pax_global_header00006660000000000000000000000064150264520110014506gustar00rootroot0000000000000052 comment=13306948c860278964105b10214da578ab30eeba cryptsetup-2.8.0/000077500000000000000000000000001502645201100137375ustar00rootroot00000000000000cryptsetup-2.8.0/.codeql-config.yml000066400000000000000000000012001502645201100172430ustar00rootroot00000000000000name: "Cryptsetup CodeQL config" query-filters: - exclude: id: cpp/fixme-comment - exclude: id: cpp/empty-block - exclude: id: cpp/poorly-documented-function - exclude: id: cpp/loop-variable-changed - exclude: id: cpp/empty-if - exclude: id: cpp/long-switch - exclude: id: cpp/complex-condition - exclude: id: cpp/commented-out-code # These produce many false positives - exclude: id: cpp/uninitialized-local - exclude: id: cpp/path-injection - exclude: id: cpp/missing-check-scanf # CodeQL should understand coverity [toctou] comments - exclude: id: cpp/toctou-race-condition cryptsetup-2.8.0/.github/000077500000000000000000000000001502645201100152775ustar00rootroot00000000000000cryptsetup-2.8.0/.github/workflows/000077500000000000000000000000001502645201100173345ustar00rootroot00000000000000cryptsetup-2.8.0/.github/workflows/cibuild-setup-ubuntu.sh000077500000000000000000000017561502645201100237750ustar00rootroot00000000000000#!/bin/bash set -ex PACKAGES=( git make autoconf automake autopoint pkg-config libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass asciidoctor meson ninja-build ) COMPILER="${COMPILER:?}" COMPILER_VERSION="${COMPILER_VERSION:?}" RELEASE="$(lsb_release -cs)" bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list" # Latest gcc stack deb packages provided by # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test add-apt-repository -y ppa:ubuntu-toolchain-r/test PACKAGES+=(gcc-$COMPILER_VERSION) # scsi_debug, gost crypto PACKAGES+=(dkms linux-headers-$(uname -r) linux-modules-extra-$(uname -r) gost-crypto-dkms) apt-get -y update --fix-missing apt-get -y install "${PACKAGES[@]}" apt-get -y build-dep cryptsetup cryptsetup-2.8.0/.github/workflows/cibuild.sh000077500000000000000000000011731502645201100213100ustar00rootroot00000000000000#!/bin/bash PHASES=(${@:-CONFIGURE MAKE CHECK}) COMPILER="${COMPILER:?}" COMPILER_VERSION="${COMPILER_VERSION}" CFLAGS=(-O1 -g) CXXFLAGS=(-O1 -g) CC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}" CXX="g++${COMPILER_VERSION:+-$COMPILER_VERSION}" set -ex for phase in "${PHASES[@]}"; do case $phase in CONFIGURE) opts=( --enable-libargon2 ) sudo -E git clean -xdf ./autogen.sh CC="$CC" CXX="$CXX" CFLAGS="${CFLAGS[@]}" CXXFLAGS="${CXXFLAGS[@]}" ./configure "${opts[@]}" ;; MAKE) make -j make -j -C tests check-programs ;; CHECK) make check ;; *) echo >&2 "Unknown phase '$phase'" exit 1 esac done cryptsetup-2.8.0/.github/workflows/cibuild.yml000066400000000000000000000013311502645201100214700ustar00rootroot00000000000000name: Build test on: push: branches: - 'main' - 'wip-luks2' - 'v2.*.x' paths-ignore: - 'docs/**' jobs: build: runs-on: ubuntu-latest if: github.repository == 'mbroz/cryptsetup' strategy: fail-fast: false matrix: env: - { COMPILER: "gcc", COMPILER_VERSION: "14", RUN_SSH_PLUGIN_TEST: "1" } env: ${{ matrix.env }} steps: - name: Repository checkout uses: actions/checkout@v4 - name: Ubuntu setup run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh - name: Configure & Make run: .github/workflows/cibuild.sh CONFIGURE MAKE - name: Check run: sudo -E .github/workflows/cibuild.sh CHECK cryptsetup-2.8.0/.github/workflows/codeql.yml000066400000000000000000000023661502645201100213350ustar00rootroot00000000000000name: "CodeQL" on: push: branches: - 'main' - 'wip-luks2' - 'v2.*.x' permissions: contents: read jobs: analyze: name: Analyze runs-on: ubuntu-latest if: github.repository == 'mbroz/cryptsetup' concurrency: group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} cancel-in-progress: true permissions: actions: read security-events: write strategy: fail-fast: false matrix: language: [ 'cpp' ] steps: - name: Checkout repository uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} queries: +security-extended,security-and-quality config-file: .codeql-config.yml - name: Install dependencies run: | sudo -E .github/workflows/cibuild-setup-ubuntu.sh # Force autoconf for now, meson is broken in analysis step rm meson.build env: { COMPILER: "gcc", COMPILER_VERSION: "14", RUN_SSH_PLUGIN_TEST: "1" } - name: Autobuild uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 cryptsetup-2.8.0/.github/workflows/coverity.yml000066400000000000000000000030361502645201100217250ustar00rootroot00000000000000name: Coverity test on: push: branches: - 'coverity_scan' paths-ignore: - 'docs/**' jobs: latest: runs-on: ubuntu-latest if: github.repository == 'mbroz/cryptsetup' steps: - name: Repository checkout uses: actions/checkout@v4 - name: Ubuntu setup run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh env: COMPILER: "gcc" COMPILER_VERSION: "14" - name: Install Coverity run: | wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=mbroz/cryptsetup" -O cov-analysis-linux64.tar.gz mkdir cov-analysis-linux64 tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} - name: Run autoconf & configure run: | ./autogen.sh ./configure - name: Run cov-build run: | export PATH=`pwd`/cov-analysis-linux64/bin:$PATH cov-build --dir cov-int make - name: Submit to Coverity Scan run: | tar czvf cryptsetup.tgz cov-int curl \ --form project=mbroz/cryptsetup \ --form token=$TOKEN \ --form email=gmazyland@gmail.com \ --form file=@cryptsetup.tgz \ --form version=trunk \ --form description="`./cryptsetup --version`" \ https://scan.coverity.com/builds?project=mbroz/cryptsetup env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} cryptsetup-2.8.0/.gitignore000066400000000000000000000014371502645201100157340ustar00rootroot00000000000000po/*gmo *~ Makefile Makefile.in Makefile.in.in *.lo *.la *.o *.so *.8 **/*.dirstamp .deps/ .libs/ src/cryptsetup src/veritysetup ABOUT-NLS aclocal.m4 autom4te.cache/ compile compile_commands.json config.guess config.h config.h.in config.log config.rpath config.status config.sub configure cryptsetup cryptsetup-reencrypt cryptsetup-ssh depcomp install-sh integritysetup lib/libcryptsetup.pc libtool ltmain.sh m4/ missing po/Makevars.template po/POTFILES po/Rules-quot po/*.header po/*.sed po/*.sin po/stamp-po scripts/cryptsetup.conf stamp-h1 veritysetup tests/valglog.* */*.dirstamp *-debug-luks2-backup* tests/api-test tests/api-test-2 tests/differ tests/luks1-images tests/tcrypt-images tests/unit-utils-io tests/vectors-test tests/test-symbols-list.h tests/all-symbols-test tests/fuzz/LUKS2.pb* cryptsetup-2.8.0/.gitlab-ci.yml000066400000000000000000000014141502645201100163730ustar00rootroot00000000000000stages: - test - test-opal .fail_if_coredump_generated: after_script: - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true' include: - local: .gitlab/ci/debian.yml - local: .gitlab/ci/fedora.yml - local: .gitlab/ci/fedora-opal.yml - local: .gitlab/ci/rhel.yml - local: .gitlab/ci/centos.yml # - local: .gitlab/ci/annocheck.yml - local: .gitlab/ci/csmock.yml - local: .gitlab/ci/gitlab-shared-docker.yml - local: .gitlab/ci/compilation-various-disables.yml - local: .gitlab/ci/compilation-gcc.gitlab-ci.yml - local: .gitlab/ci/compilation-clang.gitlab-ci.yml - local: .gitlab/ci/compilation-spellcheck.yml - local: .gitlab/ci/alpinelinux.yml - local: .gitlab/ci/debian-i686.yml - local: .gitlab/ci/cifuzz.yml - local: .gitlab/ci/ubuntu.yml cryptsetup-2.8.0/.gitlab/000077500000000000000000000000001502645201100152575ustar00rootroot00000000000000cryptsetup-2.8.0/.gitlab/ci/000077500000000000000000000000001502645201100156525ustar00rootroot00000000000000cryptsetup-2.8.0/.gitlab/ci/alpinelinux.yml000066400000000000000000000030731502645201100207300ustar00rootroot00000000000000.alpinelinux-dependencies: variables: DISTRO: cryptsetup-alpine-edge extends: - .fail_if_coredump_generated before_script: - > sudo apk add lvm2-dev openssl-dev popt-dev util-linux-dev json-c-dev argon2-dev device-mapper which sharutils gettext gettext-dev automake autoconf libtool build-base keyutils tar jq expect git asciidoctor - ./autogen.sh - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc test-main-commit-job-alpinelinux: extends: - .alpinelinux-dependencies tags: - libvirt - cryptsetup-alpine-edge stage: test interruptible: true variables: RUN_SSH_PLUGIN_TEST: "0" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check test-mergerq-job-alpinelinux: extends: - .alpinelinux-dependencies tags: - libvirt - cryptsetup-alpine-edge stage: test interruptible: true variables: RUN_SSH_PLUGIN_TEST: "0" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check cryptsetup-2.8.0/.gitlab/ci/annocheck.yml000066400000000000000000000007171502645201100203330ustar00rootroot00000000000000test-main-commit-job-annocheck: extends: - .fail_if_coredump_generated tags: - libvirt - cryptsetup-rhel-9 stage: test interruptible: true allow_failure: true variables: DISTRO: cryptsetup-rhel-9 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - sudo /opt/run-annocheck.sh cryptsetup-2.8.0/.gitlab/ci/build_srpm000077500000000000000000000013761502645201100177470ustar00rootroot00000000000000#!/bin/bash set -e SAVED_PWD=$(pwd) GIT_DIR="$SAVED_PWD/upstream_git" SPEC="$GIT_DIR/misc/fedora/cryptsetup.spec" rm -fr $GIT_DIR git clone -q --depth 1 https://gitlab.com/cryptsetup/cryptsetup.git $GIT_DIR cd $GIT_DIR GIT_COMMIT=$(git rev-parse --short=8 HEAD) [ -z "$GIT_COMMIT" ] && exit 1 sed -i "s/^AC_INIT.*/AC_INIT([cryptsetup],[$GIT_COMMIT])/" $GIT_DIR/configure.ac sed -i "s/^Version:.*/Version: $GIT_COMMIT/" $SPEC sed -i "s/%{version_no_tilde}/$GIT_COMMIT/" $SPEC sed -i "2i %global source_date_epoch_from_changelog 0" $SPEC sed -i "3i %define _unpackaged_files_terminate_build 0" $SPEC ./autogen.sh ./configure make -j dist rpmbuild --define "_sourcedir $GIT_DIR" --define "_srcrpmdir $SAVED_PWD" -bs $SPEC cd $SAVED_PWD rm -fr $GIT_DIR exit 0 cryptsetup-2.8.0/.gitlab/ci/centos.yml000066400000000000000000000035321502645201100176730ustar00rootroot00000000000000.centos-openssl-backend: variables: DISTRO: cryptsetup-centos-stream-9 extends: - .fail_if_coredump_generated before_script: - sudo dnf clean all - > sudo dnf -y -q install autoconf automake device-mapper-devel gcc gettext-devel json-c-devel libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper expect gettext git jq keyutils openssl-devel openssl gem swtpm swtpm-tools tpm2-tools - sudo gem install asciidoctor - sudo -E git clean -xdf - ./autogen.sh - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc # non-FIPS jobs test-main-commit-centos-stream9: extends: - .centos-openssl-backend tags: - libvirt - cryptsetup-centos-stream-9 stage: test interruptible: true variables: RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check test-mergerq-centos-stream9: extends: - .centos-openssl-backend tags: - libvirt - cryptsetup-centos-stream-9 stage: test interruptible: true variables: RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check cryptsetup-2.8.0/.gitlab/ci/cibuild-setup-ubuntu.sh000077500000000000000000000037011502645201100223030ustar00rootroot00000000000000#!/bin/bash set -ex PACKAGES=( git make autoconf automake autopoint pkg-config libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass asciidoctor ) COMPILER="${COMPILER:?}" COMPILER_VERSION="${COMPILER_VERSION:?}" sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/ubuntu.sources # use this on older Ubuntu # grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~ # sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~ # cat /etc/apt/sources.list~ >> /etc/apt/sources.list apt-get -y update --fix-missing DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release RELEASE="$(lsb_release -cs)" if [[ $COMPILER == "gcc" ]]; then # Latest gcc stack deb packages provided by # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test add-apt-repository -y ppa:ubuntu-toolchain-r/test PACKAGES+=(gcc-$COMPILER_VERSION) elif [[ $COMPILER == "clang" ]]; then wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - add-apt-repository -n "deb http://apt.llvm.org/${RELEASE}/ llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main" # scan-build PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) PACKAGES+=(perl) else exit 1 fi #apt-get -y update --fix-missing (r=3;while ! apt-get -y update --fix-missing ; do ((--r))||exit;sleep 5;echo "Retrying";done) DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}" apt-get -y build-dep cryptsetup echo "====================== VERSIONS ===================" if [[ $COMPILER == "clang" ]]; then echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}" fi ${COMPILER}-$COMPILER_VERSION -v echo "====================== END VERSIONS ===================" cryptsetup-2.8.0/.gitlab/ci/cifuzz.yml000066400000000000000000000025051502645201100177110ustar00rootroot00000000000000cifuzz: variables: OSS_FUZZ_PROJECT_NAME: cryptsetup CFL_PLATFORM: gitlab CIFUZZ_DEBUG: "True" FUZZ_SECONDS: 300 # 5 minutes per fuzzer ARCHITECTURE: "x86_64" DRY_RUN: "False" LOW_DISK_SPACE: "True" BAD_BUILD_CHECK: "True" LANGUAGE: "c" DOCKER_HOST: "tcp://docker:2375" DOCKER_IN_DOCKER: "true" DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" image: name: gcr.io/oss-fuzz-base/cifuzz-base entrypoint: [""] services: - docker:dind stage: test parallel: matrix: - SANITIZER: [address, undefined, memory] rules: # Default code change. # - if: $CI_PIPELINE_SOURCE == "merge_request_event" # variables: # MODE: "code-change" - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $BUILD_AND_RUN_FUZZERS != null before_script: # Get gitlab's container id. - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset` script: # Will build and run the fuzzers. # We use a hack to override CI_JOB_ID, because otherwise a bad path is used # in GitLab CI environment - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py" artifacts: # Upload artifacts when a crash makes the job fail. when: always paths: - artifacts/ cryptsetup-2.8.0/.gitlab/ci/clang-Wall000077500000000000000000000017551502645201100175710ustar00rootroot00000000000000#!/bin/bash # clang -Wall plus other important warnings not included in -Wall for arg in "$@" do case $arg in -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O' esac done CLANG="clang${COMPILER_VERSION:+-$COMPILER_VERSION}" #PEDANTIC="-std=gnu99" #PEDANTIC="-pedantic -std=gnu99" #PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros" #CONVERSION="-Wconversion" EXTRA="\ -Wextra \ -Wsign-compare \ -Wcast-align -Werror-implicit-function-declaration \ -Wpointer-arith \ -Wwrite-strings \ -Wswitch \ -Wmissing-format-attribute \ -Winit-self \ -Wold-style-definition \ -Wno-missing-field-initializers \ -Wunused-parameter \ -Wno-long-long" exec $CLANG $PEDANTIC $CONVERSION \ -Wall $Wuninitialized \ -Wno-switch \ -Wdisabled-optimization \ -Wwrite-strings \ -Wpointer-arith \ -Wbad-function-cast \ -Wmissing-prototypes \ -Wmissing-declarations \ -Wstrict-prototypes \ -Wnested-externs \ -Wcomment \ -Winline \ -Wcast-qual \ -Wredundant-decls $EXTRA \ "$@" cryptsetup-2.8.0/.gitlab/ci/compilation-clang.gitlab-ci.yml000066400000000000000000000035631502645201100236360ustar00rootroot00000000000000test-clang-compilation: extends: - .gitlab-shared-clang script: - export CFLAGS="-Wall -Werror" - ./autogen.sh - ./configure - make -j - make -j check-programs test-clang-Wall-script: extends: - .gitlab-shared-clang script: - export CFLAGS="-g -O0" - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall" - ./autogen.sh - ./configure - make -j CFLAGS="-g -O0 -Werror" - make -j CFLAGS="-g -O0 -Werror" check-programs test-scan-build: extends: - .gitlab-shared-clang script: - ./autogen.sh - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0" - make clean - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs test-scan-build-backends: extends: - .gitlab-shared-clang parallel: matrix: - BACKENDS: [ "openssl", "gcrypt", "nss", "kernel", "nettle", "mbedtls" ] rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ changes: - lib/crypto_backend/* script: - DEBIAN_FRONTEND=noninteractive apt-get -yq install libgcrypt20-dev libnss3-dev nettle-dev libmbedtls-dev - ./autogen.sh - echo "Configuring with crypto backend $BACKENDS" - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0" --with-crypto_backend=$BACKENDS - make clean - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs - ./tests/vectors-test cryptsetup-2.8.0/.gitlab/ci/compilation-gcc.gitlab-ci.yml000066400000000000000000000031211502645201100232740ustar00rootroot00000000000000test-gcc-compilation: extends: - .gitlab-shared-gcc script: - export CFLAGS="-Wall -Werror" - ./autogen.sh - ./configure - make -j - make -j check-programs test-gcc-Wall-script: extends: - .gitlab-shared-gcc script: - export CFLAGS="-g -O0" - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall" - ./autogen.sh - ./configure - make -j CFLAGS="-g -O0 -Werror" - make -j CFLAGS="-g -O0 -Werror" check-programs test-gcc-fanalyzer: extends: - .gitlab-shared-gcc script: - ./autogen.sh - ./configure CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events" --host=x86_64 - make -j - make -j check-programs test-gcc-fanalyzer-backends: extends: - .gitlab-shared-gcc parallel: matrix: - BACKENDS: [ "openssl", "gcrypt", "nss", "kernel", "nettle", "mbedtls" ] rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ changes: - lib/crypto_backend/* script: - DEBIAN_FRONTEND=noninteractive apt-get -yq install libgcrypt20-dev libnss3-dev nettle-dev libmbedtls-dev - ./autogen.sh - echo "Configuring with crypto backend $BACKENDS" - ./configure CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events" --host=x86_64 --with-crypto_backend=$BACKENDS - make -j - make -j check-programs - ./tests/vectors-test cryptsetup-2.8.0/.gitlab/ci/compilation-spellcheck.yml000066400000000000000000000011111502645201100230200ustar00rootroot00000000000000test-run-spellcheck: image: ubuntu:noble tags: - gitlab-org-docker stage: test interruptible: true rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ artifacts: name: "spellcheck-$CI_COMMIT_REF_NAME" paths: - _spellcheck before_script: - apt-get -y update --fix-missing - apt-get -y install git lintian codespell script: - echo "Running spellcheck" - .gitlab/ci/spellcheck cryptsetup-2.8.0/.gitlab/ci/compilation-various-disables.yml000066400000000000000000000021111502645201100241600ustar00rootroot00000000000000test-gcc-disable-compiles: extends: - .gitlab-shared-gcc parallel: matrix: - DISABLE_FLAGS: [ "keyring", "external-tokens ssh-token", "luks2-reencryption", "cryptsetup veritysetup integritysetup", "kernel_crypto", "udev", "internal-argon2", "blkid", "hw-opal" ] artifacts: name: "meson-build-logs-$CI_COMMIT_REF_NAME" paths: - meson_builddir/meson-logs script: - DEBIAN_FRONTEND=noninteractive apt-get -yq install meson ninja-build - export CFLAGS="-Wall -Werror" - ./autogen.sh - echo "Configuring with --disable-$DISABLE_FLAGS" - ./configure $(for i in $DISABLE_FLAGS; do echo "--disable-$i"; done) - make -j - make -j check-programs - git checkout -f && git clean -xdf - meson -v - echo "Configuring with -D$DISABLE_FLAGS=false" - meson setup meson_builddir $(for i in $DISABLE_FLAGS; do [ "$i" == "internal-argon2" ] && echo "-Dargon-implementation=internal" || echo "-D$i=false"; done) - ninja -C meson_builddir cryptsetup-2.8.0/.gitlab/ci/csmock.yml000066400000000000000000000020051502645201100176510ustar00rootroot00000000000000.dnf-csmock: variables: DISTRO: cryptsetup-fedora-rawhide DISK_SIZE: 20 extends: - .fail_if_coredump_generated before_script: - > sudo dnf -y -q install autoconf automake device-mapper-devel gcc gettext-devel json-c-devel libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool libuuid-devel make popt-devel libsepol-devel.x86_64 pkgconfig tar uuid-devel git openssl-devel asciidoctor meson ninja-build rpm-build csmock test-commit-job-csmock: extends: - .dnf-csmock tags: - libvirt - cryptsetup-fedora-rawhide stage: test interruptible: true allow_failure: true rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event" script: - .gitlab/ci/build_srpm - .gitlab/ci/run_csmock artifacts: when: always paths: - cryptsetup-csmock-results.tar.xz cryptsetup-2.8.0/.gitlab/ci/debian-i686.yml000066400000000000000000000020441502645201100203110ustar00rootroot00000000000000test-mergerq-job-debian-i686: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12i686 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12i686 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-job-debian-i686: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12i686 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12i686 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check cryptsetup-2.8.0/.gitlab/ci/debian.yml000066400000000000000000000055361502645201100176300ustar00rootroot00000000000000.debian-prep: extends: - .fail_if_coredump_generated before_script: - sudo apt-get -y update - > sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass asciidoctor swtpm meson ninja-build python3-jinja2 gperf libcap-dev libtss2-dev libmount-dev swtpm-tools tpm2-tools - sudo apt-get -y build-dep cryptsetup - sudo -E git clean -xdf - ./autogen.sh - ./configure --enable-libargon2 --enable-asciidoc test-mergerq-job-debian: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-job-debian: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check # meson tests test-mergerq-job-debian-meson: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - sudo apt-get -y install -y -qq meson ninja-build - meson setup build - ninja -C build - cd build && sudo -E meson test --verbose --print-errorlogs test-main-commit-job-debian-meson: extends: - .debian-prep tags: - libvirt - cryptsetup-debian-12 stage: test interruptible: true variables: DISTRO: cryptsetup-debian-12 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - sudo apt-get -y install -y -qq meson ninja-build - meson setup build - ninja -C build - cd build && sudo -E meson test --verbose --print-errorlogs cryptsetup-2.8.0/.gitlab/ci/fedora-opal.yml000066400000000000000000000075241502645201100205760ustar00rootroot00000000000000.opal-template-fedora: extends: - .dnf-openssl-backend tags: - libvirt - cryptsetup-fedora-rawhide stage: test-opal interruptible: false variables: OPAL2_DEV: "/dev/nvme0n1" OPAL2_PSID_FILE: "/home/gitlab-runner/psid.txt" VOLATILE: 1 script: - sudo dnf install -y -q nvme-cli - sudo nvme list - make -j - make -j -C tests check-programs - sudo -E make check TESTS="00modules-test compat-test-opal" # Samsung SSD 980 500GB (on tiber machine) test-commit-rawhide-samsung980: rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ extends: - .opal-template-fedora tags: - tiber resource_group: samsung980-on-tiber interruptible: false variables: PCI_PASSTHROUGH_VENDOR_ID: "144d" PCI_PASSTHROUGH_DEVICE_ID: "a809" test-mergerq-rawhide-samsung980: rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" extends: - .opal-template-fedora tags: - tiber resource_group: samsung980-on-tiber interruptible: false variables: PCI_PASSTHROUGH_VENDOR_ID: "144d" PCI_PASSTHROUGH_DEVICE_ID: "a809" # WD PC SN740 SDDQNQD-512G-1014 (on tiber machine) # Disabled on 2025-03-20, seems broken #test-commit-rawhide-sn740: # rules: # - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" # when: never # - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ # extends: # - .opal-template-fedora # tags: # - tiber # resource_group: sn740-on-tiber # interruptible: false # variables: # PCI_PASSTHROUGH_VENDOR_ID: "15b7" # PCI_PASSTHROUGH_DEVICE_ID: "5017" # #test-mergerq-rawhide-sn740: # rules: # - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" # when: never # - if: $CI_PIPELINE_SOURCE == "merge_request_event" # extends: # - .opal-template-fedora # tags: # - tiber # resource_group: sn740-on-tiber # interruptible: false # variables: # PCI_PASSTHROUGH_VENDOR_ID: "15b7" # PCI_PASSTHROUGH_DEVICE_ID: "5017" # Samsung SSD 980 PRO 1TB (on trantor machine) test-commit-rawhide-samsung980pro: rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ extends: - .opal-template-fedora tags: - trantor resource_group: samsung980pro-on-trantor interruptible: false variables: PCI_PASSTHROUGH_VENDOR_ID: "144d" PCI_PASSTHROUGH_DEVICE_ID: "a80a" test-mergerq-rawhide-samsung980pro: rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" extends: - .opal-template-fedora tags: - trantor resource_group: samsung980pro-on-trantor interruptible: false variables: PCI_PASSTHROUGH_VENDOR_ID: "144d" PCI_PASSTHROUGH_DEVICE_ID: "a80a" # # UMIS RPETJ256MGE2MDQ (on tiber machine) # test-commit-rawhide-umis: # rules: # - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" # when: never # - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ # extends: # - .opal-template-fedora # tags: # - tiber # resource_group: umis-on-tiber # stage: test # interruptible: false # variables: # PCI_PASSTHROUGH_VENDOR_ID: "1cc4" # PCI_PASSTHROUGH_DEVICE_ID: "6302" # # test-mergerq-rawhide-umis: # rules: # - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" # when: never # - if: $CI_PIPELINE_SOURCE == "merge_request_event" # extends: # - .opal-template-fedora # tags: # - tiber # resource_group: umis-on-tiber # stage: test # interruptible: false # variables: # PCI_PASSTHROUGH_VENDOR_ID: "1cc4" # PCI_PASSTHROUGH_DEVICE_ID: "6302" cryptsetup-2.8.0/.gitlab/ci/fedora.yml000066400000000000000000000036211502645201100176370ustar00rootroot00000000000000.dnf-openssl-backend: variables: DISTRO: cryptsetup-fedora-rawhide PKGS: >- autoconf automake device-mapper-devel gcc gettext-devel json-c-devel libargon2-devel libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool libuuid-devel make popt-devel libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper expect gettext git jq keyutils openssl-devel openssl asciidoctor swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel libmount-devel swtpm-tools extends: - .fail_if_coredump_generated before_script: - sudo dnf clean all - (r=3;while ! sudo dnf -y -q install $PKGS ; do ((--r))||exit;sleep 5;echo "Retrying";done) - sudo -E git clean -xdf - ./autogen.sh - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc test-main-commit-job-rawhide: extends: - .dnf-openssl-backend tags: - libvirt - cryptsetup-fedora-rawhide stage: test interruptible: true allow_failure: true variables: RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check test-mergerq-job-rawhide: extends: - .dnf-openssl-backend tags: - libvirt - cryptsetup-fedora-rawhide stage: test interruptible: true allow_failure: true variables: RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check cryptsetup-2.8.0/.gitlab/ci/gcc-Wall000077500000000000000000000023451502645201100172350ustar00rootroot00000000000000#!/bin/bash # gcc -Wall plus other important warnings not included in -Wall for arg in "$@" do case $arg in -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O' esac done GCC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}" #PEDANTIC="-std=gnu99" #PEDANTIC="-pedantic -std=gnu99" #PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros" #CONVERSION="-Wconversion" # -Wpacked \ # This does more than expected for gcc (mixed code with declarations) # -Wdeclaration-after-statement \ EXTRA="-Wextra \ -Wsign-compare \ -Werror-implicit-function-declaration \ -Wpointer-arith \ -Wwrite-strings \ -Wswitch \ -Wmissing-format-attribute \ -Wstrict-aliasing=3 \ -Winit-self \ -Wunsafe-loop-optimizations \ -Wold-style-definition \ -Wno-missing-field-initializers \ -Wunused-parameter \ -Wno-long-long \ -Wmaybe-uninitialized \ -Wvla \ -Wformat-overflow \ -Wformat-truncation" exec $GCC $PEDANTIC $CONVERSION \ -Wall $Wuninitialized \ -Wno-switch \ -Wdisabled-optimization \ -Wwrite-strings \ -Wpointer-arith \ -Wbad-function-cast \ -Wmissing-prototypes \ -Wmissing-declarations \ -Wstrict-prototypes \ -Wnested-externs \ -Wcomment \ -Winline \ -Wcast-align=strict \ -Wcast-qual \ -Wredundant-decls $EXTRA \ "$@" cryptsetup-2.8.0/.gitlab/ci/gitlab-shared-docker.yml000066400000000000000000000015411502645201100223510ustar00rootroot00000000000000.gitlab-shared-docker: image: ubuntu:noble tags: - gitlab-org-docker stage: test interruptible: true rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ before_script: - .gitlab/ci/cibuild-setup-ubuntu.sh - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}" - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}" .gitlab-shared-gcc: extends: - .gitlab-shared-docker variables: COMPILER: "gcc" COMPILER_VERSION: "14" CC: "gcc-14" RUN_SSH_PLUGIN_TEST: "1" .gitlab-shared-clang: extends: - .gitlab-shared-docker variables: COMPILER: "clang" COMPILER_VERSION: "19" CC: "clang-19" RUN_SSH_PLUGIN_TEST: "1" cryptsetup-2.8.0/.gitlab/ci/rhel.yml000066400000000000000000000100701502645201100173250ustar00rootroot00000000000000.rhel-openssl-backend: extends: - .fail_if_coredump_generated before_script: - > sudo yum -y -q install autoconf automake device-mapper-devel gcc gettext-devel json-c-devel libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper expect gettext git jq keyutils openssl-devel openssl gem - sudo gem install asciidoctor - sudo -E git clean -xdf - ./autogen.sh - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc # non-FIPS jobs test-main-commit-rhel8: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-8 stage: test interruptible: true variables: DISTRO: cryptsetup-rhel-8 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-rhel9: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-9 stage: test interruptible: true variables: DISTRO: cryptsetup-rhel-9 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-rhel10: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-10 stage: test interruptible: true allow_failure: true variables: DISTRO: cryptsetup-rhel-10 RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check # FIPS jobs test-main-commit-rhel8-fips: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-8-fips stage: test interruptible: true variables: DISTRO: cryptsetup-rhel-8-fips RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - grep -q fips=1 /proc/cmdline || exit 1 - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-rhel9-fips: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-9-fips stage: test interruptible: true allow_failure: true variables: DISTRO: cryptsetup-rhel-9-fips RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - grep -q fips=1 /proc/cmdline || exit 1 - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-rhel10-fips: extends: - .rhel-openssl-backend tags: - libvirt - cryptsetup-rhel-10-fips stage: test interruptible: true allow_failure: true variables: DISTRO: cryptsetup-rhel-10-fips RUN_SSH_PLUGIN_TEST: "1" rules: - if: $RUN_SYSTEMD_PLUGIN_TEST != null when: never - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - grep -q fips=1 /proc/cmdline || exit 1 - make -j - make -j -C tests check-programs - sudo -E make check cryptsetup-2.8.0/.gitlab/ci/run_csmock000077500000000000000000000012211502645201100177370ustar00rootroot00000000000000#!/bin/bash CSMOCK="sudo /usr/bin/csmock" CSMOCK_TOOLS="gcc,clang,cppcheck,shellcheck" CSMOCK_TXZ="cryptsetup-csmock-results.tar.xz" CSMOCK_ERR="cryptsetup-csmock-results/scan-results.err" $CSMOCK cryptsetup-*.src.rpm \ --keep-going --force \ --cswrap-timeout 300 \ --skip-patches \ --tools $CSMOCK_TOOLS \ --output $CSMOCK_TXZ \ --gcc-analyze \ --cppcheck-add-flag=--check-level=exhaustive \ || { echo "csmock command failed"; exit 2; } tar xJf $CSMOCK_TXZ $CSMOCK_ERR --strip-components 1 \ && test -s $CSMOCK_ERR \ && { echo "csmock discovered important errors"; echo 3; } exit 0 cryptsetup-2.8.0/.gitlab/ci/spellcheck000077500000000000000000000013231502645201100177140ustar00rootroot00000000000000#!/bin/bash set -e DIR="_spellcheck" [ ! -d $DIR ] && mkdir $DIR echo "[SPELLINTIAN]" git ls-tree -rz --name-only HEAD | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | \ xargs -r0 spellintian | \ grep -v "(duplicate word)" | \ grep -v "docs/" | tee $DIR/spell1.txt echo "[CODESPELL]" git ls-tree -rz --name-only HEAD | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | \ xargs -r0 codespell | \ grep -v "EXPCT" | \ grep -v "params, prams" | \ grep -v "pad, padded" | \ grep -v "CIPHER, CHIP" | \ grep -v "gost" | \ grep -v "userA" | \ grep -v "re-use" | \ grep -v "fo ==" | \ grep -v "docs/" | tee $DIR/spell2.txt [ -s $DIR/spell1.txt ] && exit 1 [ -s $DIR/spell2.txt ] && exit 2 exit 0 cryptsetup-2.8.0/.gitlab/ci/ubuntu.yml000066400000000000000000000057721502645201100177320ustar00rootroot00000000000000.ubuntu-prep: extends: - .fail_if_coredump_generated before_script: - sudo apt-get -y update - > sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar libargon2-dev libpwquality-dev sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass asciidoctor swtpm meson ninja-build python3-jinja2 gperf libcap-dev libtss2-dev libmount-dev swtpm-tools tpm2-tools # scsi_debug, gost crypto - sudo apt-get -y install dkms linux-headers-$(uname -r) linux-modules-extra-$(uname -r) gost-crypto-dkms - sudo apt-get -y build-dep cryptsetup - sudo -E git clean -xdf - ./autogen.sh - ./configure --enable-libargon2 --enable-asciidoc test-mergerq-job-ubuntu: extends: - .ubuntu-prep tags: - libvirt - cryptsetup-ubuntu-2404 stage: test interruptible: true variables: DISTRO: cryptsetup-ubuntu-2404 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - make -j - make -j -C tests check-programs - sudo -E make check test-main-commit-job-ubuntu: extends: - .ubuntu-prep tags: - libvirt - cryptsetup-ubuntu-2404 stage: test interruptible: true variables: DISTRO: cryptsetup-ubuntu-2404 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - make -j - make -j -C tests check-programs - sudo -E make check # meson tests test-mergerq-job-ubuntu-meson: extends: - .ubuntu-prep tags: - libvirt - cryptsetup-ubuntu-2404 stage: test interruptible: true variables: DISTRO: cryptsetup-ubuntu-2404 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" script: - sudo apt-get -y install -y -qq meson ninja-build - meson setup build - ninja -C build - cd build && sudo -E meson test --verbose --print-errorlogs test-main-commit-job-ubuntu-meson: extends: - .ubuntu-prep tags: - libvirt - cryptsetup-ubuntu-2404 stage: test interruptible: true variables: DISTRO: cryptsetup-ubuntu-2404 RUN_SSH_PLUGIN_TEST: "1" RUN_KEYRING_TRUSTED_TEST: "1" rules: - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" when: never - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ script: - sudo apt-get -y install -y -qq meson ninja-build - meson setup build - ninja -C build - cd build && sudo -E meson test --verbose --print-errorlogs cryptsetup-2.8.0/.gitlab/issue_templates/000077500000000000000000000000001502645201100204655ustar00rootroot00000000000000cryptsetup-2.8.0/.gitlab/issue_templates/Bug.md000066400000000000000000000014211502645201100215220ustar00rootroot00000000000000### Issue description ### Steps for reproducing the issue ### Additional info ### Debug log ``` Output with --debug option: ``` cryptsetup-2.8.0/.gitlab/issue_templates/Documentation.md000066400000000000000000000002571502645201100236240ustar00rootroot00000000000000### Documentation issue ### Additional info cryptsetup-2.8.0/.gitlab/issue_templates/Feature.md000066400000000000000000000002771502645201100224100ustar00rootroot00000000000000### New feature description ### Additional info cryptsetup-2.8.0/AUTHORS000066400000000000000000000002111502645201100150010ustar00rootroot00000000000000Jana Saout Clemens Fruhwirth Milan Broz Ondrej Kozina cryptsetup-2.8.0/CONTRIBUTING.md000066400000000000000000000244651502645201100162030ustar00rootroot00000000000000Contributing to cryptsetup ========================== For basic information about the cryptsetup project, please read [README](README.md). The Cryptsetup project uses free, open-source licenses; details are described in [licensing](README.licensing). For contribution code or documentation to the cryptsetup project, you must have the necessary rights to the content, and your contribution must be provided under the required license. We welcome contributions from everyone. Cryptsetup is an independent project with much volunteer effort, and our resources are limited. Following the guidelines specified in this file makes it easier for us to process your issue. Project maintainers can remove or reject abusive or otherwise unacceptable comments or code. Git repository -------------- The primary repository is located at [gitlab.com/cryptsetup/cryptsetup](https://gitlab.com/cryptsetup/cryptsetup). The development branch is ``main``; minor stable releases can use their branches with cherry-picked or backported patches. There are backup mirrors located at [github.com/mbroz/cryptsetup](https://github.com/mbroz/cryptsetup) and [git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git](https://git.kernel.org/pub/scm/utils/cryptsetup/cryptsetup.git). How to make a bug report ------------------------ To report an issue or feature request, please use GitLab [cryptsetup issue tracker](https://gitlab.com/cryptsetup/cryptsetup/-/issues). Before reporting an issue, please try to search documentation and existing issues. Always try to reproduce the problem on the latest supported release. Please *always* collect and attach ``--debug`` log and other information as instructed in the issue template. Even if you think the problem is obvious, we need logged information about the environment (like versions of kernel modules, etc.). Please do not report distribution-specific issues if they are not present in the latest upstream release. For such reports, please use downstream distribution-specific trackers. If the issue is related to upstream, downstream maintainers will redirect you here, or upstream maintainers will join the discussion. If you think that you found some security bug, please follow the instructions in the [SECURITY](SECURITY.md) file. How to contribute changes to cryptsetup --------------------------------------- The following notes are a very short introduction to cryptsetup internal processes and an overview of generic rules that should be followed for all changes. Changes from developers and external contributors should go through the GitLab repository [merge reguests](https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests). Alternatively (for trivial changes), you can send a patch to [cryptsetup mailing list](mailto:cryptsetup@lists.linux.dev). Please do not write personal emails with questions or patches to maintainers and developers. ### Project structure Cryptsetup projects include a libcryptsetup library, tools, token plugins, documentation, and a test suite. Cryptsetup library (libcryptsetup) exports [versioned symbols](lib/libcryptsetup.sym). Tools (cryptsetup, veritysetup, integritysetup) use libcryptsetup shared library. Some isolated parts in the lib directory can be reused for tools (the source is recompiled). The basic directory structure in the repository is ``` ├── docs - Documentation and release notes. ├── lib - libcryptsetup implementation │   ├── bitlk - Bitlocker format │   ├── crypto_backend - Cryptography backend │   ├── fvault2 - FileVault2 format │   ├── integrity - Linux dm-integrity interface │   ├── loopaes - Linux LoopAES format │   ├── luks1 - LUKS1 format │   ├── luks2 - LUKS2 format including OPAL2 SED │   ├── tcrypt - TrueCrypt / VeraCrypt format │   └── verity - Linux dm-verity interface ├── man - Manual pages (in AsciiDoc format) ├── misc - Miscellaneous additions ├── po - Translation files ├── scripts - Scripts for system configuration ├── src - Tools implementation ├── tests - Testsuite (test units, regression tests, fuzzing) └── tokens - Token plugins ``` ### Coordination with other projects The cryptsetup tools and library use low-level functions that depend on many other subsystems. Currently, the project is supported only for Linux (it will not work on Android or other systems). Cryptsetup project requires some parts of the Linux kernel, notably the *Device Mapper* (dm-crypt, dm-integrity, dm-verity, dm-zero modules) and kernel *userspace cryptographic interface*. Missing kernel interface can significantly limit (or even disallow) cryptsetup functionality. Integration in operating systems also depends on several other projects, most notably *systemd* (that implements its own tooling using libcryptsetup) and *util-Linux* (*blkid* parsing of supported format metadata). Some changes must be synchronized in all needed places (kernel, blkid, libcryptsetup). Several other projects implement their own token metadata (either through binary token plugins or through generic libcryptsetup JSON token access functions). ### Used cryptography algorithms Cryptsetup avoids implementing cryptographic primitives but uses cryptographic libraries. Exceptions were PBKDF internal implementations - PBKDF2 and Argon2 until these were integrated into major cryptographic libraries. Cryptsetup can be compiled with several cryptographic libraries backend (OpenSSL, libgcrypt, Nettle, NSS, and Linux kernel userspace API). OpenSSL is the default and strongly recommended configuration. If the cryptographic library does not implement some cryptographic primitive (for example, if running in a FIPS-140 environment or just because it does not include it at all), functionality could be limited. ### Configuration and versioning Cryptsetup can be configured using *Autoconf* or *Meson*. Autoconf support is being deprecated in the long term. Currently, all new configuration options must be implemented in both systems. Cryptsetup intentionally does not use a system configuration file (located in /etc). All functionality must be determined dynamically. All related /etc configuration files (crypttab, fstab and others) are maintained by systemd (in some legacy distributions by cryptsetup downstream). Cryptsetup uses [semantic versioning](https://semver.org/). Major and minor releases are always based on the main git branch; the minor stable (patch) versions can have some specific branch with backported or cherry-picked patches (from the main branch). Usually, minor releases happen twice per year and stable patch updates according to reported bugs (in 1-3 month intervals). ### Compilation and debugging The library and tools are written in C language; we require C99 and support gcc and Clang compilers. Manual pages are generated from AsciiDoc sources and libcryptsetup API documentation by Doxygen (from libcryptsetup.h comments). Testsuite is a combination of local C utilities, fuzzing implementation in C++, bash scripts, and uses many other system utilities. All tools contain compiled-in debug messages that are available through --debug options. With Autoconf and libtool, you can run the cryptsetup tool in the debugger without installation using this one-line script: ``` libtool --mode=execute gdb --args ./cryptsetup --debug $@ ``` This will ensure that a properly compiled libcryptsetup file is used. ### Coding style Cryptsetup uses [Linux kernel coding style](https://cdn.kernel.org/doc/html/latest/process/coding-style.html) for libcryptsetup and tools (where applicable) with some additional notes: - Use tabulators for indentation; the line should not exceed 100 characters with an 8-character tabulator. Otherwise, use a tab of any length. :-). - The minimal C standard required is C99. - The ``goto`` use is allowed only for error path (``goto out`` for common code path, ``goto err`` for specific error code path). - Split patches per change; do not submit huge patches combining several changes. - Use an elaborative description in the patch header. - No need to use sign-off-by lines. - Use name prefixes (``crypt_``, ``LUKS2_`` and similar). - Avoid extensive preprocessor use (specifically conditional ``#if`` or ``#ifdef`` sections). - To check detected configuration options stored in config.h, always use ``#if SOMETHING`` (do NOT use ``#ifdef``). - Use output only through ``log_err, log_std, log_verbose, log_dbg`` macros. The ``log_dbg`` is always in English; the others should be wrapped in the ``_()`` macro for translation. - Use ``assert()`` but only for simple invariants and variables (avoid calling functions). Do not use assert for user-defined input (this should be a normal error path). - The code style is quite relaxed in testing scripts (code there is not intended for production use). ### General rules and testing - Cryptsetup should work on all architectures supported by the Linux kernel. Only very few functionalities require specific hardware (notably Opal SED support). If you want to introduce some specific hardware support, please discuss it with the maintainers first. - All code changes should go through merge requests and reviews. Code can be merged after review approval (done by someone with the commit right to the development repository), but reviews from external people are very welcome, too. - All new functionality must come with at least rudimentary coverage in the test suite. Always run the test suite before opening the merge request (``make check`` with root privilege). - We have continuous integration (CI) that runs many tests automatically, but the output is not directly visible for external merge request authors (for security reasons). All CI scripts are available in .gitlab and .github folders in the project repository. Maintainers will provide you log files if anything fails. Your code must produce no warnings before it is merged. - We run compilation with many extended [gcc](.gitlab/ci/gcc-Wall) and [Clang](.gitlab/ci/clang-Wall) warnings and include some analyzers, notably - [Coverity](https://scan.coverity.com), GitHub CodeQL, Clang scan-build, and gcc static analyzer, and - fuzzing integrated in [OSS-fuzz project](https://github.com/google/oss-fuzz/tree/master/projects/cryptsetup). - Testsuite can also partially run under Valgrind dynamic analyzer with ``make valgrind-check``. cryptsetup-2.8.0/COPYING000066400000000000000000000445621502645201100150050ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. ----- In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. cryptsetup-2.8.0/FAQ.md000066400000000000000000004255131502645201100147020ustar00rootroot00000000000000# Frequently Asked Questions Cryptsetup/LUKS # Sections [1. General Questions](#1-general-questions) [2. Setup](#2-setup) [3. Common Problems](#3-common-problems) [4. Troubleshooting](#4-troubleshooting) [5. Security Aspects](#5-security-aspects) [6. Backup and Data Recovery](#6-backup-and-data-recovery) [7. Interoperability with other Disk Encryption Tools](#7-interoperability-with-other-disk-encryption-tools) [8. Issues with Specific Versions of cryptsetup](#8-issues-with-specific-versions-of-cryptsetup) [9. The Initrd question](#9-the-initrd-question) [10. LUKS2 Questions](#10-luks2-questions) [11. References and Further Reading](#11-references-and-further-reading) [A. Contributors](#a-contributors) # 1. General Questions * **1.1 What is this?** This is the FAQ (Frequently Asked Questions) for cryptsetup. It covers Linux disk encryption with plain dm-crypt (one passphrase, no management, no metadata on disk) and LUKS (multiple user keys with one volume key, anti-forensic features, metadata block at start of device, ...). The latest version of this FAQ should usually be available at https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions * **1.2 WARNINGS** LUKS2 COMPATIBILITY: This FAQ was originally written for LUKS1, not LUKS2. Hence regarding LUKS2, some of the answers found here may not apply. Updates for LUKS2 have been done and anything not applying to LUKS2 should clearly say LUKS1. However, this is a Frequently Asked Questions, and questions for LUKS2 are limited at this time or at least those that have reached me are. In the following, "LUKS" refers to both LUKS1 and LUKS2. The LUKS1 on-disk format specification is at https://cdn.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf The LUKS2 on-disk format specification is at https://gitlab.com/cryptsetup/LUKS2-docs ATTENTION: If you are going to read just one thing, make it the section on Backup and Data Recovery. By far the most questions on the cryptsetup mailing list are from people that managed to damage the start of their LUKS partitions, i.e. the LUKS header. In most cases, there is nothing that can be done to help these poor souls recover their data. Make sure you understand the problem and limitations imposed by the LUKS security model BEFORE you face such a disaster! In particular, make sure you have a current header backup before doing any potentially dangerous operations. The LUKS2 header should be a bit more resilient as critical data starts later and is stored twice, but you can decidedly still destroy it or a keyslot permanently by accident. DEBUG COMMANDS: While the --debug and --debug-json options should not leak secret data, "strace" and the like can leak your full passphrase. Do not post an strace output with the correct passphrase to a mailing-list or online! See Item 4.5 for more explanation. SSDs/FLASH DRIVES: SSDs and Flash are different. Currently it is unclear how to get LUKS or plain dm-crypt to run on them with the full set of security assurances intact. This may or may not be a problem, depending on the attacker model. See Section 5.19. BACKUP: Yes, encrypted disks die, just as normal ones do. A full backup is mandatory, see Section "6. Backup and Data Recovery" on options for doing encrypted backup. CLONING/IMAGING: If you clone or image a LUKS container, you make a copy of the LUKS header and the volume key will stay the same! That means that if you distribute an image to several machines, the same volume key will be used on all of them, regardless of whether you change the passphrases. Do NOT do this! If you do, a root-user on any of the machines with a mapped (decrypted) container or a passphrase on that machine can decrypt all other copies, breaking security. See also Item 6.15. DISTRIBUTION INSTALLERS: Some distribution installers offer to create LUKS containers in a way that can be mistaken as activation of an existing container. Creating a new LUKS container on top of an existing one leads to permanent, complete and irreversible data loss. It is strongly recommended to only use distribution installers after a complete backup of all LUKS containers has been made. UBUNTU INSTALLER: In particular the Ubuntu installer seems to be quite willing to kill LUKS containers in several different ways. Those responsible at Ubuntu seem not to care very much (it is very easy to recognize a LUKS container), so treat the process of installing Ubuntu as a severe hazard to any LUKS container you may have. NO WARNING ON NON-INTERACTIVE FORMAT: If you feed cryptsetup from STDIN (e.g. via GnuPG) on LUKS format, it does not give you the warning that you are about to format (and e.g. will lose any pre-existing LUKS container on the target), as it assumes it is used from a script. In this scenario, the responsibility for warning the user and possibly checking for an existing LUKS header is shifted to the script. This is a more general form of the previous item. LUKS PASSPHRASE IS NOT THE VOLUME KEY: The LUKS passphrase is not used in deriving the volume key. It is used in decrypting a volume key that is randomly selected on header creation. This means that if you create a new LUKS header on top of an old one with exactly the same parameters and exactly the same passphrase as the old one, it will still have a different volume key and your data will be permanently lost. PASSPHRASE CHARACTER SET: Some people have had difficulties with this when upgrading distributions. It is highly advisable to only use the 95 printable characters from the first 128 characters of the ASCII table, as they will always have the same binary representation. Other characters may have different encoding depending on system configuration and your passphrase will not work with a different encoding. A table of the standardized first 128 ASCII characters can, e.g. be found on https://en.wikipedia.org/wiki/ASCII KEYBOARD NUM-PAD: Apparently some pre-boot authentication environments (these are done by the distro, not by cryptsetup, so complain there) treat digits entered on the num-pad and ones entered regularly different. This may be because the BIOS USB keyboard driver is used and that one may have bugs on some computers. If you cannot open your device in pre-boot, try entering the digits over the regular digit keys. * **1.3 System specific warnings** - The Ubuntu Natty uinstaller has a "won't fix" defect that may destroy LUKS containers. This is quite old an not relevant for most people. Reference: https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/420080 * **1.4 My LUKS-device is broken! Help!** First: Do not panic! In many cases the data is still recoverable. Do not do anything hasty! Steps: - Take some deep breaths. Maybe add some relaxing music. This may sound funny, but I am completely serious. Often, critical damage is done only after the initial problem. - Do not reboot. The keys may still be in the kernel if the device is mapped. - Make sure others do not reboot the system. - Do not write to your disk without a clear understanding why this will not make matters worse. Do a sector-level backup before any writes. Often you do not need to write at all to get enough access to make a backup of the data. - Relax some more. - Read section 6 of this FAQ. - Ask on the mailing-list if you need more help. * **1.5 Who wrote this?** Current FAQ maintainer is Arno Wagner . If you want to send me encrypted email, my current PGP key is DSA key CB5D9718, fingerprint 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718. Other contributors are listed at the end. If you want to contribute, send your article, including a descriptive headline, to the maintainer, or the dm-crypt mailing list with something like "FAQ ..." in the subject. You can also send more raw information and have me write the section. Please note that by contributing to this FAQ, you accept the license described below. This work is licensed under a Creative Commons CC-BY-SA-4.0 "Attribution-ShareAlike 4.0 International" license which means distribution is unlimited, you may create derived works, but attributions to original authors and this license statement must be retained and the derived work must be under the same license. See https://creativecommons.org/licenses/by-sa/4.0/ for more details. * **1.6 Where is the project website?** There is the project website at https://gitlab.com/cryptsetup/cryptsetup/ Please do not post questions there, nobody will read them. Use the mailing-list instead. * **1.7 Is there a mailing-list?** Instructions on how to subscribe to the mailing-list are on the project website. People are generally helpful and friendly on the list. The question of how to unsubscribe from the list does crop up sometimes. For this you need your list management URL https://subspace.kernel.org/lists.linux.dev.html. Go to the URL mentioned in the email and select "unsubscribe". Alternatively, you can send an empty Email to cryptsetup+help@lists.linux.dev. Make sure to send it from your list address. The mailing list archive is here: https://lore.kernel.org/cryptsetup/ The legacy dm-crypt mailing list archive is here: https://lore.kernel.org/dm-crypt/ * **1.8 Unsubscribe from the mailing-list** Send mail to cryptsetup+unsubscribe@lists.linux.dev from the subscribed account. You will get an email with instructions. Basically, you just have to respond to it unmodified to get unsubscribed. The listserver admin functions are not very fast. It can take 15 minutes or longer for a reply to arrive (I suspect greylisting is in use), so be patient. Also note that nobody on the list can unsubscribe you, sending demands to be unsubscribed to the list just annoys people that are entirely blameless for you being subscribed. If you are subscribed, a subscription confirmation email was sent to your email account and it had to be answered before the subscription went active. The confirmation emails from the listserver have subjects like these (with other numbers): ``` Subject: Confirm subscription to cryptsetup@lists.linux.dev ``` and are sent from cryptsetup+help@lists.linux.dev. You should check whether you have anything like it in your sent email folder. If you find nothing and are sure you did not confirm, then you should look into a possible compromise of your email account. * **1.9 What can I do if cryptsetup is running out of memory?** Memory issues are generally related to the key derivation function. You may be able to tune usage with the options --pbkdf-memory or --pbkdf pbkdf2. * **1.10 Can cryptsetup be run without root access?** Elevated privileges are required to use cryptsetup and LUKS. Some operations require root access. There are a few features which will work without root access with the right switches but there are caveats. * **1.11 What are the problems with running as non root?** The first issue is one of permissions to devices. Generally, root or a group such as disk has ownership of the storage devices. The non root user will need write access to the block device used for LUKS. Next, file locking is managed in /run/cryptsetup. You may use --disable-locks but cryptsetup will no longer protect you from race conditions and problems with concurrent access to the same devices. Also, device mapper requires root access. cryptsetup uses device mapper to manage the decrypted container. * **1.12 How can I report an issue in the cryptsetup project?** Before reporting any issue, please be sure you are using the latest upstream version and that you read the documentation (and this FAQ). If you think you have discovered an issue, please report it through the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues). For a possible security issue, please use the confidential checkbox. Please fill in all information requested in the report template (specifically add debug output with all run environment data). Do not trim the output; debug output does not include private data. # 2. Setup * **2.1 LUKS Container Setup mini-HOWTO** This item tries to give you a very brief list of all the steps you should go through when creating a new LUKS encrypted container, i.e. encrypted disk, partition or loop-file. 01) All data will be lost, if there is data on the target, make a backup. 02) Make very sure you use the right target disk, partition or loop-file. 03) If the target was in use previously, it is a good idea to wipe it before creating the LUKS container in order to remove any trace of old file systems and data. For example, some users have managed to run e2fsck on a partition containing a LUKS container, possibly because of residual ext2 superblocks from an earlier use. This can do arbitrary damage up to complete and permanent loss of all data in the LUKS container. To just quickly wipe file systems (old data may remain), use ``` wipefs -a ``` To wipe file system and data, use something like ``` cat /dev/zero > ``` This can take a while. To get a progress indicator, you can use the tool dd_rescue (->google) instead or use my stream meter "wcs" (source here: https://www.tansi.org/tools/index.html) in the following fashion: ``` cat /dev/zero | wcs > ``` Plain "dd" also gives you the progress on a SIGUSR1, see its man-page. The GNU "dd" command supports the "status=progress" operand that gives you the progress without having to send it any signal. Be very sure you have the right target, all data will be lost! Note that automatic wiping is on the TODO list for cryptsetup, so at some time in the future this will become unnecessary. Alternatively, plain dm-crypt can be used for a very fast wipe with crypto-grade randomness, see Item 2.19 04) Create the LUKS container. LUKS1: ``` cryptsetup luksFormat --type luks1 ``` LUKS2: ``` cryptsetup luksFormat --type luks2 ``` Just follow the on-screen instructions. Note: Passphrase iteration count is based on time and hence security level depends on CPU power of the system the LUKS container is created on. For example on a Raspberry Pi and LUKS1, I found some time ago that the iteration count is 15 times lower than for a regular PC (well, for my old one). Depending on security requirements, this may need adjustment. For LUKS1, you can just look at the iteration count on different systems and select one you like. You can also change the benchmark time with the -i parameter to create a header for a slower system. For LUKS2, the parameters are more complex. ARGON2 has iteration, parallelism and memory parameter. cryptsetup actually may adjust the memory parameter for time scaling. Hence to use -i is the easiest way to get slower or faster opening (default: 2000 = 2sec). Just make sure to not drop this too low or you may get a memory parameter that is to small to be secure. The luksDump command lists the memory parameter of a created LUKS2 keyslot in kB. That parameter should probably be not much lower than 100000, i.e. 100MB, but don't take my word for it. 05) Map the container. Here it will be mapped to /dev/mapper/c1: ``` cryptsetup luksOpen c1 ``` 06) (Optionally) wipe the container (make sure you have the right target!): ``` cat /dev/zero > /dev/mapper/c1 ``` This will take a while. Note that this creates a small information leak, as an attacker can determine whether a 512 byte block is zero if the attacker has access to the encrypted container multiple times. Typically a competent attacker that has access multiple times can install a passphrase sniffer anyways, so this leakage is not very significant. For getting a progress indicator, see step 03. 07) Create a file system in the mapped container, for example an ext3 file system (any other file system is possible): ``` mke2fs -j /dev/mapper/c1 ``` 08) Mount your encrypted file system, here on /mnt: ``` mount /dev/mapper/c1 /mnt ``` 09) Make a LUKS header backup and plan for a container backup. See Section 6 for details. Done. You can now use the encrypted file system to store data. Be sure to read through the rest of the FAQ, these are just the very basics. In particular, there are a number of mistakes that are easy to make, but will compromise your security. * **2.2 LUKS on partitions or raw disks? What about RAID?** Also see Item 2.8. This is a complicated question, and made more so by the availability of RAID and LVM. I will try to give some scenarios and discuss advantages and disadvantages. Note that I say LUKS for simplicity, but you can do all the things described with plain dm-crypt as well. Also note that your specific scenario may be so special that most or even all things I say below do not apply. Be aware that if you add LVM into the mix, things can get very complicated. Same with RAID but less so. In particular, data recovery can get exceedingly difficult. Only add LVM if you have a really good reason and always remember KISS is what separates an engineer from an amateur. Of course, if you really need the added complexity, KISS is satisfied. But be very sure as there is a price to pay for it. In engineering, complexity is always the enemy and needs to be fought without mercy when encountered. Also consider using RAID instead of LVM, as at least with the old superblock format 0.90, the RAID superblock is in the place (end of disk) where the risk of it damaging the LUKS header is smallest and you can have your array assembled by the RAID controller (i.e. the kernel), as it should be. Use partition type 0xfd for that. I recommend staying away from superblock formats 1.0, 1.1 and 1.2 unless you really need them. Scenarios: (1) Encrypted partition: Just make a partition to your liking, and put LUKS on top of it and a filesystem into the LUKS container. This gives you isolation of differently-tasked data areas, just as ordinary partitioning does. You can have confidential data, non-confidential data, data for some specific applications, user-homes, root, etc. Advantages are simplicity as there is a 1:1 mapping between partitions and filesystems, clear security functionality and the ability to separate data into different, independent (!) containers. Note that you cannot do this for encrypted root, that requires an initrd. On the other hand, an initrd is about as vulnerable to a competent attacker as a non-encrypted root, so there really is no security advantage to doing it that way. An attacker that wants to compromise your system will just compromise the initrd or the kernel itself. The better way to deal with this is to make sure the root partition does not store any critical data and to move that to additional encrypted partitions. If you really are concerned your root partition may be sabotaged by somebody with physical access (who would however strangely not, say, sabotage your BIOS, keyboard, etc.), protect it in some other way. The PC is just not set-up for a really secure boot-chain (whatever some people may claim). That said, if you want an encrypted root partition, you have to store an initrd with cryptsetup somewhere else. The traditional approach is to have a separate partition under /boot for that. You can also put that initrd on a bootable memory stick, bootable CD or bootable external drive as well. The kernel and Grub typically go to the same location as that initrd. A minimal example what such an initrd can look like is given in Section 9. (2) Fully encrypted raw block device: For this, put LUKS on the raw device (e.g. /dev/sdb) and put a filesystem into the LUKS container, no partitioning whatsoever involved. This is very suitable for things like external USB disks used for backups or offline data-storage. (3) Encrypted RAID: Create your RAID from partitions and/or full devices. Put LUKS on top of the RAID device, just if it were an ordinary block device. Applications are just the same as above, but you get redundancy. (Side note as many people seem to be unaware of it: You can do RAID1 with an arbitrary number of components in Linux.) See also Item 2.8. (4) Now, some people advocate doing the encryption below the RAID layer. That has several serious problems. One is that suddenly debugging RAID issues becomes much harder. You cannot do automatic RAID assembly anymore. You need to keep the encryption keys for the different RAID components in sync or manage them somehow. The only possible advantage is that things may run a little faster as more CPUs do the encryption, but if speed is a priority over security and simplicity, you are doing this wrong anyways. A good way to mitigate a speed issue is to get a CPU that does hardware AES as most do today. * **2.3 How do I set up encrypted swap?** As things that are confidential can end up in swap (keys, passphrases, etc. are usually protected against being swapped to disk, but other things may not be), it may be advisable to do something about the issue. One option is to run without swap, which generally works well in a desktop-context. It may cause problems in a server-setting or under special circumstances. The solution to that is to encrypt swap with a random key at boot-time. NOTE: This is for Debian, and should work for Debian-derived distributions. For others you may have to write your own startup script or use other mechanisms. 01) Add the swap partition to /etc/crypttab. A line like the following should do it: ``` swap /dev/ /dev/urandom swap,noearly ``` Warning: While Debian refuses to overwrite partitions with a filesystem or RAID signature on it, as your disk IDs may change (adding or removing disks, failure of disk during boot, etc.), you may want to take additional precautions. Yes, this means that your kernel device names like sda, sdb, ... can change between reboots! This is not a concern if you have only one disk. One possibility is to make sure the partition number is not present on additional disks or also swap there. Another is to encapsulate the swap partition (by making it a 1-partition RAID1 or by using LVM), as that gets a persistent identifier. Specifying it directly by UUID does not work, unfortunately, as the UUID is part of the swap signature and that is not visible from the outside due to the encryption and in addition changes on each reboot with this setup. Note: Use /dev/random if you are paranoid or in a potential low-entropy situation (embedded system, etc.). This may cause the operation to take a long time during boot however. If you are in a "no entropy" situation, you cannot encrypt swap securely. In this situation you should find some entropy, also because nothing else using crypto will be secure, like ssh, ssl or GnuPG. Note: The "noearly" option makes sure things like LVM, RAID, etc. are running. As swap is non-critical for boot, it is fine to start it late. 02) Add the swap partition to /etc/fstab. A line like the following should do it: ``` /dev/mapper/swap none swap sw 0 0 ``` That is it. Reboot or start it manually to activate encrypted swap. Manual start would look like this: ``` /etc/init.d/cryptdisks start swapon /dev/mapper/swap ``` * **2.4 What is the difference between "plain" and LUKS format?** First, unless you happen to understand the cryptographic background well, you should use LUKS. It does protect the user from a lot of common mistakes. Plain dm-crypt is for experts. Plain format is just that: It has no metadata on disk, reads all parameters from the commandline (or the defaults), derives a volume-key from the passphrase and then uses that to de-/encrypt the sectors of the device, with a direct 1:1 mapping between encrypted and decrypted sectors. Primary advantage is high resilience to damage, as one damaged encrypted sector results in exactly one damaged decrypted sector. Also, it is not readily apparent that there even is encrypted data on the device, as an overwrite with crypto-grade randomness (e.g. from /dev/urandom) looks exactly the same on disk. Side-note: That has limited value against the authorities. In civilized countries, they cannot force you to give up a crypto-key anyways. In quite a few countries around the world, they can force you to give up the keys (using imprisonment or worse to pressure you, sometimes without due process), and in the worst case, they only need a nebulous "suspicion" about the presence of encrypted data. Sometimes this applies to everybody, sometimes only when you are suspected of having "illicit data" (definition subject to change) and sometimes specifically when crossing a border. Note that this is going on in countries like the US and the UK to different degrees and sometimes with courts restricting what the authorities can actually demand. My advice is to either be ready to give up the keys or to not have encrypted data when traveling to those countries, especially when crossing the borders. The latter also means not having any high-entropy (random) data areas on your disk, unless you can explain them and demonstrate that explanation. Hence doing a zero-wipe of all free space, including unused space, may be a good idea. Disadvantages are that you do not have all the nice features that the LUKS metadata offers, like multiple passphrases that can be changed, the cipher being stored in the metadata, anti-forensic properties like key-slot diffusion and salts, etc.. LUKS format uses a metadata header and 8 key-slot areas that are being placed at the beginning of the disk, see below under "What does the LUKS on-disk format looks like?". The passphrases are used to decrypt a single volume key that is stored in the anti-forensic stripes. LUKS2 adds some more flexibility. Advantages are a higher usability, automatic configuration of non-default crypto parameters, defenses against low-entropy passphrases like salting and iterated PBKDF2 or ARGON 2 passphrase hashing, the ability to change passphrases, and others. Disadvantages are that it is readily obvious there is encrypted data on disk (but see side note above) and that damage to the header or key-slots usually results in permanent data-loss. See below under "6. Backup and Data Recovery" on how to reduce that risk. Also the sector numbers get shifted by the length of the header and key-slots and there is a loss of that size in capacity. Unless you have a specific need, use LUKS2. * **2.5 Can I encrypt an existing, non-empty partition to use LUKS?** There is no converter, and it is not really needed. The way to do this is to make a backup of the device in question, securely wipe the device (as LUKS device initialization does not clear away old data), do a luksFormat, optionally overwrite the encrypted device, create a new filesystem and restore your backup on the now encrypted device. Also refer to sections "Security Aspects" and "Backup and Data Recovery". For backup, plain GNU tar works well and backs up anything likely to be in a filesystem. * **2.6 How do I use LUKS with a loop-device?** This can be very handy for experiments. Setup is just the same as with any block device. If you want, for example, to use a 100MiB file as LUKS container, do something like this: ``` head -c 100M /dev/zero > luksfile # create empty file losetup /dev/loop0 luksfile # map file to /dev/loop0 cryptsetup luksFormat --type luks2 /dev/loop0 # create LUKS2 container ``` Afterwards just use /dev/loop0 as a you would use a LUKS partition. To unmap the file when done, use "losetup -d /dev/loop0". * **2.7 When I add a new key-slot to LUKS, it asks for a passphrase but then complains about there not being a key-slot with that passphrase?** That is as intended. You are asked a passphrase of an existing key-slot first, before you can enter the passphrase for the new key-slot. Otherwise you could break the encryption by just adding a new key-slot. This way, you have to know the passphrase of one of the already configured key-slots in order to be able to configure a new key-slot. * **2.8 Encryption on top of RAID or the other way round?** Also see Item 2.2. Unless you have special needs, place encryption between RAID and filesystem, i.e. encryption on top of RAID. You can do it the other way round, but you have to be aware that you then need to give the passphrase for each individual disk and RAID auto-detection will not work anymore. Therefore it is better to encrypt the RAID device, e.g. /dev/dm0 . This means that the typical layering looks like this: ``` Filesystem <- top | Encryption (LUKS) | RAID | Raw partitions (optional) | Raw disks <- bottom ``` The big advantage of this is that you can manage the RAID container just like any other regular RAID container, it does not care that its content is encrypted. This strongly cuts down on complexity, something very valuable with storage encryption. Try to avoid so-called fake RAID (RAID configured from BIOS but handled by proprietary drivers). Note that some fake RAID firmware automatically writes signature on disks if enabled. This causes corruption of LUKS metadata. Be sure to switch the RAID option off in BIOS if you do not use it. Another data corruption can happen if you resize (enlarge) the underlying device and some remnant metadata appear near the end of the resized device (like a secondary copy of the GPT table). You can use wipefs command to detect and wipe such signatures. * **2.9 How do I read a dm-crypt key from file?** Use the --key-file option, like this: ``` cryptsetup create --key-file keyfile e1 /dev/loop0 ``` This will read the binary key from file, i.e. no hashing or transformation will be applied to the keyfile before its bits are used as key. Extra bits (beyond the length of the key) at the end are ignored. Note that if you read from STDIN, the data will be hashed, just as a key read interactively from the terminal. See the man-page sections "NOTES ON PASSPHRASE PROCESSING..." for more detail. * **2.10 How do I read a LUKS slot key from file?** What you really do here is to read a passphrase from file, just as you would with manual entry of a passphrase for a key-slot. You can add a new passphrase to a free key-slot, set the passphrase of an specific key-slot or put an already configured passphrase into a file. Make sure no trailing newline (0x0a) is contained in the input key file, or the passphrase will not work because the whole file is used as input. To add a new passphrase to a free key slot from file, use something like this: ``` cryptsetup luksAddKey /dev/loop0 keyfile ``` To add a new passphrase to a specific key-slot, use something like this: ``` cryptsetup luksAddKey --key-slot 7 /dev/loop0 keyfile ``` To supply a key from file to any LUKS command, use the --key-file option, e.g. like this: ``` cryptsetup luksOpen --key-file keyfile /dev/loop0 e1 ``` * **2.11 How do I read the LUKS volume key from file?** The question you should ask yourself first is why you would want to do this. The only legitimate reason I can think of is if you want to have two LUKS devices with the same volume key. Even then, I think it would be preferable to just use key-slots with the same passphrase, or to use plain dm-crypt instead. Use the --volume-key-file option, like this: ``` cryptsetup luksFormat --volume-key-file keyfile /dev/loop0 ``` * **2.12 What are the security requirements for a key read from file?** A file-stored key or passphrase has the same security requirements as one entered interactively, however you can use random bytes and thereby use bytes you cannot type on the keyboard. You can use any file you like as key file, for example a plain text file with a human readable passphrase. To generate a file with random bytes, use something like this: ``` head -c 256 /dev/random > keyfile ``` * **2.13 If I map a journaled file system using dm-crypt/LUKS, does it still provide its usual transactional guarantees?** Yes, it does, unless a very old kernel is used. The required flags come from the filesystem layer and are processed and passed onward by dm-crypt (regardless of direct key management or LUKS key management). A bit more information on the process by which transactional guarantees are implemented can be found here: https://lwn.net/Articles/400541/ Please note that these "guarantees" are weaker than they appear to be. One problem is that quite a few disks lie to the OS about having flushed their buffers. This is likely still true with SSDs. Some other things can go wrong as well. The filesystem developers are aware of these problems and typically can make it work anyways. That said, dm-crypt/LUKS will not make things worse. One specific problem you can run into is that you can get short freezes and other slowdowns due to the encryption layer. Encryption takes time and forced flushes will block for that time. For example, I did run into frequent small freezes (1-2 sec) when putting a vmware image on ext3 over dm-crypt. When I went back to ext2, the problem went away. This seems to have gotten better with kernel 2.6.36 and the reworking of filesystem flush locking mechanism (less blocking of CPU activity during flushes). This should improve further and eventually the problem should go away. * **2.14 Can I use LUKS or cryptsetup with a more secure (external) medium for key storage, e.g. TPM or a smartcard?** Yes, see the answers on using a file-supplied key. You do have to write the glue-logic yourself though. Basically you can have cryptsetup read the key from STDIN and write it there with your own tool that in turn gets the key from the more secure key storage. * **2.15 Can I resize a dm-crypt or LUKS container?** Yes, you can, as neither dm-crypt nor LUKS1 stores partition size and LUKS2 uses a generic "whole device" size as default. Note that LUKS2 can use specified data-area sizes as a non-standard case and that these may cause issues when resizing a LUKS2 container if set to a specific value. Whether you should do this is a different question. Personally I recommend backup, recreation of the dm-crypt or LUKS container with new size, recreation of the filesystem and restore. This gets around the tricky business of resizing the filesystem. Resizing a dm-crypt or LUKS container does not resize the filesystem in it. A backup is really non-optional here, as a lot can go wrong, resulting in partial or complete data loss. But if you have that backup, you can also just recreate everything. You also need to be aware of size-based limitations. The one currently relevant is that aes-xts-plain should not be used for encrypted container sizes larger than 2TiB. Use aes-xts-plain64 for that. * **2.16 How do I Benchmark the Ciphers, Hashes and Modes?** Since version 1.60 cryptsetup supports the "benchmark" command. Simply run as root: ``` cryptsetup benchmark ``` You can get more than the default benchmarks, see the man-page for the relevant parameters. Note that XTS mode takes two keys, hence the listed key sizes are double that for other modes and half of it is the cipher key, the other half is the XTS key. * **2.17 How do I Verify I have an Authentic cryptsetup Source Package?** Current maintainer is Milan Broz and he signs the release packages with his PGP key. The key he currently uses is the "RSA key ID D93E98FC", fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC. While I have every confidence this really is his key and that he is who he claims to be, don't depend on it if your life is at stake. For that matter, if your life is at stake, don't depend on me being who I claim to be either. That said, as cryptsetup is under good version control and a malicious change should be noticed sooner or later, but it may take a while. Also, the attacker model makes compromising the sources in a non-obvious way pretty hard. Sure, you could put the volume-key somewhere on disk, but that is rather obvious as soon as somebody looks as there would be data in an empty LUKS container in a place it should not be. Doing this in a more nefarious way, for example hiding the volume-key in the salts, would need a look at the sources to be discovered, but I think that somebody would find that sooner or later as well. That said, this discussion is really a lot more complicated and longer as an FAQ can sustain. If in doubt, ask on the mailing list. * **2.18 Is there a concern with 4k Sectors?** Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though. Also note that SSDs typically have much larger blocks internally (e.g. 128kB or even larger). * **2.19 How can I wipe a device with crypto-grade randomness?** The conventional recommendation if you want to do more than just a zero-wipe is to use something like ``` cat /dev/urandom > ``` That used to very slow and painful at 10-20MB/s on a fast computer, but newer kernels can give you > 200MB/s (depending on hardware). An alternative is using cryptsetup and a plain dm-crypt device with a random key, which is fast and on the same level of security. The defaults are quite enough. For device set-up, do the following: ``` cryptsetup open --type plain -d /dev/urandom /dev/ target ``` This maps the container as plain under /dev/mapper/target with a random password. For the actual wipe you have several options. Basically, you pipe zeroes into the opened container that then get encrypted. Simple wipe without progress-indicator: ``` cat /dev/zero > /dev/mapper/to_be_wiped ``` Progress-indicator by dd_rescue: ``` dd_rescue -w /dev/zero /dev/mapper/to_be_wiped ``` Progress-indicator by my "wcs" stream meter (available from https://www.tansi.org/tools/index.html ): ``` cat /dev/zero | wcs > /dev/mapper/to_be_wiped ``` Or use plain "dd", which gives you the progress when sent a SIGUSR1, see the dd man page. The GNU "dd" command supports the "status=progress" operand that gives you the progress without having to send it any signal. Remove the mapping at the end and you are done. * **2.20 How do I wipe only the LUKS header?** This does _not_ describe an emergency wipe procedure, see Item 5.4 for that. This procedure here is intended to be used when the data should stay intact, e.g. when you change your LUKS container to use a detached header and want to remove the old one. Please only do this if you have a current backup. LUKS1: 01) Determine header size in 512 Byte sectors with luksDump: ``` cryptsetup luksDump -> ... Payload offset: [of 512 byte sectors] ... ``` 02) Take the result number, multiply by 512 zeros and write to the start of the device, e.g. using one of the following alternatives: ``` dd bs=512 count= if=/dev/zero of= ``` ``` head -c /dev/zero > /dev/ ``` LUKS2: (warning, untested! Remember that backup?) This assumes the LUKS2 container uses the defaults, in particular there is only one data segment. 01) Determine the data-segment offset using luksDump, same as above for LUKS1: ``` cryptsetup luksDump -> ... Data segments: 0: crypt offset: [bytes] ... ``` 02) Overwrite the stated number of bytes from the start of the device. Just to give yet another way to get a defined number of zeros: ``` head -c /dev/zero > /dev/ ``` # 3. Common Problems * **3.1 My dm-crypt/LUKS mapping does not work! What general steps are there to investigate the problem?** If you get a specific error message, investigate what it claims first. If not, you may want to check the following things. - Check that "/dev", including "/dev/mapper/control" is there. If it is missing, you may have a problem with the "/dev" tree itself or you may have broken udev rules. - Check that you have the device mapper and the crypt target in your kernel. The output of "dmsetup targets" should list a "crypt" target. If it is not there or the command fails, add device mapper and crypt-target to the kernel. - Check that the hash-functions and ciphers you want to use are in the kernel. The output of "cat /proc/crypto" needs to list them. * **3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup.** The default cipher, hash or mode may have changed (the mode changed from 1.0.x to 1.1.x). See under "Issues With Specific Versions of cryptsetup". * **3.3 When I call cryptsetup from cron/CGI, I get errors about unknown features?** If you get errors about unknown parameters or the like that are not present when cryptsetup is called from the shell, make sure you have no older version of cryptsetup on your system that then gets called by cron/CGI. For example some distributions install cryptsetup into /usr/sbin, while a manual install could go to /usr/local/sbin. As a debugging aid, call "cryptsetup --version" from cron/CGI or the non-shell mechanism to be sure the right version gets called. * **3.4 Unlocking a LUKS device takes very long. Why?** The unlock time for a key-slot (see Section 5 for an explanation what iteration does) is calculated when setting a passphrase. By default it is 1 second (2 seconds for LUKS2). If you set a passphrase on a fast machine and then unlock it on a slow machine, the unlocking time can be much longer. Also take into account that up to 8 key-slots (LUKS2: up to 32 key-slots) have to be tried in order to find the right one. If this is the problem, you can add another key-slot using the slow machine with the same passphrase and then remove the old key-slot. The new key-slot will have the unlock time adjusted to the slow machine. Use luksKeyAdd and then luksKillSlot or luksRemoveKey. You can also use the -i option to reduce iteration time (and security level) when setting a passphrase. Default is 1000 (1 sec) for LUKS1 and 2000 (2sec) for LUKS2. However, this operation will not change volume key iteration count ("MK iterations" for LUKS1, "Iterations" under "Digests" for LUKS2). In order to change that, you will have to backup the data in the LUKS container (i.e. your encrypted data), luksFormat on the slow machine and restore the data. Note that MK iterations are not very security relevant. * **3.5 "blkid" sees a LUKS UUID and an ext2/swap UUID on the same device. What is wrong?** Some old versions of cryptsetup have a bug where the header does not get completely wiped during LUKS format and an older ext2/swap signature remains on the device. This confuses blkid. Fix: Wipe the unused header areas by doing a backup and restore of the header with cryptsetup 1.1.x or later: ``` cryptsetup luksHeaderBackup --header-backup-file cryptsetup luksHeaderRestore --header-backup-file ``` * **3.6 I see a data corruption with the Intel QAT kernel driver; why?** Intel QAT crypto API drivers have severe bugs that are not fixed for years. If you see data corruption, please disable the QAT in the BIOS or avoid loading kernel Intel QAT drivers (switch to software crypto implementation or AES-NI). For more info, see posts in dm-devel list https://lore.kernel.org/dm-devel/?q=intel+qat # 4. Troubleshooting * **4.1 I get the error "LUKS keyslot x is invalid." What does that mean?** For LUKS1, this means that the given keyslot has an offset that points outside the valid keyslot area. Typically, the reason is a corrupted LUKS1 header because something was written to the start of the device the LUKS1 container is on. For LUKS2, I do not know when this error can happen, but I expect it will be something similar. Refer to Section "Backup and Data Recovery" and ask on the mailing list if you have trouble diagnosing and (if still possible) repairing this. * **4.2 I cannot unlock my LUKS container! What could be the problem?** First, make sure you have a correct passphrase. Then make sure you have the correct key-map and correct keyboard. And then make sure you have the correct character set and encoding, see also "PASSPHRASE CHARACTER SET" under Section 1.2. If you are sure you are entering the passphrase right, there is the possibility that the respective key-slot has been damaged. There is no way to recover a damaged key-slot, except from a header backup (see Section 6). For security reasons, there is also no checksum in the key-slots that could tell you whether a key-slot has been damaged. The only checksum present allows recognition of a correct passphrase, but that only works with that correct passphrase and a respective key-slot that is intact. In order to find out whether a key-slot is damaged one has to look for "non-random looking" data in it. There is a tool that automates this for LUKS1 in the cryptsetup distribution from version 1.6.0 onwards. It is located in misc/keyslot_checker/. Instructions how to use and how to interpret results are in the README file. Note that this tool requires a libcryptsetup from cryptsetup 1.6.0 or later (which means libcryptsetup.so.4.5.0 or later). If the tool complains about missing functions in libcryptsetup, you likely have an earlier version from your distribution still installed. You can either point the symbolic link(s) from libcryptsetup.so.4 to the new version manually, or you can uninstall the distribution version of cryptsetup and re-install that from cryptsetup >= 1.6.0 again to fix this. * **4.3 Can a bad RAM module cause problems?** LUKS and dm-crypt can give the RAM quite a workout, especially when combined with software RAID. In particular the combination RAID5 + LUKS1 + XFS seems to uncover RAM problems that do not cause obvious problems otherwise. Symptoms vary, but often the problem manifests itself when copying large amounts of data, typically several times larger than your main memory. Note: One thing you should always do on large data copying or movements is to run a verify, for example with the "-d" option of "tar" or by doing a set of MD5 checksums on the source or target with ``` find . -type f -exec md5sum \{\} \; > checksum-file ``` and then a "md5sum -c checksum-file" on the other side. If you get mismatches here, RAM is the primary suspect. A lesser suspect is an overclocked CPU. I have found countless hardware problems in verify runs after copying data or making backups. Bit errors are much more common than most people think. Some RAM issues are even worse and corrupt structures in one of the layers. This typically results in lockups, CPU state dumps in the system logs, kernel panic or other things. It is quite possible to have a problem with an encrypted device, but not with an otherwise the same unencrypted device. The reason for that is that encryption has an error amplification property: If you flip one bit in an encrypted data block, the decrypted version has half of its bits flipped. This is actually an important security property for modern ciphers. With the usual modes in cryptsetup (CBC, ESSIV, XTS), you can get a completely changed 512 byte block for a bit error. A corrupt block causes a lot more havoc than the occasionally flipped single bit and can result in various obscure errors. Note that a verify run on copying between encrypted or unencrypted devices will reliably detect corruption, even when the copying itself did not report any problems. If you find defect RAM, assume all backups and copied data to be suspect, unless you did a verify. * **4.4 How do I test RAM?** First you should know that overclocking often makes memory problems worse. So if you overclock (which I strongly recommend against in a system holding data that has any worth), run the tests with the overclocking active. There are two good options. One is Memtest86+ and the other is "memtester" by Charles Cazabon. Memtest86+ requires a reboot and then takes over the machine, while memtester runs from a root-shell. Both use different testing methods and I have found problems fast with either one that the other needed long to find. I recommend running the following procedure until the first error is found: - Run Memtest86+ for one cycle - Run memtester for one cycle (shut down as many other applications as possible and use the largest memory area you can get) - Run Memtest86+ for 24h or more - Run memtester for 24h or more If all that does not produce error messages, your RAM may be sound, but I have had one weak bit in the past that Memtest86+ needed around 60 hours to find. If you can reproduce the original problem reliably, a good additional test may be to remove half of the RAM (if you have more than one module) and try whether the problem is still there and if so, try with the other half. If you just have one module, get a different one and try with that. If you do overclocking, reduce the settings to the most conservative ones available and try with that. * **4.5 Is there a risk using debugging tools like strace?** There most definitely is. A dump from strace and friends can contain all data entered, including the full passphrase. Example with strace and passphrase "test": ``` > strace cryptsetup luksOpen /dev/sda10 c1 ... read(6, "test\n", 512) = 5 ... ``` Depending on different factors and the tool used, the passphrase may also be encoded and not plainly visible. Hence it is never a good idea to give such a trace from a live container to anybody. Recreate the problem with a test container or set a temporary passphrase like "test" and use that for the trace generation. Item 2.6 explains how to create a loop-file backed LUKS container that may come in handy for this purpose. See also Item 6.10 for another set of data you should not give to others. # 5. Security Aspects * **5.1 How long is a secure passphrase?** This is just the short answer. For more info and explanation of some of the terms used in this item, read the rest of Section 5. The actual recommendation is at the end of this item. First, passphrase length is not really the right measure, passphrase entropy is. If your passphrase is 200 times the letter "a", it is long but has very low entropy and is pretty insecure. For example, a random lowercase letter (a-z) gives you 4.7 bit of entropy, one element of a-z0-9 gives you 5.2 bits of entropy, an element of a-zA-Z0-9 gives you 5.9 bits and a-zA-Z0-9!@#$%\^&:-+ gives you 6.2 bits. On the other hand, a random English word only gives you 0.6...1.3 bits of entropy per character. Using sentences that make sense gives lower entropy, series of random words gives higher entropy. Do not use sentences that can be tied to you or found on your computer. This type of attack is done routinely today. That said, it does not matter too much what scheme you use, but it does matter how much entropy your passphrase contains, because an attacker has to try on average ``` 1/2 * 2^(bits of entropy in passphrase) ``` different passphrases to guess correctly. Historically, estimations tended to use computing time estimates, but more modern approaches try to estimate cost of guessing a passphrase. As an example, I will try to get an estimate from the numbers in https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40 This thing costs 23kUSD and does 68Ghashes/sec for SHA1. This is in 2017. Incidentally, my older calculation for a machine around 1000 times slower was off by a factor of about 1000, but in the right direction, i.e. I estimated the attack to be too easy. Nobody noticed ;-) On the plus side, the tables are now (2017) pretty much accurate. More references can be found at the end of this document. Note that these are estimates from the defender side, so assuming something is easier than it actually is fine. An attacker may still have significantly higher cost than estimated here. LUKS1 used SHA1 (since version 1.7.0 it uses SHA256) for hashing per default. We will leave aside the check whether a try actually decrypts a key-slot. I will assume a useful lifetime of the hardware of 2 years. (This is on the low side.) Disregarding downtime, the machine can then break ``` N = 68*10^9 * 3600 * 24 * 365 * 2 ~ 4*10^18 ``` passphrases for EUR/USD 23k. That is one 62 bit passphrase hashed once with SHA1 for EUR/USD 23k. This can be parallelized, it can be done faster than 2 years with several of these machines. For LUKS2, things look a bit better, as the advantage of using graphics cards is massively reduced. Using the recommendations below should hence be fine for LUKS2 as well and give a better security margin. For plain dm-crypt (no hash iteration) this is it. This gives (with SHA1, plain dm-crypt default is ripemd160 which seems to be slightly slower than SHA1): ``` Passphrase entropy Cost to break 60 bit EUR/USD 6k 65 bit EUR/USD 200K 70 bit EUR/USD 6M 75 bit EUR/USD 200M 80 bit EUR/USD 6B 85 bit EUR/USD 200B ... ... ``` For LUKS1, you have to take into account hash iteration in PBKDF2. For a current CPU, there are about 100k iterations (as can be queried with ''cryptsetup luksDump''. The table above then becomes: ``` Passphrase entropy Cost to break 50 bit EUR/USD 600k 55 bit EUR/USD 20M 60 bit EUR/USD 600M 65 bit EUR/USD 20B 70 bit EUR/USD 600B 75 bit EUR/USD 20T ... ... ``` Recommendation: To get reasonable security for the next 10 years, it is a good idea to overestimate by a factor of at least 1000. Then there is the question of how much the attacker is willing to spend. That is up to your own security evaluation. For general use, I will assume the attacker is willing to spend up to 1 million EUR/USD. Then we get the following recommendations: Plain dm-crypt: Use > 80 bit. That is e.g. 17 random chars from a-z or a random English sentence of > 135 characters length. LUKS1 and LUKS2: Use > 65 bit. That is e.g. 14 random chars from a-z or a random English sentence of > 108 characters length. If paranoid, add at least 20 bit. That is roughly four additional characters for random passphrases and roughly 32 characters for a random English sentence. * **5.2 Is LUKS insecure? Everybody can see I have encrypted data!** In practice it does not really matter. In most civilized countries you can just refuse to hand over the keys, no harm done. In some countries they can force you to hand over the keys if they suspect encryption. The suspicion is enough, they do not have to prove anything. This is for practical reasons, as even the presence of a header (like the LUKS header) is not enough to prove that you have any keys. It might have been an experiment, for example. Or it was used as encrypted swap with a key from /dev/random. So they make you prove you do not have encrypted data. Of course, if true, that is impossible and hence the whole idea is not compatible with fair laws. Note that in this context, countries like the US or the UK are not civilized and do not have fair laws. As a side-note, standards for biometrics (fingerprint, retina, vein-pattern, etc.) are often different and much lower. If you put your LUKS passphrase into a device that can be unlocked using biometrics, they may force a biometric sample in many countries where they could not force you to give them a passphrase you solely have in your memory and can claim to have forgotten if needed (it happens). If you need protection on this level, make sure you know what the respective legal situation is, also while traveling, and make sure you decide beforehand what you will do if push comes to shove as they will definitely put you under as much pressure as they can legally apply. This means that if you have a large set of random-looking data, they can already lock you up. Hidden containers (encryption hidden within encryption), as possible with Truecrypt, do not help either. They will just assume the hidden container is there and unless you hand over the key, you will stay locked up. Don't have a hidden container? Tough luck. Anybody could claim that. Still, if you are concerned about the LUKS header, use plain dm-crypt with a good passphrase. See also Section 2, "What is the difference between "plain" and LUKS format?" * **5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition?** If you just create a filesystem on it, most of the old data will still be there. If the old data is sensitive, you should overwrite it before encrypting. In any case, not initializing will leave the old data there until the specific sector gets written. That may enable an attacker to determine how much and where on the partition data was written. If you think this is a risk, you can prevent this by overwriting the encrypted device (here assumed to be named "e1") with zeros like this: ``` dd_rescue -w /dev/zero /dev/mapper/e1 ``` or alternatively with one of the following more standard commands: ``` cat /dev/zero > /dev/mapper/e1 dd if=/dev/zero of=/dev/mapper/e1 ``` * **5.4 How do I securely erase a LUKS container?** For LUKS, if you are in a desperate hurry, overwrite the LUKS header and key-slot area. For LUKS1 and LUKS2, just be generous and overwrite the first 100MB. A single overwrite with zeros should be enough. If you anticipate being in a desperate hurry, prepare the command beforehand. Example with /dev/sde1 as the LUKS partition and default parameters: ``` head -c 100000000 /dev/zero > /dev/sde1; sync ``` A LUKS header backup or full backup will still grant access to most or all data, so make sure that an attacker does not have access to backups or destroy them as well. Also note that SSDs and also some HDDs (SMR and hybrid HDDs, for example) may not actually overwrite the header and only do that an unspecified and possibly very long time later. The only way to be sure there is physical destruction. If the situation permits, do both overwrite and physical destruction. If you have time, overwrite the whole drive with a single pass of random data. This is enough for most HDDs. For SSDs or FLASH (USB sticks) or SMR or hybrid drives, you may want to overwrite the whole drive several times to be sure data is not retained. This is possibly still insecure as the respective technologies are not fully understood in this regard. Still, due to the anti-forensic properties of the LUKS key-slots, a single overwrite could be enough. If in doubt, use physical destruction in addition. Here is a link to some current research results on erasing SSDs and FLASH drives: https://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf Keep in mind to also erase all backups. Example for a random-overwrite erase of partition sde1 done with dd_rescue: ``` dd_rescue -w /dev/urandom /dev/sde1 ``` * **5.5 How do I securely erase a backup of a LUKS partition or header?** That depends on the medium it is stored on. For HDD and SSD, use overwrite with random data. For an SSD, FLASH drive (USB stick) hybrid HDD or SMR HDD, you may want to overwrite the complete drive several times and use physical destruction in addition, see last item. For re-writable CD/DVD, a single overwrite should be enough, due to the anti-forensic properties of the LUKS keyslots. For write-once media, use physical destruction. For low security requirements, just cut the CD/DVD into several parts. For high security needs, shred or burn the medium. If your backup is on magnetic tape, I advise physical destruction by shredding or burning, after (!) overwriting. The problem with magnetic tape is that it has a higher dynamic range than HDDs and older data may well be recoverable after overwrites. Also write-head alignment issues can lead to data not actually being deleted during overwrites. The best option is to actually encrypt the backup, for example with PGP/GnuPG and then just destroy all copies of the encryption key if needed. Best keep them on paper, as that has excellent durability and secure destruction is easy, for example by burning and then crushing the ashes to a fine powder. A blender and water also works nicely. * **5.6 What about backup? Does it compromise security?** That depends. See item 6.7. * **5.7 Why is all my data permanently gone if I overwrite the LUKS header?** Overwriting the LUKS header in part or in full is the most common reason why access to LUKS containers is lost permanently. Overwriting can be done in a number of fashions, like creating a new filesystem on the raw LUKS partition, making the raw partition part of a RAID array and just writing to the raw partition. The LUKS1 header contains a 256 bit "salt" per key-slot and without that no decryption is possible. While the salts are not secret, they are key-grade material and cannot be reconstructed. This is a cryptographically strong "cannot". From observations on the cryptsetup mailing-list, people typically go though the usual stages of grief (Denial, Anger, Bargaining, Depression, Acceptance) when this happens to them. Observed times vary between 1 day and 2 weeks to complete the cycle. Seeking help on the mailing-list is fine. Even if we usually cannot help with getting back your data, most people found the feedback comforting. If your header does not contain an intact key-slot salt, best go directly to the last stage ("Acceptance") and think about what to do now. There is one exception that I know of: If your LUKS1 container is still open, then it may be possible to extract the volume key from the running system. See Item "How do I recover the volume key from a mapped LUKS1 container?" in Section "Backup and Data Recovery". For LUKS2, things are both better and worse. First, the salts are in a less vulnerable position now. But, on the other hand, the keys of a mapped (open) container are now stored in the kernel key-store, and while there probably is some way to get them out of there, I am not sure how much effort that needs. * **5.8 What is a "salt"?** A salt is a random key-grade value added to the passphrase before it is processed. It is not kept secret. The reason for using salts is as follows: If an attacker wants to crack the password for a single LUKS container, then every possible passphrase has to be tried. Typically an attacker will not try every binary value, but will try words and sentences from a dictionary. If an attacker wants to attack several LUKS containers with the same dictionary, then a different approach makes sense: Compute the resulting slot-key for each dictionary element and store it on disk. Then the test for each entry is just the slow unlocking with the slot key (say 0.00001 sec) instead of calculating the slot-key first (1 sec). For a single attack, this does not help. But if you have more than one container to attack, this helps tremendously, also because you can prepare your table before you even have the container to attack! The calculation is also very simple to parallelize. You could, for example, use the night-time unused CPU power of your desktop PCs for this. This is where the salt comes in. If the salt is combined with the passphrase (in the simplest form, just appended to it), you suddenly need a separate table for each salt value. With a reasonably-sized salt value (256 bit, e.g.) this is quite infeasible. * **5.9 Is LUKS secure with a low-entropy (bad) passphrase?** Short answer: yes. Do not use a low-entropy passphrase. Note: For LUKS2, protection for bad passphrases is a bit better due to the use of Argon2, but that is only a gradual improvement. Longer answer: This needs a bit of theory. The quality of your passphrase is directly related to its entropy (information theoretic, not thermodynamic). The entropy says how many bits of "uncertainty" or "randomness" are in you passphrase. In other words, that is how difficult guessing the passphrase is. Example: A random English sentence has about 1 bit of entropy per character. A random lowercase (or uppercase) character has about 4.7 bit of entropy. Now, if n is the number of bits of entropy in your passphrase and t is the time it takes to process a passphrase in order to open the LUKS container, then an attacker has to spend at maximum ``` attack_time_max = 2^n * t ``` time for a successful attack and on average half that. There is no way getting around that relationship. However, there is one thing that does help, namely increasing t, the time it takes to use a passphrase, see next FAQ item. Still, if you want good security, a high-entropy passphrase is the only option. For example, a low-entropy passphrase can never be considered secure against a TLA-level (Three Letter Agency level, i.e. government-level) attacker, no matter what tricks are used in the key-derivation function. Use at least 64 bits for secret stuff. That is 64 characters of English text (but only if randomly chosen) or a combination of 12 truly random letters and digits. For passphrase generation, do not use lines from very well-known texts (religious texts, Harry Potter, etc.) as they are too easy to guess. For example, the total Harry Potter has about 1'500'000 words (my estimation). Trying every 64 character sequence starting and ending at a word boundary would take only something like 20 days on a single CPU and is entirely feasible. To put that into perspective, using a number of Amazon EC2 High-CPU Extra Large instances (each gives about 8 real cores), this test costs currently about 50USD/EUR, but can be made to run arbitrarily fast. On the other hand, choosing 1.5 lines from, say, the Wheel of Time, is in itself not more secure, but the book selection adds quite a bit of entropy. (Now that I have mentioned it here, don't use tWoT either!) If you add 2 or 3 typos and switch some words around, then this is good passphrase material. * **5.10 What is "iteration count" and why is decreasing it a bad idea?** LUKS1: Iteration count is the number of PBKDF2 iterations a passphrase is put through before it is used to unlock a key-slot. Iterations are done with the explicit purpose to increase the time that it takes to unlock a key-slot. This provides some protection against use of low-entropy passphrases. The idea is that an attacker has to try all possible passphrases. Even if the attacker knows the passphrase is low-entropy (see last item), it is possible to make each individual try take longer. The way to do this is to repeatedly hash the passphrase for a certain time. The attacker then has to spend the same time (given the same computing power) as the user per try. With LUKS1, the default is 1 second of PBKDF2 hashing. Example 1: Lets assume we have a really bad passphrase (e.g. a girlfriends name) with 10 bits of entropy. With the same CPU, an attacker would need to spend around 500 seconds on average to break that passphrase. Without iteration, it would be more like 0.0001 seconds on a modern CPU. Example 2: The user did a bit better and has 32 chars of English text. That would be about 32 bits of entropy. With 1 second iteration, that means an attacker on the same CPU needs around 136 years. That is pretty impressive for such a weak passphrase. Without the iterations, it would be more like 50 days on a modern CPU, and possibly far less. In addition, the attacker can both parallelize and use special hardware like GPUs or FPGAs to speed up the attack. The attack can also happen quite some time after the luksFormat operation and CPUs can have become faster and cheaper. For that reason you want a bit of extra security. Anyways, in Example 1 your are screwed. In example 2, not necessarily. Even if the attack is faster, it still has a certain cost associated with it, say 10000 EUR/USD with iteration and 1 EUR/USD without iteration. The first can be prohibitively expensive, while the second is something you try even without solid proof that the decryption will yield something useful. The numbers above are mostly made up, but show the idea. Of course the best thing is to have a high-entropy passphrase. Would a 100 sec iteration time be even better? Yes and no. Cryptographically it would be a lot better, namely 100 times better. However, usability is a very important factor for security technology and one that gets overlooked surprisingly often. For LUKS, if you have to wait 2 minutes to unlock the LUKS container, most people will not bother and use less secure storage instead. It is better to have less protection against low-entropy passphrases and people actually use LUKS, than having them do without encryption altogether. Now, what about decreasing the iteration time? This is generally a very bad idea, unless you know and can enforce that the users only use high-entropy passphrases. If you decrease the iteration time without ensuring that, then you put your users at increased risk, and considering how rarely LUKS containers are unlocked in a typical work-flow, you do so without a good reason. Don't do it. The iteration time is already low enough that users with low entropy passphrases are vulnerable. Lowering it even further increases this danger significantly. LUKS2: Pretty much the same reasoning applies. The advantages of using GPUs or FPGAs in an attack have been significantly reduced, but that is the only main difference. * **5.11 Some people say PBKDF2 is insecure?** There is some discussion that a hash-function should have a "large memory" property, i.e. that it should require a lot of memory to be computed. This serves to prevent attacks using special programmable circuits, like FPGAs, and attacks using graphics cards. PBKDF2 does not need a lot of memory and is vulnerable to these attacks. However, the publication usually referred in these discussions is not very convincing in proving that the presented hash really is "large memory" (that may change, email the FAQ maintainer when it does) and it is of limited usefulness anyways. Attackers that use clusters of normal PCs will not be affected at all by a "large memory" property. For example the US Secret Service is known to use the off-hour time of all the office PCs of the Treasury for password breaking. The Treasury has about 110'000 employees. Assuming every one has an office PC, that is significant computing power, all of it with plenty of memory for computing "large memory" hashes. Bot-net operators also have all the memory they want. The only protection against a resourceful attacker is a high-entropy passphrase, see items 5.9 and 5.10. That said, LUKS2 defaults to Argon2, which has a large-memory property and massively reduces the advantages of GPUs and FPGAs. * **5.12 What about iteration count with plain dm-crypt?** Simple: There is none. There is also no salting. If you use plain dm-crypt, the only way to be secure is to use a high entropy passphrase. If in doubt, use LUKS instead. * **5.13 Is LUKS with default parameters less secure on a slow CPU?** Unfortunately, yes. However the only aspect affected is the protection for low-entropy passphrase or volume-key. All other security aspects are independent of CPU speed. The volume key is less critical, as you really have to work at it to give it low entropy. One possibility to mess this up is to supply the volume key yourself. If that key is low-entropy, then you get what you deserve. The other known possibility to create a LUKS container with a bad volume key is to use /dev/urandom for key generation in an entropy-starved situation (e.g. automatic installation on an embedded device without network and other entropy sources or installation in a VM under certain circumstances). For the passphrase, don't use a low-entropy passphrase. If your passphrase is good, then a slow CPU will not matter. If you insist on a low-entropy passphrase on a slow CPU, use something like "--iter-time=10000" or higher and wait a long time on each LUKS unlock and pray that the attacker does not find out in which way exactly your passphrase is low entropy. This also applies to low-entropy passphrases on fast CPUs. Technology can do only so much to compensate for problems in front of the keyboard. Also note that power-saving modes will make your CPU slower. This will reduce iteration count on LUKS container creation. It will keep unlock times at the expected values though at this CPU speed. * **5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv?** Note: This item applies both to plain dm-crypt and to LUKS The problem is that cbc-plain has a fingerprint vulnerability, where a specially crafted file placed into the crypto-container can be recognized from the outside. The issue here is that for cbc-plain the initialization vector (IV) is the sector number. The IV gets XORed to the first data chunk of the sector to be encrypted. If you make sure that the first data block to be stored in a sector contains the sector number as well, the first data block to be encrypted is all zeros and always encrypted to the same ciphertext. This also works if the first data chunk just has a constant XOR with the sector number. By having several shifted patterns you can take care of the case of a non-power-of-two start sector number of the file. This mechanism allows you to create a pattern of sectors that have the same first ciphertext block and signal one bit per sector to the outside, allowing you to e.g. mark media files that way for recognition without decryption. For large files this is a practical attack. For small ones, you do not have enough blocks to signal and take care of different file starting offsets. In order to prevent this attack, the default was changed to cbc-essiv. ESSIV uses a keyed hash of the sector number, with the encryption key as key. This makes the IV unpredictable without knowing the encryption key and the watermarking attack fails. * **5.15 Are there any problems with "plain" IV? What is "plain64"?