������libgcrypt20-32bit-1.10.3-150600.3.3.1�������������������������������������������������������������<���>�������,��������������������������������������������������������g5op9|��g]�*?͏X�qlO¹̌dj9YxIۡ(]sDEh5Z+[j1x,6'hMWɄ%�S+-J] �dYLA}�[ۿli�Mˀ&Y)Ĝ-@-B�Y�j��5�bKՉYL
F{(O=h��6+��7ʾ~a�1FiLn��0�&";p=V&~y�c���Q��~܍Po���>��������������������A��L���?������<�������d��������������������������������������������������������������� ���(���������� ���?������������������������������������������������������������������������������������������������������������� ���+��������������<��������������a��������������g���������������n������������������������������������� ��������������
��������������������������������������������
���������������������������������������������������������������������4���������������<�����������������������������������������������������(���������������8������� ���i���9����������i���:����������i���>�������������B�������������G�������������H�������������I�������������X�������������Y�������������Z������<�������[������D�������\������`�������]������h�������^�������������b�������������c������T�������d�������������e�������������f�������������l�������������u�������������v�������������w�������������x�������������y����������������������������������������������������������8����C�libgcrypt20-32bit�1.10.3�150600.3.3.1�The GNU Crypto Library�Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).���g5oh04-ch1d������USUSE Linux Enterprise 15�SUSE LLC �GPL-2.0-or-later AND LGPL-2.1-or-later�https://www.suse.com/�System/Libraries�https://gnupg.org/software/libgcrypt�linux�x86_64�/sbin/ldconfig����������U����g5og5o�b8a70397b971e0b03672f01e19bfb18bfc377ff4031f63b579575b73b3e39b1b�libgcrypt.so.20.4.3�����������root�root�root�root�libgcrypt-1.10.3-150600.3.3.1.src.rpm���libgcrypt-32bit�libgcrypt.so.20�libgcrypt.so.20(GCRYPT_1.6)�libgcrypt20-32bit�libgcrypt20-32bit(x86-32)�libgcrypt20-hmac-32bit��������@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@����
���
���
���
/bin/sh�ld-linux.so.2�ld-linux.so.2(GLIBC_2.3)�libc.so.6�libc.so.6(GLIBC_2.0)�libc.so.6(GLIBC_2.1)�libc.so.6(GLIBC_2.1.3)�libc.so.6(GLIBC_2.25)�libc.so.6(GLIBC_2.28)�libc.so.6(GLIBC_2.3)�libc.so.6(GLIBC_2.3.4)�libc.so.6(GLIBC_2.33)�libc.so.6(GLIBC_2.34)�libc.so.6(GLIBC_2.38)�libc.so.6(GLIBC_2.4)�libgpg-error.so.0�libgpg-error.so.0(GPG_ERROR_1.0)�libjitterentropy.so.3�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�������������������3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.3���gg@g@g@g@g@g@eee@e@e\eTe.w@e��@dkY@d5Kd�xcOc!@c�@c�c�c�@bb@bX�b9@a a@aLa�@a@a�@a(@azaI@aI@a#a#`#@`P@`~@`-�@`�>`�@`�` l_�@_�c^@^@^H^@^@^|@^j$@^U�@^!]@]e@]�]ʞ]i�]�^@]�]�\\@\C@\�@\�@\@\�[@[դ[:�[!�@Z@Z@ZZ1�@Y�Yu@YqYTY3@Y1S@XXRXOWF@WQW9@W9@VV�UUJ@T@TTԬTԬTԬTZ�@lucas.mulling@suse.com�lucas.mulling@suse.com�lucas.mulling@suse.com�lucas.mulling@suse.com�lucas.mulling@suse.com�lucas.mulling@suse.com�lucas.mulling@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�dmueller@suse.com�otto.hollmann@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�mpluskal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�coolo@suse.com�dennis.knorr@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�info@paolostivanin.com�andreas.stieger@gmx.de�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�pmonreal@suse.com�andreas.stieger@gmx.de�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�vcizek@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�andreas.stieger@gmx.de�jsikes@suse.de�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�jsikes@suse.de�jsikes@suse.de�jsikes@suse.de�vcizek@suse.com�vcizek@suse.com�vcizek@suse.com�pmonrealgonzalez@suse.com�vcizek@suse.com�astieger@suse.com�schwab@suse.de�kbabioch@suse.com�pmonrealgonzalez@suse.com�pmonrealgonzalez@suse.com�fvogt@suse.com�astieger@suse.com�astieger@suse.com�jengelh@inai.de�astieger@suse.com�astieger@suse.com�astieger@suse.com�pmonrealgonzalez@suse.com�rmaliska@suse.com�astieger@suse.com�astieger@suse.com�mpluskal,vcizek,astieger}@suse.com�astieger@suse.com�pjanouch@suse.de�pjanouch@suse.de�astieger@suse.com�astieger@suse.com�vcizek@suse.com�dvaleev@suse.com�astieger@suse.com�astieger@suse.com�coolo@suse.com�dimstar@opensuse.org�coolo@suse.com�andreas.stieger@gmx.de�- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
* Add libgcrypt-FIPS-SLI-Differentiate-non-compliant-flags-in-the-SLI.patch�- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
* Add libgcrypt-FIPS-SLI-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch�- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
* Add libgcrypt-FIPS-disable-GCRYCTL_NO_FIPS_MODE.patch�- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
* Add libgcrypt-FIPS-SLI-Disallow-RSA-keys-with-size-lt-2048.patch�- FIPS: Service level indicator for libgcrypt [bsc#1225939]
* Factor out `prepare_datasexp_to_be_signed` for FIPS SLI
* Add libgcrypt-FIPS-SLI-Factor-out-data-SEXP-preparation.patch
* Include missing checks for EdDSA and ECDSA for FIPS SLI
* Add libgcrypt-FIPS-SLI-Only-allow-defined-digest-algo-for-EdDSA.patch
* Add libgcrypt-FIPS-SLI-Reject-use-of-SHAKE-when-its-ECDSA-with-RFC6979.patch
* Include upstream patches for FIPS SLI for libgcrypt
* Add libgcrypt-FIPS-SLI-Introduce-an-internal-API-for-FIPS-service-indicator.patch
* Add libgcrypt-FIPS-SLI-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch
* Add libgcrypt-FIPS-SLI-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
* Add libgcrypt-FIPS-SLI-Implement-new-FIPS-service-indicator-for-gcry_md_hash_*.patch
* Add libgcrypt-FIPS-SLI-Add-t-digest.patch
* Add libgcrypt-FIPS-SLI-Fix-t-digest-for-a-minimal-configuration.patch
* Add libgcrypt-FIPS-SLI-Extend-tests-t-digest-to-test-hmac-too.patch
* Add libgcrypt-FIPS-SLI-Fix-comment-in-t-thread-local.patch
* Add libgcrypt-FIPS-SLI-Change-the-internal-API-for-new-FIPS-service-indicator.patch
* Add libgcrypt-FIPS-SLI-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch
* Add libgcrypt-FIPS-SLI-Add-tests-for-md_open-write-read-close-for-t-digest.patch
* Add libgcrypt-FIPS-SLI-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch
* Add libgcrypt-FIPS-SLI-Implement-new-FIPS-service-indicator-for-cipher_open.patch
* Add libgcrypt-FIPS-SLI-Add-gcry_mac_open-tests.patch
* Add libgcrypt-FIPS-SLI-Rename-t-fips-service-ind.patch
* Add libgcrypt-FIPS-SLI-Move-KDF-tests-to-t-fips-service-ind.patch
* Add libgcrypt-FIPS-SLI-Add-gcry_cipher_open-tests.patch
* Add libgcrypt-FIPS-SLI-gcry_md_copy-should-care-about-FIPS-service-indicator.patch
* Add libgcrypt-FIPS-SLI-Implement-FIPS-service-indicator-for-gcry_pk_hash_API.patch
* Add libgcrypt-FIPS-SLI-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
* Add libgcrypt-FIPS-SLI-Fix-the-previous-change.patch
* Add libgcrypt-FIPS-SLI-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch
* Add libgcrypt-FIPS-SLI-Add-behavior-not-to-reject-but-mark-non-compliant.patch
* Add libgcrypt-FIPS-SLI-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch
* Add libgcrypt-FIPS-SLI-Add-more-tests-to-tests-t-fips-service-ind.patch
* Add libgcrypt-FIPS-SLI-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch
* Add libgcrypt-FIPS-SLI-Fix-memory-leak-for-gcry_pk_hash_sign.patch
* Add libgcrypt-FIPS-SLI-Improve-__thread-specifier-check.patch
* Add libgcrypt-FIPS-SLI-mark-non-compliant-cipher-modes-as-non-approved-in-the-SLI.patch
* Add libgcrypt-FIPS-SLI-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-.patch
* Add libgcrypt-FIPS-SLI-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch
* Implement `hex2buffer` in tests/t-common.h for FIPS SLI testing
* Add hex2buffer-Factor-from-existing-uses.patch
* Remove redundant/reworked patches now in FIPS SLI
* Remove libgcrypt-FIPS-SLI-pk.patch
* Remove libgcrypt-FIPS-SLI-hash-mac.patch
* Remove libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebased patches:
* libgcrypt-1.10.0-allow_FSM_same_state.patch
* libgcrypt-no-deprecated-grep-alias.patch
* libgcrypt-FIPS-rndjent_poll.patch
* libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch�- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
* Add libgcrypt-FIPS-SLI-md-Make-SHA1-non-FIPS-and-differentiate-in-the-SLI.patch
* Add libgcrypt-FIPS-SLI-cipher-Differentiate-SHA1-with-GCRY_FIPS_FLAG_REJECT_MD_SHA1.patch�- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
* Add libgcrypt-FIPS-SLI-Do-not-run-RSA-encryption-selftest-by-default.patch�- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
* Add libgcrypt-FIPS-jitter-whole-entropy.patch�- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
* Add libgcrypt-FIPS-jitter-errorcodes.patch�- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
* Add libgcrypt-FIPS-jitter-standalone.patch
* Remove not needed libgcrypt-jitterentropy-3.4.0.patch�- add libgcrypt-no-deprecated-grep-alias.patch�- Re-create HMAC checksum after RPM build strips the library
(bsc#1217058)�- Update to 1.10.3:
* Bug fixes:
- Fix public key computation for other EdDSA curves. [rC469919751d6e]
- Remove out of core handler diagnostic in FIPS mode. [T6515]
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md. [T6539]
- Make store an s-exp with \0 is considered to be binary. [T6747]
- Various constant-time improvements.
* Portability:
- Use getrandom call only when supported by the platform. [T6442]
- Change the default for --with-libtool-modification to never. [T6619]
* Release-info: https://dev.gnupg.org/T6817
* Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch�- Do not pull revision info from GIT when autoconf is run. This
removes the -unknown suffix after the version number.
* Add libgcrypt-nobetasuffix.patch [bsc#1216334]�- POWER: performance enhancements for cryptography [jsc#PED-5088]
* Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006]
- Chacha20/poly1305: Optimized chacha20/poly1305 for
P10 operation [rC88fe7ac33eb4]
- ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES
on arch-3.00 [rC2c5e5ab6843d]
* Add patches:
- libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch
- libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch�- FIPS: Merge the libgcrypt20-hmac package into the library and
remove the "module is complete" trigger file .fips [bsc#1185116]
* Remove libgcrypt-1.10.0-use-fipscheck.patch�- Update to 1.10.2:
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
- Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
* Release-info: https://dev.gnupg.org/T5905
* Rebase FIPS patches:
- libgcrypt-FIPS-SLI-hash-mac.patch
- libgcrypt-FIPS-SLI-kdf-leylength.patch
- libgcrypt-FIPS-SLI-pk.patch�- Build AVX2 enabled hwcaps library for x86_64-v3�- Update to 1.10.1:
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc.
* Other:
- More portable integrity check in FIPS mode.
- Add X9.62 OIDs to sha256 and sha512 modules.
* Add the hardware optimizations config file hwf.deny to
the /etc/gcrypt/ directory. This file can be used to globally
disable the use of hardware based optimizations.
