í«îÛpki-base-java-10.5.9-13.el7_6Žè$>èì÷Œ»9nãªÃ¢èWù¢>ÿÿÿÐŽè7àL?à<dèéêì í Dî ï ”ñ ¬ó °ö ·÷ ½ø éü ý þ % ,' È' ' d'' g' P'ì'¯'r”'0@¬°(38<õ9õ:G¾õG×8'H×Ô'IØp'XØ˜YØœ\Ø¬']ÙH'^ÛâbÜcdÝ2eÝ7fÝ:lÝ<tÝT'uÝð'vÞŒwß'xßœ'“à8Cpki-base-java10.5.913.el7_6Certificate System - Java FrameworkThe PKI Framework contains the common and client libraries and utilities written in Java. This package is a part of the PKI Core used by the Certificate System. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\Š.óx86-02.bsys.centos.orgŸÎCentOSGPLv2CentOS BuildSystem System Environment/Basehttp://pki.fedoraproject.org/linuxnoarch PõÕÖbÌ £”!& #-+,).*)&##"!81;8+70#%Aí¤¤¤Aí¤¤Aí¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ¡ÿ\Š.’\Š.ˆ\Š.‰\Š.\Š.|[!¥T[!¥T\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|\Š.|104e693105a0f33323a500b28140eb73edbddc312c59aff2af732bfcbe4c468394551476c6e1669c47fcfc7410317b2cd505bfe5c3ecefb1e74fecebcf90f871b2df657063377311c021e0fd7006b3ab5ad93e365860dc3ecf68ba0078a90481fdd8d5ef0c8813c633e77997d6dbe23557a5112937962d5ab7b1053de866027b643b71cec56efdc737a20687bb05ccbba40c3481b2c0e100ccf53331e0fba620/usr/share/java/commons-cli.jar/usr/share/java/commons-codec.jar/usr/share/java/commons-httpclient.jar/usr/share/java/commons-io.jar/usr/share/java/commons-lang.jar/usr/share/java/commons-logging.jar/usr/share/java/httpcomponents/httpclient.jar/usr/share/java/httpcomponents/httpcore.jar/usr/share/java/jackson/jackson-core-asl.jar/usr/share/java/jackson/jackson-jaxrs.jar/usr/share/java/jackson/jackson-mapper-asl.jar/usr/share/java/jackson/jackson-mrbean.jar/usr/share/java/jackson/jackson-smile.jar/usr/share/java/jackson/jackson-xc.jar/usr/share/java/jaxb-api.jar/usr/lib/java/jss4.jar/usr/share/java/ldapjdk.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/java/pki/pki-tools.jar/usr/share/java/resteasy-base/resteasy-atom-provider.jar/usr/share/java/resteasy-base/resteasy-client.jar/usr/share/java/resteasy-base/resteasy-jackson-provider.jar/usr/share/java/resteasy-base/resteasy-jaxb-provider.jar/usr/share/java/resteasy-base/jaxrs-api.jar/usr/share/java/resteasy-base/resteasy-jaxrs-jandex.jar/usr/share/java/resteasy-base/resteasy-jaxrs.jar/usr/share/java/servlet.jar/usr/share/java/slf4j/slf4j-api.jar/usr/share/java/slf4j/slf4j-jdk14.jarrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿpki-base-java apache-commons-cliapache-commons-codecapache-commons-ioapache-commons-langapache-commons-loggingjakarta-commons-httpclientjava-1.8.0-openjdk-headlessjavassistjpackage-utilsjssldapjdkpki-baseresteasy-base-atom-providerresteasy-base-clientresteasy-base-jackson-providerresteasy-base-jaxb-providerresteasy-base-jaxrsresteasy-base-jaxrs-apirpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)slf4jxalan-j2xerces-j2xml-commons-apisxml-commons-resolverrpmlib(PayloadIsXz)0:1.7.5-104.4.4-54.19-510.5.9-13.el7_63.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.6-13.0.4-14.6.0-14.0-15.2-14.11.3\f©À\T4À\Rã@\À\U@\½À[Öö@[{þÀ[l,À[`O@[UÃ@[>@[d@[Á@[oÀ[@ZËUÀZ´ì@ZŠ¼@ZÀZxG@Zg#ÀZ.s@Zþ@Z ÚÀZñÀYûÀYè“ÀY¿µ@Y·Ì@YšË@YoIÀYl¦ÀYG¼ÀY>‚@Y5GÀY-^ÀY$$@Y"ÒÀY¯@Y#@Xô®@XØþÀXÇÛ@X½O@X*ÀXR…ÀXOâÀX!¾@X&ÀX2@Wû‚ÀWÒ¤@WÎ¯ÀWÄ#ÀW¼:ÀW±®ÀW¨t@W{¡@Wu ÀWgÚÀWV·@WV·@WV·@WV·@WV·@WV·@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com) !"#$%&'10.5.9-13.el7_6pkipki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarjavaCACertClientExample.javaCAClientExample.javalibcommons-cli.jarcommons-codec.jarcommons-httpclient.jarcommons-io.jarcommons-lang.jarcommons-logging.jarhttpclient.jarhttpcore.jarjackson-core-asl.jarjackson-jaxrs.jarjackson-mapper-asl.jarjackson-mrbean.jarjackson-smile.jarjackson-xc.jarjaxb-api.jarjss4.jarldapjdk.jarpki-certsrv.jarpki-cmsutil.jarpki-nsutil.jarpki-tools.jarresteasy-atom-provider.jarresteasy-client.jarresteasy-jackson-provider.jarresteasy-jaxb-provider.jarresteasy-jaxrs-api.jarresteasy-jaxrs-jandex.jarresteasy-jaxrs.jarservlet.jarslf4j-api.jarslf4j-jdk14.jar/usr/share/java//usr/share/java/pki//usr/share/pki/examples//usr/share/pki/examples/java//usr/share/pki//usr/share/pki/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnudirectoryASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)C source, ASCII text?ÿÿüý7zXZ áû¡!#¸‡,àú¯ïþ]"ÌkÀ%w#–z×ØûIRG¦6"i°l'u ¶jo“’•g†sl+knÒ‰Ìð5ûn˜›Ùç’„÷p2KŸV,¬Ãñe‹®vwLÒ‹CóêŒ0u×ìàþÅ)<Ã>‰SC™kŒë±/íUg…Ašbt¨ûôd•6Õíñsás ¡8TÞ6šãi¥æSþ_ßó½”¨%cnÌ×€ÚÛ¿|Cš_?¬iRl0íI®‘!>%”mYQþñv§(àú…oGÞåŸ‹ú-ò–EÚ¦Žá=øž;Q6hFâ˜v¹Nî-kE ô÷ï {Ò•O<Á¢…³dïèœ)àF‘¿ù„mïßÿ†ñ¯ªù¬ÈKŽ}&±à=b\¡+iY1iQ™fJu“BCXZPí„WHtÇpªõk–¸'pwðñ(¿<‘»1˜ã¯æâë5…SØ¢Dvßî.Û‰âÓ‡çDC]z0€ÔÆ¬AŒ²××ŠT7–.òÖÈö’ÐëLöäüKs²‰¤¬¥A‘Ýn’ŸdGMýo¥™oÖZmÂÖÅæSY¾hëŒòöT.qïjEt»µùy0)mð’‹t l&BòoþB¼¤ ê £=‘Û‹åP_ OêA8Ø‚Ÿ4¢ßllm˜fõ«bö_ mrœ–ËÄ;~ãdfcBÄ¿«Ó7Úóîƒð¤¦4”·¸Gh::#>ËøãzlG¨÷Zðæz¡mx‹eÐçÿÒsû›+±{¾w‘hùgZ¢ãÍ+„ºy Ð^büeVÛHò±*÷/c R¹¨˜i@~«ÕÅ¿ýôå¨Ã‰.Û«2«ã–˜Ý{×[îÓ¹Ô”¡Æ~)Öè;-±ç™q1qÝ„‘°Éƒ‘”ã6×†å¦dª£~ŸlŠ™cc9™cp«½x¡‹a¦ õÁ°CÉIIyÜ;ÄûçvÅçà¬—(GáÁ9,s(àŠÿ?™38£øƒ8{Ç'O< ñýGGiMc’cŠCÎ«aÚä6y¨_Òl‹O;swY^ÁëùYdœ2»&»OŒ…bæ8¤f@2gªÂQx4Çd8_D®}¢jÁð2²||aŽ Wþ_¦É·u7Kmr:êäE1÷]BøÕ*Œ°¬üdoÑkŠ¡tÈÛ?›iWA&ÙØÆqõ™ËSS€ÁF×§æ¦k]Fh—ÝaÏ ÎËUìäó†ÊtB4./uüÃÉ±ÓT›çûq=µí!FWxü.‰Fýâ†/è£¥ðH¦•ò?@ñö2æïJR&ox™Î"/~Ì¹p¬ZéÂ!4 ;ñ¤¥Áp@26äž'RèXŸWÁÌ°q-4I¶F‚ ûy%Œ+%ÝýWwõ'€pÛ’6¼¦ióH¬uq9±‹9Âçp(ß.suþ¤ÕÄ [vx²½iôjg%4ŸüÚ´[èó¹™‰C@ÅX¢-äƒ‰ÔÄÜH+X×ˆÎâ‚ihäçïñ3Š1ZåÌ8† Âë×!¯ß>D°“Nä7²ž´EôL•õŽqÜÛ÷»´D"Ø§zßy)¾òvUÍ’kNsoD]-wUCÑXá³`€å{¤ñ^¸¸_ƒt½*m:¿)öôü£%ÿ–Ø&šv¥8ísï9®Ñ–tðU$j$ˆ¿O.ðÿUâlla¢LGéñê=*J=…¹§°gñÔá—´žWæòyƒd×@kÞ §þqº±û}§;ê¦c±âO’)!Çl½ørÃ>¸[VÆÛHý+kîà)ÝQ@ÔCÏ@^äŽR[ŠM'0Ât8wÈÄ˜iØ·fuÐ8V¶|nwÚÛ*³'‚ž˜¹,dL¡ž·µÜHwƒ°vüZGHê6Å/s[ôvvñÿi¨f•çýc¢¥Ñû“—‹^Ïè&äå<ä92eHú.CùÁÖú†‹Ëy~/L&ÔÙéé&³‚qÑZh†Õƒø‹äRù/;VRÈŸ”áê¯nÛÞ:XuˆÈÑXßÁ ×çË}P†Ó›föˆ_B@‡RÛÿ^¤&…N"? dB„'ì¿œì…Ì»|£gBK3„—½#Uåô÷„Tk9aäê‚ ×L’Ä`* ÑK^|àþÓµÌ~JW©@(¾$‹…Hò$½* ð¡¡8€ŸÒ÷Î¼ “ŠfÜM„kº;ƒ“×(qûùÑlìÀ×aé¬·v Ö›ÉˆšÍRžÇïBæN_[p 1 Ð¿+ûÉ3ø€Y—ñý%˜¾¤‰I«ª+hZqD«’K°µj*’vÄã¬+ ìtah& Ç†M9â(ú›¾ž¬øa½¢cô zB‰ºn“iT!\c¬šÎ°•Sz+i;SP:“×|n¦tepnåøåuØÿ~å¾óõ6ê"Æ’+‰N¨6Øø–F¥: _¾0ßàˆó‘šÓos{³;ã—–ªËv•Pùº¹[so ¥§cµ·B‰Â§ÃFôÊAÄÍ:Ä.HÆLYiÊ-wW;^”Óð1¤Ê"|"{‘ÛRž©}ÝBžcˆñ ±žÌ5ŽOÉ Mæ«GùCò˜W-—‚‚ƒtý‘Ckÿdñ@ô-äit@1µZÞ àqI%çèeŠ“¤±î6’·Én /qØ“K×UÃfð<]fãy<|KXqQ•5»Zny{,”š†$“ž¦¡ÏŠe.mºøå{b×&š›î¸Ü.²ƒMàö r –XCøŠ¶ü|qX¤mÇ¯J)cù³‘k±Í8ßçÃ kQ\N;Ó!ødâ8i^ñn\öEs—ì3¸d±L7°«Æ¹&:Fi(d©F°¿ÿšÝ)ÒÚ¬›ÇC†.ã®Õâ#ï`L½E9×“Æ§^ªü‡ÈJé 2êXäÏ?mÔeKÏ»:pƒÈÁœ\í×;ðBþ~ûIæÂzJÒùX¹¼ú™Š2'q¬ú®‰!Ä#öóRÒPºëõ!w¶DyXÁ"ùô»ö;`Ó‰€C‘ûa)Q\²Ê{jÇáßH’t%fyR3PªK(Ç1ÊÏZ@Á …VTÙB9iM"s”Õ;\€U"DØe`±õ‚Ø)óÄ•ä¢»Ííws9Ìrèy XO6/v·Œ†U0ùT‹“Ã—{QŸx@S†Û¦ˆŠvvY¸§&`ÇåEÿ5?.™!6—8ÿonö€çg?\g©sœ-ÌÝhÞ[üËÛÛ— ã'á‹Ÿu‘Y³Ê»\6œˆH,~ó7ýM3Ë¹‚ŽY!(ãd64rŸ¹]è1ûX“¨ëôtÔV¶Œ’¦O÷·ü•œHY5Þ*#¾æE™®ÒØ›â™‹õW¶=(“+TrÜc È›ú›H§¹_¯Nó„š×Z†M©èˆŽ–aLZ¨ëûys&¯0d ¨)èVÛ!€bEÑ¥ÕþÏ{= ©>X%PÒ#k‚SáðÕ4Ÿƒ£Ž)³Ç®„O†‰éËNe*\}¢§áå†,à ÆÛ™…¸d±½¯§y6cTôÑ:Œ@ŸZ¹ú^UÉaèŽŒ“ffü÷•òò»ìxÇKSÍfR*jÝy2º³ô‹ªô¥8%â¾dæu\È#pw¨Ô<©¼PŽXUV+ë8“±±¨ýµô8Õ‹À•Ìä7k&JA †#›f»iÞÃ‘ FÜpWˆ¹ ›8båobÔŒš|Äá˜Ã)]¥MƒRê»¸A³ÖQM™Í‡•óéÖÌ¶Š/¥™F÷œevU¡*f–»kÔKƒ‹ëÎ”dSßuŸ”ù€‹k¹õÄƒœëÃf«v²ó73;‘ ìCÆ‚Çsw ÌeFç8›ƒ'Ì®/\µ¤PxFÃèÞÍ G9Ç.;Ø¸A/tñ=Ûdpº M ñXà!