** First, "plain" and "plain64" are both not secure to use with CBC, see previous FAQ item. However there are modes, like XTS, that are secure with "plain" IV. The next limit is that "plain" is 64 bit, with the upper 32 bit set to zero. This means that on volumes larger than 2TiB, the IV repeats, creating a vulnerability that potentially leaks some data. To avoid this, use "plain64", which uses the full sector number up to 64 bit. Note that "plain64" requires a kernel 2.6.33 or more recent. Also note that "plain64" is backwards compatible for volume sizes of maximum size 2TiB, but not for those > 2TiB. Finally, "plain64" does not cause any performance penalty compared to "plain". * **5.16 What about XTS mode?** XTS mode is potentially even more secure than cbc-essiv (but only if cbc-essiv is insecure in your scenario). It is a NIST standard and used, e.g. in Truecrypt. From version 1.6.0 of cryptsetup onwards, aes-xts-plain64 is the default for LUKS. If you want to use it with a cryptsetup before version 1.6.0 or with plain dm-crypt, you have to specify it manually as "aes-xts-plain", i.e. ``` cryptsetup -c aes-xts-plain luksFormat ``` For volumes >2TiB and kernels >= 2.6.33 use "plain64" (see FAQ item on "plain" and "plain64"): ``` cryptsetup -c aes-xts-plain64 luksFormat ``` There is a potential security issue with XTS mode and large blocks. LUKS and dm-crypt always use 512B blocks and the issue does not apply. * **5.17 Is LUKS FIPS-140-2 certified?** No. But that is more a problem of FIPS-140-2 than of LUKS. From a technical point-of-view, LUKS with the right parameters would be FIPS-140-2 compliant, but in order to make it certified, somebody has to pay real money for that. And then, whenever cryptsetup is changed or extended, the certification lapses and has to be obtained again. From the aspect of actual security, LUKS with default parameters should be as good as most things that are FIPS-140-2 certified, although you may want to make sure to use /dev/random (by specifying --use-random on luksFormat) as randomness source for the volume key to avoid being potentially insecure in an entropy-starved situation. * **5.18 What about Plausible Deniability?** First let me attempt a definition for the case of encrypted filesystems: Plausible deniability is when you store data inside an encrypted container and it is not possible to prove it is there without having a special passphrase. And at the same time it must be "plausible" that there actually is no hidden data there. As a simple entropy-analysis will show that here may be data there, the second part is what makes it tricky. There seem to be a lot of misunderstandings about this idea, so let me make it clear that this refers to the situation where the attackers can prove that there is data that either may be random or may be part of a plausible-deniability scheme, they just cannot prove which one it is. Hence a plausible-deniability scheme must hold up when the attackers know there is something potentially fishy. If you just hide data and rely on it not being found, that is just simple deniability, not "plausible" deniability and I am not talking about that in the following. Simple deniability against a low-competence attacker may be as simple as renaming a file or putting data into an unused part of a disk. Simple deniability against a high-skill attacker with time to invest is usually pointless unless you go for advanced steganographic techniques, which have their own drawbacks, such as low data capacity. Now, the idea of plausible deniability is compelling and on a first glance it seems possible to do it. And from a cryptographic point of view, it actually is possible. So, does the idea work in practice? No, unfortunately. The reasoning used by its proponents is fundamentally flawed in several ways and the cryptographic properties fail fatally when colliding with the real world. First, why should "I do not have a hidden partition" be any more plausible than "I forgot my crypto key" or "I wiped that partition with random data, nothing in there"? I do not see any reason. Second, there are two types of situations: Either they cannot force you to give them the key (then you simply do not) or they can. In the second case, they can always do bad things to you, because they cannot prove that you have the key in the first place! This means they do not have to prove you have the key, or that this random looking data on your disk is actually encrypted data. So the situation will allow them to waterboard/lock-up/deport you anyways, regardless of how "plausible" your deniability is. Do not have a hidden partition you could show to them, but there are indications you may? Too bad for you. Unfortunately "plausible deniability" also means you cannot prove there is no hidden data. Third, hidden partitions are not that hidden. There are basically just two possibilities: a) Make a large crypto container, but put a smaller filesystem in there and put the hidden partition into the free space. Unfortunately this is glaringly obvious and can be detected in an automated fashion. This means that the initial suspicion to put you under duress in order to make you reveal your hidden data is given. b) Make a filesystem that spans the whole encrypted partition, and put the hidden partition into space not currently used by that filesystem. Unfortunately that is also glaringly obvious, as you then cannot write to the filesystem without a high risk of destroying data in the hidden container. Have not written anything to the encrypted filesystem in a while? Too bad, they have the suspicion they need to do unpleasant things to you. To be fair, if you prepare option b) carefully and directly before going into danger, it may work. But then, the mere presence of encrypted data may already be enough to get you into trouble in those places were they can demand encryption keys. Here is an additional reference for some problems with plausible deniability: https://www.schneier.com/academic/paperfiles/paper-truecrypt-dfs.pdf I strongly suggest you read it. So, no, I will not provide any instructions on how to do it with plain dm-crypt or LUKS. If you insist on shooting yourself in the foot, you can figure out how to do it yourself. * **5.19 What about SSDs, Flash, Hybrid and SMR Drives?** The problem is that you cannot reliably erase parts of these devices, mainly due to wear-leveling and possibly defect management and delayed writes to the main data area. For example for SSDs, when overwriting a sector, what the device does is to move an internal sector (may be 128kB or even larger) to some pool of discarded, not-yet erased unused sectors, take a fresh empty sector from the empty-sector pool and copy the old sector over with the changes to the small part you wrote. This is done in some fashion so that larger writes do not cause a lot of small internal updates. The thing is that the mappings between outside-addressable sectors and inside sectors is arbitrary (and the vendors are not talking). Also the discarded sectors are not necessarily erased immediately. They may linger a long time. For plain dm-crypt, the consequences are that older encrypted data may be lying around in some internal pools of the device. Thus may or may not be a problem and depends on the application. Remember the same can happen with a filesystem if consecutive writes to the same area of a file can go to different sectors. However, for LUKS, the worst case is that key-slots and LUKS header may end up in these internal pools. This means that password management functionality is compromised (the old passwords may still be around, potentially for a very long time) and that fast erase by overwriting the header and key-slot area is insecure. Also keep in mind that the discarded/used pool may be large. For example, a 240GB SSD has about 16GB of spare area in the chips that it is free to do with as it likes. You would need to make each individual key-slot larger than that to allow reliable overwriting. And that assumes the disk thinks all other space is in use. Reading the internal pools using forensic tools is not that hard, but may involve some soldering. What to do? If you trust the device vendor (you probably should not...) you can try an ATA "secure erase" command. That is not present in USB keys though and may or may not be secure for a hybrid drive. If you can do without password management and are fine with doing physical destruction for permanently deleting data (always after one or several full overwrites!), you can use plain dm-crypt. If you want or need all the original LUKS security features to work, you can use a detached LUKS header and put that on a conventional, magnetic disk. That leaves potentially old encrypted data in the pools on the main disk, but otherwise you get LUKS with the same security as on a traditional magnetic disk. Note however that storage vendors are prone to lying to their customers. For example, it recently came out that HDDs sold without any warning or mentioning in the data-sheets were actually using SMR and that will write data first to a faster area and only overwrite the original data area some time later when things are quiet. If you are concerned about your laptop being stolen, you are likely fine using LUKS on an SSD or hybrid drive. An attacker would need to have access to an old passphrase (and the key-slot for this old passphrase would actually need to still be somewhere in the SSD) for your data to be at risk. So unless you pasted your old passphrase all over the Internet or the attacker has knowledge of it from some other source and does a targeted laptop theft to get at your data, you should be fine. * **5.20 LUKS1 is broken! It uses SHA-1!** No, it is not. SHA-1 is (academically) broken for finding collisions, but not for using it in a key-derivation function. And that collision vulnerability is for non-iterated use only. And you need the hash-value in verbatim. This basically means that if you already have a slot-key, and you have set the PBKDF2 iteration count to 1 (it is > 10'000 normally), you could (maybe) derive a different passphrase that gives you the same slot-key. But if you have the slot-key, you can already unlock the key-slot and get the volume key, breaking everything. So basically, this SHA-1 vulnerability allows you to open a LUKS1 container with high effort when you already have it open. The real problem here is people that do not understand crypto and claim things are broken just because some mechanism is used that has been broken for a specific different use. The way the mechanism is used matters very much. A hash that is broken for one use can be completely secure for other uses and here it is. Since version 1.7.0, cryptsetup uses SHA-256 as default to ensure that it will be compatible in the future. There are already some systems where SHA-1 is completely phased out or disabled by a security policy. * **5.21 Why is there no "Nuke-Option"?** A "Nuke-Option" or "Kill-switch" is a password that when entered upon unlocking instead wipes the header and all passwords. So when somebody forces you to enter your password, you can destroy the data instead. While this sounds attractive at first glance, it does not make sense once a real security analysis is done. One problem is that you have to have some kind of HSM (Hardware Security Module) in order to implement it securely. In the movies, a HSM starts to smoke and melt once the Nuke-Option has been activated. In actual reality, it just wipes some battery-backed RAM cells. A proper HSM costs something like 20'000...100'000 EUR/USD and there a Nuke-Option may make some sense. BTW, a chipcard or a TPM is not a HSM, although some vendors are promoting that myth. Now, a proper HSMs will have a wipe option but not a Nuke-Option, i.e. you can explicitly wipe the HSM, but by a different process than unlocking it takes. Why is that? Simple: If somebody can force you to reveal passwords, then they can also do bad things to you if you do not or if you enter a nuke password instead. Think locking you up for a few years for "destroying evidence" or for far longer and without trial for being a "terrorist suspect". No HSM maker will want to expose its customers to that risk. Now think of the typical LUKS application scenario, i.e. disk encryption. Usually the ones forcing you to hand over your password will have access to the disk as well, and, if they have any real suspicion, they will mirror your disk before entering anything supplied by you. This neatly negates any Nuke-Option. If they have no suspicion (just harassing people that cross some border for example), the Nuke-Option would work, but see above about likely negative consequences and remember that a Nuke-Option may not work reliably on SSD and hybrid drives anyways. Hence my advice is to never take data that you do not want to reveal into any such situation in the first place. There is no need to transfer data on physical carriers today. The Internet makes it quite possible to transfer data between arbitrary places and modern encryption makes it secure. If you do it right, nobody will even be able to identify source or destination. (How to do that is out of scope of this document. It does require advanced skills in this age of pervasive surveillance.) Hence, LUKS has no kill option because it would do much more harm than good. * **5.22 Does cryptsetup open network connections to websites, etc. ?** This question seems not to make much sense at first glance, but here is an example form the real world: The TrueCrypt GUI has a "Donation" button. Press it, and a web-connection to the TrueCrypt website is opened via the default browser, telling everybody that listens that you use TrueCrypt. In the worst case, things like this can get people tortured or killed. So: Cryptsetup will never open any network connections except the local netlink socket it needs to talk to the kernel crypto API. In addition, the installation package should contain all documentation, including this FAQ, so that you do not have to go to a web-site to read it. (If your distro cuts the docu, please complain to them.) In security software, any connection initiated to anywhere outside your machine should always be the result of an explicit request for such a connection by the user and cryptsetup will stay true to that principle. * **5.23 What is cryptsetup CVE-2021-4122?** CVE-2021-4122 describes a possible attack against data confidentiality through LUKS2 online reencryption extension crash recovery. An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device. This attack requires repeated physical access to the LUKS device but no knowledge of user passphrases. The decryption step is performed after a valid user activates the device with a correct passphrase and modified metadata. There are no visible warnings for the user that such recovery happened (except using the luksDump command). The attack can also be reversed afterward (simulating crashed encryption from a plaintext) with possible modification of revealed plaintext. The problem was fixed in cryptsetup version 2.4.3 and 2.3.7. For more info, please see the report here: https://seclists.org/oss-sec/2022/q1/34 # 6. Backup and Data Recovery * **6.1 Why do I need Backup?** First, disks die. The rate for well-treated (!) disk is about 5% per year, which is high enough to worry about. There is some indication that this may be even worse for some SSDs. This applies both to LUKS and plain dm-crypt partitions. Second, for LUKS, if anything damages the LUKS header or the key-stripe area then decrypting the LUKS device can become impossible. This is a frequent occurrence. For example an accidental format as FAT or some software overwriting the first sector where it suspects a partition boot sector typically makes a LUKS1 partition permanently inaccessible. See more below on LUKS header damage. So, data-backup in some form is non-optional. For LUKS, you may also want to store a header backup in some secure location. This only needs an update if you change passphrases. * **6.2 How do I backup a LUKS header?** While you could just copy the appropriate number of bytes from the start of the LUKS partition, the best way is to use command option "luksHeaderBackup" of cryptsetup. This protects also against errors when non-standard parameters have been used in LUKS partition creation. Example: ``` cryptsetup luksHeaderBackup --header-backup-file ``` To restore, use the inverse command, i.e. ``` cryptsetup luksHeaderRestore --header-backup-file ``` If you are unsure about a header to be restored, make a backup of the current one first! You can also test the header-file without restoring it by using the --header option for a detached header like this: ``` cryptsetup --header luksOpen ``` If that unlocks your key-slot, you are good. Do not forget to close the device again. Under some circumstances (damaged header), this fails. Then use the following steps in case it is LUKS1: First determine the volume (volume) key size: ``` cryptsetup luksDump ``` gives a line of the form ``` MK bits: ``` with bits equal to 256 for the old defaults and 512 for the new defaults. 256 bits equals a total header size of 1'052'672 Bytes and 512 bits one of 2MiB. (See also Item 6.12) If luksDump fails, assume 2MiB, but be aware that if you restore that, you may also restore the first 1M or so of the filesystem. Do not change the filesystem if you were unable to determine the header size! With that, restoring a too-large header backup is still safe. Second, dump the header to file. There are many ways to do it, I prefer the following: ``` head -c 1052672 > header_backup.dmp ``` or ``` head -c 2M > header_backup.dmp ``` for a 2MiB header. Verify the size of the dump-file to be sure. To restore such a backup, you can try luksHeaderRestore or do a more basic ``` cat header_backup.dmp > ``` * **6.3 How do I test for a LUKS header?** Use ``` cryptsetup -v isLuks ``` on the device. Without the "-v" it just signals its result via exit-status. You can also use the more general test ``` blkid -p ``` which will also detect other types and give some more info. Omit "-p" for old versions of blkid that do not support it. * **6.4 How do I backup a LUKS or dm-crypt partition?** There are two options, a sector-image and a plain file or filesystem backup of the contents of the partition. The sector image is already encrypted, but cannot be compressed and contains all empty space. The filesystem backup can be compressed, can contain only part of the encrypted device, but needs to be encrypted separately if so desired. A sector-image will contain the whole partition in encrypted form, for LUKS the LUKS header, the keys-slots and the data area. It can be done under Linux e.g. with dd_rescue (for a direct image copy) and with "cat" or "dd". Examples: ``` cat /dev/sda10 > sda10.img dd_rescue /dev/sda10 sda10.img ``` You can also use any other backup software that is capable of making a sector image of a partition. Note that compression is ineffective for encrypted data, hence it does not make sense to use it. For a filesystem backup, you decrypt and mount the encrypted partition and back it up as you would a normal filesystem. In this case the backup is not encrypted, unless your encryption method does that. For example you can encrypt a backup with "tar" as follows with GnuPG: ``` tar cjf - | gpg --cipher-algo AES -c - > backup.tbz2.gpg ``` And verify the backup like this if you are at "path": ``` cat backup.tbz2.gpg | gpg - | tar djf - ``` Note: Always verify backups, especially encrypted ones! There is one problem with verifying like this: The kernel may still have some files cached and in fact verify them against RAM or may even verify RAM against RAM, which defeats the purpose of the exercise. The following command empties the kernel caches: ``` echo 3 > /proc/sys/vm/drop_caches ``` Run it after backup and before verify. In both cases GnuPG will ask you interactively for your symmetric key. The verify will only output errors. Use "tar dvjf -" to get all comparison results. To make sure no data is written to disk unencrypted, turn off swap if it is not encrypted before doing the backup. Restore works like certification with the 'd' ('difference') replaced by 'x' ('eXtract'). Refer to the man-page of tar for more explanations and instructions. Note that with default options tar will overwrite already existing files without warning. If you are unsure about how to use tar, experiment with it in a location where you cannot do damage. You can of course use different or no compression and you can use an asymmetric key if you have one and have a backup of the secret key that belongs to it. A second option for a filesystem-level backup that can be used when the backup is also on local disk (e.g. an external USB drive) is to use a LUKS container there and copy the files to be backed up between both mounted containers. Also see next item. * **6.5 Do I need a backup of the full partition? Would the header and key-slots not be enough?** Backup protects you against two things: Disk loss or corruption and user error. By far the most questions on the dm-crypt mailing list about how to recover a damaged LUKS partition are related to user error. For example, if you create a new filesystem on a non-mapped LUKS container, chances are good that all data is lost permanently. For this case, a header+key-slot backup would often be enough. But keep in mind that a well-treated (!) HDD has roughly a failure risk of 5% per year. It is highly advisable to have a complete backup to protect against this case. * **6.6 What do I need to backup if I use "decrypt_derived"?** This is a script in Debian, intended for mounting /tmp or swap with a key derived from the volume key of an already decrypted device. If you use this for an device with data that should be persistent, you need to make sure you either do not lose access to that volume key or have a backup of the data. If you derive from a LUKS device, a header backup of that device would cover backing up the volume key. Keep in mind that this does not protect against disk loss. Note: If you recreate the LUKS header of the device you derive from (using luksFormat), the volume key changes even if you use the same passphrase(s) and you will not be able to decrypt the derived device with the new LUKS header. * **6.7 Does a backup compromise security?** Depends on how you do it. However if you do not have one, you are going to eventually lose your encrypted data. There are risks introduced by backups. For example if you change/disable a key-slot in LUKS, a binary backup of the partition will still have the old key-slot. To deal with this, you have to be able to change the key-slot on the backup as well, securely erase the backup or do a filesystem-level backup instead of a binary one. If you use dm-crypt, backup is simpler: As there is no key management, the main risk is that you cannot wipe the backup when wiping the original. However wiping the original for dm-crypt should consist of forgetting the passphrase and that you can do without actual access to the backup. In both cases, there is an additional (usually small) risk with binary backups: An attacker can see how many sectors and which ones have been changed since the backup. To prevent this, use a filesystem level backup method that encrypts the whole backup in one go, e.g. as described above with tar and GnuPG. My personal advice is to use one USB disk (low value data) or three disks (high value data) in rotating order for backups, and either use independent LUKS partitions on them, or use encrypted backup with tar and GnuPG. If you do network-backup or tape-backup, I strongly recommend to go the filesystem backup path with independent encryption, as you typically cannot reliably delete data in these scenarios, especially in a cloud setting. (Well, you can burn the tape if it is under your control...) * **6.8 What happens if I overwrite the start of a LUKS partition or damage the LUKS header or key-slots?** There are two critical components for decryption: The salt values in the key-slot descriptors of the header and the key-slots. For LUKS2 they are a bit better protected. but for LUKS1, these are right in the first sector. If the salt values are overwritten or changed, nothing (in the cryptographically strong sense) can be done to access the data, unless there is a backup of the LUKS header. If a key-slot is damaged, the data can still be read with a different key-slot, if there is a remaining undamaged and used key-slot. Note that in order to make a key-slot completely unrecoverable, changing about 4-6 bits in random locations of its 128kiB size is quite enough. * **6.9 What happens if I (quick) format a LUKS partition?** I have not tried the different ways to do this, but very likely you will have written a new boot-sector, which in turn overwrites the LUKS header, including the salts, making your data permanently irretrievable, unless you have a LUKS header backup. For LUKS2 this may still be recoverable without that header backup, for LUKS1 it is not. You may also damage the key-slots in part or in full. See also last item. * **6.10 How do I recover the volume key from a mapped LUKS1 container?** Note: LUKS2 uses the kernel keyring to store keys and hence this procedure does not work unless you have explicitly disabled the use of the keyring with "--disable-keyring" on opening. This is typically only needed if you managed to damage your LUKS1 header, but the container is still mapped, i.e. "luksOpen"ed. It also helps if you have a mapped container that you forgot or do not know a passphrase for (e.g. on a long running server.) WARNING: Things go wrong, do a full backup before trying this! WARNING: This exposes the volume key of the LUKS1 container. Note that both ways to recreate a LUKS header with the old volume key described below will write the volume key to disk. Unless you are sure you have securely erased it afterwards, e.g. by writing it to an encrypted partition, RAM disk or by erasing the filesystem you wrote it to by a complete overwrite, you should change the volume key afterwards. Changing the volume key requires a full data backup, luksFormat and then restore of the backup. Alternatively the tool cryptsetup-reencrypt from the cryptsetup package can be used to change the volume key (see its man-page), but a full backup is still highly recommended. First, there is a script by Milan that automates the whole process, except generating a new LUKS1 header with the old volume key (it prints the command for that though): https://gitlab.com/cryptsetup/cryptsetup/blob/main/misc/luks-header-from-active You can also do this manually. Here is how: - Get the volume key from the device mapper. This is done by the following command. Substitute c5 for whatever you mapped to: ``` # dmsetup table --target crypt --showkey /dev/mapper/c5 Result: 0 200704 crypt aes-cbc-essiv:sha256 a1704d9715f73a1bb4db581dcacadaf405e700d591e93e2eaade13ba653d0d09 0 7:0 4096 ``` The result is actually one line, wrapped here for clarity. The long hex string is the volume key. - Convert the volume key to a binary file representation. You can do this manually, e.g. with hexedit. You can also use the tool "xxd" from vim like this: ``` echo "a1704d9....53d0d09" | xxd -r -p > ``` - Do a luksFormat to create a new LUKS1 header. NOTE: If your header is intact and you just forgot the passphrase, you can just set a new passphrase, see next sub-item. Unmap the device before you do that (luksClose). Then do ``` cryptsetup luksFormat --volume-key-file= ``` Note that if the container was created with other than the default settings of the cryptsetup version you are using, you need to give additional parameters specifying the deviations. If in doubt, try the script by Milan. It does recover the other parameters as well. Side note: This is the way the decrypt_derived script gets at the volume key. It just omits the conversion and hashes the volume key string. - If the header is intact and you just forgot the passphrase, just set a new passphrase like this: ``` cryptsetup luksAddKey --volume-key-file= ``` You may want to disable the old one afterwards. * **6.11 What does the on-disk structure of dm-crypt look like?** There is none. dm-crypt takes a block device and gives encrypted access to each of its blocks with a key derived from the passphrase given. If you use a cipher different than the default, you have to specify that as a parameter to cryptsetup too. If you want to change the password, you basically have to create a second encrypted device with the new passphrase and copy your data over. On the plus side, if you accidentally overwrite any part of a dm-crypt device, the damage will be limited to the area you overwrote. * **6.12 What does the on-disk structure of LUKS1 look like?** Note: For LUKS2, refer to the LUKS2 document referenced in Item 1.2 A LUKS1 partition consists of a header, followed by 8 key-slot descriptors, followed by 8 key slots, followed by the encrypted data area. Header and key-slot descriptors fill the first 592 bytes. The key-slot size depends on the creation parameters, namely on the number of anti-forensic stripes, key material offset and volume key size. With the default parameters, each key-slot is a bit less than 128kiB in size. Due to sector alignment of the key-slot start, that means the key block 0 is at offset 0x1000-0x20400, key block 1 at offset 0x21000-0x40400, and key block 7 at offset 0xc1000-0xe0400. The space to the next full sector address is padded with zeros. Never used key-slots are filled with what the disk originally contained there, a key-slot removed with "luksRemoveKey" or "luksKillSlot" gets filled with 0xff. Due to 2MiB default alignment, start of the data area for cryptsetup 1.3 and later is at 2MiB, i.e. at 0x200000. For older versions, it is at 0x101000, i.e. at 1'052'672 bytes, i.e. at 1MiB + 4096 bytes from the start of the partition. Incidentally, "luksHeaderBackup" for a LUKS container created with default parameters dumps exactly the first 2MiB (or 1'052'672 bytes for headers created with cryptsetup versions < 1.3) to file and "luksHeaderRestore" restores them. For non-default parameters, you have to figure out placement yourself. "luksDump" helps. See also next item. For the most common non-default settings, namely aes-xts-plain with 512 bit key, the offsets are: 1st keyslot 0x1000-0x3f800, 2nd keyslot 0x40000-0x7e000, 3rd keyslot 0x7e000-0xbd800, ..., and start of bulk data at 0x200000. The exact specification of the format is here: https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification For your convenience, here is the LUKS1 header with hex offsets. NOTE: The spec counts key-slots from 1 to 8, but the cryptsetup tool counts from 0 to 7. The numbers here refer to the cryptsetup numbers. ``` Refers to LUKS1 On-Disk Format Specification Version 1.2.3 LUKS1 header: offset length name data type description ----------------------------------------------------------------------- 0x0000 0x06 magic byte[] 'L','U','K','S', 0xba, 0xbe 0 6 0x0006 0x02 version uint16_t LUKS version 6 3 0x0008 0x20 cipher-name char[] cipher name spec. 8 32 0x0028 0x20 cipher-mode char[] cipher mode spec. 40 32 0x0048 0x20 hash-spec char[] hash spec. 72 32 0x0068 0x04 payload-offset uint32_t bulk data offset in sectors 104 4 (512 bytes per sector) 0x006c 0x04 key-bytes uint32_t number of bytes in key 108 4 0x0070 0x14 mk-digest byte[] volume key checksum 112 20 calculated with PBKDF2 0x0084 0x20 mk-digest-salt byte[] salt for PBKDF2 when 132 32 calculating mk-digest 0x00a4 0x04 mk-digest-iter uint32_t iteration count for PBKDF2 164 4 when calculating mk-digest 0x00a8 0x28 uuid char[] partition UUID 168 40 0x00d0 0x30 key-slot-0 key slot key slot 0 208 48 0x0100 0x30 key-slot-1 key slot key slot 1 256 48 0x0130 0x30 key-slot-2 key slot key slot 2 304 48 0x0160 0x30 key-slot-3 key slot key slot 3 352 48 0x0190 0x30 key-slot-4 key slot key slot 4 400 48 0x01c0 0x30 key-slot-5 key slot key slot 5 448 48 0x01f0 0x30 key-slot-6 key slot key slot 6 496 48 0x0220 0x30 key-slot-7 key slot key slot 7 544 48 Key slot: offset length name data type description ------------------------------------------------------------------------- 0x0000 0x04 active uint32_t key slot enabled/disabled 0 4 0x0004 0x04 iterations uint32_t PBKDF2 iteration count 4 4 0x0008 0x20 salt byte[] PBKDF2 salt 8 32 0x0028 0x04 key-material-offset uint32_t key start sector 40 4 (512 bytes/sector) 0x002c 0x04 stripes uint32_t number of anti-forensic 44 4 stripes ``` * **6.13 What is the smallest possible LUKS1 container?** Note: From cryptsetup 1.3 onwards, alignment is set to 1MB. With modern Linux partitioning tools that also align to 1MB, this will result in alignment to 2k sectors and typical Flash/SSD sectors, which is highly desirable for a number of reasons. Changing the alignment is not recommended. That said, with default parameters, the data area starts at exactly 2MB offset (at 0x101000 for cryptsetup versions before 1.3). The smallest data area you can have is one sector of 512 bytes. Data areas of 0 bytes can be created, but fail on mapping. While you cannot put a filesystem into something this small, it may still be used to contain, for example, key. Note that with current formatting tools, a partition for a container this size will be 3MiB anyways. If you put the LUKS container into a file (via losetup and a loopback device), the file needs to be 2097664 bytes in size, i.e. 2MiB + 512B. The two ways to influence the start of the data area are key-size and alignment. For alignment, you can go down to 1 on the parameter. This will still leave you with a data-area starting at 0x101000, i.e. 1MiB+4096B (default parameters) as alignment will be rounded up to the next multiple of 8 (i.e. 4096 bytes) If in doubt, do a dry-run on a larger file and dump the LUKS header to get actual information. For key-size, you can use 128 bit (e.g. AES-128 with CBC), 256 bit (e.g. AES-256 with CBC) or 512 bit (e.g. AES-256 with XTS mode). You can do 64 bit (e.g. blowfish-64 with CBC), but anything below 128 bit has to be considered insecure today. Example 1 - AES 128 bit with CBC: ``` cryptsetup luksFormat -s 128 --align-payload=8 ``` This results in a data offset of 0x81000, i.e. 516KiB or 528384 bytes. Add one 512 byte sector and the smallest LUKS container size with these parameters is 516KiB + 512B or 528896 bytes. Example 2 - Blowfish 64 bit with CBC (WARNING: insecure): ``` cryptsetup luksFormat -c blowfish -s 64 --align-payload=8 /dev/loop0 ``` This results in a data offset of 0x41000, i.e. 260kiB or 266240 bytes, with a minimal LUKS1 container size of 260kiB + 512B or 266752 bytes. * **6.14 I think this is overly complicated. Is there an alternative?** Not really. Encryption comes at a price. You can use plain dm-crypt to simplify things a bit. It does not allow multiple passphrases, but on the plus side, it has zero on disk description and if you overwrite some part of a plain dm-crypt partition, exactly the overwritten parts are lost (rounded up to full sectors). * **6.15 Can I clone a LUKS container?** You can, but it breaks security, because the cloned container has the same header and hence the same volume key. Even if you change the passphrase(s), the volume key stays the same. That means whoever has access to one of the clones can decrypt them all, completely bypassing the passphrases. While you can use cryptsetup-reencrypt to change the volume key, this is probably more effort than to create separate LUKS containers in the first place. The right way to do this is to first luksFormat the target container, then to clone the contents of the source container, with both containers mapped, i.e. decrypted. You can clone the decrypted contents of a LUKS container in binary mode, although you may run into secondary issues with GUIDs in filesystems, partition tables, RAID-components and the like. These are just the normal problems binary cloning causes. Note that if you need to ship (e.g.) cloned LUKS containers with a default passphrase, that is fine as long as each container was individually created (and hence has its own volume key). In this case, changing the default passphrase will make it secure again. * **6.16 How to convert the printed volume key to a raw one?** A volume key printed via something like: ``` cryptsetup --dump-volume-key luksDump /dev/ >volume-key ``` (i.e. without using `--volume-key-file`), which gives something like: ``` LUKS header information for /dev/ Cipher name: aes Cipher mode: xts-plain64 Payload offset: 32768 UUID: 6e914442-e8b5-4eb5-98c4-5bf0cf17ecad MK bits: 512 MK dump: e0 3f 15 c2 0f e5 80 ab 35 b4 10 03 ae 30 b9 5d 4c 0d 28 9e 1b 0f e3 b0 50 57 ef d4 4d 53 a0 12 b7 4e 43 a1 20 7e c5 02 1f f1 f5 08 04 3c f5 20 a6 0b 23 f6 7b 53 55 aa 22 d8 aa 02 e0 2f d5 04 ``` can be converted to the raw volume key for example via: ``` sed -E -n '/^MK dump:\t/,/^[^\t]/{0,/^MK dump:\t/s/^MK dump://; /^([^\t].*)?$/q; s/\t+//p;};' volume-key | xxd -r -p ``` # 7. Interoperability with other Disk Encryption Tools * **7.1 What is this section about?** Cryptsetup for plain dm-crypt can be used to access a number of on-disk formats created by tools like loop-aes patched into losetup. This sometimes works and sometimes does not. This section collects insights into what works, what does not and where more information is required. Additional information may be found in the mailing-list archives, mentioned at the start of this FAQ document. If you have a solution working that is not yet documented here and think a wider audience may be interested, please email the FAQ maintainer. * **7.2 loop-aes: General observations.** One problem is that there are different versions of losetup around. loop-aes is a patch for losetup. Possible problems and deviations from cryptsetup option syntax include: - Offsets specified in bytes (cryptsetup: 512 byte sectors) - The need to specify an IV offset - Encryption mode needs specifying (e.g. "-c twofish-cbc-plain") - Key size needs specifying (e.g. "-s 128" for 128 bit keys) - Passphrase hash algorithm needs specifying Also note that because plain dm-crypt and loop-aes format does not have metadata, and while the loopAES extension for cryptsetup tries autodetection (see command loopaesOpen), it may not always work. If you still have the old set-up, using a verbosity option (-v) on mapping with the old tool or having a look into the system logs after setup could give you the information you need. Below, there are also some things that worked for somebody. * **7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32** In this case, the main problem seems to be that this variant of losetup takes the offset (-o option) in bytes, while cryptsetup takes it in sectors of 512 bytes each. Example: The losetup command ``` losetup -e twofish -o 2560 /dev/loop0 /dev/sdb1 mount /dev/loop0 mount-point ``` translates to ``` cryptsetup create -c twofish -o 5 --skip 5 e1 /dev/sdb1 mount /dev/mapper/e1 mount-point ``` * **7.4 loop-aes with 160 bit key** This seems to be sometimes used with twofish and blowfish and represents a 160 bit ripemed160 hash output padded to 196 bit key length. It seems the corresponding options for cryptsetup are ``` --cipher twofish-cbc-null -s 192 -h ripemd160:20 ``` * **7.5 loop-aes v1 format OpenSUSE** Apparently this is done by older OpenSUSE distros and stopped working from OpenSUSE 12.1 to 12.2. One user had success with the following: ``` cryptsetup create -c aes -s 128 -h sha256 ``` * **7.6 Kernel encrypted loop device (cryptoloop)** There are a number of different losetup implementations for using encrypted loop devices so getting this to work may need a bit of experimentation. NOTE: Do NOT use this for new containers! Some of the existing implementations are insecure and future support is uncertain. Example for a compatible mapping: ``` losetup -e twofish -N /dev/loop0 /image.img ``` translates to ``` cryptsetup create image_plain /image.img -c twofish-cbc-plain -H plain ``` with the mapping being done to /dev/mapper/image_plain instead of to /dev/loop0. More details: Cipher, mode and password hash (or no hash): ``` -e cipher [-N] => -c cipher-cbc-plain -H plain [-s 256] -e cipher => -c cipher-cbc-plain -H ripemd160 [-s 256] ``` Key size and offsets (losetup: bytes, cryptsetuop: sectors of 512 bytes): ``` -k 128 => -s 128 -o 2560 => -o 5 -p 5 # 2560/512 = 5 ``` There is no replacement for --pass-fd, it has to be emulated using keyfiles, see the cryptsetup man-page. # 8. Issues with Specific Versions of cryptsetup * **8.1 When using the create command for plain dm-crypt with cryptsetup 1.1.x, the mapping is incompatible and my data is not accessible anymore!** With cryptsetup 1.1.x, the distro maintainer can define different default encryption modes. You can check the compiled-in defaults using "cryptsetup --help". Moreover, the plain device default changed because the old IV mode was vulnerable to a watermarking attack. If you are using a plain device and you need a compatible mode, just specify cipher, key size and hash algorithm explicitly. For compatibility with cryptsetup 1.0.x defaults, simple use the following: ``` cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 ``` LUKS stores cipher and mode in the metadata on disk, avoiding this problem. * **8.2 cryptsetup on SLED 10 has problems...** SLED 10 is missing an essential kernel patch for dm-crypt, which is broken in its kernel as a result. There may be a very old version of cryptsetup (1.0.x) provided by SLED, which should also not be used anymore as well. My advice would be to drop SLED 10. * **8.3 Gcrypt 1.6.x and later break Whirlpool** It is the other way round: In gcrypt 1.5.x, Whirlpool is broken and it was fixed in 1.6.0 and later. If you selected whirlpool as hash on creation of a LUKS container, it does not work anymore with the fixed library. This shows one serious risk of using rarely used settings. Note that at the time this FAQ item was written, 1.5.4 was the latest 1.5.x version and it has the flaw, i.e. works with the old Whirlpool version. Possibly later 1.5.x versions will work as well. The only two ways to access older LUKS containers created with Whirlpool are to either decrypt with an old gcrypt version that has the flaw or to use a compatibility feature introduced in cryptsetup 1.6.4 and gcrypt 1.6.1 or later. Version 1.6.0 cannot be used. Steps: - Make at least a header backup or better, refresh your full backup. (You have a full backup, right? See Item 6.1 and following.) - Make sure you have cryptsetup 1.6.4 or later and check the gcrypt version: ``` cryptsetup luksDump --debug | grep backend ``` If gcrypt is at version 1.5.x or before: - Reencrypt the LUKS header with a different hash. (Requires entering all keyslot passphrases. If you do not have all, remove the ones you do not have before.): ``` cryptsetup-reencrypt --keep-key --hash sha256 ``` If gcrypt is at version 1.6.1 or later: - Patch the hash name in the LUKS header from "whirlpool" to "whirlpool_gcryptbug". This activates the broken implementation. The detailed header layout is in Item 6.12 of this FAQ and in the LUKS on-disk format specification. One way to change the hash is with the following command: ``` echo -n -e 'whirlpool_gcryptbug\0' | dd of= bs=1 seek=72 conv=notrunc ``` - You can now open the device again. It is highly advisable to change the hash now with cryptsetup-reencrypt as described above. While you can reencrypt to use the fixed whirlpool, that may not be a good idea as almost nobody seems to use it and hence the long time until the bug was discovered. # 9. The Initrd question * **9.1 My initrd is broken with cryptsetup** That is not nice! However the initrd is supplied by your distribution, not by the cryptsetup project and hence you should complain to them. We cannot really do anything about it. * **9.2 CVE-2016-4484 says cryptsetup is broken!** Not really. It says the initrd in some Debian versions have a behavior that under some very special and unusual conditions may be considered a vulnerability. What happens is that you can trick the initrd to go to a rescue-shell if you enter the LUKS password wrongly in a specific way. But falling back to a rescue shell on initrd errors is a sensible default behavior in the first place. It gives you about as much access as booting a rescue system from CD or USB-Stick or as removing the disk would give you. So this only applies when an attacker has physical access, but cannot boot anything else or remove the disk. These will be rare circumstances indeed, and if you rely on the default distribution initrd to keep you safe under these circumstances, then you have bigger problems than this somewhat expected behavior. The CVE was exaggerated and should not be assigned to upstream cryptsetup in the first place (it is a distro specific initrd issue). It was driven more by a try to make a splash for self-aggrandizement, than by any actual security concerns. Ignore it. * **9.3 How do I do my own initrd with cryptsetup?** Note: The instructions here apply to an initrd in initramfs format, not to an initrd in initrd format. The latter is a filesystem image, not a cpio-archive, and seems to not be widely used anymore. It depends on the distribution. Below, I give a very simple example and step-by-step instructions for Debian. With a bit of work, it should be possible to adapt this to other distributions. Note that the description is pretty general, so if you want to do other things with an initrd it provides a useful starting point for that too. 01) Unpacking an existing initrd to use as template A Linux initrd is in gzip'ed cpio format. To unpack it, use something like this: ``` mkdir tmp; cd tmp; cat ../initrd | gunzip | cpio -id ``` After this, you have the full initrd content in tmp/ 02) Inspecting the init-script The init-script is the only thing the kernel cares about. All activity starts there. Its traditional location is /sbin/init on disk, but /init in an initrd. In an initrd unpacked as above it is tmp/init. While init can be a binary despite usually being called "init script", in Debian the main init on the root partition is a binary, but the init in the initrd (and only that one is called by the kernel) is a script and starts like this: ``` #!/bin/sh .... ``` The "sh" used here is in tmp/bin/sh as just unpacked, and in Debian it currently is a busybox. 03) Creating your own initrd The two examples below should give you most of what is needed. This is tested with LUKS1 and should work with LUKS2 as well. Here is a really minimal example. It does nothing but set up some things and then drop to an interactive shell. It is perfect to try out things that you want to go into the init-script. ``` #!/bin/sh export PATH=/sbin:/bin [ -d /sys ] || mkdir /sys [ -d /proc ] || mkdir /proc [ -d /tmp ] || mkdir /tmp mount -t sysfs -o nodev,noexec,nosuid sysfs /sys mount -t proc -o nodev,noexec,nosuid proc /proc echo "initrd is running, starting BusyBox..." exec /bin/sh --login ``` Here is an example that opens the first LUKS-partition it finds with the hard-coded password "test2" and then mounts it as root-filesystem. This is intended to be used on an USB-stick that after boot goes into a safe, as it contains the LUKS-passphrase in plain text and is not secure to be left in the system. The script contains debug-output that should make it easier to see what is going on. Note that the final hand-over to the init on the encrypted root-partition is done by "exec switch_root /mnt/root /sbin/init", after mounting the decrypted LUKS container with "mount /dev/mapper/c1 /mnt/root". The second argument of switch_root is relative to the first argument, i.e. the init started with this command is really /mnt/sbin/init before switch_root runs. ``` #!/bin/sh export PATH=/sbin:/bin [ -d /sys ] || mkdir /sys [ -d /proc ] || mkdir /proc [ -d /tmp ] || mkdir /tmp mount -t sysfs -o nodev,noexec,nosuid sysfs /sys mount -t proc -o nodev,noexec,nosuid proc /proc echo "detecting LUKS containers in sda1-10, sdb1-10"; sleep 1 for i in a b do for j in 1 2 3 4 5 6 7 8 9 10 do sleep 0.5 d="/dev/sd"$i""$j echo -n $d cryptsetup isLuks $d >/dev/null 2>&1 r=$? echo -n " result: "$r"" # 0 = is LUKS, 1 = is not LUKS, 4 = other error if expr $r = 0 > /dev/null then echo " is LUKS, attempting unlock" echo -n "test2" | cryptsetup luksOpen --key-file=- $d c1 r=$? echo " result of unlock attempt: "$r"" sleep 2 if expr $r = 0 > /dev/null then echo "*** LUKS partition unlocked, switching root *** echo " (waiting 30 seconds before doing that)" mount /dev/mapper/c1 /mnt/root sleep 30 exec switch_root /mnt/root /sbin/init fi else echo " is not LUKS" fi done done echo "FAIL finding root on LUKS, loading BusyBox..."; sleep 5 exec /bin/sh --login ``` 04) What if I want a binary in the initrd, but libraries are missing? That is a bit tricky. One option is to compile statically, but that does not work for everything. Debian puts some libraries into lib/ and lib64/ which are usually enough. If you need more, you can add the libraries you need there. That may or may not need a configuration change for the dynamic linker "ld" as well. Refer to standard Linux documentation on how to add a library to a Linux system. A running initrd is just a running Linux system after all, it is not special in any way. 05) How do I repack the initrd? Simply repack the changed directory. While in tmp/, do the following: ``` find . | cpio --create --format='newc' | gzip > ../new_initrd ``` Rename "new_initrd" to however you want it called (the name of the initrd is a kernel-parameter) and move to /boot. That is it. # 10. LUKS2 Questions * **10.1 Is the cryptography of LUKS2 different?** Mostly not. The header has changed in its structure, but the cryptography is the same. The one exception is that PBKDF2 has been replaced by Argon2 to give better resilience against attacks by graphics cards and other hardware with lots of computing power but limited local memory per computing element. * **10.2 What new features does LUKS2 have?** There are quite a few. I recommend reading the man-page and the on-disk format specification, see Item 1.2. To list just some: - A lot of the metadata is JSON, allowing for easier extension - Max 32 key-slots per default - Better protection for bad passphrases now available with Argon2 - Authenticated encryption - The LUKS2 header is less vulnerable to corruption and has a 2nd copy * **10.3 Why does LUKS2 need so much memory?** LUKS2 uses Argon2 instead of PBKDF2. That causes the increase in memory. See next item. * **10.4 Why use Argon2 in LUKS 2 instead of PBKDF2?** LUKS tries to be secure with not-so-good passwords. Bad passwords need to be protected in some way against an attacker that just tries all possible combinations. (For good passwords, you can just wait for the attacker to die of old age...) The situation with LUKS is not quite the same as with a password stored in a database, but there are similarities. LUKS does not store passwords on disk. Instead, the passwords are used to decrypt the volume-key with it and that one is stored on disk in encrypted form. If you have a good password, with, say, more than 80 bits of entropy, you could just put the password through a single crypto-hash (to turn it into something that can be used as a key) and that would be secure. This is what plain dm-crypt does. If the password has lower entropy, you want to make this process cost some effort, so that each try takes time and resources and slows the attacker down. LUKS1 uses PBKDF2 for that, adding an iteration count and a salt. The iteration count is per default set to that it takes 1 second per try on the CPU of the device where the respective passphrase was set. The salt is there to prevent precomputation. The problem with that is that if you use a graphics card, you can massively speed up these computations as PBKDF2 needs very little memory to compute it. A graphics card is (grossly simplified) a mass of small CPUs with some small very fast local memory per CPU and a large slow memory (the 4/6/8 GB a current card may have). If you can keep a computation in the small, CPU-local memory, you can gain a speed factor of 1000 or more when trying passwords with PBKDF2. Argon2 was created to address this problem. It adds a "large memory property" where computing the result with less memory than the memory parameter requires is massively (exponentially) slowed down. That means, if you set, for example, 4GB of memory, computing Argon2 on a graphics card with around 100kB of memory per "CPU" makes no sense at all because it is far too slow. An attacker has hence to use real CPUs and furthermore is limited by main memory bandwidth. Hence the large amount of memory used is a security feature and should not be turned off or reduced. If you really (!) understand what you are doing and can assure good passwords, you can either go back to PBKDF2 or set a low amount of memory used for Argon2 when creating the header. * **10.5 LUKS2 is insecure! It uses less memory than the Argon2 RFC say!** Well, not really. The RFC recommends 6GiB of memory for use with disk encryption. That is a bit insane and something clearly went wrong in the standardization process here. First, that makes Argon2 unusable on any 32 bit Linux and that is clearly a bad thing. Second, there are many small Linux devices around that do not have 6GiB of RAM in the first place. For example, the current Raspberry Pi has 1GB, 2GB or 4GB of RAM, and with the RFC recommendations, none of these could compute Argon2 hashes. Hence LUKS2 uses a more real-world approach. Iteration is set to a minimum of 4 because there are some theoretical attacks that work up to an iteration count of 3. The thread parameter is set to 4. To achieve 2 second/slot unlock time, LUKS2 adjusts the memory parameter down if needed. In the other direction, it will respect available memory and not exceed it. On a current PC, the memory parameter will be somewhere around 1GB, which should be quite generous. The minimum I was able to set in an experiment with "-i 1" was 400kB of memory and that is too low to be secure. A Raspberry Pi would probably end up somewhere around 50MB (have not tried it) and that should still be plenty. That said, if you have a good, high-entropy passphrase, LUKS2 is secure with any memory parameter. * **10.6 How does re-encryption store data while it is running?** All metadata necessary to perform a recovery of said segment (in case of crash) is stored in the LUKS2 metadata area. No matter if the LUKS2 reencryption was run in online or offline mode. * **10.7 What do I do if re-encryption crashes?** In case of a reencryption application crash, try to close the original device via following command first: ``` cryptsetup close . ``` Cryptsetup assesses if it's safe to teardown the reencryption device stack or not. It will also cut off I/O (via dm-error mapping) to current hotzone segment (to make later recovery possible). If it can't be torn down, i.e. due to a mounted fs, you must unmount the filesystem first. Never try to tear down reencryption dm devices manually using e.g. dmsetup tool, at least not unless cryptsetup says it's safe to do so. It could damage the data beyond repair. * **10.8 Do I need to enter two passphrases to recover a crashed re-encryption?** Cryptsetup (command line utility) expects the passphrases to be identical for the keyslot containing old volume key and for the keyslot containing new one. So the recovery happens during normal the "cryptsetup open" operation or the equivalent during boot. Re-encryption recovery can be also performed in offline mode by the "cryptsetup repair" command. * **10.9 What is an unbound keyslot and what is it used for?** Quite simply, an 'unbound key' is an independent 'key' stored in a luks2 keyslot that cannot be used to unlock a LUKS2 data device. More specifically, an 'unbound key' or 'unbound luks2 keyslot' contains a secret that is not currently associated with any data/crypt segment (encrypted area) in the LUKS2 'Segments' section (displayed by luksDump). This is a bit of a more general idea. It basically allows one to use a keyslot as a container for a key to be used in other things than decrypting a data segment. As of April 2020, the following uses are defined: 1) LUKS2 re-encryption. The new volume key is stored in an unbound keyslot which becomes a regular LUKS2 keyslot later when re-encryption is finished. 2) Somewhat similar is the use with a wrapped key scheme (e.g. with the paes cipher). In this case, the VK (Volume Key) stored in a keyslot is an encrypted binary binary blob. The KEK (Key Encryption Key) for that blob may be refreshed (Note that this KEK is not managed by cryptsetup!) and the binary blob gets changed. The KEK refresh process uses an 'unbound keyslot'. First the future effective VK is placed in the unbound keyslot and later it gets turned into the new real VK (and bound to the respective crypt segment). * **10.10 What about the size of the LUKS2 header**? While the LUKS1 header has a fixed size that is determined by the cipher spec (see Item 6.12), LUKS2 is more variable. The default size is 16MB, but it can be adjusted on creation by using the --luks2-metadata-size and --luks2-keyslots-size options. Refer to the man-page for details. While adjusting the size in an existing LUKS2 container is possible, it is somewhat complicated and risky. My advice is to do a backup, recreate the container with changed parameters and restore that backup. * **10.11 Does LUKS2 store metadata anywhere except in the header?** It does not. But note that if you use the experimental integrity support, there will be an integrity header as well at the start of the data area and things get a bit more complicated. All metadata will still be at the start of the device, nothing gets stored somewhere in the middle or at the end. * **10.12 What is a LUKS2 Token?** A LUKS2 token is an object that describes "how to get a passphrase or key" to unlock particular keyslot. A LUKS2 token is stored as json data in the LUKS2 header. The token can be related to all keyslots or a specific one. As the token is stored in JSON formay it is text by default but binary data can be encoded into it according to the JSON conventions. Documentation on the last changes to LUKS2 tokens can be found in the release notes. As of version 2.4 of cryptsetup, there are significant features. The standard documentation for working with tokens is in the luks2 reference available as PDF on the project page. # 11. References and Further Reading * **Purpose of this Section** The purpose of this section is to collect references to all materials that do not fit the FAQ but are relevant in some fashion. This can be core topics like the LUKS spec or disk encryption, but it can also be more tangential, like secure storage management or cryptography used in LUKS. It should still have relevance to cryptsetup and its applications. If you want to see something added here, send email to the maintainer (or the cryptsetup mailing list) giving an URL, a description (1-3 lines preferred) and a section to put it in. You can also propose new sections. At this time I would like to limit the references to things that are available on the web. * **Specifications** - LUKS on-disk format spec: See Item 1.2 * **Other Documentation** - Arch Linux on LUKS, LVM and full-disk encryption: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system * **Code Examples** - Some code examples are in the source package under docs/examples - LUKS AF Splitter in Ruby by John Lane: https://rubygems.org/gems/afsplitter * **Brute-forcing passphrases** - http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html - https://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes * **Tools** * **SSD and Flash Disk Related** * **Disk Encryption** * **Attacks Against Disk Encryption** * **Risk Management as Relevant for Disk Encryption** * **Cryptography** * **Secure Storage** # A. Contributors In no particular order: - Arno Wagner - Milan Broz ___ cryptsetup-2.8.0/Makefile.am000066400000000000000000000042701502645201100157760ustar00rootroot00000000000000EXTRA_DIST = README.md SECURITY.md README.licensing CONTRIBUTING.md FAQ.md docs misc autogen.sh EXTRA_DIST += meson_options.txt \ meson.build \ lib/crypto_backend/argon2/meson.build \ lib/crypto_backend/meson.build \ lib/meson.build \ man/meson.build \ po/meson.build \ scripts/meson.build \ src/meson.build \ tests/meson.build \ tokens/meson.build \ tokens/ssh/meson.build SUBDIRS = po tests tests/fuzz CLEANFILES = DISTCLEAN_TARGETS = AM_CPPFLAGS = \ -include config.h \ -I$(top_srcdir)/lib \ -DDATADIR=\""$(datadir)"\" \ -DLOCALEDIR=\""$(datadir)/locale"\" \ -DLIBDIR=\""$(libdir)"\" \ -DPREFIX=\""$(prefix)"\" \ -DSYSCONFDIR=\""$(sysconfdir)"\" \ -DVERSION=\""$(VERSION)"\" \ -DEXTERNAL_LUKS2_TOKENS_PATH=\"${EXTERNAL_LUKS2_TOKENS_PATH}\" AM_CFLAGS = -Wall AM_CXXFLAGS = -Wall AM_LDFLAGS = if ENABLE_FUZZ_TARGETS AM_CFLAGS += -fsanitize=fuzzer-no-link AM_CXXFLAGS += -fsanitize=fuzzer-no-link endif LDADD = $(LTLIBINTL) tmpfilesddir = @DEFAULT_TMPFILESDIR@ include_HEADERS = lib_LTLIBRARIES = noinst_LTLIBRARIES = sbin_PROGRAMS = man8_MANS = tmpfilesd_DATA = pkgconfig_DATA = dist_noinst_DATA = include man/Makemodule.am include scripts/Makemodule.am if CRYPTO_INTERNAL_ARGON2 include lib/crypto_backend/argon2/Makemodule.am endif include lib/crypto_backend/Makemodule.am include lib/Makemodule.am include src/Makemodule.am include tokens/Makemodule.am ACLOCAL_AMFLAGS = -I m4 DISTCHECK_CONFIGURE_FLAGS = \ --with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \ --enable-internal-argon2 --enable-internal-sse-argon2 \ --enable-external-tokens --enable-ssh-token --enable-asciidoc distclean-local: -find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f rm -rf autom4te.cache clean-local: -rm -rf docs/doxygen_api_docs libargon2.la install-data-local: $(MKDIR_P) -m 0755 $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH} uninstall-local: rmdir $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH} 2>/dev/null || : check-programs: libcryptsetup.la $(MAKE) -C tests $@ if ENABLE_FUZZ_TARGETS fuzz-targets: libcryptsetup.la libcrypto_backend.la $(MAKE) -C tests/fuzz $@ endif cryptsetup-2.8.0/README.licensing000066400000000000000000000013601502645201100165710ustar00rootroot00000000000000The cryptsetup project does not use the same license for all of the code and documentation. There is code and documentation under: * GPL-2.0-or-later - GNU General Public License version 2, or any later version * LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception * LGPL-2.1-or-later - GNU Lesser General Public License 2.1 or any later version, (with cryptsetup-OpenSSL-exception where applicable) * Apache-2.0 - Apache License 2.0 * CC-BY-SA-4.0 - Creative Commons Attribution Share Alike 4.0 International * Public Domain Please, check the source code for more details. The ./COPYING file (GPL-2.0-or-later) is the default license for code without an explicitly defined license. cryptsetup-2.8.0/README.md000066400000000000000000000144751502645201100152310ustar00rootroot00000000000000![LUKS logo](https://gitlab.com/cryptsetup/cryptsetup/wikis/luks-logo.png) What the ...? ============= **Cryptsetup** is an open-source utility used to conveniently set up disk encryption based on the [dm-crypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module. These formats are supported: * **plain** volumes, * **LUKS** volumes, * **loop-AES**, * **TrueCrypt** (including **VeraCrypt** extension), * **BitLocker**, and * **FileVault2**. The project also includes a **veritysetup** utility used to conveniently setup [dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) block integrity checking kernel module and **integritysetup** to setup [dm-integrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity) block integrity kernel module. LUKS Design ----------- **LUKS** is the standard for Linux disk encryption. By providing a standardized on-disk format, it not only facilitate compatibility among distributions, but also enables secure management of multiple user passwords. LUKS stores all necessary setup information in the partition header, which enables users to transport or migrate data seamlessly. ### Specification and documentation * The latest version of the [LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs). * The latest version of the [LUKS1 format specification](https://cdn.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf). * [Project home page](https://gitlab.com/cryptsetup/cryptsetup/). * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) Download -------- Release notes and tarballs are available at [kernel.org](https://cdn.kernel.org/pub/linux/utils/cryptsetup/). **The latest stable cryptsetup release version is 2.8.0** * [cryptsetup-2.8.0.tar.xz](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-2.8.0.tar.xz) * Signature [cryptsetup-2.8.0.tar.sign](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/cryptsetup-2.8.0.tar.sign) _(You need to decompress file first to check signature.)_ * [Cryptsetup 2.8.0 Release Notes](https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes). [Previous versions](https://cdn.kernel.org/pub/linux/utils/cryptsetup) Source and API documentation ---------------------------- For development version code, please refer to the [source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page, with mirrors at [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) and [GitHub](https://github.com/mbroz/cryptsetup). For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page. NLS PO files are maintained by [TranslationProject](https://translationproject.org/domain/cryptsetup.html). Required packages ----------------- All major Linux distributions provide cryptsetup as a bundled package. If you need to compile cryptsetup yourself, various additional packages are required. Any distribution-specific build tools are preferred when manually configuring cryptsetup. Below are the packages needed to build for certain Linux distributions: **For Fedora**: ``` git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar Optionally: libargon2-devel libpwquality-devel ``` To run the internal testsuite (make check) you also need to install ``` sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass ``` **For Debian and Ubuntu**: ``` git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev tar Optionally: libargon2-0-dev libpwquality-dev ``` To run the internal testsuite (make check) you also need to install ``` sharutils dmsetup jq xxd expect keyutils netcat-openbsd passwd openssh-client sshpass ``` Note that the list may change as Linux distributions evolve. Compilation ----------- The cryptsetup project uses **automake** and **autoconf** system to generate all files needed to build. When building from a git snapshot,, use **./autogen.sh && ./configure && make** to compile the project. When building from a release **tar.xz** tarball, the configure script is pre-generated (no need to run **autoconf.sh**). See **./configure --help** and use the **--disable-[feature]** and **--enable-[feature]** options. To run the test suite that come with the project, type **make check**. Note that most tests will need root user privileges and will run dangerous storage failure simulations. Do **not** run tests with root privilege on production systems! Some tests will need the **scsi_debug** kernel module to be installed. For more details, please refer to the [automake](https://www.gnu.org/software/automake/manual/automake.html) and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) documentation. Help! ----- ### Documentation Please read the following before posting questions to the mailing list so that you can ask better questions and better understand answers. * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions), * [LUKS Specifications](#specification-and-documentation), and * manuals (aka man page, man pages, man-page) The FAQ is available online and in the source code for the project. The specifications are referenced above in this document. The man pages live within the source tree and should be available after installation using standard man commands, e.g. **man cryptsetup**. ### Mailing List For cryptsetup and LUKS related questions, please use the cryptsetup mailing list [cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev), hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html). To subscribe send an empty email message to [cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev). You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/). USEnet News (NNTP), Atom feed and git access to the public inbox is available through [lore.kernel.org](https://lore.kernel.org) service. The former **dm-crypt** [list archive](https://lore.kernel.org/dm-crypt/) is also available. cryptsetup-2.8.0/SECURITY.md000066400000000000000000000007521502645201100155340ustar00rootroot00000000000000# Reporting a Security Bug in cryptsetup project If you think you have discovered a security issue, please report it through the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues) as a confidential issue (select confidential checkbox). An alternative is to send PGP encrypted mail to the cryptsetup maintainer. Current maintainer is [Milan Broz](mailto:gmazyland@gmail.com), use PGP key with fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC. cryptsetup-2.8.0/autogen.sh000077500000000000000000000041141502645201100157400ustar00rootroot00000000000000#!/bin/sh # Run this to generate all the initial makefiles, etc. srcdir=`dirname $0` PKG_NAME="cryptsetup" DIE=0 (autopoint --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have autopoint installed." echo "Download the appropriate package for your distribution." DIE=1 } (msgfmt --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Warning**: You should have gettext installed." echo "Download the appropriate package for your distribution." echo "To disable translation, you can also use --disable-nls" echo "configure option." } (autoconf --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have autoconf installed." echo "Download the appropriate package for your distribution." DIE=1 } (grep "^LT_INIT" $srcdir/configure.ac >/dev/null) && { (libtoolize --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have libtoolize installed." echo "Download the appropriate package for your distribution." DIE=1 } } (automake --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: You must have automake installed." echo "Download the appropriate package for your distribution." DIE=1 NO_AUTOMAKE=yes } # if no automake, don't bother testing for aclocal test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { echo echo "**Error**: Missing aclocal. The version of automake" echo "installed doesn't appear recent enough." DIE=1 } if test "$DIE" -eq 1; then exit 1 fi echo echo "Generate build-system by:" echo " autopoint: $(autopoint --version | head -1)" echo " aclocal: $(aclocal --version | head -1)" echo " autoconf: $(autoconf --version | head -1)" echo " automake: $(automake --version | head -1)" echo " libtoolize: $(libtoolize --version | head -1)" echo set -e autopoint --force $AP_OPTS libtoolize --force --copy aclocal -I m4 $AL_OPTS autoheader $AH_OPTS automake --force-missing --add-missing --copy --gnu $AM_OPTS autoconf $AC_OPTS echo echo "Now type '$srcdir/configure' and 'make' to compile." echo cryptsetup-2.8.0/configure.ac000066400000000000000000000754101502645201100162340ustar00rootroot00000000000000AC_PREREQ([2.67]) AC_INIT([cryptsetup],[2.8.0]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) LIBCRYPTSETUP_VERSION_INFO=23:0:11 AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR(src/cryptsetup.c) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.h.in]) # We do not want to run test in parallel. Really. # http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html # For old automake use this #AM_INIT_AUTOMAKE(dist-xz subdir-objects) AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign]) if test "x$prefix" = "xNONE"; then sysconfdir=/etc fi AC_PREFIX_DEFAULT(/usr) AC_CANONICAL_HOST AC_USE_SYSTEM_EXTENSIONS AC_PROG_CC AM_PROG_CC_C_O AC_PROG_CPP AC_PROG_CXX AC_PROG_INSTALL AC_PROG_MAKE_SET AC_PROG_MKDIR_P AC_ENABLE_STATIC(no) LT_INIT PKG_PROG_PKG_CONFIG dnl ========================================================================== dnl define PKG_CHECK_VAR for old pkg-config <= 0.28 m4_ifndef([AS_VAR_COPY], [m4_define([AS_VAR_COPY], [AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])]) ]) m4_ifndef([PKG_CHECK_VAR], [ AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config]) _PKG_CONFIG([$1], [variable="][$3]["], [$2]) AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4]) ]) ]) dnl ========================================================================== dnl AsciiDoc manual pages AC_ARG_ENABLE([asciidoc], AS_HELP_STRING([--disable-asciidoc], [do not generate man pages from asciidoc]), [], [enable_asciidoc=yes] ) AC_PATH_PROG([ASCIIDOCTOR], [asciidoctor]) if test "x$enable_asciidoc" = xyes -a "x$ASCIIDOCTOR" = x; then AC_MSG_ERROR([Building man pages requires asciidoctor installed.]) fi AM_CONDITIONAL([ENABLE_ASCIIDOC], [test "x$enable_asciidoc" = xyes]) have_manpages=no AS_IF([test -f "$srcdir/man/cryptsetup-open.8"], [ AC_MSG_NOTICE([re-use already generated man-pages.]) have_manpages=yes] ) AM_CONDITIONAL([HAVE_MANPAGES], [test "x$have_manpages" = xyes]) dnl ========================================================================== AC_C_RESTRICT AC_HEADER_DIRENT AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h uchar.h sys/ioctl.h sys/mman.h \ sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h) AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])], [[ #ifdef HAVE_FCNTL_H # include #endif ]]) AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])]) AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])]) AC_ARG_ENABLE([keyring], AS_HELP_STRING([--disable-keyring], [disable kernel keyring support and builtin kernel keyring token]), [], [enable_keyring=yes]) if test "x$enable_keyring" = "xyes"; then AC_CHECK_HEADERS(linux/keyctl.h,,[AC_MSG_ERROR([You need Linux kernel headers with kernel keyring service compiled.])]) dnl ========================================================================== dnl check whether kernel is compiled with kernel keyring service syscalls AC_CHECK_DECL(__NR_add_key,,[AC_MSG_ERROR([The kernel is missing add_key syscall.])], [#include ]) AC_CHECK_DECL(__NR_keyctl,,[AC_MSG_ERROR([The kernel is missing keyctl syscall.])], [#include ]) AC_CHECK_DECL(__NR_request_key,,[AC_MSG_ERROR([The kernel is missing request_key syscall.])], [#include ]) dnl ========================================================================== dnl check that key_serial_t hasn't been adopted yet in stdlib AC_CHECK_TYPES([key_serial_t], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_LINUX_KEYCTL_H # include #endif ]) AC_DEFINE(KERNEL_KEYRING, 1, [Enable kernel keyring service support]) fi AM_CONDITIONAL(KERNEL_KEYRING, test "x$enable_keyring" = "xyes") saved_LIBS=$LIBS AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR([You need the uuid library.])]) AC_SUBST(UUID_LIBS, $LIBS) LIBS=$saved_LIBS AC_SEARCH_LIBS([clock_gettime],[rt posix4]) AC_CHECK_FUNCS([posix_memalign clock_gettime posix_fallocate explicit_bzero]) if test "x$enable_largefile" = "xno"; then AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.]) fi AC_C_BIGENDIAN AC_TYPE_OFF_T AC_SYS_LARGEFILE AC_FUNC_FSEEKO AC_FUNC_STRERROR_R dnl ========================================================================== dnl LUKS2 external tokens AC_ARG_ENABLE([external-tokens], AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]), [], [enable_external_tokens=yes]) if test "x$enable_external_tokens" = "xyes"; then AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens]) dnl we need dynamic library loading here saved_LIBS=$LIBS AC_SEARCH_LIBS([dlsym],[dl]) AC_CHECK_FUNCS([dlvsym]) AC_SUBST(DL_LIBS, $LIBS) LIBS=$saved_LIBS fi AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes") AC_ARG_ENABLE([ssh-token], AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]), [], [enable_ssh_token=yes]) AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes") if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.]) fi dnl LUKS2 online reencryption AC_ARG_ENABLE([luks2-reencryption], AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]), [], [enable_luks2_reencryption=yes]) if test "x$enable_luks2_reencryption" = "xyes"; then AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension]) fi dnl ========================================================================== AM_GNU_GETTEXT([external],[need-ngettext]) AM_GNU_GETTEXT_VERSION([0.18.3]) dnl ========================================================================== saved_LIBS=$LIBS AC_CHECK_LIB(popt, poptConfigFileToString,, [AC_MSG_ERROR([You need popt 1.7 or newer to compile.])]) AC_SUBST(POPT_LIBS, $LIBS) LIBS=$saved_LIBS dnl ========================================================================== dnl FIPS extensions AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips], [enable FIPS mode restrictions])) if test "x$enable_fips" = "xyes"; then AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions]) if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then AC_MSG_ERROR([Static build is not compatible with FIPS.]) fi fi AC_DEFUN([NO_FIPS], [ if test "x$enable_fips" = "xyes"; then AC_MSG_ERROR([This option is not compatible with FIPS.]) fi ]) dnl ========================================================================== dnl pwquality library (cryptsetup CLI only) AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality], [enable password quality checking using pwquality library])) if test "x$enable_pwquality" = "xyes"; then AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking using pwquality library]) PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],, AC_MSG_ERROR([You need pwquality library.])) dnl FIXME: this is really hack for now PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz" fi dnl ========================================================================== dnl fuzzers, it requires own static library compilation later AC_ARG_ENABLE([fuzz-targets], AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets])) AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes") if test "x$enable_fuzz_targets" = "xyes"; then AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],, AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror]) fi dnl ========================================================================== dnl passwdqc library (cryptsetup CLI only) AC_ARG_ENABLE([passwdqc], AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@], [enable password quality checking using passwdqc library (optionally with CONFIG_PATH)])) case "$enable_passwdqc" in ""|yes|no) use_passwdqc_config="" ;; /*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;; *) AC_MSG_ERROR([Unrecognized --enable-passwdqc parameter.]) ;; esac AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc library config file]) if test "x$enable_passwdqc" = "xyes"; then AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library]) saved_LIBS="$LIBS" AC_SEARCH_LIBS([passwdqc_check], [passwdqc]) case "$ac_cv_search_passwdqc_check" in no) AC_MSG_ERROR([failed to find passwdqc_check]) ;; -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;; *) PASSWDQC_LIBS= ;; esac AC_CHECK_FUNCS([passwdqc_params_free]) LIBS="$saved_LIBS" fi if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then AC_MSG_ERROR([--enable-pwquality and --enable-passwdqc are mutually incompatible.]) fi dnl ========================================================================== dnl Crypto backend functions AC_DEFUN([CONFIGURE_GCRYPT], [ if test "x$enable_fips" = "xyes"; then GCRYPT_REQ_VERSION=1.4.5 else GCRYPT_REQ_VERSION=1.1.42 fi use_internal_pbkdf2=0 use_internal_argon2=1 dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here. dnl Do not require gcrypt-devel if other crypto backend is used. m4_ifdef([AM_PATH_LIBGCRYPT],[ AC_ARG_ENABLE([gcrypt-pbkdf2], dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password) AS_HELP_STRING([--enable-gcrypt-pbkdf2], [force enable internal gcrypt PBKDF2]), if test "x$enableval" = "xyes"; then [use_internal_pbkdf2=0] else [use_internal_pbkdf2=1] fi, [AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])]) AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])], AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.])) AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in]) if test $use_internal_pbkdf2 = 0; then AC_MSG_RESULT([no]) else AC_MSG_RESULT([yes]) NO_FIPS([]) fi m4_ifdef([AM_PATH_LIBGCRYPT],[ AC_ARG_ENABLE([gcrypt-argon2], dnl Check if we can use gcrypt Argon2 (1.11.0 supports empty password) AS_HELP_STRING([--disable-gcrypt-argon2], [force disable internal gcrypt Argon2]), [], [AM_PATH_LIBGCRYPT([1.11.0], [use_internal_argon2=0], [use_internal_argon2=1])]) AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])], AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.])) AC_MSG_CHECKING([if internal cryptsetup Argon2 is compiled-in]) if test $use_internal_argon2 = 0; then AC_MSG_RESULT([no]) else AC_MSG_RESULT([yes]) fi AC_CHECK_DECLS([GCRY_CIPHER_MODE_XTS], [], [], [#include ]) AC_CHECK_DECLS([GCRY_KDF_ARGON2], [], [], [#include ]) if test "x$enable_static_cryptsetup" = "xyes"; then saved_LIBS=$LIBS LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static" AC_CHECK_LIB(gcrypt, gcry_check_version,, AC_MSG_ERROR([Cannot find static gcrypt library.]), [-lgpg-error]) LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error" LIBS=$saved_LIBS fi CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS CRYPTO_LIBS=$LIBGCRYPT_LIBS CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version]) ]) AC_DEFUN([CONFIGURE_OPENSSL], [ PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 0.9.8],, AC_MSG_ERROR([You need openssl library.])) CRYPTO_CFLAGS=$LIBCRYPTO_CFLAGS CRYPTO_LIBS=$LIBCRYPTO_LIBS use_internal_pbkdf2=0 use_internal_argon2=1 if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" PKG_CHECK_MODULES([LIBCRYPTO_STATIC], [libcrypto]) CRYPTO_STATIC_LIBS=$LIBCRYPTO_STATIC_LIBS PKG_CONFIG=$saved_PKG_CONFIG fi saved_LIBS=$LIBS AC_CHECK_DECLS([OSSL_get_max_threads], [], [], [#include ]) AC_CHECK_DECLS([OSSL_KDF_PARAM_ARGON2_VERSION], [use_internal_argon2=0], [], [#include ]) LIBS=$saved_LIBS ]) AC_DEFUN([CONFIGURE_NSS], [ if test "x$enable_static_cryptsetup" = "xyes"; then AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.]) fi AC_MSG_WARN([NSS backend does NOT provide backward compatibility (missing ripemd160 hash).]) PKG_CHECK_MODULES([NSS], [nss],, AC_MSG_ERROR([You need nss library.])) saved_CFLAGS=$CFLAGS CFLAGS="$CFLAGS $NSS_CFLAGS" AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include ]) CFLAGS=$saved_CFLAGS CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_LIBS=$NSS_LIBS use_internal_pbkdf2=1 use_internal_argon2=1 NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_KERNEL], [ AC_CHECK_HEADERS(linux/if_alg.h,, [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])]) # AC_CHECK_DECLS([AF_ALG],, # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [#include ]) use_internal_pbkdf2=1 use_internal_argon2=1 NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_NETTLE], [ AC_CHECK_HEADERS(nettle/sha.h,, [AC_MSG_ERROR([You need Nettle cryptographic library.])]) AC_CHECK_HEADERS(nettle/version.h) saved_LIBS=$LIBS AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,, [AC_MSG_ERROR([You need Nettle library version 2.6 or more recent.])]) CRYPTO_LIBS=$LIBS LIBS=$saved_LIBS CRYPTO_STATIC_LIBS=$CRYPTO_LIBS use_internal_pbkdf2=0 use_internal_argon2=1 NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_MBEDTLS], [ AC_CHECK_HEADERS(mbedtls/version.h,, [AC_MSG_ERROR([You need mbedTLS cryptographic library.])]) saved_LIBS=$LIBS AC_CHECK_LIB(mbedcrypto, mbedtls_md_init,, [AC_MSG_ERROR([You need mbedTLS cryptographic library.])]) AC_CHECK_FUNCS(mbedtls_pkcs5_pbkdf2_hmac_ext) CRYPTO_LIBS=$LIBS LIBS=$saved_LIBS CRYPTO_STATIC_LIBS=$CRYPTO_LIBS use_internal_pbkdf2=0 use_internal_argon2=1 NO_FIPS([]) ]) dnl ========================================================================== saved_LIBS=$LIBS AC_ARG_ENABLE([static-cryptsetup], AS_HELP_STRING([--enable-static-cryptsetup], [enable build of static version of tools])) if test "x$enable_static_cryptsetup" = "xyes"; then if test "x$enable_static" = "xno"; then AC_MSG_WARN([Requested static cryptsetup build, enabling static library.]) enable_static=yes fi fi AM_CONDITIONAL(STATIC_TOOLS, test "x$enable_static_cryptsetup" = "xyes") AC_ARG_ENABLE([cryptsetup], AS_HELP_STRING([--disable-cryptsetup], [disable cryptsetup support]), [], [enable_cryptsetup=yes]) AM_CONDITIONAL(CRYPTSETUP, test "x$enable_cryptsetup" = "xyes") AC_ARG_ENABLE([veritysetup], AS_HELP_STRING([--disable-veritysetup], [disable veritysetup support]), [], [enable_veritysetup=yes]) AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes") AC_ARG_ENABLE([integritysetup], AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]), [], [enable_integritysetup=yes]) AM_CONDITIONAL(INTEGRITYSETUP, test "x$enable_integritysetup" = "xyes") AC_ARG_ENABLE([selinux], AS_HELP_STRING([--disable-selinux], [disable selinux support [default=auto]]), [], [enable_selinux=yes]) AC_ARG_ENABLE([udev], AS_HELP_STRING([--disable-udev], [disable udev support]), [], [enable_udev=yes]) dnl Try to use pkg-config for devmapper, but fallback to old detection PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [ AC_CHECK_LIB(devmapper, dm_task_set_name,, [AC_MSG_ERROR([You need the device-mapper library.])]) AC_CHECK_LIB(devmapper, dm_task_set_message,, [AC_MSG_ERROR([The device-mapper library on your system is too old.])]) DEVMAPPER_LIBS=$LIBS ]) LIBS=$saved_LIBS LIBS="$LIBS $DEVMAPPER_LIBS" AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include ]) AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include ]) AC_CHECK_DECLS([dm_task_deferred_remove], [], [], [#include ]) AC_CHECK_DECLS([dm_device_has_mounted_fs], [], [], [#include ]) AC_CHECK_DECLS([dm_device_has_holders], [], [], [#include ]) AC_CHECK_DECLS([dm_device_get_name], [], [], [#include ]) AC_CHECK_DECLS([DM_DEVICE_GET_TARGET_VERSION], [], [], [#include ]) AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include ]) if test "x$enable_udev" = xyes; then if test "x$have_cookie" = xno; then AC_MSG_WARN([The device-mapper library on your system has no udev support, udev support disabled.]) else AC_DEFINE(USE_UDEV, 1, [Try to use udev synchronisation?]) fi fi LIBS=$saved_LIBS dnl Check for JSON-C used in LUKS2 PKG_CHECK_MODULES([JSON_C], [json-c]) AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include ]) AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include ]) dnl Check for libssh and argp for SSH plugin if test "x$enable_ssh_token" = "xyes"; then PKG_CHECK_MODULES([LIBSSH], [libssh]) AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include ]) AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.])) saved_LIBS=$LIBS AC_SEARCH_LIBS([argp_parse],[argp]) AC_SUBST(ARGP_LIBS, $LIBS) LIBS=$saved_LIBS fi dnl Crypto backend configuration. AC_ARG_WITH([crypto_backend], AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle/mbedtls) [openssl]]), [], [with_crypto_backend=openssl]) dnl Kernel crypto API backend needed for benchmark and tcrypt AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto], [disable kernel userspace crypto (no benchmark and tcrypt)]), [], [enable_kernel_crypto=yes]) if test "x$enable_kernel_crypto" = "xyes"; then AC_CHECK_HEADERS(linux/if_alg.h,, [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])]) AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto]) fi case $with_crypto_backend in gcrypt) CONFIGURE_GCRYPT([]) ;; openssl) CONFIGURE_OPENSSL([]) ;; nss) CONFIGURE_NSS([]) ;; kernel) CONFIGURE_KERNEL([]) ;; nettle) CONFIGURE_NETTLE([]) ;; mbedtls) CONFIGURE_MBEDTLS([]) ;; *) AC_MSG_ERROR([Unknown crypto backend.]) ;; esac AM_CONDITIONAL(CRYPTO_BACKEND_GCRYPT, test "$with_crypto_backend" = "gcrypt") AM_CONDITIONAL(CRYPTO_BACKEND_OPENSSL, test "$with_crypto_backend" = "openssl") AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test "$with_crypto_backend" = "nss") AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test "$with_crypto_backend" = "kernel") AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test "$with_crypto_backend" = "nettle") AM_CONDITIONAL(CRYPTO_BACKEND_MBEDTLS, test "$with_crypto_backend" = "mbedtls") AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1) AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2]) dnl Argon2 implementation AC_ARG_ENABLE([internal-argon2], AS_HELP_STRING([--disable-internal-argon2], [disable internal implementation of Argon2 PBKDF]), [], [enable_internal_argon2=yes]) AC_ARG_ENABLE([libargon2], AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)])) if test $use_internal_argon2 = 0 || ( test "x$enable_internal_argon2" = "xno" && test "x$enable_libargon2" != "xyes" ); then if test "x$enable_internal_argon2" = "xyes" || test "x$enable_libargon2" = "xyes"; then AC_MSG_NOTICE([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.]) fi enable_internal_argon2=no enable_internal_sse_argon2=no enable_libargon2=no use_internal_argon2=0 elif test "x$enable_libargon2" = "xyes" ; then AC_CHECK_HEADERS(argon2.h,, [AC_MSG_ERROR([You need libargon2 development library installed.])]) AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include ]) PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"]) enable_internal_argon2=no use_internal_argon2=0 else AC_MSG_WARN([Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2.]) AC_ARG_ENABLE([internal-sse-argon2], AS_HELP_STRING([--enable-internal-sse-argon2], [enable internal SSE implementation of Argon2 PBKDF])) if test "x$enable_internal_sse_argon2" = "xyes"; then AC_MSG_CHECKING(if Argon2 SSE optimization can be used) AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include __m128i testfunc(__m128i *a, __m128i *b) { return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b)); } ]])],,[enable_internal_sse_argon2=no]) AC_MSG_RESULT($enable_internal_sse_argon2) fi fi AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test "x$enable_internal_argon2" = "xyes") AM_CONDITIONAL(CRYPTO_INTERNAL_SSE_ARGON2, test "x$enable_internal_sse_argon2" = "xyes") dnl If libargon is in use, we have defined HAVE_ARGON2_H AC_DEFINE_UNQUOTED(USE_INTERNAL_ARGON2, [$use_internal_argon2], [Use internal Argon2]) dnl Link with blkid to check for other device types AC_ARG_ENABLE([blkid], AS_HELP_STRING([--disable-blkid], [disable use of blkid for device signature detection and wiping]), [], [enable_blkid=yes]) if test "x$enable_blkid" = "xyes"; then PKG_CHECK_MODULES([BLKID], [blkid],[AC_DEFINE([HAVE_BLKID], 1, [Define to 1 to use blkid for detection of disk signatures.])],[LIBBLKID_LIBS="-lblkid"]) AC_CHECK_HEADERS(blkid/blkid.h,,[AC_MSG_ERROR([You need blkid development library installed.])]) AC_CHECK_DECL([blkid_do_wipe], [ AC_DEFINE([HAVE_BLKID_WIPE], 1, [Define to 1 to use blkid_do_wipe.]) enable_blkid_wipe=yes ],, [#include ]) AC_CHECK_DECL([blkid_probe_step_back], [ AC_DEFINE([HAVE_BLKID_STEP_BACK], 1, [Define to 1 to use blkid_probe_step_back.]) enable_blkid_step_back=yes ],, [#include ]) AC_CHECK_DECLS([ blkid_reset_probe, blkid_probe_set_device, blkid_probe_filter_superblocks_type, blkid_do_safeprobe, blkid_do_probe, blkid_probe_lookup_value ],, [AC_MSG_ERROR([Can not compile with blkid support, disable it by --disable-blkid.])], [#include ]) fi AM_CONDITIONAL(HAVE_BLKID, test "x$enable_blkid" = "xyes") AM_CONDITIONAL(HAVE_BLKID_WIPE, test "x$enable_blkid_wipe" = "xyes") AM_CONDITIONAL(HAVE_BLKID_STEP_BACK, test "x$enable_blkid_step_back" = "xyes") AC_ARG_ENABLE([hw-opal], AS_HELP_STRING([--disable-hw-opal], [disable use of hardware-backed OPAL for device encryption]), [], [enable_hw_opal=yes]) if test "x$enable_hw_opal" = "xyes"; then have_opal=yes AC_CHECK_DECLS([ OPAL_FL_SUM_SUPPORTED, IOC_OPAL_GET_LR_STATUS, IOC_OPAL_GET_GEOMETRY ], [], [have_opal=no], [#include ]) if test "x$have_opal" = "xyes"; then AC_DEFINE([HAVE_HW_OPAL], 1, [Define to 1 to enable OPAL support.]) else AC_MSG_WARN([Can not compile with OPAL support, kernel headers are too old, requires v6.4.]) fi fi dnl Magic for cryptsetup.static build. if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" LIBS="$saved_LIBS -static" AC_CHECK_LIB(popt, poptGetContext,, AC_MSG_ERROR([Cannot find static popt library.])) dnl Try to detect needed device-mapper static libraries, try pkg-config first. LIBS="$saved_LIBS -static" PKG_CHECK_MODULES([DEVMAPPER_STATIC], [devmapper >= 1.02.27],,[ DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS if test "x$enable_selinux" = "xyes"; then AC_CHECK_LIB(sepol, sepol_bool_set) AC_CHECK_LIB(selinux, is_selinux_enabled) DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS" fi ]) LIBS="$saved_LIBS $DEVMAPPER_STATIC_LIBS" AC_CHECK_LIB(devmapper, dm_task_set_uuid,, AC_MSG_ERROR([Cannot link with static device-mapper library.])) dnl Try to detect uuid static library. LIBS="$saved_LIBS -static" AC_CHECK_LIB(uuid, uuid_generate,, AC_MSG_ERROR([Cannot find static uuid library.])) LIBS=$saved_LIBS PKG_CONFIG=$saved_PKG_CONFIG fi dnl Check compiler support for symver function attribute AC_MSG_CHECKING([for symver attribute support]) saved_CFLAGS=$CFLAGS CFLAGS="-O0 -Werror" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ void _test_sym(void); __attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {} ]], [[ _test_sym() ]] )],[ AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], 1, [Define to 1 to use __attribute__((symver))]) AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) ]) CFLAGS=$saved_CFLAGS AC_MSG_CHECKING([for systemd tmpfiles config directory]) PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no]) AC_MSG_RESULT([$systemd_tmpfilesdir]) AC_SUBST([DEVMAPPER_LIBS]) AC_SUBST([DEVMAPPER_STATIC_LIBS]) AC_SUBST([PWQUALITY_LIBS]) AC_SUBST([PWQUALITY_STATIC_LIBS]) AC_SUBST([PASSWDQC_LIBS]) AC_SUBST([CRYPTO_CFLAGS]) AC_SUBST([CRYPTO_LIBS]) AC_SUBST([CRYPTO_STATIC_LIBS]) AC_SUBST([JSON_C_LIBS]) AC_SUBST([LIBARGON2_LIBS]) AC_SUBST([BLKID_LIBS]) AC_SUBST([LIBSSH_LIBS]) AC_SUBST([LIBCRYPTSETUP_VERSION]) AC_SUBST([LIBCRYPTSETUP_VERSION_INFO]) dnl Set Requires.private for libcryptsetup.pc dnl pwquality is used only by tools PKGMODULES="uuid devmapper json-c" case $with_crypto_backend in gcrypt) PKGMODULES="$PKGMODULES libgcrypt" ;; openssl) PKGMODULES="$PKGMODULES openssl" ;; nss) PKGMODULES="$PKGMODULES nss" ;; nettle) PKGMODULES="$PKGMODULES nettle" ;; esac if test "x$enable_libargon2" = "xyes"; then PKGMODULES="$PKGMODULES libargon2" fi if test "x$enable_blkid" = "xyes"; then PKGMODULES="$PKGMODULES blkid" fi AC_SUBST([PKGMODULES]) dnl ========================================================================== AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)])) if test "x$enable_dev_random" = "xyes"; then default_rng=/dev/random else default_rng=/dev/urandom fi AC_DEFINE_UNQUOTED(DEFAULT_RNG, ["$default_rng"], [default RNG type for key generator]) dnl ========================================================================== AC_DEFUN([CS_DEFINE], [AC_DEFINE_UNQUOTED(DEFAULT_[]m4_translit([$1], [-a-z], [_A-Z]), [$2], [$3]) ]) AC_DEFUN([CS_STR_WITH], [AC_ARG_WITH([$1], [AS_HELP_STRING(--with-[$1], [default $2 [$3]])], [CS_DEFINE([$1], ["$withval"], [$2])], [CS_DEFINE([$1], ["$3"], [$2])] )]) AC_DEFUN([CS_NUM_WITH], [AC_ARG_WITH([$1], [AS_HELP_STRING(--with-[$1], [default $2 [$3]])], [CS_DEFINE([$1], [$withval], [$2])], [CS_DEFINE([$1], [$3], [$2])] )]) AC_DEFUN([CS_ABSPATH], [ case "$1" in /*) ;; *) AC_MSG_ERROR([$2 argument must be an absolute path.]);; esac ]) dnl ========================================================================== CS_STR_WITH([plain-hash], [password hashing function for plain mode], [sha256]) CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes]) CS_STR_WITH([plain-mode], [cipher mode for plain mode], [xts-plain64]) CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256]) CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha256]) CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes]) CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [xts-plain64]) CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256]) AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize], [XTS mode requires two keys, double default LUKS keysize if needed]), [], [enable_luks_adjust_xts_keysize=yes]) if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed]) fi CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id]) CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000]) CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000]) CS_NUM_WITH([luks2-memory-kb], [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576]) CS_NUM_WITH([luks2-parallel-threads],[Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)], [4]) CS_STR_WITH([luks2-keyslot-cipher], [fallback cipher for LUKS2 keyslot (if data encryption is incompatible)], [aes-xts-plain64]) CS_NUM_WITH([luks2-keyslot-keybits],[fallback key size for LUKS2 keyslot (if data encryption is incompatible)], [512]) CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes]) CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192]) CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4]) CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512]) CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256]) CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096]) CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096]) CS_NUM_WITH([verity-salt-size], [salt size for verity mode], [32]) CS_NUM_WITH([verity-fec-roots], [parity bytes for verity FEC], [2]) CS_STR_WITH([tmpfilesdir], [override default path to directory with systemd temporary files], []) test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir test "x$with_tmpfilesdir" = "xno" || { CS_ABSPATH([${with_tmpfilesdir}],[with-tmpfilesdir]) DEFAULT_TMPFILESDIR=$with_tmpfilesdir AC_SUBST(DEFAULT_TMPFILESDIR) } AM_CONDITIONAL(CRYPTSETUP_TMPFILE, test -n "$DEFAULT_TMPFILESDIR") CS_STR_WITH([luks2-lock-path], [path to directory for LUKSv2 locks], [/run/cryptsetup]) test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup CS_ABSPATH([${with_luks2_lock_path}],[with-luks2-lock-path]) DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path AC_SUBST(DEFAULT_LUKS2_LOCK_PATH) CS_NUM_WITH([luks2-lock-dir-perms], [default luks2 locking directory permissions], [0700]) test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700 DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS) CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup]) if test -n "$with_luks2_external_tokens_path"; then CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path]) EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path else EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup" fi AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH) dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only). AC_ARG_WITH([default_luks_format], AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]), [], [with_default_luks_format=LUKS2]) case $with_default_luks_format in LUKS1) default_luks=CRYPT_LUKS1 ;; LUKS2) default_luks=CRYPT_LUKS2 ;; *) AC_MSG_ERROR([Unknown default LUKS format. Use LUKS1 or LUKS2 only.]) ;; esac AC_DEFINE_UNQUOTED([DEFAULT_LUKS_FORMAT], [$default_luks], [default LUKS format version]) dnl ========================================================================== AC_CONFIG_FILES([ Makefile lib/libcryptsetup.pc po/Makefile.in scripts/cryptsetup.conf tests/Makefile tests/fuzz/Makefile ]) AC_OUTPUT cryptsetup-2.8.0/docs/000077500000000000000000000000001502645201100146675ustar00rootroot00000000000000cryptsetup-2.8.0/docs/ChangeLog.old000066400000000000000000001045551502645201100172300ustar00rootroot000000000000002012-12-21 Milan Broz * Since version 1.6 This file is no longer maintained. * See version control log http://code.google.com/p/cryptsetup/source/list 2012-10-11 Milan Broz * Added keyslot checker (by Arno Wagner). * Version 1.5.1. 2012-09-11 Milan Broz * Add crypt_keyslot_area() API call. 2012-08-27 Milan Broz * Optimize seek to keyfile-offset (Issue #135, thx to dreisner). * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers. 2012-08-12 Milan Broz * Allocate loop device late (only when real block device needed). * Rework underlying device/file access functions. * Create hash image if doesn't exist in veritysetup format. * Provide better error message if running as non-root user (device-mapper, loop). 2012-07-10 Milan Broz * Version 1.5.0. 2012-06-25 Milan Broz * Add --device-size option for reencryption tool. * Switch to use unit suffix for --reduce-device-size option. * Remove open device debugging feature (no longer needed). * Fix library name for FIPS check. 2012-06-20 Milan Broz * Version 1.5.0-rc2. 2012-06-18 Milan Broz * Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool. * Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID). * Add --test-passphrase option for luksOpen (check passphrase only). 2012-06-11 Milan Broz * Introduce veritysetup for dm-verity target management. * Version 1.5.0-rc1. 2012-06-10 Milan Broz * Both data and header device can now be a file. * Loop is automatically allocated in crypt_set_data_device(). * Require only up to last keyslot area for header device (ignore data offset). * Fix header backup and restore to work on files with large data offset. 2012-05-27 Milan Broz * Fix readonly activation if underlying device is readonly (1.4.0). * Include stddef.h in libdevmapper.h (size_t definition). * Version 1.4.3. 2012-05-21 Milan Broz * Add --enable-fips for linking with fipscheck library. * Initialize binary and library selfcheck if running in FIPS mode. * Use FIPS RNG in FIPS mode for KEY and SALT (only gcrypt backend supported). 2012-05-09 Milan Broz * Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0). * Allow empty cipher (cipher_null) for testing. 2012-05-02 Milan Broz * Fix loop mapping on readonly file. * Relax --shared test, allow mapping even for overlapping segments. * Support shared flag for LUKS devices (dangerous). * Switch on retry on device remove for libdevmapper. * Allow "private" activation (skip some udev global rules) flag. 2012-04-09 Milan Broz * Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0) * Version 1.4.2. 2012-03-16 Milan Broz * Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI. * Add repair command and crypt_repair() for known LUKS metadata problems repair. * Allow one to specify --align-payload only for luksFormat. 2012-03-16 Milan Broz * Unify password verification option. * Support password verification with quiet flag if possible. (1.2.0) * Fix retry if entered passphrases (with verify option) do not match. * Support UUID= format for device specification. 2012-02-11 Milan Broz * Add --master-key-file option to luksOpen (open using volume key). 2012-01-12 Milan Broz * Fix use of empty keyfile. 2011-11-13 Milan Broz * Fix error message for luksClose and detached LUKS header. * Allow --header for status command to get full info with detached header. 2011-11-09 Milan Broz * Version 1.4.1. 2011-11-05 Milan Broz * Merge pycryptsetup (Python libcryptsetup bindings). * Fix stupid typo in set_iteration_time API call. * Fix cryptsetup status output if parameter is device path. 2011-10-27 Milan Broz * Fix crypt_get_volume_key_size() for plain device. * Fix FSF address in license text. 2011-10-25 Milan Broz * Print informative message in isLuks only in verbose mode. * Version 1.4.0. 2011-10-10 Milan Broz * Version 1.4.0-rc1. 2011-10-05 Milan Broz * Support Nettle 2.4 crypto backend (for ripemd160). * If device is not rotational, do not use Gutmann wipe method. * Add crypt_last_error() API call. * Fix luksKillSLot exit code if slot is inactive or invalid. * Fix exit code if passphrases do not match in luksAddKey. * Add LUKS on-disk format description into package. 2011-09-22 Milan Broz * Support key-slot option for luksOpen (use only explicit keyslot). 2011-08-22 Milan Broz * Add more paranoid checks for LUKS header and keyslot attributes. * Fix crypt_load to properly check device size. * Use new /dev/loop-control (kernel 3.1) if possible. * Enhance check of device size before writing LUKS header. * Do not allow context format of already formatted device. 2011-07-25 Milan Broz * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final. * Improve check for invalid offset and size values. 2011-07-19 Milan Broz * Revert default initialisation of volume key in crypt_init_by_name(). * Do not allow key retrieval while suspended (key could be wiped). * Do not allow suspend for non-LUKS devices. * Support retries and timeout parameters for luksSuspend. * Add --header option for detached metadata (on-disk LUKS header) device. * Add crypt_init_by_name_and_header() and crypt_set_data_device() to API. * Allow different data offset setting for detached header. 2011-07-07 Milan Broz * Remove old API functions (all functions using crypt_options). * Add --enable-discards option to allow discards/TRIM requests. * Add crypt_get_iv_offset() function to API. 2011-07-01 Milan Broz * Add --shared option for creating non-overlapping crypt segments. * Add shared flag to libcryptsetup api. * Fix plain crypt format parameters to include size option (API change). 2011-06-08 Milan Broz * Fix return code for status command when device doesn't exists. 2011-05-24 Milan Broz * Version 1.3.1. 2011-05-17 Milan Broz * Fix keyfile=- processing in create command (1.3.0). * Simplify device path status check. 2011-05-03 Milan Broz * Do not ignore size argument for create command (1.2.0). 2011-04-18 Milan Broz * Fix error paths in blockwise code and lseek_write call. * Add Nettle crypto backend support. 2011-04-05 Milan Broz * Version 1.3.0. 2011-03-22 Milan Broz * Also support --skip and --hash option for loopaesOpen. * Fix return code when passphrase is read from pipe. * Document cryptsetup exit codes. 2011-03-18 Milan Broz * Respect maximum keyfile size parameter. * Introduce maximum default keyfile size, add configure option. * Require the whole key read from keyfile in create command (broken in 1.2.0). * Fix offset option for loopaesOpen. * Lock memory also in luksDump command. * Version 1.3.0-rc2. 2011-03-14 Milan Broz * Version 1.3.0-rc1. 2011-03-11 Milan Broz * Add loop manipulation code and support mapping of images in file. * Add backing device loop info into status message. * Add luksChangeKey command. 2011-03-05 Milan Broz * Add exception to COPYING for binary distribution linked with OpenSSL library. * Set secure data flag (wipe all ioctl buffers) if devmapper library supports it. 2011-01-29 Milan Broz * Fix mapping removal if device disappeared but node still exists. * Fix luksAddKey return code if master key is used. 2011-01-25 Milan Broz * Add loop-AES handling (loopaesOpen and loopaesClose commands). (requires kernel 2.6.38 and above) 2011-01-05 Milan Broz * Fix static build (--disable-static-cryptsetup now works properly). 2010-12-30 Milan Broz * Add compile time crypto backends implementation (gcrypt, OpenSSL, NSS and userspace Linux kernel crypto api). * Currently NSS is lacking ripemd160, cannot provide full plain compatibility. * Use --with-crypto_backend=[gcrypt|openssl|nss|kernel] to configure. 2010-12-20 Milan Broz * Version 1.2.0. 2010-11-25 Milan Broz * Fix crypt_activate_by_keyfile() to work with PLAIN devices. * Fix create command to properly handle keyfile size. 2010-11-16 Milan Broz * Version 1.2.0-rc1. 2010-11-13 Milan Broz * Fix password callback call. * Fix default plain password entry from terminal in activate_by_passphrase. * Add --dump-master-key option for luksDump to allow volume key dump. * Allow one to activate by internally cached volume key (format/activate without keyslots active - used for temporary devices). * Initialize volume key from active device in crypt_init_by_name() * Fix cryptsetup binary exitcodes. * Increase library version (still binary compatible with 1.1.x release). 2010-11-01 Milan Broz * No longer support luksDelKey, reload and --non-exclusive. * Remove some obsolete info from man page. * Add crypt_get_type(), crypt_resize(), crypt_keyslot_max() and crypt_get_active_device() to API. * Rewrite all implementations in cryptsetup to new API. * Fix luksRemoveKey to behave as documented (do not ask for remaining keyslot passphrase). * Add more regression tests for commands. * Disallow mapping of device which is already in use (mapped or mounted). * Disallow luksFormat on device in use. 2010-10-27 Milan Broz * Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API to allow adding new features. * Implement --use-random and --use-urandom for luksFormat to allow setting of RNG for volume key generator. * Add crypt_set_rng_type() and crypt_get_rng_type() to API. * Add crypt_set_uuid() to API. * Allow UUID setting in luksFormat and luksUUID (--uuid parameter). * Add --keyfile-size and --new-keyfile-size (in bytes) size and disallow overloading of --key-size for limiting keyfile reads. * Fix luksFormat to properly use key file with --master-key-file switch. * Fix possible double free when handling master key file. 2010-10-17 Milan Broz * Add crypt_get_device_name() to API (get underlying device name). * Change detection for static libraries. * Fix pkg-config use in automake scripts. * Remove --disable-shared-library switch and handle static library build by common libtool logic (using --enable-static). * Add --enable-static-cryptsetup option to build cryptsetup.static binary together with shared build. 2010-08-05 Milan Broz * Wipe iteration and salt after KillSlot in LUKS header. * Rewrite file differ test to C (and fix it to really work). * Switch to 1MiB default alignment of data. For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684 * Do not query non-existent device twice (cryptsetup status /dev/nonexistent). * Check if requested hash is supported before writing LUKS header. 2010-07-28 Arno Wagner * Add FAQ (Frequently Asked Questions) file to distribution. 2010-07-03 Milan Broz * Fix udev support for old libdevmapper with not compatible definition. * Version 1.1.3. 2010-06-01 Milan Broz * Fix device alignment ioctl calls parameters. * Fix activate_by_* API calls to handle NULL device name as documented. 2010-05-30 Milan Broz * Version 1.1.2. 2010-05-27 Milan Broz * Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. * Support --key-file/-d option for luksFormat. * Fix description of --key-file and add --verbose and --debug options to man page. * Add verbose log level and move unlocking message there. * Remove device even if underlying device disappeared. * Fix (deprecated) reload device command to accept new device argument. 2010-05-23 Milan Broz * Fix luksClose operation for stacked DM devices. * Version 1.1.1. 2010-05-03 Milan Broz * Fix automatic dm-crypt module loading. * Escape hyphens in man page. * Version 1.1.1-rc2. 2010-04-30 Milan Broz * Try to use pkgconfig for device mapper library. * Detect old dm-crypt module and disable LUKS suspend/resume. * Fix apitest to work on older systems. * Allow no hash specification in plain device constructor. * Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified). * Fix isLuks to initialise crypto backend (blkid instead is suggested anyway). * Version 1.1.1-rc1. 2010-04-12 Milan Broz * Fix package config to use proper package version. * Avoid class C++ keyword in library header. * Detect and use devmapper udev support if available (disable by --disable-udev). 2010-04-06 Milan Broz * Prefer some device paths in status display. * Support device topology detectionfor data alignment. 2010-02-25 Milan Broz * Do not verify unlocking passphrase in luksAddKey command. * Properly initialise crypto backend in header backup/restore commands. 2010-01-17 Milan Broz * If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c). * Version 1.1.0. 2010-01-10 Milan Broz * Fix initialisation of gcrypt during luksFormat. * Convert hash name to lower case in header (fix sha1 backward compatible header) * Check for minimum required gcrypt version. 2009-12-30 Milan Broz * Fix key slot iteration count calculation (small -i value was the same as default). * The slot and key digest iteration minimum is now 1000. * The key digest iteration # is calculated from iteration time (approx 1/8 of that). * Version 1.1.0-rc4. 2009-12-11 Milan Broz * Fix error handling during reading passhrase. 2009-12-01 Milan Broz * Allow changes of default compiled-in cipher parameters through configure. * Switch default key size for LUKS to 256bits. * Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!). 2009-11-14 Milan Broz * Add CRYPT_ prefix to enum defined in libcryptsetup.h. * Fix status call to fail when running as non-root user. * Check in configure if selinux libraries are required in static version. * Add temporary debug code to find processes locking internal device. * Simplify build system, use autopoint and clean gettext processing. * Use proper NLS macros and detection (so the message translation works again). * Version 1.1.0-rc3. 2009-09-30 Milan Broz * Fix exported symbols and versions in libcryptsetup. * Do not use internal lib functions in cryptsetup. * Add crypt_log to library. * Fix crypt_remove_device (remove, luksClose) implementation. * Move dm backend initialisation to library calls. * Move duplicate Command failed message to verbose level (error is printed always). * Add some password and used algorithms notes to man page. * Version 1.1.0-rc2. 2009-09-28 Milan Broz * Add luksHeaderBackup and luksHeaderRestore commands. * Fail passphrase read if piped input no longer exists. * Version 1.1.0-rc1. 2009-09-15 Milan Broz * Initialize crypto library before LUKS header load. * Fix manpage to not require --size which expands to device size by default. 2009-09-10 Milan Broz * Clean up Makefiles and configure script. * Version 1.1.0-test0. 2009-09-08 Milan Broz * Use dm-uuid for all crypt devices, contains device type and name now. * Try to read first sector from device to properly check that device is ready. 2009-09-02 Milan Broz * Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). 2009-08-30 Milan Broz * Require device device-mapper to build and do not use backend wrapper for dm calls. * Move memory locking and dm initialization to command layer. * Increase priority of process if memory is locked. * Add log macros and make logging more consistent. * Move command successful messages to verbose level. * Introduce --debug parameter. * Move device utils code and provide context parameter (for log). * Keyfile now must be provided by path, only stdin file descriptor is used (api only). * Do not call isatty() on closed keyfile descriptor. * Run performance check for PBKDF2 from LUKS code, do not mix hash algorithms results. * Add ability to provide pre-generated master key and UUID in LUKS header format. * Add LUKS function to verify master key digest. * Move key slot manipulation function into LUKS specific code. * Replace global options struct with separate parameters in helper functions. * Add new libcryptsetup API (documented in libcryptsetup.h). * Implement old API calls using new functions. * Remove old API code helper functions. * Add --master-key-file option for luksFormat and luksAddKey. 2009-08-17 Milan Broz * Fix PBKDF2 speed calculation for large passphrases. * Allow using passphrase provided in options struct for LuksOpen. * Allow restrict keys size in LuksOpen. 2009-07-30 Milan Broz * Fix errors when compiled with LUKS_DEBUG. * Print error when getline fails. * Remove po/cryptsetup-luks.pot, it's autogenerated. * Return ENOENT for empty keyslots, EINVAL will be used later for other type of error. * Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here. * Add required parameters for changing hash used in LUKS key setup scheme. * Do not export simple XOR helper now used only inside AF functions. * Completely remove internal SHA1 implementation code, not needed anymore. * Enable hash algorithm selection for LUKS through -h luksFormat option. 2009-07-28 Milan Broz * Pad luks header to 512 sector size. * Rework read/write blockwise to not split operation to many pieces. * Use posix_memalign if available. 2009-07-22 Milan Broz * Fix segfault if provided slot in luksKillslot is invalid. * Remove unneeded timeout when remove of temporary device succeeded. 2009-07-22 Milan Broz * version 1.0.7 2009-07-16 Milan Broz * Allow removal of last slot in luksRemoveKey and luksKillSlot. 2009-07-11 Milan Broz * Add --disable-selinux option and fix static build if selinux is required. * Reject unsupported --offset and --skip options for luksFormat and update man page. 2009-06-22 Milan Broz * Summary of changes in subversion for 1.0.7-rc1: * Various man page fixes. * Set UUID in device-mapper for LUKS devices. * Retain readahead of underlying device. * Display device name when asking for password. * Check device size when loading LUKS header. Remove misleading error message later. * Add error hint if dm-crypt mapping failed. * Use better error messages if device doesn't exist or is already used by other mapping. * Fix make distcheck. * Check if all slots are full during luksAddKey. * Fix segfault in set_error. * Code cleanups, remove precompiled pot files, remove unnecessary files from po directory * Fix uninitialized return value variable in setup.c. * Code cleanups. (thanks to Ivan Stankovic) * Fix wrong output for remaining key at key deletion. * Allow deletion of key slot while other keys have the same key information. * Add missing AM_PROG_CC_C_O to configure.in * Remove duplicate sentence in man page. * Wipe start of device (possible fs signature) before LUKS-formatting. * Do not process configure.in in hidden directories. * Return more descriptive error in case of IO or header format error. * Use remapping to error target instead of calling udevsettle for temporary crypt device. * Check device mapper communication and warn user if device-mapper support missing in kernel. * Fix signal handler to properly close device. * write_lseek_blockwise: declare innerCount outside the if block. * add -Wall to the default CFLAGS. fix some signedness issues. * Error handling improvement. * Add non-exclusive override to interface definition. * Refactor key slot selection into keyslot_from_option. 