pki-ca-10.5.18-27.el7_9> H HtxHFduy ?*}}C@$ VJPnN0*<ba QdEJFc95df1ab16754917aa8e920a422fc55ae1d01084]N6oF(|DFduy ?*}}Q~ͫ,i'6iH>Z2A mŻWx6Y&>8?d   E         $ B H Pii i i <i p%i rixPi]iji08 \  (A8H9:GiH,iIiX<Y@\Ti]i^b)defltiuiv, wpixiCpki-ca10.5.1827.el7_9Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.dsl7.fnal.gov%'CScientific LinuxScientific LinuxGPLv2Scientific LinuxSystem Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=mL+1l[#tR#1J6 _ S }F}F+ g%~~[G7(b)[J2 O,", +Bf PEGl]P'n,1{{% *S*L$,kI,A,:+A+3&u9 ;#%##"vSy "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9RU][  T \71 0VCCF6CQ& "Y"\><bc q-  dF r- ~-d>Ed,g>aB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤d^2ddydyddydy^2^2^2^2d ^2^2d d ^2^2^2^2^2^2^2^2^2^2d ^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2dy^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2dydy^2^2^2^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2d d d ^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2d d d ^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2d ^2^2^2dy^2dydydy^2^2dy^2^2^2dydydydydydydydydy^2^2d{^2dy^2^2^2^2^2^2^2d{^2^2dy^2^2^2^2^2^2^2dy^2^2^2^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2d ^2^2^2^2^2dy^2^2^2^2^2^2^2dy^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2dy^2^2^2^2dy^2^2^2^2^2^2^2d ^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2^2d6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00eb1fb39880b0892b22d2e1701953f5278759e28dcd72e50309e442548b27f0faa8cc4d68b9f6f2d9f12bb1756fbb9bdfb34fa89f0930187032b271315665728150c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f276451224c5d8227f40359f7d5367ab5c27bffa0d734cb4a25ee3b31b8ca77da5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c85df163a6cc55b9c0e1f32f2a347d19c5f9eb02f3bd07cbef7dd25c8d86e3bb718ce6ab10819891d1d8fde23cd1c90b6a065c008b7f7fb43733aaba5693b054182a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefe0cdc0a0a32d688202334a77982bb2d63244aa5b8570dab545db1c29342b3895a2024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69a57b7994670aca2abb02cec14f3334dc5a887b85bbe03e19202a045111343c40a9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b14803e10fa13c8dfd44cb429d356a3603c079b3100651e429f5bb76d57d8b42d1dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c286ef3b2ddd73eb2a8e12cea6e1f6adadca373fa81c0f7c414e705ea46f3818ea8aef2e39c84cf8dc8f0af8abb56834c98fe36820ae871266d08e5018aeb4dcc521c9c398e166d3c99707aa883a5619dacfb98c3ce7fedc2a8702e188ebcd349e519f65778c5af41e0d14e2de103ab29f00cb99e1904b3bde1395ec5fde92c1390815093c1c33be89fbf3192f503fa8ed572a7d3719461befe87107a42e962d4adc3b45978f03f3b8724c1b89e36ea16e26e494b65e240c4dbd77198021abfeaaa80f6e67824852390447027d20f4455701d32e17ca30d2bc02a145d5dc335c5dd2484024db29aa2029e29e5c87372d20e5d57bdc9eba046ba525571e512a8d55ff6c74db2c9f816beb79eaa11ca44d91ebbad302da7e0e139aa99c867201d7cb2b5b83fec0eff7472964122f5fdb491916fed8ce15b3d179a90dddae767695d7f153f1da2cc4da0c4aebb58a3e85d0ff03fbddd02a9c8f28532f28fa8729aebc24e02c5ae1bbc67962f899866ad4aeff14c6d9097ef74a62b0db13c62b3b948b1910f6e156c5d656b3d8ae6e21f777e1a1dff4def65a9fb7493202db1cb41721801405498a15b16d373fbb8fd98ade8bc0c64e734d9b60caa3b7b41fdc8ab76318617a98a8a72661aa99baaed16b2a895766d878506c808d142b9c564fd9f90bf9f7423c5bcceb5aa7338ce528d057e1a55770f4f47a6d160f464bdd2e5a9a15b6df37a15ad28ff8bd1d1e379fa22a0a58b1462d1cb2bf6f91c0428442b261eaedf631f22563c6975207fa0651d350c9aac2064c636dbfd059a1c001014a7a57fb30afe2e8161acff9850a5bec7b0249448891df209ced0b38cae1dfe11790a5bef1eeff08a5beed53ce599b88479fd2a598a73e9e386c42d10c44eb6312f27403dc03ebb5131110972dc559286d504459480c6f30bc1fae30805cfeecf5a44424819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d403a32df2ecc86fe1aa69338a4a6e06d2d643e34acba65ea5c001f851daf5dffef55a1765bf7f3b0ca4bef450a8f796238b36fb8489460501bf94e91f1dcf5fafc74904a2f68124a9f013f60bf839a93264f7fa1eabe952c15f22a6e370963c902ca978def728703aab9cb9f2fb3b48731fbfe760a43a258c3785c84ca4be21fb50b0842fb84ed2c8445b5cf38f87865bf1d65ef7a597c15178cf7904e805547fd53ed053101f654722a90c7c718612cbb600f0e746904cca639c083ad44adc61d3b7602633f62681a0543a4576518efdf11838e94dd637e9b7f48a5c9b4e2303ff44b354cf3d8d22c802cfadfe0dd0334aca848e8984b34e92b9f696828891e4f016817ea2689a5402bc8f4f2cb96354c9c14c3bd20214668cfca82e0f1f4c7b29cf0a9749962f5364222fac9a330306af9dd905f0024aa5a1e1561a663ec16fd58a28b0619fa2cbac29eceee05b20b01097185ab19ae9d807e384a743387d27fc0a8d6d897676617cb203cbb3d413ebd6c093c27b4e3b4e86280b85d928dd21640e98a6fbff04f6d46220c0bb33a1dac4f66ef82fbb59b77d20640a54d8533590ec3bcd1a15d8f8190a27a687e0f9743e5422b91e23cd3670c0084032a94a645dc7b21e0b39090e6c6f6097d5b8708db4223a9313a6215b2e5fca1c539d4e5e3477fd81e23e2db0b4c4e33b16d4d2323e17dffb0656c598561f9d91ec04eee8f89ee8bb42b031bfd0f2aac1342aa2a5ab324f8f6181711d9172bef5dec9b4e1b2d5cfe69aa5aebb84a5a1637aec3ecd0ec88ca2eda7fb5f6bb3e067bacd789eeb5b9868e47eaeef88ac42301d77271667035e5ef559c4f00eb3e29f8dd363c43a4df10efd9412fb5f45b5c9837a9e149d0888593569c4969f51efcd61ea6abc2164637a032954351b16d51241c0c5803f12712b5043db034b4fe6ec928d6b57dea17970f7e3a0258e8c04d0a0156c19446f69062dd069ee1967bd929eb643811c199c1d988747ba4d5689f9167fd42a8ed07039e28dbccc4b744f4cccd469e8f3bbc3d5350d5b2c15101c9869718d0e248a6261a34300f064a0011daf7a7b97fcd57215b937380865f10faa16912e9cf7fcc6c8001ed5ccf7c35889765811a449166c80fc6b7b677207fb040d9f7de00541f77aa74747b96a8c199e368a40ae7f8cf803c974c90bab10ec4d6af8bb034bb857d35e21f13a766f242a999b72ec4530ecb668be6082ed25f15b4b50df28164dd762843030bb98e81eb93b3d1cdbb8674ec4c8dfb3f600b90367bec83498d9724204d8e54b448583d870a563a74d08f05f45fc39626de7e17f2b9dc8ad6ac85e7b3d443767e183cd06212dcab461069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f687984bb909cae523b0d8fc8aa095e59c31e5b1a1ab748de837cc47f311083b3ca72933082f4a4fcf0258b724d8be2bd7c26a70a7ee57686804b4008d4855be3d7fe7337ae43a49225c416f3a0fc11bcc7e6d5089bd03ce69902e13ed9208464a6a1d9f7d81d4795a672195815118e2584314098a023c3f249c95fe0173d9cac292db36550a3fbfaad2e31234046232cc077308a08e1780507c2549caaa07960a3bffd988c966ca03b37de84c114081aa4b31fdb94c7e07b8c00e726c312cc833e259dfe0ae3aabae0cce1d133c3004203650fb5a0a17375f1c598dcfe22d7b8fb04299ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018fee9b3f1400bb8f3b28b996b1bc599f09f56dfbcbf564def419d90fdc71eb17056a10a6cf49b1f62522a0f22ea1b12339ed6fb418b2e1fe1a30902aaa70226c4d7821ad58abf7b6d60a2b580a27813648843f4d34dc3120f48da361bab625d830ff8bc6c8ad5a793937f191b8679bc73170aeb5dca7109bfcba14a1e08eddd916dc62f4a693d3e8e45599d04f399102439436bceb4377f909c3f66c59877a083a5fda7898d9e0ac8b3e9e81887ed077758d05473cfcddae2508d7d2c77bae9dd2feb5d5c28b7f1a2d3a7036822329fec825a2f7d4b33352e9bdb5c8a670821dc6938a8185acf80285dd9c95a0bb6eb9c601b49660105d08784c52aa8ac453ce9e2faecddceadc43c59f45f0363e516facbebbf4f9dd59c307f5d04cc31587a7ee46977c98daf2a1507401550a16ef1ad2fa8a713ee85fbcea3e746220fbd9f31057112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617df39135b857b478484f1606a9e54287223c2e6e8d0ef28e085d5d813a55de04b13112a80b9e97ef0a3492fd9c2bf504887110842ee75e18c114a2f01707be3862f88641212046222c357f82ddad68d899645f30b9a0e3411d9fc2f25ae2d5277a8ed29d19043a3b0fe056eb8d8c9a6ae446a00170d442f2ecc7c888dda6869747fe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121cc4ed50cf3ff83d76d2f3593d6f517835d0108bc192391b370a734cdc2f360b4607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631abdaa01be372f6428157f7767c6e507f03d8fb0698ed26ad8764efd8e3b6ec1b1128b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6ab30b4e2aefcaf4932f96eb61a6fff9fa4d55de821b5183ad89a039f5628db4869bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e09f2836fb367185d4cd4da6b1362006d666ebae9dadd433785321b143889a46f5b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.18-27.el7_9.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.18-27.el7_93.0.4-14.6.0-14.0-15.2-14.11.3dOdc1cY!@cD @cob@bf@a*@as@aA@a`@``e@`6?`%@_$_@_@^V@^@^@^U@^=@^@^]]@]@]]v>]R@] u@\\@\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.18-27Dogtag Team 10.5.18-26Dogtag Team 10.5.18-25Dogtag Team 10.5.18-24Dogtag Team 10.5.18-23Dogtag Team 10.5.18-22Dogtag Team 10.5.18-21Dogtag Team 10.5.18-20Dogtag Team 10.5.18-19Dogtag Team 10.5.18-18Dogtag Team 10.5.18-17Dogtag Team 10.5.18-16Dogtag Team 10.5.18-15Dogtag Team 10.5.18-14Dogtag Team 10.5.18-13Dogtag Team 10.5.18-12Dogtag Team 10.5.18-11Dogtag Team 10.5.18-10Dogtag Team 10.5.18-9Dogtag Team 10.5.18-8Dogtag Team 10.5.18-7Dogtag Team 10.5.18-6Dogtag Team 10.5.18-5Dogtag Team 10.5.18-4Dogtag Team 10.5.18-3Dogtag Team 10.5.18-2Dogtag Team 10.5.18-1Dogtag Team 10.5.17-6Dogtag Team 10.5.17-5Dogtag Team 10.5.17-4Dogtag Team 10.5.17-3Dogtag Team 10.5.17-2Dogtag Team 10.5.17-1Dogtag Team 10.5.16-3Dogtag Team 10.5.16-2Dogtag Team 10.5.16-1Dogtag Team 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- ########################################################################## - # RHEL 7.9 (Batch Update 23): - ########################################################################## - ########################################################################## - # RHCS 9.7 (Batch Update 23): - ########################################################################## - Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter a list of tokens [RHCS 9.7] (ckelley) - Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu) - Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)- ########################################################################## - # RHEL 7.9 (Batch Update 22): - ########################################################################## - ########################################################################## - # RHCS 9.7 (Batch Update 22): - ########################################################################## - Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter a list of tokens [RHCS 9.7] (ckelley) - Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu) - Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)- ########################################################################## - # RHEL 7.9 (Batch Update 21): - ########################################################################## - Bugzilla Bug #2160355 - RA Separation by KeyType - Set Token Status [RHCS 9.7 bu 21] (cfu, ckelley) - ########################################################################## - # RHCS 9.7 (Batch Update 21): - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - ########################################################################## - # RHCS 9.7 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen)- ########################################################################## - # RHEL 7.9 (Batch Update 18): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley) - ########################################################################## - # RHCS 9.7 (Batch Update 18): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)- ########################################################################## - # RHEL 7.9 (Batch Update 17): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley) - ########################################################################## - # RHCS 9.7 (Batch Update 17): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)- ########################################################################## - # RHEL 7.9 (Batch Update 15): - ########################################################################## - Bugzilla Bug #2074722 - user password and pkcs12 password exposure when debug level set to maximum [RHEL 7.9.z] (cfu) - Bugzilla Bug #2082717 - SCEP manual approval failure (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 14): - ########################################################################## - Bugzilla Bug #2074722 - user password and pkcs12 password exposure when debug level set to maximum [RHEL 7.9.z] (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 11): - ########################################################################## - Bugzilla Bug 1998597 - TPS RA Separation Issues (cfu) - Bugzilla Bug 2008319 - PKISpawn with ECC Signing Algorithms fail in FIPS Mode (cfu) - Bugzilla Bug 2018608 - Invalid certificates with creation of subCA (pkispawn single step) [rhel-7.9.0.z] (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 10): - ########################################################################## - Bugzillla Bug 1978345 - End Entity's List Certificates Page Back/Forward Buttons are Broken (ckelley, jonahon.d.parrish@mail.mil, mharmsen) - Bugzilla Bug 2008707 - pkispawn bails out too easily for things that could have been worked around after installation [RHEL 7.9.z] (cfu) - Bugzilla Bug 2016773 - Directory authentication plugin requires directory admin password just for user authentication (rhel-7.9.z) (awnuk@purestorage.com, jmagne) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 