"#$%&'10.5.9-13.el7_6pkipki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarjavaCACertClientExample.javaCAClientExample.javalibcommons-cli.jarcommons-codec.jarcommons-httpclient.jarcommons-io.jarcommons-lang.jarcommons-logging.jarhttpclient.jarhttpcore.jarjackson-core-asl.jarjackson-jaxrs.jarjackson-mapper-asl.jarjackson-mrbean.jarjackson-smile.jarjackson-xc.jarjaxb-api.jarjss4.jarldapjdk.jarpki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarpki-tools.jarresteasy-atom-provider.jarresteasy-client.jarresteasy-jackson-provider.jarresteasy-jaxb-provider.jarresteasy-jaxrs-api.jarresteasy-jaxrs-jandex.jarresteasy-jaxrs.jarservlet.jarslf4j-api.jarslf4j-jdk14.jar/usr/share/java//usr/share/java/pki//usr/share/pki/examples//usr/share/pki/examples/java//usr/share/pki//usr/share/pki/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnudirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)C source, ASCII text?ÿÿüý7zXZ áû¡!#¸‡,àûiïþ]"ÌkÀ%ƒÓvz×ØûIRG¦6"i°l'u ¶fl.dø8/çÏ’d¹ÛkUÎ¨ÿËÁÈ;õòu¡ œÜúðr¡¾ ½Ì{E#Á4}x:R^bjDâÌþ7¡‡xp/6H‹¾`HÏ ÷´p‡ˆ„˜»w+KÄÜ6¼¸ ]9ÑµÎø×2‚ž3eè,Ç—áºå Çm Æ:FªZÉ²Í÷Æ.\SƒÝÑ…†÷Èín‚‡©ë-n*sÿ€¿îZ»åÓgŠêË¢Ò¾mA¯ä¿†U.ˆ‘y¡ÈpLgEAiå=IZ¡’Ux8kÎB‰L]˜×bÜš*tø¯ï9š¦•0 ø6»ùý›ðÃN;Dð(íRoÅ²“k=*+œÆígª'†ðx±L2íË“çXH@t.¤1Àœ"|~ÓßT>JQ…XêÿÇ’°2Û: e¿@KzieÜ¹øJ=m°øî%(}09Þõ*Ø_ŠøaËËë.$£e<’M51_=ÆÜ¥…9ØâE[Ìn!ò›l¥wl*mÆ?(ÿ’;ˆ(}œ“>]2Š1´-B ÅóÐTÐÆ&&º hâ{ì;C¶y›çÏwŽ¯Jj¥ô„ë7e4}Üç©CòùmÆYÃö*£"sMe9XVÏÎçGëeäÓ0è%Åàdâëß>yaÊ:Ó¿™Úz" Õ+M¦!ñ3büõ5lÑŽ?äíëÃû‘…‚åûQTŽ¶g(óXz'6ù>õ#ú9Fé«ÉõËøbÜéŽHÚ{qzZ¨º‰µ×Ž6±M çE,î&PÕÿÅñH„±>+tdƒ—šïù%×|ÓƒdNwx™ñ•Æe1Ú¥±3rÜœ× }EB}ÛÏïš2 9·´å–õ¶DX1óãÄçÐ•}ÆNÿ¯ö‰LÕ‹<Î`¹ê®ü Œ~p¡C}Âñ¹sÀ&†ðÕ'ÜEyÉ3ñ)<ÅEvËhUÎ.^…OU2ˆÇ‰Äš³N‹§ˆ$ ðãŸ™³TÝošHòÉ(ˆçæ´m$ŠfÐ—˜(ª8IØk5¬†êüXpì¿æ×oýÙFO¬o .ps%^»°Êí(Ž\“K~ï¾!C }&g¼mãÌ‰Qú*å]·sˆP‡úl6CÛ<Õ0ª~8’)èÃª[,;¦¥_ï Á =€8-¯Oêúm ¿ãŒ]ü¤”ã@=pm#µŸQ2„r‰ædØ‚µîVA=íÕººÊBXàHê5jŸTÉÕe#ÒÉŠ•©‡£XkÁ·oÝPl+8 úE…”ûD×ÊE=±·\4û"BF=•t Ñº¬ûÚÈÎ”™JHÇ÷¼ÉGYÐ’h7Cxó¸ ŒÜŽ“:LÇHä|5ïáVoÁž|-NfR¦YÝ‘ßá[GI:(~CÑæMn‡ðç5Wør{g•»0¹!WnRŒ!ù`¼ƒ¾Ï¶“3{U ±.×ÓpJX˜ÖUÞ‹ñÈTsU–u”9)~õCÃb#sýjgÂ*f”ÜÙ{À'oO`·ó P;íGï×óìéPUBÐvÕ`Wéå¡]LÚÐ1^(ExW%ö”p×`ÇHå-šÒx¶m^y”—T3åáÖË‚›ÄìÖæ ÑåQÍca„M5®N![”v©#q,&ê=%F§òÓuD&¿DŒL¹ƒÛZÅ<ÖÇ;KMkìóœsz‹‹ G%šÓwª Î©pÊ-ûCßXSœrøÔš¡„ËOyÕà›gžôÃ±(â×þcC©<¿UÂé†ÖèDë= ,Î~°Öl¿h7ûu™@ÈMôŸØºËÓy2AEÇÎü0¥ŠŠ`ˆ¨ƒmà~0þ*Æ0ÌP‰ ÿ©|lq-f¥ è|¥#WNúKÞ%I¶AßEæ7’v‚®Èü7xÿÎçìV ©·Ñ+:¹)-µ=…½ša"KÅü×I ;-Ê?î‰nt;jb”tßÊ$Ú¶µð³Ù§ÿmÌcb‡ys?·®´âKELúj#ñŒÂµ Ë€ãQëä¾£îÕÍÃ|±Y¨«ßÔà%LUõN¡¸Ý†ÒÈÌ`•ùÀÒÍÇ×VVi_íÕ‡ÅsÜ$‰+âîO4‰ÚÀØÂöœ…À/™«§‚ñÿ00tà1ä’ñÞ¢Åªù¤áNXjáç¸ÚúMïçÙy¶8…R¹ë†“‘d"~XüRC¬x¶8QšzìM‰ûEÁ) Þ”½ä¡'ñC³8¢Ó ”kœúrº>Ò•ÕLöþhÕ|¼Ù{]Ý‹‰b¦æ@HµPÁ/¤a¨ ŒŽA¥× ½ŠÞçìF2$³‚RÑÌdÕýY²øCÚŠðI –SœsH™ Z‹‡ct.(ðöügÏò2l†¶µA}äù·Ê|å9{úOcÄ!„Z»ï šéH0°>¢8F£1gö£`e%S´*ã— ³/¥§¹Â2—V~( ÛÈmEhðž2Tì“HX;‹h¶{^3¡r™z«e²A>²È*ë¶?eü|†ú-Þ}¶Æl[ìÁµå>†+Ò7µ£DÔS¼Ì.&3Šyóƒ¬ØBKT¡Î#Ê ßÿ¦mwä¿ÖÛxF»D¼É{·jÓ“ñç4;ÆÚ9±=O¹Öâ3‚ËävJ °RLhw®5”ø¤»:—já“ ñGž¦©4úM(÷þe¥sÉ"{óÌ‡PªèåP„ ÚOqåÚúD'ýö²<Tåg+úpýHŒ2ûõ£ZÑž*ÒÂ®âÒðÎàq‚ðD±§Ìo8§°c/cüm÷ç:öo³£“¦*ÉÞìÖ$Y#ÏÕÈ´"¡P»ÉbÉ¼’_Uƒã?Ï^Ýƒ8Vž,Ê®8ŠL°f´ïC)‘w!€&T ‰àYÇÚl=×ãQP"¸ùÀ $ÉÛ.1|ÐyÂ3Gö¡ÒñÕ°ôàñiÖnm¨ß)hf¡Äq”æSšxM¡ ©ám§‚>© hu´H&&¬Zà‹mÑY¬žšú0ß+ýa™ÅÈÆ¡ã^oNÞÝgÈ?¬à+æ†›xÄøzÀà'~¡r\>Ä–\=ºÄ=|I”®E“4=Ë¬°C±)þUyû oœ;û…Y i™uéÒ›1'a Þ¤®u‚‹ÿ|ãø!š0`lÒ|e1±ºiZ 5³ìÙ¾ªa\uIßÉa„ÕoØWwT§ÑÓ à¢ýCš¡á×AjÉÏë™à½ÀÐCrRõÜ€J.0}Hl)˜ÏjŒæ·k®ŽJˆÛÍ_5W´B2ÅÀ2Å±ATW*ÛI®ã'ïà,â€ MÆÀn:ž&{éúÊ¢¶+¼wf–®E–;ÔÍ.ØKÍÃ³Œð«©õ%9â…É({Y?8L*Í`ò¶¥µÃBÀ¢Y8x¬LPvJ£Éç}QÔCnZú BI®"Mƒ‘QÖ…V:‡Ü(`˜v‰VM-»´…ÊÛ|TŽ·L*¶óQœ…mêö÷AÉÁ£L)õ°?4²&ñÌkÀùâ©:.võŸ½lå )¬¬°î=#ø*˜pŒ}çôNª.¯¤—¨‚P•$¸†SµÙ¦Á¨’Œr³åÑ¬Þ''—“ë¿Ì3ùñbÔêÒèåÁfÎí2¢LÇÔÝF¤bþçaÌ ¹Q¶¸ž'RË0ðÏŒçÄ*IøÄatt+Y2}Îô!a/‰4úú™ƒ èÔ2é×§éN%ï²¶UŒ{†Õ8è“]¹6‰€°w¨GsìòFxè„ƒ[^ýt1yÐ±Ê ¾j§…Œ=C… €ªù„¥‡Dû²ÇHÕø„]«ÁBÀ VHZ‹¤ÙÕW®BSêÎáÞ½Ïï•õ§ [mœ?<›Gh$}H-ƒjãÁ›¦4¢$‰‹z“G¢Y÷½Zâ@]VéÊ¡61ÔÖ×îº¾í¥ô¿ã$#öÌÙ´Fe>ãŠ]ì…i ópüj_Þi$Qg‘Á1cÀöžÝ£NWíÆ.K|¼ô?PË³Ä1}Z†¤Š½S0_8]ÊÁ™ó¹Yqïý¯g("$mv@‡ø^ØSÀdÔq½¯Ð+×œLˆ%nôJ]’•¨Ê¦!Wæ4Âã€pßëì&&ô`ö`U ÁsÂem,#Q›T~Ë±déoJ:ê’Q#©Á`‘]‡ØäÓ¼(è÷)0ÂpªTf¸ÂöŽ“ŠºhõÒñ¦1âÃv÷ls35àÊ#úúžÆ¦ÐKÆ”¸ü8>ÛBý. èÀÜœ Zf‘g‘k~µ‡Þù…Qˆêí¬<Ë÷…êð^ù:oEqÙÙ|÷ëFÌß¤Èª{nûñõÏg¡<9MQ«‡„¸šAHQ¤¬ÖÛ)h±eÜú[K?—"QŸÎ`ê./#[±ôÙsQšÂâ‹o9<ñ8=ß™¿ò¸ûc,!ŽUÔrÆnédþÔèêõsÑQñ…èAvÃw}rks›|~èN£½I~ÂøeQ¸[’VõÁm{WÞ–™æD‚c¹~Ô“»Ë4ŸkØîà~àóÌ§}ó 9 U4øÓMË‚¨ËÈÕO)·gÜµÅZƒ«ºÛ¯•ý¡ó¶°ñtŸÓ^¾ÐÊxRXh’C˜þgP5r™Ý¬ãñÊ°gåÜþàL9˜µ¿fn¹¿íì¥Žþaÿ¦—^ iäÉÿŒKÚ…¾°ËSP5cþ>ƒ0ÍÆ1¹‘*ÌÀAÀÔ§>U¦ôk`çSÂõc‰ÆrQßÃyXýšèo$3=ä¡Ø]ËoLÇZ/mGv¡ºå‰WÐ`Új_båñz§¤Å€X•˜wn_±aü}ó#Ó(cñv¥Õg³ßJLîÁÜ¯»‘øÆ¿'·Âew!Ê%OÚ¹ŸYØXÆÜÞÑtIûUjw9¤r fhH¿–º#ø}Ž1 PcVáËw#Œ~D=RD§.c¹–˜1¥À‹Æ´ÉžScÕžÿÖX‹7Gúó5‹ÜÙ\DÔ´zCñ®‘¨…èôÑCð t†_§*~Xiá¼…¢Ÿ§Ó/œ—ÊÇò˜opHÏiÝ0Lþ–B¨Ú;¹òë³¤ÕŽr€Vva}\ÏØ„Ñ¡è™Q|Ò íx£ŽõEœ|J‰ûW©©¾}É•á¯C‡1,âµš6¡eª²óÄÐ…Õ)@U³]2¶èYY:ªo{Í¾PeÍÕ|ùE"p£‚wÿ‰Ãà` Xôòm=37{hlÉ{$ÃIúk¸‡Ù1qUDƒöÚ¶AcôT§·JNPµùU²¬Sì§¤hiþŽû\ cý,ô±÷ï‘§‚¿®&Ìf5¡úhn“Ù‚ŒÇ©ºÛ‘àÃwXu1úMæÿ.(Ôkè¢ÛaN0 m‹¹ÉJ½Î4~.-^<+Kø—5á c˜1*õ ¦Ðƒº’* ÌgˆX\¸ü‹ >YÜóè–.«áªØvhÕ4¦–¼cwQüùø1“´–HôR‡©Í_Õ1?³03T–¸à…CƒÊ„²G*Z!–ÎH¡EfëÝ 2HëPŠ)óâ©ý}@,ÛÀø©¥¤•Å:–Ÿú(¿É‡pE+Â.ðÛŽ÷²½áÈ\-ƒw¾^È½îK#PaJé¼míðcÃ)%^?6,%”@’Ë#í»ã¡p’é5ñ]"AÑx)».ˆj$«€pÄbýõý°Çô,á'Y:¦<Í»á‚•ßœWM "|Ô)7ÌOG‘ºÌ 8×5™ÐhmÇ¡©+{˜Ìš±#½£ò#“]‚_Éqÿƒ&¨.Üë”f4¿ p´À9èúÀ“ äînÕÎwAK(]˜}¹Á PrH„’äï0âö©*¬t{˜G6u·ÆÖÇšb£(˜ÒÉ.F¬†£JXÌl€ùi•D<«œ¯‹Hç°âfXV‚:6”ø˜Ñå†4Và¸tŸ«é£8±ƒu1õ:üÊ)t+2ZX®9BJ¬ÎÎÓ’™u²ŒiS®h“…{÷ ÔÿGJ`sZmÑƒ%˜â“ú/@n×í¥Ô‡‹oŸ¶2ƒ¬ý[ó¤1†õ8¥I³S¥ûy½+Ë³€5QëQ¢—¦]FS`rð@Ã®'·&®>F&óþ–:—t3â™7jÃ¥&È^›‰bÏ‘>BáY²ò)ö^RRÞ*¼Ÿž]SLÙ K( ûcäËÇ“ëø™Ëù#ÒjÙ#$ÆejmN2üÓ¦ëaýàÍ:Ð‘èM›¢õY"®¡€–÷H¦DŠÇ ù•Ô>î1ºýnÊ¦Õ³Ã[ûƒõEý"pÆãe‰|/ìö#^Gúµ|˜&Onœe–mÀÌC2?ø¡”ó©J3¨¶ ¡×Á®Ã0¼mlÕÑvbˆub-s3õtŽµÜäÿAIù% z³…tHbc€ŸŽ@ ×?âŠu%9[Ôpý®ð] ´Öÿä¯ýyY°e–:~{þºÈ'êêÚø wåæáñ‚W†WfÃó/5…hM/S+9ü)ž, SƒÙÔZšÆ)lCÜå‘ìCj`=š¦Êº¶¹O<Ž+,¢jÛÌÅ*÷lËë‡7e:[Îòeã{ ¥*þiªë0Dä^‚ÝU63Îm˜(U7}K^öÍ·$'1©€Ê ºŸ‹…¸ù ¨”Ý]^à´Ñ0%ÑÿÊÂ7§9A.¡ïBñ\jn_v»¥ãÆ®¹tè7ãJÉç8ý³,ÇÀfÅ^EsksšyPã¶Ö3«õüÝbU x¶u¤L‚?\-ÎŽ]}¦"d%èí ™~þÒËÕmÄ’Àƒ»%¯xŒHj,ƒß×s%pLÆ/áöyPÖ[ ¥g] áQˆâd`;23>Ê½ këéÛºŒVÄ(ž½$¨‹n]ƒ4!Lm˜ëÙâÓ$áS@Ù½ªå¡§kb ¤M0/åŒnK|É×îq‡ÿŸuYG“€œHÖ¡Q’`xGùà„ðRUKû›¥jëè(ùq–/ÑÞØu#‡¢é(Ì0²Ä}áÉ…O[,±c“,SjÂZ6JjòîZôcÃ|Cº†=›‚-ìßÑ‘29ªšX>ÓÃâü æYÆÝÐø¾^Ÿ³{Éõ–!ëƒß+%§PåY#=ôí×ÅY3€gSÃt\wÆC¿¥}²áÆù{òí^ÍðçgƒÉDEé»ß‰¥iÌöT?ëñOçÛ¶s°×dÑ³çOÛ,:îØ®Üç®¼œZRæôJlRèSÑ¿Üß´dÖñWeºL’µÞ”û¯†•9°Riß[Q4äz¿‘(ðöCTb Ñ?kÿÒŠýÍ@¡qJü¶s9ûX·™5P?Oò°í†R:d'3LÇÀœø¨T(Ç¥jLå z þwoSð¦µŸŽ=³m’Ä>ã¹C}(Vñÿ?½4B8¼NÝµéß»ÀYsÿ‘L úgÝBd…"rÞ¸FÃ”Ý0¿K¬Ö¬÷1 púË>Qó{¯ÀÔ‹Ð”³“4¢÷Û¥+ø“äâ¸ÿdjÉ³Ñ¾|ïúÎqg~£ê¶KÁàÑe,¨å½É‚:w?t@´æãÑoz$û…Hà‡“ðÀq%*–ŸZM~@5§ïd±ñS9Ã–É MARoö$¶‰U¡«T‚ˆ×üÍÏL¡txêËÎ±TºS²âWŠªT{ö.vxæ5Ë0;Ñ<p3óŒélæ§NUQ_ï·Ìc]ý§1ƒ#…˜®j%H-}rèNRN&Ô á![XBæ„Ö#2áõr9 §þ"ág¢ r'í€ÀÐ‹Ê‘9ÌÝ¡æÂ†²$¸¾bèE'¶‹eô¤©¶U_9Û?©›÷«bŸþ2jGÒ¿Q•ÜJ¬'ÕHBWTã¬ÚwÛŠƒ§Í€Ñ.ZèÊvmF Â˜Ñ€+Æzj6/iýt¿×z#ˆÅ>÷É"UÅb¥zê¹æm¿…¹Š‹ì®¥»]q˜ü,²/ždã‘-2¡Q‡N.Où³¹XÑ¬_þ@åäc´ÞE"&‡r±N ´Û¬…ß7È,Œ³š™ówNêºa`ßûÌx~ƒûšwbSîV/I»2|ÿQ¬ë:U/ úš…ÿž´)ˆ$œŽ›ö±ù} :P‚R7Ê/Ê‹)‰üÛ~E%"ÿêä}ÓÔ [²„ùw8†Ð-m^Ãï½NºÈ—h¶÷¬Ÿ˜ÒÕÔäéw\Ó¹¯D´”G¯4˜þ¨¾©1¹ñKé•P[¦Î¡ü9¶p ”îÎ;a6Ë’ò‹.ù /ëžA#9õômèÐTpî™éšøMÃÙ?ìCòp±¼îŽUÛÈí:ajÉ`¦À‚Ç5y0Ón.~p0¶.où2øÏýŸü§ÎOAq_~Î1Pÿ´MïÎKCƒ÷‰uøCŸÕ)Ñ2ËÌ2–PÓtèWFñ ±›Ü¶†N$Rí]Ú•¯˜ ¿(WÔ(±µ|ŸIËûv.Vã~¯Ýe:°kÿxÈ’ýD=—’:°‚*Û6b1–aC ûÆñ\Ç "Î7rf4bÐæÎœi®‚†[×Ñðp[j™›Ó—Žêñ,f’¼|•Æ%š®‚å4P ÉÌ.