í«îÛpki-base-java-10.5.9-13.el7_6Žè$>èì÷^³ÓzªŠQµ¯±æÁ>ÿÿÿÐŽè7àL?à<dèéêì í Dî ï ”ñ ¬ó °ö ·÷ ½ø éü ý þ % ,' È' ' d'' g' P'ì'¯'r”'0@¬°(38<õ9õ:G¾õG×8'H×Ô'IØp'XØ˜YØœ\Ø¬']ÙH'^ÛâbÜcdÝ2eÝ7fÝ:lÝ<tÝT'uÝð'vÞŒwß'xßœ'“à8Cpki-base-java10.5.913.el7_6Certificate System - Java FrameworkThe PKI Framework contains the common and client libraries and utilities written in Java. This package is a part of the PKI Core used by the Certificate System. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\Š.óx86-02.bsys.centos.orgŸÎCentOSGPLv2CentOS BuildSystem System Environment/Basehttp://pki.fedoraproject.org/linuxnoarch PõÕÖbÌ £”!& #-+,).*)&##"!81;8+70#%Aí¤¤¤Aí¤¤Aí¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ\Š.’\Š.ˆ\Š.‰\Š.\Š.|[!¥T[!¥T\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|104e693105a0f33323a500b28140eb73edbddc312c59aff2af732bfcbe4c468394551476c6e1669c47fcfc7410317b2cd505bfe5c3ecefb1e74fecebcf90f871b2df657063377311c021e0fd7006b3ab5ad93e365860dc3ecf68ba0078a90481fdd8d5ef0c8813c633e77997d6dbe23557a5112937962d5ab7b1053de866027b643b71cec56efdc737a20687bb05ccbba40c3481b2c0e100ccf53331e0fba620/usr/share/java/commons-cli.jar/usr/share/java/commons-codec.jar/usr/share/java/commons-httpclient.jar/usr/share/java/commons-io.jar/usr/share/java/commons-lang.jar/usr/share/java/commons-logging.jar/usr/share/java/httpcomponents/httpclient.jar/usr/share/java/httpcomponents/httpcore.jar/usr/share/java/jackson/jackson-core-asl.jar/usr/share/java/jackson/jackson-jaxrs.jar/usr/share/java/jackson/jackson-mapper-asl.jar/usr/share/java/jackson/jackson-mrbean.jar/usr/share/java/jackson/jackson-smile.jar/usr/share/java/jackson/jackson-xc.jar/usr/share/java/jaxb-api.jar/usr/lib/java/jss4.jar/usr/share/java/ldapjdk.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/java/pki/pki-tools.jar/usr/share/java/resteasy-base/resteasy-atom-provider.jar/usr/share/java/resteasy-base/resteasy-client.jar/usr/share/java/resteasy-base/resteasy-jackson-provider.jar/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar/usr/share/java/resteasy-base/jaxrs-api.jar/usr/share/java/resteasy-base/resteasy-jaxrs-jandex.jar/usr/share/java/resteasy-base/resteasy-jaxrs.jar/usr/share/java/servlet.jar/usr/share/java/slf4j/slf4j-api.jar/usr/share/java/slf4j/slf4j-jdk14.jarrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿpki-base-java apache-commons-cliapache-commons-codecapache-commons-ioapache-commons-langapache-commons-loggingjakarta-commons-httpclientjava-1.8.0-openjdk-headlessjavassistjpackage-utilsjssldapjdkpki-baseresteasy-base-atom-providerresteasy-base-clientresteasy-base-jackson-providerresteasy-base-jaxb-providerresteasy-base-jaxrsresteasy-base-jaxrs-apirpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)slf4jxalan-j2xerces-j2xml-commons-apisxml-commons-resolverrpmlib(PayloadIsXz)0:1.7.5-104.4.4-54.19-510.5.9-13.el7_63.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.4-14.6.0-14.0-15.2-14.11.3\f©À\T4À\Rã@\À\U@\½À[Öö@[{þÀ[l,À[`O@[UÃ@[>@[d@[Á@[oÀ[@ZËUÀZ´ì@ZŠ¼@ZÀZxG@Zg#ÀZ.s@Zþ@Z ÚÀZñÀYûÀYè“ÀY¿µ@Y·Ì@YšË@YoIÀYl¦ÀYG¼ÀY>‚@Y5GÀY-^ÀY$$@Y"ÒÀY¯@Y#@Xô®@XØþÀXÇÛ@X½O@X*ÀXR…ÀXOâÀX!¾@X&ÀX2@Wû‚ÀWÒ¤@WÎ¯ÀWÄ#ÀW¼:ÀW±®ÀW¨t@W{¡@Wu ÀWgÚÀWV·@WV·@WV·@WV·@WV·@WV·@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) !"#$%&'10.5.9-13.el7_6pkipki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarjavaCACertClientExample.javaCAClientExample.javalibcommons-cli.jarcommons-codec.jarcommons-httpclient.jarcommons-io.jarcommons-lang.jarcommons-logging.jarhttpclient.jarhttpcore.jarjackson-core-asl.jarjackson-jaxrs.jarjackson-mapper-asl.jarjackson-mrbean.jarjackson-smile.jarjackson-xc.jarjaxb-api.jarjss4.jarldapjdk.jarpki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarpki-tools.jarresteasy-atom-provider.jarresteasy-client.jarresteasy-jackson-provider.jarresteasy-jaxb-provider.jarresteasy-jaxrs-api.jarresteasy-jaxrs-jandex.jarresteasy-jaxrs.jarservlet.jarslf4j-api.jarslf4j-jdk14.jar/usr/share/java//usr/share/java/pki//usr/share/pki/examples//usr/share/pki/examples/java//usr/share/pki//usr/share/pki/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnudirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)C source, ASCII text?ÿÿüý7zXZ áû¡!#¸‡,àúïþ]"ÌkÀ%ƒÓvz×ØûIRG¦6"i°l'u ¶fl/òÚ)ÒÁ¢Ä57nVÑUz&CÛ«•CË.C„ÑsSZý<–(]¤—Å³? ½zDÊ5¡·¸ã.¶w%–Ê$ïèT™XzÏñÅ–’:ÊÒ…ó#½à Æê‚-?_,ýÑL„ÅZ?1>ê¥ý7F˜“?÷-Q¶ám.tT® ©$>¢ÛÝwé5’ÝW¢1Ö90gä¤½ew¤¥ŒÒ£““Æ¾ñ²|Br±Ã\ºõí‰£õƒàí*:ØÞ”><ÕÚ\aþJ¯Bì$4›Âóømÿý<9Ñ¬”F¿p\Xuì˜Ãá‰_î‘nÚ|ôÕqaÑ˜ˆÖ~þœN¯?V¯dÿsÌvêvTvÊïk&ul¤¶a\¨þ ˜ÖÃ&øàÏ†”?3)ÕóÆBz#Nµ:”Ê—·³’ã6<:v…¥Po«™96{_•…Ã‘·’107Ë9 JòôÓãÈé[®¿ä9Ýh›9¸†¾Ó®ô¯¨¤C³7A£"Ñ€.¡•.\‹ÑŽàv»×e#¿XztÍi%¼JJžæ[6 §@ß°¨eÿLw)• hö5;: ˆÔ*Âb J„ºôÄ°Æ@1ŒÌ8^Y?y´nUë»ÇÝ—BBš¢dkÜ|Ìªa—Aåì1PLi\ ñs§ÂYÍæ£³ Á"Ï©¥'úúøÆÀè[Œ–n‰T‚ÝdHœ)î£ŸaW&¨N›Þ=»Æ#‚ù~F–r¿Nã¨²ßEç!†eV '_òîÜQ.JCËÑŸçkŽðÆÐf†NÂÞG”®?en‰WÀá ÿLªÉ„Ö¦‚``<~Z9Å€‹{$ Ä8KR¨_W£xŠXûDXõd@‡7WM!¼hŒ *P•ío›ºìwÛ×içh°¸ÀuŒd$Û¯D*Á*V©8{%¶ê#2#É•?¸àWÂ¿æ—×zÆ|¬å‚n÷DðXðO:_&{Ã$Ýßá›J/¬« y »0bžŽ4âhé‚ƒÉ²™ZåÂ«„·6‹NGc ¹ìÊA]ÇHm(/ó`¦¯UßG7¿Oq²ÿî ÍÆúgÚß5BŸõÌuý@ÛØóUdkO È?õ±#ìzÿº¥>Y&±a7·:Pà]¼ôµÕ´µa_”¡ñE! ;cHÛOœÚOJä@ï_§iMš ¤|rÎöH§ /^ º5¨‘]7¹..YÆ*H)¦a¬ºÕ½Aj¼n¶ž|øÏú)ýÏÅöó¬D9Üàá‡=,6Õây7úåÌ!Å? å$Ä3,gã_…mq¥Ø–åŸñÊÒò=óc,íáèYªL_o4ÿÉ„Ò0ÕàJð³h3ò×‚ ëîm—Éèø– ä_l9#jAÿÌÑy-+ 9Ss*¬£”ÎB’‰À^Ë…T %úì5cÆW„ZaàN¤èO¼S´Öa²ü$ƒXÖ%;gò.ô\f«©ÅèLf^O²@Á>¹|ˆ»Ç.¸¬¥™ÞH¼@û1˜iŸô¿3ÄÊ¢ Àëêwr¼Y¨Ž“´«:‘ ;g˜ƒ½¾Cs@ùJN˜\* \…Œ08>|½fÆ!Ž\NŒùó¬)2ö Ê¼Ô,íYã¼arM~·vßžk5?9RQ"ýV“"ÑÐüýk@æ( ¿xebœ s€=@•·×Wq-•—b#†˜Z0CZe«Z¾³‹gß‡å‰=Vœ‰*åôp¬HÙìÄ3f,lÔ4îxÒxÖ‹ûºP€†‘§•;dÏÍ_[t|_ÿÃ<8¢ãI—RøH”yƒœ¶ÛÇ%/w7Kà}¡iÌõÍU¨ÇdèñJ²4XGÊ:Z¹Â˜rô ×…¢€Ú0Še[ÎzQÜÿ!ÑüM|;þ…:fsAšç·í‚U’¼@5”2÷¦ª(LjW™†¹Ôå–ck Á‚{Û^lÕÿzE0ö3ÉbÀEÈ•@3]ì²È‹tŠ¸s‰¼6°1Më}0U=¿©T¿UT0È0 %ëo/ti–^s¹Æåæ›š¡\IB¹W‚Ó¥È>ÇF`+Ã@I^—J_ÓR™d?ç1øÌÖ› MÏèz³†NâÁe-|;ÉÎÃ;Ìn©7 ?y¬ÒJRœêt—èB°—#0mr˜ì ZG ”µM¬RtºŽæ¨Ä9Ÿ»øÅêñ½aÌtƒË´lD«•žCÔÑè–Ç±õ±µ¥¯¸áÁR1©ì,Ä UBîÌpèä0¬£¬¡ç:Uº±¨ÿ( w$Ãƒb$ ôÐë¢O‚a?Ýœ”Çõ1˜è˜±Ãëÿb$Ó(IèxiX ˜ÎßºÜEµE2Iã•c»RöÏ\þ&®úX4åwcÃ_SÞ¶É´A:A/‰+ZÃnfg´Ÿ_¯2z'r¦kø‘ûÞ –fôZ•˜ÑàlìŸQÙ¤bd¶ü¯0ô[Ö‘¢S[€R‚c¬Qü¼©¨@GS¿¶7V×#Í`1éÔ8åiÅ…%®t©™Œ^´ãD˜b_33 Wý+ã$Õ©Êa§¤•ã±'ñt·F¶™ó¤D2«lfk!ÙE^ÈvîÅ»%1Úã‘¹Cwág+¤ý!€¦x…¿„zyÃUhúgWìI7ÏÈye[1¯ÁýŽä?Õ[z xºè»·±¬)SPNØÔF¶JóÞ%æ@f]8SQmá^ZûVi 6;ü$ºä½_ 7!_-œÜ>ä¡:dKêY³³wš,óHÔP æD Vf·~'Õü9Ü5 ˜sâ ;ÍŠ(R•ºÜ _/è"æ$_R|{wÌvÚB%â©”tzdcüá !c ›“›Ì&Ø/Ó±Þœ#—¿Ü1à-+Â-|'gÔ–¢ rÞ¥… Å Êß ÓR6újÑ”‹òÄDÿõ8#P‚Ê³øú>öiiîÜ! X_Ž€†fIÿa§´Õ’¼_L&«0·ujp#LšQ¸+ «iäN•†\o†[š&°%QfiS–vUF¾4~ô.‚ô¸óÔ¯¶wç1‰z»×ç8d5&:Í^ë/ ºµZQ ±´$h¢b)£[n~†`W^•”JÁ—ãïB1Á¨¢¿¬*¶ÊÄ¡kÿ/ýÙ–çÁ?q§„¨W‰h`Ù@þâQ 0|@Èç3¾§>„ÊÏòØ] ¼vÀ Äš¥b÷ÚCwß>°9Ìƒ›³Îeoÿ¥šƒ¼ö¶ ƒ§åˆÒD¸oï1#TµMQÓ€ ÉŠƒ%Zn§säQb¼Ø™²™¢p&Î1²(Å`],wcÅÀqtÔTBÅ[£*\=ãJÝÙkÄTÅ„èé!ó“A=i¼ËÅõñÖeTÍZå F·<ŠzM?k=¦Ôþx_`ƒîn;í3e†6 9¼…NP³n¶mføñ~)ï9Ù §ñ•ÀånFÊÞr+íÙö¡ ²ÄÍ®|)Ð…|½Ùë %W0ÜnÁ&M#/Ü²Ám¤Í 9º>’íE¢M>Ör'R•a™¸_wµ½`µ€µ¾|ÌþŽªïŒ§ÃlÑñ-§ ¦Îj@`ýr{ªH>Uzyì¼Ô˜µRªYL.Zf3ÒÞÞzäÔÈaUml¯ !žoO^ÅKZÚôƒ§Ù—çý”j´V¿dÎvj÷cy§má„ºæE-ŠÉI™=Ž”{rq–Mjð#µ‘_aze1Æ¬àò‹ |f7R‚ÜqçÀ¿ÔKq¿²VõX¥K. 8¦þ`})dµ²à/©¶7iåEWæyÒOgIc’Fã¿ðìÑŒx¼¾…¢e{¯PpvÁÅÔèø§¹£‡mx„á(Ÿ›…3&à´ao.Bÿ¡ÜUç9çqÙ€n¾ŠÙßN ˆ¬ÝÂw‡§ßb¹kìýñ%©…ø.IC›¡“h•Íú ÑGZ8±úAÑ½€µ€Nzö˜Õ‹f[M„ùNdQæÞD³{OÅÂd`«òé°R³ùl0ßÔM(…t²[sÏÏ*à"ÿÛë½Ü pQ³yºÛ÷‡n±³¶ÀnW ƒ,öþ û·P ì'p5Kwé¾k²7§ujã‘¥Û’a³G¯š>~®òBÍi.