9): - ########################################################################## - Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500 [ftweedal, ckelley] - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9 (Batch Update 8): - ########################################################################## - Bugzilla Bug 1958277 - PKCS10Client EC Attribute Encoding [cfu] - Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500 [ftweedale, ckelley] - ########################################################################## - # RHCS 9.7 (Batch Update 8): - ########################################################################## - Bugzilla Bug 1959937 - TPS Allowing Token Transactions while the CA is Down [cfu] - Bugzilla Bug 1979710 - TPS Not properly enforcing Token Profile Separation [cfu]- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug 1905374 - restrict EE profile list and enrollment submission per LDAP group without immediate issuance [rhel-7.9.z] (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug 1911472 - Revoke via REST API not working when Agent certificate not issued by CA [rhel-7.9.z] (cfu) - Bugzilla Bug 1914587 - RHEL IPA PKI - Failed to read product version String.java.io.FileNotFoundException (ckelley) - Bugzilla Bug 1942687 - TPS not populating Token Policy, or switching PIN_RESET=YES to NO [rhel-7.9.z] (jmagne) - Bugzilla Bug 1955633 - Recovery of Keys migrated to latest version of KRA fail to recover and result in Null Point Exception [rhel-7.9.z] (jmagne) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 6)- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug 1949136 - PKI instance creation failed with new 389-ds-base build (jmagne) - Bugzilla Bug 1949656 - CRMF requests with extensions other than SKID cannot be processed (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.18 in RHCS 9.7 (Batch Update 6)- Change variable 'TPS' to 'tps' - ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates profiles, audit for IPA (edewata) - ########################################################################## - # Backported CVEs (ascheel): - ########################################################################## - Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile creation [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-7.9.z] (dmoluguw, ascheel) - Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site scripting in getcookies?url= endpoint in CA [rhel-7.9.z] (dmoluguw, ascheel) - Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-7.9.z] (ascheel) - Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne) - ########################################################################## - Update to jquery v3.4.1 (ascheel) - Update to jquery-i18n-properties v1.2.7 (ascheel) - Update to backbone v1.4.0 (ascheel) - Upgrade to underscore v1.9.2 (ascheel) - Update to patternfly v3.59.3 (ascheel) - Update to jQuery v3.5.1 (ascheel) - Upgrade to bootstrap v3.4.1 (ascheel) - Link in new Bootstrap CSS file (ascheel) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates profiles, audit for IPA (edewata) - ########################################################################## - # Backported CVEs (ascheel): - ########################################################################## - Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile creation [certificate_system_9-default] (edewata, ascheel) - Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-7.9.z] (dmoluguw, ascheel) - Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site scripting in getcookies?url= endpoint in CA [rhel-7.9.z] (dmoluguw, ascheel) - Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-7.9.z] (ascheel) - Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne) - ########################################################################## - Update to jquery v3.4.1 (ascheel) - Update to jquery-i18n-properties v1.2.7 (ascheel) - Update to backbone v1.4.0 (ascheel) - Upgrade to underscore v1.9.2 (ascheel) - Update to patternfly v3.59.3 (ascheel) - Update to jQuery v3.5.1 (ascheel) - Upgrade to bootstrap v3.4.1 (ascheel) - Link in new Bootstrap CSS file (ascheel) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Bugzilla Bug #1883639 - additional fix to upgrade script (edewata)- Bugzilla Bug #1883639 - additional support on upgrade for audit cert profile and auditProfileUpgrade + auditProfileUpgrade part 2 (cfu)- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug #1883639 - add profile caAuditSigningCert (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1710978 - TPS - Add logging to tdbAddCertificatesForCUID if - # Bugzilla Bug #1858860 - TPS - Update Error Codes returned to client - # Bugzilla Bug #1858861 - TPS - Server side key generation is not working - # Bugzilla Bug #1858867 - TPS does not check token cuid on the user- Patch for CMCResponse tool - Bugzilla Bug #1710109 - add RSA PSS support - fix CMCResponse tool (jmagne)- Patch for CMC Credential Error, RSA PSS typo, and new profile for directory-authentication-based Server-Side keygen - ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug #1710109 - add RSA PSS support (jmagne) - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Updated jss dependencies - Bugzilla Bug #1710109 - add RSA PSS support - fix SHA512 (jmagne)- ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE additional support and touch-up (cfu) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1710975 - TPS - Searching the certificate DB for a brand new- Updated jss dependencies - ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE (cfu) - Bugzilla Bug #1809273 - CRL generation performs an unindexed search (jmagne) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1549307 - No default TPS Auditor group (ascheel)- Bugzilla Bug #1710109 - add RSA PSS support - fix IPA installer (jmagne)- Updated jss dependencies - ########################################################################## - # RHEL 7.9: - ########################################################################## - Bugzilla Bug #1774174 - Rebase pki-core from 10.5.17 to 10.5.18 (RHEL) - ########################################################################## - # RHCS 9.7: - ########################################################################## - # Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and - # Bugzilla Bug #1774181 - Update RHCS version of CA, KRA, OCSP, and TKS so- ########################################################################## - # RHEL 7.8: - ########################################################################## - Bugzilla Bug #1723008 - ECC Key recovery failure with CKR_TEMPLATE_INCONSISTENT (cfu) - Bugzilla Bug #1774282 - pki-server-nuxwdog template has pid file name with non-breakable space char encoded instead of 0x20 space char (ascheel) - ########################################################################## - # RHCS 9.6: - ########################################################################## - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.8: - ########################################################################## - Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS client (cfu) - ########################################################################## - # RHCS 9.6: - ########################################################################## - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Include 'pistool' in the 'pki-tools' package- ########################################################################## - # RHEL 7.8: - ########################################################################## - Bugzilla Bug #1445479 - KRATool does not support netkeyKeyRecovery attribute (dmoluguw) - Bugzilla Bug #1534013 - Attempting to add new keys using a PUT KEY APDU to a token that is loaded only with the default/factory keys (Key Version Number 0xFF) returns an APDU with error code 0x6A88. (jmagne) - Bugzilla Bug #1709585 - PKI (test support) for PKCS#11 standard AES KeyWrap for HSM support (cfu, ftweedal) - Bugzilla Bug #1748766 - number range depletion when multiple clones created from same master (ftweedal) - ########################################################################## - # RHCS 9.6: - ########################################################################## - # Bugzilla Bug #1520258 - TPS token search fails to find entries , LDAP filter - # Bugzilla Bug #1535671 - RFE to have the users be able to use the- ########################################################################## - # RHEL 7.8: - ########################################################################## - Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS client (cfu) - Bugzilla Bug #1597727 - CA - Unable to change a certificate’s revocation reason from superceded to key_compromised (rhcs-maint) - ########################################################################## - # RHCS 9.6: - ########################################################################## - # Bugzilla Bug #1470410 - TPS doesn't update revocation status when - # Bugzilla Bug #1470433 - Add supported transitions to TPS (rhcs-maint) - # Bugzilla Bug #1585722 - TMS - PKISocketFactory – Modify Logging to Allow - # Bugzilla Bug #1642577 - TPS – Revoked Encryption Certificates Marked as- Updated jss, nuxwdog, and tomcatjss dependencies - ########################################################################## - # RHEL 7.8: - ########################################################################## - Bugzilla Bug #1733586 - Rebase pki-core from 10.5.16 to 10.5.17 (RHEL) - ########################################################################## - # RHCS 9.6: - ########################################################################## - # Bugzilla Bug #1718418 - Update RHCS version of CA, KRA, OCSP, and TKS so - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1638379 - PKI startup initialization process should not depend on LDAP operational attributes [ftweedal] - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1491453 - Need Method to Include SKI in CA Signing Certificate Request [ftweedal] - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Updated jss dependencies - ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1633422 - Rebase pki-core from 10.5.1 to 10.5.16 (RHEL) - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi10.5.18-27.el7_9    pki-ca-10.5.18LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profilecrlcaissuer.ldifcrlcaissuertasks.ldifdb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaAuditSigningCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaServerKeygen_DirUserCert.cfgcaServerKeygen_UserCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.18//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !X] crt:bLL*OڨF&E(4n18zbE! Azj.Yk vǤGv`$T$pFI)hoiƓt>j?R4RcU )%qL-*zozלW-LO4ha Ū]/*Mw|w'~'] 3ζX48 ҍX&,JezA%/4ۄ}LHHye 2 @b=EmP2JpBIESdo$<+0"m ,Zg?l[uZh/ i]Z@$p*#?7]A/z"iޜHES@La༺ ےz<ږG8Kv=qW|3! 8R߁\m5e[dr?dO(vFR̒ݘ\w)0ۛryta4چh`)H§jB#^~R<2.RW~/^.lXƱ=uv^^w. >H9uMeUKڦgKV$Z,`1,4T .\(a~Eb/DiIlc7]>+~܆]`84ը,'3״%ρE_0v~_ҙ,Pޞi?֖>1V M'Fn/iatMP)%2^q^=#C9 _-Cb8_^vIxx Zfa3ق1 _yM8Kfz uz\Vk|MtSkF*<ȠumAH w0?Agu[i)DѲ'+W ÈMWqLY &e^|9^5㩙M@hBQ4oA I66/"3o$#]-DʺhInT,Bw6k09$ڳӐؠL׍@QNV|)P֩b?D` 0GSoA8.x9K(f31AD2ݿ^F{ L(b rWiyG|R8t:h{h׳hZ_x` ٟ3sPυ ?6> t*w8na];e{ |f؍e7@k Eae)ȗY ם+No<j:,@ٶZGyA"+DсL`M*w[:Bb uiqX֟e Xo+Pgt%!z_˴V- 7I%M44EI~CNލeLFy!"W:Hs|!**(^ `n K.O$5_!5󪠕Џ"e-_3 jek`\&6J̣# J+"EsЪ-iK8✣O#t_EC(:Dp`MlYfYkJDDzTگǪ :F&K !!ϣfK߸nzc U]:ɉc[tnsoEXb-E'{7 ?5"9m顪GXgDc"Pt?P(j~(P3t1Mh`d6{&eC0йQ< [;CV i )k~JJ/X$&흱9D.WA$ۆDuUr9ÀYs^d/*\d'в*꒓Lz -Lg [" @k`T_,SUt8 7mvh"mWm+q_v2ĤZQgIoܢ6([`F3E_9DDD%'/6%c^90A0:m۷8bz%1㚋d'䝔(稪G >#)HۍK kI= 'yΉcӏMTQ34E1‘fw.3.kcLN(*)7챘?0!3&52%7SqM en)*^Ҩt " Nk&0Wʖ=+#XlOe~)3]+֡Ԙ_#ŚF>G5M ;ꋁ°wޑA(HQK ɊZk<_$t7]:jo$ELr \Ic׋32ԕQ7tLɄ489Zr=)΄uz !lF=ѹu"j#?vRKk ɢ qj C<db7c"_B)_huq;tP0+Fnp!9dSP|&CZW +&בD. "Z=H['+{@RT@߫"4xn.^ Vaf25p`tkH0v,k} >HE~(eWm 3;~}6}v$Y#p5#MZ#Lpr9qX<7>襞AIfG_'(= aq4J`'rժVͥ_/ٜ2lR§|+bS<>LM+P8 :帱a:$:y%'_6#S?nNH6B:8Py*L˧5eSSFSNjFog}VoNB f9} 3vIWgU@[gSE¡'#Kjl>6aggjqIkxӧv3f\8sI更fUv~L `Ew\p~qQAH@(9蚜&땋K179]ϚVtF/ vxW_yZR ee•' je?ƿsc*;H%=_U62xɠ\x#ʽɎw22YX<5 ֋v/VD CIpاKdnE`EZ} -F2Y5C70b8&qNs/بC2+8LHL$m"wnB1{[T2/,MT )2K e'Dp/Q NRj&Ml_o.503+=٭ P9FZCb>CS|(kP9q^$opm_}} P^2YH7> ̻k~1^ u`u2 eIɗrQ[-aB ڪA$tNP,|N ] #zFM3j.r=o mb};BZq؋SDĩ1czyW&-7 ހS/jM(mr+![R AցW4^7f̅{T'y3U}Rߍ)C}Iϱhٽ?ώ;:zT$왓\T/D0Vfqͧ9HX'5V/#jj^K;h#kaVP'rVCI!pRx$\L}8  c REuU)5ʰ1Fꒉ%7v7$% qöI: w=|$g8Li78!G$ ֝IDV9L^eFI܁p;O]aHuU sG3sHZU-fDԊѾl !꫞{c7qtGO|2 !c)ƪ wh<;sQFk1Y*@l.U|Tb']uKJkVZ%+QHAJX4@H`des_5$|k\2js,̺.F}JG_EQlշNꦅ~XS)H7 })9<RQdwOyiiERfd=o*~a8qD,. .P{ȩ0flHvYOoHSW_*تF|Ebui'Hin%8mJI^F?DX&ret nEI)0O!(sBa>ʞTM+JĄEmQ`we+ Gc9,Q#_ZT6@"el I( @ &J$M@UGTbx#6^|DޡMMR=p: (r=nPl.A[Uib/Nyg9.GzX1C>W+u՝3TҴIK DqI݇e=_F6&+#^W) df4 V.φjPBt³aL`^c?8^n%9ZҟHWo#`(ʳsOG/PTpZ΋ZRᘫ#!r̞ԩD'ov).