selinux-policy-targeted-3.9.16-52.fc15$>y8,l(43I>H?ѹd! ) Fx|  M^ ^  ^ ^ ^ l^ nL^s^z^p^\  _ ( )* +",0-488*9*:@D*=>BD9GD^H^I4^XYZ[\^]l^^ bdl#t<^u^v,w^x8^ѰeѴfѷCselinux-policy-targeted3.9.1652.fc15SELinux targeted base policySELinux Reference policy targeted base module.O_ x86-17.phx2.fedoraproject.org9WvFedora ProjectFedora ProjectGPLv2+Fedora ProjectSystem Environment/Basehttp://oss.tresys.com/repos/refpolicy/linuxnoarch if [ -s /etc/selinux/config ]; then . /etc/selinux/config; FILE_CONTEXT=/etc/selinux/targeted/contexts/files/file_contexts; if [ "${SELINUXTYPE}" = targeted -a -f ${FILE_CONTEXT} ]; then [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; fi fipackages=`cat /usr/share/selinux/targeted/modules.lst` if [ $1 -eq 1 ]; then ( cd /usr/share/selinux/targeted; semodule -b base.pp.bz2 -i $packages -s targeted; ); restorecon -R /root /var/log /var/lock /var/run 2> /dev/null else semodule -n -s targeted -r moilscanner mailscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger 2>/dev/null ( cd /usr/share/selinux/targeted; semodule -b base.pp.bz2 -i $packages -s targeted; ); . /etc/selinux/config; FILE_CONTEXT=/etc/selinux/targeted/contexts/files/file_contexts; selinuxenabled; if [ $? = 0 -a "${SELINUXTYPE}" = targeted -a -f ${FILE_CONTEXT}.pre ]; then fixfiles -C ${FILE_CONTEXT}.pre restore; restorecon -R /root /var/log /var/lock /var/run 2> /dev/null; rm -f ${FILE_CONTEXT}.pre; fi;fi exit 0:!J#Ba3G h_@:)#T!,#*f,)/(~I&:e07)-!S=. ++3*5'*t 5)")$$n =(*&u+))P"3"~ *{!r2-&')2s%-+Z4%SO5%-$:'50=%(#@4+o$=2*!,;! 0,%&S"!."':/~<-%|6`1*<,!)L7E"$,j#(7`S(@.+B!)(3% s'0V(Q (d!2'+"+W6;86#H# j; &-D623=82&!('35)6 4[*?%y;-=:,*-9@0vL(r"O39,+'8*/J;+S,!5N1"'%f#/']7H#"@(= q;w%8p-G@"*@,*w 27**6#"0()v $37n;5&!?t6#:$"C2o+*:'"\'D/F*$U.6S!2e%+*q)%2(-%1$E?k:MV-?G)5"4*'4f))"(X)E"L$ T;c#(uqi%- A%~O&{,#* !:)Qw'%2j"))4/$~$[&_2(i%nO(s@%'qAA큤A큤A큤AAA큤A큤O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ =O_ O_ /dev/null if [ $? -eq 0 ]; then semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u else semanage user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u fi seuser=`semanage login -l | grep __default__ | awk '{ print $2 }'` [ "$seuser" != "unconfined_u" ] && semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__ seuser=`semanage login -l | grep root | awk '{ print $2 }'` [ "$seuser" = "system_u" ] && semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 root restorecon -R /root /etc/selinux/targeted 2> /dev/null semodule -r qmail 2> /dev/null exit 0selinux-policy-targeted3.2.5-9.fc9O_6ONNؽNåNåN@N@N^N/NN{#@Nm@Nf @NC@N;@N/N&@N +NN N e@MM@M@M@M{@Mߒ@M@Mc@MM‘@MM@M@M@MM@M@M@M@MMM@M@MlMM@MMTMx@Mv@MoMlMgMgMbSM[@MRMQ0@MQ0@MJMGMGMA^@M>@M9u@M6@M5M4/@M4/@M0:M,F@M$]@M@M9MMMMM\@M M M@L!L!L@LL8L@L@LOLOL[@L@L@Lr@L L,@L,@Lډ@L7LLLNL@LΫLeL|L@LB@LB@LB@L@LMLL@LdLL{L*@L@L5LLA@L@LLL@LcLzLzLzLzL)@L|L|L{@L{@LvW@LvW@Ls@Ls@LrbLrbLk@LjyLjyLe3Lc@La?@LZLYV@LXLN@LN@LMxLMxLI@LH2LF@LEL=L=L=L;L7@L LT@L@LL@L@L0LLGL@K^K^KKKj@K$@KKK@K@K@K@K]K޺K@KtK#@KKՀ@K:@KK͗@KŮ@K\K\K @KKKKK9@KK@KK@K@KKKKrKK~@K,K,K,K@KK8@KKK@K@KqKqKqK}+K{@K{@KuBKs@KqN@KjKie@Kf@K`*K`*K]KXAKTM@KPXKEKEKEKD{@KC)KA@K;@K2@K0K/c@K+nK*@K(K"4@KK>K>K>JJęJH@JH@JJJ_@JjJjJjJ@Jv@Jv@Jv@Jv@J$J$JJ0@J@J@JG@JG@J@JJ@J@J@JJJ#J@JJJ@J:J@JJQJ@J J J|@JzJyt@Jyt@Jx"JrJrJq@Jn@Jn@JmJf@Jd\@J\s@JW-@JT@JS8JKOJI@JCfJCfJB@J@J@J?r@J<@J;}J:,@J7@J67J2C@J0J/@J,@J%@JJB@JJMJ J dJ@J@J@J@J*@J*@II@IIA@IIII@I@IIIX@IX@IX@II@I@IcIIo@Io@IzI)@I@I@@I@@II@I@I@IԨIд@I̿In@I3I3I@II@I@IV@IIaIm@Im@I@I'@II2III@IIIIIIII@III@I1I@III~@I}Iy@Ix_Iw@IuItk@Itk@Io%@Ik0IeIcGIa@I`IVIO@IJ;@IHIAI>]I= @I7@I6tI3IIIIIIII IP@I@IIg@Ig@HHH@HrH~@H,H@HCHHH @H @Hf@Hf@H@H+H@H׈H׈H7@HBH@HǶH@HH|@HHH@H{@H)HHL@H@H@H@H@H}H|@Ht@HsVHr@Hl@HkmHgy@HcH`H_@H^>HQHQHQHO@HFHFH$@DX@DU@DN@DN@DLDH@DGwDGwDDD@@D?D?D;@D;@D:HD:HD2_D1@D1@D+@D+@D+@D'D!<@D!<@D!<@DDD@D@D@DDDDDD@D@D@D@D uD $@D D @D @DDDFC@C@C@C@CR@CR@CR@CR@CR@CCCCC@Ci@CC@C@CtC@C@CC:@CECCC @C @CعCعCعCعCC@C-C-C-C@C@CCǖ@C@CáCáCP@CP@C@C[C @CCg@Cg@CCC!@C~@C,C@CCCCC@CC@C@C@CZCZC @C @CCCf@Cf@Cf@C@CqC @C @C @C @C @CCC}@C7@C7@C7@CBCBCYCCCC}@CqCqMiroslav Grepl 3.9.16-52Miroslav Grepl 3.9.16-51Miroslav Grepl 3.9.16-50Miroslav Grepl 3.9.16-49Miroslav Grepl 3.9.16-48Miroslav Grepl 3.9.16-47Miroslav Grepl 3.9.16-46Miroslav Grepl 3.9.16-45Miroslav Grepl 3.9.16-44Miroslav Grepl 3.9.16-43Miroslav Grepl 3.9.16-42Miroslav Grepl 3.9.16-41Miroslav Grepl 3.9.16-40Miroslav Grepl 3.9.16-39Miroslav Grepl 3.9.16-38Miroslav Grepl 3.9.16-37Miroslav Grepl 3.9.16-36Miroslav Grepl 3.9.16-35Miroslav Grepl 3.9.16-34Miroslav Grepl 3.9.16-33Miroslav Grepl 3.9.16-32Miroslav Grepl 3.9.16-31Miroslav Grepl 3.9.16-30Miroslav Grepl 3.9.16-29Miroslav Grepl 3.9.16-28Miroslav Grepl 3.9.16-27Miroslav Grepl 3.9.16-26Miroslav Grepl 3.9.16-25Miroslav Grepl 3.9.16-24Miroslav Grepl 3.9.16-23Miroslav Grepl 3.9.16-22Dan Walsh 3.9.16-21Dan Walsh 3.9.16-20Dan Walsh 3.9.16-19Miroslav Grepl 3.9.16-18Miroslav Grepl 3.9.16-17Miroslav Grepl 3.9.16-16Miroslav Grepl 3.9.16-15Miroslav Grepl 3.9.16-14Miroslav Grepl 3.9.16-13Miroslav Grepl 3.9.16-12Miroslav Grepl 3.9.16-11Miroslav Grepl 3.9.16-10Miroslav Grepl 3.9.16-9Miroslav Grepl 3.9.16-8Miroslav Grepl 3.9.16-7Miroslav Grepl 3.9.16-6Miroslav Grepl 3.9.16-5Miroslav Grepl 3.9.16-4Miroslav Grepl 3.9.16-3Miroslav Grepl 3.9.16-1Miroslav Grepl 3.9.15-6Miroslav Grepl 3.9.15-5Miroslav Grepl 3.9.15-4Miroslav Grepl 3.9.15-3Miroslav Grepl 3.9.15-2Miroslav Grepl 3.9.15-1Fedora Release Engineering - 3.9.14-2Dan Walsh 3.9.14-1Miroslav Grepl 3.9.13-10Miroslav Grepl 3.9.13-9Dan Walsh 3.9.13-8Miroslav Grepl 3.9.13-7Miroslav Grepl 3.9.13-6Miroslav Grepl 3.9.13-5Miroslav Grepl 3.9.13-4Miroslav Grepl 3.9.13-3Miroslav Grepl 3.9.13-2Miroslav Grepl 3.9.13-1Miroslav Grepl 3.9.12-8Miroslav Grepl 3.9.12-7Miroslav Grepl 3.9.12-6Miroslav Grepl 3.9.12-5Dan Walsh 3.9.12-4Dan Walsh 3.9.12-3Dan Walsh 3.9.12-2Miroslav Grepl 3.9.12-1Dan Walsh 3.9.11-2Miroslav Grepl 3.9.11-1Miroslav Grepl 3.9.10-13Dan Walsh 3.9.10-12Miroslav Grepl 3.9.10-11Miroslav Grepl 3.9.10-10Miroslav Grepl 3.9.10-9Miroslav Grepl 3.9.10-8Miroslav Grepl 3.9.10-7Miroslav Grepl 3.9.10-6Miroslav Grepl 3.9.10-5Dan Walsh 3.9.10-4Miroslav Grepl 3.9.10-3Miroslav Grepl 3.9.10-2Miroslav Grepl 3.9.10-1Miroslav Grepl 3.9.9-4Dan Walsh 3.9.9-3Miroslav Grepl 3.9.9-2Miroslav Grepl 3.9.9-1Miroslav Grepl 3.9.8-7Dan Walsh 3.9.8-6Miroslav Grepl 3.9.8-5Miroslav Grepl 3.9.8-4Dan Walsh 3.9.8-3Dan Walsh 3.9.8-2Dan Walsh 3.9.8-1Dan Walsh 3.9.7-10Dan Walsh 3.9.7-9Dan Walsh 3.9.7-8Dan Walsh 3.9.7-7Dan Walsh 3.9.7-6Dan Walsh 3.9.7-5Dan Walsh 3.9.7-4Dan Walsh 3.9.7-3Dan Walsh 3.9.7-2Dan Walsh 3.9.7-1Dan Walsh 3.9.6-3Dan Walsh 3.9.6-2Dan Walsh 3.9.6-1Dan Walsh 3.9.5-11Dan Walsh 3.9.5-10Dan Walsh 3.9.5-9Dan Walsh 3.9.5-8Dan Walsh 3.9.5-7Dan Walsh 3.9.5-6Dan Walsh 3.9.5-5Dan Walsh 3.9.5-4Dan Walsh 3.9.5-3Dan Walsh 3.9.5-2Dan Walsh 3.9.5-1Dan Walsh 3.9.4-3Dan Walsh 3.9.4-2Dan Walsh 3.9.4-1Dan Walsh 3.9.3-4Dan Walsh 3.9.3-3Dan Walsh 3.9.3-2Dan Walsh 3.9.3-1Dan Walsh 3.9.2-1Dan Walsh 3.9.1-3Dan Walsh 3.9.1-2Dan Walsh 3.9.1-1Dan Walsh 3.9.0-2Dan Walsh 3.9.0-1Dan Walsh 3.8.8-21Dan Walsh 3.8.8-20Dan Walsh 3.8.8-19Dan Walsh 3.8.8-18Dan Walsh 3.8.8-17Dan Walsh 3.8.8-16Dan Walsh 3.8.8-15Dan Walsh 3.8.8-14Dan Walsh 3.8.8-13Dan Walsh 3.8.8-12Dan Walsh 3.8.8-11Dan Walsh 3.8.8-10Dan Walsh 3.8.8-9Dan Walsh 3.8.8-8Dan Walsh 3.8.8-7Dan Walsh 3.8.8-6Dan Walsh 3.8.8-5Dan Walsh 3.8.8-4Dan Walsh 3.8.8-3Dan Walsh 3.8.8-2Dan Walsh 3.8.8-1Dan Walsh 3.8.7-3Dan Walsh 3.8.7-2Dan Walsh 3.8.7-1Dan Walsh 3.8.6-3Miroslav Grepl 3.8.6-2Dan Walsh 3.8.6-1Dan Walsh 3.8.5-1Dan Walsh 3.8.4-1Dan Walsh 3.8.3-4Dan Walsh 3.8.3-3Dan Walsh 3.8.3-2Dan Walsh 3.8.3-1Dan Walsh 3.8.2-1Dan Walsh 3.8.1-5Dan Walsh 3.8.1-4Dan Walsh 3.8.1-3Dan Walsh 3.8.1-2Dan Walsh 3.8.1-1Dan Walsh 3.7.19-22Dan Walsh 3.7.19-21Dan Walsh 3.7.19-20Dan Walsh 3.7.19-19Dan Walsh 3.7.19-17Dan Walsh 3.7.19-16Dan Walsh 3.7.19-15Dan Walsh 3.7.19-14Dan Walsh 3.7.19-13Dan Walsh 3.7.19-12Dan Walsh 3.7.19-11Dan Walsh 3.7.19-10Dan Walsh 3.7.19-9Dan Walsh 3.7.19-8Dan Walsh 3.7.19-7Dan Walsh 3.7.19-6Dan Walsh 3.7.19-5Dan Walsh 3.7.19-4Dan Walsh 3.7.19-3Dan Walsh 3.7.19-2Dan Walsh 3.7.19-1Dan Walsh 3.7.18-3Dan Walsh 3.7.18-2Dan Walsh 3.7.18-1Dan Walsh 3.7.17-6Dan Walsh 3.7.17-5Dan Walsh 3.7.17-4Dan Walsh 3.7.17-3Dan Walsh 3.7.17-2Dan Walsh 3.7.17-1Dan Walsh 3.7.16-2Dan Walsh 3.7.16-1Dan Walsh 3.7.15-4Dan Walsh 3.7.15-3Dan Walsh 3.7.15-2Dan Walsh 3.7.15-1Dan Walsh 3.7.14-5Dan Walsh 3.7.14-4Dan Walsh 3.7.14-3Dan Walsh 3.7.14-2Dan Walsh 3.7.14-1Dan Walsh 3.7.13-4Dan Walsh 3.7.13-3Dan Walsh 3.7.13-2Dan Walsh 3.7.13-1Dan Walsh 3.7.12-1Dan Walsh 3.7.11-1Dan Walsh 3.7.10-5Dan Walsh 3.7.10-4Dan Walsh 3.7.10-3Dan Walsh 3.7.10-2Dan Walsh 3.7.10-1Dan Walsh 3.7.9-4Dan Walsh 3.7.9-3Dan Walsh 3.7.9-2Dan Walsh 3.7.9-1Dan Walsh 3.7.8-11Dan Walsh 3.7.8-9Dan Walsh 3.7.8-8Dan Walsh 3.7.8-7Dan Walsh 3.7.8-6Dan Walsh 3.7.8-5Dan Walsh 3.7.8-4Dan Walsh 3.7.8-3Dan Walsh 3.7.8-2Dan Walsh 3.7.8-1Dan Walsh 3.7.7-3Dan Walsh 3.7.7-2Dan Walsh 3.7.7-1Dan Walsh 3.7.6-1Dan Walsh 3.7.5-8Dan Walsh 3.7.5-7Dan Walsh 3.7.5-6Dan Walsh 3.7.5-5Dan Walsh 3.7.5-4Dan Walsh 3.7.5-3Dan Walsh 3.7.5-2Dan Walsh 3.7.5-1Dan Walsh 3.7.4-4Dan Walsh 3.7.4-3Dan Walsh 3.7.4-2Dan Walsh 3.7.4-1Dan Walsh 3.7.3-1Dan Walsh 3.7.1-1Dan Walsh 3.6.33-2Dan Walsh 3.6.33-1Dan Walsh 3.6.32-17Dan Walsh 3.6.32-16Dan Walsh 3.6.32-15Dan Walsh 3.6.32-13Dan Walsh 3.6.32-12Dan Walsh 3.6.32-11Dan Walsh 3.6.32-10Dan Walsh 3.6.32-9Dan Walsh 3.6.32-8Dan Walsh 3.6.32-7Dan Walsh 3.6.32-6Dan Walsh 3.6.32-5Dan Walsh 3.6.32-4Dan Walsh 3.6.32-3Dan Walsh 3.6.32-2Dan Walsh 3.6.32-1Dan Walsh 3.6.31-5Dan Walsh 3.6.31-4Dan Walsh 3.6.31-3Dan Walsh 3.6.31-2Dan Walsh 3.6.30-6Dan Walsh 3.6.30-5Dan Walsh 3.6.30-4Dan Walsh 3.6.30-3Dan Walsh 3.6.30-2Dan Walsh 3.6.30-1Dan Walsh 3.6.29-2Dan Walsh 3.6.29-1Dan Walsh 3.6.28-9Dan Walsh 3.6.28-8Dan Walsh 3.6.28-7Dan Walsh 3.6.28-6Dan Walsh 3.6.28-5Dan Walsh 3.6.28-4Dan Walsh 3.6.28-3Dan Walsh 3.6.28-2Dan Walsh 3.6.28-1Dan Walsh 3.6.27-1Dan Walsh 3.6.26-11Dan Walsh 3.6.26-10Dan Walsh 3.6.26-9Bill Nottingham 3.6.26-8Dan Walsh 3.6.26-7Dan Walsh 3.6.26-6Dan Walsh 3.6.26-5Dan Walsh 3.6.26-4Dan Walsh 3.6.26-3Dan Walsh 3.6.26-2Dan Walsh 3.6.26-1Dan Walsh 3.6.25-1Dan Walsh 3.6.24-1Dan Walsh 3.6.23-2Dan Walsh 3.6.23-1Dan Walsh 3.6.22-3Dan Walsh 3.6.22-1Dan Walsh 3.6.21-4Dan Walsh 3.6.21-3Tom "spot" Callaway 3.6.21-2Dan Walsh 3.6.21-1Dan Walsh 3.6.20-2Dan Walsh 3.6.20-1Dan Walsh 3.6.19-5Dan Walsh 3.6.19-4Dan Walsh 3.6.19-3Dan Walsh 3.6.19-2Dan Walsh 3.6.19-1Dan Walsh 3.6.18-1Dan Walsh 3.6.17-1Dan Walsh 3.6.16-4Dan Walsh 3.6.16-3Dan Walsh 3.6.16-2Dan Walsh 3.6.16-1Dan Walsh 3.6.14-3Dan Walsh 3.6.14-2Dan Walsh 3.6.14-1Dan Walsh 3.6.13-3Dan Walsh 3.6.13-2Dan Walsh 3.6.13-1Dan Walsh 3.6.12-39Dan Walsh 3.6.12-38Dan Walsh 3.6.12-37Dan Walsh 3.6.12-36Dan Walsh 3.6.12-35Dan Walsh 3.6.12-34Dan Walsh 3.6.12-33Dan Walsh 3.6.12-31Dan Walsh 3.6.12-30Dan Walsh 3.6.12-29Dan Walsh 3.6.12-28Dan Walsh 3.6.12-27Dan Walsh 3.6.12-26Dan Walsh 3.6.12-25Dan Walsh 3.6.12-24Dan Walsh 3.6.12-23Dan Walsh 3.6.12-22Dan Walsh 3.6.12-21Dan Walsh 3.6.12-20Dan Walsh 3.6.12-19Dan Walsh 3.6.12-16Dan Walsh 3.6.12-15Dan Walsh 3.6.12-14Dan Walsh 3.6.12-13Dan Walsh 3.6.12-12Dan Walsh 3.6.12-11Dan Walsh 3.6.12-10Dan Walsh 3.6.12-9Dan Walsh 3.6.12-8Dan Walsh 3.6.12-7Dan Walsh 3.6.12-6Dan Walsh 3.6.12-5Dan Walsh 3.6.12-4Dan Walsh 3.6.12-3Dan Walsh 3.6.12-2Dan Walsh 3.6.12-1Dan Walsh 3.6.11-1Dan Walsh 3.6.10-9Dan Walsh 3.6.10-8Dan Walsh 3.6.10-7Dan Walsh 3.6.10-6Dan Walsh 3.6.10-5Dan Walsh 3.6.10-4Dan Walsh 3.6.10-3Dan Walsh 3.6.10-2Dan Walsh 3.6.10-1Dan Walsh 3.6.9-4Dan Walsh 3.6.9-3Dan Walsh 3.6.9-2Dan Walsh 3.6.9-1Dan Walsh 3.6.8-4Dan Walsh 3.6.8-3Dan Walsh 3.6.8-2Dan Walsh 3.6.8-1Dan Walsh 3.6.7-2Dan Walsh 3.6.7-1Dan Walsh 3.6.6-9Dan Walsh 3.6.6-8Fedora Release Engineering - 3.6.6-7Dan Walsh 3.6.6-6Dan Walsh 3.6.6-5Dan Walsh 3.6.6-4Dan Walsh 3.6.6-3Dan Walsh 3.6.6-2Dan Walsh 3.6.6-1Dan Walsh 3.6.5-3Dan Walsh 3.6.5-1Dan Walsh 3.6.4-6Dan Walsh 3.6.4-5Dan Walsh 3.6.4-4Dan Walsh 3.6.4-3Dan Walsh 3.6.4-2Dan Walsh 3.6.4-1Dan Walsh 3.6.3-13Dan Walsh 3.6.3-12Dan Walsh 3.6.3-11Dan Walsh 3.6.3-10Dan Walsh 3.6.3-9Dan Walsh 3.6.3-8Dan Walsh 3.6.3-7Dan Walsh 3.6.3-6Dan Walsh 3.6.3-3Dan Walsh 3.6.3-2Dan Walsh 3.6.3-1Dan Walsh 3.6.2-5Dan Walsh 3.6.2-4Dan Walsh 3.6.2-3Dan Walsh 3.6.2-2Dan Walsh 3.6.2-1Dan Walsh 3.6.1-15Dan Walsh 3.6.1-14Dan Walsh 3.6.1-13Dan Walsh 3.6.1-12Dan Walsh 3.6.1-11Dan Walsh 3.6.1-10Dan Walsh 3.6.1-9Dan Walsh 3.6.1-8Dan Walsh 3.6.1-7Dan Walsh 3.6.1-4Ignacio Vazquez-Abrams - 3.6.1-2Dan Walsh 3.5.13-19Dan Walsh 3.5.13-18Dan Walsh 3.5.13-17Dan Walsh 3.5.13-16Dan Walsh 3.5.13-15Dan Walsh 3.5.13-14Dan Walsh 3.5.13-13Dan Walsh 3.5.13-12Dan Walsh 3.5.13-11Dan Walsh 3.5.13-9Dan Walsh 3.5.13-8Dan Walsh 3.5.13-7Dan Walsh 3.5.13-6Dan Walsh 3.5.13-5Dan Walsh 3.5.13-4Dan Walsh 3.5.13-3Dan Walsh 3.5.13-2Dan Walsh 3.5.13-1Dan Walsh 3.5.12-3Dan Walsh 3.5.12-2Dan Walsh 3.5.12-1Dan Walsh 3.5.11-1Dan Walsh 3.5.10-3Dan Walsh 3.5.10-2Dan Walsh 3.5.10-1Dan Walsh 3.5.9-4Dan Walsh 3.5.9-3Dan Walsh 3.5.9-2Dan Walsh 3.5.9-1Dan Walsh 3.5.8-7Dan Walsh 3.5.8-6Dan Walsh 3.5.8-5Dan Walsh 3.5.8-4Dan Walsh 3.5.8-3Dan Walsh 3.5.8-1Dan Walsh 3.5.7-2Dan Walsh 3.5.7-1Dan Walsh 3.5.6-2Dan Walsh 3.5.6-1Dan Walsh 3.5.5-4Dan Walsh 3.5.5-3Dan Walsh 3.5.5-2Dan Walsh 3.5.4-2Dan Walsh 3.5.4-1Dan Walsh 3.5.3-1Dan Walsh 3.5.2-2Dan Walsh 3.5.1-5Dan Walsh 3.5.1-4Dan Walsh 3.5.1-3Dan Walsh 3.5.1-2Dan Walsh 3.5.1-1Dan Walsh 3.5.0-1Dan Walsh 3.4.2-14Dan Walsh 3.4.2-13Dan Walsh 3.4.2-12Dan Walsh 3.4.2-11Dan Walsh 3.4.2-10Dan Walsh 3.4.2-9Dan Walsh 3.4.2-8Dan Walsh 3.4.2-7Dan Walsh 3.4.2-6Dan Walsh 3.4.2-5Dan Walsh 3.4.2-4Dan Walsh 3.4.2-3Dan Walsh 3.4.2-2Dan Walsh 3.4.2-1Dan Walsh 3.4.1-5Dan Walsh 3.4.1-3Dan Walsh 3.4.1-2Dan Walsh 3.4.1-1Dan Walsh 3.3.1-48Dan Walsh 3.3.1-47Dan Walsh 3.3.1-46Dan Walsh 3.3.1-45Dan Walsh 3.3.1-44Dan Walsh 3.3.1-43Dan Walsh 3.3.1-42Dan Walsh 3.3.1-41Dan Walsh 3.3.1-39Dan Walsh 3.3.1-37Dan Walsh 3.3.1-36Dan Walsh 3.3.1-33Dan Walsh 3.3.1-32Dan Walsh 3.3.1-31Dan Walsh 3.3.1-30Dan Walsh 3.3.1-29Dan Walsh 3.3.1-28Dan Walsh 3.3.1-27Dan Walsh 3.3.1-26Dan Walsh 3.3.1-25Dan Walsh 3.3.1-24Dan Walsh 3.3.1-23Dan Walsh 3.3.1-22Dan Walsh 3.3.1-21Dan Walsh 3.3.1-20Dan Walsh 3.3.1-19Dan Walsh 3.3.1-18Dan Walsh 3.3.1-17Dan Walsh 3.3.1-16Dan Walsh 3.3.1-15Bill Nottingham 3.3.1-14Dan Walsh 3.3.1-13Dan Walsh 3.3.1-12Dan Walsh 3.3.1-11Dan Walsh 3.3.1-10Dan Walsh 3.3.1-9Dan Walsh 3.3.1-8Dan Walsh 3.3.1-6Dan Walsh 3.3.1-5Dan Walsh 3.3.1-4Dan Walsh 3.3.1-2Dan Walsh 3.3.1-1Dan Walsh 3.3.0-2Dan Walsh 3.3.0-1Dan Walsh 3.2.9-2Dan Walsh 3.2.9-1Dan Walsh 3.2.8-2Dan Walsh 3.2.8-1Dan Walsh 3.2.7-6Dan Walsh 3.2.7-5Dan Walsh 3.2.7-3Dan Walsh 3.2.7-2Dan Walsh 3.2.7-1Dan Walsh 3.2.6-7Dan Walsh 3.2.6-6Dan Walsh 3.2.6-5Dan Walsh 3.2.6-4Dan Walsh 3.2.6-3Dan Walsh 3.2.6-2Dan Walsh 3.2.6-1Dan Walsh 3.2.5-25Dan Walsh 3.2.5-24Dan Walsh 3.2.5-22Dan Walsh 3.2.5-21Dan Walsh 3.2.5-20Dan Walsh 3.2.5-19Dan Walsh 3.2.5-18Dan Walsh 3.2.5-17Dan Walsh 3.2.5-16Dan Walsh 3.2.5-15Dan Walsh 3.2.5-14Dan Walsh 3.2.5-13Dan Walsh 3.2.5-12Dan Walsh 3.2.5-11Dan Walsh 3.2.5-10Dan Walsh 3.2.5-9Dan Walsh 3.2.5-8Dan Walsh 3.2.5-7Dan Walsh 3.2.5-6Dan Walsh 3.2.5-5Dan Walsh 3.2.5-4Dan Walsh 3.2.5-3Dan Walsh 3.2.5-2Dan Walsh 3.2.5-1Dan Walsh 3.2.4-5Dan Walsh 3.2.4-4Dan Walsh 3.2.4-3Dan Walsh 3.2.4-1Dan Walsh 3.2.4-1Dan Walsh 3.2.3-2Dan Walsh 3.2.3-1Dan Walsh 3.2.2-1Dan Walsh 3.2.1-3Dan Walsh 3.2.1-1Dan Walsh 3.1.2-2Dan Walsh 3.1.2-1Dan Walsh 3.1.1-1Dan Walsh 3.1.0-1Dan Walsh 3.0.8-30Dan Walsh 3.0.8-28Dan Walsh 3.0.8-27Dan Walsh 3.0.8-26Dan Walsh 3.0.8-25Dan Walsh 3.0.8-24Dan Walsh 3.0.8-23Dan Walsh 3.0.8-22Dan Walsh 3.0.8-21Dan Walsh 3.0.8-20Dan Walsh 3.0.8-19Dan Walsh 3.0.8-18Dan Walsh 3.0.8-17Dan Walsh 3.0.8-16Dan Walsh 3.0.8-15Dan Walsh 3.0.8-14Dan Walsh 3.0.8-13Dan Walsh 3.0.8-12Dan Walsh 3.0.8-11Dan Walsh 3.0.8-10Dan Walsh 3.0.8-9Dan Walsh 3.0.8-8Dan Walsh 3.0.8-7Dan Walsh 3.0.8-5Dan Walsh 3.0.8-4Dan Walsh 3.0.8-3Dan Walsh 3.0.8-2Dan Walsh 3.0.8-1Dan Walsh 3.0.7-10Dan Walsh 3.0.7-9Dan Walsh 3.0.7-8Dan Walsh 3.0.7-7Dan Walsh 3.0.7-6Dan Walsh 3.0.7-5Dan Walsh 3.0.7-4Dan Walsh 3.0.7-3Dan Walsh 3.0.7-2Dan Walsh 3.0.7-1Dan Walsh 3.0.6-3Dan Walsh 3.0.6-2Dan Walsh 3.0.6-1Dan Walsh 3.0.5-11Dan Walsh 3.0.5-10Dan Walsh 3.0.5-9Dan Walsh 3.0.5-8Dan Walsh 3.0.5-7Dan Walsh 3.0.5-6Dan Walsh 3.0.5-5Dan Walsh 3.0.5-4Dan Walsh 3.0.5-3Dan Walsh 3.0.5-2Dan Walsh 3.0.5-1Dan Walsh 3.0.4-6Dan Walsh 3.0.4-5Dan Walsh 3.0.4-4Dan Walsh 3.0.4-3Dan Walsh 3.0.4-2Dan Walsh 3.0.4-1Dan Walsh 3.0.3-6Dan Walsh 3.0.3-5Dan Walsh 3.0.3-4Dan Walsh 3.0.3-3Dan Walsh 3.0.3-2Dan Walsh 3.0.3-1Dan Walsh 3.0.2-9Dan Walsh 3.0.2-8Dan Walsh 3.0.2-7Dan Walsh 3.0.2-5Dan Walsh 3.0.2-4Dan Walsh 3.0.2-3Dan Walsh 3.0.2-2Dan Walsh 3.0.1-5Dan Walsh 3.0.1-4Dan Walsh 3.0.1-3Dan Walsh 3.0.1-2Dan Walsh 3.0.1-1Dan Walsh 2.6.5-3Dan Walsh 2.6.5-2Dan Walsh 2.6.4-7Dan Walsh 2.6.4-6Dan Walsh 2.6.4-5Dan Walsh 2.6.4-2Dan Walsh 2.6.4-1Dan Walsh 2.6.3-1Dan Walsh 2.6.2-1Dan Walsh 2.6.1-4Dan Walsh 2.6.1-3Dan Walsh 2.6.1-2Dan Walsh 2.6.1-1Dan Walsh 2.5.12-12Dan Walsh 2.5.12-11Dan Walsh 2.5.12-10Dan Walsh 2.5.12-8Dan Walsh 2.5.12-5Dan Walsh 2.5.12-4Dan Walsh 2.5.12-3Dan Walsh 2.5.12-2Dan Walsh 2.5.12-1Dan Walsh 2.5.11-8Dan Walsh 2.5.11-7Dan Walsh 2.5.11-6Dan Walsh 2.5.11-5Dan Walsh 2.5.11-4Dan Walsh 2.5.11-3Dan Walsh 2.5.11-2Dan Walsh 2.5.11-1Dan Walsh 2.5.10-2Dan Walsh 2.5.10-1Dan Walsh 2.5.9-6Dan Walsh 2.5.9-5Dan Walsh 2.5.9-4Dan Walsh 2.5.9-3Dan Walsh 2.5.9-2Dan Walsh 2.5.8-8Dan Walsh 2.5.8-7Dan Walsh 2.5.8-6Dan Walsh 2.5.8-5Dan Walsh 2.5.8-4Dan Walsh 2.5.8-3Dan Walsh 2.5.8-2Dan Walsh 2.5.8-1Dan Walsh 2.5.7-1Dan Walsh 2.5.6-1Dan Walsh 2.5.5-2Dan Walsh 2.5.5-1Dan Walsh 2.5.4-2Dan Walsh 2.5.4-1Dan Walsh 2.5.3-3Dan Walsh 2.5.3-2Dan Walsh 2.5.3-1Dan Walsh 2.5.2-6Dan Walsh 2.5.2-5Dan Walsh 2.5.2-4Dan Walsh 2.5.2-3Dan Walsh 2.5.2-2Dan Walsh 2.5.2-1Dan Walsh 2.5.1-5Dan Walsh 2.5.1-4Dan Walsh 2.5.1-2Dan Walsh 2.5.1-1Dan Walsh 2.4.6-20Dan Walsh 2.4.6-19Dan Walsh 2.4.6-18Dan Walsh 2.4.6-17Dan Walsh 2.4.6-16Dan Walsh 2.4.6-15Dan Walsh 2.4.6-14Dan Walsh 2.4.6-13Dan Walsh 2.4.6-12Dan Walsh 2.4.6-11Dan Walsh 2.4.6-10Dan Walsh 2.4.6-9Dan Walsh 2.4.6-8Dan Walsh 2.4.6-7Dan Walsh 2.4.6-6Dan Walsh 2.4.6-5Dan Walsh 2.4.6-4Dan Walsh 2.4.6-3Dan Walsh 2.4.6-1Dan Walsh 2.4.5-4Dan Walsh 2.4.5-3Dan Walsh 2.4.5-2Dan Walsh 2.4.5-1Dan Walsh 2.4.4-2Dan Walsh 2.4.4-2Dan Walsh 2.4.4-1Dan Walsh 2.4.3-13Dan Walsh 2.4.3-12Dan Walsh 2.4.3-11Dan Walsh 2.4.3-10Dan Walsh 2.4.3-9Dan Walsh 2.4.3-8Dan Walsh 2.4.3-7Dan Walsh 2.4.3-6Dan Walsh 2.4.3-5Dan Walsh 2.4.3-4Dan Walsh 2.4.3-3Dan Walsh 2.4.3-2Dan Walsh 2.4.3-1Dan Walsh 2.4.2-8Dan Walsh 2.4.2-7James Antill 2.4.2-6Dan Walsh 2.4.2-5Dan Walsh 2.4.2-4Dan Walsh 2.4.2-3Dan Walsh 2.4.2-2Dan Walsh 2.4.2-1Dan Walsh 2.4.1-5Dan Walsh 2.4.1-4Dan Walsh 2.4.1-3Dan Walsh 2.4.1-2Dan Walsh 2.4-4Dan Walsh 2.4-3Dan Walsh 2.4-2Dan Walsh 