dehydrated-0.7.0-lp152.3.6.1<>,v$`ll4/=„I 4D]*lPza+ 򡵦]KWj}7̳vb1yV7˧fmK9mwV ,Tl:NhvRZCɟ127ڻ DRmRd~i݅=~B5Ӆ1TavLW\?WLd   U  1=ekr u  "" " " " " "8"" ",=({8:9l::#:=M>M?M$@M,BM4FMWGMl"HM"IN|"XNYNZN[N\N"]O"^Q, bR cRdSLeSQfSTlSVuSh"vS wU"xV@"yVzVVVVVWWWHCdehydrated0.7.0lp152.3.6.1A client for signing certificates with an ACME serverThis is a client for signing certificates with an ACME server (currently only provided by letsencrypt) implemented as a relatively simple bash-script. It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Other dependencies are: curl, sed, grep, mktemp (all found on almost any system, curl being the only exception).`ll4obs-arm-8openSUSE Leap 15.2openSUSEMIThttp://bugs.opensuse.orgUnspecifiedhttps://github.com/lukas2511/dehydratedlinuxnoarchgetent group dehydrated >/dev/null || /usr/sbin/groupadd -r dehydrated getent passwd dehydrated >/dev/null || /usr/sbin/useradd -g dehydrated \ -s /bin/false -r -c "dehydrated" -d /etc/dehydrated dehydrated if [ -e /etc/dehydrated/config.sh ]; then mv /etc/dehydrated/config.sh /etc/dehydrated/config; fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in dehydrated.service dehydrated.timer ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fisystemd-tmpfiles --create /usr/lib/tmpfiles.d/dehydrated.conf ||: if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in dehydrated.service dehydrated.timer ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable dehydrated.service dehydrated.timer || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop dehydrated.service dehydrated.timer ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in dehydrated.service dehydrated.timer ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart dehydrated.service dehydrated.timer ) || : fi figC= :g L u AAAAAA聠A聠A큤A큤A`ll3`ll3`ll3`ll3`ll3`ll3`ll3`ll3`ll3`ll3`ll3`ll4`ll3`ll3`ll3`ll3`ll3`ll4_D`ll3_D_D_D_D_D_D_D_D_D_D_D_D`ll3`ll34f1f9a8e83dc7bf669d2169588123767dbeaa9aa0b734ee9294e1598e85d9f5bab7f7be38680c113a7e8dcd6302d8ced5346e9b1e1e531f9e592571800f445e9fe79b1aaaf17a5f6ded33aa3bce41ae2469a354d18280eb8a7f244240c0ab8573df2202369447057fee4b389ba52a555a8a654a5d24bf2abfd895734c5b450787682aa6e48098c65c207299e927a59d422f575fae10435ebd9796f2e3ed6d45579e9ad514e9395c69726b4686c926024645978541effec5992148f81a2e71dbf703bf89cee896fe86064ce464d6a5397bde95664618f64778119e4a634fd22dcaa6a7b95435c3f485b9b03cddd26ecec4d947d7495181dfb4fcd07c33cd68c92b4583b7dd07e3e2a08906de38e7e329d41f921ed9dcb6310b3886e013a6b8723763fb43e5de780472e95128259dc29001699f1ba654b8d8f10ea895ae8287ec7dc34d6281993be70d802b6f1e974ae2068c1a46fa9ac5cc42cd2588a497a3668276d8f9bed9f8343bcf4f1fc7fc752aed369e1dde28a2565748bf192c1becc129a39e4d6ea122bdc374f11b50f325b2d9a93fc3671c0931df19dfda2638e893c016998e29a3c7f88ce6b63bee1ce9b697e6b2fb7c46dae0c4530f1d8535f35eb5767080cd00f74b4bf41e494bc1425c6c6ce738373d92edcbae70fab844b860ec9036e75738286e7644b94f6730349b43358c641b69085d2a23b55ed79ebf56c2a02aa7e92401072a100e71426acf8047e9141bb6236ba1e31419ee89dbb7e2f61425a19dfd3e62cd2f5bf336ffd18b9e057f9a06e624b7857d870adcbf9c7a8ac13d1a39cbb4fe06b63d83181bb8a66135ab619aeba4e6347a1612a07996c16357962b4bc7a59317c77b5ceb3b9803969aeb85bc3b8078f8d456b69724eec985807e1c0eefe2617d1b040c6cd368b3feff1baac27e1fd687fc2c93ddbedb9f679d74b8bdbd3b95b97dfaea32b5148392bff26d3ee7009ab689e2b534bb97d1b6fddd843adda77293cda886a63db66d9c6cba8b91dec1bae7b3687aff2ca3818service@rootdehydrateddehydrateddehydrateddehydratedrootrootrootrootrootrootdehydratedrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootdehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydrateddehydratedrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootdehydrated-0.7.0-lp152.3.6.1.src.rpmconfig(dehydrated)dehydratedletsencrypt.sh@     /bin/bash/bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/getent/usr/sbin/groupadd/usr/sbin/useraddconfig(dehydrated)coreutilscurlopensslrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sudosystemdsystemdsystemdsystemd0.7.0-lp152.3.6.13.0.4-14.6.0-14.0-15.2-14.14.1`M`?z@_ _^@__[@^^^^^8 @]W]N]^@] \GZZ`@ZZ@ZkZ\Z\Y@Y@YYB@YY@Y@YY5Y˒Y@YYYo@YX+X7@X7@X@X@X@X@X@XwoXwoX5X)@X$a@W@WA@Wo@Wo@W@VVyV(@Olav Reinert Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin Dominique Leuenberger Richard Brown Daniel Molkentin Daniel Molkentin Daniel Molkentin Daniel Molkentin daniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.commrueckert@suse.demrueckert@suse.dedaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel@molkentin.dedaniel@molkentin.dedaniel.molkentin@suse.comdaniel.molkentin@suse.comdaniel.molkentin@suse.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dedaniel@molkentin.dejengelh@inai.dedaniel@molkentin.dedanimo@owncloud.comdanimo@owncloud.comdanimo@owncloud.comdanimo@owncloud.comdraht@schaltsekun.dedanimo@owncloud.comdanimo@owncloud.comdanimo@owncloud.com- Add directory where cleanup can archive unused certificates- Clarified new default settings. KEY_ALGO=secp384r1. Please consult README.maintainer for details and how to return to RSA-based certificate issuance. (jsc#ECO-3435, jsc#SLE-15909) - Added a note about ACMEv1 deprecation - Added a note on new ACME providers and the new non-URL provider syntax See README.maintainer for details.- Update to dehydrated 0.7.0 (JSC#SLE-15909) Added Support for external account bindings Special support for ZeroSSL Support presets for some CAs instead of requiring URLs Allow requesting preferred chain (--preferred-chain) Added method to show CAs current terms of service (--display-terms) Allow setting path to domains.txt using cli arguments (--domains-txt) Added new cli command --cleanupdelete which deletes old files instead of archiving them Fixed No more silent failures on broken hook-scripts Better error-handling with KEEP_GOING enabled Check actual order status instead of assuming it's valid Don't include keyAuthorization in challenge validation (RFC compliance) Changed Using EC secp384r1 as default certificate type Use JSON.sh to parse JSON Use account URL instead of account ID (RFC compliance) Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options Cleanup now also removes dangling symlinks- dehydrated-apache2: Check for mod_compat (bsc#1178927)- Reenable nginx subpackage for factory- Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page.- Remove potentially harmful scriptlet (bsc#1154167). Documented transition case in the maintainer README. Unlikely enough. The versions that have not transitioned yet would be broken for more than two years now.- Removed lighttpd 1.x integration package. If you still would like to use lighttpd with dehydrated, follow the instructions in the README.maintainers file.- Fix lighttpd config file (boo#1169834) - Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)- Drop systemd BuildRequires: pkgconfig(systemd) is already in place and is synonymous.