`uxrsnv)3J H.S=&_ȵ\"xK%f.+XǁͪDM1Ms.³c`5C80-~|T9pݜXr ,D E^/X:<'͙v0<PQ:yǛ!s|ɒء5 Ҳk'BĿ-6T`BoܫFeEۣLFIP^U[TH&j= \b_O v9v c%ù}cGxЈOz|nAቾHxLYiAί΁/bhF.ŽUqi$FdNYQJxt='H$)мԇ`JAb&4x:c@UØ]ͤ16O]Q}ߘ$[q)jAC8B6Ib,X)Ġ~9ox]D!?ZaCOWruF;y|eeWp ;dv2m>KxMwpJ)2Y]z?6B(ԕBsM)j< 8e<+)ݣ& "l(22:N.4CV|U5~+?&W'2t=0 H.G(\L}K$=0/AS/2 *^3(Ju!t oz>YG'Bai 3)qvS9ceFi-$^mDJtă XYvZ_ΜWvn)RlfUT 02:o5}ƒZpKJ7ɿt?y$ [CčK>z,h˴SWXT^xcvr[{ ?D *U$@IN8 19 XICŰߴd A³jɋ&܈Up"T9#Y˂ʔպhz`{skX6"/QdsPOzGr7WPJ3-ki^:2p1(lsnbA}r"}fд͞7NH;Mp%HZ?'M]ґMs)ӚAe]䛲\>Bo-oE@Մn,-PUmY^Q/wf[+ DVM̢G\f@W)^9/pcӽRvKjT 1۳ORX"u?l/GiL9*Cub.FGS.m(US6I_؈XWPȽa@i8rr"{X՘`mv4k#-F)$7X|(ѭH}[ el~a.:|+Q2! `r{b#3|>l> #I6 shvC.bG s9G6oR=n\M}7N;#RɎzbq5HGþ(ͦRQh? RO+ U(&a#enVӬb9*yv;ji0rFyS`.C óͻ>{tG?5pi.IAxr d(,V;{؏{nߊ•v){r& q$`mO`@ٔ`p{vF"ᲙeWncGH _+{=bER/1ieb <tH]:FȸbLߥS={o"7#~h^+䐛Rͯ=U8T/:_V|Vp{Po:`tG$O++{155: Q0xmrHjF\{֢3~'r?6z;$I P)qs+X!4 HdFOjR%AaLa,e!>GX|p%̚lZLO/+|6@&ݴ'HY,JN u>5ؓ: @ >;x@Eʳ?ށZS2|`"*ˉ֫Z/&bƳ+:S"Axb`kQMC\ҠC/@ն6\(Ԡ[hgz?Up ` Za³Wm'hى8G}tgOcAdjOyKfPg"aQ3DZ]z<}UPiS;X==ŎAƭs}iW` !;)=6*fFVXo*+,j?ޣ>\du!TqJpо {xOIB\%SR5Ҕ ct<ǐ4:r']: JYkރ+,XJbIqUfYq;I:*yl]oD55mb2..7Pס"3fz#2d-mjz9p$.A[l_JKd@yV|Q-8;j 񫉊=QlLkV4']1BьBt{9*ޮ H30%]TEt"v~ڹH?cq~ &r/yϔ}TF(ts!DgͫUc<\G,lœan`XRD2=iJj*{P<5sl]W;!IGxyql34A.d{%Aʥ"i`أ8(7S0 Lh'$Pr\ đd/.`ޭAXM;tYq҅*wRGmyU$5h+_֝ls :N^xHKw2o KOgaryK ɵx dQHR.07æ; Pp>&F1C/Qz ǡO]} )=VtYR5oPyw~jջROv:JBy/HsSi54J >Jv(pX9G܁- F`Ju0kSR>$JYO(aJ;%.}wL mm? @Hyʩ1RXIȭׄP)Io8EÎܛI2 $J a#`$ .o< ge(SqJxNs/L|bv:ڽDP2U٠)Gm>16 ֵ9XJ bYc5i:ctHȉMԀ| 辌߇굀7i6Bu{ džUd'~iwX?1O8?w^Uh;@nRuܟZ4RI&E~OSo| 3sXb5W\|L4 \=|1Kճ-y`h9 0ib\>y"/iOT;%:ߖ\k&aq|0FlU. z5^in00)Il%SΩi h!dA].890$0eL : F;> c%w8r+Q4͈maxwJb8_>H[u+[ummD/>w!35ēKٙM$iw\]D[EUOMcv u=ԟ2&؃adF̿}hנ[ Z3v#-THUʍ˜ z2stוn^aKWĉjYP,](] 25O-y^N%=l5ᇊ-pa kƖ彳#kf~KfCO+R6͟+1\G^Mɣh]gS{z9jˍ{9:g-H3i?|៱{5BT^ߜ\iJ6m> mumF}ح _jN1,hRBlcm0⣮ڇp)7uB[]Īϕ|%zJ'! ~6NCJ-:wC¥x.F7vD"d2TF JI #,}\}`UudrأYІQ^t"ԞTWz< &1Cv|$ }QhMPshҪ$m:]`bmT{;nAj59;;p3.M(9 Ěi>֦Rit~vJ&2;a 6qU@Wc3n2F=aIFZ %?|&:_% @wG\vIk b~E4*pB~R t }7d2r/Kk!kF"fA: *n(ïqֶuкIa CwƂ1 -Uuh2?.-352#P0XT4~|IUe$n[zNXh+@Lr"ִ>P=zC6ك>3p g,SyH6djqn0es2$lRRᶳOœD?'(x򳥴U˓  }n{PjכT凜4l,FL.]a(s#~ƳXhdb‚x$$ȱLˍQ*U\Z/~s*eOy&NC S~ܧR֕YZòrX}+DeGA#Jjq:ic#/Y<[+~GڇEv{1 ^d*C: ;W82Xar%)M l~"g˛t3m3ROUUW0ɎbUK{zFnhX@ Э^paQS^ٰ=E{ScLXHH?xF)2Y )͘%FYR/٨gB LXS7̛Px&y!qF6q#64񳪬Gsξz5t[Q3sa O3_&bmV'D)B&R_FTsF_Z<7 %uKsBI{quݲ@}{L7rK*; b}桠LE"?q?Y6[.Yjf¢ejV欇Gߝe]J #ןa+#&,ԡS|D*a332DJFMhg] y-Xr PMzٵ:o\G}/FY_>2O{'Vg<.,ED)f/,@r-bx^|x??!$-~ߨYjP%؁:;Aa8RȘmA-)e5Ja߫Iо{Rx̚f.ƹIgoy5!B'喱& o5TВb1!f>@'nO|>^a4pBcó:·eLu\=9|(' j\{D:{J\CrO׶hbu\BN 1 "3?qkWvkMOaS㵵D֥D1CHd`Ϥt?&_VJǞ-Rrt ,[$$A k\ >RmqCD'w2L*[׵0D*Xꌌsm UWf󵌗:\ެ|/(>962RdNZyJkL{.>+ɈD -Vr(=@fw2dt]52BBI0$3Bš 5yS_v{Tfc)֌zR<=uVי>8G?>A?2 G_iXFSIt܁)ϴӫB}"Gő>^m*)[#UnXJEcBR)O7twb r,Y>-{bAE4(bCq(ߜH=ǹxQ*be bc]gK0{pcȀgo n*C *mD 퓤Lwm];;2m~2 m!c`4Y(j^VBS'J껯@|ZwBnȽjm:f>%ñ=eFOH|Az$q̐8$-(p680f\SDYL0' zksd,i!8ev6;E G,)4ʽ?zgQP1ek:Hć-gE mPn ݖْmOݗ>~JU^$>Yޔʉ1DtV(ba@Wx2ΥGHX eRk:zA;<ˆo] 6`N8/By$Z0~ .3z, +%6%R:u @FdO9+nx~K]ML:g zå$~_ƌ*uWbF1k-IR'DyH!A\=lcțIf2N"h4 1˴4B&\.uD'aɥҡ٠EYs:iz׶#J||V/Mp|"`</XT%?0fRJƑx8P8 Z.~R!L"$zfCJ4UnӓO0Dt3~5xtD{5$vf:m ͻ˴ԛL \פg[3>du?Kɷ|cJibT"elAAf&dY.`U*d=#wտn|'>eJY,#HC~BM>D݂n?#CۆYؙ,|gW8IIlǘ5jv=mPxJGBz osZ-5]*Y@ Ge 6Q٢<$#/w$ڿugYX7ZskNM4+Taj5ݵ}wSYz4gA\Fu!0!gȹ$ֱ9-K!49O~)>cDCS^X%hrNdGo}i)=(9|Ѭc`-OR}-^S#%.:\!Rh^V{NI9Xȥ2`zrf)ď.Y,xR}/W 3rV|+ p0xwg?HwPt.{ZG&r^e\2DpFHI7@׭4QX4S{Fvc1*X&dOC ڵ~; ~Yk*])F}]P #ʟ5/'ʦ8 l* ˢ\&iб,lv 85S n(5 be>%;;'f<`dk`UPƓT7o&"!d.h#}XvnϢk36 mȃ"\]t %F̍R8lkdQ^FL:|KCrvt3\2$>`cϷ(U-b_O끀dFSsVlj㗜"mM&%v ? ZG^~`>LDHBgz9ݎ#ݮ 3ZU'Z }(`EA[jkklx=TB qs,F$>j [7$[`If`6LJch}TGr9.BE''D? oE{MntX|"ZQOmƝ$TxU焌8&zaEnND Io>Hel֡ux>K^D4`-ǻݰwwu)4#Ό(G|gXFb(#wO2zɫZ]b4zJVeDqy mBل3- ȍ8K/qatSXNYl ӟ}aw>*@B"Vͷ p?]ܻM"Agm]_d ]:֢1 J*b]I5zD xTݷw<  Kz<&]OD`r\nwo.yEFUX˼ƃ,=M>UܑnY۹ )[`~_Xw-jMomhh/%*n.vi#s!!jhSn%JIPdo?V~bɅ~*ʧ\N9LE +s84%]S@>ӟ8Ϋ za 5Qr#/I-Żg67pih `Y@lpTG8|0JܸDҿSGC])Ū],&9CD=@ %{N*.5NZ#IyP-B0${^BpiPVƔ 3t rAz3[:Wㆭ>C6gNTЃD3q<8V g<'4rR+s16Z*Jb- ^%<v!a1^ F'(id Kx|zIDY(Hu&2YPoSC>R$ sya '_{MzxM<J-zVqV Q[-ʐmHK-]HJEm@S׏]E2Mv>˄ѓpvBTH;-;vDja`:؀Wg ҺV*QUFJl6C4g 32%DCn7u .Pyw6Xed>*_ubѫFց_{_i@UB}?A yj ]pB?@< p\FGxhJHo4Au M%$_y7WŽx'CUn՜#v&Jы^ C,C:az?9{M;vE (S1O/r+:ZcuTHC0vXb ZaEm4  S3 K@˰|DbY>V=M(b˧=~Wˁ08=LV=Gv++Z5pIs;Cq msrgufC@y0nK;NPP[ feENv 6f !b$r'q(QA:Rq|c{U? ^!{B^؁ 'IvVˉ$s[ҷD\՚]&@%^7]!B&GUccZdk5SMXjXinet}!tԁID!v;іwG$v(f %ִ^dhn>`t1ᓄF:9Y}WaPG) VO/[Qs/mO̾P.gJ"g-{ ό&^*+ Vo{\pCR|_ 2'j\ \_w>2d\Fܡ>c9 kKNg2BgMquS嫬V0ܰ[j:ma a'헿% OvDY&/n:ʜe,WqO(W(ZQ:{dy{TVqleSd/y kD`XAešyZh˞>wwΗ$]9g r>ODKAډz;+m>%~]iW1㣕7n+:-M;a7P=V,s=Qk/ 7uXhRů6ٻB)62?%B*E2 =iqU RKr)آ'ƙm.t𸲈s59wKΖ) |#43Kоծ]!S&lav_ VA54: . dK|O ЎEZ ӊoV\*'7=2! T?⌍Ԏ}[vgVUPm9}t*ij9,M9ɉuP jT-+-Xns0]Jo`Bѓ/@I 4IBhՎT廋V7:Ă13 { SYuxp_<k əh8z/=@ґ'|l0*{H5o 2bnSՠmj;!]FcCt b,̿ rh jvl8!b/R$@( }wT]r,TWRrvАY3>z-n:h\9C %&I T}%o/[ܖ,  :. PD2lˬif9*v@MZow@)$q4)aݱ3&+'^= *,ߔ?X>_<&nLBر=y_oȎٙ|D4Yw"+(;̶ߠK]@eŪ-5Nwd@6t{t@K>/ҧAwcVoeIfCu-)L;yXZͽTPoJ]@~qTQِn;Տ |I@D%t hwj,K%^ṨLF>7'{ `D]'ΏkGj&1\6ct1nJt/=sdt1Q^,JPpWr5\*{Jbv]ɥ}4mKKMq"=7&V:$:fmߐf jH *a NjA8 ,Gc,8NLQCzﶟeiiWn Bu /Q|RƾӘFx4; -o`Y9Bٿ mAMJ)3GG6Wy缹r =d-4wRC61?N9Uv)1̅Xaa?;#ȔF5F |tG?=PzĨNQ뷐MI 0cڥpԤ=)ZuJa0Օ&Xkf؀w6! Wbe˵&dïJL74^D,Kqѷ^簫V_շ!׷` n趭Y&*\NgCLtj)VQSUޕ2wC1~]۶a3Lw=+O0|fd__= EW!Q5<8zrLYs5SJI7*[=$m^>߫q*fw`ʐݭ")GN[ -ň*T/Jɼ7inz՞@Jt? hFU4ch`Ñ< d$;BG"J]]cz_~) hIi6u2C3lXY8e4 wNæ_)٨Q"F`D+ TlMp}{xోz;wZN|)'hE#JBºϱS]r0X^2Q.o.z-7+̓?nJڙ_MrGq)97u 6jҰe[VUoUVOO@2"RQMrL~TNR]'pDr"^9" Au`QmŸ ^. r@A|0Pr5Fg]ȸ BmdU-)(5[ aS>wF~QT.:ԩHQ*˪hUb[qo1mxZOZ52;9@D3ݱ7Rr#5hIX/W3%\~֏'wu|Iz'V25OUCv w}jyڅpȎbSkWBTh]nP`'{Q@bB"+۶^ i^(7T;Q-.: cW]aw8*XD Q(D-JzY319PU;w8s!QGN_8aJn'9syo"nՕ%B='\r(ufWo #\Xl#&u6{_fk瘌!{>N^Ro̓3vj&.Ar^gZ_×4,<)+2޼6CT"/W9ɝ=8UDx:2s-,(sSU#']E$'QnڣIȫD|roFNc4;"d@H>P93[ݷхQb4}  g(XTwho/G23P@  9~a.DI9m2.gv4ͅ#:,\׀8"ӕmm#D ^^(A fk:>{CLj:0/u2gR+ZΒaLoT65 n\-4?jj ?H"#? }Gbzϟ~q;0ƶndD^0 3w,!/}gtOhJ,2s3wԭ`nJ^Q^ dS~@4j[rcj%x}Lt E :2 }GK ^Ub޹9 +utEiNW3;if%+27:+&CIzZefP.H-"^X@jJ8kzF$DYQeR#,w͕60K|(/| "lO%嬯нފqōW-StѢ)Pe#*z |B&tSr b- o/g&&<ր ǰBFy !D Ҏ%4N з i*H"glPtܕq~Tt6bhXEx7H!Ãm$>dO:6B K`҆`دOHzSc2e.N<(Cr-7f|Q׫4ٔfhOQqg 3:k/MsXz%MոԤr}@ T'HCہ~ A \_.e=J~2Nr]DsR"anބ.jp6.]ϔqL(_; #I IJ%ڸ枼-ݜ#O?=E>T~gInPAԵ:HRG$PߨQa8A ]VǓw}HzJv!f_44FLZ dz! )򗴆E*{ݸUܗ PX2)G6pŶ:2VslC%hV!~Be7'ݶin8k0^V-'|c)[0lFx{1 Chw?\zڶI>C Cs/fp#IX@׮ o* &=ǸkJUtj /&TjxC@AZ{\o_!^oM^sսiѼ/*d4YN_ó%š#"Hu?УLq'Q#_w\a Z ,PP;]zS8@?~E qpsH0`@wu\s?erx?#Jh g/uv9Qxa_FR46)=v,P/ DN<2۠r½ğG;^!4u g_|EztOŠ5G$@Y ˄C#ilGۂ/ |4}@/EiR|Jc4 tpKFznG}F0. .Fwmt&3Mc낮# :.PL{Q rgo۠PM\%PJM"Rja5<a>%Ϝ-W~R(svblXɤ5AMz*> C4R(umOs3[i THeo"3c{\.È/d]ZY@ l"Ƞ*FGOD#MK,yz,Q50}  6'W4WLݬRjRoO;H$ ; g,b-NXЎy& ³0;ЃwFJ š1ri‚Զ[)~߀DcOge=Cw}_&ȴuPZg͟˰Wr"{l3,pԯkbP< duA7/n-;`% :_>C%=b͚O~c)1#MWuܹJ)w]c~4# Δ) Rd4׎y{{ (9&H,y6^:=[\2Z;i0_9x(cJI*Yrr$B9k7kLlzlxЕ]G-+73=۱dN=B|`Y!4͎xҀ1zQ\r/4@qXɢt<dfMAq ;D[ Wy3I2RopjOSd%sg M_ҧ{ZMhR2.HagdLrsIG$lf7i0!Pۚ)* XN7dz 6H| =G=}S*DC۴L2 p/8 RZyIJܾX7^F.=_E6 jYs|cVDg[UN6ZѨO%aZܘSTZȴ^uPXDp  EV%!uS'|aJR/P 7}_3!f x2EdR^HOo fz£A_@9yfn`{җx}7Og/ u"w]#z{7,9# rPs@T{{(Y*`.i6=waRv? ٩}9욆sZ~WMc^c ;WӺ`l}`ݍ| V=#q$^oɍ )f I-]j2aDFq𣾀Wے@!=K)hK@|gh1Jу|c%B61wᾝ\ot͹Ś`H{=RYuN;I"޺+x+8Õ^`G{t3?`"jdw4pXX7JrLY_'708e[mG"e|1&]aOP؀> jOV,X9g:*1I`<d1wڛwR ޷<|s>$G=i`Z)&W1.5NsLW-1rN^Z^ـibMu8E[_=P1uoWѮIYS>A#I-?t&!(T\fl\#6.hg*V$GW\[X_I+<1I2?ava8B #gdPۙh;Nj{Ak^KNF ~FxyϺחk37DSL @Y:/kNu/0zs7˚۠;!OB+M{1)W~jY41 Ø׉ohJ,PB-MpjLfTtYd@G%*pR9QKN@;a4TPo`ՇcaЇ-:v`K2VVM`#qpJBD>.:71ȯa'fTՋ[ieB;4]{C:}*A4htÿϚzg<6{X2$>N/0GМS$aGf\BG&=߿"RGa2A5NKfWJ:!OSZ`ay@@R$d`,\#ԩ?}] Ȉ05;kFwm ޹NJ;C3NP٭]!tCKO ,ok:qtJ+u9_^-9[TtwTO ;!iB+/]^64HOۙ| >,`e~D]$ uec|x/0ǰ)9.b]sGsiV]*P :=$ɘkpBK!CyS|e<%;jseP:d?(!WcӠWЩL:=@}IVHO5 fy`seߩRl4v7uu\?lm8̂ tTQY-wI` 6Vo ӏ%8-fB~zRIA:妈Ug:g12GH ҆vkڡBe%}sx[xq#PX/7EmGJUbԩ+" 366 zbAJ'DBhg}_}5 gm@VEqڲu ANngkt]=:֫sϹm>51Fu/ˤB]q vz7+*cb$d1 T/j-͒dG[)/ c^@i#=h/zNTn?P^FR92CQud;b`06X zw,N5md雊Uۈw'.-X˙JdƃrEg }m ԙԫؚXy-|ECIC%A~ͪʹ=.*C6d qjZ@Y{?QSxuk(iI3P>X!W-6Ҝw;~mig17-&ԞCr*rL8p׽LQ| Bq"qg}y7f̥C|%/JRjY䏕j| "=,hba1Օ!z8SKnQ\*_ dOl(M7VH6W_ǩ/bt{^qܓ1GKkQ.h쯱#lLq^s!x =HJj:U~,RX+h8IOS yOo-|Jl<#UyM ֳºׂ{mKXnBp榯8"77M0Ub.d IGօ/rx Ubx3>-ډej!{4A ;9Km!t9ˋ]#Knms]dJ{Fa,+{q,2;˴\."($X { j%"Z㖐њ1]Ud/iYf`z'61J%ZN3Դj8jqܙĞ]|QghBt|Ci2gs4r/VbCodmw:_=pi1s"ĩ\յ;TiۨTdfCm?oBW]BRdreŬd R1(2NOwL̀:;:|g.¬ӍF{^@}&5\!؃kfHT=p rS 0ƢOڟi%۲q!e=r sn=*.ylWl7Ah{/8f1&0\ѝ)Dދ"\]61QaH;Н{&iCRY k؊KǢXm\}*ϰjV|_4jR)i 3 &/9Ik 7IyJt|oOS,Z~vїЗ@?XGj3`֤miD4Ovgr;'? >NTJ] +7kL9e/5ϟ/:rJdԪ͞E=㢝I$1@[!/*.rR=++Nʵ}uoE}-N=S=#˞O+äXل WFT om,Z,1ԫizɳ$}BA۴^cp^tv{8N zٜ:| tY]orԠ Gm5Ό؋]~fC3GvCF2x7n6l^W: lFeĩE2ts|X3cbE:I.D)) 59Z,/ <1~ؒ P"4V{HL8:poTTܵD6 :T@ȪΙr9Ԅv-+r jroN9fq[ +,hE3j䤩Qbsrk&2BcUXr|cNvne!0F{`o/#txuHOԬe ֯BQB];,iWb7ZY2W7n908;Yͅx$Ws|@~g$a,j'\4ԤZmɚZ1@#[sJC4Hk`Pk;: o&m]-zfi tc'd.N.6 >oh?2NQ{o<]\MSҜdåfJ$-i"J,:M'ޞ@č`.-S@'T ouW+ݣ}0xfxÚA$Y N("J̈́lLE&YP;۸g%C8nfDۙ0$+~6.Wu[/t5Q۱+;xW2 w.Lw騪9h]L"Ssi:<9JҖawѮ85Bٚ&pI+MNTS3?/#X!s=tb.5"_K?EY~nĀ9tXqh\#@t)ԉ(-ݨ楈{DZVvF%mt'@rX>m%n9+juSzЁÍutcj(%gO [<|XaHWiLhw7AךWf6A%|V$J$/@gmAp[ӲBa3TN,5=_JYsPzZ[A"\l`-eZ|dUBܚ圀Gتrt"?C"M&Qx܋)Ղk_fs=FozN$$Ҿ*i.`7kI)^Mrxs_E+u6R6˅{_<Z e^zԂdbPwb |&`D}#)5S`t8Y)`>0MzKup3@a]3ۀXTcmО|Hu:>/k䳦0^LP {)9듮4uo+LOʡ?ᡛ_\YEb!I$!FUD1-i(E8if(d20!^p݄{_}4@=x.Qe0ǩW~y @VSNXQ dUaHx/1r f 2u}n3hA+Pb sˈ w{$Fֵ#wّ (X~!irpM AK P1ьK ?vfZy6#(46fs>7kjZa%ҥcET }ӝ\tr]ryd&HB['.GpBgg،Yt>`%#gTF$&kۮVC\dW3p# hew>nz=G-55ו0#nHF=>l@=u{Hr*jNqCiD{nNؖgÃj)} bJ Qne{DtV>GԟX_ϓPDmYѪwmp =|"ѫ] keD$AhNDylmt뗒ƅ1JhD仅G5ÝW^#;+| = 9M U *ҳ%fPh/81w +%;һ?9M.&Mk}?-ͫ1&vn}8b&z@Ѷ8B.΋!`!ܹߵp׼ S>nP럓!C|u@';^`)LyTȑ );Z7_P*oؗs>4(Ci6FQj6L?W1қ "U33F4 <CL|fWA[̩YWIe!Tr;ڴMsx/%SZ1E#6QM~.I)o:z3I7'#%nvOSCIe]C&M ;nJf/Ƹ/F" щ2! #9eO ]Ӳű[pg lw5yu-_7=.lDZ@MC*-7HDu`:Y]y!iTy(lXB7"•VT^&~x_,I|$BaNy0-LG)V/^뷸c 녏$RM) |H e.3GdsdlB ]3~Ԡjzc$/d> Q*LiCt ?E{ƱqAQA pz@)3[8IV2sIdL %Ǻ4HW wұ>t$vZp}#@[Y4ElT*"3:pMza-1K%x6kqaK=Hޒ|9䉕&ļSFmP:+>P3ԼS'G/]9z)is}q GY{Q`Tn\ wTeb)ApOȬ%fc@vݷo>VSs$+}p}mCѢGހcqs՚.9sr#:W`٢G";p-WsBJkS(o,;sU5/WVF=^ I;?tmZ!3QSªH@hVc:@[Wαsr" ؋EӗȾБ?/*dDKN+׼U {p]TjS2H79GjM7Kl|w#/Ǹj+C8͉p5)T.S}e tϴP[\]R^q/ 4׾UGvHp{1$*j։5}_&TS+J+ΰ5-Anoy\L Ћ$J3R hZ85,BW &Q=:m8 Q8$չXU0rq6x98 mL?@[>k#NjGnTn.{O*-֥*nAng9Ekf#:6<iZ~4Lh/$NQ&E3&*%Qyygh E>.[]"ݮCS\wfpוhiW!i^d7douuRɡ 6!w%IbvJFMq1d{boaq-T9w][Duy2^KճQ% ?JJjHvɵ)AsJ؟e!nF5ZأyBeJso$FR#̜Μ֑j_µq{̼/n,#@xTzSBcڋSc04|F襁\GT ׊+MR<:Q^১wZz roZa^̼">l+9S8p}ѺCxŁF0[\'Ec0LB6M|ڢ.ҥO鐲%o0"rӾi΄^cM_k C&oULyldKz5LR{fQ5Y>eF ,o=*U|p1J6.T@`{Gb_3P{9lH<%`Qi8-9Ը(Vz)cOЧ(Ei `SnIKx-pP}Ğ$cRʷ{b'*0Ac葩ҧ, t\h'FƽD8:sٹ/2 i+JS#}z1>d_FIMI*:\>,A.LpɫH51t{_XlY2@'+z{酂R˨XB"^}>oŋ_AD캍Gtz~:t+Ֆ*l[[#hɓ{Q$Bg֬Q^),a"{Mu~zk ^=)X Z5w?CդGGgfۗeW.I?'V'Jt8-9; 吝Hn͍Vc)jA#~@U=&1ca*[B8pMCC]QJkdA[cW҃ ƒngZ" IUYN #c_+6,_>B[+J&m -i8F*ۉH ёlY`GcI+]< 'pr_QFGSīTI<"o:[s 9 M> .,1+n<ŰuW6Q08LPRFu6|nPK 4u@_Yp*O@Ӄ N:7 򕭬}dJ%M}1#w=Ow\dfW:WP0mx@! ;giVofCvܘOJdX*f4`; 5jrۧ95)D|Q (L*1]23:&VDX<+Qv|PZ{p9BiԺRv9!"O~:)Zq!grc%"`ñX}Vlܬ7Or 9[fT졦Y[i ,!0}2bz* j5_7ȟٕYra-7 YKwцRM}Z)QE g䝺H4=;!)H r1~> eTJ[]2DN.0`L$,P L^{22KU ʹk[m/@pz˰k6x)C}(X-̻'>?Jj6 E/TtvfZ/ \b*JIXz XnM=ozmoi <ƺ@1eUsȦ/CE&g2(75ƈdѹk}$vddR3SNJUbO(g(i?ǀ@pSo9daԡ?NG*ꓺkHjbGa#1 g|b!-RGdX:!qQXwph,Y€\tGUgIj*5\6z[ޝ!ߦETUz]bOԟdlJ-(N106̇'?]br\%čLU l6Y‡-:Cq5?NbE\|!̦ΧǪefe/B0"I3mًĉ1zq@)YXEclLX*}%Zù.'*/jPgI+o識jˊTO&21:AuT.(_yX[3z 0+yLXs 1sȷg&1o1鶮wMkq)ZrR(AkI+cVq8y)->.ڱ# '/uu>tJF3~_7ޯuv 6!Q՛Y(8r!ʼfIٙje߄%$m(6C+>ϫIg+a?}j'I40jʮ4j<7hrx09<}r~K^uF@\",LA mgjxŰFj |:,geU=kVBA?~SzbںjcT"o![ ~0|BXp?˓@(z(;ckFꕥΰjn>p㠤c,DlEa)hbT*'>hy]f[m 3׍咹7bYwU f+g&bf1 ڢ %W?)xUp;e]G"y=Nks@`Poüz3b-pF)5CZev*e^_6ɎBb*OCvUƀ<€n/chڃB.Ua3n@҄k?QY &HΥr0iG3t_%1iT9yFۻǤMy;h`G1X)b%Ta5D:}uz Q?~jt!B]#w^'l߀QrkY:T1Ũh6`!}k -ლ4Үw5\&19@>lN5z; e7nW C4NG@cq 2=34T c&o}y(6i mו ;".0ޥazI},KNbÜF0,a3XFDr%B%ª<<t2?UxL֩}}fWFc|E:Yǥn dSTt' T%xW`U@/|Ũ-eKH,I0̪q;֐ꚆTuŃQl΢؀7.NʗN~ZgJfT ,ߏI™'àYV.;IHcS]vO35=" 9?]5cHU3T^I3$XP#:lS 8{cm^B40V9Lus?݂ü |o7qAN@|s؎*oKH?H 2#tdr SRje`y\ӆ6 锇.Mdc6>\)+dfphytBUOk-|$*0޴'v]1 yq| ա Ul\B~Uĺ 3`/r,wj=ȵЇl% )]۪ &J!QCaI] 10m =Sk&N+4ZFa>~oUE7NotgYM' #R2N@%aq]6㜯J;O\١ q);yA;u[܉l'LlmHM\E94xa_c,,"u⼏7BO:ЭZͻpfpʓ-"ז7ƕ7(ZsoieGr Rh"JjM3YsIA@vo_c %-V*"~m{zFO=D_ba5e,^^!\o^Qv7,5rC/`h:#(<J^$BXds[١nԛ{)#=xxgu:؊L(#ÄN顨n*Č1sv &Y:>Fk}>[ F kw:"`y7]z{xփ>fRKlQ(]v#m [=dEO!,"q,1i޼ xsAj*xQJ2hO?bi!3o]@77eB>X=m.2 (^8䭧׭ٱ.L`'X1~U+cM>*ùI~[pAr^W>MX>!~K]m/V3}WaXqIY+k;uޅbGXopqc@CUy%da+w Y=1t8rrX!,35W ZPԲ1f2r(sn 3SxboxG%s+я/Qt`Cˁ>**'~tx\Pz>!ou էO} LD/T3hI 2V" f ҃BHo*S*B-xJ[rRtˏ[Z'ĭxs~:⎢v>meWc@l`$eKq=yJFS$T4 uD[aEj]e`t=M(7u{D1r~rMvkL-?Qü*:kXWN\s H,?,~qh<|V~ДKK36 uot!˙tck_#ip~o|?=iGOJ&(hѝ\MP33.ڛ}U _-dюA bYKx2D>2Nscr5[l X&u*][1 @v b=p/q>.᷏o*Ns9x̥€=:]30 vRcp9^vJ!e.XQ?H{#ʖfHu {Fjی7{*Mv!|5P !g2[ޖ̝5M&mӅ绮ǂ^}3 .-ѣ$E=oȳl : AYC98*ƒ/٠~ 'mضs3:i*@BQS Juq(T^ sQ,494Sn.Ħu+Xd? io}=NOjAdi=&ζٱU6E(׍ejSi>8n46eO`w?7'SO<~:_P@_%۞7D47msUKη߄ՄA;(: 4PH0Eq7Y a1 +H ½C)YnWJ%[K $8:NK3+\Uӟ:;UzWdo@Eyp'<.Zu11Lq\0E!lخ2y ~ԋH KTy)zB y;$(d]fǏOv#(L#HHjҶAs噍B4 ciAu&PlCٳ& T wE1LH< Um*M<<.lPxGF3\WwS EOW r@RthLVS`:b14{Ї. M3-T"62YI9[qu,0O;WKDҢ«Vvj&@Crb >/ jPۯ_pyxT5'x2*#b[W7Bj(F{qlm!6 k=0_~Q|}7 I[bx, q=Tt{ڴOH7Ed~Ͱ :CU4nj=QwS~KNfD\frLdjtPCY8е9![ qock6bvHށblwI>?JN0F'_CoFKݬ9cTG9II f7j몖mۉ ch[ڤ]o4܊Ш^Jo}E Je&ZzΦvTL UqG/UƇ [)R$']jsDD6;CЅd ?;)͸,B*nAMveᝍ,;A3 WRzQ.l?lrvmqfIxw|Pb<<sz[I)"GOhAdb(H]3 3e܉Ҹ6v(Ghs |}h!L~~/21#eF̋aO# ٚga*Lb-c"IKOظnէ=ot,g^taHOy{KM:rPU ɄɑvΒ5V8{C N;[Vph88v M'`&Xʤ3_?pIߋp!Ow5 |? kGT]Ϥ>7wʖͣh8| O"Lknv^<2r]43<檒8"Ҙ*wW-:cGfخݛZsf ծhH]$vuVEsӛ -[[sA[vIj.ׯdϚpϲesy +Am 1\= { N*`Kmrl*`ɇˍBU0QFhEI_2\nPKQ~/ӮhmPı0h2lD Q7&Q9=cgێW6 ~4U609-?4-g}{kp;4@:0@45aATI>t",;Bp.