selinux-policy-devel-3.13.1-128.28.fc22$>$Lbk@2[ A&>: ? d * ?pt $+lb"b 3b D|b fb &b bbbb## # $ ($8$9<:0> .G 8bH bI HbX ڬY ڰ\ b] Lb^ b d Ge Lf Ol Qt pbu bv րw ٤bx ,b Cselinux-policy-devel3.13.1128.28.fc22SELinux policy develSELinux policy development and man page packageVŷxarm04-builder05.arm.fedoraproject.orgs)%Fedora ProjectFedora ProjectGPLv2+Fedora ProjectSystem Environment/Basehttp://github.com/TresysTechnology/refpolicy/wikilinuxnoarchselinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null exit 0 k;y kZugH HQ tib ,Q  E  w   /, \ Y  L <5 7  P  A"FG t  |  Q Q  <  0 d!; ;4  Z [ o +8OG>Gi> bJ \O c A 6  #  }   r \ E # - W  b 7     6 4 . U %~ 0 T P 9 i ( < J YL ^ r  ? m= @  Ww  l q '  %%" -   U K u 7F.C ^ c [  R ' %8 };2 + 8, Nn K LI n|  q o) ` \ H# L~ y= A.<2 D  &Y J ~  ]+p # ,!Z] a j w 2 + 1  3 ~ j >m T0T&( E 5  W o._054 Ys \ K UJ :  G Q g  Bj Bt h "!+ R M H__ } 1 m   j@ $ 5COf. D b  c,{ / ~+ 4[  H# E % Q  0  w  S]+83%%%{ E  }6  [y{98u-5v E H/$ 9 9 ) K  Z t X \S2 t ?ls ?$Ii +  Q.,,,s, e aeHi   qE N @ 0  %   $ ~Zy   I & nD JJ  p6;Gf & L@ t& z  g L., N # n .C 4 t &z u ?;  k\$1 9 8   _   a* ^WZ}p OIj K+#b".!22*0) ('FU(i"/ S,O%; 1PF' $ HEF%' K3:;&$I-#,,:-H6<5)*"C`%[1+4!@1I.;~.170X#I1D4'33t041&%A9vA*A+-++e*/0#'m#CNu">=2^7)3B2'0*7M=6,\E0+L=&:*/2/9.29"'9n=9F-&(!'X"&,:%#@2S/,Ft-@m7f(>#29"E,s*(("414R-3"1M4U.:j43R@9e4a^.?L(.&28r!?84 B-a)<12yB|#E1e.h+JD"I+:Q3483)/3.2~2V1<2YOR =*!-3;H&13q1\ Z*#4,:+3F<)F) +-%-43L)145A62M/#p͗#:o*99IM%F+ #5)(4 +Z?)8@Vh#EZ4#*..v *%g+K"694<+6#1431)(.$1, 1$5<+l%(@O#5.4+6*28@346)4),-y %;s(!8>2(Bo( ,-;4t'dN/-.-'*5,Z$]-`5l;n$3&F7=-(< +R$Y&c+r:3=)\]f+F62(4Dv'H,/$z/i.U0C$u$0*',YHe%" !*0\'`Ce(>.6P62 6; /5?M,8/37%&& !;+k+R1M(B$()5~v0cM.&:9[*K0.k"_' .).G/-/r-./. /OY8)1($8.)1*-Z2/1c3L75-@^B#N?$y?%L_4#'#DB&w6&1 )T(3Z'1')D+&(n#U.,C1#P6F26%ICA,_,12r&.2542/-'*R)<483&n1"3"y X+% [%3 ,.h>T2C2c0()j7+3:.0/0>&+2,;I04 )Hd+!6D- 37HE+<#":;%<$3e,.%;-%A,k+H s+H&+H&++$(74+'o-E#,i,+$?;-/EV+O$$V,+\7)-'-Q*<",:?IB/HM'E>$&O4+3C:0?5H4c3Z4aOI$>$0>H &$-oL40  U.,&;%&#!#K,s?24f%! ${'$3-?T & #" #_,i,F)~3/,**2'A(*<2+-&4+!2p4")2B6*r)*(^):C -91/511A*7 ;(B>2=J,-o*85#`-%`/%'&y' (~)v%&),#}!#7??+ $<@+"Q7-11V6~ I+%a0%18.)?:a%4-(%iF*0S;0Vc"5033qp*+D/\N&&C-z.,P*hD#1D*3'11b514C1=T#S"I9?t d| @ _0U oV 2 H:3 v* ']  O<%FKfD M1  x h  Kk 6|-! YN~L4& -U*pR3 }# @ | 6 q ; V*c[ .Gb  sDl /7d*1.; p )  RB*p6k N+2 "jaco d  N+ (t  + ;Q$icY)M Nh19.(fS x'" c   ;Y   =/+B#  P{&O g[= T"+Z fW^\gj  *N ] 8 !$5C+ n P8& F 3 ' auV;F C^[ $ 8'  1 "r PQ: %K EX$ `  *LsV #  , EcIm8W " a "=e+5gS-48 NLDeYWAbY$4Lu%+ZuE 1] Vi-q)II M =s + &/|  S""3[q3߁A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤VŵAVŵVŵAVŵAVŵAVŵAVŵBVŵAVŵBVŵBVŵBVŵBVŵBVŵBVŵBVŵCVŵCVŵBVŵCVŵCVŵCVŵUVŵCVŵCVŵCVŵCVŵCVŵDVŵDVŵDVŵDVŵDVŵfVŵDVŵDVŵDVŵDVŵEVŵEVŵEVŵEVŵMVŵMVŵMVŵMVŵMVŵNVŵNVŵNVŵNVŵNVŵNVŵOVŵNVŵOVŵOVŵvVŵOVŵOVŵOVŵOVŵOVŵPVŵPVŵPVŵPVŵPVŵPVŵPVŵPVŵQVŵQVŵQVŵQVŵQVŵQVŵQVŵQVŵRVŵRVŵRVŵRVŵRVŵRVŵRVŵRVŵRVŵSVŵSVŵSVŵSVŵSVŵSVŵSVŵSVŵSVŵTVŵTVŵTVŵTVŵTVŵDVŵDVŵTVŵUVŵUVŵUVŵUVŵUVŵVVŵVVŵVVŵVVŵVVŵVVŵVVŵVVŵVVŵWVŵWVŵWVŵWVŵWVŵWVŵUVŵWVŵXVŵXVŵXVŵXVŵXVŵXVŵXVŵXVŵXVŵXVŵYVŵYVŵYVŵYVŵYVŵZVŵZVŵYVŵZVŵZVŵZVŵZVŵZVŵZVŵZVŵ[Vŵ[Vŵ[Vŵ[Vŵ[Vŵ[Vŵ[Vŵ[Vŵ[Vŵ\Vŵ\Vŵ\Vŵ\Vŵ\Vŵ]Vŵ]Vŵ]Vŵ]Vŵ]Vŵ]Vŵ]Vŵ]Vŵ^Vŵ^Vŵ^Vŵ^Vŵ^Vŵ^Vŵ^Vŵ_Vŵ_Vŵ^Vŵ_Vŵ_Vŵ_Vŵ_Vŵ_Vŵ_Vŵ`Vŵ`Vŵ`Vŵ`Vŵ`Vŵ`Vŵ`Vŵ`VŵaVŵaVŵaVŵaVŵaVŵaVŵaVŵaVŵDVŵbVŵbVŵbVŵbVŵbVŵbVŵbVŵbVŵcVŵcVŵcVŵcVŵcVŵcVŵcVŵcVŵcVŵdVŵdVŵdVŵdVŵdVŵdVŵdVŵeVŵdVŵeVŵeVŵeVŵeVŵeVŵeVŵeVŵfVŵfVŵfVŵfVŵfVŵfVŵgVŵgVŵgVŵgVŵfVŵgVŵgVŵgVŵgVŵhVŵhVŵhVŵhVŵhVŵhVŵhVŵhVŵiVŵiVŵiVŵiVŵjVŵjVŵjVŵjVŵjVŵjVŵjVŵjVŵkVŵkVŵkVŵkVŵkVŵkVŵkVŵkVŵkVŵlVŵlVŵlVŵlVŵlVŵlVŵlVŵmVŵmVŵmVŵmVŵmVŵmVŵmVŵmVŵnVŵnVŵnVŵnVŵnVŵVŵnVŵnVŵnVŵnVŵoVŵoVŵoVŵoVŵoVŵoVŵoVŵpVŵoVŵpVŵpVŵpVŵpVŵpVŵpVŵpVŵqVŵqVŵqVŵqVŵqVŵqVŵqVŵqVŵqVŵrVŵrVŵrVŵrVŵrVŵrVŵrVŵrVŵrVŵsVŵsVŵsVŵsVŵsVŵsVŵsVŵsVŵtVŵtVŵtVŵtVŵtVŵtVŵtVŵuVŵtVŵuVŵuVŵuVŵuVŵuVŵuVŵuVŵvVŵvVŵvVŵvVŵuVŵvVŵvVŵvVŵvVŵwVŵwVŵwVŵwVŵwVŵwVŵwVŵwVŵxVŵxVŵxVŵxVŵxVŵxVŵxVŵxVŵxVŵyVŵyVŵyVŵyVŵyVŵyVŵyVŵyVŵyVŵzVŵzVŵzVŵzVŵzVŵzVŵzVŵ{Vŵ{Vŵ{Vŵ{VŵzVŵ{Vŵ{Vŵ{Vŵ{Vŵ|Vŵ|Vŵ|VŵUVŵ|Vŵ|Vŵ|Vŵ|Vŵ|Vŵ}Vŵ}Vŵ}Vŵ}Vŵ}Vŵ}Vŵ}Vŵ~Vŵ~Vŵ~Vŵ~Vŵ~Vŵ~Vŵ~Vŵ}VŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵrVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵUVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵbVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŴVŴVŴVŴVŴVŴVŴVŴVŷ/VŵVŵVŵVŵVŷ/VŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŷ)VŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŷ)VŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŵVŵVŵVŵVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶ VŶ VŶ VŶ VŶ VŶ VŶ VŶ VŶ VŶ VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ*VŶ*VŶ+VŶ+VŶ,VŶ-VŶ-VŶ.VŶ.VŶ.VŶ/VŶ0VŶ0VŶ1VŶ1VŶ1VŶ2VŶVŶVŶVŷ/VŶ VŶ VŶ!VŶ"VŶ"VŶ#VŶ#VŶ$VŶ$VŶ%VŶ%VŶ&VŶ&VŶ'VŶ'VŶ(VŶ(VŶ)VŶ)VŶ*VŶ;VŶ;VŶVŶ>VŶ?VŶ?VŶ@VŶ@VŶAVŶAVŶBVŶBVŶCVŶCVŶDVŶDVŶEVŶEVŶEVŶFVŶFVŶGVŶGVŶHVŶIVŶIVŶJVŶJVŶKVŶKVŶLVŶLVŶMVŶMVŶNVŶNVŶcVŶdVŶdVŶeVŶeVŶfVŶfVŶfVŶgVŶgVŶhVŶhVŶiVŶiVŶjVŶjVŶkVŶkVŶlVŶlVŶmVŶmVŶnVŶnVŶoVŶoVŶpVŶpVŶqVŶqVŶrVŶrVŶsVŶsVŶtVŶtVŷ+VŶtVŶZVŶZVŶ[VŶ[VŶ\VŶ\VŶ]VŶ]VŶ^VŶ^VŶ_VŶ_VŶ_VŶ`VŶaVŶaVŶbVŶbVŶcVŶ|VŶ}VŶ}VŶ~VŶ~VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶuVŶuVŶvVŶvVŶwVŶwVŶwVŶxVŶxVŶyVŶyVŶzVŶzVŶzVŶ{VŶ{VŶ|VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ+VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ,VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ/VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ-VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷ Vŷ Vŷ Vŷ Vŷ Vŷ Vŷ VŶVŶVŶVŶVŷ-VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷ.VŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŶVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷ Vŷ Vŷ VŷVŷ/VŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷVŷ Vŷ/Vŷ Vŷ!Vŷ!VŷVŷVŷVŷVŷ"Vŷ"Vŷ#Vŷ#Vŷ$Vŷ$Vŷ%Vŷ%Vŷ&Vŷ&Vŷ'Vŷ(Vŷ(Vŷ(VŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŷNVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŷMVŷMVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵVŵb6e79ce702ae8cdb40740bf48fc5ce8c0828ef2919203ec47d5c7589797c1227df5d7ac55b11b9e777f19ced24e05b716828a9b1b006652858b2da5bde76dd65dbc0aa77d367fcac0cf6aa33b8849513ec886d5925010e003562365bda5986e937fa6bf864ae68d19672d9cc01ddf7c098442dca0b7cb0799a1443dfa8993c29e46252bf87c1daac6ae4c101c0304dcb67f9d9e9056ed03e491da73493da299ba02bf8d18f932426da0ed9511b772f8dd2650f2a3b621d7a018958ffa2210e1e6afd3e4f159dfa761dcfe9be67ca73411ab5e5471df03883811f37f695288a5fe9833a951faca44a629832ff1ec544984d2ede16a85faacc5f986e1c8f2949c91224ef2934bf9438357f5eecf0386fcf9b6dfe4e522dc3b31d6c7704961ad4fdb09b66173a4d205a86bcf647d937985a577aef2d62e1e4e3cbe3b115fad6ee768f964ef11d8707da89845b218a0911978e5c7651f0b787e0d4da255e4ddddfd163c563ea4bb8a330744599164e0b9410e0ecfbccca5fe1f312dac1baa4a4d4b8499d8560532d0fa57bac74153c0ce884e6bd3f55a2936d7d53b845fafaf94d484900007c977e6962c9dc8b52351f6c9d61254c3d6d4d93ee5588c02683130d1aa3bc956e3814f8b24397031ccd8be9def5ee7b5f346f981f8ec3e42a66839dbd4eda5abdfba885db744726c3c623e59293361d5cfa3abed56cad50c90877d5b9c975883f6a2fad453264f09d1ac9fea4f302e55f41ed66d4e3682fc96bc38ec59721eb74b26d4bfcb8efcba79a59d95fdd3eee9f9a2b25e2ea6eca2b8bb04bf159635e705bc02d6bf9350d6f154a68b72ee3126e24f1d86adcb9e2db871b47f7d139d543dae380ff6dfb1c6587461a282747031fac802a85d8b96fc9eb0da5e46cd9f6e62e9fb31f0d38b9bcdfc47e86074584be14dd1dab186a531b75ecf896e305e5c39e6ef7a1bbdb6cef0372e5480aa227fed5201919f683b78f8544b794c74b4145d097dd616702439ef6ec8623b57494dde83c7996161d197ffc9f79fb06ff08b804f68f9d9a1d6d13c9918c4f6c05bf0cf8b8feadd72f6fc05e9100a703ad826d3d2e90211142f48dda080ae89158d6f3f9ae1e0a50bc2330f201f82a7198b744e41d166b3b889fb11983b790c9647101379005a840ef983a3a7b15925ce17cb4f92e03a515f08b8b71e4a4568c2772d40cba24eaddae31be5b75169672f75a457f82b9dbf75463f18f9487c0506cb64a0b4a8b69ae8dfe3db763afbcd106582967ac1bddd49a2900854085bf7d60ef5e9406ce7c9b1b5f10b11f14fd27e00a4be3b4307fe62c0ce41c40c44dfc69bb3bdd9ced40d8124f742ff2db6c82cf912c2fc4aa535d1601fb8bf941315821401b35473c927abbe63b30709253d05a6c38c4fcc4b8462a0f17173cd3fd646887f555310e0f018ba859628f97b6b7f8e1c64896e0ddea0e9d32acf535e73f1e72aa22ed16b5e15bdf3b893cfaa3763e1337ddaa7027a7125dfe6ee9597a2e165ebfd5e06a6be303a6351708027c292d0f73a66e03f85380f9b57830061ffcd2a6f89109d9d91c8327550e1a22924570738b56c9c435f154c5b34434e2b8d771ccaa4324bb51b12ce5fc381f66b7ad609fbe379cb416257a6a1ca008cce46d7d3d619bda021bad255660e190f5f489e5e256f354a871424b088dd5c37bb5675f3a6e1b9d48ef20c83d1d26f3f8dc239f24b02a082b36b96673cd04a11ec5ab995b00f695362eea58e022f31a61635a507f7e966ca7ab2c57eeb16143d3c93fe47acd9d90cabbd85a478e2191242c78f56a68407e7cd9afa4fe13a198c46bb009f43299f749d53a44594bfbdd402102581737684a92e548332ef778ea04d03aee414c5d6a63ae7ed3cb6cd66404a9415bc504a51a9b5266fc4c09e31cd3d475565d901e82c5a6c894813d5112209062a22560c5c7ce75c17a34ce509461e47372ec1416f18f5c11a726ed66dca6dae6be259685aaab258049a6e0fcda330e982aedf9498fb76107affb5aa0e7eb096e8ca35730f9cf0c90a964956839fe7fbc8731d7c0f143d163586ed4961c0bf425c88968cf8807e542ed38a657ae3582df2973a1015c36368b774b2cf09c7bcc06438190f7f70e3f29ea04cd5db135e03106b8f1d1a853031a4dede6a4d222c3a59477ddd2936ee403b5e6a9f687cc29da443b577f114efa9b623af70097d8d88f373558c6805816875269d096c4770799c328a157d8428c8d098da1101daff854308e89f44c96f9446e64f5726c64f4ae4da1fd5798b20957902dd9d8cea83911abe9636824c82c093dbbff48a84e564161013a251d1b95c8a4879118543acc96d6af9682802eb5c41694ff639fa7d40a548b51d987dd909885d2941d66473d30c1f5052e197ea7c786061cae457f951c0138b21f824eab2cc4c79b3e796d0276338940ebfe440093179dfc2df86de8e61b6da6a2e24c75320db375fcd071feac7902635ad02d1c572987db816596a9837b0064ed091aabe55e88877477dbd97ae06b34049ff528064fa8db9745a01d32cfea9d287b8aec971d98c35a9053c9d29a264a62136aaa97dfbdb0933f922b0537c45d0536cc36e56aeaf26a81cb01f43dc4d70175770881d3eec100fe09a4571db5c4fe5e4305e3125952be35a863df3fce012f0ee8e08c0cc8d52111afb14c85c73c7986985b1397e8b7a2840a9d1fe2b2655ca78fae62ad3b6e5b0692a6d42072f236b2e1d4e95928f493de7a5334da372ce51282f246e304de80e6c6bf266293f429591238d4352310c53e4e8907bb48e77d12e115c904ac449a82520c96c4565599efdae376a90b2c86cd4d687ea68c349ab5a0459bfa9c5665a04f17acb42a178be319acfe0116d97618c6d65ffacd2052513f2145ca273671b752de17844ff06b9a0a3739ed71dbf50a21d7c604514d3dab07a3f3bc837f8d5051d55bbdb8eb1bbc5af0855b808f9e9726255659e94a1de277e1ce32d69f71c2489daf2bb4d49bcd0c0b8016cee175f0640080925cc02beef72b46a77a6870a6a982ed13255abdf86cd6d145773e13d05765b05e1942e586ea772c1a286686f7cf56440ec4fff1a1a5c71e6f2e0895ed67b5740f4da32117206988013c0faf935b03b329bdda5fbfd1498ef5c7afaf78f421fa0eda44c8506b5bb4f37da4f425f2e1f7d650efba35ab048372c22b877befd220b149260c4c7382706ccf0847c1d17498248cbdd846b1c7bd64cca80a2e27b31dca107bf3906b3f184137c5e870d244132bd7d8f8acb6bc205ed643dedacfe4ea1483eb92e388132481688cda724bb1e37cfae52cce7950f2a561155706fca416612c191902e31f5c3a2c075017d2bba4b492470623bd9288857e5da785b322d4fade7f0116c2e86e113960fd097d41ca2297d8c385397895f13e21d5f0f27ddb29d8a9f30d71497fd3eea9a437e7c81bda117d6232f28cd4de91570ef798e13be1005518da3175f8b8a3662c324c410c522ec086fa1bbde7239a90d7297b72e0ffe17a868147f470838994c97eec9a021a58c70cac1374c2b6b39056f26dfa66b84e38aa2960b30825c3ffd44b625cc945036a63e9e6b5dc57062aeaf32ff29aa428d0407a1590b810016132b67f81f006749d3f42446e05204692678c90306746893abbacfb80f4fe96311c5277ba3c1c1dc42c5f0371b592ccf7a075414ca71a7ee4459c49e996922e90d4b198a86086643fc838f2feac9ecf3a2b14f59dc28dd9e65df60df6c0a3862986d97ab31887fc467ef0d1f1cd7c070fc834a56c1f9c0df71c8ea6c8b8658feaab848dcbf767219832685fd07ab9a9ba9781804f1ba66b5303bb1c723d7c4f9b8a6e04891a4837727a8d38d54ebe142bea1f416efde2fb5a0a1c735d44a2e7624a138a16906f4257c83b9d93a6505530cfa50521c375535af878754ff722adf08229e28aadd6687d019b7f5bd14bcf05646b548f17842a5326d152278e64e293a0427615a60d4c05b0a05527534545d2eaed25c3f116e8b97b338eb4a88eeacd010b5f0f2d1c3547ca7dbabb844f08486f557e9865f004559c0cb7d385c074bc4eaf0e966fa5d315228dca6fbcd7016feb2b04365bfe0f98c6b4911c9c19e750b5884f3ecbc65c9d1a81a57eb21c73e0d39bbe959a0623e91fa310bd64470278c20d5fbd830646ad218dc6a0b791534a605fbffc18db58e6ac70bf7fc49eab066ec299f081cee24b6e9c3f3fbe385c1b5cfbec93f5fce92ce5e891a672d43e283cee98aaef36ce86cda41f497ac443ca670fa1eb6bc850f406d1580a0e89c689699b8475739cb0f7a55335f8cf9669238da27a854590420fa96496d2a10e097241ccbd08dbe36059ddfa0238bb224ac2a820f2ed73afe0a2321ee126dc24e98f4c77ddb9271f46c091809f9e14ef283714e7e2cf150bab75704c77d8ee6aefb97f8d11aa4af10f817ac086486b026fd92972a651d6abe4c336e3fdd23c5708f081c4c07a7abb91cb99a67fa70196cede661c43fbe8eb10608e1ab5a122abfa6c29484a3f04676da24b46b4e7dc5496b6ef126bb0161e05af7e421f180b688b0944e9b0ddf45a608d5d4a0f81e61dc0a0e0285091b315980a8d6139d1bdfce3ab05d03b60bc424ee1a5b6f8a7cff5740c587f057037e818548f948ad4cf71e1dbad2367947d3159ac45d9c83ac2615f089b04e5535441e468af76e6962e80a8314d356a379739a364255056538f19721cf3629c82fea76caa8728d4add68221f0b5f05e76ea597c338604d532fea55e3a17853c5def811fa30ddfe2d4db6b6b21eb97a508fba6383db88872dfdc25feaeaf66cd188440376a3b5602b012542d08b00e0fff57817ef3ea547bf8a6d174a3c3b43867b5d03ec90f09dc79952127782a7bdd85c55958621a0acd2e124bb0ed327ccaf5c229e2428f32ceae77ca20cee03349c9abbe9b81dda17ed6fa42476cf8a7badf1e41e69ad2670f4789d829b51f089e0a5a5138737d5c2e1fdcd9b2fe403b9d6107ee7031bb00beb9abdbb4337b8ca95c8be0eb2bfe9666ba3a0ceae9e79da467418356b29ee5e46b521f852359f9a2769e8d4764a6c90a0eb6ca69a720de7beb2c13df631ea2d9e9cacc79d4382b43af715dbac292237f4bf9a0bc2d46b1ff1406e2dd9907566f75d39d6e231a396c108b0b675a4852cb3e690747db44e10720584261984a9372acbdd3656c9bf1f3ee058dd9b73d62f8fad2ae1cfb8086419c6715faea11d7483e04ead8c38635b1be071cfe39bc5150e23d977e3ee53cd24cb60bc879b6da30076023abbf89545b9940266033ef8e9efd6198f84dee760563519319ed7721624dfdc2f2619b4feaff249a00fec7aab18f72265ae8fb37fae1009a0f84ecff5c2115fe240e50879101587c352e9a3958106b41a6bdae4aa3c13ee197044223d2515cb2c2b4d173e5d5a7d7259118418c1266f8e1f565c89815a5049ddeed7b6ce0da6b2d18f5ede92126d187ce45cca50a900e2d69bcabc9091ecb933f2cc0eccdd439c228c6f5c1d3c7c41841a2a45bd31e7f34d7551fce91d6e528f3e1e101dd77fb0e63919d53f20ce5770908d6785b97d1ea42b5dc9d89721664b10135f416fbf2c3c572c7f150de6bb011bce102ba6d35ff7e21531492a99864c8659d244b25bd30f7cc2a1513171915e6d49f8581d530d2b2bd6eb319b8753cb7f8f899182bb97ae380478d36866a351dc6eaff9efaf850e9fc778f9bb53a8384dd7f10c49584370db2f847902d6e7384b94b67dc4a96c7f218968c32dca14fdf12ba1b47c7d62c481cc1fcaba5ef3c8a213ae7a6906b1cfccbe0a0d4d5ef50514264f74016dc30a9321b728381862bd4a2decc2c5210f4fcdad7c25c8a5ccd505c5f5e61567cb9a8d493e13eae4f7e534b29d72b8539093a7333d72fe0f5c4609f19d04f4d8733e5cc9d87eae2d565d016e9711bcf7f11b1ac78cb1c6275c7ea3a337174525399bfacfbf4ec05c8579904aa0dd46b7ae6d5b2216d74ddd225bfb287980736eab1e776e21c1b24cabd96bbd6a2b692d115424997e335ebf4e7dddf7d6a7b71e0f4a84a237e557bb6168aa12391baf16e36d10bafa3d998855aa5dfd55b66664eb666d44726f90a1c189f397cb53d8cac9eaedd0da259f1631724e9017f45852e62d8ca12618ea5c2217e305ef6f60638bb28931c4593930d13d88e0bf858e00f8b4ce22096beef5c80bc37e7b14c1014243a12b99ca60c4b418e8bf22f4a7898c327ad502fee7d5b641bd5f70b064789b209092d82f1b05247dc81965c4b510b48a28f77a4c806a434a572793f0616a90a9be3e18f0ecfa7e3b55b79c66efc09ae50fa6c2d08d066eff34f74ae41d304a93234271dee07a35528e7369a4b05d26d60a1804edc9b6ca85ff75a536e7b1ff97ba288acb9ad05a51c44b4e98600faa1650ba36b8e475921baed5e8f7766928104e7ac1050e9f719f9e638c2d7de7536c49e81d8c4f2dd6e869624e383ef2dfb0c0716f908a4a0a30f4301f3792e5bee7b170491e03242208de9a4fc7e5b7fe442b94ce8a4e767631ae657e83edff11d64a0a0045c488de618af4816cd91cd8cc34c3aaffb269d714f5565d639cfde14bb861e88cf3298d252bc9e0952e074764912a81c3a169e27f9f0d22bb1653dda5b550b53ad799f516256f694d669e678ec2767bb4a4df9a966eedeb42cb9f25156f41c4f9afa27873b879fc1b0449ad375a1f7868ffd6cceeffd3ea665c639bcb31cd81230fa61b282e11113270871501ab77f0b7be98a165647295e9c2c2e1f72ad903f522435b3ea9b99edfd183386744ed6f947ae32e0faa416cc0fb7014466f13526307dfa1d164051df594622c75eb20d93c58e134af094aa02b784609ab0deb1f5497281b95a06ebb3dfc8e58f4b0f0bde6a31b9a3db2007ff1d252dcf9486dbe46a0d74f631ff785f381b5e59c1f2d8602ca2492c25f4796ad5cd480a329495936b0bb7163a8eb04a31a574b35ad85e606a2fd8860258f2031c5c8f9641805b50af524b4c30aea29ef7a79c23080b6de70a8f62dbeb0898e7941018c193e28535f505bd93e4a427954894b4ec1257d36f4fa89c2057f63388afac3f605cf72aff9dc778cfadccbf63094562d4ab8769ca4e81d04e0e12e3da506d1f1159a0579a2274d8cc926076479db72628df491491b76bdd4da8e4833a2ca473d46e7103dd6e6767ff8713a9e615ce98fdd4064faa24149bab847b1b2f157e1a61576a02b290ce47ff461a52dd8e19b20958476520f027da5257ac230500afdfcacb7bc214dd10517184807f266ed553c1414403a9decad1d1454d08e9c5797ccace33c06a8ea47039e36aa8077e927d769f12ea937340e3e3e12fb752840dd63eb402bc617a284c22ed7a9bb4dfe27892c7fba3b5990f1b88f2ce5d818f3f2894acb70b532f893da1ba40719822bf8bf5c9356ca031340e48256ee27b0dcba1e94a1ed1f0ef96a7e95b3b62ce210eb9a454d0c79e13f8579483c5e5e176a1a50fcc44394ba0bdde8c1d951093d69f78f11a3ff0f5779c8bf7a2e7d6fb08037d9977ac16c6c814765b2368dbbf72077814ff9ed3226cddf06e424de7374d8b9d3dadcc9757edba24688e7127a2b88a03818ff1c42790d7eb52d358f81548004d1e599d12d30e281311c03784b7d10ebecc26365e58454db89b5f886d79e1ccf1facd469bdf036e822bbed50f50a85e4a2594381553e299936b86c3c78a4ca834dfea3832b1c16845f3ef6c12e266aad3f5fc31502f5e669a65ae7db21ba81b912807970ba47c3b77a9ec1f1136f1b7fc8b04ff0a51a2cb6a8a3376b301dde2cffc03cb864e3b92fe79ab2d0bb59bf88a96b369df3b07fb456ed70faa28c0a719996c07b169301e50e69487eff8bbee273b981ffc165a15fcfe56495c205af1b9b3160f8891a855b836dbfaccfb224407964da541b331c3d91a907c0f0f8f8b081b81dc3bb7bc5b83819c88cae0512cfd881415c8c7c9c4aa94b2d09130dd92e1f25ebcbbcfbbdd4059d57d2bf1a38d4864bd364db7885b30d1ac4267d9546e4d24f87800b6cc9a1f87a81d3774026e4935bf4e5801c8b01ae260e6aa3da83747df8cfc15c981fc60e6bb661ca82f7d7132b3bb2667b15e713fd382793969684188c03c75530bc686b6e090cd2d0aa641cc0625d6abca188b199e26fe72aeb64ef5bd0b6770d5755e788df2b3b51e0af49d81537111f2356c77450a10700bb9da0e1451f8460d1ca27efdcc6441ab704048a4cdeb459d2b66d70bbf98461607bb814495ee616089ef0c14e3a678c54b23f842daf48f1ef9bf1c1f6bfdad7c95f8ceb1b0ba020d3020f66d5285c2244823dd5fba6edb4178b044b974feff66d5688c0a6556f67dae9f01e47effe362823651aeb708454199a197b912dc9b4b5024c3dca336f704337cc8dd6b25a4e55cdf92d43312fb9ae5fe6bb01dbcd2a632097f1a95469ef8e13be4823f4dd4898dd966062f64cfd695e432399c6a0f3860d9ca5deeeda40748eaa4b4219da0195d7af6dfbaea01bf83c8be07273b727828079b9d9aefc2a2278c43ef41f89188e31f4fe371cbdfe929ca54de4f0c4526752d8416009405adac27580d201af2f181652fa015195dbadc787fba89bb77487a7857578da48aecebd3a436476ead538ca6fa1e84b636a54c606d7f3dc04b34ac8a08731057ee45faafbfd2ea4bc1112c0d9097b1f7c64cc5e5bf2651bb4c4c5cff2e1db7ffb97f7bde1bfd0c20616a7afb9c275633d42841b6a0cb989baad577909c9704f559c298fbaeac13fb5729a2ce17541102f5a4bda313b64752947c3d5db0d36a0d8502f7a712fce9c108afc0b77287386ccab1eb012e33fbf597b85021d0d3cc7305e488aebbe8e5d44867cb1911ef74ecf1efd78c2f04b9ecac17c4846101e7f942864672acf9aaf48caf0327e7063372ae9678ab26cc151138a3774441dd681fcd414e8947d5f596f8a44b25f27e70f90b217ae9d59de6d089f43b6c6cf6f7784483695c51235c829505a121c9d62ca701dbe88b5f4f315af2f2b9b68c547d93cd2c0018b50c789e3acd790d862b8ca75bac00107ff31ffd6f86eab1c2f2eae0cb593ac38b7b3c29f811c5ccca0d7031d6866a7c6047f71bde689a42aa9769d0315501ee68d8e872c61f4c9ed91d03f346e5bda4896c0acfca48f7c583a8052f5c19c2c59cc9df478850fd47ead8dd07c88b4fe05ef28040a541d5b4ded20b81edef62a2661bfdbd406ad45f6814b7541d2b545dc21a1b037a18c28f3d1f1eb93d2fe04e544a657b59a8d91e4ace9991f14e349b6cf92136eae2c62e80c06d6fd2c8a3093aee140b29b4abf9bfdef44b419e1a69876c07056158fb0e2ee9f1d5bfba2859b1e7715505bd9e24349d4f5e5000bd001c64971acad739f6bf0f4badd66c7b9ca3d8ec79d25664dd144ea2523c8d27568972893f60aee1360d2c9464f6aab8e33ac2d5e46ce75d982ed759c599037b66c96632210fac09a9a32ffc76f7c8dfb0888f9934399e6d8d119fc70efdb988ffeb5e0cb4758c45afecd162bda1a3deaedc54ed1b26ca96c3842c8378f74eacfb122897f3363e32450899e26ff43499832e5e3002195c61317dca15daec29cf2bf4f4a351913b12606a76f93b38dd020ccabd3d7b059a4e047030aa4a725e5a0fa53fd2a1f58ed5ba359fac6bf350a08e3f68729a0f2d5d40cb46c4cb82f8e0fb3af83b2a1beca8b32ca510590e0082abb707807341787da06fe638818667b91db80c366e93419b712538d57cd9a28a58827b670fd9cfca55073c6968c05410941a4e7fa8688671bd1578984b98245c31e1b15e9f644f08a1c4d77d4cb9f8444f20b5ee32867fe462a20fbec0d38af7c91a623c944f3aed121d5122a54aeeaf7afe0ff8f078e4465ef84d63b1a3a60eef33a59be3353ef0f8bd3ac007276ef8461555ec568d576b4d839139b4fcb769c3b0a1bc9a5188f88fa0e49634d6860cc34604680649257ad5419684e4a2c6b97a8107f3bed7b55a1f213aa678044cb65de5843729aa94b7bbbaa42d247b24ded69e2e55397ac339945cb59ea839185ef487f8fbac3122397687d66b726dc472ec1c821c4970befff3aaa95791af4590935b24d8f6eeba5341d414378f015e9726c415ef9aedef67e4fdccfc7409e998eec4ab744b64463b0861e2bf45a96beb016c4681b341a4f31792bd3ee069b5006919f715ea9658d75b7cb512f1763d17ea374cbb015e2200fe1f009ebb397acd43ab839db7ec0017b313710d59f64350e0c45103703ce3434bff270e51b3ea8a3c7aad6974c1079ac6d357906b09e92d524183b8c02ec912cb6835583e2af9f5044d662d30dd0e418e8b9bbed622a4c11f0c1953bc1609a47408599d417d742c4fee891b217adc14f4503cd0d5c370928017fc25fccf3f199671454ce34fc93fd5c43a1c5c54c72cfecae310ac04e15c3777d17ae26017772c5fd5713d6f588b0a29cb34038f5fd1e919f3fa151e0dc81dba10ce244a9266f9248985dec4116e20c17ed14737c3821bbbcba08c269870498da81aaf9237880b913e5eb132fbb238106c72e18ce509de329223c35d57e165f4bbcb854d62ec00af120c04978b004b0f99c37da5bef4d42a7a1ff2ac4e6729713abef20ffa5cdc53b77fdf81e8280275d58ff5628bc3d58e023970f4e8650262f7ef30dfaf8639c6470cee7f6d4fbf696c984dd721e098987d4bdcd7685f281e2c87dc4f2609f9fb3e40ef751bf9e7fb2a9e37881aabb1f0be142a25c7ea0bdedb1d776109ca4b2cb74d20866040c29a047f4d98a1264920efad80dfd467e1c24f4719fbb8734860fefdc9ef555be4fca876b5ab0c569551cffa61d2f8b09f1058b2c4bcf38d0843fbf3c88c4f1c1e966356af37d2f8f3f444f01049bdad761d4e953d84e3adebf9392555a11c603e4692d7dfa1eb740aad7fc59be4f655e896197d3dde2adfb683381bc8ddc41dced18fe40a83fa5123b570b7bfbebe93e2e32f037f3a3c4917f93a6d2b611b3a6d7e60a4720ca51a4269983a25ff34beebffffd19f3602b4090e1712b1952add15a97d24cde48554d0b7beaa3aa59c1f41d9c9d4b36ac62077e246dc10e0e8873e7560bff8fd01a4882a0ccbf858b714c75e441669712da65d933021685e4cbb6896cd9016a6e76ba7209e7432d32d562957fdbac4aff6ad20a3652b4246ee2591797af16685e5408f2acd4cc90876cf5bf465a4c316be74113bacea0155a01b6d948da42e80e2b7ce884fa925fd6d64ae7ac1e78babd1c2fedfc8e495606417e6c4425aaa8ca85f5b617bf2c409c163e5d51bdf6111f878b120cd83b6423ba1e4b36e75d88572d071a858be24d0cdbd0063ffd0e15bfd6f240ea964758628ad1262ffe5552dba56bb8fd1fbadb225462e935b73a4c62325900eb0a8971b84b7fb79fb9da2993b6f9f423e88d20c920779c52ce64c5f8e92193d81cf9d438484ae253a9dbb1d1471de4ed44d9588d5fae54d95bf6bb5c2a516b241f24ea68970c8e8f973eedde009344f313f32dfdd7f1b055de0d9da675f625dc9fdbbcc813c524293242902fc692b5a55c2fd5b2d14dfe12c0655af3d7b73f4799e5fd17164036ae5a1b3ec248c2130cc2d771216079858cbb8a2952d5d966a2f65518fdd28089ce931c3be51c5406255361e9458e900bc6d5a30805c4302069974214ebc1c72068a80729881378c732b00536340270ddb60cb77a77905070c32186ef47a6cc47e1766d112d8c191f6c44e5b4c31a31065bb9c9793556b28ac8b13e35109b02bb89ae7ba396c85a8234a08977097881f0efc8fa7a157004774a05b77cc8ff3f216bb1cfa055603121a95a6d458541e5015b1c211c1ca3ab94587252c2377a088b855eada3fa0d70bfa1cade712c6bd9b34095ba14020bbd3f4c7195bcd122bd18648499fbc2e96f3b726213df812f8db6e8fd7c2845e47f963ede307f3f1c42673d694e2d794f85a75dee504348068eda82b3b2d91133d86f19909e589222ea64cd484d1f3fe9b36f6dbace1d5cee51d8c428414806d59a7b016b9f6cbca96cd53a294e7789aec26ec6f9c6160c29ac3f26370933a6efd041c741fb6c7b4b289d2279b041476a4556731ea15cbeb71e648ee68d60bce27390786e1bd1a8930b953d209a5dd0b06430d8b19c8a8ff1d40e185cb3780f33077473b26c72155e2f215a0efc48133b56859d814934f7a79578ab2817c80af2ed41dbf30869ecdbb25a19eaafdb6c55c7927648ba7a96a4e84fcb960dd01c9517b66ce4639c5e723df8ea08048b5ebb912248f398663491368152d5d7943637fe3374e15be68e30eb8394d9f675e9fa0edf0b983bac7b403110ca7d08cf04a933c001f88632222b4d4b493fb20c918188d5bcbb3611da6aa767446e3f77358f74ae61a1f0997dacf38e90d7add2a31d8aa06e7b3641804100de99e71830864a7547700deb2047996371daeead6356e0680c982bdacc4f0fa8f4f158d68f48b70d96c10ef0f3148eba8bf665a3a761c5b9806a80221e20448637d3f65891c5a9605bb06ec4862f731d644dd226d2f2c29a06c3c3afb27f46272896c6e1bf0a813203780ee751fe25ab1d2e618ec005ad13ab47be7231fdb5d9e1c583f0d6db00ef97a6f28e9ea9c73c1e987b2f516192e220d3d83b8d0bdbea7e59239e0fbd00e6f4372453e43f7367b61f72cbb31a099f5891eb4bb7492f1f58b5b48a65ba7b3722e2f0818e627323902a0677f97de85109860804e7cebc7b6603be94d3451b74f2bb88dbad79d522dc87a21c798f67ae25951956c67e8fdd1cea246f2417b02deddd109f7e26578bde251164f48c9aade4391fe35e4ef1a30cd2fb0e7703c4fd710875218a3bde5ef0be2004eebc34501586a9d0890e71c6bf768a45c70ed78862d61fd6fd03b3007b1e7d51afa4ef1d3445cadfc71c181857bb64d9159de58421560e19d4448f79a9feda797d875c545b7f6279502c0077a3b75b4e3e0cd1a60aedbd41de18ff13df393f5130e3b3bcb7d3d6836105bb28d15e431831bec2f4c527bf3c323638b8d4cf4eab2887df93bd4eceb8a0d46364bb9da3c539452dd00387a341279f07c394f39300f46450ca86e2bb5bdba54a9c93a003d536c2948b8e0825fb49d1632bb07ae231f4751d92b58b04dd979f35eb8825bfdf7dcf66e10b40245e902dfd430f5ae324c72014734780a36ae27237ec64c37026eacaa1dcbf4f0cc8657c87c0615290a4f4d97f99a5b2da4f7239d796b59ed28c14da538188507a46f5f701db176dbb99f2651b7d65b49778815fb69909556c66482eb8f7852c0bb7519aea630cbd186864c71eb0e57991dd291e0a4a8a1b283652004de85e97c400583103f51e46dac36c2d8154ee064ea69c3478db6d6c1c3fa1be94650b8af8eb40d29170f1192034c99dce470b59df5b58f804d8fa3dc46611eeeac7fd08e5b928a8ea60b5a78f26c51321c2f75c9c71a1eda835a1bf56b6a1977b5c992117b3fbe3fda71a000ff4e4fc4039f7ebda0a6530d6d4dc421f40b37f6519c37a8cd7c5ae338ba1bdde52798d69f4e901f34649228d67deabe935050b581eed8455ad7da0a935c39722834c96f4d3aba3d4e76fdde89d0c2e9ce8a3f553654be6659bf496d21a2b0cea3c5f98b23d4b40969dce370bbdacc7bbaf5857bff170131afeb72a38f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a689fe29ce1ea966b6970dc4634ba5380168772d44a58454259cd8a73484a7ecdf2373973c731b96f4be53c7efe1a982cf1e8d7a93439dc8b21d11b059ad535209285d3755a5844616f5e8a218a386ede91cce21bc24df4a3a333fc11976067c37d2ae55918184fd226254c74e9400215e74d047a2fa13030ff9b87b38c2351c0c1ea24d1d5d37d6249662047f1ecbc5e5efb72df496a0a28d68cc6e2b7982e3176f04cf0b3166eec065dcf4550d026387a52692687fdb03973ddd75dde1dd2e563b1f1d12c7e499a9a4b647444deb46c663d147032153b5b6cd00549b12d548c28a48ce5782459ff55cde3268e9dc9102ae1d8571117b30b027a84e209cb3a78894b9b0ebaca78fa6e547354b64427731d0fc8d84028ed0783b39dd78eb750ec2f5e51f7fae12802cbe7282d1ac8700a20fcb21bafb41606b76c75acc7df4467ae133e384ab32d2a954eecf2e89b8740e63c0a4664d548532629f7ea6a2a578542377bc6a024f71b66526c7e585998a6b8d4e6bc1bf0b08601b8a17df9775ce1d4ad56b89bcd170fcb0ea7ebd16646f5864625bd9895e36d1e4b1b46f3a2c37b056a3678a3ba2935d54b94b341a053198aac2a4ab46253228011973eb02be970874e89c5ed2e3eb416425ab6d97260d8e2e763e3b0022c464a7752b59fc909945c71ff24bac7b644614d78f61fc72f6dd1ba2bb22273fa8865e70a05030de79b74f26348d2873fded93d86331a9162ac5922d7f8d288b7db54b3af5f0859c37b776a5f5fd2a9ca737f289d9945a7a06bc72c1b9da49a8d62766b00fb4c6550bb437a47207a08d91b97a49ad9c2ddc42e6efb8007ac0b69edc69e6db8275ab4d121cbc4ed17f6c94d83422be09576315167616708f9eadfa5dade38b1d1f72562dee830c1068cdb1756a10022aa0afebf1b0204bcaf0a4ac2504b02fb681c6fd8ef1814e397f38174e86e35470c52569aa01cfe758ea4d1b84d203f181735e6571b0ed0c070acc90365e402e1bede58fc27ee7f02af869674c8850572d793792d3228fe693346a86637e09dd762e74518a61259b582d209d36960c031f19fca4273f9e988aca7de273f0162a9831748d76fba811c7f17273d8d3c92b95497db19e6eb9046b43c044372c1953fdb3cc57cec0b95258875d3e90a94eb7eeec17322eba6d9c2c3cd4f3af02c91b10af13f1542a5611f06d3aa99e29a4063baa8a79e974d683c03a51c3d9a3250c2947b62316f38b342720fc377e78c5bfb73ce42405926bb33c58d091060cbf51248bd6c01d39f944307ecc48a6888d9c557d62b105f3fb5947b4370849a7c6ac670d3c91e8e9fefcff323d6b7963f5ccac3411622bd25b70c3e3ab830610b0ee2912b568362f10aa33603f55f56541a7847ba5590dbd856b936e7da7d2cbbdfba11b9833d89b19d2ef2852e1c316e9d3029afef35ab531255d629eae7654734c73d7e2825eb0d1483c06b925280bf2f1a0f3705a57d6f7a85e3e2b2bb1b6fef1e38c3181eaa804713fcf1499fb37501e77db28b21a555c2e5712db3ba3f5e53853c40dc9aafa24f1d33bb761993e713368179e6e519b14eb7ac00f1b8ebcd5bf114b43ebbe7da637580233370c01966483277cbd99026f343f75221dcf83f738cd60b6bb897541c6cc8866af7b7d6f63cf7fe0e1e5baec349472154ad2f24dabc6498877b7f312ec6b3ff94abd4938dc14a0af483c7495d028244efa4d19951b57f8e3274191e9fdf4fc1ee420c25c255d8a460b491b79e95278634ff6e81b23d92ce6e145a9dbb7f9d6ec76da129fa3b483d3df5fb83657db1b8ff222d1b0a3aea00acfc9c897ae4289e6d6e1a336aa79ca3dbb8641e47c55139fc48b4f5d3e6077b64a2a947ac0a4e7e8ce6b8f697e72e281a0eb658755a69e9cb8fd8ea5d5badfd39f6ad530ffb8196da0250dff8b301a1eaabd4866cef06ace68c2c054b30cc309282bba7839aa5d0621d1fe5d82d83f50449caa7d35aeebb954a897d866a3c49f3d6857224ad2279c6355e0f30e06f0de3b89ae1d1c8d05f4d799fb806ec6feaf94d6ac1901a1446b659c8fb17843ff1586ac88433144bfcec4c965dda59da0a31e9887ee2215d623ece2a2e4af1aad14a4532f072d19eeeb2932f0ad349017725d52de7183f9277cda762b326e925baa5233ce5bd0f60814e476aa9907441bf5cc2b3768c6a6ad9a58ebb6a2d7bf8a1f67012e9cc1b5b9fadd005296e57680e079acccd45906dc1c087c4ef90696d35a1df780518cc8989562adc817d47ca3be8a6151bf86b0b2da032f5014b2e5cb5b0f021878499f5a043901ceb005a63a96d65f4f509123b67a7682988aab0d205d75cc711f03ea775b99b622d141ef78904c0b78f62f139df591db60c3bf27cfe8dacc0d0d58ed517fa0a4f516408e8fdbc5c449965b599f65a437f2eaa627579e9aae37bb5a81f49beaf020d380c5d1f2415f4648027f7457a8b74ca2f5cc0b47f11042b3266f827bca60dcfe395b841201a60d6f19149be3b762309e1f5a5e33233808a41d5569231ad97db20ec1e92f17d6d18a437eba64cbbefda33b9b55ed25a64f1cda426517289ee1b0b8b2fe5854cf78614d11955f53d66ebcad1b8dfa91e98abd8d4652d2b0f66239fce03b3ca4210d2753e2124c2c576cc33dc3750a2088d3da33abe2f2b39d2b42d33a99e71dd9a999aeb10058aabde7634e2541756c388d74c0ced73cec14c8f8b8ce82ef0c1bcd8ca51d4db33293352acb243e431160b6053074f2f8966ce6776d5e5e9b22519ece4b91dc418e593ec5715e200ba1f1c9fbf4cd2e14f0e9b9181e61a8bd65d4c5d0ebe7890651aeee56534d652bece80ecb386b103729f2271738b6315f5a6bdf7663f0f73796ed34013ab97219a37a6f553ab068a7d85e9fe7fe3d38ee4c794f4895a0386fa976b8adc705b6f392c584d8fe208ffd70076af36cde603a754f963b54bcdca27bf3229a7fc5dadec10064c03465b383599cb67dbf049df96f6a91dab4b61a67b91cfc74dfdbb5b2a140d87692a7836cfcd7b5c741f5ef0c7a14a711f767ac8531042ca03b0e30f993fa14d0f126861603c0fa7e906c26cd463ca095b664fd9af7e9946e613fdb23649327f82bea36561a1167904d6e5439d0ca836eb7a52792ab240b698dfef912738d8e470c38b8a43c0e93227fed3c03d58968f8a8a66b0a453340b5976e0dac2771cf55eabc4a0ba8b0ec0fb2b89c925aab85d603d86c523f012b7dd090ec905b2bcc589153babb1424bad66447bb15b7304211430606494874b110834da63625870894bc5c35c070872bec0d3947ca3e1ec7086c4acc4d9d2f59b65c0a8e9dbf0209057fe25e92568f9daeee8c08754546828e5ed3f469d85248d2614d2473d513b1b1fc5c730211c213de7548deeba211e1cbc638aec5c2da4414059eb3e1ccdd2f581ce193da6ef756d0b8aeb0236c81b5f633d5020ff04e8dd79955f167a66f468752912f19d37fcea69593991694aedc08cd7e6e1e2666b88293c8c648872ab66c363fbc3e1e86eb2e3e5b711ff529875eb42e636e44fa28984a95c4360802d4b8be899a2979c1968573bd77fb3e9a54a21cc11437608dded9a8748ca59d2584708ba44f17164599aeeeac45b1e4b3c44bbd18642c30704ff5cb8a8a3ba09e262a3ca56902782031673f60dcccaab7c657f3f4b625504cd6711b01115b92469453da19d3459b74e32f8224ad5d6003f6b9b7c2aa32bda59b5478d349b0b59d5732acad2db7190dc6cc1ef295caa4b92bf2f91616484953610ca30c59c4f7fb7de9538f7e200cfd0ec2466efd406b385603b28038f0c5be075aa0481b106cc911bbd23878c1bc7da0458f10bb111554dba4b4dfc44e03f27552d833b8e745e4a63a4cb204f0bd617b18eb3511236562e5d9c7459b785f51144ee5913136c518bb41459f252659d423db298407d842dfbad5cec5b3213060b4db4e17b904ccf08daa5963b24f6094ef5a86d43758cbae66ff7281a0a0dfca61d50ef82497f326bf7d8936093b94776cd7b0ee01dc493ec280ca5f1e806b656a3c469f00e8787d0fefd2d795c513387faebddf33b15751e811166a57d42313b839adaa352666e90e4a21315bcf9af4575a7972ff09de82d3837a9361647bf0ba65f30510939c49f637991b9d9cbe88d2013fd2acaa958bdf5b9d5e5da4f9aa1a4d25336cef9f295272466bbdad7b5a353a4f9ff3a66e1e04b8bbce6c0750ddb83eb5e267204986335ecd27698a88f1c1382f21dbe064c304a3dfcd20399cadcedb70936ff54040d91fb8188c9aed37e4e61f036d96993ba887103153a63d516a23f7e8b66d86eb20c090454c44c2d06fbe95ffddadd699aef5774c2853023a368ac2495a0674c5f1cfb8bdae3c5fb21ab7033b8c2427f47cb82fec087dd2dc4e998c66147db58071b887558d6ac495bdab034deb57e343c28d4ef7a1dda9879693f6f95094447bdf7482c721f74c0e50f19b287c995c80c83e9b38d0b36b42e5935476b017f86081dd2bce1c3f53dbc871f18372ab198fa5a0bb3d7c4188a02dd0702ece061379e515fe22cdeadbbea74c0a90fc3fc63bfbada62dba152d984a04de8d0800b251f96f81cedd971a029a3e7bdeff415fca8378590d21908861ccc832f291d9ec95a476ebc20063aa06d4a8d0a14dab1ab4720ab31d1e7df1f388cf5288cefa1e1dd118055d5506180291acf1fe9922b3586d3250b090317c16d8ed83b49ab98c2d3fe2692a834b189045c37fd72655152631de3dcb70ed1eddfd2c7c6a005ebca99b2645e82af95cea8243665c9a83901d6dea256eeb35605c1ee429327993f724459292270a500fe7cc46a06af93d6259d8ef0125567e8cb5adc2e0210ea948e5d42bb093d48be007dd91215dc4a42323eee4b2652e2df8e4668b2af9c161f86eb7b3adb765cccbdf8a4e6cfe4ec10355cce832ccff8905fdf7e41603110dd09a544cb428426e5db395c9d75781779548e4e039f827d6ddeb6bc47a25f6c5a2829f3554fd7d3588efab01a91035b87fca058749a78e17672a2e9c3168e684914367c41dbbb59b68ee33a59b3c70fe19dd27a9405b8829d0b3d16c280a4b24118898e0843b001617c43a6a050c4678b61350c68f78a36c05fefa0d250c02743792ba36deaab1a4a3646124df61160cd835f27efb82d09f5d882ec8245e11205a32b9586896fda64204d9297f83c2788d9d8eca3362277ada4d6b79c1dc1a480db322bb12dbc608610dc8384fa9e73495208ac7d5c6f5d6b5f636d38b1fd7c2079b62b5c826f97d5e5e7ce6681d0c2ce6554d779153dabafa48e75a34589f056e4cc0864d282fd7f97c7b14f075548c43b864ec2294100514798b2dab0eba5bce2b3569a423256b0b2ce7617b212be5967e93f967f22db293eec309deb6aaf4faf6318e047d24ce50363d750d225815ed5e60f8ba81d30c186919d0a60c419b8a49f795a03ee5672cc15ee684974c920eb805e2af4408f750a763362338f39eafa78106fcf2fc7819eeba7c8354dc16ca9771dff8f6cb912cd1fd4068eff19b86c75d9eee87d25bfcea6004ad4ab14a5a1a038aacb467d3f0de7d6fea26bb6f11812e4cad54ba69da8970f43c18c07c64c5281a615ad306359edc9c7f1e17697a91de19f1d1092524e31436424c60b6823ac1eb204a7667892c186bee6cfad641321663d92832fce295634ae0c9109d45a502f3a42b7fad907c31ff5659857066e805db74e2334aa343128977fda18323d9aee6d154b70d3bef014ad368f90e956bf4972ea1a0d79160dd1dc44bf93ea84a1b338af764fc6fc7b4453b5d40f269420711ad520dd3ea0920fd5c788f155a28def9d5639813c224acb06dfd3c0cadf7364b1bf5e78d33eff345449f0936855272ea770737897fc17bd2bbbe7a0d6e7e41c1bb7e8eb7b51b143c204dbb1e894a63895b895aafec225ffd3b778d62b441bcf01ce0a1ab476a43344874bdb3733210bf5f6f5d40aba4030ee312ee8470f2bd4ece205e16ffa505e97a89653a6ab89244ff9cfeb64f1a43c3038c45b118a9e967ddc8cadd6126f4d9cd4ac8c1511ba7aa7c29dcb54cef6e004719b8923a9dad2b6d76ab3eb28d9ec470cc87ba05627952d496e1d009e01b5b24a11e5b9ae5d903ee9b5cc84310c21dbd422a300c7ea8045a7ee0f621cd07e37ab80a1f93cf78747c04f106d1a638fd1859c2cebb5de210fa31268dc838fe2351813e0dc86300678faf07208fb374815f27c99da2777ee8adeafa7dde35218ca314ce080e3b6d11477fb9d444a015990029acbac5d43d216e053fc0447e7e4d2927ecce71891e73785c1ff5c6211b1fe0a82f94fb77fb568cde739b17e28511706fa9b19b5290b946954fd57bf9c4a0f4aebf8c5ed906021ee25cd54f540817130f74c18f3109a6557f27fc86d8572e740a0dd86bea9d57c3f8708681ecce0c8a4b07fb58514561b6d849cf96dbc9b319841acc7e4d8ad3d7db81ff9291d2efbb095a7a0007e5310efe5db2d68e175a32cf5ab59520f3ab66e76ed26f30ef6d5f211556efe98ad7055b9233f00952b5d3695c160fec39cb34a022f3849d5d98d453228d8efda6b1769d3a5ea881fe4f5054cdaa84e371a24810650dc0ec3fa31192937c7951eeb3b0470a3ba9db9920b5e169c0c92c9e405dca23f9aad07d9b1cdc8df62535a7caf8024068ce6e108e15252ec37e8bb2f225a196d65a3bd7b546bb3572175aece6bda33cacb3f33e7f14723242ed0d76e684f26281f83626b2db608c497a21096ccd5cbffb988b65ec792d856561359f48ee4d081775389d234baa2492c485a606c458b3164b362d1ec2707f3f0e8a33cc45ac5e61975e4fe914310ac99755148b3452ab3cacc3100a5c74d88b4379c88ebe20c532193a261d31ffd2b454e3d33203dc98b993b08abcddafedd35230699135f2d23f47ce8a963a5e74445be19860800ae4cfd886baef1a1258039e254bb44d3b34c0080ebfc5c4dc89c7f1dad9e80b7cc3c79cba6b3a54d55bc2f265f45585e551b2f59589da2801e8388bc6e462ad667c12f57dbdbae5366a6eb980f91a94a9ea6e5b95df47c2304d765e2c25981b3e4d9242c3669dd62946576c62c83aabd6e61865d510d180502c5abb746e242e09359efa21a3ce212755e79b1db9fd616caadc5f98f8ea20d4c904913d0414971e7bc1b12144b7f65ef3acdc50a9eb38f552a4fc6f98fdec40cd03329e7463e6766acc34c69ca2d770eed9b97ff8fac32451fe1c7aa50a3ad0a3dbf9c1b3d0400e1ab5c39fc1b547ad0fdf7a90d10aebbc1457b14f82b9456336cd2acb183fbe373244b5fd835461883f6fdb98d5371debf5c3e1b73f55ec0f32c1befb06d022ae6f5a5bfda779ee19a33f7f15cf6eadc9a9483a03b0444d4969104e5a2bd744387eb7ad262b7a0bf9bf03ccf6bcbcb84c2f900464beac76d740501ee66930e5ce26a72a94b99cb6c0428ccda74a1c5478ac84c99599bf8ea490e740cbe774a20ad3a55c764d4f614c2e658e58c55941708964a5ed7da660b6cb60b590633fe462829387601c0f6dc74b1bf482007e6e9db0155a8d42204269558ac13d4a5269659e48b8b27a54ccc08fdd6a4d9b19cdc12ad47f6f4af31fcfc4c029bb4371b8438ed9ae74cc59baf7f703ba0b3d4d1b2d5037aedcfcb0311a0bd17dd02e374c88e0d0ae0213723c81cdadb6e032f3ee5c4c2f257299f31471519b1bcac57f32bca1e96555a56c828766cfec177fe9885f30b56ca442f4eb2f8dd08022972d8509a428ded414246b6167b3ca05bca0e5f355852177eb4786e6b601aae479e024d10b22f00766d4326031ec808bc2dce8baafdb4c4c1211565966843286b9c820d63ee2aa53b450afc384a42ec4a8d444d4c72865813ee0ba0b6144e7cf7b141b056d6f2f1c43be65c0bb85611ef11771d7f99a2972c4c6c8f0326e5744bcad461b2071c7b6877d1044e6ae40fbb20651a5000c50d62d34196bb1d48ca0aba4a831cd5275320c3fa0a74cdf304d288961e31eb16dbc60e332f9f1c3226b57a78f9b7bf2f1814f7b23b3bb6b10c32a540e8933e2d3f29d657511e1c83a2826d280f9b586ba8d8859f3dbecd4a4f23d8dbb990a72812b7f583afa8a34a9661dd05a603f196a49e661dda2b8d724824afa28a37cd79d6bf170bd3d8a4dcf4778e07793d23b92b3bad65dce436d652b9df4a95c12586a9f5829df0ccac3354a5ce30135824503621bb7748997ddc8efb9147372236d05d6be7d7c51fb4e0ffb697395305c86aea949b024661c9e3f1db4482143c259cbfe64aa64c396930e3ffe86214c2cfbe6834855487bc3331b5a970f9999e6b21ef0245edbe5cbd71664c2e9384d06b9b698e0ffddda3aa21a395009cc0946a54e5bd83450bf964a50e8d13d915fe9f9adf1f2825b19ae58a0049d654431b319ac9e6b1b787432d722c098ab5bf05ca6b2b36930e8cbcef5492525e9b83c5d0d029df70df15150e340e904ef1cb2dda06d24e83cf1f0d72254368a3dc0486cf9024ad4f115cc5a37be1dfc7e0cc492eb19392f41834cd8a26e6fc1f0e19fbfe78d81f4f77eeea8d19c820f44b08f9d9bfea31766778687b9684c642a64f54be6e46f266a2e8ab30677ce086b9ccb3c4138e8e91560a77436faa4d62fb2f435ba3e1a2efb08cfbe82c68360e5f8241b07a91fe718e41b34315b31ec606b96f05867f2539278970c82dd6a3eac2fc4d28a1609c02e420dcf29d413e788e4facfd990a8e435416c98494bd86004121dd65c764f76262d241683ad166253242a674ab4a60cad7d6d6b757446878137c0d8ff9de6f3a295369b919a52f65fa164d0739ae51f6fc7c0f9ce34e3a20974c0ac888879d1334b57b8a999c9f4bddc5e58979b82b1107486b056cae53f8893c1b62103a878d65adb765b681ba24f0a01909b844d6468f1e45045e005954429f9477609e81915d030df50b7f11f7b78530ac2667e6cfda7e4ffb08a6cd9a3c5b46d90329b281a1590baa52e32982ee8733ae24a08e1a9f54eb33b43c113a530cade4f664a5bda2a58e3fb334bcfe49553d8e0a2b6cfb78835e8f536290c62c3ce68d63b597feab641e51331fd409487378ea4a038968dca88f37089e65b3b3fe31da828fc43a057edde8c8617136a9115cbbeecc9f81aaecfbb96683a72934e4a2e764695b4c3008b34e5cb78003869751a788762176ecbb9749bf230e2f1e5eac605c36cfa326fc70e394efbfb5c0faaad830dbf1330d6c409e001347538e5542ece732e0f9f8e4629a1c4395e9f6405c454dcdd6ee82ced86de96b0acab7186bf658ac0713d6d0a6d3cce3886f9d6cf6602002e9279ad75124934963d2a1ad5437bf19a52905191ae24f599f054fdcf465fb3c31ede390b35002476c2feca089f0269a90fb2a6d2d6504ea91708d24eb870940e8975a1d11a246b86820f0e7ce57813be183c915cee00fd989453c262c30102e48d940c37d22408e21cf1f9f29860da68f3c39cfcbb12e90ead50b561953ebb63a5101465a627719d0f24200c54e7c5326016d1d5b428ff24b7397e7db059dc9f16405f8566e92d5ed74f9faf0fa221dd61af8db8bc34246555c13c55901d5522666fd003bb283c5023b5d68e8148e501c66936c0905e1871369ab9e9637eaa7075cf364f8140b20a2f20b4ac8abf4aef2ee5eb0ebd84407ce3be50d02f16f556f21967377c38851b3b1fc3427db24d32ca2660deb9ab9dba9258d407f173eb7284938474ef91a9eb22b32d6e9cd57a2a91f1736f2540738dbb836e66ea62338390a5b9e78a77e11f8785c87c9eae21b0cb8703849ea0b703aaf5bc69806a2045c20c6602913896427ab909ddcb70a764f0590483e49ee8e3dfa77a8b359f0d8acb4b64c4ef19f7de1a6b1e0d1b1ba854c714174a6700fc0c39a695670dd76c6018f2af8f21b37f734a6c9563708c9e23af54a05de5ce7dfddcdd890f7f85147dc8ab7c3effeabdcb8065419d8b919ddc1cf215edf5e6246ae335b84e77f991aabc642267722eb1ab8857e2652f947b3eef3e05b79b46431306e0874ee64c2c406af7d68b5f136985933213ab18cec36be0340895d970bfa54c3c4dcf01b29fefb247f5f706ee69d3a472f8cb01435cafba838dd8879828f53debfedf49507092e325e44c06a1f7dedf1b242425c9576149a67050e3642800b18db2cab78807efb9700de5fd14b9d4b7e928a2be7e8eb4662f42cdaf22ecb6b265409dd6c5b02085bc90ea9c27a08712b1edada2e0e1ef26ac9d03623a05fb0e8524f5e3aff5847674f0e6cab351d25f54efce1f665e9833bd3891ab945f8f410ddf5135965e1410adf4209ac18bef7309bad99b61fbb627082af73186ad773c049599d345ffb56c0f1ae6490091666f1105e18212efa931effb1ef920dd935980d20ea5f18b89f76456a074c6e225f52f84a7d1edb85ec61a125dc4178bbfbde7283e967e4c761f7b688a175d6b1fbcb308c0e1549bd7eeffb8ebba9b09741ce8ad7f2c95c0f29abba9966deac5158a8fd94f860c305b94d6004731a8e68a1dce08c14b2b934d05b305c9f9c4b71b1b0b77b4f63edde844758199af25a662dcb67b48f70ff83debf197b007bd775b0140ee003927f7dd3ba73de4f2de3ed4701421608c4dd4363ef763bd50edf359ac6e251a55eb794994d2dcd3b0865ca158442bcf23e25f3cf3ef658cc464184dd09725ead1262c6edf8489435f8a0df62ceb514d68199d70dd25e6053391ffd9628aa0fe7b488a7608d2b81ad9afef3969f30c21d8066a6884b5d68b68d2df4ae03b24409ecea32b6dd32546dc47412964761fecfd32963fec1275f7f95f8d87c39e5997dd95f85830a79c6d908a36be356dd0441b1cedaa786fdec1a3fcbfbab8a57f2e32880a8abf28be49fcc9448e050c9783604b30749d9ff59f23ee5be5eabbe82bfe374977bfeb5888bdb9a15618439a0327dd87b156be8deee72cd4e97cd375061659ae89d0ac41eca9dd42077102e791cdc6894a6d5a20d70c2263248a19e58c8b6363ab1aff97959ecb02d952c55e5de4ff8a19d44b8743fb076b05bc09cde686c1cba64dd41aeef24a6162e71f625348fd9211a1de9fcfb775d295dc7f9cade5eea86d4ed7173b33a3fbed6f523c0e1489e5a6611ec9f1e0cc577bdf795f115b508f4ede208cf1bd61425586b5315fd67c42001bc683dc4833710d5afa5ca4e89366e220feab98b65812b5cecb748be19a2f02507db9a9e1a6d3f523fb9b542f9c930869c1d703e0fdc8251f1b99a945eaccd2184ea8c8057a7604eb6d0afe48e8e3e13b6bffa4a7cf460d00c44d24d7ad78244c8388d00b509147d7b2633f7efea7cf8c1351610bd9d85d753d7885c71d37fafbb7007e0609cefd0173cfa2c84be1af193d9a8d254282609c40e8fbaa8571e10442d7e883457e32027fedd553c699256d9ac7e75b5b2e9068afb46dcc75e10fad54aaad6ef43d4001eb45ef996759054be6429acd52e1b64b4891b2826013545d170927bfe59cbfc2181147b22d4d0f782a699c7596f98756102dcf93ec5fcb6d90d84fcfbd05a1d9417313b3ebe4de01cdd8f3b899165ee0acc1d6191e2e8edab8fe2ec4727a9e1e49d181f8e8ec37255d3828f44e5115b342c8385db39e4cda3d985d1354fd7f4204b3fe3a2f7a7634ca5eaef7c919de838a039a7ca75620dd4c61b12a13d389bfdb38800a633061620fc64ff9f38adb9176bed01a46ce7aad907607ff224c9ed79fc217d2e8bf16054afc67fb34a6fc6cdd09e75d6af1e4bdd2e1b8075f2d392b0763bae24473bfdb407e152da777f14a8fa3720182e1632fe39f84e1371d61ed5171c188fd8f6f644d393d1d057b5a302c68b5fcfa85dc5c2ab11ba6340c91b9e35d4019a881b693e2e7e6307ae22515efddea49bc8cff7282c7e970db2851765b1ba1c7f8e3486caaa94ceb1ee6bf2abc1073f09eb64f21e144ce2314731768afa1101ee0fea8f73553a643b86d49697556a64c626e580aaf9211f6211118fe754ba366135e749565656aaafaddd1d3e61d1c7637c78cd44f09e3dda8b5a9275def9d297d166479fa15abc38eecd5e7b5d24a9e5655a773c26d60917d8b61baf97a4b6f722d7867c93a93ee29b0424752ce0863ec5740f5532dfcffef9650e7bd9465273a18348e5cb625c381efce7fe600130c1d4293ec345f08e6a778371f5915519ac0f52c3503f1a938c6827ed7a657864c7207b7691ab8e9712d18d15618c4ed11e98844cfbbcb87d34c9605774c017ca86b7d794bcc0ad49a2f2ac15f6b05e4b86d6771f35f120e3fa70a1e2c338a1f6bff58697e40b33557cd4ea594863c907ec65b25791164bab60e3836495e8cc567f7e6fcfe264d2c9e9397dd49c918f8b756df39eea8dfdb4073ec2b7864fbabdc0a08833a79ff8ffabb0e827d51a3328fac3fdc1d8b840e929463c3a421b9147ebe0c28708ebc2a77ea9bd991e776c224e796deda142df9544048ee54bae959bc88f651302c84d059219dc91c222c02739e236cbb80c25b24636fd0567a567d66c5b5d7c41f9dfc1e80e0f451de006a4bc0b6cc705722b8862991a616ec7ebf6444f7a3cd1aa5863f6e3bdde37606c08e3f789b3533473b4766563f0c852f93aee46a1780039b546f9afb5473b747c53faaf32b5175860696ba77313c03c54bb48af2c2dfb86982b31a68c9e2977b8c8c1dd974efae08267c46ceb7f949dcb24fbd6ac7597f2f5c7f97ae515193e67ceac221bb588faaf74429c78cbea97c3a57f1f48317f5f6fc6f889042b9cbad0a7922ae747f7d99d1bd7b524f9d39f25774066c87967c7761be0f76acf3af5067f6c7f1ff0771bf7bebea29e391e9308e88d9a7197cef9d40dc1807c6e61eb98ecce6b5c7478cf87e18199cd0c1801ce419e167e7dab035fb1db6b6bd43121a2dd8d77b93cdf38145dda416c337db70f953c4c2dbfcf79f124bdf45642cfa934541d3f52927984254da5883d505f4da125796b6b9bd16c0db57d789646bc72aef3aef3a024ea8f77284027bbe311f190ffd0b81e5ba7cd96d2ffab388e25922af0a7309d1422e495ac19116ef6dd25975e600a234995326d6dc78f0abf53a8d27ec571f88debc5b27796dddadc810c1a020e904e9d156d185223ae533e2d8284b5159d916a169a6eff364acfc9104e1e8363a549fb54b97c1c02f5e90c0ffd9789282ecc98d7cf4c15d9e38555f5307c95d197e365287d1041e1ba457e8d5a810b53f971344ac438c9e3add5798ea4d0badcd04ec9cdd07c14157fd16b7c3516872482c00a04890829eace67f9f2f89a53b455ed90d17cd19c4f0ec2eb7c91cf57c428ff02fff6f6c9e498f2a1d01e85db52e4a8b14cbe0628d4c7809479db1e782c830a1e27f0dd67f891cd8fca11a87c8f0b15e0191751e22199dacc2893719030d807dba6584c8d247ae61bd356d3fa46f860da9916e352c46b10c8da3f6bf8c9feb9cd8683b9aa900762d808a49942670b594c9cd4538004cbd43207503049758360bc7af078911b21d98e3088790bd8e733425b48162bc6326aba5bf84987eb163b3b715d9c72922879b16eeb680f5c0eddb58bc0c3d550a55a98356c5fa4e173fb875c987c72023216d74ecccbf2d2e4760e9001645f3edf85cbce257f1e85e0e34ffdd6f768b41e396fb88fa1f976b74d324cd37769fe4b265337844b985a4ae2593e2294a57905f099107ad4a6c0ac0a3b0df51861db7ad23e509cbfa01f7de818feb9c9cea7bd1bddf2603e2fa359799d7360a9c90bdc2fbe021de74c5e3a62f838da0ffadfc88dfc123a1cec71f570ffb813d2581bd4beb88623fcc9274b910cdb286719d1e7dd5abbfbcda2762ed31bd942f1734330c5ba762f5ae59c8d6a7e60e6474a53d3dadd1c24984e755948e6fc0da53942be1ea0d9903301dbd1dc0c804929180c3225a70924ad1816dd25d01fe70cf48553921941c06c9e4c46c9256b8598212ec94946d6d077af9d13536347b46acc11a311870c012b13e1ab84d42b468d225f64986aab02307cc373901542b429455f180673921168fbe59197c1b4087e6d49e1f3ef9f8a4bee99e8006caaee90d84cb634784c4780aa01b68cc6fa2bc608f87bc3089ec12a7c86010ef30426ce2137d58d675f1a3b4e6ca0febabe77b4f0962c9e3dd6860304aa967c199a8343dc012fd53071f2a36d79b32eca539bf8fd6bcf350d775ce750c98d2da9f8fbe2cb32edc2f06a4aa5c41f7801bc1b0fee0ecf8cfed3e61f1978a8a4a812febc1d830d2a57d9ccaa4949b0c06fb499d8a1dfa6b20de61b73dcac610504a2b9649871a1f7dacfb67556872f0e3419983f8c9f19c81b3840ed37d9cfab37eb8a248fb6d5e9b9972114fb5dedaf5489dbe0614e4b89b7b12f224389995bd7310a2ee6241e59bbd84769f27c2684b6d2dd95376eae845e5168323e2ae945a11d28640644b37b8f8c2783110091a74e995264d033b80df85c853dafcf2a5220686007b69ea22a07d4e4956e8dfb53b7facfd263c07931c360a0acb9db67e1c0c81c723235bb2c50aaf027d83d8f7b77e423b5f3e65c2139970594af33463f654521e8d3f8fd038be0e39e9680749ebd6b62a8e2628270051e8477bf2430dad0afce79d98a90008bfa9611272e4e47877a254d4cab606ebe6b2bd84a26232805366e5479c874400b6f302ecedd245031ff9ce6c8c7ad1b6ec55e85996f0f27cbd11ec8e4ae040e10fe20c80cf9140af1fe36498e6e27f4538dc159dd82d0d9b4c98faf20ab8dd87180a273db5e4b6f9efaa62bf33335ec0c860282bc9b5a6883a54dfaa063d73eb49226b610bbcbb956d22b28df08faebe52e7ed12aa08712556337491be9497b8087f4ed4cfd059bfa488af3022077cef614717c9f40e9027386f78bf0a78f727bd626706400e61a7d32dc7a65d8329af0d9c680e50d8474484085bbe3124d83bc6d834537d6a08c78e3bfcd4547d3cce8f2287cab9971e11a7be22c7a7c42ed9526ae98cee3a68c40d21d211158f62797b53b39aff851a0f4c06bd380def1f06081cb8e16af25ec22e56ca9be8e46b2a5c92cbbdde714354ce34b94e5be3bfe87cb336263fc39dd0a8d4c8f514fb0c8e7af0a10179445fc00b4e805362da324d234f457b4a412e8da0087c044d3aab28f19fdaf3dfe2f57b12c53c8d8204290758b140f5dc1b2a55624221fa904e9b7b1b8dd869bfa6e2eb3deeb886161bace9ca3e31b7c5dffebd613d8d5fcbf482ec07b62fa02105a4e943d91cc78dc721a862be14fd47ed3c57393e6106619727a19cbd06973a75ba0ce9db7018e38ad41bc1f86d79f60f808f70862c0fd3b94a8e8ed3df2e954c43c1d070d674397fbc1d4ecedd87ef4984bd7219800abb543dcb68e346341155b605c94f4b84047a0edacaca2fc568833faf2f261bae0cbac3f1c3050ca7850ca4bbf7ad90400f3fde53afa33018066bcd0453679e25c42733a37f08be91e4f18fe171074ddac2df1644767ca47fd75bb979d023cdc7ca773d30a74a6587c5b0da9d807163e9863299fb1c447df22b0075af855cc05d9771c9b40cee214064953dfd3c502b326462c621e2606ad9ba1d4267b656d4b8331113716a3be0d3de68109f3455d30ba6d211278ee3169d26d4ca389832b188865fad3061f70b02db9f7d96a9ab9b80d68afa802273dd3a18ba57aa4a92148f447c61d90b35dad943c4df92e7ef55af244fbd0835fd7787a3bb3b083722ada4d29a592f1b23bb3dd99b503ec253f9e2d93b144963d7eeb618f744f4e3aabcb1663c4665b2b1a1658845edfcfdfcce2dee019c3d39d95cbaa14e124ff67861bbe683d024450cb119442363d98e4b60fd140c8a61db79c3dd3d9592371554f64d6afaac75fc70a7b89fec81234e51338e07f6d232cd4f4ce3c5f6ce8eca3f651ada1bf8346bc601337f3ad74b844d398ac505d9e7052a39a225ca730dec999f1f1486e9bb67da078bb8a93a10e95b8ebfc9528193d791458ea5bde77f7d792f029138ac96ef2302a715364dbef43e0690984449e6b75693259bc46c6dfdfdec7c8421dae780c2585ef5c1dca3d30e6bd32072ada0ff283c2b10b8fcc7e55034f50f6e8192e3edfba277cb129b46fb6b6439248c00c9dc2d5194a3e326b2daccdecdbb151cca4e7677078e6cf791751df9aba2261dcbf8a01419128b0d1efbbcd035c24cd56d4abde37191c0ff57bbfd9ce3b3ffeaf08f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a68f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a69657a68c4cbe1562491fd3953b51ea7b15ee53817861b55d6e171661b3e271338f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a6fb07595bf8d498a03cee0f15ac7ce3d05afb745ca1d03b810d85b81f6ef8152f8f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a68c929cd7dede72fdca6802f64ac61c167153c8fa6d7db999cec4abcde380a9c2267a476d230d0a802bdeee6920e5be43a9ae9a7abe3b34e66fbe2c2e920092f42c8d78ba9d8b8d7d22177851d4f3454d78e3c8897c0618e02c20f1701d9a46fd6ae90143e727ca5197decbdacf901cf11b96afd74496bd778e0e7e01f2daf426bde44dcc85322e182c801fdbb9e372b34a25047060a249eaf2c74254800e1f927ddd18b0adcf5890e2ec9f4ff7e7ac197180d6c6c99708ace5fc042bd68da71e1b9203a1b2a01c1a01c78640332c16ee03fa69ae5c25fba8f079f518c3ca462e83ea35bac6ffa13f16f7fe623bbd6777dda4160a29417f8e0fe1ba42dac3affe732d0f9cb78e34f28a244d6e279bc1209b26cdbc6108e5281d6075b2cd7bc36e0804d9939452dde5d1abe2f3be3fb8e29f609858771e11ff12a47de486748469251c3e08d38a3dad7fe9be5d9ed5bc019703e90e64350fa72e05d7a22894daf97218c37ce567a0e260abe6d0233459dbe2992c531cec45b55e899155ca4867d72196592192f3f56e96685d78e4e44080d29c407be609665beb378bce7347598aa7827c9e0413b58d95dddc2f0194c099795dadd616e4234161fcabd955ae2790220eb2b83fb56213d9e84098ad80abd67aa06948e365b92259ab0413ffb51a2e4bcc37e89a342367973a90f29d82359657b23dfbc838e10252eb9d23217dff0e3566aecb44a016731f4ec1ead8f7dcce0fef7568aa59189c5737f1b86d254ce7b28888d974c13ca74415f5741c3365e0a093e261cca97fe1e979392709819be4e6bd25c64111dd250ca9d41a189a073ee858f2070d57dc91536e5c0992c28160c1b6e9d82cfd4d5e552fbd4c842bf696c19252fef4fa9c255dfafd817416a008e3c60b8d7042922470720788a8ea698958915c47be4a51f05b8ddd4ef0ee4ffedf9b04ce5880406ed94265adc5d2030c9143ca924a849b595bbecf4a0dad371ae05c391672d913bd9da020b881d4dacb5dac04a76f49eb5a656bf8c73247cc3feb47914a1ec455e70d5c434f56f88f354d033808aa6765acee126533222b7c9eff20ab56de3d87c8635e66924f7a0426532df3b994fa29eb780801d25cfdd0fdb10e298fe58a8944629eccb83ce69dcc902b8afebc02424387c39a3f4dabca3203d3d1fd05a5cd289fd9412faab4f2c9e0620d16ff5785e9eeef4a35534f176a85003aae2a5a158fa6205def38b80d16cf19399a92c356f2f8f30eafeb399af0c6f5b001b57fa91473ab7b7f50d5e80331b76e3d36e2203aab4ef6a6c41781ad358e7462693fcceabc39fb5c7642404968a6c8f609510eabae3d4eb87e52b10962c8f3fac9a90c24acb51132db3ee836f6b48600a059244e32bcc67fdd80e5d687f11f6a4c163915f16444140aa2530d06961d44eedef0f2b90c2d03f48a69f0e33181f974aed4f58fae5b8eae4bc450040b6a9f8902a76dc1bd8103450a5ad29d0a711174de7fcabda8d2d19ba3a250a9fb35350dc5f0919b816c72d07c9b558eba39589394f61354389049f92e380a6706a79dc41eae12a6aa2f1685382d8555314633aabe1bf9c5cdc48726446cb508d8a07d5f3f33da8c103d7296368bd1ba5ae18e1a05895ac41963eea299becf311ad5e9cf94798b96648b9b84b360818eb43c3be7f18568995768a3dceb4e15da7a061c1a9dc99130b2483501998f3d58fc1a607ca1df1538e7647e83fff6fd16191ccd2d28f54a43fdd6979fe8a40161b1c70bf55db94a40a9535d1bac4c8794dc874d6d97f22954ebb5fa3fd8c89a82dda69aa1c307187d86b201515b1c2a870f984f4e74cf5d35e22558f671b29a0cff6bbc6558760c9ce81015502961a51213eed510b1f4819eeb99629acbb8773da33245bef7d0832efbf8822edde6efd8bc17853acbd4539ef247223b731b2164e5c2ddae53abf570bcaf209fb69be6b676c98160d0309d3fccfb68ba8d5e8bb7c70116e86de40868f423b868055dfb6b0b9c4bc2ef4a50dc50e96502373d049ab589d5682f5b8398bad1c668216f3005084e421439b3b0d9d6a10bf67b1574d8168d54e33f1db40a2f181e3851e66e3fba1bfd62ab5d9b1c600591448b6156ba46d40f3cd358dd590e8c52da88c91216a5e5318daa20fd1e27644ad83cd99874e47828cad3a6bd2f102805199aa10281fdb82f933c71fba2d23376be25744e1caddef67f391083eab09d6bf7e4c52a705bbdd4c4c42157ada1c64c9b50c3b25b1a8a3e9d89788cb92b385b88eb3ffd2cefe9c61b9e1aab21b2f7904bf759449b51640b734a12320eefa32487a7e811b29973b7cba0973950fe00a082d21c6db894dba82a7197a6e1c67f87ad3e071ab6c020c0d62f8df10b2f844dcfd3a71ded2a59b08ff99d35c2f824914eb99979310597e56a683b1b8b00f0f615a31180dda34bb57919d8a553830151a86e3de5168531b9028d6705cec97817fa99071180275e6466e20181d3f819ee06a4197d6d9ae2609db72ecc9093efcd79a39a283ee00edd4a54c9d62f20ae7a17486823135c7feb906c4fccb5e6190e94eb0f4983b07b150f47c8095374309425fbfc919e4fc3e3f9eb9b52923b3ee55aa1ea09a10ea50080475b3b8f7688c47da7f4c773833fa610a0bb7e10d9b2b0847e080292b55f7f53a2ae7893e452141864e05774945d98a11d60f5d7508863de35b4397aabd4683df6a9c2beaed2107833c572ddcafd74aa31197b02bab917e9d107e3b7617556f97dbd9a020a36a559e844fdff3e8b9ec6fc7b79a09936bf5ed304811fd2d9c68e748ff18ffe23c14f5456cdc62bd5a0a2164ea309f288a2141b98e620e07b9a015800c0a01ba31311c808954745e94fa4087e47a0dc44dfdd0c4230ba52d45649892c9c45e0d5b765ce723877f195dd2447430a9dcd4ae4912dccacd71f430c51539d82b24b5c296c4352b46cd2464beb888c494ec90282562eedd8a5e8ad2a82a44321b7e2b77d1b756ea1ae516d21d00f480f70c835cc6b2211a52acfffe801862aa2c1616272430063cf18e3852be6eb682dbfac49fc219c2b9b133282538ca477a582543a2d95ce03d9367c337fd02d09727e33bdc2a6947e425d75720d46faf50ac5de8ae1aa893ee781a91c9af1ea766586a532a8a7fce2d47ff5e8ea702a01575c706a98aa6d0376faf87e19fd677e0869fac7808f5e6a4fe31691d00cadc2d4f3945f2b1fe58d680f2bb0ac97281d93dd058c3e7c4724cc17c3433af3f318f20bc20632b35535d5e1934997c5d9e38e4db2c30f7dd7e207b2666a151e48eef4eae5c1b73dcf514dc3dfca7632139c09b5d7ec98fc5e3e455b235f71918698721e50b685a55e66263dd661be5fadb503d76538e0cd8f037a0c948897d86d9eebdd31048dddfcdbbb5d0c2e68b22a777dd59569184fe886fdec428c24a370c0f088f0c5e9738eb6f3c4acf54d7a83bf9e09261d4cc32c4b479a142e46b905839e364493e4719a3d451ba3de53c1ac2678594288d637ecc0c17b756deb37a0112b66b98f99009e82efdc2337a41ccdd423c6380d35c9a9dd95d6c36696650359e50b5805901615b26dfec24c30afcfdc5d618854ccdcfc27e80fd27ddf7306e25be48f6dd28fdab79055322806a88942b157881dd934654c6f5a1e264869203a00b96f0ba68bedb9298e5549caf88ad13e38c016b5bc292f739963e4795b071115e25e775fc98621ecd68966219b9bcf5a8995f5ea7ada62a7171bbaec82eea9c4d92682371fc17d244495994a010d2583fb9a931c0e1f2d2aaba1550dff0dd026896c907ddf03bb6c6d9e8c362162e5e026e0c0ee15400a4221c33aa924850191f79e0fe09306b013a5778b82730a9f80a9bd10a58e8a34fd1a09ed92acf272f5d6d21c758ae05e27caec2f706e7fa7045f46ae9bac6c05cc72ccd96d58f2bc78f9e80dd51994cafee2871726a4cdec9abb79c26c8b3b322da338cdea65d8cb97896c41cae85bcdfa04cade01c776b7cd431b944b342b1587acafdca35422d16695f106f65f47c3427bf454d30d39c2a61bbf24701338f8c8232cf31d1aa6d71cf8efce7582f5d1b6ae3308d58f5ff2138096515d0827ee2532881d2f6ad3ac5400339fc62226de68646bde352a47ed0ae2bf595d14aecb8a8f4de7d124b862a17712d9148ffd30c8348441b90f7c51f09dbe796d89b445a6d5f10b0e1c5c226747619574eb1ab261724f6408e9812d2e2ec9e6edc7b70cebd0c82917c4dfabd065fb14768abe3db824ac258219dbca9440acedfc5a61d31fd16058183207fd5b73785c5432181640a0ae87b238c0b4efb5a68bf39c71fcc0d6c60ecc2ea3145abf750ca326c83156e3d75415f17bdfb0d67395f1d6fb7494f607d9064964be8ccc5281c4ed084a1f865ab2ab24a61d74ebb85ac46f6a164bd6ec6c75c0f39b23060fe81f555e415887823df30b04ee82f1ced4768ab486a63c85bca0981f1139da03f03405665de835fe86aa05a61501d779de4057b412509267a10758071485e8ee16aa289bcc69377c71a3c5fceecc0bc04349caa7e9a22619acef6a536327b14d73923a7fdb23f91b701be2967ab6c69710015bfdea146187c8578131e8d10ed89fb78651f63e2ef2b5552ba00ce97fc4c15f46067df36c04bbfcb077489d6bfb388f3bc8a805cd294494bce9a42d0921f4071caa6d98cd6fe91146a57128dffb2a11f9559beb551e59360ec43d67b96f133b0fe8d109206567bb50e3baefdf8fd79587c2a7fb5509ce4ece810ac6513683a00949b8aff8d246d126d29261eda71702e11f7e90463744c02c0f34ad52d3dd2623cfab258f16a2cc20a09a86393c711bd32acfec18e691da05abb42a1f4c3f0ce8e4e13022b61e10dbab8703c027dca35c0e87ed1c69b32f5269055954217df09bbd65465da60a591dcfdbeeda57d98a3b004347ac2cf4d805f4d35de43ad4533575a24a576c3136b98cfefd3d37610145b86004169112a605ccb2167c4bc3b114cb0b09b54ef050daa01359c74a214864b7a6705ade6e1f37cc4303319301a5d2f0d5288db30bd2820602694904239ab93036faa56eadad89b944e33c517abc54136e575c23e5481e85d99442c7de09f904e3f1f31d139bf6d8b502a92252aa642da45c53a5b628c085b20eda0d1bb1ec575746152aa38bb13b1167441c9cb91defeba62b220b6e0648bde624460e4c84003cbbf2416daa1d3b8ead40a30210065099ccb3e5294fe04f0b8b79e36bfe124ae0a3c0b058419d0bcfe506ddc301006e8804cc783db467e47a266f2be4bdebc8b9e168de971f35578058a690f4f726da74434c03094d8ce595c30919d144165b17ff7e2e40e88061c9d227da988ec5e4d5be0a43ecbf4d99883fa5b521113b37013219d45ef20a0cb0160459f450ac84365aeef5ea950bb9f4cebabedcb4aed711fabdf1990c40b2fdb883061d59a43b40335fe22d06250956765a7b7fe8391a098c84392c4be41b2cd98eb6d35fdaa8e0aa3c213cc8fc0dd973da31369bda75dec08cc3bf16b9710e2da9a50ca31deb96f27a49ac8531f4b257277f9a895389455f5cdcdae45bd6d789d52403174f101a114efb8b339856d6312d1b9d341322869b6fb7cbf821a6d9c96dfc4099db63c2bd47d7770761190b5fdf38b8af74378a4ff340b7d26d2d5b030822657c0700e7020961b33ecfb59ef9d509932395712f4789c341982345fe6e1306a2cb3aae3fe657a527a3e030f6d35c3e06b17800fa2fc18df4dc94dad62d7bcec8a3bb475263f8e253f07ece44e7b38ed82005419888f0b5312019de427b20998f150d55b83c9dc67fc60bc0e848da8b3a9d79cf17fcc469c50f625cf0481e1e306521ae11bbd14ff766452df39f77e2c71c0a89ea7a5dded9907b7b5d70c7e8af98766eb47e75f85013c656f846b11b1ec33ebc549a539e5ae31c2d16fc29e42b6bdbd1717dc4594e90729ee851312b58753534f63c3f9ab6d5f74240c9c66f5ff679f023bd8649ab14285b4ff5b9efc97ec941fcfdb7966e4b11d0785cba8a8cc376b750c99646ecd6e1da33586c0563c6657318cb17d45bf2fe8e932f5f92fe80a0e65fe38a9a317d8ad9dd69b110de11ec01411468d5059b2d9b62510c2279a5894799172bd787daacd416276c18d3633376b169cd4e2b2bdc4a13fded950c1423d65a505e7a42a308f4a851ccea6bd19b7354f16de87cc6b932c3c073a5807d3c7f2c95e8aab414c189dec787da12dbae6797d43bb02319ec022c8602897e1ce4461d3df8cb3016788ad9fa62a30ba6266842ce50e0723315c4d4b87de00bebca3e3034871424d7ddbef39dceef83938ef737867a03bd9698a541de18fd17de283ff4ec4610f119f96a52ae313d31976b0dcc9727d60a84158ce3467a879fedc44bebd0bb3ab63ab9b62bbef21c41402022aca58c8b503ba28d95503dc610456a2fd7dac882db66ed950e235d72fc14cb6328c0fc0b8e68d2bc84635c7e8f3371d37c1d4fc1f0a4f4c84c682a115659f1be5d1a2f8182d816adeb4f1595d452b821fb004937b4cd66e2a1895421b77960a954c14ee7b1f12100a262d5d7095ead6a27b10cbc0c279cd7fa37f5efa961067a3f9c731a101c2c50c081f5ef7c408088d79df2630e158171397dec8ddc3020a698b45eac52dd4c958bbf105f4e3bd0e7b4590d1aca441febd9845e56f73f41d822f01fd44892805b586896c9483ccf2dfc75816d1dbdcb41deede9d66bc738fc33307e3d671dede527951215c0b00ff1b5b81ebb04d18a2f6fd94e7f1156140f4ebdbf477c339a768a9cd28e5869528fc635cd065e896d7eb11e238a05b9102359ea370ec75b27785a81935c985899ed2df6846bbdba1149ef9edd39c6f18d37f29e5ed9cb3670521f142ed6d7d2bf9f2b8342d2c3aa4d008aad3243fd00e4723033e27e253289356cdf2cf9ec46135a8327bceb4f36b0f077b7a232a94e214b3b0a5a85152e4d89c193f92ddaba3ede1ad651f46bf425756412e9f6a60154d65ec2ea67921aac920eb823fbf7795f5ed8368bf50b403effada43d4c54abf5bf981ee654bba0c5035113de6b30be049c73c07d02efb7d412a1c81edda90abd6a3db65c5b32c9d57954cac2699ebe289f40925dd02b4b4a70f54c52b25ddecdd2231f87a7d89233f5acf334ffd215b7672a63fb29922b29253c6e9914584c49332d12d8e105692e10851372045a3dae11ff3753246c253a5feb19af462c392e70b1f4696c990bd8957fc71c1fba836316d73c556748007ffd29edc5d4af8b5db0d157d85565038de1f924fdc68fc820149a0658740ba36a32c5cbaa5717a52c771af0f574d12edfd3df6e13ad062f6a071334b7e50407458f5447a25c6f97e33bbb081de0dd2774eac7f36a5f4d6a1a6ad6c4735e9f5350dcdc838859347f967575f0f8d1c96e9f5d0f471db8d2d0802de1d24379d829b0b304ff582fb9b063de112ae4a7d8192c1e90ba0ea94efabb8ccbb19bca9ab35de97a31e874c3c2734b6618880cfe0bf26eca3698b53319e92d677b16b83eee637097d82a2826d04ee6c1fcdfe799ebddcb21cdd80840ed01ef7ba1e4f3f79abd0d697cf5b3d8783d8ff4f60dff561c029c8ea9d59c6671a07cb727665bb762efe31c20ee29d5dd89c4fb19d6a1bfca738020dc0e364b81f0e7f1ac265afa35106c429a6efb12199a56e623a2915ee57c5b1f4e579456afa1bb88dc5a4308d8f33a5f2f795e7416811bb8b42b37169306f570f6b2fe2be6c8d8b37526224d5fe9b72cccce9ab970c63f3f43d307cb80675509bc7f09b517a89695dd082099e0889441a168eca875d4fec773aff2046039848b17320e2fdb99c430009553ba8c5930f420025c7631fbaa063335de451c184539bf1c2a0bb4cb613b61612915f472204820894cd875ecf936a8383322dd4e0ae895f56f21ce6ff1e93abc9900c3ac8afb0bd12c5cb0a50fcde9434adf6db43f7e133365def8d24a566cbf5634efcb43469f0ac0bbed46768d4d231dc9963b58041a6e63caf3fcc4fbf81c3c4b83c6ab5ebdd964dc6d9887c5e183363a8cafff4c0111715f64514449b54dbfd7d24d4eacee85d9945646f2a4651c2448761b350808d3a4427c5d6e4111f179faa9ca848f2c16e7bfc289918a38244847e206f290ec1fb3fb8f1b3171d6639064829d08d07717c830645d3e2839045bd423d357361b07beafe2ac7d1adfcab772239db026224c76b86d8bc104a3822a416782c970f561b3a87df25a0ef93ac0754ab8dc9391d28450dab982d059e654aaa64c48316c19d3647a8dc5266817a7edd3058e5fc48ffa101ab842a3e7022e50ebbc11738ab5d362b6a0d95eb6a0426c9c5d97f4e700d91628e75ce0511d1965a71114a09a9a9ffe756d92ecca8c7084d517792f748627763a14d6ac6f01e25d36de8c28c2decf2762e5e18509bc98154082c93d2672f3abd480819e8826a6ee726e97dd24790ad772b196ca5ae7dfdcec181473b604e8f49c95aa9cf4257c75fdb758f8e7bff76fa72f393021c53fdc9237b21da9dc7a9691ec5982f577ccbd482b8d8465f23574c8aff98524f8df498f463f081146a3428ba1d60a6502ef19b226f7e3ea5e916db3fe3ed6c54a0c76f527f49273cdbdacdc8808cf57071ae6bfeb51b4e7a69c33f28509f7917f012898d352f4edeb968c8f39d4acc568c08a82c98e0dbd90bc6afd5d36cb28f3952f453eb7bc10878acbd3fc72d1f913bda7f940df0f8958ec52916a5d65d2d8e20f94ca65599ddc3813fd9e146350b87f1b50ece2e2954acb67553a6a32cb5ad296192f5f66df307d960ab6caeeb8737cd3f21a7a0b93c4d60a1d011a39d33962a438a04658a457fb7c0b1b0c441646eb97f0af6cce002ca8f07aa7d0af9f8d63f48d4099f89646a942c8640b7d700cd7d744cc97c98560f8612f51eb8673aec41a2dba07fa2aa88f9f70be012a24fd30656bb627b0275555d311bfe00d9b1aa95679ce25451ee2b3efd5a31f2cfb0ca60652f345e6b89111c59421e90969254cb6926c4f6306943c997ad91fdecdac4d370cb1c884bb3c7b61f54f40aa5ef760383790a9e1e71bb0c78badeb8140380b995211a9dd41bfa58ead72e692d4865fc44d12fc59b4548c9c72ca2eb9fe2acd14a67a7be7a30b3fe234eaeb29a9b52a1967efe1df3b8c5eaa0a6a1a23c846b5f462f5eadebedf59095f32c158e189c0f59f014fc14481d958a9cc10d1672dd5347c3747a667d8239ea577673144b74d62b73292cba22d9c107d06c377f0fdcf4338f8acaeb1b82f31d783810729455782ede1c4c4e634d153f5a8377faccaade68dee9d20926546398b40e4d3b9b891d55b77bfd8d700a83870396dfb52518df17e8e0a8ad42c61abd4596a3e41f573447928bcbd1aad0ae60543b2faa7b463606585e38aaebb1bed08dde4e0d934b7ec4ad755958f1ab18e45e16c780cfd5542805fb798d120cfe0ec17d812e05bc57036ccf1b4af65c0ddcc5b02f1bb5289250aa82f6e9268381a5457faa8d3986534ccbb3a8007a2a378a499a5fe6b86f0e95ec6e70018e4cff39aa0a47b4f65a96fd98e68ac3f7ae2258f6879aa4f605f692b998ec8dbbff43fad26da3dc6314c0203d2805b474e209532595a7869786931c0fc6f36a655ede6032aca00614dd3258186de92528a65032bf6b06f6a2aa436e9da82d433ef30ab7ef1f2954daf732a1d7b23b117c62c0a9d7db1417ae040d52e81ed354a1d9922505eb49d3b22f4c5584efbe54de99a6eabd52fd0d0e244863f406eb8a09c65a71bd550dc74ae3d1f790f7a76b7b3a54135b734a5b91d026d89c21f4b813c594e4f232ed9f25aa86495ef90d052f6bf77e696f261fe6734221a643535e467de5a71204f39dbd5ff53a653a623abf4f2f1f9f28448d93955a4f44a72f77d0cb246dd586f7aba844e246e34844babea291ba93ef76be8359e9c4864e1b3356a8cf924e012afd0973b0a88a98b82e0f67331181868908c35e358255a23bf17ce12c3a010aa5a2ad82d73e70cd59b967f62f6ee3ced5c5f78a4a8c0a88f95d3784da5e1ab2b25ef3bf09a094cc9c9e5fa3229fe7635dc599fea7eb6d036b99bc7377dc82292b156fe1d06ef84338d15f837b8fe0c9a1e7092922c2fcf637ba8fba610c9c02221d99c2c080a8c73fb2a3237a9557d6c679d366559ea557aa9daae07849e6834bd16ee10710199f3db87304d65cbeede143518d6a89fdc62c802d35e423b165015e9111d44b6a60697213cb9fd1fa64784cf4eead7f5fd3697d771ed22c1b561f74560909c518690e49d068cb161ec0ea42c2d91794daf0f81559a0d84d08eb45c566425c215aae9e2651e7b1eddfc951c9ffd29bf87bfd3ef0f16a18b535b0cc82d3e8de42ed9b3414a85826ca2e29a6c9fe0e67a822739140a242a7a1133f25810e64bfc69d01396ef2230b069a0e27683d3ca7fd7a5d77ef456ea22d6cea848b8bcbc079e22aeeb6c387d823ea944fa2b0d562ef0e2497d0b16eaaa0e96fe000540b6fd89e155799e5a919d40c9188a917e6c72745dcb96c6573344a99ef9b76db4af7116693b0c4f9365e26e13dcce643ed146e44465cbd97e3cc211ef95ba4fe602ba4749398556ab0649b5bdfbfcf7f909c8b74304eb8449ed3e99de013e62ca45bfceff5946650e26e4cf5c08b8a1bf1ec9ad2bd70d228a881be18c1441b2292b303c750934225a7e268fb8ef3806ec4d5922a4fe156aa38629f6c075b99366681fbf8c86e4035b37532de2879b4b12d4d543dacb1a87eb863c52ed48e3b18e419d954f02573e85cfb1b25de977bad47ae260b796cfbfbcc97a01d094ec881e990a0c2b09f936c6a9a768cb83f68d405b5ba4c2961aee2b7b89cbb4897b1a80effac86dd5c2b5ecdd0f8a82b9a03f2689856f4f39a1f9eb8621382ac5e63aeb2bb11164752738182e62becbf2a61f7b96ac1923ace13611277e6a45547045067533aff016d32c57129d3ceb88f85992854fa55ed68eaf07f9681146a0a6c609d268e0146b08f8a51d7ec72700fcd8de7aa5c1a1009efe69a97a363dd9297eedb0388f4d1666c4da32d2b5ae8b67138302d7a4781bd43e9fb0b349c2976d5a1f813ea25c31a650a04e35d6155cdd9cb5ac332e1131f27f509a81597eddd0a8750c72140fa6e316bc9217b3889c29e20d51185368b2d21e9ffee6b240fabf909a19ef27e79de94118c1e91cceb564fa121eced2c90eb18135c2051d2a392b87cfab2ffcbe8995f29a49a20874637790f534eabf688214949b7d9d3fd7bfd439a600b81702bbc17d732330fd6f733e1a2f5b26880a88bd05840550bca5271b230dca5a82d3d4b35efbda4cd78df0f3b48ca16aad7c86a32dc16ee1d3d4ef0ede41ede5cc68695e4f8eee6689b63a541a42ba03c4f8c6b18f4c490e862d2fe3b65740b502f5b3bbf1e703f9f91e06a2c04e9bea5a07dc0d310c72d9b9be8eb8f1342a6643f1575ac24d3508782015be833adb847d1e53b3501c1756d6f3963735cc4ee04a37e6cef5ebe1ade58c10ef16fa5713416f68f57bc2eb812b72280c68ceddcdee9ec8cbc8870e40f6d6835767cec5f7387f5e1df6932b677bf9b9fcd00f56b32929b17c14f030515aaf1af5de522681daa31354d219fb041e65cfd8d98b009dd2626be7ec2521c7e2e21e38423b7c2d84529d8113562f6161a4decf0d27fe8f30fa517afaa668c75c521e185ac442e0d8bc91068f387d6785d713a79764c0359dd042adae17901e23cb7c24b872baf6d573bab0952ebbc18502cf71adf3cc190c1d40ee802b75f64aa8339d5f64b3bb3e832f122ffd8a358166d33a48a9984623402a7e8a6a752ba5bb803368a3ff573f3dee79dc0d0554426fb9b66e8ceb7c33eb2b7e87623ca987787739eee238ab848cc248d8085ac3676cc1730a963ed210abe35d574f5413eb29832f5bb3b2be197f6ab83bf4ed30d6ba7ed7f982f5a4305400f6554a1b2b45fb268a2f68329e432771ec963a94fea4b32bbfea8e6b9ba453743e6c5462ebd1da735f1e80620b05f96124c11f97908d36fd987bfd921cc7421f82716f2988172669dbb37eca93361790857061446ad69cac7f896cfda689a3e84b1d19c63263b3f8f1679f324570fd934cb76679091d4011d955f6ffa0f1046f3bd35872d071f49dc9ef2523537fe0582e6181cef22d8b2edf86d56063b553c71f7f91c6ae6f0247492dc8c62df459843aa7829009856fc4645c582f3da13d8d1a839360ef9b091776c1afe2feb704b7839c9def7351f274d329cee61408d54620f60f2bf81a53959d3b89deec87606b2e283aa65fa3e5adc0a8c9ab5329522735db16c0a83f9bf0b06c64080cfea6092ce61b415558d20b4d2f4b05608b58bdce2f7e0c8a576991a2d806aea049ceca898d93a77f6dc63207a393148af95ab5fde3bd238120d552d0ed551c7c80426e484c517f5e298974a5b87123bf97d7d4d3beefdf2e3aa9194f3cf28ae659cb6b69809ccdb05b6a137330bcbf82f56e8a3713039dcc53806aeda3de17b2de796101f4f61afa4a249310745ba92d72c2a6a689b01ba9c3a58c662f3183b455cbcc360c14ac989ea2dcd266366b1ab9947a62b264078edb7100fb3d888d6af15960e354a96d2ed0088719001dc7626906985b86946be81376f1ac88bc5708a3fbf19e7f19250764ff66628723ff77676326ce7b4abf00b630b00d72700818a5e34e6f1491ffceacdf91cd9e7b07b69eff19ead8c6e55a371c020e4ac4fa829bfda8d0ae6bd6b1bb12fba151d24e47e53c02749bfbde33b0318d937775742eabb03b6b2c153fa49db51b64b55333b8ec128c01c6aa2694e08a76d7048a12edf0e23b8c50f2a84a1b33cddea766416ac833be0cd989bd47dc4e7f357d488f6355bfc8b8e2efaac6d71c6ed9b37428d48c58e97a3f6f3b27578dbfbfe8d831273e1eae3a57e08c616ebba8b1b1f0c5bd1787e58ec1edaccf2b4908dae2bafef5d1015c41550c9c56353287916dbdff00ebbb0353af1e275e18234f0879126bef5ef1102967a98a7fcff986aefedc4ad222e0584aa3d66d204e80876fea9091ad99985bcdc42d667a9cd7612455deae83380940601864e97c430998f472949065ebec093dd310b114099977689075d0ea724566af422c5b478a1331c82ddc8ee89a1cf425838f1671e1d9859f8d3b78c9d462fac9dcdd2cf8be1716db831f6bd427590c9982a30424fefc9e0e96c97b729d71bb9b173fc2e5756d4832760366a93883769171869741012afc445071f5e67cbbde8f028238a7b5f0d5ad61f01e66415b539000625943d830a6836425d1d871a316532e05a627bd26f1e20dbec33ae4f738aa028ce987d836fb5e7c444407e6f73574ea279934c0e3502d1635f8460421d61d35eef7c788edd7199284fb79b4851a3347715ae5e4aede4229033f82941a698f2b06aa928a609633d537403146f74e46a6929c96f438de8c58ecf0f86449eb7f75d7d7270dc1ddce4533cc80bbcb360ecf2b924d9d09d9f929dfd6199d2b0875b15e3817ae82e72c8dfe748e790371ed89568d8a2c0af4f88f9c110cc3234cf2ae5026822eb111d3803225f5c35d5b93c032853af9fbdc8e561ebfc17f564f2c952fe9f1bb6bed0d1950d7bcc5fb7d61a2a50efa81b53a7baefec6396e4af5ba550c7b2a1213c3c7dcff9d4fad9d785a84b6b1726055d11683f5b9343315d863b643aa215e930c5473e11b5399b0c22804eb99e3384978f01fd211870b4a131a0d2ee4064b159ac1a1d6c7751353c4139947cc2f37050ecf3ee6bc3c4c208500dd75c44a4afc908a8f076fa989bdfaa9b5f08f77e39f5317929272d1f0994bd3d7ba96873154ddc4c786d318836ea3483da3a4e8bbfc1b3c6886e75df5501c23da27b58d0740c433ad93ae8dfec35afb2f72f6098e342e805aa05b1437cf01270fd26fcd8ca385d1e92320f2147283dab76f4e70253d9bd83d6159287e8b9ec96221d1fc8f042f255e8da631bc70ce522e06fe99926cf5ca6a98e7b0f11dcbd15f0cbe46dd93c587bf3aa380ce829edf5089e422f2602b2a584ebab2af3e441f683d9c904b0c4ac715e62e72ca7d4e45d91ba5b3e006433068d5c8683eaad4a2dcb7d825b16fd6f4c24dcdf8c5831a9a79116c51023bb9b61259854f6c2f57251779bcef17a7607f9bd9385dc9a297ff09fe169f6ed3e9997e2690205578cd49e32c66a843c349cea871b675401950f5ce0eef74700ef92eb71de89d6c3f04ad36f482f07f7bd8bf3c7fb115654b991ebfc612c110b1843de00ce1e7d99ccec55f7bd777b50ae5ef9ea7cd9619072428044b77527f23f9f842e6c8a53bc50885a03692ee150d98a8909662733649b3506b59abdf8c93c63eb575e73a7d6337c782933373a62adb8221dec95c6ec73133aa0b97a5f543aca56f7ca3d55af99e6405c22a63009f0d6262cec2771bbb66e06ba133a48f080992d50ba08eb900a176564b91796e32b4d3246d88c3a048a1143df387373f31512cb97dbcfb85192afec220c7f7823a5c4653c78415bab1a638a28f1aa0a294a550bf6f92cf7211b6c4a67d50a15d7d1662c382a3ec94a6a21017c4e69388259fab0ca68b1c4e89fc9bfdb9a302455e4d4bf289c2f9fd26ff4b7c0dcf35f322404a09a6d4455fbf9c156f6fbfe57bb8bb490c3de132c7184018420db357f0e7cc822378667ee957764422554dcea8bd5ec0181226e5c6735d89e60781d134e2fa34447abf7645265f014849d57853f606cfa7efa8e1498d4271a7775c6e23fb24f3d8f6ab9865e068a50f511a13cd43910fabed6c721f2644ea5889ccb4587c5be1d506491b8183ebe75a74bedf113a2a3fe03b1a9e26d4c3a5746bcf39c16047a5b90a18fce92c0a5fd10370225bc57d192b87e24f97d601ec043c9fab803b76624f8c88fec024b803ac7ffd06065320b5589fab9ca52eb6fb6e158ad4d1030ad620ca92ed2bf336037245a7405b7e36aa91c4efc79f270009cd1ec7d3061697d7036b5e49037bd5d3e41639d5a7a32ec08bda443287ed2e915662a2761290c24ccc9d2c4e3f361c6d8383e3cfbd691f5103517e3038af65fe34afb85c270130767029c8d457b59346541be1959bff29e2e653ff5be8fd1e3cd1c5b778f17845ccd2f91d58500816b7532b9ba71ad2ae79328c49cef2ace10f4a6fdd8c7d8443b425e1201e6f007a1d45c8153f9e418d8214651b2ed9ad257bdb80e0d85d117bb85f2957be20a3bf66db4bfd3c32e1ce6142a9552bde015a955dd7475d27e8958a3280f542db8066f6ced1a1c7869742f1519661a7ccf5dfd89217259c00e8d899867827d6dcfbe3eba35ae2ef6ccfda8e172a20f703e4fb0bda76e51e2a506ec0b985044614d4b1e6753fdf9ca679b4de3958946ed3ef50cd420407f9eff3ef1a58e3aee107acffde602f11e9454d27edb06e3408642dfd4787403129c48ed942295b2c1f13557798d9a889676e5f841d9e5e57c9983df391d30b6bcb1a52e3a20d534d5cd23ecc31020f6b0725049179daa01522a310dccad3d8567e2d92df49da93721ca1b790bc3f5e6e06bc2f584de909ce2b1eef075f88b0d8a1057ee32760067e9cb4ccce40a2b471f7de7520326797426d5114ae1edadc25e7928e45da82f7354f9a222fe26d61e635a4d70963a4081d36a4c0fc905397675d77baac6214d732468a033cba7a35805cd8d6e938cddf57bc3dad71f45fd4b9d2733feebab3bbfeb0f62fb884bf9f5bf7b9dabcf6805258eca4a0cb02d715ce33147351e12d2f774a3e974bf100ec04ef7674737fe5f3b11e5defad912e9f26de3ead6170e33a477403f76be6dcab9d852cb772dcc3aa0eef63eaffc4fabad62438eae39fa94f2ed62ba99257ad9fcfacf93f9018ac6664c1db8702c1ba53191dae598e07e46371def1b65abefeeb58ca9143acb7fa33998144afe4a2907a28040d335123335018039b53698e8b455cc8b0cde9a185b0bf841063189819f161a2200195e44b25b5a3bf995b70f51308eb70c82f3de3ac630dad608761f2c005c3b518b561a0938343bca1881a309af26db64e078ee198efe1fcf2fe049487f638dbca4e5975d15884c0ef3a3e0ed1e78d2dc53e3f76020d25154af0ef724f14a52d926f69ee182ec9919eaaea940adc8161601097d23062cc0daf41d3bc61e2f30ed4749c25d2848cdb5df5845ef65ac3d6ddabd41fa5df791ac235d8a09b79d25ac89d085e5ece7877ad7011cc8ded5893352106fa7208a3b71a514f17abf004c41299d105cc56a7dee54d086e62e57f80c077681c95f73d10de77074a8b6d60215e8eb56a1a45687621351c172883451cb5e2475fe0282d333bdac18f43f9b98a56dc64bf704cf2bd0eda92cfcb7601d9dbd32184c51a5b878998b88339e01a54ace94be4f65bdab9a641edaa2f38608fc83075b77b851c53c1816317e209ed60667f5487cbaf1be3b9124fcf71fbcae4aeafdcfd144b037e23dedf5fc69c7fd340eff80a6b80392702b835d98067afe5af56d4f66b665ab4463b36f08751f351c7f584fd540602117f4e31e67ac69275d308d88f32f72277234b9e02d26de937f2a5a21a9d37f6c0c0006c1ea9adebf0a96e40f87438b40ac10178bd499aa547f4305d36647a56b125fdf5fd5f03de4807369a3973f5fb6095ee9c463437490c8778a2ab1b3213bd47eae116ab05ceb8095e5bda60796f5e450339977bc2df4db4dd8d45e7f03decb4610cf005441e11b5219a6c50ad9b87981fb1c9c01cfaf469478ac120494587af8ca71cc5253ccc1bb10795b686ea88465cb8bbfa03f203a0e3f2636750f786ae45b6baec9b3698cc57f4b41f3ca30385088475e24d0a57772f9fa78936e2d1ddb04a1dd5d53aa094f23cd94f46af663249fe55f51e3a72609250fe36014c5873c88770b0b64345af8ed05130426936934a41fdec996daf1b3b97b7b6781ac6f79695bc2d12f2d64790fdc46ab0fa65a20daf81fd9610232999eb7d866360bfbc2f0cabbd9de522b5744b885a98d8a0c3986e3c739722e0faac138dae8a0ba83c499aa7dbcc8759b94448d2a04dd1dadb4847632445b0de8f7e705c23c4b58b7d64c7efb901915a5955cfc5e8973e5a970e01018b2423595978701b2f4b6ea7d16121608ae903e255e7ce35bf1249e588f9c0d64b31db18086c715876d268f7273b3654fecdcb2f1b15f08e2c799dcb1585fd94b151538a07af998764533aa29ac905938d3719db4963ccac48c960d1fb0393b996c308f4b5aaebb9ef4a34d03a60c5d68d392248d178219cc428f35669462cfa1f30970d53c724e5f89570fb172454b6f4fa23009b99f555438bcf9624b186a7f17b40f2064d1fcdf32f97050950132049ce4112d94d500fe3eed0805b54a54ed18e067befdbabce0974edf076549e2aef6ebd6a5b85d2352dbfaf6acf2e3a3976b6d2bb771721c86e287eed5dd9dfb50370fb546c504fa39bd3c23ce28b068e6d1119f3cfa1ca6555737f6cea5ebca441d688d55e741588be752e16aaaa913f8c44ca44cb373d996c1877aa9664c18110c13fa5b863b53872f5d221724be14f48e662573b2a9ff39692bb9ffa5f3d397925f58a70a045f5b9c666146101fda0ef6bca62942e479589a6a192926e000125b00b7aef14db868adf83f30bf0c54b5a0dbf53963de4c501f4359101a3c275bef0584710feb4dba2abf4ee164ef40a3b3566be6efa8d2a520816a019a4fdef845855a446265c63b9bd73030be83a4c5b66530963d0ce6f1850d0ed67586cb3bf47c0dbdc093f818ddcd2fe87fc4fad4f036a46b60c3ee45f98d9aa84a4f4e2760ec940ce117b17010132d1b89b8806763c841ca624de209d17099da9fda38b5075f3e2160960b86ce5dc471345fe2e06768a33f7aa609e1665b3a47a10956e12b44ba2dc1720f0697383637e7ec6f0a6762f26cde2a580071a549ee3dfff2d504d631d2e5919fb9469ba3091eee0cb1cbcba1eac06acc2b980e8f7dd24ba934682e7e8372f79ba0c36626fc6c216b0bb99c541a871b9ecd8cbf1bbc8f41f97289d11888ca0f6ec9d3f8319042b6f9a8e1b130a8fb4503353de7d019cb19be93962a33b220184ce18d054c96d13bc64eecab4842c8950010d558520b0b04a2b96973b407d37e29a909bfe7427e5e1e9c4f82b95c0d613a328ccd870a3f7bb2c2a5c339c5fd44a90e96a8c79c87db459a600aea18164e6e8b07c557e70e5eefe8239307c3af5a3819dce7d01cc7baac359a947522216d0cf68be0e4505415706d64ced56d4d0d598f0595a4898bafb458cfbaec07eb311b9569f6d56bc3fb55858482964e4f8bd24fe9003843cdc95b96e40f3ba00663a4300e57a94d011e34cc308a6387c0affee80f93db82d4e61b3ea767fdbe93b0b93f08656cb40c2f14c2bba9590822eb268854d699c48cc3ec5418679152f4b52d1872c071e5fdef728c08fa84c342903fa7b13cebc6c45339676f3cd20c3e59a0c8dc1cc3faca453eed1543d40dfc5cb608a79809056a23d93b30a4c672c18f1f6386e181ee242eba3e930eb9a54b6128e095235442e85184dae90aaf57fd4db837f96855473af2ce2cbdb1f721872491be9f0a48a4fe17c38ff4152e7e4ffa6ea21a584a1fdecfa8fb435407061e51a1dd1805114bd9f250ba3647a3f60b6b66b948522eb041898bbde5725212ebe71b34c735e0d74d73cfa2b7a6ad8cf755de30d86b056e67e2ba797b14f79eebc8123e078b2128bf5e738ef60d6cb486d45a96bedf200360fef32f2b77ad82ec16b10bc3ef1c587e5c22a97d5f8cbf4bc10a43b1f56d6aa73a79bc360c5f00adad0393e9787303e09a95200271d5a2997c011466313a9c130a513643094d1f3209a4dd8c1b3661bbe9fef56d05a7f392820fec940710dde962846ac6e997f319b33397c9332b7be5fb9a982e317952b0c23394d3052e4f25c1b9468975e4ca42755037d4716840b606063ee2be62102d28b89e5ef336470c977b1453dbf0d8cab1fd0908a2b6ded14c980e5200a911539412f44ebd7ad4a22441f1ae48bddc8b41e047ed33a03a6addb9a0a63022803764ae048114d703aed9f264d6fa5cb068139cd5bf9b4935b653ddd7ea1879515ea5a76d8294b5e322e6ae403825332491d4f782ba682acd8384f96be9b5891deef078d84d47212358ea2e2ae4e5aebdcd2956239bb50e759e14f504e8ac29f7cf860bffead730b7c27741e2988742df1fadd2e5688eb22d25dbc9271aaa35c4886b42e663943e07a1cc9b264e4dd3e05032bdd8efd1be0c460586868b3cb06bb2aa4b23b3f62d4c4f5443127a8bc2e82385fccb73ab28f244fd6480f9d469ecaa9b5226fe7d61bc519d5abf13642d93041870ca791aa459a1dbca254fa8ad61ce5cacb05480a739cb23bc9819fcdc32db61e0ab2211694cf384a4b63f80a1447ef43add2e9f14d2f7572c859642895a9d89c04aea935365f856b2d99e3c91646361883a923c1bad887a5d1666c0920fe3286cf11a86f790fc7a41fc914aa3266204054f86655be3d3b1309b4ef424a3e2b393aaf717ee18a32d848c45a5d29a5878376cc2b668adc0e57a2eb48be5a767d1dd5befc13254d576aae472964a74a994f217bb29450c756ee56dfcb396c0248e6910f949c4da44333bc9e7d840dae631763530a31530f71b2dc4106d5cbc0d5042822e09df6f492634143447f03c341d66a44b5b62a0c28fbfacd6878e4e6dbddea8e180d2d8296cf271585b8eccd59546906465a3d70d82eff5d30c186c0e22f808acfeb206533ef195436ede11c6ecc6b146a1601312f4673da973f8247766e5193d376028c6daed4f96c9a32ab4bc5297a1ad205768054dbff343ff139b6917e2bc16e804bd5bcfeee92fa333ec9137514d6231f4cd517f94f55cc5823a0928e16da9777116821b145b097a9d20cb25c5ce27e90a55c8114106ff955aae8802a531fd24da70b051e32729a0d4986719d6b0b5138685cbc20c0afa763d8f9f43c3704b26e0b2cf530b71314d223b753f14e3bbb1888632be8ebd35cab3c989ad7385c9aaef9f3ff91e6079c325b6baf17f562196778f068e9ac5ccaff88de4b6bdf93ba8548f6268e187ceb0abbef0dae41c887070f43f58cffbd1016b5e17d7d77bc2f64a16bbe3c1649e7333c911540de1d176e8c02cbc76f8128b5eb120cad0b2c6801f3ae3218045efed6e43cb1553850dcca10b08e5d083038659ee59544ad44437549707cc6d326503eaebbf88a6c996921d8c81dbe2a2c1f7f96b8f1e4bf9ced1ab96ebe3a724d4264f6ce9ec99578f94bf613a4d54ef396dfe132919e352e9ef51c4ede33d47ed97b8c8fbcabb07b07c3b17569a63df4cc544b8c9a9df09738c6acf7ab7fede8723628fedbbbfdb83e857f0b49fcf9df30e3ec1409270302efa623f62ffc3b7ab23d45b96d7086d42ba75ee4628936f5ae6b895621de96203fc3104658c1737020f12ef168f5c29169a35b84b81238a8b3b87cc8ef94b2ed297e89fa9f78508cda6a4a9feea44f7b5ef177611c1c23c3b17d10e3465647245ce783d629d751f1831f0299fe53272033413a45d3285cd19951fbff4dc2be7cb3f3a3f482849d428db5dde630538516a03ea0de00500dc0d9306dba969cb85db5d231f992a7e753aa1892c30565c623e64a6676c02012169c8addd9468958c8c7575209346a7ad6b1a324abe0019c1773ce46106efc3622dd4667ab7c59cdb72fed6fc764e988c710ec60d5587978e8816a4f590d9333bdd02504fb3fd2d8605a55c9fc555ecb274ae80c6d85256de0c349764816335032acdc7f236ece5eb8e88fbed8bc37285baf8b2ba27cbff050db0dc0f93c39f1936f80f9993c2b20deb58d10debf26f76fc0ecdef58f49c212131bc84c64e8e09373d485f04b20282fb1183e72f17b31d0026a9a58139de34d3dc30acdde409e81705741b390c74d9be0299dec44c99cc862ed99321160c394fc1bca1667ef7bf3afc42e10a4cbe3a630ff057a21b73b00606c3af61e360c5c49ed6a14826fe2fb0b0e9abc0f9efc6cbbbe2e857b01a1b0f94ad4611702a3ecc1f6c1b791b5c3a155e158c8c0f9ef3bfbdcaf8ba1a56f95ca6c48ea3a57f9eafb6f9d8cc68a4b64c3841da2e651a3ce3e6ea954bf494519c6335e4f3d74c231bb3df4cb951e3dff0e7cb22c2b502aff30ea1b1280ea3151ffb26b3d1f73e131a7e6826160b730fd46d5972abfeebabb58a022a9e9b9dac2a383bcb7e199148c0c58194196dde950b8f7f3152832334e016b3a381e157c37a97662888c75eba5ff7af9926583495925f1e6c1368e8ba372708cb3e1031bf487b59a6834c1c8303127333ce36ee322c04e924efff047467c68ba8f188191dbd1bd604ba03ef9d9e4bc7c4a0ce22adf26615ebf6c6a05718ff346a59aaa035fb5013a5349715ecf23f6a09b52b435fa613d12a91bf597934dd72f42f97186d5b521683f76628443b03bbc2962cc6d7d8c2558a04938db7a87e82b98b14bacd1fe33a11e37d24cb4ad4aa4b8c43d9beaeb33906a72770c9f2b590a7373a36036bed9a5f6930f89571cb8799b93cb3ff488c52d5bea9512e76fce2a0989b51f8b2d4b7cba35d7855c4881e2198075a0bd46d865e456a8cd49d93c97099ded2bdae138f8b4dfd5c2c97c44eebbc8a763b578b3b807e594dc0cf82d62e9f45120943cf188cdd6d92327f592d8276c5806636bd25437a7c1f6abec5091c22d175a1cb0179e5410a9123f0b52ae38303b5a3a33e97cedcc5ed551025a0d95d162b9a6c61ae8eb121891aecfd6ecd4f17c0b2138f19210cb797357a740a3457f33072e5f746f02b38fa690f9927930e3630b792c4e71fe11ace2a2d09363d99820c0ae2c13d344a4e23c5a53a4425afda52dbef3a8f6f865d26246fab1b4a4005ef1a2baa403519bd9c000445b235ae9a0b9d5270a190679afcd1e55be431d025a00c48432377874d9c6f3ab0287527c049dd4ad7b47f7fc9cd5c380b5591f5bfacf78b103258a50f38bbc5058962247e5f3b6f5d2625e689ef484a35437f8a630e2fbab7ffb6b5ce9be53de6396ec7082a0a4cdce103dea8b8ccc81eeef5b2ade695494d049ac9e6830452395fb6a7bbb44722cb703168f318a7f42f5c6e5b16b464116de243e3ab7abd8419627dffd725602828b79f4f74c73741c6759bb6ec0fbaa2ca51e2889b3914276c6c8e6dd30a4aeb7d1e57ec357019c811a47d39eed37e07b7c3a4772ecd5cd450702b104e1309ea62b55b5afe434e996967c792760ff0690c821718d5763f501a1fd84a85129fc3aea8e67d05ac9d91d393398c18278234a2e66511a3f0dc54007f2716179f657ac86b512dfc670addab51e72ad450b66c4886715971a0733486ca8f900457718f12a5c07b33628cf926a04c3926b032ae8dfdb654e688970964c27c2c44c22f6f0b17126d7c85806f361e1bfff4bee07848f59a253cffd39b6885dc8399db235d2aa79e7afb24e8a7a74ae2052c9daa373b2ca9fe036306992272596cb619752b43f0aa5daa2562cb4cb540cbea089db1d8d0067c8da37a4ebcf00995d94f0446e2af2d6f5de7f1f725eaf272ec1080cd89c9c68e7f618a5e705d5612ef70b3cd59caf47609059c80094e7f8b33636d386157d4d30a30c6e8a68fd0d898fff821bfe3b3e71bc72e30d8ac0278798e11d8d7214e292cc13a497057bd0e8f04cd0d5d00c3304f6d053369657aba16af3d5e37193d156cd881646bcd0e60835eacdea889349c5868dfb48593b108c4da824b58fec0c68ddbc8a7ca6a61033ba3907919d40e09861cb04dbaecbada48ed288de9079795e234b1905bf97f98ac3c58a6ee090901c32ff67600b159a552637106e927bfaff774f695e7e8d1c71c09719389782ebb8311262decc077b38821fa4dc610fd6d7532b11d621c3c6f0120d470f02c8b5da0a771522fcf7de32a43eaaad2849a6b70c3c54da14ad5e0e7083452c712edbca47882200fc516133fdeaf4f4d02bf3928bee621c0413ab6423107c009e5bfed971d6e566f20ba20c3c289515d87f7cfd57c04566e8a81e6dc613cb09a4b8c12fd6a2c9e653006a541f05f3d3ea2836fc6dce48b01cde2fbdc2347a6c4ff0fa23f942654a74eee60b45d380d9c513e7b185d9e501f762ec8f4a3fe10138386e92c0d0743ebb63a5b8becd4b3563e698e31717c37308d7cd48b0e157c3876446a263349ad43ad7b3118dffb28621d6ba830825b50b602e858639a5ee072c090914ab2dfa6a448ef72c58a5465631c3a62ac7f29ba596823247585348ab88e073d00090e6dc55263b78bfba65fa77b9c1449b84b29a77529df3f5789f6338e1c8bcabb4b1e9e0364d92f88856f5008e6c0efa64a6a9c7ec1cee530b3f598bdd2e67af8062173aa0e7e9d2abf2de14d357b427dfdc40ce4419e3226fae862f8c4d3a0eca70ffb5b6e952f0040bf76e886495489c270849d7ddc8c904582b7c3966eb80c252f8b4d011281879aae8b7e68ca2552d004653293706e9176401db629ea296ba94229ce495b99ff4ef87b27668798f30ebb2da9483becd45e1fa08d3443950de2a586834ec0d21ff284d9042d60625af71b57cc6cd3d6036957ce47e0a8f3f6e2595b13b039bbff1baadad60241a23aa7cbeeeb751ce02a1cebe16915cc746e313e68152c690b132dbfb9cf50b4e6753de9c5ebdd603e692ca78fc0863ad41d0f2c05f8b734d465320e6ae49a893d71dd6b0965904631ca734638349f67962f27cad36f3d9c4084745397458b597e756d84dfc9c67901e2ce11cc8ed4e4f3690d713fb35962e52f82a7d65f8ccf0d6ce36dff067484cff8fe76c3a09aba801a7da8903f3acfadbeab25f25ee3ee9a5caa5bf89af35ab492daa39a75e862ca2e4b0f408bafe1b9b2a7d92efbcef487e13a570f613021255192e76b4e3e3c45248ffe30996c4b2114a6f9b71fc268ae1afbbbd6237b162872f6744167309a5688f2c3a6fb7ff6d533ff164cf8a9433e8a29eee90ead7d3af1076ff51790d94ec357779c821643fb7a7e547a4e9bfb770a2100ab5259142c387380d5d68dc4cd549c8e19e0567ce8abdf98e795e067f4b670ef8886321109c2f6b1a0020f86aa5231512cbce41db9b68124f8639b56226fbd294ecdbca9f1ed99d627ecfdef44de66c15a44b309425af4bf02a978df01192b146a1a3cf01f41e54f39fb4f153efe409257c6add42197128235a4d9572f3b549cdda6f2b12b096b1336a0ec67afae7ccaab77f3d136901707cc11531a342af8a39bd72b29c1475f318edfd04696af8c1d4b3cdee8aca809afe36a2597e9eeb93fc1784a8c0703df5cd28401bc77e01d1e6b80368924bd80ad0d8e6b3e1f2c0f5edf4ce685acfa9025bd5fc619bacb2d63b8ea458031405b66c277c0b35c9cec1f1d75343b0eb307c7b0167e78c8b391cc6a36ca299145cdd55d17fe474aaa9bc366400125bb0233efb599561cde24322874b535a0542b3bf68e2c6a6982ed46f2cf0048f477ad16f004150f2afa88fc2bca90ef3a1b10b354e8b38d0364e03c02f4372d6d1a7b64b74db2267a056e6cc69b1ef6183a801742c49f372238fe201ac694b194dca6c733f196de5ccb1eb332b9b7c8bd3c49f22acea380204d1ccef5d14bc3f2212220a9a2651ede83dfd3b7917cc3cbe8a9de8e91d0b3bc793147a189e7d52ea4654bdf43f5dd0d3675d99fc50a4dcbc032ad4a416df36041e0d942aba9b73967854fe737b77978ab2a86a7988d823f158985d92b586ca1fcef1573906e89a285474c77c17d273114bb38593b461ae6fb3a61ea33aa1fb2910231d74359318aa93eef87c1d585649d84178a55a04d2a8f742bed4063215faf6a8b6153477a07b25163c8519be8712db444550d2643249ba52ec8cdf69b7a814bed1d18c541cb66baf8d1074bd23e8bea23613c24964eac129170994074aabd0e3f3167b62d2454d1ac97a01f75dba87fd3e3290cf1551862bf2ac369cf135e4c0c68a1222e0ab86813c93cb5ee5e65e91f555d652a080987a190bf396386b84d58f8bf7a5292009a14f0eb1c78eed7184a4d06372f0568833aabe7000a18cbdb8d2d318da05f6323221a1d529b6747f424720be370b2627045755152bb0e16c9749a9ba0793ce8f6992253b0fd344582505161e2ffe7a15138034cb8fe1a283e4fc6e283c1e67131c8fc697877d455baa514d1c892e163b92fec03ec23939b1921de17eba59089fa57ed25d9a2fe723784ba60cb15d04ec0411929df693f538c8ee2d5e9d63f6e612068e31026651b302898ead5b5efff60692a17ac7ce126b9ffdef96b2cb17b5385d33bdaf8e12828b181bd1de6f49a0387c56b8b0f7ab71d63e091c145c5050b4f72b84fd8b0c4209d58150386e0e5b077219aaf6611214555e28ad8af3abd1d4c2a0778ef3493ba089e5e9fcd79bda04e6cbb118b41399d87af2dd5c6455e4196219995d4c6ddbcbbc9d40e1c0a3a50a6016500b9419aaeb16ad3daff9864b861ba16dcfa082bd2b76328e4300385bac2f120f1e98b4ab899b5a5d56ff79d7c0023e37320ac1daad1db15af648a1462fe11c6ff202c03c75efa34929146754429cde624636e73c114249ae781a3be0942480805b8923f878b6f87d0cea960a61c98defe1e87fe5d51d6cf9c01d92b82f0a965d2319e7a150269c2240299d4216e6fffac0a33e9bb1262fa2e243e06cd73664d7cdffb9f6816fc8cc7207f40100a49900bf5192e1a03660cc98cb24670a3bdaf2491b97852f94bb6d260ef0cd4b57cc9bf1335f20f81c38d3193fdac1f0ef1a36d66194c9b4cb90151b3029672275fe1f8d415a99ff9b5460e298daa0bee2aca697ae3fc54501761c8708ded7944440e7bbf72138f2b76e8fab15e393740fbb4c685cabed882a24364bbd8af012f625e94be555963450b814cb5803484d56a2857c4aafadd308f37353420308c67160c39c89359fd9b812d8b652eb87be19d77fa7973dc84ae058417646532ae4021aa0b1e8bda7a98a028e16695581df28067554106bddef7ac2da0666eee92d3c029bc09bacfee5c5d70bae0a70334b9afda4407180dd3add9543ab22c7da40e9a5c2f9385049cdb89d1c542024dfa29b1105612bc6283c769afa53e0d48d78ac9a84dce43014c354d6a3362555a69e3077cdfd30752f7ecfbc289272da5c8a7f8c1b249b012b8f2fb34413087bf2294c642e0ebaecd85d3d35211bb0f37ed853dfa756c12b12cea0c7e380acb65d5537120b9357ddf734bb671397586d074c19dbfdeea1c63f6b81ee2717599d50ec81d4f1fffc212c4e4babdbaf0a038bc81d899de7836253dfcabbeb38589305db8d0507fe1bff6719d2671256a6a8bf2a1b33b61c1a712d164d2a0ada4322d7540113ca5041a396bba12fe1976b9dff6544c41c8f1b311cac2794a9410352785d955f6adfe803b1b765e436b70e32b62085943d3b6481b950ecd986d37c339f690c3dd4d311ea6979ac28b508ca2f1502023a30d266d0b51b07592d0db47965112ab7e8b31eb59d23bf4691a8965cf1aabaf532b555ee845e173d3c008de63c0d024b9debbe2e1f224bf5d453f3bc01a54e399468f811b960b848f539c32fee64a9ee864b5f834d9f7296590d257f31e5e3638a7d809b2f40a6c61c3c716df6344973777c5731f32a742f027eb81366db62ef49e5f2b8f221d82895bf82945ff5aac8c58b21344af0b971c0266b77f204cbfaa2c4a94ac9231b6d0afa5d13f56c00b76f93c45e8cc6648e3c10dd43972fd167b9e241beecabcb868d3d1e41740bcd3b1fa1bfc5a5dd7e9d4a4bb90dcb6aa81eb92a6a83543d6345d5861fa893336c8d6402f67404df28eeac13a6f121e96531f99f849cb8e114a1a5041e775bbc60bda54f2a0d4ed1b3def2aba390c054415f36d9df96258911fc4a83e47b4488d14035b13eb75ba4479bbc3b24db65b8aa450ad13df2b13beef2759cf4726984f69b12ab5fa2e62b1c16c64a78f6d70503b1734d24514643ad7e43aa5f43eab233ec08957c9b870063dadd18d5d94d8bc50248544cf74fcc24340891b43153dfe81f79925a114fbed7a4ef5df22a1d6bdf5ac3dc0eab3ff46dcd57d2cbb76973ed661b8b7700c58b16bd008ae4e41ef6a31c38d53cf24d6ef2645c63e10d2b161de158a558c8e443980db2c664d3d1cb6c7c23b50846dd618918947913fd1bec86c0a9b15d23a1a083e0b53c2f671153b332d38b55c70d59038f67038a8bd5e67c0f767ee33700dd72589e9016134227009cb08cc7f481f82bbef3a98e3993c6c0e2a7d24264ebe94b7a7fc33ca591800158264d3e63e5895d30021e3a1acc538c5e26ff95acb21c7cd40b90765a9b73261b5ef22fbde599e15a5903aa07f1e2361b1c5cdf4bdd728fc6c8ed7c6c7031d4cb3a89ee92279b87b67ce7cb3323eb27906389ca7e56a4d27477beae9f236675cc48a94b7c37350c13d3ac4abae639a6a8703040215a2dabb703cad526afa5fa236c75da832ff3626b8ad39a9fc58349a0e6595cb657e447aa1677cf2a9ace92d2649dd9b8d58f91d5e25cfe08498535c3b9c6cbd37be51dfa6a875be3983abadfbd1a564cd9c745878d3b8f9570dc069eb6c293a04cce3fa904aa575ba472c2e02dc1baeea265cf1af639ac021bb981656d93f8b09c5f1aee167c9501c2d48b1d24545b7cfac34ac4f1e3e0eda7cea83735c3c0a97961c0788c93b9cd536124efda945d2e0e0d1967f85f430c8b622598b9e6ee5cbf5a4861d8ac0fc0876e0e5beacbc885653423c5dd704f2728e0b3030946d5d2c5f85a13f250ab54cfe3f6f2fca8cf1cc658ca0fbe5d5d49a4373fd222807160066201a5b46323c2e904586290af967f6be2b75cbe66deadb34592069b07184b113b9bbe8db614267bdd87fb41b48c3c3d71b0f1bebbf5807b55294d9a34edd594e11c03e5f2be54e3e245b5188942501011d23e9f7e75a4f959b1d7b24aa23f714c7b95ad44a2553347242be19e829d5c2145fddd4c6c41d36d4cc84e1aa1efe153fe08d8fdc4279f4e50465319f03102d540b2b74acaeed1440183c15d035051a99e5338d3f8de357c5b96f55c898ac49203d2b22a839957f5b5dd7de62d89ad5744e4da1c5ebb8054d7968458039d54be50ab4f7ac4a2f64909aef77b1db8d4152ec0ac76b6460dcc1de8c2aa1444834ec0597846daceb728465377f2ba83e2b9b93540ae354c38fee05e4654c692df80a8dfe1fc108e828f1fe00c96618b8889fa85aa66e1a500d4772d1de29fd6aef2f4898898d13ce3b3200ea61738f7539806e0a23d9ef8f282dfb20baba75a6f0c913b2091fbae3d583b4a88302c4cf7d6c7939e6feb5ef8feb5ced9d2f15d79506f0d4564ebc981799193f506ee9296ed9629b87c2e7a2d27925ba548d8215ad6fa92de8097ce6cf6f054f0fb8678f14824bc54e0029592b3311d3661dd63177d3bb6d623f5bc6e9e04c44f46d11e4f2b4fa20abf7763ac36f484cd4e9a8c67188e5307b9dab9c663ce372b59388d138bb0dea48c06cfb3c95a8dac17e