* Remove not needed separate_hmac256_binary hmac256 package�- Update to 1.10.0:
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649.
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification.
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[bsc#1190239, CVE-2021-40528]
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code.
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
- GCRYCTL_SET_DECRYPTION_TAG NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
- GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
- GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
- GCRY_CIPHER_MODE_SIV NEW mode.
- GCRY_CIPHER_MODE_GCM_SIV NEW mode.
- GCRY_CIPHER_EXTENDED NEW flag.
- GCRY_SIV_BLOCK_LEN NEW macro.
- gcry_cipher_set_decryption_tag NEW macro.
- GCRY_KDF_ARGON2 NEW constant.
- GCRY_KDF_BALLOON NEW constant.
- GCRY_KDF_ARGON2D NEW constant.
- GCRY_KDF_ARGON2I NEW constant.
- GCRY_KDF_ARGON2ID NEW constant.
- gcry_kdf_hd_t NEW type.
- gcry_kdf_job_fn_t NEW type.
- gcry_kdf_dispatch_job_fn_t NEW type.
- gcry_kdf_wait_all_jobs_fn_t NEW type.
- struct gcry_kdf_thread_ops NEW struct.
- gcry_kdf_open NEW function.
- gcry_kdf_compute NEW function.
- gcry_kdf_final NEW function.
- gcry_kdf_close NEW function.
- gcry_pk_hash_sign NEW function.
- gcry_pk_hash_verify NEW function.
- gcry_pk_random_override_new NEW function.
* Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename
to libgcrypt-1.10.0-allow_FSM_same_state.patch
* Remove unused CAVS tests and related patches:
- cavs_driver.pl cavs-test.sh
- libgcrypt-1.6.1-fips-cavs.patch
- drbg_test.patch
* Remove DSA sign/verify patches for the FIPS CAVS test since DSA
has been disabled in FIPS mode:
- libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
- libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
* Rebase libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt_indicators_changes.patch and
libgcrypt-indicate-shake.patch and merge both into
libgcrypt-FIPS-SLI-hash-mac.patch
* Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to
libgcrypt-FIPS-SLI-kdf-leylength.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
* Rebase libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-out-of-core-handler.patch and rename to
libgcrypt-1.10.0-out-of-core-handler.patch
* Since the FIPS .hmac file is now calculated with the internal
tool hmac256, only the "module is complete" trigger .fips file
is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch
to libgcrypt-1.10.0-use-fipscheck.patch
* Remove patches fixed upstream:
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- libgcrypt-fix-rng.patch
- libgcrypt-1.8.3-fips-ctor.patch
- libgcrypt-1.8.4-use_xfree.patch
- libgcrypt-1.8.4-getrandom.patch
- libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
- libgcrypt-dsa-rfc6979-test-fix.patch
- libgcrypt-fix-tests-fipsmode.patch
- libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
- libgcrypt-1.8.4-fips-keygen.patch
- libgcrypt-invoke-global_init-from-constructor.patch
- libgcrypt-Restore-self-tests-from-constructor.patch
- libgcrypt-FIPS-GMAC_AES-benckmark.patch
- libgcrypt-global_init-constructor.patch
- libgcrypt-random_selftests-testentropy.patch
- libgcrypt-rsa-no-blinding.patch
- libgcrypt-ecc-ecdsa-no-blinding.patch
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-ECC.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-fips_selftest_trigger_file.patch
- libgcrypt-pthread-in-t-lock-test.patch
- libgcrypt-FIPS-hw-optimizations.patch
- libgcrypt-FIPS-module-version.patch
- libgcrypt-FIPS-disable-3DES.patch
- libgcrypt-FIPS-fix-regression-tests.patch
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
- libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-disable-DSA.patch
- libgcrypt-jitterentropy-3.3.0.patch
- libgcrypt-FIPS-Zeroize-hmac.patch
* Update libgcrypt.keyring�- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch�- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch�- FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]�- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
* Add libgcrypt-out-of-core-handler.patch�- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
- Add libgcrypt-jitterentropy-3.3.0.patch
* Update the internal jitterentropy to version 3.4.0
- Add libgcrypt-jitterentropy-3.4.0.patch�- Fix reproducible build problems:
- Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
- Fix date call messed up by spec-cleaner�- FIPS: extend the service indicator [bsc#1190700]
* introduced a pk indicator function
* adapted the approved and non approved ciphersuites
* Add libgcrypt_indicators_changes.patch
* Add libgcrypt-indicate-shake.patch�- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
* Mark RSA public key encryption and private key decryption with
padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
peer key assurance validation requirements per SP800-56Brev2.
* Mark ECC as approved only for NIST curves P-224, P-256, P-384
and P-521 with check for common NIST names and aliases.
* Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
* Add libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt-FIPS-service-indicators.patch
- Run the regression tests also in FIPS mode.
* Disable tests for non-FIPS approved algos.
* Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch�- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch�- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an
approved cryptographic algorithm or not.
* Add patches:
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch�- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch�- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf�- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches:
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch�- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch�- FIPS: PBKDF requirements [bsc#1185137]
* The PBKDF2 selftests were introduced in libgcrypt version
1.9.1 in the function selftest_pbkdf2()
* Upstream task: https://dev.gnupg.org/T5182�- FIPS: Fix regression tests in FIPS mode [bsc#1192131]
* Add libgcrypt-FIPS-fix-regression-tests.patch
* Upstream task: https://dev.gnupg.org/T5520�- FIPS: Provide a module name/identifier and version that can be
mapped to the validation records. [bsc#1190706]
* Add libgcrypt-FIPS-module-version.patch
* Upstream task: https://dev.gnupg.org/T5600�- FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
* Add libgcrypt-FIPS-hw-optimizations.patch
* Upstream task: https://dev.gnupg.org/T5508�- Update to 1.9.4:
* Bug fixes:
- Fix Elgamal encryption for other implementations. [CVE-2021-33560]
- Fix alignment problem on macOS.
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch�- Remove not needed patch libgcrypt-sparcv9.diff�- Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch�- Security fix: [bsc#1187212, CVE-2021-33560]
* cipher: Fix ElGamal encryption for other implementations.
* Exponent blinding was added in version 1.9.3. This patch
fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch�- libgcrypt 1.9.3:
* Bug fixes:
- Fix build problems on i386 using gcc-4.7.
- Fix checksum calculation in OCB decryption for AES on s390.
- Fix a regression in gcry_mpi_ec_add related to certain usages
of curve 25519.
- Fix a symbol not found problem on Apple M1.
- Fix for Apple iOS getentropy peculiarity.
- Make keygrip computation work for compressed points.
* Performance:
- Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
- Add x86_64 VAES/AVX2 accelerated implementation of AES.
- Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes.
- Harden MPI conditional code against EM leakage.
- Harden Elgamal by introducing exponent blinding.�- libgcrypt 1.9.2:
* Fix building with --disable-asm on x86
* Check public key for ECDSA verify operation
* Make sure gcry_get_config (NULL) returns a nul-terminated
string
* Fix a memory leak in the ECDH code
* Fix a reading beyond end of input buffer in SHA2-avx2
- remove obsolete texinfo packaging macros�- Update to 1.9.1
* *Fix exploitable bug* in hash functions introduced with
1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan
functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version�- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch�- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random
generator with the options: only-urandom and disable-jent.�- Update to 1.9.0:
New stable branch of Libgcrypt with full API and ABI compatibility
to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
* New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to
directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448
and Curve25519.
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
secure memory area.
* Performance optimizations and bug fixes: See Release-info.
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
- Add mitigation against ECC timing attack CVE-2019-13627.
- Internal cleanup of the ECC implementation.
- Support reading EC point in compressed format for some curves.
- Rebase patches:
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
* libgcrypt-1.6.1-use-fipscheck.patch
* drbg_test.patch
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* libgcrypt-1.8.4-fips-keygen.patch
* libgcrypt-1.8.4-getrandom.patch
* libgcrypt-fix-tests-fipsmode.patch
* libgcrypt-global_init-constructor.patch
* libgcrypt-ecc-ecdsa-no-blinding.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
- Remove patches:
* libgcrypt-unresolved-dladdr.patch
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
* libgcrypt-CVE-2019-12904-GCM.patch
* libgcrypt-CVE-2019-12904-AES.patch
* libgcrypt-CMAC-AES-TDES-selftest.patch
* libgcrypt-1.6.1-fips-cfgrandom.patch
* libgcrypt-fips_rsa_no_enforced_mode.patch�- libgcrypt 1.8.7:
* Support opaque MPI with gcry_mpi_print
* Fix extra entropy collection via clock_gettime, a fallback code
path for legacy hardware�- Update to 1.8.6
* mpi: Consider +0 and -0 the same in mpi_cmp
* mpi: Fix flags in mpi_copy for opaque MPI
* mpi: Fix the return value of mpi_invm_generic
* mpi: DSA,ECDSA: Fix use of mpi_invm
- Call mpi_invm before _gcry_dsa_modify_k
- Call mpi_invm before _gcry_ecc_ecdsa_sign
* mpi: Constant time mpi_inv with some conditions
- mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
- New: mpih_abs_cond, mpi_invm_odd
- Rename from _gcry_mpi_invm: mpi_invm_generic
- Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
* mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
* Fix wrong code execution in Poly1305 ARM/NEON implementation
- Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
* Set vZZ.16b register to zero before use in armv8 gcm implementation
* random: Fix include of config.h
* Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
* ecc: Fix wrong handling of shorten PK bytes
- Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
- Update libgcrypt-ecc-ecdsa-no-blinding.patch�- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
* Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
libgcrypt-PCT-ECC.patch�- FIPS: libgcrypt: Double free in test_keys() on failed signature
verification [bsc#1169944]
* Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch�- Ship the FIPS checksum file in the shared library package and
create a separate trigger file for the FIPS selftests (bsc#1169569)
* add libgcrypt-fips_selftest_trigger_file.patch
* refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
by libgcrypt-global_init-constructor.patch�- FIPS: Verify that the generated signature and the original input
differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
assembling the Q point from affine coordinates.
- Refreshed patches:
* libgcrypt-PCT-DSA.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch�- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
* Patches for DSA, RSA and ECDSA test_keys functions:
- libgcrypt-PCT-DSA.patch
- libgcrypt-PCT-RSA.patch
- libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch�- FIPS: Run self-tests from constructor during power-on [bsc#1166748]
* Set up global_init as the constructor function:
- libgcrypt-global_init-constructor.patch
* Relax the entropy requirements on selftest. This is especially
important for virtual machines to boot properly before the RNG
is available:
- libgcrypt-random_selftests-testentropy.patch
- libgcrypt-rsa-no-blinding.patch
- libgcrypt-ecc-ecdsa-no-blinding.patch
* Fix benchmark regression test in FIPS mode:
- libgcrypt-FIPS-GMAC_AES-benckmark.patch�- Remove check not needed in _gcry_global_constructor [bsc#1164950]
* Update libgcrypt-Restore-self-tests-from-constructor.patch�- FIPS: Run the self-tests from the constructor [bsc#1164950]
* Add libgcrypt-invoke-global_init-from-constructor.patch�- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
* Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch�- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
* Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch�- Fix tests in FIPS mode:
* Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
* Add patch libgcrypt-fix-tests-fipsmode.patch�- Fix test dsa-rfc6979 in FIPS mode:
* Disable tests in elliptic curves with 192 bits which are not
recommended in FIPS mode
* Add patch libgcrypt-dsa-rfc6979-test-fix.patch�- CMAC AES and TDES FIPS self-tests:
* CMAC AES self test missing [bsc#1155339]
* CMAC TDES self test missing [bsc#1155338]
- Add libgcrypt-CMAC-AES-TDES-selftest.patch�- libgcrypt 1.8.5:
* CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
* Improve ECDSA unblinding
* Provide a pkg-config file�- Fixed redundant fips tests in some situations causing sudo to stop
working when pam-kwallet is installed. bsc#1133808
* Added libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch
* Removed libgcrypt-fips_run_selftest_at_constructor.patch
because it was obsoleted by libgcrypt-1.8.3-fips-ctor.patch
* Removed libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
because it was obsoleted by libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch�- Fixed env-script-interpreter in cavs_driver.pl�- Security fix: [bsc#1138939, CVE-2019-12904]
* The C implementation of AES is vulnerable to a flush-and-reload
side-channel attack because physical addresses are available to
other processes. (The C implementation is used on platforms where
an assembly-language implementation is unavailable.)