ɑ`zę~u@ARWXLgjdg DFD!#Ex']b WNf` U:^U $"}*w<0:Gзr%~ka@E]_C9[gŮPQS')rgI!Fu[Ff^Z$W-ᐚ]p >;xU~y퐿lLZ-lQѕ'^-:/EuョBTRܰŸ%Q7YJ CGeuwDB+ 7MĮ C/ D*89F˷%\kR|%BWҌEI9 oW-u-w R !߁\v ~JIP_Ft4ejuʳ85]+W De^ vf'Vay b_L9CD)uK;+VY6%xX 54qC Ġ>M)*ӡ-m4+lbz2`b){Fh* zMqzakP.knsP5TNLS`0UX $vHxyCц$Dv,UAܚ|b;z6o5Y b~]@e#;ԇ ZD^V$=٥sg .-naY18Bm0LVgi~6n %lx, tBQP+".hVK.TMԧa6SZ浡AS=>Ii@@N>'rQ U.:TtɍVֳ'WP^x+ a !A6`yj7W]w/1ؖr1B&Sj߳B#jj&J'"@ >Me Lܛ۔ZdsjpKn-/v}H:CbJ3(t AW58oR$gxSfxƞ*ZrSa#DP=:lVG}+{nIf20Mߜ=SWixs e"_ V1P-%kfw])d1:c'VeW1J]Z栲K Qm)Q8bVڜY}o,ePMjb3ILb/wIj-jl!Nوp/@:o5=`""x S]ձ~ocͅ:՞PAI "VB=G0P)N'V LŐ{@\cI땓䧭ٽkAI*ն9j"T]2qsF`7c{vV2.ar;6a(6;'.QO:bwu3= swFF]YX> [CrntF] (ULоE=([)7JjJ2Tm<aZp,\eDFz;M"8?KXR=_"XA'(X,%nr5\;'y8AdDX&]wv?qpJٍ"̞K\ U⤟~D`Rbڶe~/A{n?H.$`ЎlnOÅwayk{sCoމ)U xoWڠ.2KJZe]XUV0tvp:}uq`Zijܰv/_F_&ؤ7BWʼC鈏#b+\fC Pu~6"?{'S "qG^3Bm>@BMASUuu) P6U'Ŝ#G2(#iw;:p #,P1It7bXӒ<ɐ{U@,L#fM̌&ah䃫FX{fѳqB ."kz'7Yf>EG "CQ )^AA@N'3@[՟erNocsF.Y?]GEiګ]ȾlXNh޸-SBb漜'm5D`Y +ȥ/5 k %Q슱}bC>(()!v E"rlCw4qUeQNŤSOt 2h.jCvQm)nc5\3ȉ"A42?ʲI}e'qjƮUR]Tn皹N-j,pkB1<"fPax|ΝvegJY Ma?YI,yK,x KtPg]ُ3nQ'g,;ݮ2cUfB(9K&ͷh?N]od˭}!fzd$S_!Jxƚᆤc芜SZ+V;} 3\e˂@YT{mon?bdT>ҡ^@I+?P6!vdrmϤAbJ.)J?oUэ ATUs_0 2b £ϳ^b m :.'ЏUH\bW#sb ^ѹ$mƒQ#t/j-%ѹkcM-7HhD샸Tٕ6}#C?N@a+"*2H!j2)%$(LMdLB%tGI<<naJѪx%P^[?lϦ2k+A#w|x$!k2'eQ\^K$ռ8jchIt+s!Fɦg xu-5$ᠵ˒H].& 0OMg+H|;G:m*\Gag=9ltB3 R(^dz ԧ@#l]`K =zp*ktnH3v)M>#hgkd%gIWzZMtT<,EqIs)N ԰'v2"e2S$:cC<%1Ks4teI=t.PǸB^Ԡf*ZAR`cVUrl#R;k?_>v>p@Я(Lۍ磹f%'8j5abKF\U*"lJ]鉷 M"JAt#G\(,4njbܕ/~ pa rv&"W 62vWC SE4'bYSMlDLME}+?k)FBJ }C:d;Aͫ"h%hPkfA(U{7:Pq] c b(:Wer6z{2C.ˀ`c{XOjɘ|O1,5 H2vO쌢lm׮P ХO!.r .ӳ:gZ;K~79.:>LnRъ37;hIl] `S,p]#9pð2SJk%솸mnWU=T>Ȅ{W]<]HN_(>P;F] xRWxd|ĄD$_'O:봰:9 * FERdZfcpp (Fdjz !RU"i㏪  ܨk̙ "[-M6 E~۪je[ R|J'$H|q, '9izt4:+dfi>* dT@hY:w*%[/#fhFnb}W<}PI-$^gnݚL10t0,{cϗBLhjNt9x{BʹG W/.yݥZCO_17}z)nmY2.OwN)ddQ!߁Z(Jg4K> *V/'EQ=- 4`zwoJ{1NڮTuJ>1-,lTOvulvo3.;UUiHxR;&OLcY-Ү|a\m84Al&E3Y u2Ƹ6$ic›"5x;~/FF?1X(p_b$3v *ߔh _xsB|UDaK5 B p,4YjwO  }d1[Dœ:XY0pGgΑ=! HlzpRh0(ų{b"$PaOC=pJ80Թ$e*PyMs[BR<}goYS$XzJ1EPNӭ:+{ޖ=^ 0RS ?-ۡp9!wOdޏD*6?oM4x}S-vtmyhhC*\<}#~/'nvNjO]: O}t:R ʙΐ9B- Trjc^].NㅭjN,^^c~m=P f-,`@ԒlЅ-؛Uy0;`ꌯh>yXhLr b;3(}D!xy6{^hfY(ϛ-IJhlf15|E~猊Q-EJ!(wӐ3m92 ]y؇FUWUa.?%硲eC`oă'xuBzxDot߽?f#,-#;qI :_=Ց` nM"̣a;gbqxz0Cpo &g[wSx jO^v2Y?Pь<>&Up&O?#\Da~aRacc$frٷ0+y1AX*%wmڤB|ZX%ux&z;%ōQJ(|ݘRYms3?bqƇK'9(`N)=8R1X^;oDSo$n橫>d{N ̈U'q"jN}&3^Yy=tBCOXH<-I"$XS*,bKFKG:^e'ڏ@y=S;l2n & ;̬ l輢jcHCw<157juSb=6U#}$ *Y3~74]nLM^w$+*ԌSEH@Dc BWRIo3Nҥ|$!2>HΌ;zJte;V6ԣ{8L! ա]D0W@7.%2+G:c <3AԱ\`Kw+?5l*cavNw5 'ƶ2VvC&ք=V@L_(PHkWv`Qւ>S H9>%5+9? Sʱ~^=#tԠz]iō LhLnf{ۯGO_")8߹,Fk*XM _6d^%DvTl% &3ml[5]M-VE 1x7?&)j;vxl5yNu&*Mx7fXǼAG;Wt0`@biD?HZ4*>@+4)~L ]Ew¦M_DOm .=qR& NqWWlۿ`_|KN]T Iw4Yh8tan͔ e}&vop Ⱦ&;DE7_&B/.lH4#AZ>{Yܣ LW׉P}F2IdE9R%/kTU^yj%S`Q a]KHBeqVH^!Vn:901pfva.Pk`\vNaȎp ꨑS6SyIJҚ䧑B<,ELm~ |et9 8ywTξʀsuͽͮv=J 3R#;T (?O4l dԸ .9y7rCcA~LOe8t'SlLy}-D+ jsp?=pn/jz{f>=@(Z:qi l p["zna=,3A! B,߳6.'6Ғ^}b\өu3[C4,`,ҭ klKџ]\+uE, hc +r!RB5Y%QbJm+wɜ (-T Ms^aaCߣ{Li=0PVٴ|P{UwH[n$GvHIJAs<& vb(c7fi&{']5OPSЁF,'j}GY*{5 \GK9>$Wr>ցFVZbF7of m!>H&QjIZ-Twm弁i]ZQG|jAt<ɮr)Fيm2(\f{2[xܘv9d!13ʤ_tIkj="GU<4VlϏFppiI{J8gZf7PBߎ$oN'9S%=)x? c!/ًiLU4# B%E}2fn7fK rp1 !һ7P\/@f݆G|a63f 6d}Vq`xFrTn_[<(v'iJgn A)ۿPKՈ +߲Y т~")_Wu==>k8p~'^^`(hޚcQ+a0[~'ۦ]-~xJnCMgP`#\R.-6c;78Bv&WD2ugLNO(ꞀijU=@y\ݽ wt^養-`oI1^ :GDZc4yW-ݠ[ voe;nqݹfMxʇ[͒$kt+91}t?N'#H0Mhܾ n$(]돆vU>dj!A!EmNӄ{Ne^6 0>XdU7P(bOSY 6 J݅!+~{l*$p2SB,VO ;_ U W28 0Q^z3zWv+ Fh0EnN yg/EK+M6^y2}q +0΃*O8]䤔T%oG,%2" m}ca&U^>E"<f#UZ5z͝ "q(, :ѡJڥ9c%A-` {Xa~pRr_rxS$~fncz\SaX$Tlg{6jz+]u˥b10=/Qlg}.W=Rˊ-0U 3cre7t{oKٖT0cr@\UWT6jE8Ii;rJ"K9W BgW`0;B\;sρ^YU*X#ح9 ~F_ϴ]=ѡVqb-a8>X5{aY"BLLLC˿v붱AQoC7IS*}ۦkЏPBfnl& [N(C@q]HvobP--h_WVʹIjj2sy0lѿͼcMiqV,(+AmwN' }Y^"SUC Jz;xϙQKd= I`6yd^G^N&ZÉ^jϊsOP7v,S"@df!}PsGdV[8TnpV) b PYFPiȅbw; ՠ]^s ۀ G^EXP2GsnXChݢKI\#=xb][̥'A/ْz1U }zwLY;{v@Oq\&lgkO&Av:('D i ڃRGUxCbruÓ' #lyݕ[g@, =S9,Ex]2{\t {'-DZDP#eNy&Mہr(C?s_w}c!L&X1pݷNtHV'* ʶ`*B]7L2_+;$xH3B}b-U'f{k@FfS[Ϝ+46J)s5q{o'T`"ZQjZUlo`<:kL?x'lk]c#L+h)/dk{(׮QI @A;˛6 Xg`,Z +=IxJB}a~T[\Ă[__`Т|.>㿀}gm_/`[U|_vd*ia_*u Ck\Xk{1b 3iԷ)ʣ7^ E'iaYyr.A0`%e|#i:5Ip])WrJъY30j1ۗyO+Os˻t@1|RJx(t}9AEyӸiQ^nО Mz0ݥMF]jĢEY] _ahGsatm+GP0$hj}dTc"I-s#D?S w֣MuD(&E;v*mzUMn~a_<c|Ԏx{}-r>ML7Gb91-ݬψ$E y!dCrr ~+[h@yM5+ۗTf[ \9aRq>vצ!(Ngݽnȑ|JS'= mU֎H)i^ETʱ^i6Y 4tFYzXXfS M 8^5nx7[D=[#Oa"]-2~.:)$"gRw;O)$X`Mݻ 7[m}v 3[ \4V_eV4.B< tRFI䈟}z Ѽ2WFW1sX_nt\N sb[1-vڈWcEt4Y6"܆,*"wFGdAʁFݷT3COr$q@`z^w'F!84P_ٹi*p]a'c԰E?zyV;g?0q>uLZ64Avifޣ4mP}J+EYŬj| nǠ{2'X[^>vyJ#Rqa`pԒ,igcӻw30U]7AKHpiSy`?X¸>4~P!{GD@r3:X>E#Ʒz2dx{McqB̧B}DXQ8o*siLC0h]26/9(oC3G_ K?uBy-HCe[}tM'`2iN]@݋b!09{RQ<.3NGb(<7 (}p{%, Cx5TA~l 4!,dqFPBƼ2 },nx+-u X,{˻JtiNs&UBlH}xYc>{10d KcThOc?ޡ!wY=>@_=۽1ca1 x0g(ݟڭqW Va#3Ȉ'~7ݰ n*7?5-GГ_9@t5:z Q}Ab)yf4T?wP*ˣo.^'aԣV?"A.'AžBz|A` |#F1o6ib*=ĤuA5x N x UomJA2 3^6obJ Xp+oխ[$I]i9%(ۚoIh@M U#>Q>̎]32#GbEнkك(._s}QC[: M(C>6HRzlD{bxh234 XWh ׬ɴbGA~d͟=L`V36ƥ|  &>EF8yl_ꧯhq>Euk6'58W!/OZQKJֽl0sܶ'vyĬ]Soe/ V x8Ua2Jhw:\rhEm7" ׊aMam;g' FQcqۊZkNbG<Ȏf V-N%|ׇjpZ=JrT] FA'@|`ת1Y )w-0o5~Ih݋6v NL\)wbo68B^!\n8}fIŶ*v)/s~ q%ku<@ssuQ{#y=,Q֏1j ˅nrgJڊ!l"J|/Qqy_mf{h!Qߘ$pE0hnTkgR'Y}lU*XX+r-E5o6q7*n6~`YגxőZ/{60[9<Ęni4eю`jg FH_/prmt,_ű8B´Rg> [I hVܰkn{Clv L. i\OD<}F &ndPnڠVujœ=2y]d*Yb)U3S tgͰ@L)<Ov؀ؾ9ۈ\ ̹D 0I>|TF:S ubM}"R4sE9CgխH D9.Q^۲OOXܔf()'~q#[f#AYZ8,ӏg!%QCԏ%0&ۃi? R`6#Fh9'fKmMo'f8bv/ĊE\]@@꩕K豖_vnZ/Y\_iT5?{QZ,3R!.#KD-@2rGm>cKzEXڽ?'N &r=ꒁo·?r#WgWhЯuq >/aHŠ%~8us5z+ .ܑ9Y\bJҀLV`Kg1'q8"&uIKfup{H%P#ݺ΃)kf*GDT̠DEeTU*}6=FƂg3YI5e¥6[~C  .e PhuRh0ܡ>AZSZQQLR2@( nZ4o1Qe{IU&](!Y6]C7u1*I=qm?&֢wW<[v(KY?,b3֜V&1a1麩lsy/ ThwI} pH'?+0R]X)~mcy+lĤAt De+alp#_~az/eƯ yL%<0.oA%P`ռSmweG;7>C&viqE&IAjVvr.A9u=F |j T3 ! +Zj6YQ LQ]!H.7k1O㵫G HM`ik-LLjk"p5i6Zjn c&V'U)C!t=FV7?q[5[rѪ2o7]IS)^7SMGOJPkyt@C1|F,(PdzTJ)ի3^̵/=.AZW4lC[wI|B⼪a#&C|u]cR`(7+n2tgvtiM5364prNWRc\|,TI#X'մ #%^8b(1+3(iQi, 82n6]*tZⶃm~m vTº+BB\!u/O 4fMoh 5w>L!?x?M`T޺݋_Zp:rppu4r6MZD#H!Țo5~ Σa(L][X@ׁ"Fy~Gờt֬L PQ1O ' CsHjB:cy_>2˱^oZ& I5Qkk;i8[A͗P7|CvsȢbD=u 7d9VVkƽ;.&Y [4T? E TxG lp5 Dj6ߏWEVW(g,=ٍwo΃bIӺڸiNR"aKߖ|B9B\Mbz7OT0@z{a󒉱jc ˋqvbBn.:w'dMBڵ ś M5"qep21RSmZo t9_SƖLeєb:g!EHp ^g zίZZ7p&fAn\_ٔk^P & @VǵT{b<0Ƴ(boo{kmݴ8 IP6?hs؆d>]o4N2}zO>uIÊ6.+wogԬ!V8LjP'/5e뤒N(|KI˳*C_=Eyol#k!tW70=.6da2WՠW|+=Ykʂi{`B4Y~~xn:4Ӆ? Uc]9D'f$؃w_ x i" w'h gua}gRхԍ#kQ])@ެz-l9w70< E{m*hKGaQV~g М_~Y5;GbWK|.ϣL@K.Ⱥc<<KPHQbA!o7H+p8| .r!SUhnWLdP^h: E2/3N T<;SX ]|8C_ruP_P[&?THq|Z㪌_M:)Ќ I1 Jٮ "$ 󯡕(]/~گG4wDq& 9&u wnN jc'_OUT?IBn@{0Lį%LV#nmUN,b@2 HWhcS40fޯw@ʑ7>I%`y_6b-muOa9̀B+2a-CSÎcqK SeͿ˚%mH9|ʌD̴yk/|z7\(b&ywƫm}ԍqO>yHiRjhZUU202ucԭK m:Qvm?O nYDWTm+l2 SGp6 -3k d^/@J#kJ.L:}[:Z5U;-SRх|q`# b ֞<]hY|W^~')MMn|"" ї|泜0d ff+&dx/F!Ix8![ځiׄ^le:i(W%[MCްy3#"t#ʓЗΩ4> 6[/YήEb:Jp QQa %d ')hŜrv7l6}18%U:\­5q=!mI|dr.i0oHlL11~faKoERp4n */9% S}dZ|l̂:r}3^ȑo~p2(Kb28x=[f~Edy⩤SG׋`a}[jt~B́h%ma]uhc9B>ߣRS+#37KjT 02bԔ`/jPEV9Lִ]e$^eE$K"{S!FߑRDjogldbHOiQވX+C$VN"Jᴀ5p*S")_~4&Q<Ȁb`0Rs9ٞ%I:MukZ0K6wrZZu]^yV*Cu+@=slFY&ke"g#*Va =Z]!6uphѽL ^HKv_ERѲlLӆ*֯kД5;Wkk=֞F`laDR V~\ č9,t"x=}8g~(~LWzyRm =:D%KࡍX@Hq# Ba{٫,^G#d$bCb?8}RF7+_<_N q \[e>΁[M޴$ٟmKϙ gd֚,q]dY ^ҶDuM'[%ګ34n' Fj"()s+8wG6}dqfD*2y2e#j қUCLR_17Z#Db็~lX7?Y99!SS70~XUs^&}Ӵ7VȎdtiyb_G^FKvXAdٔmbxNwsQ-}ǞhwjV)Y4 k `t׵XN :r5c4 *;&b% z/ѰN4֫:{äӝl6 V8 vo1>cĶ>K<\EpXMJrDq2"AO4 k ȺĬ?H4!H\'k=HֈNۀj(9q ;vT)7iO%FAǩK*VV!$ 6y]nGnlm@ ]R3H*~ȄQW3lRԐdsaj[dw w> u0\0X3uCgY (;207ԐV׃_t&ʧj &u$M]{ٰhGD@Ggv-9[heW1 KkaGσ~}6É#?L>*3$@g<wN vlYAGHkR'W9 olTB%@eo^がST}R"\X2=M5TOWhIY*GuV)m{8\"_6uB ;g3rG7U`WSeZZQn U:@36]7[Ӊ\Z&m)h/1j%c~+{`0#/E(M0\EF,y&r̂3h*dvP7?⹓ѝҹ3̭WZtZ /B[y;`bąؗMk邲t^nx'*,һo .=,W.^3UDښc_:v&C F/kzԹ{:㓫i|E-nZƇߞdf@WK:r5 n`Wɷ(֝jw?b]i72%!B\K{FTM_}srSt2vLGGtm8ad݁ `sd(X5;Jq74Ɲp]<`HŬ&Є l[NSryNzheR&՝a>IfON^tA]g" $< { Je;j=Mƅ`as_3DwpvkT.D(]O< 7.\Ώa!:UNQxZC3fY2-O⌰"eD콂'8 㳈l 3բټ0 -#Q^*8!%Xun?αl ZCJ>do6B\ U<̰*-Vpˠ3 ^yk $:*eQS\뙕!nVx`A+AmgetYT=_JOw&.%t (sE0SOĺ BYn@jePR(`}PICpQʋҎ0PW(7rOW]E^4X{4!OVuiZv}'L>| &-VE yэy]O\Z^;>~G&ph9_ni "LC,LNNkWmWypZ §Gpy&u7C"#ǵ܌:qcޒ^'{rf8系Rǹ"/ JB!wkݜ*@ǬaCs{ 4PVldI[k2#w@Z ֕M )kH<Ǵq@Ja[y 0B;9Aguճ&۴'A̚ c7aSA(BMC3hƺadk~h l|W˃SĔCUuRq:/F=l_0 (_~f}t'и_tMLJXjW@".ǃϋ*TJ`30xAL>yڐ16LǢe薉Dg1gqD1stv/UGy_K.NpfJ4'C%MxhkP{ogݒ=%ȋTMdž)s ט >!AŋT+A?珦W̓?ЖaKI^Y#4fi޼YyK;..Vzν{xC(%eK<:l}˚ BD\o1HrQ|ZgWPh,7Hu4i7)S]2q-A4 8w* P>67j@N[LAD]NEF[@{MͳĎ!l+.7EU k)8gp=ZP?~YȡUW[X#fUwg[K}[u="Ep@7:&22.PRK vŖB,\,n%qzFU*58Mz,SugpS,u=q`M>ufa fXknL ;%kűP YI op1RbΆU䵯Wb4ԯ/POm(hsho ͓c2 QɕDN[Gښ6ho_8ju)EyfU {W(\:GCTs:ܻ\%rU : []{ Ըr\-kf&;ԗ;4So=hLIAc#tjQ\,+ n2f;+KtQ2̼\/ f%;>QDUr"^@4-O{+gjK}ǡQ{QU:Vy)F1㷪[[43qZaU(!fi@}(ND:?VhR|7LLJ/yyۆCȐYEMYH&DPʝGHGQE5(b3YJ[pQЍk%zB暠QUV'Xs[I*4-"Y5RZ:VbF/8 U]O38NW3wN]`dܰSQA B\1w 3gL1ʆ_MAƞ& M i~;dZaiD$GQ~,#u+ 3n*]urWʹdq=kڠ9-s-s`qR~ܰB^ Ֆ.%N׭\bSBHU8wBdsNN0T^ VFv=kJRC3Ud djt1$7|ULL=qH_w;]M"(A8Jd:UQbCMi <Ɓ3*eEkZT4>grm. Ӡ6[M/S 5ntJ4|L-mvnӞ;p匉b.E p ۄٞgS7ޗ H [al[Pyf j)s䄓+PLن\q=c4tFQ*:[$ᅏ'+2=3k{#+:3ޅA) SUx`nbM8;4q*&crE~̧zZϺF i׳WȩWq+d꣩ɂ+ qKԹ{ރxy97y'@(Wj RDbfM@ cxBwuTGk HU[ E:IŕA E\q5V}y(vLRW! ?.|;@n0T!dO-]q\]db9KH[D-MA*5ÔSOЖnjrYdSI]+fJP: 7&eo/r -Mk"Lg*d"=}A1ᭂR/ͯKճ2\<*tv Q2;o);H>VxVp.)ǭ T+;w}sPpؿ`T Ry|[!VWSjㄽ^w}3v^qZcfn`qbyMrm.Np)!6K;i<¤{1d*Pd5=,dϜf- 舔e\(TSycaX9o8 DXRJrIJ_mK?r qFJ ~NC*)a>4 \NPZQ3P@EG:2LrWbyޡʟ(B,ϲ.=u`eo&R.&\t Ck$W۠A)fꄴ1 ~5X6nvx[Ql5MxeW D0N3 RȌm˕Z832C H"[s"^wEqi~_ (5`D_V2DݩVj<&IL./N "90gvCH1Hua=z1WSsų@ƂdY˩-O'͞נLQg,뚗ab4.ꙔnV\>ګeA"j +ywgWB^pdv ܶ}txڠ_3[MrSЗa9-J%Tey@ QDq./uT]Xn|M8qB4n7}A _D"f.RiK@P%Nxnq%ug-pQ_Rߛ҂XFJTgi׃T!xT~ 3MaH.q5ʐu[M*?_"ܲ<~$Uv损nPy'\3glXBÈ Uzv,w~vUqކ&8q{1/n-ׯrѸ7;lme;omk=25󄍕OVoKܒ0{QR|Pf;EvLoG1X_g/JV h@\d19py39it&OI+U8j>u'A-fF^Nt5WT -@X@3Jrmǿ OuM&Z"J.Z_D<>; A.l8SoR"a`Z8g0GQ1h|I? 1<61blΌz r6By#UCZ1HΙO$}X:1 A qX -Rąx]sǫԠ~>8??ħ5 RuqmNZTu=-I#6g;#t RNB!>]iz$Zn)-U}:sЇXh8NF1CBqͧ4VU,M l~bcW8tj^SPq`YDRqQ/ڗ-'nD}Egǻӿ!3]ry*"k\?$%'jhkq=,X~܌04VBH7л1}$,sKE0͏-5,aT x\zl(- 0_2-"q*4;;io7?N;6ap*/4;)~}]K7QhWq*yJG$jS- p+8Yn1KWG?!yRIrğ=~f``O~?dɿ]ʎNS&Fcά=oG̠nu(DTe;ķ =رΑ+6p~ RRkCםyf-W9<v+hmbk}7VL'y6&/RfI!:sөIAzc>j1Zͩ}$PF':ה4öEw{$?& [A18bI )%'TُCy)稤6A$D >?|D{E 69AV >x4N<\\Eg沓6y4∍<4Yи;pKI, VqKy}JaDlK`] + AD7^}=4zi(gOj>g X%MCK{:)&JZьDUf b.JE_${Ȫ3mi1|+5|9c*lb&@jh jp=]ړPaUĒFAW ݊M>fSi$]Y|9beNǹlL7PgXn"_:dZݧxbtiq;/MJ׶r!jA٠/IH۹!Ad2 +];izRLf{" ij UXg{yE緩J@;Y,E73":e{^)ƛI%SaSU~j[x6OѶx%SJh8Vv;A8[o1d2m 4X-2򕔗dser+I 2^+=6mXh>p0kF8!" OrrU]64vAYb| q8,rq ݑΘ=wGPsy'tYݥs2z- {QGrȲOt%#&| S-bO+[JPX( ~{fga_<ü5Bh 8E;-se\WB7rF#+Q, @{LW7~BN"gS; 1T|}AU&Kf#O7Q ~$]e)We:x6m3vRZ4UͤDZB8̌q-7&Dbܡᙡ#6[4dlyVӁ6Zͽ euY_#LcO.4qf2cQ52aUupAτ f'-¶Y3 ?FI `!  xk;?<:kVRlIEw|`_m{/.2E ik)D}#~ڂۡb^5@]O=F bntPh58*SCzzӅ5"Q%Dve\dAxo'IDJu""/>? یLޜ/𢬉\9ϴ'^wjWW 3PW5~X,|6_婭<<\ ([~80*i{ϘAͩ63 2A0Ѣ 8qܶdT~bo- ~K ˏlݢ9a/]UoVOQ`mPrzwHxb3FޤoT +&3޲xƇGmùhX-ce֘J2IPTziCw/JٵZ[E =ޥ" .X?)MۿY6_B jCnYmlg1Y r<)>QPyz5> ʒ 1&ALx囈: .i7;y/N!&SG[AoSڏe&׉QeZVOACVϤC>,N|%t+{hfdڐ`6sERh'>?D1Z%u0jMŜfq_I-r'#UBו598*6ɨ{2ne[Ĺ(!0/1D Y7 ,`D?C%rêA/S%똍tmt U(E2l/ %S4!rk޸CN^,9f؃՞^&ԛǃ/zR;uga[7`*ˠ_ռ5X,I9#.U)cUyPP’kWG3vޑqGj%.K.w<`m8jK+xߛnR!D5ťBjtC䓙v !%Dc~BRNr;Z9N7m@Szq7`)ȓ2xCI.%UĚ]!$M]c3\xJXgU>j6G= ]Cq* Г_J\}=݂SZfV"Of.>9\fI$kaDtt[@ zgh>ڒZ`4Us7K"cD`R<Ռ&U$ZRt,raW7$\;{KG9H̛SM+(—]pu>Ξ6;#lqn"0d&8&PJr 4ߒ 0N,_ F 4 1UC;UI)^rfTH\q{&8'*N:8%CD1UtY5DЕL-j~fz2관j'?o2ҫ3[ib@e?Q7}ou^)lP5gȕ&/zOM` ,N>-(1Usb}$vG[[WaOh[@P_&TjT!lmd5~1$DK#`sqin.ђ`op4L=_춅;Bs W#j!k%0>V0ఌAi_*_<2CURǞ6G 4sd; Xr {2c”k|]E]=l9ĬʓG|T`y WN õFo.fv +MWcN`3f2ܜ/ƣ+lw]ېؒ7_odj(ʎU5 jE}yn[j"+[Pq9sI9==UF=L*LI[_$I<&A%"#!بPFPk=C=|iL{އ⅞n("RXqJaey<[8a$Ó`YB.z.=8~0 6עڋh+޵+pv2-*J3Tm?^[yh{b*2v "lsEL/4t.*N }TYP 9j UG:ئOҤe~kPk7$`rYK !jh.~4~飲Efc _.znq)"x+ną=+&މd R(M_Tz `{81-]-=6e1Yreڇgn|sC;a";_ʁUDSLjE(u7)`U#25#cr, [dU:?XP@Z'(aIzmWL;iT7SD>MEr3ֱ\b5'lo!ϠZ}r)#3KpyI-aUn1=kÍ@#o\A{Nr{ͥ.Z{7pk 7js:&կtz,➻g*1@kmNQVLjC0{4#IJG6/e)2]W\s '0M{3Y T{$;::/)b*{.@i0_aF&=C[=;$5*Zp ؾ!Ir:4,5#6aʵgzud ;^X3|Z[x(aPF)#5UZ'BW!?/OR=iVtB @J)D^AԀ( 8 $ u (7nE̠N5Cη7՟&A$JENsPގ75ZT㩂LgJA1>՛Cw6*Ԟj.C6$+b3RM5u~=`(W,6RU8r%#2SC;[l؊79 o7鬅.pߞHvO5r)(g҄%0jn~X*1C:Mp3+}Ij0^L8yf؞B]ڋI.؇lVA N ?B6f'C/$>% 88*"ҕ"u;t9md@eD#+A/dllJͦ sϭXo+bRO5rgur},cZp~?6V)N3t|ˑiBsDu6XؘnJ.Vd f۠܄cN:Lk(BԌ}!eNJ_i v?p7YGgXMj,z;Wĩg? !O0Y$̏~VG[ 'OKVɱDocܹ߄.outpn*1>4.zeq+yl@7R&sRL:Wo""^sdnR`v[}*-zQ!!µƑgCL{t  DXbV f ﰿmuۡnG/?&jevه9Z s4G>!ۦ;,k,O.݋Tq,{t)ы+hyB^mZ!iY.קQzNÑ 1+9S_X_Vl 9yS\j=ࠡ1Js_A_Ǵ˰Ÿޑ@#xڌBΕ c aa>h䦽y?2[(էŒ#HQ7Qҫ|o%۟#>slJM;[ӍRN6KSBx>*\=j4{3@Ep ﯻ 䇝M0c`B5TPBɸS_zMN`eM{.յlJJ[ _p0]\ #l.`>#/ti+S"Gi`Ak|d/'ܭY:CWDwlY4nxy[/H 1>,:0ZFWNK 2]w H'$ña~)4/R6C K^B}76`ʰf2UiH[ yQkjV-VPH6?x2~LEi^R[LKr3\(J1t"~6 7 F#׾y+Ru>VhX|v/d5C?W)+o| 8!( SnӃrY֓|cd'?ϟ`s^v$$׭ }e7Rx&P %LY?YET'6ذ%m}ƄmnjG ~,Cd,7lb!y+66aDq }?Ǥ Z(R!$)_ Vu^pQ7#hF'T]L܃Wr§Wy@c=rjjeߨw[ G>,qqĿΟH@I0d XF#'$gl="Vxffa̕=uAUYoS[A-𻃭MT Y3{@~4~ZdK̺7f'!(r<4Bd bȁƩ#`Y8g.d%SٕޢRܥlG8np4-kSyZ׆6*.:ujHQ̛U_, " |pgUAekXlS1 Ѿ2H ;$N=@l"86@/Ӈ"Љ ߔIz#ǹ-Bab#.Q3q+*NsY3XǤ3Ie;Bhט*K U\BBpXHf\@{RL2IkW)4C= 2讄x)%eu)tPҨޟ h-d5K #grԜݽcGեi?-֛cMHzM% Np*(P.+άcf 6ʗ߻9MJǗ&8,'Cj{SJ 6 iz2FXD^= 1|ǶG̨]'cSc3=O"Whњ)wrX0dƭOh\Z@LD'Yq0'b_>+?GH@&>f*՞1@4n/9êVv8< a|XpҲkW0oٹ馞Y2iWn5y&# -Bqۦv|3]NES drk_"]|t|F;xpZShCG,2 J8U.oN𭕷v:]s'i%LپSq6II*:@|(/TbMՖy-+'05?p79[P |]Qocs{4tڶ$R\ 9][:4'CM` )+:lt hvW Z 3'xȈο̦p`CU慄n& D )ϣKQ;Ь\%Z[ۊ.ozA m{V?5ߡ$`!e"QW_Քqv0.m[2h'j#C<DŽvQF/]fg+.0y{S 0-_))&ߙV:#@ھ"52jK$;\*(>.9R̶cPa,+度UIscd" O4:R-`?3%g};۷D\570ĸTGEtr:*fC0ȹ߽ {+f@ݐ %Lby]n]|J&C;bn;Z..3Ph-싸&s-[&٧e#U]zl N)٫^56VRYZ0,hشQ3:d }a.;G!JYB+{ 9{#?xKO߯ XګFF`r=+`_:qr;u[9N!k&M3W~ڂ׍Xc8gO&@h#+c?fNeYcM6HH-QpEuf_ؒCT/̶~z&y;=٫± bS\@53`)m;SrXtoiO[=T\ր͠pkL[ÎL}zزZ̜P] oAjv4v0rr /D0Ngm.Sa_(\tÏ*мyȐaMǩ~t׉ }4E\]ZTA,UISv$\`G[~@{UaA${ީiεeHg؟