Ÿ>‹•òl‹4é/‹‚ -ô!…–ÞïaP‰cý›Ã~i¦ö™(fiókU«3‹ÏˆQ]6Åò½BY±.qéÝ¢ÒÎ¸¾žsO\Tÿvy6Ü3EZ›_H°È ëÈÍHUÅŽûPz’%aÔÿÌÃøNúw[!I ˜,“ð<Äï²µ»æ«l¶êQ„cÏ¶*ðpÈDËYóq/ƒsHâQåº-² ¨4§TÃ¼·[†5r7ã@óˆïªoü¿Ìd«N`zhTþ¨bö€ ‡`ŸåD4»ÛœhÉ#lT†MéVøfa¼Øs;Ów6·Õ˜˜Å¯6pÖnÂSn&¯…²ˆƒó%yôÏ()I»öA‰°»ŸY¾äÄ+2Ìíº¯Z£98£¼æÞ˜ JB^Ž|MÏ©rO6Þºm‰®>Âêtoôìõ¢ˆÎ™ƒ#[Þ:8Âk2á" ÒýFÎ§'½ºú³³¿‹»BÐœ¬†Úi‘'Í/þgÿL>]DÃŽ /¬z×z¡£t†ç·Tc~oó=aÑ»y$i+£3îV-kZJÐÐ¢]ÁŒAïbQâFÙ;J{¡µ%U‡Ë¿Xœz%g£KnÐš“»[˜{4²AMUkÓåKJžY~Ÿæ³û²‚V™¦Ž‰†£Î/ÑK¢%»t´{†‘¸ Ž°FAO!H€cùKV¡EÞf×Ëÿ÷rU†7§)(ŽLÝobó×5!Vó§UÔÙC’‘üÏªaÁKsM¤ØK+ÞþÝ—bñ™7ÛÐÞ~ü†%§Æû-ê}¥ûûËK- ƒÊòÑ/^ÿÇL@©o$ ua±§C³þMŒ,k¹¹©ÈžêY<ë )Õ„80"Ôh”`„î£¶«CRììmŒî‰äp^` F ÐRc>_eT §¬çeÎ ´Çk©G.ìÄ´U´ž!sJÇuNéØ°qlÞì1sÂJ>|uÙ,Ç jtšV„ëß/´¤ÿ0õ'J ¶PïÌx&õK]~b`å'»„Ø,>£ÐÔ‡/vR+äe‚L·É¿t^1* >ëuøÆn†«ôÆ„÷’22#mn5ëYuÊ0×ž´¤z£'N^^=¤ø¼Üpœ*—WAf È[ X¬Åš¶Z3¢Ú;·?p‡½Dï2}5§3¡èH‚™Š_¿>$Ò=të@¿ùä‘)ú‡Qk8 )îÉó#EÝÖaë¦_~‰óooš~xÕ¹Iß®g9˜iÜFè××¼,”`èÛ=ˆBrBt„JÚ…+ïª1îš4L½Z‡ñ½õØìñ/IWÝ¿s6çfBcÖ%,¿a»Ê4A®£§_›á7ÆÖ€Ûx’LŠiëAG·eØ´~¦OÏ{ãò6éáX0 ÜÆÅ{r7ùl* €relpÓPä¡1z‡÷,ú ç9†”Ä§z""ùF-{))+“eæ~çÚb›InMÔ†—õ!eN'ÞþB« {Ã:°„ ©*oy9npóþ%µR¬ÌÕéIð~‚ÆXËš¤Ï³K’)_>¨¾vJôÒ«S¾;u.[úôh|4W¹ÌQ=o"lóÇµë<² RjùzkB?´šÎÎà¾ˆOçíxâã@hÜÈ>½Ã²Ì–é¡6÷Å¥´ð¥ó¸T¯Ý:°)àg‡„ÕÕ«É—NýY#svÂÝÄyHëDPÍì0ìçFWj¨Sì¾ìñ,c»u3MŸmÎKC÷Ñä‹|ù›Ø ŒÄu.z(<»gàTÿß)oØ|"+¡û¬çá²X§`!ˆòÞvxKü›S@ÌéNÃñg¹êÏ“sÈ ¢«”x«Udm¸F²)N§‘[·®ã’{¾ƒ€B"]¤ˆãÜœk MÑ…½ùÌsò\Žîº¶£ Ö¢Gµ¥=¨"p uþý°¶3<(ÑÏ×«Ýq©$V* £´á-±yV¢0aI!5ÝÂ Ô\<1m“ÆûF—‚ÇdåÓá•ëêŽ=K•sùoÉÚ Flõ4¿ª÷æR q¢s²<žÏPÐ# M¨÷~›‹¸O>Áµ¾º·,.Ú¤](*,‚ˆhMÉ}Áôh° V<)¾n,Î0K‚{*ÖwÆ§7U„åêð¼#z}åBLèÀé'ÇçÚ]UÓ®ýssÎ©Ìz0@ªòŠPw6pükÃï ³WÙîˆà'{–»ð 1c`RU³ jþ¥˜~À$;úà_YÆÅíåstÖç~öp èèš÷ Œ£X‹ Æ¸£:ƒgßó%^»êBá´—{™‘BwË¶¥Ç6î—^‚õ2Yt=8¯ç:„¢>ÐÑ¤ôNÝPšKN”ÝøÄH¤¢ïòÿÂ[—„>E]Ñ2Üz«åïnÂiâYä©ò|g‘–! ²ë•WkÆ«ý½[)>&’ãò]"åG4'PE¨î*FÃVZtJ»S{6@¡"=-P÷¿%°p¦Ä'ü*ÕŸ´Ä3%M²ày(gÖº"ÈT=û"Ís e>ÊnÌÎAüˆ‘D‘éŠö4ïü{…úÏ¡€“\ žœ[–wŒWx±*ä "Â[ê³ê~i… uùæò[óvõáµæ–ÒÙûø,r¡o&V”PlŒ|–R€èär¢—u(¹[äó°óÍœ_0dA™â@ýe3VÍªˆö†ªh¢uö)¹ÞLñQD!~Î¶åÂó( [óâoù+Ö†‘û ™zs!ýÄXêRØž‡pš‘e$fÕ~“ub×™¾ø¾æ¯rÂú—ûêÛæëorãñ€¿$ß¯Y—øç¬}1²iC[Îþ~hïmøGÓ¯)]‘R|Q=é7»¶ã,é®±½¹Åõü.8àqâu&¾o\JÊr3+Äâ=|¢ÝíV˜½Ì‘\¡“‚Áú¢m¾šü¨çw‡Aˆ0@®-O zUZ{ éÛã«Æs!jÛ"I¿U>ùW|ÁËTÖ1°ÝÙÁ¬WÈxk#6F}ílÎÀˆÑËê"Ú|r¹k‘º‡FSÙÇÊÉè_ ‡ ,÷”ãL¥|nWwPÜÒí›#ò¢³êãÕ¼PçuRN ˜ÙÃÒ«&úiMœÝß¿ækR9D«˜€¯Àà›‡æFµ+rùyH´ws.1‹¯úºŠ+õ×5ç5jîTþsÙç¢y¼í*Ò2ŽçtDZ9@,—Ú`×ÁÕ#|ô"ö¤¢ic„1(vpj¢nôé)Ÿqlz•ƒNø¡ 0ÚûeÊ<`³5üWÕùx,¾{ˆ^Drv±vã…ùZm’Xk,ãà ôÌ‹µ|AÞ›w¿î³1Y“£Û‘ãC †¥:ãUˆÚ¥yvçÎ±‰¡dîÁ€ÈVœÄåÿ”j(>šä[ãî1ý»±E[xRØÓqëÉ+ki6àäQ8P1·&@×*ò Š¡,'¼óËÚåÂþQÒªãÀÄìäçÄlÌgÊñ·ê¤Ì•Ïôå…YZ•¦?w›ä»âÓífêTúMzöÔ®`‘“T2·[jÁTBö›N‚Ò¥â®um]¹¼EÍÜ#ÅècR?îDúÍ>Š/lˆdQðRRÉ‹ÝöPC—ÌîÝ|BÜ~®Çû‚.üôql>Ó=ùÕø¿@a÷A¥ï%Ðýß:g/ØieàøÔ5qö,r)òGÍ†Ì¢ifßŠ`‰Râû~ÙxRm{uÆº½–/ˆîÈ‘Æ±A-ÏX–[-·tÕwŸjYñ1{â ’Pku§ãÍØ_Ý6ºº Â=ÞA¬zãlÍÌÆÉ··¥>6…í å_m;î'¯eÄ½€c"Hüéõ[ãBß V»ó=lÑi(V½ä!ÔÁÜébÁnÃ,J:oÝQ˜m“¯è H¦‘âÿÄÕgç&ÿòë¢É`§Oª™ÇìR@¼&JjUvºêÍM¶J,CCù†)î2¦‹2ËùÄ©ŸSØ™7´jrK¹BfïÝ¨ŸFsÚã8„æl*Íg²ú&ó$}žøT6~(¤d43TB‡ÍPEûW˜ÏxË>Ó‘s4¼þ$~øõÎ%ÈSC}a2šfT§„mcö$îDz›’Ìˆˆ,#-óýí§2°/¥ÓqIàGíL{:b“§g&J,îÆM¤Z_é]ÿ_’yÙö®m€Ä_8„úvéQywÿ#W,?óS?ã¦1Z#~¤ rWK;/¢£²±œVMEéJÿ9ºíàåÙ`‚è.©aL—Gé‡Æ?‰>×EK‘‹ÍÂÿË¥Çø¾—TÛñ™Ø ªÓ>û„$¸õ²+2€R.îS—å«9äáu¶Éàœˆ/i…Ÿ?ÛÄ-o^°db7Ô|ó½,M×½áÀ¼` ŸVQ¨Ýv‡#×‹<u “>2íTÕí§Ì¤ƒ¢Aàq¬òF^{v^¥æ5„R8ŠžÍ¤Ìn4ä±jáòF×˜÷uh®ÊÃ2d!ì\†qëäiã;2+Y£EDb(ðÝvÅ2¹„ÉŒ Ú¢D#‚hj“ Å£Àí×ñ@Ò=q} µÉ4ÎëÙQ8Å>Ús¶ùúW› §{#ö)ä˜Ã}ÖŸ¾# £;ú,€uvjZ6ß¼¢YnÍqqcË¨ª2z™hÂ‡‚ãîŽÜìPßÜ¡. !yyÈ{Uà"•}_5v(ç%æóÃP|o•Ï¢È_fY~)Â0q…À›ÌTÈó¼Ð¢—šGX>ˆ#«—ãs-ÆùÔ¨Â{ÎÑ¬²u»ÇëN_øjùw¾WRfoä¯ fpê7wûO$ÝùÛá.J/>Mç9-pYYIC—óxü½ä„A¥ÿ”¹ßCJÓ˜NÓ'ô‹£îål²â}×¨Þ¬¦mž*ž †×Xè†Ì¾gÃvzÚCcÈ»W3 sW’>z‘aC(ÁX¹¶ÕêŒ’GÇV=áC+ì¬JÎ0ÉôÂF[&ãÅï¾ 5˜Ï*=)x/]¢ë!Au¶§I»ìüˆÇªÍ&,ÆšT-¨J2b©Ìz&îû×séëN‡QŠóØs¾G?UbX$[~ž»®ýì'C MhhÉ¼G¤’ï~Ñ=D7ø «-4{š$Gîž9Ï…±œÇF(¢¤úETðÇ{T‚(:,<,?kD+ÞÐÔqžïð/À½¸¬CˆRV‚2‚o¸(×áíÂéjÙ‹ºÀZù«Áëê~á—ü $–æCSâÝ$Tñ0óÜ»¦Ï•v3KñšvRÎhúÁ®þÀòU£oå$eŽŒÝ±§âÔK“…×|j®šºJ» ÖS 0Ö2}§žß§3 ´'>ìzÕÅë²¡èâýa¡lÓã^>Ä®‚°Lôoy'_˜p]‰Ö€*7» p#g-iM.ö¦ž«Áßòo²F·?êC»Z¥†`ê‹8d»4' Ÿ^"0w—á‘œíÃî~¼KŒ—µ²2LDMî±wc½Ä²zè%£j'Ï¥{b:=ð;Ï$VN6†w*M0(Ó<ÖDø´û,Æ»(¾Cj Kû¯›» û›¢º¾ß—[Ðœ{yÉ§~AO»ÒGòç¡·SaÇ£BT([×VJ>v¶ÄÊ/õ ¢ ¤+Éd²Sqˆš¹ÂaÐ ø’b`> 2a==qOxÃâÔ×·«¦/¸lu-Øä±¹‚ƒu$=ïÿB “þ¶ïÌ{49›N>$ÝÀÇBmsýA·GóvÆIBèƒÿ‡ùÃÙˆ¨‡áEßþçVz`ªCæ‘ÿœDä¼}‡¾ÂZ²;Üv6H–^-…u(Îœ~ ”S¯ Š{‚ô> ò^"uË´’hØ/žxÙDþO¾o’¸" ½ç¿ Pw/ïàÏSx`^p4IñÌ=¢… “—— ,™˜m®ßŽ¢N!§Ê0 « ò˜™–Ãô¾³j”ºñmþM·i“¿YÊ^w†0… pp¹¥ÇÍ‡›ÍeEs©LGUÕw3xqŒÒ8zzØã†2«¯¶æ§B‹/Óë®ky!;wŽ8;!:b±îÌüW¹´€…M?jÑ$×D£l…²Óÿy>WX„M†³¥{¢ÜÇ„”¶û!¨ñCŸæ02\D|ç¢+þ¢ÚO¶ÌÓà«Û‘mÆ5FÏÞøi±ÛS[ø§Ž”³9+Ç@PñQx:ëôÁšr§9îQêÊfÁ-0ºÌØ]÷¶èªÊTx.½º¶68ª %±›òZòò¤‡—.àS©sZNA‡Äi¹è±‡|Æþƒ ±¦ß•c%ÅlêÊlrú^Ö¸bi¿Øn»‹Ï¼ŸšŽß¹#ËXA>ŠÚ6^wºý•óJêº¦Ò¹ÎN÷Éep„åÇ7ûúÏ…s‰‘˜CoãG7‡ÓÒƒÌ4O°ý-Ó9 ¥™ûÍT›¨¡µ€â•—Ã¦#²(§Ú®þ`ÿ×ñZ™ø¡½yÂý÷<+U 3ËÆÖJÙx8Wë §†zâ,´K®› ä‹ˆ\ïŽ5£amaŠšqõ¢"õy¿”zybV ŽÊÙY¹#KZß‚ñ(yl¨tÃ¾¬+™•Ê£*‡w®{ŠíÀgDÜñÔ´{ºPV¦,–’Ó…h#ñÑ%¾a¯‘©‡ñÓ›Ö†$ëÛnSo'Ôæ¡Ge^¾T&í³S°uæP-ÚÕdÞ^x'Òb¹ÌCcÃH:a¥œ{=ßæ_ß—ï¸aoÂ£ÕTOZ¦®]¦¬ÑÈl-Fþ½L3sÀtK8Z´ªí®¼zcð+É!Ûé¦ªéˆ%ÛäI*5Öh¢ø8íIÐcQ4]†›c˜PúÂÈ›çRfì5žÉ|wäÉÐÖ¼mä_’Ñän¾X?©ÜçvœÝmpQT¶Í®Š…Î ôwL÷¯ÿšÞVÄÏ—q?—(øÉa2&,N¡çÅÞ/ãW&òoƒ$«Öë0ï”¾·ŒŒþU®–œ“%ÃâèHQœÝó“‘u47Î'ÑôÅ'-tÜÃk©J@ª%2Œ:¡]Eg_|$Õ©$&X¸ °äEûuÙ3 úóÆþ08ƒÒi"³”ý@¡ºà“"E½)íÚ06ŒIO†b&¾ª•œ- £š:cÀ|ÛÌE´¦È×µðˆûNÑŒô2·y‚‹ã²Ý0u]ìÒ.êÆ¶Ý‘§k€Ò«]8ó6`¡Ñb!ni›†À0¾?=W2’»ÐÚ‹V!â,íÊN.2VGèT®JìK¡"L•Æî–šîŽ}ÂÇU³ã_{?pÎ¹è¡,WÝNËùd®2#‰``×³« ~ªœN©šMê»RØ2Õ^Ïm‰l15]:Èˆs¢…‰d’MÄì¼J†.aTßý…{¤15p·ï±W|1vmæò5æ¹-ËtœgêVyW¸¡Š}‘Þ¼‘ÎJ(t|…ÖÏÏˆlò6ÿex¢¼Z"=–+‘¾ ²Pàú~¶³M+UãIy>çr†S«H«Ñ×œO±Î_ÉXï9[åjœ¡Ön[ya5ö†!òãÆ8>JãÒùC‰NÃ¡VŽEõ¬CÈôØk¼Ì¼R,ÒÀbGÍÉ©aúŽóƒ®ž›ý‚3á¤kƒp}z†qægýU¢¨¥84x?1ê!{Ì¼_sAb‰üÌðË¢¼IÞûGúÊi‰3ÕŒç àµG×yÉn–7e¯Ãõ~ –ßZ":J1ÐãOGÃ–^#cRªúðïíWÞqô¶°V™éÀN¯b0þ…YÙ2LÿHpµÒ°¡æ“pÇ ±ØœŽÉáyãqr±qN’—Œ9©Á£ó.|—ýBÇ#äµ¯õSùÜ/Hƒ$BÉeÑût7G’£ŸKÓšÒ•t¶ÁJð4à3ñ/2N eìŸ¥ðY_Æ\WHsz-p»)ã“iÄçix™\/aßÒÿ8áF¼h¶¤ÒÇÉ8Žýš=ìIŒTF× ObX‰ŸG€cxêò‰º]1³ó¯ÔDöÈptú” µ„¤‰âñ´1ç1n.]ãýÙyJôõf?Üš-ÈÞ9!´tÐû!À¡¼¢U8 v P6L`vÃ¹¡¬ï–ŸÂ¾À‹R˜¤UÜ™50Æ)eàPZ´J=ï*žì÷ËkŒþùg¯ÖzLúu“|èªÐ C¥%½O¿Õ»Ÿö]7õªP[¼(~pø\açÇqß*ñµñ1©¢¦+±‚Z…±¡‹ä`È1£0%fwüiµÉžcîÛ~ùFÚ’ý¦Ë*Q÷<"#/p=è~_Ó%ëºZdÚjóž-PDBxk·;î÷è5d¤˜lÁk•,"nã/ê.äô±ÐÆ†9ÉEAõi SÐ‰ #…þl ì‘o»gêvÎ5BÖHæ’Â¿¸_!!çíÿÉ<® Xkt‚>þãeúP|¶Ê?¶ã)4-ià’ö»–ƒŽ3R‹iÈÊ¯¨\˜»ærºÓ_Î¬‡ïnúÞh+×SòìðE±¯BÆiÈFeÈ_q÷¨ òj'Ó*G¢·£r'óc¥ª C\ÊtÃ7$µvÀa_Å>¿Z¾ë“Á+Î*ÿ@è O`¹À•Xñ¶v+Ùv0ÀèO7Q[ z¹Ò¬×qsXõ(K¾îì)è°ÞàZˆ’G[ûÂ]<Œ˜N¼ð‚ìÅj<ž0 ³ˆâ×@–!(vêÐÏg%¹ìwYt©Rº¤"õ•aÃ•Þ‰YÇÏÞûxòæëÉï69a/Xx—~c[ÿ‚*ÕÆD¿¤Êc(#Ò0õÒ€ò[¿6€ÃG‘3NN§s}q¼{¶M¥C8Zø9< žJ°Â}†ÏýŸìX¤RõÆyºã¥²«,VŸÄC“÷Ë’àÕ†=çõþÀBFÍ´ÐtR\'è`ß,ªGYMÃ@¸1( NF>a`ed4Ìü×} åq1§H‰¿˜¯/eiÓÜÿ¯AwÊ…· ³¹`]r$×!ý¹Å½˜ÐJì+·^IXQ”UzE˜”.Q…\_Y•@@£,ï©\Ø[/3¦ì¸{øÿ‹ü»¨¬Ô‹¿ VÂ¢Šw‡¹´]Rÿõ_Wb¡m½¦-º‰êùêéÆÐª§:»ÍÌîUÑYE °ÑÔykù™ cj4”ÛäMh[)É¬å%#Àº^kÀTÌ»¯]Vµšáù‹¦³FÖ52äóá0Ž=FØYg˜òs*†9d†çzÔ">²·4nì-×æ¡YZ°;´¸=I‚ÔgÂ•?y†'ƒÃÖQåâgCQ{x7¦``c'GëÛWõ¿£<ì½UÀÎYße¬(Åòé‰!!Qbƒp²_R4±×«»q†c1Á#|ä•¹(EYÑeÈó¼˜ `ÛP|uÐµ!JR5ÁGhÈ9`7”ž¡3Ð<=x¡<[…ìØH:ƒnACÎ« }Ä]$šr¢´D?*¨Am)cÕ%ª]TemÑ/kÛóòð‹Ú"2 ]O² …¸Ø[Ú¤ü“™Œé%rÛÕ¢}h!v€“ËÂj§ÎCH1U'$&¶e^Î&•Ì¡ßßáü_¦dy7n…ø÷ÜøÒ¡æv,ÎCÀðï",î|Üt˜mm…"µáæÏšnËÛ—æ‰¤i1ä@>ëpâµjöˆôvœC‚`Áîž†1oë1„¯wÔ_fC~Ç©ŽöÿVõOå¹xíÿ|tN§°ðäK¢8¾@ 7:}’«{=0ž¿„iQ^X}ó`¨.Ž;ûtg9p|}.é)#Jîûœ/ÅÖ0²Ò–c)ê¾£B;¬czW*jÓw<ÃÕÎ@RYûžÀLÖÀÄ£† Ö,€›îLwÚâù†‰:RXË®…Vfÿ4Ú…Ldj ð•hèû"ÞQjpWõ3ž#˜‡*ˆÎ×Â»¥I\=¬x¨¾e.Õ;`¦»zeö0tZeák¢P€})N$›í»™!Ê"åTëêXöëmTªÞï@0Pâ©‰ÏŸ«ž˜· =ÅÇ6C}‰Èž° f—z³ xs;ß©è±úâšÐíÒ§ƒ`¾%ÞÒ}Ž›ÜÝÓ¿U‹å‹ÕÖƒ .ŸèIæÒQ(îþW°3s¢¿ÎƒûÖ"Kù{5*ÃeÞ¹$öº(ÒrÂ5õNpcÜ<k3¨VGÈ`YïS¶’M®ìT›'òr‰ÒÄ°âHÎ0iäœLNwÕìfJ4±zï¡w6ž&ˆT“ÎÛZ2A²£9€[jØr±£õ=¼Å‰aMì×œî°×q€Ãh*œ\È7¨«þM9ðÍí:³å]i'Ò\ÛÖUEÑ¬ƒP…ÝÅõY˜jLúzÝ~ëÓ`¶på ´ºiëW8ØÍ©+©¼¬XvEÙ^öè¢«%?E2þc©‡´âúÔL¸ƒÊÞ.§öníËŒ³ö´™/<öñüªÝÅeåŽ+ý²´]ûëÌˆví?