2.4-1Dan Walsh 2.3.19-4Dan Walsh 2.3.19-3Dan Walsh 2.3.19-2Dan Walsh 2.3.19-1James Antill 2.3.18-10James Antill 2.3.18-9Dan Walsh 2.3.18-8Dan Walsh 2.3.18-7Dan Walsh 2.3.18-6Dan Walsh 2.3.18-5Dan Walsh 2.3.18-4Dan Walsh 2.3.18-3Dan Walsh 2.3.18-2Dan Walsh 2.3.18-1Dan Walsh 2.3.17-2Dan Walsh 2.3.17-1Dan Walsh 2.3.16-9Dan Walsh 2.3.16-8Dan Walsh 2.3.16-7Dan Walsh 2.3.16-6Dan Walsh 2.3.16-5Dan Walsh 2.3.16-4Dan Walsh 2.3.16-2Dan Walsh 2.3.16-1Dan Walsh 2.3.15-2Dan Walsh 2.3.15-1Dan Walsh 2.3.14-8Dan Walsh 2.3.14-7Dan Walsh 2.3.14-6Dan Walsh 2.3.14-4Dan Walsh 2.3.14-3Dan Walsh 2.3.14-2Dan Walsh 2.3.14-1Dan Walsh 2.3.13-6Dan Walsh 2.3.13-5Dan Walsh 2.3.13-4Dan Walsh 2.3.13-3Dan Walsh 2.3.13-2Dan Walsh 2.3.13-1Dan Walsh 2.3.12-2Dan Walsh 2.3.12-1Dan Walsh 2.3.11-1Dan Walsh 2.3.10-7Dan Walsh 2.3.10-6Dan Walsh 2.3.10-3Dan Walsh 2.3.10-1Dan Walsh 2.3.9-6Dan Walsh 2.3.9-5Dan Walsh 2.3.9-4Dan Walsh 2.3.9-3Dan Walsh 2.3.9-2Dan Walsh 2.3.9-1Dan Walsh 2.3.8-2Dan Walsh 2.3.7-1Dan Walsh 2.3.6-4Dan Walsh 2.3.6-3Dan Walsh 2.3.6-2Dan Walsh 2.3.6-1Dan Walsh 2.3.5-1Dan Walsh 2.3.4-1Dan Walsh 2.3.3-20Dan Walsh 2.3.3-19Dan Walsh 2.3.3-18Dan Walsh 2.3.3-17Dan Walsh 2.3.3-16Dan Walsh 2.3.3-15Dan Walsh 2.3.3-14Dan Walsh 2.3.3-13Dan Walsh 2.3.3-12Dan Walsh 2.3.3-11Dan Walsh 2.3.3-10Dan Walsh 2.3.3-9Dan Walsh 2.3.3-8Dan Walsh 2.3.3-7Dan Walsh 2.3.3-6Dan Walsh 2.3.3-5Dan Walsh 2.3.3-4Dan Walsh 2.3.3-3Dan Walsh 2.3.3-2Dan Walsh 2.3.3-1Dan Walsh 2.3.2-4Dan Walsh 2.3.2-3Dan Walsh 2.3.2-2Dan Walsh 2.3.2-1Dan Walsh 2.3.1-1Dan Walsh 2.2.49-1Dan Walsh 2.2.48-1Dan Walsh 2.2.47-5Dan Walsh 2.2.47-4Dan Walsh 2.2.47-3Dan Walsh 2.2.47-1Dan Walsh 2.2.46-2Dan Walsh 2.2.46-1Dan Walsh 2.2.45-3Dan Walsh 2.2.45-2Dan Walsh 2.2.45-1Dan Walsh 2.2.44-1Dan Walsh 2.2.43-4Dan Walsh 2.2.43-3Dan Walsh 2.2.43-2Dan Walsh 2.2.43-1Dan Walsh 2.2.42-4Dan Walsh 2.2.42-3Dan Walsh 2.2.42-2Dan Walsh 2.2.42-1Dan Walsh 2.2.41-1Dan Walsh 2.2.40-2Dan Walsh 2.2.40-1Dan Walsh 2.2.39-2Dan Walsh 2.2.39-1Dan Walsh 2.2.38-6Dan Walsh 2.2.38-5Dan Walsh 2.2.38-4Dan Walsh 2.2.38-3Dan Walsh 2.2.38-2Dan Walsh 2.2.38-1Dan Walsh 2.2.37-1Dan Walsh 2.2.36-2Dan Walsh 2.2.36-1James Antill 2.2.35-2Dan Walsh 2.2.35-1Dan Walsh 2.2.34-3Dan Walsh 2.2.34-2Dan Walsh 2.2.34-1Dan Walsh 2.2.33-1Dan Walsh 2.2.32-2Dan Walsh 2.2.32-1Dan Walsh 2.2.31-1Dan Walsh 2.2.30-2Dan Walsh 2.2.30-1Dan Walsh 2.2.29-6Russell Coker 2.2.29-5Dan Walsh 2.2.29-4Dan Walsh 2.2.29-3Dan Walsh 2.2.29-2Dan Walsh 2.2.29-1Dan Walsh 2.2.28-3Dan Walsh 2.2.28-2Dan Walsh 2.2.28-1Dan Walsh 2.2.27-1Dan Walsh 2.2.25-3Dan Walsh 2.2.25-2Dan Walsh 2.2.24-1Dan Walsh 2.2.23-19Dan Walsh 2.2.23-18Dan Walsh 2.2.23-17Karsten Hopp 2.2.23-16Dan Walsh 2.2.23-15Dan Walsh 2.2.23-14Dan Walsh 2.2.23-13Dan Walsh 2.2.23-12Jeremy Katz - 2.2.23-11Jeremy Katz - 2.2.23-10Dan Walsh 2.2.23-9Dan Walsh 2.2.23-8Dan Walsh 2.2.23-7Dan Walsh 2.2.23-5Dan Walsh 2.2.23-4Dan Walsh 2.2.23-3Dan Walsh 2.2.23-2Dan Walsh 2.2.23-1Dan Walsh 2.2.22-2Dan Walsh 2.2.22-1Dan Walsh 2.2.21-9Dan Walsh 2.2.21-8Dan Walsh 2.2.21-7Dan Walsh 2.2.21-6Dan Walsh 2.2.21-5Dan Walsh 2.2.21-4Dan Walsh 2.2.21-3Dan Walsh 2.2.21-2Dan Walsh 2.2.21-1Dan Walsh 2.2.20-1Dan Walsh 2.2.19-2Dan Walsh 2.2.19-1Dan Walsh 2.2.18-2Dan Walsh 2.2.18-1Dan Walsh 2.2.17-2Dan Walsh 2.2.16-1Dan Walsh 2.2.15-4Dan Walsh 2.2.15-3Dan Walsh 2.2.15-1Dan Walsh 2.2.14-2Dan Walsh 2.2.14-1Dan Walsh 2.2.13-1Dan Walsh 2.2.12-1Dan Walsh 2.2.11-2Dan Walsh 2.2.11-1Dan Walsh 2.2.10-1Dan Walsh 2.2.9-2Dan Walsh 2.2.9-1Dan Walsh 2.2.8-2Dan Walsh 2.2.7-1Dan Walsh 2.2.6-3Dan Walsh 2.2.6-2Dan Walsh 2.2.6-1Dan Walsh 2.2.5-1Dan Walsh 2.2.4-1Dan Walsh 2.2.3-1Dan Walsh 2.2.2-1Dan Walsh 2.2.1-1Dan Walsh 2.1.13-1Dan Walsh 2.1.12-3Dan Walsh 2.1.11-1Dan Walsh 2.1.10-1Jeremy Katz - 2.1.9-2Dan Walsh 2.1.9-1Dan Walsh 2.1.8-3Dan Walsh 2.1.8-2Dan Walsh 2.1.8-1Dan Walsh 2.1.7-4Dan Walsh 2.1.7-3Dan Walsh 2.1.7-2Dan Walsh 2.1.7-1Dan Walsh 2.1.6-24Dan Walsh 2.1.6-23Dan Walsh 2.1.6-22Dan Walsh 2.1.6-21Dan Walsh 2.1.6-20Dan Walsh 2.1.6-18Dan Walsh 2.1.6-17Dan Walsh 2.1.6-16Dan Walsh 2.1.6-15Dan Walsh 2.1.6-14Dan Walsh 2.1.6-13Dan Walsh 2.1.6-11Dan Walsh 2.1.6-10Dan Walsh 2.1.6-9Dan Walsh 2.1.6-8Dan Walsh 2.1.6-5Dan Walsh 2.1.6-4Dan Walsh 2.1.6-3Dan Walsh 2.1.6-2Dan Walsh 2.1.6-1Dan Walsh 2.1.4-2Dan Walsh 2.1.4-1Dan Walsh 2.1.3-1Jeremy Katz - 2.1.2-3Dan Walsh 2.1.2-2Dan Walsh 2.1.2-1Dan Walsh 2.1.1-3Dan Walsh 2.1.1-2Dan Walsh 2.1.1-1Dan Walsh 2.1.0-3Dan Walsh 2.1.0-2.Dan Walsh 2.1.0-1.Dan Walsh 2.0.11-2.Dan Walsh 2.0.11-1.Dan Walsh 2.0.9-1.Dan Walsh 2.0.8-1.Dan Walsh 2.0.7-3Dan Walsh 2.0.7-2Dan Walsh 2.0.6-2Dan Walsh 2.0.5-4Dan Walsh 2.0.5-1Dan Walsh 2.0.4-1Dan Walsh 2.0.2-2Dan Walsh 2.0.2-1Dan Walsh 2.0.1-2Dan Walsh 2.0.1-1- Fix livecd_run() interface - Add labeling for /var/spool/postfix/dev/log * support postfix chroot - Allow sandbox_xserver_t to send signals - These are needed with CRL fetching is enabled - Razor labeling is not used no longer - Add label for /sbin/xtables-multi - Add support for winshadow port and allow iscsid to connect to this port - Allow chrome_sandbox_t to send all signals to sandbox_nacl_t - Allow sandbox_nacl to setsched on its process - Dontaudit fail2ban looking at gnome content - fix label for /usr/lib(64)/iscan/network- Fix BOINC bug- BOinc fixes - Allow mysqld_safe to delete the mysql_db_t sock_file - Dovecot has a new fifo_file /var/run/stats-mail- Allow gnomeclock to send system log msgs - Users that use X and spice need to use the virtio device - squashfs supports extended attributes - Allow system_cronjob to dbus chat with NetworkManager - Allow all postfix domains to use the fifo_file - Allow squid to check the network state - Allow spamd to send mail- Fix typo in ssh.if- Allow spamd and clamd to steam connect to each other - Allow colord to execute ifconfig - Allow smbcontrol to signal themselves - Make faillog MLS trusted to make sudo_$1_t working- Backport MCS fixes from F16 - Other chrome fixes from F16- Backport chrome fixes - Backport cloudform policy- Fixes for systemd - Add FIPS suppport for dirsrv- Allow sa-update to update rules - Allow sa-update to read spamd tmp file - Allow screen to read all domain state - Allow sa-update to execute shell - More fixes for sa-update running out of cron job - Allow initrc to manage cron system spool - Fixes for collectd policy - Fixes added during clean up bugzillas - Dontaudit fail2ban_client_t sys_tty_config capability - Fix for puppet which does execute check on passwd - ricci_modservice send syslog msgs - Fix dev_dontaudit_write_mtrr() interface- Make mta_role() active - Add additional gitweb file context labeling - Allow asterisk to connect to jabber client port - Allow sssd to read the contents of /sys/class/net/$IFACE_NAME - Allow fsdaemon dac_override- Add logging_syslogd_can_sendmail boolean - Add support for exim and confined users - support for ommail module to send logs via mail - Add execmem_execmod() to execmem role - Allow pptp to send generic signal to kernel threads - Fix kerberos_manage_host_rcache() interface- Fixes for mock- Backport F16 fixes - livecd fixes - systemd fixes- Allow hostname read network state - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Fix syslog port definition - Allow openvpn to set its process priority when the nice parameter is used - Restorecond should be able to watch and relabel devices in /dev - Alow hddtemp to perform DNS name resolution- Fixes for zarafa, postfix policy - Backport collect policy- Backport ABRT changes - Make tmux working with scree policy - Allow root cron jobs can't run without unconfined - add interface to dontaudit writes to urand, needed by libra - Add label for /var/cache/krb5rcache directory- Allow jabberd_router_t to read system state - Rename oracledb_port to oracle_port - Allow rgmanager executes init script files in initrc_t domain which ensure proper transitions - screen wants to manage sock file in screen home dirs - Make screen working with confined users - Allow gssd to search access on the directory /proc/fs/nfsd- More fixes for postfix policy - Allow virsh_t setsched - Add mcelog_log_t type for mcelog log file - Add virt_ptynode attribute- Add l2tpd policy - Fixes for abrt - Backport fail2ban_client policy- Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera- Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid- Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs- Fix /var/lock labeling issue- Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet- Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains- Add label for dev/ati/card* - Allowe secadm to manage selinux config files- Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl- Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, ignore error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system- Add label for /lib/upstart/init - Allow colord to getattr on /proc/scsi/scsi - Dontaudit sys_module for ifconfig and irqbalance- Make telepathy working with confined users - Allow colord signal - prelink_cron_system_t needs to be able to detect systemd - Allow cupsd_config_t to read user's symlinks in /tmp- Fixes for colord and vnstatd policy - telepathy needs to dbus chat with unconfined_t and unconfined_dbusd_t - Remove dbus.patch and move it to policy-F15.patch- Adding in unconfined_r telepathy domains so telepathy apps will not crash on update- Fix dbus_session_domain - Stop transitiong from unconfined_t to telepathy domains or to gkeyring domains- Allow init_t getcap and setcap - Allow namespace_init_t to use nsswitch - aisexec will execute corosync - colord tries to read files off noxattr file systems- Add back transition from unconfined to telepathy domains- Allow spamd to sent mail - Needs to be able to write to its systemhigh log file - Fix aide policy to run on MLS boxes - Allow NetworkManager to manage content in /etc/NetworkManager/system-connections - Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners - Allow telepath_msn_t to read /proc/PARENT/cmdline - ftpd needs kill capability - Allow telepath_msn_t to connect to sip port - keyring daemon does not work on nfs homedirs - Allow $1_sudo_t to read default SELinux context - Add label for tgtd sock file in /var/run/ - Add apache_exec_rotatelogs interface - allow all zaraha domains to signal themselves, server writes to /tmp - Allow syslog to read the process state - Add label for /usr/lib/chromium-browser/chrome - Remove the telepathy transition from unconfined_t - Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts - Allow initrc_t domain to manage abrt pid files - Add support for AEOLUS project - Virt_admin should be allowed to manage images and processes - Allow plymountd to send signals to init - Change labeling of fping6- xdm_t needs getsession for switch user - Every app that used to exec init is now execing systemdctl - Allow squid to manage krb5_host_rcache_t files - Allow foghorn to connect to agentx port - Fixes for colord policy- Need to allow apps that use locks to read /var/lock if it is a symlink - Allow systemd to create tasks - Logwatch reads /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward - Fixes for foghorn policy - Add labeling for systemd unit files - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Add label for matahari-broker.pid file - We want to remove untrustedmcsprocess from ability to read /proc/pid - Fixes for matahari policy- Allow colord to use unix_dgram_socket - Allow apps that search pids to read /var/run if it is a lnk_file - iscsid_t creates its own directory - Allow init to list var_lock_t dir - apm needs to verify user accounts auth_use_nsswitch- Add /var/run/lock /var/lock definition to file_contexts.subs - nslcd_t is looking for kerberos cc files - SSH_USE_STRONG_RNG is 1 which requires /dev/random - Fix auth_rw_faillog definition - Allow sysadm_t to set attributes on fixed disks - allow user domains to execute lsof and look at application sockets - prelink_cron job calls telinit -u if init is rewritten - Fixes to run qemu_t from staff_t- Fix label for /var/run/udev to udev_var_run_t- Add label for /run/udev - Mock needs to be able to read network state- Other fixes to make boot working- A lot of fixes making /run change working - Add subs file to equate /var/run with /run and /var/lock with /run/lock - Allow rgmanager to send the kill signal to all users - Allow ssh_t to search /root/.ssh and create it if it does not exist - dontaudit read of user_tmp_t from load_policy - Allow abrt fowner capability - Allow audit daemons to change the run level in MLS environments - Since /var/lock is moving to /run/lock. We need to allow all interfaces for lock files to search var_run_t - Add file labelfor MathKernel - Add label for /dev/dlm* - Allow systemd_tmpfiles_t to manage sandbox data - More /run directories labels - rlogind sends kill signal to chkpwd_t - systemd is now mounting on /var/lock- Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs -systemd is going to be useing /run and /run/lock for early bootup files. - Fix some comments in rlogin.if - Add policy for KDE backlighthelper - sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems - sssd wants to read .k5login file in users homedir - setroubleshoot reads executables to see if they have TEXTREL - Add /var/spool/audit support for new version of audit - Remove kerberos_connect_524() interface calling - Combine kerberos_master_port_t and kerberos_port_t - systemd has setup /dev/kmsg as stderr for apps it executes - Need these access so that init can impersonate sockets on unix_dgram_socket- Add syslogd_exec_t label for systemd-kmsg-syslogd - ipsec_mgmt_t wants to cause ipsec_t to dump core, needs to be allowed - Allow rythmbox and other apps to share music over daap port - Allow qemu and pulseaudio to work together - Allow httpd to create socket file in /tmp - Allow tuned to write to sysfs - Allow systemd_tmpfiles to send kernel messages - Add a dev_filetrans to readahead_manage_pid_files so any callers can create directories and files in /dev with this label - mrtg needs to be able to create /var/lock/mrtg - Add label for /usr/share/shorewall/getparams - xdm needs to read KDE config files - Smolt needs to look at urand and read hwdata - google talk plugin in nsplugin is listing the contents - Add support for KDE ksysguardprocesslist_helper - Add support for a new cluster service - foghorn - gnome-control-center reads colord lib files when monitor is plugged - Add interface for defining node_types- Fix multiple specification for boot.log - devicekit leaks file descriptors to setfiles_t - Change all all_nodes to generic_node and all_if to generic_if - Should not use deprecated interface - Switch from using all_nodes to generic_node and from all_if to generic_if - Add support for xfce4-notifyd - Fix file context to show several labels as SystemHigh - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs - Add etc_runtime_t label for /etc/securetty - Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly - login.krb needs to be able to write user_tmp_t - dirsrv needs to bind to port 7390 for dogtag - Fix a bug in gpg policy - gpg sends audit messages - Allow qpid to manage matahari files- Initial policy for matahari - Add dev_read_watchdog - Allow clamd to connect clamd port - Add support for kcmdatetimehelper - Allow shutdown to setrlimit and sys_nice - Allow systemd_passwd to talk to /dev/log before udev or syslog is running - Purge chr_file and blk files on /tmp - Fixes for pads - Fixes for piranha-pulse - gpg_t needs to be able to encyprt anything owned by the user- More dontaudits of writes from readahead - Dontaudit readahead_t file_type:dir write, to cover up kernel bug - systemd_tmpfiles needs to relabel faillog directory as well as the file - Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost- Update to upstream - Fixes for telepathy - Add port defition for ssdp port - add policy for /bin/systemd-notify from Dan - Mount command requires users read mount_var_run_t - colord needs to read konject_uevent_socket - User domains connect to the gkeyring socket - Add colord policy and allow user_t and staff_t to dbus chat with it - Add lvm_exec_t label for kpartx - Dontaudit reading the mail_spool_t link from sandbox -X - systemd is creating sockets in avahi_var_run and system_dbusd_var_run- Make a lot of modules independent - Update to make new seunshare/sandbox work - allow virt_domains to use inherited noxattrs file systems - Dont allow svirt_t to send kill signals - Cleanup policy to allow less modules in base - Cleanup to allow minimal files in base policy- gpg_t needs to talk to gnome-keyring - nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd - enforce MCS labeling on nodes - Allow arpwatch to read meminfo - Allow gnomeclock to send itself signals - init relabels /dev/.udev files on boot - gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t - nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t - dnsmasq can run as a dbus service, needs acquire service - mysql_admin should be allowed to connect to mysql service - virt creates monitor sockets in the users home dir- Allow sysadm type people to look at usb devices - Cron needs to be able to run shutdown - virt creates monitor sockets in the users home dir- gnome-keyring-daemon needs nsswitch getpw calls - Symantic places a pipe in the /opt directory tree that it expects syslogd to be able to write to - keyringd daemon sends/recieves dbus messages from user types - sudo domains need to be able to signal all users "sysadm_t" - allow systemd-ask-passwd to create unix dgram socket - allow puppet master to read usr files - fixes for mock policy - Add mock_enable_homedirs boolean - Allow systemd to relabel /dev - Moving to only one file type sandbox_file_t - mta search /var/lib/logcheck - sssd needs to bind to random UDP ports - Allow amavis sigkill - Add systemd_passwd_agent_dev_template interface and use it for lvm- Allow usbhid-ups to read hardware state information - systemd-tmpfiles has moved - Allo cgroup to sys_tty_config - For some reason prelink is attempting to read gconf settings - Add allow_daemons_use_tcp_wrapper boolean - Add label for ~/.cache/wocky to make telepathy work in enforcing mode - Add label for char devices /dev/dasd* - Fix for apache_role - Allow amavis to talk to nslcd - allow all sandbox to read selinux poilcy config files - Allow cluster domains to use the system bus and send each other dbus messages- Update to upstream - Allow systemd-tmpfiles to getattr on all files/dirs- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to ref policy - cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability- New labeling for postfmulti #675654 - dontaudit xdm_t listing noxattr file systems - dovecot-auth needs to be able to connect to mysqld via the network as well as locally - shutdown is passed stdout to a xdm_log_t file - smartd creates a fixed disk device - dovecot_etc_t contains a lnk_file that domains need to read - mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot- syslog_t needs syslog capability - dirsrv needs to be able to create /var/lib/snmp - Fix labeling for dirsrv - Fix for dirsrv policy missing manage_dirs_pattern - corosync needs to delete clvm_tmpfs_t files - qdiskd needs to list hugetlbfs - Move setsched to sandbox_x_domain, so firefox can run without network access - Allow hddtemp to read removable devices - Adding syslog and read_policy permissions to policy * syslog Allow unconfined, sysadm_t, secadm_t, logadm_t * read_policy allow unconfined, sysadm_t, secadm_t, staff_t on Targeted allow sysadm_t (optionally), secadm_t on MLS - mdadm application will write into /sys/.../uevent whenever arrays are assembled or disassembled.