˜V´T”ìxé*’,Âã8KX— jä‰Œ³UÕ³½Ön—W‡³UË fÍyB=kÔh?«\rP£V-¿½3 Vl£õ½¿Íle¿aæ™<¨ª €2R‡‡€™uµ,g—ŠÕ½RÉg€}g€SP³Uid§XüÙ^p‰õUþÔ²²¯ýƒßÆh}³?‰q%ËûësÑÁ]C^Oa„YbÿCLãðZ×ëž€³‚tßÏ /êˆÙÞnþ<•eˆ)‡4Ò^yÚ!z^ÐüPÚ Êà}¼`‚'FŠÓíIK€;ÃÓÞ<(A]Ûò2¤-ãN„u±åBàf|yWôØ±Œ#ÃßønPSƒÅ½Š1LE6ß\^¦þó~ þnGèàP^M‘œ^šÙzÞ¢j%ëüþ²9«‚;&&¡ÊÇ>¥‘TRèy;ë5›÷±ª4äY³jh‚2)A¶£ª/4‚$oqLƒG‚9¤œ)ïN[M¬1 {’Ø¶U¡åã‰È²ªéb@(ôÐmDXéÀO%¬_<…èJ¼r²U!Ð„½ö8C0<ÒÏÕž§Õ(ÈÐÞŠê›°tè'!ƒ>MzxÑu‰‘E©h^R±û¨Y6G½w?œ6èÖl¢DÀÑôœ/U"Þ×½Ñu{¶éUN1—GNð âCÕìÌ1OŽè/¤j>TëÑIëYÞri6'‡õBró“×Ÿöh”‚Â½‰Š|ÿˆ^x9¶™|¶ä+oÁ4b Ô”¿ýŠTUÎ$8‘™ìý ³BïäÁîR"âÇËø7â‡°©óð7R®äw">2´<…Ðé¥Ï““i3RˆÊhNïâ¿2ùÛ3¾ÞÚ´LïÚ†\š[dÐª;ú5]ÞR?? »Û›_1+%ø™*‚…×Ÿ#±ÜZ¼ŒÄ8—?x|Í=¿Z˜+ê+Ì,üá@Nå"@ŸÁéåæ5þå{Œ¦ý‰Ü*.Ïô«4VÓ÷ÿ Út™í$*ûÁmm0¥q¬ºêŸî+VÇ´§«ƒOþóÿzãO¢€ÐWƒ¹F‘mçƒŽc,J –â/Çíü±È9µážÚÏƒÀg§,mO ‹â2XÁHdPšrêpbAà¥óéIE½ ¤:Fÿ²X³E‰ìô¦æ<ÑxVŸ(-VÅÏF’Ê…¼Ê`OÂÁwÎ2\é›â,Æ-ÐªÔ›½pzŽÛ±ÙÍ†Ê˜‚Q4<>ìñÁC{Rc8×¥d…·±ë7(rqŒáóV´9Ý•¥cübgî)3Yq&ÈhõRÀZ±œÌ±÷ª™0o ‹»yŠµ:34†x°– «Ó°=ÏŒ?DKÊÐÊÊñø”j£B„Õ;.ÕŽÏH™ŸYYI“;óM»Ó„lÛ“B½˜"k¹Æü„]üÕí¡Á5 †|Ã3‡sLœw‡°Ù7Ÿìkü®RRÑe ¶«îJ{TEt–ö>QaÔÁøJë¦n?áD*´úÂ XHc¾gÛr#«¬µ9Ùt*KýØÍ÷t4³°n~ípè.H¦wÅÿ².rêÜ‘4V—È“v¯+ùWÙ%<³~¦À(ÝýËS¢Fø^ÔYhòê|GCd¤æùsè^l©$mnl;•ë;íÁÿºo^¿}Á•´ë£ n²umóŸûDý<Ù™¿Šµ“Û‡”h¸=S-ˆáÌØ¶®e¥w_1QÀb!X}¸·7„Æ0pþ]ÓTGMNFo¯}ÚëµeÈ½•KÆ²Ì\,}üâOoÑÈ¹Å_cûµMÀvžJ[›×,kgwµt»l^õ PR×_•õø‰wÄÎMŠyß‘éNY[†ÍLu!ßP–Cu¦ø§Þ-©Çl?‚“qNås©Ú‡LÅõj¡œ\\€É/aÐAÓ¨jö‹Ò)*<ñ¹’¬zï¹h«•#œéîÀÛ}žívm‹YhÝwŽ07+@ ‘R¹4‡½–°W„ªaNÙ?.«‚ŸìÉÈ Ìz$¼¬ßpÈRá©ÿ5¤¸×þaˆÛ¿|ô¼žvÝIx ÷,¬ûº%³Š8kÐ|‰/†¡rgy±‚§æ‰î•ƒ4G1tµœxÐ!/½ŒÎ>,’ ¸r9¶@e¨ªDš2jã©7žAÑaj¢8o«hÄƒ>Nó±Â^ÃoV½ÙðL6nƒÐYhín€¥«<Š¥†´-w‰‹„à“} ì¤o(%.¡..›j¿äWÚ dæÂOåB!œÒŸS‚±ã%ð!}èPîö†¤¶—¹ ýÙJ.Ü—óÅˆ•]ý)k‚mqŒ,k(©—«Ð¿@Ð,UØÀÙSýØ‘·ÕÃæóÅôÔ¡ã‚:O¤"$¿à“þŒÂ*™ruWœ´:oà1£ägÅT^’·ÛÍU¬ŸB’5œ:>”GVv@X³5S}“è‹ÈÚ)jsÎX@I[9H…àûvS³r¸æêéŒ#yp± 0(8ù¶àÇ/¡.É²f<âeL¿–Ì›ëvàC¡ÞLNªÚWóWMñîó±Vä7í½ÿê¤–ƒeÑëEWO¹„jëXù;¤úŽÖø8Ã²!»Å’I];!Õy!±Â8ãjõž›ÆM¶—]8Ñ4ô?BåãO2UŽRt´/–Ž™~#¥÷,U–²Æít.;õhLÞÑ*úð®HnƒÔcÜEùúôðÖS±×j§†%²Ïý•'qá;îmCçËïSÅq-à/wUkgr•Þ,q1 ›UPƒ¨P3?¬1<2Oèdú™ðAï8¼ÉÕŠÏ¹Î| ¡Œý’€b²MçÚP»Tµ†ôM[LÓÝdá˜ 578b ô{‹QŒ¥ÑÒzß ÷y»`µçìÄØÔ(ñlÅ¾±z?i®ÌPR#Uy¶.Hj±pñVÄqó¤zÃbC&QÓß¨Gˆz9>}ÀOCˆ™/¯û÷9¥->!$³Döƒ0iöÂëbï”—pô)…ñlî]‘ Q×&å—H&xâ½/Ì7«¼ÍËEZ¢Þ‰ÈþnzÏ¤Þ€ÌéWãŠ4ž%n:n‹–,¥Í1”66NÍWi×9)’,œ”;£ •¿°þWEj‚‡ Ž)" g¢"0"b2s6ˆ¡°¯¾ƒÄ»ß¨4¾¥Ü¡eçMücîóÙ’v,>§’õÜÛÔÁj¨lmsn(]þñH.kh‘ q`¼gÍEÁé(S˜ÚÓ5jfïiP^I)Á9Ëë2tØ÷ù–Ë‰½9’!l¢€ùË¥Œ¿r&Džü¤uýÈ —Wj¯(/S@iŠ {–ýc6Ö^.9’£qz3¿iõCn dH'éX¶bÎÂœ×I÷%[3ˆT]VåãÒÇá h"Ä×‚×-0+"04·l´)£é¢ÀÜtm¨mŠEn$îzðÓ¼ð U@´ø¤BPNxö`ŸgÜé1®‰zI.Õ$îP+^WÏÇÄ{IIh-Çs—¤À5ì“‡xFZ<åZÁ<ý4üY+ËIùö8,wœë7ÎÔÉWãN];_1º] 'ÔÒV ÞµËO=g#ét½ŒËV^Ø"mXzE¶±íÙHN¾¤r,GœÝ-¯sµ³Ý&Š£&ôx‡U˜¹E\ ÎRy‡Úˆ|/ l³GÀqß4 0V¸÷í9ÀI,zšåÉ3 0Rm8£ç€Vr‰4êyÊ)¾ý÷/ÕGÀº_ F¢m²¾Ð,þûšO4Ìû ž‘l¦sð*þûb}[ÜñX˜Àz¿4z|khïÌÑgTcbz¤xnþÔ8’4f ê b<¬õ²½YPbQü¥IuÛÎ?>“ ö…/‰v³3 &ƒŠÎõòpZ"¢íÓj%šO9;a_þÏû—‰UK½Â5 µî`ÃkèPÃ•RŒK…Î³LjŸ¡„e‘+$4¢sÜETp*ñagöAŸ‘Ìþ&µuË]tª:hV¦xpðÌWä”©v©ÿ¹ß<¹ËÏ¾…X«¦X«ãq%ø½‚;Ò§QÍˆYAmì¼\Ô=hÜrºHÆy™,È¼¤qþý¥¢TzÄeOn˜%ªÞÞtý–‘wz-’o98râ@sø[NUköœÐk æ“ŽnRq9íÎm€+Löð§HäD€ˆ|mj¶äñLîxÙ¢úMÕxúú àø@iÎì@œT±Ð¦¬ÞÊm–kÝnbsÝt@ó¤DÂ(ZÑ£þU–áèã$Qr´f¼@+×Íên^Ä4Þ§”E!j¢Å$QÎHÞy½OUT¼GÇ‰é{Üif¯Ó"ÂËàüîÈóZ¹µòÊûÜ’mªÚ (•%œÙæí˜D”l…;™srÿ–Œ6ì÷ß˜(ÑžDÂÍ?™y²±•yûÇq¤ÔË*_¶hu"£²$’ 8üþåYØ6‰’ãf˜Y@ *‰¡Èt>Ù¶Ùôá„z ´Y±:ôýÅzc‹¤ªñ2½©Ï´»`ß;:}_S¯¾þÙkw«N†²«àg‘¨îHÍÒQG.ÜÒ€¼D_*&»,êø+pöbi ŠˆO¼°:Œ¯ÿD0Åvø©í"b2Ë~‘”£„6›4ÚRó5àR}=FËñä¤\ ®QžŠ%7¡m¡/g:ë@&Á“µNU†GžnŸNF•%·Òæ«¼@Ò™¹äÈ¯«gšŸþÇ‘b™Ïm,íA 8KFEä“Ç ’ÁÃKÐPÑ€µÌT0r¡¸³gŽÉ—Ë¥$~5þBF)Î@\s"BÚu÷¡Ð:HöÚHúÒ‡’k@h‡Z²ÓÂåd»*@îÄ1c*XñKU0µ:Êžzá%s©èXqÝ¿¡o¥üu‰æ«É¥²ž¹´]¬5/¡í¥ÑµKs©³~${p†Ñ1öjª•_´ÑV¸©£DÀ~ú»ÞýãçÎ¨0Î8œ˜)0j¦]=í0\Æ—<)et˜¹•uwèL‚rá‹Ññ¨‘ÐkÃYäÄ4¦ÇUÕy™Æ‚Eð ÂÇ«½j»þÄÁFvLíK»’z'ÏNÜ|6FØ8¡gAfzGÂƒF·’Ja¡0´Êî”Ž ›„<á“6'Gôº$æˆíÄË¯è°ªÅO£UL—£º"(5úuÞÃjòÚ°}P¸‚&enå|}×÷U`¾bƒ^ÿ9‹½¤ø²YôŒßJÊ=«ÙRÎ³ÂãpRVÕ† ´KägÏÍšaU&o¹6ÏHHW¤„k_¢,ŸÜÐª;>É•ŽÇDM²«85ªsÍog68X±FÅÊÊ˜Š5ûÔ™Àó˜Œý>R'«¨±NJ®òõ;':š3×™ÃZH,×¬8¨¯aÑx$A/QÖ, 0ÉíºôÎ~¦Ã]ãZ“Ù‘BÑ”µpIù†ö3k:m¦ R\°b/nèw,`s)ÐÙX_ú&ÔÇÒµÜ7MÑ•;H«Î‚§€. énra¾¡%¿5m¢ÿ9´›¦'2]°Rˆ$’«¶nÕÍÛr”ûBl[¢–¦»Q3jù‰†›z(iû“ãÈµÏyH].£ÿ_¥}÷]VJýp”O±’ö&)á‹Öª$ˆæk`DˆÇ•Èù&¤O/ ^]žòöÌï^˜,‚v^4Â$mv`Sˆ)EÕ¬Å:ý+÷B“Hß¸GTÞ¾ðô/%ï_Æ©ÇøkòœÅ%ða|g G=æk¹¸ùµKWW¾BÌbð±nÃŽo½ËÖuj@Á«µ±áAH•x¢Õ˜Áå¥œdG{õOÙ ÷ü;þ‚ùÁF17ujz±n¼·±„¥¶Ú|Pá×¡bé.…Ø[ià¥-ré– 6ŸÿV_®Ò“Tó‰ÃXÎ±Y–#yHPbóèðm¸ÆÊ„~à í +ÜÃ1¿’@ŠÜFƒyºltØÏW²;2vçïuj{é)³Æg`³Ç|Ð7† ªW¿XÔ2/t4\µÁŽ—ºfÚÇ`O÷ 5ð“ßÉvÅ÷6:c‘ŸVêè¶(NTAøïl‰rÂºý¡øX\t¶ ¼‹ýÿ; oˆ‰«½Ô³¤ Ðñ_~òDáèq¢IÚƒÉW{-&=:ï¬ò4ªŽE|%…C”9… !ƒÿF˜íZ<6š(N¶Q7ÐcMÁb±¯Í€ÔeŠÓ–Ïojq”š6SN±AðGhéân$íîÁ4÷h]Ú%zkâWmý¥¶äÜTÁmØ ;-À3_¤%ˆ©7/·l•Nk¯&IÕ¦Î"·ÛzÊ\.ßÈ…K¢§sç Lw&„ïnQ ¡BoÊkBæ9 ßMpÛw¶-ò!{–¡:Ãøaw;4`•R=u‚êJ§èY!û©ŽºLÊý1"*¦Ì/P^%Ì_hKk}>_§ßåÃqÉ™D±>µ˜o-îz¢4ár2yè_eC½1y\ÎÖHÍ¥NB NŽtRÈ=¼’Î(^k*§ôÕH|S#xŠH€lh(ÔÜ …Ý KÂé0¿=›€f~Ò»R»&/£)Mì2ÉÔÜMû9‡ŽÔ÷B¬®nD8±½{V÷)ÁøØ0|fd’½Eñ§Í©ÿRÙÌ“³æo}§ÈX/mª\VOMÓ“Ù RÙ¹*:\ÿõ…;–c¶p’` 8!ÌeÂiï`„PN¨Ñßx¦È|éŽlIBR´¹N–òÁFÞÖC¡çÆå+;¼äøù},³‹SšþÇŸ±!×ºVÕÊ{u”-bƒó'ó¥]ÓJ€d2Å^ÿñ½†Ü]èc·W¾“™6‹>sÕ—DøëWUQGÖ,\ðHR¡PFr‚ôœg³-úWtÐÞ·Xù¦¸jŽ¹+PÕÃÕªýýx=¾#á@æÜ"à×kn¦ÐË(Áò¦4oã;¤U´#Ý½D'ÄÁŽždwbœÝW íCˆüq¤³ ÝZêê±(úcêv˜on×ÆB JˆoöÀ0„ë³Ø6®Žär@Y®WVŠŽˆXÍSúŒÖ˜æH‰Ê%Ð{¼ Ú²¤œljì²öýG?ÌÒËz‰œ†¢Ï› ÐV3îà%©ÐÆq¬ãW+ö}¶$*÷²äÍ©âáô@¢ \-ÑFI/Ê¡‚:pž%bS-bŸËVµÎ• #BçÑ&"ià&lÈýÁ¾•Fß¦0¸CYÃ—ÀrMOjŸµ7šKŸd"½ù°¢í=|!aÀÃ ·±Ð!dí0kÁÓ2yÆµHc g”œ]YDtIá¾iW×OPCF-Zü7Hèa ÒÆË;Æu5ómw{à–oB6¦ØOþã7OC«~"ÚîJe±å"î]œê&xüàY/€h®,\O^îo¼¨X1ÿd”Ý½2€ã{âSM9Ü>ßšRð÷¯&BÐÍÆã}¿&"dy¦¿V¦ÕºKSqíadèQ‡œ‘‘`©óŠ¾¢…7Kn…™Ùn,ˆ¤I>=ÐGÒüÍsY0w‚¼LõJÏÀæšœý¸â,„”y¡6÷Ð^KCpü%7ª”&³‹í9° Ÿ¹¢kiiŸË6§P=Ò|®ÙúÏuÍhÉ›-äÀ= †‘Ùjƒ¥_Ê|qSM 6æ¢{•lõTœÝÕy¤|D¿ÌX~o$ØßÑl <ÜÝ+£!€ê³mþAü¿%±ëj€"{HäŽT‚“ã†3LVWËd³£G¯åµÅúîIÃP¤©Ó¸CEIA¸2ÊT$™Ð[jqœ˜t6lHå^ciÛqû)¦ LA ïÂÞf›Jõù¯ÀLÿ—ý´»¤4CÉ_ßçüömD0«nèÝyâžÛ´qPÙê—÷š¸/i†0w· †“æ,ƒÛžÁ¼í·Xø®8àWz LÞRj2ÕÍÈÞ!aÕ§š9Ld-éñp ãz~Ø‘åµ}¡¥)eš>"§^Ë´å{Î…¤TYdÕcmbSïi®!Ø÷ÕJ–Œ|!aµ]W£9…¾¼ä|cá%;¼gç{÷ÜÁXìœD®ÂÇù&ä|ÂÇ##¹aNdÌZA4šå˜c3Õ3\(j›uÂR,Š!djƒìëÌ}0ª_]@MiÁÁ“yÁ—Ü?¿ªÝ¸ßWtoN»¦{³§<$: tÒˆë¿' ULÏ_Ì&‡J¨_6›ï…\/ÓµÀc±üWerd¡°§Ô•±/&SÖúdÊÙx)û5×b$ÇŒcú‘úüI£"š¤M&ä—§WèšbQžõJë8öjÁÚøz›+jŠû MH/?.ÿªÒU3hì¬ö„wUåFW/sœUàº¥U*,ñê†“Ó÷Ÿy©ªKHü•wô6{t°jÿÁí›¹ZLé§±ü§æä²Š8ñÀ¿l0M€3àa"Åc’Í—Ê*f›aJ¾ bºr`Ê²BqÎ Ä¬}´PÓØ‹‰},'Ÿ”FN›Ü½Ó)(CbD¥î*ÂyÎb ™Ö67ÿÝÍ>²íF"nô8É_ù´ßié ?$ÿàË¯Ñªôè,«¦ Þ3ŽO· –Ä_÷2dÊwœg…Î³pä5`ÉæÊ©\(Qu^Æq@Xô¤lW5öûƒGŠÒÏ Kµ¡ —×ùö¤D4v|0Í6i*8óeSâÈ™d†(Ÿ.yˆ,¿1ðŒ¸—òâGò#DºÑ â 'à± èzŒõòú?Ù6 }Õb/o‚gµ#p yÔÈ–‚=ðVG¸ðí}gÄg-dwÔ#2ü†H¾Ç:fÕzßÛëL~®šñœæJŠZ>’Rô&«·íÕk{#§ n‡"í®E.† •ü¥tÞq¹G_¥2°f\‚OVIÇÂA@2Óãfs9/,--ð‘ôÆµ¼²YõúyÚiÁ¦ufMøÔ+;ïób‚6×Ðbhª‹Ñ¡³¶6aôi)=Á²ˆ÷2²Ô›>³DZ^5J¯™ÍÎâ–§¹$Ôr¢ê«‘í0£7æPhO¨æá™wïR?âeß>ð{þ˜ÝÎôhlaÂ÷8Ô§hXàåº·ÑÎB-ñ®Ø2Õ¼mhcIŒLÅä>e=;‡ AÉÒ^ÏUÖf¿õˆç0A^ÖK#å¤ñ@wÑC»VðßjÁÒEÉÕ©ÙÑïÄMŸdÝìW`(Á·ðù³cAtÆå"Å~n%Ã?$8uóˆÜÖ-ßù1‹KQ|8pÆîÑ~Ë$ßÄ4$yÅ>T‚Îžúê„67†õÜà§ÇÕbÉÃ·l§ØJÉ¡q¶ŠÆ‘¢bm@žŠäYuyP6Íiáãª}0èmT§ØÅ±X‘´‰ýÜ î¶-U’x£z‡†ÍX @¢‘£+q4£3F%c¦¤’s®ÌS®=Æê„¨ë†)ï9¢¤Dx¸<½¼d0ã˜«UÑ»ó\[sJ ®B)µw€o~¼qÚÕUÄI6»õ+k˜^§éÖx»ƒ‚teéXÁòÄè!|Ä´±5ã3lÇ^îúDe"YÜ ªYÖÒOék«#6HNœÒU²kƒ&ŽnàÅW©In3ì%FV8!|¤ûÚÍ?=±5–êmgÍø?6ÖX[ÈpïÞË(áò†º®Æ%Í{a-I#—€Œ¾'=ÝÅ ›5%viÐ‘(§ž2‘´×ä©…ºq¤A@§µOòºˆn$ÃQ/H»@Ff\?=—¶j¡!†c]©–ÿP¥¢D“2ÅÊu¾+ò‚öæ~˜ rÝÌæûz(Q£øè½T¡\r]”—™ Au +X3öJ>îz_Zoû}ÏÓ(ª.ÞG¨þ!±æèÓÌ#ÓðÖÒ«”·z·½©`Me8ŠFJÄ÷ßõâ˜ß{¥\ø+Ÿ]ÎyðÝ42¾þmY±À×oR‹$ÏÆ)Ó\¾ÝNêœz¨I )‰<¬/]þùâÜÛ3•“ÿîI±kÔ™5»˜K‡Uˆ‡a8ùöW=ïóÝ^[1Õ¾zE‡î\aw¾KnrH¾ÖZxÖGž#ìë²u9õiÍ0…UÈ”Š$'¼ú"?ä¹š©JÚÿ{†ø_––¥Z‚¹'¬êÝ™JB§^““:K_ý)²q{ßõ”^uÌ_G¬5ïGºôC”¨qKM¯º¾ÃÈ„É\ýH ¦–³OoÕW‰Æ-ñl>)l(o@0³8®¥ =wê’ÞÔè$ÐjâK [,¯)ÁèžÃ™Oü› ü` Oÿþ=ûÐñÉF–©xwV£}³€èÕÅ%ö9|e°ß‚6b‡ïÌmÜ«K!