2007-05-01 Clemens Fruhwirth * lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel , for old SuSE compat hashing. 2007-04-16 Clemens Fruhwirth * Summary of changes in subversion: Fix segfault for key size > 32 bytes. Kick ancient header version conversion. Fix http://bugs.debian.org/403075 No passwort retrying for I/O errors. Fix hang on "-i 0". Fix parenthesization error that prevented --tries from working correctly. 2006-11-28 gettextize * m4/gettext.m4: Upgrade to gettext-0.15. * m4/glibc2.m4: New file, from gettext-0.15. * m4/intmax.m4: New file, from gettext-0.15. * m4/inttypes-h.m4: New file, from gettext-0.15. * m4/inttypes-pri.m4: Upgrade to gettext-0.15. * m4/lib-link.m4: Upgrade to gettext-0.15. * m4/lib-prefix.m4: Upgrade to gettext-0.15. * m4/lock.m4: New file, from gettext-0.15. * m4/longdouble.m4: New file, from gettext-0.15. * m4/longlong.m4: New file, from gettext-0.15. * m4/nls.m4: Upgrade to gettext-0.15. * m4/po.m4: Upgrade to gettext-0.15. * m4/printf-posix.m4: New file, from gettext-0.15. * m4/signed.m4: New file, from gettext-0.15. * m4/size_max.m4: New file, from gettext-0.15. * m4/visibility.m4: New file, from gettext-0.15. * m4/wchar_t.m4: New file, from gettext-0.15. * m4/wint_t.m4: New file, from gettext-0.15. * m4/xsize.m4: New file, from gettext-0.15. * m4/Makefile.am: New file. * configure.in (AC_OUTPUT): Add m4/Makefile. (AM_GNU_GETTEXT_VERSION): Bump to 0.15. 2006-10-22 David Härdeman * Allow hashing of keys passed through stdin. 2006-10-13 Clemens Fruhwirth * configure.in: 1.0.4 release 2006-10-13 Clemens Fruhwirth * man/cryptsetup.8: Document --tries switch; patch by Jonas Meurer. 2006-10-13 Clemens Fruhwirth * lib/setup.c: Added terminal timeout rewrite as forwarded by Jonas Meurer 2006-10-04 Clemens Fruhwirth * Merged patch from Marc Merlin to allow user selection of key slot. 2006-09-26 gettextize * m4/codeset.m4: Upgrade to gettext-0.14.4. * m4/gettext.m4: Upgrade to gettext-0.14.4. * m4/glibc2.m4: New file, from gettext-0.14.4. * m4/glibc21.m4: Upgrade to gettext-0.14.4. * m4/iconv.m4: Upgrade to gettext-0.14.4. * m4/intdiv0.m4: Upgrade to gettext-0.14.4. * m4/intmax.m4: New file, from gettext-0.14.4. * m4/inttypes.m4: Upgrade to gettext-0.14.4. * m4/inttypes_h.m4: Upgrade to gettext-0.14.4. * m4/inttypes-pri.m4: Upgrade to gettext-0.14.4. * m4/isc-posix.m4: Upgrade to gettext-0.14.4. * m4/lcmessage.m4: Upgrade to gettext-0.14.4. * m4/lib-ld.m4: Upgrade to gettext-0.14.4. * m4/lib-link.m4: Upgrade to gettext-0.14.4. * m4/lib-prefix.m4: Upgrade to gettext-0.14.4. * m4/longdouble.m4: New file, from gettext-0.14.4. * m4/longlong.m4: New file, from gettext-0.14.4. * m4/nls.m4: Upgrade to gettext-0.14.4. * m4/po.m4: Upgrade to gettext-0.14.4. * m4/printf-posix.m4: New file, from gettext-0.14.4. * m4/progtest.m4: Upgrade to gettext-0.14.4. * m4/signed.m4: New file, from gettext-0.14.4. * m4/size_max.m4: New file, from gettext-0.14.4. * m4/stdint_h.m4: Upgrade to gettext-0.14.4. * m4/uintmax_t.m4: Upgrade to gettext-0.14.4. * m4/ulonglong.m4: Upgrade to gettext-0.14.4. * m4/wchar_t.m4: New file, from gettext-0.14.4. * m4/wint_t.m4: New file, from gettext-0.14.4. * m4/xsize.m4: New file, from gettext-0.14.4. * Makefile.am (ACLOCAL_AMFLAGS): New variable. * configure.in (AM_GNU_GETTEXT_VERSION): Bump to 0.14.4. 2006-08-04 Clemens Fruhwirth * configure.in: 1.0.4-rc2 2006-08-04 Clemens Fruhwirth * luks/Makefile.am: Add a few regression tests 2006-08-04 Clemens Fruhwirth * lib/setup.c (get_key): Applied patch from David Härdeman for reading binary keys from stdin using the "-" as key file. 2006-08-04 Clemens Fruhwirth * lib/setup.c (__crypt_luks_add_key): For checking options struct (optionsCheck) filter out CRYPT_FLAG_VERIFY and CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done for password retrieval. 2006-08-04 Clemens Fruhwirth * configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol 2006-07-23 Clemens Fruhwirth * Applied patches from David Härdeman to fix 64 bit compiler warning issues. 2006-05-19 Clemens Fruhwirth * Applied patches from Jonas Meurer - fix terminal status after timeout - add remark for --tries to manpage - allow more than 32 chars from standard input. - exit status fix for cryptsetup status. 2006-05-06 Clemens Fruhwirth * src/cryptsetup.c (yesDialog): Fix getline problem for 64-bit archs. 2006-04-05 Clemens Fruhwirth * configure.in: Release 1.0.3. * Applied patch by Johannes Weißl for more meaningful exit codes and password retries 2006-03-30 Clemens Fruhwirth * lib/setup.c (__crypt_create_device): (char *) -> (const char *) 2006-03-30 Clemens Fruhwirth * Apply alignPayload patch from Peter Palfrader 2006-03-15 Clemens Fruhwirth * configure.in: 1.0.3-rc3. Most displease release ever. * lib/setup.c (__crypt_create_device): More verbose error message. 2006-02-26 Clemens Fruhwirth * lib/setup.c: Revert to 1.0.1 key reading. 2006-02-25 Clemens Fruhwirth * man/cryptsetup.8: merge patch from Jonas Meurer 2006-02-25 Clemens Fruhwirth * configure.in: 1.0.3-rc2 2006-02-25 Clemens Fruhwirth * lib/libdevmapper.c (dm_create_device): Remove dup check here. * lib/setup.c (__crypt_luks_open): Adopt same dup check as regular create command. 2006-02-22 Clemens Fruhwirth * configure.in: Spin 1.0.3-rc1 2006-02-22 Clemens Fruhwirth * src/cryptsetup.c (action_create): Change defaulting. (action_luksFormat): Change defaulting. * lib/setup.c (parse_into_name_and_mode): Revert that default change. This is FORBIDDEN here, as it will change cryptsetup entire default. This is BAD in a non-LUKS world. 2006-02-21 Clemens Fruhwirth * luks/keyencryption.c (setup_mapping): Add proper size restriction to mapping. (LUKS_endec_template): Add more verbose error message. 2006-02-21 Clemens Fruhwirth * lib/libdevmapper.c (dm_query_device): Incorporate patch from Bastian Blank http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313 2006-02-21 Clemens Fruhwirth * src/cryptsetup.c: Rename show_error -> show_status. 2006-02-20 Clemens Fruhwirth * lib/libdevmapper.c (dm_create_device): Prevent existing mapping from being removed when a mapping with the same name is added * Add timeout patch from Jonas Meurer * src/cryptsetup.c: Remove conditional error printing to enable printing the no-error msg (Command successful). Verify passphrase for LUKS volumes. (main): Add no-verify-passphrase * lib/setup.c (parse_into_name_and_mode): Change default mode complition to essiv:sha256. 2006-01-04 Clemens Fruhwirth * src/cryptsetup.c (help): Merge patch from Gentoo: change gettext(..) to _(..). 2005-12-06 Clemens Fruhwirth * man/cryptsetup.8: Correct "seconds" to "microseconds" in the explanation for -i. 2005-11-09 Clemens Fruhwirth * src/cryptsetup.c (main): Add version string. 2005-11-08 Clemens Fruhwirth * lib/backends.c: compile fix. 2005-09-11 Clemens Fruhwirth * lib/setup.c (get_key): Fixed another incompatibility from my get_key rewrite with original cryptsetup. 2005-09-11 Clemens Fruhwirth * Merged changes from Florian Knauf's fk02 branch. 2005-09-08 Clemens Fruhwirth * lib/setup.c (get_key): Fixed another incompatibility with original cryptsetup. 2005-08-20 Clemens Fruhwirth * Checked in a patch from Michael Gebetsroither to silent all confirmation dialogs. 2005-06-23 Clemens Fruhwirth * src/cryptsetup.c (help): print PACKAGE_STRING 2005-06-20 Clemens Fruhwirth * luks/keymanage.c (LUKS_set_key): Security check against header manipulation * src/cryptsetup.c (action_luksDelKey): Safety check in luksDelKey * luks/keymanage.c: Changed disk layout generation to align key material to 4k boundaries. (LUKS_is_last_keyslot): Added LUKS_is_last_keyslot function. * Applied patch from Bill Nottingham fixing a lot of prototypes. * src/cryptsetup.c (action_luksOpen): Add support for -r flag. * configure.in: Version bump 1.0.1 2005-06-16 Clemens Fruhwirth * lib/setup.c (__crypt_luks_open): Remove mem leaking of dmCipherSpec. (get_key): Fix missing zero termination for read string. 2005-06-12 Clemens Fruhwirth * luks/keyencryption.c (setup_mapping): Added CRYPT_FLAG_READONLY in case of O_RDONLY mode 2005-06-11 Clemens Fruhwirth * configure.in: Version bump 1.0.1-pre 2005-06-09 Clemens Fruhwirth * lib/utils.c: Added write_llseek_blocksize method to support sector wiping on sector_size != 512 media 2005-05-23 Clemens Fruhwirth * lib/setup.c (crypt_luksDelKey): Added missing return statement (setup_leave): Added missing return statement * luks/keyencryption.c (clear_mapping): Added missing return statement 2005-05-19 Clemens Fruhwirth * lib/utils.c (write_blockwise, read_blockwise): Changed to soft bsize instead of SECTOR_SIZE * luks/keymanage.c (wipe): Changed open mode to O_DIRECT | O_SYNC, and changed write to use the blockwise write helper 2005-04-21 Clemens Fruhwirth * man/cryptsetup.8: Corrected an error, thanks to Dick Middleton. 2005-04-09 Clemens Fruhwirth * luks/sha/hmac.c: Add 64 bit bug fix courtesy to Oliver Paukstadt . * luks/pbkdf.c, luks/keyencryption.c, luks/keymanage.c, luks/af.c: Added a license disclaimer and remove option for "any future GPL versions". 2005-03-25 Clemens Fruhwirth * configure.in: man page Makefile. Version bump 1.0. * man/cryptsetup.8: finalize man page and move to section 8. * src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactive sessions. * lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command 2005-03-24 Clemens Fruhwirth * src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter): rename luksInit to luksFormat 2005-03-12 Clemens Fruhwirth * man/cryptsetup.1: Add man page. * lib/setup.c: Remove unnecessary LUKS_write_phdr call, so the phdr is written after passphrase reading, so the user can change his mind, and not have a partial written LUKS header on it's disk. 2005-02-09 Clemens Fruhwirth * luks/keymanage.c (LUKS_write_phdr): converted argument phdr to pointer, and make a copy of phdr for conversion * configure.in: Version dump. * luks/keyencryption.c: Convert to read|write_blockwise. * luks/keymanage.c: Convert to read|write_blockwise. * lib/utils.c: Add read|write_blockwise functions, to use in O_DIRECT file accesses. 2004-03-11 Thursday 15:52 Jana Saout * lib/blockdev.h: BLKGETSIZE64 really uses size_t as third argument, the rest is wrong. 2004-03-10 Wednesday 17:50 Jana Saout * lib/: libcryptsetup.h, libdevmapper.c: Small fixes. 2004-03-09 Tuesday 21:41 Jana Saout * lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to keep track of malloc'ed return values in struct crypt_options and add a function to free the memory. Also add a readonly flag to libcryptsetup. 2004-03-09 Tuesday 16:03 Jana Saout * ChangeLog, configure.in, setup-gettext, lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More reorganization work. 2004-03-08 Monday 01:38 Jana Saout * ChangeLog, Makefile.am, acinclude.m4, configure.in, lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po, src/Makefile.am: BLKGETSIZE64 fixes and started modularity enhancements 2004-03-04 Thursday 21:06 Jana Saout * Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First backward compatible working version. 2004-03-04 Thursday 00:42 Jana Saout * NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh, configure.in, setup-gettext, po/ChangeLog, po/LINGUAS, po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h, src/Makefile.am (utags: initial): Initial checkin. 2004-03-04 Thursday 00:42 Jana Saout * NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh, configure.in, setup-gettext, po/ChangeLog, po/LINGUAS, po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h, src/Makefile.am: Initial revision cryptsetup-2.8.0/docs/Keyring.txt000066400000000000000000000074731502645201100170530ustar00rootroot00000000000000Integration with kernel keyring service --------------------------------------- We have two different use cases for kernel keyring service: I) Volume keys Since upstream kernel 4.10 dm-crypt device mapper target allows loading volume key (VK) in kernel keyring service. The key offloaded in kernel keyring service is only referenced (by key description) in dm-crypt target and the VK is therefore no longer stored directly in dm-crypt target. Starting with cryptsetup 2.0 we load VK in kernel keyring by default for LUKSv2 devices (when dm-crypt with the feature is available). Currently, cryptsetup loads VK in 'logon' type kernel key so that VK is passed in the kernel and can't be read from userspace afterwards. Also, cryptsetup loads VK in the thread keyring (before passing the reference to dm-crypt target) so that the key lifetime is directly bound to the process that performs the dm-crypt setup. When cryptsetup process exits (for whatever reason) the key gets unlinked in the kernel automatically. In summary, the key description visible in dm-crypt table line is a reference to VK that usually no longer exists in kernel keyring service if you used cryptsetup for device activation. Using this feature dm-crypt no longer maintains a direct key copy (but there's always at least one copy in the kernel crypto layer). Additionally, libcryptsetup supports the linking of volume keys to user-specified kernel keyring with crypt_set_keyring_to_link(). The user may specify keyring name, key type ('user' or 'logon') and key description where libcryptsetup should link the verified volume key upon subsequent device activation (or key verification alone). The volume key(s) (provided the key type is 'user') linked in the user keyring can be later used to activate the device via crypt_activate_by_keyslot_context() with CRYPT_KC_TYPE_VK_KEYRING type keyslot context (acquired by crypt_keyslot_context_init_by_vk_in_keyring()). Example of how to use volume key linked in custom user keyring from cryptsetup utility: 1) Open the device and store the volume key to the session keyring: # cryptsetup open --link-vk-to-keyring "@s::%user:testkey" tst 2) Add a keyslot using the stored volume key in a keyring: # cryptsetup luksAddKey --volume-key-keyring "%user:testkey" 3) Activate the device using the volume key cached in a keyring ('user' type key) # cryptsetup open --volume-key-keyring "testkey" II) Keyslot passphrase The second use case for kernel keyring is to allow cryptsetup reading the keyslot passphrase stored in kernel keyring instead. The user may load the passphrase in the kernel keyring and notify cryptsetup to read it from there later. Currently, cryptsetup cli supports kernel keyring for passphrase only via LUKS2 internal token (luks2-keyring). The library also provides a general method for device activation by reading the passphrase from the keyring: crypt_activate_by_keyring(). The key type for use case II) must always be 'user' since we need to read the actual key data from userspace unlike with VK in I). The ability to read keyslot passphrases from kernel keyring also allows easy auto-activate LUKS2 devices. Simple example of how to use kernel keyring for keyslot passphrase: 1) create LUKS2 keyring token for keyslot 0 (in LUKS2 device/image) cryptsetup token add --key-description my:key -S 0 /dev/device 2) Load keyslot passphrase in user keyring read -s -p "Keyslot passphrase: "; echo -n $REPLY | keyctl padd user my:key @u 3) Activate the device using the passphrase stored in the kernel keyring cryptsetup open /dev/device my_unlocked_device 4a) unlink the key when no longer needed by keyctl unlink %user:my:key @u 4b) or revoke it immediately by keyctl revoke %user:my:key If cryptsetup asks for a passphrase in step 3) something went wrong with keyring activation. See --debug output then. cryptsetup-2.8.0/docs/LUKS2-locking.txt000066400000000000000000000075751502645201100177320ustar00rootroot00000000000000LUKS2 device locking overview ============================= Why ~~~ LUKS2 format keeps two identical copies of metadata stored consecutively at the head of the metadata device (file or bdev). The metadata area (both copies) must be updated in a single atomic operation to avoid header corruption during concurrent write. While with LUKS1 users may have clear knowledge of when a LUKS header is being updated (written to) or when it's being read solely the need for locking with legacy format was not so obvious as it is with the LUKSv2 format. With LUKS2 the boundary between read-only and read-write is blurry and what used to be the exclusively read-only operation (i.e., cryptsetup open command) may easily become read-update operation silently without the user's knowledge. A major feature of the LUKS2 format is resilience against accidental corruption of metadata (i.e., partial header overwrite by parted or cfdisk while creating a partition on a mistaken block device). Such header corruption is detected early on the header read and the auto-recovery procedure takes place (the corrupted header with checksum mismatch is being replaced by the secondary one if that one is intact). On current Linux systems header load operation may be triggered without the user direct intervention for example by an udev rule or from a systemd service. Such a clash of header read and auto-recovery procedure could have severe consequences with the worst case of having a LUKS2 device inaccessible or being broken beyond repair. The whole locking of LUKSv2 device headers split into two categories depending what backend the header is stored on: I) block device ~~~~~~~~~~~~~~~ We perform flock() on file descriptors of files stored in a private directory (by default /run/lock/cryptsetup). The file name is derived from major:minor couple of the affected block device. Note we recommend that access to the private locking directory is supposed to be limited to the superuser only. For this method to work the distribution needs to install the locking directory with appropriate access rights. II) regular files ~~~~~~~~~~~~~~~~~ A first notable difference between headers stored in a file vs. headers stored in a block device is that headers in a file may be manipulated by the regular user, unlike headers on block devices. Therefore we perform flock() protection on file with the luks2 header directly. Limitations ~~~~~~~~~~~ a) In general, the locking model provides serialization of I/Os targeting the header only. It means the header is always written or read at once while locking is enabled. We do not suppress any other negative effect that two or more concurrent writers of the same header may cause. b) The locking is not cluster-aware in any way. Additional LUKS2 locks ====================== LUKS2 reencryption device lock ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Device in LUKS2 reencryption is protected by an exclusive lock placed in the default locking directory. The lock's purpose is to exclude multiple processes from performing reencryption on the same device (identified by LUKS uuid). The lock is taken no matter the LUKS2 reencryption mode (online or offline). LUKS2 memory hard global lock ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An optional global lock that makes libcryptsetup serialize memory hard pbkdf function when deriving a key encryption key from passphrase on unlocking LUKS2 keyslot. The lock has to be enabled via the CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF flag. The lock is placed in the default locking directory. LUKS2 OPAL lock ~~~~~~~~~~~~~~~ Exclusive per device lock taken when manipulating LUKS2 device configured for use with SED OPAL2 locking range. Lock ordering ============= To avoid a deadlock following rules must apply: - LUKS2 reencrytpion lock must be taken before LUKS2 OPAL lock. - LUKS2 OPAL lock must be taken before LUKS2 metadata lock. - LUKS2 memory hard global lock can not be used with other locks. cryptsetup-2.8.0/docs/doxyfile000066400000000000000000000300101502645201100164270ustar00rootroot00000000000000# Doxyfile 1.9.8 #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- DOXYFILE_ENCODING = UTF-8 PROJECT_NAME = "cryptsetup API" PROJECT_NUMBER = PROJECT_BRIEF = "Public cryptsetup API" PROJECT_LOGO = OUTPUT_DIRECTORY = doxygen_api_docs CREATE_SUBDIRS = NO CREATE_SUBDIRS_LEVEL = 8 ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English BRIEF_MEMBER_DESC = YES REPEAT_BRIEF = YES ABBREVIATE_BRIEF = ALWAYS_DETAILED_SEC = NO INLINE_INHERITED_MEMB = NO FULL_PATH_NAMES = YES STRIP_FROM_PATH = STRIP_FROM_INC_PATH = SHORT_NAMES = NO JAVADOC_AUTOBRIEF = NO JAVADOC_BANNER = NO QT_AUTOBRIEF = NO MULTILINE_CPP_IS_BRIEF = NO PYTHON_DOCSTRING = YES INHERIT_DOCS = YES SEPARATE_MEMBER_PAGES = NO TAB_SIZE = 8 ALIASES = OPTIMIZE_OUTPUT_FOR_C = YES OPTIMIZE_OUTPUT_JAVA = NO OPTIMIZE_FOR_FORTRAN = NO OPTIMIZE_OUTPUT_VHDL = NO OPTIMIZE_OUTPUT_SLICE = NO EXTENSION_MAPPING = MARKDOWN_SUPPORT = YES TOC_INCLUDE_HEADINGS = 5 MARKDOWN_ID_STYLE = DOXYGEN AUTOLINK_SUPPORT = YES BUILTIN_STL_SUPPORT = NO CPP_CLI_SUPPORT = NO SIP_SUPPORT = NO IDL_PROPERTY_SUPPORT = YES DISTRIBUTE_GROUP_DOC = NO GROUP_NESTED_COMPOUNDS = NO SUBGROUPING = YES INLINE_GROUPED_CLASSES = NO INLINE_SIMPLE_STRUCTS = NO TYPEDEF_HIDES_STRUCT = YES LOOKUP_CACHE_SIZE = 0 NUM_PROC_THREADS = 1 TIMESTAMP = NO #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- EXTRACT_ALL = NO EXTRACT_PRIVATE = NO EXTRACT_PRIV_VIRTUAL = NO EXTRACT_PACKAGE = NO EXTRACT_STATIC = NO EXTRACT_LOCAL_CLASSES = YES EXTRACT_LOCAL_METHODS = NO EXTRACT_ANON_NSPACES = NO RESOLVE_UNNAMED_PARAMS = YES HIDE_UNDOC_MEMBERS = NO HIDE_UNDOC_CLASSES = NO HIDE_FRIEND_COMPOUNDS = NO HIDE_IN_BODY_DOCS = NO INTERNAL_DOCS = NO CASE_SENSE_NAMES = YES HIDE_SCOPE_NAMES = NO HIDE_COMPOUND_REFERENCE= NO SHOW_HEADERFILE = YES SHOW_INCLUDE_FILES = YES SHOW_GROUPED_MEMB_INC = NO FORCE_LOCAL_INCLUDES = NO INLINE_INFO = YES SORT_MEMBER_DOCS = YES SORT_BRIEF_DOCS = NO SORT_MEMBERS_CTORS_1ST = NO SORT_GROUP_NAMES = NO SORT_BY_SCOPE_NAME = NO STRICT_PROTO_MATCHING = NO GENERATE_TODOLIST = YES GENERATE_TESTLIST = YES GENERATE_BUGLIST = YES GENERATE_DEPRECATEDLIST= YES ENABLED_SECTIONS = MAX_INITIALIZER_LINES = 30 SHOW_USED_FILES = YES SHOW_FILES = YES SHOW_NAMESPACES = YES FILE_VERSION_FILTER = LAYOUT_FILE = CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- QUIET = NO WARNINGS = YES WARN_IF_UNDOCUMENTED = YES WARN_IF_DOC_ERROR = YES WARN_IF_INCOMPLETE_DOC = YES WARN_NO_PARAMDOC = NO WARN_IF_UNDOC_ENUM_VAL = NO WARN_AS_ERROR = NO WARN_FORMAT = "$file:$line: $text" WARN_LINE_FORMAT = "at line $line of file $file" WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- INPUT = doxygen_index.h \ ../lib/libcryptsetup.h INPUT_ENCODING = UTF-8 INPUT_FILE_ENCODING = FILE_PATTERNS = RECURSIVE = NO EXCLUDE = EXCLUDE_SYMLINKS = NO EXCLUDE_PATTERNS = EXCLUDE_SYMBOLS = EXAMPLE_PATH = examples EXAMPLE_PATTERNS = EXAMPLE_RECURSIVE = NO IMAGE_PATH = INPUT_FILTER = FILTER_PATTERNS = FILTER_SOURCE_FILES = NO FILTER_SOURCE_PATTERNS = USE_MDFILE_AS_MAINPAGE = FORTRAN_COMMENT_AFTER = 72 #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- SOURCE_BROWSER = NO INLINE_SOURCES = NO STRIP_CODE_COMMENTS = YES REFERENCED_BY_RELATION = NO REFERENCES_RELATION = NO REFERENCES_LINK_SOURCE = YES SOURCE_TOOLTIPS = YES USE_HTAGS = NO VERBATIM_HEADERS = YES CLANG_ASSISTED_PARSING = NO CLANG_ADD_INC_PATHS = YES CLANG_OPTIONS = CLANG_DATABASE_PATH = #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- ALPHABETICAL_INDEX = YES IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- GENERATE_HTML = YES HTML_OUTPUT = html HTML_FILE_EXTENSION = .html HTML_HEADER = HTML_FOOTER = HTML_STYLESHEET = HTML_EXTRA_STYLESHEET = HTML_EXTRA_FILES = HTML_COLORSTYLE = AUTO_LIGHT HTML_COLORSTYLE_HUE = 220 HTML_COLORSTYLE_SAT = 100 HTML_COLORSTYLE_GAMMA = 80 HTML_DYNAMIC_MENUS = YES HTML_DYNAMIC_SECTIONS = NO HTML_CODE_FOLDING = YES HTML_INDEX_NUM_ENTRIES = 100 GENERATE_DOCSET = NO DOCSET_FEEDNAME = "Doxygen generated docs" DOCSET_FEEDURL = DOCSET_BUNDLE_ID = org.doxygen.Project DOCSET_PUBLISHER_ID = org.doxygen.Publisher DOCSET_PUBLISHER_NAME = Publisher GENERATE_HTMLHELP = NO CHM_FILE = HHC_LOCATION = GENERATE_CHI = NO CHM_INDEX_ENCODING = BINARY_TOC = NO TOC_EXPAND = NO SITEMAP_URL = GENERATE_QHP = NO QCH_FILE = QHP_NAMESPACE = org.doxygen.Project QHP_VIRTUAL_FOLDER = doc QHP_CUST_FILTER_NAME = QHP_CUST_FILTER_ATTRS = QHP_SECT_FILTER_ATTRS = QHG_LOCATION = GENERATE_ECLIPSEHELP = NO ECLIPSE_DOC_ID = org.doxygen.Project DISABLE_INDEX = NO GENERATE_TREEVIEW = NO FULL_SIDEBAR = NO ENUM_VALUES_PER_LINE = 4 TREEVIEW_WIDTH = 250 EXT_LINKS_IN_WINDOW = NO OBFUSCATE_EMAILS = YES HTML_FORMULA_FORMAT = png FORMULA_FONTSIZE = 10 FORMULA_MACROFILE = USE_MATHJAX = NO MATHJAX_VERSION = MathJax_2 MATHJAX_FORMAT = HTML-CSS MATHJAX_RELPATH = http://www.mathjax.org/mathjax MATHJAX_EXTENSIONS = MATHJAX_CODEFILE = SEARCHENGINE = YES SERVER_BASED_SEARCH = NO EXTERNAL_SEARCH = NO SEARCHENGINE_URL = SEARCHDATA_FILE = searchdata.xml EXTERNAL_SEARCH_ID = EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # Configuration options related to the LaTeX output #--------------------------------------------------------------------------- GENERATE_LATEX = YES LATEX_OUTPUT = latex LATEX_CMD_NAME = latex MAKEINDEX_CMD_NAME = makeindex LATEX_MAKEINDEX_CMD = makeindex COMPACT_LATEX = NO PAPER_TYPE = a4 EXTRA_PACKAGES = LATEX_HEADER = LATEX_FOOTER = LATEX_EXTRA_STYLESHEET = LATEX_EXTRA_FILES = PDF_HYPERLINKS = YES USE_PDFLATEX = YES LATEX_BATCHMODE = NO LATEX_HIDE_INDICES = NO LATEX_BIB_STYLE = plain LATEX_EMOJI_DIRECTORY = #--------------------------------------------------------------------------- # Configuration options related to the RTF output #--------------------------------------------------------------------------- GENERATE_RTF = NO RTF_OUTPUT = rtf COMPACT_RTF = NO RTF_HYPERLINKS = NO RTF_STYLESHEET_FILE = RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # Configuration options related to the man page output #--------------------------------------------------------------------------- GENERATE_MAN = NO MAN_OUTPUT = man MAN_EXTENSION = .3 MAN_SUBDIR = MAN_LINKS = NO #--------------------------------------------------------------------------- # Configuration options related to the XML output #--------------------------------------------------------------------------- GENERATE_XML = NO XML_OUTPUT = xml XML_PROGRAMLISTING = YES XML_NS_MEMB_FILE_SCOPE = NO #--------------------------------------------------------------------------- # Configuration options related to the DOCBOOK output #--------------------------------------------------------------------------- GENERATE_DOCBOOK = NO DOCBOOK_OUTPUT = docbook #--------------------------------------------------------------------------- # Configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # Configuration options related to Sqlite3 output #--------------------------------------------------------------------------- GENERATE_SQLITE3 = NO SQLITE3_OUTPUT = sqlite3 SQLITE3_RECREATE_DB = YES #--------------------------------------------------------------------------- # Configuration options related to the Perl module output #--------------------------------------------------------------------------- GENERATE_PERLMOD = NO PERLMOD_LATEX = NO PERLMOD_PRETTY = YES PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- ENABLE_PREPROCESSING = YES MACRO_EXPANSION = NO EXPAND_ONLY_PREDEF = NO SEARCH_INCLUDES = YES INCLUDE_PATH = INCLUDE_FILE_PATTERNS = PREDEFINED = EXPAND_AS_DEFINED = SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration options related to external references #--------------------------------------------------------------------------- TAGFILES = GENERATE_TAGFILE = ALLEXTERNALS = NO EXTERNAL_GROUPS = YES EXTERNAL_PAGES = YES #--------------------------------------------------------------------------- # Configuration options related to diagram generator tools #--------------------------------------------------------------------------- HIDE_UNDOC_RELATIONS = YES HAVE_DOT = NO DOT_NUM_THREADS = 0 DOT_COMMON_ATTR = "fontname=Helvetica,fontsize=10" DOT_EDGE_ATTR = "labelfontname=Helvetica,labelfontsize=10" DOT_NODE_ATTR = "shape=box,height=0.2,width=0.4" DOT_FONTPATH = CLASS_GRAPH = YES COLLABORATION_GRAPH = YES GROUP_GRAPHS = YES UML_LOOK = NO UML_LIMIT_NUM_FIELDS = 10 DOT_UML_DETAILS = NO DOT_WRAP_THRESHOLD = 17 TEMPLATE_RELATIONS = NO INCLUDE_GRAPH = YES INCLUDED_BY_GRAPH = YES CALL_GRAPH = NO CALLER_GRAPH = NO GRAPHICAL_HIERARCHY = YES DIRECTORY_GRAPH = YES DIR_GRAPH_MAX_DEPTH = 1 DOT_IMAGE_FORMAT = png INTERACTIVE_SVG = NO DOT_PATH = DOTFILE_DIRS = DIA_PATH = DIAFILE_DIRS = PLANTUML_JAR_PATH = PLANTUML_CFG_FILE = PLANTUML_INCLUDE_PATH = DOT_GRAPH_MAX_NODES = 50 MAX_DOT_GRAPH_DEPTH = 0 DOT_MULTI_TARGETS = NO GENERATE_LEGEND = YES DOT_CLEANUP = YES MSCGEN_TOOL = MSCFILE_DIRS = cryptsetup-2.8.0/docs/doxygen_index.h000066400000000000000000000122151502645201100177050ustar00rootroot00000000000000/*! \mainpage Cryptsetup API * * The documentation covers public parts of cryptsetup API. In the following sections you'll find * the examples that describe some features of cryptsetup API. * For more info about libcryptsetup API versions see * API Tracker. * *
    *
  1. @ref cexamples "Cryptsetup API examples"
  2. *
      *
    1. @ref cluks "crypt_luks_usage" - cryptsetup LUKS device type usage examples
    2. *
        *
      • @ref cinit "crypt_init()"
      • *
      • @ref cformat "crypt_format()" - header and payload on mutual device
      • *
      • @ref ckeys "Keyslot operations"
      • *
          *
        • @ref ckeyslot_vol "crypt_keyslot_add_by_volume_key()"
        • *
        • @ref ckeyslot_pass "crypt_keyslot_add_by_passphrase()"
        • *
        *
      • @ref cload "crypt_load()" *
      • @ref cactivate "crypt_activate_by_passphrase()"
      • *
      • @ref cactive_pars "crypt_get_active_device()"
      • *
      • @ref cinit_by_name "crypt_init_by_name()"
      • *
      • @ref cdeactivate "crypt_deactivate()"
      • *
      • @ref cluks_ex "crypt_luks_usage.c"
      • *
      *
    3. @ref clog "crypt_log_usage" - cryptsetup logging API examples
    4. *
    *
* * @section cexamples Cryptsetup API examples * @section cluks crypt_luks_usage - cryptsetup LUKS device type usage * @subsection cinit crypt_init() * Every time you need to do something with cryptsetup or dmcrypt device * you need a valid context. The first step to start your work is * @ref crypt_init call. You can call it either with path * to the block device or path to the regular file. If you don't supply the path, * empty context is initialized. * * @subsection cformat crypt_format() - header and payload on mutual device * This section covers basic use cases for formatting LUKS devices. Format operation * sets device type in context and in case of LUKS header is written at the beginning * of block device. In the example below we use the scenario where LUKS header and data * are both stored on the same device. There's also a possibility to store header and * data separately. * * Bear in mind that @ref crypt_format() is destructive operation and it * overwrites part of the backing block device. * * @subsection ckeys Keyslot operations examples * After successful @ref crypt_format of LUKS device, volume key is not stored * in a persistent way on the device. Keyslot area is an array beyond LUKS header, where * volume key is stored in the encrypted form using user input passphrase. For more info about * LUKS keyslots and how it's actually protected, please look at * LUKS specification. * There are two basic methods to create a new keyslot: * * @subsection ckeyslot_vol crypt_keyslot_add_by_volume_key() * Creates a new keyslot directly by encrypting volume_key stored in the device * context. Passphrase should be supplied or user is prompted if passphrase param is * NULL. * * @subsection ckeyslot_pass crypt_keyslot_add_by_passphrase() * Creates a new keyslot for the volume key by opening existing active keyslot, * extracting volume key from it and storing it into a new keyslot * protected by a new passphrase * * @subsection cload crypt_load() * Function loads header from backing block device into device context. * * @subsection cactivate crypt_activate_by_passphrase() * Activates crypt device by user supplied password for keyslot containing the volume_key. * If keyslot parameter is set to CRYPT_ANY_SLOT then all active keyslots * are tried one by one until the volume key is found. * * @subsection cactive_pars crypt_get_active_device() * This call returns structure containing runtime attributes of active device. * * @subsection cinit_by_name crypt_init_by_name() * In case you need to do operations with active device (device which already * has its corresponding mapping) and you miss valid device context stored in * *crypt_device reference, you should use this call. Function tries to * get path to backing device from DM, initializes context for it and loads LUKS * header. * * @subsection cdeactivate crypt_deactivate() * Deactivates crypt device (removes DM mapping and safely erases volume key from kernel). * * @subsection cluks_ex crypt_luks_usage.c - Complex example * To compile and run use following commands in examples directory: * * @code * make * ./crypt_luks_usage _path_to_[block_device]_file * @endcode * Note that you need to have the cryptsetup library compiled. @include crypt_luks_usage.c * * @section clog crypt_log_usage - cryptsetup logging API example * Example describes basic use case for cryptsetup logging. To compile and run * use following commands in examples directory: * * @code * make * ./crypt_log_usage * @endcode * Note that you need to have the cryptsetup library compiled. @include crypt_log_usage.c * * @example crypt_luks_usage.c * @example crypt_log_usage.c */ cryptsetup-2.8.0/docs/examples/000077500000000000000000000000001502645201100165055ustar00rootroot00000000000000cryptsetup-2.8.0/docs/examples/Makefile000066400000000000000000000004521502645201100201460ustar00rootroot00000000000000TARGETS=crypt_log_usage crypt_luks_usage CFLAGS=-O0 -g -Wall -D_GNU_SOURCE LDLIBS=-lcryptsetup CC=gcc all: $(TARGETS) crypt_log_usage: crypt_log_usage.o $(CC) -o $@ $^ $(LDLIBS) crypt_luks_usage: crypt_luks_usage.o $(CC) -o $@ $^ $(LDLIBS) clean: rm -f *.o *~ core $(TARGETS) .PHONY: clean cryptsetup-2.8.0/docs/examples/crypt_log_usage.c000066400000000000000000000042011502645201100220340ustar00rootroot00000000000000// SPDX-License-Identifier: LGPL-2.1-or-later /* * libcryptsetup API log example * * Copyright (C) 2011-2025 Red Hat, Inc. All rights reserved. */ #include #include #include #include #include /* * This is an example of crypt_set_log_callback API callback. * */ static void simple_syslog_wrapper(int level, const char *msg, void *usrptr) { const char *prefix = (const char *)usrptr; int priority; switch(level) { case CRYPT_LOG_NORMAL: priority = LOG_NOTICE; break; case CRYPT_LOG_ERROR: priority = LOG_ERR; break; case CRYPT_LOG_VERBOSE: priority = LOG_INFO; break; case CRYPT_LOG_DEBUG: priority = LOG_DEBUG; break; default: fprintf(stderr, "Unsupported log level requested!\n"); return; } if (prefix) syslog(priority, "%s:%s", prefix, msg); else syslog(priority, "%s", msg); } int main(void) { struct crypt_device *cd; char usrprefix[] = "cslog_example"; int r; if (geteuid()) { printf("Using of libcryptsetup requires super user privileges.\n"); return 1; } openlog("cryptsetup", LOG_CONS | LOG_PID, LOG_USER); /* Initialize empty crypt device context */ r = crypt_init(&cd, NULL); if (r < 0) { printf("crypt_init() failed.\n"); return 2; } /* crypt_set_log_callback() - register a log callback for crypt context */ crypt_set_log_callback(cd, &simple_syslog_wrapper, (void *)usrprefix); /* send messages ithrough the crypt_log() interface */ crypt_log(cd, CRYPT_LOG_NORMAL, "This is normal log message"); crypt_log(cd, CRYPT_LOG_ERROR, "This is error log message"); crypt_log(cd, CRYPT_LOG_VERBOSE, "This is verbose log message"); crypt_log(cd, CRYPT_LOG_DEBUG, "This is debug message"); /* release crypt context */ crypt_free(cd); /* Initialize default (global) log callback */ crypt_set_log_callback(NULL, &simple_syslog_wrapper, NULL); crypt_log(NULL, CRYPT_LOG_NORMAL, "This is normal log message"); crypt_log(NULL, CRYPT_LOG_ERROR, "This is error log message"); crypt_log(NULL, CRYPT_LOG_VERBOSE, "This is verbose log message"); crypt_log(NULL, CRYPT_LOG_DEBUG, "This is debug message"); closelog(); return 0; } cryptsetup-2.8.0/docs/examples/crypt_luks_usage.c000066400000000000000000000142511502645201100222370ustar00rootroot00000000000000// SPDX-License-Identifier: LGPL-2.1-or-later /* * libcryptsetup API - using LUKS device example * * Copyright (C) 2011-2025 Red Hat, Inc. All rights reserved. */ #include #include #include #include #include #include #include static int format_and_add_keyslots(const char *path) { struct crypt_device *cd; int r; /* * The crypt_init() call is used to initialize crypt_device context, * The path parameter specifies a device path. * * For path, you can use either link to a file or block device. * The loopback device will be detached automatically. */ r = crypt_init(&cd, path); if (r < 0) { printf("crypt_init() failed for %s.\n", path); return r; } printf("Context is attached to block device %s.\n", crypt_get_device_name(cd)); /* * So far, no data were written to the device. */ printf("Device %s will be formatted as a LUKS device after 5 seconds.\n" "Press CTRL+C now if you want to cancel this operation.\n", path); sleep(5); /* * NULLs for uuid and volume_key means that these attributes will be * generated during crypt_format(). */ r = crypt_format(cd, /* crypt context */ CRYPT_LUKS2, /* LUKS2 is a new LUKS format; use CRYPT_LUKS1 for LUKS1 */ "aes", /* used cipher */ "xts-plain64", /* used block mode and IV */ NULL, /* generate UUID */ NULL, /* generate volume key from RNG */ 512 / 8, /* 512bit key - here AES-256 in XTS mode, size is in bytes */ NULL); /* default parameters */ if (r < 0) { printf("crypt_format() failed on device %s\n", crypt_get_device_name(cd)); crypt_free(cd); return r; } /* * The device now contains a LUKS header, but there is no active keyslot. * * crypt_keyslot_add_* call stores the volume_key in the encrypted form into the keyslot. * * After format, the volume key is stored internally. */ r = crypt_keyslot_add_by_volume_key(cd, /* crypt context */ CRYPT_ANY_SLOT, /* just use first free slot */ NULL, /* use internal volume key */ 0, /* unused (size of volume key) */ "foo", /* passphrase - NULL means query*/ 3); /* size of passphrase */ if (r < 0) { printf("Adding keyslot failed.\n"); crypt_free(cd); return r; } printf("The first keyslot is initialized.\n"); /* * Add another keyslot, now authenticating with the first keyslot. * It decrypts the volume key from the first keyslot and creates a new one with the specified passphrase. */ r = crypt_keyslot_add_by_passphrase(cd, /* crypt context */ CRYPT_ANY_SLOT, /* just use first free slot */ "foo", 3, /* passphrase for the old keyslot */ "bar", 3); /* passphrase for the new kesylot */ if (r < 0) { printf("Adding keyslot failed.\n"); crypt_free(cd); return r; } printf("The second keyslot is initialized.\n"); crypt_free(cd); return 0; } static int activate_and_check_status(const char *path, const char *device_name) { struct crypt_device *cd; struct crypt_active_device cad; int r; /* * LUKS device activation example. */ r = crypt_init(&cd, path); if (r < 0) { printf("crypt_init() failed for %s.\n", path); return r; } /* * crypt_load() is used to load existing LUKS header from a block device */ r = crypt_load(cd, /* crypt context */ CRYPT_LUKS, /* requested type - here LUKS of any type */ NULL); /* additional parameters (not used) */ if (r < 0) { printf("crypt_load() failed on device %s.\n", crypt_get_device_name(cd)); crypt_free(cd); return r; } /* * Device activation creates a device-mapper device with the specified name. */ r = crypt_activate_by_passphrase(cd, /* crypt context */ device_name, /* device name to activate */ CRYPT_ANY_SLOT,/* the keyslot use (try all here) */ "foo", 3, /* passphrase */ CRYPT_ACTIVATE_READONLY); /* flags */ if (r < 0) { printf("Device %s activation failed.\n", device_name); crypt_free(cd); return r; } printf("%s device %s/%s is active.\n", crypt_get_type(cd), crypt_get_dir(), device_name); printf("\tcipher used: %s\n", crypt_get_cipher(cd)); printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd)); printf("\tdevice UUID: %s\n", crypt_get_uuid(cd)); /* * Get info about the active device. */ r = crypt_get_active_device(cd, device_name, &cad); if (r < 0) { printf("Get info about active device %s failed.\n", device_name); crypt_deactivate(cd, device_name); crypt_free(cd); return r; } printf("Active device parameters for %s:\n" "\tDevice offset (in sectors): %" PRIu64 "\n" "\tIV offset (in sectors) : %" PRIu64 "\n" "\tdevice size (in sectors) : %" PRIu64 "\n" "\tread-only flag : %s\n", device_name, cad.offset, cad.iv_offset, cad.size, cad.flags & CRYPT_ACTIVATE_READONLY ? "1" : "0"); crypt_free(cd); return 0; } static int handle_active_device(const char *device_name) { struct crypt_device *cd; int r; /* * crypt_init_by_name() initializes context by an active device-mapper name */ r = crypt_init_by_name(&cd, device_name); if (r < 0) { printf("crypt_init_by_name() failed for %s.\n", device_name); return r; } if (crypt_status(cd, device_name) == CRYPT_ACTIVE) printf("Device %s is still active.\n", device_name); else { printf("Something failed perhaps, device %s is not active.\n", device_name); crypt_free(cd); return -1; } /* * crypt_deactivate() is used to deactivate a device */ r = crypt_deactivate(cd, device_name); if (r < 0) { printf("crypt_deactivate() failed.\n"); crypt_free(cd); return r; } printf("Device %s is now deactivated.\n", device_name); crypt_free(cd); return 0; } int main(int argc, char **argv) { if (geteuid()) { printf("Using of libcryptsetup requires super user privileges.\n"); return 1; } if (argc != 2) { printf("usage: ./crypt_luks_usage \n" " refers to either a regular file or a block device.\n" " WARNING: the file or device will be wiped.\n"); return 2; } if (format_and_add_keyslots(argv[1])) return 3; if (activate_and_check_status(argv[1], "example_device")) return 4; if (handle_active_device("example_device")) return 5; return 0; } cryptsetup-2.8.0/docs/licenses/000077500000000000000000000000001502645201100164745ustar00rootroot00000000000000cryptsetup-2.8.0/docs/licenses/COPYING.Apache-2.0000066400000000000000000000261361502645201100212140ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. cryptsetup-2.8.0/docs/licenses/COPYING.CC-BY-SA-4.0000066400000000000000000000472521502645201100211350ustar00rootroot00000000000000Attribution-ShareAlike 4.0 International ======================================================================= Creative Commons Corporation ("Creative Commons") is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an "as-is" basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. Using Creative Commons Public Licenses Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. Considerations for licensors: Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC- licensed material, or material used under an exception or limitation to copyright. More considerations for licensors: wiki.creativecommons.org/Considerations_for_licensors Considerations for the public: By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor's permission is not necessary for any reason--for example, because of any applicable exception or limitation to copyright--then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. More considerations for the public: wiki.creativecommons.org/Considerations_for_licensees ======================================================================= Creative Commons Attribution-ShareAlike 4.0 International Public License By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. Section 1 -- Definitions. a. Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. b. Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. c. BY-SA Compatible License means a license listed at creativecommons.org/compatiblelicenses, approved by Creative Commons as essentially the equivalent of this Public License. d. Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. e. Effective Technological Measures means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. f. Exceptions and Limitations means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. g. License Elements means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution and ShareAlike. h. Licensed Material means the artistic or literary work, database, or other material to which the Licensor applied this Public License. i. Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. j. Licensor means the individual(s) or entity(ies) granting rights under this Public License. k. Share means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. l. Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. m. You means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. Section 2 -- Scope. a. License grant. 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: a. reproduce and Share the Licensed Material, in whole or in part; and b. produce, reproduce, and Share Adapted Material. 2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. 3. Term. The term of this Public License is specified in Section 6(a). 4. Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a) (4) never produces Adapted Material. 5. Downstream recipients. a. Offer from the Licensor -- Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. b. Additional offer from the Licensor -- Adapted Material. Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter's License You apply. c. No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. 6. No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). b. Other rights. 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. 2. Patent and trademark rights are not licensed under this Public License. 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties. Section 3 -- License Conditions. Your exercise of the Licensed Rights is expressly made subject to the following conditions. a. Attribution. 1. If You Share the Licensed Material (including in modified form), You must: a. retain the following if it is supplied by the Licensor with the Licensed Material: i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); ii. a copyright notice; iii. a notice that refers to this Public License; iv. a notice that refers to the disclaimer of warranties; v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; b. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and c. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. b. ShareAlike. In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply. 1. The Adapter's License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-SA Compatible License. 2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material. 3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply. Section 4 -- Sui Generis Database Rights. Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database; b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. Section 5 -- Disclaimer of Warranties and Limitation of Liability. a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. Section 6 -- Term and Termination. a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or 2. upon express reinstatement by the Licensor. For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. c. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. Section 7 -- Other Terms and Conditions. a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. Section 8 -- Interpretation. a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. ======================================================================= Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” The text of the Creative Commons public licenses is dedicated to the public domain under the CC0 Public Domain Dedication. Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark "Creative Commons" or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. Creative Commons may be contacted at creativecommons.org. cryptsetup-2.8.0/docs/licenses/COPYING.GPL-2.0-or-later-WITH-cryptsetup-OpenSSL-exception000066400000000000000000000445621502645201100304510ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. ----- In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. cryptsetup-2.8.0/docs/licenses/COPYING.LGPL-2.1-or-later-WITH-cryptsetup-OpenSSL-exception000066400000000000000000000651571502645201100305710ustar00rootroot00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! ----- In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU Lesser General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. cryptsetup-2.8.0/docs/on-disk-format-luks2.pdf000066400000000000000000013316621502645201100212660ustar00rootroot00000000000000%PDF-1.7 % 170 0 obj << /Length 2464 /Filter /FlateDecode >> stream xڵXYܸ~_!I X(QWxw`1cM-xSvXdX]?^7iB%:3]\YU4i/N6QZdῇUyfSpz:cͶq| (g2@EV.ϛ$pKIVIdQG:Gq7&4˲GpR8TewmW 6I(+ȍUĪr^1N M W*U9A+믏pRNmP:)qo䬳1h}6Q&)<ܮGUx p?/' 8K_}? uuj^y#:1ד}ѵ""MMhTDhx뿾p)HR ب̤rʂVHmWկS.6*59J'FԬp_Xt=43Wń2Q[;H;/D<ȁ1 Hy `v8~D~ e"pAmSVv7N|v\!"PDIkqfsPloje};$x-"Ʈ,z Q3A?c"K _f;4 Emvn-?=C$W#^&wrc/}񶳽>fLtEى-JQڵ[&J[{ Wz *׭9=tVDՎunr_gep&YOHI5ᤋT2@>q}\C9x)p:4#Vg Fl?̶AW"vB Q7eq_ mZ(qhC)| cT ( a:Us2Wn`v{tJ rirnQ{f!#5L{&\4'}򝰲2eO&@8Uѓ;/m'ԫ&9Ppa'\7\CNJJĺ ПN *8)pC2 V )kL` F/G50"M3N 3= N5;mkBAB7E@G9{shv7'nJQ8vc۷f#FJ X?tKCp =5RCC4r8§EiJ{_"H0m_C/,XvIxVRePsjܶC!Ҥ K'EeJ}k[q]W=Uvpȼڟ#TPh@F^AQy=nd)e4@q`Vٞq+y<] ʎpm"lQkK$[R;IAwH9NM TJ@D^,9C?QxN]'qr]K^gKU]$c;N5;JP #x5װFˠ8e<՟P]J+bUrw3}^4-?yjd|M>B取]L'ީWKEXKaՂ Y}*KB9Ɓreg ҋԿbg q9i>EbO% gB\%^xL:Bz,PG. KkAL,zЭ(ynɑ[usܐc-K|C?t/72z20>bo%CZD^2?mV##Y˜~n_nȓv y8$H>2ۋpaCƎTyaɹʹ:-?fܱgnό}=NXEi.!Eou~?$K;А6߻KVg'>a$0>@lJn{s籆9[xTH|?ҰWNT2CU ߈"،Ѫ|zw84~ʃr\W]*Zk]#ވ躸sP?N S40I[We@K{ZtկhfLUE8TYʘ, Xk\h4> >>>> /Length 3421 /Filter /FlateDecode >> stream xuZI\0͜3#{}1dW-@bsxLv:o{_%]|<}WÚwY|w?uWk / yq5o<9f9x|a} eHȕZI~?:k.<׫O| ^Ѡk !}ݹhWTWO<%}=8uS>U[ޝϕTlxN0oe:Vz}@?P6nǭ ʵ8;̗i~y U|P,VoPVt4klB ն0}joG`gs(6"F[t 1׆PӳZ^zp.nhx:d_V#͐9GRjO{g2Sǐgns#1PZ^q8'L Oł"1:ihN:͞!j$tiT5 L0zQ/ng8eIAMnmWj W|tº]kuISIҴy1cD0Ѥ)iZZPB AbA)3#a6z1z)”pd,^]n/,tXR\tTR^v-ܮ;eEdBܔ(%W$*J IU-_+#`~V >ؕ 8L%iQ~G\g¢tJ+]l23|tMCgШ8y ,M \]s mw"FZ~qgpgL ;oB k̚۝*݉p/vrN?'T)WNog&;l'fqϵ}Q8uC{U3WU }Py~ iu5cISMHxV6ϳ?Єqo&&jO)ʡ( G:e.\hCn%e13y=+\}1-W0TDz^IW>3﷜OA_8-m⸽ Xjob%2swi`L{Z}/oa_C:?D_1)U7%%V~M$V%b"b'RfV1abʇfG5[\U]iTߙ75Q4%DZŐʀc݁^ ɦ@g.(v.+-נ.e${Kfb%5E@Kʑ%Tùk%e ut=kQ5JvntS8;"$ݽ~kNA4 %bi( ƪD§1ow X}0e"pz\v!XEUSUXz(K;նn|ng6NQB:sq ڸcW!pkG!.巨*a^sUVMti4ԿƧ#n6vb]3EI]]q `Plp݇7}A$k&6ݛ7VQ[6GybVqԪTE!*uԣ΄e?ѕ:ZRJ`Bu1cQfBePJ! W6E TUe]n%*Qj$+dKc+2K&+UFnk-"OZ^?4u:>~`]̡($#d en͔ a2bNyT8tUZG\mfq+Dg;"7~$gGX(zrTݗPդEfhPP}gm31eZܪYv`m3[mn숽n՞V=xRUjx!1sdQ0}mD{`ˇ }[,kGֻ-TIn$f c IR=T{j Avr[ng^Ɣ.$s!cE)`41a&Pt+ZSg'02t}5ۄOЁqNoDTGWK]4.)jF#FJKDz>})d~}AR̉(V M'Οv2cW.pe1JjxX&YY& lc`sVX"s|1/UݹDqZp{SS`v {ڙOg5Ћ}+D{ j{dp-K$ptD^^u]R*δ=ɤm}UfU}#zb#° }w!ORŌ-s"YE:5aI]w4VK3|U*ՙdUblCG}KM9pn~L@;y(;ͦ1I}E~J:K. , Cj^[D@\ .p$C4#yldSu<L ݧyf@/CRT2K 0}KQ/|fXh~/“BU=N*+QLJ_:?L ]c^$̆#&=g1qg]tʟ+;,]gEWc_TU'w3+=_aXKX6d /P舎Vhߕ'pw]\}ɻcxU}ɼ؍YB YG<+x4xK>e|ȴU]5&w/K]0zF򶱻^L>][t=zD_3ֆGZ~lލ׺F[nx-g} Lado[QI Wؒӵe:ߊZ]{hvv6v㢫wliv5,u528^ {`$Duߵm^ljmȖ4_o?z endstream endobj 199 0 obj << /Length 2913 /Filter /FlateDecode >> stream xڵYK8WԱ:…AGOg㝝Xw^lԠbG-=~% _ z2+wgO7^l.rnyt&T)wU^}u*[}D-іvWZ龺7]JW*w,(sC[y`]*}G*nk=+ÏWYHptg<3< f((>p0VnNǁ,EAHQjv8ZYHgMoADݝ?ќ8 ߇IXUxMu}B/wkk`ԍ[}KzoG~ٵNΖ?GP0Fv^sm ,#ƫ@}j,\Gd=[!TRM6*!VA @APUݳs1..F{KOl)J8kx(Nhhk'PYHnȲ€{k j*60v-6zۆ9$+t8TO?18NJ3:Py0f>Nіߧh1(9UGX!3kd=^B[F}c{Vxɝdolq-!^}B[> w =@Lks- o+i _( [6fғ ' ^n)!㭠<ӥɈO4n'n` 6j?irÁ>Olc?83xC!S럸 V++Q  :GFC4$l vm F~j+Z&VDT9 Hxij!e]gAFv:=B%7(1Dl ؅{a]RbN5(\mFe8t#d(1#{ coRVm">ێuCS@de9ځ{DM鎶/_'m` aݒ3tE_ADqsT|ρyU¹=oG{fww8AN#^|yФJX,ݐe-PQ!Asp8Kt)\@@60qhVC0u|$EMTĘPA p@#`ג4z GhY)q a;2рbvQb> -=5^,zWn8t8pW-=䮃Ęee34xann ][r1 ڕ`ԬO-_Ja4aozL|k& k =Csgۣ86҈XF'X.Ey «dA>ś#Dܜ@ .ʛBwч"0W~˕bWJD]$.13KFv[v0H ҵEs_ ﰑ;֑. fǿr 9 # U|axBu |Nq$ MWOkG\XO@trL$3#$#3QņCMழ1VؕPY_(`moHt endstream endobj 5 0 obj << /Type /ObjStm /N 100 /First 826 /Length 2227 /Filter /FlateDecode >> stream xZkSH_j+RSTH;0U``ye \Y-#MlVs}ʒfy8 LpdBYL ΄eR&S20əLfI,HϬ \L)M{`8cPFQ{#[ B03rvLx܌K{Ԙ/`TjX(dRq$TA1G"sL !G-KIF! j 0_"H`*U J@_]h9iFɞ)MqhGH; 6vPTH By$.G =E%Bo RJR)NHW"rqb%h[;I'06Ҟ4 ' w % )`)0 d.'*ᄰr/`2o`Q4T,:XM~s%Szj-zsZ>hi,g@|AXEGxZKףr#?tKX23*ڰV\gwN|Ui_[p6ܼYz{=\j%xhXEaQCs>h%2917!q4ȷx`ʹeN%%. ~9ײBϺW52Y$oNK,2ͮ$ۥOEN`ŎDtX睝^z0XҏF id/=&}1&եaC}1&D:˼g=T` &?(qjjF92z@dBU[^ײU]6umUY!H#Oh2&6^zDD^m8Ȏ>.횗0aB2Eeƶ~g˿qT]e^!/.28K?G4}>$\л";BaVDx ;?/1ey8Iwwv*tZ3q!3V\e.UMoa$&T'<Ȳ$mx -&JhHהaiUp7pO~ֆp@$?M5(Pgr 6q0n̒t 3nx}m 7PK~FBg['DL{䒰t>Je˒ ;OBo}5F$rL>I/ ;|z>y4 I0#}1=[>XOӎ+ 6A&ZkDA'|`Mf19h`6/AƦ6̊˃㒶"Q]H5*c W߶n7<6quF>AuqF> stream xڵr6]_GʤHg*Uv*cZy@ rò/pHcˊE4F *pvNpk9'*qnP~%N$~rr޹7{sL[Z C12CkMб[q42RcH?ew80ƽi.?xaQ1s9]_쀴8S]8qH]3^aX-o)hc? #r+1K/t /(XTX0Ny /Cg8Lb=X3]@7ۛjj-x^ 48Ruk0Mc wxP  \`9 BG!E2H&8E,Lϲә$M#fkc W5(0* \Eieb z_{.-͢,0hR6g//x^e)՝iM_4O`a駷ʣǰo-'VQ $- O'>r7,@T8X縺]-6qfc$q0j;N$S]4da߾(!%^Ųӝӕ 41=FB)*IS <XSIBl%OQB1Yv!&I(2rȘ0p8b".y+B,D!Am1:α%e?R1Giٙ=6D'DAx^ų=z7ջ'1Bd c/20W%d z],A;uq[Ϫ2.b2R#Ɗ u59-4 5PW$9ӑdo¬zVm #k.@֙x { إR? } UaUAI?P\N3U,dΖ`FʩW%{e Xa:)}uG6hM͆C횅(/\_Ly:<@qNhU;^Tʼn-p7\9!_M"E&7܎a -NcRrC߃DlQ4N! +մq ETB#y܃U>7XLQE205BOeB{Sp0[^]'MܞNc0f8 Kb?B;%MjTOHW\:2` e߳ f|.\/u(C<$+?3{?%/ۦT|H$J'`"Rt`+\@ԻۖKSQHb./a ]gHŹZ N}&}T"dn`̎Zǧ3t[k*~GuTJ;9["O8q0tuLT z7#s6?߫X;AȦG1ac_п9wde?Of;';q.~9M|ĸ݇`/@X#@1xA 28Nm6 ^2s[mxXu\.n~P1AlODYR}n'qdžVC,#}ўhdlTt_,B00~>ZCx2 [ɡcFơB6;zHʾ|mcoso?\By*3x_ 0_UX6rcbGo}&@ @5e-w C=n-yY|sEZ|m9 W?ʂu_Na,Zz!)C߹pt7n}q<}t.Ke_a<5<250:?O#ŃL!ZQ-{d_[8@LZ 4@TD1vja i: B5,~aBLdh֏6|3GSנ^n%@M|zYӧ݅C:CϑSfTg7z endstream endobj 225 0 obj << /Length 2685 /Filter /FlateDecode >> stream xڥv6zO`n3v83c@uC->em[&Jė&P@.3/Ξ.2+UM"ɜPI!L2&SK)M_ԇ?ԅMַ~{J\xH.˴ W:8edVΕK{-ùL~ 7ǖ> nnSan{& xRVe XLuޮPlf2͑CREV <sFݡO-rm<׻_":`W} WOaES]Ýo:J’8aWW "HY&nj[ L *%IzQӰ%cP}{*^ӆ9m۴5RTWnد2T4fN=lǎisUstI+> ,?| HiD+ T^aq g`\+ Maz lTt7Sׇ LJJ1&oއOm@t}Xm=1#H7RT. nAN0 Ox5 h'7.B=&vVl(Vw}okV6V7}‚]dzyooxZ_~ Zxϳ\}:*H]fE\LYlg?d ʙ/uLQ"ig|v4*sp%ަo~ݓe&\|P/ڑml㫃."Q NG^C<ο0"='CS .p&w-1'C!$~2U=EV0EW|%faGSw2:<#T t8F hRqEY ɊUWi"Hl2C#@٭ZF2 2Ƙݙ d?X7{//CcEfm&f*y('Vv_0BΥ-H¡ΤU9)7cZФ傭&wBͰ[fZ l&$:kV挺n$Yؕ8[&~!4vƮZ*aV54Z6K\#JEq HpK8Tx#~ ¤u9_48s3ɣԅwZPc>a hd}/7X=t qq[# 30`ilh;i:tHJx F AU iz" -6} yǃ4_p+5IÕa`<}J Y3Q< 2OOwt"u `L/XD= ,%yk1t *,ֻV/])+G[~zl>>WRA,,e:ZV`M=hS!p"I"F;m)HRi};@F| 3M*2^#&>:u|^O:"^6@| F%RaYpFM ܃~Q/܌sQjbuS7<25z_}EcB ) v? mAGYa -Kyl{4} b_|_b# :dVU@,0‚,V<49Ʀ' B)P뎗6U95^F81~\ ĭr"@<4Y57թ*ezTԣ<~!On@Æc-f.U´`i%|wjkގm2=5DUt (15_"vEd#V7PT?d pL~OrsshY V3Bs!r?4!-$c3m m40!G()qEz8[  8#GS"VX01G$$pߞ<,I$c奭ߞzSX3Q+6eh.!4?LX33ܞ?8-D0F>IC;Q${iLf8flͲ?0u endstream endobj 234 0 obj << /Length 3810 /Filter /FlateDecode >> stream xr_I_N`o">8vqb{< "c Rz89%"^H\VD0r)9t@\GOgS|ѯƑM)&B"Mtɪ]!M~yr ^> W>@u0g*t7C_ثͧCl7Tl64K.)g}3hWᲱÐ56Iɴ>dXCvk5y1MvIS<#x^{sJv^6DweV:4gyY1WU'QuLujP!LeJTo+&-W89-g})1e#Bzv χ'/:`&C6cLh?9p{DB3j͞U#*ّ[Z'oӅ6+-mB$ƝM V=X#G>Z _/HRXνpC^?9k/+WlPٛJtF3UB)EɯZtWQUnׄ9ڮQƐycϖZ-PAp2+y^(ŬLi}9;Nj~'շ߮.}=tAEޒmǜ&A+ F~~Ap²՟5⿪0Dxu^DN/k&і޽1GACoӨ֯[.6S+Ah5[[du;n^-P &_˽LcMbAd{9j@2'8& FS`"ke+qYH|C%|F?3  q>Ϟ~oDhV{^2 ݼdWZz·e9oUַ[DI:2@r}IɳQD\~p,`"(^ZY-W : w-s;h@N_KYP([EK8S(P s^˗'􏢚0VM29\,b<+m1gؼ^ySc>cy꼼*|ֱF4J7ט.b1Ϧ=p1Lf ӛ'[=Ɉ/g7 "NB@%*@ӇD|U @,(NOAk0PZ]IH2" eRG6## ",*!RKN ^O^GPPIpU%*uǙȒ:j<œ d G f\ɏ+'=<~1Wĵ4#~iУٷ~X(iI6-4rn9BI $ e{o SεKer5Yk\VЯqfQg|I.%8OZIA Y1'/w/@&9D/AhfT op4-miڧ$TJ!oVȘS6 #"v$A鸃 ZY,a-3/HU1vf˷}tlE-'eE~ NJITZ]IȘΧ#uj"~*NJA+n$i/xSSn* \C0Ֆ=yX̃~+v׎p\)|T\zn%)XҘCkDC,lBPU]k9ND܋^zQ۴+S'1ha,LCZBxQ *kC!p.8&SXiv4$k F*;ʜջ{нɎQx/qA (<9[tI_45=  @K6NYli1)eS^2ɇ2k kiZݪZczEv H?øk]PR-hWF4{ HN!kb⸵_VlₙE3Wu('#J#r&> NɩH*Y ,!M!&x̳eEu-!`6$Ȝf΢3ǡ(@+WmM2h;$C=p?ݝ9g(}EKTa5[q N)x܀g%L᧡9,yVr1&%eEߖGį3`HD@ u%#1E!T56G'BW3X`~˃!imi1B#H{P  FSt M5~A3e&]uXRCm7j֎ͱdWz2~boPM|`&V޽ }6MNqn E.Z T98="ݔ-@II?&)*lFca%@N3%U {8<[͗aںxs# 6,I@$ mNӅV3G^ʹd\ 1T0P[] }忴 '˱`> ?.v ,$q@ mo'!rL($% endstream endobj 272 0 obj << /Length 3285 /Filter /FlateDecode >> stream x˒ܶ`ĩaHY岝Vis}Z3 ɑϧ 5\Z*n4ȣ}ģqWT 4]$f9nX2Ki}%ʤ7-w+G+2i]J؝P"EJXLݥ.WMlkB @BLBcA+<::LP-ۥ(vrwf)q*R*hfyih,=@*!Z߷dsXZ໗ ̞OMH ̍0LL@Ivo!FR6ÛEFWBaa;אŘGi_hݴ*~@t(/eUzuLv[AAqD>vΒ6X0]+yAW`a)6.pE[Y58[zK[Qi(.rs!.VSP{#-AM[hsJr=Yo> q:n-&'h-y|{h7 pxPe3!ڃnp:D [sNiD|w E6V[.$ɀʵF;>}mJ-!3%@seOr"DgHht8'GK=3ُg(r ݝ k(_ʲG.y| Uaza Y1B' CVy1P;`9 ]:m{1@W`gQv׀مan"rA>FjW1y: 2'^/c vQ]>Al t*qG\ in ]s$&%mY Bd>v $-eӕK6N;QVyPbT^#1((Fzş_qa'?ſDه3{z2f, w:^0L`&\d.Ǩ'iM'L@E|pfL'>zˬ͞F4H&1<hޢ0R*\@e:jYG &0֎uBӟڷ7Ўx$"(SӳD]䠟q mPu o`1餤X*eMœa&Y,Zp*:Dw&QC9*' qL (8a;P V2H'kdaH1*. i2||_BB@zde8=ԕq~\Eۮj: >l'k}Ѭ j» ԶjNJIYEa.\=YHxj9Bh%>Rl=Zf,VܛV֗pKmO>=|CmJW!S1| wz8xO? L(բh ~LvZyyLgV*|Z7HZ4Y=o Gg2"= _%G0T'R{>5~݁H7?O;׹ \PxnOzkɡ]Rw@ʗ|(/2e'ç' =>a}U7޾<f!}m[k>~Eѯ{/]Węƾ1"H^ۂR}B>HPᙝŝ.Nna푺f_4XWq<%t񞊓w&xL?Qj(Byp%2|>*<M҄fw!`J 6QG*IQc>+Y4ӘQ)LD'[.#_ endstream endobj 278 0 obj << /Length 2109 /Filter /FlateDecode >> stream x]s}g5ߤ:Ӈ6nzI\;m$8ǒ7+Z'dB4 m>:W/|B(Ӝ:,j\UqR62|V`yN:+{f1ƐL館BE~/sV׿ygd{\2=0EfU(ʓ(k+˙#5Ξ#J FcQеK|$L-;OaÔ=S àKmr< b~/U4eO"tΨ HVYD1U Q:r(TٺJeq12X` (RmpÏ8(r:gti:[L4(htyVUEV]ԒAUe ZtDo,#bHhrXakgI7,u`X )@3<9 b6O!7r LY&юS$ l,%x1|% cpPeXh &,fò^!>E|xȇ&tMСn@q0+k%:=)1Q,±  +J΄PQ{m=Ւy#nj1k& 9|2V ^o$ d 0DW^|aA77yTfMuG䧕=^ {ٍ5NlPu/ohv` E?^|0Kz&alQN'p߉-:N  s9ž nvw5\t@ a^-"! Bu}cl*ԖyRIJ1W1@ugY|ZE PdYhWf}LʧKe<0A!LewF-j,RTѽi8j 5up K !^/'`B{v؋dM~C>.ip[VX"uL> zNw;uhj{BC\"~1"3f(\X n[* osLH42wpd}N򡱦nŚP~Q;yk"]d:QU뤚" z]ɡvureة]ɇ+S}:BB!YRh>Q;uhT8DqQ+dTRR#Yɟ[j 5yG$~IΈ$ 53jHxKGikxFߤFg?oa$}GkD1e+Ae֊Ӵ`NˮFm;- XAyKep`[#vxRS :ɤR)zTϦ:GgTlM=0_ʃ˃͊/< @IyRRGTtX2e*k9[ @ LerSڔ/E늄)|cJ>"Vn V[07LT0ӭz8`źۿ: jM)ժ&aD+tsj~DN+⹪*ZIPwI$Jb3Ps%Dɭ5uqPUƔ}T i;DZ~22%ު뾼+ҵ_Q68kQxhAegzD7~:*uh)F<:Ll> stream xYKo7W^(r^$#@uR8n ɕ@N-[h[@@;{$̆*( B ZA)6_k04ɭBXr*PH3^4jȊ i?`0^J P C#P1>!~x)`J 9*X)cA8(8䔊u 0'lL*6 AȄDKvp0Tu jAn0,0, W )Vs 6? MR䔆C8e-b 6@+` 2^ @W] ُ-xVh*uBЯ8o]V6* j`[|#ڪ6 ~Նmᇠ:KyKxqltxeWaZ7W5wbWX 2`3 ù]RΖfN璜mQZL]b&øle2}\}'ɓӗXN&ӷ!gJQEXBF{8L_/-Ul/sxlRܐ>}C)^Sb`ͧrnhASQLc$PbʴS5>>[.vSW0Ͽ$rlɏZ~ Cn-V\Slp>eXvbC\Gru|1;|s4jhx swh&bsh wHpE_\-a|y} k==Z-Op#0LͿd3fn152v[//WXFg˯aXmP%GX@4G_cs.Wssvȅ! JA"fECF9쟧D-)C '` %2y@/Ű{L_V{$XkDY՝|:|01q[i[Lp_ڸޤ 1dRj}` = j[wW nEl @bވ IO mm \,otxJKgc5іcv $h  CF[ln=T‹iF֨VI%7[L#f}FV`mV!'z7Qr'ʘeY{Whh, ~ɳ\_X^/}i||3D1Y3Rv' Ij$&ê`t;Z`ƹ6Cgu1UJM,׈ FviEimLψ(؂vD1(uZ[1etF>im,&`imE/P2fNlEQOdLNxRKnd{mAɛC^Ɂ*[ql?Y"#]~'gZNA-]zl{m[11-EAA~5z-cك,7x'f>KMU7ti?h=>sGhXoذ!NΌ9}1wIp[+׍R#Ԩ CE\ JtK|{>djV5^pB,`_: 9GI6I~۩ i~wiHRk2>J4괉ƬBb&B:-Hzmb;m:Gf/~m endstream endobj 337 0 obj << /Length 2377 /Filter /FlateDecode >> stream xZs6_5|̽$M5͍-1%d>o RLK$n^ ow`2`'G,?>zX$Dg6 fb.xpi1Ғ& L 7~nw`1KqLwl&=ZFA#+dts,5,QHiCwViU`RݻZ~tFz['Eak[(|kjE,] GCeKzC\)Ŝ˻nu4p WH;c+ݚ:c90vچ3 _iij`6=r&RH9״HbZvQr;ƱO> }rr)ҋ9*zɝTSFK4o`?91JVI]VX;ƭJRB'x&5xKP{AWHslY`yT/v#=fh~6}ymfcf\!xf-- ^\/x|԰! P!e!m7m\=ܠF^&}L2ap0kk ͐HP̷FpHX5]#q-W$$)ӻDl2mJ[e_0kCl&^swn/Zv{cLӯo(k3EFjeq^:ZKƚRmXAu5L!H]h!KXv< yx*z_PP񎊊TLxEP+?ע3S*xF *~RUTx$[/J6eMbN"}ZS/3xU롎^ExkLX7 l'!~>cxtJuOxon{ &ϰ2g/(f7zK:s _69x#1C<8<%9{ng/kk 3OqJ8~Ҳi +ϨogHσula oVܓ4GɪL*z.lD2L"v3L-Tu@Mp2sAJlYS|>Ǒ-K]ηmӪ!iR,&^A!N'#gC|0ڨp ׭g\Cn=RPIvGרNCoQ 'X>zOp~]ڀ?kQbL7f.&2r0FaHY-lL/`X~5Et).Ӭ|מk'>뙀W wqZTKq4Tf`^,E q]AHϖߗDWiY~z90<7< 9MK\B>YjZB0r-4= qYD"̪( /PSuZo[,?6[ӊ0*vJwSp2&a1X_ `UAqwBJ6'*Xq ~V`$a0$ C^U w`jpvyt|c+a>bˁ!}y6xug \bNXeWcޣ|vM #rUu;LoQz6 8Of;KGquW\<-LH'k4LcI?~rTz$GBj;!teqBOM endstream endobj 383 0 obj << /Length 2380 /Filter /FlateDecode >> stream xڵYKsWHUxs*Ij-%R!8~)r@h_7iowzE$1qI4偢1a< !Z3knnZ+=W{KNqNڢu/7nMwn_S; O0#J߾]u R0H>zv_!yZ|4Hʼ,~yehjUׯ{1S8ñھ-I,z 6G,!*u ᥻s{ +r;7#H'NKMt-Ku}Yls)%0P$aQ"UrѰb"`~jCnY9P =epKjuJʺJv _WSh; Ŧ@h 1<s8jl4.76n\X^*iMkarOJf7dP_`3<\U߷mWvsAk+3m ]I65:7S>Cc<.j}:Xs\~ | PM<": 3 ? $yw ?G~pH:PΩ`ޤ)@R9S Mkb]a~wĚy Wz"QZU|ۀMod7um wKwr0efM4sMtBpݧ#kѸ^ ǯ,tmpr ¶ Eb t  ݩz{EHGUXyqa4g,󾱶.li=B 1([ [H؃eXJ+X"1s Ԓ2œ4|nlxoqz!d;W?\n6`BXg`p Ɉ+ڡ8)f+]ʧ: !8Os8_<5Iawįl xma^tb&P4Ip:&&cJz)MWg' unmAy4~̉sv|^s8U&niѮvz5Q4i\xx4VDrp%IJc$%ʾkcXR4F]7fhs->^0%|n&1͊X%JvVO"Š3u%hWŃ ^2qdPF "Cb }a[>iWW}"8gaOGE=ǽÉ' N> stream xYr )tTWY"E)LN){O9[[ZԞ8O̬IlA>#ދ^DݕL,x7w*L#( ̼»߷6JF~t7?r]Tx}Eݾnw@pXm":[БM]=iiZ[ڧc_65q^/L'yU3lyYw 7.8yQo)VE';*U̵LahǍAo+z8n-$^oڲt[qqʪ waï9AHW\DD\z!`!'CxBpq9 Xɋ8K/š*ދD葕Vtnl*9mIbm W*"Fi䘺-wy;UyV'a,}Nftb/gaÏ@3zk4 .X׀E%* 5낌)7&MϞRpb+' l,&Kq`#غq8`8ùX@,bL!hY-<^U~횶p'8iV4 1 Z-^DtLE⥁ `oWjl=&+rn4{o.p,OíiˡpdX/q,H(4.J7c8i}(M? $s~SN0NŹ3S tW&fʺi.z?^,5.s{>WfԼĢ LCKGpf;O? <7#tZQ!Q#+BƢ6V|,5EAF8X,J@lbT8#Z - @hEGoCWH4I3cRPe(_}CN#&> stream xYKsWV ycRqyT*e^lHaE\鞞z!i0ϞonnWo޽*gy"v%f'L|uS>E}UGmISWlLD:];ZfQQgnx״}YW|vUO]O_?Omq-l[õb!Xn P wU*u8\hg].2^ ;Ghk==Ǿjje-p)}<hr?1$XGEm+ :UMrkaۖVh&8,WFL.9issrmD4wDan"Rnֱ74t/[^`$k7#|B5$kV*,-Jhk9N\4LAݗAM*(8$?p4r$I%fǧDM4# ^ٶa2I_9vM&ilWk8-7W&WїzLqtoҙnA8F >9Eq"NFYnh,N.KpkU 2=T5g\ Y,g'j3/-~ԩ.=O.v_u]UnM[ae%& mk):d*n'cjc6<:r%p}t`;Ʃc8`F(o'䪶(qLm,vy?:B*I~jjD=N~zge},Q,^MGיC+2jFqPK .!V~˺Kq% W;2b*$L-L0qQхF2%Ҝe5n^Nv/D9N)3ǸSu4o|. 4WnN,R^cXcyo>mzۗԴ[3p&gY>h$ґz_5%[D ] *,c?S|bCMGm>4ES l W6*Y3r,PNY.ϸj02fK&L@/vI͈іGxD!O:dF{9IBrsknAS~f /^6αvaT=2)L5@,@fzԍ <=jf,Q8sG;ѩE(N.8#1{'.B Mz+?u- C2˟4G.);>M;ՌFigy(\|K&Zݻ 5.@"agRVէ/|U h̙JAtxLbNí ףn)yJlU(U,G_&+>Ԡy~#gdHJp &|݇GWJ[)ó ϤdVwKJ'Dn诖.:V?xrʈ?f(I>2<|.o}%J1m+,aZl =3_Jh2 ǭLT P+/\)7)DqyMÂK훒ݖj'9BYR €w͜5 sgK􏏒Xkl )n==EnX2|6h-#4Oҧ 6vAOʟ/Ş寧 BTs>(|/%_2f6ONT>>>ɜj؉!YvPmm'¥-v:!0K Ӏ3_I7GuWQX|f7ؘj;u.ZGBr|0  ct_2L셜Vq((v hr{WO$̗{&'凗bOo/ͩ%y|ӷPn+d,q 76ƴ Lq]aт6Bli QApj"ZQni4H*x;\(`ubtCjX!G qK{}!_Bi%Pj.Xʌ1/6 endstream endobj 411 0 obj << /Length 2396 /Filter /FlateDecode >> stream xڽvБzo&nef,IOn`ؖH I"Ѳ~E*jzq}PL "9^̈́AYƁz9T2~.y6s_%܏5__}, XH)" Tji\o/U- T@"! ;qh%BV6vc 2#>[&{ Ǹm Ϟ. S'f6:Dy-4ź`D7nCi4z86 ڏ+^)!{G|vJ5ѧ )F= L'pXI} $pe\T w~ΧVoꚬx.X*^7jQƔf7"")<EZPRQ|!3@p2 >1),0 $4'hvK78CQ5v) Ðoo5Zչ=;K=טdI';䱾=]Qπ$:q)a F J/`e5 ( <'<d t*Ʀ[Si=8S<1uZ P*H$d@kLnc͔A2eQlU a|wbu˚Qe?WUy I*P}Sp8y}:\0YP޶<0m/fa Ňi6ڂWÑX1p\ 'L ī]/h'XNȹ9#0{;˝=F7XR|){(!!,?'$5兡OFgw\ RwۥO'azݮh}|gѠ>O@=.@ӅS]p\`_GMHCo8rR%bvΊnt evyiiacꡬա A<|%$l. pإ9t׮փ^f X0U=0Uf..y{,=L0v=q#Juo8t6P :Vtq;*(qKnꪬ͖j73'!B6©R6Bg #F;mN: D F8q@>0&QxV?a/ L҉P%,$`X"Ml.јԻJP:8`CY/5T q<D?l0(w>aXJՀp%,M҇C0vo*S;1` v3Lese35~j$H:Q2!?qbL|':l$z\ZЖc'I>~Q An)~jkadKtd>Bx{H ~Gf"4EBѢW79 endstream endobj 334 0 obj << /Type /ObjStm /N 100 /First 864 /Length 1684 /Filter /FlateDecode >> stream xY]o[7 }Bۋ,>@?vMŐ&n4ke{|.ERԑ"$3=R A(P6fkKb jrʃP6u9mh3P%TvX[CK. XzA%ATr-x)փ8(g ֠ +> q*l= CES5c Sf|eX18e q4bRJ&L[k=/F~fseiٸ+j9V~sAmxd V{iA+r?'kaڍvX l9u1 gᘫ-Waǟ[`goG;HwST,^8SLiX(*3GBrN vbe'rd'XQ"|[K.h3hSrFS>ch#-bHb;y"3ڤ:M#ʴ,oF;L/拣˓i7/Obxd9 4v l{ u#mummv}h[5b~z4]cx0L^O?.牽t95O=[Ng+qajz5^NKW]OO?csKF 57d~ޢ}Uľ&ו4jS.D%>pZcuKkó8GS`>hj N13$S9D17oHGS!.vΠ@U5\%vDKaNh*X⌶Z1Q. xK5v!0Lg8:yݶ m{(;䴜 >C ~Co,Ww=m `@ yV[UdU{aU 펕ӏ%Qp 46D MB+}ي 5C) yx?vQ mJC p6 f̴9 A6!pW:H9._HN.7i/kW endstream endobj 419 0 obj << /Length 2550 /Filter /FlateDecode >> stream xڵYKsWhF M󸻤r;LRY9^`hY@v_3Sݧ_;` VNVF:ZmWJ~UDX{Z' 4eޘ0 RYޗ/kyY_6ބq\'Xnjܢg⯁S';4xۦƱ?ҭ~+lSk;Yx}V;Ǥ rzcqnz}rvdiΏ]'#po]\P y1>VJ+VO?pc:e6*y{:tz\b^:ЉvXdF kBO<c[OL wt]pޡudW(MLӎ,}vk19@9@au\Z{M]Ѷ؞oRyj]ׁRuhRj J;_tԚD~qm4DA`71 ' (P`tFm*:;q0ubZq~\FQäA@fi;V0aeU87>gd`K-[ÖmϨo~wiDxw]5m*(ZV~au4DfƁ/׶GkӍ;907{U@,Ţ'O(=GI`ȎpqN=P<*xC<%c6 p-Fo*T(P%$*6qx?5A|4ZBPڰdqX,&AFN OFv;Zn`͸)!>0˙D~Zc aA -P b$jPnQhh*])%K'ç? D J70L6sXBl FY 2kl=?yjJC;̯Zk`ZF{'YRttGG 9&K)I"/0+7f9,؜LjQ;Yb,!*|*6Zk!%KED^ VԘbՆu&-Gг22xho`zedHDcJ]dz9 bB'4,Vfj^ 2bhXԉ!s[ @| !b8xw8I,1,y`Q˾Á"o: K9/,]sdnRUv +bmyi8:@W7pec7dM' yRi(h ^ bdžgw:l/i?9ӌƃF^"HȨ96쁱j41 v2f\)0BJR(A=F2K#:\R͌N:W}n&>ɒI")w#띛gϿ͆(MrQoӡC^si"Nz[%[lF~m1h`\/'&BgkLk̯@93*/Kyw $Xb?`c % ]`U x dJS+FPZ}g=!7,V'ɹԛH] RE &hAp! IJJj֤@C 7CqP? i~x.}|"oiϲC]/ko9 Pc34:52&;mM҇7Ճ}%ϯ&ޑ.RDŽ+浍=<ScڵxRJ)xކp :X!# u~ cb_DP3ƔU̖$j{2vp*T5<+s~l[7!=suNݶ~# 7 7@ 0kH,zi%jaxFaυ,0A;s(; M xAt ߊ&0#`S3&29Fd > stream xڍYK6 W(Ϭ]6lOiĵؒFwŋh79A" npP~{m\n}~ M(6wC0Rˠv&Ipw]|#5hUq\F3uze42ZZeZ&fw'"IݧյyQ~>gE*Xe0#<0J8L8dVai5a^۹tiw L Y[=+[BGk'ӪmAiv`GLt[.chڨgݢ2fjΪ'gDvPL$zq=:tVm2 &cqEXL>4:;ެ]nczDIQ0 R0*oleV-/) }-=1{48M cLq/˒H`( ۋ,݇,B?'h%32Y6{ٯM6i莀.\9j͡Rz HȑgI9|W"['(WA`1u}7k cw95?[=(ů.ikYSoà$K5+߽-JUx_?uGU-g(h Yh,*Ƈ!L!N=xʁ ^4nMGr( u 7kG¥%,W>tiȷ6ݙGJ62pg쏃q6 &pmݚ f4hf )8@8 Бd,F7Aa?/CP5\~C)ݤ;G FD{gmVz{Fm/=;9'}>2[xTw?Y*w|WYUфN,u#K X/r?bo;E?rT9mHʪ N&FJG_Xt"$ [ ayGY-? QVR6T(r̺Qt oןك=:']pl-({TS%aF3pOZ+BWV& ɳi'O ^kw"q_b፛6Lh׷ tXKavΜvk*_$TF! KW#Sp@"AtLa$[y|cDqx\w/$\P8.(hMim3 'S h8R׍Z*[Sv~JtaoE "X)sWt/,\zK8@0uR!`.!3c|pU~< s_"ʗy[G*J2HѡGh%"W{W^*lctӪ9q~JpTVшRX'gqHp7cBC53áϘH)3ZH!pC׷#V.ؾdT>jS™gV %Nmg| ߞR} 李XhdK3$:)8]s M)|YD^kqKўE%;Y҆r82P'GE8Wwv3*_fѝG6\S,ٗE}L:tL]53g JEwҳw;ioTg^|'Sy 1`ީpReB>P 8!7쫧j#ZCIX8S cZC4z:vhp78fA+_yWaKedE\S:A֣ˬR.H5 u:C{ETP.=GW\, 0_١K.q<^o|V?w3aIX6RrrH"'Zjf3{CR[S *>t-NCEr]ٍ85p8v 2Ͻ F?z0] h2ַqެjkN6m<ߗb _^< endstream endobj 432 0 obj << /Length 2100 /Filter /FlateDecode >> stream xڽXY~_GJ0ɇlGIɮ+%@OtЈ$~!OFы"~pJ=!=@%{vJSݧ?}/S/ X/*eNrXC>ofƸu2x&ýS@ <D&*݃DďUVb#&XwH~>ǁ@߱kJhOI|AF|f ùD]-b9aM'>2qO0`H}I쵩΀kޠ0Ut P%WW6$؁ȘIX3Qnmc>+*<4HK6 h`o o\w"؊4WhdV m*diP[>u2>l1 6 qǩK$k(R>>vXǶ!Z:t&Ud+oN`P|`xy_a\=Ǽ4$ֆpfRg`Swa>FG^buvhZg0=k7L ,3o1lP3k ~"9D#xWVqQĨ^_x9C )Xd:-s<fpAâ| Qd`!a**: jaʾ!YHdP\OjTt4Z8-*eXt &ePO_=[XQa2Ǒ-& #ȰLh{7cnSOԫwd],m*ap:vx̏bBTeZ|ſwñkewfNV DBM7%7D:U4a0 6sPpA[2nXYf uw|2.B>\F OQ2*fvgUekC:!,ZI+B 5uY%9 MFM/,3j>W+B0qT!43t0<*(&5|0'FD~sb< #n:/;%}#A /"*b* Iby@3w{d2U9:ud:Fbh9dv" ex?:(l^'lLYEvNˆ o̘(C+ MrnS+%GߚF8.% < OB=%J(avZXsO JP`s8`yzolA<+MX 恻hH$E* c?2V'0I_9G endstream endobj 452 0 obj << /Length 2504 /Filter /FlateDecode >> stream xڵr8aA0{r'&FM;ĭg'x7y|ՄǕE<8k0q_uG3 w]~Q_Qj2E)ůє++O4%ʿ9|mo'K㾡')hXUU,LH㋅v/;֏\|yM_FEkp1RWT,k Seg;Ghz ʺhhrm4OyY_SUx̫Y՚+Q T{[@| =󢸣ـ+񚞎xʐ&i^4w]h ,ףwRU(9t׭j3]˪Zw=Pt ]yv< Őm,?98za:8Xat4[bOM?\#Urp$"Dt&Q(p8dʞcı8Dp 43id{]z5@t λP#Lp398JDe:}m]?xEl~?>/b?[0Ƽ os]أb[ 8N%~@͏ /\,qHnXъ>0"C^g&WQ</d/C߲TgyF6#O 8XäzpX%3;f4uhȳȳ|@Yhsl9Z>3$0[(́c$ҀC;J dxwIg~O򄛼=ULe;`:Do?e#z$:gq?AM1H$=)SmME'c MEmo K[cڏWT A$V)DMEh=Lh=xَfr+UҰҬB1 /eis&~;|uX(G)>M[X cmz; }\XjIԝ[H׮N4#l5ʞR &']Q;u,GjµLP %:s q:荘>6|; 9O%펜wz_o/io@p\䠛g4eQBO(BN=( B~sഺi@%pU3gߋu{H2x"ˌ;߲x 8@NQk ;}' AZhz9w--.l`(BM[ (#ȼNf`\gԠ2&tNغ~*fz˩H5-!tO!`bMS} 8ʹ{ z4{})h"XO"UgNN<| OemJ.xnÙ*G2 H1ZPII*鿷T>.Q w>w*/t&" eB*H,90+2uHАyqr( yIӇLfrL,;E!dC&6za `t5:_PW9 bnw _"ʢ..aBlvlHQ26{e[dIG y2 v*5̨l]i#I|N YsjBIgH AQT!).Žb-7J5p>*=ػSfGSο0<!*)V,@HG*Uzq{5ԾRTejdq婢9C$z vѧn&9Q3R_ra ^jXc:+\k]-+׻BD endstream endobj 470 0 obj << /Length 3356 /Filter /FlateDecode >> stream x[KsFWHV0 =mj㔳I\kO A@_AIS|3ӏ{0pBK̔ (ҳۙ6HB=sa(ή׳sR:ʢKy^C[+n#TJncW 4@ZK u˅JB[mhu\ߌ~|7ұ =WV ͪs-J)~p۴QR]!o>,"WQf7tk.iYpVvg,PӇ[x̋hX=w&XsSVɸXuFo2bM?Vki /zPT^ PO3mFgu+Ǧ!0¡ b׾\s U~]=O=QGMS~ RօV647fdr)Qh;XÅ^Ca*QZ@p~VJO{ݾ9rM&1 P ~ڷ{v)c = iebl-A53SCѷ_G+AX+9#Ìm`G:IaOV<x0iX`aSrMFI‚_a=%C=h `wڂA ,6jPbE1BͲj)wr%|14}67Ȁ}\{΍LD`cb=k8TݡwlD`AKrjm&J4S#5yowA`?0I:+i5 |Mlś_PXQWy9%T6.;͢R4ǛiVQ;$KkgQ@gȒ+9t .ߠ&uH˜)tNTiDnt*Dz+{!=;$H@ 2C8:ʉnJSiI#zK }(VB]8Pi=B7k` ' @kXZe]͢qmxBۺl.'Ўi={n-n}C@UQx$&Cu}㚶',v2mjO ^Aߟ~J&™uD vWnvg& Bp u>O)̍c]8[C'4+Н g zhG!:'.GoΊ 8 H+X[ >@|c ;#dff`O3XISv]?>#* \f<tBa2@ɧebO 87/S<_;: 0@G1 u dDv@A>R)mC TH!X|T@KNehc>}.fx}PјjP.PL0 F6"kcP).%SxԽ},\]b?8Fe7si`cx'?!ta3NH\Ibt_ J4_Po,Vwjw礞Mts??~IO2;#U@3!DFsO~B1|Ɖ|5z~N B GrC_m^Sx`rA>|y`rvSn|=D_eF:0˃IIE*yE7]sԮQX!>L_EB 8$9$ *GC??߄Ar@8*16݇p3_,ć^YH ?f3;\Q]aB`(G 㿥S蹢P~g\:&~m^C%Am]n9^؍oP*qao3p8U~op +c+moYej.Q pdIO a ߩTv댍θ_|DfKY@q¹H )ؔj_MOQʵTYN;_ԳFj⻭$&n;+NA5 &%OH1]5֭Z7]OxXwЁ'=Kּ')ja4o ōb{$Xf4,RndHԀi]kV"pd<P7J%mDJ)^y4!FPr%ndm؁ 9@J#_ q ozaUض`SFY?(+7r$kF pc?ʹOܱ;dOj}_<S$I L%p.8yi.ƄIGs,BhK f7q`6&P9;Ҧ;)#S&bgPh3L@ D52ah0uOZ& 9ccl@K'o彤^T(UCLa# LY-}BE?HϹi1t*> stream xYKWTՊ |q8$o #K In"9x!F/Jm7j7>&XǛM`2? Mb?~w{>$j0yw[ǧr-}O`xvgLuN-ʼΩa tU^[LK/gm.Җ$ (rۢ}>eBmǶ9gGB 15hĩ9PL<INj|7.pA`Tҋ\LǶmq.ŧ.PWϠ8\dvpg.,seѸr]߂%sZuFɞt2_0상ds<`q;w]*$yt{ -|;=weȦV5"MA;EK% m¡q{y}Z4ʭ"2*']ӱpnzuq^K>'k܉leMn'd 6(U)7.`[qMxdf콀Z" )Pc'7h8/OtC -fn.J8 կĘ@ i^L%qɚU<_ st”za(rjܪ~1%Enr!2ܑ 14̼_Vf~!} Cgve+tɸ`/%nm*[:4K+?v/RZC,H&BE.<(?YubFkҷ׏։xA<9jtL"}? h8!i8s% 7(J_E3U%eKJs (>S vl(SH(6z#c%O^S(Ƃ|=p:6ўrK*n FTH35JN0iMkPJMc4 8SԷm'pĹ7*@:zK1#'i\Y43.YU?? endstream endobj 495 0 obj << /Length 2684 /Filter /FlateDecode >> stream x\r+FhLUzfRĻ^%VG8\LJ*Z"C܃!=f8rbFFJ?dqH~}Nr= )*3TgRH’Vbڵ^1Ram}~DŽ틲E1$Fw>D?!i pGH?]ZXv ]O/W`DT&P3곋|[O,h=j VAXPl7lsmMkQHW dZh#(ν#5R V`aG:#%iiǠ w?Dؑ&`vЌp3̑F(d F(d#MdHvcH|#MaH㻞#HcN*/"XzR`s 12z20N[FEKFd3e]) 6 -fT:"CF1)pF(&P>&>J!ɠ&F!CHB&4I)MK)(;"$Ч4-/4z `J3#4JK9@*hyd~voOˇ D\Q" rĔ[T( bX~FhF*˳salY|AAzCNN -% F Ls0ƅ Tqi 'G H#N&AŰ3Bb>&F)#Ά:1F=D8LAap6( ěcy p9#o~ ^QBR`).7rPD;Vcx`˰IW[3P@m5IQ?[۸]G$J9ń^Q.ڪ] .Y9hO#mТC|ՁY%16mWHh+g>;G6[Iul1kEZuMm@PLуnBѿ[D0ukJ;%йS"XAqn)F0SLdj[WWc}et-(wbVs!{ Gp;@lR(d MJkvѵD2טe`iq{smآ@ U*Cq_AS3`DߙHJU`/C$]orgzQ#)^j3E9&#cW`tP $:O`\P$R_FMŞ{ Uvi 21cD.ȇLUhkW ˬQ68L 6Y5 ez̦.c G )|bpD|2D B~! ;"lSxAM6(_؀{"lBՒuIa?#%OԘ-K$zBkײ4t&АQ_QCbWVfJW玷Ʈw  q)vp(D? M1'HqH uwy8b1%J\HJ0HHg9.aBRXm\R-&qO7='L7ynwy!Z/#~]>vvu:\LQ ,žt|5?&|\n #wwiy9u Z]}  բٺ |K{&'N]OȑaqOiU7,L퐫XZ?"7Hcs2/]f;%x{ڮx] 'zJjgQMjt[z5yYBe|ߑrGAOʱ۔@ @m@JXdu?.wKEw׶8nR.Ղ|-KNT ֢2A`6[rww_VpﲭcOy}Oi- endstream endobj 503 0 obj << /Length 2529 /Filter /FlateDecode >> stream xڵYKϯБ@`no5HHv2@5[\FD'Z=?n"ۛ7Y fI"Wqh"J# n]"ZoIYFICk%+YvOǡjngjlz@XwҬ0Rj#L646J7iu&x=KwK;ݓ04EI9;ZKUxnxguOS?8I;a>׮/"4\álpف=`{C-c؜?n: `TitcڴMbvA6B0S^R 4̂v:C$ -< `j(}#q,f;Z;W/">MŠr"VimGtzus2|eEՕ% 7yMͭCc5에H8VvS]&ҙ7h':xc!l7۞e:gGe|Ss5O?,@#d m|۔d۩W{c1vރc4HxIJd87T022  =u:hJz.šj~.:}Om%;r"<;F7;7vt%td6dswp$}0aQ=;i8ӠΆ]qKP޾҉Vp 1R{ cP4,95 rN+iYK/g%83Z QzJByfd7@oܞjX+*+v {4H3sX:CT='m=4Д꭪|8OP5yOd'n& +xBH%=JPܓwm6SpҖ< 9(!?+Oq4&͒,H)خs ::!RhWB/ 9}YzdȀQ[1r-on'rnD |T'8E&g&"G29bqM YR/ Dl9m PS?/R*x~K\Es!j)hhhQ*TLvȾFB5{xc)xA/K;Rb38@i|,1R[E:ꑆV*_/{Rie޷Mo<gxuՌ y3oW4}R"&7] mw6'k:q<OIptbskQdݝ-wBY ZLPJ>3, 7,k@1L;BR S]H10(ZɅ~j؈-7"B^b^MDs^p6 /5A(BaQ&UT[AqLYxuvRi:-Ԋ$Wx*,}YsP2 p|{8r|sV #i#ve*[pYs82]D)1Xx nAEqhHuabH>N3tmNբql*-U6P2~.Q`6@lgyY/Mpa,D~ ϣ >/Udw\bӣОЕ&-G6"ZҏR8/%GzXxܗd@62?~QяvHQw: |O@B5QEQD+9*XEAgI#lBhroWȔ6E9.%J 9$~}!޶W6(M|[0F- EpK7pC!L @ffu8  \bH gz+I)0RRׅOAQ Q',lH endstream endobj 516 0 obj << /Length 1543 /Filter /FlateDecode >> stream xڝXKs8 W(ϬT1i&i;K-16z$'u(˶vGӓE$>>@g=}g/9;[=׷"۝v`9n<[m^h󟫏f&gnV93 0W Vz/b8,ndtY":M2iuU%}-"M39D')M6l: +@'28fyFȲ2yu!1tsIscw/z?'gTC?rH{pxlWNhF ́iVnد]BZ{8 #b\/Y:э,?4ħ.P9aCf Q2C&k24zhВTfuMuFG82-Lw {o1 0 Q &:bE7-dxq@ =x@Pi?8M|NnLg8iafCwr2(hJgV)N'g>(Ln+8#:&K{y_wOcYNGv_狅!IՌzn yv Bhi(Eus =6Fq频hi־F?Nd%^ N9WW(icC̏HuH V@{A /`Y|Ķ P8dFI󶥱^V&1v010ܡ˟xSh..wvvڳˡu̟MRwi [}N4Q>Q 1% m4JFrOƔ&Yi|&0 MuXw):[֪,HT4Ql(sSN3C-ԍXEqmX`*7~-KI.]Lnl۱./A5;F[sk*MU%nWg|L[YF@!%5 {_gUP̺|Z.::o;}*6.+:5FִUb򑫟oR' sywc/,`ݎA&` @y 3}.Q=׼N{aE#G)זDOϱMDQ16|5n{M550M)꩕Z0޴HDOOwW,S޴vƻ+]Vg!Қngq"ed~ZQ %e_38^܀wO.o”ԅG/Uc,BPk(6,e;z&x?!|ACr]C:uV] u@ endstream endobj 413 0 obj << /Type /ObjStm /N 100 /First 883 /Length 2330 /Filter /FlateDecode >> stream xZ[o~ׯcBxzh <]qXW21~g4X/#k-`s9$9΍& )hʁ-YCNjY3޶ MZM3%BJ⾢m%J1 TxFzPrD)0 +.*f ,/$&Ax `ILḍ5 X$_ł37%H *AuPzUpë*$!{`;5 &4AY`X$Q?AL$O:lZ@{BAeKnR̵aRBIRC!'0M kVﮆ W/8U{8 )O W*Hc9\--Lѡ4 (V @4*ֱ1HU ;q{*Wk kf `4VEV1>܈ KjJ0RC5z5r媛Oow_/߯_?<7l hm6s b(V!:za*߄?\\v/ww< ֛RZKRCr֗ݗ`(X SoAԋ#qO)oQs7|' :yIlc/cEUO#?VEm]X/oo; Oɦd:MHL3c0|& 3 B:-alpHG@ ;rԑA?8ad@AoQ#*աa<a䁟@9&9VnQ7= !ϏGX;i'Ur'R3umIm ] VmNmGHB') e"YKpr>r lF Ţ&Xi/D!!L[_P1nL { רD= qܰ$?IZ_A/S ϕƒ >5X~"@ M~wZͣn ֜i6 endstream endobj 542 0 obj << /Length 3178 /Filter /FlateDecode >> stream xڝYYoH~_!`Df7َq'3@f`ȖEjyjɒL샠>:*r'*'B@rrX$!2瓯02N__`$*&5:_oG+&_gǟnb: #}fvƉW7|;3Y+*KLg8Lm$d\ R'bomE7^~cYqd&fǓYT>k]k~g u-\tQd)LMG,QB஻;fLRB#`J9<(Tt#5j z,n{}|pxOƑ1ݪjYzEE˭p1B%Y"bν;iLx-J%һڮne8bEa3Q}D6W>]VڑglG^Z厬^o~ ~.LU4SU< PigZZ/ܾ\̪zg7 @ոR5NWW/Y[fnbuMʍS53ҫ[̖R01ufzP-,ߛE?ܓuOTƽ)H#q;- o/z_-b`CUI"? ):hXvA6Dκu%1i脖olemXU6;5HҢh6mGGViE%ܡQn%ؽ[nl4Lل,3ll.'+T܊C#.ύ9FFMuH4*^KKpaJbl=]\4֘(h2kߦ БP5ҬC4OhFIe4LZlWvfʁ & Pw&#cѭe{_y);MP$b$Ddz -_M<$\GuI1Ѓs2-,zL[  S*.-!*莍`BHU#aUR 9ak 0 [ÀP oȲӼ1+y ] =`;Ŷ=0vi,Ex m4x}`&n~O[x-|ulmʿ d3թMYϽ9Ε)LcnLٚg Iv 2pz_VVK]J)DN`~ʹe(9LK^Q \1uV$ ݎCVBrXCv]L`GrYYmPӹ2}Ldo]unmDAfZoc$;mB0b$y*c.v$ITIdDIیlX=bF(ڕ?XXӘ(97kL@E~ʕ{jg{"¡TƔ>X]UÉ:ey;{QAYYTf{ƘhERa R:[ĂINTx2 xcar[SoKZشhېFxU*cY ;\ҹx"PSKhl{QBAٝДCeN?*s4q7c֨(qߙ 4h>E!/3+`LmQ&v{.q71}wˡHu݆$L[7DxK y*gTAqF,?DɃOP\X"9X_dn4$4Wtgo I|3prZA(G4ױ}:R{ȿ:C=ΰttV,$O#eJƓ b> stream xVMs0Wh`Ue[aZJ|6Rz0$V׳l 3=@f2J{+"̀tϣ$R, cAH)hX؄QLb>SUF, 1v^O Q 22KP1\]T)"8ZP St11$)K[@18 9p"ˆ2BQS*y36/2E*cR<Sa0bNFX~5ȚCwp 6B&B:mYZS,=Ņn[H/9*|7N{g $`IDqND7ByNg_Z;ֆ L`dݿk(n-$Y{*v>`Y0$q) VۦLJ.pq΃K?]B&Hf@np^M!%lRg?VX zaVFɭJ"- jl-F *D4{~2zxGܖ Gy%+\ ~5ruf[w>SjbjXWZU4=pem^_%'I#zu5Օ wcS<̽i]sK鉳Wں,[]}rq,po}l$i" 4|p[N7:9e endstream endobj 584 0 obj << /Length1 2429 /Length2 20514 /Length3 0 /Length 21909 /Filter /FlateDecode >> stream xڌP\րݽq  Xp%@p ܹg'ޢos̵TYA( Sfa03123SR[+Z;:a!4qM@ Yw; _CG^9@ tstvrW-?{@ hhfbPs4yO~+77'^&&OOOF{WFGKAZz@ tjhb5FxJ 5G 7O $6:\́.Pv<@ `ad7?v%Pgtr8ehb7031t ?X;2Z#_a@cp0s:U 4woda`nWNL@l@"2Kt̬J/1_'G' psq_ga[L𿣃@t.^=fh爙tedJQQG//'}8&񇯌#rAso?A ^t}ff3u-+ߊ$Gobomhs@@t+hgu2n& `i]%nfVr.PG @pT@ߔf2V xÃD_u4zgLn 9 _'`K7qDI7qI_b0I&ob0I&6ob0&P-r Toբ@(&P-J7ʮ@~(oeM욿 ]7kK< oLh.&f@ __鯅`2A"輙 7-ֿBXeGtտ$AI h#s\@=WŀG j sCagGG r sbֿ\8@殠@ݸڙZw & u(A@Ь|~t;ꬮxxD7STdq}Kcs"Bf4q]B20(s=2]4&T$aR_ɇJ ^ȉԒwwit% `lufp>?c0N[#_RTžSPrm(c,c +v_CQ2Un8H>?})Jk D5؞tc}eKnJ/Ê#|Z=(ÐiФ^{l5`,<JOyKtegM_m@*K_$HfI=}#ؘbT 8. Y +/h g۫b>IP6CB9_3IFd. ǤhHRG\A6jOEnu&_b- #jW眐 YENA6ɧ!O>;.II$QG05b~BVw3c1ܼ v0Be<+ FtKr;j]ͥi\'yfDM6 Q?-ō$R|ci{@?Ha>:%6Q0D,cF>BjF0I6~*l0[]b(T|*zdyej-YXYbag.D`G󤂨b/a4 o ^Me-ԡ O߸@%:4ykρٔ磽A/c"} N|QbNh&ş7嫷qo6}بK&S9C/XVEuQBIld\+T7jK>oTf|kx(1wkV_:8Hl$ Ì%t ^c?Ώ_]ǓB3T;}اPj@kA䦻BǑP򍃬]g5JMxx\L=}ēΎܡl2/;+rȊuw=%̓E!sD :8zMמ^cW ,VyD]~uy8#PaǍXB*L`I6v8C 7v8x=U{^[T0L c^!SIsl]36$)⟈fveM>jb搵򱥜PٟFI!V & Y@w&A,@sS opI~i3ikEsojϕ(ʇ O`Bkd˅0W%XI,5:աW̙\ݺ^k.]PN^ %xWbJepaGtuPeyٲ(K#C'2=$~n6\l [>š{B{ʢւW;E'"VM_7PHAd@ӽ TW(ai{dF8pgX́y?ӠܽYxX)4VbMny)]1efFaU׬m7>O6 b؉BJ#zfQ~n新$O2|fZ?-͍#0îFp?]p|]cM >ގ S;秧yV#X&#<ۥ ꫕7鶭Wp{uAU8Z2?3P~BN4)WEBif7A]W&Km0ʭ q~~!r. 0qr1 ۵U^  א>~.ڔc424PVSPn M K*g0|Ն?9v-镻K.ڶrr5^ Z#Dh B볲 jD%;)g50DAt5$^lrԛ+MN|t ><غ-zߙLMT/O๠wO3F6]רɫ/"tD 3 YA辴($!W4|ǯٜX9fA?ҢF ӑ&j,/'ွ^Iw$WCk2ã0Ɛ8-Ձ$vzrH*8Y2!6#ӞT|!X/yTG~L'Uh>b K.Y.wb;mK!1?>xG3zM/R}(M_ԗŏp!~Ƒ$@[/$d^0~:!VE4fZ~(1ʽշ$.N%ahqKцn-ۜL<@ƒ$eU I1%h-y <<S3/\DeP3iYڶ v0t҇W9ڷ:ō\vHt"k!D?mPO/?Zr ދԲ)ya%K~nH{+}69#[1:FW|s3/q/:YDO+)s)SbtSakPU3eTUYvo}8^zoI:T t:/\lt.X p_\! 7|,"ѥ*_5HnAoQ\*#5b;T6:fþfZ_e,ɦ)8uZV5reO~K`_C|D^a!ulҌ%Cm|(85cX5I3ֆHx gdkbc=-vGe~?VP8p-v {GW: r6%WfN =lM6-(Sy/(| {{ +nyG}<Ӿ xgiϮ`We-?niE$'F1R!uuGPkmR[kىD4XhtWƷ :;XUgͲRnr 2fA[0LćҒ 8y,d ( /^h }4]UeBnxؖ sE "F4!xt5jÛH4\/Sg#pN9:Mxb*9z K#X#/aQ_g}K%Y%HH%.8/gY&4*8zԈ15\/ɛVFϛo/V-Ke ~TG|6f^.+r%jr'sK| Q@pkL8^|,P u2U|{7L).rgdZӹA8@_~_yyQ5Dz4|VM/LťO)8)QeMeep沜M2ĒRas-Y7x_v݉{VA,|Qѧ3]e npAXk{'oȅʺ.dyfXgM U Rol֣ɔ_.~gRmi;$yqRm8Ja"|@Kb9i0#Rh`E N,~[X(,C u;WV*J$@ڌC)~B. kK;'tW* GFA"?YzK|9eQhpm&:=-&`UUϠg?)=c/gT5뛦8y<[LKH^lZCadw7O ]pF;`YzQYE [Pf(U.82ClhX&d<iFw<$/5JNJJN|q/غ v`E{K=.9UKW #}h^FAYl < 8G{C-eD&°C`ץL&ϴT# OA!RjI4t$ dRtP je7S~+={q8}GNbJᑰ)_~nȥ#kl*n2DyZ)Ϲc_sb޾%ړ2LU~Q,@q!^0zEk9wx"Fm۱ !Z@_&cs!3 e]b}Kx뾀ÃT8_=/1ieϴCxDucH~]tٮon H8û9!X28F3ģɌW~<'就Fե4 rjE7Gcix"0-(lb`vOH<g[mnWܰ4tN\󓶙&X<,8xo< \-'?*7qH\M l˟$+e(?_յB=1{(c`A:5(ݜ;<5L43>v=R93۽CuXLrqFcLOKL'(X~*6Vqh=+pA2ze%fDNPT@XX80B],͘A8F^7a}є?JLb7~ʹ<UW"T_$@7j_[IGyv7yJ%-(nM̬mWJt#փm.GA w8>dbٽKۇzfJFbrS %ˁqMg} el?KQ/K(~ 0g'OEdP SNn6;֐'kG߹z =8' 齾'xZ /aMƎٳz_k 7ՓG̓>fUJmQ28S&XrG%6mxzy-(TpaD4/i0 "WX%8F*]&1I(a>KZ(2ًwN2dR'}ݥ ^CL,X|ԁr\TUvRh80E韛^ ]xґ;?˕ yFUI߲/>~#kuG)7fHBk)zI'= 68z/AzB`r|3Jl W%CiX {.h&{7ب~ALm/iN킇C& U<2w$T3t!t?ڟ9JҊ͎U3{~f|Xlú˗QוNy{Pvp4~Tl+ D'. % _D]{#<\bkFM?<E/ "qLDdQtԍvsY-yV/cL T)a^ό'qѰ^hFuD $RN!t.In)uzہz|2LJCiDN/H[K)/?ºOCNf[z#(, ꝩ c؃MmR\ێf uKI_,2KR*Em~ "Qs{\<=1"f,V\#Ŵ-'r^ D Q3g<5I\$G@Z?d\Bx9# C!b/\$RzR ͘񫩒Sy1F*#v. ׅa[RrI}H8N<"IsCy4PG'a\}E.0E5WKmۣۻdS+|U׫'W&옕 b=lɯygRZvR&*Bpp䧢c;Mض`[ԯ0/D|ոR+>_2'M=d __ށJKJ>uj,o;ָ1N<%Bn/Gq]nq̓un u{*4u?M̈3yHXI:̮ .t9b$e=}T#o^"B12M4%[3`#\USx=Y:u`FذWHwF'Z4@& @{Q0M}E FSoNd@鞉~jP.Y.K" qHjHtM$H}^d]n쉳x k nRɼT*\U!-rSsBCA^SAK۔V/3:E?$J~JN9w"} ǨSIJ͚`^Buw+ǞLRoGJ( ,:Ydj] Wshap Y}} ^a#\'-b>va9gQ5F_6f]AY" D0*j9|Q8eBZ(yOH?l>Q_;Kj8ۏmGa+&>W)Ʋs?^>*m  NPD.UG='Kⷄix ': T?|=W&St.[nJ17XX~@eq84@ױK\'eP5d}@Ddd7Ơv_YCa߲DjfA9<w2g+4<{po`ٮz- RVQvu'y$+FoC>1V8^JĈm]Ͼa> 2knPs7'skMŵ) 3̻a+AC36g*;mg}_C{q/(4֪T)Hg.Ő+nOsL 蠵e:ghͬݘ)4dѸJL{#mFZ]rf6x0Vqu6Ё"<ˆn !ˤiD] lfHeZ_qϺKgq˺ֺ:^i{a5Ճ8G+;JWĵC*<6 F'CW.fǜ,+ȅृqş{թRNj,eU~MS==YW~%olpcV%cuYͽ‹z<0aE-gmxۧIj5~o )UDEmtCG&k0b[00ZE:4$?n/G6=fiC{ 2mWa1Z)DC ,&(L`7Ub0'Zʭ2k#m0+׋ޓ*Rr|UfB>9AeVlf#iqͰ};{^Rwq>+++H>$r>@/2w#3՗~9_ju)5f/G*-P z3&sV] ΃ *XL??PO(Ύ6[>z vK3ZboeR!Awm;W"[ w0q73G? #0{ңok{#.ޑf*"è#wYO$.boG@ԦÒ<=F %sI֠J zL.y6.-bkBx" TP5ku5Gz _{^3ƌFPQު:;w*H^|@C?_~1Y~>əhV"f5"*nR2|KV$ _K:vsЯ L ^Sc|-qz«6[#UtO s[W0}.9H cFT۲>GA6KN6}r2k0`D˜Df>=yjkIiveT{\`)灷|%Ǔto$#`+y$iܧ^rT`qձ.UPһF4ґ `X4q { ykS )7{ek KoKk'{N 8008 KKa<ƴNǚn3̲H GX"ȭnbٴ_]UX_O(@1{,Wužz[W&nՙ|%ߕ 5j.0APp(&Г}QcVT&X(\ !AJO4ƴ(XI t YIO6HֈzQpZʈQlO6kZ8+1 "KT{]goqK[" PJ̛9{\86aaHy:I#GyE&M@[_8 TomD"a01rN 6+\Ca}L@Y ݺ xPQwkӎb[-B^PHJP3eb[e V2P~lz>X6e@.$NަlmՉweYգ[E6 v,A~v/* NkCA>:S7x‡$=}y-y&$al}z0ȲZj~dI{͟cI!Y-b=B 4_n$7tvew6k&Qhz Cճ8Q.<q*pE4g3kD8fUVYϪDPdh$10>Ts.]RŠٗz횯ȺcpP-78 熬[Ee(]^Nf F[g 2*Vn~`#m#f5T^ p2VwL6jyټڝ<z$iau.y2<;`o/Mp6@tfg _wHL)ɾqąe:>`:;,e-4&&ځT:#sȬ| a?!>Ϡ\nZm)ʥg)Eh%wJqE//ϥiDZ{גgR\с!VD%Fu@z.!]ᬺdYjImS`IV- Ae!k Jw+փmzLmY3ˇmk;,Sx`'(wi S.aK<*LaEkBK>&3F2m'tz.4xQOx5&㊢Iޕ5<'H."8J⋞T('R'yYN"Tݧ\e Aʖ"=R ,3bʄ)gmUBo_&ް1FU$X1y #(_{^st2[9 3^ϥtgP1xR. ZQv3T ` <ݚ(raw |CtcA 1cQs`e {['QDSoB`^RۺN9( o\\x "P3U쾊9~Lw[L͝re#ԓ"3?/ֈs^L^2='r-[1Sqq6ϟz|o N$s VG .\L_X<*XP*gF?S7c%>Ntõ<\S4.89S)6-aUշ=M$׈jXxdؓ[J%32a>Kc LH$X D> C690O tE\TmBv˥N@.Iw 6=H9kU<7p$U|Ҙ3=VrG?Q^^)]z{йKG)5?A3 Jq7Zcf7 G3jH< vd3K=K-cBAn9~)3 J'>V"TV vCVcFN,&I);:6xOv-nz_&q,Oݲ\G})8¢  "U9:^Cᐲ\8%)cM㊤^h/َ/LKeV?(yKfkB= Fv~zeT!PXd~&+RGTIF*DcG1jiV&i* -rCرY%g-Lz nxrk$xJĨ7W_DܕZLȣu[ZrZ=χd4* *+ȓ6rsi<j*n C!kJҥ._.z >0?OzV“׍=3`H$9"PPQJr呡ᖴ3Xlk{̬~cMPji݈\CXI=cdCLv niHh!/0ާ PpAFR; Ax$o]UY$y9k˽>LC,gTtŘ18a.bCu<~<߭bid&s"+'PPR&)f Mk2>Ee1nqJG7)GEC5wI,k}kq6HqOm* DQ҇,h1 ҩS6{rr<@^1e;.}:め#+ђuu\lVO=/q?rb_Cw& Vazh.3`K'TqH*U0ﱸr5#ci5B ?$k zU a;& $;\Cς M ˅sЫ?J╏HZ,_5vĉuNnp=(LVVeu؄0-J$5࿑Jc0XQD(1$KY^"w3ǗUmmfRi⚫k)Sl߭}-6  =;n7/e?AAf* o,sE1?uemC"͞E|Sucxs_n<]rd9ǎwPTP)& NT{# R}D` 쉝* <,!*qj+ݴOU `?Şm`a!D(怖hE@k:ɢX(n!g={ $o(m^|w>eR~\چx8"떁>F"{ Y20\:y_~Գ)KSiE{`c-yE(39hځ*'E]Œ|>{f=#{8$6R`QsQkj= 2I3AI)r^c*O|T7wC?x7:%' H-P2T5UDwsDSwb*I?WAm+U7$yKk$AhKH (Ov"GEN.NUC$5!%_v3 a +o^DkO+k3 LGF'0p6=Yc;d0yҤB J\XBؗHw?e61Yb$AX) QڮγAml"4†c3PXj>@hVy?2&)l0 UtM2(Yq K lgEk4 cGS[q{Ou+kuKD:ּ4Sŕ Nk_Z)1+6-J0_,cd*~ײ2{&%Nsb&YkSz=SՏL(㮥u$mIc{'^__ڌրA푤7`e mM[HX6O~[$=-wd B;>5F??VD`$zC.߲@m|3?AdLE+eŰ6@N4MDvPB 5 5g} Q&!ǡxjئuyy@۝FtG0$V%4bcoЮU0 n72p:L}WWS\I r,/$o6Od1B8cI R6{ MsJČ!Oq 10{sdl"2 |`RB UEaSx\w ߬IY/PU L#飓`0:G0T5Z8i+MCyBD8eb1{-ʊ6>RG0 k}oծv5)~f\94O\,^#@D{~fv#9k82u\ [TщrA0*0%!3v?[ZVaH *b#ys@ݵ x0[ߝ;{xLut퇂ʈoOHpHN7Q9S{sI7`WDY *O^lmI+]a_l:!HU v R\^%'Uv 7&:B:vHw@o1 =V%$B0ķ' wc*v*'M2TX^ڻdX1 ~"a{ Z̶C xU!v =T9QYfjZQ. -NbS_\Q_dazI7qmt4+:W91,6/sP#B9*9xfozʾ@htm~_SNr'\tv\ĽJ(=>_ρoͷۡ?qKp<O,DOX# WYSsf C@?}^ACٰc`E:\jXx˕RYYfۦRٲA@GCJmX EYx$,PA^Y^y endstream endobj 586 0 obj << /Length1 2290 /Length2 16656 /Length3 0 /Length 18004 /Filter /FlateDecode >> stream xڌP[ Cp'HиKww \  3gfr{Y~ɈULl@6NtL9aM&f## =##3<?rx2u ?,D@@w(P l`b0s3qp32ch XҶ6 Gx2[;w 3s< 40qqq d r0N @+BP;9q30mhNe#d2@h 75zx2 [S'W.088ۘ*R;Ʋ=@6rZm-lV ,-hc!t @\H |go~vNVqd+{lLDlA6N'j2~;ÿ?/&v j6 )ۼ@N6FFFv.r36g+_J=l4@xOG  < `2] 2@}M}Llm45ՕiMJaa[7' `cxoEſ`+ecj >d m'3躌loL_.(+wo=r`M5@I9wAmpp(Z8=.Z4+ _W ޷p|@)lmM2f6v>JllOu4k 6N.wrS[N o`8 "'A0q0 & `X R+AzEzEzEzEzEῈ?=]zϮgW/zA:5wCa{`d,س]/?MY0w3X,K?;W?l6c;y?ż;{0OX-uWm~__NOL/lU N{Npx:w8w$c~?d#yN?n ~i֘'KmP}+8 ٞF2C#2L"UUzíPP2QK=LhkRۓ׳A^䧁#~8|:U}{/uK.il{gNd\{> ҕѐ=*viHoEd9FsNthn(73hYoұ4Ǒ,ڛQsk̎887hS‡IX Ņ!M(@{%ґ_"(;S!JdCT:Ѳ8_ :^>yDȚ; X:(2Y}< =LZ`_򙦨{]d6q tC:q=1!asu¯: ?Df2'6<D{+ efCW>8P`YwA悽sТIh** pfj a#4r9۠Zb 0?),9N{~d+/*a8)`I}ׯr(e Q320ɫ.iO ɪ8rC Aؔ8?13I5jIV{uz؁'Ґ)T=if 5+$pieD.D3TŽxkhX!3]`L<,yI\RN"ofBY]q5걕,>;X{J`0ZK?`/ťL @ g_LeYMx(ёNUνP1d I$CJ}j~/[%MY!J[;6(&(@J:D,&% m6.΋,b5H Es?*PB-Mw>ڝM^q}Sqh_zyatRp:7v7Y 1HE骒~Tj,$5T!67:+1aƖ=9XZꇡk)U2ggiُ`~lumՆy dLkh4}SB:e=ia9EIyp͡R6;{.qsg8mAx3 Ȕˀ_w7x~m?~2zbc2,k|;,4 GD^~ZIJAp5*h>T\XIYtA4ߙcS-3jKNG&8cIAS_[b ]ź 4)cBa(pLys5YKЉ5EҠ>KFu6.i``&}L{^noǷMlm}SħMy8ZI S7#'|Ǫwd89 '3Q)jHq=~Ҵt}4ܾɹ@mET*jy;MN>$hemR^lu‹'VE!Ws._ 1cDe{RglVO>;e_tpm@)xkR%E{߁}ZS,}Ƽ3Zqy +1 kztK~2I%HPZCXXtGO#м+mФڈ>~7uhGŒ Y%s뙣 neisi]kqB|i'vKyk.bhyDs91/zw("H4ucS &"ȢxH_!z Dc#:iGWwjpd0 uvW`8um /oe[j!gYq>#1g5i)^(UDǢogY$ENbLӻݐ5Nw@eLW!z||DDCv-omjco(V[X|A*Rߨq Lql \G.s k"g]6D%L`z*̃O2*>6-)rOy@kN h]]}EWJ2TK|c`&mivKAt A87h[;(b.HdYBE͑ #,;7*2,ESfJMlZL]=7ۥ3rY7UKO'3\St T]O54V&7 =JeC?ݫJCpC>änE8;52e(@ME5e"m vһJ*_OPfHq`?:<$Xi,mAw Fw[ݭ8nn eq,yD\sҍ_k.ܻh/0Yxd1ԃޖJl4@ poqKFP}ej ~o!cfsk>7c 1vmΒt4(')[B%ZI@=+XW|[2oKW/Pm/rŪ3dMi҈Մb'? uq$]u ? %9`E63oHtխ$tKt vHo:b q︢xlхP-qTg` 7(KR D;n-BC"$u*SwŁ*.y]I^LR>􌜅9oBg(Ζ.̭S諫{;Y󙰂9V}åNipӶk9GR༆-Qt7z,`Q1&풒 ?Ly>lW6ꊻܨk tY“AϢa)@A\%ӷ=sGi]%%$iԘOW`ÐCMq˜=Ҷ8)Y& '-QMv ,{*=H&wbNKRճ W]Vxi2xm$ 6cZ1@l)V +9\.o|8C.Ѻ/.7iQ$HqٰF~nm;wm#}Ye!l(Sʂ GJ"e&ݰ >;u X^bnھ*6uS&#0hx/ 1MrP=z"0>׸5 x#M^HLyڜ*C^EZv~f_8TӪ>2BPҊ|(}{ ]~lBuRujCOQkK"]V\X8%oc?^5_JP܁i #~~_wsA~y媤C.k OӲ%pcmCEFT XYJ ^ '^>8-C5O/_K^O3bAֲۓWq)QrȖM;$uejg8yCm1F;2eGj!෹!RIЩ+烊-㝼n(+) ;lNyt Lt 6I_aX|{iMuIy ˝U086Of9jy֓"zKt4 gQɈ!&Q!g>߮|g7AF~~!w* [lM9d`j (r0NDɣPe-XJy_NAhumo/Xm) C$gR Vg}޾A~p[etS$Ǥ3:*/A5=HIsMGBi>_wf&ilg_Y`|.t *Hu2Iu+ D lJtjx$d6,Ѥ1OT&Rs ]7A'gۦwހZ6ŪH;*sК:)j$1U$7yp91\}!Qu Ϟ/{yq70Py#^73f8<Ngn9Tҭ}ú0Tc}b GW۴&Ys䘴]W^JC+Ӝjf#Yj²?1.: z)jK=4 սbL>]>lAFG6/rFDeA&-T$q#p@#BET흍)'S Ԥ})6cR\)g;Bۧ&EsO.-/jyuegzw R(ԩʼ?6.ϸ!|Sa+BTd$|hDž6z7.7R}}r6ѐ`ug1*Àd(%;:`sJl4.$}EC-*3>j]8ɓjv~)9G:gkf;' ,=xs}ʼn;Nz_MYBGf:sXt*:ȯzF.<[la5ۭ1xvZQ'X)i,\Sa<9"%E%CPYXa6w?uBBy3hb >X0 UzC!P&48'^ Y*Z1c4ze_O ~gqQdمJ=0ٚ9'WB&5ExQLg]A*$_4 sDvAo5 T3,I.4D!;N97ٴyoYj&Q>S#̂"=Td;vÏ OcgT9HTvL<C#&~Qŗ'[S6`u_tvsZs5rY5u瘤 0m}!tevkA|[%n̶8t 1ΕH4f('Bś p+8Irb53G!uZX)] <}F MB618 ~c'u/I1)\TKv) ŷJ$(xaH=-oPՂua lHx^^s3P*-(rQz(G"" ]x6)a0?'{+8K~e"!e=E%M#'r88h_32@ߙ*zObG$_3?'* |qQSփv+ҚHr0Qܻ.zd"UA\'$ψR&"oӖS4Y"i= 9YMF3=3 ¸gd9犏nMFQDPc:d2Q7*K_rйϡB 㺭Pb'8M+e+Li%eKx΢ QKj0jԎ.xvQ ѻ5P>pً8ɝ/s|e-чoW:x ."Fb4|t6Xq$ˑR6*eѷ ؋X=@>`I0xꂳ+6ݐ3C$/rlP`.OT\EEE݇ڜ H%\RaN ?~<@ٚpyjf& 1&El/vgPߎvC$Q/k̅'Wmen3oqa 6G͜L*xG s~ x:DˍēGM(˼ZFP&죿D=Hu E/[+ hQ}QW: P-UZ&|SD:`B.aH{EHic@aRnT]}HKAo_OR pd9$k;pe^hF)PV4yepODR)*Z/C(0yVqq1Ig2סQ5`ᢒpً_=_p ([ѪoٓYg!y VuiHD??"Ȫaw沈-e2c0aj?mDExEYA?vYK.Իc^q:ƩYZǴD`@lSY<[3ǂ<8lS>&(v̗%ݗWf0dAv[_,F]SX 󰅷wnC;=mhL̶lvݖ>/ts1>MA}2 ]*ݫ*30J^a?|] \b?KO9R dv tS;{xs]v.ִ7Oa!jDkX֝IHjVxVת56tL>n>ӊ4p;eivks`ز 8|Cc@b맩]s&j?Md d5Dj-\[@ViŤlAhP !k1WMyYkLaKs.܌>h:,@AP l:4R((eߵkx¦N:^Wn%j/ ]~Q\L::!,LcJ7[,{hIdxY8[v2r"!wgV>sv#] 2 q31uV3qN){3ZEg5&L' ]f2U.ȩM~ʚp!k tȕfg7* )A_ nƀʈg_&h{z)8rЈ"NMv B'9[wsv9Z˲), d2"sVђbtϰP p2oSp\4KUI2ܱT7hiηZA%u?#,hEtBIжjq̐M8BN gaQgc9K2쇱l4Y,NWүÜ^dk66_Y.)]?2 "猸HXilq4VO} vpe"#*r@ 4$NAQ|YބCW VX-nRîe9p長&|}% Ib3 50tkC#ۼdh% g1ôjKA[, ; b~"ے Er'eL6t'm?51ٌ:Amx'"(\/=ԟx%f:9eG-X-t(a~<6մ(UcZ>a TK5Z=j8C=JN^jW_oC+O( To!bh(6 Hܐ>GRX"VLb̫\tJg3>7~:MR򯊴9^aD\Biu5XaAjU\q.(e0KܳaPk <, ((?(ZƠ jAxIhϞ}t;G5 /`T/-BR:ߟNhJ7c?F`OA)Cn)|ZN/Jm~ i/֙2_YiZ" ȴRizdWF0ahPy:Bf}Iꈽm>Cea~tRYL74I{p#) 6R3cݚov<Rcw'TINْ}[\Z1ZxxI~"9>u+"`&ǐ Vr0o㶍4z1Dy' ^Zx%S=N3ޑtx_ftVVU<9Pʉބ O/νXKBU ї%Qc]ۙdQ0 ON Ѓp i$1Nk"Yg*ϡ t$7Hb@A7XȪ#RxLy613]ؕ"KeI.uI}^9W4A,9~?RY0(f!rąL_K̄Qz'*(39K :kU.BUmtTHW\~wc4V5x`&Jո!;ׄMWԱai,v13rj3FdKeT6>rO!-{~U-s9FYWEģMǔE˹7=<R[;Lv8RVx!}IܼL p"1+<HP>!Bc$2r}"Bgꄍ $FZ#pT4zJx^ZIItO[^>j5b/<2-t*_Fyv )jJZVHc۰JV # ♐ſDM>G qVv&S}zY##2$N>KIL'3HtYappnnX#&H?;؉CM;FVg ($ъezu$p!(jRoj(&? !8xZ)6žz2N aLBзLawV81HUMť:(#AUN2 n%HI1&E-'[~b^>{~wu#o&BwĭnV֋J:ky T:4oTeDeEH?R#MOb~A1wa4rU=I6-}YiGF0'ҾݙȊ ވټ+}KeA\1,*Fw&ȯYuBPl8ҡt886_DʙK{9CzrU@])Gy og!՛ [)LsY֬9/0n'DLm>e­Swb1 8Yx.B{`9YN}v;k5Z]pk ?Vm9z,6)Sv,r+gA\&4+ 9@ͽ(؜Wi87[p5߰" T}qznB*?Sw#7Qpw2UHU"ҪB}]4sYܖZ\G$xљ{Ќxv0RׇMֻ1.CЀP>NŠTy3t$EJs.G'ү s4"+`Rr //g ZE1իz8ւP]%V_;FU=s 5oGM)K11ܒfA. ړA$ɍ4bd$P '\%|ZF1^i<@p F[^Ih1ASHWf%hc+%շP3ѧ#(e2*,3n뭶W$U톄 ^"^: 4B 8ӏCSXXڠ敃+?(PΗ,IQvsxh@"#y\')}S niS"1R4~NŜ.U:iDž&WTlPxQgf pVj6]MiK%.XԠ`q UMP]!~C4i"ەAe<aӗ :1ߞ; nu/iύtC"+61I?n^Άap2` Vre]-\IW@*ϤRUog.3*;1wxlëeC|wiYߢ~ K' ڹ3-O\II+^1?+E99r(y`D۝-b_3 kYGqpd=}Wº AIB_tgCGHݍF S6ФZSklPưڃ7ݒ$&>Y$` Y9Y"MaTGףߴx޺G/i q;i 9OjIDY&FhSHi!Qg X^7ɛp4:,g>iZ4пnf}4CG)VC/(~#K@odyD:b`/qE}ñs.AK5* rYf)ɸ|5%iIoh1>1tsɹl9`vGȳ^_OM}: 0K?+Y?ICh =L+2N'7:Wt@%{7$HlqtMgHз IJP3 5 l9ۄ"wi:ʆ-wEr`,l '5ο 4OZ5yKJiۼIA%5/_Liā%@/g;3&?VX%10*h1ԥ=-x2mIgHtSA7]$o? O*Ul%uƿQMȂH-uv{,Wp cL<_}t) n2۲59Pka5W-NJihAM,j͋Be  ܏@BaQ6gʥchޞW~~}&q>kr5 ;WE~ӮMfQ1Q6Z+FZ5ʎ|ވp>b|ZA8+oAe cр`tG BAvEZ"ϧ[|^V0jS Y uT^ m˴ 9qϷ_UkjӴ6`'1g57Dp"Q3E@/ܺrYWS_G30[W:vN.K>!6D|SLᑱ-n$ϯ)9U~^$ST-/dEp2S_-犵̰JJN2a&}?{Txi܂_wdg9J~?s|Z V6upZfට6 U`2Tm'?{(͊7Gα6=5ˡA ,ɂ8)1';<'%n$wm" pݵnG6JVlF ^]FscR*T^_j&uz?!tͧ Jc~gRFԅR&׶ӳ#q08Ʒ\9vڙ(~ȏdl=_5H1*>SwΎ~UD]зYU4Bk`ߡa$Qc@Es \u\wsI" QGidtq:HR(cm\;N?1L HY* Qu젣ęz{d#r0&bQ'#IٜJhA8wHȪ`kPE2q 2O+%F27̒E۾G?VX& QFwY E7;L퇸8˻\x'7jPqmd (ÈENT?"aǷ, 1qY9Ox 71NѨ,ΌGR!8mK Mz+ fy@P+.!wEa>F${Z2܎G:}CMy ʋxPrJΝףg(ޙp 7 /:*qSh۔5j.Su 1X \Z%,r*xc4Ŵ X4K 4cmy|gSH+}ɵKƙC65/Z>SI5W@)U6jȼ\LF sVLKP$2"0uzZ񖒚׊㿇V]J+TucEY# A8NF6UJy_'|(LI%vy1oaBn[i S~_w6n2D1DIԷj=s&:#z c4G/quI= ))L 7(E2>3#HD3$Ĥ[_mr21ĉC?Ѵr23cUxo`Pv~r1U[:$Ju4*'Qz5;*^~MF8i QG[Ѕd90)ǣTƦu9jU,y!ZOnJ3C@/u? ®3 -doZ)&\!~teiiwO3=?RT/,s0OOr "tdW=dzŎh+stMjo8>KFCͅ34UuOϗZ k "jJ1N}7J@Ni"vScF#=Ǐ/Ý-0U6]`b\ٳ`g#̷} `~ f'`7EъdY!$DJ8P6h\8iRm_t54Ċ?I4`EBAޘG< PU&  6 R'heLzlQETXA50BlsՈ-%u^qSۢ=fHW8ȰٗE0Z&~`gqzdbuoíR QI@3uN<'z bK'0L>~+%>DON6@R"/i;bMߑǫ{I_ dHTg$+ޟ}Σ!BQ A`M)먾;OQ&K }0C#!XQi; 3 >\BSnj ڒGg( gq'EFY$F[<skluu򹩡6Q`V@ƏIͷr.)vZs#7$G{wͫF+Dsr"KQ@}LT[ ai,/6DmFՙV Ko`j'IE:A 8^bF}`S+ Ўq1ڗKɾ+HC RW{YDWOlfxo.˸ $:vw·@ks鳙 IK*_)D*DAiIP, ,'ꢡ~ǁS@}+s;<'[H~ .wYpԳk! ;u?!9LvHQ9gnb¿8/Z>CwoZx|r<3!M~U ~-d&k".x O;x+_M(i&yq9On'*x 1eۖ2dX.qa=89R%B1kwA r& )y:I8d%R^E@lF,9x%UZ d k $Hk 4XjN -ANme&p endstream endobj 588 0 obj << /Length1 1649 /Length2 9338 /Length3 0 /Length 10405 /Filter /FlateDecode >> stream xڍweT[.[!Xq\J[] @ninmqww/p9;|߽?Z<3ggL%a3 .n(@JEq@6.AEőM6iSU(:x<ݹLX-D$S:(HR21wP\G59 Ǘ(mL_L'+U~Q3#QzWRj4:T8UV \fb0 2DS'"h:u>$ =w] >X>Z:c[xAQPf`O/7=ͩADh %Ù54F QsUhdC5ģF\GtTfnd'? "+(榛q_-&i9{lS+Idy=˕冤VcjlFů&ORˈtγll61È'NŅ,m12T{9!7n :QqiiscdcfVuk- g /p&Ghu|ɛѫ]YK"#>+v l#gtL;o{>&Ar'I2;X #>e=!osQC p뻞qD8uzԥG'4*CwT"Fv}+<̣JSwOcZIxpz n~gn֊|a \Ny%ɹC߶Ƽ]ni5+]>eZtIN0ë}^i, *fFXVCpї냩/ȄvK|<@[yB ^F?cYSE M,@e4) WJl*t|qƟ3q* @2ڧ kDy{ҲfZkVGG q"R$ ~Ɏx?C8p n~ TNP,5Wa=81S(}vw/jǛ]b0n( ,={%9Ԁ{k ݉sSzhUЛ޶B,{!Aꕅ}Aș5ҼHE`w 1 ]}fd;En&Z(a8Ͷ0B83JU=wUЬSLDo]3 cB3l1}ޮ`~|}o ;8Muh\ꗉFz`FZRE桡q~31L΂<& & Eƀ/"D\qmvd0G2{/l$jtHYye+ f^gҞ֮Pe90X_fj24|wf*RwY(d1<׆hks:R0BscbuS^2 :ŎȤsTE TmP*I& u^92䞱+-D0Tyqй{,_DZxyry֎U[uuIvYCկήex2e˨DኰZQL6i;yĞ'p?+Y6 2!0I(;]17[(ﶓ{-,L$G{}2S "&Făh {fzBݩ].Дio'c:'q|[QXTRrFF˿gYgy$kdAm )&Cmll4s1H.y-&ĸW>Jh0ܙm~Ǫ+oG'Xqmڸl7 =kmۨwmKzN܄౨ZRJZ3fE))U6~tYw #hώ oiH H&IA IsfSʍ̓ڰd|rȉc##k Or"{/< ȍ.fYHnW ZNja85M#ux4=mh7JLҟEz 5ދW'iة•-?iJE~8dQt.?BƂGҰ;pːT7.t}gڳڸ/yT-O@.OD "DMIC$\s pkħ՟G2ͫǺ,Z6x%/2Pս6fx$J 2ve~2OZG^!/ԺPhӆ?,b b<|y+Bu|?>Ge4}l>b q XJ1%Md@nAfCk$y!ki>./7r.)̈39UmVK*3ȷc'3!ix ?VS'sEȻ'DX9;;&R6IE3_7gF,I1 Ǚw#>ܡ^, ^ fݶ ;Y&bOdS]]N ލﴛF ͱYNrRi+1 c_fY"t< dF0Pp7T;ԣ7k\5]Vu*:KdQZreLy)ͷ[,JږP j[׋&&#xiK+"폡a}^:|Z,m!!6<({1`.Y5y=Eny֝y?P}|R1J4W)o/4+^trrQ8Q$){<ɃQ'xew=jdńaJx6t.7*a]\C7)ދ DVLѷ2:YMCO*7kJp<Z!1=bfHű$ žAS!6)ޯ= uþEI^8q Z?1hTYH$Si:xf6/Ѩ+~jN0s%="ܣA0\j(]z=M&5);B|9@f'|}gv͠yה_²c?9>Wn3+i ̹l(<@|p^rf㢔]YڋM^„0(~Dz {g(XGϘ *l~%FXM-'):5@s0N"UZaG[XL\^cʢ>h4) !oכMOM6YBW&WU'Ǫ?/QvD߻jJ ._[qO1 fǔݳMǧ/Ζ ̮S# \d 6|A)ViKuTi+(\rH`Q](Xw @{%tS'%ǟRS1E^D|BCgO_̫2bJ"ӯ8=El/M}սĉ??ͿnAKl/,x#|˚kKWa'sJW3%K+>2zjKLZ?z/ΥbȇqLHk#dj.Wo~iJw'Tim/޾G:NN>zSN'yuޅ}f']WnZJi ojv^dD 7 ,I@dvvLko~}aTۋ)68ͻ.1tiDW`hj36IJ-KN; r0Vx~SĊ2`X,_bC:Zhsr|Ҟ\h8ѩ&V7\"U}V0wmTFU#u"_#zb5Y$-!Wmѳ;-'4%> TQO:qi8~M "+܃Stm4m?*RRcQiM~u.yB3: ּ< d>֖xZt >z܆tCk8ק:G_Z!"/R}7lvP++ =7(|- AjK%#sPxt✘ptКBoK:Is 9+$x#6z/KɛЮ>CR"p(غ6Rhxset]=<ݛҤ+i:FGEZ< J":PLɱiNE}E$xGq܃oeMb۪ :cB,&r0#[vGcŐrHqv*C~@imt?v؏ w*+.yY'ԉǻuʝ;4CVi&1ZLHi7Ìqy١ /C4$i=PXե'%Ɠhk&M]Sՙ2{i˽;4Oe&ztÑoԴ;yl5Ft'u--[}3K6G WzBª?w6db :.O/Gr:HmFi KNf$7]Mm>4V;fڏp@;6AVwW_>C;qQ,-bRA,8fghB* E{ㅳ穆o?)oHֽEqd̓8mCs %'w'[B%ߠʲcg"mnptV^[7 aIvsdEB>KB^>ytoƄ ~+QxhkxWY54M:n^`Y,`Y';OĮ{1r^Tln3d)UCy\:eK-7Y">8g\\5+t qM^5Db{M~ 4tLh,wdt) <]aHB˅hRODćHgCN>: \zw&uبgbֵԧg:Vc%Kuy9mOfxY{t3-%o0J7+xz#~jmZH4ZHA4eř0r-%./\ҋh>1<,ۦp n7Z|oæ=@]yb<=hY:IjT۶Ye)b;d{ t;u}IV0^hOH篆-)Ow ;ﲾl\x~\ T vg{**N5o;ѵ΂Wjl3̍tvx5~)zĴЈV*O$+^/.qe)uҽ!!`/?o)g|r:ҷ͕;x)u/hCtP,bZ f9DMuD2L3W17VW c5hWbƐu7|[n`$yF<~K5jd|47k WvZBWx2[^ZLX,i{Bo;olCrC$e=)d(VQȦIDH/ȯiʤ3wݞϣ۳s͉۔9(g' QY=u Yei{9< vށI؁YL bq:COVٜRy.Ík,ρ$ 7PWaRL {1cH\AM,M&BB񦭁_SߗAJNs JA:;"Q.}=4Zam1b}: q÷_jPr.he99 ffl·K:GCcpNLx˒Uk ~z2LYGy',7d%0GNKOAzτC?LLyԌ,Sn"-ݟ,U!czO=;]xVlSMo<#+R 4?|zjM )e0hLrV}kz!-_{xZ?PQdQG}͕ k^{Ǻz K;ϯoi)x}„+ sKjIJvkSG3|!LOƻI5T6bcw(5}íoRͧ>yQ=ø:8,z%ru'Qp+e- OS֍XT9s@ 見%2}Bj6x,j`V4}RGZ&}f1^M­r~3 VDNeuN^X;mPuXyؾPTQP[ endstream endobj 590 0 obj << /Length1 1531 /Length2 7668 /Length3 0 /Length 8682 /Filter /FlateDecode >> stream xڍT6N" Ktw7 ,,- %Hw !H#%t~g}f;s3Q[[n Qܼ< 1/@|,,P3o! "#P6y0Ԁ^~D"`$P ,rpWo7_K ;WTTw8@` BI&@<`w$;pB!nH-WM xXP?ʰu9XR0UM_r5dϗzoz)3`ClNJG) rݭu|ӭl HsY)c7y1VWPLQmQB짺%ɋ-[% 6l }[ä/3$|m ?3㕏8՞fuu\PT훆S-u]6Wkxz4%#^d+@`B_ÁVb2&G )d̹>],MO{Xe]pHDwx\;9a4c>:e Ro6 r>[J7J :|:d!9`@5vk.wa#uwGWKrQs}pYKLCI\D2+ޕpYzȠJ "uԠT5%0*!CAl{+'%}ke A[Ğ cL"JBn#m%k_p}; JD*km>FU6o8l, ?tE*!Ā%%*1F|pɼIXz??X2y'F-}A aCP;~t粌#d0\~ߓFRf$g$d=~APФ#㳡ܳ.|cu$Fh@tI277ee1sq)e|gn9>W?aM1Tӊ&<_H2q>,a-Ns: t nxtlEo2y ,Zw-IyaI 7q#7fsUD.z&QwAqQ'SQӂdɡ B!亚eAG%BO #w$.1[Mdk5R- :nodF6G]rѓ4Y̭w Hi4@ѡ[`g} Y{J:={s30G\-n,DE ͽ_>J+`{5&VĤ|_;߳TiLD]Ǩ2+D#4{}™>:@neͩ~ώDqC*eSgZl)xģhhJH4_[Qi#FM=c*QQDLT%$@MԒ~1X秃ܸw%eAʨU;攦=?(Lb*C`]rɺ87U۽crƁf==zΫZ<t>\&Y;yAtA3 OۮÃ@x)їYѨnS@Wb;VcWdVCL')g 3itE[X VɴLp%AtXX whT"2w5yEws ]n ܑZgc |֘e%2̭fj*zqO@ٸ^"LƏS䑥%sPK,&r'w*ɑJ.rGV$-1PG+}Ee!<vj}hwӥ3\+2 2BH#B,^?K:!!ђ0swZe'^s|`H75Kx9'S8I.I5gfU{/cq.pwikHe&am%+r&w?M̋q3皌Vγeo]'֭#u\@.ψY )]D3T^o/dڿr\W] ,{{fHﱑyyvDg =SY*Gt`;Ѷlp'(bWgT5\9:GbXquj|V\#HW7ow1^81D[ǜ%ɒ~hA?lhNJ8e+;0H޲.2w 3p0%"]4O \IG3q!?pzpC s0sRWL0z0v'0NjI=dr`U3OU(oj)9J aB}xޞbE.M}c=C72ߧt>cF+ XȒϝ%dv˾ͲfQfࢇ,kx=5:w?NLc{ ݐaO$$?dx^C0SCEH( f_.oCJrkbpށoYkKVzF.숋/mM)FE? _w׸|zHE_ָד ݤ,^gm:gݾ}.b]'ţ㤼yy\XN&i^yWyh&dkv5{(.nzI"FQк0Yw%G:O@ȳ'm ҹZ{+ 5kݱٲLv1A]2y.l|A5Xx[2U#->ؓ(gnaw*hS+y>'/tҐ1,YSɰ?NeqLl$}tgWr㞵o٘D`n8#|[ﴎdiLwIĎvUn}hdҦ\'FgttM ~t [%gV![Wӄ?'_.q)0z|$# dmS閜64<41> Y%s*;ei<72y+kwH:YyoN?{?чora3gLw^Rw3/7g0_o.Ќ:JX'8?$ b U0$_M=-.Éj4VqKTM; y}U^'ifR΀ ?{J"u$Z>ا8U<*lڸy}2^me"]hXp!#f1erhͣ\=J?lp8彰a?*1Йq{ :`0Ow͈۱rr,G.#Ʉ٤vWXeq<@YVʍh4]D:SRT`גw[*MlUNXݾ(r35$<ưsQLO^Ef!K{vgb~L>;R@&2Ͽ *ɈV;qNPQ|l|gQ0/`r]~+~\5E(LjE䑕BF]i ]ȬrɋpKRڀؓf]X̄O'}-bw\_1c%LC6 V4>Tvrd|X(z&?~@w_ը7)+5f\LVʙGiۧek-'}361eg΃ԭ|(g[9g?^$nXs0xCׅ? &Sj C߯Xr@$vFdʣԺF7ֽTBߩtJ*zS ;֩a7jW8;&mRͶ xj>)y׫Q}LzVi nJZĻ%{N7y2 L~n t {'N4b,Vk0n^6PخasGktZgQdPR'^,ZQԪ'x BnzZiC> stream xڍtT6)ݭHݩt0  1ÐCwH)]t+- H*)!-( H}9=YuzYu8 訙BB"BB„Po;!)äh*an(.  I # @Gpx=P'g$߯.07(%%;A@ @t+An#8 A#3!-(+r#P3A@F!F d;Cr 6A:AFZ=/_>J'W"(w0 {`Pk |Gǃ|@P7=u@]BOg>/0QW5TҋWPw?u}aOP1=M`POo Do @<?N/3z uQ^ !p{Fh33zJM? @_o6h9an^TVP¢~a)q!PTL !! g"}O#s}Q\ g.]8׿n-$&F?gWݑo?_rAD@쿡fqzW BA zC P$/e757( BBC xiA%``/ @ȟfI Md D_; )h!W u'G 7o[L8?D4Dv)a͏Gtz$K _F*/q(~dB6Ŵ=1h}l8N87N;dW.fgi+v+f}OoIR"37~Ell֊? O2I+b/ϝgg<#:9@c^ $Rptbk{ '&8P[fQKS,Ɏ7 VaHWN1Z=b}ۨ@r2\(m)PC&o*xw9-Ql>U$C[jbm˅ļ"VQ$Esi9u m C(JƮ}.z(?bI"UuVz$)D7$egN3 U&ԼfJ+SL~26\ ŒL|B `ǟE#w%Q>i:Eg!g_fW}M}Syp*ؼ{fW mWd~1 j^RՈm!WIUY+=rrZPg[h} gW`3_pjL,VϽdUL>c;el+ܗŪqMԙRñ-=+f3ʹt.eSNړj觲}GJ3_Ze mʼ=2NI#e ˨3w4+kpE\.*fُIwyFb9^;0ex/ִHZ6O!ZF8yđ̰/Q`XG$Q]KqúlZ5R C}Q5_tBpօGtq0K&*u ?Rxr>|ABw??aÅT+ed]cr;#ۨ"ʌpMwgA*jsǍ+sX񁓱CǶH=*(.N_އ[sO wNu[Rf(3, >z"̦O^͌;參҂!Z N3Sg 2kT5pȧ-]]8P#/&i^=Z18@*Ҍ"=yj{za;Fhܭm9?*dYZ/)$q%|4f] a?nAD*N9cru[{ռV)y0w{H4İ~s̊O,YioW>D%^sk .T Y0_$MSCd?H,~֊2L3-Q4 ngnKL2&M}G@iڥgo!ۢ4] !;)z]8ԟutqy; k.Y;5ռUJkdMbِ$RT:}#.!凎*xVa5 ~ r~=f!^A H)i|cΓJ:CMwjbSW?dOMg@M/fac0\JYf y6߲rH {ykZ6sYE"}=UՈ1d杊nG[EscaqF8u5l=z1~E R6ى1Q_YFd-1NHAeǶۇ-+yýEuU<(I!d$imφvfH |>ʉ IgNia2P^.gKU bC֌6Cvb\^c±4on%0*zxv2l8혲rk]sSŬcya9"#Æ]W s6_T3 %;t>6V/S̼:5ۡVeܯj#v;t谺zr^?ɰfA]EUךFew_Qk/VWcXlwg>PT?IAD\X >D"O*N0Wt^io4uMY_Vn!* \pϢhέd*}IhsI]4gR)M=ߩ%ZN#P2f,$;NIyr׺K2J9<MƠV\I߷7kP$w"LLϪпChcg[O@'τi=v웕v7B]{CxyBPt"ZE[̀].gIqH{>zc#m^Ӡ aM7B&7{.u Q u$#R|rTj{EԻ%fLX!GDSBL/i}Tz5Ւ16ri & dw-_?4aD4m+6͘NjM=WY<{ˌL5ylgahd$#;9y`HbWrau%pUbҮ˓2.-ɐb9k,]#_? l}>^gր[S?5M"q3ivm~1R&ݠޑKHg~{Bx|CΫ1v#BV hEYMG){6t3@w}_7TN u:MH)wzm͇ۻvޜJ*ޑvxo_ctYtVBHr6bnN~ uy9i+YK_O)$UtȨ#@8eA)$+z cY/XLƿA ]LJU=7<_NھS^4&Pjw t݄Dׯq?TT&>dG|(=8a9l6eDqik(wT<7䭛!3Ļ@ѓ&A󋸗^:z!ݪjK[2.Y|"_2wbK0_*9_a<3LHm%1J/Op B'Yn~fu 6iGW~.k!̻;Oޝޖ~VyGbDFRch; i>W&Q*x>:[ic&mEw?g74䧐f2fȣ)JRsZuYUS^dSP4b.aK Ƥ["o:}N8x&LԥM?otЊ(q<c;GDRe6LÀdsb=Kkgy[ Z#qvO.QԔ@kE@r>x [~j%J<-JoNKQx65!o`&4:)=ZhsfcMt<GlN*ե_`^I{S)PH. xc!hw2Ej,H\-ʑoxMtdX(V&a ţ. gNɲ'﷬ ʥɬDs͗/4^f┵Q`ȏ'WDh˝ϗE޲xG`s]zZ[6Ӷ\M2߸7("Zfo(}g$bM ]\baѓx k]3N)՜_mw=Vah#!i05f+zE=",! }O`i#S!x)k9(wK7;ŶGQD7׷]]*$ٖ"yձBMd,,c+"59 mfNȌMKb?(g6Xw>C%6syا0gv&'xӾt\4#JKvϔ,71 E:.,03'C?bl,x;x$^e(WHDhl endstream endobj 594 0 obj << /Length1 2232 /Length2 9824 /Length3 0 /Length 11136 /Filter /FlateDecode >> stream xڍT6L7HP] 0 %4ҝR!R"R|9Z0g{D)k )A!\B] @O5@ ܰ>`[;wx|XxEE9r:\V@@nrg:V``sww:qA]mX9^`w; " :Í ``v[qp# qx@Axz@Xo?r_VVP'g  ؀Am% .wowb=`G%ځ%Y]NnV`gw7.7/ܿ:9 nXS:@^ bm󋈵3!RU.-yxxE ʎW g_J_b8 3`'m@?X~n@OS` rXlb>`o9|y<~ >dPoNDUYIτ?A~|!!QatSb]-M!`gEXK ]?䱂\WoIJc1:}1;|4u1Y=W/,>Ԝ\<nJ`o[lk 뒁;fV >@-ﴊ+u]]>X<=|/A 3 ua+֯p[_$ V*?[7pF𘚿x `:"np!h9R ~IR2GDF TrkB'|JIq^BK )O/ś9{>*t嗦LRaPk]m4JJL9VQ#mG]1jS7jf؍W+ -fpf”N,)MK:;ne:8 1s_-j '30`SFh&knH}| 91k g8@?)&,$J#o pV,muNJg {Dl{ٟU]1(%aۊh`F+a,];ac0 eG|UJ&E>\5R}WyLǖJP"]Fe5 336"O*V7g;,@̣}T6ADہGfSy5͹9bx=-FTiClB8%+ܰv:QfQNcM ֨m0ÎҖ.ޜZsL3Yg-L1[Nqgn#q.\eD/]Drv /[Jɳ)7@ueF[N;0l)Pl]GVbw_ lŃ ;D&5P,QDxx`1lA+=j2e;NqHMl;qo"e@ ހA$Y\[p :M E>st5`*EkVaW`;׀1:w>$鶋QǃfŻ9Vz J!>$ ۫VȃL8Z;8/-=mk R@L.иc+Ұt2@Q&Snf™8/]LzӪ&*[.2fTDZ:6=ԩ0Mt K"u0U_|WoхXʄ\VPZ Nha?x;.oF_P $xb$u 1nh?r|L\ ;jE.kW]7+"D#ͮ&{2F4S,T )&w$6&Bqs>OڸR{Ngtg=pu6z׻FhFՌ!M,S!fl @ [Wl~gȖ2Rx44Vވs?y] D1|< VwfDUЫ'V{_Jc'qL"NGil Jn+?:ȡXoFj9k_aɫ -dNsإo?DRBI&~Fjmuj@\l;j礟WOuHkE[=NJ"!#|ilg(;>]oo_pYxu(2" Ji;vHFR]dwnO+'6{>ɉ ZuDogI"Id2|;cI#v~)*4vLR3 ;$&=Dj7iL}U\'+}.x"ʹb%E-cZXi9i4}xApiPǁ.LĿӾ%4%9S>}R͹y,}?:vhl(h#F5x i]t9u6o{0Gn%y(Ŋz'^{H!"b wڰ`V'nbUGa?TIM3P{!UKЫiVwb_2^{'V)?rMl(h b)q/$l|^iW<vK?Tsoϸ*;xH ɋrHJ+l:60U'Fs1]mg>hX^'H 89vOyjsk&3IXQ4O0f>>CB5**c@.?#Dzh8rEW-LO0>Nh0y@y~=svFmpK.„Y2*9k~GXԇ& 5qkqNf򄜘Oٮ pqg(5RD 泹tpџ(8r>q4X\MwEr%Ȇ8_G`VfED|H|gbpE!Tx_䚝=>Sd#Q=)w`Ⱥ 8Öa'b%oF\F ̓aYAzں@wɫEٟ[$R2iK2,`n cqJ9OTRrj`_QXa`x 9,7kE/] Rh=r6F=BJ|P/>^1lsg)ExJʚA(<Q`0'_+뿳c..WĞTJJ$\KSOMbz@uXWJ>Нl`-22!uQƠK3<P|] .sWʇ6o?aDC7\FW-?ӄFceJ嚛 ?e$~WMHJ"Ve@]>Ж9H2YֱW8, /HCYȄW<}?Q\ыNYŵMA)v ׿chjra3GjQ(n; A.&RksRV`ɁF~~HLIs|T,5lL/GIp͹݆qx$b$,  5ju(J!{A/Gp_g?(@_0 < *o v=0b3/qVj|[ ^{Q~87x`W;4h?kri+vL%5JכX3MXaA]]Omf| 3Sn7 gH)xO&.ym3Jpb;:MBdjǹgmGuZjw6e:7si3bd_8J?-xX =ԨR6}@ExdvXI'! AzNNݟrƶGRh0j (+iU6vKJ{B=)P7 {HCl&z?rxmi֣SO 祑%퍸#hnm=G-!X/>]Z1=ďjYjWN3o qľ8_5ۇܲn?a] p"/Jsc2Ig|6S1*Fc\M5}49#"ݎSuM!O dyۯ +ڸj[Ǥ:uM 4QE r)BKr*B%T|zM8sC*B_|?-^nLz>C*1S͡lؙL{g+ft%+E{xLa Cf-Gn'Aok!)|jyQ[z͋L*DJ펿;0~{0놬,`O$&w9<9B!}M_w:8qzv kCc w)7rYh ? ?taЋQ=;ѰF؁?͔g%n\'Yφf8&8E#$r۶K  5_YlY|Xs׎3t:-[&'=tJ'm v(}%3o:vJR'R.^Z" GjVkd$Vw6\gQkvU.ˡ=,F I4sUj#a6 | yNSeh>ŨȦts C#Q[r6i+ 6. 3"Na*p}Ru:98$'|@e7:)0 mV`g2S }Ril#7A)"3NPEMtFjgʼn¥=KoVJs10J~D&c,@ Q%! .UXˬHt sʇL֞K@ `W5r9r.T8Ƥ N]h5+7X#Rjd'xx~d6MiF`Ǎ#rE?(SkĥCY^6& TȳΠ!"PQSҗu>aJs}v}*c y-O@V^|U)~bt$^dgA=/џs \>躖Xp=} + n;[u_wڗ[*9VŜ=ROrv 5XMAE߫̉>Գ~$$2@aϺ/[rxwtU$b~_X1yֈ,hZVNzIQAklYH`&n۞'-!B*:(]x~Ԩ%Z.{y2^]//?`ƥ?>ѧtnf,^g_KM!ֱ%Yy(1I~&>>hNJ^DHy|I=ֹ;=WndEpB97COb㦨(og"ܥ6?ڕ=튫n`gzP]pfd p8;Zzc7~R ; Mn+=܉Rg2^'yC*<Y-j 5*`^esu+zg$Xz=ٕ[hbC龄-(泣r|A$OTXi@-¯kR+ 84.1:p}L i{rQgrEg2ݸtIf2>,A;js Q:ΗŢڞ6Zh8ȘҼ6Ѳ֑}jWo #;d.p펥La[y3q~Ax 6}<1xJ1:-QamU)wa1uTM/uQBQ 4%Ԙ Šby7`YwHUȃ;S*A@ 2$fs?[n1kQk'Du@tN[@cW'K#`nIF"K涮}uXU]sv23=6C"Ss31s'ΆbU*zטb4 <:ĺ!ʜHXr,v츊VZo}$5:5P{}S#ľ ͨث37'l5U$3؝WrهW+$">d!sf đz(-/ c]c u_ۅ<T Lˊԣ:mrX=9c;-"lm>PQbR $#\Tiz7]ӰϨ/P͆9qhi>S_RмpyU_"j0FP b%6` _w8r 2eIv=|ݓB.)7eս$;oz yWHE+_~Ns5 LӚrRS-JFnZ7U:m*>Dn`ϳ_N<\`Vi8>'SRIÕsȭ;Xu +JlM  bS9q>`|6#{;Z{yXi S0Id0a\c>+YvHu_Yl*n$A VQ?IGݥ-O -o-u9.`>էHYmd**-q$IX D<9f")%><nmN "?.v|Z=a& s7\ q:$Q]19mJ.=Wj 6䚊f^8GMU^Le :ނQ|+\Uf@{̽pBی=]Pf(*:aA7ŲׂGF7_lɿ!q?3x7E+֊L3n*wod;kwYWy۝/8R[W,S8k^ʖySDY,U{ ʉ[-SOMk!.-1՝Ԅ »צ3߆pBbHO&a[ 0G2"Ӳ=QX KyWq!YI˕8']tE.9bQf/-0]ߗ^/x*r0F(mpg=9 G)#ZMІGOFaBSjY}i~n4wܛA),o";)flvt ҀŲfoչfFnfK;kD8l8YǯO/}Io7=yQJ5O\Ya<4-tOh{R CdO*8vȊHj২:N"WujWl0Y A[ Xv <E/!q9sDI, 飮٫>ZM掐Z%=6=lv^:VvhMnzȿ3 t 2'hTJ:@L䊅y(Q?tL&-D1W\rPr"S -%h0a #MkQmi s^xYd/"ֶ"5$DVˑVOdC?m%7jm#4Kשʬnc|/zr%vv?tIWkɮg>D[b{ߎ_=㵁ƇiP?Pkڒ}Z/Gw Z%I^Uw 4HOϘSPS!MA6/Bp;EWs,$YRU|Mkb!255A9{ˋMT"0NnȔkNZ5hw&𽁃TZrqD^omhK|mBj 5ƙ%@ۛUI%@Y!F@H>5qm,1R^JC˭5);;FΊCG!`Nmqh$WITYKwH# KxE^1OѪ fŦqԞQw^lEjk_= 6BI. h6^6poW!W| l_EyO2Gvd٠nj R`4Lzs3D11cc5 13q& |ԥHP..LBH@WL7w9c5N2LB.[\/OJk[.ez{ ;9"OڍUm4+X R7]%'mf$ʮOt:5U<)RQJztnZ)kHRy°fx*LOQ҇IQh6fg˸'{ZFC̙[ފSd`=(Lq׮SI*e(10{lD/ Mbh'fwez  G:º> stream xڍT}7tJ CFlc4-]RJ HH)! !}?}?W}\m,LOem%8 kj ?G¢E;CB((&/ y$)ѷp@3+$+,@ ѿ H1 j a!<ቄ;o`a su 6`@vhvm`p@b@;GKsܡh.AAlKh] CwT`$p+p@`[0[p{;@OU4Ӏ Ws< @P`  vPg@[Ia (? u[:$VW}($FοksfE<CEBln kN0;od.9h>*es+"GfAA""+a}'_o- ~zno#B^^- CaDCķGB=[@_92s4M8*?J99'D· +~{ۨsvlm;࿃io t3 w+7#4.PgϿ,n}eՄBV ]Y-yx@ʡ(%)m'm^8g( ~z@2ꖛەC1rT"n{`$Ix;[$]S[y`p f_I{oџHA"0] _ ^/(BZUs$1)?AĆ4F<ȱ.FΝ{cTg?̘{ݧ8a:sNLs/cYzOSnF-{FW7w>|4Mڂk, VxJIM mkߧBg6DIX-]$S]t1͓/.kQf)Z%: ݫV{F8`A+>T6\Ȼ+m7ZRf׶|=Nahל-[*.w뜞@%ߌ ejJ2I[B973zXfuo#KG]fۓduENL_~f lSF|"RE Am$n*Ưx&^y?:;X\#aQ^+ > 6iQ^.>.BJvo+31Qp1cVNWDP4 O[ް W%Z9n%Q^W-BDN{]By}DRnR\dA#WMӭTޝymc2ܔl1$/tceW[#'k馾H~=淧{#S.i% ށCÂxMGFb7x>چ?SBiDZ%GiT:Q=9gt[C-㳪@]֝je`NboMmLYAužgzy8/|);v%a-.zhLu=Or\Yt=f -C.D/f?ee~5܊&]ۡġX#CgX7g*\fcuzH ͨ_2+uLr^SSEֽuU .615 ~Zpzl˱0-5v8‹ p@grٽO o-z:N, gd؎]kāIf%cfs45N`SǞz |@ 4m1nw.kXw7kѵ(sfu'WC2 #-oi=/ Eo=?rE]vSl'ׄ`N'yާD59&i[tn ^񖚊TTʻ7@,_"(",d :Ƕw{vP[qFi|1_a]\_,=akQ%!ԯ)[_x~eN3}.-_u3ݠ7ٍ*m %RY8:?pLk7 ^=q#Os㭊ZYpw\n+02=qRrc2xt;gRs uWy8Bb/dFG}it^ZUI?4E1U)y%2u1g<\Wr < }k_9X.歓z=>69V}OȯH2ldݗn2zDp8H1ZKHSX4Ԥdgi?,"Kp-jf2~EːCs^G4>/PjTЉb槤{0௰tbI3\yOkWmi~"JK?3lx㐟cQkHI,f塑s /muTڒ{Lfi]t](櫙Mar% o{? z[P G7V:ǴT߲35;c79X(mtӖLpP_ҧ}5؊Yhm=<6FeIs̫pb!H5oޑ@$C AO#u/k)>sMhG9`C*sj~훦uןr0dQY)WJnVZvMeOqAzBhFE7m쯟)C}_| $P%O.>@#[]&[XNtН@%6̚8k97_l.cU ޏ䒯rreL?0oz͗K]-~ i{!76UUiI~nmt)"dn^l#gsurR2ӅW㟴j>zJ><.T b~9lm 4=t(F;¬p>$\;E(+:LnI STY%^dJh$SuD{^]Opi ­8`#8FbzusׯN=uW•bʌW}ƍfX@#q2m<|+Bl6z ӑ)ꟳ3A.F܇^(+﫬W=*T;3%kM)+T;^]y%3e+;`ffA ~j􆩓8oܺ"[N1S/e'7yJPbt*|Uu] u6TO 3AwѼ18k+K2x"WY[Vv6[U]- %bTa^+N*7"H}߯&z혟I|] zǚޡϪ|(*KZz6|SfϱjM oԷg g$FPާqЃ~L84 娈4o W<)3Z6M'$I^"dzHkHs5ƢHػT >_҈"㵠0ɝNme׏dJIhdl|I¶>9">ɛ+Δ mэY\3UO R.I˨8obsCDn(༉ƈ{hs쩐 Ũqu$&ǝ\j Q|`$խRZǓq%cVj⋷D>56dA ߽13o4.OV*s>Ζ]ڑl` .{qJs;{Mu}-jEos9FXopPKl&@} ( 6wމğJG)%=/ Xd/.X{^h5,rZӳ'x) O/..$B uK5h}#m<_cΌ[hs*Eԕ,^EF#P\v#__KQ/s;G bF&iq5F [PLu KOfDrco-H/OZ_S"HzS K? 8Ah4KjD-+ 'o4O,Gwusؤ 9F/&Jڷ|Tyys%ai@6/ 4IŁKA/4aVt4KHVz?د 1aXq{w)L5=[\ 些{dІ m3Pԯں/tu94z3s;*h捡C93rRϢX;2mǃL b%,xT` MG)Rp\N̅=DUOE9` g%Nb5tB@gMߒf8e tY.o0p!cSʽU}W*KokS9mv,wIx,~:J0a*=$n:H鿏;w[3OwDf(mF7*F)Ly װp-n3 |Њ? 3" F?qMiJE|},c*0P,rft,UJ3;i%Y( &v1D>W|NEQ{X*{Ż,9rڐͻ}Q~ %X`)w>>07ϧ۝2hmWCgfꞒW+3St)M=epbcWXHZkUzŭ;ԓ$iH*=꨸[ww+,ys\up;. Ɇoh SʬuzVs:"AԽ3i⽝pE2'Gwz޷D,}V!q}mZL߯71Aңljv+d S.,mD? 72K>}nM 4Uu3?⿘/:?TtY #.Jl֡H(E>b~X7?9*-8PTc1<sֺ{A J+`c4Տ#g_TXh"IvAZGf4#8~J&U"(O$kl3oY9!tDvH&7d>&v@RY+w3׭W̬ePђZ -YߡX{X}"p`}\y{HQIMF5̌Tr/ujh~)Ś 6p,@kye>c+ՈW(QN)c\yE k`C?)\Hκ@h*Ic+ՓEg2} { zg]3K|XT}i`x&8:MDv;OJ}R\ڒW׾S J͝J]\p)r)Kp0bI*ϸ_]*f^xt&<͞8;4c^KZόc1/4V:(Ȕ뭉"Ğ^}--;ƝkZ?S-Y X\9>  -KuCLwoPn$0kbTSVLً/Wպ t?'Jގ.1 6 :"0'8TtPa: P3^'<"(;_keBc{c jشѦOqAWwׂΪ̌S|l`T1]fh2Z!n<RNuXL0-ǏD=zO|̓LZ\}ŏf ȕE7LѺ{ _zfτ/sdHE~d}9McW#HGYٴiZ] N<&ƞ7z 7fN+#cgW0Mh)n(k,bȵ+b4cޏBFF0xJ+M+Ω:t ,`6$z/ 輢u #pr3s$`#m}c4Nmmr%YU2gw! nGndO먃Y=.޸cTz endstream endobj 598 0 obj << /Length1 2637 /Length2 23108 /Length3 0 /Length 24590 /Filter /FlateDecode >> stream xڌTU .LJ RCáK)nnN%$qf{k~| e5s)P SPea03123"RP[#Rh]A9M\2qW f`app23Xy 7q6(0dA@D 1+8<h,<<\Df&W+=8@ df tOj~+WWG^&&F{F = t: (ne\ da vf@9NP(96ۀOo,,W kM@&^ k; @IRӕ``7q731 )0Oy.f֎..vJde s1=?qkg^LOv0U#PF `ffa@O3+_ս)Y~8"~@Dw `nm 0ZZ; -;[{`xAv^/y|ؙ _K~oeh+`ܦaPs4Rf_,ϫ߆[MH/5_Һ@>mhn[+j>Kh"i 4Wv5{[k2;k2kҁOp_* rR dX98&&^!|@Ͽr,@Έ&`%qD#.o `xL".fF,&߈$d~#vo"F`. o/sQ\T~#0E7sQ\4~#0E7s\tE<`Kli: rο ph87#ag%B1)#' +87xL\~0w7X9~?[N fKۜ9l`? ٬Xe@p6@Hl6Y`WUM \o58#cq#G*r'"oGw`' sYVݟ.wZǀF;E{{vy& t;^fna=f 3P" {{Zh|;^ý p!~mmG IK=ܻdF{mKS؃'"u ONA-]Nnܯ1<<WT9gb5bJ(LqH_2Ӣ_z}13B,HwV䣻w?IեW;4aEҢ%"54CjkhNP*A䚲&L#gR%6h 6[ az 4I`sz/ iw#M_vzJ,=Xh%Vy3 `]ǡ2h+aM}>l23rAs~lTܜ{hn©bڕvyYk&aN)5J0RtY(^E,ͱm]Fooj$J?枧\R-@d4a!hX4$ QC#eGHܖ:Wh^dj`NRH4T|)ٙ;}SρؑߛYk;!(WɌ:F4=⫩yoB-ΌNUꗰ78bҡ)Iw37c-jxԯd 7N`D:ؘ1'NeTY_0_?l{g ?7 T~V!߭I!.q0>gS*Oa?# w׺b!#4<+onvhHb,´DCSaƧ~SPf# eyCfyJ,j5#rk9e׫D ͩyh/%-=H%9R=EVT'&ҐX|_ێ/X]~ ݨ< oh9ShX+h,V}52?;<ᵀ4 * gzK 1X ziY^8D fDNJ$zF2/͢7+drt?Żpn,sF2HpnSgtpGhzJ}1؁HDJ:J*UyV3SFçf䷛z8's!y/9*9 [Bh1-Pv!H-'􆲉78qA "ݡXx!Sp>1J6CMM(UJJ7۹+BN,s6I%7$L~H ^1]'i>,Oz7aWayyPY\2VHr1=w1txWYpPȻ@  e3RTQ~yxg3eȒ%;YxI+~9B8/_g)t멖' VB(ϸXL3nzEs r=[]YD*˳E& ԖXM=Re@<+ut" >:.GBO\tm)Dud,tTۭˣ@j"d&s5n7k7e҇kAKi DP[F'07 øZ,sigOM +oI ȼqJݯzP , 2:Dc94U< ݖrCL* ;W}[MS0K ?'2)`ЛQ0}[3GS,&JCjE arku|}]6I 7|=b;Ke8D;=Ia/5oa9Pv хOĩ$MQ)e&zwʞaXpZ|RD h:l7׏w[zXR'8xYdD\ϣ-oOʉz oY#NlFL9RqL ǫo̾o(bSåB6lλ #[c#|YQ"A,okU *l(V#G'|] W;y1d~8^SbLQn7]7A2K?pJuB6UaK{;o D=&{GE9.H'`/MW(MݖjvX WiT$s2s:{9rfEͧD?3Dd ^Ȯg[XS *a Ws~2((HOMՁLZߘCJD iy칖+2P]7iVbGZM @c1+i4$#c!&M۞ttwʖ &Ѭ)g6!j6Kь65tRy!rm#5dxhT,M4Ɠ㏆fXCE !΋h%8bhwW۲yk ɗQWĬ8CpF?|NF0TȀ.`~d҂W TBj8cjkNXeJ%cYCW}V˩OJ+&HAKV'JM;wȕn^kW-̜8zI O_kWBv[J_v*RW%5;^a ~r;g1,SZW"^}e{gsT4֋"PQ}MJdSS6a-zgQZx-!b2ɶY$;U=#:ոNxز#1W2v>j)7#Le⟨L1sHϛcۗ5,F?_[[X>@_(/δHxU1t+t!Rf!S`nU 3+DpEd7' 4ۭ&#VۓN\Odt]5, |a>c-Eg p3}ilr^<W=f<9&Ԅ9{J$-͗#? h]#%%Mq ^K;$|j-"=Wgbu}Rw+i#}dQP5 2cX[$mx{VvUuQ5"pʷi|"2bLA~ 6HNoQ+Ա,9v< 9u"=*r)~uS3cKS\=otvFj%G% 2E#s! RoC[n~("[1/v%~>&8'k8xq\ (aE6UUUJn@OZJ[x$i"xUo䐪Ě(\ژ`蚵zP1('ȶҢd̈RH|qD0i3X7栻{%/H&i6=ı]Vzb(99z׍H2vh-X,ٶ Cri+}Rwm Tb_ 4}m/7} C:O1sD."/tW Phwcߛ=upہYݚj "ws[pػ}) oQ\ѣF+~Ž>Iq+3>%U3fMRl 8 3JV M`ɕ!7<j%+5{KoZW8;`F㨳FT{C\O]'t&N\W0Zwnqw Z^9]:uҲ"o""(J,C F^|(:i˯=:>*ajs= 42~xq?3xC)} - k˻ +I˯Dp:lAu.ݜlSqwxCy^A- g3U R5wm.*RLϽYK=8-;F;HdT"-| RcY?]n}MtzjfJ "1{p_&[5=rQ,$8DB.a)"/w ŹJ-'Cj';Vmӫ4cs`7nl;h@Cs4eH h+JCk{V|Y<ONp.̓-,]X>,\O öXIcxC""Xn5iZ[ vRc0⮢Q$K5 lkuo!OmQ$u{^/{ekMB_- ޏZ#]D@I8Jsz3>Hn$)؝͸CY44Nw"5PiNz%4g2R9yԝu/mF )Ӡ&HBe#:'aǜ[1:"pMrmX٣-T4nC]i+o0o%'uG6y ,6e-)K;P2CZ3` Wfm(&Uv4c=uY$ OAe[Z 5ņELk,13)w~lr9Ho>--t+\ҦrnnA8k{ɤ,B3Gjr yAu\N&7{|n ny)' c{C^-`1VESy\Tke+B:WuW*6>HWYI?hʬ6iSDG[ E5M,W]̜ F(_.@RT_k=?J B}+:mӄ!IWE@~XcG,.cY-=>=A{Ic.@=G.pW}JIM@u(N;(Z7Wrq_oDOݖ+g[UNCԜɨO}֎M&c@oh" (=KBP@)s 9_D[ptpiH0Զb:y^3>#0:K5{[8 Pٿ~H @p" s,,y6溺39׽9r&ƒ mc #y,cQQU^dK z7qvlE~!LIE1MTh,U& wu36vlg6 mLDFJ~4%k6R+6z\]bW(ucf,xqIã|a:^;R! %2Ȃw!0үKSUKf>t{#7DD]3)PH8C\۟D9oH cDt'~W"#IL93C A8oݕd6e+*d8J"].733lLèB㴕-I I)3dJPL~9JI&1YLKJ#2g8lQ7UOWH}f {ҡ(7Z>ˎ"hS-t:[C?QF8\" *gA8I./S6,"`ư.@&s-_O;e1sRq.vE"Vgne+hW #\0ͱ qQ V9T x! vmfxq@+1jzAaj"ӂWdFgYU*-t[% F:Yp'M0p˧&BsbLNRh?|k!krXY &C/}z=lRp` WX,ŪGiS9kF9z˙+Pg0 P9nůg` ?+OeJZO7kJ4[.S)Sm}T"2 77Wb'^ID|+_L{) qt72ę}:pHJx,rOd$2<ĪI$󬄁Cpf{'|/A1tmj;_ (K,4P(|[Tnc o ܰ+M8=v1gGMz-ݽ}[{rb6mzJ2Q:08i_KFIs p]K]7J>4̩fh' yK74yF-{!BV#K#f ZԌdTh|khU޽> \Uk1JHhGcdֆK׊VId㷾;z-1dL&!G?':Xe|ZD A~, xO &7*;IFW: ZnĴc*2~YNu7*ߨiG>&o4v́hYOh?9ng1PJ\ C3JIW]ۭǑ(R'WMo`i‹%}1ɗet`K4ZyQYUa\8m-%rr2Uu.2mӤmNȳXDGxLEdzvV46sTW뵊?sޠ稐~V<hCQI-7|WKT O OXq6̦ID!UP)̑# ?adP Z] f?,& gxKe6y$bY61ԻGKE3Q55ͻfXSx5N$RYD~{޳0 +'QH NPD#Uaѐ3R =+۾R #}͏KR" (*F ms(nbfz`unْw|FّsnDC1ˇF>_s5]zkR)xX Ғ3D4BjmnƢ$5z-|j<1s įp!Dc̊goRM)mx7vfGQVī/9#q^u^}(U` Y{UmTϟE (ծ8̉(؂1fuS|pp ,\|KH*U -/bpa%fPv` ZcRCy`2;;[u[pn7ao=BQ?=8|o 2k.PO{wtR cgNjju)7Z,JQm_B(a)H*<${R;7KiX}+Tšβ0EãQ{E WKcRV#0-v׵(Iq{p#^Twk2 4 uI)}ɥT u1hxߝA $s1."qܪGVuϽpU{""]bݐpxh:]Q O`Ůl^-_-^x8x u- )׼b81+{$ŌWd΂[wGO 3 8(uS?y Ve`SDs1iKq`#EE-c kΖnkF(40.kfxs߹(Fj%_Gf,׼\Kؼ1zG[K.L1NDr$Q!X&!:+|m3"NąΫEf-įӪaUf`Ǭz [ay}c! zXδڂig]Ggz1 wM%}ci}% VGfrI#v>$}Y A,&uxkW2 $;<):Qֈ@>Տuu;/?X`:ڔ@H ԃ= [:,K!@j@hϝi«7@ 0֍#_ uhzf.4Eբ-1uJ f键0k,$FujK< LP# &o׋ѫ/"jC zE½pڛ} VҺYj;MqXX+gTr"%Eo;G6;k{6onCS,&iRZ@itQI]TOm06 dc|<}ӓfXwzJltyiuiT{Úv*޽l|ܭ~Ve:%\E-ڋ$)t&IN0_BL@yX! kFq2 ]LCbo+qzU%͒(mT2C 0rҕS=fűKT6t}ޜfefĕ~|& dVAW!M9]HSB~G͵,Z7%DD찻6)ժGD VumR';$:EM7w"hz 3KYHHE.\xtQ!G8窇Q7& uc4Z=18dE+W_0 >VOчv]]TO 8wׯݒi  OIO$'7yitذcA*KI:9L%[-c| 453k6JEuuV![Ϗ;H?6gdNq["ehߣ 1o6H98lxZøO@ֺ@WDCmnK %0xRjF<6E5{ڤ aīOP؍N$)sŲ^s 9O6*vE_ ú0Zw‹<+*אa^p:,Me(DwT1G*&%opiH]+bxNZTͅO\/'ečaQ{O ׹ُ\dgrһpI=e5?ɭ vO+'?u $᛼(I_Ta]]ѓfn1c⣕dqF2˗ht X-ha`KDlwk$σ}nHIc!.G151=ԗw+zR4pIKX$Zsr1X!/]E^4Z:hbR(J)m/5}kwFዏGӻҿҭjt "!(CSJ>,aKCDJԺ2Psh3R/.q1.~\w՞%"3_ sD޴%$vl{ʃ,9k0rشpi]{?g՝r{DD᥏5w.E彠 Z[7(_1xt9ς3C[rFcDZp€A ' |YUB  ꒴[+so()f@. lv?%'8{ڐ1核 8BmUPlM/>f&WM暥j_@y8 ȟ +Oct"dPJGgUV39'E BXeZ(#^6E[ Yͫ3Bs5tAHK -rĐ3|!)Da~4ORYJep-}mf!2A wʋR0 Gst$LJV8)&ғn C#Eۣ 0yH@Dpw}PɰvaLV*!>R ¤R9e}ٷۯb٣]Vb<Ji]ؑO;i'S4~p, G؊5ѐEGERNhQ 7/g'Ԍ#AE`L |~"G* >qGoh[jb)+'+>"Yؔa X4{$ M,&"Z=k?"Evb*VOJwu '^wNk ` {=[t-b+3 P6!2ɿBw-CCp ddn5n1 a:qB^g ( VC"jY ,ך[ԕ hjF^;}z1/UCRL+U1XLP`N~4R17콑'8H@@gF o F*NA?ei;N:Ҟ$,KŴU;Aj'3 ɻ6|S-=b9|Qp?6b插YxYOBGw0zFVK&H 5ShC'o}w# f#_ cw}o$yC?V~τk~1x.dc,<&eD]XK?e˺Kl%a"z^zmBIY -Tg=afʏH(r+s#D,2D^6x2!hK16_C }NO{3.BfqkH3gDjn0֝Vs8B(4pU1f@X꽲ϙ59J4R'EN MW~e1.ﳱ?-gl}V\GH7h}ބ!j:\UW:-7kOdBT;JemJVAe?$}vK}3We`bFJ^bh>R& w6li|& ?<}\߾wvWm6{Ҁښ޿voذkO7Ll~ i4XN?nM %7jgH,3uũ{^I:ҮH{avmDz'`O]NMGCnԬif ~JGToM`? ATcش-ƙNJǎ09A-{) 'qgsZUXzv#LA𐱒X3ESA.+JCv6ΤroҌOE z(Ъ)AljGh0\r T/`U.j,=B?)Unr׎>QL:,c71> gtm*Њ?C_bn"{Z kAU(Ui~>To/ҟ$A<Ņp/OI9h,ۋs`W̒"-cNf_o/ziS8 680}x'x䎣?h65l皍7F=;+E곭鱶y0rn {-@=wIR\Ɨ2סqn` (RlF4CB w>yx_lżaD}%ө{JA},rN-UgsY8T|iqO񩕆H=YBFtAf!N$-DfXZAJ&sg*+E{L B<(H.}3<2l eu@zuIqC`PZ~74+1achcڗ= V,иLqc**> E"1PzdBZQK V_iҟb3fxM!ĐC@GWk*}fh,1R@+:A2UV~FqL9I0C2U-Lof{_XT-HhN}3TrBg,NNk V=A#{]h$Y-Xnǥ y eYZ Ĥ.(kq:4Le@r1`TY7TH,p/ ON*jrk:AWPuSvQ@ MM) giZXD Ij!E O0jWe?iͰy=VyxbUQ!tXΝ csHL/KwuU;b3%>ߏ*Vo0b^o*G+Deկ$./i>]/g>U<WOj!gS /DXR1BNT 2%c=~([Z1i o? BKx5 4@9EAZz;(ZO0k oC4:L9]uMKW Lqvz-wҒGlQ&B'۳͉7G)tB]bcKQ[SQg@dTCDƭ=_cw)LJ`2wG`4L<յ䙏AZ: ̶ C.Ev'/՟ rPGڒ3GeTaaF5 E&]ul3ԙ46YrB L,ӆ\$$21T% (=TeVҽr{[KféG`NE o$ӑ`3Ӑ!W_ ] n'8<㓱’fp-a1_eG'~t_n/ud ?ZL7{^{W+O+@{z>vLWP#?=U/eJF022-/.K`Ķ,s?ڒb O. u(Σ|ʛ'R|hK17q1M~4:T\'80[.sƨn'&+<6L9G0bGлB3 <2(0=\`J#kuz4[啵2{u>]CܬON6 ' <_GäjAD(*E8^s,j"'J*_U)CYN@x."bjt #OhIǮp)x}&wG>[riӷPmVr#/ث ~~\vm.CRx88"Q$Qۥ`Ș'54p/YvYeIBLQ 69?35*.:S3BQ)O;)UcʋGNV3E>l_Uk B¶ T=N0:Ia ʊ'bc53Ӈ2Yvqבښ< {6e˽8?PPl@Tٌ!)Ypn5r}OGƟVoaiov1wB#R2UJQiWT^Q=̌hZQ# rQ~EE͚n65_@Mal?w\t+ R67t(s&z`˂Gi~7xm\Mdzkۖ+:{$D%?N"[xrx'EKl? "40[uxxrC*@~;(!3V-gE%<:x]?S;Gs)Ϧy օ8(Vc+*8aO`oKI47 iRU,.;/yRRzQ "#:`L7|{ZSDKS {& {نk;4ej\rbUΊ+uĴl/p( {xGۆidw%-ZyޤFcLW.<|h/|O*CeZj:o\g3iʭmWyKTYog9'Lk!ٹzcK]ovPZ?iװ[$cnxza[o> stream xڍP.C 8A ݂{`Afpww$8Ip݂[N={W[_|_?-owOw :9H qf`$8x@ ȉNGviP $A0Lf\l\7<@ !ԑ i 6(:li ;?3F1;#P4uN43C g hlfjufdj '+`V`?qu#lf br*A?4` jgo C,`[@YZݙ` 1mhjmM  - 0WyNf`{g'6'uY b.A' v@n 0w. HV/f rp@>nr7b^7 j[`/t/'SWoKs3 A': Y).¸~2 eӑSQduPw+{ y(*࿲* L֥$35`@nw7!i[? ?jS;_0κ8MMAά"bZYgSA,mn#I2W;YI?qCf TN[6Yf6c*lpH)qr::zaDxqFl3+`uD}_acjgေ` Pǿح<`k0 K ?;>o0f@K_",?Na[9/0i['.d0 5n#ucNadZpluBXx%a giSRtkk-jXSjqv38aXXM32V Goįrt\xTroܺekznTx(dь6(y9CLJƄw=}y5=D)όsKo3vsTөDox╗G99/Q8lCrrT F߼G;Q%"_B[v}PN<[$jѢvCte;TɠIlf8zW73.riw/ wXJD8~[U J*OrzNI1YK3 ^]MBŷ4[sz2IfT:>6|o0 /żooBBo >vԞٻ|{a5ٲ:\=``$.ѮkZD,Ct|9\PQ[=^_v[t)F >4A 7w wdj|pųyX:ԣk-MGՎOd3Ȧk_vWH ؤ,&k~F8@h=ZtRKMɥ|/jU 2aE+ZGb9J+SI fE+XToYg!eyA/xH[l!VL><_F(3TCCB^:wQ,L$T 328u"Μ\Ac0DiGM^Ko9n&KҞƲn-Ew+[ Ce+.zHoND:Q%%SfSFqǏ,Yf(11_y Jk-B&b+į((ϋ7ٔnXxK 9OR p(;H&7V["?j׷yL:Jş8|ބʃdW䗓dΆ6YY<\GhXcRO6Uzvo9DI105 &fouFȈ^aa}hPVѵLu==jό28χc]gE*tǚE}*r)E%qMsYpqD :{'WKc{Iޙ0ZdE lRABJ.ijܳoKw BnQo3ig$C5RK0jeƇΗ4flnPxM|ՁN"] QsBBSV赲'3($iYxuH8=U2 .^jeՂdJjL!SI礊][V#ދ(1vA +dNm䫂otIp}[ 14_,l2.JW׫,:Bji+Z3/? {ֿYz!KA ކjc[g.ˣW, <_La I131$/Y 2ͪ/Ýd&&تjO{0=p{tD_S{VojS5;"A  bHbyX}z]{ĆF`$jmʼth A~ݭy+M{6ΓDZvQ&upQr"4xUэXw"!? JbImySr !{J܄HuNcWQݐEmkd3Sc*og> qmewViɏʢ JxٶZcM {N%oߵRb/7& w\V® 7եRNDoՀ>ks#M Tv Pdq#5f2#cNE!mW~s# GpjUPg^g'`*k{d歆v6&p5o_58 ]ou#Cʺ&``lI2T/Mj8`D5-U:rmGkx/msGdEwT@8>%lin 㫙ٶ ÏA'xoj2ӷ. p!͙jH>&iNv/(Mj抙*0VI@LԹݥ>%u!Sq9_$$7@o&BnX?yk!0i=^d!< zѰ jB 7ؔi֊5P"ၓp8c+JSM)&7 (|S;iG͟v1:xG թ,໥ɀص@!.W|(|f`_ZŅf|tqzpnj؟|(}ȏLq1Kt!ǽ2]@jExIaIfHe(hb3j/r|ZB%ԛ;./b"#˽%H&|)ڼƜw@l@ePµRܯÓ|iYRSV]eeeeq:trb%WSB]1E:\uYZGW>Q~>BD>dxz!,^s.(iEK[m I!9!F=pC'0pAIa- .c p/ޝ\=V/[rf\Q",eb[D<י(gw૷]>2U1H6ҟot>W '^(eNH}]S} EUg.-(ث{݂2hN0l' {J#[uŲħnBۼ$կ,@E! "\ǔ;#evA s_Y"*K 4т븠pϓ2ZbuHeYh.f"ؿ[dz-bKs_p/Qs>,|2cUWMh5Ի#*ಬ= SzV5Ѓj܏O!yaG,6AtJ Q3Ik<5Vݓw֭'Y*8@wVw&75w*:GBuV|eg_"I\ 6NBlvg@Xyp.HP nd g~#Q://$=ItRfiq-ARl*GN,M.JFHUߣb\|"e毹Y6PKRɣݠ|r'^MeSlQE>*B|1 zDAQ؛G/w%% qt5od. i UO+N4K:=V-!Cڳ*JJq6ɐ~\ys`kzOf\VWmƮ"q$=oGBI4X[=/z#V/Hr|_U G%MjT, ?Jo-aG:2y8eu몯@ \%z8a{=dtwbGQļl7ѯ8DBi҉"ąP.~n,=΅"Bj%6QUጦiO=fmq6Zѥ,h8R6&W^MEdeN tϹ'z81a/[_U;@]̮sZ2 $t;)7Ɋ9ah.7;W?looۻ1+ ѕ++=@4OEѡ|^Qb-(v5;QR 4w dV98r:M|rwOSnEʖ9+HQM&4}p0wM{,)u 1.pf+p+D|!VyS»T0I&wl<.")f^o LL\Phq#C"!"RQl**g{!*Vv?YhqP~Uơz&UUdqͧ|+^ )~qyR0*@f؜'<*f$0^]p~XO*T=>Ц3je q^ZOp[J6`eQq󇪰|s^AG+U↺24xw$̮Esvrn#4w͠\f\I'.Uc/Ռ73"/<]36 ͓dQlD!])p3+,o瑳*DCJoiן遚DGkXqG8N"͐hʶŽ?ZJioѱ9qE7ZJgIZD5z+ڻvH{&ƈ=el?vJMX6+ŖU/i{٪/E ԡo>d%qeo0*@}DDb>Hѐr@DX"VKߏKckriZwJ*7tSlI#Og8/ 8^&@Ipu)qa;pUC@TjYs.FĴڦFp:|Z2PҰ]YPlq#ǰɺ i}nu'Kw?՜>ﴋrlw9koN8\fT'ét.1yGsi:$)ɦ;$mkg "E2N3{#e%_#J]F* D>{KӖړVgτ2L+Co0ƣ_L&Q $uv}sh[apg=}I&_h'2YET}L%D ~ !qlHjc7)Fm;!<691}jqS^yjys?#P]Nnh$̣mljxD++]ƈʗ)D^UR.`l UUyGAFGTIjysLU~󼕯 Y͑j`OXu;2~u}=kIfvP$a*[G ?7(0r|ƔVg5)#B*}Eve%!,Ry"Ч[n;E$(^^8ziMZe)D8U͒)Kc-zAH0u&N,Wz}[.\@0coEjaAvE-(^{j{y9l:s*DdW̥f:̶T^:,^iEfYL3Tv6/; ba!I֊ mccp#?#Ůi1.B(f2.'nf|U(b#98!DG@SCž,G>> P`"}v@Ź^ o!M{x(2cʯFݠEzQNeƷljkFL a`vێ4OS/FBuZ dTtuhsZl4|D:~ Zƨj4o=K4ϑg]fKQ6yϏL#Uf(^Ȍ=WӞh'g4RnBr ڵz+z(e!L",~9^[Yg*L6:HB 2]Ox&6EdtLmN}شZC&mӇc-T!Di ¶O[xt;1fzuzϮ(iSuO[|ڳ9g1$Kٟ"M>HԌBo5<ޔ5/Sa!AyW9a_lioc$z4d0}6 ,deȐz96<#qWUE3Swt *+=bHAΜ %c# endstream endobj 602 0 obj << /Length1 1552 /Length2 8187 /Length3 0 /Length 9210 /Filter /FlateDecode >> stream xڍP.Bq V H;E[]S(NBq)N-N9sϼ7Il/֞нPbZ76Nv@ZUr\htt`7_R4 W0" Y&cl N>!N~!  "1[TJPNu{_G%SP;@4TlA7Z;``ussd7wte؈1q?Gswpeh}U@T׺Ut3Iÿv{nQ/sC@PW< 螷p}yiJY%vq]\̽ўGxkh`;x.` uA=OA~o;@Nak(p|9ߐGA9? /o 7zWo,]\_?}nܿgY-C-CB;n$=v'E3.ta!0fLYݖeX~=l֖~`9ێhhPqM[bu=|+l]z瀼W`ʧw{|3l1:FAt9s$4Hnl(x^سW?ཟE]k{;VCԀ 4T%߲աEVbil8߹jQ8wR C;I L]hkMA߻4_'^VvӡkGswx@r[=BrWSX㓩9$\1iJmeۣ*VORf a9$􎀛(kG`muwV"Վ5-L0`ϏTm-al-)>b72~HZn uCX! |-)dEʓRa_ӑ#<u}+^ Qt(?pxyf%KJl{ iJ-?oܬN| ! sp%!]g>7^~;-pZQl`gP45^죏ThuV̉eE C=J$L &ftCDfP7HC{n4Ty'lپ P])eNXhLx-;[59~oS <)Mg=2qŲ?)SBVW'Ȳsk'iaٯ=ᾅx_jο`.h,͈ĶS^1|>`P2qwE1NE% R9Qd<&z ,\>8gZqЖnk ;cE- :R=S:Ѻ*ϻ4K}Үu[i3 CM$4y|Acמ~gg:v"!k :^ הȄ0 u!w@C1Uq>/en8֪zq+„~=9QiؕFHpU+6헅;@R',V+T&lˍ^rKzިsb”]T ?#%O^9#w ʠNB@}-04흆&^K!m?OKe)5SHGɉoDG {ڶsg?c-K[8V%Lji=.+T.%Äj6ffbfY#\i°Иؕ&_qq~25Dmc#uobD*Y<ln✹O6טڡS`F5x[3(۹Y"IWeUKnW;+V8)kEjna'Z"%Az:1)Ṯ4"Ni)l*det%CipkakRP555xқ-tטwo/s}CEC/SX[_޽Lz Ū>]S`CEcDU<:~zˤ_fu+eedv[[i< XlS U[* %d}~%Z$c/ Zg"mi|3" ,-y5ܚ\ި2~m)k4dCExA(ھlռ{m%la Q-,|~:mb36(,㞔b g;Kc+ J!-Q0PL'PlZ+ʏõhDaUJXRR W#f$ln=vb>/<,L#+`BW|Q?ժ= ߝ?p)1 0\,QՔ 2s!(Rw0]!^+*;ʌ3ySMS*L>?*5ol#eISup"I۶vaaI\0*3R~lNAEYq"|r&(_1Q2hQEqwFno!ɴE ;_xGxD51/R'7ڒcoD)ayc[8A+H s! Zڛ@䦛<Ǖ.$ w?~5̬Wzb^%F}mXpX \q4NI\,MBxN+֯6Ϊ-E;_MͶ8wΑæJ7ܚ~Ve#f0v/r|iSE{4'dŤӰ;OL8xwPZ^)أeTY+Xl~$٢_ ׫GK@FvMtÅQs*)vAJZԞ~C[c/ڐTOTSWq3q].(Xvx+ޖs h;@$J4kM6dkjg.9V&ĕ"#~r9 u P[4 zj45{ưbvl`vS<}Exa;܁HPѼk#xӶO*7 A]:GWދI ?p},1[W8%ߌ̭@M6XqI0jCMR $J8pڸG9]w:h([VU DMLv7g@1~,w%HUXhb?Vi I>];L/^!nќK>F?:}k1c(7ZQ>yhZŠ:* 6>̇o)9GDc QD l͗P\bTWǾݱC+wKukıU|AN=m8\E6a B2쎥W[obkyqG5r{%Jo.܄Y#/T D*11+WV/ U-r~a#w*&6A~X_QKj:aU#L8tG\k*rȘy&b%^vҐ= mrb _;ޢ0y߉>NC :}@nf:ȥmYh; 6[)sZ܂4QMgl47vʬXzÃ/\v=T[zקQO[jeRǾ]=9PZ'9͌}Eǀ4[A(-RP*x&eF$Rek䠣ؖO:ڪ(֟O%lJkL/Xqܓ1"lLOz0~6.պSz}gqEp3xY<:1&JwNy]nϐґ+1i_̙"uA G\)KLxR< I,6~q/VOd# pW2:m8QQz ^b%6οi^?2f7>!Nྫྷ Y}z/lx} 'x+c9[3S e"(sԪk2=sxQfDqJ7߱a}6d Qwߑgs#="#inQ@R$&X[K\}tz/{-r a<.zge/oHZpu? Z{\'vt)/5!ѫ:?ØLxr8fi!]_*{iLU>7?[eʞ}RYՂt3Ė%O=p دe-aC)ۥp4e53sK ݾrE{wtrf f$ފ2; Uv@P4 iGVdbfmjz82;A1G;EF_Uab[lE畬mɧZ-{1 uѮ&eFP{<SbzH0a\;=Q:urc/(p.ofvjjN =2zҵ4opQJ#k>un:V_EY3l~":ж}"=Ώn1Eׂ7<OO%c+)\ߛaJPVdmMeDKR%e|;XKx/B)-f&[[#Am>쁻;RBVvb+qH/Dt]v]5Ǫ $H$WaxLuһ.Qx+Ɵ(,dogʽZcKPT0Cem[lV!SsOx4P[epUIIpb]'넪(%j`xWU),l:bIBOڌ{g\6 jUs}1\zF#*[ *{օDkTnwa\ԪOҕRYwؾe~,0h.ɃIwTi?赚zߟWJ`+t_@n"J/XLo޼ We"B'8H5ڴ3UY&HMxv5cJiz&o}%6b4&[!G1MOM{?x{HS04p~sm(KQZVZYOԗ|,hHNb{'oYe|eUw},"i_AN/kVZm!.&R'GZ V*yhDSȔimE6y['LF2t)xV6a+ ]Flٍ&pEARF'w,#DJQ2|*O`:e7Wey \HcDP!h~*EM-Wtݴcrheg9L!u*x{ƜNUjqz$0 08ڮ!IO%"wP5O rQ'Ù x3[s=@L ;l.1YK^m2,अbb:?Li)GI{f3[3LO d^~ީw{ci_!KSk/aucY''\`WbPCVM8sP=Cv>ΤTC[i.e/ 1F64*feoX׆>uuwiI !:ϥ/bރW,2#aI'Մf2||ӊb !KZ-ݍuI."}%Q1T0u)̑)xeY~^<8><ؗ7ք-غAC0Ʀ(4=Ngzȩ[t<7^d uS/%mG{FA-ޢe& Nxe[qi4DZC5m+Td4/QCD]dTWߒS& !}q?QE+*MZ->nSLNjJ,jmcHUX=#V ue;@SXƉd<#IP1Zr쩞dTX]@>I*̥,@aȊ7LWIRأ rN׋*o0::E87OkT/i^b: y[9'&F-eiujA 9~!7'gœo$|bʋ4&^0Wi5gcޘqܝs{AI+JB >z] UG09O8) `1TzHEEQñ7M_+FtS,EKqwigٗu'ԥ4/ PyÊ@D^,xN"P6Wlw+P=Wkl B8ȱPi6 '̧I_g8Vaҕ y%`Ȣ=@Vl5.Pv!ܪZy٫mԓ= qMńY ':@6* C dn", I#J o=߄0Qz& CJP)}bHtZyվA1ۜZPqOwTBbY,"NAEm!'Ln޴ F#,xGR)OŘxB _Pӏl'|΄<I5qmVYDK 1$jqXYx%V/gЕEQjNUWDVnŋRuQuH:MݸlɏWc/f\sۆ3 endstream endobj 604 0 obj << /Length1 1539 /Length2 7794 /Length3 0 /Length 8823 /Filter /FlateDecode >> stream xڍPl6L# H,ݰtwtK, , ҝ҂HH() HHH÷<|}3ʨk`aH^>$@IK_ P /aWB@@H B̴0O@@TR@L2#$ /@x*|PG$`Nw+`-⊺ rPBpH;"n| W>8A E:!\60>|V#/n! C`(O@ 0PA`ke5>;]@0_(`utT5>HfG@P-O <҃BaPMV)]]!0u_?cua0;%yu-P1 %w;R7? G CP? /%|B0GGdP9E<矓%[vp _@屮Q)*}@ !C;.wEu_ {=}߱(B&PF} ?GQtqhAP߿(z"Qׂ6&U bt_:?MzB} vP$/^0( ~P@P[vF=(>QAPKWp%(" ! _|ԈQ_v? H U^ =O!?"*_^a"8ߢJB ,Ja?2*E#>+?@?tE_f`ZG޼2S& D59a_ ,pfmm}֖*:Yb8EXBC/-f{q3f+zwOq""s5 Q IxiB*&$/=>ӧ1þ*9:Piz"g[T׺eoo,ƶ'FU)[}jkqU^j0DZ뫖swrM#~rOP'PJw4WӃ.'R{mBkz ,PžE<_&B~"kczB3܈ڙq}UECOf,'UYK->.uyt8mHiÂY m^o O˖ s.-^O~5$>:b $̵R-U5#S6`M񕹍r1ꅚx6W[}kMc-鋄Mk3#R#Λݑ0h 'vseG<U!i'DpYY-FZD V)&]}3cgr2y^ʓ}I#[4P1ZBzkj (QUPJT^p fO;_K$să|Od!Ó-9|*~&aZMTf;ƕj@Vg"˝쎭u$>󉇎ՊTw$j,"C C[L9YK; &[bzjƻikAC2͒lIS61 %~oΟy[ 1JcoMsa|};u JM_YؼM.fI8fT*{*'!vll0]gʙ,W=`Kzn H}pg+VyRJ,Z>J)o T#w a{a9nN5dua cKT}~75wE;\q.Ү1w!d֩Eɚ|O8L&$K'cuKRfuG8OF<`IocŒ'I[MKc6+emi\b؟:g,k._];{pqR0[pv(q_b!CN_p2YHZPfyC%\EX0&=`|=N&0)}L cػ9mЍч Ƀb|6ڽ __y")ȬN+D#68yxZwψ~0hJinoIkZ"(ڎ_ֻ˯_.,EklG|z!)$0:)LfN% ymSF6^X?_& 3Qqx𺿪bTaDj7>fRXu_lIf\R\;߻h6Ri_+C)2Jj,C-v uAǃ za 16~UuNhƤ,#}bzkCiņP>p6ܩڔAzު<AtS'skR~~2U1oP^0)gvٱpą]%{PKU80a{8Al[]%o|B%/VvYH㢓؛IEK'LvyI<-hcr_1QSW[tɇ'o%6;ɃϜ]+^e|)Bӗ^pgҏGG#18a-J 4|sF|E*K<}1%qPL\l~JeLX]p}.b(9}ETq:k~ZkɵC"ZZZh i}v{X`!I_@)O^zӅwuLX`$xiά:@V} Rǁxm^ mj9q1[{4.FОl'ef~xY3[/䖝)Yi*텙g4ڹiz :9ډ8zaif:`Iy5ΦQpN[ΘHfBs z:]H~a0W%|T9}}1(з.7ch}d])0ԮfC (q?k#lU9\6:4:> y>yUz&e൝4ZuGX=6 VUbrEӝ[=BITE\]2㲷vOg{Gp ii&2BVXivӥMFsr]񯷫{ C3u@LWw= k܅6_>ڙ cΊA*C!_A%.^[-:wKQ5I_? 񂽪G}E[63mz-fld*R/u5 )Sx_ !uO- I(>𡣙KɰҪbX5| 9p ŸX_Јz(6At^=$Vԝl9/MO 83E7,h6,[dGmDR*b}nc٥]$-_Z^`YA 7B]KPK7<Jm+eZf\:ӄdv\њ|@5f<3SNs\Ĉl6~ڧZ30ٵ)]nG [슛 /q7˟r,vge܀WA7t}g;bܼK ?s_c_bLeިJ pP[YC3`% he](fCIR|2} ]qwyт|'fc'+ "fk~_ 9'suq=A}^S\PSSmpS͔3Lj C^j`ȗ0WԽ !qS.{K |gׁe1)')/)ӿx{vN=NoaYK9RH㑧G2#q{q(yaz=sB)S \N]ƪ覘UL'G 6qVOp56gM|Nj>+#JUP WeV4|cR5ؽ'*t1ξ]Q, e^N%Ů0mx+bwʿ(^ a|30ݩ[fmIŢ~5AhWF[52F˥_)Zjo^'<& w{`j;Mh~ph弩Qjo\07tEq$=\|}JŅj/\ 6PneqrUw\i?ﲖ칡F. JRM1fq=ץ+'"͵ju+3Ӄ'*2~p '|!N3)=2+r>=}/B@>m9y__G %(Ě}ӊ;=Y2kT#9?1ZPGVWQ6g#pdJW^7"/R/Wq)D qUϣw)%|SRkC8:3yOw'%lհ#_,CL'dUXuh), `X~i%;[L#GND ubNxԸk[KvuѡsW$X *f*s"8hvQi$8_F4@7Q;3CZ'TЛ໴h* \ x\%yzֻznC.8Du$ꠉEW ;?-D9|^.2j'9LI eG&nyΨW@R >DZ\3Hd}<Fxln1xLa@Й DfLJ(k6ܬfXS벛\| ax4rX^>8]Ӻ }=k֘*>r6EZ̙>&DႋO'z@^GCO̻&ixv+g?SQ a!!̺1uo ۦdE3ĞkhlMcnOI6cDL֊pXvG/ȫ1gDQWrܑ"q3c櫫 #E>7xcU%fhF,)PZ}}E՘Yr<S]-E$ϔ )Tm$">^p3k;sχbf/?m"~nXcz/yñG;M픾`@[LZ^Bg`whErja1y ޼ zB*lX]k^V$H|{x(2ދkW iHb>(pVXy4^[,{H2:`ԯk\7>Q.9$ˍèU-CjYE܉,\ [mEZl\1hC]4`LmIe$ߙ,jLXgKήX? L#37YZH:+.8R,}*ft@6PѤ'+,0gq@sF̐s3]B4pyx!Uǵ4<_>gWv;}H>AF̺ &Q!,|fۨO~ w2HIrʽf'ւǜe5?s8΂o'`O,%fp>f |^ ~צQl9F 'psZ?əڄ+D,|madL *3okLv6ܔi-8ktf ~r>Sf\pÎ|ln0OXG_Nap~4)ū}-lY gA 1eoQiXK@*jZf_"ޟp38Eu`4Yng.mE}yhs45joE!S_#\Dw2eW{?ЖӋvgP C:mpR?sRb!T6U=×UH]"_ %|hO ]m?W 2^ѣ|SaӲ:Oܵ"tP}Ce#ѐc*__7SJ6j4 pͽDzap<ŷgۭ:W^J53{=oMgʚ6Jhz +xVO)P..Ъ9)Izf:"ݏ!)_ftoHћw%p?_C"J"ST/Y 1Rn) 85#nuMeU%K*Ő34qjy 'F 9.zȆcaÕ1-o 9?(t`gR~Q!Qӷ$:Mrm{UsECѫxFDrZڭw[#^^~<;}Cd U8*/Y-(>4#/JA7f/Y ۸yj:e5ױWƀطļoޭEQRߝZ3q,*wD>%<4 :-'{5ޑ@fg-7)L'ͽ_&tFISXvTcJ+?u~.;LEzEhv}\f:wFKK0uyvIRypz8SާU6:@|+*XoiUJ? |ت8U#> N+-ZKm]I"PwpNWhՌg[ِz~ ULG@',=z/c캵tJB^Qi\\ffű ՈUːl+.J-sw@&iYj^˫TQʄ+~A؛ UCĆyv -| m T:JZę֑œd,$c90+iDR\iG2 ҙkk`ϸ$+tf:?F\n/XdZ֯ C@N4s6}-P~μPS4:ȸ>rO2iӦw8J9p戟Cu"^쵝_!㖑B.ot /El<\f i\x6yh˶89z+9k㠏<8ٚaPG|H>>_Ep}­Y%,/%yvg#X|^nc%^LWIJYZ>{0ҰNx-~#pԿY~{ݎPv8봉cdud)*ی3k2ħZ.S Ce=b\Ѷӕ{ s֗ Z\nyղ1 di>I endstream endobj 520 0 obj << /Type /ObjStm /N 100 /First 910 /Length 5581 /Filter /FlateDecode >> stream x\YG~_Qc,Ӳ-aA9b4ED,J> YYYqedddэn1Oؔt7/P{nBwDI)4 1`mcFu}lLN-: \=56:TiMCbR8qG%htwq1aJL5 6ނ5`݇ >9Ф5hv8EA;di,  ai4&d51zdLΨ0$H$kJ4dF%%&lAJ2+IVp$<lq&Η⿕:-ǃWpz6_};z=ZY7BՎich1b-d]6 wLJE7Yd:&t~&>tNNOX ^9/&{RͅmMk).H_oPr(؅ D@~1̻.Y/!\\(H̷1RZEu܀T[K1i$oljkc|m /'5cWGt4Gmͦ|!bY3$b 8 [bK;$mD)S??{.`Zگqx EzdUOǗ{gh~6Sk)I`L`̟Rs2smK^gkHW'v07zD^-pZ;]n.̈ Q˺PloUf{Ezzc6CsdVnҭm&y 7^h"ݧq]6.mk<6R5p@68 # 2g&;F/[.\O6Iwg{qӂ0qoZݎ"kVAb)bvA %(]sppkWn>Cݞ//7>kJ:޲2eư/N!bx>Fݜ]`88.FC|;=-M6”b ?K^'Yq0}?kS5^NNtg77B6#l*X&Ö}0릳q.}:&hpu^hy~8|2MmĶ%(pV̿'d?6 |IװrNȜ.Lh& mMOLuoׇpմ膗,.p>05ZDl`CrE5z`x/?}w'B=[a 0 a|yos)ÇNvkX-Z:m;:u2~t\.4Ƹ'0v-dc@Ǐ{{D/{S|/!P{چ#|/KV2{(d'NSfOq u({*L_.Бv=4|pjzzoX/䏎Bα^Ob!]ltx/'ޞ QZV/6h5;;^5/4{ݛѰ{KB"f檥׶͵4ڦчK>ahJ-HḱhY_!}ABE }ώ>UrXUiчJu+ЮO 0gcGL]"Rk/nMLJH'k`L)bXo‡Թ|y"lsްUb s)-)i+t3iE|Mosc7-ԣ`7YH?,etb8. 6ϭj\H1[] kTo 4_ |Z2Ca@\BUX[l#^Kfn9% =i1pj2CjM.< /-S: HF 2w $((٫|l<;q.R0kc*'bZZަu'\-JOMzHe#R$C, iJDK?Sjrn{ ӭ6-=;qg_y5kGizqi #Gt (uURkKe f<[.JxK1B[C!\;Sn4;ߒiDGߚpdGU,Gt|7t_nZx-ȆCW}yQ^h#ې.\:Sطte_=츜7_{ͫ.AJ +k^e,Z{*%/OQW{~"eCb+Z&DX Zb,A?$/ɲL*xΚyR5 TpX^By?. RMcM2=mJk_tou"=Wԥd*7*Э(P%jsZaK2-#6o`K EBC[Ka_4xByCг1uW gܧ{.PD!:uM'MZx͖bpZB /YQqrZƺd5Ȼյ@"3$-^KxWEu&!/9jCi-qAEZ뱆oGj/ka%ǠNJ;Zґ"y0?/x${n2 J Wڦ7Rd~%WG>e+e>$<{>v5*X_8YVHh&{#鉆e)3˛h_}ymVnVќhZNO.ϚƪU&;c`8<!e sKI:_{9u8EoN(z~ѮAdMϮm[Og?Bʚ)eM?RzXI[,z$F&y6kH'l< 69BӨ[YWU z"`dUzO{ܺSQUqʼn Rrm|U^dvl^tT'Ǟr:SlF25˔ޠzR5>Ĩ{nRiQedmscaI?r ɑ('>2g4y"YSG _&FLޏb FV#Zv3$G> =7Xwg5~sKi v}I|\f1vno{0Ve,/jܷa(&LZR7J: 5#|X۠6yMQð}}ʊGsUлJ7 ȷ \L*GYR_SC9ё[ @^Cֳ+<U3\o[RƼӗFIhEO?/ni]f 5yW\[_J| Ield-{b8͖ӹZap/>o;ύƇlxWClPwG!̊wo9^s:uިz~WwW"##d߿GzUew(ʑqvˍE*@+5| /xx'?=5QlR&'Jik oX&*6*?=o+trma[ﰹd{ ;g LSVx߷+*=1YDݢs{*z{>dW}gt͔x`ѳgTf03Tc4Fk; 5|XX?pŀ.ir]Nɫq99t}Y+{(NWj*>3qe+9dF`\>g߁ŧ8zš.7Pea_~ l叭n =Y N`\# %n=X,^ߤ*HhvR>fD#eojvW'+QLWs#[_E?=c OL? ^wjJ~bzf^-Z+MSܭvת~oeۜk endstream endobj 606 0 obj << /Length1 1660 /Length2 9311 /Length3 0 /Length 10388 /Filter /FlateDecode >> stream xڍT.KpwHqOp)R($ܭŵhKŊwkR8s9_뽕=|gf<瑵@0O>^8P^SO  O-ak烙&Tr D` ?,C8B` j0E懀:8z>dn( A@ma@MkOGCF[k> n / z: 7\+x,@Gǟj}5|P@m!0/| WjA`ki j||w (gk[[5 sC] @m% ^O_On5bm`qk.E@<=x=.+pɊ0;y+O>ܺ菶:>?P@0DU/(E@;k [?( (<>hqDPC:d0[vp?4f,GCrrp_`_ <;5/|Uap؟dn?>_XZp3ypQ/|\\@0^ C\WMQUO9}P%/Ni7`.PDyx? wJE-v k?C$!`A|` |p>#)&YV!fA,od WQ _C A ސ|<,?%CtOG_xC[/cO'fඏ9}xzQ-Kó5*9ɲe0hLx:|q.>M~&3p39U:2Eob0;N7vO@f;=(#rK(NɅ'e޲ϑ3[qnʾ$ƛbɷy3MɈCI|K0uv>I;vϠO( 0]O_0b2C=#< F5hp̫8F`\9xf[D"Z#=ha~N0[9j>-wyH ,w 0`c[d1jL%%q R ʧTU"Ax xJu Wz|h{#hiW.@=TD .[͢9 yE ' I=Wc$nۢ> 3+w궥twѶ0iTԌ8NQ:b瞌tƴi>1Ntz=Fm fږq=0vzMTq^Kz6,ȡrI4t*Tp|6 dt4}iՙ]ߥXn:^o|$e׵3h?\ڒa%ޠi@.y nNojqʄ֥]n<,͗'k"Xhnv&Cl [/9JɘUYFW_2h:w,N-&1]Qv =\t^!N n^&CnN {g:z $W.b/)b )c7ўPm\8;(bQ7lhj~Ko&Q3}3&:1^"?j9@|Kb6_}Vεa,6ŷoV\qN̛ٗvI,OܷWRe{BhiG|'-^~*NcG=) thl)ĒlgJ'*ԺCܻ2$b`*ȓ 8kUY&S\.-ޫ^h6ɼ~Uk(yF7Xxu8vͼSٔ?z0OX)CH42ǧ:4YtW:~8"A^4Jgb*}]1$,]PF~UeT,%P&].ک 5G?*̂5Wyu6yyeLY@̄溬xz>A=Zm7=\eD~Ga[ß_ |yi4Η_yܷp@Hë ;S뼋`ơ<]/6y$= 2z~r8X b#f4BjAKWQd(]r@]Lؓ%DžKYx \}TW!c.8 [!Yb%4)Bpg?&I#y_"½E4enHN6$ښ8R=KwxX(;j 0b\ﭲf&{\ ֠\iFs~j`C-+ޒڃu} xS%_t@y> U6;)IG%ajG"R,U-pR`o z~@ u @xwgmQ Te9oơ*Qd!0NyX}Վe'#kKΟg<Lhx®;6ڙ OpTbN>AWkItCs;$ Z!Nf"Gx6\fvyqW^H{&K P.DgfmK͖> _=wcZ+J'#"#葐WSq.ePJ\ZIꐽ(,WLYO\.2O$*y:'(yn/-Ev"; _۩=9J-l{4nhWXGi?_6>B6qp\YsU7xJ2QgHaiTߤMm*vY S귍+hyN^  S,^{#ӦW]ð)}暥i)o{Z20/ƌoCfԓnpzTOwuby?SdeGqWtQ_E0];gvpH\^[KhlFp7Dc!=BgiSydMH Rxv$TOe&ޙפLd-zR1"]ݗ &kGFy9 Z1,0"YiuD_1 [,*$%Ե@WmEM[ W~+.t,Ԩeue9FZNY9+` ^ Fvp̑"{a6W G)91yA wV1w9% ]1zh0b$BL+N/E27`oӷ;% cl陬*VM/cl{WU퉐pӿIqacț>g)K p2k^EBA3kRisW=.<,$ƫ^;}(y"y#B uD"ySm;6BĽ۞,wVR+Ӌ0Q=^JgȖ7;&QPqoDҥG=^w7NvfRtL[hZ=<]2,[?.p7 [)4`U;bž)$0UCGSծ}[䁿51Ȑ7߆N_թ,ꋣt1ޖc>zu Sk,49De0-YyOmTjv:W-O^ŃߖMqӽliu Iw Կ.I!v#γ3b++ϼvN'ЎlI,P|Cɇu-bq(ahsfL)UQ;e_D6Hz?0n8PxA1hˠ[[oG;R'I [41)ySX] ٹdc"a'5r͗cȍzA'øc;ӑL})tA[e >Nc,>cAkw<ޣ[o'.ڏszy^bC] CrGF\Ӄv9wE㈀}`Ɨ{Щ_s{#*kY?$Ak xp$fV NZP3+Vc:Yea9~=)k1)WeX&lrJqסA RIxszpލ>Aѓۺv싌銂y' =/܈6gϵב}/[OPﰜwh Ǔ*VHv6ɟkZ w ouHZ^ئ zQ褘N>By4fPٺ鯔InO}5p3Xik':6 {" Jnp􍽘[h2?w,e]PjY2AlK4z;MM-WH)M7cO Θd+rXjOAQ+[ :] :*~"Wp'?:RM7's\aWĚ4ºH8I˭ypCjPN2(z?/44u7~ܩaBվ'^ZHAT㺋Crmz($vYsuݎ6ٞq^c96IΆ@Gv`gޑ|I89sڄxEAH|jBv۔=51WUC֐ hV:WrveXP0#!R=$ODmNpraLzI deL9o/),_}ӽC0Xx= sf|AU9?>b&.Lh. Wҝ@-LZaS*ض7Ne'Ȁi p3miЪ7$!8k6G,r2ev ̢{q:Cƶ&Z'Dh#Yg#>p*etRyԺG1kcU "L**\ ,ަ FXZ8J'^#c22#\+ 3f4Ev^lCUa08>O;C%EIEĢZuV."?ZTi,}~fZ]觋./Cz{j&{orU"I9h* &\njAnjT%&o ˼dܰ!Fw *s~b-cꀟKge[ALYRY"@4 QRXBYĄՑ0$a\bX dרL,;[U^4V_lD{]VFyH\ʧ)Ž"Pp{~F8ʫL;RsDO3"|4|e,|aKY5Q+4zpKJ.6]us,'ݑd 4ާv&= U=(Ջ zV(@z5wAi.c:Ν[,݂*!!ANnx tx%&ɊcH'WJSվs^aG&/L㝍W"oɲ:c }_l'&:z nM}֖j_8>ob7"AfJb!=>ßinx;HoTsyiRZ/VJQ}LN|C)5_?TMot?j\8y5 W 9,bYpXjj]"K5+;h5DY"ڿ~,8tE^DS_+0wNn VZyкunªb3 ۱>!M> o?