484fce19cdc2bb86d000b6d0117e245425e94143c6566f3f993a79a84e7a0a40f4558986ebd8c936d333224d2d595ddbf3a9345d3bdbde017370208e8a4a8b3a2f0e703f9d41922df7e2b63b51471d57bf356ad871c5b5c79bcecd39a1cb1ccaf05930c85e5c93cb4206612d5e954972f4caec4e6fc789fd25848564faae773799c55e34ff57c6b7a7a614885ec8904b42a79ec95e1d6932e01e68842e4ce8f58b863c5b03348b18225ce0326aac43c0fa4534c6973a4e9f0b05ee28afa66474781c6dedf185c5d7d2cf3c745ac0896c2b95f9498247fac4eaf7c466531b3128bb671bbfb4bb3230552dd004ccd378aacc88755c5b6a385b73a16dccb63c881bbbe05ee3d1ace7e379931ea682cd96bd44efc8adbbb8c634f6e985775d0bfa7872732efd97b4ee7bb5d757353d128d3bb49f06a9aa5c5c971fb2952873a62eacea8579eb91fc01e6cc49569cb9055a058ca53151401fa3f6ab0aa562473b1f7db817265003ac057986d928f3f60b9fb18aafe4864ca49f2aaac2dcbd448072aa3e3d1a20dffe45cbd188ef817af7bd5746dcfc42ceca214c3c6d1e5db0b15516e8b25cb7f0298f7a53d3c1c113c9b8b97ceaad6a8cbb8f9615f5457b21a418f3d0872e18f904900c47be01835e809c2137ee739c0b9c8b21b1019aeff67c7d4ed060a9f0e4b66369bcbf77df1f36c66b5c68d5ce9497c705d653d73db1f7d521f893bb381797547ceb8bac28ca639f14bc8f8fd77dfb21c22c7e9c0ff70982eb402ab5e2b942c588a9447276e2450a79cfea35804b912191629995a5b422582892adce07e9d272c793fa0329fbccf107cb50e406abcace8f1f08d37937db52dff63fbe2428b4b50964065642d963824b82bdd1409972cd88a0def8a15d5b5ec37adcd318de58f80b701e9fbc2db25ef225b9ab34667c04979757a9e6a9e2d973811e29ae426ddf8abb243c213fe2d004cfc9a912b73755c8accbacc2c79aadd52fe573ca47d52c52413473a118aa8aee4bb0642add7f3fdfdd50d7356544f11132967f2beb2d1f9aec728a8ab4b47e2e5363579b0b3483b84aea844859eb950aca1a88c6c69af11297c4de7a2ca4899c33c6ad75f0d5b1f1f399617cf4ae7b7b5ab9d4cff055f00ba1dc4b336260a8c809506a33b6be6ca9e62d0b41c4cd865526f5228c3cfd40a72642d61169d038ab4fa782cfc8f35b7931303ece46ec0b6db4bbe2e12cba32e69e75f77428a7bdf145988fa79090547698a90d317b9bbed96be929d771f9111758c2b4575987e8bd4bfc91dfe07057b77d9f866bf65c3c506d188fc061d3f69357dca5ec031ca12875714e5d0e65e0e15cb59b862e08f6863a0802e4dfedd30de7bf83ef3bc6fcfe2c07cc86b4a05f20d574458d6cd7b37dd17b3b790ff7ef7f073a7949374a8cf44d4905f4e6c79ed4c4174b29de180ba9cce8e686c87c8b79ea74817e25ae6797df34bad288a02b308334e643e3606c90b6a999b7a114f8b77a04028616edc64763efc7cc4dce1fd6ac387441e22a44685d19b4b755f495b451dfe465df51314e1f2ba6a2363ea951a8e5c50b9310dc0d619096144e7f133c33e037f1ccc3cb3933889761a2ba8eb157d16bf04ef7ec4a7c2a70ed536a1ed2912a4c67165edb13e33612a22c2f2716d1f35a7bbfbb74015cd2eb82afca04e6c012683522f570957efbc8c74f5ad461dbf5d9ac8cc1725b9f05a7f8960391827808ed9d88d99110d08e712d9dd31e656c0d4a600d5f39d6ffc76ec2593c36279889abdaa8e98906562dcebe1fb3e4957ea5ce689906b1745095a688dbfa7bc8f7051c9a33ec61a4587ae48bb93627fe982d9abacbb0042d3868815b0baae0a7f40837b37637aaa4c77f6772ab7d35672a0a5adc4f2b365169432528f47de5039583e39a1f123b6fe5750b05f69a8a88113974ea2014d4905387b86e1202ccf6414621488189b4b5e78a06497ac3706e7f0f28f2c7dd0020e1636f0db446e1d31df7118aefda842747f088af833b4f37b67271f171b4207021a19a299256f76deae9ea944f964ba0dd5f70614564d6cf5cd6f7dd57fe1e99b7083b8173a9f38c6e49255ed8b2416a1b22fa44b342c358cd362805e9e757ab7a649324ec0bc38b13e679964863a11246485755ad04bcbcc23173e52d60c617ab3002275933ad7010c8e86ee65117561fc170653250f29b66c768582a7b178851cd127c862c2ff07bcb8102cd31d895f274074d6016ea29f6a73fa2a2db2cee574c0cc96580ad3da4af8afbc5522eb6494a34b7d8d438ff22a905f57ecde7badf0b38cac221dfaf20283f6e55583b334e529f0da9737ed0ee8ae7e93a24560efbcfe344b82ccdc0f93760f8869e5116eb3491afe2a0a344a439ae8e30f9cf390dfffc9175942e9c90ec7a15be808c65cebb8a0d8b1ee1eafd498de5ac2483df6f558d5b66805756633adb452629e47e1765cdec604005c7acb5400efb14e0a5a24dfbcd4c8e06934e370e5157a00b3a39111d953e560665b2038c6cf05de5819eef8c1638582e2f22541fca25c99591f6eeae3c2a282d788f70549e7025cda4d4ade44500dd49033fe43e8901df34a014747ce9d7714a089c9d4e39d7af57d5329a11f6dc48fc35c1673150c80bbdec906ac707877760f5472c19d836574f4c9798ed73c212a28edcb5d9c8c51ca235f8e7ba45d7b9b39ea0cbdb4a9eb84882d3f9bc373b230ec4376a8960b8cf461375789a260aade596c86484990a8232fb4c0b070ce88974b577051ff457919cc7bdd9ed39a434c9929a92d12dc55424c9b01db6a6adc81764cbb19b62b436216a766f0d1ff0f663bb451685a2cb086ea9bccb34297d9be74a166a6a1506c5e5fcd73b29b2448263e311f0176b24e9a0ee5554a7f48975cadf4ee3adcef05d9348c700a84103f175cec083e41433c5fa743207872ac600bd2909265f93e9a1d9b4f56ab8e2404762088b23f6f6a6a46cd0c1b4e8107a5e015589593bac4eaab5442d7880033fbce6cb271b974c33c6413e75858f9b50907c2aa9a1dc9c47bab54a44b63ee9e13defd36a5593926ee7bb47e25bf60daa34acd1fb28081a0bac77c8e692ccb3545526340e59ce8abca3496e686fc9e664925cd3e1a88c07124e535cbd239ff5a9fd44a7379529db5bdef2e9e5cc7816c1d581be9b2d47e0e2bba65572b3535e3ecaa4e52a785b27b2a873b5bbd495bd85a7ad2bb6750aaaa926b68b3bd2678e6a471aee2aa10121cb07cec5054a06c29572f0c6ff8f97fd9dcd5a2596ecccbad0c892b5e083dae0918d9e0a8a04d9b65205cb1e440e32822a2b735a83d36bea7c8df63f4e4d4f0ea32526bab38b4677d1e529cfe7a2c307bc85878a909c80a90fb596a3cf5a00fae3c722e9926b1e1495d08ad1277dc079ca42a61792292a12b96fafa329c6c935e5c952b80a540e02f1976615b990af01d2a145ec3f915d6ae9aabc974646aff72417a5e4b1fbb5003fb01825700372c36c812b8a41e075712d49712e19a9e4bdbf8692002f74822feeb5c3af905b5de9de2761d6bf1cb577d098bbe2be65f848209b64ce9d82057a4fecf9c8f2aec1a45e2b5095d25f66c5a6174844c79c6c3e3311c734f0ca9c428d4dcd2eba17d1c487da14f09c13c9a3ef5de1b69dfa116373dfbc62361a45850cded16f40fca7d78d84829f232b77873462468c68ef510322dbaa473d90445158ed06d1dbc9fba25bb1a9d4471ec7ea534eb96cadf201109b6e09815fb9643e51566b61a5ffe04f6a88483d0a9ef16bd02b332bd585c392d8354079ec9caa2a7b2a12477bfeffeead8a76cbcdf5e0e2e97c41c6ad5328748911495a4bdbad7be3375bab7946ff4e1f8185bd57feeeaf6c9c1ae0a370924ff6016c3f4ec06dc595f459e4988818ec493cd13d9b3252d812d201fa4cae4d915a7c2b09ac126ea655036915265ee23a7513a50a61b44ce452e1bcff859980c748384b4ec93301fe4e1459734e731c23f16249d1573071b993a43958a56b9a9f15933a17e350399b91a7a4149ee2068150917c233d2a32942374f69b57108c6c2bfd5046e893a95ee0e2149ed3af882412dc74272f8784eea480dad1c62ec98c05c0810346c9b601da59cd4301885613dd03d6e2e2651e611fb818b1e528e5d2a507f6da7c0235560ba61b38ebfea2690fa602659a1a4033d6d5f8198d5f16c3f56cf374d28802e326bbf8cb86163ec92d788ba8f3beabd369288f2257edc1da157fac9a57a08ed3f88bdeb868ad664e6968c58881421db5db9aa05770936072a55891ddccb6560c1f9336f3016dd5ff632e10ae57d06eaf5d03fa500cfcc15e87f540624957db0135782b95c986b4d5afd40febfe8fcc07b79322e6b03c2601b4e5896f2ab8fda3650f8016686abbf9f28b203a7d88257f7128a689ce7c4f71dea9a49f345ffc74a58077afe50a55dc92ab4249eeb7354dc71edb559288cb28bc9b47837f77d7c14daa2232ddb561352a09c10658d6c3f02fdb299be5f68ff96838e259bd9ba6c96019ba8a085d91f8dbdc1dffd92e8a109d28d0ea5eb4cdc5a0c88cff036e3074391551124f7ad1a99371f6d72bfdccd8c46dbef99967cbac1b2a8e2a21f8167c912d01583f8179ae2ab4d0659bf40a21d75faaacb33671d0c0aeb13de20a22bdf3400a6e074b654b406fde8e34d5750102eca6495dc93d58f16cc2462f4198a41459bd50ca27dd404cb86e98454b34905d8f92b5e1cd7982c16ff8784d798cf9479fb136f873a67f216f5afe5aa941f1e14e9dacfcce02d01fd096747438613d17f7b5c8f919c18016491717438abef945d365a3da3a38664feecb5c9deb99adfcac9c071fb1df66bb08521d812c4b9cc13d21f95c874fa7cf502bfb167fa98299d032e72250bb7b604f7dc13ff893acad981667ab03ab865317f4df299a49a7bebc680e29253a5030a9df960f685e6c232a4bb70f0dd73fe6b2bc71b5eefcde96cdc7afde8ff207331c6d95597bba82284228f983f67e642883bd9acc8159004fa85c1344f5d1674304734c43850335b6555ce45ce37319771f3c25005b37065136cd2ff35646f825a53ca2a37466f37d3d1a6a63c409720316eed9f7eacf5cf453a8c381ef89164b3b321032154237acaf5fdd08ef757960125df3d28cacd64c1047ca0093482bf6bcce29f2c8a0ef2a55d6ba3ccae11eee11895286741e0f58d99bacbf6f201df06a6587631e8163813d452c77eebd9da1826745b20661d1212c32eab2c37449ed5e94c537019d6e524990c4f1ca30aaa7a5698d90e1210e12800eb1b7253c6990895a3855150d4065c123f1c2200aebe8dec63b2c9f02ae127326c8e57ba80916a026b6f74e76ee2ac592a9f62c320dbe369c7f90d097e6a4267fc16fd567105f947eb163254e6f94b0d8c703890d285ef674f8f57d3ae42d832a8274cd38367c08579f14d8e62d8f1542faeb238fe1703eaf603c7d0aec5d6c9adece019affccf45c64ddce620b42e62fd4eec7b842ace7e26b73fdca827c559e1c6f5db8e43ea1d16c527d56e00b4658ba831226a044a33dc2f6a3803d6aa001cb876ce0533f331031f6a6f755862f9ea07e80b0ea248770ebe4066e3af13df0183d750e205b51e789eb585c29b592429435cecb18e2b55141abf72697c8fe60b8b51844bf41144a60d4d303722f60595df409648e39f9229d0a8537bf1f04bf6d44175a83210e71aafe8c7b2635177b5f8c2d3e8aa490014d2d411b52f354f1ef84cc0a690c4a4677914d17b566a890698ece6c02d8bd922bb2a2047878f6b1f42eee8201ea809c76c0508516af0a41d1516a0597ab1462582faa03e3c143a512ad682249fb48d89d41890008573c1a9d5ee896518320daae6b9b2317293b475de81dceef902043ff8a05df54e87d5e369ececb7f49a48e90d3f434a2d621c3228b2e50986532785353c07f3a727ff566d4e0d17ca277844f64bd26cf7cf6e149bd0e4a83252d07a44c5d41d1bacfd4639ca525376bf8af15fc89a8fe2a26294cbdd5d4a3d67f9ff2da2b761ff3ee394913a6e457322a96db579949c3265ef846dbc7ff767f340270ba63c62cb04897a1121c8ecb45aa5fff33eef9c5dd609712c89e957d26b14734e218ca08fea8d1b0ceeb39501cc3329ecddc26e5fbc306aacf88ceb2a0af221f603d7af3f918ea20abff1e5a77769bfb4c8b2e513e17dec474636f30958147dc1944fa92513935047cd09a8082abf8d0bcfc94632582670b0ca4f6107208bf09be8a3e722beee8f8bd08a3d7e56ab1a1cc44774488c99deb623a30980fb749f7218c4f2bfbbb3be031ab643506863227672adb8e0d3bae58fde37ddb593845d72b27ae96cdb491a051b2cc99933d05e32f523987eae35c1cf268db82ffdc96e9ea99778cebbf07d451b0138451c6fab9a929fbb5c2e31e73274d7d748d6447b92bd8292cccc5205c53a035c539320203bf68133fa465af4a86e6a1524c59d4923e0421449ea4eb87979c357c64306bc1e2d309744047fe83f6c83c740536a8cbdd2155865ebd6b5ec2adeadc7ed87134d91ddda3de09fbf18d7c036066ccc13efabb357c92b7e330bb64b8cf4ec4298fc52b967ddcf661f537215e93dedec8ee797a0d289f0e125eb5c5ef51f66dd5dbd4eb98d35ac5263e6db167aedea21987733fb5007622fb2964850583da723721da3c506d30b55976ea5239951cfe6143bfe81fd0576d0d36ab7df3eb7304531fa32b880dbab45cfa6d3a6ce7d8e532dc37225bdd23325b1abbee77c6d721827c4a243abde4193371f697a8180b20f6c028be61c3584e091eeb56d13720cd07cd336200ebaeb109571dc42c9062821072e5c7fc5bbd2ebc798a3b4052185729f8d2478e689faa18571e2fe40290e30e45ce781db53c5430b24ccf3cf8f3afcbdf76114791543bfcecbe03b0c60bb26ccf8531cd1d4e309548c7de2d5c187ab6c3c94f8a1481d8bb3bb5e4bd499d9c386d4e28bf14b639a6070e0d041df58a9bb24e17451920d0f18c0ae5e6fe58a23d37e4a9e43dcfdfefb9f7ee90ae769e75aebc3b4d64046020a09c83ec7d9e308b723ffaca3c2993b406d81f96c9a22464af86b8900fc2816a481df95ea1a79b2f3aecf5c86e9e5e9113f24ee89e95d2b7df00b0f8a6d5d479c83daf138e0776948ce322b2a93276a3e27b034ac11574773fc5bd2ca48150b0c2c1b97af7d5de7b6df9797d7c6ff9dca7fdf30b36e2e216e0b66167b1ffcf68f67ee984833e232063a9e0b5cd16e505d97e0736ee6945f5630f8d9aa909c86901f4746f1b7971b052459254c2f7817e82bce58f4b5634c277ebf8836391b73bc081dbc4edb249a43f0e1d215fde7995df8031a7b6e770f81296da3ce5e0487f80478a75d3cac38ed53e0a3b1a08eee39fdfb45a856865f1a0391c5975dbbe0f4742107558cd2ac7893d8a4153fdce9719d5bc08e9c23b7b97572f05d7d14c471c088755363ad5350ee1dc9b645577dc727ce60a470175841bdbae67b9a1eae2869a3651bf6794135601acbca758278f521be5301eb78f3472dde89b94ac23b44861454231b9868cbc131c94db461d2e8f23d8d2b1cf6b418c4d9ac476ddf9c50905ef047e90f5a00a7a753f3022ae8bcc68ac383011c8b989321de81fd801960f966ee2939ae0143f360b2c27ee3609eecadbeeb288d19f6f540213326d90750487e810a3261fc60f291e068d19e3233b76b7ed986d3145e90f56a5f19abda1af846040f2763cd2406fbbb6adf3902ac751ce6f6b6c4f3f59739ee2aaf0daf332e047c6188b1351c9ff710b34475057bcecf062bbb4b32ed6783b649e18617c7f0f2515be5e9e86a31f352e132aa8807bd1580c99f2a00f58ecfa8b4a2f9ff2a2ab9e8d8ab9409c6e22973d4b0230b47557e61b7885a36e3448375e4006d6f8a3c4a087429d0fdfe1e8baccf60653692eed26112f4c91fb34c967bb7343bc7ac8defa974f212c2f5c6047a268cb5cf82f438ceb6265bbc5030548b1581ba8a02163527b752b9d0fcbf696a491f09779db727d7125bcf5c17f529070341b47a3dddd10d14c728df36be2e999ff4246510d0ea5d8da41ba6cb6a6693b95eabf5a486f7777ad8575cdba9d0445be329b1fc2fa8dd972044f9afb1cef08519fefbb92c890f6c42ce35b79074aec753e974919375b77a391fbaf562aae34c9ba1ccc8d8755bc92539f69a063de7de7f701fd61d4d59207b0c9a2b65a2973910ced96b591afc1b99937b279f5462922726c6ab48d83bf085001902f38c260ba2dbc30e35d5af8d26fd4532ddb44fd355444dc79ccd9acbae57304f33832731635e5c7a5eb08bff67edc33cc4988163f545daa26f4a800606e2c58b3464502c0d9faf492ec994623e0013f05cacc53fe782cd1677dbdc46b62c4f32f04ca4ba130ae52d0d5385978db2acc35f66ef84d5fc9889ae03b101a923f0f6792d766456860a6af939a25584b6fbb3d3b0933ead9e135a5d3690fd470a573d29588fe026eceb5038c3b8bd984b5460a1509dc4bcf16a7ca5e7dea3e3243b16c91d7b71eb8aee1300174b025da4240e7918700172aa5792d1a246b8e37ef5fc5d3755020e114c9e4d68cfcca10b97115ee2233e82f0c30f1de8848eba52e0908dd8b22ffa9cbd4fd62a15d6c0227451d8cd5d3de1eaf481517980c0fc03c5f45136871623786f5ad670df3f3361627a00cedf2d2cfc881d5699d57d868eab2b0eb179f1618c1b5bfbcc78267efd169cfe26127a20f9956d8fa6e6d27afbc77ef5e4d163c3f28614ada146c6a89532ddf2fcfa566037b3995c73adb725381863f10825857439b15a2425cc2110aa479658858daf5ffc7adc71740873cdf9724c04c9b17fbb99d0c834f53728a322ee663fa713d98f5c5ca95b047c813c2d453acad4007a184b9b03fd57e9386d571b4f62d973e606d292410e248d7c056ca7dca8cd619d4341704cfd375cfe055ff37c3e1c2b6b22202b63e4d0fddb58e212a69098f5130f82afc36aae187e26c84aa444c5dd352dab4a362225cdd84b1e8df781230f6e545e9099ce4e85a767b508ecbafaf3ee1454fcd2ed68b5afe64dd6fdea6db87ca41f7f877cf935b70cf4374bf2681fc54019ca1c2be36df573c460220a91b72aa699604b2c93d73038903c47de84d4ac40b8dec1a9e2f26503013205ac3e69eaebe68fee33ed3574ce45e6bb7dfb16a8534ca3c78c734743aaf3036121d698975a4a2d9334f7e1e5aec98092ca929e39cce85220ce5ee22146c9561684edeecb5d3cc8f05ceba2dae542730c544743c6bbed0d4a9efda7a3d55b11a638a738ea855a60dad2e26d5efef29b1863ce0de0152c60980fdb285855c2ac3d7647b83e3262aef253c6f392247b784a5bc384d966a90fb31dd07d95d9c3cf8aad97581e8ebc6d22d6f9c19e0937a4a000f80cf15e7fbb5aee55be295d534bac7c6b82bc7f0809b1c0a9d74e663c473b9c8b7619dd5dfed8797fa834641dfaff6ce17f971bff3c72d25521c4e2ebb3e36fce6bd9ab44e82b9b223e6761f0ecb2d8e8dcb94faa4bd6d1e29b5f722987d3a975aae42814c9e146828296cf23698f3fefcd5378741e95d09284d9f9a20fc91a349949fdf5d487fc2ffc1539b2daf90f10aa31930aaefc5f640e51118b14354d7485514834a0e0ad5de70689768d2016f444f87930cfc74a089a853d4ae3d8229e7e6da7c6344f18f0c525cbfe1fe474c7bf0eac1bd5236ebf1ac95cb90c799505b6334e3a35e88d188336ee168c1cc96e0d0c1cc5b091b4fd67ac84cbeba3f62298408f5f97c1b932e0497530e9d466af50302510c3b137474e1c0feb39bcbee52609d65c9cad914156f54feaaefe4a9299157e247de27ffc6c472fff2cb41e76287df3d196debe5d2cec8330eb4fd25f472732b5268ab6643ded8b17d6333836e16606e485947d27b46b8a772b402fc9f59e33c6feb44001cefe78d08273d9e2b22299176e9ede6504145e486f18d57edd5d1fd4f56ceea043055d25933cb6005c88d2a8a080d9c3cee414915b18fbab228baf2c88def36c6333de0f7b339cbf3c5aad0eb914d41cd1d12c863c6eca379a5f1e64e81a7e5cbdc9cd5e5360265a768e70d0cea9c25eac7df4e00739580df0102c56fda32e1f761b6608b90bc6ec5d9db98772fc7d6ccf89bed9e8dbdc113eff38b0a4f549703105cc4db39baeb965e632a1077cb4ecd76ab4dd91416306cb7eb42f851050451a4840876a350e819f2c869443511a0a7c23b0b0aec028f8e328b2688a77b7ce3f212d46f3647a176a7898690d49fac138456dc9c94738c7b120bda8f4bfd07f35b35e0716306ea25601aab7b4b2971f4999bd9771e3aafc5c267fc7cf44f4b6c09f3d02767e8ae32d34bb481469df86f0ccabb8e88850dfec9b6ab44defc0bb63f9c2d7f8b6744ba7e31d1bd78663ba27d0b86d94656e91d1aaff7ec6130460faa0fa3830f8ef50c495fb0c2f80b6b100f7b5e27a4e24e0b4cfb4469f34269cf873c3e430ba42d5406c9d7586c34fa194ed8006425f95a9cb5feae56cab07d8ec0d6f544230130764bb70a1f4b8db8e0e2d88f57c166ad01761b42a4cc623433f7abdd352b31d173b351b69ceb0d862a8aa2923c69349c39eea0f3039f8d6dcc9762ca1131bec616dcb523b4d1204c42598bbd2c10f735d039ab515f1e734e36c3a87c35da2bd9a6d22eeda3f21a7692caa62d6569b679fac183fa392880c037325e1fbbe3dbfde4425fd2d91566f991defd14f692d0baa1da44fec7148583f896f9b074c765e7e48d2ba31a0f56522c7b50088f7c5e329b8357105b2856c32c95533c4b92f327a522b53ab0cfdb564c6ccde3920d69e78fdda344e9308227920c91827dbf5c8a129388f694788b118ba7cc998929c0fdc0d9eaf513a1013f36a270c8328bb0c50666092e0aecf55ab463984c934c987218ec4ee62b46dce71f4865780183492523b2b0c51e50cc70188343cf4ae2b5e9491243e74d64029470be5c829d8bcacde83048bc33348c51d7c3d26c606dae03565235900eb3b57f267ae03426eee266707aa72e0c3ab820697afa391d2ef644495a724505ba18559e11209ed177d574051a8235fe988a788c13f688ec7fb3d1bfdf3959df4baac31aeaa5412350e765705eedb0f3bfccc8b4050bce2239513679f60209221fe0ff544cfd3a9469268d3c9e740cac8f9ef55dd34b6f0cee6fd0371479ae5e98ac597067421747770a16b158831bcff813d1d835c83eb473b0d33c5c038ab7ebe6cf1aaaf35be08c017b30a3f323077d3977d03056ae3330ebfb5bd8fbe03a66e49d5a305f1ec5bdeae128ecafeeede33bba7703fffbf138155a3c0f59384cafad0c19d957247cac2eb291743a8ce78f0cab7aa9ddda8b27e89bb46f2894b78c3244056a2843fb9a214bef565a2516f86b207baa48417ec782f7844686a779bf430a3f321150acb2e63970eddf56e4bea101fb2cfc66ddeb9e9040cff00762ca440947c95d5f7314dfc05fbadcbfd128a741de18bf7cef233eabc4a7d5a071f09631712e935def5cbe9cca2e179c4b617bd44f3d3f9f0c5f0d276cea1f2b874a05152c290aa4b42a54c66f6f2b263afb1cbee4b900ba3f47eba7cb30a1ae9d898bcbee386f01f0634a5d63a92bd749ef70eb858f01d162fbbe1aab3f4f937039e653246e7f37e27dba1d60060a5f021f322fd01ecaa9903a59a32ba5e6299c0a49ed6548eff1782e8c0b9cd1ffdfb91c9825d0fca2cdee5776222f1d98769ffab9ed3e019de37bbd2f05cc8e0c2af05d076a3af0742b824ab53aed51033ea90f96f19760a4917efe55b9abd7cc037ae142e7eca7cc5c5cdd4dec9eea4523e9ee1b443e3c135eb636b946ae6242b07fe5b37514b0c4320e210d6b116595f041e3edec2b21ce6521563902dfb301c2f2003b80ac1aac6bca3a89e4ce7ec8e56d9f81af36ba8db7b631b9d848e716e90c25197217976d9bc5257dfdb078b67b69143b6256f1ca7508de87498b5140822541db7dac29192beb3c6498cfb1a9585792d8bf1d80eded8ee9b8c776c013d47547788739c62f49660b892186479622605bcab3077dd9ee734d23bf8bf03a1241d11d121487bacc2bf6ed863a13b14d61763b3fad4eff89b5dcff9250f97cd84e0eebf17838313a4e90f24dfb66af20643d9f02e897c889c9d52d65e697f483a27c491c9441e699e039cb1ad631d87170e2fb7f8ea4de77a8d3be7076435e3d6a3f948576916ea62285fabc2f45d5553c30a96390821dd47682d367605cab38f2669fe3e2d1906f8e97b68a158a14c9c6daa983d9314683d3ae853395c7f14dcb6647918de0fed16c9dc05d2b7c759517fe79966494a38db5b0b9823ff615a039c3aa2a3661662fc4a1b08c4464bca279c9a52b20cf5ee378673d3b24c3f988f73c9a7b0de22ab5e18b86e2ee22a779ae98b25232d5a56f4f049266149dafdb36dbe0f3f2add6678e1d6ab9b3c15257b2975fea98aae33d1c7cc38aeccd49269e4db7ff85caa6b1785782afbc2d79ee5d4d3f9898f721bd373aa7dc73df5145019f0a0c9de26fffc9d5e309718c88e8ac335783df235181a78d91fd34608ad30800c3897e64f34ad3688afb675535fc0ad1629d91e6dfe37956a2adc0b7729acf7a975d0ecf5e25bbeed35f3a36d8a831015e8f4ba936e53330fcf9cd4b1ddf5553e90a7355078f96cee33fc41e80bb9d857bfdffdbbe3bd2a0a54d4fe27cb7d3d312b79bbb06111a502c92d032898ed8177f1996155e4b5ebd6fbba3177f721ee381083b1c0a84eea7548d5def7177d3fc418761412a132f178166904bfc7c707833d4b296acf3fa012634ebb6582a7f1cfdabff6486d09bcacae2e53a171ed698f022e5c906cd41d230df880d41c639e1811923f9c0261e0321dbea44ab67d752c5b7652203fb4e40cd7c7395a9e970c0be802571c3594bdc5b6eca1d1091d573a53f48bf768e03f895c0db9728117fbadd09e4abbf97000774a1897708ce0b1f9e5b497fb3ae668576be46a2157c97340c028193d4893df9e704827385740615b09f60b0d960892395e228d8088288cfb37fa3d25c8fd8effdfcb154f5465c1061a450b7a941d96cf17a2eef4d083296d8db3fd5a2967afb304a44c9a4765b8bad00b21d6d6511f6eec991eb1c4371a7eb834cd228c28dfa8bbfcdc2417cc09b5610eb198aa86ea076c679a2d089be8b6bf2334d07b3bfa2b93ffe968ea6c44965c1e6d6aa7c83b6d4497e74c665b50d93f59437e82791754ecb73f86d3e359c2b9d340b19791e16d1103e2af1d86a0b873615a1aa8023b2a3c38cc4281353ab6b903085789daf7f2e2bf8eebc1dddd79e617cb13ce6b85778472e537e0e6af4ffe4801c7f26b8af2e9d5f3f826333c4a5eba2d2b6550f9c02141856fad9c058761d0a36ec6549271b60de5ba4cf12dd1abe339fe36b0346d298558c12d7436768fc94d88449fe6bcaedbacf780b68c0fc63b1268797814e5e3b32ede5d40e70da767724f0eb6e65b6f59ab2371476cd0d8d1c0aec859a857695a9f01106beb8bc1402d61e999fa02e964b1983ce1ced22343a6ccfbfa1504de77403f1867e5f2a98d2fc4c98273dbb6a970797a9117452354e1bcb30d3d7e848ddbda0b9c969c3c988a38a4a8b006939aafd736a39e732a2f4352cf061ee02b71c9ad4fe557c07718f9667f67ade6149a661d5e02096d1da892c83c6a08131e67a01f78c269c2e3a6d6bc88402a65a3ae144a3e1728b7d43bbac58817c75b5e9a0fadb8860107f5f1365c00fe2c37944e06b287860e469a87b62a3be97837578a8ded268ee77e537cd8ebd0cb1481b4ee36b18da855164f8209c5cc048a34f83b2fc534774c709e05bd9b24f670281e148c032ea1b10b680afc60304e0db7fc9005d28c1415c5c2597fec8a8a376bbb3589d3f842c5d75195ed3921aedc26878682d25953e61cb063dd1e4d31c1f7ed4acea3214dcd8f890481f8ec47cd67bdc3f69521e34685f866f335a438e438a0824718638d9d9428d9260447cd18c2893696f3188ec4ec4b3222665e5e519d83647cbbe1d2f2bfdcd33816b8097edef7aa6d75292832d7ad97088d4de9d2c531241df078522900613b2f390fdcd99af1a180fef8f79eb89d413b76cf523cdf33520d68913ea2c93c45bdf44cf225366476eff73edafa8022f466c84e1fdfeb4976b8efbcb844b4c0e32aa809c6d11e1bbfd4b7437726bce734fbbca70eade1ca2cb75c6097dfb05885ba4c253d798b4ddb44f579f1027797917707ea141809f3b2c24ce9c3cf78ae341cc459dcbe7fb36dc98e5cfb2c2e443898331d88d288e5ab33d83316e4d6752769b463b60e833e177866fa843676ae318222ec53baee24a5fa3f5c70eff5a69f3ef5c173c749f502e29a863228a03ad49afa84a7bad6b818d732d8a69752eb2d21f13bf4e35749a814d7794379e0c8cb1c4b4c83ee9f4c4ee26ada9d114df5adbd67a24bd25d42ddb8e6b21c820786b6a3e836c8e11880096c88a76e6b3465b2d61fb111456da58dcbccf7b19b300c88db34699a9ca265599305c22a780e0e1bed18fec6aa777cbd0e9969533401615f79cacfe402f11629b80171a0fb8a59135ce072b263f4b1f743a2f93126ccb16103c733ad014b65d0acbfa88e4af353fee85560e8d56ff47556ba29a9864b65d60bbdb215f5c2342844e2f486529764cfab05a9565c2dfc07a43b546fc4a03f9640a166ac40e3758eb4841f7728a561e1eba6347867bd07c78f06683d2d2e0509e2530289fefa834d66c050df98cf6b0f111f7500652ca14cab4a41fa2d18f1c664626ba70f874a8365ea64d1e1e8a257a1d313a6b652cf6db617dcd22d74378159ef1ce25258c76e1e676aad0722a01e30db706e67788d558e44bd0fb600b177d88096f96dacfd78b5851f83a650755ae53546af12aafd81c889f5fec3cf6db0f685451b75cfff47499bcfba9b9d5f7fafee470ec24431d572c8f1a821349c25b84863f5ce28c7a85882ed2bc55f8de4e5abcecdfbc41f9e80a83a072d01418a2a544f718ec3d4f6332d1bb2aebb00c6ca66b9999e6bd2bc490523859f0db1dea63779b9f1f84d52cbf3e7dcede8214080c6b54916f512426bc9447266897ad4078118867e0d6746cd99378ff539066b246ecd123bcb3597c4acc172ea13c1e260468fe12b1696ba737e1984e9b593f774c3db1696be6964319b9f9388707bae3ee0858528e3658741dc271e80974045f3ccdcf5c271fa4458e81023f42761c5eb37375dea4e4d4d8b1de0b4724631cb35b0043e7ac67c4edf767115670eaf50370af4cd2637de6c760e5750b8bda3c5351c16a9a5ebc02e2ea24cd10e9fe31deaf0e250d869f933642bcb9da2dd7ae6d92e3c3242c2ca4908bb60f19d68897616973b67dd1f1b037c460f7181782191858f2003a4146daa41901058972d7baf5088dd5f89f294ddf5d0b6af191f36df14250213469c2735942e825ae6d36406817d2ec872e739cc1cb9f0bee817e95e37bb38c24b9bab958654afa1a38dc4c3155c37d1310f014a5860de0637d0a48d23331bf8afc9f5cef164c130ca4a472b360b92d4552f083d6ffc381f8b033bcc0550c42ea706ca15026f0d4171c06e6e3ed636e2d7cfa928566e8a20e6ffc1e97f63ddd7dacea305069160b751bfe5a8ad6ba113c9add2b995c04ec7e45e1705072d1a554a5ead50980fc7dc0443a2f51f64bb73fa10f183be1e8c4368441ddb9cc5c47845c02ab67194a7f27a109036ef7c44c33ea236f799350705cf63fa5a8ed6d8075b8d483c41a589c4ef7efb716cf495f839a1f22ae433f35d4c5abbe7bbcec3a78ad021babf3e0b9ff84130557125622e93b0795670617a426fa536430d1dc22c79ef99b0474f5fc4a7812efe5c9e2e9f1a23edfed2340ce460b118525836600127c410d977d7f2e9a89a6b571289479ee50ec969a026d8054077f783ac7038fc45f1d7972c01d4ff6811fb44dbad8a5de90b39b8a8c055e25ba81b4839725ae5f33875d468fa381a5866ebfa41f21cf2bcd32c0a3e171ca4cd5ee36fda6a7de9f0c630430e796fcae444eddb481d8c61f7c1c1a6b6b6df269eb1c69ddb5d6e2c4bde345e22546ca393c69f48b4d52019f1cd025393fb97d193b53654aa6bf784c660040145a5d5da90092751a9294b526d087323a04313b76cbe6447ab73707f48abe7628a2d8e2b0a5de8dc8e7d4baf10cf6fb714170a8d0e808f9b00d1e3796967ea69bbf899bb84605751b423872250ad5e61d00a19a6ec5dee341b83f0a0b268d33db256cc4f5ed4c167fe2d1dd45afc2609433de1e3785a3320ee1652bc1a553fde8f73da96ace4c55e5d140bc4211918ed8694dcc5d974ff47276c8c157260e9099cb8042fc9f9a258a6a107023ad1f91a1c9d4e54668ea48b3d283b141db2e76e2cd4f4f609d47125519bb969771a27a129b0189caae828e9e8a63295dd30ef3ae37ba1577c473d030e100738beb0de7e6aa5e52e7f968c8bfc4709adfad10b5d2901740c54625168f306997e9ff6a4dd6b3089030fea08c28cf13a58a35e43883a9feaa5b6552041142f20a916a2b4bb0c0892a4ccf1a8707b3bd537b359cd86f831c655102f69601746ba8a29cd9a089cc3796df03360f77c6727dfe70cf7bd1ee97bd070a1b8ff7798ba8dc2e1ca6f09c1ac987da350d1929136cd346b5347b4aa00aa08b1707ffd7ed550b167233ae883db4791025d4d3f0893cae53d0ee29569290f29b0f73b691f05895c9a2c40357ea89b2fdebe78c41e14f014919d17cbe67b0fe6fa854d65c7a2fa0804dd88d8638caa595e49d2bcb1eb6bb45aa447c4f6ff29d308b7785fa01213a796bf7f61237c38b7d6fa76cb760315659cb37e2c88a9cfa7d48353a5e160709aa599f17ab5076cf9010a1aff139e7d908e73c96c1eeda61568730981f77f749455f6d4efa787d9fd40630cae5ce4d302f7cb502afb8a092b1a0447db8c42d95be45ad25ca5db36cd0f24768173e21b968e7f38503c70bfe56101b8152b3e1a32d922a58fe48f8fa01802d578ffce70178b29fcd877d58d2062a166933fc33d52c611c44d98beefc7a2ddfab7b17a455cabf8acab61554a4c1e649c4d228fea931d30314849cb63eea6684d5410dc66d24fa96739949aa615777b13a0849df0f9b95023bfb065c29379f515d4eb24965f0da79ebfa7af2b3852ee22611953769bc08b0df17def102abf69d9e9d2ab0854760e6ee324c6d35d804f0069d65636227f3004c20e2b74a1666b877e0701f933590c14a0693251fb7588d16d011de7e13d98b07a9c3dbd976eadfe98560163ac84c3ef157e1133da18632e23d72f5b1fc5dc42ef8ca4e067e6c9bd56a635ba2884c97a074fd7e5d32a98c6ac2563323e1d7b40da5cc1f7a66385ef4badc4fb28ea729d6a406b13db81f59251659084f059081828fbc0a287f21a7481d8dbacdb4cd8714741779ce7f0b10d23bffed168fe6f15298797240be1ab25efd139f8f6663e275121659798aa25963f01fb9366b0eea86b68b02f48c74ddfd8f7d326a5bcdd419a78d76dc27507ab0aa42971abb2fb8f1b7ee7c53d3eb6f3f75dff4e2a60e78a071b3ae205b0dcb34ab4e11e85d253a627fb40b8f410d515fd63ddfc55c529e5871a4988f6b1478222f54769ccbe8ee2f3b735fa774ab209ee535a968e7f5c73ae0b5de7c384522f475b368931a1de116e131524187a370437e4e985e649552e94e0ccb30019d34ca702e76b81099518b0415547f11343fb2be1233678bcf7d349560ff71b11f5ea8eef27435e40088394228db93f8063dea3693be95fa1569f3b3c91b8b67f0b77d4a7523cf67d842d97ff491ac1842f40f10eacde168aec22d2d14732daa332ab4a4c30248538e83dd7afd1ee5d712876feaf7825829e2e7eedfa51679ab1d7c340f9d40420378b49fc3fc42f72a9a0ef50bf647469bdcf7149a89c14818c0ea9b5fee05682c065ca8a9032bb556e10a0a2e7d508f1d60276b6a8186759960374cfed62f261cbbe8b3e4cf488116b5b194add0074a593366f9f4c8ab554393017f7dbcff227adc4f71578342e2d84814a1c949f6d51703ab19ba4460a1548b29a5b52b5214a1bed29e9cc43e8b0590aa3070424a755fbeff2c6ce21c722042d196d7192681845c6f898923b56e5f3a7370eaa6dde6d978e89f788d512a80fc498c33ff338ec7f0c3c600de2bb10c1afe00f096a9ae8df2b5e49cab7828c8b23e925e8b46f8ae63e024d51c5cce6b972e070373aad3419669fce258a3be7b3bbeee648a0c7caae41e311b3c35e9ef47e6f51a2b0b45b79184036202833bae17de9fa268f2d07fd834ca9e29dd8238d7f240e5151bec9272cb89f5ad14f396cedd56a27196be549b600a67e76ca241ba35ec31bff7a3eadfaeab06d2db530a0902a39e97b04a46c2b82a403d955e9d64080cb8010b54d350db79d3f32b95068a570ea03232c72c60631d150f317724b11b487dc910d98e2cb9460ddd235a8dc716278e888689c0d5f78ab3b58c904794b17c4bb64d3d6f28dac34b8a9ee8a1dc6f6bfd1c2e413e4b24ccd3543f6eb8e1b962cf0657bead354f86f08fb83acf0f2d15cdb76cebfbe9efddee249045cc81f0360110d2c9c77265cacf1808e1c01c426620d8e9353ff01078bb31d4e49983b38764b57ede033442be57fe2e7eddbafccba9c67435feef3aa6476bb9f59c22a7186659791f24ea5aa27ff0350e301a756fec499d85eb9faf9d2958ce235df8b54424db8c8810ade07463ac58e83777dbdc7ce96afd955448d643f2d5f351ce8cf7e17db47b09b29b6646db4334883c7dead3bc7d0ee01dcae538c3d49b1714f3c113d06102aef49d645173306c4f207ec6eac2475bc8fa26926eaab8daa466e6c34ab10668fa741b86b382e92b2214397f748cd625ba2b58e697d0180c69fda71d034cc0670d4abb988426bd872fd41b642ecbfb6be68dfa4f340707a6b6409871faa6e3067219f101d3cb77ddfff917e482730104661cceb733c1c8990e16b5508a890bb1f9e8d2487295eee1701bcac5abc493de597d5d9cba5cd5af580949919869f4f652c32fabbfa516fd7e11158d2757bcdf0f755df173d3f8a550f91664ee1fbfd1fe2e59ae2715ff9aeea4f6e5041aa73aea79be007519d9e80f3fc68f329869d7f478fe0119f2111f54df2cf7b560fb1b47165ffc1965e7dd6029239480e32644b2ecb71bc60cd876c2f4502d6755a8e00ad50499b3ee99c68d6b79db08bcbe71bd7d43beac5e3096a2c6a472c0df4bce2087fe04ae6fc39eff4ea505292100fa2e449a20358a447dac2e932e04d7d18ffdbd3f64116e120f3aae0392e635702f6ab8282c7bedeee6904bc2880bd57531f848c8fa136e125585af4a7a7f206ae99a126a67330b01e99d67b16e0f0f06f556418d3eac6405285a817d12e9bdfb52a22c5ac98113ad444fb10eb86b16e569e669c48ca0b5c0bfb29649733d2d9b3f5ba6eaa3a947e97d87b88b38004929dc94e88cf4dcb922d31a3bb9f5171d85a0a03cc4c51d0a2ce10fea4c1355bb710ada6ec0f114a7ae79abb77a8d803580e881fa5dc53ae7b249f15c9793c8777340aed9472dcb69a74187f2b1c63f9ba776ee670eedb92f052f1e90992332cd3d3da29b248ecc997d73887e3ff12e12feb5b1939f61c73c0709582ba97883728722837edd1db6f102788d29df604047d15a1852a5dd7fc7c74f30d392c0a8534255713cca7653257ce25fdeced943975bb6ba8593235be0f4f199d174f7843c720ccc6baf0215e17be990c8d2c9236224392020c2760c7d5610f539f02f2d083e892d69f78c18e755a0f356d6c90a8306674d83c32907c66a654183ed03d261ae20ddc26354f38aa3bdf0760380fc09bd7f12b225901dcc213c71318e05bbebd80f524cf5061ec623cf5bc895b4a6077976a7ddfb9c0cd3fa783259354b6a2d9f284552ed221b78d0b55e8eae65c02003e58fb60c50bff4d44d5bbf786a3f5cbd49c3cc914fc3c602d082d7557c3f7ab7ace38536e001bcf52eb0ef80154322b310e2ea795fe7333d0ba333dc1a7a853d0b9825e34ff5cc055917311b257cf36bf141a2decab2f2adcb50466bd0432e09ff47d854ff60e1443cc6d6dacc027bc112c705ab3b6d6c3de3ef5ce27d4d129fdb066237160be102dc61a8690c459a52b319c974404180caf42f8620ff20f9681d46a8953f4291f3de9ff279d00cb82789f9f3390a83d0f9d38050aec674c5c92bff62cf37d43b50905fbfac7db15ec9b8771850627e1f9e770c312d2138fe017e607b8c1642c6193e31f193b69ffac55c595da60862d4d14c2cfe9a6558b3398ed59bc10b4a1822dd6fb02884f6d44ccefd2acae2137921c5c0e61af9b6845095b45d27820b326e1306ee3ae43d05624e3e2bb39362187700f383b59c51594cb7ae9af7a6e004d2ae29e9ed089968a55efcaa2f352623448f5c54666a6b57111956291dcd7f5a4d181bca27e3145020dc777335c526de9ec2d3451247e2f3f3002408fb776a822a58c313e8616d49869e70d2e7926ab78c4f2c95e286db19b74770a15064005f43ccac5d10198033f1a16ef1b73e2323c65e432e36d88f691fe0099039c3205c2a7fe4765f0144c40af1e3f1de0bfd3acab42a72ecac8dc39a281f1c19b64c8c71eb8535c29c8f8b60a4aaad677de1e20a0f21a524e0bb3e1e91926c4021f3070eb5de9d98a8df57c41452f66e5ce73d7900307c01ee5e45201abbbf8f49bfeafe78720bb61856e7752389ff5d32b760488343be6f700a1c9e55fd535ec4584387630c08a2a48f89f1e7efab7c9de516fa1771def7e4dbac84f8db1de0015aafbd1f2d74e64e65fe58fc43a361506a9bfb35a6607f5f048725d29fea8da8020b88bc8529c84ff573342a457d596608827ce0d22cbdd88e65c8b0e9f1af38102c17ddc05f9cd6d6ddcc84cc182ea2407621ce08ee5421e74da75fed5eb0c36720ac7bf257418746f2b2c0c9be338ce9c921f610c33f0e07782f4ff6f79986d5c223f8c36bc2c78c90a562098454679df99a70d00195f6aa67023b00fa611d4d09cabe9af0010edd6aab27dc4e4815c7fa245ce20afc7c0c329fbff440a19da43f0dffb49304d7f0aa4fd67445d6fd53e718673c8e07ac8724beb5f214db7bd5a1d273317a276b9fa82d64d697f1e2bdc57b3f86870238d1acdf737fc5e193aa4e9cf05b4e7dec0b653f5cf72df2037517e99d42a6a679d36aea470b4ae2a2f97fef10c28943ea9861b09ba728bb660b6bbe5b2f052c88b744bf24caaae05561feb1a5735f213b9bd71892f0188050dd475e72c9740ae547d17dba345b4fafa7aa952bd9e0639a2d3566ee4e9ad19515d523d2e4f36d26ff1e7ef1b609eb3b126823314ba667be6d09e7c435b4d6e68e5a8f1345e55f2a71d50b8b8b105b87c9be2458431d77b36ccd6f89235c8512d571b4dbebf47d47a90638207314b6b00686d4427b56330750f0121d400e9d590df382d206d0d812187260693fd726374ab708767b3ff731a9774e56647d00e850b4e31e47f422588d47691d26fae2c91a9cec647376c3061b1a41f12ad3ea960b18424e474d5462a6b43b3b083d7b8eb3cd3e3fb8ad176138ee32c53af44e90cf24ac6d1b3f3a0fc446c2b2d7211c2136b646c59ef7a8ac5a4faf92f201651879cab5905e6c5ad9b39ee8b357259ac5051ca342f48cb3b5f641e6cd4b740095645d8343e36752b1b57a0f6e303a6a7cf32fc24a3870bc0e3897e96712d82a1225701f8be67aac7299b091e2048947f23a93c985b761fb16454f89dd5cc893f1fa3aa7bd95015c9da68d57bcc35ea31bf25d69551683c6931093b2aadd0f37ed90f5db71e132977c538ad5582e61977ad622e5c8ee03e33fe643aab4bb32af9740f039e5fcac771780e6b2b245be54f17cfe37e425c0de47acc34e25519300a8afff1f835d63680fd56064190b99b6b0c723e7411d0b183ec38d0aae036bab9785586d3d50a0d062a3038681769da5820da23528c36df7f3c9a828fb0adb085ade9890d6b9a3402de639e6619d1e07f6423cf824c9a40d2818f575950e4989742f107de5cf9998413d3c68d6243afa58f2dff4bbb6a97c5c6cfb5f9dc23aa73938b0962f554b53a2505a585b1b332e6a0bc5df935ea593c2c1028cfef2fbc76b8fb6c6411d873e295d3e86ff5ccb94ca3ae8bd5f6b6f6baef56ff9d9f00356a9eaabc41f2f05d94fb7ec0f69329e3ec74e0900a2d326d76e99ea7707e1ce2b7c9e6a3f47ee0d8ab2d7f8cc651eb5cbaa2c6b617062a51b3ac075fadbea8b53d0b781e9091901c608a42fa6a2fb46fa13663a7273defe1808c6027a20202a7fecf228e09b6dc2cc97221bfd0ac131d90c33861c5b993c7248555c7a15c9d90fe9a46e74f2b9ddc5f3eb581e4554b56a97e9ea30edd22254a1b951b7ab2c4f28c9bc402c079cf7f67027fa945b4782c2a06ec557cc466964d2bf2cf0ec14ebdfe615cfb1133491ccc415e202f1ab98e3c738ea119238f3ccc569ff46181e0b82c4d0d02ab908184ff96763ccf79e98e19a7af9303ff7d0362167cd43d36500b1f2a228e000126b3b93d629afb1aa9f487a25701d6ee99e4cf2f5b9f207f73e11763352830ec4e195996180fc56c5d84d0615352894cf5b67f2b1e91974da5e501a8b09f090edde5e77c5366c947b3a2746ce229b5754f6427e403fcb271e487fccf3d74e0fe67009ce4d32c4fc1808882f1d4b65436887c30ac2a06f8c8c8f48d1dc75e1446f6e02f13305f0ac1c859912dab3370f14e7959902351550bd14b3d5b84eacd3998c630db20e49958f0d8366044fc900284d5e8db58504fbd6975535a2ee1ead79b6cc88bc6831f661b1fee9d97dcd7f598338c12befa546a75c7bc8670d1a67e2ba26e887a979bb75dd041a02155669ef036a56fb6a09e102860e8b7c784b367da4df13f70a59c5bf9933e95654b7701b41963d33993a9e0f46e7281411e4e7a3b97906fca7bb82652c94025930124c911c6dd1333e8f7340448aa6fbaa75ba9380a049b41bb86262d4921453133dcce9bd98da9878ff74c6a6ae2b40dd06c1d8a963ad52aef1b26f73e9c57fd52286f2bc6ce8df8781d3c4c68912a05deaf4ef510089374b5a3ea63672190ae97c9a0c79dbd339b36ca5abfece9fbea88aa5596e65b889133a3e4a75410da0f37a8e1df3926aaad3ecb29aeb83184711c831a4554a7c53288733fecbbbf9f48d272d6b65926e6491c7204b34f76048735d6256dc1a9ed16a62193ef707a785456133801b11691fdd576103235c6ba2978ab05ae19878ccadc36f9574c97ce3a5bc3aab4ed3070dbb7ebfae002d7ea4c48794deab0502b6dbe03c1a49ee52728fd3ec92389993e7464e8d8040e60b211d75bcec5adb4a19ca20af1f2232c652fc25159e12e858f3d07f08910093953401a8f70c11236df7992bc2e113e51b20b22a2296639fa6133b6015f802d668523fc4e4410de5534efe5fd69f13be4cfd887e4752dd461a716a67325c695750d742eaa265f3456bf9dbdfb08fdf6b477a6a10fdad90e7a3355697aec35bf22a8f84b655ed7fb307d0489142c045faaa914e81c608e59c6f88b82749d9567c46af12f010fb756d886355f41a24888a64d5dd10af3515f3001e6911908bc84e293c988afbdabb7d440a2ec3de96ec06b56b4b9701e95e5ca10b6589c2733c81269da2cfc17b3d47fa89dd30503200099ee675147c9e6f97da5e3a7856a4decc4b86a8961fa3d2bbdca3429a079ac52ccc29477de102741b598f05ff2eaaaca957919242adaf4e729ddf8d1e04b69a669486aff6a0ee039a66c9961c66e0d6d5f78f3a1fff5432c41265936aea1995776862f892861c937f5904d376a339dbf99a02cc9cff84c27f206c5afe488c953a574c797e99f22b5c917e5fd1a90f3c17a4868d0688696a13dc911ff02f1ad4b6203e9d92f77bbe78470dca7c72009d61b3df1e7871b60921a0d54a6ebcaa148260672a3aedff2f9764f8197d9a0b6c934cceb6820a41476eb1b6a9110af53bb182dbf95046145f6bdf102b1cfa86a5afa8b08e603fc927f0460fa9563545c88d7ca5916dfdb5c9b6c767d520679e66bf673ec64502185615b13d9a131fa4651e5c8b40eaa278c771c4fef3acc35ef76d167f79eb68279911984ac9da9e54eb431dd2340ca6c72e04c2da65412db02aaa3246250c507eb8ff42c1d25b629f9340317ce8b71eee0aa0c015b2b905cfa739bcb9db63c6779cbf2a576a132b4028bf070686f89adfaa5ca91fade9b6f6b4df65a63848c502d2d24b94201e4713ecd2aafce1b7eb28ae4f96ab46476eefc5392d6ba2fe7220eb3458363b121c138d122a188c3dc60454f7ef6fbe7479cf56d1a20347d7960a7330ee392fbb02e0d5b59f7881035d8439568b8f438c0d91f38b1467eb4194f28f7a1558882f831aa7bf0679b0059c10180c66abaff9d238887a05ff23493cb18235efb163adc0a06a2c8099bbda391161ad30f52ab2c7627ab44e1ec88fcbfa08277e4418a7a2286601e56877d6269595c4885c64ea809e9c121cad84d8a058b988ad0a3afa281c58f03488f3e30250e87943cfc4073a2c2288b346d6065ca27b286622eb28fee3ce4399894dfbd1846725fad67fa2b818870e0aad72f9499e1fc776431e6fa6a6858f5c6f1f0b56126e8f912a126053d445f27429a596842da82b1c3b8308ffab9ca5d5c88a2d39b0f44968b0ab67222c6b93f8ccecd33b46bf103b8add735882455790d4c8af8654f1d71e683be642778e4f7fcf4639c8363ea53abc87a8b8696a1b8dfd51814f19a6bbc18f5c567ee8d89e0a85879c50fc1ac149cba1e9453d5d262d272c3a76a0e254872e1f54e8fa6da6c8d2220605305dc398214609f1e31edd55c8185c46fc00880f28beba2b50b042b26b20d8fd7f26fd662142b0440addcbd3a64e6ee99bb583676f96927d779481a06876cc8f41c90f46f163751e000b0ec75f7c7dd147dc21dfb3a38b1c9e9cb8d964c336c730d0cc6280111fd237f90c67e4f6815889ffd803bd9cce441ac59e2aadd6e546f9ac17507798d056b2a421d381866b954c30d33a932a629b67e2745913efa188f9bbce163bb69ed44d12c9167c406883793d6e073e31f74637aa4a17c6463526ea246851972818d37b7090f795ce0f124d43fd8bcf3557d65b78e478cf913f70cfa5c6ebbade99e2d4a5a9b2a872a1b1fc75c65337ddb01ea09c027bb0ab8c5bb00cfe363edbbcaaccd3b997cf926dd2ccdc64d98cdaa4389d8e3c46a789810929302c1e8d10c233932e1144928018bde47eaef06a82746533c7a4b9f72a23d0c72a41b72622336a62062316272166f631f1a484eade75ee6fe9be180747fa68bb7210b8557073f3fd7cfbcb3a57eab551aead27af9f716c1d528efcf4723c5755ddd767ba5543f9a7b1c112d10174ee53670c3efa51b94b73a0922dd298c2ae4bc7585bafc8404413f0042165cdf82fc68e9466646ef85d2a9b52bf523fe8094b7dd275c84288aa10f6fe14c5dd5f3e8b2e30e2f182083b5a1f4b0072bb58e0004fb9868578a1e1fcb8be370bfec6c5b2d0318eef1e9bb50ab89fd834ab0e625af5527a5e6f82f8a3a405eff949692ed2338cb902ca715293b77dadec10b53bf024f432daa9e080dd7f2810c25b850e8c2e0b405d1375275fa5e832390fdc7373e6977f682b358897fdf88ccd4f323356b80cc556eba9346d54c0472b377c06d453348058467141f388a523f6ee723496005e37bbb98d321df49a1884bc3561c19198cc35f2ff429ea6efe3161f569f92e1da035ff641f28c04a0a808f897c1db3fcd49a67ad0f84262427f56fafa26ade57fdd71ca99aa41166302ec26c143794808a9cba3f10821c3a9a6a419e06c57f5a6dff47370620808ab3cfdb8f2aeaa4c2eeb90405d1ac832bcc1a55bbffa814c3471d27765a5ed6edb3566edd96e20e6f108402df41b49faf48b75484ce9d37936b2f26672e8073190174dc03177ac292e562cbab5e054acd21318a4a10a4805330476c9099e3d7660d79a3b2b8be3c14d05fe246eb1c9964761289d097f71472a6beaa0127023697956632f8ba77250559a15ce9e7f270e6eb1edb62586cfc31cd4fcbed345891201cb9f2834761f84bd88f6ab147e6b3f1ff90139f9c6c4fcca9dca67f6f4474b102eb1d4765f13ddda3746d54e44bdd32806a9a8a179baf0f8d75593777e79ad9eb9a370db4ce21cf5fc496d6e521ddd7f2e86d2fce6bcd92f1dd8028592154f1a8734fedac7795d4c039d5ebd66d4ac8475a137ed935f20c7fad6ec11db1f86058949a36165489f84d9cda1b1bc1d4e247187d32e953e61716bb585c1d0454f7b965292fae8b22536dd70cab60356d1dbd744f7011c840ea57f5b80a17340138bbef39b38a34631fcb4ae8d262656ab1557b3d74e09da980adc68b54c5eb56ba9716374b1522367425691f578ca5d4cfdf22220b7694610d9eff4fad493158fdef22d1c936252b49153004e8c5ae8b53fc55dfc7aee6769d559dc6d0a439d4d709b116e3abb4ead94bc8cda7b0bd12c0a96a151ff242377453f06983beb82d144028101cfc7cb7b12abe9a1ce9de7f714f1c7c24357c98d11145b5a768f01b6e6f2b0627080f3bdbba248fe924b39cbdb87a1e1147d13fb6857c2c4cfd195ab0e1e9ab6996b7ecc14b7b499624b294b767111b76681e3bd0002113c7e3206caed1bbaadf9f536c32c97ba20607bd2711ce7fad2a83149529b060620ac3c8be317fcc60c721d23665f16c9e7eb87b8e591da318ca5d60a8cd6c7acc1d3c2d7a06e4483f0186f62e2ba305649189c5e53605892ca44ea79e249bc821f3e82e1c1583e7aadb19f0c574c2e138adaa6efbd425980613fbab36ff49733b6179e15246bc89971830913c0c225e6fd33bab45f351768e60d9016b5dbe6c9f4cce77d160878dc2a27e19edca99840bc821a66df08234e37b482e1cae6644af512098d2495c11d29031ff19ed849b4c52bc09fb40f4c3df84df47379f113716345750457a95d6d15c0a170c8fffabd3dc7839f6a8190b7184ec66bf453b4eb894885d61e9e21438073e1729f784790935607c7cfded186c2a6b134916d591421f72aef18288cd68f97f0998c659a81d73526766309ac0300415da7b642dfe8ba7e3c9c37af67b4893f119f69985e1e16f4bfc24a1dbb04462575658584d7a752252839e0787f8ba82c86d2d614ad8216bf6feaf3a7f8dfd44c4ec3fe9f5e19984d246ba540870f7ed753aecec1308e456ddfee4dfb559bb6fb36cfa647b5777228cee24821962f8350ed090a538f12a50724188e273c645315f4da6267f040104edf9029bbb4da1884407f8437f5d1665d870885f1bfcc6b28d3f367465ef32dae8fdb43ffbdea0d65319edb71e7200b030f1f2725fc1de724284063c3e4d31ea87251a5bfe8ab78382bd068555baee3664a461831989b94c420c1bfc0b53e8e4a1b26a67764ff9d721bd676265bfd2d76548d3ee2aff5fa8c6f28673111195dd8108568c5bae0effd53eeda4d64e55b3131bf452c6a92a9e8d79559f5d24ad9a2d1faa6a68e16ce3af28e601b3ff5c087f63876b575fd2eb7323053775f5487a6dabf336946eda37230d3afe6a75e16af37a9193bf5ed51d5efbe577c4527d4cf0d0b8fa8a5f15c3a0c86b2984c2fa556522afdc5cf3989be38b3f1489a775cc80126f4d1a842c5baa1e214526297cf14b7c8c4b7735e9d6c05dabbab4df205c54961c71b8f8eb3088e01a1a670b2d7b5f7f042960fea80d5a4b7db00cdcb715765d11897aac6584687657e883a35e36f6bb2e461ef2ffbb4694e11a41c08e8059b623f10c48f63c62fb5a371680dbcbaefc2f43d32e52de3db301729a1b604cf905eaf28e369efd2b04c8a6bb11d60be37de8897e2fd350db4d073e1e0ecdc8d430eadbcce1c2f9483546647d3dbd75abeb905506182853505c63ed3e3fc8bb6c544a55ec23a557c54a50fd3d49ad020facbc879ee3d881383644fc499d731ad93faf0f6a31f34bd141f5de7b6dd367854ba7fd6658e0ab2ee66dd20f2bbf921f3cc5a0563ec062df41b6c9a4aadd81c262a9683ed1f5beed2cb04acb8ed18581103daeee290630e04d67226f6ac86d5c680cd7cf4c79256d383aad62adb72a01eec6d9f09849a366c7851ae4a949d6d37f021763f9f74013ecba944db7c29eb255a899600fadade6c6fb97aa9226edb450e9c188133f2b5ab21b3600f488f34a18db510c4fb0c894345fc280833c53bb2bcc559bc70effc2b5eca18b6d2a609fba4f8f44f71c23a3d46e16264ad47461ef3aedb36233fc40a50d706470b6b77806864a23ba7177f3dd9e1579be6ac226caa88435614d0c29b519def4c5f36f85425bdaf8dbf6e858cd02aca16c6c9d82a0f18c5090080164047f2e975e9ffeac708d3a2b8be97695b2736897676ed49b9dfda9c890da00b0cb6da8a832264cdb48d8779e719246a6a830fd4033094135fd6b9e636240a4e0349526f4536b5bd4b736cdfcd46a88de2344fa8db7a39fceb5b724a9376f7e51aa417f1a10baf63cf530a4e759c4be80b251ee82cb392bbd7183039d952a0d4d1ed64f506d9efe23b37f970187481518b39553343e89b89c2f6dcce66804b8d45e1d55ec1dc36cc679e462ef0170344a83a53bc23044a873d608da8320ac65e235db368ec238efc73a0203508252577fec225b42f66ed7935d065051184cc0371494b774893d57f30bcfbd03c75e59874cf899779a6f336928c92d473265a5cdb8b30d1defe93c2241bb4688c37edd3919d1d5c4c847c8eb7c6fb1b6b756bbcaac63bd1cdc9f8d96cc9f91fdca6af5f66e6ddb2355d6387d4229529bedffda6fe0a77c0907cdfcf445c8c720eff421ee021081d34d0b73b54b3d84781a1ada9dc628a4b59f6253f1a3cff7e82c31014abdfb9015711302df5363c688e3232679cfe23c0b273f68c0e161f6548b7ded8b8776ceb3a4eebc431df6bfc09a2642fd16401b1954b7be7628526751c2331130e4a70df1d89d4ac6bfc50c642cc8cc1b05040cae31594015470b104163e85a9f519ec28427b47a3a8a0b92dac1276436acbb54bac573e9b83af6955baa5e254871e2e681ac5f42219834da9a5411d59f497c6df3a89b46399e8060121f8ec2364ca91ccf0511e597244b96ddf627a42456029f6d33cad51d4a1c5a4b9ecd83c2da92777bb26d75957c8d170caff2d1572dee417551be25c2b0446cb6bbccead36a25e3a2f523bc9b6fe3537b3fe0aa0918ff2e90d41ab5d8203c9701bc04cc8b426fbb2b25601df442b472e6b5d3c2dde368e1329c36b3915b82af2137dbe48a5ab8cf13af4b255dbd31ea11473575a63c08ff3d36ed69a0982b7e2faf71b27cc091d7944b25c30144c6f1e98e0ff646ca67f3c1eab89ff4d3cfbdcf15e475bdc50b64f802fd83ffc56f99177e399c256d93b6fe616073e922ccea2b52e9d686fca2429a12cbaf250c1c2489c645e6ddba0e30dc1b702c04d14568948b4b8bfc02b1a584fd52817f2c16f6d26828f8fe32f5863cd938c5d2c7cab425f63e6c754e09fbadeaab046d5c4bfcad40e1c2e96f2fa8e1367969935419bca1f1aad4dabb76072ce6ae8beaf03e48c627465dda54afd436d47f007c5b1c7b52cf55830d6a3dbcd561bac52be9e131182f46854ba40f55c86c7935413f3c9ebaed553f9b9fafb964f0c5a03ee454b8a21bcef78881b1dcd9e4f0944f5e0dee6770f7d32e058739d6a63eb6e264ada03dc9a30d0b1db52bb8d96dc1f7c6265fd93ec0da79c5898fbf9ebb3dc1bb2ffe8ad5eb8ab90e70f448d5fe3fad48c56d1bfcd93dd5b11f413eaeb15c0056ce58e6652cffa6da783774a82e27db165d9d83639f990c9376da6358a8ecdf916f7059be9d405b9f6449b54330afb0d510547a3ede40fa8ad3c2f8f52d1728c2fcf55f6d1ebbd74086b553b14dd513b6350e3a768b8678ca52b18189a5b85564134db150477a016b7824e73e59449451b33fddc3fca5183dc7d9a198d69544c402d09a96e837c02247e4a6130d6eed2a9f2b30c3611e4ebbb6088bb3a3879d471820da2c293de88772a098d0cf96d9d2fe238fdd08342da0266a12500785e774639611bebc2ccc0f6438d1590c2f0c4de364ad99e3e89ad0d4dd55cf07353cb8977d3bd98060e117840d167f0db84d406970401c8d34891143f8288664e979993eba480034fdab02115f30ad476c5814c52236c05e8c88d6976f89510d3d2632408296ad83618cd7907ea911dbccd004964c8da2a56f5a01fe1666e4700cbc5dc1ef9f7674f1fa53a82de533f9084a762ef55562a2b61f0d7992458ce296602be0bed4a8a211622a1bc69984a2d3ddfa5d3ee0346cd8ec151e393db773f5bbd9e176a34373d86ef942dd0d79b9e271371ed04fc6bee281bbcbc2cb0964bfde1e396a4c18625e8e24c29951cbdc14718e6d5109b008280824564b993934a23fe2efc18fd47362bfc5617dda8e289af3a913c42af9cebbab95d7a05ef72583571f7cf3444111c2d7cf6631862d9975944aad75d7121705fae35559fcc29c10be0ef7945100115b9f3c54195f6ba9878e79c64132a7fe77767413faf8cbbecf2ff69e85ec340b5692343cbd35c12b18aabc308b5d49214f95c8abe9237658b6f43919438f0789c7154d639c21103181eb034aea16574d9b6b961ebaa798d75ac2904f37e5a683dbb687f10e0818620bbadd332c64b26e0a1f4c6f64cfe00b35e9c5c8265032b1bb6ba5b13d924d0d200a10249cf5b69919d56f2f8ee7d0400c4ebf7153181646511f2519b3bca740aec21d724ced7aa4b820ab901cdfea9c89112d9e50021c63c6707ad027f5ca0be19cb4de574ebbafd938b3e9570d8be400d97da0ee86ba610153c7075ffa8b175ef3946454d98d904b82ce7ca96ff4cbac78721ac8c31f05fbb8e42c55b32556888450385e3540005870da33cfa96ae16bfcc0415d33b05a0a93a45bc613da6ac668304cf61c634d2268f02cc6682c5df9afff24c290fe2a22e7dddc57e3478b5bc723c6f716be9e87ea5795b61888c1aa80f605d1ba68fb1af27697f8a409f800b9405fc44a2b70c283d640d237b73b444da8326e7171c2f699e87c63a02d79cc10e62da48ed2f97597ab3c57c2944b11186e1df36974cc03a7c87606755b499406d36a35de4964323c2ab1adcaedcd3e4d1f3979be1dd2c3e21b7ac64a8c0c0dbfbe88f6e63967bd124bb3c785236d119466f2ff51edef931037f4fda1951cc8518579c4fd97d9e6e43c8848d5ec133e47a9aa5bc6f49295e63884fcb22e77fc54e4941241b888a31aa59e107b714f37d474deb8b9a62bd3a6e3867e6b8a972ffcbdd03d0c48308cb49ecdb4a19b0315fddc6e4a73a22732bc37406b10445aa56b91578dbb49362de6cad7bb3b395799a1c98d7ab4b909d19699256f2e028fa054ce49aa8645a150c2dcf0ebbabd87f87c14285b7475ea9fb1a2b772092d94e4a2332122b14c958c48dc2d147d4f797e5cbb1ade04c953f37555803900b7091ad9c274db66dba1ad056534beb09ff8030ec81d88848d7089d787aaaf897a74f9f91692557e5b306cbc359b986356bdfe5682a624c554dc42f3e521c76711beaa01733ba252670a55910720d4e62e0d294f49c7a5be941ab31619b07f28784a8196105c38585c29fbdfdf32b29c9dff18edb10cd5d176199bbec3d9c4b2eb6a5ee2867b255ad9164ca54480b7c4111b33949585bd30e2e660344012ad27a9e85fdf6ce509e07ea1ad1d81816db8e485d029101155c57641e2839a65c77e5eb43ccd16f81f626bd74c084bacde9e7716266b39a463ab4a1f2055fbdc00c20ea10db76139a5b90e106bfa4a51f41d475c303d094b6aa0303775b834388fee4d6677e18deecb5eaf8c3d591d3cb4c956ae34c7c60fe071f5d3f19cab9a59dd9423c6e88af1fa1223501da07cc214b18724ec1c587951ba0b1dc970bda7dc0ef804fdefebadee0965e023312ab274d01ff551753dc0b7afc85e10b68a9f56428cc2267fab541213b3fbf509cab4daefa4c984e8b1480724e2e399e42086c67fecda7789d5c380e0f257e6e475c63c832aa4b17c31f83ba5d7ca5db9fdc57d4dbc9e8affaad3b65d1b3c4bf0b75df9f602ac32d1ea696219afb6952a294f4b540cce84a33242e065c6fadbd2f5cfa1718d26c9376cb66449aecd642d476cdd411ab79511ea6608cfc150825293218f7599adf85ca16a9a889e601a86c18290020bb9fd1454bf1e2524beebf5685b8b2ba9eb59fcefa66329670c5fe2ca4435c41b5ec4bddd9a69aa5727f8c7026cc337e7f5ea2b85d3e6eadf65d1da59921e9601684cbd6db98176793a8a778e4f97171b0a271463c772de46a0436964b32a57a00ff7e9b78ca13c743767b460bedf3a1d701196e2a87424a7fcdfaf115afcf9476b7992addc11bf5dd4485153818ddfe711c3fc14fb30aa9336100044e5a37d30d6d246459a6c6c38a28b0ee36c5f4ded811a115f23d4853e71cfbc48617fc8d469baeafc65234b2284f93d2a41953de6549f9c41b571867bbb6ff418332d3cbcc109f85d59203bc4d222a70ef70373f65e9cf0780289af7a3d8d168265f3864c5d2e933bacfa2424be11948b89596109584ca6e8ee0144c3d99a82cfab8846844f118601ab906b0b44730d79c9169db3822060b3fe635b51c060ba336c774dd1a5612319c004cd5a626743a468607a7cce9fd29ece8b85e868444b17ce733e80d2eae2e43585ed707a50ce1b2a2173dceff5f35b4dfeb79a69e18ae83d3f8445f0dd7f896096bd7e10383a59f95db4cd85ed6e54ca1cf899e13cd8fcf8d894fdde52f8598fb1581d85737ca903b83c6477a51725e8b655f63aaab7b6bbf31208941419c05ba410c07da4c00ad6e04975e7986d4d7f5182ad6ac51225ea5bf595012f4da7a714ff27a654cbc5614843c848aaa8d1e71be240742e0225408d964430303d332924cf588f4c0bfb75f32c2907095476f00465ce5377a0864ea08f2916a2194b915e61d9829ba0af574d7d8d4fc61be6557c49d9b1893796a674dcd4a2d0ab1540da21721f9ba2889d40d11d15a03f47fb9b4758fb5d396fc3ef09dd2eb17340651bbd4d4d302171b64a5d134a14c2f5761d69baf6e087645f1569ae3c9430bd62569a771c3c9d386357852630d14d59bccaae73e88e79fd335da885dbc26e317a560e886b46237a9bf974c90f17e8d1a3193eb8f6a8a4085fe6afcfc6625155f230cf952573e90950bc2ea62b659b92343668cc07d54f4c08bc4dae324d565940bc148e290939e06c2dca3293634d1380cbea8776653dcd705517ec2d729f81f6402d57a065a801fad2f4c318f858e12657835c6477ac3168ca4094abd3e684a49eecb3cbf4beffb9f074cd1a52079792b6612d02d1af2a6a87ee097956ccdeefef33981322a3603bdbcf5f25ef6983aabfde61dbbfb31aebf6a6438c0de64b0fb58146993c8339ed1575816a6db7850ad758ee3d1b493442e12deb80ae936380c081a69dfbe7b86cbb28d5c225733e9c7e7674418cc7696f6bc482688210a51cea3c76ba11c21c21d75191c1f92f2834c1a9f9c6d1be9ad98508e7b4876621c126d0a3b9432e15f6aef3241bebfc3cb8f2dab4b96f97a61ee2e7312845d3614d817793f6c40190d7b17ef2b7bfc8ce665fc927dfd178722fa98d37e58d5c3ea763893f1f46390b9e412bb7b986e6f26e6b4998a7b7252bee2a919d92a4f63bcbccf52f7a4236cac4964dce74ba8572e8481de412bb53a0ec1667d3f64526bce5b1d39b5a49449f20a6d274d55e60b0c722a8c3606a1aed9a73738d634bd51a4b4be81283351fabfe38d8bc07b96495b56be9c69adf49958224936770455c97be2e895476df55af2d69e308a5b1f898d2d60896055b8f95f99cda6c961be77245025b3aae7411644fea5d5ed7c0f9fb6a9d48af4287b4be060236cee349ec67d4e94f6d14aaa6fd546779c03e120474ffd1c419b99209526ead27480320f5eca0870a3c4bd17da6eec1e5a6591e5b6215675d6704257ca0cd1f71717e12fb61f365c8309df3e3e7646cf2ca5bf8fbb0e602e769c5510b11bbf114744ee38b80e0200a059a64daa7b699ea04851f976a7ac131cc0e2da1375524def3476375b4c4fc0e8eccfb60fa14a03fc3ffd7d905e548bf048ea21d14abf261c03e27ea6d9ec2cc11f5bfdc6a379332dd8f0a6a3b5792c1f1921642c1498dc23802f39f4e43e8f51f3415daa93f1985ad00c9e8768cad571d2016f57b05337882a38ad9f4470d205b1eb895de995fe90369bf0b6c0d73c5923465938cf6750d0a46ef63875d8eb0958c48459bae7ed3d0e6f1a4ff0c876e86f23f199e98d6fc6810cc76de5161e8c5d2e502ef34cdae2115a05ce7760248fbf9d29f89d80de97a7c4ce37d6999ed4c65057c55aa5b6295e0897474a4abd86b58a630b5519e24a96a9c36481adf71ef68a8ea7854d20f3c17ad755051a97a48d9506b00899fa9608a284e7fc3de96e3ca1a419e57741bf45df4d4b79d8520a19332f3d7d0e4f3f6e4d38c9d9bfc94e9a540c96534159905c4499c3acc4120b7c40756c1387e847f021adee18ad1beeb31ec410044bc868beb1578be40151a063f9d004542cff5af8064498a723f9ca4db4e555f33d3b0b436990cc5fa9117bd4dc4a1b26cd35dca132b074dd56d25db0467c20916b6d59ed613cccfd6a8a7ee3cf7d7f5de5a7757978464f3bc904685e8c2c357b76f41a96c7c78e3be8115204b20c1ea067b851ea81edfb64eaed2114c79b995c7a38035c2dbec8f4f3eca14262eaa6afd554d77c8a223890aa286dc28a08d8377a606e099c8ad9f42dcac63554b356a129a9e9573fcfb207b27baa4150d0e572e1d509a2b2ce58e7e3904fb32575ae4532e4ffb2cffcc15ce281af041f8614d9d1881947beb542d2430c76a0a048610027fed90b544277276bcceab9efe607f0340466969ba80f7ef7b8b91fe694ad6f472e2c85a9068fd15ca7fdd3a7398894f4a3dd4f74889d27294143d5f3609d97ac3323c6f3d6ecbe990dcb5d975358f54153f286e78c8cfbc76cf3e2540614252d267ac9327d13fde8abc4b282014be61a11450aa26626c478ccab01c380f39cea9dc5d67501ab68b06bdcd3b907d074aee07ebf43b3268156fe5d433100ce5bb6f655e4117f93d7a7bbaafff821eda6d9c8f6eb4ebad0d80fc45576ab4426f0b390ce9fb42312c23430d040d85efa8cde8e1a3c47a082d33cbea897edf90b00820032156816c8cc1218b9cbc41108f910a9a072afb6d94c20b5daa083a8c6f1e49570a82b779b06e91e01eeec67ad5fcc586401c91030a8300014a92973e2b4653816cfd1866ebe6a07b7b9050176f3f0fd7deb7094b96dca67a7fab85f80275b5616414ba3d11bed295420cb62860d5a01fe557eba85cab0dfbdd4ed1d7f30cdc0540690d7bfc99ff1e59a0f72d02ba4ca97849954227f5c7ec2f83b6696e6ef379319cd0c528009581377578fa17671b4b70ebdf40a36ec697ece2a6d2b170bd083c0efd515b81acdf5670961ee9c64112b7899679d0c45f1845f47fe157e684be85fac90ddb39233abd2adbb346e93c5e11c027dab8b1aa391dcf28cff9e63065b7b0f1db0f9321f37f997e4ae144db20222373fb6df8dafe7dbfe2741fbd99c31ece0a6978589201a9a107f141f571d12f4082c20d53c27e5da3d8744e4e84f949867b6c7a719659495061263bd366461f038f74c3e8f426f66be1f6c17a7983c01207b7dc28b9d4d258d33a13e5d998b5cec54b5968271a32ce79f80118678f2978011bbaa86de2c53f46fc4e2cc1f38ac5a4d8d6a286c01e5b717c7e3eed1cbcd97e819f688b0f4cbff7fc98215044eff87f28e65559c9b030a0676eac25552b5961084f162e8bb638d52c81b091ddbdaaf684c6f1cce30ff4c8c60f55148aed8bc5894c22114a2f639d4386a74fa9cc6d51f858627d6aa5cb17b019f79584e45f014c5148bd187d10d26195d415be636db9a584aa8c1e640508b63f9a2defd89da52cd27de445e54a93ad18003cb35a752e91df73a688cd65b92b754071ce3f6328f76c6d6f455e7fcf5b4b48b07c4a5d31b0262c8629b9f86ee6e6e2e4b7246577a5a746b6c0b2b70c4fd455fbd6649d36f54adb32a85ed69d81552ddf2e2878f85120b57279c645236986f1affba9e034017145436f7519e5681fa5b9940890979fb54be43bbfd98965623d0ebe64ed593b802aaaaaf14b4feeb4820a76023a3504707a829838d98965623d0ebe64ed593b802aaaaaf14b4feeb4820a76023a3504707a8298383edab1ff7eb6bf33f108e9ac1a08eb16c954b88a844e3119adf5950b44014eb6a8e5c0431513700be1b5ab864da531c6670f1a7396aeb19b6836ad66a24610d7e234489f88176e66bd858291d9de7054c6bdcedbb9f19ebedfab02d238b3dad79f8a3a67cb2c20594260bcbcd6cb7c882237e9d29d239966e4e1327c6b2c7a1b372fd5afc77f0d7f38658bb86153e8c7472376a5d735412237aea47881eb714ad1ffba188101427d74509d8786310f1e0793a251f31819283664626cbb6286bcdd109bc3de5bef59a8492c6f849e7cf1c2a665d6b5844e749d36a714fc4eb8f652fe79b889ef808d2d515a143bd50327674d18780056158238e627e37eaf784b4505976a7c3561f4c11d3d6507b4c18b802110be70e1266ecd65aa25fca95101cacd3b12fa4289261c14e5ee98fd476472dea0f557ac01fcdb70924bd287819775d157c8d42474307105402a51927ef917b768d06059771cecca102eb0dd2f568cc7b0d397686f82a8768b5c8bbee3351115747b46de41a1faa6f205ef5f3c1c521072b8d856dbff81095a9f8c5cee02504420edf3e7fc22d440dd646a6824f019fb878199014dea84874d11e319609135d4251944a93718a1549871f86355fe3eb3122488c9aa9f8b75933d7a6919efa794806e34d4e58d0b296ba79ef1db7bf66d6f9fd712ea74233a038d4b89b97e10cc3205291edca1976e502175f4691b8ffaa26dfaba1a39b7c4ec7d48277f0d0493144621e9b45f18cc3b51bd86a2c96890bd684443e1cdde3577632230a98ba97301607ff0644ddbbadb88968a9f7f893b2f2c73de7b893f46772678c105be501cd8494f51222dbd4309111d45e66154a4e74dfb2af63dad0b61ff21f4f95994201c284fe8f586948c544ff57e966eef9929e7903db1da5da6244b306a8c168f13e884e2a0c85c3e4c6ad4eb6fa575bc55eab02c151e601843afc2885ab9824b294c7d32e6352066793e8ccf6663073df6a8fbb36c44904533ecd83ad5cb8c1c3df4b648c229bc3e5eed1793a8f7bbbd343ef1d37a68e91b132bd0a546d50c5cb2fa11202e43a652b111bdb7371b5e5eb5dc9143c8d61b9b80d5cf522b829938f539a301cd22e79e52f6213df15534953e17076aff00521a5402e73915fd843905ff5a92e6db5564e3ddd38febf2dcddfef40b38e29efc893af9d607166a6a93745bf976b64c00e0803e916f9c3141b70c4fd455fbd6649d36f54adb32a85ed69d81552ddf2e2878f85120b57279c69e6353ad5c95b7220687c6ac0dbbd51ba87ef4bd6e0a278f804cb727173f19c2rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootselinux-policy-3.13.1-128.28.fc22.src.rpmselinux-policy-devel       /bin/sh/usr/bin/makecheckpolicym4policycoreutils-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)selinux-policy2.1.12-32.1.14-743.0.4-14.6.0-14.0.4-14.0-15.2-13.13.1-128.28.fc224.12.0.1VŲ@VVVVVpVhVO @V@VCVZVqVVVBUU@U@U5@U@U4@UUb@U'U3@UJ@U@Uv@U[%UQ@UHUB@U4@U.RU#U:U@UT@TTE@T@T@TTT[@T T TfT T TTT@T@T}Ty@TxcTmTl@Tl@TeT`T\@TWn@TPTFJTAT=@T2@T*@T @T@TT=@T=@T@SSvS0S@SSSuSuSuS/SϣSS @S@S@SS"@SS-SDSSP@S~@S{CSr @Sj @Sj @ShSg}@SZN@SW@SQSCSCS>S:@S4S2@S1oS&S&S"@S!S L@S L@S@SS@Sz@S(S 4@S?SK@R@R@R'R'R>RRUR@R߲RR@R@RΏ@RʚRRRR@R@R@R@R@R@RiR@R|@Rz/@Rz/@RsRpRnQRi RfhR_@R_@R[RSRNRNRL RIgRB@RB@R:@R1R-@R-@R(r@R' R%@R7RRNRR@Q@QQdQQ@QQޞ@Q@QکQکQ@QzQQ4Q@@Q@QKQQ@Q@Q@Q@QQ@QQQQ@Q@QQQ@Qzl@Qw@QvwQo@Qo@QnQm=@QkQfQb@Q`@Q^QZ@QQQIQGQ@j@Q9Q8@Q4Q0@Q-@Q& @Q$QQ@QQ@Q @Qh@QsPP@P@PP@P[PP!@P8@PO@P @Pf@PPqP @PP7@P@PPPYP@P@PPPM@PPd@P@PoP{@P{@P@PP5@P@P~P}L@Px@PvPvPuc@Puc@Pr@Pmz@Pmz@Pmz@Pj@Pd?Pd?Pb@PaPaP[@PXb@PWPS@PQPO'PM@PIP@@P>@P8@P7lP2&P2&P,P,P*=P(@P#@P#@P!@P!@P@PkPw@Pw@PP

@NNU@NNl@N@N@NåN@NNNN@NNN@N@NGNGNGN@N@NNS@NS@N^N^N @N @NNj@Nj@NN$@NN@N/N@N@NFNFN@NNN@N@N@N]Ni@Ni@Ni@N|tNyNx@Ns:@NoENoENiNf @N^"@N\N[@NTNS@NS@NC@NBrN:N98@N7N6@N2N.@N*N)f@N(N%qN$ @N@N7@N e@NpNpM@M@Md@Md@MM{@M@M۝M@M@M‘@M@M@M@My@My@M3@M@M@MMM@MMMMTMx@Mx@Mv@MlMbSM[@MRMQ0@MQ0@MJMGMGMA^@M>@M9u@M6@M5M4/@M4/@M0:M,F@M$]@M@M9MMMMM\@M M M@L!L!L@LL@L@L@LOLOL[@L@L@Lr@L L,@L,@Lډ@L7LLLNL@LΫLeL|L@LB@LB@LB@L@LMLL@LdLL{L*@L@L5LLA@LLLL@LcL@L@L@LzL)@L|L|L|L{@LvW@LvW@Ls@Ls@LrbLrbLmLk@LjyLe3Lc@La?@LZLYV@LXLN@LN@LMxLMxLI@LH2LF@LEL=L=L=L;L7@L LT@L@LL@L@L0LLGL@K^K^KKKj@K$@KKK@K@KK@K]K޺K@KtK#@KKՀ@K:@KK͗@KŮ@K\K\K @KKKKK9@KK@KK@K@KKKKrKK~@K,K,K,K@KK8@KKK@KK@KqKqK}+K{@K{@KuBKs@KqN@KjKie@Kf@Ka|@K`*K]KXAKTM@KPXKEKEKEKD{@KC)KA@K;@K2@K0K/c@K+nK*@K(K"4@KK>K>K>JJęJH@JH@JJJ_@J@JjJjJ@Jv@Jv@Jv@Jv@J$J@JJ0@J@J@JG@JG@J@JJ@J@J@JJJ#J@JJJ@J:J@JJQJ@J J J|@JzJyt@Jyt@Jx"JrJrJq@Jn@Jn@JmJhPJeJ\s@JW-@JT@JS8JKOJI@JCfJCfJB@J@J@J?r@J<@J;}J:,@J7@J67J2C@J0J/@J,@J%@JJB@JJMJ J dJ@J@JJ@J*@J*@II@IIA@IIII@I@IIIX@IX@IX@II@I@IcIIo@Io@IzI)@I@IܑI@@II@I@I@IԨIд@I̿In@I3I3I@II@I@IV@IIaIIm@I@I'@II2III@IIIIIIII@III@I1I@III~@I}Iy@Ix_Iw@IuItk@Itk@Io%@Ik0IeIcGIa@I`IVIO@IJ;@IHIAI>]I= @I7@I6tI3I-I@III9@I9@II IP@I@IIg@Ig@HHH@HrH~@H,H@HCHHH @H @Hf@Hf@H@H+H@H׈H׈H7@HBH@HǶH@HH|@HHH@H{@H)HHL@H@H@H@HnH}H|@Ht@HsVHr@Hl@HkmHgy@HcH`H_@H^>HRa@HQHQHO@HFHFH$@DX@DU@DN@DN@DLDH@DGwDGwDDD@@D?D?D;@D;@D:HD:HD2_D1@D1@D-D+@D+@D'D!<@D!<@D!<@DDD@D@D@DDDDDD@D@D@D@D uD $@D D @D @DDDFC@C@C@C@CCCCCR@CCCCC@Ci@CC@C@CtC@C@CC:@CECCC @C @CعCعCعCعCC@C-C-C-C@C@CCǖ@C@CáCáCP@CP@C[C @C @CCg@Cg@CCC!@C~@C,C@CCCCC@CC@C@C@CZCZC @C @CCCf@Cf@Cf@CC@CqCqC @C @C @CCC}@C7@C7@C7@CBCBCYC@C@CC}@CqCqLukas Vrabec 3.13.1-128.28Lukas Vrabec 3.13.1-128.27Lukas Vrabec 3.13.1-128.26Lukas Vrabec 3.13.1-128.25Lukas Vrabec 3.13.1-128.24Lukas Vrabec 3.13.1-128.23Lukas Vrabec 3.13.1-128.22Lukas Vrabec 3.13.1-128.21Miroslav Grepl 3.13.1-128.20Lukas Vrabec 3.13.1-128.19Lukas Vrabec 3.13.1-128.18Lukas Vrabec 3.13.1-128.17Lukas Vrabec 3.13.1-128.16Miroslav Grepl 3.13.1-128.15Lukas Vrabec 3.13.1-128.14Lukas Vrabec 3.13.1-128.13Lukas Vrabec 3.13.1-128.12Lukas Vrabec 3.13.1-128.11Lukas Vrabec 3.13.1-128.10Lukas Vrabec 3.13.1-128.9Lukas Vrabec 3.13.1-128.8Lukas Vrabec 3.13.1-128.7Lukas Vrabec 3.13.1-128.6Lukas Vrabec 3.13.1-128.5Lukas Vrabec 3.13.1-128.4Lukas Vrabec 3.13.1-128.3Miroslav Grepl 3.13.1-128.2Miroslav Grepl 3.13.1-128Lukas Vrabec 3.13.1-127Miroslav Grepl 3.13.1-126Lukas Vrabec 3.13.1-125Lukas Vrabec 3.13.1-124Lukas Vrabec 3.13.1-123Lukas Vrabec 3.13.1-122Lukas Vrabec 3.13.1-121Lukas Vrabec 3.13.1-120Lukas Vrabec 3.13.1-119Lukas Vrabec 3.13.1-118Lukas Vrabec 3.13.1-117Lukas Vrabec 3.13.1-116Lukas Vrabec 3.13.1-115Lukas Vrabec 3.13.1-114Lukas Vrabec 3.13.1-113Lukas Vrabec 3.13.1-112Lukas Vrabec 3.13.1-111Lukas Vrabec 3.13.1-110Lukas Vrabec 3.13.1-109Lukas Vrabec 3.13.1-108Lukas Vrabec 3.13.1-107Lukas Vrabec 3.13.1-106Lukas Vrabec 3.13.1-105Lukas Vrabec 3.13.1-104Dan Walsh 3.13.1-103Lukas Vrabec 3.13.1-101Lukas Vrabec 3.13.1-100Lukas Vrabec 3.13.1-99Lukas Vrabec 3.13.1-98Lukas Vrabec 3.13.1-97Lukas Vrabec 3.13.1-96Lukas Vrabec 3.13.1-95Lukas Vrabec 3.13.1-94Lukas Vrabec 3.13.1-93Lukas Vrabec 3.13.1-92Lukas Vrabec 3.13.1-91Lukas Vrabec 3.13.1-90Lukas Vrabec 3.13.1-89Lukas Vrabec 3.13.1-88Miroslav Grepl 3.13.1-87Lukas Vrabec 3.13.1-86Lukas Vrabec 3.13.1-85Lukas Vrabec 3.13.1-84Lukas Vrabec 3.13.1-83Miroslav Grepl 3.13.1-82Lukas Vrabec 3.13.1-81Lukas Vrabec 3.13.1-80Lukas Vrabec 3.13.1-79Lukas Vrabec 3.13.1-78Lukas Vrabec 3.13.1-77Lukas Vrabec 3.13.1-76Lukas Vrabec 3.13.1-75Kevin Fenzi - 3.13.1-74Lukas Vrabec 3.13.1-73Lukas Vrabec 3.13.1-72Miroslav Grepl 3.13.1-71Miroslav Grepl 3.13.1-70Tom Callaway 3.13.1-69Miroslav Grepl 3.13.1-68Lukas Vrabec 3.13.1-67Miroslav Grepl 3.13.1-66Lukas Vrabec 3.13.1-65Lukas Vrabec 3.13.1-64Miroslav Grepl 3.13.1-63Miroslav Grepl 3.13.1-62Miroslav Grepl 3.13.1-61Miroslav Grepl 3.13.1-60Miroslav Grepl 3.13.1-59Miroslav Grepl 3.13.1-58Miroslav Grepl 3.13.1-57Fedora Release Engineering - 3.13.1-56Miroslav Grepl 3.13.1-55Miroslav Grepl 3.13.1-54Miroslav Grepl 3.13.1-53Miroslav Grepl 3.13.1-52Miroslav Grepl 3.13.1-51Miroslav Grepl 3.13.1-50Miroslav Grepl 3.13.1-49Miroslav Grepl 3.13.1-48Miroslav Grepl 3.13.1-47Miroslav Grepl 3.13.1-46Miroslav Grepl 3.13.1-45Miroslav Grepl 3.13.1-44Miroslav Grepl 3.13.1-43Miroslav Grepl 3.13.1-42Miroslav Grepl 3.13.1-41Miroslav Grepl 3.13.1-40Miroslav Grepl 3.13.1-39Miroslav Grepl 3.13.1-38Miroslav Grepl 3.13.1-37Miroslav Grepl 3.13.1-36Miroslav Grepl 3.13.1-35Miroslav Grepl 3.13.1-34Miroslav Grepl 3.13.1-33Miroslav Grepl 3.13.1-32Miroslav Grepl 3.13.1-31Miroslav Grepl 3.13.1-30Miroslav Grepl 3.13.1-29Miroslav Grepl 3.13.1-28Miroslav Grepl 3.13.1-27Miroslav Grepl 3.13.1-26Miroslav Grepl 3.13.1-25Miroslav Grepl 3.13.1-24Miroslav Grepl 3.13.1-23Miroslav Grepl 3.13.1-22Miroslav Grepl 3.13.1-21Miroslav Grepl 3.13.1-20Miroslav Grepl 3.13.1-19Miroslav Grepl 3.13.1-18Miroslav Grepl 3.13.1-17Miroslav Grepl 3.13.1-16Miroslav Grepl 3.13.1-15Miroslav Grepl 3.13.1-14Miroslav Grepl 3.13.1-13Miroslav Grepl 3.13.1-12Miroslav Grepl 3.13.1-11Miroslav Grepl 3.13.1-10Miroslav Grepl 3.13.1-9Miroslav Grepl 3.13.1-8Miroslav Grepl 3.13.1-7Miroslav Grepl 3.13.1-6Miroslav Grepl 3.13.1-5Miroslav Grepl 3.13.1-4Miroslav Grepl 3.13.1-3Dan Walsh 3.13.1-2Miroslav Grepl 3.13.1-1Miroslav Grepl 3.12.1-100Miroslav Grepl 3.12.1-99Miroslav Grepl 3.12.1-98Miroslav Grepl 3.12.1-97Miroslav Grepl 3.12.1-96Miroslav Grepl 3.12.1-95Miroslav Grepl 3.12.1-94Miroslav Grepl 3.12.1-93Miroslav Grepl 3.12.1-92Miroslav Grepl 3.12.1-91Miroslav Grepl 3.12.1-90Miroslav Grepl 3.12.1-89Miroslav Grepl 3.12.1-88Miroslav Grepl 3.12.1-87Miroslav Grepl 3.12.1-86Miroslav Grepl 3.12.1-85Miroslav Grepl 3.12.1-84Miroslav Grepl 3.12.1-83Miroslav Grepl 3.12.1-82Miroslav Grepl 3.12.1-81Miroslav Grepl 3.12.1-80Miroslav Grepl 3.12.1-79Miroslav Grepl 3.12.1-78Miroslav Grepl 3.12.1-77Miroslav Grepl 3.12.1-76Miroslav Grepl 3.12.1-75Miroslav Grepl 3.12.1-74Miroslav Grepl 3.12.1-73Miroslav Grepl 3.12.1-72Miroslav Grepl 3.12.1-71Miroslav Grepl 3.12.1-70Miroslav Grepl 3.12.1-69Miroslav Grepl 3.12.1-68Miroslav Grepl 3.12.1-67Miroslav Grepl 3.12.1-66Miroslav Grepl 3.12.1-65Miroslav Grepl 3.12.1-64Miroslav Grepl 3.12.1-63Miroslav Grepl 3.12.1-62Miroslav Grepl 3.12.1-61Miroslav Grepl 3.12.1-60Miroslav Grepl 3.12.1-59Miroslav Grepl 3.12.1-58Miroslav Grepl 3.12.1-57Miroslav Grepl 3.12.1-56Miroslav Grepl 3.12.1-55Miroslav Grepl 3.12.1-54Miroslav Grepl 3.12.1-53Miroslav Grepl 3.12.1-52Miroslav Grepl 3.12.1-51Miroslav Grepl 3.12.1-50Miroslav Grepl 3.12.1-49Miroslav Grepl 3.12.1-48Miroslav Grepl 3.12.1-47Miroslav Grepl 3.12.1-46Miroslav Grepl 3.12.1-45Miroslav Grepl 3.12.1-44Miroslav Grepl 3.12.1-43Miroslav Grepl 3.12.1-42Miroslav Grepl 3.12.1-41Miroslav Grepl 3.12.1-40Miroslav Grepl 3.12.1-39Miroslav Grepl 3.12.1-38Miroslav Grepl 3.12.1-37Miroslav Grepl 3.12.1-36Miroslav Grepl 3.12.1-35Miroslav Grepl 3.12.1-34Miroslav Grepl 3.12.1-33Miroslav Grepl 3.12.1-32Miroslav Grepl 3.12.1-31Miroslav Grepl 3.12.1-30Miroslav Grepl 3.12.1-29Dan Walsh 3.12.1-28Dan Walsh 3.12.1-27Miroslav Grepl 3.12.1-26Miroslav Grepl 3.12.1-25Miroslav Grepl 3.12.1-24Miroslav Grepl 3.12.1-23Miroslav Grepl 3.12.1-22Miroslav Grepl 3.12.1-21Miroslav Grepl 3.12.1-20Miroslav Grepl 3.12.1-19Miroslav Grepl 3.12.1-18Miroslav Grepl 3.12.1-17Miroslav Grepl 3.12.1-16Miroslav Grepl 3.12.1-15Miroslav Grepl 3.12.1-14Miroslav Grepl 3.12.1-13Miroslav Grepl 3.12.1-12Miroslav Grepl 3.12.1-11Miroslav Grepl 3.12.1-10Miroslav Grepl 3.12.1-9Miroslav Grepl 3.12.1-8Miroslav Grepl 3.12.1-7Miroslav Grepl 3.12.1-6Miroslav Grepl 3.12.1-5Miroslav Grepl 3.12.1-4Miroslav Grepl 3.12.1-3Miroslav Grepl 3.12.1-2Miroslav Grepl 3.12.1-1Dan Walsh 3.11.1-69.1Miroslav Grepl 3.11.1-69Miroslav Grepl 3.11.1-68Miroslav Grepl 3.11.1-67Miroslav Grepl 3.11.1-66Miroslav Grepl 3.11.1-65Miroslav Grepl 3.11.1-64Miroslav Grepl 3.11.1-63Miroslav Grepl 3.11.1-62Miroslav Grepl 3.11.1-61Miroslav Grepl 3.11.1-60Miroslav Grepl 3.11.1-59Miroslav Grepl 3.11.1-58Miroslav Grepl 3.11.1-57Miroslav Grepl 3.11.1-56Miroslav Grepl 3.11.1-55Miroslav Grepl 3.11.1-54Miroslav Grepl 3.11.1-53Miroslav Grepl 3.11.1-52Miroslav Grepl 3.11.1-51Miroslav Grepl 3.11.1-50Miroslav Grepl 3.11.1-49Miroslav Grepl 3.11.1-48Miroslav Grepl 3.11.1-47Miroslav Grepl 3.11.1-46Miroslav Grepl 3.11.1-45Miroslav Grepl 3.11.1-44Miroslav Grepl 3.11.1-43Miroslav Grepl 3.11.1-42Miroslav Grepl 3.11.1-41Miroslav Grepl 3.11.1-40Miroslav Grepl 3.11.1-39Miroslav Grepl 3.11.1-38Miroslav Grepl 3.11.1-37Miroslav Grepl 3.11.1-36Miroslav Grepl 3.11.1-35Miroslav Grepl 3.11.1-34Miroslav Grepl 3.11.1-33Miroslav Grepl 3.11.1-32Miroslav Grepl 3.11.1-31Miroslav Grepl 3.11.1-30Miroslav Grepl 3.11.1-29Miroslav Grepl 3.11.1-28Miroslav Grepl 3.11.1-27Miroslav Grepl 3.11.1-26Miroslav Grepl 3.11.1-25Miroslav Grepl 3.11.1-24Miroslav Grepl 3.11.1-23Miroslav Grepl 3.11.1-22Miroslav Grepl 3.11.1-21Miroslav Grepl 3.11.1-20Miroslav Grepl 3.11.1-19Miroslav Grepl 3.11.1-18Miroslav Grepl 3.11.1-17Miroslav Grepl 3.11.1-16Dan Walsh 3.11.1-15Miroslav Grepl 3.11.1-14Dan Walsh 3.11.1-13Miroslav Grepl 3.11.1-12Miroslav Grepl 3.11.1-11Miroslav Grepl 3.11.1-10Dan Walsh 3.11.1-9Dan Walsh 3.11.1-8Dan Walsh 3.11.1-7Dan Walsh 3.11.1-6Miroslav Grepl 3.11.1-5Miroslav Grepl 3.11.1-4Miroslav Grepl 3.11.1-3Miroslav Grepl 3.11.1-2Miroslav Grepl 3.11.1-1Miroslav Grepl 3.11.1-0Miroslav Grepl 3.11.0-15Miroslav Grepl 3.11.0-14Miroslav Grepl 3.11.0-13Miroslav Grepl 3.11.0-12Fedora Release Engineering - 3.11.0-11Miroslav Grepl 3.11.0-10Miroslav Grepl 3.11.0-9Miroslav Grepl 3.11.0-8Miroslav Grepl 3.11.0-7Miroslav Grepl 3.11.0-6Miroslav Grepl 3.11.0-5Miroslav Grepl 3.11.0-4Miroslav Grepl 3.11.0-3Miroslav Grepl 3.11.0-2Miroslav Grepl 3.11.0-1Miroslav Grepl 3.10.0-128Miroslav Grepl 3.10.0-127Miroslav Grepl 3.10.0-126Miroslav Grepl 3.10.0-125Miroslav Grepl 3.10.0-124Miroslav Grepl 3.10.0-123Miroslav Grepl 3.10.0-122Miroslav Grepl 3.10.0-121Miroslav Grepl 3.10.0-120Miroslav Grepl 3.10.0-119Miroslav Grepl 3.10.0-118Miroslav Grepl 3.10.0-117Miroslav Grepl 3.10.0-116Miroslav Grepl 3.10.0-115Miroslav Grepl 3.10.0-114Miroslav Grepl 3.10.0-113Miroslav Grepl 3.10.0-112Miroslav Grepl 3.10.0-111Miroslav Grepl 3.10.0-110Miroslav Grepl 3.10.0-109Miroslav Grepl 3.10.0-108Miroslav Grepl 3.10.0-107Miroslav Grepl 3.10.0-106Miroslav Grepl 3.10.0-105Miroslav Grepl 3.10.0-104Miroslav Grepl 3.10.0-103Miroslav Grepl 3.10.0-102Miroslav Grepl 3.10.0-101Miroslav Grepl 3.10.0-100Miroslav Grepl 3.10.0-99Miroslav Grepl 3.10.0-98Miroslav Grepl 3.10.0-97Miroslav Grepl 3.10.0-96Miroslav Grepl 3.10.0-95Miroslav Grepl 3.10.0-94Miroslav Grepl 3.10.0-93Miroslav Grepl 3.10.0-92Miroslav Grepl 3.10.0-91Miroslav Grepl 3.10.0-90Miroslav Grepl 3.10.0-89Miroslav Grepl 3.10.0-88Miroslav Grepl 3.10.0-87Miroslav Grepl 3.10.0-86Miroslav Grepl 3.10.0-85Miroslav Grepl 3.10.0-84Miroslav Grepl 3.10.0-83Miroslav Grepl 3.10.0-82Dan Walsh 3.10.0-81.2Miroslav Grepl 3.10.0-81Miroslav Grepl 3.10.0-80Miroslav Grepl 3.10.0-79Miroslav Grepl 3.10.0-78Miroslav Grepl 3.10.0-77Miroslav Grepl 3.10.0-76Miroslav Grepl 3.10.0-75Dan Walsh 3.10.0-74.2Miroslav Grepl 3.10.0-74Miroslav Grepl 3.10.0-73Miroslav Grepl 3.10.0-72Miroslav Grepl 3.10.0-71Miroslav Grepl 3.10.0-70Miroslav Grepl 3.10.0-69Miroslav Grepl 3.10.0-68Miroslav Grepl 3.10.0-67Miroslav Grepl 3.10.0-66Miroslav Grepl 3.10.0-65Miroslav Grepl 3.10.0-64Miroslav Grepl 3.10.0-63Miroslav Grepl 3.10.0-59Miroslav Grepl 3.10.0-58Dan Walsh 3.10.0-57Dan Walsh 3.10.0-56Dan Walsh 3.10.0-55.2Dan Walsh 3.10.0-55.1Miroslav Grepl 3.10.0-55Dan Walsh 3.10.0-54.1Miroslav Grepl 3.10.0-54Dan Walsh 3.10.0-53.1Miroslav Grepl 3.10.0-53Miroslav Grepl 3.10.0-52Miroslav Grepl 3.10.0-51Dan Walsh 3.10.0-50.2Dan Walsh 3.10.0-50.1Miroslav Grepl 3.10.0-50Miroslav Grepl 3.10.0-49Miroslav Grepl 3.10.0-48Miroslav Grepl 3.10.0-47Dan Walsh 3.10.0-46.1Miroslav Grepl 3.10.0-46Dan Walsh 3.10.0-45.1Miroslav Grepl 3.10.0-45Miroslav Grepl 3.10.0-43Miroslav Grepl 3.10.0-42Miroslav Grepl 3.10.0-41Dan Walsh 3.10.0-40.2Miroslav Grepl 3.10.0-40Dan Walsh 3.10.0-39.3Dan Walsh 3.10.0-39.2Dan Walsh 3.10.0-39.1Miroslav Grepl 3.10.0-39Dan Walsh 3.10.0-38.1Miroslav Grepl 3.10.0-38Miroslav Grepl 3.10.0-37Dan Walsh 3.10.0-36.1Miroslav Grepl 3.10.0-36Dan Walsh 3.10.0-35Dan Walsh 3.10.0-34.7Dan Walsh 3.10.0-34.6Dan Walsh 3.10.0-34.4Miroslav Grepl 3.10.0-34.3Dan Walsh 3.10.0-34.2Dan Walsh 3.10.0-34.1Miroslav Grepl 3.10.0-34Miroslav Grepl 3.10.0-33Dan Walsh 3.10.0-31.1Miroslav Grepl 3.10.0-31Miroslav Grepl 3.10.0-29Miroslav Grepl 3.10.0-28Miroslav Grepl 3.10.0-27Miroslav Grepl 3.10.0-26Miroslav Grepl 3.10.0-25Miroslav Grepl 3.10.0-24Miroslav Grepl 3.10.0-23Miroslav Grepl 3.10.0-22Miroslav Grepl 3.10.0-21Dan Walsh 3.10.0-20Miroslav Grepl 3.10.0-19Miroslav Grepl 3.10.0-18Miroslav Grepl 3.10.0-17Miroslav Grepl 3.10.0-16Miroslav Grepl 3.10.0-14Miroslav Grepl 3.10.0-13Miroslav Grepl 3.10.0-12Miroslav Grepl 3.10.0-11Miroslav Grepl 3.10.0-10Miroslav Grepl 3.10.0-9Miroslav Grepl 3.10.0-8Miroslav Grepl 3.10.0-7Miroslav Grepl 3.10.0-6Miroslav Grepl 3.10.0-5Miroslav Grepl 3.10.0-4Miroslav Grepl 3.10.0-3Miroslav Grepl 3.10.0-2Miroslav Grepl 3.10.0-1Miroslav Grepl 3.9.16-30Dan Walsh 3.9.16-29.1Miroslav Grepl 3.9.16-29Dan Walsh 3.9.16-28.1Miroslav Grepl 3.9.16-27Miroslav Grepl 3.9.16-26Miroslav Grepl 3.9.16-25Miroslav Grepl 3.9.16-24Miroslav Grepl 3.9.16-23Miroslav Grepl 3.9.16-22Miroslav Grepl 3.9.16-21Miroslav Grepl 3.9.16-20Miroslav Grepl 3.9.16-19Miroslav Grepl 3.9.16-18Miroslav Grepl 3.9.16-17Dan Walsh 3.9.16-16.1Miroslav Grepl 3.9.16-16Miroslav Grepl 3.9.16-15Miroslav Grepl 3.9.16-14Miroslav Grepl 3.9.16-13Miroslav Grepl 3.9.16-12Miroslav Grepl 3.9.16-11Miroslav Grepl 3.9.16-10Miroslav Grepl 3.9.16-7Miroslav Grepl 3.9.16-6Miroslav Grepl 3.9.16-5Miroslav Grepl 3.9.16-4Miroslav Grepl 3.9.16-3Miroslav Grepl 3.9.16-2Miroslav Grepl 3.9.16-1Miroslav Grepl 3.9.15-5Miroslav Grepl 3.9.15-2Miroslav Grepl 3.9.15-1Fedora Release Engineering - 3.9.14-2Dan Walsh 3.9.14-1Miroslav Grepl 3.9.13-10Miroslav Grepl 3.9.13-9Dan Walsh 3.9.13-8Miroslav Grepl 3.9.13-7Miroslav Grepl 3.9.13-6Miroslav Grepl 3.9.13-5Miroslav Grepl 3.9.13-4Miroslav Grepl 3.9.13-3Miroslav Grepl 3.9.13-2Miroslav Grepl 3.9.13-1Miroslav Grepl 3.9.12-8Miroslav Grepl 3.9.12-7Miroslav Grepl 3.9.12-6Miroslav Grepl 3.9.12-5Dan Walsh 3.9.12-4Dan Walsh 3.9.12-3Dan Walsh 3.9.12-2Miroslav Grepl 3.9.12-1Dan Walsh 3.9.11-2Miroslav Grepl 3.9.11-1Miroslav Grepl 3.9.10-13Dan Walsh 3.9.10-12Miroslav Grepl 3.9.10-11Miroslav Grepl 3.9.10-10Miroslav Grepl 3.9.10-9Miroslav Grepl 3.9.10-8Miroslav Grepl 3.9.10-7Miroslav Grepl 3.9.10-6Miroslav Grepl 3.9.10-5Dan Walsh 3.9.10-4Miroslav Grepl 3.9.10-3Miroslav Grepl 3.9.10-2Miroslav Grepl 3.9.10-1Miroslav Grepl 3.9.9-4Dan Walsh 3.9.9-3Miroslav Grepl 3.9.9-2Miroslav Grepl 3.9.9-1Miroslav Grepl 3.9.8-7Dan Walsh 3.9.8-6Miroslav Grepl 3.9.8-5Miroslav Grepl 3.9.8-4Dan Walsh 3.9.8-3Dan Walsh 3.9.8-2Dan Walsh 3.9.8-1Dan Walsh 3.9.7-10Dan Walsh 3.9.7-9Dan Walsh 3.9.7-8Dan Walsh 3.9.7-7Dan Walsh 3.9.7-6Dan Walsh 3.9.7-5Dan Walsh 3.9.7-4Dan Walsh 3.9.7-3Dan Walsh 3.9.7-2Dan Walsh 3.9.7-1Dan Walsh 3.9.6-3Dan Walsh 3.9.6-2Dan Walsh 3.9.6-1Dan Walsh 3.9.5-11Dan Walsh 3.9.5-10Dan Walsh 3.9.5-9Dan Walsh 3.9.5-8Dan Walsh 3.9.5-7Dan Walsh 3.9.5-6Dan Walsh 3.9.5-5Dan Walsh 3.9.5-4Dan Walsh 3.9.5-3Dan Walsh 3.9.5-2Dan Walsh 3.9.5-1Dan Walsh 3.9.4-3Dan Walsh 3.9.4-2Dan Walsh 3.9.4-1Dan Walsh 3.9.3-4Dan Walsh 3.9.3-3Dan Walsh 3.9.3-2Dan Walsh 3.9.3-1Dan Walsh 3.9.2-1Dan Walsh 3.9.1-3Dan Walsh 3.9.1-2Dan Walsh 3.9.1-1Dan Walsh 3.9.0-2Dan Walsh 3.9.0-1Dan Walsh 3.8.8-21Dan Walsh 3.8.8-20Dan Walsh 3.8.8-19Dan Walsh 3.8.8-18Dan Walsh 3.8.8-17Dan Walsh 3.8.8-16Dan Walsh 3.8.8-15Dan Walsh 3.8.8-14Dan Walsh 3.8.8-13Dan Walsh 3.8.8-12Dan Walsh 3.8.8-11Dan Walsh 3.8.8-10Dan Walsh 3.8.8-9Dan Walsh 3.8.8-8Dan Walsh 3.8.8-7Dan Walsh 3.8.8-6Dan Walsh 3.8.8-5Dan Walsh 3.8.8-4Dan Walsh 3.8.8-3Dan Walsh 3.8.8-2Dan Walsh 3.8.8-1Dan Walsh 3.8.7-3Dan Walsh 3.8.7-2Dan Walsh 3.8.7-1Dan Walsh 3.8.6-3Miroslav Grepl 3.8.6-2Dan Walsh 3.8.6-1Dan Walsh 3.8.5-1Dan Walsh 3.8.4-1Dan Walsh 3.8.3-4Dan Walsh 3.8.3-3Dan Walsh 3.8.3-2Dan Walsh 3.8.3-1Dan Walsh 3.8.2-1Dan Walsh 3.8.1-5Dan Walsh 3.8.1-4Dan Walsh 3.8.1-3Dan Walsh 3.8.1-2Dan Walsh 3.8.1-1Dan Walsh 3.7.19-22Dan Walsh 3.7.19-21Dan Walsh 3.7.19-20Dan Walsh 3.7.19-19Dan Walsh 3.7.19-17Dan Walsh 3.7.19-16Dan Walsh 3.7.19-15Dan Walsh 3.7.19-14Dan Walsh 3.7.19-13Dan Walsh 3.7.19-12Dan Walsh 3.7.19-11Dan Walsh 3.7.19-10Dan Walsh 3.7.19-9Dan Walsh 3.7.19-8Dan Walsh 3.7.19-7Dan Walsh 3.7.19-6Dan Walsh 3.7.19-5Dan Walsh 3.7.19-4Dan Walsh 3.7.19-3Dan Walsh 3.7.19-2Dan Walsh 3.7.19-1Dan Walsh 3.7.18-3Dan Walsh 3.7.18-2Dan Walsh 3.7.18-1Dan Walsh 3.7.17-6Dan Walsh 3.7.17-5Dan Walsh 3.7.17-4Dan Walsh 3.7.17-3Dan Walsh 3.7.17-2Dan Walsh 3.7.17-1Dan Walsh 3.7.16-2Dan Walsh 3.7.16-1Dan Walsh 3.7.15-4Dan Walsh 3.7.15-3Dan Walsh 3.7.15-2Dan Walsh 3.7.15-1Dan Walsh 3.7.14-5Dan Walsh 3.7.14-4Dan Walsh 3.7.14-3Dan Walsh 3.7.14-2Dan Walsh 3.7.14-1Dan Walsh 3.7.13-4Dan Walsh 3.7.13-3Dan Walsh 3.7.13-2Dan Walsh 3.7.13-1Dan Walsh 3.7.12-1Dan Walsh 3.7.11-1Dan Walsh 3.7.10-5Dan Walsh 3.7.10-4Dan Walsh 3.7.10-3Dan Walsh 3.7.10-2Dan Walsh 3.7.10-1Dan Walsh 3.7.9-4Dan Walsh 3.7.9-3Dan Walsh 3.7.9-2Dan Walsh 3.7.9-1Dan Walsh 3.7.8-11Dan Walsh 3.7.8-9Dan Walsh 3.7.8-8Dan Walsh 3.7.8-7Dan Walsh 3.7.8-6Dan Walsh 3.7.8-5Dan Walsh 3.7.8-4Dan Walsh 3.7.8-3Dan Walsh 3.7.8-2Dan Walsh 3.7.8-1Dan Walsh 3.7.7-3Dan Walsh 3.7.7-2Dan Walsh 3.7.7-1Dan Walsh 3.7.6-1Dan Walsh 3.7.5-8Dan Walsh 3.7.5-7Dan Walsh 3.7.5-6Dan Walsh 3.7.5-5Dan Walsh 3.7.5-4Dan Walsh 3.7.5-3Dan Walsh 3.7.5-2Dan Walsh 3.7.5-1Dan Walsh 3.7.4-4Dan Walsh 3.7.4-3Dan Walsh 3.7.4-2Dan Walsh 3.7.4-1Dan Walsh 3.7.3-1Dan Walsh 3.7.1-1Dan Walsh 3.6.33-2Dan Walsh 3.6.33-1Dan Walsh 3.6.32-17Dan Walsh 3.6.32-16Dan Walsh 3.6.32-15Dan Walsh 3.6.32-13Dan Walsh 3.6.32-12Dan Walsh 3.6.32-11Dan Walsh 3.6.32-10Dan Walsh 3.6.32-9Dan Walsh 3.6.32-8Dan Walsh 3.6.32-7Dan Walsh 3.6.32-6Dan Walsh 3.6.32-5Dan Walsh 3.6.32-4Dan Walsh 3.6.32-3Dan Walsh 3.6.32-2Dan Walsh 3.6.32-1Dan Walsh 3.6.31-5Dan Walsh 3.6.31-4Dan Walsh 3.6.31-3Dan Walsh 3.6.31-2Dan Walsh 3.6.30-6Dan Walsh 3.6.30-5Dan Walsh 3.6.30-4Dan Walsh 3.6.30-3Dan Walsh 3.6.30-2Dan Walsh 3.6.30-1Dan Walsh 3.6.29-2Dan Walsh 3.6.29-1Dan Walsh 3.6.28-9Dan Walsh 3.6.28-8Dan Walsh 3.6.28-7Dan Walsh 3.6.28-6Dan Walsh 3.6.28-5Dan Walsh 3.6.28-4Dan Walsh 3.6.28-3Dan Walsh 3.6.28-2Dan Walsh 3.6.28-1Dan Walsh 3.6.27-1Dan Walsh 3.6.26-11Dan Walsh 3.6.26-10Dan Walsh 3.6.26-9Bill Nottingham 3.6.26-8Dan Walsh 3.6.26-7Dan Walsh 3.6.26-6Dan Walsh 3.6.26-5Dan Walsh 3.6.26-4Dan Walsh 3.6.26-3Dan Walsh 3.6.26-2Dan Walsh 3.6.26-1Dan Walsh 3.6.25-1Dan Walsh 3.6.24-1Dan Walsh 3.6.23-2Dan Walsh 3.6.23-1Dan Walsh 3.6.22-3Dan Walsh 3.6.22-1Dan Walsh 3.6.21-4Dan Walsh 3.6.21-3Tom "spot" Callaway 3.6.21-2Dan Walsh 3.6.21-1Dan Walsh 3.6.20-2Dan Walsh 3.6.20-1Dan Walsh 3.6.19-5Dan Walsh 3.6.19-4Dan Walsh 3.6.19-3Dan Walsh 3.6.19-2Dan Walsh 3.6.19-1Dan Walsh 3.6.18-1Dan Walsh 3.6.17-1Dan Walsh 3.6.16-4Dan Walsh 3.6.16-3Dan Walsh 3.6.16-2Dan Walsh 3.6.16-1Dan Walsh 3.6.14-3Dan Walsh 3.6.14-2Dan Walsh 3.6.14-1Dan Walsh 3.6.13-3Dan Walsh 3.6.13-2Dan Walsh 3.6.13-1Dan Walsh 3.6.12-39Dan Walsh 3.6.12-38Dan Walsh 3.6.12-37Dan Walsh 3.6.12-36Dan Walsh 3.6.12-35Dan Walsh 3.6.12-34Dan Walsh 3.6.12-33Dan Walsh 3.6.12-31Dan Walsh 3.6.12-30Dan Walsh 3.6.12-29Dan Walsh 3.6.12-28Dan Walsh 3.6.12-27Dan Walsh 3.6.12-26Dan Walsh 3.6.12-25Dan Walsh 3.6.12-24Dan Walsh 3.6.12-23Dan Walsh 3.6.12-22Dan Walsh 3.6.12-21Dan Walsh 3.6.12-20Dan Walsh 3.6.12-19Dan Walsh 3.6.12-16Dan Walsh 3.6.12-15Dan Walsh 3.6.12-14Dan Walsh 3.6.12-13Dan Walsh 3.6.12-12Dan Walsh 3.6.12-11Dan Walsh 3.6.12-10Dan Walsh 3.6.12-9Dan Walsh 3.6.12-8Dan Walsh 3.6.12-7Dan Walsh 3.6.12-6Dan Walsh 3.6.12-5Dan Walsh 3.6.12-4Dan Walsh 3.6.12-3Dan Walsh 3.6.12-2Dan Walsh 3.6.12-1Dan Walsh 3.6.11-1Dan Walsh 3.6.10-9Dan Walsh 3.6.10-8Dan Walsh 3.6.10-7Dan Walsh 3.6.10-6Dan Walsh 3.6.10-5Dan Walsh 3.6.10-4Dan Walsh 3.6.10-3Dan Walsh 3.6.10-2Dan Walsh 3.6.10-1Dan Walsh 3.6.9-4Dan Walsh 3.6.9-3Dan Walsh 3.6.9-2Dan Walsh 3.6.9-1Dan Walsh 3.6.8-4Dan Walsh 3.6.8-3Dan Walsh 3.6.8-2Dan Walsh 3.6.8-1Dan Walsh 3.6.7-2Dan Walsh 3.6.7-1Dan Walsh 3.6.6-9Dan Walsh 3.6.6-8Fedora Release Engineering - 3.6.6-7Dan Walsh 3.6.6-6Dan Walsh 3.6.6-5Dan Walsh 3.6.6-4Dan Walsh 3.6.6-3Dan Walsh 3.6.6-2Dan Walsh 3.6.6-1Dan Walsh 3.6.5-3Dan Walsh 3.6.5-1Dan Walsh 3.6.4-6Dan Walsh 3.6.4-5Dan Walsh 3.6.4-4Dan Walsh 3.6.4-3Dan Walsh 3.6.4-2Dan Walsh 3.6.4-1Dan Walsh 3.6.3-13Dan Walsh 3.6.3-12Dan Walsh 3.6.3-11Dan Walsh 3.6.3-10Dan Walsh 3.6.3-9Dan Walsh 3.6.3-8Dan Walsh 3.6.3-7Dan Walsh 3.6.3-6Dan Walsh 3.6.3-3Dan Walsh 3.6.3-2Dan Walsh 3.6.3-1Dan Walsh 3.6.2-5Dan Walsh 3.6.2-4Dan Walsh 3.6.2-3Dan Walsh 3.6.2-2Dan Walsh 3.6.2-1Dan Walsh 3.6.1-15Dan Walsh 3.6.1-14Dan Walsh 3.6.1-13Dan Walsh 3.6.1-12Dan Walsh 3.6.1-11Dan Walsh 3.6.1-10Dan Walsh 3.6.1-9Dan Walsh 3.6.1-8Dan Walsh 3.6.1-7Dan Walsh 3.6.1-4Ignacio Vazquez-Abrams - 3.6.1-2Dan Walsh 3.5.13-19Dan Walsh 3.5.13-18Dan Walsh 3.5.13-17Dan Walsh 3.5.13-16Dan Walsh 3.5.13-15Dan Walsh 3.5.13-14Dan Walsh 3.5.13-13Dan Walsh 3.5.13-12Dan Walsh 3.5.13-11Dan Walsh 3.5.13-9Dan Walsh 3.5.13-8Dan Walsh 3.5.13-7Dan Walsh 3.5.13-6Dan Walsh 3.5.13-5Dan Walsh 3.5.13-4Dan Walsh 3.5.13-3Dan Walsh 3.5.13-2Dan Walsh 3.5.13-1Dan Walsh 3.5.12-3Dan Walsh 3.5.12-2Dan Walsh 3.5.12-1Dan Walsh 3.5.11-1Dan Walsh 3.5.10-3Dan Walsh 3.5.10-2Dan Walsh 3.5.10-1Dan Walsh 3.5.9-4Dan Walsh 3.5.9-3Dan Walsh 3.5.9-2Dan Walsh 3.5.9-1Dan Walsh 3.5.8-7Dan Walsh 3.5.8-6Dan Walsh 3.5.8-5Dan Walsh 3.5.8-4Dan Walsh 3.5.8-3Dan Walsh 3.5.8-1Dan Walsh 3.5.7-2Dan Walsh 3.5.7-1Dan Walsh 3.5.6-2Dan Walsh 3.5.6-1Dan Walsh 3.5.5-4Dan Walsh 3.5.5-3Dan Walsh 3.5.5-2Dan Walsh 3.5.4-2Dan Walsh 3.5.4-1Dan Walsh 3.5.3-1Dan Walsh 3.5.2-2Dan Walsh 3.5.1-5Dan Walsh 3.5.1-4Dan Walsh 3.5.1-3Dan Walsh 3.5.1-2Dan Walsh 3.5.1-1Dan Walsh 3.5.0-1Dan Walsh 3.4.2-14Dan Walsh 3.4.2-13Dan Walsh 3.4.2-12Dan Walsh 3.4.2-11Dan Walsh 3.4.2-10Dan Walsh 3.4.2-9Dan Walsh 3.4.2-8Dan Walsh 3.4.2-7Dan Walsh 3.4.2-6Dan Walsh 3.4.2-5Dan Walsh 3.4.2-4Dan Walsh 3.4.2-3Dan Walsh 3.4.2-2Dan Walsh 3.4.2-1Dan Walsh 3.4.1-5Dan Walsh 3.4.1-3Dan Walsh 3.4.1-2Dan Walsh 3.4.1-1Dan Walsh 3.3.1-48Dan Walsh 3.3.1-47Dan Walsh 3.3.1-46Dan Walsh 3.3.1-45Dan Walsh 3.3.1-44Dan Walsh 3.3.1-43Dan Walsh 3.3.1-42Dan Walsh 3.3.1-41Dan Walsh 3.3.1-39Dan Walsh 3.3.1-37Dan Walsh 3.3.1-36Dan Walsh 3.3.1-33Dan Walsh 3.3.1-32Dan Walsh 3.3.1-31Dan Walsh 3.3.1-30Dan Walsh 3.3.1-29Dan Walsh 3.3.1-28Dan Walsh 3.3.1-27Dan Walsh 3.3.1-26Dan Walsh 3.3.1-25Dan Walsh 3.3.1-24Dan Walsh 3.3.1-23Dan Walsh 3.3.1-22Dan Walsh 3.3.1-21Dan Walsh 3.3.1-20Dan Walsh 3.3.1-19Dan Walsh 3.3.1-18Dan Walsh 3.3.1-17Dan Walsh 3.3.1-16Dan Walsh 3.3.1-15Bill Nottingham 3.3.1-14Dan Walsh 3.3.1-13Dan Walsh 3.3.1-12Dan Walsh 3.3.1-11Dan Walsh 3.3.1-10Dan Walsh 3.3.1-9Dan Walsh 3.3.1-8Dan Walsh 3.3.1-6Dan Walsh 3.3.1-5Dan Walsh 3.3.1-4Dan Walsh 3.3.1-2Dan Walsh 3.3.1-1Dan Walsh 3.3.0-2Dan Walsh 3.3.0-1Dan Walsh 3.2.9-2Dan Walsh 3.2.9-1Dan Walsh 3.2.8-2Dan Walsh 3.2.8-1Dan Walsh 3.2.7-6Dan Walsh 3.2.7-5Dan Walsh 3.2.7-3Dan Walsh 3.2.7-2Dan Walsh 3.2.7-1Dan Walsh 3.2.6-7Dan Walsh 3.2.6-6Dan Walsh 3.2.6-5Dan Walsh 3.2.6-4Dan Walsh 3.2.6-3Dan Walsh 3.2.6-2Dan Walsh 3.2.6-1Dan Walsh 3.2.5-25Dan Walsh 3.2.5-24Dan Walsh 3.2.5-22Dan Walsh 3.2.5-21Dan Walsh 3.2.5-20Dan Walsh 3.2.5-19Dan Walsh 3.2.5-18Dan Walsh 3.2.5-17Dan Walsh 3.2.5-16Dan Walsh 3.2.5-15Dan Walsh 3.2.5-14Dan Walsh 3.2.5-13Dan Walsh 3.2.5-12Dan Walsh 3.2.5-11Dan Walsh 3.2.5-10Dan Walsh 3.2.5-9Dan Walsh 3.2.5-8Dan Walsh 3.2.5-7Dan Walsh 3.2.5-6Dan Walsh 3.2.5-5Dan Walsh 3.2.5-4Dan Walsh 3.2.5-3Dan Walsh 3.2.5-2Dan Walsh 3.2.5-1Dan Walsh 3.2.4-5Dan Walsh 3.2.4-4Dan Walsh 3.2.4-3Dan Walsh 3.2.4-1Dan Walsh 3.2.4-1Dan Walsh 3.2.3-2Dan Walsh 3.2.3-1Dan Walsh 3.2.2-1Dan Walsh 3.2.1-3Dan Walsh 3.2.1-1Dan Walsh 3.1.2-2Dan Walsh 3.1.2-1Dan Walsh 3.1.1-1Dan Walsh 3.1.0-1Dan Walsh 3.0.8-30Dan Walsh 3.0.8-28Dan Walsh 3.0.8-27Dan Walsh 3.0.8-26Dan Walsh 3.0.8-25Dan Walsh 3.0.8-24Dan Walsh 3.0.8-23Dan Walsh 3.0.8-22Dan Walsh 3.0.8-21Dan Walsh 3.0.8-20Dan Walsh 3.0.8-19Dan Walsh 3.0.8-18Dan Walsh 3.0.8-17Dan Walsh 3.0.8-16Dan Walsh 3.0.8-15Dan Walsh 3.0.8-14Dan Walsh 3.0.8-13Dan Walsh 3.0.8-12Dan Walsh 3.0.8-11Dan Walsh 3.0.8-10Dan Walsh 3.0.8-9Dan Walsh 3.0.8-8Dan Walsh 3.0.8-7Dan Walsh 3.0.8-5Dan Walsh 3.0.8-4Dan Walsh 3.0.8-3Dan Walsh 3.0.8-2Dan Walsh 3.0.8-1Dan Walsh 3.0.7-10Dan Walsh 3.0.7-9Dan Walsh 3.0.7-8Dan Walsh 3.0.7-7Dan Walsh 3.0.7-6Dan Walsh 3.0.7-5Dan Walsh 3.0.7-4Dan Walsh 3.0.7-3Dan Walsh 3.0.7-2Dan Walsh 3.0.7-1Dan Walsh 3.0.6-3Dan Walsh 3.0.6-2Dan Walsh 3.0.6-1Dan Walsh 3.0.5-11Dan Walsh 3.0.5-10Dan Walsh 3.0.5-9Dan Walsh 3.0.5-8Dan Walsh 3.0.5-7Dan Walsh 3.0.5-6Dan Walsh 3.0.5-5Dan Walsh 3.0.5-4Dan Walsh 3.0.5-3Dan Walsh 3.0.5-2Dan Walsh 3.0.5-1Dan Walsh 3.0.4-6Dan Walsh 3.0.4-5Dan Walsh 3.0.4-4Dan Walsh 3.0.4-3Dan Walsh 3.0.4-2Dan Walsh 3.0.4-1Dan Walsh 3.0.3-6Dan Walsh 3.0.3-5Dan Walsh 3.0.3-4Dan Walsh 3.0.3-3Dan Walsh 3.0.3-2Dan Walsh 3.0.3-1Dan Walsh 3.0.2-9Dan Walsh 3.0.2-8Dan Walsh 3.0.2-7Dan Walsh 3.0.2-5Dan Walsh 3.0.2-4Dan Walsh 3.0.2-3Dan Walsh 3.0.2-2Dan Walsh 3.0.1-5Dan Walsh 3.0.1-4Dan Walsh 3.0.1-3Dan Walsh 3.0.1-2Dan Walsh 3.0.1-1Dan Walsh 2.6.5-3Dan Walsh 2.6.5-2Dan Walsh 2.6.4-7Dan Walsh 2.6.4-6Dan Walsh 2.6.4-5Dan Walsh 2.6.4-2Dan Walsh 2.6.4-1Dan Walsh 2.6.3-1Dan Walsh 2.6.2-1Dan Walsh 2.6.1-4Dan Walsh 2.6.1-2Dan Walsh 2.6.1-1Dan Walsh 2.5.12-12Dan Walsh 2.5.12-11Dan Walsh 2.5.12-10Dan Walsh 2.5.12-8Dan Walsh 2.5.12-5Dan Walsh 2.5.12-4Dan Walsh 2.5.12-3Dan Walsh 2.5.12-2Dan Walsh 2.5.12-1Dan Walsh 2.5.11-8Dan Walsh 2.5.11-7Dan Walsh 2.5.11-6Dan Walsh 2.5.11-5Dan Walsh 2.5.11-4Dan Walsh 2.5.11-3Dan Walsh 2.5.11-2Dan Walsh 2.5.11-1Dan Walsh 2.5.10-2Dan Walsh 2.5.10-1Dan Walsh 2.5.9-6Dan Walsh 2.5.9-5Dan Walsh 2.5.9-4Dan Walsh 2.5.9-3Dan Walsh 2.5.9-2Dan Walsh 2.5.8-8Dan Walsh 2.5.8-7Dan Walsh 2.5.8-6Dan Walsh 2.5.8-5Dan Walsh 2.5.8-4Dan Walsh 2.5.8-3Dan Walsh 2.5.8-2Dan Walsh 2.5.8-1Dan Walsh 2.5.7-1Dan Walsh 2.5.6-1Dan Walsh 2.5.5-2Dan Walsh 2.5.5-1Dan Walsh 2.5.4-2Dan Walsh 2.5.4-1Dan Walsh 2.5.3-3Dan Walsh 2.5.3-2Dan Walsh 2.5.3-1Dan Walsh 2.5.2-6Dan Walsh 2.5.2-5Dan Walsh 2.5.2-4Dan Walsh 2.5.2-3Dan Walsh 2.5.2-2Dan Walsh 2.5.2-1Dan Walsh 2.5.1-5Dan Walsh 2.5.1-4Dan Walsh 2.5.1-2Dan Walsh 2.5.1-1Dan Walsh 2.4.6-20Dan Walsh 2.4.6-19Dan Walsh 2.4.6-18Dan Walsh 2.4.6-17Dan Walsh 2.4.6-16Dan Walsh 2.4.6-15Dan Walsh 2.4.6-14Dan Walsh 2.4.6-13Dan Walsh 2.4.6-12Dan Walsh 2.4.6-11Dan Walsh 2.4.6-10Dan Walsh 2.4.6-9Dan Walsh 2.4.6-8Dan Walsh 2.4.6-7Dan Walsh 2.4.6-6Dan Walsh 2.4.6-5Dan Walsh 2.4.6-4Dan Walsh 2.4.6-3Dan Walsh 2.4.6-1Dan Walsh 2.4.5-4Dan Walsh 2.4.5-3Dan Walsh 2.4.5-2Dan Walsh 2.4.5-1Dan Walsh 2.4.4-2Dan Walsh 2.4.4-2Dan Walsh 2.4.4-1Dan Walsh 2.4.3-13Dan Walsh 2.4.3-12Dan Walsh 2.4.3-11Dan Walsh 2.4.3-10Dan Walsh 2.4.3-9Dan Walsh 2.4.3-8Dan Walsh 2.4.3-7Dan Walsh 2.4.3-6Dan Walsh 2.4.3-5Dan Walsh 2.4.3-4Dan Walsh 2.4.3-3Dan Walsh 2.4.3-2Dan Walsh 2.4.3-1Dan Walsh 2.4.2-8Dan Walsh 2.4.2-7James Antill 2.4.2-6Dan Walsh 2.4.2-5Dan Walsh 2.4.2-4Dan Walsh 2.4.2-3Dan Walsh 2.4.2-2Dan Walsh 2.4.2-1Dan Walsh 2.4.1-5Dan Walsh 2.4.1-4Dan Walsh 2.4.1-3Dan Walsh 2.4.1-2Dan Walsh 2.4-4Dan Walsh 2.4-3Dan Walsh 2.4-2Dan Walsh 2.4-1Dan Walsh 2.3.19-4Dan Walsh 2.3.19-3Dan Walsh 2.3.19-2Dan Walsh 2.3.19-1James Antill 2.3.18-10James Antill 2.3.18-9Dan Walsh 2.3.18-8Dan Walsh 2.3.18-7Dan Walsh 2.3.18-6Dan Walsh 2.3.18-5Dan Walsh 2.3.18-4Dan Walsh 2.3.18-3Dan Walsh 2.3.18-2Dan Walsh 2.3.18-1Dan Walsh 2.3.17-2Dan Walsh 2.3.17-1Dan Walsh 2.3.16-9Dan Walsh 2.3.16-8Dan Walsh 2.3.16-7Dan Walsh 2.3.16-6Dan Walsh 2.3.16-5Dan Walsh 2.3.16-4Dan Walsh 2.3.16-2Dan Walsh 2.3.16-1Dan Walsh 2.3.15-2Dan Walsh 2.3.15-1Dan Walsh 2.3.14-8Dan Walsh 2.3.14-7Dan Walsh 2.3.14-6Dan Walsh 2.3.14-4Dan Walsh 2.3.14-3Dan Walsh 2.3.14-2Dan Walsh 2.3.14-1Dan Walsh 2.3.13-6Dan Walsh 2.3.13-5Dan Walsh 2.3.13-4Dan Walsh 2.3.13-3Dan Walsh 2.3.13-2Dan Walsh 2.3.13-1Dan Walsh 2.3.12-2Dan Walsh 2.3.12-1Dan Walsh 2.3.11-1Dan Walsh 2.3.10-7Dan Walsh 2.3.10-6Dan Walsh 2.3.10-3Dan Walsh 2.3.10-1Dan Walsh 2.3.9-6Dan Walsh 2.3.9-5Dan Walsh 2.3.9-4Dan Walsh 2.3.9-3Dan Walsh 2.3.9-2Dan Walsh 2.3.9-1Dan Walsh 2.3.8-2Dan Walsh 2.3.7-1Dan Walsh 2.3.6-4Dan Walsh 2.3.6-3Dan Walsh 2.3.6-2Dan Walsh 2.3.6-1Dan Walsh 2.3.5-1Dan Walsh 2.3.4-1Dan Walsh 2.3.3-20Dan Walsh 2.3.3-19Dan Walsh 2.3.3-18Dan Walsh 2.3.3-17Dan Walsh 2.3.3-16Dan Walsh 2.3.3-15Dan Walsh 2.3.3-14Dan Walsh 2.3.3-13Dan Walsh 2.3.3-12Dan Walsh 2.3.3-11Dan Walsh 2.3.3-10Dan Walsh 2.3.3-9Dan Walsh 2.3.3-8Dan Walsh 2.3.3-7Dan Walsh 2.3.3-6Dan Walsh 2.3.3-5Dan Walsh 2.3.3-4Dan Walsh 2.3.3-3Dan Walsh 2.3.3-2Dan Walsh 2.3.3-1Dan Walsh 2.3.2-4Dan Walsh 2.3.2-3Dan Walsh 2.3.2-2Dan Walsh 2.3.2-1Dan Walsh 2.3.1-1Dan Walsh 2.2.49-1Dan Walsh 2.2.48-1Dan Walsh 2.2.47-5Dan Walsh 2.2.47-4Dan Walsh 2.2.47-3Dan Walsh 2.2.47-1Dan Walsh 2.2.46-2Dan Walsh 2.2.46-1Dan Walsh 2.2.45-3Dan Walsh 2.2.45-2Dan Walsh 2.2.45-1Dan Walsh 2.2.44-1Dan Walsh 2.2.43-4Dan Walsh 2.2.43-3Dan Walsh 2.2.43-2Dan Walsh 2.2.43-1Dan Walsh 2.2.42-4Dan Walsh 2.2.42-3Dan Walsh 2.2.42-2Dan Walsh 2.2.42-1Dan Walsh 2.2.41-1Dan Walsh 2.2.40-2Dan Walsh 2.2.40-1Dan Walsh 2.2.39-2Dan Walsh 2.2.39-1Dan Walsh 2.2.38-6Dan Walsh 2.2.38-5Dan Walsh 2.2.38-4Dan Walsh 2.2.38-3Dan Walsh 2.2.38-2Dan Walsh 2.2.38-1Dan Walsh 2.2.37-1Dan Walsh 2.2.36-2Dan Walsh 2.2.36-1James Antill 2.2.35-2Dan Walsh 2.2.35-1Dan Walsh 2.2.34-3Dan Walsh 2.2.34-2Dan Walsh 2.2.34-1Dan Walsh 2.2.33-1Dan Walsh 2.2.32-2Dan Walsh 2.2.32-1Dan Walsh 2.2.31-1Dan Walsh 2.2.30-2Dan Walsh 2.2.30-1Dan Walsh 2.2.29-6Russell Coker 2.2.29-5Dan Walsh 2.2.29-4Dan Walsh 2.2.29-3Dan Walsh 2.2.29-2Dan Walsh 2.2.29-1Dan Walsh 2.2.28-3Dan Walsh 2.2.28-2Dan Walsh 2.2.28-1Dan Walsh 2.2.27-1Dan Walsh 2.2.25-3Dan Walsh 2.2.25-2Dan Walsh 2.2.24-1Dan Walsh 2.2.23-19Dan Walsh 2.2.23-18Dan Walsh 2.2.23-17Karsten Hopp 2.2.23-16Dan Walsh 2.2.23-15Dan Walsh 2.2.23-14Dan Walsh 2.2.23-13Dan Walsh 2.2.23-12Jeremy Katz - 2.2.23-11Jeremy Katz - 2.2.23-10Dan Walsh 2.2.23-9Dan Walsh 2.2.23-8Dan Walsh 2.2.23-7Dan Walsh 2.2.23-5Dan Walsh 2.2.23-4Dan Walsh 2.2.23-3Dan Walsh 2.2.23-2Dan Walsh 2.2.23-1Dan Walsh 2.2.22-2Dan Walsh 2.2.22-1Dan Walsh 2.2.21-9Dan Walsh 2.2.21-8Dan Walsh 2.2.21-7Dan Walsh 2.2.21-6Dan Walsh 2.2.21-5Dan Walsh 2.2.21-4Dan Walsh 2.2.21-3Dan Walsh 2.2.21-2Dan Walsh 2.2.21-1Dan Walsh 2.2.20-1Dan Walsh 2.2.19-2Dan Walsh 2.2.19-1Dan Walsh 2.2.18-2Dan Walsh 2.2.18-1Dan Walsh 2.2.17-2Dan Walsh 2.2.16-1Dan Walsh 2.2.15-4Dan Walsh 2.2.15-3Dan Walsh 2.2.15-1Dan Walsh 2.2.14-2Dan Walsh 2.2.14-1Dan Walsh 2.2.13-1Dan Walsh 2.2.12-1Dan Walsh 2.2.11-2Dan Walsh 2.2.11-1Dan Walsh 2.2.10-1Dan Walsh 2.2.9-2Dan Walsh 2.2.9-1Dan Walsh 2.2.8-2Dan Walsh 2.2.7-1Dan Walsh 2.2.6-3Dan Walsh 2.2.6-2Dan Walsh 2.2.6-1Dan Walsh 2.2.5-1Dan Walsh 2.2.4-1Dan Walsh 2.2.3-1Dan Walsh 2.2.2-1Dan Walsh 2.2.1-1Dan Walsh 2.1.13-1Dan Walsh 2.1.12-3Dan Walsh 2.1.11-1Dan Walsh 2.1.10-1Jeremy Katz - 2.1.9-2Dan Walsh 2.1.9-1Dan Walsh 2.1.8-3Dan Walsh 2.1.8-2Dan Walsh 2.1.8-1Dan Walsh 2.1.7-4Dan Walsh 2.1.7-3Dan Walsh 2.1.7-2Dan Walsh 2.1.7-1Dan Walsh 2.1.6-24Dan Walsh 2.1.6-23Dan Walsh 2.1.6-22Dan Walsh 2.1.6-21Dan Walsh 2.1.6-20Dan Walsh 2.1.6-18Dan Walsh 2.1.6-17Dan Walsh 2.1.6-16Dan Walsh 2.1.6-15Dan Walsh 2.1.6-14Dan Walsh 2.1.6-13Dan Walsh 2.1.6-11Dan Walsh 2.1.6-10Dan Walsh 2.1.6-9Dan Walsh 2.1.6-8Dan Walsh 2.1.6-5Dan Walsh 2.1.6-4Dan Walsh 2.1.6-3Dan Walsh 2.1.6-2Dan Walsh 2.1.6-1Dan Walsh 2.1.4-2Dan Walsh 2.1.4-1Dan Walsh 2.1.3-1Jeremy Katz - 2.1.2-3Dan Walsh 2.1.2-2Dan Walsh 2.1.2-1Dan Walsh 2.1.1-3Dan Walsh 2.1.1-2Dan Walsh 2.1.1-1Dan Walsh 2.1.0-3Dan Walsh 2.1.0-2.Dan Walsh 2.1.0-1.Dan Walsh 2.0.11-2.Dan Walsh 2.0.11-1.Dan Walsh 2.0.9-1.Dan Walsh 2.0.8-1.Dan Walsh 2.0.7-3Dan Walsh 2.0.7-2Dan Walsh 2.0.6-2Dan Walsh 2.0.5-4Dan Walsh 2.0.5-1Dan Walsh 2.0.4-1Dan Walsh 2.0.2-2Dan Walsh 2.0.2-1Dan Walsh 2.0.1-2Dan Walsh 2.0.1-1- Allow systemd services to use PrivateNetwork feature - Revert "Add s_read_nsfs_files() interface"- Allow iptables to read nsfs files. BZ(1308622) - Add a type and genfscon for nsfs. - Added policy for systemd-coredump service. Added domain transition from kernel_t to systemd_coredump_t. Allow syslogd_t domain to read/write tmpfs systemd-coredump files. Make new domain uconfined for now. - Revert "Allow all domains some process flags."- Allow xdm send gram sockets to xserver. BZ(1271401)- Add interface to allow reading files in efivarfs - contains Linux Kernel configuration options for UEFI systems (UEFI Runtime Variables)- Allow qemu-bridge-helper running as virt_bridgehelper_t to access cpuinfo/cpuinfo_max_freq and unix stream socket the running virtual machine. BZ(#1267217). - Merge pull request #84 from vmojzis/f22-contrib - Allow uspsmon reading form rand/urand. #1282103, #1282104, #1282105, Allow uspsmon to use kill within its domain. #1276861 - Merge pull request #83 from vmojzis/f22-contrib - Allow mdadm read files in EFI partotion. BZ(1287203, 1276519) - Add transition for ".linphone-web" to mozilla_plugin_t. The folder is created and used by linphone web plugin. #1279752- Allow firewalld to create firewalld_var_run_t directory. BZ(1291243) - Add interface firewalld_read_pid_files() - Allow iptables to read firewalld pid files. BZ(1291243) - Merge pull request #82 from vmojzis/f22-base - Allow systemd-logind to read /run/utmp when shutdown is invoked. - systemd-logind remove all IPC objects owned by a user on a logout. This covers also SysV memory. This change allows to destroy unpriviledged user SysV shared memory segments. - Add userdom_destroy_unpriv_user_shared_mem() interface. - Label /var/run/systemd/shutdown directory as systemd_logind_var_run_t to allow systemd-logind to access it if shutdown is invoked.