tomcat-servlet-4_0-api-9.0.91-150200.68.1<>,fG)p9|fz-.>F &hHk~1c`\"}ץa vTP“'Jk;a + a \$~_!ܳ[xcRcfBE4.ƠW51~ '^hjF1I&M!l!¡E?d  , ]  /IOV/ 4  F  X  |      1 ^     } ( 8 p9 hp:p>@ BFJG` H I X Y Z [,\4 ]X ^bcBdeflu vw8 x\ yzCtomcat-servlet-4_0-api9.0.91150200.68.1Apache Tomcat Servlet API implementation classesApache Tomcat Servlet API implementation classes version 3.1fG)h01-ch3b;SUSE Linux Enterprise 15SUSE LLC Apache-2.0https://www.suse.com/Productivity/Networking/Web/Servershttps://tomcat.apache.orglinuxnoarchupdate-alternatives --install /usr/share/java/servlet.jar servlet \ /usr/share/java/tomcat-servlet-4.0-api.jar 30000 # Fix for bsc#1092163. # Keep the /usr/share/java/tomcat-servlet.jar symlink for compatibility. # In case of update from an older version where /usr/share/java/tomcat-servlet.jar is an alternatives symlink # the update-alternatives in the new version will cause a rename tomcat-servlet.jar -> servlet.jar. # This makes sure the tomcat-servlet.jar is recreated if it's missing because of the rename. if [ ! -f /usr/share/java/tomcat-servlet.jar ]; then echo "Recreating symlink /usr/share/java/tomcat-servlet.jar" ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /usr/share/java/tomcat-servlet.jar fiif [ $1 -eq 0 ] ; then if [ ! -f /etc/alternatives/servlet ]; then # /etc/alternatives/servlet was removed on uninstall. # Create a broken symlink to make sure update-alternatives works correctly and falls back # to servletapi5 or servletapi4 if they're installed. ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /etc/alternatives/servlet fi update-alternatives --remove servlet \ /usr/share/java/tomcat-servlet-4.0-api.jar fiN A큤fG(fGfGfGfGfG(f'fGfG14793f7fefa4b3e6cd414738245d7ec8016e845534e902d6e99dd29c0a36c96b6f939fc48667e2ddb1ed62e9902ff4e6780b1c4d72543b9175d22609484a88add34c2725276d68c8e71deec1a59d19950ec758707512d7fab340e02c2239a962d43cb0498288f9bb092639bcd5a781e4f04d3d529d19ff0e5725349609e3c6ac/etc/alternatives/servlet.jartomcat-servlet-4.0-api.jartomcat-servlet-4.0-api.jar@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottomcat-9.0.91-150200.68.1.src.rpmmvn(org.apache.tomcat:tomcat-servlet-api)mvn(org.apache.tomcat:tomcat-servlet-api:pom:)mvn(org.mortbay.jetty:servlet-api)mvn(org.mortbay.jetty:servlet-api:pom:)servletservlet31servlet7tomcat-servlet-4.0-apitomcat-servlet-4_0-api@@    /bin/sh/bin/shjava-headlessjavapackages-filesystemrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)update-alternativesupdate-alternatives3.0.4-14.6.0-14.0-15.2-14.14.1f&@feZeeПe@ee@e@e)e_>e)1@e 0@e 0@e;eRdld0d?@cc@c@c{h@cQ8@bγbbN@b!b@aaaA@a@a{@azamaamaama`X`Q@`OL@`OL@`3__F@_@___FN_!d^@^^_^@^Y^U @^1s^%@^!^@]҇]Γ@]4@]?]V]@\\\r@\k\j@\Yz\X)@\LK\?\8@\'a\[v[u[@[@[ug@ZZ_:Z!D@Z@YYYY:Y@Y@XZnW@WiW|W'A@WWKV@V2V`VA@UlI@UlI@UlI@UQU hU hTTи@ricardo.mestre@suse.comricardo.mestre@suse.comdcermak@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comricardo.mestre@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comfstrba@suse.comfstrba@suse.commichele.bussolotto@suse.comolaf@aepfle.demichele.bussolotto@suse.comfstrba@suse.commichele.bussolotto@suse.commichele.bussolotto@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.comamehmood@suse.comwittemar@googlemail.comwittemar@googlemail.comwittemar@googlemail.comamehmood@suse.commalbu@suse.commalbu@suse.commalbu@suse.comjengelh@inai.defstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comjavier@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comfstrba@suse.comdimstar@opensuse.orgmalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.commalbu@suse.commalbu@suse.comfstrba@suse.commalbu@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comsean@suspend.netmalbu@suse.comecsos@opensuse.orgmalbu@suse.commalbu@suse.commalbu@suse.defstrba@suse.commalbu@suse.comrbrown@suse.commalbu@suse.comecsos@opensuse.orgfstrba@suse.comecsos@opensuse.orgdziolkowski@suse.commalbu@suse.comastieger@suse.comtchvatal@suse.commalbu@suse.commalbu@suse.comdmacvicar@suse.dejcnengel@gmail.comtchvatal@suse.comdmacvicar@suse.dedmacvicar@suse.detchvatal@suse.comdmacvicar@suse.detchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comwittemar@googlemail.combmaryniuk@suse.com- Update to Tomcat 9.0.91 * Fixed CVEs: + CVE-2024-34750: Improper handling of exceptional conditions (bsc#1227399) * Catalina + Fix: Allow JAASRealm to use the configuration source to load a configured configFile, for easier use with testing. (remm) + Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm) + Fix: 69131: Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /*. (markt) + Add: Add support for shallow copies when using WebDAV. (markt) + Code: Deprecate the WebdavFixFilter as it is no longer required. (markt) + Fix: 69066: Fix regression in SPNEGO authenticator when processing Base64. Submitted by Daniel Lyko. (remm) + Update: Update minimum recommended version of Tomcat Native to 1.3.0. Pull request #728 provided by Dimitrios Soumis. (markt) + Update: The system property org.apache.catalina.connector.RECYCLE_FACADES will now default to true if not specified, which will in turn set the default value for the discardFacades connector attribute, thus causing facade objects to be discarded by default. (remm) + Add: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext) for retrieving extended/additional information from an established GSS context. (michaelo) + Fix: Correct a regression in the fix for 68721 that caused some instances of LinkageError to be reported as ClassNotFoundException. (markt) + Fix: Ensure that static resources deployed via a JAR file remain accessible when the context is configured to use a bloom filter. Based on pull request #730 provided by bergander. (markt) + Add: Introduce reference counting so the AprLifecycleListener is more robust. This particularly targets more complex embedded configurations with multiple server instances with independent lifecycles where more than one server instance requires the AprLifecycleListener. (markt) + Update: Deprecate and remove sessionCounter (replaced by the addition of the active session count and the expired session count, as a reasonable approximation) and duplicates (which does not represent a possible event in current implementations) statistics from the session manager. (remm) + Fix: 68890 Align output encoding of JSPs in the Manager webapp with the XML declarations in those same files. (schultz) + Fix: Update Basic authentication to implement the requirements of RFC 7617 including the changing of the trimCredentials setting which is now defaults to false. Note that the trimCredentials setting will be removed in Tomcat 11. (markt) + Add: Small performance optimization when logging cookies with no values. (schultz) + Fix: Correct error handling for asynchronous requests. If the application performs an dispatch during AsyncListener.onError() the dispatch is now performed rather than completing the request using the error page mechanism. (markt) + Fix: Fix WebDAV lock null (locks for non existing resources) thread safety and removal. (remm) + Fix: Add periodic checking for WebDAV locks expiration. (remm) + Fix: Extend Asn1Parser to parse UTF8Strings. (michaelo) + Update: Add highConcurrencyStatus attribute to the SemaphoreValve to optionally allow the valve to return an error status code to the client when a permit cannot be acquired from the semaphore. (remm) + Add: Add checking of the "age" of the running Tomcat instance since its build-date to the SecurityListener, and log a warning if the server is old. (schultz) + Fix: When using the AsyncContext, throw an IllegalStateException, rather than allowing an NullPointerException, if an attempt is made to use the AsyncContext after it has been recycled. (markt) + Fix: Change the thread-safety mechanism for protecting StandardServer.services from a simple synchronized lock to a ReentrantReadWriteLock to allow multiple readers to operate simultaneously. Based upon a suggestion by Markus Wolfe. (schultz) + Fix: Improve Service connectors, Container children and Service executors access sync using a ReentrantReadWriteLock. (remm) + Fix: Improve handling of integer overflow if an attempt is made to upload a file via the Servlet API and the file is larger than Integer.MAX_VALUE. (markt) + Fix: 68862: Handle possible response commit when processing read errors. (remm) * Jasper + Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of new classes added to the java.lang package in Java 23. (markt) + Fix: Ensure that an exception in toString() still results in an ELException when an object is coerced to a String using ExpressionFactory.coerceToType(). (markt) + Add: Add support for specifying Java 24 (with the value 24) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that context relative includes are processed correctly. ( markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that file relative includes are processed correctly. (markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that file relative includes are are not permitted to access files outside of the /META_INF/tags/ directory nor outside of the JAR file. (markt) + Fix: 68546: Small additional optimisation for initial loading of Servlet code generated for JSPs. Based on a suggestion by Dan Armstrong. (markt) + Add: Add support for specifying Java 23 (with the value 23) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: Handle the case where the JSP engine forwards a request/response to a Servlet that uses an OutputStream rather than a Writer. This was triggering an IllegalStateException on code paths where there was a subsequent attempt to obtain a Writer. (markt) + Fix: Correctly handle the case where a tag library is packaged in a JAR file and the web application is deployed as a WAR file rather than an unpacked directory. (markt) + Fix: Prevent the web application's ClassLoader from being pinned by the JSP compiler if an application uses a custom XMLInputFactory. Based upon a suggestion from Simon Niederberger. (schultz) * Web applications + Fix: Fix status servlet detailed view of the connectors when using automatic port. (remm) + Add: Add the ability to set a sub-title for the Manager web application main page. This is intended to allow users with lots of instances to easily distinguish them. Based on pull request #724 by Simon Arame. (markt) + Fix: Examples: Improve performance of