½åòÃQ#Ÿ’£Úh*ef‹™?>éöü+Kñb±y{žf}™!õ¥ËMXŒM'KÇ³ÁEh¬ƒ1Íz¡k+ïuœá•ŽžÌ¬\ûþÀŠ…Æ4öeh…àÂ´¦+)šÞ‹Ë±“©ü-Úí–x€ÅÅžq>qä' „jN°î È•¸i–Àœ®LŸ’T„)wZÚ³ymþGD°«è>œT ²ÿƒo‹\Åú¤‚‘ñ~•¯ $ÖEL°"®ÅÜÜ1iÒ-+¡åò7š7&"Ì^å(«øo¸í¦°¶¹?¦ç¶ ôÞ¦ŠÌ¹USq©ßá‘0ê›¨×…i}†Ä<žÅ½M¤fÖ»KÄŒ!ŠÉŸbÆ‰MU™ûÖð³÷¤}Y¨0“îýØLjI.sÝÝÜ¶ÔÓÃú4*Õ+–Þ‹AyZi)“ür7QN£ö¤‹ÖëŠ8IøºøHv…Ð.ÂL:©ðÖ°h¬´/¾Mí~ç˜°óEŽõ¦3ZøšmÝº¢ØÖ&ÁRf³aïÚ~v&!"ŒgðäçMÙü/¯\¶MGó- ¸„{!j¾%»ˆ83ãìÎà«\ÙOeŽ—³¦¶"Cƒ:¿½x î|+…+|E—ðÉV‰™¹8siÞúF EÃ´×•Rs,´„‡ì ~XÓWU^‹c½f€x1Çs2U= Ëf!Nþ-#àýV¼º¸½TzY4PºGÐA_éµ¨ NìA8Þ’tzà@ÙP0T ŸìÊ¹ s¢=ñÌ°®úÔ§©_¨Ójnv@‚u–û…×\1?µö P£Å¢ÐB„AŽz;}¡Žˆ¹Ä°îóÔêKJ*#UA&ˆçh.Ñ‚‡wHÒ'Jù®ò¨Yõ¾¡Ìž¤ªáIöñN€Ç€^ö ˆ!U0ò ¾9 ø7'æÄeÀ öu–ÛZ{_î¤ÅMSÉ–p”P½5âm@üÄŠS¹:—iË›R² î ¾åK¨| ë)û«TôeÂúƒÎ’ÅD¦{ïVÛµ›K¸®g& ˆNp_ø²¦š9$Leýé¦ ,Ñ¶UãöMÅ,‹;%8Î®°Ï^îÌÄ:Dôfò|ÅÎsåÙ1VÆFÏœçÿ‰9é VºC¹ZZÙ²bËB‰åd/a¸KËïŽ3Q’ƒ_å³S™4l¶À®>C…€Ï¡Ûš7Oß3£;ì‹pýÆè. Õ˜®¦eØ¤„ô:ï1Ù¥›5ñÀeÍ¥f7ç¨ä_Ý’IdýùŽX{Øþ}ÒtWú‹QãG|çLÌ4ò£ne`‘Å—“Ö«Jé+&ÌM¯ª' ;s¾v1[]ß!Pn®{ÜÜZÜéZè:G%¯>6!—mçäxšDbSq2æˆ*þ f½IÓÔ3j îîÔ …åÛ—ÍL*÷Eœ‡¤ËÌ£TþSƒGÚ·¥‹ÇÆA~ÞÍa°©DZe2@F%¤â¶eÿ¢Ï)¯X:QÞàû8áÌÊ¸DSÒ5 å 7h§™Äôú»µ"/Ø‡AËG½¶¬¯/bð‰Rj¢zÐ]Œ6KþÍ˜—î}MPïìôC\Ù?D.¼KJÝ¸©îžTñ$Î <ˆàð ×^¹ü-jw-&HU˜ ´°’yÇ›kµÆY™ÎÓ ¢ç×jÏRZiü,B¿[ÿÞ©C6ùñÔ«Y˜ÙƒY´" ™P2&DñH3Ž·ïåˆ@ˆS®ôÕ]Û€¼”,ó5²¶Á(›×ÕQÏMáÐ¿ìwÌGÀc¥ò(àŠ;Î‡ÉG–§À|®»hT(.¸0šÈØG_~Kþôœ¬½úPÙÖ„ôHloÁ›Ñ ·ÊIˆø)·×dòrÏ€Çô’ÝP1ŠÞÚ3Ëß®†¡Wm’m ¾±¸Ì.ÂKž¦NÕ·Eæ…l W€bè\/«Ò'’¸‘æŠ€òØø,}” ¹?Hñ;òdùë™»Þ«Â:ÕBJ!kMª}'KIB˜VÓFÅµ÷áPì0•5ìà4ató×Q{Î‘Ýi•+9,Þ¶%¿J¼&-F³20+(¾#Åã"-w'˜LÏppAË¬‰/‹CÀ2ÛE¸ž ôTr(Ì^×dMò@‡ù[¿ZÌrþzæ¥ž¾!(QÃ›+§í&.A&—ØY ‹+ÿ¡gbïpbWÌÿïkDÀÇj¥û>d.õBQ§º]\ìNø?7Ç[?AÌOÀÍŒñkY&¨¾_´‘EÇV}þ~ Å‰áu3Àó<,EÎ>‘±7(Ð%¯^…kô5“q>Øc½vÂÒåÊßFBÁ _ö$!™»«Vqx€h’¥Ž¿çÙ¤>—×Õ1Ø¯|ó¤Azfü¼F¤éü7HHå$P*}‹/+¹K‡ƒÔ-/oƒG§¯$+ðÆ…!')âPŒñŽ¿Y–€W(ÿ‹çEGÕt‹7UYvâtº,Ád:ÁÞJó7›u´O?p(ð+Áj«5_Ëâ:÷J£ÖqxÔ'‚ª±W£ðíÞe‚>^"‚a]?¬l=…ž¡h™0§ëÕ„J3… ¾èYË»õÎ‰Ã—Ö–Ã¤ùâÛå“¤ÒR³<‹.1Yø0X‡MÕZššº>…è±¿BU $îé2÷hä#¸À©àë×ŠFŒGUË2ž?‚NâóÙ~ý_bÏCC‡lMÄÚ·Áë¾>‘1=:v–PÙîM˜(,bŽ]Õ5Èa°'ÊƒåôP¨þ¥ä6¸´Æ3ÍOž€ › ùèqÃ]…4x3š²]˜¾þoÖÏ¡´³–a¢¢IôäNbA¿Û8&øÉóã®*ÆKû˜ÊNÕáùh`DyÀÓ,Õ ¦¸„—ìJÁ•GI°Ìv.Ml… ²ÈÈ—žæ-bXS?–í&J(WÀ9€pÇã´w0LBÞ Ñ]Rïøþý¯~Æ^ë²†‚•á/õÏ¢4?bQ»,]ÈŠ&x7G÷æ9å„ t+ü ä^Ašx^ÿaXçØÜY´o#ŽÆÿâ²è•ZÕß_G*-Oš}Š/añ@"ŸûHqrî`5(6n¼Ô`n8m!ŸK6”€ÒÔ9x ‹U‚@ýþu^üþM±¤7õÊæ“MV—¨®©ù€ˆ@1»ÕÕ‚M—?ÓrÝyž°Èù'IV*ˆþœµp{ðI˜yÀé×Ox×Aè§9({Y`ßýlæîpìàkú†?ô±ƒðÞ´ð91Aù°]:: …ädû-ìâýºn#G0'Ü5@¯l¤|í!-a†I’[ézÌØòÒïp‘¸¯(Ò=ÿyÎevc8ÀÒ¹G0dã°ã~ˆþwëÁDŸ1ˆ~œTFŽëø[3bñË½¯VY ¦_6C/Ó 2‹ºŽØEã{E<âº:0†wÅôrJ2º’3A2v9ºš#õ|ˆƒ5 WŒZ27úœÔ`¥VÜ+sÉ|9âCur°fÓbf|à®9QZ<‹é×ºB|+¡À–Ë¬Ôž´P6m‚•çÛá–°ò°u–»Rp6H… _%$¾à³+ò+vžCØA+µkÓ" rs•&*rl@î.îŸ#˜¶—?·: = €Eb]ÃµñëôÍØßäÖAX±–´äðq[}3ñGµ¶BBíîGöT”zð—¤Ææ3A™"(wzÄûÉó'ÁtqÒÇÉ¹¿øwá·”mhÛœ®8£äYS)ýQ¢Ë˜“Â*l‘¸ß÷æf:ˆôô¼®9Ê4é]^·81:ÒÜzÂ’K_Õ®¯Eš°Dß·42l™²›ò7-írö7Ù“Q?Ý dnúÍU'û OgOåòwè8íWùÈ»{"âÅùñÖPÖ¦?ø‘2N1Mñ1ÊW;N«Ö Hyý»Ö‰(÷¼´ë1…¦=[{ý)²>zv@qÏ‘˜/™µÑíßô÷K3AÌp¸‘˜_‘&I[þÏ7”dH½FLaÖx¥0"by1¢)aI3=u:1N^Ã¸õKï3ÖüG&sR*P£žMµpX¸[dÁµçò{ù…£¬&•ºyHë&…#6¾}U«žU\Yw+0[.[P h¡‰^F‘Z‘:ÒH&±ßÈÊ0æÿC‘»iVF{À‰Ì1*Ý)`Qs¶Å JnµþÓÖê^zà.¨¾ÉÓÄË‡;½… àk2·J²‘º£b_÷”8“ù¡Ù\‘4ïß/¦°¥œ˜°éh'í°'ÏóÃŽx™?wMVï^IËŒ°òjôQ—¡q¤ˆ¾`Ï'ad¼»‹_!³ÀŠ¶C€}ž¦r¶Œ\%7ñ1k»Ð*–ž•N<£ëf£ñ·œY$<Òž+(À.¼ÔÒ.ðë— ‹-óˆ½~‘%n°:du½6èt½9ŸÕìq]„•óEO’—4àÃAºÅE'ë'¦Ð8.äìÒs¨©‡S+ôvž-¾ÒÓîœ¶]^±@ ö\cß[ Ea”X–§„©fà‡G_æ®Þ|ìxð@tƒseòü–;ž¨†€Ùà?å ì[¶åƒ8øPþ§ç\Qgèw;ûòð}V1²ZØ¿a÷&Y¢¸¾7dÐ~Íàöÿ•x48ÔÔëV¬rê?N>½Å¦Š=}9DØ¢7ì^Çâ!6Ìb4FDÀÝnÇ£âÓÚAæ³>¦·e°UÂu²Ž¯è9¹ú(m€§ÿ6±Ø¿®ÓK€‚³cÅŽaUWÑB23õ•@><ý§4ÌÀzBì<ï¨·Å±_Rqÿ}F[PÛ5\`ÞU+á-}M)ùçõþ z)ÒŸ+sh¢Òç:=Ú›eJx…b.Ü+· z%®)'nC™ÎÄný¬¶Õ¡Öý«7(ƒjPÉŸtø"|“¸É&ÁŸ>¾`ôï%üÐÊ¼°´Ý¼¸œ®ö~/èà× ;#‡1á–º¢ˆŸvÅ‡@Ô™WûvïÃ¶út0`†dyyU;jÛ§Â‰}ùW×pTþìŸØžÍµjA™8ÐgŽD¨%D¦géàUá°“ a!´Z8Ö½ñ 'Ý]ÖvÊ?Å+qnkÅ(Ã€£ˆ›*þ: Î´wNhå;žŠÅ0×ŸÆŽŽÛœá½À)º†® 6ÛâÚj‚Cº5H&\ª":Š’k`XÄÇV>Zˆß’ÉNáhúþn›Õñ×Ï0tKyí¡çÈqPg[H¯^æ`YÆ¯ož¦Có½ºsÚ—ËNÆ†^‰€£vâ6@%cÎX2Ý·Ž„—“Ž¢ÙdkJìr¦°êmt?‚à#(j¾ â’sf‰Œ³žnZ¨ ¤OÈ?±Hë¨« …sæ@’%ƒü¯6é1ÛR ±F¤0Û\ts¥*ü¬)døâ°Äoâ•«<§¬láÎ·ÖÃ–2-ˆsXNšuë·ê¤&0S·I{7Œ*,¯4"wãpÞ@óäþï_f$ùüÑêšÂeÍE£x*P”'›YùN¥l(g<Ü‰‘è8š3ÙYÄÊ&Ò;òÚ“$œ1ñ ¿ e&D‰jô©åÏ‘îcšÀs0ˆ&&²Ú«ßCÈÓ½)Ö^åª~z#ù õ®aweë`¿ÙUõçu¢É³ºK7®¡cI t- ÁC=$ÎúúE¸"|Ys?*Ýá¹½ƒ.îøÂ ïÆºY˜3R™Ž¢è¤õÀ÷QøsËè·ÿMg|J>zs'‹¤µaÊO\¨êì’ÈUý3mî®œ6«léS×Ð´\UÓ†dyqd] CÖ„ƒœïóöøIùÆ‘ só&ÀÅPj=s^<^’NŸž7r'f·¯vqIÄ{ ¾ü0ˆsªÛÝpÃžŸ0ËÇ:?Kß~˜pºîJüø’4“«N`n'“š©æ Èµ6ŒÆ¢3ó¶dîz½ÌB HÎL²i+õAíµÇ ˆŸ—Äº G¬Y”º½ÑKœG½@ÄÊs–„‘fˆñŸŸ€HA~¥¨Hù;ÉË ‚Nçë´áIúC3’,Ea5¨ép™m§f´¥{Vž‡d¹Ç=$ôûu1¥«w†ºÏ}Ä* pËÑ#ü‹ƒ/lÌ‹J–¶^’¬‘Jìcç‡ÇvìGnxÞ¡lX¾ûònù´»øûòÆÉS¤vð«Ìd;© èÍ5»¹[°˜V-B¨ÚÜXn?Aï €Q‡´Š¸Ó¼ZÄ€p†¬¼'€®Ôàó9%óÚ¸Žãg{ýƒÞžšGh×ˆÃ âêþ$¦¦œÙ©°ù¸ø¦óQ¨¡7pÌø$cøêy&9)Iië¼ÜØï²cÓ0ì©ªcäjN.îhuˆ+"ù¶Ô7<'Ž¸ëVH#,‚¹åôŸ¹Tòa µÚ”"¹~mºÐŸ¤X.¤A$¹r)ö>*¡^‚WÞ@'X›GiK¿É’^¨…"½B¿ö€º\=ÌZoÉ`áÑ¸å7¥äÏŒµÂâœÑïêŽl–©Ê •*œZŒ¥¿ÇJº–ŒÜk0„~?tÔó|„ÜÌ†x\˜øpŠ_rú"éÊ;¹É¸»~öfmf•zÉÝÐç…¥#(FRßßÄ¸Å©×~|Z0W*'< º^ft“ÏÆUbv<È•ŽÒ‘]*ó‡Ü¶¤Cê4µ7Ü2$ ø~ LL^ð}¯»•AžfêV'ýé‡]é‰y–dÀ?Þ:Ã„(øf{Q%®»~ídD«<aoŸµl4 ¶i%1˜Yèeå‹(Ç«‘Ætˆm!Dá£ö}F¼ $°5®‰çs>öóãTéct6mi0Ó‰¦µÒI„Ù8@¥¬þTÄ,I3‰tÁe Ô$û!+]}ž‰È?èFŸ}Òèp²m®m‹•b¡)gi`ü×Ã `pæ+q£DSÇr" ”õàI¯5Ôpž¡¶l2¾³r‘É%G%î¦åM|w—BÀ¢bãZjì„:ISƒœÀp3ÁoQ›-\&H²=;¦Z¥&CªŒ!s•†ì"¯”!FžÉŸ*&Y¿¿™go€Èà˜íVRèŠïfçÖNõbq0. ~²XÇ±Pªå¥A~TJmøÄH,d¥Biò:²)`»°¾£æô‘?$}ú¶,GÑ¬D]²?XXmH?d.Ló—©OÛß´Ä÷8êÄQ_¯èIž‘«ôÉšæÒ*I÷G`ïçTrÁÝd•)44®rá}»:ƒÚÁj]CªÉàümÍÆ{¥—’?¿ö;$šˆZ,ÿð¹a§Ë¨m X+¾•™@–ûS±+£ïˆ«¡R>„þjhãÆ:Fñô4{¾1$ ¢1¨Àv‹^þ%ÑYàîl¨âBcJ‹Ey„à€¹µÁ_ÈÈg~aR·¬–‹¼WÜkÛixmH%‡9ú‘W8ÕñˆzLçŽ™Jí×jù ÀF…èyûž¤_;ø›Î¼UÛñhiO”º-¬u“Y°òÖÊÉ¯‡SX!¾÷Ru›è¬U»áláÅJvfQÚÙÐ_±Q½Í=]BÁ¼Ô¿ˆ‚Qél‰š}/¤]Þt#ÖÙ¹qÉ0MJâê§šÙ£Pð^ô×mˆ²¯‰àÉš@ ôy…Æ2Ôî›'ÐÀlªÚµf&×µªËŠ×XýÖ0Óià 6¾&ªÎ&gY´À“¤¶âÉyü„f÷¢a\¼—Ðˆv¾î9B½®ÎH\×£y!HêgJ÷ä C¿äý…‡iŸ;“"ëG~@Ö^~æü^Ú#&ñÿ°ãûu°*»&ìŒÎv;ŒÜíX±=–XJåÝ¶äæÆ û<ïÀ÷²•ÒèË½UÞ¤›; î;zÌlD6³YÿóZØõG'ôS¾Ãž×®k€Ä‚"ÏB;õ¸õåOŸ¯ ›³·‚g`ÈÔò&Òìÿß=BŠ/ÅÏ‰iŸî¿*\¥ªö´8WLÁ®Rj¤•q:Oe_š/~re-H®]ÖQF-\yGúX3Åè#ÏTLv—›BŒ©‰LÓép¨Ë·ô²×n›—Ìº¦AUˆº›®QÔú‚=5ß¨!#zÖ KÆA9bÃ¹ Âëm„WYÊküˆ25j¬4Bš¦ŒÐ„'›2ÊÝ@KŸåä÷®Ô´õ±ÂÀôñ´±@ºÊïØx30®W!ØÔ6 €î|hÅ;/`gma˜ÏF[JÈ±ØuÂÂCú…µ€Aì¹ú3$ôáúã1 :8Cz%Šhq&É7–ùv•üù™&K³¼/©¼8ÿND‡i€ÁÛv·7ô!êzðj©«lÂŒu}Y÷öÍí-"’-)TçÏüf\Êc…&ŸÄw>n-ár¹´’†„Â|ãõaBòôËü¹îôå†œÌ»…{‡•îˆf|2öª«:(,øÝÍkáûÖ>ãðXŽ"æHÆ—=šŒw¶Éb€l› Üt!ƒÖ'ÇYC©ösoè†R‚³ÇïR†ƒÖ¨ „¬FÓ·{B×ðÞã¡É/]7YWT µnõ·ñ7Ú‡"ßü=ÆNq+ÊûûÛ9(ñÍ‘¦ÜâÁzÏ”¤E{àQòª°ˆ†Gën“ÝaºkI¿;ãEÌ‚&B³†w;KÂþšyUx.W‚³z‡w=ªóƒŠ+¥Þ8jâåk™”º'OúÇx¬œÛ"ô?#5Ý¯",É…î¼ÈÃ,óHÎF+®s#iü¡ÌIàÉæë˜~Ëf1µíaœòÌ¡½!çôçfJM6Mw§`µÂB*5ÍW‡y™Úæ9øÑ¨í¶`Úu5m!4 x¿^ýg>Ñ?Ê.ÚÐÀTo›ÒÍZÁæ-¯W™žI#±‘( 8ZÊððwC^Øbv¾À?cFc¸g±ªðn”ÂÿˆüI2Ç½ÒJ†ò¨¨lØÎtJÃéý¯5DÛH[ÏBø8ñ>ücfÔåTºi™m|³Ÿöfÿ7¶¶íþÚÿaä¢Žxh5Ž„ãïÊOójâf,æSÀD å\”µ@öƒë ¦3$ÕeOªÉðóE·Xäª»nÅ£Êv×©tYŒŽ¡³®xÚ³µm2qoLô˜¨°¬°CÑI©Giå·Âfó^‘åØØvÁ—“´•yy>LÃ³!s¨ÿWÌËRìÍ}œfY£BãGg}Chgq"FÊ6ÑÛÉÀVóóR'°ãõhw‰]ïCaLM´ÑóW•&aÞZž…v«â€‘[1íµeÁ.½;lš/Q£Ç• íÖ÷§É;EP~‹`ì† ZhÐOò¬¹«uÝ¬À…d°e^ëñbÒÝI*S²}÷ØRkM3kTŠ6ùÕ¼ùÔR²žrÕ‹ó”3ÔBb¾È¹ý8TãýzMÜ=ÞÎÝ¯°$ž‘ÏÇTÊd@wW˜Œ†¼QÐÏDþp¤ÞZñœWØª•djx4z–‘Kq÷8£(R*Ñ4*þcÀBc2mª—7¾rÐ/~u·”(X49%@o×ÚÑ‘‹Á5-î6§Ìåbw¿=J&ePãòQ9—8Duå9eØÐ;k1'¡5s«]ÇLòŸ¹{ûÜ'Ê¢Ž”jx¶reÏÃ»L3–ˆ@HU¡7eã~Ûûª#Zk•Û‹xþÌêé8ë¢kôÎ™ˆ— –çò ÝO 4Æ\qpØÂ, PáãÒ¢ªl8}°èLe•Ö×!=ÄçcVÙÄIIüË~xìÍ0þE á—ÎmÕ§Âê1^²»ÔË`¦)°š£N»üíËnë9«ôï"¸][ý\†à>üÌ‘Ñ<ú²ër6™¥Óä¤Ñ?mO”‚èÜÈ³î?«¯ü<©Y²²¾æ¯´ä7’ÚN¨û^QþºwÀ~Ä!ãUGØ¿Dýb3CÞG˜–PÎæ‘±ÐçÇÕrü‚ÕÔþ‰9ÑŒfÎ\ŽYš{¸‡Þá¥m Z,ÆuŠº4ÃQTÃ|ð® kÛ¸]µKòˆòø"qëæžçÀ0£2C¹êBîÁôŒûÿK®9ž‚ÐgÐšZº›ŠU“Nº¨BCÖŒ»º/"§Â±f>ìÎVÜVxÆå f=ãõwe ä„÷¨÷÷Fìøxw!‡8ñhÒ·½qû&Û«‚ nyGò#j@çqÌQƒƒd&œv#:&YkÇMhŠ±…°Œ ™Èbˆ25H‚ßa·Jê"ðk{‡…¡à”|^¨6•Mû{5|0[ALVº•Å)>>sõX4ŒjðÃÐæoqh.â=ÅÐþï+þöBQjÚö0oÔ‚Ž; ”}jp_·¥…ó•*ž’j’ÀF :Âìf},,ÿrÃžÝ‰€ÞJí} Y²*K‹ÕŠÐç;=æ’7ÆG8ã“õðˆ[E§¯ÊÙaEÎLÌ6×ë}†ÞÃÎ%cCÄiá¥° =F¶;Š›Û«g»„öÍW†€ôS8^ìù½_}Zo]$çâZsKNž"5iC%KÄ¸ua|Oö n©V¤mû(Ã˜ð½:Xó‚Y%ì}]Ì?