½÷ÃEÂ»7Y]j8_µÃ\´®ÏžœVr À}ŸÜ*©-AðWƒ € Ük©Iv”›Ùã§¹â³J!JG’7Å-¾¦g³]¦V“¹©—'îò:z5œeR’Ú~ÝwÑhíÎïÚkÉýÉdö„ô‡[-?ƒ2'ä`´bazehË£%'ë²ÛRG'l}Œr*è’™*uôÕ¢”ŽÀŠûRø:¹otêÒø`6È¢…³âOþ¾vâ— 8ŽfÆˆ0ŸË z¬d¡ÜÑ’À‹¢ ‰þ Õ/0¯%Í1Ïtk\mÀÇ/&Œz´þ€€¥(xvYñ¼Ý\tÖ®þým|/êŠº’¥ )~¯A†•³Ù²î<´. ùhi:àsãÑwFvž°W<ž&/èëÔÅ5½BÕî¶€@~h¢R…€O,g»>–°p‚-ÇÈî'a#"MßäºÜÂEæ5F]:e9ÒÒ@5,D³Ü}‘P¨#ýÐ?½Üh_²¼A›nú¼0[ ŸG}{H¸¯ÎÎ>{F6Èý7›Ž4÷]´í´ÞðjùCÿÃ^Ê‚¦ÛqÙ›1´Ã wßÔÁm®âÜV_$Ííù é%cáÂ¶Ó¦?»‰–õ¯,¦aaÝÆõMõX#@AYÛ@¬ãž]u.ø&U%º£íZ‘wy¯˜¸ÖC*¢×#ßüí‚âñ9(Ç.e³³è &wîÂs·{K†.vÃ-ýH"ƒšÉ†0Ut€ÔÃÖ$5 7îâàåëOÇ~ÒÂPtâf¿EšlÙ·î—¯¦Hqàys)ZÃÛp¾NœâˆáàJË–‰äRØü7Ù]…»Ùu´ †ò„…vŒ½É*À0“$×Îº¡àÉ·©ÍmµÁ`úççðD¬_ª{Ý‰`ùka¸°Å† L‰5—Ñ÷s»ñ¨Žé“oR\<’½Ü3cÙo½ÖÝãtg+“@½q’ÙÇ~ÂýÖnv"ð“µœ£œIQ#¤z¨JbêR©Q¦UŸÂ×h|ÔÝ€«U¦¹Ã™fšÿèWõÞf/œéá~"-L„×mïçpçXì9X^õ¤;]ážÛMž Ÿ¯vud‰k_ÿ»ìiÇ4û¤ýÃ4à$®ÄI–ƒ&ÊbCc²ÄœKøKw‹m$è¨ÃËFã~Q0äÚ\ÈäáXÑ“™?ñËvÌO°)°$Í¢?xl*Ü]!Ëpf/$”µ ø˜¿ö°’i·tÝ5`žÊx¾aJG›¾î”=Ž÷`öô|ôÔ-ÇU´íIÇ¡Oõ·ûïw œ&ÂùA#R„ÄKðè%ÖÎè¨86ÂíÖˆ óeX,´ _¿ôS4’W8®ôÞBð‹~ýðÎcHÐb-e_Ù$Ù3óŠáÀgÌRûô?|K¦ù”u(‘G‘oÏ`ê>Ò¹qänl½ÏíM-nÐÉ"Í1Âž W;$Ÿnù×KOA£à+ÑZô°èfžÚ¹&7±gù[|¼a¬Â§¬Ž*O|¬›óâc!®žØ0I]Uü5¡“¿FÌKE«73á•šŸ”…ÒKÕ L#Zc4™ÓÆ[le°¨zÑ¥vXO¤©ŸØ’`odŸQužmÚŠ)ßÌH™ pšizh´ÅÀ£ƒÝ÷6¬P[BÉ£¿“/ÔÞã9Ä gÕW¹Å4Zµ"R¨‹Å6Ø?!"F°p<Ýãu9s7·¨+ê³×,œ~€ÖfÌ¥VM’t+È¢Ov1ùÝó8§3µ’§jµíDæ«Æ€Çaø¥{€ñ(ëÿVz[„Å¶·ŽcaðuqHI…5ÚTp²k·ÜoÊÏRõ…P®Ípui•r³ù|ï,îwB#©é¿³ªÎp¹Êç´y‘¤W2aâ¬~(bŸN73È`"@kxŽR;èz×Ü+Õ¸ÑÈ1Ü,ÏeB¿æ˜U©lïÙ0xu„å ÆëYðºõï‡!¢¿ç)1ù 1ã»+ih0J…"žoÊ8ÅXä)zÊŠZælÜ…ƒk2ë|â›ˆ€c¹Ò@;èÒä„ú„hÆƒ~W_'{p'H‹Ò0Õ3Zopæ§Pó-Wõ), ÂE*Ó:åžgÌ#<âî¡n˜¡yu~ÿi ú!d¼Ÿxp©Š”¼3hÿ¹\ñuUc¦rÙ.ŽÁDŽµˆ…–ºî“¾£Î €mÐ ÕAÐ}ÝÝ®j ((À·ñRÚ'$¬â^‚Q£Ol¨ezL|Ù$b´•Gûr…˜6ŒÍLlhÙéµ¼¨{dŸi›–ëìRÎ0Ì®ÖÚÙpÎZŽZ6Su6Z…Ÿá\!(ff7˜Js’‡½ë7‘iVé;¤=A*^K^i¬ÑÉûòÈgàEkëžwKóÏ7t·‰^¶4o‡òè“ÎRÇhlLNû‹.ûÃƒ§» Í[¾1(¿a*\©à 7ðÜ`<{÷ÂmÈ9ÉÒäyPEª[Ü2mo%V gWå>ãÕ`þ¢ßŒËÎÈzsø:CSÙÜë×Å•¸9í4Oém+}tR—Ùßßñ'&7A?c{Ê#\Oö[5}O·N ˜e|ºúâŒðú½€PÑè KõŠÏR½Žuá°"áCS¶‰HÇ2z‡øÂ½z"óºVŠÎR@„ºæU±æåÐhpÅ'™Ù{>yf˜¬+ëc%1iXV¡R‡XïQm8UÀ€ó©{SGý?)ŒÄÇÙ¡æ¢´Ï²»"9¨`®£zºd~vf¥\€ÖpU0=Ê.!`÷Ùkž;ô_7»¯'º]ew¦[XoåÉÝtÚ—¦µ+kˆ ääUÛvÑÒ§ýP_XÌñ|V÷”©ÞK=…±JŸnyˆõþ}ô2×\rÊ?Éís7k¹5˜8/àLz*‘c¸QKI5`$F8@ÓâÖ_˜—x1°ñ.o`&—ßlö> ]ÝGŠš¿\CLÎy\‚Pv³=º_R UÁE#4ç[d ö ”ûÜpf×Þ2(*šoÂªC‘MÔË^RÔp©·å Ï¿ÉB“é\ =Eèî2 Tff¦(–&¡páÑ¨|LÐÛS‰iXÆ„”9dœKiäŠÄâž‡˜qY¹3/%.ÂÔ}Q=Ê 9s/5-ÁÿÚFô„ŸWP°gGðÌÕ¬Ç]\‰¸%—8ñý sÿÅîß‹³Çfžò!Ûbf¢K/ù Dúêê> Íˆ,¼ËŠìœ7“We[Ä.¶ŽÒ®@yO£f”—ÿ£îJþÈË‰q³wDg˜·Bë1yýWà2wCKŸÝe”öúé;·Jøï’ Ÿ½yÎÕVs«©-‰UßŽÓ¼•g7ãåy Ðnß[G±ÖÏ«ÚTBoÿÎ3S |0Lã÷õðs°ïÇ„™ÒwÆ ^RHp»H¦f‘èá¼|I7~’Ùtå‚1÷ZÙtû¿ä[Qv¯½‘olú?ŽÑUæ$°cfOÔJ¾yâu´ 8”¼ÈËÄA Ý .ÄMµ:@Ô¡ŠËBžÁñbNGð 5éÔowG(g|CUuÒ9æ®qÞúøWx²Eà¯ó•Xã1fJÁ2„n»8¹5J–t×/g_îùsU¿w’º¼ç‰t†Þâ‰SlJÚy&1Àˆ¤´ ¨ö’°%¸RkÂàÐî“w>žXU€>ª;åæØKâT?·~¦ç¬uÁOµ*ˆø¥Æ3ùxFÜË™Ä7!FO÷þ4„Š}Æ8Mëÿ·¶.Š–aKß©y…jŠGŠ²C£’»éâW<˜’©{ÚÐñÎNI» MÜÑvOø$ÛŠCS@>˜ÿgçtib“–29îâ_´/Øp®1ìã|Ç¾¸?Ã¿yÔl`¼ÿß²@„×Èz…—?ƒRÂý4š‘ãJä<"YscÓoa¥Û€T+ïÏy`“nÂJï)y.ø~¨d°}Á””nåÉ!Êï®°>Úm™êúa…úàltFð÷€H†E·ÁÅ Hßåá'Y‰ŸD`LåP¨Ö•¬ÁjÁ\?dòUÍÇeÓ êJ®Ñú0&w™ Ìx:n£QÌÍ÷„@k'ï¼Ý}u1ùí˜Þ«Øœ™{úpçS½4JÔñS½.u«Æn÷¦øb[ŒVœEÍäEâ‡²7 Ø®÷ÉjÓ àƒ—«Ÿc<Ói&åµJKl7^Š@£öcáø}ùx7®TX„k‡w.A¬ØJC'áüéñÍ¦ì!ý8È‚(š…>®¯cõpA¦'Ð?•°:ª†cRME¶a/'¡¯¶7® É Æ9_gª–O¸ïäá²mž‡$¢Òè—YpÇS¹ŽaÍÉÜÑáúËòLÃ¬·4j©µpÌÉÝhèûm·ÔN¶Úš°Þò‹ãE¥?°¹šÌÍ¦‡’¶ÿqPòÎö"%† ƒ ,Àß..iSYÀ³»Œ:&×©å©õžÊ„Å!a€ÑÏ°PìC¯ÊçË°Ò<)ñˆÜL¤kž²[ó~Ê¦4KÔ:Ï:ÓñŠRM±Ä,m[u²^æ]¨/iÓ5)YM…6¬·6·Ë}² kY–)ù¡ p$}YÍ‡Øˆ÷9cYˆœ ={ Kp&Jú+©)—¾ÕåtdýYÕŠïk§:º–Ý¸B²Œ]~8çõ¾Z)®§¡†SÆeeòS| å,aH:Ð[ÌÄKQhU Cd8]ë ÷Á–¦Ýˆþ"[µ™sÂ¡]útÌ—h‹vó}{ù7k\ôKÇÈžCç½Üp¬ò©L pa—í‡ÌØF£‚ŒH?ÒRÌ3§ée#ƒ}uâgHñ´ ûH¹Ûþ¨L/å³)÷²ÒÑÍÏ*2µBæ7zî &=—%HIe Š,Íœ¤ê*„ iv§<ò˜´ÍëŽaÒ2vFžt}ø^>Ùeb}ímøO«òQ¤¨±hÑµÉGí°y¹Á~=Ëo^-1, Ç£ºwsý€õ¼+s²ÄãV>š}é`Bu÷W¡5´ÄÆ4Õ¶MgåS§àü¾ÙåCº…Æ<µf„€—×íLSéL»«Õ¥¸M’“S‚³Ö ÿ›ßæéÌÎ·õaÏCƒ¼|¢”VP”©UÁª÷hë ¬¤ÃVO ØŽ©ëñÎNôäø–×é`eŸw„ã& •ì•õÑ²‡¼®ÑòàSd!<²µ!]¹Çnw€iÊšNÈ«oŸ¶¸±\Ýý©Þƒ¿@4žiFi‚ìù`†Ž¶:S“~/2Ók'ÀçÙ5„,…U Z™÷Zƒ|šã›1=‹6‹?ínXÒ àÂÞy_÷3Ìs5Û¿— õ“ø*8B3¨]ÁCÕÏ>l:qÍeÛb‘‚Ÿ#kxÞ¼{ƒÙ[Ë†½LBÞÄCÆ¤AmMìDsK0%ðqÑ“ÈÌ€’ì®ºÛÁïÁØ¾Ì˜„ ·É¨öŠ²”À{P}%ã…Åºj[ºIÖDáMb¡ëÙåPL°Ä=;6oÃe:Éq-5ß«½ë––ÂŸáU97["y7L`šÐ™Œo¼×žè`\ËU\ÚYÒ/5“ÁdWË¬ñ%°Ðœô*ÖLõÌ˜V&[ƒ€”wãî¸pKÛuü„DTãÆ¿÷b]ë_€áð¡…É8-EX²³|mÞ’¹¸PK-2›s(Y¦½W={2Þ;«2Ïý'©àABúÝ*J£šmh~«—ËÓfiVÖ›‘÷HÜJˆ5#%8—Ö*ëÃ M, fƒÿ“È³ˆ;þÃ[IFÛšy˜.ÙPã¢\Usµ òMmÀYŒ¥) %}{Î¬'îMÜ ààgîÔ–´uâlE®¡¤Ò¶‹IÎ·)ÛåZÁÞ[xän>Fn†XÒ¨ö(ÎOß(ÃºÕÆKÔ‚dÿ(;:·«L|±&ãårRïQŽP^ —A˜/A¾}^Ý…?:L!.)ð}m”üÉaÕZÉlóGœ]oñ9H¶ÇÚ±¸›}äÇòHhS!iBÖûþiÅ}Qõÿæ‡N!‹ëõÝ×É6ìËä§%™a±EòïEå?šû •Ëâ/œJ³G‡•OÞÆàHÓ.)Bb; TÐ%ó½IõÝQY'ôVžy_Ë|®œpÝðº@RSØoÿO¿ GhÂ8È›ÛãÁM:òa8ö3ÖPñ=„-‚ckjGÓŸþ–PÑ¿àùëžµ÷Ä‹õÅÜž•¹âáT„Ë½ÂöÐXLN»‘fëî–úÎj8Z£`ô&ï·sÿô®”è’Héb`mQI+£üÐÌµ‡ãOÏËs/CñÕ; ñøOéqâÙ\§&‹Ê%¡ôò30Î”ÆaãMï,?j´¼(îNÚ#•þŠÊkb‘½®qÜJ|¿ËoÇ¢Œ7Uü†RŒºsK]ýüV±”N–¥d°öIP¯¢)>Žâ:ôCºÛüŽüwÏ¤}ÜÐX°}¬]=õ-vUP]¸oîën¹°µY…+Ìóø¦©2ón=ì0™¤9Ëª{Á· ŠýÐ ‘18ÅºŒºqgl¡¶nf²víó993…Ê vØ 5¶îN…oºñ¸|c¨ôÊ ¿onÙ(ýc¬yvÉQt`I´C´ø]ŽhluwY7[-@Þ¥00.”Ãýßöï„íÃB\œ<¢Ýè?rCV(ÿé"V¾ð…‹–¥¬VIä½©œâÐˆR$JXoâÏÊd"k¥tŽ'Fw‹SB”VÞQ©k}eÔYþâÁT¨Ñ…J†Ó‰ãi'ÆsÀhŒèIG´Ää5CÚv?Õñ44:Òo®I-Ý–œgn)à4C=‡fÓ'šôÙâ¼ÚžT¤š]8~®Dëë±&à2©[ÃÌ1Õ·Z®8 1”° Q3' …Í\ãÏQÕ…Oï¾«;EæÂËŒ\¡›Ÿo.ØD•I@?nÑÅ©XEmÝ¢ÞØHm›¸ºmÍ. Q$KÏÕ pñPc`K&R`il›À72ágÐ‡þð\¿ÂøñVÌ-u: ©#µï•Pž³ÆÒ’G¯HvöB±;:…b1GVá/4=Ù7æ ¨B…^–i?DÚ²¬Ž_Í¿°úØv£Úþç¯ö«ÊLFûï‹¹ßƒ}©Ì'm}øI—(ÜgÃk<g^GÉ ^TW>ÌˆÉ†ø î\y*?Ð1{›øÝ<„•þ@*çÃz”[æ?ì_¹¸ÈÛ¥_<”Ø‡‰ãYÃ"ú´h/jFíƒVQ~ræý¸ÇÒ»4Ìæ‡Põˆ²]à{Ï‰!NÓb%•ÑþÍßˆÓŽm?ßÛ§üÒ¾ÉÕuO™dñæú>2 ¯ua3FÀþ‘5bnHÆ„\'µÑv3Ýô·Â¾KF*§‡e^Þ©t—ƒÒ§Š”ØFVV¸ŠD£Ýýé#ÛFÍˆŽt…/õ‡[‹?áÜ6HØE_¦)sìF*þ¥&™É=Âù1Ú¿ .®í²û¦=é7Äyy6EÀ6P‚Äðåzj.>Ivè4€¬jÓ÷-v\¯2n‘%"~.»Óœ¿<`àjŠ®k Q¥ÔÝÅ”Òµ{n×pËb02Ü.ûÈ¥SÓ`æò5yî#ªú'ýt¶DÎY£¨'Ññ—ëñw$ïÎoU€ÏK›ŽîZ8žºmî£ÒHr!Âò¯&¼Íó#—’zÙxÂ¥! ÓÁ(,½ÙŽA¥0Vš`Œ)RäUJ·uqß•/q ÀQ¾ûän®þ-“3l³Wj^šì‡G g?ü‡ãb+Ùor³F÷„ÜþE•p îy[º!ˆ,7TúÐ¢†:·ö7ßzJ1ñÈ›í£5Â_’nç>fýÚš´3µcúJ$PrÓö¥«l ±rª3¤ÿ£ç:dò€a¡q€ÂWëU½JKÈ×CÊ˜Äþ‰fÕK]³IÎâ@CÃÔÐ5Ù‘D‚à1µõìCÉºà¨Oó`¯üÏ1hYŸ\ßE’#hÚš ™Èéè<±Ž¢)ðZ˜x¯Éòûû¸(¶~.õ°šäòJu3¼§ÊúÄa’âiêò0ôrè‚ '°œæµ þALÐª™““úÀtÉªÊ»àÎUË| L.DMo²½…@žcœX>ÓÔ9`T<Ìü/¦ãq)|+^À\!ÐŠEëý ´fs¯ê=€lZî÷âÉb¿Wf£Šß2Jæ¯“‰®:F±Ý¯3mwÀ ú¥^âb©N¶”‚™° ¼Y#Ìou'± #;b Áüºš»°à™IÒñS!46S`Ö\k%HLÐÃÍ;e÷âO,2~=U™XLgÄ2)ú½2‘>ãk¾xw¥Sæ=jN°1ZbÐ)Ÿhá‘ØiÓ²Áæð•Rñk2ÌêÅaUÔg¯±+ïS±‡CeE#SReˆ¶“Ã¿c2ôÎÉ‚“)ó–K÷„7(£˜0~•ìIþ6ª¬»x×>¹×ËTÀé¹%ó.édËáâ.$GóáJ72ñpÓh§31l›7/‹~5!²Àªýú5;.}ôÙFÑnr·xËú(ät;äK%êgtœÝ‹Š…gÛÉVGåiü÷ÿŽ@aÂÌdía1)¢UdƒzŸèKu-Ïú¶Ùwy&Wù¸$¦“Lì»¿Ìüœ-±‹ý ¤úœÚH6ø†‡+ñ‰YÁ xR®IÁWhHSñ¬*B'òCf[ÙQŽ°²Plzˆ¸pQHŽ¦‰.èÁôué‡è$>dT&þøîx/ýpÅtú¿äU!"€u!noš22I,›Ín/Pg„~¸n¿W² ¤2¡sp_Eµ¿Í•¼óœ…%ª‚©X¹pŒ®ýzuÃW¦È[Ý}k–¼âf§dÀÇ;Šâ²!Q{NËe›QÆ°ýp.˜äs—¶x…;‚6Ud“áAÞ*ÉYZÝ(BÀ”Ò€ÞŒ|rZ 2ž=ëñFJ6-.È“ïó¾^7J‰ÙÃ-„^ðCáÚš‹½âù;ÂÍgGm”(CZª?Éûêã8ÐÏîU„˜ßñîU„Oø×Ksåe'$ÌÏwRGá’»”¨F!º»gä~|ð «´r'¸”A5Ìú {Å‰±™ÃÑ…‚ê:tu]Y¿lw8x²ºøÿg¹iKÜ»[àËÏ=Q^Vü¢ïÁÑVKÝ“Š¿šíBÀ1^ÙˆJŠ ‹ýåyÓq¹_4åEŽšŸÙÑVÿ#°ü7;!&f¼!( Š)†©~ûTz;ýÄE`(GÀ8!À6^Ùøº{ªñzUõ¾äF¯døXÐÛx1¦,ì$^OžŸ©¥ÚÃt†üv¶85:âd:ÞÔq*<ñ1Îa‰‘¦ˆ>›sÏåè²Ç+ö§´BNT>$ã‘ÙlŽ´ûÿºïK †ºh&jîN¾ ±T[ó-™U)an™.!n Ý÷;?¦–ü9ìIß,R]/ÑåûÄ#ó…°ß¤Ã Ñ®b-K™A¾ûÞËÁÎ Ï¬HÐGA|Oe57ê|§ïGªtÌvœUP60>oúá\úo.ü¶“×îptMü"mˆ Û›O .!3Ö:MzYÔ÷(£šª5‹xàgÓÏ*ÀaîpÓQÑJEXkø4mÂ5zÞCyÆ31úq‡Ëðz[‡†3rq WÞ xVŽËþˆÛl¥pâÝ%´˜V¡ âl‡ÓAz7ž{:«´Ž‰ Ÿi—LÛ§™Wu`iŸƒØU)ãÂ×=E•Õù’øø‡‚¹Î>_‡@£t›š¥\6`p²ß|äµs_©ŸOU©¬8‰ÜT¸^ö ¯wVš×›ç0íÞ!!KÁôO¡š+ä®!aaMx«Žålhõý²?¼S`ÀÏYz6b%ÕNzÆQðí?ª{…D,y V#¡”êw¤ˆeºã¯Ü3¬öÐð”º4HJVoR‚ØoðwPV¿Ýu ºa{ÔY?