WebSocket chat application when multiple clients disconnect at the same time. (markt) + Update: Examples: Increase the number of previous messages displayed when using the WebSocket chat application. (markt) + Fix: Examples: Improve performance of WebSocket snake application when multiple clients disconnect at the same time. (markt) * Coyote + Fix: Improve the algorithm used to identify the IP address to use to unlock the acceptor thread when a Connector is listening on all local addresses. Interfaces that are configured for point to point connections or are not currently up are now skipped. (markt) + Fix: 69121: Ensure that the onComplete() event is triggered if AsyncListener.onError() dispatches to a target that throws an exception. (markt) + Fix: Following the trailer header field refactoring, -1 is no longer an allowed value for maxTrailerSize. Adjust documentation accordingly. (remm) + Fix: 69068: Ensure read timouts are triggered for asynchronous, non-blocking reads when using HTTP/2. (markt) + Update: 69133: Add task queue size configuration on the Connector element, similar to the Executor element, for consistency. (remm) + Fix: Make counting of active HTTP/2 streams per connection more robust. (markt) + Add: Add support for TLS 1.3 client initiated re-keying. (markt) + Fix: Align non-secure and secure writes with NIO and skip the write attempt when there are no bytes to be written. (markt) + Fix: Allow any positive value for socket.unlockTimeout. If a negative or zero value is configured, the default of 250ms will be used. (mark) + Fix: Reduce the time spent waiting for the connector to unlock. The previous default of 10s was noticeably too long for cases where the unlock has failed. The wait time is now 100ms plus twice socket.unlockTimeout. (markt) + Fix: Ensure that the onAllDataRead() event is triggered when the request body uses chunked encoding and is read using non-blocking IO. (markt) + Fix: 68934: Add debug logging in the latch object when exceeding maxConnections. (remm) + Fix: Refactor trailer field handling to use a MimeHeaders instance to store trailer fields. (markt) + Fix: Ensure that multiple instances of the same trailer field are handled correctly. (markt) + Fix: Fix non-blocking reads of chunked request bodies. (markt) + Fix: When an invalid HTTP response header was dropped, an off-by-one error meant that the first header in the response was also dropped. Fix based on pull request #710 by foremans. (markt) + Fix: Add threadsMaxIdleTime attribute to the endpoint, to allow configuring the amount of time before an internal executor will scale back to the configured minSpareThreads size. (remm) * WebSocket + Fix: 68884: Reduce the write timeout when writing WebSocket close messages for abnormal closes. The timeout defaults to 50 milliseconds and may be controlled using the org.apache.tomcat.websocket.ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT property in the user properties collection associated with the WebSocket session. (markt) * Other + Update: Add test-only build target to allow running only the testsuite, supporting Java versions down to the minimum supported to run Tomcat. (rjung) + Update: Update UnboundID to 7.0.1. (markt) + Update: Update to SpotBugs 4.8.6. (markt) + Update: Remove cglib dependency as it is not required by the version of EasyMock used by the unit tests. (markt) + Update: Update EasyMock to 5.3.0. This adds a test dependency on Byte-Buddy 1.14.17. (markt) + Add: Improvements to Czech translations by Vladimír Chlup. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Chinese translations by fangzheng. (markt) + Update: Revert Derby to 10.16.1.1 as that is the latest version of Derby that runs on Java 17. (markt) + Update: Update to Commons Daemon 1.4.0. (markt) + Update: Update to Objenesis 3.4. (markt) + Update: Update to Checkstyle 10.17.0. (markt) + Update: Update to SpotBugs 4.8.5. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Switch to using the Base64 encoder and decoder provided by the JRE rather than the version provided by Commons Codec. The internal fork of Commons Codec has been deprecated and will be removed in Tomcat 11. (markt) + Update: Update NSIS to 3.10. (mark0t) + Update: Update UnboundID to 7.0.0. (markt) + Update: Update Checkstyle to 10.16.0. (markt) + Update: Update JaCoCo to 0.8.12. (markt) + Update: Update SpotBugs to 4.8.4. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.9.0. (markt) + Update: Update the internal fork of Apache Commons DBCP to 2.12.0. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update Checkstyle to 10.14.1. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.8.2. (markt) + Update: Update the internal fork of Apache Commons Codec to 1.16.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (remm) + Add: Improvements to Chinese translations by leeyazhou. (remm) - Modified patch: * tomcat-9.0-build-with-java-11.patch + rediff to changed context * tomcat-9.0-osgi-build.patch + move the definition of bnd.classpath out of the setup-bnd task since it is one component in build.classpath- Update to Tomcat 9.0.87 * Fixed CVEs: + CVE-2024-24549: Improved request header validation for HTTP/2 stream (bsc#1221386) + CVE-2024-23672: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection (bsc#1221385) * Catalina + Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) + Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) + Fix: 68692: The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support NIO2. (remm) + Fix: 68495: When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. (markt) + Fix: 68721: Workaround a possible cause of duplicate class definitions when using ClassFileTransformers and the transformation of a class also triggers the loading of the same class. (markt) + Fix: The rewrite valve should not do a rewrite if the output is identical to the input. (remm) + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to allow skipping over the next valve in the Catalina pipeline. (remm) + Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) + Add: Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: 68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt) * Coyote + Fix: Improve the HTTP/2 stream prioritisation process. If a stream uses all of the connection windows and still has content to write, it will now be added to the backlog immediately rather than waiting until the write attempt for the remaining content. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext. + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm) + Fix: Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. (markt) + Fix: Improve the Tomcat Native shutdown process to reduce the likelihood of a JVM crash during Tomcat shutdown. (markt) + Fix: Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt) + Fix: Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt) + Fix: Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt) * Jasper + Add: Add support for specifying Java 22 (with the value 22) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) * Cluster + Fix: Avoid updating request count stats on async. (remm) * WebSocket + Fix: Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt) * Web applications + Add: Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz) * Other + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update Checkstyle to 10.13.0. (markt) + Update: Update JSign to 6.0. (markt) + Update: Add strings for debug level messages. (remm) + Update: Update Tomcat Native to 1.3.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt)- Add missing Requires(post): util-linux to have runuser into post- Add %%systemd_ordering to packages with systemd unit files, so that the order is the right one if those packages find themselves in the same transaction with systemd- Link ecj.jar into the install instead of copying it- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)- Fixed CVEs: * CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)- Update to Tomcat 9.0.85 * Fixed CVEs: + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to incorrect headers parsing (bsc#1217649) * Catalina + Update: 68378: Align extension to MIME type mappings in the global web.xml with those in httpd by adding application/vnd.geogebra.slides for ggs, text/javascript for mjs and audio/ogg for opus. (markt) + Fix: Background processes should not be run concurrently with lifecycle operations of a container. (remm) + Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt) + Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt) + Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt) + Fix: 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter(). (michaelo) + Update: The status servlet included in the manager webapp can now output statistics as JSON, using the JSON=true URL parameter. (remm) + Update: Optionally allow ServiceBindingPropertySource to trim a trailing newline from a file containing a property-value. (schultz) + Fix: 67793: Ensure the original session timeout is restored after FORM authentication if the user refreshes a page during the FORM authentication process. Based on a suggestion by Mircea Butmalai. (markt) + Update: 67926: PEMFile prints unidentifiable string representation of ASN.1 OIDs. (michaelo) + Fix: 66875: Ensure that setting the request attribute jakarta.servlet.error.exception is not sufficient to trigger error handling for the current request and response. (markt) + Fix: 68054: Avoid some file canonicalization calls introduced by the fix for 65433. (remm) + Fix: 68089: Improve performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: Use a 400 status code to report an error due to a bad request (e.g. an invalid trailer header) rather than a 500 status code. (markt) + Fix: Ensure that an IOException during the reading of the request triggers always error handling, regardless of whether the application swallows the exception. (markt) * Coyote + Fix: Refactor the VirtualThreadExecutor so that it can be used by the NIO2 connector which was using platform threads even when configured to use virtual threads. (markt) + Fix: Correct a regression in the fix for 67675 that broke TLS key file parsing for PKCS#8 format keys that do not specify an explicit pseudo-random function and rely on the default. This typically affects keys generated by OpenSSL 