ËìÄo·;9/“Ç.eÙutâ‡Î²ÉÅ~>8´t b ¬Í„k» ©±‰Ó.\É)„Ã~*õ9aTÅ|ˆ‡b£Â•²Èä N}oÃ–›Ý&HL“ÛoOòÍÌÊ¿‘ˆøAšŠ‚W£ÌV#¦÷šW=ÆoN•óñl€“‡k¶>÷_ÅEÉ–KmkMå Ðº—æf®ûl˜Zw®$èÓ;Ç'A]í|ù¦Xøø·<Ãªlcé9)X‰%¥=¨ÇÓÂ^¼KÍå=\gzéºò–¯ø2ÜÉ--ä]ãCš’è6ÌG'Ç%FÊŸªs©WÞûš+úµ˜GžDE0Æµ@>Ýý /Ô; r|Õ~Nºõ£´j8â.Å"}@“<'ét¯×àÜ·«ÄÁå|¢Ð¬+Öm‰0ö§Ó¢¹Lèä'þTiy—g-žA“,Œ)§´Ú–šõ½ðâ¹wwàï³ö¡Çá#'1˜‹ÙK€@£å³°ú¹ø98EÂ!ðåüß!IÇ`ûŽÈJRƒ1Ÿþ×‘/¼šñ¡®ïŸš(xÆ‹«÷ëlé£xõÐŒÙðÅîë—ÚVmXÑ+[Q}‚`*«oÌ{LuÛÝÈ%õ v…ê„½³«¼©vÅ—ë–f¡~¤«Yý/‰Q‹ÃJ¤£ä\âðvàâ´^Ê°l32ƒoöW>Åƒmu‘z¦7ÖŒ™ŒñÂÆÞ¨aO,7 äøc_Æ5t@]—4ßçPRšñjJ2O´á|f‚õöM»ƒ¤ƒ5ÕØ”Ž-ñ‡ XÔÊ&µ(®8gþjþ·ç_6™¤‚¿@e€YÖò¶õÏç»üÖ÷®‰E'|5ï;·;qýi[ÂŒI\w:z…÷ëT‚?©{Ì‘Û¶qæœ_•þÊRW¾R øŸµ@BíbvžF5 ñªÆ2Z;¼ÿÃåU™`tsqq'• |úÏA¹ÀÑÚðcó7(¤ÕÕ‡„>cÔGÈ·ŠC¸„%pœÛ‡¯«6àÀòãO1fO”ÏóS6Å .+MèTÅ«¾ª=©WòŸ`š•dR^Ðj_¿ÏV8|3*Šµ\Œ¸üº;Fî„8÷zqP`‹…3úLBiP{;¶!öJÒúxyÇ÷ ëÚ4ÇsCƒçËý~+´Ý!¤Íô1‚pDé±ñ¡À€ ÚÇ>†ðL?ð8#s/°cðôpÝýkýœ å'zø°´»øÐv¨#fz¡+ÃÉ´õ¼ƒþú¨Ú¦B‚‘9g@jÚ4”ð]H$}B¯Ir¥vk¶ÊKA÷Å i¿•ûß2Øm¤È@å»9}¶ÒÞŸXÿIA"GÖŽî¤ÈìIüŠávSƒBe¦ÔÉÑ\C{KvàÃª"iù¶sx÷j‹ß§,„Åâ9Ì+¥åèPxoÔ°qd—*)è×rò«ÆwF…†èîj¼&[øC@/ù|f[˜åíl2EJåNø¯lBñ7È‡¢înã-,˜|F&òúqÏjŽ@n&EßwÃ“ß|3ª®²Æ+ò»f‡¯×‹ôK®Mó³ÈÒ¾3,ú«ß‘!"ò£Q"kºÙÛo*3e¦1¡É›v½Ú|ØœUÞ’»‹ÉËFCmxH;¢[rI”n€‚Ï·Rÿs£L¡V]š›±ÌYÜøÜÿÞEIû‘Þ:‹„/v¨ò×î£ÇtN ’r¥S¯v ,fÖ8ôŠ/ÌJzˆššÕéÛÅ˜¼uÇÊÎ˜‘{ÎÐÙ†î3¨yOsÃ¹¿<;Ÿª$«;ö £ý|™9GôvØ'ŠfEúXnu‚›»qÒÉ!ßèxjmopSÅ1}^Þa8tÛ¯Ìâ|i%…‚õ:´‹Ã¤¼ÊwJEóJ9ð†Šÿ–Ñgxò'o¹Ÿ@Ã%L'ä†åCž[B§ƒ¬ýâ˜æÁ°=ÑˆŽ‘ytQ»¥ßdP7ÚÓ$ÈŒÝx@÷ÿQytÂŠ5If<º²ô¹>µÞAÃ’)àš7¤øðWõMç?ÆÈ)÷¹-Zqà—}ÆIs·ÜU»]•ò˜ÚÌImúJq/ž)žªÚþ`_¹M¹.€»Á?4›¢ù}&TJ‘S4.q¹Ð#*©R,ÞÑz:b×‚²<þïùš Þ¯ƒ8“Í•’ýt?7-’PÒÇ‡ J…†›2RãºÈ‚ÔÖ,þ=RZºà(×>ÄkÅ3ÛtŠÅK¼#Õ8Âs ¹x°ôLíh¾„òF«ÿ2Aià1Òâ4 çuy¥Þ2ÿƒM!v2ccaY’cz•éO¡KŒåèŒ&†d°ûÎú w<`ÁÝ4^áù8U›¬“’Ë«ÉÂ+U ˆéÌi6mŸgKXþæó6«!W‚çeÈñGˆ1Ñ›qÔOÈõ²¨¶¶n^¾¨%‡"mjèŸy…ƒfŽ BnÑ²Üa$èv NÝŠ'9Š®¿8†¢y¾32¡¡Èw26ÿ,”Ñø¡ýffB‹¡¼=b¼ò´Z†$–ÿb+àe¤œ ‚™!LïzñCÿØiáüqPÇÒP7ÚòŒŸÅOÝ^…×›vGÀqW¸K_C/Ò†%n©˜CýO] ªi6æèöÛ+ÃÂª5±¶÷røÃnÎD˜]00h©-TDLÀd»2id9e¬}óŽô0¨š¢GÂ6½¥a –ß¤é"ø{Rb'zÀ—]Œ(6y~y¼Çcø«ÕõMeJ·ƒ€£ÂwÒSÌ£.Ie(ŸÓæèT@*9å2+à›ãl}Kyî¼'êY® AQ–+:…¼ÿ¡hÓJTm%Ø$´÷e67Þ 5tºd«5C}Ø…Y±½;SÕ_SÛDEêãïX¶rWÚp6×ÙDãŒ ²¼ ÛþþƒKÅBÊ[þÒC5?[uãÁ©Àÿ}²ëè•D7øýpbà,=¯î6ç†»Ôü(ªÔTàrO²W¸öòÊü/õ€RÐDIwX|yÃæŸùÄäÆG³o¢D§ö¢‘JÖ9‘@1þlÛX9¾X ~ê‘¬FŠÈ!q8x©ù$šß™m›!W[ýÂ!öÉŸIòªBi¢°HžÞMÍÿª¥ÐAc„‹¢q…`´pJ˜V.ñmä”LBf•h®ùB‹¢j|ßé¿¢ ‚¨Ý a ULÔ¼¼oÂ’oé›dƒÿïmG92†ÚpÛ)Võ¢HBðIh¿Ë²Ä§Xâ¿;}Ô.ÆÓEÎG`‘»þÐ*dä„è|Ÿ±Þå"HÄpä yûÜ`ùàò{Í5P.÷}¼«¡í”ìý˜±ÆFçiY?”±YT‚eïÃñð8b÷7iàœdÜäF5”†v·œ&JU¾·CsØíÞ’°-isœtƒ“oè&q3[ª¦ÅeØ=Ø%Œs±Š‹2ÈÜòWz6ÅðÅ‘¯tÕ˜iæ¬ÇlFnŽp@Q™í¨vš3Gx6Ä§Ñ/Í¢F—)‘Õ%×`€70®e„-MaûInÄ²¯É”¨˜LÇ\¦Oab!yä*¢5¬¥ÝKíØÊwÜ£ú ™8¨¾}Qí†}£#7¢£µFx (¹h}_A’!æç\¢»} ˜\…’P9zVl»ù Cçœ’¥žº¨À¢0”s(½üêÙZ½•w`Þ@;‰¢aôì»™ct/äD)…˜š·4¡B3€5DÆAWºÎùÙ-%ªù„0äÉÙºRo¢¾²èþ JDóD²O<-`Í.läæ&hèZ| ºà±¹§ÍÉæ+éxBeR³†<šŠóŠøZ€ŽV‚ÇRÄ¬$ztŠŒ~’vŠ…C\ØN,UŽˆ°Fš?vTÏ|ÖdîÙ¹7ÖaY0-–Úº‹˜•ækn½\ã!ÑåOBNš3.£ô¾=eµNLb]ò"MO?öÜ)<, YÃÜÅãó6a&™Ú‚:ë“&j7ÙÇäÞÓo„i}^é›‘Q|Çl¼aDƒ Yè/+ø¡ÅhÐTèž2‘èD‰5ÔÔƒÔÐ¥\PRÇyìÑIÈ “ÌuÂ=Â”Ú1;» éN‡JêaÌæ¬Ý¹¦é«Œ«‚†³,Å~·yŸLµ±ås½ªµ²:š¬ýã˜Zmµô¬æf¼»„}¡ÕÌ²Çx9)õ½(†¶¹TJd!·GÏ@`à¬Kõ„IWN?º–ÌH³U‹Á‚âßÈþÕÅüÚëTP¢Œþj¨‘8•ËeEÇy ÈcN¤e4pþMðŽô¼ÇdºIs|Þœ˜ýŠ”ÿ4†„ûnPÌåûèÓÁzfC@ÀŸXxÞSF%AE$ì1g6ŠbeÞil%<âLãÆk²’LfcžŠ3*—€]ê™ë CÉnB¢’Ã“µºdi-F#›*UÛ±OëŒøØªAÅbPËC´ÅRìY'^Z>U9æé?r()8ì~}µCW5$bV—'Å¡âãß˜çÐ7ë>¯ c=x8M§Å3Þ0$;™½úç#€æ¨—Ç…¢ý|yVSöè_µô¿ä®^þÉ{Ù™–ˆúVÍë^±z¯Ëþ´$€stqêAs£&”þ ˆÞZ:ƒ1«‘Îi!Œð°&ÅŸ ò$ö«çBUŠÃ#É`Öí\"ø¶<´Æ¶~Mõ.´ÊÓ…ÄSæþ®ˆ5v,”{W ¢Xù„ Wê3-+Ö-Ó‡W& öŽÐŒhkùªÙ¡ô¿+²žº0yk¿o:>e[ª)ZLÂ aÎ/R±[y¯4[.d0@~·ˆ¸ßÿ\ÙˆÂ574ThÈ×BgÀá‹ëÙ„„þÅ#wNåù±ÚŽñ€›Õ- ‘Çêa¢ä‡Ì"IˆŸ:Ž<_$‡]‡®R…ã¥žCû Ý=§÷_k²~@¦û¯r|¨ÆˆšŠÌrÝs #rqÂãs{ ¶(\mÓÚÇÂ‰šÜ8 «:Ü>i³¤4wÇŠè{[S Æ·öuP¼HjjEÁ5rUFäÌ@3^™öAÚ ‚1!Ç-›=›Šµ-4€ú¢]5@¢LØBI{,x0ø“4xFKjÆ·` õ'Ç˜XH«–rˆ{Þ€‹tXà.Ï'$ÃÕöò)ÁWil+øÉÒ÷[ãðL0¬Mg#ž¥Û»’-ó£v¼; «±èÍÖdrt)[±)%ß?.„ÎÚÌÍR½ˆÑG™À›!Ñ·' agœyÂ¸Ù.ÚJÔµÄ§›¾;~ÌÀ^µa=ÎÉ‘®ŒÝ¨`'¶ùè¯ß4+IH|3f½9ÍìL/.¦€Ü©YZn—~ËÂÓ†¼5áè'ÎFDlöÙsß@^ËnýýÄ;X[ÃÉòî½v‰ê†©÷T.ös†w]@¨è.Î•÷m÷ÒÛÃÿÛ=÷õgp¶“÷M;˜ïºa¼I0¥7|¾Oåå8Œüë7¥™WU”¤ö(Ñ\Ñi—ŠŽ?äO‰qO®=ŠÊF=·¢¸é±v± N9¿2¶1€Ì®:„¹•#BxUî ƒq¼V‚†Ò¢ëK0JFDÿË)™e‚E™Š®¹ØaˆÍbßœ_2É¾ïçƒºUVº$|ÔWa³6+ç‚5#Džº×ã(›Ž¾$i:ÎÀŸP'ZÔÎæGÁScçRÁ&$(ùÁ"ˆgeS=>›4u‹µþ‰÷õšéÅ}&—P'MÊ|fqEïDÚô‰ü‡^Ì`e4ˆDˆ(pNâ‹×[vq‡«Põ°ËÑAx·éyõnäi§kgÛHi]3z’5b¸zU(²O©)ŒÙ-aŠÏ{ÍxHï”í‰1ÐOö›±Î‰x€]È—•DîF££qÓ¼d#Ërtb—Šü³)QLÞIÏ°Tá47.©ÍžG45> ™åyÐ½uå5¡òÓ|'éÎ 8¾¹Ü¸o]D,ÓlŽÐ¼”ÏG2Å·æµøì#ªúçñ‡ÚÔ›ôÂƒ»¬‰x÷ÃY^äœb&´OV”è„ûõqXï·ÁZA*éŠš¯dvÓæÀ®Ñ®ø{ôw\ãA:¾áÉ q|Xˆ’Íóz÷÷ìºqçQG†5]QðNYõÊj[–hï9`()Bz6MéÇ¨ñãÚ3°~ƒËuœâ= Á\Žb§ãáé§IÍ{4ï‚ù«ZŠf{¡¶ÙÂÚs[sÝ•#O7¦;WÅ˜,†Á²Kÿ-%Vpí"Pä/©/O?´ç7_ ’áõª‰C©ÉG•ºŒÚÆ{†ŠZ•Š`÷yÌb>¨7ªìFk]†H5üY enŸÍP‹£ïõosðèÞZ»Ä^`—6œ}4Òîã°Mø[^ðµìTo½¸6óSáÙðç‡ ÍUXûg¤Y¦Dæ!8uŽ¡üÂjS…–âóèêhº‚]ôÖÓÇØn `š½Ib`Œ–¼´õ«©Y¢à»UÍ¼6Su›Éæç÷ú"V¬º‚jƒ(ç<èóM‹Ý‹¼…G}b~BÔ#{ &Œ¬ç!ÆQjè¯ázHÃaç¦:JÞmë@ðª%5‘ÆŽˆÚDQyBšòíˆ¥ž@aÖÃAŒ9È‚¯2èãï0ëGáëa›7fm$´¯)/HR¤áÆJÊ¨ñR“ 8½ÍGž ¯J*Ê’ÑìµÈz7ØÞóF’ôÏöWJdš…Ï¾.|3 8û6¦¹Ùa)ÂÉ,ýÌ¯An™(ä0|â¶áÄ{(<ùYÜo=²8F%cÅŠƒ»”]_ )åahL·ÃÅ9Ã‚æÛîžîA@¤€0`ì´L–ÔSYDlïëñf¹Nãî}~ÖbDŒ´áÙ‹TÌ“2'˜&Ê¶e7¨@PKhîµ†ü*$Ž7Mƒ¡—ÒûjÐzFø•Ø ¥M·3‰ªÚÿ2’_aóå4zÖ²rO‘gÈxíeš{xkrfäÖéÒ¿mð¨„õ[Ÿ+Ì}è”HM`Ò@UíÞ¸Æ[Í}ˆÇÖ(-&¥Bøû‡·!| Å<Œù>äEíò§Þw~b„ßN(‹©…;%› WŽ]ªäªeyL×mêárEøñ#tÌÜëÓºòÇ¿n' @••@Ú.ŽÏVFWÕ)¥¸GNšlÐË®Æ2ÞWjcV å”ÿP:Ú$óöÏT®ò±Ø-•1ÿ×690ˆ«eÛ.^·ÀûŸÌª#·V£ ¯=U`å/±:tî‚c\Xìma mZ°9ï“ê[»T3Æ¢\óp€E{ó¯«µ÷Y ‚˜¼°£?=î&Wâ¾óÍddà=„ÃÃD“,B]1Pb!~ú’†ÓF¹¶ˆe”E k¨5ÔªXš‹0ÕÿÐUÝ9Åm…ÊÓ³Ô„.q¸œfjUT‰5 °¼¹l©f[dgS+nž!8–%~¯©ž°+²ƒ¡«x6Ð{IH¡Q˜È´ÒÖiÝZáÁ˜,”WH¾~Ñ0 “ØÀÒ2Xq3+ÅÏ½!´àX÷Ô‡€f"ÑdúÅÃ1"™Ù/™Ž’yù›Á¯‹LùM³ÿ4×™`G'OË«Êï=ënæ³i™ z 2áØÐ—Ï§ÕäêÑï\8õ¦ÐFupè:H¯0½vâ÷ìrW-|¬Š)Çü3Ø{»z¦¦AýªŒ¾õ›†ò«!ZéµôCž"b•¾R„ïí} °dfÛ©Z.NKMô•!ºUâ‹!jd–cl¿¹”C˜ŽX"‰pý}32×vÞ‹¶ä}nè•G ž©b‰ç9*KÐÍO0zUÐ+kÆù5AÑwÚO)„hœÑôÛÜ9Š/ZˆÌø·¿BŒÛñã‘¸€5=}™ÊÀ$OàiÍÛ;Ñ7=.Ö¸åEŽýµ÷ÞÍEìh{K±e;ÇÞ”šü¢„œÖ|Õ$Í¬sgÝå[K8Í8¢®<0}° 1øóýR¬ëM©\ÁTI‰—Ž(¢&ìu2ýgoíØÓ€ÈVŒWºÓm² £*Àz+õÇˆØÔ.K¶pŸ)–¸ê¿ö£¾×%Ð:`ÝÌ -|Â€šÓŸ½$*ìcf*–|:Á ‰X†»’=œW`3Xœ0ÍÈ3¢/ŽBÉžuokZAÈÞë8Ohž/ÿ”†ÖúvZÃõ-³’ÃdfXUMK#ße RÒ|vHaîR ½Åù`L8O·›²mc¼üEÏJ—ÙÒK©3Iáµ^”¡5¤¶]âsHå‰ Ø¹à,äæªÝà©f™qX»˜n]UûÒ ÓëÜþOo3Ø‹>i82<ÈL)¤>Ö†G®êàê ±Ž@à'Îp1ÝDd9®þmÔnÚ³`´Öž¬ù¯åF7wv®ãIÑsûæÈ{¨®V{¿UF-Š5ÌôÚŽÙVÈNü|½¸‰wèÞ]ˆ± õ'äöãc`˜2WRÞª® •ûQ–dª 3ÀOmrxÁ¯mëw³¸Ìv=MvÈ2 ¸á ÚdÕÕ÷æB¿è#¹T” nài"fh'3‘yxO¹|—ê,÷¬îåþÀêFþ€´ WUFÉ®›¥´¯?=Ãœb¸+Wš1k1¬¢0YCÀC œŽ¡~šÆë<&þè¦¢t©c%½J]?]ÝÆ-ÕW$‰|^üØOÄÌ8@\ºîX¶²Á°›l!§Î«Ú«½'?„,µ©-£tt¸À"$~¶@À¢HÀ=É1HºÄ8jø’§hVnÝ€,U¶ëëqâT2a›Ù£P.!›ï¹—2_,ˆºûÀV»&ˆ'æŒà&š÷B)O÷-ËLÚß£&‘S7;ú^<~$È‘®AT-†6=Ñ±ÀcEj®¸špªt£¥?«=#1öCuFx±TuL¼‚|ª’Þmæ@â©BuÅå&eë´Nïù.*@û<üwa‚½"¾+XFõ4÷JTNms¬g*¤GÒz¼¡‰XµsX?#ÉrØÌXÝ^ÄýS¾rÕñŸp°6%ÑÆ0™oŒŠP¹Óæ]Ö|IHõ¹Ž,9±±c§Ïöõd[¸DÐ ·¶Yž[CAÎ¹¯…BÂþ¦¿ƒõrÞÑºç]V_VXÏÙÖö?7äûá(^}¼ÅZ¼ˆÊ&Æ‚îåHÞïå± îp™‹±3D<Îä÷8ZK¦ù7ýt=§í}³Îè;ùUËWÜmµõý!7k˜Ø˜ –tÓ9‰†s.©àÍ™Ð•ÜSbëK&¯DÏÍ±V—ÃÄO½`sŒ*9û ]fhãð|_§eRµýzf€¯¡Þñ4Ê÷£Ç¼þ—}ëM[ksïE‚&¬k¹¬žêÜOç<Â3²µÁ!*I©YZ§oN›¸fX'riÒ¨^°Î\“ŽÔxñBT]ÆdÎ {iÆoUuÒ«‘$#SÖ3²;GÌÿØ÷ÚŒØå£—S£…ˆ¹Á³ E†jõHy9ÛaèBQ&.[· Ç§î( 5\_4Æ•9zË6fkÁ¢ ÀÙEmÅÊÍõþaq¸%ì£xä×›±ºmi”7?ˆÉP×‚éMWó`ü#wJó½G57šª÷¬×znˆšûæ^ÏÆ%ã'Ö ®Co‚‘Ò´Ö«ÿ‘²Y‹y¡WÕ¯Œ78~6˜[~ý@¢¾ÝærÚKëêÜzp›v~Wí·öT ï;,vïf²Cíg8{„‹TFJ—9OÚáµk9´\‚!j*ï üš~»ÃÉ{_ªã"¶%ç lˆ'úƒ…š©éåŸË:â¥qø¹`·'“n8ÆE6.™Pù„š4)F8NvOölD±tpÿ™ TÏÁ±YÓxùÐºÞ*—"äÎÙw¿¨ì=~ãŠË€…iªÒ¬¯Ær-Ùé*&©„& ÐþPo Ÿ:†^Go8ºþßdGiàl¥)víÞ³Ó?¨?¢4ÑØ>CÁ‹Â°œöË\jªue‡¤dI"Á5mzŒeÔü®åÀKÏ_fÛ.ÈN3èdU’XÛ ÅB¼í¡P‘ ¢”Øn!>ýÅÝ&¼¼Ó¯˜ó¶oðB®ˆ·,._¡5Gá÷=¼ì¨a]·ŸÜàç²Îc>ß'XÅ¶¶Tì>Zº6ù¸½h¹mdMù#¹šX½ã„RéöÿHHQïåj/÷FÂzó÷»¨Xqú'f×(¯šàcß¨a.;ƒÀ~ÛnÒcî7%=²W‡àï3ñ©ŸŽ5ˆˆÊÞZƒÜ×4Ù²…±ã%â†½ÆXù¿;Èì‚p£*Mÿ/œ+IY8ÁIiIû2Ox1aÞ+gÝ>SZœçK<Ë.:3ý¯ŠÖÖÜŽÇÖHß§K£¥~Gn2¥/…Ž"‰±øQ=+ÎŸ3…‡¿BjöiÆ…+Zt¤çEöÖX¸îŒ%^'y¿çk)ŠãëìPŸ@iÀ2K´î ®Ý>O^ ¤xü g>6JO·¸Å¡Ž-«qÚIÀÍ+Ùöƒýµ@žçU2\ƒþ2Rr³;ë{õ eÚÅ~½¶qfàUçH*7P°âôÖ: (Ñ)¡Š¦Ö|[9Hé’Ó ô=Ú•ˆ:zŠåÿYçd¿3UÙÂ+Ûï4™GTÃ5®>j«ï¦Aê¶'\fÀæ¯Þ¸µLÄÑjB´aBYÊ ÎÀfÍëµÐ!Hiû‚„fDÓ†ZÁðKŽÉ´ zž‹ßD¼ìvèhA³“ëz+R2WmÉöÃÇ"Õ”v™JÇG¤¿¾ EÇ1í3Rv>s£n¥ø^Ãg4'›zš¦J³FzM¥É¿’0T//ÄùÌ¹AüÅZHnL0‡ƒíóâ1.