¯,úLs3î œîUíV«w‡3{©ñòÙüa³ÒŒFÀÒžñifóç½á]ç*LI:¡©³Cr™ˆÓò;4^_gK‹…rEÁlÈ¢W¯TA±†Žnøv=YÕjŠõ«á¹Q¢ˆ bÒ|FÞûý˜öÈ³0Î{¹´¼æR ¨Ä¿3ÌåÊ|Y)Ûÿ°VÖX€±«†ÏºÌª6=Ô$¨›¹äŠÅA2€ °œgûòç®&>kÒ§ºh£”Hd<:}ÜÈD*=I´¦W…<ÝÙ úÁë’ÜEP¬†øh¡Žñ²ìÊmÿH\'H+`Ï®•Ñúq”@¶É-‡*QNÉåuPÅêzuNÊÒ¤eECPŒ†[òÚÒ 6M ¦ÈA/Ý*Aªè¼£` 7J‚¿´âõðxk/†É-¼hÅ¹MKy¨Ž`ý(»›_ñ,M“÷)xc£ÛY¿¦úK3Õ|yiÒNK“èuÌå’‡\j´µHe±ãXÛÌ8úoãÊïôï†ÓÖÈcD#¥V³kÆ½¤ÝÁ*˜©v¢6Üß /y·¹µ_ˆ÷TÏæ€ˆlŒ“¡n3Ø)ÝI÷†eS¶eß4ó›ßÇÿO9´³ý¢ÚQ_)OM5â^œÔ„ùmÔPB•xßLÝÚ|¦‡x(GÏÞO¥I8ÄîE?<¬¸xûÄBPÀÝaQ^3ÛT?Â3aÈÍ€4§òãÀè7LØŸe Ú 5–Ã|º4¡‰ ñŸÖãKò! óá${ùúÕøéÏÖ¶¾u\‘ú°è—È¹„IÞ5–‡(j½ï tèûÝpïõðÒÖÀÂ/ E‚®©ùè/®(zHù„Ò¸&l‹ÌjVzl[õ!N4Ïé(á+ÈéØ9Ù4äêÛºô7ŸP,z–¸ýF€kù5Jïù¥üÒ:–Ö¾‰¯h•½,'çK2ZcÖ ¾Òë 8ª_¬aQ)§AŸi¢kŠÜR’pá:±Ê[í˜Žy© SpQ¹ ‡Ê9Š ÍÌú›lHÛ“vµ-Ç¬ý\åÚ¼Ëó¼+Ûó= { ·CwG¾YŸ3"òáp¢*OŠ¡„Ñ/…„¤í ýÙŠ¨ãKÕ0ä±C˜ÚëÕœ×aåOßÒX{ohƒ–$ù9¡5ÜNÎqÈ{=›Åf[º Å½/U5X*ÇÂ! ‡þ¨TÍ´)xÙ½9–ñŸñ›Æ¹ž@™ñTc-…ÃÕ˜n(*ÝÊkH?as!ŽÓ^vÛ ÐÁžì%äãDk$âÛñ÷j¼ «·Sø—‡IOš¹Z69qìÊŽO|g+ž}~ÒgE{MScøS´Í×$ø(½òÚ‹€’¦ea–â2c,„j&c…f:ï‹Ä¿ùEìåL=Ô”Z‰nóì…X)»U²¬ñ.Þ\øŸXŒ£ïÒñ)È]%Ú÷S¹f~(s¸Zb€öåÜªõÃ|R„Þ &»e²—# Ãy›)–_R 1MÙ¸-ôÈyeéÜô‰™ÚÖ÷@ƒÌú3,ŠTÖBsÊ—\œºÉ\¤¥Œ¹]hR’v±©uvžõ‹‘Ì–§5LæÄÔ=¯tYÇùÖüóÔåQ.¶çÖuø:R¢õçüy¢ÿþUOõjAu+†qu¢9…«¤Á+ Øÿvy*JÒMÇ„UU2"N·žÖx°nó¨Z)•œšlz5&•Ø]Ý©¼.€ŽÙE_‘¹ñœ j³à‹2ÃÝŽóº«÷6ûì†Öm Eº˜œË]µ[xË2Ö˜eÚÔ³:%íåØ>êÁýå1ã§'ršŸ=Æu…í©‰Kère.yÑLf\¥ÁE²Á4.òë~Z¸©HWŽ¬S–µEqbÄöôe²%ôn™ºPÁ.-äN&ý›˜Äø£k–,”=¹åŠõEwÓàõKÀbÿ¢5Œ¥Ô7ÕÖo¨¹þ2ÿü>ë©¢áQ¯Dî& #=:íë«ÏÎ¨Õ~Çu›}U#Ñø©‚¼ëe¶`ÆœÁ©“0F´‚Qiû|¯ÝE%žà8 E›í_Yy5æ÷B‘íl•ýSÀ3ãŒ^ªÁ&·0+M(#á înâ«ëÂÊìƒ±2ñ {Ï–F¦"|TÀ¿=Ø[5Ë¡ã?'Ü2¡ Á´Pï~t^ î=~èê‘xõF*ó`Ì¹N¿Ð‘í‹ºGšÂšÐà©q®?âÇ€sqä„bËëñæÓõ5!ã¥Yšl…©K×šý{j×{TX–T6ÊŒ1'Ó08”‡´ñaÔ2A¥ïÙïô=uxpp…¥®‡‡AÚ`‚æd½ˆÙvP¼,±¯Hðß˜ìôµ®"ø¢«=$ÌNùM ÔkÅþrï?ÍŠúrÊòþTyëœ¸*÷s—G‚EÚs ÷Íe8“¡EPçª½vû‹z(ÆBÖ7¾P^Uý¨ßÓ”òZ^ß<öÐz‘Di›ª˜ý/Â»}àd|2D+3¸Úr×¨ò¦7Þ€%s¯ò°ì{ò/’ã `´Æ¶*ÁuÏKÈ"û":Ùˆaâmþps_Úh¢§¤ ŠÛ08AØ»=ñC‘«¸¾,BïA¶uê=ýè>;£Ú$:ú`±ä7qöG·ž-HæwŽ¸^ªÙRŠÿrxolªÃ¨}Ø¨Z’Îý>½.7°M(°Ô¥b¸Žü BSªë°®yˆ|Ân‘ÔB<ÏQ‚,ˆŠm&ÁË1`“%5=g ÃÝƒ nâ~¯)ëôcøÓËÌzx1â¡C½Èù›VŽ<²BL'Î‰m!£ñF4KYüWrVe–©…»BeÌ½pÅ£gÓÒ{~J‹•7 ac(fSÖ¼h´fÓŽß®&²ò9`åo‰ûÂDÈhò„ÓI uìZ8ïºdaƒN´“»¤ÁÌTG°^gƒŒª(4ÏCÔõç†a%¯° ó”ÏxÒ”Ë7Ò%W+Í€·Y€8ì·)?ÍóÄkû×åI)`Ni5dá-5N¼äs=9®·LÉDxæÔ*àÏR$%c¬EDã¼ƒ§sû’ìåI7ytY_&ž?É£ôå9…ÓÔ4^ß6ªá†&¢³O¸¹.ô®ã'Ë¾DVÙ/7åñ¿÷(òÓ14ÒjU:VšÖ#IÕ™²`éý¼—³>xýbãâ—7SŽÉÁ¶ ¦ÞyqGÖê¹˜3ÿE‚ºæäV¶Ë±‹Å-ørç{ƒZéÒšüìÐ4>ŸcAU’bSÔ!Y+b§í£,kÕ:àÖÃ?Ä´äªžhÞ@¿áFè‰N³!ÞŸ|²À^"ƒÁ8dÜ¤LûoÇfò¥b¼Jøœ Tn#k.¸k‘öïQ¸" é+|†Ð‹çuÇ´¦owlš]éTÿlÅ~kØm)XqÉKÃäÞn¥8†ñi¿Z·§<ð'æ'U–ˆºvõK:oí«ËÐ$Ä¢œ^ŽŸÿÔßlW†ãÉj½´oˆ|.q¾ÌžKå©ähMßÚ•Þ>îrûò¬öçàÈÉY{¶Q}Å ÌK õr%®&Æ·%; ÿ¹&k3ÙS®5¶O+Î%È'lá»Xpý:‚»fÒG©*3`ºÓ4ôY#øàÿn‡éÊ*ÒqòG‚Kía-Õ:½hÄü™Rr[cu„*”îõ’ñdq‚„Ä‚8ŽðÖBáGoBaSãv4›áêh¬¸kqñØ"V‹ R†Çrz’Ž±ÍõuÀŒlïz*Ñd‡@,’a¶òneYÇÒãp_ã)²ç}†ÄÁÃÚcaìÙZQœnß†¿@°WVcµ@è¥}jÉ&T°óE3NÉšç¸^Ïòt>»GÉí²ë²¼(Ø]vuäD³¢DÔ[Œ§t€Ù5YÏ›^|“nY”ìWÓ%4áô¦fËÇâÅZA9$ÕÒwÑä>%z¿‹NÁj×-©BBÁKq§>Àp:¥ñ]ó<Ð™Z/ôA¶KMÚÃN=[Êºv9*Œk«¿F‡£'”8Gd¶†š2hßDrµgL„³%Z¥ P4ÕŸÁï¥^¾+ºdÏr ÄÕM«¼ª†„ìNkøÌè–Oˆ¹s²8H·ûÑJb’EyÉ^–‰¼Ÿê„wå™&ëõa|×söH}ƒlúò¸áRíÜ¡–™øhÏÿÞ0Ì >oDŒÎ…kæ£é||©·k,±6¹Öžr?æë²ÝèiÞë+Sóíˆaõxõöñ s}Qè'óNº…5þ°ã¾Áê'¡˜ú*›Öàªv2?Ù-úSÆeÉMŒ L«zQO7ím¼¨$wY¾Àh4‹¶L`»A:K=(Wyf‚ œÝï†öK…ØD‘ÛŽn«2e}œ¹%™ |âÅÏaZÔxèÔ«Æùÿ¼çå"Lnà-üŽš[:YnÀ.¥á¹¥³¨½ø\¾éðË Ù"‰Æ±TLóOeŸSLS5Œ×NÁ…;†P'Ñä7ß°(u[©+…Ï»O|R‘zé5ÑRÀ$]ð@¾äñ— I7,ÜÞr´ÕÝõ·H¨\ïeL_§:}œ#ÏÚ¶dÜkl·fÃz©Œüˆ‘Îz²ƒµ=Ï$J°¢ÙàÎÔSÿ.{ý Z&‰JëtÛËöHŽÝökáÊD/ø–—>:–›„³BCÔ¸¡©E ¤ˆÂÊÎ%Å@ÊPÌé^%åqi–Ú-CMPT‚âë½ÔËt n±mðíA˜ _úa§ÛBÒBî ç £à‡Æ¢Ó5¥*0(}±‡¯…Øš:¾ìûŠ§ÌøÅBwzuL3¢ˆµ¶J6Ý‡þB—&0/*ÉÊ)$ô‹âýÅÙÜs–$cñÑdÚ6úÜ†Ñ(á†ë²¦}[Ä´…â=ñìÕo‚¨Ø=_ÎY£¶ŽMÃ‘ÀðöpúPÛ»[ã:ø>0&¨Ì)ÄÛ'¾ã¹c²f£öH¯ß/ÖtÄãSFG¦¹ÝÆžœæä÷l'° XË¤Â+:r´JN[ôXmÑïOìæn¦¼ß51ÓÀH[aRØ‘ï:1XÂ9sÔ^XfQaŒ·û:¿Žßg„Â1\ Ö–ÐŠýzSj2^æ+\ÓÛFÏ Ø÷ÃLÝë C@˜]üBeÎ¨—ôw_Ú¨—cšÞ$‘Ç‰n½É§wHaui@Ï‹æÜRÚ[‰“¶æ/4+š´#ÌéÐÞ²UïÏv`ßA¾å¢ìÛh}°jÚ]œy)·‡Ž~D=ÛVÍV4GMc)gk>Àf°vÚ”f†ùKca¶ÕŸ¥þ½ý»Ãº@;X7èÝ“œB‡ªSÿ‹xa!”8ÂÏR2¶Pü ß(Éîô¿³ Ì¥ÿI]ø¬ãÓ€l‚U”,&–Õ½SÃŠñÓ–7ç7£ÊXÌÝ 'BÉ³'L×{)Ø.g«¨‚FåQš}œr¹'x³¶%·ŠZ\{ü"á¬»®*SÍ{¹È¼ÒS½ ´–ð í·ÔzÐ*Ž ü©.îÁºÞîq§È´q¬w¡m*¬9þD/0.÷&D¹î€öFÈ„²úcL £z’jºÜtžÀ=¡ôq²ÕÞnþ$ZÇÆÄðL?‘î¦þS7óØ%ÕŠ‹¾(>G%Ñ«²"ò´’…Ï(õŠG&ÓS¹–é‹ß±>#˜tŠ‹neXó²ÿv‚?á˜ˆÈ›™˜VìtU¬(*Ö8»J(fëûÅãB²eŒdeQÓÃH»5l6ú†"–bjJ ûÆÝãÎŒïZCoëÕíN’¹Ú÷G—¶BcéÆCVß<¸;$®Ò™'] Ù‡ÂR¶>,ÆÕî›qàÚÓu±…]pñˆ†Vhãå;jö 4í›IÚ¿·@œYr"˜áÝÉ _}u[ÄÔ\qßÜ&e“_ÞöÅGâÛÁ%é ×Þ5µdª:hô˜ =à¬]cï•xr¤µTw·‚’¯y¶yU×öja‡Nmi Þêr…»¿®À)°nfß+’Ø]C½·ÕÁøÀrt·›q1Òâù¨1†j÷IK6{Ô¿Â·:_Þ£+Å½ç‘cÆ¬Þb;Èip#\(kÏ6! •”—_¡‰•(Iwmƒ=\E‘ºûá®‚ß\*¸‘ÔEå~éÃžžÔ˜x§ïÿ ˆïà©ŒÌw¿„mÍ7ŒKgÍ²<ª,àüÙ/Ú ÖA‰B>XÕí;|£ŠD#Rg YZÿ%ÏbçNuØîGUW1¶¡®¸*€ÍæbHU!|xÜIh'.G|M…u4ö¾|oËðø-†þs(¤KA¬#U0º}ñànöR2Æ"ÃaÜïUéø+÷Þ(…‚ak¾îÊY==Ò{ƒ€ß6H3öy§zkÿLðùlžæ =~Khµ 1W‡ìÍ=ÌªB®Å0ÑÌGð7p\©Á@qª@' vÚcÂ®g#Å¦nà‰Çæ€CÍ]:“ù†m5ÆŠ5«’ÊÂÎ£,¯0{| WÒ‚jñ¦q—”ÛZ}ºyfãóž¢ªä…0î¦Û.0EÞ+a;nd{/ÑÂ¦?ë?ðê\•|íàÅ7¹Òø„Us>xôP×‹âÏxvæt£›÷¥½x+ÊòDL†VY.RÄ{/{çü|~Çr2Ú6o·DgÈ›FˆÃÏÃTãõ‰u¬p“×7(^œTë+Ð}Lãåb³µ‚ÁdP{_§Ø…)ß.Ó¬èÁœ`ÑÌÆŸ:iêSn“€1¨MTGù&¹E¶Âµg-Â}k"“–lpÒXÂèo~³óÿ§üñÍX«°—¹–.¯—û¥-ø8UÀ¿xK+ý›Hò…9ûAÀÜh¿›°‰AKA—pa‚(=ÃôFø£Ð2=:)q§/P‘tøÁ¨k–¨a»˜øè¹Þ]pFfÅ“#fð´´õ#8ï1ø& :]LboTñeK7]`ÔQÅˆ:™ûâ[ÜÑ!ñ[t¢ÎÁÕ0“uº ØÌžOàçÛA-Í;ŒÓðÍCI!ÉßëåãyM*¨?`*÷,s€¨$ltpfûPÁŽ1/˜Y2·Ž[zî½¿ÇâJ¢EÝYÏ±‚?„=} e,ÂÉ¯-e.|˜>¯(Ã´Á ŸœÙ·åÔF»› /„‰t…?.i(ÕzYÚƒî…p…wŽ„òÃËBhë]\wU?…SòÆQ-a¢Û&ô†ãÖ5:°£¡¬bÏ±õè¡äƒ‡cÚ€v-Óž$=¿ün/ºç¹š9\g:4š¤_d3›TCU>^&àS>Ï"_š>´}æÉà6‹ô‚ÐOœ×B©/¾ ZÝ¢2çnAÐÛ!åÃ¶¥Ç¹³Zã·•÷ø1Yÿê22î’1 S[¼h’À¥kvá}!ß]¡ÅrÎ‰â˜ô±rud||]o==4¹Åg Ú4:‘0ë6¹µkU_S.¹v¥Ü×Ov³@½4$úù×JBJ¶¾‰ŽÞâÁ5/\R„²r|K''¯² ºÛ;§È+Ð×Ö‡KO*Ôq)á1·|” d¿@oçÆÎ½£ÞíÜLï÷Ë«ä˜Í‡œlêôªw$%?æó@mU$¢X1,sz&D‹"EºR¡•¥3Kh¼-þ¶>÷ÇñÃj™ ÅÙEÍ_¹¶3Ý®ªC©–D«6ÖkL°îKövÃœTÑíÃëw»ß4VwêóûXù˜àÉ'5«¾‰‘¡Ìo)å¡r§–áß¨¹¿…~ÅDæ³¯eQ”¢Ïè·ˆ¿%g{µˆÜ8!bový£”/C^ÀXQïgK#9sÉÑ_˜°»%jDœ j.®BâÞµ9pñŒ’@üOÛ–s¾÷äÑr}®Ñ#Î—ÄëæÃXr(¥”ÜVcÀÉŒâ©ÍÊ±–›ãÝ]ó¼Kú[dp¦«&½W2í]“6(ƒ¢æßpà]ŠÂl»±/‘v{÷¦4h´²ïps¼ç,¡FPP2¥LÌ:(^™>Ü…®2±*‹>ú£F†_)OIßyaíBj·OkÔëá‰QSò'¡âÓÊÇaæèÔ–„ÖÍ+™Yžzöû¡Ÿ”®;“¾‚àXBI©´?'Vž¥ÕÉF¹kßØv4e&ƒ1ò‹.¤ü8#—Ôô9k–ÌßdÄ5cÀòÕ¿k¿ÃcZŸšÅwê(_¯>]Ê… F‘r€î2åc“ô’èØ&"Iõx©¤ÎôFcÒÚ#à9è£yÔ‘'€/YÜìXVm=1Ù2MÜÍ ãá½˜ž¾_)8dngÀæa çŽVi9•cä1ÆARå‚ÐñÌUOpÖm#‰%aEaÁX'Ì»|ð}¬««_ÎCÐ•1ü•ö2£µ„|N5·+¹L%3Ñq”.Þ]‘ÁE¶U³6ÿ–åžÛeæMUYQ1¯k'¿»IÞOàÁµN5OPV²IÓìAgÑ%ÖPjg…Èk›JåÔÁ¿¥7‘Ô[Ð-ÖÊF†9SfÎ¤èg‰£‡Þ#‘'w{OŸ“áIõˆ-¹ ¥cBÅbÞ»âöÀb“¦d¸í·±DÒ7ävñ^»Ý'K›×/ñF-À-ßúø>£ F¥ê C+[Wß!Éa!sQœ¯û:%©û½ëæ$‡5»©Ñžs„E`ü²2:%üÔåa‰NÚ€éŸÑ¨¯„3nâìIö†Œ0QR›„—ôÁJP¸VYó ñ’Ú#2CÔSU¹äãÁÇBh· ™¯÷1ÂðàäÂò|ft¬Á‚Ú‡ÉüØé§¨wô]¢.WÌÖt€&ä“KíúGel$ðÝž£bŸzhLÊ¬ÐèÀÑ3¹Þh^_§#÷Ÿ¶f¤ÕR½M| HÏ¨P1dP}B“¼¹’ÐÄ×÷”c°?T$êŸ MðŠº½Á¼^ó“«T¥jº’d²¥˜Æïâßé!²yÍR¤“hxR·Ð“¬ ˆ‰rö3‡®oo:·Žßë&5‹ôåÊç ¥…6\öH´ê_:‰Ë¼Iå£ í/TÂÏ¦*HêDÇ™:nFÔˆcw]´ðÒ•öÁ¨¤W?’$ˆ1±L±$PºóäckÝË‡Ë&‹A`™YÕ)³‹ø¬ft™ÝRô/²¿ìDÃ<{ÌÞfö6i-[W]þà#ƒxv1vK¾²?Vê±8ÌA²É-[·¦“s'lð¼Eê}mAáë*I¤p—Iy™Ñ¼Ç¢ûVX²Àø”Ì9÷ÕWHÕñqéÂrºÛÖ÷óŠìR=÷wþŸ‡Û6J¼¼qŽDbvÈ|êHK„¦¿Ã3í…&õoTÿ£CV“cíN÷ãó™ÕŒS6‰,ízÙ‚N.ÙÏ:9UÒTu Ç”y`_Ï¿©Ö•qJú¨7@hTô+M•ÙÖU?ŽÈ\ÂøúioÐÜÿHmÃpÅêBé•6™”%S¬‡Äài‘Um±LàeBØ|ÚÊ8v8ú{:,Fti(*›¡Âž@É)‰(IÔªUM¾‡¢êÿ3çÝž¢¢Q@gb¨Çl=CØ³¨<ÑLûùJ:òO×–…2äXXÓ*àEÑ6?vÞ˜cuÁoæJ4Jã¥3œÒB&•KöS®V:\`Séæw}bLk~ä9¨B+MÜá— _“¿«³ºÞët¯DƒÃ>¸Š`¡Íäœ`¯ï(žÍ¶?6n .tPpHDþav\Î3Sö%SÖ?1m{…3•r"tXæÉðd5yöjÔ®p¥Õ¡°i&J;“i¢¨ßˆ©IË¼ŸéT-êk“Èñ?9aŸíLxv/às“&iù{ãÔ³¼ñ96Jz$ôa¦%‘þò×h”ÑÎm±¼ŒÆ‚qðH¬Í ·.e·&¼k‹F‚4|ÁÑx &îDvÝñÙ3.ïœÔ?Ö®ÞÌ]SŽOø>¾S|3Ô&/ñ½Î‹äbºüìµ}à¾ü™q“=³iä>”aÞ8é¨p¥cƒ¹*ŠË`V6§‡5ë,õÓ -X©ãü†'‰»QBÙÆmÏEÛ›aÊi æ—¥ã®Fï ã!¯ÔÜ÷ïÖÍKd8Yíòm»«šWƒ±]Dmün`í¥¾9| øönã±¬"d+Ð¾*{·ÙIOÿ/±ïëú»:Îð£aé!Rg_Òc9Ð%…E±Á\½ŠVv{æ!