- Add tcsd policy- ricci_modclusterd_t needs to bind to rpc ports 500-1023 - Allow dbus to use setrlimit to increase resoueces - Mozilla_plugin is leaking to sandbox - Allow confined users to connect to lircd over unix domain stream socket which allow to use remote control - Allow awstats to read squid logs - seunshare needs to manage tmp_t - apcupsd cgi scripts have a new directory- Fix xserver_dontaudit_read_xdm_pid - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t - Allow readahead to manage readahead pid dirs - Allow readahead to read all mcs levels - Allow mozilla_plugin_t to use nfs or samba homedirs- Allow nagios plugin to read /proc/meminfo - Fix for mozilla_plugin - Allow samba_net_t to create /etc/keytab - pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t - nslcd can read user credentials - Allow nsplugin to delete mozilla_plugin_tmpfs_t - abrt tries to create dir in rpm_var_lib_t - virt relabels fifo_files - sshd needs to manage content in fusefs homedir - mock manages link files in cache dir- nslcd needs setsched and to read /usr/tmp - Invalid call in likewise policy ends up creating a bogus role - Cannon puts content into /var/lib/bjlib that cups needs to be able to write - Allow screen to create screen_home_t in /root - dirsrv sends syslog messages - pinentry reads stuff in .kde directory - Add labels for .kde directory in homedir - Treat irpinit, iprupdate, iprdump services with raid policy- NetworkManager wants to read consolekit_var_run_t - Allow readahead to create /dev/.systemd/readahead - Remove permissive domains - Allow newrole to run namespace_init- Add sepgsql_contexts file- Update to upstream- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on - Add puppetmaster_use_db boolean - Fixes for zarafa policy - Fixes for gnomeclock poliy - Fix systemd-tmpfiles to use auth_use_nsswitch- gnomeclock executes a shell - Update for screen policy to handle pipe in homedir - Fixes for polyinstatiated homedir - Fixes for namespace policy and other fixes related to polyinstantiation - Add namespace policy - Allow dovecot-deliver transition to sendmail which is needed by sieve scripts - Fixes for init, psad policy which relate with confined users - Do not audit bootloader attempts to read devicekit pid files - Allow nagios service plugins to read /proc- Add firewalld policy - Allow vmware_host to read samba config - Kernel wants to read /proc Fix duplicate grub def in cobbler - Chrony sends mail, executes shell, uses fifo_file and reads /proc - devicekitdisk getattr all file systems - sambd daemon writes wtmp file - libvirt transitions to dmidecode- Add initial policy for system-setup-keyboard which is now daemon - Label /var/lock/subsys/shorewall as shorewall_lock_t - Allow users to communicate with the gpg_agent_t - Dontaudit mozilla_plugin_t using the inherited terminal - Allow sambagui to read files in /usr - webalizer manages squid log files - Allow unconfined domains to bind ports to raw_ip_sockets - Allow abrt to manage rpm logs when running yum - Need labels for /var/run/bittlebee - Label .ssh under amanda - Remove unused genrequires for virt_domain_template - Allow virt_domain to use fd inherited from virtd_t - Allow iptables to read shorewall config- Gnome apps list config_home_t - mpd creates lnk files in homedir - apache leaks write to mail apps on tmp files - /var/stockmaniac/templates_cache contains log files - Abrt list the connects of mount_tmp_t dirs - passwd agent reads files under /dev and reads utmp file - squid apache script connects to the squid port - fix name of plymouth log file - teamviewer is a wine app - allow dmesg to read system state - Stop labeling files under /var/lib/mock so restorecon will not go into this - nsplugin needs to read network state for google talk- Allow xdm and syslog to use /var/log/boot.log - Allow users to communicate with mozilla_plugin and kill it - Add labeling for ipv6 and dhcp- New labels for ghc http content - nsplugin_config needs to read urand, lvm now calls setfscreate to create dev - pm-suspend now creates log file for append access so we remove devicekit_wri - Change authlogin_use_sssd to authlogin_nsswitch_use_ldap - Fixes for greylist_milter policy- Update to upstream - Fixes for systemd policy - Fixes for passenger policy - Allow staff users to run mysqld in the staff_t domain, akonadi needs this - Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py - auth_use_nsswitch does not need avahi to read passwords,needed for resolving data - Dontaudit (xdm_t) gok attempting to list contents of /var/account - Telepathy domains need to read urand - Need interface to getattr all file classes in a mock library for setroubleshoot- Update selinux policy to handle new /usr/share/sandbox/start script- Update to upstream - Fix version of policy in spec file- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - remove per sandbox domains devpts types - Allow dkim-milter sending signal to itself- Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup- Turn on systemd policy - mozilla_plugin needs to read certs in the homedir. - Dontaudit leaked file descriptors from devicekit - Fix ircssi to use auth_use_nsswitch - Change to use interface without param in corenet to disable unlabelednet packets - Allow init to relabel sockets and fifo files in /dev - certmonger needs dac* capabilities to manage cert files not owned by root - dovecot needs fsetid to change group membership on mail - plymouthd removes /var/log/boot.log - systemd is creating symlinks in /dev - Change label on /etc/httpd/alias to be all cert_t- Fixes for clamscan and boinc policy - Add boinc_project_t setpgid - Allow alsa to create tmp files in /tmp- Push fixes to allow disabling of unlabeled_t packet access - Enable unlabelednet policy- Fixes for lvm to work with systemd- Fix the label for wicd log - plymouthd creates force-display-on-active-vt file - Allow avahi to request the kernel to load a module - Dontaudit hal leaks - Fix gnome_manage_data interface - Add new interface corenet_packet to define a type as being an packet_type. - Removed general access to packet_type from icecast and squid. - Allow mpd to read alsa config - Fix the label for wicd log - Add systemd policy- Fix gnome_manage_data interface - Dontaudit sys_ptrace capability for iscsid - Fixes for nagios plugin policy- Fix cron to run ranged when started by init - Fix devicekit to use log files - Dontaudit use of devicekit_var_run_t for fstools - Allow init to setattr on logfile directories - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Turn on sshd_forward_ports boolean by default - Allow sysadmin to dbus chat with rpm - Add interface for rw_tpm_dev - Allow cron to execute bin - fsadm needs to write sysfs - Dontaudit consoletype reading /var/run/pm-utils - Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin - certmonger needs to manage dirsrv data - /var/run/pm-utils should be labeled as devicekit_var_run_t- fixes to allow /var/run and /var/lock as tmpfs - Allow chrome sandbox to connect to web ports - Allow dovecot to listem on lmtp and sieve ports - Allov ddclient to search sysctl_net_t - Transition back to original domain if you execute the shell- Remove duplicate declaration- Update to upstream - Cleanup for sandbox - Add attribute to be able to select sandbox types- Allow ddclient to fix file mode bits of ddclient conf file - init leaks file descriptors to daemons - Add labels for /etc/lirc/ and - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0- Put back in lircd_etc_t so policy will install- Turn on allow_postfix_local_write_mail_spool - Allow initrc_t to transition to shutdown_t - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Login programs have to read /etc/samba - New programs under /lib/systemd - Abrt needs to read config files- Update to upstream - Dontaudit leaked sockets from userdomains to user domains - Fixes for mcelog to handle scripts - Apply patch from Ruben Kerkhof - Allow syslog to search spool dirs- Allow nagios plugins to read usr files - Allow mysqld-safe to send system log messages - Fixes fpr ddclient policy - Fix sasl_admin interface - Allow apache to search zarafa config - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Fix labels on /etc/mcelog/triggers to bin_t- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp - Fix xserver interface - Fix definition of /var/run/lxdm- Turn on mediawiki policy - kdump leaks kdump_etc_t to ifconfig, add dontaudit - uux needs to transition to uucpd_t - More init fixes relabels man,faillog - Remove maxima defs in libraries.fc - insmod needs to be able to create tmpfs_t files - ping needs setcap- Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Allow mpd to be able to read samba/nfs files- Fix up corecommands.fc to match upstream - Make sure /lib/systemd/* is labeled init_exec_t - mount wants to setattr on all mountpoints - dovecot auth wants to read dovecot etc files - nscd daemon looks at the exe file of the comunicating daemon - openvpn wants to read utmp file - postfix apps now set sys_nice and lower limits - remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly - Also resolves nsswitch - Fix labels on /etc/hosts.* - Cleanup to make upsteam patch work - allow abrt to read etc_runtime_t- Add conflicts for dirsrv package- Update to upstream - Add vlock policy- Fix sandbox to work on nfs homedirs - Allow cdrecord to setrlimit - Allow mozilla_plugin to read xauth - Change label on systemd-logger to syslogd_exec_t - Install dirsrv policy from dirsrv package- Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it - Udev needs to stream connect to init and kernel - Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory- Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon- Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/*- Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot- Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs. - Allow devicekit_power to domtrans to mount - Allow dhcp to bind to udp ports > 1024 to do named stuff - Allow ssh_t to exec ssh_exec_t - Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used - Fix clamav_append_log() intefaces - Fix 'psad_rw_fifo_file' interface- Allow cobblerd to list cobler appache content- Fixup for the latest version of upowed - Dontaudit sandbox sending SIGNULL to desktop apps- Update to upstream-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access - dovecot-auth_t needs ipc_lock - gpm needs to use the user terminal - Allow system_mail_t to append ~/dead.letter - Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf - Add pid file to vnstatd - Allow mount to communicate with gfs_controld - Dontaudit hal leaks in setfiles- Lots of fixes for systemd - systemd now executes readahead and tmpwatch type scripts - Needs to manage random seed- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream- Fix fusefs handling - Do not allow sandbox to manage nsplugin_rw_t - Allow mozilla_plugin_t to connecto its parent - Allow init_t to connect to plymouthd running as kernel_t - Add mediawiki policy - dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. - Disable transition from dbus_session_domain to telepathy for F14 - Allow boinc_project to use shm - Allow certmonger to search through directories that contain certs - Allow fail2ban the DAC Override so it can read log files owned by non root users- Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t- Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home - Allow clamd to send signals to itself - Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm. - Allow haze to connect to yahoo chat and messenger port tcp:5050. Bz #637339 - Allow guest to run ps command on its processes by allowing it to read /proc - Allow firewallgui to sys_rawio which seems to be required to setup masqerading - Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba. - Add label for /var/log/slim.log- Pull in cleanups from dgrift - Allow mozilla_plugin_t to execute mozilla_home_t - Allow rpc.quota to do quotamod- Cleanup policy via dgrift - Allow dovecot_deliver to append to inherited log files - Lots of fixes for consolehelper- Fix up Xguest policy- Add vnstat policy - allow libvirt to send audit messages - Allow chrome-sandbox to search nfs_t- Update to upstream- Add the ability to send audit messages to confined admin policies - Remove permissive domain from cmirrord and dontaudit sys_tty_config - Split out unconfined_domain() calls from other unconfined_ calls so we can d - virt needs to be able to read processes to clearance for MLS- Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit messages- Update to upstream- Allow mdadm_t to create files and sock files in /dev/md/- Add policy for ajaxterm- Handle /var/db/sudo - Allow pulseaudio to read alsa config - Allow init to send initrc_t dbus messagesAllow iptables to read shorewall tmp files Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr intd label vlc as an execmem_exec_t Lots of fixes for mozilla_plugin to run google vidio chat Allow telepath_msn to execute ldconfig and its own tmp files Fix labels on hugepages Allow mdadm to read files on /dev Remove permissive domains and change back to unconfined Allow freshclam to execute shell and bin_t Allow devicekit_power to transition to dhcpc Add boolean to allow icecast to connect to any port- Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm- Allow mdadm_t to read/write hugetlbfs- Dominic Grift Cleanup - Miroslav Grepl policy for jabberd - Various fixes for mount/livecd and prelink- Merge with upstream- More access needed for devicekit - Add dbadm policy- Merge with upstream- Allow seunshare to fowner- Allow cron to look at user_cron_spool links - Lots of fixes for mozilla_plugin_t - Add sysv file system - Turn unconfined domains to permissive to find additional avcs- Update policy for mozilla_plugin_t- Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir- Allow clamscan_t execmem if clamd_use_jit set - Add policy for firefox plugin-container- Fix /root/.forward definition- label dead.letter as mail_home_t- Allow login programs to search /cgroups- Fix cert handling- Fix devicekit_power bug - Allow policykit_auth_t more access.- Fix nis calls to allow bind to ports 512-1024 - Fix smartmon- Allow pcscd to read sysfs - systemd fixes - Fix wine_mmap_zero_ignore boolean- Apply Miroslav munin patch - Turn back on allow_execmem and allow_execmod booleans- Merge in fixes from dgrift repository- Update boinc policy - Fix sysstat policy to allow sys_admin - Change failsafe_context to unconfined_r:unconfined_t:s0- New paths for upstart- New permissions for syslog - New labels for /lib/upstart- Add mojomojo policy- Allow systemd to setsockcon on sockets to immitate other services- Remove debugfs label- Update to latest policy- Fix eclipse labeling from IBMSupportAssasstant packageing- Make boot with systemd in enforcing mode- Update to upstream- Add boolean to turn off port forwarding in sshd.- Add support for ebtables - Fixes for rhcs and corosync policy-Update to upstream-Update to upstream-Update to upstream- Add Zarafa policy- Cleanup of aiccu policy - initial mock policy- Lots of random fixes- Update to upstream- Update to upstream - Allow prelink script to signal itself - Cobbler fixes- Add xdm_var_run_t to xserver_stream_connect_xdm - Add cmorrord and mpd policy from Miroslav Grepl- Fix sshd creation of krb cc files for users to be user_tmp_t- Fixes for accountsdialog - Fixes for boinc- Fix label on /var/lib/dokwiki - Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls- Update to upstream- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label- Allow login programs to read krb5_home_t Resolves: 594833 - Add obsoletes for cachefilesfd-selinux package Resolves: #575084- Allow mount to r/w abrt fifo file - Allow svirt_t to getattr on hugetlbfs - Allow abrt to create a directory under /var/spool- Add labels for /sys - Allow sshd to getattr on shutdown - Fixes for munin - Allow sssd to use the kernel key ring - Allow tor to send syslog messages - Allow iptabels to read usr files - allow policykit to read all domains state- Fix path for /var/spool/abrt - Allow nfs_t as an entrypoint for http_sys_script_t - Add policy for piranha - Lots of fixes for sosreport- Allow xm_t to read network state and get and set capabilities - Allow policykit to getattr all processes - Allow denyhosts to connect to tcp port 9911 - Allow pyranha to use raw ip sockets and ptrace itself - Allow unconfined_execmem_t and gconfsd mechanism to dbus - Allow staff to kill ping process - Add additional MLS rules- Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663- Allow boinc to send mail- Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136- Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760- Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609 - Add policy for piranha- Fixups for xguest policy - Fixes for running sandbox firefox- Allow ksmtuned to use terminals Resolves: #586663 - Allow lircd to write to generic usb devices- Allow sandbox_xserver to connectto unconfined stream Resolves: #585171- Allow initrc_t to read slapd_db_t Resolves: #585476 - Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf Resolves: #585963- Allow rlogind_t to search /root for .rhosts Resolves: #582760 - Fix path for cached_var_t - Fix prelink paths /var/lib/prelink - Allow confined users to direct_dri - Allow mls lvm/cryptosetup to work- Allow virtd_t to manage firewall/iptables config Resolves: #573585- Fix label on /root/.rhosts Resolves: #582760 - Add labels for Picasa - Allow openvpn to read home certs - Allow plymouthd_t to use tty_device_t - Run ncftool as iptables_t - Allow mount to unmount unlabeled_t - Dontaudit hal leaks- Allow livecd to transition to mount- Update to upstream - Allow abrt to delete