^G};%zҵ̜+J7%KPvW +3眜NN3ϪvjB2YN!mesЁPT3@€v/C9rlu{/)/Ej`iI>eY_CYfU?&0#*wJ6O0HWDWH"VѴ0RBR~c#-z@gB0TC]s(26?zWy>XwjOrJh?23nϖ&bН gsRiʼnAƐ(q'0RO'm W%ܶHuqt #_Es ֻ U~`ٺ!s k$铻GӴ35AƇ+wy2r.KE-(G@)HS7W:ҷ$XW>X4lΎ?/'Wp)">+ή͐Wcg ~zS L;ƛAu ^V3ȳ5ele1pmk# `MŅ8m͔3!5n7$a GcGM*/YRf (hJ=l$aNb1Zaqΐ*B/11Pau-$͟}?QS])!}(vPdo;Y8)k]QIށ&~:0#R,ߕ0Z|y,apoFgI`/yN@_N_@l w}C(wBH'3<d0֧[&1Lۍ\$H5MQ;I,݀EI 7*vQ{02B(-N0EwNm\*=q\GQhO(v.U|:$.D`.:A\\+(A8>aE{V+i,劍  yj )OHDPe6EyVZ1_5JiZ_ņr" oWg\:MS9_.$eRG+mpbɃs4"*(L5RxrP$]DĒ<{(N`aƣK,"#<(Kx_Ko^T :-CUg>Ye)FR?MO{o-8 nq[ l~ٕAzgĴto&)Bpnʪ0n9J5hOI{nAX,*RBƅ|"qI;bZÚE 's M،JIi:{>bfoʖ|QnMU,h%|dAS>:?§\uL#6 \NWUnen"/;dBN8C c|rڮhEpuoZR 5 mJASdU Avzʹȱ“&N&̸36,"1:9`](L:@zN|D /sj0N+3;[lޅМeVL px=2%J  u﮹JHvJ&,u<<7HeDž4_Pͭh<Ӏs#fhus~@ ^1mIVI1P'RK;fJ&^clM ږ$ W@Gn5 #t t-Hj|QL֚8fd]( T}mUA3yd`!* #y3~v`BI4*u[YV{+qAd&Y |Sbu_ߤƈgD< j <EEGNc4ƴzO*;P;Q1hyE# J_'|ϼ\s8_Ge عlV# = PDO*}[tojZ ~aJUQJ;Џx9`Mf*$ gَ#TVVz,$+3_SRBNp@CIgG6>rMvCǣ471êCBh期 I#` VdWR C^!ݿL7k Dnԋ6ILJO'M9Kc,@Z!fTyzwX2Uĥ>eαP8dTt9ȡJͻ67wWkp6a ؽ+ݯA\-uW4~%o1HiE3S-&(Uny_ՠR|*ꋏ{_Ebm'>xZ|&9O߇A"m`sF!$>CGkTC葆ߖrC(Dъi2NZV."Bhȷ:Sb22^<AhsOr89a/Y滒>LajsAmJMF?@N;m+NTI@gZ,,ԭMY`|=5hMCyX0Hd DY%tIj 6su c@Q=q'%6(0&,ǀ,w {dzҭϵH_0oBQa o7"Z7/C]e)elb)0E-Ͷg%Bl氊T=Bȟa#2ZXnnD[1[ڑQ$,C ;@L HJMY;c 0݂auO__%[\m#0Q Q"Y"c=1mP s0daס?LuGiDt=paԝv"`G?&%03ٶjm@ڷkVӖĄOʳ($s}r9UҲ"i (mzxZBeGlnvno1oHܦ|R,t MXtz' ␳F=z:W}I&V 03oV>C-3>e5!Tfh_\P@rQTK]bklJY=q%Q i aҍ17Q-b{[kZ(Qغ(E{ByNMF .zQ&<kMk&3gCNk|KADtF`*mǨY9X ?AhI2efU=@^; Uw5Mafp'jҨ VA!Y /;>ޘHRogsu? zD&-3Cpe8e~d*Bީ;'L%@=벵 {V g.S VN;y;ڙW[Z=٧C=dX# W 9*ii~7k#GK|a Sjΰx^JhjS(pT9_俔c{+a{8DS`(d[~%W򓐢9J}G))nqc*xhCPXLvᤇVAgB|8rVqsQT qKF#C!. ;NWTXFHWv2F"gI AX4gT}h󳛯Tu(%.`#_iKfIL@7[ۨ9iQNp,[u91hH#`2vqG]9P"sv |w$#ɫc.#"چ۶Ae2ͣʴҜ"64Rcq l4s ~[O}[W!dv?SVuݲI whRYI -/ɛF5%oG- W;gSl:^uI TļkZ,RcssU0X]0*3.ոxA*g#0q ZYKZb7n{T{KW&6a!NŒxc ⣐Qc!7t>(ŴTflMq x6 @}BP]pXK.һ0.e$<=bTob˿ס'}خЍ(/kDYgjJ[1;}.7$lxebsZ60%M űZkUt-. &VIl{]: ^" Mݽ$)hgZ|d-&j2rɳwfB$vdZ%A%wazYgR'g,U smTf6lo?4,ս%Lʆa'ݖ,}jyklݶ d@|1S7#n\&s3|,6cEmѲ !Fxc5P6^Wp&XSt`_@p$a^X3\';.#@+ǚȌ*'h02!N]qŨ]@֨*ZnC{ı֞xη'ZK&TqMvXt֨-P af3f:WgP|tSv;\7]gȩ7[0"IC`C0hKke/2QaΙ3ѭ8X isBd"_I#qhV,n T<\Ҍmk;nX2`%dwCFPiw+{L,A'հ#F aK t fNȨf~v#)Z0n5%s_ ٪Q"!0Z`0h"bgd &zaAU9cŷCwzK$LP}!8ا"\!9IfGS@9߁+z, Ʉz*~^6 b?\8if'oj9y ͒ >DBeZӽ /lHz'QbO᫷~;HPC՛c>h72Z<5ZQdHaJ)VFWVҜ/(`GԄ\hBRIRwr*1:N\\8$EY@;i֋Ԕڮ͉1N ߺotTIG=&K5zZov/Fy~B1^hd>gkOb qoW-PEسY"9ΓAA+3xY /<wy6VIva5iv;pfH7ڙ295NF6^I.g1xbŷԦP=ad(^uUsT"NiAY04qbn?|DMkY/(LHT2+C[G`ȓ,L+½1V]k  ;V<&Hpx[ۓ#?%M2u ) w5NvP.59I{2˲b.Է^(ZTu5(&NF [dG@Sй<:iڶy<[5L rf^{Q,2Mc.l >#0Tp8V:Dmv}2@'m*d>^Ag"bz]g@M, 3>9林# uhuA>!{gep+7w!p@JH+5㈤2]QMzêl{z=@6ɖ /T x:Qjg` ĥ)kw&+f=L;jT!\ь$e/׏qJ`A'j ՜ }9= arJ}z_-"MqQָvH$Mx<^ b<4~ ނ\",A]c1~E]~!.}?af8K|Ux^b&ѶgJ1Q^zGElK _6Փs:9^߀v)u#*bJ6>_ Ufv|# 7 RKބyR:V1"̓:Dx4A32A$'k,=Wa-:ކg |#YCoXj֠> 0<A9M<#;;;%v *SJ. NzB@R}*[`K;\Gwyr^.Z09}/8N+|c³Bcc;̧0.g(~R8sUG,ԇJ +,HS|=R>uɴ l/k(Z?faE/9F$+>>Jl3$dO-ԟ. Xa!n!똛ˑf­?v';V?$@T1wpSO4ΐ_۷`CEfYF&*8]ݔc;V@!}bIaM7|aja"#U9#}7/k,rwLmWEC]a[=C^~ |hM`_o#_[Z9f92.ӝGiuݫ>7h]ʿ*n`O渣6sxΘ&7aHPj,@ - nB hfD%V n)0_ "H@YC|j͑xyʬ5W3= Cs3V8`ʳE#s۶AN6![G\"uUu d<_n6>h^tkҠ KaVЇhqv}˱-mfk~ dJ?Cfq] O85}xE*¼<-A2LPQKwKR`]NMq.T#p۬24*Aly:Ssͳc4jAg%Y=mG/9g$CJo BѸPG TS1.c$Q/c֖n)AJ WϾDCٻnYE$tJߐt1K8J`cФeohawc&NxĦA$sW5gA Q L +a BzYaE!j*$qi7@fǬ?؛BoqX8Cn [ -L#[n+M|(@ksGYb#ߓd|8q~s`*"gwWYG pƃ4/a'q )P"Xbn*kzyb-iGql÷jV_&*N!!3<(V|Z%MZ+yaL e Ytahpl-l‹nPAF^g kyۏß[hwXrnFFӟUB3uڤ\#! A\ʲb<ьIO;y\q}C| F!kJO1 qSߋ䔓)Ɖ6گ}wW0['w5QC8EgyfER+ٝ;%c ;ڭ\;*@?k:)"TJ̭'Y&6l]u8e@`8$l-ltG$M7A:|uv_Ǚ"%Zm$` Y|3@x7L2eTv>A]B(e<:W.j:CN6fOr0x>bN[Y,CekQRMbPlEF]v^7QFh(];#l_ѫ<Ⱥa] ryD eZ}.q3R>3Y!ݖwIq(kF]'Tͬ3:'<$x IA+m :4q^y0;0 Wp+RE۳{[;~z# VoJp Z &O~"jgf̊(,Oql Ce@MŀPUA5/͐"HxU)Ge 2ft.?LC$XD29GY R}Ky0C;D0,K|fхNƨ1O֭tw8QzS 4-#:"VGXj~vE#y=Ospy`d׻%tp:B#/^WPwiJAYѹ Yi@0Yޜ04I>K6:qBw] RDEܥ9n( oحiڷx1@3D֊q$DCm;qA5 GzZxzCQDԿyt٠&L km%wL EK ϯGl"@P+_keDR&<7׾c}ts\0|r_xfR-#۱9hB! t j}b3f>g9y*ecN}%#:^_ᖖ );_W^EQJN#^bD]r㐯wa*$qYc53(b*&03o=>c藼͍3*я>e?VP;Ro8j%L/\`$K=M|#BBS@?wuM ΢'cu~Іyjp^Ƥ/<<>cJm6i0}FֺQGN]"؟0I>T1 <`}\>m1@e|wA,GQm> qͪ?:p>B#lMaKdzH[`d/AAΏ ^%Fĺ`L/P ,m 0~.Sbzf@o7=pɧLisPzz8NZ$'={2%G_cў!vjihPA`yxe9 ,psRAh{]cJ,W iOd74i-sVWLPs{A}Qe#N\.\?5VK7˧W~Nm@MM!xEw.TBQb.N0}bl#|?"+0|LE"/-yߍ.>QoŜ*864u~P:$~~=w_NVf;Er] _WcҨX/o%wRK 7zA3GGBc!1w*!QYon(,[I1GA` ĐJzUF`0.f~\L;2 R. Y[Ij*R"'XM̐QJ;vBnxcP$pqUߎta4A}: +LS'ѳĨ!4 gѧÞv¨d7SF}w!rnÕ7I-Ld\x{ %f3˵^=%ܾw.5(N]΄PZ?R3\or4 |((e6Fpw96QRZJz&Z=XSTJn=HX!h4d"|WPdoن *FN1_ ]E`b]bq4-m GnrW+fd)[%i +on/پ1\_xO{٨jLSq¾Rw[z}~;a78l:aNq0NA~p̊K濩rxXU^%c7fJuKl+؁N.T_VWgܻq7욿'$E)$]XV43}ktw NZJhw¨oSצr'*\@4@e6VFL9(6t[],ًqGb߬q9& Hش{s㶜kk*?>PΝ<@-w]5**BpJ&&C_ <¥&x ZHuDaNRJK##򺑢5E;7Cٝ3+s%j_v\$'`R>z> !F}qZ%/k4Җ!+Ҁ}KDRaM=*?#R;a=}Mk}0SPxD ;Uڄ)>5i%BD(e|/ +Xibc᳷Aqެ TkS|~|U Rf䥼#Q`Jy%V)j=8} ?)3ه\|bh ǂv}u9Sņ/CmF>O>/"b=IFYWj1R| q""ծNnO҇Ss-%8(@G%Ǵq /Kԝ [+wtYXa}`E!EK z+)~0VH^4:id.f<86V9u*s @W/pw/{0Y攉Г>e]ϒrUvK6o?<ýʲyӠўft>݈`5U+ 6l Ƞ)kܹZ {ad2{"[•™;l%-Kg^&%:gNArL~jvtXjC@xn2aT$ |p(T &^Xn{u=Ыa"vb[#`)zt#xŋG׸((VXN!G0z`f#12 tBg3-IEgYt"*a]LصihC_4]T^А%wSP8$=z}/r3Hx!S# ]d; -Fpύ]?^0#ի e^K1)ܧwQڿ|kUƍ],^YuMePwf?^U2Zx3 ww ߚR`e7 oh?%|)HRߋUsQגq bBy]H'yRP0K0"$ϡEc 6[Uq>6`nQBSNkC7~jK01Y uyLݍ ,\Tၭi<6ri)6~VX,%ĵռ;37|4D>s>OWB$07`6cOJYy@Xyڜ*{!45i s󜦐@/uRs/e巑:ؐGt0xnbgqn$/:|;stIbmyķ__aS(1Qs0XI\B_ϖJW [5V m,-'Z(3u^ 6 DeU<<dbzKrwb>֯cWdoCyh@z}X Av.GM)'5̐G^c%콎6?X7<~,զzMsVFb^W^ =_>,IFFd+ J&bkPb3SQ~ƽ\'dya|F!Bt*LJ @'4oq@7Uvd| ^SV,} PZ||9.8,odzިK>f"Xѻ]p%3dwrf:+ SM?vya'k° )4ox@M8֎B5/b^Nv\l}2q_<&YۖC JǣmUj!Kۤ} ٶ,M˄(l}+T4RSRٙvn[ +~JCcrorUe{b@fìu]].5Ч 3G`()%CO6'%;FLN~!>v ;W7lw@R2#pi)^N$_پT_{L5eBx Sc0-~6{ex^U(*ҢSzg uA1Z0LܶdEVE _w %yzqW QEkwN&x1D.!x/VRAG?_J|xF8ɖ`4}n=q }67iOOZV&:ce- |^ 9D 8+@qyz.skEdhf?[ Y >欷#}I4"ZM?BM+x6)[bK%82:<ꯎ) B's]Cu9TGЧfU0R@˜YJ!@ƒ2*p/jP}D6?{4,bFbdhPWqi]_%U25 )F2cQBqfT5x]ÉgVn!_ L&=c # ڃ]!SxO0v։ Ȗ-=q B󦑳6w%RxQ^;J5IAJ( x%^8/BI*C9 Ѝzl;귮_Eu߰vٿhHk^="#>S|FZ +ucәBD?;Ք|ց}o9_#8 \Lqd)wRj O~+F&Իћ;Z['*f`C|*4.^7wAX_FF(͆`fyw5L,<xa.^!⧭NcYa^ίHLz(agdNVs{vl+X: 4V'=nʁzj9#`5c}ɎOТ][ p@J껨.,DI7_saۚ -n"Dc:JnS;;'>,pR%Nz/릓:B3[30wܔ 9ׄ XP?;t!޳(λn!D6IuIy鯸 9ߖqt[MkKe! h)mkZwhɹ;{6i;o7>ӈ5#̭!fu"(1/dL?x=ʢOA{++jG G,'  '!—zWM ɉWOf/g0 Mai(Xq@(/*}QlD~I wЃtGko@Hkv Ԋ,插niN>ȯC7p ;@&vmz(l<.]]VRn_FP?1?aE{Ժ5 :cքGdSR#S@r`딒Rfe`Ixty6{ۦөP|(r-$ W˕w8_Q7"V%).TčQn$Gul`K\quj boLi) w:[vHRk>.IuzПb* QN`>DY{=#v7(%UZca6sy0/ þ8 Rho2]*w"=^2b+zDL]a+gvoʓL}IzbX<ݭ妻ʠ z(1Fѥ3M>CsԘ?3wb,Ldyn.5A&gY+.̈́7G ^c)3&arƔGR+nHu<5aƯӺ z:-ד7+<^4Ɂ3d\ %t ko7.G$  -Q'k[̯z%AB2|3ҡY}E !c]3ǁl]|h?10&`*/"CU؇X4Η׳=dPEYk/mT+](Rf+hϯ37l{ՖZzcPoy+!Lc5JѮy:Y(f24  ˷Э^!EKꗕ{2A+\*yq ╬cgՀIPC ֯2ihr01|ni~x0r^}|F u/Obls.! `ͽ<jX~9B.Ƭ>|DuIRү9dڧVX8/nHO(K>r.UBqþM)p )ObJn*5+PK56pzp,k&#0κ'Y7FsƠI+g8Ղ|#+8Dh^# O y|%Ԃ)0`,SkKx}MXcXrLyn&Oc(2 0h.6}(bI#JCHufnр#qyy96 5|-݄̚5#Iwnt"3:%i'79G%# \$ʠ-,Wn.n$30xTpɗJp9x`BqCGP<>i 2uNiw U:8[$\ۘ© 8u(H#!Y%溁TI`iJdWуU!y?ma* tTx(W-T|xӎH?nl,RFq "a-9E s,KƄ=#\sӀRc 1k3|c߽^ v~tnt9nba„9}vԒ <6 T֜H|ctf篸y'U@Z`i'J={6* oM  t5ә|q~ꐋ;~ ޾mh?6Ak  A%p90Sѧ$w\K}lS^|*  bj=}]u3²S+*0 ;:3}$=tt?6_ 'C{} (O6)RL8B~nU|nQ|a {(š?z{%߾* ĉ}t.cG E:LE!}_2+0NcqZs$3({!2~TTRov}IRjzZF 4ȽM9^ľ/K=l_: +6aU~6QYԯ@? EJsY;2SPOh uB~ч2ܽYp(JaVH|Hkֻk0?増*Bӎ%\dǎL'>0~& ([[0'曻V5j@1@ɚ %M׉VnvjV*SoINQ? H;'w׮-dѳUE|ڞyNzJawY ĹZsVFQOU*کKt4h4=#}U~Z>6/2Q%{+OL#;Ly Z"Hff O\jK#;(wy+ʤizA`F_͡lX ;댇%R讠B%OT\=4K{or-DZ9;O4"%r*|̥ҴIvu؝'Μ(y1Qxa/-{iLw&]28YI -R(ʱ}*6PqKqݛcg|<4{8xC|6=(Rw Wkt:;!Pٝ;JWQ%u7(+|Frt s)@@CȁڏLw75-_L@NM+eF>0񞎥!1 jOn I+Tm,fb%r2 8HDmX$G{A|"[ )}4Bdu-=8<@a<9zikh>j=->vŋ| (1tWaKF93A]bSP i~!Dza}F?d!+F$./p drJcԤP&AM-5[I*D6V,'=#qFLvwhCPMr[DSos/+"4;8=I=:(.!kYaŏyDe4,3( Z{$!XmQ*{ܣ cB7祿K 6 wfqaFs(n=,/2qwOou>O R|H #׵֊҃6 !5G࣮ߐi.qL1j5@E5\}`Mw+< v bwʽƠ0FK'YֱCܭzxaH  I];0V5! bpJ3=jF[ av◩@0(ۺ1j$]qڡJC~^UZ9]#_^0Q@X6x5@x\X0v2?q<na=kf6J/+ed4V?&3ɔ!F˭)&p``b M fo j w,ie`c/>m=ø?̒Qx^_ȺBy8\]PNC^AaxV:j/Jd=&Fi79 9%c"W=ͅILxbgt8} "*/xpK5>Nc d^~d#_GE* p{NUCAЧk|8,u{WI}Îca"؀xD^㶢f-+ i]4=>,I4uU|p#d>O T㙗4g0|abk16 mT1 7mP(֛`>_y @ӅFy,Ae $WaaŬ= '=GkGP"GQ 6{sl 2?^rkDAN?˛+O !{_:hg1iigI`Tj եRT@继`UIqh"0J}WMPm1w +V.bwhI!a~ehȞ|}k3 M}5U 'sVWs%l-5=pv6 c}&cU3I3HE(o@{׫2 mދ:.S\f3'p3\]xnomF?)4`>e*ងzZr1Ph1$*]ecX9>X}^beD*ӆ*]LT[nr| %΢%^_֞MVkE[59Hi㬒NUe먨*ձFU `;, %9 \*J 5(4N@@4Z r?Z=އbS3c.GngtٯD<*,vfL`##i!$>e액,0OZB9As)6 M+]J!$") ;REx'N/;dn>O:_Db1v?߈>tR3oy6*!_l\ObT8F%\OB7fڛEBb,L2Ö́DZğ'iIUvhB #ܔ!TI[_< }k rAN 4B#k9fINډuLLJuk+ q$4Kzdsx`*Ͳ{K2 =~֭26pj%@nQ/ڦe &ra!~9!Σ(``3^uS0s*/:Ne:77@Jn:7zquK"$MVWv3>; Up(Z*Cyrb3gj;1^3/-f* 0[d;.O?3}.={WBEх`u_ Œ@!"}d_6ͣXNiIVh${pOW$W5oJQCt$3QvGJyΨ\D ƈ0.t#/XDe[)$ INNwxNo' Gf\'?N7 uRpyÖqU 3ũyZUHDĉNdj,QbaەZNr+Vś.YǒNJN-l e+'(Zw .{V\ Mz5"-ISzUON#{iWI∾Jr2ܽ24HL`ݡ09P!C!2#MZAAɃ ZFu[Q7zP:] @3T^{BJ"'>)U:42 8ā'"t[ؘ6=,(s'ݫ8P-8B&(4aNcZAcwq)kaN@GwV9oJ"Cуmt+BNw:N#$zbfrSxV*ml(S' V/:2 pz/Cq>KDUyoqnTUYDCi=Ќ3FBo;炍;nM:7U7l.G!uY:(۞'#L!M῵pAanNAȰE&cj 'S~[\ |܇O`SZZG2Óct2 9,5pHcBhwX]Tj(s@@ɘOYW&S_̷oYޟ>Ǜ+C[6?hU*uy@BRmuL4BH9?MgD yV{4i*JIb),2 (fK0#28{O=9vSRoݹiNRt:zs{*JiT >\N4Ǚ$UZ~ DoH '?֍+8eEFg⥈7*,B&Qp,7 tvWe A̵j! aɥM^`q{*Ы uQt:s5Rf3]1`ÃvX=YT !DljJ/-]Y /c@&!{k5Ohߘ`_1՟58)ÕG ㎊x&)5MC#לLQ1'n* B? L*=:fZS wMlkO,"^{-`* F8ޏ[ |ͺG7 bmkb?,'M : JL\7an?9fa B_rƏe6MPmp[,ĉje# 3(=S2%Ywz"`%]bnِl,\O;f슎 uaMZA&yZ+D8Lw1}/-IL`hک$ay [Kx@*XȠ?9䙂ODo\f~@{ :Da;QZWuT1b6YK]%[m`fee9ñw^`;T>8wK 1hWMӾF܏\7>do }3Ta2Kp~!JLJY % 2V^DO%Iۊd1S<:֛nSL/x6 K`'{c=#$gkT|kz62lMEq!BΈ/G뼐9KHB#WLbl+VE.S>"98ߴ&v{.)LQ TnI )'&.+KTfŮ b`J>Lj p^= `wʔӟ>W 9EJD< o]!`ou.wٷLc%f_J_ݤ#8YtVyhCimXE#?VjX;D2ԈZh 1_KuKZ f/vW}Cz y=K.`/tȏ`CbRS%JLE1sI%ƪuO%0, [C 4rNc2%T nD} Gӝ<(yY Q' jdV #z3PY͊_v >@ȺFObB;㫀#l$Pg)jʛoq)7<CB٨ p-ö}iU){F,_<\6> \] i &%E۟j 'K S T~ 2Ro`ī5ZU.ͅ $_gnΆ#sBG}|[E|F5!pQJZjOEK%% lusaQL+?qwEMCs0زo7 ˵rIT.9krK3)c!2xA`.37?R3)amۧ+NmTJ5XbQBɊ'?96b3NB0#EAE\=KanV5h1+T밸t+P 59 D a~5lzaDVYWotc5 O5k-σ*wBlv xU?D2C"<^6^pvѩfׂdCU%G$sNj!)e.ah^*=b(Khihb[b@f- : W\pj_M[~PvJF0 #*]<.I;6 0y.쩩gXi,u =*O|:蹒T >Ǭܖn"ld$R>.ЫR3C7˲|20V YU%Fg~Wb^҅&L3˭s|#j3POƜZWѲ* $i`QLϑ~.&Wx/ z!QXqڔѦ 3MصetgȵrT{>y} Րv#JJMJ*Ŵ Km~9]h`ǧȳgRٶ1)G nhy2i )wh)Y=v΃ٰ-=$|Z3T'+Um`L9zmr!%r,rbHp3GEb\F8hgbRxb|k/ZziDƉH`frPOrFDbn:pV>ʩhL.yp@lL BA,+oSw., z*mQ8]pk@ betDA,vIw0NA FxIyiU196|]yWvw0E܇㿃83Л\O gUۉ-X5{Xߋ)~fMCTbѽ){L騁35V_Q{ӭiH MdLc70VO{-*vߎ[ׇﻕ]hTPh_SAȸQ[Kgc%:]VZ%`_p(.@(jB(SUղC/*t)Ma2<hp#RDe/Q\$E)EӸ,-P ѐ=r 𷔏ZpbKP8oFߪ!.a[}TԛPpկ!u 4B0CK4e-JxhuJ/!Zַ-zy3AG{xd &*c Kjz&7M+ab#ac,;|.@Pv˳-oݰQ/I E?{[ܕ]|ɳ$է^]BFYwrE-8!1 Eq;8$tz35ue5SD#1G(Q;gmK̯=Ќ2uVޒzTg7xƪ22qE2J^=2a1eaX|X\s_d4x ៦?fs2=y[c:T‚\DXW_WnuKy5u/,&exJOʑume>R+ ^񆀉":/my/oa6(kAǀ `YRh@ -$䋤jzQF_hR;0`ER"d6WNcABY,>;#<%M#2%>j Us7Я-E 6.~~yޡ`d1zj{ -^Lepky`p$dШ 顦O"oU}(B=C^L: L5MRE$}] f>׃oٲY54Qa/|_E[)@5KyƵ{2PXtح-⮷ysrM+|7)O'3^F=)^w(0/[dkah&@}l]eQyd Ƭ"Oy>NO2Dw{j'8alI+h6eoP zN6*I7O5XUНHsi:"#LzKx:w:7轊kDl 7 K[5!ZEu3-BFiPC 5R"q\'`ez^.uWٜ3_߉!I9f~4xd<\˥!D21ƽAcLJ2*u.}RU$r;cCն.r@FOf^n$;Ҙl+ U!! >,Oi4+Pbhmi;z۽$Mk_b't[j),j$aOjMKWc]kE"mp7oy8Csj=<œUWx5ك}BD"wE40.dUASD")8SN.O<Qo{Ӌ~HEbCv|l0s82&cDiV͌#n_?GX$ AjO7tDŽbbt'fdgH!m {⤓#0 ^$'ʩ3uOGabBВdsO":~=_6乿 -.'`+ 1; ;kR|0 1nIe.Y*ȴf]|~ɐ` XN v#; Z^A]w9F.7W@ŅS| R 3%&i-S#CU[Repɴ -8^Bs@-w FP)jJ!ҵf$]<(j{KqP>{EuUs#2YΓnd!{Í  ަ[[, Jl,Z߻U|a `?1n`4` R$q9%ŗ|.6SUu+ {jme` 8ƬA٠I~2.$jx̰vyAbvwĖ(R-h(@$Skrz`c oTPrHKg6\iO:DjFȸv:5m7MzԊJ4arf!aɻbwJL8yykX[5&O$:;WX*ʧaqN;ZB\eH/9 om6,}SIz4{ո@F535jXmD=`:?<7Lӆ=rU(u мE4F/ Zh_Uhex*S3ut-Ž :4QW#7)vM;-W4Zy>6ڗB &:+L>ɜ&w"B6VC͙SSيyPԗNԢ3O97 2%}2ql\'rѥ"q;N%%9sV6SK۴E. M[Y`P aUum_vhiB!J<C@Sbzp8>cgĜ31A[Ncgy|qRXw6A=HE b,H-OVvš:-81 DM4 Z)HuT\4ǼKoG=ч@ ]Y[0ׂ@ZUy϶%o:}IR}筙V=(eZdh05Cib:=GqV@udͥ%dI9鰚g2iy-Yl FJy.2J.7p~XH*$-vNuYJ:|\ag (^a&w"9wO;R̮$G/"@3*@Iz\MlJv29J{vyN\A>.Mo摙i9]<ִ7ZN=H_ ?4sf"A&`__=,a^rأ5ԩZ\ LkK3ʹdba{eK~/N?250LESV0j (J 詣;ߟMԙn,o1 ۋሀq2F1T]I[/O:U^-l:ܝKi/spijWT,*@A#*v#l0a7*pFv%uxh_jmh ƚ[qX VLN0,ФKHF׈Ql8m/{ِ6Qx_;eADm i/ "6aj !I#`n޻a]Ư_g@/׏ĻKTx X`KjmC yuUI wI[!GҬĒ`MP&4<ɥe^Oo"w@9Dl{7׈6N>z&%:vժsfsTζǤ\r52J?(6K|*NgԨ< ۃN%t 5\sz ^5Sme;f öȪyBBeYEPt[W]Jk览Ύ R4Ƅ.WU4 W:憃.PO K;$QOm]l|Xq%*#PV4L3NJGլ7'zT 3;kest[C>KW! |",R4~(4N?‡R+MI=J-&ʉ=1jv{efLqE&=Hm&7\?}` 4R:ChLEɚ6*@VˤA Zs-H;KK;vjo55yEog@c\&'(fF bjB=kyxSȺ+26IzxnALEBb=!k)SRI A4["[yT7U?Ƀ[m 誷Ɇ{vH0)o`Y}C) Ip'SGҦS؟Б/,R!&G,rŏ.&A%1's9 =GԜ{z R:)M*QX T/a@%SYَv"ˣ!b+^M)PT@I)NލWHXyѭF5iiP]gK+W/>&s_l> 4P:oY0e'6/ q!_ߠ3PTml-kѧ]X&=}Ӱpqm8QSӗݕTmG(PQl踽nTE 8-PwvS[|`wxܜ@>hRYPʹ3lVn1~ImC}>Ih&AƬhPG\, `+GQ,sfPzbYk vҙ *~vf%jĥx}4T6jgsExQ=#OԴjsO#c{<<9tÖ%,]Zj8,07WM _كxeN)ĸ4 h ܩI]if[י"Nb %x -W-!wB}[2ϕ(7JLa6?Jk%vw>]|g Wc=6 X+::_DU 3g[Db64I+pڬ/qeujU瞳a^SS\2 0hS-jcXVљ?2Nxp %X16v3޶JBqwMJhS{ g)g*f}1Lԝ/^-4+r!_W)fȐZР7}} Y@+l%G2MVJE+Y"geo$و_,I*@ @E*90&z77e!{ ;҂ZU yl%SGs s==_if(Q BiDwFg @YV:@構WeV3A򫠽-N3#$YLd zqt/+ W}Ǚܹ衦t%P+G}뗓od E9S69`u*R1<΍}kD O͈qKUbSWq ?r,45tKxLJ(i!`c[sޡUEBGmٗvrUB4S \SrE8W p3 A=o{0hƬYc'PjyԪ"ܜ_8H? 0&ƢZD& PXgH.+ 5"$,7SGoz~l̽LcqIޘKXmBZ|| ~,nUW#0Wnأ<Y8C-{!32z]2T{Ǡ) .{n=W l #؏8MV݀|Ku}CQw;͉UX>{fQуJN온0nt(SB9Xa+%T=1cZo~!eıCH+ȁZ(UR"Aeox2ڃ bϕ7*К5aMiXwK?&YdA^V)d`m!9-Sł'gլkx=\ *\rX J`>qs]xS5 v0oULm:k`YJvnآ4n`&+HΓ$v {47ߊs*Ϫ`}J E\f80qf4z;{_x f~[)14cvH<>tv:w@XInX3t)r1(Ep {wB*|U&5H$h+q~:/aXtր I Y&Φyb_c63fww|"8O@JS|f坹#U>V&><1+42AJ D`eiֶxPdZAc|:ꛫQ!6xPk%~Z4C4uj#4<]=mYʗ@? Jmh tW}w)Paq/+ɓbѽ ѓNjI2-X9>ނ/y#|k+Sƙ!٣٣}Zs?xCPTh{fix7(B;!Ǧn%P r"QIAF._kaɬ"ig o%7znښQR\ipW$}|捀Ԙ+tR9+8]^W[J\xn\Bc7dY9(n6Q rq5u[rvi1?LH׆"#Z'rDhۤN kVFHtf6Oy\9auҒNҁiƥ Qw}RGXXH]*ꍄ?