&KÿˆÇ¨Z³F#ÿ €±1 ÷æ"•DÁ¨¼<ÑŠü×á„ªúK¶ËÃÙìþ£5œÄ3SìØŸôú‹Å¶£¼Ù½û^¼ó‰¦ò©OZÃat¶¸Ï?» òöË"l'ÓôTëG´ÛÎ-Â%cu:$7×>˜Õ‰Z%IVM©†zY…©Îàðåzj:fÔ¼ÿ'K× Îyí-8È½Íùµ‘,ã\‹¤Ï\BAôÂñ X€¦À[%K8D¶%Zý¥qKÀ¯d>ÇùhË/8ôž¨Oá’ ¨Éééb«\ëõ»á7ÖÁÁ‹/)óè(;_hÞTpV/Erõ¼©67âi–(ç<÷†ödžåÖ˜ÑŠ?Á’f¨Ã*_[ê™N‡èåáà4í•ºÃ…™ÐªÐœ¸ð¼’YjÀ:nÿ ûþI–VçönKð,ˆä^«…ä€ÑšÆvKqf!äÿž•·PùgAò¶EºøùM›ÑÄäéª R÷É×u£u¬EVô”z‘ÁRàÄ2l¦|pùC›êboÙ7©Î¬Ëà”%X•H6-ð<€r»#NÈP$óXÅŠìÍô™4Ô×_}ã®M¸NˆÍO+É6ÒN™Æí!÷iXÙ®òáÈkbðM×þrKý(ç7M{Høë“WCIe|„tåO'¬Å˜9Â^3{¤]„Ÿ<•¹?kóñ0iv¡uÆ¯#w¯¨m_~žë;¢ƒrmàÓºv3 Aø›³Ô¸¯ï*´cÛ•øÕæ¿è¬¸3XãRŽ>%|´'=9uÈ:>ª|ÅpjLp”ÝÍÆ O¤0û´"–31„@”LnbëLxBÜ™Ócí%¸fGÈS|Gýëƒ'í„kH\)þË _ Ql®šªâÈ,z(º«IñQ8T›\\Œýå9¤´R¦ÆYñ»j:–>žºh8'ýÄ„ü¬Uø’·¢+YÚjÈ®Ën±Æ7NRÍ©#jäÓÌžò™;g™'…ø’” l\YsÑ6–°†,³šëØEvÚsIçñáÝ«Lí¼pY"ŒIü±‚¼éˆ™† D>DÇƒïZìñÃðÉÁŠp_aé–.ø¶|²y=Î£ÉÇó¹iý+5b4Ÿ_rIfðî°ëŒ/Q…ÜcÆ(ªüx˜~y»|ð`³zÛ}c9Æ¾Uq€pu-¬·ž#ºß¤œ#`¤}«Šö¥"‡5ü“ØùîÝøs¦Æa U÷LY<åÑgùF ÒkÉhÍE*D3Œ~!dk€58q¢–ã 5ýDÒÈ—%¼K¦ƒë3G±ç Ý—Kâ"ó¬šæÌ{þÕÇâ2ÜÅ·}PPbÿ´>V;.6³:‘íærm¤Î$ùZÆþ’Æu**ê/6ÀÙÖ‰†ž¬t£¯p\8;GîÒ55 IÌìÍg`>ø€Ké‹ª”wÛ$_ê%|ŒG)F…€´G£ºæ 0ƒ€*fþr/Nué2eÓ:¶A›ìýl”ÂPÉftt:W~ib™o^ÆPO|ÿ |ŠdBöµ†»‘š÷'›¯`…^æÒÖb–‘e e½Ú×Ki%%âÉþ]®pùñÛ@X»°“Y_8Ä¹7,G*@öx 7›Ý+ø›ï à&°²6¡žo&N‹ñ1`£åÞ‚ašéí|}¦²£0Ñø§±VÇ5m¬ÌQfG€zÓæ7ðêÏÞip'ÕžÁWêÎÓ™ ’ÅeI÷ ø˜¥Û°©vAQ³ô(žw¾p§™q¤m¬ÁJšÇ·2çT–æ&è½ˆh¹8tå“‹½/j„ƒÒ·Üãzš%²wÛ«ÓXÄÞVõ7´NnÃL$.zŽmjúì~;ÇÐ8™Ôñ<Ôò[©U‚ìz§òŸ‚5úvþDµáŸùñÔG©3?€¼Â„¬oIºT-S7 œgmöùÊãBXÁCaZüg–ŸŽî¶A ¶ïò0+i—÷çŽñ‰Û}+fª»)ÿÂ‘ò{ÈæÀæwÂ5ÙÄfÌkô‹8‘ß@òE.#6üñLÛòNg‰Á˜³)oÕü‰eÜøL;ÇK=SÚ>9|s òYa€'‡ë¿l4&ª¨‡¥ˆãWøI¤âŠæ(äÖ‹m‚}…‘òmÃ<‡óí°¬(x7ÓüºéPÃòV³S`ô&²¤gu.{Eúßi¦|Z’Ññf„ùø<«`Þ%--l6|”4f›8¤ÎÔIí¬ƒz'¬&ˆ¾,Šl?,e¾¡2ÃUÈ¸ýnsvÝqZE¾Øúà™#ÖþB¹óhëlYxäØÙ þ‰Ö÷¹’å6¯Eí8ÁÅ¬ç÷óq?[xž6îìqð»®ÛÐƒ_5y5³>´|ûêŽîÅH–Xë±ÎHŒ7 Bfjr©Ä¢5upB JD«ÈdvYþg$Œ%þ°Kƒb#3û^š}AéNý^Ç·›C¥•ñt÷"ä$Qôt¯«yV‹¦×)‚€ .é¼ºs¥ÃltÚÍÄPë G¤‹Õ}£™‚Úö¿ôÌàÓñËPO(7Ãqi¢×Bžjcì¡-šóGß, D:ª>÷SÁ‡ l?×"ÕeëþS×–4ígzÚNéÛUVZáÇd1½ÅQžµ‰DcÐºœ´dAFÆ0tT²»Ý2ðßayÇ¾cÝ–MªÑÃ±Æ¢aÑ¹)”1ßW¾zÐšåÿ[XÐâÖˆésçûvº¸'†ë¬IXSRÁ›PGÐr#[–2»‚èäg1ìÖ$„AE"ˆQê£9 )#Éß$ÑîcE·b„™êgu×ü( @™ú÷ÞBËßw'Pˆå´áƒÌSÔ‚‘÷VÎa~áÏúi a¯«Y-ÐiÐÃe³p¨Ü¿Ø‰zT{@Œ‚MÞŠø¼ˆ…´D¿)Ë¼Öûroô–²…bKJ,Z=©Q+4S²ÓiÅoŽåÒ±µXïCK‘…êÉ.fQMú¨(Gtz@KÄÅr÷¹¿uAì:ò)é§Ú¬OCç;0>9ØlºÀ‰ZµrúhA™ž)ÆFË`JŠd•í7/ØS¼{ùÇ~ÔÙx˜«™(ÖØÝ±yâJdLˆéU…(~qçÍò+Å3Œ`‹³qEt¢›AÈ©Ð46y®rñ¨5ØÞÂöþŒì– ãçÿvžVóHá;¥›4ÐŽöŽÐ ¯ŒŽ¢Nä¸Éw\n1¿½~@eL}4"È,Äæ´eOUtÊÅth[u§£]ÃâßèiæBøçšû 5ˆ™ä”^Ó‘0|à©óp¾&E#;Ógö±_6ÊÎèog‡/É=èaý‹JXùpóWÂh(±³Y&|ê³qÐÖÚNÚ€Ðb¥Ïú¼¥ûŠŸmáÆ.¡£j¼F®Ü€ð‡¢®Æ,hÜgÓƒ)i #_ùx%ž§\€“;Ì'oð“ùCðÈþDÇˆMÔq6âNØ“nÁN¡¥gÒ ”à %žd"•xaÔ²L±{HÄsé1._ñ<7MM5G~äö¬Rõ]3CîÕŒr¡”øµ(p,r€ÍNˆµ öKlz´ê€ü‰‘“©zP'ËwXcÁxÙk,4ñÚ:Ì)Þ|sŒ GSËŽDj&œCF;|µ°P4•§‡Ôê)íÖcŒó_©Ýgáþû?œ„àÈ¬ ¬äz%ŸlÑDöÓ‰ Ð:fH•QúBo[·-SnÞms?åªR ú¶FëjÇÙH•_€SÇ}ÊïÃŠÜGÌÍjÆ"øø×æÈ1œ sëÁŒ°c]"n»—¨‹§èX7Ú£¨ÌÃS|ÍçYpø„EKaû ônR.ú…S_ƒ«]]F¼úæ=B\rÀ¶u³ñ…ì™ÿ¯®|ÎJmi%½ÛŠðjÓ©‰PëÊ|Gâ& )ˆ†X É÷ïÃ´(d¿HêçA nSÔVg¥3vÉúaaž(#$-ôŽÞ^ŽÅ6pdýƒrÂ.øW6›\Ù²™L%0¨;ñ_&ú!L÷þ{õÀÕáZ\Ý©Ê2baëkÆ—ÏáW[Qg"[6)Ø2_-n£‰oäÿ¤Þá ‘ú¡C»ü=¾¤7‰aÕµ…i‰º˜±Ýì¤8oA¯ŽÏ'˜d‹¼Æ¬;@xÀÌ£ôËœ-!C4*Ì³ÛÉÓBØåÙ½·Ÿh§t&H»¹‹M„`t u]»´äåïïw…ÿ9gSï])ìê§Ãã‚“Ÿf!f¼¼òk"Ø¤ÕÅ›íä1L³z¯E_P0¾žn¸}ÛEîtQ•Ø½ñŠC."ªæ Í\6ø@ÍÁQÝ v¼9Ã?Uå‹}”zåá—•œÉ'k—cå¸®Î8SAÏ9ÄåWXñø=L_WÝ¤8ùEöÍï'¸ZðÙyÎ©-s³ð!uYj\Š‰J_ÂLÄ†ºŸÇcÛážœs„¢õóf›è'Í^åß'°=zˆðŸ¼¾´ tÃ”oÛQsßý¦‰µÈÛ]Ä+\ÜrTÝvþ*Ó‘ :UCµ›’yu‘Ç-+ãýuvóGvªÁ¯wLRðùe{Î®ÓªK—VG_’ñnÇgA÷ÜIóZS}Ä?–2MÖÍ"®öïZ‡þà.Ä7;Ò¿›Yàü}øäí¾½¼®Þæµ_ÁÇ¥äYs˜\ÅNÑ°°eY‹k%4¨qñNº@Òï…˜üÉ}nšRä÷ÒŸ¤ÂÀ—9*Ÿ “)Õ@n¦%jÌŒÕòµôxésCqÊ%óH730£A·H9ÀœÈ.ÈÄsà›Æv¡Yž>»&'KØz¹.?‘ þ_÷o+ˆŽ¬cIQB>\XÒ|Çmh=t.ðí¤?¡‘/ˆø¤€æ¬¨jE±Ñ)H¼ŒöæƒÊÅ¥Œ,ÚÜ•ygŒÇ™óÓ×£|øµb—k|Å¬¦MäéÿE©ôUùVü`gkb«ÆxKJ»òÉ)w¯,8(ºÜ¨^•`Êã ãX(êŒOÞ€ÐsL}d +ñEÒáÕfÄÖ¶§X˜´I‡ÿÓï±-b¨ºE„%¹‘Gò³`…f!©òÙ:Üy¡ü«ts-(‡s\yë ¿ ÿ{ò£,©¸üä¼R„ß(¦ò--yÂÄÅáÑ®½{U¾Q3V¾¶ËO,9oðÅÃÔJ×^H+êö¿W¤öü¹§oì0[˜æ·®±?›íï÷Yñ‰M˜~²E…²Z®!øù´-¿Ô0žôð;²+ccOÏ5š¾2„±l2ah,ãé 6àMè¡1`¦œbF•Ò?˜õk&¦î.A4#ó>ð…Þ7þ:¥ WŠ~-T”Úü{0:¨=Ó ,ž&EÁöó¤ƒÀÿuý&E°?iÑæ"¶1Ir8Ãû*ÑÑxU¼]/˜e`²²Z)Öž(…& ÷ÝAƒDèÉvÍ#7Ýþ®¿@±´S}P\r 4õÖi nÛÌ7=Ðœ^ÿÇ¢®SzâÄùçULdÕÇsøG¦J½ëñg7·iÙ„æ¤_¨€–æPÍ 3\º÷ˆ¯N ¦Üxzû³*eu›ÛôòÖ0í£ö/0Â¸hšÛ*™0–IU”Êø!‡^ö‚CÅä¸…Ù:”,qLË¥HuSÌÛ™CR¤dfžšóaåRpy±±hõžÁ^äah\8ÂyÛ"-ýÌ<ïÚþ¨Õü§\ÁG¥âÑ–`²a·® euR0$:®Jà{ÓÝ®x+E¡³þf XDÐˆ‡‘,Á¬¹"%—êEWÆ?}” ì‘¿K9o€Ûê„´¯Ô\á"'fïXWL¯V>àwà "z„û¦Epí•¢ÈµÅ-abv»JÃµPü~w¥v‡Va˜DM‚AÒ®H:ö™‹ÐÎ\` ×8[øô§‘¿÷2vöá @¤˜ +‡cô½m×ÌÒÀæ0\FŠ[ð_aýòpï§âÝªsI©]–"V½BÌ& Q1ˆÄ~‡ÍOän?¸·5‚æUû—I³ˆþØ4† ¼¯î‰(7oÒp.Õ%9+RcÒ(½«ÐÄîYG"ã; Âæó“GZF!l9EÚ|£×©GOh'4Ò€ë×–K:*ŽÄUÕýá\">¥¤všm Jøce×¦Eùø¸Zccå ËˆBÌö…›«ÍÃ/àôd£vxv>/5À²Þ S“wð3G¤~áµ8ÁZ2yƒêÒËjÆ²ÿT!ç’Wô÷ÍÊ;ˆ±ãIPx‹ÛwC”jzÈ½à½I—žÇ]Q¹ÏY£ýÍÉuÀ•MTvÆy\ƒž¬îÃþà&¾©åÃHË¥Øþ,Ð²¯o“â7zU¨e×Ð4¦œrj9]Ê¶Mà[’o>Ñ=¦´ß&UÚA±“®8…FØ±+¼pöY‹í¯²\Ë£ªæe¢¡Nµó¼l>Âzy÷…³êëQžðîv‰ÔfT‘{4F«;q‡É:]õÂºt`ñóÛÑª«ZñÔeWŽ²R ;ÏìÆµ,Ê3ª‘P%d+rÕØt½l×ðax1Ø–¶H$ÀÅ”—ö‰9¬M]Á>³ÈNäÀl7ƒkY®µ*ÿZþNà¾‰s,_€s@çr©˜õƒX#”ý‚`Î‡}¤êL,®Áú¸Ê$Œ2À¯·8ùÆtÕ¶ø«®p°ÁæÍØ¸»h™òÖ§nÂëÑ¯£6þ%Vì¹}¢ç—ï@$Ûˆ…$S*bã³RÚi;‰‚Êi^é1" ‡Õe®*zºHûK™Ni¸ßÞ·lØ,äc6²yŒ±\qt•éh„:`””-dñ~ò¨X5ŽÆUê?Èèº¢t»ºræ\ÌÖÂãóåK¼Æ îR£Ï¹e Äl¾Ò—Iì€$”(`•^Oª\²¼-ÿøú_G¿Kï iV‰ƒ6‚ŒÙ„xd[¡{à`‹ºÁÞ{oLš’qŠ ˆñš~ûåµÊÓF€K´÷êtPJW7¬9ÁniSˆé«¡ùwvpÏýÉ õ1ë*™ñ;Ãô;b%H×ˆêbºKA ,‹ëôžA&±o¶Ä¥÷b'^¯çêóáÈªÆP)ÖS®üV¿ÿ?ûÀTW›!²ô¯òh02h½©¡§£VÓ²Œ§iB±ì•…€þd×Çnçƒš?=•r ;ìÒï WVôÉýãVµyªŠ½bˆé%øÁéÑòlÇ0K|¥Bzi~l˜½á<5µ¯[µd|äó¦Z·~ùå€mN¯–éÏ^üÔñ¥(«]—•¼¸,= `¿ÙÕÔ£$—e‰ô)Ñ3ýì“[åE?,.°y¢¿y0U4óègC¥º‚$ö¾¢Nú›ÛÍˆ_ uî—-àUÅ&„ž. WÚˆ Ü¢qµ¥õ2Þš+Ûñ±eiëÕå¶6—ëæÈë¼œ{îj—Ôn)/ëAAóŠë!Ð¾z½æsÊZ-¸–)3gÒg?7¬ÅI[Ànñð¶íÐFNÈCúÅ_rª±Ö 9‚:¶ Ð°Òž‘¡•[ÅW¥ê¨4À‚ç½ÝÜÆ}Š$§}W~8sÇ x²…‹¯ïV‘ i$®pe¢T`ylQåÊOÍ>@™)ƒO°DHãc.²9ÛhòMèNPÞ?ÛÖª½CÓAøñL(zúLàSlm%ÐVn-òGÝtC²¿ÝbÁÃ}” !!G,(¿Èo3^Šgp(ÎÂQ¨!¿@Ñ&yL|ý`7yjN-6"¢½¥VKAÀp_ÓøE}‰ÆÇéX“r¢BÞåkžYUµ‚ç×ƒ¿[<#ÿÎÐBÞ3Ö›•üþ{y}êî«5ÀÝ½ÂXr¦Ë1•Žö,ü’—Ë=Ù#¡ƒQH÷r2†ê+c©‘¹›jx5ÕºwåIŒJ±å‘Ö{´ûÖÒøSvbS©“1ãõ!©ÖÏ¨¸*\â«ƒÉa=9Â†jF†ë UÈ)Ï&u1‰µT/W-ÔzlþEk˜¨Iz¥\ïöÃ÷2‡µªù®§`¶ Ôhý:å;v$ùlø¬•à¨•µRWÚµ¥»Ž JbQuýX+8¯¬83›C´ƒíÒv.Kø‰F-é2ïÚÐÊøO„E¹;®òŽ‡eôlËÉ½ÑöÙF‚.(C˜ïî]'Y¤ÕÌC¯Ú€È„èro ò˜]€ö¢Æv>rs2É·ZIœ™`‹.Ï«h®¬Œí^¥í¢ÑFgôÑ•Oª’¨ƒVp3áÎšƒh€Õëÿ‘G)Èw~YmQî¼ &.×ÔÇ´Er#ê±wËÀ¿:ëW·1$PV³9ihVÁgoUßS®t-&¡Yêß0&e•ÛÅõÞ”»¨D‚DýðmÇÎ*/¿*ÏY.á6$Qû{z;çÓ2°²Wù°½ÒY†÷ ÉáC8z'FÖà°Ídfª$§ì¶û-"Å•«Iº0<Ž¬:*2àúùI0÷8YK(2ÓQv`rsK‹†æ¿çó‰ÔSÔYwd´ÇØ*¯²8SóãáÌÒw@¯¾v«ô ‰NÓZw¹ƒiì{ÕÆ€Ÿ‡-WÏÈŒ”ëÜ~†çB–|»Ôt0/Ê…ö6!R‡Hr[^*™ ¶®Ý ×H=Þ”çÅ3O–Ó~û“ÔtÛ±y÷£ÀUÃ?ÌÆºÔIÓ–ïUÛ—ª"eJð bé½H´,IDyºg.:ŠYæ<¿P3«iR2ÃO¶½é¤¢E…Œ›Äë:±ÿ'\æ-wO:9Œ¡ºƒ20)M`ÞÞîawã×ŒÔÏ3C”=µ÷—9èA4‚ú#îãâÉQ.“³¹hüV<‰[ª†Õk[í4Îb‚¾K{‹) C¨›8¢âÙƒ6æÏàt]Ñt^ÄgY0|ttàZžö;"Pg¡Å¬©ôfðF·1üNM«ÃÌVPìý½^`^¶O}· “ŠhÁó[ÙpNåÃ-qÍÂ1´ÖÂ¶D5åôÓ¿â}i3·£1þ‘Y5¦¤=²ê¡9HLvHwúEÚCm0¬…3Á&$qÃ£]:ÒË®xæ+ªbº¯‡*y)^,ër†4eŠe+ÜL‚ ,i~í•ê1 –i@œŽ0#N”˜rÓâWÚF°¾œýNüêî›9ÖY«åS×q·¡ÊRd ªçZ5Ñ¿ûG+û´P ‘‚º-^ 8îÅÕ\@Ì«]>¥ò]ÎzaÌ¢ö™~øQuëÝ÷³uj£çÈS#j†˜‡÷P…©‡Þ»U•ò¼ZŸÎ®@¢gósÊ˜ž÷‰QI oUCô0l<ªJ`mÏSutXùÝžÌ.1¥¡Æ]dŸÇ@å2É¦Q³Ÿ”Þ#ÿžB©šò]€&|ª®>o6Û¾46¯Ô¿ÞZwg©ÍN’ !|ÒcUCŸ‘¿Wó}ºƒ?¯Bú\ Hú‡:Î?€êÄn–ãJÛ–‹(…x¹ëwŽ°w‰]{|u|•m¡ç3ócÃÜo$™N ñ‡ë©+#Dí¢zâÅßáÚáh% lÏ¯ÞR û•u“OÞÓæwS tt°˜>d‚ÚûŸÐâ«}Âg8oAÇ¥;3uyh+1øãçÜ %¥^Ú>4_H½èµò),ó¸ðx–ùÒeÛÜÍ”|t5À Å@^0H›;éègep:àzðT½FR·˜rXŠ¯Xé‹·U;•|EÓü’*#.É:`iËPŸÃëIc¿’Ü¶Ú0ëÍr¯M”ö™²Ëÿ¥€4$bÍÎU?u’Ö…º‚ùƒG™b^t -™Ölª5ï©bÌ¡A·€KC;Y-±Nc|M(Æ6i¹‘NÒXÈtÔìlV£o/Èp¯y,ÆôeƒwÍŸyâûi(!›a[gù>k“G!X›i‰uþh”‹`=†[ *Q·ÂfS? BæFGLâ4g…šeàSm ÂNY××@•¾Ð\4³l÷D»NùÄrÒ®$ÍKg'ÃˆºF_9ÕÂœšÖy.ÓèÒÅš¤Õl… -YüËz;…##³jnI a…Èÿ»HŒ8‡$X¡œ^¨iúù±¡ŽTo‹ÕÙ™U^/ÔàÔ¸‹ E@Ví¡OI(ì'ùAóÎ«v(Qù:°§ƒ¿ÉœháÊ‚ÇÏµñt85¡p Ÿ?