³;?Ú6ª .¿ „S°n|ÚTdºBáBE5à'.©ÇÜžè£Ä¬vµÙ6‰\TM`5Gã”†¥Ÿd‘wíþÑƒ\p0Ù¯ÌŒõT"ç)žVY¥#HÓkÒXãÎ#‘À+‡B¤’‘`NÑÆ%"æKÂÐÏ¥#ãE†ÿd÷÷+R8…ËúŠyRpé¹gìò» ÂºFÃŒôàV¶iUo¸Õº#×MF™ápW>Œ_À?§ë¾Û³(Ù_™3öU|ºdÆš–;òdæ5NÆHRÁ”s£öƒ¸Ì‘S˜-"Irš=iJ@ô9#ð«j®ÝÚðïÕË…@o±Õ×ñ(‘#G0=$ˆ$µ{ÐŽí¤ÚŸ¹_@:à6 eèábÌß/–9B{›TH= ÜÛ¥¾³5KÎ$?ECC¼‘ä…žßê^Y˜•ÿïu„R¤ØþÇ$DMÚ±þä¯÷³(ø`r*kT’Ó‚ˆe(¥© Ó‘y×cPæ·ƒp—÷žoýí:ÏMði<|Î ƒT7ZdÇ®%~æyBBÈ Œdã±=+Dç%`š2À÷ñØg˜è?Œºhl¸G¦VE‰-üÞž¡*±îè.‚:&‘-Z6wøã_EZ^ÃãÒg=´Ñ•_‰x¹‘˜³FHÌ+Þù–g.«e©>ª¶ùÅ„ä§üæ[bÈBª[û—;.‡^âÙQÂõÙ¾˜ˆ›¡GŽÊ„ý5¬ 5¥C—A·½‚™ÒKî±¿·?:hq¥K=]~™ÿhÑ½Õ=VÑž±Ö3‰.>©|XMG,yÞ?Q‚L¶¼z•ÉÍxdÐ‡È\)d¢š5ÈÈV4âð æÙG¹ Ç ˜óÆ†É?TÙí 3„K›¼¼ÄoFßq•fÁæ7%EºÿÂºªðZD1ï€xìoBIÿÑÊÏºU‡œûT—T‹&+dîE¥Þš®TŠå³ïpÑ¨L¶–HGï‡ä§.cå¿M6~¤0ÕèE5¥&…©~ÍP9:‘˜²Ù¬¿GEÒ°ò…Î @Uu•"‘þ±¡ò€WÓdÙc „;!Õ+<>¸‹õ›ª [ã$B¸ÚWR+ÙLˆÔòîÛ/Bd£æwwK[ IÀ«“Þ ,A;æÌµˆççà>mô÷Œß<ÎÚ•†Ö]ž’Oõ¤<å¦—ýsÓ2y w93PÒµÁa Ž®ôÆÀ……‹D¿h=ÀYïÐžâað(@C¿ã×Þ(3ZžÊÞƒTó®Úk Ç–º02p½ˆ“8ã6åi_•ñ½S+ñƒ¡ðh…¤¾÷Ÿ¦à[‰´€ÎÙøØçèvRÓ:%„ ª]¥"ËôOm$ÿ»Ø` Ž&ÏJ†`QËû5F¹¼Î¯+ÑÀç2·`Ê–:žÉµÑ÷ ŠAAj¹Õ:P¤S4Ãs–¥ÊTïƒÂrgÅ´åm!öY>uöf!ÚÔóŒ¾\Rblª8¤˜Åg÷? .}S¿ípÊ‹(ÔÁå/,’ÒÆôŽ¨Y´€T‰¯ÑM*çCØøoŽ) "±b57Ê×ŠÍøQ¬-Õ ÀôuAró˜ÂdÿÆÒðÎƒ¡€ôÇfLXøÔâ2'¨w®p:nFçHáÉ¬æ(‡)»‘‰É·••Y7]sS2½ –|!ìÃ¿ö³yOÓVµPöÎài9TÈ˜¦gìºÖÚ:wŒ`:æ|ÿÝa&ñî¡Ü>×»X´Íå+ë²°o‘\€Íp‡.µÎì{òú¯%o²ïºù( ˜þ‘'¿w…7‰¦—£M)øúI§= e`Ð[jÕr7{…æŽ8æG— ˜"˜>ÿ:ªßUFùhqžt…løÅáæð@¸KµŒ«ðEõ†ŒFÅ·Ï˜qÐÎQñ5ä†ŸU~ R Üõ½0¦Wð_«r\"ÎÜküÙ™ÊÎ$/xYØô¹'åÏ¥æ/Óg˜[AŠ¸g«ÜFŠüìSvd™äƒÎycÍE2eè ÷k²é7Mö”w 5ÃrˆÖ€â½þ:SïÍà-7}!|ËM“ÈãŽÖk‡U½ð¨S¿ï³ÈÐsÕ!¿9 ´p 7~=³üŽÎÒ1‡8¤yWÄÜÛÊ\ë"KßØí¿c¡²Õ½ÿ$ ]këE®ðÊ ïpÝ¿`¼ Ç…¿¡N¯¦Ñk¼¼‹%,¡Oæg,ô»[ƒ\vîLT‰]u‹ŒHÐñï Çª&Ç\÷Ý¢Ðí²Ê¹aìTDŸ¬e†njñŒ:N†b«ÇhÎW…ëoV·kkH,ña“\Rw&—,ÆlY¸1÷ÝwK’CÉ–j+dÖ'gm¹Âß®ýÀÈ0å0º)ˆ NvŽ8&ëñá¶wìû©…“]%o¾UP5\·pKm¾qïP|@™:U»Ô6É7ý°qMfÑä¢„Øþ¬]òÚB :Q$Ë °°ÇRò†<¢8ò¶ æôáÑ®£T açqŒw>D²¦ 0XÃÌ…Ñ&·†U”}JÔvåÆ[à !eLáÍR[X²²š^ – É´Ëä½êÜ†7Åµïü‹~ø°‘`êH«LHëQìú:^U3JYÑÛ|¦xèEÞq¼¼ò€x×fƒ"y5Io™·‡`,–y¿Š·E5+;àY˜¡:PA€¤ze.…å‡¢÷Ëq¶\óeg¼¹ì,ÀýI“¹å»í·&A^·´¤‰OUèQ iŽ(ŸÎvïéÇÓÜë ÒãŠ‡vê*h³ðW¾¬ef#fùŠµ¶ft}÷æ E³E¦´©ýªAè™1^‘ÉêµÀV±Jà¬%£ß¡¾')Þã–ïòûc ×7WõçIÂC;Ò;Ò^‘~ˆtÉz ÎáŽQ_[×T¥]€áï=×9tD‚Ý2é(¾:Ä«gœcpƒ&BAÎÍ í- k¿s“+U\ŽÃ:}«vkmÇe!`‰7~ÿª®3À½W³qéÁ°§6]ŠÚ²mÕ.µ÷è,”ìeL«£k³[½:¡íéB}!_hâRÎl7ú·uKVÑ8h‚?§FH´vlÒäÅˆ,º3I¦â:`‹¼ßKÊÙ T,ù…Q•…u‹R‡IxÓo ›®‘;ÔDT+”Qï>d=¦`G‚ô…”»õç•FÎ!×=“°âªè½œFM»¥È]î7°÷gÖzÙ¼p'”ï·²²`§0>¨N`yªV²}¢¸ÄðR6l•²äøm: Œg¶©¥Ñ©]#nToAK0AÍå‘[×Ø’î²*Þ‚šl¹Lj‰žòZ‡ýFweÛ;$vØ‹ÛxïŠ5ÍŒ@j_õÁí‚Ü)Au@oNûÃTåÜZ´C}ìdyËH…XUãj£®½«ë^Æq®¤‘å«Š1 ìWèúýÐë«Ë#ù¶‰ g³×ÎŒ4¬³qmÊBPÞõÔqI#[h’Ý*©€0!I7hŒkÉ%9nîHŠŠBÏöþYà_ÜK˜0É%ù'‘ÉôÌÛl SfÛ¢F¡B ‰2É”,z[A‰ûFf-Èj— -ôõqr º8‘tóÏŒë:÷ýN¦…ëá;žÝªX¯²vÝaƒIbÈtÏ0‚z£¡&æšÝÞŠÍG´ôfç¼Œ¶Ë|ÜÙÚ ¿EB`”Nš#!:e–^¢Y4æs²‹ÄêÝ-hm¾õL’}üL2´IÅòÙ¥âùÉ˜ÚåY–™'®m·Õî…Ó~¹pdJ}ae38ªÐþ¾+fìQ4ß‚ŠHun—¦ÇGx-+5ÎXº_S2 –½[0\.=…*eÎ·›”’mìÄ"ÆJ?IäÌï6{BÂE£z~O»}ã¦¢sÒ4|ž |iÝ0wÂrÏæÿ¢Üý¢Ü³•U¶ÿ™cnª÷Á™ì;sôÀ?ýŽ nd;u™j&ŠIÄ=o4˜Ýø¯…uS…äçM~¹–¿EþØœd;¼DÛÛR ®Û@V,èÂ¿àK`ÔØ¸/L0vxqJxÂ˜"Q:T½Í'¥O„ó,g|{LM\´½B™´†éµ‚Œ?…¯.ªÒá÷¿·“A…:ñ˜jäŠžÑ8*ÎiyIûq3‘÷ÞNµ¿Áwäž¡¦ÏŒ9=ª‰Àx¤×zÂæq@“°t£ÿ/ïêù}yÙ…"¸ˆî–Ñt™ÑØ/ÝOëy Í¥¡g!; ÅY¬…ÄÂ€‹=ã(ƒùâhèØ¨è/ó.x¯TRlC·“=äùU‰¼f‹ú®1Ñª5Fë:óŠ¼Êq4ßòä¿n’¿œ< I@8‡"š[ŒÏ›†úÎa>ªcCƒÛ*Ó”ŸMÁì*3ìö¦ÆŒó„gïQä Pu+Öí9Ä%éÈSóÿZÐCU“ñ›ŒIîòØ¬} )ïUH€‹ŽÀ‘¶:Ü”®‘îñl«ŸJ]QˆA6æ¢ê õ‹bOÕô coÂË q#´ª9/¶0ô\xž`NDX;“`lGgöˆû=”“Õ%ó§áF-ç-u¿<à…âŠäñKH“²ÿôÄBwó‰ë”g|È„7¸ðmO.L•¢}iÖ¢“¥Ê•°Y®-[O+¢@ô;lža¿Zi3éˆƒà%«õ¯bÈŸI¶jÒ ÖŸNWb¾uÅÞ'ùÙ Ù4ggPžT®·È{„Í^£ÎéHø%m¸üÃá(Y¬¸C# Î~_áUÉŸ>7Ë"g"£ÝÉƒ†H·\!gQî ms%oÞ…žGå°K¤‚½)ºŠð ÈT¤^œ‚ å8úû«¤U2Z´Ô¢aCx£J¶HÈÒ‘Û-™ìŽâüLª¿_EÂ‹~²|þÖÄ+|j…ÈSÀîÔ¸ç$ëNóáöw’ò(vÓùIxx~ÀÜ¸| ”ôÏü)}ˆ†û,–“X"ÚT}ÁƒÐÈgþ9¢Â}a×JÞzE8éÓ':yVûæÒqbíµq’ÕÇtëPƒO÷ÜòÚÛ"³Ëg·M¸ÆQ{P›‡>ÝÍÎN2ö†Ê÷ý2[¢kp)äŒrö>BMñç‹½uÔ0)f$5-¿oÿWhÀÕkÞg'B› ÑºÕÒ¡j³®ßBòÄƒåÜ3aäÁH¢etÞSî|Ï€•,‹{xÎr5²×‹X{Î¨Ä+o´Am*$î‰Xì£ÜG#+¾ã#ñ0PøâÑ¸S½JP±ž7q¸ÎõòÕù Ñ7,œÞàºÆWÍYW¶º4ê¾åþú8[Û¸Ô@\uÅ.…Û½U_ñ¶Ï83É.EÀ–‡i·êO€¬¬]à¯ª½BîT¤96fJ"ÅŠ—žùèƒN²e!†KR×!çYmŒtëÝÁdºOÐD¹k RÚ"KßÅ«¢b‡.U+×É˜–9ãÉðEís|_¦-Ók ÞŽ„(´ CGe‡ú³óòËð„Û2@€<—-/Ájw,š¤øêÍ®€#uy×ƒMÚ¢Ó7õ¾ô'õóÁK£Ž´ŽhÃ+ ¯'å' \§{™1³F,yKúÌI¨ôÚd^ŠµÍñ”Ñq‘©CýcÖÊ[S[ê”¿3¢”›§OìQê;þë2¿Ê½!}FñÇ–@å Æ9Á¢ñU$±_]Q„6Ö¶€¸!Zo×q‡kFeä‡[§¹c“Ô/ƒÔÀ¤µ!úPœ5'žò«ÃS=þc&™Z9˜VYË¥jž§að "xHAeH²óžœ‹Å3Z;¥´^ºFô)z_èlQj'äÀza<óö#I&œÆPº =¾/mì-»;4yßîÜ{“,SIRÓMM»–ÞÝÝv,~f{üù!õBÝÊ¥K^µò9 q1!Ððt[Fã¡h«C(N‚Ò‚ÝLçÖ˜® £{ŽfE‚b€ìU·„´»¿š<çr×¼W¨„yNlmjs>9º[¼–â)øO±Ã4°<Hf%Ð…Or%K ÃûœRê :4 ŒÈÌ|ù l¿+Êm¦Ë¹8#„;Tà¬ÖqX»ÁŽiY#C½ÄØvE¾œKÊG° +þµB±FÒÙ;}èecŽYF™&:A…º:·n#FËÁ.ÜqOv¥Œž‰ óïTXŸa›¯ È0Eêm™Aƒ´ïŸ+à¥4…c¥P˜†¿S²[ÅejíUÖúC& ú!D"LÒcSî•½ŽÛ!`øâqŽdbs¿4ïº–Ý²Õ´¸²ÚNá"ÿŒ³b»wµÙ•ˆv´3'X»J‘×½YAÁÛzè7(Hž…©¦³6¶`/õ;ÊL[#§üÍ`Ž¹„;ÐS÷¨gé ˆäå° êå™ò‡>î¢=mÖûÌˆA{ÏÎ±‰Ze’w1Û¹‡QúœåÎ%þàõÕQÅ`àrK‚Ý´šB¤‡ òMqX:ë!J|4Ï«<˜ÏŽo›Ìò©/š:)Î }Nm%9´èÑ d¡]å¨^}3!`–KŽwuÃš¯eªJ»bŽÊ›95Ó¹òLnyî0•°9ªŸÂ›X-’j!Åä°Iã{ÏŒ5ÎÎÂUFÚÐ¾½v„O3˜@ŽV3YÎ9ž4«ÈôepÇYkjãóÇÎ¯UïÃf;cLÃ„ˆ9kv,ÞgìQgjý°Ÿª šˆy(@œ‚˜o*úƒ¬SãÓ Z~,Çß×:J0Û&Ÿ¨–²›‡¬8ŸãôéÓÒŸ´·útq’rÀ‚[ßýPt'»:N5‹JŽXfšªãLj9´¯6òð„›ùØ2é0C¸‰›¯†#X±®§hVº<Æ®ƒL}ÙoÙ˜¯KµÃ¾¦Š¬ÏÍCLu?ÚÃ@”õ>£ –uustŸœÁ;½Ë“Ø!þðàTÓ›ðvôØåmƒøòp¼Î1’•>"’’¥nUÔh]ÑÎœ³ãuIÂ‹ñùƒpµ<¢Ö^+ˆ-G°¤ƒÆ¿¨dÆå|CÓú‘\ÓæÖÎûšá*ÁôÂ?˜ó!àtkPtÜd6Isy²B HZ½Çc‚i†Îž"ìÚOÎ§ Ío•=²¶uÝç_$oc÷ÕÄnVê”r¸Úîî‚ÃœÝÀ”Nr™Py‰ÿ °ó¸Sâ2Ô‹ñÿ>?À»* C¹)f‹1BsÝ'½ê}ŸÑ‰2„—ëÕ t²²½ÿWŠ¦G5 C (¬Äu“šºUÚ.Øÿ$àïU‰Üý"1Ó²;„2‚¡ˆ¨q4€Ã·õÝyæ÷%ÿyÁÖ£ù¡Ùçú!O 2uö¬N>lÆ´ƒZSèÃ£Èðk›KÖãðç»ø÷ÉøˆÕñp§·QûÐãÐÄ¬G&é›+@BÓøRrHÿe®+UrÁ±ƒd'Ÿáa]ñ1Ñ£œÚ+ß¦PI»ÛÂ¸,‘ÀÓ¿ ÎðuÝg j6ÛI,ê¾ŠôqJÐküÛ@ñ„6&%h“§¦ïR¹†WODþ;*’œ#Vi‡M‰.%¦·È²ÖäÚµÎV±= ožï é©7ž YƒS·¤`9{ õ“"Úúãñ“e»UAd=#qAÿ¯Wµ{b¿¦íüœ·iX)m¦§ZrwYÂøÀUx5¹u_-Ö«+O]#4UV¥§-Ç¯Žø¼rU²O[Â’8ŽG¡æ¼Wõø.§Ý=›.s–ÂØgî5H¯:?Û}Lö!“…Úß™ý»ÒêãXgeQ@B ?,TÝ4V–U—fÂ„„¨1¶žËIvŠŽfŸ¶)Dµ£6ù‘7P ¦¨{h‚uˆ¦ö Sük…ÅR]¼Ì‚ƒN²WI½Tzïš5KÊ#þ•§ÍÏÜXu’ÜË_½=‹<º0œ>•cÏªTh¤%XÚcí;Âúî.ÝòÕRuö’ÌONÚLÔ!>s§g’špM%„Žpå2›ƒ œ^|ëÏËÔ`<83pÈsðp ôsL%óçÉ¯un±p”PÍ².Tï‰C-kH¤‚™>‹–pSQ®»¾N£w"Q8;&vŠPžç2"IÇ™žf¥õ˜ÙvæQ®Ç#–ŸßtJnO£ºÝÂÙ?ï™jÿf¥Âæ3BÔ\Œz×í¼õUsV`mk)˜*×4Ò–¡2{¿…•·ÝlCÉY_Ss^Ì]‹¾öMs8ë]²^³geÌxœ½Çt $‰’'Y¨b>’ä”>ô!¼›lq|È¨Å$‹à¶%ÃjVÓ~'JÊ0¨ÁéðÜÓ¬Hò’<”œ™'Z»f„ž÷Çp¶07·Ñ€rËáG¢CwÁÈ/ž[ïÉ³]B-"¿H£ó $ÖÂu#t}Ÿ¨ 9hK\^/0øR;ñð@kÞi™zÐÄCÜgMPME(ýwJúTá2ADè-"Ù×ªêíkÏMŒ>“;omµw4|£Ž*K•AÀ@*\}#eªÁyØág£Èš¯u#ê&ØÁk% ¹šé'·8ËG§m;Ünöu-TéïNJ:ë.FG†m,!åªEbèdì_Îâó&”7Yé|ÒOITúýÜ35Y¶‹HŠL!ËfÝ¢Ý©1³sz5;OäJîÝ.¹WªŽÎ&á8 ·:SFÎN3m£ÝÌîRIŽ¨°™‡ÁL…å³„oOlT„Ö¾awBâMÀ¨Žl°z¥ÂÇÞ7„G‚i^¦¸ðlCýI¼T%¯-þÍ•[ÐGAhNpîª5ˆQX ’g3»Á^LÂ”1(”9P¥-ëåÅ³e³MvÄÃ°äç6Ã¾˜OuŽûÿkî’ê™tðû¸€¨W.ër‰uÎ÷Ppßˆüˆö{šª .b{Q9ßFDâJ§úo([Q¾a¢ÈN#0Ö4ô¡7@9þóÚB xk«è³@~šà¬[¶3òç ÚTyHÌ/'ù`uIØ—k!Kž úß[ˆƒQ]qË}tDi±Šäýêpàû1´!€“ÂRŒq*@j:•")>³ëcy,D¡¬Óöu²Ð'KRÝÌ(€y¯dkÛL…}xJÛH´©’×ÅVâEUÚIÄ…‰Kß.X¥Àx¨xd>»rKTþXÑKÏ±×é÷ç.µ|†I›¶kÃwa@²†(+Û#œíyèÉ>Ã}´®§éŠÚ†~—˜pèp°•åê¹ÊË²Ú/Âu%›Õ%uúƒ²ä£hÁV gÖ¨ìés¾È½jT80‰9?,u‰ÎÑ`Õá”q1žIçn‚ « ¹J[$ßg§º|°%ò¿U¸ô›ÂÆt‹ãÉ@y#Ò’&IÏâ+~ïpÎ«Ò2AšÕfÊ†3¢Hxò¸7äsàRRGàwQcüÚ*Ö)éhûñMÿe½þ§‘ýõM“ü½Ù0TÔû“9‘ÄEBbe˜$ØÒšŸÅŸRÑPÉ~#ÉÝMöüãtÓhl¯ï]Ð·á)±E-Wpƒœ7ÔüvÆ:Óþíyµ¸Kº"PÀX§<{ C¨‹ÇÅÛ:ù¬Ôî[^N³ª|Od©r @ò#šOÑV¦5ýZå}]Ù%ÀûE/ õc,V×¦“y5UTÇÇÃõš Ð˜'¦#l‰‡dç^q–YmÕ|Á"Ùã© MÊ„„@$Ó-:ÊÏ~Õüs'¾.2"ŠJ ô\áü¶vv×24¹vþßLjS= ôºj g–D²7ŒyxUnéh¢Dý \Íw+ÝIà(v¦ @C°7ö²Ó«ú× 2á¨‡Šj¦±*j0¢K€gÔÂP“N~ÏÄÑ v%ÿuå{ñÎaÐ‡'E„ÊQnc)ìˆ¬© u¡Q~»\º©>xƒyÈ×h¡@Ã6ÚÓà«ro§áþv‡/R›.R¾–ou óYÿÞÚe>Àû Åë\Šq/F[´c]Ö4~s&ï'Øô1'c"˜ß€PEY'‰RÕ"MÃ²jŽÇ÷ùIµWYÉSªÖfIæÇo¯´ÓØnÂ÷e0Æ%õBç²ÁãÊ‡ ÿÍ0Cýs‘Ÿ½É`†7ÊXÐ@"¹ì¡MÎ×?c±éÎ•Ê$~È1»HÔú †74±FãÃ&D.