_(`&S8(筱=IKljΊfE 1  ec~(?l:?,\HEXL>UfU)6y8s_=f]<YU/S&#`Zw+OÜRDOŷ6}-a*ioVp?R4&}H:°R,%_YPҾ|"?v w:u#=DU4¸fՄ _y[äeڹ؆'h>%oP  BKx{.Di:(NY"q;®T~ɳaE+RmCS ԝJP q'SȺ<B&P)(leZ8GVȒU{(-OhKRAw{ ^SÅFr123.W%8,.LBO@Vh>f O9!E<<3GAQӼ^JC㓯Oz$S҂7FCItmv iy#i[Uypr4ӭO?ll$Z5wg?75Ꞻ-1Wxv]Tw$Zu;/jRޥLI&Lds5/q5lliq>ofɗt7WT@br%j۹Ixm>'QG~l<) KCqe._Pѱ7 'E4{@XU лc椎y7ԱXCJ)X۠,y%lxGD~9$馗5 fc4ZO6B"+)\OjVϦÍB\ԓd\LuxTI;` i]aAץ/Qry`sM6h} 1M]W/BV55%e|Nhbi-aؿjXHF&c!HK< twsQt[VT.c- 48YHpnR2$p 9 +VNH=~OFh{߼KP&rqoWL+ae08Qo$]/+YMUo[梬=j>@,k3nwfv#48s~QS = 3b7]ki'>ɿMװQKi"gGy*}JS,ѿ+}Tbl]Rqccjxyiq*X/@O%ρ(iW'R* 5^}kY)Jn9e}7̘EĻmѩ;s:rpsJ#(RXM\2`aREQdSjC-F=|5PwKj0Y ?*X1l=kVk7@M-Hb \OlqbupyЉoགྷ!wuT4drI q~>iB/5+|3+-ny17J xp-eUGzֱrVVr[2Ch+`5,xиK>GK$.1f:5Oow HdŝAFHb&X@qrCbI-%W:mQ˟͕Y09N.2s47xl>S'V;sQFpҶ+=5S_d3ݚ;ID8j1ͯm*jꦧpBR.菍 BG;/??A(3E'1{ I..I`*=%3ɘdTdn-V$/?] wP2`(::+\|:5 a/mV֫GMo\1ЗArabK~{41<cvŚ;(7Rq]4i3Ƃ#WTsh"*f֚h^x*_ͲlAXaK#175м #mrQ)﹆]GTL6/;aR$5?}Hpd;(9J'y2!ۤ1b>aUJRX8>l9Lg`jvuȂrYGfbf spTt#r5#N2Zt}lf0tO滄ӧx">%FgFv=dMD@?.&IGT<-hEiXCh2UōЬYeRח ꪶ#4y'w|C:}e&,ă: uP~`|l X8H,Foq yDNl4 t寔DV`J1kVp`y"BێR9d#Tg-[~΂iFV|iDt)5s-{% g=Gm Q}G+H6B)#z?ܖNCȸI RՃ7<G;-BXw,ߴU$hH#;i. #)Piь|1UG;/*wEӛIh 2(P6"{ܡJNv+|^4/ ?{`$9SseFp]ʳ JyV5{ hϢ a{N\qqtk9sf) |t4݉"3ф+%|/2"x)&劉_G1͸ƞ Q_PiンuG{ON/=*<~a Ɲz"Pփ^ڑq֊Bdt(8Ft.$V<Qz6t,ͭZM^ jPaT!s^ PRpVLV@9(RoX ,b[rp7GT-G#he}A #HB'y@)X͠3|2>f4YLa𻚍'G'iv1 FC} .Bbparq)>4 - #]z8PT)ښmoEzuT. dUr?bM9JP#l/QObP?C}J4+9`d6U|CduVeQ?G|zu@:&ϧ0^;h`E!:Ͷ#C&D?0[* 8$n]4Nʯ 2F~PCP0}˹ҴL c4j-GWٺ9Fۇ[ߌ Fioͻ cj{MՑcr:̘#N I$Z~y7+?Gr2Iv8I;'C!@ZZ"%ro*yzU\ݽ>:Fzao- |%ES& μ,#3V x2Ơ ł$@8I${{Iiz܍b9Td:ҸdY}67t41ae!9ۿdd]Pb7,ƒ-+|=g'Kx_XwrI'NtY=rjyQ٥սwH&Sm˾y; axrR[hRPVbi$&e%KoR)̩k)]lܙ_F|]" L@˅A5<8ԃik % ' m~pR}gk`q`w뒳#yPQx DDn53B; { X`oYlBD'jn/؍[orZ ([l#/uV>& o,b5?Tu3EYV"Nflj8v\GACj7dO܊ .:ۃ@:ߚMo<A-{4O~r-< fg #QsF XK3T]Xp@H>L%Syn/{R d-Z~`Xoeӎ52xQbӏGN!s, b(`^ZOs?PRdy$lCRx8nB?rR gͩ>Xjdm8SPeպ1:r'bRN5,G.cV![w}zj,.:p_ZoYVtݘi?9[l|p*$)Dse'h{n;=u5~' ˎBoryzr?lO<eNȧAkQ:/}3I j|@sQLgz6e0ďׇ$9f [ԣK kq#dE:BTLɻEآAM4hAS&7MÌur;굛,M=2F/XCer3%eߠH C+ =悞jT_抖&Q/FRofݖ{-LE B)EkW٩f]i`aߒɤz:{Vt1c=Å}M?.Zbq[. Mih9O0F9~.]O9B6+I E]jdpnJڦo ښZ~ylXwu <v !d7wTI^Vwp^wDX hŒܯR-bhqȷd1Kv. r"C~;h]Vཐ1LZ%6q )AVEyp9Rf%ǝfPI٪,^ prs;k#Av`XZvݧOl K{ 7bv՟} Z[z4OBv:m>h6?F?1~.@Sv!D,4&RF'!a"S;;`W7crq_+/3Mb?1(~jOOp*JV|]bHd+|za.[ml֯2$1{iXL2hg':R =[iQ2d)VbwqfA$U2^~523?W!-?To $!_n5{eDEPl?<wK;8&Pk53m5Ol1 wqG3A DAm~x:pݯ_ZWdƷ`m q6ZpU.L,+ X 2ELGVBg$~,_T Ê-IdvX3bBvg:Pfiyn);B*O( BDpsprCḙ}FC:a4]'>=cjEbg\&n=V ? /:u΍izC ]rҽ1~X+]MWO ܲ^3I.%|*0#k*06o؆j|8eL~A؄kjD>3&;?>99H5/e{c`wZA NS:Sf,9CX(|b[[ +U;GY89O|Q_k=Abx||ܒBΘ8ZN1_ݾĒ~ 2% M[NэL\XS B!{(d. T?]gOwu8`iś=|ϵzm ׯ?HbfG1˗jjrLN] 6ȌьյY+*~,Q9Cx,f}ta)amg;}j?H_(/8$j4;҈1+3RGx&^r>gx:퓙BXmDlW0g$LU#ӌE[U1{dpFg9v.Ciu9XyACB1' g ]BjXGmk58)nIm!~#77>Ri(B/ V[J4&tp}*Nx3`<t[*u&~Ǡaj֝uL}ڬ)ݽC~N^au2|tڱԓmei=x e' وMY1w.s]Tߞtm0.t2NF +߳i j}}8aM\V@.cz̕p] 1፱j&Mdpa4t -@ ocq|$VWw|AJ;$@0h \xSog$:<-6H~S֤"}c(Vw\Dy'?v/:'=$Rg>$_f.O>He|` Kb`s`j1lJm̟ 47Υc\j|yzp" S`"ᛁCoR}cnao2 GrƸPdTЍQw0I*ZJ3İI$qpa2, o; G1(I0砮!Na|CLT׃.X1% pYhI-smL?GdW4vfQȎYvbV&Qޤ%0eG+C}/E?pR㩐o}\WoP KVYeIvRu}69ڞiޑ&# >f3^@l}-1:z,o6E Ґ Foӱ}V̰hmt|嗶TQי-PHO(PCb T=g v<6CF8һnb04j%,wˆcp姝J-95+̠Ʊ 6s]6̹@S-\Zh8*NPTn)1r `db MBc9~ \[[sf^o“$E'}sVKXаE)P7Lv`kT #$M[FUNFp8?*^EىI`wOL2s*}#G% *=ʜu,4̥-@s <7]3 :_7w=VYڐ&gY6/1y"Oyh +Gg߇74f_ o6L}.'oc^w[*46CKcY{eɡvVL݌2:Zv)x!NBO?*q/bݦWǴEG\OV[i9c!AЧ4i'ۣD SG24娒!Jն<逜R!Yh:L?`ZoU/#1+ pxku%WEKiL 9Eєɖr\:\`+F>,>U0;F|MFB]i]/lHYg2^U0j=牞cXt:jEO)*g鶑JPF̲TrxA*-8}IJDP d^-F5!ŚLjh ,Qu0]kspa,T<-`o9&> z*k0e~yQW|kK8'Ȳ~ީIr t"LGcY|;FiQn6;/_V_F<1>}&OP,M˗4P[*~Qp!;%0S(pu{SaX$ j8p+nӜ*4/TQ}J"~s~$7^{ XrB\K"~u~Uwyqg$a;rr/L's{C2ם95YZNO(UnI3S؉voNnz騿EZîMM7ER]]2g46+O!䚤SyJONPs35Ń1;zfP/HmW,S PXSR0ժY!$ ,vSC-uىyvAq)*=ӔI$9Q1'4u-Φs;E8MAF;|^;p̲>X؆ƍ2sM>En{5QX%(JLӫYk2JlActG ;֥t5SiEY Oc{7$:xS'{ t68Fu#TL뽲Gc4x4 \D7ewUߍhC*xD-M^eǚ}E,`j6 Y= )clϫ״3phj))T3&@'k|G Kn] w ;fsv1m3goxcv;lIVdlTv޽wY4XϿh<qˌ!32.,B{XGvLS)%n!h#!cq#.!>#SUo[_";ƿi{rcN1: b5x{OJ>/-HN{Q\C?9x)FA"KG(&E݄3V@LA}ihݷ^2"݀QĜ1c0 Y5W;ore4&?2(rPJ#4UpCuXHDY=ƕ ωD~X xf j]I-LN$zZeF׈}bӇL}FWU*EUT|`z- ;Ov97p3OQ-Hm^ںx/҈ 8!";hYrUve'%]&(ZJT?!6dgЗ$g@OPbcڝ䮁MCY0(F}#-jr}dm3xY".)B?NtByZ %RlE+ջ}a,xĿŗrm`A{ Va@wY+#ٖReWvn{˵X(SmީeXCamXUYG۬vOhYmf\v9ԉA}K?0T_GU]b0[hz.*7Fj 1Ψwf_߈ V㠺S#A_>)o^%UɢtuC&')]g WSۯLgAfΐtU W\\D b%^r4CŒK“ػ/͟Gia. p+'T.hѶ3 ;Ԇ͝x|D-0{yrC% BU}Ruq?@V=ωMgƲTxiv ze]kEU;Ya1AUz.th sG]s㔄!ObgX!u6Z\^owlUTZ;eo~ͯ%QxއfZYKq6F" oy@ż;RA[0r-nK_?#JB ?LY~2畠ɄHGIDEt2Nh:Ÿ=YmwN3TRқ ЛjyEvf̍ \:B#t#9o@z;JN:4%3R>qd Xn3Ҋ22J)ϵ.> hEAbPl(}D2諝Nq9d?Ҵ.;oK&S/Nn:o#6 bD47fCy-XUZdjE-ymYE֖w^]:/J}ȡJ6\ Єt ˆT D6NѻŪSn*٭ri8]s3,P!xgV]cZgHn+fS ?T]5kՋ:eB vxPnkpxJUArtQ$0< Kİ A:y/[ s8<% :T(P?>XH n.-( =uʂ$|Gn#4+L Ʉݙ Ozs|{q6wgQ⪙xk~Ґ-T#⏏".jVK% IA84H T0+Rcz^d7hq%֔S XvBkS3WjyXX%hm=?8|: lU@e=EZne9R_8Զ tKrۖ)!g91M4bI c ^1.xQZq5a+#څЬ{xeAa(ޒ0WN)΀L:O.UeZQL]Ho>+Ϗ5k?jz=&Y F>U^3԰a|B0ʫ$bTFE_>hV&i<!b8 uZcӤgpS!I±wD!?"dȝe(G3.&D' uD8ڔ̌QJ0Z3O#CBǓGϊ||gLaW Z0<{Y M0nέQwMmbE@VJydMPb}[jQOCwp#cα\W+@PCv{8XHd]^Z<*`mٳU,71 2dQm#w9LS!+ʈ  ^Yh¨y8JƬOx}~WTC4'6~ ZYչȁIgcI>\`Q /d. 1&t9o8\Kjf WjFW]A )^O^_<^NUj[^9]aeu.ö~c AB"WۏJqzOشz@b;ɝC^ĈSm݌b>uaH V :, zXW޺3p ]`IDB49Po^Nr#aUx X00mRn(`?UhiWo<8ivalnEGYp!,djmnhN%k͍C6i3r&Q5 0z&! g֐("3}L@&n;Y(r~Hŏ BI/ jbR|(,bTp_XaOXf9tm`'zL4C7kzTߌGE?; ;hW5K ʕr[r\ 'I2#΢BBJ*W2lJA0B1nGQA'F#[ף`6ɝp5z,)؏#i?kJ,α_j z.tp 1U0&D;*HwS\%e9ڛ2 qx(v'\fڻ68WU >O/w,8`XnH<4o g.JnQ<j{er&8@AuS1-wueC/D5M5Tt#i!YiV嗫q|`>C ?AL[z%w3XPu)79w3F~VJk>C'ѫjJ- _zdcO923HRn::J_dpG"_h'@mPwip,oZ)@k(,j\Oal\gM#ʝڴ׏[g 0i< CؔdG cK1nt90R)x:`'ؘ3V};ܭ Rg7q}|TCg9ez l9@A\j%4'*O$;n$ ,v΅wSՆz;KJnFO]|JoEkHґ)m_*(eSěw\J}.RcZ$)([>%bZtIS#qKc4(0i\[kҋ% C}C}[N/鐁7.%jt'0>h7Do!5Ji#4]M @. KP1:O.?BPeFs(:#m6b?9I?18+~A-*a\co.qP0Zdq;ADLFRSzs 5!/N9ֈ?,{Vbn OOiǨQu\]NCdo|6Gʖ7nB= \o뢸P: N)J\( mafξc&8O<^ޅÒc XP{^HBN3^m )rd|j#r*UA1?~_}6 3 j-_S^ k( T\kJ8Dwэe%1(ul,gMO8|l.׽:D(뺖 2iPp?Ԥ̳IWNzdߎ3;ڇAiE=%q]Q6i"k|Q$VX[hVW/a2 #Lj9yH(_Vo "Ж+5+o+( e ?(< M*2`{.0?B!|-gM`E FZ /zdD6)6ujO\&l (=;Zf:)b976|Yrfw>t cىS;+Y^BNͫ%]:ؒ8r$_YfnuyE ǩG渾cGL`ML $) =gGH(-3*1C>vݬԳO~J}qߏ9skrsLo ~ Lct~& oRQeJ; XdNF<bv#V 3]-}O%b >:ڿ{3_J ,)|'qf ]wMM\0T`pTM_É@Y=Lzp[E*M] @F9]!pERߴE+Q Y"2~ЈDAQ#Rq {pڍVu$2Fʉ Lӿߏ7 |^>zǥ:TϾ ^砞Lw}J 2%حНIs]+GN;sn?v]8ܾBoa InwrfޭA?9PL901(Zs˪Lfƕ-@b+玬Em䝵EzJ]qFI-Hˆo"Ÿ?ЎWBVpɁS`7/p@Ih:te&K/3T"1&4iyE(Iߤo8zǼ% p@b I!) JpbK,+0(v(HfDY@юtU]R ګ+t9 -gKNjTyF]UfgXJuy&윢?$B *Xjer<ᡧL`V^cq}A{OW*g/YJ} ̛>{G4ƼjR(MiVy‡lO~#኎pO) [m0HM!rO}˭4 :1ߵ]o&lBWS%}L B< ȷFò1¥tbD JgW +~Y5[.n2 h%zJվIV3u j5o}Gc:tzpZR/>h%"o-chܘy~ 4 *6'>PĘB?Kv0:'VKRO\:.y(/нӄh}b#6]4!K+rkWbm1UwA7e]gb^;d.W +q6?0ĥS9\`GUu.6vMBJ\p>mQDmFK;ǁLsa{"OBBZ5U,6Ìx)!pqnsԏnneoynx!F7/64&ZIRsK" )ĂIIMT% A1S7ạ'1OH jm@J͖-`W=(sOQLWVfRUa^th}R a:=뱋 BԼAD= IAOblЍ 6u GIjϺm :42Qt K>5}B1o<-oaV=^P{ПD- pi,Άg6? Ψݳ?VH=D+UME ` d%B Ŋg)8D ep_U [N`/,G|L0]-q{㬬b{%ji)M۫'hAV}x㴒Z#Ů D°kyͽs,Tů[^krJ+~ < b?{T(#C? s2ww).9r5>-vj%?YUU~\Z#1s:CAk;!CDR9}J=Կ,LPP`1ܿsglPpcfp'ROs I)2khs =cט3E9KvN|}NT,̫Bvl~@ΡN;J")bEՕj u0ti9tDe*Wf4xe0LEn0֕8vlBUlʳֹ]jV08Lܩ7ÙRC.&  xP )93[<6M9Tl1j"M2|(U:D;3x)jDPۃݳfБ;3Heizdd٩?S!~WBlWPBHt|^  پbY8U' |miڭk^:~qS0U!u3݂4ݵs= nS*.髉rF]x7fMI؟](LjAy1, - 27,/~rJB[-G3h^_lR,9=]|e_6pV./*oLPorKPZs BzJX䘡@#l:sN -iu"mny[1rܓD!7wkH9I3'6*ulhUV-Ja)lI?F6և dr$TvϹ9YƤl*x9WU҄Mj^?LO@z,MfD/w'Q ^ :*\Br>o !_3Xvy?:?Gl܍tJvow/_wlv(0* |1Fw4M(c3jk-3}4?' H@ć`-U_9ȡNYz &Gi>'3j={Zgr| vyvH}PcE_͚Вh #erS 聰198뗎V _Z&l4CP@N܍zdߐ-PAfM"8{;GaԧM ]CGsZ-(%=.Xc %,@)Ӡ>Uwq&n-- KjB]':—#4~⇫^S\88nNF5cFO$ܧ1{݌)et 0 f4%aubZ$ &e^D=_ZB%YOS5hs37/#檑yk P򢙅,k6f[uKe6B tmIƃ8 c:뿀nsKBM3HE#=c `$Hq1_"٣e**b98s8brsЉ?#:C34E#䞝&Sc%(/bߵewT6bMz06$˔V(헺e(@҄7 ^_lQ_x y1M _3= #FPUepNf*xCaHU{ujR$X0Aeِ' '!NsdٕGM&Bo}5Qk=srxqAsY#;ǒmFۻU/F;3[,6G&[_s8uăyPosiXEohVm !@-y<0IR@\f|ȾiH sjCEdu/ Pւyh8Ԍ2m?VRD"Qfڡ62-Z񂠆pZ }Y1$޺"e Nlά1:pV!vN?F䫂f5e*Wi&doIbs@>d$b?B=+ioVlf܊urol08Mǿl!KUAmeg\&~ȋ}(~;KlJwIyE.᛹#I )l:TP5@Blm 'mtLzIOcM[mge *,Y]Hyd j!"U'\;R"`ɣ?ͣWK߲woRw&4R2 LMڠ!'HsHjʇiT>w7̔rIPt}/_ 298=67@uz8jmJ#6 %D9>2^:7|m^Ȃ YҥSux@sؠ7{ Ks QF W ymIm`rvcĴSn18`VL/W>ZΨl1F9sIPIroOnܠ],RxP+7%L^b0.$rBY `:^]QR)Jgd؉Ti h F(FY2$ȕ JNmFN,i$NahrѲ8ؔ&7C!RL_ v Z ׁ0=8tƪq`aŋcYBB=R}yO_9- 3>_tqE9ɺtX>]R;AW߻+.hkCyp75w8qOj}?][H_Ʈ6#NK Fʖ1nsTY#:l+|6OClk&CY\z*_ j@ShD-_'u3C`񐶹Rm+V2%7fx{/ib YDEξDK _pa †ʐ]ٚBA$\vK/X,pDHm,I/Iơ$?ⒻE~ -^B)(5R ND$Utˑ[L]:t)cB ڜg\е'e{>1ǔM N(y6)u+ԡ~6 O(B[ >fthq&JW9p7iw S*P?ƭs|-+A7t2,x/۾auW]Q)?A;%vXhPOV|5P;˚;Šhx/=X~\Z651 _A,hg~%[[p^lgCD&2Sչ@&sHޣ1V2K]b&ċT %~-]n~8ӱѯ45g> JxPe-}O%tr8vՓؖ?EckLLe6J JXz}KE6h_H$_-Qr2K qsRUJt>}+8c)Ѥ \]<9JnS δ@. /zK<#WpCw &(x-xKJfu?a"fVHR8{eηi WdxjGsL"GCEM,+*B.Z%[ 8*lw'Vg*(-~ϚBg8 +Xo1 IԝpLXgyg;TGu MX5AQ'v(]$mRtgKV+:sVoڽB x` .ѸH1?YG54(T9C)ݸIۘѯQRi{^xBTB11ϓrR!S~+<ۣ_M=pu׭ƥ5 *:Odp)@aa:=؋c3f-2Iayc?Ʃ>1 2ukC3'$Rpsa59CG'VXbQ}I/}l[3ސKhMF*/n ֬x'9bhdzQ lg- y\ϖXo At<'t;c[K]+b |[Y;|ZW'ꏬ=zyjhUd.UA`˒2|;,hފNM7:ƌi\k+Hflz8A);23f7qɳƞz2Y홎=!3cOW)Z_ȩNPpE }}Y>4kަCvcPRI6%kx nV͇7C s."R"#X.7N|2$ [iZ <9d_mJ97r=")˺ؕ6БveÇ/XS/h/ZHH9L8Fw8fh8Ѩčb]_ip6YAVVU 8QY9+C=c Zj[vs+@D1oЉcN:Wp cێ9@Bi;M.YdHx%H2Ay8Wgb tlwĄۚ{K[=[V7"C&LT/+9Gי+q>0KPUuȥigd$'E_MXPN<+&7PIw B+< 7#c>cbҝ"\YҲ{-x[`JEz23kܔ}XJpӄNŰ %e/V?<\ɎFZ ++zX@l1(ä "Ka䂹,as4 UR&V:xéNE`9h7*̐d kk·;8P.;HAcBM~*OQD^TInSXF14z 6@oĮNH&pfyFmumq 43GYcbq yP!Rcw^F|c2˷蝹` ؎5f[rcGX-fq5= e*11Lm; t?_tRJ$qy&O3kwAWN[Jg{^鈳2e߸JVqqdn>j&Z5ąBt$E-I org1 W*)M.!4A[_&L@Z$:nVbC)GRWazA#3+4NYҋۯs=?/h\Ty> 0^=(63CX8|] l}_`ptx{uf6io%՜%wrh¬aCiXY/ M:;t>fuEEL(>s@+f{K)Yv3uG`Ƥe?NH+}z%uxpU^xR%li\H܉cim&@ϝ^lA(p2} ̹!Nwr6hI~zsS$N}-" ^}58dV8!t#T"J?)ip;˝KB2$_CNσvʹ;nj".|re)еUg{w(4O":voޞRPbѶ_+2ksùR)[Jx"a&xe}k&Lj BVpoJ!(Ѧ357m/+ɱBeyh`P3VK1>iztvdt=Ȉr/LE k%o`+`i NcܿO%UoY 0_!,.Mu&!Vm¯C~1dL{دy˩R@!sD5=e_mm%IO}.O-ZSRV}%&Xn< ޫ_,:.ppHN0%F/z i:;L'w:‡qs驣NTZ?&;GWJ)[۷MSقLp(E7/(}G PѠEE$q.ߙ.z}]8ק8>ifeVơ`hS8,`f5,Je s |HyD-zxB%B\EךNVEi|(Vxw+;u[ t&Jxy*j i` <.=,rHRzj:J+S:&U0GH_LΥFP \ͥi\X! _ aVjAkY5t249, (6m.a^7~uf%\)֘{{[GAA^p}~OkY-VUa?NjLk+hS"h4Ik(xi ˮ. #yjA?i< X†kRaGgYO$Ԑ񲗴C]BC"OoKL9_s/!CFPeŴ_ocWC4ߪbKm`9Z =0N^RkKrX<D7i,(u \zm?IJ(F=ن~i~y(߇CSK طσӱCU]GEoLk:2bS=iaJ MA6qf"zm;ᎁH䳃nwI1I6)vCqDCLX<#qk! uYչiئ;>qd#˂X\93JÝ15~Y2Fu+,+>E$y&hkη.opL1 rI+1E|{~Îi}̤!v1F^17LyT dx5Q8MA[ʞ,Z ;^2c(?3'*WY1xPsD."_' c-ޒBk'FuAA˛ٺ'dG[CRGO\r5Gkl)Eʤ!8kC.ѷ )޸N_Ճ <j mrDgnWQ2&8\dۭ6(-7 0Ƭ Ӛ\3?RӫcQ *d'6KYWySn#.t* r=7Zov?MI4g}u_+ ,&R&}Q Q7oiUkT}OW,ЅXkY#ϧ/ 3w,@, NTjfl r ߁9;s?RHkv+"-_}>(¡xLmuqato46P~EEmpDΕ˅Y=}yKnB^9ڀ' %EYfP9EVK'$荇RҖ7WyjF1606yI;}n@ 1iw ۝= tѺ⁅prBMl/qc*jͩ+ԸkGqv "eZo3P_φvu躔+mĄ $=v4,ֳ[<]&Dx-:6dAV@)7O4Pyti#5꣏<e1M(D%gT)$2VRzQ~/S Ujjq)1TD\lMgM[2,,Ϝj/ծꂘΕkF$ӓTHj5i2)u0:mv܈/3 "+ԇ8x>ȍD%2FJ>hq4/T0"^IBiER\IڬkR!gR]-*-BP[fxx'+g6%by#ӓ0 }*3~2ntʐn'Vsr^BQ-Ø$dP)v]ET'e&<}adR|_:D+n_!JetM} b8~ML1.4ӆm6/M?^i2'v0X $Zi~ݬc_iV%ؑ]%MYWl?{HTK'V\V%*\=f?m4Nj?ʡn rZő-ATO cJ6}~ CN^>ǩHr~Jqxmtd=>W=QCBIm6۸;I;Gaqw1O{kvatLJTDZ|'B]1V>h @uLv.ظ/J^CkSI)9)ph:~NJ -3;. }~3ڿ_Ʋ(}.AGEemyt\\DNb qOC&fӥ{c{£KlE&eaw`r4a%-,'ZV՞hZ_l̯|w~%7U8/d"B{zm@d 0 ɛ0 DI].mRwR|h+#PLWWGubY& DJKG60G?0p/px 9y"T܊fnOmto~ɋ8b@S1ߌm>; ?Lff./tyMCڸ;/;/ՐrixPJ$)t36dG]~w$ҭnVrӕ|6(؜7:3.Lrn&C#ݴ4֗6שjс#0Z QK(-ܯD1""G 6^BU ?Q> %{A'EgS$ɑV T4i `> YP)T>-I 7 .LarT|>+JSƥv  3xZ)ҙ{@$sĥĨx^iRs? Qyw 2{^ :Y!iL[Ieu"j48Aӟs[NB7MC`8s-t9>jHM{_%A1|ۚȭn2MfS zQ@'M~I.mw@pbeJ]U6k 1oD?2@sBcI"p/ۤQ@iv2s {c(36:VL*"0*P͌kYrdʎI6_%?IJħȬIU@L=7ܺńG8!Q-dM&~I_.n|an F |=cXc WӁp!\y,{%4'l^~^VaF񢍥t[X3lYa.JИ]`̕}(UnXIq #'ՑmޣZ\:C׿ \5UgU:i-ڴW`t#*#E%=$ B4 be4Ms)D lB%+1<)q1,, ߖYBw, ж?\႒L͌2M}7:'zٱrm6̈I)P[(3Bo\óY;iQtfR#MI @%Č0@w2[F9'7kˠJsB=W1 ̵~oZa0f3ڌɬ74&j7I*nB=/.kO܆հ*c{L} ( lc'1jЁRրӫw9]56[z]S/v$Q gfIE-cq{ 4`K:Ǎ7&]rTz | SgN_r,=mp<$Iا>I͘>1\-ذiҎp0+3`h>Wyhq-qEЅXj)3uBLpo.W#"k.j?1D$ E|X`Wپ p.ibr_ڐWNr,*#eAEث΀[$>b )]VEqNJazMg9t?^%f> t{,UȈȞ'r?9uu LM(Ca'Su(877GyDl^BI4Pn&b|C"L҄ha!CөZ`$ K?r|nk IptwsӪsջe@ ė"Wngy?yZTKyP_@NqGBgM)JP3`2+:)s0}pfgqJwՎѭDŽ/q]A.Ifk欦]a YMʺsVHp>rw 5j,ZHnzTB2zy6iD^mK#Х&t߃:~#!hZ+ϝy#p7)sS^|%Щ.f-9JGv8=Mdh5Ad$nTW˄5zp7&1vRso-X39 ;WlbxdH}" BK6[lzlC4,G{Hԭn)?J]` c.ԧ;!uG1A TI'H>Py%ne='GI3S)OCmMMc [=oйڃaCKkN};Ym,`" }ϒsܜzBQD7t7|rcR$5Kf_\vⓡY M^;ԽwHn9HB;k(]ڰ?MaH MGitvݣlLcD}[.:B"~vjw)$u>(.kfG-@% $u]8n:q45[0PVϏDB+XIOGI[EE#`*b)/XnDtvh['T7@a lBSPܤE8DVX\au  ~ji!?5g{!պW&r:sH"zxp\cԅ۟цEL5jg-/b⍰FeɥJ{z<4ei :(lP-bPoeI ްJ=O.Ŧ0@~1 pIw<NMﻀW^s;] Lo,T!q4Ģ jC8~CQV. 52|ףa%4NAmzHro%f|"F"ܸ$M QcT>+/u\w\gC ´ \vhwz!j@KM{𙫱\x.*d,zhZ'. :f;={Lo7qv AuVuȴD_1M[:G.8i0ڞkT.ܶS3Ys:OGߺkIԫ8|pho P"->f@}~a_EHJ ]3.(9$Lu5/,0qƒ>,J؃jx`r,hEl[eaT3>#&-@i[:e11`VҐMϷ &6A$u&H "3R}qخDqћ(>~jvQ G\Qo4gwwyPv`7=2(2AH)yA ^;I8 u-omg90`Θlڟөco3Kև`E1$U:Ț6-N9Wj ?_'#4wQ>%g}&:Xzi.զ2_f 8>}T%1_hdB  $u#ApSQĢ50ĴZ#}2ij%39>X^v;/Sް !d2JS`Ϩ̤"(0#"Ga{Q,YJ~E9FmB/ b 'mS&0 v90WYɝ1>dQdvVẕkj)paA [w+’rq,`tϸUQ\۾}*S@E!k?ق/ܸ6P/";*6 F`k9PY^ܵCC&mK2% }[>:1ʮ• htA>-(~]:KX<# QV٨ 7ы vo}JKYkaGǡ5[`WTRqs/ "4!znTY8 b.v7Wԇg~Ɍ9 hO.Tюt藅FrP,6kvJ1tY95s aGUpPۨ=wި78<#(Z4n# |.{VW:W]~ Z*M䚝D8rwb/whw@@z5ERQh~avW|&~{$(GgWEJmWd]P1ιsS,dOZR"DF\UǼ$?7@86}v8k{pHô`; }XI_oSxs@n3v qrݒK`髾fQqs9o :U\9ig 6ҢWFzU.Qmč: `h5zؽ6"d 99"r;A Cs6rVBHFlyRqIܐHQHE쑀S  #R/pA+ѾR;BL4'Č~(!U+YMwmitP0 K/k űy\os ]#M,_Faö?YuyU+IPEQQy =h&cSqqǵهȿ#FpKVZ'1Q0|ӣc2hPB"4]8(V Vs:ov`TYvAmDV9ii0^+ `~ .2#KєX`s˪G3\mϘ:Ձw 4%}KPfLmZR:X+}N`HlB@FTe_鸨p0l`ԽcwO3,kR`_A}8 *< 6RFUi±E.ٔВ0.M,`Ɍ6xëؕbֿ(mB`8k+5~zo.uE׋Q[-O48v'8P.-4Ͳ30*z\$P jZz?Wi\{߰'=Rjy8_IW!d{`ho4y _|% t)`"M-qqfɕz&`ݝ%RCkt#Mu#hXgb9A FSZ?Z+z !MOىɏa58;ܮFŒd80{D5wң®mflEZ}x:$.Ncs8[@t6?m޲D Zآ,tbtd?bm>}rK$k} zf .ZypllQ)L+kF̬N] 3ǣ)n? 1 a)XM"&n RK tXb6[0 y@XH񊩞SC/ L}[d̄wai>`j̇'SUީ1L:Um Q\yqcDYg OKS9f\rȃޙ1}f)8!W TS_ Ã鶵)țTGk 2y^vê(/]/}n9, 5 x--G[y(P:at 0_ ۽H'N]a镇 -/97Wę!DhH/A{K:O}b;%!hX\[?<4:AF> Pz<P 55VVbl7C̼+L [N=|SoeII[Br # g>5{HBHDV~O-j\?fUt7hܤALb-/Oڝz~A'No*9Ņyz D~|Uh.9<  N™|oR( ]Wh Ao)oO1F,Gϱ,3tw{7ў߾o2xUY+OZ؄3\0R }r(ːt_"lx~Xzk`qt=Bo_YV2 {܀̸Pv(X7]o`,߹zJC|%$#2`n@q9BNȷ =`_V}c\m" ?w&!7fÌVz2떏*M&]AJ{e}tW&"{SYQ_+4>Ds`W6~=@'Q@qnlqcmn͟skJ (sϿ@|j_cm[0?