¦B†êGˆ>NÌwîãà¤Oú¾ ”Îbé¿Ul2¹¥ûœèSÙW9çæñ ¬<2±OYðtæ=î›Fgû½¢Ôƒ‰oxRLj&3¤-²©†iëf”ùkÊÏs—€‚©¢ˆÿ7£Ü _+Þ)ÙÝ›&‘+¤Oœ#²$ä |¹ éÿâ…qnÀž±Ï¼w »7ß/¾„ƒ¡‰´[² e¯£ó&ÜFŽt®µáÓ7nI–¢ÞYÀ'dÐ[ú|NêÄc¨)ïtÌIç÷ðˆ °úVxeYð6Êó~:2Ây+r59Æ3Â*i½;ô”–_& GqÄâÎ/zîßÝÊÓÔTt£IëJFàðˆöŽñÃÙÐßpœù!<£i§&’Š¯ª›¿ÄBT&á;þæØf˜!ÂJYyN¿0-¢'HÔ²¿Kþƒ®÷)¨_Ç¢Á8Ppç¢WÑ¨Æ¶ÈŠ>Ž¦ô ¡ bá=wñ²¯þ¥d4O{?}ê#Ï%ÿØÙ4›ðÞ>±À#þà¡¡+4J—«(u‚ÿüÖÔþz4HãßÎÀgp@¿ˆSè ƒ¶òMbæGRiÑy¬Jj'ž…“†RÛ]ÿt:ÂñT7ÆF7míÃI¶†•ÛŸÛF[Ùœš5Qa@ã³1já‰e…’«×»²ûÌyƒd No#Q7ê$0fð´‡©9å,~nÂìúü#Y=c¥¢ :K°¼ßÿ“bÝ‰Í‡xõ1íÊ¢¿V,†éÈÊjH4Ùá€ÎÝ§Zu«‡Úvdñ3ë[°ßßó.n!ðâžá±Zo§â€K£Ï^ˆAf-Ž„ÃºSŠÑ5ÏûÁÐ,n^ [|1©ÏŽ™ØÏ¨ÈlÌÏÓIÃHó"+ìò7×äæÁ)_%ÂÞLÏ#jÔ«"ÄÞL¢Ï› —~tbÈÝËG'=¢’‚i½!å³+ò?¬Z4æ`3‚‹Èa€T$÷ (’@¢\^KÇ|o²õ/ƒ§øÿ»÷eŽÅ!}d¯+'{X$óþþ™j5»6Ñ~0'Š×BšÓ¦HöŽš¹¬ï™‹Ó&‹¢iËñi$Pn2(Ùõ$ÄiŠíåj¼þuøá%7p:Š¨W¸uïª€ð &ç˜Ó3R¯ p^XÛ –A:ïU|SÏ,µg…ñã±²ÂÄW¨ç¸ˆeó4GPŽèÐÜCéŒQ«ukQ÷–Ú ÷>Õ•ÜMñ6ðß vãÉ|ÏÜbÊEüðJç“fIŒ×b4§möMþ£Ë{~üâÄOÝ‚¥^aÌŒýC±˜zëx4uçrµvãR2§¸©Üâ8ñó’/¥ÕÛùD9V'œ_÷,…“Ø•e¹Çú‹U·l¼+H0µ3ôrö$þÆ‘0¶Ÿsí†¤µ=Ûº–•2„î7Ùƒ¶Ÿ@ôc( Ã#ç…XTEè¯“i%+ÁX÷]œÓ´V²qÈ‹”·Lsb¦`}ØýÄÐ‚ºØWrã×fùˆéÒÓ pbGF“è>‹=Å,¹ôj&ÓìÙf`qXI-PxÎQ ™ìÀUkÿŠé!Áë ¾@÷«^m#¤9ÛçUØxH`g…©¬°·nJ‡O¨ô¤Ïit=ƒ½-£ýE!lV‚5ñ/ ™?P¾OºH>?jé"w²fhh5d¹…•pœ'P#-e¹(\q{óî íò™ªI#–t^!–„\ñQ;¯ãT°°ú,jÊ~%Pw€[AtBtak¨ø\Ðy£e˜ï±óÂ)Í”¶{Ë°ËÌiv_¬;ï±áù¯LÌ8N®æ‚ ÿþÃ1›š*ë.„ +Ö½†é›‡7ÇXx²Ì¨C|Ä™ƒ£¨ÛzS’³&lÀ!'×óüÜrÊ& æ~lM%@Û5p^eo„®âWåáyt÷YŸ¶×ðñ‹c«6Šgaxê/2ëæëïÓhwÊ”c¹¦ N,"mN'Í%ƒ5¥ßôu*ï}úf loMN?!ÁImMPÿ[?åèÊJrµÀ¹ùƒÍÐMi—JAªC÷PFF‹+ÑŒÎ¨îœv,òÞgq´HÔñ)(ô_œ¬ªe¡åÝ›46G¹\.Êçñß%nóó^ER=%±Ô{5½{*JŠ^Ê"©ê¼ÔCKT´+CE¸3°˜5õƒ¼7å÷ ¿µ]|TN0øÃ–¯p]Ä9š‚ ßn• É’ÌÉ€}wve²+Ð™ž ¿ ;µm"øL ô½S*l|Kþ¤„¿*ÛC…#ÓJ¥·–‚B0;àŽk.µn 6M\È’Àë)5÷U°6ópsKôbð8ôÚ1«fGvƒœÅ“°¬jÈA†bõ»UšÈXcd([@®q““hžåwâh‚ù,rZÏŒ/¹ZõQ4ºÿÒqÍ”E[,øÇæxŠR^‘}J·©ó ìgßâÏi¥Ê¢²ty~ÅØñã ¡´4¹à¤dâ”~â$$ë3ªK6LÝÀ:RªL â5oYQéÍ²¤ýE fðŽ•F¸+(qÀ)Å‘38®kD;ÀA#þ½Ð¸7¶[ÄH4>– C@EÑ×Íúv™ÝU&!sØŒë•J_të0 Ì‡æ®èx_ ù»§©êuøió^ßd#¿rJÎÔ¥Hï„ýT}qÌpvû¼¸CÃ™E4–;Á3..’·ë©)«yò‚§“É9z|øÞXû›àæŽÜ@^‰ÇÉ‡Q]õEÔ‚¶xµBpçKÎ-Šîéë…d·¶0 eÑú%ÝÖ«„‹>`§bó—©ûåØM`kM]Lþà4ŽrO¼‰|š ™YÓÚ7'Êºk>X„¯Ö0^ÒÔ½Ã´ž.êÊÇãÅè-“ˆlƒÁEçCGh@qiæ™·Óˆyw0I–¨yé£x±| RÞZÇ3íÏÎpñpDé .>Ù{ïêÍhãØoGh©Ü«cmÄÑ™,þRŒºyÐ/E4‡}ÌU‰‘»»\b?öšæHÍâklí&/èB=÷¨s&¨a}Há{3YàG0œ—,-€Ey}äÿSH‚k-hÅš»fwèÝë“¿« Âÿ —˜´‰hSÿ=!üNqÃ©bë˜¸tõiÏ2ê0m kµ¸Qµy0Dç ë!]ÎÍÄ`HLÇGÎ*)ê¼_¡"bBhöwXëpYf®+c¶ÊHH²›A^¨žd½ž9M¿´”âò)$aŽnÃ0© s¸“xxŒIð¦jVVž+Räß¯ÂÀÆÿ-ç_¶zlDÌDÿ0)×Ùo;ì \ÄOŽk.í@*žr("241‹á'!ý_›ŸÏþ•‡òÝ]kðu§‰Éâë€Ú-Ãí¹È¼çG'D¢K[4Uýßešm%d²"ÄþHmË†ÜßO&AÂö®è±0Ät\âK]A Â-5÷vÃ.øH&Å e”Ui aÊm±šL/~Û¯2;¹€å¥@»Ž0ä›&Âk.òN„pÐ°§[‘¢!q37hdþâIN„™Ê‡(®ceZ†oÙ± Éw£#Ž0¦ìRÝ‘|4µïâ×ÅHÎOï*Äì!À&šßÎÄÊXíÓ<â}²×¡¤Éüdà¦aöÛ[ù}Z §+¼k×Û¶”Ï\Uhq‰Ýî•ÃÖ¯¥ËLÀ£Ú T;òáÝ.«e8¤†Üs=£Ú @ÚG@¢4[ð¸w]Íú”}Í$n´LÌ3±'h%9TÔòlìåõ`.Ã¯BQTÜøC!R¦;&10Ú¹P6°þ‰nf0±Øsß³±qí,X´Qª¿ZÓþ·qðòE÷Þ4yßk1ÃI¸8²¿Á•ÄÕûÎAÄìîLAê‰:ªQô%E‰[*°®`Þ£ËuÚaK ³§läžkWØž’CG}vò±é#³ÐÖ(Êû”.ÛÒLY\•Žña` `LóÎà”,baâ©ÒóÆŒ(ÎU-ƒ>Ðg£¨¼Þ‡’Í³·AáF`e ]TÙ¾\FÈ¡ªp±";äPa{Æ¸yD#‹´ÎüpëIfâÎ=I;÷® Ò2ôÉ6g¬s98^#l$œ ê¿xžK‡b®ñÖ.;áâƒaiŒ{RrPÂ%Œbá-òK•Ðšx¨ãz³†3–i9¤;÷Òv¡KŽ› ‰_‚O£R/v½ÏÑPÊ>&¨)Qƒ"ÌòðÁ!1{S&ý=XV‡d~|ŒAÕÃïÁ“ÏuýÔxÙüÂ[×á!=ÑÔ3Ý»¿™Í 9.ËÐ{€æ2Ÿ×ã‰'>%bq8]ÛËÃ¤¨²Œ›å»ÎeÔÀ›vçyŒåÿšVÏ¬8LÀh`ÜJ:ê›fÌÓ¨Òèž@ 9<,ÀFÃdÑË$ÚN¹žW ÈÎ¤ü¬VîÿùåÞÁŠwÍ°áä¡/Êã_ Mº[çIo±Ã÷ñ’otÄsð}Ÿ3‹V„™É[IÃ¾rÍ’wháË›âd©'°{Âþž4¥àØØÇáª ‡N3©hæ;™Ü-›ÃØìêM™aÉ^‡"l>ñ|ùº–t3H¦lŸ»Ñ^b|M9ãÙÚGæ[†o¶oÕ!×§Âµ‹7µ•jk¥Øòì9}U&/ÍÙ¶ÁÎnÕ\7ðP°²xß[é0x§nr´Ä#›x7³œT}Èeî½„Šµø#1aKbWvœ«<‡Ñ‚9_Ñõ…ÚðøÇ™'æNâ]}ãŒ‚ùð¸4ÒôÍ“PA‘¶ÿìÈŠã-wáë¶Çö€P]6ZQI˜~uOHÃÍ§Éw—ÝÉ)K…i´W?¤R<;Z‚‰¯7•uè&UIk†æ|b–¡BHF9äYeâ?Áô$NgqvÐYp:Û”Á°o¿RªÞ›ü¥:ˆê¬M!¼¸5;kPö[øsÝ4Û ¤Ìò¹;Ôû#°éÿht½Ô‡Ê£DƒF‡ôcV`FæÅ1äøOŸ ®Nu’7ºLýµÓxfÁ+ÆÍÒŸäbý(\ _N8ÆÕ•fôÑÑã£ŸóëµŽGð»[e íl'^´ìI£ŽŒ†Üî?g>Ñ©¨€a(ò#aô…ø¶„¬ØèdMhª‰à(„Ç´¹ÎÝß™€Ò\=öhãfôlø2‡|7¹Pz0ŒÀ3\ˆ†hƒÁ Äb6Á¥Â™ñ~DâYÄ)œlÜu+\¬íp„j8ûéQ^+R¦@Óòsä…°ÿ?MœGyòí6ÎÔØ‚œÇˆDÌN‹)Â'#›žðÊBöÚê*¹^T?{›ŽÃ·pŒ:ëïh±§LLÝH¬£3êö“‰·„Bà*jŒÈ«B‚ì¾2ª[¢þ¥Ä˜ØV3Fiõ1\§õ?‚èÑÁž“2wxI{¢[éýÒ8T½[výv;‡Ü›ü¨[Ä_ÒJ®#¥¿“¸Û EP#†¥xÞÀ7ÃÄ¢ï{ÔçŠÿµ62%W lJAGÒÏ[˜|Œ«þÁ§¹²†Ÿ—Äó_£¬öÿq¿º)h^ÙEÝÓT’·É«¡É¹×ÌÉ0e2”UC"pIvS?q`£Ýƒ7 Œ¯YÀô4â61ó„9b$«›Pr˜ú›/ßý=V0â¬q—8g!¶„€›8!=§u0Gò/ç B¨Û!=1Ø {ƒË6ÎÇQ«Ý‹'8Ö>ðçô®X•¸•b7Ëªªu°=î›ûé‡|NÑ‘•âR¸ÿŒ“WVãV+³¦Ýçfû¶=$Ò€e…u‚¨o3Oó•?‘FL¤Ô8‹,™¸º¼Ù¹ðXCÇøV°a§Ä¢&xaQ*Õ|çÝßV¬è·›Õ”`áêÌO vä*ým’ -ae’ƒíQÏ[çJÁèÚ¸ãlÛÁ†Ö?fÑGWÚåë’*òeîZÔÕ´¼XBKâ,œ„êC ÍšÇff©O—7*yÜ øtèvîèÃóS<Á¢‰Ý¯ðÑÃM9ÉEZRôÕ!Hæ~1Æ5H0†'*C1YU…[¸´ûXÎrY«äz:’'´MXeíŸ®×P\BÃÁÙ£KB>{ÚJ:@=\êÚË4ðãzå5NzcÄìk? µ!¼œžµé³eûXnŽ•ë¿Ãx€Ý7¡hžzñ]×R¨Úcc˜2¢!Ëƒó7¹4pß©åx‘¨Êûð«Mé‚b?[|B¸zûÚšØ¥Ïå2ã™ÒKƒ—•Ôž¦o> c’aÇSÆ-î4j…Yç—6…:7Éyˆ°ÌØ ßr,=ØêÏuhI@}/oõ¾ÆQæ½GRgF³öÞö¤R¥;u·÷pïGÃ–”V†(TuPxüàâŠåmSDj’Ô¬’§zAìÖ¸„èÄ ´èþSpäg$S¨ÁÝ‘Z, ‘#š›¤+ú)^JK£#¿òº;ßxH8KÌÅá™LfìEw¤B™èx¦`ƒ‡1ìW|•e®ÖÃMq-ó#”6·Á6ÒÅ“þí/~ÿ‰ZsF¨¸<=ÔäÜ§H/U=¿TýiÈ&)áÚƒqºUY&œz|éÈ¸Ó9Â6LÅ÷7ŸA”êpcŒøe sjøçä¶Žîƒ¬34ÎªL{t§nNõbA|«£ë1ìçu"~Ç´ëÄ,¼CVsæ-sëß(ïö!ÃÍPà”f°¼¿Si†u(p•–²¡ð( &c‰ÅHKuý+\ÈmÞl·¨/¥}…<*Xö{HÚ¿¸öÉý²Xf…:#©æýX²ƒ°péSÒSº!aÅ ™•y~ÏuƒÞd ’Ç Ö¸8S4CeÕ™}O ‰>A±yD{X}Ýûo.!ÇŒÁúKŽVwe8ã$ÅZ˜‡ä’É![“pš¥Cf+š·LïµÂŠ »D f1¡E¿²Üå”ñVþY åyHÛ¾ÜßÝ³^ Fƒã(Že>Õ'%€C²@Àpå_UÉpXŠ‹!Ô='&pì’ÎK›¦>–¬Húá»<Ú·ïÊï `÷DRäÎBÈ1 ðãø*ÛFEI&ÙÜ;äO_®Ž¦ÿþxŒ²Ë™Xâz½Äž`$¿Ø€Ð©,à¤C;œæF˜´†h0×Ÿ´¾y«Öµœ“DW•[:ÛãmoH¸À${¸®®žÃ?WÞ7ì%AÉžÂZ É‘Ygô‰x¹^Ã]}íÛù‹²¸:2Î?l!¤Û"1‹C¾qKÄbäÝœóH¶Æ¬Á”°ŠSù×‚œO-=nncß’0qøY•Ó·ŠæÂ0žæÏ³Ïœø°âzèÀ¤.[\E5PC?5±YÄ²„ª«TÛït·(—E†ø‡›L¿}öë±Ã¬Ä²†*{ïuº 1^¬-6”ç¶ ®%åB¢ÂJ)èhF¦ÉªW~1õìo#à‹ÇBß~Ê”G2êò_5œž§È”H|`éU"e#»OQ.òFüž|£=1èÑ6ÄƒÍ´¯¤ô>4¬íðyKD_¼Ÿñ–]jsöYêª}ÒmÕ‰¦u×Ÿ);<»Ovuó6šR$ÒgÁÀ÷„ÀÕ£ƒ€âÿŽÐ2íèß žŽ¤RÏ¥y<ÿâÉÍ˜Jpÿ~G ¸’¯#âz7$ªk6Ý …îÛ"9’6°¼‹¦˜ÜéÐJÕâ¦$nÿu&pÏ«ï2¢¤0·Ì('ÎƒüÒ&án$‰ïsý Å´«9IA0-ó½äè®îºßÿ¨8îúvôÉ€ôt¡£à–æêäîõàQ2£¹6R/åú´e¾eOð#²ª:÷Ó#°Ól%/oÞhØîÈg7IdŸº¸ï*Æ(òúÇùf«Ï×?7ÏÛ™¡8i !CÅ|àŒÑšˆ˜å,ôjëªÖ…Ò=_†nŒ)èe.©Bô÷eµõR„¿q;”j˜Ñ_©ÛfsL=Ãþ0KÔ³Æ³qäb`^ÃÀ·Üî"œöÊëçv+¤]õÐÿ³³"6¤&@ºÎt08þô÷K¤"ie‡ÆèZÎ†k}ÿ—÷y4Þ~‚DßØò©Hºv5Á‚†±PQïÌ?uk8_=Öœù”ónoÔ¾ïX˜:+.£=ˆÑì9«£èàRrÒd!‘TÈe0¨[ÌH#Ã¶FãÇ 'üþ‡úÅÂÕsŠ-õy¸[Å©’2Æ£.·*ãFQ=”›å ð!¾ƒª%kTô—¯sÆÕŒ+ªä.šT ¹CY¥¸ñè5ãûÓ@Å˜rtÏn¥-Ðßx×ÉŸ?8š;W¿õ>UÏ×aŒ/&Ñs–Ú‚%†ïejà¼¿Hy9Òõ‚OYëÌfv#yÀpŽ–<àåœe!½þÙ£4æynÕ>ËYð,=Ø’ò¤puBÝ – ùu yÂÞkÅ7…K¯/‡¨©PM0G$ä@íUfêìeGœR÷¬†Jñçª ¶¤ÛÝ¤‘ÄÇ)Ž¯ëG)*Hê¡uƒ[P)5|—9t‡Ai*è4(ê®ƒ™Yçƒÿ«wœ3-æ±/!HoÏœÈèhJví™ÌP‡U›·×µž×É»× ‹ò}¨Úzs" ñìGÐ(Ï•ÙðŽ:?õ¦Z¦jâLqZ8pÛÕ8‡ø»iŒŒÄLÇLaE0OZ¶ä(‚BFkN&Õ²xZŠÜ{ï»¯‰w @·%Åv|/#Æðd7‰E—¾Þ*)çi‹97ç3XÕN’«8‘C:§Š “bNæo&G½¿é§ë{ ¦¬ô#ÉR%X/"'Îl¨.Û”bùD+mq„ÊY·!3e¦d|VÁ$g<©«‚°YÄC÷Rc|p˜˜Þ*ºpô§ÃÞˆì¢ûâÐ`ðÛrÿ{œÃ—½þüÛ6—2^(¨júP„ãjGG»´B³ZØ[·öí³ß #&s ýúú{c\ö7Pµ5Ž¾ƒ5™Ð é$ð`ÑŠüE5 å¤5ó§íÆ òŸX*Uæf|L!Ð\|màlW±±šËKV¡×.,‰Ð4}¢´Î$Œ"ŠHwê¥)pÂ*pí}s]12¥Ø {¸)R½*+¹5Ÿ@OËvÃ”xkìƒ$³é6¼ö¬`ÑÔÀÌ˜3][¦Ì ®(á”!¡°àœK ¾'§¢xµ‰Wš[$?Q¸.j-1î‹¢ ü’öÉŸÈ/Ú\_ø!œSGIË¤)zº‚þ £§Ï ƒ’ƒèJÿ>¢Ïª²hÒÎà_ü{F,Ý[^Ás=-Ê>D0êÈ9—8]7ËÓƒEËÝwØŽÑÁVÉMÿçÖÿh- mO—ò3?c ˆKµ«A‰þ„24c'ÜºšK„ÐÂ\˜û™(?¥èøN~D´odÊBq¨kÞ(á\ãË2T…h$KìònR‹+Ðr9n¬}@bÛsEJ>uC…£\'Ak¯À+4¢2$ kiü]×8-'ˆ1¨œ¨û&€´Ô¢ã®Ãz¤_ÄFøÕ×6¢)¿•¬“EVü„¦™Ýiáç»œ×Ó‚Ë-%8+Ú…“‚F·Ð|‚•ÊAœ,„8M³ù±N ·_w£¸ >‹Ñºù¨iÄ„’p§‰Ÿü4'q±C7í¶øGÊÎ1ÙNBU8Õ%& wÂÕXÕ!é.6ÆÙ¢u€æ½¸¯][¸úhÑè£ƒ0Ü5OuŠewÓÌ•Kþd1"(Â6Öj½¦mñ6y( C.X2[Žo±©v¿A¡¶´ÒnëoþN0õ}?…€$*XñöïkhæÉ±ÓZž}‹] ]8‡H8£!ó¯ZC \M¬½@}+M.Äg÷"/×Û$½pŸ ˜c:u>¬ƒÈˆ6¸—ñÔýqgÆFÙŽÊÝ¤U(þípó0ÌØpöì ¼šd®+Ï€ÿC»·6úÀ½YŽ:âývüJ÷“ÅÉçƒñF°ˆB]_/éÇ\„!úhúÁçYV1{†m“¿+Û!réçmlÒma<„Á{”‰)4¯züXÂÌ2|>Þp¬a»JÔ%("ùøþ‘uüÝþô¦8IVÕ»ýóJÒ:0êòè—ä I9×Y:Yj+ZÑÍÎü’ÎÉÔª"%¬¦ÐÀæÑIÖe?z¡ m²ë:%D»á#óŠvé¯OŒ£Z)‘*R\‘ðÂj$7 A]©Ä DÐÍ7Q¼‚ÊrÛÀ“²<`Xìå¨ºJ¹F1ï °ÆÙX7ž7¯@Î×59Ü½%Ð[@¿,bs€ƒ™ùÌ'ì0á"ñ~8DÚ¾ùK*Ž|dãnl–DŽ w‹f¯›‹€}ÕëD„iæÂýãÈ~TÑŠu¾~°Ôí91/ìñaó+®:¤9–Z‰JÍ. ×FÚö˜.