ª#>_/S¼êõ¿ïáôƒ<Ö b€8¡áuô0h ¢eZ[Ð‰Ø× ƒfÚ æ%bÕ ý t‡\GþHp€ÅðápyG©K\”g,7!ËvÃDÕµšxÄ:e¨¿c9û$t™øÝá8Å=à, jX™¸|ÁK¥mRX¹!}'KàDÝ8M|2ÎQ«Ã ªkJ`[”¯»óÔ@´JÓ„çŒiL~ŒÔñÌ®õ”žXÇòeÿBªœn¼BJ¨È¬ËÍ†òöÂ_¦×¯2 %›Ø7ÆTÿ5àëw7Å›l62¸´çÝÚÔPºÖeÍuï¥ø"Ä^0 ?üòà3Oœíªd×-‡>yK› ”ýýÑœ˜ŽˆÆ=W:Ér7¦º4*Zew—Ék¥…ƒ#ØÜMIÁ?~ÒvüÌØÓZOÖ`¶Åþ¸ˆÐ!Ew8T6—_€MòKkjt3f£C#i}Ó½üæ`»Æœ'É´ x¶FO×^òst˜£>iÐU3¥8åÁ/’ëéM>]šìù%‡oRP‰ÚŒ7&kMH9vîuCs&°µü'°o®°LøfIÂŠ{#§ “‡k³ß˜péRÌo_À(s‚J[9z<$’ÿefÚÈó>ÜrÑhcwC3 kÖ‹›4Á"h~*dNjÅ^²‘×iç QÖÏ¶½®AÞó„îÏÎ°Í2I‡Ç`21·Í{p)ã*¤0hÙ€÷Ñ—ÆUM|§VÆ£ÍÝCKÓy2Ê…ì•—gôI ,ÌP?‡»Ý¿&Ä`OMA©Äi·¸€C°¡íþ}eÛZKé æÎ2\M|9±Ýú ¬eQúôZà÷»EãGúgž Cô†²’ÕØoneu7ü¡„¥Å3/BYtÑ¨Øìj0¸örcÅF,¾QiW\DšS÷•þØ†ãÒºá†b I*W`âÅ¢‡¹¨8^EØL(pÅÊ/ºë9(±Jñ±ZíGñ`A#ÕT…s>¼Š¨‡Iê]uìº,8eoCÒŸ‰©´ w#W— /lDÏH]šåšækãç2+’›mûÈ¾¦±àÎQ~"f€±È·°Šlö•oµ#ïƒèÊ¹½‚Ú¤ŸálHçŒÏ\q3•ÜÑ…¶h(?¿âVe‰í“"!þÒ›“ åTT•9˜·R…±jgÓó“Vž rÝœQ’Ð2k{æ¹CêÚÃ®g='`ŒH\úUøX`Š©eaÆI |ê:îþº·àyf•BëèÃš[»Ÿ_9½âG6ži.mv×>pÃý¤Ž¬µ^qú5aÊÞ®G}%#›%ÚÑç•‚‘Ø8§µO#7L.XÑœB/÷k“§Ðþ5êWqIŒÇuähÞu`V€øfÛ…nÉ¿³'Î£!QzJOo‹ÁTÛ!“x‚¹nŠW ž„e¼â¢|QèD¥žPÄj ÿÔPq;2Q£¡M•aV×¿/8¬7U2ê$>ô xìÜziôXq.òt«f"¶Þ]ÆªÅ¤ uè±ÎÍ•ªYÀR7Ê7«_—ˆSÂT¶S_®Þ8§ÉÓx$Å(_UzälGáÀþiòÀÚƒË+"Xï{žüb1Q¡Ë‰sà)ŒNžÆ’Ÿ»*×Ïº„-ä(×ÖÒÖq}~jÊ™nc!5Î-™†°ƒ»p8›ÍÈprÚ™bâ#*†íPwvŠ&»ùé˜!‚‚–‘¬LSF Ûpæ›KŒzä_·\Y0_äÕ&±Jp Èîhòxï_<©J£³&dŽ-ðÏïo§ûº:sjTû¹®aÂ²¤_W:g‹#‚üM¥ŸfE65 Žç2rù·˜Âè`eÑÐŒ²2÷ô™3¡gKLÌ-/ÈÃöú]óS§éùÝµ[mm!®Ùgo²woš®N×7°±«ÿßi5_7ÈALm5çPøç,ìh¥köíèG¾yj#Oÿ-9c9IMÇnÑšE eov_‚ù'&`‰¯eøtë8$òW¬Œ¡\-Ó…r ÙßÎó»oí©¡¹®ÐÈ>h¥û%Ñ×Ä›RˆqÜ‘TÑÎ(òÝÏ8kuŒ‹ƒÆ˜Šx™+]êt¤×ß/Y =4>–ÖK–©sNòEÊ)ø»;‘üm•l‚ lLÖ.%@`ªÄ7R5>¡)†·ŒÞ§¢ÍXiÑî®¦3¼ºÂî•ùPã@’vj‚ª$l|ç’°˜GÜYå«Óa—ô› cg.H¢¥öMjU}''øÛÝíW³üvLÁôDh¾N“ÁuDÖb¯ïåb4zVóýÛ¦;MÚ¹Þõ¥§wÁœ —W³]oý‚>õ‹÷…g©|@ÐÂt’|#Î– Q/wiÆýöÉõq…èØ£È)¯±4Ó˜yˆ;5â”¼'W¸n‡ò2$KüÌÎu¢i\Äv&]K4ìðM†ëË&Mªlo¥ÒC t$ñRë´È÷g¿]V÷tú=}ÿù0^ÉU%¼<~'g ë&bGís@ÈÔ²r"ˆ»ðJßþW§ŸÍÌÙ€žšÃÛ+ˆçåP¸>ãu„YÌÃŠ,²H!ö`ÌéÑZ»„®ö ÒçVJÛzÑŸåÉ[ëg,Ãÿ0¸ÄÎUXüÖFàêXú…MÃ&tÂÝA ò;N¹ <¹.PÙPüë ¯Yjl²jÒGó4Cµæ©phrô‚bˆ0NH^GË==¢•’(ÞëòÇG˜«‚÷Ñ'º¢YˆZGU LÂg©PLdJ^ò}$‚|ˆ30òK,²³tfMHÅë©H~[êe¬·<Ãª`a)GŸèÉ›ÒÔÖdp‚èèZjõm ÙAïØ§× ”‰ÚøçMöÚx:p¡Õ×¼LM)“ƒ€*òåŠ—µ`løšUé¶.^ yêfbÓµ ³œIgCòÁ§0c¨~éXe)Ûº¸õáo`m+^MõÞ"9˜÷ÎòaxÀHHšyt_³ƒ,"ÍRÌI-‰õ´Èªøh¶D4çFr&Q|oK„Y§hØ¦ï˜pw‘›_eÚ>”àâWB }œ†€mœ/Ðv+Á°X×÷ƒñÙ,+l®o3×ëX]Ny"€ø—Û¬èzXëŽªÀ–òß™H_öPdäS¥Äìˆ[]ç¯¡;e0çÔRžð)‘XË*ÒÄs•8W¯PR#²Ú=]»t¯_Žv–Š m˜HÝ{Ž¼ Ÿ8’³5—½Ö O´.øâPÐPg/f«Ax_n:¿„ðÄ:`’·Y{kÓ¹¹;)ö•¾9½aèÞ"¸éý$‡M›4ÌhC?ÞŒ+ÌÛSŒ¡¿_Á%£ã}KÃ2".0¥x³î©Iïcqv*WYŠ´r¦iäk‰®´{ëffÀ„TW†îT¥f?X´òu«Gã&dÙ'Ac:05Ïû¼#ï}tÞ÷`¨ýéxÓù ûä]ÇÀ ©. íÓÕ)\@§]ÿù¯çTJð«[MóYNÃaÂGÃ]Ù‡{Y×£af#F>?@ß`äÍöQ†!G"ë—UC«üä¼!_ gCŠ™ßø>s…‡€ä‹N¢Õ&uÎ'é½‘çõîAê³¨€£! "èÆQâ~ÊÀƒ€wBb1$‘Ðy'Ð@±yB¸æ—xgZŽ Éïù¾Yƒ¦°‚¦³÷bÌ—Ÿ"Œs ê·üœ!âB*~6¦ í1%úƒÍâiÆH}èi•‰/FK%zc¾îé„Ì]b çñ@Xà öv¢ö¸+U¼ÕuôÈš±£!«¤˜QÉÌg¾"½*ºDž(v8éyÏIEQ6–mjÙbh¨1;¨rMÀ‚gbäGÄõ JW‡ZhòNMÔ…Ñ¹¢ìÑ³'Dýâ aÿ0Ï%¶vÆŽÚÑÓU‘!®*Oa¸m£¹+ªA…\dŽUµf™No-ÑTFÃ8¨9 `9åªe8§‹Ì¾‘’]b è\Ì'7ƒeeþýYjÞ«:óÉˆŠ®<^}=Ü›åA ŽŒ9g}–¿ q•Ë`}8ç*Ì˜}ôñmüF¾¸…öHÚJÔý!çÑá çoVk£åxÛárbÞZ©VÇY†œŽ\Ãí¯yšZ¤-Ki.´`Ành©^³øB;ËDàSë¢™×(ù™n;Îô ¢¨ÛÍ6ð ù[®íƒœjøT£ÃÅ¶.Ú Èg©3À5œ¡M‚õ`5óû¢cM´sXª“©ø¹ÞeOÃóéö–¸Âvw$v~Q5X7ùióÌsi×†Ë¬˜5Ñ‰fˆUêv–>‚Ôéš§…Dèªœzz¤ïœŽwázrå×+#ÖðÕB‡ÝÁHŠòõ©7üñf=ÊS±-CèUÒ”»_vG«@¼›)>ÐÇæ-:Ra©ª.í}„G.*eÊöLìù)o`–üÈpòuL%L]À£«.5hÃu¡òoYj/$‚Ïu¯oßk¿qE·Œ¬?ïRzšCýP¸r(‡olLÔ'Rû½Ì=pjæoÈ¬+»bs,µN;â}r©‡Ø»[j*¾|ž]«¿»±‚ÞÔƒÚ ´œÀžoõ¨¾ßŸê$ó B`_·ÐçÖ®!óJ¥.ý«ð@ç±½Õx¢‘G&ÛÔH—L‘ê”ÒUK fµÎf“ ~¸Øé »X°1ÛÈŽKAM r•¨´' ÁKLë›ú¹Í/4¿0¬<ê[ å”RgØS %»_ÊÕÐÏÏ±Bk0a}W¿€· cÿâ€¦¢÷Õê³çl6ø ÅkYÜèITÀéDx#¤²üšÐ¢šx¸>ã³ãM´.kÍÍêjËð6¼k!,bYÙE ß—”Æú¿¶bh—&ò&GÆ0VË§¢Òw÷Ú+Q«Õ%DÆ—7ó’š£èÀeUZ6-bóbm—@4K½ Ì²w’Ã_¨#zUN†fN|ônï×y°Ûê0d-!‘_¾±”í‡)vaG\R¬óz%cü‘‡–gÌ…jÅûsµ>zöO*¨ÖïTB>$~•ûÊé1ð[œ‰ ’_é^Ž·6ÿjnÀ’YÈiè±T¹´ì@9ˆ}u>!DŸëñ£F•µ¦4Mz+4O¦õ¯k…¡œˆ©LSú†Ó›Rð ·æ×W–Â²t~~8$Dº$EÅ¦?ÒùQÉ´+hgo®xpÄ—íU%½gƒÎ·Ö”ƒåaRS«Àª_Â{$'Ê :=Ã 96ÉÃ˜Ä\¬Éšë7Qúš}z¨Aš 5Þ:¸0…£›\Ÿ^Á¥ºù¼;òYøcgnÇKPµ ÙÏï!mÇT'òLVIÀÀDeðá]9š¹‡³°‹’[$ê·Ë‰ÛQø_ë{Àõ É ÕùÇ‡?s¿ê`Ó_ñšÂýÿ1"MF‡> 9O²IÆ”-dà „m©Ì+”Å=!_2E¥+¾¬ÿìe ™Üœˆ5oðifšåÚä½†íÙ#Ì ÑÅ·Q–’íÙ]S*¤9;3FAŒŸ"èÚ¸ºK:ë-'Ô"ƒ†ú]PüSóªö~4hŠ‰d\“ºSñ€ïäŸ|vuÙÙ ˆ3ÆµËFSþ¥zÌC[>W¶Æ1bÿ;VÈïžŽ$òºúíDƒ(ÿP¨Ôä¿Ã×½°uñå¶p× ñ }CHuÓt!\X s2"å!Šl¤ÿ[šê5«£©,o7ê¢¾Ø÷p?¨uËÄ*Þx»jS®ƒÃ¦£l½jÎõ–rÜ‘5³<'ÿC¡óÌá'{"ßñc”“Ö…á˜¬£!3OFœÊ™ ücçÆ :‹RBûqRyáuTÔ64g(õ P¾DµÖF M¸ÚÈPMÿ³ƒ’x¬À!JbÙ{v®®Hþ_¡’,]£Š‚äèel Æë `„$æN¾&Ñú}^ÿ6â¹ò€JÛV4l)³G3^ÎƒÛÀ•)è›Í›Ç’3fâ hý¸Œ“° 0„Oõù¢¥°ú _¬J¯ÏÂÂ]lóÇTUëÀéû6pŽû’Tý¢ž´Uà@$£3e q˜.{4c‚è&Ô ó‰PÆGeEñ3iA~ƒ?c»òT8õc=Éƒ¶¢Síî»'H/ÙOcÖ‚fÌãT®Ð'¬Ð‡í-X.-“0Îï’€T!@žÃ½Æ`b‘>Ñ8=+$ ‚òÔ¢ìü^éÔ‘ñî4+ø*ëµAì¦¤Ë‚Î³Ø4Ã¹PŒR[°´úð—©MËŸd EÂ’„qÌ‡?r÷¾ó²¯–n;aÛLi³Ò1ù‰Ù› „iLî9ÚºØ!¤°‡å&îîÏÚÎ*œÓ¼LžÈ©r2âó_cìJƒbo&¬«™qÌú!ö€Y¦Ø¥ÚPa]?Öé¸ªï³q$ö¶uÊ•¨çÎîÏ«k=\µä¤stˆ–³wÒÌ‘ïká¨ Ä)¿ÿ±%Lç&Ä‹¯ýòÈš4™™½°/]¶Ó!íø”‰§˜J}“Y'HûL¼A¬£âmHÇzõy®~÷9 Å<ðKE¤÷Ð6ØQ9ÒéÒUñG‚_§ÿŒéö_¶áÐË¿ˆŠlg)™Kýìø¢ÖôðÛG¨S$ºAsQôÊCs +tàCÕJ"nE©eyš,v7[Ë¨Ø?34½ ì\‰ãÎÞ:ŠoEa‘>]ØeàùOÍ¨³Â*Ÿ+íº_R8F<«×(B¶Š.$b»FÛ«úÎno,'»Kï¸ØÞÈÊZH@uð =A·„•}ŽY×Ñ ½dÌ…cú,-¾ÞxE™¼ÌøÝ „€¨¯VOúpÏÊÍNIuf<ÊmµþLLAÊ†êÓ g>IliFä´¹úÜqŠó]¤^×FïTÀ:q¶ØŒ:à ¯/°AÓ(Œ©’‹~äÜ‹Ù4ªFéÅô–¡ˆ,ŽÕn½AÖÙÈBÓó'Ö µZá{ÁNö%[¾F$ð©d†à]¦|æ¤4è˜·¼<ÂÉdÓk 8>‡ÓY¿s'¡È4º‘ásÓ2ÿìZá[ÃóX‚î¯c ßøðÙx6ô5]8v@H‰³”\Ñ‘òypPf2JA¹_»‹—öæøÙÕ±i¿ÚªP'yà;0a£é„Ò€ž¦Ä(:F7ýK4;ÃÀ.ÞÊï.l’Ü²‘Táaÿr°8¨ó´ÁäcI-fJ,æ‘{óÑ9©¿“€Ûüû(wÕ¼ÃŽ°ôô¿÷„©h³ê:Ýd¯HáCÈ‘õp_ZïHçŠ†ƒïzffoÌ¨©féúiuæfRh˜—_ {ñßÁ P:Ÿ _èÈVÜçtEûwëÞwé G“}Rk_©Õ7ac÷>‚¡°°‹}5åQJlÆáÀ5ŸtR×ûô&d¼fïÞ¡c®3Ài´ëû‰¢åµ1‹J %ù“áSãø5g‰’G£(€x xæöN¸UJýJTa…«H:ðw!Ð~Ã¬Þ‹R´dq€‘¸¨Qì½/ÀN0%ÈˆŒ•š!<âÎ;ë]rû#äÎ„Arsã/ã$sØ‚ðåà)2e¶8úÚÒÖ8©‹+èê–lØâ¤¦‹²˜L~X—×Æã¼¦UÉÈÕúþÊëžícWÒšv±ÍV ‹Â” …EX±N…õzÇ‘í´Šg±*³.±]&YÜQöß°…S|a|ŸYùöq¨ƒ£Ö1JžŽ¿$6ó*x,<=iû™Ã÷OVÛâ|û C¨ÇÃ›ó?‹e«v»k}cû Õpv¾§‰YøèqæùwÑ')ÐGÎùÍ˜Ú%JYý\¨ûnó'’Á¼Ä°DR|G½`z‹TNhû5™"xpõeðúó)!Û…YÓÆí!ßA£†üB$Ìb{Õ| †´6ìˆøO©"îÒnƒÿ›±m\LÜ£b½©â¿ù ï_RÜv´´Ú¸[.TŠ3Ž6Kåû’eŸ™ì)Â£(™¿æº™ùèZ3Í1C±_– HeŒ€2A…ÈSiZÎ~h‡äŒëêA@Ç×;ð©ïÀóÆ!™s¡Ð\(?Ç?w”fÊ¾ú‘¿YÉ¶-¿Ô=¢±®î©h’ŸµL!³Ð„§lŸßþO±¨ÜÝêl±Ûæ®ñÍìÅ†¯lží¨ @6t¦[qÀþð¢õ¶ÆtAYÌ× þ$Â¬}ÌŽcL,Üî?Ö—Àsjmç°)xQÜdÛå–:³ð´ˆñÓ%º™¡¢Ábºççø?jDæ;% ËF%`Æ2çÚ²tnºî‘õç]îW(qØÐÈR«j%®[iB'Þkç{@lz”«©9WaçíÔU<'ç}À QžsÝã®Ï×‰`‰?¹ŽÈH‘±öÿFOótÝØÔò».e¶¤¦, ÈtlžkqëvóGÓ#í‚^ÓØ²Æ+ [öð5¶›îÆKMËIk ;ìYÆ×Œ.††ŒhãúZÏ'H/Ÿž§ƒ|Y§âÞŠJ0?Ð®0¢#®Ÿëò ò6ïklù‰©¸¥øåÄ®)l¦4AÈÓ®ôãj¬e©ô³Ÿ‹ÒYüq5F)^×P¤u-˜èYÆ±”Î–dáÄïþ\ÉFq‹XÏÉŸˆçnŸ^œ‡<îk”ã>À6Dj¢‰Í.Ú$Tã¸“–ÛF|qböz©>`wcÈä+ôÐ®¸ŽÞÃ5QsFD‚ß»0·á²¬BÖ3¸¡éðÖÈ…oÞ;t4}Š0j>J…yÏ%ÖÛÃš,•¿Ø?FDó=æ¥.¢7YŠLOß4ëš¼?‚ˆÁvsb^ FNJµ´eÝ#‚3³àæ¸ä@¸ÆY²†xíéá§™)Z»G5‡ Ê.ÝµÎÇd=~˜Ûs$ÔÃîxÙw¸n&\õuˆ&8E‡Vußâãƒ)äXä9]ÏRfú.f\Zc·omàÏ'¯¼r¢;îö¹j±ä5œ'Î€‘Ô&ÒkÉâE,HÈòŽ~¿Vèy‡õoV:'\SÙv€ hoªÏôAXÎhÄ2¸vÊŽ8.NÎ,I¿ÖÞîr4dv£kÍ¯¤×ïVá(ˆnf©Øhu”&4Ã¾Ëf,âN.ç¯w^¯³ÄyÁúÒYVNÌ¤6¡gÈL:Vh_›Úï†>¥µá:œ{ ^Ó/Ò{4ÔãV—á‚èÚï ªë'èZh:?×û—,ê&E·Ä`È«”ŸÝê<ÝTæ§´bË•ÆZNWÛ± jF`±+-·¤Š¯ÁuJ÷sœÊíi7Š·‹®Lo’•b£bPaä¤Ã·m8ÖàÜÝ>&šïDt^»:áˆ4zjfrÜ}pE4”Âø:‘ çÄ{›²Ç¾cU>’™ƒYæãÄ"ùÀí »xŸE~¼’—×5d‚ýn‡,ØÕëë¿7Ø(r!Ç{K[ñFãš Ü\;²‹ËåÝrKæË~°!MqøóY×n”_fDŠ+NÔs1<ÖçR~ÎâI TBwªØÆk³»´O™åEÇë2A^rÁ ›÷ëb¿5ùÓƒÀq1{§JíëÃ·0‰îì¶c\ †ØwÉ’C$Ÿ*ÂÏÅ K"›ú÷L*–Ÿ·&NŠµp<&-±…m¦À«E2kßxqÈ’I½ÑÉWÓm6éb£¹3"âÁý³«ÿd.Î2¾ N«wá?Öº|QØA˜/,b7éñ=ÈÁ‡vÞJˆ>$L<˜ÍÞƒ%I¹ü,‘É¤Ùß10¸9L ÖY†± Ì‹Ý¯éÚ5i1‡Zº«€×MíAxióôrt)¤¹‡Ý°p8¼N E`ŒÆ·øä%@„²+r ÆÚÕ€>£[–ÊmÆr—÷ÈÁa~v¤C< Þ®¨¥åOYKlýî•îÒœ4ñuÔÃä¿NÞ>›Aö×JÑŠD‘á„Ç2[æµ‹t$)´}_&dÜ¾4P•+izí*NÊ qPq´ñ}Êz;bxJ!ŠëÕÂ‡4“±:€’…•ÇóÁ©ö«dÿv·åˆaÜE”BØ¡”Ò‰õ«LLŽ/ /:D1ðËÂ|`Dø<Á˜UYZ?|N-{è^}‡„“ó}R¬H"xíV6' ùúè;dæ§ôpO7IçêÝV+bÒ‚#?