sosreport Resolves: #579998 - Allow snmp to setuid and gid Resolves: #582155 - Allow smartd to use generic scsi devices Resolves: #582145- Allow ipsec_t to create /etc/resolv.conf with the correct label - Fix reserved port destination - Allow autofs to transition to showmount - Stop crashing tuned- Add telepathysofiasip policy- Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t) - Allow accountsd to read shadow file - Allow apache to send audit messages when using pam - Allow asterisk to bind and connect to sip tcp ports - Fixes for dovecot 2.0 - Allow initrc_t to setattr on milter directories - Add procmail_home_t for .procmailrc file- Fixes for labels during install from livecd- Fix /cgroup file context - Fix broken afs use of unlabled_t - Allow getty to use the console for s390- Fix cgroup handling adding policy for /cgroup - Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set- Merge patches from dgrift- Update upstream - Allow abrt to write to the /proc under any process- Fix ~/.fontconfig label - Add /root/.cert label - Allow reading of the fixed_file_disk_t:lnk_file if you can read file - Allow qemu_exec_t as an entrypoint to svirt_t- Update to upstream - Allow tmpreaper to delete sandbox sock files - Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems - Fixes for gitosis - No transition on livecd to passwd or chfn - Fixes for denyhosts- Add label for /var/lib/upower - Allow logrotate to run sssd - dontaudit readahead on tmpfs blk files - Allow tmpreaper to setattr on sandbox files - Allow confined users to execute dos files - Allow sysadm_t to kill processes running within its clearance - Add accountsd policy - Fixes for corosync policy - Fixes from crontab policy - Allow svirt to manage svirt_image_t chr files - Fixes for qdisk policy - Fixes for sssd policy - Fixes for newrole policy- make libvirt work on an MLS platform- Add qpidd policy- Update to upstream- Allow boinc to read kernel sysctl - Fix snmp port definitions - Allow apache to read anon_inodefs- Allow shutdown dac_override- Add device_t as a file system - Fix sysfs association- Dontaudit ipsec_mgmt sys_ptrace - Allow at to mail its spool files - Allow nsplugin to search in .pulse directory- Update to upstream- Allow users to dbus chat with xdm - Allow users to r/w wireless_device_t - Dontaudit reading of process states by ipsec_mgmt- Fix openoffice from unconfined_t- Add shutdown policy so consolekit can shutdown system- Update to upstream- Update to upstream- Update to upstream - These are merges of my patches - Remove 389 labeling conflicts - Add MLS fixes found in RHEL6 testing - Allow pulseaudio to run as a service - Add label for mssql and allow apache to connect to this database port if boolean set - Dontaudit searches of debugfs mount point - Allow policykit_auth to send signals to itself - Allow modcluster to call getpwnam - Allow swat to signal winbind - Allow usbmux to run as a system role - Allow svirt to create and use devpts- Add MLS fixes found in RHEL6 testing - Allow domains to append to rpm_tmp_t - Add cachefilesfd policy - Dontaudit leaks when transitioning- Change allow_execstack and allow_execmem booleans to on - dontaudit acct using console - Add label for fping - Allow tmpreaper to delete sandbox_file_t - Fix wine dontaudit mmap_zero - Allow abrt to read var_t symlinks- Additional policy for rgmanager- Allow sshd to setattr on pseudo terms- Update to upstream- Allow policykit to send itself signals- Fix duplicate cobbler definition- Fix file context of /var/lib/avahi-autoipd- Merge with upstream- Allow sandbox to work with MLS- Make Chrome work with staff user- Add icecast policy - Cleanup spec file- Add mcelog policy- Lots of fixes found in F12- Fix rpm_dontaudit_leaks- Add getsched to hald_t - Add file context for Fedora/Redhat Directory Server- Allow abrt_helper to getattr on all filesystems - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so- Add gstreamer_home_t for ~/.gstreamer- Update to upstream- Fix git- Turn on puppet policy - Update to dgrift git policy- Move users file to selection by spec file. - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t- Update to upstream- Remove most of the permissive domains from F12.- Add cobbler policy from dgrift- add usbmon device - Add allow rulse for devicekit_disk- Lots of fixes found in F12, fixes from Tom London- Cleanups from dgrift- Add back xserver_manage_home_fonts- Dontaudit sandbox trying to read nscd and sssd- Update to upstream- Rename udisks-daemon back to devicekit_disk_t policy- Fixes for abrt calls- Add tgtd policy- Update to upstream release- Add asterisk policy back in - Update to upstream release 2.20091117- Update to upstream release 2.20091117- Fixup nut policy- Update to upstream- Allow vpnc request the kernel to load modules- Fix minimum policy installs - Allow udev and rpcbind to request the kernel to load modules- Add plymouth policy - Allow local_login to sys_admin- Allow cupsd_config to read user tmp - Allow snmpd_t to signal itself - Allow sysstat_t to makedir in sysstat_log_t- Update rhcs policy- Allow users to exec restorecond- Allow sendmail to request kernel modules load- Fix all kernel_request_load_module domains- Fix all kernel_request_load_module domains- Remove allow_exec* booleans for confined users. Only available for unconfined_t- More fixes for sandbox_web_t- Allow sshd to create .ssh directory and content- Fix request_module line to module_request- Fix sandbox policy to allow it to run under firefox. - Dont audit leaks.- Fixes for sandbox- Update to upstream - Dontaudit nsplugin search /root - Dontaudit nsplugin sys_nice- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service - Remove policycoreutils-python requirement except for minimum- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files - Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)- Add wordpress/wp-content/uploads label - Fixes for sandbox when run from staff_t- Update to upstream - Fixes for devicekit_disk- More fixes- Lots of fixes for initrc and other unconfined domains- Allow xserver to use netlink_kobject_uevent_socket- Fixes for sandbox- Dontaudit setroubleshootfix looking at /root directory- Update to upsteam- Allow gssd to send signals to users - Fix duplicate label for apache content- Update to upstream- Remove polkit_auth on upgrades- Add back in unconfined.pp and unconfineduser.pp - Add Sandbox unshare- Fixes for cdrecord, mdadm, and others- Add capability setting to dhcpc and gpm- Allow cronjobs to read exim_spool_t- Add ABRT policy- Fix system-config-services policy- Allow libvirt to change user componant of virt_domain- Allow cupsd_config_t to be started by dbus - Add smoltclient policy- Add policycoreutils-python to pre install- Make all unconfined_domains permissive so we can see what AVC's happen- Add pt_chown policy- Add kdump policy for Miroslav Grepl - Turn off execstack boolean- Turn on execstack on a temporary basis (#512845)- Allow nsplugin to connecto the session bus - Allow samba_net to write to coolkey data- Allow devicekit_disk to list inotify- Allow svirt images to create sock_file in svirt_var_run_t- Allow exim to getattr on mountpoints - Fixes for pulseaudio- Allow svirt_t to stream_connect to virtd_t- Allod hald_dccm_t to create sock_files in /tmp- More fixes from upstream- Fix polkit label - Remove hidebrokensymptoms for nss_ldap fix - Add modemmanager policy - Lots of merges from upstream - Begin removing textrel_shlib_t labels, from fixed libraries- Update to upstream- Allow certmaster to override dac permissions- Update to upstream- Fix context for VirtualBox- Update to upstream- Allow clamscan read amavis spool files- Fixes for xguest- fix multiple directory ownership of mandirs- Update to upstream- Add rules for rtkit-daemon- Update to upstream - Fix nlscd_stream_connect- Add rtkit policy- Allow rpcd_t to stream connect to rpcbind- Allow kpropd to create tmp files- Fix last duplicate /var/log/rpmpkgs- Update to upstream * add sssd- Update to upstream * cleanup- Update to upstream - Additional mail ports - Add virt_use_usb boolean for svirt- Fix mcs rules to include chr_file and blk_file- Add label for udev-acl- Additional rules for consolekit/udev, privoxy and various other fixes- New version for upstream- Allow NetworkManager to read inotifyfs- Allow setroubleshoot to run mlocate- Update to upstream- Add fish as a shell - Allow fprintd to list usbfs_t - Allow consolekit to search mountpoints - Add proper labeling for shorewall- New log file for vmware - Allow xdm to setattr on user_tmp_t- Upgrade to upstream- Allow fprintd to access sys_ptrace - Add sandbox policy- Add varnishd policy- Fixes for kpropd- Allow brctl to r/w tun_tap_device_t- Add /usr/share/selinux/packages- Allow rpcd_t to send signals to kernel threads- Fix upgrade for F10 to F11- Add policy for /var/lib/fprint-Remove duplicate line- Allow svirt to manage pci and other sysfs device data- Fix package selection handling- Fix /sbin/ip6tables-save context - Allod udev to transition to mount - Fix loading of mls policy file- Add shorewall policy- Additional rules for fprintd and sssd- Allow nsplugin to unix_read unix_write sem for unconfined_java- Fix uml files to be owned by users- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less- Allow confined users to manage virt_content_t, since this is home dir content - Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection- Fix labeling on /var/lib/misc/prelink* - Allow xserver to rw_shm_perms with all x_clients - Allow prelink to execute files in the users home directory- Allow initrc_t to delete dev_null - Allow readahead to configure auditing - Fix milter policy - Add /var/lib/readahead- Update to latest milter code from Paul Howarth- Additional perms for readahead- Allow pulseaudio to acquire_svc on session bus - Fix readahead labeling- Allow sysadm_t to run rpm directly - libvirt needs fowner- Allow sshd to read var_lib symlinks for freenx- Allow nsplugin unix_read and write on users shm and sem - Allow sysadm_t to execute su- Dontaudit attempts to getattr user_tmpfs_t by lvm - Allow nfs to share removable media- Add ability to run postdrop from confined users- Fixes for podsleuth- Turn off nsplugin transition - Remove Konsole leaked file descriptors for release- Allow cupsd_t to create link files in print_spool_t - Fix iscsi_stream_connect typo - Fix labeling on /etc/acpi/actions - Don't reinstall unconfine and unconfineuser on upgrade if they are not installed- Allow audioentroy to read etc files- Add fail2ban_var_lib_t - Fixes for devicekit_power_t- Separate out the ucnonfined user from the unconfined.pp package- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.- Upgrade to latest upstream - Allow devicekit_disk sys_rawio- Dontaudit binds to ports < 1024 for named - Upgrade to latest upstream- Allow podsleuth to use tmpfs files- Add customizable_types for svirt- Allow setroubelshoot exec* privs to prevent crash from bad libraries - add cpufreqselector- Dontaudit listing of /root directory for cron system jobs- Fix missing ld.so.cache label- Add label for ~/.forward and /root/.forward- Fixes for svirt- Fixes to allow svirt read iso files in homedir- Add xenner and wine fixes from mgrepl- Allow mdadm to read/write mls override- Change to svirt to only access svirt_image_t- Fix libvirt policy- Upgrade to latest upstream- Fixes for iscsid and sssd - More cleanups for upgrade from F10 to Rawhide.- Add pulseaudio, sssd policy - Allow networkmanager to exec udevadm- Add pulseaudio context- Upgrade to latest patches- Fixes for libvirt- Update to Latest upstream- Fix setrans.conf to show SystemLow for s0- Further confinement of qemu images via svirt- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- Allow NetworkManager to manage /etc/NetworkManager/system-connections- add virtual_image_context and virtual_domain_context files- Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged- Fix sysnet/net_conf_t- Fix squidGuard labeling- Re-add corenet_in_generic_if(unlabeled_t)* Tue Feb 10 2009 Dan Walsh 3.6.5-2 - Add git web policy- Add setrans contains from upstream- Do transitions outside of the booleans- Allow xdm to create user_tmp_t sockets for switch user to work- Fix staff_t domain- Grab remainder of network_peer_controls patch- More fixes for devicekit- Upgrade to latest upstream- Add boolean to disallow unconfined_t login- Add back transition from xguest to mozilla- Add virt_content_ro_t and labeling for isos directory- Fixes for wicd daemon- More mls/rpm fixes- Add policy to make dbus/nm-applet work- Remove polgen-ifgen from post and add trigger to policycoreutils-python- Add wm policy - Make mls work in graphics mode- Fixed for DeviceKit- Add devicekit policy- Update to upstream- Define openoffice as an x_domain- Fixes for reading xserver_tmp_t- Allow cups_pdf_t write to nfs_t- Remove audio_entropy policy- Update to upstream- Allow hal_acl_t to getattr/setattr fixed_disk- Change userdom_read_all_users_state to include reading symbolic links in /proc- Fix dbus reading /proc information- Add missing alias for home directory content- Fixes for IBM java location- Allow unconfined_r unconfined_java_t- Add cron_role back to user domains- Fix sudo setting of user keys- Allow iptables to talk to terminals - Fixes for policy kit - lots of fixes for booting.- Cleanup policy- Rebuild for Python 2.6- Fix labeling on /var/spool/rsyslog- Allow postgresl to bind to udp nodes- Allow lvm to dbus chat with hal - Allow rlogind to read nfs_t- Fix cyphesis file context- Allow hal/pm-utils to look at /var/run/video.rom - Add ulogd policy- Additional fixes for cyphesis - Fix certmaster file context - Add policy for system-config-samba - Allow hal to read /var/run/video.rom- Allow dhcpc to restart ypbind - Fixup labeling in /var/run- Add certmaster policy- Fix confined users - Allow xguest to read/write xguest_dbusd_t- Allow openoffice execstack/execmem privs- Allow mozilla to run with unconfined_execmem_t- Dontaudit domains trying to write to .xsession-errors- Allow nsplugin to look at autofs_t directory- Allow kerneloops to create tmp files- More alias for fastcgi- Remove mod_fcgid-selinux package- Fix dovecot access- Policy cleanup- Remove Multiple spec - Add include - Fix makefile to not call per_role_expansion- Fix labeling of libGL- Update to upstream- Update to upstream policy- Fixes for confined xwindows and xdm_t- Allow confined users and xdm to exec wm - Allow nsplugin to talk to fifo files on nfs- Allow NetworkManager to transition to avahi and iptables - Allow domains to search other domains keys, coverup kernel bug- Fix labeling for oracle- Allow nsplugin to comminicate with xdm_tmp_t sock_file- Change all user tmpfs_t files to be labeled user_tmpfs_t - Allow radiusd to create sock_files- Upgrade to upstream- Allow confined users to login with dbus- Fix transition to nsplugin- Add file context for /dev/mspblk.*- Fix transition to nsplugin '- Fix labeling on new pm*log - Allow ssh to bind to all nodes- Merge upstream changes - Add Xavier Toth patches- Add qemu_cache_t for /var/cache/libvirt- Remove gamin policy- Add tinyxs-max file system support- Update to upstream - New handling of init scripts- Allow pcsd to dbus - Add memcache policy- Allow audit dispatcher to kill his children- Update to upstream - Fix crontab use by unconfined user- Allow ifconfig_t to read dhcpc_state_t- Update to upstream- Update to upstream- Allow system-config-selinux to work with policykit- Fix novel labeling- Consolodate pyzor,spamassassin, razor into one security domain - Fix xdm requiring additional perms.- Fixes for logrotate, alsa- Eliminate vbetool duplicate entry- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t - Change dhclient to be able to red networkmanager_var_run- Update to latest refpolicy - Fix libsemanage initial install bug- Add inotify support to nscd- Allow unconfined_t to setfcap- Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Add support for netware file systems- Allow ypbind apps to net_bind_service- Allow all system domains and application domains to append to any log file- Allow gdm to read rpm database - Allow nsplugin to read mplayer config files- Allow vpnc to run ifconfig- Allow confined users to use postgres - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server- Apply unconfined_execmem_exec_t to haskell programs- Fix prelude file context- allow hplip to talk dbus - Fix context on ~/.local dir- Prevent applications from reading x_device- Add /var/lib/selinux context- Update to upstream- Add livecd policy- Dontaudit search of admin_home for init_system_domain - Rewrite of xace interfaces - Lots of new fs_list_inotify - Allow livecd to transition to setfiles_mac- Begin XAce integration- Merge Upstream- Allow amanada to create data files- Fix initial install, semanage setup- Allow system_r for httpd_unconfined_script_t- Remove dmesg boolean - Allow user domains to read/write game data- Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work- Remove old booleans from targeted-booleans.conf file- Add boolean to mmap_zero - allow tor setgid - Allow gnomeclock to set clock- Don't run crontab from unconfined_t- Change etc files to config files to allow users to read them- Lots of fixes for confined domains on NFS_t homedir- dontaudit mrtg reading /proc - Allow iscsi to signal itself - Allow gnomeclock sys_ptrace- Allow dhcpd to read kernel network state- Label /var/run/gdm correctly - Fix unconfined_u user creation- Allow transition from initrc_t to getty_t- Allow passwd to communicate with user sockets to change gnome-keyring- Fix initial install- Allow radvd to use fifo_file - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set- Allow nsplugin to read /etc/mozpluggerrc, user_fonts - Allow syslog to manage innd logs. - Allow procmail to ioctl spamd_exec_t- Allow initrc_t to dbus chat with consolekit.