¼s"Ë¹b–‹,éÖ‹rÚLô?êîÎ¯ZËþµÞô—Žø¹dH–zi¥áœ–f˜ŠÖîdy25#C¸1iZ1«^à´u2£-qbû½åÊè©Ò¶„a˜¯”+¼(˜\“ÊËÝ»aÃ¥£®s»_Ù,o'ÁôËšËíÜ>“rSU«rÖX†ý“"sêwªË˜Ú#Ž¯EÂP¿Îå(”ëÄJ›S”QQ¹úW7JM¿¬œµK=òaÓO¯‹ÝÇ$s³7Ut„ßÛ°ˆ×ÑÈS(0y§r8ðåDçßÁpJ¾y±b»¸èâù#/"%º+²n=97c1àŠ½6>^8Jñí:d…1ö³+2>±žÙ9s²žëšž|Þ–§5HFÙÕ‘a•3 ¤œi`Ut–ï·ïAy´ ñf”f4vja2y;Â2Ì’°pa\ã¬´a¶ˆQ7qYû´¹¤ÏUˆÚ*uf1Ú.ªl4fš„´«;ÏÛ¤h)Xž¡—îþûð”‘îH)[>†ˆ‚ÛÁÛXþa ÉÝXÕÀÛh'bHZjõc²¨ì_ÿÎâ7Rfå»ëZj$ýIu‚ÙÆ€s"”/Çicx°¶ÖykÍ'«EûÚµÃd/gbýE³»è=Î} jöDëF"pÏÁèS+ò\é¼C&æW±³ë%4³0ñ¶þ:©¦©o.¿Èíû<ª€¨`Ãê3Âæ4êè§@\y˜í=#¤P’¦Ì>Ñ° ™.¯i±€ÐB6o,½¹F˜x :.swÑyÆdyÚ3 §__V-÷W=±ÊL>‡³˜C®þžÕ ÷)ºXˆá¿Vfà7 ÍvDŠ:þ¹0*ºüpÈ_^¹ª3ò¼Œ‡`9ŠS&òt7×&Ó£ ùQèš-<Ž$W$ÊF¶â†ÃùwZGÂ9éLÔ,myÜ¢™qŽ¿MAEi³â¬GßX»”2Äâ·ã~å´ä9r’s‚–®'òÆ7)”ÜañPÝæ_V°ç¢«ÈªÁ{àŠªÕ÷_®O“V\Ñ_à6Y¸˜#;ÊOÄÚ\‰²8h¹ãVÅ}¦œ6¡iÊW‹îÕê )¯¡üïÈ8)ÁzÓ/Â¸Ž°Üšm”Vëeplæ÷Ä¥)µÕEB8ïO·¥!÷~«ßGìÅ…7ÍîI.¡½9´ïùTðžà‚œ¯Oó×6×ˆ>~vf™ÕTýÃ°Q,sêÛ{æÔÅ›@‡3Üeƒ p|±y4h…DH´*øøÍ_Š†:(ÎƒÝä\°¹tèQò`¬PQ+Z™Y5\ÌBªL/ÆÐtj2aÕ×Þ¨šÍ:ñ´£§èçC’“â†©Ð™‘$JSçH®Ù7·ò°?«Þ=@^§ŽKšEËòŸ3#óÐ°Ø¨Ê„™"=dœÑ¯‹Ã¯ËÞÒ·ÄóG+çWCVb‰ÔzÛÆÅ”k$ªü¤™eW0µwý‚î°zûP¬°æê2èÎÞ3ÅQ‘pÊ” F©0Áls¹ÔéŸW_X…Ñ¸$z l=Lá‘‹5ùD9µk$C*Q_,zS&C1§ë°ßÑ^ç7Ôæ0ÚÝâ-7G€mÄ¬cPüü¾J[¶î'¨ídòº©hwq±ùÁž¢èµ¡r«RÆ˜ÎI³ ¡Å¡L®ª\ÑîÛhî[.,Óahä:€G-v.`*)„ òêüc@€–Ú”R£N2’Üx;ä†£}*‘·¦¢Î¦èÁ¨.¦‰/9¨ßÓ9„¨¿å]ŒÖ&a6™œpb¤bZ¬ A89ßE.¾Ç‚hj°|ÝóšKFpãBüR{¹ƒËÚeŸð.cN[QWËÈÛIçJ•„Œs”|ÛmBc:¥8|Ö¬ýŽ¿°OŽÏõ{D\`¾ þ¤gºÚ¨54‹a?¨ÿ0¿9ipN´€6ßÜ)-O0GòË¾Ž&Äppƒ“ÿ½\(5`F®¬»Œ€S¯É…gD_Càa~æ»7£@±~Ô=È;¥Ç sX™ËµwVÎ7¨Ê +i;]¼˜tv¿o¬‹[(¿-¶m-Ê=Hó0ƒÐ:bÔ;2@ íÈÿüDÙŠX©Óå#¦òº‘»þ†*lÔ| B×d6Z|4š¦i6ÿók¯a}Z´ñÂæÚú£æë‘óÄdú¬qgË®›iX&£¡AC®ÔäU¾óo}kÓJušEVOxïÏÛÙcƒuÜÀðã¼x²½`S°¬}DT{†hÞ]"{Ã¢y²S™C_¢_,K±´8ýÐñ±õ®ä¾=$Ñ×ì_ÂA]Â?!Â¾ Ä \¢NÄÀ¡´Z7ŽâŠâÔ:µ¾êz\óè¬&vòXPÛ»"J·šº59cþrÞöì¤™ˆÁ|ÿoSƒcÚö'P>³€@¯11$ORSöì¥ÃWO–Ëe/€ÌàÓ#GNkkîÝWCM;Ø‘‹† þZYô÷¶eÎ,øÔœµªÆÄghuÌ.’ŠqÈ*pYÉ–Ê‡§•^\þO|ª ·å”vLAÏ®#ÔS³³®÷Ü)•÷!‰¢ %þ®ïu1Ý°€lŽ«óóêö™ˆƒ"lJŽŒVŸ;H38cœÍ0Ï¬¨WÅ)ØBŸa:N õÊ”1²û£‘cTt~¨ìxTìm¥7´¤k·¸Œtî1ÎT^²ì,Zc-ŠÓl™ÔÖ7´{°jïªr}?bñ|ùY1Î¡XêGZ\ø€å± £Oø¾Ê#ÊøuêÄ××ß®)ì]~®ë÷wç^¦ÆŽî4*eGÿò8{nÁú×"ÌTß<ÞáOCØ„5]ƒ¤ï®y®i[cá†"ãp¹5j€LÁi3dI˜,®ŸÅë‚h³cØ¡í?ØÃAYÕÂ¬À×½¢ºbƒ´ÃP²ØiEÍH¼Y )¥p³YüÙÀ†É×êµ®zq=Ab8d‡©Så9§œfs¢E$A!*Ì†l†°X–F Ž{ŸYåY‹ðl8¢o±9¢—X‡šª&Z¼íÏw®RF:ÝÈA"Îé™Ñ4Õ^•+ÄT§ †·¨Ø¤¶8ÒeÊ»m‰µXK,05ï?ù†ƒØ¡'2xæÇF-Âœ^J†òk4:Î«EBÔƒc<ú)‰?1+ÐGÄ¬ÝudsŠ¥ÅkVgâËkÞ1€^$á»E.ôÄ…vÆqO:e·@lacÓÁ:¥:dO> ÑÍsZ ¹;8o¶j¼è\r‡?Çº‡‡lÜýÃ»Ó¶¿RóD¡Ìän‰¿@ýÿã…ÏHž-±tÃ²BŒ}6Ø°v,i³Ý ØˆR¬Á†×š“÷íÌ äS&8g¨ÇÇñ-É¬rÓX¿YöàºñÒ)_T+l-P›í6!8H#mb«î ¸2‰…H|¡)û:*¨ÐojõÈŸòjµŽž“e»JzØ Üî RJ›óBFù·ªH ¢¯¨ê§3î‚»$D¶Ðuˆ(åQ§ _ Ü1?ƒòw¹˜üU aÇBóÒ×ÕS§ˆž§q…ÞËÀaðEŒX+=mÃß®VâZ´†>YcÓ^0¡#ÒùJEE+2;{„##ùJ+(>6]ûJ¥ûÇ6‚."ê.U\«|cä„J1 øßZæÞoxäd=«ÞÅðÂÒ1z!g¨ã80ºÇÓŸwÁ—ŸÝdA…Ÿªîœ¸µyjMËâNyT‰‡ÓNqÉ½Dr»GËÛÄƒ?„ Z*ˆY,pí<ª˜Íatå>ó]§2ÖËÂËËÉÞ'«iBD¼Hõµ]ãØYáüî1¨W!Šböêù•gæåß$Ó¬q(H‡‰§Çøž%(”ôFêQÞ«¡L‘_Zâ}2Ó°5uãE’ºa,Ú?ØDàÍ»\.¿\,\yo´|0X‹.!¶|ƒ5ñ ¡¢»0DSSúbç-èÛ÷Wãþü¤¾<Æ²P¸ŒjÉ©Uœ˜–¯6÷´ë~&Ç›¼©÷O€ÊØ9µÕ^²®ÐÌ1ßî»Oûìdic¨J)ìÏç6<|Þ;m‘sÂKw«kKžém5ê0õQÜéS°ìüÜëYzµL–ÝŽ<|iñ`AÞÛbìÒ8á•ÌQv`íUJ0&Þ¼pÑmÄ¯HrÒäZTÌf>pc„3O'ò¦P—FRU¡@¹W+ofÉ«‹Jì±Û Óëwžû£~Èàµ€Yr%š (U|_}8mSCJ‘ÅRë:§#W™>¥’Î¥° [ãÙbs ‘Ÿ NK`n8XŽw‚²ÄlÕ“Î’õóþmêâÚòÇ6(î·ë&<¦ŽkþlÖòô{wárL'Õ˜Ý…²œºö àÀê€Ë?LkÂ{_ÝÂaÆ_ÄyßƒQš)»»-Š'¿·û-]ær¬³û§ïSË÷îsL€7ç Ýß–(Ð¦ ¼8PDéL™…8¼”8£DaQ¤dK{8+æÂ{–wyg=×½Ól™šå¬k¥œ^³&iêsnÀJÌh6‹Ó’ùòáÍ@n¶™ç|*|DwëRïÞ8q³pÂá´VµL•®ÄÙÛk2Úú.ñ3×HàtÅÆzXëQÚ Ô\©5¨øwAB¯qzÿG/ úè?TšŸ½Ú×©Ç>ã ÷ìSòxô”†+Ïv;T°/LÃmôÂç¤±éE½ïÔ6…èH¬‰Ætýë"|à;ÐGq=©¬áË…Úó…Õ¡“á°Í‚\,HÀ*—ª¹·ÃZ“›¿eCgaZépX;œçX¾"cÿ·Q[[ÆVs`ÿPQ.ŽùÎ6OÁEYÅv¨]}ël–¶4'ˆ„N›mWO ²³lŸÌe~GœÖ 3+ âé˜)hñj$%¼§å“ôDšä˜V&"ÓˆJÒt\–ì ”)•¼4Q¡Vâ´^µ‡þ–ç3p8Þ¦ÍYú¹ž“ËbáocÃñÜÿ:W´EWä«F=+û|¥È‘^5þLf;Þö VXbŒ¶£`6è‰>‡ä’‡o´{9C:k>þv¬ À|È¯º)ô±\MæY€[ôqcÒw+yd¢øáMž„]ÊQq<¤rø5+ÙºHÏÃJ«Ê4±3¤VÀÍBY9ušA÷~˜î vlXFÅB=6Wfz3N·úõ^-‚YÒbrÓòmzÞÓƒçöIŽ6IÉa*¼{~¼héWoâ—õ¢PêFru`Ð'¾LïdnödÙë·©Û}Þª?\EdÆn1ÂûEËnTðf9.L8ø@Þƒ©Šé=¨MñÜDp¤¦ÈœX /]šÔG‹NH¦_Ä +”j¾ÞçÇú$Q¼&20áÏÁ¤Üd©Lñ–ÊÔZìšQ¼!F¶ââq^ý8âW?écæœH–Â“Â2ÄÌãÅ1¹CrT¸Z:@Æ9™æW¡J¿d/¸ö—aÐXhmWÛePÎˆ¬ô\í™bˆ´@Œöñµ^þï4’¡•Ã¥…ü-S^ZïÛyç<“!*'ø— ¿M{ÒÇ¢g1^å¦Làô„·§±Ng+r*G3O¶‹Tí’`6¦taˆ„_“ÓÓ%ø: äþÄ{f£¨¦¯] žFZa=_<\j’Œ‡âÖÅ¦ñ}BNØêq]úz_f’)×Î±i#!4þ(Òú5Vm8sÏT¼ÎÀñ„i«‡ñ-91´ÅElpÔè/û*Y×Iø£4ÀþÊã\Öu¢|–q,ÍÁÛfÀR†4ÃÛqæB1÷¹=ÍëùnÍšÙ<’mC Þ¸Ý°›¨.ÕA¡”]¬„SæSø¸Ôj_ð€ùÁ)í¼Ä>is°{^ãb²½zë|U¨îg¢1ž\mº/é<>=BqQe.ö h `Þ}ž„O™Ú£¡àøÎ8˜ H‡”•œ»U³kaÚÙ6¡®„ežu¯€^bÔ²‚IíUqõ¡Q BŒIÎ²€$»aëÇþ +vþBa'èM—ùÈ ÊwßõmzºØ%‰R{E%aðfÊM`«fN§’¹„{ÔÝ8îXÖûPòùð”9\ä3¸9@';ü×å²—„âÄO'GXÅjGs×Á®ØkBO®Æ>¿Ï>S ç0J2ï7Öñ‰ÛÙÕd¿–ó†'r_‰¤v ’£¹©)?ðÂ"ÑŸÜÕ¼UìµÒ~ï¡GÓ ±t<ÎS¬ƒcj¼JÝG~f< ’_òb }® ?svà3Ó—šv«ºL~ËüÇÙU$½Æ[òaå¢³@¿›iÄÐa.(HÄöÒ4´5ž¿! ½/D)œìŠ:}ÕƒT\×3Æô ÑU@Å¬íéËº²Íìh\þC¯àhvè„Dú Œ7ÈÒ‹ÏZ}P‰/Ò°dàý°¥pÈc;Ð•È÷\ >»-J o$ìø‹¿JhW§9D4ˆÙ‘ûÈÜ~¸û4àMZkbóˆ íh0f‰#=±Åf;zŒ.=vU_®7n[%=DÇ^q12h¾ë Éõ‘D[0Ö†¹;ªJÅÙ¬•í qßÕ-ãRÙqï$·öÙÍÂÉÖ"YhµXŸX¹%oÈÁrjYO‘çàñª'/Í¹æÎ^ù¸,qú›Ú³J‰µL_)*¦ÐÈH!{äÌð6›P[èôŸÈ3{N²qm¹rÁëÌ«M-N*jtÐµ u² µŠ½à^Ùy®‡_“QQø°pBGYÄƒ Ê¨è=ª.Õ° VÊ#^_øÖs¬æ-}pêØeË8žp‚XEÓ¶Úã}Û›Zr˜ß©rI¢Gãæ*C‹}režNÆEøÃž‘g…^â)¹CÝOó»+¡áÜæ¾‰ æmÝ¬asEgžN3ÎÛ†2•ûs.}j}áv©C|¦ìR ½Û³”Î•®¸)HjÀ‡ËŽeŠ,‘ T”$Ïœÿæq£ò§ &•±”¦‡¬a{ ÚC2 ?šù;Ãb'2 ¤Ãep*ñ”ßh«ýVgR ŠZ=Þlðz™¾§ºtô<\„å.þ@7ü.—ámTúj•+„FBvö~ˆ'Ì9-&”,Ù¸€ÝYÝž{nÜÃ!:;)3‘.›ˆá”±~ÓôJ<ÄWüuØ [Ì…y½²+u2DEû²È:iÊl|—ëíÄLjG²%ú·Þi:Îo•ŽÉéó3q‰&7!å6'c7/ýœác··o\p*ý(Ûæ.´É3¦1–‘>’ZØ Ç„k§+VXesœ Axng/VêÂ¼âíkü1ú¹ mÑµ°hm$>L!TÅ¤î·dËï™ÙE¸~GŠþü×nrädž9óq`”sÙ¾yÐ÷YNJRª×àõHé–‘ÆHÈ9¨ËÖO(ð2êª+,êÞ¬~j/†˜]Ú÷ûã? Nô&™ß†ÿL2ËËpÊ½¸èøþÙ.@i=9w¦ùì1xèÓÑß7›“rÑŽæZc®¾ö@X‹œã ™b¡á¥iºÎ5i4ÚæÕ”‰²M³dÞËNj4Á¸FLN§I¤Ô†‚UÙÊ@]½ºÀMCB!Xyù™aÂMÓJzÄÃ±—þ¶EÚý/aSlÖ-ˆb¢R:÷ú÷£=>éc?™˜&§?þ™ëÜ+—Bóáx .ÊõŠmÓ¢ú®Ò¥eV„M)’åùc4¤Þ±±Ÿ7Îé¬2å„LÛ†EMpfŽ¦‚Ú5û¾t*ñü™_e_å&ãK¾jwýKÇÍòLuIoHuBêP>O„«ª¯•XÏ¿œÏ&‹q’ëK6:›Ý×$ñB¼øØ¢äC'í² ê(Áè1d›YþŒz–]æý=í¯výxo£äŠO²í÷£]Ð†‹V¬ðNd'zM«¾Þë9©N“~ 0Û˜™À``ëSFQLï°ö{F0H@a¾ÙöyNC'r\é*`ë4—“¸Ò¢Óñu ¶ÅuÔ¤øŽà[c<šn‘ ö¡¹áFÖÈqóPšÑå±n<*t³ˆkï0.Æ…»št°š›ž•4]Q³Âx‡CnÃÂøMLïÐçÂ*Ô—Ü‹?ÿÒ)÷þä•Åü åîÑvw¬³š¬¹2‡™s¶ïÛ~´Ï°D{jæÝwSíhµÒKñõ ÂËkßëéf/0%f?nÆþ?Ÿ6ð”â‚óÛn1C„ôR™óF¶(§Ú°Ì³4(ªÄîŽÂ÷‚§ðá>ÏÐÔÊøäzÃƒÕ î)a— ŽQ#Ow–4=ÿg…Òwª¬ÙO¿™Öß{t‘ûw¢òÈòpWWÔ*8Jž'Lx. Ì‡gx€%Òxœ$à0¢çŸÓŠ-Ñ”ßÞ±‘wí'ú´‚I[eoÙ™ü²¿-Ýä)ªºÉ•"S:LI›nCÈØYu‹ÄA>ëç¸•:úZARFòèâSÍVöYº˜–¯ãøLú¬ë™gÑtã|ŠI8oGÆ·àZq€©¿0}è^Mw}kkwÿÙÐ7| ¡¾ÆT5„K0žZ±j–¹»Vi&UvÜúŽ‰F…ØÖæÇŒÐÓ%•eª(]a§¸7¤Þ•§È¥ˆ`z—HN÷«œãâƒGÍ’E½ äEj(s„jwÂJÎtÄ4Æí©’¨Ò@â£©©å«åä¿ÿuÞ…QñÜÒ÷Ó•u†!” Á/²€Ü°ŒÚõ2îGá PGs• ýM½o\ø=ûá«(¯ y•è0Ù¤Ðkj!Û/±Hi}ª·^5¼iÂ²ùË÷I7ë;¡´È†ÏéERYnøyŽ¬R¡„Áˆ©A½’8ÍÂX¤µA;Ç¶m¶½rmº·o«ô:sÝÊ/æ|K†×ÛÎuIÓýP}n‡'êp#vÓ:[^ ÷~~ SíïQèÚ-AovYÄ“™ú&qEèÎ›Ra5£BJ+ç‘7µÂtp¹~Xu8ßÚäÆlÎ‰——ÕõÄÑn&xJÝº³ðaCå€’ß¸x÷& |Úêñýb‚«®TœQÊpçMŽR$ÍˆŽïÄiIÝcÑô®€Ù¥-~»qþM?vþ!,Œ«s„œ÷`{—?P©å¥IGšJ7âýê5-|¾¼ë›ùïA^\è»NÚÕwîŸ©À{) ^ž@SŠ"ƒ’$ÚýLÏP£ž®FU–Ò¬Â0fÎlËìÊMæß^qÑY^01&0ìˆû–9† f’«g…ø}È‹Û·O=ÆX}7À™÷êPàfø]é2ô›#| ÙYwT– º÷Êµjñ.ª 7ñ¾s™1‘I®1&Ñ¢½Àðvôs?V8÷SçD\|¿iÙ*K8ýîJ°ìµNÃín?=jšf‰ÅSìt`MwÎê|¾ÕRgèûý\e>Ïµ ±./%S&PÙß‡%X6›üé€¼X-¼>oX±yGSç‡I}5´ã´ÊÑsÖON[Ñ("º™Â!¯½Øœ/uLE”›Ö>°ü’Éqé þÍ… ?óÖW«Xòe¯]•%|óCA±²m!òV>—ÒêuôŽÌ\K¾^U¦ù9„6×ÄÜ®hKÒÙyßlþ·ÇÐW×¼NKxÍëc1IÖkçËæ\P‰ùK°ˆh‹wtvršg•ËtÅKmrþWê¹ç•×ó"Íƒqv§†´Þ8o–›… A¶ó1÷-7Û„lú—ú«ˆ[NùtÙ'ðvÁè££öÿ'iÀ¡oÓêÁ7?…»Ù>Ú‘6¥`_”]äKlJŒBJ|ì›#*)òþýéÈwÓÄbQQ7¡¹'û¼smm¼•àß,åF@wc‘OHÞaÊpéßåk»rI¥C L_µÖ'•[ªŒl¯ìñœ‹±rtïà:K0~GÛ¤ù÷ Êý6« 'Y>6°³wþ‹‹!’LF¾ËSõæ.{€7'„iùmb;nlåöÝÔêˆyýTIa "=²!^±ö‘Á‰3; I¸r&±=©4BC•íi¥<æH~G\Ô,á¢0 “ª`‘Á¬®®.Ì`¬4¬›§ n¢OÓpzmðØÒe Ìßò—4 št=2MÜIáþwyzèøû|ò‰×yq™ëyÑ÷Ën¯ú Yepp|¾Eµ!÷Ø 3ÆûØÀ¡6Å‡ã?ž÷/ñÂ¸hJ±Tuš"ŒÙoCà[~—‹¯ð1åO‡êKÀrÐºa’’£ÖÖLw›òMdH©b•°ñ²MšD?d‡B¾‡‡zˆà)y#š[bÕß}}ðGÉÓ“2ýw[†9ê›)¼¥]~Õ©¦z‘Ð±áM «™$™N,)ðß8<Âêiÿeà6 ‡GR#B¼¡U!Nÿz‹ï³âë´¾ã.vÜýþéKì}0â¦™ØÝá1`ÌZ&vÄEx"ö¾ÛÇÅÝ‚ ¯:9ÁØNBì<°Õ&e·&1Çgn!k€³ôÀ0š>ÕÄ7ö|Í×R $«–ŒßÔ›xð‚/øö±ùñw9ëäÝž4kû°ïw&'„ß4ïQe&%!±ÆÓ8áÕöç}gÞjÁÏø˜×€é^ÕÖIóÙ°Æ-\j[¢L<‡*˜>\¿0Ÿ»%íâ»í,@@^Ow%iò,—5¬Vâ9Æû”5Pg£ªÔ.ÝªWtß*3Š{¼VbgHã I„4¦V.öwRw‚ÉÀgÃ*x-DŽ +×ƒNÂ·Ðw÷,ËŒ$¼UÖ)AÈÌ¬;à¨¦øï/¤ Ç‚À³.uNÀ3×Û“[pš¢ –-û5q?‹Ô‡Æ{ð{ŽXÿz9´Ù¼å·¸¿´}`jdô}í¦YÕñv#d;ä¡Œ@\ü?òÄÑyóµÁÊÿºá¿¨3äu ¼Må’›ªÂôŸnŸpG^_˜AŽH$aþeÄ±G²æ³ÕSÂv'aÿi}‘2`Q2öëuaS%’œ‘˜–ùW&,ÃƒHµ÷ÛÖ0 &ß!‹-TWðã5:¥pÉ>º8°px’Äå%43aÎeçs·îcü–Š¾ÕV.y[zÍäm{> €ëóR7øšÚ°éÛ+h]Ôq÷iïù-›>„ÌeçÃFt`¯êm?Ñ–4è‘cAFòk7Â]ïó 1á³²¢Mü-ZÁ¯FÙ_4©$J#¸\š¾tŽ/§QàEÅéEçBz´Æ©9UÐW<®ôzF®©·a¿tN—h?K²vž`=7H[%.ŸûŽ/ùAmrj„zOË8ì¤`ºCØátKêÎH¡gp`"yÁ–†)€·ùšŸ©”ß‹ùô£ˆÀŽ‚ÀWæuD¸