*I5 yLt3"*NXydWӕ{K )Jz櫲ٴ@^ޝؼjKc8O X{ˆ@n4iOA'q$6tuTEڪ<C;;B:GD{q!\PHԓ -#RY0eՏO/!LXJ~]F[۾\]?/:sF򩰳@ADu;Rڷ5FF k][ gUink{vKSW̻ enr['AJC̥)B7a3'Cvu]VsEӚ{Ǐ&d}@FVКsYQLb.Ɵ(k FM{>; :?wnK{5^b5Xo1ɼWhDmjҊe[|-`*u' 7_U Q/p-<8I>^wBWEHom.%K7|>ٝ370[M7uM-6ViVxM.`Cuf΋Բٷn[Yw4.Ty 2EQCkltCۭDȣ_-aӋ$s4񲒄!c\a N<|} hjZb]\0[LmtΰgcVDFP$44 dj4]ݒDžxT26x2^X"Q(@N51SJIY =#.ribJ3Ȕ(N{{f!םB@L^ jnPM.:inOU ]_I ѾLm/J% ijs1R1: LL(O;tRMkB fӋ {,1u])GzOQ|V|t>ޕ|]3 vQc˖Y.}TyųDޫWI"PM]~r Z65<۞*7D9NK.Δ4Jz ,-^=8,Àmm0jc yYyADg[>; fBU?/^KURq)zg.DWQ~XqDޔ7$x-RY!kL a _ieJM/XC:(jX3R[`XmCJx+[z%A!{_syV4ciZ$djH IǡiVBTZ심q5mWIJ&B(TV1QnsyHޥԵYutTRsq4D'0bYI,zA e֒9 cGe9.LF]\ yi '>훐:Xث~]9 )rxTXF̰;1_i-"yTfz4u[1+!ZK?tJ7*yײ^9o5 *䧿t(Kv|`Apf]5+^٦7U+j/VD fbRT<B2b(/\|kDߊS& a5g(H$Bz'xH(}t"/Wj-{;QM.umLKAyRKl^`/yIP(BݩTL2b^Wc{hnXI+zi)62*6CF'x}?v'-0Lz-8}WBMX2]}őUSp=̝[RJ xjd6D2?}ӑdZtyBˡM3b*i'soru-6ٯABlvi٭$HsR}g[*\7R};C\QFuw/z @FsV>mAPkV_m$bSD'ګ`ǭ װ(r[*^Rp2FEJ3{#| }ׄĸ CA)[pXQ vm:B$V>y(Q Mk*,-d%t|B(h:\ndJ8KGA?{ޝ4 Ng/gj ^B1K{ɰRr!1+<[J" +}nx72=+7į[")@+հ-Ro҂fügl87FPوU[gr*}R헉1Cv5#jî endstream endobj 609 0 obj << /Length1 2568 /Length2 19847 /Length3 0 /Length 21320 /Filter /FlateDecode >> stream xڌPY.wwww  K.A{pwNOVS]Eϲ,oCI(bjo sadeb)XXؙXX))U-]lH)ՁNΖv|ŜF. #@`cca)@ motwt4p?Z+//7[@h :bob t4..|LFLNi.e3 h +]-Ę)U\܍h rp3:@gTd @e1`4V&@v;:yZڙ,m Y&_F6 #7#K#cč"J#P~ř *-/~,&{2Vk;{w;,LJՁY(? o9 :&Wt[ `04ཝ܀'WFSK1wthuRb99yƒZ BoV=`3 J`fW?8"A\f߈,?Ffh%~#Vo`~#o"F .ro/qQ@\~#E7qQ@\~#E7qtF"V3#8+aY:_/7q6v22^Ef.٩cLEl9&$&6H88A4|̦@ߴA 3YY@4 Afn% ? oXx:X, V@P[A#P%([:+7GPL?X*o5 K: hd,_t GXA G9AAAlclG`@9An(Ty? S{AM Qu':J; ta4_7 n!pgHe^tju}DIt+4؅-Ns#DgLXSRϳAn3vx/^"8BFU=G@kȟҔ9<Ȋy=#sJ{U\2ϥSjQf(s3gqɠ]`=PfnnѳH} 7ؾ k[x::R+ Aڊ3,@+W- a]?50WUO[e sV1lz(Wsb9D yȖaZR:Xeo:hX ZGg9!5#е(oX9ϸ7~hgA,%0|蜴`;. =~ oU:NH/㸛C,6T{AW:~gFC9ys-@ -qHzdMK#{$H;D$E.tFŘ뜺dtv_a|W;4chྻLqvjЪdк•Zs1$R|_ y6w 5[e,PX5^HmqMUjdT=9RԤI #4A `&dP2/7*oيPCq&Tqꕿa2$[uć +>&$vc(vչt@d|B2Q' )2~?Y=#7p#%)ľ$C- ^P>8&`tqAd?=x_Nފ¶^lirJ*q z"=ڋmBa4o%#oJ@qkVA{[X̞ekz38=*-L',*Qztؒ";9j9⹂덕}$2_-pIȫ.$e r:;txdM5ep篒<0|c0@ImF5PUn)^D9t.)7Lae+=,!c lj#A4/16a*fގڄpUԐPv6D/d2=z8\UbPpx4}9,J6‰hڄj=%m̅"&Mt`%"Du$o'P7;ULmN2OD؅vTR!騕]$ |qOQ_$/ig7GuDJGſ`8_<Z݋՝+GS%1Ґ2uOec˙,Y^ll66tfcj'uVn뀨g 9}iu cY_C_S.nv4Ih`b,Qw]*RtcWnykj_ Qăt4*?4y^i&%X˺}"ggJ更y'0;ΐo޲IBMFGx4_%LF{21+D5W41ФknM5ݲ(a;tС0`3G>+c '4~҃GzFU|k h V-"qhi-Sh^.{鐺zc*&})珪T9<)$7&WaIB״=C!̀+JɑqrmoG\?$'+'*sԧoUlƲ̳^[;RE?xN ˽_e0)9CG~+_cX%IT_JMDCE~*.=b *}nNBe&M ԧ)t6dn0"厓P؅caa`8VgĨgp?!?^섭Zo\fz/}3L"+D5,Hitdǁ}yx-Ϋۥ瓉9}aOJ޼Vri2lt>8xy|mw9sgm 3|$нU^iGVN%V$^ݤ#ᮖ}]pQiDP/iͤ>l#Q'B7 )FcB[NБBs_ 'CLx}r[U бW) ˱CYS0$%7=!>(W\+@]pH>ua?ϷnDk%8P[z{#jXZ=$6H%:@nC* a%'xsBXhF87j:.#J4f1\}BIU m# ɹen;B#փHV- l`1x>@=5嵀:\0,vgd룰5t0sB鸝.7kn;wt¥eN}h0TVmhkLUZ_*uJ|K=#" ,G|8-2iE. q CmҽBVQG?>`z "6GRI}NdjٚoxzJFDwZ I#O5T jxF\:eXD2+`Zzf,,˓SIc۝K%t-jZ] k_pNoєuOit g&gz'pVPj]j&>x$)x cmjG;苊}aEVЉ|#fPp:gކAMH\FT8؇f.nd؊^~mͮas>mEq,IIGRx3PXْW(5s໲ӗ̉hO#OFAR 'nm\ l9򦻎A ?y_7#5j!|1<<.J0Flk }sz`}ْFfvTyԩM fbzA,Xϋ?WX#؅xK8ΫTP5չia4rc{A>˾7Jw'qUjvCqMőH!`6=*$4&Nbjg/ɏzWlU?YhGĥWe(tZOsw*!|϶ߊ[]}f0NBjv zM+M h~u=#' ^S*T}LCUJHk`/՚iü(1 Qu_NUuςJ|khplj1ςaFze={/Tv3cavO-2BrHvX8țnj9x+G_oF7з5%+TԃxKӨ$7գ[;k.҆4KGGP7oj26GI|6Ũ_ǥ0(J^"|흱C/؅=GMʅw5™0+mEkՕό0< %q4}M_Iy#/1x ui\+ ezȚU6*NMcA>aaaRZfoʣ|}أՓsF~֢,khae%ԓ_ďUWљTۯGqcD H[ќZKSfalvޝp?n/IkFCw#S)iv} r".\%5"ţu|YDۨ#cK:5{|}-qlm"9^W2]= )3TW .t\.K{i33$wVz`BU]KUz5~ w0\kMj>u/ѝK8ҷ7)H<49%\f+L |[֋Fҁ)5Z|NA$:a׵pDfS"4rLt\bQ2Qkmf0m}o FAFMwH#zkߺIs^(iTnS@VF"[JJ[6ɘ)Мlslf+16zaxxeG7~„[( #V*4M̃;#@,yl:/4 'Y1'yNlq:=M}ԫrG8B^p(hj7%Dd}0|qJM>(x$#e:|\ݏM? *L8xo+ jޣmbZul5f:Xq-R>h̐EQ{݊SGC +-vS[_ɢLhMײ>|K'2k^ez(b7wQqIO`bܤc6o&Q*ZZ9]Юя8!Y2YM-"n7Ygw$gw6UƬ25_t>q XCK~ uSe)Ax^O-a2#Lir!"vՎP-rۈ3!i-20L^H½-jLYX_3vvSM~4XuBIx1G q\{0[&FTl焻Pȷi 8e m-[MQ7%V*3 *<˩^pyfUߧJ5|#W}h8Dag}RA.y9e~ubYԾ+*,JxpA㈪IQ#Y"fJ͠Sw#,&Tp 5p8c9MҥgygM߆ubgHa&+P4cޤدd_gtb'|C ֵ+WwnD! <^!7~atd3f,6DC`.DtL+ѩg۠VYʋ~܇-!6m5 ,XDFUŚ-vI(ɱD>k;V fo=ltd8DU,``3H `d< Ҋm3On^Y(-LE_uV5iyZl!72@$zv<{.yoejGvς1 Ω1 ;[j8rl(K;`7jM48[d6N (~^YꙜ os7F8f ld|ezlgSMcQ7){{K'PJD#6)E`3ahʨg:j=l]f=vy Y:r"k=o_KBd\veP0n?Px|y}NG0mQ/%@[̑:[E@3' &ţ-` ]0\۲CAҖh kB\KL2v6*,w)61غ "eW)(,0uca%4M!'&޾֑a!w:;G >C̓)A~E76c|{ld܁v|R85 j!U98?vVL[ME,)hh RdNb]J̹>lݥaw:FO8bYӑG*y h=\C53$S0G 4uo y/(5G$$c_a &Q7CC|_'.|8Z-Qޮ~ uܟ1cT\m[[RJ|;~fJ_e)Qr,2Ã3mz[؅: %8 qOZtQ4];ѤLFTqI>u.¦wE#A+ AWFB ` Bx{ĕ%-t(աKw=\ztM[:v5&`O6,#bJN1)I ${%XS©xVXi7[&kSD~%naQMD+eM9Wq[R?=;-A&)kGPC KO Tpp+ӮN8-q̼_{ ws0˜F]:kH+~ElQ/HWև|F$ ⥺E(9(4N܄z_FK#PyL. <'{mw.QGiѣEDdaNHôayD'p&֨E(mp;]d/ #C!:[9HGլy;*+z\HHn63(GX/Cq j8jTݵ/'B(V(U^.hx[OMqUl~aX#6SITVX#6L%(,E>-8s?gynRJ[ᰓx=i9׫Eݳ ^Q 5ְn 6B.{gSZLΝ3C#V*`U7G$6hNCQ>sOQ4$urlYv)xTu$;B3:%Jfw/oAT _)Z #LDȖ0A'\j/>ۖL\8ld=mNsg>pQ5z=49'x ]QN3[cd~dXkQ%>C}\&1(9/2`q~95!? 0?eӶ0P 9r4Rv0LLΏN<#h8}ǑK#Sbv6@cJ>f6rVHS+̣~IՃ~`nϼ+tcYpCGm?6?:M5 Z8}@L &=_O.Kk@9eϧFKДrX4Oj07˳F',%~V,jB#  YZ>^5UMU#Y(h.Q+ٹ+ĮV(pDI2GAey'qCx 'j7QcԺ؁̙!H,IY(8f%`5Uxżf[AAx6U`!}53ԥGy 4kőL7D6|6:k=zQv2gQu.@k~yXI&JA9?BK8J[75ן-}f޳7KS%m7x'zr2xC\ -)9СǥYAUf,*Z2sH(ZvѫBYy=dqpgKi^0-u(+i`@|Kx7ԓOb5&xUxW]_P9RL?|/e|7tb$O|Hфx9 Py1KQ LXtBii%Z(u ;cW.L ]\7E}&f 뎬ND zO&+ ETo*KD:xmd!$\-TЁ~)蕔TM%&֤"z,*35=݋{WKJTmBT41dȪjq·S™ACK |d÷z-A^2Ӌa  <\-i[bK@._ S|%#WKh ^g+xx*<a)uW=-򰝸m+귪r6SQ|9چSuL6TF7,GdJrKp ö'yyŬR ^JS8?7 $o?V̇fb4I}3{3*ݓ4dk +q˯hI yY4$粙5(mu[ v-t Ƥ+; kt!TSk8 Pj\ă+w)F.G(Ys>_sIĤ~-:Mp[P8)0y_\$) A#›Xv5~$@xpdoxrj%kNtwz@_a@҄J^qgct;e@YvtT7k5ȷXדvoX*PtSD-\LvaИؖÎ^SF7 E a˽tju+h=E~(dis }&swj1(0\P]P7Ty4_~ .lt ~9X9~]5AITZO$0MnpJ>a@Gxi=U ;]>f*{>})>K{5bs` yG4l.qcZ8V5Bc>xIxy5_'Z S/t "o k8g2p`q=QC`IyG-DUn?sk=Kp,D-UvDA˷۠By.ʣ[~^vs@QCSS90aw =icJ[CmP(Y:i۟YɄv=PSF8vTW(YL}y=$Kڙ=mkuMi\A[ذ%lV|Gۮ'>Ԑi I,u|5ޥCG '҅ Ok{N_L9-ô%5gVHTNjn]- 3/{+ -z#MFI ~%eKkDLTy4>c[i`@eja Y;q3lѮLr%ەBN es2xdS~,'\~"h}d<_Xrz1y'(SO D+XĞNA.N 7f[F_000CH&~/+V;̸dDSy'{ bkN A ،[tMUXbDM۶lX دcvi,W٥O"qY<}Z M:>و}_(GMN( p $LJYԭЫmQF4{Wk /9}vEuNH!o:<;G-;^5oT7,!0S6uUH+|S9 222dPDJ5454d->?=Jsi7oŶ+P19pq2ÙN՚4JTuĔҮԈZ2U,$qG{bYԉ;#hG|5XHBa&Li)BV9BFom! .Dt8$T6ӖL=Z\Mz;&9^1 =U'r嫃M 1 HvgyiδAטI҈ApوЂf(ˆC cm˨vL-7-My܇rV aFl7vʾ쓬0\%|^ \+^#XW-Z;8)(,+u d6a #3SfhR?(Sh  ) eTN;Z€kx&Y`%eLdsiYyT) `<2ɔ1Y4}"ѻ8ڧXˇ݇  ki`ya[.IxHxt-l)l, f 7T3y. -q p[ p<2љ ɦkT^Mv]s6bv^~;9DgU͖L-@0K۾Qې E~ ag)l QPąB8f oSE ӑ"9إ*섗'ak), %d,F:aFL4h0+t'Sšs>%_nn$2\t# e-mL+В)LЌ&Z IBVX\$%:>4x+|+^A^,{yaQtЂԧѝ<ŲFga zF_&eUaN%Qxmk*H9twHA2 `H.ujP= ۧ;B[o i5nƒP XQWXoM N!?X:,wYA!pQ#Y~Mw0-0ᙧ9/]czүi%C4N粘Ȩ5Cߨ-icL³G6p&RWyyyhLѓ%r|ߺ<pnDL&%;kp6.c "S<*>AL< $-Hz j>(dGH[!)~SX{)Pf? L2ݥ^0 3%;zקӵwg\{~ph GLj{,}TTx1DB@k9@e#_ t#Wm >X Eh a/G`4 \B_H*EMµK ^oR#gOdQ*l"QT"2"Ҥ+aXu[ Z* ;[@^/`/ ԂSGWU*}YXDUa}ʣ^h&em9}ipv*S(M~&IIv7N(,0(&yԽ5.0"8!WKƋiᱚu7ɦGmB4'$aB5)HIƱL38ܻKo{XYBfP k . ~UAJjSBn'-#zՆl2hUOi38%H-厐zq&VՖoc.Af((j_{CHO>͗l#x1a6?V?p (2~lޱB|H)°cC-|jt)_Ov4޴ W~&G "XUUes\1GŜiA(] VČ uq>ީs~Z GzmP7T,R^ysĔ@$j/~(q)5W- Zw5 ,\+Zyˤ2SԁIcr5Ub袥Vзd2%8a|zkwS% F#XpLi%R~[ IߚbЭ &T`t&VEC񸱸~mV~6V\­;y$Flh|Z~@cʙwyu&`|Za9L0Xޒ  ~`9×b |{ݭ2U7#oZ X)8-4ݏ侚ìLLxs=S2}ddFoji(ce ߎ Hu w xHZJ+Br_˂Wst}+%MD0cMV$aE  l`G"nHeդvj ) yg|UHNM fʋ%&ʫ10`/^!"fZ +0FF[yrwcmnBh}Bjc@agX~lyE=:̹ךIp޳T9 lІ͆I)n64n`nC@3(|8uV B%Ħu`Pߠj6U=܊iYrDbIr}*$3*F}Ԑb h9FKK K " j%3*G5}zAտ/G7_9h&.4?49 _ endstream endobj 611 0 obj << /Length1 1722 /Length2 11435 /Length3 0 /Length 12543 /Filter /FlateDecode >> stream xڍP.3;www-xp  A݂w {_^Mھݧjh(4Yĭ,2N`wVv?F KDtu9tɤ̔;;߆N)sO@!H:9llX}[28yt;]A`-d Wz![wwg66///VsG7V'Wftz P1wY+ @Xx8,`7 ДW:+e 8X9_t6trt66k* 0[ahoir0x33qs:Uf rvwcu9Q!a.Yl%!hv>ll [YQ36śo  ޖlqC3`f zoY,6 0@[]ACm>\6u-5q? JB`aps;9_Y+v-;au_X*No =FHo-~C<?5z96V ୼+)!F|6??\٬9l@N?\67Z???ߐF `Gont{۱c4l+%Oox 9 oo؟[?L h4d)fW~_+NŲ;.+m=Z>?{Jꚮ}Y5I׽U} \5P\r8V-[~w!]t!aR8eF'ٙdLY狗#jgsS'8y}3k 7y/i3؁>-p$8G >e $'_Ҽ7:5cj=CNsa.hl8)lSɕ)מmk(|oG(ZSL6 h9~,'w?"mf R_f~`>zoc$O/vfP|%9P;BMTp135lq⓪cyQ=NϲL_<9"Ef}EZ>#ĩcS9͢5kk_1Ty'vc~_fTeLFnFrv}A?:SH0}XX~xK7PW_i_765iZk m%[8oJ/1cVA[Z@Td)a[*^+6.>+B:P.;VwSR-񶘾sQ1|aqKO>`;igP g]zaK${"( z?bT;VY&In熾oHTGMҜh@->OfZwj"(%଀܃兇 v>r&&!Y)z# c;_lMkugW]zVuA-Dyn 9lSxpG{:!=6_ WL[aeK&%e* u)9,56"#ir ͚xJ% -3Y{.= lPYYHTJ#H}`D$W4;)jƟ:Sd1.8(f?@%mj&ꥮ+v|0ҒSHstXZMv-<ÑЗ5@b;jBU-$Mcs,3?A:Mm7J=z)f KO(Д/W*R>\fJp\D #Om7ѿj,xB?Ni{GYo tcbxŧB#=nlbLs=2,n,Rj;g;6(Կd"b%o2hy5~o.`⮨åC=:o:vɕNi=EvJT,l8aU9䙤Č5O561`s7W\~33j^':TFɕtӫ\z;/&/noz[ _QgTёI46S;k1w=~g_?U;ث'Z 52k] Ye(':ܭ.dUkx}pq}!Ka6hd/k&AbLk 4ducߍ¢k•Mb$Ldٛ+CԘ3L|=KGKRCeo ·蝄-T܏xlqff`1N47eBnDRlT ͫL[$VZY ls|PּZSὈx2~hꔽ> IB~&]9Lp̼a$x_"7Gg|qtqi|aBwN`]~=|ylx%ޡ IBN9=w3E ekO[ZJ.CTuVh^K͍)NJiX{#Y2Mm@l<"Mw`ƋKz8[2a" PL=&GQ:l5{B1W!B )ei`j }_O 6852 2:C;{;nf }:m*N1akhv‚g/}UY?zw(d n~p2\9Ҭ9mRFm_][MX홢 ,VxXѺ1:*zɰ):1Ly Qx_")^E]ZB=ܪ{OGr5T"Hh(?T_a8az[ I^Ogf+į\׻˦ ښ[Z 5'3E;`*!xV"l Z*W. b-?ƒW#uى8͢Ԙ@p&3rթՖk,K :GiA=R\Lzg;>jS#+W$*^5L9?j<cHkoGk<^Z.>\XFʠRi~{M!~o'p})tSbzTޛ,4%o43]Z[}e[.D61΍6$Tt`SnT(k 2fFeAC}^/c>7*\C )) ʴ;e{"Ƿrknt;`@&w0 G[nA/6kD҆^X Ed7C{0#+}J_?#px =A@5ew4Y6̞CKU]9Xe1(e,9?0 Iq!Ct^ F>|XTȩq3P.w+Gy ϛr cJ#hFBBDhx*6Ř&d=1"o y! l{N,]ZP}B )ak̨4{;tޑjVB5&3s IuBulPC=Pʣz+\[9TB(zBȼCI6yK{ b%)fljTJXE ewVԘvqw^@oUq'4f.>6&9vm`ߩF{*κj-RW==etNƫNwJZ L㗗 AsYןCY53ᘆh;s,t7 (>;/'[';$fP%].jH1wg1` w q~~%#Kr^llVw!16(´lׇV&ړ5N,;z^BR]$=|#l=f/7D5U~ WxѨRϴu{ NKӭx,hCxվOu?0ێI*%O ;~Uz> Wկ ~ꈇ|8s1.Tf<}Ymw+0y@3͔!Ԕ񞲦^}W/{"P?_wvC;I^(X2S%olJcj,ƇڰGFM"g\$q-q,V7(gQf}x(KmU`%Q5ҰF5 IX1XfHsXnFtlw^𤨅2pqΈ]tQw1-dcjA3J-!qyOƤ' [͕uපd2Β x ޙ#m3B"81xb,!a~ffG?\[zbYe0-ZmΌvUšude.fqbcֻBMYLhYn7{Lu@} 5y*Eg7/Mo7z H 4_3\+}R!16a5&Ԣ[ak^34/n/c=wjQ?4WwʠXܑX_t2WY" JIP|>bVxއxrZK:fq2߫bT"?xӼ q|{ӞXN[e]A/Çesbc;7}TZRzeEDw"f];Cg-~W'>S7DIklolf`#Sw{3'^ir_vge6eK06y9°VC2f.&|uZ9=Ujj{^Q|Rf U4vMX>y$LsA0vp/;v'SSV@>CE!@bBcF@Ua2lR嶔 UIz#; YklA'|/8#4N)NCwԤ9Ӂ*&Vhv,`3KLbn5aDiIT-!ūk=BuZDNo'1D|ئptAE϶͘sf#¶J)]qJ)yNr[yF~)~ǵ9BwW0i?hʖ0:<י9pܲ dkW}^`7܂$K=^uw.Vg,3x9 8VoE) 3nNCaBP#M#I4ў*- sy:ZwѰ%"P=ˉ$\b? }gؗoWC$>{\v89@4E^G\D`$߮'Ќ2(zJ O,'GRڋc`O<a GXXn]2`\~ Aq֍7"l#5 KV۫i # wh,elү}'+Vey_쮧VniAbCNrlT8"٤%C &@8AFn]`.LNd!LF6 )O;cŵ䣄ᢺl;ALf D*X) RڙfҺ6Uˋ*[0T+THvv.s6)WE2(r쌎WFB/ajJIM*j-6c=YwDWFcimLϥ9>!_3i$ $|lbyMC7۲n)fRQM $ 0e D/u"G}h( Z~/~5gHsQlghɾZ#* @ЧD5tsېϽ|#U9(@7(+6~5bμ;.0/{2㉩AݏtW?u oHfvB/?&{zHSqX3v!mc"0jE S6EuЯ ϱ +݄ 'JPȬE.3[%i~uV>*1JN?IZN/!{CS;sJ[ţ8]es-% _\IpVKK]"u8!vΉN-1Dcٺ\\v59{lQaIVMR=xkaՄKy+^•QR?̾ù[Rr C<,g ^cT.$LYlL4:뼲b6gBe~Qn՟.v-fH}~2O܇@!{[-69Eia;[#r垹B&O\`8"e]爌_B.dd쳸{+ѩtZͭTN9hCt;_BOE@f-E DPn~TXd 0j;'OQ̋\8r%'7Kr`~%+ii9P[eMGi*q, )D\]T9zLc'|qtU4QrjF~=gߋKCSaZnBG?; 0ܕݻsDnyO7iD{)(GzDB)5}`hJMkA5X9U*}}wuǃ'/1\\?>d“ftшwz׋p\7={ZZM!8 Eq 3q쌷e:1kc b%wʱ3;]\L!=AP̲gm@yV<*m>DYQ+Kn܎P#XG I2gڝ KU$Eoz?dGIRbZNns0=)BTs%s҂XE# c>!XWA5ٲ] #9@VV;|-P@3JF;"8q۱7هXW"G\Hl&w7> ]Z`gc@lzo ^_`EF(0.1~g2~ XPрPSEEUN3J8ʺ!fo4c>O<Y$&U`Mg8A_u:Œ.gB%3@)OIM^b BPȼ4gxl_c.'a]9Xk?6qO)jPT&G)2Fyķ3nh94(k AxەF .:]M\R/ÆEwm2DA2߇X'&[Iᤵ-/8hL$X G#9^ȉ&*8{6 H02r􃉄Lmpa7#&PiHq0v~ДNpڒmVA#/2)=P2Q dcw'< :IB kg;>8Gqccb0G/=&)C]/5l V5(;v#Z0{ `Y=: Ö{7嫅-<pF 2dY -4/O 4$VRL~왲XI0k'hm gILKl-e>bHy י[nQ$/vިZKtlB{k=oz4@{g:<6?S# endstream endobj 613 0 obj << /Length1 1405 /Length2 6085 /Length3 0 /Length 7048 /Filter /FlateDecode >> stream xڍxTT6"̀t 1  3 !% HHtߨ{y}kڳz3ks(9!!8J@X( P3@QA PApCP\?*^ mS@= ť%@(7% P@zm$PAx{A]\Q:<a)) % @(W" P)e]Q(Oi!!___AR"\$52@k4A+apF CHt7 @Wh b!S+#35FSYH 1@?Zpg@O}e8@x̥@37ŀ`EL!?;R~? f7 =Z Z@HWo Vh{{P:dE]`P8z EvG?EhjvAg]58Kl"bȟ} PJ'o2:1"uB(#ωݿ=@mGMZɁnoC ~0,,2NW`swe+.Ū?V 94U/Gcꁲsڑ'ѓA c~/gj0וq0;!]%ĭ18`p[^?z e-f2 0Y&{dyj`>&](w$}_Im@ѓbZtڬ#itTyگb*)ltќXߧSE\Ukn@,0o~"mIs{®Qq>uT+ +Ŧf6t-ԛFW\Xb.6'D}tHI͐I~z,ncqXPsPja鳺zZmɒ?ny1s`?d OM}%v̜WMU3I.H5.,6lҐV`K6%)2%3ҿm%P)lbr-ra[Fɤwzإ8z vY:si@R%f ST/tNuR!{*t;N$Ƭ\[~MW҃lQd6Tqf6 ݎ|wgm.dm{m7y~z '(%\/S*0);nM3lfz g { 鞼Q>s4rKu t41cь8IhQYLdOT#Q PbQ%Wi(NOwc&T]?nfg)g_X(@8s/~h fLK<|K'jY3@ZGCڣey%`,_\ߞhcřyzbK& Hxl匊z#fǓj":\9\hX4a+Iθ0#P;W#[*/e?N`{8yQIa+;*;90X81J| -7N "ү8r@~9.`έPGll֘/n Fv*sl϶f 1NQE,WRԟ>=;RLvXFߤ0\z_t)mgr''KnLW[MHG|u PQ`|,eݮO)56fUg{$ۥN\5 ̈́oE0_c?z<+%}9mGP.`jopv\A?0޻< 9 Yxy%ʤbIc%6wUþ w}& ; Kx+܋3v"@L}v1XG$b~=:6QEAɋ>,G|!)%}՚I_.` =?gC?ĺքD/4ni6 )ѤNxUǽj>e%^&`AUh ]-H7>.@CCBnuTPk-{$Vj&W-J15 oW[6D4ol0LczL xB ee]1̗<Pĉޣv ^sh79y\@PwO7Ӝ&sOVsQK=M=ݖsK*}4Ve9TҖڟS`=x"05>VkvsNV&xwQn^\5hEqq%;aչ $N(OU)K ")3VJ։Xg6iFKG#N$u|\>&z QGDžy}AD rP 9Wڿ0ze |}ޟqg[~54^/zX;\!JV]k- #dHszF5\7|n5L|u˕wn{o RtUKڮmx2r]4' ̨i8l *![MOMtOJbQ"KQY졓 #;]qnx7Nݸ /0[,LBOȸYkAZ]Z*r#i4\PkP=_8/Й7tmoiߍ S?6Xru[v:qu-{_e5YmՏƷqI"CW鋸;N'>g:Kyzˢ sɉz'ߤ-d(|XRfXD)ݎ+H4\ՒQ(d5-y:7x&7iMX00=\m4z VWQ'Aɫ|_q}z|n8^da: Ey rot2Y7NΑ*! ڑBilfu@-\3:FQ@:I/ȝH?\;kq P{#bdk# |5djfo0CF优K3-LPrY3#{Ǟ$3.;?$FƼd]Z\=n7Ty x1Am; ڇĂ ϒ6颙B˺+bC9?a0LF(٠2][7цHox;ݟ X_8D HQ n5@  N5b&w/s<}Ӿ[m+";y99Mb쩪ϫ.QiX¡C*kO*>{gN5 9箵)b!%\ @:q|&iVV]V0eppȆjZ7޵3Ɋg!&N#.G(f} 3d-T@V]l}#fgNC IW kdb1mZWur|7@*8KÍ(^85`<βh7?j2lr?sȃ߾9{eThӨdܨ` {PU6y;Yij _O]eL[sq8Bآ6GeI }s\,֚gqm" lOWqQ>~3NF/Mҫ9m1}=Y|BڭlG&9Eֹ<{f74d/AXO5\Zf[>W-W#wsoͰcCkgĞ8+;p?T L>ݐJWl +^MAp`汬D%/G2QSR}QlY\އATK߁4f^<|eZg0{%Bj\Hv{%֨We"u䦽 m x| Z?s_mnW+E\맢Y8>m!OUl"MYj4K:d =>e}k׬O[F/ώL`n:<: 尵A EQ[jxs)29=@6xSقdpt6n#7_'S|oW[q^|Hߕۓ lEx~x_I >!p.>{lziJ9ڬ g$[@p*"Y:{|iv3)kjz> stream xڍuTo6RiPF:#6FwH(!"R"HK t<9{vOߟDPA!" aY4PXX $,, 4E`]a9AA `q:G!:@10PTXX_(,P⅀A@p}G',̿X  qŠp/bs9xG w< pb@~ݲrs#h8wB6Dy#Hï!`BfH'\[ sc22@u( Mr:"?bў@m "!X=';;9㖏F8}d t YZ6UU_PL((#!JIۆb(̟nq8xuc-KCq_"Tc,/wCw<]]y~3 GZO,N( j#Z}8 Vm,'#̂" a?8s"P?+ 7Da-(au?08^6qg] $3Q I qt_'H7B $ f :Ѐ_k ٣!P+ Y/uh4Nk_b}P * ]Hz]V8t߆G2b)?4E~L~d1u)%VZtюY)XәT7X9>cZP$Rf##epb7}b5UQ 4~:y) su0x\jeil ܢ ݳ`XCiJn>7J%-&r:]g2]21`@\(uoQb9 Y>܇fNg6GX {pl@ĜXf?#/bZx%cKiTM%S{tFls _k} th=yw7wz7܈Зm)t@lso5 Pnb%BS<(~XRٙҷ˻fygM?`.Ӄۃ>OY7I\fJMon1M0XhGhW Aɚ%T_ *a27رK=G8.%E}c@.w,\?B+œE{奷D߾z6XiKS}ԗm[~adD${2qd6 _c 칃|5u% "pOJr[ʝ%)&(nBla l?w YӺ}~V%ǧ0uPftzrL6!)i!?RzlZ.X`mNܲ%bJb\ )e?SJDIH¾JM0 ʟy|fN<Y' 7%Q!OMfWHmvNGGHM ݴCq!p~/|\s UX:yH\>g !X͛= L!AcG$ATYK+"ˉ%y )"C͔$ EC<cIuq~}|t3/|K-oxpX;fɃ̕6%}.-—ߙrMrjbp#+cg-٬@ g~ ܁ϒ`-|aMƆ y~HG0^Crh݉Ƅ52"QRJzg@*r9Z r)-SNz4j6l|`K"o[oˌ_T9o={?N[{;{CSʚc[1Ԁ <&<'X^KZBp@zVY|닯|&^~GZ7%FxRN?LSdP|CxK(/m tnMmb6r!7r,ΫXFXct_u4SktGZE|*C4Iɛ/яU&3+0] "t5OSgİmG5rRk X{抶;Wت f\˧.8"aPnxߧJGL%Iig^ي#qQi EF_ ~\I] I*hPEw&cHCmu٠Dyz$r#|U2@M es禳Oz)>AKQ$>z*E缬nC~BYOӽt[PXJAr@@󛾍}zvcuVO L95%=zʲ_s5БI=c^^#Q·irD(fMȓ{> `306AvrՌ'kΧrPUzYԋe\2IkjgӔvx2yҚ-ESgٻIX]*)ȍ; Y[1Q(0iK85=zv酗-Ky^.sE7~ټ #[`.V3T`@S_pl&vPRqn ~QL)pĚZábogVɗז{@J" _ȞA'*G[i.F6-'KEh\-Gԩma9O?=dw7USNZ`%?)na[PNʼCzّ3 Wo2j T_n~8c8ׁr@![E,) mCLla)kMLIї^d}b j PUhd;OI  7սW (ك%}D˜pLXGg4xi\š B.$A,`h\Twm< r]”D&a (00rFx%b`MB@aoWG15rE8*r37̿\h9*y@ETlCHDXAkNnŒ@-k&j(l}+ĺRI2ڂ}|=e z } = 7U}liL$;|CNgdډ Nޮk͞@6l1%dz)fQR+|vgWI=m:Oqb,BebK`vU@dlI5Xr2Ư# "=Ji/ƄiHUsON۹GUd{"o`&^7]ENMefxm}M k/wFGloŇoT2^0.ֶg>@܎csf[ݷ*VUc (}&4lmVc0ȫ0dP}#-!@zm?ZlT`ۓe7]B]h+YS؈6&Sĸ3&$\>0缲KY8ng Fr0-ŧdd-H܏7:f<*!]+1l/0jVqː5"lﭷc V~י\7 tHF3eiS┐-gí4ͱTJwBNZ G!@1[(yfuFz-?{fi?|~z]7kcI=MRɫv^ #ٱiow6ʔ BXW" 1x)p^ g׏fIS=+ .2AJlLR+52*qƔZicbHyLمՖ^ (Hw^5a>E/QB T:P*t;낻%v}!1$QuDE$]jxjnv SԽsR[v.IⶽSIC o\Wik,!˺nƆkxObq@ܹkϜYO^ ~mu4M:?No^4`؊R|vasc[Ri?O9Z8KΜ; ^5Jg+dvqnއ|^/` Vn/]ߎe"qDOCrpeċ;r_d5(n{D* _F)p<=h76hHv2_ZM]F2vy5U|ƇXyP2UU79:iTqscl:g~9tZNAkzAynHH0GG'wƴφlT=+vIl"wsxaU1~$UT>>&h}CG#mg+nsu, 5KPF>bSn*H}r թrn~0{#zl\sRIWd7^ĺFI5ŎЭ7ׅ3m1<4Q!;Ś`b>@;QǎKJWxG Yh[H&zv$xsenb޲xF*}Mw>H0V{i._iQhlkk84Bڬ﾿Eܔzc6?+R.'zYЗH&-m V DqDs-gmm/Kd#;f!H|SCȎ]w#3%5K(EGm_e/*Qn㥛RdJ"&!gj64+z Qd،I[ g"LRWv2{}"3P 6}Zfߏ2oMaU[2ez_r endstream endobj 617 0 obj << /Length1 2179 /Length2 18010 /Length3 0 /Length 19321 /Filter /FlateDecode >> stream xڌP[ Np ݂w@݃;3gfr{YYoCNL/dlcvgf`˪H23XXU@Հ k02w5@ `aab01qhc1pdR6@ra[7{{<ܜt2YAFYG3{D#K?.xmy]\\ lM. G3h 4U2@ *f 6&.@dvx7q6ޣ%e@2nm# ll @֦% /&H06h``nol40|'+u"`dut`pYU#_n,jm,lcevt@+?=n>\ kk _e;2Z윀"漋Lv&&&..t52c+-_J5xyLzL_@㟊Ec#h F] 4=}L}>a6֖n:bFyQqi9i_/6zVv= ; ~ @&6}Rv P{AK}r?dߔuoFbNSMX,x\'-yKU@cJ:oD310-9\ G#o_f *8aޭ}Ɍ,o CWeca!;bx0o1_ `dq|70G`9"FF"N `Q0A޽(A^T w;?=3"6w~ a;F@f#?]i" Yqw?{zf}wofk~a@3|o?{'1Zl~羿~M`m 4q#e=IŵG_vu98 -ז]r? }W:_{_f{ގ.60x?{ǜ߻}G0wnrS'wߡg[+}-]FK6Fk]w'Xؐ.ïwDyX"f"6яY-4,t7(?!}n 2tS9CrgRr'RRɴIbp? Rx3|^(ՐgNwVvҞ2q >1xľEx߁5 YhҞ2ӱ* 3)ti W FQ />J` zkժm($(ODǟ <9&OĹA9XIcOmC豌`էxƏ6W}z}=aH2ʏE !^[x %S37a+h mZ^P\ߠDˌs B1p2H]#  =gRʝ5}7dנZRoYjK1`kp,`e?X9JG'kj~o%rtV+5a0D*ӊ,N4x\{/gT8}14` -WKqprBO# *&:ᜆGo PKf?0sj dMqߗ@TBI1/L{"JE1+(|tB%NncRt )4ܣ(ݜsrnmO+~[3+'g:_)ݤ ;XFxqQ]. e\b=QH#%btw( ur@ہa׎o<% =6OULX0";'OcF_2Lӫ>?B^08IuLv'I y&Ume:I:G,7%j ꧕}oJ*(_65ąHkQbƓHN[y89+>e'|OU qD'2͘mQRza]5LK/f4יw1'{CD5.Rҩh(,?)61jcho(8M\l-v[,_Í4:CQbn>%5'J@K xRc>O1D?` 7AqaKJLV["PZP XFN+Mp?lgT[Vx>ا2*I$j2DD nMb{jfi'Ax!fYH~2. P)k+hCM.vw1T,ŜNڃ= ORa*/{LWAl >.i0_%9PxH~^э0`^eqS+q-dp[a* #;$J7ξ_kSbz4'\:n UH`T3ݪ[} UG yqJ yc!tSaF\S=@ÿCɯBS(Vg؍t(5S%+S1-9^lpz6r8ӭq{#zz~ޛ_oȾB1akGڴNɜƞ@Q>eZ/w|jKE / eـYΥa d.Q^zxI8^ߔ#l5J\xS0MI3F@ q=ہ4{)qM^=Y֕NW=f;Wϱ9!>]d׈ ˂ -~53e /L=v&O^ַtJO yvpHQ<1I4lru9CAa.A}S.{5qKs9wc2 m- Ęd0gͩӡR,G?t((eyvm Zdzcה`::jH;)AgCϣe߅SB3 Zv~-7iZS*l#gy6ȰېO%7E#Nc }oZ_ZMrŽ8kiaa$E "N2bX'«fJbyv_#-bQǹCr.'hkHsl%aeZf`;tt̢FaPx?7/>]4H٘Hԫፕq{Uz30|V#[#I)ȣ06֥}5Rxx,h7' \pW+ &KlX3\sHKylQo1c)!4-VZz T j>4) ʂ cx0K>"]ux0- (,xu@Gź׼Pė:d_J^Z0Džt\'ǻ il:O`/Կ4ܓ#:#a +əIjIm&VJU!TȎ [oJLҎgs(_jH6DLI67<#bK y/:ῆzE:8Y) l3̣\F騂e7t'!ёLshm_C%|`ձX87h7VqShv#?޳HEg@YXl=ǍXy>CUPXX@DR|Fvsd8װgPvZ~ wIXjʏ U3<5X!X 'z5"CWTpU9}M֡5G=ልЧ#l_Qq~B-jv`-gE%NP% K],^iUPL&;pr"ֈ}`ABN 'a2b]bI\7NMezy‰ưY0ddlr Uy`Fz tQu.CÔ* \&xeeWAc]0_iNNmd H٥œje9d1uO \@Y=yE&U9Eq+ڪBϝQƼz8#uk[je'_!dAR :. ^Ѣ-Bl X rd^eӑ9c>9$IX:i<{4-Ot>ر=(s3ȗ?LBx7kYdt;!;抬!t#61Y˒5>4P8̛)׌`B䇿u hoU9N鵤ɞԬ/,iJ+%L5Iv[7; N_M qLuP\*n>% ĭB5})uvsDrױRuȤhu@s*s*SU%V)!ney )|l:e#]M._%XurB+];xNn2ph%$7+u 59-"Q&C1KWc͌R^ j C)[-W`|S =k;$2/g͇f k$ _*>˿}ݏO "h~eUI:{T,܇l~: "z-Aaߦe=R%WUҕ5T$۸P04l?%EAsR5l45+7j Qv\&es`÷mV\FԺūPےtf,$n@ bS66K~ %H)OI@ $ќPti\:Dt8m_ՆIi fL+iWa3 Å[3/eDEQ{V}TV(o_ Ǹt04EqX& \X`"St: `pH%L.b}G0#ZqɜiZLZ%2-r=q?QQ#ۇWHo łV餪}̨95DLR=Aϊx-WNd90[>_:Mo6$քBLVjs qKkɚ'Zމjdfng}nDGщVSퟔցjRoL:6,/~ <>k}܇gHvՈ_XrH7l ߠ.Xp_E?|֦oW1_ʄ ʜ s u*P{4'oNEc'Lٔ"^C/Gou$uQ!*'vs"~8oopp-\%e<+R& Wz2?p%gJ2gC&u٪7E>MqQtlq0Fvz'q$8-2}mɘ.?& ֩ l VtYA =Hzп D۔YK: õQ_S:& !M.0^XTSP4п{kxDzض #'䕶MA[)?s"^KWdG|y,*fMx|nv!Ej_1.2ѷqx{2Ze^= 3 hN*n\*ROΐ3eᜇ(7޺S34VɟdLS r~{*x!|e_`$Z(Ȧ V~CGA|.ϳ1K(ICzv;J,*=/sB5peZ/ٮ2kR)MTE2̋j|楕p3`sˇ7S*çHB?jSͧ'28q3\@ D[Yjy4t;wZl([o<["I43b<>w cjr O֚#.h}h~| }'[V쑎Oy 3~ktgNE}ē[Y ~vLO;Ř+~yǩ<<-DC{0+BГ0u^]*B֌R[>_,9mxzyB(5ٺmL<7!k̛dey,m4&' ]^ #p| et?d!Kl\Yw|WBQ4QZ3aLq͝dNi7XEOa~ʕ\ĕS ೘/Msܣa#P^=>0%1|8&={7֘zh,yPN]% LBm2(cS݊n滘oQZk#{H(d "DlʑLE鱭 ~ڡt# {Zv !qQ{S ղK($pDxt؂Y$̓- 80oZ-YryLV|2T(P(oDUzxULaЉ 1،Z+ =9Jv1$& 0XG.ÝBB5CeVV=LynB_|nؗ"#_5Ge|M^&ݕܗqGUl/\GS%x ].<|BN'#BlLw %A*GA4r8qS3ܮ{ ? 4G! wp~oL_sS5 4`y*E`DK ajܧJZC0{:Q>|1M0~aniX~2u4fY|856I޲rX!K3chbpN]5¤g:O2{SfVOG%l bvmC| |zG1# Vc0UghgZ~|$R-i2WKW0LsSlv။_gn?#݂$U\?#,#V3vI+AD6Zj`MWDG[ B]twFd ̩e?#(EE|ae#VNfǝ\|!X:v ʋ]Cn BTќ|zJxk&F #; ׎1H]!˴lK:`NO;Lh,ݢqԐt>z$)'Dh̀$߁]AyG @{e#Ѹ,w^ڇtvf%̖ JSkUF;XMPm]o9H:Wzr04l_X2kvkj~qdx Tfۿ|[Uj-Io$Qgq$Q0_EWp.OM(uЀnrevd0 ViѷMVa7m*krdwp QXc Һ\}x\:CEk"! djɃT!c#Ē+o:7!(G5񘵕$@;@P84T$N [D)\X>yJ,v@t; i!ġQA8TpU@ٌ̓#h:;/p^FEF;.I#uj_B8R%䦹m}Pkc:K"W8g ]wtək:T욑`^RJ9v_:ߨ3 as#U]nbdQ `q Uwk0&/ё_kXʠ?Gd 7yz(G(נ"otulx,OɤPj0la~C =YTssrʈ^l!cQ)L]DLSMGA85봯ڙP2.)g+rozԟ:C:,r=kٛOM*L\# t,j ۮ#(f$T0d9c OD`2_\0IoCPR5#:՝L'G EڷuĻQBϬscPm0#u̾ J+gX~8}Q97:43.vϰ'z55ee+>z4 y}41B#@\kg= Nh; Dj3ex5= %CPi}4 7(Bf9{ʥIU~]U5v BKޣJU;E#gHzVb,(Rŋ û oDǥN=$-jfLN1ZۦNEY4уѡqB:Et.N/[LS=22ˣq;zIƲ%oX>Ru;B%u TNvQ٦gb2ykrT&_׀'l;?l1 m+.\(~5RXJv:WRWAAyݿLSnxN{">W7*O=񫻝uLL`e]f:^ә](-4BznBS hmE>&=+3Vxt82MI PExpmQc/5ҢW%&c#cN$<l0.CN7aa,HYKC{gBݥ28돝MG}[j j-12!::h!:stC!}nP)ym~X'Txߋ1"O̱@ hRեG` %?7.PaIn:9~0LA mnh\)ЈsFS瓆LKY*9\MF)oT՚ӡ%]'UdB6[1~~ dhHH+~bv޲h'Lt? rl$tB7O&:dؒRCA{nYbz|,>u r8QzfpRcN^9/[NRZ`3bQ8ާvSh}/=&a@[i'43_3z`aԄ2!52\~0 w7 =]zEVUbKQD<ڞ oD6%Qj`|}os y`*;xd'? nѓ$5h4d>%tOtlߎkBҀj|ĢQЭ2j]­&=~KMq~[UC3ovh/ْ݂eOqZ.8}Yt}..rX(V+DexeAG̬Itm~0}cyu>}[D%"ܥ/ɴ&Zfq27o ,kJ]/tNXaf\1 ՓL>\0!ګTq,:$Zr-8-(J*Iʊ*_5_5F{4^G2llG7At$ Q/: *!gk:qPP uIF>~wCeڒ7&U1jKFixE㳬;hmx>D{=+ԕ}WIs6O㷊 l9)y=U$b<ݖuc<Ś{Z0crjRixqU _>NIֿj c(/͵XøQvMRZ#%[m*1Qg6K/)%x#. m]&dF?"x;h\Ί4=3Rd5^wNHe">M|\8a1tO`pc'z#؃[2}l?'z~; v?l|챑 NVNB4meԋev*/2~2ٯ3b iɤ)NG4d*peqc˯ R%=Ehf8M{V߁QY =}i9ne|Y΋ۍ&A_CNKo{Fg Yx~ҶIE.GOilX?'6flKl9 ቍ(/Nla r&K ˦ d4qȣљ CE_ҰE+Bs9IIWIш{L׻()Zuky SueOCσFIHXrG*5U ب6fr6^_-&9E{4DR #9Ki;Z|N&$O:8A-ʡ7>b+x|0J!:seJ.;.SHx..V\+|fb%;LMra<'V 0|$0r<d%R@8FJ_ff-۩s>J1? ԨrN>K. `}N]jCRdSV 6 U9ϱqŸn3`B?3x;t%EW7h)C m-CHq!Aү<>O=l_%7^nc/6;h},Z53sܽ9B &;xE8}WwMzyU&AF0=T | BY9ꨛK^ؖm3ݜauQ `'<*k3/x"v.d cMeBd7V.tsTɁ$B@"ʁ[ Z'GuSEReA9l+ 37o@(-2V;IJYԩ`mwlձ0!@nsa/L۾nǢ͋Gjqugl<_R !)XcxFL2ZmQHʳAwHe70Ņqw8 c뫨ZAΝwdC\ ].:ƞlM $GlNJ(-XV,of:6h71X,j̛.<Чvx/+], %1.c-$W?WҬMh1j]Nko7u Ew[d7 a_2;̊a‰׷Jsl-v2%*m<&eRZYc#hȥH@"u(jz#ʷb]] w/, ES%G>ӾMnk}CR+M7T=>S1闷7nGb$N!Iȹn.[|bW ́Rl}Y=ulEf^ Fڌk1*0y=\M8 -5/Iab{L:]ү4< QԬh0hFNRhxKK6mw:"aW3tIw;ʛUeGElG`݁ =ۢgƝqrpVWF#rm[zӭ]>2alL~R/O$ϲyh|bu oIGN\t ھu+`Tv~NS&#%X{DQ!Ҙ6n'uΜb~D]|J?J4 Tb82%npyo HH!ȄJKWg@hU oXByT&iڰ@'*.#-ݣIJ:yȿe5U8\ #d'mWg)ʢ3Ï`K$mnfTw.p˭TY0 M‚|oE̹GkФb~ tfswڊI9*9'CS`u mR VVoGg@tp_~BO܏Dg:u,ў~]n5c1U"nx;<Q`r]p BİaλRڠbLX奠…"0ս+f~E58I"mDf-.Z1j'pxbXe82U[YyZ1ƊާqF7+<_j?Rm4JO<~k SX3~zyRS%S _FL zdA ˌgr'Jc9P(A(1AV6Wpgw22gSsS3IH_y όwI$Wȸ 55 TCyw0<飺IA rh\? ise4A $ 6F@,!ON"Mks{c9{0rfm/{5v5n UYlOY`1@H9pcHt; > stream xڍP\k.,]ww [pAB -;_uoMzZZĊ*B c8Ι "*`bbe`bb%'Wt-%W::Yxe 4r~9Ɂ.6fV33' A<Q#WKS@dt%{8Z[8G 5Ow- gl}hbdPX=+=#35 t:M 7U,9@/ xX=\L)Y=/cٿ p{Og#9Pepvwٙahdz7r512~7@\H `^98Z;;18YQ"a޻,fg*9;OhvƿNf7035S{F5;K&"d@g; X0^{>^ {{@K3+,33` 4'h~?|GKw1I}LAv6y2JU0Egag03s38|;43bަaPԀ%zZ !ebg2yb?]&(!߄]llTSl-m<6xZ6r@SKr6z_!;agfc`bKn$n4Ut6kdj6v@Ew˻ҽ>yL@ ;;}!MN2x`rX9BBF'Q `d0JA\:Q?=??]gyoH 3;N?<,e `4|'f { _Ϳ;{ ;z_|F?m~j/N_ӿ{T>ni rWOމx kL\?}yy@صe oUcpC U ƞR5kQԪP׃6kML&km(̵n(3tsO'N.,2}}چvcn7XtKG|5Д 31Q\\=B= B_{Ȝg~%=f OWҁY~;>F>sWpH7(Ox@e4׮ gu滏;KP$'SOO ?|I5I#kP~NIĂu<13jJiۓl(=\J `h!=xl/Gtlaz= #M"[SG= 4W [AF0R}%E֟NpܾJ_y\< YSE$9эfk3UoܰƆwDhDq"\۱`1 qVɌH)oFYM>>=My 0u[-;xA?Ez~0XưوF1B_R-~cXߩS}cQOAZ ^+a,%*/+%byGHxGFY$&5c;o185|{cpiBKu;ЅV?F;K_{_N 7rB2r5[%jb}!`)_%# @xkr`0O 7XGB<˜%BFSk}āX.a?\TTNs =s@h%l0u_7mm1*}-nӆ8>kBL9J>-![: I REc9V[TD;d\UC,3uKK/T95UC** b@8'd_c88q,R^j/u0Bn_NW}58!%T_ZfWX'$x!T@+q:S;id1.H^UjeR(XvZZ -)j]YNOk YuWgZ3yίkd_ausauaVKfzUM 3 N/+36B-^LY?\ ue#|q\Va,E{ԛvzKP~{_kZgq,*rAO2KDʲmN9~zbɤ(b8CO@EcM-htQQlSiߕk^)/Gd<$K*OmDF~9vOj^5Qgެ\Hx8 ^.%o>7~Y_ zjqWkx^Ju"F+9׊7ߗjbi7߼1Z"kBʃ &3dxó!:F*eٕVZKBwB%n8_B6q\r/$Ⱄh%CL/ r)'MDu1e厤?"Kδ-8$;VYKŵ &D1Dqv#>kt1s[$,U5S.ԽV ff/Q &Ê*+>΅f[f(ZQ&2gض+\;ng୎֝&5PuMҪеYf2PZ_[| l :(n LV| @DPAWhZGq{C{@ @ߍ8 , !ɣ ٪<$Sv)1N KHCҒ Q{hV 1aJwLKt@$@jd\B֥*ζ`!ХwռaHgwhM{]]6˴OԺsD"K,}(Υ3@ ?ڭ=?YՆѪ:6Ii4RA}hFz] s_$u CG2m.9IUg')ݑqmvLAXwS8ݺUX,S=BĈJgv$ iW+lE ' R[RxK]}[% ptE_̈F1Ң="oIKc lbOR2rk@G':q7WzT&ԓ qTq4g)c%%TU]9|}h̢KBѓ/{ɮ%ni07˦ҌCv.Hoנ聐*&є{V`Nл`6u*#{d5Za9ܦS~mUh!N&; u^R̈*]"!N!`ESLɐx4AFHjMZky)`*ҽjPlvVݧ{uNdBS6cj>YC^mڸ ,]x4U9o.M@xIqG{hִӝN=Tg2 3"EpA/;׌BgڦQHK: ^GB 4ܻ_Yx T4`\9RrOTKSƌwiNn樐ԅ!@O~tU1I7tYy& 'lPA~T#1'aMhqlB4vWu=T }?HoiH-X|'i:r4&Y4%m"D[9xyӝ%˔֟܍/>(\D:}q“Rϴ }O(vvnBX .:nڐ~=%/JJ❘С=zRP4Y2w]~]o r&մB?'~jI @4VҺ :(K|݇tj.o"$%[!Gj{{q0~~9 M] .w: GC&E T}LNdIr[a$%*Ԋ)'.sz#u}B 2 V4QhR 0 ߬:]M7 ,^^TP]'d8|~ݱ#'?[C5{JhM $6~I>\$zӎy`cAD@1P8+aG&`%Ô||=eh WPkKhw?B`xfW[/[72j6\$N8vX4ˁ.҄e`Jœ\hUkw;|CFTiG*k|u/#ZGuRYzK~R'41D*K߇ccT@T_|vX6M:7ibi!AC SJt'}dYA,4ӾSOyTbc5G83㣜7(J4M *'!Ÿ_"\&ӿW.kL!Awbz֊ϲ3:@ĈfF .tf!o_tc2<U6`+b^gۜ6QpD ԍG] `:/l JL #@F"W/)jSюwj#S[!I4X6l׭(jEd 2E0-F^3Mml 9hn曢t=MKU3!8[ \3v=!WSZPuArv({4XsN#4$m !%ic;Y;ɘq ~Z]q`RV"!]*+ܾbO{-:~̝ռ/(iTZ:Zyj}Ă߂ ~(ڃA)A6]5\MY^ncicNORK.F)Z-w HhyA/U1GF cm EWHi d斚3H҅--\ҭSyYCEb畱%Lc~'fRi Б[ס|6@J?Gڬ(SFaz#cPOP#!sYJ Qoac$-;wtf(VC,!IGb,,Q7 T 5C_i֖ r)%&Df`[4aoy[WW4#{QCǁ0 TffqihlkEcT@Hf Dӹ >~9#) Jf{7%Z1iÛ?!G1Sl9q,p6HTD߾HH.b- s fiHq]J^3n".莓 ~w(",$ģ=X#Gx ?5$^3zŅr/) ozf4[lWQ:DjRZE^EzEFeT.qリ7F( ry:#a0;9Co _]{sKf,!pruiifÑgê̛|7/}{s+݀& ɅSW=40l\ٷS`4C#:v Q7oFҡ++(p-u965]ꝁn+57ͩ~<ARa +DŽdbl>)oJ!␰揑FvUaE W[WW8fwW ""+A0 "Xl|Pz? 4DbNz9⸉*Mxz̃T]ԟ$C=;Wn lhLbxháir9Dpa5.On4?vź)&=WMusbU?8ٌ?Eԙ ^\V2g9} فtl?;tpuA3ÉY{!vU>9~[C氞*rB?139F%,}^7B:p.D<޹F-7β֝T /Xp}*:D].[m¦;m1rPGMZE^h _Ȝ/FkݡP5fb}З=[bXxʾe|}h(6T[%d]AHL~Hv)zE t1U-4qJ=W`V  O;AֵL8PuUᝯ'|,OK;56͡S\=KYNwkM+FDUW CХX伨mC_#u;& CLFyLO϶W~v^2Ri&b'?w`]^%SVH:Rt4ekvj_]j)sY&oP`U+tSIeT4Ϊ(>mQ# kLWGÀG iPnQxٌh3IṬ3b}x)ҰGBAFVB"t3[(Qv͕Qq0Օ~U~383{b9Cee""ĉ\1b_Zĸ Gc gd `a+ʍ]!:8ASݐ^D@oR&ww;/ϝw.r= |d1#[ aӿ^鏐D 4c&#y<^⧽̯.:_J/=< Lx"߰ل{Ƒvj;^AW"L߶-x%#'^ /8Gܙۅk\j>r urqW7y/OЯIտ &fd<{!Dk=tjLRy'khw52ëOީ)B+1%xHjod.;7Q5Zˇ(Tq%zuzǫSuYE "-)g"! E5E$u=|BBr$6ճU;*b;D(2ŀg/,I.?:&>hJ2̷{ .9>rb͵^W|ndqj9Eg8ܯc_[WYxvX9$ǍʮY,"z1`26574?. j>{J 5m=$Laa= Di|U᥸:|G|RG|#"䗢NrJ1>uӂ f7;+mpʞ.;='hGU$WX^t*2{UX %/Y~T$XTgB* DZW? OT^疘MHtp3PcϺHԖƣxsGc>0&>keٹZb1p,CcTe1~ϳ-BPZndl&,BB+=GMpY\LA`^M X(f]!bҌMZ: IgR lpptzI{tVQftVEy;,E՞[$GJjuRYEĞFַS>gψ KX5?巡U)ȉj 9jlG؂vl钖$@t֌ ;[D.º5b D rLCxU9OC''i(<券2ɌD9"{yHfG% =AHP"Ft-J> ?bA=sQ8y qb ( HgS+Ը!([kLfaՒZκIV!: j?8J}C=)lyOWsD_x u)l {}q/U xC^qOIq,^[eI&zjjBS)TPY<%F_|ƭccƙiI\([Y62*9 aQk ہ B5jΆZB)#3̑_˨YMBҷB"=:hVp4x61pBK$\=Q>ܲr 3Ծ--j=BK6pYݶAƶ-lGD 1^?\Ycw?5ܳ_ <[THrƥzAv{wbt2}꣧2GoyDOp :ce5zd?n!EѨT r7JaroKnu`q/x~٬r0ƬМE ٷ> [ux4RD8Q89Qie|D-L[yϲWMᇭ}ofmZ[[|/,s`V |U2wC9*L|E^O󋰨(%7 t _!OxOFЎryi•)T !Ю')^˫^s ~s #opcHgt쵍ȺL+fd_ 'ON1zs V~+pʁX-`b,Vک6kܐ;^J<{AU)dJ& Ƈmc,n&ZlSh_0XzZN]XBvv5&zPXBP3%ϚW&U6 ŶϱHD0#je1WlM{m1ksVEgoOA2؏` H"!@u~tW;O{Z$N q.( UeCRĔ ; %WF[ :,ksC3" ojyvaY5! s> Bhesu nRJBw|ou݃޼8i.$f.Zɗ'4W*>]/1 0%kI^>bGYR/m8/^Y`C5=݃g&Nvh燖$4'G0f C%į 1Rp !!2y3p!+I[9y 3YZ7@ v~PBju?R,77.$6!<"1ĥO.Ђk wؠN5ksRRZ@޺8ּ2J2ZLHEɈN.ҫM}%Ԁ<ʚ"ځ)2ѻ[(G6J,_5Uk _aFoOȜEAz#)M@LqљƜ.\F#4uT=X /NfTJfdx+L4B{K% _^l!ɔIfWT1O){H˕d_P/˨1?3#X+`gJwiQ,hZx.ly{/Ȥl#'$Je^|QUW<ͼm,O#W~4/~s]ebb!ϋA-Q| #74z'z DY1m3$cCs'K=Y>ULT^ͩ|?QmA>IKL }-=d\xT(/>yJcx *䟻 G;R,e5hh `]i.α;JM.ۘ^ƅ&sf3]e ܕhJģpn(V k΍ɕ%[ {25DFRl_ym/ǪBv 4sX"yk OJ>v (\q+1%?:ԡ v Vs1k_PS[6<|7s<ƋpB8=98ԤtOU/":U@4Px&}#ۛ1v{,>H:Б`tLu‰k'9/) {{*^#?mOAj F5{`藞,_no/Jh +oEy Ba !Ъ(W\ .)60f~0m{P9umIh1\ >`w{XN7U꾬 Ba\5"Űw;~i w{+pSkq5NNz;Q䷢bgw#*f_Iۣ*z.$+-Eelk>0bKpaS^^U,p,垭 ǎ s_ﻶP.xee/&{ɮ4ЇPG"aM,(al,L 5զMXPc0;'6N S5X7E?A507 ~evE]Z6%Pola=!,RPj{IѡFy\:"kEI; AG5Hڷvv ;jH@A+mhoLK`=+I60s4 =.--d! תА6G'JG,$&2 }q/'vF(C[6>j&qo(PasD_F> stream xڍPj- 6ݝ 0 4=wwww[p Gzi{ITM팁v`zf&3\ [@ttCCh~_l2fV33'ߊv<1#)@ cg tB ww[_+ʄI9@21-6Mv& \PY< F6N vtWt:MK(.frjgv5r^ ӫ)*-PKY_ t`f`;eldbbgcod5E 9`dk[dmdWF aekd;18kmMEll`'&}wgql\m=@f0ugT98y!v&&&.Vt3`@[Z= 7 ;:=I7B`fLc9W1_An]c07 3v3j(h]H;7'= x%#YRd_]׃߾^3ؙL^?/:_<տ? o׹u&&_+49/+ 6za[s4$r*&ƿd Ts,zf&^z8_uw;%ca9:#0N ;;uMn 1jx`fI9¿EBF? ( `XЫj_{Hn0d0FvΎ_07}T^;anozX@Zik~ֿZzD}?:ڮT쯤Czqb~-4?UX^Sw|M/_izso׏4AX3 jw!L\tlsGOHXwNF]Z"~?w$\G^MhK C< Y)ֵWҭxy4x~GyCc4}9sp`z74gn(W3Y/21Ǒb-"ݚ ~,Wndc2Jc;s=FrnIL`iON '.}\.hqhLHE`0 SZ?*i@yuTf8pw%buy[YӤlҴtV_ZSK.#K 5T#ĤC{I&xDtjT3^j }D_A$h]oX:sY;J>Vrz,yN1P50l]GhS6JZl͛`G2#F>ގgI녤w7VD@2)Z99<(43?&y+QQz}Av-yVUQrLoհLwzHD6ǜ`v%g;Z|L. FTH1Le_MSXXfMkȪ@r4FFE%X(~KMZ#Cj*M]:g>bD`֔ć-}ei;R|Zm' qLS6 1n W::zRsK*hE4:KvFa^Sw 3ĶQe2es^Z3| bQ3- 'Z$ T:R?Rwg8ibAW3HnP0j݆W[`8Vv租8aj"0O2z`->-<V򛘋[k 񻇊y!-|!Պ!ƒcOB%;t_ ` x-yǎ9mqؕ75] VD& [z\wd "vrH~fd>o@;d{S.v(I}KjCϘL %pִ2|[ɃcggHS8E  *y_H}YT($Wfm#c?JL˴q<+@ƭ&kapF`y簡.V(>q]%AkWOmd#&~?bص+d'UwLB 礜6Vm5GZi:ʉ?EdN0P^oK`ևp7uuC2i%GY? Z鼩U(ڦztd\mJO?w1m2 $boDnj"y[p\]5)o]oҏْ/ҥoC כhi#.ch2|;=VwE'g58gsblR] gJ9HsƍԦI]-Ӱ,ojx) 'akP&~^wKv rD'6xkDk]FI4pqP\ ~mPlnΘ֒S0u?"\Sٿ=4n]_(]̍pOQbx%+ߍN\^4Ƒa(x\14V?z˵'G&wcD"K; وՂLIx/'rgZUHKkwbF p;F莭l qsBxwI]{.5P@^13~%ԋSɲV s줍M_2xYa^Wj\weUH`|Gam^egK?JU5]6`W*2]0ﴫ9j2 \7ZQxh@hVVڬyV~V-89ZxsIBevLIHQʎ) /C!EPm}иL븬 :lz}/k.r)*l a8XP# GTfLN:nqPHMƋr8zp:V_Hޑq|[*1pS:Zо$6GzO)hI5n?t1rVЋ'[=vn8039[G;d4CDǫ LtPw< |7MzPK8CbSZ*pfA &yzn`y/VkzӀxWAL/?޹riHx-(ʏwN,<]6@ΟUYc|cX:9񌅽?g&5ȱJ eC<1{UQSH ueYJ.eT[0?gX$vv"1sS p[5 "vݜs lC_1a/yL;qH|ZF@Y$}?ڷ$|6M.LD'ˀNhC"j f]~/rߪXXyn CkR\<πl_ FE7͂%FngXD4cor [|"wDE/s㯘ISUEw݇tgfH*ФO!CL?pRH 0g^oB"I[X"ik,=bP撺g"h`.oŮck0&p,;gD[`{X(]jviՐ8F trwCPFC{t=x-nжh:#Rf#ThD8"uqaឡHE" ï9ҁ{ixIFviһSAvs愿Xc"bTJ(Pv!U5>/#"u u - ʿ>dzUR*pȇӊ|F& n)Yg;eXcxS5gA0aOang(շ*vX~c{؊,J-b3:VQh^EaR>_aAnAO{k o][|_olY  %̇ C3]&S?J\oVױG=/CߍA'N~]u[í'M7ק 'Lh4qgn3Ag]+6h+f=b930> T>pCf{+QZ'`SpxN_r~%5{L0ƝXqu<]*ftFIHN} ^UEږ㌣.1k^'el}1=l!T_pT\YIKF,&̇dmru(9 ;^OqjOk"Z-i~8tZ~ݍ7 4FxbF<;p[ڽHwz3RCCy~sfOiD1Hlt&Q92>8gTs{t $tcMvLnrBkY6.ϊ0Gi3>,; jmvmS-=eq$9ś,8he(7;LXF5}|QejШ#(zT誱btZC{_߁z瓪qiDu!2yd<>z/][(.-TmJzm4̔\0q5S\Wuۘ=٠f|mg5fge`(G=0YjmއGK-~>΍j>LuZ:q>Ne:+-Zz'Ndɇ^fjuTav儦tw#j~q8D$?BpUX0MF/wiGjjm6Z _kTy7N%eOZ 2._x)ѫ5e Qa䑣 ͭ>ݮX Ə~}It_;W4꜖~4c,J؇'@ľn->Ñb޴Aaa2޵*z(ijFFDt#*H#XH3PwZb#co,YAX&}DkŒDg3S+S;GU7J %nk}9VԮzk@vt ldyRSbغ拉,iW53n(wʼnVu??I:qԜ72pʒK'|Ɩt*iw=rڪuP>{TIH#vyo&w0N3@OC:B}",X^h7Zy$?+n dZ9+|O[Q[$( !~wM&/0zܲ3I+쓢lp]D=A8IN؛.F˴>9M癤ai쨊~U+X;Ml'ZDv)Npx`߱  G~2{7\sjıڇZ׃zAV_I]C2Ҿ!_gz9QVzsG3 gaLO( ?'9HC AF~>yݤe^'h,@vȳdZ/rD_/sA5(efgqS\bGٳ2Y8♰P= Y?dhk Z3XtTo۠|{=*ӫeZߴ슢 /Fa6u}A3WzuG'++aWq7'ߘỲ(()*/i*򿿇nOYU9~9pƄt G/d:GX#km)w%gj6!ÆL'}EŐF TtSnǵ~%R'7ߡ()F=,Y`0ab?IzLe h.  BVI xͩBTm~=p]hktN*^,M+28 Krn]0ҤtXUݫ%vnPdR#c}\o?d ݿm<.e-RiՕgUQYQ(p BT*Í~#4Z[uOg+Ec6GO3NSh'q;˼UE]W4^g`#ܓP^ˑ>|ut6^jį8q%È4Gۉԧhglm lSjw/b=4r cyˋ}uMSaZTs?z.[ys9du{4pX]GIR3^7q6:[䵅oh lybfX Msx̏,YsbXq4,ulVZP%Dknns9=gHq(pd|f*=ip~mPak.xTKb9&[pOlS0_./l5yyօ7gy/_V,棕_ !k:(cEqg ב){0iC'r・.^⥕mܜ4`fmKs'̇ R{?;n* oA;V)4ZVXKMH5f$yoLwaKGJz"_Iib yR'hCh)}Vݭ=OX~,(Z\&F: \B,ȟ%eoPhϰ>O Q^&CRV9_Sd"?l?KԏnQ3} Ο:2P825"oWkv?cjB\eovB܈1%ΟlKL/kq;6$rzPJxqG|p{G:! ǦᦞSV(uNߥ` 9JRV[ [p?Z<('jq4fdJ[YTsC`pš|Y&8;h<<^O$ocsfSR.TP.?XSLxL̚BikX^é[ 2ſɚav.~ΰyԨ%;|~.Kot>SO);j U>Z-+|cBS)w49>{^(a; вJt;UD&%,u2eXy[0L 3х|ASymw,@AAuφ$ B4h?=OyD &ghrl 'tHwjF!ӟr=p5p>k\w4+bgJ\~.P\aW 7&ORR[P)700['9XF?E$w烣~L"e^MDK|zEk"^,RFՓmnW$fspboP4 l* ܣs-g*&e3^\7Xv̀pr%TQ0erhfg厜b*Wҿgt1r fgGFTə"XJ]‰VL/ޭ/|U6SF #?>Xj\*w o;G<@0w` *bhs _tzbD\á1Qƽ@gE9?f'#ٔlt0Zxt)+lJN3hm`r=&­]}ixsüi>q_5^1-U>X y/Z5GLjޥ S]ڊMP<hG^ذC+d9 >" \>,lsd=wK%FٓR NN!#.*񔑵su)Z˾劼aPz҂E+>+K*#^΄GQbht4G }G͐n.Zsw\LSxL).M!clߨg9%8O7NW'bÔGtu4J 0'>#iu_\_|δG/㣒"MdIV8^umHUУTA2h G,V^:t$qQ!)f? }@ icvw WH28*n("k;.WWnXQ3'e$iTN#H?c]BϬ3sx0^pCB{^bW fʂ{ z,Wݶ_æ,FqcP̝eegN^^V4neF$09IY! jIK,82,5 :ǣ kQ R䞢ssk[56:N\{K\ "܎]Sr( 7uJ幛!%n'*6gy^BD6H">SZHox @o#Xɘ|uk^9ċ 2|Ly!Vwjr0ǘq%r.^Mm`vٷo+3?:᝟|2ʜ$'iZӑf</ӲZ1dH 1Ūc:IVr*zmUWֻ⻰&Ar"bi1/EV4:Qe>WӨ( endstream endobj 623 0 obj << /Length1 1588 /Length2 3309 /Length3 0 /Length 4308 /Filter /FlateDecode >> stream xڍt 8mZkJƯ,3ِo%e 5f~h6E*[d/[EȚ"IDI"V$|C_]s]3sss_UZZ}H#`1d I"p% Rt= 6bT1$*WA`Hi> Xk8!?ZSwA @m  aq `4 ;;A1GZ"y=RHT ُ@"XX2|[#bt ;!1lzD;K#PtU:#|- {d!D :d># IJq'8Z8&~LfF?8ldB@ozN䚙C?B6@d@`И`p,p=dl3O#Gl!?Wp27}-W/WA*(R4ԁ`?@4')bSY~wnA[.u?}=,[ H\þ?D `udwŵq&^s dA&_gC``=׵|hmψ2hC^@@^.qAgKrwX nmPFAl%${qﺈ*`<YRfZGjl8Z+P}pPGzgG l_PMSQK:IߍuU?R b!}NWiXBKM;Jy&rnè[PCYtnscQC>>qm0 5J{{߭nr@Ƕ=_?-dJ֜^qS]ʢ/77ۈK1Ś'nd&O!)Kn>BLZ|tO9ڣgܮwU:g5Frg = Mwիn~!~ֺ)Ν_3K%>}6󄷳WE2CfugH̸PːoY)rKM^]["/i/2mt>-{g𜃯k;W]҉jf|ya7 0%6n 壳:2Bf97&qE唜b_ _-r@Du ]p fjoO]OxTYԶTϻ4֘ģTu$H[bR9ۮH>S!5BJ5}=x̘I}n6S\GEJW xLrzZ?঑=Yf]f|IH)'u˵}U<+;}>"f%bn9,Z3]9ԯur1ުN@T;wQ_S_0<{<ȩSc0za6hV ^nb:89AcIS4䀯ɕ{:Ř %|bqA<~o}3m]oz1r#[_ e}Kӓ{A 3]؊y\hl 0D޾br2r M2H;&:ME|~!Yݛqz dDuxH &v*w3M(eSO$>Yqbj8`x{(Ď4p4YqRvOEDwތ3Ҧ.NՁΤgO Zh9N e578G2 TDx|&^7,c,~U>FKרÏ.|,K$9\.3v^b4\`.V|% < u\ZI=;fx"Q0AOiwwrf;il? hAuhpUK^y7*j}8>d2)Vy!ju1sG se\-ů{3b-g ۋ.=T^qorq26kSF cTmtg~ޓ%#v,کz]6cyLnŎ62UNggyּC вǯ@3N9pmvUZ"cbG'>P.pGe;b%s+44>S|>'ΒǍ KdOjm001:d$׷;H ?ymʁ8wwd&32׽U؂H",ZwАUTvOSLx9#։gGݫ]/ 9 Kr#W&9wHD-TBWˡB й/v7P Tї l#2p&%9yGm} wScg/ +p4 F] 49TUc~H<+ʷjvA%'f.zk_[cSnu{֒Hxz t?|,roY.<kųtӁ3YZ˲u/ 'XVЗwϯ,]]):$*^EnZWc%.bZ+m |hM]zHK )^Ǚ,e jUdǻƆۤ^"zf=8ڠ=!˰a=>Hky.[Rd2m$|TA(bkOb[VXLM3THO]^\kgeۮV=Lo6T$}adNt.ގXV%coְa,m.~Tˈ8qc`wv9*:2= I˜rI'}y64Z\b^[g}㭩[jbMnB{^lf| nwkB$lRA`/Mccѧ=Km]M4USbfG?fP+3]_$؎>Uﱔ%fg lLc#=2H;L9Yd s]h _zy.?DDzG:pSƝ*yCg\6ۊ9,xv3}KR|}LqRɈ#zR[b%g91\3W('+w[ 17>c+4AJތk]ǥq~R=w&]+O!zcHo?WEL^ :=nqwi-@C\p,Z \?e,Xp8\GlmgbX="{T u\4S(J%B}>R# gUj%2wd`|dF5q.ዣn2k-r9/a6+}[Ott8w[-Voz="i`ܼGk-L_@8 nq? a endstream endobj 625 0 obj << /Length1 2663 /Length2 12440 /Length3 0 /Length 13949 /Filter /FlateDecode >> stream xڍT SҥHH#5tKtw3 C -%]twHtg{7uΚ}}"f1KC,@d9ii5vZ`gk `S(L&i )BrvvN;;O,4u6( `tZ ~@v~~^b`gk@jE! k0?.PG66wwwVS{V+Ff5 v;(ڃΌae\bu7u`;kf`veʎ`V`S;+/cSbhi` XPfoES; sS*?鹀..vSdVe)s =3+'ߝu;x,-~'aȦ` G&BYn  `oaz;B$`uvzy_0Af`KkG01o k@=v_28y>_6mi=]3L\fppr<:Q1R+H3Rf `xq 7y27߿vcS{k;`# " {e֮{* 5ݿevXCAV b+fgVXS,@ d 7\`6(/n':6Fov"=` 3X@7&[7?"^#I>"~Կ`~D6G`{8l &`\#qQ|D0.JE_`,#ExD蚏]k?"XtG/i9`nL]@ְۙsqÆTLA.v.V8e`l ہ-m:a[l G_a@;lKaCf|L6lD} GX&0nn} qubz,vct;YalaYVGK37 8a\~_0]lG0?a9:>b8ži? #&ph$`N(Da?7 [GaN\` ?##HD`Z97,{;qaXS? ,V~G0O^`:qj{A `MMpU;(Vwg[RnABקyb;kϾs?4mV}R#ڞXm2?ʱ#ѡg`nIpԤ~&:Ht=/#DTqYnuBp0Blj.^!^-65IaujFb)3z*oXg^!7LnuI22 #\1#nhGȷRjP%TTN&KϏ@L^.`cVb{3_uY܎tݻ^(#njfǍ0AhZr&KR{|P,KQb3b 8f%nPI6Nπ)T1hj)sYBҭD(̋`2tATqk}H>bo\*SB:0rӓU%=blWuĜ>-*rXvxv,p`<,n|hFݡhOu<-L LZx@gWpk Sf5QOkDRM\|@ϣAoCZ}`"e0 Bu[E̹\[qw{Rhw;"6 |^QW%+tnb-}{rjwpK˜<*<ǪR$QL).U3Uʄ_5qx =Y4N(KZKLaڹ:\fi{NyX\JR(ƨd٥k[ݭsci/sh9useN?ϾU{bF|p{VDHH9?xP 3wfΌQ$}$q TrzW]z`sJ0|/, tf̻` Nbt U yL'TSU" '![@qj(gz>>q6WPWjA"|*zK;֡L^T6+fթ_/`y(c$)@v-X^15tTP9cn%}ᄫP2S E(el _ &w@+*Vf/yL ݀jG gN|yk漥-8Ka"e ㋷kbl:- ʀ4o4lMRM(B? 9jzSQTaBbQ3ƈǟZt~z.GHBr5_^Ղ`>৲` 1z()RĜ^ӌ&:b+UH$Ĩ] 28Ǿqڜ*U{/s'âX*DT ʥEY uHgk"1<%U<-O^j* I}r8Ik;kZn~էYdqwFv.onyπ3KaLb<7Yf%G=FJ"?[3R!>]dmc#^O=t$ G2܏ʾ>Nv:X wgBߟRN"uZ+ofA'HT6("9m<50ѯBNx_[&l߲?1x]_PoBWWݲK~H ;#:q <&`X{3nj5 `LK=0T^J*/UoNE {I*6n< ];td){ʮ:s"9{u[ܒ:DZp6xr$n=n+kw[W;엸^_/,,kI`)]NE`ܩ32?] L{N1¤&؏zDϠb>(i$﹎'mgí }qvHDnn`[SӌBX$6 H gA#&]Dͣ%@:1Wd#cD0b߀\WԖʼ}olu%|!x7'=*#{4lʄ--ƣ;MAEcB=ܘR!(|c񆅵̴s J7WSh ,/_m"P0:Gk@UG!k(<ٓy)"s:[9bW}vDLDb@+Dva hSr`X#@s>y˶1]W ,L~YKpr9U#ͤjqNg]i u|FVl~d]7š<-8ll"t%M EPZk*+n1]Z,h/IlqadIv-I\a $ZQG7E s8I%eQAX ~qSI-.ѕHF Yx&JjύK@}&r}ge^Ơ4SтQe$ әQaۄ2Soe۽6Z}lf Av8A. j"8QHWJUAI- 6+˻Y6 'vLc)QѾ~+m.཮ anXG̹ZXjөEίg4%yhQmw `i\ @ Dt:)Zoތ. [} ^5{?@fbESBD =;%t]$Oz\4ܽb [/JES\ə>K$:{&k%qQzb?GR&,ܳ*k/c[xmG" |VѶG\Tsfb,4a9ڲ;牏Ieٯ򊆢  {eL2g5@s?WO7O9fzUߔiǡߴ*6qoC͋2)z$Dz KÏ <1quidR㸱/q{@^Qiu"U欷a郃o෭ z;1K{>*1'3bI n5T7Z0J)!N4/=EîCYgTjWf1 ꏋ^Lt*,xhx&[㔥;&Q dF4q9VE3&k{H;HG5CM`b7mt >y7v-4. w|E?ʀL=6_Hd]|)fwq 97“U(Yvݖ.0Ĥ?>(PpN-+]/u+5GE UB^NlT暿˥]T@Ӻ6iгG͹*Lox)ZL ojӔ.tN]P|:3 &;x}o;iǡt(l(YrtjCR۽75ġI vhG d_zI^%m&r YГ$J7ʋ[-N} R{y\zK>8?A\n<)S(8X{ۛOdCbeSɻnZߔ߁ޚsxDBD3ly xKEV c:7vJc]-P'BGVc_(i˳c697Y4$qfgFc{Z:tN[Sx$ǧBM,+OzRavKݡm4续 thy(7_N ,>Dۄ݀;ҼxxׯV-I<`8Il<""KzJ2DK{(\̎sֿ(h ~}{Ӑ RLBnd#qd~M7*hԜkaΓ/+E27|(EC'b̸vo Z WѩJЃ/Xw86׻¦ofћ,$-ra9PSdoG8Dˏ |ϔN۵S- 8`}qIa^5J/cKwKrl 3V&?UV\Bõj"}2%|1Pri7A,sCkR0K[%XLwM,Н,u7kr"Di-NOBvt%<` FClSjhzg,dճdx|oh/~ U`>[VNpaTntvGFw_l}&Ou j3nث*{k4H?Ycp&E[[@vʘGo esYQQ0:\`xMl?_P-n*&F^#wW%ᬤЌj߹ͺ XNlYHOA;Jq#FNMLxmįhgkXJK"1+zPL%^IT+l}kD-%^R<QRMs'x?M65_q>GWތ}^2ЗyN8l,ivf/ε%ڳjW_tw 32*PmKQ0gvwiOKV|"9G۵:M-&k: i)kC X=ZI;sbX?̐{L^-z͏bgPa N3=Dldu텈Y0E0ܸJ+]|Tg#[kL Ǎ\^bNڟI[_Krzd7v.5Z9a8j ヌdJ,Q/iH;V/u)}@^+E>*bJioyF"ӚyqRƛ,^9%V7n'P? ި7T/O24k$ʵ6l\BQ)qc JIf&56#rW7JӀ+7F;(k^vq>U3[l_N$*TkGUZ X˒Ż"&%Ev=q8qXۗO"&c?HQiWC5E\3$.y#si;-^# ^6qLOHDȧ0͂T1\C:mM9`ӟFWgk!a[xVb}h.ɰk )]8L3aiNs4fJ_`]^X\7ʅi7*K(o($EV,TiDLP #*0YE:ҞANg8!!othhY{}U&ɤՓ}.r9'Qդ5%<^vAS6WIЩ"Kל ?v208;>֢KN73luO)? & XvN-B\}wJ]@rc꺾Yv2<:GC p!u:¬ #1 7|w GM^)F {U^~cwKɃ5<Gy4iR_iy\byO~H]|ϭaxnŢH+ Ǽpb9BC d̙fꊮW@i9hͼCcv0˾4T{GZ3>rS䩝>VLxMЍAIpP گJ{@Sqa|,њ}lIY:Ao薺fpH jr]:.7x_Gt&C}WGw$\a\iWe<Еh˜qA$ Wxr i|\54VL0A8F@OSryPkUfz-T9@gGqL)D]<%_uEFZWar5԰jg|sxe?"7؉~5{>OQekK7'-)PܰKZQ%iNFTfdؘx*Jdf"]G b/Sҝ|7-|\gg(SGʱI/s$\jUOgVqkvbȨ6?mGFpxhk4ZB„*b.!PromE\׉P5o|9Gz2/y[lj<_CDA$?k#vڬf6;g?^PL/9&?$O3iᲳm< YE>ٱk%ygwqL;bf؜~r_x{.W(>ӱea^SB\W97d[*3+缮)Lǒ n Na-T=b4:;W|lsi*j.MyX#[QwnԲ єy)c7)QzqI .v0gEV[G68<4qRbUrB{bu76c<3ae[4r!f1@6Ok \\'NaqE-} 1%0>c8Zf2f~Qm`XxMhAEU@A =VxeMhّMTJx.= mM ws"gFTGkA.8~;q|[&t׎ xy^XE}7U^Ai50YE^/.`x$tBˤQBV\:5=P] Pav9eB27A7z|]RV#\@FTQZ~.+@-w #ITᖺ$|Dh4̔B[fR%f"^HxcnlߘWj'%auGZ 0uPv_:F'[#8/XPޥCXjtLô2->I9$-r6O~4_XXLy=١:m逝C*Su~և%&qepbjUeqb8wlsq7(?d| GDD$l&x|ܹNO|Hk*zkjK3bbax7QȥWfӰtݵhq$m dRcFh|tRσA(-DR/ߵ nv/̈́BkEh8tR(eC1kE}=6Xл/Hԝϟ)$ xX*ɘk2+9j`v沨 R|D}YH`bp V r;CkV(M  JkJ+K⋼BZ 9v _Qh F _ďQ"R[  J  !:IA?!MpmeAr XR@di8x䣴ב^[f~63\'Ȝn'7jSVy཈ýj PTa{"r*݊'/x?0%zĠ6\=ЌPv:;Ľ\,Oq"K*"}Id)9AE qK(al 1!5j3I-gEVBԩm+ݜ43<9.ds0ʛqJ]?Z{Wpj\bXZҭ^Q7C^b/ Jcx0*^:q(Nf8W 2̫X fMq˜N8L4tM GE۴Jhf/%> )EG(jͨ X)Jq iIhg!!1rO̊zkQ;>,m gԾ8c'.Y ƨ4C_ኽ#pDTGC&-XبJǕ.>NV]F 1qhPތ k&KNMR_uk3ܚ3|z&dΙ5b;gqcO34M1ul F^4.+צU(P,Z}D/ r_tRQ?4/8;Jzc#GŲ5؇;XT|9<Ym:{b%ո5#YiAY&"9\rW%-!!7~CI5keJQT+cӍuOOr_ۙÒTB }%\,zË]z"5_$~\$$ʺW踼Yuntguɍb5K>kF[!U9|Ϳ#/L|{g#&?WhOPE=7(}s TϽK;;PJmmN[=+CC7yŽa f-rEyaib6W n*99)W/-V'FD%c/0>VBppo'LMuL^eQzw(ˍ)ѪIFOn!bകc/R2IqUsޡxoB)'oitG+NȂ̩q ^ َܾh^^__(hwcqVyM j ԇa'OZ?#؛XoqE,T䟽Ͷ" Cv4Q[=>>}9rYSxv֕20D >yE_vs7j /+S(kA/{-Ցz2{QyD<M2֗jaT\r} }3.߭q$*eǵ6_*]o fP |35F~וq)!m@˘卯KEڿ*3-lz0ey_&N9 Af[V'P=_%?<I Z{@ US#ߵO_Opo4 +33>clT@@z`]$OJ֞kd/|*$ކRuM9QOL0K0ջe{ή2AFI.twrv_M';<"nS<@e 3ܳ .qi8yސg#:V$8,W\e_z}MA50ܥydӰ5EfV.{l%nQY&s\3C>O#8s+(>cNRUc= ~Vk[Ȣ "e^x;0p'-lfT[yFj)T5-Zsʘ)9S!T{EvzKd,vӢ}@=uF8H%d=ɪφ}/<.HW|ϡ;qj;ELB̌ʻi+Y9`ł`en:>1R2xI)/Q6Nh \30bķjn~{'l^{cE>Ī"WX`***98eE8O,?ℴҧ k< PЋN~FcW!@U#W|Ug0J-T8qNc+#$E̫g.sF~+[cE V3gD'\ŞT& .*ΟHGr򍚨CY('ivpJ_# xO~dYVwZiT#ru0z!-z٢r6\9 tLVB‡3gf먩KCKiL}'@j#;껢<}*jdEd{tzP.Nɒ;S~>w,TOuYZRn|D^9 12\&ޙYLڙ-P(N1b3lLeӑy`!Rʄ-ྣ$bK|z6"/- ^KeH[Ψ 0vw>o!3YY@|,ƼgtǨK- Z*(ڪ-@(_!PRw Gr ݋dQFE-1 zglņ3U>fnɫb_~ӥ&E5 (>?RSk쇨 ˍ/\au#jjg%Rhf[PLcW&Rt=Cw 6scЯ9F@'XBZ &1wŁ(p+jS" endstream endobj 627 0 obj << /Length1 721 /Length2 4672 /Length3 0 /Length 5264 /Filter /FlateDecode >> stream xmrg4ju :ѣ D%.E13 3ѣN"D'щ5DF^7]Zz>쳟˥A!0HDT`n `P<V2`pb 2^ `@D!c ȹ*➋`+\7"=`tBTʹ @F`N6NH@ CqA- p'0h8oM8?Ю,Z-A t4x5â>_//u'!p$ A!dM m<?wt-w p f?wrCQ t1p 0YP_z9 $N醀#VB- ]O?ڏcN;z?<50 ⯽bP? \""X7Oa#i|žc4׻9$ #d |r o Y {igKX /(lok} (V{"B-XOΞuZjuӘ'OM{$ަ,}'OίmE3;1|KyzI!TB3`eda0$3;6/3?=KqrytnEGu2rHtn%MbԈpsڧ BJ ;`e`FX(8WD"Q/]*\ұaRƨoV@~CM…bԙe3'3'>]}TJT!{QyŦr؞{ } 2%.Evpz#J, Jc9u}-*;\pf4ѫ&wϯ,3o;!@ LGl** 7$WWpYQ5Ϛ5# o9-ͰEq?sHf =R=]q'b."_{88  8ixxs=e26R>-MԜy$l$Hr*ReK\w:(_``M:ǦBԲmhR@NP >ѝU%' 13atLjgt4O ")<u@VoYA38IG 4_?)o~[u.ᅬpLw$,ttQ[ \6Qb})Ŏ72K@w>T8~5,N乁c-Tlv#$I2<-fJLZ摳lru^Pd<=.m1MMf+km(=[3/71,(m}!\.·ڔe=D{ωM^ E2 !w/3+H6= M4A'Z,Dƞi*s\F. ONޜՍ 6 ۹,W!#%Xfo߷90 )!Us*@>i}ޟ|Gv-z C-d9Du1N,tA po%ǞMݩvIeʾ&Ĵ6flVk;;v^-YlM.#&l^D3 KYOhlu9ZM:IQtf\jwwŶLaG|-;+qm@٧ N4 8$ZTcg3-KVn*?CmY;S^cyס8'"R\R.E(/^,j&Ny[뙧}x0Q;>vdJKo7f>!ʏs5hr\TesnX͈S)lY,W%!%?b:I9;D>b60*/꘤p&8y\/+5D 8ǒܚsϩRXKIHdݢxN m& V}ih6{͎Q z|yń'<3reh;Xy3E ="A`.jbZ_+2f%vI^ف7Ҥz3q|Po_-g畈 eWGߚ&PJ/$/32pDqDwu&:`O#4) =lp7X\~\m+r-]hQ"eG>xTh "#Ud5i\*!' xAE@}oU4gnş5Y,tl:/IZo8io'"v){gdXߟ;ٺE+u7{</&Uiѝ*v|0l (kN1S#k>w?{Y9Ay|'?8*Yf dW(jP ]~:e!=0iټ౱]PEf-|ѝ6%~R)'ryhz`v,z5bphѵ1[$1ʪ{Jb~Կ s;_<9|9t*ʝX|Jy~>M۩^L(ݡ ֣KHڪzԴDjt³ޘy&m=t9+r[lS3΄QDgy+3f^x_hiޠdd357hm Oڻ;=F!}7;\+9n"jqK5T灁?"(l ,A]Dn,,fhaP)Feɻ3o52i@{;H8dg%lo VUÜ{#gZ#K 2f}{UZIݴzEW1M;7I^_w󱛍^1cŐ=!m endstream endobj 629 0 obj << /Length 741 /Filter /FlateDecode >> stream xmUMo0WxvHB!qmU^!1H__myݷDULG^͹t߷.k4c*S'ҵ>]g,yݔKeF$mS3&qGRp`I_3[dE4ݹn'&9綐7UaL)l:M z!YU0rўo>ν9},lj'}4>2]ݼ[ivjs92V+Vh ~y8&X-MmM|ŖE LS7Њ~& U 2X(pm XX(W8X&LR4=zukTGEm7h8Kc`Iu(!a <#G >n-tJ!]O2`̏S#',<ؓL%qO8\π: 3ht ,+9ugCwËpD|ORɉ#ɇW m藒1NwH=8! 4DCp&q"pBCT/9!ɨ~B }Rq҉TFIܨύ|nTs|neEA;~<6OIystg>O:yұϓN|I/|yI>O:yҹϓ.|R T<띹_mKz}K=W7"V{/@̪X endstream endobj 630 0 obj << /Length 741 /Filter /FlateDecode >> stream xmUMo0WxvHB!qmU^!1H__myݷDULG^͹t߷.k4c*S'ҵ>]g,yݔKeF$mS3&qGRp`I_3[dE4ݹn'&9綐7UaL)l:M z!YU0rўo>ν9},lj'}4>2]ݼ[ivjs92V+Vh ~y8&X-MmM|ŖE LS7Њ~& U 2X(pm XX(W8X&LR4=zukTGEm7h8Kc`Iu(!a <#G >n-tJ!]O2`̏S#',<ؓL%qO8\π: 3ht ,+9ugCwËpD|ORɉ#ɇW m藒1NwH=8! 4DCp&q"pBCT/9!ɨ~B }Rq҉TFIܨύ|nTs|neEA;~<6OIystg>O:yұϓN|I/|yI>O:yҹϓ.|R T<띹_mKz}K=W7"V{/znb endstream endobj 631 0 obj << /Length 753 /Filter /FlateDecode >> stream xuUMo0Wx$ !8l[jWHL7$Q_ ooffg'Ꭓ7 nnҦ8m=*XaAK 2)pñƀ28B\(PC/.8]9Y;W HPXJ\6g3!GdRHIMD`֩_'>GN~*,  0 `2A%r9"7BʑO=%Ɉ#Sxڠ_Jz0iPSH8pҐ,΀l 8!pŒ9 5#N|~LĤXs OZy?tc'4yH}ή}k~3#ȯ>3̼L}f"3{Yx}fIL}f23{%,g>Kf7ÉfL@,N]f%b0^u۴? .IF endstream endobj 632 0 obj << /Length 711 /Filter /FlateDecode >> stream xmTMo0WxvHUdCmU^!1H$3C z̼ïg)>]Ͳ߻swչ"ںQ;4m_%= uS'N%Fwڴ.HS1ʧ`׮o/x͟m/с!ZKNN~gEʪvyW~~ r-Ҳ\b&jr ACu ad)Xy x &I)RV˘.LI@o_pi k-cp [ ncXz3N4ִWYf% 9%b*ԩB+|A_F:C9QY5KE9rW8faD>ϐSG&xV_kU8!80L5#D ԏJ X'9Ł?: iYIWF܍湛n endstream endobj 633 0 obj << /Length 494 /Filter /FlateDecode >> stream xmMo0 !Rz|UAa۪V&$E 6~=HUAgɯ~uo$ƛLD- t @ZcNt=YNk`T=Ro æeCڕ(>Պ AiZsn[6uc^0Xah\je?0bprOY[AKS|dۙoF)MZ}4W@{YmG;<9`;K (EytbabisbgEjq(po$}Idon-p!J m-O[L endstream endobj 634 0 obj << /Length 683 /Filter /FlateDecode >> stream xmOo0C@@8l[jWHL7$Q!LUzSnffonh/}f}emy9f|vrvx}[(mmMyTnrlnwwVqTrvԧnfx Wŷ?yQJ ySN2k1ꯑJ.g%мFw66XͿS>r}|oݥNrl6rGىǼ?;'4>+JV}}Ⴕ.Mۻ:ɚx\_h`:Pp/ *,}!$B -fu[ǘ6LQe }ĭAk2$mAGs AI:םJ "ʔ43:KaCg" s rJ_i:6dPtk69u̩3ȣ" P݀^R/z0cP_Y̰*z~ʟ''Mq_ uWG5do9JOpH+8QhfgBfg"fg$fg,e@yɟ1S3SS0S+UjfjCfj#fj&.]1SkԦf44U44 Kx׆_|0n:8pw{]Ap^N3^?'y endstream endobj 635 0 obj << /Length 696 /Filter /FlateDecode >> stream xmTMo0Wx$ ! 8l[jWHL7IPV=M̼ su;Uٛ=w]yil;<[[j<=?׾+v`&ߴț<^*;~&Q>MS >_P{=s@dkx;`VY`s4JaQܡn.Uu9\Y6><ٴ.Z.4>Dӗ}~r:-d0VWk,8yLһʮӮђ[*mLr?q 5F8@=@)& 8Rx uD\j2HV0CzL] bctI g$`htы0\F0s jd< I6zg W qȐ+#k .bsrbmXK7ǵH7Gnb>&jؐu1VljOu$՟qWS/%1{\xB!K(hHTЖ枃Jρϯv=k2UKς_:~$/ ~E+7ˢ/ l(/} -+ZXukoԝE?ZKq endstream endobj 636 0 obj << /Length 739 /Filter /FlateDecode >> stream xmUMo0WxvHUdCmU^!1H#x?gx]OTm$|͜s_Iss :L;<Sz==׾f`*_`ɫڟk3'iѴ}=M;7rfnj-eSӵOLg~8 )ok A8 $`I\3`Af<Z]! xNky"7 _㓧q H`nḱRONH=CpB:# =%888QA~!*zƜАT?!~> tw8y*sύ }nFE>7*QύR>7G];~<6OIyktg>O:yұϓN|I/|yIg>O:y҅ϓ.}2 L> stream xmUMo0WxvH UdCmU^!1HDI8߯-@=ۙڽ١=?w]pwdV^ڑݧl#oxdGa0NiqF?Sր'YNR}{f{x2A! u xk={Exo"}Rɑ#x۠_J B C쩁b8!=%p&r"D9 Qg̑Tu+gGNN8O-(7ZRntH ʍ(7:hEњr1+w(O:͓.ndm'#Ʉ'> stream xmTMo0+J!m$d!mT&t@32U1~3~˻rr\i$^ںQg|6'oxdG2: lic$Pߛ)? _CtPRJ(:Nps0I֡iDAWj~:ytM{47xO_ M! K2XE?iڝ]]TʵHrS0QOKx&Z=1>bqb0q&d'H1[Q/c0&տp*I(kÆ2$l/#A cΘ :X"^fF~NK rJ_dP !@+MTH`ԩ3NE7kfBqxIA2Gs6AEYe/O3рI?kM'WGff@$%~S s셑(wr͂n"&}7dXz s)d?X~`5`?؈`cMv~+5k6c?؜` -d?diCNa\`͡2 ~DSim@]Yd8|pJ endstream endobj 639 0 obj << /Length 739 /Filter /FlateDecode >> stream xmUMo0WxvHUdC۪TBb A!Gp?gxYOTm$|՜s_Iss :L;268{zb/}WUjWm?fd}Oi=7gRx=7i'Էf[7̖s ~ts[(:0p l:5m_-tB}W{X8 jw]lj'OC=6}Ӿ|< D0,6;96ݕq4L MUWqS~Ӿ |Ҳ\Khv7RKs|*Z -1 b[d08A  i$C#.CZ\wF|TT<\`Gc)y ,<$g v1a粳[ RHדL1>g~8 䔷5 B{ $.  3qdAEBu7js"ܨF)EYQУ.?yRmTy'oOz>OZOyʄS&}/6>zչ{ZkZs}=?Fey endstream endobj 640 0 obj << /Length 740 /Filter /FlateDecode >> stream xmUMo0WxvH UdC۪TBb B8߯{ .@=/ۙڽs{K;K.k6/k+[M'ҷ>dyӔKe'$cS`vfSfK}fƁVGGf\bu<19w|擬CTAW $rG]IyMsh$aW7y̟u? sK-`θtJ!'c83?NaO<Dg!;IX 0z)rЃ@kpBQ]^Z7! / U <ɉ#W m/%]cX! gȀhID8QN~ACT/sQQRs 穅ύ>7: F+}n4eE=zG~<6OɈy2kLd>O&y2ϓQ>OfdV>OF<dR'<>O)yJS*}𗏿tx>z{O->tՍ]*3>cC~ endstream endobj 641 0 obj << /Length 739 /Filter /FlateDecode >> stream xmUMo0WxvHUdC۪TBb A!Gp?gxYOTm$|՜s_Iss :L;268{zb/}WUjWm?fd}Oi=7gRd{nCN8oͰof-%6'&9Pu`L/"tkں(a[ duS $xqa MN{}m}gىx` tw8y*sύ }nFE>7*QύR>7G];~<6OIyktg>O:yұϓN|I/|yIg>O:y҅ϓ.}2 L> stream xmUMo0WxvHUdC۪TBb A!Gp?gxYOTm$|՜s_Iss :L;268{zb/}WUjWm?fd}Oi=7gRd{nCN8oͰof-%6'&9Pu`L/"tkں(a[ duS $xqa MN{}m}gىx` tw8y*sύ }nFE>7*QύR>7G];~<6OIyktg>O:yұϓN|I/|yIg>O:y҅ϓ.}2 L> stream xmUMo:W5?$R. d9M eCkmCp;;w~>|3E_?O]5߶w]Occ]=~?}Oyh9%?۹׬B|Ɯ>);vw%g43>\ 6 EJ78 1{~`W(-;]%=xe_,b+-O;q\L}UI--=BKE1p[! Mߊyu>.N5K)Wb٬8i[_uʕMzQ)V(Txޢjy!Z2P="Zd0\ÃGR\).2*Шa!U,H`+j.5Nα@VK-x%3%AYӀzΚ>kP#5m0Woþj.ZT$X/)n)#Wo(oRZ $Kp4Z-b\1ܰJ P"GXQi/8k^Zq:Zs9dB )sL-7xJ`aɽ)f$1 dъcCZC<73JgznHȰYɚTa,_-O87}KԴܗLloK+gJ.GZyVc48Wt]:P~`rZq.n1] S/Pu7Ue:?&?!d&1yHn5)yғBx#1ޞ]Go׏M?X endstream endobj 644 0 obj << /Length 900 /Filter /FlateDecode >> stream xmUMo:W5?$R. d9M eCkmCp;;w~>|3E_?O]5߶w]Occ]=~?}Oyh9%?۹׬B|Ɯ>);vz|N8}No)e0&h?q:P_ X}ac1+a  jҢ~]ߏ{_r)4i_px`!dZ>i]<U_cr%ͪcךv[\٤ժX*be-@E-X@-꩖xkM PY@ ,#bEA 5rEqIb>,彐A$ G#e"&c D`%rE*s(Ǩ5ثCI*=ǔ^pk+ ܛbVLbX+@8:13Jp3<|6 ^ΜANVjRy9cpסAM}Ė)|֪,+pp70h8J+NK}Eլk)up >o U^g{_e{]*?`CBhgiیtV;۳ѝ)(ZK7bA;E^]|sQ endstream endobj 645 0 obj << /Length 750 /Filter /FlateDecode >> stream xmUMo0Wx$*B!qض*jn$H$3Ch<~3~~~ngjv9{C{K;K.k6㳵ችm#O7٦4\ =؏8ݿ߳4ւ8͌>sIvdXC6OLx9im$l6Dl_7ڞhz*{pɲ2kAʶC+mk>lpfIQTT?LA>J e .1PbpqH I$\kL8Hb،Shąr =z51XQg_s2Ē+ sC:CQ}.'c-BbOEu+Xg~:?aj B.U $,ĨAA 2A%%" 19hM_)ELN 1sR3fg =傸aCYjV^w&L= 3nqFyDŽϠOL5'pZx?i^x?IGO:~I4ϼt~3][gF~Qgf}fB3y,h3cL}f23{,g>KYN0`^ay{7)q W7:*ሟS`R̯ endstream endobj 646 0 obj << /Length 749 /Filter /FlateDecode >> stream xmUMo0Wx$*B!qض*jn$H$3Ch<~3~~~ngjv9{C{K;K.k6㳵ችm#O7٦4\ =؏8ݿ߳4\Ǻqaf.nr K~~扉GιKM'0 6/dB. ]o?ў6͡ 0!0s;s-`1* wVPơo}[~3#ȯ>3,L}f"3{Yy}fIL}fr3Sx,g>K7Éf4,}%a0^tvP? ^/®7 endstream endobj 647 0 obj << /Length 672 /Filter /FlateDecode >> stream xmTn0C6*drضj^pHA@Cfy'n`g#govh/}eg羋򶺜m=Ooٽ[׌uRۉ=Iۏw{VQҜ8ߛIߞ3d_ ~~hZ# W c *'qU;HHV7xwuɻa;zopO_`_ݥNd0m6G_?[6vLClw6ZsaD%!p%blcä  PP[ u_g_x4$O<X^\NB8 \;cBbMx y%P 3jok:E q:/d48Q4A2="\šY+ːs(5$Y r~+A\HȕWr{Nxo $TL~K//p1sQ*GG-G-GzA>|)3Q/G""&!uN>|%h8hh$hb,n~ᰏnˣ+p]h \2 M endstream endobj 648 0 obj << /Length 672 /Filter /FlateDecode >> stream xmTn0C6*drضj^pHA@Cfy'n`g#govh/}eg羋򶺜m=Ooٽ[׌uRۉ=Iۏw{VQҜ8ߛIߞ3d_ ~~hZ# W c *'qU;HHV7xwuɻa;zopO_`_ݥNd0m6G_?[6vLClw6ZsaD%!p%blcä  PP[ u_g_x4$O<X^\NB8 \;cBbMx y%P 3jok:E q:/d48Q4A2="\šY+ːs(5$Y r~+A\HȕWr{Nxo $TL~K//p1sQ*GG-G-GzA>|)3Q/G""&!uN>|%h8hh$hb,n~ᰏnˣ+p]h \2 ᫄ endstream endobj 649 0 obj << /Length 672 /Filter /FlateDecode >> stream xmTn0C6*drضj^pHA@Cfy'n`g#govh/}eg羋򶺜m=Ooٽ[׌uRۉ=Iۏw{Vq9;\ظ{32bƱ)`Pk IckgUPSH@"7#?d 9aFm-P!.@'1 c09SGTX3 qxryB4 AAN8pЏ}% Jxxm_p?0䗒䗊/ TB~RtА3~N>|T%9%cQ/G:%uF>%WV6G]$ ' $ML/?mwTkW XֵdpZRF ׃ endstream endobj 650 0 obj << /Length 719 /Filter /FlateDecode >> stream x}TMo0+J6*ħöUSEj9߯ IVcf͏睟ݛ{)^؝}]u:vzyu|CW$nmmΑmq5)M{`qjS5үxO%r^q &\TƦkw(:m>8+>4m="${Jљ8=tz-/nqOR|-M.nTSXlDmqb]goo*co߭r#el[⌷L @ baomBҽ$`$@B)@p@)p2 d Ί?a.e8s`Wg+`#)S%~8NTҌYE, (6*3FӪr44P#Yf͞hhӰCkE88+j"7G9~PpC+R2C#`p˜1q EE5=F]=7z&`qp&bð| _/cSMrΤ f/%m Ȱw \ԉCb֓x5cfw(:Kzgqf1iXg3Np y/hHS>W#/5ferTapC w=衡xz* endstream endobj 608 0 obj << /Type /ObjStm /N 100 /First 892 /Length 3671 /Filter /FlateDecode >> stream xڭZko_T#_hRҖhK)UHC1m;㐀4C\{u>6XXi|i:~Xa!/>@JH!`ԉH г'Jg9 m`S2&CZ<$+D ZhQpТ ;kC,xkXو_%Fi=eb,.9U%oT=)\b(HubpX@u2QJ%-_Lq S p) (KBȨ/إ_|JW a{$y{B`E$ {|罿)2^^?dx e+28[Ȱ+e{;d/;f'%;eg{ްsv.[vޱk ?)?Os|}R;`dB~.WR? /x5z z+R `<KvDz<έw7Iy:in5{U*l1&7J{gW'%cfL cpCluLūgIKQЊy|E+N"+!o}j^#EAXS(~+ܪMyJCt,q8RFװv'iWZղӷ/O88?Cx(8]BXPniX% ?£*=Ӹ.KDlt{e)?l?M'a_\Ñxv]$ΈNvM9M/wM~?M-367$ޅ͇$" W-Dpћ;OShb&$j,6&9g{/QqbD+imHrsHWiRPm+E^u^::<8HGսeoW۷!!=?~~5蔴RhۭFڈ^]_Md@}>>;<- [Cל-ۀ^~?$yn<-_'o_Ɠvn <HF[%^OGxB OzGkKk!E_4?n~[d &"DT/ǶloLplK0|^KAִm/9j Enh|ͭ&k'!En>r75w:Eh4|m"j_Hԍ& ak'Lzibj;[E,:*CIMHw~3|Im*kd7Pc 0 M+~21%RV0?n,KNʋJ+C t9/?˲L.NM@i 8=Bɉ%~SMLYcܺ&W+2*jW|p4IU2]p _J[E'$ZrCl]\g Vu V5BRUbf/u`jj{TW&T|jɴR2dZdDVQ*jy\!M׎8G.ő]T/^׵RRb)P]KEJTw#uew#E;_;hb/X4\`9$y(@3RiԹ+U'aAYlko:f֙~quh$dWO.0[p9u lwQQNq:3]mc{YCvAg-A]l\2uKSh%Q1eelΈmT.+mT4]T 毰*Lcv&^VF~T>k`xeqmVYPiYXu5U/eXFQűQc"Q;Ԫg#DW=./'F Hu#2ƒ4ADu& OO/$^q>Z_o;h*lmU5[ 6^fY촸m.v'-[M5$z{r\4Hlh0 56Z: !?`]6xlMTcZ ޝ܍GP'O)duX4Z'xƷ3c>M#Hai͠<CC6ӻIhvIft ǹAL6}g1,@GONt4}#F4̊zCvƏZv }xL}4A;.ٜbTT]SA!rMń5:BS!Ht$3۸eyكszKAQ=FTR*@&  AEzPDqNYUuevZ8% p)Q+NWϨ1c;BYk, p)U$^9DU S+dVN{Vw\ e, e, e$HEP(EP~WȬpSv]`(dQ(dQ(d੸4")kdVN{Vw\e,e,e$|ERhERȬiӞ&0ERhEQ`z(J(,%֬ ʢI(&A,hJ~hJ~ fN{֚PMSֱ(&{PMWh5;ӞUkAc- endstream endobj 705 0 obj << /Producer (pdfTeX-1.40.26) /Author()/Title()/Subject()/Creator(LaTeX with hyperref)/Keywords() /CreationDate (D:20250616133512+02'00') /ModDate (D:20250616133512+02'00') /Trapped /False /PTEX.Fullbanner (This is pdfTeX, Version 3.141592653-2.6-1.40.26 (TeX Live 2025/dev/Debian) kpathsea version 6.4.0/dev) >> endobj 676 0 obj << /Type /ObjStm /N 29 /First 254 /Length 1153 /Filter /FlateDecode >> stream xڭXKo7WX 'T ;DmE}g8ʡ/5f>>L@4!}ӷ;[!gdoh5q)16 ܇f}SH5@qƗMpJ0!0MLHn B0$jdrK14h'j8]p&z܈(qf;?/qK.ws$F#AC!!`fЫ,Q6-FLtdM-at3 iG*_v~tb8 ;4 Hg}(ձ4빗NNdB%7iTSҔZNo}tRDd+@8%+N k5G9MJN]8>~_WKr2㫵"^Z91,V^0pGE$90D*#3)b'"NOl=33h,_n✋U`+v޼iemZmY.xBPJ RY `,(]һO9eD9-"ڠk3oڰ.L63ւqjdNuS/y潝@J6%`]@"Y2z6D]y%SFBֹ"SGunO$=o6A;7j^M!|O3o3Lgr˃d %='/w9uOcߺ.C[ҟ^B+Nsp:/?R,lFk(wYE׸JPBdۀԨp~3RS| 8`֟B; ,̒Ay.B9-Ǜ{9rm K) Rh? Q$)0Fs+gН3hSgv?f)s}[=lvjFY?S7vaP endstream endobj 706 0 obj << /Type /XRef /Index [0 707] /Size 707 /W [1 3 1] /Root 704 0 R /Info 705 0 R /ID [<59AEAE57900DA8FBEFECFE69326131C0> <59AEAE57900DA8FBEFECFE69326131C0>] /Length 1708 /Filter /FlateDecode >> stream x%KlVE/F˥-~@[.r9Rho]( ąF$x!bB4N(1.H$&7ą膕acy^6O{?3}39$r 8+:s+_t2tG;( baա',m>Z?aDkB;FX:k<^ZPv(|B(,9CXNiA#ICM` )͠VGB'Ip 9| ڦ`0 ΙG'h%7 偒l bفzʕs,4*mk4\N;ϝsys5`) c}Yjp> stream xZˎ+7+\)z /$n0u]d5?$EJTlL,yP/,n-/9յ !rrέ[to/m[O+ ?=ߐtsqKmJV71O>r|_Fn ?FE֜2ʚ ۹xهر0=aRE>?xߛM<b[ul4d>+ğW<Dq'p;߳HtO`ָ:_%>s㻿 k@ CzF3=O/֘e(Nn|Bec7$U=6Uda5.'BV\^[V83}*2E2 ?d ~![X.P1 bߗ__>u'3mkp:hUQ2ͭwa&>ŌQ)Rr+ia;9b6csX#[H/ipZC*WfP<Ն_M@/a"~wRх.顾R 'c6{1WQ߬gϝ&$IBjTV7X ^ ?ҔᖔBkhMQh=c/ }+vxqPة@AA9H:T+Z54aȽZNlؖX!rDPK4ޯ]㳏dMPG{H^ ݛho?"FGU'Pz&m#Xau ?NJ)uG:Z;q+D1v ej/\/Zi3Brt=N&:VM//q54^!@k(h+U1ȧٞ!$7Gd\,YތۧSzj.2ԭv-@xe S)\\(Q݃m«Y9uxبgqZ]c?wLc7nxk1M`_PBH+pgw$6 endstream endobj 29 0 obj <>>> stream xmA1@=9 ]8 &NAD&A;;.`|S5ڄ➊i̛˿[/sk;l -&q(QX@$Yr*KVG*PQGIp 2KjVV? endstream endobj 34 0 obj <> stream xڥާ kQ@CEV09uQׯD%NA&_d(S^eKa.!._,]kf.7Vz},Oxܼwk۴J_T0zpNЍId\㤿~#:̢I5h( 2t|hgK㦷4 {L5-8-7P b>-J6},5zVrKߛ =|&h9fg&AZżKԼҞG\2DiEǐM>}'H1 1.xW+And,ÝX/K/ "l>0>ׂ~ X5 uEi ش:6~Kt\n$6,TȄX2GK 14ftވ5Vˆ!aK6pXyG. T 'qr/x&m S+LM^[Xe!"cU贌߱0N`gZ3PܙNQ> k,!)byAo'@zgb_|u꺢 3v4Xfg\L)zd:(`qiddZ6V7k$PEZxl/$z#lFba`@(A CJ/ ˭$N0q;m̨86μh2p?9װN= yb3C`q+fWɗuzpL \oה&_?[:&]RvΛN!›,:o:wMD Ԩ;O s1ekv=< SKyf3r3ʜLVZ,ke3|+RePc)M݄ zRؖFf]a65qSWѵ~֘Rڬ*HU1y 1] JT`ii;ǁ̗oX;;DDIWiǥlpp/LkxUD3fG+v7]i@<ҕPIy*.XjKJݚX98&M]GYGO>KS,rߊO-Т\ۺjtِL_Ok{lj{`PZg&hXW?a䶿בQaN4[oD^1􅈱kk~B{ pur{#!%j dm3[QX8DnR?Q?< mhOƀHYӯK\l3 K3%(U2V۴cV\v ?7Dw8ZLQ^2E@ WfSx|UDܩ{2ٰ{3!;aoG++Y`szBax$NEVڢy: K@=qɽc_4A}d0͂_}pB_!MߟZe y66r5; ϩ8nTMr[LmDGi.9YGqWd8MudpY]ʺ>͓}VՏǃRAEwaP_ *Z Dhq2zAq"اd82++"-|gSoZ>QKη15~Lm\y \ ݀*H/KMM+{s_bN&ZǑpzgD_kŨįUOL֡|eQA lsOd,`O5ޛ֪cūmRXп X({cj|JD{CJ:.qKoK䦷CQOgaWѩSڡhE#$U˙,FͤL(qo ̯͙hçÞ${QQ}13I1-BoV endstream endobj 45 0 obj <> stream x$9+c )0.X0;,~)S)T .fZ-R~7[-Ǵ}eӗq[ړ}yn!پ<~Sߕr#?9=2Zw}S߽?#}?5cEf_qӟJ@ 6>K Ty hfT*зpe+=A֘[EIz(gF>? !l'~@ J1OԐ @XAd N9Um}#;c.RT%͑px&" L0swo+NgڙQ=B;0Z&|dJA"rGGcm*Xdv2k(,xKy{f{$N `p'T:QK)x_}=›t]/r߰rӤr-h5)&7"~[݂Ājm?5Y)X_U'VeyC#; .1Id2+qv0w>e:۩4;4"D {|7e-jNjFtc^vRD98$?zq7Fgڹg.U }?9viG8r"=`cH *?36#fLwVL*[f;o.ìdZi/xNcکPa98aYJ WVѳİH]EbWnBkIN?k6j@eLT pvjd8m8 yjO~n7wvi"G,CdF[_z'w@d)p,laȰsmt8F4l A`C[mVz誐OaZNe0&L|K`? ti=PIRF ,CZx5;ETGl &#m1룷h1nK*moGY+q:G^%7?6®cj# 噺t-oe+ fuqԠ{ߪ$ֵ" ;6x@ZsG'R)떭;Voό3Q8A'_UctELٝw$-70u}_h5%}] ,LiTs\ ^`JQ2tkTSZj.>}V7`t"Bd45>ӰF5SFg)?nȧ#3q /Vn 9$ɍM?SQI?c񬅣Fwdk364`w+$mI%u6 R,f`b~ ;x+f !?n@i4OVI%-kUӦx1"MӦJKF![AU-:~i!V2;p;U=uh lߎAf/\ >92Xb-@|,LRsP̾qfI>/Ɉѐg{HYjAs xAw1@4X=PaKYC >Vf<I),LL qEY]ԥW~ՂHg۠wL*o's @~ήSL#!KX(6JGrv˸  8Xie/K<ہC#mHHѭ_ }'`!X{͜? X!?gGuvo1>p]NU2'u0A\'FvN$j4?ߙ) endstream endobj 63 0 obj <> stream xˎ$힯̡xA9w86EU `jEQ|R~<!Ţr9|͇/Eh!xJ8Q6Ç󟟴'C~>WpUkgߏhLyˇ?:V,=PDK@@$1`%MѪD|,4(cZGki|j$蜫g@a鿅mF[t:\0if'T jMutZ!meEb@ĉWLs* 3`@|dB몸ڹ[~zsp7Z:,[@pK 'q6#΍W&?hD]ղk$j6wr[7 IWmѴ?etMV>֝_Ri { 㑡+#ggSGt[wi]iW`AvD0]&uVI593̎vZ0NcʺXU u9ܦٌۙuyc; P1Sjgs2(_,` j,db0iȓg?%/L20-zL(r%3P6jczt>1POh{L(<{TOE]St!\"3/?2LW=PN弻s㭲ֳS)ql}z^p]L-*V1а4y um&>*Pfo~ H(`70cf94 rAPR"h'd@qwB' . $cMck!fU|n!ծI=U'%a2 w3.uʘS&K񿎚-2ey<;+)SRC̎ 毅"Er&l!7PVJ;A)1.9o ȩ`rn`bPy0A$ƽrXd+d*ȼ^kB^Ւ!VE"הPws~Y0䂻 =+m31gr#;v+&#s/ٵ,me;>EN2s/k#fC{HhZ' ޜd("yBm$L\)=!R0W2_6uHYk2-TS6o1q JhtmqeO3uQ furdN؊{yThж#Sd_FD.B ʛKGJ8SYE#SYՀZcLi( Aacʏ iʭSeQK^xJ`l7k =VN@F+ EsY8Y,TqPJg>&jU|;EeOs &Nbs|mơh鷲ܔz4"WSpq/y׹!7N?|&3>DfǶl_m as6YD5|aAvV>/6k^^73.@6ls[ ^ߌA=n g쁍xz*|Ytb9 _?ӣ5B%Kv$ _BWGzA98%_@PtD8ᅵalϯgDD2ZfjfbQXjPޥm"(ٵ7DG([q06v+pE k{O~hXNefҢ]To.H[JA -}k]I`Kʺ$ql&gEmgCi^N6 a Y@ר8Vff+4aR)g;[X\Xܔ?GaJjW4 'mjwDF ¤eJ҇]aƻgxa;Lri/Ejt~(mDV mKel?\Pڿ{-#|W;S{˱,5#/ D.B$>G3np]wW u@#O ..e͜,n(Kƥ<1,b X^x7KmyoN 0Ϙ9yVEʧR#8u< B-dWFM|~" 1r*%фN2\y6ċkY::LBw*y'dq};4NӵS8n뿅UR њ ?xOԤ=8S0$ nϭޙ 0e:T\|00 \gq-/%:2aXJVj`c>:2[z5}󴹜Fz8mc:\^2Ӝ%p|@NlOnd78Ld*5mI^O]$b%_.]5SppʛZ@[c}G0uer,;_!Q'"W&\RH nzNpDY_:C7FXǃr?F HcЇ;  KIĒUHEˎZ_p (婂Q#Q410zY`%WM0 ߩwq->Y ҋ&_٬$.<uͦ\f㍕)z(ۜ qdP$2k`ritiĒ=nprG(:b7Oj7Fu}d"[x_pZG;o?Dj8w }$Ԓ6<]4=%Z{n5LI;7*SUp^*};mq/parDsvTw-^/Dۛ]?qޟυ؅ e'+,rX%.ܕ I nb Wa՛H5o_ endstream endobj 72 0 obj <> stream xZKc WªD ^hQtՠk_@$hVc_ߦb08zP||Hym3f TL/7_?mI%~rߜU!FAgW]BSrBDzJ/(kizyd_g@f~o$yI kI* 2_r(*`NTD`ѳwY| FY>7>[ӄ0FY2|6n^# -N4,2 A} U ne2ѷ}PX7: s=y5+W`'dp-hY_tUyCv˷L( :v{;̟=,m9'e}8w>ؤ#7F%z.|g^N (&<%*8zMr2mc\YY^!r m! 66iؠX#_`B->W +5H}9{E.(KAeejVM~^ E!*0$$"fۗ-j8Rx_m6BeL*yD暇PP7ddfd;J,;MO.!&W>}aReDR|ٷ=2 C^Bٕ͞}l~6 #r{eYa&3VTa+(As`+U _e2˄ L *_wb)鞤!*бaRƱq^vbz V%AT>űT˵TlՄdXxcӹzfsWGon5=fc[_(QEtO*<%46tڨgG(t-;w=UJn3o+:(R3iEQaN8 +gCjbkTnĒݬĸ0>Xi^Ļ6#XbH 0{rSJiO{=#>>sLKg.x =ƽ|h֙Oe_#Շ)YҼYQʜ1?7z*BxaqbsDR.@pxpxAaLM]%0zSp.iJZA,uוjԛeWFbjN0>Hg  @Aur33ԙ5f[m% :CQQHaǝI1m[8ʼr7].?`䒬9(fl1(r  h=Sr=Mzb9z'pˣ#y>5!6$yz<0^@_k4,A{2}u lB%ʯ\Iӑ*@4^y-Lcl9M؁[~Ts=JIm-kQ q [9~dϏÁCy5R˟ \ǁx:wkۃ\U2fTB}fb)r6*|X`TYH?qwXd>C2Vghy^g|ϏX"[:DgQld&WCE6ZRU8|]A1-?e#K^={5ԗBhsK|p9m=;~letT®L9I`\PdR**HoJ E}Wʫjs7wIAx\0.l\(ޕK~QZƁNa4G]|0ϭgPZÉ3[tt1q^u^Ә^9^$PYkImS=`Σh_6ǫlV #>*;ʅ@è](! zC*MVpB(*kƹ X IRҢsRqj5db6G8uǼj}[O7pqwX̃Kp}]uV?A]:=k%:l5SyҶNכ6§Pr BꚽĩY '7\`d610`u[R[MEm j"slɐ=ebWul 1|Wj׺i(ksjώc5{{r=,Y d=7n}gv^돺]T lN鵼couwNlFh-P#*ax2٧VirX߄O{ gTlΘ7Bsh֍{b"vR9A"˸>\Cue?dJ endstream endobj 75 0 obj <> stream xY#7 V$0\Htl쮫⪼~HQI3{vC¶FȏGo>I?5y"ov":pmFhV^' Ǔ@֨1yVŦML'O/*{)$ۤ#*uc¦8%lE>_D^SHT_y~7^2h+bLO/'&ySLfMYp˗'%, <݄:Y mN%fVeI黢KL PFAX3`Q1Y:)dI˕1.-'@W3.t@E͎Г ڳN+<3cRkdR %Y2n+N\gI??PAG-2_`z`tÕSI1>//90r{ݸ3I!-IZ x+Xן Zk2\ɪdBPmvvaZT /a yANŐM.B Gi/+sk 3U5ߍj$>bBVJT`HP!&zPрF;X.0&6Lwj!?ѾA+ >-I<6&vQ>lZ~RwwGUκ츈4m8k8ZVsֲBn;#ng:mK#"((@єhQkWOǛ^.k |@#r-q9\p\AS"h!UK$8 >oo#UCUd0jxHγ0pvzX[,h;#@܃KNƔǽZ\TI6dM`SXǬU&W;9apPx 6 v78+zypxsE56|.7v-( z :h;<l w@}Cw8Dm$쉸y#K%nSv _G/U능IJ].4խyeoPT T!;"R,gB ^2@i^Fit)]?$ _:$C҃1(/a\*1p^";3`bZ^$>lgcl* C.֝Ma_ TsM7kI-z^_,՛)]JaD#b=lv/ވ{Bx!VyhZ]$uN=Re[u78> *vޘހlͅŜ{S#$V:T(O~tp> stream xڝ[$ }70`<`zuȿo)j;EOWi(pCG4G Lo_|`yxwOR6+G|sQ|??i-cu|*ɔ!߻0?Yv5bWk˶p`߿!rh!=t|s&kG{Cɹ>5^pd燾3[=>MYx *8R)s71άjwN3y8UlayS[̎eR]G o2=b^hwfg˧>t;Cl]?{62ߐJRg!i,_(JM?i"bY?B;k3WlyJԫ#Dk *$W 뮰5h( 6Ҿ*D˚;18)̪R݁t ZhQfu7-j~kN_@U3LB[~'bVW*7dk|CݺVeP $0B(&0 30N*Dn[aW*@,H{hGjo@%< ܎KԥB4,I]B!p~+W/"ӅՒl甧6}'yS;q vxq>O1,Ώ~ F׎U:U@)+ Ɨ+8nWlVz/d}簆~#]o$u|HkI`锻6*'ug1eS"yv&Ko̶*A~1^Lb6scwP"i]@}\}؂d? H&#kx{"x;3mSD/pjN ޒpKՌHkj^˫5Q >WKN _O(゛73+3q.='fdSF)ϊAErLIz@revYO.кyFL)I8!W``-^G/Bkq#ή'[gIX:6Drcl6/ ׋E/Y ZA. >u[i%D~3Ɛ96rE/t\Ү5C|Z/r;'lL9OcYG+Ju5-0&QZͶ$DSףJ|?Ӏߴ.R4[RIgز>j̶7),o%'. I͓'V%0_@]?G S[d 暪z¹ݲ~$9L7͜8j?$ZisrY@kшpkT-Z !axsy93SըuI٨pZgԑK/S6+zVWҺ|_JDfID` C _F1kΛIcoJ8W+~iZeaiqs$9g\nsFdg뭦[vXFn M1J홗REI`a55Zt$x/JKqKq]̾:4nly4dL6K#'OBn$1L{h;܎="g⤤̥[L39Z C}'2lyK* )@[=Px&<} |6fB֒]vaLldžOSXQ:3W3,n\GXuuoL%QU$WS. C-Ư$mtXI頶P%o]=/FiP!sFdT\Sw7"ruùVƜls.LO^(dzDn>EﹽS5"&w K㮢81]&.{/܏0wtp~d4A!VNSq/7+]c9M\]杉1Iav4Ouf7gwSKcZZfm"[g{{]@(ӧwbjEuF@3r%Eeњ[DM& X&Bf(0I2ug'W89CauBNy0#[wǐ 9ѫEk/2qьJ(̫ Yh8Ϧ`jI G8s B8j匆~2i%5y*^bp߳,ihL{4\_;ݸoxи,K~bg{1Crk4e]j2!57žPc$VxJ]Ch)%YxGk3P,b+_H>ZD5P'8'U c،镁4JRQ%}4 >n!z+1:8$u-|:lzugnW×6͸bӜ+&*ejp_י:6uF;{6D7.{t膜/ -BYsK=iK1'QB&؃b2A^BŞsʦCNNԮ}6 v2HG]Aeûr1BlCq=3İ~e~>3͢~I ɗHǿ,{nqa?:?ZCgud:~CH/ 1H Lt2,R&DS`]cS2IɷZ`mWo3*}.iM' =Đ1&P<gRZ+C,e%>IǓ-߰z1OE/vS?:-&ҭK ;™ۘlو~U;OKW>+sCjr:m25p2މ<&NQ4bek MmMw}W/펦N&QwL+%I|=zK!Z6*$T:6E{htK9m źmZ endstream endobj 85 0 obj <> stream x[;- +:a \ my23;H{j]'hF-}H֟[/eyY>-bJiyz[b0X ~o-kc~|@L.^cFm]Y)זN~7*@6~m@F{Z~Z .љd7n5[ˏG`QBZx] b 4h+gg|YrD lh5.fPB-VHJ+Z$Ϗ0B#n<==>Dn!uKC+!uufT_l/%Ө$Ot_; V}QdsDqh}26p^^ @kl+}H 1iNJX[/[ Z[ma]L^C{5$s/@*, p^($S/d{O!!̧CCO(o4`ĸ`*2rR2~|㉜'I0#=V\ hؖS|*HFsbP)"a^Z )]_| >8y?1{6U"T`1[u`)gYWQ\E*2hJE9RGQܕ:Cē-|AJ"/L$`U;wp9j  ~ױ/ A8:l [q$, PW (9] 4r/u )~AuȀ xLN]?}-tb #W6>7rA(Ih`"*xA^^:Xpn/Lxe/&A{Z 7k+ج,ӏ,s筑맧t5rΛG>RɊ)53%#DBƦ}16 aeHͲA8_thAHh˭PvGSY?#.JJg+^ " gBEa(*2 =G7AHdCx<{i]p~$Ώ]Lx$]9qL{XTQRS3D *Յhy8ͱs.`pt6ՐJ :qQcy,vI0;eƨh]**}qe9.I#x$PP $+ 2O6W=zwܙ]"I&d2).{E3IRS;is"Y Ie+Z{=穝lAq;ZAR*UU۵=7yjwTW<.Z֟ϱQN3T$SJ)YLk!՟bgVMGU{}TI-HvRJ7$1`;G) ( Jv UpB?kBpsxȀ9jļgxE}܎e<,~=Xur2!Z}+255IDZxܿ}hϻ<2ؘGE<]lMK/ul~hUl4tl1iiEu*2e鈯gef9})^s)F' p=:C%^lG݇w|VqagVveS~r5 Ԭrf~E/Tl,?7 & gN9i&?ӟryAH:}d>A:;EE,XG)<]%AwCOĴn ǠUNMV`&ϟ9$l ߃7 Ldh\[IepQ;M7Luc  t/FmO|ȸit첺JG+>މҧHXnQpH8hRk"گԒ34zKwߋtȭ޷ގ=O+c{ endstream endobj 92 0 obj <> stream xڵZ,"o`)p&x3;H MV"=3װX ,ql=_O-Ƀ߾{HnC4J|eR{tSތ1y4P:>gp'62aB2zpīԓ2+'GXjDqXW!=ĺ,ZB|5= *uq4DQ JwJW?JW3!dFg' L,I0hMvYCd~=PBٵŰU|$]fPE_|f3 }}`p̃jsZ +ZsɆS4 =ϭd`wȟf/6ej:@طtE7y482#9PCwCf(@Mx:p"RcP SGJGSSq`OY匜rµb5sJ2N'JS+ NY/ +@,sYHVBrf%$՗e:=yhѼ\z5W^W5_^-` _)^Cc82(MϯS]KkUF {0ZtdZBvG!;&i>Րe;9PbЫ):VXM?Uϝ:Jo\{-+$^ k[1gݜ#Ckl,C4'+%nrMiepsEbmkKIT2 HAn+ GCDUO[[+ "6m{YRO0D~j3>e pD%EzY/÷[o6xg{[%׹BZy,o/EAC|_l1~$TOHFStd|#]qq(V[2ƀ*9]A&gؠna'7Y&KtKEb\\NzQ6n;W:郞۰v jO}!W昳 γa;*xFͱ7=߫R0&q 2tnGG(zUnA[|M)+1MOS,][ڈ_Ό7^qozDz>~xީc\ ׋pgbE+j9nI`Fڵ7ir5H{qܟ&Tʣm-J[ʔAQ& wu+t i! epJחVpG/OA5!ݲ[7v*@-xqۢ]ڽ@_ԲlK& vI_s]^j1rq\>ݙp1?ˠ4ŵ$n,7蝕~pJ ?MelkMnw)N'vMcy~ܞB]}PVBY[ȋ`ʢGk>y~ӂ c:QJ?ii*֖m#dmhCr$C3M`KVμFLeef$YwUl}kO[ڭojo5H_F[:췿4 endstream endobj 95 0 obj <> stream x\=\9B`ϖTE*ȶpu 6#ufPK9FR뫏ԧ[ln2USqnTt喢5>g| kC69SC6V׵XߊoTZM'K_Z~5j26>0yksxfB-[r,>Lہ_o?\G8yX_[$]"jlL9\f=w^E_o"k?b|CC->yMԑȱ#}Q[*6'sKhےξ|h)MyK5/z͋E4Fy^R=(G~ѼOXV-u) G DQi[yCqlФO:@IEiZ69F\f LA9WBWnc=|s9}9c+[Zn:p 7js\ ޑ̾tG)F]=B+זy2{s^G`x=|RmՁV{hK}vI<I&V$SH.8ݨP-^'HHuc˚M.^'YԴ7Xҙf2}[*db%vsq-Ή碤sޗWb#SSpm <"ϬowRk^l 6٦9_դx ?ԿWm[Ҭڡj!h{6Lpqe4"K{~ v*(t (9 %eOHGR"{-$u+rrk{YS(Km,$y=%!Gn>]~Cg|XJ}ޅ,I񼳚j(<1oy{wD &,BL9q=,hٓظF 6 ֫.|Px HwRatYN]x!# O=͍/0m'W]S5ۯDE :~"KǻLGdQj} |!Ak _a:n#HQZz=;[WK=c;1k^ݱg,b2mK{{bB;"gr#./(`jH) k'6eHSTVGꝥASZ&ضC"ѷsbʀ%kI-Ҝ>ÑζX*zQ‸i}WE-ܐ͈!'?%uz芖nئa''Wё$W_5TLD@LA5%;Φ0<q|KL3mIT]IYpO0[ h-f[gOI'>L]2BICE%/i*sJr 3wKAG=^SVBSu +T > Wi32^u2W) ;m1B[PˌX6$Lcj8db\~"kX .U`T祈reDElQ/,Xh(j|?_y̤cf)'l^SWM~0:Җ~`_PR{`݃^JXo ;QopQΧU{ZAPm{MǢ howPȾ,Em;U+&Pꀣ3`C zPڠPC"kY*rjO*2*.c+td5}J*?챽w{ᗄ TȂ-yfȾ,J%GSdMXqHU(OBw_8qUq+W#dTeBxf`)B= /,XTWD=QPbIg|LX|ާ&{n^ o`mFF>HʛbQD(-w-*4-An]H7ҧW\.&kF1ۏP,BȢgQ ~wW4 .^gR1]q,"˄_ή(z?_%~?GMXCbwKF_ͻǩI$+[~D2qL=;oz/K-=HNPwб^{]B^]g]2[CF7tT6sm&R. յ-#Ҽj])]AdYCQH˱"K5^/}.*qU*lOVd˓Ad1M/%Jx7WnK^_}UӯFѩ}Q3^觋~~ЪdE :*pUF ۜGUT⽬>N$X+DCnXNZ6ĜPmj|N?ʯ4_Ɏ.J,X 3\hfIݱzY,jT;#PT#ZW!(vr*ml_&oby, _f,+d5Ux %iG{{)4x n F[g3쉷;.+@k~5cYjBdYg5%_Upe>aXq}Ա [<UE;jPiGhc $n\QY ߫Gx^_EPw +#$^F+wS^ɋc~~n"\H!v~$>~$ϪS&B|&EJNq= qW7#ݫG;mb/v>&|=B͘-< hCo/ŋpپe*R[*)y1'(x\c^YW1 / _%bJawA WKe} +/{RVz,Z"ZV) );~@dsɤqïJ ^$___xO\?r_Ÿ!ɴ3'V?_2Xpo|,!,xJ+n$X`Dmދ6"KOj̾W+W }ЭF88dAQQ+8> stream x[;$ +*% :0`v3sM"KUjuw cJԃfysn˰TM?ŭ m_m1\v@ۗ`r𷐭M3OwyX?Y?{x'3 êx? Z-:ln1` _9];k0ܒQdSmyBMu8ѳ<1%\3,WPLA[A)@8XB|zbnEǿzWG] EGo41egjsGVi2iS9N bbko14>iP[z%J1iIK){+eՄ ,F d,7veEZnP^O9"q m!ibWҮ@hl zZ7w'ۿoYM>ZT<=[YŶAqJ6l\JPց6&F҉S{1NER$U@rj:!~/ Q(Sbr+il-x aZ>J2lڸ9^EIW0Hƕ܆Uc@.?v/%dQq}īh1)7.2-aiS+-RNry#qRu .}>79Li$e EIK$8bB #BkRl=rzd""=t ,pD(zt`%PĨE!E2hHw~Oc~~|8 [,+貂(QP[Aw5?1xA^4Xh˸0}>ԗWa^c~H J|C5 ]*Z kBGLQ0OfL[x€5J}Nr pZf5{Y~VfͻrxЧWqMiZaG-Sy Rx-c‹6DtK8LPk$Y?pU/HjAqUiYӏq9'dq$VzQZIm%IS^lf=6 Dz@zE9ݠ71MxkӬNȐe6/aB^4Gb>N7#уS$EߝbG>o5%Z@ 3Ǵ|MGmzM$oo]_ů{E+EXFQ4(R|TM Ȕ4}osՊZDb cCFLYe:`9اu$kY]nqТ4/J}-MJ$ͽ K`(ժLCʮZy8g\xh w8I>)k0fXa6oZq T@Iny;VuD6mfHKpO8[JI&,[ʦ+0lFUݘrUΒ*CrT9ElKaZ]A3?f0}fL_b.Hq$" fgK~"k .]W ZrwfPLxRBl0pqK;U% E j4C-̃%CRjW),kRSgdcGyJh-h Mz%];ȐҚXǰjM-2VtwAW|4jT5̷7崃Dt+ V7Jz{O)_Z"YQ1^%RC)MBN>S+?_Z4|kHh)=') k4*1;ëq;@%(=7gWK}LӺUdZxCe\o%1X)oڹnpA 1~r\EoyW竄U4$fxDI|>OHkH_bsϱ{ˁ>n dBRq\*4[\r6z鸖0 e8$>.^  "Wj_ܱ2OECz_ qLO\ NI&Y(GecI$q1+A5ɏe-8%d\27 }z ?~l?4,7}}D}sXfPLY97Dfg|K x2HiOV3~Wbhlr){x}Y}&w)G^"ƍy?`Hz 5" URk%rV $7>rVo;M [qNG 䢌<~ǵ9Z+h:4EN EOS4%OS4%OS$%,F~c&1)a$2] p3Aqᔦc. DrI _ ~3' ļ5d9K uwɮ dEkQqgvU9ڧ}w$FlؚwR¬UKAmW}c'yWoV. zxŏZ$/x3J~V4F_E@1l7N'pLӞ |;V(bß*Ho c4`s5BW2yW`T*8U o!"ޅ Ss> stream xX;7+AEHg dUv*?+lwВK̓˷/~)ܶږOˇii[ːےVZZ7ay}r.TR=d3sŹ 8/:WiӟHVr@.l\x< +q~k)K0^B< |:)p+k(p9s LD yy]X/3J7NN8HGKڎ.EGb Z3w&L, (+;x@>\`]P3=ף;M.f?2p}Qu}}\ĕb;r> m,xțkJdwqw6sHɑ`"5'7#t2f.QѠu<.lSAQ'Ϡ@w^/Ha6E?jۂ.˿]oZ>ek$V0ЮcWfa+pU;,yQ}ĭ,HFKf|ֶ|JzUܙu>7[Q\3:ryQ,x&q4G o񙴯~,J@!3#{OGA-?\ ʨyq]Ů=‚S#ZrV~N.HZnf g!!HlIO#/1B(P.kY>f#F2AJ@A?"{N;u[Rpv|'s6 1=0a=\Ti<{9w:V$*[33kVUիDO?$gڟjd}5k(?#SEVm/whp6xXo/*cj0zj+z'کę,PQ mU;Jgo)d"ݴz Gb2Lיw;:eah^j8NÜ6]KXS6ոsvYKj!|R[hH Л řOmW,SiZ: ɫI+N"^ noi ^yI\j鏨8$3c*,[Xu,p VB%;CڒOKزOíIur+䴕9RyA{  ۷7<kfYr[6z~bY3d̪9P]%[J]?қl=5c[velJ:0ZMyOon5i+KB*ҴEJygjzV] .w:l`> 1kw1DqmZbqYus_YkIF\UK"Vd ~<"_㋸6!VDUjn(T{^zf 0Q#) n':Tt-4L׼tZSz#4pw6"[12h3\8UI.iU)ꬕ+;{iE"<Ч-2 endstream endobj 119 0 obj <> stream xڵXn6UXl )pXw&)Y^FCК"3O\oijsːǔ\Z.P9w9~8|s%z`5@K8Lh(߹/8y?`\EWL+ 8{W?[ؿp]VpWq7AЎwa. Ż,.< ,NmJKKHWYH8qt M\a7((AYW8Owl'h61rn9IG;ۅq <Ƴ0Utmsy:V|43oSp#]pΘ_MFF` X,083 GpdS Zmg}DvXuE1PVZ \Q[B#>vd.* Dz{pphQ\xON[ ̍7[(IrT܏kn)$` (|oN0&i-6c5 ++Hu%h(6K;rΊȯ_ bAA_` Ʈ2} C&f?/> B`J.BG~qglt[O8' 6?8hau˜6, &d?Ex*xNNyKJlSbGD8vSi=Sph ɜ\8M0_Mn K,MvN.%SG~m]O4M `|qp5Q>+r 4=a#!?іg)?y@mTR հZ}cD1g:2YPݝ ~6?zi:ج21Ն-(hbQklQc+oԑfdt`8MmT(%4W4G댢EjPisWmATYŒZQ6ӧhLRǷ27,qvA+u0`5"Qn_wo?Ȥ!u1.B5;J \QkV^bՁ%?gUi[6V(ocP%R*m/ >ccSAϵ§=)*FQ֪qSm#5.$rCoEg~3 @d@]u-'oZ{b/YG\uWco 1x(:DJa6V m4Y߫I6[F;k8Xdž+R#NZk>[P&IJ*x*v4pc(G"QbAR)MT{ʗ!zSh$֢zvҳx!ti*d/XL fXlytq@j(˜ |OfHk.!(:R;_~=G_+jvUuCܩt^J,:HS +nG=ӿbO\ endstream endobj 126 0 obj <> stream x[$" X!@2-4 cj{2+bUfFb2<^\L友_2\r[n|oR ]_"nKp_Wby}I) ߜ?M_|_%[^mtFPB' U_dVcq fRk7 ͔J j㲅Zߗ-t/zl.ktYKv ~)p~%V[i-ܦaY.Xc=,G0,A:L !4l Z5nZGhVZB÷]]k(d5TPsg _O3وmͫvS\wu%'8z6Ct@ooK} }wi'5._v'G 1ȃ0yEv Lxϛo c=cO {^۰_(_8K]ط-L&m7Iϰy8:{G b(vzmžQ~ kV5B-HV gHy~ҁI++GJ/72%so/[?-mTҾox[#kgWY'sӨALdw 7XWWLS{YMZ)4vTdugropX#@!mo L-jɶuU" |SKȳs.qKJ]*mzT"P|Mȣ Sۤ5&2Iv5pbmaZ6#ͤ a'l[yD X%.z-9W&(ȄK-IK-oLAYpTpA_uB.[cQm'.\|1MJ]pXOX( ] :jt릚0U)}}nG'>ў>?d6it?TD9u !颇!1 &?*Wy+'pyAb@Rp" Hb1|LAmmLdٓhK Z IuNDĉ/S;"Di1SRutG#Sۤ5&2衵' =S(ܩv @!PGƮT 'a˖*|6I -)^!Gus +ʋF' + 7}a>8}+izL⬱'uKJ=lA;ܐN W+M=G"40Ԃ*32[2ESq(㻞Yc`O _o 3IBRv[?)"<DEMheloi (:RYLTgن 3ۤLd*~~֯zC szd\)Ȧďzz4C%9r 5[ccxǤ6e^)nwF6,>9" )mZzI&2r$߲wu7KftJI(ޕz:>(vl0_<0L+njkLdmi\mw=LpRE_DCh7lAv~ކ0nh>u,oRĒ9f kB"Pω1$ `ؙX%x\GFn2}~7EʖIkĤԧi~/9{>RV#?KԎtxћG8f/"m[>|8qu֌I@3P|6.qO r0ٽ`4qK]]K3ѕMK9q'2w&?#Uf"qpMG1iqeǒ3VXKZ d=>>*vY2qʏʼ6im#4V5"}C3Lv 컕Ouv:|%;aoT{<'.nF*/5LJzty~FjQzRT.ݾs,gu[e" x msg{ZV;lu9YOEgIYE$,#\/c .3ۄe_ [%A\d%cp4mbd-|HkoȥcP {s#랣2m~;X'I>[9kUʤj]40k,WVIP^>Mc ל\uCVi[ E]JrE9{JޏWÖ# _)B\Ƽ5xg`h|p+/ sGP}/s’XnVmrڽiB5gr?Xrip`[u fY~MY. :(Ep9f@wTi\[ e6FnhhGHg]՚,(]}:ZX,!?b1'7. 4WBopm-/G8kl9;){йkhD~_] wByqNXw>No{豼.ȥm9r#V9Q@/f WN#̀P6uc[ 6j-aC'"4JEop? \qVpp+7pa!vu} 7/zVt@BgxnWj1&HgKkc``Lw ‰ng5r\cv"O(wa*Y= }8}NEGhz9wEB#=J)z.RcsǁZ兪[7懔)蜌Éͫa #ifIid1ː;-8~}{Sc;պED=AGN {^,ne&TWl3ȁl Wa*%Xl #T8NAGMi?T|XՈ~ϪBdT=r{Ԑ h!W&9?& endstream endobj 138 0 obj <> stream xY47-K &X`7di;G~})T1hLJx~tD7f޳`WqP$@^"b dܹK#+dIwTj^sAZl劢vjo<82N(*d19!ӧH|z eYHCϋy%cyzqdUj,V&nri/ٍ*x0XoE=ޮԹ,ВwM߁8`*$0?_0۠Ӏ%(abz`x%Fm^c8$/$x Ӭ`\$F4*fQ{@,^\AJg'UOS=K 'w:ॏrɨ(YeR5((#azJApL]:L6J2`W$K !1QEPGӞH?W+zI:KqS'1HG1ďc(qд{%qW"-H|R4!c\F)oV|V#1e(uo+,I{"4`dF(WZU odI(+d=IvF) J ?J%BmjU+KiKrd$%".5U^Z94JN"t^ѿVv(Qw:+=J -Z@*?mqRPd$v *Uő'e|CPXQ3R%7t\RH ęzq^J ie3&i$tS-b2(S9f3agfa%6ڰ3c)4}ڍY&B)3dyl].Z&܂ nV)bH5P9KdP2& %rwtƏ%VDTڒؽF*s,f!]yvyvЄT ܘ]R+?iWc36b<o@[nף3?h\걶W/怆Q-[b݀s/ci a8dO*{j̦X'~Ԉ`ɗ&M&J{k3LJSW78TI\JI )ϱIexo ϺV7ع` i6;v-t4H>0Usѽ#b(NQn3(e!hXǸIı&(yU0n^`tVhq(Y.Mq?nzgtq%CjEtywCsaU&&U|n.o^ġY]Y 5tC ){T.-ӫıvͮ&PA92cIa5.&4H:&c3x>S„޴挵2(};L"ˬDQyq<0B eԱu6e%>z9SOax=Y+ʹ$}m6`/޹]5&,P&P;cy\VxݍUȹCõ0ڕ'sOfAƩax | c1ҽʈ8&AOڃf(,»ƇY 8p2 Ո+~Y4$Ht|Q>>bL{gu߹vm>-)M*uԇ9;RۊUU#1Wޫ6[I4J0~M{E٣Ew/_ endstream endobj 243 0 obj <> stream xcd`aa`dd rv  a94L?=b$^D/@`b`ad(400300r/,L(QHT04Q020TpM-LNSM,HM,rr3SK*4l2JJ s4u3K2RSRSJsSn%E )Ey@G1]ǰEG+1>{y wWVU]V:{<_ ~Lcb19{6msxxCdG endstream endobj 245 0 obj <> stream xڕ{T=M Z[NG-[ys I@@n.r E)⼴*ZULOtLSǺםAjOzv?$OJq8711N_/q/͡ y8NlR_͙\%,*AEjyL8\%VӗW]fpeLZ[T0!U!*ȇCmlB-+uT*,g_TV[E"QpLnI /z |a,C/%:q6RRIT'+%T~EͦfQ % jُ6S T"kjA !-R)  i=kڬi:4f)CC.~/hJ / VCg8ʿ,C̗}y׸]6 j8Q"h &Ti7>g"&>'H3f5pA pރ [CWiO54&Ѐb2U?Z#!@}}{'I^%l43v;;WFtTYVP 6{3m55o~:N'4`eq&t4|^Jͤ8lvYT7YS${7+\1&E~G@#?k 1rzCuʔA3 wE⋼TvbT$*A^1wz3<_c=P?._?9&2?s0QL|Njz5Lp3OpqVp JaجTmlZIjҮ`簋E>Etͥk#Spښ{/ u`hb4oV':}4jkA i%2@{>:Fxv OVPePDPad8'ǰq 7l[?뱏B@t|e_{[85^pQU[%0\f9P ݝ4x4vf/`itDPΦ2?3 7ŷPbҕҘwn||Z>KM{C"/E^84ZHx겳h!b9[ C(#x;d(-ݙq;iWi3"$ěaߡ(uJs8_&\'W56< {`sw9}hA9{؅:l7Xm=}y!"VwE%)ڼr }SDBTߗlJGCe"錆랂P4nЪO"|ɤ1WBI#^yz.wUI$pjǦzo';7V) F2囝>3`[kaW%):4O5B+ɶaD˹8.ߥ VipTZuIvYV;WWN 4廈x`w Wq>\IFIMzIw{ϷO$-Z9h'ڎzi \/z˒dh?Li|,FVg'Kb z Xh]]͍GZ/vq IvZ>I&l`4zOo/4;{?stw3ZtBcr JTn[݂͐W%g?!)0#DO7b0/( J{l862sa޸Q:=(O zP;jnV)-:B8^} @#ړ]YZFwp1d$Q\!O ¿W|S2N\Sj5Da./0ÿ] XLMʂـO}D!ǹ M. ] Qf  endstream endobj 247 0 obj <> stream x%]LRaρ# e(0 jX*g?3\\ΠBPDwp?{{T4|[Ci$̐R+ݯiN*:ik;Ǔ؆.lqt5V05=Лs$|bgA pV܈)[\LZ诽bKxxJ%=u'=gdƌٸe6UUSul&-] endstream endobj 249 0 obj <> stream xcd`aa`dd pqvuv 2M ~4L?200A] $X9J* *23J45 --u ,sS2|K2RsKԒJ +}rbt;M̒ ԢT@s~nAiIjo~JjQL B ,L ,  ;t8['rϾ{cˢߙn^ٺwMݿ^}e5Ov-+[{n+gZp-g mXQn^{%g>?Duyt%us/>}h9ǟIYurls{mX]c!TvkA=~o~h&[Gic@]cs]w->l_^[~|cNvΫxosmmS~n˺pU/~|[vMMݝ? p=olŽ|2ϭ> stream xemhuoºK'`(I7:&桷5[KfCziK.66mwut`uV[@ e_X݋7ë!I" }z5[7n.-Fx鵄J K$v|dڅҞ?mMZD f/ǹNwts7zSSc=bi{hdv2tGNuow<֞=~nr쮧.nezxnobx D\,4: D2VPI7F޾tǠV39xYϧܣΫ%*J5aU5!ñ!~'~AV0;6QjNe>W*/fll^cg*۲OSd1cu¸} )Q[{1y endstream endobj 253 0 obj <> stream xcd`aa`ddv 4 aysi2?d~1g{I |"_Hu ('QZi``g``_PYQ`hii`d``ZXX('gT*hdX뗗%i(gd(((%*ݮ&s JKR|SRba##֏_0~gi{݋tWyV]]\{<_K~OgbsW={1"e endstream endobj 255 0 obj <> stream xE[Ha>urnI:7EdiNJHtS8tFsglsUuSvzQVyR׋6? D(iN?$3Je (D AW*Q:]qZ[,1g2z Y봚MvYXטzrFsqm99n[kkΖ3YY:u`rc.l,sY{aksqr4N;BPCPQlb"JB Bb5N{a[!"p6Ǹ˱$ B}>WԐKDCPED|8Cn+JX,}@~0Ҽ!y@X WII!7{`o?opK,Bآe|G'xtS75%loX>^53A5^oҶ)(?-~^^E> stream xcd`aa`ddqsv M:4L?200<A] $W 102rT9Teg(h$k*ZZ(X*8e&')&d&99 ə% 6%%VzzEv: % AũEe) ny% ~ '܂Ғ"Ԣ< Y{͏kg^:{ 䒒Êu9ؗu>Tz,-}wxԽGeMN c~_b{Y[̞yȱC8s-(jSfm]/ʹ%{9^1Vvo1"l+u7GW6wWwsvc+[yNƾ: <> stream xcd`aa`dd s v gi2?d~1g{I |" Hu &QZi``g``_PYQ`hii`d``ZXX('gT*hdX뗗%i(gd(((%*&s JKR|SR:O:|?t~lUknNt)9M5ZÇMvF5+ۻ:wHv{StK'Ao?k%R;9*+g^;49&7J{Jމ=_&[o]M9]uWiӾ,`0]|>$\7|(\ܱ endstream endobj 261 0 obj <> stream xcd`aa`ddruwv 2ɰC Yr?Yd G TkX9J* *23J45 --u ,sS2|K2RsKԒJ +}rbt;M̒ ԢT@s~nAiIjo~JjQI B ̌,~t޽M3~_+ۻsO/{Vw\B ۡ݇>ģ)]{y1O?d ߧ~`h[gmgMCKUwm7o".{rzJɕ+]7RE t#N[bu;B7ǗöV.1N޿J46vuuppg+[yNƾI<> stream x[[s7~_kݸ705*_֓T+vf3RMQdK1Ej-;އ>I"g"s?@J )JFR oFXU m^h'BWXD+aVW"ՀV z BX ^zY)#*Y{ UHVxbHsJ =W Jt* A ATP Fld<6CTEX 9D @=X2Z(|%jP`KkOV'qWppaRopUp^qWNh!1p´!`` CRM9+TIP0e(/T7JrAUU]IԊP$qAPX ,W`X~+58t(A9YS*z]*.Cb(5hiɁtFȯUit5lJb]-z)G\=ӊ(8@U*v*G@(ZTpH`N@> Oߑz#x% ߂UE_4/ui \g x幎n!'{&%^Z!I#%'dU{}#L]IoR2$!P(J]FIIs])*@F(E2Ei'K Lp€N΢#G)0J$oW>`~Bq%2̎#BPF06"])9^`T)4iִ&ph!w τS:R` Ң(QƸ(m+y$#Hmk8Gh\&A(Vi@&gs i3'DP:>"s$y_ #&#LvdJ!En j\cP5rM>= 8={"=VKl-F)`HZ3 uL+sxYK39 X6 +F0x\tSOUW=7}lS3|~0gSly[enU8Qf;58F 32> _v\-;~o˗ypfz5{[w/w]~?可zvYT0DH7YŠ|DU `z!:oh1;\VbΊ ^O)X )dE nU e,ًcdn73VL 'n |d.pl}/F0pKZl+#d c 0^j1,,!Dـ`Y<0JC|MN@IaQpDGW+5?_O;  r&]8+S,z@`zE1vz/KN8/0-[DǰUg>]aiA)940QcbQY! #Q%hD憨=~n.C6CuuTN6doe5b@Q3G9.v sy=eEl ,X."ŋ5Ϥ# rp"@V9$=Վ3]! H}ǧ@w"1>e3O;~5 'jnv_kζQ1;19e \_> + ~ 6 DQ7v mY7bP؄8sQ,N5pG{2تQO1ѳWD?#3ʸw !9(AZpYɆ ~ϣ(;z*i!j}J!l! ۳U57e-a?j {}UJ_Ԣb<;^q6}Wn?嬭?j^tV\u׋s t߅ycu:xq Ն9HǏzY/=/km9[ں)fm|=芛 u dBwJSHRh ,zrZ\5Dz"uu\}4uLQFrTEGV֨ j b`ˤR]Ix'A#Wpy|7栰pnzVHJ>w#p4{9oEղnu1[]IquѴWOo{NSCümjLfW0!wQ̦ c*,]ez6T#Ir DpظPz&Q]FL11&_WTvSu鋶T^Ųfp+ n*m!w%y= _.{Լ?%!g0UȇZNP/iumŴ.M}=W^9)D(I3 xE3[(];[҈oo*!䠅=wkhDMst鉜Yu~SǗ| QOfۡ-cPOgdzL +jIC7㣑~–nfQ*w~ͼ=+6,Iҧ'^a[Ȟ v{'*yǗdi8(?*zr2t=ᛳb'cB~LnΈ@O> Zs{|ۚEzU-cY!|-J<],}+~RҾaoͽy9~3m8BE^ EvgRvu!-y䲎]6q0\Jk;_ CPB-#)x#fH?W^i[nLyyP!؏XFG9yP1R-- BQ(t"Pg%ڇ`xx^n>fUaOpF8EAG{Aɴs8?]oaGj: ߴBC (]M!e6!bۮMo5ݢ>y^hꏓYqzfFE_{ -V^FsZSד;-0>绖u3Wjf]H>7Ͼ~RAe6>/Y4]W@ ӴovNzYݖo햘}]¨}-VC jqf5 i^ =t5ɒl@&F&n(}@&wLj EӦF^yY^eG=>W`^'g+gA\MO+XƄ0? z{Z=./!=AMX܄ރR ,ֽq c?n^R=7|֜/ݞ˃@3a͗/V<muawؿϛ+t9_"05m{|o :ȡ/kv=[~^[dI5fa8]G`8[,f5m/I᧚]ain}%EݎjKm 8i߳M "7?Dc\rG=Kǂsz7;"w3D#6<ذO}@vTdǝ̀\=v\nȭw<zڏ(>F-zE)ͩcRܗ6A:Ϭ[6zUQ}kJrOr>$ a@6>ЪHXY;gpDKR0L/K^ BƵO%-+h@lWR*E_~*YD&y3҄Ӯ>y'-U?RA?L27錋O;K\Aǻ H?L\ endstream endobj 273 0 obj <> stream x]n0y _vz1VZH؃R`[H_"@<3n,izM:3(zwG!x? 4B=ı2p/ 3Pݝ=<B߶n 7+{Z{9DֶQ@' ^}Al OaQ>7 BȢݨ|@*ҮIdJD*BLցRrF: !=UF~2H4%*5Pi=л|FdC ֘K()Ҥ$.$M~mO΅ ;WgI[cK endstream endobj 274 0 obj <> stream x]ݪ0}\6M V/mi'Zx`D/^kwww箙ˋDtcpW{kE)'R/bX,hXFEh:n~l4<-$=O8SEek|>\dsWbYu{]_ykx/am /p\'e_q(Jf!ފ UW ۮu}Η'{yg6PH$#@f2hH11Ù욄r:򋁎ؗN b ՚rLZZrTKfjj1=5:IЙb$&C*eITTMB#$8TG)#4 $G RTIQ| RhQPmx&(CZ ]ihZ$@S iv2@' ՕZP]^Ҩ! : X]Tа$8RJB(t?Cbb+> stream x]]k0`Q[]`?c'$_+|''?594Jbg*JR-rhLWoyob1Fw3tʍ\Rf|%҉.ӵuB~:!чtî4n#/=LهmNUNɘ+ & 4l.m}d۽ʈTϞf;w˜ݓʻ 'Lih%@l)U,Ag^AK&j{Te 9*!߃V (Z#g \}9z)/G tVY0e}['9Y,,]XzE{i endstream endobj 276 0 obj <> stream x]j0B>K-C4=iqj%!۰yX>f9h|,;su|L4x?eR 4"w9x/+g=q8DB$|e0}ۿrI_Gs _.7}":PFoZlۓk!:"=g/ܺEdzW> stream x]ݎ0y _n$"]v#?jv1CeԼ}Eyx&.=zrF]ɳaԽŬN}YQ~T>QY,KCr./#ufz$7㇯B~.ӀAėc4_`1,=sone;zrO͡& QJEN;eЃh6#/nKHbW%=*h*@55C*ŎK5TijA5u3*8H!%:+) @WC]b*Y M{٧𾇿&lTsaqJm5}5vS>l endstream endobj 278 0 obj <> stream x]n \nXHzZ(R׮R.v>EJ"o?^ cutI匨i`4@h;d9 ] &>I4::p2ڏXfک;A!LgwA;=cz9g["AaK#թJ+C"!$2Fn M٧:ݒ뱎'dmCPAXR1]#a\㺅XIseZ5J2g*R&h"mHH7}MEڮvH-iG-/(vQ5˞;so op5v endstream endobj 279 0 obj <> stream x]j0 `^mBkW48ϱB/flϖ_V|N58 5`d8AFiFځQ|` 1~EG;%Jtw TO8p: ?L@?̼(='IBos:{a$[:w@TS("B⋗aաU > stream x]݊0B]?\f[N $d3! |Ȟ:g3,m{3y=ŷ]m0Qnhgߎ{~4fIL>4^dz;qoT { )D%:& 1 EsZ" ^$*/Epz)"B$S䓈rGo)TP+S輠fHgyT$얞3š]x>zSvn[~ endstream endobj 281 0 obj <> stream x]ێ0E ?NRD"2Ћ `Rp<4J"-Y/KL"&Q7]ϾtMeRTM9CÏu"»xr:n~p\<̷GSƏvE7nbi~Ό\iߗQB/s\{^lbS澬~5 kO24%L̒`0"=4p$SqN)fG?5vA?- 뮙5 e $ZcXv=9"ah,pXl8<__p i;}^C?=0 endstream endobj 282 0 obj <> stream x]]k0`ѶA:B/P#~1o&'۽K?rUkiԓNtUv94&IƼ7OOc;:iF )w5t_[=4*w=j=!qy>ut4Uz0~6Fgn϶ےՙ}ׇ`9L\h]0TUHA-dud{[W%aNz{V{w!) hZveEZ-Y+A1)2ۂbgPz=jP㶠@ -,9< T/@AQ E%:+gAb^?Omd0a<&h3G endstream endobj 283 0 obj <> stream x]j0}\Ԩ "/z>q+hb7f^TT2!3aYW 2װUs \GD1GnHHE@ 0 )jis+"F;9 O1z90`Գs]5\A< m7O݃ŕ<\Ɲ4R̶‚p"lrЭBXA}D{Y7p֝4*6_Q#푎o vQ\!(G$ >B:!.:;GC:`ԥ/PaG)Va)fO'fϰGI5.tۘUk;VnlFSRm*E endstream endobj 284 0 obj <> stream x]n0y _v?"4R.G )R-|F(1̜33vRg3"m{Y"fO^&>KxrYӸ2P.EhrMK17YiTxv۵u}]"Ձ)~ e B*J҈)1c +dbKQWB E zAY$7^"vK % PxS#*,1] 嘙BGJLPa<;RV3 }B]3Hsؑ3)i8؊MpH4nu_]_}:m'0uu[VQU< endstream endobj 285 0 obj <> stream x]n0E ?v!5ni?!lik|Q;'oN?g Li.tLVH :zl]7o{oGb9'ϧ?'ޚ0qȄ#m6۱5|m\zBcXG=~F+h<޲.c,^Dzwse_9gn4":+ЇM[slk5SgdtYvur /1\5HJhHB+AGh |j RT Jk*QA[;DtmmLT?+PDXRП IYTד]~ҳXnq0=κŕ endstream endobj 287 0 obj <> stream xڭWyTSg1$36ߋ븱[;U` +6CYTQv|D@Yd E\pZtljg\F-)]ڹ~3l̼KrH$z*iͤ^^7e%lvO&@•k|,?o\O 's(5.^FӔlltOA}l"/~^AxSŷ{{cKygIBݟX|NHM G`<_{pRёk{G/yU2X{ Ƙ:j0=~ܮVvO2J7lmYշ OS>*Vq#NoS#p_14ҫ{2ٜʘ4H ςB$X&_o[O_~Zg'.۾Sc靷Ï/Yq[Pbq]KE~RRbagOꀕlHaCM_<ē4x&~O\W/-l$L),AH+ce3[ 3SXy%?0:=#1rG# rBKQlɇY4`Ka&2QҀ /R6J"4=@^>HAT\SZq=H7O!/Wobq0ч8fi.}^mrNF/[D?c^b#|Rp쵆7miAtojUT`f'kd  KXlzub7,m68Y\Y! HĮ"[SҲb6[d9"DGؑDsB 5̛jt\bRT-;8?[ZMY(0Z[SaA XgԇuE֖EC~C^>f$r9%n~N!IV1;P%7JS8^]F&j1.NjT:#h,R?2X)\{3rX Q\V"p9RF/_㈠窖 Y#)x1@47,gQ_T!{'CO}+u9h@< |*D<p^8<B! fC0le T;W;& 9kb> {b3j<¤Y^%OEY[ڭ;TtrlC쵾yBэ.v2';N5Ijg;dL(IļTNM/d7&Ϥ5dt;j'S{:è Yڅ9hi.hF=WZX%̼C q+Rg?ta˧bϫ5LuWs&TVPSz]M [E/o74&.mGkChDBc/қnRS2;-(f RV8'g* LRjMFp6d-g Kwg*4y lndAhx1 .&7&O蘶@ˊހ%h[%džJTag!|s)]ĤGI.mxY3^Kd$) Hܺb:c+V’ȚΖ^vyZ#C%9,%sPIuev$`ڟi (^uM6١.ꅜ^1<J>~I̬ ̨ {KrUmLa>wcX w 6r;'GTpsym&OFbnsp/LjCrK)28}pV42sKjpS@Z/Ԇϣ+F:pMjЃF`gOVyfO wq`xcUFY'LBCzϻCa\CgPOW^k; ͥreTC+; [C:cY̻QueלmlF\9Iגaj-(+9-۽j~2,u業okXJI*Gy\vV 8 TX}Χ;a7Zӳh}pNO[aR?rxՆShoC;㠛N_}!`Ѧ^gK Hifib [dE2WfAvd$~< ؛%ȋׅȆPq>H*p$n]Et׭ZYsv4o%ԊTPOmPp%ֳ{tT[a+6cA߮jk}‡փzIWlBTz꽽uʊ6[yed~'=m. endstream endobj 289 0 obj <> stream xk```RbX.A% 5= endstream endobj 291 0 obj <> stream xڭzXW,`#ʸFg 5hbWzK,[җ^⠀ޣ1%jL0Xs/o&,<޽߹9"D6͝aިeׄL?f<=2Ͽ3<񬈧mxG1? .ݶk^"= %#LŃFDwl}F`"{c/X/9yzx/b'?~а_?'Owt304:2=qXcWF CC=܃|C}yotGzGD:F"Gu\(vrxyG8] 4D;$qGHooG?,lƸq2q>šqA"Y>7f,[^2wȱo4^ ?4 †bðl$6 b Dl>6Mf``b9aBl[-Öc+*l5[\Fl 抹ayaޘcX c!X(cX$&X`,K.~*M,OY j Fq{q. #I%vM]t)6[an꾾#z|ldw=z5r5dA3{ uJ/IʾV/'Ee_ɼ\`c:tioC tp` 8CndM-Zއ%VgV(4YqtZ"ώb7zt "~6@BsĦsAӳ8h S**x-cC5Fa%y´EnBϫ7d&=XTf0p+|&ME[ ..QUSRV{>j˂GlpHŌZ;\ʐΞ_RR7zN܃3&9@<yK_OǥW/F}=.tUJnlG%Q|D% {=zҥ"1@d>0{Jț_V{yfP/VMnVUie"֞?0]lMЧE{P<̗ )$G}+#r`(Q t"LJ`Cw%[aXA AQ|\%-A(EI:ff;)8kr֥U^F;u^CEħTifJJ**e3)c H6q\ c@\x(LeMJZvaL'|WR8:/W2eEٯeW2/F9gC#S4'NJMo5n3(ƏB#`Q/ޤC]P -"yd+KӪTJJ rT)(ne! ^']a62H|9>;?vf' /w<>z'a#p3]10^ @eРHD@ܰ"GCx=PEP$d)T*lr|6Eh ܐ'|M+'vfQYHOݤI@Q)5ؐ%>I8nɜKZzC NKkʊw}2CkPOph:=/` уbFVDFTFVV2_,͉./DpI ]uˑ͞~aa FF?3tV;RUQ۷!!kE2> `A4fAm$p&dpcVnf¢׬JC~/auggʙ2z;ӂOrA-~7_ه#de_O*u8Id8\>.&9Pj 4 ٴ%x܍[7 oVmj2\ݧ9ָhb)YB=TAmp2vGhFH3C~JC1} K"$SA# 0U0Ju-b͒P(;. `I:/Mp9t6jW&EQh~@sW >Z(X'1@SǨ7Xx~ hKŰ%I=\D{Y[^YrTLiw StݧGOR&?lX11¼nuȔé?/?ڲҏA=vS\qy\C*ua;Ww+wf51W>CBv- F7~ ӡ$!u[nX. ׌,> ~}mI)0SB4Aw i^"!splڶ>Z ߑ6^?D n`PĀ; X.pX9p #9r䀡2؄JV]][XVXQ6OF݃L{D ǞFJ=yM M-nq~ @vʲݩu4|ڷT5HS3ћѤ -|+bP@{'8%bAJAސO}I0of|^(?2ҝ F;9y~KΙ5Fzwr9 /uKru@~=3Q/Rb>Nr-DȌKV[!#91QAC B7}MH-j n^%`<F0M^{ lPРaɡKzk|޴oN@ʘu.hzMDNFwal5=uo?Ifho7@[ q^Y˗.k5=|Wa•sd@+*o}pbBmʢLA}VۆW3pnݚn[u%@ ~J!4[hby1AE(fz#hduOjYUP1USVc.QnM| mB۟xvGWIո$`f' J۴v=CT.|Yr]U e,9Oʒʶo\貁~ů" %JGoH&l p3bGb{i2TSUe΄2dUeH.QYSv_q:<Ѿk "i3eT\RRJ*Z ^_]ԹlbTg&$$R^ Rc[j,{ܙI-EM=>[GNz q>-@_\:ޢ/ b$Pw^/]U$P {dm-kcQazqɣ!x`w2n-e%/р?8i C,/j5B.j l c;f_%ku140VRXj6(46]ɏx71G͢ @V)%LgpNdG7\a;-LKfN05;<,{>$])4!Ⓣ6nwc\>_VVޔe}& jc#˟#*^,]> ADyPux:qh_}Z89\ݖWJ Ǡ-rߞ4,vؗ}~Ub`Eg9&spś^\EȞzO#"YhxMmg)]7ak.4!2Z\xӒz̟]ė]# ڣ'!\z3ZGR(fP/W1t ;*KeP&MXUFdSYF4΅KrtC֟6q- =A\WND+U*hJc'ϢIțB}v90 @܇@x(ּĢBVgHcCL|B`VyEPVwv;- F&p.4WE*["9?I r 1̓T<ւ2!U!e/Z_< y% us]@KfZ%O[ھQkés^%_E|.rpF/eż >[|wjzsBSk.ނд홌RF:dpKjS5xmGDZvL;|+5'^Q+Ǯ<<7 iԐG3O/kr)@M'Xm%vTcNob!}IƟF.w@FaҗJvGdGi ޕyegۭ5.?GW5?6.(V  ZRx{4^֯(Zօ(?#oTwR*/EjJũsgLg+ln9֡\H'$w%29]wUno5zF#?u55 +퐰)$~%Ō b78h%ՖScX[~4xeT ~E͝z"Fx8́j 9GP 1U"˻_0joXUyji$hyB[.RJAK;Z^+ @:j3#T EiY}x 4tgK<&+CO3 2XUX]sqy|[ΓhedZ,J֨T fFW[Nj%iH+w[9[^ 5p%/#ɍ/*iNC~- #;צk23]@UŅ-igˁok'4WZ6ֵ'?OOc֎v<`Hʧ Y 8#Բ-ٟD DIrv'qN!Z9=ֲwB)&-r @ r R!85ir 18+f J;iBMVպC#|`*X}Etڵwʪ~\CsaKF,Dz.At,d'QqI iJfY?ɹ@I2_SQ[u0a5va)n] 4[[e&J^_,#7R?eg+Tr0-C;[9MZ.q{ a1bsQLBRh:*Gm J8eć&~_l<^gJ9'՗9mю*IIKd"@AM*WNU5GJ9Fv"V 4(alSUS$'oo=vJg㗪q y['2C96%f ZNi/2]UL:3Yh8Aѯ Mvdrw<fP]Ҳk(WdGŏS@,nNv9P"Au=d!QYĒcM}M{0[( 靴;~1?n^Nt.H5'}BlfGS_pq65-O:,T,eF\Ze1U\SA`slZ0{mt'3L"hhK`'vH]JcCfѣH()ܙ~(Fp+#ڎ>ևb(VNdF)D \9Z޴ `QAppg'&C2hh@`KȎ}!IVxhqT@UBiEEѮZƢntHJ`Qſu-_V|[wW:- z osx?G,C1WN5HaUqITlb15lA l`+3g.Y2s%o_r[X1Z"?^Z'Í}1l*Kɖ-5uPsOyCF xRZU!(Us% .1{>g^@hѧ&8d)JvTF')pGh ҩO/}uv2f++/b>Y.<ك yuUVzx:wr&1Mu rCBOJDz-ߪ݇a$-!Lj.{нj7No0K7\lg =Cw endstream endobj 293 0 obj <> stream xk``0_ ࠃ(@();\ # endstream endobj 295 0 obj <> stream xڅV{TT?#xis" {f * @a P`R1|0w5XiʬS?9=kΞ{~[D"oպFDfj ܠT5:5|^( 8F38֍"eR7W^y 7#y\.^.$$3M#q?dmrm2Ӡ6(]ݑSR lHp$BF%nOlbf2`l6_Ui3$ej&զqͬQYNkܡ_`Rz6GKgoRL+YcfRRꍱql6SoWfl` J6`d0Z*(i&A¾1q֮PL6EcDFpV!g>q"!ˉgD$XKt ȌWx.^W#O|b|EFYhm[?;G > xh܉Nѷ.TrFBoK|F P| :6z2fm ђ>(&r^@DT/N1ɹ? ;Ec.ƥ ̑ ŕ9eܴ5~|k'H` ji-Oo=v?a%XB䃘2/x탺"T!g˂ '6!ӒZXS U~O9T ȖN0zBF_8?z8!80uP;PrK+Le`qc {Aop~aC `@2wN p+9f;ynĹ(;a&Z:Yj.s~SƢ/j6`Nm}\i&Ec<զTxHح|o|pv D#tYZKrhPEE*;VjʚC!2THXOIw7mQQ4smHHx~cS;38x#[7D`,KaGY@KW>xr蜬x7WRl-fN_-cx-_qQYaInhbXm]BWZp x[{d:h (aѧīM&b gh i=V&E7uʦ]pNdB 8!VG7} V`>G&, <-~~lP؟FVk4jva;vP%t,;2!" y!a,i;y$~/[1G:ޓ] )N~ŋU9SjI7yw]/;%Ɨt./M&k-|ua_\RQUR%]\R. ) VKl5UVc*qNSO qMCP˒6Ȑd-zczFQP{*s`.> H;|#U_Lj;lyQHLwpwB#2cG? C&{ƅ:&cwCShD)ã?ދ XDAB%Mx>Ba@}]iStׇ3}<@-B[dD6ѕi4)=Y}:{{|@rsϩ`yvYuq_B}<ԾGBCto yԂo@s޲7hӍK@޲=ng֮n|M{3[FV ȳTa{㒴 JОM4^fxRt+fM򔔴ୱ w5dѩ0;yXbkeNU:hى 7狍6Gr#iUy jC~dP Z*[x%Ղf䣓J \Ax*|nB/5P$zs܂54 Ss4T/*P_t6^_ĵŰʡBdƩ*f:k /ݑؿ}1Pˠ ngQL-r|òq)]FѐRWo&&JKӘ$&h]ZG8;"OVyz,s9Z'B>E YP8Roz`{unKe#}#/0 endstream endobj 297 0 obj <> stream xk``TUѰ? endstream endobj 299 0 obj <> stream xڍX\vWe\YK,Œ;60VbI۽ ]H)1/Ē}%=~{I̿Qeν|~J(kkJ"8l~{MS=<хk"f̜DoB#EvQ"/AJiY]݁^cS:$,wF8ᘝ5 L"6rӏ=\b/`@D6:~쥺ڠhL7Y,TK\T5B*MjEVGjUu*`MXJI zE!XEȀMT*&? RZ *w]DC^@DTjt** @cktL.25r jynk7LXt]wEu*h6,?R䋥Pj*BR3ש< -j!ZL-S j%ZCyR^:j=DP)5`JKPTNT$K$5(A5z) <tjkkk_F(@O36+m~2;*dWt:؅ZƟ!]`0qRyG8l_VRHA8#*RBݹcۦ4U.ըy2`gY۱m̦@kUJ{`9[g TdW3T +cC9p=s}<띯~7`ރx.|XkPd?W,|H4hbwD)`'x,<9//U"6 I,p;QOor("\>riܱem, GYX$hlI]4ddUve=z8Cw^]}VpC5xY=bGEl2UAWnR+x?vp  zp`K2oNkG5KZVLjQ ܮ+]Y`Fr/ӑA7 {#5->tλ}94+L `?GE 8RVxX< a/w@`L&m ^2S."qί| V(CmIu%KW_9g*:"Flsg񸉳 u}lM3^X3k5X<s,ke rN{Tv3*[fN]!ڋ2Ҹ;Wx؋<| c~A54c=VSa祼+VDEMcJ}6yB„:ˏBG_L,}Lt"T:zT}%|kdKom:/Y5Kb^)h!A:gЁ#c$`sc57բC,cEU_B'o OW)Detޱg떤;>)5Ӕ&<>EBI LƂ<ԗl'R4 (qg:杵!?C8F\p^NiEAb%:S@%L5x=ڛ޷j8eXMu?f |D6{QdyCƆDgEu|F1T&sZVצwR+pӤ4w^VoEq>k,6r;2ĖrePAn繋I.:d-uHqy("GFΜAow"8xveI1b+2ٝOyye>8Z Z2(&+%NWtE~3V9ؕg#p]'CCa'NNrD"9ިŧƹ-H<:8xWËMWB^[yDs,!;j)SQ?+a!5mNձkRot:RbllgaOW~.cR_jpЭ;+z-Y\ڵ|I1ElC3 y^~^OڞX,v宮} .6  UŃ]rfS8iESX<~ ,Y[?}4;YL2`BnR&z+386eF؋CFc~WXfȦr93 z[^rܴ_^qn9k[`skQX,4q ֜ͶFjoM%]:p{ P?P*9)`DBoSA%D >'h`h%pEƛ^6QA8 khdɓ3mB> 2ѷx#p`lk'twN N ak-M>\yocy^7sX&\dM>F[ xv>@h3dm2Qjrw:̝5 9a*vUV/jWEwn|Ft* `C'y'4:Do(aK PE>e/҃9wIJb)D.NLG~_L$TXM dhv+4,뵗7W%ydyPnvV^?uO] V>N翏8|"D&";/Y$ddD+3AAyߨdT2d L!Nd <99iL~!Qʬ\&KiinVY&H*-g mmƿFP233͐It#/dEx} "Go u_f$$d/jQ*âb4=hE8';*o^ wnp|.xqhmAka3’v*ၵQMs|¶'4-O\_{I C0j-GYc)z"+.(qtv$C게YYF1/][,S~P=Պ8 endstream endobj 301 0 obj <> stream xk``00V|ˏ.b3 endstream endobj 303 0 obj <> stream xڍXy\S׶>1jcZVvs<gkp(ȔDxNrHJPA,NWwmg[[WEQ;KWN w>{}k} 2* d!W5'tۢV$F%F'Fv)1LD~_{K UVtn z Ev=^>T -|Bdԋj05eL#ϊNޢ^NitcF7;9%3MS5jkdUxjQքtmFZz3L$9]Zը^INRmQE%ƨcT+kTz:MMK֧hVi3MҪUhuJV_bj^rNXUUFPj*NK2rN;2FڣؽI;ވyKxKV eT1ih.J }KӶE%RQ/SRahj5LMS|j1VPku&**JR)DH @퐅*o=eT2ӻdt:e?Xcgj TFa!OlfxՅk%omO?{h8l"{hs K_3`>u_ Yru*቞Osޅ0v)h[THme{u( 0 @ w^:} Fl/KAs-?ؖo$E?Q=~0Tr.jV9=]#@^+s{.G9hkߥB X(~ gUz/UI>eJ1J䂴 2Ōt b93{Sqef J1DC/>o>'n+ vN06:2{Q;OvHV뼓2o%-[9h]AGᬲޙ^Ifd֣N_k.ՈnihT$?IĀmDjG(2r#_y5$TUq#|z'ʜid=Mݩehz#6ʰT ޖC1qjdg&k'ʌNp.Hd3R3\m;`˼w.DlFLC짿z/onxڻKo, ȧ^ *s'z0Gyͻ=| ֔hX`XdڨMsd2q#RvY>:c&<o19{"J`^w貳I^[Qg̴b ߶rT$N|{'HTjzv.-q *e*a9ÕZt\d5A*A[Ku< '+yu:RT!8ˤ/ob|\myc?kٕ;ߖmC]\|ʕ[39@޹%hCr.3]|]wcǝc]x\9kh.4{]`qN/畢2T:][c'Qw5߬eu ORa|hf[Pc65"A&\-ߍ(FD{a/seHݍaAxcsqmA|J_> stream xk``PPrzʱaN endstream endobj 307 0 obj <> stream x]UkPTGH{Fk݂1!@y+ё sq@P#8R<@)ju ɂR]Jk;?{t:B,&Jtʞظ.Kmjɻ_ƿ O xgDr QB҆Iy!{#_;\p*%dBB@,&XA =R_~ %?Us={L!hzXyF@ w:k8Oޒ{9+zB]|;-m%)wT%l|O)`/˿kT4yd)XT m*.E~U ! >wXlQޭk뉯躌l<y*#-O/pLMC @%H6|٥yE)bka\~y*-m56(Y -\>EBwhjuםN8sC۷Dfji>.)<K8z^]BwH?z\2mS\["" G(;tH2GNk*5uF Gsj[PF|]d|-gRtbl|D52V7ĉbTߘiq8RhS(\ߔ˜eeN8 endstream endobj 309 0 obj <> stream xk` L < > endstream endobj 311 0 obj <> stream x]U}PSW!䃒4.}O{BkQP`QD ؁Zyn#1)-v݊nYue:n;{ιsDp0!"2rjƖ,Ψ.]j)p/B !bpL8 ~r["~~,ZJ가 Gd;q,*`hE B@ @D,? k+d5lEgSZz2WVii-LܪU1IR2Ի\Ycԥf٢d2 UǬJBXm(b"&efdf&Zf~YLg3X0R kb,,=;IJ-Ln[jfX1,SlU,V3iUE~ɬ ܋Mݚ0EѰ`V/LdT ""4KzR/Dh`SQ7š`{ȻG;h7~ M~W| t幵үcgɇοE/-2 DM$A )zBB('rG͈^#}M37 Aߓ0ůU:8C0_kgҬaGUz>8;L(34?SݍGh)>@P7TxbVOcTi_" Z')oRŵ8W*yҷ$ >v[4{7=| o_X1bJ8_( cpd[=N==7| 4(fG˓Ok[QUk={ klF b(^۶.~K@OGq'>'/Cw ])DAa4c7U!@;B޹W ^?-A#؜ F?(P\c ]|>7G*!qѬku|'-k1'X~;B8F Ip ??Ou<<;P&jkN(33+вk^nSYMeOC\68"fZu씍룋wWG3qrh1:lCӁ˓}7rTN |J_(wg}[w U$AdOs̏P,~x׳o~p55-y+vpH5n׉kWY 8;F2'p"F STYfoUpI|{<+'Eu4+)3UDAHV0Ӷ{>4"P?UQ$Wק䀘6~VSx={S/DXtXk>8wlOco}I)i\&ɧTxysœ?!ra;CJJّiӡ s5%:{LW]7~!5^]GzrQ`d3x#0ONFɝk?#p( =7q8gypB&Il? Q| endstream endobj 313 0 obj <> stream xk` L < > endstream endobj 315 0 obj <> stream xڝY XڞAEƠLTZV[UZW\A*B !B@jZ[iՋ֥zIOo<9}ք@ z{+~uFEW|2(W8~뜥1it"D-J27iT,| ]e#W|baaPeQz$2GckG;m/4t3n1~h']S[JGTR3qD"BSw/`I])P4ug"=aUMt.Ǡ֋Ϡi":xP$8T K%HȎ7"= 0F I>o&&D,!<>{Ҡ5q ʪƺQz4eΜYԫ+BlސHSs]:| N8j l6϶z֎b`2@Y>j/%adhx^!dQ y5/m7AD ;&@ Z=8$緋ەS0SVm% mo:VŜ<(CKvyѦ&Va6$) jUJ&SyhIh5p@hIզ0 J $ef&cݖyAhp! ="hB;Ύ{F>uVRi5X4Y I?8žH%Zc` V5;! 0D< : mphgh pA%Ɯ\VSRӱ`XZI닿 mYp)]R¿I4B؁5/} W.ȏp2qS70u)DžArsr| ٚ{楠'tm 8?)^]/?h"WpIw!1 g dpf\Ij @jܣpŸkBzmc 'm͜]>gM'߇FlaD.F3¢E4]l1="a\fb4vL7QLoWQcDw_9Þ)@}0ꂤdMZ7WxW 悏OixL\jv&3&HxkU1[!hB۷i&>O#bK,+>1t։ug "@IUߓs :ìV÷*]r{7qL0ͤ08^= ~xëi-RY/zI%XJwCPǜK)\)O "u&gdfsqTItXelCcEef6n y5/1MිU /:)331Ea|W͋MIj)|W]}M.1IP"3C"&ґK!Mн)ɡ\ ܪzr""~<3~g;[Sl;cԠڻJ^RnKq ĭAGY`:I,ׅ7rs#Uu̓k7ķD4p%EMZJ㊓*JkYW[Pjg]PZՖQ %[uRFN]|tuٹCq# b ^zkQ7pfb _maG'hdukg_|qnW@;$(mBx \Bmvت39 )4l'PQ`<J@QC7O$ڐڰc]Cc6LZ-륖w @9?7;h,IfLY7*[dU*ExTKY}y5.7_Wa~PrC^>wJ[k">qS.ʬCbY :*/컩j4TD (P )gV851ǎ*TX"g^ #>ǡp÷W/S_ɿeLTϳ[=/m7;-K˜y,PxCtm?0(oK`1"oLBC'B}u!x}Mg e{:SY,[u>8Ⱦ~_hL(l'h8x_RuҴFwh߉2 Ӎf?ޗ@whZv-4nIJM=pQ&1 Є`6LS p[HiΫ)F~EtjOLB^ϧQPchϺK5^P8OfWC[~Xs>;ض#ɎpZKem|&G?9S]IQ exoӠ#noL?P;|t1]w9V|)ƈY4Q6upRHT S, nNVa8"rKrKe@=~<$0n5}(B%5PE@cр} T~Q|IU+VoNlu5[+i*q:gt'I{[0 ]>?WooWmH3n<%>8?LUW~' 9-uUG)-G!ǥMZmnV=<{~΢[L)K:|Ss vToUufs;[ &Xu:V{p @SκX"9Vʏ$mA=wlf3^4NiFHt,&2 5CR*es Gl6],<y?^vHCհY 2yCts͑~"Ms>UABٷO5Hf B =$/޹=Df\QE*'}֔L%Α9Zme6]4 t^$Ii!3M:=+IO =>.#:w/2UG՘$<4tpm|]ES=s1HG,};t]\wzar]'?xs%[ <̃_g IqJARBRb"TR\3' ы"}gm$ݻO-[$1+A1"wJjC]4MWM I+ t໺3%_Nւlf7J:ՆwJ'`2n1x0R?_| R+[ 0*_.Μ=Ym {A܋;C?7o |pٺ H]k$0h2Ю􈩬d셳>æ~Yj]4ejc <(ަ+=݋zmb4 rQd yNlߎE#M~s2!@S3CI4n[eyd58R 'BYlO-P)x%,B\H47XFdnFq~@¡r |zվmMh^4t$/' 2tEfU1d^QΦNzD"Z35@VA ]^IS[ˍU N&Lo'`iomx:EdGCa(~?(ǫwآw]>=3ܜ$7ϬOδk\?qp@ ߩ) tM;eM "U1e -:j>[A  tղT[+YLEl܀.;^( 1٘e_`/UN.gʲ 98^ϯ-<^sG ښZMcMmm 650JM2NR)EDܜzמM قˌ6sI'd?[^M{.8€E'e%VE%:={tQU$Фѩi/JP7(s532 ;uMH:=3MdHl`(deuFmnjCOhdtA/D1w('V93Q^)PƃcP<2(U T*:6T|؎#o$?A/[̳ڤĺ8Ea/geeJ ?ԴAkŨcJOG?? 8k>M%ϓ/~{ܝ2ʹmݔңŞb>9ε_]]$&vb@&`eٳh.,xpZ!LU\fdbn(t2 }t;)$=ALEv$^ N< 7Кw"tE@U~1HRQ)tjVTm V8Q$ԴGw^?,bHѣG BKuP H4z_r h2fj4 AP ~}zxzA 5%Om79@bdHҋCZ"nU !גs=ƒœvRtKvFA5 w!_^ ybvf`;40|ڬ]i.'W_I=L= endstream endobj 317 0 obj <> stream xk``0O|gW?a 0m endstream endobj 319 0 obj <> stream xuX \Gq""cIGMDFEA<0 r5rr@9 x%1*(gԈ  f7Lϯի}H$zq*GW{ G'7Y\C#MyCV`  AB,4@-DW? >0B~Ha>.ppcZ$2f>Jx_- 2e}*."( 0Ja5eԏY ;K{Cpxldp;WT8Y* 0_w"_]VENT TĆG+o_w":/BXm!<,J/,O1iBR͞<9*:2<"`?~&rrȻ"'Mrp^bZF _(H?׻,<";91K#11$&V4b1E&lOy-aG,$EbBI,% '™p!XI"܉5XOx>' b#LDN"&bXBM_ a.DAEN j/k5H+҃,&Q\:ΣOя%JHrX澷i1|! 7gmxelZ#Q0a k7mx>Ⴧ~DnhhLzcIX+ҍ1E:%9BJb߯JJ!z #E6AIoz;0 1&C~yg$T<–X[6=#U i% ߶j 6JZiKέv0M3}òa_lc!./=z䒼7.B9~l>R-i5%|ALYlEC+$ 9kO_eٺ'5I^v^YIDSWgȝ^qYm[2RS3򸎌>_>}y+lYm9Lᖜm]瑤|^S'eul8yr*dqߦ7\#I淄D: /\x J/}>~c'S)ٖ-},/~|G6 #غC5%y9G9ZכbF9BWl&5`ܺI@7JH7&M&+~>|J1O +kys;:e] skC5iqeB 7Iol[]s\4e̲vJ=GG5G#v kSQ(¼:FUqnןzGƀlh.o:Dϟ cuh$|XtCv0>圥)GbC@K XH?@pT[ׂNisG Nz`뎋jF̔D6@}l036mڃ!W qgxWMH& =c4dd|QzOjaV ֊tBQ3'35Yݾlb?9LV`3^_].}~rt(^$&Qߖ*k<[;`S//0|GŐR;3(Wl[*)K9߭NĴ_ W[-2kiH$q3|?D[qN]}& $ m~Ua~IcObfNJ{F;N=FE}I%C6we*ϽsF:[ZQ+1JQ̑kߢȑC\mr*YpY|I~`@Nߢsס2i滵ݗ[amsIuӝ:]:)B`$G\Q||9uDjh,0TJSޘ>\f V.l:n2şߛ=/M?zXZ_ɥ^&w/ɯӫY؂aWu'+0/N9f>F`م̝WڛOT9<Ɓ.;.b  t= ^ ml0Yëf)4ҝwPו*3k@ua,ǀ>QSexd\tפ 0\l\hGB3ka9nݻ/uSM)*@}`0_44gwuP2Ea?̇F>9_۷`*_u %hI(l!5`~;8gAoӁJWw;Pu;纣HmZɟgQ'PW~2;M"~/*v&c2:bvx&٭'ץuW<ܥwn=#urLOHv֘19kCNO$Y}}Y4%RoMIdog~|qdV;HCG0nmMIlyuc~np@0B%uu] &!G#ưXgbx4o1k2hj\z"s<'Ci=ȏٿA2x;HD>_X8^vd+X-_~ N6D) ; :3V$gSYt Se>qtN=|ϫ+,cN\O}#7}huv|HP^>xCt>0=bE= Rm$Eضo-_q6r[tuѥ{pX!1@Zv͎G,7c֝gx웂'Em]˝q&Lcv&qly5i4ß^MTM.X%(`#GAա۝%;4ȚQ,֛UNks}Qh'VC /Hu!>h-ԴjET45q_tmSgYQ?{bqn_MFHQ% uʗOp_}iϦl:\ZHgp;yMvUcؽ2yTH,xBi),zS2#-3=]P,8Wo>%s 42#+"c-O/B'zu.a9'Иoi7|xvJn L&9AnAAjSڥdnǗ .:I 0W%˯Ϊdۏ^ݟ ;z]_vﬓk w􏙎TNΒ(5sx:ϛ5?nL>`ku L!Ǵ Yr4k@\/胑Ƈgc|MsimcѷƜ?L6 M" )XS~,X뗿uci+ߙ3S2)H_VdMfc)W8&THX'0shPVVK2]{Vg6}.S]>:{S*~*,ɢ>?ӶDRtG\Q鱺V衚ae}rͳ)WZԍxfT)8i6a%#P09Z=4G D }HTj$ C-}R@f5ڐ<\HMXusKBdVNZye=C1JvwRebô}*20J Oi(֐>Ym _VU|9<^xL;H8X~B @ՊNn!=lCo6:.Yy [#lvjcw7s:ܒY3x(%+GS2|ʉ,I+ޙT*Pe{rFƂpAL׿ VDW.`e l"=pvplMNvvv^aasnaN&;[=p= endstream endobj 321 0 obj <> stream xk``0]o`I  endstream endobj 323 0 obj <> stream xڭW TYm'v 3Ό.8# ?   FB/!! aM8즛=i&OvptO93sf?~g@QQx䤔 D7%JR#1$2O0ZfcG=ʦFW%|?A ӊ3`{ {q@ }Q 4@_-6m#TIErM4MJ ŕ2p$r'rSŕ[7N,y\q!7ŭ2nT\!'r32nX*w)ϓ +/sSC|H&$p2>[,K^ݸQ^Q(m,m,]Iq~]޴ԌC$MN+B[?NKx}4h' 1AP:eAPćR1i#g3 r260..Yd*A ~dTR^}o-_fYr3mL1~7$CEWOj֊zFyH=~gA7'N$rъ*BbR˨u;&?<;x?RAݑ}R)X&~{b<:֝#K=>S{* |I&rY6m{M7YMa[݀t.(1X1 }aOŮGUժ:gZ +tfmR7'^#sΰۆ:B[Z[@(|zHg9`iPaޡ7V3kZz ݠ35f]y͔_(Ǩ>679 ?,E[: FǽG< \tp!0|g<Kn=&Y%ǩMVN%bRǤ3=O7NG}㖼x=K j+4|1w 4šP5xkb hiOjHd٧Swٸ;vܫjcHB` 0UNh>2w#IqӅL\CJ_# UDZk!581azĀPPP?ݒl2GB1j܍-Mnx\B{&/aS5a1!67lĆ:&ޛ Jx!p0De8AXpav\/2a}Io.JEQOQq ;.|xi|SxxB,=OT5OwmHs]TS?T5~QSL:S|KGw6 v;CAg(sfo}6:fVΡkNM~v;iiWF&'9PTG1*Ui!jLި4"5nhr٫^M"dC:z̓C cgw+oy go=fP(iE%^JaᛴHAW *nY VʄRaEo` 28UfټHϪQKgGĝA֌&``'}p8`,#5e8>:F./_ٯV|o~Wǎ]9"1&3sA:4 аyYzyw`1c=a4c)R߮dQ<2XYqprk;Ay>I;q*xNNvKFNT_4sѢJyWפbm!'v=p1 VmVk4l͈] s`c7_$M詾љ[U-1,uoi\L~򤩺d;D~ꢻ=6lß;p'b0 ee@ #Ls-dz7u:߈9H)Dn@f7IO )֣l}\`%х9zN#hc3h, 7g:ru]F,q Ȑvzv@:|+9.|E<`0@'%e%`?]ܿBcr_ޢjlZ[(VawM;l)%4x,4.ެ }$NѡJ V$9a{7Gݞ!]mTuF'FSK6d覦Ӎ!BɮKj쒓#@MB.Ve1XLE/?{7&:9SKgM\LO^GC"/~Ҙgи§{ vn>=]AmMF$VQISܣݙJ6S,E~ZL,ߧU컜^*1ac'_;JI|B|k}c4t*P[,PzV.ku.b&9>/-6kj^j`[@|2Ho Ȑ:]76x}~,:d$XLݜ"盓\h ݙȶ[fߝs=v6ˆGM=HPV9k f\_}7sv2pTF@ǡC:6́s`*hNg.WVy")hJ?[)\fQu)RѮk \8J'iʵ~JwYI4ibeb('jڱ~ UyRie1{~:V fV3f jt/,+Y3[3·ɖi-s\XmsFm\wUܨTJ b1IKC?W_YY"baˢ2{yh!aikhdgos ;ه9  endstream endobj 325 0 obj <> stream xk`` hG&$ endstream endobj 327 0 obj <> stream x}V TWd&5Chؙş*?n+U hH$4@ Q T bQ,DPFJmꞞj]nӣnwmuǽ>ٝh<̙7{߽{P(LhuJE3Rl2O"cmYAJ8I|Y%DN&2D^.(bd3>5Lؤ| dGPfcà ) 6*g2M/dg(a[^='g ">6_b+rXr k8OmEj?f3M܍m#fJ &϶ OEi_d[xo72,eNOX۬N>1g0<0xә77:YegGoxѹ}/&E& .95.Y7|ə\Bz&3hb&1xG"XFiD:$r ȓ (:J)_Ey@^-XPW.W~J*LPUK#o#ѐ$mO26كBc_S)XʬuŇv7k;={kjUz|/yCx_+K5_{QfD7tf6q+ h{ &4LovkڊTWU/3C0uMnv9:dKUae, 1UxgUZ,L0nC*i'o(P u(+U+k_f'f0ؿ"`ڟO:ʭ)%eiA0)t2k+\H삹~Y'}bdbTr}0Ųa0 Cdk=:|uuiοqxϞ'`w0^3zAz|]@{`okf}$LW bo0dwpn[auu69DZ +矨 Dng:F$ 5~Nwgž[VG;{Mm^y{K2|\\N'g3^.ԗZeD}P !ۗ츸K/{=E4_<ܺ]aiucL!‡_]#|5 UUeUKOɳ77[bfwOD޺@92Vbꁁw.&FGA@?H]/㪈CxK}wenݟdtnk@vc1_<|@IC]Y#%+ߚNi aI X}%S)< *y>/%iJa]{zynsww?.{Y D~J?nXjM>{(kbfMp@PG8'_57/k-zGk~ǟ#Ď"%= j෵ߗ}?B$lUa{d<5?q,iF47O3?-VΗ^O%\2f<"gy*Պ˫ 6pT<-os#M=4 CAP*X{@"J V]p`3"Rď02q#\Lѱۏ30OpH([x[˖7"OV45gk[wLZ.-0>_t-ɢBqV%:YPRU<AR\Bn?'̆CEś΢N_@iL lBu_g:,56-nnk=ִlSc܇T z*T6k70pn8w`30>ت򻮕-DئJq 2U쯫AXެ E`T"S?R_i`@0^1J8lХ,tOT#U=uinU䎏aYpo'_eЁ pzy`kB8,,6]g$EKTcO%޳'Tw@~rI\ԓZȤ*m >tgn $ěJ g(˶"} E`O{d?dz<5> stream xk```T\ Ѱ ) endstream endobj 331 0 obj <> stream xڅX XDDDt;W*HU[ܑE--XAH Ea A uiaܺեjk]ބ˟23wwJWX0gBpHZLKIZȍ^8z's.]λ>]//F؏7G"W_ }@)y'J@z|Q\Uj3&1GO&Oh?NɂbbzMRBdj=U)Vb2B._)iY|ZyOD?U$d:UXH,&BPb)'VD4C!䄂H Z"H"*"H%DNdIĤ!/WbA! wlu\ㄾf8rhhxȡ(\G-HԅJd"Ҝ'Ćh"{:fC:uI:e٪mu[zXN<63 KQI)Ӭ!l]t[3첛&$ZTWf0^k_xpAbdfF&/d6JZ!MD) u겲rPS@Wl2X Ui;*ksB;αh+xhCf $h؛kTL*r%EW@ڡ:zM`]ތC4ry=b^0pnW'%=g/^8 .PN\r1/3fOtF1\h+[֫>0 bz 84B%@rA79IwRk"9)Qё i^;^SFϤdh93DA۴.& G-w1L5͞?o+/p.{ʙ+"ACYG7P5.nYviCt :L6n{8,}084 Ikff!o n|f1&hufCi7z)_Oݱw?P§K_?y!w)h$<,z~|kQ35[(Z6=/~zOBEɳ;!l4Μ= ?AdH`#;\msi癨Ff,ECG+g;@r`Zj:F~bz:Ϩ\.r+=!w'0-: s`ATU~@f0g(Bl!%$JD8~6ܱsh9/YmmFIZu˵7^L}(5L!;%EcU1);h *0Nf\ƐLLNji *-֎ʝΜf[UmQYŚ[C75738 $+WF=xĉIbE}-p'J#syHOiQ2Z'֭[NVvhI9#:^|p dnѱp q/a(FaxФ())I(hI$AK0*U;"D>ㄉޣvX # eg< /j Ԥ8}OsFdS]s'ʷ|6v] ϊDT_t~{0.a׉3GzY E r _J ҏDڵ)*=_3赎)] = Q=X>LQj c/n qῠ-uвMoXK?5Aȯ z[e:'A&L\>S!:r=Qw&OTZ=SRZRjRƦ&U>}ݪ%D4ߦ)L)Yl+ؾ[?;3|ljKǼA>J wĞߏGGI^ r.^~"ap\䠘tO<$;c ^vpfxh XҰ˂5CD]tY7Ľ3zgu.hI@QܖWM7Y-ml ur)%Μ}I{AѨiI{D~%`]ugOs=Ⱥuy`_ĒT ffDb 4~N߰R)]^d-a1V@&wn+Q4ݹ9zE eXTyIz:4 v{jo8fˢniKgw+uf.j[iJֿPVD}e_vӆ͠A̤z>MU.3mOqKͬI zИ_v,Ϳe5em[ASFӛ}_! V Y!Ak5\{{tvhc6m6H.EذHiL894Oi͙짟ɠ9#$z7yKk349ٛ@aI Rn(ZeҁbC#Qos8亣<}T&0D]EE#VٹάZX{`k6$])d$ȂX JGSDN9~J?3vJ[HK360H`?X>@nm~u'QVpd볾׈E,X-cvkcKMe[KkYkب=_ePO ^͔Y%-尨eh..n[S4Zreh$zw?O׹v%#?:\now; w{JΘCyvf4XvXs62,ZN_V9/",v-q07//h_d@wnYgCFY7~kH˗ {탚F=$Ȼcآګ%!4^ zܠ ;GMKH)w+q߱+i*ok]+f.م̽:஛SޘFePssv &jCa;1grJ1 F;?Nd~⏌u :>߸YQB}t@x| ۘS[l_;W0M_5b3Ylщ,Yz~YƜB G8Zh$^G-7HB{ff;oas}vǮJ7 cIgG UM$)cj喲6;<8j 0IffmY_7MM ɼvɔK3ysh S]ZVY+Wa#^\@悒,(FŪLe /*HȠɱ'/~m;^ -mZTSMʫdžLDS6qGXS +ZE:^ _,ς9& 6Ic6ŃPzbX,Oh>FR*%'}䆼υ.ՓǾB SSޭ)65\>clUEE%fKVwҒ:sy/b݇sF*/]bKc endstream endobj 333 0 obj <> stream xk``4 \?-c³'c endstream endobj 335 0 obj <> stream xڭW}Xw&+ŒIص-ٮvBJU@T0J -@BH{=$ `0@ Rlcuz{ݵǽ&MĽu.fM~7 (5b0On۽w+5l. &o+ɧ6Fb3H42ɧSv0B=fNS0?A q;`7{}٫" S~*EG+ D>wݺ Dfa@]n݋/$M\ZL\+*;rrE"}U{/UqEU[\,V7⵹P̕k_\iC%+𹅥%ܭ w(Apb>+H_˓HsEyU3⼺yy9[,*ٹ`KQ\I[%jV%@P t:UAB:˄YYPV } ٌ)S{R5Sp(wQO~qb|KyKﰳv/ 'b#qӥ!,`" ] T%dO_-Y֪@ .sFF'Pg7x] #;00бz؊Táq y8:pz(wtr@!0dN@EVS &_z"W?~av'R*^dMP*zʦϾTr3g}xdNTȋNt]t ԛrPhaΞ?^h f-t5&b _0;@=61]ƞTF}jry0hMԎS8, Pţ8x71j52^"e;{+ǜ{bbj-#\n&A>҅x:Y, `-ttn#a xޗuצ_ϝ878m  i8nł3rj~«~2'zXc$>e&m#ZW<A)1iSH9,P'|Qdv 4g")N^]6,3:XI3 Q,kR2,I4@mlISBOOz+ h 0z.NoA'g5"/nL&z1 Nn X 5|_&'cӎS33襕և.ES܎[MQg.4VS˗[7g]xKW'X;H4wV5cŋ>!1I(h ne ̡p[Bր5 DJ- pVevc)/Do'Nփx:z`0T;jP#jՉ]bLL-x^E{iV 5WVo䓧yuIӥ%{qc `w;a2#|FOk T 9hyнj"e0ԟ8Pr 0&hU"ecf':K$=qg|}X`;̋-[=h>~^ǏAke|9UR߅o"tu-& /`S;a@ l{"s񉬡X`*|'wvE; -:YS0WX-U:Bdo[gAYEmjۯu?6tI(Wo]A=I=M}?X4?Rڷky؝xs#虓Յ$b(زĚ/2v'TdiujF]$YelN͘/Tw>4M  GoX{SiC, pQc]$}=Ծxah.\_UW͵Wte)Vo0U:Z^v9cCy%Mm/ ⇇N` N8e6氹lv~V endstream endobj 337 0 obj <> stream xk``PVP(0S endstream endobj 264 0 obj <> stream xڵZks61ɌqNRۍrAUGS[Jf 2(Y2܃`Iɔ5LbZg4 ;&8&L( iD`bAgq& 5p-J&1IO!|{w"p3; !g*pL , gZ XFqδSgFXZilX8ͩC2Ågc1 'B aCЁ .):B3gu(ϼ8JB:Lyhżdޓlҳ\! fֆvς @Ԡ B6'HqpOS$jDKBР4 cxG.b 6 .!PfT4 aAK0\O?_&|*.fyI΋b:<^`t\_C`pxvv"x\h^LVEd/y;dzyŬWz2e=nz?CuqdNw%W>8܃2!3ώw ڢF.&b:)bRiqW̊bQ,qwI{{n28yltp~/>ui| &GR.$e`{ 9Fҵ~sq=]\M,?Ƌ Ogd4Gۆξ4yCPCgs\A:[ m;Y̋lR=Ϡʶ46P6͠zsvۧNO]\ `p@lZU2<**itNcD4 Ax8/6Dٗe~<M3xi :w!Ʃm?4ڴdv7s$F:~e[|"z:4Z߾HK-ߙѲ!RË0*14kp_I6Q7Jt@aGHVOd?!+xnAbw X"җ:JR+Si[:+ѥUD4^Y[b IrVΕFsr7^Ofα w7?&7fߝ@񦇇}%^m' ttK^\^[6Rɨ-C Wm|Ogx߫zo)&/㗯-(W " .Jcl|12ȟh%6-B܃ߥDY!ϣGVWQCQd8r{Ӌ_vxhևDJԘt]l`cbcEjXfj\$5,^\Z§Ij;C؊^5Q18ed}p$bydWu}HH}<2m{2&ڑdՈA.ZEmM(:*X*R qaZPOd)u6v 6(OTa6^6>ws4ljdS LdC=̘ޚ8b@q=%/ء<~j.X, 3 Qo$#z T%0jȩh u@Gu(P@+ъQgGH}Ӄ̫ZFX4$$ rpy wj&Jd!s5qv8׽Hr߆x6.[H.=D4HZuz݇F\KM?+#q6F\^%l }_yɠ\Ϯ5j!=7OHk&s%FPC=>=|^=[P<:E2=VL_<3GB_唈32!P*MIђPKR\Q$?>R`[xlMC|SI4BI:DS("DQŜb+PP͜h({* xe( 8Ld (<%"&a`4zwэ%&Lu]^\M/O>rj6pz.$kCDcxEZsZšH28! 8*J8 z61Tv@_zCR5H?M?Gd!D!~rD*IJh^X/l%Ft\J0.7 GZZ>wO/?B{29|VL&(Uྥͼ({˩N+"pJƔc;H;S߅xG^OUDT~,W4JdELhB_j^" P2XM4Fatz{Hf ~>Vi|(o;li-(o?nAKSirr l,D_9bE:TgsgD:O@:&̣e Q$ёcPDzzE79uY?s4U%lb{Lc\8.Z*.{䲎jȊ [_뮗<뺵]a6*|uúKW63$%SvzPQw/ 1V#ʏJTBnԥb&'rsQF/E>Dj'_#[U$qE}|pH6i67\D}-gCUF{1كdΨvZ~Y>5 g(t7ceeBU\M1zB? FGbm11z> oKaU*C*?fv0n[!,)/#l(5T ա0@J`1;i,ab=`ŐCtl?Ċv-cXŐlu endstream endobj 338 0 obj <<001bd67e886a1c7904a72dc0481296ba>]/Size 339/W[1 3 2]/Filter/FlateDecode/Length 810>> stream x5ipMg"DlKI,ADI4;Ekm(׮Jk .ZU^P;FL;̠1ޘ7s) #6i|f:M#-;> bk٪> `f`[l1;`vl9YVw'Y+a+J/<< ;beG 71\_Id\bSpqO7m|Yk{yhE2!YQE(FbRnXO,&fTF#uC#~Q0>@/9,P\\9}"52:g./䄯 |bpNXhI>K _>*8[YL#'L53M}TZW^MҠ0ҭ::[]1!ZbV>Ͻ&oȍ_-2O F 3QGrPpSzUdn (| Ue-4+X? o8c6_$&!:}|!n'5 M6- DH%<2_0[c}n6YeJYⲟʣ=ft'>{oO6)Yh: Ӑ[|X:/h@f\-v'N;YHvⲱBnJM&MtztWe XF[Dj.ϛ? <@7zjkX,'[.nbZܣQ ؁ o|]^=I FHuDub9k&M坤O Z 1㺙 ӂaJ xo W*Oֆm# /@IMa]Օ!:GRHj˅5RSVH^&v驆Dt;~RlIdMG {3}+ҏ/Ѿ8W\ɩͫX\$/Lةc,FAx0%%v[E GGŤհsx** >f3_I ~Zbܱ99b?ě 6>g_ORZ{6n.JG;᭮"U'KYx/4FiXcG0١gy`w;W%] Q6Q,id vLQr%R mrk[A%ʹGe/PqzaTۺj .ԩJzʷ8眈z4<|v_PL13ANJV7C9)5TfvN^WD rmQd8>91\&D[VEi9pbY~ d5%vM+>^1tvP_ :UNiM04x@D"M*1RlUBub +i:r:AF@@"-Jdɍt3d;QEôRW|ϩdWj\bÉ ZO9DM6^v fN8`? 'v;N$߹w}: ]51H<&lb'3~H;$#}Y1A~ h*P"9tjjNI0ǵտ^otF؞ ` +lb!r% fVP0SҞ^rZJ UQYY*U;qik]5H6ݥ$Ƹ e; Uh%@Qyf!lŌ7]YPAa[NAC xw ~>x<5D|oY= \t':&pU24J\>H) |@s~ Lpo~ Vi(,8*LdycJzkiШpdkڪ?Ar@i=jT|5\TIy݀ 6{ݟUl ]͊qwxrkˆ6:r/Sy"n1Ւ3(A( 4K6g ˻DdJ% -bAB90cd}V Ƕԍt1c.ZXuٷ1aaș8u‘)qFduߜ4zp։گQR?ٚQ : a/;h+(V2T$g !2ā槚?\[ycsI *` \ f#itIm⺳˟ Fʥ@\-lΓD6]4%=>V l+_9̉j>,CSYW$ ͵h>"76nb ˏ z1¿ME*7{^~SfXlJw(lLd([lWw,&azeTczG6aMΈ&Dw+yǪ,[e*IH}~SZ:3xM+<`3bKEbEqmeyQ%[pNOk` KaXL$ n@ʕ# ɟ4_-߷wN݋\r. +$Yt;ӹ?? |o[›ja➏LaGx#Y ғc%}$<`bD4׮~W˭)4 N`;qm1&h=@ w>\aD\A@|M~R׾쀿l1.=hˎ"z4{gsrXi=qn<LSya.̮}d kˑvئ/ -[ICѠ2f3Kqn:vH |_40y$ևJ6ڟ/~$V:Adkwen⧆C7)O']$(+q{ 8E7s?d)O/(|{ yni3Y]ѣ vng)Lkn2yȅBwWMGQ/1a$"J8 k 8|EP/K]+['+hjpz!6 E@4H'EPyRQ,f˛`nm쁠H҃3`Ӆn||a_NzM2N^Se4YTٟE65!QahȊe/t6-2U+nKT 5-{  ,O%sԙg 6=α{&u 0[1>n>݇!((>Jp~칮,M%д|+aiZ^ނcdpU#K`_V.cЦIdew!U3?w@?~Wz\xS2 dz7}Az0ޯֆH=dcSKnlZ(sX{2L[VG6-)@3]Jv,VTZԲyѭgV_ūvY5y Oe.YXXO0$ ZLF>e3:f4pWfgٍB[`V%)ƜF=O;li;KPπ-i%l'fOt(XMpۤc8!'˄DWTbv|AiyZ|Yeë v `./~|f_AÍUl 9c nvm <VS]9QD%QV!hswqu* %lCwnvE%dfzEWSie!`3P2Fl1ƿ$g c0He@ _"߼{ 7}y>F׻ ,at9-9\JX{\4VLZH@C~DS\zFVI^ YX$st8"r~y$쩽 q32jmJHH(b73qٲ;:V#avQnQ5uN@ ~EH E5i_2#g8x@S׭DTŶb  z wX=jiTsv9 ~$q q ¾iwX<ܒ`ٺeڗZqKj߮4rArgً|] o1E"jN{nǰ8h HQqL0'jZ,iMN&z~9 I>QWVl2PA%1rG1in.z9a.}Eؓds (Raarbߩn5PGKXHȯ+KjL)`5WA&u$&4rag\8VpJ'hR]d{G\ n?#,JpaqL,Q`mfJCP9釞,u-M/q'')S[* >f/0!>{N!<֐ftweX qı(zi]Ņ^Nx#A &D$x#'URY j/埅,-W˳}%PFmKn4AM,#\_41;e4Q5Eas$Ik=wRIɖ@%C$͈y9KkMMY8)*{,0a~ 43v렡Zv5 +2)M?OPާ쭭S`h-GO7n{WyJz[Ȗ'̽\}sQ LO?!Y0eBtt &Ҁ{m` q}3  rՋ b1qTeXuO1&,uq5 4U 71 DV݈e@h =w }0@ 2?`BvCU5 \6jꀴ“9ǰ $hԴժVX젍zŕ{Y`+;֣Z (k$ZEf"(~!.Q$$:"2=KaRiReXBH*_<'Y(h"* e~ 3EL.˴m`%Q%ߋgw2]l4&jPH .7πD!"aiE n ,|twE ~i*tb& k)'3(vőn2ћ d+Bkak$h˘JH6_H0U/aywҵ]f\*@, U&)DeCKК%QOey/ om;+G>7P1dљ޾4]եxy-.hKVV@@^ܫ-4#>^ACip2]"*2&2ppparK (Y]u|)zM<3Rk㯨?Zޏ쬜zse "KŁ{ŷ\\~n0ܕVA(t >#*`hbv)ؤ cvC$_FzQG~, eBg!amҼhPL=ǢlG>9e{W>=hA35<EN=1+t! &Wc! Vۢ&f\HRxT4x'}ѳU0Cܹ f.Vspq.2;EF 9;>v"&u&B\"/:k:@\vE+צp 2܀r[ >8  m6#`j[ms+\֩RGWPP/" Ч @h]"W0122S\7ޅƺOa3a$ 74 {Źo8'] gc͇HS`S$uNQkd?RK{CZ WD4oZ]@B\P&v#永 XY\]'퇐wX/f6'}d(y@מ0f6 cd8_ɸ}qd"^zkR>PD}!5~e },G_tbA'.|߸p CP\顭;5\Aߋ6bJf &3i2&?]ҪRURhU ŇT_PoQ']Dt`;%ɩk|XNQЙ|&vfQZ.)Z+{{o6IL‹ˁ?)^_̈́-1y+mY!DO% ^T!zWdNhJ7c79s$o ǀʡH:hWN6)-}vi@i =E{ݪإN.zCKҼ1BlE*atjZ9[nڴKTPI)YjȽ%%&trm/'H0b?q$3tӂ?Sf6,JA"ث3hT6(?\{)=iQue{herguMf>c,'Z6,!8×"y .m?<S@O-XvqTk#\(!60 !jt#&9ZNbmLR^l3:'\#Rjna bx/ JF@͸߯R٤'~fu2T_19,N`e6%2dRǟ8mGKg{QAR7yrrtzvg 5~, hIOǏ&gڰAU.nȷbK 3QIf&uY,ٮT=|f o[-,6iK~*| _ȹb ->HshHaixb';Ne` .P(siyBlJ\(FՂ/3^L;sJLE|ҊIELr^=ǣv)G_.J3M'\clXC~i1jw3[2 ,9gv珕dK\4{vC}= tUNp"U֘!b“\Lr*N~Qf3ʟß7 F DɬSÀ \,lX& 0:w^>盽HBHX< fI7ZaO85[O>-ي>a){0'ȩM D AVH4M1Ud+:g,Z( !s+~!y 2ً;\<t:ǝ_}'XpYɏi(.mƧ4'Y 4 !׆a\͇bݜ\u.A`VTB \OǐyQX-/JovGHVOmC`TmPdA.B2B` 5 Սـz08uEo?QhO"u"hW,n>%2(h2|*|6DYDqx.6 8&+\ o˼)u϶: |X9{mΫc EL lkvv/OpLQ@w{5y; \knR⽃9{#\r+j;QjWUirO32bh;WCR'(K{F/YHzGTcg}Y>wU\]h:LQoF}f\pH2)m*&(ҨI{Vs /?Pg##DrIJQ-},OA`Ϙ/9muYM9b1:c#p<,K`vTDбC|ɌJh:C%o0X9jQo%kM^D1"{8 _'Y5=HUGғdy3*A4M~⍿(zVcmBc8$ć'.EvŜxʄ6׭:\7Βsp{0llXw{A.7Q8Gv镈}27ųC~55 񖡱r>^i^rI@0-P9`Zۈl ^9Y7VR3u?jR>ꑄ7c? =T&%$KN Ɩ2.U/7Q!!Cp-@I(,`A*5t:I Z<<48q߶ N 6d?K,EgG&rF%)YMdrN8e &m+\6U(uX}~~.;7!&4sdγdލ%"vy=1(δ=ZP_:S-Ea쮻2xf~w59/7kWa@/P}i6^;f:bx剴.ay vrFJ҅4{yZHXt,>C+S|h#|փJu LĞO}+lurz -tiklc-#d=s5mH8{O3 UӴ-0Q崆xCY^r_I[AvOo<׀2VyY|IL tT_u:ՠ\ڼO=Cap~ N@.~(ЕeV $GfdS9ҋ Z:*_vaOB"~X_i 1&3e' _W+dG)Z0nVf%}cJ1M8$y _jYB"S|QI?mӝ X(1]NȪLjJɾjN&A +9:T$&t8Z4IMgp`BD>ۉZ*#RCFkX[ Lͣo\`3ih!o[*|[U'w@6>,1?(aDp:&U>Hm dlwv!Guf06o1V]0#L7O6.Q,]!x];U먦D3M ;6]%G{6A[ l}όs T{\uAp7 eٜ\b(Μ`R;V~ASy NǍlZ]wjku<ĎlL 0ǩ;C)HH B\xRpt I͌N`]Nʐǖ38:İ2KT /%q[5(nA  [lB#>s:Wwǂ fEN UŚ'ET0OKi^3n®%Y1D%R2_r",f_ ZӺUP L$ڸ Iڿ#a]&Pڐ.~'-{n n"IJ9a*[3?$5K)˒^!=sKRN/fva⇜9Hz'M> < K3%xdIZt@KEJX>O%$-G'Z.]|DyfIPوb9 ?G^(b* 뼰YELJB9Nb,GE3!/ga9d滢JbWc7suKXAK1)N|ȽY쮞K-] wKʎٮʤHRTﯚ(gSJouobe)Լ1K\2hm RaA8SѡRгyĞ@.jhvdnn[xԛSs8+A-]Kvtfl  tԤ)BKdxǪֆTaP3ZY\qy~Zʸk&ׂXZZ aA1Il +ݠ2rQ3%-&qr*a@FcŪ(X:W]lG@~jX2;I" ׅhjחBj;ILݛӴH"26XEL^pB$BpҀvKT B3S#S|5jI-?(%)u n~hmL<%vI;g,XlC^3#OM'LmZ`!W4@(4Z /6Q;{|s7uJKXlՙAKaV4M:MqLLL"Eu6?Q󙰮/W>݈4q{!Vv FC]Rt)} h !qK `҈[H+ us頵{ɕ-0iG ǻy~+z,V%{\)nJF=اB/?˦;/X, YTYPq+H/rL{|xy+֨M7LT'[DCܟ/;4o.gQTVCljܒNu n^+GFhK&;B 3w&c3Fe?>xF֍jM TOX`>XX8N`hd V~usC5԰F. 17tq"jYvu"]sc9 @/z$L^W4s@th@-3V600bͿkT Zl{@# y[ ?wzw}K/u."/YNֱ0GPtoWLJzH[M x·qE t8: ]$t ڌS _!ӛUeNYH,$&F KƝ[Y= UWT65ZSe>>&3V(;U7[QlUj $cUS`pKڟ̜۽,YM=uST?v cXݸR&R HVl z)Ob@*:̒5ďF~?"鴝͓iH[_S3"l+j{%qSwP~M`KJ̶Sa1vzEk|:МT?a4aT}~ftLsV*x< !~x]՗/Ƞ}j-DLD'p@xvdO+xVz }Ŝ%T ^77~ӛnl ǽ׌ !egy}#:Q1 3PJ{*5X:CK7尮"^Lo@CZ]{Gz_D4lMD1w}4]<.tvK[4ՒmCҽ|m >lqO[2S ﶦ{J0elD)F OY廜ƅԤ/-$ =ק? ̝:˕8꧰ȹ}/"ItOo硈wL\ 7]]tՓp}iw7ez<\$,0YG2R.fhעzS x語&Iv/&:y³IsΒ1GG^$_lyJ~xvud^<bS]jX{JsCp]&RU3RӍ3_Ro dZ" {7j3xq~J觨kCņ^O( Q"8? h9d0iljO:>QGrIC&L&N$q=LAys!"Wbq吒FY&%xi2`X!.[QjLײAqjog w UAbQ3}7_l`/?--V6Q~6&P]%EȺ%7LnWx7ݝZ8Еa8槲^+AmkDWBeb;YqZ.2@^qHC(e qtv£&o$9[׽PbG<+dY ypn]OWP R1N<|د>m RпQLsϦޜjh]>KJh VDxBM3}Juhd).k'|O:%Eo#ж#*͑X| mx)lpKc2戈kX܂V\8ϝT/oa^+w1Ɇ}P?K/Bn 39כ*-)Ay"~c"@a[o% ~5;XS)a&u}Hz |Xl"KaKb?]@bt|t@Z:~;Lz3CCyfҗV<2Zw%+b@$~WmsC3>Ծ{ Iw=gƟ( H Jt$۸om ~w]}nI)$޴.`~~A5 J3ㆅ~8QةN?aRϙO(o=-^2rWp᫓b8qnRʵ`4:j\mF]N'pʜ^IjA|A>ȑ2Ӵz S~1iHY\yyHPb~*M;xɝO[A?͐yI=Eh ? +%ucMPۈFb2 D"|?6dSULp+9~@x&zo#4P5k %[T`i2͸ ~۹#7k4Tu{A0HT"իS %M"˾}jSY(OmNy"뺽iqua {CHnYWyt2t  (إGXp2Yf0;B>Aę);dL@  ejӃl!eҺlFXaj~ n)3>jy6-UnN4sPrڸKIIT,9qPxZuB5Mޜ`Г0 Y. Ӡ英8ugM^71ߟn[!)댞ZƢϙK1Є d;_]mTpeAm?{P']( ~-(f9uB!}J<`* iϝ-DԭH"0">aI Xųv`I!(Pzt; 4p]:*RYGmv6:KYڕ{ҿ|F-R7KVryYP_v7Nse4Pd`‚MF{8w 0n [{zY51gm,4i0:H[Tq10$[oq2 c} .TU]R'S3o&Yxt7ԒR$Uc\mI_ fYL+ɏo9$s0 sESʧD+tx3tn/8MRڶ2.w~` \L:^)r!-UX(gmY:;Y#mO!cQc"pǬc]gߨŶк|H Qm[O0bwӒ79de*R .N.Pu)':ZJ6ZgIJ4(n8RdtCі *{T }IWX-Kp3ڧ$ZEup9 47o8X} 4Ɓv)Q^-Q!7b -B~ɩ|x3![ĵë}̜ n]*?bkc 9-鎭9xT"UIRQ\~gcP'Mkr""O\}ˑ^.x sᲮ'Nꥉt,~8 胚ɵ_h /&O-¦:És.pzvv%8v%i VMԌ Oa$ VÅjH-rvr F [$A>8jn; :# 9[:m$ZSkrwj5夿@CqPTIBJ)_>(MEvҲ9WҌ$Ck|\=5l`U%0_45 g,EBc(ҠbOT%,$Y-k- Us2%aN'g|#:q|@\4ql۝ywY\$qSzrT?J?{x `wE|9 12c8(RV>\9M< k}\8lhe=@:q#\ѡ{>G6㽌ƛJy1*t /ؠ)<,+&S.jOpˏ}\ɜl-(T.OJio Y͆@c[}ݪuNjR U'/b|3R\d+҇xyrVZ'_B[=Ւ-Hu5ZoN&YpG ^o] bsER+{jJ(B0%*5+5HzS\O %[˾ @ܱfDbs8)YJG8[/cu7 Pۮ%鮙?S:ੈ3Tç#SUR:{*:tunqiE][2W& (t3kF2 ㅔiHtRo.䌃{\ۈMk63DyA8۸vk#p'h^8=H$E [\N?۴T<8eFDTXě*J7+oZ'*d{)NM eD&̖| >:z΢vi3:aoyg6e:-MTdi-F'^q:nb!>s Fw5z0RŤFȊJ1sLj/#i=LGFiOt]Z5^q!f6g@n$%!k7l^R[[YY쳛P@R$iuj~bESGDFp4T5ֹ4:[Q<&djZ"T&%圳0X:)ui;uAdpM%է12}v |Ech IֻD?Y=ʟ|'1{VO71ʼ b:i۾3U3С@l ɰl$*:D?GYL>tƽ3Ia/ҿ%N6I0[0dLߎsSsKGIgzL8:yV!g,+)yͳE$xug5 )β!N\oĎ[PWc%C=0 8ؐ ˞1{m hgkĂwy+Bz"#Do1o^o-7LB1=1:4gx[pY5*'B ʚRӢtpJ Lv _Z7JXrLP~$~w{3m!#k*sALP.&I†,C >=s*uǀSN\?bmв*txps;xaC6PLaH6S?TD20k6 ļ7=hL#q̲nuS sb06Ȕ/_2,;!(@IH'%~8HlghИܐXX`!lN'GzCq+sPXb""Y "7:qԶԛ˒G=@D@'Go7 P-H.~'hu@ | 9v9AL9wd UYlSRq{dd5~j*p]`].ȌؓSOȚ1EJ ep2'&KVC9k~PmŒX-:* Py:NGÅ 5{*Q*O-0LGTgk`` iU3re9 VtFdvV;2U3 SD2M$~"Sz} TJd^<5&ϵrP eE!3z~bZaV7cvwb4<3{>qjhVB8Ә%\qP,a1 =I;ŁxIG!ܛT+JAĹwAZϒŖ,y!I^P3ғ̹ͪ (mՍYZ:,_׵˲XHOuK05<5p5 h|sDyqS}б~UW٨Dvkp֊#RY/Oд4=y_[(ѴM̆}փT^~#]ӗW3"8ٛ2ނfBSa.q#Ƴ1U,bD˶_ɮ#dEOa;2Kydo"?&{cclpG$?5 " 钛!["%/R`<Rfe B[ǛOi.Zafz8B]rS$AQUҚ$=7 Z4Wܱ[5;zϘ뭢/d|_W{'VD,OAWRw\C.^8wp` U \I@S衄rT-+Aqd'ImARP8^2g?5W6iCryc$3Dz !cz%fJFD@*5F\C@ېե? C54I1KY -2\!7stsdiFbjYmEۍ[]o(pʓ C|Э>dc9nDmI g-"5?%#ǶiJ6kY azktgK1oyGk|+٘ݪ$BRuI1H0u%Y`Khvj]?`c QW<맱'EY@ꏆUюѯ(Y- -/u7O1F {HB3&M٣z6q7xY[j|'$6ע_vts( )j49L[Y##O.(zC-S{ 2([%w-vr}t[@{Ԗyt} d(&"FiԱٻط5e4}@}^a'" J+9Q_EY#T!W+-_h$Na`TVjLa=6F fƥ \bS>ri*)}"RpԺ6,̲~1R%k1 Z)aVQ"h_)8k^Q˶58)켛ѕMIGIYg߀}c{o%ŢiI}[1kXKVw*y9Aߥ7J Rj QPfɢt=~A@Kb!cbF$C !=(zyF eG,>A:T㺸Pk}BML>dOcuƃr03z!6yUءY OuJ#VeEgK 5ԻP9v!ɢd샇~a2 +'jKTj*9/Yw Sq*bUWވ#F6h+ųRLŸ .pj).膕^2|-.*^30E`g61et<4؉`46>\'y>\n1O>~߆бȴ}\{}^ ꁬx'3cC6 Y%7P%dAinBEeSQD'nCuy<.J#x wbӚ޶@d@A_uǙmx;@"m!ٽtJ8{ O5B0 N՟g ZUr;,چ,> Bi%ș2hE߸ BÕpq xAsi/rx+ndlę19,3/u/#:Yױ)*.L~OH뤑VcUhn:缿ۢٔ25 ώN 7˼ 7(FDkK z] #%_enTS/tڀ7ycK STwT7z~+cLߩHsVT* ]ɥ)*060Sl!pT47*#g:v33!<)׀LVkfi.D_ښl5a!6viӾmd!uP1A~ʄKks%nr[hYLw=j69DR%Zj2{(@]-{Dy˞}Kw5UEQC l۾!!,R3t0%މ9nugy[ -LB@?=cRs͂%Vebx3kF^2(GTѶ puUF6ˍ"n~6[qt÷ܖ*#F ٻRGDRD"VEyz"gZ8"GI>FfD^ lxf_Z-W8&D~B-b%_a.WcFm22DZR8_"aK"qAaqA?_OKF^xіU3D Fu-6! y ۵EjQ.RWUyvƆUleyA<K(ݜIFuaƼ.jv@z(ӻ 1&ũ.zp/?N|x&]qOV?_gK/teVt).Y»kkōݧݏZF@4' uS2jMI(!#U Tj-hp9o-U\hyֱ<7'9fNBO'sݫB*0>7ӓ;Q%Mnfy0&rwGu^Au5aĮfmL.evi7Zuj&ͱ%;uFw#a/O崣tn+wf(pFCR\r4jh~{`tƷOʆ˴yWJ^Mcdǯ>sl-~^2idJ(a%V ([Fzۤ ##d5Y̜Q OUVC:PFuK)N*±ЧFn*xmPCWcINo  o"j0KċJD3CM/WZܵz{1gU8u(tTl8rq)`,MʼsP4M;oR Y[ vY8|Q qϣŎ2^()ٕs^3}_ܡvD,rqmm&Yx7[L0]ȜM,bŮ*FW52؃ >`]j}4V4tLo.6+K+j黖Bob0G( il Σ2:9aICBr^WKsh'nOʣɄ.N3J!G(nR{P%^!z[2eFrMJ=HϿ7=HIVnD!Za]f(ΝDQrnխk} lRŁ9V~//Oh[dCblqэ67b, {^TWN7?XgζD%ʵ88Yfy^]^lAKb8΁ ,|S<9;/@ mI-nd=eR64bθ`iH5BGz). bΞa S*b>.B0|i1 {}a'[H(RFWfB_;01H t*J㌇2k xc]+to:b>U#-{+W)aKO e w'z?dL pvB]VЕ)b]W-Dopͷ˕%$^%a'嶏~Ӭ^ )vlW'BrgvwHn+7%*Ċw%Onkd#(ĵplȿ-LI\SIK1لQFտ^^Z-r4rhnLv?N0HzbM?LB? H|L8TO+eIW "(ԵſymBd9 @rSYa'yuX~9>֒10M^qf6pJ ٙ{:oDm鉕Xy'H^aƢllϓCY(UZE0,$QHg-ף=(F!Q<9h?\& S<}#}4qDG*a?ϐ: t @' oK+IP|*ZiY)!ns2I\ )ƘgX~+{"0W_u^b/cͲ͐\!p|nAO-ԸQ0? ! [n}%pTjh{rſWNpsrOY99|Jxxc 9 ZuqlI/VѸVeI =@h?aB$"uŹC>1% .o^ ~f:} AD).@iПU՝KsV"lՍ;l;5 18#>,R ܘACXXvzca'*<b7}BeIM^rG>C^gk.&vʴw3<`F}u )of?ej`2M̀Ee}Z`sp:v~H9\sxclk]EkT:$[Sɼd }0Q^O |s Qr|o;RsSY1_ )!,'f,{O{mOSB]!$bNNe@O4+"K̿~PB/MPה707wzH`w>-W;V *)e z }dQa¹Ol$@8y& Aj>5kI8/LmLjihq#hx5<4ATEG{0BUd=XV~(5scعpVo_x{n!<Όdl}=`L9Ra1Tj'2?[K5 &sz0 R_ w۔q6M`_o_QMJk_NU&YsU9˽̯ȻQxV)_5Tl/בb=R3dsȕ3ԻKLa serNW5|DS:rSb>;ʴ~5ܐBpe&3 I H]/)JsWJB و2tEw Ѳw r-6S86ZlO') 7BWQWzyЕԝ\ Ԅt!3pէp dsy WcNuf0>1dAxQ6yG|L6{ Ji?4l_\v tV:&!rY@h䨅eJ@b(. 09H.rT 7~D.MnD?xꖾ[@ѓ[* ;,Mѿ=ۘ rsm3 8Xi~`yt:a".,[IJp4J.XIDT⛰GbTX q-h|pm'EU ~NɝaAS-ŕL.F:21Ѿ#bKJ7ŨS$^Í!=ݽ~ް õI*5ܧupaM<YruNI)kVMm5zţ;f/ ;G; b9(όy.͐5TYȌRzy& O%fS/E=UJtr.g!g nr R9Cx&uRѫwfl,~xATn0US 6婍) XF4uSh/eSlqHUHVׇ{ <vl\TˍG51/>sD_x\ʜBMqD3M GD 6zH@f[Bܑq3{U#d 0.f!Rv~Q$;Ȗh1k]l$9Z*=*6".,7Z{=DnoszTgL%1Ŵmapg=ЁY($ӷ RzsdGҼ<j\`%L}Z^ܼ GAq;^A03'*L:9>9r.ٸ$PgT-"MqW`7{Ac$*}J,S'^t'I#5ڰ>xX$A4,wɐpzXǥxbnRk𰔲´>p|zf`i3刑V[3O+f{< θx$Yfc5J.T,6L]6l:"V9B{;Ƅ׶g?)/Ej݂]u;O X|NF$?5)akW5mq{ UȐ"ϒz[`^*c΂no0ؼ#z zנm_D'"|HR ڇ]a|l]m@7!~tZ00݁`Ekfc]tp&.[TKd`ƙ6L#"@u1Isg)%zo|ci a{WსSHA)PnY~I܆Xx$=pK"_"j*ʩ/CA};M|>%Qz 4t][{"xu0M5ץvG} 8b5?Bi/su8v )%t70scbE# [ljf 4=M^; @ߧ>I+MBH q.6Y@{K˩E/\jvf3"3REZ| ;caWVszl/ s$RE>=4| o '&;`fifrhtF wV_PM1K8S{f_/),ƍ /l)$zl^/\Ӿ)pk6Q<c#$+ů3L[P ؝ni.>#@>x:{_,b*HG}l 14;YJ0.׍zQuQ*BX$CdU;15˃S|qV(#uD2.7:RzHǠ5!D'vԍΨ+ d$ fw|yCo4E.kX! %A~.c僊) #3њM4zᛌb"Ees+c=ӠH /߀›b"1{8CG->!Z%ȓ> `Q*Sw⡘4ʼEN.~8\cuDxEI'())e4\mΘ*x/(jkW5tֶhTm&oݔiOhy%V()*~9ŖN&Jc&J&˗pnщƹd|rM$Z8 {]_V.&";f@сw0n3 KҜ:?9x 'W^toywx&F\^8cIOUʫ@e#tXo!Ǵʰ?f-2vE^Lev/q%pKQcn<Zm& Op*4]anx2/=t pl0Fw趈1,K P寧""X 2Ka/Ly<_wŎSkVL>PK|* ɃTl cKFO߮ՑI 0\㈓i")jp+#NbbuanM_?5C]qJRp|`r:~Z2E7"}[FשXg5罴΀$hd" .)tĈc4G͛@n!SGW/-;X/¥r6b G u}3)M9]NNcBَ E;$nWOboth(8.>TA;ȋ C 5XEsM;Od .&ThiR.kN|K_ e_ۢz6qU97+8 ru~?(37m{*`klӢ:vxҏ3FPZٰ,LTT5e8Q f, $ [m2D@kacx~GZ 5PhDz$) rDww~!uG͉.AO'gn ޡO_=ދ'_Ud~)?Hz]:WZU ^2syxsB^ΐD9v_3!?F9*;,f_󜑔^ˁ~_= wwץȦB@Pm}VM_[7#:)SCw58o]lu\Q?OF "sHP~V>X:VvDfqNT_Kkk D w\;`FYOyy?N9ny;r$H131W>Bx(j0L&r^ xgZR/M/"*>?n2K#엊㪢ɞYwOXEsl]}y3ƁVE8nUc~x){muO$JdJn vUqG¼ U`҅`\[$&މSOEr? l ܰ$ F;At)--BpgHʹ=Ф)G1#.\x"pb ` ##ӞY@mU6{.aEE+7v'4-12Q.>r:1"H7nt5Ǵ@2LM1#~M m~pmʖb t5 B;%3N͛kmkc1Z).txg˛ -!%cHJ&*|SNfɔwgƁ۵pωPdOwK9ܧ;y ]'*ÕMeA!N`J:9F,ՑlM)[tIJR)e5Y8 }#wllpJߝC8&-;S 2_O;f6_9w#e앂AA޷W[4=S+3+(]ʅfXUܔ)Nv/:zJCS9/&`qC:JˏQJ^K!&i@λ  V^:HQ^enu#tK{2aF! _zQ?!…9NnQbu_ <"{v2vdNB39 &"^9sNvRbUG^0.4Gygom_(Uޚb޶cTj6e4} VRvECg+)'VѫjArc,KWIR3)KiX~4khU%ҀD. pȼ Fb\l ˹)lb 8Wf0ˌPϋF@2!G*kCc/$p36΁.}\Ӈߔ%˽5zgL/pfg J*" (JCMjTDŽVۮash#$\-:wClx77+aLޗm69#8+C@o.j}]E4>h>aӏ\>3 CLn/a"M''@Yڬ'IVqe>)"3ϧ7wq e"UVwDFH Ë5dz zL17TkS}%Yns<< /t<@`W]I 1=.e|k~*q;uO"%Q~H +K-|Z_2 !Y:kSsI4bOA%Unb@qb@MxOrK_SN`9{IIrn7'9kҕj$9bA]{h&2d0qWBxqQ0p"PkkEe H1Ye-j:T,0X-Ԉ;fmyn|!1"t̚KI[kSm i,7UѸ o;JFH*d4Rɇ,S~,Guo!vZ2030:6(xqa`>DYQB,Gm,XpbB"-VI_Z\ IV7\%pj`Od+[aQ*lǂb3 ")r{aY2uH hs"d} _gɀ&%~!5zu~O dZo[;CZn Cc\j~gh&gSt:~O=cO I6߭ʏ/h' eZ?[Оh?x]oSauAx8S/xyf ܽeMwLf ENL0iCwh)HRd`\j+ZUWȷ%,OF$*WH3-ttg!}@)w'lLħ /M{_8BO JW/# r>cy{8RIDɻv7rݎE|%|Uw_nj@8D޶ޱ1 R, ^2|L5cJGRa^[(`NqC';r"{ hI$w4%k \l?u!a7ݺ ޾&CttÆ7I`ē05?v:h>Q8~5 Y${Ò yJi]nC?w@f<2@y ;k7\ƨ͜hhq&*Qe^C , ? \Z/u=kFRsĿmPs#)0!ۯ͗lWBUh+C ;z_4)3J/d@=8C,jے.N!l lyfzu_O,mLH/p  ]rk"Ё $3IoXv/y짏ַX7(@b>(PuG>6dLwn;ow;fi ύ=<(w]1bPiFDŮٝB<45a={ 6}iHrVu CRr2@^񉦿Ukjvb&qi1Q!pRI)kWn)qHI60CX{ ͸z;k*]-Pu\VQtttiXScoo1Su\|͞i~~e U)Ǖ_{? s^5G?*@s[M=::>'(Fr("C~b`ސUOF@{6tB i/YC[3 jɷ\V̐RDb 10DqH7PDcqTcpF\&oZڍ dW _=}"\?Nc6+WefX9uI6K)77>bDllC0@8d@:3GlI*yGn*zљrFEAB0#p y<]_S~"ucF(\2i<n7SM|[w 8POYB,G |R ~e>kvU˙t3}6 RrnPcD5- mkr ayDƶPw+x>T_jY

+FeifJATLJND>^ p)*|O'|[#/3UGl\mii>bhw\o%*bG=/~[u6; pʣC]1=_:Fg< _q a3!G,N&<&HMraKʡd *XmPÔ?ja1^jGDAEH7ԍt:o&enqQ,@ATxӁ7 OjMGѺ~$avZT ʊ@& *TXeQoť u;_Xf|Qd03|}m7|| :8|9'eϹm+bU EnHݰwX3Ѕr 0dEAK(A@n5Z Hs{Zk"+N﵃G1ȚSR6*t N#5O]a w=$PI5.!pxr-t=k-*w¨Nb~i6Kk#•neضtuӀxtI!N"t 9h 3$2 -R{%aTe hx1ʺhVY;LQ^§#٧JS15N0eU@dƪTPcë-J;DӴ>ǴQ#2|Sз8 "R*%C&<)Ic(8pzP!7VLATڗ~Y@$RzډmAط'CX8 gާd(ibې1|-= FG^p#Lb ړ > Qco3{%ŧ%@ Aʏe<(tHg4T8Y䬿xй1ڬ"7vN& #PXڮA|w\-p} < )ma8$PκM֏M6$ܼ qY0 s/˶6ԴbUC!KOvY<,QG[+7>hhhlp3@wྙ@ЇY' !֊5/|L:YURG"@Nɢf$jKsdb|^ĕ'HQ5oy4jǭ:${ԏtcٛ5wg!HxTP4Nh7~t6s

dxJ7`r Ilwˣ~̚2ff˘ G~!G:MH`LѮmdc 1Rg.zܮXF$DթJ[ɸ]zlT%535RDDg7T^uxb \]I373x[&*BUq8v4Kں OR{s{kfO$v񽞤IirXLogm(:чRCTΏ5)L&Pvͫ?.:BkP asI|)ߒZA.ᒴ4j~Fā 7{V8Lk0;ȶ͞q|aI7(Ի#D-PO?a:W/HI{jN:نo4 ԝZ1}<|"͔^ZkOt)=.0,unx8UIzw<}.q?\턽 5x7KȬf v)ς\1M@W}k}:UAAҚ"U;1옃w%<;\{SU/7sU2J:&8%-U4Ix/{ ~ CUl6/nyxjg^$V #x(ԫGx&龯vS*3e=6VdT)EkcD& rb*Y eW7LhQc5s4p"#utfE 48t@2xb<{ +1*snd6.tB3 w`4'Hv'>dЭU=V,l.Tf SfUC%JS&W٤(ˇ!]Z-6;g!GzD xd'SN@=GZC}䍭x$/efrӸEVj B/ ;Iyۣ `A%o)QHGU#Ui3\t4̒:6mP QgQ2kV= 0pKKXlB{)iE K;PA:;us; -bùD T0$)oExRzasjĴ;rx:ʹܫepspP(.Ω}Yz:Zg)% 7 kXuum-]îH)g =$2 SIu)W,ȪʣҦ'ɜd δ!\lʎXEya2 3Qz]+a@BӅv'bw=s<>=iwLl'ja 1lmѢ-027"b5k3İX4ksJLl-p|e;u] GԈ5zޭ??u6_g I`^ /ԡpJv67\]@ %f s'Gg'n9W)v\W4sFB`n8uZ#%"ڒקwYAP+n/ڧrMeHB/~@5 M{/w!o)Z Zx#γ9{"_^T kޱ5l*Lʜy;jyTgRh߇3FWЫ7B]EKS[JMbGRѥ7>(%nLmL'R.bچ/=h9's{xf_ k|#'Xi :l4q[_2WȉD8Z_3wMBdܶ};Y,d5/1cSaqRH%E-Z?İRb?p 59ã3'>3A2 ̇qD<oK؄U*xզQT"`^ÏzPehe@e#` #mso mN^yz*a)mى hALOۙlavZi+ϑߢʑ"/:э D}mIAl`z5XCBzs_}#/ۯ"ȝ <MKM4>q!\?5]FM{HB8`ֽrth_6ǿ$ ol>,pPRیyh 4P0QkgP:`l>1vI?.&ED<0b;CA<j @ñ~%.t(%&2Ȗ@!< 3Mf_ E-eXwql5xDHyS^};jW<6%P(8eE*-Y埯)MdٲvFhNAkѸ57 Nґlpk!qW}Q!:)_ݺ,5D dkco5 F=qo8ق k-ڻ+F=i۟c8EKTNZjy$"]ᩖu2uCJ!eMeA&7:O'醰uD2s[9peb \ͨb=U^1we\Ք.>S?.!MNqVA̹|xRr(%M_뻄5Y#@PJd&xgLٛ -h=px2GpٺyӄhtoiOnwR.>ڼ*]\B%<2^t$F̀ʭa+QcGLި|ߩAmrFV8+ 'K$yAv4ϊTԳS<ŭJ|qÊL1el{CRCFj7-7Y<[ $oDYCOFڗYR$S[-TXJRoS@ ?%|=$'a!zPw˟~Kt[oz:8vd=̢؏3q J+9ICډCԻ8#<{uU#l7Tudʯ],~17}p̂14D%D2Mzv2?EB+oxB1ͻ槕mTV_fNgt}U7t2`h<Rof_T06n>p<~^@ OMfIŝ`nKUyx xN1Ѯݟ`)z"kI IҮ.30R'[RVPȌ=/ڞ #IMՄ]ښ%`%p|p%ڶ2 s1x,Aa}@)i ~rͪ- i98>ls;Q_09C)@) hSTf6C9TSoxqQ9&)x3c\$X 8~[L.@||!{|i7(GQxՕH&ui*!\Ʃb+  Hzw3Dd_MUr bʁHC(gǶ) )!SN$P{yr#Yn S$ܜHVj\u{>+)傼|5V{I3pe34XGXg쮝Nd5?ͧC 5$YEP Z6CbP2DPz8N5BW$xY`1H֠"v<ߓUmN;N)$HDӸ3&Qy,m>SiM%/3΅jgi[#6-Q5/$f {=?ߝޯ#~dr4ijg9EMy#}\X4dTcl#hk9] ZPbφɀ) 8 5!3h<ݜV=Wˢޱ{4z(hPyjJ`fw "S2]&yr|1{ A:Jg)/GM¾֊x4XJoocl끻|wcLzCe9Bl h?kvx/}lU}gO~tC&od^ߐ/"d̈؀Z2#Hzq%ZU+986ڽ̑~CmcK(f Ѫlb/m=9'y}fךDlأv<Nx[Z,uKgW͘Klϼ7}=38& eKі2ImY#Fn>Yf36Ä=' UJIjjlܡ{a](//2# 18::}lWKP%>8mjx dM/$}F'ziVz"Rij:ڞPg:R1Y7.:ƆѻuVRմWz\V8.ȭ ZJW9=ŧ?F 4n =DpE4E /"3v!po Zx=Rg['Pf5Py5q2)nCM=qij SZ3 +BC$Oyv4niq~/״;bO `b*ɛ x>d&MWm"ɪ2 G*|ԟ|iaK=ȃ^L3yV5K/}ͩLeUv> ZZǒŹqDf6VCw"ge#iJ>4\СHe6K3W߶(h?jdt#Ï1SPݶy$_ 6])12;[B~hW1=C7NpR6\w<`' /\HX2%袠ܐ!6h&'1(\ P?oP^f{EҏR'\"Xf Eǿe,i ̳NV[ Lr?=sÁ',@p<trsȓ LHءW&Ɵe1@jiɢ7,5!bȬ 0ع^ZO'_Nx?6۾@9~,Hi;emK`1&-G2L m !azs5q43hTeEMh Ba6.W9 n7-m4H)6DK ?\kx5W4(/=XTN1% WSy0Ǫ_Fת~Xx]H֊*~5ĪD{* 8x噼JׄZv%*]M7CEtϐ۬*#Bxf.|;dۘs4P"T\t:&/* `İkڠ6~Ivռ]65,ouuxWp ័RR͟8q^oq\c~DAGt72śiJɏu?>ofm5lˮyŷ&gXR=O Vrpk*[A)b !nр YpH~~C43,s\bW*KkzTҍpBZ}|CF2ajzuoX]hw5 X/6s(le'Qi9Uo@h{1T?<(HtEm-y)v!s4ׄ1rTP/g8Իuy`SP%k e0,K;gXyKߥeH+}9`?}x~C 3 aQ# hئ)_ k]nMU,#ɪ䤭&\Md] nfI$g:o m4W >OC+lA^g5Uᡃt&t(xQ\qsJU>QҮs=-U>|󫁩9(xRO+ɀzU['m2rB+ux]bh51œ V"ÃС$4ױ/dVeK;tủCS3VT%C[N0[/ vQrȌGXa;VkC毋5smts 4m]+Eg1gJ ܰJ>HqB7[ydJ2\Fc{gƸıC KF i!ȪH}a&fgPnk=\.JY-C!A)o_lF!cz+&W=+IjK{a|mdN;bU=O@5M6H$wƺF2̦i a@Un ݐքU%11OHώ9?mĽ/3@XRkv!k8NCȀ,tFĶBGe0Lw؏"n%?ȵ \4b-ȭt \ڮ(CptH)*nOFG8 FfTm~^sF 8|$3p_2=8#Âs IտԝU;st b5|_ P [9vUh@BA.V["JQ[u gv\D}Y]$6.?mHlP ρ:85 z]%;&?|E(*hp84_!ˢKzS=mzAHCgGT2j |Ƕ` w#g31j)3%[,R \4}朕w1#oFHd̛F_7ٻZۊ(RxAO԰e sserXR Cgo_Ыf]eBM\Rnn땬K莯P迅3PIrTT.'>${OcVd},Nc Ynm-vebm?yd$xНZ@L ?r)u42RnѠʝ:F ut%~x ]cB"BLl.qR yJz)H;ڭ8Y6Ydϴ@w@!i X$cLZكm^L,r^F(XĒ#z^SvN a7a,/EIIq;V_8t`Ɇܝ NM Psgkڨ7J_m4x\^Ng K"C6k~% ObP6'S&\S^A2nd}A /,?憒7֗Y(C?s!<#Dҟca5JsNXNP&?O/9pZRӒ!)nlfKR'Ѻn~r*yiUɑ\߲ԃrҊ2KBKքW[ϴa$.{>$W`D s%;H!]NqЬ<9M:T r oBt~ukndXRjl賘O `` $~j C Ff "3dY_DFX KSQ8n>/ Rl^MH8 `a s PuTK -׾Gi`@JW]g `Vcjb|N㥤Rge5 ﯑ ic,V6tF?PEui~<'lP|\i<1W]ȱ ajPWB{ p8iIx!'yw9& #>_mUڄFKiz")ȬB\}*kz>- hQo-kJ 9<~K埧[_HG9utӥAYyz't7y&)Ip% GuB\y~5fϮfxP&.x[CI˙ÂVTG0Z>q&s6Fj A`'(Z^ N"o2M f(w9>οc(L Tߒ9W͆?B oT\tDZ=NDEɬBb4gEHƆ$m\q-.yZ9%UIM}}ynhjwA%Ӎ@TyY6Ѓ+ [NlRgi<{7д1kyi84$P-WdB$\ oVZӥ=fns;rsW׷452W\Uң qE^9E.#@6yH)9_BGt/Mx؟#9M3 0;~JQi SrB@AC@3ڙ:S=sl-D:-,tb%wzi@hisfsUqwlHy=Qod8' ʨfm.XBЊu_.a.ִzh[5Nv Y _pSX0pR"jBSIr;Kjy ^Sj6{ B oi4-XI[U="M|{~2pb\Qk496#MW}XD&8ry~Sn//d<6ZOHW-0 '6/c6а1Cɹ~0b7ed mEtd~招μp2I Y[ ZI\q>fͩ2b^ #.+9VzNKҽ4k y`qOV3X"~oT2@xڋBo^ Bg-.Y_%~h8mV.dA4}n톃dTuGYZdC;\'Cs;´~wkmL"q` vvUx_YgDߖq;7 #`:~Ǧjw)`8W(7 S'J?Tlt9 >k*nP$&,Yڟ%$QZ} 77F]Cztn9 RM_fsRnNفe:GJzAlhZj^$p)Cx`rdlq_`mԥ\k9`.9@6ۂlCڣ Ti)G,yCZʩs٭d]'!yqɮųFM.4$w|ET6l ҈o`x7F|WSs)d푖 Lޅ3\5G f P>~7;cK[>Zj<O$G\VoJeJ:#@kb|P]su"du;7 C7GwބtsG5-ގV{)l)8w&Z&7ueQg/WiuWc8'Yfvs.q|(ǩCF[X9I̲UZĜVGU.~&t9_R9é ;m s$!_ЄLف9`O7Co3f (gbo3TuhK$B)Gzϣs3fXc\$d6(\WWh19OĊfˉ/ `~,@$'^n8?@{R$ذm ޓ_$ȵLy{6_8s*S3bp!C >I0x#n.Bܕv2S9Xr:KV ?,1Q&:bD,>@n].+j=R'ws D%ެn ߀oOUo"ppgY:uј0Upu?@n@t-aEU^ @NX0 *-ۯ~~Yir]Ԏ,*.!vāݍky 6z5ퟮ1)8ڨXٿkŝV eԐG>${*b{ #co\T[-kcM]$4`9&1DQ_(7VS LlT򒕲=) Y[A r7H!ɸc ̌` ZJ mslx8"ܒ!>c]/O2t 6H\]YEu ƯU2^LUqOht8y8Ҥ+ۙ*orS" nI]mlBbp\OJ#L7O mF,vNtjXk3nl!_E&S1)Gڶ_`:El![CV.jh6 tt;oeh4\cff>]ܩ h58 c.9Kj? 2)m5""m`hvn&>@;z~D=fYBx y.?GQ!߇+ nqȣL 0{!.S1'dۣ~'̙Ó(=LrMXhxQ0b@wm9E˄XC(XCKϞQ d.ix(ÝsC,X)K^8` ?&99wcL(fS4Vypx\SlۏLJqɓ#Y: ha _4f@SQg(< MѮ1YՑs}lN,X`#b嬆%4 φN9uP\˸ h r)gњ[BU}K+rߦioz``+ 3'dgc&M;)d.qE3[G8=_$a5E0) i7c_^_D2I|NU-[>)]/ƒ_|RųGcFI̊#Ϯ`Nd7=Єa# >BIwN7Iȵcc⟽vE_A ..qŖd⽞M,JKqs[Ფ:0 )&"IzD4$RAod}mC(@:XO']mdFwZ߾s)}]}lx6{V\TFaי/)2@T[yU^P mCbhĥ,LfUshi j<»9Yq= <@94NqKH-"<\֓- Bl!©Eh_O-SQC4h5K-m}`kc8+~dAw+R` y$}MW׋U7Fk9ACﲗ  J Z I&i*d/{HxZi7*GV j\<06LB->iskL4F]\$[] m|aT* VFߍwtx8g^&wysO~#be$a$#Iɗ /־V'`]?1rl*ӯ#8.Fq_ѽU$I9+TK3G'0:"Тi\h*z%FsPpҀl@:^DfAم{Xזj*З^^^#k \ $iF]zC={Xr/mI͇juL_q/U,V Z&f w{>sK?^Os._5!$xEL9ɪs[iA%9{j(v9kkX\$odJ(zJQ{IȽUf m֏D& oZYa,z։p-Xr?oC*/gsWVN$JE,+OIUlXqFmY9BrFH'z4T"ܱ{3 /k;2ɯiOS+rD l,brqA%ldn,e'FE) e#R&_Γ m`e6rޞʞ[n'@@Dy猃Cyo *Y eز8sLrk6-B8Q着t^f8ө`.~(~ζ2zUKip ?߷vi\SE}"㑍p_kګhPcau!oPTۻb̬E<}|9 {YUjɂ1հ[P_HsvA/}wo<S/P:&2I.~'VHgR g7PMt6יWJOfHz%xe7pP6s5.Ժu0hM{SĺY^trbp5=RӔ`RcҝڋU&:ct'z|adkN.uLnmyLS#H/>*,~];VPTӔ/dlSw̰ʱػqX"fSu\ Ѽ"I2;2Yj__n3z1zډ7h+ 3'MFoĨi[Ol`CKSƢNS~~?iFg+ʼn`#HXm  Q^aƂU*<j+X="޷p# ;Gչ-XJոv$ YqR)Z}p^Sd*0:L^Mzj&Y"CK[x rCG$ 1s3O]X_KFRoAv2ҙ`JfK qV9_iLJJHjg/#WF׈Ce"{QM*]>v9ѠF@嘛7ѳ^*4oo5 .շ\N^ڠHC Qq&LdDW .yuӰ\#WT#yH$t.C%RiG" wbDBYw/I di~h/ƌ/vUmi3puAԗodtH'#aĀ0St4~98Fµtp{Uny9*[ƥdî̽?rdtyz5gGfo(oȊUWLfԙ/~=;:G7IgM QʗzڦNps67DPQz~=1Nt.$ [K"Y զܳ]8J '6 jވiկ,ZmFְV}ԳխAvK'5K+4C qIY9I#(]}|bl }rqƋ\QJP B2˗<F:"Y$/"t$;\c DoZJ0Tؓ0J,\_,l9dZpFph8+V#pFƿ\-i>K^c_R P/ݻfoXU@B@) C ǺJ顐Jxmc@.R ji.I;6.QKY CNזwvuz|/'+1$ՌEfԮLyZ`t3ۭ1MJ<= JJ)a}<{o>Z=aDҀG˩sT'j|cM ̨F#DbmkC&DMX/1j:ןqppLړrpYJ]eù)ӂ;쭄Aueۛ2<  IXstaVD1!}KW=R qٯYC3VGvɒO.ÌїQu^6ZAiy.H*|<]BVX+̖yWJ%R!vܞ|n4Di<1+G%*2Td^U8 _|7ncP4 Psv Qc%2YeJcő7AX)}Ӈ+tW1rFyA_vjh!M._CHK͹H{ 9|])A~Ҧ 0Qt1\[ LU˞B(!ܳT s;Xɟ@I4 ?a0n~Ri.C<:hͤ(V&d!y̝3zWt@p44#OԶ)Ft YeVx^hs_ Z qٷZLfCGg~;UD<8-7!EX Qb4;U/Vϯsh'(j[Eߙaf//&PuSў< Ą˷<]\eY/2w1@>d74k=gk3Y ]C2Gl>׵] V;_cCp )vA,BuCA2AP;鳻!,_9d45 9N )lΠ'? !O]*b$C>}+Of͵,OzSCR}CpPZ\|,I,%ʹB@{D7i@GFIZuK1 чSa.z2K3V5+ MuD.0ADfRcX3hȱD;5= ʸuI$' 0!3z[QZh(-{{`,pĻKm0 !_=Կ\ xf h{HLoل=Qƭ睿r3rӤg $cҎ UPLU p 'w^5 e}8KWz;$h4*)LOPhg6RY8 fu%G,m$dզ<͉xYIYڇ|M&(y3kdW 0 ӺLi[)n,|7~PBXٽ$~<'I5{%jJqJacOƺǿҚ "E N;]s^ ; _=P [K+mr_RV?rߪ[؜Ɖ4LZXx,V<ׯil+)0<ay$]%ԔٷAS9+w<4> zÉ1kiPZs*lr h,'+OđΤΡZ篯e$6viui^8(]aok8蝒xV9=:"VۛP6Q\@(}_-MxOMC% j[Qotw8y ᥇Ƨ~]jߎs2'=n6H} B_nG̓!DBM;,@/A5֙^CdoTY,j{בҏHIRkm.Ch6*Dw>G,-1b8h ~+-{(z$0 H[y<^ݻ 'q阱{g6@' BX:su'zGؚ 6|zvLo1>#J@OU`OS+k Xr)Ya8:o4sTHb #jIiV0ϊ(pJ;J]; g^sXf P bH3wlVTk=N3^[LO fBV”L=K zQIE)l͙024D!>Z^ŧEg]15<܈oIaGÄ_.ː0, w|W;k1x!6T#dD0?ֶ>Eq')LnHWwb>*20ʦ-`ȭixsJHDݛ#ɕ+PEP)V!l3y\ݪn/MF\W jeTʾ,f>f'F4[ 6p0َB@w4(|OYFq@?oVY+CyY.L*?L_ >ݖ;a7w(:]K Ii扱6kU; +D>ɤ x]lCO j8gJ ollZfSuPߑKnO¤Uý2&9pP^@w %Md|tsD9찠>g 3G\ls vqHs݇? xpu[WaXa3'ڬAJH]`+UKLrYsLS|b)zwCڊñӥ"!CnHDu³y&O=V{qk0h D%}3`H-x,11"`c-U*FYυh"T>Q)>Ӷ4{"RuUPPrf/ܯcgbȠL?쳢xAZ2{TTm}VĮ6Xg57_g~PK*t(^McªJfLb[¯埜r z`Y4o:eX4^xT_E:Nz]ewf kH)E}-1]X1Cr.в fY{tTrքkF-{,\6^K i۔D4$,|sR"hw( ̆@0ܒ޳uG.<^%NRPJ=v3"^) *qenM~X?i+y:}񲇤O-D,f X8N:O+ppj@$}[e2n &sD:8'I8iPQ}4eVRS}`)'N9DL][}V7JZdzNZq5іC s2w'ʰUgƩIt>dj6^ W+Ք j E w2BR~MGLc'ǔeS}mΎ aPt 4T.WLgtXgy*E,`7bT4-UE^ JN5n`7<P)duQk5PRweF@=Y@dxض̖x=]{n2Q d-Rm#@Q+,h5͓ }C<Zo8VaFX3;%)I{4ө|ך*H~ΰ.Yjn#oN~1|U$؎³ Ettq$ ylQo܃Cs~3rǦeڀ$&GVUi^8\m~>/ > q>שzp6|IE$;ɉPy\$EUNGK5i 8[/) "7p6O448OEJM7+ut*HQ'(,8gW9 sݩ=,Z8UoUE,R96T$\,<}atyc8;{ҟI7]ZO hpp;:7>/ s -1#K0e ; @v:39氽Ť0gӃ.#ܲ Ō DujIlixl<Ÿ1w6uᱲ5r B;;OfC3H-t %؆>Fw`dڸ/z” vH\O't+aN2 O -MWwjZfʋt`DTԻ> ML޶w?/]dANLs.)}ثK/iZ.EmZ:?r/h 2TeGw@MFRӇR8׉8ҹ'ǬAs4ok-^SĒ;CcvE=0q^2I:UsV K?uQ%LiC1/NT|Ť a4yc5jӬ6?oj[<׷c>tGK,Hs8c± @R{P)9;]!{T] >{Ί,Sӛdi<J]P|n- 6Չ=гIqrH7r$v5>X=Uqtf>R#27qч~JjvJ?~}i#$VI.'e4Bqf3ֈY碬aM+ęHLU6$) \^FȄ@ x)y#g,{싙M8aS. kEyZĐ:ux \bz ΄D'8-%;ƲZm Iw*gNA!N2d7X~n@Ika:"]i ,i)C+U-r?n ZavbS˷y~IS7"y*5b}1HUJ(';ܷ_k]pQY4'^Xeő.DWq-e !hɳfsEcxS EzTMxIߤޘ4ݗh|GX!#i.h52op`%mg$Ζn+pjFr9VӍve :jRy%9洿\o :/(QBbwg.KGCOn9@oo@peb'aydbo {;s)F$,񳵳wzzAtm9NH.W0J -?E=V/&?uGiO=crYl044"l gj#`o/@YZW׾R$2TiDsTFVWj6vƔs hK0O'zt{Jn*OE$$|v3%~tH1M9TIL1P:.Q]uSwL5nUpŸz|p[av YgYNVϕ$ Aaͮ҉5 eQPx^qgySn;tak"3p 'UJa9mTչ[z!Io5 a ~,mW!ɼ? B?>WtPAD[T&%G%v ǯpv_;JI$2ˆ".TJ&)1p;Z)W6!c(@"䎆POW\FVpW{vh#( Yp%v޿xx3Hf<3 a wYadQSyǎA`n竒I P(5=b xc˄c 3r $(Vd|noLxY&8F:\OQ޻"iS|Rqg Tc!^S4m0/v)G3ف9ZceQƨq XhTqŰM*'.YsGBp W|ߨÌ':wp4(aoĭ&ՠ}'G*OA[{P ݹ^#Fs>=FOupAQ>A k9hU͜g=M/|*mPoZ6*XQg4EN9C}pKz*ӷȂ6%gH)58O#[-f~O-^hFOz~ ?_4j]a!0`)j X"* |)Rzx8eu\Å _:^pK^I0$7L<5I*=+6G>ʏwNIfҀ*uEX}Zmdfӗ^h^ž)]l-{,0y5 Wj/?#W C7Ooh쬂~8SM]+[ܦ TJϕ5G{>L/ tNN:?ERVk=1G$|nҨQx"{^`ek9d[STqZW4>}k2˻>d⫧ EP!eLڮV:hy]CM= '|6hϧH-; }#y¢9FV<։*Ͻip_wpwtƯϘVXO,~ E>;·Iy(UAe$!{ף,p`+Vfe1-"LVD^ڡ}?eWFDGhl _17.#[!x>iA!Sy9n&FgXk?#lڌ㹟"A"= }fi!RJQD=QMkEBctosujfg5Wt ^7y,DåF9y,z/ApӲP.vOW#Kj|b%2=,%I*FBە+Z FJH遷Y4廳ۺu|ګ^Ώ LmΝy :Mb_36-{_o<7ɨF M븧qߙH8? X[S2ьUSTdхsi|?B[Ycd1P=a"#קs2ש纜1m;!dWu?$) V= BMլV j sEe ]M|C/ ϼ6&SwK[*mhg 9^Fl꒣{'SusT5zWoя8dfRk <%ٙW_h47'"88œQ+;&u|?Rp=c |;_%˟dzHICV `ml`DNѪv_V<2"r^,.?ݐ$SbtmfֳbM}[z7+cޘf/j}%me(Rx .a˔jx8vD9ŴryaXꪂQuD|N\ ;tpK*ZBڒ~v |AJL8/{mAF@_m$`X %jp[v?C"M{A)&7svH=}lb7QL6IS([r OSGv;_N̂q nmb*F+Lo`@|-Į? DOi~nQ] <5m\vVmϓhx: xqI/?{5\ Q(}џF#~ oB̒g`tgQRO .+˂#>1T-ڦWHpΔ<a>,9\еoĶ>#)}{y6ph˧ TѓV`=IbhƢww|ӛqm_` * |(ppcO:(A~5J1mLD O)fmn/ {Ν J lzߋ_%Vr -4אfcs77bMC7Aog;Fz'\2|I߬*,)>5g#y`x@9s4ϋT7Rq0 yr}*IR r6ø7h{ &<b%LX\T \ UM3=#~!P6ꊘF,rMfJ,*Ȇ[nz<^مN9du'8 Νxa"m&REtù}WżtLi7A][QU_$ikS g\}*XbI:EjmᶽhT%hC $!b<5rE`;F1 tvpQ!կpS2t|&3y(*=R.t꿿gsv/a+.#Y\b!Joį%f=7zM>|"0JUJqiKy"."/#%QDa5yh]efkGlԢn84.FK>!?{Zz&HFCF#Bh#6#A]҇;f%C˙V^&^M .?Y6!Wa%cRCn0wN2nΕ?@dK[ /swъ?wntRRZ[JIB R1jZQǎWQA32=;`)moJӕd[/!bXWZ"zqXsq|#)`nX11I4Y}QS0 mGpERxc,#n^bLzAHމdPa3e17ʶTf}e"&ֿVR8{-:Ji->YB[ft dyzѣnb+g%W Uң+ĺDR*5+ZŒWbX'R҈z'f3UsXX8`ֱ!yKܺX60{| !EA}mcY.f} ]IXH"Jb뛗6xeHS|Fu|ņ(̖,{Q^|NغS5I!*FC (˹pi4Tg8m+OiJG.HL¥ nnCՂiغҊWiŜjDu3s,ur9vZEI iu"kB|4]9nGo> &|)8@d(3 2RRr B2D/9nbqR󰟉&wxݙl+l16'*vձ ZyrH#ލXŽMpݠpԬo(3+1P`J"ȃRpL@x]Xgɭ.>p0[@kj|`#9fCw^jP$ehY erfڰo*ɹ)SEB1B=yv\|`҉'1L#i>&\UVΒ J Y?Zx]HIbSu1gGQ&fd]@ 0-BaƵfcMr]cջ F kN71~@B&@ 57+DV7Ҕ+ f# [>تo[xq(ZS Fdm)2^kLP p gR6oeiq#GCh %bd[8p߷0r"ifYol|]΁eXKϊ35\#mWUV~n5-Q ,U{*ޱ3MXBki깄ȯ$BaɐSۊDBf pp7{acC^ʜhmba lRHNv@냽H6_߬ V`HAOgAJh[Y8k8WEuxFRUbP!>VdkVWYį/5X'oSUa&FE,^ z=!Iu{a!lJ#'W=;7ÝQ,'/@xTg=XK/TU+tu&vVWkaat`{&Am8:L~w9aꓬ9uZuK,~9;YBKZCAz,КGbt]m=E}-L Oir16{ٴH7&^FQ6Y^qW?9V]C^vDa |3Np@~1t tc޸d+g.۲eUiWjrNgTh iX@8 ơ><@ Qc ˾O΃lĵT9*j"?]K͉>wU61֫yJh|@ϓ#]DMR$wb5h}GCJ9hoٮK!<܏x4 V[[L nU]d{Sm۬R\+J--b~bZdnCle˓@ܤKLoDހb #UNҒt}?ހ;l{ƁUxǫKgәhEMx!^V/c,] CUj+Hd˭ JOeA3R嶖ʟrrw>ĸH8b6,5V&HkÜ_ɻ&:Xn#TLy)KnmjgTy@/.73''GYR4_C{D00 δ++neB _"vp(^{֯Ndmx_bG?`P=0G҇,OA@ɴ<~́VԤ&>d6~{::->ԘXc,zH\ݺ U 29jEr:wQT4|ٞ(= craGF BѐʤX :) [DpfSiw)kqQOAR\JhFtaF`+Yg9ukEYfH7= 5Ĺ4xb˅G&Zc; r' oLNOوh I]PEJ-Ml+pl:8[syy7|W5ȨìJkIN5-1pj|-dZD%/$Xlb !<I}oiDD#҇ n_/;'{yL"xӲA6їg=KwG۱:Z$[L?_Խ9 k\&E Syg)I1K/vhvw,e$S!K[h=e\r$Jw@8 :"y^ n(ֆRB1ވ bB#{`ڭ[2UA^ Tل!k;.hq̣>2MzQ,B/ ?kͦNeR+)#MyabceŔ*p{@M VJ+Pc2Z;֧?tIq$8 dgV6x89+w+]qx@| Iq3mt|Vê0CT\41(Wڷ[(G=Qqu%VLB:҄ 9g/ xfazT,pV0^GpTmIwK<.!h g1Y_y2iGoP68SŹ c\r%)5B1dk4`#XykՑfM<]E-sG~aAz%Vز͕K@L[~ l\2<)s7B&&|A~I~LJa ֹ ݿ60du`r}k Whu? =-'H{O=ËģX],=JcobSn֙ʒJB+H*p^`WD f"w<'[xAޏ~Y]@U4tY* Z( "2D0f8~ }85 mw[ Z"Q)NS8Mbe]Ai2Cȿ Xivf)݃ / g4p('cv >v&k'zH R3=P>g1.4r7F|4xBŹFP֦C_,Tl[nN֣X5 2Fl E])(\`ԃk\;㘝I[SFc~"f|' )Dޥi"#Q?U5S/sVpP1_#g%^$Bi&,!zMqZtک\SdY7o 3HYx6zd/)5nN A7eH^~j4aC]%Ed "ȍtPIv2W^\h CꨢA]z1lUqzcjL6VDGtT>w}bҚo$l"nX.g(:{"cK|$sCgPc:-z)8y9.yV=ٵWP0 4bRdwSQa@N3QE[މ#wEuI<*4!epHy8 byS?O5|"E&)=4Zd7-2Ҩ0kVwo`KS]3'0sOl/+%2YZ5bݟMXRΨ7y6*p(Xp=w 0-땳+F}k|{dxUZo14Jf<znoqeYa]o"M'pr7`]`v0o,W 'a^[w?m)' Yky7q&f&c\Ӏ|C}veƅl]7ӿ|\wQ.}gv[&r#[8eXBr lmD0uơO{)qpa99 MyO_]U?^ 7_fTBfAAWmy$ 9CAT&jKVw[i@x'[ e ֦W>މ<ɭ[Vvh\3`tDhUA.]nvaՈE#1 щ擩E"ڤ SbCV}Uh唇ލᐨokV7 Bvv3*Fh=M=DdZu6pTozn^UhoP۩ 䖶Uܣ)N9qR?ZnvyYqz=vs[%`^Bhl JY9'!5\:yjZ!,'+;l[9:Kr Tw1*%AM,U]-"df+"|$e*hpn\EtpLe}\ފ "~߄-W d#ŀX`# G&K/ĭI]j )2X5\Q氟Gke[JEb6ưy"96t"_#Mz6B!xdڨ-*੸L40VMklfnm/%j^)<}W %زݶr]tʝnbm&h^lDWaN֟xæz,Cr|Sif \l"Q'ofJxa.FZzi2đӚh.pi˃w5*a-K}K2X&X^Kkj`+х=dc3sy]R6+P*=sȫEoƒ]:p#Yůٶ'u/gQN6v~rm}~|@kE T͓B{C.pR9=Ҳ5׺OxzwNt%Ni4ǁz)T5$7Xeg|jVeeaSҞ&>lE}q Vh̯m}yo 4+A3i4f[Rlz3x_=ȕή{s4T5(KQ[A p$rg`b2*'͑Cw~+Ӕgx@ڍX ̅bz >6ɨ!I0=7n/2rw0^>Zo4J䍯3ޡ"9L!(A$y<05=m!⵴B;%y ,8_)Wͫ$r!^|.s]N*)RAdr@m$T6+KCZZaS"TI\54=\Z+fyMTx"%OPWhyDB(Sqb lp&CNX8Nਛi? K@z.R_r?&EGYaBU>OӐY:"o[% *"b[3dE)>0jZv9gVav)r>.UqһeQ/VWWSmbS SՉB;+-V'26nҶGs_pE-24G K`pݰ4WGǐ0P2:f7M PVhJzzl3onޗhjWC-G".* b^Y0 f c_wB?v?zBnȷu4K}>/e|od$.K|`(SaGr?{Fht}otv=Ö̗S鞸+H< /ZؑbBoa+t=Lt%J>{|$[eR SbqM+5W!Q[H4 )ɺmi1Ě1U?~> SB9kB9οV--F_̖ͳr`oS(h1yȐ_• ={9;:.= ]3x kO;B˺`p7eE](﹯DD_" "E3%Bg³xӞ?B=$s+n|{_,5wjM{`%ϔM*jՙMehcs[D-i6[|):(R'4ׅYqpSjdNGFP|`FHYB-FPoW2UUS5jT~yOjc HZAHⱮ{%z9(vJ ~`t?Ny8 CbHg+?:싙!눾X$ F BF6<=^z}>*B#8pX֦UhsBV`՝ E$EVTo$<"f{m߁̦6,zj e+f[k,6[4_ mǎqtCC;pg_Fgye-P{)JP/t%Zd ,[d1:FP)ކHd')Eڦ2]Į! q8lNO^|OJRR"ތuTU^{-Y/IK` =Ng[cDns["ߛnΈp2Aؖ=S@mAh~wvb:N.֙-BzVO{&Na|=yPչ~RFRt˒3ƇUR݀-G.X-~+smPm҈BG 7R‰d0@]xm:CiRFIuλli~UC]<6_T;kZ\XV+hL|/N Scu/Kq1tvo}P6l(=ښ& :gRľ*-̭myZ @;i4HVzp)k] gK4lFu'N!ګDw "(brdEwcp^-jZb<䐡0C- nߖNrÄxJ!zZ^<)<>I2 D:n OJ>/eF()v=K ~Rõ çAV~AS^$md0[w{j(0\(e|T\UySgO9CrV:DIXaHEE`]Ȧ 1C~V~gfǬ=^qBژi.#j†59z)n̜&" Q9ⴀaC]!7IX 8('k$% IE^ٍ9K"AvI=D|`U~{gL>-4C^&2O/PYހoL{a,qg &Y0 e DdlVN B!xYk%x 2L2P3BfTg0)pS9P2'F PѬiū,;DF #DT"\ PXq3F~*%F+Sj`ЋehkXz ;1x˳Oua?@5wIz~ȘN سiL3 WʅVc5_sa7nT\f cP8ON|Ώ6C@^I}U+.ҏݨOJw/J>TWn,)bd99O܅Vnĝ5TSj8LPx.2RM S>P>;ͷ|F]>Y@GzOJ훑 05Ky)WH L9݁SeI8Ȏ@zv~G'/+jyiK~zFC6Y1gM:'\3UY,<'^ bs;Y`mMے; YE-=ٷ-elPwG,)UEα! QM'B_@>35<$[it6 w1iB_ G|L+im+qQūDCIT:zH$3vpQ_Y#v{msO0׉NAyּJp0`r<ဤ8Zݨg~pxS^Q pbRVrwnȫ=V X%y.D}Qm-i{W,9à@Fۂf:8o|(, \5sz$&ח!(r2[AueG0 uK=:% 7R \d P1XW wwU\)p;H?jߦZͬ-JIݑ$q¸K^џm,Wr5{$4}/MA6QnrYd>?2ye~@أ?r,?; QRw -iU.a,Xfݙg=FPtS$`'o |'HvO\ť&G (inf@m0)=^v:_dpU_D`WAi@|c\ kFW&e9e6lBBl7 ";0Sm2C\#W 99$#/]cf%8-zC![T#< tƌ nDgu>]R&#L\qΙ܁ϪzKtGxP)FGҮb=fIm/$*&VW^{s~`f@+ӛu R_^ڨ>攏 nHMRN`di-P]+ɥCZ6iNV5` ފ@Ǩi"6JbIJRw! m<ęXj>"GunPrP'qd3sÁÆMsSaY^,7d֗kWO ;1a (\Ȉ0P29h7M)z@ (SN+1{"#׍x<;b..@xGyMKz^ma+I[ŤiED Vi{]99FTB,&xJGGcW-sPsJ&i ^`yJ*J6UnukV 0; Kmy~x @rv vuRLԕ[Ae4@芞.auƴ,/-P+̾SFC:7E"2 n|_$oz 9ϑ)^RCmۆ+?|؈S򛕨pbe?J\"֟uihh<0n:ԟGvw- OVLYN.NS6`Y1?Ĩ/%|M0S/P%)u%ĝݷPRK}%A>cS:L?Ƹ(ٌ'}10Y'D9FЁX&7C^|OjO`Ŏ3psΘ8 f+ԋ*. 5ķZZuǓzN5hjzBS]Fȱڗ\Ҟ\73=TVRLk"J%?wgmh TN #.X@3h2't'}pi2s~ =:1Qz3wwS-_+3Z" B!t\>։Q$,( j<(]=wߓ$ &ىwA z#L,(ki>d]'aRqeT ԋ5܂<)Yyq$ANO{sH銫9Rj"@Qt8,H`rZiZ"?MMrJHU[5)9 [Ujmo Lx[< nqr&,Y31(; m]Fȋ}By'Em2Z -n|,: %06xƕ͎|f\ &xv# zzClbUO]rk>֗i/kgN7yߖ|Mm!'9iahJ5WI֍H>I-|Y5;-b#g++z(J Bm]Pjx||RڰlلY [x7D4\| v{mߔ.̰>bBi!V0/֖!FjbH "mq`M9jf}4ctofc]Ɔv+Ce,!Q"!I#wyjjNR$!V6u/v0a#2t/ѯ_6DSr#R9po -\e`tJȕVҞ%r&9x)/ϏkiELQl̀6pIPG%ϳt3 b$Z~g?=dp(\y/޴@dOpˡAs}#-ܱ3 #H&$3Cǎse3iO|P3!G>AJްc1]l;9]qF \Cv%re3 9[A16sfP5 ?n@8C=Y7Dj4q^W[K/^5|L FIȐߊ(󗉹r4CL(> m%5]B TPl\ӣS cōC_qQ,,ihBV$CH+T]=NKR%,_lBD*wvhVV͝¹>;=am? ^{'Tj:$áT9N@Xl'= j~ Xt cBho}FZQ΢Abđޭ[O0Bz頹)OOFrqz,mx^VGL+)C;ExubF_EtW*e3?Ɛ\VHuq16C9gc{ŗQK= vdhUnls&x@z!!uԛ+-<&H+[[DXՌW Ҕ@-s<+ݼYsV o |OP4;!&OfMopV[`ѱ~Ǝ69|[%e/ݦB}dEXE bcrXDIL!PM!6z$;Ih3T9{-BgvJv~~ :'eVq2fe?n?ז$*Of?2L%9 0 h Y+@^CCHFj:@4[h$)nZdr1:z&&^[ˏ._ RR*{b &J߭+,ajWN `+WngJ&f:0yU1uP[-!\6ݘխkX v`'V̺K!yݿQTp`cfWz}S$Q^6xa(#.1!q'yg?@TA&L^AfW2rħMjJ|̱+\/9=$;FcBfcf$-8No6#6_0&N'u>i-S<ږ *n@<WyzKۂ8ߏKK3E1o_v)m -j-u>|E|ǎFL8T|xʺ,$Jg``%dK;nN{/XLSZs*ׄi]RkLsIj1XhB°s]<1|xUG1<:|Zt`,,QE;cjaVpSS-?eDŌ[C%RK;3`h\ 釼f}weHi''>^:z.G7S:ވc$oK&[$mgw _cBС3j##'dxVѨm69~U&VZ ͹rP]2-*BunJ* xa@0ƴ>$ ͷXh~Bŝc^c8ߛInokVuE\YY8ēA:\U=;3x~9˦TJ7 n//-QY,0ݛy" rpu} g2_7/2FCFG!iJŘ}CޒgSF-J9j 1;: {FCM/ix )XCkuzzTIyϥ0&q^NviYv) b:Z6OՈVaWWq:[$%p^muٟ弇K817rUw9QrG(G@n#໖^X,vM,.`BY>&\p-KhO[BwF[Hߑ 6ۯo9!<>QIb֤.֤q4'FH>u/b lF9q<,'&tr6Kù_Y(.9HJ${F-}I9m|cGX%nWk#aуfc*٢' RR/g#!" "^(Umvx7E"}}"Q@e; 9Bs7{ /iR(Jki_Y|pAx"IA,C-n},\7$R-4qlmbbN&49߼'k @ fQ efk Ut6*k6Mu +҄(x 9T12сۊc佚aJ}poc(+ې&c.)ԝm.VA~~>E~vayf~1E .do5KaZw#0$ /KcL~I"x1TGK{)~AIku>_8];qrt18BOE;6Cy}[n!z J);R<*R(` h k!1_X"(UǺ{.pԐJ ] r+'Rcwq携Lɓy@sʔcd]^K, 37d*PYbia:권!Qڲq1&}UD^ؓL`Ǩ.Bg1* ˤ=9EZah-B -p <=z"mי.%S{ϱ`_B172/gF;C0`D;>Bb!4dC }&).V O@0DmO9,hta!/0_cW&D$"bN]ՏA6A0^6,NYHvna~>]ޱ_PbJ]Bɀv*2ID蟁%x]+ᐨkH1L=?䚓+rpN KVCQ%!=W3,w\Ëwx tI,X6v2>D>9xs`akCgd{ {N0 | S4Did1Mb`^w ibiM:_dtR޼Mp~ H'@TnĄ3t{L.F瀚vٟ8Wf:6NXBe}^*( Z7 14b夔 ?^`\ Ar2bMP[U"ר @w&2q>n3벭=&jj]Ct[\?w41-l i4dpD6KV.ޖAW mSO%j#ߜ[ӗ5҈TzE(1B7c}9RA%C-]!L`ݹ=b;NGn/:xon-E1F7Xy~}l->&w0=?ZD%#slBmEIK.SUHgQq>\=.'Ь -!aZ0RQS:f,ȣ$JR[_d$D#£)¶#MѡԔ*rWYbv:zVV GZ߻/,&,T61_Um~W8FIYTe8T#%o(v9#@:/@h9gb)#=')S ygcC 7bq26UArZ%N{Bָ)Vimj(dY(j!>%Y˴J&HWo05USZ9a%s? ,DXG@ !L\RP8Wu D1]ѷ- fؔFk9;\T2,Vh޳s}@Zcb w]gT`fgslm*RCu[wT8dCbmbRx;HlmmKM>8fWqF%@UR4 Wl3]P,q\.#F"9r u85h?@rïiE;>ݍ t)o)5C@ @An/Ko 63HM3ϔ/9brtqSذ̦yFKح5t"?HiZ OA*>C>,wCN&NF߅xX>R].]|UB s#_="@Ƥ"n$aiv+Vh\,Wm?!G9V-&:'T+6&$E(ҙl2,E"[SλPbDaX\!ϐ` \\.Cmߊ+`S*[UGZM]|9d$̏my^3E;X1-B|whZtqIFZ9sJ9u\~&mǖp+G =q9ВM) ,f<'}J66cj@԰\ l&zѴK&Ҙ ]D 2jZN*vH !.~j]؝oRF,,1ԹT#bYә`#d*d2qoA*sW[#RʃS-8IRHTX4˭bRD{1;5GC5mI!?ʿ3S>ŀ+3:!%Lhf29霙o3=ԍop-Gk:'H-CxdYyjvHa>\o 8&1 ;TT.V>(qī=ei\616jxQ.);MƾvEEruqDvwzTՇ/rRNRTNFRv771Ŗ#[v|%b9ƥȓޑ4בBOBX7*51Z?|z"a9 $S~}5}=.lzl97p9# ;j:[U k?c蜾YJ$~ {]!^TE}s+xgzGT@ "˫6ŷnpߦ1V#voߴcz OѹIxf/{3B,1x^K{B!L+"5E{0ŢGD=P<&q U/='(,LD{z*ЦDY]Ci' +v{cL3 .J ~~[ӣw$WT- [oH{#)ҙʖ:;m(2OGVX^̇>~z|V~x6V(n@w'da&!R :v%٤yzP3j{XHNF8:UDARg#E@c^up2Vktwb_GAk+L68[;Ȳs'v6ͤjOtїdve̖nBX9Q/R*9 Ϯ2b8'B6Rflw V4zSTw~HS+<~!K&a:ST#i%J}~+& H(~7+9:t #WG:8\:vl~ȪG 4ܠ;{YFi ߔōTD`ÀZ!^M /+Ofp87Nsڕ\j["'.s! aU9[|!4\QNH҇?KY3Ms)=@1Nshx\J1ou<-ieK_XS#! S>fc$"B0ylh]4ƕ5ᐎlCKܙ!f\S\VYqVZ_Ŏ.$|7X8Tǩ ]Kp(G*=d^6[A (3ԓ`|)&GmjodwzajxX'G"u0 aHb?xT[2gVWIBfGZd[:G;`Db.+ h! +7dSdJXH.B: "}IPQpep!ʚ&CQO0MnQ-R[u)bh|zp)(Bc喹|=Bmo;:I;\[ [ {7=FNM`vhbiG0%="{?!#Lr7cr6U?ij|ZtŞ9KRF{I$D㸘t9]Q0wz2ǖj\Bɨ&B"_}A Fl~w+u(a&I$>rh|7ʣaeb$U|XԳh⶛@k`K~oVS+֍>V-߽ ]z, (m:MtJJwLYO?_G#%n^>9bw.] S˭ZL)ddnAG-"$YM&mOY̐*׀So<`B[&g?vm!y\ԧאH^8b;48ׯ&9]9h#01sfZ%l>A~"!{[~`;e~<+kD9+sIRڤ#R-&$(3S^!t-p28L:(y)_Xs JL,bKn<cQĢiyHٗ\FJ??H<dmbsu%YUD{B4aU:!IF3bNG6ѐZXlYJ ut<g~MafZ~T>{Th9@C LSl?EKC@VvM8ڈ |/vsiG 3YP`K[kg||Y_ lWi ᘫ̑yW֐Ո'A"3D<F VNOshhKcbVSђ"ԷMfܕA7):yL[8DvnoXZu T8ѐꉶq4BKZ pT{ϙF}qPk"@8w"_'ȷSUaL[%ʛA~'9}8[^+#]s#fK)uCymaH_  gnIVѻ̰#Wn89xP2EX@FWT'ybE5j {h',*nRe6Kt1@P@ƩT^1wOTݒ-2k#ģfPRA3Tܛ= |*'_eK| +xf6}s0h. }!l[ 1+-Q+CT=o:0dR?wbW6n)&_|*3Gܼ|)CE'!}ZaR4fQ'g#2V?n+`[]JCy$f= u-p o6yfGD-%6d )J8?V;on_)EHfA|qszisC{oY;kQ|705^$M`Z`e6aOly]TQiB;8#Gj(7!ִErF)Vc:_e2 {\Io_^4y 7s*!hc #epIYZu訁zgS9 r ߩr=+T &0:t1bޤDxr82PzY]_s Ŋuf"[I(F{5g6A=P}f++U$0C3nd]5] Yc;" bL'{hOނI T]0483؄6").VhVq<7=;p/6&@ }7NհgrlAh ! XL-OZcF;|rbt̘9fFns{](=1FXQ؝̑ KֵOc5D&*t4Dw'Q9~-bNceVOXǶN4"ՐcU7ugWvf*+ ȅoX |m~U+t1Zb;sNzpLթL.L#i)9M5juR$e#:N1azvʸ-pGbY-<7&]5jx{ i9>'+mm`v7oUmj&X:_pQ&j$`<]F=^wF:<]gc&;؞x/@BE/KOу4pIg \ЖHXkH<ԏ_k}хR0Bo`#,H:5"%eЖX%)O.as]>^{5kfQ|TR9WZLfcD<*hyKO+L$b6EX5~?j słg*l qPsqЧ1A?.VB֪7 +?ǂ$~u4^ 63LLGN I]x fEr=̪aAJ0V33g1| 0tc_^2Z$g&jͣ4R*¶UغpX4b@Xzd h 2?T">&SJ (m(Ƿf̲SN0 T Cn|9쨞LrA> 0g&tp* *.4݇BQ98Q&0zfxf%@);gj])-{x%1:V^IʋC ^ u(l/ ^v--.k [Ϸ=)VK,,|Nl2\ÅC$A R*Z`j_{Gi0s7j߮UP۝aCa,lN&^oLT{m~]$EE_eLa{9!3rd cU~Ijl iFUaTHBV׋y?ߛo曔`8PDnnJ1 ݙpm>@2AAЪI*_ kmS/\gWs& i]i䫎vBw6% e~1 ㆇ9B3퀬G&U淅X~. 4ss+%4tsq vq=&xUv E!9XL* 63%i3շpkaEx*H08r %xjqaN!Gu|*lϰʟ>9IdZ6L~w&~\ p/Q68%1~3GD}bujȐPF3tlv4";~m~^Ǫ@{I9!Kj>TM1:sӀB .ϔ0)yHʆ8J1$]*4(nm{cq*\;Qo"v9YեW-vw҃;D;;Y}wI ȡ* W3SΩZ>@+:Q16P^y} G lSo.a럩DXiQ:#|GcbprBfX [ FR|T\c[$t*'' npXT3ipTB2+a[ñ_#D6if*)f&8dطy`f;a"AX4@~"sMcW`[ΞOVB'UTOGD,Ε}e$!Xu2p:=;v I0$ky <[jސ1GNxt/'*!)߆D#Uv~QԵ=ff&=?OEWOX%6 V.:Bj|-o$s k&CE? ?ʐ1Q˹^F fo+Dgwg+;\IQ V [0 vW6-_"?%-n8(=B_Bfy+qց}  l:D|}O9E"`o&ǠNdpw"PaXy<;&39)ˡQ+c ,P #;;Esk|3)GKBHL.;+OWpI&8wc]Cu8CoylyÄ.rZ&]fHpv7ضcμi|RT>b}JwJky&h%eࣣgii It^7\IāG1IF ac5{ Y #9\ ntc"O:Lo?d<<>DH"m=f>Cj*1r"W>-ql^W!y/qq'GuŘ' RxRӬ3 ͟Mu/L#zwLS‚ī=b'?'6 )bZcmYV,|*Pyn^sdv IM>.G4-ZqXqDËr yGJ'#˞5)ecy*g¾dyHBy)Y1Ha 7sO6yf4S{=;jwTκw sNG`#Ud ދ1 5@ K2Nۯ]qܱ25ҟ(viM}^,{m+$ lvqp1Ќ c%Mks3lWE5@']D6T9bƃΓs3w5x<%yƃfDT텡1B:LrvV˓]i-A#,s RSQNrЉg) FϛC9l9PQyEྈԒHؿz Yx\ls܏>(DQq1fl^vӞ"HCH-2U*Uh$r?=6p m/+wM[#N(,H[e4#<:]*t|V j) Io/?&3=bop&aw}(8éKn uA^Tw툈5$G.9^Lૠ$z?gJd(} X3ݧӛC.bS#L}0n`&<"YDpUU /VnL`i#KN:eOj!Ao\SR_?3n6|mnr!X{~ ^>`dTb3Or89&wa7~S..-BATV& (}&=v*l덦2Dzsת-[ ^ewb syAhh_ń2V.ZJQU!A{OcÈ̔3ɿoHHc"+Lp6Fy,0ؘ) -66T-Y ϖi`ifHlJKc79=rcV\iҰ̀;6lƺ~ :ʻ瓂"h|uo'GdE;k׿Z˜⭷\1L3e4OT띚'r뷓n{J%@I㬑vE"qf'2;gEX}ưح`8ܧ |tp̤6,1kB'[ql!ioZ1H/i(p8KjdGJ ,BcOvr׶WV빆sMV]V%)w {6WSjG{Hkx u,߱RӣU/ / m>vk AÃZqBU|VÂjAL3ػlC^]ߓݺF(AB1Gz =/ BʮF(j6Q3Zcn=n(3Lrƀ[ǯzA&4/#X>l8” u όpӪcOKNݳJ!Ɂ:v`6K2lBoxn|Y[ ZY/"^Zg/ q'#3rnǽ6_$M/B_wt~r8!aQ Z+Y9O8t/ !.>kCdArJ%_eW|a[凉)6'鯘MᓾtIJ oKRոޞ{D*܉-f|)kky|놸v&xXGJ6, onmB`T Z>hGQnhvZ8Ǩ f8 .wnLgF?!rvvI@  .DgN dL9xlp]3|܎&N.޽R F6dnݧҳB ƶP 8} @RE D魡x:`<0&߸>b[p`@0:?Kݎ‡_Q0_f[BcȀj4ZWp[&3Gxwok.(XHDu."8% 6]AEꃂڰ[ w#7|U*wG_ [Ţⱅ2C.OOe A\_~ +a Hq\=JQPι_w :URT@6@\JMV3,Qta`j wnYĶjF_+3"dd&ar֗nlP!/.l&ߢɵrMfX k% \q"p-ɐ< -W>y3^җ]G}a0vR-r±;rDºp~E:::;O^t9yqXWLN$1dְP1vکu+œf|Oq zPŸ ]C?EOqU Ue8S^V%2sMvRYGfLx#[Y ݃ {,$篤̋7<Ǝ oW0!