- Additional access for nsplugin - Allow xdm setcap/getcap until pulseaudio is fixed- Allow mount to mkdir on tmpfs - Allow ifconfig to search debugfs- Fix file context for MATLAB - Fixes for xace- Allow stunnel to transition to inetd children domains - Make unconfined_dbusd_t an unconfined domain- Fixes for qemu/virtd- Fix bug in mozilla policy to allow xguest transition - This will fix the libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not query record value (No such file or directory) bug in xguest- Allow nsplugin to run acroread- Add cups_pdf policy - Add openoffice policy to run in xguest- prewika needs to contact mysql - Allow syslog to read system_map files- Change init_t to an unconfined_domain- Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes- fixes for init policy (#436988) - fix build- Additional changes for MLS policy- Fix initrc_context generation for MLS- Fixes for libvirt- Allow bitlebee to read locale_t- More xselinux rules- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t- Prepare policy for beta release - Change some of the system domains back to unconfined - Turn on some of the booleans- Allow nsplugin_config execstack/execmem - Allow nsplugin_t to read alsa config - Change apache to use user content- Add cyphesis policy- Fix Makefile.devel to build mls modules - Fix qemu to be more specific on labeling- Update to upstream fixes- Allow staff to mounton user_home_t- Add xace support- Add fusectl file system- Fixes from yum-cron - Update to latest upstream- Fix userdom_list_user_files- Merge with upstream- Allow udev to send audit messages- Add additional login users interfaces - userdom_admin_login_user_template(staff)- More fixes for polkit- Eliminate transition from unconfined_t to qemu by default - Fixes for gpg- Update to upstream- Fixes for staff_t- Add policy for kerneloops - Add policy for gnomeclock- Fixes for libvirt- Fixes for nsplugin- More fixes for qemu- Additional ports for vnc and allow qemu and libvirt to search all directories- Update to upstream - Add libvirt policy - add qemu policy- Allow fail2ban to create a socket in /var/run- Allow allow_httpd_mod_auth_pam to work- Add audisp policy and prelude- Allow all user roles to executae samba net command- Allow usertypes to read/write noxattr file systems- Fix nsplugin to allow flashplugin to work in enforcing mode- Allow pam_selinux_permit to kill all processes- Allow ptrace or user processes by users of same type - Add boolean for transition to nsplugin- Allow nsplugin sys_nice, getsched, setsched- Allow login programs to talk dbus to oddjob- Add procmail_log support - Lots of fixes for munin- Allow setroubleshoot to read policy config and send audit messages- Allow users to execute all files in homedir, if boolean set - Allow mount to read samba config- Fixes for xguest to run java plugin- dontaudit pam_t and dbusd writing to user_home_t- Update gpg to allow reading of inotify- Change user and staff roles to work correctly with varied perms- Fix munin log, - Eliminate duplicate mozilla file context - fix wpa_supplicant spec- Fix role transition from unconfined_r to system_r when running rpm - Allow unconfined_domains to communicate with user dbus instances- Fixes for xguest- Let all uncofined domains communicate with dbus unconfined- Run rpm in system_r- Zero out customizable types- Fix definiton of admin_home_t- Fix munin file context- Allow cron to run unconfined apps- Modify default login to unconfined_u- Dontaudit dbus user client search of /root- Update to upstream- Fixes for polkit - Allow xserver to ptrace- Add polkit policy - Symplify userdom context, remove automatic per_role changes- Update to upstream - Allow httpd_sys_script_t to search users homedirs- Allow rpm_script to transition to unconfined_execmem_t- Remove user based home directory separation- Remove user specific crond_t- Merge with upstream - Allow xsever to read hwdata_t - Allow login programs to setkeycreate- Update to upstream- Update to upstream- Allow XServer to read /proc/self/cmdline - Fix unconfined cron jobs - Allow fetchmail to transition to procmail - Fixes for hald_mac - Allow system_mail to transition to exim - Allow tftpd to upload files - Allow xdm to manage unconfined_tmp - Allow udef to read alsa config - Fix xguest to be able to connect to sound port- Fixes for hald_mac - Treat unconfined_home_dir_t as a home dir - dontaudit rhgb writes to fonts and root- Fix dnsmasq - Allow rshd full login privs- Allow rshd to connect to ports > 1023- Fix vpn to bind to port 4500 - Allow ssh to create shm - Add Kismet policy- Allow rpm to chat with networkmanager- Fixes for ipsec and exim mail - Change default to unconfined user- Pass the UNK_PERMS param to makefile - Fix gdm location- Make alsa work- Fixes for consolekit and startx sessions- Dontaudit consoletype talking to unconfined_t- Remove homedir_template- Check asound.state- Fix exim policy- Allow tmpreadper to read man_t - Allow racoon to bind to all nodes - Fixes for finger print reader- Allow xdm to talk to input device (fingerprint reader) - Allow octave to run as java- Allow login programs to set ioctl on /proc- Allow nsswitch apps to read samba_var_t- Fix maxima- Eliminate rpm_t:fifo_file avcs - Fix dbus path for helper app- Fix service start stop terminal avc's- Allow also to search var_lib - New context for dbus launcher- Allow cupsd_config_t to read/write usb_device_t - Support for finger print reader, - Many fixes for clvmd - dbus starting networkmanager- Fix java and mono to run in xguest account- Fix to add xguest account when inititial install - Allow mono, java, wine to run in userdomains- Allow xserver to search devpts_t - Dontaudit ldconfig output to homedir- Remove hplip_etc_t change back to etc_t.- Allow cron to search nfs and samba homedirs- Allow NetworkManager to dbus chat with yum-updated- Allow xfs to bind to port 7100- Allow newalias/sendmail dac_override - Allow bind to bind to all udp ports- Turn off direct transition- Allow wine to run in system role- Fix java labeling- Define user_home_type as home_type- Allow sendmail to create etc_aliases_t- Allow login programs to read symlinks on homedirs- Update an readd modules- Cleanup spec file- Allow xserver to be started by unconfined process and talk to tty- Upgrade to upstream to grab postgressql changes- Add setransd for mls policy- Add ldconfig_cache_t- Allow sshd to write to proc_t for afs login- Allow xserver access to urand- allow dovecot to search mountpoints- Fix Makefile for building policy modules- Fix dhcpc startup of service- Fix dbus chat to not happen for xguest and guest users- Fix nagios cgi - allow squid to communicate with winbind- Fixes for ldconfig- Update from upstream- Add nasd support- Fix new usb devices and dmfm- Eliminate mount_ntfs_t policy, merge into mount_t- Allow xserver to write to ramfs mounted by rhgb- Add context for dbus machine id- Update with latest changes from upstream- Fix prelink to handle execmod- Add ntpd_key_t to handle secret data- Add anon_inodefs - Allow unpriv user exec pam_exec_t - Fix trigger- Allow cups to use generic usb - fix inetd to be able to run random apps (git)- Add proper contexts for rsyslogd- Fixes for xguest policy- Allow execution of gconf- Fix moilscanner update problem- Begin adding policy to separate setsebool from semanage - Fix xserver.if definition to not break sepolgen.if- Add new devices- Add brctl policy- Fix root login to include system_r- Allow prelink to read kernel sysctls- Default to user_u:system_r:unconfined_t- fix squid - Fix rpm running as uid- Fix syslog declaration- Allow avahi to access inotify - Remove a lot of bogus security_t:filesystem avcs- Remove ifdef strict policy from upstream- Remove ifdef strict to allow user_u to login- Fix for amands - Allow semanage to read pp files - Allow rhgb to read xdm_xserver_tmp- Allow kerberos servers to use ldap for backing store- allow alsactl to read kernel state- More fixes for alsactl - Transition from hal and modutils - Fixes for suspend resume. - insmod domtrans to alsactl - insmod writes to hal log- Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy- Update to latest from upstream- Update to latest from upstream- Update to latest from upstream- Allow pcscd_t to send itself signals-- Fixes for unix_update - Fix logwatch to be able to search all dirs- Upstream bumped the version- Allow consolekit to syslog - Allow ntfs to work with hal- Allow iptables to read etc_runtime_t- MLS Fixes- Fix path of /etc/lvm/cache directory - Fixes for alsactl and pppd_t - Fixes for consolekit- Allow insmod_t to mount kvmfs_t filesystems- Rwho policy - Fixes for consolekit- fixes for fusefs- Fix samba_net to allow it to view samba_var_t- Update to upstream- Fix Sonypic backlight - Allow snmp to look at squid_conf_t- Fixes for pyzor, cyrus, consoletype on everything installs- Fix hald_acl_t to be able to getattr/setattr on usb devices - Dontaudit write to unconfined_pipes for load_policy- Allow bluetooth to read inotifyfs- Fixes for samba domain controller. - Allow ConsoleKit to look at ttys- Fix interface call- Allow syslog-ng to read /var - Allow locate to getattr on all filesystems - nscd needs setcap- Update to upstream- Allow samba to run groupadd- Update to upstream- Allow mdadm to access generic scsi devices- Fix labeling on udev.tbl dirs- Fixes for logwatch- Add fusermount and mount_ntfs policy- Update to upstream - Allow saslauthd to use kerberos keytabs- Fixes for samba_var_t- Allow networkmanager to setpgid - Fixes for hal_acl_t- Remove disable_trans booleans - hald_acl_t needs to talk to nscd- Fix prelink to be able to manage usr dirs.- Allow insmod to launch init scripts- Remove setsebool policy- Fix handling of unlabled_t packets- More of my patches from upstream- Update to latest from upstream - Add fail2ban policy- Update to remove security_t:filesystem getattr problems- Policy for consolekit- Update to latest from upstream- Revert Nemiver change - Set sudo as a corecmd so prelink will work, remove sudoedit mapping, since this will not work, it does not transition. - Allow samba to execute useradd- Upgrade to the latest from upstream- Add sepolgen support - Add bugzilla policy- Fix file context for nemiver- Remove include sym link- Allow mozilla, evolution and thunderbird to read dev_random. Resolves: #227002 - Allow spamd to connect to smtp port Resolves: #227184 - Fixes to make ypxfr work Resolves: #227237- Fix ssh_agent to be marked as an executable - Allow Hal to rw sound device- Fix spamassisin so crond can update spam files - Fixes to allow kpasswd to work - Fixes for bluetooth- Remove some targeted diffs in file context file- Fix squid cachemgr labeling- Add ability to generate webadm_t policy - Lots of new interfaces for httpd - Allow sshd to login as unconfined_t- Continue fixing, additional user domains- Begin adding user confinement to targeted policy- Fixes for prelink, ktalkd, netlabel- Allow prelink when run from rpm to create tmp files Resolves: #221865 - Remove file_context for exportfs Resolves: #221181 - Allow spamassassin to create ~/.spamassissin Resolves: #203290 - Allow ssh access to the krb tickets - Allow sshd to change passwd - Stop newrole -l from working on non securetty Resolves: #200110 - Fixes to run prelink in MLS machine Resolves: #221233 - Allow spamassassin to read var_lib_t dir Resolves: #219234- fix mplayer to work under strict policy - Allow iptables to use nscd Resolves: #220794- Add gconf policy and make it work with strict- Many fixes for strict policy and by extension mls.- Fix to allow ftp to bind to ports > 1024 Resolves: #219349- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t Resolves: #219421 - Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080- allow automount to setgid Resolves: #219999- Allow cron to polyinstatiate - Fix creation of boot flags Resolves: #207433- Fixes for irqbalance Resolves: #219606- Fix vixie-cron to work on mls Resolves: #207433Resolves: #218978- Allow initrc to create files in /var directories Resolves: #219227- More fixes for MLS Resolves: #181566- More Fixes polyinstatiation Resolves: #216184- More Fixes polyinstatiation - Fix handling of keyrings Resolves: #216184- Fix polyinstatiation - Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350- More fixes for quota Resolves: #212957- ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014- Allow login programs to polyinstatiate homedirs Resolves: #216184 - Allow quotacheck to create database files Resolves: #212957- Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 Resolves: #217611 Resolves: #217640 Resolves: #217725- Fix context for helix players file_context #216942- Fix load_policy to be able to mls_write_down so it can talk to the terminal- Fixes for hwclock, clamav, ftp- Move to upstream version which accepted my patches- Fixes for nvidia driver- Allow semanage to signal mcstrans- Update to upstream- Allow modstorage to edit /etc/fstab file- Fix for qemu, /dev/- Fix path to realplayer.bin- Allow xen to connect to xen port- Allow cups to search samba_etc_t directory - Allow xend_t to list auto_mountpoints- Allow xen to search automount- Fix spec of jre files- Fix unconfined access to shadow file- Allow xend to create files in xen_image_t directories- Fixes for /var/lib/hal- Remove ability for sysadm_t to look at audit.log- Fix rpc_port_types - Add aide policy for mls- Merge with upstream- Lots of fixes for ricci- Allow xen to read/write fixed devices with a boolean - Allow apache to search /var/log- Fix policygentool specfile problem. - Allow apache to send signals to it's logging helpers. - Resolves: rhbz#212731- Add perms for swat- Add perms for swat- Allow daemons to dump core files to /- Fixes for ricci- Allow mount.nfs to work- Allow ricci-modstorage to look at lvm_etc_t- Fixes for ricci using saslauthd- Allow mountpoint on home_dir_t and home_t- Update xen to read nfs files- Allow noxattrfs to associate with other noxattrfs- Allow hal to use power_device_t- Allow procemail to look at autofs_t - Allow xen_image_t to work as a fixed device- Refupdate from upstream- Add lots of fixes for mls cups- Lots of fixes for ricci- Fix number of cats- Update to upstream- More iSCSI changes for #209854- Test ISCSI fixes for #209854- allow semodule to rmdir selinux_config_t dir- Fix boot_runtime_t problem on ppc. Should not be creating these files.- Fix context mounts on reboot - Fix ccs creation of directory in /var/log- Update for tallylog- Allow xend to rewrite dhcp conf files - Allow mgetty sys_admin capability- Make xentapctrl work- Don't transition unconfined_t to bootloader_t - Fix label in /dev/xen/blktap- Patch for labeled networking- Fix crond handling for mls- Update to upstream- Remove bluetooth-helper transition - Add selinux_validate for semanage - Require new version of libsemanage- Fix prelink- Fix rhgb- Fix setrans handling on MLS and useradd- Support for fuse - fix vigr- Fix dovecot, amanda - Fix mls- Allow java execheap for itanium- Update with upstream- mls fixes- Update from upstream- More fixes for mls - Revert change on automount transition to mount- Fix cron jobs to run under the correct context- Fixes to make pppd work- Multiple policy fixes - Change max categories to 1023- Fix transition on mcstransd- Add /dev/em8300 defs- Upgrade to upstream- Fix ppp connections from network manager- Add tty access to all domains boolean - Fix gnome-pty-helper context for ia64- Fixed typealias of firstboot_rw_t- Fix location of xel log files - Fix handling of sysadm_r -> rpm_exec_t- Fixes for autofs, lp- Update from upstream- Fixup for test6- Update to upstream- Update to upstream- Fix suspend to disk problems- Lots of fixes for restarting daemons at the console.- Fix audit line - Fix requires line- Upgrade to upstream- Fix install problems- Allow setroubleshoot to getattr on all dirs to gather RPM data- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform - Fix spec for /dev/adsp- Fix xen tty devices- Fixes for setroubleshoot- Update to upstream- Fixes for stunnel and postgresql - Update from upstream- Update from upstream - More java fixes- Change allow_execstack to default to on, for RHEL5 Beta. This is required because of a Java compiler problem. Hope to turn off for next beta- Misc fixes- More fixes for strict policy- Quiet down anaconda audit messages- Fix setroubleshootd- Update to the latest from upstream- More fixes for xen- Fix anaconda transitions- yet more xen rules- more xen rules- Fixes for Samba- Fixes for xen- Allow setroubleshootd to send mail- Add nagios policy- fixes for setroubleshoot- Added Paul Howarth patch to only load policy packages shipped with this package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus- Add policy for /var/run/ldapi- Fix setroubleshoot policy- Fixes for mls use of ssh - named has a new conf file- Fixes to make setroubleshoot work- Cups needs to be able to read domain state off of printer client- add boolean to allow zebra to write config files- setroubleshootd fixes- Allow prelink to read bin_t symlink - allow xfs to read random devices - Change gfs to support xattr- Remove spamassassin_can_network boolean- Update to upstream - Fix lpr domain for mls- Add setroubleshoot policy- Turn off auditallow on setting booleans- Multiple fixes- Update to upstream- Update to upstream - Add new class for kernel key ring- Update to upstream- Update to upstream- Break out selinux-devel package- Add ibmasmfs- Fix policygentool gen_requires- Update from Upstream- Fix spec of realplay- Update to upstream- Fix semanage- Allow useradd to create_home_dir in MLS environment- Update from upstream- Update from upstream- Add oprofilefs- Fix for hplip and Picasus- Update to upstream- Update to upstream- fixes for spamd- fixes for java, openldap and webalizer- Xen fixes- Upgrade to upstream- allow hal to read boot_t files - Upgrade to upstream- allow hal to read boot_t files- Update from upstream- Fixes for amavis- Update from upstream- Allow auditctl to search all directories- Add acquire service for mono.- Turn off allow_execmem boolean - Allow ftp dac_override when allowed to access users homedirs- Clean up spec file - Transition from unconfined_t to prelink_t- Allow execution of cvs command- Update to upstream- Update to upstream- Fix libjvm spec- Update to upstream- Add xm policy - Fix policygentool- Update to upstream - Fix postun to only disable selinux on full removal of the packages- Allow mono to chat with unconfined- Allow procmail to sendmail - Allow nfs to share dosfs- Update to latest from upstream - Allow selinux-policy to be removed and kernel not to crash- Update to latest from upstream - Add James Antill patch for xen - Many fixes for pegasus- Add unconfined_mount_t - Allow privoxy to connect to httpd_cache - fix cups labeleing on /var/cache/cups- Update to latest from upstream- Update to latest from upstream - Allow mono and unconfined to talk to initrc_t dbus objects- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t- Fix samba creating dirs in homedir - Fix NFS so its booleans would work- Allow secadm_t ability to relabel all files - Allow ftp to search xferlog_t directories - Allow mysql to communicate with ldap - Allow rsync to bind to rsync_port_t- Fixed mailman with Postfix #183928 - Allowed semanage to create file_context files. - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Don't allow devpts_t to be associated with tmp_t. - Allow hald_t to stat all mountpoints. - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts. - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of /etc/mtab. - Changed the file_contexts to not have a regex before the first ^/[a-z]/ whenever possible, makes restorecon slightly faster. - Correct the label of /etc/named.caching-nameserver.conf - Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src hit by this. - Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed xenstored_t rw access to the xen device node.