1.0.2. (markt) + Fix: Allow multiple operations with the same name on introspected mbeans, fixing a regression caused by the introduction of a second addSslHostConfig method. (remm) + Fix: Relax the check that the HTTP Host header is consistent with the host used in the request line, if any, to make the check case insensitive since host names are case insensitive. (markt) + Add: 68348: Add support for the partitioned attribute for cookies. (markt) + Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and SSLHostConfig#certificateKeystorePasswordFile. (michaelo) + Add: When calling SSLHostConfigCertificate.setCertificateKeystore(ks), automatically call setCertificateKeystoreType(ks.getType()). (markt) + Fix: 67628: Clarify how the ciphers attribute of the SSLHostConfig is used. (markt) + Fix: 67666: Ensure TLS connectors using PEM files either work with the TLSCertificateReloadListener or, in the rare case that they do not, log a warning on Connector start. (markt) + Fix: 67675: Support a wider range of KDF and ciphers for PEM files than the combinations supported by the JVM by default. Specifically, support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt) + Fix: 67927: Reloading TLS configuration can cause the Connector to refuse new connections or the JVM to crash. (markt) + Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are available, prefer 1.2.x since it supports the APR/Native connector whereas 2.0.x does not. (markt) + Fix: 67938: Correct handling of large TLS client hello messages that were causing the TLS handshake to fail. (markt) + Fix: 68026: Convert selected MessageByte values to String when first accessed to speed up subsequent accesses and reduce garbage collection. (markt) * Jasper + Code: 68119: Refactor the CompositeELResolver to improve performance during type conversion operations. (markt) + Fix: 68068: Performance improvement for EL. Based on a suggestion by John Engebretson. (markt) * Web Applications + Fix: 68035: Additional fix to the Manager application to enable the deployment of a web application located in a Host's appBase where the web application is specified by a bare (no path) WAR or directory name as shown in the documentation. (markt) + Fix: Examples. Improve the error handling so snakes associated with a user that drops from the network are removed from the game. (markt) + Fix: 68035: Correct a regression in the fix for 56248 that prevented deployment via the Manager of a WAR or directory that was already present in the appBase or a context file that was already present in the xmlBase. (markt) * Other + Update: Update Checkstyle to 10.12.7. (markt) + Update: Update SpotBugs to 4.8.3. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update UnboundID to 6.0.11. (markt) + Update: Update Checkstyle to 10.12.5. (markt) + Update: Update SpotBugs to 4.8.2. (markt) + Update: Update Derby to 10.17.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Brazilian Portuguese translations by John William Vicente. (markt) + Add: Improvements to Russian translations by usmazat and remm. (markt) + Add: 67538: Make use of Ant's task to enfore the mininum Java build version. (michaelo) + Update: Update Checkstyle to 10.12.4. (markt) + Update: Update JaCoCo to 0.8.11. (markt) + Update: Update SpotBugs to 4.8.0. (markt) + Update: Update BND to 7.0.0. (markt) + Update: The minimum Java version required to build Tomcat has been raised to Java 17. (markt) - Added patches: * tomcat-9.0-build-with-java-11.patch- change server.xml during %post instead of %posttrans- Fix server.xml permission (bsc#1217768, bsc#1217402) - remove serverxmltool and use xsltproc- replace prep setup and patches macro with autosetup- Update to Tomcat 9.0.82 * Fixed CVEs: + CVE-2023-45648: Improve trailer header parsing (bsc#1216118) + CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120) + CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119) * Catalina + Add: 65770: Provide a lifecycle listener that will automatically reload TLS configurations a set time before the certificate is due to expire. This is intended to be used with third-party tools that regularly renew TLS certificates. + Fix: Fix handling of an error reading a context descriptor on deployment. + Fix: Fix rewrite rule qsd (query string discard) being ignored if qsa was also use, while it should instead take precedence. + Fix: 67472: Send fewer CORS-related headers when CORS is not actually being engaged. + Add: Improve handling of failures within recycle() methods. * Coyote + Fix: 67670: Fix regression with HTTP compression after code refactoring. + Fix: 67198: Ensure that the AJP connector attribute tomcatAuthorization takes precedence over the tomcatAuthentication attribute when processing an auth_type attribute received from a proxy server. + Fix: 67235: Fix a NullPointerException when an AsyncListener handles an error with a dispatch rather than a complete. + Fix: When an error occurs during asynchronous processing, ensure that the error handling process is only triggered once per asynchronous cycle. + Fix: Fix logic issue trying to match no argument method in IntropectionUtil. + Fix: Improve thread safety around readNotify and writeNotify in the NIO2 endpoint. + Fix: Avoid rare thread safety issue accessing message digest map. + Fix: Improve statistics collection for upgraded connections under load. + Fix: Align validation of HTTP trailer fields with standard fields. + Fix: Improvements to HTTP/2 overhead protection (bsc#1216182, CVE-2023-44487) * jdbc-pool + Fix: 67664: Correct a regression in the clean-up of unnecessary use of fully qualified class names in 9.0.81 that broke the jdbc-pool. * Jasper + Fix: 67080: Improve performance of EL expressions in JSPs that use implicit objects- Update to Tomcat 9.0.80 * Catalina + Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks + Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop() methods. + Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with one or more Connectors to process requests received by those Connectors using virtual threads. This Executor requires a minimum Java version of Java 21. + 66513: Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses the Valve and the reason if a request fails to obtain the per session Semaphore. + 66609: Ensure that the default servlet correctly escapes file names in directory listings when using XML output. + 66618: Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting in the XSLT. + 66621: Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock. + 66622: Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false as support for the associated HTTP header has been removed from all major browsers. + 59232: Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries. + 66665: Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file. + Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false. + Add utility config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible. + Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. + Make parsing of ExtendedAccessLogValve patterns more robust. + Fix failure trying to persist configuration for an internal credential handler. + 66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. + Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. + 66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. + The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. + If an application or library sets both a non-500 error code and the javax.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. + Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. + Avoid protocol relative redirects in FORM authentication (CVE-2023-41080, bsc#1214666). * Coyote + Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined in RFC 7540. + 66602: not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload. + 66627: Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion. + 66635: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each. + Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. + Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. + Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. + Refactor HTTP/2 implementation to reduce pinning when using virtual threads. + Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. + 66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. + 66842: When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. + Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. * WebSocket + 66548: Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid characters from the base64 alphabet are used. + Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown. + Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed. + 66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. * Web applications + Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property. + 66662: Documentation. Fix a typo in the name of the algorithms attribute in the configuration section for the Digest authentication value. + Documentation. Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. * jdbc-pool + Fix the releaseIdleCounter does not increment when testAllIdle releases them. + Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. * Other + Update to Commons Daemon 1.3.4. + Improvements to French translations. + Update Checkstyle to 10.12.0. + Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built with with OpenSSL 1.1.1u. + Include the Windows specific binary distributions in the files uploaded to Maven Central. + Improvements to French translations. + Improvements to Japanese translations. + Update UnboundID to 6.0.9. + Update Checkstyle to 10.12.1. + Update BND to 6.4.1. + Update JSign to 5.0. + Correct properties for JSign dependency. + Align documentation for maxParameterCount to match hard-coded defaults. + Update NSIS to 3.0.9. + Update Checkstyle to 10.12.2. + Improvements to French translations. + Improvements to Japanese translations. + 66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. + Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v. + Improvements to Chinese translations. + Improvements to French translations. + Improvements to Japanese translations - Removed patch: * tomcat-9.0.75-CVE-2023-41080.patch + integrated in this version- Fixed CVEs: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666) - Added patches: * tomcat-9.0.75-CVE-2023-41080.patch- Modified patch: * tomcat-9.0-osgi-build.patch + make it more robust to change in number of artifacts in bnd + do not enumerate jars, just take all jars from the aqute-bnd directory into the classpath- Require(pre) shadow because groupadd is needed early- Update to Tomcat 9.0.75. * See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt) * Fixes: + bsc#1211608, CVE-2023-28709 + bsc#1208513, CVE-2023-24998 (previous incomplete fix) - Remove patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch * tomcat-9.0-CVE-2021-41079.patch * tomcat-9.0-CVE-2022-23181.patch * tomcat-9.0-NPE-JNDIRealm.patch * tomcat-9.0-hardening_getResources.patch * tomcat-9.0.43-CVE-2021-43980.patch * tomcat-9.0.43-CVE-2022-42252.patch * tomcat-9.0.43-CVE-2022-45143.patch * tomcat-9.0.43-CVE-2023-24998.patch * tomcat-9.0.43-CVE-2023-28708.patch + integrated in this version * tomcat-9.0.43-java8compat.patch + problem with Java 8 compatibility solved in this version - Modified patch: * tomcat-9.0.31-secretRequired-default.patch - > tomcat-9.0.75-secretRequired-default.patch + rediffed to changed context * tomcat-9.0-javadoc.patch + drop integrated hunks * tomcat-9.0-osgi-build.patch + fix to work with current version - Added patch: * tomcat-9.0-jdt.patch + fix build against our ecj- Fixed CVEs: * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840) - Added patches: * tomcat-9.0.43-CVE-2022-45143.patch- Fixed CVEs: * CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622) - Added patches: * tomcat-9.0.43-CVE-2023-28708.patch- Fixed CVEs: * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513) - Added patches: * tomcat-9.0.43-CVE-2023-24998.patch- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt - use logrotate for catalina.out * update tomcat-serverxml-tool and spec to configure server.xml - Added patch: * tomcat-9.0-logrotate_everything.patch * tomcat-serverxml-tool.tar.gz - Removed: * tomcat-serverxml-tool-1.0.tar.gz- Use catalina.out for logging (bsc#1205647) - Added patches: * tomcat-9.0-fix_catalina.patch- Fixed CVEs: * CVE-2022-42252: reject invalid content-length requests. (bsc#1204918) - Added patches: * tomcat-9.0.43-CVE-2022-42252.patch- Fixed CVEs: * CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) - Added patches: * tomcat-9.0.43-CVE-2021-43980.patch- Do not hardcode /usr/libexec but use %%_libexecdir during the build * Fixes for platforms, where /usr/libexec and %%_libexecdir are different- Fix bsc#1201081 by building with release=8 all files that can be built this way. The one file remaining, build it with source=8 and target=8 - Modified patch: * tomcat-9.0.43-java8compat.patch + Do not cast ByteBuffer to Buffer to call the Java 8 compatible methods. Build with release=8 instead- Security hardening. Deprecate getResources() and always return null. (bsc#1198136) - Added patch: tomcat-9.0-hardening_getResources.patch- Remove dependency on log4j/reload4j completely (bsc#1196137)- Do not build against the log4j12 packages, use the new reload4j- Fixed CVEs: * CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255) - Added patches: * tomcat-9.0-CVE-2022-23181.patch- remove instance units from post scripts, they can not be reloaded- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) - Added patch: * tomcat-9.0-NPE-JNDIRealm.patch- Modified patch: * tomcat-9.0-osgi-build.patch + account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0- Fixed CVEs: * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279) * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278) - Added patches: * tomcat-9.0-CVE-2021-30640.patch * tomcat-9.0-CVE-2021-33037.patch- Fixed CVEs: * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558) - Added patches: * tomcat-9.0-CVE-2021-41079.patch- Update to Tomcat 9.0.43. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch - Rebased patch: tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch- Update to Tomcat 9.0.41. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)- Update to Tomcat 9.0.40. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt) - Removed Patches because fixed upstream now: * tomcat-9.0-CVE-2020-17527.patch * tomcat-9.0-CVE-2021-24122.patch- Fixed CVEs: * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) - Added patches: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947) - Added patch: * tomcat-9.0-CVE-2021-24122.patch- Update to Tomcat 9.0.39. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt) - Rebased patches: * tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch- Update to Tomcat 9.0.38. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt) - Rebased patches: * tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch - Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now- Update to Tomcat 9.0.37. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt) - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) - Rebased patches: * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602) - Added patch: * tomcat-9.0-CVE-2020-17527.patch- Add source url for tomcat-serverxml-tool - Fix typo in tomcat-webapps %postun that caused /examples context to remain in server.xml when package was removed - Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396)- Fix tomcat-servlet-4_0-api package alternatives to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar. Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility. (bsc#1092163) - Change default file ownership in tomcat-webapps from tomcat:tomcat to root:tomcat- Fix CVE-2020-13943 (bsc#1177582) - Added patch: * tomcat-9.0-CVE-2020-13943.patch - Change /usr/lib/tomcat to /usr/libexec/tomcat in startup scripts (bsc#1177601)- Replace old specfile constructs. Remove support for SUSE 11.x. - Drop %systemd_requires, which is considered a no-op. - Trim redundant license mention from description. - Make documentation noarch. - Do not suppress errors from useradd.- Avoid hardcoding /usr/lib as libexecdir- Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Change tomcat.pid location from /var/run to /run (bsc#1173103) - Use the /sbin/nologin shell when creating the tomcat user - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly- Update to Tomcat 9.0.36. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt) - Fixed CVEs: CVE-2020-11996 (bsc#1173389)- Update to Tomcat 9.0.35. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) - Fixed CVEs: - CVE-2020-9484 (bsc#1171928) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Update to Tomcat 9.0.34. See changelog at https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt) - Notable changes: * Add support for default values when using ${...} property replacement in configuration files. Based on a pull request provided by Bernd Bohmann. * When configuring an HTTP Connector, warn if the encoding specified for URIEncoding is not a superset of US-ASCII as required by RFC 7230. * Replace the system property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the Connector attribute encodedSolidusHandling that adds an additional option to pass the %2f sequence through to the application without decoding it in addition to rejecting such sequences and decoding such sequences.- Update to Tomcat 9.0.33. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt) - Notable fix: corrected a regression in the improvements to HTTP header parsing (bsc#1167438) - Rebased patches: * tomcat-9.0-javadoc.patch * tomcat-9.0-osgi-build.patch * tomcat-9.0.31-java8compat.patch- Change default value of AJP connector secretRequired to false - Added patch: * tomcat-9.0.31-secretRequired-default.patch- Update to Tomcat 9.0.31. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: * CVE-2019-17569 (bsc#1164825) * CVE-2020-1935 (bsc#1164860) * CVE-2020-1938 (bsc#1164692) - Modified patch * tomcat-9.0.30-java8compat.patch - > tomcat-9.0.31-java8compat.patch + Adapt to changed context- Modified patch: * tomcat-9.0.30-java8compat.patch + add missing casts (bsc#1162081)- Change back the build to build with any Java >= 1.8 - Added patch: * tomcat-9.0.30-java8compat.patch + Cast java.nio.ByteBuffer and java.nio.CharBuffer to java.nio.Buffer in order to avoid calling Java 9+ APIs (functions with co-variant return types) - Renamed patch: * tomcat-9.0-disable-osgi-build.patch - > tomcat-9.0-osgi-build.patch + Do not disable, but fix OSGi build since we have now aqute-bnd- Change build to always use Java 1.8 (bsc#1161025).- Update to Tomcat 9.0.30. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt) - Fixed CVEs: - CVE-2019-0221 (bsc#1136085) - CVE-2019-10072 (bsc#1139924) - CVE-2019-12418 (bsc#1159723) - CVE-2019-17563 (bsc#1159729) - Removed patch: * tomcat-9.0-JDTCompiler-java.patch + It was not applied- Update to Tomcat 9.0.27. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt) - Uset aqute-bnd to generate OSGi manifest, since we have that package now in openSUSE:Factory - Removed patch: * tomcat-9.0-disable-osgi-build.patch + not needed- Add maven pom files for tomcat-jni and tomcat-jaspic-api- Distribute the pom file also for tomcat-util-scan artifact- Build against compatibility log4j12 package- Adapt to the new ecj directory layout- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- Update to Tomcat 9.0.20. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) - increase maximum number of threads and open files for tomcat (bsc#1111966)- Update to Tomcat 9.0.19. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt) Notable packaging changes: - File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed. The classes contained in this jar were merged into /usr/share/java/tomcat/catalina.jar. - Fixed CVEs: - CVE-2019-0199 (bsc#1131055) - Rebased patch: - tomcat-9.0-JDTCompiler-java.patch - tomcat-9.0-javadoc.patch- Build classpath directly with the geronimo jars instead of with symlinks to them- Don't overwrite changes made to server.xml contexts when updating bundled webapps.- Set javac target to 1.8 when building docs samples and serverxmltool- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps (bsc#1092341). Affected packages: - tomcat-webapps - tomcat-admin-webapps - tomcat-docs-webapp - Remove %doc directive from tomcat-docs-webapps files section so that zypper installs files even if rpm.install.excludedocs is set to yes.