(CJPPS̿V}ǷwŠe,JݘoFSӓj'ddQ•Q9Z^}=񜒪"i}Q?b]7BpA><"ߒCZ$k%9. -¥y 5m 8IHz?{v($^u+Zﳅdajo걖I}_oD@p.E9k|[獆"N] #$=@cOيq^b$SCӻ+rTm&YEaF n_}j*ARNvj,$> ϡy+|Z+j$a,{<(-Y=Hϥl2vc |3nfr7UgjzMC.Q4 <[^!k(Tg;/:iJyOZsxLE[w\IN%w0|ܻ牚>+@*Yh+$"&OsQ_G#&XB]J`"3\|"Jfb+bqiٺnE).OgjtLyf"v9F?yTK荜+'h^J O?[We<ǶO^$VbHRDs( hŦw>=8R+Sى(m#p{>*Ζ$Ǚ:AwLZPT/ u 9Z8z6-eAR(n]]aC&*N9`H ¶tƟI6OajunӿρE-A?XSr4>b2p.341Q|΅"*7 9'Hp[0У$̌q^5;.dBڛP&7fH-Zspo՛ǩVG}Ȉ`Ç$m?chZ7|,EZ̥($a9;~5N0ȅ0jً;jOwkpw?3g mT;;)F }T.e:S|/ћbbhmaMO^pdxAe]3mk1 e[Ž7b5?셑R#j?0; ^sCթ@E %da_eړBTۍ ޣ,$Եљt|o* stB7#-s6 NoF@)eᓾ'+H 4䶽uKWwNfVӏq kF͵Cn@JӍ@xə~K2:Gޖ/Jj.=hxmF} p*Fu/K?M'Q`  W$;SO Ҟӂ-;Fƭȸ'Ȅ%jć>e.z']JcWa2|\Jj/IV+"Hl?+'4 %g"oH%coO V]g rٟ2uf1ږ"cNmK=>*'|yױ#εUn݋r瓔lfNv ; $3,N K 0fUmE\C`7z#Nͪ&;@vmӧVkYU50UF(p;XE[A+i<|k!saAM8,(C]eJO?M K$n0{dvf@y}v K!N.1<&??Ի`H)WbSmlهqdJh@M||Q'͈hw1 E$d#&{?VɪJzM"n8BGi0K;du.h_/*G:`*#N1ٓ6jCePIy2#ϸ?pb Fe&3Z@5L#+䆵j#SZĸITwFmDѓsmbc&ڐ0ICzl/A885Bͳ쬉 )2y+,Pb qLЩ}sG[SneT!SWI* ߠ%G9kVy =#O^uњeۺt/B4k 7.\XQm(ajn"R4 5_ |)$nr6,~{S=?@U A^㭈Cj"rؘv̪~VZq 9w,I=⤰O's vŷ5JzIΗT=}f"B߄G2e?ɼ[ +3_Z)"U4%ᕉ*\vovt"Gie)>QxJ(=Q I 0bk<V0R%xD8觳[%hj `~QJFj?)@&=~{jTӋ[bUBrvQ&gI1c3L>:B΢3!+&Pv>y #^Ϭm\gW-d5Ѻ"8*<8[4?#kH i)7F΄::&N*Q!.q@~aF_H ێE f")`hjOOny<ΖIYE qz孲fծw-lI5`'+n3mۡ(`,GZ ^qhdXSp("B/c==nr8bLcD7{bw@ 6U+`S3 0. PSo1ʼebw՛oؓ =DGt9|uX0[vZ"3ھtiĮIc[CDD"COhĻf@ܗS)D\R_)ϸ=067nuREH x2:mtGU 5knFKPy(0< 1DQVIIټDPYCH(7z?DBgtΛ?qТ.r}+qSt{⟯HcTV9ma ՞dlҒ: pd^ۓK>Q&j[)W'ܫlΖ>^o4kpByNI) 8 I &|^kXpk7J8u5tXBS{'uP/]7, ꔫʒ@  [ď#2@m3-v} -7q &jYik3PQ @UxCztbI~A垇 ҳUݛPV ["ڷG%cEw9EWRaG{ŒC,w+tf3 Xz@о*hx?AazE`C!f#mnڬ"`„-%ߝ$[ZaquҳFHlo̰5FRkmlOpMj}p5ld fI1 Ed ,QE\pQzW'vߴ$6%mwzY(]ED5)O >>-CiJTbnY u}-&k`yu{`N/z_KzHж>%Y%størPw*$koJ'aՒxZhSQu~3s][9KAŮ :k9\Ҧ,~[ȾWU <|Vc8j qk|z+02-tOy Jp_&7\/թ=EPȔ*1w9^^f* 5iV4܊9DϬ; r.1R[(*3֮/DP{G' M16\P1Klcvg ި!]$bԥLtҙ͂m)Nȧ@hǛZi\F+8dVTdO.t AڛA`L753qq‰a3N1e MNcH~58!ఔSvupƋXvTU,tLz}ᤋ[IUݫk&9ʺ$)©uI@VN;~j!Dw2tUJdDFM<#\]4!%D([$ŧs/}K&66+.pH&+knh1|& ZG&ܶβJP=$~wlt".˓վB/HNy`?hZRZjƒ ^=RFwLtҞ;BMvhA_KI[xjljOTUSfa\tvޞ{)ם4>Ci>&~R#/r1CVQZ9Q|-n~@`Ñdsd_$#pҹĝS]W̼3Y_ v|gX싾&e-섢L^i"nwƕ4 vL#36-Q\3 BUg Nz!:-$&r$,% $C{.H>˗u5VL7ہYy.\p!bh2x тI@1Vh!"g4KچΡR>o/vZKܞ1ç'joQ\-JN4[_1/7;SLCŨ-4;n>8[TmTF^XBho{zZJ {Pu}4CP$_kK%Tb(rm|U!'@gT8[;,"7]`Lc؜), ,}3/p`3(X;dZNӑz^b=Huɿ\lДAbֽ XsCș/9{q%A{i-y҆Hp/p#!@MLL w pS|RC 2XP^:-wx݂sJ[<^Iq8Y_A'E 6:350 @U:E1uuj>ٴT_uWfP!W)XmO%蚺`f}+S_Xwvʖq2yБEI#KPne.cDF?<%[`TdU f`+(aa)ƟO"cDXP1m5 |RcZ (<&Rl6ͥ"W.7qvP7RX> {v/?0:ASN8uƿ]>.^<"h̴}&zcSpWn%[P[1yxhEZ,i2kIR-t؅gduSOftisJN"=Zr+Āʹj44)٘,,#Bg#M8V,8,ywK٪;w/A$2< {L!> gM8'wSrԌ%*55rQV bh+&jdD⡫לؘ#7L~[%CJj3zYbs/ANXfh`4UMr}4ЏI[l‹grR|껇 ”c\^W5O~*)Qgl"FL"}= UbBa imz? >Y,]޺hvDuј2U?Z]ЫE[D~/-շ%COB:@-fcu qMC:ѳd'!,9~KWr=N XDGGd萤%Tc?* !HQ1qmMH#*Ltp]a=RyŻyS|M")NІ>'ڴ?̯"#)_gIk:5N2;KqRH?$Ԏ!^K{yD~4Eex1yn9HcKEO8hg+ +xXg&SzԐ3(1`흒nwr Xv{cY "8?i }e X:TRh!PZb <1eďD+t2RQ2t7Oh? ^: :a%.ۻ,Տ7{!_4ğ _.{`V#*{~L[\Džb?1$p&"h;FurG`)92`brj0~^Y]rP*|~0۴5Qpy]r/jF|׈Y\QdMZH݉&`1->˸B)75Y>(/O#RXb+cYhWB0%"ؚ-c\<Ryj߭2Rp釳׻)߲4 p :ODTPrږXĆQGSBAm^, @k@nX1-l~ܽ鵐fHrQϠ~!'tusY])&9+HbL~bA9DnWC5{[~#6GWR^t0M6@f>NLMyIGf Fc">bKbPu| 1AbG/sXEf k?˧J{A66zƻ3ǮPKNojodϪ)VF> Y:6Sx,E+&[y _+c?/akPL5_R|3>5<-{N:|bd3ş'.n8Z€pâ+!qά!``I .G-穟١'@2[LOXҭu$XS:a^xZdVQ{>N<%azc0?;\%zaGH"zyga l6IggXE;`3Υe'@KMy["~#J&A!+^H>5mHuY9PA͹ig64pLkiDJEeo%)%,ϢMZW] \5AD8zר>:-4fMOnT\-r77d`Cft\׆"WO{|%:'jr1U {bx-ĽZf "î,i;WuC\I}X_$5O{VE0Glq_̹b p@OȺ!(pyũ@c\ WZ~w_tw\=$cjeG#,OG%6Vzj%~zdGYKjb}Vru%¢gXwGQW1mU춂rnu7 [ /w'3!,RѪlz$pA47?>){Ry &VW&6ƒg?]h^GϠςA~U9 Lb/yTm |)C)^v|RT,>M"Є&f̱ѠAwǚ8Hz+֣*\H,G$ދSґdi.rD[28DvZ%FDpptH4[܀.񛄁bN?˾ZRq Vd' L$z8D4RY 0iˮlIb?C LL1dn:x2I>nbh!sTvX:_Աc3||bֆi@d/qϮȎ/9ļ66S~Kh8g;f#HT.{HM_xK|B."VWJ:YU ~ 0AJ'0\zb')Z?f`}G[@Լ*3H5Ad)7o6gx^8YS@YfϐA2tEajy$[i=bC{Ju,YQ@GAs1"MqJ?16b֗FQTϏ̾#ǣm_藡~!¿8hyxd/~si螥Difv~wOWXAq'a82KZ=#2]Rl+wGO6؁חJ5`RX;0 jZ[s0'FK ?#ﭝWpYƆhw^"zx-31 }J!$r+b-K#mpV7 kH!G˱p IhjmXm4=C3)'cnB"?Vs-=Z)ɒ5h㷢gHcDHinuRR+&% ԧ,%;.b9É 4#&CUǑg3K F Ƥ>BILIMI*@1.(OtA<r^/pUSs*ֲ6]2[?mDf:0U,|+\>sIckEQÏvᏎ(Bpg_.$׏]0> i\?Nr>ŻD#ӡ#>WH xOeYQc.{ܹ I_D ,3z ]{Kjfj~11=W. x5)M)VdČn!?42ȴsfߎC}H#ȤQ;%'ҏRd:!˗33۪ @Wkk.3풬ca'slm޸!5ѦD za>rj+$E$THH?7L7B~^X7k(=~3ё߼E &%7g }[Nly[*e?Df7:l PNBepMf)2|$u.HmaP;io.}0G8&Uʾf~ dfl (rz m,ϩ󵐽N~m&N6e|RR׆:poǾ%<"'gl-փj(:0苿r1OItcE~۽ׂs56!Jh&J E;3>qنn5̀,2Xxqݞط[SMS1XZPQ3^OR"U 2xK'tzZβqq̞tf/fNWsĭؘ@ /8nNkBO.ఓlQdy\.;r^=> ?0LIB=RwDi ,85ۤ(hV5%%-@vjPq S.Pr0kj%g%QSR0W"OYRVFaj[Tִ|.zyG$s`Wc dޝT2M̃cySL^]~ʥQzLMj~NUIDR}Zf{Q_0d22a՞o w:ΧP3&c$_ӗ꥕E2p=V^7DA\H/!*m1oguZfەH}CEQuɊ^e¶(X/t6:[h%^ᢥM^aX ɥ?2fPXT*v#UȐmMJ a^bI&c{ֽ=ķ 6K+ =GV)Xy6Ba")z%eM'$z.ɇh}U$069lޥ9;4דk{gdQgۂO_@ uC%9q7wi]m=H*U^cvkߟ'( 5yEkP3dzg17C.57pS{p~DƽQ  &*S/;te)x˘]36m['q 0RwwuТV,b%(ZGԑ9Lւ=~cWv ܪi+>s+j6sZ;7@ Q=/@s6zԣ9赍|MMBd1Z 9ˈM[{O!߶Olmc:a):" n=n' lh]}U<pS]w@)~6JjLA>g633R]&$mD]mL5Q_"E<93.A@`V*~ k8BnD`UR>!Ƥ o'Rzz*x]HqѬdyngTKTxcF|5|LV-gFd iJic xv28;#QgYfJI[#70C-^x\YҖ詯$S2$EUuˢSLc7D?)aT4"brWՀ8zP!ɛ0 êݫo7~Pp{Df@!>TW! P`QHCi 2&RF>2 ub]agC,*Xm-졀S&6gyh1.dZŋMRǠvao?w5I뮱CTMC8S}qc!LuWT7!JHā'a>hGrX]Wr:ӊIa$NK鵧.y yGcEɚ-~ȭrlH9 t*8O:`i^o hY.$6@mo7gi $yU,٨"UGrjD,3B;AM#ŃXc\~54rߴ`<~쩫>:Lْr1V-I*娦惬p^< ed#w=7Y(~O97`Lj.$n%8^y~N/@ +aeV6}FᑬMlG@yY%剼gM6߻<>;{wGDHG]kSY  8x{q`@?P\wܣ]3+P.l޹蚯nXk2#pgwJ9[/,)QKC(vΡe:|cnI%V>Kƅ\;Q]CE6_I"¶Oo_F "AZ럕ݺb$AGbE~6ջᾗތZuH*Icڀ݄ygV|dJKMeX*#%>ֶ>I!aij(Ju>jSs#(؇+^4 UnIlcdRegf+urcr#$#܎3AJϚ4RDunloiRoK۫[>ʀje܊3NQ? Xȡ3mbU>~);t&STgX1P|0QfJVЇ.q#lE0|l:'RMawak7GߞĂY/pwcN݇D%3"Nv;T_WBq,嚠aA9NFc%F9͆ĄaH~wڝehQ-j(٬QX\XK'ٖFKY;܊6R:gfذ7SE9)c!CS_SJp%kǕ XHe%i49½ 1 h]1oLº9f Ⱂq{9AWIAsVDG}~j@dluyp@"I=*g H0-c;8) LeL8,*9 SzܦSns( Щz] ;ˈخ ?F:_T3IpV8?Kܛ.!υ]EL,T۰jr:DxeK36DrL:Jm n]4SWS ! "s$gZ{Ld_߲nGGy<-IB]q)#oETHXk8A^a[#6"1tS_<uj:{ Wׄ"m $Ea'_g򨭿z1;cڭgK˖eX%jsz zPHkX7_ZJ#;02M%QAՖ`AoRY7`dA4I_UnCc$B3vnKIQpGS- c/{u:DVkk ᩝSr1(OKܡҝbEĹbW҇_I2#Ҕ'Ğ'mp Ϟ6ZNdmX<S("I@q_KPݞvKGl9Wf͞WJk|\VFF߁摍 ﰈJ!ÙnVzvl)׽>8I)@ ǜ=7 7ӻT`M1 EXn0[cI˩Zp(ҐOG2]dM&'wԇtQtH/6pSo=N멳 0u2ycbYͽ "p6!$kb4vW&Sdϼn#2EC^{SaI08*/b ߫qc3aɣ6d M(=CmHQtg#5ppZI>+IsHF R\\Iw64ud$O-+HGbl〲!ڠaǩ9{F4_um<@p'TQMS4 eMa؜cF֙ɽeFҿp&唽 0p #؉1Lw#"%I}|_W7$ emϓ\w2g_lXqpe-{ 6p)g̓:ey_N̪٪"׮m57dBQgap3땸=B#ُSdeN X^@{u4nL{tWHgG_좼M#H4l#(R^{:Ql묤/Ě?/'SvOec?íPM"m&1>9\wY>!IJ 'faQzL{z[%&Kt ,#+.#ޡsn.bؿFo"Tf2F'L<ު(tٛX>Ol1כiVxz^k'Ѵ:W8mY8j@CfD>Uw+yhnDP)e8V!(2:.#VXJIq;JQX>w0ƹO%] S; R~Py@#-mظΧL$r^_.Vc³!$Vy՟5ދJ&&I 7l+ǀu7kϳVUflN8\j~}/źucʥ럂.~&:͔v*!Obn7Ky_4o\Іܒ*Q:{%+6"j6Q7+tog scÝKQ0jٸN6::!z3jy΢X%uC083[,wݪ?cr:ʺ͙'b8[ƥL_CbA%uq97 iqV(wdQ]Do]>gEaŇ#)HTsfb%ʊ9&!I' }2[A+m8"khd:I /?[ }&Ҫd[Lg N!b(jwOP799Y&Gs.0E^s#e7t^EpE|}б=eCV ޘتLD!MUy: T!{' }_ P%ifBx,J3Ld\Մ`^@uز!<(Y¶|xsKRe)ѕ4C{}^`Kp$ MG!n:U<Ƿ[3A*6jU=]zȃC%C~6QBm֒AYTiH:!mqQqfٗdV1|r;*;PwKJ!_|IKsrgȖ3vYa&ԜRk+4-u;p5$T%_kz$0GBlQzsx+<^b#D&EwssܼY hDJxAK=/SwƠ(b<ȤJr\zT覣)%C~A#Z#㊻*7棛@RW<3Ds|roycH{.tY_Uq{t8h݊wwۇNaI"G`G| @K%2?ڷD +5=eyBk-~]3"`O|h:ZjoN,~]5HHE$ZnU8> Sx8_an~|=u"V_/ IlwI1Qn{+IS'>Dul9a &z`q# %)O4GM)ȍ>I&w؅2:F^V[83]/8“yaXdIss9i~TZSko$Ǭr`G!Gόw[T~EP1>,4`퐀ě~LD,l࣑8t[q3Bւ:ZFo=錶]߳y\2zLӝyzQ0Xx(tC,o%]'Mu\^7xk_!ICT#yz7nz˘t$=ID琱\j.*[8/.~4-a!ːpeغۖ}"w kdhjH$j74ay䀼/Ԋ8eo1y£,/:YV4S`cT$t$92U|:/ ٻ Hs6q/H*?2_)Hӭ~~{:S0uQN(5m҈ E *aW;Jn.4vh1@ jh~͎ Lqh.?/UTRb ƢLf#6\Y:Ape EѽdZ":6ZefOGJ}bሞ-JFPи%L·iSO!L!>(Y]2o8UY|NIn,Nn8f 2%/FW͚';֣i1p=&ͫA 4\H^B1F6'ʮ?/8u>,M&\Ɠ)wEϑ`H/^hDG2ތ)Sp]>P>DSӈ!>or+OoHԾfQ0*^4tMk'GܴMmOlgDqщuu{,Eg]s1#g<+1(%2ZCYNS ݾwS NaZm:;XNˉ zI<+wR)Ib +< !9ujWsR-^VVZtRpyf B*˙+xj67d H7L dGjd;o΂c 36c`YX{ŽF}8ӱ&-}4"ғ6w1B=OhQǪ<6F/}o ӆK;4mFlY AQ|ju.p_3o9 И=e#}`}3t!=R!,tXWnޙ1Vէn|)P5/ij?[CĆ)32>w|1ay'ǝ&2&\L-8B/. xHQ*9](#4_y"i]5iMN 'jc~Fܽw&Po㯈vV7$"?[z\|e닼0L=H*5&sY~k?˂\hpYCM>(暭*Ŋ}Xd`N`qsJj6M԰k׬K,>z4 b/4GܝF ,=}7 PAvwPc>\vxEM1G_kΌLZc%w*j'Ĉ d֒CL=-YZPFm_%?雛пW67N)%`,K ]&q]){p:4/ByLS>(>Gתh%S͉B/ :LtBTUc\Zy~Qbd)v>Ӫ57zG[MVmYE/8h=H'[-3!`M !mJ|R2G>Du;y}1]MԜ*n|XOuaKG?ɩknBD ___60=n3DƜhHQzC=~̚ہ=8muUY`jrX'&xd!tM]&vv ݏ46=}D㝀ы=U/3ihW'KR K&Yݨ~mE^.ͅuU; ?6I= .a_̶ᲪPEuݐٞn"ϡC @u]> .XncIe5w$|5)!%}o_v9,aD@p8 "g I)'avXݘNV# W~`!\<J{wul^ $HÙ#a$$Xrb"ĽR3o\JߒôV>Dn;RKggkl _ِ- KPj)yrڠy_*N*!(מ=Pћ- D_ۄw[![a5HK &2ڤ(HtU{wz;֑i%^{/@h !Ug}^]l&_8:5° E9dEzB\FF\Cr.ؼD&J/5O1s[b5gJxT Aga j4<Q87M_;ҷR/L* _'h\RpDF*7hsnc VBfi!EDAn:hu}F(3[=_ق /4KVz~ڢ944ѢN_j '9Xg$?rÑ G;!aĮvBd:,d3djr&bd Oi"ا;WxRBqD%$|Bbr_<1m&4р6mJ9+m>@jbԽA 'BRtu /(w+xf+@墾jn+!’>#}HakN? r Ќ4=|>&ĤS<;EͽN*s$D. }= ƚ![-9a=J6rh żWUYa'pa٦l2[Dg'fE=}=(3n0ԲggNED )%Zm(9Q\Q 9cNjjOHf@y|RwqvJunF3UGFx͌Z?졠 !ޫsև2P:+,BCҤX#su/G8bmBsY%׭0C<V1l UX YjULiYBlnGN SZ?TJlQzزҥ03M5}]")Tfcz׶ A {v[".u3_=*0'_21us'J8ע ӣ.+5vym,9̓wHn[bu1O%8jGCg8fYrBOkjWG 9ޥBPށ,S.& ՇvZkGwz.;ԙឺ ƕl;M&vj daϤ:.2Vg5F튯z ~CV4@>#Pv^/f_E|HJ7ٜ}9WoOztԴt)Qz[׽[q Eq8[bV2_o%=zCZ epns@õO"UX iԾ6fQ;DP[,KuO,c0+V<]"ZQz'&侯AN:XSXzWҪE$C*9েV|/3Z E&qa%+؟heo,N'sHb ū4wϳ!Rx,E\#f$M|81d&dvq~ l{-p05npz,NqkeϰI@(m5Me>FCޖ7 .F8axElvPv;ZoKAM.bo>oVgp$m={-VfվɕX=2)I{w5ld欽>u(2SPGj9"LR5ҦcV3 l[=(xCsVDZ)Y1!v;8F2IY6%HyQtI-z_<3L|S3^A[FG}7g(FE4S[/lM<_ X4՗|9}#|v?x&=}ѥ FGfa#4WxxWZ{ m>Xm[7GmmQ- }y/Mۗ21q=ZE"r sd2;9@>2״V4 )uY8 F3>J>oxW޵ q FnԑW2:cC1B)(= c0ժ^l2Uٿ#]i7Wh\BM1٨_y8g}۫ơqbh u;xt2-boP0jO ֩L5#`? ^Vbxt?Xt5,L-@NȻG0Q~kЪ<7%\92}^^,/FCǶapА޽)f |+ceU3kc}(˶Om /i+۪H@!r Z Cq^{ѥH5G$\O3r|zT@P{E ё1MrW\tK+Їjy+A Y_#yVz8}Fo;QݤUY6}Gf+w4)b1䢨FcuhMuPvD1v*Ql;/ܰ%CuhNl+A]dvg@wx]NGh0uujY:Y FtmD3ߪEŬS=ڡ X7pjkZ6J5Ly? ;z2'~g|P!X}+~(D0& Ac``[*{zIw2?|UNS,eXFŏ\\R8lgS*EUkb L0nbDϤɃLc{!܅2=Az9k+PRa~ gdvv<xM>j[ H.<ᜢ)V}s 2* /t2`³?`<฿dˇ:g'w-N2 4pVNh ojLᦈo4ͮG_[\v&f}W a7 D4Sk;-H}p^R0INW-G$+79P5@:ܪT4Wv^2رN ]< vQxsPGVu)uu1 ^ԯsA!WA ieaEuIH]wQA&Ϳ/v "l3Y= ,I {."KHSI4mz^ g1JiptğM wp՛P;t^JҌޫSG'f@u k Juػ9O,_s]DZ+S'R=bPjٵ K撙NVQŋBeJ)5k]}Q"}3ڌ\+}iߺϵ2ĞZi!5E{e;vpEuZ vdn0&//|aZ<>u@>7m?eB>paŗMrn.5Ruy~_ ^׳N?N$$D}z$ah֎? )U w^(Y'ӏKMۮ'P?AGwb-OB*rxSD֨f:l=-z)2*i'%kC;ә"]El 3>LS))A=˛,'?W{-oHov{UлPEdy<7%{{qce]4vRtߐ@!ʨC\\9i%er2ifZj?k'15EggojXz)m>hұaS#?B:[rxvw6OՉr q;1W^C*TXvg9uaR^<6:j2 1jxި*Z]rxi VBw!(ni e`!񍤚殙8VR f9mnHKeEf!WD<S:qvbMcDB1 _~\ɪ]`1 lo'Z.鎎Sоn `>+(:W!3_.C* O5D - u(,23zd yڕx`<mOEr2,\x@JgY+bS9U?)y{CaIuȨǃR_nv_0zlIasrNZVs(pE K[lQۨ䔒ƪ}dL1?YciE$Jxv mzU8l~m!͊*7j|\UK Nk~T0 aBOGzObۤfȠDh'P jV[DJ# pАVd>^*됡|` ZL+%{_BAa|f1\Jir [9lޓ ԙv7bvNm/M2[eY38G1B똴Pvyf@3wԓLRsl2 #SkXIwM86T*yTp}ݼ4ș`ėD\ W_;bB̿0M;iHd,Mvچhu?e+5e_SjȃҼ.rɬtY~S-rU8hxZl'6iUkNLf=.ֲӈxY.ΰ3F=aޡl, WHK7㒋xc'Mqpv @7d#fd-Eׯ]Ϧ,cУWv {$U0b8#wFa6H6~/9P _k$o}J+ $٠{ W܊5oe)PXzأqaNZ=,~绋1~< F|>y,kdFejwכ}o:"7-9QPJؾA0G_|n^ ZWćU47dYR(MfľP}$Y:Īuʮ]ijZʭIXq7l8$aXm с">4qm ţ`N狖;WaX&xpjFIUlD'1y m `h)⪲sp W;aN0uek^ Rnu+׷<#Äw(M/m  mL)"-FEЃX FrM+NwZCB4Y`)(bVfJfc_k3HCLOc!k<ѻ% TDSѿE@t~Ps~DAp1ghH1Co5ܱoB)ִ or'C`i3J)+k!8I˲Y( Js*ك#!%^R b/?ӊybײδx [jLE~iR ux*d_nmvG4' 3P>(/Tavo\Y4K>ؤ2l&^0V*X`JoN R/(ep> :cآl:G}B\2ͦr/ol Ƭ,S7Qp$ {> xpFd >\(Ec5Ac=gEn-* o|ntj5ƿ.@;x׊f[ݼB40|Uu ͢$.C$ߙyfŶ򃂐szxnRiY?9ڲ=` ,%h(T%:ިSDcB xI ;NNX $nٛxl.KreU7M FJy:#2Bxύ&9YG|vFl@Ω*!l]*yJfT_!{}T|#6qa.N;8ԕ/ B\ϛhrUrܸJgqF^MgB{]-pX.dDA5caC.=A/{?b6@&PX 65vg/<8tIpLc |ͫpPIc1;)R zWۇ糚^NW(#A lD1Vcn[>|0ݠ>"2 |~&ȅeZKGרS\wgF}?:Hxa@JќmB+bSyw%IK&ֈ;BevA$8Oi"#魞&uH"UKO9M I~SޘvO"<,Z8^Ef>aWh_i4gCY,!i9rp{]e)rC^6P$KgEH -Ȅ0+dWbS߱!>B>AOuksu^%ZL9Q!U^0Y_ + 7 n?*EM\KdF2̑\sj{ym4R6_+~&Gmӗ6LRS$b#غKFsmB[Ξ~s-O@P_<( ꀐΒ;uJl88cy0 =5W?q+ة=چ|!=Si{!阓=1?ϿzA37`X[ [}Q2ѾAr5~">QI)(Հ@qnګJ[|k&rଥB$IBC˙ZO[b2lIFW\ȝD8qߏ]f_%(ݥ9:_1ˏ б,kO\u!C"#gFBmio^3N /?rWx}|Â0d.%^3\dhajuN -홺ñr09'A:~)h[Eng %~ "eu8zw3QKVf"/~5Ѻʪhp#j0i^{^8IrfmR`Lew-TsFZAˈ uã&:z%o0inF\H#?c1ðؽjec~W! EJOnߨ6 KÈϻ_FoB*v{$FŊENzw6t3g6U6ODZ;'g(j%= "vv`yA E/Q4;y8c.5?0;yQ^?"*! +V.PV3 z/'^)_w#eia4tiH{X=6Al樂|u̕n6Ƒ/ M_WM&umІzMeoyE:9?9Sܼ0֧PE֑ʱ|XV};bFp:^ {ɱ:`m/uTf u>s!7ųj{0Q"V QW%M3֙PF``sFk:Qκ;Ѭg]﫷va|BzHZO57kp%KСjwԿep.oS) t×'d-7&U֟-;N=+ =Q ! vA} !•TT;a.cyӷ]땉uH^A!?Bb5љ! :U 3cr5 ydzƋbv>H~KX\ơH 5_&#gnY<.Wz+"x2tZ.plf0HJs8#ܮuM&OD\:$p1[zaZs΅GJci+^ORĕU_&I gmJ4i%HYۗ;j5j`;(hLi)`Di?e·T;  ehGJKmCl3؎̲vQh /Z>zwz?dg##T!GF5jA,4-;/ctU9^JE'zHz83n q5Ō@͊g1O\8M^T|+3jf:L˒R;{S9*t`N"5C0~u io8}II}`U+):bH8Gӻ+fO˘Z[pp#o8{~E.%1pHk`p f zgaq|\ܞPEi{.&¡v3$Vptf6i3/3 C`&&꜉W{\S!1-L60JVihLQr++K@#̼"&ѷ7cS 2yRK"lHiS`#9C5]jS֟iK/EXذi~BWqUCT>8:ٓʵs3Q !&v9pc%f6Yףp$a }7*g.GLl$TX0KUl2N:j";NjO:HCU9s*T+0l=oacmXUԫCM#lC!A7|iBb8V,6DQ0R$,O_t^ CBͭ"oV1 5XXg'of60Qhl!+hj//X>r-9>(˂^'[alGj΍aJ̸ϔW{\g FrES)£&Jo%#N/l(kfsB;f[aFET:KYLu%; O7˛&7?x7#U-)x>:"v҅+,Sm&ngw?!uf H[> lf@@ `7vA/BvX];8S"K[&%WhE_b%Ah  LX1vy$Rk fKF1OzcRI|iJ|hQ$ 4.8A0Hm0|zmjS*:ra#Bpy{b9: +YjĀsMF"tu$w sZ"omB9KerX75CeknZA). ]~ ^<G)َ'e/J?Cr g#X;/,fP#Bf(J}%aK["Z*M 2̼N[$s;հrlmrkBϲAn{yWӰ6&s)[ywѭ 7aCMy1 i1l"ǐ F܊,\mo%L3uzI>K5v#>5όT S\s <mm Ŀ>}ƪvzEzN-]Q+ȼB XJV%hHfE`nG#u~G4Q876,Zzr[+Q11<9d %^?T'~xrqp,N ]xhWur uRgmlJ MZn%%/(yp(tMq]K~s SO$SL.klDv~.RR䦘, qj'looOͩPVc>Y;dVbרX&R.M)F)'$-`uʣ8~=vcW`>}B]Q}x{T͐|L+h1Z6{FX~n>_Rl|_t/bb1ep0:6uE-Fڄ¼dKυBZD2C&%C&:@<$lX7UHZ.9u84K fzYkB^>QfWW A'3{ BžFCrIۈκekfiU1t\^˘"qXm'N$wu^fy%MLG͇OwG/z&e*uԩcfvW4Q0"^^Suqm#dd3-f pLتGo-qݷ\<4,2fEF)а~ :^q TU$ _H*)8D1_,wMM+*67v߈g u>8~{S+z~q[uXȠd)  e!qL0^Q}5ۏûl骭U;KG?65ݺxOqį9l5`Ffa5 `r 4.)^G{]Cq3b~`ڣ! AlRyS hꐒ -dG,x]NBɦ{wݠ_տN?Jˏ |p8N"ؚWl l,t48*VR?$х96:yYCP 6;0d(0^܏_Aڷ PjlQa"st-zG39߬g[ҟ*e(}(,]&};` ^hS 'm[~ڇڏ+РPѴ%1$¸fX JJ8HX*P*mޚhiqL=T8X6^B ֜>K *aؘC FS*_! U~C$:w7tzAK0=9L]fJA^2|;hOWEnAO=48?F ho#I mcZ/bsoiHi} b 1t A>ëN?Q%%ðBD^wzq_t_ Ri7?swﰺ,0tMKLuVud?ٷW4$K[nUqgo-P]YVDn2R3g[=.< xpi,i@e$p:CFEksHGlըՈSvukys-8% m+Y4=ыOR[,4eDYs:$ɠMV q /$ȣ 䌯|G.Ie 3b>$U OB$y43GrT}n1|/r$x/-NHR )J估I֭al~@馇\6x W cRpI,#Sj]Pݹ7}àfC3Asp ߽Jw4,UPVe_^~2O߄m? N$::|]`"[y7WRC4v I Q?UȻjZtR:;{U+ԴΤaX἞L`֐Yә'~o Μa(*{tέOp^khl pvE{YXh铅^S~?c8Tu] ܩwP𳣳5%]Ǚŷ1BY/U؀RW0\mof}mBP\JD䣁8예^#ŸЖ Ξ>woR# &0Ȟ`XzZTOyzCSZ.