- More textrel_shlib_t file path fixes - Add ada support- Get auditctl working in MLS policy- Add mono dbus support - Lots of file_context fixes for textrel_shlib_t in FC5 - Turn off execmem auditallow since they are filling log files- Update to upstream- Allow automount and dbus to read cert files- Fix ftp policy - Fix secadm running of auditctl- Update to upstream- Update to upstream- Fix policyhelp- Fix pam_console handling of usb_device - dontaudit logwatch reading /mnt dir- Update to upstream- Get transition rules to create policy.20 at SystemHigh- Allow secadmin to shutdown system - Allow sendmail to exec newalias- MLS Fixes dmidecode needs mls_file_read_up - add ypxfr_t - run init needs access to nscd - udev needs setuid - another xen log file - Dontaudit mount getattr proc_kcore_t- fix buildroot usage (#185391)- Get rid of mount/fsdisk scan of /dev messages - Additional fixes for suspend/resume- Fake make to rebuild enableaudit.pp- Get xen networking running.- Fixes for Xen - enableaudit should not be the same as base.pp - Allow ps to work for all process- more xen policy fixups- more xen fixage (#184393)- Fix blkid specification - Allow postfix to execute mailman_que- Blkid changes - Allow udev access to usb_device_t - Fix post script to create targeted policy config file- Allow lvm tools to create drevice dir- Add Xen support- Fixes for cups - Make cryptosetup work with hal- Load Policy needs translock- Fix cups html interface- Add hal changes suggested by Jeremy - add policyhelp to point at policy html pages- Additional fixes for nvidia and cups- Update to upstream - Merged my latest fixes - Fix cups policy to handle unix domain sockets- NSCD socket is in nscd_var_run_t needs to be able to search dir- Fixes Apache interface file- Fixes for new version of cups- Turn off polyinstatiate util after FC5- Fix problem with privoxy talking to Tor- Turn on polyinstatiation- Don't transition from unconfined_t to fsadm_t- Fix policy update model.- Update to upstream- Fix load_policy to work on MLS - Fix cron_rw_system_pipes for postfix_postdrop_t - Allow audotmount to run showmount- Fix swapon - allow httpd_sys_script_t to be entered via a shell - Allow httpd_sys_script_t to read eventpolfs- Update from upstream- allow cron to read apache files- Fix vpnc policy to work from NetworkManager- Update to upstream - Fix semoudle polcy- Update to upstream - fix sysconfig/selinux link- Add router port for zebra - Add imaze port for spamd - Fixes for amanda and java- Fix bluetooth handling of usb devices - Fix spamd reading of ~/ - fix nvidia spec- Update to upsteam- Add users_extra files- Update to upstream- Add semodule policy- Update from upstream- Fix for spamd to use razor port- Fixes for mcs - Turn on mount and fsadm for unconfined_t- Fixes for the -devel package- Fix for spamd to use ldap- Update to upstream- Update to upstream - Fix rhgb, and other Xorg startups- Update to upstream- Separate out role of secadm for mls- Add inotifyfs handling- Update to upstream - Put back in changes for pup/zen- Many changes for MLS - Turn on strict policy- Update to upstream- Update to upstream - Fixes for booting and logging in on MLS machine- Update to upstream - Turn off execheap execstack for unconfined users - Add mono/wine policy to allow execheap and execstack for them - Add execheap for Xdm policy- Update to upstream - Fixes to fetchmail,- Update to upstream- Fix for procmail/spamassasin - Update to upstream - Add rules to allow rpcd to work with unlabeled_networks.- Update to upstream - Fix ftp Man page- Update to upstream- fix pup transitions (#177262) - fix xen disks (#177599)- Update to upstream- More Fixes for hal and readahead- Fixes for hal and readahead- Update to upstream - Apply- Add wine and fix hal problems- Handle new location of hal scripts- Allow su to read /etc/mtab- Update to upstream- Fix "libsemanage.parse_module_headers: Data did not represent a module." problem- Allow load_policy to read /etc/mtab- Fix dovecot to allow dovecot_auth to look at /tmp- Allow restorecon to read unlabeled_t directories in order to fix labeling.- Add Logwatch policy- Fix /dev/ub[a-z] file context- Fix library specification - Give kudzu execmem privs- Fix hostname in targeted policy- Fix passwd command on mls- Lots of fixes to make mls policy work- Add dri libs to textrel_shlib_t - Add system_r role for java - Add unconfined_exec_t for vncserver - Allow slapd to use kerberos- Add man pages- Add enableaudit.pp- Fix mls policy- Update mls file from old version- Add sids back in - Rebuild with update checkpolicy- Fixes to allow automount to use portmap - Fixes to start kernel in s0-s15:c0.c255- Add java unconfined/execmem policy- Add file context for /var/cvs - Dontaudit webalizer search of homedir- Update from upstream- Clean up spec - range_transition crond to SystemHigh- Fixes for hal - Update to upstream- Turn back on execmem since we need it for java, firefox, ooffice - Allow gpm to stream socket to itself- fix requirements to be on the actual packages so that policy can get created properly at install time- Allow unconfined_t to execmod texrel_shlib_t- Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies- Add two new httpd booleans, turned off by default * httpd_can_network_relay * httpd_can_network_connect_db- Add ghost for policy.20- Update to upstream - Turn off boolean allow_execstack- Change setrans-mls to use new libsetrans - Add default_context rule for xdm- Change Requires to PreReg for requiring of policycoreutils on install- New upstream releaseAdd xdm policyUpdate from upstreamUpdate from upstreamUpdate from upstream- Also trigger to rebuild policy for versions up to 2.0.7.- No longer installing policy.20 file, anaconda handles the building of the app.- Fixes for dovecot and saslauthd- Cleanup pegasus and named - Fix spec file - Fix up passwd changing applications-Update to latest from upstream- Add rules for pegasus and avahi- Start building MLS Policy- Update to upstream- Turn on bash- Initial version/bin/sh/bin/shselinux-policy-targeted-sourcesmod_fcgid-selinuxcachefilesd-selinux/bin/sh                                                                                                                                                                                                                                                                                                                                                                                                 G  M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e L f g h i j k l m n o p q r s t u v w x y z { | } ~                                                                                                                                                                    ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~     3.9.16-52.fc153.9.16-52.fc153.9.16-52.fc15 23.9.16-52.fc150.10-1targetedcontextscustomizable_typesdbus_contextsdefault_contextsdefault_typefailsafe_contextfilesfile_contextsfile_contexts.homedirsfile_contexts.subsmediainitrc_contextremovable_contextsecuretty_typessepgsql_contextsuserhelper_contextusersguest_urootstaff_uunconfined_uuser_uxguest_uvirtual_domain_contextvirtual_image_contextx_contextsmodulesactivesemanage.read.LOCKsemanage.trans.LOCKpolicypolicy.24setrans.confseuserstargetedabrt.pp.bz2accountsd.pp.bz2acct.pp.bz2ada.pp.bz2afs.pp.bz2aiccu.pp.bz2aide.pp.bz2aisexec.pp.bz2ajaxterm.pp.bz2alsa.pp.bz2amanda.pp.bz2amavis.pp.bz2amtu.pp.bz2anaconda.pp.bz2apache.pp.bz2apcupsd.pp.bz2apm.pp.bz2application.pp.bz2arpwatch.pp.bz2asterisk.pp.bz2audioentropy.pp.bz2authlogin.pp.bz2automount.pp.bz2avahi.pp.bz2awstats.pp.bz2base.pp.bz2bind.pp.bz2bitlbee.pp.bz2bluetooth.pp.bz2boinc.pp.bz2bootloader.pp.bz2brctl.pp.bz2bugzilla.pp.bz2cachefilesd.pp.bz2calamaris.pp.bz2canna.pp.bz2ccs.pp.bz2cdrecord.pp.bz2certmaster.pp.bz2certmonger.pp.bz2certwatch.pp.bz2cgroup.pp.bz2chrome.pp.bz2chronyd.pp.bz2cipe.pp.bz2clamav.pp.bz2clock.pp.bz2clogd.pp.bz2cloudform.pp.bz2cmirrord.pp.bz2cobbler.pp.bz2collectd.pp.bz2colord.pp.bz2comsat.pp.bz2consolekit.pp.bz2consoletype.pp.bz2corosync.pp.bz2courier.pp.bz2cpucontrol.pp.bz2cpufreqselector.pp.bz2cron.pp.bz2cups.pp.bz2cvs.pp.bz2cyphesis.pp.bz2cyrus.pp.bz2daemontools.pp.bz2dbadm.pp.bz2dbskk.pp.bz2dbus.pp.bz2dcc.pp.bz2ddclient.pp.bz2denyhosts.pp.bz2devicekit.pp.bz2dhcp.pp.bz2dictd.pp.bz2dirsrv-admin.pp.bz2dirsrv.pp.bz2dmesg.pp.bz2dmidecode.pp.bz2dnsmasq.pp.bz2dovecot.pp.bz2drbd.pp.bz2execmem.pp.bz2exim.pp.bz2fail2ban.pp.bz2fetchmail.pp.bz2finger.pp.bz2firewalld.pp.bz2firewallgui.pp.bz2firstboot.pp.bz2fprintd.pp.bz2fstools.pp.bz2ftp.pp.bz2games.pp.bz2getty.pp.bz2git.pp.bz2gitosis.pp.bz2gnome.pp.bz2gnomeclock.pp.bz2gpg.pp.bz2gpm.pp.bz2gpsd.pp.bz2guest.pp.bz2hal.pp.bz2hddtemp.pp.bz2hostname.pp.bz2hotplug.pp.bz2howl.pp.bz2icecast.pp.bz2inetd.pp.bz2init.pp.bz2inn.pp.bz2ipsec.pp.bz2iptables.pp.bz2irc.pp.bz2irqbalance.pp.bz2iscsi.pp.bz2jabber.pp.bz2java.pp.bz2kdump.pp.bz2kdumpgui.pp.bz2kerberos.pp.bz2kerneloops.pp.bz2keyboardd.pp.bz2kismet.pp.bz2ksmtuned.pp.bz2ktalk.pp.bz2kudzu.pp.bz2l2tpd.pp.bz2ldap.pp.bz2libraries.pp.bz2likewise.pp.bz2lircd.pp.bz2livecd.pp.bz2loadkeys.pp.bz2locallogin.pp.bz2lockdev.pp.bz2logadm.pp.bz2logging.pp.bz2logrotate.pp.bz2logwatch.pp.bz2lpd.pp.bz2lvm.pp.bz2mailman.pp.bz2matahari.pp.bz2mcelog.pp.bz2mediawiki.pp.bz2memcached.pp.bz2milter.pp.bz2miscfiles.pp.bz2mock.pp.bz2modemmanager.pp.bz2modules.lstmodutils.pp.bz2mojomojo.pp.bz2mono.pp.bz2mount.pp.bz2mozilla.pp.bz2mpd.pp.bz2mplayer.pp.bz2mrtg.pp.bz2mta.pp.bz2munin.pp.bz2mysql.pp.bz2nagios.pp.bz2namespace.pp.bz2ncftool.pp.bz2netlabel.pp.bz2netutils.pp.bz2networkmanager.pp.bz2nis.pp.bz2nscd.pp.bz2nslcd.pp.bz2nsplugin.pp.bz2ntop.pp.bz2ntp.pp.bz2nut.pp.bz2nx.pp.bz2oddjob.pp.bz2openct.pp.bz2openoffice.pp.bz2openvpn.pp.bz2pads.pp.bz2passenger.pp.bz2pcmcia.pp.bz2pcscd.pp.bz2pegasus.pp.bz2pingd.pp.bz2piranha.pp.bz2plymouthd.pp.bz2podsleuth.pp.bz2policykit.pp.bz2portmap.pp.bz2portreserve.pp.bz2postfix.pp.bz2postgresql.pp.bz2postgrey.pp.bz2ppp.pp.bz2prelink.pp.bz2prelude.pp.bz2privoxy.pp.bz2procmail.pp.bz2psad.pp.bz2ptchown.pp.bz2publicfile.pp.bz2pulseaudio.pp.bz2puppet.pp.bz2pyzor.pp.bz2qemu.pp.bz2qmail.pp.bz2qpidd.pp.bz2quota.pp.bz2radius.pp.bz2radvd.pp.bz2raid.pp.bz2razor.pp.bz2rdisc.pp.bz2readahead.pp.bz2remotelogin.pp.bz2rgmanager.pp.bz2rhcs.pp.bz2rhgb.pp.bz2ricci.pp.bz2rlogin.pp.bz2roundup.pp.bz2rpc.pp.bz2rpcbind.pp.bz2rpm.pp.bz2rshd.pp.bz2rssh.pp.bz2rsync.pp.bz2rtkit.pp.bz2rwho.pp.bz2samba.pp.bz2sambagui.pp.bz2sandbox.pp.bz2sasl.pp.bz2screen.pp.bz2sectoolm.pp.bz2selinuxutil.pp.bz2sendmail.pp.bz2setrans.pp.bz2setroubleshoot.pp.bz2seunshare.pp.bz2shorewall.pp.bz2shutdown.pp.bz2slocate.pp.bz2smartmon.pp.bz2smokeping.pp.bz2smoltclient.pp.bz2snmp.pp.bz2snort.pp.bz2sosreport.pp.bz2soundserver.pp.bz2spamassassin.pp.bz2squid.pp.bz2ssh.pp.bz2sssd.pp.bz2staff.pp.bz2stunnel.pp.bz2su.pp.bz2sudo.pp.bz2sysadm.pp.bz2sysnetwork.pp.bz2sysstat.pp.bz2systemd.pp.bz2tcpd.pp.bz2tcsd.pp.bz2telepathy.pp.bz2telnet.pp.bz2tftp.pp.bz2tgtd.pp.bz2tmpreaper.pp.bz2tor.pp.bz2tuned.pp.bz2tvtime.pp.bz2tzdata.pp.bz2udev.pp.bz2ulogd.pp.bz2uml.pp.bz2unconfined.pp.bz2unconfineduser.pp.bz2unlabelednet.pp.bz2unprivuser.pp.bz2updfstab.pp.bz2usbmodules.pp.bz2usbmuxd.pp.bz2userdomain.pp.bz2userhelper.pp.bz2usermanage.pp.bz2usernetctl.pp.bz2uucp.pp.bz2varnishd.pp.bz2vbetool.pp.bz2vdagent.pp.bz2vhostmd.pp.bz2virt.pp.bz2vlock.pp.bz2vmware.pp.bz2vnstatd.pp.bz2vpn.pp.bz2w3c.pp.bz2webadm.pp.bz2webalizer.pp.bz2wine.pp.bz2wireshark.pp.bz2xen.pp.bz2xfs.pp.bz2xguest.pp.bz2xserver.pp.bz2zabbix.pp.bz2zarafa.pp.bz2zebra.pp.bz2zosremote.pp.bz2/etc/selinux//etc/selinux/targeted//etc/selinux/targeted/contexts//etc/selinux/targeted/contexts/files//etc/selinux/targeted/contexts/users//etc/selinux/targeted/modules//etc/selinux/targeted/policy//usr/share/selinux//usr/share/selinux/targeted/-O2drpmnoarch-redhat-linux-gnuASCII textASCII text, with very long lines, with no line terminatorsHTML document, ASCII textdirectoryemptyexported SGML document, ASCII textxz2?7zXZ !PH6j]"k%qkhue0&ER|7illɓe9r^eTЉjg 1VqDהГĞG@)%Q-8dBڥzHxп&ɘ&J_Z ;P3zs;oմS*@ riP~Nm sAW\QYӣeUuܦjM:=PMbs6G &`ndwyX4ZG>̎dXqR.+\D7,~|чB v&y8\2D uB`D>Y6v:. eA]Fe#_2[kA{WTwJT!B"g:,n8%dPesJia57uQ0G-_eZ`rpf,$:+Si}?f=E="egt{]-[u+psfand-i%2vJɗV+'j .fް p0+>eV2J<ٞRqIU0A-ٻÉ{y8`9̟ŀ(捁Zr5~0bdRpn@reǞ|ٴDPh$W12v~eaDd6i8 ܡ!LnʤgXOv@{-6EB:Q@`7H 2hԀW.W?ia q;`*MRnHzM{p\_Na&7Gs(fc7!#Vs!}Jam S{(vO2.h WKpGU3R螱hC *0ax:hǪ!iܪ u" ҭeTX,;,mq!kK.`@0ҁ$ ~g7H?1I!c7Jf,]LƱM)”q+rm D ZܽLR%$Q*-Oy!Bc}o3kf͡׫ +R][`Ӊ/pNŔ 12 b~IU$EX3HZ^X F jr_B \U`Qg%:)O3#؝$M^mLaQYҥJ藭 $Ӓ~ rWaK M_9ϯzO5Q~m6컊uY\5@Q<(&# u9ո}bLcdN9УK?zX1,C^Hv4=(Ra4JE@_N(-D o#"BXN o59I<+ I2:#V0-glK -^wiHpej% yǂcX^JvxNLrbp4zva^ I `JFZ. 6EjDF5[t $py׃mwBGz-R.nŠLrkzJ߈]]Eg̀oS(.e)6-RGbվ؈5j0y j9w$s T~v |Y4O'm 6q ; H+P'h̆O5#8WpnWEt0D\h,B'D‚12vf/Uҕ/;r_™tіE3=pL#ݬZ1K,y*TguCXG˸&3eԣޥcUԡkhX>d g^Sc<9qAUԇcϙGi{FHt6mh@8 ^huh^wvXkzE}U^S ߀7n7;# uy#EcB8 *x_| =ׁgQm,Ah(mh;zذɉںe˿2ȒO}ƎƋ8V Mp6@^ ^jq`NۡyߺKWuB&icʜH,юt$vRE9Qq& [IbGrOn%'UK1Φ;ŎJLO\m&g20pwZ0Hf̹)UW{CԵt]q~k /֍h^Ik*, >/[4-pN,dכúNv=y1_̷`_4~ v"'C:6BЦXB [M[WŤOLBU^TWj`2U6z煀𡑫'/~ZY9aU\gsx!wd(=RQb}L>~Њn8q/v+Y+ixPx}M㓶XԌFmkj$9q}U>ܨv? +}>,!(M R1)Я /ljIDm^[,iu\}Bͭ%\a H_YD !P\$3@z 2*GltPtCBhj\ 9c@7O2ƑHK"źLY|iT؝ytne_;avI}=x`T+5&"kʑ.0kƎT%t\Om/Xv:-v.FKdQ; rrp4"(h~}JhAv%N1hHI`@'I]4qDja .<ȋU|^vI Ru5| F&9$Ab%ƒ/x濿I{̶% /~9p,X ۘ^jA@",,!JZMoƪ/~lz.˺O,r%<:x?_:sK֊:uj'ЛߑtӢWTiB~-LA|\C9YHKAd:ov=.j{jGn ը@?j41\)m,?Txvq i̢!8vwIV0vy6bV%@/4<^O}_Иf9>~8,3@/6װ1EZ ӾE-m֊ˀ:)QifK/l:]]. /̺i"@nTBT/O0ܯtUxL0rRB8,𜧀OY޴e8A) <Hv֌yo@6_ln^zXJ][d{c,jg]11 '|v8>5k7]jQ_5j+ty-`o.glREU͔2"_rx&DQ⠮3Bu`\_E1nNh$bX?R*n,γHE0D\bݬMP4 rB YϝcH-"-z lRuhUA(!5i`^`Z+^B. \!w¸ڧS,+V^c t#\o2D& / }[1%i x7bӝyJm=e'_wM۠ư;8cô ie, };$[`H@;7"3`jrhK9ȷ1wIHdhѰi7>:V:$$';%=07;QQ],o{u"ܧh-gsAqZB2*E f^nKUϺԔ*~\4ǜC3ĸWr|W9D ӓ>-RJr&l<-=舽`1J/) I!rkSlCDnۨ&=d1?aB[!D9ɬ6EuoR{7\G__L{W5l-#; җEDEHf.On6AoBS4*rt"Es #gevuioܡ>q#d M\aO 7tbS4h `\8Co?PS+Ӗs?G ѕ0 rZ9ۓ'<.P7<]Řx a1;Bh2=e{QGQM[Zn;iޢ ;`(d~SZhӛGYrqt†pD*%]Q60:zG4Cۖ*>t5ш D d$/Ng# okj܄I6sbْࡧ- w1B+#䐵cbSt) )|$rl>J ^YHIVi v{WejdN2P7(R"IYev׸_nm0/g1s4URgyֲPvPtuł4QWtm];v_yyzr -SIfgX2t-+B;@Y*R$ؾpq;U<4UΏ ZsމA`3Ok Fpp댶%p-Qqbj8%=Ĵ_8u<KhCW~t+u;t3XS#u}{NX=TN@Ş3hK ()“Y'i<kq?6"1m[USe֢5d6! ?IpҐk%1% _>! O1{Z)<׏_h赝ֶS-,u~ȐrߘAo)@gxN9~KXWHYZk̤H4/.ֈIwFk~PkNȘ6 ^nMק0$MB2Nص3ђ!_^=f@x9TAPoeEN-ukW) e\h];b׏ Δd,MK3dKA (!KߢCf!VrcCm&xQ1N`D#mեʭĊ&>>a9X๼M.U~-CD''B]3ANȱsߑQd.zf!˵EW~/ q\"|a: z|7UP/'۬g% ፸ z&b0z1'60N KIM?e. ]`0ɤrty$CFa9xa +1ٙ9m>|.HIAhyg|wj B?@+uRv=6u~ˤf*)w Јgh\ v޹`x+m_^!ZirFlt(;25?,yyS"yۄ?rEy ;O4LgxVtaJq23T8R"o8&*&`\< 9O %hXBNGYM~4ˍRA9>W ̜^WI]8&YpƍE.y`]/y xYg NcZ76*ZR)\Iן+6 .4󅴅h+۠ACDHNWln^?)KKeOw*`+=/p 2 Z:^WnjY=` !kY@ƙ,dnGLyqeYB5_܉SgU:EӭS/!fVvݛC8#3&ET= L]XQH3i֚+xqUj H߸lZRF_+xֻبDDTd[ˮ~v*Sw`[fJaYw˽wTS̙ؐyjHowdUhĩ4];7]v"痷2MrU>y5/QfkE){l%HotM-3dˏi2Tܺ NPEvF;ƍK^ǝB-DF]Z>@Wzc$b!+q1ޘ&vh ፑW+69ZXqO`3%|R kq7-$O^L; ?GN1)R-w ATy2δ~Q ~^K#S/(DDt}wCY2#`eY Gw-NV$Wu edD1X= iJ -P ȕѝ67\:^Kks4&EsxÜ\[ !t)׍GXvRAb2)+}I^|s?6̓v(:[3m?-\"h G8݇[0!:m:?32wH4ԏRW|P owxJ`ɘr1K0[J+UGRQ~"ϹF)7PC$; `QAQ6ux“YKlE,kpuavO&(~4ڟ. >'hqFݭwAv[i1*!M z}iS=NKMDHz2kwpY N.XI-p(%O*vߎ c`/bu'(֔Ciʾ=eImQ {%B&1DՄGd}jw'4jEG.z:bKNd 'ބ="I_&N8J$yШ"y^:biV6Prob)/әixԗue x?|uɕ_/y8V4=~ %Ӭ7onj]ux4 #h5C隩QhvOTVNe׋DGn̺`Dϥȉf| $d{xXP-,V8KA-DMc{"(S[K/668+r7mHEL1suj@' S˻CxLmn sH**T̿lO= +9^uM!Y}W73Ħ^mevyتh.,ym^H+6r{ 6gMmFK*Iߕģ7!&s Ei؎*b!,;sĞbGWt cڳʔ +n(V䀤JDyYA:8+vG{?y{Cw Tm LX&nވ5M}vvTH-wEpKju%F(˽sŮ=Q7k7U5Һ%h,^Lzju U[ fMFI#`K}䨯]unѰŧbiKQU Is:q޾S,nV"ZUn`FVFMgjFyLOed13\ƂrT^"<-KEaD-JK 0ek S[!FKb#bGFVRÃÿOfl|N竼.ekz)2*R9-)Pi_ϔػwl}# <$HQ-%ȕk[W ,UML_M2U]{ y#XXy\EOtUM%+xԩF-kR߶.oM2R;NrkqlqJDA!nx3[5`X;yp~; QC۪.qfcA^xh"0L䆵U"P%9}sHRy!WH4⚶{IKm$dJ{i`hPO] u&|ca5عGɏ}( wjPERUL3\<$91V&ւEE s8-#1uQy>+x_4prd⡏τ@a>K#`qw>J'vnbpT-Ob@Y@9i꺕6GRI2)g9$ O@:BJn)_8z-fdm7l-EU};wwN|"£y}: E5}yrjAsjM>ҴyYU }z^5`{evjzt~׏.Ͻ5o`-gF~}!)/$d79f` :}u_ۋLieG6fnUvZx \TȓSzϯDM|D:paɂn1#Hu E>St&UcߛÖwz)`j$ʰz_~O֘޽TzwR|pR@O6sϭ[ߨAUx?Y)6ѱXY՘jȑC]-{|[}v 'Ս9mT: oEj#[@a 52 5bE 2uDhMKD[inI $ٕTsb3`ɘ ,Kp;gu=ڄTMdympN nҿq [ܗ~ծ'Q)IRєʨk ¼wX הlI,5$Ȱ6tpjysnV}dJ ]$շ D vMC6Gv9elR548Pa'2!p*fOi=5=hYS[Bg*{6p -ҫ6Bx`]o\R-:q̀XX'R"jmKV@ w+xëAqyRN>'[kE^cqZchb ]&TX3"c4MωNeɵ("Ofed#G Dc `rŝx1W#9be;\idi;}vw!7n'n#_AO&Sm6]?uahF&mJS!V#IC8oPucŮ*": S†4 GMR2LMӭْ.dj;e3n'S1΍MTVV1m-ږE ů}@pYj13!ZG0!)bmkch۽F`M=9^~tP^%]]h=#xb(bc0rw<$s}ͱ;J CܮG ޸eG]zz ,Rcl}fjuCcąŰZwS䑇?Ɗ}5_p6~Z#{52\u\h;pCR-)^ Sʇg'|gӗD'!P%N>*d\c Z uLypg =zRDH^E[tzNJ,{Eڶ#əUϜfB~tBYwkX+]volN}*V!2Vo[vTOkHGKmJ>F}]^lL_=uP Ut?m[amSV'@P>/|gJ4A!UVN0ĠpofߩD܅\Z'F5ad$w06 KEMLtLmYyw}1=zLmgΓ{A_ ܫS}m+ [tn!ڬ>~8-/cĤ&}w>y5l'To5Hv-|koѿ@X{޵E<B~z s= :qeSZ{EU~2jOG|H)Bs&a/< rځ@j%u\=zɡoϚ|ՇXA_?/dT"cIԒ"3!M'8?&aN3Y;9Y(A 7@Uk>ywr_eOO C=U~#~G*}L>ox ." aqv39'JEZ[@ _O aUt'oզ|lgkæ" R4S1@PX6vb@D*>@hx.:fWϷ*Tq-|mes" "*)\o#矯i@)lI#N5R" ;v|s昖 ;ٲ.SlBx u*'B>Ķ) BǗ}\ސ}~YPe`ngc>VlҢ E+C9٦Y4X~U#=)q6vxޝA]j`!+^Nȝrd)*>4SQ]n>18nk)ٸ ~eT]ґ_C؀oZ8Z^`9sM,̃-$56_́x9+EjنM驉9 j R9ff`Ki@Q"ʩR1BtxPD :Cu 1XbE38R!^+;M殏ѰO[#MS{mwAT$ T$ekGNf:$op]1,Ԗx HH 0d_(9+JNT29׸ By)(RʦnW] Eo[^pk];кsDWKSۭ bGK2F^zL{Ζ~ 0UYAw5|IC^gJ@~!AahYC(G=ghP &0efkOO 'yiX- l%s[Vn]͹V&5_;0fqԙ$d+S axNB.p[[M2P5ҥDjTDh̃\q t}@L0 rn:nϼ|N(5HHYYuE}c@pڊm|qΕg, (mFݻ`[ds _ ٦cuxfɿN{asb le?Sc@IQLo% / s{"|>@œFɓb4p˕h?)Ɩ((veTAB*d_ kNZetFan*@"n .foߝy2HX*Iu'/ vC([{m4'28Gnh’sP?.OnG]-̶+RV9xmAv4b],[E69>y7.g2i&a Lni̲=ȔOLa0:<7Y.uԚt{z@}i+P <6lpޡHX+͘r`d G+f TN7s(pC%'~AT6Zћ!!}[j)#%υUIajk7l[/ڥs"'0 R$,&7nPud83m_eKT:˜QT_:Yfj\NFry([l} 9ɽ^f&F}h#MeL<p< mR32xg7u)ႌU>lLMZJbRc0vs7l--*|:ޮOw.1;5؅ N( _J}IȀi9fmP~OMg, $cZ3NP+VI pyɎb4&$V)z<4A W`ý-^LEXgS<|􁶬&>JTYmBqav5dy'zVEPelAZuqJ^DѤ r"Tq?0Gϯ)u|A'@њh>du6@<dBԅfNfhI%hs8\8y<8w-P&?FeD 23Q-?*JoT~뾆I[XDHn( +*"f4@=_2-5; >=A)LΔJp'? Wa_q- :W[c4zr=o1¤-ON>yw%~[- ЯfT6GV,) r_.=Jy͉["pCZ|^bnsb+9ۼGMo!ن ì!Og잰.XtR·2U^T >ԑl(wKv,G~'xLu5pxZ{UR;Mx:]t68$w~w$wC `]좇RD6aV |5 ~DYP(6ho`qbL]&ƻ{)`?.pѭR֘^z `yPYrceR*M4jW9AhmPD_f:ui$&,L7GM{A# Bu(gmݢGB6ePhܮ;YmXޟ~G.eBW mGgbV,,‡ hM_ ,Z8/ 1$]_iJUt?J5)64J*K]! fkDƝ: NlqAA Z&殗T_kHfi؋Y͒VyٝM˨j~wn]p|sHbecC5ԡNL9G&9k,} zJ*N}mrYL;I (-t]M#& WD,, m XD6U ";ZgٛՅ'U.yL{ &8#MfxWM3w#OVIyW8)/|",~"cG^&eH3b xu>m3XVNT/9-Zwh> 'ZO6ztǘkfփHsW 3y'T*⤺6DXC y~Qht\K3{t`q`7&G7+D\L. 2[zL~wX<6J:6{]ٴIz0 ӆ!4~f7BhC4E|eq:+A>4`c[ܖX}qʣ R {te?,Z"1B 3>5;I͢n=smb;tq!$|%F;?ptr w]Ȅ48$xB,dYvɇEp_Cawg7H8 mƐR:/z%&,b<'=,ss7dύZНYp jEzc|,~o@`N>O4q˶剤ݫ\Wz8j(%F%E_jb18}@%7c(y <b0uKpjA-pdskp{GG˪llMYpW[_IPb2qg(u'$˹Ah(Os}GMuL2=z6NL|44juS1|,nN>H=m~ԙVݓ[/#'z4=1unRxaQ3vco+qKFq/n}YA'6t!θ8ߥyhD4aQX-=(,eg5u/$>ZY@?O۾??NErZ]OwH̝#^b~Zfz(,DmhN*:MhTݷzIh#C;dD}20ROWl-6[TM2a1HOʁ]K)΍Z)8za@6S3Zg5 RUa#YzB@S;?8CV4zHq8q1x:Xܚ{zl*=Y$;b7}&m%w8]3{:h">t1  :?{o1/hy(tdHzByH#%|cwaAPؽX+Б{b_& :͡9Á8ss4H$tvVg=OO-ƝR{!C,ϴĆ:S?1Xp3m)CeO9sP4{z_$+;/0A@ ,3EVþ R]60l,.