#3h.P¡ÍÚ~Ç˜S '/çDÎWÉî«¤ Ñ&ûëÒWì’“ÉŸ15‰fÓ˜ð\Ý¦MªU¬áÀmÍx M@<(å'œ»üÆS¿}PC”î ©siÁ¸M·Ía4í¦ƒÀÏš}9wêµvqÞLµNôZAÙ=$hv3;-Ò³ÝwóßÏ7_ø¬RýÁÞgRV½…ÜÃ>¤ä@—;~L¿º¶ª]ñ¡× Ã»æÛ_„G’K&›qÖÍè±¼=6\{[‘g½wrxPšnÌ.©ˆ8¬È(ýv ›„µ‡m´Y¢ßSQ%)Ÿîª¾S'þ½%!¦ß#|mY6„Ï?HLÝˆ;ckBE™Þêýh{JŸÛ=°–F9þ`t?—kÝ€©âÖrk“8{=ì~áæúþ½o¯ÔYx-ˆ¡ž¯¡Ïp+M”øùû±¥Ð‡þ?Aõ8¼íðë;û†1bvóó£E1u¶³·ÎQÛ° !K\þçÃË4RP¢ë‹T‡éËì?ù´9£;ƒÿ“4¤†ƒ"Û[B7@#»ïµêÃï¹Y'7Å?ÞUtÛ mãˆú×¸?\íY*£ƒJ—r¬ÅZqím>æLÆ¨m#…ê/Bˆò€Zt…ùý#RÄÀ‡~•ð ‚Ÿ¿.,<[ëÐvúg=JÔ%kº[nFæi±±\Ã!Øo]†ÑR:0»ÉÜl‰ØÔ«&ý•œóüô‰(Š<”vØ7dQBKddÆÅX$]*q —î9Có´\ÙÀkÿ+ÂŽ&Ä»he×U¿=¥ú8<^²›„]O6B‚At†4«Hš]Øî §(Žææ&iŽ‹î a‡4pœHÍƒÎp$ÚŠ5öÃ ¤½Œa[£lžÀ**9ÊhÇÞ°¿©}^¬¶mçoÃVŽùÁîx²²Á´b÷iîˆM“(—ëý‚È®ÇC†ù:ØÆ _a!Õ¨r7dÎ³O{qeUœÍ’Za=·*À•fIZd&_üÛOÐ{ ¦s÷œ43Òd;1L<˜ÔƒÖÜcðBZ›eUýx•oAÍÕYSÄT~Þ`•PO)_¡æ¿²ˆDéÿ“Ù«ÿY)V+¾—Å{?¥®!v¨Þ $íæ5&žWŸÎ§¦ÜÀ¨~J;kq¡¾ZIë¼–‚u7’?4^à-š§è6|càîò†é s¸*4/EâŽ[Uï¡“ÛÄ2L–ÄZ4ïùµD‚&â;Ô€Ÿ3=2ÇL½ E³O5¸<£¶þ„°z—hÁhÓŽ\š~Õ° *-©+yïá]ö ®YÖ$òû»"ºM[ ÒL×ÝU8’ò1J¬B£ÿ5Ë^–ØÍõ8ÙåÝcuX ì‘éùWCã`‡™yC%‚‡\iäjçŽ²NX'NR!ñï´:}ü½]ev ³}Âo²ÿ!… Ö‰ö5.þÅô¶‘o„ŠæéöqŠIt|1,ã›ªqÄ—,Ò%ë(ŸýÇ7-‹÷.…¾\\H†¢aÇ˜8ô)zßÊqˆ‹ù&íþal¶öÊ!pž³K¿`¬ÁCÈ"šd*ö•ù@–ÙDå…ØÝõzƒQôá0 ÙŸ°M~o&°–ÿ6ÖeË9¡¨[*f¯/:av;—*ŽÙâçkÈ€áÕH$ÓbW¸•ø’Ä³ÊÐ¨ñ3ƒõ£LÊj›¶ÈÎˆ+íì/4,âë,C‚|½¢ÚbSEÿ¨Òq¹Yó¬®iE÷Aj*ÑÎåâMÍ¾!Þj5ïr”AîáÏ1LXqY%ˆzÍoöþ¬z:¹ú$!ßý¡*eUx¿¨eò¤zOÒDò3ÏVû—O=(Ý2Ôä—i³Vº½>wˆpÍ@»e“&Kõ†¾¶Wã½¯z ¥ñ´föšL?ÏŠmL½Œ8ä’º÷Ó¤0W áj”Èþµ·FøÞT„¹Ê U3R€u]¸Gô“ý§¯ÓÂw59ï´É’)×dðp¡ŠçÓÊÓíŒÝ½‰ µõò0âEwe4rl.†¹*Dî™ˆw|Û‡r +6zb5Ì5,Ži@{Õ¹}_‹W×Êb„Þƒt»†vph#V¹±Ø%ÝK‡*¯ ïÅHDÛ¿ üÖöºÁ(OÚñ˜ÑTp%5è-óì‡Î?Ã‰WÚ»ó–(p”|áP[FÛáSÿ[VfÑÈÍ×júmFbhkjŸV[ùÌp¹¡}Rî»3ÉèíŽž@RÓÐ %Ž÷e,ÎÔ µŠ,¦Eñ®¥ÿB]`èCÃ\/8ùÖtu ¯·"ýàiâ´S*¼Šf€,«UÄñY½ùyÉ‚_fÜzæ1Õ:×"]2QˆíæyJÐùKkÌç Ek¸tètxÞf)q¬awˆÍxg‘h}R¸ö=@ ƒ(„uO¶Bý‹SRäåˆ&ÇÄní²øGvrçÙ°®¬ÔžÍ’ˆðž Â®„é'úƒÓ]®Qå¾aòÂÏ½ËjŠCÈ«Ý8¸áŽ¿·%í¸b,ç“©»Iñ¼À¾µ¬á ¥C… ^…þ©L%p¸ÉÎ„<×¿º{~µŠŸÑHA¾},R„ž¹VfôÃ-Ê-F×Í_Ô£§Ì—kµÄ^f®5rDUh#\r› LÛDBRQô(¿,ß![~^——‚m&ÏPb¥5d:è¢…³ÜÁ5~Ô^Gò&È¾ò (N×¼ØÙº™cáDµ÷ë%`È"~26Õµô92êË:òt-uYŸqbç³“•\ï·)NJø9w)CZ .5 ‹lÆ…Ë_öÌå©ZÞ+½ë×•ÜáãU+_,9†A1rTÈ\³xFZvVÛBŠ˜U>xÓ·roxøÅ?ÑOÇšýK‰ç"Ú9¦ÉùÃþm›yEÏ*Êø8¾{ @¡©ûÈÖ{+j¿£„¶äÏ9äMOÈÜ÷kŒ¦ÍB²ç;`}ÞÌäÈ 9•ðJg²Þ¿Ü'+O&*Wï|ÂŽÂ,ö·5Ð>ÿžÀ™M·Ä}‰¥F RX³O¥—$;¿{Š%PÃq/âÇÄ£‡7ÛŽG”ná?6K6\²„ì]ô¡ÿÎž½Ð”þÎD÷gƒÔÊð€s®âY5#Ì¸íÀTm«IVßÂÇ‡s¹{ŒzÛ@¹^)…CŽo\Iš<¡{!ž¼ÀõÖ$Ù§éöcÀ[Ê”ÒM‹e\ÉãÕÂÿÿËzð‹D™Ôj6r_¹6»íZùŒyÛvãyï¦iÉi‘TOü¹£Á§C‰&pŽÏÆÚvj{!$!Ÿ«‹Õ™N ¿×Ûé*ÝLaNšý’^§D‚E³sÇ@&K Râó½¸kw—5ñ´Ù·N|Up5mw—"›ç¾`æcð>zöáÚg×o3 Fg0u;µeÔ$].s‹¬H>óhWãÏÂÄk‡‘ë.sÒH£ÅYú£øÒ_Ý9º&1\®éªšþÀênêŠÛTÀ–î8Ï=Ÿï’Þï9(/ºµúU”4é>ÊLEõ•UqJ[Ï·Ij=8[Û$H—&ò9¨æž»ÄíÙ“r~,Ì¶Ÿþ¥o+„Ñj ½Yt¦jìu»iF/õjÊq'‡táïcØw’ I"ž#þ…Ôk½%—h!©‡µFõ=jŽv…j=žõØ5 ¯ÀLÑÔˆþ.lR¢s¹n‡ºÎyl_ ºC-ÖAZÝFÁçäðD$ …Ó¤~Wˆ\Ì©òÜ5,—îû”“Êr_¶³±aƒÏëLÁÌP`®BWm¹õúû{®¢êf–ZíŸ²q´¸X¾…¾‡€mÍ-&tsÔL;=,Q2¼ä¹UX(Z*œœ„%™ãžªõÛ#âçŸ,JEÁXðX›zÏQ²¸p|Øq‰eO„Çœ€3 X÷SB€²Ã(™BSÂeFeôÏÄKÈ—A+ZõS} sÜsK9íCç4ÿ;%'T”AP‡*ËÜêò¾‹n>(_‡Xã£Ëìxó{xïH™4ÅýºÍ_C}Î!P)à7rÝï‰hR›#éý-Wqc¿G÷xÖˆH•+þ{å|yGÄŒ½·¥ÞŠ‡è_wTgs{¬ª Û-pÐœâƒ;tËôÜB„§·XÿNâ¯vÙ)Þ ™ã\ó@JÝkN°£„RáòR“6¦ô5þ,(ˆÁó’ó>Y±œˆv`[ðN«¡ùêÔušøåpsçì:l”ÏÜIi%@jjDâ)Do½ñÒîÕWÚÖ«ëáÝ²}±/uØrñ[N[ê[6êAœ³Ñ¥Ý¿eAèMšNipÅÒ"dÄ<Îc,b…\’Þ;j½" «›ïtcÚÂÌa$ƒ½˜bh©Ücu\{Fÿ–‹äàx£%Ãê˜(ÜA<.*)éÜ³Öu% ‡ýð•…6â…s˜¹Íùî¯2¡ËŸ¬¥#›M±ïˆ‰úšõgw´?a‹¤&œŠ˜Ré¿}Qw éØy «F=d¾+‘¯0UöyûíTª?”T¤6ÊºžÁpêŸù`=7Žkù‹*ŸyT>ù— j÷ñlæéã’ºo÷s•Ygýg$…Nâ?[´£;EµXV ªfš¢¿^’ç¯¹\Þôoí-Wo9¬:sA—NF)þs:–Œ×/*ÆFö‹Px¾WºíÈ#ÕÔ`Â…P@fçŠ«1é÷ªGª2'ðûm&A/E1 øëzFw4c‘{=ÏÜªÀðâók#H0˜*£yd]p)0mY·Ëç—\AÇ¨x°m~)wÅy‰ë¼åÏVRÅ3úa…—«Ú|N)’ŽìéøÜÈÁõm[ˆP€ž¼ÂÜ£\~.£€ÔÈ¿Æ6[p6}deqÊŽº%0Å~«/ÙÕˆü#\gŒI€bu*)$ÁÅÀª¬%eäŽ¶ãžlðµ!ÚZ³2¸¼©RÆŠB]Æ3I+› äÀšá.6¹¶ßÅ d¥¦Uçó¹x—ÊŸ¸ Rù¶÷ÉŽÐ}—‚–pžpp™±Œ()°Ær}b}¯ 1Uú'¾IÀïB4œ”¿öþó!PÚ³è]D¦“˜ù™®<)á°¹Ë¯Ö4MVPXL²è¸uU¬VS¢¸Eº6Äò.T¶pSècg‘+kæ‚(—Ð“¯]8ý¶aå¶‡ï3ˆ#‚öh,Äg„¼JØbn37Î-—<+©™×vS:ýÆÚsg±ß7_“©9Ð»ÊK$6Ë”%ñ¡5ŸïcŒpW÷=LM™ZË*£ÈP“yOŽÀ t”“¨á³…ü¹ÚÀ(-*þÜôÕVNì‡|b\É^<0ð^ äì’„'Åroã8ÂswÀ¯>"#jãÙMånQžf—7§åA‹-·yöŸ¶Í µG¿3õîe°*NŽr›] hR*cM%¢4Ud¨¬i‚æáæ (%`;%êEs4:c=^ }k¹>•ÁÏšË¢0…98”¶`¹ü¨‘¾Ñâµ`Ü=€UÙ— ¸©ûïo¦2ÂX5ÍuZ}Óvžc›'ÒÙ€R¢”r«µK¸I:tçˆÇúME2ÚfŠ_©»wâ‹Ó%Ú¸Pz&<ƒ!Âë±‚' EEž* @wYwÛíî:¿àö”ó§ÎTÇq o¢_y‡ WÕ\´u¤’aE¨ž9¤f$¿Ã,©ÊåÏùö¾KÑiSëßåÚ8 Kj22>k{:‘#‡òtp»Õ_¬ØÃ¡ù{´êùj‡3.ŽTm(Wæ0à¡kè=tÜêÆÆ•ðúÃõÐ¦”—QÓçŸ½µ(V>¤ºÍ™FÆíý#ôÉì4=#î ¥wPé„+ŒÞ^YÂ¼ÊN¹@šýÕkZuv¥â–¸<˜ºÕ¦ú¯;áÉé’"Ñ2»hÍóá¾ª¶×n(Q•¹à#îî8•ó~Q"¤ò*ÛHÒŠ\T…K"JÔ‰Ü4w€ºCÀõ ìFÓÒœDÛþüñw1 VUØN8ó<ëª7T€'„öÑ± àf8 ¾/žï±…öc•çÔç5¨B=56½/L»˜)cºJò±=BÈhmÊÆ!%@½d?uYŒfpà z‰ÌN®Ø½r›Êü‘ R„ÂË9fžhÎà†Ø~?Ø© ÖOdBåB}k_ëšàKUí¿ž¡f>O"œz´ÐájB¾yûÅh¼ä1l>ž$eïyO^¹])‘b¦t#b‹qŸD,Ò±1’¥S¸„¨Éù«VÑµA¿tÕ×.éPR*–O˜‚Êõa(Ft÷ið@‰.cO–êW§Væ_hÝê†©×±ý)ü>*¿Â\‚I{!c[µo¼p;¨YLxŸÝÇÖ¹ÏMUÏ¯qÜ¼iag·7Ñ®[kUÛõva%LüÚÒ×Pû³€ÒL¶—ªm.„ ½éSéý§ë‡èµßÒCÑ^l@+OÓã6ŒZvaÿlàRqç§kÑÅ °<Š/Ç„‘$†mÒÃôJN¨ÜÚí\Ó9?ÒPqÅà(cG—áT²‰u%½);y™m_Ó>ñ€@óHÄi×ZÎT:I,[–Iê0é~ûo™GŠõ;¤CNÕTžZæñhÝW6ž:k¶›Ólâ´ŠbÌvbÇTp‘ŠþúîI5»0úÔîXöaí:éåXIpü3om©ÄS-ÆIz9:å:1?È);A û"4ë³j+zŸ[ b@ýGgÂæ¦öëÅ´½C!ô5‚·°ÚŽ&½g~‚ú¬ ¯ñíÁÀÃ¼Ý#ÑtóG¬¾ïÒp7¿@ëöõÕßqÒxLÚV¶½ç^ýŽß›¤ü•Ð‹ Uþ§½Èþ3²)ÙÃ +£ýVvumœðÝ8y¤9òóœÆoèüc‘ÜûÝ‹0AˆæäŒ-/¹ƒj‡Š‡å€=¾ŸlàbÆf¿ŸFÀ¼€G[J²|?)&çó^fÒõ‡ÝuWE˜žj½U4ÁT!q#µ‡ hÏuu¿,)ˆ?}½(j]L¾‹„*p¸wŽH‡ŸÊëHîù”~)!±>¸¯CQ³ÖDŒºJ08Ý¼! á|IéjÕ;7F"Ë>Ÿ}yUa¿ùIùW´0¢úÂ¤m+þÚ@d²x‘Vß7 ›²ÊmÄ6Ž¶u®5‹-ŽÉÊyámDøÓ‘õ¤Ì6ÜL,æû~Aì¾á.]Ê%O’z;™§Œ àªÚ<Ê j{ŽÀäPÈGŒÇƒÍpŽš£YmzÅï c‹o†ë xêR±{™îSxÙ“•cÓt\zNH4¼ùâÌ¨øbµQd:Û÷°…•2ÊäýÊ®í€ß´ŒÅøˆ¼Êl’Bµ»Î´÷e¿È3a€P¡üÅ¯í3¶5°@¸¢WË³Ýc8 È_‹pâm^Ipì˜)½äº,‡H%¢csÁ’ïD^½i‘E¹Á¿C<ÁüA#Æ×áX˜¯ŠÐ© 7MG«Qb.zíæ=2ÿª½Í›Ð-a_ÉÉlØ©ÂG¦ð7´Ò&u;¤˜Ý–<ÂscåaÐœº¶>ñ‹BÂŠ Áse«‹=âLø»?µ«Óu³8R )?¡rÒLÞ· åw+TUBÚ`5k–Eß¨g ~¬,(ÎÄÎUñ»ÁD Šæ½[¢úÙüÝ8©Þ~ÎÜU@íé¶G öQý~w¸^‹IÞ-†—ýBÜˆÃ{I–¥÷V_º¦/^àwKèÀÚöd?+·íbº¾ª—Îb_Sä&ð…*Ô«èxñëº¬A~È0á#¯ÆD ÓñtÔìªØ±Ëˆ§«9¤œéy’‚+“Ð˜Çu·,„Uý„Î«ŽØ…p–Û¾”Ýq´÷6šÌjQ›‘¬¿Ç/þ¹á>¬sÈ2p·‘&îóÔTTOÙöžU(-ÈóˆÐ ð´ïÒøî–ñ³Aáßï ¦Â’!™^xƒ?.B—[·S{'èX\$ä€yàOFž9³ÄÖÍòD/°Õ¬4'`¹L|\Mz›§zûyß XÀM¨\ç±¨šRd›œ–¯c±%J÷€G+ªÔ±$'¨>ìE^Û7{=Ê¬ÚQç~ÌWÅ ÿLž×;Lße~iÚî¹à×¯âbN÷ÁžŒ\f¥(Ÿ“qŠÆ‚Û)jŽí6¹ŸªÒþX ÐrE‰ÄE÷«xO¾í°‰=‚Õ® Ë ®–B*ÅœìÞiG8‚¼=qÊ°ô"ŸµEù˜Ÿ"‘ÙYmÜÙ?•hÜ¡ÍÐcÿŽá*DäŽÜkº»âr‰ío¹ƒûÕçyY;*ÛÃ¾“WâÝt÷ˆòónäÝÃÀámoÊ7ÇP‚áY²J@$q]dœ|C}Þžw axF|°åJÿ…ÿÏ—qTœiA˜«1Ù!:ðr‹Äc˜ùÍÄŸË]¹Ípgkõ»{LFÄúV›Ão•ÿGÆ¦«Z)ÌÄ3 ë»ÌVÊÄ ‡ÔZš'¤@‘Ó½ë 9¨ØêfµMe?Šžð´ZÛ+íÒk¼ôÔ»(Ulg$QÔÓÇt¡IO-žXç•‡g ïÊ)DÀ»³o”Øl9ÒÀV@ë4„"€¡9ä‰`7‹öJÿ >¾z‰u ü¸§Y“ä3QÄú1ÓÅ¸lŸ©`8‰ûÌNÕL !ñ[ßáEÁ;Ç£²µûÐBÝ ¾Œ&Øæ’ÖôU³Ô$ÍrÉ²$%šEº• 2cS)(þM%ìÍŠþ'‘¸ÉcðëgŽ gøPþÛ`ÖDÝíY)‹§)fzí…z~×M³Ñ[X\1¦þ-úÔ\íypê!ÏåX?Ÿ óeXý2Ô}$¤¶JÀñßp¸ûßõÕç‚L\ìjÃîpçîíG¦œ…‘»lz¤@~Y•D úgâÑûŸ0æW$ÀD×œÚÊøÆ'qCíÏO—Êô§ÈyªþN²Dæë²râë…ß^Ê=¬MèÏ ½s–Zú+¸ÆµÊ„ ÆQL0{¶òg:Y5?Ë}=ÛYk!èÀ¡>•é¼õ– Y½„¤oPÅVñ_`>â 0¥0rØCîkWÃk8#ûk?xN{ÿâí †ö V^:•j¾j ýÿ;g¦XÄ†ÀûOÿLÆMÔ(œýÌ è#ôò’Rîjj†òõ4×Ë{¨²ïkLw:néÍÅ 6,ïr›ùZ¥'´†1, ð0²i¾‡gA;%YN z¨fþð!5½yª¦üÀëÉ„»ØštDÄ‰GX—ÛöU}7¨…@/¬3ð/ƒ:øïüà•šlþ¸ƒú$æoHÜM½gÕÌä”ª+.TØüË¹™Û`_Ø1kÊ]òæ™ÔYT4áéÐ/!eƒ}lï¬€´„â6$T©f~,Ñ#Ú%-åh”ŽM –88‹Õ£XaÀ†±æç‘ŽîÝ´) s¥vs?¿j•ð*;3k@7-Ï·÷LOvVGF¡#FhŠVnÇõ×´kÌ»p]QPõõê¢´¾ä¯Üé>US7N@nœü89µ¯]µ¨¥2ùÓ‡îŸ²’Ëh8Á9Ýš^~Cr*ÕÏæ2X½ñÈ8†k6\ëF$`öðl8¢i&eši9±Cjÿ¼×ôÜðA(ºöá2ƒæ}Aêºê´áÞâ sIÑ8ËÔ?D"7å=‰ ¶´À}EÆš¦”$CZ¤šøy¬ƒ`b‰Ææ°{Z3zrøBYšÑÄUËì+}Ðíh=¢´µ^ÏQ‘—ø]ÀÆª «_’y®ä¢`Î®U?|ÐbbôP0<.¸s¯ø÷ÃÉ2åžsp ÌÆY•¼¦†4H#ëÿ{¿3ó@ Á²¨MzäzWÄÌÈJLh[y†_Íµ–hŠÝ¯ÿCA`°Ù6ØXê¹)8ø{n8÷ü&k)íïðÇ“t»”¨ÂB¹51ö5ûP¬ý-â%Ôìßý€º¬ Pä£mñþrkß:ß¤û4ÓÃáLEßãÏNÃ|”*ÄÅ4aèüã7Áe#uª&~„°ÃJ$8?R²û,Ó }£zÂš¹·Gøm±ÂxØ›OC’ZIYlñôíZ‡žzëvqå¥=N2 ó®f«Âd4PÙ,+—žÑáAžÈwf·î¢+I¾r%…”@ö-8+WgUB–`Ë·³Ñˆ¬Æ†þõõ+“fµ¾;`fGr("(H¥nžwK}Lé‹näí#)uÉ^ÙBþ¿+Ê=F…@V¾‚huÈïÒ“õNw±•Q¯!<ó`Mû/X[“±³ÜVà*mc…PLë ¤PÒX/¡Ì,¨ãS‡)ö„„úwö|=?