#e!<[+Lf= ]Id%=Zk<܇C "lIu)jD0]^,tZh?d»5f#z)AZ:k0=[O EQŒf$U3$2HN(<>Sܫ^yhYr>,iRK( U9H/CZ*$ dAi(qA{ʜp[|*mt(E1'&Wd H%NfxEj@ cox\6p*Pws/˜-tPH%a C].*kڍ,r" 6| )b#.g>+ JݺCWp8vt I +TyMT/es3'0M܅wicy#Eo]i@ 70/{ъ(iT>$yrVtM ޞ@͞K,P3ҷ$wtR!68.{,M"6h"𽭍j^0)q m,MQ/`>:k) C竏A1 t*`ʜ|an.qpᔋnr\uqJvCrZe?eO@amT* {wJ`=@ri޿?I+Sƞ}$'Yp(Xhr".Һb+ #WIq*}&pI𗻘(AӤ7a 7CdX2A4%m5gFRy]9*DGVRS"DUm\{Xqq΄4Ls ֟n 3~GSn^Zn3Tak'ߣu^QYˌ3GHxRS .O~2w72jF7Ҥ+~r_CF,U'N#0dcbά%LGRSB[mH67*")U'y8L?k )hh&=볐{'DmT'8juM1^`>:QuyNR'\!j1۶x-+}SۡkK e#FuqF=^Ϛ]VS}: X*,JZH1i7E8POt٦.pT]7}kCw ?gq_XM5 ).FC-]묏?E!}5I 5.)6yL.iBIAaY»Գw}.eQۃ~q^n=^a'nF J=]D2(ie1 C&v zDAs-"a)-ޱ[Nghq'<}x(6;o:;XYX"Cr+yn^"2sN}M- {5:g]t0h!,U^`CC#*Wr˂NIiV ҝ@i{҆oڤ.q24М *1Zw#Q(RISy|#i\ll)7/> Սu~)D=ls_j|ZCψ6ְQ47CU\!C-j#؏/J* 5!)Z֐u`ҪOt:Ń0Ӈwl V5Y|s#*CqAC홠Ԭj/NT.2> Qa9+mٱv9iH|#[6YƗahÞܵHgE]MYObܡ|.^"fhP~4g$?TD<ȸ5r =0 6N |kT|`\!ЇX)*BA&ء-DA\޶ʇT"ZKT}p$֜V[Wš/95v!pLB3maDbmcOs=Ŵڤ{*f^YN$[":wyuc+:O<@/brT >'Ia-},աyZj&v;r q(|=pI7_TJ;BF>EgJ)AXk [Ò΄w*dēE>Sn%d;/agM7ι4ʔt$y0AlƗ`0/sބ,;0wu " 8y bY4\_>ݔb=F>"ͤ8@KvѴ.,¾N+) 7-TS:2Nvtr0 ĩ~2\`̱rqHw!;` ~CJ1%Z(ɿmqjQC F#[~R,^[0 8 ¨N9-Q+ c9G@?L#L^߿CSqÉaH=;6hYEȞ2" OybVtUPNY9tN nRóߖ/ERRڸOTwFtU9~O1-L*N{N.:Bɾ3np  -3{xՄPI08k61_O:zuSal;!p}R+Z(e={NJƏo(NWl(Wc dh-&C$\ 6^7Nn3X8Js^XƑ4yg o7)\6WPۨ^i  ZSa7`zw :  XkH ѾEgjlb>Le'h7O>?+b:֩ t:O|KFNXb8qN;Ҏt&Dh î-)MKp~$-BBCQFׄrnP%i {rO0mm`΄FҞp$}Ft=]2s#H^&rz(KzBߓ< 2N*"L)Gr(~Kj 'e밡qaC@13Er>SWU K8 `.D.9Ut7*)dIՉžђ㍜?P6VO SՔLZd8}J$OsRx\/ 󉅬&6t%$)mY3|ee]8TeW/ **,YHmyA>b QAͶNTz^5\ͪMYeXBiӑgk_Gh>-f29Km/Ma&M{~4:VUUZc sF7P*I!_{KI?RQl֔%5 {= Z"ombw9-y1)Y3ߵNƎ\mchg[`N鴸]}43ZwԬmvg ?,g{8HB鴌 Fl齛Yw"/H^F[4> 4#9Zkn=;Nt[,`o*9j%Hy2\zI!;[̢n9]mw`z(JLH 1қU<8g6^[Uy$؏bۏY!".H/GLqKxkIUtP&_4]i5nQ2hҹ (*Lw=:Ҩ#~) 7<!O^=P͛u zjʖq vV\{̬Ò 4BiG ,=iF&Ƭ!9!׀ٿ qg1k&@f$¬M03h=% Ѱ(.~(ŵ ƗHp&_qe#%kp3Ib hJ˼OJtk\96 .o<$m6N!߫51fQG˞aeW둇iZ՟]ŪKi,kȒ W| <ᆹ{ܺ;VTt _)m4 ,'*&eCUo>>SJJ7kڬ%m8~G$y܊ I D񨗵v $fp5#E+F\qȉAoԺ63}.P*I Niۦ?,$}?'ƵT\4\oYC&P0LATW^ћѬM MG4\D?Y![:Fr#U1W4OJuD`/は>Q'1%L]eŔ&6o袈K@1wٌp_Q{5N^<㪊멂,ͻyi:gm 36^(pTjd2>K[G$P Y-iпM?{,^sY?t#n|?XW_eECC*eWc_bn7dz0GA^I&R/ҍ'fj>s~˥G͇%Cqy1{}KbA5L9pµ.z3X{(qj)8YQ &gl+t օ1'o#SS %2P% z~,5: @ߕzHn#ǕR4jS"Wn腁0%`T2hIshD,LB<1P[|vuhÄߠƩ422fNGɰ~>or/=Uw:,z$}APx &3 Ԕ?{k( "wWB_LSڐu*; §t0onu^&\ܿU~lг;WKquwM9»5iAC ^*bkI%i:QBQblT8Yt r/ "N…"(vR'o\DT87vdĉ?5Ό+u40ZUjN%Ĺ}|CF} (>Mɠ `;@3W{ƾq⾌EHb;D)y}+ސ_v'n*!4 Э鵙'~1yM ;̲)nCLpl\8ËECYXDL"Whs73± dB)$0DCt7z= f!H(xKv 8VkDuD>FK|ޗ"3 ^T0-k=Ly|mIf^lЁXztTg. yE 7DҲ3=PyKw$=o$<KN9fm'P_eaJpqô< !)T&7դ c"}Ӌe<.X)?[i>چlq4M;@I.uQ ,CY ]ɬ1``z:͘wVcW;(SRLG", nၰ4NwTE!@E:%A6=KNT=WEj/69`Tr:{pZ%!D"u0Q-2kCe/F~7RM]OV1nQٚX"; *RH3ȁ S`VF/ fa.(BmlWPTs[ͷVQXR Bqr4*x#}U셾R;Xô rվ(qlo"c͜i:3SQ)\!Щ!Kf_oAe9AK30IUmb.H0 sNqk8DE#دQ'jiaC7p џ~֮mywGǂ@xзT Ê*f\U\&HeDJ/ =mK: sW^t2 [% +i.垼1[-}C-Hq!@Q&( zW?yL0Hd"Z떂+x3r[f"Bٷb'L=/3dD-c{a#s*Qi1b$~q֤9G)p/U d!+ b{K۽2DB}`.Z KSc=e4hm`Nx! /w𧨒ݖ fPdCbęF6Ϲ%fNy5366ẓH 4?mL:N¶5`soߒtS<}4y10zfXNjV4{XLh!9h*ׅ@f?S* ipD'1jwg(Tx_{Rj84AB|Q'oꙥý}]Bdvn$r8w͍"IBr\ZP a8qM3G 7.Uƕ5JNGmS~~;b31S6pSްɧҮHdgdpX(M~a^SsTaq ԡDZ_Jz09 զErқ0s2̿6-ޏEPzwJxa}v#FT B&Ts+f01\?|l{jiMö;J4Km NPCC,6a{.10xZVk㻪Y";O _F+<.]N;$Q W[-Ca =, _|5 B2J0УGe{Aٲ.:I}=$no JW`_`he6{iO٫bʂszPN[-4r9*f.E.+Djgz'y hLM̤tZyڗ9˸wcKTj1FȜn:)XHɍzިuP4u(UTV9o, ѠdϿ]Xѝ0g&;Xu׋6ӡi5.`5m,zXX2[Ѳ냞oiLu6^'%-AWA%: N려2կ՛\\Z+e:Fm9BNHNKϴ *u|/ O <\xF7lk/.07OWAo\e(9K:Ѵ|[(jR`nuOsM 3=DN@oz#'M7fօDO4M ׋.1;{zVL#s;WM#![Ǩ2 Ir>BPCN@r5h>i?n$mY Dڭ@> sTyEZ'#s e##$PQi)YaznUM) w!f͌+c0RX+4&@*T@r'H'{fb,N|!F ?XP{f`;G#VY#ū'Sw *%âV3WfV}Ә:Ay ^& p o! AB.!ҥc([V5C6vFS}"xsͺL失tLLak61V\{C\%!(Yqh6{\Kou ZA:ҭAp# aF.8]G6I3Jꦨyr< };QRMTM }M&%5 mc/г%~'?T!> XHC?t>=YbԫKZ׭bP%y07-@I߫ׯ @*]%cwM%a6GRa Pa>y^xjdDF``ۮBRhb t $46}\҂d2n,FՁ$:_(W҅kZ39+U/gWN"oCc07ߟ2bqEx*[C"-R84 "$S(EIXbqvUۨIqg/d(j:ÕHs}zPXZErc[[J)´*GmFbD~e%.[F~c^/6Tj̓p/񟵺7уػWbزR#NHĿ((%9 ES:v ԿSA$NJgig3d:)|kS[j4y$-)7D/؎3ޖ>^JۺB<{~y Y(xe*b˼b~%h%ˢ[7<<=@9S*4L1f>L'E[KnO\I q}-3m7?JrC\ P)IJ&mEiboӠsRN*?`k#5q1 EnY5n-3Ibka\H{^e357C޸ʫnc\ " 2ʦL IB3mQωƁHYnS񟿽@&Rq5)"]JHfuA2W@aU$&ے\D!cn= v!LZ&5]۸?^-;st4KI.4hGSn:O\y ,8sn'0 mL&9ẹlW&s`:aV.3ֲH3o ҷBo2]}*dGHŵ=ַ {+\ƱtgLAA`xel/#Lǖ2 Z; ,]JP4֐Rf.sSqufb?F2!C䓗k$p4ͻb-*_S/+>ZX<P.p{%T%B+ I0[DxiO&@iQMN3(5VNbkI=GQO,*UF)]uEsXl~eR ^LrBM~(]&yT6SQm]1^b~pU4E3QaNASsU<g-7(!G`SؑERSdSEُb_싔b:Pp: Ѷ?'~'c D:#V ZGTGCPZ_h$KOm1%%6X~پaR9F?%PjN'[ @Hԋpy{ k@"Tξԍ ͎f =e%y2EM 5GR~iMz }w?rV 8=19]0ײD &M:t!4rD`~c% a?dO~lW.W0U籲sj(\t@iW3ųq.O 2Kuh& J16:;[ :6. eͳz/_:ȕ_*4Z~,M<:(Y 36/+ecüZ;Dd^XZXa9e֧GE{ Rp1Iw 44:Zo|o;C?ǓV~KRc! l{!њR'4p0ZB ;Yͩ7?VGhQ6>Fl΢*LL>e` !=ȎÊ^}hOnX%Ɯ(Srg/N6r><9`oHȫ2+:/uĎ~enԍ]qTE7T6sU7.f &>!pP%)3X f|>=|D =DA5q`n\,<Ƣv;ꋦ0ddcgcȥ<νDƀw{떶j4 !NqcP [v,@n T岇,Е>[Zs'l-B~CG^]J|݁xmŁ۪̈́x3;[\יZ=jN>MS >_ .`*hT ZU@G 4fo55Azgsnj/-7>5E) В} F&/W9٩Qx[119miT P ⣙Hp)(;ylb NɾXI~AY|}=[͓C:=%QB UfwZP9AsYH&#Z wP"<'5s~UGXsc"tb+4yzrLZ~gs(Q:Ǜ1܅[Ry ?%o2r:Wۮp<) ۥll䎂_/ԗHȦA!q=#޳6R pNt6w)UPd:)qa J: (Dg/S{, ?gpK֐B59'DvSrDQ)BmY׽[k@iWQ82HcbyLy,Of]!ݔ'!cG5Oe4/ ^\Tz 3.&[?^hәQjs_<*.y#֍Fy!;>e^CPae# BFXs5f900>k{+NHnp$R1c7109x?.X/uC'>=tKZ%u:_K6G.:~{hkJYp$ѡM3 m@OKusbqduXUI4B[48T?nynV't(q`ڦNi(h V bK!|v&7ҾՉ'MPNH -ltsq1 PwsB:u,sm_ w!G '{@E9>>SaKo__ }%b^rx< Aْ5{4k&A1{7.}6wx ʧBOĪ"w)LڇN~^+ >ڭDf^դ# +B;h갶JMZ_$Bp)I $+2T%t+~P<dmgOǓ4v+L tI"yٻr  KG|uJᜋ{h$]W^ QCljyLᲪYNW,\ Û+AKJ4'aÁ&dq48EHpހF59 TT|ڄ깿}ҕ2Ex,3&)6٠v<-3.vl-oA)L%3.2`K *-Q^q_QNiYo["N\8)PCbeYA|:cqduə ŧ2B ^aYϴxҟye]͚Ol6>~B µٗ$P"i8S**d-.?a25SFyiEɨSo-Ҿ2;-LJHPvrˏи4{gW,ZLgI嬼_D5[ B2K!v{1ŪCe.o&#|Tpk-vKKHre_30d IPA}ᖃ1JR!|V  KqObJt݊RAe'W>nﬕݩTb8uF7YP»  10 p ;Ԍ5,~Z' W|7k5z҆nB;wʤSm~G$g/$po,$8p\I*Z*iB#v O4X6LwVAj( 3N޽eyp)ͫ#MhO=YJC*2mR ; ;`Q IZfuyTսU7 C&iS"LDjG"??R%пP.iNǯ@tۃU4*= 8.;f2m>I4 _39wg?"7~-&&gY,t!MVُ+Y2e<)0|Rυ /rkYY$Ny03oOJt^=ŶxC+괲o~^ 0W[*UP3/;-Bbo$AC:T޹jO2 R.?ߙ-o'eOB1PI]Le$3QN-mA PCxaϙ'H}%H*r!K‚u2yrk-R#Vq?s}/ywzW*8QdIr2H, ,)g?E'd52H=7H>wsfj)Q\؇ DĩV0+MA\׈ldFe_ܒ^qФyqH NuIFC<鵢YO5X!&'7pF 0ʍ~uKr'~3Q\ƴ<+%1JlD/ݙ tH>\΅YמDǁt2Wۻc2y^[neܝH5gb@BAYvɲM :p$Ŋ/k\^Z%h?zWX6M[ ɨbU,af˭*$]7 e5V|m4P!Qmf/;pN+,iDTD5PWpV|Gĸ-fLTb4qy=kz&} zjN][ib"uD  ,o<_)f07a1q&탻I.Q.I}5Zx,HDUPk@EE[DT\\ 3dBnI-M+/eD_O2z7x@즵c`!X}{|snL{q y!9%ndf񵖅f%;ikrO9 is] tN.%04Wc~v"vj`"@?gxOnAWPsWF |5[Z8ϕfة#u h_6zcsҡqal0fW_t ǡ] FGcp\-QlܱfdqҫlDP 0ݛddi)PCd.&ĉ/zE_ !)"tڇ&FެTSg}fI&8\t6昬#&zKx<|cw7"up'l`ӝFZ1K8xFsy鶐ݽa FoXF Rϓ!R8i?\ٺ\\L}/"hm 1#_@K8Zy’eu7_3NsU/W~e~F 8ByT} bea\(R?C''V% jZa ?aVBu 4("^NƯG9 2xHV%WK8$Sј6R6S}9٤0`gsr9*h"C "8(/M8 IxU_F13NDB+M:du54-62.zكw|ڽ/5ι3nS3 ictR5#k[Knmꐑu=?Lb ʐ+c6 *ϩ%?)UNX+I]hdJDgT~-bH 1 tn8Gb Upt++.19OxgN)1d9ۓmN3ZM]~F{vNL*D]73{F[F RQR4s>AxE_]wNWD@fgn,Y:žݜaV%8v8܎6h( ܆~qT!_֕Ĩi0 svMU[%k|Z0`|0; L={-O>(h%։;v^Hh7̋ұh:H={ք 3lg:'/8JB'pghޜyF!pXzs׫˯g"X@KONbS'nj2$@Z[Jk rPqBٳv o|o(K>\H7ױ ZocWIu1Ne J#\i& ٘,9V6=νS`ÏXEs@gF _ 7܂&|SbHg䁺yj;x;ޕko>qm\cvs,ŖN@bljf۔S%Խ.Ȑ+=7M5}M |rmx)erJ0ZD& p^%}-+PPϨEׇ^jk}b@U"R cNY^ՎYlGgB)6B\4`څ< 4~=>+&ƕW7}6q^9nDǛ,rA:ʷ8|/8i)ȑ;uN6qe[n`퀢ޣ W+ 4Q2uwQE RpܙQ`r=~L|xz[!;vBVG V+ FйfxRUyHϑtFWKe,[a(ycIXx3 `R`tUGiɕwL#i6|/N3["y' :Hf^&nxIY;&=A*96C dFՖ+-J8OE}fӸV&F`Ed8̠He_\#[P24.X^Yl?ՁruGtOɤ:8$zVQx6Tx#v[>FRM!/'089ޯz7r[@)j!KC,}~gu9eLH!P(ƘאD isʭrP`U4XLPR?aЎZi`BLC\_JBUbw!Ov`]kVcB!A9VJGiird+Pxܞ RҤԒV/n_\>zz? K?#2zs'fx=Sc- 3+-]8L-՟7 ~Aeo<)0"s4o93ob[yЉV3eSC5tD< m =e/oojsIOB0y o]xyI}eB3(d)aF0p~T>?! ~Mtx1x!Ψ9怭$^[ K5WFr8!-MQ o# zWɟ-|!)4\?Jv%&-03΍Řj ]zW?a=NcGz2lcާ JKc%R~s&4~7T6`DϏW4u|\&JV,xνzw/jBŵv9@J\]4FqXr$m7\wl[X$$XKVTշFviƺާc'p叼;dY5iW8Zʋ4,'ըv;V]vCgr%"\ -t2?Su/ ?!Z CA}5'/ 7 S d "܉)TJY‡S{G!r0Ic~#Ck&u\$u\`5EcoM ө/*`~WQ۔ T9!DjP~nj'%gza ֑+@ќ)B;Ć"o^'܋rH 'sCaPrBBѳXSB9{e~){#J-1rEkG/ _#u>+z+]Ж(P2@`n֯4~ e8~x[9ٵы5Dzge(Vkhjf,t_0 >LsFB 1Zm{t hr oaákB'Sn8Lq!]B4erWAb!ţys=!f6kcG֭AA #>_df|Ks"`SRw\o *7lMjQ*U1YA I8%&Jx';޷R<_1]|: ongElXx~%-o2bfPD- 6ũmn0,p1N_O_7K-3PmDo?W cNE(d~Q+@hu"5GRGPˉw(Xe"@,r0=D\}sV]ovٚ5}Dw ߺv/14~ΉxNÇVהF@ -A~aǖvHkTٲth. $jQp-wq6PN#A;wR7>" ہ#i#f$!dY,UgF+ 3C sN=o|)OW!qKu3=ߎ0id+-^% pu\<7lϑY]˒\i^)W vnkVNa5G5a3k#7'JG[VGKr>.V! br 9BA//}o(ah+}ʅGCADa\ZaQ2!g;Ea EBf7?C{[-fWR(Y%H!+9,߹@?,@Zq60fi+)AELvVݰRZDݦV\>0HOx1\-GGKҤ}J9ho'i{G<52`Ǻ*Ay\H3[ܽ)| Vb؝_5,őiEIbf`,^C'iJWukrCt9&@%=#1J`2+y#D5\_-IlSYoˮT!=,1'gb~k1|]1qߗҍ~"8VFŏ } @cw'05ce[$˽ʞ"ۂGS`_Xpfс*32f2dX-rDBv!c- -{'8( P,rMT슆ݜgiuX]7|F7D^ l,`+\yWK{aĀ]z&A5A3>9Oz˥V1 ˆBm?_i.iqj70~}N.t2*SaTnyA;rKMKbM-\f =`NxyҠNr#vVx6@8 ;τ;ZIZA !͏ $ i|d#k$zEzW<7 ӧ2eߺ)$Ŀ H652&IWz9>Nfj}H'fL0|VcZ:bڧ_":_}4=^1حA _ +-4']!͓3c%~G"T;ы7QM@<}:& XQ/D;5c]o(5QC[7 k]"cSB;HramE(_t.q4Eʢih9~P2T ׷\?gj ̪ tN6Ѥ*m1T܉>Ā KN+Ry~Q=gHSDWNèi;T qsZTڱH;|P{"WNaThw'CP,: =XOr~ȼ&4\|%|ećYRUsB:l|H*Z0%iǃ([*\,*0MVqjqy?; kϭ $v(.?ݵj]ni@2󺤕h]Xt+|UPKo%ջX*n;+3Q \1A6x]?Zx?LxNץ<]9qy"Ⱓ͢]^n~nuJr0yI4`܆=\4\8E6~Ɠ0zڛ:%} n*+ ϪZ<"}$CDMs/Ea=-N^؂A^knN[bt8!{*jgף݉rUp ]zK]=gU$_TǮDM{;U6?rmS!5ֹ> ]>;AY!XƟWTRt.jz"Sy{j6M^x2<]vf>cK<Z L'7j}*I)4Oο+{.)kk"7Шܴ8T1 1|' J3R-id!5ҰbmTP+3>nuFe #tPni9X\bm:JmSv]SFjhj춑|\Rr|(R{5< _#g%ְW0|/;Yvmff"ZLHSV:D6 'j| J$YFjcJQ{N~cg-z;tvKNPE+0,xzCdO:gg0THf/ԝbC+i [t?}:Aꔉ?Iaۑ?v`'h73/xF'voPcXWhL8-SV/CYe6Lv[*ވ yhR D!e"S׫ ɧ|Q!p1r#­be\!?ɠjG en*uBߺ_ }6hSؑ># w!2;1>63(( Gu/=HjQ/bYr_1pLλW- 8[BLQZ; +^Hq֐B*% .OJFt[ ܫ9yma) (0LE3*[`J]Ezr2[MMo^5lD%rkE)" \Mhɝ *\E,{M{=3@h6&dٽQr%P[;H h_5-;zΠ<&Ƶq dPEq .t5h;ͻGEVbogP.LIO٭*u]>d \(+r~7@ƞe4}h&2ʼnFo7V$߮'-]B8 .J~Pq5]#v `0[uSa):Kz f>d5 %8Y9 zFYP]v ms̟UD Yڻ/TTw}'< h_QVI%VEkŀ]pz * HwHl´8= a*Y1q TC|r'F 58?w [R/i圳 &GB d}e%ө}xM쀒nkn׈HHgf; ljՙMgE꒫;|KWn!. !Y s\ԅf"bgU"wW_U*dԇ22M-5״a,dxr;wxC bV!<%]w.1YO"evܹw><^7߉AtWwP7|C(=^*M)n.KtJ2Np4zRޠw."Ӭ@O*tlF*sZTz AIosq=8|J&D3afFIY7gRh>?9.1?aW;dJJ2m$P7OqD~uKH.d̂^I0"GQe*LMZQ(xHAש"F϶'w"|zXE&f">,St9XJQׄ0_) <ŵ<_lg vʙz׫&9HM!ۗ TvD:n;fb!_ "JfJC_HBC#uR`%IWޘ։Bxop>G%pM!S^2tvdT كrd@/mnŸo!}ݺʂ/U;KҜw\Lwo Ͻ9VZc2!e EqAcnZY21cQ,d1X5yJR Z(2lz;{K);72)]n^\i`s[fA6uFfPz{A; UJJI; ;4F.m]kx(ݨoċ~NT&E G$ڒv8bcV#=32˘>d{ܚ@ `߶̂uvcmM zLm}le=?Blأ|TRܵĩԕFêsH{}ӭj(f-*̀-A^ 7h%73*ŵ97X*P]g+ٰexN1,5d=79̤ Y7}s\Zx Vhdn=GkdY2ƘI5Jdd(nd~`ל+חnWZi42A1U$-d`FIZıkAXql,(\sm-Ӻ>ygbUd"-{Fam@r\e.?瓟-gă" [<O|1r#ՙ?-1̯~Rk^ :"TGD4I`*Ktuɬ \ʡ YGY3f> z^'?zS p!uX62AG>h9G3LR)q û^mxrT-S>Nޱτ#a`Xz%_hwc?֒G-y*V;ej'Fy,5RGv& { zZuϸ$bǼПUb>IZsLaΝ4D*i^Bi 0nǼf Qq iXoz9iL Ě >qlN٧ӕ|gpHZkp?cHGq֍=; otC2HjfC,F `8ҀaPU.dj "uXurW!_ȇ9xl@fr<8Ŏ\ATe}o""1T4,]DcJu.jyOZ4))IxkF;xVB6a=QG +KIA4-1/340A!bic,o4̫„T%w)5`%T -=e = _KAAf_|Ya>P_``NjGHbzG'%TM-Es;3y|BdC{{[nOE1ETf-]MYvd~^:x%qQ~fi2PC&_H x]LƚV/m]Hd%\Єم_NG!'[U x")nȒcIk_"qX2pj7>O=.oS88ۺ_=V~,@P0?>T+&5sA 같ӉNq|%dQu_Ҿ Hи#rw WH[A6Sh1׋ AjvH!1V~5QP ~ravԍjcR5ֻ,8ܳLJGEf? ,anĚԒ˾Iݺ?:Iv2oq߆\Vgɷ ܖ7‰W6E1v*B[J%GȖunAv(;u GmOkE,`[:P-:["~JR)VB&/5Yqz}9YySbjԊYC?=\e:k~"oITR"ԅ,Tc`64=3kZn@~Ԝo"%pٓJ#\#{ w3Sys&hքZi>= lYzg.e{:팞Du1ͽl eXYrYCԆ bYΏ3s8 6;0)v AV$ٶ젩hBQBL׮2;9|]2%n̴h9G禨%}G/(c3C4Kβ𾧴GA8b= 3[շ:f<^;Mhg?җkdQ{~OE^1rc1*Q.U>HސaJ?OOvDo2j Ss Rq~RGpOj|;&t]i_^>N p'o.E@[zCU+~ܒY z+& WD<6dʷ>,ώ?-"2{kvROx01_E@vd<âm,MKEQ#y z":P#7ZF󅊮?ET{woY,Tc4B?L,!:D(ͣi@^lvmBk#j+2O܄&W 35z=,eKY-Ꞛ+~ߕ|`uH-fa/րQ ۳ `^Α[<0C?bǚz_!s 9ʹ%oOQD-a}Hº _t/i@0"K^@*3mN.i1q;ߊ8PVS-]Ϛ8E֬쥨 gJsNJVwū[,B|NT$ "~_ CEX@HYC ݈ zבR#d;4_؅1~ NZ?wO3?ݏZRw=}V PF=G2M̽P_.-vnj-.VM&7#?≄*X%`YF|(`_кlʠªvFE41A7A=y5CY4䱓ߦ/_\(DN|hcLc '`g%ѡoZBsTMj=]m$#{[KZ$\ha#@R2^NM:A_eWwG:2p3trPH[d!eh*Wm [r`ɕ#fbF3TGt7xۂ w羻gza)G$xcG&Vi$[C*G !i&eolԥnUg ns  -jxKٛ28ŒQ1OtiRP}_i{2cC1W0:&Ca37tqOngyE)ZTJ Զti*#1k*.(r#z0)>0)R ¯Ft> ^-VOfWRصNv Ί?☢ŎI(O|m)HYZ= {g4|ۖ` [{V"@/ڃa _FcP掊5ZǻdKm5F+4$=ipo`8łL"@!IMw{YV$+.P~#!yڷcoBnOd2>kZn-p>y˪ҭYj d b-&=R`7U0)̼k='^kSc E f-Q|}7?cy32F(,s[5ս{f]}5}NZEE+\Q2km9^H9?:X F+R-6` d[ۗ5JK|1Qյ4G%דS~&i)&HBaMd%wLu6'n]}D6'v= !z!p4WuuvQsQ*pUeN&(Xk)9\>>kmgl<x\8_M/RS4X1"7wB_v+4+(R\|Xy7f՚H;,*׺RkUXvA]ژ_OufC[ tB?JxP)W"Ho/"O9sKO'kDї& &Hq% k>C+) 2VW \kNk HA{uhny 1wðIXFq/MnB*#{#q8R)M}l!7LJ0q4+kE<_*h^ ޡp(nAg>ٱ_xvu, R$a0>%E NJ9GrOY3q}@$wL iE'%o aHW? Tm&|G^@fZ: 9?}DMT֍Ku 4`ZlcjIeؒuN]&?2]o ,zFҒnVUEZ|>9Gv/^ko/8r=6fQ U-g,~ d܍YnvrGXVnWάf%Yj'G+RȬ#dߠbwbԿv:$Թ<[jJ5asp% ;0XQH,hR髋JSMy9u",IJ9 m/ %ly`\sެԽRU]xj!6 X#}x^jrZ&BX:{G&h5}$aI }=P֐+ +v+;(k$& 7jc.v\&1]JrQʦB`evPHg>1nK(~|*\%2unQoYP;jw@UM7b{GqHc.f oSvz,gXْbp=Līb#o_\"0B4lb;/R!vힰ?eFEIOd\sTWp̓kI|{k1FF?6}]}3Mhh亪kǦŋYx 2&QaH^kvIߦ2R#2Ņ0pc ]#\x- n 2-ݼ rGòjLH?xϥ!q7k ͆nVvp#T٪V'VtŝulL/esXfe~jGKE&h?d0X|G0|ڻA&x1bE~*02LpF(l3J%*#rH3nUQ ;Ď'Q @ꐕ20wR€f̅|S810{e@A ^sP.L&8dh CWwX̂Y uڌk.n+Te\Q3ބ[DpCDPahos{{1=O[171zP,`{e4IL/C;<*Uo7=ʭax|È'T76FI,9EErϟwM%'yBExdk@ dfJIn}$V\_?RyyqԵLٴ+Y5DkyJx\T>C??ɀxrs-ED~Xو ҉5:wvq.Wcke`VȌ.+ 0q.O]8_5yN9ܼd{\ǣg! b{6[5n-wyw_+rC*wiXom!!K!gK Hy^S.4>g[S^_t%ۖEOdt[_38sZn\0^x8{ywث",%X0 *pb̛[&!%\K~_ $,}L)i!uqC.)Ӄ 4]W1*'`E-ӈHl_=jB@`3*qMPTG[„=pc,&Lm a1`l#xRˍ'ed1MUmn(IKikɣJX$!yH@]T͠=O-:~aD8|myw:| j- AT}i?n9vYW Qkqa/fܿ^,q2$crZ,\W`2C|Uz‹i&0 uW*uޢ[;O5H.dsl?Xؾpީ'}}>,o6<)1pP I$8fAtJDJȰ9#Tlvi7!bw<' m j6H$j|gc`w[\1L' 91:B? ({ Z U0q! ewT'YQ8Kb=3qK۶ "Yr # m}l'U\ӑͬOUa0A }Q^WٶĈ+d+Ua c7ImXcEå yspqI?ZJ*$faIolV GfK)88a6o ~#;P|q$Y?K<4PYzLO8TJ\hbiN# rlFkZ»שu}Ģjk!,m0TOjNfJN4irǕ7;LtsPRB`1weFFT {(ڪv3'0K0&shnXؚJ3d-@~kX}'q`#I3r-~Lb݈/odtc]R&g+iIca!]L$3>KY?y=0C$3M EeD'uL*i Q?jtSJ /{ɪ6]T$@Dp@֖*!0Q5j>SgQs椪2co&D{ tۤxP{=;a5Z0&6PvoA"ﰶr&+$.]8M־* |:7gC8I>ҹZxBFy?Y2/WzԲ+ϓ_Ym;HjUF6=L1_ {9>dHkM-B;6~K8vYA/Ka<Ձ9+9"PHFsm1H/&Y:ifUy9 d["s]SIvhSiS =xv*Cܡ2KU%4, ;m>`nzU3v*`߱^;z@ewÏ~W>ϧ_WtXN H_b:.ft1mw7َ@Rvլl^Ӟ +;1"`@a k|A@oqoetCz抭BnnsA4ۋڶ|tHyȗb?2|K`O$Q7_jaXBk`HclR^kwcvӖ dĐ=78 ƍ̵~yZ:F]@()ζo +49swUp􃿞-v-wQBP۔{| f͆w'P #O*7cJTϦ WT^3o'a x f"=LF@ù$ɻExlIƳx ͋}[n7L?m&PsɁ3) {;)蠃gR\PN$Y{;I//ɲm_D0'5Abm3eYy`u bdmAvϾ~G0U:*.T#[~hSK ۚ;^ vGF4Οߢ^Chy.C%[[Ւzh+  b[לm)MWʾv D@Y$ \ R/FQCRiXԤ"`b:{4_\Eo\ $Ğt;+`ҵ =}vz./7(³%""Fe<:3FQΗq>oꯄ)4,+[סbw@V 鸦d}h΁0{Fӈuް~`p &\3;Qmvd]=AMi +p; /ս\# )# X~rsE2j" >``AB4af`7 )҉jcQ~oZ.G‘GDo=پQ}ݑʼDn:,@T&ǎx7X>-#;́ơM䃿 R_N-]ASc5]N#o5ܭ@Htu`zźb1o`̇"(JhbXV٥6D CyFDiE4 @C_DFyxha#Tl;Ƣû}VҹeSV5Qk6Bc?r"x <עB6b1{ |#Fo^JGj[":d:$پM"U$<-ۨo WAG4ɥWˮ A_emiC=t.rj&s N+_!^q<}"L.N9`]y_}hh #{ⷘ1al8G ւR,riCrq CTz?EB7>|VS[=Ɩb$Cce2V[b:_ ҢO0--uC1"q^f KUA _R:^l "sGD%e2l6Xs@Ay@ԨX#_ _Ly&/!^,28&#Z )%0ZϮ1t Zy>ʕB$CCj6XԷG3FNX6趔 AߢZ++sB3g ƿnwz,;Ց>.c#1Fiɶ}?"BYA .?Q"|2}VնU?Ӟ]{0È"?{yG%;-U9vVbIypZU@ӛcxI%ȥQeSoihH+DFTot(%nF<_ :pi,XNU4_kMlAq˹ Ԑ(%Dke$5c؇Yٱ`/*¢(ah?,d"7zxB~Sqc;D',PBz"FK;ErJ8/mzi|̥|PF{?C3C_y_lA&\D¯%c:SmLVL9>o/DH kKWINeWz>,ϕ%t-04Gz{&G4f'i~Va6 G:z* ߋ:1ͦ`DyGBِ}Xs'F b `N $,%딹̿+g_;vTǵb˝ftu>L>#= j`f+ٝq,7 1/6ċg,am.RP>LA&f;0k޺@V`&=| 72>ϓk4$m)gR熜orFri٫\_u:Wp Ov fՑcJ֋!v- U ם`ơH##9~g*bgwnJG9MVw?5AF.tޏ%-xY)4\3|kv@}KJ>)Ҙ~W(ܔ`dTh,0CLOVL©J%(tk5RhЫZJVcPl(?ٺWx\0̠Gz)5sÓ.xf] 0dt__ϩ:-~ך "PjA2<뼇kZsfF'4R*1R|w{ŵX&s*+QV}{a< b^!5hc^Y{ŕկ8;'qIhء!cFѸ۪sʾr~ⰵe_ icG'ͷB]Lɥv<#|%bCN*Џ w2ޮVkkF·ɻ!]@[_zm_K1Oh;X5tBbx=/__gܡԇ!5bH.V~SӄH2t܉4n9df*_<|n| ^t7M#ا|̀`J&f < #embaQ=uBpI 8OM,i-B XZT/k D7B8L^qc9gp+9{KUP@LQͿ$7~7~7%_*䷵LPN>qZZ شLi .Tq[:4ZՌ>])3c,z?_ B]h>JLR7o3v[q嫊 ]@)7{}&:E}@{hYM9a hgpABvW't91Hu@m=jScy{osAδ8Vqиh-􆶮lL70/IE;N3a>[#qi ܔNRQgxb>5TTZvii] qnCIS~׍'EUkp2`t+~&%#\;W1]9wC!]Mh+QxIvte, ظ \~螘TKf])g YJ_ Aڜ%ikcO]qᗎ]2@tM~9RY=u76OqigR/V\/tn+ԣ3='uiu~aaG+HaͣRTCn H* [2emP4V&}YKŐ;/=HLYڨaGk.Ls&fQs32PvI ]I:V f%qn+:($7 iX`Ӥ`5Gyц.kҶM*<Yz^/s1mGcQౢ2Kf2Hd. AZRTb>k'6gl||tX[jz}x.PbJ5ԉ&"Xx-j2pv`[AODP/eOI/dCi!><5lϱo{jԂm,[f Ii A΀PHfO'&}l0G]|}XV`=# ٵ`՘Lڥi@sL, 9L/`RD) _1Ȱj0isӗ LbjS;,EIh8|h-2B,31ٴnP0ˁFKBrr'|tfG"|uidFp<@+T"J 4ó#CWBm߯dwf, k^a_㭐_vctQQ"Bv[Q4!s2; 2EfftYA )%D( w6M}ա3}$D3N֔B\ eّ^; X̙bueg+h xh%ZUzHuy9B|X[ǙVp'ȓE_p_)Y̿S4I,uNֳ7d1SFx֜8_$-dNZ}WUVeq]ꈚuI< oPh& ?83rp\FЪ[@hx L0\0X"54"-'L~.ӀW[ߛF[kq)ݜVLH*nEnd` d1cr$?2Fx[̬rHxv P_Zˮ!.+nFA$YLGŗQ f[ ~6TGW,j^fH7O>)L*L2蹸@}^_$ ρP]O-fPQ_JP$R*.R|}[K  ơaDO'n$[U5n bӸ=YvGqSPaU;.[Mtd}ZZl+mwuBI iO[\Gn _$UYLpST4CNew(Ә,PnQDoϮ#"",cK_E N%{$N LDQR={x膩 ?r?^ 4,: ?[l@Y.mer"wlu}96\U`Cw6{"Ox`N^V|-` Lz6xNG:YVیq_ehj׀+=LLM)sT 6l>S_+v4C|M1j+)pYB߬Lei}"_|gxTϰHZ ue8Қ:L`[? Q.bsd?_Cd>o{setgjoqn~jR7"hp[]d[dFw㪮3mUwB՜jW-MdrԌ^Q"wyQ(Zqѧ6)iڧUT܎qncIȕBO&gHᨎJ*Ou>ޙY#eBzg^k#gT' 7m>kz 88,RvbáղmyWbꚕ>L+YyމS}GX.^`XE22+k< >pI5;ZĝꋰW'%s#`R @LD@}[ػbwrڮ(08q5'bU o$,m8i`vMKS5EP ಚ+4" aREF^J`ָ(1D1 _UMzbKחxE?x47.T,Y!b/Tg7\#9*W} ]LomгZbVVza~-YE/º>p>~ǛaU[堒8zup欻{\70#E:>cCAʽex [#9s}E 2Vȶ}.vCe{6I&Pmۖd hGH%l5ćB;g@ "+Qr|iL,?w3X!H on.~7#L 9j>΄bu:m(иD {g~⊷s' .l6j;cB\'TXfpmÊ<Ġ*|*]1 ޗF94SKpfMk¤r)nP#VY<GZ_!aцA0e6oԴb)ՐÉ?LJ |]MbUܳ$U>otlkF(>)a{2;(Fٵ4<7I;! nҰe`&b&r,CKewKOUQN7hܞ+!/Ԟk rg7:Ʊ($Η[fF ([oMXՔoV]IjrcۏugX3\nV[hK^~Q4%!c;벞f$;e+%/a$Ckg 2 &!b@=zOWSyj΂GiX'bhdvO7Hw{=l)Doj9E h+D(i7kOnv-6[jp\+poZp)"Up B3<KE/ -6ӊiR v~ `^*>>ddJ#o~x 5'0xLf) S`/>HqtejT5_@xkёYs![)xɢw IqFj,taH'v xM$OluY\8I8M1\6p zW[V̍ĘۇwxЊ=o Tv (JH(ѳ,̐AY4 rm Mjљk\K9^2 ͉l)72 ,JȣTp< oNcMzѐm uym}FŸ[:%Mx)nV}wG0 6o* ۯr=1lߨ<mD'nz̼uV/ %^LuLUUxsƁ+u 0g ;YV$'&R1&]1Bi ˝D`!KBc_܀" $ȃ ' >쇗sG``EU+R`O!rf]hVBr C պ[gA ^] p:$TS淶&(Q#.1>X5l6Q4Sb?W;1>w/x c>j*:l*RW_=׆w/,N$4x;? nTqb0$T2TwQ|,Ůq?T _Eo0\I]OoX%O@HlN>& _#ܪJ+^(Y=+&tɁ$눑*Cnf";c9}}6a}f.59Fмgw0PemvoĪe4 UOY[M (Md/-Yr`zby)g&wҥuk|ҽhīA/d%6YʨjvPY_>IՑ m2FL~'u~c&|q(rӈD} zϯLR!}³t_ڙp!aj^"9jp+U\^,[c]}׀}&͸DBt|/<Άs$z"h)M<傖~+[NIɖ(s5he KRU 0XD[/^BsbyD7;Z+CRGZ<؍GH"cٝ kL}<֗&T3%Wϱ?)NĆ+EYWz$`ZA`e!8 nkd"hA1+Br ֽC0[aDH܏|_:$,,ыBͱ͌OD~x~HŬߠ){n|W@w(p>{҆ÎjBI+^w>GM/TPZ !^_9mt)w%'qjt]o$ 7CsmwSB>~R0q2W먃[gC[p~z CieT(5 BAJL{CN]pfO 4ș%oi'ƻ4Ut ExZF2ĐYˆl8mUwR!6ۺ*@p)b=`Yį^G1 [n#jJFyi08k/G`Ob،O>3*^wؾ̷ <3N]~FYC{utm% 7+jȄW&^LJ6CvOwf6S#=VR]7Cc!^C.'Han  PRQ/UtZhbq!L۹$0ϡ_"}=hum4a~rinPD)Co#<9u> Vj\({2ziZe(mocQM+K~]qNulѪHM՝JKu t.X,k`^q:ap9m<(n{Ou[#Y$ݺOyK"[sЯ\88ۢG' v䄕.Bn^v T>*6!3AO qr%{[QkSڨL}9E{)$uc#z((mlI"tE"&>,]gp gQ!UW# G„52;%{P; _w 0C|b5ĈQ#PС0'j_ģ[EL43_y1O ֯s1'7%\: 1)OcI{7zmo+2:fCzo!|Rǖx] Xa5%!r>~J.~Ud:|u,sDyb쳈, 'x(:rbh R6}0t#졺Ga,[e>u[' Ǚj{֬82klKTP$DڸSZlgl u^-8-{7B/uL߰~Axkl؁ҭ8np bpMa . 'g3ۈEΰ.^S%(fWՁ|biZY8imz "/VG6)4zP lT,r>udPoǖ.VHd:|>y.,>bص4?Is̩'dL\jp[i!j͚f|,rZXoI=(Xzc\HYI>=&ɊK7%,d,+$)C/5/61vN5:;,~.|UTj`gk79#gp@xk[y%*8I4–i ߳k*SNeT;Ŗ)[&8Ժ^f\,&71mKz Y0B&{lVGm-a(2|= ߯sܝZnj2;c)'Muĥ:zDҍ0ûqGm iLJU%+`I, pG5\ \TZjCmJQkoɃݖy}d'{X t>/'Apg0(+ndk6wiCv[oA&9҃ON:l9d~oC~$Ƕ2G+K@=/TDvpk{bE[Q\2sVC5}yq/߮}m] " ͟m Ú ,djR|XhUj]յU9`"+P0 B=vXh2y 4 +I&!bBI'H]X[NÖ^vxu Ȓmmg-բM`ܹ)VPT`uy{Ie Y{$/"XF}t-,'hbߌhNe6ĥV5^%5Τ\\|!&^DuhS~dEP iǮBZ^oh$]jO{P9`YͲQL3vFIG倧ӡr%o6m0 Ɵ0X WD`XTƙb@[T t^SIofM!#I9kcB+`ip'-h -vo<_,Ad ,}q97NͶ pPZ|`7;ǥYQ#D9ܓb6Ϯ;lcjOIW:R#tmy:בfÚ c瞥.y (553EBRPrrh̊Jvkf$ s]BN@3)Nݐ5]0Bw!~c! sƋhZ;UkWXnP:c\h:6N{Eh<nԈ߈5F8O3/djՂ*AyV}d}}3˷_mFJy 2'F~-?guk!{)ipbLnD(*)c1~y և9ɨ# (tI=6"hyßn/© |ge8S0uaa-\>v6HxsN"hEMk;D͔͟=JW,Y9'GJ3B֖`DtKndݪf|$*{Lʜ/8O顽H6j5ORȥG$2D;8-abDI'$u0 q(HM>mR0 ɅUJc]b 2FO!=C/9Պ%ҧ^-fnm{ h5Okf싆P,ֆ?Tt yT]*,Q_ik@mN7ρ?W'%N,ƴ4ܱFv9F卞 L$d@3փ]CC'bpF]ixB+0n|h5ũ" >}߮G_lmY=^c{ב GVN+ S=4O6ˊ~/Cbųd|+96yo^݀CБ(e&׽n,lb3Sr\L;Sc6"c7id Tˡvjy^.''%4ee%w(J(M'ng٣&X?u.%CAz(V_Ӟ"^sp<2)Pr%p!Ga/nCM}l5t 6hFFNcTTB wB4t6|Ke/Ոdr<4vecaQsO<^єYJ.}TR;Y镩-hjӃxoz a|* "nvSᓵym W'|6S`! \_Z*uIeqI +hR۽jҰXbRXMK]J v=y@%-8:i8k~3 RB>.%"u\qj/xJ}"vʂ]M_l9sOϭӡ56.KY|>EL3S0ܡ\暍&ԏoq[o}b6UG7Q;ZLGl4=B5i=,㑇>{KCyTxa {ߤ3ZvIMO=+\ 8I_L<\~mG"-$yF`oA&nOtYr@/\JHыhc%rZSjMHRuJAj,Zqfn H/ RՂpi̶!^J8h<| ~ ]qGL. jݢ⭥-s>wW١ipv=\8_oc~ w<~: y:ݣc*>DT]~bdQ 7tp0aȇe>(xYg60'>} 5ۛG) :қU\ !NZ Hɵe:U-P>Յ/fPg~/q5Ǩ\>wEԓ%K qf> JYуfmyЖG=QĦ ԧuIU!́g0@7㟔t\sPU^l)`v =rT7Rc{ĆY?DM6'iV~|}ԩ8ǧ÷KRKؒɨz/QIƼ/ 5Z< jLKbˍQ1%u" xj&c8##1e/:GcpW[nG 4B`(9㯤 GO$W8Ku1rL :1_g9J|XE/@  cOL _)vϊYn;)}'`YfD4̩@!=*zUo<LrzHRa1#ʄ  LAZhPlim!8W~, 1moYr31wD7᭔*rjۭ{ hyQ>mNR6WFޯvق q]vh:ڲ:t)>H;|G.qNhfFX? `F9|Eb: {<NNY? Wu*49Wrq·N&hnp..wh{3wj;-,-fhaO^M4b%vP%oIM{_P\&BA}q6Y᫱oE V-C#<%,2{,)(9gҽņ -eN4S~p%l*e[*ݐ¢ n iW36gUUn7Zݫ#Ӯ4.7V@13"LݺQA1Z xPYbה0~Reim\lwf'f{//4#>įMJY8':h[eA2hQs"H|q-`xO&1оD9E.I6MRbР_0#69W6P|Sq QOEtOyH莧iꃖj5g!KϺiP qw{a8a^L\88Z^!5iyeNh3(d4 .~ VylH%s[|12廊u 8仴_OCl(uӽNhj9!*? FߋзDGET+ Yc̵n(ѡ{k?^!OT,CA ;Yf=52Ю5OPR({pɨw=fd,$?ˁy#@ K렡(!S(l2O$=׫ 78"fhJYvBu1K##Tad *_.-`7%/g-/\}WFM~c,A UT[WXL@~&O F|5xayZ}?g=b_G~#eƩE%*$6_:I?٨$[Fja`o!>Sq1K?qg9 1f !=<*.AOP*)S]*8S5~fNBv)*~NmcjpS}Rb_*'{='lzo7"l8gnJPPᜫ6 5i4W.,X]&z2mVW\x soa@U9 kbG?]F(Dޣ'h 5BΥi~5-m p\AX9_L(9u ^WHϣ5ݧV`ךPUSrN}PjMĥ V}gFq#;45>3 3k;UMTƥSBM tMH^PF_\( ` L{X#{b j,b.jEѧpux״~aHzӂ $2KեKC$n x +!eu[DT=IY W|9 cS @?FƮ5bC&(! ̵ )XTwXE_KJss?䍚p0u#7bfěECVKgUzt1JP[2+K|OOߖ@CFZ%q޶a,Լuay]5Q@% 2AAqC4nUӮEU+v a]$í<)r6+Y G;&6[PF6 !Hau؆<8Ԍu:S9k,׉X Ո. =$런_5ΗqWRBfLCJDZװMv/k?We3_o-g eV:RL -m\l]PaVAr?U!|!MSerMt곑- }+ŋ)Q߻i’Z+|T%t1D"qxԅ'Ryʁ,+aR.w(jYW 01ot6nM%;_DקS{%_$sif|#呞=7n1~n,6Ca/Ԭw'#I W܆_qC '-˱vscnAwfk~ʶc4^4(w5#mnVM/g!mg]GKn_>h.%09i K+j{ ^Om^]x,3zD!R5{AXiFqZVE>W)%K#TyhG&WSf8[ش>_ B޵>)of n[o,es( vHGЖ&`+ÖNKriUmHB/k,`!x>8Y2uz+qx@U92lޮNLu$҄yML/p Âx(xiݟh$)$4)kvYZbcœa%1xܭjqSvιj)#V݇"VkLtR_?BU $[On抭e#M2rdr$ WW.#ldP'Kd "$IaC9Y;{lB/ k,E؂Nݯ]v|(]&i"ġܞ^"xmW!ۻ7yɻ 9]6 n5WUNnnO(<հJ f{81us37Mfox0#,y{Kx/at:S'dy;W-XSP*0'+?tiA/ "HAd“&\?z90k5(MS}fr@LYܿlƳXDh]L{>-$pouԩ1qa= sx۰oTx+YYY 4h JNqTo_l% s{4.~"W݂}ЏƜ:I$Iw?k&`18+|`G'Tu_Yl֗G{.1'JVUodil#I~Ud_$[xU0e'se15ŗy'0W:w|\&0͓re'o$7A}X}E0=Ԧ'xuVYcr$jm~j޼&./K塠Hrg<~dvKmֹ_ܭF ̕Z"hpd삦_>,ǔhl1n_B)Jʶ=!xV(κ ~ ub,s#H!FJ >Lr|1D|2zNyc*vPFz:qnnZs.7wƓ03K '3!SwUs <ȸM2wrpfj+DoboS=/_5mBFk7F4TIwGEWڂ0ֱ<"bE eup}AԨX1P4Z=*\Fܿ&m}O?0QH(W"b2,pK/'GXoT=2F^7 ):?BDp7xw*e>XY*=vߋ"<u[K#NӦ( _BY G_wbnlNY݃P2``gAw ?ʊz||RCuT^lI9F7iU Ūf!=#7l*쒷B?5-vw‘Jr )'V6KK&, r>Jkq8|ap;ocn!sBP;kɑJף;Za1R+ LQJR*W]PSZ`ɿ)"FǏm uC>S!(3. @2[8m5"e9Tôwf;W}j|Ds'cLN]qJT-DTP>g<&=i9FU%Nh ioVS\Jü=+Kv\'1XQo7йC}[ 7Za@cBo%rov!fa+j +k);ظO'?Ry::Q!rxAXA "wv $3gG zC"NFGmz &sY:{Cniȋ΁'%ľ:iԿ,&z;AVqY=qYsvo((dKɛH.a*8c'Wc1@)@VoѨb^8|cĔ^+֨/$bhh{G |(S6Q[8ۛ9A3¥L]FPG?E ^mmAtI('ؓ?Y~T`UH@Rԯ01QC̏7)3ς4bs^Y5v-Y |P\̖jD;K6Hy)N`P.8de>JAfvإ~L Qak0'@c;ht卻٤"gM;لb#TY6.3_ 2)>٧ ]lɚCQgGMc3^}՛$ u6&kP )G TcUg i^4ԚDإ)X ԵˉUH?S`WغS)o_C9X9H272t'FO9:Lڇg [?lR Mɡ~m?s*n %|X 3; jxJ+mۿY{yC4U]]PLuD>Sq`)OOoRc|yR g`Xm:01k_2 ]"~w9uy{A6nq0[ܻ42TP)' ŵ,]TS0^#p[F /)wKlHϺ?KE:d?9jn&[7v!RQ]0}J!~ٶt%nEAIE˿R͊M//7b"2Dvץ-P.ֆ/\ܱJht,,^`$[0{60slK؋(pCR2EC;x{ܲs]n 3B0䧡 r43eJuIdWMŭG$0Xu&+h-?΃ ;J#h<䀡kwAzSkvqoxzF2t_[8B9uGH/gC cG\vܟD)7'1.j!*`fdLfmknnX@\C#0x} =Rc. 1KBRepceЗ< n-$WકraB/WrfIBKL$-HNȬC8Iy^=vZ4 'bM^α/ !JbʼnKBhPd h+>b7RI7u>soߓ]0 m(Hw`G߷Mn ؒa&k$hsG=u žxA;^X$KMNRJ{o EN ʼoH6Z|0œyOQnDTq6H'۩GS]2sn^I#5*"O¢VV6;'B}sճ7(6sw[]WX!@2ʘjM|ڴSb3Jh N7:2?C!-ptjƴdQ0WmScd$9;9nSw(n"X~JTb^̛dRJ)c ?_ȔJrW y>NX82~ UA%jRO󢧒ɜJ7k0H`tp.&Su"4-Y6:t@VrF8Dgۅ=2y- O Ă98V&B!PtХ@O KělBg4u3|;P锇 } ~Pu$>  ,dIgYy@-'97N`H=8]hwObGn_m X4̄n+ֽkZZJD"It1 \mB8&@71g˘s H4i#wяR6L.OY/;uְPm:A~^9x[B49`/b,5=ue!=rcsT#:s.(1^${'x5u<̼TǕ{gJC ى V_-~Ng(1@}>V^j,SICtxt,U#g:)}dq!K6_6DV_6-54'Xl2S;k1 j 3}U8@VB8 P9Jg7w_awقa@&'pTwC}YRlro808'u(aC΀Ec",E.zZ$Q"z~dI7~[%onG>*J34#ɐQy+ũkq$#Rvdu<)'D?c J"ZWlʖ{S4M:$^FXjgEY!8Dܜ GENHgPbi.ʇG{0mqT5۲~(+ ,91mS/z>zdAm: a Av|CjP줛\O&26K8-,OeBq%5D*Dfyzp)!n.f3vNUGV`.)KB5W!KsbL׵:ܓYW{j .h>h9Cy-PLDmelޭ<H2!qMꗒvѴMvO{DҜ:Ł^L%4LeMidz"A60-yHԙ/챋5 vа JgThuk?coKEa$P^!vވcL0>cz ˈEϔpACr( 2TR XG./=&ȓjB]ɓvpTnKˤE*_L0@IJ rfUxO.fv_F{B;TFwd+wtq:>(7wM5;˶ wmt.ʤU(1D>JԞU];*Gw*GdIA5j*9Nk+՗!NU4}ߪ'>exǘ<˓#̫(-y٤A5Bs_:5ۿ00b 'Tj{^=XsF/]H.,G94Џ7aF *0'?B:s^<4[@)h)7W+G|0@ i SMA|}W4w_cIO{JT4Glul2CakjVy!Us%$DAW#k+/̉rtn&+ JuK~5K xWv)3T֔cRG"-RKt$gP 5}X}ıM"*$:O }a MW_`t|ӑVtK#'7G._ uZjAbi}e捎Ђr Ch [H5 G1f.%q9F?ҰJ?<9GPt~8n& ^6xɒ^ԿL _e/Y"Jl sg vNqGVO"tlهz y6gKE߰2-TxcQi%H^BGXDh4J"=qB;e6[X*5{ҵk3j_>ՊMONK,%\XԴn|S.{g.ٮM#hOԔSmL/rDcz7 U3؟?B4(66%3*}yOY4iSV"fjʁ.fiPyݯiJ0}~XS0O|@"E .\NNG= ªAiU'uV ad"3 yMY&,M%+yN,Fאf?6zL]':UzNRzT$B 6` ?TϹB7;OlTZ~{ike&x*?0ŋ/1@@+'\*!`s ;M?lJAbEƨp=좊WU7MBM$s/cK~Y\QQ5}}? 魵cK;noud`PHҐ TthoYsWjM'b~,RU?|/g*CR6L {V_`JI]}<R8:h\kNQ-ȭ. %JNKz38Z1I.,X|@ ٴ ~ / BQthAV#@At͒1 Oe7F-X¢Ooyߴ&E! s'2(5St01m:ŭHo}}u$ƥBx#7#ŒS؎X#=@*UPɊTX-eP-%,ڌ<ƔYthpZcݞPx3Kw#=ҠwLY=oꮋk\Skd͏ 9ɝXMW8ܓ5_dn)V v] z+*'yVW[,?]UM+v#j3@O+$4T_hȎC@j#js;9^ ~;?Hv89UڭMH oQ/CzȎ<Nl 8yTX ̀zl=e`3x_|uk2z WMBOŌy.u?A;s@h`#̘ҝY_ޣ[gc:>) [s(cVPCL\$ D[f*x|-}CzGG~s?S:j%G9e&R{Y)rI&pS͈ s JU~Ь\9Pc 8ޕ'!?B: z#9Y (:v!'/( @CVQ!jBrȧh lW1Dwy] o,|-U:rM h+EG|&鰮>45Ig Qe0'k9g186xoC=N>kK=";,~0Ӿx SZ/<;\dLL?LJZUɧdF׻Wwqeû<>w Mp/8/ w31um*AIyP:U] lƺ9TN+"LOB 7Ůd!!&~0$6=?;w>h4b+H$%)+%Jy씴 T-^eQl)Cɐ,I8% Dת&>%4ȉb`0i02l`bmJw#)Dejʒe&Y'톅Wjyu_ ˅&% (e@?or&(n8;eGm m AUI WL b,wR®0ܢV^Oߎ".UƵ;h NLřz!tnnqᏸA#:74qp&g։6m\&R"Ϊ=Wl$'B^1w+qb;/= f+:S/Ғ%HRtS$G'E@so3aгOpa1[_xYS ^wzFh{CN}9SVt懶% f؟|9T@έ/;u6N{!0ݩ ]]eF9+u; A#!! ã˹-Ȭ}~w7ꬃ+xc-bq4~ng4- mwmy+7[ślC?jaZ˚P;L\q͡Qe^|@+)mq,--7hnӅ;!3^$堣`3d2@s4FlHn,Y MZ܉L!}c9w`<26}?L"E\@f]*EOUfZ[m{A?|KFK)i,(yn#gL&WU DwRDFz-S 9.L'Raa;M'P@ݭN Usg>P='C`xMm hS+]ekPF);p(B1vޏA,!a-N~IW? |%v ܴfS|C *zW?:qM"s <7KgYɗdgQjOpz.(sɆ0fu|ʛ~W3J RW<ߨ{toVИ#E.D1*`Ӭ1"R[v㷻.YG1{Z~>z׳/S1i&km@)2X*], 唎uvAG`Շhw\ts#~z;%J=H6DdS1mg]o2]o,ݷ31ð.ǁ0V&r4eTAuK%FkS?w EPƵ}4pSi\qzBdhOJ ZQ].2WJe?sA]^ v$IN#ﴉqv=l@# !m_~$ɷX[zo GU3! Ͻ)Cb9D& ;V?8a<y_\dݶ\NIrxHC+d`|P n:))]aYv2Pw.$wS![3x|U_-D~|'`)f'{hlQďgo zcz5S vrcgUpț2`YD< &|ˣыVyUj5"8A5 03Զh㽃kV9X`1[CEsR!.0]l$+>2">][1ͭX5_2{h[߹|HOσ[t\^1AZ\dzAߤ_?zcl'0c^qՐ ơٞGw Y51lğ(ԓM1?R]6.sKfJTP7;Ih­qаP;n=?`ξWĂ^5<#oVL)ڬ0Aa>[rT^<"*_n-o1tǩ&;I)ՐRw/~Y.\~ }?NǠP--7W[WMhҒ/klɸopWHMy#ihXjx=E;͇d%ĕ$8.# ʜ“ 2qJ^+V gGD]4uyO`{m; i.Ͳ ;֍wDFpwU^tMJܱ4jU1bBk,l9zmM_hǁ|*KI}&5&}/R,eԶ 쾠L΂xf/l k:Y/two!YVh(c nee(Jޛe;QJѭx9d5x b]u#scATjZUx^c`a[=Ͳ"=(,/r8P7)_4MPIlW^ ~pD1{nu{cMX~Rb HD` Ɯ7$J ^S#i`_ |=<\r8Yl9Pb.1g<̈́ގ=Wձ\TU_)o!Ŀ-sZPVйG{nU-B{~XVrx.5$PH61R,c WFag^p'os,]Lox {,:!mﮜP|)fm['_պJB=;dϢ]!mq4랋8Lֈ-V`9\}nx!k :ivBTv*Ē/P {.^0/f'5RmH$mV˸dn3a$xլF ~E#~sy嵂"p۶d^|P̻HGh@cK[77d8}nh_{ (RgS2@9, ӝGA&o+hg/ wIm" rM|\ €=@^cI*@o|I s`ijGAp*+:R< aPTTq+%i BLOen#5~9*'K]r)U,Z_*e65)┽ێZ6@BlQ'= 8ӍG"VcT\jww9WX8exXG\9Z` -,ˌMrf3/O$6I.n*r^Rkj] bT؞~{ ח.X;/Z|-dF؁81Z8Mw}'rGzmbL;K~Ρ>pL#t? -PWFpqn[ٿa"p&-}ޔ'~*)71({"9de1k5XŸgTV|2K) <_u36ۇl?0luoƚZ7!3ÁzP{L $Ӵqf{ZM뇑ŏ v{Ծd  Qɐ!BUdSC@F뷎+6VtL8)uhA'a1;m{ k)ym:oK 7[}ƾxE x> ܀G.ck- Q9>=tiݪڙgjrejgKbjq{VmRگE]*xT{ǽNQD7F1J.i:M1UX)K5< ؁qAMJiBku,{y 3c஽ w=nuB %o(5O؎tk^ӬaT2k!O%qf ÷,!aU>Ktwߨ HtuJhۺ ! oG+-J\Pn;ohb =FKW:5q?sF7o}b`* WďkLZ~w枺ӺlF|@s 2/$7M U>E XYL%U߶ }踾>?!)3(tT9@Irk (l׸S-0HX_i~9\9Ks#T s MEV\n8 Q>Ã. T%ܰ}̀ʿ!n2Ga AO_xnAo$B=ۧ_r$/uՃ/81">چhTI-` G&V ]6mo57iNJv:2(u1oP/BBqyXee]WF;`daڨdu\vAPrHxx|XLRv'i ]f6[,;+\aY/~jSB{Qݕ͆,96jFx&2zekw .,rT֪zYUo`b7l #G+5qN^Q mA5fbH^Kڹ ?ըb%5"/NEQA[Q[L'ŅL#w+[Y߉λ<[ 6Bn$^݃xb6+wMTC_Qֈ`V%w#Ht,ۭVLm,Qc-Ǩ.fMTѤpFYnM(":dM?7؆_6ŕ4:#ڬT%c0~샏t}%Űu-w}Fɯ"/_Zp Q<[ҴIFsG7"roeo`O5u [@z,Đ yV!wj$Cӯ u* MղG "Ƙ vka9D&F{F "?? X?]H7>Oq4W]O&h!iyWg!io|fZ]hXC}v8BI9 @Ӱ@sVӚn.g_e7"ïcط4؁(OP:d9$*p 3::wԄրkE kk D6Q~}-j5ED=T-K=f7AEQw$|5J+"f]k*M(zk_vbEIBšX?u]|4#c)aX69O yn&b$] 2ä4MA?,HИ`eV22/Hz%]@Rc u*/fO4g+v:THwue"J Bxus8R΄B8ׅVHxG:XPғ.߹?0/>ۆ}M$MnZ%߫s[3.lFVO?L+@ěw UȉJIDX~d I.XXJ"W}0bmnvm:%QDcZ'_8. 4 Xk-=Hgl*nL7f,@ {I# r$'qS3@@:x k4N%ǒ>fn.lE`"ԓ%Uyh9L+YD|w٤c9],—#Wu\N#:b-w *"az+b_ᑅ3aߣ 0w,/T8(P6݅l=" l.C&L9bg넦n §u0EpiƼԼ F "ĖHA2FkHUGE9/℟o@xKC(s>ɘ)6%J9t5=/!nkKvB ~bi8O fMd*/)mB}6aZ+g'C;l3uS%C3k`S, y#(u}6h!A6qrQ.7rR<{5m3i%ӳ[&dҜ\#x7#hf%ynD˙h;*ڟ"2fדw*۝WzWvn_IPV+ՃFMJ|u[ ycj1ZXq^@!gkq0p ~n/Jzϑ|NK WIԝ7P$q'3DV}CE}6^X9ͦ: P;k4b$e{;Ҏ56?( -f짇0[P&x+(O%ߗq "Gnep85r= :X(6:}I d0^ CYZV4ZƧC嬒j%Q&$2@M) C:khض4LuE0-dm Dֺ!P؉(v˨N0$' ni[Č[>bL֒/:jg;ZYG܇;m3&:%v^_stlֽuWi=Hex Xv16/:? \ȴ3o<]]*Ԣ]leQ}RFwI  vCy5>8RQ+)Bؔ͢- ٱ>3{ez~-l,U_ xnw`vjdUP3=:ޛSHNZhe۵x{s:[U"ܱ {uW@+7j:!qd>}1ӈ!kl'p@||o'ZtfU0-V&JRDݎ? ppA@ǀ?k7܀`N{! e9aaD )'pJ0{^[O3P\wPf]1{Jn-Tzǭ`Rb8$ңڭ]BBw-kS)pe&|`!6O?ٙowѳJ]'a l4#M a|)r,0RgD}Bbe!qb!qHu;4vC<<ǶYBB0?!m6D m͒EάMK-}*p:u >zyЃηzo r9?Ӈ w@Ieik\K wĐEy{(yq0]b14seVgJ;X\c-r)elMB^veGs w1Zyї@kFa%ób؃-Nu\ábAk;P-P<ﴖ# ޜ*-9v &浲ݔ^UCWգ'aZGf@vTђ}k'_QaԬa{ j_Bt/ njт<}E9(cij;7Q iMY6nO^/ӺgIl~*[o@}b<uNpѯ#& !@?V=~oړê,jX&. s?{_0zchi&*~RB;D}5Lq&Z–v!:aO>e05\@1 sٞ ri0+T4PǁVEFǡ4r EGMB6י_BJCG&Hqէ8pkƁsmZ'es;pz}ƃtjUDϤh=I9D| (9F`R^5ޥxHCcE$9F B|؛'RASq'ۧKqR~$}`cI4e[)+4Stwjl:?q4g2@qL^nT[[Gh.Nu[>W>4.' 9a@DKՏJPwO "TsM-KUFN1:Cʟuv%Iw"9߲ु!'\>q-U|.0 i1cTAo>o|C-YSEP|hK.gY[ŲS0,{zM `]6AXT=cLЌbnM.B28zӦws;(\*- &uWR0tBHX0)~`oY !m/߱_ElJ 7D)F0R%֭PՒRnErTCKsEPvԭ^eZ̰GxꝞɕ#l>q(_OGu N˰ɂ dЗ?O9gQdbDn6‹`y@M5NRU8+?*+{+VvY35GܺEЭJ>{h8CmSAsfCD H⿕c#~Ӝ{H?!5)RC*Yo[C^44Za"%rad pmˍPg]_Ai1Yc#ʱF3VZO99ڄmP˕w z@ƀK0υY|]y9TBt1do0MZ7 iDW~ĝW䄜zvɃCPb ,]SFN =.C02+a& ZHzOƭ~?Bl^&C\J'M6ֿc4ZƷ!wLW.A+̚/)Чk2zBbXIT4kq|j-1w/l:_V@W i\F 5g_dx{#[`PMLؽفu_mCmNH\v䕫9ԕPzhD$oqIg$km58z H&kn;|߇;@D U:^3s"b({"8u<U'g]S"ViB[hg6Z{Q5 Sc`av}% A-䡦:XžZГX9NhF' eN2J?!!/d%aj4W/*JB-EgOugɉ%X٪TzY KtK֎fe.{F/c.2rҗn-E+@o>DZB8kYyf׺>J̔{OI_[;̶  us}CgA&#bֺo+ƵѥƧl]mE-,r}aVIF6E5#B]%Prd۱ 7K?]Hi=r?W'#BG͑Љ\ٓ+ɸLlq-\6 g$d u<:a:DXdUor ]* v9v1n*w~K,"^|ʰ_ш;qMJsh?#y|#Pؙ n9m^+\pmfy#>$mz _;4_(⨧Ƙ.YG_L Pm'6zn:Qskb "GQb/SS qV 3A  RyR׋6uggLRlY^iy4>U iq_ur 9Y`O},悶a L =,A)8;!$98gy9<>;MZIx:4^=h%o&,O`>tKƭ=˒̹Fz!-܃o~ UinE-4?3[,hSi t@ (qoB֮Pxihr/xS03ءvIh"=#\}+ܽJp2oxf{svzUO ta؅[2VU!l_9YT8 t2c[okH5lNt)/1N%qΑёb:_1ʶ޸~m]T["곐QsOf%#:e믟N#RВd \dĐ1i-Ǭi@9[pg\5#mn$d>w)^%8%0T2$׸:.8j tU>[>K PWg40NPƓi4^iswLJrd`^Ң3+#!5; k/́̚NGd[Se=YFpCfZdaBɇ(8J‡3\k!|&m1| prS~#*b|sĸ@Fu hߚQm<7y60}R`,Z X+=⦔xXٴZEdi+4rCD RK~6L_cte0z\Mk|O(x#lmS($e-EԄo3Lٟ*Uj2Y=W`@SX vFqw~# ωAhA ¥f1*Sh]22Yrh]ыR1ӡosH's'/G#Chӄ$ܟy;xMQE>Ҿ ˠMD r5KC lC3sf KXj+7:!\#0Օf,a7 ݤCWY~A֨MO^[UƁCٌW㆞hcjIcʪ,L3w#B˜xej iNWXk/llGej\l* zJL&7ȇQx u8+++j{*=s-eu|^3J-R6 oNo$Iqbxw"rf[eB{]==8HNG'UTVe=D>I+^hG h|Œ N诅f(>c״x wTφCWpu^LU_=*V?D'bT&RG}uAиTKd]hPFO(T*m3t'22 i$U$a)~1 = Zy8=էD-nZTKZ̊Ã?ZSDžFJ6VRIMFdA=^UqX`H-LZ0k۵tZ^x$"gBʊm(d&r]mI:>?ϴlWDfwSޱon2x#W5GjwO0˲EPsfWE(a6еK|gRpu9pLάpj{F5}2 MYy{FVWSm>u:@ԅf$,&m=;`U@̱4U&/#tԻ;vEzM񐸕X (lA&P g!xM{FVHV%Un#Ckܯk atءBĭ<6D+R՚/TM>r{XE׌B ,7nT:B_|#ᤱgYz#4atqQ.Jx2<:rڷ꫓}p*cun-(u0_}[\r5 ?5ْNh38"{AV+:]d9:b37Cڂob)q ^Ю@vV8Rn bW)>y@/'L-&>Xܯ4B[W^ZDbD%Z&ޣcC獥3!. ABG8y&nFvWYO? R{s^oY?AUgS^7pҕ͖m[.5OXs"`2}U7ț=[JjR[ŜXpYE\0WlBִ> \YʌݷTOLG-ʹ>Y%;h8ұ 1fĐ5䲀0  T̪C_9L(jÓ *[t}7b%rFb9R@%IG #!Y@WK݇"?3&so"`P*1#aayf9ALxC87RS׋0x#jj'FZЮaYFrp=,kӋdWg yD)opyN|hyɌ٥(pN躥$_YXö3{4c[ Vi}B,pi;]Z@®#tk՚f gg1jF;l3?cόB58O:c=SG|#˧@y*;܃3w]Q8qUo╺R pb~@F'UW ׬hz(ś@(niV0&]T֌PT~[/%RDE<+~pbxm^EG/UYoAi Bj۠w,>]7UWDj7WHv\ 0BCg{rGS0V$6à/v 5 ߤFP<~b^f̗Ĝƥsp\meME2֐ ̝+X\v{ll`?[:'7Yx)T}(+B7L^xDmd('+驱v,{E1&UߢL>g 2j̽-(t[hRTq%/$v( i,'Oh8Y!R.A]h\?=_wnYGRSn4zP$a``jZe gߺ!nnJur91mtqZgvY<@Io^I &.nX|_Z1LHi~Ѐy7a"C{M ǁ3a]~'C]KH: vaz(YQ+6K/(?,- h3mSjRUB:3;=\>ҿK"zfW =t *«ܩۧc4L6gEvVD*z[`f !n/*=c o ~q3l$tq^Dh`pPK)? zЋMYhX83FX‹x{F{"# H0[6u!ž7JbJ7an(ݠu {xC$oiI`Ȁʝt63~=2=~fAq(9a4;S*bSbV˲>x9 ,,C-w:_O mܞg+> .(m},nvC9+U6BK6ÿzM(wndcGMxv?Qi߉VvWFmٕdQ(`>qOKGykĸf$P'02Z~^hD'AkO~n!.QFf)k<^p1CP/*Ո^W%[V6LeK,SEWEQ[b6ՄƷLFNNh)&ePNƋFHЫN)Y9 Vew[5%fBb<54ȯ`G }w2& =[޹8ŋșjDUOYd]>Nz1By(ZN0Q,`+nP9]BPźt0%?._$[vRzEq$+_nZ,h5̗Q'%y&<"딭T2zLX]1LXfVS͵3whe$'ކ; '&W[7)wt ]vhz=ҾTs|?2,dc[}{cqC71U56hY61ɼā{b +Jۋ&ت9o]#BQkBy!yYK\Ṵ&YY\.8ǼN*4ּ2*+qvRd=}1u,[nG6u|:ۭEpgJo/2y-⸪jQ { Q~ FS oRkRPyubr&`gG6WuLSj~MegfCEL2wBW P8^۝0HfklnYI, +c%eKVŨ{U>t0J1估(NeΚÒ ג W˿NUC?Y˕0WYs^-|j~ҎǴ:QbqB<]f /R~6 Bvgk#,eiyi1*E !\ع۟X}z& Y*ƷO'LUNSܘEd ulhƀacP+v.y@B&zk5y3Ɯ F ]00^onn e4j|ux}n/PfZZ'I~h&zŨG{"9氨_Pa& ;wLl\-SR#XY{bxqt8%fxMJKN,\X>9T0 5_*&{jf|#=C|]/@I|:H&$|ĭԘ[L)yn0xh5x= ٶqNɅ*8um;ѮfW6FIWV٠71)v$?i-Fw7DX+5=\(ݾ}/{ |٦KX=fJ+/(N+ VeWI~B4Nm|c,@򋩣fbDasf*Bɔ|},>5UR,2ؖOq--[$*]:$)E%fR wD0#*8޹u5Ռ2<0 [RVg߈.q}G-~6K}t'T!b0I D̋@ݒ4#Tz#E8`x:s?)T\#E$ АMVd q/a|`w7hdlG`ok0_2CS%8H)+>{hV}>~@SjYm*DBbcуwٚG:ځ&H®3SYl $bЄ$F5RӘ8ķ;[WEbk h~!00' ٤b%kV?"0qj-SzxZzUwEwbީA"@DLgI F\uxڢLA?rj }S/$\Iʶ_On0>dhY0MgqT] `!e}C8P途DgJaCofL !,b>=<"i[f];Q9~fAѬU-IHw0wR](yky]Xn 1h瞔ч>uKn}ݱyS.iqY GH}Ш1&NS תF(&|:;O{h}Tqow j wx:d{IEX]2[HU>厫hW-~ݵAZ#ςzowspe.Y?}k\HB&4힐;<~^EMUɽȷNP\ 2:Z&2_+C^H+#|7,8znS݄7+KGNWg퐍vY2W4&>SQÓe05Hck1UߩKvӦ JfY%C WhB|B0O ͘zR,5[^>6_T,a=޼)nubޠSA&Კ=&۪pG51Mi-]F\n-a : Dͫq=Px8$ %uUG~S"k΂rT* G!jMYpK39W|$ |ήUvԱ2~xuoegb+l(v_Ea=_w` RILm(g4$a^sVξgR}%T*:'c6;K [Cr]} Y&m؍a6w&0Q. J=\X8=4 ,=ס;avQ1OpX/'  +n1.Qwb خ$:;[ ĆZy+Km0&Cҹ 8[-ʶiK1'@4&a@R}LLĴ|E8X+5v$%tEׄ/IOB ,3mQ4+X!8y  %DLY7 6=;m[X֥<Ze>$0,>D;q]Q xϝpy*N#f;b Յ鿯R+edBHCEnD/&U3vùpD ۛɕ\Ք@buI#.쐃#CtodxtVg;?mY?c8{{gkC\#bkyTa7} xdQ"5=CVF<%>jϕ%ֿț`fh5c61%uS4t/y`vJ&XD~aMoo~/8ȴl!P(=˔@O&@k:#F 9H 6 .j=&o&U3?x8@_ɑ/g%l7W`yUA78ΥB!A5ML]N}Z0&IF ` J%f.$o@ 7A@i#HsU^P)Lp2UwϢ7%!}D9WFvgH-ƒn&SOuLiy۽TiHCQ5'DMi|BgY9ҫ%^D[aS9_qq4)pb]Pː삦A)cw|kKJtlߡ?`t(TkYJS.=: 6 `rӘ0V\ S)7`^!iW-ݜ5=dPk6:F _098 ,TKs"vc^ -$mh"lQ/8gIgJOLT'Nʋ+)Ch҃Ǧ6^s՘JMd3$7<~SaXѨ$tu%b,1Ma0K$LSW"J;nS3AP:qI|S~QhH[;iG-p.zC]ggڢk*JdcOl_yɶer:lv fKIu_q%(ƶB#'fvi>ҦJĥB^' 6eM:kZN{Ʉx2)G|2ZZS0nhU۞5J'Xm(jz=SS\fYV2)TVVц ^d⅌X~L^K͆4?>9\m!MhK=91Q!H6Xne`c|9]CVH& :6<$p5bvʚ?/?0ZUPVU^,˫\(1&waEƹ=);F9UCObyN_ߟ|N<&`b\VKy=BG]_DS*@%4Ƨ(9*dOoLgA] E3V& UQVfKêFIz6,{ Kpxu~p$@2g5آ"ϒ} ] 6pw 1_[Zy^`p#ȼO1F/u2Xм{BZHD-J`YGFQVtnJ/;aP ggZbܢm&ATU]F 6*^JkύQe+{0 {/qSQz',S$@cBvvh lഐ-T.GeՑ_Zen nAzop#nRd?~e!і#nNInuɏtek 젣K{P[?5G*-|GCo"K5v~<2ޱfu Yn^dd$CXi*^rSj$>G;yM@qQyv Z oo1@kLW@A(Y z2{;]*KuLX`kbi\sӤ0ˀ%xwNOHb|)$@PuZxT? k/VZ)=a #t/TϜ9TV4zWݑlŔ9m)߬E4x=uݑK,|/2=i7e|rlH/QQb >,3]Soi3ʬ0nHOiޅ])VߙRs%{^@NW.&4݇j8z٥0D6i4Vͧr&RSq29@zڇʕQ].DCBK5Q5fR>HMKg jaq򍮁 ~otwZ=xqnPT: σ-/!cnZ:$A`>Ƀd75D U2Q-xYS2ddjL q(W^\O}!{-K^C2eezERڋc.HT/Ô.~Ђ҄S[QhvE[֓^ȳkzC?FitJmie:u@yǂ&Uab[6DfG0 wU=gE+'xK}v3^pFQ=ۣg.K1_'de7]^F>@T}3wY'}BBCU 钃Zc8 sZ+4cc;a>X^zz:۶T6$<)*_{7O&!)-)a\SE$T?UP&{yrri 0H%L0q6`Q/19~'N;X(w>y$T+}mKx^oU#AV$3T8}x kw:O~neN_Տ^)a8x3լM@]L"gu7/vwiݻ6djC!ca:X>H?ktwZx T1o4}5͒,&kt!('ӢӵCL7~ȯ_K->'z_{aE.Z 잌Ƿ0U8gr\A_.NßFeu71$N7ӜeIX#'ziVY3c/ɒ 'I=i4h^s7Su 3e+=[<<}C=*VZ ʘ_T_K'jIၡc=cE#?%LP6S|gul="m.k]̑q]YiVlwiwmWE8<K{{]б3B$-b?@F저JBsnJ!u1=_WJՇ.x^/(jc 5,.g2}$Xat̠)jGn_VΪX[1 ߖ! 08nYBo?i*oY>6ν1^Ԁ7K4$}}bq9x댮{Ċlt_\Lbk5D@ɹ5||X-MVQxIkPpbrzUUo nY?ZzG>T/P;kڃQŻТ )S#VIM=CfC5_5a>< SOFħn)ѽpW9RS7TV|ngd4^E 5ZO) ~BkL3rm")~&pyK1eyWCJOM۠hkd'8?!7onl|td*.v qP417 ;*0=_.cfZO~9,jgJ)_/p^YLɉZv) }@u I| P~ 5̊c W'%K'Az>ʣ5}H2PF|1x4Êi-0mMߘ_fQtU~2!xvo=2e,~HY"J%zi33;Z% 'zeik(hh_ =\Qcf;Z(ُ,aJIkq:?aja־Mo`iQWZ>([R5!7rȥλ axR2gbMwKpaT!qY \Ͱjmꪧz CD!BzƔ"P h) t[|e+5vU)+K63YWxY؇)r5CpoӢok? 76$jȨ M [Nr.ɭKb}܊onĿ͗9bv|sC *> j]*RݗxH'1KL1%TΗ5%lAg:wt̝=DZ{aX(5nj%jhU̱zNoma * hcA֐~9ZpLTK<& mbShCB,?o "n lsC/vpe h|[Pz-8lH(D~C@@ ޔOqnxw& %.W0?0EC G,#=H;& 9c1g3IN@7wh4Տw#\ hγ%:}yw/q`t\XyE)NK؄Ϟ:~ڳOǖP]T:5݆r&# WP7 7ݦXB;,2<ᄳdoro$hh5]Pԃj_h^vK_{7 d@b~o%HNҵ8}p:B0,Dt#OqMp#۟=DІ?{{dM7tG,92%LKv9ve(I#cG_ zo7~<t:T$"6y$<<zAFgn= ڵgVmƉppU 5QY˦-t' `e;L1``~M>F\ wތ8ƕJ³*u%i.=Ց8F'P]<:n"A峹uV\H uz(axXLLxEK";4._鿭2}i]j0tE$~ٿϊ߇iQ2 [[R|<Ϩ7XLGaWSQ2ar<V;W;ҥ x$ҿ4^P `mL_/:9#Ty!bz`@.UI;6 -UlfܺV'*sj`wS ɠ6kuؖ-M|$uEb蝴V֬CA9:OֶCYmng;P9]lљ h}}f[wP,$D byF% ?Vc\a`6II3ħ9=M3'摇RliU"ǺX_kܐs!$߯G21xbJ@sfg D&r3`c7j͛CfeI~e5G7=Zag& °;my71Y@/ 2 TF$^Pݱa GZ?CEG$Ѧ"9D,°$7eqi jtNh١R.ﲓQaŊIEJ|Ɛ= Unn6[L˹x{a2/;J8ӑ=Aa s " U{$ZAA1?Zx0]kϔr\8<O#!tYdT BvNǑsz *1 '/D 7Oc٭IDem.+%ql7%'tO'(k+j@hj. |o,2c^v9\_R%5I! w|LhvE!$rL7O!@tE _zV%#F_7l LtoyQ kIjFU^5sס-PڌK#6p7W V-Theܾ.\FikEcOya0+ 1ck\Fx]Y/߿nC?+Ye3]YNpb~%!SK _[=[QJܲi^cbG B\ vvm)tBlTt~֢}$Ѐ@ "ܱhU5ugZ֝YI?Q 3=($Ƥ/oJD`@835lE~T(FS%[(*$'7HNE^n)@,A5x: ym[SYM@hIEi'yrY N=&^iP~*CJ?nq 2~Xu60; (#`h!Ӱ=AYMRHu&#:z& >aC)QP+/Al0Ĕ#Q2S#B|'ߩ4/ K@W] ?8*o1'/ }+dTT,ݵ?ߵ猪m M]jlw91JՕ Az2@ ߋݸؘC-U BD lQ?.3K7;m)xDKѿs@AQ3 hiy]C \+ Lw ˻ntc!P!>>٣8 SVeɄ|C yiV .L: ?{5~a˔5" < %ʹ(y;,ۉDN6 aY]EBd՛1FR[z )Qp1qw?lOӀ. %\9pt  D'ɹ۝ٴEMsfz@fb{m2̟rxKR=L B_0kڽ HЁ7Uz8w13h2e\p^C䵣=feQW+2dژm`i:m~^.]Ĵ (%}hZlAٞ 6i΋ R$ٽ e~!ÇV҇u҂밧Q] o/PPV+-(6.TȝKVx[{|v(n*Ӱ$.~,RsDH%iʙuvpʴsdjv6O+> Uq1A6WqK};^(~Pª3Cg&d!)."}FH0t<8UFLl 'Ive`k$FwLK$c} Hr N)g~aU`c<~/,ԺҢ&fzZY&E=3w1o9@&v`c/'{>!v/Ska# :dZ*ѥO0D3Znh>(Pߺڭ'(L6d~:KRJg{&BS>dHBL2 ;HC \A7 ɜSR>{v"sE` PY4b(ݬ1h:lx,rf95I |V|>u')KsNܢF/bw cP ì- ;O'9XsX+hc1]D!OMqIs42nE;֩Tэ5aj@ / u{]q': RYRք{UC>["~a&A"q8Ig,jxēԳP%kS61]=rb]!YZqQ\#y{+8NC2.rh}̣@⅟]ۮ")5b&KPGqSgAxCo7*ܻQD W&-D9 q۟\<嬛(N2 R=bqsiؓnڿ s6siqdKa?v 7cc@QE*DW$imC^i%H6V]+ ~ }-κJvӌMZ yA /z+R苕r9Ut¦z~fGw=W5 I~ K+oƗUafb܋ɚ ¾qʥuڼb/EQv,ޅJ=KA^ee-[KwI6x. M Hpb0lŷTv+K^!䤿ڤ^m9-P?JaTpFNI L'IGfwuk;$gmauKN.O]kf- 9vpBbhp(e}*3vjdܮ/BJ 9&fE%hBC26U51y_x!_  1^)_?VJ`_9(IJ9;("oړ1gA$kc{r)NȈ'H>*(ڭ:h?hn1s0(bOkK"؞CŪ+ F]KfɫbMP_v*7gu u obU:9q`  iBƶ@?K!3UuXkUP|u8 : @=B sXWKϺ0 p@{y>uK~xXm# ٿA) ޡꨎ2lF@`] :Z`c$"T,ɂ)=t"ؘ,e0bEϭ k')z ez4Gïm0Zd&J6a.vq`kGMc=&xQ0F %+PvI#r Nw\ dGD9l"NxLm )A\I`ѝ,Ģ:sfP$QXjީ"ev%%`Ɲ &w~|r'yD)riF~Q ç]*3SPQv[ݻ{&uf-Qw#`6DA[RVWQ*tt*o2u8w4Xj T>kII{mrhjޙkHZJF|SneAV@]p#V8͎XɫYVtTψ Ds@]sk1jC~)5j|? zA눮]\i92*=X]Ulo1bcpVryw6FAGyBw_c8[DBS%rv-‡M"qE,Aۤko$"֦R,>^ |,gA}#%IauL~|, 2 b`o0_Q;a]BS} )qձll2Xp+v<&cM+m{3([OiϾs9` j <ڍ/EBg\ .:dO\04~~[!r1?vBދh~kL 3QZRo+QC웮j~M(aI@yTϋr .CA̫|.3{$p`_.$ۼ5~))، 0賏G\+ Fxv6gP p 6jK6YRþo%R%sSnH޾̅$V}HJr<?BҚȕτpdm4@|jr99{gŜBƟ4)H>S.~7a:Q 2rM;Fx`| Wƶ$&Dԍ26<50C#VXMUM׍f"bVCޠj9I9IL  " jLS çsaЭ 8;'"p3>VJ-*Mo xq[qBuk3Z%[8^1Nգ,M*3X2ۚ3K&PGk|fWl 92emH:PbD,3py({,_2Bt@^YHWA"NG;ljvו35C1.%aG U)@ @ذT2> <ԍM5̝TkWJ嚁 *T`0a5l[yD1߂)N7/dM[lkcڟU;5dR6i֥x6iFmŚu C OYzD@uk9n> 2]IP5K&'?B֯Ahjɖki¯2'AdFCB)l_K-+ #GU@t  iWX-1p~vLX4SvsVέm= qC]B}Xd);b(o64:]XڿIwp<"oJ? ` tUg&BY7@5L%'~%~@i tG||^ EI9ή詌1r @nwny*#8RQ7܉(a^l)f+U=;}'(~ hMɯx޳[USɳ¯:J8tEgmgK&͒HZ3妞"N곡17aa50剚{{QdԟT6m6kiI.?k!<6he5Z#^S)eN[n<0q$XxPaGWyb-4NEgc8x8@e HQN[uG<1[ujZ?tR1%2y|5@қ"CD2Ab|LKY YK~>_!2jUҘj7pP9 >0ӖFˈx@?CBE‚z=N+Z<8~V; XsG!S[9 ?veN`|E $o?{cNsd:6kG/bn4 ')mxHs63٠_bl 0L+X.BL- XX=C=Ӷ̈SK $tFPW1z-@S@t!A3\Oh>ۥVbAv 6ջBFGt""7,)%BS0qFcݗ9:H-?kxszNUv#ѫZL8SGo` -wˈ\.,NL^V#D'֌ч(kM_ H(boÏ2v֢K"{, 4' LtAQg6K,-{7 ԯaj!o '\izYPPP -]s's˔n$ es2Z\Lx^gN*->?8ƭ `q/exҭ%9@TL7s4ڵP>eqTp7%?5tGk*Ѓ I^ɗ R;!̹wA ;8h;EZ_k eЖ|Q6i%Xtzqn4xO|FDE?6Ub N#A=%H8ô\%uÎW}&` A(7)8qv,>!uw$!GDOyj9S%J 笅>'?8k9yЉ-'Cx2WC J0¹Ζ11z,xiV HÒ҃'k<3;{hY[:DTrJ 8_P_{ 'SfW*x߮GsLđMD.귦I}.,uJޛc;׸6uj֖ >-PC(n-*չw"P,s(hT- x |=!f Fs3_/wRP{}ڑ(ɐ%6mbIq&?m Jg̜Rs4όG&p"BlʸLQmrp1yRpF$.*~&ˍAa>o?^櫫U,X|S#L㹹 2 AN/E4Ji*K6Z U]U 8Y<[IejJ[ 0aLFH1gXw:{{^]BBr( >*&% XE]YiD^gPձN@`Z}A {sLR AUpL¿]ŃŐJ{Mvnéݢ@Ş{.KpCflY;O"Lps$j#'va??Su,u3kzˡz*9ldIFwdD LNwE(Bz[!J.g- Igr1cˍ&zyɰ'rBke.e=bG#qHeO5h^ 0,SZ=!۶5qW)LVѬ~iY&?M;GTA;{sW U H4ܕx|G,vΎť _gtňmÖ'S}+ y3VANp1sVgWt0kD~8&K+CIct~#~q/RA2kdOc{3-þKgOEbl'>a0~#sO?ebn入i窌AEAhS`\[UZi~v)חլ @UD~J iY=>s}mB@- rU.z򄖰%XB(KzӯeO$Rz0B./2*CmI^6Xif*TjWaiw㑣P#UKB7sCM@1f"Gq_=f$KT,#Dg:rӷ^c[ךQ{8o Pn7ݶc_1i?,8~ TR$ >C{UɏH׬zc=\˧SfLHR;QET5*\eI#ZR9@"d7ُDb=vs8 r6lYGCH?فT6 -ZV8"dv@)\!6ڛTI2 (`a2nP L;g~3~Am9?U9)},spXo.~%v[{ ' ''hڗgïMb 3--Ŏ-[)5n3̪R&8A7s2}VK<]gHƵ[_5hр(-\-r' s؝`07J9N# L'_"{C7 V7J.>0N)&rcr%ARW`y r@ 0) tF$7:@7ঢ়2٘vAR Bw`+()b(.zu(Q^M2mGknrGGKN1TH^@ϴU]{}!(I~w^:)-Br<btʭ&0 ߼yPePhN1!I%NRPdhX-=(!XY-uX@lj,ɟhZ˶P;Wlu9e؊V(DŽݗXI&8"VċD$&l$9rEe7JGgS|ch_NU(,uQ[j[~z)홏W >0C7*R.ZJߚ/dLt"6dB>c_"s03,k9'vlA&mIA M5AZ5rM.,pb7៘e[F-tBjI)HXZ'Nd_ p ɫC DS{g~i!!&=bŞ*M4|pL:Ѻ+z1y֛&?HhP0$tj O)2ڙ X U^43I>+!VE3 EKyu-=Yv2 ~W6Ll6~'^^+߿4LvC9T;Pe]; ~|XL7*W xs:]'X]J?,I(۠CTVz7iB-Zu=1iȚ;s&A>gRFRD&aQ|iOV6| àW@O?_]K.lۖPp16=i]~&={&@#-V|9s6YxO&X͗nh΄BR I| _qy2>;$&t ZZk !y4jF:}Q`+ڙmb^GPT9&Yf{뾈owP%H*PSYx/xD}#&=WY<,r|0kWG@"\93\p_h3~ TO:z};|L a Uɛoqw~ZSfT3 lGQݾC\ܻHX>Yx.ۼ`m|"&'A>Ŧjg7"@",62K6I`chѝ%"=@QԤB#z~qHeHf/bty$9c]VR !BX1B,!$'ؐ߂tr lfġfj)(HɰНrfR]b(z`ܹRvO2:hsWBQו ZyPm!7YZ)" _\_]8TJTD7<%.Ҏ c13YO~WO5qҋ/讃I/?ξIDZ 6=%%}ʆSrɛ?KUHHCY_sb&7mdRэvN1Vfq(O;-=5gQWrQw.>CـZI '=HJ%O_stmN,c@,-u@7vNUc6q$~ +qv=B}OXd:yW- 7?V;UDZ/J;iLxz~vdfّkHRBt ))U3f>Ԯ6X;)aiC\;`"iPB=,8Lϥ֠\hS\ǔ@8bZON}|Fl}l\Fm "YSJss̸傥81K̦0BkƩǗtPdۧkoq %΋o`,/ޠfǟvA mcdޙ[ 'O=ъӣ#otiDO4kAlk~p؊s;t@CtdA/p%a#zەƏ}ɪ#ǀBs[+Ʀ5WNGLBkMځprufu'Dщ-?3UP}S-E(EZ=v+@V,o> Z2-d'^pBsK=4=!hfEFĈ% viF+ytPuNNkUhf`iCU#EsFr.'d2J. u<׾/S<` Ph AdBͶxX[@ls˶7gv~7~v4T[k#k@"=b2;07Iz.8xbsbA7w J=G`6oY uCaITXLJ;+YtƊBL,r~IL-\bDadl?i |AL2$cCPJsWzACک! ^R|!L;5*VNLaZl J9j3dNzdBxrACe( 'eƙ?4)ÌӺv֍vCF>Ȝ0n5KSEVl|KNxJ;e\K)#Ec0;I jvutXQ^ϣ@W~#)v.dN&W7|/_(&4Y͔ W3Z[Rk-UV OqIe&7IGgZ}mKpbr$W{_F#/ud\۹OPl<19b͙^N8S l08i6v%_j2Go׸prCvLANnPM[,LIǨmk 뭫s==fD&oG~2CEQXKPPOeIrP<xV=Or,FVNh{[^USgs[@Q,3g_Y'ar͛X&&'ShZYع!V$dŞ ïO|ָ, 3VFDrB$'M܎[ҦkR/#S9Q -.62fƻi )z14'Cy^lK.q|{=/͕|iIȄHzvah)aXa.s%;NuM|tNN+z1ޝ/,aM /d,{r>%w°1$C^u.'٩:Y"ۜ#?3Pp;uV*V冝fWOϞaFz0P(D7T9 kMmD +^0t: ^-_OhP]tomc Bz >jX>/˫2Gm Vm)"߫OC 1bþob-96{Oլ6,Mʣ0ئeYÊyy1IU K _|k`'~;v<7* n~od x!-FgciA~qD/CӥYr)zT042f"@}nTc.(Zb5L^yVMqȺ4LA1[B& |9!.k4}_e?kN Սk}6|Nta m.\R$r).?(|3Ok[Wtްa:% I,E8i.MM@ӹ,; # OD1?77_Qد4$ױD}e.ޠ%B{dt/O"\`!vUk]ؓg$h;pATy;[YTJ{"Hp"|; (PTIYVAC^5Th?9r6; ` Mm°%ױk`YaP5<``/cv 9ߝ@8^1.eU|܀eipX쓹sTZ7kP kܑ_FUHkUZв1E + @a 7n+^ob]q-}u@y5:G-!*tBORO@ig,H*>&c*ȫ*yx4ߙ뱳o]/AU8׶߅ sʦhhHNBT;+ߍ&ݱ[+K(o4ѡ]዆):Һ RI}Z`y΋Sx`m  ٰ L(%kͲ|1YӨϘʅ4Ko݇!#H\\՛!M唋mv1N?e2K-I( iq­Ȯߔ'P]eXmW|kѭYv!y!r{硝sq5{8~H"PT.Oyy\3:ӌ;/PUϒ5bEk׌٧.=/3?FdڬR2_$N t4ڙ4!@K܏޽>A; A'g)ʼnTi0%Dl>Pd.l8X:CLFRXP2ajAkE/@FJOi@uH 7f9$7EAL۽>f`"H-H2  b&TJO=^(\ ~3}y/!]{ ;gHFIі 0Z~€]|mX9G_\G ~\1 YTcԾSC&G;3 Kk/:AFT7>$5LSʼnU]nh&!XM$Bqt]M1^dTA}a`n% ʶbV1t=M#:bl.%`l[.Vܒ8Sn/Lq>9N>a8b!-hWcهDWp1KvnzjQڕAWƒ6A֔x-CL:'퇣%aIkQ('Lp ІTniC Θlz ؤۤLYY?qh9"MjTk 4`ae)~x׀:A&vB H@Ѝh k5@4@12<ג0, &pF;nAbY٤Y"l>NLxʞYs^5wi1,{ R% N'[^ȨLZ%=Y+^23:3e  T#uҞMM}6uزZL%\b3=aR A()FRiKUiv-[ߺM! =mVp7$h~Q^D/LNaH!MA먍[:͢+2iϒLQmx#U2Dj*E3-l~& D_9r=RZK\S)3ޞ q$95Eh1`Z*F]h`=AXi,$@TNW$um@u=lL * {l"Nf-1IrO?<\RDc\~ G_:[P|I7~>B r3d=a < Z.1tj%_vuUHWd[jiM-(K'Sc= 'xT"y &lW1-/PPϝBI ['-'?Ѿ={u*jਲ$&GͽVQƖ[T_mKdžb\$O/x*5+AS/ac%:)i`s0!DO+G9,Y՘M{L@/Nϕ:I1=+#<=AD8`Y =bO0}| \XXw%ްrSK<*;?L k)z:')`j&Լoo*"Hf֪fwZBa@{3ͿbU&ͻsa쪆]ha?cA-Zr/1DE0, nϚ-tNi!dF'%j ?SNaE* +J˴pmGv[7G^IW҄ێePMEފݓ 0O y4n"H2@a?"/nT[VOk*@P+!T)s21Lv`kf&'WXpo5~Cm(4(=5>pi .p_B֗ { Q}XNLm,a<+ova>ʂ+ }ќkGx p2tAsg|.r헢AérjD= I z^K'()ChHiD&֚gYZcryptsetup-2.8.0/tests/blkid-luks2-pv.img.xz000066400000000000000000000121641502645201100210110ustar00rootroot000000000000007zXZִF& !{q]oJ|~%C{bNMCk?;|J2 >{H0pCtTUʹ}eM8rK~7B}F:mœUce8cdPhKՅ6-rOخD oT!5Kg#L(6kÓr4?d2W$pmgW^4\6^ϗڠ$:-R`)}$pY7r/b2 ȓYNR O;BGD]zw4ϳjX='8"IDUG=^ou,VB[~M I89 ku.Zia}-$t ȫ=L<𒞘L0{u6EyЖC!١ewhcxo8Dv[fv]Tcu"lPX bA =߅EP6WɣnnHZ`Gxw3#[ylIX]qfPdcur=ydߞܔd1Z~&EE@"ל.7q0G)J?;-D(ol}Q 6A8dTElU' [+|>duMl4U(yOus3d:1%Hv }S/~FZ.+hAKfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+tYU+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q? zg|@!ys']oG>Hr9aQ(棆/:<K~ɊM/ #SYuw jtId\SD _ mFvWMioKlBˈ?\N&(q=$p#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR*%>pk`& @ '>-YZcryptsetup-2.8.0/tests/blockwise-compat-test000077500000000000000000000272401502645201100212540ustar00rootroot00000000000000#!/bin/bash # set _FORCE_LOCAL environment variable to run blockwise unit tests even on local # nfs. Some tests will fail because nfs is eager to write for example 4095 bytes # in O_DIRECT mode. BW_UNIT=./unit-utils-io STRACE=strace MNT_DIR=./mnt_bwunit LOCAL_FILE=./blockwise_localfile # $1 path to scsi debug bdev scsi_debug_teardown() { local _tries=15; while [ -b "$1" -a $_tries -gt 0 ]; do rmmod scsi_debug >/dev/null 2>&1 if [ -b "$1" ]; then sleep .1 _tries=$((_tries-1)) fi done test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1 } cleanup() { if [ -d "$MNT_DIR" ] ; then umount -f $MNT_DIR 2>/dev/null rmdir $MNT_DIR 2>/dev/null fi rm -f $LOCAL_FILE 2> /dev/null scsi_debug_teardown "$DEV" || exit 100 } fail() { if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi cleanup exit 100 } _sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; } trap _sigchld CHLD fail_count() { echo "$MSG[FAIL]" FAILS=$((FAILS+1)) } warn_count() { echo "$MSG[WARNING]" WARNS=$((WARNS+1)) } skip() { echo "TEST SKIPPED: $1" cleanup exit 77 } add_device() { rmmod scsi_debug >/dev/null 2>&1 if [ -d /sys/module/scsi_debug ] ; then skip "Cannot use scsi_debug module (in use or compiled-in)." fi modprobe scsi_debug $@ delay=0 >/dev/null 2>&1 if [ $? -ne 0 ] ; then skip "This kernel seems to not support proper scsi_debug module." fi sleep 1 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) DEV="/dev/$DEV" [ -b $DEV ] || fail "Cannot find $DEV." } falloc() { dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null } run_all_in_fs() { for file in $(ls img_fs_*.img.xz) ; do echo -n "Run tests in $file put on top block device. " xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image" [ ! -d $MNT_DIR ] && mkdir $MNT_DIR mount $DEV $MNT_DIR 2>/dev/null if [ $? -ne 0 ]; then echo "[N/A]" continue; fi rm -rf $MNT_DIR/* 2>/dev/null local tfile=$MNT_DIR/bwunit_tstfile falloc $DEVSIZEMB $tfile || fail "enospc?" local iobsize=$(stat -c "%o" $tfile) test -n "$iobsize" -a $iobsize -gt 0 || fail local oldbsize=$BSIZE BSIZE=$iobsize run_all $tfile BSIZE=$oldbsize umount $MNT_DIR || fail echo "[OK]" done } trunc_file() { test $1 -eq 0 || truncate -c -s $1 $2 2>/dev/null || dd if=/dev/zero of=$2 bs=$1 count=1 2>/dev/null || fail "Failed to truncate test file $2." } RUN() { local _res=$1 shift local _dev=$1 shift local _fn=$1 shift local _type="bdev" local _fsize=0 test -b $_dev || { _type="file" _fsize=$(stat -c "%s" $_dev) } case "$_res" in P) MSG="Testing $_fn on $_type with params $@ [expecting TRUE]..." $BW_UNIT $_dev $_fn $@ if [ $? -ne 0 ]; then if [ $_type = "file" ]; then warn_count else fail_count fi trunc_file $_fsize $_dev test -z "$STRACE" || $STRACE -o ./$BW_UNIT-fail-$FAILS-should-pass.log $BW_UNIT $_dev $_fn $@ 2> /dev/null else MSG="$MSG[OK]" fi ;; F) MSG="Testing $_fn on $_type with params $@ [expecting FALSE]..." $BW_UNIT $_dev $_fn $@ 2> /dev/null if [ $? -eq 0 ]; then if [ $_type = "file" ]; then warn_count else fail_count fi trunc_file $_fsize $_dev test -z "$STRACE" || $STRACE -o ./$BW_UNIT-fail-$FAILS-should-fail.log $BW_UNIT $_dev $_fn $@ 2> /dev/null else MSG="$MSG[OK]" fi ;; *) fail "Internal test error" ;; esac trunc_file $_fsize $_dev } run_all() { if [ -b "$1" ]; then BD_FAIL="F" else BD_FAIL="P" fi # buffer io support only blocksize aligned ios # device/file fn_name length RUN "P" $1 read_buffer $BSIZE RUN "P" $1 read_buffer $((2*BSIZE)) RUN "F" $1 read_buffer $((BSIZE-1)) RUN "F" $1 read_buffer $((BSIZE+1)) RUN "P" $1 read_buffer 0 RUN "P" $1 write_buffer $BSIZE RUN "P" $1 write_buffer $((2*BSIZE)) RUN "F" $1 write_buffer $((BSIZE-1)) RUN "F" $1 write_buffer $((BSIZE+1)) RUN "F" $1 write_buffer 0 # basic blockwise functions # device/file fn_name length bsize RUN "P" $1 read_blockwise 0 $BSIZE RUN "P" $1 read_blockwise $((BSIZE)) $BSIZE RUN "P" $1 read_blockwise $((BSIZE-1)) $BSIZE RUN "P" $1 read_blockwise $((BSIZE+1)) $BSIZE RUN "P" $1 read_blockwise $((DEVSIZE)) $BSIZE RUN "P" $1 read_blockwise $((DEVSIZE-1)) $BSIZE RUN "F" $1 read_blockwise $((DEVSIZE+1)) $BSIZE RUN "P" $1 write_blockwise 0 $BSIZE RUN "P" $1 write_blockwise $((BSIZE)) $BSIZE RUN "P" $1 write_blockwise $((BSIZE-1)) $BSIZE RUN "P" $1 write_blockwise $((BSIZE+1)) $BSIZE RUN "P" $1 write_blockwise $((DEVSIZE)) $BSIZE RUN "P" $1 write_blockwise $((DEVSIZE-1)) $BSIZE RUN "$BD_FAIL" $1 write_blockwise $((DEVSIZE+1)) $BSIZE # seek variant blockwise functions # device/file fn_name length bsize offset RUN "P" $1 read_lseek_blockwise 0 $BSIZE 0 RUN "P" $1 read_lseek_blockwise 0 $BSIZE 1 RUN "P" $1 read_lseek_blockwise 0 $BSIZE $((DEVSIZE)) # length = 0 is significant here RUN "P" $1 read_lseek_blockwise 0 $BSIZE $((DEVSIZE+1)) # beginning of device RUN "P" $1 read_lseek_blockwise 1 $BSIZE 0 RUN "P" $1 read_lseek_blockwise 1 $BSIZE 1 RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE/2)) # somewhere in the 'middle' RUN "P" $1 read_lseek_blockwise 1 $BSIZE $BSIZE RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE+1)) RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((2*BSIZE-1)) RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE+BSIZE/2-1)) # cross-sector tests RUN "P" $1 read_lseek_blockwise 2 $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise 2 $BSIZE $((2*BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((2*BSIZE-1)) # including one whole sector RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE)) RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) RUN "P" $1 read_lseek_blockwise $((3*BSIZE-2)) $BSIZE $((BSIZE+1)) # hitting exactly the sector boundary RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE 1 RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((BSIZE+1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) # device end RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((DEVSIZE-1)) RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+1)) RUN "P" $1 read_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE)) RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE-1)) # this must fail on both device and file RUN "F" $1 read_lseek_blockwise 1 $BSIZE $((DEVSIZE)) RUN "F" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+2)) RUN "F" $1 read_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE+1)) RUN "F" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE)) RUN "P" $1 write_lseek_blockwise 0 $BSIZE 0 # TODO: this may pass but must not write a byte (write(0) is undefined). # Test it with underlying dm-error or phony read/write syscalls. # Skipping read is optimization. # HINT: currently it performs useless write and read as well RUN "P" $1 write_lseek_blockwise 0 $BSIZE 1 RUN "P" $1 write_lseek_blockwise 0 $BSIZE $BSIZE # beginning of device RUN "P" $1 write_lseek_blockwise 1 $BSIZE 0 RUN "P" $1 write_lseek_blockwise 1 $BSIZE 1 RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE/2)) # somewhere in the 'middle' RUN "P" $1 write_lseek_blockwise 1 $BSIZE $BSIZE RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE+1)) RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((2*BSIZE-1)) RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE+BSIZE/2-1)) # cross-sector tests RUN "P" $1 write_lseek_blockwise 2 $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise 2 $BSIZE $((2*BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((2*BSIZE-1)) # including one whole sector RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE)) RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) RUN "P" $1 write_lseek_blockwise $((3*BSIZE-2)) $BSIZE $((BSIZE+1)) # hitting exactly the sector boundary RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE 1 RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((BSIZE+1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) # device end RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((DEVSIZE-1)) RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+1)) RUN "P" $1 write_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE)) RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE-1)) # this must fail on device, but pass on file (which is unfortunate and maybe design mistake) RUN "$BD_FAIL" $1 write_lseek_blockwise 1 $BSIZE $((DEVSIZE)) RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+2)) RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE+1)) RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE)) } command -v $STRACE >/dev/null || unset STRACE test -x $BW_UNIT || skip "Run \"make `basename $BW_UNIT`\" first" FAILS=0 WARNS=0 DEVSIZEMB=2 DEVSIZE=$((DEVSIZEMB*1024*1024)) PAGE_SIZE=$(getconf PAGE_SIZE) echo "System PAGE_SIZE=$PAGE_SIZE" echo "Run tests in local filesystem" falloc $DEVSIZEMB $LOCAL_FILE || fail "Failed to create file in local filesystem." BSIZE=$(stat -c "%o" $LOCAL_FILE) if [ $BSIZE -gt $((512*1024)) ]; then echo "Detected file block size: $BSIZE bytes" echo "Tuning it down to system page size ($PAGE_SIZE bytes)" BSIZE=$PAGE_SIZE fi run_all $LOCAL_FILE [ $(id -u) -eq 0 ] || { echo "WARNING: You must be root to run remaining tests." test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)" cleanup exit 0 } DEVBSIZE=512 BSIZE=$DEVBSIZE EXP=0 DEVSIZEMBIMG=32 echo "# Create classic 512B drive" echo "# (logical_block_size=$DEVBSIZE, physical_block_size=$((DEVBSIZE*(1< /dev/null } fail() { [ -n "$1" ] && echo "$1" echo "FAILED backtrace:" while caller $frame; do ((frame++)); done cleanup exit 2 } _sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; } trap _sigchld CHLD skip() { [ -n "$1" ] && echo "$1" echo "Test skipped." cleanup exit 77 } valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" fi } valgrind_run() { INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" } xxx() { $CRYPTSETUP --test-args $@ > $TFILE 2>&1 local ret=$? grep -q -e ": unknown option\|Argument missing" $TFILE && { echo "'$CRYPTSETUP --test-args $@' command:" cat $TFILE fail "Probably typo in test" } test $ret -ne 0 || fail } exp_fail() { # xxx $@ $CRYPTSETUP --test-args $@ 2>/dev/null && fail } exp_pass() { $CRYPTSETUP --test-args $@ >/dev/null || fail } export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run # initial test constructed according to current cryptsetup content echo "[1] Current state" exp_fail resize NAME --test-passphrase exp_fail close NAME --test-passphrase exp_pass open DEV NAME --test-passphrase --type bitlk exp_pass open DEV NAME --test-passphrase --type luks exp_pass open DEV NAME --test-passphrase --type luks1 exp_pass open DEV NAME --test-passphrase --type luks2 exp_fail open DEV NAME --test-passphrase --type plain exp_fail open DEV NAME --deferred exp_pass close NAME --deferred exp_pass open DEV NAME --type plain --shared exp_fail open DEV NAME --type luks1 --shared exp_fail close NAME --shared exp_pass open DEV NAME --allow-discards exp_fail close NAME --allow-discards exp_fail close NAME --persistent exp_pass open DEV NAME --persistent exp_fail open DEV NAME --persistent --test-passphrase exp_fail luksFormat DEV --serialize-memory-hard-pbkdf exp_pass open DEV NAME --serialize-memory-hard-pbkdf exp_pass reencrypt DEV --key-size 32 exp_fail reencrypt DEV --key-size 31 exp_fail reencrypt DEV --key-size -32 exp_pass luksFormat DEV --key-size 32 exp_fail luksFormat DEV --key-size 31 exp_fail luksFormat DEV --key-size -32 exp_pass open DEV NAME --key-size 32 # --type plain -c aes-xts-plain64 exp_fail open DEV NAME --key-size 31 # --type plain -c aes-xts-plain64 exp_pass benchmark --key-size 32 exp_fail benchmark --key-size 31 exp_pass luksAddKey DEV --key-size 32 # --unbound exp_fail luksAddKey DEV --key-size 31 # --unbound exp_fail close NAME --key-size 32 exp_fail luksUUID DEV --key-size 32 # bug # exp_fail luksFormat DEV --type luks1 --integrity hmac-sha256 exp_pass luksFormat DEV --type luks2 --integrity hmac-sha256 exp_fail open DEV NAME --integrity hmac-sha256 exp_pass luksFormat DEV --type luks2 --integrity hmac-sha256 --integrity-no-wipe exp_fail luksFormat DEV --type luks2 --integrity-no-wipe # bug # exp_fail luksFormat DEV --type luks1 --integrity hmac-sha256 --integrity-no-wipe exp_fail open DEV NAME --integrity-no-wipe exp_fail open DEV NAME --integrity-no-wipe --integrity hmac-sha256 exp_pass luksFormat --label L --subsystem S DEV # --type luks2 exp_pass luksFormat --label L DEV # --type luks2 exp_pass luksFormat --subsystem S DEV # --type luks2 exp_pass config --label L --subsystem S DEV exp_pass config --label L DEV exp_pass config --subsystem S DEV # bug #exp_fail luksFormat --label L --subsystem S DEV --type luks1 #exp_fail luksFormat --label L DEV --type luks1 #exp_fail luksFormat --subsystem S DEV --type luks1 exp_fail open DEV NAME --label L --subsystem S exp_fail open DEV NAME --label L exp_fail open DEV NAME --subsystem S exp_fail luksFormat DEV -S-2 # bug # exp_fail luksFormat DEV -S-1 # prob. many bug: accepts --[new-]keyfile-size w/o --[new-]key-file exp_pass luksFormat DEV --keyfile-size 42 --key-file F exp_fail luksFormat DEV --keyfile-size -1 --key-file F # bug (is it? e.g. empty passphrase) # exp_fail luksFormat DEV --keyfile-size 0 exp_pass luksAddKey DEV --keyfile-size 42 --key-file F --new-keyfile-size 42 NF exp_fail luksAddKey DEV --new-keyfile-size -42 NF exp_fail luksAddKey DEV --keyfile-size 42 --key-file F --new-keyfile-size -42 NF exp_fail luksFormat DEV --keyfile-size -1 --key-file F # bug (is it? e.g. empty passphrase) # exp_fail luksFormat DEV --keyfile-size 0 exp_fail open DEV NAME --key-file F0 --key-file F1 exp_pass open DEV NAME --key-file F0 --key-file F1 --type tcrypt # why? (luksAddKey fail) exp_fail luksAddKey DEV --use-random exp_fail luksAddKey DEV --use-urandom exp_fail luksAddKey DEV --use-urandom --use-random exp_fail luksFormat DEV --use-urandom --use-random exp_pass luksFormat DEV --use-random exp_pass luksFormat DEV --use-urandom exp_fail open DEV NAME --uuid $TEST_UUID exp_pass luksFormat DEV --uuid $TEST_UUID exp_pass luksUUID DEV --uuid $TEST_UUID exp_fail open DEV NAME --align-payload 8192 exp_fail open DEV NAME --align-payload 8292 --type plain exp_pass luksFormat DEV --align-payload 8192 exp_fail luksFormat DEV --align-payload 8192 --offset 16384 exp_fail luksFormat DEV --align-payload 8192 --offset 8192 exp_fail resize NAME --luks2-metadata-size 16k exp_fail resize NAME --luks2-keyslots-size 16m exp_pass luksFormat DEV --luks2-keyslots-size 16m exp_pass luksFormat DEV --luks2-metadata-size 16k exp_pass reencrypt DEV --luks2-keyslots-size 16m exp_pass reencrypt DEV --luks2-metadata-size 16k exp_fail luksFormat DEV --skip 8192 exp_fail open DEV NAME --skip 8192 exp_pass open DEV NAME --skip 8192 --type plain exp_pass open DEV NAME --skip 8192 --type loopaes exp_fail resize NAME --offset 8292 exp_pass luksFormat DEV --offset 16384 exp_fail open DEV NAME --offset 16384 exp_pass open DEV NAME --offset 16384 --type plain exp_pass open DEV NAME --offset 16384 --type loopaes exp_fail open DEV NAME --tcrypt-hidden exp_fail open DEV NAME --tcrypt-system exp_fail open DEV NAME --tcrypt-backup # bug # exp_fail open DEV NAME --tcrypt-hidden --tcrypt-system --tcrypt-backup --type tcrypt exp_pass open DEV NAME --tcrypt-hidden --type tcrypt exp_pass open DEV NAME --tcrypt-backup --type tcrypt exp_pass open DEV NAME --tcrypt-system --type tcrypt exp_pass tcryptDump DEV NAME --tcrypt-hidden --type tcrypt exp_pass tcryptDump DEV NAME --tcrypt-backup --type tcrypt exp_pass tcryptDump DEV NAME --tcrypt-system --type tcrypt exp_fail tcryptDump DEV NAME --allow-discards --tcrypt-hidden --type tcrypt # bug # exp_fail close NAME --type tcrypt --veracrypt exp_fail open DEV NAME --veracrypt exp_pass open DEV NAME --type tcrypt --veracrypt exp_pass open DEV NAME --type tcrypt --veracrypt --veracrypt-pim 1 exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -2 exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-pim 1 exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -1 exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim --veracrypt-pim 1 exp_fail open DEV NAME --disable-veracrypt --veracrypt-query-pim # bug # exp_fail open DEV NAME --priority normal exp_fail config DEV --priority normal exp_fail config DEV -S1 --priority norma exp_pass config DEV -S1 --priority normal exp_pass config DEV -S1 --priority ignore exp_pass config DEV -S1 --priority prefer # bug # exp_fail open DEV NAME --pbkdf argon2i exp_fail luksFormat DEV --pbkdf blah exp_pass luksFormat DEV --pbkdf argon2i exp_pass luksFormat DEV --pbkdf pbkdf2 exp_pass luksFormat DEV --pbkdf argon2id exp_fail luksFormat DEV --type luks2 --pbkdf-force-iterations 4 -i1 exp_fail luksFormat DEV --type luks1 --pbkdf-force-iterations 1001 -i1 exp_fail open DEV NAME --sector-size 1024 exp_pass open DEV NAME --type plain --sector-size 1024 # bug # exp_fail luksFormat DEV --sector-size 0 exp_fail luksFormat DEV --sector-size 511 exp_fail luksFormat DEV --sector-size 8192 exp_pass reencrypt DEV --sector-size 1024 exp_pass luksFormat DEV --sector-size 1024 exp_fail luksFormat DEV --iv-large-sectors exp_fail open DEV --type tcrypt --iv-large-sectors exp_fail open DEV --type plain --iv-large-sectors --sector-size 512 exp_pass open DEV --type plain --iv-large-sectors --sector-size 1024 exp_fail luksAddKey DEV --unbound exp_fail luksAddKey DEV --unbound --key-size 0 exp_pass luksAddKey DEV --unbound --key-size 8 exp_pass luksDump DEV --unbound -S5 exp_fail luksDump DEV --unbound exp_pass open DEV --unbound --test-passphrase exp_pass open DEV --unbound --test-passphrase -S5 exp_fail open DEV --unbound NAME exp_fail open DEV --unbound -S5 NAME exp_fail resize NAME --refresh exp_fail open DEV NAME --test-passphrase --refresh exp_pass open DEV NAME --refresh exp_pass refresh DEV NAME exp_fail refresh DEV NAME --test-passphrase # bug # exp_fail luksFormat DEV --reduce-device-size 64m exp_fail reencrypt DEV --reduce-device-size 2G # max 1g exp_fail reencrypt DEV --reduce-device-size $((64*1024*1024+1)) exp_fail reencrypt DEV --reduce-device-size -64m exp_pass reencrypt DEV --reduce-device-size 64m # bugs # exp_fail open DEV --decrypt --header H # exp_fail open DEV --encrypt # exp_fail open DEV NAME --device-size 32m # exp_fail open DEV NAME --size 100 exp_pass open DEV NAME --device-size 32m --type plain exp_fail open DEV NAME --device-size $((32*1024*1024+1)) --type plain exp_pass open DEV NAME --size 100 --type plain exp_fail open DEV NAME --size 100 --device-size $((512*100)) --type plain exp_fail reencrypt DEV --device-size $((32*1024*1024+1)) exp_pass reencrypt DEV --device-size 32m exp_fail luksFormat DEV NAME --keyslot-cipher ks exp_fail luksFormat DEV NAME --keyslot-key-size 32 exp_pass luksFormat DEV NAME --keyslot-cipher ks --keyslot-key-size 32 # bugs # exp_fail open DEV NAME --keyslot-cipher ks --keyslot-key-size 32 # exp_fail luksFormat --type luks1 DEV NAME --keyslot-cipher ks --keyslot-key-size 32 cleanup exit 0 cryptsetup-2.8.0/tests/compat-test000077500000000000000000001535411502645201100173000ustar00rootroot00000000000000#!/bin/bash PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_RAW=$CRYPTSETUP if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then CRYPTSETUP_VALGRIND=$CRYPTSETUP else CRYPTSETUP_VALGRIND=../.libs/cryptsetup CRYPTSETUP_LIB_VALGRIND=../.libs fi DIFFER=./differ DEV_NAME=dummy DEV_NAME2=dummy2 DEV_NAME3=dummy3 ORIG_IMG=luks-test-orig IMG=luks-test IMG10=luks-test-v10 HEADER_IMG=luks-header KEY1=key1 KEY2=key2 KEY5=key5 KEYE=keye PWD0="compatkey" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" PWD3="ocMakf3fAcQO" PWDW="rUkL4RUryBom" VK_FILE="compattest_vkfile" FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" PLAIN_OPT="--hash sha256 --cipher aes-cbc-essiv:sha256 --key-size 256" LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591" KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255" KEY_MATERIAL0="R4096-68096" KEY_MATERIAL0_EXT="R4096-68096" KEY_SLOT1="S256-259 S260-263 R264-295 A296-299 A300-303" KEY_MATERIAL1="R69632-133632" KEY_MATERIAL1_EXT="S69632-133632" KEY_SLOT5="S448-451 S452-455 R456-487 A488-491 A492-495" KEY_MATERIAL5="R331776-395264" KEY_MATERIAL5_EXT="S331776-395264" TEST_UUID="12345678-1234-1234-1234-123456789abc" LOOPDEV=$(losetup -f 2>/dev/null) FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) remove_mapping() { [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 >/dev/null 2>&1 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1 rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE missing-file >/dev/null 2>&1 rmmod scsi_debug >/dev/null 2>&1 scsi_debug_teardown $DEV } force_uevent() { DNAME=$(echo $LOOPDEV | cut -f3 -d /) echo "change" >/sys/block/$DNAME/uevent } fail() { [ -n "$1" ] && echo "$1" remove_mapping echo "FAILED backtrace:" while caller $frame; do ((frame++)); done exit 2 } _sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; } trap _sigchld CHLD fips_mode() { [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] } can_fail_fips() { # Ignore this fail if running in FIPS mode fips_mode || fail $1 } skip() { [ -n "$1" ] && echo "$1" remove_mapping [ -n "$2" ] && exit $2 exit 77 } prepare() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 case "$2" in file) remove_mapping dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1 sync ;; wipe) remove_mapping dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1 sync losetup $LOOPDEV $IMG ;; new) remove_mapping xz -cd compatimage.img.xz > $IMG # FIXME: switch to internal loop (no losetup at all) echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \ grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped." losetup $LOOPDEV $IMG xz -cd compatv10image.img.xz > $IMG10 ;; reuse | *) if [ ! -e $IMG ]; then xz -cd compatimage.img.xz > $IMG losetup $LOOPDEV $IMG fi [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10 ;; esac if [ ! -e $KEY1 ]; then #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 fi if [ ! -e $KEY2 ]; then dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1 fi if [ ! -e $KEY5 ]; then dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1 fi if [ ! -e $KEYE ]; then touch $KEYE fi cp $IMG $ORIG_IMG [ -n "$1" ] && echo "CASE: $1" } check() { sync [ -z "$1" ] && return $DIFFER $ORIG_IMG $IMG $1 || fail } check_exists() { [ -b /dev/mapper/$DEV_NAME ] || fail check $1 } # $1 path to scsi debug bdev scsi_debug_teardown() { local _tries=15; while [ -b "$1" -a $_tries -gt 0 ]; do rmmod scsi_debug >/dev/null 2>&1 if [ -b "$1" ]; then sleep .1 _tries=$((_tries-1)) fi done test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1 } add_scsi_device() { scsi_debug_teardown $DEV if [ -d /sys/module/scsi_debug ] ; then echo "Cannot use scsi_debug module (in use or compiled-in), test skipped." exit 77 fi modprobe scsi_debug $@ delay=0 >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "This kernel seems to not support proper scsi_debug module, test skipped." exit 77 fi sleep 1 DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) [ -b $DEV ] || fail "Cannot find $DEV." } valgrind_setup() { [ -n "$VALG" ] || return command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" fi CRYPTSETUP=valgrind_run CRYPTSETUP_RAW="./valg.sh ${CRYPTSETUP_VALGRIND}" } valgrind_run() { export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" $CRYPTSETUP_RAW "$@" } expect_run() { export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" expect "$@" } export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." valgrind_setup # LUKS non-root-tests if [ $(id -u) != 0 ]; then $CRYPTSETUP benchmark -c aes-xts-plain64 >/dev/null 2>&1 || \ skip "WARNING: Cannot run test without kernel userspace crypto API, test skipped." fi prepare "Image in file tests (root capabilities not required)" file echo "[1] format" echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 -c 'capi:xts(aes)-plain64' $IMG $FAST_PBKDF_OPT || fail echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $IMG $FAST_PBKDF_OPT --disable-blkid || fail echo "[2] open" echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail # test detached header --test-passphrase echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail rm -f $HEADER_IMG echo "[3] add key" echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail echo "[4] change key" echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey --force-password $FAST_PBKDF_OPT $IMG || fail echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" echo "[5] remove key" # delete active keys PWD0, PWD2 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail [ $? -ne 2 ] && fail "luksRemove should return EPERM exit code" echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail # check if keys were deleted echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" echo "[6] kill slot" # format new luks device with active keys PWD1, PWD2 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail # deactivate keys by killing slots $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 2: DISABLED" || fail echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail [ $? -ne 2 ] && fail "luksKill should return EPERM exit code" echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail # check if keys were deactivated echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail echo "[7] header backup" echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG || fail echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail echo "[8] header restore" $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail echo "[9] luksDump" echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG $KEY1 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -d $KEY1 || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail $CRYPTSETUP luksDump $IMG | grep -q $TEST_UUID || fail echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-volume-key 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-master-key 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-volume-key | grep -q "MK dump:" || fail echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-master-key | grep -q "MK dump:" || fail $CRYPTSETUP luksDump -q $IMG --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE >/dev/null || fail rm -f $VK_FILE echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $IMG || fail echo "[10] uuid" echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG || fail $CRYPTSETUP -q luksUUID $IMG | grep -q $TEST_UUID || fail echo "[11] benchmark" $CRYPTSETUP benchmark -c aes-xts --key-size 128 >/dev/null 2>&1 && fail $CRYPTSETUP benchmark -c aes-xts >/dev/null || fail $CRYPTSETUP benchmark -c aes-xts-plain64 >/dev/null || fail $CRYPTSETUP benchmark -c capi:xts\(aes\) >/dev/null || fail $CRYPTSETUP benchmark -c capi:xts\(aes\)-plain64 >/dev/null || fail [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." [ ! -x "$DIFFER" ] && skip "Cannot find $DIFFER, test skipped." # LUKS root-tests prepare "[1] open - compat image - acceptance check" new echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists ORG_SHA256=$(sha256sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ') [ "$ORG_SHA256" = 7428e8f2436882a07eb32765086f5c899474c08b5576f556b573d2aabdf923e8 ] || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # Check it can be opened from header backup as well $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail check_exists $CRYPTSETUP -q luksClose $DEV_NAME || fail # Check restore $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail # Repeat for V1.0 header - not aligned first keyslot if ! fips_mode; then echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail check_exists ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ') [ "$ORG_SHA1" = 51b48c2471a7593ceaf14dc5e66bca86ed05f6cc ] || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail rm -f $HEADER_IMG $CRYPTSETUP luksHeaderBackup $IMG10 --header-backup-file $HEADER_IMG echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail check_exists $CRYPTSETUP -q luksClose $DEV_NAME || fail fi prepare "[2] open - compat image - denial check" new echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME 2>/dev/null && fail check # All headers items and first key material section must change prepare "[3] format" wipe echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" prepare "[4] format using hash sha512" wipe echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" prepare "[5] open" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists # Key Slot 1 and key material section 1 must change, the rest must not. prepare "[6] add key" echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV || fail check "$KEY_SLOT1 $KEY_MATERIAL1" echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Unsuccessful Key Delete - nothing may change prepare "[7] unsuccessful delete" echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail check # Delete Key Test # Key Slot 1 and key material section 1 must change, the rest must not prepare "[8] successful delete" $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail check "$KEY_SLOT1 $KEY_MATERIAL1_EXT" echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[9] add key test for key files" echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail check "$KEY_SLOT1 $KEY_MATERIAL1" $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[10] delete key test with key1 as remaining key" $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail check "$KEY_SLOT0 $KEY_MATERIAL0_EXT" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail # Delete last slot prepare "[11] delete last key" wipe echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # Format test for ESSIV, and some other parameters. prepare "[12] parameter variation test" wipe $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV $KEY1 || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail prepare "[13] open/close - stacked devices" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[14] format/open - passphrase on stdin & new line" wipe # stdin defined by "-" must take even newline #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks1 $LOOPDEV || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # now also try --key-file echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV --key-file=- || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # process newline if from stdin echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV || fail echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[15] UUID - use and report provided UUID" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail prepare "[16] luksFormat" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by UUID if [ -d /dev/disk/by-uuid ] ; then force_uevent # some systems do not update loop by-uuid $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # skip tests using empty passphrase if ! fips_mode; then # empty keyfile $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # open by volume key echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 $LOOPDEV || fail $CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen --volume-key-file $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # unsupported pe-keyslot encryption echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-cipher "aes-cbc-plain" $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-key-size 256 $LOOPDEV 2>/dev/null && fail prepare "[17] AddKey volume key, passphrase and keyfile" wipe # volumekey echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail # special "-" handling $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail # passphrase/keyfile echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail # keyfile/passphrase echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail prepare "[18] RemoveKey passphrase and keyfile" reuse $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail # if password or keyfile is provided, batch mode must not suppress it echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail # kill slot using passphrase from 1 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail # kill slot with redirected stdin $CRYPTSETUP luksKillSlot $LOOPDEV 3 /dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail # remove key0 / slot 0 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail # last keyslot, in batch mode no passphrase needed... $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail prepare "[19] create & status & resize" wipe echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx --cipher aes-cbc-essiv:sha256 --key-size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV $PLAIN_OPT --offset 3 --skip 4 --readonly || fail $CRYPTSETUP -q status $DEV_NAME | grep "offset:" | grep -q "3 \[512-byte units\]" || fail $CRYPTSETUP -q status $DEV_NAME | grep "skipped:" | grep -q "4 \[512-byte units\]" || fail $CRYPTSETUP -q status $DEV_NAME | grep "mode:" | grep -q "readonly" || fail $CRYPTSETUP -q resize $DEV_NAME --size 100 || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "19997 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --device-size 1M || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --device-size 512k --size 1023 >/dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --device-size 513 >/dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail # Resize underlying loop device as well truncate -s 16M $IMG || fail $CRYPTSETUP -q resize $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "32765 \[512-byte units\]" || fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME >/dev/null && fail echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP -q remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP -q remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME $PLAIN_OPT --size 100 $LOOPDEV || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP -q remove $DEV_NAME || fail # 4k sector resize (if kernel supports it) echo $PWD1 | $CRYPTSETUP -q open --type plain $PLAIN_OPT $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1 if [ $? -eq 0 ] ; then $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "8 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --size 16 || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --size 9 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 \[512-byte units\]" || fail $CRYPTSETUP -q resize $DEV_NAME --device-size 4608 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 \[512-byte units\]" || fail $CRYPTSETUP -q remove $DEV_NAME || fail fi # Resize not aligned to logical block size add_scsi_device dev_size_mb=32 sector_size=4096 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $DEV || fail OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail dmsetup info $DEV_NAME | grep -q SUSPENDED && fail NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') test $OLD_SIZE -eq $NEW_SIZE || fail $CRYPTSETUP close $DEV_NAME || fail # Add check for unaligned plain crypt activation echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $DEV -b 7 2>/dev/null && fail $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail # verify is ignored on non-tty input echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --verify-passphrase 2>/dev/null || fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 -l -1 2>/dev/null && fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 || fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d /dev/urandom || fail $CRYPTSETUP -q remove $DEV_NAME || fail prepare "[20] Disallow open/create if already mapped." wipe $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 || fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail $CRYPTSETUP create --cipher aes-cbc-essiv:sha256 --key-size 256 $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[21] luksDump" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV $KEY1 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key | grep -q "MK dump:" || fail $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE > /dev/null || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $LOOPDEV || fail prepare "[22] remove disappeared device" wipe dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail # underlying device now returns error but node is still present dmsetup load $DEV_NAME --table "0 5000 error" || fail dmsetup resume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail dmsetup remove --retry $DEV_NAME || fail prepare "[23] ChangeKey passphrase and keyfile" wipe # [0]$KEY1 [1]key0 $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail # keyfile [0] / keyfile [0] $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail # passphrase [1] / passphrase [1] echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail # keyfile [0] / keyfile [new] $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail # passphrase [1] / passphrase [new] echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail # use all slots $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail # still allows replace $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail prepare "[24] Keyfile limit" wipe $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l -1 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail # -l is ignored for stdin if _only_ passphrase is used echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail # this is stupid, but expected echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail # offset $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail # large device with keyfile echo -e '0 10000000 error'\\n'10000000 1000000 zero' | dmsetup create $DEV_NAME2 || fail $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV /dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 || fail $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5119999999 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d /dev/mapper/$DEV_NAME2 \ --keyfile-offset 5120000000 -l 13 /dev/mapper/$DEV_NAME2 --new-keyfile-offset 5120000001 --new-keyfile-size 15 || fail dmsetup remove --retry $DEV_NAME2 prepare "[25] Create shared segments" wipe echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV $PLAIN_OPT --offset 0 --size 256 || fail echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV $PLAIN_OPT --offset 512 --size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV $PLAIN_OPT --offset 512 --size 256 --shared || fail $CRYPTSETUP -q remove $DEV_NAME2 || fail $CRYPTSETUP -q remove $DEV_NAME || fail prepare "[26] Suspend/Resume" wipe # only LUKS is supported echo $PWD1 | $CRYPTSETUP create $DEV_NAME $PLAIN_OPT $LOOPDEV || fail $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail # LUKS echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail [ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # skip tests using empty passphrase if ! fips_mode; then echo | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks1 $LOOPDEV || fail echo | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi prepare "[27] luksOpen/luksResume with specified key slot number" wipe # first, let's try passphrase option echo $PWD3 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT -S 5 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5 echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0 echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles $CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5 $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail prepare "[28] Detached LUKS header" wipe echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 --offset 8192 >/dev/null 2>&1 && fail truncate -s 4096 $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG -S7 >/dev/null 2>&1 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 80000 >/dev/null 2>&1 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail prepare "[29] Repair metadata" wipe $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail # second sector overwrite should corrupt keyslot 6+7 dd if=/dev/urandom of=$LOOPDEV bs=512 seek=1 count=1 >/dev/null 2>&1 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME >/dev/null 2>&1 && fail $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail # fix ecb-plain $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --hash sha256 -c aes-ecb || fail echo -n "ecb-xxx" | dd of=$LOOPDEV bs=1 seek=40 >/dev/null 2>&1 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail # fix uppercase hash echo -n "SHA256" | dd of=$LOOPDEV bs=1 seek=72 >/dev/null 2>&1 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[30] LUKS erase" wipe $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail prepare "[31] Deferred removal of device" wipe echo $PWD1 | $CRYPTSETUP open --type plain $PLAIN_OPT $LOOPDEV $DEV_NAME || fail echo $PWD2 | $CRYPTSETUP open --type plain $PLAIN_OPT /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 if [ $? -eq 0 ] ; then dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail $CRYPTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1 dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 $CRYPTSETUP close $DEV_NAME2 || fail $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail else $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1 $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 fi # Deferred remove of device without DM-UUID dmsetup create $DEV_NAME --table "0 8 crypt aes-xts-plain64 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 0 $LOOPDEV 0" || fail $CRYPTSETUP close --deferred $DEV_NAME || fail # Interactive tests # Do not remove sleep 0.1 below, the password query flushes TTY buffer (so the code is racy). command -v expect >/dev/null || skip "WARNING: expect tool missing, interactive test will be skipped." 0 prepare "[32] Interactive password retry from terminal." new EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/") EXPECT_TIMEOUT=60 expect_run - >/dev/null </dev/null </dev/null </dev/null </dev/null </dev/null </dev/null </dev/null <$KEYE expect_run - >/dev/null </dev/null || fail # pass pass echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail # pass file echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail $CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail # file pass echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail # file file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail $CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail # vk pass echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail # vk file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail $CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail prepare "[40] Early check for active name." wipe DM_BAD_NAME=x/x DM_LONG_NAME=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef echo $PWD1 | $CRYPTSETUP open --type plain $LOOPDEV $DM_BAD_NAME --hash sha256 --cipher aes-cbc-essiv:sha256 --key-size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP open --type plain $LOOPDEV $DM_LONG_NAME --hash sha256 --cipher aes-cbc-essiv:sha256 --key-size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DM_BAD_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DM_LONG_NAME 2>/dev/null && fail remove_mapping exit 0 cryptsetup-2.8.0/tests/compat-test-opal000077500000000000000000002314201502645201100202220ustar00rootroot00000000000000#!/bin/bash PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_RAW=$CRYPTSETUP if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then CRYPTSETUP_VALGRIND=$CRYPTSETUP else CRYPTSETUP_VALGRIND=../.libs/cryptsetup CRYPTSETUP_LIB_VALGRIND=../.libs fi DEV_NAME=dummy DEV_NAME2=dummy2 NO_HEADER_IMG=missing-header HEADER_IMG=luks-header HEADER_LUKS2_INV=luks2_invalid_cipher.img KEY1=key1 KEY2=key2 KEY5=key5 KEYE=keye KEY_PWD1=key_pwd1 OPAL2_ADMIN_PIN="adminPin01" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" PWD3="ocMakf3fAcQO" PWD4="Qx3qn46vq0v" PWDW="rUkL4RUryBom" TEST_KEYRING_NAME="compattest2_keyring" TEST_TOKEN0="compattest2_desc0" TEST_TOKEN1="compattest2_desc1" VK_FILE="compattest2_vkfile" IMPORT_TOKEN="{\"type\":\"some_type\",\"keyslots\":[],\"base64_data\":\"zxI7vKB1Qwl4VPB4D-N-OgcC14hPCG0IDu8O7eCqaQ\"}" TOKEN_FILE0=test-token-file0 TOKEN_FILE1=test-token-file1 KEY_FILE0=test-key-file0 KEY_FILE1=test-key-file1 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" TEST_UUID="12345678-1234-1234-1234-123456789abc" FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) remove_mapping() { [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME [ -b /dev/mapper/"$DEV_NAME"_dif ] && dmsetup remove --retry "$DEV_NAME"_dif rm -f $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE \ $HEADER_LUKS2_INV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* \ $KEY_FILE0 $KEY_FILE1 $KEY_PWD1 $NO_HEADER_IMG >/dev/null 2>&1 # unlink whole test keyring [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null unset TEST_KEYRING } fail() { [ -n "$1" ] && echo "$1" remove_mapping reset_device_psid_nofail echo "FAILED backtrace:" while caller $frame; do ((frame++)); done exit 2 } _sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; } trap _sigchld CHLD fips_mode() { [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] } can_fail_fips() { # Ignore this fail if running in FIPS mode fips_mode || fail $1 } skip() { [ -n "$1" ] && echo "$1" remove_mapping exit 77 } reset_device_psid() { $CRYPTSETUP_RAW luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q || \ fail "PSID reset fail, wrong device used?" } reset_device_psid_nofail() { $CRYPTSETUP_RAW luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q 2>/dev/null } prepare() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME case "$2" in reset) remove_mapping reset_device_psid ;; wipe) $CRYPTSETUP_RAW isLuks --type luks2 $HEADER_IMG -q 2>/dev/null if [ $? -eq 0 ]; then echo $OPAL2_ADMIN_PIN | $CRYPTSETUP_RAW luksErase $OPAL2_DEV -q --header $HEADER_IMG else echo $OPAL2_ADMIN_PIN | $CRYPTSETUP_RAW luksErase $OPAL2_DEV -q 2>/dev/null fi remove_mapping ;; new) remove_mapping ;; reuse | *) ;; esac if [ ! -e $KEY1 ]; then echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 fi if [ ! -e $KEY2 ]; then dd if=/dev/urandom of=$KEY2 count=1 bs=64 >/dev/null 2>&1 fi if [ ! -e $KEY5 ]; then dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1 fi if [ ! -e $KEY_PWD1 ]; then echo -n "$PWD1" > $KEY_PWD1 fi if [ ! -e $KEYE ]; then touch $KEYE fi [ -n "$1" ] && echo "CASE: $1" } check_exists() { [ -b /dev/mapper/$DEV_NAME ] || fail } valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" fi } valgrind_run() { INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" } dm_crypt_keyring_support() { VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) VER_MIN=$(echo $VER_STR | cut -f 2 -d.) VER_PTC=$(echo $VER_STR | cut -f 3 -d.) test -d /proc/sys/kernel/keys || return 1 [ $VER_MAJ -gt 1 ] && return 0 [ $VER_MAJ -eq 1 -a $VER_MIN -gt 18 ] && return 0 [ $VER_MAJ -eq 1 -a $VER_MIN -eq 18 -a $VER_PTC -ge 1 ] && return 0 return 1 } dm_crypt_keyring_new_kernel() { KER_STR=$(uname -r) [ -z "$KER_STR" ] && fail "Failed to parse kernel version." KER_MAJ=$(echo $KER_STR | cut -f 1 -d.) KER_MIN=$(echo $KER_STR | cut -f 2 -d.) [ $KER_MAJ -ge 5 ] && return 0 [ $KER_MAJ -eq 4 -a $KER_MIN -ge 15 ] && return 0 return 1 } test_and_prepare_keyring() { command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped" keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped" TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null) test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring" keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1 load_key user test_key test_data "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." } # $1 type # $2 description # $3 payload # $4 keyring load_key() { keyctl add $@ >/dev/null } setup_luks2_env() { echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV >/dev/null || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail HAVE_KEYRING=$($CRYPTSETUP status $DEV_NAME | grep "keyring") if [ -n "$HAVE_KEYRING" ]; then HAVE_KEYRING=1 else HAVE_KEYRING=0 fi if $($CRYPTSETUP --version | grep -q "BLKID"); then HAVE_BLKID=1 else HAVE_BLKID=0 fi $CRYPTSETUP close $DEV_NAME || fail } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link_with_passphrase_check() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open --test-passphrase $OPAL2_DEV --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after --test-passphrase." if [ $KEY_TYPE = "user" ]; then $CRYPTSETUP open $OPAL2_DEV --test-passphrase --volume-key-keyring $KEY_DESC <&-|| fail "Failed to check volume passed via kernel keyring." fi keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $OPAL2_DEV || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 && fail "VK is unexpectedly linked to the specified keyring." } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link_and_reactivate() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --volume-key-keyring $KEY_DESC <&-|| fail "Failed to unlock volume via a VK in keyring." $CRYPTSETUP luksSuspend $DEV_NAME || fail "Failed to suspend device." $CRYPTSETUP luksResume $DEV_NAME --volume-key-keyring $KEY_DESC <&- || fail "Failed to resume via a VK in keyring." echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-keyring $KEY_DESC $OPAL2_DEV --new-key-slot 1 || fail "Failed to add passphrase by VK in keyring." echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null || fail $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 1 2>/dev/null || fail $CRYPTSETUP close $DEV_NAME || fail # zero-out the key in keyring keyctl pipe $KEYCTL_KEY_NAME | tr -c '\0' '\0' | keyctl pupdate $KEYCTL_KEY_NAME $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --volume-key-keyring $KEY_DESC <&- > /dev/null 2>&1 && fail "Unlocked volume via a bad VK in keyring." keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after bad activation." keyctl unlink $KEYCTL_KEY_NAME "$2" || fail } test_reencryption_does_not_init() { local _hdr="" local _hdrdev=$NO_HEADER_IMG if [ -n "$1" ]; then _hdr="--header $1" _hdrdev=$1 fi local _dumpdev=${1:-$OPAL2_DEV} # store sequence id to check if reencryption was aborted without metadata modifications OLD_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$OLD_SEQID -gt 0 ] || fail echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --init-only $OPAL2_DEV 2>/dev/null && fail NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q $OPAL2_DEV 2>/dev/null && fail NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --init-only $OPAL2_DEV 2>/dev/null && fail if [ $_hdrdev = $NO_HEADER_IMG ]; then test -e $_hdrdev && fail "Decryption header was created." fi NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev $OPAL2_DEV 2>/dev/null && fail if [ $_hdrdev = $NO_HEADER_IMG ]; then test -e $_hdrdev && fail "Decryption header was created." fi NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." # repeat the test with active device echo $PWD1 | $CRYPTSETUP open $_hdr $OPAL2_DEV $DEV_NAME -q || fail echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --init-only --active-name $DEV_NAME 2>/dev/null && fail NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 | $CRYPTSETUP reencrypt $_hdr -q --active-name $DEV_NAME 2>/dev/null && fail NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --init-only --active-name $DEV_NAME 2>/dev/null && fail if [ $_hdrdev = $NO_HEADER_IMG ]; then test -e $_hdrdev && fail "Decryption header was created." fi NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." echo $PWD1 |$CRYPTSETUP reencrypt -q --decrypt --header $_hdrdev --active-name $DEV_NAME 2>/dev/null && fail if [ $_hdrdev = $NO_HEADER_IMG ]; then test -e $_hdrdev && fail "Decryption header was created." fi NEW_SEQID=0"$($CRYPTSETUP luksDump $_dumpdev | grep "Epoch:" | cut -d: -f 2 | sed -e 's/[[:space:]]*//g')" [ 0$NEW_SEQID -gt 0 ] || fail test $OLD_SEQID -eq $NEW_SEQID || fail "LUKS2 metadata was modified." $CRYPTSETUP close $DEV_NAME || fail } test_device() #opal_mode, #format_params, #--integrity-no-wipe { echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 $1 $2 $3 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail test -z "$3" || dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP close --cancel-deferred $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close --deferred $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail } test_device_detached_header() #hdr, #opal_mode, #format_params, #--integrity-no-wipe { echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --header $1 $2 $3 $4 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail test -z "$4" || dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $1 || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP close --cancel-deferred $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close --deferred $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail $CRYPTSETUP close $DEV_NAME --header $1 --cancel-deferred 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME --header $1 --deferred 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME --header $1 || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q --header $1 || fail $CRYPTSETUP isLuks --type luks2 $1 && fail rm -f $1 } run_token_tests() { $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 3 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" || fail # keyslot 5 is inactive $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 5 2> /dev/null && fail # key description is not reachable $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase && fail # wrong passphrase load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase 2>/dev/null && fail load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase || fail $CRYPTSETUP open --token-only $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP status $DEV_NAME > /dev/null || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume $DEV_NAME <&- || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail $CRYPTSETUP close $DEV_NAME || fail # check --token-type sort of works (TODO: extend tests when native systemd tokens are available) echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 22 || fail # this excludes keyring tokens from unlocking device $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV --test-passphrase && fail $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV $DEV_NAME && fail $CRYPTSETUP status $DEV_NAME > /dev/null && fail $CRYPTSETUP token remove --token-id 3 $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" && fail # test we can remove keyslot with token echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $OPAL2_DEV || fail $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 4 || fail $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail # test we can add unassigned token $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail # test token unassign works $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV || fail $CRYPTSETUP token unassign --token-id 0 $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP token unassign -S0 $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 0 -S44 $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 44 -S0 $OPAL2_DEV 2>/dev/null && fail } export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." # Do not run automatically. [ -z "$OPAL2_DEV" ] && skip "WARNING: Variable OPAL2_DEV must be defined (partition or block dev), test skipped." [ -z "$OPAL2_PSID_FILE" ] && skip "WARNING: Variable OPAL2_PSID_FILE must be defined, test skipped." [ -f "$OPAL2_PSID_FILE" ] || skip "WARNING: $OPAL2_PSID_FILE is not reachable, test skipped." prepare "[0] Detect LUKS2 environment" reset setup_luks2_env [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run prepare "[1] Data offset" echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --offset 1 2>/dev/null && fail prepare "[2] Sector size and old payload alignment" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 511 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 256 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 8192 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 512 || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 4096 >/dev/null || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q --sector-size 2048 >/dev/null || fail prepare "[3] format" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail prepare "[4] format using hash sha512" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP -q luksDump $OPAL2_DEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail # Check JSON dump for some mandatory section $CRYPTSETUP -q luksDump $OPAL2_DEV --dump-json-metadata | grep -q '"tokens":' || fail prepare "[5] open" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase || fail echo $PWDW | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase 2>/dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail check_exists prepare "" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal-only $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase || fail echo $PWDW | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME --test-passphrase 2>/dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail check_exists # Key Slot 1 and key material section 1 must change, the rest must not. prepare "[6] add key" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --hw-opal $OPAL2_DEV || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $OPAL2_DEV $FAST_PBKDF_OPT || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail # Unsuccessful Key Delete - nothing may change prepare "[7] unsuccessful delete" new echo $PWDW | $CRYPTSETUP luksKillSlot $OPAL2_DEV 1 2>/dev/null && fail [ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code" # Delete Key Test # Key Slot 1 and key material section 1 must change, the rest must not prepare "[8] successful delete" $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2> /dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[9] add key test for key files" new echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV $KEY1 || fail $CRYPTSETUP -d $KEY1 luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[10] delete key test with key1 as remaining key" new $CRYPTSETUP -d $KEY1 luksKillSlot $OPAL2_DEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 $OPAL2_DEV $DEV_NAME || fail # Delete last slot prepare "[11] delete last key" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail prepare "[12] open/close - stacked devices" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 /dev/mapper/$DEV_NAME $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[13] UUID - use and report provided UUID" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid blah --type luks2 --hw-opal $OPAL2_DEV 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail tst=$($CRYPTSETUP -q luksUUID $OPAL2_DEV) [ "$tst"x = "$TEST_UUID"x ] || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $OPAL2_DEV || fail tst=$($CRYPTSETUP -q luksUUID $OPAL2_DEV) [ "$tst"x = "$TEST_UUID"x ] || fail prepare "[14] luksFormat" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 --hw-opal $OPAL2_DEV || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 512 --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP luksOpen -d $KEY_PWD1 $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by UUID if [ -d /dev/disk/by-uuid ] ; then $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # skip tests using empty passphrases if ! fips_mode; then # empty passphrase (OPAL admin pin cannot be empty) echo -e "\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --force-password || fail $CRYPTSETUP luksOpen -d $KEYE $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # format hw-opal-only echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 --hw-opal-only $OPAL2_DEV || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --uuid $TEST_UUID --type luks2 --hw-opal-only $OPAL2_DEV || fail $CRYPTSETUP luksOpen -d $KEY_PWD1 $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by UUID if [ -d /dev/disk/by-uuid ] ; then $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY_PWD1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # skip tests using empty passphrases if ! fips_mode; then # empty passphrase (OPAL admin pin cannot be empty) echo -e "\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --force-password || fail $CRYPTSETUP luksOpen -d $KEYE $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # open by volume key echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY2 --type luks2 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP luksOpen --volume-key-file /dev/urandom $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen --volume-key-file $KEY2 $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[15] AddKey volume key, passphrase and keyfile" wipe # volumekey echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --volume-key-file /dev/zero --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/zero --key-slot 4 || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || fail # special "-" handling echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 3 || fail echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 - || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d - --test-passphrase || fail echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d - $KEY2 || fail $CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY2 --test-passphrase || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail # [0]PWD3 [1]PWD2 [3]PWD1 [4]KEY2 echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 3 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 4 || fail $CRYPTSETUP luksOpen $OPAL2_DEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail # passphrase/keyfile echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 --key-slot 0 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail echo $PWD3 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --key-slot 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $OPAL2_DEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail # keyfile/passphrase echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV $KEY_PWD1 --key-slot 2 --new-keyfile-size 8 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" || fail prepare "[16] RemoveKey passphrase and keyfile" reuse $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" || fail $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY_PWD1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2" && fail $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY_PWD1 2>/dev/null && fail [ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code" $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" || fail $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "4: luks2" && fail # if password or keyfile is provided, batch mode must not suppress it echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 -q 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 --key-file=- 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 --key-file=- -q 2>/dev/null && fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" || fail # kill slot using passphrase from 1 echo $PWD2 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 2 2>/dev/null || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail # remove key0 / slot 0 echo $PWD3 | $CRYPTSETUP luksRemoveKey $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" && fail # last keyslot, in batch mode no passphrase needed... $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" && fail prepare "[17] create & resize" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail # OPAL2 devices cannot be resized $CRYPTSETUP -q resize --size 99 $DEV_NAME <&- 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q resize --size 99 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT -q --type luks2 --hw-opal-only $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail # OPAL2 devices cannot be resized $CRYPTSETUP -q resize --size 99 $DEV_NAME <&- 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q resize --size 99 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail prepare "[18] Disallow open/create if already mapped." wipe $CRYPTSETUP create -q $DEV_NAME $OPAL2_DEV -d $KEY1 2>/dev/null || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen -q $OPAL2_DEV $DEV_NAME2 >/dev/null 2>&1 && fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 || fail "OPAL segment perhaps locked after failed activation over already active device." $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[19] luksDump" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $OPAL2_DEV -d $KEY_PWD1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q $TEST_UUID || fail echo $PWDW | $CRYPTSETUP luksDump $OPAL2_DEV --dump-volume-key 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksDump $OPAL2_DEV --dump-volume-key | grep -q "MK dump:" || fail $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key -d $KEY_PWD1 | grep -q "MK dump:" || fail echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-master-key --master-key-file $VK_FILE >/dev/null || fail rm -f $VK_FILE echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $OPAL2_DEV || fail # Use volume key file without keyslots echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksRemoveKey -q $OPAL2_DEV || fail $CRYPTSETUP luksOpen --volume-key-file $VK_FILE --key-size 512 --test-passphrase $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE --key-size 512 $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $OPAL2_DEV || fail prepare "[20] ChangeKey passphrase and keyfile" wipe # [0]PWD1 [1]PWD2 echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 756k >/dev/null || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 --key-slot 1 || fail # [0]KEY2 [1]PWD2 $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY_PWD1 $KEY2 --key-slot 0 || fail # [0]KEY2 [1]PWD1 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 1 || fail # [0]KEY1 [1]PWD1 - with LUKS2 it should stay $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail # [0]KEY1 [1]PWD2 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2" && fail # test out of raw area, change in-place (space only for 2 keyslots) $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "0: luks2" || fail $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail # make a free space in keyslot area echo $PWD2 | $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 0 || fail # assert LUKS2 does not overwrite existing area with specific keyslot id AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_OLD -gt 0 ] || fail echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey --key-slot 1 $OPAL2_DEV $FAST_PBKDF_OPT || fail AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_NEW -gt 0 ] || fail [ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" # assert LUKS2 does not overwrite existing area with any sklot AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_OLD -gt 0 ] || fail echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT || fail AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $OPAL2_DEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_NEW -gt 0 ] || fail [ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" prepare "[21] Keyfile limit" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $KEY1 --new-keyfile-size 13 $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $OPAL2_DEV -q 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 2>/dev/null && fail $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 -l -1 2>/dev/null && fail $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $OPAL2_DEV $KEY2 -l 12 || fail $CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 2>/dev/null && fail [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" $CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail $CRYPTSETUP luksChangeKey $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail # -l is ignored for stdin if _only_ passphrase is used echo $PWD1 | $CRYPTSETUP luksAddKey $OPAL2_DEV -d $KEY2 $FAST_PBKDF_OPT || fail # this is stupid, but expected echo $PWD1 | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -l 11 2>/dev/null && fail echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -l 12 2>/dev/null && fail echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $OPAL2_DEV -d- -l 12 || fail # offset echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $KEY1 --new-keyfile-offset 16 --new-keyfile-size 13 $FAST_PBKDF_OPT || fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail $CRYPTSETUP luksOpen -d $KEY2 $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[22] Suspend/Resume" wipe # OPAL+dm-crypt echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail [ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # OPAL only echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail [ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[23] luksOpen/Resume with specified key slot number" wipe # first, let's try passphrase option echo -e "$PWD3\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -S 5 --type luks2 --hw-opal $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $OPAL2_DEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat -q -S 5 $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo "$PWD1" | $CRYPTSETUP luksChangeKey -q -S 5 $FAST_PBKDF_OPT $OPAL2_DEV $KEY5 || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $OPAL2_DEV $KEY1 || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $OPAL2_DEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail $CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksOpen -S 1 -d $KEY5 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail $CRYPTSETUP luksOpen -S 5 -d $KEY1 $OPAL2_DEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail prepare "[24] Detached LUKS header" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 8192 || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 4096 >/dev/null || fail $CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: hw-opal-crypt" -A1 | grep -qe $((4096*512)) || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --align-payload 0 --sector-size 512 || fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail dd if=$OPAL2_DEV of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail dd if=$OPAL2_DEV of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=4K count=1 iflag=direct >/dev/null 2>&1 || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail rm $HEADER_IMG || fail # create exactly 16 MiBs LUKS2 header echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG --luks2-keyslots-size 16352k --luks2-metadata-size 16k --offset 131072 >/dev/null || fail SIZE=$(stat --printf=%s $HEADER_IMG) test $SIZE -eq 16777216 || fail $CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[bytes\]" || fail prepare "[25] LUKS erase" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase -q $OPAL2_DEV || fail $CRYPTSETUP isLuks -q $OPAL2_DEV && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase -q $OPAL2_DEV || fail $CRYPTSETUP isLuks -q $OPAL2_DEV && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail # test psid reset once with valgrind $CRYPTSETUP luksErase --hw-opal-factory-reset --key-file $OPAL2_PSID_FILE $OPAL2_DEV -q || fail prepare "[26] LUKS convert" wipe # create almost compatible LUKS2 device except OPAL segment echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 -s256 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP -q convert --type luks1 $OPAL2_DEV >/dev/null 2>&1 && fail $CRYPTSETUP isLuks --type luks2 $OPAL2_DEV || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 --hw-opal-only $OPAL2_DEV || fail $CRYPTSETUP -q convert --type luks1 $OPAL2_DEV >/dev/null 2>&1 && fail $CRYPTSETUP isLuks --type luks2 $OPAL2_DEV || fail if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then prepare "[27] LUKS2 key in keyring" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --header $HEADER_IMG || fail # check keyring support detection works as expected rmmod dm-crypt >/dev/null 2>&1 || true echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume --disable-keyring $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail fi prepare "[28] tokens" wipe if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then test_and_prepare_keyring echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q || fail run_token_tests keyctl unlink "%user:$TEST_TOKEN0" $TEST_KEYRING || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV -q || fail run_token_tests fi echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 10 || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 11 --json-file - || fail echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 $CRYPTSETUP token import $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE0 || fail $CRYPTSETUP token import $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE0 2>/dev/null && fail $CRYPTSETUP token export $OPAL2_DEV --token-id 10 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $OPAL2_DEV --token-id 11 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $OPAL2_DEV --token-id 12 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $OPAL2_DEV --token-id 12 --json-file $TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $OPAL2_DEV --token-id 12 > $TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail prepare "[29] LUKS keyslot priority" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -S 1 || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q $OPAL2_DEV $FAST_PBKDF_OPT -S 5 || fail $CRYPTSETUP config $OPAL2_DEV -S 0 --priority prefer && fail $CRYPTSETUP config $OPAL2_DEV -S 1 --priority bla >/dev/null 2>&1 && fail $CRYPTSETUP config $OPAL2_DEV -S 1 --priority ignore || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase -S 1 || fail echo $PWD2 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase || fail $CRYPTSETUP config $OPAL2_DEV -S 1 --priority normal || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase || fail $CRYPTSETUP config $OPAL2_DEV -S 1 --priority ignore || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV --test-passphrase 2>/dev/null && fail prepare "[30] LUKS label and subsystem" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "HW-OPAL" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "(no label)" || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --subsystem SatelliteTwo --label TheLabel || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteTwo" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "TheLabel" || fail $CRYPTSETUP config $OPAL2_DEV --subsystem SatelliteThree $CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "(no label)" || fail $CRYPTSETUP config $OPAL2_DEV --subsystem SatelliteThree --label TheLabel $CRYPTSETUP luksDump $OPAL2_DEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Label:" | grep -q "TheLabel" || fail prepare "[31] LUKS PBKDF setting" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal --pbkdf bla $OPAL2_DEV >/dev/null 2>&1 && fail # Force setting, no benchmark. PBKDF2 has 1000 iterations as a minimum echo -e "$PWD1\n$OPAL2_ADMIN_PIN" |$CRYPTSETUP luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 --pbkdf-force-iterations 999 $OPAL2_DEV 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 --pbkdf-force-iterations 1234 $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Iterations:" | grep -q "1234" || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2id --pbkdf-force-iterations 3 $OPAL2_DEV 2>/dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 100000 $OPAL2_DEV || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "argon2id" || can_fail_fips echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2i --pbkdf-force-iterations 4 \ --pbkdf-memory 1234 --pbkdf-parallel 1 $OPAL2_DEV || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "argon2i" || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep "Time cost:" | grep -q "4" || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep "Memory:" | grep -q "1234" || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep "Threads:" | grep -q "1" || can_fail_fips # Benchmark echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf argon2i -i 500 --pbkdf-memory 1234 --pbkdf-parallel 1 $OPAL2_DEV || can_fail_fips [ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep "Time cost:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips [ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep "Memory:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal --pbkdf pbkdf2 -i 500 $OPAL2_DEV || fail [ 0"$($CRYPTSETUP luksDump $OPAL2_DEV | grep -m1 "Iterations:" | cut -d' ' -f 2 | sed -e 's/\ //g')" -gt 1000 ] || fail prepare "[32] LUKS Keyslot convert" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 0 || fail echo "$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 5 $OPAL2_DEV $KEY5 || fail $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 0 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "pbkdf2" || fail $CRYPTSETUP -q luksConvertKey $OPAL2_DEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "5: luks2" || can_fail_fips echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV -S 1 --key-file $KEY5 || fail $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 5 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "PBKDF:" | grep -q "pbkdf2" || fail echo $PWD1 | $CRYPTSETUP -q luksConvertKey $OPAL2_DEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "1: luks2" || can_fail_fips echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 21 --unbound -s 72 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $OPAL2_DEV || fail prepare "[33] luksAddKey unbound tests" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-slot 5 || fail # unbound key may have arbitrary size echo $PWD1 | $CRYPTSETUP luksChangeKey -q $OPAL2_DEV $FAST_PBKDF_OPT -S5 $KEY5 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 72 $OPAL2_DEV || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 72 -S 2 $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2 (unbound)" || fail dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $OPAL2_DEV || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2 (unbound)" || fail # unbound key size is required echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $OPAL2_DEV 2>/dev/null && fail echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --volume-key-file /dev/urandom $OPAL2_DEV 2> /dev/null && fail # do not allow one to replace keyslot by unbound slot echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $OPAL2_DEV 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP -q open $OPAL2_DEV $DEV_NAME 2> /dev/null && fail echo $PWD2 | $CRYPTSETUP -q open -S2 $OPAL2_DEV $DEV_NAME 2> /dev/null && fail echo $PWD2 | $CRYPTSETUP -q open -S2 $OPAL2_DEV --test-passphrase || fail echo $PWD1 | $CRYPTSETUP -q open $OPAL2_DEV $DEV_NAME 2> /dev/null && fail # check we're able to change passphrase for unbound keyslot echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP open --test-passphrase -S 2 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP -q open -S 2 $OPAL2_DEV $DEV_NAME 2> /dev/null && fail # do not allow adding keyslot by unbound keyslot echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $OPAL2_DEV 2> /dev/null && fail # check adding keyslot works when there's unbound keyslot echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $OPAL2_DEV --key-file $KEY5 -S8 || fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 2 $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "2: luks2 (unbound)" && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 $OPAL2_DEV 2> /dev/null && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $OPAL2_DEV 2> /dev/null && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV > /dev/null || fail diff $KEY_FILE0 $KEY_FILE1 || fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV 2> /dev/null && fail diff $KEY_FILE0 $KEY_FILE1 || fail rm $KEY_FILE1 || fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $OPAL2_DEV | grep -q "Unbound Key:" && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $OPAL2_DEV | grep -q "Unbound Key:" || fail $CRYPTSETUP luksKillSlot -q $OPAL2_DEV 3 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep -q "3: luks2 (unbound)" && fail prepare "[34] LUKS2 metadata areas" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV 2> /dev/null || fail DEFAULT_OFFSET=$($CRYPTSETUP luksDump $OPAL2_DEV | grep "offset: " | cut -f 2 -d ' ') echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --luks2-metadata-size=128k --luks2-keyslots-size=127k 2> /dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --luks2-metadata-size=127k --luks2-keyslots-size=128k 2> /dev/null && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --luks2-metadata-size=128k --luks2-keyslots-size=129M >/dev/null 2>&1 && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --luks2-metadata-size=128k --luks2-keyslots-size=128k >/dev/null || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV --key-size 256 --luks2-metadata-size=128k || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "$((DEFAULT_OFFSET-2*131072)) \[bytes\]" || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --luks2-keyslots-size=128k >/dev/null || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --offset 16384 || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail $CRYPTSETUP luksDump $OPAL2_DEV | grep "Keyslots area:" | grep -q "8355840 \[bytes\]" || fail echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail # data offset vs area size echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --offset 64 --luks2-keyslots-size=8192 >/dev/null 2>&1 && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --offset $((256+56)) >/dev/null 2>&1 && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV --offset $((256+64)) >/dev/null || fail prepare "[35] Per-keyslot encryption parameters" wipe KEYSLOT_CIPHER="aes-cbc-plain64" echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal-only $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail echo $PWD1 | $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $KEY1 || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail $CRYPTSETUP luksAddKey -q $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail $CRYPTSETUP luksAddKey -q $OPAL2_DEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail $CRYPTSETUP luksChangeKey $OPAL2_DEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail # unbound keyslot echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 21 --unbound -s 72 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $OPAL2_DEV || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 22 --unbound -s 72 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $OPAL2_DEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $OPAL2_DEV || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $OPAL2_DEV | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail prepare "[36] Some encryption compatibility mode tests" wipe CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64" key_size=256 for cipher in $CIPHERS ; do echo -n "[$cipher/$key_size]" echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat --type luks2 --hw-opal $OPAL2_DEV $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail done echo prepare "[37] New luksAddKey options." wipe rm -f $VK_FILE echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat -q --type luks2 --hw-opal-only $FAST_PBKDF_OPT $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksDump -q $OPAL2_DEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail # pass pass echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $OPAL2_DEV || fail echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $OPAL2_DEV || fail # pass file echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $OPAL2_DEV $KEY1 || fail $CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $OPAL2_DEV || fail # file pass echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $OPAL2_DEV || fail echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $OPAL2_DEV || fail # file file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $OPAL2_DEV || fail $CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $OPAL2_DEV || fail # vk pass echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $OPAL2_DEV || fail echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S5 $OPAL2_DEV || fail # vk file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $OPAL2_DEV || fail $CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $OPAL2_DEV || fail if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then test_and_prepare_keyring load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_TOKEN1 $PWDW "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 0 -S0 || fail $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --token-id 1 --unbound || fail # pass token echo -e "$PWD1" | $CRYPTSETUP luksAddKey -q -S7 --new-token-id 1 $FAST_PBKDF_OPT $OPAL2_DEV || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail # file token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 7 --new-token-id 1 -d $KEY1 $OPAL2_DEV || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail # vk token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --volume-key-file $VK_FILE --new-token-id 1 $OPAL2_DEV || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail # token pass echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --token-id 0 $OPAL2_DEV || fail echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S7 $OPAL2_DEV || fail # token file echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S8 --token-id 0 $OPAL2_DEV $KEY2 || fail $CRYPTSETUP open -q --test-passphrase -S8 --key-file $KEY2 $OPAL2_DEV || fail # token token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S9 --token-id 0 --new-token-id 1 $OPAL2_DEV || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $OPAL2_DEV && fail # reuse same token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 9 --token-id 0 --new-token-id 0 $OPAL2_DEV || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail # reuse same token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --token-id 0 --new-token-id 0 $OPAL2_DEV || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $OPAL2_DEV 9 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $OPAL2_DEV || fail fi if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then prepare "[38] Link VK to a keyring and use custom VK type." wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $OPAL2_DEV 2> /dev/null || fail KEY_NAME="cryptsetup:test_volume_key_id" test_and_prepare_keyring KID=$(echo -n test | keyctl padd user my_token @s) keyctl unlink $KID >/dev/null 2>&1 @s && SESSION_KEYRING_WORKS=1 KID=$(echo -n test | keyctl padd user my_token @us) keyctl unlink $KID >/dev/null 2>&1 @us && USER_SESSION_KEYRING_WORKS=1 test_vk_link $KEY_NAME "@u" test_vk_link $KEY_NAME "@u" "user" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "logon" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "user" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "user" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" # explicitly specify keyring key type test_vk_link $KEY_NAME "%keyring:$TEST_KEYRING_NAME" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" "user" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" test_vk_link_and_reactivate $KEY_NAME "@u" "user" test_vk_link_and_reactivate $KEY_NAME "@u" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link_and_reactivate $KEY_NAME "@s" "user" test_vk_link_and_reactivate $KEY_NAME "%:$TEST_KEYRING_NAME" "user" # explicitly specify keyring key type test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" "user" test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" # test numeric keyring name -5 is user session (@us) keyring echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring -5::%logon:$KEY_NAME || fail keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink "%logon:$KEY_NAME" @us || fail # test malformed keyring descriptions and key types # missing key description echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "%$TEST_KEYRING_NAME::" > /dev/null 2>&1 && fail # malformed keyring description echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring ":$TEST_KEYRING_NAME::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@uuu::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@usu::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user:" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "%user:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%0:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%blah:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --link-vk-to-keyring "@t::%userlogon:$KEY_NAME" > /dev/null 2>&1 && fail fi if ! fips_mode; then prepare "[39] LUKS2 reencryption/decryption blocked" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV || fail test_reencryption_does_not_init echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV || fail test_reencryption_does_not_init prepare "[40] LUKS2 reencryption/decryption blocked (detached header)" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --header $HEADER_IMG --type luks2 -s256 --hw-opal $OPAL2_DEV || fail test_reencryption_does_not_init $HEADER_IMG echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --header $HEADER_IMG --type luks2 --hw-opal-only $OPAL2_DEV || fail test_reencryption_does_not_init $HEADER_IMG prepare "[41] LUKS2 encryption blocked" wipe echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail test -b $DEV_NAME && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 -s256 --hw-opal $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail test -b $DEV_NAME && fail echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 32m $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV 2>/dev/null && fail $CRYPTSETUP isLuks $OPAL2_DEV && fail fi prepare "[42] OPAL2 HW only test." wipe test_device --hw-opal-only prepare "[43] OPAL2 + dmcrypt test." wipe test_device --hw-opal prepare "[44] OPAL2 + auth encryption" wipe test_device --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe test_device --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe prepare "[45] OPAL2 HW only test (detached header)" wipe test_device_detached_header $HEADER_IMG --hw-opal-only prepare "[46] OPAL2 + dmcrypt test (detached header)" wipe test_device_detached_header $HEADER_IMG --hw-opal prepare "[47] OPAL2 + auth encryption test (detached header)" wipe test_device_detached_header $HEADER_IMG --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe test_device_detached_header $HEADER_IMG --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe # FIXME: Add partition based tests remove_mapping reset_device_psid_nofail exit 0 cryptsetup-2.8.0/tests/compat-test2000077500000000000000000002605621502645201100173640ustar00rootroot00000000000000#!