ݲ_=5'p墍i ɚ:鬄j3>R`܆#7P7oثBCxa,X iqbcnBZC{Z4=`Ȼ|?z?i?\FL9|"#,fTq /-sryŖyЪCӄe50MI EB]*%uqڕ0xI)дgS]Ĉ*m/:Qgջ]Rgn$6XR!c=4f,0{_bg~~[GYPmqB;>/T,[J}{l7[P~ A8Ni{հxYSh85d ODl=#8j60vbs Bɪl4+ Q(Eg6 v08)cDi'1alghւQjg K[NF䉔Rߦ<)_lBK( $ZmoSƝ Q "!9 y5̢]ZJC:񾈚HI|q_(]}‹h)8YQ=O`aZz \BixL1u9 \=uxsPs;WFoV1/Ts񉫲Jʉ^ ݲDZ{$] vgQ4 :ͤP{ VRZz҂hi]D$Ǘ}Ez!3,C#vnnU̕HJ4BP7h@hɝX50=~ZeYRC@޺1N u( d)x*5B-Q|/IPBulƕ8>Uj\|]:PsHb[O#<vB[Vh M[%j}:p`;*5|y+K!q?lr1lvu)(xX%~ɋyT:4:hΟž\®&xWRcq/Ï>Ix,y|[,n;Ϟ%#[WpYUS #UțdG͠HIh7i@g37 q>rÅs{% }"z$v{?V9DE6zV]*u[!qڀx<;:W% 8h[TD(fJrK9n%yQ4rc:pQW#sTݖÎ&lߎ"eӫ| Qf)څV0?!|(ac䘀,zmTV|Mk17PEb+hB%2?b5)W*C  ̍BalWuH̿@4j|wUQy=<YHu53&;EZ5_=Ԇh_ [ءJv_mrJ T`bN7.ߞ L{Wt4dFcxo_+;kf~eqbM"&ʁSE!jˠ] ñ <^L;3"iOsXߛoT~f= o#5^>ro43'kmr2 |C] n4CWfia,CP㪴b \]UM͵2E~п) cC0 <ȳg~"h2royt{9‘{Z'|7[֎ک#MUbq׃A~rZ[:Eo ; ݙ:5C27i'yFr3 ms.]v к#Ԁt.Q/!BU`ua֤_[gJ*y es.rAM6HqT!8q"S5G\!7Q܇ؘI 1Bs'p,(7RxOΊ:^%l7uoD0tvP ?WrU튛:ZxSH+q.MMXGc.>|Oa0H7XZo|U& %-WXPyYA`m) ҆uVV0)T|(1BZ'4XQ_gA~P#ZlR&("}&dlSQ2dR aW9zj/J:V>-!?[p=j^FgV]䔺[8c/*)SHȊ4~TSSBRMֱq?d?FxgpRi2M"!ĽJ޵nrUHкdS`?vOk_^q38.gXدKFЉ8RZ9 :Zh8 8!%=^8 U_82j蝪) HyoCg77cKO#XR<(w 3H>|GY#^%OQ~di-Q6sG" vuY\& *~0/t=O, ʼy;/jTğ `; %t~ffPԢhq>-zdbmn@Z~<:mRt̾q{ei>|0=m4XeN9\;7gKyVxشqT_;Vb"*\xjՔ'l B`Jt}+(Ǝ'hꉑlC1M+4 @,t$݉[@ow7F -:B513m񐛑]+mI*B!Q#{N OkS42' _MXiN?24C]‰K67 UZ0K>H ~^#ֹ@jҨ0z ClA.aM3vcK w@Wq;7>Q6Q02*o>YIAs€RwCU26<'Ya7O!Cj w !9)kYF])5l Y :qEf1d;C+XG6!2wȷ*WڡZokD kCZ› lRpֿ`1w [qBVnCnlfA 層iQKδߦϫ;UGMBHh9LJ-YaV8U<5v6_$U{֗ Ɍ;/~!+_jh`a '=7^Q۱Cmhl̡Y /?A*+)y~Hwk敫JN@1:OR0#}[R^B|c;$1mNR+?Tɺ)nUFMU媉M,MHLR1>{N}ߘOR[,W%<)B$5SfRZ#%UMM?, C2o"+:YF5EvVVpp`$DBK05/7Ͳ'J 3ZgkQ9D|E}rXqϰCTr VDLl ᘾ" r5avd@I~@~paEe嶵hjhjB($ٗ,y;^? w)gʚN}Sc)1Kǒ w0rL !@9_E1J X U8 cU{予$d#Tɢ}(N@;*-(஝aG)ShO& ͮX}l,6z' @DQ]ҶbAV[_F0=afkEߞ(kņ}ΎA>'PT=qZt>G\ ۫ EeڄV"L6(JʸsuoQ{4TChX\iAT' W]Do@Eqiv|k) Fyl$fjj!b}FM<9v%pV{XO&Lv3Hm}—+Zߙh 29H]2rҥKSp5OZ#2$=tIF]'}`.̀Mܨ *5~p)ğL~I 2Kn]x P%eY&o8*4\N*ʥR|ejU#.tEVM6_Y-Q21YNu/5k0"K,)eշ& @&G2S MtQ-M"@bZ!6@p C'9%&XC>4r`.uȐ>2T%bZ{l>N PJ+h|TFnZ̍L9Lhi̜KQf|hr7.>/^[Bd{uҥyj-i f1H˃5ly^B2V ̉j;אՍ\ކē~;Lo%9.p6w\Ҏ`c{%Ov\,"P=sl͑SO!3_k9S4L (@䟹QeO *x9wZ \ZIwse.DѦq`dD?g*kb.ٺh$q9b!v=CxTU6xl|ւ@e ]_HĶ921RExL>z,VVR[a+{87)bambYHFkt}H.1߽Lv?H(mW9bEps|@^P3_GDܨaANbFY@<8xw[p_ʩ~t+e2?" >\5Apr0G߳sy k$C> i-lԏȺh Ot#KΜ_r8&C9X <&-\x6Fm*j)5&dq.ӽȋzE|PN5dsg"4s%c [EeUQh]/e8^ɟHUuԑ9c$ƪoȊx23bm↎Ǚ-B1HQB883i4;Dj){9Rg0A&E]߃G)ץfNXb[tn7%D#(ߖ#QzT|d"jG2;p k|-N@{9:zNw~;, #]C=ؤDd l(7 7^ DiMG8IS8(=&2yDAŽ5 O5'4o%nVbHc]-tQhۂY XtmrǷeqVgnsӦYVa+j<ץKAڐ* чg.pXS^Bw1mɇcDvثrW^lgp4K'v)d 3 6$6;IW{RQ>Rj`c{h9=Vl'Cr5d0J0 DjKH_uOr0tt)Ku B*Ey鹁- Zc3Fr\ar}p+hl[ZAA59G:^]̸+ZMnqU7SSN^u)XQk3W[! C]_.!iU1M~.KLN5GƑ3 ehnWVZx*dCm.dn n ;gc#@\xζVuNv̊إ^'Y-xx< `"T>Pm&qznŬP#YrnB! 8c"ݛ3)H(ĽH-WQr#x2wg%3R+%gzՙSȉduɤp4y!x/c[NCHɸOStk\.MVvv78]!sjGY $v+9$ ~B^S˘ŭ_Y]͞> f2G?ѰJbfSBpSs! *\R;9ct8;K[Lmnϫ1|taN={[a5 bnpy9i 24oܼ_ypcƲY|p~a+$IJ@x}~K@.,c_5JMMEΡ**)P:JT>e?JK6M3SxukfMU:^48X?!ArfԞ@IU_][m%OJ0B(M<ϩơs98 k('#/0_*IyLP8 1U= M5g?\嶙dlwc -w M7oq֎ <@^|  MBsL*#~zQ4+E EN^x2PAQ6Jz-b^ZGsX!yBI0#z/v Ҩ`Tb &`l(x· 7 G0xj'C:9&^‹7d =Oiq#o;%f,֩ӂQZϲA ;H- l=% yU<_$~>J5_L#M^˓P=\?Q{JV  {NoۉD!6"Q Ă͘=r .|s+*-F8( aX~ {za[Π t7`Qy,)[=8J htwd*&.m퇠-sH 6*; ³S{cs;êԾ"9{Qt;'ɰ\kXWatD#yNժ&Բg 7*RSŘa# ^kX-9DabXKt<~2e=-,iT]HZOk[b" E.渨F%IWZK ca3$/ *{)iʱ]>-e'%jR=ĸD;mg$" Y+w=6j0HE]Z5%GwW^ &p 'ߙψV({~,Woj|˪🳗K(xYLQ#t&yoynZPX Ek㺽x:WzD["#:Co*~Ֆ,L^$'Uy;4ftoY{.l#D$^a oAS]LkXx8(yAc7tWQQ+V> z=| Mebpg9W2-l ecato9eToe*6 RcUɝ }ډ-x-A+5rkAMFUIL|{_0]?T rUb y8^6D+ rɮCUZ~.-9,nGT b4bA[8bg~i<^eZ7mKU>~uhk+`WAca$acg$pNp_vqsrO7W;:OeV> 2?k~S|˞" > m=WA{:smr5CI[YD.߫Brm6nqnຣF%káM+" D#UVyt3:?ӡU)܂s=w Ddl e@pr у*p9l<8]x>zKMyGty$|AtZQ0DD&LPSeUAoEzV 4<2'IyAԢq}LJ*/̼98ۚ]~s֮6ZOQ?`.ߛ{Ik&*SD;1̄$x\pOVi]ɤdžpW`ָn jeK#ڐ^չtq 8CɦZ͜Î痶B|C1%d%}i' ңۦufDlu_FL'KqYn@xh]Yu(@$bۖ(O~ښG(ˡˮwL*'ajq68!\\ 5RZRlxЏFL7yyrH(@BK;LQ%j |UUB7$sA$3o`ک`8u FOiv, 3k d"U^%h1G%]bMm(3u.ҸYN偌-!ad+ZwwZͬ[GBt N`'8|@OFԽ5G5OP09 on-+LV͟C1;bG˞?j̐G^\ ` =tufWk3Qs Y]/N T=,f_x<Ӈ<5\Ipǖɰ5wA7eCS vLwd4W>ɡj`o¿zK v3ׁST/}n?Tif/.Qr2~ oT Tu 2~t90Gχl&o I^'l}5L 2:ǤcR-Z@d }6 MjxCuyOWյM 5'_%޾>$0q30!0r9ԩ.z7 ;f|v!Q- چ 3;NʇXދ*s֫ Pp6$t d8_XZG΃?[C$?|q|_ET}&{S"t Tܐ;̃HkzňA:u؋6(߈HO3'{~ žs*ĥ&bꕚl4aC%eaqU#e =߄0݃E`Dn߈$?) 5r_ Dr /5ªTYFn*{`4YtyxT ' ja{Z?$]vj  x4}7! 8ZKjB=!?;|7Z+]YwMäw:f) @ Q0f( Z0h\!8u$zMG(/>/gR'2;+xxDb0)Udm!Ul82MT5[hjDRye;%U[eҮ+4b""xBFKgUeXR\tRћ"e0 DDr7v:QV+7! X# ܟ_"֤I|f 2&h' l9jDOBnp8@)t/_Gm=~ \U\C8xEQq̃B ! GE1%@v05=Ѥ~v/l;_Wܾےk5BΝɸOYwdoe>x I{(7jrDF' tZ~b{i2*\RcE6ԭC:sAb8?9#;?!:['U% :Li}V(dG8N,&~o(JN9XC <ul&GRU$re:̟HnZL >>W::߃#Lp{{ s4>ҍRSfCd6 3juB9:8=+I!Tg@4hK,}37-6uJ UlX'EDYˤx_E* 5!߾XY#5"nY,/ljʹ(L%&/!"4$/B|&iU(̆( r6c* lhVK} ^V* %N 㾯Cgݚ<"헨 Z˒wQ*Q-i0Sض5?;9Pʥl]Gۉuy_Y̼VvMK~9Mm. {Z545Tf  )HQm@=GI_{T{@T-;薎7dVK7=YɻELNM-/+dUվߓ#ZoƣNOk}uVKM5⢝7ϭؾLml.\(Uit)ss^ ҧ*Οί<̥S/҇yZkz{@|R 08H {g~ue)cP[H"NAɢmAʰ+0V@' su>J@pٗGÞ?3$#`-4 Oo_m2϶۬RU塾RӐkGl:`g+)-al%DH] M'{I&ri̧C# /Ɲm˫xd lkD?$Qtj}*L ydos1ڎ=$>Pm<-|=`n;W2v6$u#=zWaqC7K:g]87 #M=a-~864ȡ)!j;o3|m]2 :X>*HEQv^)n=lfof!x`'$=NNo61&\TqXur%/:{3:~ .J6A 1 s5hmpo tAs+ +LY"<0*rz֮ kcuڋ,6ZR+ . Ѥ1\KIp}^6Cgڒ9.cL,˶Tw!LG-"2!&|R,I՗Tɮ!]Nc( $Q q >T'gp dO r䧰 IzTi˾4R28I}GSvO`Jƺ-C?z@]w)EAp9B$ ℼE@.R4ae 8MkYec =,N}iaNTa~mRN8`g iLQDS~[/Ch")Ds(ҋ1:gIvlP0w#L1npB{(? l .>@(B۠!Ӵ0%.,YWJ(xfDǑʸD(UlP +1eǁʑ+~CFۀ۬ .۸}w I+9f4ٵ#U);b',5V…=1tkA?1==j)ulAan0YuD5v ˌŋQ5^ ZZ ?03"UĐGt_sAYmx;O$-LKahФwGbyWJ`#dS4k_[1`Iؓ\;K4 5Pia4njDE9lOl Ly,߄!E*IY# D-s^yiA17R-|jmΟry6n: vi>i⨑vCzXrHZ&t>jGMchy$Ǹg48$2;3a6oة- q?x*_Eu |}G[etSұ\Ulno вϜ'$Wg40Wtɯţ.~;ks;FBp`i"OKIfo "i8?rpit; ,RY~_M >%Ls7U+'VBZ;)%A^mjEJF ؘO>?GbN0h @pl3~NqAOނ_Zg>JX(H[&$08 ZN\at9Էu8ˤ^MXՇ~$VIv8p>m%to;\/c{8<(4w Ahp><{ZœHlkaE;X5d`a5!XcR6 ߬]' Vٲr9G1>dY1 o4Tmu}x~gk8Iȼ6VHaq@}'1aM+ej*첨P̯a٫Oͳ ڭzs=wXۙː XsrvX({$Q3iy=OD吅/tdNvBtW~U3k16wjƆփ4B]5 y3~8>~ueJ,r4qfCqA~ 1>Fg͓$ɟ6*jXj0g㽜яjuigP!'2I3a (ڗf ˝\غԑ;unJb9V@'B.Hh>v ok^6'oN!a hDG}u7CBV>?Q >IY7ĉ9o(lyFd2 O`",e0F{!WⰝ8;83|i|Wl]ao܇?()99IM E 2BHr2VY)ﴛU0wG>t#\ ⱟ3;> r&\ׯPt}cGXPгïir2%T5YC,gS/ir8UMp9W#.8-i?aDuH:Mb7TtL(܂P9&oa4ވYrpK;j~ ö3!D5uX~, 5dV m)cm9ndzP+b6TsE^5JIF tlZ}!`);F[V,1e&`ÈC%Ҿ:€ʊe\ FG% @ZHnut%!鱵j+ͥLj!'7ֻ S UĮKθ 5 *s2m 0? |pd qc!Ĺ-AwU2:GdxckG>:\I47$FHqԳt^ՊB,tLֈ}aj^FK+WρK4/E; eB%4l@VUDg7-FFч`AѕTpV@r`*:JdnT722&ŸD_D%8%>WLzi}8$4Pum>qG,ۜBSiqM.8SAf##C,a[/|ٴGFߖ+7JpqR(z|k-k=x}d&z)ʒ|VS];f)<~f\\aexCrk P\drZ3_wVuotlEɡGߘA3$[ á{Q$ECZ^ɉ+I"J&.⢸2k*p.ZWoƗ^>EwEֳVzja7{-X"^:e5~o ^EzMA!\,`1ȼlgcivƬ ˜ tӓ摥~&A6lUfyeFVS3͢,\*LLپq5Ķ%noHF+^M:µc'A=% x(7R+[!8"PiO΀"X1|'m?Ry' S2*f|uK+bL@'"?4lהc 9P|CְeԎR0%[#!٬<骲u<^اHw/*,ܩVrH{:P@̫‘J!u<υHDƼ^Buikfy~0*Nz^wk(GXT-XQ-{ B_8ifEtL s7Ɩ=4|S+>:S=R!>&!AI\)b"0hyFG?#ȴl(z#=*9'W#"f_ "ց/;~MRjȁ}Sp#Z#z=w^^B;wRt&1BʞdOiH>l8bGOS#eJҙд?5PZ;0<]AG3{}0y;sEX1IG2';Fz8ub𕈜@L.c=7wDdmѪxe*NOw rwRi]6 Ύ q [S t銦}4]NJQ!nI٠zzwjep6\tv/ϫ]DҎ 5'*zR#z֓M;uvǪ. +Uf&DA%-·Dˢ+`%! j:f$O*A;"=CԻ^.wIt X0rq2;ݵ`՞qxEEu,# 7;Uf5&eAwf0c25C_?1!Ca{ZYmL 5lVpc0-з^347L=YHdgVZR¾ D]aOK@MlP_b>*pf%@C$s Nn`~G5(A f?g-oE[(ΣRQGWMB i/԰=EqݽH2TSS־ޥwnqK`uGpB yBuH h%Aô8ew%fj]th%)M#*oa7y}AͷP5yY>¿7νW&<#쓽lkD/p%dc8e*g iHit-g:Ff 1O /8:xCO̱|,"z'q >OF#H "vrhlKo[W/tX51+4iy1I_KWT+}gn,`kBA6 q1טOlP{;Xw\-#D`j]1*)hwr^B)]0R=ڻ; @m,]9қN]WmrcEϾak㥝'dƲ:`z4RSVd`;d|tQ|b#},ƪIl~#(@WxwߧõtT SWKiY0C s[uNӪptgDm9\TK<ȗ(ryD9)բhBd(ƶܯCyVՠ۲ڬJ\h>p?ݳR>y$DBCI*=&y=g G< l!?j]65gotPze$e%+_O eQ+)I1*u4N;4H&nv4Ӆap^, lYZTFh6ANEI O!gA^{X9B2n*OFQ"u.j<mpUI -όbύzqjryĀFg`+.N *&4K6S`N8?ιЫU ig>.?:yT~V}&ViWҥ쥽U9Xa0^:x ~nR"MOu@[P5EZMeH2ݫ8(É0D-yBUy!56ȿM 9ij.3'v9ᖲM ^sMɤ+vط1 KEgL3T\LtS OoL~HN,\ ~>jԩAvOEJx/誏 ]܌{lx!5:N]Jǣ([d&^ !+sd<WJQHks}ǵhm+aE8߼d=JE>.¥z{le,4>;1[,msW<Νh:I$O2Y\ᄚMӓ|j1>z%$ɔ- 9ԟPPO9NM1R 应?_}RN9]Q"8ӆ*N!{Nף%٤0." Uw5by_>C\%.'1(}5e;u!=\sN MȻ0V.Zr r1pnc SM]-M՝eof.KD&yaFuJxc͇X@"tK_cT\DݬizJ(|$֕_=}1˜E@xqjQO3ZL$n5ӺPEi["#i:9ZGwu}ܠ5tf!W"w!Nv9Iޱ˙٧ڗt+"a_H>̗ru *:.6-L?@ ?|p;C<S(|kf C۱rAcP":6&Ru[w{{׊rBnXR3Y[s0]i,*&X:P)o~B#߆l/ogxo۸@۹ !yȂdoV: 4bIiT =p>:~ ⲔiDQqDIo=L4jdHilAu(W@tJk*73[ ƸJ.+V4->.`B?Fޯ{Ug.VsS,'DBEbD_u=Au?Zc9n H A O,J"l6}eg<$`s2pɺX IbuL^fY0"@ueM, Yh5EZ[uC+ٮ> uޣ7^px]$EFe~Uex3УdXCK$:M4x\Žf^=-4<8Yz] Buw*w@nK Ap|f|3 p]+޼VQƝWq[]Wo h8 AI%#+/5J;5R:fGTu UN)),#V,Ѿ(E{,9~b&ؓLuhw- whÜn4)+%_vg=VA4ofg]!)%oiޠG0׮˵ ~,JTG@fDCة`wwwh؋],z;qrw>ďL8י_| w`< P17m6 4ۥa>U$/G]A GHy;;+6Npǐ?3 ᖠ\#^Mբ`7PX ͅ"')˱/)U&#:Q m0sG#wx ;s,ʇ `'oAJjbj+&Nu=ŜFQKVO Whn^ܻ@a0}RPJ @U)8PY5uX<~*ta I\VH5qS$L¸n[˙w'Xc[e|'d64\J e,WR>OA|Q% kH^0(rL|a2X#5օ]* X,\ GM6 U/Az@ZS_>TƏ?7к#xc9 a\{$VSU+ [uOzWXQ *;Qb8`N:{x M]51U耹P|gA>?S:dY$t_pPLz_Os2{\G =}2Y\YY3-Ր] qm( @S t Ҷ8XG$fxe6NDAmg&vTfJ2jLҢ@.XwRy`u(fj:2&>8LXhwTC qW)e?<`G~Vlo8 #ΎQֵُ%}*aD]}-uԧɕF 2 WB* LJ˖u**r)EVxlJp Sj5Mx" m+>"J,eKEt8aH#] t;4wgH~^fpOU BݢASctS*GXz?y3LOR1w֥wӹ}f~WV. Ipo:Q-'Kt ,!AjԦ[vO"7sh\ML 5:|_2q=2g0?%jb\];(6CF ]~ Qx3fb2X@bwoaB{eDړ-F\:ʃB@rG&ؐ!Q0"!^>Lz2y\r?3q9~>%U8P"mk]-%GGSEɆ sX9rhhwGΗ tA ~x:C?C _= PzRRRNDčEi]C8\,6lU6(Fx>O-X#@eǕ|L`;YT\0T _pɞ J ,KZ1t,S!ZRp4lV}mTϖn$Iϊ=(ΘU''( -U?j&/7?t3D B^ g渚+X"0/mâF́ dx:,iX%&u:M6,CWqoy Ro@LvB2&Q^I>5oACdZVz wu v"_RTW*oRA,hَU=)XY +;ZGiPq^3.^qUe[>hhԨbI{~TDM&T~(IR[[}'E}w"0}b"uFLA>zҩdBOf* pHJfk2 C-Ohse-RSHU: xy ɂ'ۏa;D{}e˵`wIjm ?9a*1.nLF톑tvwZ1ŎtPkMH{VLjhV{n.UbDL.}!YKA.s"ٲsEͤ Kڊ4OAVA 0wW`rǯ.A)HwR.n?q85݈{yk,ڨOcbzb#Hy^]lrАA{V5ܺu%\kcjGpDOB#95݉G9P={% l 6[8[: ,vLhͱsܒ`SSs'%X+$M%Lɣ E/fLcN[Bύ':bG.k{7Z Pg0EL}&bcvYZ^Ppa[hSFRޠ֩؉9,Kޞ얇Qq0N-HA(?P:)1k=i]͑P Bf1m3טgGߎdkXr۝R,A ._̇#_b=opB(_K4 oǷrΔ=FV*BecL-ae(+6/7:AY }\cWBchY.9=cbIF'=Dj"]㫠WwJiṰ[sUpʀþGߍM|]myDF #]=1}EZw¿{2SEEljDHȉd)GBQ9a˞E_y~b&x׹m[|ŵ.S3qv0AK'o; ì z<QRtWy_扇/I;/S$>$إF^5Iq26AAqe0~<|xܐ1G>iaYty9Y+d.0Q@Ii vcՒs["ʨă;6v4?D!}ImрF0fTH| ̬ r^(/.czS,J7s&.o,T^ aM\,1UxyfDl\wS Aj EM |LP yD5Ns+<3=ős* YC288eow\Z3;MY<FicY\4򰠊Ʒ)dgk))k27ֳd!/;c"X[wQډ>Yf՚KB@!j dQ \B:}6+Jd~V5w𢞿PT,0V3yau[z[nz۬J^Lc\Uy:iQ jiK@3U"mC ~M̑4(*C7[1+g+ V7b| ]( dq3ԡ?g QH*-wئ#3Z?c"L#og#&6.TmVuVLHG`N2C#N⯝I7L5F`K\% mcꥈ)^k #ffn }/|ʋPW xKisZ$j]SV zkх[د)#4>y5[/`tx;ÈHT . *:_!Ȼi ~Rf^oR ,AEUI`Wă!K۰ u/YR=!$tp 3{خÓzdԭ U^ǔ;g,!K}\*(Tm}=.v%Pel#nC<˔C$K>71y;njr BM&i9yFi44ع[B?sV2ج)<J|4d~ e0C>CׁBJ#q1s.OjخzwxߝHn\<'9ao6N-Sy) yB,ORp<2Xv{Z!F'f +4O|3MMS'ɥq2:>d Ijx˙4`w2^-0I'HtovU̥zQi'-?_s䞜[5'ml^\j!92]SCpSًy-߃}>~dm㢤M/ 9xLwsNT%uFK}Ab_=C䀚<އ,x|0P)9GjA$*Ôr:ex Mͤ)ptY$ AW[ٷEI%_@d{ I |qB( Z$=ׄPUYn@QNoQ4Rl&^&MCiC8jQa{PB*w!g0`uj WywEKuύonP2t-#k$BીnM}|nQncoY8!g[T?-N"pvEG~toտ۰$.%Mf݇nyG4g`85ON4ʇ]R$hU]ׅZf9y:F7~uoBD O$x T{h혭(SԝYJuT)* }:`yV"B(&⪂݆r6=*r|)Iu?ؑ'5p$7k4NGR貦pmacKejgs)#5暈R6[j/aHzJM.PO[`ޏ7'jUAv{h5'P,(F3nS m/6t5Ke^QsW:&+dE@.W8-YS lHcP+mHq޸!̋ĶvVh1*h~R<a j踜3jk 2][ȟSS@:r_\V6OVݙ%hH1bMV<)2} t;zQoHp~ـXZIi2p^%QʙaBD{K>nGZ]zAqFmŵh<-$DHt%t=($B0L vv,~`^YzmM@ HƒJ2+lxxh=c;7 83ꅕ/oB11I- YUX>|Hfo4ԟ_Y, '#~K'tSRh̳#^F{fO?"g$ƈQcЪ p`/Eb#rHx7l.ݹRnt͎>=TIJiA{/ Qº @Hx2EF oj@B.FչGb{2m>ION!{`iqd6-R:bV7y9 gA ÏAtt8C_Hۢ4 ٽ zsuBMfR:DX847tDs_+Ac{'%{pAukB-v(U$tt3w"#+ڦωaaV*iV;랇V gl%#rGCLX٬'xpkE9Q($'SAUA}̆ ŦK&u*o(:숣wiV*+w8T W>vGB0Tk#\Yӱ\$i|?_PQDW![{):mŁV՝v2sk݌ B'mo&[5S#p8HEЫ^ CˢKv/-/8YI!@o pj«]^GQO1Q-2Q_KXCxAAGT!џ眿VIÞ?UՅtwVH3?J[eR!4Jgu~0j,u]ԛbak`m*qlCq+8s9PqR&u~L.#J 4]s Q5ltk9׊|Ǖ-_9ۛ x=?YW?"Z65IDJGg: sU O,gkm M`7|7Y@ޝ… O"JFw38RZ ٹ3t+E*TxFBB< *_՚]Dl_TνAE`N_I!47R2EW(89CNX/yH#n10T4B8а\;t:b)f̕md.̕ N'y Ēa +*j֖GӓEá9-@0gIǽZ Tzi ["{wE )) &7R/K0_>SAd +y8-Notn#*5h> h/>pzQŀ`7 "9xYFTpB ֟]nXTa~eږ5WȨSRw<*v4:K1fP{Y@ǩWC.#aX5=cck3HҠ?6Pu19{WJEQ3t.ʵ hSZBo:>M}CГ~p[e oL.m gS }s( c7n2W }7U_f~կi]dkEq&==*op`)sM堃q1+޻`Y& @A?O@\ 5gRŨchhu(N!6mdPcuÔθ6.HYGJ훍 -X 35Fo\O H=Qba (*ʺ斯j>&nBYJ 849lIj%_@b+n"fӉ-Fty*,m;$ZFoQNz}Hz~b /) b"Q}۸u{k&6!d^'=&J!La6CI](Ps=,rIN!vl$@쩓1Mׇ.Yl6)f@ê[jq\z2H>b!*&~Ň{'OL|JKxӄA1<)W]4cY/(WJjB&NE-W\@Z歷"̵Z0NZNٵsyȵFzLdfMw`bډVOSP 2V? 03xZւ| )_oߚgHڥ N&~߮, bmΎ&yDi2w,!>;ne΄7` Rzܸٵcaw3l6ǻB&M"RW9jVn@F'A>aLtܕ("wТNI)-\ eIrщ\v⅄ (wxGq{}vg wŸt4Zl{ nxjR9M3k״~ƃ)'u6vTP|JaL?CO՗t .LT72 l 6de);A3s`oNd̟|EXٯfDEG,DfBa1jN*$4STEtsS"$Z:4'@䭴9n#?5mD29lA솜CZ3bT`2D.n0NiQU)t# ${K&v VrZݲH—X(M8݆[h !_miiUde'vfD˜尀bUI{+k9betDUA01|]gc:RaB@C@"}>yRdϗ( 3(Z 15Jҡx$ \wsU ?=5C_ _IƊ/:~F,X-fh eqj# T WE<90b>U7M(V!k# ّ7tCn9ƖڙC~rQ-n3l3 #bl Bz H0IAE 9ׅsx;ԥ#)-%%Ȕ` 3 .C>q^s[m8Nk3]efŏV8*mz.ocTċI;H4)Nm2aF#q&{pdӆ5(ֶ fc ¸TJTM,pV\A+@M.f%|ywNK82qRw~&垱\0R'bVɔ1S[{t)x08[c !S jzj=ե}X8[;&Qsf`ZZ,J/.{"}K'=c&qhI:\Cg:7^m&nNVyI|cj#C|#cƍSQ܁Ky Csi:wSM[1G,bfƼ1|a)7,ȧ搐yɸKei:M0)de Ho7]g9yb; ijGs[Q k@~'OoR,K0t1Z^BFDљ].qheOxsZS9H{ ߺ0 QH+GR7%>EC2a*C*=+UAns<[:2_ut y/=Af]{ "-CQ/M#:P6UCG| G,?@qg:g k81] 11iVmՖ7;`ʭ:Q_3.67m#d}{bJ-Y];'t m/sg:FPX2pS ZM)ԴńΓ{f|.nJլиx6O%J]t3@?^'A J?4YIdm+.`T? $_ BD$۰>Z xFkoHTb5Fa/vq4_zf1hMe*AzVdX6O8Sۧ0_U8IFu"mk4MvEQ&N%:hKTgaH8'rG>t\ABAR݇Q໡ۍqR^?`P!L]JJ_ S C>XT3{,2PA<\ӟ1?`2 eΔ=–E$!OΫD##[K/1udҖb~;M>y03GdLjc }lpXVX0onH6x gOGJXJbfKyFDafa>a@v﫱]0<q`[]EgOV;Mȧ+2囂@?Q@y3U'l<4%1ŠC[ɤ>D+Weq(܊F]'>ݨ%e2Kgzãc(DT[>dnQ ޘܛr@궺ADhV ]]tw0[ RS$Bg 7 fT.u QoR.*ُdLL'(!E06 2KRQ]N'Ȕ{s.:kU:̣ $61Ib.yqy">Jj6񢈁=Qj:cE1FK6E)Y*p'Ʉ4pW[YtaI$ weXs+x͕w~wvS/֒A]\4[F.8R]쟞[F~ 'I9m+Ѓb"<8f i b"1 ֓gC-ǝno ?GH#_*80^[a1&1|m}|Qӿ ]n+weUz*^Ϋ_pXCd"WG$soH nZxH2*,2̀f3X:ԬRqN.%mx7aANGʱdz$+LhCo|t?,)z҃k oWCvH!|uؕZOQB*dyV<+4@g\~6s;ՏcvF"1Mz0u`y[CSS7G9:TaQv]W oK7Rt"rw[Ihsnȸ}Pj<%Yŧ8d+ģ +C׫Rv MTVKmMd~o+|lH+iۆV%sZzkjS%$=ArtKr*߬eJYl>NuLFo*xF:lvq2 }K9'NNlTˈ5&'΁6!5bH؈VbQl ; P;}og0)i+)VOavC ] 0P&B\UA"t`yK{1f2ejMN`3]݁ xiVv]R[4cO zUQ#n(o\mt0J^v9\S6АG^i^ ɡlk$w30 gpg%g:*nȌ5mv~3V~MѷަZ[^|;HtSTet4/ d%C3o6gz"N+o65 @v 1PIVZ&x"i> Aoc̦$v!#&@*8}+׳$.-5l= ls #@Ӽj`!6lk>T}Sd$kX_fʫRA7PQZ/oQ~u[#E+k19݃zLLB^xDYj$T1G7q;^q:эk]yBΚ d<*|2 ]ax0D/`00"H/PiO}u0ݟ{K+ew"4,3;2dI G.{%v[mcV Ex!UY-7OKi썔l0LY36erv{>]m ]L?aKY2Rr++4q<%pY}&5sD2SuKgkI ֮A[_.8])j]o^7.ytQ](\u}"‚jJ;'pD\t,,ib򍲀M%efhnJK[%郅U_N Ơv wJaЏ2"*+uu+V1u6zZ2g*a00w!b~]^RϜĈؿ)=+Ν-DSk\ܾҶ撣lOj?<fb,cˊ1GlFHֹYE1Vzܛ&ҩ>ςW/ݝ~WYSQa~䘃C:ϧ#ѝ5F RRK'Ek8Rܪ>)]=Q:QLE rB9[SWz] Ś̡ezQŁ;MY`)lmLji ql&&1*8?3]F? .ۜbP8"'p =i\ ~q>fk. ;LӍP#Ro gmF"k915W%~a1 jY)\2>5#!R@2ӕ6iFvvMW$IY34$1}*x"햾uy\g\]Q>~EXyg-yDH&cJ"H̵tBMcEH?` Mk@C~B e%r+32 0D7~k5=t-qz bq4VFy*RKP:ŒoOF᭛_=dY6*tN:[a 옐uV'g4HB<4PG(`GGÌT* R=q(Ϩ6l{™LA«;fS3ax nmAbL Rգ3ˇv." ￾5\> h*2<@թso3aތ _ K+$wYf&tV; 0rxYT[Fa$X_uwM'O͞uD *QÙ!(am4ذ/-# "e>#ER̈z:RPAaaUL} -HpE:tNbUUqӂH%a%!V-]Y0"mKt ۀ|\K^IP&sGH*UcfBһ5b?Y$ml1pT'˙-umS{p|.V GBog_ C>:afg±4ŧ!/RM\,V{L} -}( Gj'W;;1Ӓs mcz`R9ݠ5nO*V4oM{U_ w;QY`!@5fd+*פ޶>钊3 ^# xߐXfȘ[ ~zP:b\30GXf-nt:_'aCD+=>bnAgP?z=D 9F9f3J^*eC+Є y)OS5؞ku ֋y|pc\ Un#!3`yWzЊr;!iS^8|Eж*.TYN%YYDŻ1{ 0`&`k-͈3:UHoH5r$F:$do@|Ez@YU _WwF?%`*Nd~]~dIrɹ+UD>1353j1g QSM =(-tԝpTl˽(\|TQM=a؆vNr;p0SskJi=١nJR[Ϋڙ $5d\Kg4Ov]i}-ߕ>]@Rų7O2\kׯjx/k5)O0/5.v"rh^q-U{*4Aa ehL.P0և' 7A ߏe,^Uý簠o!Jf^ (kJOQWV;$D'#dfHG@\V1:C~\O^oD7Ucb*UYE . Ɉg <*4XQKCoi~ ӺȾY&c󁳟2]G8MA6`,.uwksMpdm*o3I`X?93n'WdfB64)wƁ49Kn B[r.Sh_e'z1>er-) u|:>.Q"yg56$sBL#Z EP/ឨ:Z  E-{2ʰ$iU>Pof<}fr^/QAq[Xe[g%$y5йdvĩCalnmmƘ޼ v7j;;D]3QZ9_cnC[AȐA@pT{#ž[EzoKX 3rogHسĹ"h7Brg dSDhy(LGXZ {l_z=UA㡀߸tLD;~jJ'7Rh9tz nTOa[:1' 1mԣKy6) t"c]Kᾣ3VD[-d}mEǏڡvyh}*p]%gk_b@nӗk |,t4lۘ IG/;:1 U?qLMB EaĮL=4tq&1H\ʝR:4PY 37wuNA[ebuIb|0B_@zD#(1P2S}̸ZǦsnO_!vB0N-GK {y[\nq܁{XT0..^Zu` ]p5I,tc;PO6}]ɢafX>wN@UF*? &֬O]5eGex +ܰ3FS_z&pv^^}(\SZзw2 (0>iٵh2+QtPi*qϧ(v߄z֝<A+?,yiHXLfI` vL3KB\u'/\گ.]m3Qv Nx=Vvzgο7.*{ $l㵨E G! 8|ܯ"959@9T*Qz=>OL2,~u"-DGn%:'uǫ=t2o[3tWY!EnKuV yN7fh@}d50~),{VSw]6Aq18wBh9!A$|-JUz6GSϐZ߀f+[@^  #qVui,JWZEC {C{.a=}?. mG>*Y)ŸrGS=p2 m u1O t*}CTV/_76:Fd3oTB_FF_I`NC#F>GCo⣨ R6 . )uEZ2 W`M!@Mq9"8to;//x(_t-9K &87uၫ:>Kh`绞V>\0;o>UUnE`V/J*kB$SF~xh:ߘBt|P&)ZPۆ,Ӱ>lB)R\7ice(:7QSwǀZ?ֈL %*MqsM"ZaUֻZA;Ў;[hVj Nev>$ף"'wNoPt+v> 㭌 SW} qU󇑅Z|Ƣv/>;6F=X_k ԯr60>=Ljw=5~tj>MHNfLLc|PD@3Nb`&QTπbgtY6I1cHZ+˶R*$U z`"w_o_p? veBIWj3?Ko?]wκHV׌b%K]ߏ_oJa~a0Ͷ>jiȏJ ӊ{J?O[ 8 i-aL3mu pY('7&^Ȣ=O %M7 >L:7 'J M[߉?eۭxKZۀm>I)E8m M+*jb=Q tN[!9q|F G\Y0װt4U EI'u0Hi82\1qX1Ml1-!q*ƟKvK۳H`"V H"Fe#6'Cl%SE x@l[Ɓo .kQIhI5 }zM,QMS|&0vX@RevIYʡw❬]WmJإ [j~:iZ8Xϟ.zăd {^eӉ~,Emv}hk? f[kS1/ o+f/90Se8izja ]&[acUhq8x Ҝ(Tz'G %l)ZD맡ߗn<ꦧV_ ?Dޖwg܍_ t6<+] `+ n`>I0߫\!Uu5PIoDmˣj,+)qc MYݏ|,A~Q-2 xR`٧9iQ!4?ހHDW#5Z*7jVT7x÷D}vbVПk/6wԮZ`ԭA\ְ"\xT-}s 5\4S[ ,,`h_7sLx<4j{ɿ[kbOp9h'%U QY7a^x"$Iz*_2,)oc`-Na]=[U3O׍).VJ \$ZEyt+wو_Nh\בֿU|NyDz|>E͊)-Fיz,Hv=| s~Pf0/gր azZd]9)g򾜐idV{R$,(4s\p~ae>ӧ.7]\%l0K CzJ+[v(4r+zC4})mero Tu5p 4A=j87~Zjh ^8`xFN Q}(=n.$f#r&ҙ!Z$i-BWN"Ņy;P$w|@ѩ f")GИD*8KS|KGMF+ !D&v_+ǫFЀTZYrX>(B:qFZqX~G KpgwD# Icۇs"L_1J;&5x0nA=slrq=@> }> )!vachAV~}br0g\{-o7oqk J|0;6)nZLJ7tQ"%)gX̂pfFR-{C AGovs޲ڇ;L `4&@RR3!<xuZ)| z笢n-t^cߔ)+*cXQ!=s̜Z%㾖yl~!SC'Q?؟ٰ̔AZ^OI4N5̮lځ-\.@.ЏX!v3)U!7I iO}`_o2Ug[ (JNDV"܅}x.8DmZB?;=[Rq`^K2Qq+, OŤ\r4wz,Ԉ,U["MdD|Axz/$Gu]vU*&#rU_x*F&/{9֛N9 A0ye[2B]`J_g#}z@4krut,kiRJcyK^ |LTi-O; zj{UێhPU̙.Τ|U2z@M68D;#059o*DzZG@ZSR!h ,|^fLWozlt Ϊy(R/1v~!DŽH0`_쒂nMܚvʌs OpƎi}Pὔ[^A~tzaH$^EmkY- [+lxrٮ_>xL Zc "~ݸ@a~C,O;i.Bya۽Q&m1Ez^"ӋyY䟷 yqhXIh7NX|QtmE-_/r} wYa0qpwڕuٸlnY#L&z2F|-ϓ WG4|]}ʊ2E5r[kcFP.s]3Q١vm` od+g@Gы4,TxY^?nq[k0\: ∼5?$?C{o{8mEpϡK=NJq^yLE^f e /}zeq>Ɔ+GPK fUs!n iQn Hx.׏ôF؂mϩ>/e.#Óͽ =/RGdZM>1}m |Cճ8XeY[IȜ45}a?seLO& g8&$;h%^3wA־xzRP>wAPLqa~^$Wɉ._1>֐'@b餸H YdĦFt^>q߽ #(3Q6C]9$Gժgh_, rk]J!!"4vXQ~c@DRjU9RrF@xoiģWBq2yOk Y**Eo]{Ͼ7+9q+{Iv\oLy=$U飾 }1)NcKI5 ˅|d맛omq{C'OC2KIw1c8`B*=ͪ;-U?en ~F3}FֈnW-,0I #0{5}}jUj k•gb^:HYz)c!EwSy5J}V|<܎C/ f(B`eEL0ܻIԕsL{<4g:*m);I3,>} NP\?u"n61{jmr2Gx)N ( :VShFJA40Qjp ,>8Y\( fu RPuSlL#Ou;<${UtZ1ڬ L,\ڣz*B%7ނ_\iW1LusM[HrgF+SBrqp̉7´$Ə ]{bѭt$=II=a_Z+̻]0oum%ܡWTyw[%>H֎ljlB. .CT#+cmZ֨]ci|K`>x_ce+3KQPAR 4K6O/X! Аz1/AOT(oKYo*+KbL-[a' PW# VeX$8xJE;OXv/\9>,‚ܐXnBR,<nl7a8=lrV;5Q=p>vm%bd\AGV|ڈx /)`)$ Vj_hWksKs6* 2JZ gqf_l -_%Z5YoV'E6a9mlp[%zt23Ffp;X{h' 8 TR=NCn=g jUB*|?X)Q*dpD$/<$ʌQ?-PrzxR_[3ײ^ZO*ܳsy/T.9lgx| 5ʦ^BQ/vS[zlqˑ,TѪhVg\=L]jS7#P^OԤ4J,h BBgg* ? 7A'^ 'V,!2Wp+]pVEb\h:/=2(DVL1eTwvUmxSaTr{E{gyIyƵ{έnZx8Qвk#?@SA3͹_ MFsYIc%[( 箆$~V尿W[&X3Z)]D=lIȓ ~g'sOȿ 5/tz=6.~W,E~"/8pZ\h2U MXWXG.̹{ؚRqѿ2>䳦ˠTΗvH0^ψ3tojP ?=-R MtAEN+ Xkw ?pGi릤9l'XfTLxՅ_[Qۤ !o "zbjKs1ڜq|CMS<\h%j%Q^`N FZCVNUݰj<{jJSpC FduHpݭ%sIµՙp<)Lxn~υ@4}<i2ĺ cY#t:N3Yފ;Vʼnfq;]zy͑;ъh< 9[WM-OY;=np`_~9F0+dՊ &*pG Sds30زIҦEA_7l{HFI M:辴Ǐ22Dɜe'[(~>m챷&mo41,[zC}K>cb|rF%8}d6wUS iy94u2ҽ~0}gݘb,Is(8 b՝'RXG㦆S_7M ޕ*e90҈|cN; -į6$HM]i\Ȇ*[#ȳ#!$?U'Oc|m~3M[rוtß,v+ʎ'kܤcv_Ht˸o:s-23r=G&Uemd#ɨOccraka{< B) 9 6̪cu3.h>:uPB,DIe8n(KO)POZ{e!Eü/!?_gVQC_vR|o"O_-vdf;Ts$3gVʺ4a D??'VC宋 uYsXkDD+|w\uzKlɳUL/^BGmg+YOf tX`LOƲg>F1}(h_ӥTt`ɅguW(Xz@׳uKϠ [~u!ٸ#%z_ fi?BMqY?(ƍkl5]!ۈE_cyDsP bJ-I*812k6ow};fS/ոi!yP: CSZ`_JC`h4[7Ɉ%P6eȣJ)X@[)YI+UڅwQޥȣ7:ŜN|k ,Yhq?o*Է,`H(򶨨9dov:|ۦT'0M2d)B!s0{u /2EA[xܒI'CkK*P'r01Z恆1K=iAйZY6c{{b6NKvCTt@lnWd5'qF3uLvg<@ .\$b' Mm{17bĸ#Τ_@⮗B?RD*8y=ywjGYҍiV1ṄC>HEϡ_.88{F퍷%4E\JwOM B*mo< 8hzm8m,{Ξ>@Y=ۅĂP }kq1w!`{wa>9p}^FQxkM6T!b#HSD232j.M\M9(uARUF-hNI[ en>%KK7xR}dLiZsCZVLwsX\eht.ϩ{E#\w-* Ket}Bel?+I|{utI8  I-ᰛ&CN/֥>2+e n-].bk_ᡍ0 Fc(ƻ_y8ZK{ a_kc v`  [)w% A#`)xgQ "^Vu**ŒzǗgM@ݱ)|ZGfe#SOa:hi\ .`9T"AF&йMͱYƲ+zsToUx.2pq:xWP@o1'pD@Әo.As/%{ջ7ȘoT6;0Q*5&RW]*PsAt<+Y*>6 q3L \oRndjIBE"V8us,ԅ9֋ {FY܏V#`J2E/|pz1C=;KU>%draVˏK+4גVΆ3>Z@_ L.>{N K_}^-8)_ .XT"p!l}6vYfp{%Dʶ`LұYVm;R,ώę)Z/rU E?YT@y:iMJ%#qo:Sݿ ]TRB]s1ˋ<g<\ ߂n\Ϙ/Lt -Y8Oe:8NfDOfS);ل^#x ճgA(0nrxTҍwrwh,h "4b L!VB\H^e H:`cy? $C1MXOxV2TQMs4jG\"oF1j"&u›xq/,|'(m7jvH?4KdB=@O+syz@ɣ@4Tzp,'%/]kB})mZmÛf9;Ň{H=wSv*yyA^,RVI_7]NWpBO$t̙p~$"8KJDyҸ֢%ԍ֟I O#c1k\(4W%oS0K,^۩$bj9U{I}^DAu=d䛸e }[;c2n^?Lg&.  3WgFu˿ED[9 bYiFHDMBTJY*ۖwĀ_IG|E%E: H"xM Sea͸2.F5SWuunou!ȑ`[:͋ a;{H 'fD0NmI}Q5^mOʜ8=2 50dvN3B|Xs/QdxUW=;4Xܯb(| @7(?L#)˟^4%&4 Ŕd)V{Yw1w(f|UdAsVS*U>f żcN@Փb%bD)~6Z8Wx'9s21@qy%^t{iLdT} և+aEY]5rՀREiɫdϨCE֐o>0s/-#1. +ltq9]Q)BLKayh[M r^jj a5??/ o(h+;BM{SĺMPJ! M|UR5}:gX]nہ_:B>u\~CSa2V -<5y|IdNM p}U]7^;#n_δ+_URt* >d #U{=GrMaĠk@ O%v%y@N5Br,/Uݏf<_^-p3kx-|Ͳ|eAJos8Jbn9ϻdž[Zbd_9 C;,8T8'Zp9GU\f@&`K@ !*ta@ z/ QmS矒U;ODbb3Xinbe # * M^J5fԘ9AWwIZ)yq6PQz$..]umum h_0i"x@~{& :ߡ:e{C%cbz` e9P5{*D}Q4Ш`|jG8<#8i8 k:UfCX)~$o&s@2: E1B'*!U >RͩxV5`~/MhL&ޝ+iȣr/ O6ܬD!52ôy@ Þ9ln/0R WJ^>VntVuC$KYH}A˅QkǬlsˬMfGOv5}OvF2GrAgB&PI9  ,p {؄N N.IpXLZk9Tw V;z.M2Rl}F_Hl^7 Ьp^l 0;c[*N:8"1{u8AFU#扛]Э1-$H0ES~' e (ĆfrW쒱1TkaZhUpnIz nRr ~К/xjp\hz6uЍFbki%]0ewJ*5PL9_{JuN0 :y;JV + x;((vg礁I j⩪&L,NG=;1-M&K@M+Hǡ}Š3 2С}K!