- Remove obsolete Groups tag (fate#326485)- Behavioral change: Use cron only for older RHEL/CentOS versions (along with SLE < 12.0). Everything else now uses systemd. Please adopt accordingly! Refer to README.md for- Update to dehydrated 0.6.5 * Fixed broken APIv1 compatibility from last update- Update to dehydrated 0.6.4 * Fetch account ID from Location header instead of account json (bsc#1139408) - Update to dehydrated 0.6.3 * OCSP refresh interval is now configurable * Implemented POST-as-GET * Call exit_hook on errors (with error-message as first parameter) * Initial support for tls-alpn-01 validation * New hook: sync_cert (for syncing certificate files to disk, see example hook description) * Fetch account information after registration to avoid missing account id- Remove RandomizedDelaySec attribute for distros with older systemd (boo#1110697)- Update to dehydrated 0.6.2 * removes 0001-fixed-CA-url-in-example-config.patch * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch Added * New deploy_ocsp hook * Allow account registration with custom key Changed * Don't walk certificate chain for ACMEv2 (certificate contains chain by default) * Improved documentation on wildcards Fixes * Added workaround for compatibility with filesystem ACLs * Close unwanted external file-descriptors * Fixed JSON parsing on force-renewal (bsc#1091216) * Fixed cleanup of challenge files/dns-entries on validation errors * A few more minor fixes- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305) * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch- Fix issues introduced by 0.6.1 (bsc#1085305) * bring back man page * reflect new endpoint in (commented out) config file section (adds 0001-fixed-CA-url-in-example-config.patch, backported from upstream's master branch)- Updated dehydrated to 0.6.1 (bsc#1084854) * Use new ACME v2 endpoint by default- Updated dehydrated to 0.6.0 (bsc#1084854) Changed * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support) * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory) Added * Support for ACME v02 (including wildcard certificates!) * New hook: generate_csr (see example hook script for more information) * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...- Remove redundant noarch entries. They cause an error in RPM 4.14.- Updated dehydrated to 0.5.0 This removes the following patches and files, which are now part of the upstream package: * 0001-Add-optional-user-and-group-configuration.patch * 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch * dehydrated.1: the man page has been adopted by upstream Starting with this version, upstream introduced signed releases, which is now being used for source validation. Upstream changes: Changed * Certificate chain is now cached (CHAINCACHE) * OpenSSL binary path is now configurable (OPENSSL) * Cleanup now also moves revoked certificates Added * New feature for updating contact information (--account) * Allow automatic cleanup on exit (AUTO_CLEANUP) * Initial support for fetching OCSP status to be used for OCSP stapling (OCSP_FETCH) * Certificates can now have aliases to create multiple certificates with identical set of domains (see --alias and domains.txt documentation) * Allow dehydrated to run as specified user (/group). This was already available previously as a patch to this package.- revert accidental change to the service file- actually try to find the real path to bash and don't hardcode /usr/bin/bash- Use /usr/bin/bash directly, rather than via env- Use sudo instead of su to allow for argument handling, also works in all cases when no login shell is assigned to the dehydrated user * updates 0001-Add-optional-user-and-group-configuration.patch- Commands in service files need some escaping after all. Fix ExecStartPost.