œcíáÈ ›0ü8ë#$QíWNRLØ¶FK›”°š‚À^ÓúéÎNÂôß‚¢V2fejX”KšTw(¬Â¼;îÑ¨5<É9$xË8»1á|™’<ž ±å%ÿ_ÍÚÜf™Ö½˜[uÿ|¶Á:ïU‡5 ¥t¦'~>2§¡¸%'ÐrE6özv‚5;ÆÝc§Q¥¥·v.d»;$J‘ î»)ûåz^lMRôÚ÷ƒ`7á¶ÈÁMÄýZ1cö}ëA^AfÓ··0#OôNF0J=aKDÑúñ:òé†ýªÃDƒì~z+ÁÂPÞôÊøb±ÃHËµZta¬PX(Q\ŠJ¡N\ñ"|rÕºOË.×›ÏY-y’’!léÞI|6z_v¢¡0èáìßÀá§•ý¨ÚHÙ™FÚ[5pñùá¯£9·—†~sÍ8<“ C·—?ò™¹ŠÅ5&™'‰£°0Zýýñ±»ë€æ:MÃ^ÚÛía83ÁXñwºxt;k'a„ :I“×Ø¯}U ŒÓ p©ºþ’ä,(ø^ÃÜ“¦ÉÏŽShEÄ™lœ`1R}uÚ~´Bób3kr}³ç¹{Ç0úŽþÉDÑOjƒRFØK¯®ƒTãfbYôºÿ9°£yƒD%\uTi¨Òw ›–’ÔA§p½¬»ÉÙñÄô†2cñ— ;SU“µ•Ôìä†ææL[µ#êlË½,)€æßùý"ÉŸRÖö`\Û6Ä¢MGn?Û"ý²1Ñ›”á|Qr±znÖ+Lú³lãÐ0xÆ¶“w>¬<öåyK»!msû¤•ÛÆ¸¾V@ŒcJ@Ížïƒw¸ Ò¸M\±ìdÙéúî“qíäº³Q¬m …™—l8+£/º_æŒâxEùù¢²™9>dŠÊ¿4zŠ·ŒNÕ›ÖŽƒQ‡.ãm%KæH-; ±USðîáJW½?Û’3tXþ<”t¼^FÔÜ¦]µ†Ï(f¸’w/û#OldÛ.ó¯t ¨¼*«˜±;ß?³¯jQwl®œŠ”0J"v³p÷±.)e’ø] ×Ÿ¬?``ºUîóƒ²sËÌ„Ùµâ v"¿¬Y DRxMÆ^Fˆ~K»[xyŽÕ/b÷nZì–Ì”÷³OÂf¹ží±òžh ” AŸm#X©ú6Äh‰z`¨ïIJcæc‹g-‹ËÜÂ}†UÈB}·Úÿþ½ˆü = 70«ÎÙìK>÷vj?mrÐƒ‚oÔ‹]æ×(Üûy›¿ã›AS“Á; D¥*ŸŠø°"T·µŽ¹Ó'Eø5µ¡½w 9.‹:–qýŒ6?µˆÿ‚¹ã“ªšý+…vÍÞÝ w&[áøke<]€,#É[§÷kiº¾¶ôç?6…Ä`~l[~Q ¾ùYjÐà{bxõÚ‰hüc»„——ê´ŠnIæ’\œ2wnû9Ö&×í¶(Rz…ŸÉÆ¾ãâ_mü±@ e%b)«W„„¬KIÈÝD£ÑÒÅ[¯Éq¸§‘q=Qrq§›ž-Ñå°>u“•;ûYÃ2ï›P #–e˜Æ’×”R£¦j¨ÝK±(JŸ16O·y¦éµÄ„11,ßMz=D¢†1ØÝºQ{ˆæûÛ„À¢9:’¢KÿÏõ!›ß;ë >áªÈ«Ô]¦Zã„¼ ´K63¶ëzh#Bæ þÞ="DnÕÞØÖ–=ZA;›‰‰›²µ:1X²¸B ±ˆ®`\°ÒíxÝÃ¿NŸUEÃi,”øv©øˆœ$~á;FÊ_ý9 ;Åüî[Õ»Z¦˜-pE_òÂ> &©{ž:Ç ç½IýOé%rmÎFò‹eç¹öÜNá‘wQ ž¹Û~^ò8bg àè€÷HBÈþ^Q»kË_”Ò;SµpÛ¸ö¼5Vþ(Ûßó,V¢ˆË®b¤+x ñØµ »¹?J‘j¸?Od V¸5g_‹]'xÞwüžüÍ©?`mL ¡Agò!'^˜½5!¹-ÖG ãGåììŽÝùNŠÅ\Úí»E#’xtßÍ·—«÷IÓ±Á}ˆ'Ö²é„ ãÕ w½Uý;x²¾SíØûÌw²/d!w%"³n‹;#˜æ®gž$¼È´'¬+Ó³£Jëq›€G{©ÌšvÃ”’®B¸Î×Cµ|7ùÆ–õ^ ÒÉrÔË¸ªc3nÆ_6p5oøú¿uƒæ7Àùsè^•²µS´ÿû!T7ýzV:ó}¦Él‚RF¡æDUN¼c%lS[$=rõ ®öÙêËÈÛ€tÅôˆŸù®%G—8%MŸôCŽË¸çù\Ç6Ï~@q_œÕ¢]ïF•C;E!eú|Ê‘µH\˜£d²RóÄ¢¿¤t˜—QñÀ/•¼Ö–(‚x“ÚaÅ„h¾ÛÃ×@Ží)œgªàÔŸ+xia[mkJT¯±bþ¡*ëÁw¡Z[ÓòY\õîVÈÖ¢×”Ù=Ç¦v*2+ÁˆóD‚2ßðk|Ý1?†·Çðø’ø<ä¿ˆGÖåv^›—œ_W‰Ü%T";’ÛGæQn~~„j®L'?·†‹ÆÔ;`á„WÖí˜V72_ g#üþZ™¡yO"kƒ¶u.)W²ºþIÐ¿3gãŒðëJ¢&–Õ¿Ö–O=¼žÚá¼ ™Úó/ æII†@·Ñüh ƒ.n$c> 6*¼¦#T²CÞõ¶{‹á¨™AÊ Ÿ¦È5€‹úx»¼vØ8ÑÎ„!@”8p“Š·áƒŠ ÐF2g ¬Ü(8;Ð´:ø¡Å—}“ÄQ¼w€i¡œT@ºŸr¦×Ylþw¥‰WíZò6LïQˆ×E«9-†€c×{3÷BHŸ±Ö…¹aà1‹l¡ç–8ˆfüO§Í‚—“F/Í=õ<7Œ_ð”¸oÉœ?ä †Wï~Ô pÕ&èd5½[Y†×ÓÅxYº&‡†„ÀqÎÅ†•À«È„aMý VÀ´} äÂ—k…íGš¥RmL£*‘>Y¤-…·BŒì£Çx} &l#†ë)ë½©Šªæ¸OêZ(WpÑoÂ[¹øäAq‹p¨KJ×Ð,5nÂðüZ³|ÞiÙ ôW9èwûYì»øC÷¶Î;óÒ¥3Kgo˜4»Û5Žñ €_aª¾\ºíã‚1ËÇù4°\‚Ëúvƒ‹N$êc“Ï“6“çò½qÖÄsNlããŠéá:£ÿØL_îS[½2m®ù¨qp£ŒIÖ´=>ÉÍdžÏQpãÁR“¯ÐW‰¶²oÄzªÜXLèC»m0ÐÏKN|¢`À.2ý soK%ÅnMIBñ²¸8ùN3?h°Y7 ŽR5KÌÍ§«@Ý³\`þˆ=‚1¤Ä;?®%¤C0$(måŒKûCbjYüÅ©å1møÜ¿+‘Ð~EÛÇ‡ª”êi¼6ä}†2¬„ZÏÎøpgâÇ¡˜N•ÄŒ“0Nˆtµ„ü8.¬¢:x|¬Ä™.Â£Õ »í5|‰ª9Jñ™ØX³‹(7Uß>Œ<óü?ßh¯èŠÂ¹ÊãRÞûH‡Q ²ic}€¡ÙÓ/n‚Ó¾Š¥õçDípËvšZüÔÐ ®`û·}êðÜ.Y½Š”ð´kRûµ\Amê‹|È2"“ î#×¾kD$Èã2¶êþÎzÅÀŸt&\x²91g<•þë\‚=¾^mI´oõ”[¦ŽÉ…ö·•íj^çp‚¯Ã˜æå‡ëð´Ž º2ìý¢Ãe§±÷õ3$‹;”äÌÖü.,ßua"³Zª²B«àÝËª‰ßÝŽ–˜"Oÿ•ïù{¤±8N @˜²+$6ŽÙà–zçäŸ7¿FF‰}çêt66QjR…ék{è‰"JËÛØæ€ÍÉýÚƒÑT d¢2ÿ€ …—·Š6 a#V¾ƒ´½H!³)¹cº – pEG¹à‡†_uHkáÎ”©„(lÌu¬h¿nÿ°‡«>–¯]äpÈ‘Zb2i¯XÅÜ{?!ž¤d¹_XÂ ´‘mÜ93©øtñÒ6S3O6AYæ÷*X `o?EF¼Ù ’ÛC¯#½èò’ý Ï0´Œžþ¶óÉø¬#,®û‰n˜óuÍ¦à(NdË¹¸yâC‹·¢F.õçaðïÒ8WM:lEyR |k-hŒUd‚•¾;VeÑŽ*>O]º$ezÅkW_ç}×²‘AÐ‰NE½ïÆÛ/d„Ä¨oÇê_gc¬8è±ä!H¤™åú5w6Ù†³ÂtÓ”‘;(ñš‘;ƒYÌ‡Zîœ=É^˜Gç„Å“¥'¡çô¯òŠëiÚ”Q8TfµŸÿäZHÂ‚Î²bbøzç……¦8RÌÓYj´“ºYÄ˜\ Ê6…-~)Ie}X‚˜ìÕt~êœÖp#ÃÄ#µA Àu%îä õ’x¹s¿–×ìeÿ#C…ž°þQcÙ¨¢ª¾£kû€™–®-5V"s1±õ°ë}ƒ²‰a»Üîÿ¾²¤ni÷ gs ¬ÕÀ™~ÊûÆ3ÁnŠXJž{¼"¨–?úöDñ÷o¡ÈŠIL[æËü‘XÏÓ$a ;áÔ+•Ð8ù®Šx÷GÓôW_#Æî™l ²ÊKŠÅÒ+²5~£7ÈŸáÁË£#´sa~KŸacŽ¬T¼IR|m‰`×üëpÒgq¤¨·Í1™»›\\b°ù¥%}kûÁb°+ƒ-l7‡ÒºCÿ˜îµP±ÄŠÖÍR‹„¦±Š«[ËÔ<™iÏßM·EoƒScrúÝ ×ñk×úÂÓ{,ƒ,ðõc£f+Ž®"š2 ÕÝá£åºíqî]HÂ÷Þ¢ûRògý{,JB²²ËãÌÞÄŸQYeL¸ ÖÅkG-„ŠÅn(É‡ïURœh“Ë¼1£ZXíHmÏîvºÞÄ'º$K®3ÌE¦I¢ oYÁg˜L Ë£‹V{iã|cÒ“ª {P1Ü8!NÁ3iƒÜÁÃy½UB/ê9£ `ƒE~Uqrÿ?ï Á QýàQ9Û×Í‘ìðÓuõ%§êT*½¯kr8Þ4ÄrU”U¼ÿ¤UŠù ¼0ƒ3=¸ÇCö5þˆ})pØÖ§…ÓÞ ß ÇsZü®dQ&DêxážF#v™œ`»Bep ¥|.u¼ÑB9<^üÈ kêu5"Âéë¹X^“†:jyÛôÆ¾•»°EiNp–Ã\6úÔ'Â˜S£½9Z¢õ¼oNö/5yŽé#\.ÚÓ¶‹ÓJ¼îO¸:ñ®Ž_¼ôË@Ýo¥?´j‚fL@“rÎ‡›Ø(˜Ÿ¯â˜3×3(m¹„æ ÖKú«Á0{ã)ýßMEàX®K–¤ƒ?Ä ¢“ôo$cfÁZeE…ËÒ´îjsŸh ;›ƒ§"ÚnvV¹¬5ŸFF..9—õnnàÒ0dçF_u¸"ÀðFÃ_üØq2{¿9'rCÁú’X£ è{¿»WäùªÅüÌrÌÃÅCjµã~«#ôôIw²åE&¯V”‘BÍLº7ü2PØéíPÙ?røé$Ó|.¦ÓåÓF&x¶’Ž›™Š?½‚ASK5<‘ÙàkÜ¤alà8UP«Ò"0)\§‚úïœ+ôÓ¨Å\eÿØÜÙ ¨¼ÿZÆ9^9K~< Ûµaã”wÛ×À-‘¢gúÈ+%„.ð[,Á·/W0‹wv¹ØÅ+ªÌ“7Yq–›BVmÆŒÅeçè:GP²¿ Ïºø†]]ùcÌ+.˜ºBÛáŸ<(€„õ¤‹ÖöÄüz³D]Eœ9ÇEV8¡5“Á¹Ê´â<w±|ÝÕãp^¶W|—S mš‹,6ÎüM‘ÆJ’9Ÿ9”{ã v7‹t ¢Û·pf}³\TèÜ†¥lñBRbñò•rÎí(ª ®5ÍDAšÎbb)„¢õ˜žœóJ2{[m4Ÿ{U&%P´x•é’eäÃ»Þ™¦Lžõrõ;,'ì©ûÞŠsòµ'!6ÊKÂ2æ_°hj:À|9ÐX¢¸ÚñÜ!Fª¬þ3~¢“ýäÆËû”é(ýR»pýVÓîæý‰~wÌo;ß•ùšÑ$ÜËÁW•iïpò3·bÖÀ7Ä}Âi½ý éÀgÕÕñ409L)Öyíp¸{[²´D‡:È™PŸ w›÷^¦¢í’¨—’çÎ!ë6¸ŒÀÃ‰à9jÁ-Ë=aƒóè,V.9³ö£½ø±Ø0zŽö[›Øû÷Ü¶Ç’0}RCìh¡¥&`´*¥—ÂÚ™Óaƒ¤_½Hº{•¿>a¾ç+©”iÎÆ"íž-ËaâÃ^ªvJ…ÍIjCþ%")‰Ïçç`‡ŸÎ?›)à›X&K1*GKoM6º"=U½ñ},X(Í¿ Ü›}á å¸…®ì °ãþÊ³4¡"8ÌÂ\½¢õŒ”Èi~A¨|üe¼‡¦¢÷Œ-_ûå½–+¯TºÕ$ºè{ð“îßõDûßïôCŒ ‡”o¨š8p…f5ŽtÄ?Š?•Óù=¡‡¥¤»¡‡ó¸¶¢_o–†ÀÕâYZLjˆœÝË£håEÌnÂso…ÆêŠ~¸r€w²ÝÅæËmÅd¦{ùür‹jÚ_xZ}R’ý’ã<ó«èy>üÆ!Ó÷˜Ó”êŸ‹aOºo·"…iÙ¾`J5‘QIÿÝ)ÇNNßŒò¦S5‹*ûÛsLÇ•ž7Ã>q€Iù#úÍzdu$5Ü8Èd“b:4ý»;Ý‘ƒüø-3âw´óÜ,'9lße>á…/HDgýÊÿxëkÀ"ú‹ ´¦H,ðò5^;ùeRÓri8 †YŠ28¤²o@k£ÿnNô“¹qÕÍ“ /=Öj0AÔÂðâF0Êwtáô·ú§ô$Ñ_Õ|P·—íö…døSî5.’VAPs«°À@.¸âé)¶m7ÂÚÑÃnëƒ Üø™ÄŸl½*¦¼âÿ« IhcgÄg—®ñxtó^õX)T§Šù T |TìâŽ«a¢/±ÀÕôàwä4WFQ(Š™C½³ â\³r²Š¦·ˆó1 ¨w¥ ub!åNåjœÅm¾1:Ëö|ÀkN²\Ãú€)çï~Øž‚÷$ _´Ú¹Ÿ€| "zO;#4nô…k±ˆ7L€ãç2]ÄÎd©F’þî¹drº¿t¶_ƒå>+à‘/¿™æ^tÍ¦1sw/H_¿CWGt%E®Ÿ&˜†eG‰_yÄC{!äÜ¼)9„ÖFht„hEgKÕëÃ²?UwÛ›Àœ+#‹ˆ+væÐÖ6),=¬Ãz"2[ ÒÈM‡Èýæ½±é þ3übFS_Ø¥Oé Õóà$†L2t‘7wó"ŠÀ?¿’ÜI_±e`+En£…¼–îy"¡09øÛDØ9<8¥Ï˜ÆœáV‘H{(FØRÖ Ù9wÙu¼V8êu?æžÅŒPÞœéHTEŽ-ùOWj»‡h÷¨LI%å>œÄ¿Ô5-½Šž…O?–¦äª09‹‰é—æy¥n˜ý£jŒ·'6iæ 4 '±.böN E]ž–ýTYŸo"nH7ïý‰¶Ÿ¥PŠIé~~@ Ú’w¶˜T—D?ûühÑ_ð5¯ê3ûcCZàV2@ãXÀ‰ðÃgû¼èÀÂ)uVÒÉÿb/s’<¤X\4#q5ÌQ>Cê2CHj‡Ù¥Q§~sèÂU‡ :XºÂ Vü:/øæB;ÆÉs-¥ˆûè\>µcÈ@B·Ú–S¿À%¢$¨íGó‡ÍëlÄztÌ/¸HÂÝÏ´éï—ù©¢š‚Ëox+á6Ët˜éUNÏt$A‹çÐÓ£%ãAHQ•zaÄPYÛB,—x^cÑ¨&{jH¡ÆÌèœsT.½ÁiÍçJ0ó&€øXGÙ7œâ]®¤cÁœFªÔÚÈ6uëBÒRh.;“MÓîõŒË#k}eòW¦µ.hðC2nHL‰`h$,‚o³r6¦èÉ Ó5/šE2¨¥ÃrM€üŽž'Ó3kÈw{p$êSÜ¼® U]ÈÍ®™u¹ó&aâVbÁŒ- ¨–%Êþh´‚ªgòïVvg##’¡ËUZÁ½ßüJ€ïV”ÓÓZ–þí¸®‘ Ù`F"~OA»ü´?ói²8)áïK¶ÁB¬‰_kù§0/?í½¡•&4H“ø¦Jót:ñ ]4õKõ}Ã®ÊXýPûe9òöNQ[ášlY,ù‚äcàeˆ„»éeEÔr*AƒAÉ©·æksÍ“^Î‡àº ´Õæ¾vÈƒMÄ’I'£Œ8þO"8+vDiâÕ¯kˆ3“ƒÜ¥a§jUÇŸºBdŒoÎ°—=þqqŒFê'ËB‘ð|(Ð\€"mÈô-ËÔ"tHÛ1˜xÂÙ.ìÄ0äºžV5X5>¦\‘óJêÌ2kï¾•g"È§W›»]&ö€LñÏ%¹P¬+=æˆª ªâ˜ÈT¬'<[0´e2…x*—²sP% áP¨Áù†Vlk:=$ÀPá‡p4P—Ü!jcÍ 5ºØƒ„Q‰ÓÒf¢·JóüÛd)F;Èê@bð8²óûz:×<<øíòžéq †'>¿‹ˆ“f*ü×´:¿[5é¹„N\bè‘"èÝþ ¡š~3…^S÷*íˆ›AÔê…æ¬,•ÕÔ8ÅÊB±¯ò0¨:ð{‰É¶ï&udóþÈ·ÀÑ|™uô#’ðíÇvÊx†Á™ íÕ °ï8FBü¶ŽåÈhíœ›vÖXøÄÙª^¥íÜÛKÝ~¬c%ô‹tÑf«1è7¨âH8XŸ–Ú&»£µWÜÅÙH•Ö,ÄsžÓ:j»û›ë ×ÛTD„WV D¨iÐC9ððÓ½5/í0ŸYçìBmË[®™»»;!nÝó¹–AÑ¡ût=!xÏ¤zTPŒ>ÒÆV^z_ÉLêgØ£è¥¦xÌyöpã\zØ`0ï…i¿H5¥ÒVA€ù´Éü”ÍŒa÷ÙtÂïØ*0S”<)RPò›Ù`Œryë‹$^>þqYúŠAÀ;^¤I·}ÓOÆÿz…z ¸ÏTPˆÄEÏ}€~HÚ®§äY3š·÷aú»r!©Ð¦Ãñ'1£SØéÌN½Î‘@¾`c½¼)e/sG`ÎýÔlí^Ü_ýByñ~ü€?löû;»tŸãí1#zgSH[ÑÂÒ)…£/e:ÉZ_¾ %½Hp…"XóžÄÖ °`‚ÏùøàjàŽ7ûWÓ¤úá”ÂDî‘ÕÐ'Ö*«# Ëuw}ÚI8ôLàÔÇn\½»¨ó‰§o’þ‘Æàæà:G?KŽôð9˜öOhïÌBf2—éñ]É\)ßßH²«Ô<ã;èãý¸ùÅ:}Ìr 8¹ú¶Î^ÔQí>xréoà»‚£=m«%°Üs^Ñ´‰—!k³p×¸æŠ´ùu –åM^{Ö«»y¢áâøøP¶r¿räÇ¥‡iíˆ!¾#c‰1'¼”LâQÇ¿•q (}Ã¿É9ëóŠ;"‰é=7BdôÉûVF_ïÕl<2´+tôæ÷1&âÓ„}Û—’ï§›‚AÍñLd`#Žj´ýÍïÊa ñÜÌwç7ÎÔŠŸ£*Ú ùxøõÿ÷oé*üD³ôêÖèÅÉ0Ë”zR™¬nnD«mÔÊ“j ‰šÜÐÈ=¤]I û³>0]¹nF'º•Ë#”…Fõ5¢rŠÆÑÙÉýbŽrOòHƒŠ ž[«0l[«Q@xô31h»-òßŸÀò»‰ŠG)Î8â6øÄX…B£OIç¯RÁ@a r¾¬èŒ×ÝiŽÜoÈ*«Ôsm¬ñN.X[$Ò¡ÿÎòk&X Á$Æ€(Qfé·fymvL»~ÉKi6öx5%‰Ü§â[Sª\c/2æ\žï¡ªëWþt•Zªià-«jBõ§^ ¶ynÜ†zRû; ñ/(Ovâ;)1ÒTÙ 0¶Â¹c'0¢FWƒ-6 ½SâÂ^ˆ¿©£OðS›Š¶B¹äÆ5ÛpÝ’+ÚF‹†g#›ûã'z†Û„h¯k~œ¼mQÍöÓY„œeV›»aääõÀˆÞZ8n©ìhïûòHóso3?