“eƒ\èGÚ ®pq‡y)IÁ£ ÖøÒÀ Cñ"£œzDÖÊöÀ"9^7 :_Ù6ý|´¶‘±ãå³Œf^œÐøv·ò¹-!ªLíâú¶Ð‹ãk7ÕþÀc`^]·ÃèN®EÅ0Óú7ÄµçÔvé3R•µA/'©£“Ò¤¢Õ=Þg«†bh|ÆÕrãîBRFF}üÞ\úMÏq¹-w’Àø{7ˆK\arqÀFkÜC\d%B“EŸ $û¼’ÇbÑ¼ê|Û:µº=½NpŒ/#¿1cJv§üÅSŽþŽ¶*uñt4À+ª3š!ç_l>K'=Â½ïœ£¯Q¨‹OúSv[àYÏîg|gF” `b?Ú Ù@xXNÓöçêÝ ‘?'-TéðÖPtÛY‚„:ØÊ/ ™º“o”î.RžßðVÊôCt¶È:+Ñªž6r,‰bÁmÄíÏÖKàáÎiËë@Ë{ÉX•Úcqèf‰Þ@65ÕYÏ™hÊ¶³$•›ECµd9áØ=Koì^úW8Ž8ó›$¥ËÜï|†rý©Ÿ2ÊÓÄáÆ~ÜZ vÌÖ©ÖË¾ƒ—ø‘§s|ºÀG¡Õ_ÿ*ÛjËl…˜OÜ^®ã%ÚÉ„ûOCêsŸÆŸÔÚðñuº#m5aÞAOîR&` ,¼‰À"Œ±þÜéð{Ñ¤\<Â º›8G…M©^ÉÞÏ;”’à;¥üÕá4B*Ð…ëºôòNÜ÷ÙœnX¦V›Ò¼æ—rúåøÎOÆú¶HÀœB¨BŸpóØj pKÀè 5@€xj‚² Žçá‘¨¤Ñ9¡5Ñß<Ø}¯1½·ò@NôÒ©2²@â†ý€ýLÕ$8-²‘]Xéö4mÏèA¥þë¦¾Õ»/+§øòLXñ<ÚÄ £Ä!ú…ÁîC0ƒ³_•s;Om[Æ2ìqv:ªãúkYþ/ÅõN+‚)f@ky÷ë¶ê&ˆKÈ0ÑTFOZ³mï¦XçÑUvƒnšQ:ri‹Un×ÀU’Ñc‡Ò9 Y_œÛÜ„Öj7T¡GL={&=Ý)^‚±gw&5Æ‚•¢1(¿pÓ+8æo"¦'+a¡ íã¨%‚ ÕÊX¾…8±l‡oË¸g:ÿB€h\][“›¹î`2x“Ë*}þì] >‡¢ˆ s[oÖÒ Ceí¦îXšÃõjàŽô˜s›S7¢YtÑÉ RÞäó££¦ì‚™H óíÕ@ÀØ‚Êš{G,!ãSáµe³èŒ hIšéËw›J¢°å²Œã7û/Eb˜o5yˆæ ×gF¤$Q¸véí«|·×Û ™u_T|ò…(#á¤3—“ý2nžR~¢'Ñœ=ñDœé± {; ?Š}ËJÈ¥ÃÊ”ÌÊjUÌÔòóYbJª“Ô¿uú+îqÝù«|É\ø±L`BR:ßPÆ]Kî320ú+EÁƒÚ_.Lõ–ƒpa<÷šâÏIÜ‰^ðÒd 0Ž À²Kþƒ^ôj$–þ;‡U8‰ê! í×1”ªòd¨†ÓEŸ – 0Å†+)ƒW›‰ÏDúÙý +íž‹aóœ\ÓS(U]ÆkHR¬0WD³ÓÒþþ×¤xg‡³ÉÂ[šÎ÷Î¨àùÇ!™#Ô%F5ƒ¦¼±Hªè 6'¶‘¸zEˆÆñXVi6”$kŽ/,†‰ð×^ÕP(%ª Îÿ|zñ{R l¦x×‚ªpÓvÇÄ²Q‹¦æ rÃ{JýdVW+ëaÚqu5jÚW¾µTí…Kø?Þ2SÂ¶ÈYr´À¦–Þ[¼Š>‡>zß£MV¥{7ìòbö0E½$ÔR“NEëŠgb.udoŸ{*‘ Ÿ©§ MšçžuØÃ¬p«5\hÝ˜5ðgå²éýÓ»L6i¯ˆÓîú;Qñ41…ýUù(}ôê`µFw„ *a{}f¸*/"»WòüÞ)wS¢”éBþ•;DÐûæ½©\Û_T[YNË+i¥Ù§Yÿ°YÃ:dE™!µ÷–Äš]2×ÀØàc0nmŽtÚÎ9ôÄN¥]¹”+DÅê¦™3FÀwkçÚðä—Y’CÏ>éST4S„ÅtÜÛ€zÀÇqÑ9b„†â¹jKU/(RýZoô¨…y•hl]ä=C¹Ä,Ø±)ÕC±N_e¸È¿\ZÂ`kùæ¬½·mèÍÎÝåê:vä!y.õ¾‹B‘¿¹•°¶¸1Ú]Ñ™¾F**Nb$Ù1¶Âj™Tñ8½ág# ƒØ’§JR ð@òëkðå°.Â$¡F^‚î¼ÆƒÈéYù‚PO³ýŠ¬ÄÍj–Yšób¸—šü(Ê}ˆ«6>L†ŽëÄä ðÓ½ðQß^/.Ø 2ðÑ a° 2¥oa˜£ .{®<Ÿà?=ùÈ dê‰×6Ì÷¢ÊæÕ—ÙÊEq‚¹¸ua|jÕò¥zY’êóoïQƒÚù@—Gê”ôoPe½ð6&¢E·C¿ ÎH¬@ÀeM±>¹Nl·Ÿ|Ä{„®ŒéRåî`‰“’#—Ný,M«—tm·þœO†a[ƒgðé‚ýîÙ© ¸¡n±Ë‹óù:ØŠC ã[#ŠŠ³Î”ŒikQÈž5g$$£R,¢çê‚.ÑÞŒ6¹fQKÏÁ@VÚs×¾G¹ê;áLÊÿp‘`Ÿåa7ãï2SÄF/Mž†Ï]Áê•;Ï9Ý±”?¦CüÒ¯$m9¾ìÜk}çûPµ×¦«¼l)IÇ’„X þÿêo¤Ø%Af6žI¿§k<|ªˆZ$Æ/Ö×‰(ŸŸY´}hdÙ²1£ÿùE›"‚a šÒåQ¡ñ»ë´2èéå6ˆ?Kh}PêC·ú®·FGé(“G±áÄÁJÎOß¬òÝ^îR—é*´FÚO\At;[˜ÖªóS]jvt±~ÍÅÝbƒ#µ„_-›ÀQÿKkï$Æ\ÙuŠªDû:“³]pË;«i5>9(ÐþüÓ1=I%%û[¨EñCS–á¯{gµ²˜7!Íûy4aq–ãW:+f›•ž‚CzÆ6‘ÖÀÐ.ÌÄºW¶D \K£:´‘6V,}Ù7Œñ0’w$l®áä€B.úÃaÆÄ¹äÇÐÿ\åÊ4ƒtyýô¹Íˆ“Ù:¹¨C‚móßB¼Cü§¯2A‹ËIžÄbÜC ÏYŒ+ûsÁP„»)ÛûÖýeW“Þ )ý?¯"]"ñäm˜jKè¢ó¼~¬ÁÖ÷hsåíÙ›–à“Ó´âªMéP—þýE‘rØê3ãq˜3v5—°f`äZû‡Ä;ñŸÕö«0ÏftbØ·ãƒ3þµw5,´ÿˆl²d¤¾ÛVæ›¾WÁg Lƒá«ÕÞé5R4ÙHY,>^Ð•RÖ×€ÞÜÍÌØœÍË?¢7§ˆ{>y•îH¤éìlÇ…Ð¸ùªqÙhíŒðþ>u&î˜sÇš&üëf?ïHöR€îh *ÄÖp©3è @º¬HV¼ÿ Ô7ÁA„ Ýj÷—15`°[?à‡ZØJ¦:ç6ò‡pªx}Ÿ¨7xŒYÄý:N@RcðÇ¾86¨vH†ðýò03À‰æ\r0pÄþg '°P,3ŸiÎ‚Å~{îÊæHFš7{pÜ2âú ñÇã1xÄÆ3¶ÇzIº–ºÆ‘\4µúÉÄ£d‚*m3Ëé›b¦L¦Ú”¦‹í~ESm£+•<[ù.¶¨¬§Z:"º*¦ç¨góœ§é^_‡ËKJÊâwbjœŽÝÐ¨è4KŸ‚M1¨È¼x&Æá÷–ß šÇCopïÊxùr½7ÔÚêuç—©Áj+S[Ó˜0ßÊyüR râª¬ž T5ëÞp‡}õò@¿»u¸Æ77¸Epx×òë{ˆ,NÜåÙgJhwk]h÷ 6¯rÐ{SÊ25Ð4ûÕqë ×¿þéwLµ5]çéóK{9>‡w£RÜa_—x7WM9×¶bãv¤ÃæA‘@4_ÐpÞÀtÿƒ€ UÌkU¹Pµò†µhG)õªç¶À¦Qâ sn6ñ rT–K=ÆHZÇØ}W?à¼ÖB€n6Ê»œ½ËöRÁ¤ä‘hqêA(lVësÞì•ë«²„ïÌDÉò[á-qhÄ½/'9ñÂ1¹Ë@³›TôÐ¬ÿ¾^¡Zå\þVÒ|LTÔˆðd„¬‡S Äó6.(Q–U»´Xðèê{A°XpsôëÇŠæÅj±õ*XÍEu¯ˆ’½q¥è9íîþòf4B¯ÞÍcÞMw!X0[ D¼9@JÎžV5Uc?°Ç]wÖFE«®9b|Û …Š)=€ŸXÓ7_p\MÏÕvÚ/úms‰Nw6eâË=©yö%?KÊžáë©ÿ–MÔÝ¸L•»¥‹Y‹±Ž—zØhý;¸ÊV¨?N2µæœšw.G¦Ãêõ¶WÎh»Èz»½ß{%-Å‡ !íi òBðk*òú…2ÇMJÈÜ: Ç´©a¾ÙN6±Y0°`ð¦*-ÔQ/šÕÅÛ|‹““ï{¿Åª¦!ËÔD.DaHÄnùI±^ºØ±hfk§DºâOÁTèÖïòdNl„ŸD,ñív¯Vãâó6—™“©´Ìq—b2žhû ´³^¬¾ÆŽpÖÏÂ_fxÙ¢Ìß>Üg¦àW „‰ Ädq.úûúé 0<¸V]üôè€ðPÙømÖq\é¹ ëŸÿ[Aœªl²@ìS–J.E0y—òU´?õ§²ás«¨aþå…ÐT?=Á‘•'&´©™Q‡/c€J"Ýç<,lÓ£Ç·ˆ¼OvÐ«v4ÁÙÁÖX_Ð§÷²cŸryc$µåËNñóüÑ&CÌ•¸c{‡´º•œy1t+&ùK’b¹‚ÒEÁ‡Æ`s¾•RãøtÛ)¥8¤[+Ç/ÓR"câ4šÓP‘it‘›¼tžáH¶ÀÑM„†Á¾¦á8ãÓ*Ñ¿T¡K³<÷°¹(ñœ[ó@kåØú'ß«Ý5 I/+àÇ¼µVqþ¹›&£‘wË&¥˜$W8±ÓòV_°˜;‰"¾¡’$3=b}òÌÌØS<ÔJPÕzâòŒùyá¿°N'Ùç€+ÖÖÐ <ô–ûËý\(s^jv©ÿy±½g[³0“—šlØ(jv1äYY¥Ü‘D†Óû4€Þg,s³žõä”ñ¶!y‡ø¢õzÚÿEa« šÚÍ%†]2â0#)€•Ùj,áûñJ„øå¬sVØÍ®´ÓúŒáöš¡+6ƒM¯£µêÅïâm€;Xg©˜îNÚdûÍáË'zSj¼è=´÷ªC0.lh™á<ÐY÷<Ëßðrêã”àº¸éøg’7¥PûÙÖ‹P£ }Ë 4ŠB=wR¬ûŽ¤éjÊWûA±w¦Ÿþ³YËÛòàm¿à±bbå Gþã©ÀRËVîÃIµˆÚÌB<´”3%gtDz Ö!î³{-QVœÒB¹i ÊðŠy. Ô‘¡Ð`ÙNËåÙª¼dçuU3ð“F†•i'U³aÝƒ|÷£çIyõ,=âjôHÿa1ŒZ¾^‘!§‘wŒÌ‡‹ãQÚ,¸À¿ÿ—1d*1ÑÈ½ÛuÂOìØ´‚4©.dËÊj®6<}mF ?R¯¤û„ìö»³ø)ïµ "ôœÐÌÛˆÖšó:Ñ™ˆú_Ü‘IÃUS¾×lD8—Ì790mt®íå¡e‘/ÕéäÎ&> 3xuÿfÀ[9{üÝà¥ÅàÓJ²ºð!¸Ñµ÷c Cî<%X|‚¼ùtòMÁ7d™¬³d‘·†ÆÕ®·ÎÕ9Êñ¼t@ÞŽ}.Å@PœÍõ!±×Vm"M½vG>Œö·†,ç@™éÕóógVÙ6uÏÚÓß<@-CþBÎc}FI£L]Õš'oòž¸g>Êh]mr€Ô¦vÀnH‰yVüµŠ^‹=^þ[Ãâ&å(—î³³€ÆŽUyPò³caž†‘/ ‹Z²ZÓ'Kî“ŽúiUO¾RL€H[Eà 6[ÊáZßYú¥?z…Ñwð³ñ|L¼5¬IÛYb¸ª´œÜ«B'ßö3ñÓ†:A,ä:À²šÆ*-0ÙôÀªÒê_P!C]îž–È'í@nœ~OŠë½•@¤¼jÍÜ ¾D’ÌŸN0KÏŽËÚÎ˜n‘ÈhäZAÀš”!Á/vPÊ #ÉI’óº‘—yù¶ÐÍ» ÖñÄ·ó“ú Ø´c´¡l3~Àmð¢jææª959÷×£ÒÒ¡nçÁÃñs1€š.†Ajõ4_²+¯§>©ì60dGjž$ÐÚÉÊrêtÀrbØ ³Í‘À‹nÍÛMP–¥ù™ùqaQá‚ÎNÌ©ìjÁn‹ìœUÅ ÔŸþÛEOAŒ˜š_ÿ‰¡Õ×Â ýS l–i&7ŠÔL‚—€ÕRÛâÁéìÃÙ®÷J„ìR†|háœt°“ÂDb˜v»ú¨Y¥±¡§óžj°”Cœ©ê¾m@óõÎ#/ï7æßñ§¦›³Z0ÄµŠ9†‡ã°qkG›)¾¶%®…céš"—ïàK˜5íRF¿Œáÿ½Êq„kÆT‡Ÿ§˜p_ßÖ»ƒŸ&Š‘~!R°·2w]6uÚ¨B=¥KF‚z3g8è]Nð¶Ù6,yÇW,ºùk›Œöˆ“Ò#Ÿ°[¾öñåIÝ-ûV.5%6u¥Éqš8ÏEy!kâ|âðqx)›{Pð\Œ#DóàÆLJ’j]ÍÙ´âæöbaoñ& ¸ÒÅ“8§ëUKz¡%‘Ú}%Þ¼¿î®áÇïî¼G§bD=²*ËÐ‹¿òùLü¡Nõè°vÊéËdœÃM»—™k<óIQý–“‰¶(sìF(¾ÀSù¨°?˜H¿ëÖèP7~x\èŸ|¬sR\ÏñL.o5é@aXÃ®JrâŠ‹jÄÜÃÓ|±]Ë–[ÖéVyáŠ¦s†±$a G’ÄôñÎµJÛÆÆ(½3û. JTÖÐÄ˜¤¸T½TÛÃøv·uØ˜œVÁÌŽvÔj”™Ì“ÖFº½7Ùbžô?Õ÷ÐúúYP¾Ÿ›hQ.$!Ì”ñ/8¤Èÿ´”d+ˆ‰ý$H#€Bþ À[b©±õ V—×„aùD¥©£¸8Žö7«´‡SrŠkißçãµôaè#šQÙÏ\lj ÷Ótw‹AÂ%+5¿–þ÷¦wÙMo*7|‹é*VZ¥šc"ë6á¡â¹°¸m-¤ä58ÉÁŽ¡3`økU &àÛAPÞ³š¿i‹éa¥pÃ8©=â,õ¬äÉbÊ†Òe8Ãá×Š´ûü>+¦øä”}OVŽ?î¼püïbWœÊ ì“—€´îºü‡„”6°O×ÿx§ƒÿa 9§%¿öêÙ#Ç…‰§±’“MÏÂÁ!Æü–Æ±žðÝ¶à»C9™ªB¶†*L–vÂæ„«ÑCCŒ˜8ÚÌ'ï³`vf¸<ü-‰/Óˆ¿/‡Ó¿C8Í#cº#Mü\™ëðmßDÂëc!)LûdMge!Ò’—W§]Þ¤¢‹;1£rC§IÞËRoÛçW ng²×E8EÍ*w`â%:½qpUÈ6ØßÜ0ô„]åF†JÔ„<àõ8´¨ìÑõ9Ÿ²³ýí¢œ‡¿Ãd!vU"ÓDÏ‰ ñÛÒXêºcŸbÞž~ÓÖ5éÚŽ*AÀXâ«m]kÃsr€9¾8l¥O±Ïí1àÏ„;–ß¶¥—=kcìL ŽÿJnÊ˜¥ýmÑ‹Qß}wE£Š7_:=‹ßzvw§y*îTÆVuê^0lÛbî¸|C¸òI8‚ÜýT×³>‘Ù3Ë¥ri®|þAåc”Ê<¶…'ÃÁ×•'£y–S Vz¤DäÔþul£2ÙK·cÆÝGtÞ†RÝÜ”¡–è,Ç+ŽM J³o¨è> ÙðH…E OûRP}¸|Akª¬ÌDëtÞùˆ§²4¯a*å4Âð»³#È qÂwedZÖ”6q‰ x¸ydC4+Ö'—„«·ŒvÚÿIªˆ††¬ë†Ž…VQ®½=²óñ›¾lÝ I‡ *ðh*cÝ¿àfÕ,ö¶QC /Ý;¦A¡:`¨ä—C3òüRÇô ƒ"…"(iÒÈYxýÄïÔ¼muÂ=„žýtDp3ÞU8DèW|¶&¹ËˆÞÌV³®8û )µ!Ä[cI²-Ø-¬OÈÞÃja7 ‡&C‘û6zu„0;7ý¥%)œzŸúí¢Ù¯Ïä°«ÿWã'»‚“0»„{à;QÖª67ÖÉU Ç@‹òsÙ€%‰_É7ÐI4o@û´j)+çXºóäÖçñ#JfŸñç§&6Fô†ÛhÚžóÚè\w}"g†)œO¤çÝý#º%Yð¯'éÖSÉ`Ñîubä¼ÿ³qOÂüðÙ÷Œ rÁHêc=½UŠ²Û†ª(€‹?A/ë2ÜÇzi_&ylÝ„ó{€’eÍð=%ïÙDåZ, #Ž^¶F”×ö4@a·D{{¼ j¶t!Á'O¾]Þ;êox’É4úçê†t¬1yH¤%0¾«»P7Þ2Œ½—3Ú-,µ'%>c"[.ºMM\ùc±7.k»ëqçÄ†`ËÎ¸þ‡Zbó¹¯ &>!ûCñôf{pâÞg˜"ÑƒZÓ] ÑÂØòÀ'\®j+ª1dëé3ïsÜ·‹Ùib¼ùDæ:‚1ƒ¸ÂD³æeIÐ&¾ &’£å~ý‘*ú;”9ÿ©ïxÏ¢nÝµZ°¿ëÌiÊÙÒ¯M¼yõä ÎgŠ`zj}ÍŸòü^¤+ŸgKPfê’[xuà„,)ßzÍføgs™u¼›NÌ¶%Y³p|š’hÓæÔœ¨úfæ‘Š²Ø†3Àèá¥|EŸ’ð±aÊÆë4ëUz}fYÀ?Þ×L0ZºÿR;ƒ£¦BÔÄžÎü8ÍßmãìkÏâé9Ÿ2¶Ò*ŸfOÝ\S§cTm'o)e-îŠ€¥ÍIèAT¼¾2sÚUîêæþ$[ ‰ä¨8A"Ñúæ"rÿ+)ªïòŽ9tp8Å³Pk.˜M;ß²‡BÊþB¨T‘æö«£µ¥ê.~–æãð[B<²V±Î|áä·‰¼ôC=F-sâžAÃ. Á3–GK™ºD,ÎKÄ¤ÜT™À¿AÍëd7—”Ã©‡<ËAü²~ëêxºek|+UÓå¬îz„¾æ![ ú_i3ýÚN^Zb@-#µ–hâ§VŸš:„8“saF³Z—p«ª)BZÁ,ËyÍ”ÙçÇöëÎI3¥Ç0¨Cð›àKŒZ~s×XhàÉa…7òwY3IñF Ê\eýL†âOÖRós~ÁZç9yFÏæ‚>–*‚—j“* Ó¸i ä^h½úE+½X-ÌÚ‚ñ¶4ÀÉÀEoð ëƒXÝÖDõP@MÆ†§1ë©'’Ssx´±Õ¤×Ç—»Î7°SI7¿rÒE;ËÀþöåñèmîò·»†m2ZABÒX{<ùêpú¤Ì«‰lŽ!»†«÷¦³g·£pnãÖîÌy0²Ð[Vu×¸$7@‘?ŸÑÚµ‚8ÝÎ¨x‚@¦ †àKøÚðC·uöhÖ®—Ê—¨)Hp €Á9;@ 6ÛþÎ¿3/h€¶‹XŠßÜ3¾ósHÇNdò•qäÐö.—r1<ÏïõÂÉ`Œ¨Û9é—vR¸…© Žä"t@lT/ºqa[¦3À=ß A^Ãå::–z©Úç~I‘mƒó¬þœcO¿›ÜÏ‡záV¦K>yÙ9ci ê§|“×’â±êi…Þ¥Kû©Â½>+§HÊ†ÈU„IÅ¼ÑÀn —ë™§{TfšA5u™:éz±²Š¾¸ wŠÙûHPV¶9ê5s=Ó~žL4_p¬äšÈ¼9¹@zæ%I£½ëýR’"&Aâ·¹ä1”«LBJøV®9Ôù™ns>KX8 ÿÁ?”&åÖÀÈöN¸`%íP²†7S"áÿ<=á0êx±°«ObQ»ÈÄtEMáXªQ#çÜþŽ•bÔ_´è"iÍùr{>ôý«zÁ&³CYü"†ÙIn¦X+ŒÇ—n,ìþÍû·0l™ô|ÜfYÛR6yamÌßDý?QæÅ ¡ÆÙTä™¢Ð=ŽÏí˜šZL;å4˜‰ õ O'5‡“'ïT÷@©€Éç»ãCz½ß}Õ©Jp¶·ãêb!' Ê\%ö¾>)a¯ËßÊe¨» UÈì¤³D ±L<€àÇ9¦pÆLO|%`Ú«Zèª˜àCÔæ‘ ºïLöN&GIC:-"VeñQøÙä°áŒð{4nAÅ\`eêÈ[¬n'Rv"nèjÏFÕ”IFÇ~Í–Ð9²Ûnÿ3ÁFPeyHñÈIø,ûk]eJs ´[ôáÄu9…x¯›84+ý¨£+Ó¤¦_KRâ’£þLtê_H¸˜z–žÝ†¡-?