- Allow arpwatch to create netlink netfilter sockets. BZ(1282139) - Allow virt_domain to create socket file in /tmp. BZ(1268638) - Merge pull request #73 from vmojzis/f22-contrib - Allow acpid to attempt to connect to the Linux kernel via generic netlink socket. - Allow apcupsd sending mails about battery state. BZ(1274018) - Allow pcp_pmcd_t domain transition to lvm_t. BZ(1277779) - Fix summary for userdom_user_tmp_content interface - Adding support for dbus communication between systemd-networkd and systemd-hostnamed. BZ(1279182)- Allow antivirus_t to bind to all unreserved ports. Clamd binds to random unassigned port (by default in range 1024-2048). #1248785 - Allow iscsid create netlink iscsid sockets. - Merge remote-tracking branch 'refs/remotes/origin/f22-contrib' into f22-contrib - Allow abrt-hook-ccpp to change SELinux user identity for created objects. - Allow abrt-hook-ccpp to get attributes of all processes because of core_pattern. - Allow setuid/setgid capabilities for abrt-hook-ccpp. - unbound wants to use ephemeral ports as a default configuration. Allow to use also udp sockets. - Allow named to bind on ephemeral ports. BZ(#1259766)- The ABRT coredump handler has code to emulate default core file creation The handler runs in a separate process with abrt_dump_oops_t SELinux process type. abrt-hook-ccpp also saves the core dump file in the very same way as kernel does and a user can specify CWD location for a coredump. abrt-hook-ccpp has been made as a SELinux aware apps to create this coredumps with correct labeling and with this commit the policy rules have been updated to allow access all non security files on a system - Allow fail2ban-client to execute ldconfig. - Allow winbindd to send signull to kernel. BZ(#1269193) - Fix context of "/usr/share/nginx/html". BZ(#1261856)- Allow pcp_pmlogger to exec bin_t BZ(#1258698) - Allow spamd to read system network state. BZ(1260234) - Allow pcp_pmlogger to read system state. BZ(1258699) - Allow systemd-networkd to read XEN state for Xen hypervisor. BZ(#1269916) - Add fs_read_xenfs_files() interface.- Allow pcp_pmlogger to read system state. BZ(1258699) - We need allow connect to xserver for all sandbox_x domain because we have one type for all sandbox processes. - Add missing labeling for /usr/libexec/abrt-hook-ccpp as a part of #1245477 and #1242467 bugs.- We need to require sandbox_web_type attribute in sandbox_x_domain_template(). - Dontaudit abrt_t to rw lvm_lock_t dir. - Allow abrt_t domain to write to kernel msg device. - Add interface lvm_dontaudit_rw_lock_dir() - ipsec: The NM helper needs to read the SAs - ipsec: Allow ipsec management to create ptys- ipsec: The NM helper needs to read the SAs - ipsec: Allow ipsec management to create ptys- Run /usr/bin/systemctl daemon-reexec in post scripts to refresh cache Resolves:#1264051- Allow rpcbind_t domain to change file owner and group - Allow smbcontrol to create a socket in /var/samba which uses for a communication with smbd, nmbd and winbind. - Remove duplicate rules in dirsrv-admin policy - Allow dirsrv-admin read httpd pid files. - Allow dirsrv-admin read httpd pid files. - Add label for dirsrv-admin unit file. - Allow qpid daemon to connect on amqp tcp port. - Allow dirsrvadmin-script read /etc/passwd file Allow dirsrvadmin-script exec systemctl - Add labels for afs binaries: dafileserver, davolserver, salvageserver, dasalvager - Add lsmd_plugin_t sys_admin capability, Allow lsmd_plugin_t getattr from sysfs filesystem. - Allow rhsmcertd_t send signull to unconfined_service_t domains. - Label /etc/ipa/nssdb dir as cert_t - Add interface unconfined_server_signull() to allow domains send signull to unconfined_service_t- named wants to access /proc/sys/net/ipv4/ip_local_port_range to get ehphemeral range. BZ(#1260272) - Allow user screen domains to list directorires in HOMEDIR wit user_home_t labeling. - Fix for watchdog_unconfined_exec_read_lnk_files, Add also dir search perms in watchdog_unconfined_exec_t. - Dontaudit fenced search gnome config - Allow teamd running as NetworkManager_t to access netlink_generic_socket to allow multiple network interfaces to be teamed together. - Fix labeling for fence_scsi_check script - Allow openhpid to read system state Aloow openhpid to connect to tcp http port. - Allow openhpid to read snmp var lib files. - Allow openvswitch_t domains read kernel dependencies due to openvswitch run modprobe - Fix regexp in chronyd.fc file - Allow passenger to getattr filesystem xattr - Revert "Allow pegasus_openlmi_storage_t create mdadm.conf.anacbak file in /etc." - Label mdadm.conf.anackbak as mdadm_conf_t file. - Allow dnssec-ttrigger to relabel net_conf_t files. BZ(1251765) - Merge branch 'f22-contrib' of github.com:fedora-selinux/selinux-policy into f22-contrib - Allow dnssec-trigger to exec pidof. BZ(#1256737) - Allow dnssec-trigger to exec pidof. BZ(#1256737) - Allow blueman to create own tmp files in /tmp. (#1234647) - Allow watchdog execute fenced python script. - Added inferface watchdog_unconfined_exec_read_lnk_files() - Allow pmweb daemon to exec shell. BZ(1256127) - Allow pmweb daemon to read system state. BZ(#1256128) - Add new audit_read access vector in capability2 class - Add "binder" security class and access vectors - Update netlink socket classes. - systemd-logind needs to be able to act with /usr/lib/systemd/system/poweroff.target to allow shutdown system. BZ(#1260175) - Allow systemd-udevd to access netlink_route_socket to change names for network interfaces without unconfined.pp module. It affects also MLS. - Allow unconfined_t domains to create /var/run/xtables.lock with iptables_var_run_t - Remove bin_t label for /usr/share/cluster/fence_scsi_check\.pl - Allow getty to read network state. BZ(#1255177) - Remove labeling for /var/db/.*\.db as etc_t to label db files as system_db_t. - Allow dhcpc_t domain transition to chronyd_t- Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080) - Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764) - Add interface dnssec_trigger_sigkill - Allow smsd use usb ttys. BZ(#1250536) - Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file. - Allow exec pidof under hypervkvp domain. Allow hypervkvp daemon create connection to the system DBUS - Allow openhpid_t to read system state. - Add temporary fixes for sandbox related to #1103622. It allows to run everything under one sandbox type. - Added labels for files provided by rh-nginx18 collection - Dontaudit block_suspend capability for ipa_helper_t, this is kernel bug. Allow ipa_helper_t capability net_admin. Allow ipa_helper_t to list /tmp. Allow ipa_helper_t to read rpm db. - Allow rhsmcertd exec rhsmcertd_var_run_t files and rhsmcerd_tmp_t files. This rules are in hide_broken_sympthons until we find better solution. - Allow abrt_dump_oops_t to read proc_security_t files. - Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all domains state Allow abrt_dump_oops to ptrace all domains - Add interface abrt_dump_oops_domtrans() - Allow systemd-sysctl cap. sys_ptrace BZ(1253926) - Add label for kernel module dep files in /usr/lib/modules - Allow kernel_t domtrans to abrt_dump_oops_t - Added to files_dontaudit_write_all_mountpoints intefface new dontaudit rule, that domain included this interface dontaudit capability dac_override.- Allow samba_net_t to manage samba_var_t sock files. - Allow httpd daemon to manage httpd_var_lib_t lnk_files. - Allow chronyd exec systemctl - Add inteface chronyd_signal Allow timemaster_t send generic signals to chronyd_t. - Label /var/run/chrony-helper dir as chronyd_var_run_t. - Add mountpoint dontaudit access check in rhsmcertd policy. - Allow lldpad_t to getattr tmpfs_t. Label /dev/shm/lldpad.* as lldapd_tmpfs_t - Fix label on /var/tmp/kiprop_0 - Added interface fs_dontaudit_write_configfs_dirs - Allow systemd_networkd to send logs to syslog. - Allow audisp client to read system state.- Allow pcp_domain to manage pcp_var_lib_t lnk_files. - Allow chronyd to execute mkdir command. - Allow chronyd_t to read dhcpc state. - Label /usr/libexec/chrony-helper as chronyd_exec_t - Allow openhpid liboa_soap plugin to read resolv.conf file. - Allow openhpid liboa_soap plugin to read generic certs. - Allow openhpid use libwatchdog plugin. (Allow openhpid_t rw watchdog device) - Allow logrotate to reload services. - Allow apcupsd_t to read /sys/devices - Allow kpropd to connect to kropd tcp port. - Allow lsmd also setuid capability. Some commands need to executed under root privs. Other commands are executed under unprivileged user. - Allow snapperd to pass data (one way only) via pipe negotiated over dbus. - Add snapper_read_inherited_pipe() interface. - Add missing ";" in kerberos.te - Add support for /var/lib/kdcproxy and label it as krb5kdc_var_lib_t. It needs to be accessible by useradd_t. - Add support for /etc/sanlock which is writable by sanlock daemon. - Allow mdadm to access /dev/random and add support to create own files/dirs as mdadm_tmpfs_t. - firewalld needs to relabel own config files BZ(#1250537) - Allow rhsmcertd to send signull to unconfined_service. - Allow lsm_plugin_t to rw raw_fixed_disk. - Allow lsm_plugin_t to read sysfs, read hwdata, rw to scsi_generic_device - Allow openhpid to use libsnmp_bc plugin (allow read snmp lib files). - Allow qpid to create lnk_files in qpid_var_lib_t. - Allow httpd_suexec_t to read and write Apache stream sockets - Allow audisp client to read system state. - Label /var/run/xtables.lock as iptables_var_run_t. - Add fstools_filetrans_named_content_fsadm() and call it for named_filetrans_domain domains. We need to be sure that /run/blkid is created with correct labeling. - Add labels for /dev/memory_bandwith and /dev/vhci. Thanks ssekidde - Add interface to read/write watchdog device. - Add transition rule for iptables_var_lib_t - Allow useradd add homedir located in /var/lib/kdcproxy in ipa-server RPM scriplet. - Add fstools_filetrans_named_content_fsadm() and call it for named_filetrans_domain domains. We need to be sure that /run/blkid is created with correct labeling. - arping running as netutils_t needs to access /etc/ld.so.cache in MLS. - Allow sysadm to execute systemd-sysctl in the sysadm_t domain. It is needed for ifup command in MLS mode. - Add systemd_exec_sysctl() and systemd_domtrans_sysctl() interfaces. - Allow udev, lvm and fsadm to access systemd-cat in /var/tmp/dracut if 'dracut -fv' is executed in MLS. - Allow admin SELinu users to communicate with kernel_t. It is needed to access /run/systemd/journal/stdout if 'dracut -vf' is executed. We allow it for other SELinux users. - depmod runs as insmod_t and it needs to manage user tmp files which was allowed for depmod_t. It is needed by dracut command for SELinux restrictive policy (confined users, MLS). - Allow sysadm to administrate ldap environment and allow to bind ldap port to allow to setup an LDAP server (389ds).- Allow virt_qemu_ga_t domtrans to passwd_t. - Allow redis to read kernel parameters. - Label /etc/rt dir as httpd_sys_rw_content_t BZ(#1185500) - Allow hostapd to manage sock file in /va/run/hostapd Add fsetid cap. for hostapd Add net_raw cap. for hostpad BZ(#1237343) - Allow bumblebee to seng kill signal to xserver - glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes. - Allow drbd to get attributes from filesystems. - Allow glusterd to communicate with cluster domains over stream socket. - Allow drbd to read configuration options used when loading modules. - Allow glusterd to communicate with cluster domains over stream socket. - Added Booleans: pcp_read_generic_logs. - Allow pcp_pmcd daemon to read postfix config files. Allow pcp_pmcd daemon to search postfix spool dirs. - Remove diplicate sftpd_write_ssh_home boolean rule. - Allow sysadm to administrate ldap environment and allow to bind ldap port to allow to setup an LDAP server (389ds). - Label /usr/sbin/chpasswd as passwd_exec_t. - Allow audisp_remote_t to read/write user domain pty. - Allow audisp_remote_t to start power unit files domain to allow halt system.- gnome_dontaudit_search_config() needs to be a part of optinal_policy in pegasus.te - Allow glusterd to manage nfsd and rpcd services. - Add samba_manage_winbind_pid() interface - Allow networkmanager to communicate via dbus with systemd_hostanmed. - Allow stream connect logrotate to prosody. - Add prosody_stream_connect() interface. - httpd should be able to send signal/signull to httpd_suexec_t, instead of httpd_suexec_exec_t. - Allow prosody to create own tmp files/dirs. - Allow keepalived request kernel load module - kadmind should not read generic files in /usr - Allow kadmind_t access to /etc/krb5.keytab - Add more fixes to kerberos.te - Add labeling for /var/tmp/kadmin_0 and /var/tmp/kiprop_0 - Add lsmd_t to nsswitch_domain. - Allow pegasus_openlmi_storage_t create mdadm.conf.anacbak file in /etc. - Allow pegasus_openlmi_storage_t create mdadm.conf.anacbak file in /etc. - Add fixes to pegasus_openlmi_domain Resolves:#1088904 - Allow Glance Scrubber to connect to commplex_main port - Allow RabbitMQ to connect to amqp port - Allow isnsd read access on the file /proc/net/unix - Allow qpidd access to /proc//net/psched - Allow openshift_initrc_t to communicate with firewalld over dbus. - Allow ctdbd_t send signull to samba_unconfined_net_t. - Add samba_signull_unconfined_net() - Add samba_signull_winbind() - Revert "Add interfaces winbind_signull(), samba_unconfined_net_signull()." - Fix ctdb policy - Revert "Allow ctdbd sending signull to process winbind, samba_unconfined_net, to" - inn daemon should create innd_log_t objects in var_log_t instead of innd_var_run_t - Add samba_unconfined_script_exec_t to samba_admin header. - Add jabberd_lock_t label to jabberd_admin header. - Add rpm_var_run_t label to rpm_admin header. - Make all interfaces related to openshift_cache_t as deprecated. - Remove non exits nfsd_ro_t label. - Label /usr/afs/ as afs_files_t Allow afs_bosserver_t create afs_config_t and afs_dbdir_t dirs under afs_files_t Allow afs_bosserver_t read kerberos config - Fix *_admin intefaces where body is not consistent with header. - Allow networkmanager read rfcomm port. - Fix nova_domain_template interface, Fix typo bugs in nova policy - Label /var/db/ as system_db_t.- Add samba_unconfined_script_exec_t to samba_admin header. - Add jabberd_lock_t label to jabberd_admin header. - Add rpm_var_run_t label to rpm_admin header. - Make all interfaces related to openshift_cache_t as deprecated. - Remove non exits nfsd_ro_t label. - Label /usr/afs/ as afs_files_t Allow afs_bosserver_t create afs_config_t and afs_dbdir_t dirs under afs_files_t Allow afs_bosserver_t read kerberos config - Fix *_admin intefaces where body is not consistent with header. - Allow networkmanager read rfcomm port. - Fix nova_domain_template interface, Fix typo bugs in nova policy - Create nova sublabels. - Merge all nova_* labels under one nova_t. - Add cobbler_var_lib_t to "/var/lib/tftpboot/boot(/.*)?" - Allow dnssec_trigger_t relabelfrom dnssec_trigger_var_run_t files. - Fix typo in nova policy - Allow nova_t to bind on geneve tcp port, and all udp ports - Fix label openstack-nova-metadata-api binary file - Label swift-container-reconciler binary as swift_t. - Allow glusterd to execute showmount in the showmount domain. - Allow NetworkManager_t send signull to dnssec_trigger_t. - Add support for openstack-nova-* packages. - Allow audisp-remote searching devpts. - Label 6080 tcp port as geneve- Fix paths in inn policy, Allow innd read innd_log_t dirs, Allow innd execute innd_etc_t files - Allow connect ypserv to portmap_port_t. - Fix path from /usr/sbin/redis-server to /usr/bin/redis-server. - Add tmpreaper booleans to use nfs_t and samba_share_t. - Add interface samba_setattr_samba_share_dirs. - Dontaudit smbd_t block_suspend capability. This is kernel bug. - Add interfaces winbind_signull(), samba_unconfined_net_signull(). - Allow gluster to connect to all ports. It is required by random services executed by gluster. - Update mta_filetrans_named_content() interface to cover more db files. - Revert "Remove ftpd_use_passive_mode boolean. It does not make sense due to ephemeral port handling." - Allow pcp domains to connect to own process using unix_stream_socket. - Typo in abrt.te - Allow abrt-upload-watch service to dbus chat with ABRT daemon and fsetid capability to allow run reporter-upload correctly. - Add nagios_domtrans_unconfined_plugins() interface. - Merge remote-tracking branch 'refs/remotes/origin/f22-contrib' into f22-contrib - Add new boolean - httpd_run_ipa to allow httpd process to run IPA helper and dbus chat with oddjob. - Add support for oddjob based helper in FreeIPA. BZ(1238165) - Allow dnssec_trigger_t create dnssec_trigger_tmp_t files in /var/tmp/ BZ(1240840) - Add interface fs_setattr_nfs_dirs - Fix logging_syslogd_run_nagios_plugins calling in logging.te - Add logging_syslogd_run_nagios_plugins boolean for rsyslog to allow transition to nagios unconfined plugins. - Add support for oddjob based helper in FreeIPA. BZ(1238165)- Allow ctdb_t sending signull to smbd_t, for checking if smbd process exists. BZ(1224879) - Fix cron_system_cronjob_use_shares boolean to call fs interfaces which contain only entrypoint permission. - Add cron_system_cronjob_use_shares boolean to allow system cronjob to be executed from shares - NFS, CIFS, FUSE. It requires "entrypoint" permissios on nfs_t, cifs_t and fusefs_t SELinux types. - nrpe needs kill capability to make gluster moniterd nodes working. - Fix interface corenet_tcp_connect_postgresql_port_port(prosody_t) - Allow prosody connect to postgresql port. - Allow pmcd daemon stream connect to mysqld. - Allow drbd_t write to fixed_disk_device. - Add new interfaces - Add fs_fusefs_entry_type() interface. - Allow iptables to read ctdbd lib files. - Add systemd-networkd_t to nsswitch domains.- Dontaudit apache to manage snmpd_var_lib_t files/dirs. BZ(1189214) - Add interface snmp_dontaudit_manage_snmp_var_lib_files(). - Rename xodbc-connect port to xodbc_connect - Allow ovsdb-server to connect on xodbc-connect and ovsdb tcp ports. BZ(1179809) - Dontaudit mozilla_plugin_t cap. sys_ptrace. BZ(1202043) - Allow iscsid write to fifo file kdumpctl_tmp_t. Appears when kdump generates the initramfs during the kernel boot. BZ(1181476) - Dontaudit chrome to read passwd file. BZ(1204307) - Allow firewalld exec ldconfig. BZ(1232748) - Allow dnssec_trigger_t read networkmanager conf files. BZ(1231798) - Allow in networkmanager_read_conf() also read NetworkManager_etc_rw_t files. BZ(1231798) - Make docker_t as unconfined. BZ(1215842) - Rename xodbc-connect port to xodbc_connect - Label tcp port 6632 as xodbc-connect port. BZ (1179809) - Label tcp port 6640 as ovsdb port. BZ (1179809)- Allow NetworkManager write to sysfs. BZ(1234086) - Add postgresql support for systemd unit files.- Allow glusterd to interact with gluster tools running in a user domain - rpm_transition_script() is called from rpm_run. Update cloud-init rules. - Call rpm_transition_script() from rpm_run() interface. - Allow radvd has setuid and it requires dac_override. BZ(1224403) - Add glusterd_manage_lib_files() interface. - Allow samba_t net_admin capability to make CIFS mount working. - S30samba-start gluster hooks wants to search audit logs. Dontaudit it. - ntop reads /var/lib/ntop/macPrefix.db and it needs dac_override. It has setuid/setgid. BZ(1058822) - Allow cloud-init to run rpm scriptlets to install packages. BZ(1227484) - Allow nagios to generate charts. - Allow glusterd to send generic signals to systemd_passwd_agent processes. - Allow glusterd to run init scripts. - Allow glusterd to execute /usr/sbin/xfs_dbin glusterd_t domain. - Calling cron_system_entry() in pcp_domain_template needs to be a part of optional_policy block. - Allow samba-net to access /var/lib/ctdbd dirs/files. - Allow glusterd to send a signal to smbd. - Make ctdbd as home manager to access also FUSE. - Allow glusterd to use geo-replication gluster tool. - Allow glusterd to execute ssh-keygen. - Allow glusterd to interact with cluster services. - Add rhcs_dbus_chat_cluster() - systemd-logind accesses /dev/shm. BZ(1230443) - Label gluster python hooks also as bin_t. - Allow sshd to execute gnome-keyring if there is configured pam_gnome_keyring.so. - Allow gnome-keyring executed by passwd to access /run/user/UID/keyring to change a password. BZ(1222604)- Allow hypervkvp to read /dev/urandom and read addition states/config files. - Add rpm_exec_t labeling for /usr/bin/dnf-automatic,/usr/bin/dnf-2 and /usr/bin/dnf-3. - Allow puppetagent_t to transfer firewalld messages over dbus - Add httpd_var_lib_t label for roundcubemail - Allow mongod to work with configured SSSD. - Allow sblim domain to read sysctls. - Allow lsmd plugin to run with configured SSSD. - Allow pkcs_slotd_t to communicate with sssd - Allow rwho_t to communicate with sssd - Allow isnsd_t to communicate with sssd - Allow openvswitch_t to communicate with sssd - Allow tmpreaper_t to manage ntp log content - Allow cluster domain to dbus chat with systemd-logind. - Allow pki-tomcat relabel pki_tomcat_etc_rw_t. - Allow fowner capability for sssd because of selinux_child handling. - ALlow bind to read/write inherited ipsec pipes. - Allow radiusd to connect to radsec ports. - Allow setuid/setgid for selinux_child. - Allow lsmd plugin to connect to tcp/5988 by default. - Allow lsmd plugin to connect to tcp/5989 by default. - Allow ntlm_auth running in winbind_helper_t to access /dev/urandom. - Add labeling for pacemaker.log. - Allow hypervkvp to execute arping in own domain and make it as nsswitch domain. - Use userdom_home_manager() for bacula_t. - Add fixes to RHEL7 bacula policy - Allow glusterd to have mknod capability. It creates a special file using mknod in a brick. - Update rules related to glusterd_brick_t. - Allow glusterd to execute lvm tools in the lvm_t target domain. - Allow glusterd to execute xfs_growfs in the target domain. - Allow sysctl to have running under hypervkvp_t domain. - Allow smartdnotify to use user terminals. - Allow pcp domains to create root.socket in /var/lip/pcp directroy. - Allow NM to execute dnssec-trigger-script in dnssec_trigger_t domain. - Allow rpcbind to create rpcbind.xdr as a temporary file. - Allow dnssec-trigger connections to the system DBUS. It uses libnm-glib Python bindings. - Allow hostapd net_admin capability. hostapd needs to able to set an interface flag. - rsync server can be setup to send mail - Make "ostree admin upgrade -r" command which suppose to upgrade the system and reboot working again. BZ(1225920) - Fix samba_load_libgfapi decl in samba.te. - Move ctdd_domtrans() from ctdbd to gluster. - Allow smbd to access /var/lib/ctdb/persistent/secrets.tdb.0. - Glusterd wants to manage samba config files if they are setup together. - ALlow NM to do access check on /sys. - Allow NetworkManager to keep RFCOMM connection for Bluetooth DUN open . Based on fixes from Lubomir Rintel. - Allow NetworkManager nm-dispacher to read links. - Allow gluster hooks scripts to transition to ctdbd_t. - Allow glusterd to read/write samba config files. - Update mysqld rules related to mysqld log files. - Add fixes for hypervkvp realed to ifdown/ifup scripts. - Update netlink_route_socket for ptp4l. - Allow glusterd to connect to /var/run/dbus/system_bus_socket. - ALlow glusterd to have sys_ptrace capability. Needed by gluster+samba configuration. - Add new boolean samba_load_libgfapi to allow smbd load libgfapi from gluster. Allow smbd to read gluster config files by default. - Allow gluster to transition to smbd. It is needed for smbd+gluster configuration. - Allow glusterd to read /dev/random. - Update nagios_run_sudo boolean to allow run chkpwd. - Allow docker and container tools to control caps, don't rely on SELinux for now. Since there is no easy way for SELinux modification of policy as far as caps. docker run --cap-add will work now - Allow sosreport to dbus chat with NM. - Back port fixes for docker svirt_sandbox_domains - Add ipsec_rw_inherited_pipes() interface. - Allow ibus-x11 running as xdm_t to connect uder session buses. We already allow to connect to userdomains over unix_stream_socket. - Label /usr/libexec/Xorg.wrap as xserver_exec_t. - Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file. - Allow systemd-networkd to bind dhcpc ports if DHCP=yes in *.network conf file. - Fix labeling for /var/lib/glusterd/hooks. - Add term_open_unallocated_ttys() interface. - Add dev_access_check_sysfs() interface. - Add sysnet_manage_dhcpc_pid() interface. - Label all gluster hooks in /var/lib/gluster as bin_t. They are not created on the fly. - Add sudo_manage_db() interface. - Back port fixes for the docker types to be used by other domains - Access required to run with unconfine.pp disabled - Allow ABRT to read all proc types. It wants to read also dmesg_restrict. BZ(1227661)- Allow docker dbus chat with firewalld. BZ(1221911) - Allow anaconda to run iscsid in own domain. BZ(1220948). - Add new iscsid_run() interface. - Update nagios_run_sudo boolean. - Allow rhsmcetd to use the ypbind service to access NIS services. - Add nagios_run_pnp4nagios and nagios_run_sudo booleans to allow run sudo from NRPE utils scripts and allow run nagios in conjunction with PNP4Nagios. - Allow ctdb to create rawip socket. - Allow ctdbd to bind smbd port. - Make ctdbd as userdom_home_reader. - Dontaudit chrome-sandbox write access its parent process information. BZ(1220958) - Fix missing bracket in apache.te. - Fix httpd_use_openstack boolean related to keystone_read_pid. - Allow net_admin cap for dnssec-trigger to make wifi reconnect working. - Add support for /var/lib/ipsilon dir and label it as httpd_var_lib_t. BZ(1186046) - Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd. - Add glusterd_filetrans_named_pid() interface. - Fix description for seutil_search_config() interface. - make ssh-keygen as nsswitch domain to access SSSD. - Label ctdb events scripts as bin_t. - Add unconfined_dontaudit_write_state() interface. - Add support for ~/.local/share/networkmanagement/certificates and update filename transitions rules. BZ(1215877) - Fix selinux_search_fs() interface. - Update selinux_search_fs(domain) rule to have ability to search /etc/selinuc/ to check if /etc/selinux/config exists. BZ(1219045) - Add seutil_search_config() interface. - Fix typo in systemd.te - Add lvm_stream_connect() interface. - Add support for /usr/sbin/lvmpolld.BZ(1220817) - Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.BZ(1218137)- Add lvm_stream_connect() interface. - Add support for /usr/sbin/lvmpolld.BZ(1220817) - Allow gvfsd-fuse running as xdm_t to use /run/user/42/gvfs as mountpoint.BZ(1218137) - Allow login_pgm domains to access kernel keyring for nsswitch domains. - Add labeling for systemd-time*.service unit files and allow systemd-timedated to access these unit files. - This change will remove entrypoint from filesystems, should be back ported to all RHEL/Fedora systems - Only allow semanage_t to be able to setenforce 0, no all domains that use selinux_semanage interface - Allow debugfs associate to a sysfs filesystem. - vport is mislabeled on arm, need to be less specific - Add relabel_user_home_dirs for use by docker_t - Allow net_admin cap for dnssec-trigger to make wifi reconnect working. - Add support for /var/lib/ipsilon dir and label it as httpd_var_lib_t. BZ(1186046) - Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd. - Add glusterd_filetrans_named_pid() interface. - Allow antivirus_t to read system state info.BZ(1217616) - Dontaudit use console for chrome-sandbox. BZ(1216087) - Add support for ~/.local/share/libvirt/images and for ~/.local/share/libvirt/boot. BZ(1215359) - Clamd needs to have fsetid capability. BZ(1215308) - Allow cinder-backup to dbus chat with systemd-logind. BZ(1207098) - Update httpd_use_openstack boolean to allow httpd to bind commplex_main_port and read keystone log files. - Allow gssd to access kernel keyring for login_pgm domains. - Add more fixes related to timemaster+ntp+ptp4l. - Allow docker sandbox domains to search all mountpoiunts - update winbind_t rules to allow IPC for winbind. BZ(1210663) - Allow dhcpd kill capability. - Add support for new fence agent fence_mpath which is executed by fence_node. - Remove dac_override capability for setroubleshoot. We now have it running as setroubleshoot user. - Allow redis to create /var/run/redis/redis.sock. - Allow fence_mpathpersist to run mpathpersist which requires sys_admin capability. - Allow timemaster send a signal to ntpd. - Add rules for netlink_socket in iotop. - Allow iotop netlink socket. - Allow sys_ptrace cap for sblim-gatherd caused by ps. - Add support for /usr/libexec/mongodb-scl-helper RHSCL helper script. - Allow passenger to accept connection. - Update virt_read_pid_files() interface to allow read also symlinks with virt_var_run_t type. - Fix labeling for /usr/libexec/mysqld_safe-scl-helper. - Add support for mysqld_safe-scl-helper which is needed for RHSCL daemons. - Label /usr/bin/yum-deprecated as rpm_exec_t. (#1218650) - Don't use deprecated userdom_manage_tmpfs_role() interface calliing and use userdom_manage_tmp_role() instead. - Add support for iprdbg logging files in /var/log. - Add support for mongod/mongos systemd unit files. - Allow inet_gethost called by couchdb to access /proc/net/unix. BZ(1207538) - Allow eu-unstrip running under abrt_t to access /var/lib/pcp/pmdas/linux/pmda_linux.so (#1207410)- Add support for new cobbler dir locations: - Add nagios_read_lib() interface.- cloudinit and rhsmcertd need to communicate with dbus - Allow bacula access to tape devices. - allow httpd_t to read nagios lib_var_lib_t to allow rddtool generate graphs which will be shown by httpd . - Allow dnssec-trigger to send sigchld to networkmanager - add interface networkmanager_sigchld - Add dnssec-trigger unit file Label dnssec-trigger script in libexec - Remove duplicate specification for /etc/localtime. - Add default labeling for /etc/localtime symlink.- Define ipa_var_run_t type - Add ipa_manage_pid_files interface. - Allow certmonger to manage renewal.lock. BZ(1213256) - Allow apcupsd to use USBttys. BZ(1210960) - Allow sge_execd_t to mamange tmp sge lnk files.BZ(1211574) - Allow syslogd_t to manage devlog_t lnk files. BZ(1210968)- Allow abrtd to list home config. BZ(1199658) - Dontaudit dnssec_trigger_t to read /tmp. BZ(1210250) - Allow abrt_dump_oops_t to IPC_LOCK. BZ(1205481) - Allow mock_t to use ptmx. BZ(1181333) - Allow dnssec_trigger_t to create resolv files labeled as net_conf_t - Allow dnssec_trigger_t to stream connect to networkmanager. - Fix labeling for keystone CGI scripts. - Add more restriction on entrypoint for unconfined domains. - Allow systemd_networkd_t to load kernel module. BZ(1209402) - Allow systemd_networkd cap. dac_override. BZ(1204352) - Label new dnssec-trigger files.- Label /usr/libexec/mongodb-scl-helper as mongod_initrc_exec_t. BZ(1202013) - Add mongodb port to httpd_can_network_connect_db interface. BZ(1209180) - Merge postfix spool types(maildrop,flush) to one postfix_spool_t - Add collectd net_raw capability. BZ(1194169) - Fix cloudform policy.(m4 is case sensitive) - Allow networkmanager and cloud_init_t to dbus chat - Allow polkit to dbus chat with xserver. (1207478)- Allow kmscon to read system state. BZ (1206871) - Allow plymouthd to open usbttys. BZ(1202429) - apmd needs sys_resource when shutting down the machine - Allow xdm_t to read colord_var_lib_t files. BZ(1201985) - Use enable_mls instead of enabled_mls. - Allow a user to login with different security level via ssh.- Allow mysqld_t to use pam. BZ(1196104) - Added label mysqld_etc_t for /etc/my.cnf.d/ dir. BZ(1203989) - Allow fetchmail to read mail_spool_t. BZ(1200552) - Dontaudit blueman_t write to all mountpoints. BZ(1198272) - docker watches for content in the /etc directory - Allow all domains some process flags. - Turn on overlayfs labeling for testin, we need this backported to F22 and Rawhide. Eventually will need this in RHEL- docker watches for content in the /etc directory - Fix abrt_filetrans_named_content() to create /var/tmp/abrt with the correct abrt_var_cache_t labeling. - Allow docker to relablefrom/to sockets and docker_log_t - Allow docker to communicate with openvswitch - Allow journald to set loginuid. BZ(1190498) - Add cap. sys_admin for passwd_t. BZ(1185191) - Allow abrt-hook-ccpp running as kernel_t to allow create /var/tmp/abrt with correct labeling.- Allow spamc read spamd_etc_t files. BZ(1199339). - Allow collectd to write to smnpd_var_lib_t dirs. BZ(1199278) - Allow abrt_watch_log_t read passwd file. BZ(1197396) - Allow abrt_watch_log_t to nsswitch_domain. BZ(1199659) - Allow cups to read colord_var_lib_t files. BZ(1199765)- Turn on rolekit in F22- Allow glusterd_t exec glusterd_var_lib_t files. BZ(1198406) - Add gluster_exec_lib interface. - Allow l2tpd to manage NetworkManager pid files - Allow firewalld_t relabelfrom firewalld_rw_etc_t. BZ(1195327) - Allow cyrus bind tcp berknet port. BZ(1198347) - Add nsswitch domain for more serviecs. - Allow abrt_dump_oops_t read /etc/passwd file. BZ(1197190) - Remove ftpd_use_passive_mode boolean. It does not make sense due to ephemeral port handling. - Make munin yum plugin as unconfined by default. - Allow bitlbee connections to the system DBUS. - Allow system apache scripts to send log messages. - Allow denyhosts execute iptables. BZ(1197371) - Allow brltty rw event device. BZ(1190349) - Allow cupsd config to execute ldconfig. BZ(1196608) - xdm_t now needs to manage user ttys - Allow ping_t read urand. BZ(1181831) - Add support for tcp/2005 port. - Allow setfiles domain to access files with admin_home_t. semanage -i /root/testfile. - In F23 we are running xserver as the user, need this to allow confined users to us X- Fix source filepath for moving html files.- Xserver needs to be transitioned to from confined users - Added logging_syslogd_pid_filetrans - xdm_t now talks to hostnamed - Label new strongswan binary swanctl and new unit file strongswan-swanctl.service. BZ(1193102) - Additional fix for labeleling /dev/log correctly. - cups chats with network manager - Allow parent domains to read/write fifo files in mozilla plugin - Allow spc_t to transition to svirt domains - Cleanup spc_t - docker needs more control over spc_t - pcp domains are executed out of cron- Allow audisp to connect to system DBUS for service. - Label /dev/log correctly. - Add interface init_read_var_lib_files(). - Allow abrt_dump_oops_t read /var/lib/systemd/, Allow abrt_dump_oops_t cap. chown,fsetid,fowner, BZ(1187017)- Label /usr/libexec/postgresql-ctl as postgresql_exec_t. BZ(1191004) - Remove automatcically running filetrans_named_content form sysnet_manage_config - Allow syslogd/journal to read netlink audit socket - Allow brltty ioctl on usb_device_t. BZ(1190349) - Make sure NetworkManager configures resolv.conf correctly- Allow cockpit_session_t to create tmp files - apmd needs sys_resource when shutting down the machine - Fix path label to resolv.conf under NetworkManager- Allow search all pid dirs when managing net_conf_t files.- Fix labels, improve sysnet_manage_config interface. - Label /var/run/NetworkManager/resolv.conf.tmp as net_conf_t. - Dontaudit network connections related to thumb_t. BZ(1187981) - Remove sysnet_filetrans_named_content from fail2ban- Fix labels on new location of resolv.conf - syslog is not writing to the audit socket - seunshare is doing getattr on unix_stream_sockets leaked into it - Allow sshd_t to manage gssd keyring - Allow apps that create net_conf_t content to create .resolv.conf.NetworkManager - Posgresql listens on port 9898 when running PCP (pgpool Control Port) - Allow svirt sandbox domains to read /proc/mtrr - Allow polipo_deamon connect to all ephemeral ports. BZ(1187723) - Allow dovecot domains to use sys_resouce - Allow sshd_t to manage gssd keyring - gpg_pinentry_t needs more access in f22- Allow docker to attach to the sandbox and user domains tun devices - Allow pingd to read /dev/urandom. BZ(1181831) - Allow virtd to list all mountpoints - Allow sblim-sfcb to search images - pkcsslotd_lock_t should be an alias for pkcs_slotd_lock_t. - Call correct macro in virt_read_content(). - Dontaudit couchdb search in gconf_home_t. BZ(1177717) - Allow docker_t to changes it rlimit - Allow neutron to read rpm DB. - Allow radius to connect/bind radsec ports - Allow pm-suspend running as virt_qemu_ga to read /var/log/pm-suspend.log. - Add devicekit_read_log_files(). - Allow virt_qemu_ga to dbus chat with rpm. - Allow netutils chown capability to make tcpdump working with -w. - Label /ostree/deploy/rhel-atomic-host/deploy directory as system_conf_t. - journald now reads the netlink audit socket - Add auditing support for ipsec.- Bump release- remove duplicate filename transition rules. - Call proper interface in sosreport.te. - Allow fetchmail to manage its keyring - Allow mail munin to create udp_sockets - Allow couchdb to sendto kernel unix domain sockets- Add /etc/selinux/targeted/contexts/openssh_contexts- Allow logrotate to read hawkey.log in /var/cache/dnf/ BZ(1163438) - Allow virt_qemu_ga_t to execute kmod. - Add missing files_dontaudit_list_security_dirs() for smbd_t in samba_export_all_ro boolean - Add additionnal MLS attribute for oddjob_mkhomedir to create homedirs. - Add support for /usr/share/vdsm/daemonAdapter. - Docker has a new config/key file it writes to /etc/docker - Allow bacula to connect also to postgresql.- Allow admin SELinux users mounting / as private within a new mount namespace as root in MLS. - Fix miscfiles_manage_generic_cert_files() to allow manage link files - Allow pegasus_openlmi_storage_t use nsswitch. BZ(1172258) - Add support for /var/run/gluster. - Allow openvpn manage systemd_passwd_var_run_t files. BZ(1170085)- Add files_dontaudit_list_security_dirs() interface. - Added seutil_dontaudit_access_check_semanage_module_store interface. - Allow docker to create /root/.docker - Allow rlogind to use also rlogin ports - dontaudit list security dirs for samba domain - Dontaudit couchdb to list /var- Update to have all _systemctl() interface also init_reload_services() - Dontaudit access check on SELinux module store for sssd. - Label /var/lib/rpmrebuilddb/ as rpm_var_lib_t. BZ (1167946)- Allow reading of symlinks in /etc/puppet - Added TAGS to gitignore - I guess there can be content under /var/lib/lockdown #1167502 - Allow rhev-agentd to read /dev/.udev/db to make deploying hosted engine via iSCSI working. - Allow keystone to send a generic signal to own process. - Allow radius to bind tcp/1812 radius port. - Dontaudit list user_tmp files for system_mail_t - label virt-who as virtd_exec_t - Allow rhsmcertd to send a null signal to virt-who running as virtd_t - Add virt_signull() interface - Add missing alias for _content_rw_t - Allow .snapshots to be created in other directories, on all mountpoints - Allow spamd to access razor-agent.log - Add fixes for sfcb from libvirt-cim TestOnly bug. (#1152104) - Allow .snapshots to be created in other directories, on all mountpoints - Label tcp port 5280 as ejabberd port. BZ(1059930) - Make /usr/bin/vncserver running as unconfined_service_t - Label /etc/docker/certs.d as cert_t - Allow all systemd domains to search file systems- Allow NetworkManager stream connect on openvpn. BZ(1165110)- Allow networkmanager manage also openvpn sock pid files.- Allow openvpn to create uuid connections in /var/run/NetworkManager with NM labeling. - Allow sendmail to create dead.letter. BZ(1165443) - Allow selinux_child running as sssd access check on /etc/selinux/targeted/modules/active. - Allow access checks on setfiles/load_policy/semanage_lock for selinux_child running as sssd_t. - Label sock file charon.vici as ipsec_var_run_t. BZ(1165065) - Add additional interfaces for load_policy/setfiles/read_lock related to access checks.- Allow bumblebee to use nsswitch. BZ(1155339) - Allow openvpn to stream connect to networkmanager. BZ(1164182) - Allow smbd to create HOMEDIRS is pam_oddjob_mkhomedir in MLS. - Allow cpuplug rw virtual memory sysctl. BZ (1077831) - Docker needs to write to sysfs, needs back port to F20,F21, RHEL7- Add kdump_rw_inherited_kdumpctl_tmp_pipes() - Added fixes related to linuxptp. BZ (1149693) - Label keystone cgi files as keystone_cgi_script_exec_t. BZ(1138424 - Dontaudit policykit_auth_t to access to user home dirs. BZ (1157256) - Fix seutil_dontaudit_access_check_load_policy() - Add dontaudit interfaces for audit_access in seutil - Label /etc/strongimcv as ipsec_conf_file_t.- Added interface userdom_dontaudit_manage_user_home_dirs - Fix unconfined_server_dbus_chat() interface. - Add unconfined_server_dbus_chat() inteface. - Allow login domains to create kernel keyring with different level. - Dontaudit policykit_auth_t to write to user home dirs. BZ (1157256) - Make tuned as unconfined domain. - Added support for linuxptp policy. BZ(1149693) - make zoneminder as dbus client by default. - Allow bluetooth read/write uhid devices. BZ (1161169) - Add fixes for hypervkvp daemon - Allow guest to connect to libvirt using unix_stream_socket. - Allow all bus client domains to dbus chat with unconfined_service_t. - Allow inetd service without own policy to run in inetd_child_t which is unconfined domain. - Make opensm as nsswitch domain to make it working with sssd. - Allow brctl to read meminfo. - Allow winbind-helper to execute ntlm_auth in the caller domain. - Make plymouthd as nsswitch domain to make it working with sssd. - Make drbd as nsswitch domain to make it working with sssd. - Make conman as nsswitch domain to make ipmitool.exp runing as conman_t working. - Add support for /var/lib/sntp directory.- Add support for /dev/nvme controllerdevice nodes created by nvme driver. - Add 15672 as amqp_port_t - Allow wine domains to read user homedir content - Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc - Allow winbind to read usermodehelper - Allow telepathy domains to execute shells and bin_t - Allow gpgdomains to create netlink_kobject_uevent_sockets - Allow abrt to read software raid state. BZ (1157770) - Fix rhcs_signull_haproxy() interface. - Add suppor for keepalived unconfined scripts and allow keepalived to read all domain state and kill capability. - Allow snapperd to dbus chat with system cron jobs. - Allow nslcd to read /dev/urandom. - Allow dovecot to create user's home directory when they log into IMAP. - Label also logrotate.status.tmp as logrotate_var_lib_t. BZ(1158835) - Allow wine domains to read user homedir content - Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc- Allow keystone_cgi_script_t to bind on commplex_main_port. BZ (#1138424) - Allow freeipmi_bmc_watchdog rw_sem_perms to freeipmi_ipmiseld - Allow rabbitmq to read nfs state data. BZ(1122412) - Allow named to read /var/tmp/DNS_25 labeled as krb5_host_rcache_t. - Add rolekit policy - ALlow rolekit domtrans to sssd_t. - Add kerberos_tmp_filetrans_kadmin() interface. - rolekit should be noaudit. - Add rolekit_manage_keys(). - Need to label rpmnew file correctly - Allow modemmanger to connectto itself- Allow couchdb read sysctl_fs_t files. BZ(1154327) - Allow osad to connect to jabber client port. BZ (1154242) - Allow mon_statd to send syslog msgs. BZ (1077821 - Allow apcupsd to get attributes of filesystems with xattrs- Allow systemd-networkd to be running as dhcp client. - Label /usr/bin/cockpit-bridge as shell_exec_t. - Add label for /var/run/systemd/resolve/resolv.conf. - ALlow listen and accept on tcp socket for init_t in MLS. Previously it was for xinetd_t. - Allow systemd-networkd to be running as dhcp client. - Label /usr/bin/cockpit-bridge as shell_exec_t. - Add label for /var/run/systemd/resolve/resolv.conf. - ALlow listen and accept on tcp socket for init_t in MLS. Previously it was for xinetd_t.- Dontaudit aicuu to search home config dir. BZ (#1104076) - couchdb is using erlang so it needs execmem privs - ALlow sanlock to send a signal to virtd_t. - Allow mondogdb to 'accept' accesses on the tcp_socket port. - Make sosreport as unconfined domain. - Allow nova-console to connect to mem_cache port. - Allow mandb to getattr on file systems - Allow read antivirus domain all kernel sysctls. - Allow lmsd_plugin to read passwd file. BZ(1093733) - Label /usr/share/corosync/corosync as cluster_exec_t. - ALlow sensord to getattr on sysfs. - automount policy is non-base module so it needs to be called in optional block. - Add auth_use_nsswitch for portreserve to make it working with sssd. - Fix samba_export_all_ro/samba_export_all_rw booleans to dontaudit search/read security files. - Allow openvpn to execute systemd-passwd-agent in systemd_passwd_agent_t to make openvpn working with systemd. - Allow openvpn to access /sys/fs/cgroup dir. - Allow nova-scheduler to read certs - Add support for /var/lib/swiftdirectory. - Allow neutron connections to system dbus. - Allow mongodb to manage own log files. - Allow opensm_t to read/write /dev/infiniband/umad1. - Added policy for mon_statd and mon_procd services. BZ (1077821) - kernel_read_system_state needs to be called with type. Moved it to antivirus.if. - Allow dnssec_trigger_t to execute unbound-control in own domain. - Allow all RHCS services to read system state. - Added monitor device - Add interfaces for /dev/infiniband - Add infiniband_device_t for /dev/infiniband instead of fixed_disk_device_t type. - Add files_dontaudit_search_security_files() - Add selinuxuser_udp_server boolean - ALlow syslogd_t to create /var/log/cron with correct labeling - Add support for /etc/.updated and /var/.updated - Allow iptables read fail2ban logs. BZ (1147709) - ALlow ldconfig to read proc//net/sockstat.- Allow nova domains to getattr on all filesystems. - ALlow zebra for user/group look-ups. - Allow lsmd to search own plguins. - Allow sssd to read selinux config to add SELinux user mapping. - Allow swift to connect to all ephemeral ports by default. - Allow NetworkManager to create Bluetooth SDP sockets - Allow keepalived manage snmp var lib sock files. BZ(1102228) - Added policy for blrtty. BZ(1083162) - Allow rhsmcertd manage rpm db. BZ(#1134173) - Allow rhsmcertd send signull to setroubleshoot. BZ (#1134173) - Label /usr/libexec/rhsmd as rhsmcertd_exec_t - Fix broken interfaces - Added sendmail_domtrans_unconfined interface - Added support for cpuplug. BZ (#1077831) - Fix bug in drbd policy, BZ (#1134883) - Make keystone_cgi_script_t domain. BZ (#1138424) - fix dev_getattr_generic_usb_dev interface - Label 4101 tcp port as brlp port - Allow libreswan to connect to VPN via NM-libreswan. - Add userdom_manage_user_tmpfs_files interface- Allow all domains to read fonts - Allow rabbitmq_t read rabbitmq_var_lib_t lnk files. BZ (#1147028) - Allow pki-tomcat to change SELinux object identity. - Allow radious to connect to apache ports to do OCSP check - Allow git cgi scripts to create content in /tmp - Allow cockpit-session to do GSSAPI logins.- Make sure /run/systemd/generator and system is labeled correctly on creation. - Additional access required by usbmuxd - Allow sensord read in /proc BZ(#1143799)- Allow du running in logwatch_t read hwdata. - Allow sys_admin capability for antivirus domians. - Use nagios_var_lib_t instead of nagios_lib_t in nagios.fc. - Add support for pnp4nagios. - Add missing labeling for /var/lib/cockpit. - Label resolv.conf as docker_share_t under docker so we can read within a container - Remove labeling for rabbitmqctl - setfscreate in pki.te is not capability class. - Allow virt domains to use virtd tap FDs until we get proper handling in libvirtd. - Allow wine domains to create cache dirs. - Allow newaliases to systemd inhibit pipes. - Add fixes for pki-tomcat scriptlet handling. - Allow user domains to manage all gnome home content - Allow locate to look at files/directories without labels, and chr_file and blk_file on non dev file systems - Allow usbmuxd chown capabilitiesllow locate to look at files/directories without labels, and chr_file and blk_file on non dev file systems- Label /usr/lib/erlang/erts.*/bin files as bin_t - Added changes related to rabbitmq daemon. - Fix labeling in couchdb policy - Allow rabbitmq bind on epmd port - Clean up rabbitmq policy - fix domtrans_rabbitmq interface - Added rabbitmq_beam_t and rabbitmq_epmd_t alias - Allow couchdb to getattr - Allow couchdb write to couchdb_conf files - Allow couchdb to create dgram_sockets - Added support for ejabberd- Back port workaround for #1134389 from F20. It needs to be removed from rawhide once we ship F21. - Since docker will now label volumes we can tighten the security of docker- Re-arange openshift_net_read_t rules. - Kernel is reporting random block_suspends, we should dontaudit these until the kernel is fixed in Rawhide - Allow jockey_t to use tmpfs files - Allow pppd to create sock_files in /var/run - Allow geoclue to stream connect to smart card service - Allow docker to read all of /proc - ALlow passeneger to read/write apache stream socket. - Dontaudit read init state for svirt_t. - Label /usr/sbin/unbound-control as named_exec_t (#1130510) - Add support for /var/lbi/cockpit directory. - Add support for ~/. speech-dispatcher. - Allow nmbd to read /proc/sys/kernel/core_pattern. - aLlow wine domains to create wine_home symlinks. - Allow policykit_auth_t access check and read usr config files. - Dontaudit access check on home_root_t for policykit-auth. - hv_vss_daemon wants to list /boot - update gpg_agent_env_file booelan to allow manage user tmp files for gpg-agent - Fix label for /usr/bin/courier/bin/sendmail - Allow munin services plugins to execute fail2ban-client in fail2ban_client_t domain. - Allow unconfined_r to access unconfined_service_t. - Add label for ~/.local/share/fonts - Add init_dontaudit_read_state() interface. - Add systemd_networkd_var_run_t labeling for /var/run/systemd/netif and allow systemd-networkd to manage it. - Allow udev_t mounton udev_var_run_t dirs #(1128618) - Add files_dontaudit_access_check_home_dir() inteface.- Allow unconfined_service_t to dbus chat with all dbus domains - Assign rabbitmq port. BZ#1135523 - Add new interface to allow creation of file with lib_t type - Allow init to read all config files - We want to remove openshift_t domains ability to look at /proc/net - I guess lockdown is a file not a directory - Label /var/bacula/ as bacula_store_t - Allow rhsmcertd to seng signull to sosreport. - Allow sending of snmp trap messages by radiusd. - remove redundant rule fron nova.te. - Add auth_use_nsswitch() for ctdbd. - call nova_vncproxy_t instead of vncproxy. - Allow nova-vncproxy to use varnishd port. - Fix rhnsd_manage_config() to allow manage also symlinks. - Allow bacula to create dirs/files in /tmp - Allow nova-api to use nsswitch. - Clean up nut policy. Allow nut domains to create temp files. Add nut_domain_template() template interface. - Allow usbmuxd connect to itself by stream socket. (#1135945) - I see no reason why unconfined_t should transition to crontab_t, this looks like old cruft - Allow nswrapper_32_64.nppdf.so to be created with the proper label - Assign rabbitmq port. BZ#1135523 - Dontaudit leaks of file descriptors from domains that transition to thumb_t - Fixes for usbmuxd, addition of /var/lib/lockdown, and allow it to use urand, dontaudit sys_resource - Allow unconfined_service_t to dbus chat with all dbus domains - Allow avahi_t communicate with pcp_pmproxy_t over dbus.(better way) - Allow avahi_t communicate with pcp_pmproxy_t over dbus.- Allow aide to read random number generator - Allow pppd to connect to http port. (#1128947) - sssd needs to be able write krb5.conf. - Labeli initial-setup as install_exec_t. - Allow domains to are allowed to mounton proc to mount on files as well as dirs- Label ~/tmp and ~/.tmp directories in user tmp dirs as user_tmp_t - Add a port definition for shellinaboxd - Fix labeling for HOME_DIR/tmp and HOME_DIR/.tmp directories - Allow thumb_t to read/write video devices - fail2ban 0.9 reads the journal by default. - Allow sandbox net domains to bind to rawip socket- Allow haproxy to read /dev/random and /dev/urandom. - Allow mdadm to seng signull kernel_t which is proces type of mdadm on early boot. - geoclue needs to connect to http and http_cache ports - Allow passenger to use unix_stream_sockets leaked into it, from httpd - Add SELinux policy for highly-available key value store for shared configuration. - drbd executes modinfo. - Add glance_api_can_network boolean since glance-api uses huge range port. - Fix glance_api_can_network() definition. - Allow smoltclient to connect on http_cache port. (#982199) - Allow userdomains to stream connect to pcscd for smart cards - Allow programs to use pam to search through user_tmp_t dires (/tmp/.X11-unix) - Added MLS fixes to support labeled socket activation which is going to be done by systemd - Add kernel_signull() interface. - sulogin_t executes plymouth commands - lvm needs to be able to accept connections on stream generic sockets- Rebuild for rpm bug 1131960- Allow ssytemd_logind_t to list tmpfs directories - Allow lvm_t to create undefined sockets - Allow passwd_t to read/write stream sockets - Allow docker lots more access. - Fix label for ports - Add support for arptables-{restore,save} and also labeling for /usr/lib/systemd/system/arptables.service. - Label tcp port 4194 as kubernetes port. - Additional access required for passenger_t - sandbox domains should be allowed to use libraries which require execmod - Allow qpid to read passwd files BZ (#1130086) - Remove cockpit port, it is now going to use websm port - Add getattr to the list of access to dontaudit on unix_stream_sockets - Allow sendmail to append dead.letter located in var/spool/nagios/dead.letter.- docker needs to be able to look at everything in /dev - Allow all processes to send themselves signals - Allow sysadm_t to create netlink_tcpdiag socket - sysadm_t should be allowed to communicate with networkmanager - These are required for bluejeans to work on a unconfined.pp disabled machine - docker needs setfcap - Allow svirt domains to manage chr files and blk files for mknod commands - Allow fail2ban to read audit logs - Allow cachefilesd_t to send itself signals - Allow smokeping cgi script to send syslog messages - Allow svirt sandbox domains to relabel content - Since apache content can be placed anywhere, we should just allow apache to search through any directory - These are required for bluejeans to work on a unconfined.pp disabled machin- shell_exec_t should not be in cockip.fc- Add additional fixes for abrt-dump-journal-oops which is now labeled as abrt_dump_oops_exec_t. - Allow denyhosts to enable synchronization which needs to connect to tcp/9911 port. - Allow nacl_helper_boo running in :chrome_sandbox_t to send SIGCHLD to chrome_sandbox_nacl_t. - Dontaudit write access on generic cert files. We don't audit also access check. - Add support for arptables. - Add labels and filenametrans rules for ostree repo directories which needs to be writable by subscription-manager.- fix license handling- Add new mozilla_plugin_bind_unreserved_ports boolean to allow mozilla plugin to use tcp/udp unreserved ports. There is a lot of plugins which binds ports without SELinux port type. We want to allow users to use these plugins properly using this boolean. (#1109681) - Allow smokeping cgi scripts to accept connection on httpd stream socket. - docker does a getattr on all file systems - Label all abort-dump programs - Allow alsa to create lock file to see if it fixes. - Add support for zabbix external scripts for which zabbix_script_t domain has been created. This domain is unconfined by default and user needs to run "semodule -d unconfined" to make system running without unconfined domains. The default location of these scripts is /usr/lib/zabbix/externalscripts. If a user change DATADIR in CONFIG_EXTERNALSCRIPTS then he needs to set labeling for this new location. - Add interface for journalctl_exec - Add labels also for glusterd sockets. - Change virt.te to match default docker capabilies - Add additional booleans for turning on mknod or all caps. - Also add interface to allow users to write policy that matches docker defaults - for capabilies. - Label dhcpd6 unit file. - Add support also for dhcp IPv6 services. - Added support for dhcrelay service - Additional access for bluejeans - docker needs more access, need back port to RHEL7 - Allow mdadm to connect to own socket created by mdadm running as kernel_t. - Fix pkcs, Remove pkcs_lock_filetrans and Add files_search_locks - Allow bacula manage bacula_log_t dirs - Allow pkcs_slotd_t read /etc/passwd, Label /var/lock/opencryptoki as pkcs_slotd_lock_t - Fix mistakes keystone and quantum - Label neutron var run dir - Label keystone var run dir - Fix bad labeling for /usr/s?bin/(oo|rhc)-restorer-wrapper.sh in openshift.fc. - Dontaudit attempts to access check cert dirs/files for sssd. - Allow sensord to send a signal. - Allow certmonger to stream connect to dirsrv to make ipa-server-install working. - Label zabbix_var_lib_t directories - Label conmans pid file as conman_var_run_t - Label also /var/run/glusterd.socket file as gluster_var_run_t - Fix policy for pkcsslotd from opencryptoki - Update cockpik policy from cockpit usptream. - Allow certmonger to exec ldconfig to make ipa-server-install working. - Added support for Naemon policy - Allow keepalived manage snmp files - Add setpgid process to mip6d - remove duplicate rule - Allow postfix_smtpd to stream connect to antivirus - Dontaudit list /tmp for icecast - Allow zabbix domains to access /proc//net/dev.- Allow zabbix domains to access /proc//net/dev. - Dontaudit list /tmp for icecast (#894387) - Allow postfix_smtpd to stream connect to antivirus (#1105889) - Add setpgid process to mip6d - Allow keepalived manage snmp files(#1053450) - Added support for Naemon policy (#1120789). - Allow certmonger to exec ldconfig to make ipa-server-install working. (#1122110) - Update cockpik policy from cockpit usptream.- Revert labeling back to /var/run/systemd/initctl/fifo - geoclue dbus chats with modemmanger - Bluejeans wants to connect to port 5000 - geoclue dbus chats with modemmange- Allow sysadm to dbus chat with systemd - Add logging_dontaudit_search_audit_logs() - Add new files_read_all_mountpoint_symlinks() - Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo. - Allow ndc to read random and urandom device (#1110397) - Allow zabbix to read system network state - Allow fprintd to execute usr_t/bin_t - Allow mailserver_domain domains to append dead.letter labeled as mail_home_t - Add glance_use_execmem boolean to have glance configured to use Ceph/rbd - Dontaudit search audit logs for fail2ban - Allow mailserver_domain domains to create mail home content with right labeling - Dontaudit svirt_sandbox_domain doing access checks on /proc - Fix files_pid_filetrans() calling in nut.te to reflect allow rules. - Use nut_domain attribute for files_pid_filetrans() for nut domains. - Allow sandbox domains read all mountpoint symlinks to make symlinked homedirs - Fix nut domains only have type transition on dirs in /run/nut directory. - Allow net_admin/net_raw capabilities for haproxy_t. haproxy uses setsockopt() - Clean up osad policy. Remove additional interfaces/rules- Allow systemd domains to check lvm status - Allow getty to execute plymouth.#1112870 - Allow sshd to send signal to chkpwd_t - initrctl fifo file has been renamed - Set proper labeling on /var/run/sddm - Fix labeling for cloud-init logs - Allow kexec to read kallsyms - Add rhcs_stream_connect_haproxy interface, Allow neutron stream connect to rhcs - Add fsetid caps for mandb. #1116165 - Allow all nut domains to read /dev/(u)?random. - Allow deltacloudd_t to read network state BZ #1116940 - Add support for KVM virtual machines to use NUMA pre-placement - Allow utilize winbind for authentication to AD - Allow chrome sandbox to use udp_sockets leaked in by its parent - Allow gfs_controld_t to getattr on all file systems - Allow logrotate to manage virt_cache - varnishd needs to have fsetid capability - Allow dovecot domains to send signal perms to themselves - Allow apache to manage pid sock files - Allow nut_upsmon_t to create sock_file in /run dir - Add capability sys_ptrace to stapserver - Mysql can execute scripts when run in a cluster to see if someone is listening on a socket, basically runs lsof - Added support for vdsm- If I can create a socket I need to be able to set the attributes - Add tcp/8775 port as neutron port - Add additional ports for swift ports - Added changes to fedora from bug bz#1082183 - Add support for tcp/6200 port - Allow collectd getattr access to configfs_t dir Fixes Bug 1115040 - Update neutron_manage_lib_files() interface - Allow glustered to connect to ephemeral ports - Allow apache to search ipa lib files by default - Allow neutron to domtrans to haproxy - Add rhcs_domtrans_haproxy() - Add support for openstack-glance-* unit files - Add initial support for /usr/bin/glance-scrubber - Allow swift to connect to keystone and memcache ports. - Fix labeling for /usr/lib/systemd/system/openstack-cinder-backup - Add policies for openstack-cinder - Add support for /usr/bin/nova-conductor - Add neutron_can_network boolean - Allow neutron to connet to neutron port - Allow glance domain to use syslog - Add support for /usr/bin/swift-object-expirer and label it as swift_exec_t- Allow swift to use tcp/6200 swift port - ALlow swift to search apache configs - Remove duplicate .fc entry for Grilo plugin bookmarks - Remove duplicate .fc entry for telepathy-gabble - Additional allow rules for docker sandbox processes - Allow keepalived connect to agentx port - Allow neutron-ns-metadata to connectto own unix stream socket - Add support for tcp/6200 port - Remove ability for confined users to run xinit - New tool for managing wireless /usr/sbin/iw- Add back MLS policy- Implement new spec file handling for *.pp modules which allows us to move a policy module out of the policy- Allow system_bus_types to use stream_sockets inherited from system_dbusd - Allow journalctl to call getpw - New access needed by dbus to talk to kernel stream - Label sm-notifypid files correctly - contrib: Add KMSCon policy module- Add mozilla_plugin_use_bluejeans boolean - Add additional interfaces needed by mozilla_plugin_use_bluejeans boolean- Allow staff_t to communicate and run docker - Fix *_ecryptfs_home_dirs booleans - Allow ldconfig_t to read/write inherited user tmp pipes - Allow storaged to dbus chat with lvm_t - Add support for storaged and storaged-lvm-helper. Labeled it as lvm_exec_t. - Use proper calling in ssh.te for userdom_home_manager attribute - Use userdom_home_manager_type() also for ssh_keygen_t - Allow locate to list directories without labels - Allow bitlbee to use tcp/7778 port - /etc/cron.daily/logrotate to execute fail2ban-client. - Allow keepalives to connect to SNMP port. Support to do SNMP stuff - Allow staff_t to communicate and run docker - Dontaudit search mgrepl/.local for cobblerd_t - Allow neutron to execute kmod in insmod_t - Allow neutron to execute udevadm in udev_t - Allow also fowner cap for varnishd - Allow keepalived to execute bin_t/shell_exec_t - rhsmcertd seems to need these accesses. We need this backported to RHEL7 and perhaps RHEL6 policy - Add cups_execmem boolean - Allow gear to manage gear service - New requires for gear to use systemctl and init var_run_t - Allow cups to execute its rw_etc_t files, for brothers printers - Add fixes to make munin and munin-cgi working. Allow munin-cgit to create files/dirs in /tmp, list munin conf dirs and manage munin logs. - Allow swift to execute bin_t - Allow swift to bind http_cache- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Add decl for cockip port - Allow sysadm_t to read all kernel proc - Allow logrotate to execute all executables - Allow lircd_t to use tty_device_t for use withmythtv - Make sure all zabbix files direcories in /var/log have the correct label - Allow bittlebee to create directories and files in /var/log with the correct label - Label /var/log/horizon as an apache log - Add squid directory in /var/run - Add transition rules to allow rabbitmq to create log files and var_lib files with the correct label - Wronly labeled avahi_var_lib_t as a pid file - Fix labels on rabbitmq_var_run_t on file/dir creation - Allow neutron to create sock files - Allow postfix domains to getattr on all file systems - Label swift-proxy-server as swift_exec_t - Tighten SELinux capabilities to match docker capabilities - Add fixes for squid which is configured to run with more than one worker. - Allow cockpit to bind to its port- geard seems to do a lot of relabeling - Allow system_mail_t to append to munin_var_lib_t - Allow mozilla_plugin to read alsa_rw_ content - Allow asterisk to connect to the apache ports - Dontaudit attempts to read fixed disk - Dontaudit search gconf_home_t - Allow rsync to create swift_server.lock with swift.log labeling - Add labeling for swift lock files - Use swift_virt_lock in swift.te - Allow openwsman to getattr on sblim_sfcbd executable - Fix sblim_stream_connect_sfcb() to contain also sblim_tmp_t - Allow openwsman_t to read/write sblim-sfcb shared mem - Allow openwsman to stream connec to sblim-sfcbd - Allow openwsman to create tmpfs files/dirs - dontaudit acces to rpm db if rpm_exec for swift_t and sblim_sfcbd_t - Allow sblim_sfcbd to execute shell - Allow swift to create lock file - Allow openwsman to use tcp/80 - Allow neutron to create also dirs in /tmp - Allow seunshare domains to getattr on all executables - Allow ssh-keygen to create temporary files/dirs needed by OpenStack - Allow named_filetrans_domain to create /run/netns - Allow ifconfig to create /run/netns- Add missing dyntransition for sandbox_x_domain- More rules for gears and openshift - Added iotop policy. Thanks William Brown - Allow spamc to read .pyzor located in /var/spool/spampd - Allow spamc to create home content with correct labeling - Allow logwatch_mail_t to create dead.letter with correct labelign - Add labeling for min-cloud-agent - Allow geoclue to read unix in proc. - Add support for /usr/local/Brother labeling. We removed /usr/local equiv. - add support for min-cloud-agent - Allow ulogd to request the kernel to load a module - remove unconfined_domain for openwsman_t - Add openwsman_tmp_t rules - Allow openwsman to execute chkpwd and make this domain as unconfined for F20. - Allow nova-scheduler to read passwd file - Allow neutron execute arping in neutron_t - Dontaudit logrotate executing systemctl command attempting to net_admin - Allow mozilla plugins to use /dev/sr0 - svirt sandbox domains to read gear content in /run. Allow gear_t to manage openshift files - Any app that executes systemctl will attempt a net_admin - Fix path to mmap_min_addr- Add gear fixes from dwalsh- selinux_unconfined_type should not be able to set booleans if the securemode is set - Update sandbox_transition() to call sandbox_dyntrasition(). #885288.- Fix labeling for /root/\.yubico - userdom_search_admin_dir() calling needs to be optional in kernel.te - Dontaudit leaked xserver_misc_device_t into plugins - Allow all domains to search through all base_file_types, this should be back ported to RHEL7 policy - Need to allow sssd_t to manage kernel keyrings in login programs since they don't get labeled with user domains - Bootloader wants to look at init state - Add MCS/MLS Constraints to kernel keyring, also add MCS Constraints to ipc, sem.msgq, shm - init reads kdbump etc files - Add support for tcp/9697 - Fix labeling for /var/run/user//gvfs - Add support for us_cli ports - fix sysnet_use_ldap - Allow mysql to execute ifconfig if Red Hat OpenStack - ALlow stap-server to get attr on all fs - Fix mail_pool_t to mail_spool_t - Dontaudit leaked xserver_misc_device_t into plugins - Need to allow sssd_t to manage kernel keyrings in login programs since they don't get labeled with user domains - Add new labeling for /var/spool/smtpd - Allow httpd_t to kill passenger - Allow apache cgi scripts to use inherited httpd_t unix_stream_sockets - Allow nova-scheduler to read passwd/utmp files - Additional rules required by openstack, needs backport to F20 and RHEL7 - Additional access required by docker - ALlow motion to use tcp/8082 port- Fix virt_use_samba boolean - Looks like all domains that use dbus libraries are now reading /dev/urand - Add glance_use_fusefs() boolean - Allow tgtd to read /proc/net/psched - Additional access required for gear management of openshift directories - Allow sys_ptrace for mock-build - Fix mock_read_lib_files() interface - Allow mock-build to write all inherited ttys and ptys - Allow spamd to create razor home dirs with correct labeling - Clean up sysnet_use_ldap() - systemd calling needs to be optional - Allow init_t to setattr/relabelfrom dhcp state files- mongod should not be a part of cloudforms.pp - Fix labeling in snapper.fc - Allow docker to read unconfined_t process state - geoclue dbus chats with NetworkManager - Add cockpit policy - Add interface to allow tools to check the processes state of bind/named - Allow myslqd to use the tram port for Galera/MariaDB- Allow init_t to setattr/relabelfrom dhcp state files - Allow dmesg to read hwdata and memory dev - Allow strongswan to create ipsec.secrets with correct labeling in /etc/strongswan - Dontaudit antivirus domains read access on all security files by default - Add missing alias for old amavis_etc_t type - Additional fixes for instack overcloud - Allow block_suspend cap for haproxy - Allow OpenStack to read mysqld_db links and connect to MySQL - Remove dup filename rules in gnome.te - Allow sys_chroot cap for httpd_t and setattr on httpd_log_t - Add labeling for /lib/systemd/system/thttpd.service - Allow iscsid to handle own unit files - Add iscsi_systemctl() - Allow mongod also create sock_file with correct labeling in /run - Allow aiccu stream connect to pcscd - Allow rabbitmq_beam to connect to httpd port - Allow httpd to send signull to apache script domains and don't audit leaks - Fix labeling in drbd.fc - Allow sssd to connect to the smbd port for handing logins using active directory, needs back port for rhel7 - Allow all freeipmi domains to read/write ipmi devices - Allow rabbitmq_epmd to manage rabbit_var_log_t files - Allow sblim_sfcbd to use also pegasus-https port - Allow chronyd to read /sys/class/hwmon/hwmon1/device/temp2_input - Add httpd_run_preupgrade boolean - Add interfaces to access preupgrade_data_t - Add preupgrade policy - Add labeling for puppet helper scriptsRename puppet_t to puppetagent_t and used it only for puppet agent which can be started by init. Also make it as unconfined_noaudit because there is no reason to confine it but we wantto avoid init_t.- Change hsperfdata_root to have as user_tmp_t - Allow rsyslog low-level network access - Fix use_nfs_home_dirs/use_samba_home_dirs for xdm_t to allow append .xsession-errors by lightdm - Allow conman to resolve DNS and use user ptys - update pegasus_openlmi_admin_t policy - nslcd wants chown capability - Dontaudit exec insmod in boinc policy- Add labels for /var/named/chroot_sdb/dev devices - Add support for strongimcv - Add additional fixes for yubikeys based on william@firstyear.id.au - Allow init_t run /sbin/augenrules - Remove dup decl for dev_unmount_sysfs_fs - Allow unpriv SELinux user to use sandbox - Fix ntp_filetrans_named_content for sntp-kod file - Add httpd_dbus_sssd boolean - Dontaudit exec insmod in boinc policy - Add dbus_filetrans_named_content_system() - We want to label only /usr/bin/start-puppet-master to avoid puppet agent running in puppet_t - varnishd wants chown capability - update ntp_filetrans_named_content() interface - Add additional fixes for neutron_t. #1083335 - Dontaudit sandbox_t getattr on proc_kcore_t - Allow pki_tomcat_t to read ipa lib files- Merge user_tmp_t and user_tmpfs_t together to have only user_tmp_t- Turn on gear_port_t - Add gear policy and remove permissive domains. - Add labels for ostree - Add SELinux awareness for NM - Label /usr/sbin/pwhistory_helper as updpwd_exec_t- update storage_filetrans_all_named_dev for sg* devices - Allow auditctl_t to getattr on all removeable devices - Allow nsswitch_domains to stream connect to nmbd - Allow rasdaemon to rw /dev/cpu//msr - fix /var/log/pki file spec - make bacula_t as auth_nsswitch domain - Allow certmonger to manage ipa lib files - Add support for /var/lib/ipa- Manage_service_perms should include enable and disable, need backport to RHEL7 - Allow also unpriv user to run vmtools - Allow secadm to read /dev/urandom and meminfo - Add userdom_tmp_role for secadm_t - Allow postgresql to read network state - Add a new file context for /var/named/chroot/run directory - Add booleans to allow docker processes to use nfs and samba - Dontaudit net_amdin for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51-2.4.5.1.el7.x86_64/jre-abrt/bin/java running as pki_tomcat_t - Allow puppet stream connect to mysql - Fixed some rules related to puppet policy - Allow vmware-user-sui to use user ttys - Allow talk 2 users logged via console too - Additional avcs for docker when running tests - allow anaconda to dbus chat with systemd-localed - clean up rhcs.te - remove dup rules from haproxy.te - Add fixes for haproxy based on bperkins@redhat.com - Allow cmirrord to make dmsetup working - Allow NM to execute arping - Allow users to send messages through talk - update rtas_errd policy - Add support for /var/spool/rhsm/debug - Make virt_sandbox_use_audit as True by default - Allow svirt_sandbox_domains to ptrace themselves - Allow snmpd to getattr on removeable and fixed disks - Allow docker containers to manage /var/lib/docker content- Label sddm as xdm_exec_t to make KDE working again - Allow postgresql to read network state - Allow java running as pki_tomcat to read network sysctls - Fix cgroup.te to allow cgred to read cgconfig_etc_t - Allow beam.smp to use ephemeral ports - Allow winbind to use the nis to authenticate passwords- Allow collectd to talk to libvirt - Allow chrome_sandbox to use leaked unix_stream_sockets - Dontaudit leaks of sockets into chrome_sandbox_t - If you create a cups directory in /var/cache then it should be labeled cups_rw_etc_t - Run vmtools as unconfined domains - Allow snort to manage its log files - Allow systemd_cronjob_t to be entered via bin_t - Allow procman to list doveconf_etc_t - allow keyring daemon to create content in tmpfs directories - Add proper labelling for icedtea-web - vpnc is creating content in networkmanager var run directory - unconfined_service should be allowed to transition to rpm_script_t - Allow couchdb to listen on port 6984 - Dontaudit attempts by unpriv user domain to write to /run/mount directory, caused by running mount command - Allow systemd-logind to setup user tmpfs directories - Add additional fixes for systemd_networkd_t - Allow systemd-logind to manage user_tmpfs_t - Allow systemd-logind to mount /run/user/1000 to get gdm working- Add additional fixes for systemd_networkd_t - Allow systemd-logind to manage user_tmpfs_t - Allow systemd-logind to mount /run/user/1000 to get gdm working - Dontaudit attempts to setsched on the kernel_t threads - Allow munin mail plugins to read network systcl - Fix git_system_enable_homedirs boolean - Make cimtest script 03_defineVS.py of ComputerSystem group working - Make abrt-java-connector working - Allow net_admin cap for fence_virtd running as fenced_t - Allow vmtools_helper_t to execute bin_t - Add support for /usr/share/joomla- sshd to read network sysctls - Allow vmtools_helper_t to execute bin_t - Add support for /usr/share/joomla - /var/lib/containers should be labeled as openshift content for now - Allow docker domains to talk to the login programs, to allow a process to login into the container- Add install_t for anaconda- Allow init_t to stream connect to ipsec - Add /usr/lib/systemd/systemd-networkd policy - Add sysnet_manage_config_dirs() - Add support for /var/run/systemd/network and labeled it as net_conf_t - Allow unpriv SELinux users to dbus chat with firewalld - Add lvm_write_metadata() - Label /etc/yum.reposd dir as system_conf_t. Should be safe because system_conf_t is base_ro_file_type - Add support for /dev/vmcp and /dev/sclp - Add docker_connect_any boolean - Fix zabbix policy - Allow zabbix to send system log msgs - Allow pegasus_openlmi_storage_t to write lvm metadata - Updated pcp_bind_all_unreserved_ports - Allow numad to write scan_sleep_millisecs - Turn on entropyd_use_audio boolean by default - Allow cgred to read /etc/cgconfig.conf because it contains templates used together with rules from /etc/cgrules.conf. - Allow lscpu running as rhsmcertd_t to read /proc/sysinfo- Allow numad to write scan_sleep_millisecs - Turn on entropyd_use_audio boolean by default - Allow cgred to read /etc/cgconfig.conf because it contains templates used together with rules from /etc/cgrules.conf. - Allow lscpu running as rhsmcertd_t to read /proc/sysinfo - Allow numad to write scan_sleep_millisecs - Turn on entropyd_use_audio boolean by default - Allow cgred to read /etc/cgconfig.conf because it contains templates used together with rules from /etc/cgrules.conf. - Allow lscpu running as rhsmcertd_t to read /proc/sysinfo - Fix label on irclogs in the homedir- Modify xdm_write_home to allow create files/links in /root with xdm_home_t - Add more fixes for https://fedoraproject.org/wiki/Changes/XorgWithoutRootRights - Add xserver_dbus_chat() interface - Add sysnet_filetrans_named_content_ifconfig() interface - Change userdom_use_user_inherited_ttys to userdom_use_user_ttys for systemd-tty-ask - Turn on cron_userdomain_transition by default for now. Until we get a fix for #1063503 - Allow lscpu running as rhsmcertd_t to read sysinfo - Allow virt domains to read network state - Added pcp rules - Allow ctdbd to connect own ports - Fix samba_export_all_rw booleanto cover also non security dirs - Allow swift to exec rpm in swift_t and allow to create tmp files/dirs - Allow neutron to create /run/netns with correct labeling - Allow to run ip cmd in neutron_t domain - Allow rpm_script_t to dbus chat also with systemd-located - Fix ipa_stream_connect_otpd()- Allow block_suspend cap2 for systemd-logind and rw dri device - Add labeling for /usr/libexec/nm-libreswan-service - Allow locallogin to rw xdm key to make Virtual Terminal login providing smartcard pin working - Add xserver_rw_xdm_keys() - Allow rpm_script_t to dbus chat also with systemd-located - Fix ipa_stream_connect_otpd() - update lpd_manage_spool() interface - Allow krb5kdc to stream connect to ipa-otpd - Add ipa_stream_connect_otpd() interface - Allow vpnc to unlink NM pids - Add networkmanager_delete_pid_files() - Allow munin plugins to access unconfined plugins - update abrt_filetrans_named_content to cover /var/spool/debug - Label /var/spool/debug as abrt_var_cache_t - Allow rhsmcertd to connect to squid port - Make docker_transition_unconfined as optional boolean - Allow certmonger to list home dirs- Make docker as permissive domain- Allow bumblebeed to send signal to insmod - Dontaudit attempts by crond_t net_admin caused by journald - Allow the docker daemon to mounton tty_device_t - Add addtional snapper fixes to allo relabel file_t - Allow setattr for all mountpoints - Allow snapperd to write all dirs - Add support for /etc/sysconfig/snapper - Allow mozilla_plugin to getsession - Add labeling for thttpd - Allow sosreport to execute grub2-probe - Allow NM to manage hostname config file - Allow systemd_timedated_t to dbus chat with rpm_script_t - Allow lsmd plugins to connect to http/ssh/http_cache ports by default - Add lsmd_plugin_connect_any boolea - Add support for ipset - Add support for /dev/sclp_line0 - Add modutils_signal_insmod() - Add files_relabelto_all_mountpoints() interface - Allow the docker daemon to mounton tty_device_t - Allow all systemd domains to read /proc/1 - Login programs talking to journald are attempting to net_admin, add dontaudit - init is not gettar on processes as shutdown time - Add systemd_hostnamed_manage_config() interface - Make unconfined_service_t valid in enforcing - Remove transition for temp dirs created by init_t - gdm-simple-slave uses use setsockopt - Add lvm_read_metadata()- Make unconfined_service_t valid in enforcing - Remove transition for temp dirs created by init_t - gdm-simple-slave uses use setsockopt - Treat usermodehelper_t as a sysctl_type - xdm communicates with geo - Add lvm_read_metadata() - Allow rabbitmq_beam to connect to jabber_interserver_port - Allow logwatch_mail_t to transition to qmail_inject and queueu - Added new rules to pcp policy - Allow vmtools_helper_t to change role to system_r - Allow NM to dbus chat with vmtools- Add labeling for /usr/sbin/amavi - Colin asked for this program to be treated as cloud-init - Allow ftp services to manage xferlog_t - Fix vmtools policy to allow user roles to access vmtools_helper_t - Allow block_suspend cap2 for ipa-otpd - Allow certmonger to search home content - Allow pkcsslotd to read users state - Allow exim to use pam stack to check passwords - Add labeling for /usr/sbin/amavi - Colin asked for this program to be treated as cloud-init - Allow ftp services to manage xferlog_t - Fix vmtools policy to allow user roles to access vmtools_helper_t - Allow block_suspend cap2 for ipa-otpd - Allow certmonger to search home content - Allow pkcsslotd to read users state - Allow exim to use pam stack to check passwords- Add lvm_read_metadata() - Allow auditadm to search /var/log/audit dir - Add lvm_read_metadata() interface - Allow confined users to run vmtools helpers - Fix userdom_common_user_template() - Generic systemd unit scripts do write check on / - Allow init_t to create init_tmp_t in /tmp.This is for temporary content created by generic unit files - Add additional fixes needed for init_t and setup script running in generic unit files - Allow general users to create packet_sockets - added connlcli port - Add init_manage_transient_unit() interface - Allow init_t (generic unit files) to manage rpc state date as we had it for initrc_t - Fix userdomain.te to require passwd class - devicekit_power sends out a signal to all processes on the message bus when power is going down - Dontaudit rendom domains listing /proc and hittping system_map_t - Dontauit leaks of var_t into ifconfig_t - Allow domains that transition to ssh_t to manipulate its keyring - Define oracleasm_t as a device node - Change to handle /root as a symbolic link for os-tree - Allow sysadm_t to create packet_socket, also move some rules to attributes - Add label for openvswitch port - Remove general transition for files/dirs created in /etc/mail which got etc_aliases_t label. - Allow postfix_local to read .forward in pcp lib files - Allow pegasus_openlmi_storage_t to read lvm metadata - Add additional fixes for pegasus_openlmi_storage_t - Allow bumblebee to manage debugfs - Make bumblebee as unconfined domain - Allow snmp to read etc_aliases_t - Allow lscpu running in pegasus_openlmi_storage_t to read /dev/mem - Allow pegasus_openlmi_storage_t to read /proc/1/environ - Dontaudit read gconf files for cupsd_config_t - make vmtools as unconfined domain - Add vmtools_helper_t for helper scripts. Allow vmtools shutdonw a host and run ifconfig. - Allow collectd_t to use a mysql database - Allow ipa-otpd to perform DNS name resolution - Added new policy for keepalived - Allow openlmi-service provider to manage transitient units and allow stream connect to sssd - Add additional fixes new pscs-lite+polkit support - Add labeling for /run/krb5kdc - Change w3c_validator_tmp_t to httpd_w3c_validator_tmp_t in F20 - Allow pcscd to read users proc info - Dontaudit smbd_t sending out random signuls - Add boolean to allow openshift domains to use nfs - Allow w3c_validator to create content in /tmp - zabbix_agent uses nsswitch - Allow procmail and dovecot to work together to deliver mail - Allow spamd to execute files in homedir if boolean turned on - Allow openvswitch to listen on port 6634 - Add net_admin capability in collectd policy - Fixed snapperd policy - Fixed bugsfor pcp policy - Allow dbus_system_domains to be started by init - Fixed some interfaces - Add kerberos_keytab_domain attribute - Fix snapperd_conf_t def- Dontaudit rendom domains listing /proc and hittping system_map_t - devicekit_power sends out a signal to all processes on the message bus when power is going down - Modify xdm_write_home to allow create also links as xdm_home_t if the boolean is on true - systemd_tmpfiles_t needs to _setcheckreqprot - Add unconfined_server to be run by init_t when it executes files labeled bin_t, or usr_t, allow all domains to communicate with it - Fixed snapperd policy - Fixed broken interfaces - Should use rw_socket_perms rather then sock_file on a unix_stream_socket - Fixed bugsfor pcp policy - pcscd seems to be using policy kit and looking at domains proc data that transition to it - Allow dbus_system_domains to be started by init - Fixed some interfaces - Addopt corenet rules for unbound-anchor to rpm_script_t - Allow runuser to send send audit messages. - Allow postfix-local to search .forward in munin lib dirs - Allow udisks to connect to D-Bus - Allow spamd to connect to spamd port - Fix syntax error in snapper.te - Dontaudit osad to search gconf home files - Allow rhsmcertd to manage /etc/sysconf/rhn director - Fix pcp labeling to accept /usr/bin for all daemon binaries - Fix mcelog_read_log() interface - Allow iscsid to manage iscsi lib files - Allow snapper domtrans to lvm_t. Add support for /etc/snapper and allow snapperd to manage it. - Allow ABRT to read puppet certs - Allow virtd_lxc_t to specify the label of a socket - New version of docker requires more access- Addopt corenet rules for unbound-anchor to rpm_script_t - Allow runuser to send send audit messages. - Allow postfix-local to search .forward in munin lib dirs - Allow udisks to connect to D-Bus - Allow spamd to connect to spamd port - Fix syntax error in snapper.te - Dontaudit osad to search gconf home files - Allow rhsmcertd to manage /etc/sysconf/rhn director - Fix pcp labeling to accept /usr/bin for all daemon binaries - Fix mcelog_read_log() interface - Allow iscsid to manage iscsi lib files - Allow snapper domtrans to lvm_t. Add support for /etc/snapper and allow snapperd to manage it. - Make tuned_t as unconfined domain for RHEL7.0 - Allow ABRT to read puppet certs - Add sys_time capability for virt-ga - Allow gemu-ga to domtrans to hwclock_t - Allow additional access for virt_qemu_ga_t processes to read system clock and send audit messages - Fix some AVCs in pcp policy - Add to bacula capability setgid and setuid and allow to bind to bacula ports - Changed label from rhnsd_rw_conf_t to rhnsd_conf_t - Add access rhnsd and osad to /etc/sysconfig/rhn - drbdadm executes drbdmeta - Fixes needed for docker - Allow epmd to manage /var/log/rabbitmq/startup_err file - Allow beam.smp connect to amqp port - Modify xdm_write_home to allow create also links as xdm_home_t if the boolean is on true - Allow init_t to manage pluto.ctl because of init_t instead of initrc_t - Allow systemd_tmpfiles_t to manage all non security files on the system - Added labels for bacula ports - Fix label on /dev/vfio/vfio - Add kernel_mounton_messages() interface - init wants to manage lock files for iscsi- Fix /dev/vfio/vfio labeling- Add kernel_mounton_messages() interface - init wants to manage lock files for iscsi - Add support for dey_sapi port - Fixes needed for docker - Allow epmd to manage /var/log/rabbitmq/startup_err file - Allow beam.smp connect to amqp port - drbdadm executes drbdmeta - Added osad policy - Allow postfix to deliver to procmail - Allow vmtools to execute /usr/bin/lsb_release - Allow geoclue to read /etc/passwd - Allow docker to write system net ctrls - Add support for rhnsd unit file - Add dbus_chat_session_bus() interface - Add dbus_stream_connect_session_bus() interface - Fix pcp.te - Fix logrotate_use_nfs boolean - Add lot of pcp fixes found in RHEL7 - fix labeling for pmie for pcp pkg - Change thumb_t to be allowed to chat/connect with session bus type - Add logrotate_use_nfs boolean - Allow setroubleshootd to read rpc sysctl- Allow passwd_t to use ipc_lock, so that it can change the password in gnome-keyring - Allow geoclue to create temporary files/dirs in /tmp - Add httpd_dontaudit_search_dirs boolean - Add support for winbind.service - ALlow also fail2ban-client to read apache logs - Allow vmtools to getattr on all fs- Add net_admin also for systemd_passwd_agent_t - Allow Associate usermodehelper_t to sysfs filesystem - Allow gdm to create /var/gdm with correct labeling - Allow domains to append rkhunterl lib files. #1057982 - Allow systemd_tmpfiles_t net_admin to communicate with journald - update libs_filetrans_named_content() to have support for /usr/lib/debug directory - Adding a new service script to enable setcheckreqprot - Add interface to getattr on an isid_type for any type of file - Allow initrc_t domtrans to authconfig if unconfined is enabled - Add labeling for snapper.log - Allow tumbler to execute dbusd-daemon in thumb_t - Add dbus_exec_dbusd() - Add snapperd_data_t type - Add additional fixes for snapperd - FIx bad calling in samba.te - Allow smbd to create tmpfs - Allow rhsmcertd-worker send signull to rpm process - Allow net_admin capability and send system log msgs - Allow lldpad send dgram to NM - Add networkmanager_dgram_send() - rkhunter_var_lib_t is correct type - Allow openlmi-storage to read removable devices - Allow system cron jobs to manage rkhunter lib files - Add rkhunter_manage_lib_files() - Fix ftpd_use_fusefs boolean to allow manage also symlinks - Allow smbcontrob block_suspend cap2 - Allow slpd to read network and system state info - Allow NM domtrans to iscsid_t if iscsiadm is executed - Allow slapd to send a signal itself - Allow sslget running as pki_ra_t to contact port 8443, the secure port of the CA. - Fix plymouthd_create_log() interface - Add rkhunter policy with files type definition for /var/lib/rkhunter until it is fixed in rkhunter package - Allow postfix and cyrus-imapd to work out of box - Remove logwatch_can_sendmail which is no longer used - Allow fcoemon to talk with unpriv user domain using unix_stream_socket - snapperd is D-Bus service - Allow OpenLMI PowerManagement to call 'systemctl --force reboot'- Add haproxy_connect_any boolean - Allow haproxy also to use http cache port by default - Fix /usr/lib/firefox/plugin-container decl - Allow haproxy to work as simple HTTP proxy. HAProxy For TCP And HTTP Based Applications - Label also /usr/libexec/WebKitPluginProcess as mozilla_plugin_exec_t - Fix type in docker.te - Fix bs_filetrans_named_content() to have support for /usr/lib/debug directory - Adding a new service script to enable setcheckreqprot - Add interface to getattr on an isid_type for any type of file - Allow initrc_t domtrans to authconfig if unconfined is enabled type in docker.te - Add mozilla_plugin_exec_t labeling for /usr/lib/firefox/plugin-container- init calling needs to be optional in domain.te - Allow docker and mount on devpts chr_file - Allow docker to transition to unconfined_t if boolean set - Label also /usr/libexec/WebKitPluginProcess as mozilla_plugin_exec_t - Fix type in docker.te - Add mozilla_plugin_exec_t labeling for /usr/lib/firefox/plugin-container - Allow docker to use the network and build images - Allow docker to read selinux files for labeling, and mount on devpts chr_file - Allow domains that transition to svirt_sandbox to send it signals - Allow docker to transition to unconfined_t if boolean set- New access needed to allow docker + lxc +SELinux to work together - Allow apache to write to the owncloud data directory in /var/www/html... - Cleanup sandbox X AVC's - Allow consolekit to create log dir - Add support for icinga CGI scripts - Add support for icinga - Allow kdumpctl_t to create kdump lock file - Allow kdump to create lnk lock file - Allow ABRT write core_pattern - Allwo ABRT to read core_pattern - Add policy for Geoclue. Geoclue is a D-Bus service that provides location information - Allow nscd_t block_suspen capability - Allow unconfined domain types to manage own transient unit file - Allow systemd domains to handle transient init unit files - No longer need the rpm_script_roles line since rpm_transition_script now does this for us - Add/fix interfaces for usermodehelper_t - Add interfaces to handle transient - Fixes for new usermodehelper and proc_securit_t types, added to increase security on /proc and /sys file systems- Add cron unconfined role support for uncofined SELinux user - Call kernel_rw_usermodehelper_state() in init.te - Call corenet_udp_bind_all_ports() in milter.te - Allow fence_virtd to connect to zented port - Fix header for mirrormanager_admin() - Allow dkim-milter to bind udp ports - Allow milter domains to send signull itself - Allow block_suspend for yum running as mock_t - Allow beam.smp to manage couchdb files - Add couchdb_manage_files() - Add labeling for /var/log/php_errors.log - Allow bumblebee to stream connect to xserver - Allow bumblebee to send a signal to xserver - gnome-thumbnail to stream connect to bumblebee - Fix calling usermodehelper to use _state in interface name - Allow xkbcomp running as bumblebee_t to execute bin_t - Allow logrotate to read squid.conf - Additional rules to get docker and lxc to play well with SELinux - Call kernel_read_usermodhelper/kernel_rw_usermodhelper - Make rpm_transition_script accept a role - Added new policy for pcp - Allow bumbleed to connect to xserver port - Allow pegasus_openlmi_storage_t to read hwdata- Make rpm_transition_script accept a role - Clean up pcp.te - Added new policy for pcp - Allow bumbleed to connect to xserver port - Added support for named-sdb in bind policy - Allow NetworkManager to signal and sigkill init scripts - Allow pegasus_openlmi_storage_t to read hwdata - Fix rhcs_rw_cluster_tmpfs() - Allow fenced_t to bind on zented udp port - Fix mirrormanager_read_lib_files() - Allow mirromanager scripts running as httpd_t to manage mirrormanager pid files - Dontaudit read/write to init stream socket for lsmd_plugin_t - Allow automount to read nfs link files - Allow lsm plugins to read/write lsmd stream socket - Allow svirt_lxc domains to umount dockersocket filesytem - Allow gnome keyring domains to create gnome config dirs - Allow rpm scritplets to create /run/gather with correct labeling - Add sblim_filetrans_named_content() interface - Allow ctdb to create sock files in /var/run/ctdb - Add also labeling for /var/run/ctdb - Add missing labeling for /var/lib/ctdb - ALlow tuned to manage syslog.conf. Should be fixed in tuned. #1030446 - Dontaudit hypervkvp to search homedirs - Dontaudit hypervkvp to search admin homedirs - Allow hypervkvp to execute bin_t and ifconfig in the caller domain - Dontaudit xguest_t to read ABRT conf files - Add abrt_dontaudit_read_config() - Allow namespace-init to getattr on fs - Add thumb_role() also for xguest - Add filename transitions to create .spamassassin with correct labeling - Allow apache domain to read mirrormanager pid files - Allow domains to read/write shm and sem owned by mozilla_plugin_t - Allow alsactl to send a generic signal to kernel_t - Allow plymouthd to read run/udev/queue.bin - Allow sys_chroot for NM required by iodine service - Change glusterd to allow mounton all non security - Labeled ~/.nv/GLCache as being gstreamer output - Restrict the ability to set usermodehelpers and proc security settings. - Limit the ability to write to the files that configure kernel i - usermodehelpers and security-sensitive proc settings to the init domain. i - Permissive domains can also continue to set these values. - The current list is not exhaustive, just an initial set. - Not all of these files will exist on all kernels/devices. - Controlling access to certain kernel usermodehelpers, e.g. cgroup - release_agent, will require kernel changes to support and cannot be - addressed here. - Ideas come from Stephen Smalley and seandroid - Make rpm_transition_script accept a role - Make rpm_transition_script accept a role - Allow NetworkManager to signal and sigkill init scripts - Allow init_t to work on transitient and snapshot unit files - Add logging_manage_syslog_config() - Update sysnet_dns_name_resolve() to allow connect to dnssec port- Remove file_t from the system and realias it with unlabeled_t- Add gluster fixes - Remove ability to transition to unconfined_t from confined domains - Additional allow rules to get libvirt-lxc containers working with docker- passwd to create gnome-keyring passwd socket - systemd_systemctl needs sys_admin capability - Allow cobbler to search dhcp_etc_t directory - Allow sytemd_tmpfiles_t to delete all directories - allow sshd to write to all process levels in order to change passwd when running at a level - Allow updpwd_t to downgrade /etc/passwd file to s0, if it is not running with this range - Allow apcuspd_t to status and start the power unit file - Allow udev to manage kdump unit file - Added new interface modutils_dontaudit_exec_insmod - Add labeling for /var/lib/servicelog/servicelog.db-journal - Allow init_t to create tmpfs_t lnk_file - Add label for ~/.cvsignore - Allow fprintd_t to send syslog messages - Add zabbix_var_lib_t for /var/lib/zabbixsrv, also allow zabix to connect to smtp port - Allow mozilla plugin to chat with policykit, needed for spice - Allow gssprozy to change user and gid, as well as read user keyrings - Allow sandbox apps to attempt to set and get capabilties - Label upgrades directory under /var/www as httpd_sys_rw_content_t, add other filetrans rules to label content correctly - allow modemmanger to read /dev/urand - Allow polipo to connect to http_cache_ports - Allow cron jobs to manage apache var lib content - Allow yppassword to manage the passwd_file_t - Allow showall_t to send itself signals - Allow cobbler to restart dhcpc, dnsmasq and bind services - Allow rsync_t to manage all non auth files - Allow certmonger to manage home cert files - Allow user_mail_domains to write certain files to the /root and ~/ directories - Allow apcuspd_t to status and start the power unit file - Allow cgroupdrulesengd to create content in cgoups directories - Add new access for mythtv - Allow irc_t to execute shell and bin-t files: - Allow smbd_t to signull cluster - Allow sssd to read systemd_login_var_run_t - Allow gluster daemon to create fifo files in glusterd_brick_t and sock_file in glusterd_var_lib_t - Add label for /var/spool/cron.aquota.user - Allow sandbox_x domains to use work with the mozilla plugin semaphore - Added new policy for speech-dispatcher - Added dontaudit rule for insmod_exec_t in rasdaemon policy - Updated rasdaemon policy - Allow virt_domains to read cert files - Allow system_mail_t to transition to postfix_postdrop_t - Clean up mirrormanager policy - Allow subscription-manager running as sosreport_t to manage rhsmcertd - Remove ability to do mount/sys_admin by default in virt_sandbox domains - New rules required to run docker images within libivrt - Fixed bumblebee_admin() and mip6d_admin() - Add log support for sensord - Add label for ~/.cvsignore - Change mirrormanager to be run by cron - Add mirrormanager policy - Additional fixes for docker.te - Allow cobblerd to read/write undionly.kpxe located in /var/lib/tftpboot - Add tftp_write_rw_content/tftp_read_rw_content interfaces - Allow amanda to do backups over UDP- Allow freeipmi_ipmidetectd_t to use freeipmi port - Update freeipmi_domain_template() - Allow journalctl running as ABRT to read /run/log/journal - Allow NM to read dispatcher.d directory - Update freeipmi policy - Type transitions with a filename not allowed inside conditionals - Allow tor to bind to hplip port - Make new type to texlive files in homedir - Allow zabbix_agent to transition to dmidecode - Add rules for docker - Allow sosreport to send signull to unconfined_t - Add virt_noatsecure and virt_rlimitinh interfaces - Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipmi port - Add sysadm_u_default_contexts - Add logging_read_syslog_pid() - Fix userdom_manage_home_texlive() interface - Make new type to texlive files in homedir - Add filename transitions for /run and /lock links - Allow virtd to inherit rlimit information- DRM master and input event devices are used by the TakeDevice API - Clean up bumblebee policy - Update pegasus_openlmi_storage_t policy - opensm policy clean up - openwsman policy clean up - ninfod policy clean up - Allow conman to connect to freeipmi services and clean up conman policy - Allow conmand just bind on 7890 port - Add freeipmi_stream_connect() interface - Allow logwatch read madm.conf to support RAID setup - Add raid_read_conf_files() interface - Allow up2date running as rpm_t create up2date log file with rpm_log_t labeling - add rpm_named_filetrans_log_files() interface - Added policy for conmand - Allow dkim-milter to create files/dirs in /tmp - update freeipmi policy - Add policy for freeipmi services - Added rdisc_admin and rdisc_systemctl interfaces - Fix aliases in pegasus.te - Allow chrome sandbox to read generic cache files in homedir - Dontaudit mandb searching all mountpoints - Make sure wine domains create .wine with the correct label - Add proper aliases for pegasus_openlmi_services_exec_t and pegasus_openlmi_services_t - Allow windbind the kill capability - DRM master and input event devices are used by the TakeDevice API - add dev_rw_inherited_dri() and dev_rw_inherited_input_dev() - Added support for default conman port - Add interfaces for ipmi devices - Make sure wine domains create .wine with the correct label - Allow manage dirs in kernel_manage_debugfs interface. - Allow systemctl running in ipsec_mgmt_t to access /usr/lib/systemd/system/ipsec.service - Label /usr/lib/systemd/system/ipsec.service as ipsec_mgmt_unit_file_t - Fix userdom_confined_admin_template() - Add back exec_content boolean for secadm, logadm, auditadm - Fix files_filetrans_system_db_named_files() interface - Allow sulogin to getattr on /proc/kcore - Add filename transition also for servicelog.db-journal - Add files_dontaudit_access_check_root() - Add lvm_dontaudit_access_check_lock() interface - Allow mount to manage mount_var_run_t files/dirs- Add back fixes for gnome_role_template() - Label /usr/sbin/htcacheclean as httpd_exec_t - Add missing alias for pegasus_openlmi_service_exec_t - Added support for rdisc unit file - Added new policy for ninfod - Added new policy for openwsman - Add antivirus_db_t labeling for /var/lib/clamav-unofficial-sigs - Allow runuser running as logrotate connections to system DBUS - Add connectto perm for NM unix stream socket - Allow watchdog to be executed from cron - Allow cloud_init to transition to rpm_script_t - Allow lsmd_plugin_t send system log messages - Label /var/log/up2date as rpm_log_t and allow sosreport to manage rpm log/pid/cache files which is a part of ABRT policy for sosreport running as abrt_t - Added new capabilities for mip6d policy - Label bcache devices as fixed_disk_device_t - Allow systemctl running in ipsec_mgmt_t to access /usr/lib/systemd/system/ipsec.service - label /usr/lib/systemd/system/ipsec.service as ipsec_mgmt_unit_file_t- Add lsmd_plugin_t for lsm plugins - Allow dovecot-deliver to search mountpoints - Add labeling for /etc/mdadm.conf - Allow opelmi admin providers to dbus chat with init_t - Allow sblim domain to read /dev/urandom and /dev/random - Add back exec_content boolean for secadm, logadm, auditadm - Allow sulogin to getattr on /proc/kcore- Add filename transition also for servicelog.db-journal - Add files_dontaudit_access_check_root() - Add lvm_dontaudit_access_check_lock() interface - Allow mount to manage mount_var_run_t files/dirs - Allow updapwd_t to ignore mls levels for writign shadow_t at a lower level - Make sure boot.log is created with the correct label - call logging_relabel_all_log_dirs() in systemd.te - Allow systemd_tmpfiles to relabel log directories - Allow staff_t to run frequency command - Allow staff_t to read xserver_log file - This reverts commit c0f9f125291f189271cbbca033f87131dab1e22f. - Label hsperfdata_root as tmp_t - Add plymouthd_create_log() - Dontaudit leaks from openshift domains into mail domains, needs back port to RHEL6 - Allow sssd to request the kernel loads modules - Allow gpg_agent to use ssh-add - Allow gpg_agent to use ssh-add - Dontaudit access check on /root for myslqd_safe_t - Add glusterd_brick_t files type - Allow ctdb to getattr on al filesystems - Allow abrt to stream connect to syslog - Allow dnsmasq to list dnsmasq.d directory - Watchdog opens the raw socket - Allow watchdog to read network state info - Dontaudit access check on lvm lock dir - Allow sosreport to send signull to setroubleshootd - Add setroubleshoot_signull() interface - Fix ldap_read_certs() interface - Allow sosreport all signal perms - Allow sosreport to run systemctl - Allow sosreport to dbus chat with rpm - Allow zabbix_agentd to read all domain state - Allow sblim_sfcbd_t to read from /dev/random and /dev/urandom - Allow smoltclient to execute ldconfig - Allow sosreport to request the kernel to load a module - Clean up rtas.if - Clean up docker.if - drop /var/lib/glpi/files labeling in cron.fc - Added new policy for rasdaemon - Add apache labeling for glpi - Allow pegasus to transition to dmidecode - Make sure boot.log is created with the correct label - Fix typo in openshift.te - remove dup bumblebee_systemctl() - Allow watchdog to read /etc/passwd - Allow condor domains to read/write condor_master udp_socket - Allow openshift_cron_t to append to openshift log files, label /var/log/openshift - Add back file_pid_filetrans for /var/run/dlm_controld - Allow smbd_t to use inherited tmpfs content - Allow mcelog to use the /dev/cpu device - sosreport runs rpcinfo - sosreport runs subscription-manager - Allow setpgid for sosreport - Allow browser plugins to connect to bumblebee - New policy for bumblebee and freqset - Add new policy for mip6d daemon - Add new policy for opensm daemon- Add back /dev/shm labeling- Fix gnome_role_template() interface- Add policy-rawhide-contrib-apache-content.patch to re-write apache_content_template() by dwalsh- Fix config.tgz to include lxc_contexts and systemd_contexts- Update to upstream- Fix passenger_stream_connect interface - setroubleshoot_fixit wants to read network state - Allow procmail_t to connect to dovecot stream sockets - Allow cimprovagt service providers to read network states - Add labeling for /var/run/mariadb - pwauth uses lastlog() to update system's lastlog - Allow account provider to read login records - Add support for texlive2013 - More fixes for user config files to make crond_t running in userdomain - Add back disable/reload/enable permissions for system class - Fix manage_service_perms macro - Allow passwd_t to connect to gnome keyring to change password - Update mls config files to have cronjobs in the user domains - Remove access checks that systemd does not actually do- Add support for yubikey in homedir - Add support for upd/3052 port - Allow apcupsd to use PowerChute Network Shutdown - Allow lsmd to execute various lsmplugins - Add labeling also for /etc/watchdog\.d where are watchdog scripts located too - Update gluster_export_all_rw boolean to allow relabel all base file types - Allow x86_energy_perf tool to modify the MSR - Fix /var/lib/dspam/data labeling- Add files_relabel_base_file_types() interface - Allow netlabel-config to read passwd - update gluster_export_all_rw boolean to allow relabel all base file types caused by lsetxattr() - Allow x86_energy_perf tool to modify the MSR - Fix /var/lib/dspam/data labeling - Allow pegasus to domtrans to mount_t - Add labeling for unconfined scripts in /usr/libexec/watchdog/scripts - Add support for unconfined watchdog scripts - Allow watchdog to manage own log files- Add label only for redhat.repo instead of /etc/yum.repos.d. But probably we will need to switch for the directory. - Label /etc/yum.repos.d as system_conf_t - Use sysnet_filetrans_named_content in udev.te instead of generic transition for net_conf_t - Allow dac_override for sysadm_screen_t - Allow init_t to read ipsec_conf_t as we had it for initrc_t. Needed by ipsec unit file. - Allow netlabel-config to read meminfo - Add interface to allow docker to mounton file_t - Add new interface to exec unlabeled files - Allow lvm to use docker semaphores - Setup transitons for .xsessions-errors.old - Change labels of files in /var/lib/*/.ssh to transition properly - Allow staff_t and user_t to look at logs using journalctl - pluto wants to manage own log file - Allow pluto running as ipsec_t to create pluto.log - Fix alias decl in corenetwork.te.in - Add support for fuse.glusterfs - Allow dmidecode to read/write /run/lock/subsys/rhsmcertd - Allow rhsmcertd to manage redhat.repo which is now labeled as system.conf. Allow rhsmcertd to manage all log files. - Additional access for docker - Added more rules to sblim policy - Fix kdumpgui_run_bootloader boolean - Allow dspam to connect to lmtp port - Included sfcbd service into sblim policy - rhsmcertd wants to manaage /etc/pki/consumer dir - Add kdumpgui_run_bootloader boolean - Add support for /var/cache/watchdog - Remove virt_domain attribute for virt_qemu_ga_unconfined_t - Fixes for handling libvirt containes - Dontaudit attempts by mysql_safe to write content into / - Dontaudit attempts by system_mail to modify network config - Allow dspam to bind to lmtp ports - Add new policy to allow staff_t and user_t to look at logs using journalctl - Allow apache cgi scripts to list sysfs - Dontaudit attempts to write/delete user_tmp_t files - Allow all antivirus domains to manage also own log dirs - Allow pegasus_openlmi_services_t to stream connect to sssd_t- Add missing permission checks for nscd- Fix alias decl in corenetwork.te.in - Add support for fuse.glusterfs - Add file transition rules for content created by f5link - Rename quantum_port information to neutron - Allow all antivirus domains to manage also own log dirs - Rename quantum_port information to neutron - Allow pegasus_openlmi_services_t to stream connect to sssd_t- Allow sysadm_t to read login information - Allow systemd_tmpfiles to setattr on var_log_t directories - Udpdate Makefile to include systemd_contexts - Add systemd_contexts - Add fs_exec_hugetlbfs_files() interface - Add daemons_enable_cluster_mode boolean - Fix rsync_filetrans_named_content() - Add rhcs_read_cluster_pid_files() interface - Update rhcs.if with additional interfaces from RHEL6 - Fix rhcs_domain_template() to not create run dirs with cluster_var_run_t - Allow glusterd_t to mounton glusterd_tmp_t - Allow glusterd to unmout al filesystems - Allow xenstored to read virt config - Add label for swift_server.lock and make add filetrans_named_content to make sure content gets created with the correct label - Allow mozilla_plugin_t to mmap hugepages as an executable- Add back userdom_security_admin_template() interface and use it for sysadm_t if sysadm_secadm.pp- Allow sshd_t to read openshift content, needs backport to RHEL6.5 - Label /usr/lib64/sasl2/libsasldb.so.3.0.0 as textrel_shlib_t - Make sur kdump lock is created with correct label if kdumpctl is executed - gnome interface calls should always be made within an optional_block - Allow syslogd_t to connect to the syslog_tls port - Add labeling for /var/run/charon.ctl socket - Add kdump_filetrans_named_content() - Allo setpgid for fenced_t - Allow setpgid and r/w cluster tmpfs for fenced_t - gnome calls should always be within optional blocks - wicd.pid should be labeled as networkmanager_var_run_t - Allow sys_resource for lldpad- Add rtas policy- Allow mailserver_domains to manage and transition to mailman data - Dontaudit attempts by mozilla plugin to relabel content, caused by using mv and cp commands - Allow mailserver_domains to manage and transition to mailman data - Allow svirt_domains to read sysctl_net_t - Allow thumb_t to use tmpfs inherited from the user - Allow mozilla_plugin to bind to the vnc port if running with spice - Add new attribute to discover confined_admins and assign confined admin to it - Fix zabbix to handle attributes in interfaces - Fix zabbix to read system states for all zabbix domains - Fix piranha_domain_template() - Allow ctdbd to create udp_socket. Allow ndmbd to access ctdbd var files. - Allow lldpad sys_rouserce cap due to #986870 - Allow dovecot-auth to read nologin - Allow openlmi-networking to read /proc/net/dev - Allow smsd_t to execute scripts created on the fly labeled as smsd_spool_t - Add zabbix_domain attribute for zabbix domains to treat them together - Add labels for zabbix-poxy-* (#1018221) - Update openlmi-storage policy to reflect #1015067 - Back port piranha tmpfs fixes from RHEL6 - Update httpd_can_sendmail boolean to allow read/write postfix spool maildrop - Add postfix_rw_spool_maildrop_files interface - Call new userdom_admin_user_templat() also for sysadm_secadm.pp - Fix typo in userdom_admin_user_template() - Allow SELinux users to create coolkeypk11sE-Gate in /var/cache/coolkey - Add new attribute to discover confined_admins - Fix labeling for /etc/strongswan/ipsec.d - systemd_logind seems to pass fd to anyone who dbus communicates with it - Dontaudit leaked write descriptor to dmesg- Fix gnome_read_generic_data_home_files() - allow openshift_cgroup_t to read/write inherited openshift file types - Remove httpd_cobbler_content * from cobbler_admin interface - Allow svirt sandbox domains to setattr on chr_file and blk_file svirt_sandbox_file_t, so sshd will work within a container - Allow httpd_t to read also git sys content symlinks - Allow init_t to read gnome home data - Dontaudit setroubleshoot_fixit_t execmem, since it does not seem to really need it. - Allow virsh to execute systemctl - Fix for nagios_services plugins - add type defintion for ctdbd_var_t - Add support for /var/ctdb. Allow ctdb block_suspend and read /etc/passwd file - Allow net_admin/netlink_socket all hyperv_domain domains - Add labeling for zarafa-search.log and zarafa-search.pid - Fix hypervkvp.te - Fix nscd_shm_use() - Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services. - Add hypervkvp_unit_file_t type - Fix logging policy - Allow syslog to bind to tls ports - Update labeling for /dev/cdc-wdm - Allow to su_domain to read init states - Allow init_t to read gnome home data - Make sure if systemd_logind creates nologin file with the correct label - Clean up ipsec.te- Add auth_exec_chkpwd interface - Fix port definition for ctdb ports - Allow systemd domains to read /dev/urand - Dontaudit attempts for mozilla_plugin to append to /dev/random - Add label for /var/run/charon.* - Add labeling for /usr/lib/systemd/system/lvm2.*dd policy for motion service - Fix for nagios_services plugins - Fix some bugs in zoneminder policy - add type defintion for ctdbd_var_t - Add support for /var/ctdb. Allow ctdb block_suspend and read /etc/passwd file - Allow net_admin/netlink_socket all hyperv_domain domains - Add labeling for zarafa-search.log and zarafa-search.pid - glusterd binds to random unreserved ports - Additional allow rules found by testing glusterfs - apcupsd needs to send a message to all users on the system so needs to look them up - Fix the label on ~/.juniper_networks - Dontaudit attempts for mozilla_plugin to append to /dev/random - Allow polipo_daemon to connect to flash ports - Allow gssproxy_t to create replay caches - Fix nscd_shm_use() - Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services. - Add hypervkvp_unit_file_t type- init reload from systemd_localed_t - Allow domains that communicate with systemd_logind_sessions to use systemd_logind_t fd - Allow systemd_localed_t to ask systemd to reload the locale. - Add systemd_runtime_unit_file_t type for unit files that systemd creates in memory - Allow readahead to read /dev/urand - Fix lots of avcs about tuned - Any file names xenstored in /var/log should be treated as xenstored_var_log_t - Allow tuned to inderact with hugepages - Allow condor domains to list etc rw dirs- Fix nscd_shm_use() - Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services. - Add hypervkvp_unit_file_t type - Add additional fixes forpegasus_openlmi_account_t - Allow mdadm to read /dev/urand - Allow pegasus_openlmi_storage_t to create mdadm.conf and write it - Add label/rules for /etc/mdadm.conf - Allow pegasus_openlmi_storage_t to transition to fsadm_t - Fixes for interface definition problems - Dontaudit dovecot-deliver to gettatr on all fs dirs - Allow domains to search data_home_t directories - Allow cobblerd to connect to mysql - Allow mdadm to r/w kdump lock files - Add support for kdump lock files - Label zarafa-search as zarafa-indexer - Openshift cgroup wants to read /etc/passwd - Add new sandbox domains for kvm - Allow mpd to interact with pulseaudio if mpd_enable_homedirs is turned on - Fix labeling for /usr/lib/systemd/system/lvm2.* - Add labeling for /usr/lib/systemd/system/lvm2.* - Fix typos to get a new build. We should not cover filename trans rules to prevent duplicate rules - Add sshd_keygen_t policy for sshd-keygen - Fix alsa_home_filetrans interface name and definition - Allow chown for ssh_keygen_t - Add fs_dontaudit_getattr_all_dirs() - Allow init_t to manage etc_aliases_t and read xserver_var_lib_t and chrony keys - Fix up patch to allow systemd to manage home content - Allow domains to send/recv unlabeled traffic if unlabelednet.pp is enabled - Allow getty to exec hostname to get info - Add systemd_home_t for ~/.local/share/systemd directory- Fix lxc labeling in config.tgz- Fix labeling for /usr/libexec/kde4/kcmdatetimehelper - Allow tuned to search all file system directories - Allow alsa_t to sys_nice, to get top performance for sound management - Add support for MySQL/PostgreSQL for amavis - Allow openvpn_t to manage openvpn_var_log_t files. - Allow dirsrv_t to create tmpfs_t directories - Allow dirsrv to create dirs in /dev/shm with dirsrv_tmpfs label - Dontaudit leaked unix_stream_sockets into gnome keyring - Allow telepathy domains to inhibit pipes on telepathy domains - Allow cloud-init to domtrans to rpm - Allow abrt daemon to manage abrt-watch tmp files - Allow abrt-upload-watcher to search /var/spool directory - Allow nsswitch domains to manage own process key - Fix labeling for mgetty.* logs - Allow systemd to dbus chat with upower - Allow ipsec to send signull to itself - Allow setgid cap for ipsec_t - Match upstream labeling- Do not build sanbox pkg on MLS- wine_tmp is no longer needed - Allow setroubleshoot to look at /proc - Allow telepathy domains to dbus with systemd logind - Fix handling of fifo files of rpm - Allow mozilla_plugin to transition to itself - Allow certwatch to write to cert_t directories - New abrt application - Allow NetworkManager to set the kernel scheduler - Make wine_domain shared by all wine domains - Allow mdadm_t to read images labeled svirt_image_t - Allow amanda to read /dev/urand - ALlow my_print_default to read /dev/urand - Allow mdadm to write to kdumpctl fifo files - Allow nslcd to send signull to itself - Allow yppasswd to read /dev/urandom - Fix zarafa_setrlimit - Add support for /var/lib/php/wsdlcache - Add zarafa_setrlimit boolean - Allow fetchmail to send mails - Add additional alias for user_tmp_t because wine_tmp_t is no longer used - More handling of ther kernel keyring required by kerberos - New privs needed for init_t when running without transition to initrc_t over bin_t, and without unconfined domain installed- Dontaudit attempts by sosreport to read shadow_t - Allow browser sandbox plugins to connect to cups to print - Add new label mpd_home_t - Label /srv/www/logs as httpd_log_t - Add support for /var/lib/php/wsdlcache - Add zarafa_setrlimit boolean - Allow fetchmail to send mails - Add labels for apache logs under miq package - Allow irc_t to use tcp sockets - fix labels in puppet.if - Allow tcsd to read utmp file - Allow openshift_cron_t to run ssh-keygen in ssh_keygen_t to access host keys - Define svirt_socket_t as a domain_type - Take away transition from init_t to initrc_t when executing bin_t, allow init_t to run chk_passwd_t - Fix label on pam_krb5 helper apps- Allow ldconfig to write to kdumpctl fifo files - allow neutron to connect to amqp ports - Allow kdump_manage_crash to list the kdump_crash_t directory - Allow glance-api to connect to amqp port - Allow virt_qemu_ga_t to read meminfo - Add antivirus_home_t type for antivirus date in HOMEDIRS - Allow mpd setcap which is needed by pulseaudio - Allow smbcontrol to create content in /var/lib/samba - Allow mozilla_exec_t to be used as a entrypoint to mozilla_domtrans_spec - Add additional labeling for qemu-ga/fsfreeze-hook.d scripts - amanda_exec_t needs to be executable file - Allow block_suspend cap for samba-net - Allow apps that read ipsec_mgmt_var_run_t to search ipsec_var_run_t - Allow init_t to run crash utility - Treat usr_t just like bin_t for transitions and executions - Add port definition of pka_ca to port 829 for openshift - Allow selinux_store to use symlinks- Allow block_suspend cap for samba-net - Allow t-mission-control to manage gabble cache files - Allow nslcd to read /sys/devices/system/cpu - Allow selinux_store to use symlinks- Allow xdm_t to transition to itself - Call neutron interfaces instead of quantum - Allow init to change targed role to make uncofined services (xrdp which now has own systemd unit file) working. We want them to have in unconfined_t - Make sure directories in /run get created with the correct label - Make sure /root/.pki gets created with the right label - try to remove labeling for motion from zoneminder_exec_t to bin_t - Allow inetd_t to execute shell scripts - Allow cloud-init to read all domainstate - Fix to use quantum port - Add interface netowrkmanager_initrc_domtrans - Fix boinc_execmem - Allow t-mission-control to read gabble cache home - Add labeling for ~/.cache/telepathy/avatars/gabble - Allow memcache to read sysfs data - Cleanup antivirus policy and add additional fixes - Add boolean boinc_enable_execstack - Add support for couchdb in rabbitmq policy - Add interface couchdb_search_pid_dirs - Allow firewalld to read NM state - Allow systemd running as git_systemd to bind git port - Fix mozilla_plugin_rw_tmpfs_files()- Split out rlogin ports from inetd - Treat files labeld as usr_t like bin_t when it comes to transitions - Allow staff_t to read login config - Allow ipsec_t to read .google authenticator data - Allow systemd running as git_systemd to bind git port - Fix mozilla_plugin_rw_tmpfs_files() - Call the correct interface - corenet_udp_bind_ktalkd_port() - Allow all domains that can read gnome_config to read kde config - Allow sandbox domain to read/write mozilla_plugin_tmpfs_t so pulseaudio will work - Allow mdadm to getattr any file system - Allow a confined domain to executes mozilla_exec_t via dbus - Allow cupsd_lpd_t to bind to the printer port - Dontaudit attempts to bind to ports < 1024 when nis is turned on - Allow apache domain to connect to gssproxy socket - Allow rlogind to bind to the rlogin_port - Allow telnetd to bind to the telnetd_port - Allow ktalkd to bind to the ktalkd_port - Allow cvs to bind to the cvs_port- Cleanup related to init_domain()+inetd_domain fixes - Use just init_domain instead of init_daemon_domain in inetd_core_service_domain - svirt domains neeed to create kobject_uevint_sockets - Lots of new access required for sosreport - Allow tgtd_t to connect to isns ports - Allow init_t to transition to all inetd domains: - openct needs to be able to create netlink_object_uevent_sockets - Dontaudit leaks into ldconfig_t - Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls - Move kernel_stream_connect into all Xwindow using users - Dontaudit inherited lock files in ifconfig o dhcpc_t- Also sock_file trans rule is needed in lsm - Fix labeling for fetchmail pid files/dirs - Add additional fixes for abrt-upload-watch - Fix polipo.te - Fix transition rules in asterisk policy - Add fowner capability to networkmanager policy - Allow polipo to connect to tor ports - Cleanup lsmd.if - Cleanup openhpid policy - Fix kdump_read_crash() interface - Make more domains as init domain - Fix cupsd.te - Fix requires in rpm_rw_script_inherited_pipes - Fix interfaces in lsm.if - Allow munin service plugins to manage own tmpfs files/dirs - Allow virtd_t also relabel unix stream sockets for virt_image_type - Make ktalk as init domain - Fix to define ktalkd_unit_file_t correctly - Fix ktalk.fc - Add systemd support for talk-server - Allow glusterd to create sock_file in /run - Allow xdm_t to delete gkeyringd_tmp_t files on logout - Add fixes for hypervkvp policy - Add logwatch_can_sendmail boolean - Allow mysqld_safe_t to handle also symlinks in /var/log/mariadb - Allow xdm_t to delete gkeyringd_tmp_t files on logout- Add selinux-policy-sandbox pkg0 - Allow rhsmcertd to read init state - Allow fsetid for pkcsslotd - Fix labeling for /usr/lib/systemd/system/pkcsslotd.service - Allow fetchmail to create own pid with correct labeling - Fix rhcs_domain_template() - Allow roles which can run mock to read mock lib files to view results - Allow rpcbind to use nsswitch - Fix lsm.if summary - Fix collectd_t can read /etc/passwd file - Label systemd unit files under dracut correctly - Add support for pam_mount to mount user's encrypted home When a user logs in and logs out using ssh - Add support for .Xauthority-n - Label umount.crypt as lvm_exec_t - Allow syslogd to search psad lib files - Allow ssh_t to use /dev/ptmx - Make sure /run/pluto dir is created with correct labeling - Allow syslog to run shell and bin_t commands - Allow ip to relabel tun_sockets - Allow mount to create directories in files under /run - Allow processes to use inherited fifo files- Add policy for lsmd - Add support for /var/log/mariadb dir and allow mysqld_safe to list this directory - Update condor_master rules to allow read system state info and allow logging - Add labeling for /etc/condor and allow condor domain to write it (bug) - Allow condor domains to manage own logs - Allow glusterd to read domains state - Fix initial hypervkvp policy - Add policy for hypervkvpd - Fix redis.if summary- Allow boinc to connect to @/tmp/.X11-unix/X0 - Allow beam.smp to connect to tcp/5984 - Allow named to manage own log files - Add label for /usr/libexec/dcc/start-dccifd and domtrans to dccifd_t - Add virt_transition_userdomain boolean decl - Allow httpd_t to sendto unix_dgram sockets on its children - Allow nova domains to execute ifconfig - bluetooth wants to create fifo_files in /tmp - exim needs to be able to manage mailman data - Allow sysstat to getattr on all file systems - Looks like bluetoothd has moved - Allow collectd to send ping packets - Allow svirt_lxc domains to getpgid - Remove virt-sandbox-service labeling as virsh_exec_t, since it no longer does virsh_t stuff - Allow frpintd_t to read /dev/urandom - Allow asterisk_t to create sock_file in /var/run - Allow usbmuxd to use netlink_kobject - sosreport needs to getattr on lots of devices, and needs access to netlink_kobject_uevent_socket - More cleanup of svirt_lxc policy - virtd_lxc_t now talks to dbus - Dontaudit leaked ptmx_t - Allow processes to use inherited fifo files - Allow openvpn_t to connect to squid ports - Allow prelink_cron_system_t to ask systemd to reloaddd miscfiles_dontaudit_access_check_cert() - Allow ssh_t to use /dev/ptmx - Make sure /run/pluto dir is created with correct labeling - Allow syslog to run shell and bin_t commands - Allow ip to relabel tun_sockets - Allow mount to create directories in files under /run - Allow processes to use inherited fifo files - Allow user roles to connect to the journal socket- selinux_set_enforce_mode needs to be used with type - Add append to the dontaudit for unix_stream_socket of xdm_t leak - Allow xdm_t to create symlinks in log direcotries - Allow login programs to read afs config - Label 10933 as a pop port, for dovecot - New policy to allow selinux_server.py to run as semanage_t as a dbus service - Add fixes to make netlabelctl working on MLS - AVCs required for running sepolicy gui as staff_t - Dontaudit attempts to read symlinks, sepolicy gui is likely to cause this type of AVC - New dbus server to be used with new gui - After modifying some files in /etc/mail, I saw this needed on the next boot - Loading a vm from /usr/tmp with virt-manager - Clean up oracleasm policy for Fedora - Add oracleasm policy written by rlopez@redhat.com - Make postfix_postdrop_t as mta_agent to allow domtrans to system mail if it is executed by apache - Add label for /var/crash - Allow fenced to domtrans to sanclok_t - Allow nagios to manage nagios spool files - Make tfptd as home_manager - Allow kdump to read kcore on MLS system - Allow mysqld-safe sys_nice/sys_resource caps - Allow apache to search automount tmp dirs if http_use_nfs is enabled - Allow crond to transition to named_t, for use with unbound - Allow crond to look at named_conf_t, for unbound - Allow mozilla_plugin_t to transition its home content - Allow dovecot_domain to read all system and network state - Allow httpd_user_script_t to call getpw - Allow semanage to read pid files - Dontaudit leaked file descriptors from user domain into thumb - Make PAM authentication working if it is enabled in ejabberd - Add fixes for rabbit to fix ##992920,#992931 - Allow glusterd to mount filesystems - Loading a vm from /usr/tmp with virt-manager - Trying to load a VM I got an AVC from devicekit_disk for loopcontrol device - Add fix for pand service - shorewall touches own log - Allow nrpe to list /var - Mozilla_plugin_roles can not be passed into lpd_run_lpr - Allow afs domains to read afs_config files - Allow login programs to read afs config - Allow virt_domain to read virt_var_run_t symlinks - Allow smokeping to send its process signals - Allow fetchmail to setuid - Add kdump_manage_crash() interface - Allow abrt domain to write abrt.socket- Add more aliases in pegasus.te - Add more fixes for *_admin interfaces - Add interface fixes - Allow nscd to stream connect to nmbd - Allow gnupg apps to write to pcscd socket - Add more fixes for openlmi provides. Fix naming and support for additionals - Allow fetchmail to resolve host names - Allow firewalld to interact also with lnk files labeled as firewalld_etc_rw_t - Add labeling for cmpiLMI_Fan-cimprovagt - Allow net_admin for glusterd - Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/ - Add pegasus_openlmi_system_t - Fix puppet_domtrans_master() to make all puppet calling working in passenger.te - Fix corecmd_exec_chroot() - Fix logging_relabel_syslog_pid_socket interface - Fix typo in unconfineduser.te - Allow system_r to access unconfined_dbusd_t to run hp_chec- Allow xdm_t to act as a dbus client to itsel - Allow fetchmail to resolve host names - Allow gnupg apps to write to pcscd socket - Add labeling for cmpiLMI_Fan-cimprovagt - Allow net_admin for glusterd - Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/ - Add pegasus_openlmi_system_t - Fix puppet_domtrans_master() to make all puppet calling working in passenger.te -httpd_t does access_check on certs- Add support for cmpiLMI_Service-cimprovagt - Allow pegasus domtrans to rpm_t to make pycmpiLMI_Software-cimprovagt running as rpm_t - Label pycmpiLMI_Software-cimprovagt as rpm_exec_t - Add support for pycmpiLMI_Storage-cimprovagt - Add support for cmpiLMI_Networking-cimprovagt - Allow system_cronjob_t to create user_tmpfs_t to make pulseaudio working - Allow virtual machines and containers to run as user doains, needed for virt-sandbox - Allow buglist.cgi to read cpu info- Allow systemd-tmpfile to handle tmp content in print spool dir - Allow systemd-sysctl to send system log messages - Add support for RTP media ports and fmpro-internal - Make auditd working if audit is configured to perform SINGLE action on disk error - Add interfaces to handle systemd units - Make systemd-notify working if pcsd is used - Add support for netlabel and label /usr/sbin/netlabelctl as iptables_exec_t - Instead of having all unconfined domains get all of the named transition rules, - Only allow unconfined_t, init_t, initrc_t and rpm_script_t by default. - Add definition for the salt ports - Allow xdm_t to create link files in xdm_var_run_t - Dontaudit reads of blk files or chr files leaked into ldconfig_t - Allow sys_chroot for useradd_t - Allow net_raw cap for ipsec_t - Allow sysadm_t to reload services - Add additional fixes to make strongswan working with a simple conf - Allow sysadm_t to enable/disable init_t services - Add additional glusterd perms - Allow apache to read lnk files in the /mnt directory - Allow glusterd to ask the kernel to load a module - Fix description of ftpd_use_fusefs boolean - Allow svirt_lxc_net_t to sys_chroot, modify policy to tighten up svirt_lxc_domain capabilties and process controls, but add them to svirt_lxc_net_t - Allow glusterds to request load a kernel module - Allow boinc to stream connect to xserver_t - Allow sblim domains to read /etc/passwd - Allow mdadm to read usb devices - Allow collectd to use ping plugin - Make foghorn working with SNMP - Allow sssd to read ldap certs - Allow haproxy to connect to RTP media ports - Add additional trans rules for aide_db - Add labeling for /usr/lib/pcsd/pcsd - Add labeling for /var/log/pcsd - Add support for pcs which is a corosync and pacemaker configuration tool- Label /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t - Add labeling for /usr/libexec/kde4/polkit-kde-authentication-agent-1 - Allow all domains that can domtrans to shutdown, to start the power services script to shutdown - consolekit needs to be able to shut down system - Move around interfaces - Remove nfsd_rw_t and nfsd_ro_t, they don't do anything - Add additional fixes for rabbitmq_beam to allow getattr on mountpoints - Allow gconf-defaults-m to read /etc/passwd - Fix pki_rw_tomcat_cert() interface to support lnk_files- Add support for gluster ports - Make sure that all keys located in /etc/ssh/ are labeled correctly - Make sure apcuspd lock files get created with the correct label - Use getcap in gluster.te - Fix gluster policy - add additional fixes to allow beam.smp to interact with couchdb files - Additional fix for #974149 - Allow gluster to user gluster ports - Allow glusterd to transition to rpcd_t and add additional fixes for #980683 - Allow tgtd working when accessing to the passthrough device - Fix labeling for mdadm unit files- Add mdadm fixes- Fix definition of sandbox.disabled to sandbox.pp.disabled- Allow mdamd to execute systemctl - Allow mdadm to read /dev/kvm - Allow ipsec_mgmt_t to read l2tpd pid content- Allow nsd_t to read /dev/urand - Allow mdadm_t to read framebuffer - Allow rabbitmq_beam_t to read process info on rabbitmq_epmd_t - Allow mozilla_plugin_config_t to create tmp files - Cleanup openvswitch policy - Allow mozilla plugin to getattr on all executables - Allow l2tpd_t to create fifo_files in /var/run - Allow samba to touch/manage fifo_files or sock_files in a samba_share_t directory - Allow mdadm to connecto its own unix_stream_socket - FIXME: nagios changed locations to /log/nagios which is wrong. But we need to have this workaround for now. - Allow apache to access smokeping pid files - Allow rabbitmq_beam_t to getattr on all filesystems - Add systemd support for iodined - Allow nup_upsdrvctl_t to execute its entrypoint - Allow fail2ban_client to write to fail2ban_var_run_t, Also allow it to use nsswitch - add labeling for ~/.cache/libvirt-sandbox - Add interface to allow domains transitioned to by confined users to send sigchld to screen program - Allow sysadm_t to check the system status of files labeled etc_t, /etc/fstab - Allow systemd_localed to start /usr/lib/systemd/system/systemd-vconsole-setup.service - Allow an domain that has an entrypoint from a type to be allowed to execute the entrypoint without a transition, I can see no case where this is a bad thing, and elminiates a whole class of AVCs. - Allow staff to getsched all domains, required to run htop - Add port definition for redis port - fix selinuxuser_use_ssh_chroot boolean- Add prosody policy written by Michael Scherer - Allow nagios plugins to read /sys info - ntpd needs to manage own log files - Add support for HOME_DIR/.IBMERS - Allow iptables commands to read firewalld config - Allow consolekit_t to read utmp - Fix filename transitions on .razor directory - Add additional fixes to make DSPAM with LDA working - Allow snort to read /etc/passwd - Allow fail2ban to communicate with firewalld over dbus - Dontaudit openshift_cgreoup_file_t read/write leaked dev - Allow nfsd to use mountd port - Call th proper interface - Allow openvswitch to read sys and execute plymouth - Allow tmpwatch to read /var/spool/cups/tmp - Add support for /usr/libexec/telepathy-rakia - Add systemd support for zoneminder - Allow mysql to create files/directories under /var/log/mysql - Allow zoneminder apache scripts to rw zoneminder tmpfs - Allow httpd to manage zoneminder lib files - Add zoneminder_run_sudo boolean to allow to start zoneminder - Allow zoneminder to send mails - gssproxy_t sock_file can be under /var/lib - Allow web domains to connect to whois port. - Allow sandbox_web_type to connect to the same ports as mozilla_plugin_t. - We really need to add an interface to corenet to define what a web_client_domain is and - then define chrome_sandbox_t, mozilla_plugin_t and sandbox_web_type to that domain. - Add labeling for cmpiLMI_LogicalFile-cimprovagt - Also make pegasus_openlmi_logicalfile_t as unconfined to have unconfined_domain attribute for filename trans rules - Update policy rules for pegasus_openlmi_logicalfile_t - Add initial types for logicalfile/unconfined OpenLMI providers - mailmanctl needs to read own log - Allow logwatch manage own lock files - Allow nrpe to read meminfo - Allow httpd to read certs located in pki-ca - Add pki_read_tomcat_cert() interface - Add support for nagios openshift plugins - Add port definition for redis port - fix selinuxuser_use_ssh_chroot boolean- Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean. - Allow bootloader to manage generic log files - Allow ftp to bind to port 989 - Fix label of new gear directory - Add support for new directory /var/lib/openshift/gears/ - Add openshift_manage_lib_dirs() - allow virtd domains to manage setrans_var_run_t - Allow useradd to manage all openshift content - Add support so that mozilla_plugin_t can use dri devices - Allow chronyd to change the scheduler - Allow apmd to shut downthe system - Devicekit_disk_t needs to manage /etc/fstab- Make DSPAM to act as a LDA working - Allow ntop to create netlink socket - Allow policykit to send a signal to policykit-auth - Allow stapserver to dbus chat with avahi/systemd-logind - Fix labeling on haproxy unit file - Clean up haproxy policy - A new policy for haproxy and placed it to rhcs.te - Add support for ldirectord and treat it with cluster_t - Make sure anaconda log dir is created with var_log_t- Allow lvm_t to create default targets for filesystem handling - Fix labeling for razor-lightdm binaries - Allow insmod_t to read any file labeled var_lib_t - Add policy for pesign - Activate policy for cmpiLMI_Account-cimprovagt - Allow isnsd syscall=listen - /usr/libexec/pegasus/cimprovagt needs setsched caused by sched_setscheduler - Allow ctdbd to use udp/4379 - gatherd wants sys_nice and setsched - Add support for texlive2012 - Allow NM to read file_t (usb stick with no labels used to transfer keys for example) - Allow cobbler to execute apache with domain transition- condor_collector uses tcp/9000 - Label /usr/sbin/virtlockd as virtd_exec_t for now - Allow cobbler to execute ldconfig - Allow NM to execute ssh - Allow mdadm to read /dev/crash - Allow antivirus domains to connect to snmp port - Make amavisd-snmp working correctly - Allow nfsd_t to mounton nfsd_fs_t - Add initial snapper policy - We still need to have consolekit policy - Dontaudit firefox attempting to connect to the xserver_port_t if run within sandbox_web_t - Dontaudit sandbox apps attempting to open user_devpts_t - Allow dirsrv to read network state - Fix pki_read_tomcat_lib_files - Add labeling for /usr/libexec/nm-ssh-service - Add label cert_t for /var/lib/ipa/pki-ca/publish - Lets label /sys/fs/cgroup as cgroup_t for now, to keep labels consistant - Allow nfsd_t to mounton nfsd_fs_t - Dontaudit sandbox apps attempting to open user_devpts_t - Allow passwd_t to change role to system_r from unconfined_r- Don't audit access checks by sandbox xserver on xdb var_lib - Allow ntop to read usbmon devices - Add labeling for new polcykit authorizor - Dontaudit access checks from fail2ban_client - Don't audit access checks by sandbox xserver on xdb var_lib - Allow apps that connect to xdm stream to conenct to xdm_dbusd_t stream - Fix labeling for all /usr/bim/razor-lightdm-* binaries - Add filename trans for /dev/md126p1- Make vdagent able to request loading kernel module - Add support for cloud-init make it as unconfined domain - Allow snmpd to run smartctl in fsadm_t domain - remove duplicate openshift_search_lib() interface - Allow mysqld to search openshift lib files - Allow openshift cgroup to interact with passedin file descriptors - Allow colord to list directories inthe users homedir - aide executes prelink to check files - Make sure cupsd_t creates content in /etc/cups with the correct label - Lest dontaudit apache read all domains, so passenger will not cause this avc - Allow gssd to connect to gssproxy - systemd-tmpfiles needs to be able to raise the level to fix labeling on /run/setrans in MLS - Allow systemd-tmpfiles to relabel also lock files - Allow useradd to add homdir in /var/lib/openshift - Allow setfiles and semanage to write output to /run/files- Add labeling for /dev/tgt - Dontaudit leak fd from firewalld for modprobe - Allow runuser running as rpm_script_t to create netlink_audit socket - Allow mdadm to read BIOS non-volatile RAM- accountservice watches when accounts come and go in wtmp - /usr/java/jre1.7.0_21/bin/java needs to create netlink socket - Add httpd_use_sasl boolean - Allow net_admin for tuned_t - iscsid needs sys_module to auto-load kernel modules - Allow blueman to read bluetooth conf - Add nova_manage_lib_files() interface - Fix mplayer_filetrans_home_content() - Add mplayer_filetrans_home_content() - mozilla_plugin_config_roles need to be able to access mozilla_plugin_config_t - Revert "Allow thumb_t to append inherited xdm stream socket" - Add iscsi_filetrans_named_content() interface - Allow to create .mplayer with the correct labeling for unconfined - Allow iscsiadmin to create lock file with the correct labeling- Allow wine to manage wine home content - Make amanda working with socket actiovation - Add labeling for /usr/sbin/iscsiadm - Add support for /var/run/gssproxy.sock - dnsmasq_t needs to read sysctl_net_t- Fix courier_domain_template() interface - Allow blueman to write ip_forward - Allow mongodb to connect to mongodb port - Allow mongodb to connect to mongodb port - Allow java to bind jobss_debug port - Fixes for *_admin interfaces - Allow iscsid auto-load kernel modules needed for proper iSCSI functionality - Need to assign attribute for courier_domain to all courier_domains - Fail2ban reads /etc/passwd - postfix_virtual will create new files in postfix_spool_t - abrt triggers sys_ptrace by running pidof - Label ~/abc as mozilla_home_t, since java apps as plugin want to create it - Add passenger fixes needed by foreman - Remove dup interfaces - Add additional interfaces for quantum - Add new interfaces for dnsmasq - Allow passenger to read localization and send signull to itself - Allow dnsmasq to stream connect to quantum - Add quantum_stream_connect() - Make sure that mcollective starts the service with the correct labeling - Add labels for ~/.manpath - Dontaudit attempts by svirt_t to getpw* calls - sandbox domains are trying to look at parent process data - Allow courior auth to create its pid file in /var/spool/courier subdir - Add fixes for beam to have it working with couchdb - Add labeling for /run/nm-xl2tpd.con - Allow apache to stream connect to thin - Add systemd support for amand - Make public types usable for fs mount points - Call correct mandb interface in domain.te - Allow iptables to r/w quantum inherited pipes and send sigchld - Allow ifconfig domtrans to iptables and execute ldconfig - Add labels for ~/.manpath - Allow systemd to read iscsi lib files - seunshare is trying to look at parent process data- Fix openshift_search_lib - Add support for abrt-uefioops-oops - Allow colord to getattr any file system - Allow chrome processes to look at each other - Allow sys_ptrace for abrt_t - Add new policy for gssproxy - Dontaudit leaked file descriptor writes from firewalld - openshift_net_type is interface not template - Dontaudit pppd to search gnome config - Update openshift_search_lib() interface - Add fs_list_pstorefs() - Fix label on libbcm_host.so since it is built incorrectly on raspberry pi, needs back port to F18 - Better labels for raspberry pi devices - Allow init to create devpts_t directory - Temporarily label rasbery pi devices as memory_device_t, needs back port to f18 - Allow sysadm_t to build kernels - Make sure mount creates /var/run/blkid with the correct label, needs back port to F18 - Allow userdomains to stream connect to gssproxy - Dontaudit leaked file descriptor writes from firewalld - Allow xserver to read /dev/urandom - Add additional fixes for ipsec-mgmt - Make SSHing into an Openshift Enterprise Node working- Add transition rules to unconfined domains and to sysadm_t to create /etc/adjtime - with the proper label. - Update files_filetrans_named_content() interface to get right labeling for pam.d conf files - Allow systemd-timedated to create adjtime - Add clock_create_adjtime() - Additional fix ifconfing for #966106 - Allow kernel_t to create boot.log with correct labeling - Remove unconfined_mplayer for which we don't have rules - Rename interfaces - Add userdom_manage_user_home_files/dirs interfaces - Fix files_dontaudit_read_all_non_security_files - Fix ipsec_manage_key_file() - Fix ipsec_filetrans_key_file() - Label /usr/bin/razor-lightdm-greeter as xdm_exec_t instead of spamc_exec_t - Fix labeling for ipse.secrets - Add interfaces for ipsec and labeling for ipsec.info and ipsec_setup.pid - Add files_dontaudit_read_all_non_security_files() interface - /var/log/syslog-ng should be labeled var_log_t - Make ifconfig_var_run_t a mountpoint - Add transition from ifconfig to dnsmasq - Allow ifconfig to execute bin_t/shell_exec_t - We want to have hwdb.bin labeled as etc_t - update logging_filetrans_named_content() interface - Allow systemd_timedate_t to manage /etc/adjtime - Allow NM to send signals to l2tpd - Update antivirus_can_scan_system boolean - Allow devicekit_disk_t to sys_config_tty - Run abrt-harvest programs as abrt_t, and allow abrt_t to list all filesystem directories - Make printing from vmware working - Allow php-cgi from php54 collection to access /var/lib/net-snmp/mib_indexes - Add virt_qemu_ga_data_t for qemu-ga - Make chrome and mozilla able to connect to same ports, add jboss_management_port_t to both - Fix typo in virt.te - Add virt_qemu_ga_unconfined_t for hook scripts - Make sure NetworkManager files get created with the correct label - Add mozilla_plugin_use_gps boolean - Fix cyrus to have support for net-snmp - Additional fixes for dnsmasq and quantum for #966106 - Add plymouthd_create_log() - remove httpd_use_oddjob for which we don't have rules - Add missing rules for httpd_can_network_connect_cobbler - Add missing cluster_use_execmem boolean - Call userdom_manage_all_user_home_type_files/dirs - Additional fix for ftp_home_dir - Fix ftp_home_dir boolean - Allow squit to recv/send client squid packet - Fix nut.te to have nut_domain attribute - Add support for ejabberd; TODO: revisit jabberd and rabbit policy - Fix amanda policy - Add more fixes for domains which use libusb - Make domains which use libusb working correctly - Allow l2tpd to create ipsec key files with correct labeling and manage them - Fix cobbler_manage_lib_files/cobbler_read_lib_files to cover also lnk files - Allow rabbitmq-beam to bind generic node - Allow l2tpd to read ipse-mgmt pid files - more fixes for l2tpd, NM and pppd from #967072- Dontaudit to getattr on dirs for dovecot-deliver - Allow raiudusd server connect to postgresql socket - Add kerberos support for radiusd - Allow saslauthd to connect to ldap port - Allow postfix to manage postfix_private_t files - Add chronyd support for #965457 - Fix labeling for HOME_DIR/\.icedtea - CHange squid and snmpd to be allowed also write own logs - Fix labeling for /usr/libexec/qemu-ga - Allow virtd_t to use virt_lock_t - Allow also sealert to read the policy from the kernel - qemu-ga needs to execute scripts in /usr/libexec/qemu-ga and to use /tmp content - Dontaudit listing of users homedir by sendmail Seems like a leak - Allow passenger to transition to puppet master - Allow apache to connect to mythtv - Add definition for mythtv ports- Add additional fixes for #948073 bug - Allow sge_execd_t to also connect to sge ports - Allow openshift_cron_t to manage openshift_var_lib_t sym links - Allow openshift_cron_t to manage openshift_var_lib_t sym links - Allow sge_execd to bind sge ports. Allow kill capability and reads cgroup files - Remove pulseaudio filetrans pulseaudio_manage_home_dirs which is a part of pulseaudio_manage_home_files - Add networkmanager_stream_connect() - Make gnome-abrt wokring with staff_t - Fix openshift_manage_lib_files() interface - mdadm runs ps command which seems to getattr on random log files - Allow mozilla_plugin_t to create pulseaudit_home_t directories - Allow qemu-ga to shutdown virtual hosts - Add labelling for cupsd-browsed - Add web browser plugins to connect to aol ports - Allow nm-dhcp-helper to stream connect to NM - Add port definition for sge ports- Make sure users and unconfined domains create .hushlogin with the correct label - Allow pegaus to chat with realmd over DBus - Allow cobblerd to read network state - Allow boicn-client to stat on /dev/input/mice - Allow certwatch to read net_config_t when it executes apache - Allow readahead to create /run/systemd and then create its own directory with the correct label- Transition directories and files when in a user_tmp_t directory - Change certwatch to domtrans to apache instead of just execute - Allow virsh_t to read xen lib files - update policy rules for pegasus_openlmi_account_t - Add support for svnserve_tmp_t - Activate account openlmi policy - pegasus_openlmi_domain_template needs also require pegasus_t - One more fix for policykit.te - Call fs_list_cgroups_dirs() in policykit.te - Allow nagios service plugin to read mysql config files - Add labeling for /var/svn - Fix chrome.te - Fix pegasus_openlmi_domain_template() interfaces - Fix dev_rw_vfio_dev definiton, allow virtd_t to read tmpfs_t symlinks - Fix location of google-chrome data - Add support for chome_sandbox to store content in the homedir - Allow policykit to watch for changes in cgroups file system - Add boolean to allow mozilla_plugin_t to use spice - Allow collectd to bind to udp port - Allow collected_t to read all of /proc - Should use netlink socket_perms - Should use netlink socket_perms - Allow glance domains to connect to apache ports - Allow apcupsd_t to manage its log files - Allow chrome objects to rw_inherited unix_stream_socket from callers - Allow staff_t to execute virtd_exec_t for running vms - nfsd_t needs to bind mountd port to make nfs-mountd.service working - Allow unbound net_admin capability because of setsockopt syscall - Fix fs_list_cgroup_dirs() - Label /usr/lib/nagios/plugins/utils.pm as bin_t - Remove uplicate definition of fs_read_cgroup_files() - Remove duplicate definition of fs_read_cgroup_files() - Add files_mountpoint_filetrans interface to be used by quotadb_t and snapperd - Additional interfaces needed to list and read cgroups config - Add port definition for collectd port - Add labels for /dev/ptp* - Allow staff_t to execute virtd_exec_t for running vms- Allow samba-net to also read realmd tmp files - Allow NUT to use serial ports - realmd can be started by systemctl now- Remove userdom_home_manager for xdm_t and move all rules to xserver.te directly - Add new xdm_write_home boolean to allow xdm_t to create files in HOME dirs with xdm_home_t - Allow postfix-showq to read/write unix.showq in /var/spool/postfix/pid - Allow virsh to read xen lock file - Allow qemu-ga to create files in /run with proper labeling - Allow glusterd to connect to own socket in /tmp - Allow glance-api to connect to http port to make glance image-create working - Allow keystonte_t to execute rpm- Fix realmd cache interfaces- Allow tcpd to execute leafnode - Allow samba-net to read realmd cache files - Dontaudit sys_tty_config for alsactl - Fix allow rules for postfix_var_run - Allow cobblerd to read /etc/passwd - Allow pegasus to read exports - Allow systemd-timedate to read xdm state - Allow mout to stream connect to rpcbind - Add labeling just for /usr/share/pki/ca-trust-source instead of /usr/share/pki- Allow thumbnails to share memory with apps which run thumbnails - Allow postfix-postqueue block_suspend - Add lib interfaces for smsd - Add support for nginx - Allow s2s running as jabberd_t to connect to jabber_interserver_port_t - Allow pki apache domain to create own tmp files and execute httpd_suexec - Allow procmail to manger user tmp files/dirs/lnk_files - Add virt_stream_connect_svirt() interface - Allow dovecot-auth to execute bin_t - Allow iscsid to request that kernel load a kernel module - Add labeling support for /var/lib/mod_security - Allow iw running as tuned_t to create netlink socket - Dontaudit sys_tty_config for thumb_t - Add labeling for nm-l2tp-service - Allow httpd running as certwatch_t to open tcp socket - Allow useradd to manager smsd lib files - Allow useradd_t to add homedirs in /var/lib - Fix typo in userdomain.te - Cleanup userdom_read_home_certs - Implement userdom_home_reader_certs_type to allow read certs also on encrypt /home with ecryptfs_t - Allow staff to stream connect to svirt_t to make gnome-boxes working- Allow lvm to create its own unit files - Label /var/lib/sepolgen as selinux_config_t - Add filetrans rules for tw devices - Add transition from cupsd_config_t to cupsd_t- Add filetrans rules for tw devices - Cleanup bad transition lines- Fix lockdev_manage_files() - Allow setroubleshootd to read var_lib_t to make email_alert working - Add lockdev_manage_files() - Call proper interface in virt.te - Allow gkeyring_domain to create /var/run/UID/config/dbus file - system dbus seems to be blocking suspend - Dontaudit attemps to sys_ptrace, which I believe gpsd does not need - When you enter a container from root, you generate avcs with a leaked file descriptor - Allow mpd getattr on file system directories - Make sure realmd creates content with the correct label - Allow systemd-tty-ask to write kmsg - Allow mgetty to use lockdev library for device locking - Fix selinuxuser_user_share_music boolean name to selinuxuser_share_music - When you enter a container from root, you generate avcs with a leaked file descriptor - Make sure init.fc files are labeled correctly at creation - File name trans vconsole.conf - Fix labeling for nagios plugins - label shared libraries in /opt/google/chrome as testrel_shlib_t- Allow certmonger to dbus communicate with realmd - Make realmd working- Fix mozilla specification of homedir content - Allow certmonger to read network state - Allow tmpwatch to read tmp in /var/spool/{cups,lpd} - Label all nagios plugin as unconfined by default - Add httpd_serve_cobbler_files() - Allow mdadm to read /dev/sr0 and create tmp files - Allow certwatch to send mails - Fix labeling for nagios plugins - label shared libraries in /opt/google/chrome as testrel_shlib_t- Allow realmd to run ipa, really needs to be an unconfined_domain - Allow sandbox domains to use inherted terminals - Allow pscd to use devices labeled svirt_image_t in order to use cat cards. - Add label for new alsa pid - Alsa now uses a pid file and needs to setsched - Fix oracleasmfs_t definition - Add support for sshd_unit_file_t - Add oracleasmfs_t - Allow unlabeled_t files to be stored on unlabeled_t filesystems- Fix description of deny_ptrace boolean - Remove allow for execmod lib_t for now - Allow quantum to connect to keystone port - Allow nova-console to talk with mysql over unix stream socket - Allow dirsrv to stream connect to uuidd - thumb_t needs to be able to create ~/.cache if it does not exist - virtd needs to be able to sys_ptrace when starting and stoping containers- Allow alsa_t signal_perms, we probaly should search for any app that can execute something without transition and give it signal_perms... - Add dontaudit for mozilla_plugin_t looking at the xdm_t sockets - Fix deny_ptrace boolean, certain ptrace leaked into the system - Allow winbind to manage kerberos_rcache_host - Allow spamd to create spamd_var_lib_t directories - Remove transition to mozilla_tmp_t by mozilla_t, to allow it to manage the users tmp dirs - Add mising nslcd_dontaudit_write_sock_file() interface - one more fix - Fix pki_read_tomcat_lib_files() interface - Allow certmonger to read pki-tomcat lib files - Allow certwatch to execute bin_t - Allow snmp to manage /var/lib/net-snmp files - Call snmp_manage_var_lib_files(fogorn_t) instead of snmp_manage_var_dirs - Fix vmware_role() interface - Fix cobbler_manage_lib_files() interface - Allow nagios check disk plugins to execute bin_t - Allow quantum to transition to openvswitch_t - Allow postdrop to stream connect to postfix-master - Allow quantum to stream connect to openvswitch - Add xserver_dontaudit_xdm_rw_stream_sockets() interface - Allow daemon to send dgrams to initrc_t - Allow kdm to start the power service to initiate a reboot or poweroff- Add mising nslcd_dontaudit_write_sock_file() interface - one more fix - Fix pki_read_tomcat_lib_files() interface - Allow certmonger to read pki-tomcat lib files - Allow certwatch to execute bin_t - Allow snmp to manage /var/lib/net-snmp files - Don't audit attempts to write to stream socket of nscld by thumbnailers - Allow git_system_t to read network state - Allow pegasas to execute mount command - Fix desc for drdb_admin - Fix condor_amin() - Interface fixes for uptime, vdagent, vnstatd - Fix labeling for moodle in /var/www/moodle/data - Add interface fixes - Allow bugzilla to read certs - /var/www/moodle needs to be writable by apache - Add interface to dontaudit attempts to send dbus messages to systemd domains, for xguest - Fix namespace_init_t to create content with proper labels, and allow it to manage all user content - Allow httpd_t to connect to osapi_compute port using httpd_use_openstack bolean - Fixes for dlm_controld - Fix apache_read_sys_content_rw_dirs() interface - Allow logrotate to read /var/log/z-push dir - Fix sys_nice for cups_domain - Allow postfix_postdrop to acces postfix_public socket - Allow sched_setscheduler for cupsd_t - Add missing context for /usr/sbin/snmpd - Kernel_t needs mac_admin in order to support labeled NFS - Fix systemd_dontaudit_dbus_chat() interface - Add interface to dontaudit attempts to send dbus messages to systemd domains, for xguest - Allow consolehelper domain to write Xauth files in /root - Add port definition for osapi_compute port - Allow unconfined to create /etc/hostname with correct labeling - Add systemd_filetrans_named_hostname() interface- Allow httpd_t to connect to osapi_compute port using httpd_use_openstack bolean - Fixes for dlm_controld - Fix apache_read_sys_content_rw_dirs() interface - Allow logrotate to read /var/log/z-push dir - Allow postfix_postdrop to acces postfix_public socket - Allow sched_setscheduler for cupsd_t - Add missing context for /usr/sbin/snmpd - Allow consolehelper more access discovered by Tom London - Allow fsdaemon to send signull to all domain - Add port definition for osapi_compute port - Allow unconfined to create /etc/hostname with correct labeling - Add systemd_filetrans_named_hostname() interface- Fix file_contexts.subs to label /run/lock correctly- Try to label on controlC devices up to 30 correctly - Add mount_rw_pid_files() interface - Add additional mount/umount interfaces needed by mock - fsadm_t sends audit messages in reads kernel_ipc_info when doing livecd-iso-to-disk - Fix tabs - Allow initrc_domain to search rgmanager lib files - Add more fixes which make mock working together with confined users * Allow mock_t to manage rpm files * Allow mock_t to read rpm log files * Allow mock to setattr on tmpfs, devpts * Allow mount/umount filesystems - Add rpm_read_log() interface - yum-cron runs rpm from within it. - Allow tuned to transition to dmidecode - Allow firewalld to do net_admin - Allow mock to unmont tmpfs_t - Fix virt_sigkill() interface - Add additional fixes for mock. Mainly caused by mount running in mock_t - Allow mock to write sysfs_t and mount pid files - Add mailman_domain to mailman_template() - Allow openvswitch to execute shell - Allow qpidd to use kerberos - Allow mailman to use fusefs, needs back port to RHEL6 - Allow apache and its scripts to use anon_inodefs - Add alias for git_user_content_t and git_sys_content_t so that RHEL6 will update to RHEL7 - Realmd needs to connect to samba ports, needs back port to F18 also - Allow colord to read /run/initial-setup- - Allow sanlock-helper to send sigkill to virtd which is registred to sanlock - Add virt_kill() interface - Add rgmanager_search_lib() interface - Allow wdmd to getattr on all filesystems. Back ported from RHEL6- Allow realmd to create tmp files - FIx ircssi_home_t type to irssi_home_t - Allow adcli running as realmd_t to connect to ldap port - Allow NetworkManager to transition to ipsec_t, for running strongswan - Make openshift_initrc_t an lxc_domain - Allow gssd to manage user_tmp_t files - Fix handling of irclogs in users homedir - Fix labeling for drupal an wp-content in subdirs of /var/www/html - Allow abrt to read utmp_t file - Fix openshift policy to transition lnk_file, sock-file an fifo_file when created in a tmpfs_t, needs back port to RHEL6 - fix labeling for (oo|rhc)-restorer-wrapper.sh - firewalld needs to be able to write to network sysctls - Fix mozilla_plugin_dontaudit_rw_sem() interface - Dontaudit generic ipc read/write to a mozilla_plugin for sandbox_x domains - Add mozilla_plugin_dontaudit_rw_sem() interface - Allow svirt_lxc_t to transition to openshift domains - Allow condor domains block_suspend and dac_override caps - Allow condor_master to read passd - Allow condor_master to read system state - Allow NetworkManager to transition to ipsec_t, for running strongswan - Lots of access required by lvm_t to created encrypted usb device - Allow xdm_t to dbus communicate with systemd_localed_t - Label strongswan content as ipsec_exec_mgmt_t for now - Allow users to dbus chat with systemd_localed - Fix handling of .xsession-errors in xserver.if, so kde will work - Might be a bug but we are seeing avc's about people status on init_t:service - Make sure we label content under /var/run/lock as <> - Allow daemon and systemprocesses to search init_var_run_t directory - Add boolean to allow xdm to write xauth data to the home directory - Allow mount to write keys for the unconfined domain - Add unconfined_write_keys() interface- Add labeling for /usr/share/pki - Allow programs that read var_run_t symlinks also read var_t symlinks - Add additional ports as mongod_port_t for 27018, 27019, 28017, 28018 and 28019 ports - Fix labeling for /etc/dhcp directory - add missing systemd_stub_unit_file() interface - Add files_stub_var() interface - Add lables for cert_t directories - Make localectl set-x11-keymap working at all - Allow abrt to manage mock build environments to catch build problems. - Allow virt_domains to setsched for running gdb on itself - Allow thumb_t to execute user home content - Allow pulseaudio running as mozilla_plugin_t to read /run/systemd/users/1000 - Allow certwatch to execut /usr/bin/httpd - Allow cgred to send signal perms to itself, needs back port to RHEL6 - Allow openshift_cron_t to look at quota - Allow cups_t to read inhered tmpfs_t from the kernel - Allow yppasswdd to use NIS - Tuned wants sys_rawio capability - Add ftpd_use_fusefs boolean - Allow dirsrvadmin_t to signal itself- Allow localectl to read /etc/X11/xorg.conf.d directory - Revert "Revert "Fix filetrans rules for kdm creates .xsession-errors"" - Allow mount to transition to systemd_passwd_agent - Make sure abrt directories are labeled correctly - Allow commands that are going to read mount pid files to search mount_var_run_t - label /usr/bin/repoquery as rpm_exec_t - Allow automount to block suspend - Add abrt_filetrans_named_content so that abrt directories get labeled correctly - Allow virt domains to setrlimit and read file_context- Allow nagios to manage nagios spool files - /var/spool/snmptt is a directory which snmdp needs to write to, needs back port to RHEL6 - Add swift_alias.* policy files which contain typealiases for swift types - Add support for /run/lock/opencryptoki - Allow pkcsslotd chown capability - Allow pkcsslotd to read passwd - Add rsync_stub() interface - Allow systemd_timedate also manage gnome config homedirs - Label /usr/lib64/security/pam_krb5/pam_krb5_cchelper as bin_t - Fix filetrans rules for kdm creates .xsession-errors - Allow sytemd_tmpfiles to create wtmp file - Really should not label content under /var/lock, since it could have labels on it different from var_lock_t - Allow systemd to list all file system directories - Add some basic stub interfaces which will be used in PRODUCT policies- Fix log transition rule for cluster domains - Start to group all cluster log together - Dont use filename transition for POkemon Advanced Adventure until a new checkpolicy update - cups uses usbtty_device_t devices - These fixes were all required to build a MLS virtual Machine with single level desktops - Allow domains to transiton using httpd_exec_t - Allow svirt domains to manage kernel key rings - Allow setroubleshoot to execute ldconfig - Allow firewalld to read generate gnome data - Allow bluetooth to read machine-info - Allow boinc domain to send signal to itself - Fix gnome_filetrans_home_content() interface - Allow mozilla_plugins to list apache modules, for use with gxine - Fix labels for POkemon in the users homedir - Allow xguest to read mdstat - Dontaudit virt_domains getattr on /dev/* - These fixes were all required to build a MLS virtual Machine with single level desktops - Need to back port this to RHEL6 for openshift - Add tcp/8891 as milter port - Allow nsswitch domains to read sssd_var_lib_t files - Allow ping to read network state. - Fix typo - Add labels to /etc/X11/xorg.d and allow systemd-timestampd_t to manage them- Adopt swift changes from lhh@redhat.com - Add rhcs_manage_cluster_pid_files() interface - Allow screen domains to configure tty and setup sock_file in ~/.screen directory - ALlow setroubleshoot to read default_context_t, needed to backport to F18 - Label /etc/owncloud as being an apache writable directory - Allow sshd to stream connect to an lxc domain- Allow postgresql to manage rgmanager pid files - Allow postgresql to read ccs data - Allow systemd_domain to send dbus messages to policykit - Add labels for /etc/hostname and /etc/machine-info and allow systemd-hostnamed to create them - All systemd domains that create content are reading the file_context file and setfscreate - Systemd domains need to search through init_var_run_t - Allow sshd to communicate with libvirt to set containers labels - Add interface to manage pid files - Allow NetworkManger_t to read /etc/hostname - Dontaudit leaked locked files into openshift_domains - Add fixes for oo-cgroup-read - it nows creates tmp files - Allow gluster to manage all directories as well as files - Dontaudit chrome_sandbox_nacl_t using user terminals - Allow sysstat to manage its own log files - Allow virtual machines to setrlimit and send itself signals. - Add labeling for /var/run/hplip- Fix POSTIN scriptlet- Merge rgmanger, corosync,pacemaker,aisexec policies to cluster_t in rhcs.pp- Fix authconfig.py labeling - Make any domains that write homedir content do it correctly - Allow glusterd to read/write anyhwere on the file system by default - Be a little more liberal with the rsync log files - Fix iscsi_admin interface - Allow iscsid_t to read /dev/urand - Fix up iscsi domain for use with unit files - Add filename transition support for spamassassin policy - Allow web plugins to use badly formated libraries - Allow nmbd_t to create samba_var_t directories - Add filename transition support for spamassassin policy - Add filename transition support for tvtime - Fix alsa_home_filetrans_alsa_home() interface - Move all userdom_filetrans_home_content() calling out of booleans - Allow logrotote to getattr on all file sytems - Remove duplicate userdom_filetrans_home_content() calling - Allow kadmind to read /etc/passwd - Dontaudit append .xsession-errors file on ecryptfs for policykit-auth - Allow antivirus domain to manage antivirus db links - Allow logrotate to read /sys - Allow mandb to setattr on man dirs - Remove mozilla_plugin_enable_homedirs boolean - Fix ftp_home_dir boolean - homedir mozilla filetrans has been moved to userdom_home_manager - homedir telepathy filetrans has been moved to userdom_home_manager - Remove gnome_home_dir_filetrans() from gnome_role_gkeyringd() - Might want to eventually write a daemon on fusefsd. - Add policy fixes for sshd [net] child from plautrba@redhat.com - Tor uses a new port - Remove bin_t for authconfig.py - Fix so only one call to userdom_home_file_trans - Allow home_manager_types to create content with the correctl label - Fix all domains that write data into the homedir to do it with the correct label - Change the postgresql to use proper boolean names, which is causing httpd_t to - not get access to postgresql_var_run_t - Hostname needs to send syslog messages - Localectl needs to be able to send dbus signals to users - Make sure userdom_filetrans_type will create files/dirs with user_home_t labeling by default - Allow user_home_manger domains to create spam* homedir content with correct labeling - Allow user_home_manger domains to create HOMEDIR/.tvtime with correct labeling - Add missing miscfiles_setattr_man_pages() interface and for now comment some rules for userdom_filetrans_type to make build process working - Declare userdom_filetrans_type attribute - userdom_manage_home_role() needs to be called withoout usertype attribute because of userdom_filetrans_type attribute - fusefsd is mounding a fuse file system on /run/user/UID/gvfs- Man pages are now generated in the build process - Allow cgred to list inotifyfs filesystem- Allow gluster to get attrs on all fs - New access required for virt-sandbox - Allow dnsmasq to execute bin_t - Allow dnsmasq to create content in /var/run/NetworkManager - Fix openshift_initrc_signal() interface - Dontaudit openshift domains doing getattr on other domains - Allow consolehelper domain to communicate with session bus - Mock should not be transitioning to any other domains, we should keep mock_t as mock_t - Update virt_qemu_ga_t policy - Allow authconfig running from realmd to restart oddjob service - Add systemd support for oddjob - Add initial policy for realmd_consolehelper_t which if for authconfig executed by realmd - Add labeling for gnashpluginrc - Allow chrome_nacl to execute /dev/zero - Allow condor domains to read /proc - mozilla_plugin_t will getattr on /core if firefox crashes - Allow condor domains to read /etc/passwd - Allow dnsmasq to execute shell scripts, openstack requires this access - Fix glusterd labeling - Allow virtd_t to interact with the socket type - Allow nmbd_t to override dac if you turned on sharing all files - Allow tuned to created kobject_uevent socket - Allow guest user to run fusermount - Allow openshift to read /proc and locale - Allow realmd to dbus chat with rpm - Add new interface for virt - Remove depracated interfaces - Allow systemd_domains read access on etc, etc_runtime and usr files, also allow them to connect stream to syslog socket - /usr/share/munin/plugins/plugin.sh should be labeled as bin_t - Remove some more unconfined_t process transitions, that I don't believe are necessary - Stop transitioning uncofnined_t to checkpc - dmraid creates /var/lock/dmraid - Allow systemd_localed to creatre unix_dgram_sockets - Allow systemd_localed to write kernel messages. - Also cleanup systemd definition a little. - Fix userdom_restricted_xwindows_user_template() interface - Label any block devices or char devices under /dev/infiniband as fixed_disk_device_t - User accounts need to dbus chat with accountsd daemon - Gnome requires all users to be able to read /proc/1/- virsh now does a setexeccon call - Additional rules required by openshift domains - Allow svirt_lxc_domains to use inherited terminals, needed to make virt-sandbox-service execute work - Allow spamd_update_t to search spamc_home_t - Avcs discovered by mounting an isci device under /mnt - Allow lspci running as logrotate to read pci.ids - Additional fix for networkmanager_read_pid_files() - Fix networkmanager_read_pid_files() interface - Allow all svirt domains to connect to svirt_socket_t - Allow virsh to set SELinux context for a process. - Allow tuned to create netlink_kobject_uevent_socket - Allow systemd-timestamp to set SELinux context - Add support for /var/lib/systemd/linger - Fix ssh_sysadm_login to be working on MLS as expected- Rename files_rw_inherited_tmp_files to files_rw_inherited_tmp_file - Add missing files_rw_inherited_tmp_files interface - Add additional interface for ecryptfs - ALlow nova-cert to connect to postgresql - Allow keystone to connect to postgresql - Allow all cups domains to getattr on filesystems - Allow pppd to send signull - Allow tuned to execute ldconfig - Allow gpg to read fips_enabled - Add additional fixes for ecryptfs - Allow httpd to work with posgresql - Allow keystone getsched and setsched- Allow gpg to read fips_enabled - Add support for /var/cache/realmd - Add support for /usr/sbin/blazer_usb and systemd support for nut - Add labeling for fenced_sanlock and allow sanclok transition to fenced_t - bitlbee wants to read own log file - Allow glance domain to send a signal itself - Allow xend_t to request that the kernel load a kernel module - Allow pacemaker to execute heartbeat lib files - cleanup new swift policy- Fix smartmontools - Fix userdom_restricted_xwindows_user_template() interface - Add xserver_xdm_ioctl_log() interface - Allow Xusers to ioctl lxdm.log to make lxdm working - Add MLS fixes to make MLS boot/log-in working - Add mls_socket_write_all_levels() also for syslogd - fsck.xfs needs to read passwd - Fix ntp_filetrans_named_content calling in init.te - Allow postgresql to create pg_log dir - Allow sshd to read rsync_data_t to make rsync working - Change ntp.conf to be labeled net_conf_t - Allow useradd to create homedirs in /run. ircd-ratbox does this and we should just allow it - Allow xdm_t to execute gstreamer home content - Allod initrc_t and unconfined domains, and sysadm_t to manage ntp - New policy for openstack swift domains - More access required for openshift_cron_t - Use cupsd_log_t instead of cupsd_var_log_t - rpm_script_roles should be used in rpm_run - Fix rpm_run() interface - Fix openshift_initrc_run() - Fix sssd_dontaudit_stream_connect() interface - Fix sssd_dontaudit_stream_connect() interface - Allow LDA's job to deliver mail to the mailbox - dontaudit block_suspend for mozilla_plugin_t - Allow l2tpd_t to all signal perms - Allow uuidgen to read /dev/random - Allow mozilla-plugin-config to read power_supply info - Implement cups_domain attribute for cups domains - We now need access to user terminals since we start by executing a command outside the tty - We now need access to user terminals since we start by executing a command outside the tty - svirt lxc containers want to execute userhelper apps, need these changes to allow this to happen - Add containment of openshift cron jobs - Allow system cron jobs to create tmp directories - Make userhelp_conf_t a config file - Change rpm to use rpm_script_roles - More fixes for rsync to make rsync wokring - Allow logwatch to domtrans to mdadm - Allow pacemaker to domtrans to ifconfig - Allow pacemaker to setattr on corosync.log - Add pacemaker_use_execmem for memcheck-amd64 command - Allow block_suspend capability - Allow create fifo_file in /tmp with pacemaker_tmp_t - Allow systat to getattr on fixed disk - Relabel /etc/ntp.conf to be net_conf_t - ntp_admin should create files in /etc with the correct label - Add interface to create ntp_conf_t files in /etc - Add additional labeling for quantum - Allow quantum to execute dnsmasq with transition- boinc_cliean wants also execmem as boinc projecs have - Allow sa-update to search admin home for /root/.spamassassin - Allow sa-update to search admin home for /root/.spamassassin - Allow antivirus domain to read net sysctl - Dontaudit attempts from thumb_t to connect to ssd - Dontaudit attempts by readahead to read sock_files - Dontaudit attempts by readahead to read sock_files - Create tmpfs file while running as wine as user_tmpfs_t - Dontaudit attempts by readahead to read sock_files - libmpg ships badly created librarie- Change ssh_use_pts to use macro and only inherited sshd_devpts_t - Allow confined users to read systemd_logind seat information - libmpg ships badly created libraries - Add support for strongswan.service - Add labeling for strongswan - Allow l2tpd_t to read network manager content in /run directory - Allow rsync to getattr any file in rsync_data_t - Add labeling and filename transition for .grl-podcasts- mount.glusterfs executes glusterfsd binary - Allow systemd_hostnamed_t to stream connect to systemd - Dontaudit any user doing a access check - Allow obex-data-server to request the kernel to load a module - Allow gpg-agent to manage gnome content (~/.cache/gpg-agent-info) - Allow gpg-agent to read /proc/sys/crypto/fips_enabled - Add new types for antivirus.pp policy module - Allow gnomesystemmm_t caps because of ioprio_set - Make sure if mozilla_plugin creates files while in permissive mode, they get created with the correct label, user_home_t - Allow gnomesystemmm_t caps because of ioprio_set - Allow NM rawip socket - files_relabel_non_security_files can not be used with boolean - Add interface to thumb_t dbus_chat to allow it to read remote process state - ALlow logrotate to domtrans to mdadm_t - kde gnomeclock wants to write content to /tmp- kde gnomeclock wants to write content to /tmp - /usr/libexec/kde4/kcmdatetimehelper attempts to create /root/.kde - Allow blueman_t to rwx zero_device_t, for some kind of jre - Allow mozilla_plugin_t to rwx zero_device_t, for some kind of jre - Ftp full access should be allowed to create directories as well as files - Add boolean to allow rsync_full_acces, so that an rsync server can write all - over the local machine - logrotate needs to rotate logs in openshift directories, needs back port to RHEL6 - Add missing vpnc_roles type line - Allow stapserver to write content in /tmp - Allow gnome keyring to create keyrings dir in ~/.local/share - Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on - Add interface to colord_t dbus_chat to allow it to read remote process state - Allow colord_t to read cupsd_t state - Add mate-thumbnail-font as thumnailer - Allow sectoolm to sys_ptrace since it is looking at other proceses /proc data. - Allow qpidd to list /tmp. Needed by ssl - Only allow init_t to transition to rsync_t domain, not initrc_t. This should be back ported to F17, F18 - - Added systemd support for ksmtuned - Added booleans ksmtuned_use_nfs ksmtuned_use_cifs - firewalld seems to be creating mmap files which it needs to execute in /run /tmp and /dev/shm. Would like to clean this up but for now we will allow - Looks like qpidd_t needs to read /dev/random - Lots of probing avc's caused by execugting gpg from staff_t - Dontaudit senmail triggering a net_admin avc - Change thumb_role to use thumb_run, not sure why we have a thumb_role, needs back port - Logwatch does access check on mdadm binary - Add raid_access_check_mdadm() iterface- Fix systemd_manage_unit_symlinks() interface - Call systemd_manage_unit_symlinks(() which is correct interface - Add filename transition for opasswd - Switch gnomeclock_dbus_chat to systemd_dbus_chat_timedated since we have switched the name of gnomeclock - Allow sytstemd-timedated to get status of init_t - Add new systemd policies for hostnamed and rename gnomeclock_t to systemd_timedate_t - colord needs to communicate with systemd and systemd_logind, also remove duplicate rules - Switch gnomeclock_dbus_chat to systemd_dbus_chat_timedated since we have switched the name of gnomeclock - Allow gpg_t to manage all gnome files - Stop using pcscd_read_pub_files - New rules for xguest, dontaudit attempts to dbus chat - Allow firewalld to create its mmap files in tmpfs and tmp directories - Allow firewalld to create its mmap files in tmpfs and tmp directories - run unbound-chkconf as named_t, so it can read dnssec - Colord is reading xdm process state, probably reads state of any apps that sends dbus message - Allow mdadm_t to change the kernel scheduler - mythtv policy - Update mandb_admin() interface - Allow dsspam to listen on own tpc_socket - seutil_filetrans_named_content needs to be optional - Allow sysadm_t to execute content in his homedir - Add attach_queue to tun_socket, new patch from Paul Moore - Change most of selinux configuration types to security_file_type. - Add filename transition rules for selinux configuration - ssh into a box with -X -Y requires ssh_use_ptys - Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on - Allow all unpriv userdomains to send dbus messages to hostnamed and timedated - New allow rules found by Tom London for systemd_hostnamed- Allow systemd-tmpfiles to relabel lpd spool files - Ad labeling for texlive bash scripts - Add xserver_filetrans_fonts_cache_home_content() interface - Remove duplicate rules from *.te - Add support for /var/lock/man-db.lock - Add support for /var/tmp/abrt(/.*)? - Add additional labeling for munin cgi scripts - Allow httpd_t to read munin conf files - Allow certwatch to read meminfo - Fix nscd_dontaudit_write_sock_file() interfac - Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t - llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling- Allow gnomeclock to talk to puppet over dbus - Allow numad access discovered by Dominic - Add support for HOME_DIR/.maildir - Fix attribute_role for mozilla_plugin_t domain to allow staff_r to access this domain - Allow udev to relabel udev_var_run_t lnk_files - New bin_t file in mcelog- Remove all mcs overrides and replace with t1 != mcs_constrained_types - Add attribute_role for iptables - mcs_process_set_categories needs to be called for type - Implement additional role_attribute statements - Sodo domain is attempting to get the additributes of proc_kcore_t - Unbound uses port 8953 - Allow svirt_t images to compromise_kernel when using pci-passthrough - Add label for dns lib files - Bluetooth aquires a dbus name - Remove redundant files_read_usr_file calling - Remove redundant files_read_etc_file calling - Fix mozilla_run_plugin() - Add role_attribute support for more domains- Mass merge with upstream- Bump the policy version to 28 to match selinux userspace - Rebuild versus latest libsepol- Add systemd_status_all_unit_files() interface - Add support for nshadow - Allow sysadm_t to administrate the postfix domains - Add interface to setattr on isid directories for use by tmpreaper - Allow sshd_t sys_admin for use with afs logins - Allow systemd to read/write all sysctls - Allow sshd_t sys_admin for use with afs logins - Allow systemd to read/write all sysctls - Add systemd_status_all_unit_files() interface - Add support for nshadow - Allow sysadm_t to administrate the postfix domains - Add interface to setattr on isid directories for use by tmpreaper - Allow sshd_t sys_admin for use with afs logins - Allow systemd to read/write all sysctls - Allow sshd_t sys_admin for use with afs logins - Add labeling for /var/named/chroot/etc/localtim- Allow setroubleshoot_fixit to execute rpm - zoneminder needs to connect to httpd ports where remote cameras are listening - Allow firewalld to execute content created in /run directory - Allow svirt_t to read generic certs - Dontaudit leaked ps content to mozilla plugin - Allow sshd_t sys_admin for use with afs logins - Allow systemd to read/write all sysctls - init scripts are creating systemd_unit_file_t directories- systemd_logind_t is looking at all files under /run/user/apache - Allow systemd to manage all user tmp files - Add labeling for /var/named/chroot/etc/localtime - Allow netlabel_peer_t type to flow over netif_t and node_t, and only be hindered by MLS, need back port to RHEL6 - Keystone is now using a differnt port - Allow xdm_t to use usbmuxd daemon to control sound - Allow passwd daemon to execute gnome_exec_keyringd - Fix chrome_sandbox policy - Add labeling for /var/run/checkquorum-timer - More fixes for the dspam domain, needs back port to RHEL6 - More fixes for the dspam domain, needs back port to RHEL6 - sssd needs to connect to kerberos password port if a user changes his password - Lots of fixes from RHEL testing of dspam web - Allow chrome and mozilla_plugin to create msgq and semaphores - Fixes for dspam cgi scripts - Fixes for dspam cgi scripts - Allow confine users to ptrace screen - Backport virt_qemu_ga_t changes from RHEL - Fix labeling for dspam.cgi needed for RHEL6 - We need to back port this policy to RHEL6, for lxc domains - Dontaudit attempts to set sys_resource of logrotate - Allow corosync to read/write wdmd's tmpfs files - I see a ptrace of mozilla_plugin_t by staff_t, will allow without deny_ptrace being set - Allow cron jobs to read bind config for unbound - libvirt needs to inhibit systemd - kdumpctl needs to delete boot_t files - Fix duplicate gnome_config_filetrans - virtd_lxc_t is using /dev/fuse - Passenger needs to create a directory in /var/log, needs a backport to RHEL6 for openshift - apcupsd can be setup to listen to snmp trafic - Allow transition from kdumpgui to kdumpctl - Add fixes for munin CGI scripts - Allow deltacloud to connect to openstack at the keystone port - Allow domains that transition to svirt domains to be able to signal them - Fix file context of gstreamer in .cache directory - libvirt is communicating with logind - NetworkManager writes to the systemd inhibit pipe- Allow munin disk plugins to get attributes of all directories - Allow munin disk plugins to get attributes of all directorie - Allow logwatch to get attributes of all directories - Fix networkmanager_manage_lib() interface - Fix gnome_manage_config() to allow to manage sock_file - Fix virtual_domain_context - Add support for dynamic DNS for DHCPv6- Allow svirt to use netlink_route_socket which was a part of auth_use_nsswitch - Add additional labeling for /var/www/openshift/broker - Fix rhev policy - Allow openshift_initrc domain to dbus chat with systemd_logind - Allow httpd to getattr passenger log file if run_stickshift - Allow consolehelper-gtk to connect to xserver - Add labeling for the tmp-inst directory defined in pam_namespace.conf - Add lvm_metadata_t labeling for /etc/multipath- consoletype is no longer used- Add label for efivarfs - Allow certmonger to send signal to itself - Allow plugin-config to read own process status - Add more fixes for pacemaker - apache/drupal can run clamscan on uploaded content - Allow chrome_sandbox_nacl_t to read pid 1 content- Fix MCS Constraints to control ingres and egres controls on the network. - Change name of svirt_nokvm_t to svirt_tcg_t - Allow tuned to request the kernel to load kernel modules- Label /var/lib/pgsql/.ssh as ssh_home_t - Add labeling for /usr/bin/pg_ctl - Allow systemd-logind to manage keyring user tmp dirs - Add support for 7389/tcp port - gems seems to be placed in lots of places - Since xdm is running a full session, it seems to be trying to execute lots of executables via dbus - Add back tcp/8123 port as http_cache port - Add ovirt-guest-agent\.pid labeling - Allow xend to run scsi_id - Allow rhsmcertd-worker to read "physical_package_id" - Allow pki_tomcat to connect to ldap port - Allow lpr to read /usr/share/fonts - Allow open file from CD/DVD drive on domU - Allow munin services plugins to talk to SSSD - Allow all samba domains to create samba directory in var_t directories - Take away svirt_t ability to use nsswitch - Dontaudit attempts by openshift to read apache logs - Allow apache to create as well as append _ra_content_t - Dontaudit sendmail_t reading a leaked file descriptor - Add interface to have admin transition /etc/prelink.cache to the proper label - Add sntp support to ntp policy - Allow firewalld to dbus chat with devicekit_power - Allow tuned to call lsblk - Allow tor to read /proc/sys/kernel/random/uuid - Add tor_can_network_relay boolean- Add openshift_initrc_signal() interface - Fix typos - dspam port is treat as spamd_port_t - Allow setroubleshoot to getattr on all executables - Allow tuned to execute profiles scripts in /etc/tuned - Allow apache to create directories to store its log files - Allow all directories/files in /var/log starting with passenger to be labeled passenger_log_t - Looks like apache is sending sinal to openshift_initrc_t now,needs back port to RHEL6 - Allow Postfix to be configured to listen on TCP port 10026 for email from DSPAM - Add filename transition for /etc/tuned/active_profile - Allow condor_master to send mails - Allow condor_master to read submit.cf - Allow condor_master to create /tmp files/dirs - Allow condor_mater to send sigkill to other condor domains - Allow condor_procd sigkill capability - tuned-adm wants to talk with tuned daemon - Allow kadmind and krb5kdc to also list sssd_public_t - Allow accountsd to dbus chat with init - Fix git_read_generic_system_content_files() interface - pppd wants sys_nice by nmcli because of "syscall=sched_setscheduler" - Fix mozilla_plugin_can_network_connect to allow to connect to all ports - Label all munin plugins which are not covered by munin plugins policy as unconfined_munin_plugin_exec_t - dspam wants to search /var/spool for opendkim data - Revert "Add support for tcp/10026 port as dspam_port_t" - Turning on labeled networking requires additional access for netlabel_peer_t; these allow rules need to be back ported to RHEL6 - Allow all application domains to use fifo_files passed in from userdomains, also allow them to write to tmp_files inherited from userdomain - Allow systemd_tmpfiles_t to setattr on mandb_cache_t- consolekit.pp was not removed from the postinstall script- Add back consolekit policy - Silence bootloader trying to use inherited tty - Silence xdm_dbusd_t trying to execute telepathy apps - Fix shutdown avcs when machine has unconfined.pp disabled - The host and a virtual machine can share the same printer on a usb device - Change oddjob to transition to a ranged openshift_initr_exec_t when run from oddjob - Allow abrt_watch_log_t to execute bin_t - Allow chrome sandbox to write content in ~/.config/chromium - Dontaudit setattr on fontconfig dir for thumb_t - Allow lircd to request the kernel to load module - Make rsync as userdom_home_manager - Allow rsync to search automount filesystem - Add fixes for pacemaker- Add support for 4567/tcp port - Random fixes from Tuomo Soini - xdm wants to get init status - Allow programs to run in fips_mode - Add interface to allow the reading of all blk device nodes - Allow init to relabel rpcbind sock_file - Fix labeling for lastlog and faillog related to logrotate - ALlow aeolus_configserver to use TRAM port - Add fixes for aeolus_configserver - Allow snmpd to connect to snmp port - Allow spamd_update to create spamd_var_lib_t directories - Allow domains that can read sssd_public_t files to also list the directory - Remove miscfiles_read_localization, this is defined for all domains- Allow syslogd to request the kernel to load a module - Allow syslogd_t to read the network state information - Allow xdm_dbusd_t connect to the system DBUS - Add support for 7389/tcp port - Allow domains to read/write all inherited sockets - Allow staff_t to read kmsg - Add awstats_purge_apache_log boolean - Allow ksysguardproces to read /.config/Trolltech.conf - Allow passenger to create and append puppet log files - Add puppet_append_log and puppet_create_log interfaces - Add puppet_manage_log() interface - Allow tomcat domain to search tomcat_var_lib_t - Allow pki_tomcat_t to connect to pki_ca ports - Allow pegasus_t to have net_admin capability - Allow pegasus_t to write /sys/class/net//flags - Allow mailserver_delivery to manage mail_home_rw_t lnk_files - Allow fetchmail to create log files - Allow gnomeclock to manage home config in .kde - Allow bittlebee to read kernel sysctls - Allow logrotate to list /root- Fix userhelper_console_role_template() - Allow enabling Network Access Point service using blueman - Make vmware_host_t as unconfined domain - Allow authenticate users in webaccess via squid, using mysql as backend - Allow gathers to get various metrics on mounted file systems - Allow firewalld to read /etc/hosts - Fix cron_admin_role() to make sysadm cronjobs running in the sysadm_t instead of cronjob_t - Allow kdumpgui to read/write to zipl.conf - Commands needed to get mock to build from staff_t in enforcing mode - Allow mdadm_t to manage cgroup files - Allow all daemons and systemprocesses to use inherited initrc_tmp_t files - dontaudit ifconfig_t looking at fifo_files that are leaked to it - Add lableing for Quest Authentication System- Fix filetrans interface definitions - Dontaudit xdm_t to getattr on BOINC lib files - Add systemd_reload_all_services() interface - Dontaudit write access on /var/lib/net-snmp/mib_indexes - Only stop mcsuntrustedproc from relableing files - Allow accountsd to dbus chat with gdm - Allow realmd to getattr on all fs - Allow logrotate to reload all services - Add systemd unit file for radiusd - Allow winbind to create samba pid dir - Add labeling for /var/nmbd/unexpected - Allow chrome and mozilla plugin to connect to msnp ports- Fix storage_rw_inherited_fixed_disk_dev() to cover also blk_file - Dontaudit setfiles reading /dev/random - On initial boot gnomeclock is going to need to be set buy gdm - Fix tftp_read_content() interface - Random apps looking at kernel file systems - Testing virt with lxc requiers additional access for virsh_t - New allow rules requied for latest libvirt, libvirt talks directly to journald,lxc setup tool needs compromize_kernel,and we need ipc_lock in the container - Allow MPD to read /dev/radnom - Allow sandbox_web_type to read logind files which needs to read pulseaudio - Allow mozilla plugins to read /dev/hpet - Add labeling for /var/lib/zarafa-webap - Allow BOINC client to use an HTTP proxy for all connections - Allow rhsmertd to domain transition to dmidecod - Allow setroubleshootd to send D-Bus msg to ABRT- Define usbtty_device_t as a term_tty - Allow svnserve to accept a connection - Allow xend manage default virt_image_t type - Allow prelink_cron_system_t to overide user componant when executing cp - Add labeling for z-push - Gnomeclock sets the realtime clock - Openshift seems to be storing apache logs in /var/lib/openshift/.log/httpd - Allow lxc domains to use /dev/random and /dev/urandom- Add port defintion for tcp/9000 - Fix labeling for /usr/share/cluster/checkquorum to label also checkquorum.wdmd - Add rules and labeling for $HOME/cache/\.gstreamer-.* directory - Add support for CIM provider openlmi-networking which uses NetworkManager dbus API - Allow shorewall_t to create netlink_socket - Allow krb5admind to block suspend - Fix labels on /var/run/dlm_controld /var/log/dlm_controld - Allow krb5kdc to block suspend - gnomessytemmm_t needs to read /etc/passwd - Allow cgred to read all sysctls- Allow all domains to read /proc/sys/vm/overcommit_memory - Make proc_numa_t an MLS Trusted Object - Add /proc/numactl support for confined users - Allow ssh_t to connect to any port > 1023 - Add openvswitch domain - Pulseaudio tries to create directories in gnome_home_t directories - New ypbind pkg wants to search /var/run which is caused by sd_notify - Allow NM to read certs on NFS/CIFS using use_nfs_*, use_samba_* booleans - Allow sanlock to read /dev/random - Treat php-fpm with httpd_t - Allow domains that can read named_conf_t to be able to list the directories - Allow winbind to create sock files in /var/run/samba- Add smsd policy - Add support for OpenShift sbin labelin - Add boolean to allow virt to use rawip - Allow mozilla_plugin to read all file systems with noxattrs support - Allow kerberos to write on anon_inodefs fs - Additional access required by fenced - Add filename transitions for passwd.lock/group.lock - UPdate man pages - Create coolkey directory in /var/cache with the correct label- Fix label on /etc/group.lock - Allow gnomeclock to create lnk_file in /etc - label /root/.pki as a home_cert_t - Add interface to make sure rpcbind.sock is created with the correct label - Add definition for new directory /var/lib/os-probe and bootloader wants to read udev rules - opendkim should be a part of milter - Allow libvirt to set the kernel sched algorythm - Allow mongod to read sysfs_t - Add authconfig policy - Remove calls to miscfiles_read_localization all domains get this - Allow virsh_t to read /root/.pki/ content - Add label for log directory under /var/www/stickshift- Allow getty to setattr on usb ttys - Allow sshd to search all directories for sshd_home_t content - Allow staff domains to send dbus messages to kdumpgui - Fix labels on /etc/.pwd.lock and friends to be passwd_file_t - Dontaudit setfiles reading urand - Add files_dontaudit_list_tmp() for domains to which we added sys_nice/setsched - Allow staff_gkeyringd_t to read /home/$USER/.local/share/keyrings dir - Allow systemd-timedated to read /dev/urandom - Allow entropyd_t to read proc_t (meminfo) - Add unconfined munin plugin - Fix networkmanager_read_conf() interface - Allow blueman to list /tmp which is needed by sys_nic/setsched - Fix label of /etc/mail/aliasesdb-stamp - numad is searching cgroups - realmd is communicating with networkmanager using dbus - Lots of fixes to try to get kdump to work- Allow loging programs to dbus chat with realmd - Make apache_content_template calling as optional - realmd is using policy kit- Add new selinuxuser_use_ssh_chroot boolean - dbus needs to be able to read/write inherited fixed disk device_t passed through it - Cleanup netutils process allow rule - Dontaudit leaked fifo files from openshift to ping - sanlock needs to read mnt_t lnk files - Fail2ban needs to setsched and sys_nice- Change default label of all files in /var/run/rpcbind - Allow sandbox domains (java) to read hugetlbfs_t - Allow awstats cgi content to create tmp files and read apache log files - Allow setuid/setgid for cupsd-config - Allow setsched/sys_nice pro cupsd-config - Fix /etc/localtime sym link to be labeled locale_t - Allow sshd to search postgresql db t since this is a homedir - Allow xwindows users to chat with realmd - Allow unconfined domains to configure all files and null_device_t service- Adopt pki-selinux policy- pki is leaking which we dontaudit until a pki code fix - Allow setcap for arping - Update man pages - Add labeling for /usr/sbin/mcollectived - pki fixes - Allow smokeping to execute fping in the netutils_t domain- Allow mount to relabelfrom unlabeled file systems - systemd_logind wants to send and receive messages from devicekit disk over dbus to make connected mouse working - Add label to get bin files under libreoffice labeled correctly - Fix interface to allow executing of base_ro_file_type - Add fixes for realmd - Update pki policy - Add tftp_homedir boolean - Allow blueman sched_setscheduler - openshift user domains wants to r/w ssh tcp sockets- Additional requirements for disable unconfined module when booting - Fix label of systemd script files - semanage can use -F /dev/stdin to get input - syslog now uses kerberos keytabs - Allow xserver to compromise_kernel access - Allow nfsd to write to mount_var_run_t when running the mount command - Add filename transition rule for bin_t directories - Allow files to read usr_t lnk_files - dhcpc wants chown - Add support for new openshift labeling - Clean up for tunable+optional statements - Add labeling for /usr/sbin/mkhomedir_helper - Allow antivirus domain to managa amavis spool files - Allow rpcbind_t to read passwd - Allow pyzor running as spamc to manage amavis spool- Add interfaces to read kernel_t proc info - Missed this version of exec_all - Allow anyone who can load a kernel module to compromise kernel - Add oddjob_dbus_chat to openshift apache policy - Allow chrome_sandbox_nacl_t to send signals to itself - Add unit file support to usbmuxd_t - Allow all openshift domains to read sysfs info - Allow openshift domains to getattr on all domains- MLS fixes from Dan - Fix name of capability2 secure_firmware->compromise_kerne- Allow xdm to search all file systems - Add interface to allow the config of all files - Add rngd policy - Remove kgpg as a gpg_exec_t type - Allow plymouthd to block suspend - Allow systemd_dbus to config any file - Allow system_dbus_t to configure all services - Allow freshclam_t to read usr_files - varnishd requires execmem to load modules- Allow semanage to verify types - Allow sudo domain to execute user home files - Allow session_bus_type to transition to user_tmpfs_t - Add dontaudit caused by yum updates - Implement pki policy but not activated- tuned wants to getattr on all filesystems - tuned needs also setsched. The build is needed for test day- Add policy for qemu-qa - Allow razor to write own config files - Add an initial antivirus policy to collect all antivirus program - Allow qdisk to read usr_t - Add additional caps for vmware_host - Allow tmpfiles_t to setattr on mandb_cache_t - Dontaudit leaked files into mozilla_plugin_config_t - Allow wdmd to getattr on tmpfs - Allow realmd to use /dev/random - allow containers to send audit messages - Allow root mount any file via loop device with enforcing mls policy - Allow tmpfiles_t to setattr on mandb_cache_t - Allow tmpfiles_t to setattr on mandb_cache_t - Make userdom_dontaudit_write_all_ not allow open - Allow init scripts to read all unit files - Add support for saphostctrl ports- Add kernel_read_system_state to sandbox_client_t - Add some of the missing access to kdumpgui - Allow systemd_dbusd_t to status the init system - Allow vmnet-natd to request the kernel to load a module - Allow gsf-office-thum to append .cache/gdm/session.log - realmd wants to read .config/dconf/user - Firewalld wants sys_nice/setsched - Allow tmpreaper to delete mandb cache files - Firewalld wants sys_nice/setsched - Allow firewalld to perform a DNS name resolution - Allown winbind to read /usr/share/samba/codepages/lowcase.dat - Add support for HTTPProxy* in /etc/freshclam.conf - Fix authlogin_yubike boolean - Extend smbd_selinux man page to include samba booleans - Allow dhcpc to execute consoletype - Allow ping to use inherited tmp files created in init scripts - On full relabel with unconfined domain disabled, initrc was running some chcon's - Allow people who delete man pages to delete mandb cache files- Add missing permissive domains- Add new mandb policy - ALlow systemd-tmpfiles_t to relabel mandb_cache_t - Allow logrotate to start all unit files- Add fixes for ctbd - Allow nmbd to stream connect to ctbd - Make cglear_t as nsswitch_domain - Fix bogus in interfaces - Allow openshift to read/write postfix public pipe - Add postfix_manage_spool_maildrop_files() interface - stickshift paths have been renamed to openshift - gnome-settings-daemon wants to write to /run/systemd/inhibit/ pipes - Update man pages, adding ENTRYPOINTS- Add mei_device_t - Make sure gpg content in homedir created with correct label - Allow dmesg to write to abrt cache files - automount wants to search virtual memory sysctls - Add support for hplip logs stored in /var/log/hp/tmp - Add labeling for /etc/owncloud/config.php - Allow setroubleshoot to send analysys to syslogd-journal - Allow virsh_t to interact with new fenced daemon - Allow gpg to write to /etc/mail/spamassassiin directories - Make dovecot_deliver_t a mail server delivery type - Add label for /var/tmp/DNS25- Fixes for tomcat_domain template interface- Remove init_systemd and init_upstart boolean, Move init_daemon_domain and init_system_domain to use attributes - Add attribute to all base os types. Allow all domains to read all ro base OS types- Additional unit files to be defined as power unit files - Fix more boolean names- Fix boolean name so subs will continue to work- dbus needs to start getty unit files - Add interface to allow system_dbusd_t to start the poweroff service - xdm wants to exec telepathy apps - Allow users to send messages to systemdlogind - Additional rules needed for systemd and other boot apps - systemd wants to list /home and /boot - Allow gkeyringd to write dbus/conf file - realmd needs to read /dev/urand - Allow readahead to delete /.readahead if labeled root_t, might get created before policy is loaded- Fixes to safe more rules - Re-write tomcat_domain_template() - Fix passenger labeling - Allow all domains to read man pages - Add ephemeral_port_t to the 'generic' port interfaces - Fix the names of postgresql booleans- Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer - Move netlable_peer check out of booleans - Remove call to recvfrom_netlabel for kerberos call - Remove use of attributes when calling syslog call - Move -miscfiles_read_localization to domain.te to save hundreds of allow rules - Allow all domains to read locale files. This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface - Allow rndc to block suspend - tuned needs to modify the schedule of the kernel - Allow svirt_t domains to read alsa configuration files - ighten security on irc domains and make sure they label content in homedir correctly - Add filetrans_home_content for irc files - Dontaudit all getattr access for devices and filesystems for sandbox domains - Allow stapserver to search cgroups directories - Allow all postfix domains to talk to spamd- Add interfaces to ignore setattr until kernel fixes this to be checked after the DAC check - Change pam_t to pam_timestamp_t - Add dovecot_domain attribute and allow this attribute block_suspend capability2 - Add sanlock_use_fusefs boolean - numad wants send/recieve msg - Allow rhnsd to send syslog msgs - Make piranha-pulse as initrc domain - Update openshift instances to dontaudit setattr until the kernel is fixed.- Fix auth_login_pgm_domain() interface to allow domains also managed user tmp dirs because of #856880 related to pam_systemd - Remove pam_selinux.8 which conflicts with man page owned by the pam package - Allow glance-api to talk to mysql - ABRT wants to read Xorg.0.log if if it detects problem with Xorg - Fix gstreamer filename trans. interface- Man page fixes by Dan Walsh- Allow postalias to read postfix config files - Allow man2html to read man pages - Allow rhev-agentd to search all mountpoints - Allow rhsmcertd to read /dev/random - Add tgtd_stream_connect() interface - Add cyrus_write_data() interface - Dontaudit attempts by sandboxX clients connectiing to the xserver_port_t - Add port definition for tcp/81 as http_port_t - Fix /dev/twa labeling - Allow systemd to read modules config- Merge openshift policy - Allow xauth to read /dev/urandom - systemd needs to relabel content in /run/systemd directories - Files unconfined should be able to perform all services on all files - Puppet tmp file can be leaked to all domains - Dontaudit rhsmcertd-worker to search /root/.local - Allow chown capability for zarafa domains - Allow system cronjobs to runcon into openshift domains - Allow virt_bridgehelper_t to manage content in the svirt_home_t labeled directories- nmbd wants to create /var/nmbd - Stop transitioning out of anaconda and firstboot, just causes AVC messages - Allow clamscan to read /etc files - Allow bcfg2 to bind cyphesis port - heartbeat should be run as rgmanager_t instead of corosync_t - Add labeling for /etc/openldap/certs - Add labeling for /opt/sartest directory - Make crontab_t as userdom home reader - Allow tmpreaper to list admin_home dir - Add defition for imap_0 replay cache file - Add support for gitolite3 - Allow virsh_t to send syslog messages - allow domains that can read samba content to be able to list the directories also - Add realmd_dbus_chat to allow all apps that use nsswitch to talk to realmd - Separate out sandbox from sandboxX policy so we can disable it by default - Run dmeventd as lvm_t - Mounting on any directory requires setattr and write permissions - Fix use_nfs_home_dirs() boolean - New labels for pam_krb5 - Allow init and initrc domains to sys_ptrace since this is needed to look at processes not owned by uid 0 - Add realmd_dbus_chat to allow all apps that use nsswitch to talk to realmd- Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs - Allow domains that can read etc_t to read etc_runtime_t - Allow all domains to use inherited tmpfiles- Allow realmd to read resolv.conf - Add pegasus_cache_t type - Label /usr/sbin/fence_virtd as virsh_exec_t - Add policy for pkcsslotd - Add support for cpglockd - Allow polkit-agent-helper to read system-auth-ac - telepathy-idle wants to read gschemas.compiled - Allow plymouthd to getattr on fs_t - Add slpd policy - Allow ksysguardproces to read/write config_usr_t- Fix labeling substitution so rpm will label /lib/systemd content correctly- Add file name transitions for ttyACM0 - spice-vdagent(d)'s are going to log over to syslog - Add sensord policy - Add more fixes for passenger policy related to puppet - Allow wdmd to create wdmd_tmpfs_t - Fix labeling for /var/run/cachefilesd\.pid - Add thumb_tmpfs_t files type- Allow svirt domains to manage the network since this is containerized - Allow svirt_lxc_net_t to send audit messages- Make "snmpwalk -mREDHAT-CLUSTER-MIB ...." working - Allow dlm_controld to execute dlm_stonith labeled as bin_t - Allow GFS2 working on F17 - Abrt needs to execute dmesg - Allow jockey to list the contents of modeprobe.d - Add policy for lightsquid as squid_cron_t - Mailscanner is creating files and directories in /tmp - dmesg is now reading /dev/kmsg - Allow xserver to communicate with secure_firmware - Allow fsadm tools (fsck) to read /run/mount contnet - Allow sysadm types to read /dev/kmsg -- Allow postfix, sssd, rpcd to block_suspend - udev seems to need secure_firmware capability - Allow virtd to send dbus messages to firewalld so it can configure the firewall- Fix labeling of content in /run created by virsh_t - Allow condor domains to read kernel sysctls - Allow condor_master to connect to amqp - Allow thumb drives to create shared memory and semaphores - Allow abrt to read mozilla_plugin config files - Add labels for lightsquid - Default files in /opt and /usr that end in .cgi as httpd_sys_script_t, allow - dovecot_auth_t uses ldap for user auth - Allow domains that can read dhcp_etc_t to read lnk_files - Add more then one watchdog device - Allow useradd_t to manage etc_t files so it can rename it and edit them - Fix invalid class dir should be fifo_file - Move /run/blkid to fsadm and make sure labeling is correct- Fix bogus regex found by eparis - Fix manage run interface since lvm needs more access - syslogd is searching cgroups directory - Fixes to allow virt-sandbox-service to manage lxc var run content- Fix Boolean settings - Add new libjavascriptcoregtk as textrel_shlib_t - Allow xdm_t to create xdm_home_t directories - Additional access required for systemd - Dontaudit mozilla_plugin attempts to ipc_lock - Allow tmpreaper to delete unlabeled files - Eliminate screen_tmp_t and allow it to manage user_tmp_t - Dontaudit mozilla_plugin_config_t to append to leaked file descriptors - Allow web plugins to connect to the asterisk ports - Condor will recreate the lock directory if it does not exist - Oddjob mkhomedir needs to connectto user processes - Make oddjob_mkhomedir_t a userdom home manager- Put placeholder back in place for proper numbering of capabilities - Systemd also configures init scripts- Fix ecryptfs interfaces - Bootloader seems to be trolling around /dev/shm and /dev - init wants to create /etc/systemd/system-update.target.wants - Fix systemd_filetrans call to move it out of tunable - Fix up policy to work with systemd userspace manager - Add secure_firmware capability and remove bogus epolwakeup - Call seutil_*_login_config interfaces where should be needed - Allow rhsmcertd to send signal to itself - Allow thin domains to send signal to itself - Allow Chrome_ChildIO to read dosfs_t- Add role rules for realmd, sambagui- Add new type selinux_login_config_t for /etc/selinux//logins/ - Additional fixes for seutil_manage_module_store() - dbus_system_domain() should be used with optional_policy - Fix svirt to be allowed to use fusefs file system - Allow login programs to read /run/ data created by systemd_login - sssd wants to write /etc/selinux//logins/ for SELinux PAM module - Fix svirt to be allowed to use fusefs file system - Allow piranha domain to use nsswitch - Sanlock needs to send Kill Signals to non root processes - Pulseaudio wants to execute /run/user/PID/.orc- Fix saslauthd when it tries to read /etc/shadow - Label gnome-boxes as a virt homedir - Need to allow svirt_t ability to getattr on nfs_t file systems - Update sanlock policy to solve all AVC's - Change confined users can optionally manage virt content - Handle new directories under ~/.cache - Add block suspend to appropriate domains - More rules required for containers - Allow login programs to read /run/ data created by systemd_logind - Allow staff users to run svirt_t processes- Update to upstream- More fixes for systemd to make rawhide booting from Dan Walsh- Add systemd fixes to make rawhide booting- Add systemd_logind_inhibit_var_run_t attribute - Remove corenet_all_recvfrom_unlabeled() for non-contrib policies because we moved it to domain.if for all domain_type - Add interface for mysqld to dontaudit signull to all processes - Label new /var/run/journal directory correctly - Allow users to inhibit suspend via systemd - Add new type for the /var/run/inhibit directory - Add interface to send signull to systemd_login so avahi can send them - Allow systemd_passwd to send syslog messages - Remove corenet_all_recvfrom_unlabeled() calling fro policy files - Allow editparams.cgi running as httpd_bugzilla_script_t to read /etc/group - Allow smbd to read cluster config - Add additional labeling for passenger - Allow dbus to inhibit suspend via systemd - Allow avahi to send signull to systemd_login- Add interface to dontaudit getattr access on sysctls - Allow sshd to execute /bin/login - Looks like xdm is recreating the xdm directory in ~/.cache/ on login - Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald - Fix semanage to work with unconfined domain disabled on F18 - Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls - Virt seems to be using lock files - Dovecot seems to be searching directories of every mountpoint - Allow jockey to read random/urandom, execute shell and install third-party drivers - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write - Add a bunch of dontaudit rules to quiet svirt_lxc domains - Additional perms needed to run svirt_lxc domains - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Allow procmail to manage /home/user/Maildir content - Allow NM to execute wpa_cli - Allow amavis to read clamd system state - Regenerate man pages- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Add realmd and stapserver policies - Allow useradd to manage stap-server lib files - Tighten up capabilities for confined users - Label /etc/security/opasswd as shadow_t - Add label for /dev/ecryptfs - Allow condor_startd_t to start sshd with the ranged - Allow lpstat.cups to read fips_enabled file - Allow pyzor running as spamc_t to create /root/.pyzor directory - Add labelinf for amavisd-snmp init script - Add support for amavisd-snmp - Allow fprintd sigkill self - Allow xend (w/o libvirt) to start virtual machines - Allow aiccu to read /etc/passwd - Allow condor_startd to Make specified domain MCS trusted for setting any category set for the processes it executes - Add condor_startd_ranged_domtrans_to() interface - Add ssd_conf_t for /etc/sssd - accountsd needs to fchown some files/directories - Add ICACLient and zibrauserdata as mozilla_filetrans_home_content - SELinux reports afs_t needs dac_override to read /etc/mtab, even though everything works, adding dontaudit - Allow xend_t to read the /etc/passwd file- Until we figure out how to fix systemd issues, allow all apps that send syslog messages to send them to kernel_t - Add init_access_check() interface - Fix label on /usr/bin/pingus to not be labeled as ping_exec_t - Allow tcpdump to create a netlink_socket - Label newusers like useradd - Change xdm log files to be labeled xdm_log_t - Allow sshd_t with privsep to work in MLS - Allow freshclam to update databases thru HTTP proxy - Allow s-m-config to access check on systemd - Allow abrt to read public files by default - Fix amavis_create_pid_files() interface - Add labeling and filename transition for dbomatic.log - Allow system_dbusd_t to stream connect to bluetooth, and use its socket - Allow amavisd to execute fsav - Allow tuned to use sys_admin and sys_nice capabilities - Add php-fpm policy from Bryan - Add labeling for aeolus-configserver-thinwrapper - Allow thin domains to execute shell - Fix gnome_role_gkeyringd() interface description - Lot of interface fixes - Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files - Allow OpenMPI job to use kerberos - Make deltacloudd_t as nsswitch_domain - Allow xend_t to run lsscsi - Allow qemu-dm running as xend_t to create tun_socket - Add labeling for /opt/brother/Printers(.*/)?inf - Allow jockey-backend to read pyconfig-64.h labeled as usr_t - Fix clamscan_can_scan_system boolean - Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11- initrc is calling exportfs which is not confined so it attempts to read nfsd_files - Fixes for passenger running within openshift. - Add labeling for all tomcat6 dirs - Add support for tomcat6 - Allow cobblerd to read /etc/passwd - Allow jockey to read sysfs and and execute binaries with bin_t - Allow thum to use user terminals - Allow cgclear to read cgconfig config files - Fix bcf2g.fc - Remove sysnet_dns_name_resolve() from policies where auth_use_nsswitch() is used for other domains - Allow dbomatic to execute ruby - abrt_watch_log should be abrt_domain - Allow mozilla_plugin to connect to gatekeeper port- add ptrace_child access to process - remove files_read_etc_files() calling from all policies which have auth_use_nsswith() - Allow boinc domains to manage boinc_lib_t lnk_files - Add support for boinc-client.service unit file - Add support for boinc.log - Allow mozilla_plugin execmod on mozilla home files if allow_ex - Allow dovecot_deliver_t to read dovecot_var_run_t - Allow ldconfig and insmod to manage kdumpctl tmp files - Move thin policy out from cloudform.pp and add a new thin poli - pacemaker needs to communicate with corosync streams - abrt is now started on demand by dbus - Allow certmonger to talk directly to Dogtag servers - Change labeling for /var/lib/cobbler/webui_sessions to httpd_c - Allow mozila_plugin to execute gstreamer home files - Allow useradd to delete all file types stored in the users hom - rhsmcertd reads the rpm database - Add support for lightdm- Add tomcat policy - Remove pyzor/razor policy - rhsmcertd reads the rpm database - Dontaudit thumb to setattr on xdm_tmp dir - Allow wicd to execute ldconfig in the networkmanager_t domain - Add /var/run/cherokee\.pid labeling - Allow mozilla_plugin to create mozilla_plugin_tmp_t lnk files too - Allow postfix-master to r/w pipes other postfix domains - Allow snort to create netlink_socket - Add kdumpctl policy - Allow firstboot to create tmp_t files/directories - /usr/bin/paster should not be labeled as piranha_exec_t - remove initrc_domain from tomcat - Allow ddclient to read /etc/passwd - Allow useradd to delete all file types stored in the users homedir - Allow ldconfig and insmod to manage kdumpctl tmp files - Firstboot should be just creating tmp_t dirs and xauth should be allowed to write to those - Transition xauth files within firstboot_tmp_t - Fix labeling of /run/media to match /media - Label all lxdm.log as xserver_log_t - Add port definition for mxi port - Allow local_login_t to execute tmux- apcupsd needs to read /etc/passwd - Sanlock allso sends sigkill - Allow glance_registry to connect to the mysqld port - Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl - Allow firefox plugins/flash to connect to port 1234 - Allow mozilla plugins to delete user_tmp_t files - Add transition name rule for printers.conf.O - Allow virt_lxc_t to read urand - Allow systemd_loigind to list gstreamer_home_dirs - Fix labeling for /usr/bin - Fixes for cloudform services * support FIPS - Allow polipo to work as web caching - Allow chfn to execute tmux- Add support for ecryptfs * ecryptfs does not support xattr * we need labeling for HOMEDIR - Add policy for (u)mount.ecryptfs* - Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage host cache - Allow dovecot to manage Maildir content, fix transitions to Maildir - Allow postfix_local to transition to dovecot_deliver - Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code - Cleanup interface definitions - Allow apmd to change with the logind daemon - Changes required for sanlock in rhel6 - Label /run/user/apache as httpd_tmp_t - Allow thumb to use lib_t as execmod if boolean turned on - Allow squid to create the squid directory in /var with the correct labe - Add a new policy for glusterd from Bryan Bickford (bbickfor@redhat.com) - Allow virtd to exec xend_exec_t without transition - Allow virtd_lxc_t to unmount all file systems- PolicyKit path has changed - Allow httpd connect to dirsrv socket - Allow tuned to write generic kernel sysctls - Dontaudit logwatch to gettr on /dev/dm-2 - Allow policykit-auth to manage kerberos files - Make condor_startd and rgmanager as initrc domain - Allow virsh to read /etc/passwd - Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs - xdm now needs to execute xsession_exec_t - Need labels for /var/lib/gdm - Fix files_filetrans_named_content() interface - Add new attribute - initrc_domain - Allow systemd_logind_t to signal, signull, sigkill all processes - Add filetrans rules for etc_runtime files- Rename boolean names to remove allow_- Mass merge with upstream * new policy topology to include contrib policy modules * we have now two base policy patches- Fix description of authlogin_nsswitch_use_ldap - Fix transition rule for rhsmcertd_t needed for RHEL7 - Allow useradd to list nfs state data - Allow openvpn to manage its log file and directory - We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly - Allow thumb to use nvidia devices - Allow local_login to create user_tmp_t files for kerberos - Pulseaudio needs to read systemd_login /var/run content - virt should only transition named system_conf_t config files - Allow munin to execute its plugins - Allow nagios system plugin to read /etc/passwd - Allow plugin to connect to soundd port - Fix httpd_passwd to be able to ask passwords - Radius servers can use ldap for backing store - Seems to need to mount on /var/lib for xguest polyinstatiation to work. - Allow systemd_logind to list the contents of gnome keyring - VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL - Add policy for isns-utils- Add policy for subversion daemon - Allow boinc to read passwd - Allow pads to read kernel network state - Fix man2html interface for sepolgen-ifgen - Remove extra /usr/lib/systemd/system/smb - Remove all /lib/systemd and replace with /usr/lib/systemd - Add policy for man2html - Fix the label of kerberos_home_t to krb5_home_t - Allow mozilla plugins to use Citrix - Allow tuned to read /proc/sys/kernel/nmi_watchdog - Allow tune /sys options via systemd's tmpfiles.d "w" type- Dontaudit lpr_t to read/write leaked mozilla tmp files - Add file name transition for .grl-podcasts directory - Allow corosync to read user tmp files - Allow fenced to create snmp lib dirs/files - More fixes for sge policy - Allow mozilla_plugin_t to execute any application - Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain - Allow mongod to read system state information - Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t - Allow polipo to manage polipo_cache dirs - Add jabbar_client port to mozilla_plugin_t - Cleanup procmail policy - system bus will pass around open file descriptors on files that do not have labels on them - Allow l2tpd_t to read system state - Allow tuned to run ls /dev - Allow sudo domains to read usr_t files - Add label to machine-id - Fix corecmd_read_bin_symlinks cut and paste error- Fix pulseaudio port definition - Add labeling for condor_starter - Allow chfn_t to creat user_tmp_files - Allow chfn_t to execute bin_t - Allow prelink_cron_system_t to getpw calls - Allow sudo domains to manage kerberos rcache files - Allow user_mail_domains to work with courie - Port definitions necessary for running jboss apps within openshift - Add support for openstack-nova-metadata-api - Add support for nova-console* - Add support for openstack-nova-xvpvncproxy - Fixes to make privsep+SELinux working if we try to use chage to change passwd - Fix auth_role() interface - Allow numad to read sysfs - Allow matahari-rpcd to execute shell - Add label for ~/.spicec - xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it - Devicekit_disk wants to read the logind sessions file when writing a cd - Add fixes for condor to make condor jobs working correctly - Change label of /var/log/rpmpkgs to cron_log_t - Access requires to allow systemd-tmpfiles --create to work. - Fix obex to be a user application started by the session bus. - Add additional filename trans rules for kerberos - Fix /var/run/heartbeat labeling - Allow apps that are managing rcache to file trans correctly - Allow openvpn to authenticate against ldap server - Containers need to listen to network starting and stopping events- Make systemd unit files less specific- Fix zarafa labeling - Allow guest_t to fix labeling - corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean - add lxc_contexts - Allow accountsd to read /proc - Allow restorecond to getattr on all file sytems - tmpwatch now calls getpw - Allow apache daemon to transition to pwauth domain - Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t - The obex socket seems to be a stream socket - dd label for /var/run/nologin- Allow jetty running as httpd_t to read hugetlbfs files - Allow sys_nice and setsched for rhsmcertd - Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports - Allow setfiles to append to xdm_tmp_t - Add labeling for /export as a usr_t directory - Add labels for .grl files created by gstreamer- Add labeling for /usr/share/jetty/bin/jetty.sh - Add jetty policy which contains file type definitios - Allow jockey to use its own fifo_file and make this the default for all domains - Allow mozilla_plugins to use spice (vnc_port/couchdb) - asterisk wants to read the network state - Blueman now uses /var/lib/blueman- Add label for nodejs_debug - Allow mozilla_plugin_t to create ~/.pki directory and content- Add clamscan_can_scan_system boolean - Allow mysqld to read kernel network state - Allow sshd to read/write condor lib files - Allow sshd to read/write condor-startd tcp socket - Fix description on httpd_graceful_shutdown - Allow glance_registry to communicate with mysql - dbus_system_domain is using systemd to lauch applications - add interfaces to allow domains to send kill signals to user mail agents - Remove unnessary access for svirt_lxc domains, add privs for virtd_lxc_t - Lots of new access required for secure containers - Corosync needs sys_admin capability - ALlow colord to create shm - .orc should be allowed to be created by any app that can create gstream home content, thumb_t to be specific - Add boolean to control whether or not mozilla plugins can create random content in the users homedir - Add new interface to allow domains to list msyql_db directories, needed for libra - shutdown has to be allowed to delete etc_runtime_t - Fail2ban needs to read /etc/passwd - Allow ldconfig to create /var/cache/ldconfig - Allow tgtd to read hardware state information - Allow collectd to create packet socket - Allow chronyd to send signal to itself - Allow collectd to read /dev/random - Allow collectd to send signal to itself - firewalld needs to execute restorecon - Allow restorecon and other login domains to execute restorecon- Allow logrotate to getattr on systemd unit files - Add support for tor systemd unit file - Allow apmd to create /var/run/pm-utils with the correct label - Allow l2tpd to send sigkill to pppd - Allow pppd to stream connect to l2tpd - Add label for scripts in /etc/gdm/ - Allow systemd_logind_t to ignore mcs constraints on sigkill - Fix files_filetrans_system_conf_named_files() interface - Add labels for /usr/share/wordpress/wp-includes/*.php - Allow cobbler to get SELinux mode and booleans- Add unconfined_execmem_exec_t as an alias to bin_t - Allow fenced to read snmp var lib files, also allow it to read usr_t - ontaudit access checks on all executables from mozilla_plugin - Allow all user domains to setexec, so that sshd will work properly if it call setexec(NULL) while running withing a user mode - Allow systemd_tmpfiles_t to getattr all pipes and sockets - Allow glance-registry to send system log messages - semanage needs to manage mock lib files/dirs- Add policy for abrt-watch-log - Add definitions for jboss_messaging ports - Allow systemd_tmpfiles to manage printer devices - Allow oddjob to use nsswitch - Fix labeling of log files for postgresql - Allow mozilla_plugin_t to execmem and execstack by default - Allow firewalld to execute shell - Fix /etc/wicd content files to get created with the correct label - Allow mcelog to exec shell - Add ~/.orc as a gstreamer_home_t - /var/spool/postfix/lib64 should be labeled lib_t - mpreaper should be able to list all file system labeled directories - Add support for apache to use openstack - Add labeling for /etc/zipl.conf and zipl binary - Turn on allow_execstack and turn off telepathy transition for final release- More access required for virt_qmf_t - Additional assess required for systemd-logind to support multi-seat - Allow mozilla_plugin to setrlimit - Revert changes to fuse file system to stop deadlock- Allow condor domains to connect to ephemeral ports - More fixes for condor policy - Allow keystone to stream connect to mysqld - Allow mozilla_plugin_t to read generic USB device to support GPS devices - Allow thum to file name transition gstreamer home content - Allow thum to read all non security files - Allow glance_api_t to connect to ephemeral ports - Allow nagios plugins to read /dev/urandom - Allow syslogd to search postfix spool to support postfix chroot env - Fix labeling for /var/spool/postfix/dev - Allow wdmd chown - Label .esd_auth as pulseaudio_home_t - Have no idea why keyring tries to write to /run/user/dwalsh/dconf/user, but we can dontaudit for now- Add support for clamd+systemd - Allow fresclam to execute systemctl to handle clamd - Change labeling for /usr/sbin/rpc.ypasswd.env - Allow yppaswd_t to execute yppaswd_exec_t - Allow yppaswd_t to read /etc/passwd - Gnomekeyring socket has been moved to /run/user/USER/ - Allow samba-net to connect to ldap port - Allow signal for vhostmd - allow mozilla_plugin_t to read user_home_t socket - New access required for secure Linux Containers - zfs now supports xattrs - Allow quantum to execute sudo and list sysfs - Allow init to dbus chat with the firewalld - Allow zebra to read /etc/passwd- Allow svirt_t to create content in the users homedir under ~/.libvirt - Fix label on /var/lib/heartbeat - Allow systemd_logind_t to send kill signals to all processes started by a user - Fuse now supports Xattr Support- upowered needs to setsched on the kernel - Allow mpd_t to manage log files - Allow xdm_t to create /var/run/systemd/multi-session-x - Add rules for missedfont.log to be used by thumb.fc - Additional access required for virt_qmf_t - Allow dhclient to dbus chat with the firewalld - Add label for lvmetad - Allow systemd_logind_t to remove userdomain sock_files - Allow cups to execute usr_t files - Fix labeling on nvidia shared libraries - wdmd_t needs access to sssd and /etc/passwd - Add boolean to allow ftp servers to run in passive mode - Allow namepspace_init_t to relabelto/from a different user system_u from the user the namespace_init running with - Fix using httpd_use_fusefs - Allow chrome_sandbox_nacl to write inherited user tmp files as we allow it for chrome_sandbox- Rename rdate port to time port, and allow gnomeclock to connect to it - We no longer need to transition to ldconfig from rpm, rpm_script, or anaconda - /etc/auto.* should be labeled bin_t - Add httpd_use_fusefs boolean - Add fixes for heartbeat - Allow sshd_t to signal processes that it transitions to - Add condor policy - Allow svirt to create monitors in ~/.libvirt - Allow dovecot to domtrans sendmail to handle sieve scripts - Lot of fixes for cfengine- /var/run/postmaster.* labeling is no longer needed - Alllow drbdadmin to read /dev/urandom - l2tpd_t seems to use ptmx - group+ and passwd+ should be labeled as /etc/passwd - Zarafa-indexer is a socket- Ensure lastlog is labeled correctly - Allow accountsd to read /proc data about gdm - Add fixes for tuned - Add bcfg2 fixes which were discovered during RHEL6 testing - More fixes for gnome-keyring socket being moved - Run semanage as a unconfined domain, and allow initrc_t to create tmpfs_t sym links on shutdown - Fix description for files_dontaudit_read_security_files() interface- Add new policy and man page for bcfg2 - cgconfig needs to use getpw calls - Allow domains that communicate with the keyring to use cache_home_t instead of gkeyringd_tmpt - gnome-keyring wants to create a directory in cache_home_t - sanlock calls getpw- Add numad policy and numad man page - Add fixes for interface bugs discovered by SEWatch - Add /tmp support for squid - Add fix for #799102 * change default labeling for /var/run/slapd.* sockets - Make thumb_t as userdom_home_reader - label /var/lib/sss/mc same as pubconf, so getpw domains can read it - Allow smbspool running as cups_t to stream connect to nmbd - accounts needs to be able to execute passwd on behalf of users - Allow systemd_tmpfiles_t to delete boot flags - Allow dnssec_trigger to connect to apache ports - Allow gnome keyring to create sock_files in ~/.cache - google_authenticator is using .google_authenticator - sandbox running from within firefox is exposing more leaks - Dontaudit thumb to read/write /dev/card0 - Dontaudit getattr on init_exec_t for gnomeclock_t - Allow certmonger to do a transition to certmonger_unconfined_t - Allow dhcpc setsched which is caused by nmcli - Add rpm_exec_t for /usr/sbin/bcfg2 - system cronjobs are sending dbus messages to systemd_logind - Thumnailers read /dev/urand- Allow auditctl getcap - Allow vdagent to use libsystemd-login - Allow abrt-dump-oops to search /etc/abrt - Got these avc's while trying to print a boarding pass from firefox - Devicekit is now putting the media directory under /run/media - Allow thumbnailers to create content in ~/.thumbails directory - Add support for proL2TPd by Dominick Grift - Allow all domains to call getcap - wdmd seems to get a random chown capability check that it does not need - Allow vhostmd to read kernel sysctls- Allow chronyd to read unix - Allow hpfax to read /etc/passwd - Add support matahari vios-proxy-* apps and add virtd_exec_t label for them - Allow rpcd to read quota_db_t - Update to man pages to match latest policy - Fix bug in jockey interface for sepolgen-ifgen - Add initial svirt_prot_exec_t policy- More fixes for systemd from Dan Walsh- Add a new type for /etc/firewalld and allow firewalld to write to this directory - Add definition for ~/Maildir, and allow mail deliver domains to write there - Allow polipo to run from a cron job - Allow rtkit to schedule wine processes - Allow mozilla_plugin_t to acquire a bug, and allow it to transition gnome content in the home dir to the proper label - Allow users domains to send signals to consolehelper domains- More fixes for boinc policy - Allow polipo domain to create its own cache dir and pid file - Add systemctl support to httpd domain - Add systemctl support to polipo, allow NetworkManager to manage the service - Add policy for jockey-backend - Add support for motion daemon which is now covered by zoneminder policy - Allow colord to read/write motion tmpfs - Allow vnstat to search through var_lib_t directories - Stop transitioning to quota_t, from init an sysadm_t- Add svirt_lxc_file_t as a customizable type- Add additional fixes for icmp nagios plugin - Allow cron jobs to open fifo_files from cron, since service script opens /dev/stdin - Add certmonger_unconfined_exec_t - Make sure tap22 device is created with the correct label - Allow staff users to read systemd unit files - Merge in previously built policy - Arpwatch needs to be able to start netlink sockets in order to start - Allow cgred_t to sys_ptrace to look at other DAC Processes- Back port some of the access that was allowed in nsplugin_t - Add definitiona for couchdb ports - Allow nagios to use inherited users ttys - Add git support for mock - Allow inetd to use rdate port - Add own type for rdate port - Allow samba to act as a portmapper - Dontaudit chrome_sandbox attempts to getattr on chr_files in /dev - New fixes needed for samba4 - Allow apps that use lib_t to read lib_t symlinks- Add policy for nove-cert - Add labeling for nova-openstack systemd unit files - Add policy for keystoke- Fix man pages fro domains - Add man pages for SELinux users and roles - Add storage_dev_filetrans_named_fixed_disk() and use it for smartmon - Add policy for matahari-rpcd - nfsd executes mount command on restart - Matahari domains execute renice and setsched - Dontaudit leaked tty in mozilla_plugin_config - mailman is changing to a per instance naming - Add 7600 and 4447 as jboss_management ports - Add fixes for nagios event handlers - Label httpd.event as httpd_exec_t, it is an apache daemon- Add labeling for /var/spool/postfix/dev/log - NM reads sysctl.conf - Iscsi log file context specification fix - Allow mozilla plugins to send dbus messages to user domains that transition to it - Allow mysql to read the passwd file - Allow mozilla_plugin_t to create mozilla home dirs in user homedir - Allow deltacloud to read kernel sysctl - Allow postgresql_t to connectto itselfAllow postgresql_t to connectto itself - Allow postgresql_t to connectto itself - Add login_userdomain attribute for users which can log in using terminal- Allow sysadm_u to reach system_r by default #784011 - Allow nagios plugins to use inherited user terminals - Razor labeling is not used no longer - Add systemd support for matahari - Add port_types to man page, move booleans to the top, fix some english - Add support for matahari-sysconfig-console - Clean up matahari.fc - Fix matahari_admin() interfac - Add labels for/etc/ssh/ssh_host_*.pub keys- Allow ksysguardproces to send system log msgs - Allow boinc setpgid and signull - Allow xdm_t to sys_ptrace to run pidof command - Allow smtpd_t to manage spool files/directories and symbolic links - Add labeling for jetty - Needed changes to get unbound/dnssec to work with openswan- Add user_fonts_t alias xfs_tmp_t - Since depmod now runs as insmod_t we need to write to kernel_object_t - Allow firewalld to dbus chat with networkmanager - Allow qpidd to connect to matahari ports - policykit needs to read /proc for uses not owned by it - Allow systemctl apps to connecto the init stream- Turn on deny_ptrace boolean- Remove pam_selinux.8 man page. There was a conflict.- Add proxy class and read access for gssd_proxy - Separate out the sharing public content booleans - Allow certmonger to execute a script and send signals to apache and dirsrv to reload the certificate - Add label transition for gstream-0.10 and 12 - Add booleans to allow rsync to share nfs and cifs file sytems - chrome_sandbox wants to read the /proc/PID/exe file of the program that executed it - Fix filename transitions for cups files - Allow denyhosts to read "unix" - Add file name transition for locale.conf.new - Allow boinc projects to gconf config files - sssd needs to be able to increase the socket limit under certain loads - sge_execd needs to read /etc/passwd - Allow denyhost to check network state - NetworkManager needs to read sessions data - Allow denyhost to check network state - Allow xen to search virt images directories - Add label for /dev/megaraid_sas_ioctl_node - Add autogenerated man pages- Allow boinc project to getattr on fs - Allow init to execute initrc_state_t - rhev-agent package was rename to ovirt-guest-agent - If initrc_t creates /etc/local.conf then we need to make sure it is labeled correctly - sytemd writes content to /run/initramfs and executes it on shutdown - kdump_t needs to read /etc/mtab, should be back ported to F16 - udev needs to load kernel modules in early system boot- Need to add sys_ptrace back in since reading any content in /proc can cause these accesses - Add additional systemd interfaces which are needed fro *_admin interfaces - Fix bind_admin() interface- Allow firewalld to read urand - Alias java, execmem_mono to bin_t to allow third parties - Add label for kmod - /etc/redhat-lsb contains binaries - Add boolean to allow gitosis to send mail - Add filename transition also for "event20" - Allow systemd_tmpfiles_t to delete all file types - Allow collectd to ipc_lock- make consoletype_exec optional, so we can remove consoletype policy - remove unconfined_permisive.patch - Allow openvpn_t to inherit user home content and tmp content - Fix dnssec-trigger labeling - Turn on obex policy for staff_t - Pem files should not be secret - Add lots of rules to fix AVC's when playing with containers - Fix policy for dnssec - Label ask-passwd directories correctly for systemd- sshd fixes seem to be causing unconfined domains to dyntrans to themselves - fuse file system is now being mounted in /run/user - systemd_logind is sending signals to processes that are dbus messaging with it - Add support for winshadow port and allow iscsid to connect to this port - httpd should be allowed to bind to the http_port_t udp socket - zarafa_var_lib_t can be a lnk_file - A couple of new .xsession-errors files - Seems like user space and login programs need to read logind_sessions_files - Devicekit disk seems to be being launched by systemd - Cleanup handling of setfiles so most of rules in te file - Correct port number for dnssec - logcheck has the home dir set to its cache- Add policy for grindengine MPI jobs- Add new sysadm_secadm.pp module * contains secadm definition for sysadm_t - Move user_mail_domain access out of the interface into the te file - Allow httpd_t to create httpd_var_lib_t directories as well as files - Allow snmpd to connect to the ricci_modcluster stream - Allow firewalld to read /etc/passwd - Add auth_use_nsswitch for colord - Allow smartd to read network state - smartdnotify needs to read /etc/group- Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory - lxdm startup scripts should be labeled bin_t, so confined users will work - mcstransd now creates a pid, needs back port to F16 - qpidd should be allowed to connect to the amqp port - Label devices 010-029 as usb devices - ypserv packager says ypserv does not use tmp_t so removing selinux policy types - Remove all ptrace commands that I believe are caused by the kernel/ps avcs - Add initial Obex policy - Add logging_syslogd_use_tty boolean - Add polipo_connect_all_unreserved bolean - Allow zabbix to connect to ftp port - Allow systemd-logind to be able to switch VTs - Allow apache to communicate with memcached through a sock_file- Fix file_context.subs_dist for now to work with pre usrmove- More /usr move fixes- Add zabbix_can_network boolean - Add httpd_can_connect_zabbix boolean - Prepare file context labeling for usrmove functions - Allow system cronjobs to read kernel network state - Add support for selinux_avcstat munin plugin - Treat hearbeat with corosync policy - Allow corosync to read and write to qpidd shared mem - mozilla_plugin is trying to run pulseaudio - Fixes for new sshd patch for running priv sep domains as the users context - Turn off dontaudit rules when turning on allow_ypbind - udev now reads /etc/modules.d directory- Turn on deny_ptrace boolean for the Rawhide run, so we can test this out - Cups exchanges dbus messages with init - udisk2 needs to send syslog messages - certwatch needs to read /etc/passwd- Add labeling for udisks2 - Allow fsadmin to communicate with the systemd process- Treat Bip with bitlbee policy * Bip is an IRC proxy - Add port definition for interwise port - Add support for ipa_memcached socket - systemd_jounald needs to getattr on all processes - mdadmin fixes * uses getpw - amavisd calls getpwnam() - denyhosts calls getpwall()- Setup labeling of /var/rsa and /var/lib/rsa to allow login programs to write there - bluetooth says they do not use /tmp and want to remove the type - Allow init to transition to colord - Mongod needs to read /proc/sys/vm/zone_reclaim_mode - Allow postfix_smtpd_t to connect to spamd - Add boolean to allow ftp to connect to all ports > 1023 - Allow sendmain to write to inherited dovecot tmp files - setroubleshoot needs to be able to execute rpm to see what version of packages- Merge systemd patch - systemd-tmpfiles wants to relabel /sys/devices/system/cpu/online - Allow deltacloudd dac_override, setuid, setgid caps - Allow aisexec to execute shell - Add use_nfs_home_dirs boolean for ssh-keygen- Fixes to make rawhide boot in enforcing mode with latest systemd changes- Add labeling for /var/run/systemd/journal/syslog - libvirt sends signals to ifconfig - Allow domains that read logind session files to list them- Fixed destined form libvirt-sandbox - Allow apps that list sysfs to also read sympolicy links in this filesystem - Add ubac_constrained rules for chrome_sandbox - Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra - Allow postgresql to be executed by the caller - Standardize interfaces of daemons - Add new labeling for mm-handler - Allow all matahari domains to read network state and etc_runtime_t files- New fix for seunshare, requires seunshare_domains to be able to mounton / - Allow systemctl running as logrotate_t to connect to private systemd socket - Allow tmpwatch to read meminfo - Allow rpc.svcgssd to read supported_krb5_enctype - Allow zarafa domains to read /dev/random and /dev/urandom - Allow snmpd to read dev_snmp6 - Allow procmail to talk with cyrus - Add fixes for check_disk and check_nagios plugins- default trans rules for Rawhide policy - Make sure sound_devices controlC* are labeled correctly on creation - sssd now needs sys_admin - Allow snmp to read all proc_type - Allow to setup users homedir with quota.group- Add httpd_can_connect_ldap() interface - apcupsd_t needs to use seriel ports connected to usb devices - Kde puts procmail mail directory under ~/.local/share - nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit for now - Add labeling for /sbin/iscsiuio- Add label for /var/lib/iscan/interpreter - Dont audit writes to leaked file descriptors or redirected output for nacl - NetworkManager needs to write to /sys/class/net/ib*/mode- Allow abrt to request the kernel to load a module - Make sure mozilla content is labeled correctly - Allow tgtd to read system state - More fixes for boinc * allow to resolve dns name * re-write boinc policy to use boinc_domain attribute - Allow munin services plugins to use NSCD services- Allow mozilla_plugin_t to manage mozilla_home_t - Allow ssh derived domain to execute ssh-keygen in the ssh_keygen_t domain - Add label for tumblerd- Fixes for xguest package- Fixes related to /bin, /sbin - Allow abrt to getattr on blk files - Add type for rhev-agent log file - Fix labeling for /dev/dmfm - Dontaudit wicd leaking - Allow systemd_logind_t to look at process info of apps that exchange dbus messages with it - Label /etc/locale.conf correctly - Allow user_mail_t to read /dev/random - Allow postfix-smtpd to read MIMEDefang - Add label for /var/log/suphp.log - Allow swat_t to connect and read/write nmbd_t sock_file - Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf - Allow systemd-tmpfiles to change user identity in object contexts - More fixes for rhev_agentd_t consolehelper policy- Use fs_use_xattr for squashf - Fix procs_type interface - Dovecot has a new fifo_file /var/run/dovecot/stats-mail - Dovecot has a new fifo_file /var/run/stats-mail - Colord does not need to connect to network - Allow system_cronjob to dbus chat with NetworkManager - Puppet manages content, want to make sure it labels everything correctly- Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it - Allow all postfix domains to use the fifo_file - Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t - Allow apmd_t to read grub.cfg - Let firewallgui read the selinux config - Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp - Fix devicekit_manage_pid_files() interface - Allow squid to check the network state - Dontaudit colord getattr on file systems - Allow ping domains to read zabbix_tmp_t files- Allow mcelog_t to create dir and file in /var/run and label it correctly - Allow dbus to manage fusefs - Mount needs to read process state when mounting gluster file systems - Allow collectd-web to read collectd lib files - Allow daemons and system processes started by init to read/write the unix_stream_socket passed in from as stdin/stdout/stderr - Allow colord to get the attributes of tmpfs filesystem - Add sanlock_use_nfs and sanlock_use_samba booleans - Add bin_t label for /usr/lib/virtualbox/VBoxManage- Add ssh_dontaudit_search_home_dir - Changes to allow namespace_init_t to work - Add interface to allow exec of mongod, add port definition for mongod port, 27017 - Label .kde/share/apps/networkmanagement/certificates/ as home_cert_t - Allow spamd and clamd to steam connect to each other - Add policy label for passwd.OLD - More fixes for postfix and postfix maildro - Add ftp support for mozilla plugins - Useradd now needs to manage policy since it calls libsemanage - Fix devicekit_manage_log_files() interface - Allow colord to execute ifconfig - Allow accountsd to read /sys - Allow mysqld-safe to execute shell - Allow openct to stream connect to pcscd - Add label for /var/run/nm-dns-dnsmasq\.conf - Allow networkmanager to chat with virtd_t- Pulseaudio changes - Merge patches- Merge patches back into git repository.- Remove allow_execmem boolean and replace with deny_execmem boolean- Turn back on allow_execmem boolean- Add more MCS fixes to make sandbox working - Make faillog MLS trusted to make sudo_$1_t working - Allow sandbox_web_client_t to read passwd_file_t - Add .mailrc file context - Remove execheap from openoffice domain - Allow chrome_sandbox_nacl_t to read cpu_info - Allow virtd to relabel generic usb which is need if USB device - Fixes for virt.if interfaces to consider chr_file as image file type- Remove Open Office policy - Remove execmem policy- MCS fixes - quota fixes- Remove transitions to consoletype- Make nvidia* to be labeled correctly - Fix abrt_manage_cache() interface - Make filetrans rules optional so base policy will build - Dontaudit chkpwd_t access to inherited TTYS - Make sure postfix content gets created with the correct label - Allow gnomeclock to read cgroup - Fixes for cloudform policy- Check in fixed for Chrome nacl support- Begin removing qemu_t domain, we really no longer need this domain. - systemd_passwd needs dac_overide to communicate with users TTY's - Allow svirt_lxc domains to send kill signals within their container- Remove qemu.pp again without causing a crash- Remove qemu.pp, everything should use svirt_t or stay in its current domain- Allow policykit to talk to the systemd via dbus - Move chrome_sandbox_nacl_t to permissive domains - Additional rules for chrome_sandbox_nacl- Change bootstrap name to nacl - Chrome still needs execmem - Missing role for chrome_sandbox_bootstrap - Add boolean to remove execmem and execstack from virtual machines - Dontaudit xdm_t doing an access_check on etc_t directories- Allow named to connect to dirsrv by default - add ldapmap1_0 as a krb5_host_rcache_t file - Google chrome developers asked me to add bootstrap policy for nacl stuff - Allow rhev_agentd_t to getattr on mountpoints - Postfix_smtpd_t needs access to milters and cleanup seems to read/write postfix_smtpd_t unix_stream_sockets- Fixes for cloudform policies which need to connect to random ports - Make sure if an admin creates modules content it creates them with the correct label - Add port 8953 as a dns port used by unbound - Fix file name transition for alsa and confined users- Turn on mock_t and thumb_t for unconfined domains- Policy update should not modify local contexts- Remove ada policy- Remove tzdata policy - Add labeling for udev - Add cloudform policy - Fixes for bootloader policy- Add policies for nova openstack- Add fixes for nova-stack policy- Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain - Allow init process to setrlimit on itself - Take away transition rules for users executing ssh-keygen - Allow setroubleshoot_fixit_t to read /dev/urand - Allow sshd to relbale tunnel sockets - Allow fail2ban domtrans to shorewall in the same way as with iptables - Add support for lnk files in the /var/lib/sssd directory - Allow system mail to connect to courier-authdaemon over an unix stream socket- Add passwd_file_t for /etc/ptmptmp- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) - Make corosync to be able to relabelto cluster lib fies - Allow samba domains to search /var/run/nmbd - Allow dirsrv to use pam - Allow thumb to call getuid - chrome less likely to get mmap_zero bug so removing dontaudit - gimp help-browser has built in javascript - Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t - Re-write glance policy- Move dontaudit sys_ptrace line from permissive.te to domain.te - Remove policy for hal, it no longer exists- Don't check md5 size or mtime on certain config files- Remove allow_ptrace and replace it with deny_ptrace, which will remove all ptrace from the system - Remove 2000 dontaudit rules between confined domains on transition and replace with single dontaudit domain domain:process { noatsecure siginh rlimitinh } ;- Fixes for bootloader policy - $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore - Allow nsplugin to read /usr/share/config - Allow sa-update to update rules - Add use_fusefs_home_dirs for chroot ssh option - Fixes for grub2 - Update systemd_exec_systemctl() interface - Allow gpg to read the mail spool - More fixes for sa-update running out of cron job - Allow ipsec_mgmt_t to read hardware state information - Allow pptp_t to connect to unreserved_port_t - Dontaudit getattr on initctl in /dev from chfn - Dontaudit getattr on kernel_core from chfn - Add systemd_list_unit_dirs to systemd_exec_systemctl call - Fixes for collectd policy - CHange sysadm_t to create content as user_tmp_t under /tmp- Shrink size of policy through use of attributes for userdomain and apache- Allow virsh to read xenstored pid file - Backport corenetwork fixes from upstream - Do not audit attempts by thumb to search config_home_t dirs (~/.config) - label ~/.cache/telepathy/logger telepathy_logger_cache_home_t - allow thumb to read generic data home files (mime.type)- Allow nmbd to manage sock file in /var/run/nmbd - ricci_modservice send syslog msgs - Stop transitioning from unconfined_t to ldconfig_t, but make sure /etc/ld.so.cache is labeled correctly - Allow systemd_logind_t to manage /run/USER/dconf/user- Fix missing patch from F16- Allow logrotate setuid and setgid since logrotate is supposed to do it - Fixes for thumb policy by grift - Add new nfsd ports - Added fix to allow confined apps to execmod on chrome - Add labeling for additional vdsm directories - Allow Exim and Dovecot SASL - Add label for /var/run/nmbd - Add fixes to make virsh and xen working together - Colord executes ls - /var/spool/cron is now labeled as user_cron_spool_t- Stop complaining about leaked file descriptors during install- Remove java and mono module and merge into execmem- Fixes for thumb policy and passwd_file_t- Fixes caused by the labeling of /etc/passwd - Add thumb.patch to transition unconfined_t to thumb_t for Rawhide- Add support for Clustered Samba commands - Allow ricci_modrpm_t to send log msgs - move permissive virt_qmf_t from virt.te to permissivedomains.te - Allow ssh_t to use kernel keyrings - Add policy for libvirt-qmf and more fixes for linux containers - Initial Polipo - Sanlock needs to run ranged in order to kill svirt processes - Allow smbcontrol to stream connect to ctdbd- Add label for /etc/passwd- Change unconfined_domains to permissive for Rawhide - Add definition for the ephemeral_ports- Make mta_role() active - Allow asterisk to connect to jabber client port - Allow procmail to read utmp - Add NIS support for systemd_logind_t - Allow systemd_logind_t to manage /run/user/$USER/dconf dir which is labeled as config_home_t - Fix systemd_manage_unit_dirs() interface - Allow ssh_t to manage directories passed into it - init needs to be able to create and delete unit file directories - Fix typo in apache_exec_sys_script - Add ability for logrotate to transition to awstat domain- Change screen to use screen_domain attribute and allow screen_domains to read all process domain state - Add SELinux support for ssh pre-auth net process in F17 - Add logging_syslogd_can_sendmail boolean- Add definition for ephemeral ports - Define user_tty_device_t as a customizable_type- Needs to require a new version of checkpolicy - Interface fixes- Allow sanlock to manage virt lib files - Add virt_use_sanlock booelan - ksmtuned is trying to resolve uids - Make sure .gvfs is labeled user_home_t in the users home directory - Sanlock sends kill signals and needs the kill capability - Allow mockbuild to work on nfs homedirs - Fix kerberos_manage_host_rcache() interface - Allow exim to read system state- Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files - We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t- Allow collectd to read hardware state information - Add loop_control_device_t - Allow mdadm to request kernel to load module - Allow domains that start other domains via systemctl to search unit dir - systemd_tmpfiles, needs to list any file systems mounted on /tmp - No one can explain why radius is listing the contents of /tmp, so we will dontaudit - If I can manage etc_runtime files, I should be able to read the links - Dontaudit hostname writing to mock library chr_files - Have gdm_t setup labeling correctly in users home dir - Label content unde /var/run/user/NAME/dconf as config_home_t - Allow sa-update to execute shell - Make ssh-keygen working with fips_enabled - Make mock work for staff_t user - Tighten security on mock_t- removing unconfined_notrans_t no longer necessary - Clean up handling of secure_mode_insmod and secure_mode_policyload - Remove unconfined_mount_t- Add exim_exec_t label for /usr/sbin/exim_tidydb - Call init_dontaudit_rw_stream_socket() interface in mta policy - sssd need to search /var/cache/krb5rcache directory - Allow corosync to relabel own tmp files - Allow zarafa domains to send system log messages - Allow ssh to do tunneling - Allow initrc scripts to sendto init_t unix_stream_socket - Changes to make sure dmsmasq and virt directories are labeled correctly - Changes needed to allow sysadm_t to manage systemd unit files - init is passing file descriptors to dbus and on to system daemons - Allow sulogin additional access Reported by dgrift and Jeremy Miller - Steve Grubb believes that wireshark does not need this access - Fix /var/run/initramfs to stop restorecon from looking at - pki needs another port - Add more labels for cluster scripts - Allow apps that manage cgroup_files to manage cgroup link files - Fix label on nfs-utils scripts directories - Allow gatherd to read /dev/rand and /dev/urand- pki needs another port - Add more labels for cluster scripts - Fix label on nfs-utils scripts directories - Fixes for cluster - Allow gatherd to read /dev/rand and /dev/urand - abrt leaks fifo files- Add glance policy - Allow mdadm setsched - /var/run/initramfs should not be relabeled with a restorecon run - memcache can be setup to override sys_resource - Allow httpd_t to read tetex data - Allow systemd_tmpfiles to delete kernel modules left in /tmp directory.- Allow Postfix to deliver to Dovecot LMTP socket - Ignore bogus sys_module for lldpad - Allow chrony and gpsd to send dgrams, gpsd needs to write to the real time clock - systemd_logind_t sets the attributes on usb devices - Allow hddtemp_t to read etc_t files - Add permissivedomains module - Move all permissive domains calls to permissivedomain.te - Allow pegasis to send kill signals to other UIDs- Allow insmod_t to use fds leaked from devicekit - dontaudit getattr between insmod_t and init_t unix_stream_sockets - Change sysctl unit file interfaces to use systemctl - Add support for chronyd unit file - Allow mozilla_plugin to read gnome_usr_config - Add policy for new gpsd - Allow cups to create kerberos rhost cache files - Add authlogin_filetrans_named_content, to unconfined_t to make sure shadow and other log files get labeled correctly- Make users_extra and seusers.final into config(noreplace) so semanage users and login does not get overwritten- Add policy for sa-update being run out of cron jobs - Add create perms to postgresql_manage_db - ntpd using a gps has to be able to read/write generic tty_device_t - If you disable unconfined and unconfineduser, rpm needs more privs to manage /dev - fix spec file - Remove qemu_domtrans_unconfined() interface - Make passenger working together with puppet - Add init_dontaudit_rw_stream_socket interface - Fixes for wordpress- Turn on allow_domain_fd_use boolean on F16 - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Add abrt_handle_event_t domain for ABRT event scripts - Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change - Allow httpd_git_script_t to read passwd data - Allow openvpn to set its process priority when the nice parameter is used- livecd fixes - spec file fixes- fetchmail can use kerberos - ksmtuned reads in shell programs - gnome_systemctl_t reads the process state of ntp - dnsmasq_t asks the kernel to load multiple kernel modules - Add rules for domains executing systemctl - Bogus text within fc file- Add cfengine policy- Add abrt_domain attribute - Allow corosync to manage cluster lib files - Allow corosync to connect to the system DBUS- Add sblim, uuidd policies - Allow kernel_t dyntrasition to init_t- init_t need setexec - More fixes of rules which cause an explosion in rules by Dan Walsh- Allow rcsmcertd to perform DNS name resolution - Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts - Allow tmux to run as screen - New policy for collectd - Allow gkeyring_t to interact with all user apps - Add rules to allow firstboot to run on machines with the unconfined.pp module removed- Allow systemd_logind to send dbus messages with users - allow accountsd to read wtmp file - Allow dhcpd to get and set capabilities- Fix oracledb_port definition - Allow mount to mounton the selinux file system - Allow users to list /var directories- systemd fixes- Add initial policy for abrt_dump_oops_t - xtables-multi wants to getattr of the proc fs - Smoltclient is connecting to abrt - Dontaudit leaked file descriptors to postdrop - Allow abrt_dump_oops to look at kernel sysctls - Abrt_dump_oops_t reads kernel ring buffer - Allow mysqld to request the kernel to load modules - systemd-login needs fowner - Allow postfix_cleanup_t to searh maildrop- Initial systemd_logind policy - Add policy for systemd_logger and additional proivs for systemd_logind - More fixes for systemd policies- Allow setsched for virsh - Systemd needs to impersonate cups, which means it needs to create tcp_sockets in cups_t domain, as well as manage spool directories - iptables: the various /sbin/ip6?tables.* are now symlinks for /sbin/xtables-multi- A lot of users are running yum -y update while in /root which is causing ldconfig to list the contents, adding dontaudit - Allow colord to interact with the users through the tmpfs file system - Since we changed the label on deferred, we need to allow postfix_qmgr_t to be able to create maildrop_t files - Add label for /var/log/mcelog - Allow asterisk to read /dev/random if it uses TLS - Allow colord to read ini files which are labeled as bin_t - Allow dirsrvadmin sys_resource and setrlimit to use ulimit - Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first. - Also lists /var and /var/spool directories - Add openl2tpd to l2tpd policy - qpidd is reading the sysfs file- Change usbmuxd_t to dontaudit attempts to read chr_file - Add mysld_safe_exec_t for libra domains to be able to start private mysql domains - Allow pppd to search /var/lock dir - Add rhsmcertd policy- Update to upstream- More fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git- Fix spec file to not report Verify errors- Add dspam policy - Add lldpad policy - dovecot auth wants to search statfs #713555 - Allow systemd passwd apps to read init fifo_file - Allow prelink to use inherited terminals - Run cherokee in the httpd_t domain - Allow mcs constraints on node connections - Implement pyicqt policy - Fixes for zarafa policy - Allow cobblerd to send syslog messages- Add policy.26 to the payload - Remove olpc stuff - Remove policygentool- Fixes for zabbix - init script needs to be able to manage sanlock_var_run_... - Allow sandlock and wdmd to create /var/run directories... - mixclip.so has been compiled correctly - Fix passenger policy module name- Add mailscanner policy from dgrift - Allow chrome to optionally be transitioned to - Zabbix needs these rules when starting the zabbix_server_mysql - Implement a type for freedesktop openicc standard (~/.local/share/icc) - Allow system_dbusd_t to read inherited icc_data_home_t files. - Allow colord_t to read icc_data_home_t content. #706975 - Label stuff under /usr/lib/debug as if it was labeled under /- Fixes for sanlock policy - Fixes for colord policy - Other fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Add rhev policy module to modules-targeted.conf- Lot of fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Allow logrotate to execute systemctl - Allow nsplugin_t to getattr on gpmctl - Fix dev_getattr_all_chr_files() interface - Allow shorewall to use inherited terms - Allow userhelper to getattr all chr_file devices - sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t - Fix labeling for ABRT Retrace Server- Dontaudit sys_module for ifconfig - Make telepathy and gkeyringd daemon working with confined users - colord wants to read files in users homedir - Remote login should be creating user_tmp_t not its own tmp files- Fix label for /usr/share/munin/plugins/munin_* plugins - Add support for zarafa-indexer - Fix boolean description - Allow colord to getattr on /proc/scsi/scsi - Add label for /lib/upstart/init - Colord needs to list /mnt- Forard port changes from F15 for telepathy - NetworkManager should be allowed to use /dev/rfkill - Fix dontaudit messages to say Domain to not audit - Allow telepathy domains to read/write gnome_cache files - Allow telepathy domains to call getpw - Fixes for colord and vnstatd policy- Allow init_t getcap and setcap - Allow namespace_init_t to use nsswitch - aisexec will execute corosync - colord tries to read files off noxattr file systems - Allow init_t getcap and setcap- Add support for ABRT retrace server - Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners - Allow telepath_msn_t to read /proc/PARENT/cmdline - ftpd needs kill capability - Allow telepath_msn_t to connect to sip port - keyring daemon does not work on nfs homedirs - Allow $1_sudo_t to read default SELinux context - Add label for tgtd sock file in /var/run/ - Add apache_exec_rotatelogs interface - allow all zaraha domains to signal themselves, server writes to /tmp - Allow syslog to read the process state - Add label for /usr/lib/chromium-browser/chrome - Remove the telepathy transition from unconfined_t - Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts - Allow initrc_t domain to manage abrt pid files - Add support for AEOLUS project - Virt_admin should be allowed to manage images and processes - Allow plymountd to send signals to init - Change labeling of fping6- Add filename transitions- Fixes for zarafa policy - Add support for AEOLUS project - Change labeling of fping6 - Allow plymountd to send signals to init - Allow initrc_t domain to manage abrt pid files - Virt_admin should be allowed to manage images and processes- xdm_t needs getsession for switch user - Every app that used to exec init is now execing systemdctl - Allow squid to manage krb5_host_rcache_t files - Allow foghorn to connect to agentx port - Fixes for colord policy- Add Dan's patch to remove 64 bit variants - Allow colord to use unix_dgram_socket - Allow apps that search pids to read /var/run if it is a lnk_file - iscsid_t creates its own directory - Allow init to list var_lock_t dir - apm needs to verify user accounts auth_use_nsswitch - Add labeling for systemd unit files - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Add label for matahari-broker.pid file - We want to remove untrustedmcsprocess from ability to read /proc/pid - Fixes for matahari policy - Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir - Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on- Fix typo- Add /var/run/lock /var/lock definition to file_contexts.subs - nslcd_t is looking for kerberos cc files - SSH_USE_STRONG_RNG is 1 which requires /dev/random - Fix auth_rw_faillog definition - Allow sysadm_t to set attributes on fixed disks - allow user domains to execute lsof and look at application sockets - prelink_cron job calls telinit -u if init is rewritten - Fixes to run qemu_t from staff_t- Fix label for /var/run/udev to udev_var_run_t - Mock needs to be able to read network state- Add file_contexts.subs to handle /run and /run/lock - Add other fixes relating to /run changes from F15 policy- Allow $1_sudo_t and $1_su_t open access to user terminals - Allow initrc_t to use generic terminals - Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs -systemd is going to be useing /run and /run/lock for early bootup files. - Fix some comments in rlogin.if - Add policy for KDE backlighthelper - sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems - sssd wants to read .k5login file in users homedir - setroubleshoot reads executables to see if they have TEXTREL - Add /var/spool/audit support for new version of audit - Remove kerberos_connect_524() interface calling - Combine kerberos_master_port_t and kerberos_port_t - systemd has setup /dev/kmsg as stderr for apps it executes - Need these access so that init can impersonate sockets on unix_dgram_socket- Remove some unconfined domains - Remove permissive domains - Add policy-term.patch from Dan- Fix multiple specification for boot.log - devicekit leaks file descriptors to setfiles_t - Change all all_nodes to generic_node and all_if to generic_if - Should not use deprecated interface - Switch from using all_nodes to generic_node and from all_if to generic_if - Add support for xfce4-notifyd - Fix file context to show several labels as SystemHigh - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs - Add etc_runtime_t label for /etc/securetty - Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly - login.krb needs to be able to write user_tmp_t - dirsrv needs to bind to port 7390 for dogtag - Fix a bug in gpg policy - gpg sends audit messages - Allow qpid to manage matahari files- Initial policy for matahari - Add dev_read_watchdog - Allow clamd to connect clamd port - Add support for kcmdatetimehelper - Allow shutdown to setrlimit and sys_nice - Allow systemd_passwd to talk to /dev/log before udev or syslog is running - Purge chr_file and blk files on /tmp - Fixes for pads - Fixes for piranha-pulse - gpg_t needs to be able to encyprt anything owned by the user- mozilla_plugin_tmp_t needs to be treated as user tmp files - More dontaudits of writes from readahead - Dontaudit readahead_t file_type:dir write, to cover up kernel bug - systemd_tmpfiles needs to relabel faillog directory as well as the file - Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost- Add policykit fixes from Tim Waugh - dontaudit sandbox domains sandbox_file_t:dir mounton - Add new dontaudit rules for sysadm_dbusd_t - Change label for /var/run/faillock * other fixes which relate with this change- Update to upstream - Fixes for telepathy - Add port defition for ssdp port - add policy for /bin/systemd-notify from Dan - Mount command requires users read mount_var_run_t - colord needs to read konject_uevent_socket - User domains connect to the gkeyring socket - Add colord policy and allow user_t and staff_t to dbus chat with it - Add lvm_exec_t label for kpartx - Dontaudit reading the mail_spool_t link from sandbox -X - systemd is creating sockets in avahi_var_run and system_dbusd_var_run- gpg_t needs to talk to gnome-keyring - nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd - enforce MCS labeling on nodes - Allow arpwatch to read meminfo - Allow gnomeclock to send itself signals - init relabels /dev/.udev files on boot - gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t - nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t - dnsmasq can run as a dbus service, needs acquire service - mysql_admin should be allowed to connect to mysql service - virt creates monitor sockets in the users home dir- Allow usbhid-ups to read hardware state information - systemd-tmpfiles has moved - Allo cgroup to sys_tty_config - For some reason prelink is attempting to read gconf settings - Add allow_daemons_use_tcp_wrapper boolean - Add label for ~/.cache/wocky to make telepathy work in enforcing mode - Add label for char devices /dev/dasd* - Fix for apache_role - Allow amavis to talk to nslcd - allow all sandbox to read selinux poilcy config files - Allow cluster domains to use the system bus and send each other dbus messages- Update to upstream- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to ref policy - cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability- New labeling for postfmulti #675654 - dontaudit xdm_t listing noxattr file systems - dovecot-auth needs to be able to connect to mysqld via the network as well as locally - shutdown is passed stdout to a xdm_log_t file - smartd creates a fixed disk device - dovecot_etc_t contains a lnk_file that domains need to read - mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot- syslog_t needs syslog capability - dirsrv needs to be able to create /var/lib/snmp - Fix labeling for dirsrv - Fix for dirsrv policy missing manage_dirs_pattern - corosync needs to delete clvm_tmpfs_t files - qdiskd needs to list hugetlbfs - Move setsched to sandbox_x_domain, so firefox can run without network access - Allow hddtemp to read removable devices - Adding syslog and read_policy permissions to policy * syslog Allow unconfined, sysadm_t, secadm_t, logadm_t * read_policy allow unconfined, sysadm_t, secadm_t, staff_t on Targeted allow sysadm_t (optionally), secadm_t on MLS - mdadm application will write into /sys/.../uevent whenever arrays are assembled or disassembled.- Add tcsd policy- ricci_modclusterd_t needs to bind to rpc ports 500-1023 - Allow dbus to use setrlimit to increase resoueces - Mozilla_plugin is leaking to sandbox - Allow confined users to connect to lircd over unix domain stream socket which allow to use remote control - Allow awstats to read squid logs - seunshare needs to manage tmp_t - apcupsd cgi scripts have a new directory- Fix xserver_dontaudit_read_xdm_pid - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t - Allow readahead to manage readahead pid dirs - Allow readahead to read all mcs levels - Allow mozilla_plugin_t to use nfs or samba homedirs- Allow nagios plugin to read /proc/meminfo - Fix for mozilla_plugin - Allow samba_net_t to create /etc/keytab - pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t - nslcd can read user credentials - Allow nsplugin to delete mozilla_plugin_tmpfs_t - abrt tries to create dir in rpm_var_lib_t - virt relabels fifo_files - sshd needs to manage content in fusefs homedir - mock manages link files in cache dir- nslcd needs setsched and to read /usr/tmp - Invalid call in likewise policy ends up creating a bogus role - Cannon puts content into /var/lib/bjlib that cups needs to be able to write - Allow screen to create screen_home_t in /root - dirsrv sends syslog messages - pinentry reads stuff in .kde directory - Add labels for .kde directory in homedir - Treat irpinit, iprupdate, iprdump services with raid policy- NetworkManager wants to read consolekit_var_run_t - Allow readahead to create /dev/.systemd/readahead - Remove permissive domains - Allow newrole to run namespace_init- Add sepgsql_contexts file- Update to upstream- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on - Add puppetmaster_use_db boolean - Fixes for zarafa policy - Fixes for gnomeclock poliy - Fix systemd-tmpfiles to use auth_use_nsswitch- gnomeclock executes a shell - Update for screen policy to handle pipe in homedir - Fixes for polyinstatiated homedir - Fixes for namespace policy and other fixes related to polyinstantiation - Add namespace policy - Allow dovecot-deliver transition to sendmail which is needed by sieve scripts - Fixes for init, psad policy which relate with confined users - Do not audit bootloader attempts to read devicekit pid files - Allow nagios service plugins to read /proc- Add firewalld policy - Allow vmware_host to read samba config - Kernel wants to read /proc Fix duplicate grub def in cobbler - Chrony sends mail, executes shell, uses fifo_file and reads /proc - devicekitdisk getattr all file systems - sambd daemon writes wtmp file - libvirt transitions to dmidecode- Add initial policy for system-setup-keyboard which is now daemon - Label /var/lock/subsys/shorewall as shorewall_lock_t - Allow users to communicate with the gpg_agent_t - Dontaudit mozilla_plugin_t using the inherited terminal - Allow sambagui to read files in /usr - webalizer manages squid log files - Allow unconfined domains to bind ports to raw_ip_sockets - Allow abrt to manage rpm logs when running yum - Need labels for /var/run/bittlebee - Label .ssh under amanda - Remove unused genrequires for virt_domain_template - Allow virt_domain to use fd inherited from virtd_t - Allow iptables to read shorewall config- Gnome apps list config_home_t - mpd creates lnk files in homedir - apache leaks write to mail apps on tmp files - /var/stockmaniac/templates_cache contains log files - Abrt list the connects of mount_tmp_t dirs - passwd agent reads files under /dev and reads utmp file - squid apache script connects to the squid port - fix name of plymouth log file - teamviewer is a wine app - allow dmesg to read system state - Stop labeling files under /var/lib/mock so restorecon will not go into this - nsplugin needs to read network state for google talk- Allow xdm and syslog to use /var/log/boot.log - Allow users to communicate with mozilla_plugin and kill it - Add labeling for ipv6 and dhcp- New labels for ghc http content - nsplugin_config needs to read urand, lvm now calls setfscreate to create dev - pm-suspend now creates log file for append access so we remove devicekit_wri - Change authlogin_use_sssd to authlogin_nsswitch_use_ldap - Fixes for greylist_milter policy- Update to upstream - Fixes for systemd policy - Fixes for passenger policy - Allow staff users to run mysqld in the staff_t domain, akonadi needs this - Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py - auth_use_nsswitch does not need avahi to read passwords,needed for resolving data - Dontaudit (xdm_t) gok attempting to list contents of /var/account - Telepathy domains need to read urand - Need interface to getattr all file classes in a mock library for setroubleshoot- Update selinux policy to handle new /usr/share/sandbox/start script- Update to upstream - Fix version of policy in spec file- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - remove per sandbox domains devpts types - Allow dkim-milter sending signal to itself- Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup- Turn on systemd policy - mozilla_plugin needs to read certs in the homedir. - Dontaudit leaked file descriptors from devicekit - Fix ircssi to use auth_use_nsswitch - Change to use interface without param in corenet to disable unlabelednet packets - Allow init to relabel sockets and fifo files in /dev - certmonger needs dac* capabilities to manage cert files not owned by root - dovecot needs fsetid to change group membership on mail - plymouthd removes /var/log/boot.log - systemd is creating symlinks in /dev - Change label on /etc/httpd/alias to be all cert_t- Fixes for clamscan and boinc policy - Add boinc_project_t setpgid - Allow alsa to create tmp files in /tmp- Push fixes to allow disabling of unlabeled_t packet access - Enable unlabelednet policy- Fixes for lvm to work with systemd- Fix the label for wicd log - plymouthd creates force-display-on-active-vt file - Allow avahi to request the kernel to load a module - Dontaudit hal leaks - Fix gnome_manage_data interface - Add new interface corenet_packet to define a type as being an packet_type. - Removed general access to packet_type from icecast and squid. - Allow mpd to read alsa config - Fix the label for wicd log - Add systemd policy- Fix gnome_manage_data interface - Dontaudit sys_ptrace capability for iscsid - Fixes for nagios plugin policy- Fix cron to run ranged when started by init - Fix devicekit to use log files - Dontaudit use of devicekit_var_run_t for fstools - Allow init to setattr on logfile directories - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Turn on sshd_forward_ports boolean by default - Allow sysadmin to dbus chat with rpm - Add interface for rw_tpm_dev - Allow cron to execute bin - fsadm needs to write sysfs - Dontaudit consoletype reading /var/run/pm-utils - Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin - certmonger needs to manage dirsrv data - /var/run/pm-utils should be labeled as devicekit_var_run_t- fixes to allow /var/run and /var/lock as tmpfs - Allow chrome sandbox to connect to web ports - Allow dovecot to listem on lmtp and sieve ports - Allov ddclient to search sysctl_net_t - Transition back to original domain if you execute the shell- Remove duplicate declaration- Update to upstream - Cleanup for sandbox - Add attribute to be able to select sandbox types- Allow ddclient to fix file mode bits of ddclient conf file - init leaks file descriptors to daemons - Add labels for /etc/lirc/ and - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0- Put back in lircd_etc_t so policy will install- Turn on allow_postfix_local_write_mail_spool - Allow initrc_t to transition to shutdown_t - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Login programs have to read /etc/samba - New programs under /lib/systemd - Abrt needs to read config files- Update to upstream - Dontaudit leaked sockets from userdomains to user domains - Fixes for mcelog to handle scripts - Apply patch from Ruben Kerkhof - Allow syslog to search spool dirs- Allow nagios plugins to read usr files - Allow mysqld-safe to send system log messages - Fixes fpr ddclient policy - Fix sasl_admin interface - Allow apache to search zarafa config - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Fix labels on /etc/mcelog/triggers to bin_t- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp - Fix xserver interface - Fix definition of /var/run/lxdm- Turn on mediawiki policy - kdump leaks kdump_etc_t to ifconfig, add dontaudit - uux needs to transition to uucpd_t - More init fixes relabels man,faillog - Remove maxima defs in libraries.fc - insmod needs to be able to create tmpfs_t files - ping needs setcap- Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Allow mpd to be able to read samba/nfs files- Fix up corecommands.fc to match upstream - Make sure /lib/systemd/* is labeled init_exec_t - mount wants to setattr on all mountpoints - dovecot auth wants to read dovecot etc files - nscd daemon looks at the exe file of the comunicating daemon - openvpn wants to read utmp file - postfix apps now set sys_nice and lower limits - remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly - Also resolves nsswitch - Fix labels on /etc/hosts.* - Cleanup to make upsteam patch work - allow abrt to read etc_runtime_t- Add conflicts for dirsrv package- Update to upstream - Add vlock policy- Fix sandbox to work on nfs homedirs - Allow cdrecord to setrlimit - Allow mozilla_plugin to read xauth - Change label on systemd-logger to syslogd_exec_t - Install dirsrv policy from dirsrv package- Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it - Udev needs to stream connect to init and kernel - Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory- Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon- Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/*- Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot- Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs. - Allow devicekit_power to domtrans to mount - Allow dhcp to bind to udp ports > 1024 to do named stuff - Allow ssh_t to exec ssh_exec_t - Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used - Fix clamav_append_log() intefaces - Fix 'psad_rw_fifo_file' interface- Allow cobblerd to list cobler appache content- Fixup for the latest version of upowed - Dontaudit sandbox sending SIGNULL to desktop apps- Update to upstream-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access - dovecot-auth_t needs ipc_lock - gpm needs to use the user terminal - Allow system_mail_t to append ~/dead.letter - Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf - Add pid file to vnstatd - Allow mount to communicate with gfs_controld - Dontaudit hal leaks in setfiles- Lots of fixes for systemd - systemd now executes readahead and tmpwatch type scripts - Needs to manage random seed- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream- Fix fusefs handling - Do not allow sandbox to manage nsplugin_rw_t - Allow mozilla_plugin_t to connecto its parent - Allow init_t to connect to plymouthd running as kernel_t - Add mediawiki policy - dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. - Disable transition from dbus_session_domain to telepathy for F14 - Allow boinc_project to use shm - Allow certmonger to search through directories that contain certs - Allow fail2ban the DAC Override so it can read log files owned by non root users- Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t- Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home - Allow clamd to send signals to itself - Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm. - Allow haze to connect to yahoo chat and messenger port tcp:5050. Bz #637339 - Allow guest to run ps command on its processes by allowing it to read /proc - Allow firewallgui to sys_rawio which seems to be required to setup masqerading - Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba. - Add label for /var/log/slim.log- Pull in cleanups from dgrift - Allow mozilla_plugin_t to execute mozilla_home_t - Allow rpc.quota to do quotamod- Cleanup policy via dgrift - Allow dovecot_deliver to append to inherited log files - Lots of fixes for consolehelper- Fix up Xguest policy- Add vnstat policy - allow libvirt to send audit messages - Allow chrome-sandbox to search nfs_t- Update to upstream- Add the ability to send audit messages to confined admin policies - Remove permissive domain from cmirrord and dontaudit sys_tty_config - Split out unconfined_domain() calls from other unconfined_ calls so we can d - virt needs to be able to read processes to clearance for MLS- Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit messages- Update to upstream- Allow mdadm_t to create files and sock files in /dev/md/- Add policy for ajaxterm- Handle /var/db/sudo - Allow pulseaudio to read alsa config - Allow init to send initrc_t dbus messagesAllow iptables to read shorewall tmp files Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr intd label vlc as an execmem_exec_t Lots of fixes for mozilla_plugin to run google vidio chat Allow telepath_msn to execute ldconfig and its own tmp files Fix labels on hugepages Allow mdadm to read files on /dev Remove permissive domains and change back to unconfined Allow freshclam to execute shell and bin_t Allow devicekit_power to transition to dhcpc Add boolean to allow icecast to connect to any port- Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm- Allow mdadm_t to read/write hugetlbfs- Dominic Grift Cleanup - Miroslav Grepl policy for jabberd - Various fixes for mount/livecd and prelink- Merge with upstream- More access needed for devicekit - Add dbadm policy- Merge with upstream- Allow seunshare to fowner- Allow cron to look at user_cron_spool links - Lots of fixes for mozilla_plugin_t - Add sysv file system - Turn unconfined domains to permissive to find additional avcs- Update policy for mozilla_plugin_t- Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir- Allow clamscan_t execmem if clamd_use_jit set - Add policy for firefox plugin-container- Fix /root/.forward definition- label dead.letter as mail_home_t- Allow login programs to search /cgroups- Fix cert handling- Fix devicekit_power bug - Allow policykit_auth_t more access.- Fix nis calls to allow bind to ports 512-1024 - Fix smartmon- Allow pcscd to read sysfs - systemd fixes - Fix wine_mmap_zero_ignore boolean- Apply Miroslav munin patch - Turn back on allow_execmem and allow_execmod booleans- Merge in fixes from dgrift repository- Update boinc policy - Fix sysstat policy to allow sys_admin - Change failsafe_context to unconfined_r:unconfined_t:s0- New paths for upstart- New permissions for syslog - New labels for /lib/upstart- Add mojomojo policy- Allow systemd to setsockcon on sockets to immitate other services- Remove debugfs label- Update to latest policy- Fix eclipse labeling from IBMSupportAssasstant packageing- Make boot with systemd in enforcing mode- Update to upstream- Add boolean to turn off port forwarding in sshd.- Add support for ebtables - Fixes for rhcs and corosync policy-Update to upstream-Update to upstream-Update to upstream- Add Zarafa policy- Cleanup of aiccu policy - initial mock policy- Lots of random fixes- Update to upstream- Update to upstream - Allow prelink script to signal itself - Cobbler fixes- Add xdm_var_run_t to xserver_stream_connect_xdm - Add cmorrord and mpd policy from Miroslav Grepl- Fix sshd creation of krb cc files for users to be user_tmp_t- Fixes for accountsdialog - Fixes for boinc- Fix label on /var/lib/dokwiki - Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls- Update to upstream- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label- Allow login programs to read krb5_home_t Resolves: 594833 - Add obsoletes for cachefilesfd-selinux package Resolves: #575084- Allow mount to r/w abrt fifo file - Allow svirt_t to getattr on hugetlbfs - Allow abrt to create a directory under /var/spool- Add labels for /sys - Allow sshd to getattr on shutdown - Fixes for munin - Allow sssd to use the kernel key ring - Allow tor to send syslog messages - Allow iptabels to read usr files - allow policykit to read all domains state- Fix path for /var/spool/abrt - Allow nfs_t as an entrypoint for http_sys_script_t - Add policy for piranha - Lots of fixes for sosreport- Allow xm_t to read network state and get and set capabilities - Allow policykit to getattr all processes - Allow denyhosts to connect to tcp port 9911 - Allow pyranha to use raw ip sockets and ptrace itself - Allow unconfined_execmem_t and gconfsd mechanism to dbus - Allow staff to kill ping process - Add additional MLS rules- Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663- Allow boinc to send mail- Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136- Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760- Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609 - Add policy for piranha- Fixups for xguest policy - Fixes for running sandbox firefox- Allow ksmtuned to use terminals Resolves: #586663 - Allow lircd to write to generic usb devices- Allow sandbox_xserver to connectto unconfined stream Resolves: #585171- Allow initrc_t to read slapd_db_t Resolves: #585476 - Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf Resolves: #585963- Allow rlogind_t to search /root for .rhosts Resolves: #582760 - Fix path for cached_var_t - Fix prelink paths /var/lib/prelink - Allow confined users to direct_dri - Allow mls lvm/cryptosetup to work- Allow virtd_t to manage firewall/iptables config Resolves: #573585- Fix label on /root/.rhosts Resolves: #582760 - Add labels for Picasa - Allow openvpn to read home certs - Allow plymouthd_t to use tty_device_t - Run ncftool as iptables_t - Allow mount to unmount unlabeled_t - Dontaudit hal leaks- Allow livecd to transition to mount- Update to upstream - Allow abrt to delete sosreport Resolves: #579998 - Allow snmp to setuid and gid Resolves: #582155 - Allow smartd to use generic scsi devices Resolves: #582145- Allow ipsec_t to create /etc/resolv.conf with the correct label - Fix reserved port destination - Allow autofs to transition to showmount - Stop crashing tuned- Add telepathysofiasip policy- Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t) - Allow accountsd to read shadow file - Allow apache to send audit messages when using pam - Allow asterisk to bind and connect to sip tcp ports - Fixes for dovecot 2.0 - Allow initrc_t to setattr on milter directories - Add procmail_home_t for .procmailrc file- Fixes for labels during install from livecd- Fix /cgroup file context - Fix broken afs use of unlabled_t - Allow getty to use the console for s390- Fix cgroup handling adding policy for /cgroup - Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set- Merge patches from dgrift- Update upstream - Allow abrt to write to the /proc under any process- Fix ~/.fontconfig label - Add /root/.cert label - Allow reading of the fixed_file_disk_t:lnk_file if you can read file - Allow qemu_exec_t as an entrypoint to svirt_t- Update to upstream - Allow tmpreaper to delete sandbox sock files - Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems - Fixes for gitosis - No transition on livecd to passwd or chfn - Fixes for denyhosts- Add label for /var/lib/upower - Allow logrotate to run sssd - dontaudit readahead on tmpfs blk files - Allow tmpreaper to setattr on sandbox files - Allow confined users to execute dos files - Allow sysadm_t to kill processes running within its clearance - Add accountsd policy - Fixes for corosync policy - Fixes from crontab policy - Allow svirt to manage svirt_image_t chr files - Fixes for qdisk policy - Fixes for sssd policy - Fixes for newrole policy- make libvirt work on an MLS platform- Add qpidd policy- Update to upstream- Allow boinc to read kernel sysctl - Fix snmp port definitions - Allow apache to read anon_inodefs- Allow shutdown dac_override- Add device_t as a file system - Fix sysfs association- Dontaudit ipsec_mgmt sys_ptrace - Allow at to mail its spool files - Allow nsplugin to search in .pulse directory- Update to upstream- Allow users to dbus chat with xdm - Allow users to r/w wireless_device_t - Dontaudit reading of process states by ipsec_mgmt- Fix openoffice from unconfined_t- Add shutdown policy so consolekit can shutdown system- Update to upstream- Update to upstream- Update to upstream - These are merges of my patches - Remove 389 labeling conflicts - Add MLS fixes found in RHEL6 testing - Allow pulseaudio to run as a service - Add label for mssql and allow apache to connect to this database port if boolean set - Dontaudit searches of debugfs mount point - Allow policykit_auth to send signals to itself - Allow modcluster to call getpwnam - Allow swat to signal winbind - Allow usbmux to run as a system role - Allow svirt to create and use devpts- Add MLS fixes found in RHEL6 testing - Allow domains to append to rpm_tmp_t - Add cachefilesfd policy - Dontaudit leaks when transitioning- Change allow_execstack and allow_execmem booleans to on - dontaudit acct using console - Add label for fping - Allow tmpreaper to delete sandbox_file_t - Fix wine dontaudit mmap_zero - Allow abrt to read var_t symlinks- Additional policy for rgmanager- Allow sshd to setattr on pseudo terms- Update to upstream- Allow policykit to send itself signals- Fix duplicate cobbler definition- Fix file context of /var/lib/avahi-autoipd- Merge with upstream- Allow sandbox to work with MLS- Make Chrome work with staff user- Add icecast policy - Cleanup spec file- Add mcelog policy- Lots of fixes found in F12- Fix rpm_dontaudit_leaks- Add getsched to hald_t - Add file context for Fedora/Redhat Directory Server- Allow abrt_helper to getattr on all filesystems - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so- Add gstreamer_home_t for ~/.gstreamer- Update to upstream- Fix git- Turn on puppet policy - Update to dgrift git policy- Move users file to selection by spec file. - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t- Update to upstream- Remove most of the permissive domains from F12.- Add cobbler policy from dgrift- add usbmon device - Add allow rulse for devicekit_disk- Lots of fixes found in F12, fixes from Tom London- Cleanups from dgrift- Add back xserver_manage_home_fonts- Dontaudit sandbox trying to read nscd and sssd- Update to upstream- Rename udisks-daemon back to devicekit_disk_t policy- Fixes for abrt calls- Add tgtd policy- Update to upstream release- Add asterisk policy back in - Update to upstream release 2.20091117- Update to upstream release 2.20091117- Fixup nut policy- Update to upstream- Allow vpnc request the kernel to load modules- Fix minimum policy installs - Allow udev and rpcbind to request the kernel to load modules- Add plymouth policy - Allow local_login to sys_admin- Allow cupsd_config to read user tmp - Allow snmpd_t to signal itself - Allow sysstat_t to makedir in sysstat_log_t- Update rhcs policy- Allow users to exec restorecond- Allow sendmail to request kernel modules load- Fix all kernel_request_load_module domains- Fix all kernel_request_load_module domains- Remove allow_exec* booleans for confined users. Only available for unconfined_t- More fixes for sandbox_web_t- Allow sshd to create .ssh directory and content- Fix request_module line to module_request- Fix sandbox policy to allow it to run under firefox. - Dont audit leaks.- Fixes for sandbox- Update to upstream - Dontaudit nsplugin search /root - Dontaudit nsplugin sys_nice- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service - Remove policycoreutils-python requirement except for minimum- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files - Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)- Add wordpress/wp-content/uploads label - Fixes for sandbox when run from staff_t- Update to upstream - Fixes for devicekit_disk- More fixes- Lots of fixes for initrc and other unconfined domains- Allow xserver to use netlink_kobject_uevent_socket- Fixes for sandbox- Dontaudit setroubleshootfix looking at /root directory- Update to upsteam- Allow gssd to send signals to users - Fix duplicate label for apache content- Update to upstream- Remove polkit_auth on upgrades- Add back in unconfined.pp and unconfineduser.pp - Add Sandbox unshare- Fixes for cdrecord, mdadm, and others- Add capability setting to dhcpc and gpm- Allow cronjobs to read exim_spool_t- Add ABRT policy- Fix system-config-services policy- Allow libvirt to change user componant of virt_domain- Allow cupsd_config_t to be started by dbus - Add smoltclient policy- Add policycoreutils-python to pre install- Make all unconfined_domains permissive so we can see what AVC's happen- Add pt_chown policy- Add kdump policy for Miroslav Grepl - Turn off execstack boolean- Turn on execstack on a temporary basis (#512845)- Allow nsplugin to connecto the session bus - Allow samba_net to write to coolkey data- Allow devicekit_disk to list inotify- Allow svirt images to create sock_file in svirt_var_run_t- Allow exim to getattr on mountpoints - Fixes for pulseaudio- Allow svirt_t to stream_connect to virtd_t- Allod hald_dccm_t to create sock_files in /tmp- More fixes from upstream- Fix polkit label - Remove hidebrokensymptoms for nss_ldap fix - Add modemmanager policy - Lots of merges from upstream - Begin removing textrel_shlib_t labels, from fixed libraries- Update to upstream- Allow certmaster to override dac permissions- Update to upstream- Fix context for VirtualBox- Update to upstream- Allow clamscan read amavis spool files- Fixes for xguest- fix multiple directory ownership of mandirs- Update to upstream- Add rules for rtkit-daemon- Update to upstream - Fix nlscd_stream_connect- Add rtkit policy- Allow rpcd_t to stream connect to rpcbind- Allow kpropd to create tmp files- Fix last duplicate /var/log/rpmpkgs- Update to upstream * add sssd- Update to upstream * cleanup- Update to upstream - Additional mail ports - Add virt_use_usb boolean for svirt- Fix mcs rules to include chr_file and blk_file- Add label for udev-acl- Additional rules for consolekit/udev, privoxy and various other fixes- New version for upstream- Allow NetworkManager to read inotifyfs- Allow setroubleshoot to run mlocate- Update to upstream- Add fish as a shell - Allow fprintd to list usbfs_t - Allow consolekit to search mountpoints - Add proper labeling for shorewall- New log file for vmware - Allow xdm to setattr on user_tmp_t- Upgrade to upstream- Allow fprintd to access sys_ptrace - Add sandbox policy- Add varnishd policy- Fixes for kpropd- Allow brctl to r/w tun_tap_device_t- Add /usr/share/selinux/packages- Allow rpcd_t to send signals to kernel threads- Fix upgrade for F10 to F11- Add policy for /var/lib/fprint-Remove duplicate line- Allow svirt to manage pci and other sysfs device data- Fix package selection handling- Fix /sbin/ip6tables-save context - Allod udev to transition to mount - Fix loading of mls policy file- Add shorewall policy- Additional rules for fprintd and sssd- Allow nsplugin to unix_read unix_write sem for unconfined_java- Fix uml files to be owned by users- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less- Allow confined users to manage virt_content_t, since this is home dir content - Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection- Fix labeling on /var/lib/misc/prelink* - Allow xserver to rw_shm_perms with all x_clients - Allow prelink to execute files in the users home directory- Allow initrc_t to delete dev_null - Allow readahead to configure auditing - Fix milter policy - Add /var/lib/readahead- Update to latest milter code from Paul Howarth- Additional perms for readahead- Allow pulseaudio to acquire_svc on session bus - Fix readahead labeling- Allow sysadm_t to run rpm directly - libvirt needs fowner- Allow sshd to read var_lib symlinks for freenx- Allow nsplugin unix_read and write on users shm and sem - Allow sysadm_t to execute su- Dontaudit attempts to getattr user_tmpfs_t by lvm - Allow nfs to share removable media- Add ability to run postdrop from confined users- Fixes for podsleuth- Turn off nsplugin transition - Remove Konsole leaked file descriptors for release- Allow cupsd_t to create link files in print_spool_t - Fix iscsi_stream_connect typo - Fix labeling on /etc/acpi/actions - Don't reinstall unconfine and unconfineuser on upgrade if they are not installed- Allow audioentroy to read etc files- Add fail2ban_var_lib_t - Fixes for devicekit_power_t- Separate out the ucnonfined user from the unconfined.pp package- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.- Upgrade to latest upstream - Allow devicekit_disk sys_rawio- Dontaudit binds to ports < 1024 for named - Upgrade to latest upstream- Allow podsleuth to use tmpfs files- Add customizable_types for svirt- Allow setroubelshoot exec* privs to prevent crash from bad libraries - add cpufreqselector- Dontaudit listing of /root directory for cron system jobs- Fix missing ld.so.cache label- Add label for ~/.forward and /root/.forward- Fixes for svirt- Fixes to allow svirt read iso files in homedir- Add xenner and wine fixes from mgrepl- Allow mdadm to read/write mls override- Change to svirt to only access svirt_image_t- Fix libvirt policy- Upgrade to latest upstream- Fixes for iscsid and sssd - More cleanups for upgrade from F10 to Rawhide.- Add pulseaudio, sssd policy - Allow networkmanager to exec udevadm- Add pulseaudio context- Upgrade to latest patches- Fixes for libvirt- Update to Latest upstream- Fix setrans.conf to show SystemLow for s0- Further confinement of qemu images via svirt- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- Allow NetworkManager to manage /etc/NetworkManager/system-connections- add virtual_image_context and virtual_domain_context files- Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged- Fix sysnet/net_conf_t- Fix squidGuard labeling- Re-add corenet_in_generic_if(unlabeled_t)* Tue Feb 10 2009 Dan Walsh 3.6.5-2 - Add git web policy- Add setrans contains from upstream- Do transitions outside of the booleans- Allow xdm to create user_tmp_t sockets for switch user to work- Fix staff_t domain- Grab remainder of network_peer_controls patch- More fixes for devicekit- Upgrade to latest upstream- Add boolean to disallow unconfined_t login- Add back transition from xguest to mozilla- Add virt_content_ro_t and labeling for isos directory- Fixes for wicd daemon- More mls/rpm fixes- Add policy to make dbus/nm-applet work- Remove polgen-ifgen from post and add trigger to policycoreutils-python- Add wm policy - Make mls work in graphics mode- Fixed for DeviceKit- Add devicekit policy- Update to upstream- Define openoffice as an x_domain- Fixes for reading xserver_tmp_t- Allow cups_pdf_t write to nfs_t- Remove audio_entropy policy- Update to upstream- Allow hal_acl_t to getattr/setattr fixed_disk- Change userdom_read_all_users_state to include reading symbolic links in /proc- Fix dbus reading /proc information- Add missing alias for home directory content- Fixes for IBM java location- Allow unconfined_r unconfined_java_t- Add cron_role back to user domains- Fix sudo setting of user keys- Allow iptables to talk to terminals - Fixes for policy kit - lots of fixes for booting.- Cleanup policy- Rebuild for Python 2.6- Fix labeling on /var/spool/rsyslog- Allow postgresl to bind to udp nodes- Allow lvm to dbus chat with hal - Allow rlogind to read nfs_t- Fix cyphesis file context- Allow hal/pm-utils to look at /var/run/video.rom - Add ulogd policy- Additional fixes for cyphesis - Fix certmaster file context - Add policy for system-config-samba - Allow hal to read /var/run/video.rom- Allow dhcpc to restart ypbind - Fixup labeling in /var/run- Add certmaster policy- Fix confined users - Allow xguest to read/write xguest_dbusd_t- Allow openoffice execstack/execmem privs- Allow mozilla to run with unconfined_execmem_t- Dontaudit domains trying to write to .xsession-errors- Allow nsplugin to look at autofs_t directory- Allow kerneloops to create tmp files- More alias for fastcgi- Remove mod_fcgid-selinux package- Fix dovecot access- Policy cleanup- Remove Multiple spec - Add include - Fix makefile to not call per_role_expansion- Fix labeling of libGL- Update to upstream- Update to upstream policy- Fixes for confined xwindows and xdm_t- Allow confined users and xdm to exec wm - Allow nsplugin to talk to fifo files on nfs- Allow NetworkManager to transition to avahi and iptables - Allow domains to search other domains keys, coverup kernel bug- Fix labeling for oracle- Allow nsplugin to comminicate with xdm_tmp_t sock_file- Change all user tmpfs_t files to be labeled user_tmpfs_t - Allow radiusd to create sock_files- Upgrade to upstream- Allow confined users to login with dbus- Fix transition to nsplugin- Add file context for /dev/mspblk.*- Fix transition to nsplugin '- Fix labeling on new pm*log - Allow ssh to bind to all nodes- Merge upstream changes - Add Xavier Toth patches- Add qemu_cache_t for /var/cache/libvirt- Remove gamin policy- Add tinyxs-max file system support- Update to upstream - New handling of init scripts- Allow pcsd to dbus - Add memcache policy- Allow audit dispatcher to kill his children- Update to upstream - Fix crontab use by unconfined user- Allow ifconfig_t to read dhcpc_state_t- Update to upstream- Update to upstream- Allow system-config-selinux to work with policykit- Fix novel labeling- Consolodate pyzor,spamassassin, razor into one security domain - Fix xdm requiring additional perms.- Fixes for logrotate, alsa- Eliminate vbetool duplicate entry- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t - Change dhclient to be able to red networkmanager_var_run- Update to latest refpolicy - Fix libsemanage initial install bug- Add inotify support to nscd- Allow unconfined_t to setfcap- Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Add support for netware file systems- Allow ypbind apps to net_bind_service- Allow all system domains and application domains to append to any log file- Allow gdm to read rpm database - Allow nsplugin to read mplayer config files- Allow vpnc to run ifconfig- Allow confined users to use postgres - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server- Apply unconfined_execmem_exec_t to haskell programs- Fix prelude file context- allow hplip to talk dbus - Fix context on ~/.local dir- Prevent applications from reading x_device- Add /var/lib/selinux context- Update to upstream- Add livecd policy- Dontaudit search of admin_home for init_system_domain - Rewrite of xace interfaces - Lots of new fs_list_inotify - Allow livecd to transition to setfiles_mac- Begin XAce integration- Merge Upstream- Allow amanada to create data files- Fix initial install, semanage setup- Allow system_r for httpd_unconfined_script_t- Remove dmesg boolean - Allow user domains to read/write game data- Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work- Remove old booleans from targeted-booleans.conf file- Add boolean to mmap_zero - allow tor setgid - Allow gnomeclock to set clock- Don't run crontab from unconfined_t- Change etc files to config files to allow users to read them- Lots of fixes for confined domains on NFS_t homedir- dontaudit mrtg reading /proc - Allow iscsi to signal itself - Allow gnomeclock sys_ptrace- Allow dhcpd to read kernel network state- Label /var/run/gdm correctly - Fix unconfined_u user creation- Allow transition from initrc_t to getty_t- Allow passwd to communicate with user sockets to change gnome-keyring- Fix initial install- Allow radvd to use fifo_file - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set- Allow nsplugin to read /etc/mozpluggerrc, user_fonts - Allow syslog to manage innd logs. - Allow procmail to ioctl spamd_exec_t- Allow initrc_t to dbus chat with consolekit.- Additional access for nsplugin - Allow xdm setcap/getcap until pulseaudio is fixed- Allow mount to mkdir on tmpfs - Allow ifconfig to search debugfs- Fix file context for MATLAB - Fixes for xace- Allow stunnel to transition to inetd children domains - Make unconfined_dbusd_t an unconfined domain- Fixes for qemu/virtd- Fix bug in mozilla policy to allow xguest transition - This will fix the libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not query record value (No such file or directory) bug in xguest- Allow nsplugin to run acroread- Add cups_pdf policy - Add openoffice policy to run in xguest- prewika needs to contact mysql - Allow syslog to read system_map files- Change init_t to an unconfined_domain- Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes- fixes for init policy (#436988) - fix build- Additional changes for MLS policy- Fix initrc_context generation for MLS- Fixes for libvirt- Allow bitlebee to read locale_t- More xselinux rules- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t- Prepare policy for beta release - Change some of the system domains back to unconfined - Turn on some of the booleans- Allow nsplugin_config execstack/execmem - Allow nsplugin_t to read alsa config - Change apache to use user content- Add cyphesis policy- Fix Makefile.devel to build mls modules - Fix qemu to be more specific on labeling- Update to upstream fixes- Allow staff to mounton user_home_t- Add xace support- Add fusectl file system- Fixes from yum-cron - Update to latest upstream- Fix userdom_list_user_files- Merge with upstream- Allow udev to send audit messages- Add additional login users interfaces - userdom_admin_login_user_template(staff)- More fixes for polkit- Eliminate transition from unconfined_t to qemu by default - Fixes for gpg- Update to upstream- Fixes for staff_t- Add policy for kerneloops - Add policy for gnomeclock- Fixes for libvirt- Fixes for nsplugin- More fixes for qemu- Additional ports for vnc and allow qemu and libvirt to search all directories- Update to upstream - Add libvirt policy - add qemu policy- Allow fail2ban to create a socket in /var/run- Allow allow_httpd_mod_auth_pam to work- Add audisp policy and prelude- Allow all user roles to executae samba net command- Allow usertypes to read/write noxattr file systems- Fix nsplugin to allow flashplugin to work in enforcing mode- Allow pam_selinux_permit to kill all processes- Allow ptrace or user processes by users of same type - Add boolean for transition to nsplugin- Allow nsplugin sys_nice, getsched, setsched- Allow login programs to talk dbus to oddjob- Add procmail_log support - Lots of fixes for munin- Allow setroubleshoot to read policy config and send audit messages- Allow users to execute all files in homedir, if boolean set - Allow mount to read samba config- Fixes for xguest to run java plugin- dontaudit pam_t and dbusd writing to user_home_t- Update gpg to allow reading of inotify- Change user and staff roles to work correctly with varied perms- Fix munin log, - Eliminate duplicate mozilla file context - fix wpa_supplicant spec- Fix role transition from unconfined_r to system_r when running rpm - Allow unconfined_domains to communicate with user dbus instances- Fixes for xguest- Let all uncofined domains communicate with dbus unconfined- Run rpm in system_r- Zero out customizable types- Fix definiton of admin_home_t- Fix munin file context- Allow cron to run unconfined apps- Modify default login to unconfined_u- Dontaudit dbus user client search of /root- Update to upstream- Fixes for polkit - Allow xserver to ptrace- Add polkit policy - Symplify userdom context, remove automatic per_role changes- Update to upstream - Allow httpd_sys_script_t to search users homedirs- Allow rpm_script to transition to unconfined_execmem_t- Remove user based home directory separation- Remove user specific crond_t- Merge with upstream - Allow xsever to read hwdata_t - Allow login programs to setkeycreate- Update to upstream- Update to upstream- Allow XServer to read /proc/self/cmdline - Fix unconfined cron jobs - Allow fetchmail to transition to procmail - Fixes for hald_mac - Allow system_mail to transition to exim - Allow tftpd to upload files - Allow xdm to manage unconfined_tmp - Allow udef to read alsa config - Fix xguest to be able to connect to sound port- Fixes for hald_mac - Treat unconfined_home_dir_t as a home dir - dontaudit rhgb writes to fonts and root- Fix dnsmasq - Allow rshd full login privs- Allow rshd to connect to ports > 1023- Fix vpn to bind to port 4500 - Allow ssh to create shm - Add Kismet policy- Allow rpm to chat with networkmanager- Fixes for ipsec and exim mail - Change default to unconfined user- Pass the UNK_PERMS param to makefile - Fix gdm location- Make alsa work- Fixes for consolekit and startx sessions- Dontaudit consoletype talking to unconfined_t- Remove homedir_template- Check asound.state- Fix exim policy- Allow tmpreadper to read man_t - Allow racoon to bind to all nodes - Fixes for finger print reader- Allow xdm to talk to input device (fingerprint reader) - Allow octave to run as java- Allow login programs to set ioctl on /proc- Allow nsswitch apps to read samba_var_t- Fix maxima- Eliminate rpm_t:fifo_file avcs - Fix dbus path for helper app- Fix service start stop terminal avc's- Allow also to search var_lib - New context for dbus launcher- Allow cupsd_config_t to read/write usb_device_t - Support for finger print reader, - Many fixes for clvmd - dbus starting networkmanager- Fix java and mono to run in xguest account- Fix to add xguest account when inititial install - Allow mono, java, wine to run in userdomains- Allow xserver to search devpts_t - Dontaudit ldconfig output to homedir- Remove hplip_etc_t change back to etc_t.- Allow cron to search nfs and samba homedirs- Allow NetworkManager to dbus chat with yum-updated- Allow xfs to bind to port 7100- Allow newalias/sendmail dac_override - Allow bind to bind to all udp ports- Turn off direct transition- Allow wine to run in system role- Fix java labeling- Define user_home_type as home_type- Allow sendmail to create etc_aliases_t- Allow login programs to read symlinks on homedirs- Update an readd modules- Cleanup spec file- Allow xserver to be started by unconfined process and talk to tty- Upgrade to upstream to grab postgressql changes- Add setransd for mls policy- Add ldconfig_cache_t- Allow sshd to write to proc_t for afs login- Allow xserver access to urand- allow dovecot to search mountpoints- Fix Makefile for building policy modules- Fix dhcpc startup of service- Fix dbus chat to not happen for xguest and guest users- Fix nagios cgi - allow squid to communicate with winbind- Fixes for ldconfig- Update from upstream- Add nasd support- Fix new usb devices and dmfm- Eliminate mount_ntfs_t policy, merge into mount_t- Allow xserver to write to ramfs mounted by rhgb- Add context for dbus machine id- Update with latest changes from upstream- Fix prelink to handle execmod- Add ntpd_key_t to handle secret data- Add anon_inodefs - Allow unpriv user exec pam_exec_t - Fix trigger- Allow cups to use generic usb - fix inetd to be able to run random apps (git)- Add proper contexts for rsyslogd- Fixes for xguest policy- Allow execution of gconf- Fix moilscanner update problem- Begin adding policy to separate setsebool from semanage - Fix xserver.if definition to not break sepolgen.if- Add new devices- Add brctl policy- Fix root login to include system_r- Allow prelink to read kernel sysctls- Default to user_u:system_r:unconfined_t- fix squid - Fix rpm running as uid- Fix syslog declaration- Allow avahi to access inotify - Remove a lot of bogus security_t:filesystem avcs- Remove ifdef strict policy from upstream- Remove ifdef strict to allow user_u to login- Fix for amands - Allow semanage to read pp files - Allow rhgb to read xdm_xserver_tmp- Allow kerberos servers to use ldap for backing store- allow alsactl to read kernel state- More fixes for alsactl - Transition from hal and modutils - Fixes for suspend resume. - insmod domtrans to alsactl - insmod writes to hal log- Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy- Update to latest from upstream- Update to latest from upstream- Update to latest from upstream- Allow pcscd_t to send itself signals- Fixes for unix_update - Fix logwatch to be able to search all dirs- Upstream bumped the version- Allow consolekit to syslog - Allow ntfs to work with hal- Allow iptables to read etc_runtime_t- MLS Fixes- Fix path of /etc/lvm/cache directory - Fixes for alsactl and pppd_t - Fixes for consolekit- Allow insmod_t to mount kvmfs_t filesystems- Rwho policy - Fixes for consolekit- fixes for fusefs- Fix samba_net to allow it to view samba_var_t- Update to upstream- Fix Sonypic backlight - Allow snmp to look at squid_conf_t- Fixes for pyzor, cyrus, consoletype on everything installs- Fix hald_acl_t to be able to getattr/setattr on usb devices - Dontaudit write to unconfined_pipes for load_policy- Allow bluetooth to read inotifyfs- Fixes for samba domain controller. - Allow ConsoleKit to look at ttys- Fix interface call- Allow syslog-ng to read /var - Allow locate to getattr on all filesystems - nscd needs setcap- Update to upstream- Allow samba to run groupadd- Update to upstream- Allow mdadm to access generic scsi devices- Fix labeling on udev.tbl dirs- Fixes for logwatch- Add fusermount and mount_ntfs policy- Update to upstream - Allow saslauthd to use kerberos keytabs- Fixes for samba_var_t- Allow networkmanager to setpgid - Fixes for hal_acl_t- Remove disable_trans booleans - hald_acl_t needs to talk to nscd- Fix prelink to be able to manage usr dirs.- Allow insmod to launch init scripts- Remove setsebool policy- Fix handling of unlabled_t packets- More of my patches from upstream- Update to latest from upstream - Add fail2ban policy- Update to remove security_t:filesystem getattr problems- Policy for consolekit- Update to latest from upstream- Revert Nemiver change - Set sudo as a corecmd so prelink will work, remove sudoedit mapping, since this will not work, it does not transition. - Allow samba to execute useradd- Upgrade to the latest from upstream- Add sepolgen support - Add bugzilla policy- Fix file context for nemiver- Remove include sym link- Allow mozilla, evolution and thunderbird to read dev_random. Resolves: #227002 - Allow spamd to connect to smtp port Resolves: #227184 - Fixes to make ypxfr work Resolves: #227237- Fix ssh_agent to be marked as an executable - Allow Hal to rw sound device- Fix spamassisin so crond can update spam files - Fixes to allow kpasswd to work - Fixes for bluetooth- Remove some targeted diffs in file context file- Fix squid cachemgr labeling- Add ability to generate webadm_t policy - Lots of new interfaces for httpd - Allow sshd to login as unconfined_t- Continue fixing, additional user domains- Begin adding user confinement to targeted policy- Fixes for prelink, ktalkd, netlabel- Allow prelink when run from rpm to create tmp files Resolves: #221865 - Remove file_context for exportfs Resolves: #221181 - Allow spamassassin to create ~/.spamassissin Resolves: #203290 - Allow ssh access to the krb tickets - Allow sshd to change passwd - Stop newrole -l from working on non securetty Resolves: #200110 - Fixes to run prelink in MLS machine Resolves: #221233 - Allow spamassassin to read var_lib_t dir Resolves: #219234- fix mplayer to work under strict policy - Allow iptables to use nscd Resolves: #220794- Add gconf policy and make it work with strict- Many fixes for strict policy and by extension mls.- Fix to allow ftp to bind to ports > 1024 Resolves: #219349- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t Resolves: #219421 - Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080- allow automount to setgid Resolves: #219999- Allow cron to polyinstatiate - Fix creation of boot flags Resolves: #207433- Fixes for irqbalance Resolves: #219606- Fix vixie-cron to work on mls Resolves: #207433Resolves: #218978- Allow initrc to create files in /var directories Resolves: #219227- More fixes for MLS Resolves: #181566- More Fixes polyinstatiation Resolves: #216184- More Fixes polyinstatiation - Fix handling of keyrings Resolves: #216184- Fix polyinstatiation - Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350- More fixes for quota Resolves: #212957- ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014- Allow login programs to polyinstatiate homedirs Resolves: #216184 - Allow quotacheck to create database files Resolves: #212957- Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 Resolves: #217611 Resolves: #217640 Resolves: #217725- Fix context for helix players file_context #216942- Fix load_policy to be able to mls_write_down so it can talk to the terminal- Fixes for hwclock, clamav, ftp- Move to upstream version which accepted my patches- Fixes for nvidia driver- Allow semanage to signal mcstrans- Update to upstream- Allow modstorage to edit /etc/fstab file- Fix for qemu, /dev/- Fix path to realplayer.bin- Allow xen to connect to xen port- Allow cups to search samba_etc_t directory - Allow xend_t to list auto_mountpoints- Allow xen to search automount- Fix spec of jre files- Fix unconfined access to shadow file- Allow xend to create files in xen_image_t directories- Fixes for /var/lib/hal- Remove ability for sysadm_t to look at audit.log- Fix rpc_port_types - Add aide policy for mls- Merge with upstream- Lots of fixes for ricci- Allow xen to read/write fixed devices with a boolean - Allow apache to search /var/log- Fix policygentool specfile problem. - Allow apache to send signals to it's logging helpers. - Resolves: rhbz#212731- Add perms for swat- Add perms for swat- Allow daemons to dump core files to /- Fixes for ricci- Allow mount.nfs to work- Allow ricci-modstorage to look at lvm_etc_t- Fixes for ricci using saslauthd- Allow mountpoint on home_dir_t and home_t- Update xen to read nfs files- Allow noxattrfs to associate with other noxattrfs- Allow hal to use power_device_t- Allow procemail to look at autofs_t - Allow xen_image_t to work as a fixed device- Refupdate from upstream- Add lots of fixes for mls cups- Lots of fixes for ricci- Fix number of cats- Update to upstream- More iSCSI changes for #209854- Test ISCSI fixes for #209854- allow semodule to rmdir selinux_config_t dir- Fix boot_runtime_t problem on ppc. Should not be creating these files.- Fix context mounts on reboot - Fix ccs creation of directory in /var/log- Update for tallylog- Allow xend to rewrite dhcp conf files - Allow mgetty sys_admin capability- Make xentapctrl work- Don't transition unconfined_t to bootloader_t - Fix label in /dev/xen/blktap- Patch for labeled networking- Fix crond handling for mls- Update to upstream- Remove bluetooth-helper transition - Add selinux_validate for semanage - Require new version of libsemanage- Fix prelink- Fix rhgb- Fix setrans handling on MLS and useradd- Support for fuse - fix vigr- Fix dovecot, amanda - Fix mls- Allow java execheap for itanium- Update with upstream- mls fixes- Update from upstream- More fixes for mls - Revert change on automount transition to mount- Fix cron jobs to run under the correct context- Fixes to make pppd work- Multiple policy fixes - Change max categories to 1023- Fix transition on mcstransd- Add /dev/em8300 defs- Upgrade to upstream- Fix ppp connections from network manager- Add tty access to all domains boolean - Fix gnome-pty-helper context for ia64- Fixed typealias of firstboot_rw_t- Fix location of xel log files - Fix handling of sysadm_r -> rpm_exec_t- Fixes for autofs, lp- Update from upstream- Fixup for test6- Update to upstream- Update to upstream- Fix suspend to disk problems- Lots of fixes for restarting daemons at the console.- Fix audit line - Fix requires line- Upgrade to upstream- Fix install problems- Allow setroubleshoot to getattr on all dirs to gather RPM data- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform - Fix spec for /dev/adsp- Fix xen tty devices- Fixes for setroubleshoot- Update to upstream- Fixes for stunnel and postgresql - Update from upstream- Update from upstream - More java fixes- Change allow_execstack to default to on, for RHEL5 Beta. This is required because of a Java compiler problem. Hope to turn off for next beta- Misc fixes- More fixes for strict policy- Quiet down anaconda audit messages- Fix setroubleshootd- Update to the latest from upstream- More fixes for xen- Fix anaconda transitions- yet more xen rules- more xen rules- Fixes for Samba- Fixes for xen- Allow setroubleshootd to send mail- Add nagios policy- fixes for setroubleshoot- Added Paul Howarth patch to only load policy packages shipped with this package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus- Add policy for /var/run/ldapi- Fix setroubleshoot policy- Fixes for mls use of ssh - named has a new conf file- Fixes to make setroubleshoot work- Cups needs to be able to read domain state off of printer client- add boolean to allow zebra to write config files- setroubleshootd fixes- Allow prelink to read bin_t symlink - allow xfs to read random devices - Change gfs to support xattr- Remove spamassassin_can_network boolean- Update to upstream - Fix lpr domain for mls- Add setroubleshoot policy- Turn off auditallow on setting booleans- Multiple fixes- Update to upstream- Update to upstream - Add new class for kernel key ring- Update to upstream- Update to upstream- Break out selinux-devel package- Add ibmasmfs- Fix policygentool gen_requires- Update from Upstream- Fix spec of realplay- Update to upstream- Fix semanage- Allow useradd to create_home_dir in MLS environment- Update from upstream- Update from upstream- Add oprofilefs- Fix for hplip and Picasus- Update to upstream- Update to upstream- fixes for spamd- fixes for java, openldap and webalizer- Xen fixes- Upgrade to upstream- allow hal to read boot_t files - Upgrade to upstream- allow hal to read boot_t files- Update from upstream- Fixes for amavis- Update from upstream- Allow auditctl to search all directories- Add acquire service for mono.- Turn off allow_execmem boolean - Allow ftp dac_override when allowed to access users homedirs- Clean up spec file - Transition from unconfined_t to prelink_t- Allow execution of cvs command- Update to upstream- Update to upstream- Fix libjvm spec- Update to upstream- Add xm policy - Fix policygentool- Update to upstream - Fix postun to only disable selinux on full removal of the packages- Allow mono to chat with unconfined- Allow procmail to sendmail - Allow nfs to share dosfs- Update to latest from upstream - Allow selinux-policy to be removed and kernel not to crash- Update to latest from upstream - Add James Antill patch for xen - Many fixes for pegasus- Add unconfined_mount_t - Allow privoxy to connect to httpd_cache - fix cups labeleing on /var/cache/cups- Update to latest from upstream- Update to latest from upstream - Allow mono and unconfined to talk to initrc_t dbus objects- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t- Fix samba creating dirs in homedir - Fix NFS so its booleans would work- Allow secadm_t ability to relabel all files - Allow ftp to search xferlog_t directories - Allow mysql to communicate with ldap - Allow rsync to bind to rsync_port_t- Fixed mailman with Postfix #183928 - Allowed semanage to create file_context files. - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Don't allow devpts_t to be associated with tmp_t. - Allow hald_t to stat all mountpoints. - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts. - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of /etc/mtab. - Changed the file_contexts to not have a regex before the first ^/[a-z]/ whenever possible, makes restorecon slightly faster. - Correct the label of /etc/named.caching-nameserver.conf - Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src hit by this. - Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed xenstored_t rw access to the xen device node.- More textrel_shlib_t file path fixes - Add ada support- Get auditctl working in MLS policy- Add mono dbus support - Lots of file_context fixes for textrel_shlib_t in FC5 - Turn off execmem auditallow since they are filling log files- Update to upstream- Allow automount and dbus to read cert files- Fix ftp policy - Fix secadm running of auditctl- Update to upstream- Update to upstream- Fix policyhelp- Fix pam_console handling of usb_device - dontaudit logwatch reading /mnt dir- Update to upstream- Get transition rules to create policy.20 at SystemHigh- Allow secadmin to shutdown system - Allow sendmail to exec newalias- MLS Fixes dmidecode needs mls_file_read_up - add ypxfr_t - run init needs access to nscd - udev needs setuid - another xen log file - Dontaudit mount getattr proc_kcore_t- fix buildroot usage (#185391)- Get rid of mount/fsdisk scan of /dev messages - Additional fixes for suspend/resume- Fake make to rebuild enableaudit.pp- Get xen networking running.- Fixes for Xen - enableaudit should not be the same as base.pp - Allow ps to work for all process- more xen policy fixups- more xen fixage (#184393)- Fix blkid specification - Allow postfix to execute mailman_que- Blkid changes - Allow udev access to usb_device_t - Fix post script to create targeted policy config file- Allow lvm tools to create drevice dir- Add Xen support- Fixes for cups - Make cryptosetup work with hal- Load Policy needs translock- Fix cups html interface- Add hal changes suggested by Jeremy - add policyhelp to point at policy html pages- Additional fixes for nvidia and cups- Update to upstream - Merged my latest fixes - Fix cups policy to handle unix domain sockets- NSCD socket is in nscd_var_run_t needs to be able to search dir- Fixes Apache interface file- Fixes for new version of cups- Turn off polyinstatiate util after FC5- Fix problem with privoxy talking to Tor- Turn on polyinstatiation- Don't transition from unconfined_t to fsadm_t- Fix policy update model.- Update to upstream- Fix load_policy to work on MLS - Fix cron_rw_system_pipes for postfix_postdrop_t - Allow audotmount to run showmount- Fix swapon - allow httpd_sys_script_t to be entered via a shell - Allow httpd_sys_script_t to read eventpolfs- Update from upstream- allow cron to read apache files- Fix vpnc policy to work from NetworkManager- Update to upstream - Fix semoudle polcy- Update to upstream - fix sysconfig/selinux link- Add router port for zebra - Add imaze port for spamd - Fixes for amanda and java- Fix bluetooth handling of usb devices - Fix spamd reading of ~/ - fix nvidia spec- Update to upsteam- Add users_extra files- Update to upstream- Add semodule policy- Update from upstream- Fix for spamd to use razor port- Fixes for mcs - Turn on mount and fsadm for unconfined_t- Fixes for the -devel package- Fix for spamd to use ldap- Update to upstream- Update to upstream - Fix rhgb, and other Xorg startups- Update to upstream- Separate out role of secadm for mls- Add inotifyfs handling- Update to upstream - Put back in changes for pup/zen- Many changes for MLS - Turn on strict policy- Update to upstream- Update to upstream - Fixes for booting and logging in on MLS machine- Update to upstream - Turn off execheap execstack for unconfined users - Add mono/wine policy to allow execheap and execstack for them - Add execheap for Xdm policy- Update to upstream - Fixes to fetchmail,- Update to upstream- Fix for procmail/spamassasin - Update to upstream - Add rules to allow rpcd to work with unlabeled_networks.- Update to upstream - Fix ftp Man page- Update to upstream- fix pup transitions (#177262) - fix xen disks (#177599)- Update to upstream- More Fixes for hal and readahead- Fixes for hal and readahead- Update to upstream - Apply- Add wine and fix hal problems- Handle new location of hal scripts- Allow su to read /etc/mtab- Update to upstream- Fix "libsemanage.parse_module_headers: Data did not represent a module." problem- Allow load_policy to read /etc/mtab- Fix dovecot to allow dovecot_auth to look at /tmp- Allow restorecon to read unlabeled_t directories in order to fix labeling.- Add Logwatch policy- Fix /dev/ub[a-z] file context- Fix library specification - Give kudzu execmem privs- Fix hostname in targeted policy- Fix passwd command on mls- Lots of fixes to make mls policy work- Add dri libs to textrel_shlib_t - Add system_r role for java - Add unconfined_exec_t for vncserver - Allow slapd to use kerberos- Add man pages- Add enableaudit.pp- Fix mls policy- Update mls file from old version- Add sids back in - Rebuild with update checkpolicy- Fixes to allow automount to use portmap - Fixes to start kernel in s0-s15:c0.c255- Add java unconfined/execmem policy- Add file context for /var/cvs - Dontaudit webalizer search of homedir- Update from upstream- Clean up spec - range_transition crond to SystemHigh- Fixes for hal - Update to upstream- Turn back on execmem since we need it for java, firefox, ooffice - Allow gpm to stream socket to itself- fix requirements to be on the actual packages so that policy can get created properly at install time- Allow unconfined_t to execmod texrel_shlib_t- Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies- Add two new httpd booleans, turned off by default * httpd_can_network_relay * httpd_can_network_connect_db- Add ghost for policy.20- Update to upstream - Turn off boolean allow_execstack- Change setrans-mls to use new libsetrans - Add default_context rule for xdm- Change Requires to PreReg for requiring of policycoreutils on install- New upstream releaseAdd xdm policyUpdate from upstreamUpdate from upstreamUpdate from upstream- Also trigger to rebuild policy for versions up to 2.0.7.- No longer installing policy.20 file, anaconda handles the building of the app.- Fixes for dovecot and saslauthd- Cleanup pegasus and named - Fix spec file - Fix up passwd changing applications-Update to latest from upstream- Add rules for pegasus and avahi- Start building MLS Policy- Update to upstream- Turn on bash- Initial version/bin/sh  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCCEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ab3.13.1-128.28.fc22     NetworkManager_selinux.8.gz_selinux.8.gzabrt_dump_oops_selinux.8.gzabrt_handle_event_selinux.8.gzabrt_helper_selinux.8.gzabrt_retrace_coredump_selinux.8.gzabrt_retrace_worker_selinux.8.gzabrt_selinux.8.gzabrt_upload_watch_selinux.8.gzabrt_watch_log_selinux.8.gzaccountsd_selinux.8.gzacct_selinux.8.gzadmin_crontab_selinux.8.gzafs_bosserver_selinux.8.gzafs_fsserver_selinux.8.gzafs_kaserver_selinux.8.gzafs_ptserver_selinux.8.gzafs_selinux.8.gzafs_vlserver_selinux.8.gzaiccu_selinux.8.gzaide_selinux.8.gzaisexec_selinux.8.gzajaxterm_selinux.8.gzajaxterm_ssh_selinux.8.gzalsa_selinux.8.gzamanda_recover_selinux.8.gzamanda_selinux.8.gzamavis_selinux.8.gzamtu_selinux.8.gzanaconda_selinux.8.gzanon_sftpd_selinux.8.gzantivirus_selinux.8.gzapache_selinux.8.gzapcupsd_cgi_script_selinux.8.gzapcupsd_selinux.8.gzapm_selinux.8.gzapmd_selinux.8.gzarpwatch_selinux.8.gzasterisk_selinux.8.gzaudisp_remote_selinux.8.gzaudisp_selinux.8.gzauditadm_screen_selinux.8.gzauditadm_selinux.8.gzauditadm_su_selinux.8.gzauditadm_sudo_selinux.8.gzauditctl_selinux.8.gzauditd_selinux.8.gzauthconfig_selinux.8.gzautomount_selinux.8.gzavahi_selinux.8.gzawstats_script_selinux.8.gzawstats_selinux.8.gzbacula_admin_selinux.8.gzbacula_selinux.8.gzbacula_unconfined_script_selinux.8.gzbcfg2_selinux.8.gzbind_selinux.8.gzbitlbee_selinux.8.gzblktap_selinux.8.gzblueman_selinux.8.gzbluetooth_helper_selinux.8.gzbluetooth_selinux.8.gzboinc_project_selinux.8.gzboinc_selinux.8.gzbootloader_selinux.8.gzbrctl_selinux.8.gzbrltty_selinux.8.gzbugzilla_script_selinux.8.gzbumblebee_selinux.8.gzcachefiles_kernel_selinux.8.gzcachefilesd_selinux.8.gzcalamaris_selinux.8.gzcallweaver_selinux.8.gzcanna_selinux.8.gzcardmgr_selinux.8.gzccs_selinux.8.gzcdcc_selinux.8.gzcdrecord_selinux.8.gzcertmaster_selinux.8.gzcertmonger_selinux.8.gzcertmonger_unconfined_selinux.8.gzcertwatch_selinux.8.gzcfengine_execd_selinux.8.gzcfengine_monitord_selinux.8.gzcfengine_serverd_selinux.8.gzcgclear_selinux.8.gzcgconfig_selinux.8.gzcgred_selinux.8.gzcheckpc_selinux.8.gzcheckpolicy_selinux.8.gzchfn_selinux.8.gzchkpwd_selinux.8.gzchrome_sandbox_nacl_selinux.8.gzchrome_sandbox_selinux.8.gzchronyd_selinux.8.gzchroot_user_selinux.8.gzcinder_api_selinux.8.gzcinder_backup_selinux.8.gzcinder_scheduler_selinux.8.gzcinder_volume_selinux.8.gzciped_selinux.8.gzclamd_selinux.8.gzclamscan_selinux.8.gzclogd_selinux.8.gzcloud_init_selinux.8.gzcluster_selinux.8.gzclvmd_selinux.8.gzcmirrord_selinux.8.gzcobblerd_selinux.8.gzcockpit_session_selinux.8.gzcockpit_ws_selinux.8.gzcollectd_script_selinux.8.gzcollectd_selinux.8.gzcolord_selinux.8.gzcomsat_selinux.8.gzcondor_collector_selinux.8.gzcondor_master_selinux.8.gzcondor_negotiator_selinux.8.gzcondor_procd_selinux.8.gzcondor_schedd_selinux.8.gzcondor_startd_selinux.8.gzcondor_startd_ssh_selinux.8.gzconman_selinux.8.gzconsolekit_selinux.8.gzcorosync_selinux.8.gzcouchdb_selinux.8.gzcourier_authdaemon_selinux.8.gzcourier_pcp_selinux.8.gzcourier_pop_selinux.8.gzcourier_sqwebmail_selinux.8.gzcourier_tcpd_selinux.8.gzcpucontrol_selinux.8.gzcpufreqselector_selinux.8.gzcpuplug_selinux.8.gzcpuspeed_selinux.8.gzcrack_selinux.8.gzcrond_selinux.8.gzcronjob_selinux.8.gzcrontab_selinux.8.gzctdbd_selinux.8.gzcups_pdf_selinux.8.gzcupsd_config_selinux.8.gzcupsd_lpd_selinux.8.gzcupsd_selinux.8.gzcvs_script_selinux.8.gzcvs_selinux.8.gzcyphesis_selinux.8.gzcyrus_selinux.8.gzdbadm_selinux.8.gzdbadm_sudo_selinux.8.gzdbskkd_selinux.8.gzdcc_client_selinux.8.gzdcc_dbclean_selinux.8.gzdccd_selinux.8.gzdccifd_selinux.8.gzdccm_selinux.8.gzdcerpcd_selinux.8.gzddclient_selinux.8.gzdeltacloudd_selinux.8.gzdenyhosts_selinux.8.gzdepmod_selinux.8.gzdevicekit_disk_selinux.8.gzdevicekit_power_selinux.8.gzdevicekit_selinux.8.gzdhcpc_selinux.8.gzdhcpd_selinux.8.gzdictd_selinux.8.gzdirsrv_selinux.8.gzdirsrv_snmp_selinux.8.gzdirsrvadmin_script_selinux.8.gzdirsrvadmin_selinux.8.gzdirsrvadmin_unconfined_script_selinux.8.gzdisk_munin_plugin_selinux.8.gzdkim_milter_selinux.8.gzdlm_controld_selinux.8.gzdmesg_selinux.8.gzdmidecode_selinux.8.gzdnsmasq_selinux.8.gzdnssec_trigger_selinux.8.gzdocker_selinux.8.gzdovecot_auth_selinux.8.gzdovecot_deliver_selinux.8.gzdovecot_selinux.8.gzdrbd_selinux.8.gzdspam_script_selinux.8.gzdspam_selinux.8.gzentropyd_selinux.8.gzeventlogd_selinux.8.gzevtchnd_selinux.8.gzexim_selinux.8.gzfail2ban_client_selinux.8.gzfail2ban_selinux.8.gzfcoemon_selinux.8.gzfenced_selinux.8.gzfetchmail_selinux.8.gzfingerd_selinux.8.gzfirewalld_selinux.8.gzfirewallgui_selinux.8.gzfirstboot_selinux.8.gzfoghorn_selinux.8.gzfprintd_selinux.8.gzfreeipmi_bmc_watchdog_selinux.8.gzfreeipmi_ipmidetectd_selinux.8.gzfreeipmi_ipmiseld_selinux.8.gzfreqset_selinux.8.gzfreshclam_selinux.8.gzfsadm_selinux.8.gzfsdaemon_selinux.8.gzftpd_selinux.8.gzftpdctl_selinux.8.gzgames_selinux.8.gzgames_srv_selinux.8.gzgconfd_selinux.8.gzgconfdefaultsm_selinux.8.gzgdomap_selinux.8.gzgear_selinux.8.gzgeoclue_selinux.8.gzgetty_selinux.8.gzgfs_controld_selinux.8.gzgit_script_selinux.8.gzgit_session_selinux.8.gzgit_system_selinux.8.gzgitosis_selinux.8.gzglance_api_selinux.8.gzglance_registry_selinux.8.gzglance_scrubber_selinux.8.gzglusterd_selinux.8.gzgnomesystemmm_selinux.8.gzgpg_agent_selinux.8.gzgpg_helper_selinux.8.gzgpg_pinentry_selinux.8.gzgpg_selinux.8.gzgpg_web_selinux.8.gzgpm_selinux.8.gzgpsd_selinux.8.gzgreylist_milter_selinux.8.gzgroupadd_selinux.8.gzgroupd_selinux.8.gzgssd_selinux.8.gzgssproxy_selinux.8.gzguest_selinux.8.gzhaproxy_selinux.8.gzhddtemp_selinux.8.gzhostapd_selinux.8.gzhostname_selinux.8.gzhttpd_helper_selinux.8.gzhttpd_passwd_selinux.8.gzhttpd_php_selinux.8.gzhttpd_rotatelogs_selinux.8.gzhttpd_selinux.8.gzhttpd_suexec_selinux.8.gzhttpd_sys_script_selinux.8.gzhttpd_unconfined_script_selinux.8.gzhttpd_user_script_selinux.8.gzhwclock_selinux.8.gzhypervkvp_selinux.8.gzhypervvssd_selinux.8.gziceauth_selinux.8.gzicecast_selinux.8.gzifconfig_selinux.8.gzinetd_child_selinux.8.gzinetd_selinux.8.gzinit_selinux.8.gzinitrc_selinux.8.gzinnd_selinux.8.gzinsmod_selinux.8.gzinstall_selinux.8.gziodined_selinux.8.gziotop_selinux.8.gzipa_helper_selinux.8.gzipa_otpd_selinux.8.gzipsec_mgmt_selinux.8.gzipsec_selinux.8.gziptables_selinux.8.gzirc_selinux.8.gzirqbalance_selinux.8.gzirssi_selinux.8.gziscsid_selinux.8.gzisnsd_selinux.8.gziwhd_selinux.8.gzjabberd_router_selinux.8.gzjabberd_selinux.8.gzjockey_selinux.8.gzjournalctl_selinux.8.gzkadmind_selinux.8.gzkdump_selinux.8.gzkdumpctl_selinux.8.gzkdumpgui_selinux.8.gzkeepalived_selinux.8.gzkeepalived_unconfined_script_selinux.8.gzkernel_selinux.8.gzkeyboardd_selinux.8.gzkeystone_cgi_script_selinux.8.gzkeystone_selinux.8.gzkismet_selinux.8.gzklogd_selinux.8.gzkmscon_selinux.8.gzkpropd_selinux.8.gzkrb5kdc_selinux.8.gzksmtuned_selinux.8.gzktalkd_selinux.8.gzl2tpd_selinux.8.gzldconfig_selinux.8.gzlibvirt_selinux.8.gzlircd_selinux.8.gzlivecd_selinux.8.gzlldpad_selinux.8.gzload_policy_selinux.8.gzloadkeys_selinux.8.gzlocal_login_selinux.8.gzlocate_selinux.8.gzlockdev_selinux.8.gzlogadm_selinux.8.gzlogrotate_mail_selinux.8.gzlogrotate_selinux.8.gzlogwatch_mail_selinux.8.gzlogwatch_selinux.8.gzlpd_selinux.8.gzlpr_selinux.8.gzlsassd_selinux.8.gzlsmd_plugin_selinux.8.gzlsmd_selinux.8.gzlvm_selinux.8.gzlwiod_selinux.8.gzlwregd_selinux.8.gzlwsmd_selinux.8.gzmail_munin_plugin_selinux.8.gzmailman_cgi_selinux.8.gzmailman_mail_selinux.8.gzmailman_queue_selinux.8.gzman2html_script_selinux.8.gzmandb_selinux.8.gzmcelog_selinux.8.gzmdadm_selinux.8.gzmediawiki_script_selinux.8.gzmemcached_selinux.8.gzmencoder_selinux.8.gzminidlna_selinux.8.gzminissdpd_selinux.8.gzmip6d_selinux.8.gzmock_build_selinux.8.gzmock_selinux.8.gzmodemmanager_selinux.8.gzmojomojo_script_selinux.8.gzmon_procd_selinux.8.gzmon_statd_selinux.8.gzmongod_selinux.8.gzmotion_selinux.8.gzmount_ecryptfs_selinux.8.gzmount_selinux.8.gzmozilla_plugin_config_selinux.8.gzmozilla_plugin_selinux.8.gzmozilla_selinux.8.gzmpd_selinux.8.gzmplayer_selinux.8.gzmrtg_selinux.8.gzmscan_selinux.8.gzmunin_script_selinux.8.gzmunin_selinux.8.gzmysqld_safe_selinux.8.gzmysqld_selinux.8.gzmysqlmanagerd_selinux.8.gzmythtv_script_selinux.8.gznaemon_selinux.8.gznagios_admin_plugin_selinux.8.gznagios_checkdisk_plugin_selinux.8.gznagios_eventhandler_plugin_selinux.8.gznagios_mail_plugin_selinux.8.gznagios_openshift_plugin_selinux.8.gznagios_script_selinux.8.gznagios_selinux.8.gznagios_services_plugin_selinux.8.gznagios_system_plugin_selinux.8.gznagios_unconfined_plugin_selinux.8.gznamed_selinux.8.gznamespace_init_selinux.8.gzncftool_selinux.8.gzndc_selinux.8.gznetlabel_mgmt_selinux.8.gznetlogond_selinux.8.gznetutils_selinux.8.gzneutron_selinux.8.gznewrole_selinux.8.gznfsd_selinux.8.gzninfod_selinux.8.gznmbd_selinux.8.gznova_selinux.8.gznrpe_selinux.8.gznscd_selinux.8.gznsd_crond_selinux.8.gznsd_selinux.8.gznslcd_selinux.8.gzntop_selinux.8.gzntpd_selinux.8.gznumad_selinux.8.gznut_upsd_selinux.8.gznut_upsdrvctl_selinux.8.gznut_upsmon_selinux.8.gznutups_cgi_script_selinux.8.gznx_server_selinux.8.gznx_server_ssh_selinux.8.gzobex_selinux.8.gzoddjob_mkhomedir_selinux.8.gzoddjob_selinux.8.gzopenct_selinux.8.gzopenhpid_selinux.8.gzopenshift_app_selinux.8.gzopenshift_cgroup_read_selinux.8.gzopenshift_cron_selinux.8.gzopenshift_initrc_selinux.8.gzopenshift_net_read_selinux.8.gzopenshift_script_selinux.8.gzopenshift_selinux.8.gzopensm_selinux.8.gzopenvpn_selinux.8.gzopenvpn_unconfined_script_selinux.8.gzopenvswitch_selinux.8.gzopenwsman_selinux.8.gzoracleasm_selinux.8.gzosad_selinux.8.gzpacemaker_selinux.8.gzpads_selinux.8.gzpam_console_selinux.8.gzpam_timestamp_selinux.8.gzpassenger_selinux.8.gzpasswd_selinux.8.gzpcp_pmcd_selinux.8.gzpcp_pmie_selinux.8.gzpcp_pmlogger_selinux.8.gzpcp_pmmgr_selinux.8.gzpcp_pmproxy_selinux.8.gzpcp_pmwebd_selinux.8.gzpcscd_selinux.8.gzpegasus_openlmi_account_selinux.8.gzpegasus_openlmi_admin_selinux.8.gzpegasus_openlmi_logicalfile_selinux.8.gzpegasus_openlmi_services_selinux.8.gzpegasus_openlmi_storage_selinux.8.gzpegasus_openlmi_system_selinux.8.gzpegasus_openlmi_unconfined_selinux.8.gzpegasus_selinux.8.gzpesign_selinux.8.gzphc2sys_selinux.8.gzping_selinux.8.gzpingd_selinux.8.gzpiranha_fos_selinux.8.gzpiranha_lvs_selinux.8.gzpiranha_pulse_selinux.8.gzpiranha_web_selinux.8.gzpkcs_slotd_selinux.8.gzpki_ra_selinux.8.gzpki_tomcat_script_selinux.8.gzpki_tomcat_selinux.8.gzpki_tps_selinux.8.gzplymouth_selinux.8.gzplymouthd_selinux.8.gzpodsleuth_selinux.8.gzpolicykit_auth_selinux.8.gzpolicykit_grant_selinux.8.gzpolicykit_resolve_selinux.8.gzpolicykit_selinux.8.gzpolipo_selinux.8.gzpolipo_session_selinux.8.gzportmap_helper_selinux.8.gzportmap_selinux.8.gzportreserve_selinux.8.gzpostfix_bounce_selinux.8.gzpostfix_cleanup_selinux.8.gzpostfix_local_selinux.8.gzpostfix_map_selinux.8.gzpostfix_master_selinux.8.gzpostfix_pickup_selinux.8.gzpostfix_pipe_selinux.8.gzpostfix_postdrop_selinux.8.gzpostfix_postqueue_selinux.8.gzpostfix_qmgr_selinux.8.gzpostfix_showq_selinux.8.gzpostfix_smtp_selinux.8.gzpostfix_smtpd_selinux.8.gzpostfix_virtual_selinux.8.gzpostgresql_selinux.8.gzpostgrey_selinux.8.gzpppd_selinux.8.gzpptp_selinux.8.gzprelink_cron_system_selinux.8.gzprelink_selinux.8.gzprelude_audisp_selinux.8.gzprelude_correlator_selinux.8.gzprelude_lml_selinux.8.gzprelude_selinux.8.gzpreupgrade_selinux.8.gzprewikka_script_selinux.8.gzprivoxy_selinux.8.gzprocmail_selinux.8.gzprosody_selinux.8.gzpsad_selinux.8.gzptal_selinux.8.gzptchown_selinux.8.gzptp4l_selinux.8.gzpublicfile_selinux.8.gzpulseaudio_selinux.8.gzpuppetagent_selinux.8.gzpuppetca_selinux.8.gzpuppetmaster_selinux.8.gzpwauth_selinux.8.gzpyicqt_selinux.8.gzqdiskd_selinux.8.gzqemu_dm_selinux.8.gzqmail_clean_selinux.8.gzqmail_inject_selinux.8.gzqmail_local_selinux.8.gzqmail_lspawn_selinux.8.gzqmail_queue_selinux.8.gzqmail_remote_selinux.8.gzqmail_rspawn_selinux.8.gzqmail_send_selinux.8.gzqmail_smtpd_selinux.8.gzqmail_splogger_selinux.8.gzqmail_start_selinux.8.gzqmail_tcp_env_selinux.8.gzqpidd_selinux.8.gzquota_nld_selinux.8.gzquota_selinux.8.gzrabbitmq_selinux.8.gzracoon_selinux.8.gzradiusd_selinux.8.gzradvd_selinux.8.gzraid_selinux.8.gzrasdaemon_selinux.8.gzrdisc_selinux.8.gzreadahead_selinux.8.gzrealmd_consolehelper_selinux.8.gzrealmd_selinux.8.gzredis_selinux.8.gzregex_milter_selinux.8.gzremote_login_selinux.8.gzrestorecond_selinux.8.gzrgmanager_selinux.8.gzrhev_agentd_consolehelper_selinux.8.gzrhev_agentd_selinux.8.gzrhgb_selinux.8.gzrhnsd_selinux.8.gzrhsmcertd_selinux.8.gzricci_modcluster_selinux.8.gzricci_modclusterd_selinux.8.gzricci_modlog_selinux.8.gzricci_modrpm_selinux.8.gzricci_modservice_selinux.8.gzricci_modstorage_selinux.8.gzricci_selinux.8.gzrlogind_selinux.8.gzrngd_selinux.8.gzrolekit_selinux.8.gzroundup_selinux.8.gzrpcbind_selinux.8.gzrpcd_selinux.8.gzrpm_script_selinux.8.gzrpm_selinux.8.gzrshd_selinux.8.gzrssh_chroot_helper_selinux.8.gzrssh_selinux.8.gzrsync_selinux.8.gzrtas_errd_selinux.8.gzrtkit_daemon_selinux.8.gzrun_init_selinux.8.gzrwho_selinux.8.gzsamba_net_selinux.8.gzsamba_selinux.8.gzsamba_unconfined_net_selinux.8.gzsamba_unconfined_script_selinux.8.gzsambagui_selinux.8.gzsandbox_min_client_selinux.8.gzsandbox_min_selinux.8.gzsandbox_net_client_selinux.8.gzsandbox_net_selinux.8.gzsandbox_selinux.8.gzsandbox_web_client_selinux.8.gzsandbox_web_selinux.8.gzsandbox_x_client_selinux.8.gzsandbox_x_selinux.8.gzsandbox_xserver_selinux.8.gzsanlock_selinux.8.gzsaslauthd_selinux.8.gzsblim_gatherd_selinux.8.gzsblim_reposd_selinux.8.gzsblim_sfcbd_selinux.8.gzsecadm_screen_selinux.8.gzsecadm_selinux.8.gzsecadm_su_selinux.8.gzsecadm_sudo_selinux.8.gzsectoolm_selinux.8.gzselinux_munin_plugin_selinux.8.gzsemanage_selinux.8.gzsendmail_selinux.8.gzsensord_selinux.8.gzsepgsql_ranged_proc_selinux.8.gzsepgsql_trusted_proc_selinux.8.gzservices_munin_plugin_selinux.8.gzsetfiles_mac_selinux.8.gzsetfiles_selinux.8.gzsetkey_selinux.8.gzsetrans_selinux.8.gzsetroubleshoot_fixit_selinux.8.gzsetroubleshootd_selinux.8.gzsetsebool_selinux.8.gzsftpd_selinux.8.gzsge_execd_selinux.8.gzsge_job_selinux.8.gzsge_job_ssh_selinux.8.gzsge_shepherd_selinux.8.gzshorewall_selinux.8.gzshowmount_selinux.8.gzslapd_selinux.8.gzslpd_selinux.8.gzsmartmon_selinux.8.gzsmbcontrol_selinux.8.gzsmbd_selinux.8.gzsmbmount_selinux.8.gzsmokeping_cgi_script_selinux.8.gzsmokeping_selinux.8.gzsmoltclient_selinux.8.gzsmsd_selinux.8.gzsnapperd_selinux.8.gzsnmpd_selinux.8.gzsnort_selinux.8.gzsosreport_selinux.8.gzsoundd_selinux.8.gzspamass_milter_selinux.8.gzspamc_selinux.8.gzspamd_selinux.8.gzspamd_update_selinux.8.gzspc_selinux.8.gzspeech-dispatcher_selinux.8.gzsquid_cron_selinux.8.gzsquid_script_selinux.8.gzsquid_selinux.8.gzsrvsvcd_selinux.8.gzssh_keygen_selinux.8.gzssh_keysign_selinux.8.gzssh_selinux.8.gzsshd_keygen_selinux.8.gzsshd_net_selinux.8.gzsshd_sandbox_selinux.8.gzsshd_selinux.8.gzsssd_selinux.8.gzsssd_selinux_manager_selinux.8.gzstaff_consolehelper_selinux.8.gzstaff_dbusd_selinux.8.gzstaff_gkeyringd_selinux.8.gzstaff_screen_selinux.8.gzstaff_selinux.8.gzstaff_seunshare_selinux.8.gzstaff_ssh_agent_selinux.8.gzstaff_sudo_selinux.8.gzstaff_wine_selinux.8.gzstapserver_selinux.8.gzstunnel_selinux.8.gzsulogin_selinux.8.gzsvc_multilog_selinux.8.gzsvc_run_selinux.8.gzsvc_start_selinux.8.gzsvirt_kvm_net_selinux.8.gzsvirt_lxc_net_selinux.8.gzsvirt_lxc_net_t_selinux.8.gzsvirt_lxc_t_selinux.8.gzsvirt_qemu_net_selinux.8.gzsvirt_selinux.8.gzsvirt_socket_selinux.8.gzsvirt_tcg_selinux.8.gzsvnserve_selinux.8.gzswat_selinux.8.gzswift_selinux.8.gzsysadm_dbusd_selinux.8.gzsysadm_passwd_selinux.8.gzsysadm_screen_selinux.8.gzsysadm_selinux.8.gzsysadm_seunshare_selinux.8.gzsysadm_ssh_agent_selinux.8.gzsysadm_su_selinux.8.gzsysadm_sudo_selinux.8.gzsyslogd_selinux.8.gzsysstat_selinux.8.gzsystem_cronjob_selinux.8.gzsystem_dbusd_selinux.8.gzsystem_mail_selinux.8.gzsystem_munin_plugin_selinux.8.gzsystemd_coredump_selinux.8.gzsystemd_hostnamed_selinux.8.gzsystemd_localed_selinux.8.gzsystemd_logger_selinux.8.gzsystemd_logind_selinux.8.gzsystemd_networkd_selinux.8.gzsystemd_notify_selinux.8.gzsystemd_passwd_agent_selinux.8.gzsystemd_sysctl_selinux.8.gzsystemd_timedated_selinux.8.gzsystemd_tmpfiles_selinux.8.gztcpd_selinux.8.gztcsd_selinux.8.gztelepathy_gabble_selinux.8.gztelepathy_idle_selinux.8.gztelepathy_logger_selinux.8.gztelepathy_mission_control_selinux.8.gztelepathy_msn_selinux.8.gztelepathy_salut_selinux.8.gztelepathy_sofiasip_selinux.8.gztelepathy_stream_engine_selinux.8.gztelepathy_sunshine_selinux.8.gztelnetd_selinux.8.gztftpd_selinux.8.gztgtd_selinux.8.gzthin_aeolus_configserver_selinux.8.gzthin_selinux.8.gzthumb_selinux.8.gztimemaster_selinux.8.gztmpreaper_selinux.8.gztomcat_selinux.8.gztor_selinux.8.gztraceroute_selinux.8.gztuned_selinux.8.gztvtime_selinux.8.gzudev_selinux.8.gzulogd_selinux.8.gzuml_selinux.8.gzuml_switch_selinux.8.gzunconfined_cronjob_selinux.8.gzunconfined_dbusd_selinux.8.gzunconfined_mount_selinux.8.gzunconfined_munin_plugin_selinux.8.gzunconfined_selinux.8.gzunconfined_sendmail_selinux.8.gzunconfined_service_selinux.8.gzupdate_modules_selinux.8.gzupdfstab_selinux.8.gzupdpwd_selinux.8.gzusbmodules_selinux.8.gzusbmuxd_selinux.8.gzuser_dbusd_selinux.8.gzuser_gkeyringd_selinux.8.gzuser_mail_selinux.8.gzuser_screen_selinux.8.gzuser_selinux.8.gzuser_seunshare_selinux.8.gzuser_ssh_agent_selinux.8.gzuser_wine_selinux.8.gzuseradd_selinux.8.gzusernetctl_selinux.8.gzutempter_selinux.8.gzuucpd_selinux.8.gzuuidd_selinux.8.gzuux_selinux.8.gzvarnishd_selinux.8.gzvarnishlog_selinux.8.gzvdagent_selinux.8.gzvhostmd_selinux.8.gzvirsh_selinux.8.gzvirsh_ssh_selinux.8.gzvirt_bridgehelper_selinux.8.gzvirt_qemu_ga_selinux.8.gzvirt_qemu_ga_unconfined_selinux.8.gzvirt_qmf_selinux.8.gzvirt_selinux.8.gzvirtd_lxc_selinux.8.gzvirtd_selinux.8.gzvlock_selinux.8.gzvmtools_helper_selinux.8.gzvmtools_selinux.8.gzvmware_host_selinux.8.gzvmware_selinux.8.gzvnstat_selinux.8.gzvnstatd_selinux.8.gzvpnc_selinux.8.gzw3c_validator_script_selinux.8.gzwatchdog_selinux.8.gzwatchdog_unconfined_selinux.8.gzwdmd_selinux.8.gzwebadm_selinux.8.gzwebalizer_script_selinux.8.gzwebalizer_selinux.8.gzwinbind_helper_selinux.8.gzwinbind_selinux.8.gzwine_selinux.8.gzwireshark_selinux.8.gzwpa_cli_selinux.8.gzxauth_selinux.8.gzxdm_selinux.8.gzxdm_unconfined_selinux.8.gzxenconsoled_selinux.8.gzxend_selinux.8.gzxenstored_selinux.8.gzxguest_dbusd_selinux.8.gzxguest_gkeyringd_selinux.8.gzxguest_selinux.8.gzxserver_selinux.8.gzypbind_selinux.8.gzyppasswdd_selinux.8.gzypserv_selinux.8.gzypxfr_selinux.8.gzzabbix_agent_selinux.8.gzzabbix_script_selinux.8.gzzabbix_selinux.8.gzzarafa_deliver_selinux.8.gzzarafa_gateway_selinux.8.gzzarafa_ical_selinux.8.gzzarafa_indexer_selinux.8.gzzarafa_monitor_selinux.8.gzzarafa_server_selinux.8.gzzarafa_spooler_selinux.8.gzzebra_selinux.8.gzzoneminder_script_selinux.8.gzzoneminder_selinux.8.gzzos_remote_selinux.8.gzftpd_selinux.8.gzhttpd_selinux.8.gzkerberos_selinux.8.gznamed_selinux.8.gznfs_selinux.8.gzrsync_selinux.8.gzsamba_selinux.8.gzypbind_selinux.8.gzdevelMakefileexample.fcexample.ifexample.tehtmlNetworkManager.htmlabrt.htmlabrt_dump_oops.htmlabrt_handle_event.htmlabrt_helper.htmlabrt_retrace_coredump.htmlabrt_retrace_worker.htmlabrt_upload_watch.htmlabrt_watch_log.htmlaccountsd.htmlacct.htmladmin_crontab.htmlafs.htmlafs_bosserver.htmlafs_fsserver.htmlafs_kaserver.htmlafs_ptserver.htmlafs_vlserver.htmlaiccu.htmlaide.htmlajaxterm.htmlajaxterm_ssh.htmlalsa.htmlamanda.htmlamanda_recover.htmlamtu.htmlanaconda.htmlanon_sftpd.htmlantivirus.htmlapcupsd.htmlapcupsd_cgi_script.htmlapm.htmlapmd.htmlarpwatch.htmlasterisk.htmlaudisp.htmlaudisp_remote.htmlauditadm.htmlauditadm_screen.htmlauditadm_su.htmlauditadm_sudo.htmlauditctl.htmlauditd.htmlauthconfig.htmlautomount.htmlavahi.htmlawstats.htmlawstats_script.htmlbacula.htmlbacula_admin.htmlbacula_unconfined_script.htmlbcfg2.htmlbitlbee.htmlblktap.htmlblueman.htmlbluetooth.htmlbluetooth_helper.htmlboinc.htmlboinc_project.htmlbootloader.htmlbrctl.htmlbrltty.htmlbugzilla_script.htmlbumblebee.htmlcachefiles_kernel.htmlcachefilesd.htmlcalamaris.htmlcallweaver.htmlcanna.htmlcardmgr.htmlccs.htmlcdcc.htmlcdrecord.htmlcertmaster.htmlcertmonger.htmlcertmonger_unconfined.htmlcertwatch.htmlcfengine_execd.htmlcfengine_monitord.htmlcfengine_serverd.htmlcgclear.htmlcgconfig.htmlcgred.htmlcheckpc.htmlcheckpolicy.htmlchfn.htmlchkpwd.htmlchrome_sandbox.htmlchrome_sandbox_nacl.htmlchronyd.htmlchroot_user.htmlcinder_api.htmlcinder_backup.htmlcinder_scheduler.htmlcinder_volume.htmlciped.htmlclogd.htmlcloud_init.htmlcluster.htmlclvmd.htmlcmirrord.htmlcobblerd.htmlcockpit_session.htmlcockpit_ws.htmlcollectd.htmlcollectd_script.htmlcolord.htmlcomsat.htmlcondor_collector.htmlcondor_master.htmlcondor_negotiator.htmlcondor_procd.htmlcondor_schedd.htmlcondor_startd.htmlcondor_startd_ssh.htmlconman.htmlconsolekit.htmlcouchdb.htmlcourier_authdaemon.htmlcourier_pcp.htmlcourier_pop.htmlcourier_sqwebmail.htmlcourier_tcpd.htmlcpucontrol.htmlcpufreqselector.htmlcpuplug.htmlcpuspeed.htmlcrack.htmlcrond.htmlcronjob.htmlcrontab.htmlctdbd.htmlcups_pdf.htmlcupsd.htmlcupsd_config.htmlcupsd_lpd.htmlcvs.htmlcvs_script.htmlcyphesis.htmlcyrus.htmldbadm.htmldbadm_sudo.htmldbskkd.htmldcc_client.htmldcc_dbclean.htmldccd.htmldccifd.htmldccm.htmldcerpcd.htmlddclient.htmldeltacloudd.htmldenyhosts.htmldepmod.htmldevicekit.htmldevicekit_disk.htmldevicekit_power.htmldhcpc.htmldhcpd.htmldictd.htmldirsrv.htmldirsrv_snmp.htmldirsrvadmin.htmldirsrvadmin_script.htmldirsrvadmin_unconfined_script.htmldisk_munin_plugin.htmldkim_milter.htmldlm_controld.htmldmesg.htmldmidecode.htmldnsmasq.htmldnssec_trigger.htmldocker.htmldovecot.htmldovecot_auth.htmldovecot_deliver.htmldrbd.htmldspam.htmldspam_script.htmlentropyd.htmleventlogd.htmlevtchnd.htmlexim.htmlfail2ban.htmlfail2ban_client.htmlfcoemon.htmlfenced.htmlfetchmail.htmlfingerd.htmlfirewalld.htmlfirewallgui.htmlfirstboot.htmlfoghorn.htmlfprintd.htmlfreeipmi_bmc_watchdog.htmlfreeipmi_ipmidetectd.htmlfreeipmi_ipmiseld.htmlfreqset.htmlfsadm.htmlfsdaemon.htmlftpd.htmlftpdctl.htmlgames.htmlgames_srv.htmlgconfd.htmlgconfdefaultsm.htmlgdomap.htmlgear.htmlgeoclue.htmlgetty.htmlgfs_controld.htmlgit_script.htmlgit_session.htmlgit_system.htmlgitosis.htmlglance_api.htmlglance_registry.htmlglance_scrubber.htmlglusterd.htmlgnomesystemmm.htmlgpg.htmlgpg_agent.htmlgpg_helper.htmlgpg_pinentry.htmlgpg_web.htmlgpm.htmlgpsd.htmlgreylist_milter.htmlgroupadd.htmlgroupd.htmlgssd.htmlgssproxy.htmlguest.htmlhaproxy.htmlhddtemp.htmlhostapd.htmlhostname.htmlhttpd.htmlhttpd_helper.htmlhttpd_passwd.htmlhttpd_php.htmlhttpd_rotatelogs.htmlhttpd_suexec.htmlhttpd_sys_script.htmlhttpd_unconfined_script.htmlhttpd_user_script.htmlhwclock.htmlhypervkvp.htmlhypervvssd.htmliceauth.htmlicecast.htmlifconfig.htmlindex.htmlinetd.htmlinetd_child.htmlinit.htmlinitrc.htmlinnd.htmlinsmod.htmlinstall.htmliodined.htmliotop.htmlipa_helper.htmlipa_otpd.htmlipsec.htmlipsec_mgmt.htmliptables.htmlirc.htmlirqbalance.htmlirssi.htmliscsid.htmlisnsd.htmliwhd.htmljabberd.htmljabberd_router.htmljockey.htmljournalctl.htmlkadmind.htmlkdump.htmlkdumpctl.htmlkdumpgui.htmlkeepalived.htmlkeepalived_unconfined_script.htmlkernel.htmlkeyboardd.htmlkeystone.htmlkeystone_cgi_script.htmlkismet.htmlklogd.htmlkmscon.htmlkpropd.htmlkrb5kdc.htmlksmtuned.htmlktalkd.htmll2tpd.htmlldconfig.htmllircd.htmllivecd.htmllldpad.htmlload_policy.htmlloadkeys.htmllocal_login.htmllocate.htmllockdev.htmllogadm.htmllogrotate.htmllogrotate_mail.htmllogwatch.htmllogwatch_mail.htmllpd.htmllpr.htmllsassd.htmllsmd.htmllsmd_plugin.htmllvm.htmllwiod.htmllwregd.htmllwsmd.htmlmail_munin_plugin.htmlmailman_cgi.htmlmailman_mail.htmlmailman_queue.htmlman2html_script.htmlmandb.htmlmcelog.htmlmdadm.htmlmediawiki_script.htmlmemcached.htmlmencoder.htmlminidlna.htmlminissdpd.htmlmip6d.htmlmock.htmlmock_build.htmlmodemmanager.htmlmojomojo_script.htmlmon_procd.htmlmon_statd.htmlmongod.htmlmotion.htmlmount.htmlmount_ecryptfs.htmlmozilla.htmlmozilla_plugin.htmlmozilla_plugin_config.htmlmpd.htmlmplayer.htmlmrtg.htmlmscan.htmlmunin.htmlmunin_script.htmlmysqld.htmlmysqld_safe.htmlmysqlmanagerd.htmlmythtv_script.htmlnaemon.htmlnagios.htmlnagios_admin_plugin.htmlnagios_checkdisk_plugin.htmlnagios_eventhandler_plugin.htmlnagios_mail_plugin.htmlnagios_openshift_plugin.htmlnagios_script.htmlnagios_services_plugin.htmlnagios_system_plugin.htmlnagios_unconfined_plugin.htmlnamed.htmlnamespace_init.htmlncftool.htmlndc.htmlnetlabel_mgmt.htmlnetlogond.htmlnetutils.htmlneutron.htmlnewrole.htmlnfsd.htmlninfod.htmlnmbd.htmlnova.htmlnrpe.htmlnscd.htmlnsd.htmlnsd_crond.htmlnslcd.htmlntop.htmlntpd.htmlnumad.htmlnut_upsd.htmlnut_upsdrvctl.htmlnut_upsmon.htmlnutups_cgi_script.htmlnx_server.htmlnx_server_ssh.htmlobex.htmloddjob.htmloddjob_mkhomedir.htmlopenct.htmlopenhpid.htmlopenshift.htmlopenshift_app.htmlopenshift_cgroup_read.htmlopenshift_cron.htmlopenshift_initrc.htmlopenshift_net_read.htmlopenshift_script.htmlopensm.htmlopenvpn.htmlopenvpn_unconfined_script.htmlopenvswitch.htmlopenwsman.htmloracleasm.htmlosad.htmlpads.htmlpam_console.htmlpam_timestamp.htmlpassenger.htmlpasswd.htmlpcp_pmcd.htmlpcp_pmie.htmlpcp_pmlogger.htmlpcp_pmmgr.htmlpcp_pmproxy.htmlpcp_pmwebd.htmlpcscd.htmlpegasus.htmlpegasus_openlmi_account.htmlpegasus_openlmi_admin.htmlpegasus_openlmi_logicalfile.htmlpegasus_openlmi_services.htmlpegasus_openlmi_storage.htmlpegasus_openlmi_system.htmlpegasus_openlmi_unconfined.htmlpesign.htmlphc2sys.htmlping.htmlpingd.htmlpiranha_fos.htmlpiranha_lvs.htmlpiranha_pulse.htmlpiranha_web.htmlpkcs_slotd.htmlpki_ra.htmlpki_tomcat.htmlpki_tomcat_script.htmlpki_tps.htmlplymouth.htmlplymouthd.htmlpodsleuth.htmlpolicykit.htmlpolicykit_auth.htmlpolicykit_grant.htmlpolicykit_resolve.htmlpolipo.htmlpolipo_session.htmlportmap.htmlportmap_helper.htmlportreserve.htmlpostfix_bounce.htmlpostfix_cleanup.htmlpostfix_local.htmlpostfix_map.htmlpostfix_master.htmlpostfix_pickup.htmlpostfix_pipe.htmlpostfix_postdrop.htmlpostfix_postqueue.htmlpostfix_qmgr.htmlpostfix_showq.htmlpostfix_smtp.htmlpostfix_smtpd.htmlpostfix_virtual.htmlpostgresql.htmlpostgrey.htmlpppd.htmlpptp.htmlprelink.htmlprelink_cron_system.htmlprelude.htmlprelude_audisp.htmlprelude_correlator.htmlprelude_lml.htmlpreupgrade.htmlprewikka_script.htmlprivoxy.htmlprocmail.htmlprosody.htmlpsad.htmlptal.htmlptchown.htmlptp4l.htmlpublicfile.htmlpulseaudio.htmlpuppetagent.htmlpuppetca.htmlpuppetmaster.htmlpwauth.htmlpyicqt.htmlqdiskd.htmlqemu_dm.htmlqmail_clean.htmlqmail_inject.htmlqmail_local.htmlqmail_lspawn.htmlqmail_queue.htmlqmail_remote.htmlqmail_rspawn.htmlqmail_send.htmlqmail_smtpd.htmlqmail_splogger.htmlqmail_start.htmlqmail_tcp_env.htmlqpidd.htmlquota.htmlquota_nld.htmlrabbitmq.htmlracoon.htmlradiusd.htmlradvd.htmlrasdaemon.htmlrdisc.htmlreadahead.htmlrealmd.htmlrealmd_consolehelper.htmlredis.htmlregex_milter.htmlremote_login.htmlrestorecond.htmlrhev_agentd.htmlrhev_agentd_consolehelper.htmlrhgb.htmlrhnsd.htmlrhsmcertd.htmlricci.htmlricci_modcluster.htmlricci_modclusterd.htmlricci_modlog.htmlricci_modrpm.htmlricci_modservice.htmlricci_modstorage.htmlrlogind.htmlrngd.htmlrolekit.htmlroundup.htmlrpcbind.htmlrpcd.htmlrpm.htmlrpm_script.htmlrshd.htmlrssh.htmlrssh_chroot_helper.htmlrsync.htmlrtas_errd.htmlrtkit_daemon.htmlrun_init.htmlrwho.htmlsamba_net.htmlsamba_unconfined_net.htmlsamba_unconfined_script.htmlsambagui.htmlsandbox.htmlsandbox_min.htmlsandbox_min_client.htmlsandbox_net.htmlsandbox_net_client.htmlsandbox_web.htmlsandbox_web_client.htmlsandbox_x.htmlsandbox_x_client.htmlsandbox_xserver.htmlsanlock.htmlsaslauthd.htmlsblim_gatherd.htmlsblim_reposd.htmlsblim_sfcbd.htmlsecadm.htmlsecadm_screen.htmlsecadm_su.htmlsecadm_sudo.htmlsectoolm.htmlselinux_munin_plugin.htmlsemanage.htmlsendmail.htmlsensord.htmlsepgsql_ranged_proc.htmlsepgsql_trusted_proc.htmlservices_munin_plugin.htmlsetfiles.htmlsetfiles_mac.htmlsetkey.htmlsetrans.htmlsetroubleshoot_fixit.htmlsetroubleshootd.htmlsetsebool.htmlsftpd.htmlsge_execd.htmlsge_job.htmlsge_job_ssh.htmlsge_shepherd.htmlshorewall.htmlshowmount.htmlslapd.htmlslpd.htmlsmbcontrol.htmlsmbd.htmlsmbmount.htmlsmokeping.htmlsmokeping_cgi_script.htmlsmoltclient.htmlsmsd.htmlsnapperd.htmlsnmpd.htmlsnort.htmlsosreport.htmlsoundd.htmlspamass_milter.htmlspamc.htmlspamd.htmlspamd_update.htmlspc.htmlspeech-dispatcher.htmlsquid.htmlsquid_cron.htmlsquid_script.htmlsrvsvcd.htmlssh.htmlssh_keygen.htmlssh_keysign.htmlsshd.htmlsshd_keygen.htmlsshd_net.htmlsshd_sandbox.htmlsssd.htmlstaff.htmlstaff_consolehelper.htmlstaff_dbusd.htmlstaff_gkeyringd.htmlstaff_screen.htmlstaff_seunshare.htmlstaff_ssh_agent.htmlstaff_sudo.htmlstaff_wine.htmlstapserver.htmlstunnel.htmlstyle.csssulogin.htmlsvc_multilog.htmlsvc_run.htmlsvc_start.htmlsvirt.htmlsvirt_kvm_net.htmlsvirt_lxc_net.htmlsvirt_qemu_net.htmlsvirt_socket.htmlsvirt_tcg.htmlsvnserve.htmlswat.htmlswift.htmlsysadm.htmlsysadm_dbusd.htmlsysadm_passwd.htmlsysadm_screen.htmlsysadm_seunshare.htmlsysadm_ssh_agent.htmlsysadm_su.htmlsysadm_sudo.htmlsyslogd.htmlsysstat.htmlsystem_cronjob.htmlsystem_dbusd.htmlsystem_mail.htmlsystem_munin_plugin.htmlsystemd_coredump.htmlsystemd_hostnamed.htmlsystemd_localed.htmlsystemd_logger.htmlsystemd_logind.htmlsystemd_networkd.htmlsystemd_notify.htmlsystemd_passwd_agent.htmlsystemd_sysctl.htmlsystemd_timedated.htmlsystemd_tmpfiles.htmltcpd.htmltcsd.htmltelepathy_gabble.htmltelepathy_idle.htmltelepathy_logger.htmltelepathy_mission_control.htmltelepathy_msn.htmltelepathy_salut.htmltelepathy_sofiasip.htmltelepathy_stream_engine.htmltelepathy_sunshine.htmltelnetd.htmltftpd.htmltgtd.htmlthin.htmlthin_aeolus_configserver.htmlthumb.htmltimemaster.htmltmpreaper.htmltomcat.htmltor.htmltraceroute.htmltuned.htmltvtime.htmludev.htmlulogd.htmluml.htmluml_switch.htmlunconfined.htmlunconfined_cronjob.htmlunconfined_dbusd.htmlunconfined_mount.htmlunconfined_munin_plugin.htmlunconfined_sendmail.htmlunconfined_service.htmlupdate_modules.htmlupdfstab.htmlupdpwd.htmlusbmodules.htmlusbmuxd.htmluser.htmluser_dbusd.htmluser_gkeyringd.htmluser_mail.htmluser_screen.htmluser_seunshare.htmluser_ssh_agent.htmluser_wine.htmluseradd.htmlusernetctl.htmlutempter.htmluucpd.htmluuidd.htmluux.htmlvarnishd.htmlvarnishlog.htmlvdagent.htmlvhostmd.htmlvirsh.htmlvirsh_ssh.htmlvirt_bridgehelper.htmlvirt_qemu_ga.htmlvirt_qemu_ga_unconfined.htmlvirt_qmf.htmlvirtd.htmlvirtd_lxc.htmlvlock.htmlvmtools.htmlvmtools_helper.htmlvmware.htmlvmware_host.htmlvnstat.htmlvnstatd.htmlvpnc.htmlw3c_validator_script.htmlwatchdog.htmlwatchdog_unconfined.htmlwdmd.htmlwebadm.htmlwebalizer.htmlwebalizer_script.htmlwinbind.htmlwinbind_helper.htmlwine.htmlwireshark.htmlwpa_cli.htmlxauth.htmlxdm.htmlxdm_unconfined.htmlxenconsoled.htmlxend.htmlxenstored.htmlxguest.htmlxguest_dbusd.htmlxguest_gkeyringd.htmlxserver.htmlypbind.htmlyppasswdd.htmlypserv.htmlypxfr.htmlzabbix.htmlzabbix_agent.htmlzabbix_script.htmlzarafa_deliver.htmlzarafa_gateway.htmlzarafa_ical.htmlzarafa_indexer.htmlzarafa_monitor.htmlzarafa_server.htmlzarafa_spooler.htmlzebra.htmlzoneminder.htmlzoneminder_script.htmlzos_remote.htmlincludeMakefileadminadmin.xmlbootloader.ifconsoletype.ifdmesg.ifnetutils.ifsu.ifsudo.ifusermanage.ifappsapps.xmlseunshare.ifbuild.confcontribcontrib.xmlabrt.ifaccountsd.ifacct.ifada.ifafs.ifaiccu.ifaide.ifaisexec.ifajaxterm.ifalsa.ifamanda.ifamavis.ifamtu.ifanaconda.ifantivirus.ifapache.ifapcupsd.ifapm.ifapt.ifarpwatch.ifasterisk.ifauthbind.ifauthconfig.ifautomount.ifavahi.ifawstats.ifbackup.ifbacula.ifbcfg2.ifbind.ifbird.ifbitlbee.ifblueman.ifbluetooth.ifboinc.ifbrctl.ifbrltty.ifbugzilla.ifbumblebee.ifcachefilesd.ifcalamaris.ifcallweaver.ifcanna.ifccs.ifcdrecord.ifcertmaster.ifcertmonger.ifcertwatch.ifcfengine.ifcgdcbxd.ifcgroup.ifchrome.ifchronyd.ifcinder.ifcipe.ifclamav.ifclockspeed.ifclogd.ifcloudform.ifcmirrord.ifcobbler.ifcockpit.ifcollectd.ifcolord.ifcomsat.ifcondor.ifconman.ifconsolekit.ifcorosync.ifcouchdb.ifcourier.ifcpucontrol.ifcpufreqselector.ifcpuplug.ifcron.ifctdb.ifcups.ifcvs.ifcyphesis.ifcyrus.ifdaemontools.ifdante.ifdbadm.ifdbskk.ifdbus.ifdcc.ifddclient.ifddcprobe.ifdenyhosts.ifdevicekit.ifdhcp.ifdictd.ifdirmngr.ifdirsrv-admin.ifdirsrv.ifdistcc.ifdjbdns.ifdkim.ifdmidecode.ifdnsmasq.ifdnssec.ifdnssectrigger.ifdocker.ifdovecot.ifdpkg.ifdrbd.ifdspam.ifentropyd.ifetcd.ifevolution.ifexim.iffail2ban.iffcoe.iffetchmail.iffinger.iffirewalld.iffirewallgui.iffirstboot.iffprintd.iffreeipmi.iffreqset.ifftp.ifgames.ifgatekeeper.ifgdomap.ifgear.ifgeoclue.ifgift.ifgit.ifgitosis.ifglance.ifglusterd.ifgnome.ifgnomeclock.ifgpg.ifgpm.ifgpsd.ifgssproxy.ifguest.ifhadoop.ifhal.ifhddtemp.ifhostapd.ifhowl.ifhypervkvp.ifi18n_input.ificecast.ififplugd.ifimaze.ifinetd.ifinn.ifiodine.ifiotop.ifipa.ifirc.ifircd.ifirqbalance.ifiscsi.ifisns.ifjabber.ifjava.ifjetty.ifjockey.ifjournalctl.ifkde.ifkdump.ifkdumpgui.ifkeepalived.ifkerberos.ifkerneloops.ifkeyboardd.ifkeystone.ifkismet.ifkmscon.ifksmtuned.ifktalk.ifkubernetes.ifkudzu.ifl2tp.ifldap.iflightsquid.iflikewise.iflinuxptp.iflircd.iflivecd.iflldpad.ifloadkeys.iflockdev.iflogrotate.iflogwatch.iflpd.iflsm.ifmailman.ifmailscanner.ifman2html.ifmandb.ifmcelog.ifmcollective.ifmediawiki.ifmemcached.ifmilter.ifminidlna.ifminissdpd.ifmip6d.ifmirrormanager.ifmock.ifmodemmanager.ifmojomojo.ifmon_statd.ifmongodb.ifmono.ifmonop.ifmotion.ifmozilla.ifmpd.ifmplayer.ifmrtg.ifmta.ifmunin.ifmysql.ifmythtv.ifnaemon.ifnagios.ifnamespace.ifncftool.ifnessus.ifnetworkmanager.ifninfod.ifnis.ifnova.ifnscd.ifnsd.ifnslcd.ifnsplugin.ifntop.ifntp.ifnumad.ifnut.ifnx.ifoav.ifobex.ifoddjob.ifoident.ifopenca.ifopenct.ifopenhpi.ifopenhpid.ifopenshift-origin.ifopenshift.ifopensm.ifopenvpn.ifopenvswitch.ifopenwsman.iforacleasm.ifosad.ifpacemaker.ifpads.ifpassenger.ifpcmcia.ifpcp.ifpcscd.ifpegasus.ifperdition.ifpesign.ifpingd.ifpiranha.ifpkcs.ifpki.ifplymouthd.ifpodsleuth.ifpolicykit.ifpolipo.ifportage.ifportmap.ifportreserve.ifportslave.ifpostfix.ifpostfixpolicyd.ifpostgrey.ifppp.ifprelink.ifprelude.ifprivoxy.ifprocmail.ifprosody.ifpsad.ifptchown.ifpublicfile.ifpulseaudio.ifpuppet.ifpwauth.ifpxe.ifpyzor.ifqemu.ifqmail.ifqpid.ifquantum.ifquota.ifrabbitmq.ifradius.ifradvd.ifraid.ifrasdaemon.ifrazor.ifrdisc.ifreadahead.ifrealmd.ifredis.ifremotelogin.ifresmgr.ifrgmanager.ifrhcs.ifrhev.ifrhgb.ifrhnsd.ifrhsmcertd.ifricci.ifrkhunter.ifrlogin.ifrngd.ifrolekit.ifroundup.ifrpc.ifrpcbind.ifrpm.ifrshd.ifrssh.ifrsync.ifrtas.ifrtkit.ifrwho.ifsamba.ifsambagui.ifsamhain.ifsandbox.ifsandboxX.ifsanlock.ifsasl.ifsblim.ifscreen.ifsectoolm.ifsendmail.ifsensord.ifsetroubleshoot.ifsge.ifshorewall.ifshutdown.ifslocate.ifslpd.ifslrnpull.ifsmartmon.ifsmokeping.ifsmoltclient.ifsmsd.ifsmstools.ifsnapper.ifsnmp.ifsnort.ifsosreport.ifsoundserver.ifspamassassin.ifspeech-dispatcher.ifspeedtouch.ifsquid.ifsssd.ifstapserver.ifstunnel.ifsvnserve.ifswift.ifswift_alias.ifsxid.ifsysstat.iftcpd.iftcsd.iftelepathy.iftelnet.iftftp.iftgtd.ifthin.ifthumb.ifthunderbird.iftimidity.iftmpreaper.iftomcat.iftor.iftransproxy.iftripwire.iftuned.iftvtime.iftzdata.ifucspitcp.ifulogd.ifuml.ifupdfstab.ifuptime.ifusbmodules.ifusbmuxd.ifuserhelper.ifusernetctl.ifuucp.ifuuidd.ifuwimap.ifvarnishd.ifvbetool.ifvdagent.ifvhostmd.ifvirt.ifvlock.ifvmtools.ifvmware.ifvnstatd.ifvpn.ifw3c.ifwatchdog.ifwdmd.ifwebadm.ifwebalizer.ifwine.ifwireshark.ifwm.ifxen.ifxfs.ifxguest.ifxprint.ifxscreensaver.ifyam.ifzabbix.ifzarafa.ifzebra.ifzoneminder.ifzosremote.ifglobal_booleans.xmlglobal_tunables.xmlkernelkernel.xmlcorecommands.ifcorenetwork.ifdevices.ifdomain.iffiles.iffilesystem.ifkernel.ifmcs.ifmls.ifselinux.ifstorage.ifterminal.ifubac.ifunlabelednet.ifrolesroles.xmlauditadm.iflogadm.ifsecadm.ifstaff.ifsysadm.ifsysadm_secadm.ifunconfineduser.ifunprivuser.ifservicesservices.xmlpostgresql.ifssh.ifxserver.ifsupportall_perms.sptdivert.m4file_patterns.sptipc_patterns.sptloadable_module.sptmisc_macros.sptmisc_patterns.sptmls_mcs_macros.sptobj_perm_sets.sptpolicy.dtdsegenxml.pysegenxml.pycsegenxml.pyoundivert.m4systemsystem.xmlapplication.ifauthlogin.ifclock.iffstools.ifgetty.ifhostname.ifhotplug.ifinit.ifipsec.ifiptables.iflibraries.iflocallogin.iflogging.iflvm.ifmiscfiles.ifmodutils.ifmount.ifnetlabel.ifselinuxutil.ifsetrans.ifsysnetwork.ifsystemd.ifudev.ifunconfined.ifuserdomain.ifpolicy.dtdpolicy.xml/usr/share/man/man8//usr/share/man/ru/man8//usr/share/selinux//usr/share/selinux/devel//usr/share/selinux/devel/html//usr/share/selinux/devel/include//usr/share/selinux/devel/include/admin//usr/share/selinux/devel/include/apps//usr/share/selinux/devel/include/contrib//usr/share/selinux/devel/include/kernel//usr/share/selinux/devel/include/roles//usr/share/selinux/devel/include/services//usr/share/selinux/devel/include/support//usr/share/selinux/devel/include/system/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -march=armv7-a -mfpu=neon -mfloat-abi=harddrpmxz2noarch-redhat-linux-gnueabi         troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with no line terminators (gzip compressed data, max compression, from Unix)C source, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)directoryASCII textSE Linux policy interface sourceSE Linux policy module sourceHTML document, ASCII textmakefile script, ASCII textC source, ASCII textASCII text, with very long linesASCII text, with no line terminatorsPython script, ASCII text executablepython 2.7 byte-compiledXML document text?`7zXZ !#,(0]"k%%khuB H#Hd᭯}WR?&#&eۖ?0W}BiOD\8kg&HlJC)#X>QgO>P>tl}wF&jp&T4_ |gNypQE.u+ݯ=:7þ+IH( eGZnˏrl¦F^-t@Mbtpm_V&J+ 81nET|ccF7oEdfs_m"ZH? w 9 O]Xuу'K 9cyu:1x֘Qm`뭘0Tn>HɻF[Tf%s.nql,q[notbRACbp2Vi n cs/W p]3sLZh]nDP=O\KۘHǔkiU۔+#Gi$MFlbѼu{!X6=$821A4&X>y7JeW2h OI\B>hJaM[XP(MSѠ,KK'.j{HܔQ,lR>!$?74 pRݱK-Oc@bZ%'#wAG޹{L*!/7wI3616,K42(6, $R;UW O\J! \BpR`cr~̍v1:}eq^ O?lm1i$M knr1"AHV"^IO&H/s&wj҈6i9ĵX\UcJ1XO%/K,U+rdh5jF3 叵JA~3!#1%eZ她`j݂@i(L*)wKdw^xVf&HOwJ}_c4榑Co:feAh.JO׃(|(ZlA6,/i.eXGNof7jOCk]·!] lͳdbLQLTm.U&BһNy1Hb9[V/xCù9 SdDž&S%Ij-κ/ȶ>)m;XĢ/b*.M{dHlu'ZT0oetrsL7.nM@W~v})S( $VEĽKQ܍ׇ= ̰xܢKsP^3\/eMM~3&t@xRZqG þ qe2fcbԣr1M搳is{zOQ1u%iFO}![y24wӘUjXZ/9NzuDZḛbyr# yEɂ_;]ffjE <.Sm"Y.uo+p4:}ފdrֿPNR}Nfbx[I&Y72zx]=H]Yo<ϘF",>p ȍ^Pxlk IKs~]G?J"n@G ^ pЂԀ5+,hdS2+j; Iae @\'ӳ|_}^$%KzJJ\Cڴ i'g.ls{&xW"(vUc0ڗI.>ߑكv0  TyjD/\W ;;]~KWo\Ƣ!L:K%~Xd=KISo ^an4q#>le>[{m9m{kC>+B/%|hMMgW~Ndښ=?\$d (U3Y0<_y,B#OUpOL[@-<Т@oq\j9ݔ{v&}P\G+3A uNy+d:R7",vMSxp#-xnw3)T>\ydyIFfИ]_y蚮/X,HoLD(V9qU!&c*#M_eH yի٩,a:$l!Ќ7~e" 9?\P k]SDqUg̋Ɠqi#ߢH3D Cym@A8sjk^Q&T6lM?WRkd!$T&*\"~`}kaa Za?BL֨gKԍOJ*#N ukwmQE,*T(M{7ܳ󃱿pb/ͅ%?Rn O.QJ\q(Gv2q jbQ Bfm3X1Aka=Ow6nVƂֶ΂/ 0Y--^C6x/|1^ދg*\ㄩ+D3L>ȉJ` 3.S;@dXq6q0{Lӻv r%q_RǬ9G /9> < y*kQ],q$qGtqH0X FvxŽ/),[u~ ^#Xr@(aW=i//~3̝N :N*H|&de"XWx vdؙHO!Ny :1a]Hpw4j2?IFQKVƼ_,2~#Zl1lΙ)mTaҠ=5VԜHs?Kq\)-&>qug5<{:Pϝc{(2khmM48NO ,s(B}E [SS!Wm! 9ANxRfBzq\^KnMZQ*K̹D-rRWz )9nd;WA8S`aśkQ8ƖH5O)H//}G^6_+fGoE|]emWvj+=;>6&BYn3#m~j`_MG](l⒋I<`|)Zi+'~Q)Q};] ,,)˗Y(=B4bJE3%l<Ё玅f lWƸH1 O3GE*{'[E/ 0=J?&73TVge% ćO}ݗ 7e~DפN; }'*?&!rAp6 Ũ'N&eo;vD6fvw^1T|Cr&n;+(5'Zy(=5 dz塠K6$te,ᅒQb'/`#~?Cv;n] m[SG*c"GAH DS4L1x^ QLvr ] DŽJiX l $4fW0Ch1|1Tdl.[Rm=׺v*%syC7쑫#РvDoڒ:4FBX\L(qWƪUL!s*'2- :G+ۛd `Tn< %Ԥɧd}RE0'+( TE_m7ˎ}BOj":D"XִmSvc2{tBR)@U,+MuX|4)P*m"g}&dRiNBUZoH>ʶtYw`t61u~e8]Ko7\%oݽg3GE(Zs3AWtBjW ɯ,n ~ddi/140 yd*j`vig#?\r8 ~a{|Mjnj&'rō,:,y3.!^}F"Ooߕhjs.m xlMERR0+"F1ka3[:eRs [Mz&2Yv6TňzlC=jضHN|ilPƠ/8ܢ#vC;GS2z2މɾiXE آßE{:#/1gҮKU* ^4m ;[ '3VSmNxI/3'YGb(XƋ0 > _?oAOhyjJs DC/B,rMÔ!0 hS1e:{'1Mς2w!Q=duۧ{LFwjTT'QvW>$U1~k;#)NAʠg??AE9&q$K6+Wq^k~$ -g)f&Ap3);6=Al$Ê1OwQ MsNؕ=% ##qKrLIX^PX (Dz(;\ *[&!01XR#$ɣ;%+Ō>k>rxݬ7:џw Y`( ?;iHxx ,RRi۞1*|(os*#upYM[w = 6ԛP-0&(%m0n߇ۣ1ciON ?EY\"‡q>f#g19ZE<-}TRM&zt3kچ'*sq/NW]J SL[bC Tϙo?&Or(؟-f|K̈/~! 28 ݲLk=q|Ihc?#6ItyR0ޙZ!HÎΪ"o&ydf Zj-Xn7 NITE,qQ"S7ȱEwJټ;rnDyPZ~0ESȝsD.V1&gWIFໍߥ0w0;9M8[e Qtp4_AgZUQB<>˦Ξ4ݰo?: c8m cDcijdޚgBkLl16)I Ŧ?4bΥk H'Zϐsׂ,b<%NP,J"b"Za ^~^G˯0<6?T+Mq9琿vM jI uRN||DJ.lֿ[3b*A+#ή jƁX3s!`lVIqH-YÈXY_ؘoP4H퇥3ds/Be|G@)HqPܮ[N`k1B'R5c%w\e:ŕ]C<\NwF!Fjb qth&tim"zh\>'K,?I/`ݡ#`y~o&/ ڽknEJ?>=zbD]i;ջs4 ɉ+6UVzS7y Ҫ'A{'].O|1qDi"|08L137k߯x"ȁ3k Y)ޘ#F|bB/$K?<_:dxR֎_PIs$s+.:€,G.u. R=Ū Y+D\uT*Bs00ebL98w0<6aCw|p`.gP掗V Öb%zȘ{v: }O]B(yC E7MZW(K<X55Y_c?diyI2\1I_ YG5dm* ѶL|2: ְoyK~OO7D͏k"?e zy8u4RN*txdFjL옏 B(d2W ngxg;d~`JO$.q@z}e 4 6ݳa֌u;?C)z24=*,̿V} ,3u,ʮ40yJQ";Nd4vX15WvgW %jEuߔ7OTt=km¥ O"eU~"h88e+eD:":]ˏ\]A:]L-ާm= 4:<4F~eҺ/ʼn8C?RWvOr !0Qe9bYpۯ*$h ݵf}EXxBFFNj NR1;))^EUvwj6Vm_?GZԞ =^I"-x`=6pt7kc>ь9ZQ2gv'x_ 0^=KEÞ|DKmy Uv;q*iM\sK,wY`G7~wF#U @J:Vޡ`%UȩF="X$4I:׃ui]Z)K!Tľdv8$6ZݹUHڇrV ح!Z˯&"qw:DcK'zlH> \CX7Llo{yCare뀾6 תr=46Ki0K?Gh 1.W4ԶotTL/ Y  g3{Ĩ䆫4Dl| ~*xm'#R9| bp6紡%b|ێx"%wyS }^I.{7C :@x=W F (d(-|NKh+1ϸv`DaM o3I{<*/ _.%)0d`E>FD@8%lbg{W)fd!`,& k»)-{sJ(!Vz TkFn֗+KydxAo/WURݥ׊)F@d\PFϵ]6ٮF슨 Ed{ԭ>ӣh P/6v!"E?[&]uKdYnAmn.2 2*EQ1p(X_lVpoev뒇1To t <9dV><$Gpy!v!V*Ϳ<9Wa+]qbDR~LKws+;aa ~$: s; 4*/:oo#2L}*eYj5HZl*'(+ ΅ =’bx*?@`=!pfQ'TEꎛShhΣKײ{2`A*+cdRtpƥ4?n/Zl*gP?_-wCƢtaWIJmkSph'ؼƨcl%脎2c^쏍C{\g\dVdX!(R@' Pȭ6g).TxW0i]Dי"%{Exk3 }czR0i|>< DQzc2c;YQ\T1H WY!KJRqփgڋYaϰ5#0#'aNU⫤vh;!GOvFyrɿp~5jw?NwL-fC kD1EFFUC j!(APLlxhbbG_Ҋ5Y v_p"?k5э( ^}_ۊ~ц Af9B`'`^I ˪0ۆm? d,47p\f{@07e I뒍3\[C;\\XFj(pQGXV'(JݷsE0JSJJݱWFy B`ךCAnm,n? q!,||>9^E_DF8&Y9G-X>Kx"r"Hli!9^,"8=kcoP\UŁ ^s Z2äK[4P덀ѵoڛ)C5*5_'xԝHr!2:(Y;Cx9S~•-H̯ Up MDw_{ޑY>ОE1|u'P2T.3Hn*˝뿵.fTѫݜ3f~Kh8E2.+$qvUb֬,TIѥUD)Z~] }T!,\[S4%^,35/~~~hC$,]ayRrZIE*PE. &-HEA1Qυw7y!89NW5GKώ*1x_->e%byte Mj6Nq ˭6yw UBXɀ%a(T@tH}1J̳x)=F 9A>*@Kdx?C8u mxWpæ E' [xle?nxwFm kJm ml#7گR$Fp@(`cɱrins\L=a&"&bWZȠzZe3 "p;גO^_Ĕ~04uldOc`pmH{n=|^fE l4iV2;o1gK@lc}x>*i&7tWKeQ7.6\\O4mܺ|<^UDnpEW-tucgi = siʯ\+$ s QgOhòCVˈ ٷ&K*;{47{?'oZ cSV)R<}fr۽o>18ArCv@my%z4cjSFx`a.c?J|1]y\80:#m+Ff2s`"2I6e=C&R'dGJ!x#<##. ,oe3kƲM*4Vva8:3XBI4~e<) V%zls` :-豈P'?X1Gmd;FpFM>է}[F): VD`3J 'Vd|!z\or>I=}YeFn~38LXJpnΓyŜmG^Y‚J_;erB5K;)z*Ҭv!/gێ) |J)lYܓܸcYadSwII9= :1.%jIQP\vQ9W몌Fݛ|A)N Lʛ;%ķCX)^ {C?~6$M p*rH$RZW2Ӏ-kv̩S5۟ +'E+sB(l72m@OzELXM'=E*vR5%\l$.6+9ґk].݈ձo\^$ᮎl&E=`h5<5Q0s8vx g9*kukB[@KGZaK?"~GE>@õm'ߧgTo͌YO4P[$fJAF; giT2Lx/5 ?<3td\)|HQ;)׀ߘV1cjrROvl"-oQ{2"+} " v^Q>/>~@xh(ի"^6/vyBWXbrܸeH5u6&<~Q[5>'/84w$9R牤`rJ-ϰ?@;21[3m;/Lvssr"ȇkXA`FHHO?۝ѽtgD 9ްT6tke6LX W`h2TB☐>yB[%NG3mCd+w:3O2;砸p!0n:j*. f/ '3ǒīZIP4 ICW=lݚ?!8y U +il[xgK3aTmU[fx3|aRY~/A=>L=~\񜙘aPH\P.R@2EA55 =d`mFWA* ]?l8ʻG!-Tj{ W'Z8Iɭ&.ηCD7Gbzkuiɑ;5tޚ t|//O(#bW[5-Ϙdf;8yEp; %)`ps|Ld}no<_~rw%+  0_8Zew`kӥ 9}!q5!| E'/*.dB `NWZ%EbQj52t@.6nxA $$6-VL0 ڛP]MYgaXǍF^ y|DCN6맄xrȐ|Q m[Os<O&XٟGZqKJr#NqzVbٙ1YJ1 .^% B,1ӝSMFIL+vPn 44$i=R(I9k/* q(a˫{8 H]YuFUq#=q@0ɕZ3(v,2D{}]B4w[9>31*qWVBC'I D<#iQ'6*NzMWG5'?˴MøJGF-]uIm8w#yݵNHWa.jj6(i^sWiuYd yGj5ೞP<84M!#̪g- :EGkPńn]ӷ -G>.p^c(~BLJK&Ka8-4;"Q̹KC\]6G-WwA♝2ష,¹1OOe? Ab̓)b#JG@VCXTia? FY$'W'M.)6lp\?iBAk 1R}(ZJ>{q-P#1o7F=`w43}M1*^FDrvY32g8r;y߆U[ W !@-S>BښM6J^(p9kE,q;(XpC-' bnh2lO䉭٬"} n#nP6w>*t[6;^;36AD1JtHf ٫nCk 'h+u ONY>}^1Pɀp9BBT*Y`tSt!ǯ34er7uĬ=q Xo/s"S!&)%{k*Qg)H0=RlXR&D+ L+{ƷUMo]aܴjÚ}[h- !1"/{7P,_:5Z7NQVBR%2PiGɸ)YCzsfns%ZSr/Ai5v-D}j_($ET43`{ lhm%W _K\{D/tUE`" BrW!(jƼNO5/Aвv _e98@f]=9 v qo^. H)3МwL"ji rEQ0a0c]XdM3R>QztCI@L3Τ4є'OJ1e%/L%RDt3S~t+T8oL ; >E F"Ũ`g,S _a1DUjWȯE$Ws"DY!C򜽯ed$R-0v^ČtDu2K9 xfdUhl+lX@%?jLw^@eBGô!@bY^"bA6Pxq4FǎF0K] #+SAmm2'HvG{lGWHbNr Wj`ٓH蔠g-6Xjr6F~ ;UWLt`V9h{ù]E8ZZO "֌CHdƟ/1Houpݑ<;ctv2EG2%̂ >>;8?kvu zZ=A~liAdp|Q;OӛuI oUURgUBV%7$+j=I0WM bz}iRƈ ;U{)RJ }㚢5(^V4ZYŮIX5c|FMCY\*ZѢd w P9NDvK( %__\# +Tf_oƯT3| YvZ5 k¡69=+Js䔰i@ aӤMΉL)'{Qy 3$n4mЃZEe77ΰXz}A’#^11$9r =zXSED96.Fסp7LRPHB1ՌFk7Vr˨Y(9)A٩w'As0`VʺXS*=`=>,ZIhαThס 7ڋ5$hd2߂9\Be ޞ(rs|į|!٢ }b;$^@ gxA`m =ޅ<ͼL>wS|M:76"QitG0iK{~,Fz;`y\k0nȻzkݍԫ 'Φ@ DեkkS;v~y-!/ފvoM SU~CG=ȐPpE@˜ ZSF;_Bn{C\jB: 2qH!꯼_9.Ml^-Un^oEԹd4@on$ I+aH\r֔W$MW/dj(9qUcaXKk^gt3@TX]\a 0̌O< Oط$=UL|ɕ"Y&Ix iL7%S{׈9&d_ \u6 8p\:d77k.Jz˯mpG ۟X3ń teBEG q :xg{ƏBW9A>UWN iC!CG ;V(ʼ, >jWCP2ch& f3_7Mu@ *d ѝclǩ;= & kb ѿo}_$&I]9="Q=)W5焕;bVAqp \nsRz5 悉װ6q):H WrKNp2mw n&KL[/w>pKպǹƄ2 n)mv(v 2 )Zi=䳶'z m$HdxHRx'}T!{Y uoV^6YDfGULUAQ =%CMů:>jU@0TȔeZ/.k]'xW*us.|oU@L Wz@D4Hk"1Tczͺ鎓?Qϕi*#/UO/ hM0Tdǜd,|=h<7DU%XZ9@Ukq3Zossqxr&/9v[-) $+ o$iR' ͝zDMQLfl V!8)6wIh~@ -Vme (/u jZfY̾FU1ЀGӥuuьࡽ?nt /GM[d%3g UhbtF EyF BzHT%#I;Be!P3sg$ fGP}l4ލ|cMdV+ʅeŲKR_8"9ݳftx GqkpN B>1QlSI 3"ᱲmQc\.'X hs281LhW4~my8p=L8‡ƙ*؊DÎ&!CtFxK3[*bvCc$)nXI G-BE 1 :J$U*lLL)]\BdεcQo.!uGw])?l5r> #,W~ԠAdU-w"n)  ygO'/g|t{X=DƧ[mtrmbϣt]W]_H7LvܵJ<4ch4j Q8}G `lQzLRA*Us6$-lΠJe`\ϥgf4xt3{L,»2Xb|6-&/6k֐n`|2`zPˣ~;f jc|dV_#՚ yCn|qU<βRR".yz(% EP؅]һaԻ>u?IEGʕ0ήOd ,ReΑ,Hbٓc9hNq6Jbg2ḌW+j &Y!!ajjůXK_x/ziy $bN[ fķYQ A'mF[H)ET^Uj{TQ\ڥwd?GFc}*_p۬uE7z,ϒսj٫opAQCS7ux=:{ₛN0tu-cMVؤGoT:)a6ENOϞWVt_~*mL`q4%} ߖT\ 8rZTZ aEyNh:Z}?S-1JۡRWh<ߙz].c'/F(ۍ@zl8"LvI 2eN ޵: y7XF;le1a[.0KX؀ЅMXV>Xt uME%Q¨\w-wNرS= NO'li+oF(xi?~e.|#۲8Y1+e/6kNEg|:kC,72lZ t+KamY9:N0̾4DI{MG.qP4$bQB%}="&%L "񏦙tl-4LEwܮ9~1p֢@7^0Da/^ 婜JZ[4Sntޯ :>Ocah![qkʴ2URI2`˺dʢQ}~bwyiruVܛ ~&U؞D_9 vsAUxކxwۮ!mԁ:6U%"ISNt]U]*zAP9<ed|}vڟ#wOrk6} ~bٕӆ/QF44Ept8 pj1-տF=!w:=o`J)*[yQHyK{ -ai4`BHKwgJ`yL?ck|uR̋?ZȖ4*`:Pc; w%lh?T.|7B? mnU~C.]2r]u%3G+_՗p؄}oD \1 ( C7eSy`}CиL Y>Bc.~;{㹏"Y@BԦR-nɈ[ Ubug佡A߄{6n{3 HM-A#2.ˑ.q0b=tÝh Efr+#Bn yӘfJ92/sj^ߘJ~P|M4 <ۇ,mYcf?Z pt 4w\Ff!"1VF]]Fc7K/W6gF򓻧~sɒ{%U~i/9PCx4)#?Poe/K%h,; f89L֎xm R P xF%VLl@&s Ցv[6^<}ލ|x51dUj\Z'ֱFCmf9 ini;Z/rY^f3 jx"|4u\$#Z%@-:o~nWĹC\}|69X$>KM}tńRgqr@*W:HAbjAV-A2eIoK1!XG@ֳqcd:o''e+8Oa#<iyfȱ0ohZJp,؂KGLus̊YmNu.ڭ8H ! ᆭP;ƺFO/0]+l,z]hB|AQe z[;"NKaAo$TQUFmĶH?2* !:z l'}28ɲwXEÒ"PXk3%n<ì_ZVnbu=u@᫤,Eʯn~YD 95TCψ"NW#/'h ZSq22qsr:[A5wή\$ tpl8X<[5; v 7w8NFj,Q ^P3} !Wv*-&ȳ!E^mLE2xn2X9[ ?~d-b*6EE!`;#|`6r1k AZIRpe j /"w v. L ?4Qi{hd a,dUc-@X?On?[mcRGh2 Bſ /5^ݠ5!OU, Qf.fkި/\w{[u!St)E҉:[*`k\>d 1!q:;e~{FPAٚNL;&콧GKb#P0W|Ǜkg{s% e;5#&Ehf Oj L\=ˌ%S|PU`Xp׼U ͉֮Vhs1`fq6VjHԭ{[b>MdXRG&*_wH<4h' s`Ig iz/pN-缠@2"0G78ɨ0?]H=o*uվ&5zZM9$b#`t$E@pxNgziTґ>_fi-G少8]TZs*LO3S:`">_GXIu/%9, c@fVjlMF Օ:Qoy dc{e݂$x5ħ@|y*tb L y÷6Vz50at7P/*(LH0k\?q\&pXSi,(lj _: wk&Q^ %F+Beh,(`Ez < b;^!k fCnctՒ6 |hajE>bjv b[=cCJWɕk/Z:)i1l+t+?ˁ}eѿl3I7󔸘Ƀ~+ĢXeMCH$z;jWARDO1#ɜatkEߚ,|`ͱNLxǕ$}tXAXgFgfM8,`P#K\G=\ uOFaI.WˆȜ$evURXIO 5XjpE*EFO*9-y1\6|BJUyl*yꓔΤEc`xV`'pmA )6Q [’aCȴ0鼳 DHo-hxFI<0̍i'.R)vv+[uRQ#LjE:C Mkd!g6&r%CVw!.nnÒXvr D; רan@9!]pm $h_hyqw ,|(*섻\2wN؛#{퓻T@$vGx^iYM#(pG%jGv]•4*k5CE #.OS`a2ox0Nc*WEՈ$ qYvD$6х*VTiC(񤹅QQ(Lt;%tFDPS|r}P:qm4~Y ^\#)p< Q:$N+mQ^;nȉFvz|jscujǂy\Q]pdoh_ adu0j٧,"Kç*@܃MȎ(t!M&rrw䣮Ϡȱ[܂>,'`eGOEw u @j^q^!?SFtrJW)'t"% C*%w*HB2|46"VٵU(1Ŕ^X69xKn.PL Qv; ࠈ),7:(W9"ֹvICoIEfn!Ƭ(Hq$ %=N2@4DV n aZ2]tONu. ~ )/ک!/JDcIIk:|cφw9'RYqRKեr1~{!;aހq,Ut;ޟ]#!djfmm&^Db44G~b:.m9߹`Dc}{(%^\S.6paWH9|8 h[jq[z[sX 7)y4)'_5QZ[+Sq j{CT[q} s^t)RxT!2b ?0M^:aI|)Sk=W1ZK6\A8?8LnM@T:t߽sB92884d_)`SI:JASs#N{,tȢk)V3h [\&lpysg 6.R'wbbv#GaO Q+ӎjJ8U֑,G%fu}n@k.ܵDE4Nŝ#9J}Y*Noʬ.b:Kjx$[jBWc?A[uc[caG<츝āNm-rɠ'O7~ N"?=>ԙiTXA@NJWw MONuo6FRQ$uR}8GT~Z9owrMDIqu펺!I+f^d{yc 8g&!0Qӟj `2u$aQl/U.eP`N1pt\cMΔ4eAQ{+"^E0 u{v G3t8+#0Ec#լc\D}nb=: =<' 5^j1߅uq0=뛍[pQo}2/QΞ@nC޴K%K_TAh}&(('E=8MjpS?8o1K'|ll/O!={Z#?=@G!W ǏrATjZ6g|ݲz8oz35/|] V !)ܬE<`{w>s&"]60fRbVb|iBSuQd|m%w?(߯kg;j3P3+"weGFq`2X4 \@Y NAi߻.SweU+q֡f/>bҽH4U`KXI|| ~DeG3K5ئ0ǸxwWXcGr9,*HZ2KٺT z@Nʸқ[@ޢgܴ>/Y!"<$P*E'QJl.SR0}OH B; 1}ONGqPyF4(Wڋge-[P.h`w*kA ݿ)wV@+?r9-9 f;i&1yw ƺ$*اb_F^8hra $;hyn[LΞ/A *ҼĦTpxlS}<|I֫JT*OJk޸݊BU)AS?=(Q`-<*.jWUgpC&4lyRO)sw9v"?DCO|bƮW95p ƍihE q q^&BՐ \S\5 +,0:3W!,|z/9YQT׎k=&dN}*EFmu/^[KI!KgKe*נT4Z3Fp"#m7h5p Ah&PLӻ?Z[Ϊoc:@~Kl޳TsʹJ@Y]eWe~`.B2IߵۘSfsFuNqK)O$x_O#!.]pþvΥ8O29SE gaA9!eNWvx`JM(]x !A@͛f j1~fk58WA G̓^{prc Kb 6?oS^N*wq|U{ ~"u+Q^.-1_ʈ xAନdLS\ $< =ImOJFsL6nÆ?Ȗ2^u*xd[;>$-X#pTT<-H dmJ؀hX#6dq7;tSzCVY\ FkM#pMƴ2QҟVr4?3ᩌ"X5 i?6;L "w٬#^9 ~N/YxD9ec-?mcK V-SȾ1 *uϷZ)q6fmz;Y|`nr 1%S}EL\}UTh[Fyv|%L*2R-| uvFW|+u*bA|aCK 0Cz⥳"Z\Z8mיrL~R*: =DY9 O 1LMd{0j׆0tl:Vq'H=j;~D;׸Bjk^"0Ae&5TFޡq!+B+UVf2Vύd͗6 Vwlޜ1F@Y= zdWMd >FsH̊J֌؛ӯhPqKLÊ2nR6}>' 1TFFwy Slr҇t< cD͇ ?!w X Gļ7,9&sq׎^]Vdn>F #go>Ia:@ -Kk<=; Dp'fy=|8=?UuK ٳH3O[Q=TLjWD.u̼X}>=/NLQp-7+ca IA^:Cc]%s@)D:Ɍj䴘uM,~<GGC4Rm,FvDq1iXL% ~r۳)=zFTj WxImDmˆZ;=mTOx~ԉ庒?#GV`*]{8v#i%K' 4y+Ў67ҥߊ~p'*d-wyK),\rk2F[B%#nre 07T^a+b'w@QYAp~E/s1vP.W CC}8ak2d!D0P *+H}FjXFc3,C \IqMd:u;@ c{ngc]膑6 @%R.ÿ܈d\tߤ9K(Bډ$)L"M_`;*/+ql)L→̿Om'Ɓz]f+L+NMZ&fCm2`0J%G"ǚI s4lv\ QX nţ Z ␈wWs<(\DHb}Ki'g iFCTi|Yq"zlK!_vcz3vV@H>4HҚ=E&eePEA9A SM-|kpn+KQq>3$kuEjJ-y 4J1q| /UxOLmڅLӟOZ^̼^hϴ)jW PnG;:Ĵ EReB.tx0VK 0(pxý*=ܓ6ebGNxf>`O~n88L'QYaHgiT^u]!İF!W C'<<! o% \-O{X.k1?[1T^L(n}{IњF|,[VڠE.u@{ b[&!13dQ k¼ʹknc(w>0PGݫw~EհND ggFI]{^/5f/A9'cfώWg!/K˱i4*1LIFY#\٤!r1Kв۠D3М:)k|cg !] 27دIŠ*0xzò/Ob70T1>jh*VIdښT#CAqA K#Z T aӣf(7_ 1dFL}IlKCSef#'J9B8 8?MZ>P>yN*WǷdPRB:`fb&qX"Yn\bVp7+mlJ"Z˚F{0UW70AbOQ׶_2hQ;~p8V#HĄW+;*78a6n*׻E6/EF&絃nj<05sDTzgWqVUj:pLR VDZL͏z)oW!ہp[F/e+~rIȠacJJ"5/)nG[}ڐ9{WGqsv[z,HEnXR(F8ْ@s֦dQ}[9 ~<D.jlh8hB'z  vdAB{q)۳ }⤊xoJq+zJ[;L9DUǪLiH]Ň De:WQ(5j2K^5'$:wR4,⻟L1l&k$Prg\N9)xYDtW*7vRgPEc!f/IJg_1zZzKY0t"e rkv>yd!ݼk)6Q1_)f[;. {6yf3=ͼZ_")F;8y9hȠ=t'mQ]󚾙!'.JD][B Hۨ}Nh82gbtwR|FQR%}w-K- , dkd9Z]OgmuAMcٜ h: ZKW>}#Fr SZXvmsoN iy9suCC3r\%Rń}Sa7xjaDR^qqn:}q[ h[n}0ZkTo m받 E;]>dT|S]Zd$ѳ8螃u9˞#zȱ59(T d V&,Ҋ'wKMF|DkHh@M>ygfZwK4^gw-ALoN}XCi1`Čj[rn&rӹ\B0p{O5z]i䵮g6DZ>{a7*g֎|2lFT9ۇH rUEs01>V4w8QBϯ`ck_b񏘛E@6K{m gAb*Z# Oȍs,Q22v{ݝ&{?\wʑWs4Çe}Z'?3W"Ж +]T+6|yMbRDZv,O3w;&~Kt4p?˳\Krif܀ЫI(MXG}~+1 @k4*&! "\\hsoK'H i*l‰ I$辵Ts=4dw{U 5CJR݈_fZQi/>;n;$Zh%n<<6E\¾ .yȁ~^H-* ed~=-ks8ufյrWTYdoycЀVnͳtb Ow (4@%c Q6Oi<b2TZ3-ӓ o:~h4sxۏ}OQ^yHxwĀ>|l4hk~&O~@FcՊ4v:E0Obyp׊2˴ K=B84'G2m6kQ<(w6X;՟NZ;jw|~fhy`?(!K/KА ,iB-`l"/5[N˝@jQ.~Fg?pd4Ko! $9ƷJ gA֢}Dp2|n6"w)CJ4kbl DH~8u~lM_:NnyIm ksߍ>bT PG7#O񨇿S88;biB_SY h%vO5 H(X 8b?>AIpawr _.8?8#Q|MN7ʘ/b.4(At]b{rOv9-bWYb?|G˻M}mE긽ƀT5k^fFY:̖Ds*v/MN CBLϑ x# B%05-wِ;G/CL3A(.GtvbKt LW;{_q?D݋xDg{h.ERԙUP4O:{/ksi*HQosAm1^VkgN,8voFMI, LZY_q@?rbtŃwk+תdkjQgV(7l;H|ig+?O8q1rA4D5WϞo\r1DQֈf> %ejS2K3i+^* \Y.yL?& fiT5\y}) 5վICtQ~](|VmvT ޫ *&Z:T"6rxc wM:'9q(r[ԮWv#I.ޅ zr L!vVE_meSu_fC 'G l9"h~>sX6 #sZY7X}N &E\vis6Nް~9~_M֏EፈK )k.?[g!uOBh!=,*4`9'%%%H}'v!s ཏ,˱g+?EGELvzQ[ `I Ћ/&E:7A]Dpt;~V wH֐hݩOt \9IkmDwNu0V; qaj.qogg.t;qDx."3q.8gFjh#RqX<~"IlɶzmWyiQ`B)t_;!` d49ע6A\B ^ dO%RD uJAC\3Ŭ֛H:LGiJ/զ b~E֐c$p0jadv$]l7G>PCXk\68UwƜqWC -FLS6AKŸ PSHfq+ΪGnLIXA;!fׇ7JJ/<$_I_(ŕ0vyN2uVap~*ҧ;rYO2)GNR`ϋߪs@/@`/P ;{8?78Nh&Pt}~abwr+UGt8QT3])lUZ^b '-r@+  n3^I^ex ~0-1:ylrXhN20TRzEakIØogZT2{;QIl^qѡn|4Krf1a }=-}y~\2"*!ZGȳť3R1wu[u |=giXϤS)j5aT⢀b)%v( i:ȉ,df0F4`򿺢p*ƺ2HyFdB|.`bZpC -̈Wx WUUجڡǫgq0` srΖPB4:ZfC5ٵ| }{5E1ie@XH`Th•J_alI,ƟԶE v?.סn,ОvcBm @a(Ibnj7z;jv&+hĠ%qpW ʘE-#؏"_;j-&_mCgvt.c2 spB^x[6M-GE,rǺu7g@?noZa3x$g5 9ѬzᤦQir.ȹHJ".rV HQP4\WƓ=,gj_͡DžVS6L/g[݈"ao#K=aJ@Pqv pJ5JҾ$ Q]YI:k!? }rTjݔ1n;ϖRa^▸nwz.%ĈOZQy>0Γ _J;)@@'r}Ud[Q/;ܲ"6˸(` w 0ē MJ:>"Lw\$cFNIק : VVճ# b]4[1ƞyj|$&wWlQS )mky ~afUd ݒu#v}WϮ$oyK+4h ܗ>cqQi:5c2B.sNQ"O!q5߹*-B`3GRwQA5yw 2J1s K!kj3 ^AijQGց ԛ󒁃o=@c; LLaD)ϠtEE>a^J,Rhǧ)kѐWHVbR6>9,;&ʦ0VŏVcm跎Vi+.?6h,Ccȼ(u9kR( 8$mܝ# #[T/.:,RAB<10ozÖLY{F\M1g('Såck :򓳔XYFm3XԂv́?]UׅjMdb!6UF2sXNímQ?W4"l2V" #H a΃wom+fڏyMVk<׺%!k }j`pqԂAZ.ESz:}г 4 mNR$ޠ)C?5[--:+35CUh7;1#Bwl,Bc? iɛ.t M<F&30vد~ 05iui{MuLl2mn#,f6`Ky;Qk%-0b4XP|#< 5,xvҦP儝Lk:8H s5AMWHy]. Lp kO >L]gf&r fl}H".z!L- cʢG[/ 7i{^*(ܬ7{: T0$ &}Ɋ8LnQHNvBWՙy%|r+ZK(H0U֩wB+z5asY7iTFH+}FkүjL^% Ʌ?CXxls `9a-$#RfY8E̼W2OB0,s8{ FJ*՗H@L^( T)0pᎻXQtdb`AQĢEčH+;իY^XVԄWYO5E].K7tߥhDNйoaLZ&z[7B^=_Lu,܀w Vl<"+&k{ &F Ƴ{TUqK?(A~' f@CGEp/sK ,5~mTzV&zɆii蕨ȧk;a̭w-'qzqNKuq{ _j\'7L:]Ӑ7.0wtwzjhNTE S\vgjۋU[f-;qRˌrS>&|.Tg2yG8RZS`2K P# FaKJ| .RbY#Wמ8ckfBg=&s'/׉_N* 4s )B)R)A~OA 0D@%ݖ:^2 z|lа5%T9ԫ2-#yFuwH;g7^TߪDMQ*fwn>t@]T49Z_ ևSޘלpR CJ)G!p98wX@YZta{~VGaOÿÈw_HKQF敏}FwS[{2c[i1ďZaej(N4`i F:pb;V&~CP v99jQ|P|mN*J6%brd#Ka>M=SȤMajXk)M<+&g8!= [pw5B A't1睐?\suow)@^B/f- ܂쫋Q緳<߄5{&K[{il%X_&%ڒ[hq dZ$(h2E~.p=^ֶU kAyl:%B3maBo:{[i=`'xQ!D]#b>5(5LX{f\V7w+!pR#KfX ͤ,#]}zٿ$czL;tseUز{԰vRomg =Eϳ ӑC!6;ZTտAvgKm[uW*yK=^^xO=ȡS7ᬖ^dcۖ7µE潗ա{ԳƆ@еZKA*ˮ(+;>[DKj1E7Fv: AM:1:8Lt~)|EA+\Ia{cӶG`^SD +;nR*6!;A, }D.E~ՓڻXLWdX%$f%BKFj²Sd)$fN"ڤ(hA}Z!E̅@Y앞p_1fr;4?+a):<BT;?e^vR`]<^z%|_ a5P@Rj}iT;]>g}=\vaQyf1[imDUp={xm1 k*} 4֍\OFL)ѝ?E)#X&It^:d.Eqp1'y]Pޛ޳tb׸Z}cTXi0gPT,-Jb:?r*$5Z xelF%W-~*!,ei!Xn| 3\$jtosNZmٳ_YMF,z:up]S~Cɋ$%)GޜBbqX.;? h϶ꌃM]$nn[ Ӆф?LMFj苟{@#耵˅WPGS7s72ȡZjSmA_LKX"FYMް%^W}猋zf%RqF{S}Py7_/<a}偁hLrEvK}*_ODdoB<> ^nJ:vQīa==k sa 2J7G߱Eè 3\@ySrđv_;.< sc7ᲽF::;d8֑uN+%0Kƹc0jd0jjisc=Fyo.:~Kr,ZweW&@:Bv+[s+!N hlMشBa5:B8} .H)+٦5t~f9]i\>?5PDB'?y9i2G AD(U?1zѕs2!ډzpf+ú#|KvZ9_n4hAt7#X͢䦈T I1 SfuNGjqo ƗXcc s=V-GbJ Hq<ᭁ l{Hj-se&, i*L 1w>\H *N $ mOOLī:LAsL[mp~% L#6&4;m2vEfO\|e&?, Wy̫k׃;d$ 400:</9ވ Gv3d6z^)" Of$@y+vkX ;S34oѼ\moxn]W~̴*Ԝ*PI45A@hV , ǖWO:_92P YcVKC2S fjυc1e; WR,BZo{TP[a] թтmTa[>"%w-!v,W݌Le:H ZteKLDfGLy9Al O܋{Vhc/:`YB nm*A Ѽz% ]K AudRC߫ *-^ɹm'9sA_SStw4RwzV'4Cu"5x`-`MځC`a⎋?wb}J`7P]7L,;/o-CKKH̭}55@}ia]wpRM-.dtO_ybPo~?O+d"vESk{\mlI,BlaR3pV{J,Oi?d4Aoe$k{JvTh% nޔ!ͣJi$˱-ٸ#',pSI'{~ *@)wfoV˪%:?.\_D"oH ;XR ܻp6zJOr5m繖X*{ >$U#e_7juTBgm#]c>]TB.e%4K咫ȬMPbSac} sXIFn>.(;VbA_3BbOll/pklI*dD[ϏJ4RVaV)J kO:z^.-gAI,OKg3'83l{5u2d'>ҤUs-{Fyb:pVuKs}L^å5ͣQDۋ>JX'EXBDb0ʝ V{|uԪz#xe!/9vgMNDX[mw'rZ7pRs,n6< ~dWiN.JRŧJ>/ )N(_v8:}jj+Xb('ÌRQ[hSXbEB+L |EX"7rd?]6h)(kxڕ@y#X@ۚ_}þ a L{e(MJ,>yNHuctE[E8?Ϸ(yAݺWV >4ۛ!?yD%%U a¡\2 ~>9#n}wt^qjqr>RD;A?PP c\RZ.ܸ!2>4,dwbrjOy1F&eZ _?]$L"$JaF* IbىE2n:S[3~|er󞦠<S HB5Oo h fѫQગG20q5 U-EǦjZ n"0E@mVL8E_NZPMrM{'q@neUlRgdjs<;'z?梂;P䱐+~&YsqF 3W&T=K *ƚ̧"F5 A 5nP <@vqoeRsRaZ|h:+]ٯn?z{yD@AH y%t6V41-F@X+b,#qǥ,Q ˈ, Т &>NMoTK}H^:5CO5ȰG 0|<-䥓*6{_ncz{w/*]ݱ׮)j9! 3tִk[s p@-d R吕kBhxSmWSL2Ɵ REFL"m־>r$2+XCM0LSUR;?v59$b3W-q$^zVf=ѬIk81y%KXPS*vbmb/+3Rdj!sJ5\6]%Dw4?ܬI3eT"Ke~j[YO%$ ˯|$}th if۠9wyq 7wկ_u?NyU飉I "Jujʝ~|)/$k 2e+SgmX2^쨁XD|CZ T=) gܟoeYgg h||A[5Y|znզܘ:u򜡔Z=׏̀kcb5VXAfr( cvdSb*+cbnw4=]JD :uDCOISk0||CO>\ czHR49i0?!AN;;N{^YFTkG*ALE4\U.H?{n-^x3r# iVN=;SGjb3aaǑ R>|mp ~ hV7^TBVL}+Y];q ) 2mwF3? v,RUϤ~kat^gP{@yCtS(ټwڜsVmѲ+ hj'plGCGOcъs8MlX}lck#m5cI&B] -۞"!d=3qmSy0\աLpjJ%s>"xnZv( YL=56XUv؆7XGy6u<[F$AzMZ\吊CRoh[4'SX)=$/ c(7w{;hgJɍhl1X#'*hH«T9kV_[(6gp( _Nn`<ٮ _&_#VA/UZp&c.> _⃘#ۗs<IMo_4^=ɱ頙7[Pnf-2 1 ؏{h!'y`_7w{uZYy} 1HhrjbS~HF=?* ODQk+'Z؆};Ot! =Ie5\Y>!fCQ{'i+_$_Y$5@eJ. 8˹YJa)QCnE0_7gjB{)j ?,0{-,MCA2dM~Ud-* j P{~8vHx{"ep?b%fx'}`A³1O\(wlb~$&1Mt@5Z2}ń"nbw /j^Ue̲HAw0,kIX)4gNN/Hyx߫1"_нZ)Wٗߑ))YmzB'AHy|:Ap o^mH!9&%`e vmӴRK!^muLb[ Bfqz!b:߉R3Ih?}@oB\xw\$xfўDc?e'_o!MzaM {}Qsf %1ZR:PoԥB;.p+26%RP^?-ň2 6" 7<ק}x^`-S=<KԽr8U^B6v/*FG8 + 4{8BF,[0yY6OTr@@u4ȳ5DCfϝT><%R΋D#\F΋ kt %]a&j +2Dޟ:U'C1BYB ŋ/.3C7vnYV3>`T|V*Μ Jd%9LoI6qe먬{2ݢT2OJ\Fjf3w_<-`۾ 2 18J m@aեJB!҄J=x#hu-nȘ k)iDžmu3J5v*XyA;^HԌh~/N;=6u5,v&"Sy Mf53(AٌT4L͊:12;"e%>DR=H P%,޲&=>oHuǥcUC;~6S:ŕ5IsoKjfhUL{ #6͇P -|շwXǨ+Iu1Te=z}7@šR F qL 4p:JwUm_:f_G4 ņR֠j" 121~88 9_'9(Um+|dz67s1 ͑_/0/}7SI#{52^JI 131 "廁u1Q}d1T,̖Ͻ$|SՁK ^4_t'8-M?s0ZB aܳ~g:\|nzF6  dA Q4ф12Ƈ' 6b e9`QgAq7/b+a~Vd?\̇]Mt8wN[9jة), [07R?ʗ}2[ GX-ŽvV6*.uKr0\H=pEJpQ;ȁ <O[6Ek?P Ym;=VSYj1VIq!JZ_Oϔ;aIqbLk&F<_).OtHfMH/$m镼x%_ )|Y O9;=S f0'bKjrZZvOgYxo2x@)ooqy;cbXTg`7r:Rn ; gyL Bz9S/^1dHH)3TÖ*rpj ;Q^P(ZHMlo8 {%4er`!^Y(Fϳgcݘjph]>&O]s&i3wW1W;anlKÒ2(/0є|4o^жpϽP@0~\KGMzEiUT״x(2#a}B(\kPR?_*D-Uxʆ7BѺR3-e{w_sX$'Aܲ־aр Bp多 {Xt 6Nw`Q+Im @Yd_lj}mi@-D/zv FxD`~ǍP`*8x=?|Y oNҸ{7WgkdU]lb7Οg09!> 5Jo, A5n^hN)ܘ8e?S&qھYs:H.^Vm)hNR~\e+c>؂i5~kO_,62L]KHӕ9aGI+sH]ТG*+S 2?2&?_+=5ԓAPRV>MG?k-SDŽ` RKIW5uv_x= }˨?wwē7/r/ݳ5OVE1U.Ă3enk(jca-{"5,, ɏCIVU.,c%+DkjqKo=q W˳vikMͶ2US᛫n\g` [_i]g k;UcZyQuיEj3!sD'-b>Va)b̅B / T~V/1~nm$+( w.:p wBHiT,|'UZ-Vɔ>Y ʚz`W u/[gIPat_)yLv rJJ!q%y#S/i?KP>Bp ys}b+cX9N!<ݐWl4Ɣ `Maȷofn9QyG%=HGfZxKL0TpG'ȗ&3i0Ca (P̦E\R2(yNS3Pؓ,KYjkyT sA"Bt:5`~}GS+WXN) 6LE *V7I)NX2 Ad-~F580P=n&fU@%k*67Fѽ#UX$%r0):{ɭN/1u7\`*p:n#*(D9,*Ȭf:JǭS{ϣ ,P*%v|Lo[f?/#l6:irߣkOλ ;]xQʖOdsI@V!ӥ^JQ'; }c׀ ,B#n_38PqV5 ex˧IBˊ:TYb6unP%cdz2*?e,гpTjf;]`$; K+0 (z#PCR,&(B]yכ7♋O:˻ZS4,Vԁd|NMǖ<ϖwmvPd/gAak-/[cWWXQ &Ͷ*X=fzfv"zA:ʞ<}~,g,f4o.dx 1bOu*~#zpAG";3E F27;FY/ ksmvVή֓L m ?$F i,ۭ'Kp *N/IHz|ރ: ⤦s+K<"exênFFd[C7" (`Oѭ3C`cAĜ^53/X$kq( /m`g̮[FT5#W؍B## ()n"0 *ArOO Rc>=z0͂P_inCu1a ϩdMIJ+a}++Ԍaҟs 1>M:Feqjttyڝ^󶛤@EJi!7X%MCo%O [S)02HiSwEdĵcy ˄ݩʦ8-XADr[D%21R'LVYYΖݩd5P wLD#bAg=ePq#ĽTȺ ;Os@RКǐKJg a(|]˚Nd繄[zUpR1?~Ūު:!rt$%y[ngk #F.{rAuOu[@73G>ۼګu[gytr٠0_Ii11_kS)yjN4)$!уδm~l/- ƱZ㓌qBxI.jUỉaKpl{8ڊ;x^b,ohglbҤT̑`:' HXn j@N'c tUluo^ Պwvq/&nC( Q0r/V0:" Լ?ZzH0x2(m ZYtǍ*vk:$)R{v V99^m'рCT6Rx$@܂(0SaGT(6'#HsfF|aNEXlRyypLLI)FVq'7ވ!sP)TI;WˈtBl3KfGD.^K}|xc500 9R5^ߡPBh0s7ڠ0]aeתZ+w:%ap/ՍYx)k聭1ԹQjbC+,«؏3י.> w&^2x;0')KO Lwu9@]q7Q,cSLP03=%m*+$aq-5'z/ߧhD,a0i~y5OLhve+"Ia.WbSKQss;1Z=/YuoNvԇ}~Nw)%)N@YiT]YZ]> yE+p9yt/2 FY087 dJJ^ttv@dCHS5܈)_&'Y^T2 "Ah Z& _W܁󫓑9yS3 C(}*xWlXo1,v̕wbZ4ՋP`ޖgT0!k1к: œ= N-q#Svq%ʀdSC㹃1-T"&T U"[yOdlY.nOa@{˝C3ζ"'&&^bAt ݞ'~v{>8@/GUX2 CMhI?+G®,S`"}PEeL_7/OuU %[ GSk#$C*%R(;%QzJYd8q #|1bGeykp/5~/%!l6v |E=O,=sF,N?6\X xz!Dz̶ؕn%ymNE"MwU[#fÆC6zCYuH?u+MmorKِQs"*13*x,[9&gP1 ;_ʑ~bޜgޤ1$(geфɎj[h+upqanɸM=TzkY]*K5v<+` $\?LM7ؒWTj"b k`@=u^#tF&ZP+窗_U|铴%Y$!v]T`vMyia}Q(c-M^Ke@'թf!HcNd3V Os:1 )xi ʰS!=,-Gy&h}8 m9Rsc;á 6밒b^ES7s4D `Vkw-b.]&ԝBWFƲB2LR`2CĥGޚﲕ.Ŝi&/P6' q&#8$z-N'Bnr[쒨.{7 *& 7. wtYFKCrRsrMFD2Z@)Y"6Y?1/Ye `1K()kba5ǣ4 S)Tnޜθ*H48俇a!b߳@һrytWǸߣ!qTa;L|Q8MA7G. qaWq 2WXʔ(;&'ZC o]Zfon2膊 ,F/qL`*2 apA"Sc!j*{̂rp}O[i5%}/S16_…rVs #F:]B.5B贴4"SU @3 6zpkJx/ÛRgN kUWk-F . x,ãAkhGѕQJc=պ82μW=ߎ+-^#M/O\qUZZ/hLo̒`7C1tz= RhT5$!PН"G~O:n(-c%L69Q'Q|s}zIZE$N/VBڤ/Zp9E45Ilx'-X - :~N$pp;MWe abDϪpT>j2`@3y5RuCyл4We&4Z 5Wx)HPoµunIa}kE܅q2l9շ?"{du3*Ǜ;'( P{s-><~TZL]ռ'8)aC4^ W1%z>17teSp)O(!Sٍ_%=Ni_).tf@r#;~W(\OW M="(9|h1q8ŲdNd v6$SVK7 ,+!T̃dC!MS^m]vG=@ j9q$n3V'~_xN!=| 8T*=6ze=(91yvf沖TKWnRo OUA!V<$W@؃ۮ[C3T6e6jww]+174]eTB@>ࣚݦ3iCkWe[+E\Rw[SN $j Ui@X7/?iwu_>(y5Hd8.5\LOyB<`uPZ tehxR92N*&5#Mgf TnZ@y&g3i}!d&}!%2|aBNZ /~q\%E EeL |եnsӝcz۽wT Z#,'8oV0L4379"5 $dOsf3c?=>C{-F*ӿLP뾄$/Lc wgIv,W*@tso>'a0Hj"^vSݙE>5qT4oK*J"3G1wt'ȿV}CJ}] W=G@xp&jtxh2>@ 7IIN:ω8l=8 ^z5@;?PD82_U #O:b4Ib$ɢ/7Ku`O߇<$`nywz=堟 ;̛ٿg Ppc")1W/˜ĝ#"u_O\3|iV 3|ҪfBđf; Bn/GJj j¯'=i`N:#AӊiT^N/&Lbt,JL+д"k"v+@_53+K_=De!)A0zzΊ4Y.[{_DzjsQ+ep6niyk!"郝;v,U?+؆@- I:VA;-U b0I [fHMO6,M5y qYG(+-cfl?, 57ꁉ$#dF @09`+yd{ĵ* c˙Y59^ V gܨWŸāh-vcf_v@J/g"+@] &o*TA$>Ve\&7~+ݥTCtR.2E(h:/[B8t^ͪPHx||xce9z~uiU ?pChs'-.Twd]ml"W2*#K%tueJs݃ 4#3;HaOlKNO  "-ǒ)i~NDv(De㲹52#ڊD xcnba3oXi;`Do!PZnObHJ@6+>q@F9ޫmOJ(%(^7oaxA&IDQ \"Vꐐ$]1ͻNsf0E}n(* )('hE":c|]EiexW+Qx\}r$?hhC\V<6 yȁN_ cvf>4}㠨*JAvĒ7g mEbTPO(Ysۼs? Jaٍ5Rv~) O7vgt`oMa~ozbZC u[*b̲dhԹrcNd#W^T?xxhzKGE9q1$<.+z+9ظvL /"kٽ!Ff~[CWٶf~rF[&T;|؍[/tVEFl[r8qO^=bXVkX*6hWv?[۟Pe٘(~ v+庳'BJMI;}!S0s~n}tꄎsS 9~nU5['Dr&ܼ4]"Q`8T]" p Q/ŽR pL8:jj(l ̰屐 RKQDZlweR>&2x Z~k5$_0^X$gNP΄~d+mWix2KTmC Oi4j lqaFU\r(.=,P"=wI:FzAWWݪܯkm^o1xYJD_LD<£/@sXjk DlCu/.4]3N#E&`!Hڊ0++༽n|vLvj Ȑ1_6Gbf)9hppgAhj]%$S$ABO]yܟ?ѝUQUD_8aXQK[#ªH 3Z٣cimЈ\_bHI ?'vǘ;b@koJ0Lu+<>U}D{OWI4'RQ{%!RU95))xܗohߣd,t4RPB2e髗 թO% Y,#o<.e*kOrz!xhf2 aF[_o .,02֧ SnDjut>䣪c<܍se4I:W@<]F&Evt.&=6i9S8Y*=_\_ͿB6Ga:/ĤWXVe3b劀O WՀ6$8&d[<|O@im ൹ZMIHZljB {ak*9C9gZ&}s@"ꎤS <T+HLd+{`>~e(TH5CCPt_#`:`h-L;fRϝ dYcpC!)p4V#wڍAU՝(d:PB6 g=-]uCNW CABCRTj<05B/Q0XIښ{=vOc[WLnYO6>sza"sz3k״ǍS4DF+o; /w㲟䔔 u^>Շ&\Kan:hΐ @@۽R8X+ܑMsIEc3?D'eXVpPEsUjCD;9zcQ'ϋ|8!?LO>I:@k£IvCo.1xtB|z bk4O$|Vhʁ\U ?%*+ C|:{ؙ{n`_ PmlR+Et*G #@8:.9q 3Xӝ8/wUta(.$IʔR^Xү<*x؍F߽F_UP ϟnw|V{L=%ԍ7}+o7;`)$.PRCjhn))iKys`Jz:lI,KJ X`u4e.IhōcW B2J-E!>/16#Xb^v r k^fK8u=o<:ʹdL.(>B5l3^g ˆ:Uiᏻ\4SԾcKBUCaImD ,T.=ئ;ZVzYD6JY:Z\6_o 5o9HlqF-D |tXRWլ?v_W_LR *%1EIt wS 1_F[IO`f*:&sxCV_Fv z%?,op rH'oȩD EGt>1=#n(̹q| n&@ǽZ\e$aLEÙa۬by\'y aÔѹBw)kW?0xAUuΐ,XXY8/dyȲj8L *RW{=Wd;nϚ #(cmRE"LEUO.Z{U 3^S|6l5洰o!Ct7gB{aq$=RX|$g]'8DyO6p`҆QCſRTNFvHOo_ ܡWMVrp@4KoEI^+.sFϹ@6%)zGڐ@*׹RIca .uUhR6i|U6+? p>x<#137*U=oH ߽Od~r5!Ɋa'&V4{`5d*YB." H`5h-0okYĬZDSAV'v~fOSGV;{7|Ya:t搖ҽ1?#=2-5G4|TMbB oGkA囊 @gɫ@a2bEEEy>uhqBa|o׿fAnj,(p2O2T7RÎROpY^wZ ۺ[)[6ۡt,nY7`gd5oE05f>ދ:2l }nHXJ@vv**6v3_rI$oc 3L"F}`"m0"~n5IroBc!BDU2KmiR^yzL8pG7KC9-z˪Qtw| A1L!22KGDWG. S,fii?݇Bi ܛ^;1Vmt>8,!O\?0>$圂B]1BA5 /ɮM3"E-?]+  !=)KMW8~k44'z,C[]R]?Wj6@u^b4CT] q4A(+vn r"'pH(vHT-NZV_\ ^" -ܲr,92]ћ֧̆}S.@-)}}p<rz1Ej$Le%uMB9>S6j[챫xm.x.'JQ҈4w&8`q~`Jgua )&Ccbpc 9xnX1 4>Rܿ3ڕ7=P3;i`(zcU;rϟFeEKTdz cT]Mbfk{ S6IB̓ +91CMחMB0JH+N|(Z2FU`9azTeZRp;,j+< =>YtA>=) \Lg6d`9bH.c?0r5Dm}tx0Z:w_Q+FdH@D1&A.B=Үq> GpX7^ތoc\lO*n\ZÍR4ۧ1 Hؤ{ C[MHrw$hge(n1PW|е pg1 =r wA+Q {4Mz%4):ήWUZsg+} G`zaL}xk4[0$014/5f5aE(?T4g)Y3 ?׻8Dhj'[cIZ :վ,S`?93٭A&%Ulljj]v0Vc:1VxC-(T*֏*nyYgFI,NZ.nb7 ai0)a}ZIG{ț0cr^gRґ`eF"7ug7.n곤w4wH |\5{ t"^𿐗=NM[c4-d2omc큗fbBtX8 Ȩ+k0W_c? ꊗ.s҄$o-CbMZ]$J7{#eLw,T}L=}7DA5LV A.QPW><]ZbPu~%|*bklIQ5\01YJ),YS3EMZ<'@g REJc;,@.G*S\ƎVє-!h5X7 iL G,Dz!Y$S _0SJ |1ԯSv{.K&snun=0wo7TB8C-~(p[ +)m0rd'hw)7F?x7Jh^V Gָ>ɩ"./PjajN/ex@wiP~ְeˣ 86P Ӄz~D8א}1KM8??7Dھu,fY0)YOF!R}=:)0^,IEpCku/`YV|5ZYRaH# ޿ 4*ZNA z`_s+)ZէiJZJmzyMs4MZc 19O *Das׳NnfV?20?E'ԙ@Bo7@I˞$)8b 5%#7/8R=8cႪw1IA&UgPf\2F?t.4E(^2_ff *b$ کҐbUAH,dRC`^Gt sY;yVY'Lv qLP@ Ò!tQ nA`&XTEpf ojJs~ayAgfSN 3}@>f}$sK OΥ. 0NI!pP\WצMmkɝn|'6n5S*x 25brAm" %OB'K-VV-(v0 Fy߲ #/L7N`͏6G yqaz_l O YQ^n7Lzض`c S1nփڦX:޹ԠK1ʞa(kك[\ηQs\f+^ !4T5"b" 4 = 0jvS\hZ*nkFun6J\0\EqGCqc8otZ-_ZdIkR/ ̌ǙIJI1maƭ=Uaw&Λ4$_tLj~S*/X }Tu6M6|CxF IXv0Azr +~Pt5̃U ` =h d,Dyk6!wgQΐ7=m4$ ) { < Cb\F.Is!mCΑb g4ǽf@0׵="+AP܊/|,סW >ߟG:Un6i[NwB8pk;olGx`. |`>A0݃]WR-EsIj[S6{1xO_Q]7F/>Úsly|^1YP#488$T_/빾/9Y?0~!Űm^^[+9Ч" >=sCj:zƆm)ak]|C//kYo$$}k`YxSn;}<3c`:ȾO6VBr|A hϧm$A.s-˕ð) /X@(ps*:Q=i(7TdtgTe_pBg,ѫH+ =MP'c9o&; C'En$+{\W频*)@ /oߑٓ=۬ȧ=9`fulѳrL%=Wcsmng07幘~U,2h`WR=o(j-zĜ6EރS љfaqI0}O_[,U< Daxg5a˧ѢZ( 6kgι=>?2S72I7q: ~^}o5 [Z-Dko+eDƠ8=y<2}Eu[ [MfsƐFy%ryUX},yz@lO)lG!ؤnSH`!\a/5ѕjh?#KZ4ㅢyId4@ ,!֭AeJP/'iFxbDENAz7J\}|$ NF&(ANhj8J'}afMkH["6خ$U6WeX/o Rs* @psjwC;-d UZ19[_:"!4=k# Dšo@*if#D'(v&`Tw[WW:"s&t+۸VL$T%"ͽRLpou1vuauB/2yo>ߌ7Z'ձ I/e%0U xXfZ{N]GLcY̗l&B ˿DXyvOj).mdLxESs`r, ҏ>pP@hD!ckR+zAlY؆YIa6Ȭ^t3BNI0y[FBc+IE%Q DMz:]p^`<%ڼ@o+]Edss{[*)84H.3 9V{K$kC#9dD}dMn!`<ŦUqs$&a_K+$>8fQ=Q.~S*ŚR73c6d,׾6tk/n!5-;k0B4jmn0}">p`( Up Yԥ &K?ye9PiAIhN?d^Z ޖgxB BD^ỶԣtA lR]LXnXD*"|e&bh%G~zqD1KssD%\SW)aJ5W+x#6ͼkK7 t/;N<+lK[Eg~gK{W-4,|.SOFK3` #тĂDYE>]R!!١R]ZEyQ^ɊR* e٭b/|sOʖITpa9QY9Eem Ԝ5dvcHALy"WhQ y.6҃rw!+<` p̆>Wohzt؄b2ܘe3Yy~YbĸH gUcKDnܾX_ cf+aW:p`4d'7WCVXea3 СBm^=Vv⌗Q4>HBn_@RP ~Rt<6{|eJniZireՇLsBʷT>58QڝUL;NJwn@ NE^aHv#J&wx| ޏ2,b 5FBkezC~c8Nue:d&p!}k #Hq8u n c,% n@vO;4ce[ }N ]'t{?N91iمT FfJI0D*r/u?%Gqg7,^7 I%fJ_S\@kv|Q5XzHtud 9Β^۞LP&n?h! OQF夊+ZWī΍IΪ<+ 0tӫ[\Ƕ;e+@N"DłnVRC'&dHL,*@2jCOQAz|eHQ*1RB6bfezﲌUw a*O٥%5d X__-lBU o^#F|x)('*i3z* 8PZ;Xe`TG( 4ZۄICL2VCBb¨P&ķ:ML{53_,6{$l8/mXϓeͮ2&!Ʀѹox[!$ـvry ?c9;j_dG ܦZL ]e$;XdÒ Qs K`a HRXXr,TZo"V?s݊IN9yPg0m9.F+rjrx7DL=@l}22yu!}ؾ$Uee;'y^ 5slb>o!hr9ڨTt9Y#\| S3$b캛иD?1t/ʑ\Cd5=zȢ*OK6]F+Y:,QlQҭQ-?-r10~,Avǔ_вlWL9}7oZRR-.a^eApC=YWtc*_[nˀv*Hд\H8RGҍ[|A]AEߔ<%HeLƥT;N %$M|%>;%h{f>+Y }PTyZtB|U9n $ B]q@o(z^É/z<n]Փ(Qt`F|t)q=2 Y@۷MT|u0m#Pho{ԧu0L.'X>9Np9v6ؼrWR*l@!sΎL /㏽,M$'L[]+]ɿ-ؠ P:PA;yMg2,)q<4{a Yp'p+emfT.54'O,?^ּؽ]ݡGag}.Aǃ'kڗ&6ER40}ƒMTxnrX e;u|z^Pv95~3wy`J6^)dʹQ^(UMk}Z<@,OZ67SL r'NcOA&Kn!}*oҠU=Gg*Z 9)&-6gndzͪGS%V;z"C|} y(ܛ-gﰒ(Vrx1y::kuo;bhGf0MnlGCsLF'^uJYJOoHȈ4buѨQ=m?NN?Z9? BDo!c}V,7%YrL夑BM> am!oxd;6uJ<}Jl`,Qr,IMǂBs8ejf.ZL(yvx:uDeӃmz8HUU &nԩ {J{A؉7?O15@_ͦqrOݏi¥W'RqNpi$7B +[O>Ͻ;$>:;nO辥|;OR7mo`ţ yH6 7 LW;0Y\t#C!e3B-F>M]^1o=_5>stɫ藑u>3ʣLj&T1X4XTFd+^5]`%xWv7Or 7o$%y`^' s C$B>VVz■-(s3 ٌ~T>-7լª;n-sC xHSً͌[UKmXzXL#R|u?zT Ef#)jޙ;"3*EWI HD2u>[c?˜Όi?!&VĕvzJ̞˹x{^ exI6uCXw'r*ch,|;21)u F:%O]_IvpGAˍx7 ,IãтPX8KRhZ;W}8Lv\xbG"Bl}^SmxuF}%33y[g"uRƺοgVwAε=.jjDz1 ጎ#]-z7*S{53ӷaąMo{[+uFC,7|,6^ Cuɽ1d乂!TAv7Hu/AWQayn=>LhU,@.R#GVZ^tX8g,y_pWPNЦ~ >s ىgB7d;+bKa6d7+ eqQd-ITJ{ZYs׶BF]^+'D] OˇǢC16lN5noЅ"H[+iW }@֫,3cLc{Da$ rʮEfKìmow3n"N~uj5*+ ԣf*#'3WOJɫ듨RVށ̩k[X9Mʃ7rC|Rmp:&1,31C/k*J*f B6d3U#hOv/D e=0LY9b˙0@p>X_B R[ׇèE9MZ94mh(dQ8.|Ux)=zJ^|JXƷfKz n,[׭!Rt3kw@)nV>, ?78, ip9(@e1{ULI~eȒ4 n_V;V6YHEW< _j5[.2#bv]O@jmiueý\b} R72)="<gW2mkQe,A%5 \f$HXA@yeIc+)ia7f-=~tShvJEC ~TC,Qv3u%i38Ξ Lã(D ]UZc&˖J~Y {[Ãq:ʌiv n6T1Pg^RȾrw6r@M>LԍX't+ KO4~ _fT hի W^@pQޟpL'>bHّ$fL:CdsWAdH8hL]Y5s$ 7; %SGOu4Lw(ht%s>#AiJG囬H^7,~lgq.K zTsqӒT/ -`~k/鵦\Kꑥtvj=A'[y_?]6>$[V"R}S1W?` lY>"~ԦbC,{Mkݹ2M[x>B13ϷI>tvؖ >|i ̜lu 2Q(G6 1Y."<{{Z\߀+T4-qY"=kc>.tD.hɇ81G%Hd ,YيmƟD.0rw=!8on`Я=@q.KLVc%ox@=,HJD\[@4cugNEJP-?(=]?u:wO\4Lk&EDQ2M茑Opp$=R*Db  Gk>.  /"=>@N&<⁆0.ho0QfK5ųK"OQ:-RѸUBc"|$P)h¿?>P^1Yf`R(4k[-2[J X+;9{>nl_g֢8ɇ6k!r>'ߒJo""~5 㶍{"u A{c ָ2ퟜ+b$a*XsҽsߑVpaWw'f0F /@#;igƃR6^=a+ϜUhLwpop9j]LtQYr$Ȟ5Տ})* m-\|>E-qfżGa_EuEXT쐔% tF2<.{(4ְ%Nc"e R%4yIvtx_s⸶{;௏FxV A}`U=Ӭԭ-+Ȗ+7mJ' F4-=9ȣ%ff2Ƨ'@%"*iAƥ!U^m*ygmm[ԟ1՜mȍҖv\[NzY* PHg`~l9vS ZѬϾЇECUfcߞb޷ɦ7|Sˠ?_ F rNv[$]v#ɧ8@ӂ{ބ>o@MNRNqHN{o3mތ#c%`G Dmcb躧 yV;j-N)#25ovS'L}S >xZAbTo. ٽ(y=?(޺iQN÷ q7.olg{Z͎} "ҰQiMhc2UCq?A>ZC(a= ]M>FaX.߆8"n*JlT>K}V>B0`7 (囆L{f7&W[ZMW@ UcHPYO"r9I{1.o#}TIAR7;b$Rօ> Fjyf?#[\3_h+O(K).WCRm .@!;}aX4:6ÓzEc'AD٘ع+~n|| ۬x z;ոȀuJD%rނ*f17̎/-9+2у-Y/]l[54zd#&?@,e/m.zuc+D#oG26G}NB|fº_k jBWHIHsM- (\.K&9o$͈_CUVGF5.;ąϼk:._b8v}s !ǟxeYsX5X8A @JCĤ.qclA|FM-Ro:"0#!XFt)+1*΂Sk{n*m9Zٿض{V HyEN/MƥF0㭾׶K xn $*>$hu+ּ?z! C2Tx=*l~V-)0K&U[bt$9PȊЫ##Gۂzl]G|SW[LYuV,>uM"3@v4Ӛ6CL(.l ,7^ snRO&3IsӮa4,xܰʒ lE:\ LYTJ > k5z)4Щj ߞg.eM$-+Ϟ_,\`>a_B`Col.#:mO.U==Z* 7>Ȅ=t(NFK-X`Gt ld$:[ۿ:=ut W%i& ;5 O2IUɦqI5'7Zwx+~&e:Wٍ"؍Y<8C, qe_-5GN4qV_6GՏIc/[0,KH5/y]?r ;p[g<`5'Z~6q~8E]I&~r]0%nGd 6fkf]SHJmtu8<8j:2d=VM|*v')_)xT+Y 7S^<4}6z*d RO~(0Zj0R]rO~6 }{ CcaQ顶Y0 J CmMx!E9fl}nvT(ʕ=j`ܠò3+pMO}[PszOPԻzf"ڻz5ѻ/7bI9q9ja䓿]!ĥOIEiQKbM8hѣ歈7U|;C`;QAlǧj"S!T=N4`\Yd{N1l'QGRVH:H8ue?/'iyASuG~AE ЄiF#>4LNnOp A2$￐갆dAJpi Bol]<.5n[Cg|4g^h߀Y̆bRsq|8l+Ja9b`W0OtDxYa]VKƋ=B38/J?uQT=Oe 6z8)`<.cJ_Z@e$@")>-k|5 BVH Tg6dFL_2[m8o2߻6X7ghND݌}A$g35&st&oLʞ ^q>?k 5?Z plٟ8ڨ$K,z#Tí0~*+=/Hd֧aq<"\*yѶDDv-[g}l֣'$ K5͏Oā5<{ Ѻ8][}V[X$nՌca:VՎXup+N#Bc?R3Nm Ǫ9U7)QotXB @ ؝0|gWl )O2 pFB"%nҌnzb-OYWA~)ׇegkW4ԕ=M@JQOy5J),&6/W7"@GڜAfs8Bp}>E웾?I=Qp7d:2bmXVmam4WìA!FsDD,q:ͅWgXߢcW&8waYt3yAs ,{|hMN(yS۝R>-?,ѯoIǕDovC;S$H|+G& uq/=KƩ!J^!ZzFí^W(kC!ń2T9 dVyA 8ejmBi9Y~dK"n:*C&Ӈ?}o5}y7Ջp,Zt=v}2RAwæn|QV/->'gxpP82II'6 ƹ[8L k!FY]9wsc8ܸ'3oc S1}A0/Fs#Z",5hC5NFLkp[џ>ZXu}ɑG&q ^d-^'G -ޖp;Ed=gLL|&ܩ%Mgin~}&zqc8d^hޒExeil/[.V6y Zƛp0©%ƙX[#L1H@L}F+" E8s $gu2l,]1@)nULP-bSK_-/۵{ċ(=w)b}J4:]:1myn5`!>fsNPe'_T ,'χEAu ncA,RNy@qu,9|O٬Uv 9Z\;6Ҵ0-֞Z5(JH}۞zU1-=DG:0$ɚ+Uu3fz타fk%e}'5auM1y%0A6F]ń_aSM~JkyuZQݼd= zj2Ԩb~e-kdI"1y5?wG*#r7Vv9%QehzkmR'Pϥ[ZNZEҦBWvV>#ZS~ B1eY6 )3< FN!O>ek"&Fq)nP<ʷSHy+(x( m K>^0L6?lęKc* Yr:l: 5]{)\qVmiYȩy莲< QR)X(T,!tvz0|"°f(6N( '>w54@[z~cm"fxO #GѫuL*u?RN%sIPcG<|EP ,TwuL(AA^:HQ`KG;|s+%K݋b0;*G"[[? vYWt}hAUT2/ӳl9fT:N2X꫗ܐy @|[V^f};ۂ U7 2/3t10,GdlƮ&_h1@ht n'#vғ-_~DFB.kٽxp1 m&ApIQăT}80kMN"caȍw5̹l^yHt~C(1@Vy CI0QjR>{U`AWP!,_^2 끲 "(TK[1c}/ /mdqee϶=&7^dTjssZƙ6mo Q fo"R`(3Ec}L`-1oi,:Q^@9ZNZ'fb^uo5Dܘt9 _'GRQ8BCM+2ɱ!!E7uLc(=^3-v1 ɢV++[O+)e'9-/JA!^<6zr挕 ^%ܣP~Հ7=Ze@~(+=6Uϙ}滣\=D(OL}Gua/t:p -B1*5SUCMڗب-<.;ˏI?{CjW9^tlx;X{TfRIJ&u's󯅢NL%͂9-| O4RBpwܣ~ p\:\bs[Vg9gC` йsٌtv̰"n?Jo]0*J"}2+АpGTוD3T#JM@kҫ2{)C|4|j7B.>%V  }r  ye#{=Nj3#چXNWa%Hvo){A/sy`*sX>qł9Bt1E}9P Q'dw?_34b0q;G-+>s"vI `EtXp<$w:S쀑Xk %>똓Y\9/W̚x(_zQqkeV_qc0ʆJ+ Z Jji NK^s4#xH)`Qjʉ)gӆ,T3fPE N ul6D,62QbZRD 2Z:XK&^ d`#Q̮ʲMF_Yͯf78W lw'/wQV;ߊ _C WZ=Sb?0rOo-X j~ٕ-~fD5cɒg`i'+U$w&M ze~W AzHSI FH}j\|eVφkzɆZ`Y0x w{q[t:\_KHՐSPH-iDފu{*)#p+@vy~Mh5їOrSy "f%pJ?@;i0;u\/׍'Il}W+ߴ.Bg6:,VwR%$r; K|CKTIr\%ہ˪@4NJ=(7bY|\^/t,*+`:L:.XHx_&,axgP߽͆j3C(-8A\(ZOޡ _3 Np 7]EUWk5Y8QͭpBAY>aAZPA tDk9ZM,lY( $7c-NwMŎ)WO Ԋ Z-w2`Ņz-֬±HV;:lيu? ( "RΆLcJb_[о-2o2vEӇ=5x4B.d!ɉ=X03qWH4u H37o-А}I4 Mw p^ ;sJ3z=RjPaȚ 5kwjH!;ܱ?rh77 nS~6j6f#d;ɗD`7ejwk2N }OxĖ { \o*0$Rc&o{N&dt!,gץѪ~-&Ѝx o 2+ JnlJq*?OcA#V\@B򘻔!ЦU>ie?#geZnܯNDFla ԻL 0c`/e,℈沇UJyd$ZJe:Jl3Z (ku8S_ްNAD\\Wla/lD꤆ʯg)o&rv?eq >:_qԖ[RƁ)9qmJ't)N;?u`|P1U٦c}ΪHg?gO(W~BJS@1>4t@0v]hٓ BYg" <N^<ȸdx֥2BW N;h5MfU1q|DVÒ~ŮA[,*L'!._t"Dpב)*_\f/CQ"|f&?͉GսcM %_uanus`)ԠdXWs ɩDn{ၾ҄j1o$ЕA lOw yb(H`& ܎cl s([5Z *\EwN(jǺ5LX"N /O-iDMxRgeL[# /)r砆\&`9ANSH)V"}FwqM Cȓxv>q'0c|Ex+$12>/8M9s+lStji αw b 7^NIK5ca$-`͏L^p##\^XU!F ؚCGfOg`C(϶zg{,I0uǀ-da/FuBxYh#v^r%b k_︿_^M⻼W_H]6" b0QXn7ÒH~C0h~#RfZ~}|D6RHGHv +1Ӯ#Ji#` cG s?E%a3%wBÌ> ^a Z$ *P2sCj r_<}x]%daw#2A26끒=[Wntw-zúQn~Ɇ>b9~~ yc۹Bőr+i;*^{CP%oa99G^v+delD0˜C FÌٸOUێFFֺ+H( EmMrvj9U--}־7 JτColaTuhmW.4G1dD뷻Vs)&SE&1qJONdm ᮊ/\У9 L"um.ЈCis}lgj{^$Vwڻ-%c="3/?,aI\/V n]vժʶ6 a<Lj3i3~bmRH79]ՐilL}yÊ{C2N=9͙ ަ'T8C[ȈQ* ?;b=nKMneV3_w5u6YY`UDJ$I']&VT}AG}Z'(uQͻqUz}ʊǢ34ˠJUQȺŻ&g??8'`XD_N6 RPQ*#& Y t.ˁbZvrqwI% ?c` %<Ɲ+ ,u:dg b1p;Gd\(sVř7@Dh^q2A[La!(sG0EJo[ 6;3tXV4) vFmCl ]Ӎ,߅vu 70_Mpc>3d?G l+B˿?aՌrQdE{LT4ZhQcEi?l7k@Y5}##G;+TC3 +PV| ZO/2/-ҡ5|8' h7_g{5B[U$ [ {߼m-(龎'dWPr+I P6ъ;[=yM ^ZUKF2{Qq[ ]ZŠf8Iˬ8ec@7 h`1u)I卽{[ r-εˏن/c~nK:&H<%0=u7,/&!ѭ2E"ڎJAl|R%!(- .7^bm;hw}I~ MH -x%|4: X*Zu'|B O9ą^P؍QwI =ز@21QW;,;grruCՙmʑí߄{pPV.[%>8|veAsF` ,dh2ˬ9 ej/"lek Uķ=djɫ/7r9dmO/\ۧN,6i@ס%{uxn>?ڰO|Hi^TY 0qPN`_ )q6RD7Mx=Na1yA;uyfƨsIXպCLSbj%`TuM,0p_^pƣPVї=CuE$_/ƧNbO֮5V򀀲A!Ί`v1hPpQA^eJeNȃr^*ƴG%=;s2BJX蔹aӛm$HxT%Nrbʤ"$iFnT5"BS^1B':xNz^^1"C0ر SD.#~q*| n>xYNJԻA s\,:7V߸~B'kc4_ h:$+3tÓqW#!>09k%x!N2E/οm{HftV 9q੩'B].3 aM|.j(-1r`ښK2㱭V~ :ktYWl:$@F{D^Þ'p)d;DPcX7; ZcQH5כ]@P%ⓛЅV5U~Xŗêy;(1 @o# ͦOh-'}}gcLH*4?Q A,u/o35b-!r50Azkt*QT2sδH|GE:8"'|A۱!`;3$qBd=]ۼR/c.g3_-¸G:iPvn8oPs>0dRZQAei (TEȊRs >+χmRw06v+8O5HvsǕ|1h.tiŀD$!yݤ: ي$j!YQ,)|qʦ\2zҊ 3/~A?9\ΊY?6͖}ֱ0U7'e_Bye|XyYZQ i]~!hB^HhzB4 Ov_ţƧZO( ˆ_@G:w}X}j0fvpE$P%P_ٔQ},L?/f3\l^}Xtj2>Pm558h-?.1:ι_2xp3:.j2C}fwG (v}!]GJ",*94ؑhrn',ݫ!əcUUF5fJ xſ4/u*+]6L[\ol/"rٮ ܯ;pj)G~Z{ ZfmR P}:% N!*#0WEd sO?1}TJ 6p`I䢩9_F;%!U֪~֭y'Z F;!bfktkkytLñu5w~-4љ?Q>VАRƩPp`/gc?1v M9?N9Nr4Ff!)s)UN֣]HKƄ*_kRTv9JkL8v…`[Ҩ0{X>$8nSEk$z@)C hT2*%Jn^U+ŸSO~ZI:;k9 +b :J/ ZqQgzP!kVݻpZ]tZ{kV8K|B;=Oat6noxsx>}40դ0oHmIuEV\Bna,Dd2sչ7W{zj_glRf~KӒWz_#=~њN6a,!_(55v `:9VnzC^9"E(OxX4Ai?Zjn+JEggsn1 PQg>&L>ISoZ jIm8>ko+°g3r'LP(OO"7C\(nI3 NW$C_ ٸjd{)s/#`>bbG66C{)(`{15u؂? >iXV ]TB&O;7b^p4Ï{2#׵{"ʧ!v[‡v¼"$+bչKIz7P=hHqG(pFm`+WWu"R/;~h> I+a'76"3:bb6xo&h>4@_0C ys}<vj׍q[RfrAqu"q!P T7tE&2DV @:să~ B"b@1{9nj*Qli#}_/ʶwv  :NM^˿l?ٝ\CU>eJb"e>`X"̊Te#λ|`+*74}DJ+aXƂ\y]ǺN1NcLٕg5lb[A,ꊋR-ZVL2ĮN@tеFFjP P t2$.I>-.Aw6pVmJ1ng7/(PL3-hyǕ6fW,ѽ!+03&:# muǖjd UF,z^kCV)_F?Ay{,ǰ[{wx3oJB8K pB  !7zU,f=A]']tq>mrwq~ɒCy[lzJxN-=JUN=%YwoXV,U5i*J+,|VuX>8͇'d1AMEd@"tmxd'Y%NX%(,ƀyFYG,$ff ҤU]Ȕ w` JbfTvNPˣv@/ dGKW쿕DnZ n\ ۬k~}ukTτ U qbN( :5mE &|W|Y}AgaХ=,y! -FayEkKvlv5Ҋݒ !PGq1WQ6d̅ouFJ+G~鏊!讍N60_+/oM?o^qtfD#HP[UQ.c$FeLl1NZnd'-J%>tZ + rgvKʈX,T`)s$cwhU~g<챨l5zY)K+ Y=t})&w[Bvi3DBJ5 ODCj! 8^wȤ!|Xӥa/ 9O HJM INVz5gW?)@(9eM,4[Qe-=2\NGˏo y# ``nڀ )J`Ѝq!z)%ŧ'e7u򽣌rhYH[X~PR\HfҴ0*6L*P%}q8 V.GHpF"mz$/A\R0Gf4=^@Lm`Mޯ% O!@ Ǚ@=[N8Gкx(UmBM/E{Z|:x3n/b8B1:+zGB]椉ErY}u՚ZAjߥHhoP(_ZJǣ|.`W_ V>ڋ%P>c:_ Iʾc8 9 Ѕm- ¦oC p<'—CJ50=#"tO.>hMYڋ96=)+p˅lY-܍Kc5XY+S!CK^[@P0( }7YvX3Jvqo ݈0/KX! 8`;0[K$)h0<&])v?|sqrwsTUEebkO\=|EQFHvQH=^H'#u?˞ eilS5$-B[F[Y=^=Glܭ 35R YH*$ Mh)+(r4@4( F*V=Y-ԸC-Ho`H7am"䬃x- 4e!\^]O] rq?C%e2Wn'L8A[-G+^I3hzK= ]ϖr{T0 ߁l ?䄸Tlfyuyµg?b*W]GDvjGW J6 RJ[ (P;u"|g$ElvO[=m)!P=8TFhAC:ꝕ, { 2gg/P$v4JWZ"K>e;ZW}Y@9zՇ(BAfCu,;f>X(s%#pCax ,X[D"=R肌-Hw[uuТ7 '!8흫6Jm"/-fG ;XH.!fcK:e!Yl0)ﮓ\*fRd\ ]_ iZЃmٝ8j/_񀛪 FFņA9߹5aN i4A;ٶ8G4jSAjT0!p?Pݎ=AK%oa8C>naؑ~Bm]mD`?z^lOK3ևVq&~bcϓD`~"*|B,=AY|}:r8M$A5cƟg%!b{wg< 7DwHPlIoQr־L/d2,KMeFw ᚬhoNM+TK||!|oF=KUQ]CGC5Y"Wĸ_Bn><ɀ37@~'9jno\0f L׏qWCewQQT63#Ne=4E:^ׇ.A?:ԁ{ߍӘByM'?A# M뮊aҤ=Ӈez5,I,ie5lF"'ڔ<wa. S2Ԁ,}yi7,WB;3ٞցк ڱqxiv~=FC ހ'[㺜bژ|:? LJ SNLVϮ[XuŹUe|$=bK(vapA{;Iw".l^ufpD ^+ X>>-_GSR%PXҨc$z^d!&#?3,gJj9#氈DIb*&f_q-V]זK{EG{qK}G!<96pe4mg<9}'rv;׉5(5DN iLsT*c2o35iCjA.s`tCUcEЩ/#|Pi#Vg;/p<4BBQ0SH Y9E f^GGxYcڰqauX݅uqخ-e"1ޛ6OAkϽTH&F6FWﱨMyKMӘ2kq^b:E0 \C*(xW+|gsbqubMa}̙9ii&Qy7x(kA9 3 g/0:zHKR/'_tƼnBBC$!^ I}HƳ/ڕ9ĥzUuHlhd)N[rU0,ɀ+mFXyڵ$ <5U0lYi0~VU 'y.IO,bܝtg?L"k_I/1nׂ?9K8}kt=Ϙ*J*B7T)oFvOHF` Y\ׇ V Ô45PiiDPf;N(Hd G$ .D'lL; ?U`Pf\WȎÝE|o½"N>Fűmljf̻CGGU;ӕ Iy;o[1٦8PQ ZMd"˶\<Hn 1ХpU?2@SI]JA >Mz.cSۜ)DLu6 RlLX2׍;K,8eYV[:Pm:((&Aqg'S> / pf%9N'QAAnw=LܜVmxCDf5ˌlVHv$ g B=brĶ!}RaQYGu)>KYz/Qop ;_Y>N}螪i%ё$< 8v RwvE虠E,h"iˋ2y)2N ֬Sʁ zʴ9b:9#6pcJّ n-tBQGZT|wtBLp}Z*((YFv3f}YeqOqGTG^S\U4\|Σ%?ip]-$piy(t_ILoLIzWGp4!|^5ON7zGK%ۥ(:ju5l`wȢfk#/Rj4*5\v;k[0)H,̎e̴WPpAE_9b3a=;1e-;2w }v `'>ݗ*cd"5Ata:p1u)( g`Sz@%`..Հjݛ k\zPxrsAKd)Uqբ ׾,N$'"9ط˔SGL$+_i)cUʀ^oMhhPrd?[W5,$?aLO92/dw#ʳO{Lt$1!0Lv'{5׫ԉN<&^p  >uJ/n$:adj(?e $FE %Kjhd!ѫ8A'unk5\KPUMWWdt+BI#$]<"t|-/D9Z͠Iq B㔟JE#i 4;"Ez#*1B7j+ӹ3c/SF+;ZFze~s5O2h & R1)N:k`xNm HOgp< ' LdEASPT5;R; 7ޕ UBSD#s@#Mv@Mv(/) ۔zs @y0PCj!l%%n "(%#6yUJNlZ;8e}^(CU楘rjQ]5af{;{/diT,P҈,%tVr" #Jp>>7L~=k%-x6Rffi-ݘXkߺ':iq}E,Ib(JSߛʉqL S(F_#8Gt_,Y@3eP|߆I΃Jt +ͥh2Fw&X)OX>xH{Jb]ʊx*x;s(q]-s$hHQI7Bʼ@$_-Ucu`%H%[Y$ޜ|ac/k 䚟08EL|@K!{Ne"wS۩;||")Fh̰ Zv+C5.bIzNh4*5]s{T\KFM܎Θ v,{3)HIacx E=>V0Xʹ*K+ EWv.z#T j dji]%R 0r>$)Ƿ>Lm!uTdQ} lvpFN&]';x%5VO*ϨPvsFSwNrck˝~j'x@ڛᾹYaKPB 5kE~,f\0gzwv(캡q4{3Q,(Շoo>mH$mLv/턵Oe]CcCN*:R^O/3y`E bPRW!urDW^ IMs$p?80\l[ЄHfX5Ow 1LT CDCM}Q-Dh1BvjĹ'!C`[8`z{)]:Փ"z& 4{ȫ)A%p̥62M'(I„Bz筡;.No^N:)`Cv`ĆWpXUZHTa?t_+U1i} _jrQK&pzh{6 @#OZ'xB\Ϊ>1/Rޅlke9w^HMF(9-PJ]  ޟ4\lΓ"~My=Qf-4*0f/ђWB=VXi)ψ_LTUlcTnW⍙ 3Jo3'oG&n$[.H4TDqF `EEED1ck?>.0$Hݫ+,uwj#-Oȫlddy+|]GZ| an/XMm!56ZBZnԶCMNcY;{`]o^9 ߞҝj w@L%}Yakz hQ jDI[5;/vEW8KćϢuPءőWޥeUMaҔ;z}f#KIxٷLSK]8s>QX_!C]"Le sPg'(~XU[⽕0m8?ޛc|OIl 4\=ZR"s@3|:4|'l(GvV~C~$ĬhrпB]_uܾ:EQ9 |#9Wk݇^ʎ:zwxоU5 Bu/Tj~2z0Y7ç_䓠t aű\t`T}.A'zB5<kBV+oh'ʧuݥWsg~޵>ǥRΆ*Sݪ{A{X5W"'@ً98_Ah"MB}~4TǁFz9-q}=AdXKe@~{󘂐wQ=F{4\RC:sh)42ܱ &~nXUPԎ %j iO聆Ө3 !QJ* ÿLC9 lL}z'U`9~SMP':kH)z(U{嗆{L#{\J,h'9m_1_Fq;|Ee{gD2b>OYY {yAS_cep R:ş9t$_b.nR1_Aݱf,5e<<}^\R<2{TP$ǐIDXl2ƊӁbWYM7Rt۫1=ӢvgVEۂ/%nw!.Xc"Squ4\ _ fh^F訑j N &u6hqrqL P-4~*90[4~t<HIuqee4@M;dV+bIP9y$4_r) y"LynVpޝ7jpZJ-7W)#qn05xG̫kp֋l'B.1S }3~v퇒}U9;Ydڶ9-V rT[śc]G> V] kKKg4v0 Ş|<(u)\U%R}ޭ5.+N. vJhA'h5kQ4]uO4~je%Ј3l!$Cv~4ջp[]K1)<Ł,Ɨ*ޭo-%fH!~݊[Xhw&\nW^c7x#eDKU`Ar+dCKUIllk QW4$іؼ9Q 74o3H%5҇QG$-:*i3+j(>Iw^oL}s#BB pz괉&퉪pl>PǧSZ$Dep|TT̪L~/Ju (vKvFf 3#Xv 8|RkɸOILHgf(Lq>_Mh,BI\fc';ܰk 0`X=d0z9AR*8`ۃe<.-8RFɹUE!8L#(z#@ AyLCJ`InF39 q=1Nb5&}˕3^G#z֚D>]lT^k^LA)s2^SL/Sf#)&PX% N%Dmh7pdr6!$阁O嶳~ؓ0cRcxE|MhFqix.yyuG)ftCF[ 3ʽzX ,ڽa0M7Ix@dV` 5 R;.BYM@(BqXfDd@Lzhr/ ' mxL.Wl3`}Qvsl<B5Ő"9A SEF\ͅU} }l[9]3j#LQGnY[5~> 9Rx7PE@VP"AzXO@-(j[ダpNv횴ӯʟ[w$FR@g`DQ;;e!^}j@/]WL?E}@<6DP ^5DKI*&=xӎ0_$߹'SG]jЉr:۩KRc/NJS٠Әq0C*Uh'| سJ_r1­McHUprǒUKWFZmDΟœ ΣWewnޱN6G7zZAW]܍ =%i#WoFno} ȊŒ\x«sX 4w|Yvh@oT^+u6 VP^A>R7ʸa$+AVAZ0]}Zf~2Lt">T̎,aҐScIYaL(F6j8e3&2> y&!MWbU/QE؍68澙RBsbmXup#ܦSJAqhC MDl we%<%i \9Q1>/¨JQVQ\ $S&iQ uD?;Ԋ+ȟ{ ?h>fC:98n/n&D\ܚ&$x;{goN]]{rxƍ&ќtwFJh[( caf$p$}O%}^fݼl.w 1eWng>EeNZG!v1[DS~#AVmK_uR.+^Iq;o0s\$7k?ft4x&- gĹ Ɩ&E[>H6zw4*14Bcvi|?Wi 5}0ْK14;9"3x_hxYWYVlu5gXDL1EөG0{\``0l;`$xRu3]E7,1ZbP8B&p+λ&T1mCvT˟ckEcoLtQ6$Nȓs. |@%?}J?ח@I[=T~E\?>ȏU x._O-i+AWF!l*@'+'Cio.p&d;36J,q"xðeȥ߰w2lĺ=T}՗RonÞ&aYx/"CՏv 2̰hQ?<ޙI'#}O1h}A)1t(uCM󼭶x*k"UC|cW@t$EE/^OHU?(|IvHCO }V* K"%BK2v4ش4>8$CQcoLb Y;xq >nÏWo#fho C*ٺ_AfΧMA:CU'(:ˣq>~f7;UJÊ2_t+D?13n3db8 \łmb0M炆{8 c,U !z:R7)bk8PY=Ѫ1=),&+el6UGZxN~DXgWNr4dT? /!4 3٫Ё4<< K@h΃r((Q~OvH9r+~` xWo4)3E꟣aT)`90!Ώapd!;ޢiyS]D:uLG'J!w>l lnwo _NowVd8һHwG}x"\Ol~mn6GO8ݱru\PYʶ$o RC]{qЬc_pm*=g@;)RR hqRC6dԄqs4·*QkBpzج N HɭϜ5!}{x$[**+vx*d <׍@u?DRŷ^pR(G>G?DZdO_lsi@y[{7(P%y.V I ⡔7Orи: dAVx{QsZC9 7'[Y:P?Vxֈe)κ>w4BPbi\qU" Rq=i)rtp+ɹ"_bU:CEX\&v8Z3kvz{{&"t]Kge 5ZDhv|_˛+(9#>FŗK!VZGu]j{E'gc5 ڕ^Rm`&3~M>b_m 'kt@3^)0Zty9$볂Y+ئi-ap6Cju^mPzd6neiBU<9HTjHENx_ńIhC)jIٔ'Hz&~i^U(mkJxk!?.v%ʓ_^q;"*zsfU^W+0{!c~Bjy׀6|4FۅR@I&Y8%XCÅ5M)aޗj6[}#T$^=CUte; e*sٰ2(LŤoJK9A$~aBNCإ!9j~[rhH6& Ck+# 0"/7+ǿ6I~/RO}Ӡ϶w OEeEe^FfݛgѬd~C2Ӧ>At P97ȢVnf.K8S5'w98 O_x1L%|]s9X$.+wf⤼-;̪ xJ$2RH3/̨E\۴m݊ =ٙkufCw|lٴQ.|TKe1 ^ AȗE&V)T#o3)hZNN#'Dzq+=l%$>)Y ?eԞeS"${cZTX~2%ngkb AY Jb$51Rcyu^® Աv$vO{I1EmHXG|`7wd I`qoRKw|ꆘ',i멋_ AqΟ"Jj"95!Ry}qD<Űj?MķA!YLqXK/2PN>q[[wY~-&3>cbis:"p㴮z4gWǐd pybYpA֚I&Clu\\56$bT5L\k^Q_hLk4Z- |?p[r>r/2ҕ|pkwySu@P2#7ZR&p%B/v1Kt7Hc)y6,[/Crls.~\CmJ nd ElAKhD~pW܇gtϒڽ=l_믕'A ͬ Z: CF ĶZidV$8|#!nםKmpSmA9CeONr,d+GLMcܛįF~l3ߒw{#^STB)w,'U{D.>2w1a!ӳEEtp_'c0W9?_foZ2I& -+]B1ک ~`{-f0OBσ/m+ievQ+$LQ:8΋>}jf}4QL$Acn|3,w]UƦDgϡT1Lzks$P(;ZgU[fJw0? |oerwL=!D p1Y[k `^_ JLN#üh pEOHg:|,Bb(!=Bu܀Ӷ?hzVWaOtpօ N69AurFLH.CX&1@jU!ա} ql+3o3{3h.r%3Ng¾}P^sM;H{G.)6ɬҊvdMS,~D:cƝenیUY[-%~<߻Ɵ\¦!<(^WxvY!$F#z~V8jJhP+N4-`-Ct3̷ؐ:7㫬ʺB"EB,f@KĴ8yy05)O>p FğUuٵ9'1ֻepD9 VgoyU4]aR>6['&fM` 1?ZF~"8:b:l`dZՆ[)lO~ țQPr"Z]Rna?̻>[ݵ1u<"{5^};?f RF%qK6qs#go~-h@q@V!OΪ^e q '?~= ж)rXMM/׆,`5 cd1?wC:DT'4HnHGߘԼ TejUhkvWc5ː] % TC;7 ȵ !G 1uiUM>Jq7MB6r8Rs^smlHT꺖EIrbۦĚyIAhzF3X ħH]EYdDK.bM Rhwz kT)0 $20惃YS۴(fڄ8:YTU^O4=]لL>a2bNBۛ0%jQ 9BV )?Q,ܗ+ݳ|:;& i۳Q%W&7.չ<0AR]R &e/~*5DEuYܿŠ:Nd%3gn#0[Ƈ7f0fh:Y4b}a9+mn=#B1jsh*,ҼKm壘VsFXqo v_N.b q_WЊhcՉ_Њ?O-9 ޏ4_cq3?Mhjj+Mi5M75>\_`GQ(h<;gz9DUyz~g&++u诠FTOu|4=8Km Ȼ͏vq%\|2?"MvYZ;GAHS^ixPW,"JnWlp|'HPcC~ͩ1W(n<]nSe4Y/3cbƈ!XpBr\:<=ܯAa<rW%_$5qJ$e#grﴌt}JVOV /q ޕ չ+'\1R;s f'¯ɣw| `VܤýBNO½uf Y.,/-tgꮏ$㼉+~Ӌz@g1mO \龥8NɿP~j/7 cGѠ~8?$;+ACwg@U[/ cVh'"iFK[$,7=\I 4ldlm|-I$vxlJ8Q 3#' _v"R&Hl@/B)8jC֒n0sj&M]G@eF-{#1K{O1RL 4hA"OA{^H**$\ `hbm'U7$yK|/|[8Vfk͗XUNTWxGdaf(T|O]9Uc0<>I0a-1x> mURj 3X-RЫ? RfvÁ񆞆әM̦쳝i$BeIʝ+-<:u7rA3cZM#QZf]D\yjg@Ҫ0RBS"#7p+Cw:>; J x!_ 7{}ȳI -ՑLUu>:byɁe@SPַ0yמ٤^qzzbL>Lȉ[$l]mP^;]):[ù~˱4mW$7<]8$t'޽֯b{DyA ~8.gFg!Q*Ē[S5|LnJa2 Es H:U63RJqѯ<6k>U/!{hFQ~Wl"ww[([@AK9LkVR8⤲[͜'-MĎ}2Vʫ+'+3'1ap'bR' [U c8{phc40̞[F/4Y_KC"\gX$Ϫ-/9k% ?$m7"}YWbpJȳrVd묍#U8x(¼ip' %4\Y9هK?g1RT6&K~ ~*HpJ]@P.|_:\mxT :wHE_xjG }!%F-O(϶^6*rbMy!} SᱝX[g֡pM0^7Fڭx+wac+I[O+yQ_^fF4 ȩ IxG-d$$ca)V?)Lu[x, #pP!VGu 9k爑nWH #$tc2s4ȫk$ު9\#R-'W"kV(dٛw9늘f_?}Ԡ.0NYa'*ZʹDQ'&.^s)q1czElX+c[ @VFJE{U[:ǵ?xSOkI&Gя60aMVM{ioa>NQX_Mf?{KdNn8A?BN+yIhSC53 sE4}V+DX* 4w,5vAu&`ءPHI/ܜ}VU 1oB6~<1M!P0PT¥0:P(C6X}D=E@($j)FoG:FKfT.JڣLPkW$Z.:}[e;/FgL,߄luA @{0)W-(B"{l $T/܈!=88N[@kcAt֓5賒j8OW-u'};T{HZځf7j5s]ab%4p۪`eq[fZ7J{J~V ]-<]-_YM,aTV b6F M0=q%zo}tLp7]Ηp"*V KGjֺU2ڌPyGv .NC''=~p'J3+`[hcS 0?6~6 ##*`R !c wAƩCŅ6\ MOI#,73=^ñ(zAtw{E$hw&"0eYC۳'2Zy0zS/a=nz #ߧ7 0}-1 6'g‚vpBacMI+]q* gy+[Yfe{تn,ovՒyL 2HeC%~F\>-|t,O$w0yxՄQsqIrIit\J)r\0*V%!jԾy*2zٵMCꯙ{X24|;3 P2ejǧt.V ȘNJ8[7+=o\ɁxUz}Ɠ3^2M|9v_MyajHzz$!2QYWK :e:g}2+Mū[hI/= Z= Gu\8_`ZO6ߓ+4P K\F#6qJ6U7$\X̏G>3{P'c{1 N :v^{l\k֬gԞl+Q:dpjKzlK~O$t{H(ͅ>KTMBd W"qD_+Cso}PD~lg=z>]+R]fYxtq$F|[oU F)~*~#H';-eąa#Eă 5V VpW396NwEsWussNj1][?'ޕ2*f>#㬲'ļZٟN;-FH'jʁQTzmL(9Й|#d9\7vV⩫VDK|\FM2ĖքI#[Z߱Ԏt'xO|KP@k\v,#&9dh 1+;vf~\]#/$[qy@ﴔGVvNi%f&!_#_\[lܽNloz#q~>YCMyCO6dvK:Eys6JxV|'T6OK:+^ш^h)%Τr̦W5ՀWhqN4՛1J9g)"YΆQu^E܇7o{(NAiFB~nQ<+7^, 2{ TՖX~+.Vc&aXGI1kv6e#sKf;;4m Sj0tA-U4g6S/}"D tVJ+ZyP%'7Qvi&1uUh J0-,, m!Q[OLKnԌZfj}Kr4t#)R5ϱ۰@R5G%֍prU{v{;shU՗z`+*|UH-5!Hp&=C(W`jSTBsEx.ՏR#2LξY(y0ϢX O xzCWKƜ-`ӂ\#fHxuǫ1]Mu.Yp=S\J02E#͍ga*,..8(R+rjwY> ˁ6z56sD6 ZcDТici¡?sPBܘXI-a*`I7LK VcX `9'E^$YVMȲ&KK[;u   X\ @pS."г0u? Q%dnooTx^{+,"T3eQ,Avd!FnHG98y<^OC`束d{?,SyniF1g@0ykNo@,Cu5V/H+2zZZ\<LpXN$q&] S䙇^785/hh6HKvwgEC͞r{ ,}a n{i PqEM8*f0X 7"ѷOx%uc p  PN7jt9yK 5 i4T/ f}h|fwA=.9eXZAbڂek*" dET}LirQ{ڲ3$Z|DD@{ y;2JdyNm.q)%<zoJ-͔W@1<)RnyMk(K2qm;.O3Ά3 ^>b$g<@YuD">1͒ Y(bioF -8*,䗈n+QULei<}e:y/(T6g Ŕw.H)d9 ^9kʛ?Untq:Np"I]tb"ѱ4z/3._(dcjhGw^eRte4^ @Ԗ#a(2vgv Y0^3կ/X51κnK][& wߪ\}Ċ"{~ " H⍝B)::ѫr,0*d0{m[Yy'`sHL_P e FHp%1cqj}U9w+[ЅT(jq 7n *c8-Y 噦UW q`Sn4U9e;KgXOt ؔe ?TO݋ϸwbXM6{M[ܓsTCNe 05zm.q/?vxƗr) r;h~Rչ w_W%ozςS73&2Z9iH.{ȇ.{& D%tH!!?kG= bٳT<:o<ӺٍD`&&u%<ڌc|gHRzyLI]*] Rnjh5mSVm3sG5G_k/EHs軐dp]jA.ַ f.5 [ ]*W@5/T‡j\ ?sʨݫe"F;[U񨇟6"iھ-!B!!h>Rv. /h9Z;3́ k\>J-o`qF@W26s#3*dѰ-S|<5]BY&IֹD͓,_5BhE[L L,5UoAA@FRAnQUx5T=h51=7ـ=:zg;ir7~2Nd؄__wFAއG-7 w|De{ŒhQ{v;9>FxP^,heC>LfWkpi[biߍ ~Z#HbR%,6.#o$VHs ; ڡ#s-P=*ttV:xMT%5QR8U=Mn%<=VY."6dʷ52/) E}!ETg+/W졊kN&=wY3|+GKwdv/Oq"XE PTd!}OLY혣$M*HK|؍9(#($o˨66`SS.͕f4И ˴( ='"#n\Bt\w0T$V=Zմi ?fM-~[RPj%+i1 - LnIG=Y KKnYNjFxݦNvc_ąAGHUI+Х%-|)<^ZVC^eF1pœ'F'+240{Қm]lOj^ڬqRC53Qϭ*~QU&f@]ƚ2<1s1}@7c U$IWJH$\ ܣK_rD-Dw3h :'2Z8NRWXqeJGX釉Ss5BT&״S8ZMF*XHCW*RE yO++@HGd/֜p ޯ%Iv9\!3jU$QYZQU=#:è֧|Q .:ϳ!XSM~s‰x DHeޥ'{bB(·T5l \Q(5,kQU,8Or1%yWV"lɵBb@aN+`o;c+h f'+~j< T?*1sOz֡3SƫG!m(~~wPX|F21ž{=0Yu)~Er *ĸA}9HgP,<2~OOCGp4֞W#C?@:YH`v;y xfmy1M\.Qs.ʛtRy!{/h{,†Cͽ Bg]ESKyW,WS*g5:Ń<.v>-==륩q~ڐN\8|sU#ϧA̚%R5ӳ=jB:ÁZmУ0m(ʣ5ֆi%S\u*;Ϫude&D$S(ӰXVbg8emƅU봃[2A Ay viEv &|sẛhwv ov͊ OE=rhh[ +qL4mV, FU@nLMr,ƺ$:FF*1$QUcYXL_C$tN WwNhJNlM1LRODY3ޱ-.Z=W &DJ1l +U.095 CLZ5\,yr"5"dWD>"l9hua-H" iB䯯%7Ps#Aۛ@=la2߷#Q2r,<'N'6:7A!w Ak"@*bzC N*VBrB+, pꖭ8EBښ?dC"}(`0e~\8+LL/Je6IlI@ F$Hx7fDDzO|j.hXUtEv&׏~RzU+rងP5z<iL-( +U>{Լ9 A2-{ҘU4ʢ#+CoD` I 7@Qɋz`es7n冞$VP\[4m)$&϶Wuag1 ԟNrOrS$Q>}w9\{k1gg6Ck}d1%Xۭ䔴aƜiXPb+6xUk2lكVP `-{$v z'؀Kz Ǻk"EI>D[/ ٘gї̈́DI$򬙐MN%+{IMvjGg%Xr1P{>/8ޘӱ$ ݨ M' PovA x÷$=6NEXe]1qfU_%e"۝J/U !V,W1i"j>asr'&o#b7dT}ht,DdIW\$X U/WX< 1Z*h02 {bAYxz Mw%&Vy1{D-} 4I:#yh4 vr 5$L֑ϫn|k@xe\)'$s-1Y=eOgk5dAh^j>Qw= #n~e>LߓǴ"Nɀj1UӠR9Xa*0ţJ:RQ|Y-Aw59{L)̆G%^%pr}P⨨.^gps@Js F*+ԙ i;d`V9SnЬ]_848Ks cMzJ)oa6QT#p$a&Sk,qcR~* ݧBt r IM Hkc\ok~N(J|@x(W.1o\'۬v!:y%XBOS2N "KMZ["-cRp1 vo.m0eb׎-厾{Gq\M%ajf-s3.JRyHD!CChxjXՊC C7 \m]gyo-2*!DLR7h#tpt#5kMKE"HUmtUXjoع+{䄲en3{FS=a.踕'N+؊5LWS֎>~=bvفT ٗ9_:D- Pm7&k\)B^ {JʆTаm/WҞ9k465KUF@SvT>bxo%̃F`d ~G~ 5|B6X:>N]4Q(wC-P$#JI J(+m\p[ա@vKW;n|2 l\VB8B 1߳3 )xԱ| 8MSBL#w7}G JrMA-o?[\%>hoƿ_l? #Δ1LGxl"5 L"q1qUnf0WNcjtj53p,O< yяMxyKVWtu|Yp I;Vd3 tm׊ѡ\h#% `6MzSOT ?J+DPr6gqvKx L^CcI/)ܻh۠buVڠQ;8`F:qwsaQ7L}I3jW,;\пZ:~JRbD(XOnYpZ~fc/.~9[b(b_cKUS?rcmgB0IͰwEwN0F'wvzV.qB^TS1ZzN"=%pz-W 5=ō.ᵭ$! h}zಢ݁/lՈj(QF2*y: Z;16ܚ _yv֗JM[Ҥ˿h5'"p* 9 xxxł.nЊn*Qnzt5j7AUءS`+IԌp]HVB?? ݾ\k HB{W?ռ[_~iFw!z ``zuPn{zwyu:_~.·x#` ECDVhP2T1E܄PI2_^l,d-^w@~4չ]':F-uY3WO:XtOܡ-V{Dxn>e$f}9(̉֒z 5q hkRbg3\13OE7"+]j7r ((tA*3h=îß]|irՂry#Df927x_:&Kk+{y[&`\gteBqiA&@;@yJ%Pf! &3˖!2Doi^;iE=n>q2 H놵i8<̈iwi‰(A)*Uڇ3gZ/hV-?!/ .d]ֵVfz; uSmp{Ӱy#{k5IEe8~M&T褀\d 劣/TD 37R<&3G!7P'TTp;'v! c{J}1PGmS~~Nn55U*-O`hJh6MwwbV2Iщʦ5w/3MĿ4r@Ni 7I/>_}KmWFCE|DR?vz]4S}%`A*rq=Mud8~'Ӕ~ ?p2nA .+yRVS֝-* (ںH#pBYP>RY3FHdԪ؋n@7q> JjotڏR="8YRTݑ͡*TbRs72t9"n(}u_2%ڔu}%;8yC~aZslq6Ly[NS*x +n~D#vq={)RCi,KARV%2,o" HW~@oܞ-hB1|Z[`x5kyy+*V9p0K"iEE91CJ O&H!IA*O5^N g;ݵ2I8z|,~%dG RHjm0aH> ~7D#K,x:UMsdג)*sKb23RDmևyzIp;TxGB+6hوJ}[(a)8ʈ/+'ܵC}%pԶⲬܪ+||mΊ> +HJ Y4Y5 7trZ x.FDwkNL .?q#}*=? jho8$O~Oyӝ[ٮ..тw6We41ɆBrB{\@>i}_!ι1)py ,UiPIfE{ɌB8yNO&Tx(a fcM`(:2N:a$ pDCujU'k$1tuk\1vIW1We0-XOmVogEG̪pns&V KScw;گ"gx;d[V*]hTnRTXjw[N5:FƾR&[TRa-ᑵA<8%ݏ}% 2,,sQX6`1Z6UUDa;Ć}~t ,%vΜIϐi?|OkקDC69}{_s,_@hMgז| cU~SzdZ jSYpd;Jr1FNʨ^vָ&N}HvSzX;i6[nAfj{.~?℅KP1̮:ȩXTޱ4$'l%m6-> ¸D_.&~\Ufc$\ d|8WFϺǬd# g36O<05)2tJ-$P̢ t3B}3Ԛn[O֌Fq yWKlLF ͠S2c#f _FMB fb8?6wo KEdmg?ӚnT \o2v8eoR<=YK7cp'+ŦCtlr3 :)_ֶ~d%܎ǖ5l* X<[FMG`k oyW6xea"1 ͻYv aLJujIPlZ%9 w\4t5Bkkg܄]ުh5?v-t7VXH}r۔Hqbdз/01:f^c"id$iL",Ux`r3T\&NHsZ 9(m5B2ǒtG;>5G .$͕(* .'_昕kCٔIٌ@z뭣n ;ˣlP;̥|{a@!]}~ˉ7$Q+2J(Egz]bB@J[bՇ(S`&= &DQP^i#k(4A{X&^H3k43( C I>أ817豦n &K;7ՎDS];h)`yљY=)&v%Ew:Kb.C}HMOv%6 `^=|P!<&:24{,[]tm};s^(*X| 8KqyzRwF7+t3􊜝ćnΘyL_ 쾝䞂BQ@6/D6TP.|ca܇jHLr;!b*ov1_Hy1a^uc!xƜQhR1umj(N 9/)JgfA c2accG!:dL/UCA_Ԑk47|߉7P a6HPi&V/tјOs"xڕ50DתC*;VCH#BⴟZH} }H.΅G9UZs̕aXn/twq6۾nZ'Vإ#&*A$d0e= b$K$`Y(G(~'j8UdԃbE.qN/?kd,(3Q )$:ڮz5U/"DosxDEB'Goc.5ľ \+:9.oXt9Yc;$47$Le`7c|ͿvNqpuȓ[ &X8 ǂX*?wL:2뽝Q^er I:M'5.)#@/*ӑ}L2Z‚?Pv 2bxoJ|z$znIS'9],OxDyEߌhX s!P}?\Op~b#6iR1?jֿiRcXoLOxy *.f @N-׶^jgn "ib:)gԊ< shVy͙ @̀`nyR|VwUEv6haduU?*Eu3*<0%NBZ숶E`HQ)E6<:P׍K}Rۻp*bFkA,7hT FgqIy_'9HЅk=PET {Kz-DI16$tCEeeo{6ԧQyN =cK*eUZj{ rf9 sPʽwxCwZkP!U 1n'#XDm(u!IS.Hjò8ySe9ۍOOm{GY,PV_v}vZUzsR8hZ Yl*o3C?t}mo[&Re% Y$s͠/:_hyd$$Xq/:xHO;Kqa|~|)ҸR[0E9K]#^Ε9m @q絨&>Y)2*?BRnAj50:%&=kKU5[`Ҳ;}x f7Ijto2Ƃ^?gq!K >W:w9dӀ]bE&3b}\3nxbDh=k,k{kBEK͏91h٭wTL6-vEMr^df5_rb*Wi'Gs69BpJF^m-U5n~r A y߱w22;=A !5lOA TA- $?5κwy"v-F==3:z.k RPN6/KV&H\;euC.I؍ghsGZ=rl.ЧEOx8`8 inr@ܡm? i/9#4N ҿL,$;'ʖЀ yXp<5n6bߌEC^Kղ`~%1d ]4ԳPq@J r xcNSlENkàkWRj[zXe aE_"d貨`)31k)2cYR8Io~p0u2Թ~rEl3~Ó߷F}%徂*R3(쵌ةħ,Œ6 e[X[,Kp\$AzJ |xQfQMz -Ț"#0 h5=$B[1ޯc>:ɍ"x1P4Ő1FЋzrT=r}o`Ý-W.mG׋Uh¿wQ;ɂ#GђP']sc"m|f᦮N#-'ˢ _0vbb E7$ߍ Vfy=6C-䇭pu/t"rb֬5%UUQ}a>@ucgI E %)1~@JBx.m LͩJ,H*O`AA팖sFbR* ׿t͛1]@W܀ÚE'>2a?3]-rFDY,<giTrQC;bMiuj%X.O¤yQEW|^ , 3*FNݾ р^T)_M?hQޗAB.!^(v!@ZfeY=Unei?qJ|Q+UgpNbfH 5Ox9+,.>6q̒b/B ;H 6T7}۩DDץ>yޒ׋ CqG37 uPC!HI"=. } 咓 Ӌ ziu6}إ &^"ʹ'<|@ rGĻ&/؊" 3e< R|X'tDsx^tMe8ILOrpv$1..u=<=ܝ ?bRSh6\⿟x|\d%{ ?6&:h~,Z|6 6C 9ة"+/cwf#|3[6gW9q*Ohc6NIsY/uo'fh&zǝ7O6q4V G}K|-]$= z7,mqDp]p@v!BtvOSek/8n0zX{d#)&Kk/=hszLʤ5ڢg3.]gI8 Y5 :h? x \ʅN,6qy?Y0Ɯ).XC5gQʤ8`]C&;_BԨ܍t1m 5)CLW>n})&אŷۡ!{{(;TQipicf]4&\Vi6eF s\E*JPОOq>0V6Vا+j^v(DOD;UgkAC?xAO+NI)_Y, Dس>b&&^o-IM|{ь*ᚎ(ˁ*B9"Fs@%߯ӇMK L7L"p=QC L lo\_3v3j5yIk\m%@[پm7u+ Y0?"V1dcmgd&1j`W 5`,qgXaXlYثg9}hGxM~Ad%g}_+ݵɇVtMK&@}L`=k4 89XLH8 W[wHlp_ h+Ģ=R[Í7AX4ޏ g"3 1!7_τB^\:0^tei\?jz(*i5g@/tb3րMX X]&L$DCW}@ze2a)cw<_bJ(`tq1Y];;Yg Oki RΕoʘ@Q ~U\NzfZ˵KvFR.S6Q[TP e,JDH -Ɍ>@P;שGAHFnyŽ0b//EyRVv-MQZ]|`"iH$EW5sQ '&Ev-~mɥN%;D>$ 3? 4qH;T!Mh.#'duF˃?E7x#6ջON@F!̰h8qJi.1;/ȶd䪥~}߶m#[`T_H.ʫϗ2D);?O: -'3kp`QԞ a[l&TՖ?ן+Tw8csy * MLCo PnNUV+\%mNx1x"7D`ǣWZeDB@]X-›e!UBo7? ɬ@ v{*'Sum[Db0& Df£@i߀-›r[k!N #`'] O߼9:4܃cCCxyzNEVw,V-8dz;$+ ]duFbmXq7i ?_B ,.ԗn/o#H91wk wbkWمlYu`$СC/|Ά]-^.I= u I 4B:_EZ΂>\ϯ!yuG:c ºMf+ 3DW}ROxaB "w_3(,cv>9al0Zax^Cs)%4Eu^| ŎAu>A%modLW@O[vqYu حNX{yIyqk, Gq i*qy[K^N*X Ѓ3Qr`Eh٘]%)BOaS-]K:)錈_;FnR|^F^4a }=*5B ܭ찁 m9N;a %ʓi}Ց$LUR3"bI}Si?7ӮҫziʊG*&O?b/P J=\FyQj՞í-}%A{v} 缒k翛Q"?*:o~5W^q 01q%zTxf6ǩS.+K [dfp_'k+i&N!V8yRcEhL3ճؑs2E _EIpLdOR @沌/2n&=0;oSW?h*~ ݶ#B>~/-wQGK9(Y [wsUob)VCbuFN+%fLjhBuɰ%[VBŖ~cd}wGtkD_RGᵀM<̑5b!+i> uFOJtxlL_@8ޞ,SX\99!*¨] q2A7KiRFpD#5k45n8\`Ռ7fC4m>Dz9G%,!s?'nZI"_Xh" ͇Cv)Mo>5I<u~@>E,:)B`eaJP!ݏY"d(t,`_Gh ؏-SE\BRׁ @AqlaGD{c%!exАa܎t qӪ,o,PrO0,Ll7E%oQ}SF)#VvoJ K OL4YYR-(9P)^)tJ%0'1MɓwGqd0y1B_3>%VN3&<,Ӂayz GQTjq]8\vɡ{Ki9fS\*DAZ%wH,';Zlt9)5uW+.E]}?v{ ^Hvg5Iy20Δ8vsH?I݀?߰\bvar׋EUv\Ǥ]Nh WMswp>+Cn~赓Qڮ/o{Ul=tfx~GI>= e23:P41.O}{q?cT+j+YLڲ RYS,ʎaerWblZ?<+H99',<P~!uݮ-&gDQ;&SP>!>e^ YiXr TX7 Mbcd*`{BxD]gfKq]໒V.4q,?D@SKiOٔ±ϙ1ֈWuh5|`h0?'|!FS̻: C^6{9 x7"ћp Bq_U ڐfzO/P\B)_pzȳ ]쭵MxT!0yf%b{Eȏ玷Q"V؀7wZ1h}gBKꪖjrPbgF؆! '6q /DzZҳ_S ͕ucX"F%gC@~xnckwS)c+[lݿ(fCON!-튠kLc>kknH6`;%$8aW+xB}>$9mi]q;ЉDSqD=ZE嚶-_{eh法Nf ޫ=?P&6uw/^֖7!y5IȬ.0 '"8ׂpۊMoT_ W` ʃ$LG[IõN/YI ,Z(UFP/˝z!cS uT2˅7pLֿک{3ݾlhYNl^[>95# tr\f@y*Z=MJ[|bguq(qvMQn]f3+Qߒ6A0䀵X,06t eJ`yZ84p;nܓA{$ķ%J_Tˬ* j3`` 7C ɰS|N{9cXYSð-LZP Ih SXjI(xgƛppk'kSՊ#3\z#~ןhQ,8ff;D΢ϮP=Tku!z? UXNM9RQdgFh̐|Āw#GɁ\YW-y nP{%,#F 5[pEꏺN|'JAeaԐ:A_̼%ٺ08&)ǮmCVa^,w= 7F7BnhZ vY9iGP|.c.SC4:~!}BQa?)Nv=k7zX4m/ZP: ^ں10{SV͹E Z ʹNQ(bb:qchnqHt2NW(1'o'f[A޾(j5ApQ@IKْDɄRD:; з2%8u(gxOΞ;F H+{c̭&]B=w,ѫoJV+:F5z;3 ~D\W( r@ϕ9ضD#&ՏilNjfvefy*@6/ ̙큭9w[,*1/(okO͌\5SwN+I 0^#Nݟ͑V_wG pOJkQ#ID%RUƮMX{J( oS$,ۼ"wd:\2څ'0- Hҙ{\c>NL8pF+$3tBY"{:".6P|:k+A[y.M M8-q%+M18ޒEܶyѓB#"t< .4 RF}ۀR[ܶ,EIV&% u Ppt/V QqA]+nĎnս.8PHO)k2t9X EoavŒ Ik"IZ*E:ĵRWJ> 1mc$ + IFj;٩`2.@4nc_rQw$PYx}:_X L3X:ynQixɷ4>v x) {7S{5|*?@˙Aj=d@a5_Ai0O+S/ (BhzߣZ6Tz0@OH:jp\Lk;ȄTzL )x*$oqd H /]&QIA)ݫE6* USUm>g#.:x#%,jYstB4e:4|^bnE 5m`/wMS#X\:ӏP>Uf\B(I0I7f>VEvP18oEԦ:86eKN23~+0iӏљ!i ta{鱕fV*I=0#N@}r?_:Z:sbX]^G:KRҩ u_jT={Rm>`Ie |KV865h]y"q V5%GV n|_/HW𕒾Cw.ͧn2 rG*L_:wE=590.'!3 8'Ďlp4z[E$)@Z?3o^_< (INN):m@#zo#Qu{c/*WDr)3ߟH]%MVVG!7I+p(//=Gwe>ԕ +[EdP[Z \BS`as۠ +߷K}fۄeb? (A#L_+ٳ -dQQNl*RYxͅH7ļ,dIL{)Jl}J찛CQ;uW+Fn%S>>0MPG HmKQ]7mUIqbHEnfwk!eL0<>*9jLA~`.ݓ%՝=\sF)wr7`Z#DCOWܛWD<cI;%P2.:uI˺UجĸAI3 xd '#=ffgPC 3?BLU$MOXu wf_'I_0dn.s"2*gU$ Y>XK7Rk&Sg4X_ra=SMZ4%^7ަj"dc< څ|'Xoit]ddHy$K=(1rϭk'.вU |TKO ,ST' ( iL+mUZJdb%egԌ>eEK,yXxObgL\ψo܇8spg ;jKREﭗ|_o :^dbّt=㘥M,g a( J44?bbo7cYRՖr▀dyNi S}dt.^60 c(YGO; ch=y{ȽRhaT'BOM)@h v2Ex!CH3_8`הٷ|l<ɉKOg]CYb}D1v?'crfD$(ڃm8hEaNyLY%,t ZOݺm$KQ7%2y@` 7%Q53k#"-1Z0ė0\E'>|KF(1L t;w;B6 >8Mu/ r'8v*Tnb5ORސygEm!آܬdNzY/ٯ+d٢} 2*%\ 5sy#cEܪ j*e+"stu-4b8PED`6/|F[XP1@7kBޔ1]iUk̙by(U|P;)aN\\JZ(M sfgErrk~~6:5?wxh/ۃEo ;t}r % F+&T8ժcEV2Dor}Xa=P\-b!d~tuu)Џ`5s~. mCmǢFu@Sy/ ="4T:NN\Hs  E+YFOW7Qgwg3Figa~ e\dܓsƿdFJ^cj+?fEawmQ; xH.\Zzńa!r.xW\Si4pjƠ)*D|6G:jmq/F8\o@zA 0U{WT0KfۇEf{vB;=g'2|;$p$-!\ȫXn`ei[![ey/N5WeUNCqu 37oٰG! ~Ip?iQtUV3qC^\Labau;Exf]U4x{`'kd^b20nIެkq(P__1`~hNBE-YW]׋|rWul}pϛ.'uTI=/.F^{hCC u0e^x{tʌA9|TE$8HII(zu(當W!y{}qyϦrPXqLKO=uLn\GsAi .ZAtfDbi$2 ˆJItpLav]ƫDYfh?W8"-(+;_5RfwA- J]b:̃}->ǗR, J!M  P\?ih9CS洦I M}TiQς˞|lf~߇m>q PEm<3uOJZ18'i.+bw{RȔ0[XX@D[]Qyw%yNNXfORWJ}`Nwuey,6p:s0#+ g&QZ` N4x4%ZmwݱaI5$QTql쮛3F XuC~B{XnAmŻ@̬I. sְxJQO*u^ƾw&ӸȰ*їa;|RJ QDjvc D8 Zi#H] 7-#Ȅ&Lof_4[(O5C)5" 5h2>#D!L†H Ar0.Jڳ'(+'UcsEZc !1f<ߓKaniֈafXC@Ƞ @(i>Z.黂NG 5TO!}LJ=Q+wwM^@eko'R XI)6Յv@F`dJ ` ߷]Wx E~i*ǣ*nn ; 7TQ)㌑jŷ|*5[FOs·bXpQ#·gmk ά(9 ޯy9حtQ_=..iS6y1*8̿Lbfs ܞY{48&$Ӏs1)?+1Axp>;e`]G]_Fg҂/9,;Ճ"G7<τ6AdyzC?mj0N϶oe)Lp|&[ڵH)?4cu/ o ^k0f=L쟽)2kRǿL$Rt BkJvk*E`lJj8GoĔv[A *zS^c|8nr;‚h"JYNR~* U6b jtЧ'*DDӂ m@J$?[RWll Va|0{P!pyqs2ZsAe09 w6$9}LH#]%=/z-{x94';/(lgo܆y?AFz|^+njlޔΠŚU/N嘛>D;WW_CyKsqa0Cҋ|641lHD~_Il=LI{+5uBd7+}ʪ悦jH)MU[>ΐ_S+Ъ |S}B*;@ +??z&rD&^߯٩ۺ]bsii$4G  kD(ӂՙ,\pc_0ۘh4S3{A*G'rΞզɵ~/V|rs֘Pֺ Z(c6g;plr9G kP%ⱞ[;ky%S}bsw$ަM{ReBt!^H]$g*uջ>=ib FcrA)EGڏt\@gwBVMoBP+!ɥ`dgQA熋œ3ܚaiB >@bټfL Um ƞ,؞UH#W޽z6P52Rt"1L.s)(f)L|_َZ:75lq@aaMӛ 5B G5_t@5Ի܃ =ോ*a [E(,#ٌ,Q8 3>>Ȩ:;;Y+&!.qݻU t3bsњUTbjׅeaN\u@E= SYT\q)"wl$B&S?bs2YB/Ƥ|ى-)KDl^}3JVa;KQ`c|@7w]drҐε֫UI6Q49g7#0(VRHz"[1Q(jkT5,*BpOa䑻 x )JqO`OJcb .޳B"~WuJk az=T0E,yn5fͰd `ڼ|MtYg;'E=C&Y5DeǸ]}{l#NF;#1N Iՠby-L쿮LdcI7;3A,zQUo?5ج(xZ?p,#|J3 q:j`i&-&^}>&8c;ʨRc12 hwoy@QqEthiZ҂Ty3]?_ A/ϥRC3u0,[n(Й_>VPE/fk8A.itNYIP_pYHn\\xe[܂Z.O Ⱒ<"zA@ldZA"`>w-P:Z&&Edf)3t2))೏Ŏ3ѿvJ)O Q@ :aw:櫫by3l`FȃQ/]X3KD)qNo."|D(;Rz{1EʹyVuhrT|Η?%ͣFB.#+3|GM/zqІ:xkqIr=>$zbg+0N$hμ P¶.UV)ror8P*>ޗ*͎y: !RmRpJps?f|gż"@CKE >êʢ@wD%ʤC)hI)Q fEVT֞S!~̶RG85`v0]qZS tЦ!Ma, w7JtǕ:Ơwt+j"p2܀>^|VZ7ǪTkrJ&\qR6¹fQ֧~e@Ep 2"X1ҳhJ:Md?f[N2-*SlM1heRXD[Oº 5ާx*Zc,M\@ ;^fKuJZd<əjI6)'#)dtmV,җϘf,ժiqdeTUڌ[KǛU1 {` f+쀵oCANq.l+›`U"Cp {ojU10xlu_M-j;ΕNtH\t%n84jx6̨і ;&ʮ^qV x7Q_a zY{ɾҸd$}eQ"Z 얽YG-%yUٯy^ G@=ϑЧt=/΀'j}=BlK{rz ȗn;TC*XPn-҄,(}I }B1Y_++QK(~1IUoEnNpOyMmC@ wGQ"fXS" ٴ ?DPZY״/Wvc-g4:o8i1l޳rGegwlt?؆bň#B+YO  GF }?as!3RYे(sH01kO !v{0i1nɪ<< ACoitby=Z@UR:( $Iaq_hK=E0MK᤮Ͼ#!*;g>Nq4u"/B`QXT!ćwB{ ك97P [mh`|O5ЮN ;5r.W,#*gH> ޟYc }u_lFJ0gmj=r3}^R 3&\V^β`!otU)3C5J-=+6ѳ՚ۍh=2zZ%,S/  PQde}ݪk+{cc}+bσOx}3 ]Xr-D#C64J&l+6ۊq%nnCq2 rGUiayߙQjLj}߇@ٙɾA#ς F. nD;4g>}ϚL4va>dxJM1b=`J*PgE84;-2籿9- 3!m(4t.)g*LzғIJv0oĩ0e@5]AO:n 9eJpX?$mZ%Iml4M 9(1粎 ui5/NԤ[euD7;;%$~-#Jn9 ə}? iJq8D1|şndCYo}4;5Z9WHsvvJ;9 օMJs%E5^lzR+&H˪/ACZ+…\it [W`r5̒]~efZÜ,IJVk)L~K)-bAZ+Zy\piLU._P:)WhF&|TsBJf**z#xY}ʹ㷁>. * LM%{ӟ~r<:I7 7`b6{l^]Ŏ@-lO$Y1"t;Pr` vtzpu`23Pӌ9ͣ7Fw.i!k> Nw4]Y]ݛכ} UJ"=Ľ r[ 㜯+=#"جF4[tuoXj{|݇SҎ})KGx8Z}/>;߄ԌC껕9<z x^5eyRhEbcq#8:ahIK<[5 RRyyp($"wټ:sIlV:/i(Y9 zv_uvPVÍ;"z 4BfZ }?ތ"F tpQcĐ9:\c~a@f7oi"1Rڲb}P[ѓFCq-}iir1ћ3%2J)Xgwa"|[U&xODݲJϽ6QquK#]_Wj%wkН-PWkw1.TԻ&綼nCg4:k臔^Zr/|89Z[ks2hSk](C~Х_Rh>34,(C~1nb*^ohV\/؇q]),|wTڵ3 >d[;Q"d+TaՋZ\`"zz YnrWS]!mg}LoVe'Ő o`?a!: rK ]{cp?f,R^R!\K4lrߤ$k Y~#Y˦Ê gH"UUwhQg0O eF&6)ڢ#w4ǫ3Ž76N}u:i}=o\h@osʅJ,t]0¢rG{خ,OоDEoꪶ"#W::Pڟw|5/(y2U6 -dDg:ǍHR)Bܱ-%ڶuuu&ZHt*m޶(kfۦE$G1.</-`lfJޤX UNitē"w ,m}gkY鴽yMʯXvFe'%YXJ0`; JVȲʏBpUp5(ES\c.ZnGتɳ(+fR{D{p,-R֖dYNvWEUN!cWtPxdbg h8YnT馩']Zr8xpEix7.ĈN8HET[lùvtY\`~@6<>+l·Dw[Hڤ:A{&ИMGoR8Y:x&̴܀ŌyG gk]M{:*Tdc,r&psb<M 'L14SДcw}g?w Fs+4!|@VܟruPR#wjTl`;;'AJ2\su>mKfVR$SJkޮ{9YHZ$56tk{T 'N#u>RJvTe<4JGxD0; ) M &x>NȷŠޝ(ء0+؟le",<~6'r2 #;uD(v . [MEK:=zZlG\.8$8|u(A/;YcU@ջңS6wFapCCU^J_$FrvT:"*L X~ ۲{7yHQRхj1*j_;i_5kKRQ9\ \߶%T+ŔyV>Ed-]HvA`5#(W دb(saJH+oKDx7O0-ɾw9"yy"zw`v H?`9΍F /6l hTyQͫn75;&Iz+{\x!F8;K$՝Ow{1o|9dB=9?Lڧ0{Kab*>^`$ Ωo>dȉ( f3u^|?mC h'(WfT VrB=|vHw+_/ mЦhE@wKW%8Yg0'JjT2OOTB7ࣱL܂L׵I6Ȓ&rjlaO.O fx,pwnT(S+ʇ}򛻭ZE9%f iZ$T [LXLr0ʼnKW 2zJW~cI!/}v "eӒY+NgNW/j*{u&rڻt܃n:gK;+Em+2Y2d.W(_(O4>cگ'y"3INVt (hѫn+ߔJmGЦ!`ĜܠH/5X7 [6|T#Q$1u=%GėՍ] 09 #8F~8b*V7k \RY.SNx=JJe$wf㽂E 2O޲1ZE`&ԹzGazj ~ u.~>oI 2T{`Us\tzNUkBtP4|cm*&~+ק1Lz=}4C~2{4CE]s"GOҲl'h!HIDŽH.(vnjHCP~>")}Şs+b"bJI>eN+-@6a#c`bͅCr7|uDА!^>EsmH; VWM"Q^2Ѽ?L,IJ](mԀ4%Z^Z°q5 Mż ] K͟ҮWl˞8:sIk+EVDњֲrm4c{/6}QMwĘ]{e4s"4 8 s7A]9k oO|$ɘ9DZ01~RGX-p(&h95 O <$74^fMсμs YWҮa2t,T+I50~_yBeG16O t`jLpj3p0iFv2~ig_w$np$쾴0 R\\7Iib->ͩ,T8[bٝ>09[p_}_吘NCfkDiYDOD${5:V]H 4O* ! , N>nr8!pk w| 5"A}M߳0 ft<|W 7ڄcN {2&qt&5̨Ŝ<.h?cQjA6Oj n5#8'f.3cU爡^ m7oVR2n1^>;(J7wf=>p"ITevuqï# /o'H,S-־2h!۾:-.ϧ½ 44!6%k*$dcGO)u]!G9O7JU٧NO^wK0@7G?qBCm*eI{93uQz~k?x oyh-jgF;!(ͽUG7eb-ZJeiT>?~ fcqwLGZI WE:̑o$i;_ a*e֍z {Ϛ\}ioԗ6#vđ<2\"/^Q5qEWv7Ψvľ6^<VWfŞCT|1,k:u|-r#KH֋7cE6RNPc6ёk5ٮ@K~arP%^RYόk8G8˿Q<ZĪuZ'Md #M2jBz0@2oj؈74CHOL` ]ӱzKC3YŃDBc_^b_;yzhLtwH@N$wϤj5D%gQ3=B._*Gc0Z4S8p'Ur߬WY=R^NgSSi;޲#[!+7KXs:,J'zGbl$n[! ]Iw Oy;5?,KżK H *F&˯ie*p q7{zd#?8 +W\@Ǩs<{R{kZU)R6m+h_@KLjnKG)uRtTantWpsX3Zܒ߬2`[󲾲ѤC=%@)]YmO:M?0;"z)򓔚+2`!6{ы&l&=cݶ ,7q|2LtQDu\݇N{D2nmc5a~$w<d.{5˩0TԎgnaV[L`$%Ax֦D(Q.*\ ӯà\$ˇ_:X+::(<YeKu@)$|&bRYsWȈ⟢!4 ]ٴV N|.$ugTjK)C[S=~2ۘaEaEseO罷 x4lY4VS(v7$ȃLlݵPP) Q=#+3^At=/n =dH/o<.F]x5ϿmJKfpơDwKAcQ/|=&4t 8?rsI4F:W':Tz@zP-9!_E>mMOO"ԇAú48]<4ڗ+| ړE\ BbCamefX#Au{3KGx.l/M?\5HMOE[!,dbg  y j7"e_b_{I-2gfdmi: 4ThVy!S*g^Ri)j ݗC֎ꀳ[PoUVAs A?ՓJC8x'}t+z&!L]qe94҆z\gW wրz*gBʁ=?%cIgɑ?.ZGSE%ik⊖@Z!hيӱdYx/~z( i^W [De^-;ob"ytx,C.`e=Hi/M123 k%½tq[t%-qȮE eH0By7#o^iz%d݌^-Ȏ>yrw>X[ mf;Tnz~*Xzh+ٯPVSQ}Bf :vB82 ^&hds18dF{סxׄ J?St<7(6oRLy9Tğ~%Gj[{R=1򻰝nu"{,?Xj~Yg:4ۯ|y`T^K%Ђ |R >m:ueqպl1jx◱$AW ɫ9gꋗz+nO+ִ!<('-jQ H_{I) 4n7u&/uL/oDGO=fNN[bNO6 8OMƆtE"K˳,)>\=?X+y4d:\盿tF~$R%^qZOcE1Ģm&%`cy *&>x7++&==$efgҪ!b>T tH|kA$T;4#nb|v%#/6[tpAf>*n9Xe( & Ev:j7i~ApM.3uf.8Ϊ՗10h[$*3gk۶UN5)yu&)sYgj䨜I[RDL7$)Wtq\п Dጛj=ii^ӥNԍ`Be^g򮅷|uzKLиוP|q [fB_ܪ6VUý;ĭ(eOX6'} 3~2/Mdtj a}`z 4)QX^0y/+GPztw*cZo!`w|_Vd::}Azm}i|"|Kjt} QtnW']s6;ȟ#BQsSW6Wc(V_Q!!Tԕ ?.VC ] 8*'xDܮDB_nߔJz}4S݉P /Y)3xM_so%QRC9{DpUߌٌ|@u*EӱAG) w}א/0y \_u}>dܮp̗e[! |K&҄s(' DJ434 P'3v.0hif{f/@4s>jǪxrU?K<U,Y];>tUT xnkdU3֟sZcw Zj4\u&m*JGd2Y]go/E^j1}#=tkH o?v3sG 7#L|oD(3WAAعvJA,3Sa Lwn 1- qTOត{0HwA*/ȗSNeס#~a ſ2 R@_]ׄh;262ʻ_|3() ,rt D.)kfgwSY-A|eFntF#,~G1.jjaDTxf*,J w,pQ|rC; @.faIF%sx1&oH{uOS¯h6?o CG\V@$ؿ*e9rT]:&մ^ze_\Y}fWG7]TdJz=*zУsIv>}a6EG6QSN|O:C͸YB4_N TM*Cz#+:2;2#:rOUa;mmLǍ|ᅄ.ܶ8A<6Kp.F7&N1/wGɺAG9S*n!_%|OIICcIna,>ۻ~1A)2Q}uk{fIq.FOxy /' e~;@/zwZK!+zNXM1EƱ2N0s3BENX݅n-ǹ?VYIm9,e-۟pSBE 0gI /4O, tboHY*B (o嵹RK3](=޺`0]D|H/ۓz0} Rւ6m_);2&k<ÖmԬA8d֎86O,J?jRQG[O"lWFA,T 0'J09Ŋz0AYH+77(sKTkL+bm^PQ-ܔ!ԬY9g bUFvK #ra#9q`פuĎ=i792 y(T~FG8܊@OJ"y1C`xcPW`7tHea|9`;؛(0PyheN1?j٤6%Nh'-EFygej y%zOrİ}c`n'< k/'JkTQ|~c ySƾ"\@Ll>P^C=G9vD]C0V"u2$o *;hىWf{Nz_ls)w˨/:=HWxQ@,-ԂzanHe0GN9U0t!wtS#(KPᕀ,q00nuJ0F` Σ_MOS=bXvsZ 2hsCnQP!b<ϮrVO$fw8^a1 (uMm}mtęn>E_ʻr#lI;@33p%#j`<Fߖ+BƔ]em%3}IiìD\lo9՘d]ǯ1ힱ[K><ЌZ#ω,xNSiRAʑ[-0^'iQ U۩&㬋(`1@NwBX!7|`܅"96(7`Ce۶pDt˗Ŧv׵ձ3kX|--Oho= s:E?=Wl{f&CXe)~9~l'YZIp}f7eoZ:D -yMnI055Id3"_2oL":m`3>[e[RA1IhqHXeu_OSɁ7jI/ | a.tgg9a|OM gќ ]ڔ@i9(iSXP͍= 68/PnnE}/4p[Aܕj59_+Ə}R{?Eko%S૪<$dcWi>Ĺd4rI$FZAy zl̫.!MO26 -;=PehYb12ɨ䗩r9&m ]5cKKiA%1z57 -:V_DuB 'E109 ̑%Ӟn΀E[(F@/觲VVQ+k >g!i##扨je6b_b-߈<2=t$ ' j }{>2$ڪ.5^ jbU-=Ё]W#QJ*R,y?M'ԹP+ ޙ+5GԨD6u~$7x~QI恩C+SM`Rb|Q'G_"Zwd $ K+&/sβ^ٳE"?qg {GK+@Q<1U_PdYr/t6Tj6@Ubrջ5n(l +y &P &JҠ)Tzd^zi_\jlh:*?G򤜶Y <䬈!h)u?pC"i?P.hyx^Aºb͇R \ȇۦDX`y_7eA*#RpT89=?S>'RM,5}UDs`@  ;$Gr&ŷoTaƮgsP|V{_3=33S~іގ'W+=ʻ$6cv[kq̴mrOXX{? a[ًF{:&u7SohnE}j!,$(_2ٺA| 9$tʒ{GeTG%YweCx509t}mj'; =|f4.p?B2meb$ .tד>}{iYkw)17Z٨i8E=M>a$S)5' ܊4rL[d`_g)Jb{&}19Po"kQ7ˮsT $yP_1 '@RLaqB>2y˕tr;-Xc2JzCӆwMeD*juZ* c,xwc wtUǓZ/)@9J)|'7qءWb~LoNBX) PL. 71Adߵ.xEGVK֦0AquC]ow e+O~l^*k?㞦pg@yK:1fQ7\9KэoH" #aJ.Xps3mc@ &]܀@[q#&^ /A(6kOvphg/LW&9ǸD f,<~nl55u@dSl|I؄$p+fk#,l(K3 =re޹1`ܹ3,;(-P _=Mb8%wNz/tV4܄m30䦚G#y_ND$*tA98wX)O`AI#eh$g @ [ʼn n -^kMT޸-է\aOv| Txp sJ1xLT Ľ,a 03Ϻ)/K.VݍF%Eff^p Qԙ u_ivq444€R7+l1cf XLqϮ6 l +`/h #'(zJ9q k9եvŕ LE⩞ǯaqnX ٌ3WwM*/k?JI>* O㜽"l7R/G'&7圾)!'qwsĒX_špQ Jfc!)EF{ |n3?m[s-Cە|5'<LdpAҽ;D좄?W{ŸB3/,=T-7}̵'lpG 39cUV5In$3Z?Ŧu9F۴u; ͑6&LhB8Em=T)h_SSL rA Mm;{~^Zm֩ ~Tl( DH,\# !ۖTH Ypx&]T36sp`6m4BW%+a*CnǤH(w뛻r)*O" zrfa5!-Y.w $X݃C\V+o8-B`k;^[&f'*W]bXU3j%IK 6_ҋIt׼Z& _8%Jyfd/ڤnϪVQS~}ց0VQʏ|vo#k]A ,sZJ~l|1?_P/ުX0J癙|Ŋf7]ӕ{D:{ %XbmsgRՋ$4闷#*?:H2$uhf\n AꀯwwdSHp23򍷚B|->IYU0 .XQp V"DFV~xhziHn to^GĊ-u/Hktc}s+&_>1ZĄkFLɂBe'Z1b7_ O]| Gv`U3=y!ĒFү{9i4j| )ρd >ywCT,RNH&hjqό@X[)M(a+*6`}Eh0(3 Ri0َd$^$39E3O TqOV™1WPsIeUODzX EkWO;l*<*j4ߍ7 `1p{X ZݔJ׉㏇ܒN1$%Kze"*" -.Gb e1˵D@ͳ3_:{'};9w`0voAUI(3)r/dRN:* u*aK ]9w G'ɹ&=bn9jk &}|rGPK ptEnhkq( @ceZ\9Uɴ+H"vcg>*.vv4],=k3b&S㪑jQhM3@}~JPATG>eKb,,2k*GO6`6CČOZٯZWпgǘq7^bѷp|P\n$! ;?P=j0wX0RFq=1>lnOH{5s DXQBZCJyV0>`e)`$ >+'Z'@̹?qHShHt]OYVHGL R«COs '.i[(zEk(w#e t{F~7N'ЬTwPM폏OBlk1DGG ?4>X=Нi}ayއ4;m〱L9mGࣼC>YS[HThC>]i Y(фQ{F1E ] }Ϭ=avv; vUYsBzQy=D%jB g_RmM=pmy<4wt+FqS+X!q`*.p۝; u)a8lҷ^irşWpr0qUMBY:*hv2Icc6;T'~W VJ:'b֕*WN#3SXL2 i\ BVѡhjr)w ΍(hz#Yg3K[#eYNwRX_ i}$YGyI!GPm:xctEYNJ@;pl %{c7P=nc?z^2fv[+FE}/+taVUc4')Z-%h/Lҵeʌ?ǨQ#Rtٲ?Vu~-כϰŊZ,]l<y?v:21zR"6w†f٬a%Cͫ%تu2lIZP|vHۺ#sJ`0T.R%Q<ĉ(7sdf6ȚTC<`7jc 2@zow!-Ɲ7MHG/j]*w!`]BGmM4pIpڌ cRЂ~ofRoEy4b_ P JL:Dכ5. "oHϮP {ˆjd?ym :@{v+ 8Eج.5H^!yc*~/H9d?^m_&4紑m_ZEy'$(V0Pg{&&5:3dN#sXn0̥7àpTB`i)4#c#YcWɔ ZHRm,E*$ ԻZFþ F-`$j?Wz'0Ok;X9 8cH:y>Ҩj)νD zsu4vBVc (=q5U1RY~SQ";#k*q*EPY(p!?a9 oK8r4SW$q)$T]81¬?(p6e[v:0~V.0`E]J/7E8ye^蒇zNu$E9썜vЌƒ&]P| 5Wznĝhybt Q9tY,-${E9MR'5]M`(t 5Viy`2YP5׌!p Stox9.~.ksC,8+ֻcl85խ${EnBJ!6Hz_f@ɻܧ9bk|+;R!gspzt24D<[HLHl+.V;>Tfjhii(T5]:[˟^G& EP;RŧAICjw@Ֆ yzrTaJ˗婛UO:@EV z6%S`fX_J (HֿٛI۪:$\*cݤ?H_FKr{%2g[L>(%r 6wMKzhHˉLԝWm9 u@?YkS<0VQq$F2<(#^b3:wM0 42!h(v܈$!7Oћpya$g(??u)u|$P#m@h5a=v\OdƗ{0?;0qF60&TĬ2nՁ' OPAN+ Ndx9j56%^&*]i[uQGI.-(x</u5ji3R WOS%>=ͅ"?~պ,٥)Q)Np fCeF߀J{ڽ`S͍7*(j)f;]}FaB#*1^;qz_uDn(O Q#[aMV 6;?S2 Gw!JAkD\("5R* +‹bݲm|kխ&=WLA+eC5pV.?KeE{Zjϧ${Rr A:s#&ů16B lRVA[ t[ގ.CZ9h>m:o,d4 S8U̶J%Tc+MW!0?q5uJzWǬ:"o0- P f2ssY6J>+Eq ".ryI"_HA= ]*u"8ˤF6cqtKxRC9Hw(Gc]AԳKn=w#96ewS{G-,zkxv ?L[;3b- ucXsYx{ gl:[2czU;8?/uWq ex߀Zx:m!$(囮O  poQ e\ 1@Ҍx;`9|9|os@ l\o{ Z  7WC(|5{4C>Q??F!y&u.nqeC+l AdoZwc-2at_K^E0a2&XIN^o%7:P<89c2}^R;n+b{AL"ޖ%h}|_VD&q=com,ٷ,|M_ V{|A t?^ZNND65<ҲNJy(eSϨ7o]=[AMEы:}K#,ZZ:ˋO-"8Zndg+2 ax$7iPѬjt5V?cܫ_̏- * (EMNZ=-)).bIksUP6Ctm-:tqӶ̲v{7Ce8hBGY}3!j=5[)7B>Y''1T`hЈ"V/dW+2ot>吺UDd,RB;m]70}'#5MY)66 1E5_NsC-vV:Nxvb_paC_z=/}*6gEo g?CjaDƒN󁢈 xEG~QA/1N#G? ̂ܖҋzXi8Y@”rug%73T{NZtB}qN"*^cd8`Hk컛(`ҏbSN|:5 \Ji:L*]RqZ'k.Q)jFbIZG|;}KMip櫠r j<)P H_պ,c-n=`6`ed*r:ӵ Tz%DlJbw<DV1vnn~& 4 -jI-'e"'3,T1xb`D"9FfP{U>!yͦ1#Zvxb{o% U̲_ka n8ǯ[Q>ԜxȕN_XarbqߌiyP)ˤхPJRG?qc{b1|+;;N"d;r $F%XT.DרP { lf86Ǐ^k/prc O{{~j)]^y~3&CAMJ:י2-(b\8F@vɟG65 g$pZ}V ԓ K|jU*S, Cu`-,٬jDR%y+:P2$R^o;P$\,Pݠ]GW<ӵ3]n2Xkd{_\? 2bwIkskUf;( ?Qdjl֬&-a>R%evak{oN%mI:Q6̢f% At? S.̽Ob0NIvLC׽v7K#&݋j'qJ'dlˎjdrGf ͐}{Oڙq;pq'?6aJcӊ#SU^-\s8TAnϩJ''v58e)IyPlka>KbrE4WF& ÎY)C; XTעrW"bhHA-n_`6eS,E81i}7)Bǰ"㚅Ofn6U|nd To0 5 ?lq#[]qZд*{ ^hLZr2ʋQ'AWȍCŗK(FeEN~ [pY\Jf+*|?,;4˹C Iv=(] 3>*껝q WnU22DX%4 ehϷ\ϼX.irEVr.8>ips&aFj@?s}Hʕv/&;Rc+JPIJg_QӬx.yKb|R)[i#.ˬ Dٝ)RࠤR&,[\+mmRIPnӀ 6GH>2 g2T-{5?N ˟Fq&*x:kjCpkBjuÍ^eA#PgQ?&>;qmDOсp(7f%Ibf'-Aӑ 2w0B3Mhct`z$Y6PEHG!ғ(3#3DY}y}` *~hԥ?[V=fvk;hi24@S`~--EiϿX+tC *翋q?i!cRQ'pel0 lsx\k6AW`H`b:uYi{o f[ IQ]k&*>rBZ*aOA5Ͳ[* w-}puc#]V Q GVI_kVr{0Of^5DRw󽐎WRU!~ͬXXvؾ NwWIکWd͈^:uKbO~7n!u#G-jDžJ(MkoGaPD1ӇN RWi9.-MR>) ;~PũJKYp p`N15ٺw -Acc& 1ܼ)z5yOFLʇ"0Ӕ/E* (RHhsB +{Vv4ph愱ă㩴Q-8&4N\^,o(PB_JT<9NnMM4Br)iͯuD[BňBT 9$5ī1 I.fcn¢ʂT3|0[ca-}_=#M7syܴYK=g$*8֞eOUu#ķt K`SGxᎄ"e1^D`Vc+#tWU.:r& [Hokdԕ/4vYDH3/R̸(귔(<#9;JmJk> g0/HX7<31MU e[/x F^9#BeK_K^׶-Bi-!1ҹ5QلYNC܌iX"C pL+|ovfԞgv/ b߈2O֟\OR;49*{~o-HALhn.x9[+_Hl_Z< Cw_X+ GUakk0Z#ǰl9gɡ#>.QD|ZUs{2A| K|5N{6!C_4d ,ncF1KtV# 44d1'8BKXAb(>Mr΅ )AcBQz;YVYNIq1Vjԑ ƌ5ۿ{+ԘT\iy/BNhO~[r9m!Yiu<6K%ʵP4sX4Ԫm:ۥ1S w\N_ς"?X< _,k׽,(?ڨFX|1jlersۂV c$#?q \wM3mnHGR[tP>Z"&cM$<0 <>W*]QnC+Β=}T8z<i4odWc; IhOU=B^;ZCQ![qaY~KJhc:yI_ư q$*VP, Pgy~GiH֏rNL֧e88=isTu:`ڰz9\~y5XVb"BX#ՅA?FOD*TRe^?]ycA"VB(NDK9:@!Gvq'=7Z1\[P]aworEv1f%GC8O9nv Zf}jӝ+^?&d*yеjAHzi@Iy]BѹΐuDC7*cR)$s!DѢKƚR]JM2[)5T|*Kca>=B3 iv,fbs厱ԶygTΗF5|9>CMRn23M5iVBA(᭴?p]8Y(Mc((e:j7O4[=Ήb{&GdQߟN35GesnHn$8B VMA I…Mcc)qW5 /A&)3#n$FpR-# +e5RIx Bۤ' ~BGϫ0 4|tRLw hI`f_Ϡf.d¯1[3JY`ݪb& sBYRAnըHޣJ5fi'uBsvc`-!4,6532EFE'Uiqy/xߌUfE㭄<; \$ӣD1* Ãy%O7\_-ʨ6^Ӿg0ߔVq6oא\i")g/G/*ϖ&wa1i;QZ xV9GSgrC}o%B#u}xU;^%"0L-P_Υ-FF~ЉIӖ6%C0=UnP="i-QI,.S6Zh1O*G2d]/G[]oZ{xtKl >MggIjKqg4๪K" @ؗҐH!HApwJɢlx9gڋ[6⮑{$AǶ,ڭ:M"ɴ#H^Y-i8p28Zvѳ}ORx1~i>;xGߋVRvIyYylZķIc㶴ɯv)/d ǡᬉ?3VQlnZh ]mؓ*]xۛn[nIZa XW))TN?ߴ Xo o.{3;+"[0-:֒9v%/r7{̈v -Ǥ\PKDL5%QM>/YQ.>S*Czo/,*(~ .#%\M'9eǂ _b<(ʯQ `<46:ڰ喱%wpEe>xDl[z>i 'LnSԳo(a`8 )m+*jp~z?r4E&ZUg*ȀpdӤR /0tـOlsNc;Lqr*ٵ쩯R9NջBG? 4 8FZE:=fe=)3#R) 1,V&uu2(G!(ծ{͌-1q,߉ҧ z'h~1ay-C5ptܞ>Ȭ`zȥ~3Xc>5D㦃 yDP78Vi(p&:rXNrӬ{_0e%8gqF.n혎i͌+AUA2Z5ן$<O{c~CM'%,=& <3W*"ek_oZ`l} UOwh\.j4Q"B ز+Mt3*.?%Gf~Fh +)m^1(~=@܁ɾ p} @oKugbCp|p(K&ԋV%Rg$L%B/5C)ހGmH'1 7L8=һe Hġ~ qDE^f14G6%bݷ|/(YS*, 82d)M\wɉ[uaK"0;n_tM}j_- C4Aw!ײzP[R4 rA">/Cy1Y i5 'O y,p6Q)Kl932sz>*=:dk~(hY[a1GX7q:gL^|K63D8D0nͫFMy71DhJQcnjvs%IpXzӏ/当6Lq~HᐵuM*h<&śJz7|Kyp\v?eg]m^Z#Fim#Ld`Z\^Z1'6}Y^Pl1𶓆>S!%F`0_ֳ2:_"횫t {3o2V}HOR&#tUU7N5~Q*엊zqܴLV:g^ٝm 'ɯ;XI HRgUo5Sձӕov#J?熷u&T)0E.)󽀼6zFkYCtXCd_eE~_+E#;X ՗[ U᧘8*|i'̛ yPQUn=@<>aehĀD$P\Q`¤t|[Ɠu,|Ԝ8I;[4ҏp8{ofpz bz.>A|T\MΕ'n0&bW^j^=XF rDMiaϭa h͡Ry#Nۻ$t}#o~$>lDyYùd-'&&w0UQ.~𑙚ja͌L͊Wp(ۺG`M|YՏ];-TՃC2NΓ,kU5YBP's/gcfE-L) rnmEjme+j%QQ-?$_4MI^eqvDӴ|)Us~Pղ֙ (9Ȑ%F#dU r EVITv!1w)*‘"\^璪g͍U2 pS#I3K9P0awaԒtVQ %& G(]v c.^fΘP4)^2!^fnKe|![1ƋÏd*.\Pk)JԳ)M7@ 0T yN+pc%Sѱ ~Ɏ37/2k0ʦ~7HҭG/N Y+$΄.m̿^}/Y<5ϝܔ'Gsx(P@ 2ӑ@GS)OQ*RD+o 2)7EP˷wUUP9Y|X&ft)-1yz$ ԩJՆJl%X&hAVj.*6,e"v-g۞![8g?"O8\1CԪi;-{ Hيe%CjΙ gJ5\[s?:$gK )S@7T9P(to:]CʧWv[ٝȝ!`=]ʔpH =awDWnjAԨhx0.4z+ $H{i J3cqmcYa4іY_pAϺ"8?Ne+0p`Ǫr50!Cms"bMdJO7 Tr诣(10>n%PpTRm1@V~oB]oñiU`>7r djDJ5ׁ^Өr!| BWnM#EB,@#'W/ab+G V76MW9^x g-9fR)|PC#@WQ==>ۯrܟgvڒלW09Z+1Lq;YDFyh*Ft[c8Ӎ[INշM( 1eS+\}qFeYECӎ#Z*t_OX-哊_|wZU&#yĂQ/ ۂOin_x I_y#X*+L=cR˪;%QKxPv21,B5/`, J*_v69۞w(*Azw-Ki q^e"lMgXw$ ÂdO]m:yHg.?OU4xݍ\W0dD!cf990Tu%`;x3e!<Eyѽ@I<{{e"&8JXyBZh.Dk2xF`fR=YɊ=_I^J;v;S/_lc` TѽH9 }AUt[Db"Mه$MzH:btU+'R$֛ݩ s/:F)K/m ='}{f֋S t"?Z7[jY3V^*1pAnby}bI|ky}"^0%Ќ*DFHrֽv? #,M~^B2G?g ?^Rdਕ(4?|Xcd$ՈMMEW2 k?iZz$u2@+g'(O~'}V=.ÅaIͱ X0s`,ӣ~k(J"@0ZT$e %g6/N~ E"J KD:hMB^(Eus8~E6OHTlZLBdVuPW٨ WʼnGj [%3-}p߷(h-w0)=# &4_ \nU jWڧI\J42;o[ #Z2& 8tt'ә5-{֮Y>CPf6х$U#Z fy &Ft7\c(/W_yh3=-{JplQa '70,!; ~ň:t_Gg<͔,{@`W]\XfD ''бN2p1o-U1Ms#t jeAa'O-zUׅf 6)X>}gaz}։ d25ɘ&RU~RS6J7Ph .@O,\}Ua@c@Aq(ҵSrS&yPb@ y%!NA<.ZvNQ Q.!"eN9; _$Ն1]}O'Ο+BibܽʃZ.:0M:2|D5F0QF[د*%t/d+ǥv+sQ_L񐉞kqوt. FslTE 6> sxTFŶeP0]N됫̹C:&Owl-՞[ 8U yjSWg)|Z_|$LXxL@+j\+tP̖HYB7y+ TOf(4{2=_ə/]KpouN$|8@YM֬Sag"f ^o p=L@YݙD×j@'OA-x'd)@^PA^|>#(W䴫 +NXwTy6k6ZaV/bb߶4X^hW#"5Y6eu'/-'yĮAt͖9#g}(*Cz}REM)Y&}$&xY"XxrpʔVKn$(%3 lՙNW}oR!EZqR˫nݯ3+˱5o!Bx psnv%N /9jX . R"8\04Kq8HSY[NgK}y+9ꁘe -7 ˌy|C{ش%mPI~gwA,]e-TfKJށf G4Ȉp\KK#[jsyQmlǑF@HI47d *ΏKC).bӛcP.CKwHQ76%=o f!|;LaD%bUX_tTEx_|bHxBN<'e9niCO-j?>_1x)ksQFI-Wx~c zH_rf:ȇ+9Ƽ !e4Xq5;%Ķ ef1IS *|`4¬kj/;Xh2QU#๭NBWmzvҿl4'e#qpjTvgV(eYqlߗL?a^&b.m9.ҟk$ti^<. ӑ̹QHLM]b4|iw$"Z3&{n2,xׂiM@ue9O Vॄ1<),X7mW4N\&6*(y(dGX%CQv3QurqI+ bOL;/8]5j)/`^/տ ,VZ-딣QVo/]Z8Zt ax R;WaH WoZuz]bR}pjC1TM#VORXyp&uu.Cv$-g_$F Sz7V'W~8I ̗_3C(`>5BGιƷ:i?Q"赪Fi<Cʅ$4e95{-8X\ &19\&1zn2 jarlgSx)݁SzV@86){7H͠k27k-!v[ؓz*ϗRv4̴^ +R/hOlȒTX5[onc2#S͌j󠗾 ڪ1ݚ)Bq*Fŭ~ *86%& g2̭"9 Eq:v4v)@:4kcy{3C9BeRo=!(,ȷmkc|&bPW+gTXRؙx)c:H'蛀]gSq2t'()rj*4$mEM@![cBk,ԡ)-rCs% C"<7CXUO۳(x; swtAmt>Xy,E&|.U62!.c*0:#/q'B|ZFDM`U%( T0)fKj-ᵕːT~ y\Iڟ/L*F.q4sOg`|bfoşfw"/\Kat=$7{V W\B`7wnO4\QK2EcUsp1?ѧ'1ֵWӪ&>]{B#Rn>M&EGz_ 01 So4ǔyPKmJꔕA[8qHZXSoW邯y@ae`c|=!Rp\q[E{C ,s6}ԾQT9@:ow$y+xF##M( s4upl4a/D]IY驼3gnHFI"?_R2@o޷z%?ԅ.졹P\ iow%*,U!a|yhݕJUc~F-{[ժ6%!^6ܛ6Y𘏞i*VΣ2kswXYÄuѭqR0RnoF + C0d4MoD]CqrfHa*"Q쎋"S Έc.6B&tx2J jSc7>+LB%3'؉ z 4+Ђ@'#o݌ԘW#'F$յ~-ewPJJo9w:HqE8iSiklRVeرC^T-7y6g,"|a%j)qLm 86 l{jұi9pS@vu-|0m О~A6@o\$?̚Ɛ~*[ Pꍔ$pPxYw| e{__z" (uVO(L# χa^ky['_{ 䭲56t6uK#lcdqCv{fyjC=QqhЭl;"A B0 i*?CKxʓD<_ ZX4U|7>"/4jy-LYgQm+v奘2 ;S׬vtǙ*[tDk[DgzM11y()rC̾ȕ8( 6AdK>g,-֬<.v;nXA:{H+Yo5Sw6 kKW6s2]ѫZ|Ix icZ3A;ԡ@ Gy%q&*ee\\"qr% T; mTtQ"4̒cuh5&;zpW߆Nx j3?MW/L]yU;!Ol?~Wk\C>}y|E勢WIiB *dе+Axa23iN6bn†shTP+xygAbV5i[ s v0 j.y\x%M[!+eTv֙JH̲ݶMT`H?um6DuDiV\|ʏFDfXsS};^Ҭ +(nUN+P7Y8z~^6]|na@^ ű Ӟ4臿e仛$[ߡTvtL[uJRRcnˤ?5R;9 iQDL!^}B;2| Xly}G.pXkE36 JѦu:Fß^V1 n A _yȓ@E&<%bʏE-oUPT:x+<;PQbݏBjoðר uu21qy ,0fnvQ&"\ 3xHjON* ٷ TudZ}_M0]i&+ cnWQG* A_4b]\@~]2]Nhf7̝61#(Oԑ|oS"T0,ݷ:3N]8TYCuk 0'9R5cf@`?洤vi!&+4q+ :x,ͯՍl6Ε>!FJELkv|Fz%/H,ûKG%nLP.E=#O)'y$3 A 1m6-I AZXЌyG}5Zt@$7z5*^k%C@򯆓74!#Xފ0kޟ2r܋s~ا鎐ݗN`N|oGb^8+!,R@N]X- %U<$MӴNOEOqyo*n^OOҋ;UX ^4er#qiXݪ (zh&5nmʸ[n^SIG*ߠ5%0aԄWHI఺c!wu\-g&Q#(aQk+q7s LDC^V[~,-҃&bfkǎqZ( ,{+2'X:ӑQzӗp[.K:Id#Г(~) =VVСz3AOIcWI"0I}L)Li?R95UVs<]1X >Dk`=bL358 ?5ʳf@ P);BXlгj]qf='IaQ]tچEuY1/d,>/CHcT:(!c!'dtlIoi c(th} |yY/N.%:=̮CZ dj N>m"rk`_xx2]:h%N sak|=>d)O8Í^QJ}}\ө=;vw]aΰMxlCLy1׈`7 uۓWnW-!X U~c`ژ`V$;Rvs]S+,trb+bx9X"mk_ HO5 %Ipț=f*"I|EŢ Lݾv#@d_(*4:<tFNַ abfws4C:ڭ^CͅQ  [ȧ{Vvwn2e\_l`u%? ac c͘w6Jصu%")68o쐗 EX?$='￵b3S{>JŨ%_L<2ghd{A) NS{Y5-P^G~.R8p|Zi{W뭮C8V<|eNu $˷^VE1wSƙ2/MiR1 1֟#pNF:ɹH|pbw:񻎠LQ#שHsHغ-u.z/hQ^X0Ua1"ec+%>F.{k!]/MLJ܀='+M8FU 6>& raKH&p!Q7 fI3|%XX`t:][ԉ,_j_;0>Q L v}ک#ٌjޑJRmU%XkGZBW5q8~l/U|:>5'?!ͣrDatvJubC@ p{EɌlc]C{~43$o'獟NGCo*-cX vlkWT%S4 n D.X<(IԆnw cNrg!v" ]Txô^oɍ p}9ԆR|(,b+?eP\y`C&ߴBqL[aeZʘm|5| V@3bGy?_YH*ɹogr6k@"aç@R{=wl#?d~f0QjÇc ѶRczXR26K MWV&N"^K""rH.3u'!hPIVLft|c$HNYY_ɌCH/x}C9Ҡ|[G ,@5򎥔aR$q^BPs, NHw{N|f}H)3,кd#ZaNf3T>dYjIVfL\NWD`tqeiZ\6=dR3:eհH]}*3([*?4p!3=Koo)U߯d|I£0#7 ZE.W qlVIu9sڏ ['}J q q0ya |SR>Ar䩻.:"=K.訨6IӮEVOuzr$c<ԣ*/n&aJyBEͪxh f8S D<4^u8\Ϙ})Tu16ޫKjo%`;K٣uc:8ow=S%}ho@]Y l|Nr"5 cYDyKH nE"{u` ˶ѐa'`U;!%S#bƬwIrVjM] }Kzs ьRw: v>`JR$'РpY; rNlCB-Ĭ |jۺ&_܆#/pccbT~w!/[w⸒a˒fkGb$I:u| ct?L~ "Y>jH+wsˢZx=6c=OZ͘*rlyYtQ("5"qng'WpIիs<(@˿M}Fz)kD@a0S:d탳SbmH: ê6] w5@ eub>DiZp yՙ PǷT>s륳o ]qgo[nbaAWɖr(9>.yT;j4(2WXX{~IիRUgYWV2ϼAd"TsƀR3!1c ZP)F׼~W^3RZ1 t$eJHB?}4c5Xma113E5;u(k'YPIYd!.jCRۯ);ozpQ$ }{#G"SIk)c'"wsTXK46 -|^pC^) q fR# 8,ccQGstx廚`,yYZ  Jl^&jwVXm2CDiG}x:TGwm%sQ*MOd(i ZrD'nI Օ܏XMnE;f&]}|c:<Sk+B(bF5@1Ӷ Y7h7İ!\ y*x(chh!ЁCIg 6mT7-zoAۋm*sTӭHbk)o DNڠl?%hka3P5AE2~KLsΣ0rY4 I91: WҦF tc{)i2{se!0msЖ)򕍀rQ 3M.Uakg݉<=V|&aQ7o x gHIlu 3qPGO=3hMW CΤh "ҟLTcp_B510C"KK p"n 8K{0 Gq﮻G6v?z3kcޤ׭dMxœ⟸p":]gq7[ڣ@,sM#=\` ո#YLAѽ"htfk= _L@BhH/P {S]+juٱzoӔ(>?m%Z' MFEUz~Iz41/Jc"srRCUÉ%rT6L Apgf +VHH~%"t΋qH/*i3n=.Ər;466 zb3ZWt +65z\F$}EBhӬD/K1X@OJ3禉j9_o 箼%qgv <,sh@ XAxI?S\*->ڦf6nj"v 00ǟqxQ ȓNxv}TQk3F:}(ۗG ݺsOKJ⌕[!׌t<VuّVЄ{+b4W7pGHށRVN˄J.ן CCxA~wV`Dΰl;v7qxڸ$,ԀN27n ˢ+w_Kf\bm2Wg"]q]MPkME}c{zuk8V<Ƃ5*ºxNw`_#?JY 7r~}xS bt?J*mE߳d|#0Oqq$ūx:AOĉ8>z $Do_`m7_;ZOފbg&/wu=$M͇RV3`<^nC]23ӯ.er%ȓq W,Eًj=Q9`L(깄o`͈ˎp-ͪa`rg]V) @y5غ lC&a 25R2q Ѓ}Wz|$J-=%B.P'~h+~+zr6@N}Vz"4W2@]_k8J%Ž|$MmZ̃gj1{1 +Q>V hQĿg^IABJbA=g@eN;:Ps <,Ȯmr]>~AlM68dQDPl,4/0Bo񑮓̗z(qоI0vi{9F~ɀ' 2*,$463, |9J//6Qc!q[{{UU*GSD*cFՃx?\zƙP'E]1cZtoF1'*diq[dcz~̦DUF-ƆX4iD>l4,CF߰ @&1U]'[yN0xMC+K `g՝Wl࢓oM0\+$KroVSx;y&ibkn?V' Gg}~7MwtK/ȫ3:dDA3d !%lDqZ>2J"<ҨS,P>5$n~ewWvlٱMkN\(ip28KxZz/RqLT3tLJhl: rą=ؙX׺n*C*.䃖9g ? Ҡ0%2 _S[*uI}/JyDFKMZ,hukQPq'-&9OĴQo63gtUU/%(lu~{A9V`6=&vJ ̳;hp=M[Lf?o våeE)dgpQ/5HoŁ\ #[рE$| =U伕I;q†3lެ I'3ÖMi|PEfm []/þ!7 nŶ:!nWVoCmu%9Ż-ot?Zm ȄC#p iv9}2g~~hẁ}BDYmXhVth4,}/F"SDia>`~RUS݇~JrϤ,35d iK#|a%,f3y)7c_YF'/YyqxL!KYk#Pu=F1 _^;d{B,j=IL g`rfYARs7TN9c<|6;2==sɺϔn:^߷Hժf)Hh@#m>Q!M.]zGw/ \Qi]֊a ? Ս[1/ nrPut#㔤@Q,wrʥI7}C]?W !Rj]+fLnsL݊6eR8є)סXԒGXP!6 F[t 7fjQ+v5FY0{:c C51&3"L03Y9ئ6BW~UFJŠND1A( %\!hk v}V؆7Y]wi9ڢ4{!'Tk9QJpihւ1sbӕ4E}%j=Ac41zL͵DC/ԑ*25eYjìLvi )aw"FT=F/.FBr(Ln8 Ӌie;*z%*r1<~_Xh|Z|e&`Zv)1<<".*ۇ3'l|e" DBep"X=7|Ŵ(dQVut e_aU t̓7jw3 9!50opN B#y_$glN|SKrm;!6]P:ҸuB޷NagdճTN]Qdy/9ۨq‘yGg:]9w#g趆DY y3+sC͕JqÑes;XEŮ2i ȟ*ya,kpL,p0hտ,oNF>+yPvL]>KzRF%19]HWfv7o}ar3p/MPRе "z4%8LB݄M23o `e UR8VᨤǷkүsQ< jns$5Ak6tGғǺXX:)95Q2Sb8`b5" Pσ7Dt0G;ˮZEoͲ9o.<0eT޸ޚQNxqMڡW)rTy= [1N>Xе l*/ ԄVLV˦i }u*39~\#ϙ$8)C`]UFGc_q5޵i4$uŐ"#{ӑY!Ks.eU3%t]อ_ǖaZ Y|]h1=̉E(Α-kdnsS'1OoBT؀lmz▤-6HP h4D,s g\k[?bw"xD75c̃sp-xegZuΛ&OCCJENT*Kf ӫL @LQ#֛9h ͨ!MېU>,OY˃{-M {TttDytbqt/ԽWr7Y@+DJfڷQ h?LU @W\.cms#8ZB@0B8m@jT}:kR҆U?ZZOCaPTo,FsFf-.7"@76qXoqr|wr)N@p$tp^[h ZbLٲ2Dl6 |N ̊XD PFϮg??KBJ\Խ( C_ccGNOg)C@.L0V_hi}p|q*:f[ B?=[pSʻD4AL|9ߥQm˒]f ]Σֻ"FKbP<{ ;!p^E.X{(т [ d0f S& EGr!n2dоOey#6&w?ܜaȂ(D#姯s0x<3P_SǚA_8{1U[|ΦtWBԈTaTL5velUgPs9:ւ9pø=:2uV)uhynD2*5 |LKޗ Jһ}qARA5)?_@tc}vfCu(J6< !VN# _jvC8svĖ"  )A:˪ht9y~/Y]yh;~L I?|r)`K21uâDBݬgG#=϶DY7MB]8%АP`BLYxC=|Dr&o6b$WvOaJf ig{Qh7S٧HF)|nZ8B&?P*H B_TqVU iA}и"4Ge4=:-]5:~ƶJ|9B^>vTyƿR;ϛcv6TynMBz!sU"WwɭؑXx;-ɽlԀ Y*4׬3oz!^DofVsyb\*6,WTy^N"r e=<s(䗮/ATdWR]#Mh9<ne]c'^r:j_-D p?h@8z뻢 AG87)[C:@aMF7+ Y0NFe?* crS83G!oxxNE+=ku,2mEC}j;DX>&luoȊs8-8_QP}ԦK]5^ )_S7.Uo/qSGS6g:/ϩJ+Ye =&a5uLX5 Cjd(6]Sɲ,Y!{t \Y)|;WG# frD!r BL7yvVi M4[t UE B0}#+ѓlb?&M ULyEzR^|48A>V7,Ù<[.@;;WP`Ipr׮.3PDtRq쮯1ֻ5v'Tg9{.1 ``Z`e +26q=E'W\eHVhPU@ܵL癧ɔ NbA\0̂2DULj7"B&d8a]9p<"n(HcX 2hpܮ zwZ0mu|ҏ A!pL07e$ Cic߾V0ZELiT:\{(|[ N`nFm u9ھ}l# 'ܝCMQ!O$uqR喊hя;-־k񄿔2P7x,rkyNm!˕lg u*AD yZ .N~.{Q]wan$Ș^?LMfkE#*geE濣(rOLCn82p2I<*qpq g2wV!35M*Ɲ)kaʧH׽xTs"Rq$cNVd2#=PWY1DF ;9"l ۉ~TMJܾ.^kN $IkN޻Tc+@e@Zj$qi+V&EmȌ䧤mxoY!}qP3RwȻeR[K:tv`-2-FVr$|.[u(%5FXghM8; _XGfK.%!"#3<hQo0f`[cZsg<|t xXl2_^w{UX^NqTwmXVrVudMFI;Uk:ʜCa_ap zI+%ͼ{cO+6K eㆳS}̶&g=8A\pݑNcpD]; Qib gls }3KpĘ켡Sz9?BM>"^ay*Is#5Qٗ[NX#6Nm/D枦bqjW[$}cv CqyK "Iշ*א<I/oEgɶ8Ұoy IKgdzQT*1p3g,Iz7iba:ohA}!&6* WXCJMR[0?H(,ϜKH9k0粑1+KV ]7[53]'0 -/$ ؈%O>vn@S[O&_/E f9P*k[{J^vǠFW @hr$eLk>>)XJ=ou>&Eߎ- ,E)!Se6{C -R=zD@.̮|USZ{OkTL+*ݘ9\(!ză7U J'? ?7 1y[될cY"{1}s_6 O20KiO2 ~[p'n%l$srOv$ xlԚ_AVt,ڂ6S.GݰӱFuv'L1V N0;uӺJxsBAՋO,`ӓRPx/Kp+/mfٰZ_(䬭;1oܑhnHdDV g8XL]Xs!jt׬EiѬb'Є78??~(BliףXI T2~r)!cU]١F8  8"貭#I=9Ixo@;ڐEP3/rs7.Dfu22BQ?ȪK۷S( TJ{wKT;Խג$ǿqɴ3z2_ nٗjQaQhvybfc|wĬy@NJ{#ʝyViaA.fjK9Lދ,]Iǽ} ؖ}BT)[k[.Y7k:4-\ډb=o])0a`w=UZ^pMOd6˯ $57J`'ϓonD,8s-=к ʝ<1F"rAMDs},|OHw ncFxU nxM`剎I q,#myCYʍlj"V Q L۪(pէ)R,Wey\NG dUw]/5+~p'AsF0xJ&Y*Cׂ T4z1-T,WgF|Kf5eg(f g3?fHRnlxg 8qW$ݚ.RԮkyW,@Ӏww)c, (g{aUF `rKUn˕'5 (s"u6F u(r 5b%ROE2P7ߜ B+Ǵ@U ]%\y w\ɘ r߉\|@']/tuFϳ]0k||P8e"[̾G nc\Bᮤ(¦)!`}6`-XM W58J|W mUsU0>KʚBV`}7]w&M~cmc,a%dOm;3M\ cʕy+TxdTkQ>[O3-IED.z -\^mϵnȴkRc^g Eduͳ@ Qݤ :A`kpz֚]|kԷ:mT++6&e<3szSm{TB~&#{Υm ;6{B) 9Zo~ίCJԱ=3#1K 869c=%M&I_봊iWXMc@  ȖfD?`>~gKI.mƜQLȵMh7^`gJ⵻Tu4/Ye|u_;YK7H,3x>`B0UGO*Kݣ7? g|`@yKd>'?R{kVP.iyyp6|?Z!{n׮;R'-4c$İj:[ÕqS\ sW mwGK +3ey h{z.)n+wv?àռ4sB2%N-( Ԅn6VpC$s9 Ru[OD{ mEX_^;L4uix -A#.fixhaJ(Sv2Z8oˆIW]e/O k썄/8}H_/sԻc@v,`tR2bQ#_}sX;ZDbm[ĭT3TJ+)%&б{&X]7?#CŢd>}BKOnXzԗJogJWAg5lJ_4!OA;Wl/Nuq(1Ϟͱb2 SϿ M\3=Me6)T3M ;7u&qe\1/W}u-rqqGR3#``Q(BkuU ~rμ-gj6t{_AYWD81OM R$ ֜މΔd(yu=[+׃ΛfB91HpT.(¾V+9?B1>=$,*[P!ɗg3ao=,ڜ}?쟧XN>S)a*SLw&@V_;ejf]BJ%`7]7j >CqyQ6֠$P(nzu>mஇT[fR,c]gu!I+MV[nY'Ľ?zMâZ,#c/-ѱe].@’d`Ąb PnfxC +f(DU8ԧ#xtv_x? e[&?`5gT{.gwt X$If (ͼ=sst GRh9c<שQM6Nz^BQ{ߒ{f!cG-,͈e(><,>c(U(Wp.$6vJf/4:`ߵ BzO(ziƞ \m2gSK;(pu@G<0r/HkYó3e(++w>7F' S00$[~!1BR^F5 [.P:״brekZ3~/"B7EibpĴGjMFFdimKGx8D/7ƹpq( Ǽ;~Q̊@qUZ-%P99hOYӌvOIԖ/M{EU/3,$tipi#s6D,,\>#A?tXN}{ģ(yǫUA!$߮diU˗f\,FlÕt?r4oC*a`Z5}}@23J&g-gT38z®Ob K#"xoriǘL%Yz4J!S|}$/0m F9oKN.@yu>ڴvj'~LgJdLz( B3K܄{ŝ/5ʃqWȮ1n. :*.T[a&{ﻙE!eޜ%IZ6'Ʈ^ta]uq<%qI3 ufsgCYir84n(2"z{c>J 'MHWb0 % -%%0,=pHf#~>E2Sģ,&'iuFNCz6Rݚg?A\ |@|hgm# Eȁxw$Dܿ;>?&0#oրv{(Ӆzea]-fr5!ń@z ױp)ҦIDLM H\h`_ѐ@%87AI~j/&l>+g:lavg{1R| a>FvCC "x<rfO5KcVOH*U)$k"j[(dDi"K;ΤrjrgguCej8={Զ-ɔ Ԓt5 jé@4}D |+]qxz[|IL*(gIeH,yL֭ژuIkF%1^N%N89m% IZk~l^򘶭N]x/|i"k̑Sʮ"5%ߗШŭ-!U+yjH+//'˿~4` K;ӷ+ ;s,OyMqVjY&ELv&1Bf>rd5J2H$V!< ࡀ@O1_0qesǹ ;8РnejrI m=yhްj!!MgvSg4F.C_L,~&L> ټxnԂv({#v._ s!-&kd QO-H\-I)v5+!ogb]x ^vqw'iC QV6z%mA'ݸ.uH|;;Y ິTdIJkJ-sX"*İen FPe%E#4.Lb I`Ֆz^X Ps AS:+sOZj /z=!j@@?5(qNAGTZb7hq {Plx5 BU[O;oO8aI3T底KG4kOx$A5^d5>x+V>_͚vfkkB͓,*IG VH紴79"L6H {`mmeyaj<FyUdbzY}5D|1迢W%~P(M ʬg8~*'gmf 1g9vM)g*(?%#+ Gʘ/дcwqP,oRb3]$u4S#1|Zu`kv +F͝l_cb †2Qx8; [b3ϑx+5CݸRDה؞puXɛæ)ls:w91]@BߴIt-:8%cj55dX܏ND( p0jލ.I􂄑_5vGt$A6N^wL2=$!^%ycN`oHU;?9 튥+YR(m[ؙ:z9g /CڅVJcE tE yCV#fV"ypg]#h$O/_g.pk^eBU4`s[&fH!e}D@M9$V,6v{3#n. 8LY+:=.qǀɫ@n  Z#/G"uo{L-:֝ut~w; ;6J{R|ZkxsoUF EyƵ}SR+m~%iq 9 TE*nB#Sr* l!4Шbm^p t'N aoYn)Ϩ0۱hRӆ5\ og`O[ e ^|Toeȧ.뾯2..{yn:R fDсQ7u6 oKx攘SȗU /xKmT{"R2sĕ-{M!T*G{/ ,tk>K&/mz Xڲ8TUN-V dR'%bJ2#f 0"4NaݖPODLbZU? vdzRD ڻ "Ńڝ+ȰҩDƼb{iI-;B%QpP]Pz0@X>5,wO؁X%hOL m i)Ny+ֿirPU<^GAiR-ha/Ā[$ 5k38#?vYsU;v8|<d4 k*dA[K+$^~VFb˔?VzX(B..;$_:wwԪ߶>VVqFG ,S['J{WyttRal:HSoYu.4dIhx"lzج5/C+Q"W3uW@D`if?t# wNƩW@ eAZT| 0"|N}o2} r,@!yMpq[8"Q:{{? ;w Qrǝs𽥂!^9niC^#I(I*~Cһ-2ӹ恠mWuܒ^û&Po@={\OHHUղpjO.nʗ n8-٧;lyPIWU^wm91 QMR%$?:&pSġR] [Nֽ!kSf$Kd>EE2"_*Vu: (;}l"aYSjEpw/dtB(+ԩ92NVý.mKYrʁw ur;_ݮBExq<,bO` [Y?XB9rc]9Ӭ*G.ڑ 1pRi=5yKnWsEJT_NE0}DcWmGH+knU۹f a2oHę'Y30-tilv5١f[WǨh4L5~ofp)&ȈCfCsZ@1s %Hk`ir1VV<3C&' ZHrig<)`jP\ta~~ (\&@BR8̞I`H+19sAPMqH\5`/Pw%&OXg:' = #), x1_VWnf^NM[m}:}v,GlP}_aݿ :Xh)7Xdk(Jqˈm#[#Y1Y{-[!j\! &6˞Rz#{j%Mv!et0K[0"sITkG7X,żpTH:?@?.(' B^y (iڶ/Zr"8=֌\LnkDSF$!^[{ 4$U)s);R~yJY= pИ`(̒>^cxPKϸ ,y9ߠNo{R4OwgA\֣ Pa/@% ],YO>`YWPQMh)L`[|ִC* #Vd9^01WTi/OE*@9Q(s'}Q Ws(µ'ΛƔc8^5ÛR9K| Q.`y7[GX@ ;yAΎցӷǑ$0c-Uho'a|ѳQիXIA|iu#Sg?YuZ%@3n=DN {by|]wѥ=7UV66Z+OAw>qbr1xjܬw-%?-d{d(GIeUx;;ۍF?|RPLSYc۩0L~4d9bUџsoejhCcDX2!l-{G]#Ֆx6)v^P2g6_f{Ϻ*Ohn w qg&|`a, wNd_nwcJ݀y|IfOiX&+ F^/كx4* q؜$9&D8;w󕟊q=ub|#kwzzY7u`JRRbW:ha҇O̔C><[q܊TX pD %9[ Nf@" 5'1i`(1n$MRY\_PzK-Ѝ"fGytNvJbhg!O.$CUփP1Y>߷ 3 }L`-X@f?״g7R/Q*N ^}^팋huВGßښ 7- S 5cLZ[\FѾ#JF˛ǼҤ2ȅP=Щx -ZUiuELSی ;)Ͼgp-}n*O,?V̛>覷.3 .mEWW9pꍋҀnj``YoeWQH",wq&Ȫh{BCBoF1v–8ߎRz;lE<`ܽ9t Yb~V7 %sl}ٔqM>|5o һxU 3m-GnofܜvvI+h7njFOD9Hя؞ d%uEVA{'@ح1Ewzٕ.l"z³b%AVcc,i ߙ/-b4pCV=9Od*`JtӋ"^nix2yeYÉȚAAԒe wgqYTV`I Dqz;~Α3qW%#e!$:Ғ#_EPS*X =wJT][TM˼YސUȵ8w?[M$l:ېҋ}^nO$L}ބꚫն8ךaV8F GticzMs:?&ӥX5']״8ORTD2]>[iFU# #W$.t& %}niE.κ9Ez~2 yWVG6ݥ,`l)IW"LHgבz u.y*(+ᏼVDe!&o$cbG) W- Z!X8;g0C9Rvu~ʏ#5; S 4y/;T?"?Fuo>w'_C1Q`!M6w;ܱA[\`FfA 9a~'p-3>v5dيw,&5[#g ecYiܡ!~vu[{RP:"/&&9[ࡉg0V]yFp= l67P\c#`襥'ː7k}MJ-uA:uؘgv>uwQSAMsZnO3,(STl6Dܴ_]j {F ̣__ n}F [:\z/!;}䵫Txaޛ͠Oqtl2Yijܱ2-kwvЛb),pS꿨 îdv!bsLF!,2o^t귷y4(”D :F₟ejY\B'|NliD] ,d¿Zmsl|\(#8Vk`@ %; ʸM#ۚT5{dЬA1U7 }QQQ3s8@MqӾN!YP%`FFD@[*w+$,T ha*FǗpX-p&|o@@tbl$-:M d$IR``)l=`9~^U{٭KivK{RiijV '24Gj?G܋3Rō{-z8j嬍|I/9( 8 2oF> *ٚHqa3yCgZysI>R{C=k⻁ ML֒75-H =S@f28De?8O#H!죞NFٱF9O$7J 7s*8(dbSISAt9j+F^:ԯ JvIњ,3pP]t223Kpeǘ52QRvܸǖl a$yhW$SʴXc45%^d)_~NV"ݬ>&Ͱ2H>ಒ[Μ!haIec26cEܢ0 PNZ Gy &SA9K!4 }_?P(yr_3--RlSٹeP3=qu XZCDiHOP%"Q:ߺj $Vğ?hqlYƷke| CK[YUY1dZo>8}MDсG6/}h{H%Tиb:,4 oVH^FIìEF_1)ߨ= ᚂy* m#laZ%\`\:]r =U?_6Y{("\TNpoxe֤WD tF~ZX\o<~H(^& T^Au?mFߣa,46l\r 4Jxl5m#γX(WUFLuR:r2eEeeb(@mB0`̮_}7C8vtT z\ }og[ 0`*m Lee´طQc:*PK%~|rGld۬YZfcYh.)w'sC,lYlm&0K_5j²Wg^p4n{/PEgbQAd^J L=hwߠ1A #X񛽪/SKnV7RqGN`ݧBH3<6bו]H0VoGօe$yۆ9^r|靜&^|mG^zof^..Zy-O5ʰv5@-u.Pða}'+Zl5buDI©#Wsm(P<Ş8'HujYIAdHV<$BhSt !J RVgǟAUX M~4ٙQUĬw8C\ b)$Y;M `B~#v3؞|Dj(}9 筓-x@mX7*lA@3Nl R!tQi z]-VjgO_z_%,]ۘf)`G*iimw/|˙M5#GJaIP̧Əԟ juCaZy?]>xӁx}:)H֍ty~e'wN~0m;썥KNmVljI~0"{9?舉 簢Dy3VLN+,p j/lw0貃DQ 2W?_U(C KI\"KbTqzSl5xXFR̉cjA6^Z-WhpޖhVDt4[dȋQY\V`rH`8 dFؤ*F6psxaHCz36Y]nH"K*W×qc]_1ŇI;hM03Hc݃ImZﺁqJ7g|e3a!T뷩uR--^4ǁ v%ءHN҂b^6=<&oS4%3n8u]V QItAum,4]cQJ߇́iqO1e+BSpߵM  {B/5Oa x*A+șX:q"וvm|^J3uqDPmvw|gظS"ڰi]kds]QZ) <b7H[dx$G+L?٨V!Iaݪ85*RXUwL>$H޶Օ,juf_M1WgpU-W1 c$1O}7reA8XK nЛVma2olH{w>q#gJ+B 7uJ}NJ\ `BLJyv(5gyd o8ב[` p$P-5{@a#1yMO,}2$u߁f$ۃxMITr)@bW Yt T xwP!D>U|0ْT.-P&u . C .(%:~.ll"SQYtT`(oeA|B],NR2C<(̓dpBu@.IPn ~Ff` 9VrgDz,m25ӱshGHl3?$3|-^E)ٰМG87`jζPj`:u6b)g%o݈ATa6EO6i7W޼xrPaҎ/?3ȝX{fe(P`BтnU/'԰ 28ԼKn fb#zLP%X53ld?Z2E [Q/fboFbDv?9xήכ f|MKMiGuTq4;KVSWiihϋ`rKFk(b3W`҉Ʊ)ʇa.Rö 'TGhta<&Fh+_KzZ%SRdH#EY調 QjZN6y=SqCGۏOviq$[࿕9gȳem&P?TF(ù~8 L89IJS.Q}Ԙ (zH00ml!/H,"Byǝ[p^U x^c@~,[GD<^&HZ M 荒08T!#GclʰIU<kT5t 2 k%~5((/|;cTJ<88*?h25j1Cbǔ'}iͮ :"Ju9jb=x{7p- :Ѓ>r@/yH/r|*Iո-k!86m:P)>G"MWGf_\-y=L ⫩OBj.iVCJl$fce2#.D- *GBbCBu1uo7O[aR'FB/*W5J48w !r7L|$QHCg"AC\'yMaS\xzz?Hxs·Gc-<7p+3RjwZkNijS0_SX= 69[@_[W[l ͔' K_y'_ۧʏrpi#5&?yZ\qt^]1mfdb7ۻD@pg,aa!~N˅x:omRdbu&s/1.-.pK;#HEҗ )ܟZj  ,6vMN:0 hi C`,i1ʠk2 r P5 2't!s_-u臊_zѣ86RY I 6L6~XOS}Od ]sk1@I7e÷AG+'y4 [xZAY_il| iYC] E7d@E1;Eߜ\L l*D!]` [*yC>U'SD+;b~Iitqb3{ 6[F{uA3mQ)۝TH `|uC rZH!f,s>ѽ(A+(ߺ^ۓ\H(!ފl=AZcra;X$'ɰs1% 9fZC!'Ǘ^x]tWDAa6)㣒?QoiF8z<_!S%& 2 E'p^1Dm&-9r Kw4?dle ;YIoYYqS4)5Ʃ̼޲λߑ{V볤'ifEx ]u+J>7n'Khnt *2r˝>5L`1Tv},~ H%2p,Qg>)A 7(T@!WM`J+Bsb{.kZAMGbQM vJp0:ß&uU( PNJ{` c6Mfy+Qe(G*$}11gtq|a) d##/  (=%t;IBҬɴM-].h@h]݂` tCv; o:UHxWT] 0Ȯ{^Š^2);$u5J|jsh I!XՖZsX)'ӟjiNz49B v+98CJAbU ejT46y3;y0;}5!bhPdOpؑ48 Oo 6,k P}>ugZY4Bܐ"ķ& "!ՠ!A{9qȜQێ'tKu\~=#wR2HMr%$oJ⠔0e &@EbU 9)5S^b^G} n*kP/~gqCw\[uefvEV;0>@!O0P(jj6iMb:l_3HCJهe߬A/("l]َ?wBɋIu~C =$mxAO 8Df ϻfPcxH:.m" <½ |a/μVT^j#~ 䠕Nmr1gh<, Wͫ?B&.@n3/pg? "qaIˋ(P{Oq\sl%q~J^Rޖ զ˦3,=gZY!e=cR3$_V:e{F?eEa!uE<Ϝ'U1pD-8V<-9~%8>cNg-)5 -4ZNjL!UdӁfg(6hKs[0y( XJIoNt]DhCQ\^lVMw o`qgN)p\̀J;BSayFE0p5)¼t&Y8g;Yz.-`Oτ%JlN-G?YGf+Ȗg9+w # ĕ'jG3k`u1jRS45}3{!&o0^E GEc_THetb5'H:# j3yb*Vo\0gZ*^g \T89g)'z[)H7f3 $H:;amg`)k앵UMnz՛| lg-aj0G=BD=C=%{+' o7/9gB(p~ʾ"A'ZQHiW0r9s̃1 usG:G#`S- e8/8Tϯdi>l8b^2T9U~B#ޮ>@vҧ*#!V ^"1?t*ج-&]9 xht!VvN߀L)*N`c- dr bSrˁ*,঩}r\l/ ܺ,ţ?l}H${NB81DdV%u ׽$Rހcgy2/M+PWwC7.Q962]¾UiJ;Tf&EaWa[F ׯ. +2Ң-l="-FS;@)Kf-j+a)IgKюOX>|JlH}It՟ŮG&} prbʂbzߞc̮{d!(mpoL_v@fmM؜<цVm\s{y sB׶}'@gܹ@cz4H|XG]< t+@?%2z^Noh&>xнŠoel am* NdL-,tU]m]+@ YtEHhڳm9l\`aʔKхPʘ7{j,~?8aI5ɯ =s[^W«XTgh鼛JZEX _R:~D&JEШ7n ެ\*ZZ<0dzؑj]\cǓP`0]- s92:"󊃧iR:h(q9?ozlA@G[Gw^*eZn*JN4դ/oq|&tI] ylkX12:C&춐fۈ}lXW$#0fgsqMX9֟$1k{47PIP :b Ê3J،!D3ͧAFW'eHEkB(%ֳ#ROeg 敷lc֘ ]~yf>s ;܍*Yh~Dq% eA`҃g ‘d"kHn(w)7u܆/Şq(:Ԅ ݳiTKptm .A/7OC!d"X|-ҁRaUvYOK;ǯ݇ 2{Ɉ$5c 3L-5Uk!"گg1=A/wzيkPdz;n4}W7t,`Mu~^C̘^}jRcoXf(27鍊Lg`kGPK` ԢWI0wD|;w5hضd~$"l"oS#ߏuj_=IN^ݱr:B6o#GW!O߁W=~jWMn>{"u 'Ge!:!v0Џ%Pj,5 iI#xdl߽fp玀4ݺR5%ZZyA{%a_[v$Kb э5"E۶%' Bw5 WWutZI!B60lENB1͖ \†cU68bW;|ʙ ji8MhL$VteOSs<`{o|sH1!gqF H3 Z *X5Y'cy~*TgHf@x3g^U脟 XC k>QJπBJ/GJF#\eHwD;%OM-;-|@yt=T bڠ޼Ƅ!nI Sx69>S֖C`Nĉ޲,Ją i334 kf* eաP 1ŀ28dvJUdUX>Cio vaLǕ(eьU!nF諲9_Fk̙gj[?W;udOBLF&,c sVaz]"ҾNnEOpQTi< 4$>tNQ mC+[D=RSQuz9W X)>EǴ$x6[vPzhR,2hlbA|Qv(@ !yQ\6YNke{5D|`qOaIY ^9c(LQ"-SxN6b%uYMr#[:puo1΀?-@|%ԘsVt_JP567?JB{]Xj_rJ4B5OmdsG]\.XJY'7j"\mlgy$Na:[ݰv՛#1]`dʹg%7WP"_Ͱժ#aן%_B~58 M/a~U"2 @:AE0WM  [46"h@L927D1tk1Fˊ#.|m YT#ƕsѳ k=GfJw@Ɋq  M?- mnMEdRwgh%XV",=sZs* -W[I Q?]NyO$6*ͦGqΜg;s/0d@J4(o?:a (I6*W2[?35H^i' 2ěDwEA])@ <9)x^ͶTP_P IF!aݼY? Y/HGPmFPǛY'9x$ZENch<,f}Qd+r,,D(#$l*Qg-__֫2Yb11[̼&ME[C%P56p).МZcMbsmKg yչZ ꨒ;$yC9p̯PRی5Zv`,krU"reO2N1i#KOwȭ<1f\cӪktJW1{љd2Nhjo@O6޻+jG5y`_1pZ#^<wDhyQ*0N˶w}`G66RBaϘv6ŭ}P;~T 07\Z#8'?PB-'W/ I~*Ցw޲TqX$=5a pK0S1 tOĜܺĮBf`r((D^NjV7e'-VH*ɍ,Sc*QčXw>;OvWMC*40WVLx$ކNG^3̤>B-L@RiV#иcjeV.KXdG'v严>zŦaj@AZjKRJW6 GZr4Qm zG'@Gqܵs+S KF08C6*$DsQTɯO1Kض`K=S !º)Ȧ`CvK13_RWe)ŔD&yl(WX(w 퓍kuLHFo 3vT $NnTVf4)̳b)w HlԙS4ߡ/Y7k@E i8{̴08ůРEͨ]aR ܷɨ:qH@OU(};C6N?GkW$;/wYk%s깇LXdWW6Vї?GoD9ɻ?b(͞tStݹL 1)6 !J'7tLɽ3(㕝n}@j8&D#F(@88T!Cl翓xI=Ai:]n/~jNtCןm̴ ir2^cgec鲭EqJ.*dTqH_^?Uy`fIgPZT i8LW)BLK{Lύ,l`Dʫy>;Y|'^`+IvgU'sE*ڴ9D7bdE6x$utn`%5 di<<0)jVGAy1@a<:%9:Ǟ9ۿm ,оx8̾3giKGQQv@tc6'o)F~*'$L^z'W >%t"F43®kZB_FmQ !Nbrz|aGh5,EԮtΓظHKVɜLinD0޴jq}.tTvU dX,{9~2$Y;zACcD!⫃|N/q"hIꜰy[a )>bԂNO⭹ֶIE.Y M%+ A??z`3繄*)b8's%`%$ם!UUV(+hAnCgbK"Ud/_d>Ƨ1 #Nє4/Z0~pT紪<d|O0b+ ţ)Nz&0r6cHJh9(j_$|:-Jq*>#?@$"c@^`vp+9@־Z$3I{? hu@*=_zt614g"]Xp:gAɒ pwX8ʡ=⩟rfJ:J0ΒSO3]g7>]lho !ihܕ(QoV/ΰMo^/`?h+߲$#U+8~|[if8|˫u&\6)ӶsD yr3/! NVKB!ÚU6~gdծm`EDvy7H,칾Ӈ*fE]mge. OT {0dsDЖjLA3VPxN&-cESQ@Y6VJ)'e *@o"4kؚk~7 *ayl R1%p ZA=P[?}=b m 4$~ܤ tf`Xq62NnO&< DǠ %d-9GMlYXZE؅]L ?l?Z94. AZs5鶶/VُQsBY;Ӽb(H $}d0Js#~|#.fpN[DKc<+^7۲rM~7`Ub:BGȏmc!=Xb}y8J<%Ⱦ}>:ʰv,w!"HwAla#G^YUd; ma?HkɧD3uh'>`) Fw/vg$ ͽQܶf &Z&XNX$ORbuޗ dN`&Ji Y 8]ܬ=i`p_Gs +Vi|k퀗KM% A Qoe z˼qk// B#_ԕH(T#{[p]orbF% /&f 7 M2U֌xc8'׍=%@+.Cǝ@hHmS=1:PZ+9;z2l-ƾ( 9fobPyt%Er/#Un⺋2_JC# qrūƗ؍icEAgc67+6gYb\w,^X-(.u YV͑ܽ@A )U@e{RIǂ]=ZVf{ KpI"CFeRq|=#vݬrR}yum{+TZNצp.&\$M;h 9@t@C|nqwc JjM,5a4Z;l:.gp1KЏ Q;'LPՁɪ4fJidJڙ"ABڮz.zPBdpV_wSݔD..?a ϧ8Ҍ_1vW߿0b)o tmΔ/A9RIL:NATzda09x>oB_# Sj}|cyݏV5hoY1*poWF'I>\ky;AK}{<'dP`K79y.}?46뉣-5/bZ#!1-c`j|3&u-g-`&L3tii=}-u@R@a[ғ(V9Q8R7>5^SW2G{4(| T!c t'0iķS, ؘ6yg./\k!p,'5oH_1CNz#AxQ!ƁΤkʰ )'XUL|ॻj+}S"~( ۼ5[/%'<>YTC'ٞϏ}5xiš3v&`6 gU4mTjιiT/8^9'X$,qy?_TQ1y^.094x1T;eΚVc>CBH9 ÑsCady}G3TTc{e/v9I=XGfoG)|JΩG7 K{HEijc!@74Wḣe6`AbCZÜ}-m_qR ĵȡiC)sjF8nM'B]5rE +!ʁ> :2zoDD M+kphf,gDr1yapqӟЮb(J~0tIA8*CWEQa,@ Luj|h6L㖓-¡H)ֱI&^8\IxVFTm wP)3<{W4Er/hÙ冷A ɰhjiѐh `?OQqv965i=hL(s+7`X4*h7uaET6K9Kl!K~:`o:V Zx%lAIH@`w6Wh 쉔dHw_;5?A6 X Lk0˘l:˩p@ )_dN([Oo5I$ >Ql~'qNGKBqkj_"IEй=P &JQr,h* 4[ M\|»@ȗS%L~}]pf 8 ܴhY_\T7sKUWTWz-|~Sa7; *ŤhKqXȳ۱fM 5ZxuoUfΙHnyY!4Z N˝n'Jd[N (grū5i>m)~V_'+V(BKB$$C9{~'ip6YOiҭ~ ]23LjxLBp8_& 2;DOF]=+pn2cdz_!ɰ#kUtiI7:+M3s ֲ;਒vcl!;kwV+'I %""5j&/ ¿֟W=Q5=MpS`9l'fCVʝh !* 'aƳҕ͊9ب޵59wNR^@Y #žJ-..XևMVOF.י.[*/4v0w`w53~|UuجJb`*\+1U KpQzM"?]8X6BBk\n>9V4+nR=$C/>*.7j[Pn̍8;N+Ԏh^ХBMTӗIJZ1\h[FExmBs}MMcB2Q;c-tPҟYw QljAe^5^Be/xtĀ6VS&6q =MeʯXn.ٷ8:1au Y;Rm)1QW`Z}+4 &}*U0C8S{e~3?pWB>:peU<ۇGENHֶ; \pl^̜RMj*BsQ5PεR`E -5-u6Rf?b. (f+2?fǒ9&Ou @NG6'*]hZND~]]/[-ZxRxxpD0tzNSaZ[F@:qfx^a۽'Z?h^yY!y+k~Y JKj4Ç?0v(dte xbph Ӭ≆@w4DN`eR5ϫAotrr`NYAŀ& U. Wyd8g藀UʯLe6J y)Qr kaV~CfmxE:(##8Ɓ(T'׭«EjQ$Wcz> }%ш2Z!ަuo v1%l_ǑˇY[b@3;o5'1!<\,wn1`NBn2JwxfZpזɢ LD)M'zR!uε ;%;[B|U*ڄ  k|3ʁ ;W/r1ȣ97Ě hidf[>"xD0ʳ;P8_epŴ҆9|Y>;:O2SOCofRvω ~I^z>=sQIQ[2 >5Dg2g ""ԻihؕT@͞SXya%s}W3Al Z!'!SA3Mu@nIƺ}w+ŝ4KʹD;3ZeV&,OKIiE %pqP17Dih*mzt\OohRtZO lgg>Hz#Sq"c؅Óx!z34?+I mV|l!krpxjl!u8x8OO* D+Q*/yC[Mv~1 K^a@0 B cNnqɟV<3 .g74ƾh " /[kœߘyЧ7BAVjxRlieҊ^]~_$>N%\H l%Ouڰ]I޿X<{.ĝ4t,D!aO,ǖ?u2tR3]%j6/mpODqvYυT?a{^idbt И %Y o؉fH;QdkVpөoo_ț$Vi(i KC e>Qdf/$2Vρ&!A(|> _4E 5/V J٥bLĘOqw';Bli5'. ʲsr&K` \57EEX Tv4Aa< S]K D IkDˍ|ws/JrۀM:c4YNkex ;q (oX>?@m3XiQT&kd=+ upSJneX*l1BA2mxϧI;WP(_zl&7KLu Q!Rn`" $o(DPݜ|KZnkC71rYS2:l,g 9B>% \ͣP;2mj1%<>u"e1KM~h> ?EN Vj<LakY;d:Mrl(6^t~}vȀRiʥCvD᭔8p^6V%9 D~2c*t蹾%QiCC21A{֠ ڒ\@:xQ ^dB;\dCN0 "4RG+i̘~F^{(H9W;Q7ŔA`2Fv=ԚKlM y#oyYm'Y]OΠ.:gOo( 95X!SI25bzAK 1𥟞)lƼ)O"JS!C7JzK zNO ĜUuI^@\CepAKVAɩ(kc}? _2J[BN܌ ZW"6AVK'Dߴh"4ȵ0}ъ5YF`=>ˍBͲE{+['i2HO1'ݏGqZ]{y8|` qELJ4YF[5jsMo=>:OK;KA:&35Ee7(N|`Wvwܕĭ.+%|؅$YB%7$gw|^$jF"Gznbxg RM!VGf[1Xe lf%f\ #/jۀPZ#SiU0v9X9]ԁtd uA)k.R9[l?š񆎗%*'su\wӬsikÉ+#=@a9zHg&Er "ս]Dxf.F0|]YZaf^UXc1AT:!ӘL% —('tР9m(EjiNNtQҋm <ڊQ+LF-1Z[CqѬ1?Cha7qMLYxe) [sR?a|JH[@@mCC8ȯ5QIhmX81LGf (ɜ.H/s`bcw%Ͼ>%(xޞ"u?aob.p2K`oE=9T6EWy"d2r_a|Dta۠3J Nh_bELT̈́k{}b7ַo9DX $F~l_ BaI_:DcR&6nsZ3ShpSQ{|E^ER^oݻ?r/fKU$~蚕c8wS!HL:%NJGgErڶ5@fR6T:oLEg<=S!*U%BUXmFOZ4`sC5̽b}ׂNBLF.1u.ª~Blj|~ܲK)҉],_ S[|hxf mթM 5yGN(O>a ^6 锧H '1+2]]֭.hd @h9M9!ȯܣH-3{$>wBvFh qXF5/Q(Q ID$gB;Tu7"H.olZC ڢP)ƛjM-h \ާCGίewB"'6"M yCx_IVB1@]Y[)NO}JǞ`LG!nEMu&VWw E;]'VEM$q vװs-G#wDru=TjW5Y=( QI^]=P2@9qs=й :<(B/*8eNUls s0Xo cCb]_^fQD..v^ޚ[LV.Ig;)n RP\*z1MY E/&|W9 mTRv|qt^S uz̹ D]܇hޗ! vbM[p=Ixlt’Ώ=}hYQ^[ӓlR:tة= </9XK\ȞeU;Gzυ.V[)rU3o◄qx0` N'[{ ~ͫ(?QO(V6:u0c<#?m(. 9Gv̮ N 0w%}"K d {z'~Nq}L%'AܤJ,RDwJyKnz6`b^a,ILš5ON@צwBQaZPNb <$L8)gNq;ӟo^rOzi%2*qc?.S!'YŀCŜ*oF$F"Lg0-3wTTLBUl ?D{1Q4.Q1U$ʂsܼ- EHBgE $Ls^``cpF4%)8@.>txeW4԰Jԯk{$;zlA1G-GHokzrZQYTL6b<s03 Q2 sGR') U]20dn  F73 4CM|x]qP&7 c^OJJzhDհ8LMޒb'9:iLȪ\™HOXK\@M|6A/}K%`:Zm}-Ryfn4:Le%R _-YLpJM>)?>()A s3PFR6XaZeUIG~jo݂O p:;haP%G@~'ԭ3`g& !L\F弽1!;Y6,#ޟ7)iiq(raݏ{u9nR:nW'/"J7Z:/jr[W!;4SK3nCHR:__I~lᓟ2Qm4v%almloШH9X[rqMqf1DzMˁ({ w!7Mr)*,.Ƈ~mu$F=,&f "9gcBZʆ?5;fQ >{Cpspt02g-0 LޅNNĆ~\ ~`mtjBD>%?Ao>씒z(VAnȒU7C + Cw/b'QRDQ,{ ]OkJ;{b|^+,-XVɺ Ox88PS2KeH c"Hғ$)24I[:ʫL2Ρ5ϖT\p-f|*$ E0tSSڨ~\<-5yoaSpŹrnfW8D{M~(mWowq1~:d)X떫u-tky_w,/|$]lպsN/U>F6/!CsP/24mOohyIE[ua<6(gRP"NKcǾ? =ڴrihxԹ)B @FG҅쬟uks _N1THgþbK-hB6%?9)ܴlg%gk($i 0o [rhqBBf "RX<`-SroCnkVz#‰md7v)Xr A_+LfmUCk~L?4cJ{`}Jn̨.P$ػWXS6^ H wt*Q`.MK?H*Kl)-O/r QbvsSt&*"%w|l p KҬ @4й=h!-maxAY6{Z{rwPfkISQ6uVJ]+fٞ%`|GlLظgogxOR >#V_Mc+RNj'&i` Ekt^%`i[6/_ۉ0uU )[j}HhW;ډyPT۾yXjQ <>wz*}7`8R5" &ke W{Jj4r$p`ipeJ)HnTy+>;[xqkF3s TIPi^iS  WYmkL/1ƹBBJ~^fk#&6"d&?N41a)JN^mr8o ĒH+ !WQCCUSI2$nM(G0MtP>Fs)'wYRRV4y"MU+EuYp1_SlNB(ҰE<]gZQhhha J^R]N'(]@Md0 - vSڙ27mN(TiP#[kE&}q]Bm5C--҉=F5T۸VKDl"\\:::UB>QQ63SKƩ{8z gt =E= tNШ }Eƺp̛i// 8&8kpiDdƯl(K%Bo86u+#5ϪsTS< q -9 *ID,o}L2f̧؁,DB7+w( 9rW%} /4*ElAD'eBP>G4x1 pƋ/mys"ƠdYܭuI( D{m*O#@gm/.D"OLXM峎a-=W l+_g9 \F74ٙZ@S}ϏtP.+P)iy$|%aPbŒ%DѼ&˩#[U:rv; XQ6,by"b (9؈ ⇧Ӟ't[A)cMߣStre5iә:Nͅ ( h+$7H[6/&_W 8?lØiYl\e9b+W8N헥w+.}TS2hYMre7Ti¨)U@X',lllr|H֛{V//^?B~?̯p5oC=@x' ?l\:]?iLМ`#1V0I? &_ƭ呥h=B#(y3bVN?8h__nJ*xף/|$7KLpXR!3a͍F3Ovx'LBeEF,辞f(ERדz!GR&D7 We'- bN?ᖅYP#;d骎W>pGLX>*Ӗ?%9߅<%(ÈE]G:: pL]} 0+&1T+ D#l2oWٌOlP'.it>!M1 o͎-zoLPrlU|Q0aB -mҿ hN|$/㷱G=T2)vR 胲jx[ZN\ؑ 'o]6=?DHLG ^OqWW)I`*i^/ŷ]FA=uRdLD:2- U)6T૓*e?:b*lgZ{P;ChngҾPI4~HRlj3(K*6xQ ν1GFR."$p;*sUT|\?>-uzm1/e n6*GLջEIDF;L(ŜPԫ ł,b#I 2}0 Vl,z6nT3#|4F<^ɐ{hjf-yI`~b\S\s{k{24?d3a/f/=9J:yAwAl:dF!isŇpLq+`bKd<!O(3kvr&k\N[Nd X`3>kżzTkN5":EBLo.I7G{^yX*ĕ!e'i>#l VSۈy =Za'P _~NPW¸3# yo^8e{y=7h6 41 YR.e'm8L4k6@?z;}QVen*9:g)J)r0e5V}R!e!X}+.:b%@܄2V #}ȆlZ";'eG|$CVs?.EZ*OVګ" J8,:pmAE@Q!9 [`=],Z[#uiR?@u~i a}Æ#qH:Y*I^"*(/I~{`bsD%Sm $ : QM).͒l,]{ׄAqk#R[.MP9fb`ydU^ g}( 6!c0h{loO$<#L1 sOf<|+/6ޤ3U)o~!Z:B07$ׅ3pIY ġ|(t:-1N3Ћf c?8qdK֛Gc\s"a>{B>ymۜ~l$j­>`X1uЄvOu8?6*zUv@++*9nSdo܊|08VI|t:w>g OV'yb 29HU1CeLqeh,0X  rЀ Mq0=C]xglY!dPj]e!0vAZj6;x ?՝r(%CZj5.}3ޓ)IR/|Lx%Wjͭy$hRNN`G1 J+_MB]s!`+hB0-y:RlŸOrR_ۄ칹']Q 1cCzO 0CU|5 DT6̊gH9^{@;Tm= bK|X"ӯA$bыcwM|#Wxcog"[U_pg0 8u6t cP~ȺJns>BE! KbZp|J>ʿ[9~ueAe3VD#%z~a dB~z.:YOe@`; O/T+{Y502vVm!'t ҫG[Y\7٤u2{7ܝW7,=%aa@:7 eM14bfҒš41=pCrQ܀.J*.5k}K5iYj?An)\2ąijW!vSvI-s<7"! ATp1Ӓ`2\f m_$]Ũ]!{WA|0T#{sVSO%?rdX@q ‰ A<V X(xϸG]` /_O[x*Hɻ:âSUf L߇ VK>=Ɠ!x#T ibmH[xy,d3?]'+Dx~(&@F:|yb3Tؑ % m * $r6Wr}^l: hZX8){pX@lƗc;)vnqErJ?숥ZГb vKj; XA3@a7>*p#Ô ,Wrbk^a~IO .: p_ jvUHtUY4|;0$H@wNW ת3{gP {ݘƘ>U8>þ;5z&Uz"]Jbsߠ&Y+1Rw_6Jr%@9/I74q 9e /$GW>a]Luhy2{u2l%bʩժCc~ |b-4ۜ`{Y 2ځB(#ip_BϞYVpDXi\:S_֝nAAPC܏|p0f>ĔObN#o5ܿJމis->X}A&N>^*j6!.,V+)hMZ44t@Ngl/`n?LN+(:G(ֹ"4;HxKl?; p!=m1/L. 4Zϐ %ƧGaW˅G}5\> і,%a h&Xzo ?':wE23m8*V_P>_u& @)/ {.)}rYr0?.(>s| (1vQԙe,eNNwoV~wJx֚!> %=cr/v&Y@_^7>lY"g'ĺUG2+{g,u0tTymЖC&B72  #pWfZqwsH_.q?eVHD=6v4&MA&|4Q8f'ƇfJ Q4m".ؖgªO̊;t/gy^T-֚5nƋ3A@nU d#q}S3b4 6hfNMͮb.#O1sJfs/:VP[U^]aHq2:ɻ=D93qa© m$㤇-P&X/cuX'j?"|62o2+w U:EOM汑0Jxt])䟆 @P0KeX,d\i?)#M]NĿo:xz_?c*ݰG"ƣkSl LӃӖuir.L}ۥ P Q'vޑx$Ci`G!]OrIqy$[؜߿vkE/e8(_K,r;Ta/AO&< MV%wMݒ:/X-;U[yJ(e7 pҿDq;8~Z"[ȿe<8ʼD|zqfMt%PO0ؖ_gV=,kO/Ks. g!a{\g;M@:?$ـСiH+_7/JKp@;w6B]BQ.d)a-9(5,9/E[vE3XũIP*ysIb?ik >E/,Oz:XӃnV`i# ~t+X/|0(\M-'Rv"hۿEu7#芷8TLTH{J (}tΥ[e܌]N.ՒymX\\Y̻.=;+2.DQ_@ OHGwaqFJ4yN*drYz"ӉQ}ՖA| аa\'N^)Y#c^_} W Zҝ?ifah tgRSDSwS/d@42ƀ浸@ mDUT=RZ_kU(u`.czra6zul³Qfc'[3{hM5aJkX; #ݻ^z0)_>"jW.7!u+ Vrf=} @E bW\WoY`VwM7'(_s yH\kćkhObw@}rWƪrj:5$qdf#S{Ǵ턫xr OȈ !/(}pC'@_.Xduwp!Јa Z/".!PO<f웄h7"Jxf9}_`Y"-,3aϳGŸ$ŒzL<0 x`:Klf{|;@S0y^5Gsq%e'E&zQb͟kHHnλUH'9úm'8.A)wV :ewgYB+kOHǓr.m4Z%Reϑ7{ٿ`|#6?HHV["w14wWuR8BcxnỸ~9lӣU4q C_SY`+K۸#f1~rn2%C<; 262 Q8`2\crsczwR /(-jg;QEwGD)j7,aqWKh~HY{xKAC8 mN׀gg1 SOY9kt2gjAg Wl"'h]'åuMlsҾ~EE~֟}NײCrPN;"Ճ&,f8e6t) FZp%ߋ=cHHIf\`Qdƒs# ۡ;=s`XU0tmo8Qx4Nr[AAȪA== ډ}TĚqصxK@݅w(<ݵQ:= sz,9r H_u!j,<|ޗO䝘dQAz0(c\s 6O6ʴj!͢zy* P@7?L, {(A'TG > 8ؒ0#1~0R֥XKjn[Juhq3aNV^E9ϟE0e=OTl%J"k#_Hargh }:Ua E%xoe/b7(ODn5>& e(:shٓ_&Hx}y{!!)wɑMC ݢ\ng|PTx뚇Ϛ"" M+5>ŏ࠸l.*3oZ+=70:@\cmXyS#K<+ 1\\ٙ3(^e* H. X{t ?ghf\/\/MA0%E|4Eyiz'?<%d<&&D<fdo.AA6)&YB@Mz$erALٯM8ղ5qaciHc'>/Ix]CXS3Bpr:\)E#b~KC5yDGЈ}O NrU V_"YnUxVXN*vi.x{/# Vk_;Abj'СI R}N+Yy( ٟQ>Idu2WNQId7}ԉguЈeMFAN+1 `2\I,El05`?&"*`ǀ~vMqQ"yl|o{2Ǖ^΍kgϜ8%M7࿓X -%}Mք,]bN 2!0$[8|<< hMPPite.MM>2-v5T?h a<{W yHM,Vl kcFmc@M}Z΀ b.`ڇ(Xe93h!"2ş[iChHrLڬs#sFuo9,di%e^ޤ1@6p&o&w1&4Gg!\NN!ZW V>%|OQnf-muK٦dxΫn>g+2iҩIϮR*fy-!o ,]"Qt, n$ޑh+aj5,YDֽH-'E3{SK%, x`2?IR?2FP|@v ;C\{مj1wWO1[sr@ңȌoO\ miDD6KFX)wh*sqIDp~UʾC4k\_~> e_aBaf(ҧ8e1}q1obq#"SQ>Y(Vΰz^.gm~ jM.ɗ0o[\Ml%"ϢטQ>#c#&Cl:dؒde|JAik2gb!G zNs ۚtL0^1 PܲACG (i*!k9IрxMQߧ$8eC |U`r"`˯TxE'-;MFD^mO Eu$r 9$7K@SpV:~ ?$WB;Fr˾hū#럲`oJ ռR.^嶆Vܽ!% _ hc27rN F(ՊBd$D;zq@/֝2r_vKKOhi%% pj N [ShH_Y(D]^0{E<[0vc"pPIF2I҄nQ)=,ʬ*zpX+\>ZG=k6;lE*EHhysr7!&]CF)d"_n u+}/_=8N!{`Jܪׅ|1&zaY>)ѧRN]szb넩3BW¡9YW$2G}V^)?<]=BrhqWGr5n~֊! F(6wr>x^?=OKqo;:WX ]+8'gG\W C8,SC .#eiUp_cc7 edf8Qƒ+vğ9vs +& g<؍'@k#132!g2~IVlU!̵-\2 `OQQapAFKq73?dǥŜ%~,^ZSM.k9%P|0AXzC>U Pƈ H"8g]a0Oȧu,[&1^tWYqnx9y1" Z\U_ Ѽ\8G7 DVu>pw Kt6LPZ=X &V§menYy!DG̺|oߪ/X.ZaUpsBg}zM},/{ߞdM|HFD *,xF 톺ݷ^_~Z~()+BVB,(?Un] 9d2Lxx+}MeN o+翱|`:g!ӜoVmAH+vh+MR}&[ DKJ5UU,Y2Fj ΰLrJBx-Nr Lf"7a[ȬSJ(?y}cJ=[=_]r4.$w \N[LЙA^BGEϲVz-tig<,}4vDՆB ٵ R.  <3>vXo&PEE+"F$oٚOd qؗXAf@#)He([L̍# g\ lXs; >,Y.+}p' iD%y`_Oh$*j爛ksNXLI:>MbiD)GڠdS+ mJ #9ʠ kw%9͜ŸpIǝKp?ED~4 =/J;zۣ\Kpkx}-Z8P Tq ,d0`{S}k2Zm\D Y[5[S YIDy۪kXGKqCxa&F?4+jq99*QR\jbZD:O+> q>% B| pBXL)xW m8KMh<va<)Ytc?e2 }#d945Ů`*YFgEg_c %,;wzE;)ٞ`$>cmZK2T*SeUUhdK:OJlWPk4ߍRjjU͡cPΩZg&3,^lRC [MC}l|J3\Qe#4/¼46-5wEr hbõO;k(w?g6 B2Lj!菭1:$ewDZ, A\*BɦfQ | ㅺ Eu?n"=r.M#Z|<+e6e}rYlll-nc-v"i-O,Ddj#?ÉD8 1ѐ+B;Y,v3,-8q(jYiʨ5h|$LE#:BnmAr)[93]z9oh m+7O,_yVDq'uO(pw$ \8"貉ǞiMT_xŵ>^ FWx<}$6eU[hz}L ̆./WJ7m9_L:r8gjO'QmN u[K"mWI6ذyfإIFM9Z;0}؉AhN\_ibk9Z|׃#2%ؕǫO7܃TG@"As#}V^ŋ8<Ҫr z5vdok v@! ϣ=?SƁu" =mdP*dU"hQvb  DĂ2 u$$waof﷤.{sCSF 9Ld jDb>XtJ¨nk<= GVPXFhP[G'@%KbkntQ{ Z a1F ŦqН JZ&@FE<.4P+{ɥX+e/) 1{^6Kj qyg/SQphzqms(Nec"HCV\5~&%mIQ[ؒ#V'Ɏѹڟ)=5 0#%Hx[(>IXGj^ÄG:  I`XX.㙍4D]-yMN9ֶgo͘-dkj)`i7f݄̳FڍԼ'3]s2M D "@lffϭ&|~ Us7k@Wg Q&^ΔDS0NPVcS6of)i?z^VHYX pWM< wk(V#Z:ME~ьisvz0c}r3;;-f‡ qlbtIM}EE|}W D[\,OBj`P4,2`yUj=ҷZV/r"(%x̨ T)czصh61HD'o#݀Uu訄OƄafpZifCt!.hM`~b kMι67J eu&erEꡔ?{N|vob{fSbVf K)C兿<4nQ.L;=F1̸>r|[=كunB4=B>X{6`U$%+ߴv8x-*G8:v0`0\\ #~ rrj$uA\!"5D`GFRaXtám(p(1}'K kեv/ZjBPX"!5ZmeVRPӾX>Sg!c- 9/Zs)wvŝh5Q_ʜ'"Op:8Ijb ;h ]hn~PkUVdÄOh a اOG̶y1b!zs'F*h8BCX'@ 4Ap>gJ5PNUfpF&%74 pJ2`N>WvweG3{C) SJME X \m@2–W=^LMJ\U茵%Kȇj=)8V/uޒ0ߤT g/PiUbg~ce;06y?GҷmSjJՊ%/vzuO{4 %hymiw-R3n\ oؿ}p/|6{8I cшIzucaS&}OÿKI$x5Iq۰.Jm/'~{/Z3$2~YVÇZ8 ?9zS lSpNDwGuOqg^-+$!w7lAā tGEZ?E4 8s >OF  xQKOF-;Rqκ1.}pTX\p{OY)xBN1 Ko@$^Q;( %d ,x]  *4ҙl^hEd =zJqVAId[W#TˈsE4̏VUڎM*{56EhR2:_3 H7DA,_&kI;O{&l 9pqk~]_͛$o/y:E0VGa(% qT&%˅9E"rS`ET5XV? bGsln2c`#W,'cR[ujlx$% V b1bo$o9g=EI?GʡV'9d((G>̹;S-9 ُWNqOh*K +%ɢch@AlƬT 45ڬu>P8?@AS}PU(hy]PZiin9|&=!DǍ .j:04EE$"+Z)sD܊M#Yk_lkX84Jdٰ"@L?{S`߸$Lc,P!(NӶ6 ; \IJ62ۛ _gTbaAecRljGj0v11ܰ9ny0r,r}).*{+C _]\pr%no \q&- Kl{I29ɍo8j9~P%2iq)g2(0i=~ugPa0B˗SoK&P6q aͷjYb*ek8>ep2lLp~-Yﻘ`c;3\Ds}! *N-(+;wvaw#˽9 'ΰE|q2U9-B4V?n W(/GPcΏ466:dP|PPbsgѣ >k_XB}ԢᄵWF՛\IwK T3D%K50&% `B_!U#BE0m<w:j%!]YG!-ӶqM8՜D4C6FgFtFV0W( 9UO.LK,i M;r?Q:fa]:QdөpƟ}J/T/'5 E[Dط+<S\҈5n|^I%<> C l?Ypt7jmݧU2A>_jmpŬ]2v+ @#>~}TcXi#{m8Zp!tiCU70Urg̺2fIq"t&5?vh$57UvI5¹/h6mI ~i9Vn8SۤfcF+5i}նfHIw'^l*pY&uKlG46GԹ=J//Lx7Uaj猑c7} _?b̶uΪ#ۤcN u+G49LK-Jv!.Ibz.} }6mtt-(dp}`LŒqmڜL4Q[JTE"g5md0P7l4T!]EДm>ZVq.=l`+d,0>N'Usv~OI2~Oj`45Xe;J a@H{__q]N-XD2NbS<4 )4Yxc7R#(1|$Nzf$. NEpq>䃐aS؁iFy>؏CP4Js%yWt.Wx.L/s :Ev*4D\7gjPVq6g*|[hTw~bAK!Tgz6%A&7EE[BnjH)؃{)uI!Mp+l54LY,<֣$ {.bNЍaJR^+ѫS_w"b[@`;V*+Mv[/( %ʼnW/mwvM?n[͌pM?벤)UGT'cڄI?eWBK;H,0@S |6j.pCxLFힷRﭚ+GVeǶ_$}]3ϫäW$rg&pܔ{ˎI^%44CQxigpL3/("˲DA]MIG7`: 2 V9˄n7&Nm "3Ai ,83Mb\GP,' *B#G4_Tflr>nf2;<%[@j=K{;Rj<3:W*WFXj-GBƧ nش1tV=_ޅL =rRpƋfeX\3?-4cEUy>g! B.>KZn;9T0:b_~(>\ !΋^t=/]iѸd] DWayg$s6>DB@ !&B.$263M>1{ [y$Rk&Juv:pn'exؑ+9i]xf2zrj!칷*,ޭ JLt[MxP&6s LZwHR6ӭXЎ3Z.iYQhIhXy92fcbR)q& kZ5W *74iqq+)ƁvZ>E^~&:;pئvp'uP!`e_ֹR{4qrk'ylOa!SOM*~M 8 PMC.fI7$rTArǔSCH@O@y [b"m_𖇔0watmCt *.KS+ϛ/2y<4=TFӏY,}NרH,C_j;XIVj~GYxVg|ilNЁd/,v g2w*xHsD|/b5ĉ^k_5h9^+DJʮܒ?C蔘d1eipuHذ8Zn.[k {IH{ ydN ZPLz-'7dpsnjd3a/ jfOͭ…zvhb^fCI`fhB#>4haݙ)劑s{{پhnْ+ř\Iÿ J:jT+y3'la}0V):4;xRp[k&8}kB$35V~B:XNWno&Džn7'&THm>vS$dY}xKpp,`;9$c|rz]t&eu2C/ 5$39C֝%wz1%%YAc:l)>yU ܛ9:ԋf#Գ# 7Ә^=6vH`%bACuz'}zdD⇅v@$uX/%F:@EeKt: .lM#ZZ2} 0FFܷ5WNݨ$"URN[*-F'LxA11 r,hsp2Zjag:ar{14KM4qNF-cML|vA~E,KÌQ9룷Q:V#Q~4ԗ!wҊÊG._ 7+?ڋPb'i(wK-n_0|&I^Ш s=G3oxてMP#[P7'Qd{Qd;sY>< xpvݣry:Pwx #25P!z\PX,?x7d%hQxֺ]  3' 0!Czrс,dH]Px>sB3͇W%kb!%&mLu1;WSouO[IC"|pT = @iL,9vl!S˒HZ+{4HAl^[5H@$՗oV14#Lꅴ8l)`n>[K>1 T ;.aZAH\GZkG;5CMaE8F K6=8,wp-2Y]zr7qn8 >ur"=f+Z0tZqn;ͮYD~z$GQ\" 5 ɄHKV}yZZ!6jaB!`2$~dek)н.W",< ?1.ڥxdg&Lm5!͐w޷QU0>)tөr|=;E)Œf&d- 1:^ HģH[@(֋N a3'A"ᄍ_%">|O_bL Bm]fEqL QJF`w i#J CKŰU>}dC67̹5xUM Cv>U23 ҅AjE[̴04߈ gџɑҍ<}iVW'g6` ӆ"Zo;:>PQ3iތ۷;p;@Plɥt *5;=-x3Dd;yl246VB9wbTgٷ+.*f4S0U׸*uoLϣ:I "}Ѐ0*lOTd.wT[c˃)׃5ޡ0cxl!U~b๩jTlD<x\{QIT~+F"*t4 &/!:N UPѓ*1pVSI#ZRVAHuՠ2U*D}32`z:>"LFޭkyf3Qw 0Snkˋ)F|]L+4.of ' Yx=T_Ί73c}Ɇaߋ2>|V&/әbc?O\i|!КXATxjyI|i ٞ9ry-[cUoIR@L`KѮ:w,㚖[Z ZiSyX E..<8zJ!-rǻ'97++t{,ʏm(u$E?3#$nBҪv)# 3{vam%|A)?-6: im9~׼#$zjłIq8+˯|uO`([S'~H7R{ApdvO3 :*6z ;-fOv< S, ZMM:~X*r[ٍw?p?HG,f̝ b HrJGSg6g ,;|Dدu'݀{`.1s(rI`G;Yn@jY.{c G"HHfV(+Uztki963Oq9P:'yG&I$yڽ  yyl9r`x(:u:vhjߏ*8CB}XI܊eu+DE=)St}RsaӫjbRC$ G[tXRGQVc"uGVpPNgxB]d"^6԰w4wZ ^3_?T@ZiI۱ U$7ڸT:/bٯ! j,Qd Kv6|vF Y%vQRP_.髧F i43ϭlPUQ{I2!kPy \xo(tX}c{c<qSI E$zvC;kk{;$F*ҁq&\'o+FY>b"f+O'{?s]%r5/)9m w16,AYT,ΆdbpF>B`wQK^ eYmnFo$6gFHN{Q|Yqj.\yDҸC6,ͺLciaa(]oN,X+[$3N6.V 5!4MoKGrX5O~}g|Fp~)X!].wr(P8HK>h-D/wׇ/L(G뜔AFqԆ1_~eURBn>>yNZe!6/ľ.'B$^tУp+8b?RM1V<[%yack(2T~ uQ&D맽 Jg\w4}pT7n%PW颶vZRC̽j (4ٰ>fH:R/'{,w칷G/ mF-^e$S5a倯3JU7 H7o_7.{/ןY"ad{ o؝FN>3mN^]T?;9'}x֎؈9bpB*tSqH=mno!RyU`P7j*OӚ~.6`FvcBORʂxڎ1U݋ϸ ӦgE<[D9B9ʠV:ǝf.C{i_0[R|q>0dMy|7 Sq.ibMHnhwmUP`Yځٳ 3~uz\jFpgۈc0N:Otztin"AP$U8M4&L-Y'SjMQ]E ,6NOx#v`& 84xN\j4}s7׵πHԊyD- Brv&t'-EVN.gXc*GAxjѬV4ԯMPZO^߾2ڻ<㹹NML]SÞ/M'[/2)0섊;~=_q0Lh5Tn OY'(Bi#KDZ'Jxi'Ri J1{ْqSvۓJ#<{}E3]?&vr06 ֆe9f^ꒅv6c4BԵh5̷MWã,jJDT\}~,lVFdG>#_)H =I7,4omvHv1!d ,kxa[ ν UN GowPM N*{526vB$ɽa=Xj$ՍL^ag9q&)AܩV~32xt0l wY[;E0|nJsdP#kG꠲\?O?bi "N+.t)λ.=-7b VOz o#Z{ NHDͶzY5:og}f*je#~_׮_߯T+M@\ zD@JDz l({5B^ L^S8c^*`8*)gKfÃ7HfiC],>p oyQ iвg،JSqcxŤmȯt#~ ,y"@Rϴ&nd]p6!O1rŤa{HqPװ?[`cvFUcHBr~^¾9Z'P<5OüAr@/q ӽgo쐰/ꂫJ]UYg޳FIEܦIm#S׍ Dc?-9@*v}g 瓨#6Q99?5n3@$pHYdȴqtޯ6Pg;8dg|ns9ȸ23.բ&cp~OZ%90-OWUkթbmf9ժ?=f>pjovڴ:F =ю6ڵpIwyYYc& v܌ m[UM]-׿zV8(OLh vv5;kfa67[9ʛ_}b4=Oԭʏ\;y Vn>B$?UWS*C&b?:%Gc| \.bLx)dB6SDkl;Wl[d҃cc+{[hG Nuɟ:ϤG@[sVv]Aq3OYȑ DO|D>ti@KsرOI\48n:ۚEH|%dCoAcvQՃHlS 8̞tRTZ D U!o Y<PDP3/,9,Gm>o~RSt?drAɥڙaBΑv q'b!霓&0!ƅE WWC'nd/]Syt% c^?cΉTt^'3C0(_y]%j:FHqJRn$_Os ͚[2A&jIj ULlY=,>IXy9px4H@kXegk7\ࣤ\;;ʐEHidpCNKQM!/s P xρ ?f'ĘNq&Qh YӗQQ(#俠ӗ^% 0q,?k+\ytfJ4 h@ HN9m3'QD0$x_ُ〒"q3F<Љ)'{qvY8۾-\Q4{C{=|49STVs?'C7GM-2gx&C) `sȌX,E&lXЇΛ6J@_dsZ[N%I@,{@'ח.).en406Z-7vF8޳\թQa-O ^Zem0!O n{wUa^NNcM0Y+4 -Bm0/AvlSD ^Q,G+HSM-SYd@!y!3Ybhp1mc:''IH6[:gSy%$Vym6Jb{hZfl@~N;[yI몶E,h #0ZGiݒh Izq\j"T>ymiY"}e-³ _Q܎Ơ˘g4bUͫ$Z\;`1Hb:_ĪX6 U>^[ۘU ,Q4N'ZqAJ!snAA$ީm+hg,^zql$+b "=0 SrҮ) .zI˼ ЛffQ&Hؾ`O a(.0 f'DzV+$>9INl ~7k! !~P~jL1=i~IHx8T{M=TO#\H43ؘ4tvQ:Zq%Mkک8ɇ`@AX9!mRT_Ab5Oi2]$,WUy%m7WS-ɫ˟2C6_,ڒhya X~05%{v.jO(ߡD<*:_.C|-L.eP|uz_ke/|ٔO`NP欶 &Dр q0_b?f F`LU˽m$[DRH#dG(?(D5݂%p@,7|H#@nxm11b7αNJe.ƹ~Pm\d. A.۽I Ïubr.IW'\VAZ"] tuny N|'ڭ7vP]U|)i I5[hM?vꩯVҤfl*O/(['F5/vg ZdBKm;|a6aڷ#ԓxp^,5B12I^ٜ?J)VJLњWH83u.kRԦ3^'=ix"3Z0U6p{gEAq"`g*eF'M)wp,H(ZH֐hi,Iz3-2Wޕ^F#q]yS2X57N,ZmJ.so|LWNФ#fSKp$0" V-DGRH-̮dU(gMꁀ9R:zo8t JE dV߻{/F#ЗC‘hw5B,Fc~>hYH8GOPIƤ5͘ fY8c#l 5}l_\mÇqFy?kNJƯ(T%"{0Brd 毈eGgxny'$ZYQ[0`,^o\9-8l1rP w q s[uDuE`;FNzIK"7KnC_Vא>n# /GQgpDr-^n0n8mj‡+bg}7ͬkep y{%9\oJx0X:սuWw3$>r^Ⱦ4m &? ]B3^֧&ED4D߯ 7C1M}[V}{gE1-+w_<+I9x%R}DK\AbW$e$i^B(ڋ!`.ff'IZ3]nw;t~2)x%ti ڏ!ZwwG: υ;MTBWk|7'C;|n߭L7w%O;K7;r=v7jKy(_a;i]OBF&NF/*FahkA&ܵLac.~}¡{OIVX1!ǩF"b\c"޹`1!m9{C{hz"6YV}a0T~{p ])K(5b5Z5B$y5R(d!/['--,ﳵ^H"*0@ٚ~WJ r6Юv(Ʌ)MP~j@xT%7#F#32t:h) C V ^-Mivu`!Z#?J&hh Ji xq u.3ʫ0߿͔8u~JgApilz`cDbo.L-#pwo<5dWO«tD1R`%c]c>Ez/ 6c٬y ujZ]nna/ҐR /y_m%#VW>TQOD[G^ Ƌ,4YD϶Hg7) U&jnk'Ti\K YSW4`H #ƚ8"f0.6 Y(e TU0潇oP6Sea&(= Jgw{ϱ!]0P7~ &0d+QxF vvɷߩJ_`ۦ rLF"کִh8%8ŐonH'UP=~R]!W؈Ke .., H&*l7š#S~}JR n)$Zؤ4'BrueA[8Eah@zsAKRo'@uo™aK`k]w&V<=s5K2,qKX8*o4 ppN/`&:_| R֛7VP:k8A:YF^is(XDa!7 S[iIIp.v8WP\ l(Bs"!4p^A&E034:fPsIs}v]L{`?\W cW E^!KּhÏyWLM #1DE@{]I=$QFŊ(sE]0 d.~}RC{:Pe?t 0{D@Nψ̆29fwt몠T#9P^MV(ZV6\7&kqD3bѫPJsؠ;sivf7Bt;M|l}B/c֧% (g3y翅!%c/.d+Ξc=?"~S'p"3qQgàCw01Ä@h¯| V>!|DUʮR+= TIؔͰ'OX]bd"ԋr'$qZ2SІ|m(}>FژHoPc^UzsZ oL3F*ʵ"[<*| ֚jdK#!lAR/\?3|" DC~y-PWmi"KPD{kCʁfZF[<@v侰'h'͋39Z[媢4.) qؑMr!TT I_ <6sW*Aaɝ@ҤJBfRVG=U8Ǚy CpzW[R;BǙHuv/vDL,8ƶ`付8k-3FLlw1bwR*p-GZ8[Ll7Dm\uI<&{j*+#$0x1GD/vDq|"c۴v% ,@m@#^qF.1>Z1].,D,؃޲*kԍڱ9K"^j^N .Gix&}yr1E=XX[N|yvckh"5pzlo@_ѩXqɗ&$զ*ܮ'xhmx4sI$U{/z9/J{Q:wn Ůͼ`$}T* 2ŗ}*.Dv \NHܠ)tjި4Qe~LwEQo*[/Pg-o* }9".PhoiQFO|24|xy?$o{r`$ǰYugͱbdӴ9ShiF$8䘅yO/=u"KĘ~pv~_KMKTwTI@!U(kBl6Aй9PfD\ XwZ2kߺ< ZqT-=91wxXҟ5 w`Sr!h:O[F-,ϤR9' w0{-3, ͱa?LBn_JyE'Yo69jjB7m|*4|MY3`S]ϔ%**D_i֭?|=\Ht? TGw4s$`-pgG\wʨO}Z<Vib3*PB '2UбGX?H41Vyw/rɳ7u PطY/CfҩˏI_:# 񚅎ĎU/`10X@ nN~U-mż;lq RKǥ Xb&ZDJ;™+ kv\:ԕPWv)]\z\hjϿ#{tc\$vK_Yxr'$ז;ZHd '&ABbR \Ppg5ܼ^"VB608#ԗrgKX|yFû4JqT7kR0zkv.Jw$~H@$ouw0;ɹ6xڛEm(|ߩ4qzqJ ͻ(H!Ã*bQGu~0s8m8ʞa2 @scB)6Z-7m:&T9rP`PY9)ckp&@IrȀ׽#hT\hfc=Q1]n>, +n U-F*Ca>RJq(( n\[-#p Ʈ#(QZg*2;`*ms^b2N~ʭǗ!R*^H'^U ikϥH_-%mh{)Rb͔ib֕eՀFQxD3n1|C( yS_b:i,7e- ES =Äi=ܜOtm熻S3[f|hiX4SS|&g3dZ4١/n6 S)=x:_L/>dj +%h4I.uES!/ o`h |%bcm7+k]7$fy˗'Wg -7ƳC:"=ѿɞjcB2G nDw29H;r>ͯ`X[op/#҅2j)Q~t @Qdb+ADJ!vԺ'c  Gۨg~ԟ(if#5zAzJ0+9:py*8V+3ZL?(Ns'fKhBn!/\rE{|}z[gӨi"pecB kr;=HgmXN%f$)8y# <׊1fFlKÃ^'j3.I{̕A|Y3yKYBFCdU?VbY\E;3} 0wE0zu2s,K9yJ!TB.|@v:VY2c5ج'e{""lո97k3ZLsU&GS'`YmTx8'U bwT+\>x0r}.LXWJkJ'=3*7t2e'Gg jsoe8mZғ(K9"},(}kv4!zF {XD\KҚɟ^^9q9k]!Q|58LSN4s]i?|tbl`ZVf/6*ý|wܡ#: :ߪeILI]hWA^{=?W' uZN*zنA͙M)6$+Jշ*9ziu62ԛ_OwA}؈'\=*}æ+I 7_[`E,Df98P&G7Ƙ,A\T1r y·U6E4H93|uֶ oL81B%٨MsQJ4Zv絃 , ?e>Ւ&}F$@SL n믷FAisI^@sd8.J*j% Qj8ؕe}. Q.AJ%[z%1U9;G^!8F? ۲ci.zkE)OYKjH#"l <\^.NJE'.D=BڊtyCQJ Q-~%ӏJn4BkG7*>sh-w@ҝpWᑥ K:v{OU?=~FMFYo;zC}^vߞ=5AϘ0b uy98CݝBSqѥ.ƄTLhKM)_!oP(Гka^5[qR2_C!- "۾*Uu*\<r!v%K7*RVCiw˯4Y}S/|]W =1fSQ5yzyTNh¢48au=WEDžGݯN"޵+`v_rC 2= AZ"_<=N^.dl_"m È 9;@b#NUDj{Åđ#& ~5~ 5b6аDt*02yNnO .Kq'Tlz兡b؉o ;55[̧ČIq~s/K%8@&m< #GVMBd,䊣C+d/ &Ԙ(qb *Fcy)e%U}M+m9 u n((A\͆ A-UfY`?$KaL;ЂWV+uQnNk-āKUN0eA8~ c z ? W x!!Qe%Q#:D^IOJmWR!bQr3I鵐P8D%>rB~2rqVбY ~g~Ҧyɔ5ŢăS_io7 Aǹ>rTebι̗6v؁:dx<.&AC>ebÈ`[.+{MHUn/-@7b}HkIp ޘ +TR-H C0zW͖Hܤs fN_YCE/ wO*v_aԝG:<v6S)^xTC?9z@Գ-7 zElL2^Y{v;^гU}d[Zm zȌ5.sxy]@L4,yQdD-O'*UBsUHAvb[< g؇ jQ,FCC34*svFݵV<IX@-a|܆G*SQL}O~\%G wBΥڹ~nTA_ `&/pGg )A7|ؐ Z(pgc'ٺ< s#}`| {)?=r^0mz¥H޿m ZZM}Ew W^;8#US"g# # 1&\ c-~;3gWQ?Ѡ/36H8R˫ ^#wވ#O~5l=8>Bk>u@ܘ8RŰ3`#M )rXuX߸̬}RvWػb51 Wrz?7+"QNOB1w!Ҵ=:?\Tp to+_2tV6Ժ"DI<٩R,b4ڇkusbGZJTZ)Vس7dJk0Zq / &Jduq7 !D$jYvREPd`T郎vݓ10&Tޡ&33a܀Lof6*[wʄK4*Mpj 珹kJԅds-? n,~'SgnҶD$_! \kꛈ!ףA,أg8;?4>X2'U4" ^(4޶otdokSirrMh!ļ]Y9 Y*@On4$2D;Xa{%C;՚=^+49U')V%w WvZ\B<Ɔި„7 H8 GvBGLao? UHn^F]"n Xjledao]L?ٷ'~g~?z mO,MMld%-Ju Ybf_?ķM2h%{if ,X{Ë;Z+%߰stxl_E3g[Sʏ` *J^T$ un.7w?._{9QgyAI 4\ i@=_xdƬ"^d`^qMZ_gZ46j>mvz5aYC?Mj>`({&;Z 8&>Yxz#3/ '=/ӢG:XKn{$+¼be1 i[w maI@ҹڨ1]v{DJB=A8'DYzl'}IVbfj-\"+P;z}}˒Ex̞dĦ̀5ͨ\+ &jv^ 3kY&ɵDR=c\ +U1 rvU|l:b+1G.3]=h2lIy$Wp`yH͐ݡU=(zpBX <}s}EѵQ^g.o`{ yOL<%>u|#ԍA.e3q{8t7n-zqkjQl;X*Wz[OS3$*~msm=D;3xV\:zeo_=8D-DlFkO UU q5/jtRvVŸB?luE߀ZHX[6EV 8>g$KY2-,(zǶӔ%S%qc8YzCBXT \3E ) &5 [ }*N494 PC6Bg{ 'x'A7b %gayӭ却a&yTjX(wpfo,l.ccyrٹDmѥYY%% !AQܝcZ4߅(g;uxY7yJ1[*n9mZM4aUe-@colM07.0XU\ZFfcB(Y *kO4S3\8$,i6C̶Zaύ+SV+oDms4ZQ7RbA`&$Y1=n_v<%:NI\>+<S@(t~1@.NfSi r~"R4xb@!\lQMN<[ x;heس'PUN'2#pfr[/W wG?G nEBm分/|ڨ~ݕ@4c{2oiSa_E.M:u}O>unꤿ֠Nf03uWh ]% EQ!oi Zr?&R\Mjg=i=O_&rO|7F4nF(#6Il| l_.OKjrg"5]m; ֐"!;v+_aUF)ҷ /27l[okLZԁ\2aQ"q%>ʍ匈}lq=wƣ9oXf}zOG )&_q̶{2i0-X4 3hyPUWWjV Rw04P!O%-f̅L'F¤'@wE6gkX[ĩIpY^nps#rщR]9< ;<+~pá;hc(nFJ9m3UII*J;!BcG+j x7hrq'et[%<L{Ulz m$FJ5ԍPc}U-|{19"ks2m%[iqϵ+*An7Ț>vtRuCvayxnېX[uS/FVv= ɁZŘ0Ok$A0t{8/Z'F)ҷU|W# :?&Ay(mⳡ0n~0v:FĠ(42edZO^dᬵ{RWW+ cœmUz ԫ,[=+c>v݄~ĥ$+eܸQ|rO-R#ỡsdlg4؝sZ߹Gz~N%8 [#=+F+{!{9إ`C9H:@*WHNk9/y?E69?" i\WA$be5,i-qk((K+Y9{Ԃ2Q?=oh ?P}hǽa5(6YUUx |^Q_vW^?o4`+fxl@oq'f^yw-(`5zDs̐˜e(ktG/u:%$'0pE5u $iQβuj04;z޳4x6G,bVD ԥ?5.ѭjxɦy`>/˛@^o~KDCv)TmUt ~j/YWZ[(֎C05 )5R?(ɝcu­Ԫ0ՅP.Jȝ NLȮs1E<6Z+6ad:~W^ }WfNu^{KX+,iL$DmO|+MM0!cu1^n%o+2Ę4t!^Fw3PM^gvz18EńA'/2Jq|g҄/" iPE|j)7^q.ڛ $b|'ylJ>XJ2N4>3|`Tcmde0Wƭ+lQQ+7nw.wxM@T5'\%>yVVgs#ɂ:ύvy!`#uWG{ e'; ~Tp5 {kkba¾3yNǁՋC3V#8[=WԜRV%U)m4gJشsW5b`*ԳDg-rJ,En0>Kwt$VXHIx|V xާ}lb ,LMT!o2jaٍT  QXV<`ז ^rl .if'O{]l7oeE'K9!vUڄȻtYTg쥌61HwDAK`\F1ؘQ_NFƏ&;R^ -C!Z5+ti4XB 82tV9/2YKGXjt` v^^Ӂ2Gu{Įa V)--BiiE,0\zpjY;߻ qyiI& ՔQicQm3 +[X{@HމT֋۬Amt&a3`(^XfE4]GOƴwEO,dx\D8V+s|蚤|&FS C1k57$mz䬚H|Zw?e ;uy }˓![5/>p~Q<){Qź2UmLxP&L #qXuōs9Y^z{^h~z:]>A9<&'F{B>|0HQ<+Tf&)_VbV3J3Eצ_Fi7/{!W"Xgfp89?27lО w7/nX3n~mMVwTx8V䱡{3ZZB2!}>d+0E|rM [~m=.Mf)|;HWXG~=nX9gŻ!MyV@KQ2H$ok*IxfHiC'!ivӇ^)jvdǪRw$HǤ \vP-`'#eHdv^e˗~UTos?He63q;1mjP꘧{)'ؗnZf>axaxsJ~\l‰qI GDªt)D ˨ղM]0~M%T% աT7=|p|F|KכdcNDfl^9[jF#`-fr^wА4eIV!k[scyPu$zS ;J+vqX,]r |h;VzN- DL H~_$g\TiVJsgMh(r(oqrezu ~{ Fr~nR]¼ <$^`| υiYMoc۱ em#xA2 _cGdUNA>Fՙ4ZqtrDA~MT7TΗV<07R0_dڡdֺi *tJpu`7\D%lpZ\wnz˽6xQ0,Х"JAn1\ar@#Sҿ7l >7>`UYM~U7z]gG/`PqEd9X/@ vCV)/^/"Qkӊ 7BY?#Ym[B*L wLcգ^f]ǯ;ɠS4iC@Hρ-&zMe0- x֌WZH~[:d""6zr[Jn<e3aT5Dg'e@\6n܇8a׋>8e04 jey#:_0J0}ЙZP3~Pw^ 4+ ~і !6] z~8QdsoPT+6EV&ml'%C藲4~Շ >.{k㗵io Z;2jßNOFsOۭ5'/]4kdfpn5 _;݌Yyr$ݮQc,h7kWܒoU4N)4,P +u>J.^W N>&VQL#=춆MNRUҹҎ϶ZCj9M 4:'i ˕)3K)JGyf8`-K7\1IW NWMӼ\`JheY/ wP/.qD&@7]|V|]Diw1O?_,k)LD؈ԏ㓳4(b2=yn}7%M>a)i7g9P>>!y&Ér ZV?sU3}2อ1a73Y]outU@>SBip<;DYD=\BуR%f5\3'GL2:G6 sz5S6S.f<X7Fvx^ù 䅺Dg!#sF( ‰=]ּtSoY=[@⷏ɜ4PӤi^pR8F,ϠߙMaa i+}pPj,m %D"Ɉ(? 0% &V_e@Nrˬͳ66Lr?|%~X 25=3jt3Y7jWTTy5>) 2N'jzW:1B5{()W# cA˷DDQq+[9p?ѽ{!mj3tI:Nv~HE[M|9 k}޴ d$kӡ^b`jޑpߋWc~5 %1d " )FB|o"mi* &F` Ճ֠!;9_7P+2V:^劅m7Cv/m W&ɾNI_xdꝹr̢[+hxSH Z?}`IvK@S ۲7vb}?6WZFjf[(3fY_S CT 7{+)`]ߧvzk?叐}7cJA=SOKIpcM/@͔ M(N?#;꿵v&D=DD# W M~w'β%Pܓ Q頔Hu`PU.$`:HM6B,dl,P̶)W _oJ!ç:S;B9_7H"ՌIPmxp]b?|6գ ߷)JYHkGCWK]~w藄]ӽ"fsLJ<>"3|۟μx=.[-XN_0DA/xb aDyA7$@ޮLC1qlD`J}Ŵ3}<:^-%s],a |\'p vt\JFc_5jɿ|ك.CPtԛ[*ƻJFLJ;*8#q놎 o ap@w-s)0&D/Ĭ!^-}Yx7%P~AʙeG-*TyJM 0YWU5 ?{^5 hu[sKkm(^NDjw)EOXX}6[){8x;gZN2?߻%F4Pɩ'g}be9AgI!s1NZ5^9*F[BmR.I#ui#^'!Td&*%y^ABo6\EQ⸃Cޖ8nY~(/0#)CG=i(h *>+EWF&OАe!3b#7@ t=V<ϗW> r?GGni;&krF9 A Gk4 2z1tvs@NoElõCYz_X]gԜ};a4hr.)-B` lB#^QR@ǵ# ZlGb :95t~tԣiH@F곻7hYq#.iME$CtQGU]VoFH#\vg뉤etܵM9ąHM[|Î>p* JX1 e+ Bw:PΆL I⢎-V22T !pBA,?d#Ҿ?|W}Q) <]݋F}WI 2O[o.yC/odɛT7Nwy 0$زq'# JsM*k&ex@Ϋ6pwXJ,+: G[ft֛G2["u0C'+Ҕ:ȕ͕?q/ٔ #w1f۾-tCn2)PM";LtUOY`&QԴHP"gdADGͰ>48y [Y0oaB9LS[XGU8C95Oo+Fmة<0=9p7AK4,=A<< Q+an6urT#rW{7gC~ϗ.uJ_ .Z:J28O|xʚq?ݯrȅ~āWuXɲT-Cw,ڕD{Mݧ]yv+{g5VyIaCo֣=4nc>xpqFfZwD|$(Ŷev١/d V8# m..#v|TIa+x5MDGv! *(g&bVD_-ϞmQdXBwL j/m'kqDȟ-[K%C"?cE7嶵Lm)l2 qq7R/TOiX\LvO ;s$ )OOsP2Jic/_i~a=(`m jJ4aj1% V ;Cs CjXfb N @oH#'m U햭iŢRFu/=.!=[mu'N*xZRrbu *@iqV ϼ᱅ 1 *E'Me.=ooki!t5%4K2i0Z3A_m=Dn%5#+n;J!Ogj6V?L[a]k%kKH1 2D8UANZ4f\;b!"9C[pJ>m> o]lu58JbvRػ384Գj0sR>lIzY4KPc͚#+jW"H#ꏅJwX(_ 1^ %զQJkD0 KGD(eq@4(`iœ|J a/Q\ArMcS4P`-#YlQ\RbP'ZW}}}oV  {SkC츥 6OW Y|lhޛ!|v4O9MOv#W_Hm\q+ RbڪC-H= zYNEx|{z`BS~o,c 4<@tVj!;_&\c CͣUpSN%l.u6p =NBpq5J^#GoC%*+&ƪ i[л)n* o~ MUNɯ2?ba.i]t.haEb玨yB%H{Yp]@Q~>Wtr[]I^g}𝂅r ~ ĺYPAFmֆ=dS}QeiGAC"^jM"ȞR"^bpVvI`Bƫ LXl=Uuƪ~pttHu9o&πZ[Hh PRj4wO"7;6H6:V>.{qѣH"R'\zAw1:Eܸ)1oR4 +)QC uAGrw9XߙaܢbzmiͶ2C1R#1h3+?KYQR B9ͲBJB_ZP.L94R~Ey.'edu~A`|{ D^`񺁍oN~w$flv;GA:4ɲ0i CuFF$t5MM@1&fw7O}PS)ok/\ ;"w{܉̙oFDXƖh%P(ggw/NVhOCa(L|= HKK2XjM( <h-\y7Aos!ҲmՓԼi"5y&[ Z]= 9 a(yF|嫍@`h2} z"HhJ- (`\ďpZ3H8OxHNb{g^I#9Iq15"<2j@!nǕ>,k2~j̡afmW6\5q V[6CeSJM)Sr:r!̏u9kw!‹;:CVx״lbU^@Р6E"캳;Z/f9[ARmOb<0!# _V}}d˷ՑgYJ*k-#F|ِ īGT h(;+ 9n|HǪOuC" ]-n3گj5}˒hxY?%t뎩fҌX.Z! ߬ <9u Kȏ*dxa@ȃs x_Ρ6q`?c&Q@Hn[=>׼DjF4A%ї!"x۬R.Bi%ihשׂspUj3P%afs|_Dݯipytd U3O}6iiokkFrH୵JB>׫M/\/^Weq*'?4S ݒR{ ܨțji<;oxu4w>57~v؉K /97nj5#n"V,EX.Ԛ)GGaHH??[D><+'l*UsOswMW"a<#Cs FRn7'@!'kDꨄ#wcbD {J9O~@>JES{ E7"J2)Tk>5wҞ!GK]'=6;x3 ?vO!I[t-rM][`a|5iQ,U&a 4Twv l1( wF]-b eh() (,S7lypuo0~D"n/ZkxftKpo%A%h@#k>V ,Ҍo0Gu=_JHM'L_,ɠhe՟Sl, <{qk?BlؾIP8Vvkʈ%7q!%1d90mk:mϨqZ uM{Ʒ-v;jC2-IG1jd^iA4.f tG6E ~(SaZk  v/#vqM"@vD3׳'kx}qScA&SIU{'hSkl#9O"!/kwj)C]% PƮ6+Wzfm}]U}$@T}r Q~ڑG ak!֕@ )kTUc{ٿXlTV|Eԗ0Ddo)VJi衲˴s%ǖ q[.֧&! 04g]|ngP|_؀\G;BVoRQȧr BH^;! ZؔȺeŽ1bZ^BA\ ̾c N5\/8 c=]1qM|c (<֛ԸN̿!,8v,[@uft5ATSs@ ޘRr IL\*I2mX.@kD%U4c!aBQiӇf46 P.cOA\a BhU 75l秤b탒ǒM7s UX1^Mb6AiPdqeŠ=R*#k%Bd+A~V.lcP޲dyt[^GϾhjXuaWB݅ WR&fpii&}hD+7?کE[a`N^X,&FU*24%Ď 0%Kc&%1kFԾ ӝ3jnhq~$Tƺ BP&#2)[m'hMJ϶Y,̝S[&o*;/(biii?SoXa?֓h͠EdGSpgW!l4ۀH!^yn3w')}1.Pw$jQA|KL-ھw6%V3 |LzmwviB?od!,eVm_?g[n;/0'!])hf,|6mn4Tn@UgmQطuqfN&JPm/of7;W %*7?m vYR扉{m>PKڛJt<7bkSU/e?XsSC=| y' d0|2I]9Y"E ClE_(fzzKs#R\|"ɖ'cGKm3Tɸ1Wg)o9Pݪo3c;͹,q̱\WڋpCL#9aY/l ں*PJ4LOa`RR#%Gb,~VK5I⧰&!cv.dm7g-_-iH:C^'Z݂DJg/?d`(,1&E'w Bo!c] pmĸ@ؒ)? F&5ηOFNQXdgV*v/JNk0 -s#ɯKѾss0ZC~~2}5BV ۍ9pW(UfXtzv*_DQWqܖ*q@tka=4QrziKPbb>glL'Y{-]RsjP';̨OC73+ӠJl#^{Ŋ'4"WM]YO+N<3#x ;)-լVzj݊N7E%2ɥϧvo JRD?QQK (7Pm.KYqbөǫFn5s-ό s?nް-a%]œxnstjU'ѫjֹ=a&<\46R E۲D٩x OhUMɘ_R ǂ(g&.B;zқ1{Qlxd~F:Mj4йuo{+ova21Ps ]zr#8rE]fي™D\1,1KE{WG -ͦGkj%"X(w)HHĵ?%&K. uP8va{i"MӦNRi@| `A= TOJP 8lg@~Ix17>RG~;1ٯ)M(0WS#遱N%\iQB{Enb>bß(#o\nЅy'ahc .U]q-k K:'м1^SG"нnN떅=i暘ߍдM 4" @f»"Y =d d]SiU5o#WQÐ6dD1~S]!d=AIUZ:o)XA3k擿:&RSk0QSMmypzM@sCƽK`Q .l/^b wX` *$ټK8wP%eE{厓tͭxbtX~ʹڗ)-&}]Nqrivk3aZ(I|btF2蘅tW嶩^0L6Dd? ^!Z!2%8@`a4|%nΛudzj;LҌn",O(qioqS~~ !%sxu gJBP-<:_N~fX?@`C?{9|xBvH:j+>d:t&YSƹgZ$xMwDV(pQ yG",Ǭ<2mV\ S&TCSݔ+ ?F>Yidq㞻G(iLt/ws <*dV!gn. UT gxcOK+.#_ ڶtޡd0Cyd6OsZ<Z#0R6j:I9^4ì:%S9(z.#X%\AOvibpKՏGܸp8wV:ഥ^OFߺn'=,DYU,} !+,B&T+j6II@ HX˱8'pIw#uPALzQ{$S#b5MWJC^:||k{z\bK/آ}֡sá"1LRr ̈́5 23_-T>f\L̴?4X'iLCC'ƸgC{ ZHUJU[B!}([gR#sJKjPK#L:)QH+{E2Z*ӳ39.P%p~o-(]@Q0sXHMSۙښlkB|30#n YXnd`k8z޸䰋v=5t[Bk(VTCfcvRxݑte ո>9\j~BNB4 W6Y R)rn9cZP@ֶlu܈}:[DLV_4vLu-m̄%95-W4OޤNz8ogm" /W< QN5t@l*MQ2{8q!/ z^;F؊$z l#im vx:#^'G˘jmweЉ˟eǤAIXI,gn*/woaDʶ:qژҳA u@X-Oq_; @U]^'c H+'HZݎt F=HSr#zfv6T`}pQf"HnV^v᳐A[JP.&z]DDBEYO R0v en.yI*^c:@ӫMqNx3=^A0(ڋ,}tw<:,YUyS[ȟ ڔ% [HqzczX4V9/Uݛc'|P -5d9Iʈ('SLl4\hPnrŒB~JNBcB0o[|=MnY5W?ZaQ(1;I~xåŲ]tNJjG25t AA蛻 \wZ4<Rb{[^g'zv5W $ ŐxhE$Sً͏)3Q~n!0o|߆̦è2TY"!rx`4-2O ]DV"ЂӅlkO"r'Vgw Lʱ/z\YEݟ}e\#>zM=ma =,|DM[$DkRsaL6vG)]P|֑%y.?gY9* X %s\pL \YYSd/4%WRԪ=!k$[|끓<;R_$ƫ&ͶN>{b$oCIO9 Ai)լ VB\<n <۲U0e;+>8UGē9ڳux:ϊIHjpLv5RcrVF+2HI ld7">mYkTn?x9̒\҃ޥ鿢`Ax {OwbSR?w KN8iR8t#$'_YwtWƼKXJ XA|Z ʝA#\)\,|)0U9\J7}eJ.e7fdup'W#٩H&lmh #1VKMRE?WbD1p&+2t [V!u1t`PaYي7qvLbuE[O>?7!6±h_[O vpW;ptU *eH,^dx@Œ! EhcWC~}߃s!{=eď]}f ڶ:ǻ$$рoBZdoxVr+F#IT~!TMLWy;K+J$t  ɥ!^.Ψ* Hu-p丳D7>|ې Jd7&~P clhS.)G"́IۣĂ8{URqFm9yP_„ *8]WƐ_EK{~8fۜ3ėd6C!W,WX?q"NqJ}喿 #]|ok;z] efbȗ2KIJw(+&6)h+ ¨f2V-p/>Dg/e F6AE>`sqdv7}eCAirGN}V}Nj-JT*& -apfG"k28Ct~YJvAvVtu1s+o~AxJD}~efC}::4EF4ǛKء2ҴƎ kã'z:*5dfc- %l bl~؏+g#{zJ}wu|leIp;3C'Ƴ"dwzXp\"d |EG6QK7UM"qV0/q˄]7\pEGc\!ɔ+)~ W"c=׾eZLa-uGZ=zk*;.ڹD?6SژÙٓlr_4bu5)g1Avz> 8QOhL6+Hdg{;z[uJf471 & ͛+Q}H.)[H'55ƿNۭN@"j aƖD_WQIkMx0p4=$<3F0e-=BH<*ʢȾ؉~%!x9|Ϩޑ}VP$NQie;4\ṃ'ӥ ϵqwB@0,9!^4pq~~B'S%ҌHgHeX3R:QHozao|3ژGge=&Զ6Yܷ'fm3g^,:ۂ qA| Olj#Bb D;7UD=<E9}Έa -qG-~(l,<ŝ⮭_]>r$9;=|B0 yUs?$MVϭGM@Jq 8Sp8'1\$,[zoN8jPeIX8>ёP6*"j`СWG ŕ JSKfvR߈!Ke5,,!H#o&{!W.Eu0Yݲ, YH1S\9BTDvv>ZpJ[N;& y =<!1]ɞe+>Fcd@yCYT{g9@k# HgH_"B^7[F7ݧǑkկWKo CDj2WREJ"kA?co m'qOպ-8C 7;0H 0bM/Nh 2I͚=.zpW_P%)hjyfrQ*ܣ| DUj9v){:Xhwvp9e㵿14" &ĖnR*h :ʬS拝)mH(h"s'KVtxbq8m7_HlެZUX @mߕh*>l\&`h[1dz؞sA%̽C,Z-=sC,(Vv5_V?,쐬$ >cw}`[FtL[mf+xrܥ lB}vr݊[A<F̎?p2#NWor?o]u^Z-z9]%̺>JLVօ!ϔx ;1ф=M~[(O,-އZigv[yA"-E%3 Ǡ\S  5FdeO< ,/&NdpbnXs+azLg͵ o*(U 2kqtVIK[QkIn4kM[0d^=sŽ-uX7!ZDKυo,E*p@Pw 8!l1#E.3~/5}o<< >OkݐwW_{7]VU\sjݔ#yaáHͫn fLr`.vm'Yg3:tK>䜼U72T܌dQ\w-WCK6@nE n_eUKRҜiN.O\ pjGx)ɄZnMQ=k-kTCs~UHߓ$a$l~ΧZϘDTX)PbΓ_уO0pGH@f᤯}qB̆=| XTe >/9!ˠԀ"(P/P 'TkmmW K;: triO5i>tc9m04cLV;o j-TCQ/Jhq}ٌYY@F]1:uy Aȕ z,4+LfE]Kćr[Ӎ|j>zq+CD{~*rh`41`eٕH,b>Im0J%7KmυD߭7ҍsY|ssRP"=m]z,R7Z* F-Eyw"?pE`LH9(wB#YSS8aŮalOSם^cT@KMӒ}dFsSqļ,BAvHl(DN`DN;vMM[:su~ؿV&bhM9Y{C]G՘mAQ9O6MSIx&B}֕N{wӤ "P?H! ^5 {l)_mlտMvМD/9RjRȉ?1+^Љ&Ue~]|#YBd+K%ѥr4~R*_ _|!kFbwvLf<ϜlX)}N?T| OmM~8fuu]=uJ *1ѥf#冀1a ,|rZ^=;>|u3Wm2۰Ujg!v,5n^S;զ6==|flL=EX; { +4|gwu}C]vnDYv.mY!~/^Xn*VB` i,xw %'n@rPkw#0V,v@pF#Ya"jM'P a ~6tCRCYEh.mf$o[(7݃^>pbt {Xx}:MG"x@tDO4&.ݖ+AvXY$.?qS*ПDװ I=0⪕O} ? ΣYbm y1<夅 `쀴A~#r<\~iNh}[z"jhL*Y} u lCfGB^N( G8ÅåEڬ—(&JO`v=Tfe 2,~~)Ò:@muu^>.EGXQG`=Qs:Sq4V0;X/8#k8r,LOE`uEuiBF=IE]bʟ$O$.$Y7/cG ' &1XqB5dt/_hRꖓ<$Bƍ^pS\hQٜ?l;28"i;5TMPt` 3MÅJ93\Myr]:98t_y>?Pz C@~-fd$jۂkohņo+ƗK, ` W(1ݏF#CC1(fV@I|%ْPێa %#=ӫ-BkPKK"bgRD:`f OG8hX̥;Ϗ׷_4/C{L FEz 5d4d{ $ rL9\Z)>lIO`X3ðø.E!q"q0&s*LͿh˵%,uۥW>}c0$Gx5/"S(⎛\|HXt-Ĺ悟zX\Pl#b_^Jw3 0>RA%CmTƷd͗z6׎T]cC 檲o$oYAAsoyF/zrBaKMY 50YEZq7VZ`XCsYS3ֹk 0es#`POhXS;7F<SoJR7"q\&[|#*~ٽ`W%X[^ۜe[9o04X? 'vRE(t.hP9(,i'925QI ^~5iN glw ̐s*h گj):pD҈ӱ .8(}ͩ؄*MvkE`6 Ym6h ӇjؚN'8<];`7 8s:)+h`8ra<3V8{~ JXzzBO`p[ev=Ceo%G/@Գ\'놅*E8ujȯ3rf3_ yOC rT^( w7UL Dp3%P+ *@yLH׆ BԒWԙàs KTp#sRť=1b因C> THpv)۾`˹YrfwHO9Vܐgf?Ќtx*+4jc %10M%sNmb^K#H%f'×Ո_zQh#V\78|K3kIFexu3[MCۺ/S_{Tiq^cQ2rPVaSc iƤUK|: "Дߘ73qxֵ_<1f4=<4B9 myI053s(tI`k-*gpJb'@corĿb1oo5;Lwhdѐu̝@Tǜ3I_@`Ed,Seh1llArjF 1c.XW&+ k趀V$;b|#آSe 0:Dբѷ '@"ju }c?W$+!nKy: ep:B-NHCxk!)Spr7ȥ0OW&Vo{^|#䇁wʍ`~Uܥ#JT@s){1PADI۠욣-_키@G.=Gg$'JZ1`@P?fx$$j4h(K?=IϒF~y4A;x4_̃), S#Dkm3a+gmvuLq Q̞,ݔ#.^ UCsAXQ3;rR|\ˋs:}^q@ 7*oIBhcE/^JnWqGR%h]D~oM6Tu.gi.S~2EL# P,ϳqJŀ, b%DhQ*YF nY$:u0f ; VKSmɽ5;"I&nI9!)%ҥD7$Uf0tc\Z>/w,@S5gڱUQG|JO$Ind,M[A̸kaS%_zE6Ź\BQ Un{`WL8℘vA!0RϷM-{9`&[#${ nlG*}I$Qs1jLQױ8yӄx־j6'nf,)\{i)trR5sf'>OXI]6~/xgn 3>BGD'c$^#&G՟"ɅPh6즪<W;a?EI9HpbUƚ# ߹+"9y>s)b#TǛP+qoNХoV\z~ؘuHqj b Z78Q_n- JH{?XmR"zs iۢDBP`k '9xNfp:M<% \[~SN*XEAZycIuiis r ;BM P t=kG, ŨHSQC\/bX3q3ЏQs4tdt^oI#mӻ+\ Ŏz_yZR tS9Ed PS[!S>dLs&<Gd Lqp:&P8#Bə?מFN{yInUB8>tD]hk[: <}Y :TVMo<`M-Mf/+%8Oy˧üAx-m9YOm *hyYw_Qؔd h_v3kR 7V汏nK9G]K{sJЛA#ZJmdo2¡B;ko_͔MjUD>: aQqFScѰQu*xe/(mK"‘D>N^R)AOٳ?3:^,l7c *A`ej'~kϠ;kv=&vU3^RTͬޖҭqH+oF,cFu/'b0v`^|WRk5|8 (5WǦAz's}BZ{Q5cU೭H Qᇵ]Hj)r~9Jq<:tNo \/&O>iM,U4]L rtFXKI,]K<`MDO#hYyȕKلAZqd#sE>NrV#3]d~3@X.r/Hh+ OC5 ',{c~D{/#5$!#~ x~(8@Aԙ ~+KPկb7%%o ni4VNzO57u5RC ȨrDj㫭,;ZrJRiݚ1?D>ʮypMbyC KPF94S'"ZNOiIɖ,%ZA\Q6xA؆l0n&- iKM4 wL`5كaЖz A1q@=Zw; VӪ J 1pa;`#.1Fr-v4^r;$E7S>'\<sHT35Y?U HF(a7eWn)].1/I˅ ~\b,8Mwqƪֲ#Ata.MvmΌl?4`0LtA2ipیW(D}G%SY q~"9 ;&Bek4 ύZa5}<,gzT\h׃TVHI1E=~'ONl-(f9Hc勰Vhμl:.v#Լ+Leg%k^ҞHC>UøJDk 97%/`n!3{@K u/$U5DõrYt]⬯ݾ:&Y{Sٞa;m85*Qc_&â%<;Kt&ڝ?nckh,8| 4ZNۯ|kU?8qPMDRnԣ1E9 bHx%200d#e ( Y/Wedgl 頙9Ȗ Ŝ<}Vșc *W[_ga-+nNվXkM؂\!_puE=a:!<7r-JoZ'q+{]xp5rGn_~˨DZ]ϋL+3Ny`E2>i2O*\޲$|c9T }9-  GF!ъ8Nk<եgN֍}ՋˬOi[ė&ڤr szBVeLf@L {w觵Unc{M&,e񏰇+\E '=R9͌o`PfB=*>dV`J╬\,)g2ꤿ>:ho0]zz_$Oߒ'fXLpV5ދ64ovS/l3AJqe3mV~<{u;ry]0yeKMeR6,NԷ0,VEW$,0ح߼<YYPX&O @ G5@ 傼u7,~J6OcM~`R;qL_/ܟm^u*995ztϧr{ )MgڂIEsrʺp})sJCIr0sBuB.,bd;c5,jԃFckOpVF$^O1;*3C1k oKK-=Sf$7 9bbt#\i(Vc7 ʄ(D>EmhyՆ!h:SF -oO; K@M gժ{'e JK3< ^@uEd+aޯ7!F%.ڹvlts/qN#%9iAj$&!<3f?qus)&1m4Qp[Kx'M MXZX^ظ*M~T<{&cZNil`՛YjY6-aLHU" 2/.,| 6~+nZoEv?pA ^yoIPp/Sc0 ?]Ԇm%p/U~fwd9 4luq8\ٌ]Y5ORqDH&b~9kl+oW6uPMJ{I8 rBk6>C>2RMʞHLڪRY1XHb_T}kD `?|,XFJ)/|PT$SwQ+L wIhg.&Ԑ[XJ _x$uUEOa3Írh;IU@ֵUiT$LErRBK8NJ\3y$)\¡+&C&t3DդX! x"?|1JWG>R:ir@tP#ubv-S1և)*4J7iZ 4?gNR-k#ɜf<̦MߧuƜ6Iz)S^N f_,E];ب`TsWβ#1 86%s0pGɠIX8 }õ'".ݶ/(OǙ_ 󘶆mRRa,T+ȹ@ARۛHcFJ4"V G{3`+4Zm2+>OH/9<|H{ I&Qfcfқ+^uTAb-N wӷn*0u@Ý}{x yS+͊3 G #Wj ^+n?c:ۑFܼJdTk6{v`NL.&i<0>ެA79c-G^b>LӰ_N.G3P* Bl:5OLJe iHk}>/$9YSs+ н7b '9yML>}#Q^`q6y\HVbJ <UbxR7uV9SrCS'@0eY,(᭐GAVRkQr4Mzkj+lŒʅKZP=nβJ^N 7Q6@[t2mӴ A8E?w˺ l leLT Aa4^u |k b;T"\d&Z!cE\٣3&* S}\c{IԒ}oɡkٍD0!iL{f8T4K |uAޘ\iFu֑Wba%@c~Ki A/Ny[[ 7PێӛnМ]5L8&S TzxĄz1762TDtѮe3YVXMê6 y4+: "J1WS K[ RT鱽>dGwf®)v&4/Hz SG߷; WA+L:{h:.e/OJPwq1F{?y݆d7d2ǃϓޮY֨ Z`i]&^n[۠#z @B*Ԯ^TRÄCyvRvD}2[JigvPxA>v|7mdn[HhSp'"lyGFL$Шx1[aVC\l3f"|y.`#G؝`?1f'weZ5m[p^!ҞP܄ 3C 2PO8WqM)檎GJ1Ipn {H L0[ݷ̡1X/`BRkh{CivPJױ]ЁPMvhi7dߖcw3Zp%}L&Rܜe_8~S3PxgnCgS2E9ǼCX -yd 8H-` s)OC@*2;(>cR,~gnx <)Ψ2t[طq1ls(8Ĥ"'ZLRd$9@wƮ}f~^ ZEjݟdkj/P'l[2tvo"=)ć Z_YsJi헚T3e{&ZI@HU c/IIӜV{N$rga(% g+7lHޠe1}./p2c kxRCdtJ w/`{+~xX4PktDA;KZ@ԟ'b[^@(uL(bu} k.?ndPPJ (CkME( \32m'Cj dA*tR9a!ѯmsתm$jFM=,%@4]㶏hQ)eH;Fvl$km>C~ψ/ 'Gn5$ Lz^5zU 笥' ='+5։F3VǨxCizP榇S>H A+;x+o/XkF^Z?OwɥvWcVQ WZ {8O4MjkTGG\]ŒB~kGA;eKi G `Y&o99R} 2$Rg6EҦ봋{ 5Dbpt)nVgk͇jdue2.ZF4mrDgd&K8YEvD182hs bZjB}~9k '"}I±U`ZP#u+C˵Y |Hf/ţHuh/C ?Md2w.kHOIx{VGoGDm%>~vmJf^1xb.:K>*}S[k`>//3)\^reJ4 ,DxCnO}g#OƦ U &7v}\yϕLt$s J fV濙P)ɣ!`m !O)3qiDESA,r5i*+c ߤ ,r)F Q|J~OC9UCn֊iM祥R9zAlMdDՇ_9ۋD\)4#f ^3PdV'-}ͮIs\5x'9hK -z*wF|VpɥPԜ 5!lﱹaAFSCufV׃!2}K(ZPN;xaRI֖Fg%۽e}C֖߂&qPcCiAY6Z~op0HuE;=հ6JPT+>_> :֨,پ0-e5wj/sl sul%i1vȋ+)|y"R_U%"ٴ7 ~_ O1Fȟ9 >wWIQK#)_>Y{ؒOȫq J[(wcŋ10:F#g&[U!~Pf>jgT+2sD/ `G>װntTO/zo$+a,C Gh:KoN!3<ːfQAS6(Wge* +S.wbZ,g_]بxl4)+?W@+P Z PZ%]]Ax}˥ y77oi٢Txp˻7̋ yRPec2e7˖UCkzfm9j-`ʽR9P59O >{89T@Wp+U 3B"눦l4b ZC`rU/mrTJ*pk>%P@~z(j ZUlDAx=:[U`jѡv*OWl^j.OSVC`$( 5d$CL]+Urǰ=˵ޖuJ8!OH]Y@ŋ= !I4T1P5~WKYILUBܾ[AnY^]$ )œs'`ݐ@LՋ%z/ \7G!k"|$fz٬EC"tCWucᜢvFpDđ,*3 [kMQejKt6G.uUnIljVt]oUZFd '(Jˢ:MDWݺ C/+l5W+ݕ5SΰL]neJD3] [3>*riɕxX]5 X̗f?gE^L^,tÒd`!Qii_sԶVä]UbjЙ|1Զ`n`(J̻6+qdդ~m<V[?;cDU(=:稄젷MR/ۧFTU3KȄvb/%Bs$lWˍcLG "y\${a-cfh6 %y9 &aӚ4M<.!d\iսZ4{0?*eVK}W"jeByF4VVָ>tqZ1_rrF^~CN\ 6)1YaPKx n .+;֣AExs.2k2RgGT'YDux$ Ә NV4kX9*B3@?=i*3dP$; a6u Y9LV 4=opaƛY8=He2V1,Sђ˘25wI, LjD_54KNkowv }D=lXmBn;Y%u&u.<=dSeN:Ͽ,zGcO꟪U6<׭Ԑ4k+| gϭ6d*&|i_Sk$ K6"C[hYʑ7F(LHH ŮNtNsNl.b-.W p3M @Cg=SRG\D9hG =7[w]5Hđ#yĶwR佁 i}>ζX⛻"]| Դ,&b\b=JOD>TtN |"+&ݼ2PWI$",`סZ+0!Y~GK)~-xXH>!8[a&%x%|qpk61Q)HN~!Ӟ^e34N*=HO,{(^.h.Nb `Dw3mO [z?p3=^Vf5WEwe% 30Mypy"h^%aw]ѷį*%v$H,z7l(i!!QS #@oĘ%i7,<JP#F6At9”:4'Avs:mK"jf@` _ B˾D;<=d }Z&u=xS?Dwm 964&{&}kRW[ J0ù,x2kp'L[DDrY ED.j 9ݚÃskH|`egaUY#qQЙ~RK> PWs#,|;OCy}~h(ۅǧL6glF&Rt5jC.|֜*1swB* d4O]Mxы9OBߎU|p1gh\o2T#GuB'z[H+YBNq6Ӑdw^OdϬL .EaGoD]zK}4ry\G,$b_pj'&ԓǓOY|g4 4 @-4zLв5)śJ,\>wSbٌZRkFTe%lށA-h^J (^_JpFGP˛TQ($DzW Lzo@_JjhX@WtC+!TJ* W#PՈv0|~8W# 12>g]7V`|` 6fjK1O#*VaKWL 9Lt&.d ^n[}ٿ_"=`iV`Lyu.ezHOmPGTkb#OkOx #=}[5KQp[񐷫uI_cz`hOG'\S&TV $Mlr)iVa5n>dR=_i, H5W7?17z dL3&O 3~ڰz[Qڶ`ꏅ ԥ `}Z-d]9ֻi|džނسԐw}-t([쉮^z)wQ]_]sI8unƬ[rs;]k4U41C<._ &5[cO>Q"Cώv(ix<Jݳ45Z.13[& 'xagrH_sC &׏" C1t اλQ5קUT[}0MQz2s^%no>G9,1Cv&x+dzeWo%?~>&|?j*ab~m] 6 &$YˊGhӪ4LxFdmA72a#X%6W6bM01p3cEjqRD_h=O(i*ȍ3gt,`=tH kQzFJ^̑Q/޺ug^xn֧AV˨"4,$\z˘/kF2vFG8@5jW,UpkeExIÊ8O|2QѨ}tNdǼl^$A"G(C=jw| '~Jx:sf zs֨IG;`I[Ex–,ps2\wŽG0%BՍr=RXt!ȝ:w<{zB(ǎ4lv4\LS?3)/\ ˞5c\*H=P^0(S H(||AZlhxj6+duZw\gKC,($Yx  TH`F[?ꉁ# (ŚrDR` =WDmv622_As[u6G΀6A*DU!$Z+8^w7Qsʬ"愻d;^;3)KFCӴpF^aM=&@<7K{{[lVpa;$qr_4?jwR}s0,JwvTZds>Al\ݰL+ƪ]EVw Ab< ۴5p0*0D5 'V֌nw |07} ky#0K=+Ȫp6Op5گ.* 8íŗI ] {E4)1@7kk% /pg=+;,=}23r]_.xU5^]ۓ OT#0l>TZ:Φ3t6LYWbfa7BJ7W3)U;t&d)Ski)Iؖyn`s-81ntl]>Hۧ,_B.Q+ۓs Tdb1& ٔkچW$ȅy3/xX[A$?AXf+p8l.Zσ+Ke-`Q5-E1z~Jl V~\5s½z!;U ]y+@HǧWV4(H` ocC6_FH}괾b>t8$_ϳ^ -#5/[aK({eA/bhMUiq3xR<ňIAT9l Fc6^M R6##@F)暴˰v%JD3ށ~_!Fp{o:a7,Y)^%unow8Ca<+Dy\QtW`MbЦu FMcƀͷ(&E5|^3.sFB+)f֏KUXk۪MJA¿NNH\CH/ ‹-zSOB9m\pfR&##K||, j|PlRq_4+@MW1*wÕ&^ B _5#j,2>o9p䤸y>BCe*w떈:p3#]R6C)xEqj [P8*"z/\#q 8^G( \TMaE]LN%gh 7^jź2Q4URa GĴ􈿼yn~) ŏv-i2ۙNbhr'gͤ KYgO`F?b lPڧ=HWGYX.=xu8"7S0&߃}c^IM%N0q<$ Z1O<~;2^CC5o&IFF\! tI-vqz"Jyfi bn;-6%^l3 }% [$Ä́;8[K _3px.@ł]L 2zꐖ\ȳSއ: Ko~< ^2 žq&351>;$W޹"򫄋V䵗tʊ] FHESRӕoteQ5BIhWKhw嚗\jv-Ad.&sijoIӶ$@%(4^E{\=8IqZ\`-!#HqbINW;ᑬo] WxH4{Ϭe*p{oM^H@}m9zj8ɕJ3|UKkQԚ;T"Ǧe j4}gHvYoKYao)ITx^gMԪ=,I¢ l̜A=jN&r[g17ցsJ5BIPD6IdxCLң߳7`r[[`Fv&LwbR"k N0 *Ӿ?K(!|sF>8!"Ijy- Xr.ᎣˌŰR'; >~xS홾:2qt-y5hȪcnskdĥV:&üxr(݆#uH9T%0 Hxgyo9A򓴓Ta{I eYɑ[iDZ{6~uBUӦц P9!(mU-#KdYP c!)HluFJ@u_;'{,2 F0[Υ"vw/'X'2(dbIsrϱsi<3dg=!6y2B#1{zlGag@ޫ&A68dnieDc)Es޾8PtM?~~.\A ~L%s,#Ot"y84;q h[Scg <%of_Kk> 1֔* bGIT>.]^Md}:TPGE֤Vyi;^8ȝ$zi/$=F|AS6I*as0 \^2/ |=Dnצ>dΚ G#A&ϙ)FdsJ~Nl6wۦc4]eEQY'N0{ipK[RUD/\m1AMwx1feò %vԔ(yT&-Cj;kU]4<͍ L1iI\CYށP}}iPأ`ʠߙ5 zcOBn4P)T2_~2^Ctⵢdc81Uuù5mz &Г>8 `y M}Lff9V#YyvֱW{Ν/%sRo2"P9rxAY&z`{-t:XeVȅ|ԨZ[*t7b)ᾳxQt;L|ogӉ/ՊI4C.V{#q׽/ EtY^# >sQuؘbMH1e+k=T_Dg@@pS3a`I^=Y/hj1%C3SCd(sK\wG=}0e_+G5`4Id#gN?I럐Xc" YYo3vSf<'CbIMm0ϦD׺/RPQ$QDJ0bOGFL*Cx\? Kl^x=kX ?E>H'ssSO.R(&;z#K2@w{1r?o7^}"x/@W|^H)xd/ðV&o;?/AYYՙ{ bj{jlY΀aF/3HxQq$ׇ ֐=B f$g80—F<%CKMM?JM)ҌFwH5\2s\̳<;Dgf^V/mv'*GIIBNwZ"aeɷb$wؤ1/D34\;+‚A1 }xHŚִ;F-Y2KNFFxPxܙWI5n>١vh?Q h-jW^dV3I/D1æg@XʬGTN[~[ xg^0:o/!#&5N?!pb,gDEώ03ȝ-ǧٔč="- .DQi7I$󞔤 ݉=gѱNaXP"c,|1d[|Z-G]mg}SeǸ UN9ddQvʊI~R'!gwW.:W&v*2o٥.7/c%~g63e݅0s.˔4JByޏ`aރ d؞n(UZ[{5K GŐRCa^%X\^]WH$=Z&cslQ_ ;<1հ$6H~z=Z`Z5M^օjEHXE Q195ר/~ v >L`Rm hD OjyR<7@;W6p8xũRF캆~ĸkp^Swm6R7أN稶?G{ř1287GV6ϒ?@ QQ9_6n>NRZ#" r]*^h]놀֭`G"d`d0iȠe6yla2\YKJ7nWEb6 b 8{C}oXk2IKq70bT4TNJ AX҄If*5+cf)& ]0#wKZ1ƹE!lh zٳ4$=m..wMfJcݧx$_q]d-\ֹ7&5S1,aʂGn!7)ߊ,+YGnQn#.ړ^N*Aq ycZrח|*.GM;K> _w\=plW.rpk*spBi5\/V;*V. :7h9ج(\};#rNn:l=y1ǘ f`r~n>`h=E#ŻWivXiLLq9re&ݷŖvheth ۩OUHLT# pp󽸯#5 6~\1O; T1&"@NYFNr(^ymA8S)= Q,cNYXrZ$44g-=,{68aY;f2 8$Bv21< MG6QtޔtZ&AfRu}6hq8mT2oʔJ=h=2DY5 u*yB ]M4$EN8go zw n9/pq. &-ט)[WU¼ޢ"J=P_dQMi7)"9)b)TWt}瘾CI(b%U޷x @~h0Pc.~J 4]NKx_~|ctX%9N,5 k荤2pM[8gL"ߒЮ;PY9.Dz/SjM!0h7҂?QTkᶔt49lC{`F)*<y'-l+5lV͂ONYf >Q\n4%97Uu9<(yn¶f0\0嵧\KF_%> +JkXNYsډ@@oBi^C>NLK[9=ˣn'}JRoڹ8SgKb&rV'>Jfb\d)Q!vsS0$yP?h]ӋeЦYqT181̸Bzme)t(=cBŶ $ngWS΁*:Jbuȇ53/D Pc»zd/:amhJ1$i#4e -s(=̇E>H8%͡5I&c qmKf}=[I5c#+x+{Js㢱_Ŭߦ&^O#H+eGhJo_kxy,xC3xa|>K,¾ Jz]e¬ {9hULu~oW=E d,]*=AyƩt(vs@Xa˻P> XIOmV1i21fqFTBښ?$8n7˵`LGֳ ;$e:sVDkXB^Qxx1[&u4yvlo:&U)7M r6w.frCnl}z f̏seȠ3%w M6TzRԪ6Ļ'vՄo 1~g<{ C@4ex !tK(HE (R^IrYђ39 ~ˣÌyq!t/z y LQ*w[حWӕ1k&ItKQ` ;XkVyI h2,GWd]7I4"Ypoe 9IC!`dO +ޟ'ՈK|1#0"G0 2.hxI2qZKy/X>` =)6%%MbEKu0MU6CJ "yiqy LGhF46ِåχ2LIg |ٛ*cv9K T!PVB ekܭtuwgse=N 'FȄf e7Vx-1}z,O/pZh24T.b=}~߳eFx+xHs|kq<ѢnA_wx DI~QwlfGoC9$° ™! {;GS#9uy1EUvq"Oy*4mZNCd`Oƅ2ei_!4A]>|(/t/OU(`2ԋ|{ā-X`(5*clRX._Gw1yYsw  NSD!¤v8?E?, alF&ϐa :kHgGPTHQCmx!%ȜhjReh*-٢6,w"A`!{Ѽt)2D:nE12gKn X^Anw fc^swH:.Ц/:z=RL .p||3~Sv@dhlɣ]# I* S4c;TʘϧCM>dBvk;v"gngّP`zMoJ8[1d,bQJJ>Q%GW(S>"N# QbwO]E>2}9t(:r^$mY9&V g$j,3XO]0sl{=lmblWkr 0gVTͮP^r8#*+Q2<2JD> AK~#ٙA)2'88VlS4H|%}0 Bh.E͊#h!_luhskB>LЫ `i:[3/uZ$_|"0zn,bOH#fWI>6Szy5jd.pYCV T+%>|)DlSF\hZ4v93Z9)wlgSu@5oxdVH.QFOy$a\t%\x]r毢IbctT'_VtڐT!mS*o 2rj_-j2PVO mڔ?(`+ò5O nXoXel'v#;;ET{2sSozpU`ue6M+NZs+c Ap+h0mX2XD g|*܄b7nw+F"MVLѰo*3BRfJZ+hN9O=Le<́OHLcƚk}!6%J0!42>Dl{g }39@wfQq]tZ&|7ƒy+Ey?5r159 =Vÿt&{ՠǪ`*H2> >m Y2@G4RkmGR K 'E@K g?BB#Aa7D؍ǽ_EGwz`-N6zTt`(^00e^:Ҳ%{wc*y&Q" nR~YR[eu-ɩtS4K #z0K {6$n08BhyL,K[S(a /MLmZ_:4!3L}.?(6)Y/MMɏ/N p07 'ATq VUPe@0v$*Yg~c#[+F2Hgܘb31!-!>"GQ!1NYBʆ@UR1_]ՅEtFΚ嗲hN5:0B3=ڊ<-fP_Ӛ-Ԓ"]%>R5< ]T'}{*(&#G3DW=,yn]5\yRT!BOTP h xư|W&Eu TJODr`&~r]pTaZOSԞ.hҙW R~6,vWEX@|6oR``ډq,Թ`y L,] kny{ldy.U~JL`a$z? X3sEjE5d, s:FCeGNRN3?l2@auX& ϞcʋEi[IRgy^_GHP{nú#1'l^.} O/ zV]!a_LOqLk\Rq >xX56tp=ban&߷(H&F*ޘu-^"|Zs[E?f^~.7܈FϳAU7rm(^t $bvi@okV B%j-KU|NdE̖}..4[Je[D0'?j$',@oơ _:b񶝼lPȔ.L!&#Ǿn$E)C$uzrތbmWhŶ ?tHaoo>4(2 վs0CŝO$%Nؕ=0 }@a<(b]Gs:喏+,RzE4+%7xGH`E_vN$0j})_+t6~-pA{1V gȀ3$p!R"@* X,w˸+9m'}H.krQR5\٠ZzE4@roSg>tp&Ύl~ W؍Bx vZ~RF{'lWJ)bx#w?WQ^.eJ}(u%mAuXcؐ~9L8OX|B. Y8^RMӦ6{Hlxݢilt(: h%#8Hxuw+yaCrD<|@lX1@fk>mPEQl<< 1zy#|Dqiݩ" ;Jd`c {YJ+$sx6Db&FhXgP3037XꋓX@IT⦙G;"M@eػx+.'⸞0M~Թg:fN?UW=,N/{+$O襹V3,q4@2SCO爵-W/@t^D1|3׀<>O{S= 5$>+UgwXºh2 9ɗ'[L";`eҒǏN#\e<9,*J$?rW'fmdaHR\;;l2F>@0 ]}NvPZMcόP"GX2rH47ag'>+񿛎-XGGy'SAx)}A 1;zclAZӃzh\sa{+ ?M%] Ʀ\dʭݰ$3PXS`v jWytMi{F_ӇV!j!W!մ[D"B$^;%eA֕(%[> KOK[M>ǻ, 3N;3!٠Ny_Hu*cId|r[uA9 l:ZV݁^w Cs\ ة#b@fq-D~mnz"۹8h{P>ѡH DZG.Cj*h.%/+m$ dD/eY.zdm@ g4 rġ5nP9J߬ (j5YwaAu l\4(h=qy ,y*eTKB %i-r*+WzD  z" Pә%58^ Vcxue.%,M%!"hNO)ҍO:6'*SXD}b7Un?o+-H ` rrmN,xu,Gt/:sۥ f;ƣجQO 0Kԙ6ɛu!zǘeredžntRa#<$G˥ OTAR3] Hmrs]\ `#y X 4 Խ-x %i djFHd5΁*qFM^Zۜ_R PsTnZI|8N@.%M.[ .1>B_tQ\rY*Sk_Oe k黽6x"%:kZ2:GVE:_ +6;79sK1Fp-^!9DLS%$htk]rsЎWN]> ?EB<'ҥ3ṕ`es>%'Qx 45*S|"GZwбƿ9I96EXIAR۪g y _8P7Q 3y-mGfF 84:@Μ5 ~/'GYESN۔@XOs0|vݷI: .5:eg-Ⱥ3& 0fwRF8 Cv r=Z2I!=Ng7Mg uTEBd)]\R*^Y%Ix^J,d> اQvnW^es|>XHur/v7i5/aGRN-lPSzwjdF"((OnΡNFp4S،BeV<}eql {.oqCǵXwBt^K:g+f_Rn" z<0|t*bWY8 E(ޜr@i7?Yę h8W*9e>ː}"*e ^;ӛ< Bl"?G(8 %<56xZtJ7B/YnOt(& PҬWBY\ ٗT7b4fSKrУw塻T˷|"cCa{_gliWeqZ(K* fӇ%f]py4wC;4] Ӱau{)R'(:Ca@$_vOK3k^Lؒy h2 a-iyq[f*\uo]ҿxh$6_Gu~8$8)Qd.WЯzKЌkDVX\Eiht>^KG#teͲ1{1'e?+c ,i蒎M+:ūo*4_рoahu?!8Ah@5n?T6 zC## zB1w4iʁv$24)HM(mfH)[cd`K9~ ̵MrޠTR0R$Τز,%w f;E%~}^cׁ#x9^ WjV!5G߅P4C&?߮D0N`.V?vRJ3Ϗ1:)!K9e'-4~EF/% WM~ /+ye̳=dO+/Ċ#!\mY?nBk 4F=/^gNaSoiac VV/ "û8h|Laf)h 倗}Y'0GZO}!m>1Sl!oN.WeDVؚy:T;ܥWp* H b`S[i"uL}jbދvx)tmGAnCόlT`3 _)ti^e.빇{ A 9` Y&1iY㽫 τ gx<.SI)e.SuNGv5BHͬvpq1;d ޷ Td2+Pq,AR@C $Qbz#qS񪤾_} mJL)JiQV-l)I8e^ |R&|m]kq9Xp!yvQ8@G%j;]O_ KΚO+n@0^SGP/8itҪ|(&V>ʽoUYO߽4je}LN3Nb_lm7[heABCZm0^N}B\WWOΫ w/ԐBsf=5Ef>+ b~ĿEƶ>#um.V;o኶G egTm.Ղ=]Cf%m1VxiF{f,^7ה2]x-q?c7Qs*l#҈Y(aU0 X>JOi4cD~^YA5= `<|\:Wѥ A-?#R 2_(xuBwyĒ(wl;Dz3̋YHP4WnJ#wA<tl>Vpk3a~ || F+R7?P[.QGe GZHF1rҋB!?kFvD 20wm;v΋r [|1nn+`Cqˠ"ADbK0@k;('DNҹHc^2eNƏL 2, K K7@FxOX'M!'{kl+/~\&w`@0P&5ʰkQ26ХZz ^Z~D.jK]H_gm =ń:G yBjO`OsǞE[IJFr_k%yn(*F+Al+258NcE_ǀ,qHhXgrL (0)1FB [w])J 0fgqs^A lܺ X] jȥ+26U~tpCPou NFhk::^pٶ8>bı Uu­rҸe覥[cŒnWM92c|azjgW`RDmIHp-`*}Ai]Ύ-ra~E>B[J"@-Mu; [Ba[ pL%a'_9D >98SS󯍢5]`!`Fe'OƵϻMʹ(MtIo%o;ʐvdE-^*r7ʲW~jQ BL%gϑ' i*}=:~B ”sĐ:<`A֒Ț"}dIA JZw4KxBغy!gY{-c ?R!|E&ڗH#^d=*wW宔Gm@O[%V  6.x i}]H"sNM/0rN8+nLc*(610>lBat&6wDP2͋KlR02Z>}w{ȡ>Ɩū(sKNv&5^Bw%P_U n8hj)A,)W Qz&imaӽre #VIn\X~ |LV%Ekت k(1kRTw%ǫ@]JYi33Tx˞J%I1[r-G*w+_ O'V#+4ʨaÌ7=Q?\a0hMpsJdz0rxDzê32)DƯmsd;᫔t0W,'@I[TQ#- wB\fK@2*~nc-88 ıx$u.68rQF5Ffa}S( !:H)Jr!,M!lNf?˺p1'*qL8mέSV<5!*Z+75F'_:_hձrɧftu\+2j/uL(I˜iZU& w6A)Ő|\v۴&^̀]m!UaՖC T:xD$シ*w„]GB\SAPij%Q' 5!)_?}(U? dQe,Q .go2yyqWf[(c}O\b 6-f2yM*<~5ˀqթ\$ls>JC]6HO(q*^*e_LAiV_96T8{sDwzߌ ÚrE~LS ab+=ճ4`;󔲪Ųv NX(hrŞB4W?Բ?8--Ha4L0_UѨW󭡎=WOOSj]׎Yux3UBdg[(?NBK-_;5x IR ^9}҃5M>OmFs -VܣHqQ( n d?XzR^/&T.TY<y";@N Z0P('r&w?1q'-C ʘ1<|\ yOX۱fL/ 5 8~pCwW[<LD%mWRS re/}%}?"{L UUjU|-ee\xqM_zm~edU4d4J)v+쬈8{Yxt0@XS"[3qfc-dbGԏG1 -J*#< ,3_UM$QO镫ۊ7LcM?+m.?듎-(FFDM=u7\K= nh8J ~?kTYt/344ϡ4{gۖ{vcU^[+)ȚH nj%\w]U3 k8^$lA#*cH`>mC5= 'SobisqScfcUH_KnbDžq'Wax2>FIwxa>s r5sUAeAGZՈ[Kq:LhDQ>Ut{)HjƭXD>8F˺H8l 廨F4b{Nè)t̫32vШ`] w%Kp?UӮ - 5Pj %^a9?1h2mT9SPe=z'c9 f/Y'y%v/U+ i0/T}E2c ы؟:W$haWK<80*7GǷTx01Q2(k5 IprN弩mr&^:=(b ?WFns `u(>%g+lĶ)%׈@21ljϯS4~cT7YKlVRtq"(86ϧ6$* /&yy 38pm.%8 Xa5PZL5m&Y=ƒE;V8{xB46 *呏V;`h,RE"zQvQ[^A1AdCT_*nާMu/{\SnnDg)w&qy?hs(oW5':lSZsx_"Ѝ"t^0[9dPzxEe.}[Q\#3o]!Tℴ/ f Mva,i'#TYVd(*Ͷ(uۧ PP c3ñ:{jy?Jdl51"QGKߌܙr*JLJhGo~9xþH.zKFL3`hQjEԿq("Ywco.9U1,PujLNN.C aqUHyC)?ΫScpeēj뎧p_+mo)gr <%7@5.X($LS UFq"]`C"ޟ ^v"<֞4)^HUm LH݅,Y"ş46`-X`I">~/vͿf>ѯ#R.BK woG_͚DYYZBci*?lPνDo;^*àB[W 5RQT2qvd,U"r%.*U-jh_ڧzN3j|TH#j:9TAer<Ԩfg?nfu6S:$5V"y7CTU ã|E9,XZVxyXJ8z/4iEd_V@zOc|UtF{dGmv/^5T e]~0I|JD,<`(#aE uP\IYv>E]Ja PVpE-s&C WA'u?!mǀf̭RsTTk~(PzaOnW`]߰Xw. Z=YRimUy `>[ o`UPڪ׈RHmtd3"5ǚ ^}n?uK u9VN%U!+2]3|<`@1֗.BpO9J$D!ب]). `N=5d#suT~*\90 ;SK׆tZ9hOq .H4c[&jPzGY!Eu*Jy\i|"tQ341*$H˼ ,v=NÁfLzH9 M\`/Yrip tj^\5J_yl|&֩PEA~tξavwBn$JaIJBNH>}6o2U?)iNx.$N:i$C|N Z 3H%h~aD$ o^,#n+h Ahp/ CsU+=Ȯb׺#$;] ښS)'E' ЁJyd+ET]4eU^7:kI<J56}J fHa ΐ7qhj飍m t CA]1-GJ1qdx[k_ԕ\>qdX]̍$ ^=̾,jTuT&@ X,GE4Z&oߒ(ē3rJ3^Ҫ%Y =0cRbh5n+Wg‡9XsЅEr~c-Wb }WR S0ըx3oJu򙎮bTC.IR {1וsmsTSY4r gҚR҈hLo)RܴFIF-Hqk{j-}"bFX[WBwX;'vRFCb(x$ AE,5-VrÃc=ɳHazDKcපlZ<3*MA a3$|6h#ޒcjڵk[|)Cuh>a<71ĝf%1-?Y*jdٝ FM9F(a/qm7(3 TCkXiU#'Frf1Q.7TcslǬJXqw.|3y rTN} 29Zm]ؗ Ѥ1Q%ޣK U$Fخ+ȮVEр fb4)DI7A48gj"ߥwlsB) }",8R}=@HথfBn*OyhXׂ tԾZ͸#{Dx m9D̀C!А.e@T;Qx8V2LmhDɎ][:Em!lx)T i:{@#"n}C%$MV{dcֹKbS{Qo(zK )怅SIĂvi!HKZjw(z>yxo5` Wl|ޓOAO*^#gk%s v=/$Yg<~k6@wZ*䕳 D*ө5stGKC3]}G<ۮzO \ըik p. 9*,n ~wp 5.(x48чyeʿO*N!yJ(Dcv̰@n1~KX.\6 X*YإώK f(QIcs afnWPU/M\?WNόouOa `MI4yUom}YrI xL Lؓ`g;u&>s+r_"jF8gϒѧ+ "<ըZ薰i4[TIRP|vRɟBĨO[H S] ?mЯ+HIs/j`xiX*zyFmť"YK4-H" ijE[hi4bPe$LRTBe\R4 7 䴻ϋ,ܩpG=g ńLs u>m!z</Q)ߎaG'(۽հ]Q2^mk'? IWz_eS=pi`p}tBvЕ: ,7P.Pi6 ˱ѿ13d>8GeBwZ,,p0C7#,eԚɺ$km}3<#ݠ٬@ ؛}Fѡ5*K]8NY"* L9XN$h:<7@'3~g:橜6 fXBKa}t <'m;ֳG"*zRzv`J0EbYj Z>Fŋ{K! Hd)zPrA^zEv%i;T(M~3aUp,s,ŏmG àG'BƋ1F(oa|^bt2O yo<-c6!iqcbܶ1&g$F +~$l3e.֬)"" eIUSYUf5ƭ?Lx$G, s6Js#mz4<<ڏ0Տm[ަL-Fj Os TUgcv> MU)O!nq  G@+ &[y?=Z`441,}Mx2~ds <\g0!FXdղ<-jbЮ6hw2qRD0{I%+Ug DSGnCxCHäktqΟ~HOvʝ&LyJzjgN/}D "_5qh - x*-#8־K;^} gw WU񸋃\$nZ)ŏ sM( 4 aUbtk0 bvSdUݐDŽ/Y=.E赂$~3[`'QGI~߅aSϾv5"OKqd}A$|K>9%  Թ5@ܾ\#6u̇I!`JYLhnJ~H&fE1ϡ<#C]poS0OE<årA[hҝ8ȜWSi8ik=d54da9N$,f%}-S-1ZS IU`oIEg;M{BMmMè'4NDЙ9iYB0 1;E9(%F01Ե+*W{| C:@^rh=;!%7EFk/Uw"$Ռ_#Ut7wy,fBa-ؘH+/}y]}F;;?ZĨnc}4΂TBy|#ذ[ѕBDXШćjJxcٳVY]R`s&݃(F j I!kAbbֲEǎ mM*Sw2P xm-q'tFNCi}exf2,)OPfIX Y8N6*t$$_6}jp@L8iQ")?u?g1Kt!IW`f422@t2KF-[}9i_X()"'ҕ`dzA1:Έ2,7UEn.4(<4GirR?)$yo ) 9F 'llbPb7ExQHM%'O>뀲1Lt.iN=0]qt!s߳6D^p-KQR|u:P֦ HWrϠ~NḀUJH1{M]Kz'Wa}/KC,I9Iro.Yz)NL`b8Бʘjo{vߖEAv8v/[k=&j£nΖ1[F(3"H•(ʱ/ +:ư_y5oY{H%.%x5QQ)7dԓm$;BsR!=F,YLѩO$v7d"Χo-a/q3kZ=JLUHe`M¹Vy%qhռ^xc5ܞ|=᭖aԉ_+|L|C(7|D5baa';X63$ Q*NY/DZ[{6PܲprscI7jA}B+n1+ֹny۳\ÑAC.@ kaٰ:pxVu|O>SDbgpi-t164'?)(TwG:>j5~G`of #Gb!6*67n} 꼹ٯs}|9.l7x.y)Ns'[nyh"gh^bg,kUO_\.ĩ0ʝ9°=j +RQq5[Uk}WH&jQ>hM,}΅"oj!cu-))2Sqi0~:tMAI_rf>/@űm1%) /nkTq;n14{3I<6xyCK3{KOZxJA !и2; .=gz/dw:ݫd0$|GWjfHw yndE26-t9o#fo({ '^h֋O4_U] {;^VӜ>S+YZ]U%E54aHBVZ5kp[@;oJQZqS[ lo*by׽Ctla0=i0߱Wg:P0AlQwZ(GW"+K/_rr!c2er RE^3W7EW?xiQ6NJ(4(˛$H0#š 2_2mKH[b OnW+o>z"VVPF  I":LI{ :yV kvz=ؼ! zUkLY+w&5U?*&ˤ~@4o@H^nݢ;!fѽ C+4 csH JF)fmǢz4sxGJ4b *8o׍]HEzB&_9R#.b\{|!r78Ls<`]<@CEԈ$],j=\ E'a@Ev ݝ+pFſ?(l̰{I|$dl`K[:0AS< ~(-Rao| KuPT״8NI$RԅOŋʕHag"goJgzYG3_0G 2,N3 |UTkL{lT?m, "N]@[cҕȸo?5 ̃QL ١CX~05;0c:NˁaQv^(HmF$ \ n8X96N؛]yP71lG24,|7y9 ˔>YfNfG&U>UA Y+QUIϻp7\WՌ3ol- {%A5Zf ] QԊA3?<ֺǮ%̤ZإvIчkiƐR8TgNB:@ Ņ uKg.{AB5V j!:ȒS z y*bʋ;qo}h0C%/WV5AK*CS^u?6i?0 XzDDW'Mr7dFj# y G5UwG!M̮*G֒ _YG(νX%5% 9i:Pv9W_YȾ"E,߯tz1Us5Ͻ8#[.ҌyGbՎW"ephuyqH*N%e ̧zܚ:fQ5uVlhpM$n+*sN\4i gUyi>h#sڨ5]ŗ렦#C?AC# WC;>JXD)z<@*?FY7:HȪ1`f*" U7o_ez?4pR|>ln#;QDi璨ȣTO*,^W/@*l `6:u렀D_D!`O,4M\y>X\8]g=jٙy,pTU bAsknJ)k`~4wLe ;$@%V wjKSZυIIM4V$ boד{$ɏS"Vёu5ܬ1Y(j,mf(8ila䘓 p#pɔDd^܍f*~0,"6`E$eMxҘ:nPǴG߉)@3HyJ@&%+,2]ԇ#?N0LJ)U Ag[dyӁKxT[9d=?Z%蒇eޒ\I6U+l1_s & Nb_qd7No<1٣x \Omqr)-ҤH )g7I%Epah*Bѐ4k+e!1hFj>-Y{ w߷#Bèc}8 &Y# i[+׭^{|~X$JkVN%FWUjţ1Ad9k\PexwU(&ߧJo޸H x YRZjv\!AA& bi£Х:GwZ%O,l^yp*Dﭥ"S>-|.礨 ?#wrd{6,HЇ] [$ld E4yRc\U UEQ~tL%; ~*S<!TycTh}]WTtæc"8MߡIPv;:)a| +w:˽5J2pՇh U'3KRC\'^+Q 9.ְy#dxR- }{g7]\ tbW֢`L1qzx;3$D5r&+wspD=2O9C<%RĹoWԘX)I2Js޻TL*Y%Uⷶ&:үH>h&8U7{2鳗\LC=i^yC<(N5*.%0c_6.;:Ku8?q0Yi2̑VD_1'ڳktAMn>T ma}eq!#!.A!gKs}z/TRw~SGeļg=[*Y%5V!D!]SmxRU N &[L.8ͽ$,uOS.*>"DEڻS=o=  0]uʩop=n>"^V /UJ%@l|-{1=RF)k'QƵgY`Qž5<5,Y}=^C r.)`UI)=Rꈚñ܄zSiFT.>KHBF iM^GТ]pZUv+ 2t+^mng%DsϱW̻3L5 qm61'\)\PwVL0nlfbzx2(BotkS$(yYpv^hjߒmLR0T3f'sZN~fY u֊ͤ\&(Z19+!Ѝ &_67&N<+ ""Aᖉx/l:UWSyބs^kJz1+-rr)TNw,H4³6RW_Oׯ4!bVz1=~.8'7TXuc^GG^ΤDؚ 2 C!ғ;tu>AXr f3NXÛQg:RF;8ц#q!#&"_cB=Z%EZys:} ;fIC&ܴ {NOAQ _*3A3٪2Gj8 %QLA0"p?2ؚe{pSLh udPDح̇VH! hǝXλk[qVݧ:geV{yj& (ŅRMMJ# KSw )(>ajBȝ#0vQcpѤs`G}D;- vc$/CD%H|spWC(k= H޳},(eh] "$ji`u.K2-Պ^q|~;HeXM;zdI0΢ tI~j-:;$ _S x).x`fm%oE GHd}I,c3 27%!#/[񜹽ub;}dg%}4YJ˯mɒfԎNΞPͷڊ@u%iM#-V/EV3XNcɉS'i/k1'e6u/%TU809 I4R@CV"j%rWks,ϕyIny`Vi^OĿ&?&F W=+? "] m)y^y!?UגNv?Re~@[i4 gyG09cČc蹔vJz6"#CA`o犾֛<x*xbJK3dzl!0IHe>S1^f3SB/ۣsikPL#o' @/!lG>yPqV_k3| ѱ#_&7VІU4`sA/rYok 'EJ@mٞYa[ Icc?.CSt++8'|1k/Tkiˢ]r!X%,{RA~Ft]@7~mC(HAh|P3ߥ&zfRo'd5ӽ}ŸLcmiAV0CQ獶3q6~Gd9^*u~b#{R*DGҵ URvW񿭐Zp  ["aIEF&Nu8RN0X1dd-qsù;ČAM+Z2DYd(FSskjH)E~a"e,2⌿ qi'shu4]H=8tI1zz]4 $0 ]ɸ*ŊSAgu/L9gbskZb?LUl03CybRl^0XjDQR*P/"-N}jR5AOxzQv]¼ " r$4"xTTuڤ1ٸ4 Lm]ov^5̓5 X^!f-?༏!&6'.Wo}&7ycQ<؏݁C3,W0׶MRFQoyz)єz D2wIQ@F|9OE6HXϲ g|~X;cI!J!0WnC\΢ȗT$[]+hՠ:QNEH,pZnCh3.L^/3OA׏~3uLsR)dy9fi*O,> :UF1ƃh "\.R#$0\9_%h0hҰ~xEuBNX97^,mq#9hmu}՜LزzԺ25%fH?ǤVB3Q6x󱏰mzH$BY1c77lUOPn KanED_- jlS ڠ)$hG' B*!krႚW)+qv{I~2ӫ!֡|,+o74[KQWG`O|n{u2.gx)(4h6+z>_7vI9}67UԨoEZ8ɺ&>wDLQD=p^jK7Z ֆy_a*9*%D&kX^hA^$X#P ~'Lun9%2\15l5y|.=mnwZ眴i6\sm!p7˳Ru7JtP|NPV%(媰МzXX %\H`-C e6+aQ+_cu'7sH$EB!xI޲LݓqA1<%\j H2 r<cP᯺r%_D AMbC0S gAҙmRLÛI൷8 0#Tu F%F[lU8h`a}aG$07`rI|8SFq>\ਨpwIjS=!MrObf7JY{$vA$ 8:qnnԧCR}P/\rzZ^'cJ} \c,0wL#%D8ba{RNX ǑdPc3}8Dslօ%?"Wb](*GcfRe1TnR[YI<'+ǭjDGd\W<Ŝ=~wEЉs#UGuVzƧk,k-ۃpk}!w?MzAEdCfBu~#8G=Df'Oӡ;=d;pZV@7}C)bE2~_t8yB)4z\+g/[vנ49ci ʔĊǕw(oگTIq"#yRz=*F9p{6%^>dBT13k;qaW*Ccȟ|@3$`mkXIMJEu;߹}H2dU 1:Ӏ2aR1Qx*H7sBOG3UYdt"2mZ:uԺ|X s՝yG<m *{ {=^e^alR|c0UpBN]JI }Hrv,[@َX/<]2| Wwz33^clwZ^pqxrudZ~ tJz"? ]A ٟ8R>7%SYmٟU]@+9oPs5ӪXۓeo [ 1QGT:N9I477|mw"h:}~٥[圙`4="+< kpV<ۗ{/ 9H6۳WWOOoNvR-q~Ƃ.lcyI|,\"%?}aXB/n0/1:AQl+qJ?PaZ+o޴CRSHEB7SLcqF>1tpR`Uu!K#953W:#),MnXn<tF^!>s0ОC;HpUt׀ 1k SD7+ $ ֧[S#?KEb UDέt=1e Bԝ NY,GY'\ s o VH3=;Ecӈk;n w܈cbX.jqұ3P'3rA=!f /7{@z?=E2~.x»fDssC]r—xfaUERڋѽm }Qz'nG*G%׿r[Px4+$轈UuHR*Eq8?ZqTpHK1A!=@MhJ)ViVf@|?Ł_e#ZߖģcL Lt;RIh$m؄^&۾K[Ɂ[ _nK]be] 5x'~4X+ 'jYfrfUK,6i3| J"culY}hfJt`ZΧXtbb|k##@"#]v'E!w+齰O7cߖBLoKh 6-?ZhKr42Xᬷ6kqo9n@0v2}ϽTBҀ,OY̬8KRny-D ^tiQ3ʚb;._$W1$žaebrKʊaWRr`tq܃XFkwG҆߭8K,9N!r3 fܥOC?6e]Ö3 }JC=)(Hj DY3_vq5 $ ~Oe#/@$_w#Ut-(q v@th.g V]z@r#.Rgڲ(p>E\A^=ʠ ^|&V+˩w-]Ox1V n)'l;\g~iIS}޼R3||XvJ[O:{<ftoF )8mz'^"5u+,_Vs>b^RL /Hof j~ďX@TT%wd=.X^z̆]n3͵XY6{0Jk?jcOLjoJ<[w j^;p^a_mL^;~ֹ)5yjaurE:> KmܲG/2o٩Cpܨ/d bM|0AO¢)up@f3C ~?$Hamqp,AM@Ȧr3s5E0sZ/O|() T ۰#Y1?/"`['~RAK)ȸ&@ěn]F|b2X$0LSc +F6C{&m1u,mS@G3l-9204"C@R. =IȘ&WLRid+vd/6M՘v{rY>H$;GgxP`N!C`˿ʰ4_  P~S rit ǨcQVL"npF{:x!*x[M@7*U^ȖErX!MSn U™6JR*jfW[uq\_i~nYBP< <$HБ۫,gzTJ#(A ϝL"GjcWSr"{D.|gedf|M'PD@Q 32@;/1H%<ɩ!# ХGW( $; %{6A@w/=b!PgiT*OH;nAV1 gŤ^,pH"5(3,93bIPj˱& aڗR7Yb8UqC|ͭ}` HDRi\:+;$(k- wyC[ g &OkUe2[hb$͏~y")!E;ϰNJ(0~Gb74 tXrmt?Jp.xtT4Oc[Iyl&1hdz=1 1,saX~Y-t=G9 l(`Q4攆Rj4QX~U;|/S.ZVqA KjЉWD_YdrJW mȴFM@F%e;@MeTtEbF`i22 HL./K|:D;jǻ! %媙xT a_D;&8 _%.:G3Z,4;x3̀&3^kFNIt?dEZj~{ ?<%z o%nQh*㓡\K8K3P+➳9mp0Xt\[j2LLWNC$t3ƴZ/w]Rg\Fd{|Èj,X:9t+JPa z*@%_6Oi$  O~\m/Ɔ0ǂ "QRZ{6"9n!Xq'wuqHq|2hz@~6g.R`nQ %!ҹɦuy]~I.]N$|XAt>#!\xN'c)>E5 f.ld*|WC%m#P܎-Q]@UO^; j+(c RIgs'_k\\Q*'qx^%70^}UHQEQػmwVv)"y C4j<7kyь"{L/~]l٠ }˾ȺW5|eLi&XW >ΌD/_6I7ϡ`&š7_aPäNlO]mg%((y9>o=p3Wl1(t3=Nc(63M9eorc쏊g]xM?OIznEߜ(6~nL 22 ܵhj_x3dX P7k ~&JZd\*?5jT40{cA]ޫKxS6x_<'h1aV$1A22p+΂n!ų,`H<281J`-Oq䀕I8noB5AZ*Tzw'u TO='mm{hkuNĒ,F~>ĊVin k(ܶ[)3ꦌld <|#[)%Ƈ'#0'9_.SRltlyl#EY/S>sv &ms3?ϧ(l+Z1Wux% 7cöLƦLAb;;!.Lqr#'|צ8ZqFu3\&pK,뿊ҫ+az`UFy-! `?/l|1"Y=%rϕKR[)mupl'jj^rT{kL5E8DQP?{ K MNwgj6CXJiJ_krdT[1ygΔTۺ % {"0xݬW X<3Ll.(]zA_*hߡf@dʚyѶEX~w   $ iۏ(K6""e{6 IgJ]<(1~E "[xamÂk?!?nH))8h7w#~J0Rh]XAIee&ΰ`jس:h=jK*nlYjO$ j20,s.};`7vBP4h)TIG<Ld^(_jpDKeZMK303AU,@Mzfy6oJ#SO~& f 3#\ ZhaȖspIe5c#bD`9ټZR_ l2#?2Iͯn2`lYH}ۅ؝P97A^sX;M|7ƿi2b ?j.QPgռ V詤3Ȏ_yAs({3x7T~ԕĬ?>*解Q,ԃj[ʆy^j:s{<@9oz'2h\DrKPL76!d]\ob s7yBvpǙ"uUqqXrբ2`ۤT#*15qi.u{6wx?>>ӧTٓ;נ.s%ȍ/mNZWcBR3ϔOj%g RڱV}F W% b~'/+ *Te"sP4ٿއB׹1Ws7]F)SvϮѷ'deb*24$Zd}xWuB.7cxovz 1@"Uo$|Xb.;soZRP._=>{SfOˣQ C1\D8SѸ~wUtz3bO.e*" c Iڢ2:,[K #ͣ/}ҒCls Z+ h^bxm5h;Vx⭍2)sn2*GG%7қ]Q@P<3@: Q8$3ߞY?^## dM Nt-w ]+17Db¶lLn٦T~:gyםRC}E`SatԞbcpW;; kCmL7  <'{b%{G~MPfK~pUBo}brS(RGɰ!AuuC|^O0;N8a$!-`-.LwP\{kCjׂ}Q#Zjb{&[*vqX @Nn(`SV~ i(9~(=va$Q]`̄>rRr|čj oZPx#'mE;\;KYeyZ^]~j5"`ЁL¯`6"H=RD ;.],cys 1fEՎ8,Qgh$e8cI_r8I<N("L-"E:: 5O#,%OsF"mH%P??F;5թBPI ^av[ǃ`,9^2, Wz4 Y!c4QZUdi1w?ۀCN`>Wj{'4֕R|7E.2a֝d #(Q n!Qu vn&4w.VWq!?w_Uԋ~DG%%sY:Xj̣$sZaKH,"(F9g qc r =(.Α쏤yd[^} EPڻaegnRvy}~I B5h C̺X1QoL?qt.Oot/F:q,0J:̸1U5Րckۙqru.<džJ5hr(>dȚbZϭ8Y;CK]ch V ͚2_Pwp2e.m lQgHHvZ* @O&(&Ivh:^)s`r<1# R \| &?9:+n_3ŃKRM?2:c_ay2~E%5==.}8-e7RIG>eWE_wP\ ;u./=,KB演Qit> S΃I8vN ?{)_Ĥ~M>0gIt`'q4O 67p}Gf~`-ܭ`jM2a]',c>G*.F"_ۡ#STiBу|F"@8a>ׅi }^GwNs͆]2SU1 xp א ^3dNpwuf}OL@m'K}7ᗢ+בEXqi^)/F=m(d80]8F'C"uj|J<j8/6|]Hk+zX诂dt WuaX/_5E";)<7 Ke-/C(.^'[:}^5ͥyXO{hpZ#xev xBRa‰P.2^hTX{@ ,[+%M> ?b w*_wI\XDmO 'e]I⿨idf)v`X `lw<9e3 oOM,̠R$MJU,W|%*([o#pN蒯 ?Y\5n"!z)7QSCѭ/9/ ,R=)b޷j"jt(@d5\EiQ᾵c"dkõm"$yaf!".fGxnS^LZv7=+Vx܁2H+I!DEGM.OÓ GRR\$ϔ[lc( `+SLKEсfS?RapDRpYkKSf~R`Q Z#g9Mr]Ρ?.zsǨJm I}9pDCĩ%O 6ա ִW?:@ aܸJ1kPL{(x.D(<a$/"q%n$Wb'_wDOgpJ7)D#M\|5a,ĵnEK! ?mA@s0U,_$! LE%8mUS| Sz5i˷4t:ֻ䫼F؟;sg-mAšic6TjC~sSU< FgXH&NҡzEP8Eqr?h8NeVΛi)/2$-sS೵KSn;~ |18mXw<[ ~ݣ1U/~z?H/fzkGݴrHS͛l^A 1~V%t)N/Ύ5uʰbWN]2#AVhXyRyxFuA"T"/: ˵"= u>3\&D)jDGj{62ϫB6&? Ci=ak-{ 7RΛ !ʦOɁ? [2>6v|:Ed5qsܨʑ>yS{ϰ@+Ð[z[K[)+$. 4:O*eΧGE%xѽvFB`!qQ Mϧ5phȱV|qTÉqCՈ A7[N7> T񷇭"h7\I\(t nj8EDFj6ԇ5]uocNW"G[72?Dkz\2uy"E^Iw3όֻܴ|tϼ彣_@~ʺA*[wAQdi%Ppp=!|+ Dt\;^Ug?''U%nJޛz,`YACc'^2@3ۃ7XaFoE =2oe( m<n x:Ɍ#VJmuWD/;AWm{ z;! ol"G42*Q NYr Ab6CC2G" lJi?$@I v5AHcNNVp~]m IO f=r w² tohI .0'#;%mkHZ\Ő6ض7TA~2RQRJgTd;|ʮlr14k [=3VN>Tc芃IsdXyM0  ̈`zOK5O]JTs@ E}pVVޝG9$N ,K lAL;M7t懧15*c@~;H$i3eXR l1`tp2M}z!%x\qRX a}T~f23bʦuB5 sx]3z;^mls6 <|u-MT版m#7헏 @; Pq?Sf\%V>{*Н"rbnGt>mMF3U~#ƜOTRqCghzgXNth4]VFvܽ*H7xf,>-ec V%=aš}hq5C.E: 6XjA~6,)]6ŕOJbY1vE ʧa(q4Zn׷FE:uH2iz KK1Y?HeK8KL*J/}T+gQyw}v4ZI糏?,SQ7і9u׎Apƒ|xq"-@$!w*Gq_LU6OGUYYԝ~_o㹬=S@xGVn뽏ōg 9CФWy軳 S1d/BK߄wFy6d3u}o,kCFXKd3Wb'{kQ׫)()sk>X" L=@GгBY*G͊4fpM[gY8( NN+"c9g?Tpi|2{mkl%Ŕ3 ph;bw,̸nYkEۀGJgYurP^<(meCy?\Zٽ#^k!VCM^UGllBh&=3b =,3׸̩GZs r-R'u7);%c2X ɖ"+>fZuXiWuJ[|' /Vc:n*jNqklnKڕeiX\- {@׳z}HgQ.nj:ܠ7ahOU1ş.TM{d. {Hw|Ih$4}&Vʜ!E:i>J5́r_vވRn[od&]LڝAfUn^ӪLgp}M9:G-_ j)ź]UtG|n'a剠YDYC׉ǯt1@z ;kX{Y<5AկE0y#a]Z@ 4x[29dnrn8٧*9#({K$x.BńNn%:Y>Ii$$RXL & ާE{R:%3Q񢋏5u_"[J1P. ޼~S>&ԎNl<$Agp}oHW=P;pDúƾN;ea\P'ucAё:!@58e÷ ]Cj*61%P?&6_(ڽ}絞!RCg|1'ܧPNOJ o? #0Gl FDFơD( MCpS6(so$ J)]8,Weɪƒük(3>l zJ]qc7i6˴GCJy(| y 5VAV6eTB%ecU#əż"eN>05\ GHiۜR&­^>i5$7tO2|/.E-ZnX33g= GSEy(t2S);"6~Ud%Z[(ۄGVlWJ,q&{LeK,*~TL>9xJ5CZW+!j\֗=%ߗZBa fdm2cD.! J0p4 nЮ5MS4~n&*fz}s@~Va|p$2!X0=,f4rz͒2,4fT]d'גL䊖b`Hс]Psâ3r=T Gj8s0 IuvTW9E?YrՂ?QO4"t 5Ϙ()w~3c1|pi*/³,imgq`؁v,Ѧᶺ"l|z7Ѓ!{Gu|Es-ɖ a-TA19ToD-6`Zjk*ɂ0/.-DWOm2bp^䢀K߮haJ?:gvOTs8l3AOxJ#өm {V:.`eG܄uHT~F=ms%$& 3N*Rg9I$aTQVS,z)J&zEQOMAw<ʖ |f+Jk@*Ǟ'/]@Z8 UB rL1&TY^BSOo2:o"B0E+깅J^p&IMPݳq,|ygzu!Ts`OeF1WRe6 ԑK] q>Nf*daϪJDby1wӂaOwL\=Rzm,^~\X^ơeiF@\aQpQ|_y]H)C)~^7EWv>@Y>T? 0oq5]ѬsdgH78 eYMr29q?vhMmqG6JÇ}Qԫv =e̘%CЗBCn;$[ 2 /BdXcK{ bG&`%p=;]kiTf*Sp9lQWO/wk#r.ְ]a9%XfP{P~F1#@恸A"v smKjL#◒цГi"МUMꂪFmX볽tf /!j9WYLz7L^,5(t֐I=In+K1ʣ#`bE '܅GM/a`o_A% /rn`XI\ezމhE^Fǘx, .6^ P#a6`h@[Qo7% ;۬ZGqjL!w0r\Qm™HcU{)`3s@ޫ)R|c`kr%]<%}b8|]Da:'dOl), ܫH=, .,=h(T6`NC/ԚIw4UEse8'/+;2XtQ& 9hJؘܶެӦjt.ZYP;9jz[I븡4 zrv2i/`_6<)Oܲ]ۛLɶMsjUNB%; Lv2XHٿf]=w abCHf%(Rit{SK՘*wѣLLZ6opO !ܣtK+Y4b =wkɠ5Az7ϺɔT͉L /y%&8zǘ ozYf65dri.:ut&v"Ѣը} bV.) >ԡTo9abWszvq˷ZknHH4n<㶊EFYx~YllmԑREyiy;ں t_jVe)N: [7-/ XTP1;,%,znѺ|yINǍp II*xA'oAqY>w#YkH|m91C*;%ře.Ճ?X-jW CM_]7 sljz cͩ̇bKVER`WWa*(GG}kHU ͥOFN~7Bl2DHY_k}|h@)4{i`hb*ůk~X5_-8bq͞@E$ WŤ}y̬#CĐ/H-frVϢQE_V$jLy=`(_ EK ,0!AT")[:`n!nRd[m*s Fo=IҒyCz mV\q-b׶pzf d|'di=ҒepnOj-#RcZQE aNCM'߂/7eD8iB9Tmp:oY P$&;+_7:B7 AsW"( |dKR#,0w>\.u!Ϧ r4>Ǣo-륞 @/b)GM~TI vU1EdI'$nƞ8:6XYU*0_P[v ,&k!^u8i (mECJɆ i쿶xEQ3q%<)jS?E#v܆64g;lQ+[{2SO004`WxןΝ #MݷcnDJOx#_8ܶCǧ82q|Ζ[2_M(pxM A~D*9%`^gł\ZBb)Vܦ9%JǡyՐpݫt&O"/ߠuxljUvv>a 2ebVqA֢ $MHk[(ki.A-1[exZK}ecC7(AgmW.mS]E4Oh7iGy! wEtY70 "vM"! l{a(fL-v|Gw 99Ml *./@s |>rHg91i맅ԝEh/Nb %@ؓü7lZ9iuz7gc~\ćcNe@okX#HbKiW6ZҗjܡQ!9Y*ή i஻&K?]ٞI@N]z0 '%?L{pbŭީĊfm+6㪁e#v'A9q 7U`B#]S}>~*۫T +(Y(3حb?mU@(v$>esW;7Yڂ%>/|->=}5!QF׵1ܹ¾Q?QF M{w8@NLVhXn5xՉm[[ f/?vxQFD^sO"y8n]uh{,d- opH\b0t~gڽ&*_| ,iA8zZUfhX}S>g [3Q~k)mr :O<~zQ\:xjң7L$arSvN|o(plξ%M8RBxovbVVRG/马*s,A/!|a' Qp؋Ǐ`@V Kgf)€Zt"형*=Ͳ D?f5C䳴%9AA)qnM*ܦ>A9=?I>vۺ63݃S:d[ӣ̯K@E&~R@FKv1B~jڮ>Xb5 ''Ú+)n\}3#,CIR.9 W۸T!|q؍$ g;/eZųn{Orw(M6¢#?P3.H'*&cm:9V z/nRe3aR<41¶O\zH(:΋_lV3_ 8K@]Ycd[ˡHE2 jކ s˓YNთj3Af9Z_MJ li.CcKPb 9~Gdae.y3!mJˬW9~([i꼧st&[Qkf 32.C{8U <.~TsyvG2]F@-C$Hh#Y^~<-"l%݉5Pa }ywȟCKy-<Zr9#bI2(o爂|ĐQS%̎^y ]IY%DXv_!,HabuSli LA K/%+VvQ@$lKCªQށml]v]) R"LFi~ 6"rL_ͯKЃʺ{h_so{tn#hZuRDRb^KuPԼq,)c/~$)Lv{La7 .\TJcTLjKEesqKJ;``a^{diέ*)pǨg@k:gz{[ə{d Hc!fԎ# $kk:zIO`{=sj4 \ &e$sZ )Km7cRoШx -?fչ9}0EKDK_b5/p=/Û**O"S%sM.h)aР-d ["Y!qK;i$5p4vh.!ds01#JrI]|={Oj=z z&5,RN3EJ5&hJm{u|*,^anhp:DE+b&N`#tCLw8Sb6lTOUXnqw +z(؄|gP\Ai'Ǵ2dx9!WWlÅW'=Nl8KkݞVn[pβءLcvgrW{p[䓪*h\ES0wTGX!iL J 7_JEܺ.~;DB1⪼"z} T9/0\x-q + W.n ZHhBN'u$8\Ȳ}DVm@Fu'1z)3Jd4QOGm2L+r-+9ՂpM:>e ?20L71 4LDKˠ.]&S ^}*9I;8 ly:kYpk0YDeMۓ"'X$ZJ&vT͛,}Μ'{2J#”N"E6Y}bI}}>\ "Bǁƒ-KPj1Vޟ+"1:efiT϶Vڍ--ѽo9/" c@a?$aPOCh8-i_`OנOV[P#j[Be?Sѷox&Q4{Je]i#fTS1KUYb7RϹ9._݆HQjһf$Bh fbe]aJxOvg [#s ;WmcYIa Z!UP5kP]yl#K([u'CgՀ?ݺEtLP=ӅީP|$m݌8 ~$hBi#o&Ŷ9,b@]X$gzƧܷ xnλx2ffP6 ,rIZ$kޞ>Uƅg+ GMba[YFgoi;o-M]-@C;Y<<䦠!RvҤ ~V=UXv=-zڶ)}A.ѽz6zRpɓQ!*q?rmv$Nz82h^`hW#ҖKq{.(M%؏lT{VNĮ}H`N:dG^ثԹHF%ܜ :SG+Ү<)EWtAoQIRz']O8n'A&ĽQSW ;f>0D0UE9^(XOvNvߊ  TnU5NoLa%\qDOL)3ښhHJĮ#e^5w/JCprV2aYŮH=PRirwh$𵺪׈ߌ iAiW{70ho/ε9@Y򈘣hm7{geB;M љ! ƞCz8Gu9vv!;zk c6L$w%?U6XQdbZRja7Q/( j'ic{ ;2Lɞ_h$7,F:~J52gmL%ꪸN@!KU6[+\gxt/Bng+m}t| U{U 6լzQNsaՓQ<0{j@Q^;i<kP4'I?VItlpy06>_^\X':… 9oqQ-7Yede.ad7 *_+XA u B_Fa9"x2vݨI-_J@ȫ,],&r 'uR f K tUl U xH\TfIVPq[;<ݗ2Oao(ohfVs z'YiK 3!+Ct / pͷ=l+6ź(ARZϲV֖SgYz膮Q^`AJ<+@RQ򊙝8{7[_ 'rseD:ȡ̏4W6l֋ądXﲈr Z1d.pTjs:2Sn`LC}THygXM벱8qA,*piqB`SzfyhE2 !\;C`Pg&*/ý%M D[|=J^~lgc˹W;v'ugf3-mv6^4]y78l- &⽇ö-621?q?U@PuEߺz "LƬz ?`ݷGj8b꿏E^KF@1{wNcn>>:A]_l)l[ ۥЋ2‘m4n%dUB4aκ٠h*Orf19ѩ"R<"b_k ;{ǓV,bXU85B 'vU~O/le{WSC)nH* ~|в*tFZC˫4ΰ܃ﭚPXI@0ش,8hqpR ]`ݯup|*˗5z7H IZ)lN6 Ͳ1YNZEB!C(YNɵ) v~T%,_R*0$CLNT;C4HtGi)Nkr?ӎ Uoija Lz<3c+\91s!:q`4a00 ]f IE*Vs'#',\^F =F+ɳT*"C&iO Z,CX7  3 V1$Ԟsq#dtRS\caQۻm@<5گ.l؋X.;sLj沺ǩ}RBc{rIe;lc ~Hwv z|jܵ{&+2OH?<\ ic Wgڠ^re 4;"+dM\\ E t.|qdЯ918ވ`}n]=as=wnEB|);솂:"{kvCAQ7ŷ8ZG +ED@Ȣh'Ȅv<. ȥS7Aݿ/I3؂oTv8be P @/Ұ98C${dqli:yܒ}_f(EV_H>Y80Gh]֙~%JUmu>( ܧ>`o7sC {Ճ~_I] qWn9`(ÈbT΍l@.`Zi= rƩ8u95WyɥpD[H\L$t|y.A(W ˖ʼTP_pyRfxoؗz5uk٧Rkq>8hYaK$Guߕ5hljmH9@xNJQs[Q$NO= 8vSz'to_G7X'\J`,x܈( yyp5fnYi5~,,}" SO!ob;+Պck_vӓWtz0+ܮ^mEHaweI"I{J;auMbR6);(NݩȳZ|ݯלWm~n ja H$ۢ\"w8hræCTH:'3 7|Y=XۖЗd࿢T!^ܥwJYhfB]RP67Pp+вM(7nrv`z"u'GӲYN|*\_nfze/rzPT~6x G\DUnIS+`m|/B\r=> ˣp9s~[N# =1{4 ; b}J)A) LF.*~Y; )a_{H!S:a/Jh͉1iAlJ&{Jt]"RZ>U?5 +}HdO 3}y}c9D7eX[l3ENfJ M8kfQ:-] Lثg,>b[vUbe KoehGo?@Nۛtz)%l7U艡o KlyB6Nn 'Sm[ ':wB\ ?!e{a AMt4]; b ٳӽ Tee9в{oa\ t&V9 +~%Jح/ _FiǰQih2"oؚtQx6EtX ,E/R EY2z 0gBe<һA3MZ^M1J if82}:9.y%S'w1"\pKda0١ѵYDD*N횃|<XcN5ŢtoA%niW:Y[xM:7&'vUrLD=?Uh7lD~IesqT"1Lǿ-bM/064380M<] X$ӚZ/-%s584+`2?T /0@`2w;# Rl>FUeH?ZaTSAJOwgXZ:%[7iW%03]FbA>SErW! soH2;缏D(XuA(+>&rv#i ]UI:ާH&iFfw `N|GDžC/h7Rn02MpsۡGWܓ[` :/m6O~\A/W#B`?%Vk-¨[S/aYx&?} C? tXl@dŽ*&e"onpf5EQ\ \8İlX[y?ʯQ OETG_LcϨ@a\qh(qyp!M^&^GvGdH+3:B>&9c\D|5ӁOMnpxKOqbpw֛9=uyHFLDiF@*x.(ߨQm:e &{:T)6oiKuD[7(Ɗl) _v>H &n?/]z< (`0X Knfܷm+@+~ lSo9"C;}Xr0ܡG{N¯JEFZqhB nA;'o # A`u1ݬldH Mr6> AG|BU3%\Ɉ} M$HB( ~|+<gv^}-~ȉSHc+z%0+얻7"z tm .2wY䃎VȦ'N2Cn2إ!RۙDP`-Ɗ?Y p>|:x fI·?7W~~g"iq UQՑP[7GI#n\HbFsdpar8 P&;U-k}`goA:a\~ ]٧` 6ߓA1>`M>1h;@nnmTNG>λHPYkO:HY7> OC?Qǃ9v9Xfos`ގ3D}@2PQ!#\eD'0ZwQ)|խgBHjYbvjalmpJퟲ} s*Qc6P֪ܿ'{TgVITs5ls/]JLߎ./gA|C,  9k'CWPڮ$Gl@(IP0q] _QlvkVWg{m Nž}.Π6~6\yDgBfZ'-ā~ճGb$&kZs3=rteڣ;$*e2] I)& VWNlͪX\mӲ`Uicbpڭ]{!};aT=1s*)qS`#3 κwSYzKLyS=ޤ=ۋ}Mg.0l5QI%/:Cvc Z^Fw|ɃI{J2/ȶAdd,5|]ʸ¦O@-]ͶN>:r-M>v6WA?t- 01J t}2Da_Q psuxY Xud}PUv165'Ҹ148VMƊzr{z=-nP4#.f\:SZWoQR8Ww o}PE%kZL=[Ma_l nx%aHه#=.c y58 )}_I^/9uKLJV3m,)''si>!~pDWEl|T?Kߐ稔ϭCnVEIn 'xcTo!M#e ,&/ `[>>|$+G8v[1K/Ty; 2ҷdk5+rz+[ϔߐ6^.(a )Xv7RCcB@}nF|"t}@>S"(^^ ׄGckP‘Kkx))!UY JiE4'R3Y!3gЖ0%̌Oo ׅܹa#08HpgF0oVlQ*(!z3<6 ;?N7ᰥ ޝ=Xϑ \$EޙiMfczSĵ+s(E0d{3]T${ڣ:Uv5P-|63deq-dOs9cCe ~G̬\1}>] "y.07C4 :̽`O{;34e֒-AHKT/:} Rs}h2sU5+=u !;_ ^@o? tFKo`X<ٲ7J hopcy2@FţYdՒÜ߮'ߘqݎ_p,LJ bBFbY<6ҿc{:b_AjNd{E֥qf9`aCz$YPzҺe 𿚎<" g(dbIJB K}/$\4,6GWƠrVz ɝ{]񆍎>K[u>4ǭICĔɌҐ៦8 FNZf50R?2:*XruncP9&`6GXw.!GNY Ogl! ~#Gԍw[mz-鬽 311W)D.nz;hA}0O(ZB4FS}WjLZlI#Gu^Py,;R¹߯lj?A%cgIk]SHme'-FGL9`oU0Bomij> 4.r=-SCvS=,"WpUϼY` mNx_Kʋ:JžEX0^U3&KqAg(3VA4L1ơX[ZHcw<ܼ"en4XZz!MJUR$LT݇_+p\U!JVPi-<"60Idʱi iYi~F~!X:N^Ѡ?|.S)]"vo2?CyU %ң:`QՄ/K3_) $T=Q5Kѳ3-CUYE{cŸ*cvQs+wz`f)'-}Q eUpBbK~ t—yX!j]PTap"RnbFP-w@K A~%z-ɻg1QYkY3Y8R*/2(-<^4O\:X! ڰ ,Z(Bog,Q1y0e?oԚ%-o%BwG$an_  JIpK Ry}<8\Sǣ`{XxgR;Lq))- sn6YEh8v>O/8&dz`SЅ16 9‰8u"!A&+(yMjI4ǦrgW=B FśDifhq.tz hakU})DZEnTN0MA 19BB~g2m p<_Pn3>ϴ rH_> fMr̬c<:Èۛt6 p£<׍F=p^v1Jryn0qCk! LX!4|Ό,ݬD̡t9i)ﮄgE֙݁_s |T8k `[I^AQY4-ԜXàpI0ZbYchs[?\6TTM!`_&W4rsF+4o<ݜ߅]vNq-ɄTN-qU '@VX~wڹf@S(^s9ʃ& >lSDc4JEbBaI'PrWNJp!C}T9@MhnpzMQW~;C(n"CeűL^4o{66 \ȘcSr(b䩲7p}[*v=&7{-`?A~s*("WfܶƳU7j1 !k D.oYq[[`@Z9ɐJ\pRȭ#%Ǵ# a~,YtT1vgE!1˱~Aօ4jY* $P jڷ334+1dUGp=ѝū2ygRتձJ@3='ӍaJ$$0b4ΑJH)c>Z5:G=ihI2}xG2SL%/.XmS97vR)`@ d,k0T&|_1% -~VK_ϼXiOI);? uPId79=Ky5dav!kv,n۳Eڛ:&@RDz'AxHjMu #-6(a!%]*\6m:ڻidao|wЛ0\Vӭt֊ћӫɦגY/)/F4w7U^:w9MNN^'$7momKN{w_|)AD؞ű9Xwq=\o}8Mȣ?8j $cW Oi!$I~oC{ $ɝPK94s Kt]J܇zvB!7|lC`"i͔wHxEv$Q9(:dK %Ua0NjUms˗%NHu߹5T.D6sUE"Jm8Y[=j@-T})1%*1Ԩy}-(K_E^g)ӞDoz2c_ӹS#=yˌ<6;9W\Lh2% ϾS_j ܂O=U u#? 3 =wzZp( Zϛ׳$~SnsWG 8>%kU z3=; N/QGNxաu[. +C؍40Lغo[;p 1]pDi8Cr/_CdS@^؇cď#Md.QJZdS~+5y kY<ׅ&]L/1[Y߿Ă2"ENqi]+kfd,M O?ŝ\5zrݿ"[`WTtdH!*Cx=mrboHXb9_A:K8 e2-{)*eoC*93%Y?JF:GyrӣnYqo9hDG`ƒ` 7(FTJRۿ<>,A;6$f<[D ɰ6>:S%a‘E52k#ϵ4, %@4~by *(:7)FFk8WIԻf) 04+uƼs%xHL6.ƁQu:܌^O@!RtvYpG= "KMl#3]!+0&"#̞M7tKcjyj|=Ơhe>Z8 4  ΄Wi%NtujB:ϠlObi$Toi;SN>>̉hٔ;q[ &=ӢuZ.-j>0n[plf!lV" d4 XGmoHEdG SH1U=Ktc0hB'Ud5n6kK9(OkÉuwl cU8ɸ $wD xƗ]٬^osɗ6 Ax{$ĸ$}$̓ÿ4v))uT¾x+WxV)ٯ/ Fċv._tǎ԰gs6/U|Hżb["=4 R. #}rɊg/x<.&ԳZ uCީ5AxOG Nbﯾl.&{xH: pZG-ȋx ɟGW>T] ;6'Ef rAAƖ^Mz,0<"^ opJRvQ\,.n (UL-,ph"}R@- cPjpuN׵ovnh۞sS*+WeϢh,izt T *J.W}0)_!^.NM4m%pb[V0EZ-E-wb%!Vp@} [xgZXgFR-` pt' O9#%d!١B\P!Fr`HHO۸iAsV\3rH{hxx޼QvPE}TÐN W~Xj̓d85.wwM %`!䗁+weV\HV,zϑ6mAo*]nkG毖"z9pxIq)NYhHHjiX|˂iR {::ecZw$"%wJ)dyn^ù*4z#+ GK K4cwn;|o%$}Ik9o[])A6Wȥ!A0 ʹT@[P Ij^qFX'I&@ZIE^fVF3 J2 I4$C;iZվLxC E1t-ɄL72r=9A)D*,\^ßCܤ3X;9|Ԯh" ~`kB?[ Bv 590>OsuZ@] x"|}F-ҍDlm]D}L\ g%:s#\=uݗAȄrHv0I6eprXsOR .,o̝;ޡ޶9:D<ÌuJW]]GUO 9zD jTj^9XK> 0#annf(ś8^+B~hk7E{]9 D%+oD xVDڿmQ]}O >V'&UwOHxѷ$ ).崏>/NJTH|5?*X žٟbd"Hzt~@_ʃ? -<4.<@%$L`+9vE֮9YxҪ [~A^3K7!}cjΩW8sGaimP#wig|vSRw@yeH͌'-1jDKIVu-Ea׮)xY G8aЍȓmҳЗDv p[Ŋk3i X|d!4x y%fSObr24/HGbJ =.5ni:Фu  4&K8ԽCs@OE[䦮ngtXaO>#1 Mt,Nb){ŭ("Ͻմ1fwoB M ]?K5@S8Q} /kw> 8pFħY7t/_a }[ 1Xn[3K=Z7j V^`-Nފ A4yv {(=IyJ T^<4)􆪟@CF sPrH"ЦJD9/[%D/vOw]j)n~{'Mye׻| %B{ɝ>*?lbbpGg /h~.`a:&Z[2wrּAvh> LCU'CI< Ho;"T iy/]5:)z9|"'ppD P-X7?X\Z#e3LܫX熘JnKRRTݑ'$'< 7+ ` oZR+aTLp$UTن^eX '_ QRICM#D0F n ,48q `+K-/ZǪT韺LpZ cq عdҝjJRBpqhBdxP'wIxԗLjJCFj\۪\zc%|kh?yttWpzX$* 6>\~g1[w~wn6<~D^:MD96R\s؇+y_[^pW4ُQMԅ\3p$ g_PaKIΧYE+<#̋hrZWi~_JE>sT|3 Fh%of:[hEKL A^Ec\fct]>2Y$ݾ>syiS?iN`?lʃx08`tib¶_Atc,-Mf&i2iBǻ :hkǙ}B4| zKIRǝv2]^ i,bFn F1ZI.n`3Ar.Y9L}X!3)IIDy;m @xd ,T^(JHBz:f_OwU+OdK^sƩ|F֨ݵ]]jJ5<53K4 94.Dz<52E>^%Z(%˗j-B;2up#js{/+Nj]Gdr"F5R/H{ȊXPm*"_^ޮxo8Δbxey=5JTN X;Y =Pc @>;| Yu"˔`=m^El`MH.q\RTDjX^ }۬Nv:f|U@?1S3B&Ok,R(B pJu8_+kk ^%Z\wQti1lb+5~[ 2&ZNd G'oH3hf4xΉT45agn!rMyB+\+W@EpWf-)%4aO~8A[uWKMiD\%?O$PoB A`fqRZ L֟IWXx?7YDvQ'Q* oqϕ#Dӵ\6ݚGX 2X"\ XbC +PQH{=$U/b_":%f"`QjsQ7+4폝Ԙ:J.#YLC2}c-^;@l|$`=#TiU]\ l; LŶ(s^B̋yxo#}8FdJ3W@M8Ő/_#?WA=FD@E M}ކ=1ͥՋ`1`!/w{\~aDd+;q.?`c755gE (q[.Fkz>f6IP?.XXBQ |Dva@L 1rk$8չީ:ҕ-4`/$W?M[@i7n R>M dp-pǝlg^ ] Gm\ T7d@`jcDXLvLD"`@%W=a[`F|q^vjiAEJ><MK}uOafARdPQ]{w8=@@T}zO)YIh7E$mv߰Ym|4ܧĔʔ#}a WɹnݙN@X/ ر= KCkLv3aC֗h,KL!%;V¯>j]t)] TҢR7RkP>ul 9+/ldb%6Z1r|:T7٫OeH_ &y@~Ee=mQM>s6dՈrMQt[~BC b.)rc6ɲ,N8Futr~Q&{DUQn9CB%tx 9|C ¸S8X)}d!7zknw!C@NdߚAОsj|*?<ĮƗ'_A2F-!L itc~YdG'hX{fZa-E3;1e>HԤ \x6fvM |PHS:W'Xh} 镕{1sIE*g8&HF7ab%vB(n?;>VT 1 8J\M9z~ڶ٪xWW(Qx&͋9%uIz@h7W>c0>C{ۈn`X)oEcBgӔ!9ePI$G,\lrjzm#ty8wޅ#P? WUFמth- Gƥ^ьblo~M^o҇~*i<&t#b6J{9Ru@4/{qge<ϸ\u8U.2G]ՖM#Mgx6yy=,Q^1iZN)N]q`- >hI)صTOaAQjvҭ klq-\BG77A3X0elW8-!"sA# ey*.䂞W8b@ӿUMdCxm(xJx4`7#%OY?V7!#/K!}2q䣩k(5p/Rtעo<JZK$}nhHǴPS̽~+0EEtsHd 3tMT"UOIo/wbzDҢUu(Ծ+h*>YcDb %ۘ^SħS }~nZY:ج:ֲ6K3#BƲh)*e15$K٬T$BL.\NEMS ~aGso3o:3hd',}//OWynyVZ)AxC^0 pE?|~bt\1u"rR2s/T_'lp@(#r/H3&fZ$6\f}: z$\X#}/"_[sfH}Pyԣl3@YvԳ_$ܥnʰw C>C9J,c_IMZ $gGkH@wMzBA.IBS>.xQ6)\մ?`߷m*{QRxj"@@GȰ%2CQX&x~WV,R,6l>|;GxC[.o8@ۮAѐ7[/D6` :Ll|&[xEsYeU1u?%ABC$5bLu#R/7Mi߭0x+!8k9GeXXOl#zQ>H7}j`'2-HݯXW k 밧eٻuڒCy'}HS#1 )9V42q՜$wCv"8g>ꑎ5`im)C|LϵTv5PNVtoW2=b%dd(IZ~GdYf0%>yE"t(1%bI =몯Msߪ 5#ǬἋV#Q%F[l `S# {zjZ\Sg9i_Yb 7]Ml:\cI>7ھ@}.h0Y^Ʈ ֖w ifr\''m#~Ag]t.15w_dI cH$^VZ݂F׹П 9JYO(<$h}@Fm4t'#BVRo3L;Ûʬ*Cn a}l!o=6:ndpNYSO*S@s8+ˠ#Ty* v ʊ%pWcXr$!{6kX.L}L r+E9?wvwγ>"p^UD~qM>hjVgGw7P45Q`3LUjq/þ!v=7rʩ1һr^{LV}n>U { tf*3u-)aZؾztZ5y͉^}3b^d9"uN|ED:eX4~{)%(Pgɚ7Eq&"} qB8)]q'*#)Nq.M~4_ <(yJ{+w0%p8'M^/YPS,C}Á.h$dgB68+Բ˴=x=7XNu'៺j*Z3 r!WZ~Uׯ=#j 2upxzl$?_)n4l {n5~WϢ]<d _z9O[,!vwiDoxShF;~,D|jGeK!Ã̞&ʯyA}]_JDɺu[ֲk ))4{v yr.S6şbeC Gㅿ ;؆3H?>ӫL?+M -^nՄ'H5t92>Cq]"1x~T 0ݗpNu]:|F!jOU$~u gmSi[cWs=Bx#4ט']g':;Dj4{>= 8;T!v CU6XJjF1z+d8k5ar|Nrs]##2")n PAd0=DAr(96*3z3O)<', 2|f"cZ&n* }O>Uc{i/_1b"odDBB[fZΎ&G m/02*H68,H^kqY}QҪ=#9F-Ǯ8k$XogefrU+E0 6}rB pw{3uVw@c$4MGԗ lH 냟l2oOFv >G$w:/(/c?yBU-qfd#w6e}B5 j)m##J]XNC,/ͩE .]f)cxHtkώTH!rg`mhDYQK$VZs-^&rEL@f>PV2mHs4i)?+#ҽ{A_!o) N(v#l$#Yh7Tb>",S凁v]uu[3-5mBlVC礈c_er=5r}\r| 88LL1C H˟I3'(CpQ~JQ$U/'K/IaSnjw`$$ګ^DTIe .uy3AHAz $Ozk՚"_cReśxr5 @& z ghun嬾/uDM {V,z%) {D}@x10,0vsLVŸC1#7\]Vx05H+ShujLjⳋ,J?`5f@c6?; ,T*Fi\QӕHcBZR={q`o24[gѯ2Kր:QE5،nK %Ȝz5\(m{ lD4/%2 %0;Ѳ^_5u3^kqDPeR[˃,0 fN|s,ԺP^~?Bi(JtsvEĮ#!ֿ~3(zl-TC-6>Meç&wּ1Nr9Ac0&|!{ gz|y3a~H3dCkxh=m? N`u8$Kw[MW#b#նW))0:!Dĥ֬Чx/ܠUGP)"Ij`]rq?9󨌽[2!l^v$Ͱ(7gAMsuI.}8l{6^r&1H@Ի#ɘP>h\i+M΄stKx{u Xo*0FֱysU V;%ܭgÎ-C+hc 8 F}_1?`UF$# ksWR/eA$i~(|PwG:/3xGw}ELms@0 wS I76I).t:RsT](,}I#6X&o]R;:N9id0w\p@)܆+g*|tv%nP [(q(ٸ{kZB$(]Y:GJWYƾ;S k`" 0 R]]8ױ" GN`'tR 6)~S[Q[բ}v@0!6X{AW5lD$^-SH#D?hTTĨp,p'x͉!aRb4% ;ONJDtx o5Kq %3}eoJ mݴsaKϵ+|snyϠӭI]杭!7HIڼ4Ά@8t tR. >KFYY7nFmG 9<.ǑɽF- mP9dTGwfM."{8LCthS LA"^f./=beNz 7Մ!(si#Mz^MaB޼ѧZı4naI?q ]Pu!gd4a4|WQH-l4us#}hM}Bܭ ,>AyA}=v`UnÍq?˹aPuW`dH9{cC3ܥ/{Q[6ͬ_`-oD@ :_Z|W"ZBݨcrvY-(b[oH6T35| ĹXHn)b 2@J * 9Uno,M^3ry)}d)^umOB( $@ŧ@dƤI)vᵄAfoYWǗ0?H$Ю̷hL\Ii,| )Z EKkk2>-:#[6&@lK!ys6V|ε}OɞI^RPIu+F#WH!S o&*l {Ϥ E2q$ =@EϷSO3|5[4 ;dҭ(__']L WUVg9uU:'p_ou~Ҳ}w_#.NKWwc_VGv/dEt*#H NB78 V_@uPe٣1cW&ﴼx跇{vϡX\Sm.]_]|#]3s1d6;3y}7r?\Z[Nuaҧ'iRvZ6{k*.?iϚ&z D9!#e6WeNKLpb!IC4yrÀoBzD` d KH+LW1ɠVhpdߙej7^]y=K h#oa#14YC\)VAԂp~;y|$~aJ"DuIO62^X\(qpwT ~;49= DS63<[|͐}N(xv3f4ȕA_=ڥ`SMřMvkD,덂^>@kr^G \{A%p&(YfuVb0-7ndgE/~cSjk[4S|/SKRLP"r ,Ku"{8ȫ{wvct޷iǹAo(B ϊnJ$ \| 1( b ar : Q|m[P@?. z^Xa"īZ04 Xlkba߶a P+sYLI vSgF+WF~HuZӺ;b|E}T yk\ l$`^S) ;fpJ@kN!3'u뺒L"DpNA(+uaʟ`H[D 4\}سq] Ǟt W gA0K8$a8NZ '#5əYAͭu;)sOy>ā*,~;K5|*a'W$`V,@=7pa3m=֔`XK 0qKγd$%<HCU) "F@ocyl>7rg;@]D|=oP›-כRA*sj:=Cosy8"\#4##^W= `5hsh?aassTdao Z?Ps_e4ل&[kxIœI;G 64!w+g>xuJP~ -''b~߱jr #ibxъq8l ÷e]үf5%b_F<x 7fX:~} :zz[Ô^,t'³ ^Yq!mEU9^0_r'T'^S4mQM4[GY-]v,{VW(Em3=̑rJzF=Aum?R9&҅Q~cR;"+vt?,+[p'hnBRU.qص; PUz" [7[` P..QF,Mm'BɪaD)N%y: D:r3JlήB#1k'h:%0 ty*H$"=MTo'FOP2 5DwhVߘvF֩W=~vW\G}TGm,qz XkI/KHmG[a?03 5u;* 2 " uؚ<cav)o;xQn?c "=&rMd$ȱd'pSV*lNEF <~PL<2&VN}fxJxSTSv֋NXKNջ1fzx+k#E?=\7Tt; v`3!jbʞ=pZ|vO=TxP5b9+Oв`raF`n@n`pI$ H1W^{iO7XHnbSC杁HqŜṽہ-HV KH7>u# ;K\8)w(x^_ E\rAiiǍ#f#VRfG)˨j9"hs,C0\E/ $~3jv@2>?m”xiq^ `H '~7ת##e[N|pU2@)w{_8ЋawP?"ywSּ޼o ƕsˌG㗎|<#_LRKqP 91&eYE2b{eҪsnə hQe=m]i18 kL)8hȹ$RO&5yhfN'g(>3\VȞ\8ce"R2٪H›ۊ~~AxZ9it KPGufƨK$=zv,^]^@[xjtڱ(Xs*b#mY:l7TmPqAc.Q2%;PF?F$j@1nL;xEMV,QYVlU,g[|pDN(Q/O vE_ڪbhKX7R7mԲҳ1^s3:jz/Oh8]MS[ƝzDMl|:|2JFLy0Q;U31Q4Zh؏pؽBߏl\|,޲rPDz&Ϳ4:2Cf)7gzq8Q?;O4oڬI`$wQz5QPwNCnɂ!pCO1+-&鑉j\N "bOr\='!L!EQbB; 'BJfؕsBT/Pz Cךw_{QV)UûNĚ`擄8sO8'W>^tZģu8 BdxJt(.h.E-@q%U_}B!=L!XqyoEd%kB`IUت\T:g* !f@ kV '11۝# N,ʑ $cGN&lpndkoLU}agz<Tu8s_JV0q/kgRGJ7june]OCܪA$H ^W{+6I {*AEyc6b1ka%C3Á8G×eO__Bs+:;+*TԶi`{ TXs e:=bx .qVfPe?X}EKѓ 7\.:aܕ~_A ڕ InhrܹtK*2 1ˍɀe6ݫO5 x/i0}ʹ˃]Y)p`~6j:Y#,gWodؤ<^x_(`)^ă6j TJ[εL"/M:_H^RccWبLC2dS:Q\W7rqt*?u0מ<TouSx\‹sDͧr[np$eϕ1ggTu6{]l x7a@JO@HXrrTSإ,#++m`%xg j; ݉c妕0c~CLi\72j|zK]0HE5o2FE{ቖaVَ%v28]L\V3='_Ay4ٚ%PI9iH"P2']T'dz#.uEUDіV[Hrvt5BO*#y5]E zԄ3,|hdcOް=^0 ,/DT+ Ó!f"x3eC~s .EՁM%lN*U7*A+G֘M$(C׭ ~],3WT ݆Sm7w:^GaHT0G3B{I׾Hk2Y_[np8\Dy~| ٕfCbrņё%6)w[Z\>3tE⻵_t0"Br?P0;`g[q{B7}!dյ,ܒMJA:Z%uV!Z"U)IVnSt̜Y}34fƮb,|0KSuT|{Yw`TVZd*U0YQׯ$Ia%U- RB'Zt& Bng2I' MP#X4a44fb ˳kۆNAc~DM-UNzŇUM!&x|Szhr]-zj T!HTG M[8=h;ChMb:Yي8gosC_sF;!@_a!MGwjz`Iқ_dbAVuk[[8iFփ~-b+Nd S=،iO5y*/¦<TGS۰1ꄎ ?~LS+,(ؚ9-n'x9E<5pIGDB)KjR'L Nh|'`! R2L9k&Z/9y8dgkN=~7~eԣW0)4`p(ᑈI-:-L.V=yZW r"Y_I@um6<i#WζR`ǔ-*5z|pw~Jrөdddc16=* k>s V;^bxUp%Lj]oy0 04||gq?[JO> 3!i %\kA9p*7k8I!>&9FNvܡ WIb:p'=b>0MtBRL6KcVwmWD2>fr8mA# ~I[_G>$gR&| JuRUn W !~^T}_2g_„_ oLsLRb޵4-b{%_8ve m YwŒA tfE$C\HC]Y8lB#XW`Јĭ"P3(e#] [AΠ}j/!]2)k^cn7F[I-)*4֖ {075a#x*[nW.:vJ;o1wIo/LzT/Zr,@mfO;uCMӬƫC~[Cv;xNO8lLLi WQ ] l5=M(-,kr=:0[)~'TZ+Zģ%|=O2XW]MRߙUS2S 1NĚjïP7_k2 EG UNۧt$qIkABa+FcE/XͲ=G_A~EU_RNZ7LI@1aI&e90ybvc"NDf~~?.h&kYՉP7$lÇpuUNV ֑׊#!;F>R}ky~Htϯo߈5ʋqs,Jܼ/†vk*%c }n9J$;h0(o0' OySyP I-b@*i¢-Tx?(mjhb8Afp!J]xMu%/uLB~&3K^ΪV/zj x#N1+|YێCߓ g2|K'q*$Tdf`^Tg12V*>m(tgR3R*/XAgz9JB7t+Y 澚L5gøkOA}5() qjtV. 8,K]m mO" H 0s>%IpsHv*AM(e9k{!݂8׭o{qbS3sMjcZ䯩uɪH%%g<v!/L8 {RPgC D S }zlJwh-}'pC&KKjJlPdMR6e#ɚ_Y [ |(zl ,e=սJx1C&-oԧ錾DN/CwCHߪ3L,h1ޱ 쉵3v~RiOOΆHmǯj)N Tx4(Dm,^Qx돛=J'TĄO2N_x jKQߊ {h KymÑpv- l@+ݫãY+8uS>Mme/Xߴ>Uh bn":QG$u+4ʕ"v ڃH'ѩ+mC5W_9+5g^$oʤ NmrW#@m1 J+0: oewIG`e5YCg3d~-IQ`:oa @&y4\}pYdR3k}6Z<4gXFǹ2O +ԑ{kjxе* 1:Akhж gtUp[g{-BPGUoѠ˘L2DUK@El#}vi? <uecJauQ怙lAI/ttoܝ貂PKgzLO~g!Tcbj&@P2扡D̓x<7z SNnTy.,g\⽑~UiTnu jAw)b5ƕhTډPY*뚃!pje^wOnqu8 RXlEas_R+ PHR8(7tY0G I}g"K]+l>ߠ"%4g誫[' M(uƓWoxυD5Ҥu_'kx$/#j[xLI :Tj}|+YYK2-KŐF)΋\U JOϼw7Έq#%D^"5E úVQ駍՚ؘӗV !D;~]ffZZp/ԞS}F0.WEb(/ 'ϲ46Itiʃ 2&d0>נ͇a:"=&ݶTc pS=@9CȝHV(n`[Ef\JװӠ21jxj&Joŭ,lx+Of՜vJ mS]RXuPkiio'lgU#4pհpY܃ǐ ,/UݾzP8I̵j7'p"CZLWRnDUj;VBNɃM9[U̫9Slu!fpPP*,MVg;jVX Qw/SdeTs1R@8xresw0iYQ,o.lQ1osK aݛ˚0MθTNg1tmT)_uS7ԁvQJ,h=XPWϪ攀-a) /nGtmF wKW!vT."&WMa6s^B,'ʃnA#M{ȝi3()X NUKHZ\Kk`ԍ*lbrۉh.Tl(;,d):2L uA*q ŀzwp}YɶAFzsw <-~,#Ķ_ckn#"V%&FWtiU404z71 kN1E=ٞLPk/}A3k>ʲr˖hVH<לaڜ={L:OKd26rNGb/2 WOTjl_ߠx6{d~%s@ /?}}!,h4JWZVܪ\6ybUK9|jCEU,:WՒ`ԷOT {_)y{t ._öɳL2C;N6EߙEΑK5枠Fل6@OC5no`O17J >%BҌib=X-lD E9j] !%lY7!$Wq~ؗ 1 7֞-n 2&oɌW̓s`.ܑm5o5ϻR2pB F~Wi)If)l\j8$@/ЌHMJH1=z0>qa*W9~J!K+[s"0ߋI6!J2#$1w;0wܼ8)Ұ+zw"t5dw;T<b+{''q('LG[*z8;IGpYM?kԼygq:v 0/+x}_\3lE` vӛ5%UOmҬox-p@LnL`rGG&W ਓqӽOnSXű2{ ]N1/B`O贮= x1V?)~}eoӕV]J|UWdDLj9^b:Ʊl2Ц ՂaJAZ[jF!EO}ObH"nh$'$Q^Y9BIUu53f`/Heqx^ҹzy˼xx#]#ٙrc?* ;AT2|;=>^Z>ķ̃N~Z{sR˛ȟdkS9+m Ag W6k042i5աIM4?$Lnr^"!mB4' /aa),O>flHefYbDś1mgpZɊ:kO՚RhE|}IACb9kbi,`>c-\Qꤵpquo1Pd=-/.F=6=EkyAs2^9jB^ol'"_ Z68+.G_j;IGNY'}ƸГH˗6sc:Mh&:3c;k}.YL-yT3`N%P#N]-&} @ l H4VL&35QVë4DxڰCV c{{`GAQ]r`juv=[6/pA+ "!"XOFw{j[*mt*)Nɪg-I 42 YlnC \T賙95b*}~(7-Va(1!/Ǻy &K!w&0Wȳ.Ǒ S%'숧>j1@j-(PD*5|/_m;˳x6~(4dAO' VhKB?. / (,8{?v# _|E ׅK؏o3 gM!ou5`0wΤ&6bߦr5t ̸TT3TeT샭a5 ,*&$ٿ7&PEa&XPN7,]b/. ljEW\s(6}` iRVҔ}XtX4$ls]j cj?_Xͽtq&asK HO,!LR0_C<%-- Sݲ_=0jaHr5&S?s51"p8[&ew Rv|[͒jI}CxfP\;Z8 "[ xpY~XY˘O^3\$OEC?Lg[K/XJ⥎ʾ=+T!>͵YnmN0Fty0t7 bE2nK6dmJߡwK>}ѝ8uq0.QW~HiT ӡhe@Z9HB!|_^]jL~8hr@~H0c0xc୍ıq(ST- ~:;w$pƒ.Yd^DU N՟ڕՃ8[SIvF5y-\ ,ұIG i^OSoX%kY> /9&S*hnHI`m?JYTU'AWM xuqo6.ӡ!vK7_ቨt(f' 4 >4O>e牄^'uLaYBCSAʤwL1Md9YF|boPlP42l}Ţ j5R.{fyݫs.. kR;x:dwr90?8*8z#_7|^0YyqM PEq?K|gb<^\À1&X/=ҧI\zSo (d3-od0%~?A+wyE/.bjC&*]+;2>wk7!^5waI4\wB=MW}S4I.v1rPNd"tp(AxKM ͶS/.\ƪ$/*b@bAohSNg}f+`cիݩ:mnö$UlW7u#w9EI)I2bK -kXv wb`>-aZs^ UAŵUDO&pOPTB},UM#~3-c΄*[1:awa&T>|"7ޢ)*)nr@Ա6m ~?ՀhJ*J ̫&Y;1kW2Yuv*u¯< BVq&0Qw3^ ^]V`|]a$R @.ΩiNSC/Tॻnf 74 م QLoF ʪc Txpb[#t=ylků@Ț|X+޾Cԭ3ov$3JVR*Is~\?z)͎CU6KW3BZQQ-a\&/0Iͭ¿}" v #I!s{=l q.mzx#tpjy YYkI8tCy14 X-eN lWIT5=i}eZ-ORй(Hk|W{gXޣ4sR*Y5Cw";J,xϾQg`lRZ)e[{R.nn J{Ssb7 8 3P O~ NN֞`p2dYnCBdZ% "Pt;)UTY(una9q'1cLv -Di꺻6!.ś#{vicKY#EMحC`EnP!QA_q׼9_Sӏ} kȸJfsKc ғ܂Ͽ6{)I[JJ^%r|eM.=¶"'+NgG8y7!uE;OɒN:tX5;쾰x˛rlqE"޼`\sGK ^gG D ٧鼭##6LA0ܸu?ۮS~R[w` rK=apRΌ%th[Jmt|[Z!_AXŘדV:ډhr~PPF  ,*|u0wp𳳠P~Y1:ބgUaf{I.0Ik >4ḷvZ)՗aAM 6KI¹6o'WCdv ey$I@(㒚Q%⟻_cP y c x!ˉnBMHBP^2 i;Ǻ `QqY{Zg$=+{A5Lvg(3ỄJ_Q"C 僕R,%C$WWӭrxM߲ft@5?z6Տ^B?) /geIի>B= /llmGdFG&|ެ93oi'qz hV v|-El5*ɼRuǺ6HE_-w! %ы迊QM""T*T%){e<2,@3I kES%א+u/uDM?Hhtmd}3Š a{z{?Y.aF Ϯq{mp}f /+[u| _qHUE_`Z:vj/K:KY!>=U+1vBS _nGg*^ A& ꩧ|ѪbIVKbH5ZQ\e>%$uY:LBڀ,іX H \ >]Fuqa-ɿ+^ud/E[{JQlxLFp?.>Ye٩`+Aֿ2y66C?HgxR{j ;sBdž&zhkk"ڕ H3)-?Xȫ3ϐhMBfܨăt.6Ju,֠txt/)`Z>?Re 64z/<J\(C"ua > ҕgVc<֮նRlzo16qX$NڼZխ;1|Vr9]U o >)_o//Pv 5TON[ I\~ĴC_[Aa}p1~γx WbK0lu_%qwmby[JduT Wao}4 4j!UC U<tVď=U;dY3:EPi+XnՆbj%^_uBP!ؠ[q9Ub~F=8UsEB`tBY N.,AB<U\h'68QQ䊂k Ĵ0Սh!7$>1mhx LǓ7BbhԀ9j!Ѧ䎭Yw-i,Nf63(~P7†ouN97Gmh{T8[#ꈞP;عG雏MN!皵ةYj:>h63`_2 Vf9||/!ak,cn*^n[ty+}U^;1{!GCrѬf ֨P!`kF oS4Fa4I )gAa}+"M t,Nu+?y=7 RVLHHH]_2-Nhӄ6|?Ze`Zcs7]޼z欄A؊jG$Nk5$W7sI^|eõo33W= y)bhwأFRnaBG'Pܥ K  G2nMRS쩅pޖ0zvxu)Z+s#|3'p3dL3-'d#AMo(JUxSqPQJrYAaN> 朗P;J*iVi(؇] O9u҂G/۪Oic5b . r-*M ƍ@Nr늉hb|ROW;Ό(r_$hPoI>ǶW-HSRR40y7>r&#p fI~"AeWT}Y+zaUS$9ykO XaȺ}ز}V"ƚ9r,LB!ZSؒK7E2WJRQShVjJ\`T"10)v'y~сgN4+ȟ<[LW6hޏz$t4?#&bX y|ak*\! fXxcΗ :^YWBCN`XFUm<' բ-Cmӝ˙40Bc{րfdh \'H|t&9.'hNB,[i)o1ߝvQiߒ\b9ܧ@vY :Gka))Ӊ |Cⴠr+.HcX|fG^Y志jCX `\2<ŵwt欞wjl/U_IsX)D6X~c{~ Hh^u`B%,@9ψb[5, h1.ɗz& cEwCzvzĂuXyo#*M/ZNv'~}0'**Di/%#Lv~p0[RR<8#RLHҙX@`O# E& A4YS68+eKzF%za&X*4N4辑 + Wgv8U 8G/?ϊ{iw`:BфI8 yiD܌7QQ Mw7'QځoԼ ZI qʱ#.o^ݷ&Z1ks-jԀ%ie@6KUZ_,evSv}[Fɜg^wacdq/ j\:(ՊbFB'WybpX<2vM&,do=SZadʋ}bn`X'TPI^Df A ó@VE5J*Ιwa.[K Ec9m tNs11^2DGQF}W,.}4LYi"4?o«&QAbO C'1uhS;9,ki*i\Ѭ0@s-=H<)aSk# H6elhkWTп:h*CAZgUD߆RuCJnQX?sN: }Bd FM?UZLoSW LȤ Jã;,$(/ߣ  O$|B9C:$G̢:4V1M6?bReeJjTe#"o˄o+-5P++U'$u$&\kގ)GLL u@-9 h~*it'k&<'?E˯I1l7NDŽȅ39%}80+=Lu켒qM;DD'-$j^`gBv0lZ@rDE bԇJV֕gT[gE ,TTO<{ye(N.n_;(U"ۺxA*u_]KG/YJJ~KB+50s-JT>F Ę39.Jtk&kR"xx~ο쎎<) ˨WWnm"(:w/#;x)bS0 ]*y\攣%UOG"T zE%jElLZ ~=3rs8jdI7l] 9r΍ԱI"^xU-C+&{~K0U)œ~$Jr"|kŦR׊YB^T@B,ys{v6l`tΐ:k (RTuL\H_q-[ 0)7G?]i,ۨ!(loVq5iFW#K2J`Qoή<Ź?98u5~j0"KK e:`*K ;~T[fjN(+Tӱ1b@\V?5Hy8#JwXKiʙY ΚoYrQڳʸ] %ڄE>co<6~kv@XC0:*PJNO_7": Y6 qq^3hiC I^HuTG`]Ʋ( i ÷0})^9#P>D>Hn|*~K⨄ε}J  d䂃 5^%s|Ui L+0TF|g 8=g9oHOmn HQ]8 S7"NDU^Oa c/<1ٗA yepP~&Qv`D7%>_I0֨ 8cY=0v Ft#1Cs صv /k(7sKsm̮PBL_ܔ qjtf &s @P_ 0nB:$'t_42 EP`O2tDWxr @;VUm.YD-ƈG˭1$kQp )7Vք*E/h#k30|Đljg  ( ]+ g/~(Zȵ7^no0&w)>._ڍ+[pM&2zE%9Y,j 4J6Edrwzva~>7wKY@pc$v&u)"'Tc}! 0kx7Ґ8WRD20%)͸o /1`g qO#^ e3RՉW%QnϑS=vGF<|y"^DP)t7>EgY4R8 vd=flh}fxXw.XOkJFTY~iI,r&.水Xf*% JW]ڡVMF.BkR;`gE}c2 m~ bK\""Fdk ) jg$!׎S!XZgFލ~ )­Es4d5*mVsc}h P}bn2"dG8PK`ڃډ$?>|J'4{N'٪z6 u%i{ 2,io Ϩ5]CMSx[ cl2?ȽMq^{:AKv/}9͘7YrgbBE'nX<@PArz>sr!=_4p_ j>Aw5ћnMwҍP?N/hBދz=QwFjD]$5YF!@?CΔ}18}^,!RB}.T`ПU_}4i>^#7CT&7"<8@eddd}ncxp*>kIRJ{DXX{C\qKŲ.*mc~"2PE}yC #pZ`<.Mz1hήfCSI>Ev|ͤ{htWoö &`ZXܻ|p#얹7Ba2%<wF^oV(GIeQSn =-nnлtyQp+,dUyliNn=Kcu V[JVMr@6*y eo,ĕ?ˇ~(ڇ3h?=@l: |?ɩ}>~SNJxEIce6 Qh_^2j?kB:$KOqn.uqHZ$O.hj f|N{W?x"=HBKLdN'gKĉvVcM@d4hVɑ LiP̾ 4;^SXzS8;!o||-=%FV O} vqs'1#̘TM )orL" e5$ȡ yR6Klcɣ{/^|VbE7T/G;5?D"U~OPdo:8f?%\MJQXXZav~N6`vM*E*S!x+ $ޡ9faV͏!%? TUhOPgW*`gi{uX? J}ƛF(Ԧ֠6ki{Sup$`} &K1@3[{( $QI a [S[*ys"0e=TũwV^S5'3/Z8`}|"Ε0g)qaGE z+"8%)bQ91uK?{GIKBϜ1ԫ͊H䵐;`CXxDNjvE}X&s~% Ћ57dmBfsIsänmCAJ!ړj$ۢ*K':Os81Ho!BQh3\ivq$l ds?J}`@l sl/9M8zԳM'x,aE䡿.c&ȇDM }/F3lj-AG 9^GK mfYh0M"HqGL+gN w1'#DUMT~{95])8tmzvv,6}$. ­Ŀ} tx EbO%㗡1bh7HMgG%Lt#{4!z7=jHnJWU6^;d^)(3³_z%_s+V5 zN6k36m,7S-pHM"dDYp4yvTMܰ/uo)t\݊Yd1 `qכ[Tta7g|cw:/ig * 5l^`K12]ŠF<+C2*Hድr}jݔݒS:nX-HDKy컂# ~BQ"Y̦W8fB;uDUYI>4- ~شs,Q^̵ư| dD^`cOAl !6vM$d A.`F\ RqwP,Eo or3Epi{$ ب_,@y{&,=Ń@l|)'8@| or*yBGcnNE)L-.~UGoK.h^՗;ceo΃Y7gA*%w~eVqPx[Ih;xPƒ4u_A^P-|_ V(cZ9XX ]y:q!Q  WRU<%rWsỴt(m9Z];HEIe(Koת[緩Zr#.O!bչg &>zY۱OC `sQf[~_1֪xB LWT˜ <ОV_FH,=_I\RFګ>nrq^w2kiNӬ9ddܩ+~=u:H)h{ iI1^z7;;R Tݷ\j1RfmGL?t>R [ Ev 2+z~ZqzpEb8F7:yϾn[<|W"/^}7bPRkFP"?iTw#ʣ -B}52CzVyM6=s+ :.|(.gjM>RcILO16x^ykI |ݍD8r);rb@J[ooш(q+FԦV~t!gG1eV9JRv&;(o{Gcv_qׂάazƑ C3=!hI^~Kyh9wbqKge+:i ֭΍ ^4E'⭅즌rFD+/M: ա; ڵ(9Q;v9WDgMҸjo܀=,ޒi# 愯fL2R˺⿳+:0(+4RrRU#lg6Oan=5$SWC^vn+n?dz%=\@Qkќ4 @EL_\G=Owx9@{mf~Bh{_2摧N37P=N $2YqlhԀfXIR)RDD{e2Yrc+Frظƾq( c#q {hw_Di*g/ŚMrd3wAb2M-rzGD/g8އgi. zXsN)Y'ڱm,DiY,2/34DUMN{Oݤ;|6k#(M hund~;Ƀ]G6+a;Z 4s `뢺BOl6@Y8ȿ b"kq yzEVjz^&hCڦ]PnLiFHG=)ۙӭXb_P(D+Yo)K9zWϾG*=m+<1mIyh.`L~9o5ٙ ʒgm9a•sj%1&3I#JR#藅 lUm|]͡nō}-)b1.Yҫ2ì 6vn승lH[۔hX˂bd5k2@ :H5-Ο96f"O}*b mך|&j҇3]E;@Y2)O.vbo?1ɰo.MBIo=/8O2a㬁K$!=e;%&qf=,j4QcDQ?L۪!,i/ rXķUoP''DjI'РVCƇzT0c`'ȞQC3ьuz&^掅]$gxo_  ,q m(l {zݝSN(OH#K rhtQ:hI_t/ 0P,z(|DU)9U=JÇ,j#rXOLQVN WPUA4CZjeEKR ~p,in1|hu,֊.m"ALg #4b9g.cT 㙁_Β> h Xwoj k\W*t;s;3݅fމhS6)ekٯЦOO[o U6@"jzJ U@h=2bQY~ŏbZ5%pb` !TIOjL"'59O_ S-Q}K,#RYyi lҼ] 5t+1TǑBƛnѮIEQ\ëJTic ϳsT`/eAzY5L2{BXGw)Tv01K(tK q"[ cCK˶Va3b#ou*>x= O#2q"?=o:N2B?K1MM# !`u^Y9{z(drAI7cn%6 Q!X1ۆSބ!ϗ^ bt%St|{vJ3HۙX8I%Ї nmEPxNcKIݲ@sfn"Ne\ķ,#*;SnDe$32|9 ?`{?wҘ>KC"*x$L!r?oa'> HwuRdXD( h戗_'8?g{įvR#mqzLF#%PzVjCl/@ϙL&ɿ'TiU%hO"!;C$1f`Xѷcm->}, , vJBq HClR+x̯sfpqo]1Ƅr:CQ{"Y][ 8E:=^F9sh&dϢi1ކҚM!DOnEuηbttCߌ"MVa!P+!l&0,< 7b3:ޙݱ0h]UO A$ )F]dy-Lի*#3w'_ suf6M;nO)_Y7ZdZE9 <=.qMjCGL{1=&m >v@]'/$oGwyc/^;*_M\yOR8]"zA秲 k[TdxBq {M3<gaR^tMsTGg5pgH^[*,"M rS/ g/f`Zcff3V]̲n2OSNsKyޞ5O ̀ Wg=."]0 d΃y]yCu)XGnK!Pʄ~$x㮸P}lN_Ӡ%Oک;"&O. j]T~D b'(Tw}% +*4iJ9S?A)48\hNw/о^Ȫ*`yh) lh7iJRc㕻 m`,[(a"!D3V20ObTspw:Mν$ձǠ')ME};aK*VZ1T#5c*_HU׋nr f-V?E>rQinrIش""􄷼jQP)ZsM`A,܈oF`F/C;a&c[|)o%cWϼRk#dH+hbm&0|<:hU4Iv@O6EL (gSD ##]E*㞠WXbѲpi3̢\EfvZ8]!aLTrpY?6]ڴI&0sHkۛ&v8KD.S8$ɢ޾_Ȝꋎ#lԹ 볍Wl=m7Fvx{dIFr[98qDkF6k3H?y-o!b${1"ھJNvM`-Tϓ듬5<~jฑl[8tR0kĜ[3\5-j5L8vI`LY}O’J^? ;{손!0t -vGL,|؋kWVD<湘P1ai va9/^+竏Nz\2ŷ`mx~ %9r?MI#RPt"ۍ؊Mi I9Qn#d691=a)*'TPFzlwZEX4P'? ;h5=PV#;[ SȡkyqO$4%8 EI3cQQ@!6y$yKԯCEGE ?eua~f84Ŏ\)oQ#E#&l[:>? k8RѽIAɋŨ( @,%dT͐άǘq Zd?U-ƖÄCmvQ6Hi >ܚ\e'v]GDQ~T՚q3CLUN#KͮO܍4>Ua "ԷI~ _;=*dVu+R#D2'q#4%,=S^yS\1P$Hn`j&X%! ʱXڜftGL$7i9$Cp"\Z.l_ d(NB-m~@twf[Ȥa G3A"R0\5J[,X0(V+PҦ שWnsh [qiŞy"SKʊ ƣj(޾!n6_[寭5Ux/ePoH p .X bz5K|N3)67-:Pkl>0/?1Hw0#R9[huMm vɽ cnkj% df=穣$mV!HTW)ҰOlh*aH(OAܡa{PmK€4unp9w'+G.i`Iba`:2*yhۣ@(%w_=<&TA^[\֡)]eZ͌phr6W@w+Ȕ8D ^AШC5Cx Q|$pwb㱬]s ;r R_iBe"&'/vO37ELaT"Lm%$?QcmPCe+DL#ؙJR8,U|t5=ŘV=Y!=EL5iqMb)"q ;/XG,A#O$p4 .e$S gg]j嘡Xͧ今>2skW-a{J$Uc {JkI:;~Dr@TJPX}olv7\;'y7A~d$kcf\q#e*}hy3 @r4hσČ7KۓIj DT:&=wE Aܱbv>#CS;5nNJޗak˘en Xg {:7I xSS?_Vyʅ_Y'(dL7FT. W5d1F:'CYL>pʘ9a-i{@t]͛e;,jHЇҺR,SFD=+K^"tWk@d* :S,7PC1}n`Ȯ fH9vWfLFF z_#IR!Ov/`6[1x_Յ8fIXdP@X S0ڻĎ[ 'A Y7Wpʓ-k{`.WhHsnED@u&Hðf7c4H812Gc#㠃iinl.軍ST 6:I9n~Y]Sd( ? X2neoV䧌^Ώ95f&=R]#IpUy&xVa t^-@uiu0 /nć9=>u5'ICL>ys-I72䥈ltNS0p`%)Exԧ@L2ʾ=Rpb}wUfSR/3O`zstTPB1>K;s>\iNmX?9Cy=vmIʦ>bG>qs-ma_YBf雡 `*Xj?2*gC^o X=Ph>d*vV\- "4y7ZgaGoX@VX?V^Kf  Wu{pӛ2J0@:m ~Vh@{x7g"J/z7L9{` /7GҘIC'{!wZhU}c,>^[d8me<(HCT ʵP,ѭ :D]tqkq|rO 쐄 |A{d,9>Wb-6Yѩ1]<K@@f0ߤ,3p@d!V7ŧK>Xs%8ۣEzlo0w֡`V8$Hfw/\Ieu8)'ڟ]8B 'J{/ q$7 $W6&vST Rl\QP!cپ{ARy8qZ ~AR‰R:NS۸@aTSS-$tD:2i.b|Vs]bC g*P=O\WZ0m]/{P$ fىBt۪V 20NNˮ 0%5yT\㌯9_^?*&{(_&;y`Ϡ g{]^ 8~*ȖaR>˲2h{]6Q*}Ig^TR8,|.,?'*v]3jx!y07YnӜu>wx1UpZ:7ӰWbsTԝ $I80VKdvSƲ%Yѯ>Ž;\nlC|&nDE_+I( 0x.%c%*mKYZҔ|Q/U $ɁG=':!|5t0am;jbe&䟐M0}1lf fsMVg]ƭ\ft>XD <#c>Fa;DjB`En@i1ugy| rg7Moggec;dCpx2ȉ?B"`'sdύ*{˻(Hቶ|0 (t ^T bq4Uq@x3S *j: I6ߎ(y׾y}xB4|p9QÓāb=j_*t2+~r.~}_/76bWvEd_/l>`3̧ +mIA*tY#!GDIg}y5nߐc 0!;0KS~\ Y Q8/j=w~_5o׀$L'NyKHX쩷Y~!K |^{tK+d(p^뤹=ʯu%PG4emёZɏDsXlp* q]lB-J|2f&rHiL'J} L3jHow4_EEQkMco #R(Z7}4wZnὉrLҽ-tvGs& DZg*Jw=:pDH܆2lf(O Π=ߕ$ 5ub0%'c9KqݴE_6$O*SmJ HuLlUzϮ՗XW;4Ot$ǎ׫ZNl}m||(9SggLP47Q78rUE;ᰮp` ˜Mix͔M>Pd<$rdZHw TGV^DLSa,/!|U4?R/pvldU9هCJ;@d/1~ol 56UV߉Q_ۍкynkZj/7iGt;qcL▉ПCy;{#8. nx}}t\PD1 04k$Q0 2EBJ 3;)[:҂̿f.-jwu{{ _6G, l*4G@]*Y8IvdW {g*L;]&eGZKZ_^sU9mfZVkX Fvay򙼵v_ `|,}nd@v`g f>en WG^nҕJ><ϝJ:FkjMIVE(Vc6yL_QƅqND1SŅJec{ jH;2~қKqا/Ssh TxiɁvK xh=i׳f wo!DG3lêZC'g[.0pX?Xv2b0"1V&TMb9>DOnf{@r_ 9r4vjĬe*I7Zeⅻ3yskʈ(v*|-=v >c->l4OEjM4<?/Am&E~s/v|r]wnte; I<+eyDNbZKP osg|SDKuZiw3E(_RtJ"tļH7.f?U\wA͉[{p0mB. J5go*,n%08{f*P^927vu2][[^v8?8">-ʼng~ƞH˒wҹ#})oTB5?3UV{$ep(cdpmkHo{J7XOgh;x4o@{5KыVTw-Oig0(#JMI*\QZ2A˚V7y╸G<(ۗUH ]E0(XE*lS䟭 K[݀Hhr,,wi*˚ۥVs=# Re}VuN9=y:L{ t\x)'Spd) ;s065FaO fn=^~1=Y9>*;Cyd$+gTa$ ۍ2X}'t* F)7þC!)nT[ ?/N5"$4$5RU XM1evm]G㭃a"Dy*pT>װbtgCZ&lcYj +@k݇N!HN& "0JIlC4ผJ9QbK6F&΄fKERߍ=Ǔ:E*оMDbRj}CMJ$ L ؼۈ("F[Oe7Q%M}Kǃ&>jIrC\G$7fWN (zߧvUdTfD0_\ȋ ʮ;Ǵ^%^3F}@mI>?SJ.[ r!̿Z?Vgs'WR֛KILeOXvck8Q].8[u8M -Fn |pWjYJwt $=$QQA}a-ڠ4̎iң%ō4z^(УesE rJ`4Z:i3ٿZAX7ڃf,%ݢ N+5G5;ؽ݂^Uÿ6 D'Y6[)$߬y_XAu&ۼ "a,BIb֍LK_y8f58]x8Y;֨GrѫiCaDƌdzOm1LcWOTg7}HԶ rk>y"m~4 ^eBq<JA"7`s|FJS<d?G煏?8**8pn' w:1'̢V|vtfWOtnoH8hoY ,'IX@i?CbU9 MCbt@X6>u=QyV/PoYEc| bN^`9!̪SzVD^a*!O@<> KRq "^vx&jS ,/0s@}WOjCRy ϓ*U*ꩴiJ4\,WU~gOcȪB ԅE)9D+F yk#ί5zem'u5Dp(uSƪB@O?+-yqwlEȁD*q]dֈ55 s]LjQ_I0[W+0܁%Hr/F.UBxf3GTd?'-iF_?8Xf,hǿ%^nA TD&:/S1$tc: >sKX*NOA-J`Mm u0 mME~Og,Ԛo} O&V wWj$Qso3"0ֈI+ʹ$ ~;h߽.j= m .~MdltnCau.Qh͎'ZŨꗦNMD)M< 5Ht\9Ëиz/&>9ga`x2wdg*jOw|^ {ްn ;yrNzs '.V.ٿ/J,ho>_YSYkenWu\Yk5OƩY&':.XR* E sY%ߨ?=d8dV3CD dz)yֹwi•Y?l}D]m<.7O2;0NN`kbTe;%s#'\P4m?[,&CqeLӚY|MhGR!F$a@$Q ;v\pln֒Tuِ]'rE$d![ 6ZJE׌PwLpIaЭSPPUKThU>| mCH㪸A/Q߃cg`F'ciז@|jqapZ7u=i$e,yI4LI~,vD8iĤu 喅d^;r47]@BȀkj"e%)H&ϦҾ%%})ʉ ?[&;rTxvH\ 5Xc fe$x"sd"{U{qݦz]#-Loo-^{T'TU~kӖ 7;C@Ԗ(1j=J/T ml/i, v%rytu|C&}[ag6 *Bvu/mHgO]X

    /B&1@;G#g7UALQ微̪5ǁ_v>m8e6Sl*aͬGÔ17&Ԕ\nR i1.qߋ1im2 :j-%|]6VfMR216`jF_-būft@KE-t-I~%mhN-'KYud Ǹi=)"w= V};e*7476\שIlWFme 7iL F AP5CbEO 6? U;\6)<>nrd:KaPGX-W_m8s~te  wOv~ @?VuuC(+ zȎ!2$)V5eT(1JCWMG}CҰx(E݆bXsekJy<;t{[ڷڊ 85~0' dDM[1ļ'"(wQvfC_;ɯd鯃O@t !͗G^'5FQ+䓁@MAYTY<ì-? $7n %j#=䕏Oc#=N'8h7Cs]GxNv2+>& ž{~o(]&$C;]suejgȂWB2#9nߝ=x8mw|[ϛ?W{$ijsOx6S#HDL4hu6 V:KQq=xpsRDfhYn_Ա=ת1g8a]l>^ňP.{3 (tr{a-#Ms\QFiM[qo{/i1p 4 ;N~5$ eM8HD9|+󲤜p>,mP-(ѻ)N0ܯMol8imS4Ol~/z׳$D9{`VUt-HоZelU6vwfXEh7#/D{4+2 4DJn+90!!A/9{@JȬPƉa) 6)䥋^%=S9cB~X(5p܃>jIkb"^sO?Ia͸v#p&ʨeYZu7_1t`.=;ZSE|t[e=˳`1AQcU7"^ (STޚ5CLj}%ژ)u]ToI.$mMem}V zY5h/v`:YˑplU}!ҰտhŻy"J_mmI(|T k,w¤D@N ,?Չ݄JE 0YJz01q0CөB9aR۬a!Xngqe'?G4mEwqߙs-죐 qV@Fը-J` t`OVW M D&,@f mo6ΡRs^ '/;*] 1GcuDE!r n*~ *ݢQ/>"9cr"cF玪K r/O.S[8;y)]e*惣:Goە.n ㍜9"C |~;}AQ>HdP09v\-J0%huZɐH+8qS0"yx2$cp%(ƥ/!} +tYEdMO;O[ `z<UғǓ;*'S[Fҽ 꾗wơ"8yKn]"izakE0_g>nNi[t`h4?k֫NOR *uB)?Q 5R󺸎Ud Jr6=S@O*{\IVb(gSn =*tՋ#zfAox˲چX&x #y:<:KZ%~&!EJE=l!7 $r 9zt]{pPs\̋Rt\E-- 79щWQbiG)b}Xm4_d὇ךW@o ->K0>XUY Y\4J.Cr\'1vT#U'M^~73Ad][%PA>v=6abN-`Z+6U}D(#`oIp BԖqtJlߧ:3V!]؝g/ݷj9?7?:jaGIh7;>Vƥޢd^b^ ! w%/9k ,Yr_::_BF7?ڔh\nR^5U|m:L.7`-}n7*k0$l\Z8_yXE׏Gs ߖQZ$[6SzMo:gڤ?<ߦT8k5qWӮ #cPr#>]B̞c] uW/JfВ[Y3ڞ]DBFkFwb^awybv'[x#I>qYl`ܟS!^*L62#lٴc:9cgyM7r:SzJP)q$# rL ywt6QN+QE9>pճۿ"Nz~vI߈sDo$2~ʤcٚ"޳o7sY+Kh8;ك,&vUu:W {' ݼ*<0{-C +v~Κͪ.ldמR!3n3jzrmLxSOxd?cٮ"aZK{:t/N4HwV!K>@DFdΌ|$Eg[g;v^ml<0 5&K(A9ɧ=6u3=Mƌ>U(ėkѧ}'dcΘ˩)tKډ)CW/ioVJ,9;> 0ښQpm#NtOHyТ0-,,ޱ+#tFvϽ]vX(粫1I:MNO&,@RL5tM\4vER ²NwqZ"ׇ RD},FXm1fu9#u_6fU<֔7H+KqZMeZ$)Urb茗'ƽDd@7=^ ['3RNL@ѫ\kFE#/. :gB:@o$%9S~ GE} 0gܖ${(&ƻ[ c-x(kz7vjBڊPṾxhM[7.s} ZIqoL|ﻺvdPu}qF)B]SO!Vus*,_nq2hg=uj9d_D^L+WglQ32${a'̝u!_>ⒼFz9UxCW@1ӣ_d1 H(I6c6L.'8~r4`O.;|$qNEVcR p|%kEd}lhŜ-bIcT`P{FmoϷ|,W+=fZ9 ֹos:jʚVw t3u[ ac-ף$rnfW;E,1tPQ&/r~W7˞~)F,Yn\j|7Q`> a$@ѻWh`n.]w}P Zxb#Nꘕz.+V$깆6T?d`IMp$Y p*kzXHi *9AQz?-Y]qV|O fKoZ7,  ࢿqC#)*.'Y(۲Dl%0i/+10{07+^y@rBA=2stt@| (nyir_'3*JeF@A,Ba. e14"/ºh{]V2S:2Ô`bLtbʟ½`S&OlH/Xo 'cxW-04_ 'ж|e aO-epԪ]ks;aN[fȃM\k7m$`Fմ u4(/t|wD?!]dȧiw%{P nP񜋾]sWomD.<pKh _+Cvoi:+ǁtU*Eqb6^\J0겁zyj {ՃJ>)<:`ep_0q+(> JWTj$àWxHTSMPq$G7C*S  D޾-熊&*{>2ǫ<d"_{5'L m fd_iF[ ![R ԳC-^w7:n5CB&WFnx^!#KfuCrMh1IY*@{qľY5iu꠪Vtj IRx;&N kr΂ Dv 8ܵسӾFflᱞtTY{OԀcv/\/ m{ZzxGۏknXb1 "|FFdͪ3n+%xuiKe 4lv@ZmZw6=]x#Ȼ'YǽWf7ʺp3 C䎎֑Ö#7ѱ2lC$Lj;˓UؒAbmp∅*LϾ:2?gfZQdc=>ij6~(KPqjY"}N"4*@="bDT(?PSyɈ"keO+VE bʯKo!ٻʿT0M]5Ry>;N+Ҩ_ wXh6)@6KO:[q2"ua=rGhSӸ^h7i;SB`SJe+γGo`iAzcd.6aԥ;i&HXʳǼUaąP< 8nh+Qd\ ,R1>rx+[g8('@$ıfAYܳIOc \2)N?KyS{@ZlHV I"qcƇUW;CFF߭Ztǥ|qMrWz @-f sxE)bO[wKLVɏ"~+.waA3jbHh _~1 >Sz!ϙ:tf=O+MoJĥoec+4^]|%FtV€L)paqSJ2mq!SnrN&Q$p ۼ"pF^X7-Kcye))7p"7:&`v?cL^;xl1{? vkMRr  A( y < ޴"PgM7v,RRkJjj(_ љBeQ~9Nf |GIr0zQJD4/QQUD7>F#PF}݅U_Gp@f`B[M,C _6[z}K)SC%ԮN=&h9faɇu2rϐ11@ip|N!sXU ~-$%7* #UQ:AU}$;}1d 7SgܭPEa~P +ܰ2kO՛Ŕ(}sAeFtݨL>hzV4.C\o" yJLEJu9 .$'B9i#nxiÈ MrӮ(go;`?`DcgA#LhvDb!&\Τ;>[o9&Zwb;Y2"Y5ȔRw bM[ g.䵞ti(z pqXjg)wų=pLHW` OqW蛕:I{zWZ8>݀9$F%F:fn_2eS0DᯃX 5!j ܴ0Rqc:݁l私°2!A>B4xGp8MXUYQd˼mX(uo$'2qd> @U rrɓ==F(F*? WcĆҳind^M )vul:W}:+Ct> ԽF_^E%?tQ=LYMq|Mk%#7nͼG'}e5¿q:**+#&hʝMhƒ"l/C"I)x%Eb~\\Z:j}s C{Zޟ6'sN0$9I"wh% Txd[-)t 9K 0p@l'F>I%k]?7"tBtmLN"4'7o>2+,m1$BUn5r䧚}*\u_I!5ֳ-v/c+n5(4!*iJkEbmb^#vóT%dM-;JѼ $_|9:&4M,*y`ZRb> .j>2# (aK"d&,#+`\iH$ 齇1\u7脕5LCH蠨* kSliDR`]$ݱpGd'fYe2vN>Lf":R.ku#_Ф'匐NDai^=9:C n1C!G Ń9Uۯ,2m,]PXub򡡾8]nNJeXDDkFzRߓsm8"6  "넫ԃuS-Y\=V> h7+Ќ?Y;Fuψ@vwri[}AB~%g\KǸu:;K sKX3niMw%ai͉A9C{%߸d)<^Z˔SpqOLr (5+[Uܒ>u[ 𮺼Q`$/Hؙy4/W^D:)/y>4I7Y5p\c}e@H(k7GDx, X'*b$ŞbkDa1c5̐ۑj |ܚl-Zj8oä")®Sevʭ1CrEhe' 1gSoԜ&[w6&?~'n*rb40LkTFiN S5nl: rXn5.,< }݄޿DPevɳ ޸5aj`eal}-YNcl{$s7vV}Lٷ9I3Bzn$/q̷#3iK6~}z(w#vM'-Et*L!px5L6%Dziw@.0+fe'lC Ú]WA=ec3E K>ᾡ' (x[?FWll\]WLm(ˏx,Z\/>!$.Q+`!ma1Z߀':XQ#4|ݗلAxCoA ,Psj tתAD-U'?״ld׾\D_6ąc?7MvԽ$%zPȶj6YBPۀ-X;*X(ͱvȭg,p ) dY;^R'kU̼xڧ΃oo/SHULTsg $) ר歐'vJv~Ȫ$*F]"y#B7`I0d6E*r6)Q*$]ʈ8rRρz0Sd--Q{h%G~O=$$0:YfYPn˄tqab@(_a~=׷Hyq,L&jth (>Y6~{yAvΗû[rgl:'V#<-pgǹ9kvPHUP^g]e/@ޚr8svZp~Y':\ ҕ{ tj8=$z2 xJiThR#LنQ!9S0ep[E`۲ t(r2StRg(]!@:nݰ |0@~O-Q9-sa&מ(p&|T5׎8"Z˶yc38I *?Cq07.r#A5H? TƧej{"8x6v⣟ApEÚTZʝo;^y]?л͠M4EJ.UҬhRdC%;ΜjGu ™-GY8u/}',Mz?F#UXI|3vG1I1$]E!\gsk$dz$.qοN.B'HQH2A?I[.ǽ mKWVh")=hwS#ʱ n`"!; %xTڑ S'+"XkDqwGݭz.~-Y.)<#fFv6*o7+pPUkWYGMwةXb]EZ? G4C;(TeYB/&/X#\nk$[ՕdΩVx4i,@0OelE!U`N37*vEVP$+ ODLۺSc]s#fYC[~\P9kooAZ y`ɉ*QT_yl(-{T4qPW q0kԈ9 $[ Zzd t1iI/vr䵝(KWmRQ˫-3}D (ce ,cO,ɧz}b7B b܅V,<7h9daRV6G5c{~yY Իd`j;Sz@O36; E^@!8Q~qHMcLWMT>Bh1)\GB귇WNPO0C>۝yʁpL6#0M%GmBOreE<>z'X2+?C  snG T&f""dJMi7(}H!1}Ҁu^ʹǎV_ ;!t䅠*tE&d3kC202&:+??CY^7\.f3 /&ju*&p:h`lF|ʛbGGΏy;ϧ/%r&T?-^vUwPkT~1Enp\pe Ƿ֭Z8) 1f edXUs((|jpEAǜJ-vQ[Aۭ^!B RVkPR ԣI.Y  ų;JL{~ȶrB  avq2;Em$)d`ls)K9񡞅h{Vu~  MQ~%FgEZFÕ < >d>z Vn81ԗPɼ-2]7Bw\`>\5 "$Qp^)2̤8 >t$ UB&8$!M-Պ0--fi>}kh D$˝sbK-CqcifNf!R uK=xq/q-w}ϺCz⽨&#h?,,󇜮b^߳pM; i>zͯWQ =Hf]9ZCZ<I|]6 ʄ` AKRg<|֭f2 7B84pG5d;Z֒;#1`3@;7IúnYhU| N]ZV.uLA;C7G=uJh`FX+R+ -eSpjzmơ("Dog9`RЄ/y+ ~MV%>3^=e0iqC=)$&m׾? +}Cuxk>SŘPHnFK!*B CW3纎kZyRK@[nu:#~^ } am"Do&B4bI9f#i˚+V (z>|zͥtL(۱GU%)f%H9V=`7Znv&<%EhtF)<{G84gqW3@&4[ "4-ͭ];t#.kZ,l(ִʮ?W5\\$9 Ɨ:}|0|zA/ WJwhU6p9N4^!x0q.a;QѥPZk>|!:vBC z 8ȍj QHh>}2=6#e>jO᫲ eiHpͬGi~/Qdk"X6B\RD4+k-?/sbE8b%1ǀ>:"4dSl|>}|u3(+Z=bE$ ɨ|nPX櫋ASX 44Y~[~e\'-cd:78l>8?R~v8;][MtR@ CtWB;,S!{a?=@"wF,I8Yg~JEgmVGcVjޢZUM>}4$כa!VM@(ѺqTyW|r A>g2lWWl0X}GDe{K^9(&vHLA,["(2/\A$xXӘ܏xY&}l?9YoJvS;sF~5e4ei ϕt v>N^e@!D M>*BP6]Z1ԲQʫ'7,WXtwM3kxSe;vpZϦʸ]U_'VD6ExG*64 4ӎW=rRr*YE  ciW m `BLnXvO36a1@h^fgG[O~#$o'.h "Kҥ# C\Wv:!Ix-'NWW$  -og`NjhOCj7?٠#` "t/ߠ1yd~VԒ(nD{Kω&l7(ħ6{6m7X 0޹v̶G ;"ė@n PuᨴEzT&HbfjHܓ ~ޚ g| AFr 2(1 0K8Mڞ fDc'a*Ϡ!D;6"Oկ.vȇu0KcNN񊭇B~ѹ[}q7e.=蝸^,a$o(¾XcG!:3.R8mb9HrGlYJ čCMV|r `tOJ_*toL?s?c/ĽA@0Y]cћ3F`jcLKRh P12!7x1]*CBYFF,N^ %ɑixDסx 3|5i*yVQF3'bP2o6U6Ԗ⫼R6xg:d&P[LT-B6涎acOaТx~zM~:jgoLbuKƕIuu ΐz+`A:q)86^xC̴3Z󈭽W[a@I:EȄw+&XmNO|V?`B]w.ʦN)u'>E.YoD7r!/Ubcp OV##)-ڈRb{ZGѸ:z:׏6Rgx9-$:1_{Hmt'`cPj$7A%W!GPZ O⮍o Gf)'f {]#Ў$oAbgxK{2<HR*2叽)|l_ϋ6+K7%#f}E%5F( gwuh"1I`l#x1i {~ӽ MtiwPlSDh]eyΘYŀ^[a$N'Nr&;٭$3`aT{E(zlKƂ9c+DKIFv c&o&y@n-!3lz$א3E $e BN<׳qA{m?gr]n* sFeSm:lh&ⴕgHJq3Tsp}' |uJR e*kETų%QlV J~>R])Tm*^'gN}eo;WQ:clp*W'ϯQ-:_3vnTK?iEXN0#8gs18crMۇM:PM4zFQ0UVI z|N(V҅a# xoX菛\ ?6(4Vy΋a?z3Z%o'SH7(I"5΍0q@+jĐXbҏ.RkPmQ❡lY$ZS]{S0Bwd{[#~JRH^|aM/N %۞lu3@(}9GahsR{齘};ޓ 1ZD[Xj4ˏ 0vTEvp7huD􇵐f[TԨ:)|"Ȱ7) @*4Sr5wgIfЪ"$-},p5vt$vj"4eJ}^RfvS23`iZLsFx@)A ~k?e m")2X9DcJ֤%x=IۈS(P~ uUIy^v)i^Y8{3dl;ctT, v4Әdʰ kdlW*sH\5C/Oݤ>ari5ּXkLJ "J@@s>*KN{d`Ҙk|?)u~eRˤ9yQP%JT:)/.|KW $0nE@\8(~w)?5 jEj!H~/Y6[6N;h;-ɘuVGUNR4 %5ћL|g|׆>-@S P3Z4K @H~1_[ˑYve{3ry`G zXqb"K|zyw*pzP"ZZ& nq[7"caH>[ ׃ڑ4v@AQ44`ߙ_G̩"Ow9Pz.ZܽQAO:9݁xP{+4SB8#|:Yl*gA_k|[Әq͹1,ui)na 5{Xv׼$4J+XH@ 1<]AVEmŴfҪsqBuYa)r rh1n9LF _zBg$}>.tW0* =ڰIdSJuvj4X4-[53B/{k*!NbzœA\UGS&q\b^`\ +M.̬Hg#K$JϋWLTq\ C[Eh'aL.H4VCMR:K` |]9:c!