¦¢¸W†•`ÞlP,åŒñ¸Åw,8ˆó/x½-öO,ÃBÁYžá¨¢ƒf¾îx¼(ÎÆéÐ `}:g®Áý5dPmÊ‘†T:³5ÔH$ÞWªÄ9÷·ƒdì1„Óz‚´<šM’Ó†Š`©F;}èõ9ZfžR©<3˜5Û`–GóÑ–‹Kc!A 1-¢þ/ä\ÚJ´Ã°Ë×±„èÖæÜçŸ CšÐŒ‚,@ý0Â•éÂ;ÏV¯ríóéýeko1^vl˜³cÒ“ ˆÊÁæä– Š-ïÖ,ƒKq+Ú&Òƒ“–ò°Ø :¤N‘W¡ã®v¾¥ 94TM85©gº9~t¦@½G5@ÄÈ¡¸þþ×n5¦V.{&&2Vðü£@3Ò«tþÍ4ö¼ÀaT*„™ôŸ<öBƒºSnaÉ¾WW\¨<)|¯ˆ†Ðç8{^¥·Òì,H[çã‚Ïl¦üMøµ^Dy1làæNd¤Jíml¾n·b³ú†¨FøÛ…Ó*Júû‚aw™LTÎ:©®K°NC)'Ë¬îÉ¹È½&•˜(6\Wn¢tþáj@Ïò5aÌ®¥+µàðeùœrvz¡k5àôŸHê† ¾ñ¡¼¡ýãq¯ÙlóNÍIR=·!_¥à9Ü ·åðŽ²%vq³ ˆSÄ’?Ôœ6†B‚nÕVø†–Ê1®o=ˆú ÖI*šMúIn‚¥×ãÈØ¼»r:rÜÊ{ RßK@c¥òéëƒN³|)Ó<ãnÝu?ï z¶•ŠÓ—öß¤M<¾³™5;.Ó‘¨úŒ±3$ÉÔò³K‹|´Œ•fJÝCŠ8Ìv}Y¡'PfÅ´@»”Úõy`”X0<ˆßŸV;P\•3†hdQ óÑ‰é·sm3Ç¦^JÙlàÇ7Ä4Œ)B]Ùgh†ò¡Þæ>øEáEÃñÑ3Déƒ«ghÜR®Ìwy[ÖŠ‘“Àr˜_{ŽÔát68˜QN+Âi*Y©ß„ËcoFdŸxûŒ4nEº¹ÕCfj‡òôÈne>$ŒeÍ[fÝŒ‡£êR(a.¦Z;R(6Â…Àåqžò úHxëŠ®z?ëb×ŽPc°™ÔñE\"B>.ŒÀ4ÈÓwDÛŸsé-úØQó£©6Hý’Å¿Dê4ß÷ßZ{¦ d¤¬Þ 6¦F^Vp\:°kéÚŠÏ?ƒžZiT`›ªòºU¨µµ\æ!ƒ_–Wa¢å¬tu¶ÈTG<Êu9Y¸˜ÅØÌzI½Ã<•†ÓNr6,W*fâÄ©¾w]‚ý¥G´æXÀMµ6Ð$k Ï‚:nFŸ`u¾Jk-ÇZÙM—wÙÄ,æ•n'?3Êyíá“l…Tæ¼=íäN4Yµ»fº(4ÒÕé„y¢Þ¢óí{üì6Ò‚^6Æ‚žnÈce\Þp0Š,Øk‘–ífÃ:‘RCMðÞ7ÙÜ¥h™‘Q~DØn;éV´j%…¢,!½oÒ´° »|nN)i™gÞÿÇ3ç7"äùqkCÂ`¹½'Aéµ©¡Ê<Éàvt]´;»¡&ÑQ›¶j°#Ìá©í±AáîJ&Óù“^%Ô}·Œ;},%gà†'Ç+×ß “ÕZcüsvnåzaå#®«ÍVqáiê±ZEcµªÃìXÖDÊÅ Á¥›òr5¯sËVBÆiàì¯µr¼¨8.ÔÚjÞ‘#šuú—£oY!ú§ðœHøÙ4Q‘jÌ1m×·hì¡}î«u¥§š²D5^9÷{ É#w%s‰cX8âIƒÒqâVø?¯íŸÁòSdL‰mÊª¹ê6Y‘I›µ´›Q(«[fÉ®MS¹Ä™#nÃ©ÑÛ[BÑ|}ü/@çÃñI!BÞý¨I#îÍkÄãr*X×ôaO¹Aë²eð¸1 èV:KÛÄò¡ÏµâÜFøé®å{¤JPt±“i\‚vË·äNÉJÑ°:UÎÂÍ@¹%KÓÆr£à£-–O:®NÖgÜÔ§£e=ïŒ@–x¯'Z_·bÀT¥L\‰Ï¢_8Žåª/U°;ï5õ›è;€‘KÜë5PYP…¬”ïL9ô¦ô¦³í-×Œ¨½ÐP)‰GäžV¡#ÌUÇtÕ)²J¡I{êÅ«”$BŠïßðaó)p³f5aKînB“Õ{l 2b;Gu8£Çq”Â~ø¢á D(#ÂE1h±òž9ÙƒÊ»Qh³‹¢¾Ã;²ð>ð¾”¡}ŠÁtR|¬Bö¡w˜˜‰¯ÌaÄ‹ÜÞŒ©â_¬Þ—Öüv§ÿh J²ƒO™Ÿ»e¡ÚªÙ:´w1qX°7SJsQÁ‘B]¸7÷aõ„(D5›Â‘jÁ†»Ö@˜b°ßkÿÃ”rè¸ûè8zÿZÏ‚èÎàº“)½T©?÷·Ö$å|}hPm‘ØW=8¼t¸òlíJuhÜ¦D*Ð›»ÏÈy¼ÛvmùƒÕŒ=Ùzà)‹CgÓºÎˆ?†>ù÷€À…ÄSÁõFŠÉøÏo5ª¤ÝìŠ+À¿)O‘-À’þ¾\LÅ÷Žï½6¹4å¦F8XÉj–ZNÖN$h±£*VÂ)¾ÜZ¹dQ\ _w\ûì¾#($d™–Ú’uF]·®QZ¶ŒyÔôÞÖ[?Å½t^QJÈ säR#i.ðç³¢ùMÞ¾ú-eËYûÔ‘”½ø>Tc6RµèA[|ý›½iFÛ?†5NšvlWº½Rv9†¿Ê/ä…¾U†ùaN!MºP•’›fùZ7¦‰¾ï¬ÃÉz5==<õÓ¶M¨ ¦ŸJv#®U"óQ$Ë6¯jŒ†Ðt¾«Ñ¯Í2\E§O4ˆî}ÑO4^ÁM"^…ßñ¸jÖ¢J6õ(éÕÆ‹ªŸ|<˜ôr,ñŒó.×‚Šq¯Ý·_ÅgvÊégÐ¢õ§Ãcº«-5gßµDÍSô0'š}…qR#%lÑ©èŸjŒ¡ÚÎÚ°TŠ‘š[?PAï–oh…kH†÷F3³£›ßfžÿØ¸½ÔQ!¦®ø•Ï¾ÍÍk&áY‹ýs5mK[”tü0w„ê1 C‡Q‘Aóü^ÊeôÏ´Ö%ÈÁDä‡³L‡7â€}uŽ‚ÜánÃš{PÏz¨9°ÏÚ¦ü|ÿI‡[hŽ"‡Qzô#I¤Ñ@ÞŠ»kè©üLPÂ¶ö•ìý VªÇß3.Õl¥ðßZ®«g¢·”åv¶Ê„ó |üŽÃBÝþÃá[Ía~áöˆ3…:$9y¾Û{Éˆ¬rÞ·$$ôÎ˜Òo¦Œ]lmùcØÊÚ ñ¶ãËµÅÛêyàkþ0éÅáp}XÈlOYc\dóó¤ðm$ðÇwÚ4ŠÉ wD>|`éñä~ø°ôUN˜Cm˜pþÒÁŸêvF,V®Ç¹ã¬‚} 5¦Kös†è8ÿi £Ãüh¾¥Ïëú-;8…Í2´ƒª%y¿û,š/ S½Ñýç^ó×iµÿLÅ€ºV«Ët‰õß½¸ã=!$œïÖbÞtA#Ìy…>ª’¼³ýÂZÂšÅ—{V7Xð×ègš¬‹(·\1ç3m×0‡_¥0OÁÖ«·Q¥=ý&GÔ;Àa¦ÿÍ¸ØoUð))c‘&$äˆi¾©NRüÄ^–wÏä·Iéu¨ 'ã(ˆÁ ¾gì\ÚhE¦fÉ2ýlÑŽbzªãå eªïåOyÚÂ_²$ˆ`Ý‘Ût£Ù:àÅMQ•£lK³r`nc¡É miœ¹6¾zdv!Wµ®ˆ…ùr¸>¡hyð¬ívr‚Ñg\±9.¨äk²†´¿©#¼Ð\ÙC™îArº/€Ì²¢½y™0~KÍâvÈg¤€›Jà}~˜^+)ÕõÅÇ£øt —U«™||y9Ô'-JêÄ©'ƒ…d½©‹Šð½ý5MA¿ŠN…#¥s°Í±e²Øeªj¢PêùVÓó¶\{3ÞT‘Uÿ€õŸØÙ¤—Rr£R³•óÐ¶1¸ó!Õ ú×gŽŽ• å«½ `j¤Û“TðãeKZCtÃ’»nÿ\l}ÏG` ýDäM'=ÍzM= "OlÊ!?>ªRqå^0m±»Ó¯[L xn*I“R¬¼¿5*VÅ(5÷œŽ€yuÝàG¤¦ ¦F1$°ý½ÝÏ»¹^·¶Œl˜)%Î:µÕ”¹—ûm[e-öX&²Ð!‚?ñão2Ÿ4C®OaGÝEŒæ˜UœåÌsß|¦s¤¿e;Ÿ*nZ> êE~‘ý‹q×¹¦G›TNÛË— oƒú¶…³]Œð¶ð(œgfõá*e£ë_ewBÙ!Ùì#»¡s/:²Áº€¿•Íßãz“<-§œæ°hñBf íÈƒæ€Í&C£ì«8;5Âæ?gƒ\„vâËª^s9$‹Ø›KëŒÁD‡ÑEû61¯˜½Qñ>¨x?H3ó¡¡YMÍB¸Ê¼zšýa€y-\o„aæ ¸ÑSÍ Ì5‡ÛWŸä‹ÐT•©rãÔ$ñó8‹ª½E$7‘íß#!{°ñVAíÊ/}UùûcoÂDGõðV—Ñeô†Rzãe›DæJH0Ÿ«V[3çÝùö)~;_>ZJKŸEGŠ•ÐÀÚó‹ £¢ŒÑÈHDÆÁP-:ÖýæŒØ21_jb¾‚«Æ:œ¯bŸ‡ÆæÈ57BsKÕ™5ÿù'œšË-ì²µ) \›ŽŽ6ñ%ô¦‡õ7vBÞø/ÙÑ ³œ›9 ÞŒþNNÌQ£¹UÜ‰*V Š» ÃÜÛë8Kß€væèlîƒîæ~èg¨z£?C•ÖYÓéÃlÔ:÷_´ÕpBˆN´µåÝáqÇFµžÄyÿªõÔú#Ôú(j}µþµ>ŽZ‚ZŠZZŸ@¿üw[Êl×ÛÖs³ëž0½UDòt²ûú¶©3çEZ#®9©Ü6#¼[\¼Ñ6o’‹7¶8Ú¤Kùê˜¿b#Î@+ó7lÄïÐÇüòÍ?a¸ùŒ4ÏFßZogYÕšÐZnÓñ×bµSò1´Š1Î:Ó]Œœ‘ìbÌäŒÛª1.ÓUìUÆ™ ÇÅAR\<¤Æ%@½¸Ð(Îâ¡]\ôŒ³ o\JUÇ§rËöxªiÝVngk=Ï~•®¿®æ+%“¸æÓ"ý…MàJÍˆRÓ953J%_®Ÿˆ×â0Â‰Ë+.Òâ² n\-hWšÅÕ…–qõªÍ¸uññ.µ4¹}ô—=GEô æCI¬ŒÞ¾î÷(;¡cYôŽ2h? ˆþèNñA¶è]âƒbÑÙâóñ]ôÝüÃV:—g¹%tnWJço…«=½vÂR.mµPÈY$„,îß;—‹Þ‡€¼ûù‚nÑÐ =„`Zôa„8‹.Aˆ·è# }¡†E—"x,º!Ñ¢!$YôqË¢O $[ôI„‹>…jÑ§Ò,úBºE—#x-º!Ã¢Ï"dZt%BM‹>‡eÑUµ,º¡¶E× Ô±èóu-º!Û¢/ Ô³è‹õ-úB‹¾ŒÐÐ¢E,ú Bc‹®ChbÑWÐ)¬GÈ±èŒÙ7",º ¡©E7#4³h1Bs‹nAhaÑ„\‹nEhiÑm,úBk‹†ÚX´¡EËÚY´¡½E·#äY4ŒÐÁ¢;:Zt'ÂU@èdÑ]èv#t±èë=¼ÐÍ¢{º[ôM„Ý‹ÐÓ¢ûpì›Ù¿“°•¶Ä$Ã¢ûÃô-\w„èÛCã0=ˆŒwÆÂô2Þs‡Ãô}d|à0>Ó#ÈøÈa ÓcÈøØaÓOñ©Ãø,L?GÆãD˜žDÆ—ã«0=…Œ¯Æ7azß:ŒïÂô{düà0~ÓŸñ³Ãø%LEÆ‡ñ[˜þŽŒ?ÆŸaú2þvÿ Ó³È8ç0Î‡éd\t—Â´2XÊ Ê`$Ì(2˜ÃÂLF†â0Ô0Ó¡;#ÌLdÄ9Œø0K@F ‡á ³Dd$9+Ì’‘‘â0RÃ, éÃfÈÈt5Ã,µFí0«ƒŒº#;Ìê!£¾Ãhf ‘ÑÈa4³&Èð9Œœ0ó##à0š†Y3d4w-Â,-F«0kŒ6£m˜µCF{‡‘fÑÑa\f¸ê±Î£K˜uEF7‡Ñ=Ìz £§Ãèf½‘ÑÇaô 3OY?‡‘fÈ(t×„Yd\ë0®³Èè0…Ù`dq×‡YCÆ°0ŽŒã†0»#Æ¨0Œ1cl˜Ý„ŒqœŽWyo±›ÑI‹¢œž`±‰nú‹MrÓ·Zl²›žb±©nzšÅ¦»é›é¦o“ÜÔí²›š¥¸©;T7u§æ¦îòT+:ÛSìOµÂw{t79×c¸ÉyÓMÎ÷Ä¹Éžx7¹Ð“à&yj¸ÉÅüb[y'ÑMÞëIr“÷y,7y¿'ÙM>àIq“zRÝäCž47ù°'ÝM.ñxÝä#ž7ù¨'ÓM.õÔt“Ë kú˜Å>vÓÇ#Ñ®Cb±Omšòu‡dFÿ ”Ì>ë”“ÙýƒJ2;Ù?¨"WÃÿÅè_Ê¾ÚJð,v cÿtZ„øZ3"Ä7‚˜é<Éy¤?¿‚Á~$ÁÈ„7¡>ì…ì‡6ðt†ÐÁ`8L»ÁW4¾¦#à:ÎÐyð7] éó„Ò¢Ñ=$ž~H’è×$þEj1•Ôcé¤ kBš±<Òšõ#ØpÒ•ÝJz³¹$Ÿ=J®ekÈ`¶…coÑì2ž"·²?ÉtI!³¤42GjLHíÉ½ÒÕä!iY*M"OJw“Ò#dµ´š¼(“uÒëd“ô>Ù*}EÊ¤?ÈNY&oÈ©d¿Üˆ”Û‘Ãr_ò‘<”|"ßBNÈsÈ×òò½¼Šü"o&È»ÉYù0=/B/É?ÐJùòßˆçQ$FÑdû[RÒ3™¬ÔgŠÒ1‡©J+¦)m;0]éÁ¥7b?¯\Ç”AˆAVCÉ<ÊÄñ,Q™Ì’”iˆ·1K™Ã’•yˆ‹XŠò KU– .ciÊr–®¬D\Ã¼Ê+,CY¸™e*¥¬¦²±‚e)ûX-åâ»¬¶r„ÕQŽ!~Ê²•S¬žrñV_ù5PþB<Çª”5ReD5VY51ùÔ:,G‡ØˆùÕf, æ"¶aÍÔN¬¹Ú±'k¡°\µ?â@ÖRÎZ©7"ŽaÕ[Xu2âtÖV½‹µSïF\ÀÚ«°<õaÄ¥¬£ú»J}q5ë¤±Îê«ˆ›X5Äºªåˆ;Y7u/ë®¾…xõP?d=Õ£ˆŸ°ÞêW¬ú â÷¬¯ú»Zýñ,ë§–¯Iˆ+ÔÙ5Z2b:ë¯Õe×jõ³Zs6Hk‰Ø– Ö:³!Z7Ä^,¨²¡ÚµˆƒØ0m®DËFh“Ø ÚÄl¤6›Òæ".d£µÙm â26V[ÎnÒV"®aã´WØxm=âfv³VÊ&hÛ+ØDm»E;€ø.»U;Â&kÇ?eS´Slªvñ6MûM×þB<Çfè”ÍÔeDÝ¦'²ÛõdÄt6K¯ÃîÐë!6b³õælŽÞ±-»[ïÂæêÝ{³yz6_€8„-ÐG²…úÄñl‘>•-Ög Îb÷êóÙ}ú"ÄûØýúRö€þ8âÓìA} {H±ˆ=¬³%úVÄRöˆ¾›=ªïAÜÏ–éï±Çô²Çõì ý+ÄÓìIýWö”þ;âßìiÌþŸ1¢Ê–¶ÂÀ¥ÙHc+:ì9£b#¶ÊhÎV-Û²5Fö¼Ñ±7[kôg/‡°‘ì%câxöŠ1…3¦#ÞÎ^5æ²õÆÄ{Øc Ûh,E|‚m2V²ÍÆjÄX±±žm16!–°ÌM¶ˆo°mÆ;ì5ã?ˆï³ñ +5>Gü’•?°rãgÄßØvã<—Øv“²¦Évš ˆI¬ÂÌd»ÌZˆÙl·™Ã^7›"æšKÌ1æsªyÑ¼Û¼TÎ‡RØ÷>èÉ¾Æ¾ëâe7‰V¶ñF‡Û´q°lìocWÛØÛÆ6vµ±“llgcksmlf£ßÆ&66´±žulÌ²1ÃÆ4“mL´1ÁFÓFÍFÙFAZiãÏÚø—¿Ûø«?Ùø½§m&óG„|\Å'œø¤Óð¨ŠÇ\˜ƒ*¹PÇ]ÜëS*>íBœøŒM8,“ÏÊÊçDüó*žÉ€Š#²LµŸÄT<å‚OdŽÊø´Çd<îÂ œ5Ó"3èÄ)‘9-äŒC2~QV¾äÄY9çœ_–ñ+N|UÆ¯9ñŒŒç¸àÂE<ëÄs*.)pFÚô KìVÐÔŒEüQÃLõ¸áF’)3†¿½+Üf˜Yh«5’á(˜Ô±Uß¡[¨‹«Z¤=O™]fÂÐ# j3PÌŸÇ&¬*²6eæá¦Œàòùºó÷ë4ô^#¡`†Ý®™EŠÔì}K"dŠLí ™U MŒ¬Hõõ £wøi#…+×FFÂ¼1OÄvèá€÷èÁm æwÄýþHlO(Öý[“I2öwuu<Ô ê¦Q,Åí\‘@,5‚¦Ñ«@Ù¤ ,²*–¤ÝÂz´ßO}CÑþVY\Kp±|i(2oPPêiÚ¨Àˆõ¼GG(j¬IEzŒÄz½'LŽÏ3nçÊ>·~9·•#Ô`æº ¦zFß°½]0U]&á«õxö®•»‚FÜÅ¢IF‹˜HUs†¤YhJGÒˆrró·Úbšqÿ*’Nc{ÊHšMÿ—ŒS£•)ÎÒ@ÅzCÉ‘ûLè7Ì‚øŸêi#&Z˜Óò°EY0‰àâø¼">*B'*2,So¯N.