(´è×sTµ&¼&,B¹K6áBÉ!Cúb_‡fÁ0 íšéâ÷“^M -z¤ iƒâbj'RGôhðr«†Ïß¬’¬¹]è¬ÜÖåE=RmÓæÀÕüCÝ>¼ø3vwxW>Õgu|Š•†r^ïÁaÇ€%hÎÖYÖkoÚ6•§°¶%2x Ÿjv¹‘€˜¹5•(8ö-Õ3»k,æRÃQç“ä¨("‡|íì¶O'aòv&Åž9j<áí«d§”\5w¾®ï»ýëó³*9‹NiQÆbÆáMF–yUK¾z¥¢í&¥¦´>1’N›Q‚.Ú,–Â¡PrÞçišjär·†PÂ˜ë®÷P»[ßr÷í“Î¹¯#…ñÒ²¯^–)Äô¹‹[]àuu"û¬áš˜y1¡ Y¨TYë8ž¤è>Ê‰üôäï‹X:PZíÆÛãÑF€li»è ³Œms“„jQRÇ<›7p² \ÿìË°¿@*êÉ>†‡š§ºÅ•j—d W†Õ¾!ÝÁºö=‚GþGæú‘Ð18jN²G“:V» Ö”$[Õ"êú$v]…îÒ“ÒC+?FŸšùâñÎ´ºo_E®ä‡D´l’ƒÜ';ÅÄê"ŽcsØ®½?®¹õú‘³Ð×¨ ÍãÀýÀ]Ý™Ä²óÄÍqÉ¢ŠVOMO¾<YñÞ_rpˆðâîíGYA Á€ZÀ™G Ü+|‘9JTaI°€?QÅ›}‡FÓ!¸(Ê ¥›ý¿‚ôöfFÔ©ç½Ë4>6MifÝÙbä‹3Œv˜¡Û%?Ò²¾ (i[ùiñ`=zóèŠüxvš¸;Mlå˜~ˆÞ.ŒYRÄÛ†C¡’s–žá3W‡wÁ{¦†‘‡0t „S«„á§ÈÆ8"Ók¥to&·Æþ“(›KY–*î)‰ñsÏ<(×ÛÞInhÆ½Q:´¹ß<Þ« AçÝã\Åƒ|:U„Áy( ³Kû!`Ê]ÎrÊ^ä€‘×#hcFã™ÐjTW£‹éÏ.UŠƒD<éÒ‡&–çºsü•'s¦Ã¥?µ,±%|ù¬¼'>gUº¾Qháž1&˜ã|êÂ¡”_Ns¶ÓŸã´½D“|®”Ê¹!${Æ<Ó¼h`ßzŽ#ƒ Ù`¶ÂÑ—Òe?v¾Ï$"É‹J}aê}SÑëxÕ0PÈí®aí *"7 ]²ÅÁuý×Ž0ZÇE$KÝggaÄÄ9”G¯cá>»yîEì»ê¤ÜhI~–¡+ØTj¹ð'íÖô{pCQ@?ÚEæ'ªÉKh¡/\=>4Ž‰ôêÆ\&³¡žÊ^;Ü¾Þ¥[0Šþ9·…Pu €ól½u8¡0¥,aXTxÝâŽPuÿu6.f–Øý²H7œÈ,0tØ²ã^;9f?b—½E¾‚Sž¬åi†^Mõè#{$QÕ }óò"ªó68§"ÔÃ½SÚ²ðQ_®S_ÞYÚÜ#üÅôjPåü’„EÈ”hã]„>Êñ3‹†‰i$îuœŽ\gKSS´~¯4•¥ƒšsdWxÃ)b{ÒÅÈ´@*Çzçg9Õñ&ˆ©0ì›ŒTý«CÄ—qsÃÂÎ´'²Ï$¹H×aÁiâÉª–4 Ó¢‚÷GÞÌßN÷/TX”©›A\„ ¿‚S”j¬„£ú×Iw¥ÈâEAéVºwß,-¯Éƒ6x£ ¾ø¼aLÏêOhÕ N»¤÷×pŸÅCÁñŽÐ„ÃHHçÅ{dRÉÜÀi¹XT^“Ê]QÂ ±ñò‰ò´U_Áj°§QÞ}Dó3ÕáVTÊñk“|Mt¨yíu¼yu¤8®E)½ 4xµêœ—kVýéÎ¿Ëé¯…°ˆQai¢Áâ Ÿ.wÕOy'ŠVÞ9ÿ´îŠQ¹Tœ ðpˆ†2ÐÖÖò Õ_ýôÝ?i‰}eÄuf%$s$îâá©ŒÓ}ù„Å$²xÅ¢_SS™”¿4±ØìSmÄHÝ<€XÍ(º«Æ`³‰Á‰äCq!GE—ùò_EÅ“cm9Ôˆ¾diF=Œ¨Áp·Ò %L Ô6~Îxÿ3•7×‘±Õ›¦=±Éÿ#½nRâz9#f—v¡z)¶¯£²¨?ÐÂq‰®bÒîª ÏYëid «Bô˜þ"·TmM…üêKÄTñy| á’:e‹7±Ï8·óµ%…¼3_!ìXeãKøJfüQ÷|#Þ¹Ô] 1ÿV©²sq®¿½¢ÙÃîÀÔj&_ Þ{¢{7“¯òY|ù4BÑ®p!šhø‰r¤u÷æ+ôåDk§ªÁB¬ãfkÿÂ82-¢»ó i¡ÉpF©šmn 8è2EÓ°um¥°Võ% ‚–XÎv>Ù-¾-YÖ'C ‹“r—=r(îjÞ§ÿ}{(EÔ¯nBQB¥…ñ¯ÖA9a,ÈT/À)¶æhbêÎ&å›ž÷› ùo¬¤9 xgÝÝ†p÷î/ˆi®.AJçWL/Dô.Üß_õÊ@ŸÎpG×µqYúùðfpgµu¦wºÀo âJž?l†*B{R|8Gúøª›ñà]f™÷-AÏF¹BPšËjÚðT¬Äç@´#ÂZ†âü‰Ü!!/ìp(Š/zbNWSsY‚]ç^ÍÉ²>·ÔîºKÏÉçcõ™LÛ`ž\›±_e™¼æ]:ÄÖï_øÈsf z}TY'†¨¦´.[ä]ÍW1‚Y0@¾“À‚°1é«“;G§†/sj[ÍtƒÏy73…o´ZeÜ-ý\tÌü¿PJqéa;‘Õ]Ñ^ézûCHêlÇ‡ËÙ›îl™>¶VëŒ÷ƒ:¥„ÿfÊÔ¸´fŸÔ4V~“¦WRëy^ :ãç0ÇÜw vÇQu'¢[±8X«ºJ#¤M6Y¯ÈQ°hGw‡ÀüÍÐ:¾à[“ùL¿¾´”K©ªÛšªyB .Ý'–Ê¸˜·€/=$ô*çO&+kÜ2Yâ;–°…V(ÛW] Á°©{b|W@|Çz¶”ó»ˆV©Ä?›f(bf™¨VŒÑÔ9öN®qíc2íÛ¼öSà£_ Ç7«`AËðŸÛ8påj)-~—SÖŠ˜îÙý÷–Ûr—Åÿµ(‰F© Õ\wIÜªÇ(g•Ê?Ø6`åóEÂDæ•]÷1¥×®•¯ ùR?e„‚ý¥)„€2‰5Ànl¨šœÜ"Ë;@\fÐ<-f¸ð‰Ìp'dÎi%$šeš¾ât7V°€)¸ºÁÁ÷n~²Oº"ŒìóºU¨÷ÿ÷¸6¿§íÕü°ëµ.º{F¼ÜÐ ÛUIÐê³94ÂÕßkˆkY•X=n fW\b%“3pà%ä± „(Þ8ÑÏpÕ¾{èêêžö¬Ðaì5uäB/?Ùlk8F»d¤¹`ÔÙ¢“‚¢Çp#7Ì ?¨ "íçšúÆž?¾ýEqmªz¾/®Ò ›ÔeñªÏhÂYçíÉµñ9F’¤*—KhiÎiú&l /nåf(’gÁÙ7c2_¾z20~J™ÑUlƒ£@ÈäJ48l%wçË'¯³&~aê^ëGt8Ü½¡ZÿÊoe±)Œ8aèß9ÝCÓú¨-pà:5‚hñvYë˜`œÜÁTÁ¾á®æBÜ•6ÐRŽ üâsð‘ÇÓfþmq_t™¦*ÿÉ†º5²›Ò@mv®ÊlµIP"ˆCÔcUûäÃ[B´‡ ×ðp„Tëîêäi~¹ƒÛÒ/º§Ÿ·E— •4ûÀð °ÃCÒÔÍ€ÀÑ$NK¸³»ÙÝãÆTä·€È@klBÉ§¨ÜC>óJ†±XÍCÑÿÎÕŸqœ¢TÞHÏÆLÔ%Hd‰ÄÜ42Å žŽàêËö·)JÅëG³È|æ‡ª¾&×~Ék7öÿ±Â×(Äk‡eUëþÛ)òÛÀ$²u.ndxŽƒn¥0hŠÓØ$û5‘pW2û½>‹‰s&Øñª:CÖ”€½ÙG#&¹f{ªZé/"j§{-®Ï¸®Bš¹"•TcY‚“M(tC‡}·î“{çGî×Ô§ÒÒ¯>@»/øö’åö€¯ÿÑ½ö©Î»{ÛšžAÐ¡ìï W K, VÙª±±¬ûš©ñ“ÖcŽ«Û«Ý Ý3ãt\-OÞ·|!4#„Ÿà"[0UÜ*ò«/Ú[ç²`e5HÕkbøåÙRÐæ U ³0‘~ ¸k.0e±:îäÚT»½G@êd]!Hæžó> ‰„¯xô±‘dì)LÚ´x‰ëTÜ²ï©ÜY&DŸ'ÉÝ~0tÚw@.*YÚ‰ÃÝ´fõPîÊ1‡“¡é&îºë¢V´sÛAT ×T^¯µ"²ZÜRÐD@Cª³8ãWîÉÝ!Q y†5»ê-Ã³¸ºUQÀO@ö×Ý†”xißÅo¼Åoá_vY—®Xx£µ€ütÄVe;_*MºHð=ó–\¯%Ó’9š—¼þpìA¯Þ¶=JÛä60ªŽTP "HÆ—&Â¬µêh•ú*íý5Ð`÷ÎÄ®ü™`±•"Xð| NÝÖÇŠ0ãVÅDˆŸ ÓŠEmæšè‰ýúÕ H,Çð¡þç¥[v†và^©ó1^·§ÁŽîWfrÀ¤³ä€ý{æ>SÜn×«O*•»!mdV¶?/Ž¦I„û1²J¨Júö©nSn_£üŒu*ô:¾[ò›éðjÔ7ò1Îd8ÈÈ;¸ u_FPŒüã‘E„®o†©®qÙSÈ¨·ÖöŒü¯°ÛìÄþÄ©îF7–òåsÎ˜D£>'µ -Ñë^=Ó$ªm‰Bä¨RkGzdì¨Åä;<ú³fA•1SlTó÷ëø˜•”yœösžáš÷WW€†Ê™`6#½ükñ#0^ãÈ|/òÂÂ(L¾½Gá‡Â£Ëó›ç(ñÙåÍ»ÀYq[¸Œü%ðùB<ß±aÑ…H&ðÕüŠ µ^1ø*0öO±!Äž‚*LÃiSÕj8KË k„L*½ýŠÿ@eÇ¤;äYiklÏÙKDÈìH¾lî_Jûé+QÚ^Q¥a&2sp"´~L€Ý°(˜<‹ÁOìx8¬h1ð–3ýOÞJ/x•?Zñ $©ú/¬¡66²}»5±ôçVIÓÁpI´)½}D¨§±išuÑræ…Æ¹ƒ}'inèubsŽC°ñŽò£8ª¬ „§±àTföÀÝíÿ2ÝvZ=_®¶§Ò¹ðÛÿ´=oc¯7éÊZG$Ì¯;i‡©^©ã¯q8M1M½Èz¹¨câ•·qýš™z]?5# †Û,™Äl7ÆnGWïÀå! "Aöîå¤[¥Ñ‘‘e5‹R2Í†l‹{°r.q¤2]2ÓTzŸë¡“D{Ðm{¼8“5¹ªrùçwIw^„|«v”¹û°¥64µ]2aµ™3p·&|Ù9¹ª4Š†Ïœúeü‹rôO®œEù.Pl¾S@‡q hÊ5¨0ëÖ¦I"›dèM…¬ð¢›š°£l&5™àh•ð:{<Cþ?)')\)3ê°(rãÁçÜpˆž‚$-yûKüñkþë¼â{>Bþ:Ç´`¬rWÉ a(ˆ·ƒKâÅ'ÓOÎÊš/¯’‡:>”ò)^öiË×T©¡’m¼Ïz×J—R…ŠÉÜÊ|‘%ÇAY=üñžµ{ÍÓQâ‰*Úªî™Îà# à ¡¡sìÊtoð‘iÍ"yLlv%5½Cvé«ŠÅ¾#k&ÎzOl×w¢ùÌ´ÌÝvÞ’ÅI¼R~ hÕ²¯Z¬æ ,“…$ë9¥u}Þfp99FIQ6±uŸ VSÖW[{¶þN+]|Õ@«úR0~²“µ Ì<Œ]ë"§"Õ8(ZRÜHAK”øýäâ-ÓaT¬û„®´ó|íÐ\Ù!·\÷"ø'o"@sÄX@´kòRµ,àÚêb;®2Vójÿ³ þHJjÉFÃ£C$+~ù<Žþ¿ +‹8D`e×ÀîCúle©ö2®hP/t6ÅÙÊÜÈp²štï• ÙÝ¢sø$ Ë‡Î¾ùÉ7åü¦ôQ3,G¿9åXï›óÑœy*ï¤Hƒ}ñ–ß‚8©ZOúÌÀùV˜¨°> ‡¹ÞÔ›~çZ›l/PÝª,ZáÌâµ9Ê‰ý,pCÂ"Ý3_©QZ7ÎŸ³‰ iæõ´0G7Ž,8K.Ë|¢Ô¬•túmyú›Á“¹}‰oÆ²îgR+ugQÑhv·®®éA¼¦ýÒ¬³nïÜÇ'8Í¨¹X˜„”SnÎqÍž?™¶®Näï?®Hõ&ôàÜÀ–,çÓ Æ¦Úë auó#©0Á`’ÖÿÔÿ>ü!’ÇÖ¬î@òGûJÝDþ£…pq›¥FÚ¤#E·,¶‚…+¯Ê-ÅÍÂï\¡«Œ×wRÒÚ'„bjï° <&$:ÐÇoûÆÂøŽB„uŒÂ´ñÔ‘‚ìdùkl»íòŽ¥J1w#Â÷'¬µHP;~BVxï¸Ô€´¥ÖÒƒõ3Ö.‚ÊÏ[Çõê”W£Ò2X·ò0ØuùyN ]N¢14´vwW/J-Kéì]1Îw 5UÞ?¿ÙŠÓ/u sŸ‹jÒÊX9QbDòši"Š°ú¸¸rsÀH¥Ä¢zs£Ã_‘@„”Ü1¹‰$ðÀ€¯aEKäÙ+«l-õk^Ä1ŸD¦‡Pœ )6Vþ^ì¨€1-ÿÞc4†ÌÕù „˜±Æ€Q0 Úv Á‹UÅ6diä¶‰«²ôÕ~\MÇ/*\wAIo<Ãu‘‰AÜAp‘!Ñ¼Ïc´~ÏuÆÓ"üW‡Éº+ñb%n_Sµ‡LŠ—=îì×Ôí2|/\…E¨ç`ðxj·Z#ÊzuuôYGvÜ¥›•€ Ñ€:®j²8C¨F/=kÑ8©vQ¢>ÁóçsŒ+º’²ÐƒÐgøÉ¶´jARžvp»ª z÷þgÁUE–Âë»Ø«ŽO×VZ,î³èÏõ¦áKØ³*-óZ/ÊÔs¼xYøÁ£~Ç$¸úU2NG¤}}hOJ}øøuJ0)FÔõ+~JOmIQñ¸ ×`RM-DuÍQD°?> Z³Up¦ipÛ$^Œ@:1@ø^ï¦Eö'3Œ¡0?Ý(^ªÉÎRY]üëÍŠÑ¥`ÛúùµÞ'üÜÙÜÚ"*FÚÌQqñWÈ÷Ö‚Ì6'Rh¡©íe°ú‡8“””=þ3dS“[µ"–œ‰Ÿå:£ëÉ>½£«CÁº¡æ´ÂfÏ–§Qz[Zp}Û’¨›'||Ëm–húGêŒ· êØ‘/:àë‹§4id†Hüÿ(ÌÄ[G¤—PÃµ`¤ÿo;À4¤ÑCÔàbn¯À)ès¦u(HóõñóId¤…J …¦Œ˜ŸÔ»•0w6²à*¹Ç\¡Z”c>¶†#;áJŽ¿Ä3!„VùÑú(ß$_ìä~Y{ÑOa™•€ð«3-ô9½RßˆÔ[·Œ*!ƒLe4³{\°1øô¥-ØÊsE¥í,L|)/iÁÒwžyL·>^î_³%èi(l›NïošF®½¾ÝŒŠA+êÞs×ÿ¾Èð°uvsLõ£ÐÿÂ>½N+"Ççx8]1ý™ÒÇt‹ƒì[w÷{$¥n•l‚8h:té¶^ÚéMˆ¨½„!Fþ 0ýY¥Øèþ;Uê§¡hTþ1×±Rñ¯à§-á0uL ÇB{LbƒN´Æ6Úœ°ÀàÀóu,3p.ÈÏÒÌK™1©ŠÇâz²·+=Ãj=í.3cåãV´Â¥7U 7u´!é•)?Jÿ¶–^º|dbÚÀ@WÚIgLGÜ'1Ñ5.EÔ]Ì«š9/ßP{r>MÜï‘:ÆE³9FTKQ3¤ôr¢!xP†.ô²·zà¤þciàè\ûõR?ZÄ¬¶8~ðˆ:¼ ”a¸1¼c~ø|œÌ£e4&ŠŒ08Œöí‹çÿ‘ÐAÃ~²×0½G“Õ>ï!HÙÆ{tëó<D¦Ûté.ó±j0Ì íYe da9|…Øÿª^x7mORgŸ|ÚÑi9½¤[ó›Ú!Üs‚ZÎV©Üº3ï Õ? .]_±Æw¢¢°ÖÈ˜rºÉ\"«úžhTå”º³(¹»°q2ó7_ñö( (hþÔ02&þš-rLÿ˜ @ÞæivÃHDRÐ,ÛßR" êr“*˜ñ×dÚÿB_H’P¨Ë}""%Î‚j]Œ³¯ 2¸¬xÿ»2Ä‡„cäA57›–£„ÙG‡˜o['½à¤~l–:/¢hÿf*‰º?†öL•yd™‹é%_€U‡"úŒª}sp…qî0Saü‹r£eÄ‘³e˜D™Ð e?J“^Y¯›Õ¹/í·R3Õ=dÒŒ×¢Ëðò‘…þì»ä¸ PÑÿMõ¤qóÌ‡YìŸORlä @JÓë«|£Fë·‚g½z÷9½XÁ'ú-ú×Ú¶O}Þ!5Åª¶Í‰Vû@ÛÄÌ…–û]Eß7í}:Ëê~6u¤"„^„³ð[}éË´¥‚,+¡¿s€ìÌþˆb+56˜xR"3ÖÃŸ_‰Ú¥g$¤ì›ÊËÂ”NDL'ÞÔà±¾îKRXµ²ðùÑk€N$?]É'`[*1¾_ú1† 3ÉÞ¨º.YOB0·óª|’sÉçäŠö”²¼k+H¯uññÃ6ÂðK”Åý‰¸S}I‰oå×UæÕ%wÚ¬|Z‘\Õ]nv,Ó¢.ö-¬Áú¶[©×¿šYXRÈvöû6‰¥‡‚Y`u½o «’ÊX*xB†Zú—Çyh4Í¸)ÝAS,Ž\ƒ/Õ6^Á‡yKW{ˆ}^3Õ§Ìé°KÛNA@¨zïÌ’B8ß¼Ù_XWHñZŒ}íÉ´¿”{É¦ëÏ3Âø’jêK•¦SééH‡ Zæž$Ï"q£“˜zX¦œæ™4üãT7fŽO'ãHf[µ…*ã ¹þ$ÜÎÑ¶°;2vŸ@´®Yƒ\îˆúæî» 52‘)üÆ|Ò¾Qy >ÇžgÚ¡ò‡E™w UÆž„‹¥1ˆ›Ý»èÖ|·üµ’i‰èv«©î¿l“Ì¢7û@¸ð£¥m âtÅ HÌ6¶EôÈBóÀÏƒ´E@šQ®£i¨Ðì²÷-Æ‚©´«ƒ•â†ûŠ/O™÷ëì4ÔÄ„g ({e]Vßîsþ‰ØM43eµ—Ì™Ëå&“ú¸ÐˆZž0Œ¢ñíw‚tz K9Q÷÷IÂÐÍ¨kãÈ-üMÅ¨ÛŸcT¨ Å¢CŒ5©Â”ÄÒÌÿ,ÿñÄÀ²˜B7mýx:Ð‰“Æm|=•ï¶U¬$§ _Ì‚ßfaÃ‘8¾bMÉúÿ›e ñ(ï†8i)öEsBKx› ïß·m‹ÃÌhëÎ6 (g$ÙïŠ S VQuŸgÅÅû zÖÕ²QHœí¥û ~Õ"“É×Ä©ëØÑK®ƒ7jbî"š‡C(ýA–¨N‘ˆ´i)ÙÚ^×…[ôÇS°,Ý˜KÁ5W‘6ž¹+'#¿ÅÎ¿ú1,ÜÂ?[´×`sât“Óšl¬—ä<9šrF“fI÷V}"Éë:ïeµð+%>þ»ùøyÐ…ô1èSm‚b©¨¤¶e+’\üƒdh@ÇCTñÊ¨G ÷#8k-8ñïKµÞ»(§Éúš‡ÔW ™…kÜ{VTÒko}ªuf¥yXIjß™wê;.ÏYz˜TsÓJyDïUq|º\™›‰›^â]„¬ü ¡8ÜÉõ6•ÛŸ])0Êr[ZUî0NÑÑd#NêÃâ¥#:¨ ·8/Ô‰cà†Tg½|žVà3<*ºŽ3Å-±u¤žûW ¡&épàM® Shs.dçä3X£§¶m[%æø"“DZæ¾ÇIrñ'‚s>ä³!l>£Ù ¹îm‚£ £I| ›gM‡=áÊ¡FÛyÜ®T“÷UÏx;–»Vß®…ÿâ\Ê$ËFüÒX\F!8óhÌTOÆ¾,£Ÿ\¶ ä,'rU|æ±K Mž®"àÔè‘ªŠ¢´6ì®(ÎõN2V{î¥êºÆ¼¤‘oñÊ:”s!