- Require Java 1.8 or later (bsc#1123407)- Clean up OSGi manifest injection - Put embed maven metadata into embed subpackage - Use the .mfiles* lists generated by %%add_maven_depmap macro- Fix tomcat-tool-wrapper classpath error (bsc#1120745)- Fix tomcat-digest classpath error (bsc#1120745)- Update to Tomcat 9.0.14. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)- Add pom files for tomcat-jdbc and tomcat-dbcp - Add org.eclipse.jetty.orbit* aliases to correspondant artifacts- Update to Tomcat 9.0.13. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)- Update to Tomcat 9.0.12. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt) - Fixed CVEs: - CVE-2018-11784 (bsc#1110850) - Rebased patches: - tomcat-9.0-disable-osgi-build.patch - tomcat-9.0-javadoc.patch - tomcat-9.0-sle.catalina.policy.patch - tomcat-9.0-tomcat-users-webapp.patch- Declare following files to config(noreplace) to prevent override access rights: - host-manager/META-INF/context.xml - manager/META-INF/context.xml- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's configuration during update (bsc#1067720)- Update to Tomcat 9.0.10. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt) - Fixed CVEs: - CVE-2018-1336 (bsc#1102400) - CVE-2018-8014 (bsc#1093697) - CVE-2018-8034 (bsc#1102379) - CVE-2018-8037 (bsc#1102410) - Rebased patch tomcat-9.0-JDTCompiler-java.patch - Added patch tomcat-9.0-disable-osgi-build.patch to disable adding OSGi metadata to JAR files- Update to Tomcat 9.0.5. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)- Modified patch: * tomcat-9.0-javadoc.patch + Don't append to javadoc --add-modules since we are building with source=8 + Avoid accessing Internet URLs from build environment- Update to Tomcat 9.0.2: * Major update for tomcat8 from tomcat9 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-9.0-doc/changelog.html * Rename all tomcat-8.0-* files to tomcat-9.0-* - Changed patches: * Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-8.0-sle.catalina.policy.patch * Deleted: tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-8.0.33-JDTCompiler-java.patch * Deleted: tomcat-8.0.44-javadoc.patch * Deleted: tomcat-8.0.9-property-build.windows.patch * Added: tomcat-9.0-JDTCompiler-java.patch * Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch * Added: tomcat-9.0-javadoc.patch * Added: tomcat-9.0-sle.catalina.policy.patch * Added: tomcat-9.0-tomcat-users-webapp.patch - Renamed subpackage tomcat-3_1-api to tomcat-4_0-api to reflect the new Servlet API version. - Commented out JAVA_HOME in /etc/tomcat/tomcat.conf - Added "tomcat-" prefix to lib symlinks under /usr/share/java to avoid file conflicts with servletapi5 and geronimo-specs - Fixed wrong %ghost file paths for alternatives symlinks- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Build with JDK 8 to fix runtime errors when running with JDK 7 and 8 - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016)- update to 8.0.47 http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-12617 - rebase tomcat-8.0-sle.catalina.policy.patch- Added patch: * tomcat-8.0.44-javadoc.patch - generate documentation with the same source level as class files - fixes build with jdk9- Version update to 8.0.44: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVE: - CVE-2017-5664 (bsc#1042910)- New build dependency: javapackages-local- Version update to 8.0.43: * Another bugfix release, for full details see: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Fixed CVEs: - CVE-2017-5647 (bnc#1033448) - CVE-2017-5648 (bnc#1033447) - CVE-2016-8745 - Renamed and rebased patches: * tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch - Enable optional setenv.sh script. See section "(3.4) Using the "setenv" script (optional, recommended)" in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt (bnc#1002662) - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412). Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api, tomcat-servlet-3_0-api- update to 8.0.39: (boo#1003911) * Improve handling of I/O errors with async processing * Fail earlier on invalid HTTP request - includes changes from 8.0.38: * Refactoring the non-container thread Async complete()/dispatch() handling to remove the possibility of deadlock * Improved UTF-8 handling for the RewriteValve - includes changes from 8.0.37: * Treat paths used to obtain a request dispatcher as encoded (configurable) * Various jdbc-pool fixes - drop tomcat-8.0.36-jar-scanner-loop.patch, upstream- Switch to commons-dbcp2 fate#321029- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862) Added: tomcat-8.0.36-jar-scanner-loop.patch- Version update to 8.0.36: * Another bugfix release for the 8.0 series. Full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt) - CVE fixed by the version update: - CVE-2016-3092 (bnc#986359) - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources- fix maven fragments paths to build in multiple distribution versions- Version update to 8.0.33: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt) - Rebase tomcat-8.0-tomcat-users-webapp.patch - Rebase tomcat-7.0.53-JDTCompiler-java.patch to tomcat-8.0.33-JDTCompiler-java.patch- Fix fixme for the prereq preamble value - It seems systemd prints error on adding the @ services to macros so do not do that- package was partly merged with the scripts used in the Fedora distribution - support running multiple tomcat instances on the same server (fate#317783) - add catalina-jmx-remote.jar (fate#318403) - remove sysvinit support: systemd is required- update changes file for CVE information - Fixed CVEs: - CVE-2015-5346 (bnc#967814) in 8.0.32 - CVE-2015-5351 (bnc#967812) in 8.0.32 - CVE-2016-0706 (bnc#967815) in 8.0.32 - CVE-2016-0714 (bnc#967964) in 8.0.32 - CVE-2016-0763 (bnc#967966) in 8.0.32 - CVE-2015-5345 (bnc#967965) in 8.0.30 - CVE-2015-5174 (bnc#967967) in 8.0.27- Version update to 8.0.32: * Another bugfix release for 8.0 series, full details: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt) - Rebase patch: * tomcat-8.0.9-property-build.windows.patch- update to Tomcat 8.0.28 * Multiple fixes, read upstream changelog at: https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)- Some whitespace cleanups- Remove pointless conflicts on provide/obsolete symbols- Version bump to 8.0.23 fate#318913: * Multiple testfixes all around, read upstream changelog at: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)- Fix previous commit. Fix one rpmlint warning- Drop gpg verification from spec, it is done by obs- Fix build with new jpackage-tools- update to Tomcat 8.0.18: * Major update for tomcat8 from tomcat7 * For full changelog please read upstream changes at: + http://tomcat.apache.org/tomcat-8.0-doc/changelog.html * Rename all tomcat-7.0-* files to tomcat-8.0-* * Update keyring file - Update windows patch to apply again: * Deleted: tomcat-7.0.52-property-build.windows.patch * Added: tomcat-8.0.9-property-build.windows.patch * Added:tomcat-8.0-tomcat-users-webapp.patch * Deleted: tomcat-7.0-tomcat-users-webapp.patch * Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch * Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch- Version 1.1.30 or higher is required for APR listener (bnc#914725)/bin/sh/bin/shservlettomcat-servlet-3_0-apitomcat-servlet-3_1-apih01-ch3b 1720534825 9.0.919.0.919.0.919.0.914.09.0.91-150200.68.19.0.91-150200.68.14.0servletservlet.jartomcat-servlet-4.0-api.jartomcat-servlet-api.jartomcat-servlet.jartomcat-servlet-4_0-apiLICENSEtomcat-servlet-api.xmlJPP-tomcat-servlet-api.pom/etc/alternatives//usr/share/java//usr/share/licenses//usr/share/licenses/tomcat-servlet-4_0-api//usr/share/maven-metadata//usr/share/maven-poms/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34708/SUSE_SLE-15-SP2_Update/56ff2ab83dbfb246ba18314b4b496edc-tomcat.SUSE_SLE-15-SP2_Updatedrpmxz5noarch-suse-linuxcannot open `/home/abuild/rpmbuild/BUILDROOT/tomcat-9.0.91-150200.68.1.x86_64/etc/alternatives/servlet' (No such file or directory)gzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v1.0 to extract Java archive data (JAR))directoryASCII textXML 1.0 document, ASCII textPPPPRR Autf-8c11ede06a6491f95f33be51d1e9ef14ff9a9ddd6322081ce34d3fb80fd6ac263?7zXZ !t/\]"k%x3 iv +fe- (4U* !a)e[{&%@yiȎw;rNt҃HG^),K|N]h\zp,E2J~ 8"MҘv5wTyԴ?z[cerf4inaKeha/[VKD Yu+N*mgEDL;*Z r K&AhI CNwhЁܼ_W sǏ͏dKP \2,FqlCX*rRSA7 H @x9uG;S]~!75)i@D Ӟ8R}r`@0i]s,ΟCқiD7g:S#HbnǎSae[g,k}>6K[T lY\t+Fn`s8 <"Xru~9vBRn4;:.A -9T2β=oo Xwf$q6bS=w :q!2g,tc ˿$A!?lDXLhch 0 Ywd 81~@*0~T#Ǚ@?;RIxy)S+RNU 45aE.d P#J? Z$[ڐ㖕tٱABËO7 Ξ[c$-w$d_:ƩVW t]߄ y{h4a8|MgE]ɀ0g CuT]:Y=_3@!@dfN۬a`k&N HN4*D)kp Td˪^ϲ ڊ|ӸdxU_5Z=rz^k[-BVz17Y#0S#Q::PǃWTej#*%lidԓVsU,59s V̩THKMT]]/Tk{w=3y.]uPO5I{fs/ã5ƹySOz LPo_gEAl8Gq~irp.7ڍQ%9ߩVVkWZ3)VwcgY]8C$<1fHL\[e鶉EZ_=Bp+*Ex HϾp6im2x61>&fFD-ut[%xe&B o6xPn WuDBZ38GjVU >*m3&j'g1+uvZ U)[),sL- zJ"P:\ CzBt80&5ͲH4挙mVb9XQrtk1pnٛAlvTuLfS\9RVv)~oAkx\c~mc޶< 9Dj7"ׯEPf$/mR~R(ɮ47!L\#=P-$Z m?Ft}qz@5wrIAy|8p3(cž&9NB4Kd_oR!Ӏ ei*'_3v6 7bWP \G„ΏD[q+hFovReJh)Ջd..frYlōD"ûU" mk3,_҈k7 ~P`D&-ѷ)p)n opE =)k![a0:_U^vT2?#V8C{|RV˫'Ē\m f +O&tx햷$3Ν )"q,7Gֵ2@6:GSDŽ(˵2pyΒi\B9UI[,e^={fӷZyvj )I;>hҎkռkz0d$\"I`OYP"T'cjAf}8o,|Ap HHg'ni9H;C8s>~İȌI#VJ{S@">aMB2*Z Ϥ R ~QU2}ԨKNQᒞ-//XGtBu MLYj)\kY$}#:GPýv.Y&^@).Fzl4bc^bUjh* `SYU89ݦŃq64w$u3t:!s̰p[HY2p\DoHg{ YNL-(/K {91͖F2+b\1aﱮr?$D'JwRT2-K`f~PBTIؤ?jxmapվ M~.o>pu@Mx34ծ~ewmqywT'ȫ>~ v r׹X0$՟ "5yWVM&0?S VO<:BicK!N&`%q -7>ՙ5`fp(O;qg+s)qq*#wߎkq3 YnKS86]>,íKE F`6|k2WU._FgwU?,G @NPt'M1z]*0ʹ ([b*`0*h,"\pQlC5gjdj?TmN0^&EZ$SKqHvٹ^d楥?Y|XJĠIIc>{s.1`g#xypjpwJZP# g7HY%Ȭ>"ի;i{N)dlڰT5't`$8V|ުҕy;Ggc/_Kz iwyT{0C16w6w/&Ǒc$K+mfflD@Q= 4|G>h5*Er7h$n? V/1UjmҸjĪoIˈusbkɇ߶:x&튏4?f ~f^86N >芬>;^KC3dT6t cKS(;آiv)WfFBC#6'#n\MQHA)d_JÊ"aaXLJQQ9V4Τ`eb,ѣ=D"_aP$"&Gm7tns3{u#,NŝZM&R;#Gɉ[xBj0:L7#q@>xc(|G4 *gwge[2ߪ'n G\L'P$RE>O8@2=nPmwl먾2yd|&SΚ9Ʈ !=M{tŮ K l] }hmz.s|cpYʏH^%~Bkz|Y_]wSvv)Չ6t}Y dxsFjOj&KyeVz d?Jګme ɺaTmQ6RBU `1nfc Gr2L*_<;-Yn1T =s~L1[̒U;k<:"\(Ew Hvp) G$ˋ66κs$u5KzF^;~,|ש4n-Dݚw% Bv\Qj&A3%7KH& xwR.$jA}kMnhl}@e'q(131A!E; M-X'` l/*IYXFȤlFDljYjm%26P^0p2Ր}XT>lForqcxE4[hNj{u)LX6*1_kԖIIڱft#i̸ W夅è a\cbx=iU]i}420T`"L0_,6Յ OoccTbc5U̢x>W9I[&߳=&ĺW'XĤiUhfۺ0_ok Vnр%vQ8jVU6U\5=&>W3ꕿ OuɝkuN`pxsU* wʿXfbHe6Oc'Iy;ϴMf| ڹ)1jdsJ"Fx%;4dFvQ+4^^cNѢG:DCrQ(#њƇp`7;ξR?rz[ P"ĂӪԟF*y/Cohd| 0iť6{#=HyQD첚 :ְ6G- 5pp^EJY@:ZXLמ('AuJwƫ iЊAfk,t;p$jUJhX*`}'h&78m?Hppq rjE:[K7IN;_`+P$h=?kUݹ#u)U1΋HhȄeo^fHĨ^#>3eG-rf-1rOOD(w9Yum3H6 QP#jbpH6-8b5pcI7G>9i*xA2b4X#-Yn  GoS~H ZCmW t+E<$MNHM6iR8nM5&J#v{jmFZ,4g {;KD}tIX()(l\KQ*zcJ)ZFW[]ʽPUxb?F+Jr'z1bǟCrrQRת~2a*`J;,PPWx,-@&ȥ#oSe[%@(UqXQq?*ZmTI?.Z$"AU ޼nM6Z(/dtRv1ϘӱU5quJ)87,e`\~2HƌقFbeofs,(ʀ(F2kpcbIXE,F #%F@o)%]\F 87dBb0Tmk;D[<Ӫ-8Ѯ$y=1mɡdM[*%I",XpKP5uUd:qʾ) ';'Me󋌬uE3o7P_' Y7*zPB}ҳ= MB[u,lT ^{WeC r ‚麒k`It$znPD{$'lΧ2)!LC~>-:$d/M,I%;4!Y,xl隢HVta!rS{iF>.G>W,#\JoHKy9]afgF6\e*dY5)msǚ$e#rF!9_W.g.R8`.{F9ξq6EJ?{rX"P!.U ]%uXX߿Y8;D}=-+BUS΁Ʌ5:PuafFu!-lLGQ$mS;[/靎qOq!Crk=73yKrv0RYZXgh0@k'nƾM%ba1dWmD<r0%pE-O`׋ed"M oƪ BW&!WcH)( 14 9Hj!2 WGd[rXhnUWÅ_HUC+!#4[ri/+ 兟dz$4m xud80`aAL%_yP\†ۛ!.xuu\q!rhdYjVV!ܮ09X3IP.P4tatA'E޴D)hSh%9/Z]^|,+UIɪG9w:^m~s\B&_if*1(n|f%֌uy5}5Ɠ qwL zV#co4Be%7$ZnZ/u1pK&qt=;j5cnuF5pCá=nknfnE-ׯq '6@m7?V˥C@W+D h"絳RH\#.w*. CpC!73<ْv~9.z+-479|П=U\}'qQι5rʋ(~Uqz!7$N*>.+ГBAXȟm#mR6v7}Uq׮s,8c9ЃWF $ V}n!ZrR䚠sD;;baQ `."-CuWf:.qpK-5qS\[Cϓ _Xm qDXg K$S$wAK$Vz_v)yfoOQs%A0hz*`e'=[E7ܖA*bead}U:|T@n1޻U^ARZ!cRRE:20DB/[f|D\ 9`Dodg_b';H ;#*;] M-RKㅾ@V {"\zxpU+ Ӻґ5^\ǵ3;O,av| ng:~/SXa -$?ifqtB oM *\/uM{+Ro+vR 8'v4KJiéf g]] YN{Y]eBh;/S}m|Wda#Pbl'T pq^GU"!jS8 ξЂ㠣q{>sPP, WE鸰ɗqߜPcB]o䄨Wqh'PIKBOlz^!}ȒOӾaaC$> Oh@.?$m9g65!T p :ךeB|F$E*6݋%#<ֱwF!,pi( ]>!(#sc+pnm聡Ywe&Lp Iq`GP~<_S_'[Xd| YUb#@6A֓;Wyenh49?|yc}ϟI/O7\U]k*AΆzNE?;!er_H+?{'>yLfA U^S|(%cS!c&JJ'KI#Yh~t‰űf cO[kC-ؼJgƶ^N{`m:~g / <CaWق@$nKQRiG㯓@}ڟyVa4hTa[@/|>u/rw 6#] 9c~`Ȳ4|ːn@M`yVH\5l:na,7a)烤%w~o/th֛Q #(|W|b;c:*K;EĂyRt+3N^Ģٹ 7,'%[jzƢa._P'F B\  -v _#r0jR?#nW( х)?χjwY0*W%N ^|D! =j>ƬT\YپKD^llկ7ٱW闘Il0ߥ[pJؓ?h>DFJQY-i CH  ]6&aunȩ w#o维Z(E}T*KE0̨9"Mk 1[UK١-vNS~K (kMZ´2~q`>09n\s}c[c;7ߵyɳ59*ef[#M?DWQ";in@"*o(ЙV0]l}\fRVfK(f&e~=FĿZ6%@Qyw\O5:Jt~Yqj=;;ELѭÅM%`lV VEAPju\&vHj Cg-VlFPz+O=hۣFAt0}GΝ/KR  qF++$+1j+U`56u߁|SX{Jkj"G8;:៹4QoO& N4 8++|:3Kط;Hgu2H[[ s*#4Nܕ [}T_"غZB#[\t>ϻzkpsj;JZ݌Ÿ2fQJH;qѯZ]3X2 ͍*fG*ΡB'.!$.h`&թX|ߝ5 Px{9w `CTZHC W &jYUǃK D\uXOFO#_obF;iD'ApX#NAS.tq*AZHb:1¡<޵$G kob4;D0 X *?#Z ̊j\x|Ц?\5> 'ݟ-S y.Ǡʾz9$ 5׉~١$t#c_ԛv3;٬={gqoKrg|~NFL4"GCq!7gڏlI_ŕne5Xoz)%܂JNpS"o>qi5αQE_E?~X .Y=/%_L}APæ29=jn07s= B8Yѓ+j8G@a`bxF W*d|t.PNڗ;29w^*GG/r_Xed0OR f\MʒVAzU)$ZX+غx bJDʪqk<-LLy^|1КگVp';l|d|66vf(Brv(;AfVPb ./ƥc4mjhaI38W~Y8zMb7!] (z jFO~V%CS^,؇4:+Ҿ+!x.4fݛZEg1l΀XT^u0%LeƮƒ/2l%cS/6;!trb7o )>2wR:> vy áv% 1@XE,K(_?= |"?ô@T`tӦh7]eb{Q; 'iP]%`6.)S:r7Fp vhl1MN/s%U:Pbsàw%h<8N.jedMm,K>sOWdkGZ ٹq.KT-a xB;8Z/xY`kގl[.w#qFFv@iw+S2c[^q|I}+e *sK*1/"3_kE]AEK ?.PIQɉ/8^=`:3f,wJZӹIQɵI_Z&#GU;®5R̠VsKڼ|S&߸RxYXD:5ܡ:InZ6wSұ9,|)"P %-"'^txɚ#b_PT<-}%ȑrnY2+5 |AE010`Y"ٌxײ}UÛ-ZiZQyhP}GPX@1)4jP ԝK0eC")mKa*$IyLǎMQN}'7=v 농Be !g;]kfrinׇ[^2F.Diѵ`s}nmC)Ӗ$z_Ain213/Xd@ew>?!9`3vG 3zVyZu_f l{yVTO1 J;G#i9Ek=ӀL*ޫѣw~j5us`G#ib|Ey`ˢAu-0KOeOcJ*tQG O[+2s-5 @ fq^ͦ撍z?a|Cз5z= X:H^p}^~510W hA}o)>ɾ˷ /ra5ŭ%lh l5 "avBfejy@j9#Pc%mD>`<;g= uM&+\,kLɀ_663|KhDI9BsLWqg1C..+ mhHr]Ķ7Fse9<\Rml8xx [kC!1I,9qt\BWZR 4'hdj$駏pyT{KY2[OUSnbX$y+WtyV۶c).@BcsuIF'bI}d+ȸ[vArgR.Œ 'S\/)J/Ҟ ?-.>\SS@}:?kqFVHʇ2OW 8;/(>)>!s,͋y@.NU.!cQv' "#2J @}2NOP#ƕ<gw(8E-P:T*X܌Q/r&y1H>pXMn5alIhMfV7dz0KQ/ Z` n>>qo =y.*e5ۣADžH/!dtqr{N",, .eAPX(R.7yr)DZmp@4d[<1bjI) ]#Cݭ`ܓ)^̳K/P]I5`>/ gČ^-rejmp1߿x,Mf|͸#>R~TD]N'fhA7u~x[ ر!tNPpZ0.R[`QW> ձ"NR=?T.~kubm0A\7Փw\V3 H^'^c҉:$=&=t:K,Ju( s_يN}'u QCQc:L]2o9nΡA Apر*TgCJ o 4Vn-7yigkUv3„R`뎑n]X?aڀְy# LY֭-gcArp3e[K<ȁzUO#Iawy;|A'3 k,Z8.bh-ADבݮZ4+IԘlkΘ2ET6_2(%/t2 ѣyNf7i(#@K-¥ER7 grw5jj1p:)"*GGGJ}fNJ2N|h'FS> <q9 P6[~LgftXEjF NއUA>\Zԝ+=A#MUp%zp 8[U_+> #Cs)lncF*d(6UNw%ALGl;ү>q:9ϗ?ƨofPYe6g7 {g{*돒Bl_~ >| A| D1=`9C&lBlڒU w \/zh0+Ԥl'p$#uB-[ȍC.D[з`րtItO06!rS =*,}Ak$j6z67: TMB@G/L"Z%d4]aCsg-sbнIN$G& dA`Ќjw@WIb#rhFT)y ֺHssi5ԡ1LNPf~npJlW8B -㻞߶/s(C.dcƞV޽Yo MhM` [\e},>.oXѲ2ݤvz/<VOE6H;Ըΐ8c.tOx5x(G~ Cr/&lMg@O:Os Zpà< Jxix%3gA>"qEkEcWgƲɕ;q{-gAy;ѴalIА箪,!d"]F*4ݚ/ySКެLǦkϾ*vզD*yxw Z 5?݆xymSiЫnZI&H K8;hP^31v!=m؎gH `ҫM4LT8ZQ@5LD}k\kL·I89dESmAwEF(kU{| "1]5jL$qJ?6H[FJ 2g=W]N;"~Z+-ЌmՎ?:k.:ՒWbm83۾ \q-Yp#%T\y?*+z//7X䫑Q8) pM@V <ەd.2bd۹1F_ ;g/viU@De?kv2+C$ڝ_xrz]? ^2~H~Ğ+;Ɗ~g^ ^;~EȌԨKt|FY?+ݼ\'s4zZf9:(L \|.ҭD>qcNbDXS,;M ̱4Ill[J^۔}*%-0 6"@~.WFG5kcѹqwA|Ҙ_--0 :f<)MzfV:J28"usUVB0C5PX?،$Ѥk(آC󶈌S"Gڶh]z` Q@H|kDUwc UH*>X| Ef*~D@؜9Ed|/L\.Y'h9%ʑI.ZbM#F^= Ekl{,;|AL6-_'HV.8wfdFvct'`8GAL[%xԷuՙEƏdY{7z>;肖-Mɦ6}s޼@k)tA/1=<@S3wᒅb¯*OfN/# 8K _pUc-!:b>5خ筧G]At\Vd!TSyj>SlS7dJpm(r"1 )μRPF I/yB8c % wdoqDv_5i2Sn.yyw31؅+v+HtI23uTj28+*oԯe %AuC >`$^ O/qd 2VC iԸcx:tPFx Hn/EX)Ue6L:AJ@@dzսJE}ܱYQ N YӃq[xHkr,OMuG'ݳ gH"|5f'WV8}i0. k[@L0+eѴBsN@ezkBQ(W{Ÿ́d ydޖ^I0p7 ~Z`6Wt2I>ѣ]FۚG.Tt9L+iXJkkИŻwx%$Ƌ7FvK8ON)hz&HfQ޹rH Z؉e xZ=<Xt&mdS-7h@9rBb#˯A )^5p`茡bC#x,m53iL j؇uM:jqBPq}dDz  >3 r1Z37roO}MJQI+tuCYCYz OWE9_k,\q,*l>k_>*3^ k H  Xȗ9#UVpSK KP\m=njɒ9cRlњlq2eҥU[}H#i(vҶd.i$:8P-ϣ䕍=棕jyuT.M<(f7Gyg#UO)3N?Sڌ(Ups gW4LjR#S`&mk""VcCCB݅RBr52AkJimA:XE:7)'k7Ybo}K>.>~{ӳnѾ<kJYO>]+}sğURyK4(-r)[ڍeHfzg$e`i<=liP)7㗕 ]d)ЛǗŖ;$E[" mںŰB%?BrF!VsH*|;yfJ gag^\㚀Ǔ<$ u~(fuiၜێj7؟u9"h'D$OhI.?waMjLmZf'~tj ^EeP}xr]>_9^qӨ 71e}q8M }-Uz>iaao}qgN'ۿES KT R;+&H2FK85XB\N I&)xJZc3ZN6+n >~ѯ uo̴峊Ds6d e%X^hp[<`sow R6ph@'LbhTin';mXv9`GiT.rl.j]_hBjPwY6d6&ϥƘl. V cPM`y>8ބ{HIա:kyruhR>X|~2}M/5z<sdDB;"Hc`_o!|%\wʻyK{v+1.OXܔHyɄ`,TӐHU}EVx4IVDHs]߇ fÚbDQrVգ?xJǂ5ez[Ҳ9a,+dTqDvJȦ^*^KqhRw2'~&]}f>=.\x9+1UK&7ODKuU?5ƅo C*.xI.c%t,n0Y ڡ?M.&w.XpS -~n,HӜ+ICZx܆Zĥ&3]v&{1iB'IH g( l_DLziEb5) Sz[7hEP<9 3sg-0z;HxPHI3wԄOmĸY!¯ȞZ:Zx"|3xR)N`Q&|$4?pyfWhI..i_ݙO]zxzGF'z$˄+O%3]ԩcƜԌ"muLpfԍaa'VQ&1,! d^δ4{jGg88/K8Tn'}{;Agy[8[;, l1c L{8K>UnpE*f(ib1M5h w0pnwF`u}L ъAԡ'^Hh]<"Ǥ(x i6)]\͇'YĹvՊ&L]l;~Ff1!0Bq$2Q16-T'+g_\asLLo &_[`z|ع-F!?}1.`f A9a epCN&dJBN-(UT jáw1}DqKw3޸VÛGZ3X5{}Twu>@ 6ZN!}xF)-$.BiR^h*})&F& ]zBd}9YNDlSF+G$#7Yj0ફCs:RUR5 fZ?m5S! i߰ѣ!>MQb=͔plrYbwV`߯.-}@R}^oo@%վeXT[xd݅ c JJ ʡm);ݦ]^ Rg\/_uT[<\q1/:P. UMԧ~_/Vdo?MyoB҈?PӆV(.^y'CZC#a6< 26t 9:hGibEsJ\f΁Z)6N34:gS'd7c=@@[hoo`=?HHBI_8$0v̲,PZ&(Rd}%k6:5b5MIXw8wҡ׈hkv XmELSꖜ @m?h|L1g%ȫ+4.gXmQ"ElF>]eQԞ+3c<-#~x_ vk0ub qReTى{ZAp\!X^_2a"#ά7P>q?B\.<ҬO-/qr +1.x䲥+]qrud1$kYα\G1oolƘuUIM.2SVgUVx*}C_ص` [A]RnӲ7)X G_d2 '6 WAvA(ۣ Onޱ:=f =5νN 4=k ^Ipա,9iaϣ 5&^q0}CI1$|H[po{b- ⓴Je-kl0qRA 1A[rO MC 0x^o 9?+3xg9i) Vefow '/ץx XU%.vjSD.3#C?84aK,VNXzJR.gVcB;;,^u%бs0&TZa*=a{ÛꗭᕳejSg5kRBY<>qP)9>؜A_n`/KC%:ˤP&{B+XB[ B/1y H/qQ@/#kP}c؆VM7~;6?jecm5|~)W|~)SL=_5z*PD.nP \Gule=6Mb1>D\I̜PvTQ۰x̄n~oJ9ɞ~~>EzrS^H5󢍸*G[sAQ~90OW4e/T*vm%ɂ0tR]]othlqU[,2}F0qSKW LUrʸA_^ZMX9b-?>Vp źjF¿q<;8cWI;08X"jϯ*vƄW7Tg69&IOCE>T3ma<״}VbBeᙵMlPV q6Jɞ04I ,0&U} 9zb('R@am*?9{B)% rGip{^/Xuرi ,Zn wf+*=!C=ϪIuRodk?т9\*p^ڍN!F4Rؓ_[Vj0*(Wx7g"=BBFiCK~d}^Lt)zj^bh)1bH}(ݭn;REBXͻC{>$F}*P`|PY(o\z2|8ke5{S=W/a=SNQ>R}t1]gů|^^aJo+Ycq2/^KIAfrA&m]fxi0W!`fސ?(U)>(GRQLZS{){ =V9;g;OY~-KA"_A`bp4u9tjcruVY%x2 W ~tIz%+uM\ѼY:^*Œ4gpW'dpNhԠۤR*!$]r`+xOf5JӸ}̾v۫B)+gNCi7Ϲ4-ϙG֧r(wW`\Zђ9Z)Q6|&ܸ/(OԌZYzAT~9qy;qp0 6*?3Rg)4ŧ;7n0H3Brcd^R!nM^@,WvMZ2ݜ#]N-F/]GqQDJmQag$QTN🛙ʑ,,?xj }9zDf@PT-Mii!/c|ː]_4 הܛ#ӘYRj?;9JGo@5|Vr S,;#i]\3B`][?-Ep8ӈ0XCG"-+ \Ffr˱H,9k-n+9\ad ~>hӡ#olIi@r^:6No#S B5:er >v%K$+quj AGLK_q%gXʵ1&0WrV5efDHS*fW,1QZ:+]o(SEF2)@aBP1˞~w7iy ν~h֮EGgw#-C n_-B !펕0BJ$9O$8Db~̫gc#Wy-օJMz_oTѠe`5RW㥰Q[ͼ'mP^0P3d4:/ ȥS<ͣ' P[ JBt% "F JrO" F<>TT9O϶x,B_ÇnuʧhW7z݀ sG(.HDoK?a*/򝝇5ٖF) #쓜W54՝-D}ûe/mJ|0C$VUI9jgS/X(/h6=&{&rɞBbʶN! ΅!&'fpig6&s,P|A߁EE7}=sxt1Wz"dRg#&J48 #Hv {K ʆ:HI ~o\A섃+oaקtX@;N u,nef5)|S[Dk`zI|^_.Dϭ(È٘fʡ2@K>-3FSͼl-ȸ byk\tN:1· F]t2m<ւ|J }dTޠR!25@Ajm$i|x-QJË-0z ?[K.h]kbFR_i[o[.vs$;B^/%4 *wi" FTOwVF84=6əlm=}ZI~xw7 0F+5~yPKQgAіeBM=b >^6{FM{]bЃRˉo"^t'`YVܼ^h/!Tޡ{7 !n" {4YS 0/o=YnШ[r~9x^ r7_e.Sh11QԂ>a83w\h:{i2gԄ?D9"'2%$_lTS4 p5a}lk:Z8~ʐx䌚c/[F9 y >>QZw} DŽV떑磷 uomᕫڌ vXD|y bAݞdaۧ#cfHIvצ);)dۨYWec#tjqzxU8z;6v֥}9jM‡+ 暫~|keNfp:bڌN8{ Wj9#\8 ~B:a=U JKT}`e gC-hhu"}ns'$[)j-]Ulcu*YI wM_fKMkgeL}dyWZw9m63х-58s90/Btku;X.},7cKǡ]ހ?~l2iAvDjvs*ѭ3scuR`TA,?66PEuKU׋܄6mMת&4~xBvj]Ob;Ls#W;V4S߈ULT"+UobPXK<9#ID Un͞e3;? k]nӅA% Z2#{@FX[?fkvV.h [ dS5W_z׸]!i8%qmeWMrJrOzNc( _->.YA}pU_ G}a5 6y^LUNV"Lvwe^n+&v|Йp~6M>] ˣ 4Q`ibo~ JQ:>"^%KRͤ4|܎eK;Ԍw*2ZJ!.?#|9AߖXHѠ%M<2,om(g7GpS"@dMhjFU+=F * 9n~ML%-W}PDaٸ5Z.h.uȧ|mkSG53 䥰mV5(AUhL4ׂ"y}HΠl `PL y"0su2¾dQ>hڋxJ_ ^ y"L?`0 d?5'*1|PD#/^0~$CyFwݤb*.E 4J)Ef<)(_C/ME?*ExBjuwFu4<ߴʳ*m""5me%\`wS8"jwjjG. ` cDK=;}͢ザ6cX?(4 (4 ˢǷƗ NA[D3Nk~۩AgL֦k#:6&_JQȬlL0ܲS4- N` g.#)ͻoLB$S{cx=TȔYIl})y>LCKnX;kAs*cW'i2¶٤n&|6B)yGI> hg$#Gc f)Ig bC>`/Ʌ\g6$Ǐ$0 VlLǰd{DVEn SS חqsoNwuxvdOk9VzӠ 1WqUevgp2mӧm($ h[ECCbj?LW ^^6b ɠACS튍.;{xx7U2mySbHtQ !Ǹ|uJ\i\ksTe^,IBvW6{g s0WF R6nrKzQծ:"jgq pHkL2y#+Um>Nwn[;y9]FjU !Yrz!Φ'w%_u.@YƮ3U/W m "W$M=6KN6mb s:x.s֟2$:2A WHT11dOG+̥M$bP)<Yi c  €RM\IG ",Ƌ!d'{2CeB6!@ s%ʧVh5G\94?VvMBѷ | Z?Lt,={;Lz 8Wm˗TlOC/qzFDDg'GSYAV' )% qr\ZW3MfC[UI4rEoL]"Hl4ӫzFfH0m%#Ud O&ͭЇ{.f3MAh' ,rETj=-:/I gP+s;? Q!H?gzp4%OKD^j .KZ$ѽ ۯ\ fAI3CIօCQX:\$^}p񖿶{5wPq=UHʻkc$h a+}>`WP_"deGi8,_aC952%l~ Ud,AH #TF̑$2k?E/ rP93+.W0īODOmN`/`| ܴ8t6ZJzڷʈ:,~cR4[R39*Bs`r>Bs}C<"i%6:gI ȴ?S 53hkh&|⠔|^gA幽&M\[ H[^(6<4Y\95x1$TwPIMo}bQw%ؠضxuEJa[Ĩ^u03l(+<,GHZUGS4c5NG ضnI x4y%ϼź!˵H߱jvĵ+u܊֕l6_G@[5瞘 хL Kٯ8`FqZ 3fHP?֔A32V#NMH2GSmU #C2c;1v՜/6+E+5GI80!f8 (VX}<2eiI*v#.kPBȒyo:r`&ۀjΌfE(@)C*cu RYD7Zy2"+2k4LFئ'g=nch>:"bWWˈMz"?P"Aᗿgy>wxNfY_ js <[rƒ6DWSR6..hn/^ >\{ec2=:+@VgwtS+Y.",*"_?ui{[N@>y{;| _q&HqkhbiM#S<)It QŶf*8d[3M!ՏFo<ؐ6cpf&zG=ͯ\y @{7df0zРt^2y? yڄhOCq5to Mi[ϱUbBPk$hT#~zȔHnC-Goϕ!hBM'lJ&Ϭo-jְU /(FoF.-LzxYp  $+7eD{f9X<ʣ``/tM`maq RbHLwQ{wy#:q@ N P3L'8 iQJvQXvLmU.0_Տƈn%Hl5R @_Z%'U߃_ig%z~n *NXWq:9`IQB'|]DH%=ꐝ/`Q\Rb/% > U9Sh=q83_=sbHDq!}`ʧgXe ]Wu:~[i#b0~-&TPԧ %_ W$,g >Q}*zMr4:P>H{Ϸ%>w570e3c[ioJfZh5. ^»h7p F#A]I1KEQ:Wsv+)쯁'Qoƭ7H5;Dƞ8/A5`lP ֳ,%ZwcࠫoͥS"~ `Rw #>܋1-#bVļAZjFlsx"= H/Do@ҽKRc+EY'͓ ffيҔA;Z$*A4V=k&M"-.IORf;EOt#hLK4z ?D]CW  '5w( })䆎kS%#Z(a)TqX$mnΠ4:-zܪMjΐwFZ䞝JZʸɉ.+ӵXt<%e[=9UPHvkWMDⲭ뙮˒:J͠ B/eis"ގ&|^:܍ˍG4 ,>y_WW`T{!vxl(8RէP.!C*&rN}&xxa4#mcJ]LTBV\)6 /7T_:i) _C$zOtǻPQUoSvhWŇrg5 ~ 6/DO瘑R f?q)Sb'kKKI /q{$/.]Xl7 +`pym]\$%+:,r8/26DL C-&(6 JbU͵E׆W΍W \hn6֩z6`?U12j&jg,E|PU<τ7c,,j`-^$ȄId7t 1P3(ehtGT,{ B$@vT&'/!K3Kwȅ4 I!'ˎdΞ*Gᩎn{afu0ڬ_% .ˡh]6tHBޛuޙ;A{=1{߽7* KV5f(n6"4-ʦc(Pzr@1t#}ʈS[GOjU\jHUw͉]m%\Aryid*(P )BhNai+)lA /)XN_ܒlz?SmRr2\Lh|G߄SQ׎\ rK sp^i= =E&1eOޮ|wq:drhwՠ>q? q+sKEY&">ihʫQ~_űl=]: a5&$鮱`7>bn:yњ~ (oUADNWV} IF]=W񧊦y-LmP/Yv謙cŶ=,)`yЋ߉N& 3Kz疟ScD 0{8=i$SSl~6k_;+ GR7s xP#hZӈ+#SkatO3xO}Ejt9e}HQ>`0mOL89~-T&* Vf>eÌ#E^V?,%19i;ۃc]IToJSJwIm([B'lP;H-mY͏Yir?GRP~i3fb{F+<'h*`P}K9Qs \@(r]lYw,De1χȇ"b,"^qg d"!G0]_yˎBS$ +js "%'=WGx smf:(3;a|6T),;\F|m:WlHW7ث" nBz[׏V n80,ͣ᳑eX|I&NE9V3*o36'?\ת?YFcݗA8 #@ ~"rwm~{G~0ŧĔUG{ wH.Dhgˇ7OCmمڮ[4 ߝo@LoJj!CRªp t,g fGMiR.m8F>taP*BeX4$@3Cc"9\uԂ9HD +e^&PNQb)L质Q-nә^.a߷!1,xTRؓ~uF1+^?]I(Cq'(GҸ\)IXwY^O}?pw{M  .4Ɉj>D\{; O-2M{X1`BE2b?-J,?8 #ָb eAmo`0xCe k |+i]& =/]r\<'+oO$oGQL,!ۺRg9#[ 'a<"-~Ec7jh9^Ҡބ8MS<%LA@Uxb\`FZӏWD,OW&TĕC[̋hC`Q߷:##%[sAI'(@hS 6t]E/=sٞd5B"xCY +92>Nnb—fO۠bb??r4]rqб@ahkX]޲MY\K1՘˦8NX [w$ + ncjVQTy^|qa8{L?T=H~X&^"8?X2"h_6Pln^m[1RS4f~ LZ TflNAB<jWq q5c(vVc&g=Tn7ٜG}+O wnWR;nNS%*,%NLґ$DNӒZ]ՈXKC"1++(I]NnZ#1^lT niwW 1< EVPpLUlG Zä@l~67lPxd!$>o Bྒ2͡xκz+L 9f* ໳ƒZ#z̹Nit|)mk剙Ĺ\nx㗢W,aI{Fs~E0o.,\1h9 OQkdiIhHЦ:'C0DV/i+ E;/HsJa{~VbTD-'(U R]z%f,f_MjllU1N-WߧD-$ '>=  *!ad͖Rϔ ç-PGBǥf=9o3>A8_H XENϞ-X+Vc=V!^eۣtGV 6ZX+vШWpLFU3)y:;5/&y<'~SB°#wG? Dy+_l:LנG ӊ`8-V-b՘ *2|;] z9k bqUf dS]ۼ2'9rWa!?f`YLWPաۊA_ S.`*4[N+Ίw!dP@)/HZ c6JܑP =.?UE߯MmaiՆIeU%q:0yQA"CdfIj\!D7eg>dv´$=@۬pE1z$98S!ljU)5n(KhzУ`/Y= 9v3^6v!@ *+3rZ[-9m' U4!yQ|{#&`ե%U1{7bΜXJ?zb-=$oK׋Zp+T  O?ϮG+R{a;W-#* q+}* %ݑ+-닭Cҙ~ZgW+ҐfO|PM?";a@3dJ"Xw{p:LjBP>OAs#eA+|C2,x8, ի? ȕj;@wƃl╏ޞ6X܊q=,9i~;4iǽ)"'VWNwED$yc0$ Vss(A|Z 3iZ0uݎA:~up,YQ*kN8N (e(sQMe5 4]q, #0ބI+ev`y:>L5Tpxz:3 r׋Sݨlmz/j^Q#}%մ,YJ֌&`wFKή0oFtiDtAX}fbulx~%w k.$:g"'Y_!x)/3B3nA?~;{!.ASH+.fuIp*KGv. -ږ`z]d[oAG=:|4` "H+^&^[[F5$9@n/J%Wp\yYwdw$ 0B 9A ZzS~|LT/yEGtMPOQ&\ 1Q+iY|[W$էIp]ʄtvMUrT^BO(Bh3_*^>* ;?T^ն'ԟs9:omR[|.wo?(o\Oԭ{ (> ;v;*H;jWbi0hE*`m*/D }N#H(5<ypoPcH졌F |' #f~-~cj;1>z,,>|!Isf`\8㺵r[~,]i7G([QP!t֋),ܵHf4M`S%<N&}:vUyz!^mG /CVr󾒼kAF4OYu@>qK |[?tb4Oͣrt(̗)ӄJ\j ? }ynk' HW33}'NI@(mdhcW%> nIG_+A}񇿐#T.ik.(dI; 뇔!N dhȢ!.o}~fb N8)lY~+Դ9UH6i[L@9g=4'N_Lzf/5 u08}fݢTq{!ubi%ީל:lVi@@q!`F^ϫΓ ~eW=<*ܠ謣O+*^La{oV*BcF] vS(kM=RY&S ,[m}v| 9w]T}U ۅ[Vk"\c| P6ɓBwYח|/|#uc؝ZCFHN6_s/ZM3{:lkM͊rT'-q#DNWX=0uXx<T] QJYX+8ݓט3|/mȿ hJdf磧_K㕻Ma7(ODGo:>Kf 6{ X'Ĉf8._fX#VbxNHC տ/ړÚy.W^ܙ}hJf|a/ZNP uح*ʜ65$#S wC~y7ct=>g?j'{c݇)bKW?dhZp4զs,ED^` {0ڳXs~mJQ=\{ B˩^%FU?RثBPmAfzR6l-O"ca[ݪkz/x֪S,G~ڞWHIP=t/՝`KsHEe6 Şp/ kwtX+X7^+IqZjk󠞍I )ƒlSrܬ {0)| "BPg (S(C>%& ]ȋ˾b#xK*m\B/O+wy`s&p{?\=ub6B\"ұҨxaA_),##c_+rig 27y^xۢkNRT$Iv9㹰qPtj`LB)mFv /To^WIjJƛk悡6#(FZ$6 uxFdi°;Pb{ɎQP)|@h܈q~DxM-H'zSy96AN &о68݂hd{D4"ݴ=`[FB.Sr%d3\-#yxaњz ?9Kb쩐+xzs#Xx6lntC3Sky"?K%b>mҋ 6G $pf([P&ڳУ3̌7KU{ +_`X\J q O\ v^yX?a9wXo fSY7܋_V^<]0Uԭn\sHܛt7̷@a%t,@Xf}VGs(]TW`tHyd ِ%K IvV?4ә%̶oE]ZaF_] ϼMx@Dj*1w7! v[@@rgx n-\{_:+Q}86{ʝшמ[dt扠ɮ]>3X7'b;dMҲ&CQA AqrW(]~GTAvѝlo2G4 ѯ$7pcf| E@=d^X&R₡췷p?]{D-Иm{+4=8Ih c݄s;_FEOVB(-FaT>~Aq1H3&Oן7ڣX(+OdA@6^|TCJE&'Y[wG&մ;TeyQS($ޓoޞ{Lwp-XvI[2rCC\bu˞+7_wA,⍏ܜLIm'q2sh,X9"Ua {ɃRuPUT01BvٜJт)Je8o8@]1cF."@WaRM׆")]t+̘}Ӊf2Iٖ :&ZבG0i%Z|*Fb` |ŏQqHsbhodiTxRYI${1vZIm=}Q^ٍ~PE61 ;m{nR,LCy&P4kAbH19,'b)~lbuGؘ+M#YX8]בY+-345/Ljx5:+-e!] }kV'Nn"?^ÁAkQKۈ5_eϘ>B;]DȑP(~c7AⷶiɰfTصZɢV#'|: u2S]uPEʴN=9/C pCFo0l>1[gC'V.Ga*yV)GX՜0|FD->LFJ{Ww$RQ[ݰpeqޅ~@ՀP4Fy8|d>2i㪶rjڑEz4RL}GR j%eo͝% (|}}t*WgnؽWJp\UɽD:Bʬ aT &-k #F7jA“ojL(q{x\ćlŻH?<-9ޜN_Byd6O#o\RBowG2ᾘ('83cP 0N S:VDqL Z2 mok?t:#6ʶH? $#VJPu"ލm, ڈ2qh="t׬]U 0H8& :[&cJ17)mleƃ8>vfOsff7 ;@̦Mӛ j FجE-"NfWWSA#`U)I׋ myԠ@#KGӉ3m[>X6^mXӁC%؜ַ :^DfvF]zfBF=LX)7Ѹ+q0;h "kWgAkx 3/B7Yj [F.W7t m3Nٟö.滽?>`s 8"y~`kS',ɖs9?U>PZ-a}-'}ġ\4#V3X8U3wRXȡTosJGy/lil1sqξso6Ph"u`<15/|~j *vlA[Lr=!qJ3 Ӳ6JTN^.; PٌLFf1]K"m]uWfa^ٌrI3yÑ(v1X]4 z"Z0leI+[=6_  y9Aň V/cy,~I97Ҏ?$< lhgLe‘'QbhvY.Nf/g~tjw 0W-kX@k~ ;C1u&7I+.g5WT>O; \1aW\ ~Ss[p.fuL=m5QY^yFh!傇)5I_2$F@8!ai0Rti8ŹM SHe@e Z2`P L4 yyN=*y,V#<ȟNk$[5k6~cR\T$9S ^dzmEXj<^6'˭$ D L3y~@PPlB<\zX-Q>B-}jU2g>Naw A0R{)m1_d1VQy4~]X=tǽT U?j/ }Uܠ!V;_ f3k'}:,Qr;#83*4 lVI Yeo94=z=~abERq}EЯYG;%Fevg[/VE ։7Ӽ7c{>,cՆ9t=ʻzn7_mcgٖO+.dK3}ص@s2앱i'NkCEzۈY6uMrϊ,Hc_@;0rcW?N(p` -# 09ʷ7~gQ$BݓK''usV;pH`\uizͨ\&!Z'^(2Y,/tڞلzb|X[x̐Ro*4(b l)Re>ǁ'~2bMV"\@R.W{ 9+k6^al~pIf)޽вbtEUU~ ]NA>8 Ddq:Wհs O KEJ@9\@э_9,zwf5o7[C-XP!IVꖪ"U$"NEYF*s`-Zw~w OW 6 07 V. k6@)i;׆sk>I#y gQ6agrWvI 򝟑VYjv(&P" ~ZD#9#L=KJZbւ~'z[n%ZbXlxOEم>> 7fqs,;ɩ} 547rݝpqs_Of? /t2Ms4{؝ QGG /{S P0S.4݈Nh&]! `\ MFcSՙ'ų (1Y4B1+M_1j" ZdnICf9P GS`E_;;ܼ&vhaC>-E<:Ԗy0UKn,lLyGq厣@ҔBtVqޙ "Ϝ#GuNlSdlzQOwIbmmVZ~ !Ch5F -*: ]_|Lt*a>xSR$>0L}D l[|@G4PĿr1]Gx47%&T+,.ڹQ\E l=qw7- :ˋ=㼋U4-l+#f'H] Qb@G`hBY)1YaUqܿ`nW:-8ϭd\N|nn"-xǼ~WdzlĜ `V"!FlTnxYK]x#c{"epfޜ}TCcڦ%j|^k[0TcvX+M-.r_\i LSǓ1?(9C?f%VMWm fR ij"Ctsݜ]JCwǯ=^}?x a0 !U څPBPJG}Jo( LthrZACÍ&z2 M]B!U̶ݬTݔYFM>*x]^:өŗ}q(!I<ޡ `qvjri2N#Md鲋3=D![cώb|ՈAZZSvy? Y&-!Vb?Opfw4'} Avt yb'hmEcT;X˨xr@Q ù4ʋuaP_`qP/n&映`="|i0࢓bZ,^K1dKTeY8ΗWXqDIR)?qHV࣡+c*(yTr1.ϙVޮY/ljB*eh9fOB>U ndf(יh^|T2+D- 8o*o ʜ4֗ )~<:[>sj1wvFhuM7no7 _!F&#V t)LwF-dL`ض[MB>ip; 5:\ŀimSTm(] odHsS܅ vwx3ȁȾDm. cg,v덙ӘrPx % [gL2xvRGi BCBX%MܨgLx Es.m|ɩZw G[!l5#^{ YyZWEϨ8Q,'XB hax3%OpBfϙxT nqf)1TŌ.(([8W ⲲٸsFUelh$" 6,*u: Ŧ{Kv  $'R 2ּr1<};% U("܈[RMffWZ' ֠6I;Yc_ݠƫ{~ŷa22QxTYEiPD(K>@ b3w|O>a)Nj!ae"G{W*ŭ@:`@_ޫ[UR>TQVb<3Rgۿ \țZ*yEqy 闯krW}BduzYLѽHIwn⼱6H ].z؞07!EPːs#@𤟽 IGW~>Z~U8wqZ˿<z!2ޥ\5FoS&Μj)բ{^/7a:5 Lx/OMt;4мpQoϒD z'f-v#0 7j4yvw=@(,ݍ~˹)V=S;s9sG8!g+| {K,`I`|\! 9Q'C{Yf8ǥằLf3x֚9fٺW{:B5[};s'cB=WnD[=, U+iC0:Kiwg\͈X|",Mڭ&62tYY]1U7)E(O\ȏ3RCkPgg2Q6n(2bТ˛n?.sK~LpI:n&si2U|pj*p%*a0Tn/Ê+NJ6DC!hq}z'`G`Lݳ6@o@E<0a!.b_qٕsu1^,hz -| ;Bo"UQxst?rP3h)5Ӽ:SgJg"!-|* tQՆ!h *y@ZIΘP 2tMMv2t 7j83 ,y tPn_{L1c*ΩWCR_ŒZв.G5A-&fa1>D-йĿ>'6qf'9W4J]O<@3o eijt%uHP(S8V[ll{yЦwi'J|#adTy/PM!Vz֫ kshz5Oi.)Gqٗ0h".NG:J="[Pzz:9 UF_&9)O[l/K%f"+IZ1~"e ?Vu{yB\;.|KZ;>~ KB;5("K 2A_9ݞE׍ԭ?`Ϲ9*bAF6ΚH&a}KТՍcFb-M2y;ϰthY\/~"]Rb.ջ*4RW"(i,~&CЌʻJ7n%fQ'5lyyszOgɐ/1?lq"{"2^ܑdbCI'WXB+?_m5=N\ H(iLW-U]jmmh3 W7lEQacբZ4K\x~q!)mDA;8cwᣧlܸHȟ.FwQ}ڷ#FW7`;p^ZL/(kP.Sل$oMJꭚ$() y*@ܓ񙙼bg8xY(J\Izݫ.g` ovY@"qhיA;~^;AG'cN KJ;r$hmm8a2ns@AVKþj2؊ME&emr ~M*P@ϺbDNҾD9Q"G(j7nFE30a<EvSX5ւP|A'ːNN1Z:vG^?o,;5-zOc-WH1,6~UnxZ~ |8@E(LqLM_f 8l5CY€ W%&aqIv.^6a]b*%(Re]^/klrJק[hM>iÐc/ Jԯ9β׌? E `"r5C{G2*?TthnɃXL캖 \S4Ükl|5yCb 4AMmڠl֝7ΤaF2r~[__Ǡ"3fX88j*&'LP^i [Z "x^goWҀu'P/ VpBn}L{A,* ϼRT8V@5ي/dt 0)7 }e̴g 1p^5UoTfGrgv66nL 4;.Q MA士9~FǩDFW!{c婫NR+i6TH>=YrY1Ќb*ZeNZn|9 <-Ȕc_Kg(џ2#~HHZbŌI'xKJ?5Qڃ*#5/ ְFR<Z3 . edX~s)2X#nR:z)RT5aT9W}DP93ugH-G˜j|[UjmMQvv{6e_7'MevZ_`EEZ~Ctm}c' Uf~w3#V78`k {~]7X AW&nO!{*`i+:T?/ю̴;^.@s=V,ƶ8xsCCN)iԮ)>yh !k ٘&6{*̝ "5]PgD?yYUXVfXR~3Q_qqM7刿T+v~jpeX8tWX?XwJnBVrox.7%'/<BkOG>#s:hF$刡Fy@|FD hԸeSJlɛ>l$5~ ȠW06x ]KZ6-zj9 -fK+Q/Yۥ;A $-!}&L/͈ƔeehSJM+L.h?KBC,~rBq"@KԙoƧ0 lMmPì M]Fmo6D̀Obx6wA'}6k$o(zH51?ȗ>JHʜ0oolGgE=Hҁ'V;P].*_bo[Dqbc!Y+/&,VjyTA([RREBoܷ?#,½:rap2JK*GTcb@oW&z-NH#eD|-F'|4axi6iՃ*,9~PBamo5VpIk顇sI޿s "$3IcYu<9:^`gd^4Xɋ<_^;8 GS6W8]6YT&NrWr}CyY,m3ߥy񺋤n>R0Z=nﰟZ_ tOOsT_.Yiˡ#/}H&ڷ2N/xڶ)G*{[ˀn얗f5ƥJуԐ-.fk =v" E%;]Jٕ>8ک>ЬV!v|K _mcfF4Yto9?L~@k1-/?{c,]介$=bSkqUc~蓎Œt{bmiM/Qr!~2 HqWaK,僌@"/2i'lEpݯ q 2Ooq}:g~] U]1<}bYBuȬj ʕ> ւAU,<,p@+Zx'x6P4}Xh޳\x~'Wq}h?ݚФ6R{:[DW#*0ny/S[^C|eo\^fˁO9GpC]YE٩mWl yQ:^U8)kTedv8EVP+S@6seݸiԛ5L1tŵl]g.}\g)AY3\ !0B=Ipq(v4R=`(R$pVICrS8V;11D&~ۈ-13kڠpj47{zIKn&wL t{^޴^&=$2lrL>׈:Y&\WG2TWE=D7_^ i@FL<9!O}**.v%D-wEmg4%0E4Z!witM2IJ5\%.tO kT< 섬:޹3m`2Fa[P\bH,>`.\XwKS>h\OQӗkBwK-*q/xPx{)Ə JuLznd 3⑱ۇqN/Uc Y! |o})bcMc5,+>s[& B0몕$Ѡbe{v cX|Tـ \V߆\)$o&oY&s }T2$p <UNN\x58y|Z|4Ci?$ g)ȡu>nfMS X[1go ϳVT6M*#1p}Jᅮ,VƒI6QOHv Qvq)^0Mxs&zcV9n&iYL$op"h `]1=^I= Q4a]ؔ'c5V ,To)y қc?ۣ=Y( jbf@<l>??mTX]iI({xX%Y\tO6r@&ǭSf㣲i?ly'|0(/!ubBS$A'* 'DP-h2[WLC+%~67_#+Lo(˸{a O$&[b6Wҍ9}nES6(%^i,'7=:S c˷Yp 8qݹ+0}zؚd g @ЁjnKdaʈ>KL[aG0%# CHzu@M1Qޙ풀- EɎVt0@iW jwJ2b_CcY'|%=e0tXsy 28 CѶXB~NR@joOUW k236ózUMJDv[]J&$>h/@^,tsj/>*Qe&Hՠ2|L'^3H=gοUCȥlFqmJ{ZaVFe]J\q&STjBF?YA`jȂ9mTz{`3R]ܷ0k>a%řnOC:Z6\3Bov{u=*v3:3{"qNY.%p)m'MdqDiB<~ !Lh,z4*CJ<5uaD1?U1e x࿉ڞl,3$f(|8W8 `}>t*}Jv`YR8~gu!;:dp4ڕL@*J҈&wNc$Iv3GH-<0Vv=<؏ dzd,{xF"P`ڄv|֬ξ;9Öx'%eoÝmkIۧ{ezjr@dP6i·[m`'ҘwNbS<2q͵7$CZ+]$j}ņ)++P!|(CZzR ŧn\*6B{7t@csITIΈ|~~aO3|y%ɴ\xTs,-+hDaapѱ>xYCK3FWPCxȠog旊k-uԤw*>11;A5P3 bIqX6l.ފ)nw)5Kšo*y2~ִ6\@=x AyC (Hw.ue`oK'%]fg7w?k)_d__FHlaK`> &%/ԒST Pμ֋P˜[.ḺxVߟc/@TW[Սމ%,} /f3^Ku=A0*~JQĊ(\$ B1k$x sKVYG.}Y7tާPI kP`z+ĻuxR㝧kn $mu V;L_fN$.<&㎼SJ$@;et?)dk#S6x<NedߖQmAW K` *$zZX8W=۞=Vs=N>cRnfT`,t2L^CR5~q~G*KEIݢ&XxƯvcrlPBn47;qHGHu~ͨ WY,_<*M$նfhZ Lot>aђGƪ%1FTo>E} dχ&C}v`9~^[L,q7=:]-_1Os~xJ5K=C/D?5ޖQd#Ri.7 Cb,r?4)/l~;~޼I*~cWyP(S8?aUqisN,$%kt2ə)'ɴ&@E)v4&6ś"ͬ!pjHzU4>Ͻ Wۊ^K=Bٿm=CMXCG)7y2+sŅ$zȥ=\4}eаf4A":4%l{sgu$D2;+pf{՞<R(r;g(aHwpO-)EXNzcCBgpTDPy-Qsjt`a { H++I-s5RJ9Ո-+S5y,(ffY?L>,^Bȁ(&c`WJD4Lf'ìBg7=J0h`Wr( gA}@G!MVȺC |?G@BOtxb#i-T:> 6^.>pj>E .11(HMJZ9NVL6L'mLsleyT-ұU֑}~wf h)EQ<jHr@xN\c$|ۨ(N SGM@CUp^] zWf o' ]O+wqN b'mŀ -- j||+ FȫѿH]gYJROv)04~ ']tӧjұlGr24Mwfn_ !LA,8`n8r;>2adӒR!t#k9sC=/ux,%x?!ÇӤ+DsX.AtM ~)K5fGz t&1ǃ])F9+m`+7Ȉ}oJ fClG`K#a|&j0ZV<*^z? Vn$+VIBqw5e#%.JlDUoTzʦHhqz) $%_"bBac[N t ߳sPřNг.[5.#N'9&zYFMjV^`?i$3Xu;- ҸgMr/ R1ZxV41 ß+Gߌ,Lr~YU,#f25# A߳Ti @m-wNuWh>2J*v9dF/ISiW)b9f{jPr]&%f:Q~䛮ɒyokqT-Uui25-Fs,W/Iu\MY`H41UUSܯIz۷5&?Oז$zӎU$nZG|!)NWNUd$Cl]pG{p ٰtR S2u]Ch2$A3fDb#<S1ADiQV ^W0:p.>MרTt'5sH 36D_|ޑuK乎 vt& ]zF?'i$E,r}D;x7R!Z!-"H Fr?MYyw. lƀ}P-yw@8{*TL9ۃXP,]Y%/ YC3"}}CIWAFm!,y}`݉2hHM"jq UUn1zlu0/6XfRWܷڙE9˳[B|w[R[#?ӱDHV븕^ 'K| /-ǹuGu)Irr2hnտ$7"z x-jir "'t6.%7WzZ6<|hI!v uƱrҮ `Hi(_FDz␓}1 㲗Ļ5ޮj01Ҽ+ \fi+YKm?o OoqjAsP]liI 6.F4hidAY7!̚'̶,Ѝr`GdxUr!NWF$2kFgCjHA[pa[5^ƈ'莓LA-z-ۉ&@WED[pECyPv.4uLQxM ݕs,HrZ] `6ކ9-~r[Z_R?"Kr;[FS7 `#6Zi%:#22Uw ƕad(5݃'Td.|y,M̠1-1y8Wc.9QhXf#_tΝP4PyHE1=_E=Von2d gQ@|JLoMpx py#/b>=?O"xpO}2I?faP! dG7y$3mnPӓX\O'*-tL&rCJח򟣜׮-0%G%<먳߼~8me dLi0xcɄ~jS9.L`T2ҐxVt Y-@B! ˸w>[Sgo A?EprԸ~vt#R%w'Xy>?fh'}o`(DXBO~Z_NMN߰wyjeTFfKb`.你;SzwUBKa܃ӤB&;i+zi z6`|l0ʹs&qzoʮ+5H1f$(\|>t//R}KhQ T/[c7TGV[LNd`\氿^F%>A>)^)x,f=8C[W;-YlF47;Pr$q (l@RdMRN]vHԛ/h58^rnA-޴( A܂sIݻ.7v#_N1Bi `TG^MH۠$K P3em"OM6YNAgLҗ,p{eVcj9Ċu-Khq1-&rԭaWߴKWG_g9lX€K$k@xC4[IKQ>ܙ<,F2t;GlrtQ;r }j }=?w̯ p w'ҷ$C0kxv"yh.vQĀl+)0Tbm}pi6ljזy=0 87%}y B.Qf~IհPzc#,:#u:+U,aJl2Y. \RRa!9~$@DRBɈqQ~0J|*9 zI w~iG2z[׎Ǵ{Iw5F&BAG`z;=UOÀ!C#_> >{;UEDugsa6;kevZFK>:3_wy<7k5DdP3a+hli' lMTʗ튚 wh7IaF7})u+? Y, r2+G?sJe9 . ԚkƧ3TFЬKΚqNB r&ɃUw"S߹!eĦ5&xB@̄P6:3DV̄ 4Ǔ(`  d[S{UbfSG%TRezQtR1T=֐FrM5.X으7kbP#O6cA{y-bMQNWUI(K;:0e3XcV ɨ _ -)~]`fV~.3G]FL l0*j&‹uw *g!|π+M!ީٸXDz1ϑ4!X-Č^b +'e# S S1\Ȩo] Lb XxxRL0[2h+5 LIp9IΔ1BѷDʌnCx\,|@0m_XLC BQ} ٢R0.C~/>!*)'-unr#Y(9;e_ >#*V#Ek)z;U]jV$̋s:9n$7fG/Ť\׮dM %1i edxOnEcd m5$xXuΛxuF98h@4 Zָ6)纉Y=zMԇ{c1]һY],+-8gƻ}4ď2ih(f%շOR d2v+ʬgG0C^TҘ!aKloR]4ߤ-',Y lc`#1%oNdYWL,7}(iO[q.r 9?޽N!>+7ڰ+|WaCG, 0dv!m\o"W>Ҋ{Q=0oEوNjS?7 ~}*^E"["DטD5Xfd4|%o0 .RX6Bex~քT #Yv6wXf.0B!Cj~*Rt;j`Tx a$8X`9X,NGl|$1ie;Bg`ƖeQu@l^VnhTU3h҃"Ӹn$beq &VJΒST 7'/ $I";e"+k/K/j޳A-pmE*g7-H[|ScH=.Q9$q&n$+1⼚#CCBC[`4$!oö8‡w=Jm]pC5GƠ,%4P^]V)Ek3 gqR҃e!<>+eIƭp#OS[X;_1TuXw9tnV}x]ɨYXjV ps X*Xm OʓMD. L{2o> *ts)3U!gv|8~ IAA\O|#QTjv i : | (b,΅plDC= _# K3L?f}%x6gܶYoP SvYзvxL! yu8ZqD ]#`gYbȖj{NހPNk^1W% $Y]`FSuS 5x!W?nlZg\Uk'G7K!)Q*ٻ mO|Q({shȩ4"1Fq2KhEq~6L ыHNx(5pڕpˌ` Y̮Cl#0UWR-l$3Dq$8' <[whBH3FLHw))692V 2@Jo~D Uሽ&z-?yw62̐&ebq1%qTke0d*A讳j K'c̓fE,J+zS?( N't}wY4_qXq7~gPZ1e`hr~` 6$8]c9YIrOeJj^ %X5;QN͢)Blf95H]f12ؐvui7|mO]}5aM·Mu#XЙcx${e>?։^"Tjr h/7$pф,٥Us*AKD-j駅fMYtAQ >zs|E, dh>Jxguی/UR=Ce޼Zʂ+@'0$ XXǢQUn6(sl+YaqWBvIxBm =|U͛a#;6X«?_j.;O(3 # SuH0s/Ujdڂ0~jg+oh0+ N bW^aΊ %2wէuXz*G sl˿ aa>cA),4xm?e]Ziziҗ1i6 w5Ui-þ‘8[R5T,ӱɦ _3ƒ Ddxi|is0 #_v_]j [#qM ;nRFhW  гVʕ::s{CޗyH-F;N.֟[@\'kr+Ŗ<\7/x1Y,}Xz1E&?֥DÌh=XSnp4S^d0-EE%Ѝ:*b#4<+^\h<ˤ<0ɮiVb28uJOMY+^l\!M.? yG7Y)N0>hә U1ۑF2decVU]k.}tM,6odPLE}u( tsrdғTt1kwXRτmeDs7FL Nj,8)g ւ n'*Vq4 'ZB&$ntKU:w2=[Ui_{@.G OPmVK~%KQ( /9$W Ǻ,Ҿ2졓lko(Ź3vqGye 5A_dV7T5D2p([baoQcmN1 y\;\n c&|2rV)Qr\xN#\eQ*?"}mQRX䔽Yo"BدAO:!7Umad% VZd9hMr^Y47!{(h r+5jGNTsrotAh`|vއL[H%`y1еQ~Fg pΪH6nbs;[„h--6eԗY?_Yv M.#2v#LfkGRO jNȄVlt"ۋZsX\+tQ 5qD#zPfQRz%yk.a87<)=94<2.6BI"# -;0]cen}WM!3v,pv`lK=r6TY: o61 H *lJ-viSOc@\E=G5B6'8|%esq*|Dz:{O;.)$ _s` ث>t(}T\a  gώOۘ⎴4 )F7?CtT) 43[Keߞ<{, W,~4tَntU%/Uh>5(R<Z;з P!ogx=P]j~4ܽT6'ԣpu fELw3 ipT<%)z)+PSF R%16݇!J e1(s4[[5GЙ,B]s̖ 8"1D1^/U:E.x Don!*69bFƗIo2 -\ȦY9T"1v?2Z]j"8Pk[X^ѱF u^EQûG8~͟V7z$މdw-LoPCIm 0N5i%#rCsFN2imNVjPUB(ۋ#^NBhzqA߈auP]9"OOj-Qk[J-L_)|=ұ~k晦b[\Z lI C<땷$\_N5%jx?5b;*=EFkTFR%Sami:bՎ }1 - ^,IMcG!O{摖ߋ-0hP >Jy@3H~fQq#pt$%j(L?,٠KIʼnH(w8 efS9dQIouU?C祜 ߈{ɬ"s]ZB↲- hr1ɦ%e6aD,-"ϑ<[^nhC)c l(C2FEP(4J#1'/m%\ e$2sxRMeBrϳz%>FT y+q%%Tq%3f]M jp,T5ݮ ED{])(]?QQIA01R zd\mhG#-2>nT8LYZZ!.;֚WK59>8a?@ s~?Lu峗Ւ$avRtMJjăo1#p g&e0/U\/8X;xN;wMc ]Zb$eFchÂٗ'sCC"@s|[~K;xUʏ}{ή]TYHjED%3V.~DZfRϾ$O;hq 杂3yb r~,0sㄔ&F_NKwABS-ɱ!*})ޫ]]f 6b KC Rc,qmݕ#X=/.7 i*PC"dH k}Vq@ <EYND JWܣnwH!.M票k|!W !v{US؋)E3D:u+H;mD-fƚ}{ľ.N";m`%%6sI0bafsemؐ.ҔJP.ehxgCzV~ސT/w+e*j'ȂSIHGc# :yã$$Wy)srxV %$o_EnT74u͡5̂ygpP';qINm*! U