+TT8 IzhFD20!QDުN9{==c"00=pEaO &֏laEr^q=@ILWI{qKfg.V+I/Y] SE9 4š2 p vRZD]X]4Z_u[H::W)ԑҰ-ڢXڀGp"zTz! k+pzbIfO# lɾxAo d)"pJA܄Ʋd8pnRwס^p2 Ř!;mBKS@\[a Ot-*ܑѪ\ÏպZr:)_b;& 高j}2J9;dQIvB7`8RWmiPge "'eMXHr9"{>-驪3`ׯҠ+suYu0boF5ʸ3}  # טyt8_>B۟j]S&4ü%O'S9_E,, a=-OY鸅 gzj:#ذoJMg۔t"KV$C+D)9s]ݗޮ4ebRK;)l("dNH) 7halJ>p ؈_\Ե9s0+(eI_bVPC6y6 AjjΣ蝪Q K.]K [" wlLoADO Yx*kJycM#Jsعl|?.QBdY5csnZ1@4t _AZ-2'y Zo.A*fӼ(NJ2kC?2SʤQqM^ޤ$:4 \OO0? G7}##N|sI2׬n=2S[2բiH8'Esq;, o[Nr9JޟU ,SQVVLv8{./|0߀wFE BqPHBU(P5U'@ vs  Hx{`MkvU n^{MiA^T$8׹kpC?׳Su.6uMP'E d"P֪uECk'}磡%c*$yqƛ*oE6j5F~ =$[J!<ϭD<5BV\PѨ+ňјF&gM0X|9wW=BQ^Pڤ%x#A#>ݖǧ'z$k.ׇZ6Va,kC3 h\2]XCЮ{Ŕ81'r< GB+mHLl&ǵ`*{䤳rAoO{.c8r,*̮PA|_DjcpS"Gk:j  J!\)͚t?Fz딍kTr:ڑCp´nߌm:ڕ\`,{ER(ZEc$.Jz!&0g;] SflrۺVwfT;JML[.Q"ojq o# э:txO }]Ē1ygtOʪ|`8J<+c2w^a( I.)܍b{1_=,1Ӌ=k~q0 nk4UgL Z:W,T˾IMPdnzi'&J`7s?4=S0ǤCGB5sB%Ra74WZtݿc5j@0V崤.+muUS={P\!ֿ<Ɏ[;˻qfmk=;@ ;I5hI=?YHEOˠy7?Q¢m;1t,oB,0c¡{m4F s&*j'̲oU19yz]wo{&`JƩ!/p~V"_sWc]}g…C7#u#wؚ]軑 7:]rJGRc\"gT;Uw 7喊< , +,L;^UaV L,Eki^h W4U6IDzt[ՇCw !iuZ`{L} ģEo?IQ;pP#Kp!-oC$KX $2jD20sdF+ԹN9kDNuOs>Z!TghM왎o_Nj ٜȭdXjR'JM 9V4M(y^r$xh%%!OsX7 ` V!?$+m-Ov+4 &N"譝1 .Ƨb^K^itE,N{"/5PR8URpߔޑ6Zs^Q\ Eކ5E}4FeEv`rc= Ww Sd XWAS6(^(չO, T,)O'ɑ40^j(-vZDjIA[ܚbb5t1dAMCDY'):)N*;2Y^U[@?*ʣ{KX?kWQShWB8}.U?6O1#3*[HI\f=g*^H7ΏN˥ ٫ĆE~nu!8ҧH &WncXKTV&%:[۠U_oڈSXYkrʚtZwK/GŖb*qF#Af=K379[ϗ5!{zYur?";i R3]hbR #d=y~A>GLҿYMZpCf[nu,n"N%GBi}ۯ`2LqfX,z-/ z8).$^_y(--5_'WIY$QPGeL5ʢ"ZyxR#gqh{GR`d'T },˭+ +*x#:e2q2d'+)ӂ^4.musyR?&O B -qyj (7t/IֿYBfƝvZ&%?Z[ {2\;b%*f~,#qYMݩY[]j8$NQ~W,.Pdߧ@sa#AlU(BQc2 {ܝ0&t B0w Q5j,F): bH){gYK2aSThn'S~60$`D*dSOsSo m3:Aj$k yUxQ=vs%8?9[%j@$R|I2DfUʊL9:AՒx-"uUV骭_+!ZM`{O2>d)Ct8bsX/N \3+BMK?Lg gZ';_xo{YҖk{:_=L+?\T8د!M#RE/8H4k iKw ]j&'1dP$W5hii!]&ζ] a73#^I& wU`OH6nŇx%tp#I@ .]vW5#d&ΰ;GԨ銺l;P8e96o [TW;r@{P9 뎦@x,%jneӞq&o;w*nJ>ݯ=$nXrB Dv άS\_ۚը_{̀Zr;DAXzS7\~0]bj0ۡsT'zK{3z o6F"+V0tRєNutV|Ȫs=ƈ˝OxxUP:,ZlbmL,[iL|pD5%@"EFrS;jχ?n˝kOV!06GcD&EīId/ahQhRmm!NzbZ!Ѓ!G+"Jqn-Ob{UG6Ԧq^5횙u`ҋHEt:^%d-vnǩUJ;hh?Y$!nI 6ݦQ?At7b?Ffssj ̩ꥦ_-kɡLu^m%0&HAp9YZ#>$saA.*z솘gn:އbo3N1 $H[Ѱ¢*qj]oOU6eTWzw/1m/h&LxS3A-AdifH#-ڤټjW$Oj$qLE` {NR? R57l]n\vg҆K+Jf:B )5pg迱F QG\p֟AjT7X`UV?Mw]rWtOf,rΒ+ "/iPwwor_ KsKAlN L-Er]8VbƦYԗѾ:Q}/tX۬CݔUmI'1 Dyۖ*dfܫGYHC`2y[>ƃPϵ'"u"F=zm #ga˷KIx=I/K! lRLL#gyמFa$K[jUN̥~esQ(_,*ZM+#7I K[aX>+xO.Fht'kH)ҏ qXcF֟J'7z"̏jA; !E^~::7jdoBp7jPI2"CXkzCYKZgPc3kqL;۝hUQ݀Xrg0!yr!%@{Dybb"={Zt]L9y󪨧R:1mfqJm{WW aJؔ,Eըl feTEBK%.1&=Xݔ8N,[̯G0 * rfe}Οĥ.V+MLW(s;vfp^v)ks5UIw`(+>-H99yɇ}%Ѱ_Ko 2v-'H~i./[&@:S*>a Zœ"?kB~G~㜆NV>2ki&8[vN~jPUl|މȳ D̓S`{+"`: $t^#Ȇ[`7v,Ste4_x# 2̖Ά)aٔӶh?t4lPlX&d[jt]DƛIZALjmB Œ@ZSs9:׊Cb[?w{#Vd/X tۤ FI/4{_FN-,KVq]D䉛 p*~vM_Luq4W;Y#ߘWF }e Mb{~Xd9H@8zxTyySVd\.Heͅ42՗frV lpr'd`)|R8m<ħHoto\vl* 2kO-ߩ-$ @+q nguWef,ZſBJ̪42=HW=rmpތ Nhpd=L_C0)e פ(`ŻD-8Kf ξQR/P&d["㦣&5*~㞂fw{|:)un1&b&Z| sfCEH  6ٹvtPYSLԣ5Z5&(%x(@w*iTJ/C|3di n= S>5a;0cfwbʦ7:](J?P݊CZ+ Kw;͕qKɡ3zVSV=b5Sgi$yܱ vj@@& _Ppe4sLO=f =R`.֚i*T7SCοNak LH5{O6W֥wYc7t6E(J -Ȁ~%j%Da8N|:7r`ݗUң{YcG kB߭d xbx:Q-(iYg6޶< [ OtFkmߒd ֚Hs}L.sSvkw1Ahݭ@U[,Q[tHGJ]vtqĊmS40<,F .sFp0ijRFUIK#(-QWl{r +[uwٿ6! O/0oٓ D2~H}*1AI&<=#Vo(=i@`HR5y ~z5vng1$jD$q(`SF;40|myͲSKH8ߌpAt1U?JPav &w9Es].u."Ҷ M ͿoUr)8y5 E Dnih}|b]~ yFȭX^TV(g|\&6Pib Vc궶N֣B0$)gBg5XPX,ee{~*:+>=QwS9pꃊq0KԨ)3t\Zl p*LU?t@v"C?t+MnN}$x2,K5%})ֵsA3\59dز_q\~ M 8?<^05Q0U?n(%F*UX`ҒG-mE `_-kKVL' xPF{6u"CRJجֶ6 jw/$7-*5h)%z uhyg *5 Rnh"S5 >yYW$F9orf-exla0_IN3Kc=/M'2,HHM@{xc 77}>,2J,!{LJwX@Wcir;njB(NI&e B ɭvd'^w ߫l]Ob~7yv9(͠B^,(!j"ouD'߇潞yw%[pt=ycI;Ht\Pw7@2R5L5(?V|,ZP^/H#E'䕦Dp T\٭^`9 e+1mZRB<]ъ˔X4.}9s,w&%}+m-^-2k U7.7L mN?:Yvb>6G ;vۯü-.}y)aQ5J5k2&6H{e {1q2CW׷}ڢ3Nf@c3M p8"eJ;bm#n!n,Ky̤K6>|iWAڭT犞 "h?ߥA l 03P.H_=񕤽&Ο.>496 ɒ̌&*hcH0~^@*5K-I{%-?oM=i:eRZ_洖K({=薃6f$}PiUc x+0[(d'Br~@@hQ^7L}f\$ GLS/ R(~#8c,!8ȆE"h;ÝfE62Ooi]NOZ 04ޛmBF}Ef_7_{T)JpCSH.8 4}̠=swR z+g<3 Jlg qIb{ 2>j6hMzi?D`) yaz54-)L$5B`D+4yuE-P"i%ģl2y2L~a20 >R "SV`_ yȘ3R鹘vm,АD7k+-Ap2j@dd+4y~+wS=)hӧs[aɭHq */825q.uHlk=Xr*zQ Ӆ4V<YjV!*zy($L'#o6m`K"4fS{A#CxV T^q$uMJA-p/nT׳m\KˣF0=}УRq#G4/F{ Y ى2?m8w˂Ŵ4e1\9 !6o69/U2-dbLB&(-X܍MQƕLrt0-{Ycu,|ϜT! 9VmڂҗIhש)OkR,Dkk:?Hnnܺ1{Ō$PM?"vO&[ge1qh^3cu2\dAUOx-/wMν.@Fifx\“d¦%>9m"kkp=1(ʯ8 M}@>f(d @-&jʭO9D[9r6_"Xetī1ȳջ ~{?N&X6'yYtPn!>HŢaigHo(.b+%^zUsμ/ӥOdѩuJ3BT[ QPG@'7b h%f:6t;džPYH-SzNvЯcu7vQ2^">dVhq2U 26O`=^@(%Ѕg@E<};r6lT,A Jp@_h)~`' IwLCJEw ڞ7a(8[B2P ,Ao:B;RNjK$SzSpۚ4洫UZi3 74'C'r]mhkA%gEnPhauŦ |Ʈd'iW#UQhw_ډ٨-b̀̄tWzc8Èv6ޘ3ЄYtGʙ c0w8x'ƷxR3?\[Yk ΥhSzFQrL3P}O@. yF3;l X?js 8X:sd=󨕕9R%="13o쯴n-ٗS :B=jijXsK un,7Kх’XjӂFkn/M}!hr kqKd2-PJ]1?\!ozde³U1@4eǽ=qw&3DN$Iѭ5^-qJA`zk= dvmOZ^_$"gp (3AoY>5y3l%*䠃4~KGA5 p>xGW"Dvvb{.[HXtiKg)7Wd Bv-R~qVr6Zwy) 4 G;_ԧH4Bl N[!M2b/C= ˰L9;Z*v.c+evaLk9wy2ּK[w> fN657=%E*=JNvUf7 z(yE3v7 XBV?,PѢiw6Mcl㬞5ITOlODX31ܝę`7;񑀊C.z#4A\,Oq"iDHtSk`'py;IQ0QA nG'`PJI8~uq*uzL /w][?JbMiL %όW ҆L~S++$N~ `/$~r6dn4|_ 9v/IށҼ+ F.tKCZ;g0qR zƅwA|*#i/ak'Sp0eTG@`"3Y,3DbP.,LH€d݆̉om[ ˬQ.~T('.: ̺Kg-Gvfܠf$OF!yTv˂9H/ѲQ1w03M, NokdG9n`{9_$~&C@XY9JCr%coSH-Oc@ 㑆;VаEs1`*V 6w]H4FjiJdFPe]bYd)>"t Pr;1vb/ H#P J"N?r.+BK@)eXS

[w|u}⢼nv*{Az.uOZ}[М~H JMLaJ^:kw~%#"JK2v( BALW_o{dҧΈ'7V0b!gX *o2X'CXrb:@SܕH[wksbJp3C!76KTRn#ws٤ܡ"> ߶OhPY:8OT='KcnҲ hU a_KܧV'oI3ںs\9n1#w(âv!|Z3yt J%cg1uèɐٴ%-W #ewmFuNHɹV~::ၢ& |/4Fw/, t8 i|>X+6Mk>H&pk;]Brn Z] ^Cn6mR,hDYNsWdb׀ڦa3s"L5.VS%tz/h<(I <%4wʤ# .R̩Kr)/= ANC܌j=EloOtfA7J * BUŢ%G.1Kw+vJdy=':".Fץ >Pn+\~O]?|'Pg=R Eۑy7A/m߽"'0k3"-4>%iUh[?W8rڹ%ɳV>pyՇ,AY/X)=]zCD[#N fĆ( S1 hBB!_o'<vo\# \Yp{3]MoZʂ"V`:Rf֤?"I.@֭PwHb(vVI@/Zq`AB'|ucݣF8 gL?øS`0t4}W l%X@c][ָͧ =1 xZyZKږp.2;$_%V[HKf*ݽ[AAJ"A[,Cl)0ʼnY# *<$"7_^ЛY6kN\+ԝ r<s[U!-.<I]$7t\܅rmȬ3n;+r0cQ:E%1 6)mw:k'Ab; 2OWN/ꕟ_ c3fp& H(}p[-1yU!lKz@JCkXTBZaXoI P1xMq wۯ6(,_7wy9f@ע#')D%;O%XrE C@z3G}Lg; ԩ]@$|BI|"T&z]}`WPhE657S4m?÷WR1_'2H$mEwfqBwlu1T,AC]b 'rrUTL ZbXbl:WOtvcFgnTeNc_ R},>p /e7Ֆ1jP}-M)ER O|9#_4}3MLQ fF7kM)'}p{qnjCĴ/UM)*7 /v~PQ~ X-&AkBՏD ;%}$.#r=)bO4& BtynE@~ 3#7$̀ދh16&T"WHdQzh:_yz7 a8ZWѢߊGRjyW=C;0s"\u{ D,p8 @iQNߣ[{f)$W+hnAR!+O*k8/ ,2'["FVqQ^NTh_ti;rV`5 5 /_nP#njW,1vWL,2Й>֊$I<ӉNf ^r5wSZ MTU໕;Zh6(1oA.UEheh^ɩ_X~\)җY+@*=d6 G0Cq!SKMma-&m]^+52oB @0œk@afA0)]R&πr4F/-++X*7aQW=MIyKM.,Iqi-KУ#.qBL-5\`]B "<[fΆ#w&fJߒR:,<%\ϱ#^]&ig5uHQ1M,TyJp{ xN/q-Hw_5,1oʓǀ'ѣ6e?14B;1W7Jl B$#(|S%$JCYk5 o sP"zŐ`n(ia:DzF9sB3s'SYJ2MX,so8;hut=-\OLQ?3sziRd_JPvV_T/lkEϡXBsCd&Pj} A^NG;C*"mj n yВ=9p*`B 0tH,r#K~CƝ'71?3o`O\#ɉfU-5B9wE(4bV%&#Y09:`?~˭7ˇԣº1@XPBNײOL`wʓ]>z4k\Wѽm69iXQ,w?8"ʞ [8 ?UxYⶹ9AW3g9qL3۽}3c]Pp m*x0G/bO_1qCNJˆQ4I1j.2*7ـѼk,ǞPjG/:`<?G7U5Үх-`tK+OѪ2KW`J=ZT_,\:q^%>WW4& o@׎:G{#,y6Ďv@)zGd,BيUxr啰9^5:wpVW0d1xo`,5vr++ 0t;gaTӜd..ɞ=>R$-9{2KB1 lͅYv =LQ* (W:s/䐾{# R1&x&lD}'iN{IaAN^hr'h¬R`\YL/Qʀdݨe4kGq wkL`J۟.@3r݆/TE$C= J,V:?CqcPՊ'_qGnJf^ r뫘4u)ɫák9dUmx+kUwlFUDOY%>2Vߪ,5xSJ#S2W=*z]=Xwcp9\G;^ *8obk B𶲔ba򍍪$h峺]j$gofMU5Q!H?TWhOTZMX=êtfo[<[-+A,]YS\Vm,>W/}UELluu7b&3 B7/XsFmT:!O1X^7Vz&e 5Ho|p)x=@' mnx_\OiS'Je1O4cW&(^ pX~r]Hc'%%Dq歅>ep =bbE G]l_(QRRӹPo7Ǖ?$@rV/wDj9wWXXGg52 9ÇF+nI\t8Y.R?yG"kc)iB *$0ΒOYy9ʅxx`gEkW@!ct9 N+sɮn&_ ppl=M $I0F9}<FۑRbdmW}x$ N ?p!2x3  L!ڹ/i.`}-ZiڭBfMYg6(Ekb) ug e׎_nKؚ ͋"e4cS$oZ&^gɚ6L&QW o Ѭ> 6ODHQؼR-3GA.:%1Y.lxJZc(c3ZmbT- ,4w^C<7\lOX^!>FI~\ ߷ !o['$;KMo=,>3ZG՗"4*CI-2ǚ)M3]@;b!G)vmc{ɵ )V(v囟bMS8;ֺa;.x#POj%vN4֣n# M}9;UeƷӫ:ɬ׆ɶZ= ^ Dՙܛ𯑘 5`m[38<}$_[ b[28Nhog,kQA3R>'Vn_W+ĵ*CiT ՉMKnBU{kȋO<,92&1WU@XVA/~b\$jGzGH4 R2(f I;R7Joxa|]ss684jAm^2.8f W<#9^KɎHJ6Z<Kn fȌ>hCYVu$ͺى'6B7 r~%gxhst*[][[nRW8ye9M3aʙo*TZ+e=(©עa.@t?QrV|3<~Ha8`/σJo<$7 ~2:䄘{ߍ8)7jDqX8g]jؙUXJ<E]cDXan +tɩT-/dOH)RQ|r&j^"H_,:cAU USe֡$L\ y!M{w0m{q變ѻT,6t`)3eЇnua}phpd"5FU4{d|x@ta& s13KGtUK҂$& ^Mb%n>]^U78'" FIUx69UK|#Vf51Wyv3  !h2_IG}X6,^v}1]O&(@^v{1*5H(t6t63m) #] otP)֬lmMS"y ?V0K3H_ubyg {0ɎΣ#5dP")EѰI;pioRiVA{ T=, ƿ>eY Nx4#iiO:p9-fNԕԩEm|BabHdbKOWPaԇs})f>vӡUq_$i Gzʼn, rwꞺHZ@]03i}p@dFÿ ԡշON:L.a3{ٹ5ri$ Jp# v+zw=3"yS}zXx( plXc-!3<Bh=mEdr`m=g$ǰ'GfIZ`0>T |YP}:BԄ\Y jqoq_mu]5ނXc=Z2806r?V;܆..RԄ;@#U]BCOh硷S J{'} 7?1tshpP\$ Rj Lfۅr+BFR-J[-2- )S"KOpQc2E]x(HMLW=L1&|wcS%Â$n&KFhMY>B"y@hdcݸ5S]0I٥c: N ?BtݸwCB n Pe@eJ)Z Jյved|5(M<2QTk5OCh1P;lVDÞ~A3%.JB{ ?8Qɫ::Yh[6->6|mm//* N/H7ܰ~іL4.~D\tZ$O%ɾάyQ/&jăt/xQۘq6YqM#Ho0**g71yHBWٲznҤz ԽԩO_F7i8lIFt:Ā:Tڗݹ&o)SXy2$fSD+\ʙQȈ*oBڸ0ׄv=q0lrLZP.L$x37L#a<D73{t\ʜko*=tVzoATC1y˛]d F==^AbI4p ڈG4 (ciG &%ܱs5(RRn<`svg#pʬJ52 $ʼ(Eʰ/RbeQLA@.z,`EzI kA1̺'8q6$ l*l0jUQ!v *-4wdBP3LR*}~—w'kߕzdՐwb!A|Ӵ, JfE:#D3gJF= kUyPi/}8P@!|녨I$Z|֮ @$Vˬ} HAalQY qŢbc?y~G1FACDeo# +GN0Rtc1̙Rec1<{""4 ruUZ*;0-{#:a1Y MA7Hl;(~Z-7L hUD{Vç0wN?M9oks:͐-¹%GPRrT%&c"`qh]{_䋡,wj>{SJެZ`K@*l G/A;OɪT[ 異A y;8oVi ^5cfT ]L}ݚ@v[%ڵ%M2YAR\15/;3BrhulbNKv6Q~޽7?0CXXݒFj؛hzv=jo6>2R/+ʡֵqyxZ wjݘ߉ ͯ)jBL { ?Av\=6GGf0&fNd{=۳5z^F_<82 FPX;x)5;f/@4",O55 ą?KQ |V6/gN<뵀R؄ 9GXRW0=K莸,sH1e(S`|W-QmWá*FNI' N}Rt=|u{*I2>͉u/{u$'0;#ـ#e~؂TX;7b$!~*M>e]xa#I0^%bl#Hg"vtJ3Ҕ%i-,ߍӡdl;ze4$#s*+fߔ4Ԑ lT4ht0KV=Ғ|RYLhQd{LӵAפI22r[)vv*w67#[>ݠph :_:ڽw;6[ -3o> lu?vo_?EotY⤛5:`^_'ߦѥ*@7& iupOȻ}Z8c޲6!I P}`UL-I6-𐸹R䬌649XΝ'S뽬&^#65|}_nrCA{DyKm@g1iN).ϩN$2j*j@ɶ\`Z#q<,7gpH&5/,X4PL5^l\8milfU [/n5t[@w3qJ;(m*:kd(_bܞ,!~lLE \g;0 lvqa0e࠿3al[M.w]BĄ\l; ;B; JQv/p(\8rrBeXx00U'-PP ,Cco֐њ̴^ӆЈҪWS߉SE'{NH{m'UgXb&j0 _ot7eUu5lJxd I·}39j_0D) 7Z :y}i숽m" Jb3)H+Vp%yd4%|z)JT`g/͎0a3xvS\:$J]JKcHܧ¥%근c%Q>Dc_6_:`1OC]EgL?Ko{qhGQ= ZFE)#:L6g┽~ (3k:w.HZFΩO2n/f~ a+Y~2YWD +Iq wHB'`Dyl*$JVYS_ʋoRHV51>;$ MsYh7Zt?q*G,:Ү\{% %'<Za2_2טb,jxz6!u,ےB{lo 7.ʕ7=Rf+31j Q&9M^UXywl|ظy @kEpQg;wc{Z ybLX-+moD3\/|&czHD,ss_&^c)*=JGЗ aߡd!2\D7K#Kɔ*&k(AQ 0D8MK]O(*Ap1INUUr7q5 Vinz8` /坺(?gh{,h]+%ԃ Y1 !!_wͰ1ϛg |`x>wԙz C΄۱.EՕi2 'k;֊@>ioɱf+\DA*. i @ SuI*&h_/) lh ,=CޒT4h7$?T>P=/~~ M5,2}au@96( bT؂!x Z*QyNQy~ST:@oYiգ$*#0[̆o쉂.o00%a)GF?9Ap ,7d>w7l L[:yD+-zHF՜_{y ') tZ$ĘSiF74Z< 8f]F̨]dal^z BOB G]"!ήF0F'Eښw=CDIR z%X8=y#Q_6A`* ݪΦz}؃̠z8KyE[#d<<]&mA_,SJZmnlũWk OZ>Y"t}u3yRq+v7yC]cT $"`hqd`ͰBV>k>b-5p|1XϚc0 =)Epq :Ҳq}SK6L=ĝ] t65f*YկEiU`Xhfr(79"J?q^]^$rW2zqZ;w7:g/mzˊ|,ӃQR=游=4XDd/XS ﳸP5h3rUkJd:G}^ޮqdy^dХ~LC4Saa&x˙SX7ԐL* H_BZn^gs_F֔Q2k}3֞܎(TC:]UBZ}!|InQhƈ8xklq3ǶRdB?z!CO[j,u%_ @ta{}QxSz5F*]hd&)9O5Y~~#WFٔ{Dբq1$[3?6B噪@xeB*q׼V@vnyKy|6Zٕ{#N!3-Q>qԉ4k;pM0Cy?HQ;W)/o h2%[sHCK ?J(92c?|&ovը#@ FFv[?|`5givys"8^j`TuSuCdd,_XInaZS9` qV"x^tV2NdMfr[VM֫i(N2v'DҬ 2-{(Eq$05,`o/ENG[mLcN\NwTObהд`,@[܃\6D5**m^jViؠ隅AH9o4J$[>hll T9SIjZt(@߃d{an׉LZ&y{ IVեVFPז(WQ|O.\4eZq\:=?"mK>ʬLxoRJ&9JY Y_gm$nQ 9)=LX6gE)SY:Y_`O>.C\vG^-p;ޱ*@8 hY#++V!KŠ^챵>]x9kuG|K|8;Q,pSZ4+,He![#J > KvVD53v& /iHA+RyNZ%θIzL ϸ ^LNEszxbOF,am%| cL?N!*lybOᩓ+h<⌊)*Wsq +^F}S\ԟɨGUjD"J~(5ײ }YOpsҬ!E~/1*]Nϴv.TإD@6>ᵴP9>mxa` 獆#ZG _J >_{=qs=kKi[C>X 89WLPه=Ojᰛsql!%1`XaU%#CYv"]ow3}pNgpA8THmo +C .K">u,7c‹;З1{j)Z.WVIцGbtUz /Ț+DU~ڵ'$ !F]cXn@Ao)&_$>BIZ*}jwkkJ[>;F^0}Qh/ /pdXY 1V!PB4\$L-; 5-9ѨV*0 F<"'{KigomQR2kNT]|H/ofzЁGF\DJ8G!ɜ=)ƿfzBKیUGfL׈Ls2Z(M_U^ x&CdbI%B" Zy-8kBh87AY`frJb5$ 8澧Љ/WL͠gOV]ΥÞՌ*Xޅǜ3]1%)0p;@G? |)l}:n"& ʃʺ̞a4-ү/*P6ߣ>g+WNhx'?t\hY6o_AP:I1_vr9;t/QiYs+J WDZgE_0zwnN? 2'PޥMg8ow (H^`PW-T Bat^qsA`̞m8 1B}L֙Y7SQcUI%]Z:qwGvM<6Vɒ5KS9EW81Qc38jʪY'M.ڠT2P~7׀ n"'N@/qef>ňW9^}+&_(o "%ֱFbp'Ǽџu}w={6NFEOMcH.P/m/dtQhқ@WhaV !5UzlgW1B#TN6|7z.6Vqvm>t 2ُ6^ɰ?pE^֦؋& ʿŻ7ȈED&ʙ Vc!N]Py;zSyVOd(=t&6MQQ{Ha\>U.~FkF qTf#ĵ`ŬڡDsTZZ|x>eXR~yL#vg>}2˾fI Dq9XY7nrae’@A~ioo3;Vg,[?2E5 A\{9=EGaD3dO~-}~بy!'nn0+(;Dx5Y$8jc(Ҿ? *. 4/x>gkuFiJ|F,.OJlEtʱ߇PIד:899N?[-ۆf侌Wj!qvGk^_؈\Q}a[ s䀍Y>i5]rÚ5:p\_QXFr$ĤQIGyZ\؛ A9Dd`2B{Zao@U҂zXkc*O,b?s碭U_*рˮJ$}+%'F (.*DyQ7d;헿,ȇe[~PYDíz|FFMD䭬IPҜ_$\e7W8.],/+ߺ76xqsf l˄BitJKE&3 iυ}XfݒyJI::|WҺ$IT`\2[.+"o{t&S#|*O#T$rfc|o/Pܤh&4EKjLe.h8t~"Eh;I0 r tN;̻}1a2z- f>ϠFQr:Zy0W?C7M{].W?x ;DI @d}'ճ}OZ7AVa";+%v7 zZo /VAEunƿk6)mKK*'Mgslk@2ZNyw<c"s m UȬ!}yF$ {QQ3ޒ[XFT $G6xH< eܶ F hHiiL(9%9^ʠΐ{PUC0{} ߩ4Ec, m4AYu"yJ %L PBB:[aO--b\_g/ YepԊMv%_wg \ )rҲ 2_U^(α54*R(G5?&|.1nL +@a0R.' h@bHrûNAfk~{,Gs9F\ -iMfCRG-@ (=bܤFujr% P~!leu7 *_lPYڒ|'vlu:CC443/ᰥ&A0D'mjjQ#'X%fQ",g&֕ӹYQ3 k{Ӹ9k sCe?nY+&VҔrRE/)vzNe4lNcx\H'p8͕+km!lfu8K^?5jTOA~AkHxKB#l'A 2R~T|õ(.@޺>f&\a^KD tRiiNBJ  S@uDO3w"VedD=xe<恑'V1vTzq~DL]|޸2F'IďӂDUfOal.U\r*п7\ Z1֯EUO! .?`|zC5LcZZp^nhIwȗ{L=o Cٌ䆤mysWo$0_|y:3?Cngwb5Z- YpC7ECMK"vbݞ ^%tOўKPOKhQB.?@-[n}y>H[>-JR6p WMZ3z|o˙ bq2@7yzgTH-KČYi貮_Q$YApiPoމm,^brg8| M hI]t0~'[u?x26lvB#(DbugǮye/C~5qz]91ArSuOEGpIJKn2H[&pg3J ?{hRb(O`'y|cɌ^a-Q*RB;=IJ )CR,NO`%US~[` B늯Z[P!yh-E5Ϧ&X[\L(_QJZm6OqLqO[%5#$X^&+ڏp)uص= :󳡆Jyt5%GkT{ic3UwG<~C4);*yX< SLD7Lh !]5!+XMEl[+rI+ d w<[:@l#nOtH>f-hwnNFYC;/*]Y]Qg~1l,]jہ]aA 4[#kNoTwtVimCeE-[թ!h$;o9y^<@RUE>Rxf^%U :1r2Tr}iqo+HnjXu^qӤ51 fpMWI Z॥>= eO!G'^M;.9%n Ͱ?"Q!+c*uۖYP=GƤv>oR !rg=b'D:a՚',H qCϭS+ 7q7`頛~Ѝa|']MW- I&G.yp!R{ $?:C s2'hj"2D~3]bI;یdfJ]px:d~2o@X;pݼsBJ&\&7D sڰ0Yp9޶Ru[;щ ryX9CW&"K-sw WF /rzj*[qgm^~aH>Eȱԉ[GHr[ƸID{Fb?꙰\7} Cpy8B/K+V¨cgͿ$eG&'bIھ. i2&)aBl>c[?X"=Nq7Llǂ i/l"/}yq|Æ4g) s]C+Q!JWܘ'kd.ϱ*b\ǵ.Vx w9LEW H43 tyTw}|*YFXGI}\ ($aӠNhs] g@A19No6Ko< D۩$z :6jv-dJbuA> /v,5_u@3U qrs";g0huWZoP7FCw4xP 0荼l\K`rlO ]rgnnt*Ө|ib Rn(.wW׎pD-Z~&;*2Fk 189m0H>t#|iF~毽MaㄢyXn>ǜnRXtY* ՏI}[A0hxeP{]gG/:NHY b?0Ci'csߗ [ծa:^( הkRNZ". ٦h=b6nAiâbr1#m"71s&WBK<81ȷoaWfJ?m]>$ ι,cPKje6 a#KڒPI|-rwnǙ;6 툿jwQ<"r UX(`@yT:[R$#c鬉?Е&!a# ׎ (@viaQǗ4C=tkR^D;4{^t1AԀ2Mq ~o9Zi,7Ҽv uц:kdȬ0 X &A32q75YmY7;'b74^ Aܙ5|eAM}~ME)pv=u+z{@ T&8ܴq=BƁԥUdiJNTs쌚"%~hZyC/ s^mpЛZxƱh@G"e[Lđ|t{lқh74F[tT4E]?6o1 pz nl ;kf'ە {Bm^,'cY>o q8Q}g4:8s)^u;8@(+~ahQܑm*3mlT%'_R ߦ9 /h#tg&h'T,8뛷}MκMmdƯ+,+7I˔ͽ7|CmNd5 wԔ9`/ 8VEKdW='nq1jV b e—"$,'{6΄>'iκL X̥G: q&zh ,u gY:?ȭ"J }nfNcNҍ!O'#'0yx.}AA8bnUUM}W1?RE$g:n7 tsLNYX^/8\Y`M75MEh/:0ўTW6Ǒ_"(ۊ#-/a6%&l4U0ʯ6Z\. '(-%OvY j`5K/یW #W'¯O[Csv0z_v+u~ .8=%S,f~-leb6G%$څ"JcG4)%g$e0CVjH2lR b.5ٰќ i`q+moTl-wDt9 05zNx.H딥ʋ"4R֞ 2"4k{e̓Ǣ@oz2E[B뉵֨7^oB_<NC' PP!A!s)\ ^՗ryOZl&@e{g`J_ %ÎI/SK3 }HmXkdmrċLƄqIQ5˖ғqկV@^~p_"Ҵ P&aLG{O e%%Y8a~qNKCPFğuhUɏ*Uf3+RQ ^rELN;ʵi`޴ZIۢl;_eSJbiXr=Е|Vs̓֏k¾̏AJp9$ ;_z|D0Qb P}6_֞z͇ hq{7}?Q~rPdž-#Jw1Yp0-pC< pT9> ~pnM] 8X/\L5O d2(1Ӫ9vh#u) 51^ާqg7\˽?.)[|T Hawq}gmwH#rlE3+9*Zj$N _NfYShaO`h)⓹jJ&Ȗ)7~r"uGL;z}0@ Nw..MX[q%ʇd㻭,<'rJA$#"? ;M)B k2yuVS~e۰C.x~wx,bƖ,&ZڣQr@MИ'QmD8S߇e!!Aa KXBtNں*S ۥÛ4YA)yUf@=>-qH LtroN 34EU5Y#fVx?Ҙhҧ]YOݦ&XUe"qNV=)$?[fIBIuCwJ(6=V=c~2]M5U4f=8MdO-Es7<^)(+?ZOܰSqt| a_χi OE%m7^#zJL#IfaͽݵX Rh8Enۭ=7Uf[-ŭR-rآ'Om\)d7 h!ӂ-7Ǩx%vi@d,U->p[Ͷiŋ(20ҤS7{pIP4f*xr[^}Q|]`Q!鸡cz굙jx~'5Tfe`UcQ,5z"^NlKƒp}6+ @ᔛdӲXNd1ΝA)-.Z1 1s$7O\>?(Js[|':^w`!(}X*Y7u8A),`yG=*@OOC蛠@d_s^ݏAéj*`x ɉhxmd9%X69^J:4{PEqKi/NF'cTP1;%Eܤ<lb 㡨VhFI',;SmO>iǘśd19|#9ݪLπ*D4Z?ȹ}D='ܷqo J!BR$yw$rʩAsMBJx~N|]cT|tT#o.wLV* &yBGeD̾8DbzN$JD ,f=^Lcn7? zaGCn苢D9Q-R(ǯ.d)W#:Rm]swQi*W ?@=C/ fΠ%\su⹕'xuur>3×|I'o 5;슘[0M?Z{|Xg~aL-)鵆f2H4&p|P - ~Ufsv3=dUx]18c*b'f|E0s"X4-,O蒏56^WѼ eB34 4p%J>vb -ܓ-MX*͟b|xZl dEw ,3:'=vj48˛U?9U?Z| Iu9RVXWJw3VȜh#QOСgP9h3ۛdMnj;no "Ǖ1K so~0[\7)ދXw4>s1`oxrEdBu ef2Zu}51r?֌ep]I iue(W7@޹UV5#rTeyGQ ӸNZx&9:jEj 9 l%7 sk$,hH)6۹W9(R9z/5 -O`Wȷ)X 5]_•3a/'͗:J+BN}F>cXșY0e#.p98pޘm7sx?7%rX >@),vjzTK>ND̛e͸,i #tX'ȦvOɈH?y2rK? 7SgwDd4W.Xʝ`'ťɫMhqﲟZ,z[Co|\0x(n[m[X({2"-2(NH[KAfzK1.3KK}L9-2:h,qn1 ˂:ypء:R㽄1,=kl%(,yz"+M@Pxv[ee?#3 y@rA ;Fmt\?ʞ BzouјY7y QM2c 44MPB c¶kծ bΡΉसysb]8uC;ܹxR]\J9cQ_ RMAU;;7@|r ?9^qu one4SS-XyA"+_O.5U#qU6W(Q6ϹK "lAMNeTϤꑭ1`r̘bZ:ݛ7󠠂)sVW9J݃da Hm[C+tTlXvur'h^qSכ9O#F \1]TJCbt i$j 0Ƌz3xq2\t`bt\dXt>q9_9#a$wD wEjE !Z7vz>qr}) R2q@ }(i%ĂWhw1?*]vaJ+L`K+nЄ^TBlG&Wt`d+5ˆE/q씎 g;v3!xF \z@7c>Ln?z[Xaqy.<uBݠ0}*W1fk05ۨRN$؝8?ᰥ2N\/# ~lvrϮ"qu>ڀb8wʤVv7Eڙ_(\XdE]4\GIU l7]7ZeOULaaZ,r'{_'Lϱ=i癫ԋg^?`o Ք:k|0r\Myo1y\ViInw&H|Y=iHz3@zG+q8{:9hoOaKI-*#Lkl 1x%?un8J\G+,x7C}#ӂuv$ e/"Y_pZ,Fajn>'HoLAëNܙIRe(jSb ϟlYak@5SrYR$WH攣CBAet`[5XTVK9>ȏN4]9'lTUh8dx<`t<~ ]!*$*ܬV..=(eW}(aO^+/G+cI8 .XݝH>-p X.Mota>$ߨ艄 7.&M#&)bo)pȤO9cx&AVN_{l⑊MKLtA@nN=/ ‚,-3i|RߋDž+SLۦB)œ۫E: |; U?Zxg$ w?CL,jSz*}$MFczrYr*{89?Un ~!Hty^J'!E'Yޡࢠ{]5N63GQ&%s} )EIәl 9o17 *aИM]e_BsR?_I81ŽAj$$}pEIz,mV𒈲lth+rD\')d5N0b؇1Uip7=&1NFJ/66BH)]XR0]brBhNY4ìݝHn' |Z"d:XOF1pV(gtz]SX,Wg1L66p_WZ^ݺ9~_tOZJ q zCC=BZs @J6K.]:,bgX VNA?JAfuXńдJWZEuWF+B00qlB ޼4dіj3!F p5)qlD֎z6>wY vm&kY(te8| 9*~Cn;o5EѨp%_Fi?HS,Aʝ+&qQ`:Ŷ6wi!o"=-H{ߑJ¥ʡ῏CUH&0{{oÆo檄6Po5t׶TAVlѮ z 5' U`-KMũV.Z{pnd:-5c%ra.@ٝ1fX(ɳ/^> P&%;yTdu9;ftqsq]Wv7lfcbMlcoȫeEcӺ8?wuFc<ӓK JxhSCi? '3>GcU8YA9i=@ 8l ~lnW]H#k: į}Vy~yş'}Q" +OJ5'D>ﱀLbb,, k&)ecJn_ ̱Hy:`בp=;K"ؾGg\t@marn1os=;Ɩ=&dRE e&ޠrGu|$?8HD^g3SJ񏎏y8voI? ׄ$d$H1m40 3]T7ٓeХjOH*Xq2ΐMqbp?e{:M"dE҇qhWg0{)C2\|~0[K@%[HmhfaŶTIrW.}F(wOWXy^SsDvS.[Rk9r`bW埘= ˖+$P 'kס7fGqL޿QyIuCLa!$$'Na'tV]W!ƙl snR(x)BX(g{?-hvjZUwTEvI-[b,Ԯ+˟׎i --~8yiO ,nЍQ'a9k@UlMS4YbW9DN*JCƎ(q4^}J$V&Y$|D-‘c(fї~xѭ fVӿDZj|G( Q+sQ 2|W4I//%7V`oA=}86u~(E <v\>W,έ,x/Z[l'`erm%.~79msBϚMdQ#tnRmyk`R./fD6k@fJX8rTh\-;Ur6FClZϭn84`b{tܡ|m~ӗ{escˊu0L2\58^p CTZ:#U>fι7n.?f ݟMntAZhg%ׇ)(Tbѽ2tZ@ت/!0$a6) 6O-Ek"̸ ])gn%Xˎ8( XմpMZ{ A]hȿLІAae*d_쓖"X +##TbAΎ{sËo:4o?7-418;mkQ`bKm(p&>b/(޶6)'{v3j[ZU  HIlV]e..]2^/Y0\2;{.dk-G`%y% KKee{%AƧbU!}\ڨS\S;j6rd`Ӣ@lKa5zNϔz!"նd{t+2`'^&ܡ7wAH7$7/ƸB,M.J 1:–iFi~?5c H:j"q6y8 {͗wQŴgݺ\{!ρЙ{ox#OjI_Jb<:ž04ыUi葭N]aDO_ ۮ"fĆtS{5~]4fb w0wk_9SJLqZߗm7R޲,';yS?&L6`3ܪ}A`vDAIg=bEpTs}-;u:Q  ]WS=f'"_쐑m3<:Py5] OF1KGzD.r~th* ֿthBwz(4{BgѮcU Z?Z;ʅ 3 `+<+9hD[*J/eaEltah Ψ WA#x -Hܓ 'j j :|#y(,?pR7\8]$cÏu!;vPַz۞)8Z'^'U&<&?WxTmlxaUf50iGOB_݌օM.o5Id ]\9-> sY(D"e۵[LAm<8 e6~t Nhubh+ێɍ˻D䋍IPf@cXiAzTk]vZ,E%F2iy3 Ǎ\A N"ksLh ` F腅(rg҈yȰ=pI"QAsIh~KXgQ".C>#OT]t {>䰍d|4蓨l R*$@Ȱ!UHVjϧx6)tpcӞ$O ּ1 vKާиZE:\qqM8\#C03&D߉B fǃb72Q4ce}p3Vea :uzƫR@@A4DMm@IFaL G6#%x Oz,A.2?{W`SY ?$x#IiPHz\f;ى`%hEM'H*zlD+'>g +e>?looK&(_,1XqReRZ~TkRo,Tబ޼i~Ň<Cɢ6G5QPJVKsm - $ݶMgC,LKe<Dxš -7%R7xz1+=i'G bra7{ظ8MC>z,zUԼcx_ǂײZȯ5ŢMR}b_]td70ʌ:1ǒ hI7˩|$O!>P' trI!/R[nU2'˨lxzT -h.G!y]-0)yGfFl0!Cʉ>$~Hr n$8ѪkP^P-\Z1c>61\)Fi|^Y&;ˣI^_P݀1_ޣCvyg؁^9|.U5E8\J7jܐ)n {z DQ I5]M\?Z̮+7B'(Z<n\~'vnSY0TPŤʮ lp"$V@R$rJo u Ah-9oqVAlPoQgxVv;Ggx^u!Kb?{jMIB"zQw{z.i` f. f%vZe},Rcix5 &02=S\7k;Gḑ{ps-֒"ʕ+Zv)0VGe2woZ(3-|{2AG}l뽄D_vn;aҦuUFN^&el˛';eZRkF877*JK[ŽzPadhBlYܓ慚i>JdR>Ǣ&VJ296PiNK'w(3Zc2&ośYFxKFo"L,b4 <9ɗJGo2o$.5 hB_ I┟&7XuBBOfbayQ/\{% w|i@ Qœ!J-__+|o Xl2V\݆!AI_J(kߏL~*K. "Dɺz #@ӯa' u\9 -?p`r҅<+( x#@02Sr x)yn<2ċ؆U+PW=uR1NN痓]|;/}尰0Acb +<ӒtD\ 0"w8;c Cp[H< ̛abrӈe%NF>hE!Kd^-g&8C_Z fZ^V\C[6$Ld ]vNS𕙽8'Ԓu[xZJԆ$^o8,_Cs]/ fIvyWz|BA 'cEH7f$\.NJ%ԂBTu(gś̄j+kaqXT@uMBG!_E9<_\ Uq,$n4Aqt;Ʈy^!VYŪǾ17ot%}Oa$=)57~(i`3i -#,XkV]9)*ME+DLL깃һMu5Lk,\b=Wd u|dx~&2ު&XǍbޯ6~X<히>%bMbEdZD)tZvd|V.VٻR!n~+ )aԿV #[Br/ y2ԂR$fd%!Ʃ1埮L{O0%onK`1oU>@-m;1H9=¦δu2|+ ͚vv c=Xp~ۤWoEnOzv롦tٖƧ.:bmלVLlc>w鈖 [Lf,?O]ώmzHtᄜupF]HN Xs@,ntBE$ɶqT2hr{1^zr:Z4 $zyኰck`x8 .Uj (hI5%TD _hpDL[>G-,.F9M,DER:|n47J86fէxubSvJr X&Ԓ"졈a,~rД9TTnZi)ӉlӪs!yB7}˜_֋Z6uKP޻<_mÚv#$Ln圔?)mD-&)ÛBe2}2ܻME w]f?͔ĹlOd^d[m[QqnqQrx@"1KŤ BswN\uruDXZPlr H9R ;_s>ha]{86)Lr =/"[υUdaBzGʉؘ2lNQ gg6?V2j4zrŠԣO~*{bz[> xY'ߩ4q%ʷ +' x ~y>mFpWxg\BF12&YP$9BVacEI)~X4" ƫ@opܰK`L݆B}n@(+*4+o,hy&ˌ5vP^4|Dѻ xez}WT @s9._ń%_~z>>o::, ]_5Ni9bc6~Yr4qL'@^e!N] Jae &n,MZVWpN_<#۽9S#G~6I`c50>qd*inU\)tI"RI !'@v-N1=8٪'& 7[lrs9-l" i y 7uW5=eIɺpb=m =\:Ɇ ˮӏYaKsyap] X'"ns 2m5/M*9`:8l.ݱd%2; vTrptKNX+б>=A_[!k 4ߔH5OZ "hN2Qױ+hwQ2[gFǒF|h5UW&LF eY~Yd  A{@Ab7Dc<.lXhCA7-lY(_U#hN6 U Y<BD<>f@ύH@y-%>3gK)we\*Uـ*ᆯ^P.ry{Lw+UdN Ne> !ou=\HGd:hЃjyb*L^e2ć#,Jɵɞ=[Ѓ`N3 ۴S(N&R"vnyI򀘏}ec*b|&n|Wهp~V:;\IsEp/;UK4gl-/IzX!4#޲Tku8hSomah/kkkܰfn"l;iʿa#`}deZβX?R4OYwZ>݀?!s]5|WFWj?JUf3!s%$= JfDr`\]vFG%ģ2 6-taX'%\GI(ȹ6+dwjLԴWZE [Ӓo'[Pނ얘#1^_?(AP_k(&i$`틹>N/u~Na:;^0x⬙z):3ЕkS$`M?='U\S%W|ي>4-,~%=Dga;wE!%XxtT\(Җ~kO-R][^ >>խ o%{Y͍GOȎ7c:$\1$H5Taq"/~ٖXt{\-RMd& }߉W_ȕKl߆ԕE l#|0o3E Ieǎ#50H!1|VWwz8hҩS SXَ42QY`,P:/ˈƠǢϏ2 fWbZkҸm=.sMЫ@hn٢Z{ނ.s *RǑdV K<ᅩռ4ٯ  A,Abx!LkǍ /⬣l ;Y[hMItTxeuWѻ>Dq 3=tKXz HKZ]~ ܮIm˂VV@`6Bw#'zS'1N!9; Cx gJؕ0e.kΗS(<[>ng.niތnN2%^W(%ʍcܐIo@b7LRH4j=vaUb\m/ <^ a7$Z-a/mi4jĜ##Ifw^nO\Ec#_E: pO RvٻŃIj nw׼}A{9gwn;xp;cߢI׵v?zwIql -]{ t`o![| `\1OwdX]'V$ Ylp%]c`b(-y* ʪ}ۡ T$6Q *,:g2ƞʯw$䬠c8ErCedg7ӀE JR_?acElꚂ|FQs_d| |hYmthk߽_2K;O\f(0jMo_Xu#7&2򃷧 [*a8*^;-|6.}\NC,lt*cmdLa$B5-NoYa!](Dk`ʪVGF"I>ŻCp{}9]yndy}T$rTgwZcva-·60!,~dY$$נ_;uQ>W Cɭ-uj s&=/-tF J$ݿQbhr?K3ot >QntC C秶 YZ