* Added patches:
- libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
- libgcrypt-CVE-2019-12904-GCM.patch
- libgcrypt-CVE-2019-12904-AES.patch�- do not try to open /dev/urandom if getrandom() works
* Added libgcrypt-1.8.4-getrandom.patch
- Drop libgcrypt-init-at-elf-load-fips.patch obsoleted
by libgcrypt-1.8.3-fips-ctor.patch�- Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that
was partially causing bsc#1131183.
- Fixed race condition in multi-threaded applications by allowing a FSM state
transition to the current state. This means some tests are run twice.
* Added libgcrypt-1.8.4-allow_FSM_same_state.patch
- Fixed an issue in malloc/free wrappers so that memory created by the malloc()
wrappers will be destroyed using the free() wrappers.
* Added libgcrypt-1.8.4-use_xfree.patch�- removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking
libotr. bsc#1131183�- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
are invoked as well as the state transition, adjust the code so
a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
* update libgcrypt-binary_integrity_in_non-FIPS.patch�- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
* add libgcrypt-fips_rsa_no_enforced_mode.patch�- Don't run full self-tests from constructor (bsc#1097073)
* Don't call global_init() from the constructor, _gcry_global_constructor()
from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
integrity check instead.
* Only the binary checksum will be verified, the remaining
self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
by libgcrypt-1.8.3-fips-ctor.patch�- Skip all the self-tests except for binary integrity when called
from the constructor (bsc#1097073)
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora�- Fail selftests when checksum file is missing in FIPS mode only
(bsc#1117355)
* add libgcrypt-binary_integrity_in_non-FIPS.patch�- libgcrypt 1.8.4:
* Fix infinite loop with specific application implementations
* Fix possible leak of a few bits of secret primes to pageable
memory
* Fix possible hang in the RNG (1.8.3)
* Always make use of getrandom if possible and then use
its /dev/urandom behaviour�- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch,
libgcrypt-strict-aliasing.patch: Remove obsolete patches
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff
- Reenable testsuite�- Update to version 1.8.3:
- Use blinding for ECDSA signing to mitigate a novel side-channel
attack. (CVE-2018-0495 bsc#1097410)
- Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit.
- Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms.
- Fix the gcry_mpi_ec_curve_point point validation function.
- Fix rare assertion failure in gcry_prime_check.
- Applied spec-cleaner�- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
are installed in the right order. [bsc#1090766]�- Extended the fipsdrv dsa-sign and dsa-verify commands with the
- -algo parameter for the FIPS testing of DSA SigVer and SigGen
(bsc#1064455).
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch�- Use %license (boo#1082318)�- libgcrypt 1.8.2:
* Fix fatal out of secure memory status in the s-expression
parser on heavy loaded systems.
* Add auto expand secmem feature or use by GnuPG 2.2.4�- libgcrypt 1.8.1:
* Mitigate a local side-channel attack on Curve25519 dubbed "May
the Fourth be With You" CVE-2017-0379 bsc#1055837
* Add more extra bytes to the pool after reading a seed file
* Add the OID SHA384WithECDSA from RFC-7427 to SHA-384
* Fix build problems with the Jitter RNG
* Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)�- RPM group fixes.�- libgcrypt 1.8.0:
* New cipher mode XTS
* New hash function Blake-2
* New function gcry_mpi_point_copy.
* New function gcry_get_config.
* GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
* New gobal configuration file /etc/gcrypt/random.conf.
* GCRYCTL_PRINT_CONFIG does now also print build information for
libgpg-error and the used compiler version.
* GCRY_CIPHER_MODE_CFB8 is now supported.
* A jitter based entropy collector is now used in addition to the
other entropy collectors.
* Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
random pool lock).
* Interface changes relative to the 1.7.0 release:
gcry_get_config NEW function.
gcry_mpi_point_copy NEW function.
GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro.
GCRY_MD_BLAKE2B_512 NEW constant.
GCRY_MD_BLAKE2B_384 NEW constant.
GCRY_MD_BLAKE2B_256 NEW constant.
GCRY_MD_BLAKE2B_160 NEW constant.
GCRY_MD_BLAKE2S_256 NEW constant.
GCRY_MD_BLAKE2S_224 NEW constant.
GCRY_MD_BLAKE2S_160 NEW constant.
GCRY_MD_BLAKE2S_128 NEW constant.
GCRY_CIPHER_MODE_XTS NEW constant.
gcry_md_info DEPRECATED.
- Refresh patch libgcrypt-1.6.3-aliasing.patch�- libgcrypt 1.7.8:
* CVE-2017-7526: Mitigate a flush+reload side-channel attack on
RSA secret keys (bsc#1046607)�- libgcrypt 1.7.7:
* Fix possible timing attack on EdDSA session key (previously
patched, drop libgcrypt-secure-EdDSA-session-key.patch)
* Fix long standing bug in secure memory implementation which
could lead to a segv on free�- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
* Store the session key in secure memory to ensure that constant
time point operations are used in the MPI library.�- libgcrypt 1.7.6:
* Fix counter operand from read-only to read/write
* Fix too large jump alignment in mpih-rshift�- libgcrypt 1.7.5:
* Fix regression in mlock detection introduced with 1.7.4�- libgcrypt 1.7.4:
* ARMv8/AArch32 performance improvements for AES, GCM, SHA-256,
and SHA-1.
* Add ARMv8/AArch32 assembly implementation for Twofish and
Camellia.
* Add bulk processing implementation for ARMv8/AArch32.
* Add Stribog OIDs.
* Improve the DRBG performance and sync the code with the Linux
version.
* When secure memory is requested by the MPI functions or by
gcry_xmalloc_secure, they do not anymore lead to a fatal error
if the secure memory pool is used up. Instead new pools are
allocated as needed. These new pools are not protected against
being swapped out (mlock can't be used). Mitigation for
minor confidentiality issues is encryption swap space.
* Fix GOST 28147 CryptoPro-B S-box.
* Fix error code handling of mlock calls.�- libgcrypt 1.7.3:
* security issue already fixes with 1.6.6
* Fix building of some asm modules with older compilers and CPUs.
* ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
- includes changes from libgcrypt 1.7.2:
* Bug fixes:
- Fix setting of the ECC cofactor if parameters are specified.
- Fix memory leak in the ECC code.
- Remove debug message about unsupported getrandom syscall.
- Fix build problems related to AVX use.
- Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
* Internal changes:
- Improved fatal error message for wrong use of gcry_md_read.
- Disallow symmetric encryption/decryption if key is not set.
- includes changes from 1.7.1:
* Bug fixes:
- Fix ecc_verify for cofactor support.
- Fix portability bug when using gcc with Solaris 9 SPARC.
- Build fix for OpenBSD/amd64
- Add OIDs to the Serpent ciphers.
* Internal changes:
- Use getrandom system call on Linux if available.
- Blinding is now also used for RSA signature creation.
- Changed names of debug envvars
- includes changes from 1.7.0:
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
architectures
- update drbg_test.patch and install cavs testing directory again
- As DRBG is upstream, drop pateches:
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
v9-0007-User-interface-to-DRBG.patch
libgcrypt-fix-rng.patch
- drop obsolete:
libgcrypt-fips-dsa.patch
libgcrypt-fips_ecdsa.patch�- libgcrypt 1.6.6:
* fix CVE-2016-6313: Issue in the mixing functions of the random
number generators allowed an attacker who obtained a number of
bytes from the standard RNG to predict some of the next ouput.
(bsc#994157)�- remove conditionals for unsupported distributions (before 13.2),
it would not build anyway because of new dependencies�- make the -hmac package depend on the same version of the library,
fixing bsc#979629 FIPS: system fails to reboot after installing
fips pattern�- update to 1.6.5:
* CVE-2015-7511: Mitigate side-channel attack on ECDH with
Weierstrass curves (boo#965902)�- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4�- update to 1.6.4
- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Other minor bug fixes.�- Fix gpg2 tests on BigEndian architectures: s390x ppc64
libgcrypt-1.6.3-aliasing.patch�- fix sosuffix for 1.6.3 (20.0.3)�- libgcrypt 1.6.3 [bnc#920057]:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
- update upstream signing keyring�- making the build reproducible - see
http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html
for a very similiar problem�- Move %install_info_delete calls from postun to preun: the files
must still be present to be parsed.
- Fix the names passed to install_info for gcrypt.info-[12].gz
instead of gcrypt-[12].info.gz.�- fix filename for info pages in %post scripts�- libgcrypt 1.6.2:
* Map deprecated RSA algo number to the RSA algo number for better
backward compatibility.
* Support a 0x40 compression prefix for EdDSA.
* Improve ARM hardware feature detection and building.
* Fix building for the x32 ABI platform.
* Fix some possible NULL deref bugs.
- remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream
via xtrymalloc macro
- remove libgcrypt-fixed-sizet.patch, upstream
- adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change�/bin/sh�libgcrypt-32bit�libgcrypt20-hmac-32bit��������������������������������������������1.10.3���1.10.3-150600.3.3.1�1.10.3-150600.3.3.1�1.10.3-150600.3.3.1�������
����1.10.3�1.10.3-150600.3.3.1����������libgcrypt.so.20�libgcrypt.so.20.4.3�/usr/lib/�-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:37939/SUSE_SLE-15-SP6_Update/a9ba8262a3ae4922d7c5c71a5acdd0de-libgcrypt.SUSE_SLE-15-SP6_Update�drpm�xz�5�x86_64-suse-linux����������ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a5bd28d4fd93e594dc654ae1bd5e05724971f86c, stripped������������������P���P���R���R���R�� R���R���R���R���R���R���R���R���R��
R��
R���R���R���R�������utf-8�e742531507e9ed9ecc0ef3acd9320e1a4e2ce6b594b8b4640bc058de8c0ed625���������?��������7zXZ��
���!�����t/4]�"��k%fk�)_�þ���Yxg^@H�;'Cqv͎Wv/\VE�J_lbGy�R }�\FT#A/�d�9�z#�S�!Z�k~D/muFe5s]Zhu�yЋ*9_�]g5�.WGJG?9zo-n�gv��%u>Iҷ 9vTHl_ؖ�}eZ:ж~ArV`$�m?"��$NbV|6��{,`%�cp9j�q.N|{l���d�h|L`k�<�}d6ѽ1>Z`5d��uyѿ\HoHfYF&F+�Mܱ�§WQՊDU�MB=�ԼU/P#�&ل�ښGeZ�qgd1DYDJ0�GJFA=4Љ�H�2u�)Ã�@XiB?l T迕�m__4�K`�Rwuq@uȰR��w̩1Yj�oTEϲ�E�؟"j��\KhqCÖ3_J(ۤ2�J��<ĨY3vp5=ܩ�N=[,P`I&`K\"䈻h��bP7cdMU�qڝ�;Hz�FC ÇU(pR�`XbD�ߵ)g
$G�r�0�4�wF��$ 8�OB图�-��^qdw
�R%Aěψ�GtHQ�-z[p�d3zo�PJ/ΞQW}DȤ
MW08;D�ױbHk0(hFBR%`:�&CEm}�.�]ɇ�=�{;]�O�5�c3j4�J?#�v;x\�뢗� 䖆6lg4tBTT+b]!wCUG�!hp}=-洞333N�EIJDt;jqؓԡJVZ�_�s4j\<0�[yT�AU?ɏ2{l?y|Qe�_�ˀ���f/;� �*eYG�&Ϛcgî�osެ�5ec]-U
.&8
:5#m�=u'v8 ��oEe!Ḅ�*Ҧ.O{Xp�2i�QTIZ�} & Krz-| =�o'&Lт�s�
Q% _.qKW���t����y;Lh`nrÞo6}?F솆{Y7'ۢӸ��XU{¥�h[
�M(An".��.hS=yM�&-?{.u;.:3sL�ќ'V\��Ն�J�q>\lii�9s܆�lg'0%QG�ʃ�c�YPvBȟ��:K��� |
ԁy��L�GkQ(1ZK�q[�>:V慝
fbz�߶I^x}�+��G|�0&��jj�F�r]Q*<]&�l�Y,!Į|KE8DILC9ӆjC�4dNw\~ҵ�',�sC;�b{(�jyMڀ`�HAsBTQ�{TpvBI�dzp7!rɾ]~G��O�iૺgv̤;%Ic�`�>螬2i�l�KѩZt\�CX^
�s��4N�uR5�vB.�huSg[��l��`�6�9A<�Y!+ASK9ǐ7\�e��k�Y�� 9,҅�.�|M-
�`tO
B֑^�NY5��k,��.@b�;C"h�(`�~�Q. 1zõLk�]0$Ic>ף֯L�
�_?!��)MN��sn8X�H�'H��;]o/kZeA�(<(C�oe)G?��@@�5ot�Lx%M`2jHC1S�>ב<
nY0|A"|t�e(`|uяPDkuz^t�Fu*Ux氕3�ӏ|L?I1��n8bSTo3��kofr
^rM1{:1@䳑��0J�Pww�r&�}[ȋ,�`
��mF6}&|��[ɩzIk�\a$�HB�xI, Wƴq'?��o>�!�ԋ`7�m�qFX's0(U�nET[��}/�Ke&K�>`P�UF��`�>�>69*;zSX1U�#e0cG�ìDե]VD"�)^92.7,Ov_C-\ZCEM;18f)wa�1��Utw�t}l\�,b�'�>Z9r��Xp�8�M�`|}e6�*̝lC"q^W��i;C-BTz�E8ƣY�,V�gL�>Ԙds0pY�tUp �-r�,Vh�ޛSQo_�LI � �,�f:+~榘b\D�]rju_���
�J�AVfK�6h=�x(
'՜QRNL)WiY:k�*8GK7��GOU��l)І��)R?\1�;x�
27k!T:N#lM@�!]{��]`Տ�>h��|\2/��aXE!UPɸ �&�ߝ'88�lY<�r�J$E+*#t�mk X2̾y:�J20b�~Ǿ7Y�%wn$�b`@��I3�d#J]gmH�1`Namx!#�-;H$�����
G֑j�R��:t\�جoD���C
74P:g\>\3z2uYfHIfJ�'=/k@�/e*V�6�W~tW[Z>,@uvQF;l�Im���C5�50�^���;�G� �D�L ���c�F
�=v��ז5�FM�0!ۅ(4�º}��O�9M>�/~c)3��t?�(B�ET�g&8R>(���홋VJH�4�L~�7���E^�ϩ%!El�t�^6�iUL�
��ٝ%X6[Iƴ
Viz b2/Uv�T4~0Vf2�N�AZO(^&0?ߨqˌ2#nu5RIg/D/Le4�v9
H]ϐ6ь�vd&W^��R\��V�r:[e���EZJ�j�hek+m?�TT@J+^L�a3� I
_�`C'E
;#3JA:\N^��I�ZZ.+jJh
�D>㺾I�ܸq]^�6�o�D��,��UKbFLX�T�5m'.T 6SwwI+yɞP4V�1,?EI9#�4ؐdce�(�&L�6;sRY`V"%�PfCֻ~C,M�M*b־ �u)��`?l{e�gʐ�cIdUY2k�rq�¹u>:���o��$���*{OP�A�~t�S[:��o�eë"�P\Bbo;]7`*\awӔTV=Y{�?ҕ#O[�=Q�6W-F0}$g�O
S'��]��%Ģy#�Y.`;�C2;�.5Si0h%-i$ࡲ�H7�U7�oő�0ho
�٥�J/n�㥨}ܰ
�@VF�UB@[e��B.�Մp)�(��cnWD� �W,1c��䠗�Wؗ 6dQ&Ki:獣�Y`ok2v*�
�-I�:�ГG7(\F0^'^V7��3�v�jPQv HQ�HL֦`O�\w
(K��4c\1B'b3�Q�6�*{ۋn�OF)'L..Jm'Q0pG�co�b6X{�ص4;dV.ѓd1�!cɪdH4p �.��d�vˋz}q-�x�HS�)��{@亀R�!$ޤ�jY�� r2/�J��E \&V~��
,�̦�#SWj/!)j8Z �7#@FO�Q�_#UD�$bs,��$:n�a*rҖ ۲Dnf�T,A0v8ރO-8q#8aQ(8���ȅ\�hx'XS��/!9z9qF[Fbg
��v74]�dA+_���Du�p��H�:~2�cA=+�Ԝ3��Wq_lQnWk=`�G�kmc`�D��cg[^u
+S[QGiU�T�13�8ZCkP�r�}x"l��&@B�}�~��Ӆ�\ٜ�Ak/ :x��gbN+$>Wp�K�.�챃<�Xv鎽��c�7�;k�u,�-ɝ���ٷa_+29eS--ɵ�~~���_P>_0��z9
i#ϻ���8<#Ax8b+.=|P�Q05>͝`}�!<>%\YV��δIY0�"X>g�:^pin%MJ}V^6uk[50_1Ub� WwR3:4�w)^嫸Bc/Ƒv:(���!h��HkY�Y"t{Tv$jg�e2s
mFv_z%5Q֫�-5�'(YV�áW
-k:7w1;n�nݘ
�$�ݚePD
'��.2�6���Ē�J_ƹ50͊�y}�-r�DV:8t4 ;��b+~�r�^�TBDJ��Ntu{�sd7QqcO x`A
2yER�鄐WN;RC�N!;bSMAD^� (���~ӣ�*�_�Ws;hQ3�o�-�iN4��O+#-Թڲ�f
80NY;b4:.u�:��k@%zU�SYw�T:vXo�X� ��Le u_p1�%FܞΈΕ]{�F ���)֟Q�_.Gj>c 4f># 0�܍Wrv~�uY:Y$W�SV .]nq�okO �*n�2/ (enƅ-6$6{_(Vr��qO;&_-s*��0R��3�@/<`&sAV\"wtV�ቆ^D/t,_�ypɀ?t6ǀ\V1{46ahnL�|˛(8ݪ 4�<�|�[d��y��/hO�b�bu7l%�W�O2=9I�6*2/-{hl�K�Oj4pi<-EJ8bPzS5y2�S�O��k�nϘpͨxd�*r%gMrXh�@+�|'���&Jzkl�?L�ٵ)�2j2]����=c�6hU��շI? w�cjVl�{F��?چm]�r�և��j
ʹ_OQrǃΩ-S{34�Ȁ�V<�}@!��,�w�,�$U<1+$Ra+]�5 ˩]4gDr"�;
覓
_�q�Q#�w^�N�^%scZE@�8ǻaĪ�P��҉b�J3˰m`q�G�G��+SfؠXS�j�<;�Ic\%v;by3UI[S|k%vܹ;S)%ڴIn!CydLh���Wg+6]sM�/Lg�.J
�[$S
��&
|�h5��.wZwbzoN�c6�U礷otTa�F���Պ� �)g &OO:�d
TwKۍ#=V1� tmU+TC�CX<[SH��O}��=q�Z.83�F'3h��ۨ�ԩ}W�>?;=�h�!�~��:�(�Ioh2f1 �d'@RVPSZ~�?Q�=ߦxVHP4E[Rku'u�'0�ۅ3q(g+�0K�>jo];DyT?�L� b�l�QI�}WTb� �� #$��dG��g68�^}ᄽLu�1|(�Ԫ�+�,f#W?z[_aA�O�Ji'XAXO ���^fW.`ձ<^-^ad.B>/.qO.�WO�%}4`GE�tB'���52ҟX#Q9Z�'��N��up}2voc1.kLs8ԗ A5
�VIuG{(?˖d?.a�oY�˪;
X�W>3OV,^��
6yƹY� KUL �?㰁>�YΓ �;〝��.�"zi�r/�F�b6��1wS�D�{KR�C�*4�J�7R1>�4R¢�Č<ǪmݽPz?F$K�|�SCV�_,g�k��d�} /0#~V]xXb4RGZjM1�AV\!O8y>av b�ieLGPs8SkQ$"O:!/�,U�w=LJ�f%v\�/f+Un<���x>��y\�IOS\ƂH�e�F6K}NS��3d[qVZ0Aw�D�GI9�J�sAbC3�Uo2FFtq*dyӺt
�./ۥڕHB�0SB� _hv$�U/Z!p}�AJ�Lޖ`MA|<,O�,�"�`�=i}�i-O�Uw�n30"Yu����\���~sYg4Z~2�E
"ų)ѭPA/5i�:��
.�\jё�y�Hu/���rº�m3HQxJs�L6M�Kc�䘝V@"Ȍ[�?s�T,�-{�LVUUՈ�ۜ#lm !ZBZ7랅ld�'�4x6(IƷJ�K[ϸP�GdNgT?#e3F���MVA9��Rȳ�WR# �l܄V�sytځR�C=($[�e98�d 1�ݣ⊇XQ�@�90GE��!h(U^�-b{3wH'b�JP �Nvu�I
e-Qkhq�_oL/
u`m��em$�͞�;Ğ68@/ `�c#ǿ^`;`̄#�Q[�^
8k�h _7)[WRh��+#l�P,NMvNKL��,At<"'\gGљb�,xёcX}+>PJ�VA� L�ht/DDd(t#.Bv1畨"a�V*��M��3�^CI]TΟz-|99"*B�<$�9�\F>$[�éfڣ�ov=�iqmM�I�M�z-̺.�Bܵ'yN:~сk%RF�t�@H5P��Z9N�l@�5,Nۀx ѤODei��{+tZ*�R
iFP�{ʫ|�M�Xe�T<2(
�? vk5�<}+>��r|nhAKA�9dwך'�0L$:rO£�m6@rN'}�Kuc��:Z6I1�D�s��b*(�FL!��͏bg��ăEiK��Ej�'zU?X��W�C7>h�E�Ԗu:R1:Nz4\.IV`|��3dsgU�]@h%��֎�@3kHe�0\s>h�X?I0A3|5j�rMG�Pv8;H
d5vͱb{MW eGg](�Hb1R�岕oj~}cO��g���"jH]6�=�/hE]it0M$6�x�!��HiȬlvj�5�+|�z�V1��C<`ojy1g�3`w mnȹ��=P�K7.߈`^��4:8]A
-Ǯ+3h�\�Y�vt5µ
�<*o%�Q�?)�\v_Uҭ5�l,4�s��~RpER2(��N_Z�4ι�t3h�JbX5�
[���� o<}}Q:īLᓕg0[DR�qɽ�^spX4'lyG=��s߹_%Ԇ�|O�16T�T]�ƉW:wjyEd^jas��m%�1)�N"PPh�3%S^t�Ax��p�W�1ʸ�.&iȵZ��L9gkҦFKE2qbm%��a¢@�^�fO$;�+�5ț1�t�ͤϷ�6fS�LSylzL��CS�V�w�~�<͖TAS� ,ϼ'*�{,V�n@t-M�z"fiIo�M1Z) i2�|#Aq�][v߾qe�
�X�7LN�n-s��UY�M^2� ż�
Q�
Kꐲ�E�н>���:Ǔ!�o&%^V3��YxJ6S-��܂!Yq�\Wϥ\�>�J|z5TN[O�JE�9�R궶sga߃ ]
T
w�&b�m]G�51�o+]~S
]_5U ��LzГ&Bd߄B�Ord��B��uhw\;b�Ҡ8|)qs�O}u7&a�o}O�E>�!�B�eK8� /XW:a�RW.F��`A�Hv)Vt2th{òs4K17ىn)dO==#1�:��_f^]>㊧n�¸�7C>�zfuNe
H�8�8���(/
]0c;r<�=ZvOd9_y�f@�z�7�r�:JQ[�{ΐ^UPTP�Ef˘ѐ⌨.;0w~lltYW)Dx䷩�4P�
dfL5j�r�y���`�b�uF@NM=3i' V�IVv}<.M�i\;�i�*9`���_q]u2_�"{��ֶMW�1�ީ3q:��otX}�(�ub^�H[#9<-S 睋c?`�;T*|!mdvGz�qQ&/>nj�B[Dr��~�qp�UHϓ=f�,0'1ր���
<=e{4}�ԾX�CA|�TV(S)q�QJFUD@* ]6�u����?�A^��"YD: ��]b�X�)L30g_w�L{u3ou�ؼVz3ȶyN�*c����i/�ߐr6:"پ��xeQzy�U# {u%(H�Q3y,EQN-I�IG@z�-�n Ruf֝6fCtFқs,^\�jb_u4�C�e.o֍�h`Vbe�;�{>Dюҩ{NEi�<+/;}�/̲:�Q5^W}\Pj ��[ܴۯIw�4'�ѭd�&5"5@^QqJ P1Fa>eG@�y�l�12p2n��H&wDy�i%[v`$�!k�~I;HoH3] ڶPLeqw(:7BȷE{X�GpD?#i&[L�ZM���" OTR���"&t-/�k;'�;
KL�ځ�,H�x|qC�^%5(o16㭁#��ch%#żz$(W8~_Mϯ/u˜�4ek9�փO��̤8-0}pLUxأ�H[�dW]�dVok|��MJ�ɔ�[ͣa�җD%�4���\)�*R!2QW0;VO4챱Ko08�*�%sv0
5Ҷ9&/8XզҤbmsVb��~�;$3xV���k��^:�z-�7�De"V_"F�w�\%V'�
K%vsh,Ad���95ǏDb�%.T)gIK|ցَ3ey�h��T�Um?�� �ڻao~g-x� ͝uC�3}3V�m��[E:'�MC=<$C2D5$@c(s�N+�?�O{lda9+0{l�OD|E)8XF2sJ�a�1Iٿ��+_ Dr~)씮p��i\+R�eDˮ��ĜLp':~�Tqq+�ʽ>WƓ�jG`ަk�!��ьh*
�RZ\oY��Nx݁gE��+KSq�^ZHk��e�0�U1$Sm9mpqO1�d=3y1Ƽ_L7�IG/�ѥ}f&>mH%S?B&F5�ܗ ك##W�NFs~�]J�S�r`��1i%I/6!��C"FV`q�Y$F=j90mv
P5�5evVd
\'Kg['|HsgxO�Cd%6ɞG�!#YY�M�:#�?G%�zo>M<^[+�oK-D|.t�{j<2 \ª�X�N�DGEkcsh��8A�9j.dvJ3}]9 g|D�46᳛ta/ds���9�-m? ���{
�s=;x̬nI{9m'H?��wbL�%b8$POQ�{̍sq-|�23Ė`�dP�HSv6��9��^WA�͒6?y4�4�,;��k�"y^`wΘY�Nyxn++LDvñ�v[Q۫Gc���Ԕo5[}ؓ1;`91�@ՕTZY�
V��,k�#2
δ#|3RŊjUcl0mȒ�5i�gGi_ݟU`� `+VgO�aMT�d�Wܘl���gJ1W�u7n\6D2vK��rS=_8Ts9r�;�ӄ"&MX�n|9Q?��AD2 @~#V�};V!*63}_8ӓQ�U�A�|�W�t��:�X֣|HN?שּׁ�5ۆBB[:$&[Fl!~)ͤ?Vu?3�blVV'M�ȱ]h ?