/bin/bash PS4='$LINENO:' [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_RAW=$CRYPTSETUP if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then CRYPTSETUP_VALGRIND=$CRYPTSETUP else CRYPTSETUP_VALGRIND=../.libs/cryptsetup CRYPTSETUP_LIB_VALGRIND=../.libs fi DEV_NAME=dummy DEV_NAME2=dummy2 DEV_NAME3=dummy3 ORIG_IMG=luks-test-orig IMG=luks-test IMG10=luks-test-v10 HEADER_IMG=luks-header HEADER_KEYU=luks2_keyslot_unassigned.img HEADER_LUKS2_PV=blkid-luks2-pv.img HEADER_LUKS2_INV=luks2_invalid_cipher.img KEY1=key1 KEY2=key2 KEY5=key5 KEYE=keye PWD0="compatkey" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" PWD3="ocMakf3fAcQO" PWD4="Qx3qn46vq0v" PWDW="rUkL4RUryBom" TEST_KEYRING_NAME="compattest2_keyring" TEST_KEY_DESC0="compattest2_desc0" TEST_KEY_DESC1="compattest2_desc1" TEST_KEY_DESC2="compattest2_desc2" VK_FILE="compattest2_vkfile" IMPORT_TOKEN="{\"type\":\"some_type\",\"keyslots\":[],\"base64_data\":\"zxI7vKB1Qwl4VPB4D-N-OgcC14hPCG0IDu8O7eCqaQ\"}" TOKEN_FILE0=test-token-file0 TOKEN_FILE1=test-token-file1 KEY_FILE0=test-key-file0 KEY_FILE1=test-key-file1 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" TEST_UUID="12345678-1234-1234-1234-123456789abc" LOOPDEV=$(losetup -f 2>/dev/null) FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) remove_mapping() { [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME losetup -d $LOOPDEV >/dev/null 2>&1 rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE \ $HEADER_LUKS2_PV $HEADER_LUKS2_INV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* \ $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 # unlink whole test keyring [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null unset TEST_KEYRING rmmod scsi_debug >/dev/null 2>&1 scsi_debug_teardown $DEV } force_uevent() { DNAME=$(echo $LOOPDEV | cut -f3 -d /) echo "change" >/sys/block/$DNAME/uevent } fail() { [ -n "$1" ] && echo "$1" remove_mapping echo "FAILED backtrace:" while caller $frame; do ((frame++)); done exit 2 } _sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; } trap _sigchld CHLD fips_mode() { [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] } can_fail_fips() { # Ignore this fail if running in FIPS mode fips_mode || fail $1 } skip() { [ -n "$1" ] && echo "$1" remove_mapping exit 77 } prepare() { [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME case "$2" in wipe) remove_mapping dd if=/dev/zero of=$IMG bs=1M count=40 >/dev/null 2>&1 sync losetup $LOOPDEV $IMG ;; new) remove_mapping xz -cd compatimage.img.xz > $IMG xz -dk $HEADER_KEYU.xz # FIXME: switch to internal loop (no losetup at all) echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \ grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped." losetup $LOOPDEV $IMG xz -cd compatv10image.img.xz > $IMG10 ;; reuse | *) if [ ! -e $IMG ]; then xz -cd compatimage.img.xz > $IMG losetup $LOOPDEV $IMG fi [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10 ;; esac if [ ! -e $KEY1 ]; then #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 fi if [ ! -e $KEY2 ]; then dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1 fi if [ ! -e $KEY5 ]; then dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1 fi if [ ! -e $KEYE ]; then touch $KEYE fi cp $IMG $ORIG_IMG [ -n "$1" ] && echo "CASE: $1" } check_exists() { [ -b /dev/mapper/$DEV_NAME ] || fail } valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." [ ! -f valg.sh ] && fail "Unable to get location of valg runner script." if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" fi } valgrind_run() { INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" } dm_crypt_capi_support() { VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) VER_MIN=$(echo $VER_STR | cut -f 2 -d.) [ $VER_MAJ -gt 1 ] && return 0 if [ $VER_MIN -ge 16 ]; then return 0 fi return 1 } dm_crypt_keyring_support() { $CRYPTSETUP --version | grep -q KEYRING || return 1 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) VER_MIN=$(echo $VER_STR | cut -f 2 -d.) VER_PTC=$(echo $VER_STR | cut -f 3 -d.) test -d /proc/sys/kernel/keys || return 1 [ $VER_MAJ -gt 1 ] && return 0 [ $VER_MAJ -eq 1 -a $VER_MIN -gt 18 ] && return 0 [ $VER_MAJ -eq 1 -a $VER_MIN -eq 18 -a $VER_PTC -ge 1 ] && return 0 return 1 } dm_crypt_keyring_flawed() { dm_crypt_keyring_support && return 1; [ $VER_MAJ -gt 1 ] && return 0 [ $VER_MAJ -eq 1 -a $VER_MIN -ge 15 ] && return 0 return 1 } dm_crypt_keyring_new_kernel() { KER_STR=$(uname -r) [ -z "$KER_STR" ] && fail "Failed to parse kernel version." KER_MAJ=$(echo $KER_STR | cut -f 1 -d.) KER_MIN=$(echo $KER_STR | cut -f 2 -d.) [ $KER_MAJ -ge 5 ] && return 0 [ $KER_MAJ -eq 4 -a $KER_MIN -ge 15 ] && return 0 return 1 } dm_crypt_sector_size_support() { VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) VER_MIN=$(echo $VER_STR | cut -f 2 -d.) VER_PTC=$(echo $VER_STR | cut -f 3 -d.) [ $VER_MAJ -gt 1 ] && return 0 if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then return 0 fi return 1 } test_and_prepare_keyring() { command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped" keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped" TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null) test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring" keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1 load_key user test_key test_data "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." } # $1 type # $2 description # $3 payload # $4 keyring load_key() { [ -z "$4" ] && fail "Keyring not defined!" keyctl add $@ >/dev/null } setup_luks2_env() { echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV >/dev/null || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail HAVE_KEYRING=$($CRYPTSETUP status $DEV_NAME | grep "keyring") if [ -n "$HAVE_KEYRING" ]; then HAVE_KEYRING=1 else HAVE_KEYRING=0 fi if $($CRYPTSETUP --version | grep -q "BLKID"); then HAVE_BLKID=1 else HAVE_BLKID=0 fi $CRYPTSETUP close $DEV_NAME || fail } # $1 path to scsi debug bdev scsi_debug_teardown() { local _tries=15; while [ -b "$1" -a $_tries -gt 0 ]; do rmmod scsi_debug >/dev/null 2>&1 if [ -b "$1" ]; then sleep .1 _tries=$((_tries-1)) fi done test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1 } add_scsi_device() { scsi_debug_teardown $DEV if [ -d /sys/module/scsi_debug ] ; then echo "Cannot use scsi_debug module (in use or compiled-in), test skipped." exit 77 fi modprobe scsi_debug $@ delay=0 >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "This kernel seems to not support proper scsi_debug module, test skipped." exit 77 fi sleep 1 DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) [ -b $DEV ] || return 1 return 0 } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link_with_passphrase_check() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open --test-passphrase $LOOPDEV --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after --test-passphrase." if [ $KEY_TYPE = "user" ]; then $CRYPTSETUP open $LOOPDEV --test-passphrase --volume-key-keyring $KEY_DESC <&-|| fail "Failed to check volume passed via kernel keyring." fi keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $LOOPDEV || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 && fail "VK is unexpectedly linked to the specified keyring." } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 && fail "VK is linked to the specified keyring before resume with linking." $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink "$KEYCTL_KEY_NAME" "$2" || fail } # $1 key name # $2 keyring to link VK to # $3 key type (optional) test_vk_link_and_reactivate() { KEY_TYPE=${3:-user} if [ -z "$3" ]; then KEY_DESC=$1 else KEY_DESC="%$3:$1" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$2"::"$KEY_DESC" || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME || fail keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring $KEY_DESC <&-|| fail "Failed to unlock volume via a VK in keyring." $CRYPTSETUP luksSuspend $DEV_NAME || fail "Failed to suspend device." $CRYPTSETUP luksResume $DEV_NAME --volume-key-keyring $KEY_DESC <&- || fail "Failed to resume via a VK in keyring." echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-keyring $KEY_DESC $LOOPDEV --new-key-slot 1 || fail "Failed to add passphrase by VK in keyring." echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null || fail $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 2>/dev/null || fail $CRYPTSETUP close $DEV_NAME || fail # zero-out the key in keyring keyctl pipe $KEYCTL_KEY_NAME | tr -c '\0' '\0' | keyctl pupdate $KEYCTL_KEY_NAME $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring $KEY_DESC <&- > /dev/null 2>&1 && fail "Unlocked volume via a bad VK in keyring." keyctl search "$2" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after bad activation." keyctl unlink $KEYCTL_KEY_NAME "$2" || fail } # $1 first key name # $2 second key name # $3 keyring to link VK to # $4 key type (optional) test_reencrypt_vk_link() { KEY_TYPE=${4:-user} if [ -z "$4" ]; then KEY_DESC=$1 else KEY_DESC="%$4:$1" fi if [ -z "$4" ]; then KEY_DESC2=$2 else KEY_DESC2="%$4:$2" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" KEYCTL_KEY_NAME2="%$KEY_TYPE:$2" echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$3"::"$KEY_DESC" --link-vk-to-keyring "$3"::"$KEY_DESC2" || fail keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME || fail keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink $KEYCTL_KEY_NAME "$3" || fail keyctl unlink $KEYCTL_KEY_NAME2 "$3" || fail } # $1 first key name # $2 second key name # $3 keyring to link VK to # $4 key type (optional) test_reencrypt_vk_link_and_reactivate() { KEY_TYPE=${4:-user} if [ -z "$4" ]; then KEY_DESC=$1 else KEY_DESC="%$4:$1" fi if [ -z "$4" ]; then KEY_DESC2=$2 else KEY_DESC2="%$4:$2" fi KEYCTL_KEY_NAME="%$KEY_TYPE:$1" KEYCTL_KEY_NAME2="%$KEY_TYPE:$2" echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$3"::"$KEY_DESC" --link-vk-to-keyring "$3"::"$KEY_DESC2" || fail keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME || fail keyctl search "$3" $KEY_TYPE $1 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl search "$3" $KEY_TYPE $2 > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" || fail $CRYPTSETUP close $DEV_NAME || fail keyctl unlink $KEYCTL_KEY_NAME "$3" || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" > /dev/null 2>&1 && fail keyctl unlink $KEYCTL_KEY_NAME2 "$3" || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --volume-key-keyring "$KEY_DESC" --volume-key-keyring "$KEY_DESC2" > /dev/null 2>&1 && fail } expect_run() { export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" expect "$@" } # expected unlocked keyslot id # command arguments expect_unlocked_keyslot() { command -v expect >/dev/null || { echo "WARNING: expect tool missing, interactive test will be skipped." return 0 } EXPECT_TIMEOUT=60 EXPECT_KEY=$1 expect_run - >/dev/null </dev/null || { echo "WARNING: expect tool missing, interactive test will be skipped." return 0 } EXPECT_TIMEOUT=60 expect_run - >/dev/null </dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16385 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 32 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --align-payload 16384 --offset 16384 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16384 || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 1024 --offset 16384 >/dev/null || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail truncate -s 4096 $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG -q --offset 80000 >/dev/null 2>&1 || fail prepare "[2] Sector size and old payload alignment" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 511 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 256 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 8192 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 512 || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --align-payload 5 || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 512 --align-payload 5 || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 --align-payload 32 >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 4096 >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 --align-payload 32768 >/dev/null || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 4096 --align-payload 32768 >/dev/null || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail prepare "[3] format" wipe echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail prepare "[4] format using hash sha512" wipe echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail # Check JSON dump for some mandatory section $CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata | grep -q '"tokens":' || fail prepare "[5] open" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists # Key Slot 1 and key material section 1 must change, the rest must not. prepare "[6] add key" echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Unsuccessful Key Delete - nothing may change prepare "[7] unsuccessful delete" echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail [ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code" #FIXME #$CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail #$CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail # Delete Key Test # Key Slot 1 and key material section 1 must change, the rest must not prepare "[8] successful delete" $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[9] add key test for key files" echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[10] delete key test with key1 as remaining key" $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail # Delete last slot prepare "[11] delete last key" wipe echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # Format test for ESSIV, and some other parameters. prepare "[12] parameter variation test" wipe $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV $KEY1 || fail $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail prepare "[13] open/close - stacked devices" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 /dev/mapper/$DEV_NAME $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[14] format/open - passphrase on stdin & new line" wipe # stdin defined by "-" must take even newline #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks2 $LOOPDEV || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # now also try --key-file echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks2 $LOOPDEV --key-file=- || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # process newline if from stdin echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks2 $LOOPDEV || fail echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[15] UUID - use and report provided UUID" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid blah --type luks2 $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail prepare "[16] luksFormat" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 $LOOPDEV -d $KEY1 || fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 256 --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by UUID if [ -d /dev/disk/by-uuid ] ; then force_uevent # some systems do not update loop by-uuid $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # skip tests using empty passphrases if ! fips_mode; then # empty keyfile $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEYE || fail $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail fi # open by volume key echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 --type luks2 $LOOPDEV || fail $CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen --volume-key-file $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[17] AddKey volume key, passphrase and keyfile" wipe # volumekey echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail # special "-" handling $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail # passphrase/keyfile echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail # keyfile/passphrase echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail prepare "[18] RemoveKey passphrase and keyfile" reuse $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail [ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code" $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" && fail # if password or keyfile is provided, batch mode must not suppress it echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail # kill slot using passphrase from 1 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail # remove key0 / slot 0 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" && fail # last keyslot, in batch mode no passphrase needed... $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail prepare "[19] create & status & resize" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail if dm_crypt_keyring_support; then echo | $CRYPTSETUP -q resize --size 100 $DEV_NAME 2>/dev/null && fail if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then test_and_prepare_keyring load_key user $TEST_KEY_DESC2 $PWD1 "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC2 --token-id 1 || fail $CRYPTSETUP -q resize --size 99 $DEV_NAME <&- || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "99 \[512-byte units\]" || fail #replace kernel key with wrong pass load_key user $TEST_KEY_DESC2 $PWD2 "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." # must fail due to --token-only echo $PWD1 | $CRYPTSETUP -q resize --token-only --size 100 $DEV_NAME && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" && fail # resize with keyring description load_key user $TEST_KEY_DESC1 $PWD1 "$TEST_KEYRING" || fail $CRYPTSETUP -q resize --size 99 $DEV_NAME --key-description $TEST_KEY_DESC1 || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "99 \[512-byte units\]" || fail fi fi echo $PWD1 | $CRYPTSETUP -q resize --size 100 $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 51200 $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 1M $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 512k --size 1024 $DEV_NAME > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 4097 $DEV_NAME > /dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen --disable-keyring $LOOPDEV $DEV_NAME || fail echo | $CRYPTSETUP -q resize --size 100 $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail if dm_crypt_keyring_support; then $CRYPTSETUP -q resize --disable-keyring --size 100 $DEV_NAME 2>/dev/null && fail fi if dm_crypt_sector_size_support; then $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 4096 $LOOPDEV > /dev/null || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 1M $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 2049s $DEV_NAME > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q resize --size 2049 $DEV_NAME > /dev/null 2>&1 && fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 \[512-byte units\]" || fail fi $CRYPTSETUP close $DEV_NAME || fail # Resize not aligned to logical block size add_scsi_device dev_size_mb=32 sector_size=4096 || fail "scsi_debug device not found" echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV || fail echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') #' echo $PWD1 | $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail dmsetup info $DEV_NAME | grep -q SUSPENDED && fail NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') #' test $OLD_SIZE -eq $NEW_SIZE || fail $CRYPTSETUP close $DEV_NAME || fail prepare "[20] Disallow open/create if already mapped." wipe $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --cipher aes-cbc-essiv:sha256 --key-size 256 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[21] luksDump" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key | grep -q "MK dump:" || fail $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE >/dev/null || fail rm -f $VK_FILE echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $LOOPDEV || fail # Use volume key file without keyslots $CRYPTSETUP luksErase -q $LOOPDEV || fail $CRYPTSETUP luksOpen --volume-key-file $VK_FILE --key-size 256 --test-passphrase $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE --key-size 256 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $LOOPDEV || fail prepare "[22] remove disappeared device" wipe dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail # underlying device now returns error but node is still present dmsetup load $DEV_NAME --table "0 40000 error" || fail dmsetup resume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail dmsetup remove --retry $DEV_NAME || fail prepare "[23] ChangeKey passphrase and keyfile" wipe # [0]$KEY1 [1]key0 $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 256k >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail # keyfile [0] / keyfile [0] $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail # passphrase [1] / passphrase [1] echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail # keyfile [0] / keyfile [new] - with LUKS2 it should stay $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail # passphrase [1] / passphrase [new] echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail # test out of raw area, change in-place (space only for 2 keyslots) $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail # make a free space in keyslot area echo $PWD1 | $CRYPTSETUP luksKillSlot -q $LOOPDEV 0 || fail # assert LUKS2 does not overwrite existing area with specific keyslot id AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_OLD -gt 0 ] || fail echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey --key-slot 1 $LOOPDEV $FAST_PBKDF_OPT AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_NEW -gt 0 ] || fail [ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" # assert LUKS2 does not overwrite existing area with any sklot AREA_OFFSET_OLD=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_OLD -gt 0 ] || fail echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT AREA_OFFSET_NEW=$($CRYPTSETUP luksDump $LOOPDEV | grep -e "1: luks2" -A12 | grep -e "Area offset:" | cut -d: -f 2 | sed -e 's/[[:space:]]*\[bytes\]//g') [ 0$AREA_OFFSET_NEW -gt 0 ] || fail [ $AREA_OFFSET_OLD -ne $AREA_OFFSET_NEW ] || fail "Area offsets remained same: old area $AREA_OFFSET_OLD, new area $AREA_OFFSET_NEW" prepare "[24] Keyfile limit" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l -1 2>/dev/null && fail $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail # -l is ignored for stdin if _only_ passphrase is used echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail # this is stupid, but expected echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail # offset $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[25] Suspend/Resume" wipe # LUKS echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail [ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[26] luksOpen/Resume with specified key slot number" wipe # first, let's try passphrase option echo $PWD3 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -S 5 --type luks2 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles $CRYPTSETUP -q luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # test keyslot not assigned to segment is unable to unlock volume # otoh it should be allowed to test for proper passphrase prepare "" new echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0 $CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail prepare "[27] Detached LUKS header" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 4096 >/dev/null || fail $CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512)) || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 0 --sector-size 512 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 \[512-byte units\]" || fail $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail rm $HEADER_IMG || fail # create exactly 16 MiBs LUKS2 header echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --luks2-keyslots-size 16352k --luks2-metadata-size 16k --offset 131072 >/dev/null || fail SIZE=$(stat --printf=%s $HEADER_IMG) test $SIZE -eq 16777216 || fail $CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[bytes\]" || fail prepare "[28] Repair metadata" wipe xz -dk $HEADER_LUKS2_PV.xz if [ "$HAVE_BLKID" -gt 0 ]; then $CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail fi $CRYPTSETUP -q repair $HEADER_LUKS2_PV >/dev/null || fail $CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail $CRYPTSETUP isLuks --type luks1 $HEADER_LUKS2_PV && fail prepare "[29] LUKS erase" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" && fail prepare "[30] LUKS convert" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata >/dev/null 2>&1 && fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail # hash test $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha512 || fail $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail # sector size test $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 1024 $LOOPDEV $KEY5 || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail # create LUKS1 with data offset not aligned to 4KiB $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --align-payload 4097 || fail $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail $CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail # keyslot 1 area offset is higher than keyslot 0 area echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --key-slot 0 $LOOPDEV || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_OPT --key-slot 1 $LOOPDEV || fail echo -e "$PWD1\n$PWD1" | $CRYPTSETUP -q luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail # convert to LUKS1 and back; LUKS1 does not store length, only offset $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail if dm_crypt_keyring_flawed; then prepare "[31] LUKS2 keyring dm-crypt bug" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail # key must not load in kernel key even when dm-crypt module is missing if rmmod dm-crypt >/dev/null 2>&1; then echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail fi fi if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then prepare "[32] LUKS2 key in keyring" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail # check keyring support detection works as expected rmmod dm-crypt >/dev/null 2>&1 || true echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksResume --disable-keyring $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP close $DEV_NAME || fail fi # FIXME: candidate for non-root tests prepare "[33] tokens" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then test_and_prepare_keyring $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC0 --token-id 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" || fail # keyslot 5 is inactive $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC1 --key-slot 5 2> /dev/null && fail # key description is not reachable $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail # wrong passphrase load_key user $TEST_KEY_DESC0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && fail load_key user $TEST_KEY_DESC0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail $CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail $CRYPTSETUP status $DEV_NAME > /dev/null || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume $DEV_NAME <&- || fail $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail $CRYPTSETUP close $DEV_NAME || fail # check --token-type sort of works (TODO: extend tests when native systemd tokens are available) echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 22 || fail # this excludes keyring tokens from unlocking device $CRYPTSETUP open --token-only --token-type some_type $LOOPDEV --test-passphrase && fail $CRYPTSETUP open --token-only --token-type some_type $LOOPDEV $DEV_NAME && fail $CRYPTSETUP status $DEV_NAME > /dev/null && fail $CRYPTSETUP token remove --token-id 3 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail # test we can remove keyslot with token echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC1 --key-slot 4 --token-id 0 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail # test we can add unassigned token $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC0 --unbound --token-id 0 || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail # test token unassign works $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC0 -S0 --token-id 0 || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV || fail $CRYPTSETUP token unassign --token-id 0 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign -S0 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV || fail $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 0 -S44 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token unassign --token-id 44 -S0 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP token remove $LOOPDEV --token-id 0 || fail $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC0 -S0 --token-id 0 || fail # token 8 assigned to keyslot 0 and 5. Unlocks only 5 echo "$PWD2" | $CRYPTSETUP luksAddKey -q -S5 $FAST_PBKDF_OPT --token-id 0 $LOOPDEV || fail echo -n "{\"type\":\"luks2-keyring\",\"keyslots\":[\"0\",\"5\"],\"key_description\":\"$TEST_KEY_DESC1\"}" | $CRYPTSETUP token import $LOOPDEV --token-id 8 || fail load_key user $TEST_KEY_DESC1 "$PWD2" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" # token 3 assigned to keyslot 1 (wrong passphrase) echo "$PWD3" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT --token-id 0 $LOOPDEV || fail $CRYPTSETUP token add $LOOPDEV --key-description $TEST_KEY_DESC2 -S1 --token-id 3 || fail load_key user $TEST_KEY_DESC2 "$PWDW" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" # specific token, specific keyslot $CRYPTSETUP open --test-passphrase --token-id 0 -S0 $LOOPDEV --token-only <&- || fail # specific keyslot unlocked by any token $CRYPTSETUP open --test-passphrase -S0 $LOOPDEV --token-only <&- || fail # token 0 unusable for keyslot 5 $CRYPTSETUP open --test-passphrase --token-id 0 -S5 $LOOPDEV --token-only <&- >/dev/null && fail # backup interactive prompt should work echo $PWD2 | $CRYPTSETUP open --test-passphrase --token-id 0 -S5 $LOOPDEV || fail $CRYPTSETUP open --test-passphrase -S5 --token-id 8 $LOOPDEV <&- || fail $CRYPTSETUP open --test-passphrase -S5 $LOOPDEV <&- || fail expect_unlocked_keyslot 5 "open -v --test-passphrase --token-id 8 -S5 $LOOPDEV" || fail expect_unlocked_keyslot 5 "open -v --test-passphrase --token-id 8 $LOOPDEV" || fail $CRYPTSETUP open --test-passphrase -S0 --token-id 8 $LOOPDEV --token-only >/dev/null && fail [ $? -ne 2 ] && fail "open should return EPERM exit code." $CRYPTSETUP open --test-passphrase -S1 $LOOPDEV --token-only && fail [ $? -ne 2 ] && fail "open should return EPERM exit code." fi echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json-file - || fail echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 $CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 || fail $CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 2>/dev/null && fail $CRYPTSETUP token export $LOOPDEV --token-id 10 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $LOOPDEV --token-id 11 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $LOOPDEV --token-id 12 >$TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $LOOPDEV --token-id 12 --json-file $TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail $CRYPTSETUP token export $LOOPDEV --token-id 12 > $TOKEN_FILE1 || fail diff $TOKEN_FILE0 $TOKEN_FILE1 || fail prepare "[34] LUKS keyslot priority" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -S 1 || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail $CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail $CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail prepare "[35] LUKS label and subsystem" wipe echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "(no subsystem)" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "(no label)" || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --subsystem SatelliteTwo --label TheLabel || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteTwo" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "TheLabel" || fail $CRYPTSETUP config $LOOPDEV --subsystem SatelliteThree $CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "(no label)" || fail $CRYPTSETUP config $LOOPDEV --subsystem SatelliteThree --label TheLabel $CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "TheLabel" || fail prepare "[36] LUKS PBKDF setting" wipe echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --pbkdf bla $LOOPDEV >/dev/null 2>&1 && fail # Force setting, no benchmark. PBKDF2 has 1000 iterations as a minimum echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 999 $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1234 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Iterations:" | grep -q "1234" || fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2id --pbkdf-force-iterations 3 $LOOPDEV 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 100000 $LOOPDEV || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "argon2id" || can_fail_fips echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2i --pbkdf-force-iterations 4 \ --pbkdf-memory 1234 --pbkdf-parallel 1 $LOOPDEV || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "argon2i" || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep "Time cost:" | grep -q "4" || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep "Memory:" | grep -q "1234" || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep "Threads:" | grep -q "1" || can_fail_fips # Benchmark echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2i -i 500 --pbkdf-memory 1234 --pbkdf-parallel 1 $LOOPDEV || can_fail_fips [ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep "Time cost:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips [ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep "Memory:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 -i 500 $LOOPDEV || fail [ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep -m1 "Iterations:" | cut -d' ' -f 2 | sed -e 's/\ //g')" -gt 1000 ] || fail prepare "[37] LUKS Keyslot convert" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail $CRYPTSETUP -q luksConvertKey $LOOPDEV --key-file $KEY5 2>/dev/null && fail $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || can_fail_fips echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 5 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail echo $PWD1 | $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || can_fail_fips echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 21 --unbound -s 72 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $LOOPDEV || fail prepare "[38] luksAddKey unbound tests" wipe $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail # unbound key may have arbitrary size echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 72 $LOOPDEV || fail echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 72 -S 2 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" || fail dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail # unbound key size is required echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --volume-key-file /dev/urandom $LOOPDEV 2> /dev/null && fail # do not allow one to replace keyslot by unbound slot echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $LOOPDEV 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV $DEV_NAME 2> /dev/null && fail echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV --test-passphrase || fail echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail # check we're able to change passphrase for unbound keyslot echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP open --test-passphrase -S 2 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP -q open -S 2 $LOOPDEV $DEV_NAME 2> /dev/null && fail # do not allow adding keyslot by unbound keyslot echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $LOOPDEV 2> /dev/null && fail # check adding keyslot works when there's unbound keyslot echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP luksKillSlot -q $LOOPDEV 2 $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 $LOOPDEV 2> /dev/null && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $LOOPDEV 2> /dev/null && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV > /dev/null || fail diff $KEY_FILE0 $KEY_FILE1 || fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV 2> /dev/null && fail diff $KEY_FILE0 $KEY_FILE1 || fail rm $KEY_FILE1 || fail echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV | grep -q "Unbound Key:" && fail echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $LOOPDEV | grep -q "Unbound Key:" || fail $CRYPTSETUP luksKillSlot -q $LOOPDEV 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" && fail prepare "[39] LUKS2 metadata variants" wipe tar xJf luks2_mda_images.tar.xz echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 for mda in 16 32 64 128 256 512 1024 2048 4096 ; do echo -n "[$mda KiB]" echo $PWD4 | $CRYPTSETUP open test_image_$mda $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -q -S9 $FAST_PBKDF_OPT test_image_$mda || fail echo $PWD4 | $CRYPTSETUP open --test-passphrase test_image_$mda || fail echo $PWD3 | $CRYPTSETUP open -S9 --test-passphrase test_image_$mda || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import test_image_$mda --token-id 10 || fail $CRYPTSETUP token export test_image_$mda --token-id 10 >$TOKEN_FILE1 || fail diff $TOKEN_FILE1 $TOKEN_FILE0 || fail echo -n "[OK]" done echo prepare "[40] LUKS2 metadata areas" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2> /dev/null || fail DEFAULT_OFFSET=$($CRYPTSETUP luksDump $LOOPDEV | grep "offset: " | cut -f 2 -d ' ') echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128k 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=127k 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=127k --luks2-keyslots-size=128k 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=129M >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128k >/dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "$((DEFAULT_OFFSET-2*131072)) \[bytes\]" || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-keyslots-size=128k >/dev/null || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset 16384 || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail $CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "8355840 \[bytes\]" || fail # data offset vs area size echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset 64 --luks2-keyslots-size=8192 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset $((256+56)) >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset $((256+64)) >/dev/null || fail prepare "[41] Per-keyslot encryption parameters" wipe KEYSLOT_CIPHER="aes-cbc-plain64" $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail $CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail $CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail # unbound keyslot echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 21 --unbound -s 72 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 22 --unbound -s 72 $LOOPDEV || fail echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail [ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail prepare "[42] Some encryption compatibility mode tests" wipe CIPHERS="aes-ecb aes-cbc-null aes-cbc-plain64 aes-cbc-essiv:sha256 aes-xts-plain64" key_size=256 for cipher in $CIPHERS ; do echo -n "[$cipher/$key_size]" $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --cipher $cipher --key-size $key_size || fail done echo prepare "[43] New luksAddKey options." wipe rm -f $VK_FILE echo "$PWD1" | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG || fail echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail # pass pass echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail # pass file echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail $CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail # file pass echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail # file file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail $CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail # vk pass echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail # vk file $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail $CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then test_and_prepare_keyring load_key user $TEST_KEY_DESC0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_KEY_DESC1 $PWDW "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" $CRYPTSETUP token add $IMG --key-description $TEST_KEY_DESC0 --token-id 0 -S0 || fail $CRYPTSETUP token add $IMG --key-description $TEST_KEY_DESC1 --token-id 1 --unbound || fail # pass token echo -e "$PWD1" | $CRYPTSETUP luksAddKey -q -S7 --new-token-id 1 $FAST_PBKDF_OPT $IMG || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail # file token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 7 --new-token-id 1 -d $KEY1 $IMG || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail # vk token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --volume-key-file $VK_FILE --new-token-id 1 $IMG || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail # token pass echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --token-id 0 $IMG || fail echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S7 $IMG || fail # token file echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S8 --token-id 0 $IMG $KEY2 || fail $CRYPTSETUP open -q --test-passphrase -S8 --key-file $KEY2 $IMG || fail # token token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S9 --token-id 0 --new-token-id 1 $IMG || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail # reuse same token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 9 --token-id 0 --new-token-id 0 $IMG || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail # reuse same token $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --token-id 0 --new-token-id 0 $IMG || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail fi if dm_crypt_capi_support; then prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe xz -dk $HEADER_LUKS2_INV.xz dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1 $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \ "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768" $CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail $CRYPTSETUP close $DEV_NAME ||fail fi if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then prepare "[45] Link VK to a keyring and use custom VK type." wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2> /dev/null || fail KEY_NAME="cryptsetup:test_volume_key_id" KEY_NAME2="cryptsetup:test_volume_key_id2" KEY_NAME3="cryptsetup:test_volume_key_id3" test_and_prepare_keyring KID=$(echo -n test | keyctl padd user my_token @s) keyctl unlink $KID >/dev/null 2>&1 @s && SESSION_KEYRING_WORKS=1 KID=$(echo -n test | keyctl padd user my_token @us) keyctl unlink $KID >/dev/null 2>&1 @us && USER_SESSION_KEYRING_WORKS=1 test_vk_link $KEY_NAME "@u" test_vk_link $KEY_NAME "@u" "user" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "logon" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link $KEY_NAME "@s" "user" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "user" test_vk_link $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" # explicitly specify keyring key type test_vk_link $KEY_NAME "%keyring:$TEST_KEYRING_NAME" test_vk_link_and_reactivate $KEY_NAME "@u" "user" test_vk_link_and_reactivate $KEY_NAME "@u" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_vk_link_and_reactivate $KEY_NAME "@s" "user" test_vk_link_and_reactivate $KEY_NAME "%:$TEST_KEYRING_NAME" "user" # explicitly specify keyring key type test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" "user" test_vk_link_and_reactivate $KEY_NAME "%keyring:$TEST_KEYRING_NAME" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" "user" test_vk_link_with_passphrase_check $KEY_NAME "%:$TEST_KEYRING_NAME" "logon" # test numeric keyring name -5 is user session (@us) keyring echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring -5::%logon:$KEY_NAME || fail keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after activation." $CRYPTSETUP close $DEV_NAME keyctl search @us logon $KEY_NAME > /dev/null 2>&1 || fail "VK is not linked to the specified keyring after deactivation." keyctl unlink "%logon:$KEY_NAME" @us || fail # test malformed keyring descriptions and key types # missing key description echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "%$TEST_KEYRING_NAME::" > /dev/null 2>&1 && fail # malformed keyring description echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring ":$TEST_KEYRING_NAME::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@uuu::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@usu::$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "$TEST_KEYRING_NAME::%user:" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "%user:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%0:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%blah:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@t::%userlogon:$KEY_NAME" > /dev/null 2>&1 && fail # test that only one VK name is used, when the device is not in reencryption echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@u::%user:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 || fail keyctl unlink "%user:$KEY_NAME" @u || fail keyctl unlink "%user:$KEY_NAME2" @u > /dev/null 2>&1 && fail $CRYPTSETUP close $DEV_NAME || fail # test linkning multiple VKs during reencryption echo $PWD1 | $CRYPTSETUP -q reencrypt $LOOPDEV --init-only test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@u" test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@u" "user" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" "logon" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "@s" "user" test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "user" test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "logon" # explicitly specify keyring key type test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%keyring:$TEST_KEYRING_NAME" test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@u" test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@u" "user" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@s" [[ ! -z "$SESSION_KEYRING_WORKS" ]] && test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "@s" "user" test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" test_reencrypt_vk_link_and_reactivate $KEY_NAME $KEY_NAME2 "%:$TEST_KEYRING_NAME" "user" # explicitly specify keyring key type test_reencrypt_vk_link $KEY_NAME $KEY_NAME2 "%keyring:$TEST_KEYRING_NAME" # the keyring and key type have to be the same for both keys echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%user:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@u::%logon:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" --link-vk-to-keyring "@u::%user:$KEY_NAME2" > /dev/null 2>&1 && fail # supply one/three key name(s) when two names are required echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME --link-vk-to-keyring "@s::%logon:$KEY_NAME" --link-vk-to-keyring "@s::%logon:$KEY_NAME2" --link-vk-to-keyring "@s::%logon:$KEY_NAME3" > /dev/null 2>&1 && fail fi prepare "[46] Blkid disable check" wipe if [ "$HAVE_BLKID" -gt 0 ]; then xz -dkf $HEADER_LUKS2_PV.xz # batch mode disables blkid print, use --debug to check it echo $PWD1 | $CRYPTSETUP -q --debug luksFormat $FAST_PBKDF_OPT --type luks2 $HEADER_LUKS2_PV 2>&1 | grep "signature" | grep -q "LVM2_member" || fail xz -dkf $HEADER_LUKS2_PV.xz echo $PWD1 | $CRYPTSETUP -q --debug --disable-blkid luksFormat $FAST_PBKDF_OPT --type luks2 $HEADER_LUKS2_PV 2>&1 | grep -q "LVM2_member" && fail fi prepare "[47] Init from suspended device" wipe dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 --header $HEADER_IMG /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen --header $HEADER_IMG /dev/mapper/$DEV_NAME $DEV_NAME2 || fail # underlying device now returns error but node is still present dmsetup load $DEV_NAME --table "0 40000 error" || fail dmsetup resume $DEV_NAME || fail dmsetup suspend $DEV_NAME || fail # status must print data even if data device is suspended $CRYPTSETUP -q status --debug --header $HEADER_IMG $DEV_NAME2 | grep "type:" | grep -q "LUKS2" || fail dmsetup resume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail dmsetup remove --retry $DEV_NAME || fail prepare "[48] Zoned device is unusable for LUKS header" wipe add_scsi_device dev_size_mb=32 sector_size=4096 zbc=host-managed if [ $? -eq 0 ] ; then echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $DEV > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $DEV >/dev/null || fail echo $PWD1 | $CRYPTSETUP open --header $HEADER_IMG $DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT --header $HEADER_IMG $DEV >/dev/null || fail echo $PWD1 | $CRYPTSETUP open --header $HEADER_IMG $DEV $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail fi if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then prepare "[49] Keyring description use" wipe test_and_prepare_keyring load_key user $TEST_KEY_DESC1 $PWD1 "$TEST_KEYRING" || fail load_key user $TEST_KEY_DESC2 $PWD2 "$TEST_KEYRING" || fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --disable-keyring --key-description $TEST_KEY_DESC1 2>/dev/null && fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-description $TEST_KEY_DESC1 || fail $CRYPTSETUP -q luksDump $LOOPDEV --dump-volume-key --key-description $TEST_KEY_DESC1 >/dev/null || fail $CRYPTSETUP -q open $LOOPDEV $DEV_NAME --key-description $TEST_KEY_DESC1 || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksResume $DEV_NAME --key-description $TEST_KEY_DESC1 || fail $CRYPTSETUP -q close $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --new-key-description $TEST_KEY_DESC2 $LOOPDEV --disable-keyring 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --new-key-description $TEST_KEY_DESC2 $LOOPDEV --new-key-slot 1 || fail $CRYPTSETUP -q open $LOOPDEV --test-passphrase --key-description $TEST_KEY_DESC2 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-description $TEST_KEY_DESC1 $LOOPDEV --new-key-slot 1 || fail $CRYPTSETUP -q open $LOOPDEV --test-passphrase --key-description $TEST_KEY_DESC2 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-description $TEST_KEY_DESC1 --new-key-description $TEST_KEY_DESC2 $LOOPDEV --new-key-slot 1 || fail $CRYPTSETUP -q open $LOOPDEV --test-passphrase --key-description $TEST_KEY_DESC2 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail fi prepare "[50] Interactive retry keyslot test" wipe echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD2 | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_OPT --unbound --key-size 256 $LOOPDEV || fail expect_retried_unlocked_keyslot 0 $PWD1 "open -v --test-passphrase --tries 2 $LOOPDEV" || fail expect_retried_unlocked_keyslot 1 $PWD2 "open -v --test-passphrase --tries 2 -S1 $LOOPDEV" || fail prepare "[51] Early check for active name." wipe DM_BAD_NAME=x/x DM_LONG_NAME=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef echo $PWD1 | $CRYPTSETUP luksFormat -q $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DM_BAD_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DM_LONG_NAME 2>/dev/null && fail remove_mapping exit 0 cryptsetup-2.8.0/tests/compatimage.img.xz000066400000000000000000002022341502645201100205300ustar00rootroot000000000000007zXZִF!t/]&Ey"`A'@PXkmQ3l֎4T.tG]ׇ]_F'm@^X2dyY+^cOz[+=ǀ?Tf0n+m!qA&"D֛<0ǂ1tuHP T )YŚuFJu9a`I?kLJ7XH1̡fpG&b/Q Q֕ 4{͢E_wU__'IJg@-븶Nx}gZ&v%*FhZ]7VbA{ALDtċ  bא;1|Rk +֌ m]"I}Y 󺩓~ڙNl4Ng#Ts꣡ho"0VՐԏccnZ][P֐MZqhkʆQru qDq4sl`e;M4%<4qvl tm]J觩@]Vʘ*sqƗ gOˀ3@ъ&+jxJDo()c&F>bAi/JS8@QٰH x+M.0ҹ +F#ƵkObur91[9L]"lAzJRsaB*t?fbO#/a;xƓ]Xz; D\Sʩ9 /E.6`9;y86?ZՔmX㉎/^L6W[}y3kP +{he'!u 焛% Պ&`YЬePGM*sPE&d?/v yEsIGJdu5d:"t9nC|\ϷGN-qHvQZOXTBP[S0A Qn*jz[~=gKmһFpnDbKHA{Iu|ya`Gzg/͕&@T2UgݝD~h)dvv fz ,I2mX!|>(.{f* e7Ǩ:vLh?WUPk3F kZͱH(<u0qY ,huqũu%&Z ӰgDz?*BܧQ4=}*FBd[K'UyOAQ CDi0\U-R3A9L$'tyy)?Cyh!aW-Lfg2@mH5Q.j`@nܯe=EQӾjtDmtL4J:bL~S;l|U D,ڴE%rnECv3,јڜTRfyd ʈSvjhT,]|>UYT|\!Ҁ/%=O#5L'hbc8٢aX9R}mgtR6efzϽ zS +"(7X%A;6˟ V^/*b? 8}=eVt7:Py@ r%#J<d@Fb+bOxde'E]T20KGO^}6Y_|\4ʞkHͧng(h|8ur"LBc77 HI]?m5/ځ2#r=מHgL3Ijq%(\[Rڬ]$J|? z/-{bh2^d|~I- ˿*]" Q.׽"VxٱzYk1#Ka9#d#L܎e Ʃʺ{LJ?4;~MLp3֌oSǽ|m^. X^uT 9L7R9/)k*քPNQJ,5<7`!-w7Q_%ȯ.hk0݆L7br B$.bieS-/`ZM7h޲2{ŚoS >н J-|:WyVOᎯ xFrֻ_j)ߍ=gA壘zm0XOk?n`ġKQ &{ohJ35_' I T #a+ٵK-ـȩqI(^lr8'>]TimE,1 [4:[pbbwN$nCԠV_YS(Z'ҷbā9XsY&&mfCJWf@vVX,9 $/3u,jLTkCZXs؁ݥ <6WwCB`xKR2t RHOw?Y[suH~Ů㼿,JYoI ڎm5gHw 0`R?&=sRռ 3\̑eD\đe×&>ɍ(Twcd`k>i7LL0x@w; d<@eTۑz$:7*4=}=|;/IgV1G&bD k%m!)?}i ^Sk,URN*" Ng߹+OZxƖ̝~Y8c^DDA9PhkBe|m"EY;(dP5a :<_ho1+?l'[^G{OagҚ9OLQ?x\Z$TZb$7 -5y+\R|4F O2.Y<_D*4/=QySa9[`ql(kʙZJy)#U-wBJ$>wD pP3>XTìBYyXs>88A&o@|A6- UcAn\EEQIɱ0^%;dCzcXl(@S.!.,D{IBC _µĴp{iIJ(9϶(Nqʓ "b'oR]4sMx>އuvp 魴920Z[uGl&Y PBuϝ|.p?|:&X ɜ),p=^&uQ]avtro$uLS_. ӡPD$aky=^I:=,%E.D2ͰVq/e0bD<6GN=f7Vl9Z=n_IrVGqY?~e;V!UPϝq ?DEW@2)g\ͳvxAFi8\uL٨]L_6 AzdGCȯ[;}0jkS֤E(6cn!4XXR, uys>D Ĩ$EyS恇*hQb68uRo2TaP!ʫ^OVژBf3 9 GX. 3Od(jD8? D?uCp&X4gN-;ܘzF< z}xBwՖmW8r|g2Mr*݆X@r#L/pb?x e@9I# ,i`{HFe?iݚ^\!<)&6777{QfpLM^|8`Z D4uځA,(H@O8܄lWFwY ~c$a!Y%+ XYZ*9 ir9;<]1@S ֓VK xs<` ,-F_ p#w&?yG)]O ),u O HW;4eOKBz@J~#z5Oi졔4 6pm/3g4 WSZcT9 w8 ODMB$Jݍn6x"@;]e$I7,"Gq ^`'/4c r'/ TXZqDgLі}%LHZҸG[uL.5+&%t&8 ۃRm ;ž##H"$k@}d]I9+ B>fX :OϧwW*DT⿮c8>x6LF8 ݤL@m2{ eq ]űhKt/WYm#gU^K]<*"~_(ݳl`QZƯht2U)0~U\3h=5fS۳(Cө{ wpq~9`ƎrU+Xi+Tœ6o eg 5\j>@grg|)\\eٮ[^ɰeJJtiaX7mqs`1}iCv(H{l!4GN-^UI${j2똬0,<K=[Sܡ]vVSXX$(N[en߯L<=B8R44;՜xK1SK6[m$d<wiAF}vJ%œԻwroXwղĝ1G[VUԙ16֠@mu B ~澁b]J06g\^ 8;CEL7Nʎ֕%ǔ22 Ve(,uG芡=Nl=oEs.SDz*v sJN?%v}3C?trND)lL jKeug"HN%c΀bO$U ɶ'ʾy dF!YBP(,޳rn;=Z륋Y^m`<=ѱ c?}Qn]S~$Y gSv톴.\Ѭ!2ۧO'AZH0AiBOOv#CYǔOyw_Z˔. HK|'Z3WɌwfϜ'!3U;j9]NG2~kp!TY}/Rl z2?Dͷ 'N9ߟ/oؿݽc;Wrķ 8nSsTmA봴,jV*SmM6y-i"B,(?F࢒PЙE^˒=ϲCjy"@8ʔ+T+o`!w$Y*Z~Ӝb>.XI>LxS!F@)Q>E`VF]ib~3nv> TX:8 St#CAXuEfOmFc(wM Nq--i( [> c*wJ;j\1}sdQۺ_|ݽ#s%$-PL&w-v-f?U'F -lWBm_e6jdtABnư] _fLT6;΁z@ pYa~ޏXtJ'ŧ`Y[>D k$6`)< a) Wun ,Q]pNbns< ӹk`Z8;h)% l$V? . ;qlLpTkxQFs./XWrqCrH}\ _F.JrxŲ,̝0OLeI65`Y2 |%?rB-w3̋/RŻ a0H)6w $Z8׋$Ç\&zləUblqnUj y)/׫oN2Ι(EJe;Y"u!۽Czcz ijM5BW (F- Jhw-g[a|vx7*}NRkOTg0HF\_puŸʌoc>8m$30uyY!;a۞(G/syHv1GP9UW{ǟ#t@VgN[OnF @YXy弔@ԣk^bD_=p:ݿ^%:?..&|mlzM6!BAyQLQͶ?Hs2s``,4!KzWH,^H=-viP*tHCPcxGkU3UűpzMȜKl)`%&kv@Wf+h:d?4Ҿ$&ͣ֯ -DOTD%O laAcє]#>h@$608fĪWE, އ2ʱrc&CHh5{R;qhnJp7w[Zz]\{yOM qدoeG;/oF`>6 .'t2XTq{0\W Yaxr/FrTdZә ~Um"G+!8S6F^ZXٶ2 ԝY}%ҽӸiH6&xOl^d5t/A2U2Rу!rj쵿pe|N8ACrچcmCM1N uX~nq)5Tmz@TJm@_zϛskW9:\8 &Lqpc7FH K"r)H1A+!"`ׂ҆_, V֞o Wj~K#0/2lB >4'9W=< ,|H{-2=)]mfE4'1fDk 'g񯄒֜)xhŠ:sjFǢlW^ 1̶-Mn#/]d H y6CqKB.+߿6wjSB^ a;"`%.Dlz5ݢCl]n xl8@*`?wtt-#/=_Cz34iataQ]\65Co:Bxc=M+=v=H)F;E"g/}L +2X} A"s˪{sӥ}  j+'}%tsF>8$֬!ƌ ,O4Slc$a!nM{Щr)Je}.~ѹ'2Tks򮮹09Vڐ[\d`9p (pud(`te_K]CR.z=F1覬7{"SV&D5vSя' 'N6`.ӶQF5s5 R0/NZzUZ'i&`r[ʵz# |LuیC^1hܖJnpyUU$P0BVR-oCh{a#O&ފƖ3 o:+UO2?لEJK\ʯٝ د.e BX|z*d5'/ \(̡E(7t"f`爍rY$Ě&Pt3O3[ Aq ^(bS;|u(9d?^XѡחТ_ hbV@y:_I]Dx {vm5).^so^xgoBu1mXApdr^+q~Eq±h[ь;ּ=XOzhfZ/>?#@Z:E`[ͯ %"0 /:6 QMZʅtW+u]fCJX *Bؖ/'GCDԑ*fؔueUƼlRNcA/Bt'ա |!>+1p1=@ZƓ=MUlG’e\A8u OHmQ9Xog D$v éldߝ\g 5ѽ;瑮E Qҿ _b6-*Wf{pF``ĵ(KʵsFBe yǽG|E]"5O ȒbQ4FbfZ?{`4ĬF鴱 U^ ygkދ7KWPՄs؃'"Qs$RUe;Dxh1P&k^VM1y$;T95<$lY/'m$ك׬+$2컌ydS05il:%,Y  [헃R&՟ {XEW팷F(i|`ɕR`b?-෕H*5OeՔ_rSsӘQݰM" ;,Qq|ס`] &IVghrLysa}ֲ;I6:Dt6ބ=՜}UeyOfe.Np[Ng7zgy.ct=8U L2MsC"[1!gb> w- nP҇ϋϓr Gqz؂|_t`ĈF:9GrZG öQU7L'3Wmy/pBn,Hh\L$(@[$*)bj,0 a[*?]mSmAN >ak Y2r[tM9V}66/ >~2ad5o~(;c~ȯ7D6tL%5}nUn7Pt0ww2.cmXf6j[%OQ5cw9LY}VM%NSu;!ΫdX+sC hⅩBw]F&(Et5v6kN=w2v᱓ii-xp](J6TvW_&8sH<5FC7fMX|Q2 !n}ʥ1lmn-m$h{fd)輌 xTJbшSs^nm iV2+FhZF &9 A\#,jʭK!nŊJ/Vk\w"E&ipj9džZPN˶&4WCf{*"AI!S<9팟3mнv(mKhƐ!sWH&z/C(JѝO6 ?x2&渟b,RӰd๾ix9q I)zlָGt-*B[X-{yK :a'ҾŅ )plI*@t`B]Y.PFPEnX{:aF'0% ,?4p*IW6 oxl)_$&K0(V`l!Maluѷ-/2ǯL`8*erlN|B~lbr$0I]@ =\QFgQ2ZYǩVf<&j7R9gnɨ6/9 |ouVo *\~^"7%pQ&[gp||N?N/]\ϩ;İ1zR;R.X{C>@'̧T 'ySCO>_L=cXazߩقGڕMNRGponuRImآ |9ot:-N/%SX]dx}1(A ;|&A|-pNVB).~lөU,s|]$2-u|_uEUtS"2}˨`$nCg>fX,bh.ۖ(I5G߼DUR,)F9[2 ӷ{`rgqm9uѳHr=S)29O^d{܂QS 姗^x- _RW5 3NFfyHS~6tE$-ᦄ,+esPԾ ^fAֲ8![z{G2^`ϰiQcA4eԾZ1kK4s05QYXi!ߩ;o|q%IiaOwRm4d 36hy9"/ e8^:4kW0 = l+8/P/.(>ki]Y ?62CaV"l)eH/aqfv  _\S%zڟ>kWJ`uӃqKC;S_T:G@|wP¯ǢLm\eIxWpDW&%ǧ!11PcJNs@}W8"xD [-wlf_į܄2E9 ޗFh|gB}\HA֊|M7Ř{րqnKB#=akmG7 WDp~ j;0 I-1>~u9l*g ^^Ծg5D&) =M)F/0u2 ;J".@e 2mu-hdU%$VKK(lR#ǿKƵd4*OY)Gc " |=pI8,0Y{]ʩ"\Qkal[޹tj.K}B2 K0R7 -Wݻ)QUR`Phڻ"uLG K`IQ즃sn(-.U~9>;k;%yMQ05(Js FzEPb (/2h6 EԼF%tW*E+:,qhmD.IT3Q^ ک+Μx;”ffm }n=TK=vRܒd+ 19i~Ëe4˕7Vȴ S*1-7HY@ipo2!Ž(mJ# 4%ͬU_&I2vF JBƱa)K3Sa$j^DdFxv "ک|T;T}#F1tq_Nك"Ir,SqizvAέ[aIλf oXLީ6J!#m$$^;qj nZ,jn('Z8cJ-`?ŖY Wii)\B 5'jkX3߉X& #J.%&]Y ,R{:fk,fi)+ 'S[ bGaj\JAbj*,{,S4Qh*4UT75&?P'I7n8ːh_Ax?"H`7B:faIH5Yo,o7(ki!^yL\pOG9zFm$ IuRfPZ`KҦ4oVs=+;cH.r)Ah׺E9rト۔%hC8|4 \9DOwF zPx"_vJc"Y GL \5|$@#6iAR/,թ"%c=N3CW 3)Du$zlRigշUơ k81W?8p9YZPx u80m|HDG9\%Ⅼ;򞔢٣߳d؃aYX ڛ2LF9d;³[!{)GBJm `%jQ8ݤ~=sߡ9)H&3'':W]np&y|lpYxq"`5ZҀFS vSd;ZOg,LC E㭎)Rw&nK+s*ZltΨWx>coݺEiq!P96ο4e]ĿUo>cL VE]Fl zU/S:Y\BJ zLJeԖ0%8k#YV\=e,/:\3v "tw*=G@fCGJ~~SDUڦH7U! AnH g@szUEֆ<A10~%mS^Qυ}8^ $)kG ymMgUQ$uOvrsD`%Ɣ3 EUC83nH#JvBsFQtZ kČ7ɐ9N4OEV~n[ p i@~1=˽>w:缀%\ڂݷ:z}$ t]r" 8qs7Ӻ\Dx!hU6&z0L^fUl[vN@%B+16 % VJMf֭`}tbL^-> *zy@UB1>K28 & -64V:dB3r*Z_=^ݫ>1'=R6g`N(q"^Yh  uA0otz 21H( 6x4̽p{A`q&U!|\J Ӹ6\iH#F H(eG%XVb~Gv 8_"29JcӅz]6 8i,Q *&xY@pdbMk5t֢gc'?clT(^L%O"wxxE[#Rd%#79J?uSŀ1M2^v;X=+s=ʫz>jlz{-v G*S!&% 13 ~&Ql_ Ӡ 뚇=ӡz7!0•/ׇc܋_J48Mru)Y]|]ƺDL$7ω1>Մ}3?IqY̊]K[LEG@>;uҸdm_]#7b`1npG3-")lx*[&Qe"+f<Xa9}zF̩<+*g\ ^"WzBh"`Fs;TdU6:qȭ{.܎e#"~v E!27`>,HZL.yKU^%G3=bqsFQ&/[{3>gZu2Z ~tlFw0)"]BwE[֨8F,E/#Et얩UG&KOр(ittB^|xI\T1N=o+*?U`kq'[HdI" ÒhJ:/z`tɨSuLzVJ"NUM:y`4ǝEQvPVa]TnK/c# -6'=cl؈O`砰#[dFAE\qW$A #iQxKS! XˑoSow>|s !2?7AVd/|fB.:|p\ zֳopb2(QPU_7Z覗v2eǡ?aZoNj P[8P]T]{.3+xh'C|Or\(r:6̃zZ\ikطKӿ;&OM񉶒Ugy0^: %s- ~7?rHw~Gǐe|-5p?LR' GgA1EO^܄C'AC7ɓV4\ :@'pLS:|^4DH?39jKoQ@T+_U&6yfu"Xu\GM<}5ŝnPOii$ɜ@96ZPdWc{A@b"e8Od50,uZhB? V,OLY B0-^ Ǖ nO2CB 2"qy Ra2,+jhnZDn'#ʯnUXZ|) r6.vA4M ,W0gS=V9jA]_@{\-UߤbV`bߌ=ΠL9*X:?*q\>:u;j )FhSOJ⦼I݌`!;ՀZ[?BE?neA$`d*GCq샚ڥ;'Q7zzJ&4Ff%NڝrM˄zզDuP qҚrs0-o'ɿ% GOd@]`>Kn;m}١6ʂT80Wƭ#x#ݶ9⏐ŸA UOi;kOO7[U&a,v*8ԠOŐwu3AL'uJ{nvK͎t!߸L&W WKo]}5PGzGfpʂ{U쉄(t7}mMX1߶xa$iBJE Öw+)ّ5˲/d>Ramt4!J[,NPr4e4U6f$V& {u/H„8&Qg< _"d=ï]>Ƥ}ܩhn!߸;'%b{L,;^/12`ŠvZش]A$o]#' "aS o0t|GdLL"vxXip!:(cLzM4ҋ DnLy'/ "IyeZBg$/yxMB52DiEuM|kuWׂx{IDr5ؑfk/l/0w>>5ں4YS'JسOɽ|') ]g}begy4v6M}zVhs3$CwᑶML8}̧Vwy:bfvt];Ȭ xP^[W{דno&x.pg??(&BC1s4(Tr/]5Z?uy-'63!hFq?xxW:|=XAn-=;EoWw*L_*Csgp;ǹܭ B@< +/Q&-g!x~S^h7FMdKb+]_ٶl2KuY"%n9x%Ia]z7un#ߩ%  {%BJ[tF#68xY :ȿX,08$̲A+`iQ3c OuvqClږIJ+sqCO+I˼ ?uGռؼr÷:%? o1kI\9%1rޓ%p_1"/ZaY2+J\4e׺sTa(i"~Nn`4ԠމGx.t5"8,u KS%C%_#Qy&cV=&Y{ZHTr {rBSC  TmeT^Yv8{ ܘO5Q3GسD.DPi3})5m*qzln5o6OȦx߱}I-yzֆF@,1쌽3LlӪ{Yoχ4$GxXs`%\6cq0G*I>߆[ZEzNZRkX|#6~%2b(#YaB Chx3y!K&E'x&;%d@?;dFBTM/v#>BL[Ou:;M͂&qʺ'Pߧ nyV0j`|k'ܣU mNc@6,+`ٍMߛ:3W^NSgw)z =(Pz`SژeZ!>,1 nP?I(b`\{T<ޫl#h-BZPum1ĠV#Z(Vl+qmGnpV:>L>Og_5\Vkw/& hLpR>LIMoGүFPV9.?߫PN\Ro<%{ӥKpjɳ\vN1UR)`L$-amyx` JlDa\W9Ȃs1h6 c$VlLq˰Ga"F8ɹ/B+c`\4MM(M4 eI[q= .JkBas8IˤlSypW~ϱv) qdZ삤NqY4 ( Do(E (CmoXt6|FoᆄToNZX7A|hƒ$v-A c !L|T*xfh!]A%̬"{d3)hsl$cT#z,rnve5BغWƂ)a_J6 897sFWIa͘_FS Xm:<.Bˬr "N,M]:)k/T:1m\G[bSq㖔opҬtȤ%2Hadrb}IʜרU+Q/3t6 0֙־8G[D 7>3B @A(>Yc :|;85ČF$=#Hqj0f]+}o~e`wA+[wI, 9PNsaƩ5[c't`p~x淬CxP䠚 lf{jWt27O_#~ycMw/HQ_p1t%~7߇w:ۇf)2"D]-h>i@MuN(7&MQHؤ,ŇZإ Y^N  jT,5 u/){^ || 4"`I-807l͖+? 5̯OC.k.qj  YUeV>SB*ˡؚy: "=?Qfh}R(Jߟ-6aK8L'lп?dhf$"s٢Cgy" t-Cn@z{\C}n6_1]Ŝ W6@frx܆&mǏ}o!/% &S>& Pi>,ڦā_8Hs~ |Cmcݳqwi^kɦRA(yq{zy+<$lZE'V^F$PDxk{pwc1KA #N+ԇC179>k5䨼ǂ%VDɆh13e]<&!p]ҭ^ohAD1U!im@!+Hf'[[h2g}TsXEɡY@ב^O"meopE}|E/FU) 2x}oÂ$̀{2k#j㣆J;PɅxH鲢IMS4faï;-X2`!$ڮWٮw^v2i?VTO>zm +&7x؅EVbX*v-側M{ BIU-BV_|W[d"uC#/C;[5H&@iXl`>:qeE|o2&xd\@`k'7V:vyP:; jT;ߴm5%:r d6^=bnR;܆||ENʹPN_'_`QJf"m#63ŅZ .o E_9"KGflʂJk VF$<2 .a fHzdFNpdC^Cuu]S36bBl\< iT)z&<ё_P?69KCMr..ק u뒾s=r!0|c *x_#=뜃Gyu1^} .&EK ٟq"h"8_l4$T-BL=:,Dsfesu&@qǿI!Rh+DeEvrF^tus?)I5؜ĶH?UQރ}P {`sh-jźP௎FxjƝ$:qO?C0zys)jj/'mz5$FyLy寝rVy&KWq|謂ƔAȮw3r9o$^%Ա$VW*rGf+>硺 'GoEaO :%1/ZRn rxZۣSO;{_mO/շ5>g~Ɂ4X%%P$rȭ!U@D> [\6W=*;˰:@l2)/\vH޾R=BЋj:P\8pDJ*RDou{ SBb\æLu{k9PQ!j z{)~VHFJTsA-1襅]DRmoxw#k#*kir ?[pxYB=W[jRf-*="@ApANGzvIzv~6TwL**O1|'wC\1ͿjQ[{93ihDdh>Zٸ !VhNW^0JB4yEG#z7eܠHp.c:{cً5^4#ۡ.'BM>󏑰㓱,L[-x۸@ i:ezC?:C ;0iz?:< ݙ#`; ӯب#ϝj{P }<QĨv`z@Xw]KQp{StN ZO`i>/Ss=W9Ӧn "l1Zp< t>퓉Nkz$! NɆxC,-s宬^,sEu k"<` h>E׳R=Pq.l<M,b A9Qneސ; )yn{΅FIW>#R(;B$Ywdԭ( ~|Q`SQ#C$lyՋ7Z;$loY[; !7ao"zZo_]R=9CY3R~OIHPs:_J&1DytآH={jDqf b)uQktd_?VՈLfmȂ!Li<sBW#2YC %_OMD 6LpA`4JFC2H@>>j:Ͳ^o I}i>u}҄s5%bMbO4(nAFmeZ2sxŏz4^ ԱUDŽUJI#B=wWz/)r;S6S_?y]wd B%D}$fiR/sgj㻖 t" M}F(z Gg+Kx]Z?(? YbcMӨݡid1Vg-RL$sqz <ŵ\Ih丗\QĀekɐpݨ:w`vV!';H>2Ba1C%ǗGz^ i{mgO26dk{b@>b/(^A3 Gv rz0W%8kP tҮ.E܈JXH]pK,PFv&`B?kPi]*uy4}aU ~F?fM=u'':liޟħghQIݞFlw{X+Gn6p ӜKHV;c)~`~3* ~B1R aqT(YqfMJKt@?e#zWz ޱKAzF/692}mLuGC//$9OR{bJd\_-zH&+-xVO_n"~_a@XT_'8LqEmJ|Sڿ|:I׺yNj/{8`qTFx3HhHw jqmSlW|4N$&Xڦ #~$E^| VmaNHs?򝐰_? 'L ݈:KEO/",: 'CW"Y}NJ6{2j~j*1:4"0C&U/s]( )H'h噶ʯۛWq?e8.XI|bSL  \ꛚ*ށli4/ SpG4y)f%^z.X5T$,#0UuvnqT֠rPu*BײCz-|tF<*ǎ CE4kDdn_7kqPm{ꭽKbdy5hYUZ~5k.ϷqM I) &.\a (U6IEyax8bbQ)QSNWzWoN~K25yS[_=J0r%H P.WHdn(",}?5 Q}^M k_X Qjhgm7k㒃m 6Kfx {8@ou9]wߺ E;<3/旄7? G Cc-'}4XN4zꍗU |tN6B9B65n,~~l~E.׺Xu- gO!%%jZCwvvcOvz_}mx٢SB~^9ۻϋ:"fp؂]9v)kdm$seݝu;}D.a G8]s }2H1Yk%\k!p]Opu9UO4w9?UWHy7]B<e̦1aL8qIn8":m"0$} E3cle:h-%G<;-ht=ElZ-Z^(qRtG[q-A]_Cb_SHڭa]:P:ؠCML;:S˩IPk1Xff󈭋,o6&nֱ!I ;ҍJ|t-k2j  莕"hMSf~˿iÌ6]/4qM05B|qXL O}4?| 8pgWwdK,Y2_A#el(DQxeU;3k%!DC/a1q\ 6 % gLu=Lk8ҌncR*%w)uiGy`j =&uRw =H-{v[4AZJXcIG&_XTNZ{2B][pJ+y5e7HmW9N)8}LyPrl+vݨoݼJ З ̫Kxw$;n.lkjwȵ1 }XRsb=%(CD492UgLrѵ:*0C& PݪtcH5y蜘A% ޹r0Y邌DD@NG zog*%$ljjUő!7o,rm!Ξ`Ɉ望Gleq9I@:+uǎ2.:!͹Ȁ|;u}6ǹx$ d!k޳2>383#;Di_C_Y!~܃%|J"›=0QL<> 8K87x(oD҆%u(%q[X`M|h^ubg#EO9uG7:wC%/_ ;pFҠc A  uL0֘X4m-[1lr*p t4Co-wUjWrdԑe ~%Mjj8p",GxXur璲՗d @ ] ~ mˮހs۔{?c>+PamfZAlJWV*+*(J8k-->`G0ٻ# ĩ泭*0LD BQ5J&I#+j|:K-a4nyR^[1 df!#9n$K61jN%40 h}~Y5vU"DoW,w!cdMgi׎"2عY׬)Ա\0ƫr/o ƈԙ}鼪%j'3c{[aQ^c{DǙ2oq&|c5xcjAD^IOhLg>:-#'J;L4L0D/(F+樮L@2o܊.2MP՘¸N-5X-FL @z7[G2BՒ A@|B =p Ew9|E P??Jo}9@B Ӈ[G|yEXV b𝌘Y (zc n[dVH #>]&9p]%ƢW"psV]=|á AZQs.IsG⧗jM6G8jRDn`!lO=&CSn1)3^Bpu]\+/A}'ɫؙh#rl]hu6wbOѝC%m $8n"[9J>#~wd%IrJ/0קbf؝c#^q&2q$E6݉xU B"鴫B_7v T {sy}!%X%g!b{.k,R8pYD2DC$L:>.0ٿ m~X ?ׁY?:eSFFq+ _AhGf05VdI if 4in@4R;k*]<74y p)kT"!2oGc=8F x?r<M.Qi#p/Z](SUCc KmMxǫ<$B' *GfѶK7tV)8UΞ`Qwh8]~>"KIƣ Ue08}d-l *.|}R]R.0blX;Yu~FlL ICDfCAsitL$\ԥ rf I]ۘ`墛:xÜbPGViSߒkR_tcQ&,9`l9DP%Y?lF!l<@8Ѻ}BqI#۷X)t鸗LyȩG(x3pu,_w"֘(֗9+3v駇wS2]7$>xUT T/waᦖ[ު`9U9h(s*U T__e->g_1kՓ DW:J]sT3ftQش3_ïңMzn@|X۫aԌv`6~bMcE7w\kRt "mYO])7:欌xFI3ՒMȱc$wdF&cr4/u.T'DȮ kxn;Ј(E蒘֏w7ͳ8}}H(ckh/}ޢh,]ZawmDmrҰ> IVގj9U ѴkPi,eꝘ YWan"/vW|i;\u= ^d^ 3fFJA-}ߊ2uvg{ $3j!дE6SYtxl< 0Nh5O2:Hwg+$?q,HZMM"DF4\IP YG['nC[ E:T`uQ#imql orz79oƤ#PyIvaoE Ich* H5=`pfS|y&Uj ChQzdU)y9EJnpb4v&`Ԡ /nTو#YA:ɑg7Hڈ&Uw3kv|Vj#PmUϐ>i;Ye=4 Iv?wC rB18PGSwnjvqir B!SRЪ~ʼn $mS1̧p=suߙ%ǢurNR ^{m "'(5yF;+$_N.m6y訯Fƣqep;%}x ʕY| [vٗjNsm즮:M^M{7I ޳MrL,w*l@)V=Cު=mч?@׋) m>B.~@R$AB;&SZMXwĈ$4itVa-*NۛyDEq! z~'L| A_Ny"me= ɠf׶>O)8N,w֋bKu˳_Q8v[' HM1Gm|YQj/uPĨƼ$[yBZk;F?2qf:7SkW^{9ٕ7!ܵ:X?882 ,afBYXXLS{$el ~ޛLYmfOM}i'Mܰ@6%"`qT8De,S`*zFA%kE _v=[ݲֆtТ@ bfLIp#&8zJt8gRǵYZ|؎?ATRYNpG4ny"KvwM oa?9,gu=]\ ʲb/U"m;cBgMo" p:+R; $@>A؎q!|š$7hSy l>%֦IxnA 0MBʵ^ҏoS~žfNT JX f~TT:p/p|(v iX߸P}wD9nA !`3{v>y' [=COȜV o?4Ε{'@p?_|'z iԸșG*j-#'>iiQI$7Y_Rn ʯ$Ilb$,D@&٫,̌yii07QtR.wKe8_:*0qvl> 5ÈC+mEjt= \U>x2 /p`WD(,{dp'dIs+ r;0wz.z.I_o՛XP89Xyf̴͡*}8aYx6J1? DNqEnRH Ajރ?鉯lvd-e>$R^)!"g %E0cS6AKJ6)OW!+ 48qX-De/V=~e"$3M0E[C\ݪU_bz<dX3 hi7 k,1F$mLFUJiu8 s!3~{ԛdC!@E%ݜNo-4FFBǗ O}wD Z/1LA(G`mζ.s N:: > ~k͈~.bAi^jj8`_EQUh+YU?= ´P^K%7p;V: ~O]rЮ`G S9oftcjp )n6N={ǓwN@j%f@؃=aReAL];'{s 66%+$di~H 7! WRb.k)5%n#"8k𸿨=AneG3zIBXǏQU笤יq^R>N1K;{Re&IElFZ2{ʒ7NsM8Vz8@̖*-a9CEo % ΨrG bc7166]ZC[a>[a>):9>BQ'~|̌`"C:P+*GǪ⇴%QV"d"O tE "U/LJ& PmNKً:;b/fR9X\j2^#GelD4h2h}2sNMbDvMV7M+*GB!Ё;cʠFP2FA~V'rn5%hk~0ȾZ,^%UU\Hh2w8\94K/(`J\݊}ilj2OB-3sFnW>OR2b˳3؊Q7N_o/{5ZU 966/+upz6G739Ad[R0(#5&ė447*&Fހ9"ېWOG@u"qR1~ ~nr$]q7ezjٿEmlG**l`.$ǟPwYͧ!P'A'9߃oHXL`| RW!i 9E /XQ |-)p+FEOy Đ┥]8\/֘_M2c]@݄߸s/_doGDRVjF /0BvΫ4|M4cЖovēĕ3Lfk"$!7K=^zHdC~P-P僶g> $[Ql41O.w]Lx|ΎT}`k.:snBaQ{_U$- TE5DU4F>zyB\Q]ZA _ ki2-Vo)V :-shDN f!'$@M%&=;rf|$,W kb1~H Bj6x8_;w_ٸ$jk{O\{+[PSԩܻ̞0%OzsIb\ewgʹDXju_VN$R![ Og57p뤾vET}?2_P*.dʦB!E k+_~;ñyS/?}i1 )O]0jqھTlP6.G[n'-/jSp.Y in\})uqa z]ĕuԹ&%ʹ:G*?PѥצiWXjez:+j wb0Bd[.Q}O j)QIGߨg^渝VJAHNRaʜޛMmXgM'C%46$?42P!jr%L'1HC+녤y~eti%Xyׯigs ɜ2?jkȏ൧j=`,5K+bKŞ+Γ Ki?t'KoXgoraf~૤gRh3S7soIKDC'ûN| p6#QךH"ԛt/*4J#Oa]Iw}_";2θz#BBрW7W\r?#)R:Zr19IlG.*T<˴ S(pORܔmx|V^zjaS2qBRDFohmӜ[W+bT\ɯӢ i 9u{DUZB.EL`dlq,ZYEꍡ=6>F=sG+tv`ݼS 7d| mwdL>-:!5N,i 'KGG9LBg3bAZ_){ÖY,YY@!eS߂FN}fɂQGobsyGٟhcx竽.+֬oL[΀C!*x]s,lDT6:Ff˚Ons9lbvQ6ʆJ[ʏt᪙͑zd,٦Q21$f3`7kU_:g"~OFò)eX?4cAs6}Mꚜg`,1~5Y.hCzA :y"n $:s\'ƪ^E}6EN n/nC3W/gt*!E% AͺB^Ԛz3Yr%mrT\6q ڎMحy^6ţNO?n%՘*YdάI(/M7Xujo8ƿ@B@XjQ86pr|--XU u9Cb(7"t.Chlr1ά=dߜjW>&ΜLy> 0ɺ?*p]͠-cL#*4B|x|r SdMŲ≑ohV13Ա@0-~!wp N(c:,`"e6) kQ ͵=#A!rI.:53~j2K4˩$HOP@{ѣ:͇ wOb?oT}5T耞Zfr37L5rO]4E DJsuv=ybizUم[8+!h3LL=VB(@ +$v+׌2 5ǣE8Y]KЖ`Š(?2bvaNi!. a%Wʸ:uNr7;:tKBW. 1Tu fB7m\{6DGxN\q,)M%.h`K>e1M/K#3E`5[6Ue%W<0;ۨ)ޔ6OhN6F2ްLUv,\Ш#^svdh@FC_`o;!pƂ_&f9}!=A5a$6t:Ίk$ٷv5R>+RWXev¼]B\H hl^>խrOCшVguE9Qk啟\Trۚ!XK:Oedc^ݵ%a=%lڬm-ю3\F)=D 3J;u]bbܫMtަ'd(Yޙ X(j8z|U9gX:IQLJ"21  Oeׂ*Yt{!SwܚT`4DTgVk7…ML?g.Rf~֙ks#޶abZ~D;BaF$['K.BbYP0]Ŝ+K2RfӤpbnaG\FT$71;/Wg~UXh"]C {|.=l4RBMϾ 9G7a"TuͽI4&eɹmq7x`qOunb1Z9BYhowB3T7a]4Ƞ;o+F0#-2S 'K{ȇ+ַ *\pUzGn'R-i'vb7~$ș>ra3f. R;&Ne㮓olXh(|\l`!W+[uW ᛼QI#|+}LFf<.ĤIE}#uҚSN욌}LhP&d]1UÐaIhilԺƓ5 $e$t6CEC*7Aq)We6Ư\c HU`˼$5ŀ<<y9}R395S\ڒ?5(zY]-Q;~x2Azp:)0/}e,YN˰MkN1SJQG1&?|F!(q}Od)wJb="tpO&p?}b^alf"_ խx!.<ZdlB%be%9X3"6azxc9-]|Rvb޹_`PM4[6m޺o< Da.j21!-Ny!T(@SQxxbQ<^Cm\(.6!U*};]!VTrc u`CB 8%ZHV8͗,Kf}~_R :.бoA`' A A| >b+"m $ U6^ԨO_y-6m-sJ"wQ~SQV({WAWB39?A@A9N$ɞu԰}4_sTCL )/)yp@s)×@MJ8ۮS&ĥ3LGBN2{҃Ko2X~O1q 3R{GܿU1 B$ν^OMƱƈ+3|AJ/ڳY&݂0瘇XrRjӁD/}}xcpIQuGϚỉ9T_W 4Q1n!n17<B]1aY|&*Eej0M+ d&syi 9f "-Vw@ /%aBsˋM%`oNFyoh2XVd;k=*Zelc5@y6 oY_0Zւ{ozGj5;œmie]V/_"o.NT\Ύr FrS^Wua(C[I;=/v{u0ܒ6{v&tˆTNOnm+8["+^f[nc8RHKaU8}A0-Ѽ`_U+uF<烇jYk\N&;I0 {H38?u/ԣK j@8J19/t"w|9p?EODdGeѽ|M|wa K # r.L{::b!vho(NKgTswf: ZXHBKK~jW2b^CF~؋f6izY" <\+},P6eaOzpxcjf' (QB-ALʓf9zd(8QtofTŷ-ˆa)f2jPAk%s&kчAwV aw~2#']"_6@*n@$67:% 6 )i5:߆ߕJXJ}mm"{P̚zsX޾u7 i%)aE'JY& 51Q-C36l~?9w>V!v^"3J  :osKBo&-{yfFmLj|KxqX^BM X9Q6 x>! ) e{Pȋ*:DI%oX6gQd`HN4Wr>K!z ;_4RKH@aXXh+WRlA/mY-wʟ \|Au?A=_nw[vq[DfVu+CjPKT4U#W}*,\o*m44)`7bsZӎ.2O+Fv|B,)| /6SM\;A DZ82~@q$R1/f/d=|" t|vE>h#5o@t&lHr_M 2Pm0<H6pB2 lNG6Rިn:dlPmruuA0݄L{4ԡhϺakɆg!Q*q7 l1rJ;2cO` vZ<p`$B c@Vuk >~GAGb诀Ӑj&Jx9'tZ.=]jy5bPY `Hڦ6!1 S4Qe5r*{v::mb7K|BKDž ЭlbHo⢀,PjIfE"9J6`:#DS|@zRYlP]|DiǼ:f᧌MJzݑQ0\ }.G0 58I1nQPB-gLSk{t[[ڰb6ܤid{ej GSl3Z )vN.zqzR|æz@[Whڐ3%aO`z3EdiZ;ܙrjcE9QFUX[]}T}%(,aXy5(B561h2SdT1# Fk/X.8D4na{N $4L{zׯ-#V.st{}7oSyIЖN&Ú?-&')^uAca.>;6sJWg9}g$)Kռ6I%6V(9GQ>vT&FSQXL`"ON lzY1jEKN % MgO](ak`bgᗦ-;OZbZ1%E\ɰ%0mYJ/np&TJ+\!Sl ɉ " ?{} ߤ7EARcυ06] ]#YUzăo-1',v s0PKDW>y: dUIQ,8)ځLL ֧$}W=+8ze^6~^`;3(JWGX#qbٲQ{<n2MHKy;X>@u y9Nސ:go2DWv< n%edDCúLA/;Bt yMIhN%ݸf SD!Wbӂ2U܉Ώ M{9٩?]AaLtJ#_]ﰕá7Ɍѣo5~S߫^{Z'Jip:I" yT9 0~[ 9랐ŵ_rVxQ'lTC\K4/ǰF7Hַ#}df4F'9φW֐G쁻e4x}߃ 'Ƿ5WĕЮb,#P뀒R5 f ƌTG(ۆ~{$q`=NGSE|١حa}?ГĔ{.x́Oj41O^lm0w>14Noa-g16t%Enh0fϝmXP.hrX j,v)C̻o@8cLs] S;+'޷sX{c"vyyA0X}^ [vˋ52Fp֖0P<hs41y78in"@㰡lq񒎋v {-$BgZ*{"g^ vVU۱u޳@hY~KM|ڒ?^kdClR* N¸n@jm=OM]l{"_ȮCA,-~hnRڏSoU}ǫ.?m]JahL"Կa=* *c21mo` h[*ҩsAp窽tόQe KK-ei`Uvܠ_h `r*W'Nbx>:f݃GĞC*Fv8BAV²!!47S"']z8<9{X{GTCVdr\;ɛ>w@/@}uh@_xt kj 9 etC_Mhq gc~ 3Kԋ7Jg%0OT#Y;;|6>vLnL;/CR-HXcT(_4HٽΪl9D( `1NaaXtB$5 W̰lz'zr< XF}Ta"k7rrΛ_P/qc2(p*eՃʙ%hۀ fSuUXB ')iۢXl6S>>(h<K W&*^ c0I'VmDmv )Y19uTX'E.zzU lsrZC~7yjSu/Xr]fdJaFW:)CۺayFsIz~!L]@S~jN2؃<-k>_t篇Ti4i>u:r[n{kat2_(+~ EOaToT>oܖ[c-PRDL%_."H.SlB O$AXYY#qJR).!˥1Z5tCp AŶSF7 \Lh DQ/6 k )BGeFH $vo v |(CcYۥxC9uY!Q@a5Z#``V&q #qI|V?elHT>/wGYjvHi3!$1jxu-r1FYhst;,aYPJPԆ@ (>8[r ̃ݭuΞQ{N<d`fgGi1E1D7qC9OA_3e<Ǣ4^l c((Kwͺ 랟ynC#*Y8Ӡ!󳢫۸U.oP߯PU9#Oم~KA?`Rl !#om 'V mq@-zV;C|YS(v}oۋf6 =>H3sWDb![kSh >kBC)X[V+Z(nVv:u(8&(?{MV{!_y7]tׯo]xr>K<` Jȵi7L2$elw ќv [h<Y)GjqcX 2Lk׮iLna6UvϭT6~wy]ˤ'Ը)=`7#6[lg}jk ɩCs*6P^I$]Az '2l\D2gDM_}]>'kG[,8ʴ6HPT"?.d'wWg6xC7 i|! ܉Ic( A\.4A/A<ӓu9f\6,9cDqvDMI'?>1j7MeK6ڊJ@㢺$j m]DgKRsѾrˢGMRnQHpzTHjz୓~={s(j RE $F Xq|\&W#]= r(ja=U:=׉P˟]Ā$|$c>y(@B/O'ք@n}/՗҉X&`B+H4dx n"%#ߜ23§rO߄CPOu܏S$"d1Lw.VSreѕg`wiW!j'}ⷂȀ'֥s.IUFMNha%[uzJNV&T2 *sj66k,ZuԃWni챐̕234Z&#U5,_ɽ厪_'~0,' :FB4!RTIԩk?wrF1N*Sb&d?#3WN%௎5ܮzW]#UdǥbWtٹ`"M$"==U *`5!}z_/xLcAJ8*R#SO39J}9ݵeW] VP YK8H7"*tjP#8~Gl`E!tBCى୽rov74zQU=]eZ|qǔJٰdK(!Ewgi݁W4qF]ح1I5y li N07P3Z:کQ}tYgS[N``掾_υtvu4 jLVkpusK}+ĵ fp2 ^Ǝ͸aF/ #Ω.Blx`ڥY7GrJˬb;Wύ+ZJm'$ {T[v31\K~Fد|N&LkB\VjGZHH}(ؕ SQit^pi ެwORvq- _3!֚[vIAtABy,v4 Cϵ@5|^3^$kx@;=yqʨbo.p{d.[RiT(3oaȿG1_i_0ό9L8?;'"1_[?q'c ȗL(0A>>8+-jQ`>~axL@;AE|ѵiN-r7w/0cNv9QX|bϾfDwh o#>р£=P_ktġ}bf.o4 Pt'MSX oIy^ȮE6#`1,ZP?K~0J5D捇| 6[uIթ2VQ'oCHqHy,$x?o8$ rpkO![q|nOnNƔ*V|-pчNa K"Ȃ ;)g"BZkFM֡T8=pa%N{md  GAlRPƾFL-;!W3hH`1 E]&"sF]f)9|DS:G+8W;>/tW뿦oA9+ He\605ZNR;kYL^'՜Qvݻ $b<=Q_V@,hV;Kj=#M&T @? Ӈ߂ijD|=]L^֭blZ~$PȆv]͉gsVPۣЏ* z<G"*WO*1%EPvCy`ͨ\i>HcW~J"|Sd,&u>+gS:iVD2ڙ<,9S%ҹh3H+mf/>yXMYybNTO(nq&s机PI1~~ x jio,ծ5z&$_NK<_?x4g DHBu;¬.MնW":Zv%h8"*MQ L5=;뾞h+6*m(V(ׁ:t巸ǺlH1V砺]~+er^/vﲊ@l e^N7#Dzbl@mCބF㿥ޚ"m.20UzNv*g#wCBxIw5bMl QZ'-h=>1y*gCj2A.i ëW4]duԒii'^ 6j_V(,E.0$C&'Gj?%ؙAqx( 5]P*g^i"U:m l8WȀ÷){ŏ*,j 8Av`<&U.딍1Q y{c j }-˾."Tv&Ia}v^O.$K%&*ׄ݋i4XS ZMfM&똞 a>^rpOFǸ [CVCsmR'i w5V'-D) يE4F.$&Rݳ=<W誘XTPdT\P %X%D-̺n;w}e+{ }Xib {L`(#q_JW;7OQXn`EJ'hQ$ 7d%rPhZԽ*Cpw=1QzB~zﰄxVm(9â_JZD5(q?vRMtنYPM]CC lNn*9Ȇ'*!F ׫E@;txPڑҾ{xK#sfDE01 C"{[bٍ돱|񤶙[*,J8 ZT"{*#`lv(S~؜ G[/ {7=c`Uj~eqb6;&TC}}20W,9cH҂S׌%˿l@VW[ ~n"%-5)qwٓ-( D]/pv]~ǥs"og[$w@Da\KB{{b-NݬA9wΠv5F_ 0!4$'㐰o`9h<? ->BGt7n@὿Ce(ٌڀ F{hh&X/<1m%E+!cN4irS7Ԛ^7YFw7aZoC5 kiURfy}KDRVYT7`= *1T!.|txe+rX@ʅltYpu”,:~yCI|,E̔:r EKuP0N/YtVMCJZs &vVqˢu,US1e,m2䧛K"sZC`+GR'N9tyfi =K4fyd &x8٢,Hg)H\/lhgTv/]$f[Ѕwƴ@/h/C~F9г_SJNzYTѴ>La5DE Z]Gw&x%#Yđ?bd(h!*L6 Dm.P upW};L,֖1@5D>_}H]n'Խ3Q*%1/)ta_DW]ފ!7O,xDȕ$}0x{*\B[ uuMjznjOS4Ng*?6h{[2kg(V 2{hY/D#TMq,>Ԧ@?:4UK<{b @Lh_!W߾v7l(Dx*ksBݓk%d%}'>bwGa!iQRr{Ͷ[QR1ʭ(\ZM 'wlYhO!9/[8˪Mc[_m4b<&k!!ƌ^P3?vt I"u nS0?ljBr = 86ࡑMI27d9 4 k ;T̷7|X}f! 9#ȼ0~|hԘ onH#ܜG̐t2m qD!6~v~z<cҡ܌9"dsB_/]W8O}0crxWcbP9G1Uݽ.M@+N w9b A: yUrm@ kVX5I*VA"X]ˑ9%hB17( Ae3JOz^dgj?,,aEvׯz͏i8Cܻ6J H{)wbb>Ingq:x:_\Qr'0)&6!w <ɻH9)7>fxߎ-x >Iχ8uSw<᳖q16 tw1pjbo,vgffɟ|‰p [(MAd.'50JeJKNk=& .j=Mcl[w5{@2Hc_+̀3! Kiְ() v*\1g69c8P_(tzu-fQ=^'׀J:-?/ۊTY]gӆKwnK< `E2/ ~t@95xY(^AZmSLMjI\p(+FbCtnP|WegX׼C8\tWA*ތ]/jI(_ُE<>KvIX%20(vd,`hl a>y=fKd}kTOZ ZI*vd |&!)-a<wc6kOC:?]]7d.ʩ8$J_m̥kzcvJ~|t V$:Aw LY UlۘY9ֶPSJCI\M,~u"~p֌$dsPg[ls8凋AD?(P5yoHCd*ij<5&F$V,+Xx?6ZBpt낷 O㎊1"EE).)bX zPZ(N8FXM/ /AFς ?SpQ#uaqR]$vZgvdN:=ﶲu\\ĩ9`C OX&&w S`gIǭb5ݺ›#NJ(KZ`X| L:Ζ"0n~+?4v}c}Y{jT$ٷ{9s&d3T2-mX!QEk/GYe%ϔQ5â#]ظտj<V>Rlc%ۉ=v(`YJOM ;_g~+lZfBƂhT`wз-4 ѳgh n ր0+yVKއ ]G.[݁ՃJ,mGʪQD]y5AZLív9% { ܉T;US܀EiGWPgaE,xm Sv[E?|<ψ촽lu(~1@y+Q;mo}O挬-G ,o.2q^ZxX cy̐ gE#U@X4fΌ_>ՕO yR)&3(7Y.T Viu g.? d* D pQ*I3U4lâ\jg;sߖʳD|uJ 2"HR"tJ"| }V89B2^"M G:` "ۗ X%RAE70V`ibPnCV1CG~m|>{`LpE+Su2E:>GHȎ3lm O&ϗn–)`PaireBypŵrRr'$#lJDeUPo֎Ч) ~8"!NL|\6r)MM`էKk6/Jj0W!Ujų"~>D`1} |^ )*p -^//B]WIW.%yҰA%M^ͱ%' ՘f_y;'q.X28c)vO_Ulput?+@Sb!*;WjC2j-ug ǚ~4 mm/ջNYXշB+dz);qy㔞ߐ +G:zNQEkU1ˁVPr1ƯجU9@yN:{Si&+x{_͔n9 Z1I0U`pIh(4NeO~)2OFvL<8xy$+ը,r80TW_0փGnt1k܌R@d <:*%Å q/ƀsl;Qe0qtUF+t3#l`+V5~vNgxmC QhitO,F_?Ubu{)jBxyOQ2b 4(G|=)`" ]]$e9/jpq50͆|:%_ĆhխW]*,sUj'\aD'\}Gfs2~ime+[ qM5ӉkhT6>v௜J%&V Y;ΧЫ{9S%D,O@ t\Fd̎o+nk61:ns};O)mR CFpьGuCzVig>`e)U- iQ5nDۮIZ"QvGADg$bqJ7QfБ+2 GﱴޝRf?t`ڰ1S#D@we%$v&e^|9Օ)79nVilHZ,R9*C%s}]'nWn3PsK忣$hB5.] _=ޖuˀ' 5܆pK[2%?olZZ q|,]/΄fQFM{O>̷$rI s l>Gq |i6yԶi2[Є^SR!7 ? @w[ErJ_Xîi* [X Di41 [C}U9Z[v6 ym]k?b*@6X3صX@G$e$s)5fU`DRɻ"muJe/Թ(2jzm}E4bڋ=r ȼ34!&oBkywCa'+avJUm9gkqHjk f';AI(gi6ٔ[#e\Qb,%JYN2x]ؾYjq5h"r<)UzWL)\ |f=<֭4^PŞ0UFpx,VF LCܢkN/CJ97ƿ5BVN Bp%lOk>%6û0r_) 46h7SAO|밿T6ps7iQUV_Du 3leVitY,jUM漢@y8{,%onH'U cmTL__7iBĉ6JJz;'ul\7Ϻ_'`zYAL”Wv$޶.w ڳB9h6,H(m0~3 !e?gϚ®iY~# n'0G'o{"@ 4u3 ӎm~DNWofZ713.+X, 3DK!WR֞h8Dj4YB m]:inhxӝWnЫ4#Zh@]Pgi׸nLvAyBFA" Mзv.>0dJAZ|vdq~Z)?*-s숷Ÿal+P>Rج4B~I8ֻp %gc^-{g09dO*8@VՙNS1Ԭ(_;7H⡼aHQIL1`kӴ=jϼ|}4XsUF or[dwmSh_EiUUv`}qLVZK MiTa5+CJjkGde7J<,n ٵ6ԛa37F݄YcI`ȔG >C!uYt e\ ם^+>XO"]b:_J|p"( .7ظv;f6M ,-9񖳭oi;֒*Zb(z4ha[zH I׈L%S#8f*AwQ*WtH/:@3M#0vq*RWm~Eȼ+%þ nZQ\mgQ`!+O:-.DiF0/ hi?,Q?\d p{ED0.L]ٺe"c?| t˫-1G7of'}Rsm{m HDA>i~<dX*fgT)z YHm!,'j" )x :{vla%2m~y?kWuJ Ӈea![Lwb"VsХtJ7.B[;Zݼ]zY4wAH /2hUvVp†+4ZVS+˕oBVW7 kD$2\~Ks("t`i*pV-S;֥`C {y05FPe `Y1OڽqVeW֐&=pЏM~Y U]{X$Ss /nxgX2)66|=$ `XG cC{F!~(oˢɗXFG1)`:yO'tk{ n+Եȋ[-s:NYF/,U]ӟet3FyaA`H.-K(WRzXXN]N]uu~x+MYj`fx;i\4U Zřn<:YmeTj蘼+&[#P'Mŋ;Xb\^0ӾpIևٹ7t"+(iڴت$!yDv=6'31oY 2S?WVk޴G9u$ vR$v{2 'TdݱЦ2r!@'^Ny7B2$α\]ʚ=+=gD7-`rFTu,0PT"_p;27 *Z&r 9$p#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭD2ޟ+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?GsS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._SZNYhK5Bp;0YZcryptsetup-2.8.0/tests/compatimage2.img.xz000066400000000000000000004003641502645201100206160ustar00rootroot000000000000007zXZִF!Xi]&Ey"`B&u,bnbOcJKDKP$G(4y%܏ _Cfy%齝/f18U`60XWt芈Ukx;s*_e!Tj̠6rԅfM21Ř?iսx'eh)^;LFvyi"Qt=ز\-Ȱʯ6Ӌ_~Iix&Z{E A3_xiq'%zPƪ0GuvaMoa/=D!,(| EQkNC$8.|nC.ȳlrQэ?թHcF|JR^`⹜UX/Pɬ9zM✅49RI QfgeYV%ʯQу:^ DW#P qPgޥm1O^d!E:XA3߼諨n[/b%ұ@wMIW|9;lE#Vμ>(uwa<S>uc7C{(-ycz摸Ub῾U^lނ#npߕzlpW]I\M=K*ᖬ3 @~tFyBۼta{KɼxJ'^J erA#Ϛ%FeXɎ:A";[Qg۴vv¾L.ݼuycFgR8iOk=*GĨ&H|영DX wB Ё[tzwM5J1 Ƕ-mj4#h_UW(ք#w*cgDA FpʲKG,;YqU;`q0R9bt(!ak=V 9; _b ěn5tP϶*qe&qr%FKѱƇBjQ;dU\ rO+RfE4됤WY7߄=+>,3xA6 ǖZ-*'x4Lxދi&4BݬS$fU_<7)Tvl씌6tx#鵂`l1* JҏŴH9i4WP[ 8>U!b[ { =1+}wH?e/T ʧ WޛˡR/Pnmd1y@lV˝gJz0]MnlI:u8YBZ!(e52`|gd2#22C;[H\ʁ_mUUܾ.ZyEr,]+Us<7'ʷ_xP@wt)z1BݽA)(I&Jn~*uD V f/jAyH?:̴\cf[4TKT`(++ѠD@>m@r.&g_9*vuDy}Ǻm8xN5 K93S-j=`]޷ 5/~BTؑfEyMo9Kօ@wFVrm:&.4S^jy'zJgmXB:\3yd4Ye.Lɥ7(+9%^zT8!'6\B7.eyj{tO3qm `Ј,WQ u'*8Jz}6_ z%/%6ldq_E248{\Yq+KA:VA~\aϏ7..[Qbap%9-^Nl V5 ?&#C6PBi=o&IBUd.c )kgUuD."و4xofIQذ  1,5SP1uf^6Yh\?e†AYk zOpǖx"F!&߁qf6L4Jư )9O[Fau676>"I](Hyi"BF ek[L/D0DPC$؞VJ gdn@zL ,ewn7σ!?Ey<ʕ {Ս7bfw\ ,G,A3i2,aC>#\92kAq~UUY>osmRQA&<olq > QqeCq2 %~X&oےv: Y}K2HgYO{Zi`Ds" 2+qj؅ zuۮ ksK7F - **l17#~ZU+ݣ(ǁ&Vd@z ks!!qFV¼(iviA TTe)M>-n ؐTosVQyTL<} )r}v|PL"l,cPfx7W ҃wg4. `ʋy,]&{ +L-`C.JEU* f1,:.c-g0أO#{k̰{u9:/ ƹx)sGT7KNp$Lxui9 EݐL94L(^Jݲ+V,>YKv1`0*l6`MVK:m׷A\#Izβ3eP |k;4axђ[O)H˜d}j2zvޝ@uWȀ,ga~nzGZV£LvP\FSʼn>d^'b3o1JzSɼ8K<]Q? 5,1*=eiA`PՖ]$ul$mwif\s2j vr-DO{7pR5;'tu]ydUgyZ!X?"O+g`Л֥%[P8J(Om#K,g9MR6e(Z&V)1aМ3XqhBЇsۂ7%oNy;74׸~.>S#>z L7YsE̜yVl09H] }hˮI,ͳe\gBk wHrY\*FHMqL2LK<-)+noIᐳ˪f:76: JĘ6W'[-I=p;\ M壑h8T㶯BY;4I,HH_Y<~E C +QnudBqdگQ^4t ](em:\ nGÄN2GA'Db])Z:f<_.Wb;)dDt3s W M 2"tZkjvT FVt+ "QO| Fe 1 [K}~M 07<ɭ!a^TX[2A@1#H?4> jx%]PMJ9 3pn;w(6؋ mDܻB$b ? dAҠ ?ٴ_kM,5܄F/_xiv.?٢DzJ烊RLAāft 鋹IߕGϕ{ك4LQ 'A%zل$D5h !UJ4g'$k6Y[K}G@{h1!%ܩ[qem-`Wuszl*ISfu4c&!uGwo܋,7C= @?9Op<;y:Qf8ɦ=N%FXԯL&ho$ٷU⚊A:ޠhd)|yVgi/CC N ?NK:VcyYSW*O?l_7O3Ps=QE<~A̢ako;Phhs)8I݉BoБ ?˱Zm'jhm֐ɀVR_ٍ+LtdI}) #Ra78nJ7`I*=J}nɀk%/I.@{F|:_B3ȂQcu+y׺M̜cH@˵[8,ߪE_<0e>ت~9T0Z3+sW-v<#mL?O}f]a19gT)t5S͵wm. i7?#E ff+"PiBBe8ɑHB (1@A Yɩr|Sd.A% /mPU2n%.LH$EQY OHS3v#h&"T3*1X!/4O-WݥX?i_Sw2Ik`E[Q(?hP=2v`ш4p{}pWoJ"t?Heն')g_Ear~r}ٙdͿ֖@#—W[޼v{!x|U ͻ{ْ}̈́c|d jwu/lpt?-{o>iD p&ӌU y*)Wة0~Lj؞)͸"%\; 2T2lw1-eY"ʈ"z#]t4.ֶWsǎόc@ٱ"4B^=+G59ZcZ<߅S]@,mlS$abRQS곯\[M))pp/K}xhyN=K@pl 52#e(PS0Ht7!h;ʶ4gycҳ-􈖐SzLV]~ϟ5̔i}R)!hb5Os 4SdlЊ]/&THi#fIx%q7> M}e2:|hBH v9#(S?/WOk9wL l<ԕ&R\?-o6ź8c.@}6i,dY cԋɯ` "ڻȎ?u_<`M5X+^hv)@7r1eo` RMǕx@HOM% p,[ q>3-F-N!T*`T d1؍ 6oKvn g͉P<9T#0stìCψY NI0VJQ@@v3fq"e~Vt% QyJ ySp{w/ @uQE#Oz~'VA@I'> ե,u]ʖqȔ1gt +vi%A.&MGIu+ EV\Z-Fz8:Gp{Y'wmu&({VWE+7ĩ xZ]u8 ;u&J;/@?-NFU:½`mR|/TE^k58%kaFS5'D>SI9h{4F.}h / Di/2aQ̵ᗣpi .@I97o]<)e?q}ˡeR8H!NQҲBl;\}- lC :IQS8"ILD!z:@Ka.>[A=Ѻ@{Fq A4U@mܝJq082FWzswTJDU`4ߍ ,7ųd ̮B^zx%V]縷5)$KHm\g G-"pmcZNlv>6;VXScz>s\5B154ۨN*yʦx\`ܜ--{E^v';L.XÉ)*`\cZVTA?Pra#|PI):53?NjU]u*X+N:l}6ek**.*(FՁ]0F؆N.e:NN%%˔}OLL}j5"+zBJ^ƈB Mk +X#Bw35UaE[owAf4 #zEwƪF|z+!+$$s9>\J~!jCYt5=;oyGϐV|HrЬ&*قwᨡLXC^@1T>&Jd1PNo+.aa ?U=UџZ";ޣ$q"]YIkafhb~zT n)F}mC:6.Fn'e}t'' @l0҇&s^nF3p&P 7$ PEԁ];G򙚕lω&RlUf$,*vJUjkN Sxx(ea m犦Wǥ/A{[IixtWEI~tZ2Ksw6C-E^.t$ U,Bڧa .O zpSo! G^&hxO"DFTnyD9TӁ?qM 6b̀a>e{Z{!ܖxO_ǫyj=Ζ3S9.6k`gorA/ʀD3 o%՛Š$@7N v1t _lQya} a~ml ȩRO[ S~$ˊf_pQۊDUDZ_1< ’2% O in\Q@꣎\|."h5dpx)FoW?$X)f5MX`;g|2)zq\CǫٽM}y G H ߩC (Ae85f"2;iVLMsH* WG&dn"O욪6Kd`zCP>nW k=w+T4 xx(O֚`̞T{ڨqx3LFT[sAP8rUn;F:L=$6^-56oԹXixO}O Eu0k;c2beAyX,@ag_4pZU(JmGw $"}|W>"eA;n^;M6v;&5(nS8)2ߥ7&K "L+^bDa)*mjï5jan@vJU-68=᳙GðXӕ%wÕz^fI-@Y6VLBE-7a!ˁ*k~aY{2lyz[_-IDZ_^`䷽)SjTL)-&*d~bK$AY@2Qhώiq\I5GPx}3[vnxлfk'x92|QlLSC);oSl13;4a[Ǡq_֓g ZwOH pkLʨ^{2n7C-+ sBmh!/Rw<y lzUէS9v4; - +y2U TRRkɤM>(/PV'PnUD#Up߲bON<$߅@8|eV#n `.v$2yc*ԓ:!5Bqa2~D4m9"lh\z4(p ZCU>xWVzn؈y6b[8J[Y/RW oSV'!sSi5 (Lt|rvc>|%؟JF[xVGg4s_2 dPډ]0#QMx>8Q;>`sSb c7>!92bK1kx KvP7^U2Έ>n 4OkAuqxVl.Q:mKUa[Y@|~4ΰW 1b5񬻈kXR*<&~$5h,:4|<\]+|52G"zHP 4%}lbD׶^ʐ~\vwƹ`ݣG */rb!2 gӴe &PP%`bIJ]V]k%Ixul W [K@ IlhJd&vw,: fz<"eP4]pD$2LtYC y&}.cOb\$DuQeE<)=aFD;LD@o&TVs4U#/#彊?뻅CΌO$ζkkxuf\12 AQ]jnrr>]L ?zX땈"qL(_tPbI;YgF#9-oO*˨V` ´ř-U%*:E& e"Ң!@^h$RC4EaHUP"KyzG#l[ ÏS mΜр &NB 3!ɎPџRmebjkx<1Dc?`<,M&~9F,BÖ:K2V)+wd/ Oaȇ' N!ꀋ?.Rw^HټJHDϻP *D̘2UF&3_eV0cu s4zQơV ,zhoqk` >3!<FWPdGNіȏ/S;xhۤ/L6O/Cro 76m;1FذJjdRU*a~wVH'7Fu"3#fm>~Ss ]^O!~4pLܔ&H3vZEem^ t3QJu:wx=)I-#T >&مiP*'WLICtr`^`O>Qaԋ5d!RBe`eHg}d?cG,5c4A\Tv0nO&d6 WPӅu06mkFǎj 0Ѩ b~*qKن0PJ=".]0j}Y u (T p9R݊(LrFJS)ȶ| 2 ]ez,fZ YtSjqx*h&h4 5]x苵I:KN DZ=kH6/`[)/HƤx'{E gg$C`ibmoͶovb L(:gh-0Hܳ@ Σ>z ҌC7U?3EX1SŽC:INp!a2Ϊum(T1D:#ƜCae80XIX01Glh結[@nY3O)&q\3j`N?McBP[gwhKP _7򒨳!1 H^.Xɝ`-K&AYa:ߛƆ8-^b"NRyv,`Jsk!`}LgX?4oWbkEM1hŏ?2&]J@fN 0\5A2:F,[>GQt X$:i}{;Kx(̲^ڷ^FCzjs6ohIɌxތkfVdp<9mt5hh$~n3?mbyE^ik\+. cb@cKmPgNOP!Z]Fh"L"(rA͗=7~Fp2\¯mw85FihO^ݝ:R=B^ u+%Bq%߭U4^_ e5򳖩ӂUv<+TL;BϦ7ÅgBd 7TRKB7)&tl;&g:2+^"!l喂Y;V͉T#=IlA^{Si{>@T[aX!pVN ܴ0"ɛ)dHf HCk{C.O(zItyNbK="cX@?9+roa^“qvwB1Ĺ`ZgRfDrc}Z[(t{Ge b PF@4$gJPRiFlFDOZB2dGiX#1}*ޮ jӓ(5wJjDnq:GtԡMdڻ / #MGxA)!~kD d%xhP]y']?fM.S@D.qrhQkͮTԋϪRÜ=}5EhO-2>C<h>;>?ood.ڲSN5x |0FtE!1T[y_neL'W(0]!k̲ _:\35N|/6/=2Ūn `#&TrMgu7*9B 㝕T4e>@φab١w.Ωj<{(zlA>8\Fͱ|&v[;eŔa/FݟW M(ZnN u?%eUw_HHXPϴ7J -ch#Q+Pׄ!흧/X`#^o3rkdCcڞ9y.~Cfz.CQ/WEM!O#㫛tB \IRXJD7h<;*Cy–&K>a[QQ;$ţf Z_ӒEDDѠOhy8m1/ҢYsh1 EF0WBzLT@FJrϭo'\ְ :J m1z{6<y# h ɳBA#dvLYxtpj>x`.8jr-YwMIhO@:mQ7ЉYmxFo>-sm[ZH#:Ucz7~_wi0Jhd_H mBeCJj6ԫ)TE<> Z_=4rHp|:fJL0uy4>:qຊ2 9n0xM51*J2AdvCitXGf,^w1B~G"}PuZUŠМ N2mj,c\Y<}/l6ڻEi7k7]^ m.q%_ yumphi \ z8Erׁ 6fXv ljRM>w#gOMKQ4-~QK'V1c: !)0h8~<BϧźmR cp8S׆AaԊ}KvU$m{ }J(MPtot+4]a^h<huBq{.MsCD)0 Hf^ 9%}!!kpۄ<]cHa%L=#q׿h*5Qf8+"Biz:'\K kzNc[TЍ.Ԩ!/~Ol{\{-L#1[Sk`Q{)yMzz>%;3Hԭt3:4zJR ҅1n4^oفJy%P ;=PCyq$.TUsLoDwҏ0Ls7q Od:fi^_cŮoX)lNEd Hs$$<\E,*oۀMd${d@0FPEbPlg.H0Kr<%iua/{lWviNv&n[x4 ڂ*&=-6ŹW K[>=(ie2LZ)&-)}ـĜjgj5A>.o9>.L0K$Q35ۛk@ S $$GE*9 Խ)C%("O -Y0"xu}ɖl %Ɏh䎒=uP{Mq0$Y26)&QlcۭKZ{g U\RQWK+ٷr D՛9P1P`s|Zh4@I+2ksBXN1?|-WC[0 ⲅRAQj\ ؃g( dd~ڮ#:从pE۔-/ m4?8bN|S| ,{y7Wdk<(Ú+amę쓣D9.sAKխreSSý_fY JlYzz-[ [F𷿰Rx#Y1/η5Abӣz'jYҎh!e(_nmRjƣ)]L 7).3pA$ WX2>J|O- Tr3G۲í}_Z`)gy;wY*'&G`K/ɏy\Ɍ.-\:b7$~:*Iz0%5J(fyO4&J,df$k*p\+Cl/rlXu@o fJx*X;2`!(wS).I >$7w/kTZ UkR֢q(mG+๧0eKdc>si.0)((wcQ\e]fL?ػg gz&3R;`}QLWUȺJt%OW:)Js6b]? :ڽDʍ5,~T,Yn Uw ǡ'QGu-Iާ59]Nhc[).z##4o]D 3zy%6رyp29 tPL0A9s3ldJq`Z+euċ!0D1zV| XۤZjDy4 pO[eE:"G5!]ME #}m^*uTm,߈{쭵n y%KpRoDvX8+U(_tz:_+:'@lhM(Tc T?,Y?\Ӄ|.TGٟw'|Ѡi E; r(QP]U>s15BNANkHd/)-;D;w+^)}^gi>K+{s_,DrYؘirèl_g'_7ظE&m f^o NNF,GFbmW`ҤmxDnVKsf0B971x-M߅ynV" -`' ׫K Pڔ&<0#L؉W0HB^B[2a2LI0#q55A\ӓy|> 71됙FbO^Jfte*?a/aӧ )%ZsGI˷U0nԙQfSoB{zqp.P|DX'4U*dՉ}Z{+5V[șfZ܈$Sh %xMJviBjE!W!!ɎF)/łZu,{HsS0UȌϬ(;PRs%?i&5 R~1 _W9w/V^Jّ]hgk5za"}DSq \ U_ ,a]{(|ՂN]YZ_hேհ,I%>Ot | ,8Ah} 3NE{L[Z4 /]ю4NG#HX0=7pi͖l1z*qBPxC[z1t?,#:M3)St5e߷;Js*uCΌ5ռv1 mm@'t ʜ@8 +Ŕ" !974wj`'6񀀐T.Db Br(j=B-Rp9U.).@Jpz&ld'ʱ; _`\GԞ-ۜGQ[<2qKrc:AB=ؔ˄o.Ts!62 DRPr?Օ~pYmw8 `3u{N9LQmx|ABqsBM1b(Y,to"tDW⎪i3 'CXLoW|/*>UZy.9zMKfaѭ& GT~[~ ֮<$QH7خ|PbH/qٻOl*F1ӚumqFD2Ĉ۹Q 3' ?)^D_}a L\k!MYQtznvqX~b˜=t#h ^MNBLSZ4WӸ$v,;c5nf )vf)L @9Zk .g}g3liLGRHhy趢gIҏy?'{*tȽawP~c׼S$Py-uD;|g)2N&#^R:9xG; hz`EVǖ+>^ǢrÖspl*6éٵQ&?o F8U-ܵu7%-:w:{ݘ>f|E(Jy1\ %N/u2Kj&AQ l`Ql@u"pݠ:}kNT%|`-:D<U(Fa"?_J\l䒽EU;NRKJgiW4_,1PTnJוtVՠ]8|D4튓|EЊb! z/`N+`FX_"M++wŢF=j ~;Ō|WyA-q >L`i?pHL]HcADy{nXĜyɼ:|_v̊<5{NZTה A2|8} x- p<͡р\|y2Ϗ+i>oaD]䥞`h/3ZPlm`6x9VG]& o JF#E\852>k]`%ГNn8dLкt:پܤ&*_+!!Pf5&fVIUJu6#ȵό o6)K"WS=Lp _ر I|g,EAavgr6r) ;!01P}t |C c4NLu.)[k^G`Ao"O\bE\,?I2t 0ld.dp~?xVՎ.B[ ||ˇEE-ȝ-[|^&{.бeu~7.BTf "-lJnB_@zi{ Yf(oBr+cYeZMͫaN!cSԪwR2IEj/AX2pߜpUe^t$'J-.;:4O?Ăyʗ~ m?9}V%{]0"NUcOX:o鈴:&>]J'Uŏ5/h<t0U:j7 +>uY,4Ctҳ8&塺0X!!wwǵPɂ$*l5U6A"x5d~,C6YMhDNXy|DG"K_f~~;l}JЀ61BEbx9^`޺aJuN)[j2WL$@2KY g?a4̇@jpAPtWVgQۘNyJ>vH`XKZ@\i] tzvT̗as#5S̭; bin2\ 3+mv6"Hw>M._Q_|9 Y}_!tV)S+V:;I%fpP|x8ts,sR ]9#}&œ,WrW.ZcK~sCz2o>^\ \npub/ %D#|Gfx/J:q[2Dzk\-)U"p-s Fo]X,*B{;7n.$?seSc!??Z@H 8.'_bpfmsegȅl!m#ŽU}8tޭ¸q_a0C`K݊Myhyյ9a%X U5X SҢHٿ ěwItNqF `Hƻh:^lGnۣvC&YRtm,H1;J-dƋ,yh.LRD|mcItqZ_@c|(D?\7Q ~YoXΚZ˫ZIߊvBr Hvg{Zh=8 WJ5b"0q-2$ W[XdғQBڒQ YӮH4t-ݎm1fx8P;i=l8\$KV}`u\Vӏ 'u鐒(yى|m=\2hCLuH ?[/X ;q1J<5Ca_Yo&X@ gMd[#gw| 6i7>k`{]ĔST. 0hM,@.!PRNkܫ7ʮ:;nFaTec m KiᅕlMEH-Ζr.'AgVEU'C(R N4Ðw=]:1SI$ j&&g*Hu{9L Njq(K'2 y{O5WH̳Z WSb3JS{ Ԝ;9 \5tT 0jw [{3ٛ;g* |X5|gfa;Ȇ:zGY@A{,+;!2Eռ#LӋV( P[sZ]agR?(}jyʁV.&B~WrZ+OiT Hmˆ:IV4X(!(fi"p8 6%Uby[J$aZ\ I{ aa֥/YՔvHDyUBw6! Tjpt}‚w72,%?#|Z, ca:d<8YnKJ{@[2pg"-ɋC{,`FH mM./g ԉC>ؼm[UM-#>o?epW^d? KDp2wRuHf*m%>yX| S#tҼaƦ3 {:]£'v6c{%j|klA@968LA&1NDAt{j$8<)Ֆ6a̘6ς;tZZeM<͘Jp: KF8;]u !cu;_UM)s@g *-Vyo@csHAz]?' QiX)R!(~YAdVD3~N怋ޞ#b#7Gg[]DO*|UCK^Z 7( iJmCa|?Tu3:xoS yLq&*U]xmVkjª_t[x_T4^H.~6摌C\oM ck _"`>ݏª8{nYJ@4L{GoX&>C) /ׂ?WB(+!k~繐~$ePn8W"Im å Q|mG.K9ieŀ *1J i%hhŵ状[򪁸(1kF?h3ߛH:s`=UX^q@ff e`FTgH1OFܒ+s#˖C,/:fgslRDdHcKWm̢_(K6\)6oܕ_^Y{D2!0,IB eJSe^`m$wt+(qy4LY~Ok`|q( T6##>^ K27JqNHy$öC gV`gxl0T8)tپbt/Ohrb<_쿫ݎHfpJmu!G1"Fծ&1J휕Lពmog pך2@͢P&胳!+{~q{պFа6/=$ySw 7PN"V^uzF[θr8K"H"v@ _eҭQmv *}2HWN.<$O.ɝbDKbv*J'FWr+&l#nb&~žտ#"S'K5,WT C 'U8[Y0be}rYQ޹;IT, daH92/Sc0mfYM%,m\~% F) !$vЀʎj3|%&l <p@I ϡՊ7KL˩{#j]:VO!5oWn~Hlה4cNҜ(e0R`GA9¼>6 VWJ(v,񓱘Vc +bf>_v116xMro6$&!u!Z0JdžrX~"e< =IboG{F]SJTlv 3n GE;=RW;O}9o\59Cv*3 OZ:nzϤF0|z%ҷgS[O ?D 1˺ -8UeX/}vn *-ƵO4phaf=@&9y JPǞ(#Njݳ ҝObg&ز{.!94oY1; !pT'U}R`0m܋;̈TcDШt_^pԳOE}}Gt?M;ww]/gwsv-XSԋ;5N99#Rd81]b:,Jȓ˸Uͱǝ|čNKh*'w^#k: RŒ 63^R{;=`V1FV1R͎HXX$\}a[4SEi[z:/a Cc!ôSbWuiz:N|P!+7Y\6a-xjCPĀ-V'~Vjڨ elcu5l+2M"k0iVD*0=#88;ы&;#J-!53lpHṆ7~PCY=?;F>m@9'HgeNv/AƝ^e#XflbMÚkFau س p, 8X.Lד[Txxvqҽ@R:B@0plfUA |ύƉO-7&3PXBCd{ M䧾P4\O±lb͌*WYɡ'="^Aw_;Qj*pk?@&HA 4T̠qC? 3Lp U\gƕI|N#Cϳ+g հLk&hgǪxgɁ:7a4E;COt/@v Ξo| *[ L+QGe^oǙ֤<9lOCǜPy*=~GE_+j}N}Kn$Xy'GzGu4nn,W|0R@S # >۰Z#9n]q0 $>1n;.sYB#>8:ZiCLv<"'a]BA%͠yD?p@u+c{RѪneLfLⱖ{Q\뛫c±{TS2[|@W&uԎy$7L`[4gFA+Qu51GMîλz +Y$pGg{8odu9^cO +Up5D;n8d֔p~ہsB&PI-L]]J7lRP&w*N1^UB鉪ےjsfioF#G +/GvVKFs\pQŬNY>. :*Ri~n ɏ< L>Zn~7uѦo1:W܎aA,.5K!pRʱ7=,H+6.e@ \g' j-I^˥3*/.`4 [㈧MkW61Oy)-O]Nٝ16v\\%% a7b5{ٵDv}AC;p- Vf a|Te#-7%d( ӽ6"\\rAOV_^EeEP[;Kbx;tc2E& z`Z G 1  ")1PMC?&IT o B˘9g`G׻WdUM_xQ3ϔxAƃ Hʆ'pstfxfIĠ]$8li\DW0w*~7NZƟ9Wͫ( F\?C/wS`H0>戳yd1m葢§Cx~?3'55~nHP\eC?K 0lR\ͧIF,|)mȥTBKOC?&bSɼΜ"qM^ |Fο)$ ٽb FapnkXDJP*p#fz|9ƘVX団F#3>9oѻ'$_fr>>&*O;oC4$D$^S6MLo8F匄U{Y9Y`HMLl; ^ a&T\O^*gxD`=QJKLpK$héj(|Q嫒3Qt: p?.(.B;۝,ƍ4Z?͒;&4oBUN1-l|^kk>7c0i*I`IY۾e=TWىSrړ{yDdXXq[FPF74A)1zPϵˑ&6LJ6DtN~:"Lo83i"zNj'iqԛ:0Rǔ[f=\MGPXtH0|ȲAsCL9;Yt#hMev2`Lw~.NZ|y|E7{8$%oN3jY= 6{!BH_Lו^JOGR7 Ǖlesg& y^ŰCDR,.Ѡ E3k;LAa~lOI6EڣOb.?%]tMvP_Z Z e t9 v/I!67}'QV-^T]yZտ8kChEwSR׏ -ہ&Az+ 0Dy D,}6zZkNW*Zxl0>T EHk8@WM ߸q J?> c.VvCrKa&j&Y$#Dхfl#I7p;mY/ݥlU9@ Q󛆦QM&] gÇr.wě<@so"]֚AF9c-w2*ˬJx3IS@C~CYV1舖gۗ#nZMTvrB3I4<;1uv A/or}yd&(>kr^<0QB8W \hK[\CL %}~pI 5$r$=ȺW*ek"Zn}Ԡ0euOP8 ]RpiUwE%x,SO-9BwrKk{B,oKmlynq.Q(8{ +Xmjr1 Q-~(&ST״oa3Iw#2?pX|egt $$@cfS7?hT\]4-t5I]@iJߨMA朌k.9҈ 3gI;d!I4G[ڂ XJ u9Z޻Y# °K ]|0'hJ?yǣ/ꖷ?@B1[0 fOW;/%eR.{0(nIƥb&ew~c'Bg!ǶM[(_ryW XF:d%✩2Monat"cͬR=AmHz%3LȦ|}8L9BNԢ|ſ!vCJrdgm9a8W*ǔɻ@j]9[H5@ud7D,VTI+rrgt🮘V+DWu/tFiBaNFJ1Ԟ+{K1dzgP-N+/t@_O1#\RSYU{:k^%% ";5 .}VcHGV΅orlXCcǷ4rs-2If0Z s'+c;%`D#jZyJaĞS<]z}.#݊Yyc/5xtmB4{^b}ɯ~bgx+>([fLj Z~i~9>ȟiDgЏo:{d[5xVZm*a(!gniJsV24 6 /1T>@ة94ow2Kln>YN@ItJ+.%}WFT"$`ɀR`~!A[yL8c38B'YF0_؟Ò2a:I*5<:/y:s%QJk)&aOrY|BSƖrU#=T$.njZO U-8 efnx|xeYps-{&hѺq/&8Wh3UGE DmDF!8qT8WW߈/zf*ryA 5dX'nUkb]ߘʝAdj7 HU0JK,vz꓆M-"< n@UFmll2☹Yf':[=Bu[ƙO&S+i.gk̔-[KDJz_(?z_C"[ڶ t8F.|WmQ6{|4bmE%okQ*S!bn QJi|K|l{Kd5d))Z9T*vk> PIg,;u.]AF2PR-$2v ;3xkm 0?ě):j2ʫҀӨXIwЌ.t ̭ jzq0fXXݙi Tg~rV7wx{`o ZpP"׶sAg+m?:UCF@gBZBǜp5v8~W:.TWqRu5SKXv=aR}1{H0w iu0[ve /s+20iLb!0-n󨬭/͕uU`21ת˕$j4T{]CP=b{1/L 4ƪE>@a' 5@{`hJ}ohhLU1}#*?sCZbx⎶ )^da}7sᛜX|_LȐҗfL^r>~h QtZo;Jq?C"R%%gaWYP |:*I ,#m٪S sQ@iIoNڷMv.5$Ydv%nڸ83B Bk |rW'{uھ)n|>cZCPuv[WAgc1$ [S8|8368 nZ"acCeepbbn.]l˓^RCb/l~Pu{L4=wu~^Dej|>Q?%g$C P;Oe..Ӱ6m-YX:8T0e#0X%fcmnd/`{$KsWuQޖ2=u RLl; t2t!Oߏ8;z juw=to9R=oU?:>{ʔWÖ 1-"Xm@LL܇ǭيp`c#O8w݅ idϝ='iaAU,4Jk BRhh..v~ɵsׁRF߮AYIcT=Rzi 9{"g] QQ*\0Q@&>(/ cYWݐ.1p!MI( R O|`?uukvq$"TU-85ba|N9/}7")UD$w.rL۫i<0P1< <ܥ;e{&0+CoDY{עwFH d'rG;䷍&ț;nj]笜X:BZ ^5 n@=, ~gt?<>隬VvI;=/AwRr+Ψ룅pQV7`ub̰Zbbl"Pǡqv,NQtQoO  %H4R'Q1  aZߜKJu[]֨T`fhxE5 8Q0΄x" t3,Z祚 ݴi_쑁L>eB?4I\Nr&(Da^-"RȀBYaOdS;wxXq;,\{+bjǍD 2n5nDM#Zrszj6Tݓ{)KuG[zYju xˍ8QCw:ϟObW9+r-ra8|#6nv6OIwCl٦ lMЩëGiKQZtT#OI;: !CwvRnǺIKT_w yPiͺ nנ\,Ն|픮']4vQs@C;yE+CׇJ5ZF"mT 2P1Y8P+NqK'r"bT<*l"9l{JApԚ&C@(}NL7GޜHS)Csi (ZDɅ-T2=@UQFK W|ڟ5D`Q i0oאJ?UR`4,Ьv x*w^޷LАer"Ʉtx î ~ +z+-ģڟtb,Af@"H}xi6c! Zttbnh°)bx9K `TFmBG-zĠʨ- ~K;?*):P ޹Iٖ*YEL]͚Mӧ܇OW @G03X Pc|ҡ/l`d ґiYY[4uٻqYz{fy,\ fty ך<clGsJ#7M?A`vC_sf9X*a{ le~MU SVx&{n1%ͪ˓0|mFĭjq;'{d4rV `$˲+{70r5鈄3MpGg jxg^r"ԺF;Aj^w~? 8q$̕ >A52txۗ)#X,]%$9.?fuʕpQ _n|~iGcvX _\:%bOC_Wp.`Orw.DY-9^+ccn*9d 4Wc4Pʙ 6B\0 JEB{ZmQ#ַ:3ۡ#>!n}j䝷0Lks%'rņ6\ӤB:>,/=3@Sث"Z)m[l>%5Ad-:%$5VÆjT~a_n &jc{`)I|EK,w3>7ۗ@~,ahn#| unƯeѪ-Mq N (4q#ws=mR\5̱\<E]#6uM{p؁E__ *" )Ev1\i;ҰN%lQ$Hs#Ì^ui:Iȵb#ɓq"K +u M+N F%^)&H.b&W !X_KǼ/{8/pc:OMm9exɅOR *2qsXsOذӡͣ$-ѮB$=@LֹӰ%`+5$!J guA\eWIg):U\ҳ#tڳ [VX+\Dq^JҢ5;cJx2ìDsUSI?NPC&0Ř3gh2\vr zPCI 犙a01e#`4-E0ޚbt:SP]Y`Q3iǥDA;!}&)2<z/L_asڣ0+- Lr~\@=jXi{!L[c}ډITr3aYQwm` l,:ϱm#QJy=)xH,NmY@ʠ@"wױfC' os{ANqW4N#eLT^D<ŬGcToIa#TUq3KkѠmFz. (D hnlE:su qbEhLh]zF.6|Qo\\ TYI#%@VK`P IՊwe9!ojnE`ɖ e#p@إBqzь>BO:`Z'+$xm0Zn3 >Ȑ؁I0P6v}<6~`2Eyfp(TfE] Cq~_3ܸF婬TvRՁe^6*rBxMJ"/Y"^ Z.LgF0O'6 CW-4wtJ|1b{/18F~7J5}^$Uz`~bsb˯}1<~9+dovN,߫YdmTc2 Wז;ooR)%39[!q=ؽ 87JȖ+@{zҹ|}skRV%GH W"CH'$ ZM- lqRDDk`\$e y]L)-;3r|1˄l;ABy,m۞{Jda*Pes[0)hO-sw"V8)ۯ`=ik s7m0>׶=1DIrIY *b-M}k ꉝ8OOkܲ@ZCZ"jp(޲@:^xrS1Ux87f5>o{>QXt|=go[%=Ɉ)࣍x &4q8 2$ #δ.o|-^\f-jјa[0.*AسG2EJ+̅h6+1$|Ǹl}&^ @u|9k! $ NgjaO2ɠg<*< yfȃ!oJwG?L^P5ֲ߾ “V3NJw:0t;l7 7n(WLIѡ<4XnINi:<"[koyʭ0:NŔQ{blbR_s(?gnAg;NZXZXyp qrqwKvm_Y:d]0+醙$EM$Z Qwv*PQeg Y [HڣAp?U]ǡVw۱R"y#wJ%^$Nw&h8Wv۟& A*-@/wCvYB6kUiMij^V07zg ;K{tz)]O3"`Pox3dY(3$G ȎYlۑG0bB'{t|<7Aט8tC_FI&vob)OJ +:4%w$|(CX&.{(y$!_^CV3O#`EgфtBg' Y PCHQ//h/9nC6.-#n![U[V[rYspj` 1&Oђ0 +!ʚ7 0E>7Fڧ{ōwI5%g@k@r #u_oy\idA~k ( dX)d*$hK>$%PfA7EjـzavI6b@-uPVs݋$WB?l]F4=>ae|4N@oI 4=.ۯ~q70V;G>ϲeIGz@5qnړ g}H5^I$붬:iR#srtJӣCv4ӎwOi0}0P/ 4P!lj&BV3l|_K*XDgLmS~v3VOZݻTQxfzJ_ií;j M-ڃ&e9Zg:[[Y&U@M Q 4OII )k`a̖r6m{ 5~-2WJR8cgv]4R~'=\\'Hq7\C+@^z ` m3hljs+@.dIdw9')ُ^G67 o"+ )mwc5T:AxxPiV=DݭQeuGW4kj}& $#x)55A2ϘѪjCQ[@ q9`rKk|itť MJ,tG:^m- VDŽ:lqnHV/h00xgK:e(X՛;rBnq }H하4|`;%k4lg., cjcbyόDoK^`*@ 5\SowQ["t%Б@Yyy-7"r44^ 'm婸ITU"CY.ʬIģgͥ^ɚ,:ƿ?ϲh:ȾT^ōJ Ey3?iWzfK%BRntE "=2%R->KY(NM֣RͼdĈ@Z}%cYWs'xs8Ce#}YߨWoSFKʑBGJxw*Ty#JJ:ׄzk%*~&Н!ܜf̦F/mOwpOç e.E;ybiiu 1Ǜ<SYe5Ze.߶|gZO](WAY+Gq4>];%7ۅpo}1Jj 2,3ݝ ~OmmY(ma.  Ӑ)*36 /]zl`Ҧl>~Sf!,*hCIb^&9ɢ$}0)Q (g{2VudE 5s.pX!0(2 Y/z̽]9PQ2(=qDh (^k#FB<\ 1%)y<}ck2Pk11ލ C*?h#\֡L}eIGw{[9}E؝ CKaobu,I ?XBT&]׭>!Pu{LF!1FZl2^DwPOC%/xPc1t;)x !tj~ ,g޵Qeȝ4.Ujz_;ыR.)ӊQXv2DMPښ:8 f-yu:ηL=,>*ʋ] !V?"E46h%&qOϿBRHxTgLUfaT^7=WJhO CRxט6Z! O1S5 5벒aM-~kuŲdrݱX%LyZ) dX _\ 5uA\ 8ex ľNR F] bd+BK.\骈f@݃}}Ep1r,8&f>p؂Qovzq`Cl ɪh<cP'̡1H_Ui\:&G:Pn!P֦ I..d͑ؕE-@eV]Z}CWuvD>w4`H7ȈYq"!@r-:q Hk$zE~>n*؊PXtn^="&N!ci)).j,*UoKY[Ҿ铆C͋C('n%lk7D+]OEđ/EN'deVFT8{&RyEa)&.&=KI縨[V&"DGJ∼YjBƠγog.0%+ԀǼKA s%ʶH *vC,E.yȗ-TšnG T4)w)ljY~Κ@p=R]wߩEHgNqwmB$ )ϘĥnK 3%S.zwt1D"(nYDx[ƇJ m UbKnVfaE;Ts"DXsW*욣ZytsGC;j^gWCDk6օ [ Jև+TXbl[ej"UPɯm0aokGƏhzFȧOBZYy 4YJ;50=5AQaw_˜iw=ˍ{vdP3zO\~bP {CdwC9(r,#e=?6ʑ}sЏ(&CWxfWmᄓlMޠ{O\/U7xӣvUcn+3E•+) ,YKAVOСҏǃXmhP@; !E: X@2/C~1|x25/Q,d3v AC@9«%7Vc̓g B Ay.L52f g`ͮ[^S!1~YK9v w{ _AċE<.}!-q1/H'hG+W}ּ{v;`K?*0 &qPp,FuUo$L]f:D|7,[5{oj5ew%ŮSgҖc8>y^|Z?A) OHC!UE΂9F^lpTkh$kehe-o#.DZP6b-)eؿo/QXXWo5Qi.suSҮmpfg߿WBNn1 t#pIF9Vm.^z-Qq.!Yٺ*|-_>iҳ|)p.B %~?cz f4H M=aP[oO%Uȯf)G%kD`_H&XZ6qNL[S3s.UBs,g.*{l T KjI> c/lHҟ#j+Od`M9[9۵ W&q-ӷ+E_+v"+?jN}cJhxn))}U\Q_7Aw26Bb"c<ԭwcdnGNF,GE;_luTGD)JZF kc82 ?;y1^ؔ/jzHOC g">Ua'sGj3E#bWՄXjZ,|rk9EH s$k3 9^ QMcb|gm=sRPI^ yS*FQEVX%u^d xŽFLB<T(˽#9MxܒGĕ$2݋[O€8}foǝióР6?B]rhMJQMmo%Ǵ2Iq&ǧcApU ,wCPF_QuC#Кo䏧3z:- yc̓c;55ew1_xȃIS $>Z|\ȭ;434q΍EV2.17x}eRK+~os<6ajл{_tUw3JW[yݐ6C{zzXC v/[POil qY.T`\$|H(KJ g-ndہ6_7?vYBM3ڞ;B!>h֊[͝:QE\d»F Rͻʩl =_il1Xf +@,>%ONZk3;-_UX~7NhAAJ nD^Õw|6Xm*FBk@DsrUylYj(ZG[!v[oj%,pgNթW XX-^q#C`I٣b)Vc!.Lu5E7SA 6̬S)B"Ovӂپz^ "kT{i=A=#P df;IR *[ JAa^ԙAMbuAK5ݼ4}_ hZn;1H$˜A,Z6wTgc\sg:tDw]u wc Nݴ,׵M}孝jfoI}pa k2zd3U_l\G S'{Poix~VP#=gLZ"#S PQ(sGx-d?QY~1sKTo7m dr+Q2A8ke=Z"[Tf XqW :UZ}oAmQ@ƧO&3B + cy\6nӖ$΀'yFF`2Y.{%7Bvszy;H5?wlWC֏{ P0`ׯoTn&|  =&wyDzԳ'MOO0.:L cY:u L0KU~@p#.\QT!J&(6eV];L-22p>H0#N%-@Ϧh^vHrC(|ـgh^.?z+3MSoO":\;a&$$b w>bCH%)[sdf`n1o|t*5??H'2f6hd>|| ]ثW1f9^(U%0-&qcAvXcLum'C;5`9PӤc]8oCXi,.2oۯ|ƃ^¦'i)Lus7Ȉl7 (dQ2t.D7 Sw^袀Z:􈚽 w(oeqZg^=_Cqn38L8Xxyr<tHhA+p=~H=qf#a;TW({Enj moHj䙯͛Mf A+L_I2m\Oc>ߗX3VJCw!.ﰻ;98%5꫄w-U@{^@!7iU@tiմͳdECnx&)6˗:i˫~5?6̜acYqJ$b6 FCB!<hzjHx Fa+-bX~~ÜЫM"M `'+ԢW'X: V3n*VKԶ5r3ÀԤgE?[PퟔkB`gGyq,ORhƐ)~|cś' "۲TLd/y\ _.uqIC%&3{Z3u9 F5~H fhp>{O^ n>!D;ѥh9>[iAKЍT8:͵hTcQtvC ܡ[8rUZ +.#%mOw|>[Q9T(@0B 2MɖC` b9 )?ﳎ buSt1`Ґ~!4Kx-is@ugSba Sv\AQny5q'h[/E O΢ȍ>X*@UYK7bB@^p-ߩޥ jN_2{ΪQqRm"MB"?z#qr@'$h %p@R=ϯE,,s\=z [#̽:j=UZ}HEЗ.W1Y2f@OҪJ]XKTn3XÔ߉[|6a8nd^Q^A1xy,:{8sC5gC&Lqa1QV_5u~C?#Jm6PTגVᲪgX%{(d,=dsk -Yh&;NiQ9]ĒB;OT:(ˈdnIbJaFyd%w4IT5l">T줬,8+IWqNh|1qsb [+\;dLvX.=n& Ƥ7jvMwJGW'%zORz:%AflI& {=5~#ކ/N"josh+qtָ>ByV`[h ]_(ŽG6c卅|7!_R? $i4Яi7y0C<"3JkШX9DhLy2F(ɣ~E<`sCjI'?]F5?|oSz0)qeէe9l43}P÷"wY^|FuGT&cS{[˴4H+o(R\(*,^C'#ekYTKЭ9jDm7CE+4cSּ>&ڒ@mIbYR$bw@F8-rxtBK|q+54YG'yt)gSYƺzP^%X\]+xёHjqt>{&R9r3 c0RvmJu _` Tʖ9Ph~xO'Rg/kިN,{K]юu@aM56RŠoHsOD B)+򳹲lT}X[qΠ'Z>c`-ŜO{ 0l~۽}; 99/)},P^Ӗ7mB#oc E( &PK.NTwIb HG̀|STlpu,mKĔ+_fDJ9*fnlHʾ_I,Z'ƚ';Y|EN/C5WoFPK.-]T,JՍ! 1)`AlyXXm*ӡ&Ӊ ЂuD׹)0u鮤kIa1co{1\cL<<_`$Fn߶8xGNv~8Ͼ\y7 J_?>-?QNb߽mz}z`Sx: WcJ0~i Ž9ιӱ-)/ -[gum P2J0ߝ_|*UYb<ר8:Av=9y7js{7eW]?_\ K"UeeO,v2b/;< 1M W@N˰įR 5bV~)(}!\hW~ew*A[G o|dY2@w%w՘N_Szb]j`nj$33,YNiiߴ$[ܵEfpR Mݡ|Ujr2ƞޓW ǖ/?>bLv$F=dtJZ Zjْ?.] [fVM sy{ sH)!&]ma7L| y]j+9w3HT(A\*$XM\YQWGf#0-' __?;%@\ZڂIm ~+ ~U_8h25~vMyCu9 "g\NJu_N44K|kammڷ$h5lp7b9NGvUQQsdOy[oنr:aUe꩙N{HWbF86u$!~3X*:zvιGspJ BO4UvV[F'*4UdbɚZ3W닩m& d*[A922YW;2WԸ4v76,`wLM⪎ M'ǮH8I:f"k-X'Lǿi -V${ 16"9k6rv.xm4*ʵ9J~<.#bвŎk$ϱNcen5BuuJIOUtb /4+÷0&ONpMZ>S;0NȠȉ%q'qiQHyNn(l纏%u!8kނڻ@yq B"K- k*l,/cÊ1YϺy5{UnPPa{N7L.LrOݏ,\x.;SanWln#~.goT/ O m'x0-?׃Fo;ښjғ 12rcԎZ(:N**5ld Wo)c#Ԙ Y#2hR)c> EmP5+%^ b$}߮6F,0ʹ1jLKÆ%珩 0-[04`vrlblMo}cNɂ]{UҮCq) ~\9$;xy|eWV0 ,W<@.xbK`[$ L1 fPFdL,>ro+kHpzE~?>"2&na<1DRrܻw)Xau ^瘚 /?qq-Lb|K̴N]%-p Ɛ*kScwx4#㈁21XѨ>V8n9Qjlsmo?X5~ h0p?-`RM#{\DzF.Z1.=|w4L & OϺ\(z􈛷)RDD9}]1u)sJgga9'덲HeSIwPBQBm .p͠2Eq,~|O )Cоg'- m`^|5U%1c:*0>P,oN0yda=߇nq_܂!-:E#캤= 㣲TgY=NnY3.\R/R%+s6$IǂxR1[cտ IonrE,lh1zHNh9dr}RnFm;Px!7)k06cAYOv- ͊ǕwGU$~*YWhYsꪁIxyf8rB.̘XQVxW0ʇ%ts+7A,_q5z*hn65R%5QpWEr5\) x!k֛Z1dx:Pfϩ>Q|60p{5szpV>Vr@|zxRIv?^p8AƷ{WPb݊s=OluW&aCݻBWbgm! FO? 4J}n '鏫lf~Buӳ!ɱHֳj/5#t?<0퀨++:tX X3jȻx 'MSLkh313E tNG8D.!Patw=ZQYF8p&Il83='h"Gk3G)w׹倏tC(W#[Z,<hxp_gesipu߽:$P靟_jw#^:';^INz/> a'rNguؿ9+dPLqVfnw;c(KzEaHX @-sjPГiz^4^P Fyx =0o-6@@L}K[ Xv u4yKI>zޡ{9/Z5XXy3cko赆EleoµgNHbL=`8zMDo5ZD-؛R#"2Ĕ)+VF#=Zp [mhno.YZ90XҼgw$~sx7huAZ)90%Z{ xm3{fj)w< 4rדėdǛ"P\ VQ7W :3BRd#@Uyi6lO](x6kB1G4&Uh.cQ /GO{.C[[o7ax!(YJ=vA1 O*~G. lU;6Ӂ^>NI2Dpk ?Y)u4F@ :fwUS1h'RZjCzG8c Xt٢[abHeE@:u~؍]*\|J.T=|)Mm>FDR0 vd_B`i4h.]-O}5)J-:w(ZS1 iS']A/W;GՕ/oÓp'0.9BUM>FN:K}GY3zO 5-ILg~(zsc2~<;KOV,wY~װ?̀1OD/_#Yy^(EK7ڧ1;6ḻML]^nZ,|Ag3\LIn8 WC9Œ*HF *jYwEgbC\1TDs .a`xH8Mhiiv]gO"pE۝ jf=~2md/5훡2&2Cꥼ%LxCn; S3q[hnM>I!}b4.qT%xPn>1g/]fI=k驉-7&I1reZ13"?-:8~$;H1pf ! Z`E6ÐNP߳_.F BMEG9]@VLM κt$w/mZJp.K% Lv'ȧ|ɑP>qҨ0IFAQEp{E}„5Z4vdZ+P⅟wyǠ 9O śA~jwG0 E~>貌 \MFpqbyD+UO#ڍX=TGbbRR.Kh(nⷻ}" ?sw:9VͳWv _}Va4&Vc]Q{(H ά~A18(<*s0Ý\.l,MwՂ;p:&Hv}ɻ+CKm8rzq쯨k=ǁaRԘjR I{ǝկ{؝j9i]ħIbRlƼYQhu<9f}-!LTÅOQ:-y*EQ1 ŷt'<2EzX4vʦkd?>P!\\'"(Qx @r Ь ^"RйݏpjT~8l:#LmD!̠wc^:x=NJF*?R;S!׃6mV7:3i`'.ўV+ZhB[q/m v$ܡH&LdMXEasӍ AEf5BrC0_cj2g哀g9oRŭ̱e=aYesxaur0F E1=}!$SΈ1>aPIv7e)Tt-#D aG!uۂf>4n,A_tk 1T"O`-(znd/~=AfK->u%֌dBwD}#MbW8hectėDIy7&G~:y(s|닠F4F5\4h $& D>|;(%^W:6zS@j?5`*Z}b*<nO?f~F^.w&0fѪM *f([H\{&`PktCn t>uq r`nr%.mq訜)%nP >CHru 0oDrl67(i28Npݝ])‰yF@N:BP|@6@Z^7Zc=1VporS^(" ti"ٽd)~ȦfNK1;ԠCzZſ F++ϣNqG{rIC}2~!, @䉵}xo\De+PΆcoV4CWBEA\) $Au21>}L<9x N}Y?ֿ%C*,љ&o_G<1OfāTR ߑ1?n^-qݸ@pV Fv5-c|/W遇#@f5'Hoe0}za$Z%g0WôD" ~ qgk(~;5 m<.✭g NJ;A%OFwxfF_ٚhxlX9 tX㽎x@%Gt3!͵T*}}U L^JA=E+JI]}oqQa (sЎO?eIYyŪÑ["e9^ĤM,P3&ے#"Mh-㞽 l/vduuYoSX INgSnz'*s8T?M4_s4ݝP2пǧ֡vAxfc8)t_MˤE1.H#t6.4^&ߐ{ cK4 #!D%u$K F0]s[w#V4 -ukt  g^l(j﹞seU9V{v$h,7 uݔ ІoݨvUl T[M"ڒBE 80QM){2NmĽ2 4-)4PO"zOP!z'X֛ѽ.𿪵he /QVf_[qORfH8玌W:c̅zolX0gRaJ|TimK\ zR`67b6<ɼ=^㉏zUTm2PhU Tʘ+bq߹%G`~)]g9:lg#MpU͉&$VNr뛪m|sm5~Kӷ_t.Ĭpp'ؿ׭a1H ARւfoFgy9i˜qh-%pxI:Zb!m CV j'kmΞB;_)564*s!_ґ/SUh̍?yQJ3o:YF8C_SC3DeL^, ~fq۞.;%ױ`ۂM=jx^f@cM{j!Tx;G#+ +jlIAW߱z?"XjV9>EfWn9;\Jxч~4 !nGlz93ysQ|5hpY5ق#^AKܺ:w#xy| }%Ұ9sK9&,WOe .s§yo"Dtw7[gbB[ VG1f.3j%Yj!Fvq ?Dµ:.KŬ5.96=v cldaKo' SD.GtuB[ږ*xB1o$˚}ЍZH\zfGE(Vt|WƶmF'ް]W行eT+B*qvE GO]fc *:YM>/xS,4r5#sU<(VZ==V DS]{ZlO[ݼš_ܿlT,JIxGEupT+-uZXRX$^'-cꗱ+E_aoZ'w8rﭼKT>_;߾sv+K@] mQZ uvVdQi0n%Xf?ȬYMVL09Ȉ K;fE%.3sh8ɢԚ(OEf_r`(s_ٹҞ3~枕Em +V@AbX\C!*teE"Ц k9ł}L^54_O0϶N}S "O+ZW |z٥\AοPYltMzj>% ?#+ @:#.!HWB?q wIl{s7 G,$2L6T--AQQ[Ʉռ@@2LoRQu0/Zޞ݇0ǐCFS001xQCv;hJƕ{4qgK/'h hkљEsg+ ju'΄\/*4CSlA HGfvJGɦ<$IKΉRy pg2¯1r^J:(/H4*n0/T[Apve EX|VnDX, uM㋃ h,"q7<[nUrWL$˴jIjt8ĞI sFJ{DM> ˆ٭5~{l< %>Cܚ&SsYƏ${0,;8uPY}P~m&һ ޢ;pN5=(Aad$/]?A W:3xw5űe.ۼ,֊=J~S ^zR~wPA x:S $]u CccHMUወ;9a}"`Ɗ{^e)ED^_oI%n`xro>ZG$P\EXVl!_Pؤ> g|>Yki/^DY#$B7B1g=e/ԣeXg$֨#4Е)Yq0#)L@:tΌ%)D~Npb׆̾抇^XTO𞑳KcA *c.2C-e~&BPPk}Vg KDQi27`k1H6*M]E6h+>:tlW]3"{hW'o։@:kB\Fc€tFaR}3W _XKw(Գpʖz whYGs]E^ ,WLɕlt"\IDEcbFESg=}n#Fi<ʑ:qb=/ % aP,h+JULİXO`*B`>5{kO%@5 YCsm)CF!/2`"Pchxfc)z-tsrF7:o1e BsLkbQsU]өʍYVHsY oP#O.(AzGN-*(hoԧ8M 83IQ0[$p!őEoczp{"jڂɳ7|H=D!1H&"*7k$Mj v#H )(#bx[18)ɒsuUP9^v|̳xRRBQR(N'BQ6ya2WWWEZWGˬ+YVx+ݾZN[e8u񵭫#*x LhM$ŒZT)%wbuK?L |S_-p!:DmqFKQ i}%p$0dFFYCmgw_*ĢH}9rr]/{]<vWdZ xig \vЖdL'K0 \寋}/{ `L wO+<\I^|@5 ?Z90 A&0H VS =و5?NAIf&kvJh%+ +m]KogQ3\GD?8zӞ(l}HAaز5?!:)xFoC2V=#28{A}3]|QYC/Zч AЭO7Iȋ7HAOial !K~N`G>RxMfu_T'Ԝw?k L}#oR."!S!boTH!WVKQiw4oT^8Q?x ١O(EF]33xp/ۏF/8?H%!cX[*U2HWXz1I,%J̾W+Ot{7R^#_Ȃ R>PkV8If[tL&݂b{?ѫSe{*sADtNBet%0aJ"dY͵vWw Lq$Od7qsjo:wʘW }T|}m4nFwf7%7>Ƿ_bvvQ4 u[}̉4QTBoV! 5At/crW+ޟK /+b:1(]4IAR9_(jIܞ,hv+ \i Ҥ>rl;O@z eʠ:_rb>^txB$1V01s$/ɰg$䲶&1 sdƁ\ѵAs 5&Mw!$MԿiت!iUh`J2C/s #t]X"v6YnN5aF]z)O'X  o \ao/XdsƜ "*B&"@;%c%X}X),eB:a$OBaCU"6aDݏ?+nkG\uCp3+o ·v8?qrla$j}$|37a:&[{NYՑ^jw&=.yوھIYkY4ƐӂxRpWpGP(UUNrܛa9Χ:U,#=smZM͸e C(L/G;DPVz"Zz&?[AApݹl ~^T6uofe7W-v5RT~ Jn9W#:6tMF}7CEeA.iKDyB}^A2ݍ\7 L2-Y:}pc&@hpSJ{bv89¤f8)eе5cJjBfHiY0A gaR<'6#v޾6+ [C!(ʄj29 92x.OUɾI68\tTUl,u"\Epƙr ^n!I=,x }<Jsh~-n}@ tq!ֻ lw3FPޣjS R@)&_v\E,2=?sȇ*vM璤4i0D|_w^F7 LcC ):ZDqqW=ף. ck6~$њ)4ᘹ-((oHNVk/xA!ӘrdYc;Sdy+'uc(/QUroh^h9 \SV Sc5{pne|yKi>_%lW;4ZѓJ=&?K[9)rk[hV̰hEt|hѐt-M)J1n_ƴ?~[{Z7CXz3pm\nز&A(qgW!(52 t@)xz槏%~#M;0_Ef4AO`x]Iy,]EhBX~IU-Jt=u#\~y R(ӟw c;#y>= 'r"D0mS__ydW4ł ~́h4-Su-ᘐҍ+ٔJ Oq $E (/Bб*"4=y8Ip SjE\N@YHb~&pO@q hh ;F ]oLD*lau3IRU+E\Gd» /3Q˳N)~\p~ !@X/Z%M‡hzI'cco8a9p -h?;Q%7vL_[U5X6s&<,Fr_}3kek:F +w5xrakru'vC|?v3'7&,uvS\AW n`p  k)E->7>˼2MUCcnɾunz>Yw_Pi2IC걡Cs$-]CJ7QX7U3UUio"}ώ{RYHZ k:.9W>XsQI/KƔ!?ԡ4D$9;čr)-WV_-|ChsòuX]ܗ(e?dOR9BDKUG^Ns߄8iJdrPtgy"8soaN2|IzVTD W]GU\B[J 2%o!e 6ir:mb COIJݙq[Bmwh #bHBѪ5!H ќH&gS}2_n⮯$t1xowD؂2Al2}m&pˆs O/gRi\s.f2|C$5Eg$9#!XdE 'UKFr1dA ~ea y[UQ"$ĺמ,Tyx=yV%C#=?0 ! ?*NriĶx?fȏOEݬ˲ijtotbXڟ==́c^A}[ۍ$R))PPj`pdFQV&l̖raBFf]ˆ?ºb0/m7J"M@F_D? 84biQ&!Ƃrl~ZM>{$L0@Fpnͤ\G V )7|_a,-es쁌ٟEA&s ۲r>E0GB(J)|pȬgf?w6E !0 >G3F6.YL 2K;f&|bbْj /?,zدrG3!.ީ%|eNGWuῡbƱ0&KhѰRQf.?-X-1mPeU2Naf$z +8aD䢹AM.?/̅{f"Zal^>)/헎%Y 5e1]^c&]{2WЦ[6#y4: 3Yyڶ<% 2Bw=vBN.ʋNr %M(9BbIU d\QqS9S jt}`]q7}#SKY@޽r7.)+hDZfBS.F-wYg91-y*SYH2`F6~=@rbf|PvHaf~: Ɛeٖ oIȁ؝g2/n]t mh:&4#"鵉$˸`/9Vo"Bf1 Q[+s_ +k( {g cPP8b~VyTש[H =oI*jefE[u8 %l#8o[.8%6SsU,:_ُi㠴{g!<,!S]1̂Ka_@ͻH+-Ն#ƵҘa&Ĭ/c{5j,@R.%3+"p]IP}Q0`~ZWstzQfopdt}ڬE ѳT9pQ"S+&uua9)/ANدk f1B&UAa*+kC YxFQw8  nXޏ*Am *BZL=!*BKn 'M{U{岖Q]z.O6k6_ߌ6L\kWBO>?Q9خ[#}nIJU ("WCwp-L>ͣCFT~gz:hdS{(gl#z&ں@,x(QKhFwWpVWTQI뙓qY˦z&u6Qx} gvǴ$gq,$JkuלgN3\7O`SO\,D:*&StpKD &FƊ(@Dp&Lh҆Lb ~sNgx»FO^tYf7BŠurꁓӢ(S*B-y)2GW3#6LBC0FYvv6=z[" t.[6b!~݊%*# }-VIP>-^&;?˖u5~4m/tp9L13 jN32Q~h.7iBY1RC{}(X%x6%t=~}*VH6LG⫛/dg݁&Ag=!;>MN (l,'IpJ uJuWn)~G#vs+W-Y*:Qn%eq& Uw."" R?!ڕ/|i|8ri<).fk|Bp@ ~֔Ms49ئNPfPqK)w|L9m0ޕ3cB b I*ӕ)ic}E6q2D!}#*`Rk@UOoS,^Z-1eYqvYB6_f@78-f ?MAFgbx/c]H1a Q[ lUgQ?xD 'El3!a7 I &xXj^iEJPI/$~[۳Rw>RqFѽjK1,ifj :$!½Ϛ|h.ZR=$fqR}~<:CV l2Tr,o4{TeRY]%p[ 5]ցJQ)FuGh0a.tǖ&:< ?%@xNŰîHϘ{ʻ<ϫc@a+:4aoFHG򔫶<bJ׿p=AomGqIvI($Iw:K rG7 MfА۸oKVZh49rCb3/2"Kdg,`{'>"{dZH]\FU2oyXhr"ּr*8`31Рbo_<;g߯ sNX;!D[O|䶸حR0|3z:2:fu>O)ҖBl~R #u;ҡD߹+HRWg~!7g@D\Tlz$ Yaw:ui lnGn2n ;$ yBJP|q( 5&lIoc¨9T!kTD,Ya65XN}DRgW;%͐_gKit1U{ ~M\g\@pVP wcNOI骜O v4m뉺?TZ[`5BatSܒW:Q]A5k2: XHoa =8z7iE0Uܔȏ~I`֘}V"qTJ8<-.%]hΟbr!|[⃘|4l5gHA{M!M2R$)6 qɲH^j)lapzʜM(݅ŃZ0ЉS 2"ZuGgN)HVmSCk|Έtz nԘb[S a{ŲQa^8T |QtX פƟ䛮3 &NK- Qe f!d]U;ph4?$A `t1}o8J \d1FJ O|n5mCNcDM?߲0<pam1*7E@cp2"l/"xyDآayn31Y\ ײRF$nhf[;y{ "p.FARH->X VC0i֯YɁQ+$ku@^oXT^8z:lwv%fK}ݘԯvWdI).. +XRLʕa^CpӰN& YUjP69(A<<<]5خ\ ]q Y1nH3yjE9S%/XKnt ښ)ԩn5bŎ <P߯3H]rC{ڱ Z8C 6'ײ^JoY7a%Q< P1ezsM7 1:bճe+;nT=H2xX~$xR9P| Q"_GFzr`͇l):7ͺ1p6s8QK!F+nɌɰnUNTep)t(p+=0AvZİا]W/CW 8ArE> %!57R2-\sƝIYϭ gqx91u7?jH+A(9pIg>$ d4 ig"w  įZO\:o7ł|<N$nhU!,i,IBzBӽg{jֈ XOI#r* ^Ƃ̺gmU!3fFAAƣtȊ}DDNh!Lm_0<1$D mt_GOf`gi=eDuWmrTN+@/D^!T;>A].gbΈ8|fX㮯Վ|KŲ\m X'T*=Zbo:He6P:thy"%:H} (1JKW){~»EWoı%?'\#Ȯ\oy6tkT>NVV6B*r@EbZo.-m&}2qDxW1^A}~4a>ipnw5l\V,#KXd޴T+| ̺(F gsū=bp{XJ!ANy6Rcr5*VcfFʖ~ΧRwȇ& I%ocE07>m&*(-3T _>)'W ب\"PA+oww3M5W>u&ʗ":tT|rdyGIUza&\U*pʈBZSD}-HR(Qk!ߋx 6sΉ2FNg"gU|P?CiI0"z!ii<cA8w#R) >|7g;.UK8o4Vdly7ȫ{%X(s/HV5V+fj0W%?Y^>F;Y!At|\ In4‰qC9[@NsAĽtG#P -xM.;ĺz)` :U@SHʴ&D9=iut5 74SV1 ,w2MFy8a6&M7o!LozİZ1,Z,~@'n))ѝ1LO}lܱQ udUt)#պw%^z6OTwi +Fʂ^%ogb1ԃw"U1E-ĪնRr"zB8A&=a#I[lvmqoEp*Km^Hg 0$fH{CA2aH*X? *fLCޯf/=?⫻{KW&zn#(2Ԝ[Z{E֛ =*'M d kⅻ񧑬$t|SJ|m)wMs{aaA^_p]vÓ@[-'P⁓<ɇ0hi'σ@VPT{K)/2UvgdsL mzv[~ Ɓ^ȃTPoݜnkLj ,._ nl>ޮ=\c?fR a`@{󋾝$=OٌZҴg!} i"-mp WK΍#)=}HlTTeoo02nM<2B4g9DOwOB3Qf:*|, Acq2<&KtoqϦŖfz9RE?j^{JowBiS;}Lj 4wA)Yeb.K.4m;WqpG/[#?[Uw&x2[?u\7 mfqdMqn>k8qd|=SZ1)/H{T+`ԟQH0qz$^p nkZ! ˳~[f2*X1{T:!H?怕~^N}[GKn~{}%dx7+E@X*NҖ%𡽮v+&3ŕBM)H?4IXg ĒVez0ԑ|Hu[|u{LŮ9j)WN3p EԃgSݭzM}lи./S7y.xF^xbjԙ{U,NqFpJ͋qBtL2VIP W.iĔț f.G">+&xr\ Sfvn)kvDũkytcJlls﷾"7ea6ÿ" *l(HDB`v.;Ur+8쐥rlVΖNFPw hO6[KImq!pKX_ǩ`ܧ⯜4  /S=F*XQ-ӡ)ksQ3AZOFqFuKaNv5%Dw7WYBf"C۶J[Q\^u` GǓX}ҝ8ymYb 0aXW~ )n;Ql.GSMml+طES6Ry;y_CZXwo2A&c>] $74c>qxW0ܽ>"G$&iյ==ԠM 5O jE t@qvC*m& + Ēor:,nDDy{9b䅻Ըʝ$P$'s4M§5PX~b=)y HqܛȊR<7gCx62G/[U-tQ7\[+B^?C7ԫ̙1<p"7wb K:0ǀj&_mgdp XgaimV}K@W)E *q*dTKQl A3OJ 96>%B~zXPxԝ5R5lBÈȟ& ZKk[Z|ã%n=xsڔq)J-8=r]〡qkp?])8 u]MvjiS+\QA4jE[:*]]RZ7xPd`nYIwQς +Fp֭ 1ͦ" l9ZyQ:1kB$nSNa6 n<4)k6,hM1~ޕWn?nDdW"ח| 9߹<`eKi[6D7r4QCwg:R0jѠJ t1„J 8,s#&IQ5LJÌ_!~ӈWF-Tm;jySc ZS2Y~,$/Vz)EMz{۪k9)f׃-z3 皒pa4GS`b؆7<_5S:\TIu4cP?k"8 !`.bHvS{˞v$%L2mRUR,#U8΍!1foū0ri] _"MA3 *fw^=]B!=GYV -קZxX`%6\.6i5".0̇j $:tCyO}*{XG-y<6R+93l߹Tl2>Wd| emP Jwؙ!&<= H.7Qp ܵ=3'<{k\$=>:ն[U! ^ a4apELs#l/; ;!Cd}F'L S{ԖHg7)+jMeع8Y~b6Ͱ[yRO3Fu}AOJv}{o\ އĤ2YuoolsWt(ݚ~L.H$u~H 5GۮTOK@xU(&nuN7ro"™4֣cI6Ui;aI8x-eg{ Yd̂:x#SbиsX9\`)+$xn8:ޮ*ђ)]ѵ<+x:@'=݂4Mq4PIMk,2."U7+v0j:Z#?ERIOy}VqlcňE樒Ҷ٣Wy7Dq㠺rI ўkǸyॾ+!|=Ϩ>`3I &{,X1Xf]pU%; O"fi#"sֽU~8Hg< #9 L$yp}b<+ʶ+8I" T ".|H_,ivN˨xP'jV#k)CΧKn *ǨkWžAy |uviM+_0a1-~d*X\ɣlWF{]ֈn{~sV2A|Q<_ϡ 6tfk4f ܣL;ѩS.3)/t. $up2N8Ö<̀ӌv?Խ=8ll KW+"[L ւI…rr/5rCXsoӮF2ޟ.[F(wLA۠Ԇ,DtJ?x"~ԿZML&>˸TB :(4Mթ*xYC:?Ϡnyz52GiĪBQ/z}Aѿ.u]#|+&vua_}G+5q3Kfht= )ԆgT|y z,kٿYVL*S+쫯a"=$ R>u@JUoT!s#McG,(~b!-) ̣7b8Q[A|ϏP^ߧ(pnLcK1keZj]c $maʬ$ $ ʼniJto^8 YX6UZ?]2ʈ6k@HOE_m4ez~o?8-m4RۦL`dgs\":ʋToH{.Pm$|kQDv615m#n:*n-]P54fӫ 2+~;M"8I2wJ<TWPS`:(?;ؾ4c< N]V}1dMͳFw yEy~;uk7,.Zk@I}' uhnKX7o췟yuMŢ03=,6$e&L\s єpO זJ ee2ZƸHJp#%&BR'b--'ؒW3 7QGv$b]WRi9eǐvۉQt%5se݅>~n!kD>+7KrZ,jKw ofK,w}KBLUY84e @}χS}a [sP"H&uS * z$!mȻW*{$UK;9dx#a zNWI簿}Tꮿž^YXG68ҧ02DžP0/2L"?BL"wF!,kBS,3L z{7nҡR=Ib/@ f{^ 6,48MoˮɷEy P)YKv[N$r):42KY6tz`pnjm<s\fnV41K'9w5CP? $R2K#)GվκV~ \Tߧ*bzA/XHwCAE蕒*AQ 5'A Q":B9R ZL;lI3`lml@mceTrJL|!:Bݝ.e 'ıBVsmDrj= 0gijV>*4׭J[՞FI$:-90W .Pb]n*}&c:Z1C\yL}îզNE;jWPJ]5R3|q}I[bI@HĂX*z zXfD-# }F>3KțrO3Q Af9x!Jmٹ}u@.`ɾ03sXAL[w2-"vaCz7 _Dl;/z6v%9"L/ Hrok{E@ @7&Ԩv?h[5+AF4 q)h4/Q-YCPDXBFOhIŒJV' T2ȕ?e;C9i>\!oPEɲ Σ=+BKf(쬼J%mh$"@'@fәNԃzjPP[ $.ԏ01!j1j._ G~V:nqLJ S*T&W7BvZe鱊. /~o˂Mӎȇ mϔ:WAҖ!E0cw"z8Ȃ\%S(|GrhKdKJ MXmmB-p1!(ofrcrQc܋ sM@oS3&Kəu=(jQ@pl5 ^OJYOwXx/[8o<5넂Ul;¼и[eڒlj^bV2ʊs7.c{K LW͆L2,|Dz! BB;K\K'0++E]sh]?i}dmon {%V\EV>'tQ9[3f @>HU+kxw7;nOKN;^th[UU[r3Ow.$@ġ S!?dgNM&"@IreW_vgRAyG I6a"TF @ꮼ!s>w;=*ش0gEjciվl|%Fl3mG4Q4,gV濊=4tZ[/=eM5S7 Kj6:iD%]ݬ(30C!_]H!5ީ޵~qX/|3NZ0P"56)Z9HyuDbg ;[[d%(%ut/1k"ѠRӽT@r2&;F6m2G|:dnIũ`8wۮv:.ĊKI=c&uJ.,| .+LzAN<7}d񮏛܁Z^k$?ϳV6:LOݍ&zn;f%R! D9A,H|[hdHq5-6/eU HݏDb2Du$wm<0|H*8i'||- Yz#f;,":֐]fO+ʝeR~3N4lIc_+`ny[IFP <*y^8M*X!+_ )#laZ"O.T8M)u@w-㣉_%sb7/aY_3"Oi"WVΕ:1eOQ9"GH8F *{xӐ*=D|AD+j4)OI-RQ$~u^g3Jͱ[N"5Aeiï- '>3#*^r+~nFw$]HW4M(v̀0ֈI0 }#+OYCzMo |4If?]U_$ ڥHaK1&*\&{DW>'s;.m)$, e%-ݲ L3%Pi*لR"}N=,.hhO>pstRɂsK 4oF1D!ekRUXi,H$&]㸩g"F]Uf7.SyTOGEd 6<"{!ZyA') o %r8#zpmj**;O:R|Ca* 0kkBڭ5}\IKˍp#X4I=%V t<4ju'? %M@Bgɹƺ6KF^X(2l,`*qM.ȥ? mpqFq7O#C~Q7`K|B49t ČTc=SCr0y0/xg %^Oz$Sȅ"l.FR8*l/靚keW?,LP/8O+|:B%M"EVü>:uԛ8r@$ W5+dD NL;:]`ѩ} j1cB!+t4_/ 2tVU vh+ܲy}E 1кCNS< )<`2;L9x>+BD{ȍ@>h% ZTR@>HB/),yRkQ۫ 5Xcd6 ?l`p m=Lg]2@ f8AyV#Kpom?JB8*1>Med 1E_R+7V, 9 `Up ߈\l i^T#]U):]ͱѿ;R E3' -jqp8;jnܑP_FTpz$fkrn& RBG3~MEA5)԰ٓ/$UV6^8J)ѩrbFJ-% agZ P&Ȟvt݈;J]pXiHx) `^ay[ OaM!pBň8fP]srDj9cK84zN٦eW `K*INu<DuVqGK+G0ăgR?hnQhecc_$i"`3^%*zK]rj.IZP``B U;e-˱BX GxpkD36Z#z{jV|@JaOnɪP-ؾf+|{Z?[ZlLdUG3~+W@75OtO5 ǔӾVg:&4&TT3CUhQxjMB;2KM.Y { p|fEzzN>| hRpY;sO'OuR4Iog@AȦܔb.xei$= _wM_Qnh"_bytteW0J0뜱rE#M!A5Ӕ?Cn)rsi[N? -rC$nd ڟ15\0d2Nto,yp͹4KFe:foƋ+(rcNI}T`}]pY'>WB)8I=`㧛P 0TC*W;hg7QJ?M:+]!WFSO6%|ao?1]|1]ݸ.оu`nH'i}Pd^B@pyq'_MP\8V ֯@w}33mHQ>#e8Q$$O#0RL>hIɂpJ|q:%F]1\ st[!E4Amw쩢%SؿTfLV*'3!K$Lr3QI_c |(:^Ȗ7F~.tpG]Ls CHG I={2|ihJFlʭ/ 72QK$_ >L6a8V!j'BPbhE{os^JC%[Sp|rsս{ {z[F, J# @v@U[ std]R]]zJr>nkK;-i?n"- 0GPcΉ/ .Њm9:6j)Ҩr=mqO:W` ̞)&͢ 9:帗(c3qIH qfw  k˟\HJO?RۏudmNMp.+j[tulôC 2z"fky5tȩ @10A !z{P-Y蝦0YVD!ٰdGwRős/Pml0KȻ`6cd>B"=h]G>"+$a'0~lC%N*=L?^>3qt/_嚕v+~4s81,7%r\ "g{W]T0H G|@LY#[wЭU|8m LTڡ&h%+@8~ıBcps<hLƦfc*φnIu؁w(֏`A! 7Ȭ";iK0)6}r,UT:0@'3CL=`plINU-xG99Xw_/$9 w ![i]~MHO.d6l3bQ6Ֆr  F\m@gv6oNw$|#4_D*eHh356#Mݐpp#gUQMn Fm M!Q`zWAx=G-AC\#Pl&].4gmACg)b8eIѸzoq+\֗:xx [؝LvRyer~Vyz̊JHGtQ|ipI?VQCpcd@nQ5J[Wv=^2T)!>mEX{^0n4U!xE4'8*Q7TxH1+QC{Af}8 :KҍqS 9~wQA"i`N!V,hĦ1D;@B}N/Y΅(5>w3@'6P6Popa]a'N<ݣ׹2K|MwG؀Qˆ8~'fi$F|bp]Wf2+Uu_u&!KQe䀎k.1 X({d'[kVgg3Y@gf[eEe LAe 2?+M:갯XJxtq zm$)p&"-[B#? Vx.ZZ$ zT-P*K&kҴrWbu?{6%,R hH\m M@Oz"~wp` FɽH2#f5S'{N'Bfq0軈ȳR6Zzn>OhF?@6lǧ* XL1% j}멳D&XT~kyr7r(`~Ef&&!`>~&M@L%l.{yw4e,PI%0 =*紷,֔icwt3›C{mL~ pA@ЃCU?ā HT'ޑ0CPF2 W+ϜVrbօ3#e~IWClNy?,՟_q\%"*[]tesMY0{ MW;RmM3h>ȹ*Tqq2E-Qd]sD0gg˄R59.{) |Јkby[tгjHΕY_N-ݴ&Wz]uVX} dH] <"sda +gyY]P xܚ9XqAXcbe5Q,|"/$H-!:瞤z8,{W |L·y&YwWq')#!ޔvWWëIG* @& }Y;`"G@tFxpsY +JU35&KvfxxdtTZz.Z0} ;vCTGPn/s&=gKm|ա }2TI+x}\KB?9OWcL98ؚ!P9-Y$ԋ37S4 \or>so}"d!iF {aꞁ|_h|144F~c6_Z;svWkR]eęDB:wla~w`QtF= FKQ`+1M>ԣY vUhrGB ҀBU,|L4^iĜ$3Gf9h8PZb^'ȼxqYߘO"=@M`bMb* P.LSCpŬ4~7;ԢYQ]81sA\y`n YQ |=]"ׇő$^ \3^_$Ӕ^D'_E 3ad4a>I'd?]WA&,`.W@aƌc >m 12 X#d{X{0?" 1 Ů`F`psS.8 Wq%!ñh? -7L:%Pҵ꺃O"O彿-4J3]#)Ka-юf$L[6+ӠރLo[bž81Ao3* M`%:P9KVZlY4Ylh;ҒJ~iԹ_1xC}@Iƪ?g@1gRpm=ݨ3r<=S#~ 5Sٰݩ(vcj \Dxe75| $זv*r XX8' ND8-d-.Zwe6 Qx'sH!&V٨Av>dP%23hK:>5e%h&Si:%'}Jm^]u@95i5isoj33e;FUFvG?~]ld]h/k#( zD^н8i+wOS!o: V7!اߓPёKS^x;s5/ĺ(U]=ٔ-V |@]<tߘOm}[¢>~9.׼ԛ Tz/5`Vdlϡ{_RM -vBwd(| :C?Kn%SPT /pm= |G;*v"q׸BXm`tI~.*!ϺBV%<|MPXA"FPprIA"qL*4Qkd㵒=?{|/65!p `fm5ǧ.A\nl4= MQzf2M.b*|iS$sn>l~B!!6'C/`\J ^uU\Pm7M6I}ԇMUBOG3K1F(tP|P9/՛*8Cki>:- ?Y|@3,G>(7hS0he3Ιb+h)ho_H)<D}%@g{k S<d2ÈUWl(hġ{V:NP 2}[z_8DtIZ Sܕ9%l'Ƿ^V,sU$vxFnCډhjWꌧW !O'==040:;:&Õ&>ǔL{I{kр 7g:`>:[/3ʠ+)TIiY,Q+!IRԚ.* 9hQ¸ a&ȴϽnj:^o:6KL뭕7pd:fr_ZtNSԮcm:  P2vUedusEڂc#FsI{^ܑϸ-wH I$)`!~FP͂E +<h^ڥdF(UafҺi2:0\sW-!YI1 ou%B{_]lN&Ix׊I@6`&H4$ F6,K!C&ܵ\+Z\v}B#wjJۿ8_w;v5It-_b5V\ cpFU<~ޢ vlQw*UeU۪.G- 1kA2"XOB!A pVZ}*w쥾}=ccYKŸMMb!GI1HĔe%UY Fk?F-QGZU.P@w7Ydf ʝzVn/6fe*N@^D=pb.T%cO,ϓ9o$-wV?{Ӄtir Ӷ_g qB:vtp`no#x+Af\aӽٮ@ mD\);ϩLAB#x?L[Qb>F` N|nL1sP%&>6 {T6<4n}Yep[^E}] )P{"q iNה:&rW1L:`3sD-ѨIԍZ/[7Ցuu Mf2@, 젂ѡ[$64!)B6P4m u:kw6l 2qBi4e}"G,@_'vB ij%nzmC؋Zzgc䷒"RxP~E,ezhtkMw% hUNi}RV z7 4wcJ=K=zA0|b'PՌ 7cUrm-1ɚea[8Fjz]5^vh]E^iQ 5fY\jOpļm*b0] 9Em>>ui(r }"UNJf&NQ|Eʄɵ"]/#oXG_tC%p[!&nW}wa{>nK[!*KYSQ ~y6f혩;Ռ4~xB1R}(fآ#6+ u 6ACZB#DQ燂IÑ91m2] @cb5_j{Cm/ƹz<&zUMzJ-{#JsK-<[x E~]"B.n4!0b^bzWwX^9g<bӡ@,Fe/$<65HWb tGƶ(L3=Gs9z}#V'\(t0ZV=DޔG6QfD]mX'GJzf̷ l`5o'bte&JW] )kh(Vx9kB (arXa}B׽Hruid Ȥpo>j?Ok<6EQhP\y+f5Enq l_>p`C{M <bҴ(Z?ϴ$(fƐ[T-$KЯqn?'75 ùA&]҄Z[!GqyU`"D!{҇Q4p9:thp6ؼvч~SdIjk?]b{kTBwM綎>mk5->Z9Wv*'ypF cn==1 E0^@ȦhqDC1Ӈ>=i?~8ғ]@0)0y?`sÿ6aHukbgS shpV^3u51&z($maˇX͆vWQM;Y{N d4^!lWb{ZzuPN1g˕ɫW?-N9~/I x>Bt*n/Uå@u>/N)@צ;^&豆07Y ;ʼ4%ZRg=Zc[Xn<,-u]mR&ڠҧ,н^6h9?&cLS@ʁQ@A-ZzQ0B^]?QQ̞Ҍ5Hzf$0k";"yN|oY?6gx֔EκonߢhҚ>y+ c[1{ӥv2h~y'|2 /w';\oV=˓F_!889-E# x [j>1*\E{k}ee98W!HxlZBuOR=+O)6y?셷z#S@hv=?Zk&(912Q¡ŴGKtBor(Ds*>}T`b+`[|ja-f(Ï'#hfIEsem41'JJ :٪fV oL=#m`'mMoxo];7TϽߜ.xu~ZF2Q8kb4KpsaD2, stQH^̸\zA?gs+8WB)٪"!Ϭ5SMfx̅RX>$C tS).͎mh0sJ97-U DR~|r?(I0& =\"rm7Qul\lC>pF(Y}t>FH\b# R@ c_[@-nAD.oPɽE\lzf7D=ivyJz1"wk|Z_z䪪ǫu]&u# $#LW*CVf`eZXqj $Añ/ɬsY}NlTkI0ǡQWrES*bEb{ G|\Is"sba&6VE x" Օ $(j:{R~D/pq\m~a5CC['PN}HtgEdmK;2̐]Xuʰ8 f$,q6'BL. I#Y/cp$Ԑ]]Lu}s>2"! 5ڨa&"Vbi2ʣ_!Sh=929 U4Tq¶׋f/樂Yq5iu/t~L6m3<_iܨzu(~vW ;m$ D./'7NOt3ur{&,*ߏ!܌X#K/yhg.}Ed*|fw[C${|n}ؗK-F‡j* `HVʪ PǿL1Vت-aB z:8,]+dIXGCoq嶈$`fWϸ(8dqi *JFZVw+$#iyS{OnJc3Ei~z&ot& \9.[+ފ5L9Wf2_@$]cLCΫgk."Z- MRГzJ"Њ'dϓ&,a dDh +'0,&{Nv7xqg 99$U_ҍzLBhSps1s,@xZS_=3!@T~WYQl|1*P$W+:^i Z5S*ヹNɐ5p]!rtql){ʫw_<)Y_l*S'~="^҄|Ust$GˈXԖCgҵ%~,9TmnpT!kESa?!~a|,*=\|n_DWK'Ddhm.!CW3&L$Lsс6,v$]7&J%1 OzGX $UO2/I()ue)!EuG"UP"t5ӘJ?,j" ˻ߞ] ?f5vHv6bý |oj&خWf(M"+U-#LC#֋AB˿#Ljn]ur&:l'F=Q_^b1*8s*5\BamgTV¨L5H{NޑOsxC>9˿s X:WdN\4L 4$J?QT wVdP56<`W}qNB%`Dg seȳlъ2דO%ȳpdŀ_ڈ+"M[׃ )㵸6*MI#M<7~/Ox!M!+i QP5X%25wO5.ZzB dIXw$Ҁ3< >VgV{p:6=X+qf@ Rwh8oZ~<&& ~C N5'en7a7DaWn=d=&yhPDЦ`'"IiʁŲƶ 5jlU#M`R6s15N(.~"wQ,v]}3gQ,!H/O`mtkd뼦] UX- Z\gj4 TqMg2/꣮܄;Ȑ j*!Ti[ H}RGrYs]FsgP| 1Po &;~MkଉϼD-[ma-wo]p+}+(F)'k./ RYߥ%l2Bax?K[ Kd4z@o=k0Z08Gp9*7*Cd8ИC-uEL$Z}dAkctxExĴ$]N87F,;eH.O^=~T2.M6!0'2mCB1ORg~r?h L`s$k:w:&x2;u] ӎ@9Y?еQĨpGS鳣C;ʆ/}) /rF L\ Hd5@~Y ?w Y(?P8E]Rci g#s.paJ7/b2O`tFy/Gu9еɾ %!sgȦɈW ϑUq\{u>y8ʩOot՞۔CanC/YjWzʕ>\cjwN~upY.S $MIPNi|%%m8']`,QOx9𑻰I'-^2'S.j~* Mqӯ)֘t%2l"1Eت8IbkyH-nMi Sc `\EdCV>lney ԾLkgnG5fXq#vKQy(n} aM\V zվCnHN [Ft벥|U+.<%I؏zrGQ]Mӯ+ :G.3KúИ2ƻ")ל+y\M$ q[ռ+Wj{ ^L𶊿+jpz *_}=T6ps-Dm'qN&Mrc¿r|x6e <oLlr{Z+^|=1PI)Ō|ynLjB4uak~E-PnC)zSies+ς1~bY&_chM֔bMJaM kgMW&/ s?r0VL bvY2pZ^ _p@qs98g$Rz@㙡IM4twhv+wLdk^,DvX[l`Um5vaH6|l_xo?FΏJ}p_smbe9k[ѱ!醄iӕ7'qWYNV h@gKBy9A{"qGUS#;l'ŧg,{m338[L:'(ՂF:Ms9fFv8]C 5ZӃU5|Ъ(J)_urlƞ㾕9'r2B}'Q -icFUNk D/W,u"Lu;S8/&N r:BnBlAs7}`cI>36tPLܼW񷵊Y _O Fc#G1 Toi6nOQDICftS~ڷi"撅8s b.d)fs*i76 CZKﶱ#˽i.~MWG?nyفYB[< ڲ`0/ޡ{N9/K]i:s[s 멥h3{ JݰjaJx.h*3Z WTG S_fgv_-d^։);t`R4 q `d;ǸpڞZÎNhT4t6~G,!Etծ%ft> Mƃx1TOfŬąz3k5D`,;|koX*yds`4.`+djSTߘ5[K|wh`~ȗU+SVhēRϲn@ǗβЬv„s"wIC=@M{X0ZVh}sF.5@JG)_Тl90qLk XNG?@_JlC dKi00T@H9*M uגX͎+LtTկʭ* jlR;Q~u Dw ̚X6fj)tCDr+\k1]*b&,Fy[oY2N|gFnZ+d/ ~zB-B e*#SR4}R0NS:{&?7F+wxI& . ci'a;;3ըdu $Q| 'dz`kKv>,3'LI6Sr7c2&E߱߳A|zi1GcI2,2%˨)A5RMk @]tEMNh qE|`{kM:sJDI2iH|-tzTgA\fBL9yys3yj?VYu3JN'`2%kKՀ: :lgKlFE|GPrUfR,8ipU = EiUppfFq|tNgZ>t7PKhf p5DǐZަ1ǚҾz,kF|cwvfTVd>+`Yx~TX״`s$2X$ho6SjI{K } ;>WV'a$9yW*AQ+v6kBǝqQ-]k°8G4yW(hv&4JB0Fܧbn*p%[i/dzB77 v~ yp;5*S~":zz(.Z!^Ո\pd 3k4%ST@szQLk} .h"ŀ1M[gJͽ (uC51WSa۔ٚVm0syRBmvB6mi&`T߯ ?9$t+'Z{GnM 3jfi_Vsϥ;P1ܦ !驮yJ]3<`ܰiG`6~h/Vp/G̷@C CE!G08[Rɝsc E ?7I0W &:YOԶ"&pu3ib 'o;ogI;\CX$ӻ\pw5AaK5 q:}$074BO}JySO(̭I&z`-l/ݑ$]>Ob2r$w g|K(|R[JdTYNy.b1ڽɐ)7%|>WoyxhGN[Lrjyxot]cM2׀ !Ԡri"vR:zZy svUؾk1CH vcGd̕z>MwR$ԎF+G? 2/bw`^%(bu+iwLw]Z*/EȦܽ>QȎtqK>z(5Kv(Sj-™Pֻk߹mY3ay*el׻2r T^.MhRHok._Ju:y}Kj2_`ێANjC듛= l(M& e 2gmjl2>#26։9ؿHȽNcAHyups%_4'0=SmEVljjr7MQѥLL Y:'@?6W"B$⪚ʸY2xmyWXjÔ\ʄ:m"mv>\'m#4>jێ$wrh*N*K%':τQ^NiD#`ς m-R*4w+t&˅ :S鯍/2'm{dr\$_xrn@&oI#ʭH':uHDe?gN#\Ž5>GG\U?[ >!EBwbe'l̎kgbicsN-el DzJ%J^Tݙa./l2(!fe$\4LH?13s1Ӈ@PWXMȭZ:8\jl-aЋ=-۹N.[hP5n#諸;tTΗvg2'f7"5l ĕxyPm%KgސY6'Ԟqr c T6 .%O[Eم/Hƽm ˸Jr "2$TKzJŧ[Zc P)`줗.u ES*u*PLiw!_㡦d8[OY g q\a26.q@L1-Vtn#z+қ)/&iHzK/xWt*#5U P}Zcl'C둤#ޢ.Nr=Cyy qW A-Kb9K^Vd-'Ʉ[ oh9NF ղ`!ջgK9}QO BMHYap] |26֪Yhd`? Ix{*HŲ^srʟqrr# m eec͓..~V/-A:ۘd |orSZekmqMTj'hR2ojWuy$ljNoYVyaQH+j;JXi;@f!n|GUD^qN*W| bp:jU3§}0quO!6\ Ko#T0p뽪t}-x8PQ\#][h1ʀUc\pqv! HrCaמA6h\sS^tvvACKAFimULϒEVHR( S^<?r"8mlyҳ")C6B3-a*oyq|ey^Q4wS)&x/yf>ovTR@OHu5I79vs`oB@)hٟѿ4TmA蝈;'}pGt@%TWW:̓W3\Ey׿qnaf#XgܹVi`F0Vw5%Q@Ҝ,k.J9a>~Avjژ>J""+;,  QXݎ8;ռ`1Y)n_s&ϧ}\u3).C(eѓ5ɆZp"e.3<y߯v,wx^^R;h`F>ω?t?Ȇ(K{M~6\ZG;.љ )}yYw\՘ŸqW5ĕpdӮ31sdEm>4 E"7D>2J)h7}AZ#PH,ꈺX[~}L&"j871h;D_?