- In the timer service, execute root post run hooks in ExecStartPost- Fix run of root hooks - Simplify root hook execution, this is also more robust- Remove unused hooks directory - Introduced a directory for custom post-run hooks executed as root, see README.SUSE for details. (not to be confused with the native hooks run as dehyrated user)- Clarify necessity of enabling dehydrated.timer in README.SUSE - Submit to SLE15 as per fate#323377 - Add optional post run hook directory, executed by cron/systemd after dehydrated --cron has run - Remove hook directory intended for packaging other native hooks. Will be approach differently- No longer require nginx or lighttpd for SLE - Never go as far as to require acmeresponder, it might not be available - Drop -update from dehydrated-update.{timer,socket} for consistency - Add distro specific README.SUSE / README.Fedora - Ran spec-cleaner- Add man page - Ensure dehydrated is always run as designated user * adds 0001-Add-optional-user-and-group-configuration.patch - Introduce config.d directory for user configuration - Avoid warning about empty config.d directory * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch - Fix sed warning about unescaped curly braces in regex- Swap statements in post: installing services requires tmp.d- (Weak) dependency on dehydrated-acmeresponder.- systemd update service: ConditionPathExists goes into [Unit] section- Use timer instead of cron for systemd-enabled distros Note: Timer must be explicitly enabled!- Drop the (undocumented) dependeny for mod_headers- Unify configuration file source names- Bump to 0.4.0- More dependency fixes- Make nginx and lighttpd packages into features Default-disable them on distros where we cannot provide a dependency.- Fix build on Fedora- make permissions of the lighty and nginx config files tighter- only own the configuration files and not the whole directory tree - add BR for nginx, lighttpd, apache2 to handle directory ownership- with making the permissions more tight ... dehydrated can not write its lock file anymore to /etc/dehydrated. To fix this we now create /var/run/dehydrated (sysvinit) or /run/dehydrated (systemd) and point the lock file in the default config to that directory. Please adapt your local config files accordingly.- change permissions of /etc/dehydrated to: root:dehydrated u=rwx,g=rx,o= - create the subdirs that dehydrated would create later anyway: /etc/dehydrated/accounts /etc/dehydrated/certs dehydrated::dehydrated u=rwx,go= - tighten up permissions on /etc/dehydrated/config /etc/dehydrated/domain.txt root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o= /etc/dehydrated/hook.sh root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o=- Add lighttpd configuration via dehydrated-lighttpd- Test for user/group before adding them and don't suppress errors- Fix MIN HOUR order in crontab (boo#1009452)- Bump to v0.3.1 - Rename to dehydrated- Bump to v0.2.0 - This version fixes a json-parsing bug which made letsencrypt.sh incompatible with up-to-date ACME servers. - PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid confusion with certificate keys - deploy_cert hook now also has the certificates timestamp as standalone parameter - Temporary files are now identifiable (template: letsencrypt.sh-XXXXXX) - Private keys are now regenerated by default - Added documentation to repository - Fixed bug with uppercase names in domains.txt (script now converts everything to lowercase) - mktemp no longer uses the deprecated -t parameter. - Compatibility with "pretty" json- Explicitly add group and license, required for SLES 11- Add nginx integration package - Proper dir permissions for apache package (755, not 644)- fix build requirement for shadow (>=openSUSE-12.3) and pwdutils (before 12.3). - missing changelog for last change by danimo: do not require mod_ssl for suse distrbutions.- Add alias to /.well-known/acme-challenge by default- Add cron, do not remove letsencrypt user, adjust permissions- Initial commit/bin/sh/bin/sh/bin/sh/bin/shdehydrated-lighttpdletsencrypt.shobs-arm-8 1617718324  !"0.7.0-lp152.3.6.10.7.0-lp152.3.6.10.7.00.7.0-lp152.3.6.10.7.0 dehydratedaccountsarchivecertschainsconfigconfig.ddomains.txthook.shpostrun-hooks.dREADME.hooksdehydrateddehydrateddehydrated.servicedehydrated.timerdehydrated.confrcdehydrateddehydratedLICENSEREADME.maintainerREADME.mdacme-v1.mddns-verification.mddomains_txt.mdecc.mdhook_chain.mdlogo.jpgper-certificate-config.mdstaging.mdtls-alpn.mdtroubleshooting.mdwellknown.mddehydrated.1.gzacme-challenge/etc//etc/dehydrated//etc/dehydrated/postrun-hooks.d//run//usr/bin//usr/lib/systemd/system//usr/lib/tmpfiles.d//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/dehydrated//usr/share/man/man1//var/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16034/openSUSE_Leap_15.2_Update_ports/291fe6d8c1251a3973794f6332e0837b-dehydrated.openSUSE_Leap_15.2_Updatedrpmxz5noarch-suse-linux directoryASCII textBourne-Again shell script, ASCII text executableBourne-Again shell script, ASCII text executable, with very long linesASCII text, with very long linesJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 463x251, frames 3UTF-8 Unicode textPython script, ASCII text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)R̥ʑ|n_%"dehydrated-acmeresponderutf-8e1bbbd71b1b3c765eb85901ccf95e7d02cd2631ac175b6303af281f5522fcbd1?@7zXZ !t/Y]"k%~E"#;5'tbb q驑s"d3Z9%x=cie9sZ9\O1e{2E"S!i4s<'gd7^<o㔥CRuT ojXӏ)[ #HCSQp9㥔9ҡXlXOxHl,Q:סxwV]#hjGh<4m om8ߨ"3[%1_1^@{]F4&QO:2X΄)*B?NPsatYsbDaUR_;Ȭ~v"1&{ڹk,}:CW*7yțN [ Pw %騔iha}Z_?líV_2 2/j)|M`h|VPv]\_OK&هk 0x >I%O]m~RNO`$5))1xZAq$e&ЩꀳSRuItD#Jce,&Ǘ g@9G37rzZ W>|?_="V`([rTu;C[0+GZx*k$WBvW)%orQLwd2@7Ţ Z+t4U6 a(e fw|I r>~e@dP=! $}lc7/yܨa_ ?bOŇ;d@y(n|ig7jo/c7Hȩ4Dٔ#X|ngmUNXG ".gpr̫EԨ[lQI!*W!Z)/` .rqo,*=)B`:r6WB'E Yp5=%6Zu6`qJ<#HjM'd m`.U1:KF hcdD<پ ` Jd䔶x~`؟gR|!ĴN,]QwCƋE7K~:k@:m†򀷨IM\ak)h w#XX&S˨Vki[5w<ʀfGέW #i.((CSo.b5f!9Q~/ߞq4jvGc+6" \>؝JȠƴO ߶/pS@-1&j1@ 1\qHM2lA={ݠtRI!0Ϫ4 @^ڪe1ϔ1Wm;yǁ_8Ӂ #m37RM&%;'߈"!r;Y6]Bݑ+mn;h :S3G@[3b'XZa%XgS?+ &Iա5A0**zbSt]c2j) 9؜gH9D44:)!˃(=vXFQUjuG{^s[2'S`WG UgqҢzبC ۓ2Њe6fJR'ZED++8+`7; gL%R.YusY!J-ӤFl_R0PUq"XOllU$QsRcBŸ"UP%췿Z./ ӭwd#f5Bf;j?&$R/[ҁ hT<_"D$J%CB'~97WeQ#+d;m[j#ggỆ1.Zt(T[o%QdG) \uȞ"(+ .RLkgΫ>Z+݇JSfo;Ikj,Pn Of"(N[멋nآ m;ADt-\b1 efL$űnRd';?qa|s[`҉X 04f#\yU)M ̋]sixu,JpV*W_!1!IU|сXD?K1G8%[,zϘK/6p10|=CbJUaT>)!!#t*6S{AS_p#a!2 s+F,"T%_:tJ(^vOlS{X[r5'Do@!fz]d/v`w sxy*`~αCC斴Q]:nnXK^p侩 '2ZSxg lGʧA:vnд =2'-5BnSbGİz֮eM`z9!1;Xu["4PNjTR$c;wMMkE\U.<|&Y14PHۯ~ul:3x^Ӵ9wOLL%.nPFk1{!0mck 3p.]¥w @rKAk>GXlR&M.Ak朕[(:H!PƀtߟBa.Z)DoH &6sGHP*zw< x/6]c|OfjNOuĴB3EI\ʔx y<]PM~W3S5` |07$kO?;߇1#Z]l>!k9jv$?&BwGsp2ywRβeZ~F J`)PF";G#K6o>@uE^L7x zOMZj]6l!c@Oq㶹Fhw7#4\P3W<+៽uX&\jDx:ska"uX)1Ax34AB@feO)?0WU PT׎J؊)sؗ/Ͷ?=*K/?o5<&l@[-OwX F PsiͤY!XfYo@#d-Vvψ#sv ctU]SEt(5/ƕ!Ns =0R H;JޮM % {͟8!I2JӷS=~84ǘzIIZ/Ow*^dړx]]0 tVR#ğ췂+}|_YS&k*,(y̆g"cՒ/1$ƍZJL"|@ c P_oFfEӵՋmؠ:0;F4ƑKN4qٺ+ȥA#Le.ʆ<dtGJjԵ@ȴ(W[YcHE%A Kmqmv1̊>`B%,.,}Nw_.:{쓖SN)VJS!uʌ[z<\59x ga5Ž gk M +K<,Y7Jp!XjK.1V'fhEnyeP$EtD^x6^9.]γ ?s0 }<ٰg~$t)٦Rl~e8oXhpmIzǀatM2puEFKgukc1ؚԖzo9xk[".ypn J_( &w)7nNJ_]5Q7)SYyM̓{BӨ=AS$%ih]{LO1v3&а (+pqZ ;/펾S$ג7 aSwQZXϞZYrW*XQ5~-팅 )4 PΗt3W+<-k<=! p1w_gPg첋Qqvk$X:+MCGˢc (a@􂈵?P8/9uRփ;;T LR>r` =8K8aO&@ٲ@dA2uRwt*}k'O;'0xZ+gbrLOս x$Cn4 $_YQy((WGΟ,l?mN{azi.h FC*x #rVTg$b ;vb0f&"E+R|z=0 /-G~BiҔ[6 [o4 ;(S -,֡0,Dž( #pDoD* J6켓mF~GF.,Z,Ӈ $0 yE?dnEhu{X Qd<3}Fk[M!w vˌgЧ1)^~>'svWьΡCNUtQ ?&()]7o],@2\8+ ^6ɌCʬ}5<֬*H?WG G^Tbm=>nO&ީYhMQɎ+x r` qTG.Vˣt </{t{)iC]l-(^بF !j043 uuƄ蹝{&]Ob9r%Yl"UBZy>Ba5Xb+ H¡wlSlE{uM˘<$$EfWr)x \0 Q02m10b!軉]u4 o˕]IǴ91֝Y{u%b/\`V(ZrgDo-oYJD+}ѫPIcJW5G, |Q4775UΘ=JG?UFN2l]{/54W`;ZfuqQKŪ\!?VRxp;Vlve֖"nTP#rItM: L4eMcW*߆Q͛R%[?r;Wҍ '( )H‘bu}3 =r|M'd a0*ĩیs~3| YZ