��*Vnz+��Ad�l�6n��^?$u,&/d�ymU|�PKa�V}9f�Ĺ1�`'P]!�EƋDAayqS=yѦ^~KRaM�zw96�ă
��=1W�\Gq�K�]�k+ ޝ|ײ~i,���jN7hsI�H\AN,mk{uo��n>S+Y0MҐ��su��V5(P}�}RǷ4<1r<�Vlrp(ٳ!aM;ϛ�7�{�Is�?"O\�D�,sK!��mc.MZ2HCcZU-B/12�J({d~2X����_{SL��j
Ӂ)l@m�µڔpMѩ%9V6`ݻ["햔Jr�hoe!�Ccu#)J]ǰ~�Yy=h 9tU1���LZ��9u#Pno�UORx84Pu�áV.%œh韫[O|fW�X},tp�Wаok5nÂoAz?��:�r:d@m<���F^5pm"T�ÞɤSZ)=T
�;Nv�J�Mn?>g�':fdHR�_�L!::Qغ�Ƙ�I7C�(=B�Ly� Fr4Ɛ[2uꡐ1wLܲמ�1n �y�Y|%7tbI
MRD��K[*~�pXH�WƧ4ynqi�bJoF�PuwE6p/fu��ο7U�$ls
�[eBx~��p.>V���!|T�_�WLUI+y�VEztB(V igiwwbH,8�nt4I$�)hCԵOWy^wr?)f}���]j�C?e)/:�-;8��,5(;?8�s@�jCIv2�W25XDY�bR-/W��`0iV~LWnmҫmFhn��TZ�!�w�hlOX⮷$F�~ND6IgC��1*�SFz4�3\3n?)REu��
�Y�6lq6μםd�+y9C�VL[P;B#�~U1zݡ
�Fca
&&?�W�r5[Du{e,oT8��e3~�@E�"³Jp0Џ8ռ9Lͭ,'mL�9�=T&yNԊ����jHRd;��'LCb��q̼�iD�,Bd�81C}iUvm8{5V>Ra..@@?IlXwiˣ�ך�=(V3Ă$tFu�Рރ$凇3Iq;)Ply둔)fHP��D4K�
j1�N_KtFw>} tlE 3cN݁c.��L~E�}wIwn�ي~R�)ڽ2/F��t=ks�(2_ϣwXQG���ブ/��C�k\w�FeQ�WSIएv0Ԥhmj�J4/��yԨGftx�inq.E�7ř�rsD,'vp'h^�qo�F~�&pT�0s�e-��.S�tP�� ˵�ædgcRR�D9�dY��;��wbhP�+u<�,,i_歽
�xaHb�1{
U\6�l�x
��:Pyt|�AyeCy�(\9Awu�e�>
lP�K]E,G_�zg+Zr?PČwf;#֛N'@캮D2*�2xN�>#&_�rS1>:n���=x1;T,$T!>zk!r`
9��P} l;\ғ/s;#X��|(M+�rf�[=HZ�VI�b�aeAP쬝5%)h;�'%^d��d&;N1��+b+K�j/ !oU�G^:S7T�W7PG2|+�yŨ/+`20͵'7T�hw{5Ȣ�/��`}O8�B�KD��gK"�nJZ6cKg{�^r�q?mF�MuQ�h4X8N�ng� ^>|f M":֡;}*Duk" @t{hHhN�_a�WB2&Q:>Ƀ[�Q-38,1+β]�UN]f\8Na|B4�X+Osg.��ƺ��JZԥ�F+i.z���_\��3 W(}QGp9 i�
�
=9
/s+"JO�U�/*��Z2� �ޮ7"oJP1{�?5W^s�ah,RvG8i%[%�
z )&=� E'S=]CkI=�Qj� 8Ja-�~MwĂB�Ta5W(�/��2{�тϲ�UX)8iN�DU6g*5!o >+�@`]HwDS_8H3E��Fn�EݖG�K5MgU NpH%�ݾmΎP�EW*wM}�j,2wKx�Se�W�R�x��ps~+qrP4&`|%��;!*�K52�f
J�\]�x筮BR^��A�EUVeeA$T
PX'u�'�EvCW(�hʉA&�Irp�ow˶(*mWfγE_]l��&/)>3G�|��xPt_�dY]*O).~S0_M3e�"\L,jdF7F*o�u��Sv[NiC-�
]l@s ��4vK� ; }ۖ1�𣡹&l3�:kIz~@H��|�f��xtO�ռG�#��A0[.>x�>>Aal3ee|G��$ r{-HgA|pļn}_P��ƕzm'�p)>U1K2\u?L!;Zi=prO�Byi}$-+gbj\
2��뇺Iᣘ+yn�0I�t����߱m7|���/v*Q�\=k#_=
w����T3bIT#xl,~֗t7o�4�>BiݾH��kg#�n_lq)���+QQ&�U�le�Ic@aɩ ͪW�leK�! ǾJ�Nf1.7���6`!El�ȠRjXy�փL��,)-
�^�5hB9�6Kul!|�K\Rk�l�e�[��
w4Z$ee�R_�\�zD2Pyq�=�w
'vۉ"Rlv��_g:[xJyN]�E�Mt<�s��"U䚼:iaVG�sFe"�tPKu�D�|��.87%ݫF
"D�>qVk�v9z�Zg��'$`k�b i�H�
`�cKi266ΧQ'Z5�&V}ķvC`���;�e7$N>[��]<�(ozg�V1yZY!lƸb6?equC;Mڄ+V��V�jS�j%F�U>m w�mն��Y���Ο)�K
|�٣t���H:A�Y{&��&�@��c�>`/-L�-�>s/��~m��5X�Dd;R�h�Ӕ"�V͉&]Ϙi�hjQ%0X[DP[�J��R$Ľ_ӆd)�Es2�ܨ?Ѳ�\�D^6.�����ʸԈ0|5Xd�> q|g�\�ιՀlhh8���S )~6!aCj��(��ILk�_+3վGrƇg;4Bה[8_1i�DJxhk\cWz4[&#�q(�g>� Ŭ>lOھ]N ��!ߑK-U /rr }�Ś$f|\Y�:۴NTET
̴Zb/BR�($?}sheB�*
�VǮ�;x�
gתƠ9IB.B�P?H���?ӱ|UM�^�0h�Z�չHVM3�<;vu4'[l3Xga�aitmc�I3x1 he*|Pؚx`f\�x�y:�Q?����
u�n}K�o>S&�Ъni�%#F�~��f|�ABخb7�?���r���qdh�
m"Og0{:�M/_h]�t
�ķ[.�X�I��)V%�Gg�[c6:}\M
�0�=t@M>6%5->�;H^#{_%M@8q[ V"�kQQCX[cm�E)]�Qk�.Aj�˘j�O]now�/@G.u7�gVPKy�p�꣧���NDdȷ�1XIj�OD)~Q�ⳕXf�'?�<9V �Yd7(I)
6g_
ް6G�%ل��4h�qT/��b�ԣ�}w.+��T_ĝ{7)�nS�H�nc%�Q*=TH(
.0q�>�A�A�V8?ʎ�t�;>1 "d>ނ"TBƷ۷�9}�ҵ;41##�;��HS$v�� bkp"R�́w�N1WZ b��|)]h[)eGydek�D!Aq0�Ҍ\!X,IVᆰ�;�!��/H�lęNg-V;$5�jH�lʝUQ1*pvw}:ҷ�[+QN`u�#o
ZۧM~)"B@ü7�J݀k0nyNð-,&O��A:.��.82]R��4�N!Ʊ�ܦ-SoIm��{i}ULNQ7Wz$3}8�`T� �nV\�K`>笔�r,!:qVlM(te��DeN�c�%>U~74V-�eEȫ� R�N_W<�t
+vE*!2h��)$`g_9�:�K\QG�馕g""ғFlL8?vDi�M�*0G�-3��w5%Z�%4:Dے��T4;��e��MUmK![0!ߚ
�ٞ�[l`)H/�S�r�eXZ�;J�> % b�1|! p�#G�����O �:��CA��zG�'*{헄IM�&S'2A#H)}&EE/�"m�qN�6]T_U@ЩĦh�$" D��A3zݨ9`�tW3_�D*,@[Tm�m�=;
z�퉴#Q:V�e_7& n7�K̻uȨq�InJ�
�My��7�W�*>>%wҗcqQJʖ��O!C\~W?Z/Arπ&N&7S&�C�Frnt|Kˆ\b�Xw6,-w��tݭ"%d\r)}SQ8=5$Y%'&}lq{ᷢS`���x-�.VNSQGàM%Ωқd}P�RByՙ�,�
k���}"GGB�F�ՂJ�8:�<% ,��%5M4`[�Bz`/-�{i{-�=rr6(!�/ kњ|Bd�@q|%Cif:Y<ͺ-uPQ5MrjB�D!�Q=M|1>MX7]t.��6^fl�~Rftԧ�_3ȸ<�"ȔfS܈�]-.Ų{qxqq3r?2��OÙ�Ŀ$p\6Dټgc�5ƺns#X �BxqR�vaXZ�qVx|�w:|V*}?S6Z>Gb{cWԗz\)�zHma�j.%f�q��JpLOk6:~�8�>wF��z)e�Е�>
qW�+X(2xHxHO/�h43CiڤU5�w"q�.Be �҉�N7�9�m6�QQ��L�~��,��I`V-uξL&�ʬ%Rhk�\5s'C�nL뻃���}ƣ���r�A8N;!TiNf E^�,֢g{ʑJ/OXЌ�dq �B{sK�33�г5YMq3(�h'�/|�G҅�
I-o
6Ȭ34N]翟<�3#�!FߩrvY7y4�Dd}l�xdA9
���E! >ZitLc�Dx[RQb��F��xg6"L& �D7��=�uBj̡b8�pf0�Pr�>g9^�?H>t?ׄ-A$�jTY̾,IC��$,�F'r�uvq-̍�ѯO�[Bn�,tiifh�7�GK�
HV�՚�d*QP�a)��m~șho�jjE � u�5 .TaИ%C�I��s�6HI�PTK�I �K٥U�J�@= -$|M-{ei��x$lV�3'v2_
tt=Ϊ�g@4��0`�1�GEMJpIp�ÚB#`�
��(5~�Y3
�ՋR9��-�cW�tN17N*�'=a;!3��lY,CM�9ddiOx�"�B\~��dѩLa|(���Ȋ��u�zĩ鄎^df0mF\b��
aI���hỳ+kB[�j���^&!Z6t⃦�&+>v1�^0CDK�v\T+g��qp֛\ p�GC$��iк/��ɿ7P���!&K?�Z_?H>,J>Cf\B@k��{j�0�9%�5c@xdq 3�.9�S-kh-hL\%6!֜p�A�qi*((Cqs#X%NS`�c1�$F,O!1ũM,bt��U�K0@#�Uě~'��M{^:��ӣ&,�M'}Z�ޠB� 0/"�
3Pc#z^TtR�tb+�uDħ&4 Yq7乓�xx4˼w���AnE�4��Hc6*ݕuf�*`��nVH�$ZsU~!