$$C񇚚n+A#wЄŤ9aV^*j]M9Sn}5bck1|Ch`s( u(L'^dV B[@5,'ٜC/h RʌVW[`˼BcV)1 5ϼB;A𓑆8M)q0hU(<2QjiVFŠt̝&K'G7 Fd'A7BY$ϵ6_#,qBT?;v$B:O&I R'GE!IQ\;2n>Eh1c&iBjp"IgcUH ;LfnZCi>8 yUoЀFݺZpAGRoB0c]Ь 泸ۥy Kj}Մj7Ѽ^PR[Zw@~ 6<@C;8iȟ˙&nR0c3i8v݌"z͈#ɯYtcŒ8\~[~ )$P燛)UjnXU)leO6y47c-';J_D' YJ$`%V:[m^m:$;5 kCPBI (6*LOE s1- kZ(,<CDIq(v_4zME)-tcFRAGMĵrgayuadL*zDZ4ҶI`1N]\u] wȡgGձP)x$)-/,w{܇Ev@s(o *``GϿDH"s]GU]T`zȕov$27|LlT*`SqGovMV)S\ۡ,eNueZU0Ip`jH/jOX< %Hw5Go }$ǒ[X%'RzݚV7^&5 2X8(6=`Afnk.}< /0Z:qI B[ZB>`p#4S:G.ۤԮ!WЋa3Ym4 {~td8KJ{]K|KDAP1!-W{hdCصg1hj>-,=g2YlWsvX1K3lӽ6hh*_RPCO#?=؝.}H֭`k?  QaUz*Wґ.CүW)?7_17f0EMZ7;Z;e ܦқOhs>cGH"84HsyIpG㭜F`RA w6ba6w".-L,v-kDs\=ffsFF SYŽ}-Y[0+~T؍T>4 a3>Jq+uM.ǽJֆ_i`^̬Zz$<̨QZZi}^GyTC~9XUT=^.XEXd7SLvK-G.]ʸa~"jP#Y[48 7K%vdHHm(xRn`2olD# ԦAȺw|.}1GڶLeT=Jar#!RhZ8kԋJpOjI| . _jo\y<\eб>1 ?io߃I.uxv# ́SxdƧ!n{ZBnKbrax㟅cgGDKqRf;];cT:?ʅ20wTcN+V\"k-i 鋏tS: /|jz&k_!&R!k- [Oyb\5Xq_!6zj)z*LM" D:WB_4%(&Fp0xQEa&6baJ%jYJ4Jyޜ`R;1ܦ,`X E߷VE@fۖ Ο I[Flq!fZڏZrBO'Ƈf~݃/MS? zJ2q4Ų/-qƁEnwpЁ)ƗiUJkeS6D1,V]q1g&8oe'`W>JN-j u,r2ABew v #S= }/3#"=}Zma< u@#u"JU=G(E,pʚwZk6evhłxD\ނ'._K9 M&]^"N S=\-[ӳLjF@L(lNAh..%'R4A9{i ]C .xOYj9˗ӭ5WC AAErquk"R5i#9_*)6Aq EDCaE-DW?djӻ86ҡIRxW]7`-'يLDI5ZFhGƒYsQu#͏d+N̪ex,h§(6J@#Uz>Z}Œӏcj$v&''ΚO)P)%@Z &x56'@]M΍y4h_,/ ̈́ 9brÒQ&gCV 6(gqDk*dȆv\xtp4t,mǪ=6KzڿT3iT{CEŪ҈{ .2c=7L8B(V9V|YаKK"Ki6/޳{XY:=w;TUa]:Ƀ% Tn?]YSb1nu7YzRͩ#*)Fqtɡs83]ҤGB:3 S2i҈[aV2<5?l:ay7P"iԥF*K\7 = {YC1ILPsT)ĸ&^pcm%?vYi7M 4ջ#bd'Pcuoc;%Π ߺýMдHW b? URѥT8NG7(#N^mQMos 9=`LM񝌷 exBSFGC j6 M̨Q ] ` ^N41x\~Q(P enRp`|۸~MeI1~~”l52$)ӛZ#JnNBdHLpMl-Kn)VAY6[YcPg7B{xQH w(8.k̩ab:p4k.`́] Si ◓l"BPv.|xCSȢz 4MNKOdБ:ޥډ}Ԣ9rjEu\)t1pdugi;O+m^ڄwY$ft۶/XD)p- ^! *%)Di(xQ+m E4nQZ=Vn,$NًO)tS%rF8""Ğo^5`rŸ6pWi037 SOD(o$M5zA*~W=@*PyRݢ޴{24=Bt!}$#?i.?ħO.H-f Ñ-ld6BCsf^9yJ@T{Bx u9|Kd8[U!yD+6Q")=7W -Z&QbT:d.q g58c7?TqBMMH9T.7LDS-{*9I&pAȦD5 –V:7&sP%|iEc#5*GE SG]d&/4"?/ʋH ?h@-R%N.̼g Ef-RPqYUQT39yP=qV[߾*۞M߾M i*Kw<)nXuSk|R#1aL&u{t*R0й)B;^eREBEEԑ h9?ۏn*,ݔ/ÒEDeEk˚\)\4>@vRf{KŷV>'*{ T)}Cz kkV/}!{[ҭtoJ<[^}נD5~\g:$_4~r6u\AFC򡼖F$o_ORZi#oB=P:dlhmV!ƩŇA}smtD[cDwъ*Z}, ډM?!cxS^^W")V@s~VL&hC-:'9:`jh$_CXgr/arT@ֽB/LrGUKНRlofֽyT=2TR+,UL7y]r LJx~u)OjHX(,1iYN ނ^KJϳZYNXǟG _Ф0ښY adDj L3=6kRjE GvFIL\G/g oSRАeM>KgNmװP&)\1 8]? Z܈Tb 7Tm"W*"*M)HsP\ wo&$(xO"/k6;.a,% uH#ҹ08;r: &snѬpb mUɬM콌J(W8YS21@7W6bfA:.ww -=hSf.f,~X /6Ki_bLcmkUO8U-}!Id2Yfo~'48B-L(QJ+Q\ewcl!jqܞ\qjsnw"[G~sZy{w͔)9+Dʄ_Ij ⻵  \"}\@kuλߒRjԃ° SyBOP+{0Eh9LI 8gp],}M' `O2uj&=7͆>Pm<,+Ttͺ" )zGE>*-sXzG+tzM%2o&lœVǕF#9`/'$5H+f7Ai/C=pӄԑOreݙV@պ24i`QfoAh8ϗB%Zvc۳ p=T4Ro?>çd|[$c %ykH(ݷ2$c^CO.|1=ک^O_ Ƴ_˖sڭI(1{.`AH2v|U/{:(!Ps`80|F?nWmE)EtGejJxt |zt}8) Գ.*.\ڑ("QW6n)xCHYfsOLZP۲5TUWtchϠ ~&9Yb4QD_ "N)ϫkUHYkkÿyO ؼ_@"ɥt.6D[()oX!Cwv^V90Qȁ' K^!^g Ձ`%x^ׯtWHA q5;#z3'(1ݥquN ysz{h:}="Pj$N J5`,m).b3XE{`Fv+[| $:D!ZL#)5;}q?O!=Pov; jw/`D Rkl-?X )PI4-rY<_`dƓ5}LIP2\T_@RFj GlQo,su#[' cH9^#:P X". Z{.a?ay-fVH?GZ3O xa|:$*u)q;7bkWP2p,蛸Et#aU&=2)a@018-RYYcC$9]CxroD ,dĸ{1 *6Sm(l0ag}#SBU> q.K06[d5 ĉ oz]nQhNms붐vVw;+19[w)C3 ņ#2{de)?(A p7;qѼ=6lόg*l;nq[!xZL9ZC@؎ [ÞT xRY#9V L %FI9Q4P !wvm)[&_\}:@$&n _/LycAQ ֋%1Bn?AIY !4~B٩RKNsGՆL ݴxOS) TS 4PKNcp_W#g:P~_\U` (N‚K5F;"ɒ'ivk*Fa\ ܨz%yW!)d5LRq̂&;ʋ͹R/Ԫʶ,ķ˂532HUCld?ʈ/1d&JҥӂSsZde^ `mŀmcap$c3,ɡV[ih[m„IQ2hl}t'FιL98ag}]tz߃Z v.cq݁3p3frU(] Ħ[3鯷rlqc͵H xtba/,FЖG*JzLȇ#,j?Ϙ6I5-wg5i`%btϓ{;ȋklFtu+\3  :f;J~T7gQo%ZDr}V^nfQ ΋Y[|$BKA,orAW-4 ް|1ARzD{Md% $QWDq+z Ȭl)[pm̍;KpHC{Ζ30FG kw@&Z->%-oCe: ΎuiaɾVQTMe:_9:g` +e$,uYN""BmZ#<.G©]``WlqYƂVDҬsӜo=F\\'$Mc;)U7lGRtWsA'T[lO42nRēز^0x a h /PVygH15֤PKKX.~ZVD~{A(g6BvI/ t2VgSƬ^@V6䉞l+50cOB(W; kDe;Ajֆr>z$ۯɨ/c7i\}p1f}\xZ^~W]wv:в7b=d6"zN]t'|Pmt-exjN笳n}l)vdc.+ [|/oQ@4 E:jj fmZx` eTR[/h͓)T49u8T%M`*)~ EfOY"nMAW@d/Lo(b.gzwģ|a 5SxܣL ֤ 9e"H23S9>E {@?{oSxzKCasy~a63Vב@64dca rҏ1dx5D9٫btIf1RM%]DތVp#яy^%8^g!BIsF#\$02! <-ԯ=c+;nFDl'l0)F#M>f䳮Hb'ZDףj"l$v*rmH>gz/Է5Vms;fzO7G˯-&RɈk.(E̢GT@A(`2Ɉ̐A-Svo:~YAӽx!22_6hP䄒:<%vlz}uTn{39)1TKr rY68{5"anr,]=8,؂SH]D 2mK!_z}cwP:di^ۡdbxV}E嬌T 84;#ȵe>p ^>2IEgtI6Xc;A1dUc6*2!pc7tguKM\% KŮ$STʅ'w$=,gy`׳6Ө6cg[r*>7Pٸ SF1}dg&J!1{#4AX8\h VgY:}O# 6[ nDٟɽm MNpI`^-ntYl4BW d%MzJO½Yݕ=Бmo%hb~_Cqv*sH\uwϱdJx+pyC~CB_Eɧ T83RDʊSdv}[Gwq@?H<ލe&R!ae6#Z%GNt+=.PL3oueW!?R''3l"t%d| ifR7|ewW vž@$JϪψUمPxR /"6?2nzA6Ս{z.´$Crʆ{,d--a!*ZՒU[Uٖ)q >[ n?`x!pw=ͯ'HiRI tnޏ1_j< B*I2o" eLD%AZ~Hz D]J,ΤbVTdGg!O%&kZ}SgE38EԬ[V ={˅c]G(F>߷gg Kjǥ#V޿yq'UI/DO,ܱTn)Dx%2JwybYՋ-_>Pn]8@|),2<{jN&O9, p:@㤫6KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.VwsS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY 'q)q́W0Ƚ>4ۃaػΖ e0d6124b-f9b7-4592-8c27-5adaddb7f1a4qK഻48o$zBU.$jޭޭޭ|ޭޭxޭޭtY'3XuW]ЁKZ᮹vܑ ijTOUP\2-\ԡqGXmHEF؀a8y#jc,(tol114t١Yb,nmJh#I;m"* }stknw55x!(+2-Y }?ӈ˅+Ezm ">WaAij>̈`3?d}3.-!6Y19x, 7s$5lMUۚ)󷄼]pV:bqGԘ Ew5X,"V X]qL^  F0N9lѲ4)bԸ~ZG(}hBѫGyb_ cݸ)m*zU0L.9ƺY,Mj]@Q6tH),9Eh)~&} U$L&.&)bNnkAoCm*o FZ>aB̕LQh'==gW)/!K}$#ab˫dqrm?:a HΩbq4WjZ֫v D$L}CGm1P甔?:6G߼ֺ^Ofvo: sfM4`2M`*çٺu18e˚-N~weFn VS"|Ӝ :*E !;3趱X,>Moy *#UlG-mK2| ;bM(Zi8G>BJVKW1.@^,ظ}C,M9y6⼩Ze\Jax+MϳDi70(J3<@BKmƌ/F<>,]G^Z>PkFN. aW,;־C" CɇX.ELɎg+4.Mm1C:_0aBmꊠcY:![6v!Ο7[A%_]{F6*ɶ$JYJH@/Eleѻ1x"IP1~SI]o4CwXwMظV{wpkFLfr jI;c٫D56ˇu 3dҟ^)OdKͽF +=kJ=j#fjQ.m͐׵+Ds5:F*nP+ Gp2˖p쒯Z0# -6WGe詰dO)ʽ G!eq_5!KoCb:C3)~c@rF #97| sIpoQbJN(Za3Ұi=INc=cYNoj|߄  Ε<-r<խa&7/Id;:0ZԿ_olnvnDS0w&D0)$!$}W/4^R鎫n[g5]Wovǰ>8ͱ-"T~>X M?ŵ ٍM 0>a7cu8%)8ݟkABj%P K!jD*YS!K I 0D`f |P~ cdfm;|8%"^fF@"?\ilXR"sHw9]&}63iŃgaU^Tc,=~ѲҞl`yS"#@[. ݉}EM v3jf-;uPU(]$PA=*2LJ)sl @gX0>l!<;+7׌)+֘8&{F&ꂏ إWė&!GdX\ia,[dG~Bh8;mX+KvR(YW_.GcW-Xj6CUV9]B9Vr@ؕ-%%/ıZŧt ZJ8+(\N\9R32yEɖDBW!ub4bn@Ȃ}Vp⺟gtBچ7[3HBR /.95#}[ZFI2gW܉Sa7Y[3CnQpvuUbќ=ϼY@Hĸ/A GK[.ƍvHd Rj1czTn&L`Td&'&kCZc>fJN[m`"aݔXؾڝ@朘bm]8N0ѾGraUOuJ';=ӄVodf}؉(t4__h;%m7}VnaZ0렍ϊH 0n^^0$vB5 b)MHkJD@JѯlAGX⿶3jGruV,PpU$'u2\].p9VU3SiB5;2z-`aEԠmY- AOf|]q&-u밋^pEJ(#)3f({tFiSjssoUDl;yBqf*Z͞Ly$Qi{BŵT`<-Ee1% [O\Krꩫksf3qCq4a;E6G J7<.I*^k<vwu'9`;j6gJ#Y/'ܥ 1\l MNujaxwCyo>Bњ|ỸWy ]4MIޯB5K(O,2xyZ9vJeC{*Njz!z ``s6R* % O;(̆ad7-G3G4#\(<->V显ȅX#NgφdUI .ǼB.Tq&e}MoSt$ƩwsI#Iܔ'+Ya̼S,Bb[aG[%o!'L,(KfxVQ8ăfL7u%2&OZL*4A_=NWf[–:7y0j4ĝ=63W)MnQkm}=rZ]5%RJ;ՀYsLE`FB ӭ{j .vR>J~$Mb)vd+GI)¾-ciIh@*.UT/NK_@W .91z ƐyI26V$} AYz^;d4%_}L;P]IV"WNQ=-eĕs+ý;fO¾1Ty TIq8⻂OkD{.Jڽ<JX<(toCeA 0i7|ލUyrQE3-]N4iA^k b-R2Meɔ ˍմ:k>^iM֒45/~3@r1{w,Z>nrg_I6;A-[:*"?ʀ8Q1#:#m+@XS"Q?%d]b*aO蝰:> d-3\Jv4H*0nV={{)#/;b:}w%W؛*B-Y2 H.H!Rl7v\ ʟw>y'\/b%VfE}l/.d78;ldX;YvպB~ngt[^uS_t3q[ï_'P/^4QeO3; -P >fZ֎X0!ޒ*O7(0#r)qM[ʡIl !Lk|TA f:5f0v?/t_i9(4_Y(3 TY:}R阴&FuΛ^G[~ɪp+^5<GD*oНP.haOs_J5JJO*6?z\8oI!!5#1}·&LV8WA&d 2@XMx6qt sZ"+rHD&0.HIL`@|;́y-i@ղdIFA;4M޵>T VG?S]A51٭ Ѽ8Dg%:3@9 iG)3Q_Hk ,ڳ G,Wc&fpXum~5 cO7SPKbT5(0NPa> PGHvs^wYy:> 'j}w}96w-Lw*jf&񻏸Y~d<2Ԕ%'Β-T?ݥܟWY ;vW}w] BeuFd_O;pv1rqb%ZGaqǠYԸ5;xv-9ՠH[E$2A` _u5 ))'CZr?7,\ F{>PqocLK0&0oFϰc՟jy@O*5Y*.ar?\LEޜI {*`kVӥt §Ǽd*#jJݾD\{9D%׵a#[D ]%O+PUfh=+:v< [5!vh.yTbh,Υ+3pSL[Lo֛O䞗g4B@\oW̨i#01M7ڿޥ:;'{)0~5I  >}Jo.wqFl1b ݕq-bK^h&L&4M)94:4nYs@}T9e@QLMB¹ t}̿e˿kſC4uu#W,@9gyY;!6'U'w Bb.~ }9t!;RsiflKyo% 鰑k?߱3?=S+ԯ`k藅T^%B?7ͥbhþpN.TJ6#R RX/Sa&ۯ e.Ni&?w؂J_3mSދkv}Fx6Y>}4$][yLAi!5Y?|^j JeZI@ct%j7Sr! @cF k1 eJ1U`qgq =#8}}{";@5tȥ%GV/$'SyujO)Zɪz~sQ{>$gSr/AG 3cr6M#A@="hj$ƾ5z2 -_X}{@TepƜ[YimQyu=;JoLOSfcդI"bwGX&oL>.俯+Un ؠ|U_{ { ܓO9M)qW;l)> oR-,Xl|C^9C'd֊l}ZԑY3/9%."RS̊jؓ7c8ܥg_*;=Zw׏[`:|QO=*q9Z?>9>uF{`pmјElt >rrX~TWuED9Z\ЇcueO`rS QpleO %[q4pAR# OsQC>UW$ "ZړDS)F>$=s7zV Wwv~bQ{ß9L`uωf Heg!VI2ԃ6c_'⟇9Aq\M)|\l8 ndBqAG^i2Tc3[:Xp:BÇ0h7ڷڿ.,Y!Dx68%8x?PY/M1΃$gkÃeiEEXźR#=d-ph{sʶGUw 3 1f |8d ]7d xY]` ̚Gbm与Sݫ48I+D 3tlrkUXB3R5q]]A*'"⧬ꀷCu4bf`U`U(>H/7'd0tl⬑iuO mHB mwݬ ^i A.PTQg236S;)wEC+8Z +Cef qpe6Y{n Ozt]JPq`WOFsZdsaN $sÜDɹ1 T%3vj+N3Y\`Z{BJGkoSd`~2nL/J`@ Ҕa=WMǝcg0338חWm+^Y,wԂ1~;2g.tf⃘_yF SRe=NJ1)em0FA_п޾ IXU,4Xof|~2kv'3ЍSIôߙ=W 1;K֝d`դ# FCϧVI=r+*G2j\ #(wL~i"=j78پ!{63s Mm{l5k:b#Xq䌒-$M٥ꛞB}oa0[GF8iB"l,ZŽUQ#D 0m! }\n]~x&|6(@\iiV 3W +wj y<~\[ 4œN ˖R^ p@t$zx5~7#1# wtU{ڌ_i,(R%TI*q^C4tAm^/\]_8ڄkU)N $BSBYɟl'0FٿdCaGqɂ M6:˓tUj+Kc5O?Ƞf0s6~@򏿉rqM}P%mq?|Wl;ȝ QEtaM?O,o\"J<" .?QQLU%~(#׺0"zryn@$YWb(V%D$ɼ ?Nש7 o~9.WY})ēJq^>,acOy`os׌2Ȁ<|^jWEe+ Qm9mab"H0rMe_L@ {f]dynpol=H##;c\@'LΗk:c\Gy 9>N< [x]Iu T,.g6q\,lBtF>VMx |LʥgPNK0J"2u?jMzaw=F!IXOWl\ʓO<V]5Jƨ&9_mG#DKLJ%n͘a`?x&t˛+8{O8~gLڰw5Y% ONGSХ7Kѥ9U1 <=`Ԡs48[=Jx6րT!e:?=r;F8._ш`y`>K")eֺL=& YO&CV\~k.jܺ+Pt}a+_dQd48Z%up4:MzUbлP6eA3a$CٱT ˱mQC09-#Ҙp9E&kvTP@iqd 2eQ`#KMʨ\<0J(O/[!8;:nFABɓCC^maOI1Ykl57t~hD׏Zii/YgJvy1XoijLFU\j!?,FMH~ ߛ7 ̹dB;IW{)P{ ~,sR´}k]K3U$9(j.dYNjЏo@@t˦|@\[n͚ ^@E IÞ"ӗe ( fiaK8 6"%,]NVC(^X}RC]6z,J@Y:+erJĚ i:tX9?]+(>ׄ|dO$a9XX&xio%=kg4g7QNx1R&?8Kń$W%Ŷk.E(?]K˃f"dVY0P8Hގ "!f7=*C:j c>ӇWD{D gL\7uk;]+Yˀz4w/ao7u?o q;S䜞j6#ƊSrnS6gƌCi!gs8y⊜=Ś&&"k[(կї:YSn^3z(jɀؾ}@O`lTcO#/Oq$~e# %r.,i轖$9DUiP$Cؖ)u paXI5) !r+:$0u_=% *_-ogm(&9ut&rk5tzz@mq=yHNfB}Ky*^*c^syRlkvL#ě?fsM/!tx(-kjxv 1d&'X@Vi-{c0{ЛD'z7y; bͦ+^$,5u;"*||. O`|Zx﨑p&LʰMAY QL*9vp)$GojIvo dꍇM@-G퓼g:43D.%iF x1ɎjFd*־()\2r-':CFdurcF5Z4e7fˡESCLl,JEĔ*T$*c%;9^Йғ 뛥SW7SZ1ۭBʕ(,MĒw/Hq'/$J$z˯7Wḿvtan}5ٴ)P#킵x,°?۠]^ry-(iԤy4.\!HZ/poF|rXdOdMft?vܣc[!<<r59I[sP²$LwR^p˩i+[<Μ}LTԼҚrߕ 1Hؿ uƚFӏ} K=J}&Ӝ5j|3 K-:8%h-Yk0<-fĜ[Lc KF'fupɮ{ e[ wvEz2L#p/SWt"6gZ}f.+g2Tn?$W`$;ɴ)3[`*:Af/*:xQ* y7ܥ2bZh]'̕&K~T+- G$j1un\xP(o?j7-G7al(l)9۹h׾پ"{qkd@͇*3җ=^nã_;k3B`~|6=n ,UW4nŲ"**~JF*jt})0 ]C+BJЭuRVjC ^5ʢϓxN3{WpR*2Nus]=[o"K*{+noy);7\!f>$ 'Eq+׆d;>Oƙ[R^?e, $H.*월1%NEݝ{uz(OaH nlqb:qY344fdoivm.ik⯍ !j{a-mwE՚8k-3$9y)D*JD?Lv?_68o";柵 `jM—`+dz&kY~e;]\g\JU@FP#g(aBJᛯ#J&*k=nmh&.p y#&s=;(Qo6&ɭnƅ繰g;Kn#â`yI64Uhʕj҂>b@*v>}20' WQ&K/=5! ~lXmfu/-MEr T=< xNщ&x[h8Q|Z>"/ WWMX˱ 8Fku׮Rh{OY&yIzu[(e$A$w?B Ir3)LJi5+ ʠf8Z2L;wf^DQ94騩?vU^L-x/Qo+ن' z$ fج wN:ckhp6vS^߿.$qD :C[τPRcI%dYGUQ3K<"$oJ@;9 .WEs29LEyW Uww5)Cw!1ξ3h&~þ󲠟R=6̽ܩJz;x,mi0e'BBh]=D]\=3ku-3*&NŸ/z9!!bR׼qd4`^ihOc#23uym|?"^79/UyTaLuP5tC3U@-#X_䤚hƆ!s2B$e9Wz6 9dMwn9 ݭڱNj$|KfmՏhwb]Tz9g1Co>Y9*@#@{<çG[ZQ}%τ\{D(RYmcB-޹b{֐YB4ՇdZvzSX_T2VY.LKsw>Lx*XozzMBZjYBB _p9JJ+"ǜ[,$I92Uhw r4 $?iW*'kj҆APCzdž#gG{w 7иuD{>>KSCklTFd, 5Rk2G),ƽcMZ](ml #{ 7̅]0{YPbߍDwOʐXMx!'k?˾s̞s>̻b6608j?_ز/'T$zxWY8'c40E?0@OK!U|u#^[,YWIQ D b'xjVWZec0QמTR*ƵwEOJWH PMq&>Kz`21yjrý:d,v0 Kaaj3ن0Ƕ-br~5Xwm0C"@\?ΉA0Mb1i{#$DA}2ncibWjt)4]\aFVҴ/uNҭ2WwEbiLrȀaCށ~"^ZuV3 r߉5;q&rRezfj@RZnzV׫uHdE )+oh9ss$Av_Lȉ\ A9elXT]wdnKd:|"xMyh^˄jEac2|g2ʞW懏Br(Ó2'uq"LDg خ)+2[_M8m%…Cs!ILHp+e0SF,)j#tW_ 6Qq0jM+zkNfBz'CsvVk|*d^8,3D‚e$^hOJ,'C ~DZkI$5UfOhzȂ׳PBs[f--5ƞ\rh.V֜ Z\}J;{F~` l> ]ؼ< o' i(&!;69{U@{ڞc@ v1UM%<\B(!6EWAL_;r՗Zи~ vqB%Gئ#1%zZFIwF!NeMVp:)Cxle >=J}yg} VP3x̾: Ժצ# #wUD %s ]7&':;eɭ߿k2Cr otM/<ֻk,+5,=vv{6JN I(5ŲɘBdō\CンKc TyyiNf] do?@MxuACX(>duBP=uź g4dc.nI8qnT" ہmHS nt&̺t9 0sT=*xu(P'v$ZݮWnmϢ!A0M r3+Iwіy%YLTG!#}m}4La5WqMV<, ?HCzpE&+U^FxX2c` u]4rYiN+sL^ ~H@y;QnvuPbYy?, ;Y3+viDZ=yLԬ=/== 8Zy@lBO64P 4dmt8nK-A.Ii~.͎@wNTQQßY^uvv%Y-H"@!; *nLU枫<#|<;uݑJQԳ mQ&6 Ț=~!ZUi<|F(qN-9 /%1Ak3U ث*;Uޖ73Il7aZ/Wd.&k]Fc L)i9{)*9ȕ#ʯ”f='ǪE4&ˬ%,^3|GhBO?/KGl#[3/)+ʴtAcQ6c IQBbfw`Zn|쏓G%j HajqRvK#AƄhLF䙳 5vui-ؽdfTI&CW1TJ*)&I{`078{5ˣ$S֯լ0 }|il21pryK:Z`n0oL15( 7JJ+3^FD C+E+xiG,~У@[BGh.%T73(ܒ2˜GdN}#g≬Y; vk^Ǜ]Mo"N`uA;ⓚ"6Pc7HŎ&#ޞ`1!6GX:-ʓ> G2(iWiBjfrCVm2_S)EE,ΰH.W ."٧ 4ǘEEЕǛ|I"53qMBt c*i[,%}{uJ/}1x&N\ۿ۝@mIi<@=Otuc[4jӤo1d y[SJHM~S*Հy:_36ht`lT+gϥ܂!1GL d`b11Id(Q%|:xPkʸpH n_]E: Eb u!{_0ռ<pk IKyқ#+"eFQ fHY 5]q?)AiPܘ#2eCuء7[8Ӽ*_̅E Oo* 8.}k.ICdt z& }SIgcYٹҋX+. :rNH-h˓]Bb~ ʔXpp` 2hvlh'EDu@B԰Ge^V2 rzOđz":Di'k۪C<-qYkZiX$vֳ.@0cH^*}x-nK`b^*K7OO<،xT+FNlQ2|*"@q1Կ #G5k[D[[_O!d?eĝi{?s +yFEysIZZC`[Z ~˚UTF;VR^,*A <I2 oAo; cSJ䩐ӎ;2+yWm=eI,*$g9-en4NW]o?no%-b" l;1py/.yCN$oRrpןs@ }$2AXH@(Nň  "B uW-(h,:**({ P*sZ6tvEJX3LhQc[ h>M[V'L<Ǎ)F)x!>p",Aȓu&w]Q*P/=ܸl1yJlڤ,e4Y ȿnY"Q.?>e}G׭0ZF"SwG_n >9lE֗ʋvTr9Қ:g`ZTi-d{$!|2BV׃79 ( \yK2 cmyp=ZSsu>n %Җ%E'}=bn?p'>1(mרB;ʗ|YUo}K$1kec|uuwʡP;7qwL "'$P&ok۠ӑ)]ٜǎ+קD:>ΜV2Ze% @+y;_>ż=>~[C|^PX@"E@kQ9W"%':oP MCKLn)Oah|@37\Q/Ў^F6#}pb̷R5kNNtzAIƄ*r [\.DŸH|G)McЛQ¨*5blwP'|?Al@}A4:9hr>{ ]bdNn{YMӥi Yݬ".~d+88>M?ۍ<ݯ0+dDw[HK;sP*ҲHqtˠ$E^g J88Jxvb"ӽP]o薢e5zs zi?A.]rv43If iG3;88wuuH]{RuBO=kQSȯ5,zRIH A|j/6v@.ͲW/1OO/, %,4~t<~Tupu w! ~\A1zp f{ O6Ni{#yYs,xA(n̳2Isy#F-_0p"JgL>\>Ȟ ^l0)1M0fbR +GXmLO1-<Zѐg fI. V?n=`=rȯqȥ3T,H`?FꡉX@nHPKVcǜA-C=u`*O}Hh-qZyKZ!U>P,'w0kT:[qIT_6앩-.G~V5EEvpߋrOR'"m)vRbȧ2Wg$"-gis9(52E|tJo@ p{☠G?j*y\clr".Sz०5x/.*/HtY_GnRH~[߾nIh'E])`+dUtLs,6O1d]1)ͱ 'Y~xWe?8 ;]:+{h-tOWv/.ryb9"mPAA\Mtqb՚~#F6f_"KmYtm e9N1Pt~saA^_ZɌ ͪHϪ{V^87͆`6t gߨ-| M@\(dn|riW,`[< YE3?3:#։ Hۈv :Q6/Nu/-nih}H[%87w](ʫ .5˭ ~`:xReP,b36$*֊DEK҄c]mfvjdq!GخJRJ">$!co3p ЖocFWc`} zoSXܾ=u(Y3z6az'ET'L3YG EN[ :^-33)HGqkn Ho8m%PП_ 8.j_ꜛ6OEܹoG!YBiIO3|)T>EDLۉ4jr 0anoANU@`$a2|6 B<?.@io=)︒|} =p sC>lr:m>T3sLdX_0LۉXuWwF>ΜFx+ !y,}> .aqrλ6C$\nG+$|M#} 6fE*= ZD6݂䙼CLaGkJ q3 ,#b!%,-Xk LjLιwݬl kpv\H*fslL`&Mmw:=đ)"8֨`Lm绾z*D*wYb&YV)s8V!apC1{d\.йT#mYrSmfeΙ.Ǿx_ V݊Ql8@l/n .HNhKmţ/JImd4?G5#_8`n3DȄ)p1x{͜:7:c Α @\[?knrJJJa DVbZ|jsFaEn< OC%ą6pG&2ެpi]$W<߮=Rɑ 2:RD|ԝy%>խGW2ys>ܱ́fvu"o"R:3hQ(/%yT&t%ײe0p^'iuC&l Za]$zNe (:3 }צ3Ba &~3Y9Np!b11jΠM/wQchp';h\g㮤GU$9A(t)K> ¯~{r^TEaUu LiԃK8OƮ~ $$В0~CHѮ.ѱaz_ 4NOLO/ :"L0($Æ1idl'cUxoenx`!҇A[r ǃQI;R5{9$F7T]I4 f-rh#HA0g_b4L?ۯKRl= Y[.PRWk9A]1>ܜt^][3zrGGJK<"(Npz1NZ!5κE ylΥqW"D<;V`>d11T#nn{z8ӅND*Ob[Oc!jcꋭ ~%J$؁ XJnT,cL3;eY]9f5M^Xe~}-3+B)~ezUT٠I*hyb.Z}G9}w@Eѯ'%;"Xriނqj]2Cq>q-OSXy8jH>g|lM3Ψ }J H8ּFsԳZdǬ;@zq[߉Leh(eJˊ9KWwM6#tWUrFاje= L_@Kڥ>~oJ"D*L{7S^n;pΧxfizi+,ILY^vFj+ wxϥqvzzoM./pу4Ud7؞s[,Wo;W.4sE~ךF~czq: uI?q;:,ʅ "O>wSoC#e}I=XBb;d+5"t7m_#؍EQ{"Ű$#cd9F8_g|vX+)]j6,+xj<#{ 0⁖z%PJ@iCD@t"4:jFZ(5AT%v1^Ef.Su7\$+Zla>OhٝQdݻ!rEBˌ+<3f9Q&^ⵞy JYD:Cv:kzU/NbcR\]jw$o^O_$2^f0>>2/C|$޹ʢp٦®tQs*_]X$ @ZUkɸ{S Č&xd >~++E=yFأK!= B*V)p:M0T|+9= 6w&+;X3/nQdXn.1gS-/tk'v*1/t8ECNBU =-s1˵"lQ8yEHH}@NzN+& =ӐVܐPԯs^d_ajkJso% +&wax†DiAx=z߫)C%B+{ 5MSkżd ęH6DV8Uέ/)ή9SϜ.ҵcH3$ЇffK'%`̽qpwgw5[@!8 QDԜw˩ .Jտe@GSJf)_d}>/C HZu)m_X?cA9$t4diH#m%.ؒϘnV45\2Jǐcל"D81碕V MQEb+w|q.Pe Fq˹H9^ק X!<ɵ0$%͠*J  BaZi7@#yF*f3Qd`<ƻ0@C v35 A)Vղ=Bk9갪͚O c!_$D2*qK߬cr#J&75X6P%M,M!\OʏI,^RmcU(e7z5.,h;^?L˂1}k(XT&[|\?Rc2 bbfv"myw;')sV#6o}Y℞]lv8:Ʋ_)JrxO_cpKqIT.S 2!f\iU|Q8D &Y&'ʁ{mfʛxMMy: FCw:Hcr[oֻt>nݢ)PJ I[è*;@VbGFpۆ>H}݌. җ >WLn0 ~ـTDOQB/|rhpÑM > n) kB21BVN6T"q_hN?woXMO%)yQBMܲiX|bRh(?lQf$N~+WAbrE'cLkF8*ZVJñ~_U<IGo.[m&=3L@S9[]]b{eDq!g%۸g _/|͂yG!+eQ`w@9V9%OE!˸}rti|@Ɖ0x)ĔrQU5-rypdzV'ףv"ZtWJ bmr gOeb{^mC מ3)9 =<@ ?/1A.̇<ODd_ݡ#いS0#P? - r=:Y('l[HYE%s s9rqG? !(Q1Ky*u/t椹皐sͿ?Ҕ)Xh@|g{ WsiE! cWDRhiJ7:dl-0*h4leYM(kT!kL` Ԏ5 &} ӌ-gB 1Q3o(F߮4g!턷aka#3ZisU-}+=̱8 W?sp{M~fۯ)UާC@z"'|w~|yO\> DbeëN$QvoYO55"R PpGY#x VY~PI_Uށ ^z[[@k9ȟrUm&U%z@ǂϛYX"۵rwba Ρ za,\ rW~GЫJ-Ғm>Ůr, {4L`ˇ]rp>`@‰vybvvK{/]#D<*#B`٦ޟ!O@ߔ-?fu[T[lwo׽/c/sM)Ҩnߏ"]XM`}AL\VmXZl#NFj#vGlkC2ͨǟ$h\>TeMd+|gNX'p@-I%(;Ia4sumkz J1m 8\ySVzYcXKG_s0eq~gn2Ck?:`Ĭ dbxL~$ #F-$-dM51abj·};H,1ϱgVm uSh=UUrGd6pAagũ*Bep v4پL;VJKP 24sZ)؃-3v5Ǔw0v'nxhs`{e}2fYcJ@&ʼnb)A 8}פpߧ[=x-6>HsbtR'p̯LMjTE,_,J'h51p}"㟁 r̅klP+2:ڥ@[Z s_\SU ȳ*V Ɂ%lDl$IHJ$zfFZN[3nke7trt('@qWYe\h{m-ި2vF;:J6sBn> AG/#9Ӵ%z3rc-}E/>79Ѫ;& 'qmS|ѹ Hs`I0p]B8v^s*kH7.jn&A?"Ҩ ʜKsOM#g轶A.|wtϟaO઒kgǡ{,OOɫ0`*BaJ/҇6Je{>1Ah: tl dž10S!qkҍK>E( ]^fc@-U4{MH}e 8fSݲ.lv%& R_ kiVfq꾝O4]ts5Kȧy,>k}Z !݂9X0@iDwG*%!]䏟EBHUi(1,qT^{Bk3P'%w˥:,zkͰuUC zΖ!Td#g*oZ!V P!ֹx1K[avl-M+3V7 l]Ÿ LHcu_K8 NJGj36lȟ\f`icdGg!0(A$7b41jv| @63}2&;ވp n-*䵾LŽj?l2_aB中6He *eA9GT!יeF@ԑz0mux1ԻU1XH¥ eoVDfM16N[Y}ӈ¡v)* gJڹj$5w¿`$dN+.MO( ,\7;ʡU/̸)ε"Ξ/f(1p1<X):鋇mNm7~G>&נ4TmQWvx%z5wkZ]9Xs>(!:Nz%I V|Job*o1ؗ[;/榐&# `$~Ed"u _fj0+Z ?lɲJL)h/M2Qk&@:C^QTspյcҊA ?^7z6g.g[y[|=S5 $S}`Y_9rR{wdb::WX17p~94/'z0-&Բ7K .wy:&ʰ8~1Lf?% fˋt° yPCLU)~L+:2[I0ƃt4x.lqa@mPjߚ,EH2w$=Ɓf)+D ?Eɝ5{1Վ1AzeB7=,`["@/ *& v/=%/8P?AtE(/cW{>f_WVWfn Q)Ǔ' ]0d*Y]BCcėt‹Ԅ^155'ΖO%ʰo&@N拟9C?cIi=a.eWC-SF(Jbg^]:ý Xzفj1R ۞ף7(VdQ̖݂kW̠X:Izm O$qH1΋7àԄK\S%5l6!v[SwO]=D_"sa6c'iX‹tNzsџm$-ûg*i?]~? BO|'ᑠ(Z?9YIdVE@jP3LȶA"7;9Ũ: RkP֫ kmn.+n,Ya5aJ<&qDog|! FB$J篑ďZ=f3z+ɫcSKr>^T>Z k@%BgpKJ֢ӧR˓\\9 " O }3%Lبd!W It~R|cDd% -'ﴙ ^={HX. 98Iq`Fj gkoW:iʟ (/ mOؖ9gHk"$Rm$9i{hmf|ˤB:dptdL[>HW .+xw1+Cij"zshqㆽvT)qmZVY :o ؄USu'䛐pe\]}wniPWIT26z*zi8F%n[`=m'KC?_n uЁ} x*YQt%1!ޢjo+aS6Xʱp0ddYԦhI5q!2@ɉ3-/Yc*e뿉K.qbt e1 )sHM?vk c sKT4n< _CvB !c;m$~7XU('t]I]>B*݌XN^)l#ǫ(ns y(tsFzuK/0ű`Ȑ5Pʾ{%ks*#RGi)>,&W]?`>U*J=CmICZp2Aj 8E 9@O.S*N EH5̓}XHHasD51wETm8C-&%# IMYR]3𘨂J 6pRUe{K(\)X3=$zHj4eͼ] &rS~ ELńQ SPVYn{krDg(ghp)L/:0\{ۊoa@AȆrxh$<,N_" + K]ka8[G+Fm, 2%A[}!6h!ŲM!7[j0JY!q%K_d/6zU &饒 ?c`6ɄVz:CN S:^AZ*R 4 T;Vu^ŷPJ`$Z 9ؗR8*NL-ԙw][Ijli?ݹ~O;dmFϲP޴FFCE8toN*1W:t;oP>G*= oZ($yAsnDdnXilC4Ke;CPZ"fyuV$'C&=:tz,̵%Iѿ3G42Uꎎ@T\He3=}3q4:Wtt` N;J k!xmr˾gxN6*h*~ƜZR&AyZDѱ !ie C:~#ȽeϖNW.yQkqx]5!B>6V)a8*c(_| ޺gtm•^pF hxS&t~βxz@\ NHch-\'szI 1-l xrTk&Y0Pàn+0hAJ k;^'+ڪR) G/EyW315 wڲ1ny ^叿gY~K,JơtpIH}v*l> .ĹtFF]7b0)ȏg¶Gjw1%{5Rd_c Kq}/.NZiS # ͬ`3c-5GO: c]&pv 9x01E* bpZnȂuVS%ޚ6 :BG N0ᯜ>md̮U/0: ua*$mo!P9w#3\ԫ͗mH1`[D#30rʰ͖*rw'YiVdJ-9'ZHcf+f#j/Scݛ:&U'*`EHhw /DܔI~ߒދHfK 42b0l%ϳJ+ŔȻQ^$@"jjSxqB!66c'߻_f40uDqdYJg$tXSCs׊$7XVDrҫ#<ȗEDxƮwLk O:Cbّ;%]閃[9AM0r_VbTГQDEX([Z۳F9ot)Y%8ٛ * 46,D]yzbr I 2xM* =0«̹íJ`\s/K*7!,тH_phTǥkKwQGi\Ra˸VxҢ}A1LXID_t&v'"ο6ldB*Es5muם-f$!Vi>rAmq,;Gb,iɓ[mq`%=홖 ɼIB \u.0@PaŻ@7$k7d.L/=i~.S~r{ȰhZ:'^#1%C#L7^g^)Ky9q3)rA,Ćwr"CZAy۶vhöp~9PI%ySeӖ$u!lSun,Te C给) U q<^#,x~kԿjENQv WȇD{<ϖI L+-S % }!wqJc'[Q{N1 ݙ,cB2W=$?,F (Љ w$Q φ\SF\zK=ay@mtWZDAmuu:QpU&=E2 &&`rx|kSɲ(_@;z$P%\ۭh.%Y(&ﰤ_e{Hh39;=[6'3ʙE=.ΨP 42b\餗6#~ nԅoePy랠͠ %(Yܤy|sGbл>R2F}noWQb uOղ"/a.?5odf)ZVփZ{I2DDY‚-l:UwMT:~zv* v1T`vI .eQW/!MTIo*2e:4GFF΁V-8`5*73k* Qdp EAz`׬[;vH@0YXD|R+=#dب2y«0p:y&#^2 Xqs0_seUXd"JšR[Qf{>؍mC^_wS=W0бt3_^zPF% 3ia,F69-d0z8nvJnڥ00ۑ UW?LJLV|0.Ъ"N+P'XAo&YWsxQ-BJT[|qe O]hrR t*fn8 eGRֈK pBN%bfo'"\d 873o k/$2S;4޸* 3sC1>oc:g?~Mh}=g`݄'.P$$tp,BKH\a7XBdD ij_p:2N=S!@9_`ofkzNYpXvևa Ivca:жJAX2kyGopǗ ۥCb=JY#lcP'u'||>41ߧCk@.HGt){F&E ~q?YrS>|b/m<{sN |JvL@NK &*L\2c=o'x4w.d΂ꍳt%h k?HokBFMSB]ゝT6{LJ<}ë#T_pxD2OWٴwyʜNʯZg '9MA=#/aҦHvڝ $!}Bɸ@`]&᷒>ʂb~=[Lpt{)V֛9/!qLi"R)#N`oDCYz~AbB܎0Dhxc`2┮>ѐp{VG_Buv1Јuأp2X6,PQJ,@gQ{ܛ)?d _Sc[޳K|W3N+췈8_~R$jA% [\8}iyEd>4b0$n+07g1bnn9xLs݂;3ctJYb^p1ءQ4 Wn!0hʒaW'n0f6\ęq s(mf)v׫:>M%NOMW' S(쟜e3j4ۦFtcf8P vӡqm?rN0p?& vSuZmE&U΂krwy?5g4eɇpFdY؍ m7)כK,\觧TxPf\N^jOU1@Gt*GћCG,X O6CS|/E-~H˜]T".~T%A 6J7B.%ϊɴ{s $BtcX9Li:1EvΓ*SԷ `,WU17]4 pTCv4+N^vVe6_%3x D}U>41*>Le::}h;]5w7b:;Hs{̅dYY F;Pz>NEyIzӶ6]itzIpd֟SٻFZ7:UǕ&P]O7XN(<{{V#R9Z?$<n <> C,a0w=}< E/~Ec9[L}ccbA 9;31R{P*vP yd^0$kPLU1/ˬP0.4cRs4Yͨꀾy`j q|puhꏃ(I2]bWg$PꗠwP(=PJs&ub?Je|p Sq\Q9YZsW5jKGd4Do~Q-<,a͇N>^*3)ĽTl] @oW4t/?d U$S>r"ZlBgė1w;#5̞ߒ5hpޮpޙ/Z09Ȋ|yqؿ7{^ HV$l\O^R`d.5H<6:_"&5ڝUZzU!\%oڌ6 ޔ1u(M~\ARev= zzU O^/f`O0^S i9ȶK 3ig=j)B:?B+^U'Ԥ#'K`UtܴBj{'_uEO<Ů8mJ e*n[3!LG*ȓX,D?1ZqaD,r 1G3+(f|Kn *>MA7 ^o՝0#[FL|l}/r,%;رE;IDmB2zyj {8CaZF6G`))T./#gRJr}U T/6 +X Ivg"Wj=|:;n5B@l#}jvk2og?^Q?uכft^&sp74]m/dv:Ojg(Zٮ,0Ueu|FhL^q11;"_s2&N]g,oR)lX$$4lQ)PiQi6a3Ƥha ?OgwVU_J]L=}P3s_Iՙ-]"Z㢫ڝtˢodYl@){2B\PqŸo[R ybW'ZG(jݚap},a@ޗ$dpӋd.VtK5Rbv7fuMaacM7l|jk' Mq 'bhډA3 cChR&f}N]1wy|} v@_'RdUs 6*/]/`=:q3aF7RQy ;I9rdoOsF+#޴,6V"eD:Z1s!)!'Lp4,%kê(2#A;])-v ~?ZVu cyf /O?;b흲Q2Cr@{ΊQ0aM/:?X~sRpW{}5Xlj"c=nvJč pFGAs)Rd+6+f}lAs,B˱v~<Ջպ9ޯp&H:I\o|](6Sye~[ ?S;nӓ )9끆h-K/0 cv>mBfe)׸PhGM9$+տF uma:>76~ioJK6?,~dQ>[U‚kbs=fTC##i%|a,1fn&GtI֜{f,ۻ  *U#oe3(;UThIO؀wgT uJS5 hWO|緾Uc(>kݕ^h5(G8Yfľm/ඞ,3Dg 3$}o MSqh11b:vYA5Z@s\a 񾯡Lue `0؇w-5z3R\)bz0@?*O-AL[f${Mu Ԧ3fL+`*&`sgi1[.adE*/5P1?[8YPz2e_(ڒ"(!Jg˗I9|uV=[l,MJ246dR&I":(zVib\xOJQ)s6E B*M 'Wy+xPLMM ^[=OQ&aQ: 2w @:/j>bYe9½?6ڲvaU8-!BqN=tenLE%4\,<<%|侴Ry|͏*c30{To"NOoQɻZZT7#[6f܃i5k93:\[s ůɫɳh?Ֆ#7@ge S̋>o?+-ày:.HHkDПd$T[iP(L>nZБyN@gHPyI`D3^*NTu n742V8(zkE~m ~1ps}R1B0vqlۥ!0G3D|<5[ !Pi?k3ThQc`]UmvQY$+b-ڰΨGfъxs=@Bai"lo+klz0+FwQk'05&WvB\C?sa~N᧱Ыq~p<:fFAHmJ 2ZEU~xISVGf"Ϛ4w#qIjC`;G%Ϡ?\S;0梣 : @тà5mU;>┰^WWZ:(]x!!8~"2~A*B*1nSYek] 4Ҕ9ҞXZ?\Xv]IJP~r}6@T#ƽz|3>b@ۣ?%.WkVd9-'d_-+|5,lTlq~ tKI> rgb<](MMmLSgIv[bSl._i|F}lT Ԕܛ韔@&}/2BkpfTV o5p%JRrTg6a]g~%Xm]QLISfpbV`#uV/*_LDl Cf|zUrgQjZt,ٵs=-Uʓ^s~`J>%wAFM=?u*)+e_5*XzYW|W3Kj /ci6H8XcIپWquR|jCp{YAJ;Sj ) Ꮠ6mA7'#DaFpy/ +'i jS/}%i(KFOmӒ7H*!XQ'4LN_mlsQ4]We;@ {_^ ?,l<M}I:a-|wEך7)M=#~ńzrۛ,~)=;sO䍘 Н)'72[Z߫/"S_@j`=Bc!W^0e猉kl/E K澸nmBqۄ r;x:싚LHc.xs+y{U-F(ٱ6r1rw<~*J~HZ'/xmJ,hRT7P~ Y9 =z,[XkL-769PW܈;yf܏^I.n |WJ8*7M.l䈣F| zy:.o (u.R#!3+h9HAX 'ب2: zWI6c$h 3~ J&N *m#NV<@^/7+G EZ2|` 6nineI` >=u2 Ǔ}'6'ه^׹Ty[3N2ȥah5U%OV|0f>3,(ߤcعs=n,)7h(`w r 7i=mf0RiCM D+UՏÉxʡ50X&$ԍP" f[EGb2?F$g|~ 8Fu@03΋U Now<=iKƯh~ svaމ!\&gEwǷJnoyhd􎧩nJQ #) 0MXD|ٗY)FH0~\>/S>ӄڟg_:qؐԛ0 W%6{xOO֯*UYjaIUߧùu&w1/:'LCBST2Vjmoɗ+Z\}a #C1ma!Zu" hq>ڴOf,C }i 5[ܾ޳`QOy6@ڗq~d^j1[PG)%4Zv=4f`k5g mMgam1\@'+j8u:Z4{?x+A\H\Dw  N*@yCNߏVPc@L嗶 W2SdUг9\W=ʛF!Zw'&+ _A/83/c$}\84ƪ/]88h&A\qMp9sd= igDOkeXdY8*qNG$‹־k]ա#ɎhF?;]\%~l62ՄR@ShTJ!"m ~~Vv#Cylzt5̡cŜG CcIR'vFrβȺ)6}m5=ɣ`MjApŘ0˝\ǓR= [ 8>A! w߾O悼D\+o2)$8Bx7"A.BY5oe;wzi "nv';#DqQ+R겆(ҏ Qm^#AdTmÜFAڹIy bčL%jB0mXiP/# o Mijfƚ<{ dȬN6jd?hȀaJVVVQr,6t5oo:ve^LllV/욙ŁU6kg7`rHyp"QbVr~ApՎOւxh.Pd>fۣa_QZ<0DMav>G> ;p%XfK#prf^_d3ڡ/8 A` .>G>7&xo?"*l{wOFNU+H*]J(.12䦁.b8YWOp[IڐO),To3@iV=fR/.fl^"vוdfu+v~s~}4j@?/ i9>Pi; X@= +c(-"mD,.a/geS2/|=Im 눠zI賸0RgbF(*Y ,3SK>a"GoaV(K 5  eRTK(p?&3!0{Q}pWZF,6QhzYE,bV1&;|RTq];W=* |X 8R [f}LZ[}ŵ60~D#OklhB6 Wǂ%:XZtz?%;d'QǕG/"[nR툅AbaW%HIIE%/ЃiI*(P{H p\۟hD7i[8_oDfW6@ӛ"^uz,Zu]s|3f}a0 VK[jB䪖ħɺG:+:̟@LWRSzaQMMLhhz jƒ2oʈ;`ɑL$Xn@POM ;磰D 5ʜm/Ce]O+=X(e,oR:YY5h^Lķ$OOdK m+٤*UZYF9G w\'O/|HpB$WTT.DG+ͥi{Yf2eΊ'&StwrX$Tn׀07pe:w.Xz,;nPJIoÀCrf]Uwy>3whg.]&,g5GQ8t{K;P6JQ)fKFjAt0Lp\rqK'ӝ:BJ$tK///l3v<۽9|Km`pN.Ph8%\ I}`@(=-TnmzS# 1೙vr]^‡l]wox`h̟ZWi~5MݣkCnE: "leqͣ =Xq;mߕТ{V%E8фFk;K3( t]waYgs7΀:.o}`/iջx bRu,1o|]Hu<я*б`;=;Y!@8 y920tU' n 6{om(An1j' FZzbwMAM_VYsqԿ d08fc1Gp}5A,+&wARU~upBW T0#\hWuй p헩P ѝ)*~>apcNEC2j]_`aTEc,B I[Avd9}GXPӼhbs /̟yG]& @άW%8{Lw9342f,ΊaV0 gon5OTkY$2W5)?zq.C`m /|s1V.'MJ@@J:Ꮡ-S+; QQ'Lc.6F (;X@\+vt?'sg'0-FeY3X[cQFؗz{fM<12.Q`x]Qe̊Ѯѥ?p'_qF7<)ž !Ac-unA n7/%w`EMwd9BcyX?ɦd.n}Dɿ3su6ZMoJe= R`Ud汋28G'd̤Bڭ4O ;F-P0l9V#|A0"аFLTP;-J"MtLt8%"=󢺔*F2t^zj_bv>R`v#/Gl^"d0iNtv)GFhȧܟ%O, lR L_}xZމ6u")'kǀ 4}:;EoMw@1'ͿX/C|j4l[jPB{!bF-ZdR 0 eT.6t_fWN0LpEw utzRtQA%KL tIJen@z/̍CE*GZ*mh0w7Q{ eRL6}6/g3,(sSx',*`Ču?v؂'a Wpd}N|fĺ딩gl v-gSzv`L9M)^-2i"NaP='SF 3rh{$Ia#l%Mo1h]N5[*i:׸v,s8ohjK₉jc n6IR +嶋H(tQa4׈ݳ{%"_ KolH^M!US\zO'"v=O :$"Փs$<ݹ;H'e":O9>vp8S\kVS 5~PNק;)RȏUeƒiPIbX&X:1'm.(mF?+ b>>9pE_fV/Tj´+SOx!B_8#4-7ӊ& ]"hGzYkgc"irIA =y;2D1IG$5~2XJ j&lDBOyX`1^(jDQ, opa ̠i-ܹ[5^ Jw=RM tx5t t4T/f{=U%j]2r4 n]B ڱr♪,ꩨ$YH{o;E0d# QV>s8,9tY@ 婪Mqb_tЯDT,9ܷ Ur ^Hڏ0?k# )3j0r/$.a<:_x\`yI`QU3N^K]D)ybe2Q - u:^t o9`FI+b;4h߱3K#$'iVmɉ|Rk\ m)[DgZu+GEek^]+rkFq}걾$N8z&Vb]?7o&|(@E߻ϙDmJ-C's5r$OWK9-V[E/{f2mEeϿ<5)zN:-<8xe΍ / WNo]}CfG=SK }Ұ~/~Mu@m1][!emFq<[D0;&=F'+*>k"XwQuƗiXJrvAԃsA`\hQ^dX?H:!6^|VÂ|aoP+DJul iDsoWw0geY% 3{&o]^!6RUT ᝊ81~"H8rno1ߣ“j:h$4A$xɝhSE};ՎmfYzrhoԴK02tgDQ6 "7/gK(72WgJMNAtSi\ ]uI؉ɒ͹t H@T F}1 spnN]wCOO[5HCi$z"l3VmP4EF %.c>Q^Fk6dcz^zL3SJ"^q"YPe0Xܛ¼sM:GC z~lF8 }3 9͔6=8TyGN?w}6 XO<'Ws{5 H]ZqN|hEKsWb/ExGR)2O}iɎ8&ʾZWߞ ]6c>;9RS 뵇H1myq n9.`3J 53^eXCzp̞^P*+Gw󽖽&!C?Uf USOxl'XFb5*اFhi'{ }o0#YqZ'I&b%S\r(Zk5%~eߕUwNASHiiMV5Brqv5Lx|Na <L\XeQX0b#5bcIhdIY7"`+yv*_D 4ڐeYYcXd9i1szVإriUr]CxkC>M8Q%rj}:yQlrE2|yoߧ_SژL*_{WOY-K P2\'!N8tV,IWFQT3l؁OMkWYݕ=/LUO1xz[`bs!Jc3,5Vq!2ĭkT2`\@qP{%#S1|k#p$2B˨IFy(ORT~-G^OFl B qΣ]r**im4=dvXWw瘔FQ8}@qέxЯvnf)T躝%5eo%ݨC^;7X;K5^,pli}'8& &T*߫;$>Hȸ1)$oyMA:E9k.5L!NDS8vFYN(X#ڔD$ZrUI^ڵGOc]2e{uqP]C۱`CQtwCfd􎮤$jS6{Ҳ(|٫܆p"\0۽Sp\6~/`1w*+fI[͏GLfz KV!ejvؤ;*ۏ]AZ.Yiu%iHv"=$Ir$ /&bYYj54䙍-Zy68a'l)R:<kxjwOw*[J㪺l 4\ȆelrqmBJZ }Wj2ЛP(? k& =ҭ}0cKfvc{-ozfZ1]U:Hg<]]DC:!e!-Szi$G6$)p=d)Dzʢ+O.》`@DlWĭԐBBǶO>\b؃_YTSڜ\Kd]*)lwRo)eywZLy.u&u= [{`{(LDCABI2Am<"!KZ,n :ɻ5mSZ ,4˩6TAgvm ˤޥgXuvq8a|Mno"dڑ[{/vfpߟ&]O?@!\J4`jSV1YJ Vomo#eOzl{=7鷖q+ޔiR:p Ŭ밒lgFmNSڱAވ vHS< U!_q!bDg2 .@#`iʹԘ&*hMa(;̆× Y6某|eSOAD Y\&N5iq%fl^oH Fhq![xl*|4u]p6\MΠ҆9u1@ip%=ޏbM}g<>̵BaS[ jB .%޴ 4\Ib&c9ۏ76EQU(%{c7BN?G.71Ai]Yy^w;WxqZ(x>z`L<,O/[!s0ثWb_''a˓[mAs%[xB *B2~@ F]!| .I by{sQ;xo%aw(5vO75v!!AJ*$0qej-C wb@޴xcXI{,Bg×τw_]73YB>H*ϥ89fH\3Fx8H26pf}hi+DU)x\R]ڙcyĖT'EfWM}jzfPpX[JhC ;6`]oIGΓ/^(6_o /*o<%`^h;=>|)4髙_VOnomAp /iOjIAuZ(٦x+m߄d#2Ԅ[HH,** Bxa['VߌјB[ߠA?H,\q9Z50RJ`uu_JyF96hƉC,^K\ Ro"dƍܨ1-6#m:-^%#i+< I^&2m׭] 'i:4BOLh3^ix?M{p/'D\ 4SF\ Bp| ? lNO"Y\1k]5}P;p?!ŘhzQIлύ^;8¸vɓŸ ?,oE xKѹڬƹyPRعgΓ8ͮobmY~ G(=hʳ|#kƈ0%({SL,6]0i,{T*>Y-86vڪ#Bݫ^έ;sV[*i5ʻ` v¼՝VPd4sꜲŕ~{2نVՐeڰz6JHB68gǿpՁM&eI \! B\iEq;~5-2D{ z\XMS(S?@Z☙rB1x)0l;>Ha܈UtyՕ Cͥ6'k Hd]ߝQ"- &7R߽| p$YFsRQCң[v:ϳ fqptA5[3Tb;j4uF%89\\avFnj IjOdSđe!8Z`Rr9 %s"+k+h \!xOzV$4QGrψѵOl蕁GTi1OT)JWau3i\~85p뙰3y[7tZ$7(Ac8JZ㖭1qQu+pPUWLN:ycʪ>%2qVkQ[< E[;dbUŸ"P52Ʋ'q ere|tE&PQuҘ|84X'졋P-jZO֧7,8>)^ 8[u͵G i͐ ̛G/ =βµ:ՑN[[E +ݗM]P$Ӱh 1g:Pò a51+_Yvgۅ{0rch932;QG-ZgF]NMܷvG0i!R1f!Ј'܉`J)I.Q,vBpg:X2IGc\K-,qt96 {MpunԂN^u{ިO"@{%`R}iL8Zf4xÔuY=li"pD'x/1K|ֿOw2SAid·of!L,0n\INVU{PX֑qYPJJMsbcYǘZoG7ͩ*e擷0uq!m%=xCPL FU7`Vys脊t֩Wl,2eqc@a2-XL̶.EK{n7QCxԩE۳gTRn`L W=eE +7=A̧6?]W%<+䒯3u,&WK,o֋=!~y p\sAIf"rjHY+k!3vNpR,˨Yo -u0|=DeCcY>G"l|Cr쏆i%bJ4|f"+k^<`v<~ֶahE@Lꍼgeo>ASA@X\S+ Fᒌ9%Kd{cSvU@"c8s=ej*+톳V:A@C2xqc+kA׏ l@-?>OFSsE&LB~LhjO\YM>g: 9iݘX w\i6%Jv`-nO sj+6HB1tɇo9gIzOQRH7XԮ4թIx: ҭ6ֲ1blҴ pJ)|hbvC;ÄVF)UiSpUX~Cm]z_b^S'h鎿)eVl'A #X}E8+ xf%_ik_$0o?~x۝/c#M8MclY9NtbQ9nٽAI1SUE.T?fPQZ"I9W21'/-S e;v?EMJsx${RD[EWqOR *>L.g W%PG,Ei.({ Ѭt`w&/52;y`epY!ʠ])ig+][}}Mu}Mi< 뙱0f!g<wp_6! uxma'+WHeaB>E@E7 Z үj?3^N&T¥gU!.X1 i~ĩQnRjZr}1U 2@^Z B_ 0PjL`یXSKì<{Mݽ I~L( pK0~SsX)C彍:@e Y5HPu<Iޓ"֟3؝+]"z, Z?*kw1oxQǂMr^ B*\ڛ@sI]JBX i>]K)cTbXxf ֦S$dM81unֈq5v9r.D0UZ!uAq1.3W3X_uOZnӑhGDsf`,ۯ6-MJ]x&WuC$`޳G9D )kRiҹK3i)ۅ:JǷvڂJ  Vt;e T/_0نGrf*P^'ѩg8MEa)92 C[[]}ʄݴ|eD:='[1TP K{to5#cŒT|. }v]!ozFISDqN8sJ,؋Tm^2$Ն@rZiWK-4Cn:oѭz77p6H-lUA3x̺Tj W='W+9(&R0aI3j}0'$,.s,8,=fCNhS=cD fFԉ!)l\[[KSWԍ=۸ј%{>n vIw%=Eo?Áni0ϛ&f C<hYSoyl!YJO(% ڎ~kuŜct>Q-|zi+l򆷩Z?6Sƺř,) G;0-&GKUѶ.gr@RXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭL9+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?+sS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%Q?SsS|11np#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._:l,DQ4~ֈZ;0YZcryptsetup-2.8.0/tests/conversion_imgs.tar.xz000066400000000000000000370207741502645201100215010ustar00rootroot000000000000007zXZִF !^ @b2GJmTGwcIhCDĤGXgw B: b"Jaͱ~o,[7h!DphA.sAJXyx!?9;l%QجQ=M6wfMYMr@.)rV!2 BLqWxU&_U`fJc pu5Xɚ< ac wb^\E> 3oVtQ%~JCgx'%TL$jvwb@cx2n zRE7_MhVd0ZLrWQ yi0vCm|aE"H$@Q4΍G SroөwWC ϳmia0Aw@kRs|\a&|D(ӴljT~ C }/AM`|,Ηs [<3ۢ6^oy\Lmsd<8Ptك  "֕lڍ#jiDn`BR6Uœ- oet0(qZVYsG̉ xc Ua/BH+pz%ejI.(s"vYecX6_;89#.#__=pfFy(ոj{$%E=jcrTu oIVwT < 5stmLw2#$Ѳ@.OUOB @N,A hBBϭg uJN8|*"gSٞ+ 9u(t.lj{u( ߓ+I˞X)l(уa*;(D<7~BNZm(,U-;Axs.k тL]&?%? eI%?JH)TSqDw͞'HC5mgN2Ȼz ln#[=.੬Fڦ|D;z2 EpͿ2!)JݙBJhJ}@ӹ*O%V9mQZ/v+0vZhSqk |A$( yR鑍D[-sO5 #1{AfI~SCa@{pb=*\LS1qʖZ]vK8a% H=¡i>L*8"Jf6 C;@L_CbA$'7KeS$T YzTo$U2~hQbĊBhxDEa\N]b?~]/uIr{?%Tlmzszt[M.~?w15#<RL1.ƛYI'Pyvi(9;OqD&Z߆ pbyW:b4JQӢsa =_Ԅ|+tr@x lʯXU lyo=z&NNn,XJ:NK9WũE%#^S:.ƗYf(g(2#5VɌ0$ v|礕;/NZ2KKi'מG+{1EË, EPv)SK:+ !,Q34Ah@葺m&,Qwz}ꦃU|.j@ ah_KDZJv ` LeqP9'/;3OS 醦,t{goIX1G+-f -!?qV"]hIS<К~ uPw*`3O}Itz,KU]!1egw)Opu2yNE\?-wQ:5fzɨڲzrAkkqU'g_,D`s=IC }vJh1ކ !={\Px4)QFyjD#Ah:;qWfMeڤ,gMq7s- "anZ _קEptnsUjH3=Ga ^ew.7ls3@F.ƷCvx8iY :b `8_Dž`bH]iB}a+}nIj7j}tӄau1{&I{_,yF0$a''eq+!xL?Ak)?*lBrU YOV' Gm%ƽM߽)"rxCǯXvZ`wXԪ1(r8w~"϶+_l~LӐ ^$J|`c0 ?ù0Š"[ h6NZR](Qv-.ȶRysFqrȑxPòm}shz ._wRz Rc['̱V`~#17t&)J}Vت`0`,f=q1b4O2mɾ:,deEԲ]XaDXiE'S:"zyI9_n^Ym|U` Jix(υFwi)l P\OLH49-FҠWz3" y8*="޷vSKD=O 8 0GUBzr\E.W-|1yDzQɩc0"$O l}" qGn]YU`6R1UԽ ZG#[l=w5e#aTsd׽ts-fC29 {~gE^/o7|<y)h\4}YӖeEUrT Ǩ(5Z:-OA9:l͸0~Ҽϖb*L nH֢lRc.LSKcP/hP6qZHF(ݛL ^]c)WX| SI`u.v YFjq~66 PJx)k3vF\WR/$sfA RS -8\>XuÑ-|h02g!DA F&W/HoB64r.U4Mj0,gM µ~:\Քjh) 6mWC|DFn3&wԬbacw, 6黳)' e3Xv,' t2/ʿks9m~u v{ߩʫh_nc"XN9('k:bya/=?#p咦q/Zds܉S&{9ORܤLF~'Ŵ}1tg.\8`}9%p+Cf݅`4`)sh*V742h7q{?l8H8^^%&LC`ֱhՁ?! tZ"",+OAZPnq^T+\mgrMBC̤שJQ~&c<.kypwaqU+v]l9G)ÁňRB*:c^TZg!eMlAMǡ奎H)"[fٝDrqIZ-EEx_d_ :gRީ~YOk`(IHaԘ|?zt~Rs\}_`>M}r,,}<*jy`6jl0ݡlg|n~+b|6DtMu`1Nr$a2Y!Jo%mXz/tY<+ǎRsxX R@ELuLu[?o!0Ewo{n([(k蝒 0q`DKƌԦuso^ y cs?vܨb,9,dݥSM9"PP+4. .6da i8ѵ5 DA-5猝BDW$?[sc%bEd8z]ҌG)Vu&O*96>L?I]\Dc`B<>>]^jV( ?NnJ"}AbF|׹_70?*wwJ蔒D)C f׏Wc$]ӆF#*jl ƕfnw/z'BuCU-``\@54Gݷ7Q!ܟ>KrG% *>U;lچmRF6pf=I2J8W>5Qj8xL擰#1 &\ 3,|?ǣ)A;CuT]pw$vpYF # V^-wD-2--/RlsJ3,j N[T(X~Ny4|#I`mfzBf ?Lu~ڳ˙ImVּ!"xFȱk-vV^W1\M *k]#(kU6zɫM$6ˆrUDX]ohL|Sc#I7a 8o?Haj.kqmj*P}"OhOAYPW睟i1$UGŖբpPCpzLpm#Bh~jƲQ$ńM';EWwAj?% mJ iAU#|+^ nM ćMlر/ƥ!lCs0>6lAOJ0O猬Ny$(A_ q J*UsbgzeX7e`C4KNZe/آ _u]X"~gN.Ff9rG&o\mV~m+TB AiumZi. XQcb^xߏw ncLŏ" $ɂa`a+% ì[{:m!TxsTGt'Ӆc,Cm=6xkF`;Qa+UMT#P~bQpWYkug&m( Q+.qV[W{䭗:!\ԞC Ļ6s_P}|OB笻T1I]JcVz`yh P;_-^r&IJ/'r9,u]ܫk  +^GQ,$cbyӏEe3S~DNb4PH+dUؾ]D4AQU=|ʾ1AB0.,g'aٰE"q PlSTI_C cTIDVWpq{aVx~!lgc$N괚tas{.~ۘF@ "Ʈ,,rIug|Gt^t䟦\zypO,Jg):rA\f_&Sqf'\c/F:+xjN:gx'-3%N^?yDkj=chr/lV@&4J>jaapރi1`d)&湭wmH`J=Z\i0PcW}6R|\cT>>9ScVYIAsJPf[)}L:]`;gBIGǣ(o8yb*1Ea!ӡrvb„6-(e {^߄g` !I06Z:,g O*ܾ@tdsVlI*1tObydI+J09,e!3V#As@g$UL &FRUrKѭ}\dsԑ]̭V2cbcU6-脒ĎG [шyJ)wM *JSz! o%!f0RI;!uݝX7+φD9acmHS0zl@ijNmUԿ,mkDN3uYv5(Lr=&]he|0itc>񚩃r/+-EeN Uz;)jKNK/CCQj$T[j{be V u{0(4O2|tG'ݿd Y%I;]1 !T;v2ӀFƮhq! VBVj> $6yGS4Q6-Tm!(ÞC7 0FSOV%D<THNJ'sCݼ-AoH Y?GN:FDCyoXYG>MsLI7+VOy Ob*(FnfF(!UU,,S.|1ZM"!w԰*}I 5@y&xBJ` K.Y5{ Q|4&rJ&X 3I;E2ar0Itm%pΠNi6ȈQ`]h2{W|h]u_5ZY+f,}Hا<ۡЈq|z㳋4$MiD!6A=[*{fC1r3%b1q^n'j">tBI|bq.R:@#Io7xZ>&8=yh<+TEQ$k` &)lHU 7+`OoJD rKwL?~67B"@.7J:z!%ź®H) ۀ[ϭP[ ?cf9L+r|݄|U,--< or~œ A 9B2V[>n}y"1vNh@gf7֣O{)fفO4Q7IvX63 cnqʵ[ 8p +t*@RO0}(̽ ݣg& B2No`5tfjdЙQ{zaJI,)bCbiipGpnA9AvBЎ|%Sv$[.^ ^rJ;c _lp@PB zv84;2bMbC>Cupd2` }5zpS[H{d}_>> E (,%60Lc5+u̟ҔHt [p흞}kZG4D[%&P.e{ٱ ?kAC${zM\?EVmj72z=6F؜Իyb; [T?EcR Vԫ ccʕnQUWBP$Y0 Ԭ;XAܿn~ȧgc=yw1ݹ?gESȫVc H瘍J7Vft6kx]b臫ɮ՚ybR (J-+tZ_59;u5PJZ8MDEZURDs[smkd(P3Nc&! om6Uv(>y6!˾3w1K+(M%*:XS"7ÿ^skuet,ZȑJEvb3S[wh;^) S[6sޏ0 :nh9â!FwkT\ -|L=^߫Kd邆}kiaȩ*qVs`RwNE!D#lk 듎}ҭ7f+C zy(n'F3FVk yRND3idS%YgX|91cDixob QI0zW3(3Rώs'YK4dS܄ץO>{ s JdNJfZQ?"Q I{U^|Mk#'cM'=. 1TU-1=je$<5[q(X/ r':<ԋp\jERZ N$|Rƫ h%^X[%gFž&ەWC"k!?F?a5h]?#wAc5 g< o _S%R3w(}rk]2<6V[`Q 垊veTCPd=|Al Ҩ燃dNV|4|3z'v.)^*FJׇ9fҹOnK5|[N6jUAFT.ce!~u5\O"mZOJ+s'lwt?A-7?4 * =ؗ2q߅)zCDYqr(6m:C$c =-m،荊)+d`N/݋]ّw1mdfHv` lt(P{UeԸ].>*e -pa5h@Xe`*eGأ{+! ,^ɍ- 6.X! ~^ +Lsc ״ө l@aNo?}E|֘F%Xfvq(V!9J8]˛fP16eP=Ǘ&,$\#6s9$ 3 V5#_:ɽޢP2H4+%`]Y,SjDjk7]"i/`nGȦ M.NȁP#z!<,ѽ?)Ą\-E<3LXyXv*>UHqCp00͟a zb-8Mtۣr* I0 j`Ku`[պUC^k5$تRc%o/WY;[MU4eF^{0LLŶ8jp5]^|,<QE5({v+<=˓i*M̒p9I#=Kbpe{ySPh-۔Ka3Rͥ˷R3Qg&״4؀xj6 w2$}E9{}%- ]w-^gF><[f|7ŸWxs۱{8vg~LjU ScJ2<ZBX*+_[i^9)W'IjkK*'bZrLs3eS0.;m[k&}Ea  ƻSl4<[ac<j w9HB7GPpC]L(lZQ#{nD`N ^4'\O8kUD**kع3uI -m`}Bx*EĢɵn.TBW;iHDGS)DS!ʕ*lZg^s* ~S?|9N1ľ|C8OJa&/<~7G/k+sUlo"lb'܆ϝ^xiWZ_YR1rpϙp/enW%,ħ(I̹:h޵HSWQu@_kل 3bUe>8g'82i;sjREbJ>`\\ث?^R&b׮LjS9`C2™>DžǑ^9,enaN`JDTPҤqPKeY$xklƶ^3MG`\ R ZҔdO66'\y3Rq ,?5 Ƹ̍Kɽbd1E,,/*8 QXk" }uʚ{H8k§%XFbzM('_Ħ m]]Enj` >a9+x~8Mܖ@N"Šѐ岄 W,Y3fȞXL|(# {W{lM΢bv<`P n,QH&Dh qCC$z\bdHt Md!@# :ss^ޛma6w`qxhN'\/<9|ujjL<yYr?ӨJųKK'=nX$B F{#Č2:Ρ03bxT܆cȊH}Fg0z($C- +~ b`-#ݻ-Nq sK9wp]vb3ߨ\Xɲ⡡z%٦5V"ȔY֋j wżxd|<;S;1#DNƈY%A>ɕXy. ^G)N #jӱ:͹7: OXFUR:\>"F-TISM^GXwY M&<&<1X^wUM!oT2SbMv~|@}WHJ#gW|Ob>ٌ9 MrBU4|mk\FMA`~՞{zσٲ3ȋ_q?GYZo:n1xs2З@_ Ek`]/x$C,ֺ5Q WN[dפ}MQ񎆔]5ɰT-*G0f#3'zwz% d(QO}k8eSki+Y(Jں +rh7‹LkJ<[y>lZ֜چu|{< ?K7l? 3A|`P7斟4,M{ԇS !J %ٺzJ2״YIEbS4x/gj/n6b^сƮHx֌f폱 %Y9Ake?u-%x,;š6Yu'2uq.D g PIH3c؀Rhݍ'{=?36CĐ=I7|BNwW3A>Ff_pWLgܜ43"g"iIKsH" 2__[n*x ʣXU gSQM -næqU"UgBJ)ůnoT,$nk ,g`91)}P+H/wr7͙Q) cJŕ2Ry`l8`~FqA+%S9l%dz۱wg^Q$$N9Cê`egb^W!gvkұL+ꂌw5̀xA4};I(W[0DC+$Y#Ԣ ̏WPm@My&f BHٔuĿg D[ Zhejvc{) 5=ua W=W RgQfٵFalЪ<*e,+ wE nxTM` ]^+MNx M+'*7Pi"4pQJ90_`"3YuT'Z+eM|*t0$OЄ=<:ii =97tW#N 5!ҧfB zCk yӍ;ZyrЛR a4\@+:J0~+@ۗV:vGcpe,bE%d`om,^l؁r"s١vCS{]y^ Ò$ۤ k6,n*v29']m2*6qc[J YOFynԤ3n4L갖iTeZ1tLSrEB(|~vw8&HkDZ03{=M.U{khC9w+Vm}ȴMV8*apF11jqK4'Q7 !&5fa xXqZ P,C&gE\U>}>$袋ERngaB]_t8%90:sN[x]{7Uh@qn9վ%=2x/-pXg;vɌ'@R'-2/f=4j'gsV5tm"T%H\[`5rF` ܠ88LgC.eSFj=I (@6RyRUCCu_ubԌ`jjٵq}c !y T}_ }kE0RNÂ.I^ї.|\zjB υ)WiBڂ52~9ɶ|jc _B]czH@`xiVK?`fX6f=T]YwOGb2GVtC_w鳀.rBY@"ؽ8)p}{/iS(I,Ϋ;?ѵQzqacΎȆ+6C{yCTI|by/VZBg[!mqma2|Ə㜏 y݂%8QPļ 9 I#lf8߁~=4Zo,xG.MY /y3LA) uT L衴Ĺ9-[&1Jp'6=} Ai8O+vw hV-[gUՈ3sd$|4[DlpwH(;ǦDf)4!rB6> Mkr5:uR_WԪ,<?!ۉ}r 8bHO,@`@Vι'\EI±Di*ٍMR/XL̾]QC2]H3>({d`Jc[ePl;kG@(.mRMr|z㧁B_BqU棂 V3Ai<ߍ^,[ӓ~óqIFBƏ٤_řQx!b9[jЗQ6k}0(Ma K5`LM.{!ӧ 2^N\9>B# 6f32i Z,q[1$E;0aPn]WQynvvϙVd1i}HJ9QDF,9"GMj;<EKH^^VsȷH:HSwB VRe,Ot\^ Dw3@uby9sqysI޾):&F XtFG, h#H8J`:j$ 6;3,:LNea"Bs:ͪf c[厗H}N>TU\_\6X+'V{ɖ*U|hD z>a}lCN`7//)v@пxS]˛ُpN"\@Yt31kl(Υs}M+IE#aBϸm>w+x oOj9~xҀwrڀ\7`&{+Fm0aRf1l`N%v Uĸ\Qi6 60 bWHW#SzJ|iXȒxq7-&W^C1iR>[fXp-w~j *"O`߈C^X szL1 csy۬9fSA6گY>X8cNN mfx %Zt^Dp{b/V&+8n7R)^~︚%9,6IFAgZ٬g 8E]6]{"eCǞ圂y:iЀ>bab',Z5H#wӏ/y$]<u[P3Z98H^gsnrHf{ۍ=ljnBSma0۫fE K|kb)ζMpŬgb34ؓpӤ n1v7?amV# b,T~‘bXk#zGЏyl#7k4.Tӱ%"I|Z^Ku$}Xz$>iõ xGŰɠ~m?XN4˪6 oVJDXNWRWdȆ;Rn9OymhPq@RXtX)o3 ć.#)+@M+1S`OJ`iҧա2:qO ?r+/N.dAwR\@kIPp\a4yTGC7ú]{F[cm_&cB.${U:,Y% ^`Tpmpw纴ɮ럭~07!9h˻`Z4Dr]J Fb;>7TB˛Wb/:7PÂ8<5e:1xZYL3"9kPlîeKMc' ΂%/Eָwmh>;wՇެ H| j5 gD9!کrgy:Hr*d5rB 류HkXus!  Lj&||+)a-5J:-WͳR١/ >˳gYMles20Ϙʡ{òQ3Nd0S$Y?sp F, )GuI39Y^mD+ &$ FoבUЮ4?Ez<6C8,¼?B׀ھ5C)R0p+u܁Q'dpg˘ə1}Rp^ {-Μ\Ȕ}D\r zp5y+5lW&ԁ=AuZ8y]Zm*O≭v@F!wTw䟞%s1@zossP2S'js$AtzƿZS\XݩI/RY%kA*7'm@Vz\00{9++P()IX9յ-/IF#5p/P5ʄgR¥肈p"b{!kQ}x:/ 4sQL/1wV!2Vǚ;-d231垫foOEC 1 FMq}8i{yl05opruٓw/uCeXu"Sy$%msNzZ#nz`|˓bă @&a?)^DXȳWg,.9ll,cH>Y6nCNܟ%$Q0 ggND/5 Q-ˉ1'g)Zsd%|C"{8(gX>:N*\`9[uV}kI-Y/DA"QrH|s,oaJsTp#Qdݯƥ}{8mLڭHp'oqL|T'Y5`2|iYA"뎐kZ$ MAw)WSލ#lŋG>z2o_VyOIa\̓#ok]hǹU |*x]f.)8FDՙ:S`U (mɃwpn]N;.Db~HlW T!R׹@jA|'m1bTS܎/eˢkROW +m : 3toYX#H6d9\ձғV%cDbBZ'xr;Nn'W?C=w?-лjXH7Fٌ9}Ŀ6 2?ȕ2q[230p(tM`rKUGø1wj5.aS1H`{{Z $ 4Wm*D-UU>k p8BQVkTxĈk׆}76$2vQXϗՁ_tPh )C=yCc$~pFH=Ncg>-PnffS [2Js~0hrݢخĝH[N nkQ=C#JG3 Fl6 &?M1m[f`G&p?` $ΙMS%B9WYi^cU*ɩ4@nOUkǧ6} e俧ijLeÇ\r]|ztio=ߛHqNazK;: xy͋.)G9Ƨޏɺ SsQOȇBO]emx d=2Cw ) 62(0m*~FDa~aBtߧd} 301}* FBGO-Ck2;OE$ jQaLfw`<`I}ww%9pC@_HDCP -3nVABQ 襑 TfD4jCo ˘RTbQ'eb |OZD%Nl ԈSYEv~eh]fsI/H[?/ܯbV$O577ՋuUWzZ!ғjxi&m_7ud vH!"TRDx$n i4O3;$Rê t\0}#-LyD[SDzZSQx#0zOi5bLQwvMߤQ`?HnѠ+Yj+E5mNO}XABL7j2A.orfI?Z0D>G f%C ABɑgJ1\."! -lTE8F 4Z%]CRÈ_/A B.WWZ8e-ڑU0{g䖱[ +Nfц !ÿ^EUToJi2yRmX$::jG d7LOu„u-m1PoRRxmU<10lyz!k=PU/d;Gc# HaNƅ~ umA'i_{x|ñ`S$ rJ߭5n*#69iyfE`<$d E(:3a\{}~<Ub\ @ƕ=iLhj RJD 0+7 7-j+.7)e ̴v-2GOj'J~q"`Ɯ@4pCT XbjLc)H#DC@O?h xc5.\!X;5(Hvb hʦX2;%c>n9YZ>Z{E4191wOQ5X\:%obޖ(ՀU DRz%cb`8TO6 6+EFKh3 R7;3[)xnhH@!mgTWS/y4R :~JnF$Op,iq &jv~=\NR6w6X"e0N NGbOW6e_$uۘ0|~?QT'e@Z,A+"])Fvr+R~{4"[WdΪQ,y:b Rh.woU%%f`,N&$D!%/.dF+>ȓV*d[βѥ(18;kK+Jw(.ȓŎҐ Ϊxb`*ɂUTAv?PZMOܯ`/!Ԓ`-QRxwpэ \6A9Z:$6o ’܃gzۀm,_g(aYh(2O|Lx!Z)KGThѣ40ަNuY |cw$ 7mh:SJAWvNΖ~wߊK-j}iLq'm?,` "ˢpgmDndzwiG4pl}MqU.OEEe2"gϏf#?"Q|M}3%aCʨ&>UNk*OgF.b|裸c BfD1%nS[Q]{V(XIutf2֍U^zWي'8o4Vd 8 c*t?Kڂd\"]E<n[7W%}~Bk"\^@ԴN]a̧ќLS+֐q7>3 a{,,yU$ yR.ٰ'W]R M6aPi㯭}%)tHl7R!{4f<>@ ֨6jT!jǐ btSѡ*qg3by%Z>ǒɯy_LB類38Oվ[vV#' ;C@R3k2n~YuS1XUTYopOwWӬ+1cSa匃.i(WT"Fwŧ?)`ݿyX)hO!^'F=GjW^*q7:hxg`K|4 _sYXY\$F4d22[4X;6F$+F. ,!->@C71{;]KS2-{ػ-VQ$rtfwpt[y*ls_&>1d54"8kޚr+ Ay;|7iM%*)|&/POeJ0/t~Mwd{umŹ罝E|GdEaNK_ZzFnL8}0]b*p13e /6MJa{Ț ZT;TUd;‰7(+RMI\HROA1UmS$2N["4h[Zۉ~H2gLJhշZ)Ga{t@7;ʒcbWp0r%:m$2fh=Iz]?a#&eJdwgSWcبyd`Q | -[x6N<^xOAyQU=qv#Lį2bsIvUkv6ARV.}7RL.p1,0rt@JxMcUlP/+@=#kX=GX +#<I3H7BZ𱂹 % 7U!,UǬ]9.'*jfHk3"g\ׄmiTqi}:wZ(n'pIyv,3r<11iQO|pl((ފs& M9Y^䝅't~ _31wBy^<ɆhI|ltLVC[;mF e%$&D;8E ISe~GZ諉6v4n!/ '2aԀ_?0i|G;.jN\H:C}KLe`Nڢ'2hVinw}~ DC=ԠV|E XT<;:Xs -TsԦY"&B5)멞x'4[GJ՜JML }ZC< <w6ze8| ,ʆl;{H'!@"-+n["49GN 4c*F TV"ږ` oCGҀ`}i0SBIx::l2*7ӻscZs0lY]hnE0{W4GJ(͜g~ϡ'ycƯ0v+x2mT9*qӔuo@ŕ#/}uIe{8ėV'66vf8(dA/@5Ua}?KRo:JUq񝾱SkF:,ꋵlY U5Z>׉b Ef}SUizH +R֖G>466u6JxؚװDž(9)\oi.n]3=N¯|du=\+vwpFTeZ٨xj`q,)KigH5%{g/"_2DJIPw_CW3q? ~ث~ y^,4k{J\ٰ:`@wYEdnn8e#woY1l /KgYW6C2Mų: PjUf臬85!uPă1;UuITXv]1:W=9-۵EQh܅qxv"3rY~0ba j onzhgOYjh#CSStp4Rp Ҏ~ڥ`Vc Wt:m⢯Йy%Mb W3^n}ݘtEeT4^]jU[&G.| jxb/q毧_x?LwYk,QAf<3K_KYTo`*# JZ4{w`o,E/]-]`PzrD=PՔ#4뉕T מ j!Q5< oBE1(}2$L)C*8j+0U☣!:jBU=_*K://+f \u-eVˮNbcdMJ|6ʾT<%n$7 ( ҔG1Joa1_c櫕' ߏJ,1ģZOf|,a]SޝզsP=@LxrV%nT;uc`U* ^- 8+[Lbc :`r X JCnVNVd%-^H ;mvg,+~r-^k2e}{nhs(SNux~RSpE|yh"@SC6Zg-&0[ӯehP2=UY]#ǃθ'_L;MZjVmq 5g6<2B .b4[(T19nWOP#`_M:fsĮ]]D[HN-OH8Jͺ[~JD@g(.q0VSzlL+B]Q8l4͑NE W!>jOXl_#pa_ձ'`>'}ԛmAKW7< nV*`Yv⼶)Gu{~=Ό'!ϟyD뤜 'CG.$GbK$D4c#4_^[Y Ӗ=GEv o=-d9mtGQkhz9;=C ~o"QJjk8D3tT*A֚GB%k|Bo^]).?g\R.A-X-DGbl$LCKtFʼn',s1R2<Ex( u m^˜QzB~(`*NȂԁCl@=ahہ0̽Jߟ=%9ߑ:lK`-u\x8ѐiCd j vBQC&ye(UeQdTg64QP1aUƜG2XOIjl)0!c2Gwd$}GR(;45Pdؤvn0y jpi'D9=} KL8/ܾATkI39Kf{-"NMv6ӄhqz3Oucrӈ0srj}[OxXlLH@h$?05lxG=;dQn㿶o#[k|7"aܬl3ۡWz`y^6,0sDZg2Cm-Nq Kc|iMvw 9‹5.!Mš+,v Ew=_}>%%bpO3ʒapT*;2`Z1UxN` ̣LڸQ$5W1=O<4UKIxk@΄k'![rN^6*$"Sm|tzl|ٴ l'YŤP>b /S+%^aOQ-yw+B1!FbEhe )~QSA[a0;#.43,O%Q-u ԪBMVϾ<"K~$d~R{wwh $8 UY|mu[ks\ :dEk;8HV ^;3$kݵiu/85f˻MRbQ}jN*uglqQ>?͍6FY;> ÉY,+mZ>uM`rC@ᕗfȬg WZ^H%ɳ(4czCujEF༅xIjQ)l>ˮ"LoX@p/ `oDS0m‚[2p_ JQoSTⓨV&St !y!Y6EgT4ƋDxi|{NyLV֪6Ug3d]IDZ,D[yzD3]H:Wu? W!ORyK3mO(1I#1u*| XUAfl'fx%V(Xi>A³ #Aa./YH?i# N%~96:+\J#-ofzo M>.v1-]l>5hZ#ˈ%o\"a[bQEP߸48RPL5ƨ0[T[[K.ۄ꨾ƙI:!xO_'GQmn$0i6#/avJjyB6t]m7\kPPg&;'§)}’G^?Xf39 9g :_WzeXPAW켣&arܮ~su3cv.3]loWPki4BsSơ!Jp5\p> fdu4fAtM|c$WycY;ѿ?9nGuԑtM8\SVw,tMָr HWp[+-AOކ-O!Kdcκ >1Vq,ӂȍC1V0jLw F>S-!, c)Mq0yi^i"tt<Ӭ4= A`~,uI㶽}Y흺G2܍~*5 E qZxdj mcVwիg []h-DO=ɇšH==2(jY - 2dO3/#-_ڕOw;̰M*7 ǼDS7,ZچY$e lDLL"M$fa¡̨rW}[.oZ#Ųʮjm߶]lԇ:3`+\.nh!z: Jc~>VK@4@WkVɏ~u$#(3WpFf,]8lzېJ^(wo<齋+ui_ăl^GYh@ -!ۨAC\ӉiF_NϏy?'0{BٶK|]<+Wu6:xv} 铜r$ILBCw_Ϛ*JiO=,%OOOկRB!-vcSJԹ5[~hD͢ Qy~ A{D// A^8in2V{͵JkӕҗYo=u{0hxyB/֎zt5 .PI#~* Kprx0l.l^j;)7Ϟ *tSډ޺? P`Gڃ$YC-CO!mʲvvIk^&'PkJhS 2& $SU?,W vMV!2 1Q[r HQvrd$IߓU;;vu#Weջ"&ݨᲃfjoQag)P eX5 T!L!&8{;iSh$WGܐb,P&Ӣ{[kIk[5z-e/8F.< nXZ)Pn,,Y%i<#@hI-m;}tl)%eNznC}mq!U٥(U!ionF^&9=ݧd ?k@n_{u#Yim_Nb Q3@=R'v0ڡ 뗗PܑH`Xr_1\BwwS57VߛevNJp,v)[D8+ʿ(pax}7:,O~o.u^7!W 0M^}>g ͉yP:*ؿGkhbGʆGJ GIx"(e\Lp}y:B9$|Hf>F9^*z>E͇*$!L70%bF7D۹j ] yOև=n T,( ,Ӣf]J!,}aݫLvcEXȠQЦn79NR*2P2]WƎRs/(ev|UW`E6~} C!2T^ I' c$fIkyutޫ#EXE6~0ϰ? Yı_ka(rJUG2j_ưj7Ve_p~_]"y W0 Okځn2ht- `Q$ߟ%4SQ(Qg[Ei%ٞ~@^t:tR.OD*ĜUhl-_a~0;ރ\𞨞ٺ "cpw8ˢ;dl 5䔆Y?;{f{g<]k=WaU̚-B[Q^؍o .Zz19p;߽OxVN F9 Ȃ +^y;-R}猠_Нr ߦ9jqW*^zf`R͕7ԫ5 ǁHFH#<N9r/ 2_Y)[^03u+$9塦ZM7nEN~QtwtjnνǿݰFN_]wnj(e-Q "ìZ` .!t޺ .0F1"1qƩ\纽d-Vutlgk"#Z/1aflx~6r)=2,tA űO0wT?:W3_h<5N^(Y㕄VK"VP#R}~%{Rr椯,(M*]KvPvg\ 4ZMC '׃3]0}DQ25f{'~(HnLy3ðHjVdq˚M}'745Q@s 6rNkCǵ^gHH"O>,&N S AtzwߦWX}Hs5@ ioInP[X&Ne9RmiNjP1Q,0Yٹ.A)T0ÒaNbh䑁Yh|E.7ZOjb)([Y#T$/ú4f?9>~^9pwWF^卮-[Pf‹ 8oo4 '=bOAtLm7Ò.ɩ\a;漧Kb. cV5loɵ/pzzD,{!)5e qR&\D:~c9T0An-SI;GiЯJB~Ц"ح\1wЩ uV65mL JGVeYPC"[B7f]^VT}ČKnATsVhF#ng:ZT޲r^l^zC\g4ՋV_S|gH"Yndne~Rݐ țL[|j Y}eTAE Fb4J;[USNB" WIJ%?eFSNkοolWQҮ,{ɲa.FnY X1ZsvCmBYT;Bmr4zZ֞[j1<լMe4ʘԶT)Bf4)l :lQ܊T&ͯn:+Y־>H.`NNJpx/Ge14N;2) Ǐ_IfQ+sͽ90KGirBT!;=VE N&4Wĺ`c Y.!ygT*03wHeUzk1~n!4f*$;MkR}Y&7}_4c_s 5t:Hw$lI?4R*99H8pS:R9=*?RkTioK%|Lj!jʱYRmr(Y|Q9_׀Z1c@ʊZjgķ/^h8KmIb>H7LՄ !Z*Sڙ (D6D+v̵ւ`Wgiru7isJ%kjsȢmiCrjʩz''7Ux4%'f0]ȜR`Ln KÏn7Q{3+]ڶФnŅсռ֫^KcCŮ!pwiÎHe-HM6S^qh]W[bz2z91 چ<ׂDo')rLCW~=ZVո_t3\dwiXdgc\Ca U[3 MLyxg, E qMHK8q;쏆ޯD/3gL^$B8ڰm<&]|d+U7{Rã,휭;t8O1%>?.!(sY!HtZA(]B'%W<̳ciqPE>[`w?֪; а3I0z7ER]Y(JG<:[k٥HV#.SEnhOhѧS/y;xGvG/,aG*X{BҀLZ0 Y0߇B(TU(f_(y Vȝ[. =v@D&/c+*SeEUWMD %6i Q9['ٵyJH'Bԩ۽,'r,hU{y9,>sŸg zm V n 1߬r~#O MI#"}ؚ̞}gϱzI{j5lykf^O2[u#d=Jbt8Tr-0(5mv;[Z}55(6e*qI@aOr~Rd}5!Bz.t6} .b`M4nSB!I=Ƴ*Bjt^0q; R %^=px2.wGLJ.a[mzܹtO 3V/wr%nٔ >=T-'KڝyD|CjAnH.J(Trץ8t6omzM)A/ \WtL Fh8i&J, rZurw#dIntp)3'7WaGW4W8*UTSu>e,&> \gœNO99c C8(Yk&@r hŤ y9s/8m5qP{j,`E]jDs{fٔlx* fXk%6~PYɢ,'nE'Z N^q$?`xcХ)~  hSN5|qIwÑ <=!k_~a2+]EF@@ۮ3&~k ^;$*pco UcMͨwG0.$)&VPlѓi0+(܅ů$OeVahH5v5?f9P˴[yO$T 7^2ϔ53䥤 9 Vbu^wTE/c}=&)X;SmP5unn^Rη8R\FU4|*V K=Gлʓ*cXX y7X4+ U=2mЯ^OJGA\ú# .0*J x|O"L/x3Ε?:<BG6^$eSKN{@$h̢_.%FOn--׌T~NK}^Zr貎X],v;GzZnnmv׌_fd$R-|݇u4-Vŧ9]n&HA8>St7#5k [%aϧ%:2:J %*\5,. e'nv63+XL3uCaFUJHWnHW PQ}1 Sb\/'Ň>Xd %3=g ϸ#S4-OuOÆ='@[]KBSGy X  O'J'PgW3[5H ɣ&LH}kT/ܜX/G+JrU"jֳ0w>\OPU̦? 뎋<|i\yj半:qcƬ+u ֨lJz9k^!:3WJnױD+f-,3f rkLhBD#pX㨀ތ/p[ڽQY]k%/A4.DaVcO 7DAvSz؋ I+Ěe*p{; 4na7;;p`#FRW`-* ĎYAEIwNPiQ ~=eqcs\g(5pzXįFC4Ui,0WAd8] e2Ƌ( a|d[E{{" z?2BS| TܩTgM)LWݬ/5dU1s_Jq$9}1_Ѿ?@a%\|_EBGr. }7,a ׾ X 1Q70<vK` <PAs_">LS7$J#oDGKN/0IA>uu}1Tbd2TS*ma$Uh3Um ~.+נ H=Z8턉cy!0JI>W6tC?:5#=doG?dwt\;~n'CG`TRQ$xZ:8DFiwZ>LH42g L^%[ Ղ̩U]_ CΩC wbR[rb1u!dbap+lŬƮ9q5#<8]"<(qCctQRPXl wZNzv`ƪ%OxrE3A^c-qRWO6x|n6uY34>󲑨) QW|l#4A4At6I$cq-$OYeYqܕpVNSM^CL4Ê+N_ABI^4_xŹ$TjhoؖWLDD*FV񾏃+.5ݤN&aґuBnC@2 ʪǕO_س7u sNaGAYOJפ #?黯!&7ԗU.|aͭ.1 ckϞiźV A!HF:69 R6/g0k&ٞg Ɋё&y^0'şq+!ʅr(o Bt# 0c'N9A%.h܇(c# HedBF~&=,k)0.!N@3LT WYǺX׃tk {zhgjp9*xh:W"dSc;Vz(tf慎^GAFE^Ev 0/Έ KDx}p10_K͂tĊ SKߜ S5rU )X mLn-B"6i0S̜kFmG'dC3=t$+7+U$:9qpp*)a;6(f9$-g\2o0)~&~>9{A~ǾYfjNsFvV}8wq(S-Dpa5pDF(h lt[cAT3Z:?psBG FO~ ^ lsHۉnߚWˀ Z  s?xzcVr},ܦj$TXj*;:H\zSL6nJ_ͅ]M ^ђ0rRыi*Nr;R3 y۽?h9xżqkj 3Gw{ Z$KFM֋B2օNaOr?!w =A^*׏ڡBl_2G*VcY(꿁]ıg1aCa}sJ-S,M'UH>Xqh/yPQd+lT>F )U܊5~_ʨIY4RF0Wa3YBb02zpc2I{!E@T)"d䴜Ӓa[g{FǦR lJxv-D]u3Qb e6s;u~ 茐BG0.G!F--eMo8<o3BȚ=uyKQrB:`upf1T3w99Nip&} (naύg O+x( +< J.nV )zXԻ :6z(["],ⓠ>ŹD-x!F䤌BBVЬ+g $*^횕b3/wÄMƓ!Z7# oZWjT!?-(lkh|dW$!3 Mߦ,4&o1\; ;3|xa@8 8uVq̯$nY29V/3a&O y9ӠUi\ v$& 5tί zzڣ寈*^^?1֎vi*~Wr 1:RK x0T]3:*x̡܇i 7;WӞOX$ee-x,wɮPWVqXzUy *"7LHD&xASS}A<v79%ʃb->A @DX!K :M xJS_J˭ݠL* Z`*E&\ ;0K3w/ OPs҂llO󇽻.,V͸kjZskUM%= Z䉗t)[k"Lx,vj 93tXw@ XHE@\vRH*i恀jS|V0~ ''W-˹;ݓxAe:2Ir&g]HR zֻJ$;͊ yp^k/c$p_KQXe퐘Ng?1y?/MsgM(o*%tUcQje--by*Nri4Ia2r4@C."Qzê_C#_ؙh wgrQ 0a-O  ;$y[1<QH XK]}H$(@*S*Gf}& Qj6-X$>{;e-cfY<>aAduf,BW96" xC y#y4Hk'̡l3ė7.L,5| ߸vnt?/vTG Ra \+HQ .O䟨y49Xf%o;TO#} XGgYc5^W5S'L~wzJ$^7k ig(6k 4f"g/a!&/p. 37qˀjgi륬@Yk~o\3zjJYH;['0 \2\QEh1뽬W\kAZ0EJLL=p40}RuSN׍KJ[eHk.$kEq=ΜTJ Ywd/rw%o`OcC!Xz}̻Mq'ǓwAF!yvr.(oH)܀.Ą"m̨,i*ݘ[|gN,A(- \(Z| x>vknb9 O!mewS4= |Dj5%xcQ(>8&lJa18mᔏTO:7:݌+"Zo-xuL;[gI1ׯtr6!S{`'ʮ2sR28^=;wa3A-"@zi4uO#ryQN`fp[ƍ?2h<#1^Q";&v+ x% fВqm4F뚑7&d\6}$t tYDJ'Н; HЙ/0wAIas8ͅSZV)yod΂Ԕ!.<k\= fuq7&Qpj'D/^Lk@5Y/ Jhɗk1+GɐiJ06CXf $Cjb_9 ; QmǤaw %48ٷ0MfkPN?MaimNM̄(qAZHDH)`EA8: 2dOJaX𐱥_h)U2*7(ߡSҔ;VE0uRT[)@zs;&Zh/CPCe|'"A߉QpjQf-Oe3uaLo#,c0GRv-yPp-ˏZ@{rߤApɫ2vu? jJPW^8@A-t7X-?l+JS?>9TO|\+jX^׷:7G[[Jztڃ1:}+4yN^^>;E)'7၁R@7c>CB }zqlE(!mM{"&0&`ק%KעwOv~mcܨExQ@&^ՅK:!pdp3S* %x6&ڋh\ N8=I?v۫tä"uGEVDLH o.]TTR:* xg=تkn Ҹ(9)fϾczW֐O쐏Q9_yЄ0j&J:kpiD)Sm 3)M^хn#vm%gz .Z7"TYkU#KtB: g촚.лA5^땬V Yrwk*ΜÃHKMbIQ- B=$ł=8mԑ4^ƞr1GIjR@5d=mx\_g Ӭ'$''Iw,."H7NL'JwG/4 'X,Һ= o'fWmx =>z`+dQz15O^OxJKN^pTaھuq $ZʠsR{w6Xó MN ȝeoeh0֋ipIO:@S,ۑ]* F_fHZGAs$Af@ WQ_k|4MV׎ L@*dz$DR[;9K =yf߰j0ڰ֨%,7&D^^@ڒg94D8P)7Ϸ߅|Oɸ&9~pלE.2AWu9 Z_K`ψ_H;&Ruٻhp^xy1or' O]|8Xpp=,-SD%ZطD({.0[|;A‰3O4=-Y,D |#_m<":R\'CXc`DxMT\{8L֋ʇo,3)־PBI\]2dPfj2CUÖ^>Jġmv1p$ lrI%C}'$)#)xuÿv:iu 9B#pj] ` ;n 5+;СQGG;o)w;!.Ect}eWx6I*@ =;~}c0ehU5#],d٧^}覓6D5ڋyl=FpþL*ޫ:ao%;qYَ`L{wirW9>ӧ׷s&a: BfH;,DwwŌUϧn#Xa;Q=!9x="g>`Joq?|M/\/ !9>){s#IVQ%fdOguچJ.nIOy%a?cMƠ8z&!v8a7/r;mb! ݿ}ӓ_AM> Z3]kTG,Wm Ht<5Dm,cdjEyk}ݘp#3 K?g6{rfow <0  /xց7-\r' fƭrUtEbU^බI{P~Xlҏ\fBKt ̎Tc'\uB< L꠳**5ݾPHh3bwVIW:@ ^řgJxhi|͢~!n) Dž,I/nFIӁJRM[Da' r!k/t"\تjs Uᘥ`= 筌Ƈ]A2 @/Pө:ӆcPݼK48ؾ<мN$F* |-G~|\lJ{2nB;Hs¥&%_#Dݾ,@x6}eqVL[UQqi2ȶּ`dLQ˽4nLW?+HZDӎnUhCs0Џ J?pB`cC@Qa^΅ϝc? Ш@WAbIV/`;Thl'V]z`^RzL;FX!|i~G|q\itccPLHx,5-< dP'^^MԺ jO `l7OTi!0Z2k8N;7+Y'AԿjVҬ]{ ?%Lh{boW{|CƖm6Hb[ ТyS*eeqWNw1Sg[":tt _/b #fcև4h,^E+2vs dÒ&G_Xep7i;;Pٛ)MZyf#!i @'g }Y <,G&z.e=1rƱ[EtL5ĜHG~E[ԫBfi 0WUNkbn9-`Ӏ{yQddӜ{BN 6@Xp)v5(m|D5ImF2?A]ƑJ^\l`>ߕPʭx59\{pi?D@oE"T1U x݊Ql':н c 1n? JJ[Bc=90^\5DKH+q MAlItWغ l O"ٍ2ϯ>?HnZ63@OExYZ*--azKqSUnz+҂|xVxSVDpk14,AsLܪ)>0V{aE:ԏS YsK9*7 h gR;;wɱHVmwW8\%i-LYs2[ySAxQ;uc[9dd86(R)U|{JqєWDǛK~7"CIBRڰj(&%(`Ǽ:g>?r%iPm?a/9   Md鋮}!ӟ4?ʏqqso)Z/JHcra{i(U a?^\^~Z;/H/s\FE(D||u>8J=@o JwGU;U7δCp>$y%t tni0rB-ۏL|wKVFeGc ?Au-#DBLA("S,"𬛰?b>ӊ}R]stJȾ7>@=c*6 1"EǮ@fo@TCS;a !Z.*|了jZio:{Q&/psx 0rȸ @?o k;,wnKno+7W)K ĸSjKH;STVAPkkn,B$Oh({t\k`|?t(Wxj_"#py F~m'xeb:L43L_kF'B"G[[+ խ:a|417LsC,k?L"Lg& ݔ]Om&iBIa(:EtgIωk+۾+wRdV-ݳׂɃ@vaFtuDwlMS0ϩ;ё~NمqHJ}~q!X0(`^0~NJJAєT3hj2]޴???q;upjs ģ݈e0 -inX \Tmzv>=Xp~N=uBw[Hʜޔ(8֛+@%X!nģ־pEN/b/K؟n7V 5V֚^fsz"p&Iu)x uϏUv|׻k;!#AS{%ImG$L<82Nd >Tg1Cr#g{ 0NП熾(D>/A{w*2π^34;Ҟ?"FK?39 $ݍ|޹آ k5FF bvpf`]6#>< .#bgRT/žuNN+Ă{Z>~HYuۑq/}ifχeG1uCn\xo5,Uj1ǣ]o] HT_ 9\]"Mб+3GGQ( MD>׭r+KʕEs>?^.~zEA" Ю2DىNw%?|?!ݟiÃflP|J%Fjv`njfzSD­Dws#1y@BPѧ;UN@wT?8T9 wPUi&b43br<֩1Ľ^ n>sw3iM6Lk+:Sd띣1%_u~Jmmz}&v|l@[[F(1E);h 4xUmǃDwˌPƴܽ r ܶޔ+QsVʲ\466rvxqk{ҙ8ũâr? a)"]Tlv h*7 bJK:JstTEݽN։IL?"S i;KR|ښ2b_ nN~Z:~h]Elnh&)b3<!o11;fsV&!|!nzɁ9Dn0B. ۹ia0jIq26BËehNNRj&5t/3r.}2 T+, -qm ˖3⠖hA֍­0&lj&>K `I{j6쒄{tKS<3fiXB`g >j:r˹=A;xO&'{;AEhVKn9l3EwvU<۰O8[rjNZ2LEUAk?qZlU~/[6b1@ĮiSd an[vHY4f܅!] I#gPΞl@ahY L'&_AFҘFbhW3MѢR QzgFa+I?B h;Tmw VXr2G&*7 ,sdD"q,>h$# BW)H"r.q]gY"L8CWґ#}).ED|unVI({&&4Ӛv)*oC-  E4NrV*|Wl6ޜɈt^xIdÀlMZPV<{_D+HNlyP<`:M;7bfvfb-&DEʨz{V(Z[ ?$|BD5e[%;e-'\Fnd޻YO°}sQ]w:#GL̔V+(Ӣhj" 'Svy2B7q f:ϩ*pʵ*4&'x!k߯tD CL'T@g6e[OFlw ެP=?L\B{ S%t@dz1 vVB0ϊ>e\ӫ ) ږy&ijWoSyUl<ϓSoS%>G 6)y!cAU 'nJ"!3iMO x< e7C/ `]reɃ=٢W~ipFػI!XϬ+f'#(EF)efj%5W1LOkR`Ùu,`f(9SMG=u8HT*;! }L+~d'ꇊ1$1ʺ %Xvү5Qr3Py,MҼw6M {0U9,)y+4>͐7*9Un+dOwC*fR3g8c ֆK x}X9t9ޝ"z$/vb\Ec >B#B7mݔ>pL]~,7 CaPޱL)Fiu9N\&{Mlڿ7Eܝ7Va#K*Ƀ3L UYDswџ4.yB 3pe"m?g?pH0tLd)d[maE0_c;\2Fn~8:HZ8)΢~ҕ:9G-/lz>DtSd Xc%kh 喎ڟFVW 18+ӵG7L;HnCF) lӉO]YxJDg/] NlFyOҽl<,`NT/ 푤㔞oSx.w ~2V`hƒe eVQWҜI莄Ld| ˆhny_XĒMo^zz7se{cr`S |J̙wHOcqs׀ 67^?&VԚLFP+ =P9 ֖P0QJ.&#S^{>ڿ"K7C2}Gwj/tdMlko L]'8TC(!#1(i a?-15l^I@L9fg*?o%*t) Xau*tkGGoɍ,BE:.}PO9xYCu.ӳjeLag@ _rP6nNPqF[HbzjJ/m$d3ݐC@`j!~[^)kg#}UZ$h%^ *?Ċ݁a)1RHh@#vc-riʨ?k#T7"dV"!&9.05WMna_߉~^E@3D$I0ѥ2C;~QMoqDS0>թ'mcb5P`l$Gsf낯ƩMY3>Ą([⁔8 ՟5ÚLaXŜâys~VkϷO.UXƶ(6ϸVn1w fc+R!Wf:D03c9hF'.3;o(6~oa YW&63g~BFZAfQ V.sJ@h_7e|6`>vγŚCQDP ISj.\sMH}{ ݍ3[EXmC)ּE0K =A 柳Ŀ+csŮ[e4{PV+r7u`_'U]<C.E)ҏQdKMKi.>FpE>{茟^\/u9%YMqK:߇q6_ {34DupK#%MزHY[_FT|~†o'M$%E8N2%ڸ rsmBEV5,AF7Pl FA&#6?ԆWҳdv8Žk;1Em@MIk|T^Bn4cZ]>ɘ5pD}j ͳٖ')=(f pWvTbLdpU`-vrn m@I?y<^[6GwpPBpl/Cl2o+ F2JRqYZHTyf^6l V_:]f9cWJc)tT$_uYySom&b0nPwͩUt dK6dX 黂%DEmC/ou Z )rgM6Qsw Đb||v])qϾ#: dx!yrBh;s,;#愅:ޘ$ fQl ׯe@ l6a %ht" PnYy߈zY~9/\] h}H}'pLm dvRMJmGegTI鷨+5G6s]ˠ"V$g ĠiIBiLu|^}?|S 3a)$,* Na~ZahE5 idGz,UɰҒ )'I٦Q4Z&3Xſfi>G,^ȺD~R*Cq#(*r<=PQ 4IM$y4+F-{G ߺ>OFRieVPQ+rhnH ĜwAJj$ߣ/ 3^Yjw*On %yH7On"P FMrLI!]UJ gLl^o=M8V蓞Cȅ~BIg\o'-A\wD ^&DYql&%N'L^!ǒ%j0bM-UP)${z쐊[P%@т6m,<'c9_&MQ@4PsԬ4M͘3k)Ȥ",nEhҘnTnqL|6Sv|\]t#2W#6MO ;B3 L8HH EϷj_K25%7{4{Qܜ͜+PkxuёVf: |q_*%B2'ÁN+'QnnHW~դLkGvIIc6$]ĸXn5RZR?` o ѼMQ[ t"UUn({-׶9L3+r>rN8hj,(2F~A Qo l 05O5vo#53?Ь!ũvFҪ[Y搙GN֛q5U*!A|] ]j5PN=p34= at2XuT%j[~U%Q W#+= y+}ܒPd^TPs37h8]t,!Wn[HI,m*)CqB'ծ'6wk#'\wo[{=}sGG[`3!m qX5m!\[t<(Rj|pY]~U2ØUB[H%Ϗ Abk2<)O%Y t &s_r%X+RM6+W2mc64 ECs9ZD< XF|N(*JFUr38PKțHݔbScǝ}pw+'v,M=06!};"JuH24J-i@hmzk!0!ܾ78A SRnu0䲵28Uh.bM˺U>ל]Qh!W33ܖ'ddDŽh11|SlS ^eʇS#kY%k<Ou+I=f?V6B$,st9o儥f#S*ʑ+5BafP9\2H.M#K@N<m&B11A%4m2uK|hYYEセF[Æ$ѹL-+jA>M@K08&4# bXD}镭e8AVˀ[~K]ƈl~xgMae<ِ)pHRIc;ʨR7S ;T$#1v &d]X'-$ #܊yB  h %ƌ[bAXZT⪻v=_۟x&C#V@/{$Qf@i+#N>뉼҆6^׵ T9턐$gq2 x?ܘyv2=\e͙ A/:c EPAPE-s~2RUp@w1U I\T`@K+C<51VR:Ϸ=ީ/{4yt>dc0F~Ln;k{Rp90a$c@qgkrp8狛>'^qqUكT W82F }z4cwjګ|Oϛj Y2v/үiXO4{f?9.ㄭx}G؞''2  ^h@Q4"Ʈvd-YVmBC]8vפ?2ҙ#VBGu|$IK&Ӝ>@x;/81%l5-6O ^>ɗ~^ OJT)ayUR޵TԤwT(IC\Ous s߁ʛ/%P W`nUxplPxm}wqVwcweX5xO*UhFمf\jur^֤) +r ͽiF%>QF ȭXCO$8juE"_,X {m5s>EM/4mH=M$h,@q|pshFTncHZA=vt7dٻVhx!|fQ2_9$dDOʯ%[O[.*}\ꋇ^&oW:$W0|mtK}گ\Mq\['|=BꖾdkByqѠ+q*W6,? ;*uMIuM ƼU$7΅:WlL`@P[3O6ZGYZUhm^d6ʏ$HATNrT^+ӄրD?_NKvū\sj]+ jzCf׬wڽ} [b.Hԯqt%B[Ji2ɾaŠoD_Y}/S(s~Df-$m-i)Y@JeAǚlGiXg=tp]tNbpy2֐nnsuN>س(~s _5R`&i@ONw:%pK9\^զV)yC3g> ܉Gs07! @Ϲm;"inp=׿!U)=aYEMaAmkɒ5l>L37lv4/i6/jioUTm$v2#oK^t|X?#hPv)ƃܱ죪E#F .x*[@e쐧+^\`0݈ɕ!+4ȅJS̾5>ɛ,3/)x|؇ԃ!(TJ@Vg4o/[%HDPzE&#W j=YJD]8&2d 'X~rDNDK)9!K5+NkXlj%+S^f/mA{7[T״>Z_ puWAaBf4Edqv!#f>RGU@ Hu*wN6Zo8ف{c &N}H +r Dΐt| R:w:Y}ULbu[Vp.S^ih7c) C2EFr%ug<.' ă#Z4ޭ_}0sO_W Z8޷S*;pGzp4>T:4̘Il0m(qX3O~Q2wFe"{Ř_a6@:17۝UQ}eiAK]摒؇YF )HIUZ־їW\u^jc³"m&P)1XABfu>Ƕo/|7Tgm4eGQ&Nѐ]sK.F__fRF"FJ8@zM;6 K xq%ty&F+K=/P HM5,M@ -Q\e/*"^\"H: ^QC,*hLbu"hjNC;}l~1.HzHzΚl$"և~f56?trrBx ݐrg6.7:(~_\&23AK:r 'I`G-VdG"%85&rX7Ҝ]p]FJ^;% kV%aq쐝JJ u҅J35ޕЊLH1夰I+5m"4]twc܍(`=v#S_W]9p+)Z(i[eGT¨kdYBmg C; j))\ҼEy uDzAF/vT[۳=DToCNX^ږ#ޫDhڈF۴Ws՟uԟW`F_ߔ=̙8Y%2ۼ*ߡ6apk=1vtI8,QeJZyȽ)Misw#lp͆L%wMWzS4o WiU.h=s 8dB8 sxqWe6FG(Cr&C.x?g'BWu+$(`0X2@hD fUDô|6\|k-UZ'~0RC|CKGB8 B3ࢥ]Q.d6ӊ[$Gޙ(%Df x\IvWw_44D@ `pU;3\nc&(DHCpNmɟ/$󁞺 PJWzW@cfK|>rbk۾aq˄(."I*c&,h[ôC3__\*Tk°h"e2y`( IVf-._BX柝Q bJK[%^ڶ@?[La?͖L[㞽cZCB#$ui/hlAepd–"td9 ;VgB N0PBK LzK꾲3:WE| pZ-.@3 7`ь2R<:!9&]QFׂn dSr\i ^n)$? QVEf6GP/+? ?(^ %Is̺*M8a5 W@4{#URS*}%&F7oE[F8kjR?3BMx̂rll\|ywbt ZBdUm}jaЊr63nqU0Ji4O\bT7gBӠS,uS:H઼# ߻cĂjY4CX` sOJ1lXP[,yo\„I&(Q=%^,lu+$qjS!{&LF*׏wic/"$z`  h¼}X}%~/zV ~S݈|ˢQyʙ2I%/2pk l:,GX[/ǿZ/1R5gI~+8u(W`%>fxxWy/]xY^]ׇx>K$^./ $*o#  rCΝØz9DyWh Hl+sx;87K\X{P{ +ٜ L:>^CHĎ4'WJIzUxIc6U;X!ڷ1Jc8'$߇V8'W&kFK9t(zeD"x߆-*ĬMD/ˈ(0<-0/S(CUzѳCg Eg$8/d:pz.8CTj>g'@ WQ=ƈz`@CQ|| 2T7ŋx߷)s\dg?WZ uWjDhAs38zNSeN==F 0 MHK*6_]z#cǚeJw4vҕS欭yHt?͐sS|D/Z:)3^C |:Df.ib^P:nJ ޟ>5v )^[,=x^m$y0ӈ JAv97}ӑe5p|"F^u d @g?Uy/ωMkE-l=X:̩.fLcL09RgU kY%XsNTGuڔ~_Hߏ;\I?bx;#6M+faȪgDjA>w# "S{ٱ%r՗x*Z+Q]@崧ri n9{SBӌmؕWY)`#T8t~ĜNZ.)/e2d2k@CЬL?J9ҫ \yB#ZS>[SzGN l^N%TZ#GX/={hL12RPnC foQY|GRVI V&RgnNrQI>7p!}`TIF5%9m  E.h/0v!9kHqρJA\6c;`43 iy( cwi&PQ|˂A1Q֔S <bH-Lxh˾i$ol|ƛu%xR!=AHSM 'GEy\ C GCUmUI1em#You~r'hM}.3h a(HSCb:͛nrz >Q*!6](S~gԑyuvIt,V[rlK1D>*ӌJXzDåAO/`0TEem`& TC*Ѐts7X/4@泔BKCUov{uai}~qpr4!jY,Fc/CpʩcaOpY9_7RfAb# .yN=Bܔ)~QU:7EUu-O;xq|^Ƈ#:2\uبe>.=c7 #"BA 8 p2&)28- òk`R9$n9ƜH~"Ůwm~4Ŝp+EΘvP$8ח8~8CHwh Mb1Y|OWi/]^0SBX:PRJ"s&}Ӝh5ΰ;({YeR:2}SH9S9'ƛZ9R_,tǎסe(w+<:%ɜ/^TIM=bcFc6p7.cc "TP!?Y]0s&@<_"h`D˶c*A;z(jOs;Mէol5z}TS o& ZII݊5c?ie*)ⶻǹ%ӌ̫s0lrUIX Xkhc-O e*\!OBŵ;ę=̢UG y _UL 06Dv|#Fܭ Is v j>$:""@rp4f{؇x^aN F{(GO:faGӄp3􈕜h, tjE8j*F{jXz+84PW &JlgW+u#Ri.7KL6jd O65ɻځ*PB+n@Jx@la6@X%ׂ SGj*8i<LG*y#mp rT|io}И.Du(;}29z*VBCDosR/{|͙PspBh"Mfd.@ظQoG i:^Dp5̵0(gW#Rѣ]`+^iaDMx.|dk }$S4ECp]T&:*Ajř4?4#˛\wY[RF%_4gsA^?&::Vl EㅈɗX@*ոWc[*WIX\&4P\ b8*^F'-%1/NJaFި6ź/F,]tB6o? M泡Mq )B9yWrgk5cveY{M?HtnC]E4/ Yq^kT@%hސjZ6,߹A߇ANT\$=)#gF'WmHˤ8&_%﫳VvE]ZKU/]c[XwT'YJ@Ue9hW_wU[JNg}8!&}ns.J)L aed@S5ZNbW,dDCNyԖIaFdIG ?~:Ar1Lu0` qeL!q;.V<㨷AtpVeU~A46m"UnO8N_39lw܃ 1U:vnm]g:v(-ٝG2|dl;ѿZ:7pz>Ȋ.yp\smGd3"#a-.Y:8"qT柟,(8MA/`e#e-kk,y~X|.{y꒾&<]1!zA}86^h ''kak#ZVyV+Pb{7{)04j< ̑N2!NsOeDFֻKf.z`R(ŵ_3!?"Eb<='9n\Vs!ո^lMW5SI&VbfGNNbi'H~Q*S_ !3~[XA d\I9󂤺jwh]滥q_BM M!2h9WQ1XYH^rjjc6hj5Q1ZR`ج.r hXZ ;4H})2)| O=? +!$@X77^q8DëhDPk߼끮r/)KLK9RR\>6:&]B؉Zh'=@ _ דl4t0fLiI lծ1:u%X ą8CȚvm5X\R8@hpҡ7ScΪ)^#Oyv|GYl 9h/8 Ryy-炓!E/ĵAaT ϳk] Z*:PsVbDrù+.εҝܠw"!U Āɂ Ó$ jx+O0h ũpQ7ine I9Q64NIg ۗDɩg$oG} LE&hF|H4fJWU%HGt(\fpVgZux WДBde3,^Μ&iK`)lh7q:o/+k[x HAknde\Itss7 8B#\7KN[&m|9/̷8Cq\i6Ū`;V?Iuq+H =mvKfq_ zj0]nPSEۻHbf3Ol;)-W4^o q) oo1z՞γHRae?j8/W]^aԚqbbc{\8XDmK]o?>72?M θs24Go "/+iPls..on~Sx0 %d\| Md#\8@Q@$U=}yBY"S%"O Z-Q y%IiD*-O;!&#fʶDBV,mQh3 1xfOM'Hq9CwpoNR ӱ1^Qw.:-+iu˼;VaӁT福XJa s1*'gTSt5ɧO4[޵BdTQN rfBq;A* (A7k*Z_UΩrHhݕ1dTY&#:gPsFe>iC 쥱D:f"&N2`C|;˞RPđ-|۩ J[+!]l k4ID@En4=N2%}"س֌b1WgRݱPDcWry./+C\jV4m`BoWlW  U^x sy6 p=I?,!5(3{kW미OǗr&AT`<O ;lGE2y@=XH*W121Y& d)Iej Vid!WJG?[\ɪc7Yq3Q4o[o=gF 66>m!*YX:Dvh$Bbi6,&JML&c^,!+; 5CQ7NtyO`K\kQc`Cas[+C=:?u[BBRvH82|S->]\H>UPyO x,I1Y}g^ş r7C-G~G.@IU0@O׋%voM&D߉k`$} QZ?}9ISʫk ;.Y nYOe?4Tg(m#d,Ym.7`1[x9vCM܆aw3v\Y`I3XD`Gt ?2H-'|}Khođt2zgҐ, (,G^׾qbP[z(>4QS}>ؑa'8#o(QMl&M 털3h9~N%9[d'Q\@A|k@ RĊM 1?R5ZzN %ݞa`J>ʡtN֎ eM\>,̽qKIQlqm-LF}49 JZpf}vKnif5(S+)6#6pa5=XI+e E7^&'TU6;CF6RV#I?.=XCZ܀$|`c 8oGz%ّ5%4&`6M8S1MF1AF﹘'nʁiuo"lEM9%.Oyί}-6<ѩ&<;cɿRM s[8iz a^"2ιLV3^QyLFh,OIxA*ʾUe v8[E[fxt&h d>\mIfpl۝= kIFrpjx)Lyҩq} ^p &tVݓLB%AHYyFVayEʤJmSqEMsI.X BZ46BC~&iɤqE'r+U-b bҳeGѕxff-&!r7g>ٍt$po 0'u* %>髿0v{Y@jn1Ìgb|,az&(l Bo&xV';:IoSY/ΫdļHnR5aOڤ:ln랬8=W"Mv:2FmjV]Q5 /گ#y9̲]i߰-5\$( ȷP{`.Jy5D>?\$mi2{(TkrpZzhKp_)WIP\3~UE\pq>,G=ֈpU5~xOh\@#LH=ԾnN|#ԖK%" eꗀM\0hcEp_B=kBwkbCnUGж"6j0[bOhЫ^@1/d0F&=뮢V+']bNb{eז k59=8'4@Kkt[݉5#j ܼ\x4#ذ`y .= ~I /^)N"Jf(]I8&ot&n@;{0o/mNpWt0--5ОqH3I+Jfw /&wP@߇tTB6ı>6[uYQpoH{$|2`|Nk Eƛ%)=C>zH}H+vQ+x2 b|j䑂{k=GLY^(暡-׉f^!]E|yT/߯ 0iu`.Bb2'؞((qw E"._,4ˡ#Y|IwZvݧȈQ]vc4C5ל0&~KU'Ej/;LA&PI> A#-B! !L C?dSn"I4d%l8PҝYckhHʼnt~."d B"&Y(8o|[]8<4QK;Kٰ`kߤnn_;!]8'[}/* ϴa*V%=s޴֫tW=ЌGdю/̸E-|?2ьc("hzTY]0#w\g,"[.俠T2 Q=`QxWMਪ7y. |GmR$ #޷ȻO` ܄wC?IX>.?&9LmK ؖICW!p:j:ӌz H:?VQbj?mi@ZH'ˀVhy /H'Hd[[VFp~0+y4#Z`]=k}wL'N .nmwdG>qGFNF=Jn>^hj)r=pAkOFh]T d>Q(l%sgڐSg;Y Q;"v,D0$&8dBh^&_:Dʡ"2tqY1#o5-X ȦwH8;i@X:ͺ{FO ]꼽>s=Ӌ7LM# Qec-ZdPdb=SކLJ‘aI8nsU32t*Of`4.BlZ \^9o,jrjKeddPT@,pV5jɲq7F;Y=S%q,0} 0f*sZvrPDEwd $I]!cbywU}]H&Z|n8/\yyFFbR4h?@Aɬ:2q MMq?T0NpO+kvi0UþgStDucfwky2(f5 zOr| 7fOzQs]dCc**zfhXHt`>T gpdZ4Nq!^|(]𤉺3Nkb<.qRrSխKM=uQ1*to|0;ǺyW_[%,1Wpߒ]իUJM DeD~kZW5)&H.HNH2!cIǍfӽ7:nX_@aۭ{uO*;isV!OBWmED>qŖ>i>Wza9|/wmX*zXmlNgn>oU:0LD<~(FC[$HeɋcQ!Bb|ߞ7mŐ3.rxnTS Ft!5;\K>p1GĬhF2{UDQĚ-+S@# GEogښNJ2ۯ?A9%sÅBZK 1PRϙm)cv/so.&4M /Ku?HF / .59Fg-١3$`ܵ1!‚M8\=( r2\0i&ooZP$Bd 'B݂JCW '-Aưc`윋Z@\SdWWKPR.Gt^=8bov$Zƍ#)=T˵Kgٜ/hڻT+edI(1Aa''vDHv``Y#Z}>Hu Cvc}EEXWZl ;^(i:vT9J?* 閁wiuy|6 [~B>wj(T+ldqG\Nfz91O垥.NlA&6ͫʤTf%F((f0zmMSZ&xET]mNZԶ\}d9߱4!޴p:[@t v$SD0l8+@ZԾ>|&u`hԱ& Y!FX䔶+n/` CmN5Tx퍑wqC%mvne#uidzbhzD[i&pDAA'Lmk(pwi;W2RYY:'3`7lE*!N2bQlYJ+^ [)Lؾ`@hL=nsKwH]2lʩk?kvkDGI=a r0rXpd8 rGmT%CUE B 38MVIjKxE G?w7-vg*0M?T0 3i˄1^!~̲tH'JcIohVPt[7p#P& +eܟ& Q9{ynXzT=;a$x7m tr2X'T(TmzURtK;pa{n"Wp&)_vBvKBQ0hxT_1/uG}I&O<)@ynep1T <(d㟯k#'zMfI' @O98CDxD\_0=mpݫ`Ɯ`\dff.{ wvpCab~˂fvK"m;:rSefŎ@,\I,aшB$ Nvܙ#B׿5?33L0 JՄ pL1Dl )a"Rݶe>[%\JleC[E6-INm g0%+\G7=CeFqs 1 90zCBj? 4,"OHO3pvuXIx:e-̒7CtI8b {9 aܱh.UWIH)g\\,u4%]]YWDE`;fP4mՎ㐥P) DEalo7( =f%^!iX< lxw;CfYt5}-׽ u7yNJ^ˠ@8Y/-恮:26~ุfH6eB!nr5|-Bh/PtMS4u("mr X")SrMLkrmVzQg/:8S MnV=IIZFT.21\LjHS?t?X4>4} 3 W6s[m:uS7MՎcsG1->VG9mfOe\ڽ#Tܥ0s0fy8piרdu64F/d3կS~[eos`nĢXxGv$Nu 91bvsG3ŗPaEdZfp!h4āa扅Ju:vpUJ`*9l =ngNsOx욗 tU](ydi} FFOHd.}5B\Ös^y_} v;s F9:d6̢F.5lL2;TRQdH"5!$jųS>KI5e gO>u3Q">L=?.S`+eLaH$>j]ↇ҃Hv53qmKa'K: ?t ݿO0I KQ\x4JhU{-\tR.tg?DE 7{duҗ 45}D\̷u-ivndfe pΦ/VUL00n\z՘Dr$g(jK < Ux*rZ%LHFwOun!\9Tζ :_O䌔w骩ZM ИC,jij =r;9q֝cN8-qޡ $qyh9pIB\ ` v> KS6 |teܓB΂#0b]Z.vg{a^'4QT# Jnc[*gA*71{BX!+맡]qY9[&G4 {LO^y(؊S eG.3O0;'ö3 r!s&.&U-p(uI׼FNZ=M HEP?-=nʭDVѪbŨRF;)7N3\v~]v9Mɍaa#L姬@6`rF)+Z<[ReDx!mIc_GiyV*ՑsPK HuRj̞`~+ t WeNm?_G\bmT?@ajB S ~-ţ=dM8QVS:, ISzxѓG!0HDNvߞMVI&] pz:s8 GږfH{H)j'(Jj!B!Qȃ^Й@3saYP)yd82|p3&\6l\i25d,(&z gZ.2!k ALZ.A~]:Bl?]LVgh! DbC@mv52梌 ~Ne9 n)Ok F_e 2$4-q&2Z`'Ѭd<2Tp(H޹NYaئucfRm223>oe>o|~Ń)Ϻ` -g<V:`#KBU MK}KvKcn Q65RPb7@ƭ4 Ÿyb)ddk~YW`>_1VqzHbօ]en) qȇwH`:i1͛sk^dס5'#]Tz[q/B,m -leѿ3 v~RrO,ז uylС [%ohHlg==Ol+G5>jp$tHM#]Ӆu SE<13[/*!6RLZw*5MȤ.wrkN)rLCg4@ ^ Me9"Y(<=$ 4x}#mW*̦nv9tPy"CI qFSX31^j(=o8J\NW,E?N|@& -U'VRR,Kus4^' vAׂ[z]nQL_Q88Mv0O@yP(>ݻ3"#*kVz`[ltΏD6Qq! <^ӱ'4r ^"wG N,z'J_yOCXz0aç2pH %; 2F.H&!q^0ep e}!SyfGEJ+9&σ:TD܏c2ܘQk(F=JƆ9Sˬ^Kl*;AR"C9gAm ~'b\lJy'{93mRNU:o (mc>VaH¼@PRmHNxBR@G.h7 K1$xS{_M?̌_2< /:d 3M/;Uf"i60Ж9y @S2vɥ5ISmAӻs_mGtOaUp{Iap0 ՒT)F/g@y%FO}f)6]ߟP1V c9c}|Y~-iU >snׅNܴ0Ո#)mbyߋXw: IOw"!s:#V&feG#| ;\ '諺~i!3.Ʋm^I}2bUP h3h<*\(a ]=q7O%V@ O:AδZY =;brL͸dw+C\a~#{Ja# Y>7^ӗ+wƮw ڐ#zSI0A> %sEȜv{reѪޛ.G/úS;9|;#&?Gɡ=:OpsWy;Aj$ޱzP꧶"; M iUt#>~X}g;50R+345-{fQJV >"M {+_t`L2+E?Rbf0fFCV^<N-னj⸈XzFa_v`O~+UX/bcхƯе(ߖQwD=OƌH~.nKƼ-Ԙ8;mt6)Vcd|*aïԘc *l)$yn #+7uSqkp"dpTZdĔ.PG[K*uRHzcvU0VA']^/bfΪVxl @I?S:iqq~[27 7l8gKK#tw1< 7ۙX]D܁ @+cAˏASY?4;J@$/L%L$|<݄S]6{*~=3˗lRW=ٵ2(QtB>6Z Ȝ+4F?|5r5A0:4$OI&Т譪_*N5%\Ҏ(fL ȍ%\.a _۠]fMuD{r^(D̶F. &ǴeW#醋V>}}}=tP"J]:]7Rba2~G@tě5:'t.Tow쟜:K1V hKngjޟs]F&K,u"܇˴jL+SӖp@bF$g ?<ۜ`O6\2@/Sߦ#"i ϰ jCb&+z%jW2zNtft-ہ!'"';OQ/%{ /|(~!io|\Sp̋2Z<ȴ?^ztď 2@,A`V60Txل+Plf8kHfĤ?>gN+k: 9}!EmGY`P.|e@s =2}M\1oiAPT@"kM, ԏjt+xwACD\Jx8TOW˰߹[C]4NIPJa^CC>"*EěT3**bHb,uď8no3ZR'Y RU3#s0 d]zf?!Mƻ'KPW>Q"&sbg+Ps.8 D@!03<ռqG*ύIrKZma`Dp- Qš[>] OLlMBy6 G1B8G\mĻaqV`ڼCjik3Xڟor4si(}l?ݻ5_!" ^5;ecgU4Um;twLYf(f!Efgs3[DC7Sx>^VS-3󌘁Iqhty)A`q{7ًL>ퟧek("4Ҹ`zhBSЫbQ}l1{YgeX d)y+} @ 6狄r_f`eqk|@0ai@Y#}!˕(|Y6q#5-݉{,?R%O6b3|Ƅ U 57sUq(b%ʥ3ޜPg\ "R8Yx PC.15] RCCcDUEoH8Q´G~vP"M֞hХnJZ$QP - P<2Jqh!f. Z*; VcqwHoj@q) (@t3WN*䰏VW=g;"2pʬÑ(! " ye% yrSLd oZ6 H% Y (1'8bs͹Ybܭ%yt9k^S1 5;!`|=h$Nj/m {k0 Ծp* cdy{挈5K3b{wsw?$|Ɛm˪mFKFkQ"X_ hzҸD"3y+?mJCr<5Υ?@q1B~A+g%1u{6 ҏY)vkZWILY9: ۦ)j_4[vp s1/PEv;=v$r~)P;{%_C`/S5sO ʕ -㋓pՖ\UUlD %-n={s2SƁI{.й@B7l]ح'@WZ!=i}]-ך ٬hMPOC@Ҙ#lջU^0‡UU gSZcx5)bQxonjbg{vZ)֕Dbډs pV>}$Zynh4],aB jj|Bkئ.Ueies8v[;#jK{.߇j SK߃ba9:4mP }@ۗsQ]sq\߼t14kqJ/ˍ5"93b!Dc<in mp!LFbĖ,af.翌f5T29kͯ!B'z8 &E+X\!"ꅎBgŮ"OKErѵcXk `8^7+Laqbeh;=-e(FDJ^z/nr> T1ʍbU!snTR/R!b< nш{x ;:$uaƈKxuTV 8%`[e :D@Bnߚ);ѝ&"Vw-;WL]f `~ UTG[/q6 HkCmd6S񐟡XÞVjm[񳁧uLq*"E9hɞ P'wRbmol>X9"q/*tDupG=]6\[j:8ȅ{#D|FA&L  ʣjSX@f&ajaSsiG^exhQlS"6/x)E |'^˗lkB@jq &MIkq#,GpIa\pTw;" }t ?dl? ?~PJ\l<Z=WSC?3Fn ߙ0H }GKN+>s2xMǍS8$2eJS.!I GwAJ3;<_Z40N[)b.CIcCP+d%K]6 6ջ+ Ha} yJ[njmκ ol]9ΑJ$4?8lk޿0a7as|x H⽩҄`b`jj9+1DKMx$=_8`񞜽Л8@q%t`Cl_T40#%])5p4{xOQϩq3oW!z7oW5/\4Ep23 Wpx`0^"'e}᎐QdNT& Ϲ~X. JВmLx G9̍f!母w7JUYt_BRًF%z@qc$b".y6ί-T%=y^"lh,@G# [vq>ӅS5%(1(URQ1.7zbŝ`6MRp3c(3!V+4&58ӮԹ;9ClZ$CܿirXKC-|AJL& }@zX&ٿr7T='fpːW{Q}ɱB}π= #$m LpQ`qIMέVWn U侅~;K7Giְ>FzYv Ţsx[2rmIo=(϶I \UFh)[a2 ] Bit񋾳:+WkL* "M:sݏXrpkgZp I0 Uk̪Ҡ5ĤBt #4 xtK=bqX3Vwo5/٥4G~;.(0Ȇ+Б[?q|}9ZUSulB#GY8`\[e=ْGDV=iAIlZ%/qg 'wCzm ɀJx)S=MB-t{6':4$Gj]uىi,csg7P= ڝEyP}7ղ"bZ;FcV77hka03>2&ŸNF!i0(RGY:$SѵwؖL!,3޵/r >8\z7aǹ/{CL{\KjA.v8C0n!;?eRB-M7\}e٧aLLk~+f1NڏH^l̨1;NK~-fo="pjǏ.n3f "͜mW 1뷒iIw,U5 "Zo<Ђk #S|VY)L(ykBhr3GQb$G:&[2Nn.A2ȼ_/Fr{`f5&&ho" &8`|YʋJ$m,P/o51 6o%,gYJq;B"Z\*שG?rlBv9Ui>[_yUHu#b2B54GzyQUwd Gg7O=M*6J۶%:-rn9MztXYM|"@T6Ws1@ 0FaFĩ5J#-(_M3G${Q'Ǘf`Gq%}Qway_|;r 8J#^B( 58Ͼ K$- TPV2(XubEh>6{ wY?0Fyx.75~R oOOA* )'jfg )դN4]Bj{H&fU5%ee=&ܲ,<\z*;킀CwJP?2fo0mڻkXz#|ur$&{!.,:7v(kk")F̚yIi^(H:R%!hQAfȫ6䉩 ;%Đ /dVǰڗ =1uS{үj?QF.6/«!ؖ }eĠb-H;h%4y,F13? {8C^47*56Tȑv ,s?ZJ@ʅ9oUM G̨J# cj:Fog\Mw8CIL't|cjt:ܵ>)-J'=Ҧ^ta7p-CKc/(o@Qiig,bB.2kxt;~:ةܞb jf}=ecpvd "Ue&O1@"˜L.QI)\m +e3{"db|7XyEo_ }K ee}&Ԍ\gW:VjQ\4nO$J- -B3p!Ygh,\v^8Af*yJEP׃ F3fmW})s2_QM{@'Ysަ`FWp_7F̓ zu_ª CZSK5S@)f?yC8F~.x/^"[քh)YT)*9YE=!D E@񄧑nBYѯ*H }h;4dXE0 e|2E8.=Ǟm>_bFgs_0LӋœLL'NRV*ChѠD-?. X =tOTy& x30k-sa.F:at{\D\z tR[F|n2BhN*>kŖw;_mr=q-#?PSFF3te,VsX  H4Z Q΢K9Èa~}Of%9E*MUڒd!ADwR~hjfknu[UC)1)ojT0YfۙS <9؄GtثS_V~ gd/F_dB ܘ*0ߌ35 $p4e"h0P͚BM@ "x %S/T ;JS4Q1(C3ByEt{fD>ÐdK+FREiqR2"K_M5N(!CIi:*&l{Tj"ĚM4!]5Y(4uRzTa?6Aۉ7<E\~Ps1|c Y51F FiMi*|:܍#& ~v7ؖl+ y ]&ۥbPacꝃɷlb8&R2 _ظaPIHN|QDx ˖FV2Z g˩BڵkVZq?Ѹ&Yd8#f?O(gY5Qz7l:yR(>e(a&abiaW/:u0bk :sZi 'k 1OϺ0EǞl/;qq[ė'+pxO5Pˬ3(J`Xin)4w#>ͬ2Yh[ij;0c;u~GrPI0p<02ӡO8 񩼠CBU2_6+9DXCKk9PMZ!:w@/. 2sq fzKWl +@pr\% di𲲞D+?bG!A8?L:t_54FjaO#_BM'dG! <+V9Nopf\2:Ve@ϡAo1G ~m}:A O&-/Ba7jlUHP LZ{x&uc~?auVnG/GuN )' ,gcExn3U C3vi h(zm!ϙ!j}HTFz-n!mLµ[ ^QgjTSG̈qȟ6}LSQz;=CsvxM B>t1rېy,}awPSemCI؀l |>P"1qqǵ\QmfXOj!I-r+CRu#гI _1=A Qk]Q^0("F\6ӮC>"$@sPMz&چs? $s:gkϩe]U>7aXtmbLD>tϧ7t@\%gISq*~%NP$l+9]{ThX/Ct&ڒ)B\3FVk1rk63Sr1cn[Te3i Ji]NsoIYn$X`O!?ir*3qKN(@9tƳ7/SfMV7r{(F*zs9 mN8:9 N rw|u=?Gi If|scO. K1ɍ2 4+r9\N74z>1RbSG6m8ݤ(x-t|>ve2^jD/d%/Γqy>ppu,4 +=ST5czw|=pwGD ;tc cp8d"iv\Tg]J;m0({}g%1Z-ȓ"Ԭa_P%fF'HnCO,Ku<9(j{WlV\-@J}]s%bhWW.Sޡs㣭kЉItC4p+ğy T$P7L2o""8Ƃ[o+ڒ95RO)CH`+mleDH0-6n־Fph4Uu3M(Ȳή t~)û oF nJWCݔo 44*~'n?j&6=9'PF_W4q.V{ dm)eg1ĠMUHoj7,_W?}&}v"'u6#Mè ?& !Nd D]DK3H[ijE0T11KMV7;&x>eu=c=Q!v2F$Y|ѪJ'iWBlaxWEF@`>ÔMd&|ȃ, d+b$K~ohQew"f"mJ([:).< Jޓnc8khYyr9 ^Dҭeq2_}IV=_!6S? nQ=i[)WhR "OYvz\<1 WKJ1Q^L@$Vr=jΥ8T4Ql)˝ՌeȾQ V3.'gכ~4,҈@X5,K[E nNɴK-="ƻaZ1Jzy#7]P$3#dI0OPC)2Gc(!ĥK0~EjcHz`q2,x1POYBeCzRD_Lp(llxޠGۿcN81Q"v K uFQ!ך-8E?6aS{!Gz7̜ .Bſ#*4rF}5k]zbh-uuխ!+Fbx 65+g1 r.cAOTI#NvjN_YP/ҁ]ĉ#DYu#5TUX?X[͞Z^6>O-[b;TmRWb jT/0Lį|W -'lӎP4Eٞ[qnO{|q]GgBKl{-qX{ ءF)u @e2Wt}([LٓISE!)z>Sۨ/U*;8cKBHH٧ayV/@)&%niVίTXtz#kVBbiO}>! mڊEAKWgʛ MAC `\o'"c&?¤@NK-)dr/k&,1]3֕-ӰNc89 Hj &~,z>q6d$`0Nɘ! | n(D0,ě1n63QC!ۯ$(|o{hG8xxFP J1_~>FeaIn@!lpzM5oSĕoMۇ+ن;SqQ ̗ͯ.HaܹAsTZ,rnSրL)yZ wyjBNyL򺀕xh&r;H.(kOU4Y@CTqP{~l*~r? X]ܘp^{,NEoyTz d14@k 0Ii3gIgᔔmmn]Њbmtb%c]> EE2m UQAϮ~:wHW =Hmt'9WKx prK٬5#=c^&=r>awK6np"i{Y:sdM+ p(\G L _Iy`K^&: [tBfw39pɥڋ`jw|n@myH"(ml9+竷U'kd%rX&oK)U[3R`{sX]MG;ytb-X?TR #^ s"6Sl kٿ1tY&A [_=zWfsB[:Jy*bC'):mK >"Qʩi-vc:~Y]| WazV W-Ci._y%:_T{3MH% bQ17~Pޟa"wi^G=?墕%5;oV~W(JHA-y4ޗIRBc 9P3 =GI{ſ,iEUk߾k,ڎy{D}#,t^|w| 30tW>cQ}?;o/KKooU$ 0-ߥ)"O9J.q"VGu9_c`OxN%# QЬ9RUv|+'"=GRK#_;&b`8٫Y#7Z$u/sVd|%Yck[fN\2X ll×ݒ@elkŖIMIuԇ6ī}"!/6o)!8| %P@ich2G6<-"Y5Hyi%Vb˟!vZ ;(*r>wSLYIq:vɫ >&/)do"O $oā* wg@]X ï`Z`ȢD4˽9O8U+}㜑SlCLX4)vX$(k$nT^ 0:59ƯUO1%'t X(dW2{R0FM~NV|8fN'P{ʽh{؅7Cv>|QĒgjC(`8!zVjakI@ L0] PԶ4-ܟK됼6$1T1cA_|]Mŏx.=sXJI;2 ,O)0@!d<֌/`FIA ?sS *seIGfoN9(L6l@^q[fHYZJ3aՉ1sm5$O{-,j-4!?>s%}IŇ6᧪\2d)B9/|1쿫dauWj&"i} [ܧQlN |U)0-kcӁDT~4{Vn=aOu/ p [-%y@x|[ KjTq{\]7>t-ʌ٦ӆHc NrZ #/;Yb,K1/oK a)L7V6(gP)OSk^'<9|-މ#."d$P6gLcFT Ќ6WImF3l*µu.U"i~.&gx=1 B9IU\;ΏEl^<'pR@JXrE@uڪ rQ-7=CrK((CR"yF zi6WK:"e/uL,Gk f%VsfҢ N?8cPP62&#S˵kqj!k>MO/'ҭ|ṽ6YMj\./X;![]ZCf][4F[zb*cN\ZGMJ}tY3 вTOI]Au>G0sCiڕUlZoOA9s;yҴ#bT/'"`F`..Ӷ5ӣBzIfdaP=KSnѦw\ltнcW ]d]U߁iA,8'qHyMp/t%"8ʈJq@8ET(^#<&!'̎~< ^SU^22ɘ[ky>_ʶ'i/PT+:-F&L$-GQ'B?53|*?+ 9G(JɹN!F[\Yϖ/Eb#/οUc+A7t˓$'lASҦt:& Nl8_:mBmN(3s k+.ݻL:1 嗢\hࠡwM`@AqDȟ׷EYjz7󤯜 㶶]A :y#3:J,(fWZ7q9xWӢgEn~R"ИgD멵\4P>]OO,e FX(bn+3J9H\eO[P |DWЌM1*rK<5H d"'II7,Zht Pm%r/ƹ nMqK M#(nZBhm}u߯dԫ<$ޟܰ+>Y:M6~fajn^ƉLbI{*HE#R/P6k@ hkV|3&$(+'mnˠ^` o{ 0 &ݶřZ|% kIھ\9!}%owԮ3"T:V5V6n^xg!**)a~?o:X7X-g ľp,ʰ&^=V mmQx7CHkR*jYIh4[gnQW6,*53NCEk CGh1&McwDR1ŤTW')~Os%[{ F)۲d[ '~֡)k}8ʻ gR0mO5zQNRJ"G̪Lt&2]`fKR5I@_~U|6ST"{I];A˰t ½ twԲ>l@UD5c79,K)n,"~g)_,`S,j(ss9Yլ7Vo"hXdFOru1X = Y™y%Ʃ՟7Ԧ+(). *}0WӅ<څ:AG+O]lj*gc#@vK+=5U,6F&`xIGAXhCQSXN771tJ7/!?#0Vi yƛ1T?q{d!:Шfz.rGh'WTQ׵h8VdI@Wy1`K~՗$vhQ{ [cDQK#u<03nsA i~wId mTF%q\ghHJTD ٲm b5{Ɣ3DE[Yh5^ lmنEvv d<ѓJj'Rgpm`EAl y˗egd|AEBI]Ҩ=1n)Lb6'o,2 !gt#K7,tX^ʰi۹c/l/`&bD碫sbײĭT<3ޛ/LaP#IP0C 'YiuE&wzSpHW>#cQ %JWQԯޮ.&ɑ/|6f"_Y0LFJhZ_Fgϒz g{h)P6$m`KK)OYnv}r怂LP"7MDw7^CKg ɮy2S0JxUa3E;N8e<|'pr =`D&uiZ85S6> 0Kost9~@޲k3,vjPŸمa1Kl2Gt> 8s ޼͎#^@%E\|XAWL . Ϻ@TVxKN2xq{^Z0hМeh!пxG{WDl/MP+. 1E M֔|gGo:ʸua`s-sHlfvVeļG͖qm`;'s1.Cr/3`p{]6o$]]I-ߧ3҉;k-Q^[f# np#ŧX>MpB5>"mV-E>JF]jL'? %ѧ$VvjRltWq3{^$j苵#_严$GY&󄭄6CVrۙGYC }YGe~(C!r5Xܶ|>hAOb)׃COyxj˝ eM], B䰖k/]29ucO?bNT  o,qb¾$8ZHuYB#aDbM6̛iIܶ#b&"/DE|_6IjBaJέA;yϿF#xgr˖-M~N]Ϛ_k<.q‹c䂹3tf0%T!tU! Mh"ˏC3bdvAhEb僠adO`DQ愱fG=^) g]:F9Į)b4PZ7polgdJxCAʷp _ƻgF ݾ@UU+Zb(f'ibOJT., $jlu}<9{#@%Ni1!+/?Ҁ+q 'E U_/'QSQ| L/(N\ި\%D"xNafUJӣF='W+ͮcG`{1s9D w1 W-0ՊQOa]|U^ 'CR W[#vק߫W7-Ag8U'xHN,[Jb "(4COqW΄/=bY` {jK? z~;WG=#Y,@pQĺ\^'$knSR"R<`|(Q|UUMMBl`LTCnfj [cVS a4 k ۦóKjU6zͽI=ԆWB3*aR/a5 {?燫# ;S@JT& b7:M؃t"[}|)޽쐠X6MFiB Fg;t~M.R1u~vF:<`/W j(˧ %61~5_ +3 ` ۬:*ɑR}¶8y/MMlL1ZR=sav$V2>9~/+`+XFO+ݸԎë%+Tz?OpҹQ94W#X>5 ړT7:B=:^E,WnR?zK1fᶩKk(uչ'Z  #%i`P* !Y[nzx5=M4sSb܇E P^0pb|̃shuff5MgryN~nF~IBsKS>4^zD7?O&puDTL'^^A,S_!a%=Ş/0oOwMzWueAыGRX *:`d ]6y0a@hMmE퀤e"511[CQ^^d|`RR<#Ųdz;F$F1L^z5תH|`ÝwaU tq>h'S"މہ*5Fjde:8CNtܟRJw e@tUVp6݁úb hz-X9(+;+d$SGtKY4! L~g,l®@80_*eʷ$Ap8p@zQwX|FYmA_YC81FՒ!tIR (PrQorw.?ƶy`JQX + M'nNh~erߴ>upMQڏG>`X'tϹBwa.F>wW.y(os=tme'+a}o̝}}z d*`O1<6jӺ^~G0끡:I$!F)iUSm"\c{_̿`{^懀 xe=gi rDZyVzIN ܤl%8}\&+$`*z!X$#uxZL⬡`Amp#ϮNxDve;跒!˦1dֹ#N S>|MkНEIzIq3ҺuӉ>HƏj;'FKdߎ >uųx/P=tssVثaQZVa[$iӂy?TPj{B鰑>7Dk-zR`Ns8Cͦ/)x\G^l_o>næi]f%c\'r[. '8%v=h]xJ;dxagl'tq՝tM؀WQ׀܀}"@Nv|;>+efVc3tAo z8mj6ɑJ`x[H oBL5*h<zpHD/F#u!bۑ3$nL:r=<~(&c&nhxkZ8_ߡ=WաFKi3_򶊨ʵaάqg'xvdjqUѥ q09A+5oF[{}v+pxJ9 n<v-٨fZbS2Kw[AjfbALMm^oY=Gr*I^gh͏130PWT.*7B=?LqK%&U fbVGS"D Ø1) 'gG((2a5b}p隽 <˓+sdDwF•6?2[B#C1R,dc5)1eY}`}Z(ֆՠsG)?s6(% ~Nt1N(qU9[L[E iEZcuP= *vԀ m{[)9ƽLȕDqoG `!@xGĕ0pj`褤Q:66gom4Z6XYp=]ތ1hx4n~6UFSAfQn:Gg < kA dyE/zw Ec%eP@g+Q{562q?a?D<*`H:l +It)|rӔ ɈDk_#'@%BFNo 5&3$u6;NL=h3d Pw;dL>5I=/vh'^"%E~qmhTwZo_ qwTD9TΩ31f>$R"-Atc|s}.»oT~ه^oҞJB'@"F΀]KyWpNqMEj[꺮]mH}bD#2@=|H yl\L:2%ڜ&Bsd-17}$cX55fR?5@A;@^64Ag:*dTqʇ}2C[וywݽx3蟿WFnށI.;Zdw6CRr ]F @ٖX+9v׉~4ܜQx鹁gw1 Gt_OԘz*ȓç.t M Oh4,*|@ǬV,k$ Բ)3MnkΓ%8ORP@ ./dnRH9$T=da?Dt#x9JM]Xo |KN"&7nˣvTP5'+Sqq]3'}Mc# V੠\w7PӖ!8>]sx p((L7#CHU|SŁu\QWE6+1ɇ*)Z׸9ѫ?qKI .!8|,hԟccC. qē"ݙhm_gfO+%չ7M`^~XbALQ+9 #[ U? %R7Ix,1 4ŔQU0-  ^./_7jV6|H6nR.ӳ ,AXQ fֽ<(ѱqG:4[ -lK@\C+1GMYoD!9zdRqC%Qyw.ɾf(tǼå:)\QBJx3Zȧ汷Ybttȩ 1& d_-yG< (Ъ,߁0ǘs/Vgz<×?\Q{t[m*w TCv?^3bхRwg'OπQrO% ?-7fޓ=mJ2HJ; 5y159/V1s5SL䅾"$.MPf3-c݄[u`ֆ urUiJG(jFW#e2~U+6\'느͊-:jގ Y\`n[0'JZ+]X$О$h? zN|օt]-g|`W chu+HeAǗϱZFqJ#@[A39]١̸ŧi^T-c2mv9P6uUԙ[V(C@s0O#+^͉Sc3:(Y2>jslgxt88$GO| k^j²UP} gju]]q,+mϭ]FRMɤRsVă%'ʪDGhI}g=:Q;9)_LN"=~?Wd`٤7.,"uAYq*1/YxNg/sxV̯۹6k6ۧ[$'V1r9^YlŹ/X-C;#UT5ܟ M R#[.1llf2hb'Ȓ oɳ} ?4 %"6Dj æ%%Jܳ+^@Floq+ףZ4Cm6Lf*EPn?{`Q3q!Q$2.31h~TY" NƆnS&:q@cFxte`~Ą'HSw]eiS4n(Wqkq_ฐ߸e>u%cSri:㟏]"r:8]Wí7#Sm4+&hgW; ?KttG]_-a:"H[!$_[TkUg7&HFSh gs5]l[ͣ:;Fu=&r-x蚍"t ztsܠf=޻ig1F_"#AOiV{zt_B<z|#Fah,@5er"+OF]# tfsLԁP vs@uPP/L-X.S_f׈Ym=𾄎[B%w<'|9:?G!by}eKhcҘIls)>PRJvk~^9!eq/^68π`:$UaIbozIB:̲"MuK)\֔&IMCmX%1!$4Dbj Sl#]vʹrİ$H|L5@,&YliC$>^ʞX?CMҺiyD1NOG~oEd]$NӃouW~E309®f_96vOif1H߰0?3끢<5M,{^! >6Q `J`45=;.ihjׄzH&TS*T.r!ZDkѓ˝ic\}ՏڭBf&LIe߿ܫ͕l>ֲ#0W_ e:Or=g\^5#N kukŇn [rTtecչCI˙`r~L[Ε d kQDzR! ] BPІ034kc[|pxs9y;n5ۛ^e=Se^әɯa :AY }@@,ejSfe`Tg Pf!z7nqB e;)as; 6Y(iFpvhyA .dh.q:2tl-b%:xd_AS4'B~8\ ٩OU ufӡ[FD[`4ּ*Di /k8،H?J[g|]>Zr:E5S͸!+yyG -nI Vt ''E_ΩvW6]ɡzh xikyx?۸|B,u `CB޻;`Ң;"Y/ d=/2\RZr/^ɓ xvA`ƒw9#R`/~.\X`_L{?5tۍ3)P߀~%}l|0[T !`aƅz?YaәGhr G(e9ύP)Mt8F%Z߉o@@3kمYbG  MZZ&KzpgC9]x~T3PD`ܿ+? vK^D70U |T]'S hRXy9RGuzO02J|P>Ĺ=ϼQzV2&J¢g| KUƿ]R~Y~ʶWijTQ4~6b`1~OD+¢s-p p}ru]fi۪Ȩt,R ፚP[ aoppkwVCŵN>AcxY[ G߀b|BJnmqv{tp/7k$ (JZs,> Mf4˭gG9R(]Af0ƶL)X ᜭZvH'㸫j4R,hqx,H %x!41b.Ƥp^t.HsA) xyԳ>"uاܙjivժhc; u!qvbKs!CPrA-[,_,?O ʎO(<N+R '4w:m^V(@CHŠ+l nXD@gaj # 0Rt`qG=Mp"]U>-w\T%rr/ϲsX~b!tm+p  xhiбZf. vo{pNhΟwX Xl/-o8 ;ПLIh71W3Hq3V`cnvŅn0%fpT/3[_^?-ݩ\ <%dD0粭!7ֆϤ_-դ˷+NlL~i{ցI6xlpח֣ 6N V?lNjJmC.'&*)1"a 1v+}O! M H7$3-W:cDI}A?lϭ{2Oe3g@{9M_lXM땀Te (- v+)z$0;,o<>pwUii~i%fNuq> kh @\]w~uՌP2X*u-baPYdb?qo%d¯8_s|/왧%9}']*_FtޝF_&|< ;fգ*uL h+QYba9uɤZAULgjlI}7 DF$t\IwXQBKo^[|Jl\҆Ⱑk֯v&64Giʩ =Q$WQM3yA<`RteASi$ gdg:+;O1w>ت5Ɲvl-,K]kꃼ XX^A*jdT S; Uk- 9gFuA VQTiKo}'_nͼR;)Y&m*p5Ӱ^DGU$kB[ ae~vq8.N45i)Řg:`-\-~b E0Qfla4/}[oيZ܂eUP9o q{<yE|r  ic8GJ4catr]ׁh8,c`,Z"Q ,8:)cbXu#}Sڽc[EяI~MmA^΃N@@328UnMJʓlC T+ۄ5Lk})fIVZrAKV^ޚ3If+6b܃H.ݬ[dZk}KǛÅ -fo}su#֑0Hi^eUxHtkM9+˜hj?~(-"~T?u}cl b͉j<9"՜y&zN_ sPsCoEwY1140m̈́rb D;Rt*YӨ`LhV.Nf )@_rdG OvKIc0O^^)C\˴f1IYmZ5DEY H89 D O#8CnzӁ=*/=30 օ#enh4sYK*u{CMZ1dD&4cz0pϗ6`c-e|>q`iI@}-3ڀ;U<_sSv<u5٨VkI_SX:`cM8C;P׮ uaK?[/W4U'> gfC*' :ioW6pcb7mތjkwDMC<ՠҫ)Kaճ"OL^7+`=s_öןo}$W;K:ˉ@:ٗ©N/Fꚛ]qRd1ZD$iEkĒO&"_Y{RDѡ$?hn0c1%ڙ¢JTJ^WJpԲep͉EjY,͂XϬ̩?X!E1G€;hX j*DQ- {jo+=t-geMEaҷޫ@+ih ڱ@lZVaՐȬᆹy _3CU_iY?h`|_2jB.7!Rf0tĞi:$T.C EݦhBUCb%Eĩ \4KG#J/+@5Fm(1 W]a)!g~ o+TNZ>7lܾ4^Mv_AcMEW AxS.eG2HgaD / y4:0 S4v>vʩUVC3أHEAٱ a3tI-/ɇ_q"8ޟŊl LeX;h;3" ܑT|yWڃ[nHyR͛dg=Jŏ|;9Kr5 c~MGխg]IU2pC\waSkܐ>e=ET,-S'سw!ۨ|p㱗A|qCߩuH$Gvr@GR~*gJm] z\<8˗,'*NM[Hӗi*˜)dICՂv($apAARy>FWtS?)-G?Y$x<:_ۏr{*W^ys Y7]M0f~(iF)q\SO^(?;&C7^n>XJ!"RMSl=wa=qDeuZHwG<5>5UfYoēA O{qD+ =VYeFE UGJ>e@ H4{֞x)鯟% uhT Lϫźya/[]$[?R nt-{K&LB_3pjGmڝB&2jCYu2%l|W.CpS"RqU~LHn}Sx4gH5NI?$_譺9 EBtqng'6 @12Sa1mo@H?eC[^*6x{WsN3qQκl{ۊR9J eO% ?rMx"A+ cVdͿ FuZ:@2=yZ͟پ}p!-,F^B>} Z­, ´K5ܔa#%wuj f9:ť"+=d"arInFϘpFBxI?VAu>2F{1=H/l#qd%bLsP^QSMWZ?ME^x44DX{x9hadJriʠ9x?#o6ۀ=S n Xikfu=j8>!iLN~= Y %v^Bw~ S]U~Z2)(ݪB0'#gߣ4F}*=řԑ~6%e ٬NEJ׹ךAײל.:Ε)Wivیąp Ao5@ZsIP?T$u{"2-j8d锝T#Z L[V~Fdu,4〭_U2KO@C\ W"-h3jjqw`Abvj⚱)> dٟ¶Pz~ـ0i UA,TβWBg^Rɪ_kW:# j}o=_x%hce-}mtn$e1>(+I18FwU쏹6c쎫BC:|0z1<1O+lys̀+_"Tg2:jPbeCz <0Ե.Vؔ%밺ZwWLv |t+Kfg ;)Gm7U"v J^l¯3$]Yß#"Eok:r^JԒ!T]C]РxDrށMp5/%Q+ |H a.bn:tEN07V K+*Z@jg;<&?55FW 鴢Vh쵬!!JX&{hbDcX.IKz 4v|/'Nc}H[6nlF#\h|. k٘i=e3ĝ`el +?jo!܋Q==XX''r9_ f"r/kRTM nw-wFz3"a.(Y}c"?'oơm ^ii1ѵmf)9Kdk{baB遬&]-~eBMإ ;\&1`PO6 I&e Sq Ur"'\btc T:T;BpCfݸ&_`EBZwegX͛Sׇ16o{ E}r R2O Cpɳbv^0e!p11 {dɎN=ʙ:Lč! ·.80徶j/=96$ ;j|n@;Vl|I])1ݹrQ˙yc *vn*s|z$U{1Z=}S݋"#iƒbeO0AH" CQII`R8+o0.:(sJb+atv+5i㔭ʩa6MN5C #BckJo]=LGrdŏl׀;|ի h`ߩL( cyZ9ohPAW x)zꨞ/>wCG¾ ;f[Sy^xgzg'yM6Ƕ5yRaM? l[|DN\ީN 7€~J*G SO􍉘Ԍp"ɻbTlgI5Ɓ|Gb)i^31率knZ%Pq&GkzYF*Xd 4;wp>I=g6 X_࿮GF9E߯SKLLP\V͌{|ge8jtR*:_;_krC4\F7j^ˤIh5^LՉ=u"ɮ1d ->ȘQ\ sF_;auRڄ#Pɉ&Mv:o{gBO\DhV-|)l1JşԿ(W3^iysm-dASِQ2@;A16& /wWG ʃf&b!xWbQ)JEi}@q_}D.[4{u*i+"<>XRO/b2|;JaŰa;z^l]im0bӴ,Ѿ2Yo@:@2"("NUun*Q{ _߃lO4w {]r+yGDL&Y9IN3 XLeV dFlf~[bŽ9+Ud=Y:mf\#X4͢ 4bWv$AA(4[0]1IUNuUGӔ8CӏF O >U;GV @AgUɶsBEGoV r8iyHT#ƔI Χ,׾CXُD'ڌL{0LDc˓T2ò[5믴EiK]Bpáz{R22Gv.ajÂ%QGWP4(i"vr$#5 mw*%ALg+uzϽ)vpєLTz#lmU[8|!R9W3*r<3dR^2.BCf-j,Nk;dU+5~jޓL&ۈJRT%6 L`JLLԜWfsLGZ``V e*[*MFQ_8|ojRp#Y+{[I%-ˤkU>ml wg8:K=,\b p^o>?Ye57p%Wa#-]ܹm:lv`QXs(e WaEi(l߇I/U@ 9cFq]**@o,XK9ޒ^LV|nDk\~ :!Hо㪸[Ih g#(}!r$ڥW]PCq5O5Di+U 9\,{jtV g[70z ;8>@.FETD3 K ] lF6Ǎ-iP$--M{n"&YTKfMp+<άԣ5bhވG#g)27 Z0² @ {r=_sru0G=/v.A7C*0/=PF+VE[jY;x2 77QNyzpJGa?0 -)ߣD x\j¡J͈GwE1Sgu^Mγ=éǛwfsD.$ u_++%[1'ꄗ oE}cԀs}ʜdc\݂)$Ov֥>g* @leM]<|{G! &OP8L?J9Уwt e;ϣ')RC+"5 6ъQDy_ _o^}JEB}Ok'D0iGUOR)fb̌QЫB#@2Njҵua )1R?^/̓!A hX2WıU3GYTS47DxT2/9mhlZTJ6ɼ-UsZG@dlŗ w,?HsZ@gX,٣SqثaG*܎Qtf2yw.]\1@9p'+*͏vsH37HŨ \$KsY/-H^0*5 K1a!EY!_'yf Q7P{smWx_Z%mRV~ B*6TAOK s T O-;Gk%)xDA^W:56+P0\@Оhط1w3M`W@Ʌii^& $!}s9@OřW=uBχS[6Xc,kZ΁{N$yT`5J,TOCO5TgG8cfAU '䧼 =5t׭o|9&Mԅd-+& zOk E(pķ*s3H:>qW)ѵ@׈݉\K;y9s$*{wc|$A>d1 k 4PC†0-HEӝgai)Tl9DHn,dB`zP& A)YjmEO^V *iA1Z3)a )nb(DcnȿoSCf'Ha{8hWU}O?!BrD8NE:4zQFPŕvmz#n?b&i㤙H  Rvm:˓&\.<9.'yCc7C˄WP{7`UjWwIntAi]0W9^ ϻ3O| 0Җ5T'.DaTU[ϒ3'l!r҆?dAP=x-۠t &x$ΉN͏5(k |GSq;_] `JS&+/:S0Q Ù+xQ"a~Xnݰ //x!yV62kƱGvTIRG>2v9Ѩ0c,-'_&o85 P1fqxCV) |!~:* a"@B!rn(D !xPŪ8քKYGP'·nʷ4YHK"x!tS0oٴ166q!F˩\CR`&~b6 8z׫*|Qa4G@E?rR쇖`V f[i՜;HWuTl%$jjb/U~ QlܧRϠҀ җYG<7~ObxYKz{Y5Hi?r(u gSC֓Pa{SgUbj~}]NlW#n?D %"*K4C}N|"e79BBh.:hGViUP/BN|L ʮԫ .GKD3#'s CA ܎+/܊4#^'%xD P2[Ol/̐7|aR_>2#- bm(*tgyEbqB(!-i 8T㝾OmPs;L$a҈HYg Jͻ㓙%ZHBZuy&i ޫ:kX67 !)oۨgW@JʗC4)vȣ0HF 0.>?v@C{NJ.+¼B4Lcζϔ0钧cd)4f! S [Z"r8ͥț N4L6j0$(B;REy|Jh7!2>,!-!TPo4l|m0H!%yGb2 `EzoV`pƯL,6;X t}泹gR/RGmNoҒ1%sm&~BA$phIFR91k i`zt)}|pN! Z1mJw,_l bTL?-Nzju}!S(xu.Ӕa }AGPxL;P)6F%L-@K>rkN1Ð`!KK|Q4ݷ%1WX袓Dܦ䥹z!l_6T9L.`#+oGpd3?ŶͿOOF3~CaqƂy%M˜PNԆCD*١#uDkC>2D/l!H̜¤j˖Qjb[M%ͥVqy^ uRT[17=ϟ5l{2?n$p:Iwrr۰n~w Zf VĩVda.AΒo|,}x " [n*(j@ZH+>mN/O;%lI`јԏ~,2C?…VkWpO ͕y}>7J1%roQg257=B}cZ]@KZN(c]> &q&g4ܠ#o_B>PwghV/*JxI]͖Z pQq-4Pĕ]P6,?;VZ*lmQ -K2CAqQEYjT#mG]3cee_Z Ss Mw%/?(v Qg[}$VaSWq 脮Jqy@7NX2y>`d]`)Ӷ昖x|Rb!}U+௭ LFJj¤>OXdYve95WhS0ɅO(s1=dj^bzʪ8 $/e#jmӻ0Pi2SqWutk{cbJMgS4 Ɲ;%-v)`h-2 ?VMBuM{~4v/ rԛ/u1l*`W Rh6'۔QS6 I%|^j3؂ED~m<ůEa4ґugf>W'B8)#ΈvjLQ*?9lG&F!{~MAt7h*xNV c.AlEfʨMЪPݭVM= UjA]b*}Kje%7R@mNvv#DK=F0ՍXc!P֨2]kJO?6"%sQ:$^dqA.#`>ZԞ>ފ20-+=ơmEehN>wJ8*xVAj8R%?1CmyM~EZE 2dHxȾ[$LIუRW 2AkG0EL{'댣M)B`CJ\|D 1HWkf*fFfʋ'c0Q `[T]tYc,?~rdynjZ LBS Я%h;Za`c:eJ|\zoճt̴AEVL`\x_#N'D̍{as0ҫvs//1)&wE( 9 [}luޘ] 7HүV t59\zG:$laݾ^^FwZ.b1-R9Ol5sBJ PAǗ"ߙ4i̚焕 #r~5#|aރJ Ekut?߈g"lap_^Ґۄ$G|ΠH:˔+=s(Hm:oIkk>8ϼB*6ixAi3b1 aZcz4R M7ïMCj.#/6 0K͡q%[9.׾eW*cK,(T]>iTm42,@(:p>rh$凍c"U{WDF~7qsuǜFy\F}!QFYZa NL**8 xD4wtY&:;_LvOܠ'=mU٪=ppG )pc J੼vW:|?M[,yaBG?MҎ+z`?_7(X*.j7"%*u=}&y?+!< $z2!16bI,E-{$whe! P[>BPFY!9Ԡ-rVW*%Pw:m$A \2 FIM?UMωPpHvE$Tws"ǎHЯQ՘ߜSj@'SxqWq[3Qsl}@'#B-q=do>0<2fXkw[TS)0+k j:vXWg8;|j[ '2 sSkR*2m`B޽-1Ns_MnmK5![W"(* !  DnPשsZ?S c!a'0](ԇؠ_PV:CG=êqz pb^nbPwauI14lޑ̮hIHDyũ~.J̌@*`Gۇ%ޔ.WSY Ig8Gsuv)"6[< | GeR!PCĖ(eSflDSLJM֤DH]րa@U`x{fU F8>wӤ5ך6\x" 2Sӈ!uJV2pS!p՝5-CV.!lϴ$F'>%s((uXی$D|A:AWZZ9NdQ#|u؃PdƬ}  S ȉy %1p(MzmO ( OxC.t9_2>PaiՏva5>@ 3|ٸUPGT}rLHs0Bqe0Du”Qvl/16XZLQP5ֿJ+At%[ vZ;YTp |ihOlP<%v %_U *YϥP"lz~xzKlM- ) Et! V]AҫO;1WE﹍ <ʶa ڂ֚.#2Ū?jXI ZEH+Ccr)dSWv"hC}7jRC'x6[DO d@LUd591@^6`;3e#)j~چ:ì!pT-3I&b0ɘ&\8U1gX\zekI+ȑLʼ%a.mAxgQ+bqbH 9TWB.~wC#'-y>k4s|'HlbQ=aG(ja%(jZ^t/o?랎- 8ɬOwG5nmoz5e8`lEdY+^Gi_}IsCRµ~.>D@Iʃr/mQmVp s\FFi-cg>jdN,LHbq /Z0i?%9Gend\jA]0h7Tq< 쬇mGIhKsOȶƚur377> 1&TH_zP;gEUȸj9IP )Y17 …yn~s_〷4,! śƞ8I4@M p[[t_:Wr98u5P{ƞ^`&av=_f`ɫ~?pH2G)۹a0t(* $&;&(O !v*=P!J͒^G.tNy`NSV}+8,}22ES#7Tkb>Ԓ~V|MĘ9ѲylV/l>=^'qNa#, )9|~ *'6C_RGw+Ȓr -5U)??ۍf^(&'y<(%8)o$?N;ıZ4~0+nUhLەz2Dv&֪_^߃d_&6\O"EKP}#9R 4&#h=87`B0pbTdtTѩD1MBNЉ+oS+ ®j[Y2die52[ۧO^)ܲb1,Zs(pT5Ӗ\]DS5qhIޞ ( ?XT3xLA纏'L_~5r7Olt%YŁb^E?Cl^"LVN_(gl_P*tȦ\YJ)|w䓐K8mxHF@:5 p:!f!W5 0d1UIk␵pN ~, _rD#i+iϪk k, {Cӝ:oja+T׷N:$Z-)i+WOxMOt(٭׉s?S Tl 5|߾nhJݻ-KTNbBQ{9 g~Z@k5ⴛa@|7>_ȶ~۱)>"&Q] sx`vDsPFs0ckJs,:UGc]uo-<,z4 vM4[&N{42 #kMs'7)Ine8JU?^|y6j;A4w 4`fiƻ% qaRK\WGc`(o Կ}5yNL w\x]v 9eG붎#U=E.*gQ-5P$}/?I|S^P^"Uo49/F4Sַ\Ţ]17.1 {v] .4qA`'I2SVG5ANȊ`rk9QI_wAj.Fty{afHi(ihgJZA Q\@:E' /ʽoih"{Ͷpqm0j;(Cc}5<>kI:My}](XIt+7IC3"TGO+&48ՕGI(kŖx5)q._0wzEce(U:#WS;k۔7ݝ AJe%ay#eOw"d81\-+[|p=B\e<*.AiI|^ σv0oEF1I)dr>Mdǯ>'P"d8Թ buWl oI@[ IQcXwRfJ/.&oIUrTq|EZPHubF?nV>xHZe˿>!=2`?/t.sX@SExcIpǂE 2ˏ#aV_gv˲RofW6j;}ߏN)GDKc;Gj׾_DqգGeaUhǟ$WS1#z5%2eKǏXޑq3|ZmQ)))Ie\SJ.O 6KsC?am {E 6IƠ.#RfIN}{-~ ?Qn 1=rrƭ})n! 1m@dneN͑eA Ԧ|<_}OTueԥC\}Jae@s3+7! ^Y,:ZjB-/)Z" 2_T+ :VAXp=&܆. ~' 3 ͽnU⪪L]m`7Lru%ŇM.xoŪ=D5u$_rO ekCB!&G]-F&[G_s:C=h:['H_cR/ ѽ?kU~MXݱth (Q&飹Q L󙱐&`ٙᨾ*4$5W>₩6 vf}¼VlT*J:,& b0;/4>KXl .C"}Z IIK32cԻF?pe\n3:oN_SdD.QGR:SCg!A%>+ ޥoԐ4kyWL"t;; O{${bW1mZ7R=a1%a^C)z"%#c3rK^?$T{[yӚ'7JRM=\;IwFnW?tz|BCؐYޛ`;Z%z(.AuGQO{T0`B߈H̓)p9L '~|hypjz;AMI?^Ɍ:r$_կ]8 ^ֈB6U/v/b9!#k{z9&o{Hi0ivaVno !IMހ/eM~E;#}ChLj)9C#i2 +{WM7$jsWG{݃swf;iخJ=(W>Nv z~opBсTDn%SLWa^~ʴ"9h[r!Һ0ћ 9 zQX S+χ4|spw&&fη?ƖȦI. D^g#_O؟6{(Ico7cV{?ŷ_1!#$_a:IgH/ w80ؖ蹣QǭϮ̨v2 dŻ0Y#P4p]X6 r'}'^K` 3uc*-V\f d6E9}R9K6l j [YG0egO- s!6MgKs&h)k  Sj<{q4bu6"n{0&2b~_R* jtp6_ *߿jI 4}Vע8I>НxhC)z<5_A;zgchQ gPؾFAYw.Q&X61}K 7Yj{MEkgß3"S:LBShoo;ߢ&sqSh[)L1h-Q ?dJM3dGU+~+忯xI2wO6a] VT}@]]yzٕҬ]Б8G\6B3$YSUIx@u=M @,uZܩ}+` IqSgXZWq&kj'ϡR݄̄Jt_]۫GSαh= f-}yAmkEqŻDRUR-20N"KֽϤ`ѵPyX:g5?z֦A.fdUj>Y䉽D`{^J[7JtEwwۇɗ"vl?STU)+ٕE&x?ےaUJ>GߏI*h`q7 OڽG΍5LN߆/Gd *һ?g%ZDr̿M,+ !8@Db}W{)|G- ˷*i?ާ[D}?g9_4>wJFI WejF>K]tSq). Ѥta-X1k~#JknT1Q`G.K`v࿴;eoμڃXYJ=o33T6=q W&G)ݷDOJT̪H́ G .9Z6ԷKAU58 X|Po n)Tl 9,d[U(.vL V hz ؂("5ڤSf1L P8mbEp4?ݾgu,&e`3I[v gCJ0S6odjykF4\;H&.B>}Rgh78CkQI:U? Zn_@h;H;_\3,qǟ{{{&4?\#!r:z?c=cX mTD2^Jy`ssR{5H2R?KWtM;%tꝴH+Cl/ a8@m[GW#+' ׁ ߶Q?A3(v+;|o _mYi ,u+Te|Mvȏf^y4ޗ4&rv<{/b]|>ԙ5?wp/chi: ^Ng,i 6JZҫ'pٱ4Gz5)b{0uĭPW8Z:ĐNyzpIIEh!<@31_1gTns@8-]Snl7"i!d<%D{O~i!$2_^U32}Yzfޛ*]G2=GNJ V>qDT(ijȸ˻fpki3 ;&D]wyxYrn?%*M>F{6(\,<ť$ŠܨL;]UEtNrd;+ (wBolOG}V[zGlRSuU q]뇠 qrtd=Oh:ۆcC%0AQ^"tE4o=[^2~#dI?<Г]0tlG0Fdز"$82=ބ%O6;3 3 ِ6) #C<*\jF"A]Pip6xqSo1LLɋaUaocjH&e$AV)Ovbf qohaZmk ,4*|+a'}^?<6.nRЃ`Ƒ7qhe.7RPt=8i~QI|OIvOP8? ŵI|XD)/>u+U;rNŷn\5 j=qk>ќFrU&:i3N^B$C5h܌U)Fpx_[F֛'Nǧ7X  ^%hC}=}KQ 䬢Kuh> HU]T(g٦ :X|ݗ"z?+>a)Mg.Om:W8~=PbS҉xҗ'0RC5x vnq(qa)'c9;UKSJ 8<Eʿ]rKHn&~DM?sѯԾI[1` ;j<rk1eF 5IBݵM'bucΏ*Zꏱ1igخ@\3ʆ ,[[(*o HSh! DVg5+0t\ѕMZm'3Lw\bY?Gv,`coϠOh(4p3Ca"hhD/ -}V9ٍ'3:8'q?ԁqYWl6%z;p1h{*" |؜Sg-}@%ԀHgɼ^i~-W-[|A@&/ysDVgJ!pvRDAn/ s}/ZHZ|옮`SX`H2 %zQ|' o=78ʥ7ҁ+}1H&UiRY@@lu0=$˚):8-;~GVgkJ7grŒPr Vͤ* :Z{ 63-o^ng,N hW+T-dAz-/D,/u3gL #KtyVJ5SP&λXnw\4NjN2տ(Le1ԢtKuhGyOES('xb朧AIQO|V; ?H6o`OuidJE(~=e^PO7x/z Pe;>\~Q@~݋UQOAٰMA&kqDv^z%f96@)sHPx:S|ދ2=AY&҈5 >@J/|6̡P .iTȼ&&a+6c^ ʼnEB WY=ɝDcƪ.z{Hsy9JLlMcَ-Ǐ1 <,pnO&Z5a+B3?,)i: h8쑹 峡|kP 5 fz{2[v:597|,(bCx~g%*1qZPPN'HbIl穇!'bF>"ħMSW 2%09+Ᏺ/%5.}9M5댜AKֿ+fuh2-j6Z+%X%,ăNc~˶xP0dWUrZM+;_|ZQ&>"_=V/I<ԭ8SG{a|$|ڭ9HI qAK#7 |ֹ5.COn&-1Ë/?w?vAVI; > L u:=2yMxh4+ %߆rXq#ޙҝQ#ZynXjSЧS&mܰSSR"(ÇZg5 U{0.xuXDQ,9K=G w?}jYR9҆4P9Cڢ#2B K8.ˉ!gHV .ʹ, / g乎>oCPk=0i ~ok"e$ԔKO}L¿13oe9 srf*1KiaE%ܪ-jY0-,G;,~XAŚ9\A 8.@(bIԻ(ulH.qGK7B)~ 4ilPwQjn=!L}%u$NGxLW:qfkdQpg뢎gXljt` qp Afyy2GM79H\ɴ EXoDv)= 1Dfi~#HrS I&˝{5ȆpXΞF|AnŇK2\̘84RޛnܐŰR8duA`RӀ`[<.@u9b[D3ob P[+9XiЏǧ_yz :*fJ+u'Ɇ`MejFg+Az(lnj=SGlu΅.% I[Ym?Q;$zk{sc9-ǃZ 谴sȖ wN\PFU'҈ENp ϬzƽnX_,l+~>V#}. 1}A`t B47apo*[ <˗!Cn7u H!k|x '̤ロ-$++g_JDem|tsȖ!ԩqނ&ofҗD Y}ea,-o_ᜪ1J \* JEՂڜ@i{y!!Np,.!{`8oVCwSaG{$1w"gWv}XkI5A1p ?ygćw%w'92׸Έ9R.6&{A~uPTDڶ`d;wWn;S% c衶X\dcg-˱9Ĕ1w۷99ZW[MdV^ ҁ42@kDH'QҨ}]U&},d !#3|NqX<̬ ӡS$$EyYD]\n3%Ds4Дx1p))IUy 췘4T}/F]hP~׹d1hm 8_Y};G6̓= }MyM7ƊR !3dᑦZ$\K]_cX0p-X~̞p3CA)M8PǧJ+uOWwa{(ifц,c=T{aY)|2Srs t7D2%hif3|ؐ"V8oh ]-pCN͞b" lݔD+fG"bv :hi{Egl o:NxHxXD\2sgUfVT}Q6&=_io%rQ\$M(in0n3F6( 9kK^4y[Q/U@粟7:,jj3D=4m!ԡ#G!pnwYm]Q"n[P*~ ݺPt ϡoe߻JKb :r=\'V|9E tAaL*8'Y,*0t]ruĬgKPwRvPļ> &ut)!I|ngߤ?h k+er: I~ H9(o&qSBTQ.^EO~[~_qΩyٷS?_}rVxgd{WH8*䲕㪖dy}A=%/':\fMtffjplJl%boԣf^qJ#h`XÌpb\.,KgWmQU[";#Œ l_3h&d1:.w%" ٢$?N3H7|T?揰c;n۴sH\fr˛}+{k0:`x-x*]>2mܙkqXfktgN@:4|~u)`PhE(5%f{xJ7pks͊BbyY'ܔ'(VGc&`u}kP](hF`Bx^) !Gtt|Xpy'In;9IXUt s; + gb'*C cV^]D8 QJ4+y`b,n]?YN@p)E3x廓].B` *eL_>Hj-5ǝE"%eJLTU {<顑AVS ȓ4D lQ HPgg~90[FhiM0…Ҏ')w' }[ Kf.te+?1$R$A!#:Jt÷G 7wI=8Nɳϖ(LhŹ%2E^*Sr/u.ԝs[I8b/.E ]1/q\r lgnцF62LRKEGx N-Ca=':rnV_~/sEca4*(ޤ(PF:ʊ}JbѸ[!dH[퓸e0sQXbE$1=iRS(j˘Brr†m!q챴#ew!]]"'wT[-o;EsC FCAY0e,^lȤomVѻ Or-:+& ,BnZj3?_ XʣK& <˳ύ@@P={feqĜ죙ycjq,\n#u% ;(18-2lܬXVlF u08sB ˬ./W\y%i* $.bdЀU"ƒjwښO|?;JJNN ߃%UV%d!eSIp+5%afRTO=؜-  [cCglez^ߕh!uEiN{-We/)`=oLz:'P;oH@Z~:ZϨoyd8L,\FJȽIsm~}4\)ny.ɞ(jӚ%ab7;m5y6JvR0!/` ~ wk \f7V r ts}$Eᓶ-2&;f>j \lgT_«ߋ2H`UluDm XS$ʪ=Nf|)Dy\vHŊi -㡮|["/>P;Wӳϗ*nZj/T5**]NT8K8i^>𝒒1LxddD}tͩV7, ~NI#_>ӻvG^^su$=)w764owRgHL B5~Hwn_K[>DplՊvOvf8{,LL*˲n"ap^I(a}I-Zmp'xb\ZD9Lϰ~ s͹ c< r5l:[N44dʻ( cj8'z]`A+d!*M BR1<&$] uf pcI*v*SR˙ws<AXT~&(uӣG!;4V"ruz!K"fNo(Hkț7iܜ |'E&)o(>Q+C _^h0ǚ!\FfF1٫)lU aE:T37>- 6sMh^۔Lr7WKǚ>gy@Ԭc-h7py^J׍^*)gf9b@TT1o!cy]OG  ZF ?_K:R /\9C2W 4꼭 ꬣ ~ S'AX%ScR1` Ԓ{K|1x2~A\=G)1/OGJ\ D)$hqAm[=mx 3fu^PCc)<R4Zt,  ? NkC$q( j` &?{D~YK nP}MW4g»;j[?ƻDp/ԏj:Fzuky ǡ량nm+41:j4)φ LO:_"wwNA|HRifW+ZhdK؏aJ8eu]rG1դR9tܴ-%/&m.p3&cd?cAHn486aUKPVɋ`<{ZfErMk.'yf8ڡdNYB 7r}*_ B:ZҲqmհe" 4 Q"e!~ώ!sͤdcٹ"Oe"=b3'wYOߞ &o:CIP0*ܱtGjmf:\d>vKחZ:zz{/蓁]TA1`cpSNq[!S Pj@an1c9[:KfU[ T@.Qaޛeg#iNQC>1X'(Bw7m] eAdp%:igO,3B^dqad/vm j-{9b*ju :my5T['\*,H],O1sIT={&SZa@qsO9j y1BypPLKDM17Nlls1%@O#QԌq}zT W7*ۀ5ÄJ9:kkJ.3O\V/ 4 Ҧs ;mU"DWMe~*wnOY2,Y3#oqw [|ĂIA.v䐣 5= '{m݇ygГ$yEG Vad*ewOZU4A뚔 5u &ͯ!]:AJ36aS*I#.8< p[P&2vljLGnt[˧s }QHsO䗚>:Zeui^:i*u5K`*1>OqsT$ܛ3SWJO]. N'KnGLtJ*gaٹ MЅQA΋QelT.2')i.>9S7lQs99~&7;׀um@} HA9+8{LY8ae^@3BVcx/$WghDѡj_{d~7mj~Q L.#Ew<| {FG,YȠicoʌm&V WKX9>luf"nqM:b=,(PA9Ñ3K{ J/bqu5Z#Q{'Ƴ-4K:BVX̦"簆4Ro3`PayʵCj^z;1T`7qy ldϠ/E_oæ =̗kהat| _XҀaziQ(O÷NGI =gzD/RsZI/-!՘[XI,YS&\.Sy}i+BXr9 Jgfߙ,IbѶO_ ݄μ*uk%$(c !+pl\Ya&Ȑ %U U-mUI?s]BL@7m@q9Šw9})vB!uKk`2)1cz^ T9noPQhOC1خlvɸSx3G1i:`g(6\9IGlڔ8FJG`PB[[W=IӬhdC`Yi$?67 PuS`ޮDuɽx>rfg,n?n߷;W!nȽm?{UYc@NXR>[.&i 's/= Zy8y/ Mu[Lv7nnj׮TtAagKin>!A1zA].[Z1:xU޸@׍#|f3s>@s rpU ~f t,Vz~;#=]3-I/+--}<ᇟhҰܝؖM~b ?%]2&݆Q#$ްI=(, x>, $.+Q/67_#^#A P.J仲VG}%-8'~( uF$R>k`T1NZAJZ6po|⽎/AQ͔qkZRM {"C9ߢ 9QCy"1_Q;S{9מޗI>ت|T荡Z| x2xnUEaﭤ ~';Pb+T,*S}F(M3f~XhY76 '7FZ|_>EhQ3v n8X?. ֌8n^vBx/[^Dw !&OU.=%ZݲegߟZ' j7r@ҷՌ)YҗR0;[4 76.`@VnI# TBLA5po@ [.iz$4NNNNHM'0uzX* ሴ!' 3>'_I49@ V#}.߆$]PEҶ'od!\GU!g#$?KC\WB[emRht%NJs4}6LĎjm70{Yi%sG(|NKO)0~_yW `ez 7KCxaw8WDn@.ճI@ #"lHeyԛ9ά2r k"=FRG.i~߭anN9"ao8"=+{ҘZ ^ _øNObK$k kt{,r7Mnl  /WS㢑hӖ&6:v )O! 3/9ߟ ίe kUUtA`|v5 `J 1ix Hq[AI2{>$&,@(1w)J>Wo1piáQRyudCx ht.T>YE':? xBqbUnt=",u\L'?z& \!RopR3Ɵ6n1A_%duc@W=?bѧhOjOr{R0ЮW{R0҇SanN'۔VLH@]AnM˽~}AibC$-f"td:ǖ-cKAΒz :RM0{g꫷`[ZM^CpmGs';"\o(YNK(_> wa bZ&u2OyF-qcu3m ʼn6b s;~t U<b):*_ hUfZ#̯)Hx< 4jp'ZAJi/k;#sXb㤀yN`.,h%!A0VkͺXBχD%>:,=ڋpʰA2 ql>l;7!Q)D#a zC8Ȃ6t ƹdFo$2+,ed݃L'a@M`;H@^+p1 y /g1}}PĊ t4*]۩L}cԾ;x.'vZׇ U4{pgjI+7yț6a2;Jl{9v,Vk=BA gęs^I&f ∛Of)o'Vא1u*o$-0N" cUmU~ѤWQ[/BI%,7r,kSNkLywIٽp s`)玲CBF h حk[N$10oiv̜ 08YtA,8(#h`/2h>Pej!STKrn3qs{Gt*w1 ~Yy!b"]a{- ү<3{p\hDi)co[7vk̈ qWxL$aA\T:?V9꽸$K<`Tg7stRd/T.Y 1brHM Rh @}P#I5'8,Aat{BF$R-䮾x/W" dfR"&'tَd;a}AJNfUzVS [Q(m68榒{fxEE0l} E !ݸۍkPqx־$9F£&Kv݃p6{ ]5FKQ?}oO5ݰ[IN2k$0k8~? %ʽTIql=+ oOh (25g~dP; Kdeƻ]׌Tna fgjO94$g)~CVɶ[g>/DT:SmJX.t[[X>XpSR61BF "(m(E9\9 47-L\`sqZMR&=X{l9M9/@P6Tp M1vߩRWi[0{ kA;%㱒6 4;&uٹ<־ D?Th?f6+?ix\\HlP#S̈́MpX!uлe@Yؠv@9M'R4,K5sRv~M7S[iÁ$MB4t" ԥ8K{J;u(maYo&Z_9V?@eO |RUl\V| ĵ"㷟Οl`(fJ~1 at6G N1A b`GtG _1[,d5{J[*u5'̚CMj5[ "NBhlIvi|RƎ=l[550_we!0sHN`,T2Y}ݶ'y\%őxߥ?@Pt_FeSǮY{ Un4teM'|ZIUur.u2:]kghB[ bDC:~/A#rtV.'X[aYA_~C7htPW&;-$?>6y|o0<f@9uF3g`ɞU$um(e[SV;[,Uc\XRb!< }s3ؘC $\zs&&&!@=B-vÎq BGל oflA4r4x=`Ul`ZGT5Zz6:\!HM/$rBe_j*hF0./rVS_i#ai[Q0GI Euc9ԿtK̪!/ц,#ѿ/3Y x!,/:Qo;3b` Ԍ]Éf1q ʾⴘS1τc|Ir| j7\Ѓ(gҟX 7-^]¸Uh,ϞZYlW FB*{ߖŦyVBɚT^^G2bTVGT#72MFkH- +('ܖ O7P08'Yh&O1)6{?hXᙵ/ōĚZ$?\ᔰ9rZȜ W_ MRG7*KV}Q' H%.5wQQePjGfwyrx(_ۍt|\{c;~v[΅GS’Q 4&G[CTv嘞 Ggppyر)[8c\' =ݔ@ 2r j"+aq*D:b8$< -pXzYKTN Ssl! T$nݑG v 1{ɼ4CCLL>_)ڕ<)Ѹ\VԴ6Cc |7UCǏ"b}pm[`8<["1@ga,8g/2uCo*Z(NzӌI TjxEL@VèGK,u[eY0ox==AmN0T23/'ra@Ã7ݺnԣ73%K-i7DTSmTjFLfYdmoK))e"KP@5#Š )&E-C;jI5CN#K[{uwWixq]s. ~U:?tJ]gyݞ'W~XD/V"g=U=QTo#ƿtU`qUe8B %`P_MjCi'/G/#OhX]GZcT=5 d '?[ 17曙 -7ve?(Ēk5dfGah%K:cȰ,7 {B1b=RG{ c^+S$Ȇ-{< meYnwJjgm$Wru't- J&Nj{+OpGE0w\ؓVLGwjLQ,!?.79ze}˚C?8AȌVh;_ ,]8i>`!6xȾ, s\7YR[Jh >Q;ɖda-%b=_h[#jtFw>B*_T=Rnii$ٺHlhpᥣ%QB\ r^U.EXpQǚ,PH`A|rF a5F2a,8voם/.K,ѥ`$C>.fGXKc0d|]Kas]03AyhȏR)}*I%AJf?WUґG;Ц|B 91*Ld@%'L/DUL$p>þ}ɨ9ߨ dK?ڹyDq!rr@ > @[̘B57}6yHƛߙ]D}` {(8V!z:3J ej]#M_<}tJH8=d 8-gJ`#Eнp43F[4XY`te^6~G'f% 4kq:5uC_t[$&rHJd/zi"E@ocPbf}b|n`Ÿ{8Zinc" zFPA*Hhw$Aig8IqN@ޭ)Ea#jK,aiAUM{B"m= /_KAe8ƨ .Hh}hA]/nҞRO'B.N-YJ]ۼʋ lk]B93O'l}.2%LiD{`v,U)npIk$@@cv\'bg}\V)&92/Bik/3oqYM㕽ķ(MëT-pP࿁ -{M/6'1^(~r| 2ynIw6"8",jIU4hֽ'amꉘW(Ǜ=>Ar3Ɠ_ݬ)n؃nӕ'1lds# k9Z a1;?sCQN pA]CnJ;Usζq@BG& }v|HU!cC9wp`}{Ah9NJrXdrTՙSƜSR0eyO3,Wz $(d9޼mTb_!b"d7-t;YqcQx!!V?*pjSOr`xgFʋc4xmDH .cj yUGU;}9e``Ua\BGIvM:ރ\@V[Yyv(&V[*qV!$' b ;Yp;F^}c&Lc(QM('ԞߠhzX(-Ia7_|Rmͺ"j"ρ9;O=#5ޅS+e-5. D^ګ,R!ӸT [{3 Ɩ {|vR`kVmsR '>(}PZ4sűGSYzy'qYZ(ӸCHW n֯0 v-TxOEԈܷ4(~cw%rqM\ l<&žf 'Õ%=*fȕ;8#0 /x,rz%0];r⩋e}'IOE.377w$5)s R+Iv>!$uʅs3݈d:!ٗ0_lvf;"q0xTTt~WBЬM[Iz5=R W=-h^w2k+[<j9itҪ4⪠*d`M( MؒƫuiAO=@Vef&@ps2 ۚ}Î+(l~Ja䮾w3a8"DkG(E/;㿔_:cėL F5 ZxD2uEFl`?l4xbƉ{" Ua[_q2ߩsh90ہ%D&bB.'x5{l;ݒ41$~9jَpB C1lW'I%!3\vQI @IXcOC7m.zMUtb Hbgc_O ,-Hs>)N$֞tw%(yȻސe#E`k/ButE,R3垑\f6#;Kv 0*nTza],3FTaԐ3[{cw>+JԷkw@.2c_3mQV(": nqɚ[@3)Ϗkg:GS7Am"bV0\|ur!"]؂<)0 vVE%˧d;N =,Wtԣ~{ ?>6>h6KqGk(voaf곇,TTw`>$`.>\}z9nۯXr%"-O,]Nr S"ǹxn~y N/|GFtN*~h)ϳ`j&Y_(@{]Y|"1$QPO5$ɧyg&سx}͵fz2fLݠڇgS AFzhxl]ey+!w8f*p9|PYx[?4X ,MJMK{3Ob[YՙB9*/p|! yċ}nnRy:x*S*6^ӝTucԍ c3c+֐~FYXb6[WQ/D=ܪ 6G1o96Qo$SEq/|HTR.;Uӽ?|n3xH-;bHE>u<n+O"d~ 5~eh}Pl^gԏ>gHvsOvxօR[5&q.jObp!@A[ӕd0]K5RxrMsc2bp_WD\D k o.? bg֎q5bW͎8_ScB\5q N6g5$q\BhߔV.m[R5b_R) cT1AakDǒkz dHfnNWnHS0E/itr֒ZuV^>zJJJ͙|wnxkk8\'*GyA yd 7u4}cS7ΥVJ;POtp]YR3(xr]cM9\=qOm'huDb<A6K,5Nlsgq׸5j4咂/[gJn=vOs&54M%5eb!T>X%>̺x2K^,M7ֱ\1*Ey1|A^GA>sdhA({Ml$綷>KW"/ls=N!7O2X$- M(Ju^p/sF6:Șb1Rƴ0ͮmʈ)qST S} Zf_֤iM;:o#؇+F{5Ly5KxMX?Ca\sO>_j^٪qv%ڔo{߯E[ǩji?#-L L\cJ7;ɷdKɥdZPvCމ9_Gܻh'sggk9:L?'Td9=GzLU:E Űeap'7rܙی/Xεv* KYj%@T4 8!c0c>:&Q%llhX'd p-͓`uGLTkс%4{' &8_ig!-X8Z לyzdHᖃո]n{mOIfȠ 4! Z1 8}%ɡ'.j'Rl9g}R2w 1~4x 0 $`3;e@b{ pmMw7El>k7=e3@ȼ3c+Fx/ @|U8iH;o3<.! 13TC(y"4QsZ39}/' wU嬜MIIt'Zq3)]Ȭ QPHê,*`,tuޡedJb,fJD/gZTUE+:3$)Vr^"=g ۅ!/.-}#F/P[ېܘ/}"@9+NJq%{SV٦taP_! {2|~8f=3㙙!@EԳ15|vcG B=a>J |:RNx <(+lPCѷ뢮z@tMK{ n އu98Xǩ~﹵|< V:esB=F!TZ3!L)$%jϴ\|- e$/dR &i֝0㸢s n e0o ҬZ$`,We|TrCC?;etFJyz;f;IX\V7Z_Nh(e:0 *QˌpE蠒Vi7graPc 2}!XЄX ,j'ص/\"S0 T*+gDH'Dh[i=, !M\7.r @zh]^mŷaYdKH͉R\n8,J G<0%8h1!c`m/܇ a{Vqh+TPv4|WG)JPyːݗPhb3A6>Lē-ZUB&G‰`~_*4B ;VQ 1v\jw\DSn1}=KF': C}WhٷtjQtqA׮ڣ~`Q(EUK`yr=9" ٪:W?lx(& ¨RJP¦ynX ;:FaiY6bGhU>3V]li\ײYJ=fN,4h )ѫ1|C vM@ZuH & p ixh7Sr(`4Rr6^& K:&5SFTӋH( V#2Y^Z*wq.4SnLGH948ں V8~Y{|‡,A!FBcSY##a;!8=a#v֣4"zDH88Q 1D}AQ 1J:";\TԽM}jv<"a#Cb#mߤrGi8]ޏ;`ZUEp)& +M{R<` p~tֹ[H("Mց37NpP'~nF't6NdZ[":4X{ฐOQ(tf-MΟ$d5S"[T,L f ?VmdQb|m=݅Bt+:(hBBW01!j6ЎEj">'bp68W/f,4Obg,a2Pҝ3QכD3.&/0q˭Ƅ_I|>@X@'x6uBGM,27RW~A͓WqLlcJ6ȟh髉2g?0``snH8k;gwu`/k+j Ͱ<;_ڿE=z4*Sp<@g%~3+ۅ\'$XYP|IŸeA [a;P"soGu[grfS9jNb8\nfnjS~YP4DR= &!Z69@e rl dCW!۾z t3a] SGt^0ۃa7!#g7"fmo3*>ri =X(&RZ6qi+ (aDe}⼬9#/&q6 YFAd!5f![VST;Z G܆V!E'A",\p`œq{\ ,}--(Gv 4B[.3R$48e GJX9NPKŲ TMBG# sD"_oΔ$JE wG6a@lPݪF>2 " CճiA<-`W[ユù_GO`T&۬c>>ıQAOT1j+:ݎ=nڋ{n3yNTJ1 0^E ޶*spΗ%wtOĖ//@R%tq ]B{B~O htflP->rU Y:!Ki'HzWrXjdM3Fc B1x4ن{x b}[kɴ./h")s<\mb=R wΌ<-rJB-5z?IQ͙* 1!>sӤr͓V鲻H/c^  E|goeqǘ(pO.pX2O!9DLdL);9|np<dߺ*A?L hjW:߲(%fH^]9[x77UP6|?+FPɋJv@.%}+GPE8y 3 B..CyD8R^[9QV9ӗҖ;Lf4?Du?Cl]l[E_"W"fQ`R0Jq:A==aj^UUt6ham. '˳Is+D=sSq]VxqXNݝ3'fJ O8,qF*F{sbv ŕ=. ɉGay#`~_r \H6P2RϫmvF;v)jL˚U\ïC^* cq6`d.R=:aheU+28꒙ͬHA!+`DE:#33ؖQIX3Cf^>b,lhȖnj nM(<97~x7bc4ɠڑ,?cRU OyESfu z{@yj " =q'$@,`7 (6hípŔ!\(t,zmgNkjeCx[1OAp'V(v+?9M0HY?[+~/#B3[_jS~6I^]60=2XA8?M?3Gdή"C:vєc'!/b">-F+~}9 !x-~7Vsԕ.;5aX! vPnqDVΙ^ qIL^9ȿȎWwi 1;!'iG]N6T3 ! Jc;DM zbL2gWQ݈u :roA]Z![)m` XM{jY ~ozTq?@?|“Y<ś )hjf/p37Dã=#o[ dd` Ngb: n舥bx5J ^-U}/TI|Oi6\`՞Ў/j9F6|Hrz,@ A >1h"u]~IWeᲨ0c޻8 `s-^I<=%{l͓׼-i!p|3 =ShEzZcu5TͣT`փvO(kuE` 4A 'tF=Cs5:d0HJI%\(ZfR`{oaƂ=,[Qsб MQϹH3ឣ/`ؕ e@&䯵^-/HD8'0Kv^P<mKڀ[ḍ vej.U8t]DπBva>*\ݖpb(z(yN4zs~ץo߸LUmX yS+ZA2.%L@VnSCEM0l j8[;WQy7}`| JPյf*S_+?,gwoX'\׃œP+ԁv|\ɛhEi,6rH ʤ@h$I$' _ }J76Mhn dBS.ا_a.j j ~O3?lTyidqS Š&{?kvW8nLiQiK-,N}igwFdwG+1t7>[z:n;Rw Ra}@SdpKq'jVH}ZYXh\2w#tJtnvQ8?NpXcݠR""3#zTj`E]-$oǂb>[f')FUpM}=6a4M=CWN-P |-ȳh)qk,(ϞȻl:{@湁E~.񼅮t,mr_(H]Rf#Yd[ȵEɥ3:9lCm_WPӂ0D{$z8 H/e^ Ww1f "P'f͏\8@90Ujּ}峅('_Cۧ6R< 3/ReK]*q7y>_5:f{d`]ӕ裹yUwg9٥@$m&3h.-gZUB>+o4eȃ(aW"%:E{h.ZQc9Gs% PxD>]1 %ⶔ;ڡesSi'2Н"q_8 $fE^V. SU"Ȳ/&x`0џmc;\bGPrWlo^c]LQdX09W#\G žpHVwnU ya<38z݁ˢ~.5 .wVTGi8%RH$Hd8)o a03+5n+?v2YGXNpc(ƒ h_)3F!1`d-kpJ"qu.,ۡ^p6v}QcSR#`/F;7! A>\ Q;+4|9=VZ|"≮} ʊ;.3ܻz[4v@2!UgQTC$C7{o}8A5Ȱ{A^:*|:ZFfz2>~UaY:1Hle)@B)m5/L5Acz5~hY,|~/y*߅#-dFM&J }@dB2'LZ.dtװ<eY:ev֜xRCəyt;*WT$mwW$Ol y۽S+J4G@|2z ]=ʽCYAdd mFv*Xr0{Ϫѽ]3R8;{:"5~wD X#|=כSU^d[=q63g3,]}~96B84 SSyK5>`D`mctiB8pŠP-ܵm*->3FTiX̼L.,=?lǗDa>˸wBw˜uU03U?f$*;Vps@5#|^J$~O~_ xgt[yphWŊG#u) BOlVLdɓ7AضăLQG瓍+Re^ 3ZUE ~S`8\97YQ@jc@7}27.6 )@%(Xgל`{!yz=Zyp@GHUn?j}v]gf{Wxw1g'̙3?k,܈c/;g2%23FHo);ǔ*hΔ}74>BUϒghrhDe4z]%[;-*@'WJv3O[tq9qGU834.5,O\7W&:L7D(ٖ͗`0c}܀kVgENKR?NT6fTZݒߟv?@I'-m o~՘ )tFMX(7As?g b$=UHTM=ۺDgK{Za`v6N"'tncnyӧǙx**rD^ N70U<)NvV lGK`auMlĥZvVjm"bf2{pvɁ̈́5D},Xrn;T z&,a'B&W0|b4&:,?{ yo7ѱk9B h6 ϑy}Z:sԧ[CVx :~zHȏ@B(no`˖c(!JKTrۨG؁ $A#n5xڜU1X DgMԼQ .n Ifw@YkC.(Bj$m`XmvY> @PQ~pLN9̂n6u@hHOl.0T{ev?Tf:ʚ0 S灜fKg-r=qbR[%2jgMDJ4A4Yj3-aX牵dynLRY-vɡ Дj<v4]ꠞvY t*# Isj x.xGD?VGPv.vDw|Bԁџ)|ޗvO(TN}r 'Ut+F h@,S{?8W3"\Nk9FVsoEEl$~Ęo*OjҫXªiȴrccC}L*[$U6H~=A>{Rmy?T0@ߛm(@he[0jAwГ~ua~[/-t7V/^.TnvGX{1sN~(lp:K, WJUƩ?u2iͳ'4pK10Tg膡L<=p{K 5(]#8ĘJjN-8wQ^,i m/;/Cu>T^nd +Zع͗H*HߤbIU@EM^pm FbGuCJPlʅc|DG徆))1꼁 c߃q m.pZI;nZ~N!U]QJ;RA {>zNWkw"oCAI$=M}m[\s$Ū-6Xm3Mow <6+Br7E]U].))dZ[#k Q siCSYw Q7qNV[1e"&1dÛ$SI[^Fn8Чw#G; -px:20#b[%&Q8{$zτm)}dn)JCtMhE*0Ŏ-WDH*TTpq\ +H$q[6* Ϟ \9sT'L-W]f}RI԰*}ۥ.8e^H0Gtv?i@}g48Ai|'p{ X G+7HĤ~v;cբj矄cxS&SulAM s9O3fOIGEI)hWpJrD^{䂚"SݦcE2b.%؄Y bCnkch[8#Ѓi98 q )UJL/bji;KljRh]\r?qYD[*τ-D}ע7D1@qr B-*5t0P+ f`< *q "m-Ē4s#ҏn1IռtOu2iwQ14jEV[s9]ynj v/8֙L]SbeD,ae) g#\iV!D<>`H,><).l+wD#BroV.[PZִ+qPO]l5GŹb<@q2k0X:,䇷 q# "k9JP Iz`؜Q:z=b4 2{^f^#jj~8&}n x "<;+$qنL~zkwta91$lB += fe/v64dv.H3&qٰ?T%qry4x$]D٨$9 \j*4/#sG{r=) O6W_=y,^?ȁɴ_OOߺ,bK_SG|?!7=^fiDyq8ӕV Fk[e޴4r=9sV@x&Yط*Nd?$щҟX #06F?nYu n|8s$8 iT>Ň|?T|G5kJ]c0ny f;TBpL&eYFY6 LHtFj5ɨaPV7(bC}5^yhΛe6%ʢOɗ_/J304y(t?e{fnUn+nL!fKx6i?2BPYLv佾.@T.K6N x;ux/Mh1zfQ5g Tҡ^}H_4'ѭ$}0;' 28ڧUanNG.…INk SX#ۚؐm=͡Oua==. y8%j~mC쐡A;P]ܡ* [k3wVm>Z 6LvaWvyA3HLMNڷjǖ itu_&#SSe92|u^~ z,4F1/bH>X`>lN/b1I>^赻jBӰ]1M8WyA,ʾf!g(|wB/h2 f_q2ϩ8wpՆJ1%>j=z sL'o,]k$ bumi\U,^KjƁ2sow8%bB׹ D1",'rYl]s̫{.s*ȾF3wx*pkBb ϫk0W:>^Ng䃸t*t?8CXP->i8l+R~%wO:6XF87|н yvZ".]:'W&(◰ȌBDi'Fd*fVxxF7au_Nb݊xT:hS n4&8JT-ݠ,s pGg=Z# BM,.~5yOZ}~`c&{r |3G.ՒO cgm o([t6Dwn.-G\>WGʽr8D v#F@Nk^jc'zSʙ}) `۳gr *D.}m I 3/wn"y+`c+nW>+j;qVR%Xō߆ gQB5OY]y21Zȸ:ggc&`蒟X T4n7^m'˰<-A*Y4lܷ/3ϊW&=1B37= xSJ f)z㋯k?1ʕ];cvIգ9Jb[v7ٝ9#VZKe%0)w%6)BrZ[#zC G Hސ_iZc- B%cRIP-GQ?a|Z( 4)>?1BCk_wڿ-z rΏۭYՉFv/P d<]ATw35qך)eݤ!J#='ֺkQʼQ)46FSI|(`Y6ANL_hV:M& k+,ȑ532 ]ݮp ~ol&,[kyYQ{%UԊHp߰3R@!Y8@KC~ Vm D=[+W]S<֭)04IUac%+`*U(r@w#O;ajڕ<-",.KU!s&DTcDRdWיK'E$4sz[s%і:w,^Y_ e=>_n=Ag = "CBՀ{n9:ǃ:7:& PZ c?ęQiI&,F1bKzXܵk`;ghO2ny K~\=_+i JaXaMߞJ9ۻӫ/O._G<%όG"x=z@@cFTa ^wnpF8FZq+_a]O+^~ 1H,)oim|$1\gZx<"5M ~3F;8K#%ws=. B椆=h еuxoM`e?8~^j8I]8n }aS+UϝgH|\i;e6Piz!޼c*%VwucL qu0GG+1Tpؔv[b٢dYZ$F3״FGv#YZpNo}BX[ފyjWRD!`Tr6A*ph‹P̶W i"Qj3[m4}f#/w_3(nfV bV5mqNg;986i+f-ba]+I?%fIwQÊsdZAFt[?U̇Q3 e3BJGKKJZl$Qۈ_ @u-L3&C-o DWs|,k4#a@V՗&Zza*ɽ.m_6I+9YZ`%V j:p9Eӷ3%M!i5f!3o5 Zbw2xZ-03zhk*I)[,"1BY؈(+ϢruH%=x!{]z@ed3tQ\ V:HA\dS#,PXC$pUCt6/ =2C )YD 2HWyAԓ'K{jƘAoX θ:p /ՉtNsNOٜdsdbG zSkE_KS(7q9$|{MëT#p-,$M#T̰; Μ.<ugq' Q6@.,xTLy}爃^n0/+$:HXSN29QGwN~EL%۱׮dqxG{yn8 hcvv_`ҡ٧C;-80J Qm%ӂzFAOۙ:Q:of1D'.GJ{Yzeg2kG%~ah[?ht6ėݦnX(mEy39~C>GS;Yv/al[זR07g\d.7JHyRު&;9qR)'ڮ_3}nHw^nM w$Ψ͹0t| ^S(sW2D@ßDm#ˡT4].4{ip!(Eke~Dr(qm cf. e19P/%`q=՘NJ$<{?;)y/g"hC¬toKsXM\jc@UE2 p2Q؋= ^b5:AَŸ%MHN iOd"#*8ESq-FDq6iLD(Qalkn E!Qw3jՖϚ>[_.&]E(ue]e|cIȚ݄ 8/L#i3YWN,|Ԧ%8 == kPv7Hp) A*]>m_nƧ-7_q@nGGg\. c%l aT]Ľ;ap,WdA ç2$z\ 6Nqxi*pJSJKiUH#0;rC5v}J\%$rD̠vWU0 U q^_]sbEYaCU R?G&Co^Y%vkqW| 5GL CZ0 iPRt=j+JS6Qx뚻<< r{gu;lAo2~GM(wtzAbxDqX2%GA'PZTc"/ (yJl+zwa?}Lw|;?֊ b{D!*d{HgUk:H+T1݀a? $K# ة,fcAwj{JFu8vCMNȗ% /R(\8Ayi(j/Y '1Ɵlxv8żiƜ*ZL+*[*h|Cq= UHVެ .7-*KHRe1(%J: w|o!7ߍcdL182P,Ճ3tFFU=+ui ue$.$zhYw8DL  _bG?0gJhӵ51ysEJi6K4% #->|ޟjJkl(Nf.ye`N^1W_973ݤ:xWOh :1:Ӈ`鲳S^9ɥ^C/4ik/fE" @({BN@AaG1)mqD|[`~UҨ֘`_xY?~#EHiC5Lac¿m]lTꄢaHBa=$`>ۆyZJJ"ԙPMDlaR([Ii%)E@/Ó.K1Ąf+`1GxmE^4gp mK3ExWIqC`$aqNs qA 9ߧ-T@%lr* 7+HE]r?)9M=?bvMrrR!'ʁ@ث[mMddžls[ьPd)\  eD[Qm.AA%?C7 [Zۥ Q,Y {Tv-H߃%!<)?:K^e!uooy2Q uD< yT"ZίAiM/6ƙ/ @DNnX &0A\dYW.u, 4K6|84!xl c)dDyBɒIGbyV#2RY2g^ Abp' h5V][KC]6e dcghJn_hF WTq%?\ݫَ7lfSKyAy|zj">[⹏{mA|/7ɔyF[c EC}ޗo)jg?T!cC7`L^d MMW?>7|; UX78 7(c,"V ğ#?l1eyfZ,B!\i&)Sz'iD$ ?%oX,>YZNsDrn#Ҙ!$w"ë+yYF(8~孁i)U<~ox^zx{BدAP ^RX=GTKu[sxkK+dngqS^SV^ٗ,F/nd.οy7BfU[ ֡t=lE4Bg ! p2ʨ">洷PVJI8.PFvT5J@.[1e d-ѥV][ i^|4ߺgP*9qԜ5(ypPNDUȗ'|*d::DtMF 3*ZVyy52dATsGμϳ{֍}TN+ΨHMAEO-D8+ ; #U6Oɋ(бI0LqV5N:a˵le,}*[P͊2,ȷ:Il\-beM4Դ5X-*p3|8ܑ7u7̢"8la\`epoDg3~_ta+z6vB(@`(.pƎ!x'Q8n)XR5O>*Ư|1+m!5w|O0λV*rDYl6%C7GxY n~}L69*Ÿ527M>=+D&Em4)f`ҩU%$o@_\Ok9?N bfEkIeiVU,4yGќZI[O6 N_92&HL : 'ahq=P,-idW >wѳ[*nqJTod輪ޟZ|Zl!)}mz]N {H/{=x 1RYɔ|ѭ8C{h۬o8EE-XR|܎]-k2uiBDž< tAapӭ1,tGeo᫶^܈­YgKwގ ZmxҩgpFnW5v'`wDj"c$?Px{ɶyZgTيZlrvQǑ2J.j!CwĿoȵz@U"~$:퉜ƴZoYvMzRN0^-=:2+]8AzpHs2%k͐2*v웘)a;L4AA|LCԳWZ}%3ɩm/q2Na(H/)M]2,](eD C d+8զH7Azo:Z6tJIv?hE|Gt)pĹ-iˈȽ7!(>t`BksWi))bIV5_Ur4c>$]A,p] u.J_q ? ?Z/em 8w-\T -ymcw:c9c;`rz$O^$utQUQ8Ru ;4 DWmk|-/ZfYViZwa*- -ZOV.w9 x \ظ6cL1ZGisB4H< Pn2)ZX%-V$=| CPLGI_)!(?b҇L2}nd`K'_LURIO+ܛ CDz;n2qU?hꑅ'L%tMSB/-:i7 -` B З+fYɀ#Di|m:K~%t}7tXv,%2(v%YEgbS9*DZS" @EIP{eh-V4Ze\/ OZZ" xͳ8-9f >̟X.>n bG " xw(埍^i*s"Gc(_p@.\``^ 0tCx{vUBG'RvyҺ%c~ l ;z{Z}k$gJRMYmqV2kNcw_"=_֙82WF5zn!5 ꟁG"A }r zTDΠk)`EN-K0]Co\sY'W1g@#[l}c{ϚP6 4ݔ?mXL%%G23p&̘Me S!6w`b]θMͣA,=9gʐ/3* ,~qܟU{'lVV>FOHZ8$,ejFLD(ơ3=9?}k8~?1yA\q軧FWM5cU, (Ѝt ҽ@,OpNwߍPR|f@7+b/, \g~ݶ?4%/KGzOmd}ry$BJc kGvǰ:d( % ڸy2zm929s3`;l>F+/P3d)ϡ}H`/^lA}%m,1%Чǭ?/kzǰ+U.{)CJP( 빑vUڣ4aexJSUf~^HƑVc /!%Creht-Xq'r@Ӝr^п}9jc|/CP4@}co?% Ή ee0;La_^>Ў>Vd9x[$JsIs_آ%J s }L7Cp"zVsD2c;lU i!:^-@R>'I:{}+j'->ŭp|yt\=n/'-)gzW\C8f'3 NJYk#x% !qZnSd=yQUjy<"WUR{'&B k8^sB9tYڒr I(u)Ia lEtbՌp`7^h {DcwO͢fcv/Zwq{[ (LKkGŒԘzH;ʑk_ /vx U=BTU̱!}aKzN5@l`Hb,QowWŝ[NZORH s7u_?s̟_R6B / h1.>7)E^4֬dl\< uFUq.@ h!DptH~x2Z<~=WV '݆t[zpǙH4|0{k?,;&HO9pHww O%UO,):dʵՂꕌ.>^,*kN"psGGsbhc)_vH 'PKmB`o.yEQU]!vbNHj-~6cRʺk Q?aAOr=P^̇KAgwY7޼G鈹pY}𰽣&^1k#]ITv"A(\3 Brz; ` )!+jsR+ (AACgR؈ɘyL,-*50Wv xxEm|OGA aZdpNs}q-,>Ƿ]ըQ5Z| w題?"8$>0" kT 8)uӃ':r2 +c xi^IZr MYlCM0 ygۻk8-u"Z@`'(ZEh(-y}TE^ƿх }1=0wdYAa郭d&z oQV*jyx9 J5F1=񗱖l$s JsЌ˳q6:>5ثtٙ4IUv?ۗ0K NFsӸ,fsav?6;?M<*\g>U4cRIIIzh U*[(AM )ڦm)Lanxj3>_*]+{ YL(R}'#!eL1k@ʭkٝdn{pr7/:ZYƴ ^rj]k }|UJt;n uI~iHzr# 9& moUS2헿K\1d̩-,=QJim_ZЫ,#5Q>Xĭɢ91 pMGbVt[ab(M0(x1=:{WIP R.3Pjl{ ׳n.`z]c@0*!G; ]e36 p@X$դ ʬw<""Ɨ&/ȱ{`ˎSCe&s+s5;/nK1R/;-;W.ç=щ+( QKx25P>Qg#RM[پuKm}Z`/^gηԑŮ>c+A 8Z^f^ץP\?_7iIL[ͤ)f 'g)x֖cūLپ|`bYO$#߭i~`SUsRlDk(</#A eX5>5nAYv}L}ujbg\:k'Qt}4b0!VN 25p"&t uJ _MK˔f^a?gq6d?Dߎ>qk.)G`iۛ.6C+pƕݣ2ӊ$[SD Sfq͟i?}_ Opez- M ܥ^T$R:gs:xuQ5q +fox: I[3 k)g'Ki8 XN 2(^J0 qyه"{i,Hke73C'nNx YYNy\!B)OQmSQ_5@_Hj)BY6+Ԩ'c%͞-xG PoJpfCµ<~VM0%{Y^ݲ[ RkqvrZhn>SITG*ta< Fnۚ}E$DBQ2xeXQT{ VyBfm|^$M_y3{TW8P3B&ˌqpaa.c! [mRw_Y-nI{s;6fzr1~!N_bcQ'a8Hh9L6kHhXQڷ+E]&rI ,/Ow~f8r }򲑢ٯ%@\I1g[b_@rIvџt^lO+ͼW99x$Ƭ4ev1?B6QEL}Tz)#ٶ+=MԒvxLhRD CJ vULferB v2_C"ep8^`?YVMi9)Zi@ Iju6ЁQ>Kp|q:2`Cd«cr%~G9CTnTw3\`ZEkr^Pˬ3Xmp#}T ]Y(#ظ+o?ک$A0)|/=THT)?NSh .{[h}x> AHYr{ ȉ:jHm=9vi1BlX`bH خu'[W`|9 1|},Ka+*/D`E|R^E,ێ }pU\e$:&+8s]ແfͮts #KvUxM=-lؼ N/F–`IchaLOKak?:R!rFQ%sCvh2ޚ7CDI%?_]8C Du54[{pfp:KC\oR¶E]ILfџ7Չr {L#ẇC_p^?Rpgzd)`x|%aXO PT ;IzXtA K] ϸeO]qxG5QG>~2vq|o[}G\a g0iBUCƌcVSS&3/P>ųt#I/Oz,qˡ<4"Tx=!햊,?&̜gI0n܇>5[\ch!%ku1r^2p/Y:2;Ր]lǞZp-i#wHv!y7 ]WKA?~&ӽ0I&6s]RsXk`,I՜^6gdӋE-NɌ8,T;Mda迒E%яz4qU) m2m$/Ʉ6=F#篦:gjHY TM!qІgO{UyVLYIY2su@#(C& ~?hL%lМPT%vV_P> ȴ|;BrڇI׎A[ĸͼ|%^ ߜl W_9T?kU>(k8#_WvR'(N&~`JAb(gJI* ɾ*M'~NHD^TLIP~!8ZWڤxsڙTCe' g)+2 h;}*~Zh ̓ #s6j"*g_ޥ^A"Σ$-a9p:触9Z9ܑ@E9Zϴ"8 Wcym|)7 U 6̥%bK;k/2qUoI:FzqQK챒=y0b7h Hg;(OA"撰42/ݙ`P1wn0nJ:Yއw"" ( , j,S3Uաa%`ڒ%V"iXNZRq~)D9 fh,k+ֈ74=ccjH( f)M;h3p[ȝ=2~H#;k{|w;(`5v2oҁEͨtvxĪDvq'._D{=2 -ZZgXy;`;Pl<0Y;yy?lf_Ze "Tێ;#(N:t9-t qJ6ԝbc *~Dv|73?MyH% v]Z+>xMj.Pы) ((&Ďh?Ñ~Rpk#2I0*]9-cC";j.7{X'E鍂m'G)7zގ$)Tle{VUwxFTw44|%MW-wА{RΔ[b0T=ꗳ؃V#@s< Wyz>%k؆eޝ|ȪȰ8X*[;$qSiAe|gڒ 8d$p <-Q(],+,V` w=n@[g_v2 r1<ŅZ"7̂YЎzR'$dqviHR ͙M.uyavRC@K U^Z#Etvomzg*yV+. ZxxG/~*8Is 5i뎰Cf:&࠺\E4WUL󣁶by21־֙mub9 tm^=Z5:^Ļ\8,GW#}]Bd| ~UT`W5WLy,lEX+j}=cx[ܖ ~?#WJLk| >c,n Qϣg nR$,8L_yέA*SESv(mp@ @@NBbMK#:lKcHGayQ4FVDnC j YddɵxB$x"ڪ7gg+> Dwר۩T[19+w!.t_2tfHvfg+A |\6qܳp?pNp a11i;"itWdm# F!yJ摮:Go3z(nnWfKnZ ^=4)^J-Sj6p‡mP!=}>R)fYs|3}C…P̾iv-=#ǿlZg5]"{ _/Gm<x1 }0x\EsXbNy+^"4?ujXn^)VM| m"Wa#%[b#b8ûTf 61Ynڙ`P]h^>%$MsWz;b>>8a|ɵy;7:T._D?M٨COv(12:0~;yDL\qsyzm{Tf!5Rh5cB߯8kQm6P;Y{?;u7% ;4[aBWbJj(pPcWOwn`"ڇgؕ:ˍf*gΦ\Vc'x Fl\o 里 :6E4W/ȎM =ϛϩUqnfJKv@Ky0Y)|Di];FlD [A;*Q #ux** l)|lY0oZYP6al/^Gw{m"@+uҙ$s,& k-R.u Ɗq ,aáb_<`Z)x֚W/b;R;=.n?yCҏ}:W@W(ILC|o'c`SE"ۧgRqII%11}V4ߛ+h')84Ddb? q'N7ďNXF840Y$ )%W>~G2j@ ՆN kݐ)=i?30X٤r %/! 1uԫ=hcy b^yHJs'/}SR^`O&Ş|nM`ݼR9{e׻V^82i?VP|ʎa#=<͋>晽{tS$(x[(i@uКHk{@_EU-8P:x5+΍#}8#q^/WjG"D ?qZXْf\wP0sBwy.FCX65#lH#^|V4Wu/Njr!}) O_#C쬬r%hư%r4kp0|U3l9+hU5}H@#!"Z+S+sB^^R&#kzY$>p@> }yG̙< ն, >Nޔ Qq[W8>ט۵EDX$O58 '` HfTh`R?+y\9,ԃ5o&uk 넯 -Ю†Rkʙo Vz+y@^&s᪚eixI0G o6-EʺیjQ2;z[2Ν,tKG ugSl˥ .x3X|'7mlwDlfA.n&Qk5:8$A >&x;)gLsU&I%&RHK ~^W; {7@h#Dp[u^kD++_M3P;6ƍ EєZܶmW&xT7ЎDT0ΕfH=t5R+Jw5dw 9 Kr_nh;t򜪳o ͏(gIPX>$zꩈ>iGպ> lXJb/4XDRgv^Y\N`1wj%.8v&JcÆ)oKxl۲Ts ?JW'(e[@ޣz̠(0°EiH{2U0wڝuNkiWx (IDDzJ1.0aRw`FU >ަU(7aLuWMb@W,7PTD{pjzzt;`0p&7In !jQP i]* mjf27t8RC1u 7G)iy*nLC=aa Ys0VvZv)b-&ֶsdcM&QA_mcavŐ~.u̽6ܺΣ8oOdIZuQ"6E5E1,K6UY2}/s1 ]E Du `ۓ4R\VX\#L vE rWw%e.#z' YH:}J:NTql6⒬Yh[cϩt !02F:Qq y7FY$+ͮB8z2c7! Hqm^r~ @ z0c䞬4iyM:_Sښk6vmISVg vӔB C׻Eyfbx+p9Cw@=V$I #Af.SbYTQ /TEY|M`M;\3ϣ#16?+0$Y־u 0wd!DfxOѩ`o4Dd, 7,Jjj;FҵhQ#j #qx}< wToZ‘<-[$Wąd,p!i./"\qy3;1' /K@9{^/xbݜcp?Wreol hNPvkvwfjܥ8?Ko׺X,!^aA5~-2q$92 ݸMDgg08v^sl2DW bPJ NjPQ=%KiNu8 b~bZVC%|&Z&~;W rK$`6ZJ<Q~)`yYq\5_(0|Ie206E&eۤ@pN)J^fVjz{ X98-Uur"k|8B@]/gw>ҵ3Fz"~qT#aCLgb+䞛~Yv9/W/v*~ȉ :H>M(n"y_B4m׭v}>bQ'Yd$Vņ>^3nn'cnvRj6W2[ujIbF FJo ZM M56JӛOHMu%l-ʋUMfY'9prZ}CPJ[fd/,1Z݅E۪B-i"jߩQq~>Jutt!0*li&p Y/* R( ,^##w?ތaFx߱:,Ǽw"~mC/ns0~9PX+|pO ƢlHgOW)1>|~^7toP`:gzzG2##*x0 .5BuI6lG//Anv4tSDd\PȑnA Ȳ@CLFrgQN3,MXuopO)eo<%ܕA͠3 A`7qʨ-h2wuWP 6yΚFN9;xp&Aܧoj7̩xv*~:Y ~9/@Ǐf3R^b0~o\mItExӷix@l[WoR!lbOs ]Ik+Ϯ!THp_v:N[!6q} 6D 1b+gUg7|G?%:qkbk`.$.:Kԅ U[ȚǔEM`UχM_q8tcNa>K$sL>Tv"LX OZ)uUN¨׳0i?^zc|K3|әω|!W;49(@ ժg2.p\@m8Pauys'n_BUx<|cdGjўé#LM#7ƇDlPHr'l2:V>U?x(' oٸk^6 ?ef`*9@HatIVKs!I[ύĊ2|-u"0@NPRc:r3Vc& X;Fk! B  2.9%25?9d1~$i ɏ^{7b\=]`}Xrܯx$ (=?trI(@Qaŭ c8ת7&Wc# j|/6PC0-P&5`֖д.t&Mɳ)7 4IGşxy>qѻCZqzIk w(OdGžِ<MVW ͫx|ty%`$euF!GH5nܻ ĖmS̤-) ox7Ʃ:'wz-yu~J? ^d,L<a ,4 п6hg$XNTUd[b4d)*k1rAfL>p[61l m7Mt 0F᠈QfsrMb$z#Ը>Z]e-aٻ -U_*D3\{^p9+#;~uȚ%'A!?l7&X9¡Jo߶v᝻Ve/KAs=UyRjtՕ՛ Rf^x7'z^??k>./(UB)\q䛸ی~>12\ l !Pm`x9\z/DۤqY?,_ cA8|c+Q5eǬa_ jVpoI"Xicp-1_mh,)iKMF͟tnS̗ݯozlqDeESVK cciP!{|2 >IhG "G3.[f>Xي[=zϽ6-7e,]t vvJjA}CbrH?IqvZ[cPj {~ML ML*,}E ";KyүfU!d zm1r617a`rJQ ګЪ"+Gơ %sBSb( Cb[xdPwJB2jL8js_!%v62w% /ά|\ @%ztRe; (;\ޒnת)0H; , s3c[\DH԰rP+j,౏;-rw{<CigYd&@|'UEw\zf9> ~<P{f eo_[bNMo%fO-w?(M{+O;>#PH=U~{p&0ڡJS+`kR8OE~JJLmep9;cr^dn.)I$ ϑ5g ,PcXi gD Ǻ'|끻y9z]X}>M t5*J1l,q0Tv*+XH B.kEX*2e,yoT"ܙ}\ͭn<>6ib;&߭#{E;z8]u.5H'UG'Pi۴ d.ڲOT"Ұ0H\]!U,y8@fBw-fρYaw I_*kA>2RmO\n =}N~c* wㅯ2+mW%1 "ߤ!n_n,.ClX44(^YQ }ġUM "">WlӏL$ǫ]gRunvF._H7ӛj\]Sʭa~D&C:,sH[wh܂8ժ=t'H8q ]TȶOP\=yJ6$55}>IWHwKNi;2붅$w(~=TBd˨DJ} (?G9Fbwnک<S BF'pp$:ӘFQ%XW Anȑq!-E!XmI\2q\,FO@׺G쪫LJoVA7쫬6 >"vwWX֩svIB،u?]=5r[GMaX(!f7㍗:ϥɶsfC ~@ pEJHY]`q]Nӵ–M; @"Ҋ_q_N[#şRC*- XJsTb[N `|bO- 20]0ݷһ\VdyOE͗!NƍTM+癥48cM{:>= z(4[I%DfPSPv(=VJޢoy+զ:r+`Cbr {P7h;y3=!0M"ӭ{v-=s>4/83Hd/YNt[ R ǒP[\G5@h?|Ue/5NVlq]طqEtzTp%83Y ׻q<'I?C6zvT݉ᕏ:/ ?2|bUGײJGL{:wA-|ܹI"/#+Uf.pCg}R VDik 5~ȋ1ӯ"{bZWUFgr&Ƨã̄kdvqYLO.nŌs:->]M4ThLYNbUqUײRv?c6J7J;t&~gfH ٟĴjKGյ1I4Cl*w%'luKˍX@(ڋa)|(J\UY|>lc:akuĂR%ճ^6_kiID= p8|47>;N̑Uzf[[LixAhsA1;@Ia9 AP@,1t[?H:N1 Pբ,b5˔'~ uLF8O2bq:vf=< N 0'c.(`Nz׵l ;=7 mvJdE#qbuEF6{e]ڴ-EOU1\f)A.cxX<$~*0'λ: 0$,L/x|ӧ5Mȫˍ*=BVvի=8ƏWUe 8921&/y@z sWUnqzSL1a}_wHTh]G<%YàG2+r6:cQRS@ a#=YD;"}>@-OCRx& m0?r`Z|SɽGV-ibGM&$V%и ?VrfJw-m҄ٞ9T>۱ -IM7҉<)DDK%iN&MWI?8gViR J̴9}ݡ7}$K6RAΘo}[lfezպS ŷuPoSp.h uȠJͺk>brz(H< HˏTZWLJNbl v`tDɰx佄 XWռy;pI ~:eF k΃p9 n{&\c *2&`B[h[$&ľ:-ye퐹}S<ٱd b)a.IW„Ji9"fzf"OZқȤUNԘ_ Q)VS̵Ź5 _*瑰∌${QL"3嬾/j ź#0Z"+y48 AMia'"TYB>ETNfmE!*yHv]cf$uwȋ`*$olmJRН~Nٸ'NיХ  @0Cv$Yj'6&pg( ju]Lj3 z1sS +AqRi= q=?#J֪ t1MͿ%B>xZߝs̢nXHiy| \^} ';@r]sm}O {ʳh3~6<g|Z0u0rIƽ-:㳩R+ZzoYѫWSm2'G\*63a|K:moI7N` T;][V0Bp{X4U(3jF"@JdC(}pF2\t^TgIX,#n&L &qH%U,Wm>*{ vZT3^p$ FV0G֧ oƥ$^%35wZfhr1aAG~x,tg;;(Z kWN M Ö|}Z$?U{* رy) ]&KOϺN\҄BG'I]tOlh±(c y;.[GdQL q3jή>-e ثL1EFSt|٥ ! ibIsΦw:=Hk!GOXLci8VZE'ܒuHFG4t(1tO|Kȩkq[1:N04۪P^ᩛ+aL4~qv. v̌NF8@T̒}Bdk=| nZ^CVOkaj|"aָ63ۤ!SoqLN}M}iXKt|]  l}t,隸l;R"\?ȧL^eI~sNⶼt~U|>#-`r; 1ݩ%F[K6OA胔!n, .ǷӒbɾKN42GYGvlDwws3+4P؏)^]փwK?@M=ִ 1SɪOGBSz|]g,{{q(Pa%0)$\Rna J=[6ƧDb~ ȳ\ĀBق s+ui ,7C`w+ z b,ܗ|EwSE '6=xj&+È17`l,~yb8peo!K;c'E/%/B@Xh3DF!~k*dPe̮WlUx9 3 &A|W}~`0_ebQZEign}Ga[ jV܇9㦄_B=@˙)y@Z/NGk}T( n6bO:%-$؆Ԕq)Is]ٷZx$C%gG%tuUoyK\LgGz !304pm-f^H:u&Ɔ 9s=z081.e9]l $>Sѓ-a֤`ϖkl&/-=`O[Q9}_0:. (lC$i}`ؽ2y(mȵ HzO$EY*!Qタѓk.`}U2QdA}*R^dn*s 90=ȇy6Xb b@~Ǿ0r_滅IeQԎY#-ԙѷ:e[$թH' cXT:C|G-qpi 9,( " \nuRL}!aN*vkVEUnWJw;eDfk\}$H1^4QOwQ1JG)d'u(~=8:X,RlV1 <68; !jT_=ão:4uT{_9!A ׇ4ڐu^6qUe9bׁ f)iXbǎůHB+-K-̐;}4mR<`w<|6-0^|v¨x"ؗ9s;asf|3lG.=ӝ 2f\xvᄇLQĥ$ۍ6P* QDKG"$g42zIdr ;iD?Pvkc0ANF{f꾶r5_>pFá)*dt[9:*%{Bpv]B 3NI#<.ѯ#8e"VjwUNEIt9;ߋυzW2 #A%g}V,@'0EǎGǎuY:b#X6჎%dzV} +k 0YO#"zq/ =U  DriXcvo?:n_宍[;$_@]@p:+ۍdF{tid}3Z᳛r_T.*Qd% D)Zh7V1GE\u/{0׮g׶[g|MĠ_AHtl?󲬮a0|`3٢,ZZ ^ADYV:T[hwa4KJ_3::vd q~h}]mHUj[L>~o"r%m>#!Zhhdd*Hf{<9O6 ʩwY| >$HKM 'obk3vSfƇ!c=DqA5G_|$lV'}!H2@L.J݅/o;qv& pCa.!3r kNFdjn=.k 6]>J=iUm,"s53izgAIGnt*JO7Zmvj@EjX}NZ-QnLlP3V<kU8_5] ӪT\9e.2>ՇMi*{hxWf5;jx,ROn@"`^, oӂi.wNE_*FanefȬ5Q;89{|4=b m !Ty6Ƕw8!|w6\} o"!;Ī wz^ eHkN@oDcE؜.%*CS9},tq3kP:sQD|Ҁ[k1Jp&, (Ig DD(HȒmp |SHc*P9]oF]iq,oZȎX< "|\5QDTR]#i?D9F' S%ZІfb_ےM?QFʽJdn?4b-]%ˉ>]H OX\H 9AA{103KKd&"d&t.V1Rԓe^ʪ#͗6 `^Ik_l !nJ<߶w@BeqV~NuO2Fu(zDh244L0V8߀)(|fo(~8Lz*F]U'̩aydXڀ{n Ѡz{=hswYA~!nڗ|amn*X *|8qzljc}rKDك/Cm"az=,gPN𑩬tF+^F KrRKwEDq*v ت6R%Y^>vX )饦r/ {dWѴ쉶I_JaBI) iZ\_3zTJ#ƭ\s0R#T 6%kA½B jnjF7Q!& 'X<èz KrU8__'_jBb*ҥW}Ft!K dFԣv@ߑ̩3Z?*B;'_;?{]Bv'p0cڿo$)w: LI$2 Hss)h^ξ!E 0n{^D1Fle9K v]1T:JKqgY"!Ť3A붋Xen>Lb0YZ;5_:l,d3\1 vK4*xY R菦;/c6-+H(AJ% /SyKՀ%+[cِ"B^*DML{ǩ5#9 $ PyEͣ960[6FmNU^Y8߂ppE`=t0 ] 2}@xSZ3dU#O^N RSMTJdsˈDV ԳƏrǤ?Bگl*Q1쯆XXEc782:w(=p>A =jX+C !ho|_>+s5LpRI-(bݶ0~1U"<|PњČ3_V'Wzf8#zp;nc ;M5H&6V_A%vpl& =bR})2P=R`Zjq쎹*y8*|RTG;-sշIZ"3])g#X2MҊw"ڊfa@k!7)]&<>*)Poz ( s%: 7/KhR&#?k 4NhZ7H0R[]ŵ41b""ls~Yd gLjo3 J8^g?2xb0k 鹯,(*\#I͋*z^-Pbړ'򣴊 ΀ G&*ʑEg{ɥљDSp1213:̿2Gxrf--#֖U8@m9SWoMVYl)hkW]৏;JtSI홱>*86TIΨ2GLL9Zl/6&=j_@'y,z>n$w 5܉aMAS`G@,wq;77[T?@Ū*ox8k1t h`+mgޮS mp~, bbWQ3 8~64!V.-̕(R˪1DBи X^+%2h~Viir%Nhwq[?cWK@@Ō8BU͢ס 5NӿSzpFFJop]*u[b3k#ޮ۲̗_ I҃0xt i[=K;[qF'VcWZ}^΅8.J"M;gG%N/z㼦͎<,gr7B0mxb4XOc$ U< H:+MШڑ}Ĵʾ:ݖAyOCJ$`.'>K*A#ZPKZ\]մ_i p$,բ(4WÊg n*AWFyJ5YLRܹ/6+L}L/@j~ĉϢ%Bnl+V\&< w\+C(df4sOD&ͮeͪTP;[7>VSZ|5˜SJBdIl]q=|K7ӊ—^Ac銶g']/ܚNV7kuC:y޶'UF1|u 6mhb~r HY}U6[ϲ/aqE )?xy"ZRbg&ϸȫ@z,~>wVt◸9+JF# \ )_rU "OPf [߾]EM6^W^nB%IX8qr]\Q,qbe(_|0EMd*k`͊4ŝj!JF5j1 +-y7sđ\P45p=Q8O ,WRA|=K~ɩab:񐏮S#2OB_]6g /FrM[@۲k繍̲j2J'wN'2l+jЯƣnotYH:ؑ]`lnr (2FM5"lM`.̇=U{_1S~z}VTBp5I/~|H@^P&+QbC?>MӥZ9#Y6H7{6i"G6I*(=B6$F@t]86\e/r{ia~Y.%F8{ {X AԲ 7`ty֊'7`ԹwbǗgIPzxy?a0֒сłZK3ҜP3#"MUM[h# E4&S)`Z"HC6sVGшHinZ W}} Hz_+M#ٻ$SY7f+R<<pa%5~X'sCnjεy3H>qC$Nxh'F֮AtWGKѵ26 Q 9rA̮k6zIrl*h62O셍P}%[0ïK:P&rQ\|1[m/L^o#.yI9]8+2]@|~Գ :UgP|߅j>9E~Ig$QMUoQ~9}*?! s䰦ye`S!p~HWG)`-.rC^B7-,p u)IwDGXEkqg/b$Pu r1)Tѿh0K|ʉJ/_3wdr#Sң#I;ei"7eO$֯UFM1%I2XT=@7K%HP#@ES:UgN2ȭY(p -`OhNg2Zy\xn`̒:q9شPZ?xZ@wL/6{ vS\O1>L1Cl fΜv7+:2P7'{勇wr8BSO#PsVFbHʱ?yXy0PBP6rd*A[tß ܼaf Y-ء(iDx+h$ȘkB%d N (|o4O](K:dk'(Γ&ƇDQv2* M)x)FK*C&gj +r'&{ 5.Pq>uc$yscz#I fzȪ8yp+*cp\ݷ|LUF Lj}V yQ<q:2ka[2t1Ba.d}d91 Xh^c7E!E~"3>| > "v_eQ.,L9%C.fD +V% 5 "΋A0Q/U%>B?%KrHHn3uge*ChO]ŅQ 'P͸|_ٍsb|7y.{j+8cn2Rtɼ_8G+P1mGzw Z/U|s24X+XWqA[Vf1+BO +zah_A\uz1n@z.Ysؗ; ⼓ckOvwgS q8V*%!c?6nGQ{ jdH'`;Ӄcx̲<ۉ|_G6* *~E>;_y\m k[,~)Hw](SZ1q B`7e5%@uoR;p4llFRo'ťN}_\2SÒ;b+_ct7lэ5>&k":|MICj͍>B/V 9E9²^Z&8!fAoAm#X'?PyEXl2{烧/< uw-y./*$)T⬐)_9 Z7>AwMT=]'7GQwFɬxqLi숢PSϗ8ë*WjCV㺤w\lehif*uKc5*_Fѻ1G0~D: K-r9[J2{hQ(bÄkk nJ Eb6J++zs:f3WNBYQxu2; /, si:i03mՓ#,)`\ix}`Q:(4 +i-}kRݭZTz2:+`$B< 6Z-#ZX\0Җ~8:8Fم/U )?'ұ투- wϻ8֒4H u8qӌ҃}CY`omΐFQ}LADTalc/ڐRbgpៗg Nh<*`A>Cම(ݝeE؃k^m qHffAQ3Gf _3tc$l}NGܙٸ]z @gqo|Ve;t p60b$K 6k{Yi6un qm)E*-tg{z);JeϊhL4C H ";|Չ:( /kH2C"m?-싰ЀkZGl'~f} kh499sx̊KA\=C#pH[_0/ igݖ4Ca xs N6]=Wd/߂_g5)<F4¥yXhX ~50 VW;4ϱ]h&:vz{A,qpap'Nto^nTu4ْxevJw2P{j1 5R 3T/Y''uύ0>Yμ"zz%8]]S+0+*z2c)5u [ah4vX}Ws!Nd12yr aC~*W {k܄%&mcd;J ԋ1#V"@GfY(*ڹJQcnv D#8'cZ[7baCS]ַ@okfa3hqF\m8"BUd'\.65%o RoGFIQc8jފOYyquw>_=Cg.?A>͒ oaou u={Jtk *0Pldxѻaק.%̲wXe" UTYGTrHy] ~ 7XbfG}jWp\Wetw rY`C\Kv 0E>rh `^PSD -fo#u6 ~*PL( ~QU1Df C>QG*}7 IOn:%wC |9mQ5=pL3ڧ4;BHwY=: W> h N!@10zkMKB)"vXzh0Vp+|elLn,9ӎ#BZڱ1^F ^` G@0-9s`=PcC{G"r?{wNچC]ǝk0b e)UMffΦ&cV@z+I OփI=MR? , Q %@駾lQ́;ڸ UR< 0c6V6zmU J<5(.(l|}Q SVyBQB%WUS 5Oe'O^90yIz V?8* DĄD;̟iS!$'UQCG8B}C\蓿˴`D t(Z*b7 @Mp*-!)^kGRW1<T&+K;4 •%I_*&RFL>ZKr;d4nۥ$cd!xQFNO!p00ڗ:4-zepH͎bV^L,S``*?ŅB=;ۺfBH4JڦQrT<ɺ x>D zɿ3B1 Ӌ4Τ2(sruҼöJc%L(/ӤbʙtJukljh Ÿ6gLύ,@V;&'΍'Mxb#FQ8Hh]F:QM.z ˬt+R'H0>\3ca|3"_)O?OZS?%&Ngi3kdǎ!6 `njU? ǘ_\_)@!Ij. ›}䓆?7}uƲ>5hIw/ ǰa`K^mJ KYK͖LZňsN⊅n9.w`ã5%pok'ھy1fT!ӆ>䍭> rHeQɍ琒S.[./<)qKRaLD 5)߂Θ_ kz"ix7շ6AkeeG|;`oX 3@ΘVبp-HiJ S:M u s{6`$ZfK&6Bptێl1-)~YxTCɗ 1?̮@\^7Jӣ uIA Ԫш ^? |cTȐRے> ?Kju d2g^L!$컍:#dkE@+\;!%ڮ:攽ymBR9P9_"&HeSeϫϨeڄ[QK= W&8q Sg|BCB7Y#_1-C4aӎ2u' )(> 'm2;O@O^-ŸVK ո}JKyYK?HіC~\B}%zY6C]5*FE ]|%3:c h@ 0Ih@n_1п8cwjP.Ô\h>GVb0G ]q@ukZlgMvf`9ٝ|J0ɇqoe*qn.`ycڲIc(¹w<('v{>3`br;`R׌}:_ӧW6",*s|=ŝ8@>AK򐛇}2xX"y`i'CF G|ц(GLJAFk(A 랈;E,@lQw&֮ZOK|UݒxdSL~4/zr6))bLJzy0˗x.uQݖ(I|ϴ]1v[F%r-CvWiw 'Z~Ud:{'GTUG/07 k\njuB $^/5D/T"w<Ծ| zb'ȺC8[Cb3loې "%kJefR,Dk N^f+,r`T\U{d |,JKcwڇO7k렼{jADDL>ַ(״PD88bjݽAUIxAc͈,5-c5cSCmq=#ۦ:4-[ ѷ5B':XNؼ>RH?K\.NGXdE9R gL8-<OsFn+kR!XB)]w/*/[ M}e0 3b'v-s̄q͊B G+hᗌ`L^L^]xR\!|fEZ~CNX<}a. A|fXM3Vc&s⍩psv{}=u?1rhkEʬ{jta Y"ؙE#ZFO0 #T1~c#4hף&5\غ!m*) 2l]CQCy/!%S6؃7[R3(3XJaY_~Hq e/)Ƥ`f I-!|FyU>0p0Wݑ pǮ泟|&wjׁIq[9dZs'4xJ`^._rwt2]cR7_~촴[ .^܍.Fa_Ө,T6hHx }}n0cvhy7cWזn!܃"u{D"5O?86 *8nSOJqTe@a@Ő{1)&((7ӷT-GF+V;#P2ר^6 yaO*lDjH$o m%%tK;!U?G;ti$!4g劝 $ 7Jԥ>,ct{$[#JJ[\%@uPHcӛT#jԄZi)*r$9G2{iVJ UݯC!.|{!Btݗ.6es6p=1XoB!$sf"~vkf-Jzbm9@>X gvO(`֝עI4O}kezOE]syF^dXjfbG|_j"ݴp,cȟ_BSטmZm8a Sd/i+:*-Yty9M# qrUu"KvƷC@^ & qTWUbߐ4 D_ 0rn& -TEE.kddJ mpM s<Ҋ8to1%#Upa",˭dmWaM!fyikz=cQ۩J?&<(Z= N zGt TÙj{vxt}4i` mʃi~ԡeqϜ<Ǹ!mz͌2H9_A{n*~ 8]//Dom9Cz6s~ͣ( JQddg0-*-ߒ`X~O1X0$AK+Q_fE3_ 5Z'nZ5udԊ% nHؙJ i]>h6Aa8^$a]FbeԢVZX;x\%Ն"$f~I9AGEOu@BgْU8T s+IM rUJݑnOw( nBl^׫- Ww:<]otf5=3й.m-u+w:-X<&/Jbf>6-P û. K$KzʺBhKQ*;UڒCɴHF7H/5ߍSh_p!|CGZ r3A,f0OIҥoܚ,Vk"+*dh&Kt9UՕv fWJ+G$0bޔM/Th=svƛ (?"Mr{Y,;`X}Ӈ!.,On3 .RIPChǃ:X4oi]jFi>dw,|m RܴZ"i65/xjo}i%v)EC/InŪkWfjJ,,˶p bёϹA͙mzqV-.$ýWr3lA5_36[AR1qو^Zt|My%p g^d55Fͅ BScP qF`(i%\ayԨ15pCP='QsEgA,O%,b}/XV寣N~ou<#O rE#\Hq##r#Ii~-ߊQOÒ9E;l |L( '(֤85 taks)0H*yt-lp.*GN['b-wa! kNU>1ִt %Gn[{BwQwA ?mwvݕI=²KVӍ9-tJ,/ٕa#$20 }wV|si>'XM'j pÊvbsTO`kC|,(4I bFkSGAiDJyR>&z}Aʾ%;9&'M~5_Z@s!;y҉Pb/5ow.2F+~wBoT*mћ TJGy: #S$=u_En,|h"dVwiy;\1CIo,%4*hc?@y#dXȷ1N@%&IfWp*oJbGwA7d]0ׯ_~̛wQ"EA`P1`nQj*dZ-ޘQ FE?/H]}U:o X,{W>9 :9c Ϫ/ۀC W$dƥ.2Jl¥*?0F@NV۾~xR4SWR=_]b7Ha44Jc:)=++P,v'\J.q4pgZ=_!g<1G,QhьzӼ>Da:]sG➬y2 E#lAj c|հ=$urWs^`քLOk܌o0+l]sb;$@a%>ŦNsaٲ{J/d|Qi#^rɐ _^i!2"1IdH]WChVՆw^p DS\ʦŏ2nOVNGj[-AL.Vr[nP3&wT%)~tNeljN8Ei>[|2E;1'@/̈́iAuxNlWSl?"`5Ѩ¯q}:%Trчş-bX^cZGt(55'>8.J,xfLvmB?ժ5'*T/@rKܺB3&űp䂤U9~-}e!̴O+HLbf;o v'-_DI6PO=8b|.$| } br,rYGbMՔaC $_d=E N2f>[p"pnӲ@gkl_ɐ 4 +9kC4|)쾭OgG#X=5r]Ƴ odRPw>ylg](JۦHFnЩIPm4MmZ4ΡiBXJ=%.zM# w*Fm%37ϡ{N~i7;~q0j;N.Z{A.C`P9f ӹ=^ɸq.2/!ג;QfSw7hOͯmڕ *0F@Xp4Vآ 3c ۬mE rA|gyT 7r3&l3Ug9Ӗ`'٪-AE5h 꼇?$$?:eHL l_{WF,)$bPߖT^+*pY:^Dч Drx3Ar=Xؽ$O0A}CŪ/eXVTH9X:<-"蚺W'6 <:3@q`v5@(c.1 ܊^J3YECĕA(Qd'oG.Qy{0oG]i\JD`VP9@xמ%6?gųAs%FW& spޒZ(Sff33NmQYúI_qM sЭQq XXAJPH3/0+Ȱ$kZZrFi cw}]BMm!LOA,ՓT[~T.Ǔ#ג(("cX[WDY~%,ް= sXQ[kc;U'n'dH(0 ?)tؒ~WnoK8(f: J4|&r8CR?toSh7= m^g|G$PoF(ۊua3\ҩqH#`7<]yGD@EpD]e%(Ax2OIw9( sa}Ml%Ywߘl6y8,Wϸ(fd&D{}d]o 6{VMmvI`_.}{~g7j9g2B^hJ!vV^!1VFi/!dаsK''ZTz>u DE,KAYʞ]si0!7VJ܏iƳiwjʖOoШA~&_w|~X)OkDT3-r<TXLT]6ue)o1wѽ @\oK_%(_T~^G{ܚA .8)ZP@ ` 8CFw@=% n $Î A!ڻUxvao3$[aKA$T}va\ȳ+ Roms<)`*O0[tO9# _8/ZSLu86J㟯'7HW޿$nhQY |O~<]IG!%7@Sb>C<2I2Ic}-!֭_{Qr9ӎghЗ/lӇ;"$>O .<CP]+3;sz,Or>K x-^3=1ZdVbf Ƙ#L_%H„0X ~͊NQXC#s|Ăf#WFgO;0'M2L3+zg"_澐4w+WY!]aV&y CvھTs+tkVTr&H n+RԠFo䫋 *w3N,"󣽮&7"L[F]5ɤkҹ_c]mBFӵ]6%2qF'_z|NUUf&JwDsu,\z1uT05fn4?# 8C1jKvtGL(w*uOG,=4iA-C"e!t:Iz*w#=>S6PrkdI"EkةLv\1 熇ڝ0PxQ6=+MȦNwE9$,ɅV;`O=Z~x\:& 5] b%YiLA`> ~X$j3aa+s,*V:hyi jAV0a06!:d^~ @-GYN.P}ռсC]"]ZL3[C*;).<~!Ww齙61ѷlWz̮^cN+͏?tEЀ "Pb OKB(OnLpv}>8"ygrjZS|3%V"B TN~uQkW :^-;;AIֻx^?%;MvV@wgUSȓrDT|+p+"81~<7/! 56d΍&Tw0a)Z+2JNdζz$ nZ5%;Ip'5;妺dN0Dr/k&u1gJA4Sdtf8u^B5x I%暙%e-3|$f&< ]2<tlx2 X]dgLCM}+ŭr&(s1j=|p`E#ݓP웒]4gOU49-Z9I;^#UcLHVg#N [NNH@Z.9aABא#gyժQ(w;`fԈԪSCWyRFXjK;ثb#H-0%vG`PUd!Mu0G5h}:bes 7u @/)u532TR)mԒ?n= h;BO'V7Bi#}0"P<4"0>L?f'۲tb 'ݶڝtL6[kb=Cb -:s"ⷞxG0ԋ59֮"KyWh=HL¼krl(DpA˕P|mQ78D%_,뭉s6Mke̦3VDc2px7kˆ.͓!lGk@s LTu0 |ҒfYGDa5d8;w4G1| G")hSxF{ amRjb9 ]`QI1wzJNjx.Q!Hř/'1"q[3N<_ˆb_j[G49#D1[;o~MQ2R9> :z`Sb: . r} 'n嘻hcojOQh>y-wO8xhd•eGiTj69X BcKTO[HKM j'*'x|zXK`QsK ACQ1[-RN7WyIs 65"<ǷrYcK}G,@ AEAԶU@?@hbG*m ]OAkj#߸1zઌ9J$+w71 az#XB$Լ+3g:RHfz5,iG`鶇ǴK'Pizx8fY'J={ T *uXS\Px?xۛ1Ab)D}v <^ouph(vتMU>~ T5cZܨ{vtI>NtOm<λأ'aOWpA}٧)Y} iu+D #,ww4u3zy_!CX')bV]lRݖ"幵WD7#{u:*)WGjsݢ%ިUh:mCSCȯ4m !އV'Ofݩ? F?'p}g.g1.BKҕ3GQI#4g (ɧ9S<ښ;lqG4yڎNkۿ8K.w5 t| Ov|1 U l&qnkV>\zA0[9!4mD7Df|3)nID|2LѵE x-&>lZyfv |Յg+N60&@!0UUSm]C\)YvOBf[Q:[GXS4w5~\b+DPuZla Ntө|j_V`ڑ ~ At$v.XQCnv?v= { M?h, ekE D @GU71VgܢN@!Tv9a5~67թ\:Ħ~eB>|uĸ`a4n^r G56fI}ÛwT4J0z!*.,vFa @y%cv||_eQ6Z0^5ũ ͽCf"3%{Ipf">n=2ZyQR!meMJi|S/f &/-~L>c=|+A6?O¯݄?l+n-eR_t2wCR,7xOHn9uz߷ G"/0[v(i&_߻ՀxsBJp#ՑoL$[ye3qCa֙:>jyzTT^ͩ@( 갸7+. {t¼-m\rc<@zMHgCsHRE/k+)Q}qNfu>s^> yJx.ഀ 5xTih XתW_!YҦZb0̩4fjrADlTFh@urυIl#hW``$n}8'iI7h͡ x;pfFKJ ue!f 02л]WwE9ڨj Hp{,7G%5ȦT>2QS%e-Nx`ӔE?:){sYJ0?ÂA0Ck||yCT=˫R؝Ȼl) F 糸ecTK}M}ʥϳ[(fg1> H ixsuepVx'D/$9 q(j'T*okGHn0#[|,ш9!b\Y:7" <2 gq1 g,#m+ =9V<.]t6ΡɯU W!H'ζ@̃M}(S#jt SICɨD䵞^,_oC|[Mx%tɴ6hS 7et3K۷urW%K荏UHNuU]}fi?O 6ê 3s(Ӫg{Y 70yW^+~]7"8t0}8Ww~*Ti9RTN1vrhi' e;Y󎈻ts `m >;D7vOby=u ^u` &eIKCRRƱ, +:<-[y _?óȡ=n?LrHTJİ˕@:Rdoߗ7pS3#j8kFϦ\2nqW {E| ғbYKƅ1s:{؛rEQ"b-`/H(ODk;&8d0ݭjb5C#硟ZԲչ߇KppKgq- aJ\lG]xzLfD򫳇 %ysk I !x؃:1anөe)C;.%s".e]<|I3<7Z[)t3hzw]/deD#FA-oc<%/5 p NNFėNc:DG:"(T}XKU [o㰈wz[}2^ڻM ^f5+|7 t;Imw$#j0;yI2孻#8cg9G3M7ȫAy+?Fho13LZzQޢM6{t-:=YGw"hм:[Ԯ50#5s; uY*xc+0K 9&2Or^APw4C8ɗ}(5b܅ř'|䮢۔AaS= I(豻YXmQ/IZmX:;͵'}kTc?lXB*-x_#u3PmTXakkt䡏gr_{۵囼cLk* 4"Ĉ }_'r2Zo)ʧqx.樆oz>* V84FAޟ,3*{Ag|9 F3.e\+RLnP֢)  c^ qQpoI{C&zK˙eHM ^6i}`)ܲ-@ q5XZ&Έµ!`7!Bӳ CϊkAAQ<:Dm < Or`@W^\͎P݀bL)/䋌Lx =ȶIIg=WYF ฒܵS,fKL%YlN*&S\5]=G<ێ剕h,T1#}k([ #>OT# wGD>s<_3G<M< ӈY7R3jcNhl`]mtlAM^CذtDܲ}.puׯw_]_;u |<[n )Rb<~^A؀S7 AÞ\fcGlN{3\07zU nR+x^uSƯM0حh.r{L8_ };]6[D)V+n[ZQikP-Xkes5v?q1IF &GO~ƪpzp$DLIU*Qk;#F|Gߋ ,}[nF򷸩C2;QplR3:3T@ ]Θ4dԐٔe<*FK(AͰS1ͨRk@~fiE"dZ x^Cz< Vhاɤ P# PΠX++i&n}s=ǶBZ9amf}x۸"vH.P߂>N %yq,-~>7ʆ42];&8}q~O fIS:M^3`&g _PYe0<}f4^[6}`F>[Wku]E!S鲐E=vd%x|ۋ6% !(_x Ntt4s4ztX&o)8gPôqy~^)~+qCu=l GFY(QT,,!йty,ϏE pBӌOG/Hhu߰#LHLyx>Yܵ> f&ff"f\NuxTkOA!^k^;LtdFzjS~w"Ci+- n'4S{׍dܔM97⁅(;MdDxIꋼeyQ[fzyyBOTn+L麝·`Ve!c:Z foCTY'9+H:x`9ny`[j5I cC]Z5!IE囆K..@o=:5V28簲>;(Hy-g%Hn3eo]c!0,GK..U[_(`c$ygvsq_jd(xJD3FACV7 T~w.]Ld|Osv?('#\ѫOhF ֩a'9ni?!CVά[bu ں7_}kB36;S'Qs-cN1ȏX{^mǾN.  AU0D=ϞqpZAnm58m`vm |ɔCL,[\ HUC(_7BMz<rYZ@d+w$- cgNoxzZ Bob!Y Xuog cU'Jlh@ȗhqTu]0KŁ.Ċons|Ѣ?QI059l VXe9/j(/ le)ʳZ1'cL7 JFr1,L[Vݙ_ƥAc?VdI" F+B/!"Ԝ| ?{6bCl9C&$ j8GslL=6ϧrM#"溺 [-bK&[&Wv"ɼQG>vYŽ0kRw~_aiA(WE]wSoVaJEZ[-m{ngU WY(hp ٟ/[i򌊆 ڝzJ | ػ%{"PQ؇dnv%Unz0P|~DfɟlgpPuPyH'QE^j=+t+F ~RN&M*7,%Zr4+ R' %q46K=488ZS$Oe1"GCԾimDR2}ꁌ-ihEGlAjU(ߩyNvDc=Қἰ xmx89diIږ]BZ)l4=OKgr)&њRL eCJ8#b!I v3pKO[㣡!g9L /F "w8 ftQg[+&(h+P3p>guaXһ耥pj3eL6: 5F,NO0A4`ӫ{Pq#s@yzdi9ҋbI@ƒɯ]h 8K+lT͉yfq@OX` #\y?/"Oq@R~Ocu_:l2[]ZW!"HTIUdlۻd^?!I_]t>xdJ:P;Mf\P2Z1*NF8E`,,z)&(X'-a_p;27 *Z&r 9$p#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>KfBqxY (F|0.Ve|+(ə5vV+}Q΄O냘\C-#!DgO̰+w9uB4LS0Q!Uib6al8]{v ϒR#T, u{tσqIWNpKLrC`>NHuub]ε^]V_msmL1RKWe1}FJ"kC3ҡD˾(@t+U8ir3b5'.D4HP>Al;BǺQ53B1JV;2͹E8\}~OlU&{?5CqSxH7s>ljOeD EGI`I Q(z}D# @;v8Vb.]B_9٫;\zGyg<~3*Y2iy +[|j1͗3tҚ'T(1z"Me OU@h򫛣;\fV7yP8nqIԺ!h<ڨH,=DKc痙yA3\p^\䌁rጡF4#GtWiL%*ܵe%#@U=tk*q2٪m;2DNkRjQD 2;@KgJ | иtSRD~#Hg$ty 3#$8( \ P@,d"1l!oʇp_̢ۂy; =[(50젌y%2-Iu-ئ|x 1w2@7 S'Qkez;t>fgB(ʚGLC GTvcҺaw]Ȍ!dյźekҏxL4nci"7 CudΖhKl, |*/O\(\sd1ϗP}p8gK}_@*#ЉN>^g XMIx?34X|ԀNa lG9U8PA:/ >sx:4񔱷KclW|Z<ߐ;fXvLy!e ;p /vzEq;l䊜PZVS:K^03K^3n*ASϑ1r=t& 9 smϮdsG 0־.kO=|5$`l>p5V~JgZf1uw$yL+Zp4&F S5pc"X߼5ޅ/^-&]x6hivP)GkWfrRH(4M܃~%;X9PdGFk(PEt_rG \jmThzAطs$HKn gu镳wLn%̐ݝp᬴ %[anriw%ϋhkU:r;W8\@BO(|mJm՟P*s*~-gO.?ΰm/*&¨o:C&nq͘ϱ\Ү" Ǻ6>a+Q^l ðl }]-H1 (e/4Eߕr>1gc\ÒEXvJqC:L$~A,[WFdR06bon.{)MJ gq_%n4tˏvTޛi ܐrk76p ,hr6{yË 2ݕ {CZ(vt3jٙlbܧn (v:2_dCJM\(<6"ڿO>0={ ~,}5֖B:Q'f=5/oxԭ厛[5:ǾO+;=kV#?#\&+HjeuG"&GqZ2n#Fȃ0܅eؓC0)CBL:j˒/bWהܤ袄v[p%k15b†+ O9 ߫n׵Ε:ɴK̠Ƃs8)оqq/%HF|{.Gp qBFqLw}%WǛX-7Z;s). aL?tȚ})GZ"!6z 7_p.vqb>f9Q}c?"CW3)BnaIR >᣺:ƸxHyb0>QwQXf9 yO[+2Y—H܂U+ɪ2k yۊJTyȿn (Ϙ _#'r9<قXݑ!TBՠt0<C+.@(O#lY2*cgD&rs_9(,iȍP%#-L6~&dxpCe}q(7%:7'.9#̓ gj!KSl4JJxq2ߧ8K:ogA3.+z`:X?2B*\'Y8W"ٙVas)v*aFW>@b`2TU)+TƳeHnݨUZ\+jMb@H}lRĚ(=kf &*y(&l9P5M53.(d5ILD]cp $8=g pg1 9yK !OɜRG ul_0l ?VJAehYtZ@]M73&9uTpe4Z#aX?XVL}>)\G{)\J?N'"%j}'wXN)o\V2R|U8Gp| Z ŽrtMZ7"ѵA)#] ^ AhKE \GG=N^O1;?~GkJŎBp/a V#}Dg |/UjXyOf (.z5`e\Xl-h0ʩ _OC4]l:DtEf#'nn6cZN0wo[Bi#Fʈ9.kfªA?N1I} -A ~{۫C]ПhӿOz#;@%EJq_ehyKb<]c`PPV˦S\t4}}V4],+sKxa ]͆]兹MX@SWk^M Сj˓+?k|+zY2.xy}?Q&qc4ž2E.ư +kMNrq/>ttsiͣxfes%Mw"&oEy G =lCJ}.X$C۱f6эgѐZ4T`r0UZ9:H8ꪓ$ |Wv< wI7'c ?56zHvc9k"{4C! zӡWn9;Y#Z>}@}65.ƾ ˭P/ڈYzɞbZʂZiU:-߻q"#9X F+>Ǎ|v~|UWUc \UN~Hh^ŎlӚ?_aPcvw-Ǣn'w|-ue(] i;TR*Ar㐷*OktߙJ (>ÅoA&2p>VU'@f4ظBx\ Ul^-'2\pdR Jw8h2얽l3:(>f!)Q+@pS)XgI9@~kr(iyNAcX~{=HQ86>c3jCz0bg =B7$mͰ{p@|[7;̎_R ja~ e.sdіG9 wr?1ϧLچ/H$]ϠZ@as9,C{Y-z"I" 頹3 ȮB-αVS^YmQ P"=Woqp{>eWu(&WL-0i)=>urt1א5L0>JygRY-!Z J(HBٱQ%BiK:b /Tu1f{zBPE^h;6H+\-=M9c 3ň(cc)K^C>KV63on;g/v-nrvv$,36b$cyJ{xO],h L0E']}ngDa:ڃµ阻ΛNy`!*_&Hi&L9U y ًB %T )2 =Fgslb7Sfa{M>NZ\[iڪxm!~_7X] o Qk$`,4A?:GgQaE骹WeL9j*TQtABf'`cO%Ūu"7f#tԨ. t©xA|#v)q:}k$:] 7TĐ+JE]s\&,zG^-Huaz5A:zP%>Ic` "sYjK`湷7 _~][lCcT4_w~pU؛(E.]iz to x6ɡ pJDkUr|X㏎BjgXjt GyLJ4u*= 'ep:5:er̻UQ5uTLMT2Wٙ5ݖe:6s"qoX)Byf~5IɈgTCpj5Sk[T.NtZ?.L\ OiNC[wse;ƚ>o"g+a NfYSsE%)YD0󜇾P5LҌpOl-MH5t@k ԲPk=N,1tHܿsFQ*Qb[yVkSo.La)L>qח$*hGwMR!U|paשTNF0uD|&AIGʹȨW̙'+WC$h0kd^"ܷp?KR-ό5T'{g^Dr-iۼN'yXvge-(!}2/y'"PdF2F6=b5~>`!p!G0{{=f-|𱭐 }1uYv#荲"[ Q/3!YժY-g+, IwN}YT问ițm#ge@ ~gl>+(Kd3p SM w.)y #Z#X* =pNݣ^6NC/,,=v'7q91d vTjўV!^ kPm~y*=.%<_)eJ70❨\8㪈Reğ\{W&|yJʢoEGkLAB1|" zBhyaiL,K:V)rn/_3qPdXRQ/rafQm4 0v{z&,:dPnx_ZE])Bƿ hvU;L g5;UT`B܃ ]52H|h[g%r!q^*Χu5 ~siDC Ya\ T`O N3#pf_-U}8Q>#4AP Qry'FZ7$L}Y$V}._&m]!QY KKT:Cu֚QMO\oWN\VyRD!+)P7h[RRQb%j#nʽÎf?1y&ɕPX|{7)MƽTP CKϘi>O ϭ5\gJ [9LXvCy8GyCSzc/jѾ;LQpMTG-N2 ZA2R:N/I.u+ye`IΣ~j@ {s؄Җ|ir hZž4Mʭ,|fUJ\@/n dj lڎHtח3ڼIV7hNZֿ?g s鳙b> jHUQ;}q#ސ2 n~&Etx7,K7=Bv"ۭa D\u ei̶0Rtt}c<ѕ0 yn$[LNS7 k")o=}4X(OSP<-Y;*Z\#)o|_wlyRḃdie\`^CDϴE۔okfߴ%SthKjaJ8 W]\әG%POtǸY!4ey} Sa/Ϋ݁֠i 2YajS@'aɤg \Ɍ HUL焩tC~R/^P=;| -t. >̣??A`OYF}-+&(qAg1Cz˕kvuo$5{R pK"P`]b6Zlf9*Сԝ [[N4BIο=D>#t>Q$3]z_yJT؄T|SyNẐ)/%[\]fY2v]N`60"'աXU_H٣e_ɫAzqה zg&-u%B FT!VH0Wt :wńI5-r:IX%J,"["rW8y=R:vtK'}IPo~GX uu@Mc2C $g\DPxw Y!; kbx'2@c.}zsW$F؂b_*kBx˿ه^?JĜ4:l!ߏ MT]8$]1 wtE(jkahu6A.4jOt5/FOL Kk܃j]p =ia\К!?up06i4{Y#l4he*vRijiymx@$=$־vP]E-el>'6,tDS7H%yj5`Q4}OB'^M^H2#5Y<.C(uoH$Hu75MCu~@f/J%v2=^*>nVo#[c& [I4nk yӽ۩J;{1үVQP#)g>LبL/=MB BWIdtDg~F]B.1XzgIdacfuuZ{{$êܪ|*G8;ܪm1D0)|?3ykM84$Z/'"@H>%׾a> z@;s44#s44}-ZUrs.dYq ["yȿw+Xސ붹@ƒ䁯-4.98i2b4 wXڮ_WYrfT(WAV  I^ r! 9ޗ=T&f0$Lw]7%Q[`^A9gi!5K-M?i?=ʷI''9DAhtCiDߦaK: 5*C\ru ئ 'aΌ>/m-PǏ mc֘qzhxp4 ζAsO*IRsse^.XCD?6ʜ:aե<<">w>\3ӹ@bN߉_;5)wW/?|(ЭYDmiR)Ýq0y͝za-흥enD״75)gfY6;;05͎9)}?ZVK*?!Qg9ƧJA%Á*f>E& r(wD }  ~)]nt&N`e$7oL)X1LMh6N,:NΕxc4ֱ m,]mf vԽD+Ouqb!b# 4ͦ"N#U$oyn )N֌ B?T.m&$8j!GZS$) FR`v"N9!B-a/_{b+=PD;侳kMLz2V^v;c xvSrqfҊJi1zF"fz|$Z LT]ymr &,}-\7Z(٘܋ $I TdY$~H .'ًsjK{PT T&"iC0e>r =Ɵ~vK5򯖽~}6 iAY73>x>h.kMd%BkƝVTF`lN{o,߽k$t(lAC@D%li\k[ ~ ֞Ra =VZ}lC&UANIM Z%t_k ;- tݲM3fpVEߨV;1:4G9x+xx`]>ۤ3wvh;Cp?G;gp;~6}.RE%#bo(l:=z r24û{wm gz>J-HRg$;,?okuL5#lخ:\gɘR?(euX*L_M#@LEU_!@Ir*z O2% ֞u>YP ?|dP3lMJq=<|a *VtJq舳ݤ!K"s.R(?:4a^,0풒\5g`GMhHq^;tI[ѡ2 &5c|GpNVTȧ ɖ,gy|Ck ʋ{YG+eCOx-ev?@'Ņ o7[ްW ;䎸L}އ{6/Hz,SUPK&4T"Nmvp"dU =;lH~Rax+-D$7p% 5Txj Pv{&:;¦lm\4/B^T㮈"Ba&sf}bAJ32 +n}[!JxVzύL `/H^c6!hoFV59gZNp\N9{ ƖVQ%ߓAj!Hї8dMYioV?ET=u3x.{b AA8e,ŸjND)X"_I4]in7?)k| @g[bĄeͿ-dkxL|(N1Wb/kl[[ѮbRX|$ @* dI b]f8<71A|_i+V^UOh`G<;Җ]Q_,&@zYYn9 -{8@_4psI0dApX 7'wVP,EH5lFi;s 8pZ cy2 PTɠ_K5FT}sDFUZ Xc^,ySL'"kW4N,E}ng`B +Jeld+fi*ls@fU}ӆIFVt>\ P5g!mƔY)ȍVrC%׊u;س>*?Ų[|f t(77LЈVRCʘt8%yhDl(XYZe<=Q 6$Ëǻ_ ,_eZ&MzNQB]NL *|wޭ$o< 2&AM\l6=%EΪ(x;bcCČWΥGk^9x#(.&|וM_aܜ5κuzTs>sY{tHD|߷O@zQ}DYt.ڱ}+> oqjGԛ<)O %ًл輂;U3f9w:ِ[VsHlM!JjJgD {4)V38x/Bi VN}mRWqMb&.$$hw@D@6@Nϕ2".] 9m,,o}F~u"2+tz"C@js0NePEJ[ RĔ{R 7dZY!.(Tm\#]Tq$ -q,WlZ\I:5"]B(p^'V!/i(oo OE;ty'4 DJ-_w,>qϠyλE BўB>M2!F&\4~ׂ%ӐS]Kz§|yN(Wbup مvʵ*F7)vnq\!# g[f Z+~D|韣b9Z sjQqK3eMwxjCO8+O[\/IZˍ4g, 81"j)əI]?bW(U!iď)y#J+>n&'EG,T$1|b_f>;A3t>c.r/q)Byd<xͻ/q'=&_D@,jПoA^?:+洭ay.0ĕOH}l&-Q$ ~Y!`@XXH`|͹:W|,ٷg44;88 9M($he.#"4ˤ_m!_EN]b:E걤.} '΁G#‡o&{נM}fMӘE:x&IKDlD>;eݥ3۠nM}/{ ֋IpGqtz\l^V_c6ѽ[m21< ^L7oJe@h9(3h̍z.}2>ITpDAK3hOUewz.nݽޟW&{rK_ۧj5(Iyf]PUzD茩TY/ƙ7N}>}筚7#'I0?Ъ .I#LRX5 MqU`1S$xB֕-Lv JJzb]f" 9Fse[g,+,UyWR@-!SY 1޼$0Tt_HΪ0\EN2GQE ~]X@c]P=n9,NIP1Y^XaSnAc&kb!*{kv\gr\}1z=zʄ< k"y{U6y*9q;Ĝx%U!4fX)n{x?)gGq8EqS`M Y5[JцV B ьeQ{8>Is xs_#C_BDm86̴˂DTϗ9E^k7HF<*n( 9UoYsvi5qZ7ImEqGtov^Dl$ܽFX^K^_ėIJحikii쀐VG}:`_+!2di lIp+خq݅kKN}TY]\I@?XX4^*fx\ d(2Eh OV&;lUss PO]@ûw k3]~fW:Sc F/ =uf.^.amNQmseA)ذ]0቗~-j݌):]U#MXž7hj"@O"Cd7FizHH/^Gh^&<,=--ʫ2{C z“phx< z^Ѩ#qO;~Pw {1!1LS#ZXKlײ"NE'҅ 즯M&%ȨN2Oɍ9hCz:jZC9X^N# ]gqh e_s=O8OX&v˾7y<# ӻy<'rxrn15weE鲙Un۪BC IrQ6h; 1Y7S PdTA=V"H& FQHtRMLmOL)2sܙ׃|H mC+ntuL?,h4 2I`prT*X؍C)0OIK Kc䑆4Ъ8Md:H#le(fQnv7=SCo{'Ct Ws֕=x'FpQE^E4^2~??MsԌ7}6̤tE ?lKծYͬ-7%FV6hTv- MV޶8\t!,E]/V@# Фi<~'>,IĴN7$9&&@dj!ǫ^A4PvLcz^&Ms8lnY+!W7Y/1V㘞#R= fÿog<0=}iؑEvl'QWd mlbq3bS55H)amм %/XWđr -Gpp=]ETPppV넏MH}>V*0x0>~+FZpW8$:r\r(ޛHBX-hz1=AIMϣ*S@Ϟz;P}v|KwAWa3P2_%Ye:(lUe%{5` R4TQ ?r.qc#;!W?{{z;e}ύ>9߂V-I@atfiaXum?DmG?NhxWbzԛWA,mTr!K:'Jdg#*r *vrVj;]*㰽XD!r0w:4qb:MtZVCfSzI58}%_em%N6frd 8fWyx o o`]9+-ЊiIŰׇ9q<3۠d14/Z6%q.neȺnFE¦=u1}3g>5ZRٖpĔ*MZ~%"c>ΣtZƨ4vN4aדY4U­MfaˏB2)iϞn֟&[Ho|LMp]<{Ъΰ*)~jr-wOo?G,PC3BO;3\,E>< |I2%O O>.ljJ,SfnwLfU10K~8OxQ סa닗 J!z |[WgrG 0d+X+a5rBCy\Rt}D SI 埛w+U(Dz@=X_;nUf@aB}@/65|*aZD31%bBRk@`Ԅhvѱo?'̑ 1X^lLzg(I׊` B\z N2Nϙ"i"S ސ47#3`wRlpl E܇N$w=RxժD8]ðh\Gf_῵ӏ" :#l \hN?U@4iQkɴGԪ !9t%K& YĎ$]#s.ט %V 4hd ظ}^rD3/F3'̋10G978Gݧn [ NNӰ c8=@*}[Xn_RdT{RyUv:mHgPp"։8 &0h;7 <>=~;и}`_rX-Ua$>fR5yzP!d|tM ,sןh;a#V 3AQ7[6EBp'5;C Wxv{ʨj_{) 4iDeOcc[\IQ۔m)Gdnt ӷdN:Qq;DA3*-_aa.BEmKR<6gm} B*j0 [) z+ČU) X+N q.DePfSdqcN\Q>OCΩ惨Y^Z07'Vo=b(SdܓJGn G_aRAtS↏?l`>Y$$g3k CDn()k| 6P똄#e3yn+𲞟_dz2I"G:]mqEĒ?sSIq8љu!U*H7Jr/c/gB9szTcUo$t+ mJ CͩjI/`Z67j7W_ VA4&wEC{KCG`bxEy|/6c胐 8[F!ZbH~J  7SNuw8s T[%ܭ(ۚ%h16Fq7 wЀ6d3ٲpYs4OHKyQl>^."Z$gVr3hh >Zܞ0GX ׀8zGwW]!1Sy4W`aT?NQr}׿¹ԋǃn6ρ$sM. iN&M"s%HRnm^ dgCj}>6Ix{8Nd;Vϐ2> jϩsRG9"k, dlRUTn qP6jE:|6i]Kr7\A,|"ϋD'UՐ5RY3-sn8ya*"BxM2.a򰍥.+\;y"~f L\{q~ΗƮfӡ80jv]t⹌J:yj뮆b$lfu"Hn3|oD6vS\""geSCD%N8 ~G -w3&<<}}%=X~71 RwaE+LJ\,&n -Ч]DGZ \rl(dD8)?.kODg`wF%P4eMB7kFbB,6I8n5G)3d|#շҟqGgzNaCBΰ  ,hйw89I&l`nS}D㋞sR?!Yv:%[ 7XN9 $l@>n>dn=N5\Հa"3-o*bHJyl<ىqsa4>Z,x- m;W&%NY] yQ[*kV;vgޣy~SZKa~)p湼'NUh%כ~h iz5caka?5l`FrI)#R!Q}ۀ oPҝ^^8e$Mw/Nb O=/{'01XH<ס`Q]Q<.`\i"RW7ݼ=hvXȈ6sݖцW;A'#=ci Rof٣ $)H2CMbJNv\>Rw1sז/?d-:֪kJg[2*n/-t4^B v0+ 4s]Q3- p;ӗH_-fo`oK³3FU[ҤPԖpwzmkH͜@EL;rq٣9ԻmxA4 =LOro?.o 'DlL1sg{o E_{d(^iF(.q<j>pϋ/Xªëv=G*nENn1IH< U Su o+nSm~+mabr 1O71T_9nIǑ1NV ϭ~D\tEC?>f咹\RQyi\zQ^~:R@CL?,;ޤ( y*%Vwʋ_ÀI^Oh< gZ]nuKGLCxA&'u]Z4MW Kk=3#ySX8Ѭ׆u>d6n3fwlIM^D ?Zg9x wh^J"p^ æUp [ lY )RݫxHϙr.q*iĝdTvq0N:TO`f. K5Bnz49۹{,*>ҰD ݅ށ[tҪ%V!`.N#!à,Kn"3]5 gc7e뉼ľwi[~Fyssr?&Pbu2BUԆ26_] x4¼WQ!nWm8wLauRcR_ {_FJ?-̶3CʵnS)HT;zOHiۜTM&SQirǠNFo=8;t~Y1]Ym?R LGr!6!xIc81#~$ҏBkBb73w?7<(yPhAՔ3VQQpC\ϋ?:x+ x[D#g']*PF\]/-1tRپ{[񰌰i8?0Xr+i(DžAk&d `s~眓YAVv߽gw`&Lia܄Y*ND΢: ö,[dKۻdb'|􊳈:/[`EEJ4䱇4G &BrgAa9Ya­A?}Sƥ"BXqh͡2r9&q;|.8CbQ0AɸDf9J4H:U^AsMAO!ý vX6f7)|HlQdb>pOrh`@Eo$hB:i[f-dͺ@=9=75^Doi֚~MP #a{k bRVx%^<.aLT1hϷA;@jn]_yYqf43];f9_>sC4Z}迨|eT͏WXqCMf5q Kf֤QS;a,)9̀zz|Y_yxXs$-ɇ+>!'G6 Q(Ҧ܅jayUxp#O\jBԯw\t/ot9aHzH)x  \.E k=<=(4*3ܤk|qBDٖE~6%ys3I}K/$]|1n"IkG0HK,C~-DeiP~H)-+Tl]?yc<KPH# ]"Z'UFjye3!F_(^(6n 53l$#@e8A=&*ͨqH?X3,&:/HUK2W؁y1FU@S1]3dd~ё& [BRR}q=4swdCs^^`|XϕJ߬;0"T"HuP%2k*_r&_Mx2e"v:tG(U0YVp]v /l;Jp_tŝ, lpcNV=ۨÒ-_:0}l@䚵% MцH{YHaP¼)YAq" G}ek3 G4Ϲ]_Lҕ\&+AҼҹx>r3zXb}>p葜 ƽx(K_%VerW-db\Տ-!ELl8[.iƝ)6#RiԔ{0>&/6oƾ$| ETLICREGä÷s\<-LZb󟪶x_8F=῏,ĆzHZ(2 &L2T-Q.S0_4UnpVNWvZ\hC@gH1$#Z%򲭋0>|hE$BkR*Ԭ[V$z4ۯPIɿ^oE!IOxn4r|dF4zmuN 3 :=Uh|Q'{o8{1Ox,7@I&`ᒠawKjcODȼ5 3º\EExpl0DuE)Yh,![yD󂠀(s 6ը aUuV5Ƽ}EĐ;(FE^Twonu&G^uRLň#k&ylaFI?0j\`XWA1ŌĂDkhi)A?0)>gB P uv Wp+Mτ&g 8ܚ (ՒurcNT @Sאr/vKGP|rϧb§ױ q.%j^lJ9\=.^?hn]ToI|nvZ [L`e׆i: pyGH2XVQumy:"XQ^cu5%Eҕ_qؠɓdy =Ӏ7M|胠A)k%\n0g6Mѩic~_͗D:vB_!*JKbN@B3ڋ~^"L (t4kG5i+pNhJwP28^ XSNLo\ aTE.@];,{Jý!MpHSwk2'E*\)Z y >b/]ZB8^ {CB\32HDZiİ0T+]li=[t2$#~UC߼ųk()QD;E+ͰG- Wi˕4 eh mLG`nbs#A4`W`GT|~K14-K&;_fo~x#gVXhc|xQPxPɨ!Zwn(r6Ʃ!kI"XgA -nLm џ}ZUmk>2KR ) ~r}[`r /KQpA{uE5*LSuҞ $ڵ:O6[t1yd!ݨm?`u;? jJ\M{tK]ZmN@a*JڔDZnQ+#/o$ OV9TJ#8N ]|R3W)@ v;1Jt\ul`=\"zS@_V`f4DHO 0T=ihZ3\aK\3ÍH(x7bg1*Y;E {,jﴣD9R:tTqIP=I'aU=p'ESkc :yt}bJbe8_DSg줫Wӝ;0v1gkSlյEb%m6xP\E^*M<8բ~NQc ON4!Tnv)Qkd:i2@Mͩ|G8ƞw`F c 8A jcWͼ-IK}RZ8y# \|>DW㔼LQ'#ޙԔӎ˚ꈘ^blع%7;MF{ck 2GZ/ajC}dDspz3GOOy,HymQɒ-ƚ{ΞGxݑdB@r?s oH,9`tE2~;-?j{I_۟RK/Nxh󞮸[,V2뷥s **x{?= 4:)iMvO=E BA~kl͆w=!,<涆~RNQa-ƅ9E™H! ) #I]hf?rEU n~N]Ek>.=GF]Db!j^OuDfCc]4~о͸īO- ! 9KCn 8ƕ|}۸ncXP^A v3v-#@h$[ҥĝ]rAC'zediX E#uJýT\a޶Pж83lk|VLb}2p=L>ܕļU b2Unm'CCu!:SF t;U ^Bv*=~*/ҧl=5%0i1DMxp{)P6#0>z6M6DYk$^珛I0êTxPU)&PNKӮCJi קL2X;A@ҝ{f6S,5Hɦ6!;1=z2 PýwSH~Aw`1V{ٹ\߆]]VWiPu8eD xfF5Y_^]+y,vj;L#/]1^KgZ4lۭ:7)vO•#F@ĥ5] I8xR:J:﹋* J|^Tԯ1:6xjep»l;lʯ%ӡ!.R-Oy eD6ZsdoЮ{Bsҝ~Vmlt:r\ r*ڒG?᥍L"GC8MͿf,"%V^PɯY|ZU@G: !'*8EΗu5ՌR'y$=s$N3`;2щ`_pqTͽ![sCz/ oA. P_>8ueLs7XI*gs(q ?EwsY y) :'7&hJףć~Pk{lmGDWX\_SgaSXԱbDir~W/!7xG|0Nxu! ؏MzġTzpUEw^ap^ys*T/"Eb QQ)ʹДǞώk,ks~/[4%#J <t,}BnB KߤG u.J/ad^qM:E%M4幫( CEaat} Vb,xMȈʩ/aٺo 8gq玪)Ha?5ɛt`^e2Y2FP<'Bwm5&'$ۣ *4.i5h=4#I7&@g5m2ck# y9ldrx-:fGWe#Nxp.QI6@} }#vd6XV; - A38϶xa/{WG#Ak^,:Lw>\Ǚm+*.A>E<<V%7Z̊f%#!`2"Qh[$kI0*.?@~{VrDHJ8 dL=| W=J6PoǠdvپ54S:0T׋shVbWԘ%nJw}$aL&m[GvY_Վf#Bu]b3n }dq.==Ftl1pOFBnРˊ/OL`t6ޮ4">:ە(/c UNMp8xU"2'/RR5-%K2j|TsNyPKtdC|ClۚrNwFSMeUEnHG$灩U@ܷFYid?R ~_Pd%wMO('}\O p1j⎣jx*qM3H[tMcU.Z$kZa5t3*ec9w ׃Mjmw"O"OvJf~yCnG&0UP rU^`_ nQZc{":yhngnM+5$7dٴ1xaXog>mb--!D Oe\޲䙪a9 Z\npj!%yq0rteTYr?H kCTJ_Úusle1rݸό#&|JA)pmoF(ߖHWNcPή2j&wuu ́<*f 778 \}n [+S7NFgeLG'Xx?(@ AFx  oU%4,[H<pkv`q;h(?^z:R+SCJu#8! %],GȺBN*k#"2IX$g}5G9|7Z~aR Q0d raΛ҄^ V;S*Ɉ`EsuJʸf;0XeEef2i6/j +ՇHs9sRЀfSho؀z`mO#!׺H+@߯v(xK0rN[+@wHO- rNYf-/l}LٰhI×|M]$P7FRIm|`i4Gz{Dӈ[knpWgWWH۪bgWx#zX4>%γ o>&v*ՉX#G7K!Hm?#Xuv 럟*jm¿վb$Lsb筰 ]يƗvM6 :&.=[(Kc'F?Ȟe \n{P<ŝHhv9/+P3,#7+fZm _EwGUa_m+dgFsc sJ2i. U=Ba31],b9`ܻ۞Ah3yEpk\ƲhW22Kˇ㧳+dd1 dWw_8lQwP?F\dpM}Oh3"~mbcA#dR"iۚiМC. =#A b"lls'n(<ٌu^e {'=]oS' 'Rjum-ugyn~G秵HH9?t6S]0Em r锕zZ~AFu3?:ٗ Tm9ySm RdKobU-^'[rm+l~kSd 020.ZZ&NEHӟ-* chD=ԑRo6\KˀSE\'VFoяTW`DEer{[I _UX%pC\h4=ٍ]#jW[{bo~ZTW﷣^ TF&N ڙ u%FúW5Z*T32S R>w-[gߟ]#kdZ~] Yߊφ$3 F$w6loJֱMܳ3ynmH-{ ҥ|kEkjHe"c!U泦ܯ0id{ɲ-RRA_e_(6;uv(? SIS޳TKT\Ar+>pe领Xl@b6ĻsNCj c7춶%fSu 4vHaz9c65Ֆs O/>W1j\䏦92X՛.7N)dw>S׀jujH@Dxœ]I3T9YYR;ɐ-jM>hjO(NJޭ MisgnP{`M[:N{?Mh1bJ9F$M\ibm9grƠ{R5a57D;x]bU ;,o햢Ll*ImB4%q?"0?X8XvYWQ/)) 2.b$)Pu{D׫fR$˃A sv|Ū>#aխW0)?<(r{.dOj 8}-W|=2wa:`sFJ&[Wm߁i`Rz!&. {7FPK51PdV[?Sfv(J&I|RpߟOD5gfowga_)eݚLh ao/'k(qGYɦ@j[c{yZ ˡY=S\c-"}O\0&֚x|jW.ӏ1Ӑ p`q[8S[:<è~݄0 zC2^+$%-;0B{@$!ó <禛 ߗ&&eKwU$!Du*z Ͻ. G@y ad9tW r[%>_ʟGhr FRŘPнv{jsjF N1x:Uvlº}E 'Έ硿7nZmjIMv5BheCb6.QrlWߢ(~=ݗ>uF%db% aS*Պ̊6szfЎhsȷ0 xE(\SU/xG-ipxo_i쳏| Mh }6iUk#x?0u1Dm+QHϹ T7u8K<Eݼ8Itv>QN\bF~?r^m|@3И<䧺@S^V1-~IsU oͲ!(A7`ke#T|Wp*F@-pgTXz8ͦق d^sq";F#s'h5kYeQD$(g~=X1֘ϸO>M0 Z'+=k%$R d{kQ pKmS=^Ml|ߓF|M=חBHH84'/E+W1ժ\VGmd~gbw<|>^n $Uc7fA gvFs?o8&듴9I)NAXzS +#^Ԏȇe.NQLSjYh{2}嫇EsIiLƒkT!QbsZLis!37YLT9(7@|!Iϋq͆ؓϢQ\eɪ a]C,hvǀkZ:j!Gi\F9rʟؠ5qмukfM}5H 4^_UC:3 M件]/fu'DP69GL JʒǡVWWִFS^ o@*!5hK=͂d AgL'bV$ݑöCP -[Q,w_c`?2%)F(O3~V 8~ 0pD,.Mv~fܖ޶k4_݋H/QM y! ̿t>؛8D_e34Tq nh<*o; O -kNǿ o q/pǜ58,0J[,M*}.UuԦ2 {ҳ—ÿ&S)`cMX_\;AT(N+W*e8]GJ17S*! *cm4\&f\+ v- a$ G*s5)Ud=)Η %hJ2ЂᏙ_ jBӌ+!'. @khz 8A_/\KJ,Ka|h xu=Q=8fߖ3!T٨4ג0b)0ݝMD/*O).9}( \!#SӱkD9$Vr[`s'}¸YS~r5bV^p'̵gp g=1g|HhNt?"B\yL5[ @Wh.scZ'NZ[>=\}81)pɨ8eEO.]q1rXH'3+cxʼnV8L]' G+;/,/j=l|+ޏ~:H2'G0:Ok1vܠGe~<9ir8oy_( oE]rS (U~x?m^GIx鈘iFEx1O|2s|3H =2(Fouc[ĆUmEOnTܖ?w a]B8y穦AS~x$‡m\F-yF9 "D7JvlhY J1xWm KzDT?z9aH(Um3.I-hhۢћ'u~=jTN G#G{|͓wB$ym6FnK 9h4xuseA0a"ZkgZ3{IzΗ\:Sw1+π^]Żhĵ]l̾}c_de4ʠRVg@CB:'_FeMk@ANlP7dhܤ}ex*to{zm T>;ʰOvDΨ7: ܡ%Rh?'Ku'1xTͪ0[R:531][FIMV i$Qf+ {eIe c:yl^]yfn~Cf?ZOAFKKb|2UuFD^:[ =!]_J`WUYtDb@P\Nӱp6EM' ^^OA|"tll8hH rSK N/uyF:sML.g(8*h}:yڼ_WUBUo鮄I~x#1A#8UkK8o㠠sY]J9G&3߈u_(<wcve)'>x7$ҠBS?ߥ; WeTGeޝy[5 BE ٿ(CyW ]j:)T:g ʒ #,+FQ)|*8`r0FNcb<`qh.k%ǮgSL"o ؘgӿ7,F(߷u/cĆ,7ΒP.ڽ9-R7 (c!O_bPz)JIc-Mّz$hbr-:cA|&õ%ZFKCd1['[γ(2ɵ"b;7&Ǖ᭥Sb<ދ2-["_jXo .XSqQ"L:0!LScyрBˬD]D; =a8fլXKL\L/ih52:ח[kN[drC 4P4^Olꞓ9^g;jyF#x%PpgDWɞٞeblNu (cէUAͧt {_GwzlIk>>lτsa$&03BtZ=2WuVM,%\ucY~亏,R:gJrAnuфOk%f I-AZ<c]pA_eV?CVġHU|:JdIr/z:+ To.5{eowb]a1p\8ANCcR$,5(-6[1K;@`< Jӑ?:cTJ_s۵8vBJnq̈́ I(¢A1$_{0ڹ7̡"T 85n3_\YL\C0d!o2WlP:|cfigļUVm3gvR7^gYԂ%xüȠK8 A6)T;͜_sGWdIYIjPW{}{8<3QW8Q0T) /<& 1jbq;umƉ|F!$Mf5 ?L?sޚ^tCY8K]Do4ySU`Bk@sIj ?yH(U. PܿI@3)3mZ=6@5N(bu`gHێق wRPB# _\9Eugd,Мr;jqsvXϰq<'7nRwaTޛQCX*kN]|,JdV4?=~,8D`n6_ -gb$9(byh9mi03gJY Ǟ ەVw {,P rvJW^w|TbOzYSRsTyXr4B>Kvg z3'_#%`- g;?}^FWX8עL=v:fRQi0 YP)"'n)hCZ}JL6g| iS{:^<̀Wv{()/۷I(JG=|g½UvQx)^m`t{Ay܁IJ[94I? ZJqAk3`^R`\֙K'^B0SKжc]A|1nf=Y%&/Zg]`3)) /M>s9 _wNoňarwaqU|\nj+ AO]UswruMFd I3P[4?N6>m/3*;)ZѺICdJ7 j6%yKeyGߘ;Xt5'w)(BR;{T}\>LpBeR`Ω4 Ym0?nZ%P1Rx`IfMDdzG*]1d?J\F֫cd0iFw#,N|3: iw8}p%JeU;0f dA*Ǻd9##뾑%tOط奤&@ JD @Oe L ,[;\Ώ6*~RI"pdT9cGGϗ,T׃{.laN؄|B ~TkRuM8*vӄM'v  6UMq3u-ӜA#v ) cc<8&R2g# 9]Ec !F}Ðw{`O祧 1FAQNK$U@OV@>ȩ58 q3Zܛh&K eLaHΞ)}m nrT1B,K?LRϖEM*% Y57f/6cKx%o"8v0\V 5aْƓ%n/.=_]Qo~`|46~6':oWLH.N@%1dqY`s`Wm_~*([%sM`C%Hߞ(>K1A8mY.z"n@jAd lsblr^e 缫#M&;X*7g!jx%rDXʒvTO}p>,Ze 6x]꯬j@%[6}\$?~ˊ)+S!݉c&mW<؂]TBpiu!h~!‰aQ>DU\J/{m1k RCx~jY.TxFW,X]tR-{ tu ķȈ4[/NpTSQgM%f}́}8(B{/8DU=extz5bTDˌ؇ae*d ͩ[`!\:͝E JsWVY- Y>#%3! Bm* E]P R,sR#Ri}{ѩRDMuD ;ʉ8{Wư4e Y♜GC m5!ȕ[juF*[1lb ڶ%/Gvt1ݍхHJ5vX\5ϷT,{IխH,*媧姖6žjZJ͖6o:7*!uU1,k+u u0IS<Ν NZhiCm%Z޿ŹacqXЧB.؍KG^X[zUPfU!XA8| bYŭ29Y!ެ(@ t%$0 OYg݂yZXL'-1vIk+[j/[ :G hn;FT-xA*,MN^6'_ ~VVgygɑΈ@6cB5!x Bw์3>fOg\=IȪp8:T/-L0!ep:gnKjs99JW5e/KCoPU(R)a`^[w[&oS+~>3.@"7V\`M?k"\4{ذﲬMuB9QgV̆nJ\HΧ ѪM~?rs f;H<]`C !Jr@& A&vKQێ>NrWLaX(ަV3ZYK`ON5wDhígf/P(6caVӕqRC5:!E nQl!B:@y{9@gɣEa_K$ ,zJ-dLա^e3"PE;̏Kh[5ijA$&=VoAOhb֝qiv3iT٧ܽkϸhϸ [oz6 +G=}Wi&أ](ĠlJ!ӉajbV[#+o"x]}YPF4l u4Nӥ9B@w%Ea/)&ʌg,4AӴWwag2(q؞5OӬ xcOءnǡ@8NZ8t$FGPoݽl{]x%^Osth-kH@`I JK a\s.> u^F,mM 7o]d*W~N4" :c4 S9{୾n]Y* =—z;s \yN5-֓2ՈPRu dDVv!)\R[3&S@; ɰB]OIq;$@w('%~Ћ=dw1R2mQ̸E'Ť,^3b"9?Ux`7 xD2{w)R1HҗbǢZ8t&GAz`}2?8´F*<;PMГO(k!QYLY&Ƚ^@kiC}J p|%Řn-+S,9T.og{W؄ 2BVg/a:Ȧ;De(Op{9lK*] U@/⣜ p&/P7I9p#m4.yxO-nO`#!9^V- 6U+HpBݲ<:AJ+Gϲs|#K'FCi|aASM"kʺA./aU_~yDȚ.M3_!p7vzI4 yDK0)q`c8-LwZE8SNx$Xɥp |nfA矤<W_ϺerU uEx/6I9xwe2CpZ!H=\Tk)k> AeH9dYSPyr{`SYM"F9ERzgh@vQ9'2yZP {ӊfQ@L添 ao/噁@< _U)G @'$C2G YԟO*,wJd_ahq<olטR(+ ;p|nuy"d<)ndŷv@ޝT"#ahc}vƾQ } zzJ+W-y+i :TVEH+Δs]-SYTB,_JAOɱHH5:(lj1䪽2wGY1.|kSjZ9#&5U]RJSlj֦3 B#i„4۴\+97Ξ2+0D)G/5Cz~GTKV>*,[Q%m]޽9bg#uŒh 41~.f&PK~ÇV5jdqP.PܼDRf0'Dm=c1tmkbrtD{- m\0TO(١)F&{W]{Rt?d!q B3OK~`0_rm*-P)Q֤I k,TG-9*`hƕ[NjQMmEmLjceb^4D- VgTH7(e"9S .IHۻj7 %Ms %WRW\iΰ? ;#3:ߍ;{J ihr M=^|l)´E`OHD6ޢ4oYWȂ'9 ,tD|b߷q\@)}nRV[gZeÞ횼O)rK(ʗ}h2\g NI9G F6HE4i@ZvѸ+?6Zc$L ׾K1?'9]r JjS/k tosX\'$ki}"Hn?$qae;rlV[`<y _{' H}mxd%zD@҄ӏoXd{發ԋ|?KKݔ@>[A?0nh52Ck60 AN !=h (h4Ȅr$}&vV#1r'L#U2U{#?L(A7I{ȟA&{~/tg(+@hMbpZ=O#[ &o!r\ X/kABd&vݸ G:@Y p A ha<72q](Io=7qH3e'N:f͔~[VV;I;x귋4BGx3vxa'5Lv\*`K:cm\7_] b5xBNizPZ::R7 eNg3DuޢfL|-)"1hFJq9x>㨟,6{s~7+e&Pn#55#1/p@=){bb!YAJ"&;sMrvB>84cs3!z4j c| e;AHE+K rr-ބJhE smĖ8K?|am/P ZJa [V Zr³*D%< +D5T")?)FT .{^#W"K9e+:+qGgr mm`J{PkLgl@3 VR suy/IQa4{&QL\؁pr|+#SCn^(Ѣ(8]ŝB931:pA~k3)!t!}ލ݃wp34Wٟkk1e{Eicx0_hoܻeRE6E$ @.C_ qjB/4/s!kڛ[jT9c 2q^ʡS >v+/s(Sv:YGz  :&Z).-X̹NooSrX'K(o~zƗqo($Dȹ) CpWؙ+rфwO~fʭWNOXma0S&%rD@@ X@+ѮC4;vrO?*5_G<;x+S!#XĦiv>zȻ1B(wQk}iY=͍kT4%:DvLO,Тђ"="3t\! _` Q0 0]𒫜<ًFv^4OHArwβbkғH# -SFۘm N@bĘ f5X2,.f ̪XH ^ eĪd%Ts]sX)!?棍B?r Y FsfÏ_^5ͣ(} vEO3:Udh22ZP!QJ;OcDov_beR`d >勥wofry돉[~bnBGdcKɥ~,V놛W-+Fd!qvQ8'c$EO\2e)t#Q+箠t rvZr;ABB4_~vfW.:aW9(j'>3{7͞70^fP7E ,Ol=ɁnzGA 5nG쏢JM]-W%J6-(16 'Rkxk*V͒;=cBPP(IJ0ۨNWvJe%Ȝ*Jm/˼\1&i;?8u$aL̮Njrѝ }AWd7DMuTf}_ˉ9q2¿x?O><4s'"!eky|1nMf۽pVD{1̞zf &HrKhjb%x<4e!