òê!;°¸å1?ÎLe®Vp(^¼B“FøÌ/ÍEÉE.Û=ËƒOÀ'Ô÷0‹\xãºFLâoüÆ¨DÄ¾A,›ƒkÄê=…‰æ€+V8„ºí¬ƒÇicÕÇŸkŽf¤ qkÙøX`9 ƒ^®Š¨eHójèMª½(×A{Kf„¯®ç½V.Yð3dõ5Ñ]ÊÚE>FbÍM=“¢j€Ä¦îVS/iëNeòûFdsöÅ*ˆ-E2¹Å$DükêUUN5 ú† ÛÀP÷Ö´©ï'yVh½îëWMÞjöÃ3èBŽ8pÅ÷XHÐò›¦…× hÐÜ’›ëóQžñÙy»âô‡÷îÏåÜŽ¼3INÚn©¾0fJ:¸Tÿ'Ð„ý. ôX.uF(,ìU¶v¢Óù×[ëÃÚˆƒv÷Læ¥bØD4be«ÑˆbáJÄ¼÷¥+8!+>ÏFvuN§¯rU±rtM§ý6à&Ë2ûÌ»O4âþpìðÈ¼¨¬H¼xÓ4£"+yâYœ•x³½ð“A«œÔ?ë<~–CÖ:×òÛ,BŸÀqö;–&×nÏÒ:Ÿ«sf‰ÓÈr’|w9ï#î®ô…ž:ÈÎ:‰9‰¥´qÍ¡…?r-ª*~…àÙ1½HVû´a“83 (,R¢ zÀÇy‰þ[o›2j´-Sn“ØpµZGö£ÿ”¢ƒ9ú2ÑøŸà#P»„’`]ÉX¡á×-ã£Ÿªp4Š@ã×JY‹„Mhƒ”Ë‘hßoÉ[TUƒ™ÿ’}ZKàI_S%t"Ã¤f%¿”š Â>ôËß¸ÇQ[h°;}{ž(Pq€˜Q‘uo‡‚-¹×Â\¢4ÑªYüézˆ ±|3@¼’{u;ómé“®…‚.?Ž*“ô¹-H¸òWó`NúEpÑ–¿[ç1é<“ß²‘ˆéÌŠwh:øÍöoÄCÈC Éyür‡mDÚzX)ÎÁWšío’¹'ÎÌLþ» Ê.ŒÌ!}Ý^‚â˜\îJ;)b`l5ì§cØ;‘ô?@Õ>L}R³ihs7ÚxæëŽl©¥šAªƒp|Îå¥5>gÝz?;’CƒŠ=u5åÂ\m½W¦~ãÛ$éï/ Ç³¸ûÃÜaçRò±ãÔ¨ÿo¶¦šù{%`Æ¬³üÑ” ê]õ òÜé D<ê)¡I¼:çOÁ_ó W#nˆa5†uhÂ‘´—>™v¸”ŸE-;:x{ÊÖ=ƒr‰„´DžÓ…Ràø-çÜ.+9§~`_qÓ™ F ;n~.?ü,¢ËŒJXpMrúûzÑ"ŒÓ.g%ÏÒ÷TøúÌ’x)°6¸=Šg·”èõXè,7CnºÄF"ã€‹˜œÙO¢Ý·*c¦ôo@l*‰0Rï.:wHöß¬?_ô-ïÅËUa.ÜHê‰h2mš*È“<$7âÉ#½Ó,z¾‚gß¿‡Ù¿,A²Ú=g„¡>IeäKQ$Ä8WÑÎ%õr®*?Ç©9¼[ˆ>,€íY>IùP´|d ôÅî>ðH%Të°-àŸ‘]«!«¸Å›Q|ê†òË)ó_êš/;NäGËß=fšØ ”ì¾·uNËŠ·lé¡µ÷ýúí!@‰Cb¦ñtìíº)~Õ‡Õ¶‡âÂ•(" r1aIÁÛ!âÞ{vKùGÞú 8š¿¡Öý>«Uìñ®3ýl‘6Hl‚ßÅ½,š²DeŒÿ Å£?˜YþZ¨a~sn·h-¶Çu*—2·yLØtÿÏ®¡QãªvˆáÙ”“I|W²ø°6-\ú2Ý‹4ô …˜óÅ¤æúÃ@ûù?w·í¿¼ [þ³“\§zä‰4Ð‡ã#2ð~Ð©2ˆÏ1ÎÄ’‘ÈAk7p'Z—ÅÎ½ãSb §Ô ©AÑŒÕ\‘ä‘ÌLu…wIò7Ýü€C÷%NM0/Q¼O‚hüÐ sæ!]=:’4Gøÿëä|ƒûß›Ï†¥¹L¥OšD]Ç`cf‰œqÏ%™'’³O;w‘ˆŽu)pÛbXœ¿Ä V‘3Ýê Ô*Z‚;^ìÐE³À¶Wþ¾¾{õOãF§F}š†Ëk£R,€@9{Ø;ü×Œ’i¶ÛF)_Îìš #4=þ-›²ÕŽo·a°‰ø,h…½w²O¡Õz0iÇ²_¡gÝ¯h*;„†'ÍxKõÐËaxVÑÿœúÌPê–Î¦0Ç}ÎåýèÍ~hc„ G°º6g‘`—Æ³:]öF œp?šõ¯ˆ^õºÁ¸†}£öut©£yM«‰ñþóÑÚˆ¾g{cCX-á-Çš ~BX|°Ph ƒˆê_»V7OŸš6³EK•Ó9›êTÜ„tn+=¯˜;îïf>‡÷4M9ÈòBm›‚SÃU@âÏûÔúšÉäx„û¼KGìöS÷WÈaWËñrÔ˜t:Hã1‚½ÿ.wüH²q‰¯¬†'… …enoÙßÆ¦ËšçŽ»9áˆ×@Ša(*ò!šá<[›Ò5îÜd~™‹‡Ãx÷¿Ô¤ßC¥à/Ëì(¼ /ÝPQÿ•ùHQMÑ•–Ó6Q“ç‘ýê!…ÉÏÔLl:Di«‹ü]55øÙÙ ûX×B"3Þ‘ºÏñá°ÃÔ`^úA´qÍa³ð—„ (J}ã¼zß$9ì{`µûÓ,ã³Òx]"‡7#-1¨2¸6m«Ç´É¶0š³¹4/ìŒàé™¼¨‹;djŽg‹ï3“§ÿ¤›AÚ)"IÎyDS2;Ér‡ü¹^ò‹ sáør)éÌúÖÜ²†;-à X ƒ7»SRSKQ¸Àbûqõulâw?LU&¹@ýçÌ28·¹‚yŠ™y¿í5Àqùcå˜5Ö~Ô_›GzJ+"P¹—NÚ´åÿ¥hn(ÉÚc3ª¢‹¨Ð”YàèE¿ =8‘²¼óÒ^‘o) 7i¨%d;ßîŒ—Ì›^3`";:2”O÷ã²†Én+¯%Wµ·Ìc•3æály™ÙL Ö±þ‚ŒÏ+™½˜&ñg¨±˜GÏÑ¦2Ý¤Õ lSÊ×H†ãgö¥{½VdsOW5%ÖL Í^I~‰¿ÌIêUGÿø÷§·zÍAäÊÀ¬"álg°*YMÕÉ‡¦%t±à†£kÒÇÑ?¶ÜzþZ¨Ç¬ ® äb—ua,ïh¬4Ã–¸y·$a~…€+¶ô«aHœõU´Î¬¨íœ’¸ù¡$¯@ÜH@âˆn½‰hîU8Çmbƒ /ÿ"Qµ™z shºŠùþ)6Bä4ó…&ÊDßWß©‚æK+Åco@YUŠÿ¶ÃÚ¶XÒx£¬×¶Ý ñx£M%ƒÒïº*á`¢?4{æ—ÃmB%ZF rï$ëx¦Öè>(sD))¤¾Ò¹o}KÉê“aÄÕ†îW›.»ñÉ3>ê}ë+©YH›p2Ú{³HôWeQsé¦Ö ÛêÓŠoû7c¤ºÓÏ7™`¶A(ü7ŸÛßAçÕ• ó¯NÍµ^ ø€qœ/]¸iê)º:ù¢B@|4‰^½n8z¾LÖUåæQ ÇR€QiPÝZ”ŸgŒÁ ì¿IE!‰ÊûkK^iö¼ÛcÚMëåUÈ/ û4R5†0µPÐ&!7Àpg8›ÍÄ%é+U8i¼<èTË.zéTœÄØ9¼_ÛÒ«-£˜Fö VŽb?¢)ë€Ìš|X ™y#s-¸=ãïõW„Þ!_Z¬ùðÂÑêH›âsiÝÚ±ÿD"äËnpiý’`^£tMÖ!j8èÇ,#°1“A™¢æGÂ”bÕ6'?5»ß³&ÖÌ¸.rìšœ‡^9X4¸Í@Â²¤âGþÖCÚîçi{Ïm ?ÀìÝÍ3AEÓ:á§ÅÃú<+@ãÚpUèS¤jé–b5†Ö#SU/r¶ØèýÙ7YA³@·ñgÑ£\$zèŽ£*§#K=41çŒ–;¬z=2eÎæ×DáÒRêiTÞ&túøm@-MC¥ÿÔa#‚Ä»ŒQË#I:ôÀ–º™³mÕQß ±vY'³>ÐuýàõX7£øðšzi<>ÔYo¦W¾ÛZSQ»ó #Þ¾ƒã¶Ñg<¶:¶dÂ‹ªþX-C5Õ>IÝw¤Ÿ“õ“ÌLJ¡+.‚jµ·ã"^l6²Þ¹øèìåQE¬*[ZÞå c ˜Üã¥_Dkíl÷Êõ¥o \m"`Ÿ>˜â‘Õ®¦º´7Ôp5„‘ÙJA}¯Ÿt¨Íªö¥±£¡ùñã@wÝ‚‘m„ öêÈ.i„às+:ò–H¼»íLJGÑ€eÇœ²©Î ›×–J4@öV¥{Ù'Î|ƒ‘÷POÁUí,ÐÃÂXrDÃ|%™¨}g²v\b@jX©§@=îÂÙ] ×Ä-Ò¹4-táò© tµ^ÈÐò±Ôœ•«úu;÷‰°ÜïM*òu5.'JÅnÆMßíY¸Šþi Å8¶Ý07'Aƒn'aÆÛ&ÜNwØçá{áÄEèß±zô+‰¬\H+Ã4™FF®é¸ký×A¶õÏ\î-×·ÃEÖäÙª¨ãwQ-EÝÎÊáÃ{¾Q íáÃ f}E¯ôôó¯Ë‰h@ÀåÀy<¼¯î4¸dc$êKËµj›6Ûžîñ…Û’ZÂ©Eßªê®V _yË¿J,;Þmm¤Õ;,ÞÀJ£m”3ðŒöÎÅTWÀ£0j)(É•î¶Æ2Óº¾,rîá ^:lœSÇJ*’øøY‘â¢µ°BƒÌ—©<’À´‡L Ü£bD†Ïv”gI—ëìÀMÎ»?:çÓ'zû,~ñÿï¬Ë_0£}Zb‘`˜ù¸•Æ*BŠ¢ÍlEjíòN“”X²ƒ)Eåhý¦·NíæR£D§ª>lT•´ÑP§i*°å‘Þ;ïž“ø€zž6Ø ´k’?óLVœ@X‡IÞÉ4ªZ£ftž¬e5×SùE?øóÉSm«†‡&ý?FÜ5ŽËëÔÓnå„ÎÑ*ÔÎö¨ip¥3^"¾G´ê]ˆØ” zþËñŸôÁïMcIÐ~ÈC€Ÿ±5—êáß9.éË16*ÀÅ§N9`à°ã¹ÇwzÜ~7Ïr;`bØÛÜa‹ç:µ/_±‚1|Èµ¨$ çœè‘Ù©®=,ëkêà:Ôè-™Ò"½5Ûxº=õ¢‹JfIœ=ÐÌè·1ò<ÚÔöRw"Æ`?û€Ç*e\ÓÑ5…?³¶á#Œ‘ž]dÎü.×‘”vófæïzÜ„|ïÈn†×Ñÿ I·w{g<å›ˆO›æÅLyQ·‰€õ;8H;g’M;E›ÅW£¹2aÈÕ„†t)¢]¨ù2±HÒŽ;´Kõ§Yð¥àW /[•JNôßÈ>/ä j!9€Óhu`ãe3ÅÛHõ#Ë9Ñ‹ý™"é<ø}m"yU|ž¹_ñ7vÚAè’`í1¿ûÓZ}ÜÎñEÃ{²ž¤YLzC VyîsE#(tûjSùÃ½>½:)Ð³Ù3©p82¤2>`=Š)¤’„bz6$!Tšú–‘Y5Áá¼uA™µh˜Bã]h¦¨Ýúæçæô¦òÙÙ—©(Qk¹€÷a&¤K¶ŒféR!,ï NŽè>÷Öy(MEËƒ½Ôt~m¶–„®%'•‹¼‘3rˆ7ß¬PìR™šÜüâÔð½¹xµ0hFÌ’ÔŽ5‘ç9¹¦dñG—®AÁ8mƒ†žòÈãë¼Z~x{VM•X›\ ÷ÿC¾Ü:éWkŠ`ð#Xî «d—K4í‡þ5T›`˜²XàÆ®Ã3â©aSà¡š7û/wCxûÆ8á–@Â3CÀè/¢˜w¨OkŸlêZš«ª[€?9±¿¶Æ®Ž6º½ ¸Ñ&%haõ4q}n8ž=A2X³³µU#¶êwW…\þÂèëeø›Š‰ÖS¼®C•¯–Enž`ü®¼7ã„TpkÇ³µëáA»Hp#Œ¼Ž™X /ý›â§¶KÜìÀ˜V~e&ŒÒˆCªà˜b„ì÷‡ù·æéo·í]šT=(ýŠ½àûO“Ve¹ƒ;<˜j˜"wù/3DÜàXS°r“Óƒ‡·mmà›L!Åcƒ¥Ä>)Û”Ô¥\h1#ï§2ß\*[5<þlIøWJ¾1æ+Y¤÷t6®ƒ£UvB˜GK(î£oM€¹È'½'§Õ•Ú2z¢éfç(öS>¼—&zHçNZ´iø¿—ó2³„l;Tþâ¤¿QÑ¿ÎÌ?Ïó®¦¶(¾â¶¨×³ñšzTY«ÞšìÝ‚y+÷µ„ŒLÊãkÄÈ„«C‡ÒH3+ßpVawßiÜÒ¿nÆB`ŽZñ²ÎbQöãü®€næû,8¤ÏpZúëw§øKçt³•$©›V,æýêÓ:À$jm)³X3êÐÈmi†•köu¥%:¶o·óP=ÌMš$^y$F…õI´ò¯¿õˆŽS©M¸’:«©Öb·“Ü ¶’±1ëêœ ó¢û¤æ`?¯(;ŽÚã3EÆ^PGÌV––ÞƒN’ÐGÙœôn¤hFÔž™$‰×ÖÌ÷Š“0ý¥ãÿ”M4âfR“b«,ª¼·þ9â:ç°ÿlãÊ} ©žøÿD©2AÔÇº´Ÿªñ:àÊÔ-ÁlÑà Ji¤^Ékô cÔ”Å.ôµ÷®éd¼oë¯íB‰-à*úEÁ¤,´D,èL,Ñöƒßdú\sGTø¥ÃeœIÀLY/d“Ø¨8©«Õ“QeŠÅ[ÄÛ-YÙçŸDÎ;Ì°CkháŒ§&˜/Vð—½Âþnâ^”'Fz3ú¸‰mÁ²§ßq;7îŽœ¹ÚîéÆdÁ˜|Ól=·Ñ7œ$¬êþŒ\=‚roÄo<¢Eåó«_ïùnàT8ikú`°÷•Ä9©óÙ´»&n-³)ÝS2ÈfVò•I“k3Âz_+çJÒGIÚŸ d Wþ{«rwèÒ3[ì™ŠŸñÍä1AE´ ZÁ³»F`«Ù0‘ÝOVúã‘ªuHêlý@‘¹Ôè©¢ñÜ—U8l¡qÀ’ÀRŸ—rïwþìÀŠù/%ºdjó5ø:8|¥ ãnÏÎs²;™£]u}W˜ìÛ|qiÜhôôríâQaHM%Ž_ûiošæA`«´aYzDFï,=@`ÿ4LÛ¤’ìÓ=¨«³¡ÈoCÜOqò ÆP\Jð‘‹x8—;åö–|×[¯—R¯Uæ(È$Å…Q:p•«j!®tŒçŒæ 7ý˜u€¯F|s!-ÞEÉ#M¡m=MS1Í©.nAÜÃIßˆAx:næY‡H´®_]í~OùÚzêÓÂ6çªú°ríz§ú°ùAƒ,žÒoS~+y]¢ûžÓ>£–¸62‡l¡ªSìŸª—ve±ñ#àu;·šÆvP¦÷ëlØ$yù™%Šìö¡í"ËœTX¶ò}®”Ú¥Ž¡¶KsKtÀ8Ç2ï]—A×ƒ0‰ NM—›¬µ×ûÓfª]´,ØœÉŽŸùYõ¦Z3¤ÒÕoN8èë v¤í¥NPÃœSF_3ç &¦Y°†ÌqrK}þM¢ÊÙ®£ðˆcb¦/k¾h`ÌG½M"Ê’ÆÅ@Wæ OñéçAÀÍbÜ:?ìD¾¢z]Ÿ""¯ÝJ8ì²¿Æ‰Ñö¤É òaD¬G¥…%Ä$ëî»“ënöo–jçÊý€¿ÑXdˆŠCì¿±uEÑn˜ÛNÂh_Ï=„Úž@uÐH‚Ç¡Æä·Ôg‡–IÐw@(¼IÎ ç¬`Ä„sÔl¯Q=9·ç b£ÅÏ(/È›P@çÅ?!nGzÎ-CmÊ}s‰€ÿéø0¢üøNNb›\+´E…)Zïß9jßØ®/#L †ñNSì›àò‘†y`ðS¼‡ÞËR1ÒÒ¬g+™‡0Ò†ññ9IÝ¿¸Ï€¯"Àj&ÎNdš ^ÅCm%EöKÕ:n·®Ò†ÎX z‰ß©˜ªýÄl©ÑÞVgdw]TŸYè¿GÜÞ%ðŠ+Öµ™Ø˜îP^0ä¶ÞtÎ\ÝE9SÑxUnJ¾ÔF×AÏ„Ê;qó#?U¿ZCÑß.{[¨ }i'¾SûÌÑÚ;Ä*÷Öûüx&ªýÚ9æÏî¼or±·Ã9 ’Ø-ôgM÷Wé(èÏˆbXÝ0 ´$ôÅ©.¦šEÉÂ™¡l”XÂ„qt¥$Xï¥aê£ šµb<à ê—AáhÅ™êŽx˜Ÿp]?D¦—0,ÄÔ±¾ž1ÍthžíÂÏR¸¥]õyà›.ž¼î?d$¯éJ°Ù#fŸÝñ¤ý£Ò#UdœÉ•œ/¼´'aØª=±yßþjaÿü.ü¼E>Ó‘±3á‹MíkýT=Üåå‚&ëËwŠf© ½ª“-ÆXOð#:Gd>ÚÖËäa×ºð6=»;ÏÔ«Gq)‚Þ Â$Q_R²âl•s‚\§ƒV.]Y‚‚ÆIÇ\Øó £ÌM¦f[ë¾qaÜ˜]±“¢L’mÇ8<Ö·‚…Ÿ¿Õ–ò6Úÿ¤d(*¨øêþ÷¬3áÐpîŸ:µÁ?èpç¦òÎQSRsö¥Ø˜îi dŸLBg‘"3gRq}q(ój>!t‡aªÄ‰4ôÀ˜uÚ;ï4AÏMc=¨J½Mþr÷XH…MKÒQlaEÍbwÜM…ª*½íWš×¶›¬co»Y¡ŒuiNS¯ªmÊè³üð££ü}»ˆôdï˜RÁ±·ä6Àg»Füf«ïD©^QÌ˜c,í‡Û!ÄJdût«9¡¬~õwª EAAâ!ðœÃ23]â/ÉsfB¤Ÿò•ù3ÆCÿ~Ãì(|x hŠåDù–[ºO“!f’ ÐhlqíÅ{>KÆ4è#ŽóNÎßêãiª+J”Ì ^ÄbÿmàºPöo%RoÑ>¥lFè`%×Í"rÔC#Œ–¢}{KÎ,Ç¶ñg¿·*Øá/·ÁÓ¾ìÛ;"¤x¸ Œ³šÉàa¼,Ð¨ï‹÷äûðëæêÛÈÒá’Q,lOãÚ”6X/îw>oüx+%²ÇaÍ”â²`;ÙšUZ2”=ïµÍhñ_&[ÐzB¶òöðrêÊé)ìILv€Ò¶»^Ì ÆÐ3ÄÌ5w›<8µí8‰™Y¬/ýÜžäªÆpB—çvY™WÐò†íXáFWÏ±Ók××‰ÒÆ…a¤åvDžyk{aÞ›õÂœáñ~GýçÆ]bÙ·°Ù•öròY–¶Ò‡£È§ƒ ]á¿ñÔö²öQK¯L0Ø™•ÿw94ü"…Ÿ™é?î Žh8Ò7û´‘;uº¨x?ÀÖ€££ñ†ÝUJS¶âV@‹£§\Úº/$!Jð”•'‡D¬€Æ"%Ô¯ÁÇÍÑjèX*xG€s¸`'A~wÌl-Y–“ßg æÇ¸YÏ{Ø‰Èa´s3î[¨¡EA›ïöáíGñä¤úà¢½ð *¸ÔŠJnîÛöóS%åÛ-PŠÇE[–ÐÙt"–ÖÎ!…Ktú™úåhSá•‰ò©—7:9‡R)4ÌUu«ã¬Á*œIÁNE€>^I=XàòPDm(¯”þrc°èoÐL°ku¤â Oý®]´ò½ƒÍ’^ZÌfÞ˜ŠŒ]£VÒ=¸ý_Þø„žYÂaùçÒìfqì •ý’%ŽÂã1‘”»:ä+FdßÞñSªíÜÁ‘³Jü.ã. º9Žº¡£“¨¼<íy¤äàHy<Î\µÄ$¬âG½».r6ÚaŒV>ÒIÀoŽTîî³ƒúB¬?AðJ·yÝ‘.°tÕw¼ìýÑ©àÅ_ó´1,øÓ"¨ÉNÅDê…Jˆ-ÜÉÍ4œ»ÒÌ{…zý‹±ÖÖªf×±u™Í.'