],[waoOk'T�HjkA�ֵT(msׁ�pT?N/�U���i�&-N;�1П�=7\`״kh5T�ٴ�I�n.$�``!=Ƥ0d�FL'�|
�1=_IX9OlUrB*_?8p2nwsMO%܇/h�6�t_by~dاtɎ��&>؛�l�{�AHjS�"�6*za��9D$�y�2<{Etb&�d0e:x_�qUl8����B�k
�@�sG5�k;�&�yEBWG�*pLQ�7K
%I߹nN's=/>Rym\y�
5_8/s�l<�JCuw3mYZ|0W1]l�:��4�fO��j�N�z:%x��#z ��x�7kZVy[^v̑w$鎳���ҫ�q�xϲfl2*�aɹ�,J]S}(碽^l�8ru�tf�6DY\[m@�[4C�0��i�PRW;�k�>o��<{I`\��o$N��G�+fr!
96=�}+`)��[
)JG:Q�}xTIb�zJ~_�ØiibĂ01<�1M�"o>U?!��I6B+AA�d�L/B(��FLu,A9��b:)aTQEJ�M��(ź+�{J�9
@S>G#u9HMx`L8�4�O�7B/�,ک@Wtdd!:�ICsh�)̜��E2 �㙬AhŪ�nA_�VMqkgOW��jf
!9"lNS�:��1G c35�M5*k�=��ce s�L�8Gmx��Q� űT\eRK}bbu
�$ӵC�90o7"÷4��<�zl|[{6;褐M�1y�3vЯ֚LcX^f^:�Qt�|@n/^�G�4pnU f�0]��!:IσĘ^?2%;"$S�*˓� X�w�亖IA%�|Y;#Lfa_��E�2^ ͕t�%xID�w`C/"��o返c8]�6M9�'�)p63�=)��/\�:��YYJ*f}{�7x��c
jwܩW0˻�mmBz�h�ˤȾ=ǽig��'�|�^K:%e@Hxb/ũJǼ�hidKl\b#W_�4J3;rΓ(⠰j
�j7u;GW23:�e�=kSMѵw.di
E<$bi.fjH/�@GL �-l+3裢1Hp+�x}ka;1l��3붶>?+H�~Rq67djy�ݢ`>S4,�$;~8�l�j)�Dn'U�)ox~z��7hxQ�]��?/
���IZqU?xLvtqP��vz&n�,yK7�oBWԈF��5�@((z*>"Yym;�T7y�km�L�#f�9o�U��&v,Ч�7_5�Ӫ0�&!
�(Y'w��kk��>�Ci|h8ctj|���{bw3�"G�S|Wf( 8*kE|+��E!QW�*Fa'YL`�kɶH"%ߍ2sd~n^BSģ8,�^J2c1�4}�n&VrH3�ݞT#1#fB#
'��ʼ[�)jzn|M5kW$+NW$0#�
S~]�k7.J%Wju��]�U)gd�O�:+�ZcW;S9R?���U.@�32zf8�5H0h>�:4�@yd]>
x�ؕp�CB1$`�
}2Qz|X�cUXg?k7s^t���T9VtǕ�ֿ �%�d ;0JoQx}{+��+Ħx8B\hBNzz$Sv-Fw{�'Rh.Rc�L\Y[�T�ր0�3�ܳ{=Pgz�%B!6u2}��M�}֜�y�'=!�{[��rls~+H�ȸæ8F-�hȗK<(J�h2�9+7ex�C%W9eC32�^ydK^sCN�a}�}�yw[LR
6-u�7, ?i38V�iRF�܉�͍{WG&ͭim
$�C h�hk\ltH�
dÅmp2"���G�r*=M8�{)�z��_OȯMWݮm`#_.ZE}�T6-"��;hSXWP9:�eC~"�8fGѩ.O�4-.��ST��{�[#1�|�+�f�bPxg[x�
�l�r˼N�]i{9bj8�I( 8d��q9^D�:�t%%
d8TPA��+g&s\6�nke@@E�/+B�ٳ+�ߋP�}?.J)ڒ)doj�iq-(x�u:�>�ΛM|$-9eÛB�(�wL$|ީ_ ~�apZY[�Em볓t;Uk
>�;^,wf*vfƏ=v]ݟ�+/9AM
%$m��-@P9<=XTۻ{D"H^O<�*,�c5f:�Ր�Z1l;~)sK%T�_.)�H_f�h`t]�/[�n�FC�)[_Z%�4\ؾ�i�p>k�փ�Gb}xf/fS
Q�O9t�8\�7cW��"f�(lDJgJj,{Dh9#LhPZF�9bs�gv$\�L9E űO��h�(��M'{O�$�g4.f`�`�1NjǏ�e��dQ+4g�y�:� ԘHprz�|AelS6|L*�܊9XG+ڿ~&��"Lk�[�XÃ�Qyeb]�_�P�Gv4eG�&kX{nz7~ &j>坆�.�,�7�qG
Yp9˯L:MQCwiҪXU=swFd+Ad=7��
Nb�Ͳj��T��H7X�c�:OBym�hLV6
"pZ61sJX7fZ�\S.-]7a"h>-
�}ݲ=يZ(w3b't�)�8oSLܥzf7��c+kބy�F#)�&1j#64
_\h(n)�e,D.'Tfk�Wi3?.�[R�C>
yNw;c6Q>RnG(ujqg�m$ �l)z���[C+|XBB6ʩ�6t|`yp�$quP4QF] 3Aqfkx^t&x�rwjw�6w ��ɛ
gf>"�Rj
m!zCFT�ʟ@�R]s��;l6�E�k.���
1TÑ_�_&6̷� f+� �q.ė�*�jpM&5$\-�;t�:�(JP�>xXNA#5�Ya2�-:_�Q3DJ]V�1�ubjs\�r��`�i3ق�|$++.�� ;J�}bu�z=I%�� H?ӹ3-8�
"�CV5wH��)LY$R��4vQgK4[(=ws�J}N^6
ݺbFOtƣfs��v#yoVIqtFJeޝ2'h^68�̶\�ѧuiC#��Y+��dwK�)�Ї1�Ӆ՟=[M�`Z��~+�"adOM+��0OTQR}'@߳%0ٴ �*ͅőGgZ =akD(�!IՄ|�2ZP�5�R�`�EI�DdL%�A
��-�K&%U4%�2cu�i��HCf@e��NŠ�=s�'m�S=۽B�RUu��ܾ%W<2wð'`[iJu<� �jv[beϰ3ۿ\S�:q�-Y9z��~�i$!�,2\���y^��u 2�1ji=/+5ÕZa��LmHSk�,I&��s[ZL3J�9@.�,'ԯ�p9�seu�%|�4CJ3Xx->-0EW5-9
/jZ$v,@^9�(�T叀K�3�6(b��0*3%57ME*w�6yUr[֎!9aCYG�v[�]E(���p#qyI��T-�.y5qۺ�m�8�gͱ�4��lf�%
5Er\�A��ת/cw6tg��߈N�34ԫ"by-F�g25�!q).Jk@�0�
�Q"k�/ș,�5Վ
LP/X�f�iy^�.�fd?)XD�R�6\\H)�f^R7Wk��&eR1h$ϙM+C�uT��)%
mv|m�M��F[&a�����2&b0�=HJ b�LSLɁ�X(
uƬ�XQnR$2ܗj�!�h
8++�hC� 1|0-�щè��jZL�ҲpBKV!Q�P+Oꡠ�G��&-]h5#���
L\="�o�IOWpqOm+mX7>/�)TJ' 7T`��6lB�YO�4dx}@ԟt�|�m;g6�XD���oL%vA
/1De��5aPўW�8�ե4���i�߳0ɤ9cUT?:U��8it.�H/;!F �iK7bԉKUѽ�~QFa@ <�,*/o�;tuOZY]t�aYFpT=Kgr m:-իvULk?9;x�HLs%>w��V�P7N^cP:sxk�>;�ȿt�?0�1�X63=6 U
A�Ȅ�IL�Iu�L_Ft"�1\i`�Z�JIzƼ#/G���bp̋=���P
EI|�O\=nU]pM�Ԍ1��sZjAپ
š3+^��0+,Ԗ;./I?2-al&}�pb�W#xK��%G�͓æ$3�PBļX)}C=&3C�@F��I�U�/=�"Z0)\$+�T�9{a <��yF|z��ll~1m#��ym�2``���=ccxO�>@+� �w(�Wh�~/a�E*v�V.z��J��פceR�0q\4)�!-FCFW��4c(H�N�M��"3o�u]7d4r
Y}kD*W&pHL�l/5?ךb��}-�јgQZ�z��'�Z;3e=�5\zHq!i4f`f�ai�{�qyF�*&z*3~g(Msm;u��m�gC��)�ej��LcTߙ/�(d-$v(uwsV!5>r|CW�l�lB[�ټƁ%g
�HbGak�3_��še�[c�|@26|�\M�О\4N�8QZ�-ap�B�s;
L#0Frһ4�762\0\gJ+l�4]M
�.mo)ޕjcc9a~Vb,DŌ^Bp��nT"䰖.s5m�_ە�TC]dh�ڬ~)zET�p�Z#y�����\d���Ӿ��zn9H0[S7Zs7A~�~%-!i:�(dpX� 3�DH��Ü��I]p5�{.\Xa"bD��RGK0!EfA~F�k:�O%!`h
k5p�{EPPn�ʝr MQˊ:3Jm�Qv`Lv)1D���w�Z
�\�oZ�U�=nsnrKxG �6K!!B�}^�樭�.�3^D�I��X-I+ǥ�EF_}o17qI}��g:�ٖP�3��,#ךQn�DLR["~n)![p8p|NЖy|2j��M�2NKP`*�$4�8`Y3�����b9Że�' 1�; o`�1:�[� + t_
|D�OIl�u�S�t5=XHk?�WEOHKS)���A4UF_k>z iވ$zx7[VU�Zq�H'ɧ"eaW_f8&�
Y!z�|ڢ���?��ʼn[kVdw/��5 &2l?LlU;.42�%�_y5bv&TSa�[Æ�ЦUNBeqUgF4�r�r��Ld4��X�%+F�O���4��� �FV8R)�2ȒqQR?Gn9W�n/t�p`�M�>cK��C �9KŔ=nO&K��xiKErΊ�U0~n�b|3y+V��3�2(�}��3�i4YXO�HɁff�)ľײXEѽAq.���Te|m-�,�A~>XC6#(<�I�>yq[V#&q*(��{�5@�v}}Fv8L��ь�;���u�p�ld8/�'UI/F[АR|2[!5Ƒ�Vi+=L$Cko>,cm�٭�2}?X-;y^3΄>
%�qC��pQR7alN ں�����Q��yC"X�BHOæ#'^Ed5�9s\~