``??lNT5Np ݏB V V>9=|3H_}f e39h)vc~SuB}VI@XΚ܃uؖ,Tnzc3+vB۵љh:dfՒ81Ii3 $^EJ/9=JuӻT=DsLR2‰q@t|urs0CX E;<>Xi\A}gRI|}/L~쯩XlLQxAV RQ;±閩󢾏 8I}m)Am7Au//+25M.1Փx2x[ _%qYvb/[ykGF:6iklXD`0ouh*Y\ĉxI sAR2LlƣQy`/^"G|c$Cuۼ|>]GYU&n0xzѭDZJkB5IIdzEV$cyWl#ΖS#~O[ 35f~\RNs,Q WJh%qR>!Ϭ\q `f;ngG4V ~{҄?v< $::.)G1 :KХI<}tg<_V(kEYۋfQ*Tbv$hT& o{j+7nUNQIy*UR?xR$UQE%tͼ#X5H>xGn|?H'h2_=r&)xe2' Va՜8Ϫrգ #4c90xQF`ŋiTi6%<)Yn ,Uy$X"i;s¾-gKQDy>q Hl܄(eSWB>t*HTe_T͊/NyzLM.8| OoFչ4`Rӛ]zl1Jw~2cf{R )ƾm2rE0o5c i‘UÿI%8ǂway3MIiVMLBI ǟIw 0w>f# gx:cc鎀cm5Jn7a<~#wUMTpˌ=ÔQJi0] g4S"ėrz[C;%#c z+JrTF(3!E!#c4 z@#io%Mk:֩c7 p&o`r'I=\,]D9d'iJ.c3B!\{bFgcXJ%;ZJ"v%fV7_Am7k9,2֨]k;%bD؂ eE$[(!y՞-BR[/wҾEhۖd|p2EW"0A0sBKIS&> G/ 4#Ca\գhZwҰw6~LR pA& Ӷpފm2$Q-aػ;V>U&6fЍ (yYe2s.6< qx+hAnL˷zFz.zljEap)y@_'^cpEi Եw;x *[ګ4A~schxJxDjE! ab]qsk#(>$ jF^9ٵ]ݺy+ڈvURwbr67Ȟ7UQsT/Q$/Ey77Ն3CDtTuIgyΟ ,[3lǩr&~4 ZHKy *c&EK&<'5_ع*﷓pW/kN^?fF{ $fٱsxsȹ)G>/" |׌9S>=j0]̑ZOSdl&p*פv6y%k-Qg4r+_Z1BtTYO fXPo 剠Ч5;|A5ܻv9/:&PU*ٺ#da2ȴ$?9#b8ɨ{k0TJb+ůejar#i@NKN☁`JjWgb4'.RFrñjH(>ȯz43;[QdE/F^EE᧟қXd-`pnPd>G06$CA(J񻰬 D-L.828q[Tr|d.|{\3?{&a e_H )*.<2~ =ZI`-Irٲ-9^[S;Qe7xL6BS L3r&nQX%uF{U{EGnC}.r/Нδm7#'Fs@<(R".t҆C-S VZ"0XJ#ނPӖ, ͣnvJ/`!(cDOx:WXYW-;'08)-RSsxOJ*+fMy*89H%0.y7+`Z"* dOG׊~.MJH,+C#^u%!l]}1T.3{|"tC&HqWz@r.+-]@1˙.i%VQ^Ȭ%ͮm#fuua3\5㛼fmn<7C6F6g qi79lCfLS!g;8# 9bN Oq0~ d靣fsۺ6J0'AGmqxd{d\P~;0غ΃Yq1ʲn johya0+ph fv%g cg_ b(>0?̚@# o6.q~z jr#o-[ޥ0óN~i`~VJi4RYw+јyw9 {x:֢X1헿3m8mo_j QQx.>!WHKdhhTN]O1*P{t5x*WQe2@O̡k:Q)6q8 ^YqN6*$w@푐:BzM3)){i~rN4GR-IQu{&6ܾ9wO>%vx{dp 燮.P,O tw;9 l0 4!'~pDt6@\@[̂O걿ǽT >'wq@hfy,% YRs}{n mװlF.Zٝ4T6GFcZǻN\iOBǖ_IHbo/e~JPʲ0J"@=,s&^;LL  q)qM?&1sKU-`[|kpdh +o30Iắ8GbÆ ªHHPHŎ/G jʎ~ Tl0"k?[*KAޭ;Xc\n1ݿvBi:EÍJ`˼\w*JP shU S eiz 'U20 $ojIh朞Cqo[NwB[?-K+ns,&JnW#%8ȫG{ KvB3-V n]V`: in.fFԷii LFt[S;vWp$wɕ#4蟜0I0^!#O3֛I=bh9}6XހlA EQe C9><~[M~bby3g]cZEVYl4؊Se8\}YigNDsBL;E&e VqQ`=V-m˔i9(fIgm)L!)rA3X+ $I}KAaGr[Q. iɆ Hd \.J}U~)}ĂjCNQpP"wOEESp)x=!}ceY0RF`dE=j8t_-|lr~׷|{|(7d&!od\p(A=k]1pJ5g`K>{W39hQfW(Ȏu/dnËU pO9c8^j6 pn(eDliNC՗ו=&DTnwZ]Vg?BiagEKFжgt*?i.3ͅsC<9i. ZeS7u:b,>a=^_?WU- %sK|[O䢇y1vƀ-T;}}e͂qu(2s#&; ))Rnl-W#(܂fԾ#i9, OADI3Hʋ5<wVH(@SӑE`;L. {̻4F֔WP"3 }5]fąVk*Vi(k7>E9۩ ږU=jinxeX3#^*Pp*LwH2,!WmKXg\Z/ .8.|*uBP =<L_ g`f .^$Ζ%8z4'={Q"$n~"_`P`oĈҏ묰DL?b(I_ 8etoxB"#+aE21} ̮u5b&[@U`qj$6dۀ/WKM_*? OOB; tnm*F*<2l3ɿKj%+@O)ߥ'S)@TPvD?}2ReBBu2j[t9Q]$e+K[ġy+%׋L.$Z*wf(.SI> BDl{ 2*#(\V} SVɲTr1 U?Q MMrP@yK-=;w"< F3˙݁bsB^tΆ8T?TۄٷRU,pslp:³I5 %j}Xi(1Uw OoC;`hf"UXlm֊TO(&_Dak P6Z'$bmׁhy, 1hRߝq<  _/6}JiNlkd΁<#HFSUX o+:a^J mܠ wJSoy+Fg!v!rrU:ѣE~͑E|H']:&%5|-w Vbj[C1VxLfApb:ԱBQ5{}lmZwtWAheNL 2g+H{-_j*E)4@UH8EIE専ڔ^22, nP vE j-Dz:Z",ļ/CQM[(?G3#'  \=w?s{ |&e|"3; +N;<E%'?Q{7UxrA:p;36U.[-EN~"FO"B3ap$eؠEz'p<]Tvpa {5£Tg"Ь?9l@ ׮WZ1qj@xg!$ q E1j@UmfH!SfT֋,:ܒpf!V!'#ZTU| tfLF@fPDZ-BŎһyG5V`!OjSz >|\Ǫ8D-:[xDWL~2h]A߸0$8d,_; (yA\J@Y|F*&{26Xy48P2l!%?d&Zp{\KP$XuSʖ#5X&:vSͧ;X2f({t7`mY &'6key;3?&8MVqY6R" Uw4lG^#yE;w?zɎU{[tO(F@1њHYC-F`<SSQe98 HxŏߊTilN2>LNlި½ }NL5yfg cTھkS<}~=ScQ %.yM BpiUkVhLuǹe ZMc3wcʅlJ8!<{Jɟ״uX+ҖeWn4E@/  u&*ĔBx,Fq5 QW?n4'gb!`wkl^-er7A;aW%Ci)oM/Rgʦ6q۩+- ONF<%[:$_?!E4&rwLoKoR^&fR0V6Ej`o0mS6"<*|*u>N |]$F|hͯ/HΑ\ {Ev qW^3!_ C$O=*~!O7,r=&.d'p); ܥS^%q`xSv`: Fr=DJ.+} zQ^΃T^OȢ!9 ,>`7XHsRR]U\%/JˢAY `+zxZ^Ԗ5 CfP|!| kEW! R]V⌻t0;Yt&|syˋb%$)ӠUǢDŽX] x2W&@H( q/&~]\_&C uڇVƂTk #)c 567b~Ap9"jPp}/A&h]03EPT:JDv 9fOk|H3VNx۟ |6ZJBS_FuQr^ Ke-zDCFD;oz}˺rA7Һ%⡽n,P3+B.5ɴ 65Ѓ;sQ 3v{=K)Rݝ t<I\i,9tci- g@[*NPQ&Vٝ%je e(e"Itd=* ꯾. _g*' Hx=N~T c[<99 J\G=WVTϯ)x ->31R .*7 lڤ]*N?京 uz;OmY~rEs_3a) f-*!̯B3pEÞ~h!-9FP.Cb~RI"Sj(f|J1 * )chnuO-+89Ec\&eW=7!1uG*ɡC5~Utp=UށL|N;F`;@?Q> 9m;|yF:!A/ = DLN٭Qj~} @G<a{:=-k,l4`>4EB]dY>G=;[^9p$}T`;- QkL@9m-m{s{HRo'+]/JTo>2?Sv'/߭u,(WyYrI31 `|{&?pN eA-`erj3w>9cocHU'8{$LAD-e@OXPi>T3 sngykY_yej%}5Ѩs|?f8I;3˾V8}%P3aX.k6p/9/uxȦ큇sT8`b}& LPUdx!dc 8?lk~!~iT{U]7; @4(=>_U.O?gn0\Z7UzT-H X _q.J*`릃dȷ>/-9 r듾bѬUz[Ytyn/!qp|!K@;g"G1kjOI \;ꉢ:`΀Pՙp%x3"?4,^B;m6^j%\VzS M(K4O2 vL .cZ^mwާRג/Y۱simIs!!,(LQVq)5=C, ]iEP Z6>ؙ3fQd%ᕂT@ {1X 0EFPʆV.IAFvr9R9(Է# {7Cý]#:vUhK*_]Bz!.6NY/W6`i׻R{V~xpr;V溸뫶d(+G =nHA(՝ ,;쫉"jCx((G?]8t #G ; #yR+ ' Aܿ#!ota*o3XkL8p2`”>Тg;_5e/S'K;"uI-J򺪸@bӣ⸕ C_k֐Pa%V?"iɝHeo||jZEeAvtbrFd5aV&ܬe3t&hi_sƘ⇐EfPKVat:ե%<=ݚ@knlẗ木V?R#3[WbS#U.~ N*:b(V0mO ƴ3ay(k?/2]sDrsHMډlDnphfq-(~SzJ+>tiqtj.f=r7Ɣ5sT'2 Pw&V@sPvG׮YE#,SR>U ʇ{Ֆ5c66S%`{ XuƤI%'d$Y/iTyGir&YL---zuMM?Dss!9cUy7T.U2tE']R}qt3S"6w^rL;EJD)V,ٜ~t]ip8DRyٲsfwyl͹cng.T_G /v@夬G>Ks B/xS`AVrc;!kU3> u$1)en:-\[bCVzݯ8Dfq ;cw^M~hT4xP_P5^/e΍h`8uNyB41@Љ@#6 0SJ95 Q>MWN00H_-KXVej3G$1qmlj9c/R_hdCOP@<<R[H^wˋ;C"v+dL1z ץd nmiRLO3r  ;.-C@mNQ+)Q?1!b$ 0/ilcKB7xzٸpkE趮rTyOx( 4<2_Wk9ʵ k{ڕω9Da_M %uSesR'mV@} aD7[Z4W wA.Y Tdp|MtK;c,ueR%P!Sý6B 2`Yòd2}`06 )W#„wtgK*_+Ʌb| B9}\IEvʯK*?* ieb$DM@&K:Hmj -B,^‘'ϫmUs/vIJr|PW埸 (q9Seoj) sĈ0ϡ Sp ijOT;&$} L |{~({M*9$ DT2vWnSAά~RWmb|М饔q39zwMg$K_ZB_*♡o;q!IM0q!qX1զGK: 5{$Eڹ&2ZNH?8]FpJE;գt >8sA^[ PLnh,_YS"o$WVP4;55s.e]"7U? ehU*=Oy<׊zF $14[j\SfAD#d-p!)DOqpdmvKDmGƭ(=Xu7aMiI,u4~jEߟČ3ᙈ–uR(*rgAMcebj号3B% J/`"\V;ATk π*CQ@+w<CQ6K/2PR䜭S "GnGi%kR?gM|}jqpq GUX=u-%EkBd0Pd9Ye|bNNZ„t\c2OE5FλIDyZ~^"|ĕ2n됅!&!{!p )ΒHTkᗮ'ڤ=Ki?%15>E-q KbIخT82+*0N :*)o4:.y>S2xoݧ[uں8ɬ9ڹ+xeM$ #0> $LOl^Uht.첲RvǬj4HnhK6O5 رM33ydeq DjKQMD߹mζ@۴3BP뮘 0*#'C$;҈)K%W7~&/JVÁzFȀ#Ã.6 x5g}sD;@vúRү 8j1˔[FP;e1e\%ÔB^h$f+*ژ4o Jn?Dv/PEB.'.[?!<OjzE["zN-v!OۅUf'Æ}m0Lε8xeц ?}FhfctխO(CRTTՁ-M[2e>}6Dj32?0-?-q| AQ(Of wΠ:k/:K}67uL`U5΀uUf͛8z \DwBɜ׭eHqp](Zk^]]!U?p)A"myk%}܏&i<茜Dz }ja۟&Ӳ$.YNPXj+ \ϨK׬UG<ݬW'Xoy8t7~,/V@| 6FRS;W} h7oF ?$Ȇ, ̉ܜ"sՄ}YO骊ڧv< ݽ߻Vu˥P?it$ۑuOlf1Pb.ʙ5 (>)v"׉0W:`&-NaPBEb߿ >m**E&3mm2 VY .z ?M2-Ofp73XEE!8d7H dXKT'޿Wzо"S*vTq.)({'ϸ>WX7fҬY}; \˂ vMC/nKSR.0c>>xVQU=\e<ߜܨظ@r|n4jb= x"yviwJ/Ri]_3&L󱚊cr`}.AŧApJk<Awq<|(+.W'hPN (2” ?W ]q|xJKZ2gipn4`殤O|۔'mzAo+\^t^b"=Ѯ]X '"$0J4`Je8!l!^W/엢 [<'X|;CI|;)ln'z!SD3!uf#b9,KPw)|$ 8%(M[ia69J" ZNZ;BB u;PTz4yk>K9^$4A"sVKo8}TǏc"/Ly%>n,r^ًkb/'^Q@4Kkzᶷ;yGDT }5"<! f큕xэks9.\u=W++룀1="(q,a nNjPAObgbnFmNkJKJ1v2>O(f nj %XǸZs&*WXi;0 4vr.@8o]28T WϲL"p{؂o3i*6 Mf ۴֥ꎡ'v4XAe  xVKWfܓAbht-DsK~qfKm0.73h#HVK*8- D>FBkۓ zMp MY 2x7y1c>@lD~FḠ.eVp}D8{;Hs]UB}dJt4v&mqCbn^=`8orˮL) N޷6d9%-s+ ldn'b(}|EFHr|[[ m&;̄]ߠSQ"'= g'f姅944 ;BNCE6A|}6ђ_㖙~&X[hv쾙Zmi`KTXw#7/&PECJ.WO]'21{3捎p&-1@OZ׳+~ 4MJ PnZPni"KG_컰&yAiQmIvqu՜$WuͬE.C3}(9F/&Y6#P-ٹd! r*_Hџ&80M;dd;~3GyKiotBK-mPjKRpq-SY)w%b RkD8(SsOM90V&' 3VZ`AҾI O腦1xLFU53%ZnY'uv@13 KrCN 4?, ha7JvI~0(pViﲦmlŗptx<ڶyM*eT--Nb`q;KZYIQ6`" %բSA-2.*.وCw>9q6=m'A:4wSQWIh$dNpuB*s E(2p*-Q\Rnb^Y݄KkKzc߭2-/6!}Azœ`S& j5Ê4*dP2P)=WFxZQJqӂǖ Db_]BR*RuڢvVIYR슴՘I̬0'ks}>ib<닕0zo6:rpvNF)#<C\auT}g3a\XZb YFLd/} <$Ġ1qRM*B;5acj\-Ҷ k G.rnU!Wor5OfCr,_JO][ R+>Mɍ,v&)QW4%6:#6w$MwMC<&UmPз r˶Oڻp~m`)CnMu-j$5 +SRh"3X{%m]Ayic n[g9?W]"|BT̈iݭ,׮8 (L1;F_`P!*(Y9g|3g)!1 OTU ` "n1vw{u,5N~Pշ2 ;kYJtMѮ^Qb]cnc\*{^HCrT} D8z[i&CsZ4,ACprgW"dmTg|}op)Ϡh Wu R누HKZm*t*qYE0M#6lY7%7uK(xQvoüHt)`z/ɽ |H2ϳa1T:^22`羸8=vflvCAJbuy3i4:, q|^5Oށk`'trr{bspR jn[FwF1*qн|\OlyPcv,ĚNam PWq1e=*zl֡6Lzh5)}VO`ZB!.12DFr>z(`XT,"O`7/d4V.gL ?_Os0A&z %Wh# `"#*\v $qQusKR"W$x~ cp/uHW(p3E]9O{gf9z9 e&-*.q5jG2Ыĺͷ7 ‰w%$ڭx<%k=*" Quao pak':d:=*8>b{0-K/fT3 1)hDWO˝@&}_KN*D.J=ޡ|TPs 4|չyD;&U6ESr1VM<8֧ߨFvTxc0'97Cg p)#eCpc\RAv/!,{م׎Ӊ:`Zc\6Qb;ItVzb-R^R-E!B zMpMVS\MAZ*ՂYyPѸLYهͺb/%(~54 󬺼|O޼.Ap\J :b3>kZmj.D dUҧU1Eqz]I*li+$V. u|8lW|_ .A.1^l&,^_`)HF$ϻn+ I/EHM$:F'6~D.Թ.B _ZB5ZHғ~܆;%"I*j\p5qr=1, _tFXJ^SG]fW G$<d{ɒn E5* AѫX1*֠@8Rxm@ꞥO'jżKRq"Q'+˧,.r>< i0{ϙR1z:! F 9+g{P mJo8pɓc9b|aֺXiDVxo=QgOh3$EcKӚTZ,i?ZnGo罱ngۥ(mQAttz>7k/ƁZ-_F ưPlZ3FNEZOd}Ɣ|;'NJ]P_Ye5E ؒ %%5 A}nc}0WBuGjX! l]4)tOBM[g,wE&=BTLxu$<7fo( .rud,{Y7VȅpYSӳcs DgHƙUQ@{xML{dlYߢNiڨQ6k>H@=14ֹAe"[iK_kn "9I+b9Qq¶;H_m!zhBĮX *uB -ƛD褈l&>O٦}d"H;H. s&9-lxm2$ ˾[{8h#@RkZkļD8y^9,m48TH&PN@ ׁ1A^v|+u;ڵv\E Uګ.?5gCLQS$+;xXI <2&MszZ2g4oשV3kM%S>̘%.~Zq'%|&c*Uq_@i lDp9~BĚ{*B6s$}kKN)=N ju9d/!CV>xsJD9xX@yB*k>WSdiS%ȫ9Lþl|?!@*q*݌6Jڼ F}#EU_W ~2ƪ%o suO17I9 2O *Bմ-igg4'xd0NkiJ{^42 7e {"L`K0Ȉ$m*fY E^(ofIU db¬x+fc JĮ # Y˧p}K8X ǔ/58=%]G:ʬ}60puVK$j5T EXCu  7/yPP h+k8tk|{rzn.5=gK1+}.N\uǖm۶E`ߗ8Y=;;NՒZE v2ٟ6T_SI<٨@]8n,˸F,fvUX{P;(M¶ ؍u)H jTysB7ORV"Z#g@R$y(-=Ceg?sLvɘ<̦{Al -D|QFU;lxq|/[` (- Si'INSizbPZ*h*i&-a~nY 8)f1#fR5`%b'B w6NmgO}#z JL')` ])bTbpկ@9H+ $MnWcWΩE%Of w8uV1CA$HMX%v{% k}BѰ *ӛ[?Rl5g௧BI}$& R]0_~RD꧝6j5ڒ4Sq{zQ᳨x 3>nZx&3fԾ0LT_L+ՕV@FOi☫G1/°B&Lli! pS`f)JC0`[{>e.,j5d*nv:JAhϱHQbd]X12F-%! 2Βy*1K`#qo&KX ALwbj: vљkjhj [pr )kеr@SG ZRyp? ܷ.7B\N OЕLٓfKn5ʅwP”,vֈXU9vRl15G?)8a63Ꝙe!y08 ;/c&鍗//:ӻ#݇RHM^(/~'N /ζIٝtDYm(`N:?z=3Y$b>m0)F'$*>y+O2H*yCO \K"*sjFhuS?Si5zd%XJWeqo8q=(ۅFh ;]7MusN(e]\H|P_UgJ !Q2kn~[kJMLt0jTF8>lw&G/.]i->^AN}tWߜJTӻCkR#nI +891EO]u1X0Ҡ1|'.W<}")VrIwNǴߖR4bpqFzJžr-f{3wtWa?Søѝ̋X}K>Py؊g q2mWC)9}IVJMtX3T._2=J I8,ti'2U]N+.iY Q)<3T!-##Te"oj GFj5qvTKj;X| sޱ6t]}LsNϱTt #9 [ g逄+/`6!j\PI54JH~DzaqmUsL.z0Iל҅ҦZkB)k)ttjr8.[}h_ !iWS ~l4(FlhDu -0ĭX ~!Ǔa>>yk~2n1Oy&b~f-{P~1`ʹT=a9N1E6bhϵ(bN22*9H v}.Ӓo)鵦IA-VȀpϩ&Q?Uwɶ3)"mg~ڻA]|qN4B#cEKk˪cDx=@qÚUe4/diR3ٮQj/(EZX+}Gw}]t'Udj.5|~{ҵ]W(ey!/?8_DƮo5)9-9ou'0]ќd\q=E Ol Mrh,f []V?$dךƁm1|̼-U}""|J (w86Oa}`zxXBz B5weܭm2X?׉]jƿ7DlN u2mrײxXzB(žiiGɐ";m7}#HmaeҰj?T(8o-Gs{{|߳63o` $:Pw?3+;r,?yyɾ咠M4{B|O)J7ȀόK'[EF=BT\,Hc)`3gQWh h0 BCOU3tj]U9f{I= 􊤫VI ⭵q:"^ 8/i@<1GZاuo'}Ԏ0<$5SjBX^j2)J{{ ~z~yX'[ 6ĜVOșNC$L"]:[Yd0P݋B8 |>jErP;  Kl/Nh &s91]v]8T(gB2EPoS*Nn Jakm"I Ym)o^/u)cODm߽hJĠ`$eƆ|{?L ∗+s:A:m3Jd:FzvHE,W<㷌:@CTdh#6jZ,ꫢ\n)KB65t_4/5<<YޭǸӽuŊQz@l{(ڔVXRBN# %} B鹉 B͉z1i -UZ|9MKv,suQyQ2*q^\ʝ_6iTyDyT肱?t{w_RBM["`$u dJ[(L]$_kIoR fOI7DP9PA;nJ>RƩ?رD|Ǝ.G7i]7#2ТTԘCfAh!=j{P7[2`KdD|9bXh? <P@jk4D+?U-c=dH79Ԉˤ꒸g}pnF.D>I*W԰%&[O)$2٬:EN/_>^5i B|I !@S%h>lfd 5=6nɦ& mSVUee)@x6!8 `Z͎ov9b}+l^EqD'M9aŸVֿÝQ%&X' B뀦ZDn}l%.Oހv5ѥDH7y,EO[R==Q.d.ٛZQH2*Ž^o"tNmCx:͕(U` -]fߧ $N,a$%/Љʿ5a-^ХNT `9^rl%1}Eqdι-CZ}(=L]Q[DnѴ]/t0M(ѬN+ ߃8D4ڄViߡJIB%2si8 n cP"+axηnέYWZ")T%y2@P0fD#.VkS-=-5%e8mv2,jYDyMaaS6Ɉ|ޥt+u#!+7[d1̨)W>7 w3,2;$/IwKkZHZm  WrY^Ă|qhr>F|5ޝ'M9gQ62lrdg2"Q rP8bC*:wW =Ʀzf acnd'6vnL6-Wfq- ¿s=JB;e[ 04 ʎɲQ[Z:Z%b,PN(yM%!j>`lGn'&&oҀd{<TDOƠ(XH rM'tE3"(Hpi#e.%>6AS^鿊+*<@\o8~cy̓AsXNHYs'T:WlQqɊn_)R2kQY<~=pKlϨg0䢄RHJg\XPDQAy_{tQfTf7[oĔ ڑ ˍɇc %1Vxé7K^TILs(SY5h䪅Rk,La,VƵ?1z 7K{Ͱ]t|\ަc6{}AbPuoPIV|)B^!Ig : 5m5//t dMDoCUVZ \;,[7N` DPг2 {GBY,jW :+iw(N%.x֊3 ;;V!XK]_]FzmWT%U7Dw<|v!pÁP"^#5;vO./ΤiԠ89^rPqnBc#H\HLކ+{viiS|Yϛ:sꦨ' rl8=ɁX F @Uc?+ 2-\ q$qrࡇ[KN"8> dMG[oJxt#@ʢx%k),+DV81՝ƞa+1%įH*CuOCLss~vMOz8-(rT=/!$;5Gߗ9.~{2Rv&<$,lA訙D:=ތ c8uU F%UɀÞw.캰R|]F-G^&sek|kvtD,wogO]wXsNufTB% D: P7(><>IُzGb;\|r"p R6?zeF'/ ΪLCXۀ=^dP! {F&ZEvM3C1t-6#5:>R}rU:{2aZVOq=@Ƿĕ0-L(Á  $Hr.8]oq#jB(v ݔ&?i\N * 4YwI0"<,2摏TuVZ\@f"q〞PI2̍1rAij}G%h\CtR@ +FaI ;7ONI*~$SjY $~яE#_r6wo|eA.7Q:oM$Clqw*8^G!"_e?c9­ֵ7=?~[72α_M˰؏2t(U|LKuRw:z@EL{?"-7W|^,9|9ڀ"iw(hlI=qOU|A;t8+m)}_KY?/bvquIu^N^!2FF6MqHog'zMy0"TcqBNzAt/TvbfxkEtbX.޾$&&&T@QHT4gUCF o XO'.huSz3hS 0(^)14z9E aڑj7 \aч>g$Izvfш5M|S%2Q[/NOg<e+DDHd 9}k^vcMzZM#lT-m3g*v54g|H yg$ZZ*4HOنnUkm}&WZuDJ +@rOȖhտ*'لT;;1C݃:+l߬&*#~ujDPk{5isJѰ~DFAIA*'hS!vԐ-!W9>tR؋ $π XN(̨eS{_Iq\iəvn.4a-;*=pQ%1 S9J7[FstSlc=SSf@{A޶\cIK8XJPwJmr~{-U2M%$;pQo2D,2qݶh#D!+~phEgfFtebQoKTƎخՙo.iD>LGe &6eV=JCCf;B {l^B4b:qG4'2L!mOưb#+5|Ywe@C@H!CШP?o(p3ȝN<[zwK&aV?Z͠եl̕lݻY $-,-Z\$( HnC+`REnsw5|K<%G&䕶3-ChvP 'Z|/>$`c D|o|TK H!\yʈ=GvMiIJ\ N& tOtΚ\|yg?l6 ;+2-I;F3|?Nz*VN9 OaE('}GNadBNp"qu3=Ь܀žwL v>p=c;JMYO!ZjHͱWG|D;˻M&9u+YVm z6eû"'YRnZ 3u"EQk%of֍E7א:{*+7q5RXfl}e4-xH RYU*E7`_A|ɟ 0Vnx:p4`)mk/(u? )$ߕfFXYIDMT,d[ d2=Vsϖp7"lnJ%*'򇏨"cVcEdYD: O/$JeBjq=EͳEvKex(+jY $($1M'!%RDamKc@t"5/dW˖ALmUIAP\Y UM:DJ^ar׹[1V!2WzfH#R(L(ħ 5RfJ1e@)Ie1|G /P)^TP<.@td:`z!]g˛ORck,`Oቼ 80T=;w !)>wAcIp_Äcef9\b lB:V^]*Bm=7D.ޣZ XEjM_Lb_=H COK[x/ yDm=мg6QoP ~nՐhN)9Ӆ/cϽpT`֮uT\a{kK 4HcF_fX9pɼR BķHS}XI{|9ԭ75WWRW&(aw-1;wp}^ s[oNjԥiq 4HUT5)'3~j.ŅaD|_c+ŧZ!UrQ{Cciq) ZE̪aRQ *[V&O+>Ӌc0{L"aFm<ƙ{bXE g{&j|ﻀ&w@'o *otdky_`[Fyd.P[ZEWP¸rVLќ^zNyeMJC u\Ya|Rm÷K&_RJPYc͕<$+:{#`F(%ߛ v}y#>%5<<ڠJ}uf{7ʱ܉כ0Jb@ b2%4TY?jcLoxG28*U s59COE\bլ)m@0lv+ 4B!#މ|mb@Rˑjq>O?/_ӒITrOp|x '͟%'/o}FS n0JCuv&kq|!z$[zAIBw0nk߅ t@$Ր뜔]0/58 ;:ݚ>-og+GjQWMwg2!Ѳ?)ֽrKUW zK*±oDQԂ(:7{?Cܪ40ʧ_AlZΐ \ J9NGɛ|^b% ǀ$~\=3oR:- ?'e7o1n>[dEZڡQ(1"}Km7&;(]v+1Q_\uJiJƞʝ~% -R >!LGMM\kVuP )ZEYGUܓGLZ}wXZ 冹M엁AXB_Qyϰ\5J!Q= De<ÜZ;\Wҏ}AzH4wc\*2IPg;{x&έ-yeig/-zÿK(#8.\]ު?5ؙv[g<|**۬J6~SuV-aw_OVݍD A3KQ' 詷~XyXPP"x>8j֝~P:C'2Pow,ȸR._<=~>!M:e Vψ׎2kՖrRe0H-؃u!UѠ:̈́VIg|9 d/`[2R>):6Xh ǩՉd֚4@ktf EЙ,\hl*`w4v$!&ZP?%oY1 ^|7QJusgoYՐn(Rɰq<QqG>N(0,=_ )d?|#ăvQ.'Y%Ty`\ LJñ=pW}; N)6ɤD#.y9UE֯!'qS`[]Ȝ iF;v= Jd[.=뒚II}uܗ;ˀe~McJzW Jz܆/\Vܳ՚Wh؄Ic]n8i?|a]6_ msDtIqRZ3'Ik(II,8EM)BiϷuk$o+X2}62}NtO)!$%Ck=WDn?0-p=VwBGX2RϿ*_.0lX96;|#~ 7:"y:@CSz qArwM cx2-~@F\` T㳆*^Jl=0R.Ca8Bx5-C-;Fߴ+Kp:odUcAЁeq2unbƥCB!7 EFJc0Xy, --­<+%z%E$n4SPf5qKmYXP;z#a}i(X|"1.@h0jTьJfВ諒[k!&]斷{*CnȌ6m nv~p m7WFVs2"yp1'n%)VD:kvtGO_  A1*8MJEˑC(O6DlUJ Y@F[]aFH@qI>I2hG\? +v&漏Ѡ%= U86+H #3xu`RjX[:ț}mjI|WBtnM c>[pq킧 X<>h1@CZse!d;k֪GY{T<8h!Vn,!2c-!f)F_ okes,[տBݭ [e ­\9V9~)[/9YPKQ6ǝ<S٦~fhF^v7scX4uR3=[[}Q԰WJfb3sU.HD0JHcUB1ղ߷xq0w @o Ж'c-[RI#vU7ԩ/wĜ6 OO5P65o$f퟽\mb轔e@]g 9ʰ#πF V: 6-KECw_ˀՁBc?.˼ )v^wCEssznj_2{^qACv_%txF/qx^H= hwX̿:VYXNrnzpdUY$Xg(H(f#4J@@{@/ϱkg?}jmP՘ǟԝCZ (9M 1R%pFltZ.g=K+]i*]|u3QEY3lFo2`~Iƞv*m%Q<옷g6T'k>z)YFOdqB̈́azb@hLREG) CEvlRXeTk};EM&l:zq+zQNHNsdU Zk^pH0W8Ii8ec;~n>:j3UF*h9(^+l:e<5"w5 hp<:!6O1x>ehoF `iB6?#Sä1onWC:{^#)M@'8f|+TGJ)U})Q)ӰWy Jٖ]Y,EGVTW6j_^tVw;n>*K )fV)n;,ՔJVt `(OPZl^ų|9lƚ=|xbyDv.Y 6e֍`ʘ&1BYKˬ;FVqx_@p9@y yIevqS u(pbMǞ5i`n*GŢ6p#Śz֤ 05Xj_NKZ_Xzƪ&8BRcǴ56rQM)to/dԮ")7בn۴oM^GEKV0Ιl[f_B.pTbED9e(o\0XC";iHZV{ܕ9SN\<C(NK`'a"gtPոȚ"MMe D7*1}-q7;3?Qk)T$TyIflY7NdGI`4cz(õ7ML$}SQ>`s7z&JxI ͈ ŸO)Vx4ow30Tu(qI]{s7WGmew4G NB%;{kCzoBNE֒.gVUU˶&pB]ZYq`?D1 ;:9B'@pO4cJ(]pAcL]jAzU28 Sdeبlڂ#A'돪4>>EVѷCl(;O}ZV^dz8bLi[yWt}:P+Aw6sr{3ϥyfyَ8`-LJӰ{.ΚiUVa,~ǯZ 5C < } &30?Qp("l Roc݌D kplӕӉQ jlO=gw)4ɱz9*=r q`I.+IPEs#~&~xκXkWPyiێG V, WC̣D}?a>KCƣMt ~GV8Zġ Mbgu8Bj pwsxx, -j^L-~ZSP#'c`܈yZg~YE9*ɐUjCz%` f=R&j`q@Sc\ >A{UʠaӀ9^a_N -##\z|1zAvM{Q'?dOٮ8.TUSyuZeɖfےF 'YVgB: ?.!W py  }`Ue8 0&+RݫgAtu0]E׽ż36[>7;EǜhW(j6mv7]KQ`CpZMֻjފâuݐP*wǼė ˇ簰]I@L2?Sz8\j vGi? G) +mm)NtEqR i e@ã>Ĩ O=YwJg&S #U.o6/z__ӄ2Qe5A6ΡtrQ; U&QǀeH)|H,ᕿ:%=7ՕJH.߿[zQwI[؊MUֳ)Uuپ~eC3܉u;OJ.k3le VUN}ξMKf8*.OQ6qalBt5w J!A6\+['#dQR;(xJ4Fk;c|RM(jT$5X>la-xeYV ps Z{΢ أw@4[$]c,P0âR;4&Ze@V@MC[oC|1I:n=JX⯲+CTHf9/A#JWo~J&H,FK( TzFP< d>l3c}-'ΑJ ߛqҋ6C}-[5anECAqCE{7CH5lC),Vp~%L- {CKTߎI ;)wfan.n O~|}МvWzDAAb=Oqx6᪩ ;V т|Ά}aeLB|$|i\e`4 rg(ު..~#U9FU}3(ut^񰡴&2rn%xXl w@nt m;>#}9r&Ao6K)n-!ߣBJ(5U?mj40*7jL\a~"$.0/ו,4վq]= LB5j;]2N_yjҥpvn2 (E1*6bΆ{)/+8鸰!te*AcGBJ0Fآ(]ӎaS<_[i/J+PsI%ϪVx`}7gh缎4eїH.7!r'}XXRy<^y5dK^:=30)@;m]Mc!fj?|_1b|!іޜp %*;<,f4)AΤ Pv߽d'G+7iIs^ׇ#`ڥrlu#x6[y^)b,:ϙ{C]GܵS?fx :n? HMޝJ0!W9of3%?:Dí{SjeIA$I H(]K  R= ZV,ԉ^-h=?fc1'g\c+rvD3Ukj|–BhjDG@UVA7U0Ȃ:Ac 2ݷqh'YbQjE^ix]7ݓPE3#'ب8I爆2aUxMpI;Bܧ.Ir67* YV6Jz&/L>;CK9Y $NR?6Wr>^yH?B#7dިhpgLk1Mn)؆2I6* 7zJIc̓@_4ɉV(0B3?g_vS!a6*0 ^V'm&@~?a1X=oCގSMvȕMfn[*f7~BAH(5[Wv}ݬ*R3՜mUuhBΩyQ=;-d͠oCKޘ7SI6ԥFĦ!;Kr1 F-c&M J$`g>I 'v3K o)wLue6. vaa>~'2sӏ'_y8 TDq49&ܔ? 0}h]\<=r}3{YHΡӣGSQMOšU[6κԌòQ~=X_R;DlCf!Ԟ)q 3&G hy0FL>^UT3 ! + vTիpV>&)cF50v!BX3cjSaEc5,LA_Ԗ5{ َ!KEߔ -ް81jɪ%yOݼVHQv*K 0t|j_6oU.y5>WC]D]pP{u ژJ's=K"&p(:X%A_'Aɒe.ۙOګ`ӃI?V/iaV%yMzqBpHcx[<FdwwJ$< umODԾ\E ~~B|Ht1x>U 3HX?EF Gej+H^lღ1 *:k}^l%*,cEݒLSr:̀e{vMTĜEq`@kBZUiuA#\KvtA?U ]vC hJ?'ks.μ\*  @oҾn謱gͪVQ[J;P>.3Y z{)怲ǂkuUFaT Z#Y|Yn_T7ϡzۓJX} ZZRT1}uo)=]J68⹟\:|aox;'lMkY KgBA-O=bAP ^۳[EʹXJ}Swo,BT'1,.:]C4L+_er1bc;!=.̂k6fcMMd-vL@|l{_ޓG5-?6 f|lj\ o^P4vA|'>!7&6 Zh(r[vlOzBbPJa@ rZ߀H>Fi؈4:2I&xJ<@8t B&(02мu&3//*^JJy{yduI8Cˬy4iv ( 6EI2v7'*$dN2H ,i聓~Hj h|)psʌ'SQRfgǪ8V `ff&"jY0>fBh\G*뚖hW?2߶";X41zֻD1v7]!sqcyYR̰ٱ"W&Xxd> -UgÉtP@uU~W/5P<لa= 4P+ukuYzf&KRMPKQ8K, TbؑI jAd`^kF X]i.^\]GPV_2\@!3uX]&чGJ0M,foPi[ `qJ#Ƹ<|@/+"4՝ ꛗlX cw^Hci!^;$EdTse X=/o#@ ,lo^5Ew+8[ݢR11ZǞt%pMj@-KTc= V8}Q*x_yO6zwQ0jɌ;%pJ3ŷk} .E34׀1޾<Ь UG kϏQ`w0d2y|Hi0=/ѸԍX_ SV[ `D( Q[=>8 t_<7__!y{[-eC הԌͳQ b_xh^t^d Io . :ۼyK_~05cຢ$r $d58! Iϊ|Cs/㿴shv/&3!fxWm=b_&J'jD ,k`2~onoդMrT W92 dCQSbP>^:/b7Br`…2bgCk1X63\htOt{}|j6|TNc<(,m>$RA?/NQ{ HkpeH#q d4d޵7Ɩ])d9 Wᅣ>2ڝx-Y0FC{$ʫ2oAr.mC22p "6+C#og`+\K%WQ"EVѨDBDZH)< )s sl[?byI!㹈ʯ%SPDYyJB@$+IcKMo#7 Lq#(tI5TR΂ z3~3Bzc(R X:<<AY%ҰyQ޵go*Dz(Sc8Qw,S?N#FjNLYSvo@ ؁b> 51j~7eClxKm&C2QbEɐ^]H/)4u5>њ=[Z!/RmXr"sS cD($dlwֿ989SѢ|$ `[:֏v+ ӨC^.祗3 O 欃맡؛,H%*N6̈́9l2̚5S[Ţ i2D)$jإ|*-y}n}uEMwtbO'~'`nwAfk \lOR621wvĩ{ؒ{7UMB.[K0*Q"`c|o#4hukщ(IXmAqC뇷pA3yD|k:9f~ v;^ɠ.c je(RP0!V%{̸g}9Fmmz@5S1xdElUVxOnl,@096jY dӒTG{ؤf!SR;NAV^rd13Vt@9UqBbJKm !kʚaԑ"zˀo _}핓 G]&k5NHip4x@f>>HW:&XMrDC$'y ~OٞP*Ăyk KXTN* ،5#5b;k.ۼ kxypʓ5@:$qC>{D@#5Խ\!,|e{dqc0 nlUXJBD׍p, c] MbidD]\Ou.z BgRlQ';1.sFuة9pŅSuLO Oh}#; 썐 DF{nfW"ܯG{Lg:L_yb aB9V ,Я>ȴFA 'Dw;0"{;XV3~?ؙئ~bdq3JD&g lrEs,"#b! 'A1osrq]g3[,:*F-ZZX3,Qz|E>wοզb|p<_\.G00 tKD<]и#|UR'(BY1=G(!02m$˲}}>*u3?go,BDn*3x PzBśo$D_o\[o٣B3n] 3ki{>)5qHw+E]+go8B +Y M?*qkt_ d |ߪ?̈bD0ڴFW+&RƏAղLy2:A|D[堪罫X8 Ojb!(q޺KUNd$+imtbԊUZq* Zн$y9bޟ <hz:Ǚ/GX#@hΌ*YKg6O Vjd7հgYm>w1 ei c¤e/hn<73Π0(",0RǕYDH¼4M:Z}JQIkՐs\UsqY#Is#f`zgaaI6_3(p}c;/|w%SHd[~zPkbSxanzDZy495K;\䯶d![TgLY|Qþlh~@ q o>"'2RoFxJ\C'| ^)"(٪X<{3PgEKs2 |83eܙn w[uh7%\eTcIL Gd¢dU`C=74^0 XWŢ;8NL䓌-svŧ(0n,8<\0~;F]&eX41 EB=lkhz&eCl Q:}BNUx%]O۔f@G {=ED薯&D1BPyoHׇ#k1reF RF6IP+%bl4i~ MvPz& t E8|l;`HewwRo[IZOs8`{tY${= ZWJ7Z|uoA9:&|K;cC 0Hݷ 17J0,Ѧ=`S[q^1 7a#`{ߦ$A.0gdƭ%a~Omt7#ppOzg~aFt@7<\G_Q4HH!r>@}og5RT_n\7 ODa™~`OY eŴΦ@wHpS}OfDH!^Ŗ ba$pHw ?&N8u 5 !:>{[NNE&ק@Crw?!K8̙JQ"d-jEdmrdmsؿ.’2k+J8NiNڙH.mKN-[¥%d( \r?kCT6'E9Jҏ\&r|:,R֚SߢGO}",} ~.M8iD4~ʣS5&n'A'N~6S+TQ ~CE̖?DKГU 0lmYňgo,t]f"{Pk)x\(My$'Kdߐ]@3ЩQp(gOИosv~* xj~W-x ѾJòj|R<S6w urjì7P9aQ#o qfD\:(,[:b1`t=.k.^zc,HPޏ2-s$Ud}{!E{/3嶈Et|gH`\ Ul׼ b1v=a>EB}?(T Q3? '2% ȡ?34/)c_=#xd%7K,]1YwZ)Ci ar+)4fw9fԄ]F kүHzu7dnD 靔paLSk|kSE n}@t:Bhpmk)2i^WΙ L>&0ײy d#5o(3࠮dJIbg3n;ޜ+T^eG3&ń259U\&ih]k([tS<ʖ(+AؖvHr1B'k@4~DOWU:#C '/2y_kP[~ç? [o<7xt2 ٩s\)~EhKͼL|9v#nN6Xhږ}h 1yQJd e!!v`,|9s\7?Dc}oawƍ=1q$Pz "9v%B\6)f$QaaF*ߠނ "w:۩LŅiUϕ`.P6J %!|{N%UoW8KW0 ܶ,Ji ԣZ#46u< pOJsaiRhItR:X4QV£xk33Zf!HS>-?Ɉ)QbTYYA]BD2ȓE2vx}MHzVǩ 'j^!<]BWKAjMVg5ִ65g2lάoY&MLFKTyxOsRCzTxC/j8Gr.,DZӆX "L'ؚ!^.2*mNU(qvRG;z5i3<(4g!)2І׸eDюᡁ.y,OKpU.O50=, T5G=ł[kfuG1CW.=_VdoCStL*po~䋙iȉn9^I[Y04Ub>i-IV >1Z[J‛Nˤ?iK<ҵqtR*ǯ 9vU-׼W&K^`OoZӓaVcr(a ']u_܁13G&G\Fg#R]4V+jS3c3g}N \Гᆚ]x^jtc]hQ%P$Lgϴt4^}͛ۈ] έ, d7f|Ȏ]ڍÕ^#Gt3G: . U8_0-U:NQӖS8QY}7@OĮVG|( nwDD0I|rf#.HlTQV&xahkvȤQO'l9\>Dr٭nR}(:|!M)ˬ[_Tr5HdyA \ 9~}<'3—_rȓNǵ kGJ/e5^+X5}K{KzAoᡝ&RszkOhqTn'G'v{g~N"]ěG (JKsfỌԱn5Gxw~W&ohS_! iFs q5QW#fzƞ[]3otU?j[A3J&JC$1#wd$ 8ي镑(;>8ag 07R0H࡬YblWՠJ..exjvl&2' s9ǍTq򄤉{€M]5s>[RlJ|CQacv5]&|t{FL.cWbO S+"/h闺T'&6HBf.G|Ki~Em~|(:5IQ2{i 9YFB.M DY x2"஡h|l:z68ĝ`A/gq_%R:}U3m%hDZv3 DDk[A$u-:~9x+Si-7rEnI3&'d7(i-o'erJo9.;RDY|Y|0< P6XW#%Khhsx`W)lSusrx~ l1J$ H+'fQqx (WqHa܂0֔U 3 ˫|q7evY\-vz)P{y7jKBJ&-m$E0k@NׅТ؋ށ,b݈@k#ЯirD`eRi3XK^yRJJ +QP޽Bm "I}f> w]jMO %BL(D?/I ?)) pb*N^(e}My5Ж.=BQ60нk̆ݾ0wن|;8PԴ݄̱#vQTeQ"c]Քyg.!#/:橝 Uߣ֓VEEצT\3ޱ.iE).Df"816*ݩMt eLzrq,$xTSw# TJpYż:-җ$\>ZcA,֐?5`kH)Aů*K[U'AaPuEs0Y[2~08WۅybBHqDMiY}:s7`4^B ba@〆Nk`k`g[?\ڰnv4P'&5a ,E z?7gx$\~}]C/JJza f 6݌~/vy+bo 'r>ѳn)n)P0a7>bsA:0x@%GdRa,WIr"H64\.J丼TR6#sxXJ;1dUaiLUn*jUE5ΰsu m h xb)%} a tc Z*Fv!ZȦO?_3lD~fPv5?oQcn鍛Y`hrT|d^]c Fx-ƿx1^ZQóDʒ]t{<"yIOAƑJK-1Fq{S3DBdm@ѕ!-ف`I „/QVi)+:&v{,Y\6c5 SXOT+23Q(:O!$8 p4eG#pVJ%mgл:wh+6-1s7SNцjB9A8]\xKp}!/<#ٓS3GF-)ME (^ o"ٗچ x'uTl6y⤪%^=>="Pa@tb+gGQoHQpE]+B=Ag;4 LUDf .f"]j؎m.I9%c_i_;^ٓJ*]z2vdB4I.4MDׇiaQ5ߎj_m3V "6/|tMNZk|>3S3 q?V85g?6n;TVW in̯=nV>os ךּG!kŹeT#~-6Isw\ŞmrրQ(sX6LS,+\N$ `"g=#eOG8.\Q8T[[C7D߾Qb8\A}KǪ$ufi-3)=Jqj3r.^yE>CSo˙ }%U,'2գ;c.Wi z*ñjSU~ &#Muº\Uo98Ndf&|;Ȳ}'RdJ)6dNҠmU@F2^7$?3)BncDmkL_T[Kb UEIt\Rp&G{1ݹ[n,srk 80ɤgע)Z{Di?>3o Ot*p|^ +c>yKU|I TH(V~)w-|( J74Ls+dSFV֌nk͏ ⏜"+Of'-RsMCY|bE!5oс1HM8?B $Ҽ-)#Z4iBD^r?J"88}MsZi%֦ Q !T4ZO.D愈H3~ֿVl1Cn"๊ *xMSչJy~:PU%)@]s3]زW]R/2EEcM 4 0bQgk)>UP&ؐej2;+R!'ϱTYQ ~H#=幯e/wd)igyx[z_HJ<jş˴C!uo9B՝̼EQ9܊07}3@;s$HG:YhR ~wOxG cX/Z5 JQ?\02nlPL2ߞN?=& H`[s2HyKv<x(#Z[6KrzrU}kn=[4FK̃O;rh,j@;w7뤜(+~搋_InOu_#`Z& Bs\+ˇhj_\DǮ_vLV zFv dž4P~$Ec/8i-MB~UC Zda[oڻ99ӎ5eg[-X)M^^cg9 }Z@o)fKa,KCvGUzNv3 y0S9_22a4eq`)KȊ #Ғv*O'h6e#2N/0xUQ۲1b g 7hgdGZ 9sow ÐԸeXѰ4#?B68uxMqe֭wƝ.؂ `sAZꢻo[g*u~2#TC9m"l=g%ς9-gC{ :IN`D[q2HL'/LEhJwoW頗35yBb<jZH6f9Ƨlў݄7A>3}J5'>-hڸA GۓP.h+/X<(D_ucSgRt^vߵ=XY¾\Ti}[b _L/BPі+9!l/PɐȰ7ZIRP+[kQLw >"WטC â+!7.m#ԭD,<63]99*[CL==tH?SITKa{{ )&I*kRںC-s"Ռn+3Wu0N|SM1罻PfE٧`LKTd Zx, !|`Ȉr4l5^tۃ{Jɒvnqϗ$v|sk#8'5@'z(^ EU[.~:M猐\.\ FSX &0ԤԐm'Ht>t%>j>4pAhMH.]l~ xo]G0.+nZһ$:Ëx;> 9I;Epݗ(k u  ׂAadf63풳đ 9+rk׏" |y.4ȝ2|N<^x6­p1LG i_OA0D7eqADKs,ϡ)b#{6/BHR<݃R5t,b[@\'Ι͸3jjĖno~:);*y D29Ex+n/ DFFYvӇSQ  @Vʕ0ܽ v4<+[YB"!,t@^l4OZ-n=6tkf'NTSM,x~ [\8'ɴhMVv]`3 ?$R^Bƴ{XN da-~Wrі/`-&~MOU *PYjEg]+#?*>я]BRNf.z3Q wh2f5 moHL3$'0e4.R‡[hOtnO(ѿFbk.a0(:27ƕ ,  a,vo HtXK^^q&k7Zػ&O(փtךۆ*`OU[U7NrLQ:);*i Ŗ&Z·wqgvƼގ>Z`a"#_B[TΣڷ'kfX;)"wcSYVNO٩zoޠD'*$  26~-tvg }V6oKǺƃ=,=bmD6pGLpc4.L(.H1`vlOrGAf,[{XD|D'Z H 7LORZ^I$O*Z 2w^6:]E~pˈ<󖌪Z3%lֶe ?9LRsI<8/~jࣔلzYt^uݝ~}ˆa~"ݘ'4IGeyU룉/lBYxvQ8Ε]ŅoqvANY MȓPBIHE-p[b̧4>f1EA eH%7 2LЬ]|:̙n1t : Nz٪HK1 y%}(߳qBm9ȡơ:I&1)]m24{0L">KDt_isͯ2{̐PTiKܽgj;S3N"葽rOWZT|WKTc(gTF &U(|kY[ߐA^B'=dQRuD^B+3,aiP)7r= efTXhm+V[;d̷)|s՞)ZƙE d%UG$Q:,B)|I]L}M}5 l4"k)rS\a::MV+_d_&HF|n*mnŭVEU B/UJ0|,3*/ZcilT۴a㇄ȍjB6 $Ԧ\e34Xh ULۀz'NIڞJk 7qOFY?~3.YUt64[S 9,6m-.¼/Yp_$ BRݔBŗϕp5`s(ł߄ANQYPi`l޻oOy>p~H\NR (T9F&r=`QwD\H,X&U=86øL?s+[_X [X$]f|{jo Pzob%jǞj r>Ջ̞m~#0O>;?Byv906.x5ۀ,#Z` k=&=qIf=N[F(s1U:e_ [:o?'_3F {>5A^$6raѭ&_ftdL^5@CdYلߡ L&{H4z^mΔ); <_ tJ>C}xBB() 5/C,Cbwg0*Mm~d?Ix]V*.v(gbcYK`Du\ x{G,D! CU;:kQkЃBAbLbրD׬Nϳϳl`q_t T܆[[,`934U+Vy36e'H1 xJܝͫTV3㍦gGT:\t!G*ޔq=B͋銞ZcW6]sՀ<%WrStȔGrteNHT.o;p+n5(=&m܀L(秂 :䉄3a?V :i:<RZ툍c!3M_N'gW(T4y!xdwY7{y~t@>_;*#^9w&ad1{Q&R< ̷YG?4*mmmbB=ކ$YUFiٖ)RUZPŞ[ :s^#꒬J<ȱUğ D`;>qP e]'qQY;@2[ ,_5uDh۠pV671OM*zLN{~p籜Xq93w䊧s8L4cĄ[O7=GbXBbL@:sf:8Ȏ>p>) R^AâR&,4%P[-h8x_d\Ȃu/xpu{hßq|Ƹi#")*x̞:0bW-vf+KaWh߁rQLqg]C])ӀEeA *b'P$!z[.J`&"L2:^zlgN Dʾ]l,a= Y2qɫCD+qr6XΝ3nYZ H~k`b;0qhxxo,\cj90=y*sB:.ȏR}6U NʅA=mpswVstOlr&qkMZcĿaֲUoHl!!" W6=J; Y`O]"nE]_}2ݐΰk#ߢw[A ܼķQHCе@䖫@.3M ϯxffbn-+Xf&F]?3V"R"^;dƵ^s9Ҭ3oR?(e?n窑D"aYVs5~Yl^Rb Br7wQɤWZl{[gMg-ȯ)ʯ!*->W t!qMt8X)mZӛ:_j[s>b5:۪aq`4vC7ϋ5zhTyڡd{5}dž"m5- |vHCT.LLdq19AYy$#i|ʽlFBk$MuHbR;bʼ4|GNfkɢLDKdTu"̎lAs% g4(7ErM8 *ulEak2t`'.L52, P,G)5 R>sNŠ oĭ/kbj?C\ELN|pR~'&4^:kE"N@hI3 \txHn>VyD+u3R>"0֙y*ן4REAn Є61o|ZHCM&L4ٗ<ڊ :f\8LB{$6E >f'UChXc2vy=pYR#i}~޽&BqUn5h9Oݵ@ƛlڧ5ďe M -ܗ`ݱv4a lyCх#$ 1jnE+)V[%F/v#뷊@'C_و1 ݁N[Z{gpA҇55*@W/gJZYT I4KFc m~!M΍ٺπN#]D(P^8^32i&C@dm{kgy;)ugm;jz 1:)]uZ4tْݑL}Ug+y\Ea-8#4hO@{"sֻ'oW˅}Y!m?ў6%~Ӑ@ohۇS l *8vSX3!.g7߱q}%QU# R0b߬ _ь{KNGBYtQ9 cv9eC|*Gܐ=+Ho]p#\OS_E_1jR>9\|q\~FSvLCQǑv*_< ^h0hSYbR!ɯU( `1"k,#aaxgІm 3f0IQ|~SZYoᅫ";0h]aBuP&OaaukR-yVLԧ+BXB&uDWFqߨcKbae[Ì>vNbWVQdd\@%CA%5;Eai \D. -`Xa@cפ+"|=@K:/{c34@.V_c%F)2 T/< ikWEuo8^8q5'+LA ݷ0Ouyn>ʽZ3WH` AmzsN_P,n k% /AS( M1qˢ1r&a:T5wW*lZQ恂ő- ueQgn g"hga`1Wh=Td.yeH NMjeM6Pn$'s)fsU;0\/'%'pŏ2,\o* [|:s6p*8*j\g5 ˡ ,3^eL^aOdwq IvC؛'PĜZl!7y Q| 3[bY@^1E%;hLBF+~Jo@~)iIw>XO $SbK9_7{`4R#d_{9G<ÄGemi2'_u/<bʰ@7cGt0(gSƏ hz[ ~{y}_j v_6w\ JR/}ǙTc'`Pfj8bvOKj]I+J:./;LPjZ+@'?0~^o.28Œr8CpG7QTӋw k9@Ņ7#b!~p$_c_(:3dpQ1V{rB7 i!:svP[^@6PVGuL&r )lUabLJfFg|\ɯQ╀WV<7h]g]zQmo{y u0܇`Y w| EUű]9AݱȪ DpKu6qQWV*V>ZmJI \]|&J,M;)dCVIjY)hye} j2Fuʀ .t5ivŬf{n=u?GlOF-,f+NX5Ux(CJJJP"Z)Sg\B/ !:+i \Or2`U7&5`lQFD_C^xiֈkdEm0&(T{/uUzP:3ڰjp'4$ O&KĹ\#vԻ!b֧DQ{@.,,K{&i&.+fpƲ̆R\TA;.{w|&ƛ=5QM*y$t,&W/~Z!9\'v,dzRmx6.r@4: fUͳx :JEjzdpg^@yXs8F`-$doTyso`,^'c@#Ar ]*ڨ*[ [S/Oߩ@w|JC\OXO,d3}9J׌= z|Msc.:LVnM+4;.C03yy|&fjt1P"xh=пo#rt1x6ՏP nIix `| 30h$1ۮDK-rs^VصT+{ |$ӝgLAX-^ř0|mN\@+m6H 6. y -:vV`I-{]K1ǽW e2^>xF[lFqͮZ}Lc^<}_rԞ#1U~˔ܗ1)Q1s%L%T݈B;[1~e7i]":ԜMw0Ah2$OM*Na;.8\q&^鳉F/zutRNt$S=Dt::?c15E*E\HE]/Zl2G,}3k3NiGt3VN6^&G;mA6 TNsZ['ɡ>fjg.oMQ/E5H -UZ~_Y.S%gU$?Pg*`l(hG8 d>-Yj»jdɡPTP7̴@}Ю'QޮS!AslJ q=' jXqZƝЍ<9OG!kLHq<Ԧn1ѣYے [w:~_ԀPp|/{tR (u" KFWZzՈarx9qNt@mx[\NYOGl?ŏz5I'cA{7i%üe{?LCuq#t|k\-.PiR1P/gzH}{Կ^ 8/F3ZQatАa AJ P0TXVԡEPl+(-uiZ"oE%r" Y^ g栧ܢߊJ$Ɍ'uŠ՜nv9C}%<7 (#qNPHn:f^f?l{9%i#F. {3t Bss1A%Jl0<:\%;|>9d=VܥjJ'QsNmVc6VnQy%Lb(*Fґ@" ҆dA}xr*ID2uq5~5 Ul("I5'v C"VHe[Q|ҵV7ǾRa0/WUKJkVɭ92 1ڻM4i̠s!\{#6 KEa_meH| z? vj;TMx_ܢ3,=eFY\Z:=shsP>Hs߼ƭ8ι8%ƵL"﷝Rn_;J)G>&Qb +C>G5G2KzulʫXhYUAϚ\^Li#E>aƩL5s!m5#ە2ОeR)x.*s&3_{dLץ U1&MJl'u(%ePA27Ef㌪=EWVȂ?(ߝg)eMOνcm^nEk{s=+~qufd=O))B`4>[ "Qmyt %]ZCLbU}7 *&Ak(sJS/w^Ļ;8fr~)k5hT_`6<7k| s/cB* r/&XtAeyj]Ւ---5ŒD 454nMI]Ѕ67N\bFr8Q}I>z>@tU#pY> cD6biA1_pvvޜ" &V# [U{)ƇrZZf6YgV`~8fSUʵzt(DZo87h6X-ōzot(}PgLy0Doz]>)O%V#^ ,GV)6{oDyЩ{։Tlp?!N$ܦsHL4{"B40p]dSD6P!Rv+܏A k:x}<Ҽ0bQShwP@W83홱"[iu{8B}@-y, a V[ǫ)קǬxGé9vE|e \nþ@\غċuYz" =ćL-Q\m1DFmΘzO6=FPUۢZbň RjO5,vdAN<weUÜ0&s*bjDc2M^mߔ9(x׋KPo -6OYĂ5,JnׁMB)<7(x;q<g솰.nh,Jۭe=G:hh)LjJÊn~O墮h<14#hM׏~B̛^t691Ծ˪\;wf?%4 *>Q |r17Ť0 {/rq[v6LQxs-NV0iL#͏6yNMz25C:8|0M ^Q:mEB`t/3 ReN/Aa ' wv h-R4Sk!v밣Mx-ǀo&6bQ;C[a{QNv6\φwoQ<'UW~le#ꦚ^Zwh_{t{jgQOglDybs[EM-Xە eMvFtOU"??@aΕu!( W(?U<:J9«B dlP'ieB= qq\m/C`cY&G h^89oD%'@ǙHmzb ɪs{/iiiF oj-LL~37ߘPE6tqQgpN>,Vn~@Di|/Y;#Ė 1*;Rxl Ė5/x~c(V-+YLbJ*4R$جq;ui^ٿ1#)=+0mM`Phf*]jY>H6]{x=ص;aM|qt?e:іAE$r~γ4 sKl~=.Ѿ~E] o/ [4gP J{hԦ솶y죏(m4ZuSmf5#kw1pe -He2I4yk-T{ bE^JXvAyz"6q"ޝo6Ht40Ʌmak_,i VYEGSmIsQh`>ŋ!Mvs~#y Uɞ%4%}o:´]'}3[աSM8Wۍ \D[q@ޞN5-}ӑF;aYkXkϚYi9OBEf}@V%&É=N_3Oqj;9~K+WCeD-'FܨZy3?ݫ%Zխ#ۜom|^xY8QXE^~ #aT+' \$:ޠGbʟxuwMSRow u Kyh!3U>R+`qPAx !X[Œ_5,W.(>@?9\wۼwk74~ RCT9R(7!_(u~q ್ F x^Fn iċ8(Hb?}dM+=4M_PF%XQ|s %ԫYAY_T_"3#Y=@G~GcMuuOqKO =鹲 Hs(a^ $hVC6OO|ҌȠ1 4#!aYKJRpj,_o2+oz&zuw4œ&P!C- $A;3[yx$ +2J:Ub,XDe_օ.6@tθ^]IT|uY%`X{`ؒn<j:yl&ŒLoVn+1AN.?; ~0"2c2hI̦b dw+-C*  l\8M# nn[ )M(&!=s,BIG|۟s]2 чA-HXwJ/fȬN^ .&q5㑢,RHw*<9m1 % >u+^{JϔJiՄsѦ0X'!N}f1si[8e#on"]-|w*v}_fi~i屽ه0\ :Xˌ BXj*W1xpN!Y/xɌ`yb{wmۗz{߹Va.A}v9EQZ_>lfZsNuDGIevxNsِ|/qrw޵s@'ԸnǶ@24qthA%`lDjA[ǰT1pv(Eu+́y1Z0ZP3Pbʆ seOdY}yLH<A'Lo't? LhOĢZ@fk ɐ$,FEWRYةG4P_]iB/Z?օsp3t{+@[i } ;1P0S՗ĹAhf+1 xG$7w3 N[ ǝK3#ۓ&q-sqCbṼ!QxMg BT +KJxvՅuWKOfS,: uӺJ,~:ٴ}E tݘSO=ȍ@[Qk"fe Uso>8F/|'pcey c6hHɄ?=E;M _.|8בAApIdtslBz!jHͯ8 [6W&=1#!f2SaX7Y,=DPHX 4?.R[7]3ǙC+ `+͘-Y#^9~ a Hu<ħqS}[0C|UdL@Ҩns&IFv3tд~K8A+]j ATUG.xXAK (5ZN[t}(oSOu*9C&)Y;oc_}Yv'jGs5 4,u_.BO2Y̸Wsl4<, q V L.ƯLĸ{DfoQ\^dXMk۬kqkE@}V;M~%68_NY֡b&2ЩP!{mڣ{bl/,0 ރa-N]APxЍ$ eJSR+ˊǔ;:ͪO\k zu׭T/* y\j. jT}YJ{Ct˕ }eQpHE*RtAB6 vrPWD2j砦5>%@$E}XOma}SãKx[?yH|7Ml?,)FۙOJ({AK ^u%}et9hyku1]qf s, %njFBEqE7oj@Npm->*34`,F2|3ePBQY^A~mi'S>P,@ [Gh{錈!@e'7^oiE6vܼ[\E&BԨWp/՚AҤ{v91}!Uʱ^ ѣ`hE4R 3jc^ɺ%S.„. ^f6!bm}TŦ I$d!{Njݮ8{+9ۊ^>cNVpg@V۵VX[s1~3Ϣ'bAqD;R'P6UNsˁLC="ׁF^Ϩ까Bť[OMh#6(;Mk9=zA l@?Q:;5&PV9h( яi$Z玁S@/΀@B4l~?n20Ԋɢ n*_v7qKZm%Iĸ}dՈl[= mMMTKì,bI^^ϸQ_/FLw{?*r-)0rǗb`EUn@9R|¡^w4qa Vרmd,DMX5 @w7 ,3b)2+Zm ƿWw:{ {WȂunvglT(a^uݑh$XE?$vN-5Ŝ")!xv *}Jy+z4Iu%6} 1;T"jr@[oO%SԲS } VG}]L' $9w4hfjnMrf+{7m G?9~+ (_73v.=;z}Y`5pe Jp0f?jF=JbMp12Ȥ/D3}wX;jf00g; H-vR|dX NTҀs0=T$2ewk4spt/SpEuY}ޢ?wV6~7`cX br<\*nܸz<쥆L?.REUKb) S#?Dr]Ұ! hگջqY32nz0KxXF揳$O{)2y:n% uW$S:h!5 ʻ 6&anԺx0@iǗu M~̴~ly=/] 7K*-0)iC;;ҳmtXPPџvEGf5!2QfuӝOv\Y0d]!$|PǬPh@P'~RF2,jBrNSjyLyDy!q?3`b#D;mݧ^HtۯGd,u{tN2ZƘ–?h%^h^T-.JmW2K_ !Dz<(HNkROtD{x w#}E{#| IC;x8*qZYoG@(z/(wnLD)/l%<4m<-!) σ{pD)8r! b!e3ttD,B^c?YNJba `: ^w=O<3piWnMZbKcaZ+ 5kŀ\ӳE"RRDwM`O1%>8nV@nvԸNc6svi4XϏEe }U:^"3i[Xӿ>-4ܥHw x^G.uX+"Td 2rC`"܂)?=EntKPe>]vX ~;vc*ZQcVswҺ9 LkPt .&Ssݚ֩K {ᄋ.\Ѥ؋\2͏tSZfˀr@(LȢNlf ?S➊pW 9Ƕ>Ks݀'ߙ0JN~H`# 8|g~vpv@^X #;'p7[!Wz\b`/6Fɣ=>>@.qx65SFʪYaGuՉ'<iǠM5h# FXw .@g}ui3TY1&t}/4qK%N?a%aD̓QZMWndlL$Pg9naDIǛ;\6"o R`%vgoY-yGhA)(Rxj;+AN2>Z:@Yѭ_@P;Vf;Ր[iTqX0U2rXSj}a}):t|ѯRCR/[MtMXo-Y ĄqU0Kҗj]: /U2&;tN Q)f XR7!`h2Ұ*72>)v$y54$˩aޤ/l6fb]Tć,/d21~zPюk yXZ97- ҅4 ]Mdd\EI(^ 8fy_}Em0ß3zN,u 96d%^$;Pz$yeZEbԛdrePژ^ģ\&kT{76YY*z( jv&(I^ v:<@m_cHrGԳM_9G< Rc@77w3lBP'glaTxnݔ"]GOB0c=ρZ|N#KJ}cr[B6!sHÎy&ֈw2;wU%;yV&/S {.&&<:T-h;(1K/twl>}cr.CTŒ&qe,o}BYǂ, ij(o.]u&TmݶOX{x'X(OkUY"Ђ J +{6g^QcURv-uf1 1%j_Vi,鉢Dx?g9sU e,Hѫ㟮@l"cg t:(Ϯ*PP.9r}83I%gSu&ճ6OœᜊEB /'wEһHc30erLFޱ @ٯe0,ċHcgv]a͜v֖C5]/%Ȓ$`*uűsIIK`4t!,h: U@K-XKaވ-VOW7|{IV33oؽE_eb 5pbpB 6lO o:\@Z桿n `oKpjPO ΅꨾A_̺-(O-EyPXX/û6$C1X_ey5-)h%e}8'b#Fʴ h  ,n:R4f/Fi=߲y4U>yH RO^;$x.-R3IPPw[؀r48ZK|+ 2C1xh9dϺ5Y$Zv\ + t.I|~fZmVHimKo1-V6hW"qv a n i,?+xiWSaG{`EF~NF >2p@?aPOŰ'I5jH0Ir}YNEMyXwqfR=ZR)A.qzDٱ:z??0$OsYXL`YFCW)ӽ٥^ č7Cw5fllƉ*f#A.f.ܚlJIOK2GmS7z Wt J݃W./`f9^ MD\m!!ó#5|TvYi 㻻fJ( VzI^Q&&6et|V0r\oJiZX֮(qSV[jbd SX)NMBSNڐBE| k I[sjČ9}S]? %c! Vӑ(2I }1қQhMS+eÊI!E=QwW_EͶK߮3(ܵZ{3iꙐSg/s'5v{ ƲG-d vooHZ Up%W( 1:8S:xGAQhVvA_^  VPFvbפՠW_BE8Q [ӢtUCɈ]2MHyn΅/B1D(1.U%0B>M EW:9F-5qoA&mD(d+oD՝ܥ@*;\2wPUuU\d:޿\ܾ<8u?>Rv[+3$?A8Ec:}1]>>.C]O7(1 ]nUy>ս~5 s)&ʢfjhއB4$. u)X.臅5$,b_`HJejE_4[?f\B%ʫXJ h@})#}.aylXµ)6ׁPN\ >Ze0؀|c@-̛;&8G?!y-%T!RW) `=\orT,j>D埏0Z6+LmG=4z!(0#͚Qb~wʦ9[7.f+ER9:noУ%A^ET,FI#x (J_sq _#_[_Mmq> Tz:vBD5D=FCmJ&m-@X鲏du?'Vr磓C Ib0?*yʻ 2emq"̼?]T1 &IW9D~TrǸCHiL?4ᗤVj2X5e+BZor $v؎Γu:mK.y'db/O/(%qǚchrJoǰɿhGwOS^$$("*)Yf*wB1pq9+9MsA")7`z@*`L} NxY^d,\[`VnиrtRz/Yń`03PC;E;:/r{vōE t&Tc#AX.{>atU GHGnP S8A[x{jLKƱJ~z8)54!ѩ $pRYvz=up+PE(kT:Y\3܆ܥ|Z2Ex[,ф|VoJ^\ 4mu&D98q̆ۮS>8`4]5S%E7ͿvVMn;Gg{A@\ifN~7w7S-XV=*&T2hi,bߛ'~DŰ_DDV̎X4lQJZ)\r/ ȇ: t0$[d/N&Ήzx^̀u@ـy"QWT9@_GIu?/ɸecY5e, 2 ?xsfG[Rq=o0[hd2I)Zx~C~X}*Tu:^ۮ^]Be̼aRR%YI / Q_)&f_u`帪ysnjM1NԗR7,gB:] ~BHSZ^Ȫ!X2tP 9ffꖙQ*50 +΂e x^a{3'\ۍ~A}&]ppҏ#{t=_,ZGI/A ^(^4rtR k0Y*kA iH1܈H3Ly=,`b` Bυ^SP[7 Cm0FG`٪A` 0Q} $Z X%],Xݏ,[RWT+&&,eQ4:lB!2Kx Jʜy%1)jB)莢@`yYE%4"0r˟LYUp[g &أs9O5`sozWsV)>ޓ ,Ĥ(^C߾cP2(zJ3+[+PRq~m3hD[Ϫw  "MM\w@-$r7t)4 cO*{1';dPQ&WqF!4WI2-XǢi( w{[9gQ8C/ D.v$*iRSLci/:nqY. 9q,ǜW5>٦Ϛ9W8oNw`&1fKR"."bnN$+MN>.B`Lhr?:@K0˽U5U(SkkPATaZʶ|c%S7Et ?U/EOJc(6OY~g1Q^ĥ;D$J85By܍0"DmjLd*7iFzTzr{hUdmabnCo&җ,{A`Q}.fn-2;);Oih&zEb֬x u-:4ߵ<7ȥo#u}=[ wr MڭD`Ϣ2+_}񮄧#+ ^M"0X:5-׻MbD)h[ H׶rSG7|[keQB5scc 7ъTSXfDzTE꯯Πޏm)'3>{KCgDV:[ V}XJkzqƐ?o{ge6bd/5~`2SUȽD$vX3OOϛ.c<[|> =Ir߬jqyi%%A?i!3Qr]mFbxֱy㈻:QvU)k[k5 {x 8\<^ ;θx)f̳VmC]| S.ZMدdUΕк%1Q sntjjQjM/X'/;"UwE\ o'ҋBo5yÀpްAlo@lO@驼L!8޵6jLˡÃ:G3$LVyFSYU{9JO~ dR0 ydB!Gm~V"Շu5 :Oi{`jmG<-K6zi ujJX g><7cg304bl1t&0BRGxA<ZTTmf:nke6Ľś1toR-0GwԐ-Hk׼b߶{>g[^ԀNc`cv,"}++i1%ԎmFs^rfhu92{[fXbn}\<>o0[ܱ pt;~A_('ӺܾU|HD/ Ps`iD ~`g8bswyz-<GIi? *Ep`J;叠>>$or}Qk@6u1"'d ㏌_"wV;lZۃYJ낇BS-@YF9Qi[N pZOQ'0;k= ˂ a{֥TZJs_ (β11B-jK~("N),}jsW%.qix*rCPN%E{(]몸lS"=Bx=@8u, oslma [ AY=)##{>ҭ^׆^2P{FV]IpXA!H _9ESPbO~jXy#}#ȠUM͍de? xlYciyAm\1fK| 7Eh?.I x.j!хB<)N˹`}zficg"L9ۙVQX+5bp6Le6sPb 0^Q+$zw( TL|N6P|BA,g)prxHQI-hE,&>oUGy{52\%c k1;T3 ֖ _3O0ȴ_RDžgK9HVI)^1=ʍ>Or{4*G"kК(e1U88=%jp 3cVvq>9m DpaBEG׵g6lnHwKzL2Vv^_}ӗCPQwՉ=3& x_ Z$5SlQ-!!h쥼8HgCSGHf|[#jR@'nh| TKcS==ckvӳZhT\/_S޺t4IOfsc3bxl( %?Wn"#, F2}[`̑eF4+ |jhMRJ5J^&n܅QMe^%Gt# ں#P}%7hrS&N9 k\x ZU*/L l K=~v86HOH&" % *Ev;Ou "v>iT} nЖAIq' ^i.WqTvZX0:A w+dPScȵz/qOKubDdmFEW KmM ' ?'B㶵RabޚJsttKR.Z̓~?stӵSU5"5<;e%_hn #1݁?dĬ#sMp[I7` 6<|mʥwzGOekұ!AVSp\{yvcz>I3, wYbW<]wx&GJ4W] D䤽i]4Oލ0n֡0G\LUC{2[N"#M*A^\!<7JSTD|;ęĝ6ˋ1\>>:B- k$usE'0.gV LΡ7KQdS^O n?"(ɩ_13ةX\U ʨaZ=ڵXPfbﭠfBNW՛$ п.I$vɏ4Jh>nϳ6X4~cLQWml41.#u_HL3Bđ:+q>'%u;98dT1'=78d,Q֫aǘ}qrżlл?D׀tc`GG s$I<*E#; F6BsøӧiTiOy!Ϊ6C.c0P>RN?Vrr;GYuҕ.CXbmF&%e]˱DAooc{v?>=ϝ!/XB{AUn+dv6g) O~R@WPj(ƻ2'>Sch"q:D!=QY ދ=><٠_F${bn%O!H ,I RT~==-<;@HW㱚Mh8LP_(dV!udi9 >C%ơtjg > Kb]ݔBM&*r[t{#֒r .g0>t'xZ[e5v-aX)f6.l :B@3Ə DUtS~3OƐFtJmrU_O/2_@pO| "X.`$;4$d r=v[&߶.A@-z܊NjNPn)5J!?-N"StRu_3=ZT0$}Q1HТ@@LԷVGw}8> Pbȝ["BXmXTq)((sXD`&2/}#8!jT,C ܦ9Yb$ v{)/0 }~Kr r 1K{8a?_ p ʥ2ڿ;`<69* 8y\ZGܗa>Ih<#)2xHo9Bwם]#^ZJUK\kLZ ep+쌊EGb<޵~9OHo>"`?i eajAb5Na@Xyu+CaLp ˨h~ְ`'7:M\K1#7%d2x̦ٺ\ET\cB_Rqn)5i\Ȗu!p\j$'ى_Ll`%9 hM/E7PI,Rqz0ylf 9[Dҭ!`!#I١ذrKC T#? 9nm'z~CSxz`uT7mI#놶X9owݪrLytN/Ra3098mlRgjonS17uՓ15"YLY$uUz}Xn:pwc~Hky;$0f^<2Se~|OẔTuK_ROtOz (V{B++g1`'H|` YrBɻ7=ȴeb8y ~<7|!n$kc( .ck)&|+l$B P{9O<xoiMIK&1? 5+ 6_a b1? *{xr%ݦ.A3AB*z~L@]ZBL ӎL"G@o1ŌS@ŖMWHkP|FA_5'_oG&~H[%=L'+,̓,xh*< ۲>PAгh`~noB2Uo%*!=a._ǩgV?-^-# c() KϞnⱡ{|9p+ G|9$=8eԘKi\Qޡ,3`9Wn,⪯8<(ʢ я0>? [@fblNL]A$c께If>n (Y .hEرlJ6e=wQr47Xt\e6ko^0m;ǛobDzRq/`ٌsGRdNB ۨ& *tn>phL;Z[d  wfw6]8BռjW[=+\OЀT U +o㛶 4g.\+@BUwyscw =?z b?$"j35&@SL Hz'2Udf-Dو;XMGr t)e]Qy=-<Њ'}qv2Ж` =_M>q|йD-3No޶, \mDNI YY6/p_Ikt.O mawΗѫw7Q%uջ_I1Ñt7S]^ J;/dޞ~2m*^622 5LcoYۗ9諅֌U-R/) nFk%_~*GdΦUYE' *0\f  H_\!7p);R$$'Oم8D%Axw0=(>;fC z"9]>AmI*nciz #!E]cdގts)MQ\)~ctدVo~=PUbl/I4m9'ZСF0C?k;X[%H2.;Zן7ESg@]ս) A+|ͯI _G.Exx7HP1ᚠ@ujF$6]"H͒P5DR*^e~_3l(%/_a6 x"b6 NԻbAo>!KZsfԾ<z Լ-8ؤ/jkN0્Nzw48O"h[pW 3%0ςVkErYKm>ibÂEHCp ?;;}B:+{Q)#}j[ݜTL9XI>[,62\Y\ULK5JpSB?THh`xIR{)S@?ɛ1vyROlQe$ 7]6[TF Dhim`ILiF6x6s0RQop)MCp;9~3WnrnV%\wF`o^ztj<9[?M Wr!ۚ~v(t~<:o#ҝD5_-V:xuAU2)s9'Tf A9bA aB KPVM_kw09:g* w^}y=6جjٍnVU9H &•Ʉزk*bȓn;a0:Ե-Jg>>Q]6V=uj%POd~ฌ=&<ې22cU0ܚkR gQ3xȷJ]nbikSBVX;Y܆.`I!xˡ6)Nc";US]~œ4~aWf9zc}Oc玦蛕/'חDJ 40*-D+w]M^LfΝ2,WTL;lbs9nefOS}թYeP-+aӴ:q!PLH~!IBdȊɦ?FtB!G2 oe,1}E!IưtBz12$`Ii'LJolcHuu/[Ȑ.F. l0t\8 rq%-#Ggƞ~ހ12T٭> M>"oMyI-׶5c~t+75哱ebѝzo`Јs;Ug)NV? {H?MNOb= ~GM+ڏ8a%A qI}8rvly $L6JXw䶵%JV36-R=֛d QOa$~b0}w ^ "X<$a)8E?~I֨D\ }ؓ̀{=hoSqR3d1roN.]CHVJ^DJqyO$ g9ȡTkFwqk̋v=wLzZ|TR0-B27G\/H<|GP/B~[QL?m;>“mE$rP§w1'b{ e3|DKĖi^hja oi,dO?=ǖrTZj, 'lGfx^ ԇkM ^MU|`h=&G9Ѝ4PM3)zxaX^Fowvj2Rsθu: uhێ.{kFŜtT0,i<Ǣ`Ch)ڋڴZ.s@߾c)I?W0D68M9}~kx'm{lԻUvN-`0m<)*JưBGCj{1#HUewi$8?g] nrEWTFxo\[h҃>b,RoSȿFq}֡փOT(4^ג>>6\gXAYc=quMZ$4:x_N|ssh1V3Lp}:ܼ"-JBb i#-Q /LG LJ~ 'U>zI@ jَq ߳Ys%k[ObR_n`4umLAن7 r;h,x+9Ǯtr[s,F=.ԋ׉/dk𶨄$Wi}6%XӯIJdadS1z@(Ux z)Ct1N7ߖN #fH_4hkIOi\eLo$']k"c_)43Boscf'ӈVyH{Lh0ZY d!vC^S _LA%ĒR5Zp1|_jffy`NT@ix :59K>ttCȔŬ.y#XM0O:Bk֗ {2:!tg4#/1 -.]V ѐ~#ej V/ kC}2K,BGL)J~wGlQnBQphmP;'0X8` Q_s}f!4#?ped0!C/JK2=W(JdfDUG_f@.rOaV|gnљGi;5-3Docw]HfHSc8+/^y<<c΅{:SR:W &ZhuHg&̔mf?Vvh( :gngp?'e7Y>Wd53 6=QfՠE( @;_0D9JtU㬇HyN ;[qz>pXO}6P Sdm2h[\aRP6ϬV'5e]smUcκw6OUU]Th Kԡfa+u*iH‚xZRB`O' -^&rk;A!0Gd|$7QyF;s鈒i^`[*:zK>0_JD}x1brw|pp-Uy|T*^ө:eI{uI_5lUR8kgtR:)(v{܃!""PH PN >k'٠hSÍw .Z5αJk'{dxpAp06mvAa8e0w<q!?zUF{/fG06y_;Ի  H 2@*u"E<#e9qu7ɈZ̀+Ѱ ?ZN[ì/TD0R|/taOP:UN^ |,#,L,%zo`I%yp~ tK_147G ՎVc"%eY(勸@QnS%9T pWɳsڢ3||K$AN5k%3'íݗFM,sn^1Q[Ȇ^]~dACU mC[=(iz!Qx=t+Z^oWF'/p-MYnzX5Met<boAǸ)TGȇ;J̾D8ݔŽEY^O4̘X/ p{1/{U@bFjp3140>Es}N@8ͣU)/ ݝ "8sBL30Y(]ՌYaT$p  S2#kP*BSב B'@^Ct_եK%V@}#.C/j (G:#XG68^&vY@M[/|nz@c {[۞azFI`:d Z*S7cp苸Wg`H Ю+♯նB݆BO=$l3¿<?5Àx#xY J}I[h!%4=KjH 331e+z蘡dT=,zjFv[f2k*` -ݮINBK2|dĽ}8V8^cF]|c XϘc\i&dEx g|2Z=l,!?'$!WR:G_2 Ӡl9F'h >r^f>b6Z}~C$*Ύ)5]d [O1bjig֣abX*~* T b,/m6 n-3:v0r!+ ʫN9 \6aFiNF(̈}LxUHw@_7p\M N(X?x#0a%ZT0=Z/{qp 8rC0 7)~9!쥅K[Pe-kX"88fwN(#h=0i\\Z2Pm٤?P1-KCRNR`5/5?/c=cHJ/nMԌ^"LJIsۓ5>>0kjgmRD8mFc$kw%!NRf`Զ9} Gei$,;t2Ȍ3 NIQs`< ԃ,<5&m A! h 3jC yoL{⃈1mupNdKJ=ETh)>A蹒;l8BcYV|\ŗTp67t/Ajr=JJ-3:Z fꛪD^bs'鰄4::lk{mߍ/vBO+#0b )GG;ߵZ$-r/%fvA_63l]V1^ҔaP- {/efb >>a*dQS GvDR:$&h6e  LjU+=Ë $'- _1_?s](4촙@Ln_p"Z] ¡5s~D^{|GMJ'k~-J[96lYMP^WE*Dc;␒ܓ>!˶iQ+!igM9z~Ww4:uyS?S%r#\CIɞ:vyyJ(,lX^imr:"$4KTo&ie@ę*AaEse!TGb]b-wh dTRWK%IʒIEå{`+W 8Tdzͼh5 3ү!|+b6g=`I0;qMM}U불B"?zAׁ:_ o:~n}U93ߓ/KR4AmD6"Ɋ=o$-K Ga @h? 2EQtP KegdX>lÆʺN@'G1N6[pa!,a֥L-h m[.tygO\,Ryv221,Hܨ=s s&}Մ[2Q.M;kƑur>O};i´V qV:)4) =1L"AsUXOBvm/\@UrRTsW: = 0hJ7Eor$Q-<)bS~~kYy1 b{k~_t r߀ RK%~ˆr  ' ҂U; "9~dTӏnכ,tӰĸq>k<ϯsT8#cϠ`z" |ew#HрBnY+Cka-eѫL`L_h=%̛#>Quઉy訠<"17u!v4UɺV,.d6Ä'+R^\٠z:Aik[tVHmQ" dhx)/(Qtj?pQeo,˛n?`hWS"sNO+TFȈdJ2T2ٯ<^`Z:!1 XiBIفDfݡAAW{c\cMQG<)j!ْbr7Ox[$cB;sh8-xIen(śX6NnQfh?K:YCZÔe]ɰud@܁\64<<>١^F^k(÷FGl"_'Ld2~5A?"q!&/g$:k_ C>/;ޘO 4e$1[;Scm{ G-Fd\b0H`f QxND+f4PdP,TBp(L]BILHӕc,.=NDvRYo|*RWBZȪh"3ky0>pЇrixIt_R|Z3*?X\JQhK$*N<g紡?%bY? {!)Zx-MF !X4p6#W[4ҟ1*u>]5 <{cΝGi瘽,\17A>r;Fl:DERCxU<_R̺a$tXa:>}W͏]BOSm5x>3oŻ "P&iQ$[>dM9,,G 8 'a)DmdklVjvMPb2s-_r2D@;h%6o~lf@߸g=5ᴇDhCzۣGȮ[K>"ET{Ru_) l9^?o:F iۑϥXv@@I?H$Jy'~:B( 'j\jPsPEMENHu*âܷ Az]^aQ3Imߛ8דF^J/22drE4?W&i+';l֡ @e}\4^<svs86"FR_pgb[Y]1rUs!*KY Il69DCo^ CVdPL ~4RuKLD*VAqUMzhJEđonmFddjoje:& <*t,.3ҝqՔE0 mڻڠ#z/Ƞ xuZtQ zzqOR(< tPN )y 3BeD& aO 6 cۤ;c{;\iQt5s c{<Љ2{$W?c= ~"ֳPonw6;'V >/!䘗'T]:!Oٕ,DP!&#n3^ 1ZH˷>av*i2*LL$QT^>uWV_kzbh#є_c0:z U2E`<Ni߻](t-ԌoM!BxHl= mJ84pÝƉ$BqPk$);@C.: Lu ׍,\|{hy<0 N.QmVPz/ιpC\M%c`@VgrOYh_TrpU2 /Bk 8@ˠ>Zpj(D>\Zk Ĝky0Rӓ|{ۘ RE&j◈11 pX2]:q4}j l]5Z$oCYA$UW;e[Ca.XP1IZ8$ &72N6tB:Q/^NKޗYU֟L5o_- G*D^yj^ 3̩R H|>J^qLu) qتkҖJ|Yڟ(W֕1MoovI@SruPּcYWLCcG(8/r5n-(tפwVOJ]gjL![h|hZ|epub-U.ЭYʅ$gI3v#!LC3B~kdZ ϼ[7H^ظu@iʥ+Zqt 'hH3:5K }g!6C_\8=\`1s4O5h|oȾ04+o*YaM 6 W -PR#g0\k^Ly@H&,ɺʐOK[崫ધ|80@OGDW#MGÝ.~9`Ui|&1.)H-5%t?A:)85q482ՙ )xݗPDVbHkoZ[eDAZ<+@!m=?v < ]ؖ`"]R _{o=){L֛ȁ|=Gm7,Vȯ9Ջ'.ug_ک2?f7j +ܧO+LO3}GlX?y??0jV﷎jjZQgٗ8hda LAr #7WmWZcnofZ.@iF{4 )kWjQ}NBѷ$hk7:р>pwjֵGL  BUDpQAϒMӣEnjsi&|ѐb*CP -5}ϘF%@( wq H6MYK'2S<.8|-/o|XO/90F#6S#evҏTK opSDˠ=5Ue ,z}^?gPR!uݖ65(U6Dq E3d"@6*!DW#hcI8{o }g> ˓~ߕ. Zi.&qlkꃠ6v[lx+qO$W RIKVOj#MK@o?aީ!=5ԏa8R߾Rb* `RK!=2[edƚo<nEņ`jFF3ɻ.xX8-_# pJ76# fQ'c#sCE"LŜ{?E+&h}q{KqF7<6P MH<)he?#)FH^xLԖEl|.h^:A*2J[D~չJ㈐%+,\ov7`Uoq2"֢ v-:MQ{,oh}%[Ji-bL|B}kS'i2MH .KvgUPSdBnB3_jAe6\QήB<=s֢}7;>`ug~k~wg}&uGw=HZ:G1hԕ=*|N3"pr@m&{OƆaT||8V \= "gX5Jxq d V| ;!C|Dgt$(S"ְ60bD Ϫk|MB#jg\@(JdDUm!W𸮠 G: `^:;pPJ"Jgޮǯ akӅ,=ޘ&ۡCZwfHh b7 QxzYm 7Ig]~Nj4#./z04/Oi ^triwgv}1\"dQV߾C*5?}V&V7 Tn; NDL ,VҎ(Ʉ͘lW0Xᔐ{d?Q9]MMB".<ڎy/4qh=l4Å 8[XXY's0cIoTl{Z=liЅC V_FG}s9F p9eA !r>H~Z M`1: #V< Qgm'= B} {3dž'%xdު{\e-| ˛R DiQDjZ 8d./:2|L\ٿiŭ|{CAɑQ/iL7 ;t.-frn`9X?)o=&<Mk ڡNx5\o}x"@Wgj h-ozR4h8oJê"$`W9uGJO?cUzsXٳp"~p)$!C]kR{/"U\8d3riAm t-٘5xbIA 9잽5{YɓV@9/X+lLű\Ubk"JUPK3mzGQ`&S#0SP? V5 |cw0+4r$DJ{{&Tu<1<v z:).mr q6䋵skgʁ jE b18v[K1{}BԁY8GkLwi6o] ewZ?y[LZ:A9fSfvT "uWEdVSB/0ns!@08z!A}TW0@d9\sr'W7.QKxEpU=%(xNRk+k67 nQ!iETw/0X;31uB_*TzLv.ܜΊJE`\GC}`PK2J @+ZsQnH:!S٬ ڍ=Wg@0 QVQB;|6K-.=u0;ט'L>N ]VkV u_!E$)|;BB O!s U OME1:۱VA;vA <(9a"4e*U37~̵QG;EK׺#yGWpxT&|`DA%#ޱajoR<6/h51"Nt0NeW%qw ߹l8kl`$vKJ!dSicK28?7>~" o ſ$G˞-s}$%ӆ)Oo@F%l긇 ]/XiMP~9JQG?J)$/&Mj "!ӓ6zmnLVgЖip?Ƕ*Mڽz4'"+}W{)pXxvۀ }cccqoeZZm|X09-&5silqݶn܂G "3r=0s *I5yWkܿm5&5v,iNV#4郴BmZ_@ R۵6Ո ƺ/?B@@\[-t\dMBݷ ozy0j&']/Ƈ4&^e\̬=/4;K3W,* zi:Ax " ( ;jN+$$/y%7-Z. Ƈ5kdHOzS_?~Cn0"p^+Ris_6*,1!kggg1?|EߦuLHKWl% N 8G_D?!Cl$?^D=q2.ɋ ŇPK]. p/G'{l0,=lsE,v̮mHȧnǰMNݧkAל.56ig|ɸ;~_:@ kyHhG8oP,-%s1E)G;zuK!#xs<PdA^cz֒CTR|ks}f۩AmiWE)P709NGi%䛄Dk 3NfNgq@PZt7i3,:arG_%mByݓي$n$#=Rv;1qrwcgm;(ֆ4U8`14mzYG8l Q&CD~B,뒖@Ϻ*ySwwQ&;˪ʥs /+;PZxF$OymFdz?Xp\jhToٽrln( t%^ټ|";첒ġdd.ȓt!0tU8x?qdHD3E0_x'`ں5\a:b,><~_:q-i/$!`/r׭)+P_-ӵg/3[P}IZ#rڴ֖[m&K9ebb<Gi/2.-Acw'eѷqyL2fx{Y0;"P,vE!ߜ%z4k L]J3&^ŗ&1qq(de}p٥ 643$O`/4St=3tX,C9WR*Xs;ZٰCTf';ƸIF~Z5iD<嚩 G#?vŒ4!~嫋@eФ.f]٪cX]Єv94~=x=y)H]*?)cQ^bO<7W.ZM=>%9CdtJܻda>YI&Gu1LaX5L-^]hDڸ;yK~sB(fY҅jZ6?q$SI5cVkv_(ֹAs*ܷ|b?3z2|yazݷaH? !Bt<+ 1mlAf"P "HR9Ց{D);fQIT]ķٮ eTؔܘQ6OSb3S"%2a>bu٦oB,k0?r| n@q7,(1KOm1:]t86;"#][@nZ>[R_,zKK2O[Yr?5&o&nkJH3?=c>atc=9CS-a`2,đ:rݱeu<>Z^M._0Ƃ4}RU?,I+ jYJ/=Džf.Ƃw0,0ν2TAg 4_16|]Ar@4#q[ txRyp>_I *x/B#5Ƽ6(!FS|{7B%xj|x+plĊ.ьH_v </_vծ{1LOqC֊hBg'ܔW7W (ZzG|#s1Y|z t9v7*6!>܋rP[Σ?V%wZf+9o܎/@Y`*n[LfJ*nj=ZU  6|E6@N[d5T=t,gVp*{%WHl-&뎔ڄ0+0`ި`ҫmD#PUt?= _(/u!k-cLDR% "yդ 0\o!H`6SiE) o·9SN}W"OMf ̀Bi}wb܉86Z]F]`A-XjHlJ8a\AԲaPˑě&5q)'gKFԿgs}E40@ٷ8iUAwpmx.5O>F-.SN&ꖲXBBT\7!w{WItPvT!_vg<kuxI6gL `^8^HEU@-(>.Rq8Ė(VKdnUyꋇj̴<)U؋7R5 )) iM{ $Iօu+O8N|sw\wBJM-$xJ-7Ydjc> ᡒ^Ct;Oçv:,z]:]6hW0hiǢ ]q] [װ|gOj!r@G.Φ͑}&1HN,GƉ؇GsTysl۵e+@rEi!"|_ӹKhh" 9=42 f7eްͪO#-&trNq :q"(0HJCY&IRÈ @}`C ,]vSXEG֒ĞQ OIb6R= }afZ⮚e/s[ulZA࣭ jS|#w y="^tOփќFnh?F.iFNi%q1+qIb Y`˩S L.Q.-g#rA+C}̷4r4c_Z O.5;<@|rgx< sw &5gCO{t"_fPw#-v-ńΞuߔ5wN¢-,n.gp.b{SgW.v@*<\""ml%y`X6I خ*>t)m]35OG-]-o|IK[,m,e*t0QU0S#GKi YR Z:짊TT@LJۊe+nTO u`iP|P$\e6?>vl•MlL3EsO=fޒz0 t%!<+lB|Fq!@%ADx/L]~ 8rR^O=b?8tӌ/@rhU]@VRVed{Ǽ\`|6hx< :]q l'" WXَB'Þ1nrro-Cma .W |T@Esr!e+{t?+onR/\Ϙ!H%Q=;A#&떦 ~wbw)pաwY}XKS&W5$jܻMuY}=i ؒfP@[55j 3;Τ-4}"3K{=/YE3(@oQPW&^u1:fb n0WT GJ}I8,wp !|Sl?3jMXeɐ=Y&9mcI ˏHQCh'XY8"C-G9`}k94V$u{.톷N]{++:qUɼN2L"dYihA/M&v˅2sNk0k )Wc(qUvԦ~Bz(]6T2 <?C'V( zTRL;չET[)x$zv Uk.v|oBLyrSlq!˽kj7ބr0:PLA0+O_1ד9 g"pK'\C' vp҃%-,8i|1s#5tm{D(bIz+Ҷ_2=i4mKphC+^R/M;;6afR! `Sl~ a"?vdDwӏVp-q82jȰ[`$}'s L "'h g]M8h"Kq:v/qIp6(Ko(臋q߳3--VHriN<m8S]dsЈ^c(4Ҙ!1˯>u$ 9ƨQ3hvW#Nq{Յk57F2^&?5!ٌQ-S3:b 3N-AoTD{FS+m75NLK&nC}8Z5c!ENGL~ry'j(^>(#M ̰<*yKn{x у"Ž 9[j1}L{huFP,'% i<A tٴsB P%xda< L=.HIBX.AnP7*U36KG3M#0pNgw%fvvܐa>&쁜Mb~w&aK8($y 17+&D6bNMnecn]&a ^ $!uƣ#:n~AV0%h#@%/~lzZtuGgpEIE:JYHs# 5B' }~ric3NiW8y7Brʜ,yZS&0zH˫9^ 6 UyD} 7C1湱>[LtUc|F' CCX$"spXl? us W#-Bsׁn``C.L؁?Xoe*A!oM,RU_r@bCA~`?Mo:.]rU0z餔eD%r-8,0\Z9ۈWqS]d_仔;y,Y `SOD1׹O1X DuRjުkYfǮ(wke+7(!Iyᷡ۝S=3)'P5`-C;U]ܱd~&Y끧 \a:Ùp~/Hm4eP1S <CE✞ Hl,yA7gy 9Ts9 { -/sےi`Қ[ o50!. O'$ ODHV$o6:feߏ3~0)"m37(ZX SX1%,Ѿ$ %uxcQ^Fr#jBZ\K*Bg:5~'cfmi.()dAhJW%.'e+T 6t>bnhJ(/!AZwT Mv}Pk$zkWߪ~WԒPHyІq)jfE)>gJzk¹(M?au=C3u31WbV-0rv»쨼l~ns.|>]p{146,!֎n1S (yovaD/}K;t>3Qz+76|ڐntrU䵼+Nkcdzktrn7xFs}nCN_ T<JЖ'șڅidPڿ?:3nz&!>I @:%Q#,+ .Іplh>rr\Y 9!D]h~I X5̘+@R}He*gߺ9\^PimPx6YI(t&^DF oAӑ=!*<>,jxeqAϛ:sWw~HgI4d4E>rĠЯT8xhߐ#k]m yL`v9?z5'rQj`ZG0XpgPhz@+J6 gne S%Є]) S+MG uڵ$;2^q37z S`Wx 8S6U:cW=<4.}T+i/yN-˪>֑m#ٰmUB\gm=NsYcTkӔ(QxV#S:8hgH|p ܤq͵A/ G \q8jM\=B{fB6`,rićUMfw |*HLMFN. X{%~A8aq=Oy483P2\糈_`\<3@IIlCoAmIz>!SJoK jF\)Lj|gCb I٧mDzՋ93 +!8A {:^ԑQ {vWjxpUZop4v홧@܁1n ʈXCU,Ob"J%dBNElh.eJqAbY&C1v뷿cg;+ԇ֌>Zg 8$\[0>ϸ'?դMZ =LDnX}bhG.+XVGL߸Q;.2cpY͖y[؆ԘN&g KXN4;iBf{e>)wo16y)%8yrmqݖVPoXՑClԌJdh5N~j\Bo%Wv#?g ַ7p ^p@ Z|^QՌO-EY1&N4kE< ŎȑQJzC aYuHt!;QC|У::[Jё d~/vq9iFP y (Ҙi;s&nҗuɬ9}˼$ɉ| R>΍#+%`X ܸ'iC'{D-e@I=ArGPBzR>_Y_2$fZzm$ꇑl}eIE_Ns=A H.WE7ϰC"=c>S|[\LVAoлYWTt[)g34WU_^rg|<{M=1Ń`neJŝ^~GDs~(OnT1-GaLdJˣPs=.SonٶD9"ՏmeOyh}zSZ=pӏ =yg1Rx_&6kLIRpD7`jb|&9@{}"=`d#?y*UW Z] ]%ǝ;F^nb&|?.Fd 8 aM›Lby=QAٹ#B!Su𫤈\' RԠ?8546ɋln3Fr\;F5s;m:6,Du gCX@)!$Bԧy.ScXneeXb`Sj 0#M=]GGaSհE ʃt&c58Ki KA+|4G%h(PWƘeu`LgNp Vw@Y}@i6OO]\sR2hVm)%&>d ln\]rR|!oL(Nz n<+_%`rS o;<|'KF]3_@b{~.L^S4ǐql$8c|LžFV >8h{56k#14yrc5 )[$su[1ҿfSaSNe+3Xt?g6Mw*mf=|OC=}մyV_\jR:N* H)b*N!'∗9@0];@O6VSEtظ-*۲q?<>|OAt28Tdx&Z[#"^i"%xBX6z|䶂YcS(h3Bq3ח)ųO9DϚ@%ذ4AD+=ͮ!E M³F S\C?4v˺gk"xN2T]f}gaxs <~Mf'I*ѕV^?=x ԵCY-7^`mQ wxȮ ;"mn5F`i[ۛl$;o`(2?BxWs9ByG[O8Q8@.'2vFJsY+ֱS0Ba3cD4:q_eڎ`UL!238 oݖ}j3(2;<ԜexpW'8W )0?4 ӃidZAOiSƧj;\i{Xb"!d=dzR=gJg XÁz˓vN=џU,DqA3w~o)D+"@r\oz#;۝Gu='EwR"Xo7YhYї?:p'?ӮLw.&-Gb}<_;x52RwJöoFY`r nbqɱz >7ibEE@"/KLO `^򸌎6$%+wҀ4V˵8w K>djhz*;5"M;[h? X<.ϯ[S*WQ> I\֯Cy2y۹RnpNhØ`huX6x[\'BP*J0avxڒ`hvt L^pqG\VW3X$ 3>+UMF]n8_ fY:`jx تTl3^<2h.9L !C_; {Y$L+_Uڊb>G.?hW\%;1"ZEW\uXP[j2?3*b &%-"r ;,EvٳEy1,Z-% <u$ cD zqϷ1ts:ӎ~G=xg٩S[*!gy8:CQޕƤ2N$]l̳mQ{$PDS~/=B'h EfVg!N>6Tk^<~kLAI{&I'7HzDtCOsuK|[O=z'ԣySixlIn$ךdko=XLB捺cx3q>#1z_nX (tZ6򎰡pD- q>;ENɞ w2BFloO4RttoR1<Ȼ(M=YnzZ@ AHd_n~m##ӟ!mm ^+LѬ[7!z6jpaK@,+٬NhQ'óVY<[S.kַH cQ\!)ˆ,1$+KjZ{qAE`ݾ#LФ)Ky>Q9VQ:\s!㥩nxo8̂n-Pف^ŎXIu6Z$[!ܑPE98 ,*"΢Rzu_c֯!X! Uum"w}{="X FTPYMN峦 2>"hqj"-{IM33Z8ekijʖ#EUEJ8;3: yx3ϫ UNG}# ADmF0=z^io+ۇ owAfV)qAU;8\{'_{,zsL" @m_zK{JTsiW(ACE12Lkb~i+lJKaFAYs X㲆GBơC>Pה:EڥLS 8w;Qi~FA˜)Y ''?Pl]/˫%=ܷ!W7MvbY,'Ȇbjjn[~k!7Nd}V %mkU?_6qˣ$Fy ::&",M|D..'vilSkNǔ;3[~.@(vkjgکX/^Px0P8_7ن&hsGd{J݄{9bvלFi4,t͇X$=ø"2k +2" cf\?˅sDb?_ *Bm[͸llV%r`M}]x}t=o;Ǖ3sQ=nhIb0NQXnv ގGr+?c y"jq}C#7j/Dd9|Y\qI!' 5ʔaiT2/Ylڊ7%Z 4 /f<5YٿL2ID@x7DEXe~cN>ɕ\u}Qi)Vesͅs 4|FVѭ;m ԩ̋p~&VZ] YEٿy 6eN&_k[JtJҲ/(.Ԕ9: W`:Vn/}&bUIE^rhaU7y!9"7XGʟHLɗ[Eq_B0γon*ۈIӘj?_B'pB_C" -5J-.\-͞A}jPjes\OE[N鎍BPLwc&ֵ$1αW7Misg*,;gQrY|3U܉a; byoDi_"0ܵaV4i,=Ff<x!;UF s5l([pD-7Ioؤ[zev|5a&@dsڭ4\%>}4 '.OV,='z T[T9T6+̩P|Hx~I#[c#O_pYp"-N]UQ@lQ6 TC9^zj%?$ i FqE\-_G(ّB Oy$ym|Y{pN"fft{J(SVF@=]9s#OQp r +Nlբ)0fY^Љ&{ @ -E{2BTF k8Rv넠2ӊTGOe'aAۼcPtr'lOm'PM-]ɾtCcZ܂.Nz*4!ZaN^,rܹwLG)%5P^FX̋WaB3{6uER5At` n ݬp:r NYm ԰:lq'Ze t2QP% O., "wF; P%G2c|(s ΄Ys{+.kt IGWCU3 u\CZuK`WftVԩ̯w=Rv Boɲn}Zv^zoaL#S՚6@VrK:uf w)^RѤS.iD0:)na7?]wu \kT,BPƆ0ǗY)."v,Q.@<^3 pWGsYxh&ij$\B/=}"o6z0_dd"9eIudbWng`+qo f0$0Ƹ{e4 $Wrq@ʇ71\{t=ؤ_T Vtϗu vl{jQ3pϲ4ZdY"x%I6h|FsaQ2.d.'o/JO 80g#a ͉`z6K}zwtEv"N o)~չPMb nhB[2VkW) q%0?>S hl<+RhjX;%$ʊ;Ĩ,[臄ōo,BOdO @r`e$]ٸ@Ԫ :("EwbH=b6h lo"5&YN-_׶N1!WN:!|][ 7ro8i+|iŵYV֜%>/ sz|,!['Rl}Kj[_"_`JHKLNG##Qlp/T7u>:9eL :K K5?K^Fx1ifzL.6.bBiRPh[9k$i.Cs$M"rD)(('+,QlBgXAאr.:>4Xy~Sg$ ڈJF|Ƥ|h@ R߶_NE$]g{U[*q}KvP!1aW[FtlFeNұvx'_xU5ށ!qh5hݴڞiZpZKv)MJFӇ5+Nڬ c|dB5ͪ<.͒1{/\0t e+=xEpDfl3TF]dVxq+$jdJ+]G➆]̀ MpC=%{Tq=ߗ^" Q%HJx\w}Mdai%D86Nu惎fZ4;)<56x3f𽛲E0;9bk7??"Ho/vfD:. ߼v5*N̲Źcxa!C\A^+/8HZz9s&BO\ȚXi'7qFJ_N X0݅kŶG>.S`6`1q1FC SH5T>̆:˚c5CZ-JZsJ*S_h @P8YIޱ؍0ډLsY/;= P H+ˉouLNY q^GVOWa[MT"YA8Ps^.y*$+9d_C qG ^C12y8Ņ]WB(~Ҏ;l- Ȱ?^rh4Rҕ.Wg%Q23 GO ~DO)UާgSPb@p9YWJHLD"/lnO,Q/#p <ETץ*[b#"u8UƃXZ!G'!(HqTLDۀK73( [Rzm,k1ު3[Ps'g"fU :I߭p-qt-i ĉ`P"S̨AKܒꜨk lj:FN叉Ia`] tH3F}2Uh<.@ƤcӤ-;e,NM&|_GqZ$G$%ZpњԺԅ-%(s=-ȵYwY[q mtg~/T!a (r%ѻFJWXpE]w?fb^#<̉8khGuנO~:X"_a703Vג.qK,I`_t^Ο8gL:6aduKNbz՗L mǎ9]Rƛ+MlU4sS&" |wh÷"=Ni _E3QG^֌r~n.-#?ʂ%Kݦ/o H n$|VԶw7TAG)Zǭy%> ^[Kъ?y9qAW>̷= uchs&X'K\#&Hq87jE4^*jݘ{H}*Gm3=yv+OCۻ2,0d;]QI(H6a`iQSJ4› BQ}>A1yAEk,Bm<X*fcr[,OETWɬ̞R*9?z~)Osɇ O?FGb0x( q>tr'Of"Zzt3W̗NAoX)t}hأ]uw)G^_^݌:8"=b"52Ux*WFzr[{D:;H/]<߿BJvkȲS2.ߴ{ߧDBwqKcX4p -r6Ukմy;CNl-zTd =iѣp]od6$#ili^ M?~=WnJl_,}.J}v}F5bVz#rRR"j]i: )n{[_\61yH[HngJ0`1悍!NĈ$.]S*ՠf)@^n"4U_)s9|p_ Jw]}S]i 1"̓6. Ai'/)ō PKIW*"DV !dyQ/,>#>n|X:T:k]->'㈀f9P7Q6%70CJT)F7&m"ĴXGg BU SR(-ߧQ^X" ZILCK(2Ɵ(g9䮬/rz)u `._Ķ.4(GPalO4蘇q,!ky3Z3+Z +Pi$Trם$ &dg2Z܆X%pkvC4ױz/#^=X:{$7ClMY6`YyA9Z\ ~ym,`5] eDiɡgs~ն{.i4}p6>{r&aGFS:Y%SWE7]pKe0FF(Z`qfA8@R瓞Bmuw&6Yy\kV}~Gmh=MiF~^}\g,NHv-)dBㆪ(_B-=]]@%/Uɧ622 $@~/To7DLelWUfL/zgMciQKԈtrمrU!5Y c1m yg3hSormmjA~ҭEg.,YRE+4\TNy]`sQGe| $A!ѧ]V"VI_Im&HKhsHlQn> |+@Pͦh xZr7oީE-u.[}0DD T־ QBu/] ^GA`:lx8+2 a&&}+# 尣Bg-F!يnd&!AyAK\ |_VOt ..RߏKU$r'߆ N?/ӄD(!l^ 9Zé Y-YeMa,ߩ)R|%? d8gBZԹ܅+^2iWb SҵuWwA G5VSη3#3[{~mq[<*^ l"4hMax^ޫT[$es ڍ:ܸt3$u5kyk$q[+ʬս,AvӬn_"➧8@Hu6&Y;?9cWA!R96!JrP(0E|~&KC{I|*ˣF /FCXCOd:\O ; DVX:T-DoD+"-v2=V1-ى. )2ԈZqVS\j@D]pUЊIV\%q}E/r鯿 w}5`&'sj0*4-[OIW\}ơv(#-!3P:ӕ`hF=R`' L0j\}\W4[~J:̍V6F$B\h/GSxZnrjZDM:/N@R EUX~76a3HJ,\ uG@r&bo1z*kDS[7l|&}>7(2m|9=C+,Cux ]?&ѓ%{ڌƲ$~ڟ,/O `9X}_D7̡y>CH7,!Y@$SjpLJOKe*Fd ?OM]kNv4:k#W{o &2R8o'۷A7 9 'a~qK-rG"kb! s˗W6.믩t]'R2Bta5|}׿? )Q"_j@I@o l\Ul~g0Nf+Sj :EPC`i5A V"ʊfmSwrZ LP"IX*m;B8$-7XssÛ),5u3e 5 D4tX ]*x|TDHa)jQ>ʮf)3O}CNjPjDy@MΩ+8_F ιFdƢ^_qd=9.S> 1観ܮI#gdTV0EZǤ!VL?H΃?щkԠuygn Cn)y_6"! 63:\:Um\0 cNzC'~z{~${ˇBg#T*Drx(i~z/'l L%s n nazyAlJ_VJ\;^A`iܮO1C.G=AMo얂PQP~:_v$ FW6[0ل[S&QUmo1$Lj(5g~!~#гjgiY k) .^\>x*:~8?6L4 R]3|<3Y$CF? eɼ0,?\5"QuXr$]Ÿ34*LsyD^K%` lNJ^\4Gv!r_ї5nEk W&WE%-م9C B+/;=QVînƵ[HDAh O!u2 'kb,DE S5rmΒB_S#ѺMꏓ a99# Q2CF$rw?jO-شz:\5.Cn?!Ϡ*>΃W7wz"rbgஒ4a>*3 3$*x$,xbf{K%F>& c*bFb@xR/m@97kU՞pw>LIm?kyC[$vJPajQc`/>;O[3rP0/51Mq2M3 rj0(gpdJYH[MNڰLjI1?GD@x..^){rVq唃rb-*E w]Ohjm -em e,PrX$mϔ!.s!jma+HWŶC1X) +sH@6GN^1^.SHA݇GsT} hJ`?$cd'N d&Yg=xnȦkRq=:ϯ8ġgݼ۝E 친R9!ϓ` jYUt1^SL0 }+֞ xD>Y%+3+[L6$T5Ez>0>B^p&S}.ooTpͼwdyn$Gс7Q2(+zՊfhO`%\8M53Od#3*-d"L &KM?sX6Kxi K_-Q#=܈}@a.<Tfy\l^NjXi8w]m2|2c$'O}L?.lٷ)ņo=sD 4l#, 6gaOCabݍo-&$ 'oFZnk"z/]͖׃"| "c~Ez*릚03մ =v~<3za81k [S>ϻ >ϑ"as^u@?USZچ+Me-g%Cqu/Wr*PTh^%h A{CegVmN4]ZTq.鑒Il)5]P-eRTgV(40(?w6]D>BS&\I9Z;rC;uIAi ZGu󧯫M$u4M[wV8 trp6P⸭ɺ\kgG'w.Eb?!Hf#o* Y5Pg>D7O߄(NI0&Cˡ,P!'0AϞҴ$o#A9ϋ*]"i@Kч1Jo@D,/Vbӕo(5uzGUe?V7?)ǯ ŲrdH!"#=@q"Zړ _\o)đ ?}}|'Ţҗ1i"Aޙ qƈ{tώyK}U-=7feJH6czK3fX%8~*i ՜W~[ 穁)*;Qedu|uZ59To 3m ǻZ\Y) jYe0Zs[7JO@TW6t U?OljL'}XLFRPw[W_3B0?VYz4o*ֱ{ksȔ6^+$_ANr8ffJHQa*4vM By}50_k,w4X$䪬֒:6UA[$νl=ȁ~,sݺ|hP:R@WxT!&OE*v4.2}fu@5E>5Y}ֈ*QtѪ{>V \_NԖK̺E_s5~80p4Lsr>/gP?k''ފZVWIHS!8]\KE%b&M_?~iߪƗHSuVN̼L&cp]x:V#;xȈ $6wa/IA ~hyhԡ?~ PLEyx LVqDE_0 6szQ([g2{B8Nc5e,(ڍ%B>ƭUzj)IK8 Č0iSgA] ;0ŋl>As|OӔwj0NUt95<"e5TVR@Ve4}کH?X qDr/6 6)trpuo鲱idٯvI$zd3ۧxh)S&b7y[J?qm'@ '5v5ॵ,U36M7RoY꒏jj~;6d[tf'?)aB4ʰ! o46gSEGӳޒ,gw 6bn/ y 테<WN2]O ]ijk?WJw@3E}jE%gqjTDA4REK*. `חoꯑ2u$!ڠc6|H,9lkEꃠp6\;d]wRAH$ɌZ|?]״Mg~G^H #X_DDòY;cϳk&NmqY !PsTGz]"%&׭7^:~L3+w>("Mvj ! #t֔>9];c [q1mm@M*a 켳Dfk<ޮ`m|w^6x;Iʷ-a YiCe)lF/4Le qؔF@'=^ 5Gn>:VEE6Γr>`Ԗh|29$U|7%#dw&hw:6DfXBM=!D m[&klwz&z~ 5޸ O}D "B:2 pw:H^'*A&Zf+t=O$& f//@B!Ѡ q19A*+=T =|p̭NY =K֩!)F!mHz:^ Ѳ9S i| }DuFN Sژ<:[؏%NaJ5Kh+Ⱦ jLlOG3f1SN/a%a*:؄SIQKk o0 *r~hXY6"N$>"FdHq3C.An용~pSvn5hms+ dy&5A#nI籝qD>GsZ37}g!J?]Z&PTی*Z/"}UIKt.Cד'W@fm{U(NϤW!Aݟ J,CnfpX"kԇsO& F{R&kVT0 ZFhZP5gȀa.2B^>x2o*g&2GPP)[2ur< %j#\09 V L k>T. RVjxD0AT#J0$W}6P5QsEc9*i^eG*y$& A1Q=+p"JkdY8zZQo{E"Nb9@Lwԣ]MEE?|JD貥꼪<@Wɨ(hEٞ2`UEUEU1~BˢR+~C2t4ܷk>Q<_gn`;Qm//1a2^/ƪ(y+~nU:Xyh{ܩr̪\N!-'M^R3ZTcέ)'cƒ ~+W1EG@ѽf ?Btݦ chBTmzPΚ?<R Ғfw6@ sls3x P1Hv:C _fUg~o{aZɏ͌>Kܾbz(\.Pck\GX} h˅Ehl*WU7xx$IKgvO3c$LXk'-+:xvHZ͉5x~5.ALم^}Rt-Jy`v3_)~m c{8|=vQVRX!cg_N">z@p*52ڹ,[DfhM= aALuS@& e >?}^ܶp,↷̖D)MM/ns&>e|Ihó`#,(e'%%("?eUpŋɾzñY#^?eX 62/~CSD3˃Ku'mEoU+̻OD \;syU(F|z XND贺 NBPZc>}ė7$V'"W,˕0Dv>ȋWj` 7'p}YFzb&1}ϢjIfO,1+?1];S-_q9,| C>kTU{DPm'RdvŠ68C 6%m+oTr0H'q+↜W!"ae_gLDz{\z9ߓi݃!Ӆ,R⿆(+Kd؆'ID/Te_ ^1^|.ƛW7*8AQDQ&jإjؒ#t'TjP׺w+< v~YDRNڹ-|nWӂg=5XqJ5ф0'W& `ʞn*Udޣ: B3IWMnYi9ث+)o6!@=rH?c!vPHln[]BEP (Q#ֿՠJ r;%R7N05giYI@p% z@5{8GR!Po-h('uɗ}MSW;c.-Ϫe(RM<vS'/Qph}Ĥwpx H_h['+|f[b %K׭1ixbO]87չc9\ ^L ȃ2&)G;MG<+và[N1L[l^A2&E\*){c'Ad[;J&O89o~O#nN/[X $QX21=ҽq6刪"ۨ b{A"ŚK,WL z$>- f?S[&G]cO[­6PQyrTb\AR=OX7::Hrw2j:ѧ:o3Tb1YSVEOI FcalI6Bj+}1 v\t] t[;oVvI~=ь8뿧*OrcG(Ūܒ` CnpV,<zzH+uɝ0qB/q:lkP$(WqWw!}a:\I̐ YȌ_!QIjS/6b?@p()5m@EΥjSu3@S~->ۦAvc^W*ڕ.]^#\2wVA:81 :+[ ?^Z8eYVj#g ?K!pp(2ǣ980v -$+?dy9G"NF/ a;-}ܵ{vTMԃ8Kq^ulͶ\* zG@ yn1u,#[t2P8O$^8Z󹪂rhh2R kF<3zٖʩc<,],ΰ4NlT# 5cdcIQER95u9?/j ʿ-A"&VC(􅄂1[zo:wc Pqz* ]K> O,'vN`+` {DO?4>[+6>M6&=zm$5-;Nti?+"~XRL{\`4"OZj8؜8tzkhQ4mWi-HIt{1 ~n Ub^^>s;w0;tӫk1{j)j(V>PR, 3cF#,MOYGM[!hgת|]&s~u,Iܣ)Q>?Tߞv232Ź>K>YqEev=a6qy[$,1nS"P fSnqսޗJPR|P5_f ?޻=0 壆-dP Pӟ ;f*v ],H!*3'{-j0F _V P%=;3.>@'Y{UڦI8I}n>ƻ\=j2vW+ ߎ\Ie V@fF4Q]%ej"i.Qߔ&/BQjzfilǵarCYcEy2K%|@+׻vmy!"zsO*s·'c[aѩAy9"1=*'NZ kLa=851h7a#$ wVw`)iQn(@Z6_Y8;_Ol([銖)~YWٖ9$w?y0祷 W_kμzWA~*vRS,qæL ď];9-7c+ OtgڷU_d$IW=% <e)Ì{OYmQ \V͊滛+D2p5vy@?~O¡J/PE/ҡAV&omRQΤny PnӟAH-W@ Re+Si!e%.y=x0LA:0Q;\1߹3e̪ U?JK-@zmsLkx AV58>^ j5%'KR[Ż fgI\̀H>Vk󊋖: mЊb|,PdG5cӓUz57QIly|I2/C5ZռBe8G9bœ)B:+ A-کnk<>#@FDSh <-̢Ǔgϡox,㟭ӣ)d^0:iIH]wy'; pdVB] e (rX:U>NzfDD pDMșڢޫg}J8a'`c+S(e O8QҘ_"`1\ٺўQuԁbd>H*e3ͤ5-фf>xIO7hHMs{>& A=8*$^{SW$kjE# WkȄbd^pis0 H:èƀX.BݞND`ձ5iiٰ4Q^F_OPxܳAeߎWd"w?ihJ-֦oBs;܀9OjR!xj5~'ZgsL+R/BGAnrz-olQ)߻J˸CB wqr{>*XaDk\VoB<IԱsr[Xb\2n@E,X٤ d%-ASk& Hn_ u}<ĮV }Eۿ~'zt7R ~?d?ME\`>x6Tm3qKڷhD|@6O70 ^D7ϒK{qUWE` o9&K{Rw0*|4ik,Z(PbGv-t\5ŻJLFVLYs ަBC$s,57J2[¾q;HK]) 08%VZo~1Īq+~ VU8Z41(Lh5NSft1۫fo۲5Zch>RYs=jF`3L|: t]=1pecgߧ=:ϝ@ZR9]ԸZq2qe~'=\>r%Yw"!b[}y@4sC-"LKջ?d 1 Tx$8^FnקxS[J1Dt7iL ۏFBAsY)!SW뵊vђ=ƶu`q!3N<]NcC6dhK\ѫ?(P&+YI=Px![ {g/ 8.A.(@[KU Q~o_Q [GkV5:Akdjs?J#N,z~/ev: ~4UE *WVKlUp(׬ y33uvZY32c\K]N (2OIm ݫRSw="ZGK?gK>!ጦh/,ؽ[!ȕT=! PvXzd |H"2.e_UMek; H#tWh]zA:'`5a$#ۨJP40z#'bKL_HV}CJۉٸtSM/:PbkT\1J] zQ/$EKq؆04ikh7i@ ,Fs[[|QZg9]htSz\~=0khLܿH0i:b}FI wڵdE_X%~m ȫg$L0$MgOֲVd*ݷQC· ?YFo϶Z^j?Uw7{>o) 2ȯ(0lVͼt崆& gѤ7LWk'U]6.Ώ{I+`>=s8ۇC _Ko{V 翵JR_xi;QmM `)[BOPwGy[" 2.0dB^|aL !V\EO5e(B7:!$¬yF"cr+:UEP2TXTy2UM,v_dIJUc| Yt5'y41d/Ԙ5֗ըqir`f|_q!%{Y52/qlڂw]pHxб{zd=˯ oa8w GJX'6jcm}8ǵxr׵`g5~)Xl,2JP1=8A$^$-~8Ygߌ6w^Sar ~Lqu?Xcי +) 7kdni"&sXȽ7fWSUtF- $SաrT"'vs}5- UUVD>X zCځwv:Fe3UP"@ŘXTzq0Ō!>d-lܝbwc+ OD.X #ۥɰ`:\T#F?ܳPE+=PLbb%p߾.3+& Eܙez~K֞%#-xN ʞؙnp#%!.VZпŽ48/hSʛϿD؇Kק-aǘxMO!_/{f^n.>=*πw 'ue(Bof/I!Ô ȼƒѻJfdzpccO$XbSͦ9.Y!}%tccA 7WYϐʀ?ǩw3i[y&d?w<S@ܔPw/d2h2@JSfkXzulί9@[Q*.TKs&U_W 6ƅfjӞj6aw%)ށuWvC&X x:}KCI{%kX-_swiHuǼ#49ix€UdQbH[xzr/at@+/a_ D:N1R6 /&y&6 U 8,gM,udX: &vEZ΁o~oj;1ߔ +գjuc7J ҼNno1u(sa啙pPW-7&GmiWHQmOE˵dcdTla.57ng7;4!5Bjw[S=M/V4/QkCsхolPnZ T jSS[@ؕ*M?%b}(W5ҎΒۖ$&5.N^]7ms>zA KHe#1e2Ê.<]x$]'gb'd3AoA7 s 꾢:;W8Gi)$O.%4)hD  <{wN~(;H;|5nRhp뱇J_Z Hظ(, }j?H|i'z"g#`~==`xr2 f)`mt#X l-}J7 }Q28B:Tg#"<9 N逛6*}H?lZwA^$bMQ +=la2ZfoOceP'C v- G̓n*H[oxپ );Yho` @%2=]^Dս[nce+@0@r@rUcN~b(,?a|[+L]C-aCo1UɵN )N*]bp4펪Wʿ*vze᦯e)a8.4Dţg9?H-M]êM&w/|۬*]d'*Zq *>þ"F-{am *-mdEr#D-1\,#={t^x5?^6lF\+R)@N!plGrlM PiG$F&8W̶R(O0i'9J0 6j(X9u0hi.'s} A; !8+{\3ieq+2AҎeˎKqqyS!_i%!6cɏ)E©gET<õ4@y@8a\YV\mdlG-&HL]k/l.x3_=y>z ZF$K#DwgFCR][ P `pi{K'ہU~ljn?u+κJib*Fop\Rl_=?){~[ 5H5ۺ/iׄfB pjjzIEe5Z~aAakXͮC0Jc @ey[LdXz:.XD47OHx?@~ZC<ᣱq#dE;s&,8: LaUJyf21__U3m߫u 9~V\IY\5 g;UlLg,ji!Iuw8量4P94Ji_{[t« :14dz}n$̦_ۯ PK!+Qi^R Vҍ3kY}bEi|ץ97^C7eF@$zصEH@`증i_-BP9CYq:ϳ;kb8K]Hmh y_=MFD|)f-?17Iɳ($%3%htHor.rJ Z cj Žt'pm+x|4%|I$ތR /'](d!t=vcmtt4āy/]vJ -ɿbjzEUG&6N$ ڰ}tqY.in s<܋dCڤGMwl oX1[̶Kp4^@H6*Q<ȡRcv}O`sM1T^+u* j4= 5Ee 6U- VtuqMCl`E^6fKX눾֋NذQdx4IH'Qsv'6+ Xti37N6zt@lj6$R0u<ێh1FGXZ8@S7YH~y̟d\Ը2.;; 7V"ʉ/M؇Q`sl\H35F6]uF;2\g)g`Hf^E٢?fE!pzKORP"RJS_< Aa&|xI=ax3h^ch9f޵GCx$ ڒ>Y>U]2 3%vr œH,/G vN0L܉\dR79 FFQjЫgd-? Bu"-o2`7]S9<  W7h $ ۈH_p<.p`k:`/]Qh0i#T.6( M!Kn]bVjNJ͌ Ōp%P NxW,6A77*Զ5jLvIGv-QD+,`q$a5VoJnPv"4BMmؕHwN )(ٿHCnӕ"w6zvkG8 jڻ,1/9(FY8ʗ>Ac$z.嘘A%֕  ACN) ՃihpL6Yd*ud0JF9z%$&Fݒ5MXIx#Oq-:S3^9T,c@#!%a=&JZ9K°iƽZMta0kgT .SY߈Qn-`c eGE>M>E3L)lRkI զqj~?Ď4Ka&zdcxzcl\nj"U]:D_mDđ9G_GL L5 ^s4 5Dl>a#0Ys\$_#W^kG6 vOn[Nv6ב2SKJI֟COWЋzs Kes~+[-2OTv(j֪JM庚_:f{FdhYotHIHFsUZ7 4hM &\/ 1Pzy.$E5\W{ޜ . )Lѹs4W ֒4 ĵ@ ; tFnÇR9*zL='!?Յ}$T^-?qK,Ln9A;A:J@Њ*v!T?٘gg^$ oN%,wJ/+!5)'(3f⠹VwȄޢ+?4Ew:2҄%ה,oz|LivvbWŗ / zC37 %g&{)%p > WqxԠ? S:1aw azVn,"Knh /={,|*UAVG-ԠffQ*&+(h^pXC<vwLϮUXH~r7 "t34k̀.'8薨@;k>,H2Ժ5w;iZ}][@#Yupz"9tİLf!Q3 yOSͽIŋb(jM]9}!}*2_?2b{Vv9SrfE ?˃COp=#5lr!\.UH4^m~4+E~޻ >vxjG?Θ7>qcMļ(G'K7cv}CP 鎬jp6Ӓyw[14X@Y~] ɉS~ ǘŴ#ZI{*`)wve80뿖fQAN[s+\@awn9֩U2e#KZG51S$C3:vݼ/nHvbLE9M\dzQcƾQ[xdLiD@ON O5ShҨY#7!4|!8&G>CoI|dG*;LQ5i!]@q*Pf`+(9IXEDt` ڑ =P[rtH@Dk$8y K0 !4D4IDc:*b7c#E""Ɉ]IHk-9bŒPG'8@3F0*D)yA救Yg-yf&* +G3'-uXf*Pd+ҵ;Rta7cVKê-Η`;,R3kawMu[yl׿W$XhJ{kEhHߣ͝E"":p?\m+BYk<'-YZ魫C,x Ёᭁ5;xQZ8"$lj1_H֛rn4hrdD@WJ1>W?Gg[3Js(,:^5ݏsv.o7h 2Z=@g1K|}>$99B7x A*Zk:=sFuZHd5XO1wU +U+Um͛j`ҶiD4S>WJ&HyVv*rp CaE.j +6,5t+5uY:&: ?e=nEzJU/G ǟP5 K'w ' euT&X)ЄŒۦ<5<Vddp@5{x6FgeLWbIXYpɶMZ?%[:ijbPRR5Nnw'SN͡Ml.D12X8ާRhCIbc; ȤX| ai-EBKrwK ,2{TJ@-#\,$r#lN첽↡%ǭG,Ύ ՙ7<f$[)VYӨM6-*Avi6"L/ceI83w40IB\VUdsOKAf@Q39(RV dc؄לB\2ы/߷Elg*va_~b6UaSy7>Z=RÖŖW@3By^jd ˉpu mppn5Nd=3c<р3C8[d= 5Ψ/ ZP]#˩O YGl]O6xoAon\yf\j2ϡF`|+ZOe/Tr++rٖ2Llx`&T# ߅_}XZb̺ߺs WOwN5ti]"F/ H.Iww3`c,҈ 8k"Lhpk[rxê܇T(Y'-Xk<4s+%WY:,KN/XG+tI:b-%t釩E |VRhm{$' Ĕm\'nU*N+}iLƻ|<%W&Qu,g&`tc_𓄋=yFhD8A| ܹ`H}8'@rG`toze1=!G 9*E9?LRkbrVɂqf;$`xД ebP&4 !'=:$C$T]/~L+9:B\_$ =P1@2dώ*d o'>`O'jHFd. 1q(?[<,oFg.[iы AބBTfAkPM;˞(`&wꇖ np퓁K܀V D7o}cҢ.!Ӗ61]_ Av!,M,?ORQ^E~BJ}p'[!9 0f?qt̋5!g1*\%R^ݥؑTexJ#`9> $/io'S\IBx:6j#c ;ioĞ֣_L:j*1vK̘ChP/C߅3:):2gFjlQ~+ }|9zZ{zKkvɊUqiwѶZ MU۷De!4FUFQ_r+d#qy}h%Mh) 2%3.7<#̦`PŖ0s->׭|GtDDL NhwSgw\}dfn s NL k%ϐE|(FN^EcNU(ONpLJfMyI>HL*i`YS=ɘb\W/p@VP5W''iH'ױy0UڝHiAܱV/hjM8zy%Ewa`*A΃s ,AT*/2镻UznFʵO,hHUi]O줊Yv\^<ļMz t9]WEgqn齄 \[\e x.2#g A{Cp_;bV^⪕rŒBZ.C%Jhɾ =Tk'ݮ-NOmHH#{VU%|Ihq_WZ +tqI+n7Tizlbhu}ώqYwy<쾈221HetM'U8fh 뺹'ʭ$ L̐!a@rU( c`I_/.~S PF($?V1B5eAU.c6Pri)Gst\mr={/`;g/"C aHbH+(-C` WgBvl"}5Sοu4)+N.?d%)jOd IRpݕx#qXl)$yHDs %i?zΚCEhB!&F6 Kd<=kx,ȧ{XoGy|J/0fo*c,Qm z^[R2?0)E{;QH8{ZY0Fxp[%Uݔ ?RAWߖj,yD4V,yBFB/څIsJYwN{mct kQ~ =ACcE}siEuJl:x"Y6}m"7<aoP9~KLArB㎚H*f:*+J9%1A}D xFdz:ng͵K~ 5p5Mu2k𧝊!3^}6<$z6cHjw6?@au60n *>o=o Ô,Lq[ 9WXKJٳkߡqm<=6o%7/lcg#c vòI?Sf5qU/ ^k ot g 8״ zPVK=LmA\_Ļ^KW#H̰߸ΠuQHL=W=m-"yV "αg+VxoV4?QV#Amm(<4JzjC''`ZyNyp!b@auw0aJ\=_{ AeED(R*v[pyNFClj^Z=i_熟AzzRB2k9M#EO>;}/1]JJPLS"sa/U7j[ j}q cbF!ƕc$vDAtx-\R8uAV!qٔ7ϧ2=,߫,,_C<ltKb'io-"t;hs)m ?޶+~GvLe(I&l'7gFHp @s2zxfCkQЍ-A/3D S)6dw]Lߢ\bBHn7ڒ㵋ee2sX &ޭlVy%{F7ʌ 7XI0,0PF{/ppC?g?C!U5*]Oܬ_|RWU|a1Ao,^Yk.JckIC\!Mn!/,4cJO,&&s2CJo .t@nXhC:cRh.樰> q* <<ƻ:a.}6󖿆E'OXԱj>ć<UXV%޼|/FLJۘ -L4n@!KSc𬜳z,flO!!}ڶ )KTRiMDxB5 &)e!/:i9nUHs$KՃ Hg[tDrd<;)1ihaVkfk8#3N$E-ށd%Fg8rq"oIZ˪RH* ,q_ܻrXgi^c ; 5f҂P|%,j/mv:S#0GʑàUHڥX-#bo< D*Rxڮ3`XY8:x|Hr~hab`Tpm{$?DkDعXJKl?D#RO;&11MbǓ5ł^>uE+~}ȷP3@tţ"3I]mZq m_ewe}M w1G{̡=mf%0ZDqВIQ/Bޤ?-f+W,ISZPC ?\/-\x!JwFq ƱFK^Ku'\`UF.N6Y(ͤ̓t&jԂ{%'"x G^feHߩs`vP1ڙD]m'/,Dc 3}ac?;"yznE2[q_9Gl<'(nz)|NC赨Jڞ"Ħ~)эXƊυmZ}f T7q;iJ>zp|';웥(F[ I;N'n(<f tT":)8k?:}w?0c׸Qpfo4_S[E&x[^_i8D"Z>x#5ɱn5e JcJ|tj=Yr䒮yLY6xZ%>! ښFBSSRx,D2m5ia_#A|`?P]6nes] poO{v،]?W:mڮd ʥR5z?R_+ycepHF 1!19/:xnYh̭Oڮ_JLq|ftL֭$OTFuC[16B2Ul;]dw $ KtD+=v;h֜-f-w=yW3Os5ErXILǘreUrKL3F|] >YHUh3ܛ5B;%*YZfh7|\ k9js C$7 db˜J)>vo|RrZ̢d{3p<^u:APW/x@Zf6 oDsx+gaM~UYYv(}B#›cKْ>[j@ )Dؤ;Y.j+p$0"JlSf_Ms >?/B4S!7G zzU|FE1)/@><]' ?3k5}5V p\YXWnJ^0%};!Ky z:{> eaSͬ )E'D24 5MoK6јUWcхYIp|[Eӈ*IvM}Օ8oA9 m"1V:R)? 3uW4jJ.mpw!}!̬EZvb_R񏾆Nxxd l)iYX< 7 {ҟm;GӲ̲4!/gd8p}Za1'װ ,1]w zΜu)Xjr@S¸AGheǺ-f_yHreVo _iGn 3p \o!Se5zu;a/rm!%jos|zڋLt>|)Bz3Ԫ)rnTr}E{h=tOM1O0_B)\?Qƃ(zY\u%NTy\fCl褬}p^H w,ϝrt1%L۟ PW#HKXϠj,4ww#C0<X`{f_ƔV(v sU5B gP&Q -.1w")%AqB6fB&+»9U'POvWE de" 1MānFP;UVs0dx6\Rܙ:זEQ !s]HS- :,|GD^3ƹՕ }*+p}hvs]2?ȰFS i,4R;֘\r (ObKrm8cmbywe͊\N!D :`vHy8^]KFl_c@1j3Yqq d4s,@tP2oMFC'%Ȅ 24Yf42^GCrw5=<[H$_>Xl' 1[,#ٸْ/l"πfnF.n*IY]*MGz+tFdoP} Y=Y ܬ6oԕ"!cj-D"7nRJmԽKuK04Y]7.[`7?OyĚ 1o)sMs?'cG?H_vMHԛC.l a0DDD .w}cWٺwelwCqLu6%+"4֊>+G?m=~{ojɔ91v8@?T`:iRc;%p^:]6-Φ@%=UJdL2ٟWJLNL1"?0~_kP,ɖԟbHx^%P@N') zWY F"P2<}{B sEuZkҨ4׿q y*ܘc٭߼3Z>UwutcB&o5,,ҿXW6*T:wlqS HPbtUs@G1*ab(!1R_Y߭gO{49&{0 =|SYLqwOxbfkʼnRo9n5D_M">:$AS(P:Y, hWogd ow1, #1]lg5]:87J*#i̻/:\ %{~񌣨-6jO_)H9uCGWX 9=爢\ۓzg#74vYhT0ptQֈS>v׳X#?/}pӆ{^+?I%bq $Vm)'LjcqHU^Z6cl%!ޞb_ ER_>fZ) 1C6I=*e{H:le0g`T%bbY(( Y|jHuv9tƇ;U ڕ' IGra FhC0(T(CmCTV]1Eᬥb!gϏcߞ#נP!pUZ^NIW>C܀AAl.j5föAMQ +Ċ`[uN}ZOm!.uh•|Kd ^4Z 2+MX܊BT cÍOJ*>sԛR*i,Q`IQINjy^ph"ҞbOk'T0uX8p: 5|8eʁ k {9^@:}xxڏeEs1_O-GaozEcvr_*^;**?N‹lG \2ȦŠ~d'z֝@X$Veta6\AGlbTIq&;swQ@;0h2gy l Ea?z<PP=;jl+.kyuEWJ-E^+/'t\7B E1O/N,ծ/I05sp(Z0XM5bHæ=>3^S=kf{9c=ŜYŜFsLSȴPvv"LF}]@_PSn^?ݛWxFKTd6 $: Ssxd1{oi\&ʈxsT9(>zޖ7Or?N,FB4vX$@9:0Dք&cB'EMdM/ 6rOi?=qyA閰%9TN %zFrT`wwR|>,xq`L+ȴh2g佖_ H}rfuPX膖x)@P (՝CF!Ly -?I}Y_|ً#ahC{L,cNMa\Iڴٞ aX!*,:惊-݄П: &*1enrlǯ8i-saǀ98W `LssNFȍ`pN$6f~vno4P4[5u V,Rp&$E^7'qp=f F&rP^5dhJ(vNN]d }ky6ݢsg &/4NK:NGKHYS8>O=J!X)נ+Zr#-͋~F-y8+$!UPV VQsGfp#Րx{Cܱ^>#;{Twr@C9s?4l/Md  rYSn4J/<~͌KM4өˠ[ 'H%aXXq;m1d4EY'>qPzێUS?{oW`2C3F{}ӴYt2S%^7$NpL'#dGU=Xrk@c!-HgAm’j[DǵxQ;IbO.n\uǁ]"YsPMʭ_-S 5Co5`B//Ph`;VCB3dД8z+'0'O1n}w4^A c*;ގHRm5) B#Z@3t& ~IzGHdؘ`~h05!^$\}mj|G/,'2o$,,QKG!]Iu#!ZY`eo9=>Zx "l;2QB ~ooJr?'X9 E_$p%VwV܇46lR?@j"$UbU?f0'XvX( J#N V'z K71.SP *jXo !~C+)A1:В5*MjNTmJzrrEo$EoYWs"o;+b).d*GY','l `:b$v{FqM\h+e%\9eKH<f19^K0WP?-P9<蕂mEy~"Kk.4%r:'t&5b\L,V h*Ou&'r؏ ^~EFS$M.8_]pD|gencWX@fbl-gb~QWcQ3! e "/d~%\۱l_NGSіRDfg:E,(䦞f^a<9ͻ>x7`@|@ ws ?D#ˈ2bV|UQ8LE ?sGFQq9›Wzn@ ހf eE);qS7n7nD4l0ߥ6Qȱi8ZA&@LCTimGꅠ_1 B'w|) oMLPb.i5ļ'?p׋@"ØILwX$~7T ?OFVY/Јa8R:zYN΍ -/r(\Z,V$l/|tiokB;hŜznM!-f*d=/^afX(l-n~"T.HNfu>?6օNGzaUYswht0WBR1%'%0Y7 _<~N9z3K(Ä CKxt^ c-xDhW(J Q$~p\bi"=EG riS9TzԲuګlUDS+ukx䁢,,:gZiƖ5{dniJU /B*t%SMz&ԽkN"4ESN|lܧ< %ThqvyT nkcUvGfpy ZY"˨$iӦ%0nPPҸXH̟ nO5\чt1pg`%{`݁KjuN&&7KY5N[[! ?_ŭ ±3 (~.K|kRMƓ*S~UdOt*P_3bK]d(/>;mO>Vjouvk㼠%2l+9dS\!0+;Q7o]H8{2n8$^5L7N]]rkYQ΂c OEdUXp=GE!YnɈJ[߳[`Xheu̫ib=⻺8WM6CJ &K'(~m)Ь. kfHᕀBIK[zNQ)nޜ aJBZ[snMvm77V^ߓM]s=Ȗ@5)ǀ`Jv&> ֟܄r?['Ln#`@[<{Fu%CXB~Cg[pFMc *ɬ-["pʈVJuV$˰%J{4, 't5ó3.%.8Gn_!oHl8>CLD4ƽGo4AN}nsUϺ( R] 'z@ȩCFOKÑs d;UP(qJ-0ja8knJz}jypˈZͯp^%<ѯƬh NtUŦ2 e=ƱtCå"H`ϱ* e(߁QOrެ~Vnj嫇IHmIN5fla>dxغ2nWi_A0fpMF[0Ta:#x$}k -E54i[< q{RD 7hl둕u:QKb؛ѐWɥs(_lVˎo 1 ғmf)BJcd*"C'}+ +EHqF q MU>s5YXJZ9E߿b}mUKtQ=ls$ >yEAwS߃]s0(pO^ gOXGܼgD#ȎǗd{L8rۉV50:Y@HFÝk\GApzt2.+cc =ͦΚy:%wl_!Mg=9o;"8.5(n?L*cy .. M7`CԴE5ireunq6Z\ OyiRBSԍpNWtYͤ>Xv\׿xjNVV9?̠^1 x=kEbGƤM"X<2U"qzO+S,`cjN5\-ׯX]Y`+";o}J_V9澧hT 8g NL(okt<X1r4] AHQ23^J_]1S| rSAtMe /~r-gLx+5YԊ^€TL (#sZaНBPIO>u0 1QK!")7̱a*$pKMMÔFod,+`m 3^+(2")yju":;gv3 ;3\IH'6ηA ݪ:NM4LaTPwU3/EZi bt:qeS߭ep]vzƩ~`D& o0HnjWCGpFc2vNh bQ2X6̈vR>%zeVڋOɆ$:=gB\=[H{wov|Ͽj; O@bPΉE?{5[Ycfy8dCN&u!p$SԯLz$,-"39*q?ٙ$znKHPH灶l>͙µl6O=z2_ { iOb&zlR*l# Ir }o`eY$ Taqx(b]c+E15_ƩwWN!n)teb5!lImD(>[E@Aj̊o#HlCZCnV׳/vހy" T pz@@^z5Z1\dz6dAs><5wJp-"۪,fhpsGY}{E5&ߨ.//I箶cOw_~K*&r?ey7gzXo*O`ҭP~;H/\&"lxo X)RD!>(R h^(^{*wIE. 44N K 8οJ8`W yEZ kgok_7C!Y]h[OyV^N@؉;UUW&?oAco0){[UlIZ*1YwOZHQ|ĝG˶Vj8^}XM-I#}ZRMaJACwGVEۙ_q/T% cNU+R^G#5 tra h Ӽ6R(L)e:^kqOn6.=W7oۅb9XbXCTuV+ jnVo@J , $Y J ޛ5H}f;woV 3xO"r)88~dʒ¸U#1#4Pi- Qg/X/@$ppR+ Tr>FpMBiFׅ $X>|cW 0mk >m{3ZVyN:# wWņrs% R*ȱ}8 &&W^3QP)&"AN"r/ %;U%ԛ) -ީPYx"vUJ;#,N8:[]Ve2dA!HyO<̐9c|-@a`u;ent3Ʈ-ԥnܦTw7v@[K+꫑aPYa֧ CtQ4IR+$mUF1'rp0$(+˒ƌgGqC= $DMe2/E,PoT1X˳/"}p{a2]i3]ʔ] mV_u^0m\8"[74 *WSߍI^T(r:yV5x,yȠ-TeJYs 嘹 M߇a?Q2aؗ) Y^"s X&`7ƊڨL|Z&?J,%n^2!v͞Յ-YC',{6P|3f~"Rlsh4geprWf'ySE̵ek923'˃GE0:vS}NH Xֿ$EVE 6 z(Qƺ-򧗈10]m(p֛_"7l,uBgٲ] '..lV)!%E; MӜ%$yÛz'M K٧P;O).r~mmֈw8͈n_\.IRqL Th /+?d/.td˾m 5a64/B}B2ʸ2E~,Í),1!q6?:6|KI'!Z.KwըAGjs7`"_t^laT%ɊL:^p.Q4/]?8a\{#>X` mUӏI_`ٴiZ9K~ [iY5\K5 Yh Xt'Ϻ P f-0G+ƐCLymYWw߮/CyɐHV%[ [Og{ãgP"\~TL]ȹ{<ʍ,pF`74@Q쯧=۷Kwg,=\IT2`#W.ܛ[ }L1MFҋA]ҳZsf 6Uwt1[/# s"g)"/ j3a>^-=w'ZWɫ&&TAxy-E_?obc@)z >Z (ex>ܩ0Sg)E]֚u1M[`q㔲7!z_Ǚbu ^G^Us-9l !f@ /݃^5OfJa{bJ?BU < .QQUډh7g[uJc$ 336_b.em!3^9noqI@B$+)v<Ԇ AAa:y[‹S!G=4ˠ8f9 ٚr0#ݽkZ0fd-XxL_gRex2$( -AEQ%LxC' B7Ii Z֩7tYR6wO09BrgQX4LOw @BT_6*FUYv ^lSxeKО9)rVXIniPn#QK.yB,3{ 8s绸LjQl)z|5:4zw3stc$S$j(oo [mgI>c.Q.:H QB#N.lgq(m΁PIYЄ&֞ڣ(IJJW0xx>UD`f tqonSF!w|;氉cod! ~TkUV~.E_4q(!.UJwޙQ~a8vOU%a"$7er]GB4sRE6i0HVR4#Pbglh^V_z6umNމ[s 4*LDբ ޑLO2yޫB$ua4:ryDA-PfhܔD.@"? -A[3^\t~-C.gi5܇hhDڲ(QRKMұλLPWl U_?]1 G #Q;U-[<[5T%($,o:( S dQx.1X;(:n?bO;$Zfy.X9ŝ;#^ .a$ӔUp(?(괉:I dZo}Rqw)ۛ„VZ>XHFVQ/L(}Exxq0mK;#$8ɼ Pn$eQʃ(T"^O dP)1I))-s^Ds]91j(#:1Q 9@ | wbgIU̾Q 2Ef.nHC9ЁH>Q9i]SZu[اdTb6jU켋x]hico [p=/%0$@/ pT6"HvAiٚ;RVli#2oB÷.mUӊ}`,yn脲ۖ /أl' RNgH$C֞-3(Sc8eoQ FJ27٢icy\PA%OքN;R GƾIugN}ugD0kٝV1tX6a;yA\3v7jZ# kCW? >kOhh]> [r |NeߠQ\9L9肗3xX+-fy_}mh2@'VҥIKWOvϴ_y4Eꀌwp[`՘̻7|/ iea@#)~׫,cBȕZ:|޿E 7FEe ,Y8f[_ث}C\a tf})OAgVAV@k{js>7\ŜPsotu nT;YR$Xxh&RjPo Hpwrg,q:O05+E߄E8*b77Χ-0l0l]:`A΋ 8k3WAش+6C590QibvܡP;F4b]+ԩG\U$jw7~qh6ฤaϴ+;b n-wM'f^T_,LUŢ2"s.s prcjTcHWj b˒i4׀L[L-lz^7 5*u{icD Ւ;V{|W\{ X!}ѯ @~)-dhPlO~J,ȗ5.M7䃋V~oQ:1o!JIh (݇)cX/%Y;55MM.ʠ-c吭Qd }5L'Pb<;caO$uݼzn9y1n]ܔTxn7|Uѷh@lB {5L$Cjdn׫r@o񉾭ЃdOv"04g=Y g'. d4؝É=T}5$dVe=_8QO;R;ds-z(Źw5Հr5Du`mg1p?:ge\\ܛ~$c-=ŨQŠhij)kOZ pP: ^4섚#&Z 5V{uB"TfO 3^$r0 ɳ{PY`%N[_ gAbY_q m72 Zx@0oMϽƹ33KWZZwNICAY$]\hM4@ W2$*eKFcFS1o@ڨ*xǍی6CBHƒ)R 0F+< (ܙ֨WM`>w>OS;̮w%2_R@s?wD%m2@o[nL3d-*,؟yÃ&H@WFiC*%Ҵ/IؖKd)Q=OQ uuK2"L!*opõ)=t^ZZ"Xf?=]U `/D#73HB5d|VS7*p3ͺ/ak2S7iƨ"uZ.]S'!>F 2沇ȫJIJG'2Ty q{8 ŵ>gW?n,HonZ o-6JN'|bs[&¸ҷtЧX2edtern0dS*f;דBMgӘMU_Xm髾5Wb%C&e93YͫV*>Sw}ec۔#2ј /^v#I˵oCޖhVj/.^4ozLS$4-^ƍm&kc0ω{*1)FhމnVzHnN&qڑ=nnMk5c"57_*y=_ȥ {GRTX~KH#Qx,Oe^N 55\BQ˾sd6lLܾʰAC(jG7ę@R/Dw rx2|2`** ; O'WJXLIjX3ovtUԟcu?2AG.Uv|Wpkc fj[%ס4] biK׼=q}Z/`JZ_ORVIXBVdZyFckbk[Nx\MA ]~9&%\\5 `J^ГK&'8ƙWcL&&Ρ:YRր5 rn{YvuQW`|ÔWcFMRs[?0hhݝ~(W{ eLy&v8z}_k,$69@7+3S98[fU%\>`jc^fisRnǢ?Hֺ;ytQΣ  ?f"iVZ0En*nCӊ*3\n6WDrA XS^iy~<휃-?)G9nC}f]IcNHv,y̘g seIuB }I}Vp=9ckZ6\雫)Zr?ZFccMf [d{LDC2#8[А."M"e:X7/R~0#)crtQ)(ȞJ++KY" OG۹WXhAy/nU|`\ib]EBHK}[ f#N ba#V}%s]ߗGjHg;'Yܷrst|9Z "0dꆇ㎢ʂPיHEWME,X~[nCF+WiUo\S/\5Fc(|*G<%6oCSn]^q_6Esscت\uhXEH5Iw$'V4<Aۡ`;T--[5F0 xӷ|nD+l?,A0shK86PF_BTv^Ffx8U(0t+dsCNuH=)B&v#rT :-[V]> (J@K/&2yjh]joDt&~qL==;*a"@ tۊH9Wa2ߘ"us~m8(Micmtc1I^{? &h]5Uqog++nlb-,lVPQQ*,l5鸺 6 JFp. A!-$K$o9]tUy=0[o6ɷ#Vj3ﺔZfs6=SͽL 8,X`VSSWkwɿtt&iτks`~_]x[vvd pze4=mPWX3P'f_/Rjdߞy1FsUXlo>7rŋ{I>6xdsfͳ 沰?r MKߎEЯ9ɏM"l!*0O1b~*Jڰ9h'bz$)\":W7 c[?_@cF#5":`כ ZY>{ B:ZyM e(oŧ*NXŖޱRx=P3Xc m&k&nA^ nqWDԊ}ޥ).$OEV73U~!>q9vSX3ӯN]ia <0:!'?'ugWi0Ms~aWN)^sZn?WY!4H@'#.\x$Cq}U=J'O?@FTJd@O%HwG(z@ey>+~ >N5 .j@d끟,#H QD"eP˂ {#/v7>6q?ҭDV LAU$^u[n+y?a] yi<׍Q**-6w BxĿ(Kd0Diڭŧ3=b&Q).5 -g˘̼@˿x;t0Yk `d1HY?!w"yP)k';"ű GYa@(W@v{=+xEq a鋀m]8fyt%շy[CWB--k -'挑;J: B&8?Dϭ4ՊБ۬эsVrhJ; e`Qc)_iֽ@gܫ8ұq2GiW-q_c^i<ف`ʵ<:OWLY1.1m$u<ޫFeC;̳5j7pz>6'ou !lF[_{hYq6 JF l $/kg`&:d̅.=)Y ?>8@H7}Nƪ+)4)/r-se_SNP1^ACzf28ZlU)YW}pLjnuov&7](? {:T*mn`!G3@{D=Q 31|ޕ W$~B#w=J"bТY(ϐi3&3s4܇,HtyYtE¢S!68b28ԯca%VSׄsޫv|ߝa8#~.PI4M202Zԙ|y. 7uܮXR!5F),-CUrr#SUwTrȘixd;0<>6[aە+/ {ߝICun>QZ&ν\(gד &nmQcoG&ă""w8YGnIJaҢlp!wJ\f+uof4?|61R4 EW'ܲ_5 ڗ` XGB!f@3b^%SmҌ&_WES)k!otjφzu<$p5(Z>gtFl H6U>owSB!~=_3h ;0TY0 W}xa*p)qh;Xo)$g_;KVdNUl륾|!5?e5FefU_&p3-B>9PuC,  - J<#jI-<~sc*KB(Cej ΦD(?W.}Lĭ*&uPi9#&Ozcu|/|$͓|& yJ=p9&`4 9(nk2!? N!Q$bSm:(kx:\)i,#LeZf `ؠ!&kP29Tq!z<%ʳset8wUbZy1c.dnbi|pp0YQـέig .Jj=&.3F5Ksoݏr;qmp}M]3d;خUVHaQ4-)k PC!^x '*xyk1?3UhSp}3jZ=]HyQrwhJՏ-wY-W͢zn"2ZkfdK/'N JM2ba侣oCRoÅP62eCaUYi!{t :3ё4Y$$: \Y`:)eoDtX.6 s|hȸW|P ƠNMp@na(V?.T;ъ~\B6./@}Khٍe:,œ;\H&}Nb9>p#6ch 6V9''bVOQ[y+II򈙎JqܮP()Ψa!$%\S[L([0FӍ}Óu";%d-*U e[:Nzҭfյ3Djg 0E +~\mPqƌfe)Q[s1:{b \>U5V M,9x!ἓHVH\Ȉ58EBo![U*K|aZ%<ݺ2؉ .h}nVhbR$e.-ŕ&Y`>oCYu.:ze:FPSOdr?lzt1-T=ä^!51ihj#"破QbvxdnhZ=JB3)caJAJ ]aWHض+)2eWV،ϫ3~)$Bkh5yq3 "T5y `fy0Nd(7[kGD2, )Sx+"gi. Ԭ'Qkō1Nr YӳtѯH7E$xR=L)%t|=TjWB?f//0Q ΁f R+(#)0 AE4f]9KxKJ‰'Тtvi#{MgbU쁸 ,b2Ԧ/6ae nDNRKr4j:7ie} x [lazaU3πu-x .MLT%$i0L]T(+=)Ѕb\CPF鵇4,8;"14PI[q#\˔҅HÎh_?}HiۜawF|ˎѢ6()(%ʖˉ4GuG  2Ge1ٱ,8,J=#G>=3{1]F.U*',ü̊GחC{U:1໲"U7r2zx5e5p<.j!i;2'surאf$HSI|2j9ŧ|'kv헸{@ HR0#@fy\'A:@:dOZ&'F,y(YTn 6)L V hGrvFAnmw\8%A$Go\xA*m|KLEیN`0弓M>hhAOLOh_~hy)9K6O7c4S7drTRa>+pVT}ቛT6VD2DI }JWbͯC.sF'ٰ#"e9XxͽBJbC|c!݂,ʟ_E2K2!ND#or1:5Vy.{KG (T\,_S<A~0A"5kˏy,cn>ۋ_@kLX^lS=PJB!`E=/ݻ4+l&Y@dAr$˃/I0(ic{e k.r$0SgU u{AOq}gA~RA5ةZ1 %O|7Θ4=ݫ !S55Ɯp[C֧,h>@. V#cB%]s:8Bc3FA\vrPWbf>&㒣_8S[I xXl?^)! o+o϶5*q74:/^C#;i^נӏi=O;qUVj|$H~Ē@ t.ޛۻU]wDֳfB디 q@>R xL?04ܩ.Cb1$F/~@,WdMÄtecNShߺ$&{΍Btfp(-n`l@T?2* l9'v|[bvZ^=k۫dE.3aQ0Zq7nNc٧?_? LHG B+sc#{^ epjY85DODW'l.M㥰iBAhC\TvKwi4f;TW[ ylö:` PMVģqS݊bN~8@߰ VVѼjFr :SQ"Y@_YCVbMj+vE]!+,~p/=@ӭ5%V߼^0fZ],[}9adQ$,{%p4ƃ=؀ e6x!e^z'p@W'-ոwsĮwFA"!+;燲q.vPJ9Q6S=\ȚZ˜ C:z|MUo-vQ≥DY4/RӚYֱFڣ@ go6+ޙ[cf Mwk rvق)x:,Ga.!JgC}/fj<BC"/f`Ef\Pҩ2lno#0]cT}oC ezjj橲/]Β'1\|b~%dc+TU8 $dxFFy* glV zF&͍T $s0fۤHN7x7Rv2y~gj͈ =aY>"dz;5`j Man1e ?z.@ Uw%\dT+$)~e:I2 tÍm$:УN9RN8J`8@ba6tJ'Jfe .S?@Tit4*QJo]W" a9^\pEa)5(ei֓^&/ 9~hA6gwUz3#K`렅LyK% $/\yC|xkSuZ;] 9 fH[rjvlнaԤ48rZ@Y @R OH߃CҼdJp'ע8Y:Mh'Lҡ06 UZsWekb3_0Uk"Jt#|1km( 8¶pt`'mYd@!m?+J{+q-hҵ"[k뻡LWL]~}AˠQ3 BJp|Qb7_;0ھ"]a.w5d~{2F 1,J:k#?YKA>f/-KB(yAJA8:KKVo!Jbr?@xSI*lړonsZX4SvpCv\ALg%!Rjm%Ka)\6=zכm#A/\ZyW%X^% D VΡuPǣs0q:۩dMYYi+: OW}`Ov(G(%|P8"_/,N|H` \n t.Ks4ŋb] mdaaֹ - ctbJxs+Fl,<7ʱ2ULs7mIw2auafE毁c|X ja2@iSi\^4~]m{p#7F?I:=+%=-gv"oވ9>1j"{ZRjUbr퓃fߒobS !509ګA*+tI5^.Zو(4fTtl<Ⱦ9G aNuBoSNPblӅAaulXKRX{z;b|>f6CD',pNvzֲFlUH0y3tD%KMUp03-rRlB2=+%e!&w{ԾPYYuZXᖀ_*붝]nĠ;<,E]QPnKJ|Ao;T6J +F'fbZphӉ\@Q+1݁Y$IoϞ̹%t&et74M$fjM=4wҸlatL2n-D)jyP>hx"4BX pY*S` fhe Ae7<2 Jd yمihc_Z(::jJpGYպаxW`hn~iO(2AX1F-bx*``vȎmǛbu igp峧8_>aUǐcL,͚KAKaKTyot4[#'nMTYbki #fm.|Ҹُ_l_)VqZ]o=J<kW.ȅ<6[esz82+S`psy*W+;}xƞ*D M91brpeIKY'()ܸ ɑ2XϏ`xKpA vM-LQx jvHtvke!* Z/m4$5hsSRLXB?GU+:%"(cS ܎Pi0 YlCe{ĵCҵw|Xf`ÞŰg 7QnM1"$no:GG!Vhg`b$ͩ&^j8̊Vf~t9%-9{~)iwWGpoUAKe!\Gr1͵jUXFx.m@`ͪw;bƴ9Ѱvsx)(Q/AX{+ >BBx}aw+4hEHWhP_(d \N#]MV" 1k.;$~(|^y%-QLQ/v !s&y}*8d;,Z8|u4I`k(&g]?AÚxKjhuAz-(dX46\*aſ R$&ʿ#G,ZyuVSo"dWNZDq~ v8X`w * ozޱtm %pѳb%_1*cog7{. Ma8dƮ,uvik=IKK_TmnmSb]ATnZhQ\8,/|]:J+^K m Z!LVݖr5zzl!NUKj+&z5?0 )vK:$<)Q? 9ێ0n[ Oe|%5"ydMxC[LQ8Κ(r̶]⯼U]j^ַvE1>; 0>M4I ./kP{ ) ;?h\FoZ1ߖ0w@;nVrLQjwy+ 3/ʍ"@663N {}(mbUbX)(4Wb*($ blo}%;^EI:>mЉ{|6{/<'ܶ*EXJ. OEb޳ PV:/BhO&Ԭ]Rʊu?ߦ1)Fܳ!9[ˊ]Ui#-Q`=[IOf\kF)<7GO$yݥa@jDm/TH]`hꥈ)Tedgi,vO4xVuM|7ʮJ+Ёlq™),UzF;K .RQv >e: |Yj![*SP>P\G\Fϩr} đlH;U=15aNeAT[ *Z2^ǟDVg:|m- W5+byIJ0D\o#[`8ߴmv#=U|UDҖO7Gg}eezeInjW?UT+@퐅~l;tDKZfm!+i bk疯V]7Ĥ(@5|"(/3=EfeW3Qudc \lqgx?/+J-D>k±׋mLH_lk- R:v(2ItItSFOkQ20˪iuw얇xU~#_/̔}G\-l:D#@|*;ъ%Z:Yh&@ $,f5[jθ€HjQ/oh4J>=qb H`Z`ƨz?+"ׂx!͌6;)vQ[)kjBR/jRvY\~lk&r=א M?Cw"O89ڠ^HC]Úfgo۪G H5Ӊ`k }dIX9hB4SjGʹtx .MV78&Wnu @b+*YEjh B4i .<;fxosDHg7LSMϰ阗w~X7;ם$;ĸk$)#E-/xB6~ըedAqC~u.aO-ȴ Aϸ2ݭ C-= ZD8[ Y!rTD$-L1#}Nd6->&kl~Qv#2&GDZ`1$OBA7^AvQY^?{J/$9hjXAؤQ3|օ?d?f=sS~8&E% GN.COYa-JСV̹| X_~a/Tz>%f P?h3@EXOvM8jM\U(S8а1%i+ds3 kFd1 xZp%>.`9 ,Eʳ)yd^:R-!þSR#mKD2A#i$\5'>/DDEܙI@{2+H&7KSƛu>\qkxF]/{s`>҂DMuVΖIъ h*Is"7N׽p)s7HŊ,:n xDD=Tωf#SNjJoEg~#%}fo0tg󪧝?>8u(`0z4 hk>K%עΌuߝ(Xx[>/JvyDsIGu2 29j ^6~*! B]7a &N*T/xtĖT3K:cC<6S5%C#s'ƳPɕnHY?VԀl'By;=TʀEJW %㟾.&Hz;!ԟ\f)GWOλޠ3syv-E:jT{gK,lTSQ+X`eŵ|"6M&o[족f!\@q0e.4p5$yxvzjjTN%)[0SS+$TE 'EFUK">oљnDJRIIGB۲]aGn^1,ݡC۳8`%)`X-hͭop.om+,1iJ9)yxKʓ$qUeuUjhjpS<qFPf+%sJ)Ɠd郂~1OtۦOMcEFHﭔK_d)2h];tm4V6 6>J2t{44oۭ< IZx'"Ȯ["PV7ax=0ZVx3{^Ndlϟq3R6d ] + G&*0˷;{З*F#A/3LD:V!:]ek-P}2 @pt%0{D\n"МTB+J.]|8قD8W|Y.ra͊^r"\i(- oE8E`1>]_'+'-_OwɞO =vo.GYW%ZVXCZ#R5o qΩ4 : FX;Q+וyߛ?f:3z C-q.eFcV",Y ̱,l\N᷅k zk/ `l9c5fgo0 8iLv˦+]`\XL0 GenXeMjP}o <}̶#;7YÀ (曜d+{g;~HUNQى|Lj,eI\@$I">gNClN ۭt?D,5@M9[\3w3:jiC'3Ja'E帘S.vEC1:"`mfMloֳ!WkN&t Ez{dvds+N08ԍٕږ'RBU /%bϛn}oY3+u!ez~_58Qµy 9g-*-3o9k1F}gT:^d0b+/2E_ELLCxש|s}}Us!4t1{쾗e# EI cDXCdG<"voR]He\mSntҷ@Z< 6@>]Y_hiS(̊1j 5ESP[oӳYq7T`yJC#`EFƛ2uZ9Ƿhw#/J gKg%gDne[$Xm=U&T(`z+t!n^冎6<eP՘޺~THD?OlB,j_ek#ؿ:霮C]y!K~FQ{SW !?^CT'4= K//d$]#]IWGڨ >ٓ,ZAR(;T p;qVIT8xɺN]52@%y!9cӷg;>0tGz>P%O3??٢Ɨi?a\A)SAt?]*ۿcJU }33:o y @pSh鞙q9B79ԁL&W3Aǰx9!to94Ы;_`_9Ь  Qy@2K_ lj­FHɫMx-ؔW !o*= 'v5185Cj{ /x)I#a!Lo(6Ki$y-z7}b^`$ǧ|Y̜3{ ֿSfM_ӺJ"ә-haȹ{PyE7 y_S DU{Xݕ7sDܔà Yd˅9sjyr28f ɇ`!Ð"O2Eoѝ uewjwy7m66v҈ٿCvqi )"P#f]Y:tML d2űuqr'qР'< ]U'd[Tsz1!.!eӛs_|ӹQpYL6+C:,3Q(`S 0"dRL?i=v'1F魄4zRhq#aPvhI8*| HPa v~?N1/a`5M+@ CJcF'r{0@Pcw+a'p/a UptWE$ א/k.Ѱoo&G䑂x3gNnDf"k4#^|`T9Z&Q˰ S Wŕ|Y$my 9f W4 *Xs,Ϊ%GB3[)s<@ PA7u~I<-DQ\d@#qNBqxáA4-x HudHDzԜ7gl}Kt/ a;gHB1+# / !¨zmͭf4ќ xfճp^g^xxLYәv 2=ؘSB _z,(+xx;U1{i@NO?pv,?WEAG>iznh=i,bT, rW+^ykLj$|hŤ9p3wNF W #~D%fI(+P74%HDC/s', 5Wg\8Z' B cH L/ k r֏>h wqlվB}e:+6𷕇l˘!Z ǯ' ~tث7Kcn¢}2C>%`int,Mt]pIQAs2l-1cu3T;>,'~.z`Td7VP}9VSK1J s,֣f{͡SEՖ=D[̴y}dl䈝 ,2P#AHWHv5OUC)4] W hAY+hF㦶W gu *& cT -*Q'YoȪaqL`SC1i .Lu8~ G@\Ov"Gսb-P+.VTLZqm\J)akS 1idP?š-EmGYbe;L~q~:˺">oEq~\\X8iN^3gZK7KC 4Q(6L{e;#Ԙg}~ dUbӭZ|{ (3 1m 9vuJx#,[ ֐髲L>smsуffAwnf{/;.^RϢ]u2AcgJ;?aU@/;a2lNRG>\_Y/ЌJuREx-wFȍX:2?SUBT'qsàweknrAMdO֔,*a.(cfӌN뿍(#{d̆g-/-RZUz * 7o>hz l*Ë*jwH:CjqI7D܀j2"eq0kRL=3dKGѤ:#\tpDfXX>Y_9Qv=)6N6֠$NSx!KoĊ4=?8碟׹6)MgIı^z+ോ'æmQl=+Y 7О`{,PJQ^"@ko旡럄u\N,v0S^&:=VȐv}_g,p(sMP{ 6blg. )C~ A!Η6Y1:C?AFֳxL?[+Z.m κe2yt.siMtmhu\ӺoaZHǢ,469@(=)!)C؀e*o*bglhGWOeQ?M̂Ĺ5îg|+c/TkmF'磼@$iZA&39+^-̍`CQDRXZp+XI GxlV&Ghqmn%Hj줒YZbCf*:ʋݙm)Ԭd8|8!k(]OVj#ۮ*lNnWS?Vy"{ T.,TROVs|)5d~#6NGۛl}kuU>)kAc8k<";i]η3]}f:MOnXҦ9ʬr2:/@@n W(B-Y D\Ar~\4Rx@G|ěrzkk-+snCɼ0~qM.`VO %)Y!5ӃTP©FpOt Bv0qAC(\Q<4&z$,iRȍu#M>.8@+e!% ߿OwȦ//[=SG̸N5cl?푦cw3-L܍%v{[߳+mJBZjf8cj.T;]Ta^pTO_vRSJ|W7 jnm0T@1k鮵 Wv^ -#|1wY{Gq!'˰ *{HQdL/x^uߢmLuغ˜FNUulq%f:%[F@B[ 9isgCmy=.v=_;\}%БP)x1t榵,.)=]0@ dQRSlڱasdև:up˼ 5?XM9xY8.Ek gbpK˶_Qν3:0ʹ*>t&jr>|VzfdDuR;nR>`m_r;sGB0sGyWEФπUsy5yMk)9hW$r`8/m=9`JYIz4sʚE (o-b{m-q>me tg^ዔx=9kl'SMç"Kju`qt2XAImQ+xOEC/L?l/zʤ}L}Md=,7 L#}%yS|dy fTZ&eV~HFJD1\%0=C!#Ly65ʰ%}gǡ7ēF3Eo2<:u [޽=&7ȋ{VD1 ͓f&Uݻ}݅Rֽv\O6>@L0asc{cC`0n<⳦hKﰰ;"`r-'ʩF'/yC^o$Cx PK9:[0wE^i|Y]x]`W<Ƿ6@,QR%IfqLS/d 1Ir3;Z̢s>e(hxf5{AHHٰ1 h O?I/FQUxu6wy1 dh&Na@Cc2?=x?'4MY` k Pkճn"fG4|qh{ {{pf-Z3- FVHA47SKqBh1dHm*Uׯ+ތI5oWȴ-ŠUấoJ̝D. `J2XvءS#D|Nը t`=~0АaI0ԥ~3_GR5aQl'.vq1KdV5Ye lM R/]|NIyC2H0 ?H5\뀖^Q\M߄iQ~07ɯu:'5]fM Hd\Ij (x~V)|<Mmwnmc?3c|CKHɯF}3ߘحI%]HJ%& gÆY;86?FA29+ "Q?L[hf. 6sĉVπ&~' i,9|5[61FH1Ҙ1G)sݧ<BۀS+j.Y a ]?DiNSOwKAsʰU?91/Q\ճw+ellS^}O2vٿm FҜ3c5򑇗VtaC!TlH;6l6/ !^s5FҘHRMD'ԡQlSk7e\0!@y PR"EW/H=e!]K]?0ހǤ\EaHT;јd1Ae!tl}bu> n A;ilxmPP{TRكLn2uJhFC;R.}DREo}U*/4 Q|1X) c r`jI3<WH3Pz0GTg"~m6.o0KY"e=|Paw=gK]qԬgxnk0Q[5sea KP!/c1irY\!t ͊g\5$C583 r`ɀba'3>/bd:-}^xI tttQ_K+%k}:WVrZYpk+~lQjA2Wy¡q6̲CR߂`Y~RKCIӎpy MqNiYW]ܼy[i78 ;$J[5 !P=1ZTF\6Y;<%6Qߊl nE"ult&gDt8LOö{dC`Jtcd]ٳbx1􉲋J9 ێe F}1-Xz[8A1+zk)% cMN:Rؽ`UE4qt J+C_ٖzUp=[-c |nv]??0@kXn_iy2`_߿>\DbO_Ka{DmrQ@i Vfo;JTvf\/549.T].놓ۗ ፾zpjR+>Ж]K6䱼Xp$`k5E<[N^HO8w)&~WqA-TGkNHN;8FS_O&igꚓG7r!n߁ 3F{tL2eo9!ern_0Z޾ڹE]M2ͯ7qL{y. Оa.Br/,?۔֎*;@аѐ\tj*S4wf5.\I+|z^IobhUܜ.kIǑ:hzNٚԉrpDbyesↈyQ윹J171\o Z!H!{m ~R \/.8/Z b&J("G.NV2Ę73SGQ ]%^ J)5m6Z/{"D}7S#tMOFb=ʒ#pt>Y^YÔ7Dd! :T`xl>Wdh%Y1,#4s_xll__4A8;b+]R-GԸ//Yׄ~spb\D{U}1}ݔ kK k"`Ps0FrNc`,k$dCc}oKQPbOWk6=k{t;*=DtlJV˜~O(3=9 C+9+qԈv;2KB# # 7^Hb2ٕ0a@cSX也n%."vU./ jTsL/%=(JnW#Ù"qvA &P8xU:Je=/9ix$Jy4xjoHSQpiYu?b4-ˉp8!AUH6AlUP5`2]Å wӸcFa uGg1Ƃ o>a*Brf]jXF;(N~deMpbְȩG].Ҁj+V} h4f[cW2Ec al*<hFf{b8-lXWs?ʂp=+j^AN9X>taps bBKK#"l;GaB6ǂU,MWcSguCK#y̮U:֥./K[q`Ղy@F-7 5ޜw˲Yڸ4X.ݤJ_>ˉS+& .z{y^'6ZYӋq*ܝ۝iމQtX lnym(pc0u)B,hl5VEkr xqD˕^JX~F17k)f2jOB >b1i "G%,\2W!x3ķcGY A?H_|e?VܧtF<.v0R{P#b|T'>U܄6}]$ |5BX@@r4M!4_J Q>­%7z9ָpC}s>Et="}WCH5F@0w)%'~SAH,Z?4[›RNARu)EvԂ'"]ğ${sPW$goc.F鸎bQтm0Da2F*(&ugj!`Щ<1M뫇'n{,΋i9 U_&Bd&p[0\?n0lИ>Q\aF[6qDVntND?Ob6R͗8y~,K&(s|;~Wl)iA 1 HR{41^ ˹Ư#OcE 62 i*Sr6˲ t#+\$n+%Y gsKm<,ĺqKtNy:qf9}kbD@ hgxPe|#JN3+AG>Ky0=G8B vңO  Ii%\}帰* *xBq%|.t*T @-_+1r ֢M@ ?\|طf2zKΗugW!w >E-?y?:=&BƑK$;e9 p?ݘ#GK&Oc4 SO T;||'<7io,no܂?ZfrK"\aVTt,5*@O\)Ky:J@{RsowF7y|XCt&P\"n[5\TQdorh6򊵜"W6]Ye^]RY8xy@$~CڱcFs|:Ϫ,9j-ۆOѹ xYS%w(۬rBJkr18X0xE{e5ꄧk0,3y$\ <3}h T}eyx1L^S/}ՀezLAE&2J;hebZ7_ʃWbPB[]6 NӚ`Ripa(PO hnV %E\Φu^˰Ӵ@mn)TE7[K}|=fX]x660HXm+X )BUq['f-doku1^wQcbA{`.VȾk0Fd!]x᲻IRfuH:jD4:Q*xݘL#r|o]e\̣< '|H/Zf7YbQslk{@^|H%S! /jJ[>Yyr8Učcpu~.~L &в\.ƐZ t/Mu-8E1(Uus˛eo!3j-L>4厭k KW;Q}{hLW+ٜA3g65[A y?[;r.*pF%a*f ~uEK+pY8-$7b: %-Z-oLT^~L!uj`}Y^iKQy^5EAR+#KNOǶ-2J9l}=HA4/\ VV5|!4P5FDˡJ(,&"JS~x~J1Woәi|Mi,lzZDDYٻZ%J# X~݆>4S\ e ucCGr 98=ف=c nK\QɆM{iu`W0mЦJ#UwH0G$b'>2!B08mU33)oI1]PG>DgGEJK_+Գnw|@MAzO0t߅Azg`""|!]$fa;BӊwM() 5<54L(U.4ClhVR( *_KeL9Y=6닷I>R%r]qFD/<~%ğ΢l94y\ R*|t!ٍ]ZS%lay@,`;6zx1 {l{0#D}6?.c"/GEitO!YVd&-@1WV*U2j1`ArCoKr^^ŸWI r(АXɔq?`zX-H"Sخo2&jcePfj] ߍ!ez}7xr@Ej'rhjig s}XzP/ 3Ry3 п._,H]#w&.ܪ*b*t߁֤wاX"XNk ~HMR7w/`U[DLQ2=m)Be$?2 ES2#*17)Cw*tG-"eZ fGX y=5NdGs%ANݍ X^/dA)T" /KBGyۡEc,u%/֝SLL̈́C٣+~B=ViH!&D Lx 1_/+t`#޸ <)F4Tü(}iL0i(SPdYQ[kY@JȊC<&  u0@>'sMͶ3#seRsP .VgʙPoů0_p~T7Wq9ffA x `ΌW܆x&(n~*2Wâ ^H=y4f`|=iA,8iWs&LՍUVF>혶]gevti]B3tL6ϐ'B#53a#OQPtX=Kl@2 쩑G,Vw9>ns3^sK7(NH]SavV ll-Zz%[p`ڝZU zlBM(^JK,D4!MB5'T\TD<ີN- |xFgh}›U@ |,tm[q0/;9Qv1^qn:<{Q]>@.vC}At'ZT<(e<Ia[Ol v7 ECG3D\b7K%lTW ]=Mі/9p[XS7 i7wX Wkjn&9_{9^&qacC;3Nr.OxQT@'zAboUByn1M'[S^k`,A'k$`1 .,_..ӌOq;߿>]_ױTk^,jH>Ff GK?Eˑ2vxI,SiXP7&GX! *i26?Ymqr%Ŝ6oa1n]~з$D.*\Uj5TZ E97R*Kv&w7jhduG}K I}d}ܨGH5NnyҬ`& E)x!Dy yPKXN!}ʻBj0LFw?rW5u)-5K;X'.$zhׯسT^ E’r#+'ΌUrD|5R`/EK _>uT 4%#-=4`h }B4"!0SG 䘷LBO-^Mpy|:, T;-`Iħe&s`8[0:)JK X2슐4=QьWŖ!ct43MN=H5.Pd3lOsv"(C֌Sg{x/f:FGf.C}٪ MV#bP$l~xoɱH[ؤbv2b pj@ {3ti;,$x2)״+R%>܈&9>ڴtkhbl =( %,_/;Fd^9Ur]ա2 ]eG*AmhhM2\Ɲ` )Mcm(vEW8YtySA[xO2A([S}݊ @%@Ѭ4S5U__‰DF Ϳm\a[- FwW?ceO $Ce2}Ow=Ql,$yW3ERm^1X1qP`P OL2߫k"#ͱwF(R .jsi$9h~ dsw: wm:TFqqY-osWټDa'2X"qb֐׌Y"o]ee#SF:o0Ƿhf3ش{xT_Kiu*Zy 3>|@rpq<9jJN%P/x8kmhd߬nokZ&: F4U —%/)r"ߌ8 }0ɤKL<%>&VAo,[(<ˢAG.Wl'ۄf%@0 +,NˢCRZ-A0!WwX$bt:I= bS`EZZX1>y3>5(.ԞR6 4p<Е47]҃U@` 8X,=@e0s,*9d+rTbL" Th;ʹpx+vð,FW."jɎq]Y"o{,4@=Xh+*y^E~]q&eJɅAΪ/e찛rYRS]9I0v [AրvNGcʚ]LL3gPr^bťm)JDk+puwRD/_q5Y=8DEeBi35tGGwH_'ULM} AҫVN TRSЎwB7` +q"Oh+4kLDhN<3&ulp!90m~i$' +eI,"&[; eCvI[5ʅRh 7/=E]8k[zbIoPKy."̧cq@sZWc (a1vm9<' OZ5tNb*ֹ(!t+{:Fo--1.J;ӟ.UpEЉD '?Z 6:8"W.TigH.,ޫt(W^l|W<ޣfN}xx`=-gN^r ItkEs y) D'].4h"a'zq?800svi_]^uec=Aӄ=iox/A#Qy^VjDYiz@ᒗVVL+Պ:頎ɪfbnQBFK  C|}pӤz_TMkhv^6ʷ4=w,ugs9U@@ClZfi\@uۦ+{!ℹ L؎2G8빢[cu6ʔի0ӟ=TkBʼn|櫑3†R_`*垌Ѵ=FEV6hp6VG[/Q~=䐽2W,^8cॼT¾¶gg3py<ŕ׎Qb[ͮcFl 0s6w&8(7٥ҍ)U)̧)u0'.~JeJHK?~2 EG 5 SNTFa]S$ {u=x4͗*E[hc(VȦfA(o,wu/gXSP@n0tiX\8$PB3=3RͽMݒAg-PSc&~XӹxQGkwv$URn+4owi m^ pJ&@\:#l<[ib6tjuUт'h]X0m_Κfw>ܓ4GD9bVC(tklvhwM9,+֦wjj0sTZk-PR4zYEA 69)f /jEy1N*õmΑt8f؝&ZͶle8]MCI_yNxg,eS@w8;4|Qk& ]Ppw|%F08CJrY*x$Hٹ적.`+ 1C]UnȬ ƴL ~LZ^ϔ|"r ukF]$\. n^Zl"O!i+:;YqV)J4wlV2珆nQ9\ik N ǡ7ZHee^Xߐٶ/ΣKϋoTk .Vqr,垣{@ {] jnMZv: |)wMnۿ(F72UŏlUHOAhv;H[@Qq֋ov?|.qo}{F仼-б^GD!YĢbc&5x3{j/ ?MPw2,=;ɯ܊tI&BEL5OOr>rK 4\LOV'᳢,5:YMBcg[Pq_ EkuZ5ߟMTgњ6i.x+alߓ0vI#Dn#TɁ2B.pI'<x?aY۠GCPCgfClaa[2OacF}zH>XˮU>|t.ܞx v@ ;e,85ě%Ύ_~- pc;x-j8}н;{Ftw{Wl.Vnf}ƞpj<}o}{Έa캚G  A2d7$qx (]b2s˿);_`5d ocDt2V9ύ3MUBk"%}Z&Ƅ_V.q>j,iyY]븲j3Ǩ?}JqwQok8ɈpxpuⱰf]p_#$pF]8=:u[8N Cðfș<;]snX/P9%D׻߅o>)g! @;PexKU%vz߭͆jzṁmFR#0^EpCbJM̚5"5Jr즋Lf)иW/Ohw 3;8 VX.-E,-h2(n;9 tބT 0R3#9gnAG"buX6wBqng[5Aۑqy2.Xub^F3MBeX:J}Kn[]k)D?Guh@A˶{r ok6q+ak|ݙ$B3?PS$ZyK3pmJI-V=%%u_z$,&&`[lBN4,e SH*[}z@}y ZF_/?r>\]ɱNQ*^Ҝ8wrx5X  f_"lD+̋6>& JOKl#O,JHP') wyͣ mtQ CZ2N^u@UR2yr'[t]U/#ep@Ki!f=vAzTӵaKԠK;b f-0 $>m$뺂^{q/0}+}XENܔud5X=OuU%C3 \CZ{UlBn$uRHRP/HȞ$댐zqڅN[m ,KoaQK(Q!59_ LWԃd_ KJ;8fp獉pYk Q+*QqEo,;\Wt5sٟJeƞ5jh)b.IJUL:Mi:&?sK)#_ ލu r׳i_B^!V i:C uW%j꒾ -iJ$n䕅 ]SxwcHzIJP ș)?̤X)B܁`"Ub6G'J.z|MԳH<᯹21[v]}jI!r2v26un'!]"a.n$ʥO8Eˏd)a-▰:Ӵ[-peT,mg^!!cl1 Dhcp1Jg+y>ߔPK4Xz3?-/-"2xJ}ċ->Me-zZCOPNjJP2(ZPmHz2O%"G ޼8r(/5U+d]q'z'FϔS[X8`2Y^SStcL w4t3M52 {mW!:Ht/ybNkǣ5G>Ęd,m ث7Tt-uLӞa*"x]s?FBt` 47qo 4ǿȍÇ-QV<h4J%P+vbe 7>ˤ{ڑso Bs\tRE_YEсt {謝vNAvp;Ro;#Pzb J%Set+Ҭ-T DwWRBΞ"ZW7ߙy7jrC^6I8LyA72OoU`ш4ճO`EK dRgʒ^&lG<=_g,<ה(JV*MwA|UKcoү o`MMe|Y/C0Ăވ#>,S*c_G,03& 6wl٥ҤNKobpFtmzoa8R2>3l V^ZPwtϬ GHl~5SG)4=i@ҳ(%:W.LV32 z`Rƻ⍿94Nwo0 b,JS) MvF掘kZ)= -,;d3_Ԯ ',Ϣ;8seK@{w1è7r8Ckd9_mxIjiq}2jǍ.k14 jrq 0.=[!D3WҗX5{>Irmc{ף^[G󜰄?aPYt %"Ee.Q v23 Hq^MMvk{oн}%PX벥 :hA-#ǭcX.VcQ)=繌cS'W}lX!Eoekׅ|vIie^WBEt)^mx|,51|dfc5tq,J_ Pػ7lT9pq Y-߄bK Glp}*0ȝ <Rlb }'>%`͖9Yv6ӪdwEogA0)4t(x|H)7Kא`zx+ VdHɝkTej?(|xoj l[28Z/ U(q@ sZJ,#/3L.-@pj;7}Jm-ۿnQcЀVU{wᆆc/ʼnMֱL`Ofʿ˓^]  ed~̯(b#I.WFMxw7o^~ÇJWс-}bA:[3`v!~_ٵψ)Zs#dcf[2dr^j-bwrB [K0d˕ )G'>bȘJկ&qҳWiM]@ ` 7F5 JZ~JOuVq L! v>j ]\X/Oܻ{,Pc3+wQ0H.='AƮ;3Hw:7XAEUӄMin"g{_df/9l4MZZ>%UH(MV4>K6#'4VBI]W @ m!8|gT~*3#}mjy`M_u,0H7=HtU2&TBo %?Pa:@ۋyh]6\=1>,/sL^F߿Po(_N;>.,$4P)y/a1rbX1hSQPOǴڲt.^mU8x vW|$҅Me$ĸӳk23XT@p]hAȵ#Lw$V}: Q4: __SdrE*N==!«78Ա?Fɋ}בv(8MTpe:E_L;hy8QFߋQ6+Ôڻ)>h@TGX^ ȄH)WwpCׯȟ3B"g)2p3$;mvOt2 ]'̏9=k⓫:՞PWXqV{RI3m0K;߁hrOQEKό{pB%3~mg nԃ<̣tE9'šNmVA(26%2ER].Upxއ%o=xq0f*^P|v #||uSH+<թpV1BO:­ 1Jޯӊnf7 3[o]i@1S*U&mj10zAKNТ->S7mco=(gͰ~V zRy_of^4hؠS`+?,Dy|k{7=nJ<^XQ7 x\'"p$V_4,{ٮ[qHJL3տX79\v&/CUHJedv۴US&]8.Vj'f'wNnr*v\W? 6oT f=pzH(dxY K&T&r)G}+,CcY+ݠq{ŪGFq[z?^_qZhqNpV!xξ@},6O)OQOn[ cC dz|[ KX]^8?hnq!Zq'4ӱ,0BYypª,;U{QX*/m]lXr/ .r :4ҋpem"JtO@6$JѲKLi߲F)_o^?}@l1*B阉Yg!L b[od-r9dD-呑RA+uIY ^lMY ܈KgQ5r&S%w[& 6X[+H(CF?M}LEp5cSRb&Bn E%h_o;]'冥ݙj=}"੧^ۢӒAZ5E"dDZ=25@*N>l4Ĩ_'FgA5~948IZ7V}5,Y*UTӫQxL [FHC:Mr{ٵf7Ş$ n)ޗr7H P~Hv"}YH޽o-fPƆQn,)'H0!;ɏo| `ЄOլ;xhUlbW+]پCrut"J㰃Spg]lg &6M I٧ד5B?u$\W("/7vBӿ(l !){Wdi{;$ >b)5LAF/=?Չ0eU@fx-En >kKl1p4/-˴~7~/W1&.qB*,G+1нSn*Lv7Z6ؼPiS]LY?NiP&~Xe8.}'Qݗڅ@+W2hi*) '(cn}qK̄ աʐ9Id|k2'oH:p\TB/B[Kpu(p$i5( YB7/C1Xe3S5闳VN>7mpϫ,mBlq>\_N{F[n?<7eiډC[XLv.iIo9`ǧ1d$Y6Y"#HWǺ1G RXg5+LXB̵rRD#z`XgLKz}LѶh,9)T`ϕjzWeT)lg-5 \Ywbe { nV ʮLO'9/L;v6HRce*+̻j )4}cU!83T@^~}qj+F|+#C@5gt'Zݷֈp7%2iZ+zRTZtG2Q;!qpg(3FU&+SrWV6;K_sV!/*%K{G.E v\l Jɫb̷03֚f+ +v"q^gΚi:.'`&(& xޗprZ!wPg '}ha.\! 0/H\x$tиu %]E Mχ[D2ٔ?K.2GNcIc.Sh]-? z`X\d[ׁ2ɝt K1N:Q:fM_qȍjn鬣DE@W[Q 6yumqJ ?2-&Sh='%7t;2sBdgU1BNy]RliR/1_9  bA#8BuL᭷Seb#h8W2Lzݘےg1鹵Ȭy=UߪMEy0f?ۣM {k8ĕUG9h'FU"E }:n0G 4."%⛗:P{>r5Ԇ_xa|`)ZuF2ē]^y}UTCYN/ܷ@޸Xg߲V%z)]ypPB+@6H (N0Mffِ(a[f/q[C03s4'~QpUqc۳t">]L'>Q &ieob 7q@c!2`w7_.b ؃2l}t8H= (Xx}.M5뺍 d5YXCxj`8%. 'il;)u#m1RБR96m'ݪ݊s4nDExw^Hܛo!V;ϪtNQs(ꙈԻ#,r1JӦ51TV Sδ˗" _)>F0y^D׬6"-{LY'кqKd nY\yb>2N1݇b ! 8?A#|t4GCX4oe{=xG"2 ^%qƸG& ]H筭XK {iaܥ4Sc\T%M+ܧ#Isk@" UU;/mTXiLLmSP[pD=CXTx2g!`G^^G7я(IN{$8Tu;<㺣'U'tmjƘ@^K3<.VЅ$ct1kUY^2 gnʲeԈ^1=Ex쯘:/pSYudBq6skSd`5x}RX=-e g略_s@h.MQ*o~Qפּ8cq'τ,f$Cm"v>x2XI XZ$?tVqaʠMxbMTfOzǾ^#ӉO 3tdBqG1CqCB,9s k@mJ/L?a4Z >AC ,gd2;|;#;-HڟW?EhopfʽM5RwyޓNbʨM2e ć1cn 48C:S5C?lЀOiY8FDD90Ω?Ol]@2-%Ni\k ΟY,tdua|.iu >dO]Y2 QǛ府@3j%cMFLFʩ2Ly;MTNb*_RkEa yJOl˜-R6u~t۳WȻ4 ^C58 N % l&kĢ@K$0@옝`:Rk)tܬ;i!+#W^/`JLZwK1aNPֺ& ߢ%rz/B0f] ~"Sղ@9ď `b˵4dj((?g> K..i/5PҔ2deu˄vy QBJqgSG d;}v2 M'uN6Dsc|\=1䱄V )*[D$V>a}FUC& 9έU <ڡ!U3$$I(O h*2NF@ߘ:jlw.di8 :a<<,G !R!#B&6āsX>?E]b Ř& BEk$2#ET_킺]d(2\nQDkQ;8 $F,BSJX 4ڛ="$@ H !t۹c."'0Aڝx3xAYiGrš2eO-Lē'6U$%YA,J2[!'aIMw4Ѭt !t)]nG~FxzBz5<QU - Nz)Y by[suT>B&>ضo:3PϠRak>}sIAx9y! 709P:T_K男SϮDW.r+B"VWow dBuI)>zBVmLݣDnZ!ß ?Գ~<#G)5-YBs7CBm(0tf/YN#R߬,EԎecqr]B7yKrH|hH +2]$u U_O=cSz(ӿp6wiLykȟh{a?b35 KxHCfuuʝ]*7tThSب+n+O|۰d|W`IwpCMv~ :`M.7I$^>iJJ#S ? IC%h*X\ſf9D`]T#\[WŹ*=[LeA)PxO:+BTd3]:攕E;|C>W*Uv+`hgCP yG8qLcgԓ7DfE+fBD=~X5| #3]qjpMT`B̄/ۻsUN "}KTr^ă(E{#ET &;&zGK8A"Pr<_,wXJ͓P yeXG<;'n$8IRNc׼91ٺ'*!mq>@KM --1ն% V̀4&( 7RCrb.K+pJݡG'ٵ(¸?3/k"`f|Sq:t8S\趻a[^<ȋB'+Y͚HKv f :#|U#@QmQ&:9>p1[1W*cf?)8,g2-BP;(y9 fq^Zs]"g`Z)`eV =6Xv^UŇBղX,:ziq| No2[н =U=3a3M}ʷI-ܛ֒lʤʓ1@=ױ 4?FG|JYAL,\T[*ی 1J``B>LJ> U3Zqb6Ιn`FbV,dD3A:Pac]HlxYHXK홓ޢueAS쮉?&$(]|?)Df+ €dtH|뫄Apz -bts޻4H~T7.ӷH?bK\ Jrm;DmcWچݙSk\ N=ǗYpoӨ!2 k]8 ~+K!f~`1vل·b$EMcR{QL[*=^dw!$hqƦ) c5eTWCJR/>Il">߿lgO(Vp^8Jس9]=7VJt9B f?(u_!tֆ+{<Ђ dTBIo'#)-3qB:Dկ <ϰ4J_E _ +(XXYvIiъ:_.F4T2kMܸIJD7p1,Ďwi|AӫTZi C [ HBʆ4 Ďbz|0P xB{W=#Zwp%ϾXFGRMO*ݫ#\G =yP MPEmȀ'찱P|˿b3s@MZ@cu6׫%6o xk`c'Rqm7`a5Nc6Ư qN;7f;)9#|<c\^ L>eţ=9Ɵ콺WȞAw0ն8M?ItL`hh^;Ua3Ju.-cMl( 57kD)BE _#:㉾PNjz[O?fDBߞfʫڅ½acC5<gn9Jb8 E] Jn!5b6A(<]G?ѢmFiCYwYX0' * -&Ͼ"9o}M#"ijo ojڷ~!Pꅡ!ؖ q套snm/Z^ҶI^EJgp )U"wKqS- W]T1j,\. oSo2wuzHH~X2xq?Fwj M?SQɌ͊kTYx->'޻,CͿ=%BB(0-bcHmS8t'U5YɻRw]yc1c߬l>I`&=RT*h.hBɟQ!XGJHh3 lԝD HK9sl{Lz yѶ^A<[A@JP1JIsWxIf!]os^eP4]5Q= *_dCAt-".hGkJQ\T-֗ɞMk(9r095PXt=u4,FHC`u "K´B634)|OK" cT0b %Bd6n\b9%Lӵ6ÇϼuJfačP]? Fzu[$JlXLV&+j4ApGeM+{:DNx 02LgzJ;f6$^Ի! Xs=+ c/GOoGRXuoj&5@BohRkxj~եCh@fJ2ݚ̈́]R_hx{g x"aq94BPY-ʩf.aI}湖ZÌY_ȷZ+HB O*lerD,~R%; 3us%>B=?CEP°ȱK:,4܂7,R6k <7R/JSdm0T j!Uo DSh, r 2^Cӏ3=ק`%b?gd>`~ዂɹ︴~)r7 ʠb?Q~V^z?W9Y.b-*rsКCY$8C( O|^q,T d i mRc$rJYtV*Ø`PM(@l.y1=vCsNkϚ"p N!B+bk~&\*n7"/(gBm5wEiſ;mp<^TNې{ %jmVd.#J?<[Jj([Yqñ"#Pa$e[Am05[@tټ8;9ޏ<[c or} [ x:T;pXѩP14,^`wԀԲ%j{R%̉NmGYx9UA+114Ͱt ~x(QYE1x˧-n?N<͊ykmL^fC>tzb}K^ya(favbp=heiH0s5,aI!XFMpz)1=Xv爐$vv;*e2fI/eÆVTojGTny+μɯSTkEN\qtQ)ARnǟ>ۺpd^ \4IN?gp/x۩*N b>":{i 3a=:zh^IYCXW1&Wxs:_D-ug`Y5lNCN[_*\GR zXZr;u?³o}Kr/o-kXe&a+:v/`8ɰq*2M5~O`J:|!*<~A"˸N+iCg l{'ƀma;o!T*jYfs tE!CF*^zPm cNvKf I<8kzS<{:@ԣE|\x|Z+"d+F=[25nVOk<2\wrEj3U"g/,)یoETg48Ӆ>3ooR+_\ V3Q "Z_ 3B1=&$31Cӊ12eҗ;wovxzR{߉7όn'PLwdLm`#%:" xu &(U$Ֆ`-yk լоb?drP`9h7yN hXM禪̆o=@1 ukp㏉GT|yaUc i@SMm/H[k`fP1ݠDVB0]#mn_GBG+v!CCecep W[Ӆ%|E覽SUq“t\[֯mO`$oI\ Kۡ ~a,* j}n֋x:ˉ(bl(9??$!#c2a{Ϲ9[dnL*,K246RCۘ4SYBI>C- j#uvMj %Hoĺ޻yw "v[Fğ)>ʇpݾ4%}ǥ)9U:Js(ԯkx6m>Ou!( [>l5;؁ #K/+(vh ;bo_ᮞyV;gdsC ͌R{ϰyU"^9MHX7^ )v0 ˇ]taGƫxXsꀪ,U/LX3P"W)!?4=e5m }SEH .='cMT?/Q&S'\Qm%U,Tjz$ `- &Źulo B"Ĉo ;C)ב(R)?0aMc^FǸ?K:JE_T]a5ka籽lCE\؈IŇקU }ɒ8 U,E$'(ytQP.y LF~%G Gynp]xR9au 7koBh5|i"2D|ng龜0C{*v a]Np ;E*?Q:cM!.XvĒ1/W֧II\"xu[~=Z~'Z}'vs?R-M)J @ NBh! fl`賄]ƅo |9腚 "]ma(+nLnjJ,U+eگtς?1`M$ .|O61#%&w қ3Zܰbלv0[dQ"XvKekӥՂχE5p%Ky6K`믕`7ե =_8sFJSk`.4_ &ǖ/{ 9֭T018$[967/f ܺTGee+xk/ۋ/$m ekOvy>yƓæ.6P$5z\{}ĄEnQ~KvyofѢM‰֕bJg[r #ݺEtY I4S[`BxV{gD<%5?}Q'Qj?&9|K h&y=ai,8\@uϽId [K2*d(5IYUtݶﱂ}JVMP 3HesYFq]Q1_Gpt$(K^qƮ{j o>!YBOSt?viR ɝ M R }v`t{ᱯז^,9}Bٍz{2z-f߲1Ͳ߹>gMcF1W5yTt gs6FlM+՗,LAc?*XVq>U7$) }xf3e]J,f QfEuTSf .P,-JhzW{?>&:9FFOc=Y$\WI8EIrZp59m!h"1CMYUVׂ}Hq)WРG)f%qǔ</,?0sjg9 سC~׊mh')ݧS|{I rUvQJnsE41eVWaE^Tp3"+,ؿuoTh.e>Avs^ȯm&ңk5R#f~$rt%ov}۰7;i!SrurF^H =ɿw}Jϧjs:Ƕd!f-ﳾ{%{O0)W :l{Lޝ.!t:1K:~W6T\`2Q!:RD*F{NWxY*[=+Ҥ6B;e a:Au.s~VxߣHkX?sba`$KIқPe*XygT㽈@ᓪ~MAxܧCU-=3x^7&zp+:* ]Sy#/ "4k}Xb?Q]L*ڱy ۛ:r >8233H^|$ ~n ӂ,!НpPد R# E㊍ }OP.SƻTQqwZ¯H=D0ӵ2`j&B= 3n4CYavJ;'%<#>SN,&=Uٙ-pLX88b U`7Qj2DD5w IoӘn+ʸ"E4=;O5j}M'բBo(omW) R OP%UZ1HZ)MU51RHPS.CYCVKgNH1܅ҌQ/xA`Fq 5Wq<~gmRs*(#(`@qJ Gj80)~s2*>hRlwтF^|'%t9z2pCwT_mS *,ieWκEkR"Q"{?i' S~Z}f~[bg!ԩJJ%'$×z`agO#mp;G@d`vxJRn ep=Xg@+1(3C_`ڋIg. evH1fkO͐RUV; Su4 X)HzR g?0F4IV T 9&|UT?rֶ5m;>{.T8,$ vΧ2{1 yi#TY/ۤ0!;=.DҷՒKHC4K>q:,e8&NfC< D!X'V<{OX<@D+;AfFD7,•8"ct!Wk#ԙ$RXjWE?HRszЄ«iy<4r.׬xlp$ڤڏz+Vۙ]ѵ Ȭ'tN\:ͫM:k);rB NB3ұ rMjqt󰈽OA kJ22%D.3/>} ꛜ C|#I1DG)WQ=]Tx$9r533=7UetӀYɯXD9swUk,Dc>gHG [4!`gזG=ksZޯ\zL~YH'G^8nժJ(0]~c%ƮNBmS7;4$kOQ|"-iIĘ#<>kp< :qד=yBe4S@R&@M'}eb#b%Gd?üx&,˅#ֲ WERk4?AMS:qdFo%Q+;kgx~ rXd;"mH^jNHk 2È$^ݤ6}{edU£ 7y(*Yf͎}C""9>|6gC*HeSjfiכ@'WRcJ:hoHjjdBAv}S6 hkX{#tinJg.P$~O^/x_JK_/8@ "?wB8?ȤгZ^ / LPO̵X`M}>h;~k֒W@P /*v\a7S 4] [t|ڶߖUZR39Tj0P1PSڰ,PziMګ@PsB@w"%s)ei~iQpW$Ҹj&P%:ހJaƅ462dBW+/ʢ<}e-`;1j% C6'ICVTId<ñ?lTXL A䏁>?ݍ6%Sӧ̂:R=c:85̜ԁ[F8Ol [N w-_v 1o"DHBen;8x&m_|mX! nGbU s"l0DF{=ȕİ`0|ˉv{o #B}g{S Sq8?N'zn*ΡeŘ#sj*/ۈ+' $]5\B!FS7Fͩ:\8~b>A`A8`oML0(xuWI.qDŽtnFAY-5AE3~K0ׇ&-o@Q;:k!1y>}|ަnH/fiɏkѣLGi/R5=*v$˱y3otH3oJ%/xZGP;nP0MM`EbO@_}KUd%v m/(j"hRhHW} =*QjSJqǿ}T.89W]/b}̶ ?qvSzOzՠ.e5Æns;b-C"C4owk'ɋ裮I(AxlYj֋^Dk:uruE{ޠ.kд_CV р2An DIcF*P5rۧZ pW¡nTZMp..KȱRiAghXUo*$)LqTHhf9˜H`']IO*1cr\~'qhAROTQDI!-9{M-d(5 -V]8w@pYa` /{&]V]\\L:L{pn 7Oa2'L7JԒC 3JZ:^ioj;WQ3t8Pܨ^7GFd(SZb _)1)@Ε5`cG rTWC#()~9OŲ聽G3V3 fMC$5`:rYc^lѓpcYSё ݂`I;>^|fƿ0lJ0k(w׭X5]).3n!>c_8`x2[0 Wrš]t/g!4F FA_)ؤ@-@@{i.Y -MA1$a ْņ~~qڤ5Sȟe6imr;ԝTqdn޺UpFuCfi $'O]@8rӎh/s/&TDž!]kWbuh<+@"rt|6$y}#@wB%O\|GZQ0վaʏ+2bOyˆ>IA [K=NDv$Q8&2J/Zq&iQ ݃aYPSp'mX= ,S [h/gEUxl).cy ̺p+]b92E)"l>D;[z\\j" ih\4<6C&J~%hJhfbW%E"'pR-n|XZz,!ڡ_F2a%2+B1\p]*MPIᣱ@ZAGZҺ5ez5HMv)m-8wbЄ@ hZP,Sp4\L\_QͦD ²j5EPKv\Y7yO09מ|qբ?Xnl C&V3;5K\ĺu:O:UH#RPH5y=Y1nZeSҀo!s3=*(LzJN%9KɌnz %4@&N`2?@xqLD~닌1Sb\\k" _ܪl` Fۮ^4= )XaF;/ƾߧ_2 (7NsX6E=29ČCV>lmP}f^yvq{%(bjql-$mNlՐyCM֍5|Wk&>wIF=ِ}#3lɦ>hC.804y\~*zPF0;Eg7䒽65ڤQ~rN&ɹ;MHAד'N虙9g 1R[-wDVOR ͝ONM*4YCLg ݶ65Xxgrx&m/zK:I TҵRT 7Y &dhPEP/ LHu7#(W1xi$b s6 2Q>KSB߾mGQjpj0rhQ ~7qK%o C\)l}^82y<|k[K;3G65ŷz]Me$5  t;JD&EPwkڢt- #(W"XU#(SrT!M2 XF21hh~UoW<+ eny zJ)ux?Y DAJ|\1jlcy?m>idF_8o,*"-dhB!bvwZyL^-.vB%qk>}nbVl8 jO>~-Dy#]ُ)ˊ O2b'dIM:OYȵ'c,0IȄe(o6hg̷TI\Yr@,m/T\TLjݵn c=3ĔxzgIC||hV7yydoRdVAOa˚z(\EJPRh쭝~`Da[/}QrX#M)#@&@:} KY=8-B}0QLl[e5 _DLtЄotP'2*]n1 rwlˊ}oO / dQ|gyp$U$xZ$HxDG N\pD%mf4$= laj~W]3Tn4=5os C|TaJ}Vd5ϳeUL-?qY;w,$K]6zO(7>rx6 t9jw2]%A ǩ !4;2X&3Ot9O&4:dOz9kXjD=Uwh|@N{8Z'f&P%Άm\F~f$pZ`G^~rđoQ]NS /R912j\IX@ଊi¿2'i x)ZPOBG9 Xea Nu#'#O;}efPCAU ~.;d0ҙ vחyK+x#m&Z9|&BLW;g]hd*&58D3 ᡐK`C!aA8s׹zAрȪk7_>YkY,'#0́-\`[Q`2j;#D2>#?ҡ|1ƨʹNVAhx&+/IqDB,4#Ycypلxeq!O:VYd<机#ECධ֝>4܄6N*E6"`M#^}qqAk~N}wv7 iɴ1F%9|̿xf7{32n} 3oyvۯS3|qΔ(筆[X"ـEzg/|W faU>zbS耓o5;ۇ,,  \Qԥ2ĠyT$4qiɓƭkFZڶot| _}K\Gc.PNd­(wYosy@}^ZW;64IGn;/ZBdJX w؎U5٤h~ä2TS,1t8*l"m_:&:\C<`t0ʼSܡ!n#·ٛ8d)U/eL -螩wus2^Nɗ PX5Oֲ<#xi7 (>FؑGPu}t}_+go3hi[[YjdneV+Kd_ѥ n'6R#5na@s ws̏{A M'DbUSޡ-t5쇹/AfX9h'-b.29g448L8 @y=,li"ZSU$G(ͥsI-HbQbdŒ|Bl.I#FƂ)Ma}) q7X}tdݞ#ҝ C8&XP^jhd QN}NJF < lRD^}a"Ӥ0}ƌ` t: 437ߣ&|ޭNOnc Zu$EP ^ip D0UYcnq6PlKʑ02֯ttx.Xɬp?Xo,i $spRpC)l{4OT 2 KP "k+jYɬ'Px,]vtq?KjDm[Rށ[wz%mxC}Ҏjİn&3gO sX/QZ\ Ԕ*\.aY(f\/aQ  b8rM&tX YB)#<Vu{\ȄV@\d0tp"}zWX52 Ѣ 1,߄\d (?-XgUJa]i=F֢c+#V۸Y:ъfl~<ʺPG!%uZ}S 0IZ5gPb2>,LFKh*}q/S}5Pg .$u6 RCGGY]jMmLW!|L+1Z"r_l9l|3fBDYQˡ mrkzBI0qdR8tLbOYӣ09oO%sp-'[ۦe S9@nֺ\6@⩞1=M\!Foh҄4TJ/5[4W;ʣjNUj##"W;^)?S=`߲|.H Oc;UŝӾ:  8=p_XZJfxR d6@^Ei}{lDnD˪Qu;H&DxK:a:fO$嗆0nJv4-5cnG!e=J@^`֤%p[Fo2rǶaBf[&FI,lⷒp5W*"؄T0Mv*lH`>$jI/ixGTo?6 `U<?f zts (kRˣHTI څrXfA6"abH'|JK-q$ /g}nUI IGޖU].ܟ\L3G&%8uvhR|fUܵ}[o H%W dvo W% @jbAIL^B8")\n>I4p>"NZ ޛXH28*0^k!>9%1Snf{hq*V]aj;ǰ=)_/ PxH,2"S$LtDa^YJd6SЌ1/&0J|!GH | =zpp}0BHfNs}‽x-_Iy"lힼh'3jDlط;xbd2 ۊ>nLwQ hF:όDZ# dyEiu[bGxiPp tҹ#ꅻx|s}`Nqo @< # q()zzq55WNB"$(ژQYZ!-Yj79n<qdj)ȂC m}lhyjU4B2owTYzgIIMG6B7j KĒKM?6o|&!Oj!g9wn6ҋC*S.RRdðemwQ28P!:uezCO7b_6௦wLO(Ht+ =R'm؄!^_X }\&6 O e$OVIr `FT <^NӀK+=T~V6AG\n8 x 0Tx- 1 C4 %5߰Һ €tکv=8"|yO1Y& xqԳrAib>~Dj|9«LVR]1)[}tMb;rHWʧ\k*VUK'-jKyZPG鶪.F~,^.>өFh3~r^r}6: m5\lL0N٢%b6)J >la;`C2?T.p,Ϳ?PBۆO*u|Qb,~*X[~cL2=qRt}ZCa:Ds'/#s|]N\ ?S?xN)`Frd4*_OK1e$qU Gs*x7ynEH8&LRws5[[5V`"S5}YbCW6&P缑HG׋C?\m}5!b3P8^xf-)'KJ9v茠ێpfֵ;ckش{9Lggyttw)HYn#$ 7KHPWX'>@,WʧJq6}T=`*@'pwRp f{؇h xufL/Cp iAD0=s.4@l  -Y)G⏣yZmZ_LS77G~?ԯp@b}i~798Xhťp(S@v8ϥ^@3]@bI9`-j]m9Ŀ߄?;,6`; ݠtsJ'+~5IDvK: J!~AӾhUVlS7 /ݸ0n^?K`J,vs2^Xɭ^h][O-,8]tP?fatVBՃCe˦^t﬘OF+^a-!D+Y5%$]߼W /Jƨ\tp"yV vCc-G.4KׇIC$#|! Mz Q`Fa^_k.ah =j6yhfĊ(c[0?ޜ($u- !R)NE:b?ؓ#1'm|W,9fVMb$p,T1Νɴ4\G8EkM} g/]0Ydvwp'%gc>iPҀ)IGֱvd=%xԂ!mH`5ìKe]t_CB A!̓ $^Αо'qdqE1 k{'0BȞ+&nI'ѢSeƕKYJS6w#kyfWH'Sv4FKMJ-`t:[$=_O6i<7g&Q(ۓ|k`gVVhLZj80z Nv%>gUKebgdK/q;՟CbUdJK׿ {pa_B-tAOD4p!>FT.v4ؖTMZ.p&#\U|plLmA)|P?׷! O-aWh@PrGh|(_Zk Gkȯ%^M#'1۟?&x5欤XrDr.@Ɏү骦S:i-Ƿ>=lYnݴ`Y㑺1<Q:,Tp[[" 2 @-X9*Ŷ.$'pUe"γKb"n"#=R$dz&(㨨) /NEFcuƎNCHBkFC\-%.GQF ȄB̠r/j>bn8;Z\a}>\U]j֘m[KZŠOllJu#pn!5E.Zq6Z|LbИooj{ 0du?,s8B;[cV[dk.RI@E(*Aƫ=]M{Ӿ39j܁;qQrDQCC)w"/u!X0erQg2MO!ID/xhD6vȮfNudЅk _ѣ_\ eK4~SE +*#ڇ"AXW)8X3hq#tia| vIfP@#Y1Nb+# 1<@䕥Zޅ3pF#-Ѭ֧߭ZƀaW#V97ط@ZuuN)9A#ڝ"']dSdӆ +kLVALR-FT/bX.ir[PMH଱iV *9_!{Xwj,_Y&b㒅RE[t$Lq0NjS *az}T,b"~E)G{øI9X/*Hnd1 _AnhGE=/ywy@Q)Mfo& N^2j3Fϔg75|7G.8 BBIc+1BG25[ؕ7c4ʽ>Kf uIm|y؍@}$z+:\B9KA&~{>hu,a`?]gn3N'WV鼀(O˱iv75!vz}N׆ vx(@gsP|a6uV>j(,mY|vS{¸dt_oⴍMg$r:E a>X"앜NL5hy =mۿ.`6 ׀[p(Cnu^  )m8M )mJ91P=\E'Q)GJA<*QDf B~#iXx\Xw^9tb6 hoV= 44ݤm*r8miM=8Q7*eјoxu-fziGZ=QY Y/À"I`n$$Ɓ s eT5ICní)11l}Bpݿ3S͠RC aVX9X)?+NzƛȨ1fݝO)aAp<},П84˶^%2\oKwL AeP\e|f3`q4ѿ}sV6_J/ [o߹%km_͈%BYt 8,>$ޥc$(h=68P$!@-Y:0n4ƐO ];e Ug^w_j)nwHlc,+A}%8sOgv[33~.$f ]DFzO>?1qdm~ʯ+Zxx⸼;#,@:?Y_QӢlLRUc7E(i|9Vb $\V"]}YWjLBU|1 ջRu "o @7/;ݦ:*4^lbXϟlhVF+(x,ſ #U |^] K2*[ ba Qoi %р Am@,Bh"(y~\c&@FJ;jPf(rg H;;( Ȕ\ccsW4hFB7:!~w֓3I0K/֪P. wQ #sԣ8;4B3ٓ1?28|"IcM!K"C2u3O ܏xp0.2m0 X= 쪘c/'_'&Aj7~19qI}q,z /NIƻX/sշQ+x|]ɤ׽9MYڌ=t9;7!iVX4ngK/*mVyD#K.֥-WzԀ4)w?ľvp]"G;Y]l˶=̎2lLRfl:}nRoi"ߵS^[ 3G_%[.:|~6MU8fDz1ZeNC#pk<S8aNLf<( .4 T!?`ۚ$40w)Q”}Zjf|~$O0-)v37v|QdbSW@rE-&AMsADc~E%a>iM:[  788b]6z3S4rE^_G*$?91vk̗|, 8~ BOʤc?uƗD=-^VzD4TbfDoĝGOXly1?r@n(C?;%󧡖aNAe;::@>rRe"m_c0 k>NRcLOn6oK9tb_'-[׵bcWNʡd튫_0FO HXQ,K#wP(_GhS.6 %:ދ0um 3s%?oD+ ?7Р.%)_䈈9`AU>ZMv(fŖ-N"W~ 2p%9.tOM{.!&K0h0=h92bIj{}zBD 4O>Y>{!Ż\rj5;Xy9MO%MX_ZRLhPAV'"zwa(fhTNo҇d\OI>qС󁶯@w{1]D6q6eJد=GLA,{? 1K.kH(7Pl)LV=cdgq$ϝN3+%)Ba T<FmQK^:CiψrM1Usʼnir\ǥӖu@$rR'3 2%cn+wq Â+n޻එU԰+s:Zn,b6Nʪ^yucTWeV˃L (R9ھ=誨= K[%Fv1辷D_( aK>ˍ>W=#!/o &5sԷ[OHJbź䫇c5@aٓPqܷ7sШ0S~XaWʟZeo‚SQr*2RP't͗*5+f-=l SezOhix)4S8H#.TeqلʮPD:rMw}8}s| Y@ԩ,7e`m<9wOU9 hfߛo^uvv$! tNv"@%e~I͎LvrJ3^DxbJ!WqYNBBS%"RT|%-@ c:܀24^+nu﷘S-H2z/gNT Cfﳃs#@QcB{/#:U!dzasG:*nbم{z79k m9p#AB5k:ZV p..3y6q^hv6 JJ1ÀUüfE[B/1 Y kl[vq®!QB^`w'S4P~ƺ+L+ybazu6=R`:D u(KPEllx5.mΉVnG$vf(8Yd5rq;cxR5cf,cV,Gb?D|~BU{BL$ܬ&FL)3$[D>)м mtJWGiÀxSg`TJ+Y-gTG:ytԱqbAtOE5[E3zQbt?:6Li(\55QO"25\ֹSS>S-kkr[EJ9Iݷ='Ȥ Z8'- -HZ] E"TAZ%Gk) gA5x6'%0Yjm-.4XXiz%v 㧄(j|~S{o#<^>݅uvgG8Y\rf:T ǡ iE#c"@ėMV6p6暭4هrBuX>nGzlIcq@lEQ}G8oA!7GZr9?vwG.k by p "* :^3KK9m6!ĵAvٯW]%O ~[W1zƹ} p*hWQ[ܒmIY,b+@X_!yt5Hן̳q6|Rlysو^:OQٺV^+?5)Te^[ y.)G!C@Qj^ 0#mItRнJ0:ݲs?~o/ER7iޕᑵ(wGQ5^,y9 öA$tϹSꠤ?zߦ'I;J^[Ain" \ }x2j \J8ΕXAL\]?Qc C24S V*Ԓ%75S?kNac^Pr]$W=hD-xn4nLkR>BƣcgFni::XA{d,U4k mv)Qpu4S@IH r6Bm6|)ʠ̇UMT*ߋ|vNCxc440olzVoQ1:L"^O(OA@"H;b)N],^M/w?‹J@t͉d0"Yl![#AC@n4tKrJ0`hs[7lURzI3q'fHDٿ S{)i&y޿fxaV8XpaGY}"VV/$'%`g9mfP!"Wv fݳ[2+ZVJBwQ;k$~O]HLtQiQRw+ոlKlG3j2F|ɬ]/Y]fu3!, %rszv3 ۵j2|E4X@gRjHMy#!W!3VP[:33>*K(M|+'4cb𛷎8~$73֓Cz .ć/W%ht!GP(Ġ 8|FuI\5)?!(^ ;-cPQ* ibK[,XYHi~tc08Z+_bE,&$?`//"*]8xNqB>n>vr"N hZ|Q/KþBm421نy?nVe~&&Y1GP\@qRgf Gw=buq;Gew}7 xș^}Y)e!#1a3D1,ʭ*brO&- ςvvs@ٓ% 9Q?/*,SsWt}H 'G R;FB(lzQ#)!ޒ>BOuBb=/ QJ;e2 ͛I )S)҇ø!㾎!_ ;NA#Xr- D^^#m0Xc,^`:R`MrW}׬g q,pFX+ lh&A,opc#gTN`<=_،h.8)7a/ð62d9N}K I()-[*]묙_|q6G$yizx\[A /X|R T{m r o}9V)(^ ESwQƺDPN~B -bZ0 YT{lwIMC(/_szCՇ3Zi ˟շtme|I$9T WYfR4% &u~ #0=XcVk/Ș\d~!ZO%Mi〘5{^G%=:zF8R g6#C+: z4o_v|J%sG͌Y(R$]ɗNVӎb/+ؿQL\^/Y{;$ {Gy|#@F=;[O77䭪xEEJ{s&_Qgm!ObڦQ^#vQ,q-V!ŝX®i%*-Lm/*;oūhsx ,VM!Tv =]_#qmm<8;mV0ɄĂjT&\J:IXϿ6ͲiBЭ/Dm8l>FM>r~o'-3͍y'7"$;6q֯~!ӶQpf֫uVpN8")?'(xLg3cg 1-3xOO56~Ƞ__P_yS׺7yrDZ^@+G)L؄Xuqb;ZGBVM%-HHHI2d(Hi:5Ci b (USFz='s.kpaǑ=-ӚC3r4>{6"<\  d͓g82?SA,?9O1gE[g K1$59QlS7hI_.P7jϲ׀QF9uϩc*nGޖp`@N װ8sT () w̞bDF^BwRl:"ƺ\cp7G/j̦S], UYDWLԴ3üc$\k4XFQ4;Umj,qϨ؎ž{8] $B'z>#AZF,p FE{Rb /'_H.JAbU1,Oz>7m1F@fEޏwG`v*A~RE~鄏i< FĚWarޮvZ2S :b|mYyGrg4_ rEiiI$^RIS+Z݋~}o;[}R_ݨK' tt|짮ICXj ^[W|$oc*ѝ,i4"3qO'ZyKN({٦>J-=?6$*yi \ۄBI}Mr2p;Y#|Px㷊Du M; +?N\اB_&S![d7UV=H^{]d ta,q;0h ^\ZCFV}K`ɏeӓ=KTYD}OS̒oe 3x\ܟOrV0x2 âbH)xdWb>ҕF(? ӕF? EI.{k?M'QR]rϡDqa/3A%҉bMY [?R8;f߫b44A:Mj5IB9 -wqN4|Yp[%YS9*,p(1kJV>ƀ崇SBmxFLp8 U17Z:{ l[Sd?N OSqv(RO !eUƴrfn0cYtBg2߾y)mfeץA6DZgrٍy[&IRf+@7zHgNGEHK33q.5rܶRInZ&Jߙkw+*7=r!Z5$0rtg_b'$6ae>I2  ѢAfh)!yW)C[,7Hl)Z`NX&SM` hϣy6-ZGvA}8 }#py‰wv0K#lj #RmA+ 0ZX"`9 J'c̨{6i2Vï#Dc:#΂y>~t4-?梎F-WK'%}Tp> gτhV 8\pla#vzEa`IkB.E2P—+vJ_ER2uD{<5}\f^r azo;ãVGfr(#5]w$7.%:5w{$x0=P@pu3|!Dڄeiqar}k['2ŝHѧ_y+;༓s/VTNCO *ZaRj*YVrm!(W96+DGi97S&(ԑpL&>,6De\. xƚU<8}$$p.{Z/Ulm>\S)9KN56CRS_ż"ݙ)^FjA(ֹ PWkQV ˏP,WU;ܔ C,deyPS%eGNdQ~6z$<Z%EHEUww„n@ukvZl=E}jX2)/z5o8˚7 ԥVjzS|K wqVDH2qAےsJ-m_%08 +K(ǎ/?T&!M3*GtRke.ƒfVS?kwA*0pU=h˗kteU*}MT9v$v۶5musa7r.Tb%~'%>p:"7@c G D9' Sfcf+.͗Z&Vƍ]~0lߎ;Vc([6[~jW&S1,Ź@ʪ$ih2L?ƕ:>}޷wW*G&+Bl+S8}R?oܲXmwmR]"6NpF! `I H&97ٔc~<c9ÞEvUӠx2]''l}Lyw8Re`׼vo2$lzj]GZ<$* W^ ~Xh(B1SF2G蝡K=F,\5[pa(FmL0H-ݘGuHgQtT&`=N`ʶվ7er|2$^)+O\pE6̗)bts]G25{Q:7G_>QWMxi~>FYFvz;b} erZL%DarsRBԗ[c ٩ZL}qn_aOF9UjZD`q%3r9fIdjbZۊXĩjK!BRer\ #yqJ06x,k6Ûl-<֡j顜G;?(A*3VFPH2Vp:>$`]G0)#&otؙ,q+x/Ҏq͆; \E$=iT;J 9IM9s9C,dx0́ivÅx, og{ Ϋ4 DX+8ravѐ~dGvP%E/`-TQO96d`DyqR< ϡ:`a6xt(U9 e8}::kLlX% xeiD޶Рjݳ`e% aX]1ǣFP(\LYLdpO@^#@u˲1[%Y&nA)oPO6bj۰Z굏d'l'j!Fgwrx2Q0d ɋՓ'fNBn0k:7"GoG1*[ͭiEl7D(w6hvHj,zGn')L䏢GC@yVFymOQP9)i Vp Mt"wՋ:FG/<)w*- P3H@fb9zo(eKl cOBdK7 Zt#hY w Xdd bB(cq5! ԉcuFۿoQxXX O3Ӹ)PQ3)dŃ5Ű(e޶kCX~'kI|KBHfP|qt^,k'Ju(4u$J^ܑ8-|t}fco8 KJIݔ B x~>K_!:%&z?H6CuyHQISȍ5ݱ)q!G/a}=p ?ٟI)OPqkF{rW*FR[逬f yP* l:/&u| һ5{N?"CK$؏GnehV3`.Ruy};"hkJIrbTڡ1q>ҁK:3u3G6By.ځ2f q9Tț~ܿtBWv&1Rb,6ocoeq-fJ=rZ ["%ƋߚvfԢ&a ̷!. t=jTD*AaRJϋu{2EX:ϡiH~,\wLt֏5hl_䈛e,da=C^PWywy;bjq\vfZPVyPM)TR(XylLQ=wjd/TÏn/`ˣD>xkA/YֳT6y瀚1? TY7:+y-iD@6%3M^@@ZeT$*7a X7 VWxאΐ׿k+(C Ռ/ii3\=歸(H.A>|Mj uFN]S+?/`J]xOKhjhH`z5᝷X5 od {JAbR?r M1tMSNXR-?S":"Lu׬Ƣi9aMm=Yk5`7@FH &b6Tb^m掃̢ƵuIŵI;29Ձ>M? Y‡zR(HSp5 ; ' @$,r$ܝwXv{O@Ko.9B]s e Dꧯ5Tȝz?jg/)Fm zqJ}* t2hQlBN|vpȞ\ú!5-_vi/'Oݧ@1& hh"&΅k% p# 2ŋ;O48w}N/m(ݿ}IJԛB1zLYi26I(oҕ-6wRk%8v{:]`% smrvVjҖuZ6<9:؂HI/!H-?w2ͩbۨyͮbL$iNT=1:T8Ӽz&3WeGA1g=KMn%>+(v}ť4c^_{@Jw8ѷgWkt5\#p_r2 aa@[$7X \| *WUr}d:_,d{n?])q.C܂/%}1ty0u04G/L`ׅ^i V>>t[$,ytWSC1kk(NM,1|mR6ufL/hs"/q"r緿M5km'\+Qn⅘:Y(j.zvdV$9nu5gTzpnkLŇW^11K#ڳLH5Nǿaj`(d Ns?AZ{&7TñR'M\(!ˣplbs/tZ6K+ g~G 8L)}+/`NIǣW[Sg$( pԘOV~?ղF% 40>SAJSAw88jZ)R^vXq•DA\Q/ڗC Au` ]j^1ct+r<|J>x4Yn$av`cМyG;uo5ͱy4(>5 !Ha~':4#rT9$ Q/dz(C!lSLjc礯Wm˕ @Koī`3$m|܋}fʹO}fP4soզePRBat%awe + /ilfaƕ3#:J \ \ "oˣ}9~@y '$K]*`5ћ{Gz%T]lU9]T($Xޏ _<:{Xq.1Qz{J@n (aQ.불hJP1l;*0Yh플AI_a`lsL﷝k4:,9up1`̌7st2H4du[)< q⎿5e{%g:wHhU@J~)16Ց|%:dQ&`Dv4*>'|^;bDӾhO&GtHnTKs:E*=S'nn1,qh.}=JٟE@Ƴ Hm6{ "CVc)Z6rXDsrrQ݀ #%εiE'%|R%J7CM/0⭸IzhbI1A V5aĢ]'GKUU4?v1O#TCFgr'I9 x^CqI^/6H/Љ.3$堮MCsP6&SĻ8'/h"U4rHODܴSܘXE7iascZ r_is! 9ڸÞؑ> ۹,m`aAY=bsx:}yYL2y۫>,8`vˡ贳%=7eMYUE.jx sоҏ@qjz}P@ ڼ&x D2jx;Zy4dƺ(fN9+|Ҥ{7ma\>$c4wi F I Ypb[ rkGBK}ZlU4r G8/H?ٙ6zѮ6rkr 5A-sܖ-e0H{V#C=m?ʩJ]b'j٨ptVү40Y( вMRWwwv`B'?" q˅@Z"IRZReεٝ''L Yq㣫I/ӹehSh)ֱiGGXX~WH7,2K?Tk\3?: ]uA\wtH*30aVbdr_|Iw(-߃˖>Uab8Q m=oIf@c@wG,ZINas(6Ӡ7:qJ*tx&gB+;`TKܬ5LޣT-o(R)[=!B\W4k KBwa5SE]9 |s;<dy3&oY3M9Χx˭O+_wIǏķQgҢ{"i>=&13ȈpDP;Cp>S ߚw"eOzUq [}эYC]0RKԑ^3ș Gm? |HO4 bdGV[PFr >G,19Kɲ7.p`\Κ4O3/8]< H+PcxOިKsLy7JxtJ@&U)~,DdWZ\`wfee 5tѽ`UZP䐁i%Eh7 {G%ރFT5DjF%{Q RQȆkZعϹ($^׬WWB0v\tHd;8= SQYpӉl;ȋ1$uCerafoV]{ID9߸`EћFcGӇ>l7 -?LJgh^@K۷iջu/U 0dq ]J( BN10t n{OSmO/PQKlo0Y#aBdO̗Y/Y$] l@3xE)Tk-:Al&5K[k'\6 94oU] zO( wb-M]q-ddR @,~Y7*^MBxT J*)8$0$Hlp#B B9E ksw`YrGYf<]֗:ڏk:AT[+g1tbHcQ8+'6T%zXDcFYmgMU}E'H8b*Sd61+,vT`s"b] ["R/uBz@a0yvv8jwTU(<1I <ue^R^1$F*P+S {Ŧ쳃ûY?^\ӺSog8~!ugd^&nqZ%["2$̏pPu K:r_唟ܖY* eU JU`wq2/. .XKbs +KW/.W\jF r+@׋d,w% Z~bYK+t Br6$)W+4r2m@uJT?v5j*)GﻃM'a*|%>3VK(q-0R+f`o|+c+W@ 5[#'WRiE6iiS))o+x`?eD)nUs2ITeէ wvH  X)n-c"YJ[b%^Yh>@/<%`Ռ$=SCŒJ1UG <',s4$/cJ>4jLx5=C?OrT՟B|+Ѵ:v\7mյ<=R=;.?TqPpe:]@A ZxPY^SAaR3&&@N1tOoB WX`ZZ[8k>Vԧ 1Șt_.q5bt{634YA㪪q'}.zVG)Mz.)Nf(EQj֖=`H1.ERmڏSG;Crp6r}Nv׻a>#@4}|oO@0~&7[G鎱^f6&m2&ATCnvH7+?]!T~e`o[v)s<0d&P 5,XjZ-rfiA-vz+xE'6 BJ;= ԀR^V"ȃ <QB/FqdXBEԿӲH3lv!u(R?r2Rº_~y'g$H-'dUǁN/dzo[xؒG5SiO?hDQßnc"bʼnLm&tvz2e;4ճ>iOTy8sU!Q3 (1PDnj _BnvE }5 /-XлMBRgƲ ECE vP=dߊœV; Z;%?x eFLGPGVѧ(7fՉ?f(}k/5ˡ $w>P>uejn8=],;+OW{JK}{ܮ̇l_m="TtG6YOXzT,Nҗ(U*v{[@OsȋT~7ECaAD49$ ^M=ܖu, +8wLlJpC>^c~̓>Z04ky 4MUמa&M<6Z\/=At/XA*| =z[ ;-vd;OWhޞ-զU~f]d4;cÔg"&<2B[<=# *v@T\˽P8DkUF)LKz' *{KJԍ.9p[92P/`Zǥ/qH62!}^*7qz$ZigG-ReQvBK]~TL? &(:\.F'_=:p2e%6kЫ0:ǰ>p_ݳ< ~A)Ow!-/4jLV\mJI"[O0]/7K;yZNrptb~'?ȴ\=ݩ$rЭS\t"8 ['] o|;V2lk\;;R5B ^9 V3]Ǵ[zs#'sa}ck67ا=b1@ZN4 Z:GˀSޗX~ p5ɠY} %BXfCrt^^s|UR$ӴVtA咐(Fgd262wݷa3{ Z֢r-ELq8tsXDhz[+A{`!n̒-ͨa^ߡU3 n?*z4l^Zqigwc7J k L'VFLMADۘZ0 =!8@6Nq~8A >e i5#l{nɌ.ij>-wdX%/fA8ݦoi&vsd E_O3.S%jO `@j-W Ejj16Sr_CWdZ jLxl'>>IWj&@m̰ 0 |Aw{+/)B oJ >sG0]d{հ^EBw~ňY\/Λ;&sP͇h2ǃ JGp͋׆eG=Ev L4#V d~Qs8w#%Df@~Snh W3fK+By#(ߊ<-;}k$ܒ曝ptް^y7^BdEm(q?;ER7U]5}[ ͂7ߓixMD pD}zT&5Ռ r!T?tP;4?}rڄCکukOԅ"@x:9.a3a0L1Q cWxS.42@gB_RTXD/}ux} xTܚSu 0Deҕ*@#feMxU @=~&g.߄Zܣ< /'NCS*UM Qq3LEWMn_^!QĺW@@:|D fxujӤe{' FjR*"jOK)G沛ceJPJǙ "X?\XIl~ P)`..)`iOBr2I0ۦ k6&ߟ z'a1_3Z$rZ~b~V ݙi$JB!W9 [*mvId't RGa?^~J6f- #1ނA,V' {JX}E4 t@ZgDXr\4 u>b,~vcT o0.Jx(ѭ?+.WD€~7;&bVxl Zw#X=ϋH7H=8f7lY3o@@D%- }CV"5ͷg4DHx@ 0Hh=Y|!i8(R@KXWMP2t70S([!$K#1LK=fjmoIv&fuj&؉ _]Kb9 atWt9(3"w6B%_B2Pff?m P˔QƲ Ict!&渧WsD#r˩I /BЇ9OOhJ8,!ǝN(ME n{ҙ:d5Zk}FK8J3At'Kk-8MTX )=1 B3͖1$ݓ `bc0E )xju. )D~ڱI8TL{)E~䃠)<3,1P Ph֯Z,otq_6\KڙV\Cx6G`#S@aĈuŕ2U&OJ EAw,Y,/JCo1r ܫ~@0T1? P/6 W"翊a 4 /`j`YfM ś,?Yfگh< hҀG^զ83[9܋xR.D)=;̐Y7/RCs+GaNRCj6gbl vP0@Nk[mAEccPRYjrآ^U]%gWRþT&?OnlyXNvg({!+9vxC)^(]0H>fAP¹3=/2rih$ѿYiysos[ `2^)jE 'Qieh(-"gw 5R}/6t+{G *RBM9"[pVF,R \zŭiE Ik4{=Y넥"f}z!oi1'̗3>Mx~v݁nO4l/PIQx%Vu<4# Q{ [Uةjw ˰Ŕ"7)V}a_*!]w,xx/IFn&նɉf/[LU 盫dH,`}7ldYtHRs (z1n61Djx'8I_iFOHa9N@T1ʠn -1:QĨaώV#QFO@o_"4_"\f`ݲC-ta X5>ɐKGEU2A@ݾک [ò10'%xHQwn^q95iZ4L+;NJ1<J+0х$̕eu>1/Wh'{"<* -/ջk >]F̳!ġ{z&ы"5qojg2, D?AI_^L?3H"]c1g  tl׮,׼Z}c@͉Q~Wl% UeQsΞ߮wUqB|L!f. ~ZKT:nQAtEeMf>,2#K;pdZ=Kt[tQMaۈ2p:h­ϳ/a8}ʼWnQOGͬ4"W m=;W1+{U.qpW_xkq-ԬHNh󐭧 fO:4AUcx'? ̱yϊ%=5F+˰yt=v.{{9 P&f0^ej^7rj`.ghNB;A5C$BA J,#r,.ZKf=b]x.%t{ktUwY:VY>Mg/uGpJLkoVX1ƶIE_\v& 1,a -Y˻/V+  سnv-@~ۧs\ ?D~`CIC׃1u>ޠ͞qI<߼.j<baJ(CIM,s4Eg׉gVPt%#C]1߿COP Xk&M@]$xc Y%/+Z[=GM p͚Ī` ӳ \Bn\ jeUSViq94m) C|#pu~r%T)rTY%MUXW!X0ʊ`+g"l$i3FB~Թ z7 #Ⱘ@ ^^XhD0*K$jQ`rHcm~0fa ͍}RpВnq5/!ww (Rc䃞mO#衊R}dfmfml`MlQ OfK PQHTPJP:fJ+j8ה)'EI(2D-ATUEmJV|nBdlǧi]zafWE_-p Aum\ٛ*?ç)^ܳpqЇl&%M}^$Hף0} *ỉ)Qݺ↊E4Λ?.| 3Mnaޜ!QGM2@ c ;}aƗ3Yua=o=3)pTe v\s:i7onBY8WD AzQj+}%~K3-{ǑF<; N;ZLPՐkũ E9~w&.)oqsk'f4\,h1)8~ G_Vޓ- P<uIPVkAadHZ1T^X1AQI@TeoN DuLZ@AܐkJ(i ɟ|sޣe{3t`L/- `J>Q'|ڇ8/gҼv΂?OVM0;.U^[m^Oqy}F$/yK AMҞ?;i0(dn@Uj*u:s&!jY6u樂lWT ֧Mܶ>=hX&P/{_%,dWнOA?i}. 5]NY^a pFƨH 'Bر2r! &ALMEv6cXyؙ&<&sJܞ–@6{opb&>@"6UΉ0׭JBjyZITYkXu 4,z"2 R-uVB! +_͞_7 .=e(2cW{0= 8F a^i CYź'(r{8$؏&0fzie; ifIU(zHc5vAN#Cƌ$m"dSW LR=_-P)'e0p,n}F*w†u٩>Zd6Xf}LκѨD-[aZ2݆0M%*T.:1r= \Ang1]) P~Y )@%.v[ھfP_4!6u0 86.w3H0,fIZhCHӝe˜f&7;r3' ΪF(OP L٧K j(R:WУ$'F1H*X,3p kٌveí؄PN&5#-h cY o ;b܂I~ꡁEA9㶱RaB^ 2)hYWW@j 8'vvmo^M̮ksJYݳ>w[B>Tf6(J&#8FV#:ꈲ]uQc[qtj“-E\̖/л8wM.ϗ8^#^TBen9z#O[)P$]?1є:n/耛y5+0H[O,me|س2lagC=2S(:聖!kԯ&qV?#/UG)( jT[Ll[f>m6fv JhupCg8 OJm{Hm{/ZP88DQ4 7+ -^b4`sXHȵZjr}yoLo cH;vuϋ3"0y<`p\R~~_=d-g?eYw6XCꓡAlyy|m1<|j qu_=*;N"#@XcY;q?5fS'.*ei"wXCJ4Vh%FkƦIyzae Ջ,0&_~$ !U~*ssdP1cJ~[*A&E/՜tɎX^'{hTZd-kjatcVOP~~0H&4oB:1r#9t}-,؀Aobկxg&=5=jG 0hbx l-X?'1e-EU6:CDBuĻ( r8dH;;G-i{򢙢:MfNiCD0Ye5//$9:u (DWFGא\^Ts=Bٝn~9*>URc_Kd%;z,C 7c473h^qʷ Hk' ðLl^YS2 ‹?u:q2*~D>?JTL4S-ND$p0mbF,1\AQ/o\um B(om~Dckx4z['̀_O{Ѹ DmF}k?TW2[.Bwء gխ^N0aB3-F !'|R&aޣZ ʠ̞^ ґ4N뿖RDH^?\+DZ/}ECFl*~ U33A"L~U9oނ .X3,06vⲮγr-78l2\[tUBg-_p_6tђ'Ld ΜKLbXLX Ԏ/ B/,d"mX]s9N4q6;buMEP d>9&$x(i@?,b~ !ePlmKHn5`Ӡ*t85̌P_S^F`:QJ[9{@4qKw%1!BleYۤr D~Yۋ 8WCb06B*a" pOI7/u Mտ9:je[uv ,(M74S6'Y!vL+/3Ol٫8HdSS;WWƽի 3{A X#tJ[|ܬXݴG B򼁣&?`~Dllwvpa^vj[y'5>sR>+RPŰ)p'aC 7kqr*c:qKI<b# к+>%DܷϦ'2pv7NlUdHzt8,fWjsMob!Tcq }v% ѽE'4Z#֫"W7w_D(BhGfʹ$!b%Q..  >3鎞=ft[K mh]/t?3;}2#nCok1L $5~j[4u7G%׬X0D!ͲtZ;})[걓M꺌&[c-21uӮO*Lmf ~PUL= h<qOS 7&'L7o XS3/z(o굳$@KH& fǞqޱfWuG[VJ epvݬC%WdWp[T3;4H~; C#CVɄDDw[)o2yS0~#kczQ4Q93)pcȃ1.}'c24$cmMZcY4:U^ӚD|@5-4:ʮUSndQफ@uG]~rZfge}^h'ó d1~&'\H]gνr/Ĉu.sx*h1\PddNք! <Ů7cjkJŒ! -#LʗW7?\uɼ9+4@`Yi=19&( a*AdL2\ZESD4ʫcUnďS%rifuۻ:Y^j⮻ΐyul`jk)3"xxTkKK|vSq֬ϕI&<'ni]0<3=V %:?,MBGHm^P$3t>?25i_{yzώv 85j %C2'#ܫlJ0ܠ+s*8bSKVgc* c xCɌ2p۵eRyzPyЮUNĐ1LKZN"j$n EEv#(%to)'Q:&pb]JrDk=e`25H@.BTG-1F:YANoq$dO8~h(j@|cSW4v4D8Û_*҉zns ٺKWU M_XDG#{ΰ>Gܑ qL Xm"`.5D'}CA[nۅq&)lfsi8#13~4!qu('-HMA_b!+CbVYBP:h`L*sޜL {W\3J3:Bֳ@-NoH.գǠݻ2j&GS`>tTgL'}wV@ZK$Qd,\_:KT"s|<z>xwqg]̘tqp*3l$6LȖ'WlS.\,}SFuקg:h[_'\-ZA䮆VnK14.4A$k5/(=,<ڍ֋ڋ7JMh(æ?lǵu;P2cϠJR=`3Lq3y h}s %yXj* ϿCzzpM=>[& GNJ@K,rKzpjj8U`*lRsz3W-vw8LQ˜{5pu 㚿N#uY]d#U},@1o6Z^` -,Gˏ15|sw GOWا#ˬ}UOD5ʝe=)Y8iSsD8bu*"n@q(~lt6]5&ȾDLXIY15ozD̰+7"XS8~FC#xFrXQ-Ӕ4;A^6nh̡.c|Ynءpٹ԰Sg #xOQcϝ2aОpSy)KѲ]W>S([Ӝ^֨`PaJ<5jp}.#\ y kz0Ӄ+.Х/d5bs4-jLKݵ_q & 'ZoR6ت`ꁫ] ⅣsIV-|:Q>b%.MݝN=ʀԑFr 4asn+Bu 4ځKaG8xp󺏇T`Bܲ+8|Ch5G Bn՞eT݄hc1;.o=ETcVA=2dY^?zSOk"Z.l,>Q NS\qE#}/8FƉƾ ^[Mwd8J%i[p-Q#9cW6%RnՏۺﳾ"긂 p Ƨ^ח/CQUhn{-SQ)\NS2eِNd@D9P~^~ꁖ9c S2n]$ѱ/'^1`]Y/6PhsV UH~[̈́*ȳqP }(dwx62ob aHq&Xn$H~{/s䮱\_VG,5I b1Zb#KNhSZ5e"Z.ukhP.S̈́^Mᚖ?T)9ʱF{F^m6QוXj QkH7zYCuZAHBDT4`whۢݔֈ0G!Q=OVwgφ`ljuWq)-p.~=#o*'>kL,Oq)䦌`u "ArTAB;Җs)/zP¡EG8p&bWZ =CK ,*|=A|l ǯCt"Mr;jKb˜b^2QQ.F`?WB膄̿ zcq$ Uuf190cbQrmB}ǝ%PҔ*J&&`*Z lE. DQI1#0 вd +%w$s\k3WPY$#H 9nP/&:ôXQ" _@tNEff(M8J4$iל%@h!o L>!lA!.n])~ky7YϹSG/1 k*p+54W_.96, ծ;(ZFgG>Ä)@dp0y 8` E`֖ O㪱h%\CTյG«NxO;q4֧gΖ&KX95m ǀ.n,) RɜaVAc+u{x9L4HD)Xqۡ>F=O°r?TVf 4CWU[:$Sx ~ʕ ֋mpZ*a>gքa,mdƟ,nɯ4K^&I4hih S䑐ʍTzUNˏXl!P"gq7 GDZJ d"Hl˅e̡x-,*,9sLOBf0Je--VtODVLKƚپzE;9:gzù?uI @ݭģJ9WMtz]zƝ1c/#>42SMú8Z &T?\="b3&!P#N HSΛLQbxR<{u\*ۺ9m`iO'ӏ2 4F+ JU| qpڏT|*?XU9+wDu>\R=S}RQkdG93% @-:HbUkglN# Oم+w&Dۀ>Tyf68$ũ߁J\rAIUBnv[ixpo&"`$>59ToNu>٩8V f {|f6?1[2 ƑR,fkd._cQ?$X#wJ岟t_RJ<4ǵvu#$v#W"[3)p5eFzWL cp 0lH'%VU}{j nZKHDm /:- >O8,!kˆ;(īɻkIdVN>_0-\b E["VlL%eSfYTЎQ $ o~ Fsn͜>a2%me K)gK&jB%ZZW?hQXN`>dpFlՙ>˭9HsFFqo%Zaz.3$Y^? :;R T/X415sO\q^Q }Bp]Ff aH֐8K([][$EdPfͤC; }Q;HtD/1W*WR] (]J{ZͤF8WΦ%R5ͰtĭRvV\/?拋ŵh+#ǍEdEnbe]}8Ϭs~}D}QL5!١?F}6PfUj[!#U%B%}"4N'k=Pl(1l:Gb{2eIoDXȆm;XǸE=k$ta/j"pb.u өCO)|em?D%8X1ڡs0F< Ur :Bin-oD14ǔ DKd1!O΃[^`(n3)Tut(sq;,Aʒ|<>acstdndA} Cs7P\?5mE3SV+d)y žIwTe޴$3t V*ZGLV1 ѹDZ6v(WxpCq&uo4ֳEO|Ԥ(>Us˳nE: {5Sr_5u9`9-%~Dhzn`H#*NB9I8ꎒ zf3?%Unh]8 f,-ۍqg9m_% ˧"&ԂJQm~=>T_׌_~lzrӓFq޲RlV :0'f`OMw%(#hrIFՉ{G> AccIcI(4 ZQږyfO5B)8v"PTi ވmW}S;M13$;^+bGvFQ[Iͬ zRǙw|7_ dB (;]* [j i1yԑq,L a$ >UBd]7@gH k= LFt~qr_" 5}WFCHRrKS Ѧi~őęH>3 EE۱1|J^{vںU<Yjs3!VٻysGAsh3K`}13 ܎.5[v n ŌssާmegW\di|Ҽa 3; at\$3ҷ{öʻfS8Krl*>u¼".yP{8R.G~p K{_A5(bh شh^p!yGy2f;Q;Nhs=c{Vߊ׸&o<BٷWiA޻C戔KW?W ƄNx)`"ȜoxE8DvoS>7M TٵzDh/5IςA㓺Wᴶ| BESD:e/e{j  ܅|*}J K )d+bIB)@Ź.ipBuʐ%#5} fw),Eh-1p`&M-n!jb޿kINUItЎ-I>FWxQN(}T4#/[AN=*EY6aߩ  }fshoM%76Cb|iDX?FlzГ8a6:LsW[yZ b9m5}X:RwG0}T?{z3W髨xe31`4iFk-$:9_P)`v'|;@8Ua}F$NR}+ShpmWbxrX\y>LH3pgU A tFi {F'CA>~$2>]ѝ؀m&9^PXzgzCj.Fsc9*\ )Bu^> u,8\ "7Ҽi@~eZE_&ڀBq+NV:cSOJbA(M(mCx>V҃a4M)ȵeux|diݑ%"BVȳ\~\t2~C+z -@bIHzXgR36іzl8P=" iW *{w7?q9sUU6VJΟAGgĔZ,hXdCcdY;S)XBafmqy$'n{k D6, Rqde-}ګdwU<2qCal鞯]z{ꭋKa:S\i/_B~+!tF}'g%d;jXNF;_CeGԗRe02vJehIi BR`GH6N657|MVw$%aPIϝT W!*yVI::VX^wYR t\h6Y'QETg;@]u;#z 5\& 1!~G1w&0@| &Q9dIGV$b 6 nV+ha#\͸KC?%ۢ%#b/~5e ?L^@ leNfꮤi(Oh6>]x,&Nj3HCn-.pqliМލM`8J3h-b?,rDeɡݻ?\lz+Q%1+Cc郹c!7h4#h7`˘B7] ~7OPpx!q/O ܳM%~(ƏZ̑1ĵw'줍X_1:6ϋi3]E #K`e΀uܜUxTq9vR1g޹ut?ߩ&WKYQJknRpSTYsMYT{3I~P3G5 s?.¾C~@ߤB#(jNS R`(.4:A99 {Xlx3A4]a#583MApKD1*+Vl<+^kg{MB˘d] SD C;9K1JSެqpCƥ"6l9w½xs~X0AptRuCqgY[;xV7~QnvZP -_:,uTkE.Ls>"%vU1șN/q{­/) Onykfby!<Ʒ&*fzec]\CSPL\Dbϋ>c k"ǒԊk9}2NX0V=cU@`qƥt\J"Uf0W α^ @kcS"lD ?2DRʅ|We0עԋ׍WOZ5 > +^p9mdh\f Ō>WMat:Jj' ⟀aT>$' &@owcO iSN`@ace8XĻM7c?x{VfM>(0td}U7Zc,:!zjoޯM?~{M< _f:V763Б .'S|79N0tIB|8gKBy2 B$9p/xb >e(gN)APƅ 2VP'$ y hʒ,FrG1\Kmf1>7*XLeUse|(=7HA?6&"GpA$eI<}znR scaM=q=2*uCPٿ]aJ篊v["6V/k|p{% <9jq^F;}-9!Xo;&b1 hP5KM;>z1 ÝW ʹV^*"/Fc("*4=s !  ]@ 2:\8ӭ(n NV*@|Of3^f <mҀet bRTSfW/i eh&׻ )׋|K)d&,08>LI׀%2߹T?g1qL[JrG 4}f#2_JI䬤g(*L;CʠǮBݞ9 q#ӑ;ju@wXп,Ź){!&*'ohZqdwf3³!"goHUNwFoYPlAX\TGe'e8A5j3da$[cUR65]8Ӑ˜@It^pߔg͘ -$pKfђ~z Ê·L$ 8?"IɇI0NP|W v%nS\q2B m"BIw}!)qFa[FĮaݢ轗#ygY| +{32BT+_iR>uज़xHp>v9Q9܌f\~)<G Zz^vxj&߸@4$P)-q* 4#6*d0ݒ`ahߐcuxs/k#jM[ek.?N|:gftʽC4' _6.^粢e(~^]ZD,GE̗t@w4:fY})Y2]:%*vM=+35Շ&vG0N*x _ ;=TkAFNah)/[2|[QJ?E'fLN|cf][G0qI !'ǛAE/rZ]9,j˪?iC"r6cpDF_ͤT(N8S<F]k +5E{]mZݟ%&5Qsb_{,#Ebv2䧀'653KaO/:bc2X^B-0\MIlwYwsjg[; u!}Ц_;(}x\;fN ng|0M-;R8&j>IzHAX=go)qv1J{Cnc)ͱyݡzco>۩fAO@AF@'}HnQ!6wC(]' 8D6Z׵^8uP]0㿇S_rܐk,)MƖ篷j,xA!+I/EJM/<+Lbr.jFy)) i;h_錒3ہt?6D 8tm0{ nطcРfr_ekZ*J|~ćMSU˜ѵIY>#͈,ha@._w'ejʝz҆ Xd_{@E m 7#f:Mw0ޮA!e@PgϨu[<+uyi'"L>qI;~$&uR>ŊvxA@AMܦ׭d?}?]Pȥ^4Y#flaf?:r`*"B<MH[xU8E]Gn b¼Ż=fYH3|Ր;+2**zac1{Ft6P#RKH,; ;rɔ$S`R:W ֘(gЄ*D KS 1,8Ym{#'Ԑ۱rw$Us-qDʦ& +_SVGNgKb"xuTg{Ҭnc\YP4 r.s?L\*<]c0ίvS?4":p5DP"[H%ǪOƭP@bs!n b󒮊jk7! Ndrfx=p>~+@:31-u?-@iׄINY56Uߞ{ȸ){Zc*|? c5bJp)7N+g:Istss_ᩅ"]6<׉CˍNdl`R2F7qKMwQYӈt6@X{gX[U_BloKC#qt5 VTO3X]R+HqPİdW2|$[qHęl*R XDKoNMݺkh5KI^NXSl\ Qa1^*d $4ԶcTu/ v\),[6nnw9 p9 @rW?E/\۝Pnn1X:τ鎄LG ? 7|?<"K4#7?.upX}26ukɌh;a}JOlVM4?~$Tl>(jV`$~71P+Tx܍3׀^K{c'&&7գ/K$Kgigaa1|*8dG=}TbTc&d}c"sqqRyJr/p'Q~'ayL Hy<_$v1d C-kϼm6Zc Izz(Gr [ ='=}K]_(JmԂgqsqJ` 7& fU+OrOQ;#㖇;̀rLm*:`oTKVo:14I/&ѭ| #UVqTJa!e?PcNӸ֐Wb䆡ʾc^#J~)424'zlh;?)I:}iԲp}_K&LțָպY(&v&%(䉘g(x3LWsݪ M˵QOwTYg 7e`Co6~W:Br—ظ!__X3=zUu{ٹDeC1oug[։Pb鬸9JoM[[1~wppTs *N䏠 ;ТhUat_PcYԎW -_hyԁBg3>p8fK~Q޼=Gj_8U^: g-A'-Cق`7d#ih"zOKKo73Oډ{` NJ?G G"a?N p a?>gF$f riEBC_xNEOiu.jX1QҺ(b[Em<`Pqixi~2N^bLiV St 'D*x,Nf](wO ^6Х?z0`;4y8b:-qUH-L&irm+R#([}5+w7jl66{  i{am-c+pT"amT1Z=aS0H&>'P`{vҚ] uyWhW 9nt!RBIZ1ԙ^ً-crU̶y {͹_oNKA'Z$W"ͿL"+颤FObxH"c#~N71CL{wϲn_$=8흹gIBxF C|"^p1ZDw(,9%atc{!<. vU" \s^ZFz3`cc֐~C1(JFM}嚸$ A/r*BG {, q5P%Xِ3`1\'][\ኗgT) d!ݺOEd҇aus~$Ul?ڒ~"!"' wyKBX3l$L-ۗK8CiV1L"3 IO*7Q-'(4`9,/B\3Ww*&I~唗D d5IY)PN_!a8`b*x|z |T } {P@Vw 7.?_Zv9B@f>{,WjYpA3x~YxE ˗ (/\(?>5z\*" jÐ˯s2O"A+r7&߫oaHbǣޅ]06rLWXqҾn^R^4sN/)Vՙ-mNNZ2ג g"@͹eC;4Ӹw߸][|*!}fuc5z+v}Eၘj$+)$l!fM:4X@E,%N!0O|'ҍ[xeW0Jj3z1f֙БS߯ 7yDSR;4It# W*EmI Kp,*c7CmT[yQ$n/^O3/l:?l PT'A髳xwF P+S+<~j.+BPbs.:Z̩.fozazΎzA~52#;i`4*2w=V#m)9ة{ɦg41O Bl,*h=טfW`5 AՑIWe0,'Cc2Tl`$b[i5Bu;~SV}ûgʖ/ּ'}-;M5Hm6{?FU=٣}ߏ]VP~<4lt詖Uɞh4>,1 O9x0p8vgc%Q:)\ʨN>sit>g]i|k4l4j+߃/kO$-W_Cx>eا+Ra :>x'?*"걾+ڷQ0eh~n4ע~XtЬBelmU:bZEkEQc\YǥhvSB) گ؀&n޿Pݦcޔ\zWKXj8Hf7uA[ J7]VL9<7SA7na>1ɳ>4b@B}hP2$M~G.~tM hـoln⾪.K:]"(_fAJ?AhxP449C fN ޳}]Oz)Z{!ER \`]Z_hzn8w|G+j {D fsȎ&1m@lqO˳!{B2V2ws,3VM f ǤG JD2Vk@oEꔨ֚2=o4Ԕ>Al3$+Z,+,yB 縄ۡp\''QƩYrUY/^Ҝe^ϸ6t$h'e!2SdQ$ b |x0n"ګGOǺ<'BӢFBRR?+C(@}۽Ű=YQ9ATF?n_ÿlzFF.KjLR7aCBN"ĪbO}:uu''EHHY<05ʏlTAD  XJ֬qgA0²E 3}?3ԊyYR8_Ӛ wā(;yHBA8܈F( =4|~Iv!3S011D{},zUEQD\hEDUkP.(dFc8*5TӽyN~' BH?*8wr}Kx?@V}B +T%"G uLWFbOa.D̥|8 "2 K?x0txe>mb2vޏnڻgsQ&>R<;CkhjMIQec{}yf3ЄBcq# AL]4 S•Sˤv ) Ӡa;8Eƫʵ=q4T7hm~ m1hS@U YoSHP7:\Ýŕ́X8[i9K'2͢tFNKc"hm0jQ'RwdHV *X!Ԓ&]}XAԆlcNХ:qa1iNQ_s2Q/{ 8#?P߇G>Fy\Lnn@5~*TZ\DAp}l#vOT]M|Br>]ŽqsCFݻOVVʳհzŜN7"~hNabٜ(\ک*'o]qR0-Nxg~W%z(k-:MBz;(N/QmZr"g+pQE |epʹ_Lvċf%@s&]=!K%S"qԿdT5O?|=suIO|XD{K=V5b~") WZh;>ڌ|MNm줗=! rӮus2|'- 4fbszH'.eR7{RI;mA<}:P o|\h- nN.^ ȝDB0`kY+ɹ39zA0?xwmnқT!7rxڈFz`dC{qi946k&ĎBD_}sgG0l6dBKˇ9ᙈ>?/ĐoЁ Yj6V̈-Pz'a*\#g^%o<E1XU\`m/1 dJw} *"u*+{DpcGc³랠j;@5mӮ7XG{f>! K_WFEXݜ+OD@zY̧]F`\~uT{(E9*<ˮBDB͸E=na3B5Il%`M GކМ/l%#~($ )O4Zt-1]quAbʼ otqa.|U#wՙ?Oz`Ќl7E2ՠ&Ć1MKE$%=UIzYWoZ=ggnOJ5|MGFT? Z= `Xu# 'U81"EYj|xx]ˌ^hw)# g1"'( ;;:%vy}Ur x@Gۥ:o^C|ͅ3}j4*?mJ_|`Z;!'3 hx/TaxjE)HT ]-kMMdyoG ,P=ǚRv&Í=g&κ$ָػ#^{8<#w4C6C&x=2A:9փ D @ٖXP(<r B n:IPT}2-{$"}(&>l <[:;f7]B4 s)jJ=<<D ;0>cPP,RQ?):y6T-ɽA]ǚftU؏w#_5Ghfo}S&g?t-jl]ԄKX0>aen>z.7uH4Id^=({AN5p6"88:8$HZ?/CnS.|XɛcNv@ l(XXj;tEݚ>"]V:VgJwI kJS*6| vd7`o ,Q<p#C1H5isEOkT 6`*NwVivy&Z~"xZQA)wJQ>Qtgx%}Tܤ=P:շ*iWV2ҪwqPQfl- vcxsR b=b#2h@oΰVJLQV'̴l H?!?R;PYa&xAAz OUg0EXG^7#ǰiTU|RMyTN @A)9z%0M!0j8 @ l6Kt__RU}Wt~ͳgp쮈$:S} i LC/j6U}[0lu~E}R'D4 lqaU}p8lelOP<#V2s]].1js mh?A !,_ן(YJ-%NToHuv"$ aJ;cXdښS0r*&t1bLP@VFA"C(a0|gN@H˃%FC"@b1(gPRU7a&JҔH,-1w;fh1/SݤX'u OϨG3_z`$@{)3-i!S|{Zhům{wG _8Y/DPtSji^m-->JįOX9VUg&!Yē9PLS+Ɗ2:/JhZŅb fɩ*OB%ħ4dZyR٢~yo(|;Ht &3e(9#iҏid4 k#au{QvZI1m(.|ٜwd Ot,}/=tEz2ĉذ?ёg-۷3B %EY3 %z, +IY.}SPH~TFf8sW^9/_H[i!p<*fgAϔ)R|\ѹi#HpWěsqZ<22 ۲#˅ FQO/F899w'DU-'hiq2aPC"}&w0qNsdbg{l3Sb*b/S2Kw{_/W}IC<ȭ;Hz!Y:hڇp%Dɗs6lg\EVjl|!&d,rM%ytN`㗭/pB%C{0B =xТ*_JDJ"6J$g5 ' ^?剅$iTBסT侶kKl)T`1JPM2 F 4z6? 0V:eLI2-"ʇO*fXDEGݎUfvCЦ=)(&h$S#'PUvtWϳbVp5D6Jx\A\kx)| hCBOl@Fl[BI7FW8 uX:lW$,ş8 *Gt"~OZV<-udBOD6/ B@SOVM{XWiI`":U΄sen^rux"23.*msIv) q~4%?#A7w?CD( #Ѭ ~l_ e")1' Q+k$;NҩД#>QϥF+\}e0X9SÓ'R8'=k#0*v>\#"0mT´ۇ6${;ҋ`p3Tu[%‹W R2C(ts[đgt!*? `K'>h4hn Bl[,pmjsR\ .8{M~cQzt Ý"`£m޾U۾3p d6}ǿ*gbu;ܾu_qJg VXPm5;瞓jBpP3<f;I.zϺ}qYclO }i30Qa%-DѼP ~{ON.ǁKSg\ Q/uJPu:N m}@m԰T }w 6[59=:z'`T 8Pv ֛֗sZ[bCcnǍHO!_bַO>xky,~sO>a'B6= >'wP7EGۅ.~970b<@jCBq_ {)paYuqrf T9uc,<1B{Z9Mњ4lS7QÆqŲ4>I(g-Ƃa-TቲheY0?zmԌÖ3P-l7߸ nc,F/JDws 0U<w#  |6ܱ܃S)ևj?3gYʊW@3&<gLGr4-~A,"ۛ@V4vACka*[ؼƍ%xWhTGoǺu$Pw^I [h"eL/+1 zq no"\K =ZW$߶BDR/É2㳚u[:K:@I:.nP0 9Cng`SҬQLr%dZ/U3,u]*8U%JML$D!G^ŐAt]=ÝiӠhrÿev{F̒EdV>z*XD>2!i58+u~4ڑ҅kI( GӴp8niA6dLG&h9De%tx#`wwdְ1ܜA*;8t殫-SvZRCor>321XWDp?z1x,zN̎`w^Sn\tyq37f4xxvXG yyQRAz}! .9ydvH[?i&b3?y?#jA6LZ3mIHa t!XH?//:ӫd#bIYo͌$Io'ca^̈e{Fkҳ Qa(P7T'WQd5m92$EV&F#!ba.Pe{B>3y^6 Lхֻ+BROCs XG Y31D!W"3:~YJV(@%#TŬP/s6'NĨ<`vHti+w(_Պڛm}{I0iī>#hf{PREen1/ZAYE' otҁ](mcY7Ӳ ( to{`B-'daV^H Y PPWC\_n_RUX myQz%IC# u8~h]R4)F~aڅO+2Tx&{N Q󂅋evœ }BAYaekMm+ELЊ=((UC/܄ֲ;z{!_M8UZC5Q~mw bΩ'xYӈ8ͥېGtθ!ۅߋ! _^{andB k0XIgƁh8#XhS]YT78ҏC"A:ŜvJl"^aܬWs!0bd[GtIHhv4?2+8i9E ާ1N$feHcDPScY'(-}?՗R =juLß$ujhr *RL=yX!2Dev?g{ ieT+$UƵc $T3 XBD$*[i4+˹(Ʌĝ_% (0MdQsB 1F5Ŀ<䥹@-џ=s4Vi.gHwT #<DvGF(/ΗfcM9Y٬)@d+P7`.q-l}]5!ȩZd\gp(.œgbr<V7Hl6&_Vf\|]3},ݡ5.= x`` 'q24U[{GJKF_笥tcJ(4ɰwleBȏL93qYE%u꼥V3#' el8S#O}/wWVgQ.g5R%XyJiY)_7hmҒv+N=y•gY5x}N(/oQ;VѤv4BL8*dꘄn/MvY:qIқwwk%`.YwstӇb̦Ǩy0 O"DAXP+?̩vѨhb0n 8hF7e31jV pӑmWnJ3-+vhqS\Yd,ۄ#*4}$MBFE1 f,ki5q޴ v*XS'#Y-;elcW3APL#`M#b kQ$Rg& +B mL0+;Iwݫ&5:>aj5Θk왮)KcgXC"5&۩E8EQRlSN`'vTV3CZ0FH h 69EhRJ ]k»8Yh g2j] ӊkCA,- &$N.HX V|1HeYH>;N5z 0Z `+늁3ȣ1٦N@В3 ;豲.EsQ&b`6iiw= sMۓA*R5i}[R0ܺPmZfѵ^%aвtYU{ P?^V_HtسhO,I&qM/6I6ЧgP`S,e $B ꇯ.`tǹa[as){OGu!+)V,vzZ4}Ft/W oyfK4yޱ `1o׹Fq. #zpIllbm-NU#ڼV?A'# :(S*`IZ'4,js(Ra?Eg :iZ):h{ágߛfO5X4T޹|ߓr[$bRt. fn[NQ(,KW ͐7 5W=jt-˿H3[2h3([Ahn& }BY`"%WsKX}{CAzs dB-easP_j\Dv\;bƣmMfGk#n,6G!WNvVZO=Fo9ɒښcKUÕqԢY@lbdUYnO#Oq wi LP Q)@*kj7a8I#fZ^㻼("xeOp['%{}2΃y_;f_]fjTvӕEs( 5Wnj1x;Q$*gBӯ61E]T9hi/n<ϊ\ޞdMf* QXʷ/ǥ$xəZ.n3E7EyY赓jE@6ӡ\P+Ubfh D6Qyb<[aAb_ȳӡ h=n2,3 SKjv }Mpsvf3. بi?29]Si\,iMFo}cHDG㦟G`ZjQvy~ zas&Rc˵e!rW4q,%~9<>4{R~e(|=ߧ E]^5|GYy!*Y]$~wK@9O{GYm|2{PO\gwJ>`^TCDEg _ o2`Km/,`p8U?h|BDB5N"K,#o`ިY}UgQf=] ^tP!W&םOñu)c{+ܧUAeS86FZR]:?c u] <ȻEa0c.~f\4 cO];VIqS^3hrcc 0"=?~qLj<//UKАʫ%XBP"%P;TdӴD's` -tQߖq j'P2&4?ߚJ{Ȑz0%'+秷ߋҷ`B(5υ9uҋ!1ڼ:rHw]9 8tH!F1U ۆ*!Kx8pF/n*EE~CqZ<YD#Y^ãVR8QXM+(}t$om*|.6 {eO4uR:Fo"?=`MQ ~ yu8߂$ޤ"c[~bSU:[Ud :}6Pӏzs+Tun`-@MY壑)"N5 .:(&l8&i%[\ww1 =gVMHiF1lkB j0ghG $t(豌JBiv%hfx"Mz )FM}a(moGxP13ZKЄNKt⏲PS7ޝ֥ѓ׹ >;?NFp@D׳ Tҧ6w1vgoL2MPjjtV$E*Jy[ ߷*TCؘdd3e*O%C_*]a@~oKãb rq!+c"]Y5T4Q),B lqQY:J覗*6!@ f N( (3uӑtEQ'<BO}"'Ž5\KH'p^I rٻ@+Wq!QV^2#I$?Q_#3D$ -뭮"@%"Q~ǖ8|f[QQ[!7Dش10k/nP7 !Ka Jq'8>ˮl)t;QvAyP_$,2⵽GܣvwAvvL(#yޤ!adZ5; [HPt#rb'[/_qh9 JPI#L}E*L;ە/!b;vęf@TpV7(#Ra57v`y5g yzz% 08ӛiuз`?I. Q'5p/<̎=P,Y,'B2 |D+t7uh-M>fJ K }݃PL#bꩅ={i6*vjBA#e>p͇.:4"*?j]A2 E!݃&S"x/]*zcZ-&hYʛ4MTnLԫa4?'sqi0t:L%$bKWl><;Ӊ{%+eOf x l&l^yJ*rãwqS\NuȷQVH"37dhqu>@N k.u8*2B (pÏi-J2^Fi(o*(RGxSe &7ϣ ک:IQt.8J wmJ2RgZPvsT*#Q4ˆ "\Gl)JN{pٹfWBp[Њ62c9KTz?a$L^`/y"HQ   r.QFO۵[8DFaQ ZKs0 /-٘N_ `I4:.-gҔL4|=.%CZ!%MJ7/( ZqD5|:Rf'kx q֪NyMG!JqorMc] fMy埽jq43|W9 #]h6$w֫Tց3Q38E{ Y,l3E ֶiW|l>y49@Ƶ=;$ ߸MMkg sGpgBԜ!3^WwCl SLyVs. Jp1(;!6 w=6fLFAL#י?I=YEQmmyjs o*p٭QOR:[ 21@r X`n{M=uԔd:񓷂6=U/Kטۄ&hkXrR= \Ҟ2׿V97uVU#AIZ؛OPY9ymCWF +X4Qrہ)Ȁ znP~IL2E~—3 NЙlBIډo-0 00?pJr湄 S0J~jڥ&ɏ &_!JYn !ہb6+{sQ.D? guHk,fCuF ]bVغ.9m=_/׌f[FJ&v֓He9HHA F9!zgfHd)l;[f KH%Q`gdX[<e#0u>:_7iBp qw/sdCI@dk&w0-R0ىw({zo]“#r{)~iv&mEʏϚ$RX2ӽW'&e=,ME|-F'&q/Of]]06QBB:y[IӲkw҆ϟ 7g.'{tB %T?0S}؞Ui{fskШHODaow(_[iR6S %Xxo7`&mݟEDKo8D-g=ĆSmUQx ]d=E 'bWxNo+tzR`Q['|52ݞ%?]R~׃~"{\Y|F$Ǥ_HGB7jZK)G.ͫ'8@ h_QGc #hڴ{u, k/`="P֙J`nǘKЙI0%KJ^J,c`)6XBh~%_At/֒Igk8s b]C}*iz<"v~ uZz(0!b) d)3Z+%2dɄ4:v"~*m=?΍#X(L KzͻIޓLy%|p$~:bJj_`| H6OJ 4hxZ0[ &#JiNpPv{@reri籣Zc^ҡŝϷuq vcF!,_\\@s_ vwfʔ_Q*CnMM:EX`[ ]d<3dǙ[lev tv@ڭT"@~YٸF]wL,V*{8/)>l&)9Xm3?*dT)޶J56ZVKByD66k&!mt%6 r]MG1WGCdT@b\239ZJ2obO>t܇7_|(Dk^<0{)eHB1m$d10Y__eEY`B1x5!砗Iz5#Xӑ^xa!'0(/ǥy[b% ]GtޗdOSc1M'U E15(8B+fk)S,3LY$A_4)l(g_.wi? ) SEASNLp8ݟDp>U;W 5#`ujP> Rx/( cThˆK(>OX]6*Q-w"&wq-u.\{}zx8 Fc;N8o.uAIFB+{MnH CK]pOL8FCOk}\unh_BpV<].C{ c2Ϟ(SJf1kvOjJMj$>ZFċ#0*9kv|0 /2vy'@/߁ -#@i( )nE=M~`z@nR{E >5o,{f.0DNq\/l29ʋ]4M6(RĬ Tlc2W`0N ͣ/+7a2OmfB*.?j_Z5gdXۛ,f%N>Wo*Tﺯpr)"?h5X2 3A4iu0HX0 *< ] d}57a|"tP[H0CA(ENnZ !+SV)2Rn6鑐Pi|(vB# 'C;컼<"8N4'R5XEqJAv_L.m5\hXdQv/`fkۻٞމm%] VgG5- tjqJ0v~jqr_? ׳,T{6uQ;] 7*H p/59vIxg7iծ3mW#@KK/ґa;7ax:&9 x0w8%{s҅ƾ1D#ݢpc[OHvу7FF;/kR1%W# B<4p0Aa?5|Ю¢ihh`i#zN.*ȻMJHƉ,͸֜ g0ηZGy c& *vIv ȳ>IiC"|Va-K.[{J]HzOGg z䘀#b8Eq!+\'Үܔe枢*Xb] p_޹z|ο~;0U@2qkowHp q?฾|Q p?dcV| L܋  ŶVln7&3gyņ ~d= ,;Bbfc$ G BZ$v 7BTu u?~X;zĤw4[D\;TjI(M'#U|W J nKV=r[.n&(Ҿ}r@!%wG 8娶~lwr* q!P66kf8?y[dpqioߺ"~jh~/\#_^ 5仳kEUtpSթV$3eƮD)[脀#S+4_.g??T!U-RJ*`F-2ɮ3 xN]P^nY "MU!)YvZ"@{FbmrQG+L (+j~ETvr5}7xor߭-ƛ w${pA٨XZnm )cfolfFa^W,bDx4߂Rm7҂٪n(ڰ=(#9aIZY@t`W(CP#zͽIDѪWcN5dPrЪ1u\h‚b(VM=ͼ=qe E PJS$JҖ$9= AY1[fQ&(U_Zhކ'~Ia~=CB[K y ᘵ~eZ%ncpJ dr93B%L-3b(Qѕ42J1go`""hC%7eI, jJ:ГdM V&] G#p]Ggc,4'Qy tKMC M ܠ6z!p0Up1BV(r5eˀeM+()Jvm{S޷0!"bp]/ƴ5|lܞ3 >k8q-XRx8u#n}ioɱNgpD/6K4O9AQ́[]ܑ#\YTI ˃rsZDUbjUnZ*B\D6պvr"jT#F}fvcYp䶍 iqI6$~8c6#d ƇD5Bǧ>l)U IUc>ҹ;HV\g@B)TDi07Ć$Lc3vIwf![8cָ/$T"nI0eLw^HϟS(X|r@꽌f~w wU=%(1솳3oGy$s&-ep)ܸHV&n84W_L6|!E45HE_!1OU%B!F#|w=aoooVQ퀎0L`ApNȔƼzx3V+k1K зHIhMOBwN± svQT 9. *P6x#Z_ J9װ`w/ ~дGN "{y$WO2`| 5v[D7>2C hթFA% %K;p'mf5.q̨>D%g\ih 0H98N#~6 .`OVg)7q;iH*k :ĿJ]֪Oںd^-sccW_Mɂyl⓼OH&gjJ+_H-~=5w1M|jgn #Z42lTN%dzP{mk|,>0`Ǖ^:b^,Dno@|((ݲz=2I oiHƘ69C٨6QkˆH PBM{+yt?e{bQ?66 W$W}3M67ЕM;#I:„d/Ǔ q .y+sۗD¶i[/dTB^tiGݧ^3v ӹ&;֤zCB1QӟnUD -=Ųfɏ߻G@:ؾ; d ƶ HhZ*sZ7H Hs+ o\W=SWVLu0A vM-P[:UbuLfJ2KNZ -{V5jNGhĿ k`)-1m|{bs23g;^(c¾ay$ԯZ-&Ÿ>_GxM]xCA7HMlHߤMDnJ[G*Y?n/:k*F TSD{ ~/`{ydyXP͐+W0Fd}NM#Hj[˪@dW+v|kL8Q5m;'7𫛐"IDӈ0p5 ?});5 E~BPBٷ@siG49fATy2kV;{?I ]]N~Mb&hH\43>gCeIٕp"&z{d ډZ4wgXUrYu0lzAT< o7vUۀZG@}n;!1QאH A83&"EЖ;H7!~M*d<;/? X^,t$p HMZ.0qC=K WR69nrQ`/PWr%j@u/֫q=>do[X"7(N 4+,*7*OsW+@"kV(\gh'&HVL4s.=%lXLrt/q@mp $b/۠Qk+GeӨXgd8'Tn0; -sby9=W*4NQ7Q[Nȃl.&,/DɄ2%峺xf'Z (•k2 SQ/WeG1)gebj۠$َ-}is@øaX_ (躧taJ˾V4p>[Z +J,vَ'HEo(~IK¼~^tI?h&_1=dž*' ӛ\[k~^ǹ{m^ږuyd&e0M?fuixe}:]`0C] OVdpӶO9*s4וWhdMTLx.|B=j<+b- JBqCw>lz죚ՄAy ^‿PO8vi@ .fX#Vvj"0%rf؜:6@ȝUg)lVޣ<.-qװrPF !fQ.*I ݭG 6{-0bk&k|e,&KܷjL n[c<Dc:w]=X]"YsjiNK>م;XT4qkm$w1e `+-}w$L^DkE*}ϑeI7Yu)7S07dX'׺;.|Wgs_c\LޓysS߸F6?)_I7(UJ0MX!O2_o`+ya7 ߲U:?VNyI&+1ėV"Nn>!9w^~ -wc}pM\v1ks ԡj RW4ڵ04.nGhnh%Dی(%øEK#­BCi{˟ lV FAЀ-%D@~L'!;@2gص0S[ %RD[|Ba3-gչeg_8g2D:: ZΗImIl[q m]=dg!ic#TD<,& 4CK]s&4R'LxF|,f!@Zء"ILM^=ߖCEs䧥Jő!7 FŠ}3(3VLaނM@r$d3~VQDcqLYHyl_Yx!X8nJ)>yFeEHQ;>N~B(W,sj#lPK1uJ(0K?vyUN(;_Z&;⽪cFҘ6G\PL'SݍRgӲG&EQM5Uo3_uJMtDA^+e/X75f & ©$ٗ+щ|TQ'?=8_AʱܙsJ32D+Io;$3<}$8Ι\|l>R0GkE,6<&8EȧViBkE8?~PiESRGe Y-KyCƶDI)5yEA%SjJ$#pq_ٹ)4CuO@7? ɩ'D!fǃ#Q/MjVm u&PD 2h\gl>Po m5KyY§篳'^_fQtK%NPpl;FObݝ!,Hd:9ﵚ,a _"FH z8 mf ^JqڠT߄UÿY`Y;2"zu/~"Hz3o2MU0 K{(J+,4i-Qb^SSeD-G`<_ȟ9RɁHTAĪ t*kj<1,V(?S3~*b0GXyҬgܙ -syX"-׫]g|auѵQ{3>qe(9]NrM/IŸa @Ev15d4C;ꁲTJkN_7!$"&IvANހ丅e \g#IttkfBY}>0!R:^Jq 3q{ 4JÈN[VSbAZO(c`|;v)Cb&5AL˗ޚFXS*lY|W A `. 8ZL^L@X ~+;*N:MWj[Z~iZL#T-W$eBeXm:OvF>| "_Z?>En(r}jTu&jQ*bƒ YےV10e}T4IԓN6;2YZ~/E~R3=pxEl<))$V5zEտaAld/1{,/LP2#>ͽ+»lTXT9~bmH/c:YvDM̤wV/R%* q؇/כ0ƲjSl Q[m˗EdC$Ǔ@vT͹HJ#T>x0jH25gʞO{'~].ōVUVY&1ƛbm U՗a>r}Zd ho:QgO,ao]Mk6H h~e#/LeIO.3»5WەQ}&2|w!=q j u3D}y?uf´wϤ HۊDvC&1 =R9(PäQV)d@iZ[7A'O$Ҳݵɦ3IZNqWB^1$GJ((Tu7hU;U`]NXՓjL՜b7 9 4@e#pC^,wUt4DGBnk U.ϯ#cNhD4zNbbSAUHXLW{pe`)(Y]-n:jPk:F\6 ^ *DM+DbEvR"}:2k;޷KֱKD*F4he0D8NKǏķRvk*5t '9Aij.ʼn3HwjGl{n>*lPt3"v"ovyn)DTs~䑖)|,O ]?'YGEs:c j9eP0Q=fGuI?+e[_O Ke./2̪p1kG=g8agaqǙ%2'e¹rahD̯; lK1{]8K`Ul !r0 5/f5%S8YB|+_u6j]O"Eܸ  6v!:$Z\Ph7n]N4K:mYm5!9/Ƅx4d˕r;8[tW%#a پf6/v>}I0}U˽ -w9]uA:ݠ\=+^1mo=nncgb7pt+ݴ_wՁ1«vmRnۻ/ h{,Ժ7xyu^^)$9 ?;\7|;KLQ% ` 딆P<֜-?/̆MK1#[+1w Z <_V Rf2AX5282֬ }aQhT*Sy` R,͝ӯZ,ceAES[XL(ѼXAw9s2niýWXMIY;yBdmtqtF™!BSpASP Ybq=.nc5.1줷YNٲi}^rɎ`ZM!g"]M}6 7F`pH~YYIJ Z[ҪE;KN^19V:ʰS2Xbjc1 s`NjGqk*ҝ:P4aHUa PRE?ԎAk'''B!*X\YL`:6>f㖟_mtd {n=Eَ`OߴBnJFCK󙁳v~$m m1#lZJ(Zqë[u$mh\r@_6SwhgXOMD[uvX0ŜP&sAsF<3QY~e 5?v=0iTridhDj$p9>{kN'dYʸU<_MsD%W"&)WJMp Օ5]bJv@TJlEM|(10OC _a%JfS3G?KW'm;ŕS ?fsP@R@^M{ܻv=zeQmWի؇?oNi- M'XϰRި:_F%hcGA? h褓[9ISiyAU ]CvvbCr"skTs2\|,~C2ʌlq޹?n@@mdCu{l9]@֔HGoﱩwfqĢa (l= 7K"m)>'v<9@9x;rg;*/ ;liq hvN;X:_ Gv͋/F@Sef5 ϳ| 6cp8c]a \rjhG3 !yt*d ITü!P8A1gi1\> L)RsV"ubNE-뽫$g C*2a`Ob`L-;ͨ#kSBBVV`i-;$_2ߋE_qӀlge.Hy i)7 IDQCB?+y4 t+dO\*M?Ob{);QS=a'>&`b9%^|NV-$?P%)ΕJ*Фe=eD;We=*?6x* j_r*_3Tx&H {&o̩uAŊRQǣIhB5&#au($p^g'P_˥/O\fis8a_j ubƓ8so)aJ"'cܪStxn5BEݏḄ:ݥ_ڝ邊&E\<3datsCuu|J˴qupXӫwF(܅r͆UFx%#jxU SY5=sW$'@ݕh 8JHFHrftpR2fYt'0S'腏5̕NG50ɉ5cF{8lI2~w_"Ty_vGI-P@֤i "m*UtT31bF,"S.N'v"?wmxk͑+8oi)1pD#^ &V)MUk[!=0xi881D`6|[\lFFB{IRXu^ J#ʆ G03[ew+Ccqr d6bJ?ܑ<2}i+jOׇ>b!"xkNAuGKos8i_Vf^9$k±dX;O=y4P|4GVG_-@^iN(3L~V榉36(Ѹ=6=-#=)+ `ve@6y75Zx)*UNzVK~XF h*sD:akGTO@(ELʩKX,4ЁV+X1s}-.8j#e P&/Ilfއ^Ң$;s"S Guc]ݖ9b, :"4h_:6~@M+ wPvQd2lf7m Z: f#Sdُ v7.cF>!ƀxܼqUbgIOt5DZd,;h>y+jhmmr>0<ؠif!)kJQz@=j芨,1^ sҡF:'tرZpG O/NEQ0"FU٤*M%5]%&o7o*Z^eX+u[=gbsЧ:ɉ|^%{m/m)@[O6ZBѓ-Y9fD\x B<>m`{1p4V`( Sm8QLq:l,:Jj,z1yV2 fF:wWwla  x Vj9yYs !s!:]lv%_o%}(d?1m5%'@P_VOiNYZ&[fޥRމS4TsWuzlJf YS"Q0(>I n 1Vɧ~8uJ΍d%,5lf9=U&#v;(Y|c{fVQYpihW,`2%\Ų5v$^! )ڔ'\pZzpϓvpX QˆJlZDaUih >nˇ #oam uF&D}1/F4VaApUm6ڸo%>@e3aWJV@0}GXt3&[gҕ(,Si,=VFgCmiR֪V m%viVJwdtIhU,Xk#p_k[q&2ozsLqDGކ1jEAū7?;ݔ\I?D0z >NrFeo2|#oM&̀1K&~YT Qm-g6rKb;S-t.(fIW28_$*L,5XNN~5br+z[)Y MO/UWm WX*4MY;ӯʙ?úoTddAc"j%-Aué//nbkn {o.g;%B.O5Lx7t bD8Us3E".¨g&6Ԅ3ϨvɌ4u<$D;jʊ%pxޑ*Px 9p̫ʤ)M uJI-ʗu:7 LKIɂdn;@#MɖxY,/ _) eE<+[gA o~(^bDXk & 4"> {(U@_ۡ[F>SUo/ 6xUN/m3ΐ-\7G;ՂA }F{/؈:!s817HsMav;f* Sç(sC|┟ c`#gLZHY{=tsB{sHtLT7T0V"s,;q+rKI =z7` ŦsdLXu'#AZ k[6QJl"d)w5/"/3vnwʷH*JX̍y*Fu*on-6fI&CMbBGN,)f%΁$Fd4 քL;z*@QL/9ѿ+D=cgM;rrɩ_NnC%ntFO@S7(zhȡ_x,# bWw1o 5tU9HDmb& ٹRF*A7P/A8.(9 VtW&ʈ`0ڮɥ\ 0r_(v؄w8TU콜{;"\},vw&隷vU{oLxЕ+ Aa/p[VFݒnɐT5tp R& 6 Y1緩Stjg`+1Y8aHzl뭦z AE Sz=hN/`'ж.\x\VOus6'UIee)iǘ-篃){0|nj3 !2`DG&חsqu00&3ߐgtK/cHhb]Ŏ5s_Įb)c.Ei|@2f !N#|z]f-*\u1Fr=^6osŀVu1ɯ0rDH ;3bTs#| >:44v~i,չF#l$n/ 4k[—[R([x|Q^䴍]#xfb .~河ldxةJi"wb;jn`+%ǤWqiz}'>T '{_yɜt2:jq= e`e4֝ (ivڿWV=pL13d D[/,w w(]n,۷caW|ٽItZҎ%uVb76:vp1=}#;#6B8j߉SO]Y1W}P&lQ2b"oCոDK=Tm'őѤc\aQwXЗLoXSc@x},73RAr#kf:y}aAb˂VksKϫ$ \vfzw+5Piow|my|PͥbuU27=)lfM^gXdE}"fΫ.s_!Ey2 b5 Ca=Ѓ>f$r:1,IBvV.ӭ'^/\{v[O ADR|OIW|4(Bb"/3EzDidj$LB ǡGU ÒS-nu ,-Tč;g52󴰹|\}k0K}ݹt:3XUz[LS43m*oKuC/It]]d K'gRr33R=|_ϋ_VP-!3Cp{aֱQfE;tHQ\4fYbPve^b~fqbFYD;2eiТlhK[PH& r젛v/3AoV\$ 4 _pT;ަs͗%,xIn|n?:8JZB'sz!d$ b֍ AVkkFb5]P}Xa > @V0J0aFp)m깖&W%{p F\~n 7 * ym48UEwme_E&Rb/@oa8ꌔʗJAחGRYΣJ3#3J2| 1omaXtCbLׯ ȑuDt&% LC葀Ѡ %_eٓXȥ^K_MO(,ky\)L2#VI8BϐI. 5”|Pe[ * =o׬Fbσ?2<[i@D o5k^zaIJtTd9yV#n"*Kr'~ih4˵U]/w=CoxllY%M4LƂy_:>,ȱ4Gw1=: i` nu,M.:1$ƽEMm]v X[3|Aw%=7O[ن>I2PĥH8mO[E9:<6>=D)9{*KR.1#X $*ڛvL r TXxDt۴V.}O3Q)5]KGݕ/~ ud/.Zxn -DΓpJb#)LŦAB-n_|}9!+W*Yx `cHZ68RS Z+(HԭsWL-ٿ3&djy'\80j]/Vwͨ…u]:lx ":k }|u>^bJ SCDN M6. n=~8!`rIvlK4)u6Ryc tN;۠gbwJ;G]3x7/Kk8 L_GjK܏38N3t4TE5?Zξ@DNC8tf>,l J z1~[<+lȒmsTB?êWh?igf44H~sgM`K.#VBa""]ne @'zf.UԍtHM`}@t>< W[XvAjnC,E1V^-8RK2Ϭ#[y'*q'_tvSe",2JR*%"2d>oq`=@{ n8KH(b#6A[6gG4}SB'I;ɦ碈0H pxÝY[m?[NRx 8A6 (c/F%q̜=f;8TQ)͉Tn3;GI; ϰG5G*Z/T@r'1_Qb%nliOE=/qB-sj6J)^a\bZpLi=ĝY4=ɎW4<5&vB.fiHKxfPavÓk[/;͵',KCd PH`nZpVJQ;$e|sЄPv5<I;.dtZt 9n6 9A) {qʙқ)׬_fUIOߵ> %=llDHjp jp4JlGrQdl%!+QIU\7/] d(lOMǝuuqh'xF2Vۛ:_&E Vrd8b%-?rǁ)51! ca}*JQNE7UPm^wuڨ`r0%JG 8˰%X%JIv-DUmmʒp6/(5xh!v(@Tëyl :uVJhQ%ZѴ$8`MNK= >>_8T<lHEtk4.ֲ>P( j&%_AXy.Bpq6HX &*q.7pom}s8HIug)JBap,;0.w~|4OoڦSA48256kڴ=Nzwe:s"d%KC6Gn-~ʉ՝0vɚgC2ohqѥmSof_2d Yy11V[ppr'ų"A.QR lN!@EL o(ɧ&E9kjg]I [%!Od|sEc=(Ƈw:Y&G[ 1?{22_!+k@,`9 ΉM̛):aʻ"yEvEcLDWdS}PQuU@QggCAםWaC"Mh(j=f#uc5JxߙuZЈk>RT*kUyv#! j/o\{*8JQ Nʟ{)QHVPќxdhDm8돮²TࡱD`GqbX)~9z?(A=e8z}T 0 dNLvZNv r"3Z9B&՜o֙U3XbXK˜{}B &ܗSP<0!>rb7exX[ׯ1,9.cQa;d}+ _G9c6"$qde9O) .TB}PʾWNk#NcvgF-r5hjtݥ.)ڣtLqPX-xl^x/mCp͸i{~MaX.^nx51%zΡ?<,ֱLಗgsLkulZ pz ."" PV~ޢ|޷}X:{F˭+ڀQAѻSU:Lc#]dy )yrr'a8BA/g1yoȣ&>u)qe~e‰ o " MJX&?IwVWpͦpc`cooe:eab5HKL)t%Z؂{0 b^Dm ; +qۮ[+wXO h gۭJq{e|a B8~\j # y*4!B*xGFz¤R?zq*FTB#|N7 `b8,:&t-rWt* $ RmnLk<]f"cg5*e$;}|ҙ_.?Χi38m2th~/nr3A$K| l(í%َM!l$[JⲔc{߂@+PU`<|~&5U%{7x[t˯XG<5:. "_X@Y(y[eBG[yNDc&"y xDwP8b9"H#[X2]}m yq/b_iQL3Y#kECg)LV)X:B@¹.PR~,,|f"~0]ϫ'0M6(g{ !/4(g|n`|#cV@3EsUMt9W1DpF?XMb *'9A*zGLcFL̻}PȜ֐Si$ugz?+sؒ Nz3\G@]'YSq&-7:rГOJQܴl!nG*ZH*za2$:ũn)UB3f(`.'g2ux=~IV։)Kiw8<ұL[8fk#_ZE)Q *)>ScQHeYድ$=vw<.^ŧyMYpL.ޡa=h$ W:X{ >܉~UF~(3iØ3ش`4;}zNZҟ-DfDe|]3 I+BXxtr.Jbg%AC#"BHCt|L^&!'$D V8-; {H rI0hr)!L.r:ODgbYpA7ߞḿ5@خܡkrI4 n9-)n孼* *fNU[mLӼuw)GuB-6(`*[fbYtn 0z=0X݀,'](,gEZ@JQ*V] sRu=8DUMd mpfUc qO@4_sG\{z PVO.yL&_0?#߳P"_#FB&);]^ i>$П0$~6惟^=ٞTo o70TvB>rF$d?g6n> p_=G4`.jpmk>(9VޝL1[S1TڜlpjϬ& 7YK @9h-yb$,c4:*%Xv^>IW7ma &kأ"8`9$W+v軱 Fv!o4uERp:t"O-s,Q4y"Oe_%EJ?!P"|б@NO{bhOi\L4F2Ut3]țQPKYzCuh# sw|!}7gU1(xH4d7B4 JE&|l3rm}W\]ăIEKL_@_ro_੸X8Ruf2Ǎ݇XZM5TޗF\P1k1K&ĭ;UiFܚ][rԊn1Ӓr&߸ec:F"\@E_=)5'sk ~N7rIըP<_Uر<#&a_v m5$zps][h%gj&P$vvƒUn_PJ^^8m&yi -aֳi oR0g#mD ɥuFf,cy/f\Gbh"=b!q.*OSꯗM^6DIGEC-ιNDՅ.Ľ,V=@ ,(Q7ˢ,Lj2tx=+˶'=xD*D< _T'KMOWs/9 rǏ=N ;<8?MwvyjRb~Dc<ݙ`f$T =VPDd6 m hzbZUf^I.0u1Y2*c\[pjf6O]A>=?*.7g=4xsuИ PuƷ°X2ԟ(П<>O\˵ܠB3fgaEƿ? \VweәqרM:- $X=`AAű:SF؜2M}-",죍%`6@3;2p=K}^ѻU|;|b:m&M!l&$e1 ;w`Ax%ۗtd+S篾qAB8hQe@!RP{ث.`[P³N<ŁRGuћH:;]ʌ瓝3Bp4ó CW02)8sQ$\ﺮuT-j4z|x/b'l~5[_MwF Mhw]X&|_V觱uBJɭMlv$!"rN'x Ǩ"{'i͒^_h4xg%=﷭auL1*``m'0A{k+ CrUKqg+K{"YQAUT_e49i_TϹd貌#9] n_3höPUT_M'v3 $QlUͦ5e׺RƎ*_l  H8JQ=Hu@|鹴@W0ѧXMncHO$&|pP'1uK NQ;g~d&d?55X GhUreXHlc:ڍ[qϠLfTY\@HM6Mw_5:Pa3%F }#&[2秩k  L+"ɐ͌* $`}|et1ec7z>j$w%] U+kXmK*F&ԋXrosX;Ѭ"k oF Y}@>ƚ &|@ 8K@JL#YQA@.|e,IjDž* {\x`(;Xɷ@ "!K4{}{XcI+DXX6R.a;pyZ]>Nwz_px\DipFL8yV3@Ğo]ZQ[G1tF>"% ѫ/o'νOOR10*áI+С!wa?޶>a3o۽WZ0`%/;ZAj] sqhRGS~,ݡ37̋pYԭ_ߦϥ=x'n CŚ)u:\̶&FLEG͡"JުA%ƙ56y˂dF$xDjL6*9]-5 zx$)vMXNwC#7_l50)G hr^#_z0$&vD.3E%@AH-;!##=g1>RbW"C1 6HG09#2(jp/uU'`('KKiutmȳ5ffwORXVkm n*Y讆WdL 6]Z9̈́@B_.jc90fVI^{ {I|=NkO,dJb1mb.&CZlo8X\'u^- .p&(۸VTQ)Y.BuJJ:'37gwV:]VuwJ#>ܼƑ3%2&oqdؽMu )n [S@s/cF` Pc>h'v :19Zzd#* bi #p$?1lLFÌAS`AJq1al.< j`:\;}'7D<9-2uL6M7h)Xe:%L ~ێ\? )jP Uƻ$JE _V>9,A*ݙ1,[k9 W&&!x9pqʨ?J6SL9-J{ɻD!@[>{[oa6KO^+VTGy~X96k}{3Ri\ ƃ5eykEFI0S'Cr;*3ɛhq,JK̓Tjin5x-[bEpBN)Ιz6Jr=r,hΕ|2i_ۅ㛃AQ}Ʋt - ?u5uC(߹{#=o[3a_0y/|#,fʅ1Q]ɸJ2Q&$ví/PsY6Wߵѝ28(-`DQ5ݓz=]A(ۦ=ybj&xVĤFiJ; v_GF(EtRpEl@e VkaAPv!bΚ#օ>Qz0z3VLAX9NoK yJ$;j,ϽA&.1:U")A)&J+SMe7 `ŧaSǐl"-]HIgSsV":'"~,YW2Yp: cg姪9C8{L4:n{34ptt\/O_'E¹Iڸ *ylNgvFŭ (,׼9(g{A5UP>MF&x @ m+usfL8k*^nʆCA޼NRlpЊU^ݷj賌F0lH/bS4C^V/!"GD'~.1%{_V[yWx}10Ơ̿GowD)9gI¥1QIZ9/tTc!*Q h9 J!1>i_ r>bT)*s9n=5kjGIAceFo#vx`;cUz(ppF}2ץ 5N zdZŋ6`KGuz]giޗM:hS~;y=:̳7=B#1$z"^?RfX 0vTa~kp8*,(RU nfI~Nq7Q4_`l`'S+w߂b(),CWJ0}Oo/2DȾSH/# B"y{'zZFzdBnJ ?=j<J*xJB(%ʢ_A-<)OfiuULl:ORgeOA!E+覂MIn΂1!clF.h:nyJ9<& ssebB!΄Yv K(3r g-lG[7F=ɨ[q]^vRs#5Gd*aa(o B~hg),1}Zp ɗHE*hZn.d{xm4@#XtIal^y؂d5o*Q5 嵉qϟu7ƅ3Zˁ04sY10]]7GEXE^9(9H-2 6|Mz_,AH*` E?luq&v*&͌J.&֎{ *(][OAu| $F6M7 .R@F ^<_*!6t/P#P)-.|syyIpo> E9Uz, ^TȀ 5C +P -M=F(I"K}6.cbM1Is9]ĴP9(&d,5L}zM>Η4oEp#;@sĤCa) N}¥ @&mLgpDF]&.F~2 <>6>=ۅS]508_ Cm')&|]ޕȓ~q.~lbV*"ebXH%AiI& 9yY<銞N;u'fm5qy4Z^OY;P'kF1 JqWtY*(UҒܢ蔝'z=(RM䧺Lil[͛$H}lpGyF-r!M-^5ФjI;WDvMBA 0,~`!ڈ{!~TDvDD>02[ ? 0l\6iPymƟGʞ!5WQWXFWR+K PJ̾lWE:'fԠC7t#f=^oìOiݿZam WiW򇱰Wl~X|jpx^)O+of=͑8la+g?Šn8{r9A Pv8ae|~Υ#۴dwؓH_pT|`GbՖCX#ʏKsmPb-DBr4r yϟnA2OԻ LI•O=4jRۿ{8zթdO9}`wD1E܁&.]ĆQ5 !{|w@ktƓ2'wAsQTN5 0 +ug-#5l*[r 8jJ*ZJ eE,TԒ7qăCTR3Ý3iODCL[?s,ۀe !wpб`9׏Qs >H}9QYc2^-* 7mB'""$;Xʏ0XLXUĵ"3۾^~2J&,3Z1-#TzͯӿRSQ$<79>nH뺦oO҆e4#Er6J~QVWdLbQ`? <뛑 YFml<uPG},{iUf@jWy9C\TT 0[S#SrFnGhl߃F.:#ׅ { (v`H!غ_Wܤ B`%X@HF$c!ɡ3?ub|lopdE`1͉*QE e$XxW( G:ǡ(@QO޽9t]! 7u'o?O U0>1'j,-+ijK+Uc]eȆF] )vOϋǤK4j(oht<nx6W/=ViwV6{ع'Zlߺܨ4n%Nɲu_# ] G6whv{UO׺.n>AnkP CR[M>aT֣ž@Nt u 7OX)\3 ?BJ2':.) Hϟ{:-c .GU w 5dZQuշ^ӪEoRv5 gw Ef ~W~*+dg\ӭroHLrri>Q^TR`{7%Js[# ږ)ȝ7KkQT'S10lО{| -W`AB+SCy*;/ 'jG<L}G9Tngp7 ufo0}q]2ѡhg OJ(mD^۩*cU6Z1}5%{FQ)U̝$Z "SNg gvV.+,2Xo&#Qv g{pc4d$(E%ȿ`[K,V>6HK]EVxj)~u#='齐YAnLjv')hA-e._uc0fuly1ȃSkQ[r3A2t0ohB`( #?7 )]5=n{$fAWe"Y^Cf @RN0&dWuM%jKTZQEijwڡ|ݶg7#h.ڭYM-f1)De*kC%yv,4dCb@>cx=+y ʁӰ蔄4cÊݍU%M#.fwyh 4L@u Hm&Pv02~KԚ\ v V5k-!E xQ^5xqRas~SK{B ١[P(zkӰ险zglxK<7Nꍴp掠dl?lL 'Ep-Y1ث'3Z)|4pR :h`>s8g! ^~&f?RCy6 NM4<1-d"QbF\RWq8nn֣"%VNg(8ŢW2>'\㵍F VkP({C4pmdJe2YYAĦbW?a "n&W\fبN,  ^-p L~[|o`+m?SaϞ }3+KtWЈ}y`lTILL{ÒT:i ԿC.$w?1GGΉ?D˵iܐqA/)#o^@s?[V#bX8U|X۾@ozH1qM\#@WCCIyiBp&jЮnf =}Pւ?9.ǩ/Bͷ"Eɒr!7vh ʀ G' aptb) 3g5\8U< :bNRҊh( G 8W #JwZ'9 I%K3;GB>SUe4#CrՈx@9q&{CullbZ^_ERXaDa(C(l JDžE!hR-4vA83pKV Mm3r :`'YҜY~F`SK61U˨@grX{3NΜj/뚳0J=y h&7x$[i 19Lrr9cgT֙fVldjMI}/QBaoZ5Xߤ\GEeG,T6_~RnmVuAC ']MҖmNjaU)).A-AS^گ|ج ->Z0!RczdqA؞9+[bb c1MD?D3U>m$f-Z pe)bNщrڻD 6^W0iOfDCQ3IҌF8 :uf%s}?;oN-ɕ?!f !?l;{!/08lo-&djT|;c^462zEkgecfZO6 .`-$rHjr^Ñ#M( j{fhp;ft$dkbɴZi}AtpKb?/n KCT +4@CuCHy`Id`o6tEgl_QJ*e y1ql/L!~$^fPR?}Zh(ZFu>aOo"ZEuewpW?TiVk-3 YfĆ)Sޞ=~\#E@ - SNJR#6)kf4|-6cju1Qc@!U=DT]| x]PDn*|mr)W4C1gVCZ_3anR(&:b_+d(~= [=;F9fIDDL( h;,n[B͹IK{NI\PO=xHLu S3\-U y_z\LjJtfYiDڞ4UrȯɝF)ف߃ ?rFN/Hb.xhDplW G/1܇ݝk"jx< ɫny?݀aY ݇.AO+y u[² Zm$@aTd1ހf{C SlI--F[˷4njw\rB/V㊾HDjM5갠?a1sr ]u+quN߿rdKډGQh j^H`4v0 ϸ9Xn] ^kj'a.^>@7w[0+ =˦ڈ:կsfZ̳.Q*NF6mptQ@o#ux:k+ppq+rFu` Ώ_ƕ .Ҷ=YoI\yݭSCn(#мUɭǥ'mY'g ]h4x8wC46٪bu;dtQ 㼤 b{H^t!e~P wxzD>O9d+(ѷ1 ]?|Oc 'hZ6 0C\9[fW-DAֆlc/(h:rƦ*H1\Z3Ū*@G_s:rQNС-OͷBkoTp8*L#5[9]VgWf= a[ǂ[,۩jCޫ:EF_$dХBJ}=uہYO3/A:ͯ5yY KJM/+7\՛}?$",__M`H {y=0N8jS1iBI i91y?R߂Jo(bҕ :⁀jPsCvgAJi/DƵr_C#(D=:o!C~@ÊKidjX)CQ7W'X7]#Ĕ׍߉绸`^ҵn?밁^2yis׊]w7"1%.\59ŒedԙlV)sn{EE H!:0$ V6XAjQvSǐzݬÿ%Ga@R|x8Ϙ Wp/ofys 3gԺi7-nCW*-A2@j,uR;VFK0@e|-j'=XwUlX~,՛>) C=0@ K< \O;gvv`ړ K=+. 'Ӷɧ.^hVx fъxcD|PL,sG =]{xy^ I3={J[W&Z$KCI`us yg/vx@cL9*pѕ8=JF7E(f:o׬V\HewrcaߛJOl*4U+T.de*Wׅ({0Ѩg[ei5M7ϡ] vC2J6T r'\-EaPXAl36U)kv D衙$K;&U`ɈI̱1]i<5 KH9/ }SjR#1SJ9eQwA'eMq_'}gք}ǐ_ fX:mgOQ!tt?>n,<6qLgz\ g96f(A,~WZ}C }|Q>ۭ H\<\KY/oL-ԥ'PFțDc ONog]+f=6O LyʆVcLXW\~Faၧ XN3a步;pzC@ݍ 9 gdL!ݽ u9 MQŦ:[%*3r ""X;P,`S=Jwفim݋=MR˷w)YH2P(=lS^yS/5bi@t<Zޅp"C/Rv[rݿfH.3;3}>M@U)-E% o;TC ?ޗfjKN:b%nNfϥf+Bw6$sW ]]l`lµlyga #jZ,{&%2aP4gby@]}YmN=<*9OQʃ|޸@%ZQ$ <[@-@ߣ!q?ec 8NS^l? .2>-N /[;_}urk_diag# WXC&k;KET~z ޥ"(h@/TSwVvx5yY Tz/ '@6qm¦mכP 4{0wh/]`/]\g/%D;W\Nb4v~X~+ׅd2x*si܇R|aSrN_E ( 5F 6"l&w\ /m]G+s|zLIj ɔi^aCH8+0FĞ[u2\;y6' gZU*YPC{J 38i"^|f|?BF4U%!IMdk6|Þp;Etk$x IFs+jF:[]v7WʚD0k, &&Si)'^]ѡd%op`;% ,}-TLk7qaLz2 9Nf2 Q :pbW׮Eì5\[HѨ6