ÿXÊ“}»Ììuý)ýŽ›ÏÐXiefM”Ñüfé¼©t,Ï õhç0Ê~LKªä½ÒÔK/B¹{re‹r1_v.+°“jH*FÅ¾¡'¯g ¿e[-±ñ>Æa¸âùdÛ=¡ˆUZˆßé¾Y×hÊ4%Y¢ØãZ=l¬Zvü=Ø •ã >X;Ží’òWišvÔ[ê+O2Jì¿§å1þk$Ò–þ±x¸¯f×Œe\âL ÏŽ»5{g‘ŽRåjí/H$ÿfV”˜4„|&=,Ÿ@-kYW±`l-£œI¹µ½kà 4+Ç‚FbgyòËæ)Ü„?ú37·és¢ÆÍƒ³fìqG_h¬Å2ÊŒ¨O(y•’\’Ó¿ÅäºÍÖ—‡QÙú'?^‹ª"yhµ`nAÑ†~èG ó®Ç›s4¯hM¤³¼âË§¬ò§u€Túì‘2Þ'xí5Ã H\›Zì‰.~:Ç)»Ò Iô_+¬šÝ¯gt2¸¬s-ß¼‰Y&HE|4íç±r„ÆÁÆÉ¨ˆžÑÖnÌÆ0Z—&Ô›TÐÉõ”ïË@Ru˜Æ):m*Âzp¯mSÅ2d€#f#esTúvEg³4S9™ª”ÙÍ}ÿƒ¯ÚQÀ¾ïYb‘õ•/?•ÍæC-…e·µ¾4HÊX×¨°cšyŸ¦€¨}.¾q ×Yá/¤…ñÉ—.ØÓÀ:ò…ª'ÌèŒQÜ†¾n©³,c¥æv2\pÆðŽŠ$_JT†Gu¹¬]¼S™‹¬’ÊË½õ1ÊDÒP´ÖsšFš¥rë½€Ö>X¥Nã ºKè¹m€Ca™L6Æ>‹Ö'>àñ ÂÌ÷˜åÇ¼—Oskò€>SêYÊ-1·\êt7Þ Zeaƒ‘—Ã&„¤ÍûgE›!ç„ÑØInÃþÓXº¢<ÉgI²£¨r'É®—¸4ŠŠµPa– œmT¢ó„ëC dZGýÊŸ¤~Ú%-!\–0)P[z`8¬êg9r9ª•±Ì´."SŸÛ¥ÏÒ7¤.ÏÇ¬a5Rxs¿HpÙ¾0j=å` (‰î¤X}™¤$¼+`[Ö-mÜ¬ó«Ú<›iŽø‡÷fj‚•¯:™5D&–wñR&@ýáÍCmú_írUÙ|»em|ltðË' 7ëÜOd6ôú!L¦§ÈìO†Ã®Û ±à‘›§¹&X)½§NBJdž ª¶!¶ƒƒ ëâ¢]øÏ(K‹mn¾ŸÛ—L²[×öw&–nE`%.´±ÉÓ¨´üQà>p‘[¡ I½ÖEl^ˆmoÛùùÞíÅ"£”h:]W*[¥)„±Y(VwŽ-ËÒ#SVÔÉžã³…Óy@„s‚Ÿ%écØé9sÑ\–MKÿ¡}wqàAÑ†ŸgŠk(ˆ•ué¥ì·s…oŽbÕpÕñ³X ´‡8Ø”¦¦+¢cÛôßû!ÏKÉ®w§P9äâ™ÒLÕÍÃ!“qÏÐRHÜ{i…Î‡÷ïFm<›9Ô˜s.\NœjË6–-ª*!Š>OŸva§`égü ä½±¼M~YÁ|ÜçŠÂÛ$2 ½Z„al¯»Ïõ6ŒÏ—/<¨EmÂØC"²lÌXv¨KÊOýèKÝ~â_¾Ÿ/Ðâ•—”ô}—÷tIâèù–EÜ f~Ï%Z?¥=>$.•!¼`ÀúÌùïz>vbw+8É¯˜[dF}Žu¡ä·ïâ×KzšÍa5—Ã\z¶²PZóžþN%Ep§à’ƒ’æ.nê`ýòS‚¾fša¡0¼ç\ùõ¯# ãú“ûÞ‡¿1XƒÞ¨w^_ºÑ1—så³«þ¿ØWß@™œ–ˆ&ù©'DZ!kˆ£pŠG×à×N¡=¤Ê±ýüéç•Iaf‡¨PTb|+œè²tp«ÜÍ[ÕIBFó ¶2pÊâú‹?j¤®õË”‰• ì9½7ñ‰~áj¬~mu äž©]éÿö `âåžŒXir´ôéäü«¢’N½&9H+º‚|n2·èˆCóA’œø˜ µ½?DFöô<| ô~{%ÇµÏOÕB»Y½õ„ðÍb”„5m )ÓÊ~*#ãåùæ¢ö™Ê’©—´ÃÆÉå« ¨iåv_”Ë5aøÜ‡¤Ÿ"]”WÂæhÙ¨ò5þCÜrÿN»Á¦²}ÒBB¹è‡HHŒ^¼Lµ±þŽLûs¡ÌúÏTºq¹Œ%–Ì¨îÇ6y±·pÍO^³k êKXxPí¨g¶W%ûX>é•*Ä2ÀÉèíEàuo¥rw„Ò×¤a+Kà—üv5d]·•ûþ¿½2QŠÉtUQ µeEÒD¡îKù_ß)ñ¦SJxb§ãY7‹>õ'”Æ¶Å2‚kß+r!7Ø;’‘h[ì1˜<Àôú1ð…fmWBäã˜‚4ù<RðÃ[¼S4Á³ãñº·!Ó¦Í…ÿée«gÀî}.#z—ˆ»Kÿ7t³³çW/ð½Ðsßñ03sM¹€µ|h@¯4¿8‡òÐ‡,l2+ÁÑ]‘e¿Ï¥Ï1Chò2¶7U'i›ñ‡€éÍÞ“÷JË„-ñUÑà ñd=´,xÂº‘eÁì¶)\X¤P+Vž¸SMà¤ g®}[nG f‡´Ilk×«„høË†±pUîö~RÜnÚØBï»˜‚"6}*µ@°=ÄJ'9ë;k¼¿íZúý¾þ¿vÓ0ÿÔˆWta§À? S$$•GKÑì1'ÿˆNŠì†oñ¿±²qÇ:‰¾-ŠÈáR Ì|®´qÕ¹Úk‘ATÆ÷”Pºg™Xó”– am\XCÃƒ ¾SŒ¤¸Ê¿©ñ(Mf uè/ïòÇkå¦elw™Ç¨J^Ô9PûøVã`ðfè9{,|CÝy°.’/–l,Žã«á"—ož+LCùHdU+=Aë°V^<® ýO1ÆùË FÆ¾l¢'†í±ãN$#€ö™}£úòuÿ„¿¶ýH‰_c«%\íu9…Ç…d¿”^¹ IÑÜ¤¤ ù$Où¶¢ÂôhöÈ·qòac›nó{g5–»3él tìúMß…È}:Wlž±ÈÎ¸Ž—2æ)¡È¤<2&÷éÕ—øVbMÒbÒÝ5ÜØJ¹„Üé½è´CòxÚRË¢¸—Lt±òÞðÅÎø Q S-†£ŽÉXË¾oqj³ôäÕ·•H¾+ž§VÕÑÓCªÀ<±fþëòULBl2–pÛbfAòêiÿf ‰„qõ©)Æ÷¯|VA]?–Ï=¸3ÉÓèß•^ã{?iªÝ¿Ÿc!æz!, þ©Æä÷#*!šºíu%Jc”htS(œF"Nð(ßÒ¿ú¸áøµ¨P¹ì¯*ªw oÚ*1ñ›aó%gÙ1{œŸ½h ³j‡èí¢G4èÛ4É*ìð´}â¥[«ÙiöþàKÀÀ‰×†ÀÆfžRwÅJì“stc°-ˆ\®^±jé?ò,¼.”<6‰èÁañ+Ž92XØù3•œº´ŸÆûá¹cPBl½¡fåße²ÛÊA3ŒôXÔy`FH£V¢Ÿî©íFÃSþœžod &»í!ÉüB;HYÍÙ‘õ™ê¿îqžØ¶*Žäµ(‡˜‰gYÈÂ’_A–ûÌ9÷§ËùÍ÷[7Ls"Ø¡ëôÌ5Âº<#ÇêY¥„Ž€ì?:Þ¡ôïÇ@JÖ’ƒk!©ŒxKE‡R²#i ¿àÏ#U»!‚gYªse>smÎ:+S¬™Ù%—ÅQY¬‡Ô¶·T6¿êhÄºE\v‹Œ| j27§¼e…'’©q˜:âšŒßc¸+áà“iEêç“}Ò Ô¶¡Uí2NºNýëæ¢ÕšÖ}ègW`ÙŠÈ3©^{H©[Ï®Ò?ÆcªP±€q= Ãå;n44-/ÀNÍãµsHâq²8õC%Bˆ‹]n (™W‚sÂbWÛ(~ÔaµÄÞGä±Ú8KÌö ÛSÄ58Í4N¸E®€ÕgÙrA}t¾‚Ö/aÉË¡´)Pì¬²zP¢J}ü±†kÇÐ»ƒåƒ×âÁŠdÌ>r6ÒZÌMéåË.œ¶KLÔØqIÐdV|Úü kù’cZlnÿ-Ÿý,’rœphkÍ·2×+m¿˜à§ùÙR×PI¤}ow°ð„þ*‰D6˜[‡½‰ŠSE°[{ÈRˆûÇÿ}HP¿Ä-» v2+9´^ 3¤;ÆãûÓñÃT¬ÝÆ^LÕvÁ{Ì6:í!U&ì¸äòf¨ ¡v¶÷Ò*°‹C¬~˜ÞÒÆéŽ„"ƒ.‰ïÿ„”ý·8c…Äºq“KÐ¬¸^Ö[•qC²J;!d3(ª—˜Ã›`Èh5žVoå1üÓ#ƒ0¨•b·csCož±÷#eîÏw@T»žÿ<™µ°'z¹ÿò^RbI ùâÂºÍ@³åPÒW)¥¤/ÌŠ%AþÐ¸7ï~Oçž5*d.)û3·ÏÄ‘ªP2iRÄÈÊÙ|wUyþ<í F.HDOçŒæ#~–/¯ !R¼q—ÅýF ÐÂ-ù’…ˆ§\v La‰þáDB ›ÅÝ…æ!ªgÅ|ú£Pq)ò'g²Ý†Zã=xvó |LË‚}•ÿDÉÿÊ »E€EEz3#Îë·îA¤sâ¿A)²ÇI¾`ÝÆÃ®_àp‰0¼„®R‡¢œ¹^OdØák5Þº]L"Õ„þ=ât‘FL÷Š/ëOG8Ì¨i}9Œ£ìån(dï à·ÚÑóƒÄ@0‹8!¨+Ip+1“Ç âìTh½Ä¯ÈbVå$ÞjIl˜0íçz'€Á†b®¾ñtg|Ôkñ,Þ0¾C‚dÔrYzmRð®’b(¬\KËý%DBùW#RM…äû§¥ø‹¾3€"4Óre2xsbKPÙàLË*vO•à©Ò‚»l†°e„Œž×Š8ÝÛHów¼}°Çy§f‚Š4"*É…=ê+Ñœ¨ðïŒÛ{:x!œ]†WøJ'ëoI”v0ÇJ „”lØÙ»£æ©ÑÝiàÔ:û¨èØ-FÍ5±i(–„‡aÔ¡”ùÙ(²(Évt]·½‚1`%…Ü U¤h«åô’„Ó2^é4½Ñ[d"åÎZ±òšëãÑ—ðú3z`ç²ˆ{Þ¨Îà„=«ÃÀÃpc›?üßýPìù«ææ¥Î^øü#Ÿ{;€&_ïR< ë RRÎåÍÍ$D£j 5Ýð¡ Šøïr{Á$œÝº`¬sˆPfÂL*uñ»½ á³WËÀ~äî4š^Ñ™ J–5*¥¥ˆ‹ÛúèZŽKÄZ=Ã’.{œí!?eã°²W¤C_’'a“¿N¢KèB·>ŸÏ»¢&Ú/Jò£°€iôV(Z”VÉ¥J–-Ûî¯D÷&X~Jq+gM[ “‘-¾×LýHŒ½Ñå‹¸“£›ù´–ÝËi:Úª¾^–‹ŠzöQ á^ÏÊ+h±ÓXeºTg†§Û"NÆoD˜|ýÄ{†÷O.¿Cp\Gæ¹ôÚÃËX–'¶a+XŒÍ·ÿ#ÞG7ž=OŸc“ Á%‘CEùþv·˜Õ‡õLè’†\0ªJy®dî“KO$ ³þ¸¥îûÖoô [ ,ë<¸²ÉC3dÓ_Î}³NÆÎ‘Ã,•\qxãòŠ¸è'hÓ"] MfY#f>pXGšWà¶s¨"vwàBÙÅªüÐ·"wù1.:wXå)aŽ”¬Ï¿)t<ÚO6(b ²ˆzZQs6d²·èI!*nT3E_ôÒs,§dÐ{&öø»ømÙ æ2ì¤óõœ\¡sÝnÇAa½ô¿®z”^ ÷w @PŠ½~Š zT(*8žA;^MõM€ [-®40ZG} -¬vÌÑç<},D†Æ ºkºŸAXI™ÈÙã`ö³*$ÅßÈO's‚îš]Wû²ZQ” ÎV”¡lNg_.hso¼mCÚ]H%áµBLþÓsÃ`@1ÿŽÆÁ‚ÛÕE™Œ„êÛ×Ãý õjµHp‡òl¯ ‚eýÎ>ïá‰m>u!ò¨Áÿ˜ªˆ í¼xÛ½à—ÛR}æ±Ylµ£~…¦%“è7‡uÆ\PÊ«Þ½‡œkˆ¡‡ tS\ô‹üIqg÷«9#\¯ÍØ¸Š–ßV#p‹J“½5äÏgšÁ„‹æCžÌÈ®z|n¨êg2 LÕ[¥ïÐ¬ošäcÀGàÛ1ÈQmdäì1lÑ"2·>&*Ó5²*Gµ8m:÷y¤g±ø(n)Ô²º$ÏªÁt®nÏ=É˜V' N÷ÊåØeÁz•q¢\(!àƒYDêÍ:rAùhféDž ýj¬¯TúÀøÞbêŸÄâ ©¾„<8æ•Ð>Éâ0§ëàòÚ‡vºšèró…@¸ì·\Œ®Et‚Î~sÎ•§½c3Y†èúuVÇ–-í¥ðê;'ñ@ZLS(û.X:(,³-Ò•oÄ…¦ies–ºjjgºà‚)9ëTy È=K?=l”qæZe.Gz-YÝ¡u¡ˆê`ÞºÍ/|‡â÷ ´°¼ö¢7¯„ì+?è4Dg¿ô«iWrõhieø`³*)$L%! ú‹lÖëŸ@v³>7ïJV ÏGW¿u—ñ#Íµé’nÆ€ÑÈÁU6ý¸ßÊ´¸›‡ÀyžËËè˜ÖÑö…èd[ ’ÿ›·°í»Å«‰*ì µ¯ÖKfoÅJÄ{·÷“årÊJ'¤rKÛŸÅ½mg$4Ùª1~·./[úx•×kR EÛ7R ´ÅñÃ¨FZÝû ÌVå8O0Uì!ö]zï´h{uÛ—ÉÝ› Ü¬`[;iÕéþRüÒÒ:Ô’dùÇþúûÙðÿÖç¥9o›ýJö÷îbZ}p¼Š|Ã©³¿‘X~F$Á?õB*Š$gö¸Š|õ~±-duO9¯Ö(d£ ¦¢œªcýbíþ³´±T]~Ä`úÄ–?ióý þüB"ª‘ÍO;Ð„‰ÜÃÐÊHÛcŽã#KÛ?ÀTu¿›ª“-ûdj¬Å˜ªÀì<;¬±%ÕÂ¬°DÏãvà,x…¬î Ànu$ruÖ€’/]”ê×DëUŽîŸê&a…¶¬*õü%™ðÝJ^®¶‡{é²ÆCiû‹oÛ¨ïä¨‹—4MM´{'HB\WÊUŒÉú]WÌ/´ü²;Y·&ë"gÜ‚ KÆ¼ÙV‘°Œ– m>¯ÿyqÓÈX—Ü'|ŠotgÐ‘5›8’q—iXR·P;ÝÔ1žgzÓêžèL‡2ñsqŸYñÅ©²á½” kÿ™Õ¦æ¨"=ÞK§4hÝobàv½›Šû«º®Þ ÕÂ§¹ïŸ0²ÈjÅŸ9 J£Î4g•×7©®ÎM£|%îâÚãòÃÍ/É$XòH2U.7)·d<ËŸ;«óEz«Ñ‰‹qÐÅ÷„[jK%%7\›1™ùÑ‡düš˜¢F…³ÅyqÝ°ºEI3Îò;AÝLÛ ÍÑü›Ã™L¸ÏEa'øŽìy{Q“IàzSÒõTòë;Ñ ÉUã'ê U«ýTµŸ«Z·•¡¦ð u0NŸL¾ÀEó)0\4¾ÿº– ˆ—Üð´á³„E«ŸzÊÞ‘÷¹øÈÔ1˜ †zV‘ÁªíwKÓ+*ˆ„ú&ù*•¼#2Ì¶¯¿*å ôhµæ^ÜeµxDñ²AÑBñÛ9þ¢wÉ‰s¦öÑÜ1c–»©,ÏwXvo´˜‰ûr®£Ðç¹¥oîwã¯ðÙZ¦$ ¹8‚ 0|s›'/…J\ÇíÚ#Ìl W”‚Å¿¯eÑ ‡A$Ñ8Z‹5°iWY?Ýî¬ZÑ’ó?ÿLE¸’}ã¡×lF ¶Í¤< }GGŒwÓ‚÷:HÒ²8Ýì{€Tvì5`¡Î‰GÝ’¾ŒÆf›pBKPÎ,6rÌ‹Ž Œ^²ÚKXÁCß¾è¼ô‹ ÝC½âF|gBo'ô/¢‰ýÉ¸>àKÞAšU]NÙû@ÇK#`’v@ ~í˜mßâÓÔ¸FâÕšaÄ@¢©qrå¤ù§´lèãçSP Õ'¡ÙXù‘ÿ¸JöÔõé;¡&$—^Î†?¤'`ƒÂ‹´ ó:ê¾T+’{F¼c+n¦¿»ôÇª¢RÅSç9¦,8:³¼Å—{Ù·( ût[¥¯Â×Kçît¼PÚJräj4äqôÍXörŸ)C…%2ö ®Ï4ˆ›Û¦ÅÛûütd¥gpòÐX~5ÑWÎ—¦<ƒyÖÈ,˜x£#\‰ž±í(1 Ér˜@¶nÝ`Á`W² yèMiõ ‘6rYÙmŠ¦¢CötÄ˜{B[b¨ß´V‰˜x\vºÄ)Ijš ·ÌtS¯po W)€í ‰žQpã5ÕèÍˆ”nmprçuÛ¬SL;½½ª‚m%/cM<•î@1‰Cü@†·Ñ3xÊ’€ w6ïº]å¤îuþReäµž£F*O“T+Ú¬îÁ¶–.YToèëùÞ\áí&MÔ]Â¶œwFzwáÃl—Ñ˜@î¢ÃµaÉ!x£ÏHânÌÐ¯\œÓP6šÍ†Y6DÖëõTàñ9žåÉ€èëpØšDO2±`¯þã½‚€ëGT&¤÷7¦‰$þ3·H©ÃUÿßêdÍJ©¬ž]Zø¡b¨ÉÜ€ó¹²ÚõÚ¿JkÖRü²>ÆsD9<üÁ'Aõßf‡G×ÍêµÃ¨Ù¥rS‘¾DŽ Ð)štÛ‘™Œ'ó™ÛœêÔéç}Žê÷º†xÛåÉ¥›£.;H½Ó¬82ÝŠ2fÊ;E{LI´]ø;‹Ä³áÞžE¢yt)ýÅ7¥XN„ŒÚÎêx’†êõÐÒ¶œFó5«VºÄºÄ!ùÙðŽ¥Øb¡œº¤~ƒú@Œø¾Õp:/Y”5@:Ü1œ³Ùôý, PiWpƒÔü>¾u}þ×YÙ’îÃ¦9|1áZt³‡0!—ÿz®”÷iõÅµá’EÈ~²Ï®ù‚šÕ0š²ûŸ‘èÓ=":ñó©œÂ]í5ò¡âhAÞßû#’íÌ‡zm6±Ú F|ÔÝÏoŒã\‹.„›5¬›%ˆß„cDú¶ÖùŽrJYøvÜ£˜“JOËªzP÷3JDkªˆ2¨›‰ ‰“‹”ùø·æ«—’ÓÕíÓ|ìÏ€Â¦£¤ë”ÆBFbGo?&£FQ~Þ“œÃR£‘Ð¡Ô7ï[œ%ó’J‡to¨upBZ´ëÈBiÊûe÷ò¾ÿ9Q¯ôÈõQÙâoÄ˜ŸS±›.Ph¡¸bZŽý¢Ë)qmdˆ÷Ø<§é´þÚP¾}Þ3}&©4ñ™Èª"tl:ý€ˆ·šyJYF#ÍÏu§y¥›_0¦>†‹ljÊ(Opw´ò\2á d;¯úDtÓ\„k¹Ñ…»¸Mq<,À‹€»•R®ÞD:„ÀÇcoÝÅJv¾Âb¼™(H?Vç(¤Â·èäJ…Æ ‡î×cÈ€pä¯ð™²ú({q£uBù¼kþrÀ·Ü×!4Ñ—ÈBdxÃ‹¹"'€4»ŒOHsÇýÔ yø79´¹®ÿÇWâà+{þ©VÒO d–è2 þL^hÇÃ(ßWlðH?¢—'-¿È¡5Ü2£l¹¿È5GPÿœ”'‚GÂ "(œ¦L¬TAš[Ä´Žy±%œœ‘nkðýâr±xóÇ²^6c÷T(K_¨û®ŠO±¸£¼g¼ÁâFˆ¦;0… ~Öˆ¸ò‹½"1Ã//´[IfVd‹»ô„u>,ÓÓË2®OÝßŒl¬ØS_íP¥I£}ï,Û\Ñp«Æ”Ö3‹ÀŠäŽÃ"¢Dn4 Þ‰—¡"bÚÉåç‰ÔïøE'¶‚âþRfFý‹Ht—¸5o™?”†ú?íG8³«È4øM[u— {PSž¤y¿UŠ‡5‡ò£¤0¦)½bëéÛYõ":‚aÕ¶“× Š·:( o–kæ$^£ýÕ´ã:‘ÇÁAÞfkn§êWtÙS‹QØûõMOÿç›á@áçh·¯ý‹ý/-w8ê£³AN$g³ÒaüMI¹Ô_üTë»Sx(µÉƒà1´ž×¼™l à‡÷ú›§4õÅ¶†rÑÛ³ ¼F˜lü—s_?>zI|íü{røóìþ-*2DûRkzÛ¨5QÒ¤Ëòóx´lrÎ*kžÓB¼nWGÄæ<‡Œ}#á¡5Æð½øß§øºÒ¥X¶éß YZ