³: Ÿküqæ§ÅÞÛ~Ü±ÑažàHš~ªcÂÛXûÂbWK§h’ç sÛ¼·J¡Õœ)ÔC9,@ŠÅ B;çáN)wóSùDpÁØ™'Ü/qÏ‹‰$ˆ Ìît–»å¿\ ¦¹1¾?!U ¹×«ÓŸŽõ˜Î*âÊÙáZü›œ€dNÞŒ¯g½¨Ú`âùC™0<½xVBÆ¨‰fÄ¿Œ¡Ç±÷^¸Ý” «aN&CNKˆp.ùý„Äp´²å#XL{ð¤ø¡}IäšæàÀ„©òPX…;rŽ5AÈNÒÒI|’]\K)»A@;g½”¶Ã#.šŽÜ=äúKBú¡Ü©{…\óB\ èldò Š4Ü¶IõãÀ`V”½»B©sæùô3”aàÑE*ŠS0“ÿÅËj»lÜ*R+a4ÀÜxn×SVˆwx—(ÏÇä·öÂ_mÑÇK‹há]Zƒ:Z‚%<–tn×B5‰q× ¦¢E(m.ÌÐAÎ7Ó®Ø÷Æ**ý[Úº"~ªÒ÷!Câ~“….ºa÷ñu‘c²è{FÏ®„Sœ6TÂ!N9dw/æ^r‹â}~A/'}[ #N|Ù¨T²ìóyË2ìÊgÔ¯ƒ÷¾{YI×]ìmØ éä9ãÔ—Ý=þ<~Á{±Z¤&zå¥AŒ+èª[êˆp+pAáWi¨m–»8Åª<ã¢óFm¥c´·e‹óšPæŠqMâÝ‚ßr!&1*‹™ª9GÛÑ 9¥ñQh,Èýahà(¶lÇ;þp MÓe1¹wº²•[œŸ¤1© µ‚¸à}/uID ¨WOw›jGoÈ·qËrsPÔ%pÐAž` Ë9Ú/³Ûœ¼am‘œ7 {éüfy¯ë!F ."ÑòÅ¥òÈ”¬ŒcÇè² Êvk$X}J½ÚTRwqÿØ|-mªÝÜ6H·„Xå†»üÓû/gõ Ã˜nLxêŒgWù@ùIJí‹Wê‹¶KnS—6¡¨SºŒÐ‹ñ4cY %(ÒñVÍ*C|¹ÿ™ˆˆ©„6F©Ãb_ñÞ…‰Ï|ãâañk/®ÖŽèôùØ¹ücslÔq@¢y&§e(!µ+æ}½A¨r(Ù gNóŽïÖ;†Í.Nç}IùT£]¥s²Y!&}5gñìG„ÃkàQo×V…÷ûèùÅ?³r<ˆné|ø–qÀŽ/é1pð®Å02×‡›}t7ˆÜ0°À6Ö^m$%2±G¹ÖšS_©ì²t¨/0V|VïeíÁEÝ³eÞÍô)27ôæ&”`‚äð»:oÝõòµ¨™M…ohýb)öqˆ#œ~uf—ÍkˆTó/ƒÊà®êøœù’ƒÍ/‘Ï‘)2§hgÐh1?N1ÝyHÞFc§«¼gªMÊ?4ÿ¥W÷ËSáËì¾ì/^ïÖÐ€ý–®%µ§ˆ > .Î=¼…0M0'NíüÊ=VÃ¥(bØîD7+PÞç7=ÆrB~„ (¾nq=tT)ÖA–žö¾Z–òº»7}Ü1ÉJ²êŠÎÞoÓˆ·öïuÈ¥vÕdp«K¹LlI¥àûÏ4SgU‚d$dˆ£®Ów ®¦ƒƒÅ[¬§èº®d³h™ªš¥}ÖÒæÑüœ¬ÈñÛD¹’°DdÄ»oÀiæÛ06D½4gÿà”À,Ýæe½|*tá®ŽÕ†2ìç=èc™ÎË€ƒö·Ô(üæpÏèêçì·+W¦Ð”tDÝ×chsð 9fÚŸq¥ŽˆÔï@'L—îA ¥õp4Ž1æDƒ^+ ¬w€k¥(ÌK9.(´‚E‹9”ÐËZÞ·Â…åifµ‡F»Yp:g¦KHp%gXv—¨ÒÿŽ9’Ad:gç«?"íXkÚV #‹î)€{žâžj7þ,ÿ=>·TtFóGÞ¦bX»Ù úß„®”¿óºöÃ–|Pw e¿‹ÎPo“ßši Ë>â…kïIDn,É 'ÂxŠ¦jÒÍ–c¦jèá6t£Qb¯¼urLß©©ö²µsZ£ºlŸÂe+Ë¹Ã8C`f7†8j–;dë9Iéªˆe·ã•Kº“ÅW¨«{Â<ÎÐPæÛ¦A"¹("†äÜØ©rpç ‘ƒyôG€À!y*Ð¯s’ylZTùöë“ÿ±áY|0NóSøÝ[õ€_mØ,çø <¯Ù¾XùYõe¿Þùeý¼ß'¶<õ°"em?;pûøÅû%!š×·»AÈàñ-Ï®i±‡`6c©(ätÛ q•^MV7ÍQN–}%ÓÎC`´)CqÒÀÄI3*8²YøG~i5¹°z}®zÌï'ÿ°’‡D’úšž.ƒÁÀÿÞe$zÐèQ»Æ2Ö } c ôŽ›Î‹ ¦oòè.—E»~¥w]àž¨œÀY$€¡ÛÍíØmŠƒm«Üò\´QsZ†:,QHHñÉ ÕßövÂL Ò H))4µ¦>®zÔÍs5¨iOCÖÛ..Ög˜"±‡û*qb °{<[Ú¾Îe(!^¹ó`”N”v+åõÏöÜ4ð®)wNÙìuNCå|—¬5ÓUÛ›ÀùM>æ©™–Ðní]ÍÊÈã¾É s!œ÷Òìúc›13$rmåýV¶Ò!U?*ñC°»zxÁ±Èh‚f¸(E«À"ˆH&®ößº¸N =ÖÜ„Bœÿ…„ó-é’¢W–ÿÑÛËl»]’åù-ê°áÏ÷Ÿó€ü3‰È²T#ßHîcÄí2[é§?Ne¨èúÉz¤ÛC”}§%ÛH³üuG@MZ/0$(-kvh÷ÖeÊX¾¾’"çÆ×É?Ï¥Ålt¨Ì\=O)2Ô_‰ZòÇ_‚--â7âôEû/¸®mÃxMÎe©\ã0÷¬<¿ÎÛ(¥BŠÚª/Y‘vìZIP,%YîPÎ¼O„è’-à (ÔeÍ²{;Q-ýîF÷÷ùus ÕeðÿEQ}Þë+ä·ÚÆ|nRpb¸Ú0ÏW¬ªédÆªx)B¡AÞ&»Z›}àsÿp×2²tîÚ*añêß¡õ!ƒ£‡tk©Ç.d t¼Úøù¡ÿˆ·Xõ/Nx›_‹²•íxtŽ$‘†¦/V²E³ì.A<<™ijó”‰£Ú2+ÃÙJD¸ð³BþxoÝ0ÿÓhPø J…sL½ú°û9dSÈCÒÍ:Å›+V©Nq$'òš§/¯È(µ,hÉrƒéœ"¨Ã¾7ypâßÝâE T^l†æzÊ³Ä·ŸXjlœ‡ÐíI!³ fnlSÎ;ÇªøUÜw •žVjFúkÈ¤F¡‹L2ÅÈßrëU.Šºl‘jš_˜– óÕ‹@ûïKº·eâ©í5ÅÂ÷MåtH¿@¿µ†‡YÐ0âù°ÝV÷±ÛÑš%àn¸?AS»±^l«9¼´DÃÓóm“-Øu.æ©ý7ýBÔ´Ä$´2Ü°2‰N9Z/¹E¨}Á!ÈûfQóè€ÕWÕ¾:U[â¾ÂáwlÍ÷Y9y£Ö”~t„Ò½¼¾ò:¦Ø¬úði{»IñÅKÉ³ìè¼›%¡¶g«ª§*á5}~]îSöˆÍ@†®€§4•N>³ŸQeM¨ð_dP8íêÆ¸Bš…·SïÆâ}Càx¦Y}O‹ÙîóÂb €–ˆ×œC«ˆ>½íû”«]ÍbÆ+Vq}e#öú¼Þý¾ÍìS —óLR”¶c‚ôÿßÀ=¦9us)½{gÔ`U5"Œ §H¡ímö ž ùÔ»ÈÜöÓüiðuöérÔ¯0èL'sït¯Ëƒ¿§Î™@X¤]UKAL³²h*âg˜ÿJÞ0Êü¬ðõN0»Ûó§Ã+:^¨³pÑ¹p˜ „4ïê+$Ê;ï±÷øòSí¥l t™ãÐÑ0âó‚µG„Ø»£öJÃ¯Q%1!<æìc¬¨NÄŸç]ÓnJKƒI5c-ôÄ…»6.€N_A÷·ÞÖÉˆb©CŒ²Þa)¾ÿäÀ`}YéäËy™ò&,{G&mé~ƒ!`âû+ï7`‡Î²u¿öÙÓÃôõmöšRdccöÒÔÔþ2Íâ÷ií>hU¬¬\Òj N> +¢/a‹åV¶Þh CÌ“ÛBÆU'¬±ð3WÆ„Bc&ôìÕÁ?@ÜŸ‘‘Œ²VÍ–©LÑdÖ|Æ!S‹êåB¸sýAM›S©È'hAj¦îDm >-îãüN²TÍõë ,äÿœ·‡FÒòà 2IÐá„âV’Ãåê35ÁM^“r±õ:µA$SIC$½.¬§ÕœÉ¥fnxÎÑ:;sŸBvm‘ºm¿¬²Ÿë®©<=æù?0u‹ù·–%[Q†©9,bóÆd§x,öMâMÇ4zã<öbìßu7¿Ê×a•ÞT&ÇÄßC«£…Ï<ñ#~×òN ØÞ×¢FµW"‘Ô5€íÙÕ™£F=Žcˆþ0`UË½NèÃO«Ê{•UêþŒÏ†¦pÕ½ô`e<Ê2©Æã‹ nµïŸæ?à8a¾qr`¯»é0¢TDOÖxóÁ`7_9u8ödq)³ñ…ÑR šè§EÅ¼ðISØqX~Œ%ŠTý¹vÅ8·Ùä)1¼x¼LÃKÍÒÞ¾à£‹,fg[F¾ÃCÖÕ•¬íyŸ±Æk†”_û¦ó C)h¾6®Û“Fxc3ª°&Á¤¡¹ñÐën!|H Ðk[-“æ¿/çãt'¡0áëÆ.Ñ Åo4·¾€^hÒ§âTPy©N±üQÉÎªw@0Š{õcHÝ4d¢Š ó•l¯ˆ¥™‰G·XùÎšàû L¡Å‡³FLêíP-irt ˜íÀ$-w#uîfu˜ý|6S™¤ÛåÇ3(0ò%„UéSÐúïðBn{Á‚HûâýcD¹²˜mím Âa5æn>Nœ‰é…êDÉ¥@nwÚÒEží\Ú›_¨³×Ð"Q(5ƒH5(’»Äé%ÞcŒÌ!r°nBè«Yr^Èº*KY-r_ÒÞ ê®°¸ä‡ã2@_`QwvÖ8Û¨PBÙ'ôÙ¬´s»V”Ã!P¬Ä±'tÊi>˜iïl®vtb+H¢Ùü2Dz‰ ¯ˆ»D9“Zl‡€,jªiÁÖ¦ÖV²ä¯#q— Ù"j!ÍÝÔ”#¾·]ïÎ¤NqÁÊïÚŒ‘Ç I1»Þ@N¦6(]Ñg°ëöiÌÁ˜üYö÷Ì&†}nßÄÜõ½Âdõ¬MEgŠtækˆ›(Ç 'êPú²½8‘ÈoØ{ÜD§g7žª½ØÞBûT‘ò¦“ÿ`ô‘P©MAî“®”$bÃ ûšú ‚kÛLCDžÿ““•Þ<ËmÜ µãá8•(¥Æƒƒy1Á!î È>~²ãÂ4ÁúÿTÍµ r÷¾½×¬~[þÙbHiå‹ÆšDxi)áçG Þ¾Ö%IFÙáòµ ŠÑñ´FqªÅƒ1·Ÿ\ñßÐ„– *oîS—>AÅõ(·¯6þ£Û Zv‹ÐÝ2ï´¿äs&ø¦ôxCšIc-£ÛJÄÅžˆÿnQŸâ_4%™aÂª—!8ÇaŠàŠIÛáÃú6†®Óƒ×Ê~O-ŽzµZù%U™¶qWˆîù…0Íí•*'R,ÕÑJãZgtü€)tlSG…7´*a¼O!º{–ÿ`i°dö¦t¤¦pé JŽæl=•âõ¹«½_ÁMK&öÅ[óÇ ”|<®P¹ù^i³Ú4[6›¦Ó&hµ$F³;S³GÛ&C’…mÁÊÉ Nä©êúºc2@`Fäúî¤¶ú–#€E÷Å‹ÇÇo?[¹k@H¢ÚƒlXöž×£¤¤§X@ÎÄ›ÀŒÔ]°G0sn2ãæk•ù$Ë‹ë&Wø\;r¡Â¬åú„ZçOß wg'îÐYˆY—T:!êŠ¿sàa®»Všò:¶›Ï‘Døü«©²žöÆ#1'ò¥^ ãäÙRyÞ²áå¶Ÿ 0hŠ¿™A²iþ¢Šd…«ùõäÜü U‚Q)éÒY°öt27Z¨“!&¤Á(c3©$aD/|ÈÄaîÒdÌmyÀ=Diäõ1²´xñâˆðg^ ŒÂçÝho%Á"·ë¬AJs›Ú×_ë¶€‘~¶Òü¿žhû#~ˆE“Ìê%'ýyIé!¤S¡Ê@Ýýb|…1¬9Åíß—°avW{K*¦»Ãõ¡‹‹ ¨—ËOÚª¢—±—PÃ2KÓ|!©LÍa†„ OÀA…ðÛêÏz=9þñr›Nef§Vs³H`{ië)ƒŽ¦F6OúéÓ …inâáCbÁEz§Z1·J7KUµ±Œ> ý6âðlÖËo".¾ËG%½¿úé¤ýáœÅ·áõÛû ÆÒ1~ÈøI.tŠ€±÷ºæµ ÄpÈZ ¯Å'èü ¨ß™Ø-±õŽÉ„êsSÇÇ¿ãd¤ŠŒÊ-ÆFFšÁh + ú ¦Ê ú†Ÿ^K½yÃ‡š¼-áÜ>ú”ïH×§ÞÆ*€â|ð Å_ÏVõµÌqB>°s-åÅx–Úiâ³°4G,Ÿ¹‡„ªƒ(|cœ—Ö2.CBTUôXt#$»ÒðÇ<à(íyGš©côT4ª#wµ‹ïTã–}Ô&×U‘/:-€R«›GðB¡V¸Áà[‰†‚Ë…ƒ´<°Ñ›Qôñ_7ç2œ–}»çˆÏ,§°Õëç`$Táãü¿‹Kí¤qÆCÈ ªÀQ6mqû1îÄ°Ðcv@h7 µ†›{®Áá+ièj÷3!T;ß[`sH¹ÿn\p‹7§®Uÿà¡ðWS-J%B›ýOYWaBQÖ@B^Þ¯@J¹ù³p¶É”„=J&ó0aÜ-lë.…ÊO•,«9ÓëMäKy£f!í,s@0¬—~¾Ü¦x¯Ý\fŒŽë#yOÉò)Ï<-òj@²Ãd€Õ$Hséøw_‘ 3¯œš¡)éêÉkü†ÝõÁi¼R/*¶æñ´zA=ÞámgçSÍ9èªl-ÃÃMx³š€D¥µébìŠäA›]ÖœKûNýšÜ"BDÔs¹Üí-ë)Ü½ ´Kîàw™Óîµõ—LÈUåü…æÁÎ†y¬r÷ÈÌu,ß}’¯´(I§)_ô4ÝÔX19«Ì}%Bîï»-oiw4CøÈí‡-ÿkÙU:1ëÈÇs‡( ÷XLó©NÚzÁ4@+»é°†$G©ÏWØz/6²”CŒìj6ßÚË(RÇ…3ÛýcrûëLÀÒšŽ,Èþ‡È ‚p‰&>,‡Ú‡kñx:Ú¿--p¡öo+QqºË"äC)ûÔOL{ö7¯è•¥Ä¬ºg<è·ÌÃ!TmÈe¾ô&³N~"ÆûSÑKS“ÌœðOTëµTHÎÐy¿‡ëÇ²òØÀÌUkMÈphž…àÛ¡^p_ÒûÝ &ø%(-ÀAèÁü³T™¦èØB…íSdÚûZº«š|àŒH—É]¥i_Ráâ{’Á0®\äd0¹–Kø:²Ø‰ç°é«\JT·>œEçœšÐ`'Á§’Á·¦¨åÞ"oÈÈÐêœkîÄCÃ.MÓ£øû|»îâ‘@‹~B@KŸ¡“Â}PÚhÂûÖçÔJp©v$šXÌV*¸áöƒ£~=¶í˜p{§I.4ÉÄ=ˆ|a7Ä¶™vÆëKÎb¼ÃrÔKÆ{oéL$z C·†këBpôÃÞÝPÐsÕñ`‰{Ì9n&a¾=“œ™IM%K>r:ÇÂÃÖ÷¥ÆA*ÕV¿Ý/bW!BÛ{'|^8]^TwñÑLðUêÛ¼Aú¤€rÓ!NØZ¬m+0ÈŽ7¨ø7Z¤‰AvJ¾æ§_[J½v¥ñ¥T—&ÍYÿór C´ÑLoé×ð%™£{u‹›õ¬w™,“/oQØ^µ¯W>ÔÞjAo%†D›vc~5ØQ` À.õx‹ñ—z]Õ4ë£šVªì5Ðp=:C —5k¤4¤¶¾ZüZ7/¥-…3Ò½«ƒÞ¥çPBô†bX}[a >À÷É;oÛ‘áÀ å<žÉ5 Pjk?‘cdWÍü†ÞkZù£þâg±ßµMìWé§q”‘¹Â0?ªâ^X‹<¯uÅ~,Ôˆ]üËáç¶…¹K´¶Â¡¸©.Aˆ‡0hk§'ù¦âÏ¶…´Æš†Z o£p'€ú‡º…4°LãÂ7g[+ò*å{ŸbÏÌ5þ\Ødè: Y›{ï,ÃJ^&C{¼ÇÝö£ÜéÊ žãõ/S Ð +?ß4Ùä:É-=ŒÓØôG.$(p3FÄz¥Ù–)ÿBk¢ê)‹F.Â?Êç4Œ*k4ÞF^F)êâ"'ä~b¤×øšêGM×}c»*¸vt²W³ 3±Ý;CúEîìkw9Ó*1ÄÈÅÐ#|ÒËŸˆ7Ó|Væ™VƒÚE3áŸ¥ "þ™9'°tUªêRcEçœ‡nüWÞ¥ôå&Ué›z¸œH´"“ÑI,b |ÝÕôk‘€:[ûèÒ{[“Êmh¹?‹ŒúR¡ß-ÿUÛ, MŸŸ °]+|àF–Ú}{"ˆîo÷ #[^›Å€Åã„6›ºæ³»Œ8&íxW.žîíþ/{¶‘ò“²³ŽVàm@PðdÏ´£þ'^ù¼r¹\Ø-Ð»É]à •?ÌW¯‹?¯žZÖ‡!hA6Á¾nô+ªâÌ¤ÛVÂãL‡'/Ûu¡¦‡újodÐëój²ª€ Z¨p2@³œ?4ü;ƒÙÔ3ž€Iëà'y@ïÚ-í~é#ÓpÇ@å9Î¶Ts/m¸RìÅ}2µ¾éEó¼R¸}Yp8CÕqÒøö€õÅ’ª(ç4dÖÕ ÄÏ3Ç„/_,Å6n‘‰":µ½zˆæ1»\\Î?jnø?æ÷ì•¤§ÖßP%èÞ|KÍÏ£Y^cCo¨(ÊØR2ñ‹þùÓUØ_»¼HÙ¥ÎÅˆ@1Û´BµòyãÓ~îÖ›“;zóÝféIüíé‹3€Ïèa¬ÒÓ¡¶Õ;,\:®~6ËœIeí_[6[ìNu¿Q ¯_ÇD)?Œéù3ŒzäW â 1 *Ïž†²‹P1Ýšbw”Ã;9Yï;×›_Þ‰4®æ@_u(þâ‹õC5î\}éŠn? VŠ†òÎòæÆ OÎºRÏ£®œÚÔ½64ô‰o,ÃŽ‡ºÓxLågT@& .äA'ñA' P`ú…š×ÇGÕX2œÔbùY×6e'®8Ëê` ñòh‡ûr“*‹žïë[åº€»ãX” í¤MhÑbœÍ]¤tÄøSYw’VŸ?*nâŠ*l…óéHÊF¹•àxv˜ªXUTb:³º/ùŒ~(z»_E"? –ÞsdDD¾šsy´áÉâ<Óû‘ìÂvG®&_u_Š2Àš<¨¶Ùà9K€â™îºû¯L-’» ã=ú¨¨â¦ên6_±¨íèªÄÅI§½NÀH\t¿ÆÄŸŒŸåPó¬?®'16…|ûf¿Cê¢71ÀÝ‚&‘XÝ‹m»üp"{ƒ)C i7³«p7x1¢'-—Ó²ÈT(¬´ožCUrJŠpc4#óØM•*ÌD-µª|IY&`¡÷EXd?;çÔûÙKšÌÌvAÄ-û²Ð$ ÊÊÜüÏpŒÏ`¿• _6 öñ?;0§@4uäþ£8îF6[ˆ…çoŽœÑÍûY tqÉtjohÒÑTxËƒž¹x ·˜cI}Šc‹ÔÌ Äd×†6ßzzga@ä’ž¢gN„¤…Sµu¥×|¿» ûbìºã´¡fÐ'½ar:¹UëÂyi‡£(õ‰)ìå{’+¢º_,¸Dð[ 'ßaÓq"Š>`tU«å ¨Kq9eþ·û.X“Ž3Jÿª…²Ò¹N"—J?ÿ˜‰EYp§±±M¸6djž8Êá+R†-h±hLô‡d1[Ë?