}mՋ/J fiG.ہу@�hoGO7�+ʪ�t8oIDƭ�WTRu�y�y+%�ԇ^L�<~%fUN�0J�wCfK�D�c�t]E�X$zXIۇ&nqS�釔V[pN0+0\bQs�My|A�}w�մ)0 CRߦvEwu巣VW�Р�M+Y*�lػ^'�ԯ+�Ƶm 7O���F竓HCA��ZO^}�s0>"<6�0ڒg±n� KZ�>�.x\�RnnaF�p!V:E�}B4L�HvNYJ��+w�XR�d�~$wcWuYt|O;ZP|� �{0nOUM5�c�}L�wnsW/vg�b>!j
/��bBz�A�M9E &\t6�n7�jۘ�ww>v&��)
YN2v&/0`{HiD:x̩8�>\j�q,M�,%ٓ�F�vNFwy�w�tK�C{o%�3P6p\∧Y+�]gh�BF�*L[5!q Z{Ӣ~=WL@W��~Sw�RY{_�%
�}0kM���qO�!rwK�)bCم�/Do]+�A$&t�K[[,ӊv-gR2�|��"-%GYs;p��tC)Ņ*�D8n�z3'z1h"��6i+zt3�7�0|��vE�7B`p�u�P@gp
ݹP�z�TFjbj<�k\
g^����J6nμv)��gh1D�d�Ӣqmɷ2e@w�B
�*ոxzMq�m�wjs�H@Ĵ1Jf l`�'\+1F:�{HcS\tn�VT�50ڎ�-BfE5MO%
߂�_yGƅ
d'E8lmH�,$/F_��fZ.E.ybN0DL$.�1&g'D.��hq>Q)[@�sQ�j;b�¡zᇤ �x�5�(Gt{ ��_uWhN�u9
WH&4B\��C-bQ0/zjLr"c]de])Jn��g&ho�9�ɠʟ��Ęjy6�/9CKon1�]�7b�8B0K��x�v�j}題/ݏsr봤%L
@�\�DncE.�b�|�\ړ�zEh)9�dOL�C�[�AyCa�q
Qg b� [�,70ڏ�>R5/�b���E�?+%0
d�IȄ�Q,QTyߊ�a*Pjܾ�W
P��>u��
!J��N
��m� IS7@Ej*��Sj,JȜ[�5D�E{<:WN�&�/?f�1{
k\
�9��)5]&�6xtY6 y�]{
7+8��j=IK5j�Knp{J4L�x!L`M|:�'�b �e'�r#G�OͪQ3�jRE�M��`mM�onȘ�!jcc|6�]m
�U9"ԿS�� �<�UC'wf؛+�
)iԼK$�Z2�,��JZ'ȗKOX9Yge$9��Dlj_fSAι{~"`�#1K1Rzx��z�W2TsS3� `v1=���Y>pO&>�M4e+�@�Z4B_i�
:a��Ս/��ĐCj�hLYd%9�%i$-[6g6z¦gF=A&O�a%U[�E+keZ�̛\Of~ղ�K앯:�ÿ_T��e�_a57ٻN)F�!�Syjm@l:�`
�uUn`FßWFv�B�L�_dRFV��c
�L[5�qy<Ҩ��_͜�F<2pRp0Ba^4ٜRM�Za��)WF�2�Tp�#>Qh�,9 &r-\cY]g1{�_i1!B)]%�M�$+K�K̊/dG�:k�"8Y �g^O=qZXv2�
7tݦ�
��a�C>|8�8_G2��f��cJeĤXu�SD��66�AHP 7L g�6 òk8�b1Л֠{% 2k-O;q+uT[ aЍ
o9ֶOG9L��?�D�Ө� F�l
�/�D5��E{�S�WX�J���-
�-b�tO�w��{�FL�>�� Ɠ�"]JbT|�|Vbnh) �_/9_{xfR�WB ܌)^,�O3��i\r\'�zeO�[Pn�̐"&G9aMjZCuqUƨ�.ۊ\8<*r
H�o
�m,�m�*k�gGe:K�|,\4�X&ԭ=y@fk�^irz�̏wpe���q�Z#V!�&~!�b݆\6n�cM)�Zm?K@ �j�N9}Rx� 8�NxpP0*O�1P*ˣG�MΗ���U�,|n*��
?�}J�$Hm|U��f�m9-[N�^�R��Qk
y�GJ@�z "v7Com�pL�떃�'SN�m�Eu"dM̂phԊs2yq2<39�ЭhW?|e~�P[~֕&YTU�ǙQ�|;
Ml,ߧ��߶ԡ�MN9^N_9 CE��#�υg%5sfQ�x0Gh�˭'|\)�Z Vk�KO2٩wlwG|{`�5aЙ;d_C씮7qV_TWg3�h�'㏬gLo��
2�H}5/�o�:}Nǒr�3�-8
�Zۙ$3_�>>ngBw+7�?d'c�[w|9Bh ]yŦ8,1Hg͓i�kZ!Jj�[��*XFx7ywF:-̖ٱJDN�xM;k�a?y�=EX��^�M<�uxuVg\K�a)M|�R���f~?jP�r\Ϟf5Je#;h�Θ1�:>{�+ZQadCt)XZ)h$)
nGef;K�(H��bi�ٙR4ڻu��g�jhFe3c
�ToNFm\u�y�C�Ny:'�ѳ>Ji�w/*YӦA9_+=vh֗
�H/G2�o>M�z?W(#'�E$
|M�w
�"ړ>MsQ)sm_RxH{ObY �&XH�Rᚚ9z�� 5+_�[\WpSb�pEf��E +b ��h���̟,�����~n�#b�TN6�8a#z
|ϬB̩VgYGrsk�$9�&[(m6��6ZX/N�VѿM=
O�_ gއ]��l|;�E�lz(�2_W�ԙğ��JwpeA%�CqJ'~An.ӎwm�xV dV%�7�sK8�@�uƕft<<�B�J|?�dmbӬ@:c�"1%� @y+�Y�$9M+M ݗ�l=lQXŰypF?#5�@0(. &16hR�fw#��ž�k��됲�%��I�Q~���Xg�I�o�#1zw0&*Ά"�S^n$f�z)J�P��伒Q!ܦ3%_8j�7LpH|̢u�T?MWu@@g�T|o�]��xdtzvPue.,ƎZ#e=�u۹E�&C4"F9`�y�5?bV47'ULNQ&1�l�
Lka&� XV;���j�|ho_݉y7\6+
{쇇!#
pX%Gt-(����TjV[.,Lwɝ
߮sA3� X�F$
�TT:�RߎNL.��-Bá�AZg6�au�E˯2�;�"�T`;8g���x�OR\.�\f,��*96|^I1cv&�c(, ��x@$.�1E�["/m>B��%}հ�W.�2<�LJ
v_y� �Uǝ-�yp2λ6 tZVյ:װB�˴9�g�!~S�/֝OOq&<3ew�ou4CdxmE[`2Q�Y\`�RQpU��Q�aٽ��,�tqٝ%�r&W�@Ss(%��4{̅;*>x
(�w�)v)>N
V�wHu�n�4(Y9��RU/"tP�_\�m�u5�0̃f=&B+�ަZ9Ά NW�3�y3�s&W|xSL�z
G<]_`>Q?�@��Z�QT�"8,>QUJ;'.�XX$~]ɍc�}:Tٹ��AJz]��*S�4ԍKZnOZ]8]xoMFL`]I���:Zkˈ0��t[1J�c(�у�-*�+[&$]1;j����
ISȿ/�QeHإ@צM�xml8lK�fL"�}��% FzG]�LkSw�vw'�yۼnL)Qxqy}R�� Jt�d0QBif2ϴc�!@1riY?$?Oi<#E*_(ou
h�Za7
)Ҙ*<��4 tV��V-=2ݷ=P?m�O1<ޣ9�w#!#w6��Fdfq��d�{;fgiw�ƺ�|߭��I�"ӥZSjh*�f<c�3@i�?UrjX/�\LK0XA�W�Z�0m[�����?Azf�"ד��k/9K�0.fs!�ճbi�W�oROMXqE %0+&>��!p0PE�.��}&:P{�(jd<_��W�ݐУϐN�M�ofC@rTsqq̇>E�fA�ϩJ��)/-C�a=mz�r(��RQ�"9
�c:�%�ܤ'5�(f`϶E��w~�gr|�TNi�Z þ_4EEt!-`�7hD1[�6�Si�mY
�[گX
lU21y
MF%n#ܛd�8��hW0/L�tm�2;)�&Cv�Axٰ7[Btâ-LT<^;�=s_ES=lkߊ��{o㳡E< �d71͢(�d
1p�1aֱ�抶Q픧�����*Kg+]&qlG=�%cݱi3J�QEcj<=�~j9!�Di!550�P7G�#7�1^Dzc�e<+�0
(+�3k�ZN��ʈF\�KBFSiی־2bV㘹C��vz=4
, PB�<'x?�SjK�nrd\R��嗪�TN�O�n|NfE4_?��p�$.56�tc�wFݷ���.jvA+L�J)t�q�X�$4؞��yY+idO6-fX�Tz�S�e?�pz:�
c/7)96;@<�3q?tn�;e֯۱g�Ӣma�A9�\/?P]A��Q&&�1h�f'rma8.�%r,ₙU���8# A.��4\/$2؝qmV�pþ5ފ
Ȯ
�-%�*8�?�'#d�2tOv?ᮒ�"93Br
L"^ދ[Dy�Ykd�ϳ� T�BՎX�`f��I���rr?Bn#5.4IA~OM�#k�%oD�G�>��Z<ד
Ɵ�R�c�I�k�kU0>bٺ6s�0J22vr����_Ha9w۾j2Eڎnt0�uXs�+��_W�ق
^谩 );�0(�Heѿ8G��&i>#aqC]�eMQ�t!DE!(t4o�E�|?qvjݣr��1F6��K}I{jn ~�b�>%�Hԏob�9daK
xv�s0�Ϙ�+*�����^[
MH�)�m@=�mBUQ_n�x�gg6s^{N�ҘZ�U̇Ұ[Mm̴�cZ{a41w���*�vG&39S�0QjVl�df_t`Q�xܒ�r|M�3�P����fp�&:y5.�4ê^��c���9Z0���icN�DӐ�FuXc8c�!� ݉wh��F79gKQ-Ɗ�; |7o�u*g"&"u^W ե�m7SuOﭣ�U:�ȎMNa,y?x!?33JPDGtx]~�b��#�^\
1�c`V_r٤F[P`hwSx�:VIgtJk�ʑ��T|�p,?=9jʰ�eV]c
wTkq�Ab�O� ��X�7/PD*Q�a�Xy*Ўckiz3S31Q�V�yT7��$$5�(s D�;@Ytmґ\GS#�]SSœ
3\��Vx�,��Nq5E�4|O_ϯvMܢ]hygb$|��q쟟U�jY,sP�zl�B�J�1s��S9@�qL֮t*^Lc;�l�m�ƻ%�}9㺑+Kij�*WZ4v�yÕW�8/�^�-K0�-x/�s̥��fk�|;�}x3�˩bl3Ml+[=�O���Hu�nb�Z&݀y9IC�^֩�SYhs7�Ӧ-��8$d�s؛�d�Mc;p#Ê�
�i�6@*=uImOhF1���
{l5(G�+05hܝѬ߸~n�{m٭M�ë:A>�J�tZ%qR"%'Ǹq(/OK`2敤=/n�X>kԀA:ש�RlfT�"T�2K~_19�~W
R儮H~��С�)��{Xͫ��1ҁT�4{ÑLS#eT;7;e5�������%֑qFx�nI&n5(dV�T3Z$[|�n"� �ʠKA,~ߛ�� ?*>~`��7&a[(