°‹”Nž+ÇPm$}*(8\j†Á…A%"Õ“‡×ãZ™ÈvDôPT¼¼y4®i#‹'ë¦Š¯Óö]±T"h´…$B&Š{á5çˆ˜†·áV 7a•†v¼YÃ[Ð¡a5ÖhX‹unF§†.¬×°5Ü‚·jèÆ&Ïkø¾©a³L¾¥áÛøŽïòˆ¢kÉ}¾‡xë»® Uú4K…{£fCDßf4d…K"ú¢†(bâØ®`ú˜~¡A6¬o[,ß§Uì}.«/1(Æö’ ~ ¡A³Çä˜Ì> Ik£†hÌlªÒÃ¡=F¯†âG~ŒŸhˆˆ±Š[ÌzýÍ3.RpÍ¸RÅÏ4ü¿`*ÇÂŠT(l™gÂ°Y£ý f¬AÃ/ñ+Òñã^¿Öð±õoñ;¹~KÃM+éößóx‘qÈóËñ' !leƒÜa$’äq£?c/{[ÒÔÍT’^ì5Èû‹ðTÚ%iAþ*S'U1y=Îÿ&s×6Ãˆ·ÐZ;×ð¼Ì ÇÄ¸Õ¹íÙjš+/Š&å¸íÜ¾_.í4c30k=í¶Õ8ÎB.ˆÑ9œ¿öEÙ&§Ø!/§+Œ)cÅJžd—ÎøiDÔV1-)åh}(bÄRRPo×yÏª¡ùÜ‹½åœ.iö¥q}þ¦Ü£%¥#[å-Ë¬Ý`·¶<³öF»µ3k+FÖ,%Rw 7=Œ¥µŽ²C¸¿Öáx•TÏ½òÿ¦Ý€C9üZ2W¹ú˜‡ÀÌÊ#¨Æ“pã)6™£¬eÇØ³óž`½:Éº’f%9ÅŒ9M×ŸÁ/á~œÇË¸€á"^Ã³JžSfâ’²ŒŸ›Ýx^Iá¼²/XÙ<ŽW¡«¸CÅÌéWp¯Róo†ÐpþÝÅÿ>K³»ÿWëoUÿÍîv§cE Ê"E„íX <[Ë ²¸-ê–Gñ9¶ÓÎÎ¬3Ób}¾ß¯ÄÄÄÄÄ˜c$Ñb4jâ>ø7ñwf·»-ì6âSæœ»çÞó»çuï¹üù÷Ï¿ØO4lÂà2Üƒ!!'„<"äQä1 E«8©¡§„œrFÅˆgåÇãBžÐð$žò´ü|Fˆ¡bT…©a5J:a©Ó°%ã*&4Ü)C[C&5LÁRVá ÷TTT<«ÂWp[Î±-7XÕÕƒQ#H¤ÏÊŒÎ™¢7l—-o:i^¤‹zBµ("œ.ÞWK¥qoË»«µVøzµj¼ ×àåãV˜wƒÐpMÚ~wº»°¤ÉÊ1Û-I`Ï6óÁf½®Ðâ¸ŸÙ³ãÀ‚È³³‘øEý¾cÌã-[wQA{èÍŸ†Õéîf¯ÌÒÝ•5é“nEçPºð/d³6K„6†Î—üNz¶+i>.RÕ{ÆŠÞgq7__›Àû Ä¤ðµ“Žq6…ˆ³/·s»éNþ:B¹BžÊ\’Q~DLH\HBHÛeNò”“®E’t;·èÆ2‚wx¡×N {kC„Œ‘¯o™é¡¬»*éÎ&¸»øØë°w×°Ï9NÞÓ »ç*Ú#ü2ØÊ¹Ë‘ï²Qéž&íÅ:ìc0‚}œéç*p.vÂ¸Š½*öñ_5xû¹,Y³‘k´LÏ:E‰Ï!ù}Ý«dÖC„“qŒ/Úµ‘nUWù’&ˆßd~@ü*!È~‚šùí#D‹oK%®`™¸õ‰¹hA¢³mË•¾ä/ÐG[ú’"M%çÐÁAÛÕˆ‰×ÝJ»ŠÔOX!£9Üvº6ÉñJÎaÕ%< h#‚q{*ywüÞ¤æ©ä<™ŸZW˜ïÑF?^bnVGücTøWôXø%ú.ü[>á«‰˜Œféÿ“pwáQícŒË03} ÷ã4ß g8;Â¿Çñÿ¦0Š”ˆr§1\Ä8w²ñ)Ñ¾‚ƒ¯QæN¾A…;ùø~¥†$²Ë:þÂq×]cØ“Õ„**îSÁg6‡Qñ¿Uæ—[qCâ¬%ýÝ•ƒÀLu0ñW°¾/‘b07¤]¯Ïá®KhëkÁÆÏY™Q€ø^dPîd1Å”ü‹üOÑËœ9Ï¹‹œ½Àrøfdt ñk¶ÕŒ¥‘GÄÒ£ü›ÆVítl¬¼¤œ€'W‹¤ïÒð÷(Éãxm}ŠŸÔ¯rùº²ý Gç¦€-û ï˜ÍhÿW‰[T×ÿ=™ÇøDÅˆDG2è€*¸†AGHfp«fž8:›³¸5‰©1IÛ$Õ4KkmÒDMij4 XšÍÚféòïôûÚôwß¼7ó?Ë÷Þ³Üs~çÜsÏ}|ýß·´â_6lÆa¢ˆ•#Ž„Œ#bNÊH‰9-##æ£2Ž‰ù¸Œb>)ãÇb~RÆSb~ZÆ)1?#ã'b>-ãY1Ÿ±â9Ïû/Èø©˜&†Ÿ‹áE/ÉxYÆ/dœ•qNÆ+6,À/…ìU±zM¯Ûð~eÅ¯mhÄy+~cÅV‰åoxSÆ[6´àw‚õ¶ÐÇŠ‹6´ã¼ Í¸dÅeÖã°°ù®Xý^—„â¨P¶ÕÓÕãñK¨ö º"ÁØˆ+N†c#*ÜñX*Œ¥w#•Ú½ƒB[yt»;°v¿±Y' é,¿ç±žÀ .—ñž‰—U’ñGšÛŽ…Ó›$”:vJ°¸ãÃtRéÇÔþLtHM‡"äÌŽ]‘‘x2œ>ŒoK¥$lvLÜà‹'G\ÑøÉp$tJ¥\¡ä‰D:î „GbÁt&©æ¬ˆàé`èp_0¡{©HÑJ¢;I¦š¦‡E=ÉR•¶Ñí÷å÷ÎÎ²Ôd:Ï³2 Á‘°¾¨åµBÁ„êJ©¡Ažpok^ïÚÍAlóF‘N+®Xñ>«… Áæ9Ré0‰(tó½ÉxT;ŽiüìÍòrNBÜ“s>Ó*ý\`}ñ„„Q¿OBóôÉ(bÉï£…ôý¾¢‹Å“Ñ`$|Rnh€•)¡¦Ûö«G¨ž&Sª u‹ÓÍ,â™dHí ‹C,{V EÛ°Ò¾ž¶c²bLÁU\Ó„«u¡‚gf`kWKŽõ§I¬ÁúD°*ÈZÝÖžÓ7˜kÖµæ˜³%ïäºæÖ°èq+ø³à(yƒ‚wÃàéöï¦ÁÓÍ Þ§‚·(ºrÅŠ¦2épÄ¥ Ùr[¸Rüt{¶xûínÐÛëuw z4®‚[¸-aFxú{Š(ÜÁmŸás_àK óLÖ´:Óh sr&ÌÜeÚöekíï–~O½§k°K×Z2ioqÆâQØýž\xúí>o`P×n(PQ]Á¯à+ÜU0(VÃð[ñ÷pøàVŠJû«„ú"·ÁTÁ¹»*¡nªÑÄáPÊ¥_Û9ù:7mÊrÃq—wÀÄµ%ÖÚÃ){,Ñ`üMÁ×øFAlÃKï‡ÝïËBÿwy· oVwæÀ5©à;ü]Á?ðO„Åª¼ÞÀÐ!5”ž|À“Sµû)<½NU! %â~×NßeØ Ô#™`„íož¹=dÁu6ü…ðÀOo¯hŽ¿‹<öŽžðˆšbœÿ×ÛRÄÒjÃRm¡Ltƒœ°ç>Âº";Ù5î'f¹Ÿ˜½Ä/ð¸§u¼pªÌä·ˆÔä¶ˆÔäÕÆÏ‹d:%gh´xž¡¬Æ†u•²ˆ~2xÙîS™¡”^,5¯·èûlá‚§;×QTºxúö¹ƒKK ¦ÔöÖa5¤}ŸÌpìíŸ+EÑ’_9¢¦M÷žêöê2ÒtÜ¨ý²ÐÁ`²‹)²8¼ nÒÁD‚y`Bî©d/l'–ðËn3¿nË8ÿ]ÐMªµ¤Ý&ºŽt‰¶“ö˜ha§×Do!½ÕD{¡pÍ–£œ‡9Kœg8' ]åBBŸC0£ýÈªJs¹]p_qV—Œ£ô<¬×`sVÏ0ˆ2VƒI”„ÄLƒPHTÄ,•QEb¶AT“˜csIÌ3ˆó â¡1iL‹LÀÞ‡ù›{%*øe]3ØŒeüÔ®Çj®Öðÿ‡VlDsÒÎ<¬e€ë°‹×{ÑÁ'¤±G¨‘Á&<Í39Íóx‘Úg™ÁGi½3+”Ü]ñÒ“ù),Z†ÒÎ{L(QÖŽcáyØÕuãxø<ækœENþ Î¢áq,¦–ÝÐZbhÙ %y¥šV³z™¦5ÛYµL¨T-ÉÊóIpÂÆ±—X¶ð·á!vÃÜÄ“ôó…ÙÇçr;Än- 2XÊ–/gÈE²OÄaDòˆá}¹á½QóÞPè½–ö€qÿã\íG5ž ‚ V ¤y³ ¤LøÌùÊ—àu¬+(ÁªîÀNª§PŠœ¡ïúëplç–_ãu8û¤þ›hÜÓ4¦þQÌè°¬ãþ¹4ng-d¡-…Ì1Ê1ÆSLÚj¤©s”ZÊi ä{2,VìÒ~w[±’ìh{µ$–S9c|\‡uN‡ÕRÖ*ËEX•–›hÙS½zkî¬Gkc³Žq OãSÄxŠŸ¡Æ³ÔyžZgˆñ9æÓáÜ'pîŸ9 çÌ~Ñôµàl8×NI_ó¤ô½ÄñeB;Khç¨ñ*u^§Ök”¿1¬! Öäô…r°N–E® –Ó'õ DDÔ7Šª~‘8¦lH]“WÉ²ZXîÇ7 î-Jß¡ü25.²g^‚ïjàj¸…(ŒL™„l8Wš7ˆ¬”óÞ›X¿g¾Òu¢ì/b‹“¸³Êö6ÊFÑš%*4¢>K,ÕˆÚ,a×ˆŠFÇ†]gJ¤Ñï'Ç±1sÚ x!\anß'ìØ?D>â‘Q~•mêŸƒy»?a8Wx1&´°fÃúØ¬P¥¹lJåÿæ1—‹O?=ŽËzýSâè0ÇQoŽ£ÖG!ô¯&C_…™oú-B¿Mèwý3BÿœÐ¿ ô/ ý.¡ßâtOƒ\…²Áw’/ÔgjÝÒFjÔÔK€ÖA=œMÊ|hwÓú›åÒÈØ0ËÍµ K<æu¾†¥£MÙè%…Y•Õ¾€A,*’8Wá˜ò™S3+ËŠ(M8+7/eÍ C¹™ÖHÚÈÞÐx8³EfË¥Æ &x³CáL5œA9³‹aùÔ°eÅ0Sës ›M5§7T5¯l Ð*¡wjiyQåÂqyY•MKêj«*Oô¯Tº!]K/³r9@¥¿JiãY+•Ó§UÎ1ûÎ¦¾r¹Þ Rºm÷$3©sÒd#ÚÚ‰Bj#j¿åÊAÚ\«ÛyRÖ›WÆÃÓèæºbI’••óOYnÞ?däëÈÈådÞúj)ˆè½úêÜîtñÖÊ")…ÔZ;µZf$õÈ3‡‚¤°¾sèôµºuÇU·Hcya‘Õ+Ìóò(Üý…Ü…¼.E":ÝRåv£òFÞ¸Ô ìÎãAmD‡µý-µƒ»w·Ô{ºx[ ûtuvçhF?n•Í(-*Q9µxFÙÜ¢y3KÊi€E‘X¿¹Ý˜Ç‘g#ÉûM-.Ž¨ˆYê„’-Âá‰I=ÊÉöiÕ~ÚIqmƒ¿´µ~‰¿yžoIIútÐJÃ}a;ï£OK$ã¸ÄÚ&ÍG°ÑÐc#i#<+r3Æ…_T=ž“{ÀWub‰¯I®•ÞnÊ¾ÓWTùåIÒæôv´Ðf$ò¡éÑŒ~,ËÂBzjôp¡Î µ µI©‰=~YÙC%=7?ôÙã‰L]…þ¦f•/à§H5ªýUtôæNå1-ÖßP%ƒ!å`n+k 4µè¼ü¾z9vTµ¿yºêéUgZÛ8º‹Õ·T·jHÅ†=1iQ†ŸR4Q ”×.m £úŽo\bO¼›ñF9©*)ãzgbÃ«»òF£J) iHZ¥2%ñ_ @ÝÌô@£u%Ü$4UmÕN½ÌBg^ÐÆé_Öê«#Í¨žùáè.7Í\‹”ë5¾–ó†Sý»8äþªêT»Ê[›«üGÔrrp‡- g6àxÐ€‡àa1 adçäSÚXÞZUì¼¬ý»žRAkm…”ýÐKÙºµB¶‘bädu‚Ï ¡<›Ÿ`àgø¹é¨±yÂ°C;Œ-ûø~‰pØ!.e6+ž‹ÊÂ=TÖË 2Í$ø›››S ¾„:<ºG~¿Â¯)o˜‚©~ƒ¹~‹ßðì60óøžZð“YÖ8½êeÀý¬Ø~oàø£?áÆ_<ÈÃ=»£þÊÛýþÿ0ðOü‹®!séoöqŸÐÌ«in\ÎIÕÀÿá~ÞæU¼Åä@ðn½ËäÃ×¸õ:/`?…ÕË¼·lž„Ýgð„lR9B7Ÿ‹JÏÄÒ2 xŠ5N³ 6kì4jð´%§G\É©eÀ³r$z2éèôxÓ%*¬=ž¢6m¦¿®®ÞGQ8Ó€7d‡BîÀÕyærY²˜CfŽæVlfzVúØœŒôÌŒŒœÜôœtZÖ·ÜËàeeåX=¢L(ûôéÚ';=SuÈÍëÔ!7¯»YfªaÂ;ì®C¶ÙüÞ`wrÌï¹gé2]nZ6ûÍ3³ssÆ¥gÒ_®¿ðÆcBû˜k9Ž7"A\„Ž™ä²_žjCÁž¼£î{Ò™þfõT;öäuß“Bìwîé¢vãï5îcÀÏJ—®Ë2u?IÍ°Ü,ÜÂü$ÇèÂÇ ¹ÓßéÏXqI»¢›>Í€7Yþ“?Yi§w"ÝÀdÎG¨Ñµ KM03|BkƒLÕ|G0¡(ÕÃtl`¥xþkÀ£Lc²—É>&Á~xŽáóL^`ò"“—˜¼Ìä&¯2yÉûL>`ò!“˜|Ìä&Ÿ2ùŒÉçL¾`ò%“¯˜|Íä&ðÞÝ]¹ÈYÁÝõe¢ø³’j¹ü™¢öd³äÚ}F3ßÌfªk»·)j&½°)Âs!ÿLPÀ5BS“¿j ´ˆ5B7=é¶€Þg¤!ÜÆ®3&u_t6•¿œä«3wM%Aè½~ÐQ¬G†²´7Ç-’?÷TÑ¸cºßê!¾¢+þ©ÍÍ¾•á\P çx>ÿ¤ÓjÖF5J[ëêÈžZ¡ýŒHìQêXN ?×'ÿ¦ötTÕ5r¡ã«®.om¢ê¶¥…‹Ûá» ¾i²KOt´Ü`QÒ| Ñ° ÜÛaÄÃh§+½€d»è?½Ò²MÕq;?Ø’S!D<žï«ä*þ˜â{ß§øã’{ù±”üIÅŸRüiÅŸQüYÉãù²Kþ¼â/(þ¢â/)þ²â¯(þªšï55ÞëŠ¿¡ø›Š¿¥øÛŠ¿£ø»jþ÷Ôxï+þâ*þ‘â+þ‰âŸ*þ™âŸ+þ…â_*þ•â_+þZ÷·jß)þ½â?(þ£â?)þ³â¿(þ«â¿)þ»â(þ§â)þ·âTI~Àä\÷HŽ’Ç¢@Q;¡Á)dŽäí€mÔ@tuJa)!'jLEWÓ¹„¨$T¦Ã(Úë’Sv€Ø´uIépÀBˆBFƒö•¬IKÞ¶â”}0d7Ø+vƒ£b'8=Z;èÉô¿¢v‚«c7DW¤ìƒ— ä°àAªhX?DÁñ0jÐ ‰ø7ŒÐ0{É€§Ì@ÓöF·9-N&ì$Í5´£wÆõ³zWxÜ;!¶ƒ&ô”¦µCŸb"}7€Ž%›ÀCí¸’T²Öo–`¾=eôk‡þ`4µÈÖáÔòÊÖ@jÅËV¬\uêN˜oßÄó˜{È·§îÝko‡A˜ï vTj;Îwxí^G;ñÚC›<ú=™6¸ úÀY0Î¦#9‡6{.$Áù@¬†±°ÆÃPWB9\‹a-¹f,ƒõÔó8®¥ž7Ãyp+\·‘õp5l–KÏ~ˆ#†± Ø5ô”4(ÄÆjØ'Jÿ ûÝÚ[º5Nf¼ ñ€jëü‰£âeºŠoòN8,w@“¡L‡PB(„âå‰í¢A&“+Šh‰³É÷‘;î§ éûD-b% h#žÔÝÉ©·ÃÐ½ ÑaÚôôH(WvžbMÑAˆ<þ0$Â#ÒcÀläÓM´ÎÎ{ôªM ±úFXPh{ý€é“]æ~ ãÿÙùÛK×¤|6*™6‘ÐÃvÁð€›ÀUÌcâV¾Ñ¼¿vÑ‡o•“÷‚X¾jrªat?€’³ƒs/J®±”˜=”tûSÂ@Éu$¼%·¨8RÃAÎ°}Åâ`¢Öv×Ûad×»þ! ÿQ'Ðw¡º~é€4Ò<¶FÑEO,ÁRÕÊ·{íæ®’˜YW¬Àæ-Ë5yÑM`Þµ¼ë}Í×*yr,rCJª;ƒe©)tÉè&§Ó}›¶âŽÞSòíi¬ÎÜ¹¦$×QêµwÈ«98dêÉw¦yÒTc‰×Ñ±•6z]¬ó ƒ¶¾‚.›Éo¤ n†{èÎ ÙÍ›þ/7ÑïÈê{:â`=”ü'RâŸEI%ü”ì+)Á×Pên¢„¾‚q=õ¹‘ø£ˆò|€k?Tj8TÃaDõ0„¯-ÅãpSTäsAdý?@Ó:;©ƒ&¶|–¦®SóyP§v5Îýê¬Š±DµJÓ"œÙ”ð3Ë?³‘ágæ5ÏÌ•&,:MXŠ;#ŒÎ‹R-C\Š:G*'I>–P®,M+IëÈwvµÓR½Z˜³ƒŽj%œJÇÅG´.W|íêFÊŠ·¾œÜ¼®óQ¡.zá<è‚xJéäŸñØfÒsRJ¹ñ(ºûÇ`_¨¦¬v"¥¡etS/%~9õ[‡^yTÇðQ<*í‡ô·%ÁÃÃŽÂTIa¡:=-$†°Ãë”Gâ(•[×ªûYFI.«˜¤léðjåPk=hÛ ·P^P>Æ’eù¸ <ß’oÃÐÃ$ó¥÷p8#`0í!GB.-¡¡„>5yó1àü¼”%m}è|™ˆIæm‰fn½“=Úa¢œcR[²g²¦˜J`Ä%{ dÃHöL³Ô…¤žnI°¤3H:Ó’YÒY$m<ÅC Ä²/µ¤e$clGZë˜kÙ–[êy¤>ÊRÏ·Ô,u?R/´Ô–úhK=€Ô‹,õ1–z±¥ö’úXK]i©³Ôñ¤öYê%–ºÊRW“Úo©·ÔK-u ©k-õ –úDK]GêzKÝ`©-u©—YÒfKÚBÒ€%mµ¤'‘t¹”Iö¬°Æ\iÙlÙ ±7©´K=b0úáxº„`4N¤8›ã¨–›S §‚ÀG@Î€f,‚U8NÇÙ°‹á*,X 7á\Ø‰åð Îƒ‡ñ(xçÃÛ¸ÞÇ…ðVÀ_x4ÀETâƒñ¸‡à±˜•8Ã‰èÃ¹¸bi«qúq9«p)^†5¸kqž€÷à‰¸ëð>¬Ç§°ŸÃFü›ðêñ'6‹(l1Ø*ïÆ(8<Æˆ·ÅÒŸaÐÿx[×?V ·‘;’‚\Ü`ÞÜl&ÒIòv:=ÚL]Ü4Þ Œ6H9¹lîÞºœ=[Í>OÍ>,åaˆ^O¹:å!ˆn‡¶^ðêv¸p‹mKçý *YD,Måþ¢MgíÏÍ9˜«føH}³UÛ'ºTÃÛš>iLß]tœ%OÉÉ åCCrÚó%A¹ÉE;\zÜÄA¡5Ê/J1„ñb0d‰!0KKD‚\g PI+‹1>[ršÓqÎ¿ÄtÄ™˜§6