mi,FCu-FiԜSe"d} F 46Ǩ 5GʄhJV JwE@+ >NP$ H` vGb*Gq ^b,H!^y7xy[:F K"^@YLLO0a"֑۬uKخCO=E0RD W$VkE_Fa)s@& i6px:AhlLygEh=7v5)f(Yɤ=UrHnlƶIB w.CP@6W,~r1\#T"Z);r"H,2n(Jr}Ąp5< 7l~ ch7NݓF.z Egӛm%> >qj]T_ٗ6nni7F+2Y!ՙtˤYb ~-UQIX& 2(V}~zQҊJOo3!\uux<?+>Tֱ<\" /~{Ί0#А9&iWٌxF@)Oި8G{ O J=ọA}G{p-in*eY^O$`jnɿ#R8&E̍=`%\mך"kڊs&=:n!saJ{ԥEW[+^> v*!]Fe{$Ԙ{]#ܨCГWyO]%<^H{`&#݆X01 =7vb_ݗMeDge8@ W.ƆG,r€!!iCV9UĶYLFn7ݬ(R{3 Sܽ?hǂԭ6StBw:[ Iy mXdOigOP'2vwmTfoLy fVpҴ# Twcw%q%2B#P|a]xYfvK^thhf C.͛񾘸P͐X'b[fE907(g^xU>EL=>!jRz ?v{$bXMtim:r.Rwrjt&h8"E\d W٘vnAAk4.~^ 5ٿHª_kkiA CIg*+HM[~%qf׺3#u;)W Wm Y~3|=@K]zf_UyڙA󆋵 51n(|G'_9 Lёy=W}4HMRr93 Ԭ˛kah7edzēAǢ$\7&?Sd驄_pzB#D|_L}Qoj4@&@J!Xm BvHU;$"l5=eLD? Q>LNW2:N'hU4< 6Yl@,W L X%m\eo"4PO@+wxIt7 d?T K2u?Ri;z)!^SgUoӻQ LwKp6$4a5&]%)iq aD r}t"4rIP BT[,<3d%ϰ "")"[CHz-nMȤ|#;u%K0KdS3 85~ Q?z n5 +*-8U2 UWsj@Ru@ Wh?8yKm M5  80[ BeM,9Ö6(;v4XD+M e.%R/]7Kf|Nuը워,ǃ{OqϓK a@ P%[:كn&lROu%=ׁF;;\;#])mQ)嬯%VSX d8sД=,YLd|!B' qňG'\e3lXeŨ& fхؿz! zxfZ&e Y j--Gn0t:k^vwt ~#zG)}~$9U6hV5XvSj%UUcH[O 6:ܥ*ƍh+>s4/K&1* amuc QQ(>Q@X~qbvD I%?~{DZp:]@@p?/"|/0 #KC%D˸:85&)@?IչoeߏZEiP>*oڌH+R.ݺ_rh[yC%:ޝ5ːZhIxVICy,w`T"M7yriE? 6>C;NA3>vTc:4\+9dV T]5a`>GA#uiI}[k&XOWg"c8du `"l57{-Q:k>Ft-<]N).2֜[]%/8/vD }O)Mlң/ɨGg6Qd Q/wN"Zrr|"y s(N g}vqqT]j.]&\eXBՕdzNb3`m2f.'2%9l9#AňcY{Y @!V%FEav{Y!$NKwk#'c}''NrŭςL߷ A|&fN\I:&r4 <,l;R71.<=Q,/R%K??i*Ƶf%C{W}fǩ!>WHmp;-G 's/*:Xؒ Mcu0V6cD4H#A$c 9Yg7|H ?Οaˉj.g.l,ɾRo|uF;29A*=dS+Ɋ)ulAa6;>M]Ef&|bD" /M?,KL'R^;\bk-/l]-&89_݈=ƦclP%abݦY-qLY K4%+)dVF?AQr*H ZgZVLnsTRuۙN/҈h0HPKbKfT͋3VG;ߠ VF ouT*U:1nŲU:!2O;ys̫s@El T/g;aA3wV;I7ÇڐоP#qLzt.M_Dchj/ #hRLزG`bT*|pm8_.`qxehhCNTyt_;ܠ?{,^p'kTI;OިƞU+y1!N'#侮Iت5}jki 3gL'k6ԴoQ@ÕhgeƱpH#]s2R]鰈sv?}-Q튋Y"UַmEgX$Y%ϛcdEZ_F|I#e78OVj4KEs ɿ8=4N6s];!Yd/On4=c'6@?踶@%h㭁1G4#K,`1#9 ڃH)@'k76u*૏Y#yXEH1og=/R 腦]5"y6~9* +d(R`똉 SM672 g.;\9Pr,Õw%o\ VB Dr6><SL 8b06_D$ w9oy5A`tnE+pђbsUZf'KOVTv=0d*b8~@rk)[s`m&a'o-Uƛsҗ-|W(JuPS'T=^ֱrФITtD5a3O"hp,{˭_=V)%)NcЬA8Ɂ?R %J椒bW](yZ邤q3Zbm~[_hynL Ղ_iџ(%wU]zu EyeVD,heiRT|5%SvCC,4jсDl~; D WȀ(?ҕ9Ecct$&Ezd+] ׊y|qT a0Muq//>FyYY >-_'z>iDANBcV#*cpG:lƈ?cHS>A؞ɕٔ$W⭖M7F%rkp/q*zHDVijۦ6˕y)sDTUD:k(5(R3 Rx:+Bz>g|z+^ҺAZ+wSI0 N9i:@YޢR;" Y4/0,,r.h3<m5|H{0UЮeCʏ^cdLC|wM)t56:]27sv^QB*H^z<-HDX9t^^TWYm}v]N 4bEPK:G{c1Dmei>Q@F=_"IdAvQof [AY"@|0ř`nrk ~ YvWd.` ?&l</qWEH" ,VRoFQڞ1j)vTԓ& kY䔯h&Mw,Ekh_Ϸf@!beȭNt Yu`2SODXwztLF*j{ lGP˹O3iΏ Kty~ LB,Kp}9.ʱ;Q"Uz 7Qa_<@듷Di#cM3I FF3X>Qv-`ٟ9 +ܵS2k(t`L;;O pƯNy(z`31w9II]w;^QW<& /V'VY. `z)Rnx`X[Ւ65{90vALFFjGK 16 r?;?R@}q' }tIG4p@P~*%1+ fS]u ]=Zs:>b Ck2&82Ts#U,/e~rkѯaje읭"؃D6[+&[ˮNz" l \1MRZ/81@k"]_!3Br]\U=Ʌ]oD4$`{VO̠-ܴ#p6`Xu;T(ZzJ`\ nWNI5CȒAt]g}vIVn>PV#2btnlhלۻsbOj~=L`ч|s p'c\k=BnB`зuuK?p1"焾s#|Q-y+vTD\Tj[#{.mLz/7kB^cY; Gti{]њ5xv$vLG .:!? ޅa̮;|Y; *!+Oᤲ>)^t)>w1BrNC(n c$İCTw)}Up C!5`C92 v+dx?C60@GOuJ;OZXa|?i_5:Rsۅv I{շ'/k ga{tl 2}1]AN>N-߅GDqj>gJW=۳=$ZVEN?E:uB5OzfB~ƿ|W+oAp/F vB%p R@~nO}BJ=l,-1->3i"-OX 2;9lןjܰ2_W sMBhi HJԙD!mR^η¦GKӺg>:yjbPQ>4|pf$7ҁ4c }J'yh`ɏ]~%=[w2OLAdTljNз# sM!q?N!F>i}l0K=R7(Z- 4l,S8PuVYR_ &v MÄEE?~SGsv6Zac* "Li]5{eâZ͎ j&$ꈒƪ(~)}qr+wYx(`XO%]ECR냚s Zhܖ_sM/>{ 400؅$~' S0@F*E6mL%^ݩ*I`r4"9[~AK|}9$!93[A @E-j,,0Nu.%!h"3#qVs/,F/ Tg(]?&f7T~Um-*ns"IJ3YCD5f|柞AVI&Gr0/+Tޣ˭ώ=qjRBNGuM_FvarpNnט[|\4 OEjK>oeN٨ }X/Eޣ/=hi)gYgvNc/f|!9}ʈz.2S 'ꁂ]b;m7$5g@J-eN%|9Թm"ʱ̕\b5y#6'Jga3Ot8WzXEħ]YO gmMe!l&B}c+5?68a߮D_i[H>öő]g͋4""qRL0/k6/(n7b,I:^:< ORuI54 >l.W1|RT8[q h{G.Gpc>Œӝ?§^X9ޡ7ǃ. W"w9{*aQjq5-5uD\7eTJ'kZ`1`Azjè&oEB}3m9m;0< 5wDN+^c瞸M pd՛d3?CEa_QlTӥSP6v4Rv1߁ 7# w2V;5ͼ!rg .sLlUy]T 7n|P[϶5C(8q OBvT^y:Ἅ/̽Ic(=YuQHkPeZ⳶$=p&'lT%V*,_9N.lrӡ[&"\7e*0C#(b<$2m xwu֪# 2c> Xa .6M\ڷ``еeg$P)H_n5Ńulu]7k4a/5Yp!ITig½7/.:p-)?(v1'sVݏv5(I7Y/8 pDV= +|!~-|n^R&) >.zv*L P}+#w$;m'V/rDN{[y9ʨVYG-iDh. &~͘#Ulfז +4 Aw[ϓnd%yV@dSFyr(ZbmؠU}dR Q Hk0ӽ ZXd9Oݪ! ,z*&$;Hс,?]%^QJV\`MVx  4ot'O9:\Vey(.E#čxf61Š/_ ing̶tajHK Yt6( l!hz,1?\ Z]YR#0C AL{y|R F`RKZG)Bwz?@!W5,i Ľ,@J77Wu+d,u^\oaD>aW/L dT.L98,H" \EI1LQh66~fVL\V :vɔ\lgCMjԂG"ǙP J#,H+B9dg_1&̎+1}}E,c:0U_\Kl\9.*zA&V2^s`7  cqu9Qեh3NALWn0{yu'&zKrZ,9]4Z"bջz7} W~OsaD6&+#P웮h户`̈́1Ԥ0ah;@y/&!UZuYwQO^WwFs_pNh ~^Pon'852imvTĂxp4G0r wQt3%ĺ1Mp2sCF\471x&%z.]яZ0[#ܸg'vb jX(S#~Xbߢ@XH_ [xmoC^Wڽ5hꢼբ,-QXz=E|uI RPH3 ~}#N!)Sr?_e )!e,'*n3l$`_!⳿ӷYΡh3+7EOrb(0GPGVse>eDy "c:0Ftĸxa3_tch(!62%u m߸Ŝ\~%O8?Q^0vOfDfSbF ҡBhy"|%TQ5_I ^Pr?BєQ~rF/l Iv[uVL$৆5x2vDݫ'q7zKTxBLlBDCw o %~q^|nIx &ͮ^4P/5ݮ qۨ8ĨٴZ,c)hT?`$IA~Ax5u=\/z8nloqo`]x6 -ƫ*p%%?ՖHq Bm5:\U)e"K Q,vh-5v{O_F`?ة)۳5jT_QJsRrɟ԰ݩa[ CNA=p)vyOp_^zIᴨlv,jξn69Te!#5_9\NKVFLGzݙGqy%ߨ9ڞo۰ov&}!9@Ӓ$;L2\]f)3a0ZI @ڷm|X/z.6TMSum2L,3*®^$GyƮGx9M~ipg:<ϧDm|'%J{o`noS" Tg!>mұ.͔i L)HeP<,FtޜDϻYN*ʪ"/G i( DӾ'*h1ef3?i0ѪD4(:ẉ VR$H˚xs m63)+ `*A n2B#t &!/ ) @Jӎlf 5F0(p84$4)[eɤ֣fBhW= >޷@@:, +d$>tvnN`)|*x-+b'2z˅BN98$ߺRM?f)d9G ϫ_hs0+2XkTNt"':!As 1X}4ߑeʄX\HZ3SM!NdīR}愺qճpDB>E񨵄2%|*i2aKL*WCy}N!*0F (zఊs@)J!-=)v AϵM+]vF^ ƪh‰ |+*'ܭf y=0@>n œC)U4U,ڨ4MD[dYKjW=!1Ȳ$|PlHz9MR 6ekG˯V} U _E>{R怆cV<☉cڙm̻q%z/W$%pxwtp{`n)Bw}v]xE pT>ӈ5mb78-)I+6"']eW1XQo1nό"-tI}>7!? A Rd:KsժiԵ?v'~MN.i)HJԤFX=[TMB^ϓ0Ɂf{WO׷;G!å8.]|̃>ffy l'6`X> "h}Q'|,71$z9Q1mhA=mQ>6,Rl 鴁XN|IJ)M]j{@]n3v{&(]79jf(Kx,gU ?ͺI=1X!X(uҲ8U/cK`A|{jl,51hn;'ÊҼϋh#ȗqƃ+O.zCC/H Cؼ]`3"^SNjlj_#DcKrS>@k\0K葨J_6W4NW2vcU'&:DaRnl~ϓ 󨥢lf(8 jlOJDw&Ev}.4ߍ{C2K̪܊;{/ջVKIkT[H }tvcgsacW3'mӧc}>,q@ ՟O!ۦk-oG >9y3rʼ";~ޞrJ Q[8*0}r*i [o=reyBJkuf]^}[u ߖ@qH=_g0AŔM($L=5Bq ʣX1'<3[L0i3 O> h#qۯ|I/Q 4^<]ϝCp`~To2 ~-De:4Ɗfїj=_s'ƊelGJ2Nbwiy.p~]#"^YsYo$$3SA_bGv1+@x8_x[9&f\D7KFGo0&ߧP=LY+TJ*|?)AVcΛ̈́ 4}3[aD9חpE`Gl-["-(; qRn/KAíh펉!سf&/2 t{+0. 5Q;g6"є Zc_Ǐ FU t&K؎2 #; pmwsπeJ򟤇)`/I~`'l}e-mЕ辁E@-۲# t`]VjҐ\#q #j#ONoBx Fd0*}}-28.CJ:;;Jtم;[vjsWM,{k V`k֮nu z1CSgBo"f$OE@/F7\4k & 0!-w_. thҞ.4pЃ}0o\HP\ lf~L5EPrnrÜ2~`nuϲV7;#m :?#QPΎԔu8˜( 092s û= iuN;&jmз  k~8eVpqÍ$K Mҗ,T<_ڢ:kUe#X@Kxa#} <5Gf|!JXP(XWZJC6cG []U۰ZυS ?)\'B?DBš >Oxz vMo- ϧڬ=G n pr:E0Y"쯵ޢp&w8n~^_>zK]p dݘ>0b i_I/4ˏ(!|a}us/sfy|-*?OR׳wB9M"m,mXwL4 v׫TLjB' Sn&r.b׬#Nov?ŧW<x*l\5;4֏\A(a1vhx8 W-ޢ?W ص`NsdRo@ Xd\CxY]މ0LL]b.#'=@(c71s EP1ؤ&n'%\*r?KldHEȡ'76S2kڈնO7Y'T7*ma68pakБRнI1CJPYÑn +^ z@ʯ[k\=)}䏋d'BIF1.:e > u@@E׻YC[uLWɵHJ}tB@EkK *kh/,9uIa\B?O.?vOC"vj,8iD őG,E5Ffc[a{ Mn$ }Ǝ@˩9zl8 `i2o1t:dx)N9bF*tQGC[c Pב"Z@J 3Yu%s$!Ez?i !TH.&a9fZ%-L ׽oϭLB^7ux*fI׺)Mdݪ}^#μ(8 *Q``YS4oH,K8p!CEe"@iY3As?І+Y Lȝݸ]P4"?9UD }.^.R{=/\7cAxg@-]"+/'Ku7$qfY؏uއz+|N|46% 0tV-[uiM]to&SƐA؆b,u:S%sCtE`G'rx3eQGu Ok9,Lcu#A8- ̙\VNjE7#/q4~J LUAѪaD̀,ъ)KыZM$cEE6hp7م[@Lv~S@#X:eMVp3QxG2Lm-KKȆik(9JjmS,˾!@H+RS)8"X8%0DcI^xOLP Il\J|n^xS@59F'IHJFn]9y)_Mk&7Jq9#]k_ !@<+f6cHeVD "y踻<;?F|#YcGy;GHGZNDQY! Hw@ >+; }C=|poھEV.LO|搁f{5$lZ}Z֨<7=j("*"#ncY!4 H{%!!/A9qӍj4Mͧy OR89Lbfq&dGAnG:CoOSW޿\q)ih c[9;5XYp!zdp ᵯ+ȭU8 .&"Bj.Gk̔JkO<9x^kEۖ`bcs]n\"D)<8~ 5jr+H10[&2-?Ev^{9ox1`P" ?')XB ,CG8X ٥z4y N|(NGa:Hk=}+FESx l~U[<=bZX/N((w[xR.a)A.ds{#LI،|(+>3mP|J0 :GG>/ _:|B2`hYoӣ x+7ף "v[<\UHZ&#Xi]e3xlU"pXLlj]qYa{ΒmvD'#$: TGa&F 6p/ӈXAg!C*bҳ1$?D!&6HHӏ=ć<#*C9C8Y^}~~_YѲ6*`O.LϾ}nj&K6禌dڄPl8m$LMdxZ;မ|gPV&ݘrCz<@|-낣JTZ6Nx*y}}0pTCz'PIOMn[O%99P\kDztJ'T4DLէUxEv}rPt1 8C}Uֿp^eew0K'A2Д'E֗p/E6 1X,/[;tXJ~>reRg];;+ピmA+:XkGqFն^~u"ډBu1ݭ(}暸y^Q=*n õNuoXar(pjJ#q5 wG㽷]\'Lp4nRiљtqA2՞j ord?ĊJ0vʞWC8 ߁#WdHLK8X$'ͩz[P]1BjcSe R|~VksB2V.AſI F!5df !Ɇv8 q鲯Ix:> wg),7^Dt_ P;0V盡>\wWg׃b[] uJS*O)ѐVL5HtE.3g>:;kihۑ1 el}I?gMC,&GI$"E[j]3=e'+WGDH8* @)<yZ%RF<B[sJe/8UaY;S%P{ޛch@e)O>z;+S Nc?o며-`X +B@x[^'&ݕ vR #U*o\a+@+5ӂ^w S1G\jd@B1hq{IQjWTZk ٛ_ps敘W.@1p,e,D\twWbrۥoaY`ͭӎr·٦qŠ}*x{szJDc>v>oxd# T+>^RrC6rB{l RAHqΝ˙e`zQG$|#- 2/Ӿ[p%Mi#aI3Qv^VktIֳH]z`6.ʇuQcAʻ0fXo ay6>{@3}NVש(km|~aIJ$}XnMkD@4Kl#˜ MUb`yFY]V=+Cz-z%|%R*`ΰh*]A;HoT+GH~-NXTL[ٙIirKsu'|FP!\Fn[OK$=v<7Ny~WfnMwտy_w>#{9L]aP<[NnӘ)+j^b5#F-)<ɦoWz^/(8u?A8U/ѮL_L7AU?bG{@WҴhh-c `i{[l R%d#)0 dl5JL qxȚ._z~+%Тmw"xZҙgOwڪw aCTcgZ1~!uݍ|KK {Yv6R'#yNL{RB]rjJvɦB֌@qE١ 7yY^wI oOfLfT9՜[g~M㵴<tyt야"s%Y_L=c7|skf9{-lEBi&F0\@H8Q۶lu׼6>s9:%qgYE+NN| +&C;m$x{eOuj9CW|sC>`\E]X5L)FeЬvfFd}5߼.4XZm<‡A(u h[ϠUߨرMQq2W#s?f ji}"(Ք['KsXgY蓹L9p=?} ~WmF,2dNݓs =uyxsO5:U,5^cԳzh;|$cf_w.0fXB'\J6vvKrOI*]ѢOӨ;A{%HT5 vkDzMpxݜbU0/-x𪁿ZfĈ Bb''Q̛D+$]ꉲ4Z'}lEIg'BXirGg .X+уe"!*H+ \ׁizmtdQLѭYoAzzH%G N%[(xBgϋB>*-'w>=`X8U ([#H(6Qn>`J9w" *mx< 6/ݜG7,K~ѯ dضؐjBMJeAoŗOهˋZgo .ETɪuZ ͞tƽ AI%FTN7bGMPA,BKD1-X9v'c4`>Q @' v 5:n=v Ln8\1uʰ[xND9}:jY)Ț?s {}@ $[vhHƧmL9h\9{:MiÆ<8r>c-y?PZt}25ԩiNAJ.;O!!?*`*z0Fb4fyÿ!N1Lroba>7Y Nzâ1Tq( *?R ۇV;DVֲM@ ~ƚ |+m(ENUC@g~~F0iV^Zy,n^;pwtEQ>F<[ҀfoQ_/MCwIi`d@t6K,8KR~R=P}$ 4Z&sڰ.gstv뜡-aaX)x*WEw5D=^W1-s%wfu^_\S21̇D9M1\8MХH=8%k%ax{F-eC3)˻ӭM9~n *clU؂y7Ad6/PC|^+/lXR񾦺Uw%6-6(Ii% <)ͽԎDm >H@6X6Mw>BO/ ?~K;B֝f[JSiP<5jާDO ^3wTp4窃3ر?o')2mWwTLUfY#D7Z\CA p5(G='o? iFEt4M0Hqbm4wrIQt@JJבV } ;\@枑>]L<M1\5rFD:47734.eo0>[ǯ,[QFMlQއ"ob3d4607dsy[[yFg C"V=\W6 ] 73߬)U#ۚ'Gp'L͙]/bߒAfwwCp"Cԅ}\7{XV:㇄/e ueDǚra+ZI>s[2.BNGY4CWsZvgDNbV<H00=$$z9/+3;77 O~zbY8oت kFRUϸ~O2֊*)ltip?rMǭg@xz z;Hr^sz&p<9<1;9eK8Rb#ï3Z 4ϡ^b$wukl&W`H$hdE*\'F9ZyHq>,Jҷջy*IpDܬ̧Մ,G"r*L˗c@칠0yIw[J58ɀOG\ \ysH[H&+wx1qqs+n40 Šx͓""RΉC<-72>a ɗzPxx[hǥa7/uqEB/WA\ʰ&~˦^umz y*gء 4v,IT\?V^ 'TT+כ+(Dڤ$-E_"}/LN?qV:VX56w/7j lrxqGsN=Nv+995FIB\^ɳǼ˼sp١}zQ6E{ݓ@q7C#_ѥ*@*[-afvx:gFWtcI.gg]J фFu,x"Zv"5|RWHN D[hD}1V;-?!<_*꣞hkb@-sJV$TnݗwBSD&C1(IW ;j~kI9A~І=A&@OAS?My' YV ۭZqr(_W qt'Ʉjӌp1(|CC@H?&ӕr6Hjj)!jXyzYN`Z L'N̦0-.ӦG8!iu 5\qf6_'cЯ P§jݟ4!VCM)F)~LWD^PHG;׋Ю)0%Y?rJWEc"-,WgFtƒZ:pB:zH+.8BI~`#(d8qZ9â!.yv >ŧf7Ydm:G&`r 5mʰ- 2^jxJ-n(EҿvyT#?ZP泎`P]BQu@zd^Z-/0zLJB٬:Q͒I; ^Kj_<ةhӭSm]>zLJrFܫ&H>'tG| 8\n(`lFlLK,FV"ii%rsxמ㑠wlB(?1:97*jp^5;ń? &Ò0d%Uw=;lĵ.wK3͐g=?JH=zst0Bz 7;#ϗ) {./tS(x_hk9cąF3X!g N. IeZ IeHzT:b}op` q&G(euVAu],z?k_{n}TU(BevpإUJw_fϓMlz_\rd9p-{Uo Ek刈J=o L]joi9W[Fcb7s-oA箚5GD{0%F;>Ck]i=N4|5'rƥaT &VDYxژ52c1k1}ȎRqn-宿䈥!0UWs>WJ@N-"1/JUS*8QErD^jWJl]CQ?Uإv (X}/t 7dONif"k__*uݥ!'R]mhn Lz3@SPLG,2\GkyrIu< L-2gLu>:7WְJ,N+Cs`!}UBZVTXmU` c$kڇkE7y"}BLVGn"eyYZN6mFEUAtQX+Sp?,a(r@X@7%3CvmԮ'N1GccΚ^-&ƔBdwYۀuQ-qV}ɱ%;Johba0Jr:6|JT/AkmDz 5#60*V|̿AERo$pFaJL S@c)Px" ˊJn p50s,:}π@yxYCBzF튎 u9ZFA/6 p Aqɨ 5+@]kkc\q,H*8ub=K%o>}WˈC+]ޕ;fZs?f Ҷ2?xJW+?%|\.g|z510ҐV߬"=ci>E7:-pIcģi}tT5*[-11KQ/{af18OMtԏ3يu槩Ցi˗eĿ@Z8]Ѩh{C4h7QW8^T@dGY 6Dk)Gr[; (|ѪUlWjs9}>40!)'m` 1Bj- >)Zpނ ".)tպ䅣 cZTE{Ƽv8ƋYfx8UͫUIyAH[0t'<"f6+f&QqfnC[&t]B.Eu8?L ywG!O(JXsմ[>GXgazF>OZv+94MEaL`Rق^}79 `hhA|cZ-~Ik1#AϞvYщdMẺޏk~Ba狷 cDC-N3'u~7 br a>]\a!e~CGg<)IgPY 'cfr9{2(RJ[+Ndv6+B> mb")tB鵶ѯ00jsHVh>>cI3y3TiT&Jܙ[ [DV/ _@$>kEM{;-wBkyЬ#( Rt%%2 !GA^ʢ ShX8 D:X^(.P(5[WC"eD~~ L*23݌sPs17$0v,@q-4BZyg{TSO(QŲz\r3ؼ|>%0 YZ