ÐCtk@ß”ý¼/ÙÙ'\¸¾ãWiÕ4ÀV¤±11Å´Õ½l¾qH´f»õ6â‹ónô^™èŽ×‹–õ´ž%V”S^GƒÑíœlKeÁ¡^Ó®Î2²C²Žã4Kð‚~'œPÌ[1²Ðó¿ç\ÚË‡µ Õ<Š'ƒ»2¦N·ì)˜¹X/ò¥•2@ÍÌøµöhc¯Ã7K—…ùŸ;ìªbv$×8êÆÝ—8PºÕ•÷4+6eÚ.5Š‰á¼åM,”EZX‡œˆPú¹/l®PMl¦o„#öô'ÉºHa…‰·7·×ë#‚ýfÚ¢T¯å)¾±èM\.Ãž<Ï$ÄH³’©0Å.²vD8QƒæW‡D÷õÏ”®ñ „Ž¬\Á H>C ©Èy$Á¯üJ™*†èÞ~s«†äíJý§=Ù3zW!Mæã`ÆU!]â RY5ÞhqO“y;ýàZk kKeÏ¢}Wâtj˜¤‡Þ£+ü`¬IXÕ‚ÙÚ%Ü!äW¿0Žðšã¢È£‰VÀ–ÁÆ^á®BØqXæµR°l0ì6¿^ìÀ¥<„%ÿb¼¸`®è3 ”l¥r>PRUƒ˜˜Ë_,µ¸I:3@¹Þƒ+ÆÙgDÿX>¢Xûx?Ø¤Ô,ûÏéî{Ø>}Øí¬·S>Êì7æ4UÜ@ü|µÎµ5ôm-ZHe´¾©µGìc²v!ópØõÄÈ!g%09Õ/Ïé¼‚n‹1hü_±¶ºãùidurÂRÀ½6RLÊ32ùf¸ÁZ0äøÿH–«Èy A±§Ð½þõ ÉG×˜Xb¿ÀF¢¢«ñïÄË¹”Ú”;ebp #ó’Þ˜6Úa5½¼=cº}'Rî?ˆà]Ü™ò¦[.uÑ#n LÇ 8ötkiÀ©°$^OvRAí§îËIŸaéJ]uûàgßØ¼èÖ`qÉçÒŸ'% #£É-aåC2•ÃÉÚIjBaÞ¦oíRoƒcÏÍß¡‘|(áM6!MÚôÞó$Ýõ?°dáZµ½8 á–ø~3nþs]òµó)åå¯$×ï˜®cƒG=Ž}žw±Úb‡TÁ’pÁ´¨0¦rÖ2ý,ZS¦—òà‡ûaè¬CûõõŒlbØÃ0Rv;,}Çý ’VeÂŒ~"‡ßAk¯ÈöÂ‹ðÆŒqMÔ¨¾8§¬”~VÓÜ0ù¦uÃ0j°wÑ{ þ|C‚çÉàI+qzè.0Óë¦A±ž,1”\>PœDIˆ€zB_/Û¦±“£ëèÁ"ª|Çû)b£j¨‡†«Xˆu¹3–ìÃûSÀø)RäÒ¤×²›-U®Ø½ 5µxcAÕÐl*Îˆ%÷NJ<ó“]N[æ¸2§PüWuµsÿr}…bèúœƒ£–DcE7Ž”1«Nòâö°º{¯ÉD?zdtýh¾"¼>0¾|9D#°—'âvÔìW5Ædó‡ýFÏ\|F@ ù¾Ï•=¬åG÷ÛÉ¤àõþ¸ñª¦ Ð¶·’¤W4TA5ð ÜÕøfÓ¤|ÇKoÂ5Q$ðé'‹æ?‡À|Ÿ1MeEC•;X=ØJÑw°,<È!XÀóõZ¿2f ®ZsÐ5~Uôåøh#/¥T:\²Ë=OŽ.-Àþ2ª\Ê›åâ„…;FJCqÜ{€®Ëií‰Ò!|ì;ËÆùež²÷$•~h’?,³åM´I"£½;Në'ƒH£,-äTLŽ3®K½¡rõÔW^ƒCz¾–Þ’h·oì'œuÆz¼5Tl3¿P3"›ÚwIéÖÙ4?²2®YÐ WQ7š€#p#d£0É'°ç€R_’ÍA EüÅJ©Ñb(=0á?s‘ötžÜSßè 4Ã§é¨3ó Ìâ´YñåÎÆömƒùj'×¦Šz.B¸~y‘gZV<™hâ6üt?QõÙWàKžPÔb÷Gá¥6ðý,ñÖüjB›ïYIÞZ.ìŠÉ"UDvNäðvênûuÙõ-sd*âÇ:›ÍY¦ >Å²ØùeLÙžwÃVN»SôÝY¬b–—íúRñ•QO‰7xp:=eë40’e¶_oÛÕ;¿›®ƒ´†d‚5dßÓiMŒD)gGIHvfw*cíw²}½VôÄtÇ{\³¡èÕˆcV!6ŠwFw'cŠ céOïÆ¯÷ƒ¤9‹ó‘{ÔLâ(ÑùÐ.Ï²Õö ÷XAa’4hÉÚ5=U< ¾ð$¬‘±õ$¢x&Î¼!!›~g8o=ÝtdÇ+ªª?›é´û2²o;ÀÖSÒªDÛë/È](½yU@»´ªkTè¹ÿ6} Õ×ÌVu£ËGË:ms\1žt!eÎ# nÿì˜^ /?`ó¾€®´Ä^)`¡ÑÁ±5_õ‹¼.Ÿö^L«Umo/|É,[y7±Ä•A=±Ò†—ð÷fzXlðlGëÝ-ë(·>ÒÈœ*·dÿK•$ná—ÕÅ¡d½a{q“lþ‰ÿ ü½˜âM“§h"óPSNú‰Êœ^çÓ ¥FÏPé5Wþ{Y¬?ºÈ ÆŠeôX¡€¥Ç6íéÜë*ÉÚL,J|C×¢&g¯ÙÖ¯ˆR›Ã¥T"YÍü”)›˜TO)ö)žŠ›Gdîbäµ&ZränCcÂMº?3@£e3úqOXð>÷Õ£na™@o| t¸Zà0ëçÊ>¶ÿBÿø»¯x›Nk:ú4R&ë¤æ™=iÕ.Í'§–W’_“¾RF‘ëkó³ÏTg*&š?Á#ZÙrS?˜äÊrŽý»f¢/fŸ o ”Y/¦xþzÔœæP³šû1È¬‚6ð5‘;¥ÁêÂSv$°Ži@îóo£¯ÏÅï,_@àŸT˜*Àß¹§ëë_ÄCššÐÜ;r*_È´ië€h<¿xÊŽñ›ß q‰ª&lY¥Ú,²î;ÂmZú„ì/3ív.YÂÅÎY†ƒfÍ*šäÄÇ¯ÉP³AqªMj²5ëvôoð¸Æ»îã|?Ô=ýÖÏKGQHÁi[#ÄBëÐÛòÇþÚ£¬¹ž ÷›f{ëxA(ù™Ê@-›Ìº*âDmƒê1î…¤õ=Uƒ”¯~ ªXä=N»aÑÍÝlyDac½Ár! ¬7ƒÿÄZüÓwl‘èe;¹H‘Mà£n¶C(u¾H™†B^–ôµ¯¶ýá®ì¸«zUÓ€ó7—X0b”’ª\%ÒÎýÕ˜µÖÿ¥4ÃeË¾-bx¤^ºòaç·c|Õ'7¤Øßº]Œâ<96,á‰©4ío{©÷ìb©&óÌàúA›A{×š¶¥ÓnZàVò½§jYµ/{*—ìn7Î{Hù²sh‚œìR«ÆN¢‹¶‚št«¨¤AþV _©Vå#OÝo_H”8J ™]É´«ï˜‹‘Ò‰IAÕ¾•6 3‘†‰™†£ðs5&yÏþ[HÞU8_Ð‘@% Wá-¾Þ¦£m¨aLj×û—?Ã¶î‰m+½Lüh¢Òr ½S·ë_9L½4˜i˜Ây&Jƒ©ñ”âaçÁý—5’~ËAÉc°`€ê|ÒI.XÈlHÈJ~~+ÎžíÉø?XñÃ('ùOMá¡ê¥:Æwd'e©ê14SÓXŸ"™†MÅßBêçlø°àP–—aÂø*\ÔC!ü—ääÛ)D1NT*(fB¾3aÊ•XE‡1Ãª%£·ž–e`½òIšû]¡yH’<Iy„âu`áE~Ú:ÃŒ¬Ñ–^9™.þ—FPžé]6GHÛŽWƒ=Ðö8*ÿ';n UÅûÃºjÏ ›Ad…,çîä|'¿†=0ÿõÉ˜Ó<,êNïÃV®¼=GŒ†~¹é¡cŠTµ+aËÂÚôk›¾àæ_í©¶2Jz¡3ºø…ÎÒ²C{Gj-;Ž:¸:…‰?!v2@gfÊ‘7ÞD[ÊðÖ±Þm x‰ø÷ªB9VÕ¬ñ–¶n0:Œ‡o2£lÄÉüå‹6àKZW»ßÓ“¹¾ÒÇ±)ÆpzzŸû¬P`z§ŽþÒÖ“±>(î!ºË`k/@¯ˆŽq‡£¹xnÒÓþ±Y@Ìê’Œ¦‡×*ój4'>¶~×÷eSpë÷z¤¼ðxKÿb@>"Õ7I‰í0Þ›Í† ^Úò,e—¶Æ×…›¡æ>NfSUÊê“·çYx9%"6wôá® Hú¨ºjÍÌò²° H`¸FÃ‚‚È¤@ì÷šGYcyy€_ÍÁSn–÷£î:§kV [NEHå4dèý0äá<Ã´ëÜ$ÙL-AØØFÓoü¤5°u- æˆ:wvž¡IÂÇƒêú ÍFþ°¤ó8ªç^–-äTîØ†y×æp’5füB‡†2øDhÑ™¡+¬rv^¾—Ibrõ*Ðî]ÕJ@{d{`'ÓƒpëâìžÛ¸ÛE|Ù˜7bö~ƒP¿áÅÄÐC”…)çÃÏMž#X¾8Î/ÕÆ·á¤<âøê–72éüÊü¿ƒÛx +Hæ¢%ûšNÒ ¶U-vî.Ÿ6ööâ²Ü©"ÔM‡ýéÝ8aø>Ól†|Õ‹Cï)°BY Úí•˜ûÐœo¹èöšž ¶c†äïk‹Rƒ[jgYµz*ùðŠ½00`‘ûí4:©¾ÊØú[‚½ÞÇ©guä[¥ìïäÒÏÛÛî*Uâè‡LÔ%… Þ¹ý$%°å|…ZÒá”"îw·ûSÖé' Ü™Ü!íÎýqj‚q5ýŸŒîÃsÿšÈñ9NVq'ãO=ï|ã¤Â´@¬úL[÷Ãy–J_€Úð•o(‡ïtéë[îöo“ÃWJ{C˜7Ï]kÎÂøœÒÏ -‰F‡²·y)”v&3w¾ÁÛö$:ùØ÷MÐºýæãtƒ´ÚÒçyíÏú¥vKx?B²dŒÃ%úYH˜p5„K‚q¤0ÀÝ1Ö5AoÉj5?s›_A)djÚ? °0ãá`ÚrŠŸ`|^”P ²ªÞ±&yæ»Ÿ•˜Zðø+ðïqˆ®ÓØ8(»<^Y…¶•¬$ôQò}—ª™l1õë‹^×ÜïÐ‰À|eR`O…Ð êb·6÷mìh8uièáÝ"1ÓjD–IJÙ¨.ð$øj¡x‹¢U§§Áu‹JC¨É™þxž‰è óHZêÝrâ”cxÞ!ûÔå§u{€ !•-¶&$l_ü–ð¡„-^ÎCÐ%JÛ_/^Y¸B¡ÿ ;Ñ±˜§ÃÏIœ¯eÀ6¿™ Ùç| ¶DOíÓY¸ÇZvSñl æ¾s\Œæñ¿@|˜¤®ÒXIÃmt/6º]Ÿ¤_}”†öSX¬V(ŽQøØ4ã‰Þ±1Œ÷ýÆ–ŠP8¸ø1„*÷å®[VHá%\Jã± ¥ŽìÍý7£˜÷…íênˆÂŽ¹]§€©-m»¨Ös·Êã ZXÜnSb8T/áSÙ$èF…‚§„x5´õ‘ã,D¹'+taú¾K¸—¢1»‹ÀÊ«¢°üop±·mƒ³läw?:æ÷Ö8’¾Á7áòJ¦½¨Ê!Ÿ=ZDÊ.Œ‡œ°íŽ/g;6™ãïˆóO$Œ‡Ý·ÐÍõMu›Í®-29ûòÏº d<Ó¹ŽHøXÕéjàßçÓê´<(¦Lé%}(Àÿ;ïÕgVs#»Ùq ¶ê«hÐ=ÚÖ]rœ3K#˜µ¾ìQ&ßñ6mÝ™[ñE…õ.WW"Üœsç<‘Y>õ°Ì¨c1'ó e§ÙV¾“éöpR60R¿feÇÔ=wM‘$tZJçØ°»k öøGîw*cÎ>Pqì:ïšmLn42ý¹d„›«\`[eùÊUL ÞmÚžº0¾Ýè²N» þé¤RAæ´ê]#50ôB¨ly]{'[ÒÓ¶%šíÈâ#ðLŽºA=\"mU¤õ.^ßòÓ¬áWy%tüÆœUs3›ÏõÓcÄ¢ùOÅ›/ý×ÐX{-]jƒ X÷àd©/¿4Kšw´í¶ëËà'&°¦}|(G(’ ¡’±ÃM¢ç—GL;™[=îT€@âHÂå0QýôWaÒT©5ÏoÄçºnSI]¸½)À—3Š²*7ÞïŠÈ!µ(®¨³MüM‚¬²IÔz7 "J£¥ùÀ*²df Ï¦ÿ¯—™qRÁÜäŽÁ! sº‚žsŸ ãÆY5¸ƒ5Ýh(gYú]ƒ`ˆ¥_•fáSÆHNìÆ'ër÷z¸-´¬zêË.™’“›´2U¥FPˆñ°à&zPY*»·Æ³ùše¶ÐÞÈÄ^}ÿŒ¤°>d‰Jh¿ «¶ï?«ß`4*â_Kîº•xô &'Ï)"ç Z6Ô(æ%ÜC‚ƒ…€¬ñ;|ÆÈ(ÑŽù(fç4à_áEq*(ÍtwÁ€›Ã0ÓÒÍ)å9‡Îz_C®rÍ`ôìÇ»£…ðsö sûëÙRÞ3TKö¬|Ì¾oZe;Éª•-v\î©üä ‰”~h íFó‹ØëÑ‚›Ï(éfuË©Õ€¸#¬1j$%÷ ¹Ká¶c§ÍeúíZâ¸Î¤_e]™Nd™…œu»)hë_êiœ®K¿é²ÐŸ×Ð›k†Óíµ¡Y¯Á˜Ä{¡ç#/ƒ6v . ©ãþÂ³,ÕÜ€„Z±²ž1xeÞ›ùJƒ+Éb"í3n\ÿ¶ñf’@l¨äWlo,ŠÇ™X_öê ñŽzø2ym»æ/ƒûÙAý_¥“2SI1Eˆ”Éš¢g”ti<‡1ßä}5ìW¬®S.®ÁPú7;((¿0;U¡e¢Ó5xŒ¼JIØ0ïßT‚uGûÌÕ›á£¸Àæ|HÝ:›{© O†FâpòÍä&†HdûË‰A¢'âƒy°ÔuMÎúÞæB®0¾LK)…ãbwë¼g)öòYù)¬²6Yò÷t=ŒWcdFÐ¶ÄÞ%'Gû íŒžá©µ#ý3Jïað!„æ2ìLy=N|ÃDêmÜâ´Ðã”»±‹‘ Êõ-öÍž<ö¹öfÖýß²ò¶ûï¶¯P3€þÜ¡óåùËN1¬' Û(i…9Ï;i`¾ò!?;ÀÕáÜX&fêç snîñ +éê9~Ø…ÝØý¦>ãÞåmå)ËãL=Á¡þì6ÏHDìwÿJÑM§0PBAà™ÊüØ\ ¶…ŽâÝÔ»™sÖrÐÊ?cq ¦xÑâO0û„Ãp ü] r‹¹ˆ÷¶ÀKd×zçÝ_IKiÒ]ÅÊ*ä–•b¶l¼«õÖÄ“¹›‰¬Gfy_4»FÌ3Î ãZˆût"B¨sÉê[·Ë‡´dÒv04;¶v•l¼{òêuÂ‹ò“È’Š¸©z¢8/îä9áWþv¾5#±]ViH¢Lr;à‹3Àƒ¢¶Ëâ˜ÄÒ7eï¢ï†JJÞ9“LçŠpwxAöAÙôOÍÈ"ñá”1k®ýEì³=ÚÝ°<»¦KëÉÜÒ— EÈó"Õ)ïïÒrc¼ÑíÆÜ²±8;ânªúNæ ¿Y].;:Ð°|>ÂÉµ“Ê’‘-Ùâ ^å À[¥7šõø±7³›35¸Df¥é…ÖêëÊµ‚qr—|\Lñ%wNÊ1äiæUÁPfôn ¿5:P¬¾WAœH}€;ßÃÛöal$!,-tLLwÿãpnZÚ´¬»¡®>;%ž#éÖíð¥o«÷ßcBDjEÈvz:@<#f? ~U‰› Áæ_Ëp23ù¤®©Ç<À b™SÀ2lßçºô iYlk;VVT}4L¯õo¯õèÒe2g!™'Ëƒq1 Ö«¬0pw…+ÁþìÄÉHÏd„ ˜4ò ŸV—¤ïÊÕÕ ±7Áä² *-˜´fý×eÖ¦YÚC_o „þL·ô'¸ßã²¡a…Ô[UÓùoæðÒƒ}m#dþ°^Õ¼½xoÑ©«ÞË](ªA[–gëçjMÔÃöê’¡Ún¨;¾ÁP %Ü0Óð§&NÐèN°¤Žµ¥ÆýQÃÀI:1EB Bî>–i»Â ì[õá ûPÇg÷÷ÄŽ¡Ö¼É½ª(wœ ¸£\XÌú•fGà¥µD*É K²ª2±FÚ¿©åýw| 7055{œ9áxáÁÿø=·póú)bZ=…ºv¶¤h™zÊ„’Ð+œÑ¯çúýæÏi>ý÷(f+å:F··‚Á¡‰p»ÙÐQ§qö?ÜCýÜ)³E¾A¶Íî=z,a,`¹Ç¢"ÛtzŠP‘i›ãw»jrÅ&ñ&>E;oJ›*Rá8Ê¼¸ÓÞ{ŽZÎP~y”0QÓë>gŒ£\T\[pÁßD¿½ÕÌÎØX[#í€jžüÂÀ¼’O.Á@âs“FAÞ_®ÖqbîåXÊ¹àp´à"¯xT,¢jÇFk×Ö²ÓÕÔ¶,˜$ã²…ÉÚ4óù¡Žõ«}jA?±V£èVœj¬é9]é•O‚:+Ôö-è×Õwf Ê®ÊÌñîX ¢½«ÉoX{ÚëÜ€ÈÃqÎ_©Î ]HÌ}_§gÁ×{ ‰_—þÕs1AèÅèùàMhÞ)7ÙJ¯Öd1Ðá äw|¸¾Û VyVzÄˆœäËÜ0^Ë±žJ×ŸI®7uD¿#Tê…× ºëødW=H÷Úƒ›Fñ‡“è¥ûø¨ü¡ôãU2 Eì£@~MÎê+ŽÜ{ÜoÅÔ¿±7çÓ¹èE¶©DîñÉÎh¹òîo›MozKìiZÁêt¢¸ÃÀ™9ÀÄ6))Ép„§ç/¬Út·ÙÂ–O›Îg“Ž8*¤Ö‰0–®^‹fé²¤VÂöÊ„Üw4µ 6‡ûâàâ«Ù•Zh\Æ?¿“º0ë°9Aªˆá *ÏryD¬ZÐ‚çˆÍ'¯mÍIª¨÷ÌS§7™n‚ ýûu¼âƒÅ9P~8ìåëH^°™»’š´jå¢£KÓÁ†×J´WU8Ã±}Ÿâ3lö÷»è}}|é¸Îûú¸sÀ`1`Í gè–Ãs{0®p,1yùŽaäxsû€€¶t”lÏkæ!R¡x/EOïÔƒY4Ñü¨^Í{ôb(o]]˜³°Aë(úÜF2¶ù{†jÿN}%Uººç0@öÁ,Ò·äì¼ÑÉöÊ ¥SZZ Eý¿Z¦Mú¸5ÙÉ¢ô×Þ6`ëõìzuÍZkšæ§|5&kE¥ºFoñzö0PÐ¶!ž1Š:ýH_Ìo$²j/±`Û÷w ¢ÿÎÂT’R‹ˆ¡”%RAÇg=|/;” Ð×Y=3_@|û HWi¯b²³n›æÀKwÐ¦‹‘#ú£bBwí§èhX2}‚piÊfsO¡’SõnÉœ.ÓmæÅ-Þg¨»›º+$ÆPWþÞÊ¼ç„#—Î½ˆ „¼,Ž›hö¹’¯ŽÜè†RoeèÌì±èIÃØÖ£98¹aÕ–µû¨oˆü°, ET£H]sÉ_!‘Ö…¶ð8¹gAí3æw<6Ì‰Ç¶±vPÛúk-R“8ê8æãÛ£ÀV=Ë–«µÛ¦«à»ñN(Æ[.(¦b4CÌô»ßQ„ÀSîã˜ô¹Õïë¯î()Cgò§"çˆlÿ95ì,)¤¼ÀÜOfàùvzÒÍ6þßÀûËÅŒ¢)ù»H22ó”]w’¼*{Kµ4w1"k¡/àšÏ¸qíb¼ +åêÍT±?c½7úÊp£$'ÐZm‚g;êùR?<ÚÉv7›€ÐFrWƒ¸´¼§4A¸’×´–Ý6k¦çxŽïiDVàTšÿè•<’-nq´ÝMtVÿNõl)»‹E*,qFîNPâ³XRºÂäÐ ª€^¦\Þò”Í¿;½ªpð{$Ó‹™Ñi%Ôø-3!Õôüç¥A–K¹òV±?xæ‹‘¹uö—ÕZOD)‡lh9cºÑH'QõÊJÉ£øà,/À(ž"Çrú/U¹w=ÚgÜxº—¯\:¸ÕpïF"pF^f¤¢©ŒÔÅØ€vìfÁšc#6Î`©$ïÃ´/zf¿“`Tšª©‹Y`&ºTªš³eü9SÕk—Ãªóñ: