tpm2.0-tools-5.2-150400.6.3.1<>,*\f8pp9|sd˵]@!{ ^#qN IMê[W>0)!>:\7 SuiMm;e61AeP*.6ϙK0=) rƛ6 )OMV-Bi* #qֶy(ogD1ctd_'t4'D~ |#!7#8J'Ϗto˔kREhu*)zrO)DqyOܣ`_ `iB]Bwnss0Vъ>A(?d  W| 8>HALA  A  PA TA ?A C AHANUATTAYYZ8\o(\8\'9]@':`'FaGbAHgAIlAXm\Ymd\mA]rA^ bcDdefluAvw0Ax4Ay8zCtpm2.0-tools5.2150400.6.3.1Trusted Platform Module (TPM) 2.0 administration toolsTrusted Computing is a set of specifications published by the Trusted Computing Group (TCG). The Trusted Platform Module (TPM) is the hardware component for Trusted Computing. The tpm2.0-tools package provides tools for enablement and configuration of the TPM 2.0 and associated interfaces.f8ph02-armsrv2*SUSE Linux Enterprise 15SUSE LLC BSD-3-Clausehttps://www.suse.com/Productivity/Securityhttps://github.com/tpm2-software/tpm2-tools/releaseslinuxaarch64 O j9-D#F[waJK f]l rt)#1Gu ue  !G1J E'6   & ;l H D   a h  O O$ B~   <B%M\RY~L@%#́AAA큤A큤f8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8paSOBaMf8pa#f8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pf8pacb93a519ff39a34c212b095b35c78d3730dd5460853e7f6d70fdcb1bd304fed65571fda204489997530c367ed3eb12640bc4e75c58bd90522b78ed9d92afc3312a8755c2b71f24600df33b379a23bca610b5085d4b71f2e7236813bf3b422d0daec826a2b5e6efcc82ddb0bcff5e878c0ee8043739196fe3adf22e1deb0e72c6ff4f91d20972897b78a24abc78e9a7e23b267f3cda63ec7bc838b5908f22637e98aa6e955c7cc1dc6a6a3f41cefc3912d1307d0036a6fb732f2cf3776be75f34997f032dc954d465d28b61c0061501b62b8c4d4bb1a0703a1519403013f1829401a970c6ab3f2e999223619dec2ff5935187ad61a4dfad2d187c5880f8f5e26d3992e0e687b5b304739922955b50214b4e461b3bafdc68bce1d354edf154643c27fb637e62045c8827d5c3587f57bf9509c2ba896d74f4623b29354de371334fc62bbdc11913c467b2fb5f4070b22b253105e05a70b7467823049b32959890c16732a5c7ab6f2989bef4c0ae07663dcb1a85c1e3387f0f133d5c3624d2606156ae1440b9c6002fab027540dc7f35d3adc704aa58dc984ae9a873cfb0d74d125aa1f28a016de709b3a8261e8302e98898b92d3f7c994f54b1d53260724a2aba5f3aa0f2189b8099abb4e7462658c3032e3a50d0cc95da4b99bb4c839a29ad8266056adf5ce377f1b0edee8b6bd2176bed0f59976f27f75737114439b1646231555a0f650d1be9981e2fe515aa5415f4dd91ea813fb88b200656aa568f9ff150d04dff4515abfbd1036f6fb938180297b053e4ac438558d6f79f8afb42cfa1d3e33561f2a0150c9e48a0cffc1a85359b5e454639c8c9abd7092df7b795b74678d6b2cc06cb6fdf06c10f32bbcd6e4fade26c53836c711e8850442ce4a6cba991baabb16a10aad40413a1e767e7957b584cd2a4b1f9bdda4700a79344d5614b6c1982697004eb26d6bceeacd2b02f858c615bf38f0fea08722d4044bdba4b7e81c12312dc149e85871ae4d0996ecb7c1527b35fbf39d2b1a10753b0636582867fb37e2fd14ffbbd7d4cd7af6400ded750a4ca76ac1ab00d7ed8769c0b7be9e75196c97a325e27ac451dda6f295c5b1f4298b88d93f121e4ae63cd74e54d999a72490684b6c306f8a1fe04d8c70f940acd8218bbc16d5664c0799ad50218b2f33f2597aaeea3b1c928e5c3e7548fdb60965b16fcf9ab1210c272ee1d9d383ae43c392af3d07ccdf45c18c548c93d1b8f99a835bd18c4d7d40ad4707afbeeea4521d1231c89b9769cff03f8f54889758f53fd1b77599f9ac4772457e374645d5488ef424fa5cc894d87a4a821e1e58392ab8216fadae212aa859f503baa4ae425846813de62ace77a8893c2d66961aab6416a20be4defcf6a65199ffb4d2b804ce40a829f5b0344246ee2bd7b0003080757d86b039f207db19eaa9e4c0e9778168ae0aea2f4899b988714dd6c839735ae4c1b38c3e39de993eb654857b20ba43020b156430e82190cdb05df6cf109026e4dd0eba0a3e512de7e28269d3388a3f1232836547cb0065020592948635295ded58632ffc526d896d0f0254ef8851ae81f7d690b186651ef5e8578e2226ab6c18da15aba92e520b263d1ec6c5f74bd74c07b29cd333adbbd30752e366fb0fb453c33c7e5c8d9869a8156da47bb25c04336385c73d0c1802e7801747ba67c09f25663025b091ca0a8064d838cf8aa665b3f2b9950ffff6f4619ec686f7859846b6646e94679f92eeb351f3d20d4c62cc38cfc9242b2b417d88cafe72844979ac87bfdaf46ce859244cb815effc8347c9955a334aa2dab0bf00987a6efe380c020b5ca3fb8b896af50d6b895d0fbd7db5e6fd5774ac43f14b667c3871a74dd3c79a870b04961f99c1fbc0b510cabd8527bef4f6995d52c8b8e4d2c3bace7fc9c330a77a90d808166fbad4d7ead7e8ba2fc66cd4daffbe15d4baa213555299c1f45eed995f849a199b8a8ea927510a80e0dfb4cf9e727bb34bbcaab6eaf0b9f7c17f241ac2bdd8761b8801613da49bae0c81b855a548098cf48e92e7f70bc268387ee3625e1b1b7a783d69b29a06423f9d39c4bc11199bbbe651de819ebb45709d5ce95410746c3458c82ccc74acb2d18df38716e08d4de56be460bf4d0a6a12ad265e7e62abe39556828238a12607d9c425c2991b88b01d26697188f6bf41681b71eab28c37c34dec09d2615d68d99f354a39baf8c75192eaf702e89e3be2be76d0bae6339cd8bcd0fc03e0e853f0e8d78a8f294e149268ba8e0fcd78b7ee7db839d932187d8997191f9bb66d16b3c3f73f09eab2cdadea26e1ded0ab8db5b1531f61adfb7026541d1aa001aafa627a5fd0bb1a7205236851179ccdd8f260b28ec3ae7efb380005be664cf18c4515e509911aa37db43ff00c2d2087b8f1f1b9789108bc7403daa97605818470bdbd056c0a6b9812fcdb709e10ba9aab561bd87910d2aa5b7e4be7a68a625d5349004460a21f398b0c6f6d3fc8239432c7499c367ce67b8caf991b8505d7ab78fc954b25ea104145db22af14f1545f31c6b804665f3488687491910b593ca333e6323fdc3be2c562b1b150e73585b77bde58346fbb2bd7559f6f85eb210096d0f69a4d09e6bbde8fb6cde92c23e34e8bf18068d6181eb3f15c8c5ffd84bd5d62faf9ffc62d327a119f305462230834d2a4d58a9669820f8bf8533f30bd3146d224ff9f2fe862640e8c5f42b3714cb9fc80d6f702eed8068cf0625f66089a78a76e5c7367b57cf8a0185ce366098a33466538850c3252eab36785aba89f4f39152e5b30980846b7679028e5a1c9c326b31ebeaf0a04cd084c4b34ce1f47ccd14f2b8247b80d8cc8b888f8849d689a14d1b18b81bd168bbf29fb49d20193d36e4e0fa027db967f5e98f9bda4bdc0b8d1b2834b8b3e7f168524757257d0f15dbc148c0ca1862a955f5c5c59ad5e59341c5849b06225abe288ea715b2f2edb168f48452b325c463f1f2b59e914ffd8e3bfbae010a1cb60e67ba80e0ad30fdc1672086343b54cdeef962a41f1a46e62e578ae4fe20f41782fd7dd70a15b9cf934530bc368f80a8b2e6f406b14a99f0d9206af726a7296dcd4ee399cc4c308681bc8db4d828fc642a812985b930511fd82308b9ba54b115064ce2c30e85cd5e9ec2df6b05baa813a7e250f98daf3fb5f7450758dcf8a4b03e022e2d324d7211a14c1414295e5281315c9e1334c3fbdd9f41f74cd91948b0ff05b2a06c2251d5f412e34bacb4d8c69fd6ed9c92893d35ad05d2bfc398986de785b9c3f8322fa72dc5eeed1de5b076520d1fc1b0bb5213902f47071a657e358c20630e6afe9bafa24365e4d6be6a7533a0f66eadd37a77d9ddaf1515f07aa60705da67074b29054a067a043c4fba35056e6e11631728d831df762de886d512971f47b16d72c71e7361c5ead342f122072ad855121f3f96d62a863fee796cdacd93abd8184f9f5e3d7b7405955d1b4655a9fbde0f740c1c828c1679b23dc66968850caffc7f2f99602a622ae6af4d6c176e7ae8326856821703626a613eef49859f51a7500a5d31c1a37a683f27ef11ad0758dc0fcdcfdd4350863814427dffc8ebbe81266293a1f985a97c6064b4ab0427d4b6e7b6d4b6fe0fb65aa29092f0681cf00bf17642f73ad4e83e0f8c7400a036b44021680c410e07a476156906f89849c65e030eb525fa3c634b21f3125ce27ecafaca3bb94a747b36b90a8ca0b6d551f4804bbe1ae81ba04477de65e98836500c4c633d931ecbcd2224e2789f8296af94a31167969e155f2742bf09e4bfa6e774130335583fce130b671faaaf92c9bc5a612cf3338fe2f491a57ddf6f4debcad848a45b172591653d551e47ef48bbd0df69e4b67b92494e734973aab6e881576ab9a77dcf35faef45c6c8351273fc17cfbcb22471362caa278092d73d15a4141404219b193a3b56056d6b89f76b3fb90c836c0a623baee69e1d1947164972ed79a5b6438cd9e127e29f27b1ce4f561fb92942e79177fe2b2fa1401caad902b43ef7b6e5b362b4aabf9ca838a2581f7f6cdb9a75b39b7351401fe3ea84bc75f0a1af0b930d42a549687a6b39a39c78d2f4b6bbdd130b6566935be0e8bca1b08a95e01998f47b721f4fdbe5d734013705165df8c2340c2870d15ed471de0817bed5fb2232e4f1f188d566cac70a3829377a6d51e6cdfda2275e2694b00059be5a54bef8bb52deb2a4eba69991b9d9077d40df908a685ec519eb49a3bc41b3421f1afd7120d03dd686dec5813c99ee691a37f91238861a0f66f8cd929623755409738032c81ae853682614ef5480420c301fa2670520ec4c7a51822c82452c1f3c7770e37b2b980784cd74cfa6572a478a191f7a71441890c6408a78f7729e1dac4b93460b125a3659c4baa7118e739cd3a25aef5c9070600634f5fa421c407996eca24cec18fdb4dc2e164751fe5f7f157035a7552da8f774c809e5a1a778fa9a279c0c8bdf0fee14abcd84498d20104730812181ac853f06725a994a878446b0d04066c0109364df65ae42359d4837d46f76da912a16681f16b194488aa2837d328343bd5bf177af3706f37ccc3ea96b633daa9244badb598ba17074b998d775de0b4e4b6710d097bf752f48c38329ffe4ce5641591f6d8066331a0c6d664bdb3cf1bd6902457405ccc0903252151471695101c3351023aaa8191815cd97e9135b2c24b8d41f9b4148a86c897175043f5138876a54fa274c13b58b61d1b8dc02a7fcf3222cc6591d843ce87a54837295fc40a6fdfab0cb3b321480952daf1325a6a715c1be0312ccd7bb9a8dece3f16dd045794ecef42babbedcc1f6aef4c3faeb116abbde898b9d0527d33943d6bd107f7d599905d0ee36bd60cda000988a816a9aa206c8398311a1940e8db2ffd93eb3f7d9b40f1ea7abe0323c87121fb04dcb51dc7d0c315ee8c43cd580fb68adaca65b467997fe304d09591a04360378fd4c0ecd1f554e469a2bce42cd02a7b9d5a1526d7ab60211cc5fc8fba8c496b75c4be08229d8de4e48be32d2cb7974cbfbf7f878a4388d3a87134892fd8600cd51fb933de878124408eeae566dc39e9e161faf410c4158d817f23bda473862a91cfaf6f4877993ffa5727e6e604557cc7db370b22b8b49faa7116dbfe6c688eef5bc1b72abcb5f41deb07b6b7f3508255bfc698a7643f83bb19ce68076f10a83b0ba5ac90f6d7296afba9d700bfb0ac5d703bbf805f628054efca77e175037bb5a1e8e77beb6ef0b3a79733d8e7950887ebc57f740dd70e1a18abcc526b120ef748483fe0e3840601207579eacfde506438dabf55ed877372d63998f2a0702fd8270563c58f5f230b6cf2e7c26f9016f01c9e995a06e382299ce5fc8a97a2fe91f388c9ff54e669b980260cc435d8eca235f7af46a9cd227ddd6f3c1b63c0f8084faf0f1afc2dad3b40a7d9647be40a8399a0ed3e09666d5d4e3514b3764cbe0a80683f4b5f91aea0e52c3ec8ed4d4ff106843121855e1c314c7402850cb2a6c29d0c57e21ac35bf55d03cbea6a1317df38d18823d26e4cf5186edc2ee7060700c809476780c4af0e54fffa42ff65e4d4d1ee189ed39a818b305262e38e2a70511d8a7951acbe0a9cc3936a20ead5ff71beb16efa81dc398660b87b98939b64338e8c14ed5f8d131c1fed9c26dd01b54d9f2fa14f9c3e2b2a5ca40a26e81b7c0ca393668a52b225b5987ab54145b59633f56680c9d0d9f6bfe0af33fc5e8320d0259023cf17395c32c0e073d0c6024032da0f32dcb133b2130ffee7c7fff631ed914def6ecb4b7dc3fe1a6084ec5576a50b6168289f23e41741097b5dba115bf5f4003734f03f67a07f2b29badfd0809491fe72dd4f313cbd37db4f06bc333d97ac49409024fd208c74b13b4ee13f8d1c8fc6388973dfc9c1dc38ccf6546e97cad1028009a02189eeadd1a9020deb7747c7d918c06703d297e1b91e13d40df2b35ded4b7dcb5c090dc76b013330de09fd0371e7692b808c011e429665be6c5b77a7d9d3d17ea88d26f2401063dd04e6260d20490a339733c719971afd59324f00b3f6bbba9ee1c3c1f7f9fdbfdd927950d8eb985a29ec04d24d8121ca73bd4beea69155be2946af81f59ce6c855439efe7d7c6e2965af03ff452a1a63cf9dc3cd30a35da0a1edbd629b5e8c9d46f97f8b2a2bc67e8616ca37633bea8a588bff45d92f3b6396901348ce68945372d923a2e77e6c92a6ed324da3a949f6d5763cb44f6fb8c0bf4611f3c92e3a82d878774fd7a355e295f9401af3dfba966ed584b951164568ecad94b195fc3370438d16d31a81ad1c5b96970bde3d2398bda32b3da33e8680c89a96a5b6ce5db61afc51be6a5dbd6560fd19f7c8ad1f32a8361ea401a62b45f4a6399581502c537da3dbb5b2b8b149aa8d44b1aac8b1db8eb1d9b8244695d04e690e9d2744db0dd97d0f2b65172d873ac76fcf27ee689078007e98b573bbc7991d56256b89c3dea6a45fe839f7192fcdcfd6186cb27cf9f324023e9ffe8c340d1800fb59a5ded8e30d9e74a9156d4fd2d9069b4aa8895c575a749239f871d927a73e1ef1712bc6394ebe3f142b3524a01010c125715d3a8dba52cd5230bf1faa54a40a167b54c8cfffe65e82419581e043df021549d9e648f18e3d63719a94cfb44aedec07e066d346a9778e2675dd698a809ac8c8a6ab1ad3726a1e810bcd60354ffe0bca9d1370d75ad315d5f5fbbc699f127b14bcb55160d239be4db9a2916f45d16111c064d79c34a6503ac68d5ae41a144a6b8f7808c00d1f049a66da60a920b5e2c38ce63fbb1f7c7d86cbfe37b2c11dd987ff239bfe4faab76bc268d1fad89df90ce0aa4e9cf9090b622b1a5124fd501b106529c6f33f15bd3ea32f404fe6efaf753a5cd097f5ee5d3a1470c46b412157f5e82e68b05528d660aad78493a3cc42d1b0a7ad995cf7754a880ec4f175a3f7ce6e848526d60743c314d13d1defc5aec646996757f7b510c124489bde3f2966c497361c58e71092fd068d43b184b19ba327bf4290d6e31591f2617d58a288f02fd4e7bb486110a6f59c05f78f47ba263261ffea50772df272f8492b3f8a0bfa26ada066bd58ba227fa1de2c662a74196493aaf0b6545c2a2a08384d83b61dea2001045b8e612a6568eca159ac6ff715422a4b035a5f1dae2eea9c5b42d78bec8534bdf32145218d3211c9838cb6f57126e66eda90bd3d9b93a5b90eee413b58fd22e106010ad9bd7213cbb455fbc1ed3c5661af5cda675630a8e702bee12584305e14157a0eb143c0b93e1f92a0d678038162e2f36e7e1094bd0e64ca9eaac77568bf8f480f112289a7523d008a5e1cdf5aaa4ad9c1f5b47ea9082aa178bcc66a3f8c97ce8186a7da822dd52065675cbecb8e578922c176d0dbd6917a2f464c1ad9207c3c0537ac89d565397e01eea006e707b103cf170bfaba123996b69ab8c3c27c38afd4b3c9336ace383bd7fb75bf3315c2780a1fe9374d1fe8d78e932e1dd5b4662060006f643740bb03ff1519a6173b51d25c8948a61382446d26fc08e1c9489ba3dcbdc4f0b8c82f4a226794c9a9577b8446986ae520ed5770f9b6da9229359a28de3ffe5d1477c9bfa66690ffe083f9cc338504e575f2392669d4ed0a512d1724340129e2f6da95fd408d60e54c970dab395b383b2a08c6540333664f43ba4283c428438a2f2ab02f9b528331d68a846088d660c3705f486c5ce0f16467686e5ff0899206bdea2fd580b35918df70e3344e802b199aee622738329d77a2361ae8eb8ca840c70d715055a91446530db305798929b0d3a01dd7587d4d282dd32ac62103412a1c49fa811a639af61014b75a9c5a838b05b681dab9692d6586c85cd7e53bbb1baae36c49ad07b5399aabe06965f17702ab09fb3059c6bfd7b245d64d1e5ca0308502f0ebd3717bc8c9a87e966efd56a5bdfaad5561e85f78928be7914e82e95b2345a3086af0052e9fab91f2a0dda6928a393ed91ca4889040794f6798dbb4f2095ce4c5ecf7e80b390723aa6c9770fdfb07f402fdba067a31972441cf92b204c070936ea2526a80fe3d4e1276836bff34bd6cb1472fc9bdb8617cb4963a49d4a828cd16b53eb037c834e1eb1d064cf56a33d93e7642388e86567eade208tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tpm2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tss2tpm2_completion.bashrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottpm2.0-tools-5.2-150400.6.3.1.src.rpmtpm2.0-toolstpm2.0-tools(aarch-64)@@@@@@@@@@@@@@@@    ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libcrypto.so.1.1(OPENSSL_1_1_1)(64bit)libcurl.so.4()(64bit)libefivar.so.1()(64bit)libefivar.so.1(libefivar.so.0)(64bit)libtss2-esys.so.0()(64bit)libtss2-fapi.so.1()(64bit)libtss2-mu.so.0()(64bit)libtss2-rc.so.0()(64bit)libtss2-sys.so.1()(64bit)libtss2-tctildr.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3f4a@aapa@``ٹ`̊`9@`Ȗ@` @`@`7@`@_t@]@]@]c\@[t[}P@[6@[{@Z@Z@Z@Z@ZZC@Y@Yp@YTYI@Y1S@YXO@XW@Vmatthias.gerstner@suse.comaplanas@suse.comaplanas@suse.comaplanas@suse.comaplanas@suse.commatthias.gerstner@suse.comfvogt@suse.comaplanas@suse.comaplanas@suse.comaplanas@suse.comdimstar@opensuse.orgmatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.comvcizek@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.commeissner@suse.commatthias.gerstner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.com- Add 0001-tpm2_checkquote-Fix-check-of-magic-number.patch: tpm2_checkquote did not check whether the magic number in the attest is equal to TPM2_GENERATED_VALUE, which might allow a malicious actor to generate arbitrary quote data, undetected by tpm2_checkquote (bsc#1223687, CVE-2024-29038). - Add 0001-tpm2_checkquote-Add-comparison-of-pcr-selection.patch: tpm2_checkquote did not compare the --pcr parameter passed to the tool with the attest. A malicious actor might thus be able to fake a valid attestation (bsc#1223689, CVE-2024-29039).- The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0)- Fix python3-PyYAML requirement - Move the tests inside a bcond. Disabled by default.- Update to version 5.2: + tpm2_nvextend: * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_Extend command to the TPM. + tpm2_nvread: * Added option --rphash=FILE to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NVRead command to the TPM. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. + tpm2_nvsetbits: * Added option --rphash=FILE to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_SetBits command to the TPM. + tpm2_createprimary: * Support public-key output at creation time in various public-key formats. + tpm2_create: * Support public-key output at creation time in various public-key formats. + tpm2_print: * Support outputing public key in various public key formats over the default YAML output. Supports taking -u output from tpm2_create and converting it to a PEM or DER file format. + tpm2_import: * Add support for importing keys with sealed-data-blobs. + tpm2_rsaencrypt, tpm2_rsadecrypt: * Add support for specifying the hash algorithm with oaep. + tpm2_pcrread, tpm2_quote: * Add option -F, --pcrs_format to specify PCR format selection for the binary blob in the PCR output file. 'values' will output a binary blob of the PCR values. 'serialized' will output a binary blob of the PCR values in the form of serialized data structure in little endian format. + tpm2_eventlog: * Add support for decoding StartupLocality. * Add support for printing the partition information. * Add support for reading eventlogs longer than 64kb including from /sys/kernel/security/tpm0/binary_bios-measurements. + tpm2_duplicate: * Add option -L, --policy to specify an authorization policy to be associated with the duplicated object. * Added support for external key duplication without needing the TCTI. + tools: * Enhance error message on invalid passwords when sessions cannot be used. + lib/tpm2_options: * Add option to specify fake tcti which is required in cases where sapi ctx is required to be initialized for retrieving command parameters without invoking the tcti to talk to the TPM. + openssl: * Dropped support for OpenSSL < 1.1.0 * Add support for OpenSSL 3.0.0 + Support added to make the repository documentation and man pages available live on readthedocs. + Bug-fixes: * tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import. * lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command. * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). * tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size. * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent. * tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified. * lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message. * tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object. - Drop patches already in upstream: + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch- Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to fix the offset of the read buffer- prepare running the test suite via %check, but leave it commented out, because it is broken due to LTO linking.- update to version 5.1.1: - tpm2_import: fix fixed AES key CVE-2021-3565 - tpm2_import used a fixed AES key for the inner wrapper, which means that a MITM attack would be able to unwrap the imported key. To fix this, ensure the key size is 16 bytes or bigger and use OpenSSL to generate a secure random AES key. - Avoid pandoc build dependency, use prebuilt man pages everywhere - Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream - Drop _service, unused - Drop unused unzip build dependency - Drop autoreconfigure call, no longer necessary - Use %autosetup - Verify tarball signature - Build against efivar - Drop %check section, tests weren't built, so that was a noop- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the tpm2_eventlog command (boo#1187360)- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better fix of boo#1187316 - Re-enable lto- Disable lto to fix tpm2_checkquote error (boo#1187316) - Update service file to point to the correct revision- Do not BuildRequire pandoc on ix86 architectures: the haskell stack is not supported on intel 32bit archs.- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565 (bsc#1186490). - drop fix_pie_linking.patch: now contained in upstream tarball - drop fix_warnings.patch: now contained in upstream tarball - update to upstream version 5.1: - Minimum tpm2-tss version dependency bumped to 3.1.0 - Minimum tpm2-abrmd version dependency bumped to 2.4.0 - tss2: - Support in tools for PolicyRef inclusion in policy search per latest TSS. - Support to use TPM objects protected by a policy with PolicySigned. - Enable backward compatibility to old Fapi callback API. - Fix PCR selection for tss2 quote. - Support policy signed policies by implementing Fapi_SetSignCB. - Command/ response parameter support for auditing and pHash policies: - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash - Add support to calculate rphash for tpm2_create, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps. - Session-support: - tpm2_sessionconfig: Add tool to display and configure session attributes. - tpm2_getrandom: Fix— session input was hardcoded for audit-only - tpm2_startauthsession: Add option to specify the bind object and its authorization value. - tpm2_startauthsession: support for bounded-only session. - tpm2_startauthsession: support for salted-only session. - tpm2_startauthsession: add option to specify an hmac session type. - Add support for specifying non-authorization sessions for audit and parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend, tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps. - tpm2_eventlog: - Support for event type: EV_IPL extensively used by the Shim and Grub. - Support for event type: EV_EFI_GPT_EVENT to parse. UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY. - Support for event type: EFI_SIGNATURE_LIST, which contains one or more EFI_SIGNATURE_DATA. - Support for event type EV_EFI_VARIABLE_AUTHORITY. - Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into the Event Log entry TCG_PCR_EVENT2.event field for event types EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB. - Parse secureboot variable to indicate enable as 'Yes'. - Parse BootOrder variable to a more readable format. - Parse Boot variables per EFI_LOAD_OPTION described in more details in UEFI Spec Section 3.1.3 - Parse Device-path in a readable format using the efivar library. - Support for logs longer than 64 kilobytes. - Perform verification for event types where digest can be verified from their event payload. - Better support for multiline strings. - Fix handling of event log EV_POST_CODE data where field is empty and len is specified. - scripts/utils: Add a utility to read the cert chain of embedded CA. - tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP 404. - tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV indices set in extend mode. - tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote TPM without first requiring them to be loaded to a local TPM. - tpm2_dictionarylockout: Fix issue where setting value for one parameter caused to reset the others. - tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest. - Fix segfault where optind > argc. - tools/tpm2_checkquote: fix missing initializer - tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0 - openssl: fix EVP_ENCODE_CTX_(new|free) - test: Add support for swTPM simulator to the testing framework and make it the default if mssim isn't available. - tpm2_unseal: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvextend: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvdefine: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_changepps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeeps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeauth: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certifycreation: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certify: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_activatecredential: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_create: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_unseal: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvdefine: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvextend: - Added option **-S**, **--session** to specify auxilary sessions for audit and encryption.- fix `--version` output of tools. Since now autoreconf is called and configure.ac attempts to fetch the version from git (which we don't have during building), the version was empty. Fix this by replacing the git invocation in configure.ac.- add fix_warnings.patch: fixes a couple of build errors resulting from LTO linking and -Werror. - add fix_pie_linking.patch: fixes an error in the build system that causes the tss2 binary to be linked without passed LDFLAGS (like -pie), which causes the binary not to be position independent. - update to major version 5.0: - Non Backwards Compatible Changes * Default hash algorithm is now sha256. Prior versions claimed sha1, but were inconsistent in choice. Best practice is to specify the hash algorithm to avoid surprises. * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks to the old tool names and the tpm2 commandlet will interrogate argv[0] for the command to run. This will provide backwards compatibility if they are installed. If you wish to use the old names not installed system wide, set DESTDIR during install to a separate path and set the proper directory on PATH. * tpm2_eventlog's output changed to be YAML compliant. The output before was intended to be YAML compliant but was never properly checked and tested. * umask set to 0117 for all tools. * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format by default. In order to output the URL safe variant of base64 encoded output of the INTC EK certificate use the added option --raw. - Dependency update * Update tpm2-tss dependency version to 3.0.1 * Update tpm2-abrmd dependency version to 2.3.3 - New tools and features * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase. * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen. * tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen. * tpm2_commit: Add new tool to support command TPM2_CC_Commit. * tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral. * tpm2_geteccparameters: Add new tool to support command TPM2_CC_ECC_Parameters. * tpm2_setcommandauditstatus: Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus. * tpm2_getcommandauditstatus: Added new tool to support command TPM2_CC_GetCommandAuditDigest. * tpm2_getsessionauditdigest: Added new tool to support command TPM2_CC_GetSessionAuditDigest. * tpm2_certifyX509certutil: Added new tool for creating partial x509 certificates required to support the TPM2_CC_CertifyX509 command. * tpm2_policysigned: Added option --cphash-input to specify the command parameter hash (cpHashA), enforcing the TPM command to be authorized as well as its handle and parameter values. * tpm2_createprimary: Added option to specify the unique data from the stdin by adding provision for specifying the option value for unique file as -. * tpm2_startauthsession: Added new feature/option --audit-session to start an HMAC session to be used as an audit session. * tpm2_getrandom: - Added new feature/option -S, --session to specify a HMAC session to be used as an audit session. This adds support for auditing the command using an audit session. - Added new feature/option --rphash to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. - Added new feature/option --cphash to specify a file path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: In absence of --rphash option, when this option is selected, The tool will not actually execute the command, it simply returns a cpHash. * tpm2_getcap: tpm2_getcap was missing raw on a property TPM2_PT_REVISION, and it should always be specified. * tpm2_sign: - Add option --commit-index to specify the commit index to use when performing an ECDAA signature. - Add support for ECDAA signature. * tpm2_getekcertificate: - Add option --raw to output EK certificate in URL safe variant base64 encoded format. By default it outputs a PEM formatted certificate. - The tool can now output INTC and non INTC EK certificates from NV indices specified by the TCG EK profile specification. * tpm2_activatecredential: - The secret data input can now be specified as stdin with -s option. - The public key used for encryption can be specified as -u to make it similar to rest of the tools specifying a public key. The old -e option is retained for backwards compatibility. - Add option to specify the key algorithm when the input public key is in PEM format using the new option -G, --key-algorithm. Can specify either RSA/ECC. When this option is used, input public key is expected to be in PEM format and the default TCG EK template is used for the key properties. * tpm2_checkqoute: - Add EC support. - Support loading tss signatures. - Support loading tpm2 pcrread PCR values by specifying the PCR selection using the new option -l, --pcr-list. - Added support for automatically detecting the signature format. With this -F, --format option is retained for backwards compatibility but it is deprecated. * tpm2_createak: add option to output qualified name with new option - q, --ak-qualified-name. * tpm2_policypcr: Add option for specifying cumulative hash of PCR's as an argument. * tpm2_readpublic: Add option to output qualified name using the new option - q, --qualified-name. * tpm2_print: - Support printing TPM2B_PUBLIC data structures. - Support printing TPMT_PUBLIC data structures. * tpm2_send: Add support for handling sending and receiving command and response buffer for multiple commands. * tpm2_verifysignature: Added support for verifying RSA-PSS signatures. * tpm2_eventlog: - Add handling of sha1 log format. - Add fixes for eventlog output to be proper YAML. - Add support for sha384, sha512, sm3_256 PCR hash algorithms. - Add support for computing PCR values based on the events. * tpm2_tools (all): - Set stdin/stdout to non-buffering. - Added changes for FreeBSD portability. - Bug fixes * Fix printing short options when no ascii character is used. * OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix GFp will become deprecated (DEPRECATED_1_2_0). * tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1 * Fix missing handle maps for ESY3 handle breaks. See #1994. * tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection. * tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection. * tpm2_sign: fix for signing failures with restricted signing keys when input data to sign is not a digest, rather the full message. The validation ticket creation process defaults to the owner hierarchy and so in order to choose other hierarchies the tpm2_hash tool should be used instead. * tpm2_print: fix segfault when -t option is omitted by appropriately warning of the required option. * tpm2_nvdefine: fix for default size when size is not specified by invoking TPM2_CC_GetCapability. * Fix for an issue where the return code for unsupported algorithms was tool_rc_general instead of tool_rc_unsupported in tpm2_create and tpm2_createprimary tools. * Fix for an issue where RSA_PSS signature verification caused failures. * tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote: Fixes for issues with interoperability of the attestation tools between big and little endian platforms. * tss2_*: - Fix bash-completion for tss2_pcrextend and tss2_verifysignature - Add force option to tss2_list - Make force option consistent in all fapi tools - Do not decode non-TPM errors - Enhance integration tests to test changes of optional/mandatory parameters - Add --hex parameter to tss2_getrandom - Fix autocompletion issue - Switch tss2_* to with-"="-style - Add size parameter to tss2_createseal - References to the cryptographic profile (fapi-profile(5)) and config file - (fapi-config(5)) man pages from all relevant tss2_* man pages. - Fix policy branch selection menu item from 1 to 0. - Documentation * wiki pages have been removed and data has been migrated to tpm2-software.github.io portal's tutorial section. * Fix the problem with man and no-man help output for tools were not correctly displayed. * man: - tpm2_create: Correct max seal data size from 256 bytes to 128 bytes. - tpm2_nvread: Fix manpage example. - tpm2_nvwrite: Added missing information on how to specify the NV index as an argument. - tpm2_unseal: Add end-to-end example. - tpm2_nvincrement: Fix incorrect commands in example section. - tpm2_hmac: Fix the example section.- update to version 4.3: - changes in version 4.3: - tss2_*: Fix double-free errors in commands asking for password authorization - tss2_*: Fix shorthand command -f that was falsely requiring an argument - tss2_*: Update tss2_encrypt to the new FAPI interface - The argument 'policyPath' is removed which was never read anyway - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec - tss2_*: Add parameter types to all man page - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output - tss2_pcrextend: fix extending PCR 0 - tss2_quote: fix unused TSS2_RC in LOG_ERR - changes in 4.2.1: - Fix missing handle maps for ESY3 handle breaks. See #1994. - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0. - Fix for loop declarations build error. - changes in 4.2: - Fix various issues reported by static analysis tools. - Add integration test for ECC based getekcertificate. - Fix for issue #1959 where ARM builds were failing. - Add a check in autotools to add "expect" as a package dependency for fapi tools. - tpm2_createek: Drop the unused -p or --ek-auth option - tpm2_policyor: List of policy files should be specified as an argument - instead of -l option. The -l option is still retained for backwards - compatibility. See issue#1894. - tpm2_eventlog: add a tool for parsing and displaying the event log. - tpm2_createek: Fix an issue where the template option looked for args - tpm2_hierarchycontrol: Fixed bug where tool operation failed silently - tpm2_nvdefine: Fixed an issue where text output suggested failures as passes - tpm2_certify: Add an example usage in man page - tpm2_policyor: Fix a bug where tool failed silently when no input were given - tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address - tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed - .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations - tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command - Add options to tools to enable cpHash outputs: tpm2_nvsetbits, tpm2_nvextend, tpm2_nvincrement, tpm2_nvread, tpm2_nvreadlock, tpm2_writelock, tpm2_nvdefine, tpm2_nvundefine, tpm2_nvcertify, tpm2_policynv, tpm2_policyauthorizenv, tpm2_policysecret, tpm2_create, tpm2_load, tpm2_activatecredential, tpm2_unseal, tpm2_changeauth, tpm2_duplicate, tpm2_import, tpm2_rsadecrypt, tpm2_certify, tpm2_certifycreation, tpm2_hierarchycontrol, tpm2_setprimarypolicy, tpm2_clearcontrol, tpm2_dictionarylockout, tpm2_evictcontrol, tpm2_setclock, tpm2_clockrateadjust, tpm2_clear, tpm2_nvwrite, tpm2_encryptdecrypt, tpm2_hmac. - tpm2_import: Fix an issue where the imported key always required to have a policy - tpm2_policysecret: Fix an issue where authorization model was fixed to password only - Feature API (FAPI) tools added. These additional set of tools implement utilities - using the FAPI which was added to the tpm2-tss v2.4.4: tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete, tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey, tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs, tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign, tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend, tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite, tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote, tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import, tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv - tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons. - changes in 4.1.1: - tpm2_certify: Fix output of attestation data including size field. Now outputs just bytes. - tpm2_certifycreation: Fix tool to match manpage where the code had the -C and -c options reversed. - tpm2_gettime: Fix output of attestation data including size field. Now outputs just bytes. - tpm2_nvcertify: Fix output of attestation data including size field. Now outputs just bytes. - tpm2_nvreadpublic: add name hash output. - tpm2_import: Support object policies when importing raw key material. - Fix overflow in pcrs.h where sizeof() was used instead of ARRAY_LEN(). - build: - Fix compilation issue: lib/tpm2_hash.c:17:19: note: 'left' was declared here. - man: - Fix manpage examples that have "sha" instead of "sha1" - tpm2_shutdown manpage was missing, add it to build. - Fix manpage example for tpm2_createak's tpm2_evictcontrol example. - Remove fix_bad_bufsize.patch: is now contained in upstream tarball - Adjust fix_bogus_warning.patch: one hunk no longer applies, upstream code changed.- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks that indicate bad buffer size specification. - add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are bogus, since the variables in questions will be initialized in any case later on.- update to major version 4.1: - changes in version 4.1: * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation. * tpm2_checkquote: - Fix YAML output bug. - -g option for specifying hash algorithm is optional and defaults to sha256. * tpm2_changeeps: A new tool for changing the Endorsement hierarchy primary seed. * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed. * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM. * tpm2_create: Add tool options for specifying output data for use in certification - --creation-data to save the creation data - --creation-ticket or -t to save the creation ticket - --creation-hash or -d to save the creation hash - --template-data for saving the template data of the key - --outside-info or -q for specifying unique data to include in creation data. - --pcr-list or -l Add option to specify pcr list to add to creation data. * tpm2_createprimary: Add tool options for specifying output data for use in certification - --creation-data to save the creation data - --creation-ticket or -t to save the creation ticket - --creation-hash or -d to save the creation hash - --template-data for saving the template data of the key - --outside-info or -q for specifying unique data to include in creation data. - --pcr-list or -l Add option to specify pcr list to add to creation data. * tpm2_evictcontrol: - Fix bug in automatic persistent handle selection when hierarchy is platform. - Fix bug in YAML key action where action was wrong when using ESYS_TR. * tpm2_getcap: clean up remanenats of -c option in manpages and tool output. * tpm2_gettime: Add a new tool for retrieving a signed timestamp from a TPM. * tpm2_nvcertify: Add a new tool for certifying the contents of an NV index. * tpm2_nvdefine: - Support default set of attributes so -a is not mandatory. - Support searching for free index if an index isn't specified. * tpm2_nvextend: Add a new tool for extending an NV index similair to a PCR. * tpm2_nvreadpublic: - Support specifying nv index to read public data from as argument. * tpm2_nvsetbits: Add a new tool for setting the values of PCR with type "bits". * tpm2_nvundefine: Add support for deleting NV indices with attribute `TPMA_NV_POLICY_DELETE` set using NV Undefine Special command. * tpm2_nvwritelock: Add a new tool for setting a write lock on an NV index or globally locking nv indices with TPMA_NV_GLOBALLOCK. * tpm2_policyauthorizenv: New tool enabling signed, revocable policies. * tpm2_policyauthvalue: New tool enabling authorization to be bound to the authorization of another object. * tpm2_policycountertimer: Add a new tool for enabling policy bound to TPM clock or timer values. * tpm2_policynamehash: Add a new tool for specifying policy based on object name. * tpm2_policynv: Add a new tool for specifying policy based on NV contents. * tpm2_nvwritten: Add a new tool for specifying policy based on whether or not an NV index was written to. * tpm2_policysecret: Add tool options for specifying - --expiration or -t - --ticket - --timeout - --nonce-tpm or -x - --qualification or -q * tpm2_policysigned: New tool enabling policy command TPM2_PolicySigned. * tpm2_policytemplate: New tool enabling policy command TPM2_PolicyTemplate. * tpm2_policyticket: New tool enabling policy command TPM2_PolicyTicket. * tpm2_readclock: Add a new tool for reading the TPM clock. * tpm2_setclock: Add a new tool for setting the TPM clock. * tpm2_setprimarypolicy: New tool setting policy on hierarchies. * tpm2_shutdown: Add a new tool for issuing a TPM shutdown command. * misc: - Support "tpmt" as a public key output format that only saves the TPMT structure. - Qualifying data or extra data in many tools can be hex array string or binary file. - Add support for specifying NV index type when specifying NV attributes. - Support added for tools to run on FreeBSD. - Skip and notify of action that man pages will not install if the package pandoc is missing. - Fix precedence issue with bitwise operator order int tpm2_getcap - travis: bump abrmd version 2.3.0 - tpm2_util.c: Fix an issue int variable size was checked against uint - pcr.c: Fix buffer length issue to support all defined hash algorithm - changes in version 4.0.1: * tpm2_checkquote: Fix YAML output bug. - changes in version 4.0: * tpm2_activatecredential: - --context is now --credentialedkey-context. - --key-context is now --credentialkey-context. - --Password is now --credentialedkey-auth. - --endorse-passwd is now --credentialkey-auth. - --in-file is now --credential-secret. - --out-file is now --certinfo-data. - -f becomes -i. - -k becomes -C. - -e becomes -E. * tpm2_certify: - --halg is now --hash-algorithm. - --obj-context is now --certifiedkey-context. - --key-context is now --signingkey-context. - --pwdo is now --certifiedkey-auth. - --pwdk is now --signingkey-auth. - -a becomes -o. - -k becomes -p. - -c becomes -C. - -k becomes -K. * tpm2_changeauth: - New tool for changing the authorization values of: - Hierarchies - NV - Objects - Replaces tpm2_takeownership with more generic functionality. * tpm2_checkquote: - --halg is now --hash-algorithm. - --pcr-input-file is now --pcr. - --pubfile is now --public. - --qualify-data is now --qualification. - -f becomes -F. - -F becomes -f. - -G becomes -g. * tpm2_clear: - --lockout-passwd is now --auth-lockout. * tpm2_clearcontrol: - New tool for enabling or disabling tpm2_clear commands. * tpm2_create - --object-attributes is now --attributes. - --pwdp is now --parent-auth. - --pwdo is now --key-auth. - --in-file is now --sealing-input. - --policy-file is now --policy. - --pubfile is now --public. - --privfile is now --private. - --out-context is now --key-context. - --halg is now --hash-algorithm. - --kalg is now --key-algorithm. - -o becomes -c. - -K becomes -p. - -A becomes -b. - -I becomes -i. - -g becomes an optional option. - -G becomes an optional option. - Supports TPM command CreateLoaded via -c. * tpm2_createak: - Renamed from tpm2_getpubak * tpm2_createek: - renamed from tpm2_getpubek * tpm2_createpolicy: - --out-policy-file is now --policy. - --policy-digest-alg is now --policy-algorithm. - --auth-policy-session is now --policy-session. - -L becomes -l. - -F becomes -f. - -f becomes -o. - Removed option --set-list with short option -L. - Removed option --pcr-input-file with short option -F. - Pcr policy options replaced with pcr password mini language. - Removed short option a for specifying auth session. Use long option --policy-session. - Removed short option -P for specifying pcr policy. Use long option --policy-pcr. * tpm2_createprimary: - --object-attributes is now --attributes. - -o is now -c - --pwdp is now --hierarchy-auth. - --pwdk is now --key-auth. - --halg is now --hash-algorithm. - --kalg is now --key-algorithm. - --context-object is now --key-context. - --policy-file is now --policy. - support for unique field when creating objects via -u - saves a context file for the generated primary's handle to disk via -c. - -A becomes -a. - -K becomes -p. - -H becomes -C. - -g becomes optional. - -G becomes optional. * tpm2_dictionarylockout: - --lockout-passwd is now --auth. - -P becomes -p. * tpm2_duplicate: - New tool for duplicating TPM objects. * tpm2_encryptdecrypt: - --pwdk is now --auth. - --out-file is now --output. - -D becomes -d. - -I becomes an argument. - -P becomes -p. - Support IVs via -t or --iv. - Support modes via -G. - Support padding via -e or --pad. - Supports input and output to stdin and stdout respectively. * tpm2_evictcontrol: - --auth is now --hierarchy. - --context is now --object-context. - --pwda is now --auth. - --persistent with short option -S is now an argument. - -A becomes -C. - Added option --output -o to serialize handle to disk. - Removed option --handle with short option -H. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Removed option --input-session-handle with short option -i. - Authorization session is now part of password mini language. * tpm2_getcap: - -c becomes an argument. - Most instances of value replaced with raw in YAML output. - TPM2_PT_MANUFACTURER displays string value and raw value. - Supports --pcr option for listing hash algorithms and bank numbers. * tpm2_getekcertificate: - Renamed from tpm2_getmanufec * tpm2_getmanufec: - Renamed the tool to tpm2_getekcertificate. - Removed ek key creation and management logic. - Added option for getting ek cert for offline platform via -x. - Support for ECC keys. - --ec-cert is now --ek-certificate, - --untrusted is now --allow-unverified, - --output is now --ek-public, - -U is now -X. - -O is now -x. - -f becomes -o. - Removed option -P or --endorse-passwd. - Removed option -p or --ek-passwd. - Removed option -w or --owner-passwd. - Removed option -H or --persistent-handle. - Removed option -G or --key-algorithm. - Removed option -N or --non-persistent. - Removed option -O or --offline. * tpm2_getpubak: - renamed to tpm2_createak. - -f becomes -p and -f is used for format of public key output. - --auth-endorse is now --eh-auth. - --auth-ak is now --ak-auth. - --halg is now --hash-algorithm. - --kalg is now --key-algorithm. - -e becomes -P. - -P becomes -p. - -D becomes -g. - -p becomes -u. - --context becomes --ak-context. - --algorithm becomes --kalg. - --digest-alg becomes --halg. - --privfile becomes --private. - remove -k persistant option. Use tpm2_evictcontrol. - Fix -o option to -w. - now saves a context file for the generated primary's handle to disk. - -E becomes -e. - -g changes to -G. - support for non-persistent AK generation. * tpm2_getpubek: - renamed to tpm2_createek - --endorse-passwd is now --eh-auth. - --owner-passwd is now --owner-auth. - --ek-passwd is now --ek-auth. - --file is now --public. - --context is now --ek-context. - --algorithm is now --key-algorithm. - -e is now -P. - -P is now -p. - -p is now -u. - -o is now -w. - -g is now -G. - Support for saving a context file for the generated primary keys handle to disk. - support for non-persistent EK generation. - -f is now -p. - -f support for format of public key output. * tpm2_getrandom: - change default output to binary. - add --hex option for output to hex format. - --out-file is now --output. - bound input request on max hash size per spec, allow -f to override this. * tpm_gettestresult: - new tool for getting test results. * tpm2_hash: - add --hex for specifying hex output. - default output of hash to stdout. - default output of hash as binary. - remove output of ticket to stdout. - --halg is now --hash-algorithm. - --out-file is now --output. - -a is now -C. - -H is now -a. * tpm2_hmac: - add -t option for specifying ticket result. - --out-file is now --output. - --auth-key is now --auth. - --algorithm is now --hash-algorithm. - --pwdk is now --auth-key. - -C is now -c. - -P is now -p. * tpm2_hierarchycontrol: - new tool added for enabling or disabling the use of a hierarchy and its associated NV storage. * tpm2_import: - --object-attributes is now --attributes. - --auth-parent is now --parent-auth. - --auth-key is now --key-auth. - --algorithm is now --key-algorithm. - --in-file is now --input. - --parent-key is now --parent-context. - --privfile is now --private. - --pubfile is now --public. - --halg is now --hash-algorithm. - --policy-file is now --policy. - --sym-alg-file is now --encryption-key. - -A is now -b. - -k is now -i. - support OSSL style -passin argument as --passin for PEM file passwords. - support additional import key types: - RSA1024/2048. - AES128/192/256. - -q changes to -u to align with tpm2_loads public/private output arguments. - Supports setting object name algorithm via -g. - support specifying parent key with a context file. - --parent-key-handle/-H becomes --parent-key/-C - Parent public data option is optional and changes from `-K` to `-U`. - Supports importing external RSA 2048 keys via pem files. - Supports ECC Parent keys. * tpm2_incrementalselftest: - Add tool to test support of specific algorithms. * tpm2_listpersistent: - deleted as tpm2_getcap and tpm2_readpublic can be used instead. * tpm2_load: - -o is now -c. - --context-parent is now --parent-context. - --auth-parent is now --auth. - --pubfile is now --public. - --privfile is now --private. - --out-context is now --key-context. - now saves a context file for the generated primary's handle to disk. - Option `--pwdp` changes to `--auth-parent`. * tpm2_loadexternal: - --object-attributes is now --attributes. - -o is now -c - --key-alg is now --key-algorithm. - --pubfile is now --public. - --privfile is now --private. - --auth-key is now --auth. - --policy-file is now --policy. - --halg is now --hash-algorithm. - --out-context is now --key-context. - Remove unused -P option. - -H is now -a. - Fix -A option to -b for attributes. - now saves a context file for the generated primary's handle to disk. - support OSSL style -passin argument as --passin for PEM file passwords. - name output to file and stdout. Changes YAML stdout output. - ECC Public and Private PEM support. - AES Public and Private "raw file" support. - RSA Public and Private PEM support. - Object Attribute support. - Object authorization support. - Default hierarchy changes to the *null* hierarchy. * tpm2_makecredential: - --out-file is now --credential-blob - --enckey is now --encryption-key. - Option `--sec` changes to `--secret`. * tpm2_nvdefine: - --handle-passwd is now --hierarchy-auth. - --index-passwd is now --index-auth. - --policy-file is now --policy. - --auth-handle is now --hierarchy. - -a becomes -C. - -t becomes -a. - -I becomes -p. - Removed option --index with short option -x. It is now an argument. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. * tpm2_nvincrement: - New tool to increment value of a Non-Volatile (NV) index setup as a counter. * tpm2_nvlist: - tpm2_nvlist is now tpm2_nvreadpublic. * tpm2_nvread: - --handle-passwd is now --auth. - --auth-handle is now --hierarchy. - -a becomes -C. - Removed option --index with short option -x. It is now an argument. - Removed short option -o for specifying offset. Use long option --offset. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. - Removed option --set-list with short option -L. - Removed option --pcr-input-file with short option -F. - Pcr policy options replaced with pcr password mini language. - fix a buffer overflow. * tpm2_nvreadlock: - --handle-passwd is now --auth. - --auth-handle is now --hierarchy. - -a becomes -C. - Removed option --index with short option -x. It is now an argument. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. * tpm2_nvwrite: - --handle-passwd is now --auth. - --auth-handle is now --hierarchy. - -a becomes -C. - Removed option --index with short option -x. It is now an argument. - Removed short option -o for specifying offset. Use long option --offset. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. - Removed option --set-list with short option -L. - Removed option --pcr-input-file with short option -F. - Pcr policy options replaced with pcr password mini language. * tpm2_nvrelease: - --handle-passwd is now --auth. - --auth-handle is now --hierarchy. - -a becomes -C. - Removed option --index with short option -x. It is now an argument. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. * tpm2_nvundefine: - Renamed from tpm2_nvrelease. * tpm2_pcrallocate: - New tool for changing the allocated PCRs of a TPM. * tpm2_pcrevent: - --password is now --auth. - Removed option --pcr-index with short option -i. - PCR index is now specified as an argument. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. * tpm2_pcrlist: - -gls options go away with -g and -l becoming a single argument. * tpm2_pcrread: - Renamed from tpm2_pcrlist. * tpm2_print: - New tool that decodes a TPM data structure and prints enclosed elements to stdout as YAML. * tpm2_policyauthorize: - New tool that allows for policies to change by associating the policy to a signing authority essentially allowing the auth policy to change. * tpm2_policycommandcode: - New tool to restricts TPM object authorization to specific TPM commands. * tpm2_policyduplicationselect: - New tool for creating a policy to restrict duplication to a new parent and or duplicable object. * tpm2_policylocality: - New tool for creating a policy restricted to a locality. * tpm2_policypcr: - New tool to generate a pcr policy event that bounds auth to specific PCR values in user defined pcr banks and indices. * tpm2_policyor: - New tool to compound multiple policies in a logical OR fashion to allow multiple auth methods using a policy session. * tpm2_policypassword: - New tool to mandate specifying of the object password in clear using a policy session. * tpm2_policysecret: - New tool to associate auth of a reference object as the auth of the new object using a policy session. * tpm2_quote: - --ak-context is now --key-context. - --ak-password is now --auth. - --sel-list is now --pcr-list. - --qualify-data is now --qualification-data. - --pcrs is now --pcr. - --sig-hash-algorithm is now --hash-algorithm. - -P becomes -p - -L becomes -l. - -p becomes -o. - -G becomes -g. - -g becomes optional. - Removed option --id-list with short option -l. - Removed option --ak-handle with short option -k. - Raw object-handles and object-contexts are commonly handled with object handling logic. * tpm2_readpublic: - --opu is now --output. - --context-object is now --object-context. - Removed option --object with short option -H. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Added --serialized-handle for saving serialized ESYS_TR handle to disk. - Added --name with short option -n for saving the binary name. - Supports ECC pem and der file generation. * tpm2_rsadecrypt: - --pwdk is now --auth. - --out-file is now --output. - -P becomes -p. - Added --label with short option -l for specifying label. - Added --scheme with short option -s for specifying encryption scheme. - Removed option -I or in-file input option and make argument. - Removed option --key-handle with short option -k. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. * tpm2_rsaencrypt: - --out-file is now --output. - Added --scheme with short option -s for specifying encryption scheme. - Added --label with -l for specifying label. - Removed option --key-handle with short option -k. - Raw object-handles and object-contexts are commonly handled with object handling logic. - make output binary either stdout or file based on -o. * tpm2_selftest: - New tool for invoking tpm selftest. * tpm2_send: - --out-file is now --output. * tpm2_sign: - --pwdk is now --auth. - --halg is now --hash-algorithm. - --sig is now --signature. - -P becomes -p. - -s becomes -o. - Added --digest with short option -d. - Added --scheme with short option -s. - Supports rsapss. - Removed option --key-handle with short option -k. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Removed option --msg with short option -m. - Make -d toggle if input is a digest. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. - Supports signing a pre-computed hash via -d. * tpm2_startauthsession: - New tool to start/save a trial-policy-session (default) or policy- authorization-session with command line option --policy-session. * tpm2_stirrandom: - new command for injecting entropy into the TPM. * tpm2_takeownership: - split into tpm2_clear and tpm2_changeauth * tpm2_testparms: - new tool for querying tpm for supported algorithms. * tpm2_unseal: - --pwdk is now --auth. - --outfile is now --output. - --item-context is now --object-context. - -P becomes -p - Removed option --item with short option -H. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Removed option --input-session-handle with short option -S. - Authorization session is now part of password mini language. - Removed option --set-list with short option -L. - Removed option --pcr-input-file with short option -F. - Pcr policy options replaced with pcr password mini language. * tpm2_verifysignature: - --halg is now --hash-algorithm. - --msg is now --message. - --sig is now --signature. - -D becomes -d. - -t becomes optional. - Issue warning when ticket is specified for a NULL hierarchy. - Added option --format with short option -f. - Removed option --raw with short option -r. - Removed option --key-handle with short option -k. - Raw object-handles and object-contexts are commonly handled with object handling logic. - Support routines for OpenSSL compatible format of public keys (PEM, DER) and plain signature data without TSS specific headers. * misc: - cmac algorithm support. - Add support for reading authorisation passwords from a file. - Ported all tools from SAPI to ESAPI. - Load TCTI's by SONAME, not raw .so file. - system tests are now run with make check when --enable-unit is used in configure. - Libre SSL builds fixed. - Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti options. - test: system testing scripts moved into subordinate test directory. - configure: enable code coverage option. - env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option. affects all tools. - Fix parsing bug in PCR mini-language. - Fix misspelling of TPM2_PT_HR constants which effects tpm2_getcap output. - configure option --with-bashcompdir for specifying bash completion directory. - changes in version 3.2.1: * Fix invalid memcpy when extracting ECDSA plain signatures. * Fix resource leak on FILE * in hashing routine. * Correct PCR logic to prevent memory corruption bug. * Errata handler fix. - changes in version 3.2.0: * fix configure bug for linking against libmu. * tpm2_changeauth: Support changing platform hierarchy auth. * tpm2_flushcontext: Introduce new tool for flushing handles from the TPM. * tpm2_checkquote: Introduce new tool for checking validity of quotes. * tpm2_quote: Add ability to output PCR values for quotes. * tpm2_makecredential: add support for executing tool off-TPM. * tpm2_pcrreset: introduce new tool for resetting PCRs. * tpm2_quote: Fix AK auth password not being used.- update to minor version 3.1.4: * Fix various man pages * tpm2_getmanufec: fix OSSL build warnings * Fix broken -T option * Various build compatibility fixes * Fix some unit tests * Update build for recent autoconf-archive versions * Install m4 files- update to minor version 3.1.3: - Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in addition to supporting the new unified TPM2TOOLS_ENV_TCTI - Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than TPM2_PT - Make test_tpm2_activecredential Python 3 compatible - Fix tpm2_takeownership to only attempt to change the specified hierarchies - use a _service file to sync with upstream tags- update to minor version 3.1.2 (FATE#326270): - Revert the change to use user supplied object attributes exclusively. This is an inappropriate behavioural change for a MINOR version number increment. - Fix inclusion of object attribute specifiers section in tpm2_create and tpm2_createprimary man pages. - Use better object attribute defaults for authentication, preventing an empty password being used for authentication when a policy is set.- update to minor version 3.1.1: - Allow man page installation without pandoc being available- update to major version 3.1.0: - the tpm2 stack introduces an incompatible ABI to the previous version with this update. There is no compatibility layer, libraries have new names - install-man.patch: dropped, because we don't really need it - tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now s etc. - upstream changelog: * tpm2_unseal: -P becomes -p * tpm2_sign: -P becomes -p * tpm2_nvreadlock: long form for -P is now --auth-hierarchy * tpm2_rsadecrypt: -P becomes -p * tpm2_nvrelease: long-form of -P becomes --auth-hierarchy * tpm2_nvdefine: -I becomes -p * tpm2_encryptdecrypt: -P becomes -p * tpm2_dictionarylockout: -P becomes -p * tpm2_createprimary: -K becomes -p * tpm2_createak: -E becomes -e * tpm2_certify: -k becomes -p * tpm2_hash: -g changes to -G * tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G. * tpm2_hmac: drop -g, just use the algorithm associated with the object. * tpm2_getmanufec: -g changes to -G * tpm2_createek: -g changes to -G * tpm2_createak: -g changes to -G * tpm2_verifysignature: -g becomes -G * tpm2_sign: -g becomes -G * tpm2_import: support specifying parent key with a context file, - -parent-key-handle/-H becomes --parent-key/-C * tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to the NV_INDEX value passed to -x. * Load TCTI's by SONAME, not raw .so file * tpm2_activatecredential: -e becomes -E * tpm2_activatecredential: -e becomes -E * tpm2_certify: -c and -C are swapped, -k becomes -K * tpm2_createprimary: -K becomes -k * tpm2_encryptdecrypt: supports input and output to stdin and stdout respectively. * tpm2_create: -g/-G become optional options. * tpm2_createprimary: -g/-G become optional options. * tpm2_verifysignature - Option `-r` changes to `-f` and supports signature format "rsa". * tpm2_import - Parent public data option, `-K` is optional. * tpm2_import - Supports importing external RSA 2048 keys via pem files. * tpm2_pcrlist: Option `--algorithm` changes to `--halg`, which is in line with other tools. * tpm2_verifysignature: Option `-r` and `--raw` have been removed. This were unused within the tool. * tpm2_hmac: Option `--algorithm` changes to `--halg`, which is in line with the manpage. * tpm2_makecredential: Option `--sec` changes to `--secret`. * tpm2_activatecredential: Option `--Password` changes to `--auth-key`. * system tests are now run with make check when --enable-unit is used in configure. * tpm2_unseal: Option `--pwdk` changes to `--auth-key`. * tpm2_sign: Option `--pwdk` changes to `--auth-key`. * tpm2_rsadecrypt: Option `--pwdk` changes to `--auth-key`. * tpm2_quote: Option `--ak-passwd` changes to `--auth-ak` * tpm2_pcrevent: Option `--passwd` changes to `--auth-pcr` * tpm2_nvwrite: Options `--authhandle` and `--handle-passwd` changes to `--hierarchy` and `--auth-hierarchy` respectively. * tpm2_nvread: Options `--authhandle` and `--handle-passwd` changes to `--hierarchy` and `--auth-hierarchy` respectively. * tpm2_nvdefine: Options `--authhandle`, `--handle-passwd` and `--index-passwd` changes to `--hierarchy`, `--auth-hierarchy` and `--auth-index` respectively. * tpm2_loadexternal: `-H` changes to `-a` for specifying hierarchy. * tpm2_load: Option `--pwdp` changes to `--auth-parent`. * tpm2_hmac: Option `--pwdk` changes to `--auth-key`. * tpm2_hash: `-H` changes to `-a` for specifying hierarchy. * tpm2_getmanufec: Options `--owner-passwd`, `--endorse-passwd` * and `--ek-passwd`change to `--auth-owner`, `--auth-endorse` and `--auth-ek` respectively. * tpm2_evictcontrol: Option group `-A` and `--auth` changes to `-a` and `--hierarchy` Option `--pwda` changes to `--auth-hierarchy` * tpm2_encryptdecrypt: Option `--pwdk` changes to `--auth-key`. * tpm2_dictionarylockout: Option `--lockout-passwd` changes to `--auth-lockout` * tpm2_createprimary: Options `--pwdp` and `--pwdk` change to `--auth-hierarchy` and `--auth-object` respectively. * tpm2_createek: Options `--owner-passwd`, `--endorse-passwd` * and `--ek-passwd`change to `--auth-owner`, `--auth-endorse` and `--auth-ek` respectively. * tpm2_createak: Options `--owner-passwd`, `--endorse-passwd` * and `--ak-passwd`change to `--auth-owner`, `--auth-endorse` and `--auth-ak` respectively. * tpm2_create: Options `--pwdo` and `--pwdk` change to `--auth-object` and `--auth-key` respectively. * tpm2_clearlock: Option `--lockout-passwd` changes to `--auth-lockout` * tpm2_clear: Option `--lockout-passwd` changes to `--auth-lockout` * tpm2_changeauth: Options, `--old-owner-passwd`, `--old-endorse-passwd`, and `--old-lockout-passwd` go to `--old-auth-owner`, `--old-auth-endorse`, and `--old-auth-lockout` respectively. * tpm2_certify: Options `--pwdo` and `--pwdk` change to `--auth-object` and `--auth-key` respectively. * tpm2_createprimary: `-H` changes to `-a` for specifying hierarchy. * tpm2_createak: support for non-persistent AK generation. * tpm2_createek: support for non-persistent EK generation. * tpm2_getpubak renamed to tpm2_createak, -f becomes -p and -f is used for format of public key output. * tpm2_getpubek renamed to tpm2_createek, -f becomes -p and -f is used for format of public key output. * Libre SSL builds fixed. * Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti options. * tpm2_sign: supports signing a pre-computed hash via -D * tpm2_clearlock: tool added * test: system testing scripts moved into subordinate test directory. * fix a buffer overflow in nvread/write tools. * configure: enable code coverage option. * tpm2_takeownership: split into tpm2_clear and tpm2_changeauth * env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option.- fix build after adding install-man.patch: autoreconf is needed again (sigh!)- install-man.patch: even after update to 3.0.4 the man pages are not installed correctly. This patch fixes it locally.- update to version 3.0.4: - Fix save and load for TPM2B_PRIVATE object. - Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size. - Fix --verbose and --version options crossover. - Generate man pages from markdown and include them in the distribution tarball. - Print usage summary if tools are executed with no options or man page can't be displayed. - man pages will be shipped for SLE version now, too (pandoc dependency was removed)- disable pandoc for all but openSUSE, since pandoc never was on SLE- disable pandoc/man pages generation on SLE-15, because pandoc is not available there (and adding it would require two dozen additional haskell packages)- update to version 3.0.3: - various changes in tool options - man pages are now in section 1 (formerly in section 8) - tools are now installed in /usr/bin (formerly /usr/sbin)- update to version 2.1.1 * Potential memory leak fix when tcti/sapi initialization fails. * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read * listpcrs: remove one redundant call to tpm get cap * listpcrs: fix for unsupported/disabled alg in -L * build: use supported comment to suppress GCC7 fallthrough warning * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392) - drop patches (upstream) * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch * tpm2.0-tools-fix-gcc7.patch- update to version 2.1.0: - dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33 - this version now can interact with the new resource manager tpm2.0-abrmd - Upstream changes: * Fix readx and writex on multiple EINTR returns. * Add support for the tabrmd TCTI. This is the new default. * Change default socket port from 2323 (the old resourcemgr) to 2321 (default simulator port). * Cherry-pick fix for CVE-2017-7524. * Fix tpm2_listpcr command line option handling. * Fix tpm2_getmanufec memory issues.- added the new abrmd package to recommends, because the tools will otherwise not function- 0002-kdfa-use-openssl-for-hmac-not-tpm.patch: fixed unexpected leak of cleartext password into the tpm when generating an HMAC in the context of tpm_kdfa() (key derivation function) (bnc#1046402, CVE-2017-7524)- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419)- tpm2.0-tools-fix-hardening.patch: do not disable fortify, do not use -Wstack-protector as it warns also for non-utilized functions and then -Werror fails. - tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors- Major update to 2.0.0 - dropped fixes.patch, now part of the upstream version - a set of man pages have been added to the package - Upstream changes: * Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2 * Reworked all the tools to support configurable TCTIs, based on build time configuration, one can specify the tcti via the --tcti (-T) option to all tools. * tpm2_getrandom interface made -s a positional argument. * Numerous bug fixes.- buildrequire pkgconfig- Updated to 1.1.0 / 016-11-04 (FATE#321509) - Added * travis ci support. * Allow for unit tests to be enabled selectively. * tpm2_rc_decode tool: Decode TPM_RC error codes. * Android Make file * tpm2_listpersistent: list all persistent objects * test scripts for tpm2-tools * tpm2_nvreadlock * tpm2_getmanufec: retrieve EC from tpm manufacturer server. * Copy 'common' and 'sample' code from the TPM2.0-TSS repo. - Modified * tpm2_takeownership: update option -c to use lockout password to clear. * tpm2_listpcrs: add options -L and -s, rewrite to increase performance. * tpm2_quote: added -L option to support selection of multiple banks. * tpm2_quote: add -q option to get qualifying data. * configure: Use pkg-config to get info about libcurl and libcrypto. * configure: Use pkg-config to locate SAPI and TCTI headers / libraries. * tpm2_x: Add -X option to enable password input in Hex format. * tpm2_nvdefine: Change -X option to -I. * tpm2-nvwrite: fix for unable to write 1024B+ data. * tpm2_getmanufec: Fix base64 encoding. * tpm2_x: fixed a lot of TPM2B failures caused by wrong initialization. * tpm2_getmanufec: let configure handle libs. * tpm2_getmanufec: Convert from dos to unix format. * build: Check for TSS2 library @ configure time. * build: Detect required TSS2 and TCTI headers. * build: Use libtool to build the common library * build: Install all binaries into sbin. * build: Build common sources into library. * build: Move all source files to 'src'. * Makefile.am: Move all build rules into single Makefile.am. * everything: Use new TCTI headers and fixup API calls. * everything: Update source to cope with sapi header cleanup. * tpm2_activatecredential: Updated to support TCG compatible EK * tpm2_getpubak: Updated to use TCG compatible EK * tpm2_getpubek: fix ek creation to follow TCG EK profile spec. - Removed * Windows related code * depenedency on the TPM2.0-TSS repo source code - 1.0-alpha_0.zip: removed, use tpm2-0-tss directly. - tpm2-install-binaries.patch: not needed anymore. - fixes.patch: fixed random return build errors.- update description- initial import of tpm2.0-toolsh02-armsrv2 1714974887  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@A5.2-150400.6.3.15.2-150400.6.3.1tpm2tpm2_activatecredentialtpm2_certifytpm2_certifyX509certutiltpm2_certifycreationtpm2_changeauthtpm2_changeepstpm2_changeppstpm2_checkquotetpm2_cleartpm2_clearcontroltpm2_clockrateadjusttpm2_committpm2_createtpm2_createaktpm2_createektpm2_createpolicytpm2_createprimarytpm2_dictionarylockouttpm2_duplicatetpm2_ecdhkeygentpm2_ecdhzgentpm2_ecephemeraltpm2_encryptdecrypttpm2_eventlogtpm2_evictcontroltpm2_flushcontexttpm2_getcaptpm2_getcommandauditdigesttpm2_geteccparameterstpm2_getekcertificatetpm2_getpolicydigesttpm2_getrandomtpm2_getsessionauditdigesttpm2_gettestresulttpm2_gettimetpm2_hashtpm2_hierarchycontroltpm2_hmactpm2_importtpm2_incrementalselftesttpm2_loadtpm2_loadexternaltpm2_makecredentialtpm2_nvcertifytpm2_nvdefinetpm2_nvextendtpm2_nvincrementtpm2_nvreadtpm2_nvreadlocktpm2_nvreadpublictpm2_nvsetbitstpm2_nvundefinetpm2_nvwritetpm2_nvwritelocktpm2_pcrallocatetpm2_pcreventtpm2_pcrextendtpm2_pcrreadtpm2_pcrresettpm2_policyauthorizetpm2_policyauthorizenvtpm2_policyauthvaluetpm2_policycommandcodetpm2_policycountertimertpm2_policycphashtpm2_policyduplicationselecttpm2_policylocalitytpm2_policynamehashtpm2_policynvtpm2_policynvwrittentpm2_policyortpm2_policypasswordtpm2_policypcrtpm2_policyrestarttpm2_policysecrettpm2_policysignedtpm2_policytemplatetpm2_policytickettpm2_printtpm2_quotetpm2_rc_decodetpm2_readclocktpm2_readpublictpm2_rsadecrypttpm2_rsaencrypttpm2_selftesttpm2_sendtpm2_sessionconfigtpm2_setclocktpm2_setcommandauditstatustpm2_setprimarypolicytpm2_shutdowntpm2_signtpm2_startauthsessiontpm2_startuptpm2_stirrandomtpm2_testparmstpm2_unsealtpm2_verifysignaturetpm2_zgen2phasetss2tss2_authorizepolicytss2_changeauthtss2_createkeytss2_createnvtss2_createsealtss2_decrypttss2_deletetss2_encrypttss2_exportkeytss2_exportpolicytss2_getappdatatss2_getcertificatetss2_getdescriptiontss2_getinfotss2_getplatformcertificatestss2_getrandomtss2_gettpmblobstss2_importtss2_listtss2_nvextendtss2_nvincrementtss2_nvreadtss2_nvsetbitstss2_nvwritetss2_pcrextendtss2_pcrreadtss2_provisiontss2_quotetss2_setappdatatss2_setcertificatetss2_setdescriptiontss2_signtss2_unsealtss2_verifyquotetss2_verifysignaturetss2_writeauthorizenvbash-completioncompletionstpm2tpm2_completion.bashtss2tss2_authorizepolicytss2_changeauthtss2_createkeytss2_createnvtss2_createsealtss2_decrypttss2_deletetss2_encrypttss2_exportkeytss2_exportpolicytss2_getappdatatss2_getcertificatetss2_getdescriptiontss2_getinfotss2_getplatformcertificatestss2_getrandomtss2_gettpmblobstss2_importtss2_listtss2_nvextendtss2_nvincrementtss2_nvreadtss2_nvsetbitstss2_nvwritetss2_pcrextendtss2_pcrreadtss2_provisiontss2_quotetss2_setappdatatss2_setcertificatetss2_setdescriptiontss2_signtss2_unsealtss2_verifyquotetss2_verifysignaturetss2_writeauthorizenvtpm2.0-toolsCHANGELOG.mdREADME.mdtpm2.0-toolsLICENSEtpm2.1.gztpm2_activatecredential.1.gztpm2_certify.1.gztpm2_certifyX509certutil.1.gztpm2_certifycreation.1.gztpm2_changeauth.1.gztpm2_changeeps.1.gztpm2_changepps.1.gztpm2_checkquote.1.gztpm2_clear.1.gztpm2_clearcontrol.1.gztpm2_clockrateadjust.1.gztpm2_commit.1.gztpm2_create.1.gztpm2_createak.1.gztpm2_createek.1.gztpm2_createpolicy.1.gztpm2_createprimary.1.gztpm2_dictionarylockout.1.gztpm2_duplicate.1.gztpm2_ecdhkeygen.1.gztpm2_ecdhzgen.1.gztpm2_ecephemeral.1.gztpm2_encryptdecrypt.1.gztpm2_eventlog.1.gztpm2_evictcontrol.1.gztpm2_flushcontext.1.gztpm2_getcap.1.gztpm2_getcommandauditdigest.1.gztpm2_geteccparameters.1.gztpm2_getekcertificate.1.gztpm2_getpolicydigest.1.gztpm2_getrandom.1.gztpm2_getsessionauditdigest.1.gztpm2_gettestresult.1.gztpm2_gettime.1.gztpm2_hash.1.gztpm2_hierarchycontrol.1.gztpm2_hmac.1.gztpm2_import.1.gztpm2_incrementalselftest.1.gztpm2_load.1.gztpm2_loadexternal.1.gztpm2_makecredential.1.gztpm2_nvcertify.1.gztpm2_nvdefine.1.gztpm2_nvextend.1.gztpm2_nvincrement.1.gztpm2_nvread.1.gztpm2_nvreadlock.1.gztpm2_nvreadpublic.1.gztpm2_nvsetbits.1.gztpm2_nvundefine.1.gztpm2_nvwrite.1.gztpm2_nvwritelock.1.gztpm2_pcrallocate.1.gztpm2_pcrevent.1.gztpm2_pcrextend.1.gztpm2_pcrread.1.gztpm2_pcrreset.1.gztpm2_policyauthorize.1.gztpm2_policyauthorizenv.1.gztpm2_policyauthvalue.1.gztpm2_policycommandcode.1.gztpm2_policycountertimer.1.gztpm2_policycphash.1.gztpm2_policyduplicationselect.1.gztpm2_policylocality.1.gztpm2_policynamehash.1.gztpm2_policynv.1.gztpm2_policynvwritten.1.gztpm2_policyor.1.gztpm2_policypassword.1.gztpm2_policypcr.1.gztpm2_policyrestart.1.gztpm2_policysecret.1.gztpm2_policysigned.1.gztpm2_policytemplate.1.gztpm2_policyticket.1.gztpm2_print.1.gztpm2_quote.1.gztpm2_rc_decode.1.gztpm2_readclock.1.gztpm2_readpublic.1.gztpm2_rsadecrypt.1.gztpm2_rsaencrypt.1.gztpm2_selftest.1.gztpm2_send.1.gztpm2_sessionconfig.1.gztpm2_setclock.1.gztpm2_setcommandauditstatus.1.gztpm2_setprimarypolicy.1.gztpm2_shutdown.1.gztpm2_sign.1.gztpm2_startauthsession.1.gztpm2_startup.1.gztpm2_stirrandom.1.gztpm2_testparms.1.gztpm2_unseal.1.gztpm2_verifysignature.1.gztpm2_zgen2phase.1.gztss2_authorizepolicy.1.gztss2_changeauth.1.gztss2_createkey.1.gztss2_createnv.1.gztss2_createseal.1.gztss2_decrypt.1.gztss2_delete.1.gztss2_encrypt.1.gztss2_exportkey.1.gztss2_exportpolicy.1.gztss2_getappdata.1.gztss2_getcertificate.1.gztss2_getdescription.1.gztss2_getinfo.1.gztss2_getplatformcertificates.1.gztss2_getrandom.1.gztss2_gettpmblobs.1.gztss2_import.1.gztss2_list.1.gztss2_nvextend.1.gztss2_nvincrement.1.gztss2_nvread.1.gztss2_nvsetbits.1.gztss2_nvwrite.1.gztss2_pcrextend.1.gztss2_pcrread.1.gztss2_provision.1.gztss2_quote.1.gztss2_setappdata.1.gztss2_setcertificate.1.gztss2_setdescription.1.gztss2_sign.1.gztss2_unseal.1.gztss2_verifyquote.1.gztss2_verifysignature.1.gztss2_writeauthorizenv.1.gz/usr/bin//usr/share//usr/share/bash-completion//usr/share/bash-completion/completions//usr/share/doc/packages//usr/share/doc/packages/tpm2.0-tools//usr/share/licenses//usr/share/licenses/tpm2.0-tools//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:33669/SUSE_SLE-15-SP4_Update/fdc566eaafba8feb5aa6ef05b94e0d5e-tpm2.0-tools.SUSE_SLE-15-SP4_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=99324f4a28c524ed010f1070aba78cd0b3e7c6a1, for GNU/Linux 3.7.0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=2eda9dad679c452410d60173f8fbcf434efbf000, for GNU/Linux 3.7.0, strippeddirectoryASCII text, with very long linesASCII textUTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) R RRRRR R RRR RRRRRRRRR R R RRR RRRJp {( tpm2.0-abrmdutf-855b44e6a4a6cb579ea6df519f276a32aeecaf3b2d1fce143afa7ee9df0385c8d?7zXZ !t/ᐵ]"k%{f>6).; pC1]f&9޵ x Y<\rg],6|YousUФb3{O9ʠ !í࿽{OoKlPf)nvJ3;;GFG(4h"O-aj0!FBЌeRPkWQ !9_Wv{)Yף8RC?k*J@% 07Q\#?- *hTc RS&;Q~t*ˠ~Vj=|\@$i3 edi)[1dPN5;E 700$i@Rz}Tݐ2_!-tH[yrQCE:THk\ {PC:[C7EЎ#>p-KFpE}IoROʗ'x@,cr V({fпo-=PbN&F. ½Bc.0ӎBDsF}ΈY5)#fG-Z # F bv̴~X悘^d͕O0P8)3-Jr B튒1IՈ2!0Z\UX mv{ֻ,@ccR<"NS4o=J Q>~׃ մ*d~K ,gcoפłobpz!LV/8EԽI{P7=^\h='`rEУo\H->) MƁL @˷2dެe[Ǹ(w_у[Z݌XZz  d͆MN S0ȾVW DM>gD0KZ_fYJ44{I.OWOriaĕ ;e2I%,G(<Hk%QDXNo` H@Dcer55|8‚G sbRen> sfA1PC,5"ےW6Mꋦ~_߄窯mRTCIscvďYs]לKճW'0/eR+)WRV G629:w/w<+-_^id/ u9%lLTepŷYS%tuKO ] AdPp 6-" J,4ȗFϦf:L˸83Ra5J/ۅJW[o`ָ\Y;H"8j2Շ*6yͼɘIJFq,;•uɈvGux5TzE__Wف7Q0O,.ϟᒳnЋ>Ca9ak={mDNQx~2HhVJ; ɼ} Å)WlQ  h#h`}Sk{1,9CV&?E_'츘]Rm:Z ͱj~A?aLɿDUn,Il]םRI ,r!>me^Sc&4w63~7`W{ڰ#^R!O@ y{@${<>~w<"yMb^ʽcֆ# 7Hrh} SQM,֊wi87@wN#3[շ<94Az*"<^# 0] r\-E>aCn{dèkA{x ^Isbsׯ)fd9h_f-}]_oM2 oE/]Bniz̶>)rMZ! Fsk|'.ZE\ȑuVɛ]P^O 9.hv9qкd.쬋$>*< xdX[;R>6;8-k$k4ʈXI+n}Zwi>"jf'!tW֕H7S:O*~tAHZG:BNnf(/G8wX@3’I JM#Tr"kgUŽKЇ۾B"rgW#-DȘsP@\ SbƜH7hg$%>M++!|6ܾSK=&ǡnl{nmmʜ!$]-6n ( E1ON&c.؎]r]SOҭtј)πm wߒyݶlB)qA[ ڣ܉NʄMѳ!kn#,ADbQfLOYOe݂>eL_!ǍŧO_Hv~R(9@ /=qn/N?@YLlĜߍ%gct1?)ϗK_O+#Iꄼ n/ť\sT` KÄ*XE&V~F(_&Ry˗U< uu>L~=g^v,o\jyLIzhq*X >;F1 _4d.47}s.U.rIf+ccȮ"p6:zA̫kDf( ί\v{E`#e4q A |"`s?"?چND#Nfz0?6xȻO'IiΆT$ ˜x*4\@9>״`?I[T]͟Ju9ұ>gMZ"aK\'N+!V ? iy"7~#iz̶rM sY=D8$ za'BZp(^Z. Od9$Z;*0ii% ,Ev'qovϒ/O!nanG)αOT ؇;i%}4K7jy$ZMmJ9 b#w[nCo~ M,ZtuGI"jt=wWuY#jRdȱ=vhD*#U*8m0fPThMifk,!RV\ax|ֆDnl7lCgyfn(I ވĨ"B+AN@`=mb_Rq1ǹ0l{pq 5g٠ah y϶!.UD.m,H'` v5z}${k 6ͲMp؞+Th< ;֢i09 BĸHx*Yj+^^毖v]/; Xk68VN.^*P7<g 2YUI3i8VecO'5MYbSkB:3t uz}ڵlTШ uQU'qFq>kO%Ir kd0NBweŷ3NT?+[o{Hz~"_f-EO(cC7u-:VrL; `ZwRD/#U!V# q_څU#`:jUCsڇUG~=UǖKPm:$Hڄ#4XBKGۜfHH[IGfՀ)L}]ͅRJ'|7ܠ8k"6͂V>1-T"YGʛǟeHꍍ>֫S4zb?_ l&^faG3Cᘝky[(Ȓ_gDjs_g7MŵRԱSv{oO G&4Bܼ[pd)drd 1ce6]P:E~M,X0&K{Ł-f94W8cx"ȰX@4/C2M6YzpT26ziGRdV8.f \. * {!=GkHs+RP|A}Fe%Ny WbV*V+gQ5`lrcF1ܟ a(ے`#ȝ5Ic h/Mü+ et}oوskKrγ"hP0~|[6ABapdSIU:whBͨ>ݫͥ9@_+W( Z6(`JɢDlEv'~:gFݪ',AvT0$ v]a\{,[oa|Ok,$B%6Ec\OcAh؄yDQ/B?ҫeDE#v jqdD*RΩP>V1)]l@8M@4V-OYc#bSs6%:Sf"Zo> ӈdz#≮ͽ^dC.aO T<.Q]cukHhmmu9 TthFx%"w|e+mCL7H4Hں;9ԗr>hC~J2:05|'}Br]zzeQ=ri㠽]H2YV޹kRW:z}pH[0iA2=>/*oL+%mK/:ٙCx(!ɱ4xtٕ7Po,b| `>|vW-/m,̹S%SvEY׹3#rt:]PN"qpSeݪ2p O16^&Qj[7 H"^FƂ] VY&߈)eM]iHa63?e9ժS-&g c[K蔼``UUMk_SDp+o;`&t$G[{iW}Ll,x3m־'=ފZ}\z9ԁ,NT| u8` m3Nf+6䱞Ǎ0͌O]\h&Hۛ%]g?.FXMt.G#폵A6<(7\tcL|9_^Ⱦ X]Qr$۽pҰAYY+UZyN i)9dIvYkW-A  Σ6Jg;#uY5 3wV`O$\w)B67HoZ-B i^Lo຅);'ۖ Z?N7EUgŸw/FEm_e@R4r+/?rXY`:q 1 q뎐*}gNIX "#“d >Q<:g05I}6 ȫƐ̄ *8dknE> m:Fe%qiؐ ۶O.Z>z$x =|\aT=Ҳ"{}UI]swqO* нڻXYk᱌8 #eK3ݜ (-G ~Yձ=c ^dPTD|v!N VvHjcnΰ rrgyQ?x!} SǪeiiTu.˟Uwr Msp;KeY`JZ}(ް?omUV@w; XG Bf5qdn$y>QCeȎ4w6? <ULV3=*YAcȚ‹f\Û'ZqB@u(Zm$o9 I CZh)%žre *OFdcءW1N4U_䮸ſ7D $1+g7.SO5[CZol  ̖$BP~ ~i;5@&ľM,\kl DKYӕ:*z^ b=\\^a7 ܇*YzN>N"g00EE6! s!fW kNE+v_/ނmqN B׸O| Ѽw8pа'<)\EgbzEG;賋6J0D^2'L qNEA_)oP:U&L-C1ڿ;ZkgLܦIi jۅ {v/^HL)+Y\d¡>pJ} ;<~oiwB=I%~O7y4e/*ǍD|eMym4xu L,O;[sX+h'ktxMX,\Ex$^iC|3 ("QpOߣ?&D[GaJf-mV#ʍ8H$u‘i 8e_B7#ۭ/J DZC0U( AĉH3cB Jm5}Z>rAafX0 3¥9#̠Ҋ"TTZ̘",4ێxCreν܋ڜCh E^cFq6QZmPr@3=8=7]@7>iBT˗箣B^eg4w%hр $ȆrAݥ)7#yͥ Qo]>MK~$ ôElh 07feyMO_4B10 V^[?H-c(kPhq}۾4k,׆s[8fdL"v3cAx|^2BI:ehTR|F$) }u-v9Dm p(YxbQ?o8B/Hhp:5T`47 ߜ1IW BdU0v `݀~kZoX4iӌMJWz} pgi>%Nꅹf9WإzDIHYj/[VLˀgE 3ӲXF}PQP^8Z-z2m1vq97,$Ǥ) VU`z ]f qkg@b$߻7k8s۬6q!q,2}PZfvNԣЇesh,'{OX +}U9~Qk(^ 1]= Cvhe3ဿH( / yCHVHIX' i \X`}GLR@g8--இg|^w-f}#zL 0Xj~Qvc&, y;1%žl-cah.0]f|l]dO8 JBJČ&e]j=^ԑ0!L/Yge ?iH! 'y ^HG.l|W"#׹cmIR(9BGQɮ3sk_GD!{mdWJؽuDZfD.UXr{ O4i #Rֶʋ LmJ}F5_q8B*cha-ӮBT>&j w εvV>(c݉R_zӭ]T~ "ț Q]BOEY R7m4V@Úg q ,!gP XlM֊NRZ0犓+gE%zj{hp&6Crah5X#GLY\)sU'_/x_'wG[p;QarD[~ e>% s p_GmP߿HOZ:@AL9@ͻ9.h;.? Bs>}PryqrRsKFEȎ5TES>Mwvp<]'Z=4{,;wtYaČe0=#֮lkiRɁ.?MF/m;X;oy6_&98.ٔ*mM>D~jy @ .pM8(d>B6U1ԾbŐE{?t"F,ZBT{avt]Ԝ=pǺA:)%7~^))̴`x[5ֆ|m_C6;AwnP.M{S}&sJwJTt%X9TA( 侸e3g#"9T خR#J k- BF 2_4Ut&[C[5r GT* Eƒ 5>z+# YoB*_@Dnv5wœ+DhK:3>r|ToP: ?>K@1.2/Źyؘ.܂KGxr,Mln s 2!;3j&mr2"cymB4B0<`h+; CH{d!)'nO1RYzffXMlDz$P8_djݞQ j'@E׍GSg`gFZk rI[R s34{ :`Wа~19Z khg#QuQ!Qbn墨tl*HId+r*;*IN?^|]Xw6n&Ťx"U q:gx/QE>[9i[Еc(XNX`wz6oDNTǼcWJf葽KGo`TҕZ-B,"a0;![E6ء^|~21COυESo @-Nm7,8v>7-V 㯚Q) ŏN~Nw)a_7^H񈭩yH(9[JlA ̎'VyT6fW w;(Ǘ>Г1R.{IUEtfN`%?KlρͿtF;OKgrC2a4غ1-%@ՅVy$Ē <ܲ?xS_\&vxNGS Tp)!? 21t ԏN5-#;SBv!1l .C[*1ƭ IcK qpM= pMLn& rfxΠl$T ǗZiD +9JOj92O9tNѼROww&%ez:Va^e]nAN/ɳ]{ c%n}d? (eSÈb7낑5\yl*<RqHY_5/2 >O_YD&56'>{#X;{ =M2Os+bs!^ɞ5ru+\fiM}L]q#L̹( Za-;)_9گ!H[jMU Xs!",iP-vBrnue֌zd͹LWG6 fH:BOr8O?d[ ~!~c}£j!Oz)C "SӰB#If 6aDy+' f샰ye%5B%בsj3eXv2e9oj˳}xkpBr.Ş STxbAd4d\ωSCUۙk.''eV @P>5tl|[`乆#yU.R 5kn֯ds;VŸJhHمZڄ_ t>LX ȵs6{.L%_s&G!&+\ndC; Bak&hk e9><>TywOPZ侶9Ǐs#s9ˁl!$p rS زL.#co% <:GU䂫oU|Ny{<ӲG_,+69E| VsĤV_O΂2`@PP60p}H.'jYL"zet%B:j4k̲ԵƊP[_v#U(ʴg9''l.w O99~ʸ$J!V+&'Ƨ)N`'wzJ_ %\\]؀#w u98l˝LtcIgΔr ;O s<67{_.(C3GJjb1Ǭ/;+\xOb cwL 3lk 41rqRTLx C"Cz>rjKY6 5N1o삨Jh: A^)&ee_Յz(Vld@A_ù4*T!O+ rH"]LzFXm.φJROv(^WjFM:u-= L>{$Us0H^zKO&Y:8R[mxv}d kҪr}eGI>"mhCLq h OoJ'%@b\h5^3J?aw"/XdD0Xuk4EwK8i# "cE!.q L`7RZNn6[gV e10lʼ1۶YE8MwB,aNu&m)alD%4VjOJ;4V4KPi;~H-\'|AbžSar#^[}Opk<2*v}XR@#&LK>ݫZ.s;Æs\>Cp(2A^z-%|5NPgӥ{FBAYuM6(Z]KJK\ Pܡq,ׁ!nˍúX4bi~D5'*[8ހmO(E&̣ckBGn>Lmς~R3*oLȋdV׼g#@8|a>rQ;rA,Xk*ٕ4\,As GdG?d`VFq1Fi+7o] R 1Um !*mh ;~t7N@S[[/;OesVJ!*COO 3\v_Ϻ&75 t õ0jİωթ./~An&ZcA DH2~c89xO0QT߈2wu {2OďBAJ06XY"q@}6U(g.*eS9+h%U,zd! r^~Mܦxҵ{ؐ|+;ubН}iKP ;+>6L gUm"x;' Pxk'h5]vW֕_߮nAxE/r</x⮖O/-{<$C&Ztָe~ =`dv2Ao㛭~0S8{ T17Ӡc.9Dn济-4@>dWE4ÇiK>L;'}jM怋L<)Y!7FFp#~a(̦t_)}@zRO#ޕ;欣3CḁVUOӼ}SMu{عJ(H-EBƶ\(lF\r!nJ9pÇџj o7С#[)d! 51ˣKBIG 4U؋ L `MyŖ6t#Z ]VxZL\PHk`6̎ Ϩ8enkЏe&G&2Q7I뱐(ØV'7Z18LP cI=k8!9L)wвiuGO+oc_Vsh lWz<'C'3lE 5HvbPwLʾ+뵩'Jh%qWGw3gL7vy . h'23̝䩾%Hb!@3g,j4voB*Lo71@,4joS3`xmsEFU*]6ፏ UHV5kCl`k# c?vJhEj?7zbYvZ*z8VĦt"Mض#G^{q4KLw!⻔igh "~8Ms kivk#hZ8Joau`#V}HmPi,Č !,ȼ$g[ NWEY2@~N֝Z]]U|[r,OD z0.7a?pi@԰%0?`G2UË́nJ0 䘺H0|ƻH릓uyQYqXuFN%i^a_1|t2#0t8:l|yd]yE&m[/ 2'w#P~<_E,J:a/`Aw[+0'!s_Pe?AvΨ%/ ݶL+-a\6cg1G/Y6'˺SoBHHw -U[f!O\Kn<JP)~ܽ3prgR=-'ff)on7Lwe~!k$RمȆ*鵅M\萦HC5OlErKGQ-3 }<A) iP_@1| dD\IMCL@Rʓ?.m}Fr C|v{mwhZߗn&rAȤVP2ETG;C㪦Dqqs!t" [AīYfhȤ^MNƒ[ I&k&²_zLA츋ݽvځ-@Kxu9ĕ[:u(ބސDUP[jNqI( ƕ%Ů@tU%IBKɠ2DC؞1s9fdck$=8%bVx{;/~ /:VU̩dE5Zg@S|VbPeLdY/jy+6x8{tm(h_i1W6̉y+0G%Ϲˏ0~TF*ldX(hKlcYѼoþtM 0 AEٙm70oUQ?@΅)A"l$]E)~Hefcn Vt5A.ډ<#88/҂%FeȄeV ,(j9e3G( %ZF{Ʃ't?Ʃml:*Z$8*qCu6M-xȲJ?(ξuj9,2)9`}A|wfUhcKEuX3u/ו$j繂A~Ÿna'%qJv`A_ɌK&- Pːv6յIXy!elm]+ɿ0S9f٥n\؉ZV;,Sy nOOxB3};t/}w/CP۽rt:d7*7?׎ # Aѷ;,wDj$:=E-!ƋȵeI<:Ss`idwZӭ} nj\yHۗ~5o"b `3etŹ)jYTtϣxzx";s-j_}he" ,@A1Y 143cl'f`03/-'EW];8yLSEam ؎ZoJY[1h&}bG$x.aDKsK)iy|bk}?EH^5ݙpL;Y^bNIӈ0|L`dpy[rZ{u$2)8̠eA* kWۯJmI,I.iӼVHj+#%oC9upk|C ;* _@9B.>L=W\t🼹muͺz{j;NhO<b^{{Y6>B@)lA=/.I#R0;TRJǞFڀs#QŲ7v}<)/2TH}ivnk#*`H#34;] R_xEZLDA=xT*Y~|W%: Tm^/C\<lH@ؿʗx/gBW9FXޑ Ʒa 6 Wc8k/hO7hʬnTAKhjt:q171`)nViJI| . (,CYƏ3L!sR,N;-QL$3m#kzB6j[ɋzT;kYst~ Mοeo[6nFNv,ev! 7#h5^jQI?gFܸ]jUrr.Sκ;[O)`?<&0k+䭲1͖n345=ћaf.$4t_GڞC @4EЪ@?9`i",_ WV j4v4vЧbm]g^J+26t@I޸Q95pު9_4$- QH50o NFOFhJ ;dXݦB55sLQDe_)`KB<~m>z  lP W j`_ĻS^jjkCxnP%l'DAILu+g7}A~zp<3=fGgK&|7oZs{T{|Md}at3g`v`ƝMc_UhٝbWK(Y"gLq}n'HwH63o` 'X]^޶4x/ڈ]JpP.]TeS#z5g̛o#c #V anL<6˨FMo{bZ{^LlƝsV>Ӱ܈0ms{Ŀ[D5HɲZ*A9-V]Kxq֦d.fDE-.cx߭Xk^F#NrL1 6OmI%U%/1(i[^R|vy?ptKؘbV@_:.?2K}z['_R+3i?i*%a>Da9{:g#2u/H;Ƶ-gu15b=J޳dY% K<)+)E qfL*ߺ _n¾H@܌65NNoi.F ^=5ȲNVVu!]+NTD}MhjP?W*|A"۴J-C;HFb3_: ?Iy hkO 4I+p)鿇b9 !2eN +ٯeN`9Z7Ɓ ڗ|b^ר3t-EߩRMRp.pgQwCk;1:jp|W*UG@4#MKUa+@ܣ|Vv.&YbSD>&,RKs"JYzU,"[0!_mH$'1BM>9 [6E_׈ L.qɳ6g{bu;+h_^$Ue$zCU㾈oǾ)txo %".e=Y \ }^:<[䡦^4);RZzdx;87>6g~BUwIOڪ?0ONryG%r\ nApOis5AdqA u(R/Ńe}?@rNRu!z?$KA)iJɷA ;ֱe#ӉH`~&} X{8w:ʲ7|[)(F]lRi SηBx%4-BO 8>rK|>O_ NQs7WՆnVI:o2ݽ? ª% :BEO,LJ{E1 &UN=h5HZNm.{lLhfxS6N <6"C*BG[T|fgi^ܣNĈD)I2o:kIgfCBڣ̠Fg @M{Zai$%'Z;?ob1tڰ2Ow[' oz%^p.b.FYVM#!BZ.] PFqɣDd8y&j?hs*eˈh)d8o^M{< 3Du}VA/TX c#}HA%e֕oR,K%̓VWPXτ.W2#brK 0[&D#gqLҏsLOÎ1,b ~p,җ6DZh^rwJCQߧ)Y!E$ˬD)6Hz5;?_Xt=o0Oj ybWQ Ϙ0;Yag3[L\R %R69!CDܧ7;bà '/V8=xJySi&ne>g7B'̃&VL\r69kk /iH kqUwJ@G -)~ska1"kBY V^sdު`ظ!W*e+Hʄy+f_d(wK;ut^[T H6~KcD=ω{֜8Enf*h_;ҽt QomF or 0m#o0L+DQၗ2VR#0c̹K)r6a!N&o=cf=61$ynҝ_ŌEpQֿh1Hz5+uyzzC:k\gGHBֶgnhsAnxӥNU3dUwjT3+N/(+[L!]q^=_fW՚79lkE6FD#`?<ſ5n!aq",&#rZОMp*& c!yPK=JOtp-:zڼP` 1Rd:@Uʦgy40,_1[졓JZAm+oDsJ h9՗z?}ۄLUQyE2U{ 9rjW5m۪#A$}$@f(#]ڎs #R]C{v(csQ;dM{&\((BK Hs<ccfc j1E/OE}>Nb#fn)p"/sAv/|6?%h4nάpoz_&bZkqDʎ/ЋS q^N>^B+ % tO.2{3ԺabìDW& &%I%Ֆf@fz] IO:4&!<4tn?b{,{l$QiiRR)(I?u ΅n{+~u$Vf(CAr4F_{asYJF::\_dne=Ê-"֡ JsDC-) @@0HaƖ-kqځ798|A;4#޻֐`QH鳢[:.FOR`pOA 0rFwY&=1A,s"OUxcTT)|;M~KeP3]S$mŋQ?Юߩj̰8УէQtEYh~X< IP<{; (&=fkηv3 z7D`g{j6Y7HF͚+Z@tD_ř̥֊*jq>^m> kf܁o'bA"|o]dN.(鄭^nL7,9člkɺ f,^IVjR0!|#n%Fho-`TJq70?kzAO2&;0, )DzvSkQe'*ZdRR 6͎֪2JI K]YHA q>IUHyj/kbD<} œ)t՛7]Fiy+xT1Vb~1? Жz5w.?ѐB:6uuo8H~߅+Y PGWH+q"K5; '*VcI2P:h8h5Ww_D 묕4X՞\v%F PߜC Wo^>q(7){JK+EtGt|`5k5( &|̮ I_.vSn Gq &axX4[x72r䦔G|{FGV!|plդ,b[JA‡7T!哻.#vDfB`R$q(`ηeFuꗀPl)دxђa ;"Qg?(8d^jϬ%y$?Ӧ ! kY I8}k b >Fl<Ǯ@Q?Nyux+3u Gd/ըA;c5QGfRB@m{٥$(g FZF@z^3v^+/Ps&q`+[ƾt5̨ Ҥ1 {1?o !]b[d >2R3W>Xxz҉bURN2l6ӡUg_5FJŽɱw;ɞ ̭8I^ueh\9vP՗Z8Z_ м*f;pNH̪I By^Y>slEeƗCK4ڶ OՖDwH+Qぬ#eU)0u|<,f*2پ;3W' GHG_ z+j8럹O (N'FJǂ9@ Ψr;\>- ܹaQ.,YRQAZj';>=%| q` lazB=Zh*n93~ KRҪUz^(G=ЛY">z&${] gPp$YׅA<|Win%Wqf;I!8xxJحxnPuSkLRyGVsA x.KR^<ظP-Kɧ2B@{x[;SrG^&ꫵЉIM,ոiXs{[5~!&} KurF(ƅȯKXUXh'z|4)DqtKΌQaJgDx?͏ H5HBEns WoOB#䐪J' 쀐aW1-  *g2DW=}J\/tz#x`^:ƫH/(ҥdPa[d.>Ӆ̛wy%yGNRz)JT:*WG.)>IQe?yVpHnXtWQyع'NM`t+%`~ !+}QyQGO0(V;t>p VzH()S$Q{f8w0^4%TS.4; !Oۚ3[UOuz2?O~̻w!Qmߔ"+.fjp< ƬCI[%@2y{2.3Uy?2rZ 弜?F+{Nr_)|'u]lEbNnW)EҥO[8s2P/8'v3>$؊# EK>]GOoxZfE BW|57F5ʵq&M?7ʕy]by]9`~"gR_cBn QO%i H%%9B7tzV,X1x\* %::]kIu)\fYMV)BSGM107ot%yr ̸XJ yI="M8nJDUu'YݧzDU$UNEo<1|0 iY]n֡$Uc闺4Y㻄WVUf^C9>Ӫ5 A7ȕA;Ma=RJFBTunqTJ3~5Hw2 KfORX| 9cǕSl;&1ЮAaf74XLgi9?4U0Mڡ<iJe[={OIf X2 椊ߠ~D*+c *"Qh#bMNL.Q~f.9ܧJ1a>|V'qIQQ¨\`?bQBb?$sWejFa fF^vx= #57ZXIN4QRUȽg߬Iaݩc0\eQp.ƕoUm1[㋫7PF`,L]FPw^w,a2MKTbIY-@CRJ>4i-egu2Ndz.&Jz"5ޱ%آ%y/ٳDiu)xb:H4uPcEKgB2un)ݝC\(X:&sj5&4$  GE*%u#L; QlD3O_^# mN N7qmM;o"g EÍgɀ  XrKAsB./uX861 6 Pt,C%_YeHϵrVۏ}훒Xc,CFiUQ3?s? \ST W'8DgpƼ8FGxWq0}k nN̷8#i s̆6wΪ1ζ  PG)/UkVJ)|?z?,r*8B$xFJc"r%YA }9n⼽! Tן^8;X;|}9h>I3~y _LhA'޳\*~-9~ CHhr<睱?(;#Gܩ\|ŊԤ D9g(%WIǢISI&Z7/j܀ۗLւ *e;S$L#9TK8˹ =p~/پH /5md|ygT auNc=:[\Üθl_!'!MZaP,.Qk=K`ŴGq61FVOi l~>ʜIFgBZe ȃGbFm?GM00Pe?(a}&)$(Ebu-n?=Yħ66"m΁xo;{ ´{sIr%<5bTiNX-ިZa)j3(n#L~~zG<)} Ï.KJCpvk(ﻯKBpmѵjlGOHӤb+&rTUٺRP +w~{8dK^? 4qpnf>n$0ݑ[5V|ē <[) Zʙ';}lduA$\ܛ[0p48ԃExܔMF$>}山m"/uꜚ*A&^?*$Æe)`jG#i9L{mYMغEX3'0Ɵ6%x ٛm$ y^z8 7_mot(b?O;_iΈH٫P%mc8vjH8Q%{:?NjP渲a-iI@=KVJԯ$H J @q8C8ܨCj짰lϢNA 7TO3@>bzm8qHEX:-m;.Id? "tg> da%,fGG6}.`M[,\ޟ)Sq;0Ο7瑺DZ!O. A_UC*:L/VөHus oHYfK`V!6\CGDOc褽;Hwc[TL0r9Eh|r 2gTMךuj &`e֚R,u3"h/0t^Y"iUqݫyo48B æ31m՞u3c)-+ cN8 OWa#Kv+uPpJoeXwAf`uD(+pAfAoYJmjhtC[IVb'r ɜW{Xt8ɉ`'ʍvOO2"iVWzmGM_̝rOCN`'"6:e| g`ٽsj.*vS8p.[K^@wB`Z#OeF]g3hTan08C@?db.<) I] \ypHTxfyERel槊2 \iV[$xs"`8lٖzzp{edfO0cS%ƀqtFʽ*Ӏ#zW-Kp&zUXq_IJ#בvrټBϣE_?]җmq6t ӳpMG BxI"wၖD9XKt>ZAXypL[@ VNiYXVfdxDRٚow @o\*3`SY2CZPk؀򴥕ɖ\%ϓ~nܚ܆4P|ULceKwa ~SB͏0Pp, j;[nEᇧ0}e_6G=;!F&MuV{7Y"$Y֊#5ZrbWLeJD"H#͜cLL 覤JU+cx144Q'"Ҍ_848UY8]Z,Y_-wp`r^0QW #TWެf qDA4fklnhԝNL8L.po؁DԴlg*vT %;}h@̃W@*fy_AVIfٞo}sЉmkw}-Ķsu^P-[|4`MG)rݕLLʀcE=XWH2H8n Jqڽǹ FM=e~ _Ӕu~6whUO%> ڰzֲz-NGLO(.r'F,+P*瀒Y =>ݡO+bzgFlGbyU.) 641;O:Z -J9)Ƿ)m)LC-gҗ[].OGu?oCXJY90w]3S &K$-Z_ DJw<5Ȳ>5"y}i48{V*H0h<9T31m[}R`zDH^$5 ,^DmqT*. WNj;Gi^/ cj8ּ!~v] 6eⳙ13>#[$P ({j0{] K#M܋\$Ҁ+"Jfw#h_lc Y>)'5Ml Y͆.~D*lZB%iĐ?"JZǢ2aM(3_A<۞ nx-zh|Z+iFd2)de'6T4km;.ݼuF2hIUyyNO(Sinxig⦓QgtO{m7Map!No.Dr&*f)Aoa\/'JPM:)"SCHh^Z܁3"v?Z)R ymui 썴菴U4 ,w`*oF.'F"%Gbx0mv֕.i[; ib/>Vt$w>AW[Ȇ6~a)USZ#39B$(+eaNjE{Ƥ3w_uɇ"GQY}c1#߾AqA^.Zz.G6)_k7=|I=Wmc}3[:肳ZX?$K0ؘ'*+pK#q<2 g[  &SvLG2 .-`VKŒ݃V(HX&)/ۗǙ(%ׂ 5[+Of "!gb9)I؀ޓI)N!rT\x^$pPx]4kEcdF:VB}hY}cM1'4{$)&%=- IeFI-'cT^] ʆmW* uyZ AmGSx;8=И3q=BT_}%Fp6D >-Xr+lK~Np)1 h w6+<ʨn޽%4*XfXERM{%!{saG* 5r3 м^^L!|BIؾήI&S t%?'ڻ雺$՜Z5Rt,{٭Hvyjέa5G]-` )iN|5$xJ? *q󁸖4ӟ~B@V +Cҹ!7,ua[+.8W쉠LC ø0XsF3K/y pm}j"jOcKpiE))j<ؐHMCނp|}Vp?H "tf:l@F0L?$p\z:b(uoS7uqYe0=CuA=$*wuu'ν'f̓|n7A -(%-4,Dz東v6O.8 |$c.=ĤxyƦް=rMyV䭆!kO9Kzkq1]\[Kցz܃Q!Op.WDo*anPIpOvMX86G ZN(9Pk1W4Y4*SaH:O]Pe#힂bv,e04~]Kvn$74f݆XyD|!Pȼ: 2BF"12+zC+`l%[@qnN /&_ -#/+Y>*kZkt[UAʢsD 4P'?%U#_Zpϝ6ͳ4s5Bi= xݚz֌ht{;,'߈ m9k>îg3ո~ GҳyΆT( $JHC/0EAȁ!$cxlϿ5sO9RI0gXF'UjI)[!!a);\̴EvelJ lQ-+$Xpׁ@ :HrږzDa΍C_FSo TZbhk6[aqϰ.;k.CWm2Ww@u MpE#V'kMEfƇVGK5pM&¯u"}.;iy}7Z ڍ'\+&qdU5~ݶ 鬺#Z8ڝp#6) VVȝ@ 1!@իF>i]+Nïu?ԮYpxo_%vAwqN)zXhNhL tdo_5]Nr)UT]*ttܵ>Y=&c7"ʟuUMrrՐGр@Jom6N8fQ s:AsY >Ss}LK0x_Mb Gm<6UIע WZM@PWL;ԴtF9t?w Am9/z񻯏߬3wep b'69BnŀI׾1&p8+Ve>Q_>HrO1|p,nZ +pjI e@Z06/CyǠ(2թ_1oH|[fWYzTц~/)+RH61gi^h`a!$>=[d7w2J76I߅z3q1I?z$,sMM`R"|m\f8aJ cf¤'`aV/sMcc@0hv;n=lp %I>+**@% טJ7 @?:AM]#`>EԚ9wGa }d)Z5A@™I6̅"]gr{7jW3jy_s7UC˿FQ([U%z:q)Zuc8 |R7)t9Xұ@MbZ[[ʼnZS㙐wV(SA SK~ _Z8@RF[T{3u#ˆ z\ئ}^Փoq=h:N_RDWNҦ32dz¡8|TX̧p܁(jAGQs03.9% h֦c֔xhKnĹ瞷@U+jxa+(VtO6 ^B+,f`X1~IE#HPgVr+n5ғN!wkT#m?|Z貤 ?*뤥 ؟H5K*UEH! BLKAPz-:Y@Nj o`ǎ>l+ 4H8Z_, ]y'>^"N̑;ٿ:&[J4Oks;Lw ҠJA[Lya{miͯЊ4T{$WMt* B"wg!w6Ikb ϲ̽C͋H2_ap<""ҍ'j1;mG…cFnFSDI7Ax Z)ggRf7ՙ?%NOn^\^դyw+mEqt-f1ē"vCJLG9]\ISCGaeDr+(WwiJ8`)Va3G8'JRs?0|q?-+x~~0F,! V4w_>$Z HCJ jmu>Yfd^2FCI1A"I8+4-K$a'_QYPNUCxнpvs1 pEp1'򨧎;XStv_w}Re?;pb/GYʫ)C:[Aj }2q;&ơi?Aô}&'~b57M yUH,򃣘,S]UmIOvfaVCB=Vbxꪆ\n:bD]xQsy3pݴ2_dM.^hu,c.g% L OJW:p3=XJ y^eW;<^|5008;|a+X7eLYܿ>O[ AٯOk'p"9Yu #{}]`093.3Fm7"H,5$e)Wb( m)ؾN_o؂vazH)ξ"ΓqKF\mTL;s~߂ //E$1$/?A?>flђX{NUF%hx=֠@"8g[$V8%?4/֬BtU3DÈ]( /UiZJ'NBA2Y0aZY0-As~=#b9_6󩗢Oǝ/l]iP{mCX?[%FnO$0~Kg¹hp|r-h{W}CF-=ܗ3|qA~86j>m* X^AS(C,9ŊE o=|Lh9SEË)exRJpX̟N=8,Pȼa(Sӱ " 5GۦrqmaXH7۳};D Oah~1 tkr'Z/֮ h(D*GbQJ.gg*ݳ롒 BSi|eZ^GoO^,Y+ jGf:m跬b/jl˔k!F0 ދWZZ~ xb 4gZۦ&8rdX 0$_NfTxn(\qV7U$}Qw8/FkP`4+&&V0=S0yTX KC (pemw#ӕcoJʏ;*PLS;~=%ϼcR۾CZ.$ ̊.TZh{,ŋ7:ѭPGT a Z0c;?NdRNimIjhf eRYC1#{xC#+Xii(`Pau-꤈mPc昘rS2-pGOw'M^pKanKeKuU׋i|tk 5(ԩ/xv:Ԍ *qp\:$ϿR+gKJ|0m"g+m_S^w&-GHlDԹaLQvo &yG=~~G)1+u"Z #Z \JCLw仮vm fLKWP3vcw!%?a2Z U/+KͲЧ لO14A 3Q(ZNs rFx suczԡM N0MSH%1Ld2p5"֌U>u3(> t*{Fn*[-nN Q* &ęSL5|!UĬu[m4Z+6DޮC`q,Re FI(w F!پ&OT1yq{v:llv3T# _0EYbQe,#(8B@w76'!nhNjiH& 0.sU Jpŷc'Dj}h2V, eBMs䨛#&)FǕsk*,N*UQ |+[#YR7ʐcON*AMJWe]oh] +]"Y5fרѣ-f2[妍N(iUUlKrl `}bTޣYj_pSW1 F*Yڡu'AlYS[%:Qв"iSsz`^LՃ䤩ïqU$IoOt,/\h'g?<UB-x`j- 'zfN[9+jz=M T<"BtOK/lBxܱ9R^)27T.7<;`08eE:pŁ׈N1'xWi= D; .3F3f?{mٯVlcKiB47b+qyX@ EfL n.99Fh`2\ j)LZsټЙhAܕՖp MSnLQFJu֧>k, a#g-յ%/E\2*rFlsp0X^o>V0Ul(U${2; q@C-ΎMԫKj|'بHS4xH{Ff12\J˵RC ̹ѦZv%ཅeE&|ZKrǢY\G]n,va̺# sg*7`c K7uBojM]?MZJI:цZ_+ 4‚?guvY`KYՙvϬK`U<3HAzܜ}Ք2r7Aߔ_?⡧dґJdiW|ߊXBSE"32aIB*JI3hM|LHezɻD9HXMԼ[i||/¯|=HɀXnUr!jBz)CkE5(rɜs5A^ N>q5n7*k"OE F:.&\e2|Y:Z(?1)bP>^<\э-~Ó~g:9 )Od>/7Y_ 3[jثtc *SN2G5Ԓ8j7<:2m7'Kb3ċ#oQڲS9>Q+\{*k{QmB/9i/tM JF{ K(6)6[5a;ɌH6}:vj.U^d[{>Z ~=|=> -#=FS6lzs|ؗk%ظYM1aBVm<*f/ր6rly Ψ?w1a;B'iE6HY0q#l1ѫI(yF!t̥[p#7$$xd-z N :5O(0omμQ/Vl(K#.mQ#`_ q,.E#_Q?ܕdͫa+:WgңHдlc$ tiqPU{3>;wS TP 4HTRZ_ \O;. բ qk3FV+P>|) /wxὟכN`I,FPdBYS4A 7 |e㳕hh3{kM[ ! M+}Hk e+>#nC~ OY[p|e׭!~Ipf6MeDX&fXhrfInzy#4J(wNd$@ "Έ?E{&<b6*dkibxߧ(&ߪ;iKjʉ|Qpx8P ;I%K0,$r /SEôNm) y`m;\YAjYBʃы䋤e\5;k3(pdDJQq+ w\ 3+q i&Y?deFfgU7qD0i$^y 6r#ҧݕh bdV`*ps{ats%2:- MV kM٪0mi)ICOO ガOpʼnGP]tրnɠTrfPF4xvOӟd,gJe`ԫa*b۱Ul2" 7 t{83b/ASTLorCX@?Ч(0?K_ߗ+mje6{3 dx?7=ٍօ޵oJf\Q|iPՄ+xYRS#YQbʙERFV`J, uO#n{;D>V0!|p&KGGSKTi*/kj[Ց`64X,Geme52LeSN]y{AfP7g`G|raS.U-pG47+>M6ko2lAD'y^ّES(ЈǺUdŗd 7SГ#b2g]\v1)$?_`n w⟍x,&7/4^\!EwLHw#bD;{/h _]Ta)9K]_2%,JVg=:ot1dAï39.8ۏmmx^D4_.S6m_(-)SڰuV| J8]\{VݖOZkX|!;-̨):6kM{b /a苟 &_ =Y|Cb%o{Dn#|4y*'njX$HJLfE7{Ypm xH06h?aOmZ]X#v[u“8 O݋:t"EIZL|^k]UY-2,-7Ъ4 Zp_QNLiTd.[Bm/,G;}fn)%>+j 2jFoONsJ FZq )'# gaCd>l>4xdy ?kUUiD-FPG| ? -Ԇm#%VX b3LOPshtWOs= b=l 5u`hO&Pa(iȾ[IŒYDqXH⿝ϼD-]+Cs"KKv=d'ۖ97c~9.eZ%j9P%%&[Viq|2O]Pm)ghBÙ wSVf,G>_*U\P=al2 >{# "FƧ+bG6mf*(ٜSDxV/׮*NIq߅FmDFx/XBXV=X݊V^u1W%_ќho-mcJ%f [0 YW_j'tIMrF=fS~r1Po Xf{Hq{Ʒz', kh7ȸͶy}F[va,;Ł"F(#3OOZ'Mq@(.Vz_SB Uh|敟=uPbcX"tfT'/O ұH+m?%H*42g;0"#u+s4}/Io׍,X5T(?X @cOWXLѕ4Z`y41^S;uPN F R wEQKF鼏g %*3ri> }kj-O+w6g1s6r.H\%TU}`1E~-,f1?Wk'fTln+7HX&RlbGMz~Fִ`yu(+Q]ڊM bh:|Kk^ak:k:p}_'5_f0%Ei&ŭ:kKzĨy8B| rc[rڎ 5z'xs7ڭGr_Xߪt\ٗezeCK`'eg@ f+38xd"bJ``=+ev)~t)(<8J7fÃx4eN#hJY{jBt>æF5Tdu{ez(S&Xg 2hlcD3v"ePZy`zk]qJ|C5jH5gPʾԸ6NIQ#9j؎uZRTV_3KSVn+]؆֗deb'C*DT Xyԁ. MQj@' u2xr0.sy! 0IS|HpSyԱBR >?>79$XI}rxeȷ*>V{Їȇ ekՠ2T$Ԭ6w]']`Hx;L0Ll~dZ3,+)<=IQ?(W8X3OAJ "Kk/-z-XPY`"l.o pB+bzAHǦCʲTQll{b9S' !{g0#$h#r4+\Us[lTWxn^x,gO^d3)u2/kM&D=6lN[OP?'D ҥ#k03N2\r)?^<;"1:nE.svbH)q`ShS>h!A!qhhl=Tw7a 2o<<?rdH_;"RJ&eR%؎4ULG ۄ~9J/Vu B<@þĽr_WV߭ ,q1F?),1(?:L P6 KFshMg El]&E)|oFT zCV!>lc-+ҺeMNLFGPƀ;~|AӐ᯳Љ%|nE-p` E8JU1xItҡch.Ku+`׆cw;}b|;dɿJ<.#J.HLW;Ceɰ}SHU Wp7#T &\6TS4*!M.k{y_fEʛ<[&4ùNGPM\q=\;?1sǑUPp?8TPM`F oO X Z"D2҉Xe3%/ ŀ<nړ Wp%knbCql$ELHB!+Y$r#"hbΘ>`i]Xn33o.ϻ1ʞ?oJt+ނ2n}|M yԪnO?+-HQƪLN+4USZ>Oz ݩ{=l2yf9, F(yZ )DJ-=?}f#Ic4e͜vq:8s`-UY}uғ~Ap`TmY %HmM7s 6bn+m_2=JRq}v[=탧Yj#Z-nN7_ݖ8@S5mzůJvs]9e۷n wX~PL85V#DDzc)p4ch%̝MT],\,LV rǍ@/MPRKR[nyX yrTsC>'vMxͭ`ݞ*ඳ BZ\c}Eɦ,Zc N"X_!\'vuYs"S-8UAtyV@ z8, fDhPr!/T?ߪt &6En`('3ŔAwH0#O>:h    |;kjMWJ(xv#GjaH؅HN0]p٪!tDfo7Cj“x0툈v2\W]<9(L-WHj8oIBg1 E{H,T G4qޭ I. ēa jD*w0'a/fNFi;O1ѹD"t$|{%t1^ƄձLN/hlTM m&x/07* SMfN5Om.|sT*=yQl..Fc]̰j,Yf_w %PP(@CsƟSeip#':NH*~κ~JV?w٘N :w_eqHTQgZa; pAgd(Y3Zvz$sʜ+z--GZT"w~k Mm~W85(BftB2⛻w>Բ6ЌEd?,Κb_"cy5nߦeF0 Yrvp*%G.dv=Q XYʷs["qȿARfPlYWV v0> Z~PQNO]]\ G͏aH?s7~QH<ܵKI\V7J,^,eNN"} {ݶ@ 9k^ ϵfJakJYl.٘^,Czl'G^:4W29ʔ')nz,OZDu2mՂboL1l[?NR-u*40/#},g=@O*F62qz/1<.k͏E {iƒ)J8ŽW2[ !_KG|`e*.H ^+ɘc0 jB~ Ϋ!Z.! TZfL'qt/jlS{^I슾`[4YNs>MBmH@.TxqHXDh!kc.՗r}ׯylF7WDmd2 '玨ϑMO7$SZ_{.$7tvU.gT 1E'Wk|iw2.C*ZHDZ2g~SIָ@_Ȕ·{h 0XDL1E1@>f^Y]F`<6_:rQzۼoEoTXZж2١d4dPڀh~7_ZPr ޕҥ+\sl*tNd'UuS tGѶ9˛Z}3wp=A70cქ__fhUfIܭG~ fvoqߛFu6TAĐ5D3"AT$ 4[KG#!\fӨf$,I3bWY >128:oj ^QFXW{}^ [~V=)da60GdBx8'%XYMvnN-*0xKE'X&vewB4rӒJj>i]?"*zC0iUbƏld{k'V&0w1Λv"ןT):ıj= #S|’W`V' >Rj>!4}"@(憚 J_[|]*p C fK;-{KJsA A'K%[PdyT;rM[qſEx5w捖'l:(][3R&*4n=k= 35wL9IBiz*Wau3-)vt#RsYߠ5IWɆVǷi̗EĤ9ꦏ-b7||d>J&T\WAKV8JY=HʢdFIvLׄauB 9ux n(xpLI a);Jg3x-l!upNޔSq^BPTui[p8%-U Iwy WvDf卝j{r4_AK#́)IZ{-UqCU)!A_sIѴfƪAVtMʹeФ6A-\_pv*"dI5'rU4z@Rly5`0HQz&^bzI>*]⽅V{\ni9!Ehk1|)S|P p"q t@:1 v;Qp97Ao9DWR>Şc& "?KDaor=P08h`"b5"Q\ܢv;WRn,UrvUY] \k\=HV\+BWv6+m -Liڽ 5v2-9pLRa<DQ1?H 1yt9$$=>Uzn y=T;?˵3n+- R!d"UIy>ꏨmGy\d 5;._g|h!\A=j,)[^aU~{|7#E&125⦝6ysAd ;Xtȡ҇9z_ , R| u m g{E| g |UH~R~V%Dq\]XY пgA9[_mXͧ+W(g,md*ߙ0W`TMQ'n Ͼ^*0Gq ֺj}*2ee؇w%/=/_[5SE eʱjj~I$ߟC5 F^Kd HD I[Y= T8}6{w<8 c6?C@G&̼??^VϬ@Wia]_̊GiwWWy!ho%Mj­́1% ~Gu(O5fp}T5볪>N5V=։s?-̱e Ш^~ yŒ]L) `d B>ݜΐ 3~oaF 6 -! W' \5p>Dp xzhPTPҍΆU}3M.=J [<}u8o%Uf Pb 5jFDiy9y0wb)R! n'i[ge%kBT{X\-<(ADD72DZ.|)_'$GO%f" ui |̇,[ 䲘l Fx|5q.U^ 1 ~)[A/jf7$o~Ô s8hH,*q?0oj .9ͺ;a 0v͕ lbk԰ۄYNJ?KsH/إ( SZ@NVsM!xLmъn4l!5_ e?Zvq-Suj5!l$2!`ps -'fbMlW_0!6FkR]fel. }9`k04w$dV[CՃ)ŕ2awVBʨQTtPch nwbGY o@Gb^{+q<蕋T3ħا s<PJ8$mt79mD]nw7ەLc([_ܰ¬pW^&GR#jك"J*٧Ul]Β!ߑ% 观\!ED9='B ZH@c.vTpܛ9}_4b]Pmz2+Ff3ۼ"څUnR=˵>jZo4*$ƓP%x>cMW܋+a?x y I Pk5pS]^I]ޜu]gfx:)X;oKqeXGSeI%8I'4FSߴk9@k4(!`wU"3J!x fß%5MJ?,ɕ2J. .̛=[&CF5oŴ~`jڑ;^z&o _71[<Zn\uQn1I7Íg+wn>je1@R޿ǢtNVu”XF[ה!{ݵۉL2j R.ެl9.|8Eڐ X3 7"UMp+j)^}ݠĄP +jblUKtZFn5Ɛ]Lo0 S=BEϦ -c[ZaVc5>u*:s?IB4 u /="lnp5 q#Vvmux2z1x(B܆I5Da[Je5NJ Kl-,X&*T2 76sbKHh\ :\LcH[ȧo?5OOW  p$` SNCnѵq(C(AJ.Η@rvnUh&o(PdLvyU4^V2::S5?}ښBS<RcqW+@7)SO?O/\tN19TkfQu84i тO~]g =iDp N*/Xss!Ɓ4r@_EGmݻYӤja#iw/G,g=ۮv>2"}MFuyJsfަOl1 bE>erGD]qws-ykRͧ)&)J;(l!+:YkQ?r[n0{# 6} ]ơn~D_ hn{ FIZ=yo~{q-9ӑ܋YVn W*/6n8[I`@or$y͌.Ծ P+t6c(,sJm.^s{ i2ф1,$f{jE6Ni&k>[ v1rX/'3Bۺ1G@;5Wy3uex7Ip(lWrvAOS7Y0SR !CIĨfж0kI&i7wMڠ?i>Jr[ Y@®>XT;k 8m?.6i&'` VY`2 Ұ^nL8&~\mo >l3_+k"<'s2##4vTmQFCsh}t.H1}p'-꿝x@".neůhv(ǎ9)F$$_T@@Wxt}$>vb~|9}O^J߿fU~J_ "j-P~%k٠x#X5KA+O:lӪvL zX8P2+Yo8].%~ 6_#d/{ gE$ݶ!GO nT@a"i$Ʊ {i|HC%*oQ:/f#K)<[XIwrE ܬ}_GW~Ď"DfNwj_FF޽m3%Lg^|C܉V¨V`nxa jct ")AW}KOFmQHFϭ MZz]վXV *MdznE|4P<N"*fnp(wo^euWѥX'r ;7Nʼn狸Py(f#O[sY]v>5`7zgÊ21sӛ~-MS-vGҐ5O b=s?{{2' P[,w@vFfhN"Z[!Ή#ؗdTfMȐ,4 H=p;N|`ԽPp(j6BhUoyXbyӑaҗuko51H=L kXXC]Ӂ%20 D¨J0;MVEe)㯆DwQ)!d9_`WV=AUgdp!R0jQ q9{ѥF "#ϥx#Dt\%M;viɸ{vHD' VO}jQO4ZGX#9.XY)dLy:HRHF]Ky`Q+[P #ϛTOZGA|czЦY.>$Ðs^Ԃ N}Xn/RfL|I 9II!PDUl32T v?I1ݏv L^A!tvѨB]{f2>)[PTy7sL;Y^)9t:F4`)yRaK(d -O"SGfb!㗁*w^$>A?dAs@/ kha V5oᝈ=*;%9gy c^_㙄=j[aIem096HT3 Őzl=* dl?5Ӽc8 g taJ tC4%2@ gºP2uiiq[*~A;ĵVk 634h{8QA~4dƐJYG˅]L!@`YLq\~(@UC|xq$B bb|V[~ B7pcRi%ǩ5#\QY IP{->tXiyLK M;|ӔYmDbhDMb&%W->HܤG%a( 7LJpnW \X,uwלm̡^_BUq# fQk Ub's,q0 t_uW͸MJA sxSzt[P.2Ǥ]Y[6MIs~Y1 $^2Gtۤgl&WƤu wsb2#}W%M$v, v`XF1 _=%6pX|cx}Rv+T^T.) QNU{hU}_c"qEKgymyA{C3pnyaXē]p8tA]Hgn=j0I]Bאl&֝Lz*gFJ: PN]28kYc]Cx4*ۗӔ*I Kqa/>]XtR_e2a*Pã4*s:3aԍ7Gzw=mDŽwɒV{r#NF;]TCmOD^_NSq|P$յwʆi(=^D) 4ыXRL!4.⎰I&9oE?¿>o"?GZ" B9?V=OWLL俻Iv`҃o'j#` "$@jI Q 'Cއdnii'Wzk]p,ȗraq`GwcCdǖKK6خ :{LMH$RG0Q)=$B,j֭5 Nɑ,kg%L?,] m TAo-.L?f^`O-%JHм95S9U,xJD/ #KS(c8 D.->uDdxs0 f=]#)KPڮj܋ׅ2Avi*I9_o U|k{ U-t?Gf R1h+!f*P(L ŠD A÷%ag.g_B?L˭ـ6-&Wc=-. H1K$K ǘ`jHx0pXyONe`aN/#Ts|BI36tMgܭ9ɿ":.?{ SC_R u4*n~݁2 UDžn9y2=K4wbsGJƣg{咂q*!/rRLsk( гIOWv@ t޵5|ԙXA^ Q*$c5q`"`İ}j)׷dlS%,!@6|&~@b}QB44J!(_J'lc;36~IÖ4VQnr9/GIFńb4멖5A1Ψ-0<} l/>*ojs}'.kx>APLXweIYY@A0Ӵĉ/p{]9rC[;"iE#"솿S#}lj`e$ 3Wڲ0Ţ! |t혶Ƀ c?o)C=Pm(2?FL3 owdpE)U#\kӅ+m\J3&ey-4){j4%rzP>,N |\xHÑS":&u?!ά[| "y GEZp#ؼ$yH@X 5_KoS~_żǛ) o{x;J \ČyH8qvVk"xw2hc|e d :5Ѕ&c,'䍮Z^]eA/T|iOQ4i dfYvO>v0?#ڥ`;?"r|:&D7rݬоEF1Ҙ6|bȆjvD%KY&ˆA;6q[MŽ+K_{njR)TC _ $tbX\!:)yڨyD8F72/ `x\vtq84&vPU@%z#:*-EK7ҏBS,>-ssE?&wA߭lU#:]h6Jc! }7 {H!I/Z< 6m,Tns^2+UE6׼V_ÌeیI[DCj 2:]ωA6QJ26v1f̓wvWsYFPF8oN*;FB'"Ч q|eo!drSΥluWZYA>iչ1k6ɵ,G[>;O寰a8BD;xΆc#*]}\fAVnŨԒ7[\1 W, oΒ:# p I z v=VFM]ǕHF]w%l"= "otg H>0'MU&:PgN鯟:e/`* 0sif3И(Hඥ|Xv6_+d!1G1f۪R o0 \N#sM7rk4cu;fyQd3k`'ber!rzSdC/iwWv,0pC~;K0f4 QT;:L끒i۬/Rߖf;:][5S-OSoSY lAr-dZ_O[C,ǠBKOF S$/\ul:\aP!'?Ds#Ӌ›z9#Z!Xh0p~s@uI\k) 2:[ N |wj!p(|Zcй*&@mGAu2pjGW-\%>;PĎ8b#yPFCyVnNqaGxB R+5֖(`qϊp=GBQpYppn,:! Nu~`&6֚9Wi/FiA"'_[̌V[,X d {4e^xtD*_7i Ƞ`}erkbqSnl.瓕[I1]M\Ou9M b =9VT瞔eWsx F h/h!nw$`:-~`>Z5\vh NXDcҵ,XJHWeD;?G8cC|(,#g^ V9 _g֏!}A>UV֗>>̑V(`o&s4f'Ma}ƒV6 6-"mSysM>!FVSP~K.(qy8<(4S8wq8P56ܥ+d%2L5r* Y) ;XQފh l2OO_ӁQT9wwwԑz$u1& oͬ=qQ)h'Φx;ӯW _}-%XYQF1bF&VWzl"Su{;q[ІgS^PPhS+](P~!ɄkVtcbz\SMj,jG.eҨ0= h-=oGuהۦ{݁'}VD9.m`F5TޑJmLv"b ܚY77=?=oN)nVddÞݝ,’5ؑۛtuleV+Z}$IZU)$6Q%lDv2m>\$(w7Z&šóTX3*r*m}.L*fV:io)[QͱtWMmRV9x2a^뀷^߬bTOY 1 @_V"mMs]C\(/B{_;BhM;PqW!ܒ~ÿfr9ӈz/p)|psQFݠZ< b 4 k[ 647/^D:=l.K~QM~\Q4&`8& j+?_i -g k}ýh`lG7l[;nU~; r^uL U9|(sgvph1xm;튏Ș/IF~/h[<=/>sp y!|[ K~G~6+\ڡH&z̾1\\7mQKL,=oB/X~J'-3k f<{{&;g==XJ_&B>>_xXTփ4]wtm~ΈѶ LY:g֭4P,㎍O S))JFen!y庫Ѳ ,ɚPx#$4wb ؕ`<64wy iѸ _Acֲ&DŽҔxw2["O>#Uپ[&#r"Hh#QV T49-oN慑2J/s֮r`mJ^bI&􈕥1grtM>LN$}2iGk̀SD^pp7Eې/BA 61gȱED;u hJ;IvK|-+ޏi/rln,?/&U ;V}卭k-@>Qcl5_ދm9X3 HqL۬"lͻ≌QNJUG ]LSh De4_ŢqZq’oo~oïV8P0ʦ}\>du\JNRť@nW 11fe7 DF0Ձ }}'w72)W?nRо>k[6r2ͧcWpq4ǔT!ڝwoWjK8>€mq]̏CoeUQ"~@(] B0:#w)MU2ٌ0Y!8Y P+%IO6¨JLi&J?//̡4BL"+y^"3C"@U!ߕu}k "onVդZԊw|LMxVK|x GԘte @k9n Kq LwLyrؑ0y~@AS3əK{Jo<v=Mpig:f]~B3lһdvᓌiHL1ͪک}~ʰń!Ym9&!`)n@>lrP\MrKVVP]>f\Q I y:LVug;ڥU3qzP.vQb|>p Bq$ێd蟛fFd&aK`ӆ/ȏewb>K:u&鎺/n{v4V*yVxlM$_JC [c`ƳV F 1nS f4f]#mLb ּM%]sࢰOjhEENWRE:啣-2v(g[F"9qTHRqCHY6,l=G, uճ9FF^a8Ǟkx<$1{>>yOyWk5|_Z GB;;Z$!O aeEH][@|Eyų'0n`1#HN33&bKMkrxR;'.fwrj*Ehⲙ`(m$4~#6ߏŎ.;ewʕ5-fd8RA>9s&ǠH>537(EƼ-lp$B^S }qe,sփgr=w+3|,&gz*߂:-xvc x{|QO=˓Km(Ĵݡo~!'"ejf/><L p*XZy9⥞@o짜ܾ 㒾-0I8>*,n:?-̫ }W,՛MSa Y ?L\&;w$+".K) 5 _2w:TP [ Bp?*n; 3X_=kaZ~7_ΧY!ho1)}V6Bؼz^-}\'XGHd/h\!B%ġw?Eg@Lhڵv$QL>tnuKs+z;UswIS>'WEp2eg^ a˙R|BQE"Νājw@a^ǀHހ|WZ8.<׷Y߫!Xf"ѱTN6`<鰍Y/s!nba7|+W ;4}Ǔ^n~}o8N> ' ?1R}ۀ JVϠ ZQV?޳3Z`.NjpNS尾6!!nS]F'dO3B7#%?ho`!ؙ c5cˣh.崈&/76)q, .Frl<V-}HhBuvXSp0R@ ?BWն8qHMZ˲ɻPYsҔRyuN*| y(Ȱ\^/UPN ê`5Ԍ/"PP^dL~$7Qh]yv]tZMA5y,7hl?d&PiXY. 7SUJ-skS!B~JNxQ(`sk0R CH\O\;d|uӂ⺝wqJ$o_H_WBv0Qb7pg>c'M$[# Fi|˥̃J=cITXavn|9/62>EYIBjAAm0p ܩ$WV!_Huۯ--0Yʝ{h"y,`h#vth"5w6r1AKv6QGaذ&/ \VLxt0Y+ uOg^I̠xCnpŽ_{a?)wiB[GJUVF?IO-JC{m=s4μ%NXU5Cympa _ÁE*ٯRV?|<6%`YRGV_-f$fgӍGSVAFh>Z# znRt5n| 4 !bk $VZҞZ$u['D[f42DYxrsf}1dhA}f6Bm(Mu% %;-G8G?BWK ^ l0)MZдSd#<~8hڇ^Ԥvyqյ8>#`l 4b|33Ө/sSᔩrF?bxdYmeyI8@W$9M,JfC*h؍Œ+5d=P <݈hf?UWՠJsNk6XyCѿ?GM3UV\!\h:6DW{AF=A~uSioq_pbHfU/+w~J7)ܸ&q$c)kS"^fe&pX#8ou5b2$Ha^-R:k:AB 縉&;E>6NǬA^~;QaJS1aHnZm97f`3LkRZ1LT翝ʖ=ZcO83mh@@lBI hR5x.5|jh}4K S[-!(Ogs9lQ&ˁ0T jXrS_]J>%sbIg+_މn/D{uKԐyU Xr7ʔnc8`ʴa[BS;yP3 $`5ּQIRMnAt?7F2/ @l uHPeP [8H IJ ܏C{zzyG5 lH; ɒYi):#frr6)Y>"ڊjek$ -X&JڬSR2["/1jJ ɷtX\aMNyL t(.La\g=rnMi.AQj0S& Jfp%GMG0gq?egq(>BXL} ? ,0u fԶHOZDx'8=pJs[~Z iG3%BV ]\m]3 _*–s7z>+ᐪZ3_)i u3,w b;/dߛS*@?iN]gmcI"dtk?Y*Ŝ=@[rrtr+qnz DJԛ2mD`ڜxZ@)l a7'#D!0 4Dj; `}+SUי14 B%M4ԯvW#Jq0۽nIՂ{R!9ݛ2XaR Nw+UNb2H=' 27%L7sf %-(m8ZqH4dq|!kſՖ>D텊q@¬ig֚b3Q^sl˧I(A-D?qil6KGmRXC[wC2|[} 8R< R1mX85Itnxf0 ۅ͝7PФOa(;dͬ9c6q϶F"B +o8w48l=Y0UK`QE)!耔t->l>;ܿ8:BgĿ}6؎A=P^z@rsQR5p*&J~37YBLU$iKb!xXNyPwh|WtA5W_t 7@?mPF|{;yd8D6Dd:kr}+b;>ۄ-")?'J..>W/DkW*~߈:{x';oʥ"OOBM*-jyqO+Jd$ϔ{> v)5/a>7_qBm&PrIBR @Mg4F(tӀf%ݜ[2󰔑\#qzP(E`U9f{2#؏_'9;pfJ%.܁ałge dEh\D87&:Grݿ3S,QD[^Ƭ]!;G]bkO\qPTe>.8fjqԠgk |)tzG[=P]+Uzl7FJ}C`#;n#{ZQ٫ZÓj'eϞE ]ftjR;g81Y%{Ko=G}֎25wqtaȧ\ n>~bH[H>xb;퀷jm*^lh-5N!וhKC蜘n?6ùA}%_wEHdf)/#IH~km9SۦXc&g%(!|5Afbvg+ǣkOBzx?`0SAew3kwO5Vgg|nPŸ$~ ``hTIs{ݑQT gT"v$`o&kUoZABSڰNy#E~r]R)]yaXZqp6[V&qD_eABRͶH-l |)0(E;VyOy D0>ZA=kAz9j>>aP7{<Ř+A=ds(Q%gGK׻p ę(,igF" q9 Uϓ>6p?ٳׁ$g;WՑ@7 E7$ެ=(I8V&);,m;m$s߄Bdbhʳ;#"BbՇ (Leq_7Eׁi\MOJoq$ .3Y {>.cO&2Co/eN6k{3N!i0E+kLۀC,Dcdlzzn-Z5gIbsp\O FdtJ/ZJ~uU.8w̕01G1[uɖRd]p 㭦8th6τ؞ءWaт ]\ؒ,׃[S+odr}Ϗ *,mCȄd} D2߼!Ix87Dn a !ЂĖ[rs\5g]_W(ӵ2)ٙRT)CI* M=f[29LaSaMk!y0sXc׶8(%Cx&&IZe?5aTd66{t4Ca3!+]6PSdjk/gҸ#.>s:wV<_iP#&:ecq/ }_D,3tȘRDkq?KhR28+/jwc:g 97 Q bA7gTVͣ;j~HoU='@Z&2ݧ`~aI}̷ggA]p=~Ti堬.l}s!5| ?ƨQMF^9|?`HMK2 _i.Vdj\Aڙ"*V{8GqA|-ߴZ)xstT 2o{#k9iaZX| 2+Fh=e C(A¯i`c +@{2F0wg]o4ܜi1UKz"I)'l@A)/u')OCyy"x)ՎlJَ7R9&-adB΀ɧ'WAPYKR"A) EW ĻKvpv~OP+4P0Rm=nT\P B0&* )djK[aJs\8d>j=.ۘ72Amo qljM/o4Yݜ4O*R "/H""O:2NW8;;b 48t_/>s=VTDvDNjki1WBp%UG{"`&X`j>@XN>ŽY:{[p mozYD l :_,_=v}T!KJI /ja1 ᣲ@s$ZA:p8v*ʮLvHD_\mfӹ=Dd [?Gwh"*K\bawX1Iyqév Wɏ\-8 ^i!Nkk{#~m-kD}X v Xi8;dhs^%+7FՁ6m*gVD(Z؉k;uhFJ5mfYZVTI(}Q'Bo1P, C."e -Uh Mei+SY%bYLwᓦWfQ)MEOz~rP)^xmjS(؁0th\\@vA\ >SxmPlAo,aguئ2!yKs?{ڇQ5z蟼q>߯i@(tn^/TZF1Ȍ9x0f."Qwf󜅤2Zg֫ B@:y޷qjkՔBydn')mCuiq[ʼnD8Fs6O_ a;%f LK4Tչkj 9H_ʘ>wi3jZUCޣ8!.Era eB9.#d6p"o5{Ox~Oϩ WXw&bz${s6YgʈF؎S= c 5ܶ$V'9`dTɻƀ DBG_˷0^K&:nR٬L~|q}4?[dz$9GR䈺Vi t.kgy 5-A]1[ X16$J3 [p7QxwMpz+VIԍ;x4K'INm .JjnԎ=fO:oFW!-adF,1ȵ:w&ck'zEprՆ3>7 ed V|aVMMdւ};Q=Ϣ&uv-]l+ < Nzf"6 Zoܽ܎;g#QS u2_ "eL]8` J`w\ xdXp£0Tub[x\ /M¼}H u|o' ?| ?,u[LrF+6E\}]:7/©%(Aa~ZkQ=៹Ꝓzu[S5!WV 1f`H\n[abu@j)[|S#1( ŻoVW!;f$Hs1?uV J 0ląVCDLwCNƨ;c ρ{ u̻xBje7t:VUN!rg=h#9vikPYO^Elr9]1/,2yTtdeꘘ-FP. Y +ȿÚsnn8a߼jY:B?6kYNH'j$/:P0&$GwF:Q\8#s2/760ؘQj)[kE<׭dءoUs3:A@a,Pץ4|w=IQcBSkc.;i"tw`pNbB%lYwm/:z_YJmk3=OO,-~`Hk׃f ]_.mj1̮gJ]N1xg->"Knx_˺M 0Qh! d&s:eE05\B*4Rnq7 C?ɬ)_ +"݆TJ7Co_d Q\1S|PiY&0w( M`"6u#}X0sc0izL[0 |. -׊%rłuӅ--k, W} isbCnFtg؁Ӫ]n6>g cTOwP A *.S.*`FZcq:< vmFr12A߫gϟlifz;`uːCC vux(Uf z?4#>ʷ[jSjXivEDpׇW:i c}56sL=;@Pu<[9ʋ:V1 \ɽJ!|}vEG["ɠڅߖ14ǟw6# ~rlJ { 5RӪX>X0݄Gdll(nօqGD"Hza~p`wS%@El3PԖ`f꟯ƠrTѕ}h31.*9ѿm]-xΓ!̧&HL1l!Z*ńpD@_녹(<+b>G =,eg#VRp*U?Mβf4r~ _5HEY05>4.A(C['i[iWC88ˌ$ خ*]f?1{Ҧա5yH^.?( rJ,q(ҠA9o\OF}f:of fM¾t?^׵ =T7]*BTlroJh"y c-SFe~Us8#J'Uj z6{B^$͉'?^_8U5z4epR`I7Lukk?55@u2l5Ys2QHɌjeHYDp /c8ȃˣh{,qhk8=}>ۇ1`GFq8w&$pG4~4V/ĸYծ? B`{EL^-LE)jyP0L!L04'巼 lRʟ5;\a0en1AOڝ\޳`6xƨH,,>AѐE"D" 9L]c񉵐QiG:PH!`qR836-13j[רu{Mm?neߠUiN97/E;\]E:R=Y}28yJ*Os DBMdʅVR3iɿ9iUZ˕IA l7ń ./D*A;]a[' JpذnE W H! FuXhm1JfI:sSv)?4+>㷕:ASaBXQt?@7zE:y|L4ھ"~4.Yl6:(&}Z{0 uk/!H]z$_c4BUQݟ.0E09q ibhͩ[q+)$gaUSSX,ܒ!}R[Ws&[J_2|#c :! *(mͧM@o}+0Є4~8߷hcpxO7qRHI TkVݧFMf]iYM㗕p]:PZ&a̗iq>۵ecᙎfWwC$ י?oKݝwr`dYG}w";oN0alMĹ:%-̞dB^J,uHF ?o}@iefD N4oxh6CT.)44qCtZBu7z`2 =9y`D9҂<.⾵u5TF,C@2I01f7v@ANvw.As?;fzqY 9+rbE,_g2f9X68L1-$EzW__z mp]\E*ˣwe:4gT3|`+U2ԺN|TUe_2\ӓ̎3fH'KSFePA!b^FK^e8 ^6XMTwG%Ֆ/69W7c9Q=Etԧ$\S,F}HjQ6.+YRtrb,Gg3kqdmw5R`ĶVidEtb ߉<ʋ VUJ+:Qz= ~;eLq*Pҡw9JFQ^>zPGϡJ L" *?7Vn$LoL?b%M7PT~>>YⓅs]ZnۊSb^,..)_7Orr;=c63$`Ѓ+΀lEfѺhGh"霶`-rAh@P2D =rE`==d,r8WNȳM xA֓7o( >BFnCsp~ڷZ9,2[Vā꣱JDi/=< b͠Y` e2N,#%PzbhvťTME훀z9O:6Iѡ^ .^Qw@\zBZfy4N-fPlΜQn(ӅTu:P^֔Nb8T^ZW׬6)Xy{M {O9$_s4ď𿬟0fx8!-@YgQKbHroc}Y#CF76Bv(Ю&)Nl6J4N-9Qczj1*ޓcV՗u'NမﳝM;F"a\?=]55$(T@?Wd Yl~zbt(h`Y޶ g?R*}|Mo821Wu\H{Dt\y Yi#{hZȉ $4s 4͢ H I9/E 7v8էN{bՈo/ZR7o@yjw0=R+5ty>wypC/4EలB{6+(&gM ؍Ƒ<>rө5R" 5 (y_ `r6| r i70j7xHekWI{'C-y%x!՗=@;1[ZyS2 uVQ1ܡ2ޱ*l*@Jl2q_myZeВft [L`?4"Tȡ5ۂmPO[սVAڎAuFtC=@ZF0\r7t?9<5%0zq*[*K1=+wla6#Jl 3G{:_]K.hH=5*嶛b86d [2S_:˫UceVO>f{ ȋFkCSBiQGV_ ֣bjRZu |~[hM2k2A o.Zi_&})081Nu"/2]o׽6Z-K> '|r_d8Vg?L揙هgo +Nĭ[#]}Nb'~m49qYGE #){!SpX/O%p<2H*(P5 ~|J -Wtg=-cQċB, 6, gtSҰ|Nb*a=\qFFmK 4!QA.],iś{WD9RxX"1g̖CbL㡏(3)0L]Mj)v2to}XBmۊz f`W]L0" r^F8A6Q@o{,1vai$ݟcT K @53җ[\*ǍM6Lm  ~Wd-φen]z5bw D:B{]S\aHe5eYaϥZR?/9Re3a/3IA) s`R4sBź7 /s,~UUuM:30sC(v"Ϸ% 60D]|PP<`, 鴂s쐂L /mtttV+^g d!oeG3]TŸxlydJs N:=SǙIY?NSC ),Ax,|q]@x5iUp6,뤞uK &0L5';DQԵ2jҔ|Ow<86MAʶNxRSˈp#|ߦ<o*6;!h'`'TݠAep-%:s[ JEDbf+teJq={0+n(':_Mι5KojiĂVҺNYc4 eFi$保iuӶQSW;xdhb3~ݗI1y(y.1C&QYwB8xo hi@u-5QW's0tGMC,=jS>6Ν]-\Hsuw 1Șho jW${+qM/0_&эDe hc諼x1+yoou58reEI2Z6Wb"zS+@7llA,UZD2%Ks !]3Š7wu?)մe))<3S~JIU$Oo`2 ~Q$ϘHj!d`s{TQ("ԫ{l՟c]}'K ةiN~("̫᷍zsU^1gbjr)Vc?4j ;b)Ev*<_vd1[\f1i`bXW Kj YZ