)22�CCp�(pR�ja){��� �ė�v$�co�N{�f��xd@�ZS^O�ĭ|浄#Z߄5uO�4/�qZk�1!e%KMwu6܄?Vg:*l�'�ؓ�<��!��Ov
K-dj\nx:^N$umaг*�E�UN^3(*zT+5�5|SiqF"ˆ~Dp�|� ��/�ytzʁ=ΞG3�z3p�n_��M-툄 km՛
b��;="Jq_K1x�heV8�
ǹj�4O�#@�Y?͓s0!}P8W/�w{ohǴo-7|ΉZ��RlZhGdz$t]7c\�G%�y N5
",~R^��6hZp��/,3FqH� mW-Bيn6�0tA^xD/�疿X!1g{2USJ 3UMƯX@eck�3�j/Ж0ib�f�[yӴs,Mdq B# y-�Z]h�r}�g'W%�dQ3ofVjP8SM��H�d��{D�^��۳?Rgս����U6!5V`+-��:$`J�{eB%gQ�@O!L�"&dA\>9p�,
Vڀka�֛"j81)'/=�iq>HcH�少��/38@M a'N]ז镌A{SҦx�-N+�Xd�|pֈ(ZJYl;4@�8p|cg��'K�o\6Rx7ܼ]F�%51x=3X;;i+ЄnVo!in�ֹ�G&+�:51k�Z9�֔�DbҼ}/b�j&'��ݮ1I6��5gAM{vE�jEt
��"t�FgQ�A
_�$�ι�_�ٳE�ŶD�E�Jr۫ݒ��@�tK�J0"?$�V�
G2L��6y7�RvM&6#���ypϕ@ݐ.�oIhyrX�v_V���J|V�
Uwg
�~KVP/SU�ɺ]:ASe@ᵡWf,y�Jf���VSQgeEcr@ބ&�Ә=$ރ훑KY%�[c�Q6̐�~;S O'/=pg)�H+
jڡjt >E%�&,�U}+NzgA�l�>8~�rO8mZV��Y"گ6��
-ĵX):�` x_H<
Db&�U?s-Bj
:b1U}-A.�� 1'Fp۫hڌ̙Ltd+WvBP^ڹ')~t�oђF7Jۧi��
9WWJ@�#{OלzIIJrQWy
1M;>>[©�D�~/=d�GzGb!fpY�}}t3߶cO�`Pj|�oIʎJ<�D�"\A۩uFJ�^֪M�7Sΰ�\c�a'A�+�@�S��Tr�8Rw6�OY2},!3,2RTZloy�H4{3hi[T$g%JC�˗�/xjgjMeD[�T��noW%�R#�1Us]�ʪGm,%�o�B͎4]$X0RYh�mcu|�ƋX]$EYsw>Rx\�L}#l`0aI<$�suTB�SXY_^$Ht�A7=n].,�3ڞC16\lX?P5EBw=aP.fJ2nqέ'M�?/ٝAwkcfւZ~V
�/2�G(cGJ�K��s��KK{�v,!6̤�X
:��O���!ٝ�IښMd8�@)pϥcea��Uq�o3L?BhLb�|�Z�/Qh۵h%Ϳf� � ;SO̮,‶�Ղ4DucvP
c �p�5Q2ǚFUk3{
*\*!x�Kɉ�Xˉ��xZ�A�VB{��U� [�Ѡx<*iS?Z�ksY�z�{s.&%;R8硎0ï�'t��Lpb*D/llϺ'�h/R`&&:yZ�]/4�ZA>@eoV&~L��`.�,Ej2Ox1h.�;L�B9�gy#*B�l1ۆ�R֣ik�dB˖~HI,��`qL
Wf_j$Nɻ\5'`K㾍qJ�ŏ0B7ӹ=ŀ*��s�|E�6.�ދL|br �6A&^tz)g_lR�Z<�KAB&�V|yDHS�c�.%.&)��X#3=�ɽ�w)��^<"Dw�>�ă�ʋx��wS^Gk 蓮DZ02Ɯs8B:�Jdž
-Hu*f�jrCۃ6{63o'5�~b
=呞Eքt�Z9%5�~h�VEp�gj+_ib ۦG^�hE-HMwhp4
#�'!�NivndzsR���y�/xX�m>DJK[T&b�nj[g�-ZA�vAIf@�٢)%+uVy;���#U좌�iNc<�>V)y
KFyZ&Fs2v4;()z�}Йb"AM�QT�|9��Tt<� h�,�Rɯl��eO�Eg'8:gd"--ek
Q:.fHjZ~w�4l)��P]˓P)�,dL�H5H8�U꾑I�Q�YdT@@ ŹW6MB-Wb�%y�Mnf+QfyrqT�\9ON�.Hp|f I4=Ar$,bD*v�Cd�ȯ$E3ăN/�Ebp;Y1Ʒ�0nZ��Hm'.&n18D]�[.l�rIO5YMn_Gc32uhB��pU.A
I%
�vQtl�lL|ˊݣ���OyaF_z���/e?#
I#KȲ9G��;�B(6F�szg�nN�pSl8'AKW֥�&"h�k�3�}hKC �>n��x)�Bl��3FQh抛;-���ښ��$Nwv,�x8oNv
J&N"�>$G�
> ]Yr"�di(j�Ʃ��O}*�IXu[gӬ�^�uxʐTV9 �26y�_2vEiSH*& X=�WUi�C@v
+u9�B�X֘ZbʞAMdWAPzp�y͕(�Bs]x�ކY^f�RՕZ�ETZgYKФ���4�h]v
[w{�[�!,:9q1nodO 3�t݄Pz�4º��1Xl^��ēǰ/$sU-�$iC5S^Y��~�~pS<[rb
Rj_>�uw�06�aDî��ꖗp-��ьª�;Gy,BC�j�zP@p}(7�JE�~DixI ��+6�95a{V�=T.AV\LJl.rSG
;¢�Χl�Xn����D�nְN��}�bp�ߍ5�5C�}eNPI+01�1l;,&'|a�/߹9�z[Oy�4�*#k�!B\du&h((ӂ<�O�+xOy���!d�Km�qĀ<� e_KJ_eZDGp�cAfUhRj)&Ol3�3'�ERs��Յ�Zf�jj�@u.r^H�DyV[mlKN�8J�(]�mc
Tp��^�]B$
V8^嵷�)}���e$GeSm66Ԁ+Łߓ�P�JxPx)XG�h�(@1�v$?�,ßLQ.j8q���{`VWIA��cԾ7�~ewIG��MQQ>�<�WK=\X|��OrE|^|Ƕ��ӏfK'H۸6&�@K=2&3h��1^23O~\� aw$wZ�02ll�⹀ *=-!g)��EC�Ҁ�g*�u7^y�fN`�)IJ֩u�C:y��Oz
�"�nxw`��_z��_ܻ|?�&o!{}yνMo۱(펋L]jTքq.}��vP�|ucc�zT
2A�5B7/�&*[A{�rR#�е�0
{>�b4�s%YUC#v
ǩ2?7�$.�H�
��+�%*�6s��BscZ1�#E�6+6'
P�tcתMrv�ݻZ(3�0]BzV|;'�HNYBwnU_w)�O[d YvHZP�`j2�Tgl',diy!BkX
ث�:^fM&&w鱑
�
P
xT#�fA;�Ѣ{c�rkA���kB(�-gQxj:Q==��6�b,\Gc_�̍�ެ7Ԯ�s�f'A�QEΣE6f S 7`XjdZo|�<2[�(d\�bR(ҧ!�`w42}Kz?\%�^"wdJ�G�}ç_I5H&3�oi\6}v
PWh;EǓ�3�eOnx�IՁWme��h2Y���"&�mZu{>h;csS؇l�)L5ΖSo�n�c�?ظta6|`9;+\}�)�~,Mx+T�4H�J]V��FTsN�I^x[:�j]=&)iJTBTq��ш�9NU]
i��,9S��]S2
)g2ʍ>z:<'/r$CclC�
)AH $�YpH١(9j�O'{ B$t�+秾Rl�Rv�E~Xgx�N*LHtZf۽�4�d~�
�i��d�E?�D��\�6)h6(�
�8T�̍%Xof�pa�!{C'�eu9A(w�ZTS�-N:@0զTJQϺ���}h�^ՠ�6Lc_,&N37ThZ!+{MA��9'a�` UC�ьHy+6PGG�9��=
b�X� Bɨ�W/gR֥��4�"
s�V"xh5�hf��C
gF�]SfWt�$tTQg
#y_xwM
�t#t
zf
%�efT@㥇?4m&jV4t/u<3@�N(v�؋eSk^Ϝbszg
e撢[,VL<���;E�u-Hkn\!J5C
�o�<9Kj۾rr�=m~@�{QT�cc1N-��e$����S^��fB)B�Ώ|O�.k*9-d߮ej�TۑYY�Hpn=ŕ£Q���ȣ4ZO@���/Є_SiƹGpa3fLhqqpS��J~�5)cQ֎�lHF�)ɳZi;S�)6�H3�myG9��K&)IN�t�ʈ@
{��a'ny�"<[4:!](�;�F2c#qhl1
�mt��>ߤӆͮ%;/q�D1r6=%:(�7\�^��d�?_nPВ�WmDZJ m�G3@�Y捍��T�^iiνMo'�UwL۩~Xf�)VfX���ȵiqN`{BEbhr�G׃BUzNa~yf�x�<�d6ė=օ�nF�
NL�JqoUlg^I��Y+;q"VM\W�m
j$�$�,=l��QgX-!>n�6k?m^�T~�u`m(Ml1�g�1
8ѷX�Q+=xIy%◑�Uu���P`C7`4ˊ.a�c�h�$ɘ�V�c8}i�3Zrs�b�СfպE_%7䁝�zˡCp³>P̌JO"T|
4��SxP-=k��}Smςʯr�
v8/�#[ք6i%t�oظ��T�ʻףtE�dI�WN�J`5�R�V46�)9qi5ɒE�G��
贉4j"�_�/χ�ź҆ޖ5Y~:IbUz7f�.WWbxUcQ'yA<�T��w�pn]T+{Mãpf�戛����YD+ͦHr|�A]2W\P}#rPѫ];g7O~��B\��l��1�X�S ;�˕b9w?c]G0F�Gm>0H?` ��&=s�li\OVYD8`j.iF"jtuS�LN�Հ4��IN~R?�Ɔ%�I�Ѕ_ >r2JJ]9,v萆m[н$��sgظW
<0w5ѹ
�Xc<ƹSs�@@T)�4w^��a.+YԭiDzȍ-UviY=�}#&�n7*mu�[�s��j�ۣPfA�wl9yAhm5W�m��лvǿ�PT}7%kBY ��S��J��N6)ďa��O�:iv"j'z]Ym}(9�'y�ҿ�0�(5|]T�B�)�x�-+[x�zKɅ'y�(�1!?g�up"7Ѓ1#z�wo Z5]H<#hUs��@>:�a��*yz�a�6�cc�'9q%C
E;mD6dd
*:wbT~/oܪ3h߀K*˦����Ie̯_�"F
�W��7 ]�~;�gεs1��Q/=C?{$��þ>d'%yeB�/?,س��tŘ1� ڔ'�2=H�O�\t8�1HmAUag$SWd>Ag룦fŸ�IP�]ʶ�:���J Fv|j�s}I )|cZ
<Ʊ5r����{z������
YZ