}J??Q(ټ6uPхCω8ɘ7Yw*TB&ůsז W5lvE_:T}Ka_ "-)^2r1~y  8raSkե0,bz@W-0>_*pO aURfW8]ɺ4HU~ǩj˹Ve+s G9>Pв"$tp~wq/UܹHt^^FEf܎7*RæU"ia=^,h__'hj'&#;/Qmir}.T@ȭNcl u2c#?u!x&AlAq/ͤ"@zŸ2wμ!Rs1mȾrL Eʥ>\gABLhB)ױW*.LRxP4dnh?^R4d3LUo,nj[m$VfU|:+6ͧO~F,Tz~@X8q܉P}Pxt#i4rc&jwWv"h1SY3| Z3A#29mAAJ;˱m~*C7xzxȫF~]tni%DzMo.b#}k*P&lb?~aZA<'ӹ@!h|kI{9EҐCǟ]qs!,)$+h`?I*6֮= DQ7̥Jz2D.J@FȾ DXF7f^k$ڌ pl)m-'{~mH…McxMg(4BK+R j:)@LyYa:~[e'p=5rK#m]8D]_{;MO{\vFYgFV)*ZԼb!49ǂ^R!c_TCl"G]9 n8`鯡Ey]CԂwE5MdRK>Vy9+Ԫz`+]Gn4F.I$kBcy$ ,վy  z?c[6Gb(l5~.@T됟em_v5 Bi&΃8@_ fx! AeRQfp#;)ߔxHrPfTmƬ7JRzL1jg8"hz袐،NSf%mPM@MC%X*NVw @w^V/Y WINҎi @t[ԧ5gqXp(6XX k^9Lqy$񗣓bRrp>P0Y kP͖5jq>K%?Q92_zj+˞jmqXt{MH>#4cX}\PZEֻ0kz15hZ |WүEF[T8R[?%v7qC!BS||(#X1ϐƖ *Sd?szAJkky ߏBM{]O0j "bpyN\- 0WX#7gW3y%(khz& YfL@1z58IY,hOj 's~7C (9nb=B,icc °F9yn\ʂ#- @P֘2TM˿to!MaI%3Y e GZn=4]B?- )u7US"Tb7\\ֻ9b2B #=4󞈼[.wkX%' G>.hxwlz>:#k5{ʾPެ\aG~!>e+13.? BBy g$T@zxWj^v|goᨿԕ ds js6A*WDnp5ê>-5('%f`81dW .GZ'?wX%了i pOLL7TJ &?\-H,t `ţ7~EIW.O%'KL%tx`lhJӁ4mMg7%k ~X'FAqn1]˓jx\_>^MgkCI^8&$eQHASKnww\&d%%0^qIg8x.jœB(Xd1JEY< يԙ2l(CIlz3wx^^"K2y"wP6-&];@?Qġ-F M@;JIR UwiH!!%IGihͪ *~?}G={6 _ Huwz8K&U(7Υ(!#v -*M<7U@5q & c2\JȂ?=W=sr 3b\ZhtXޚ:GsN81"-=&6dx0rJ^Vt׌>Iw:du~# MaLb w*M0RK|# /1F-oRPsHO^@fўO óJ0V]#HTe2(t d⽶ay5(1<7<u$V}9U#zlϝ Q3~:T|׶cNU$klH{j gr22TF_~:, W,,GwrU "6r-6I*]b͉g_5b XD*?<^Нc?m`LF#[+L1~O~Q?-yRT|ZN9/"j"e6:?hxW21np5eLeνMA@2fJ=#0{X>HC@)eoaҢ i0$ cpEgߗjMo &QQMvb,9K(Qsc,yFJ!f{J/ԛO">qb x4ׇ \჎C0TlN<w 93gC+@] ~&Ђ|)*)3qԇFr`E]/mis35t3>ݖYwJb2xԾ/,N;qqd祿$;3T܆n* Uy4{LeGaGݞB/FRN6=WNIjUտɽ!bD&'q. F|]/T/aY^rhب`ٶx%%WK[fF*6:1N%̗ʦo%jss * eZy#Ȱ{i{|oO1BOW 4`ji𙿴PF̲[΀Ґo!8F(-bi9noO aGF׸ѣ" ZF[S4xFVS2=Ցv݃WX~EaEGrwYˬ E;3Fb ~ nug¡ןNa[XO> (QVMȳT3lCܢ;3{u_f Ů=\vy U&c(Cq=4YQto,\Img՗aõDwZ cmLqX}\)p?Y+~LaY ;DKCb5:g"!bZ i<:O.[YLR -J]90[$Lvz s 3b4uX0~T&ؔ8ql)5* *ZZYN2((srvw{ZXYu㡔//m-<.i}{^$N}e?l"Jxv{0'߯<_LLzV'~ffJl8 #pzl'ak xi(|^(eX!F_ZDkwbۡ,&/\A傩JnjW5C\*~J ,h¸o2vVCc=ix iWIlv 1xbmo;P3jy0f-e%XMBTzQ =Z"7kfUI8#sPqlƊhNP}-#҇VMERʤk#&~dۙQ2kݱ|Jܵ7cJ@yD9. o>,8%`<ǣ)P+jr2mHR 9>7Prv͕Mm-x}e?NC^H`8-~Q,~}=T.$ǂW\A Qn4}8й-' Oq25Siۉ<줿U!"`{ #9XCd]l{uܔ @yp>,E&soT@8uÅѾ;F;gѼ;Q<[7f1 \BJܢ[ss=7:B2ҚtNm@p?{&": *5qm{z1IGd TA&Ŋ }dbH,x+&¬#̰Dzӛ9yu'~{;d / X_;*+O4 Sba[_͎(zDTg7rϵj .vdu&pIq5f?Wpm _unʆT>z7A`)e\s#?CԵN^C[ ڿ^|,+Fbi4I6`lKSч'j2Z~gCJÄ Qm4YYx6|w6Ugs v`IU J"]HZT]!mb؂SgPoYh+-l1)yH>Ί]fA}B١S\Q TvYrO[U /NqK7F9m9<s"OnrlW6ǁM+̏Uh }u:(#6R(^tݩ*~ŠַQ55cZns6+Q}6Z!aj=E!u*`P1RB¢;F2-`1L.g_=W~K8 q7[ڏ;HS5 d}6>}c\vdM<'* 8[ںB2 +70>6s4p栅Kܒ{ wxb9+r2?s)"ZWO7xI&N`/1)~\j<l/^ %s?mK[t53SlL<~~L1a8Io} 69Ո8YxZcEr,m,jSS#?wԠG ֺJuSnV:5 @CY0k. h`j ']lukNz]2VQ4&SELBvfSh3 GXჿ(0mnNvp2vd6~r*oor5b}ɭ4)ss?؍Cft;WRAЫw-pɢgaMxbH >C פZD=67jN/!]Ľ82l\U2O1ZN* zekI5 `yv;Y( ܌mFCy}Lj|q;)" @($ ~€B`,`SF OF9S H^K;",V[VܮB )^RN* &sj<( M _oS0% zq 1iRL7:&)Ë@ N;NJݝ0vBA$r#(RHQMnG//cΞb ,sy!cRas P(M펎f1)B󽽿&ȉƢyy$aZE#l70@'ϣu6n BK-ĉn̫\Tcg1  65=nRas@ؒl)1oa t5pU(/\u&)P=1%iόi_u%M?3(D9seUpS:RP?c]U_n|US;ߊr K$+BpdFg 6VQ[]l>_Lv8-B" (E{iT<=i[DPʆ,Snc.:辊߂ I+Y%%gejw}>}a aO$)x:Ež.頊`3/Bv7?x9Ҝh&h"Mrpj濩TXa FCk~&`q+St^0mb d^* xFK/59IYRhzx1"V/ wFqOe0WG#>қclLkq,$Тv06;BrtgŴdMdZ}GO)d>μӦ) 5Q5)z5 c/QΩ~)bKL5Ho$ߍĥEչK#diJ mi1NI}289dULFDyWH_j VN{Knt@HX>l^!m؏ ]7/iֳqK6rGdM䳜 &b;-.X4elLwcZSMJzEb"ngLAN׹wSbѐ;`ѪJegyxjz[) ;4xx'j;f&BT Y>GeGLWzy;i]xtP(I~P 7?3l]^C,˱wnYrH:샋=Jx 1?$A\@A:X(p .ao +FNdž~3nVWth,b$u!~‚?Íx||:z"ϣs " \l)H16pdƴhf7}*NJ}-.cyTFpZYsSAWI6\Er7nHJ`"SBqK wFaTrX@dHD{%(z+Ԉ .ɯ`zwg ]2[ASUgi*h=]!JDۉeP-(y p_Eh cwiJdmnٚF!q BMל=P_GAڠNlIF%[kO}@eW79;;# {x3e64&F[H oKc7@W#^V $bFmW!PM2LؙxӪ{ОхG#W/V?[QP6wW3aG`aK'_;[YX .4KL,J8J)iuix^3upB.CgʸjGp.'yee1>4JdF3  i\0zZKsJс0lڀZt6;M:Rȱ*AVV{u$".u ]'XBSĠ@sd ЙעYQiBm?Q&/g#&OG. !+L!O+3t6apݫz6QDly59m!oH:(#iT4%|q:+y.c}mSs`sﳔ l։-TWhz?m :"@d?P"9 .D]Q囷v!oɵ$-uƧk A] yMVZyDl|%XTGԥОoL 7þf.%Q 5|Dq܇"Sad@$@ i.dP9p|>}:)A!Mrsi{w;)eA4-k*tG'8w;!Tf*} m~5߹KWTgyԈ' 1M;XmRX)>![qWh?:w!̶'Xꪗ 3Wjކ7l獅;/[&<*/ڇ''wJ>koo$^{a Zu0;ˁo2:IUJEbp1"}~-X^,W&' ֓nx,F98d.|(]b߫ AOs2ueWMUx+>咲vnAH &fq|@"FAƌYι"H,]<Fک$֨wBS`RPBՍ@/4X Ԇ E 8<ϜGLnt4V$tC/d.ߍAnӒ3~X%N@YgS 'pNO,+n-3_.6 " 7bA ag- |Y^LTkj5a W48tc>9@kp?8qQ]Os? ΐkSxoEݐ^y~bbo x(VI睊o.");RN` 5W>DQJ4Pډn!HYDC;jiqR,Cܒ! @n9zDwJYGuÝgحQ2Q6bGNacqZh8Ҟu'nB,=a}lJn.g?IxY-V|Eai;r08?˰~!>?Pݽ^42tv^UG6HD^ UDžx cv ] 1?FDDjFERЇH[kf w޹YBN>ᾌ޾\]̡̖Yh +C@UziN H/ɟ@mٮ[լԢ< ][-![hRDſXٽ"ċ qKsJ[,76K?3G4ؗi*rSble|wc4VC$ nh!"qռY}IG"⨫0/Za[N('YʀYDCQV2'|e/4÷St<(Pc_nY]Zbp+DM_[ kr*ho)]A⛇^vUnh-3ar aaˀh$+8C޷ 4k)} ODڪÐm(d&DJj[NH'A@K,aZ\Y/zF=G8$|]im|B>Rq5 "Ѓv/sW}c1ôjxW|4Bx5j8OuV$ ͺ"F<?3{9(QϮ'#^):y7M`;RWALj?%y?\C`fgB,H3\ ;ם-maKkQYLܱ;1L3(H<ȆIw}A-h J+:pLJuLshIV#3&?>u^%;kx{3tbr#kVX̆˜ݵuRC]>l}zk)5zI gj1d98\:u&C3aOȉ(h5Bւ7KY{z֋]|FϺ#gf8p$:TN64H)N5X-E՚*)bɪp;8+YƯ+N*f4./"+]o!j{Yr]&XL. (ЁO;A3l 9dnlIc})!X CHxT0fg N<em5G%X:GS㙰(YQQbQ=8k+U7Pq]^N>|V>e2;~"]Ri>hjsEG3u Jz7Dm1[kye*TLx==hտQin\:XUqɲͼܿ6D;3t._{ch.D޲R9lЖ5S(\vN/ia%Oe^y98kGumD@|2$沠mg{{ %N|قyQf]q@ɺh0GKݾ!:9-ȕ&Vph &管_5&tF3MkTx$o^;WH pbRctU} [x픫Фx 1-'P1CS d~Qm][GRGcJ4`zSDNIZANW$r}o6}xv@MT{Jmsͭ\V mQα∙l_ 3m<vA CڗE=b1x)['0wqm_DSe@G?Ź&.M% hIa87:A_R Y>2X#Yvql#T) jt]KSbkU y͍w L\{ A4NPEin>`~q8+ڕK}4q![Fd_Qf^iB\S\ч9;^y*)-H G@//5).~|*FL"z儓Z"gRfQߛ{'_!lzvJP| J%B˹)rc"F~LSZ$ ⍾9^'zI 3w *黀s~2wqXP;ǕE#D0fJ!ԯBr3ws%)?hGH rvY;Zi}©-N QY;_IuTqU*j Sb%"_7誶$[T$l 'g1Oש 0KtdO 3OVi~&[198G{~dZ,/@z?6c`Qy\NPz%a[Yn7BuiPF*7v0j EX 쑶ӵG۳&I7[29:~"V^4Vm7otUEA /ze ̿ 3$z0Y8+AO1Ȁ-jb!-}@1Չ+wvd#c%YMeHg&(Ow ktn @Y"D|h_vػW&R2&݂*L30r W.z|-VOc= 'O jVUrʔC%|J(0ĊH < Zъ+\ z"C`m ðA^V]Csj סcF%(Vdk_:)($X$.v9:-vF1#afiƈӪCAoYЃ Xv| kf>eK-;CbMU 鄤>Y`:_%_UD -fO&$!ɲ jͩ\LT Tm6?C!yiJ'ٵ5hd Y @"%y> CbqPD@f;wRY3-[e3r௾ F rL`+)LTzyEf jhj )lcȔvl-]½r#m\ӛ7ngI!K,PVԎ g n7sbWsRoc b7x#6B;.Gô{ 39(!'e?'30v# %$v)1żgPz%diNz#kuV+ŎCmb%7ݱ3՜@@=ū4P8Jo ucsQm_,I/)J n6X!dPJTX{eH#0fzk4IFQBa;װ> :`r+9{.ˣ YC g]3md|(pp{#U|E+3TFHC G[fǕ8Lw ڜvKjXG>̋ٝD0iO \-uAsR!S+s{Bxiosj]2(U~bӥW:ѿ`9 Zࣖq3ZfY3=Bb$+؝ eSnB~Sbڎ+9g'"yv\p?5 yUɞEf:N xNU=L{X޵ S>Cut bTkh)aN帎Gjڄo1n0uOG+Jh#ώƣghBroTH~Neqc&#ΜFLR)YCQVd ?GLobkxYEvyW 1:6hhNE; 桒/n}i|0 De/}2,pU`,m ̃q1 GWN< l=kD$Hb+=$-dK:-#cUoॼGqWg5Wn޾%)brpRHʤw,r GQF[BM) 2<wM phA.ovXgq<)jAT(y۬ux{b7Q5ϘcqdR֞ ՗LAiW´ɼF_)t+mFv']a8828 b{q~^DC~FЗސ(${('7>kj:UҪ6朤t}ELn/֙U`(]ow,AJ3IN:B=ނ"~lfj{}Nh3̮3BOd,}9``x^ bZ:NJJ0p}w ݛ. Rery &Bqp̒},`y7L|B>XT/85<NJ0I)2j@/>SXzzB08@ ԅ|G ;K4f2̤:*%%%<G}.;߇e4 Й CֲwtjN!,SE.db0Vg]KiFkV'I/&_MEhe# ?=FU]|h%1٘ o>T=RUO%Ifn$@۸'פ0C+J]C%|8;4x ĥ?>lXQqB)r(QiMѹ^Al2vHXg1Nؤ`ay" (xe`!3#Rsڋw0^<%Jn$́RL9uy/q&3ԷG@F_z4.r7b4Kկs @?}QxUک̾0do҄M,f#.s(,1Uti{]@b7l6}R90:cȒ ŞlbN0R}g^js?x+1{V,/ _Û~aw .IASWc#%yo9f_'a*Eq^A܃? ;{lxLN%yVEoyBndWa3⋱}>m6Aҩ,~4!D SgtُĴy-%7)\7\qEKޗ] 0K u0Mj¢zZɴqs9%ߊ:%^@a=[!ޛƑF־Ӑǻd8NތW*b ?G2,R/'v;X1zT Rįު҄.}#B"@i%fk ##Cg3C >CmU(Ij6z9[jۣ͗ eTN -0h9#p(#%i#ZP"#U`$ pW$}pzipuةR SJ<-#gaf9$_ 2uѨBep7KA-F6:-} b2*qkc_%l9G\~gR>oJNka9O.04'fX !PmeqFV;ӸS1<#Dy UZV }IgcܢͽJ U չSܾadNhEn8}ۜO$5S4!#?`t"M[#mE0ХZ&-jeyY4%NJ9*6RZ n,Hv4f8Q~^h&|%nu\o\ȣK PvEEjJ~ \Jƽ J!o 0E"hDGe"#hJB8DdX?^='QI Yòj>mAc$QqOb6ϕ@g[u`~щ8X0ꥪ.Rfj&sSd F?%N6(k)5A=r/ `s_Lڼ<{~1l!}f;@J47=aP' ƒ ;Px\Va[UTSZS0jm5k棨fHQ鶶Et "ĐSkRd)=gAiX0G,tX1JEI=rS|;M3X lBYhRc{Y-{Ʒnf[mogǣU`[.Ԉ Wfȥusr}R _U^;S_?;ϖ]4ybS ڒ(L{7wa1 gZTOXf5kI-ZK{."V-yt!^~5:G8oPNIKIX$wؒh)uR7:mb*KUwí~ PQn}}`'4+䞦FwyͯdIQ;2Hߦ-*S!2B-_lLꍊ@w㙶5Nn7b7eQ>6u$JF&*YKN15 ɺ|:mE/3gO-ىی;j){mZV&ÐGeG{JzW ŔsȰɃ.PPZ  W- K" f s-K2$`@lDm,m+0Q8vt@5O; r5 AQш#WHY> tUϵiZi~{`XAvR RQLȨNBwv\:9TUuݓfܫ0$>+Ybeo 7.|=]>3TI^iRGz|4LoXf2Vf_˯)gL\4 X+ס! K5> )E*jqzb9et{uȬk8+ SJu<@cd%qSQqY=h/" $(H+4J`%bWhȩ=jIx-; 50E{-xދ l?e֌8ǐ؇0ƙF oxvSngeàG 6Oi^:lpz :  LH6J p ֆul|Y69Srql&wuUa&Ȕ5\[VL'(U(e&  j7X& [&9õkay=#i֗'D?Z>'/ǃ t1{܈] }oӲ!A$P ްdlxn`yͧ߭c1zY K\nW"Ƣ6 ˗zHOy#_x ;,P_,ǰ ~ {J`#+CzZM$9VG%n9i!.2=m5lp2Mه4b)@gpǏHn*RFC||bo܉39F\#%hN3%k8MKY㍱fr!L{[pBAǼgC~N=OKӰGg%(m3& T;fϻzcl8(=F g/.ns0\^ cfc,[N,~_K+OWal8Hm `1Gf`p>CiVu;9vT^kAmmduR^rL=h3#}=Zo:N#^3W'Jӏ< 0(J z<έK=!&F]R􏗘{+:ru# )G\ݩ}u"ܕuZI8moKRϤd3ӽ*S8T&gF00,lA2A;BKVY(H'nGTSL[nXpj&3=VQ+j+^O~5qfK>KVT4F5bYE+k *(GʷD@Nek*@Eh}]a9 _4ͦ /u7 *XA’=f>@bzP3޸3'H6QBOFEy!6ע.[NJ#y;;8 y\6p@ӑvO5PMqƆ?3=I *FC)Jm ďw)I}'^mDY;8CCcǀfA@+1O>ks*]:7pQG:0Ǡ  8f}4w !MSr,{L2$ ­r,U%2Qu?r Q w*8gs{L 4-8d2ޭݾ[VƜ"WI{YOqpͺq1IDe}J;:(7r9r+4Lo2]A#*ϵje{ʌK8\GpJθ,#|-Hޛ)Kj|ъ"Se{!o9e#O[TÛ}\>ε 7pQGghZJ ԰AG$yP{3([;d1x-Gp[9aW{a Tڰ}'/]'!^۱:KB*?i2J$,nrV?a6IUʧAA|.핮1F*6'׶.JĪ5mWP*)g2.T) b,)"Űf>%qsW}d#ZO7T/ٗ߯K!q횘i3YwCfn"0TK||ߙbk?2+sϼ!pa1ư G73 -I>^=7)CX6-=EI8@Oyߪò-Đ< pY=T fU֟2 diaYxaRXCLsseHǻƈ$vɛ!fc%շ/,j6w;Z |: VSmEtߎC]Ozv_M!O&t+' C0Es:RfϭԺɴX.;ǽ T#Mՠ8Oe\:,tmؼ8;xFؤH 8n7m_55R/|WP ==Ru,yHٚœbOLpiӧmzl>]Lz.N2ถq퉩b*"GL+K6nqS=]r37&L8dY ,]1L*xz '\LidKBQiة8Q.pC%˛&Uͫ({ HD\e4}0|B o7'H(ݎ.U()V7hS$WJy/_S|Yt{[uR*i GVX}^@q* &JF?H؛#lo\Pۃl#Mk"S_H0 ^`Ӕ뾅CM 7ȜMvK&0IDzCHM wK(σoBG\񁢅u * 6lņJ`ቋVԞ`WW$E`έ9ߘ$&+jEshC4*7' )8/v;h/:=R 8t< aWVaj9e*JWɄq+ 3#C.)?䤨q7 ء░s_`i56l*4Niv F}?D@&\q5֝06`ǙגaKVZ"DBn|0r>x^he駎L}0ڽr IJG* ߽TA)@@z q)9US9\Bp-.5®U XX303OϷGvkW:3PC,EaG~{3 %R " \%aeCWZ5lM׉rrշJBY$7SyX"7n/~ꝇmwkC&L7K_VƌA֮hg4pڀKT橋&#Jae ^\Tn]ŐY70pBi#9f1i" E$@KIDO+05#ӁNa.(S?C&4]l':+H{QT2iR?3-б) 3W~mYe#+=ޑ a`$GV X,ڐBO`f^"R]yxOEGz( wNIel]4Wpy@t 4sFmtڋs,}kXŬ+nLOLMWl蜟ZO R2m։%Kr]٠FX*{@\2L '$qy,; M:vK]wp)L:^^h5{GOG.$q}v6&Y ;p*U [~qj2,o/.`[k4"PԸ'6N*ΑɂF#;29G )"&>!՚.?Y A|'>v27N).PZ(cvp4Qs'g;S=V_'-U y ~ 1pNbHra.Ȳ+`Ԇa7~Ơ'-U i?J/FqʠV+'zPTJ ͹S\5v{x19 g^EJJȍ<ECX;Xjoإ DkPJid1}cY_,R 9m eatqo%c\X]m&^a8 V`p{ 5Tcő8!DU;!ɭ<acK{Z67+WGg uEO4 m vUVX@SvynH=v8HkS>׳w_bO"5c\%4GƬYV7> PSrD4o(E?DE Ag`rX!eAF VS;7jfIګC2v_xu(Q/*/fK,Ae0=P$GR]-$Z cFq#i o 1WD>}Eڷ/i;Zl A5?ύ$3u a-dg_YL;[=ÇG|Ď=vfp 9mNY ުh(,o{WlFj~Ɂ?Fi5 )s:$۱">ivR`ݑZ򻣐d橶ޑWYt o|&?tiO.0xJV5+~.L-Z4Yi®|bJIVgZPl)]-N-`\NV7]'0F1Z2":=\x[U@BIw?Z)kHB ȭTxU7B++sR6U(]x*״Ʃjlq]뤩A)*6z5fcЮItӥ0{>@Y*~%2#(d+~ڈ\zMAr{QDݛ+dh绎 G2`钿_+E]Rږ, p5d]F_5Κ?'4SlI!q!*ks Zig&ّǛW{ vUU 4/#&751 V-b?^ ejePf$O7}.RPnݎi[_sN쯍[ͫ T%‹ 掋$QÇ[).FOVH|ӿ$FϓYd̕]DJѾ7z9|[XE炜v EACHK"g#=xH )`Ca.Và0LFzOtF׍'q ;3569\1LՊ$IRvNeD1S#܇ :'nkъ]A;.mL@goYZI@rY@2U9-tb-p|lri0CV9j԰yk?4CpQ;T v9X\KkoG"3òmi<2Jڜп\zu3۰HD+N˷+˝GP^S~׬uXYp8o ҾLsoYsdģ̣c+GOg}0Q2qK㍞ B֙R8NtWbYi-SLY?r> ^9[Z$tS^5kYOn;;o҂Sc+R @n7$] G~/5+rQ3 zXfI8,. |t!ScOB;DS5qLIҐ[*QS5X7n_ud zI \^Y)VYgdD;#n<[>e^~tE?p%*@O{E{Ӥ[\$_RwBgv77dO&lЈXF5;גc{ 5 Jz,S7 SA`߶~ _B 7'8u]$pNK\iYN,F_oj:pq0,;9.Dc"TU4 ߢ_J<|o[U`P Tjg4]~ )h]"b95tg8QnQ-<]iUfڭҀ;Uu?ƀOhٵ1ؐs"˦/uĂ"CEY1)\;:I`P MR0"]$f@8<\1bZLK!xr0hFNb7d 3[G[YV$a dKkT-"] .SFp%q)/lum`Q "zl3&m$l6)9 ͥPs롿}< xH._aVP"B wu[M9~AQmgMf,̹ 1NYn\5oa7Hv6knVwPQX|֚ N*RC o_0ȏ ;&Յe5O}FAf8b|gTM:pϹ]-xM15؃oUWԬ `z\kL1#pd):%0q80i t{z%9Ŵ >_!"t?J<8-I2$"y2CI!#RC (Zʚx\bmv`&zɬݩ'VH Z**84Nw曩ԇ:7}7eoWv-.UǽT=gT3y[Hc.L\J!]gfD`9+dϹy*y]>y"Sj_;qQ܊U;D fV-K#܁nqkBGJRj4m)Y հd;b#xQ2P 6;f,޹lN {#n*W*knP->@t+lޓ ]iE4]0ߘMpFQ%thFV6W#0rҋt`1F3! TczhUhSt%0  5&K ܵZ~')zH2 +-oMʷ#'ЁgƍT)Z=rqp1ե h$iF@L8pI7F'TU1T zOm e-N'f{uW {A7zN4V*bXy˹L%-ḦIJ\;p]ü`W7M:`$%qR#5#9ZbÍ7[WF݆LU_[ǘb] lVὭW2>B /*3fc Vh[FHR`"G@#y vM.:K6NV9v $+K~[-zVÏ>ROKɸxw@m-_K ֻ25vR uCG7yu!A#o OCg( _&3~Fd4 obu{6,cɢ"5C\NMYtB6o^ B[-N;n_$'=bI|Ʊ/2[WٲNV=hoX/4%0]߁3ͨ%]Pe|'lM )hrw_} APyk5kZ ʲrvIbȱ YQh蝧\6o`]%c~Un/PY+>cH~:GSrG e`DcoI\,4aYwȼ!id܂E%u0!+V{j klǡ_/a@derco8 yؿ^Fuwoh1Alv?a-~40{3_ |%MME|9d vT\0P6B8fဥɅ#)ybmqKLUB`Va CH\z>i;`ƕ[ D.7]oZovSesӹ3ǻl1eY {5OUEaO|PloY$0a&8$akÒҗ~{ WƧ* !LZ-^+ W- O.,,tpd'!tjW~زJm(B^Z {\xV [ϊO)*˂C[$vpCQ1tZ~ sgePqؔr hƺ-A$ԮEZƓD*7쳀5=qpͲPfw/@)eCQWw5gq q$iɁ.NӣZYTdh`;=qњjFwD Fjḙp {wf3e;1!g\s>4H, Z5pR@Nݙ, [tOh % ͲE`Q 3gܨ /āALi~Y>o^ Ng@''r"-$/mhk#PƄgwў`\t "D_Ui;5p~B|nhmu1q?Y5|dG}_^dfR@Ui[?e.Ϳ7H[!^o3*:iA(Nwj!/3%.)=%wDpbe4S~MVӟnz\|D4Fr9-9 Y6T?YZTo[Y؁HàBl27WƵ~1;[J˚~0嶀ppw2/z hӉPiC* r"ﺁۮxAcX>&`:T.[fʇ'-/XPOnR!+ծ %thx>'Pl6znHϒrkP:zwI8wy"N kա/Z+yIRw哊ļJh%'}opDS>=:jxrRN=$(gqXĩ^fkg`O1&miEX͜Of JI,bki=EĮKo)Į,nRxJ HC=ǧvt` }yy|摅zPI 66Nc8˽GJ;4UM  | DԌA"?uq/J -zWQrGIYL9-l.|AK5PHy.f7 MƸn+,^uré!%ٙT4٘>S*8.J1'qM5ɍ|Da>Eoq}7~va(7_p~GȨ 4A"cZ5b?`4&;+Y@ 25f#-#?4ĠnD?BbP&2Y^lN,&I_83Ȑg #WgG\Kw̠Bn\6dbTx qVP^ꢀF<Tl+VPAyTR.YщcpU)mR53KP.H:Рtev59>HhQM m?.3 "RQU?;7!/t JkwY?%s]g@d[B`}gC0n>?e Pz7E(1k>%9%yNzC)]ŀ }jcfk^-M,z |Oe Tá :־39Q,Κcv/, c؉lt$ XT9>0@Ě} y`'b87|12s"kT" ;I ;0bu2~Fb_T*0n))P  EuѬ/I5{6he>zv"~'#_>lD,s鄼*t+ܕ\g v% =].Z˙4E|Oӭta 'wl˖A͝iw1cK]Q]s<,gAxMmS {-YWHbStyկRg [KZ?c(ǂSyׁ 5'dhR H vb쁽!!_\m hL`*_`LV-H bw7iQlh>h>\ ? uAG2jBI!7\ątu_OFn&dPe Un][,J@HN6_A|t9K\yo:Q=p02#?@B#\7DiWŏ*X<E D_]RV'A-A`l@FetNO nH"D:b#l2G-š8"ECi0ߑ@yRKFn|їwf&+c:2W,ɗtè(z6#9&J.QFf8sM ;ܜɲP(:/;Wǡ04ѐuƧQR c3%5 sPa#ejfyFmDy5 oRLѮa՝5궷;ŸN7bZۗ:6mB;eVRېyB˥qM[cUwQB(.9 ^w4+bKp{s\ "?N꥛ C,> ibwilJ3@V >'Zth`$y'{}|goSs湀yxX˷UOEg0( DxS/YHHq2 m4u&"%g<c!?IѾEKy͚b?<srG~&n<3G:)p"T\7_^vFq-W\W8~sȽxEm"]6@=Qh2ݒHYA$X$hF/( zGG5Ti~ӌbtӖhVn )!Qڂ Bvn`KĠY5:zDƱS,MA. OQ@:DhPwt1Gb;3A-,lLB'Rw,ɳ g%z>.jv/e"eTBCSؑ~ݑ(^ Lq x[Ÿ ^եd;Mk#i/2O6m,L(L|*2tʠ:;!1PNN'q${7QPyo+jRb IZ| E`P{8)q(" NM{ &KQ[4HQOX7q5<=:ھxdYۍi|E)o76n>H݅ s!KT V[h~3<Ǔ,t(<`~kxtfP-iSy%7:N5>S[kw)z)U㷄>p"u( h[@.Ekn mz,B˄q*YVOmnՇ DQ_Ψ˞8">_X҇nAR8dHolgNU۪WLCPq`TPZfC&ۮQ᢭A7uwzw`}pW >}i-\mDʈx^ }i 13#|9kf'UWoί֖x#TC} g2Aw)+-Cíю"ǙM;Ws"ʴ p!_A Xḧ|)]:;6z+= :ҐJX_KM< V?+5wE($ZqH4T o-Pr͔~ O7Nnm֘_:@I~,LھEڢЛo '69W[Z1zI) LC"!dZyJѷ+0% ׯx&wS%Gm} ZW>sFI$"#1;:1- `+q(t#rao*ɫ԰DBͤrUs\·8EP0B5BVdYtDUu}M}qݘ-bRA@)<ᨾ$phU?x1aSr8-|ܑr`"Ey&Ha=v1#hfQ ?pa>*V{b26&97y&/w}ԏHQH ,^D@g $ophH ^݄Fܕ"B gf<%80M7f*0m!/Cc^gdZGh2>t*FN #_ DڕVS(3&A`e ʐ+(/!t쑍0ikr握wIZT"8-qE_+M*P[AW 7EL!EƳ(ӈwqc| uHTb&ɸz[l~-?)Y.%E.YHYtĸEǰH<Wu1FV$Nc酡]Need]8BT#qzW/k :LajZqޝ=Og6Y3GnK!dT͑cԎ"Rc ڍyh.H ӝ c oK]FnANS0Ӈϼ~eYk_OSϙ2^8/󬰤I)9V#6p1p7} ]˸g5r(cc((Я1n @I637 R12Po5M0YJ6UE]:dv\HzXW/c@ qee+g4JFT4){xY )61"54g4Aږ]"c\TyC!J9u0*)/t602)Iu]c/bf6{hpC~5RF\gL!o]YTMƚ7Ц|;Ʋ]3tv; [b!S9S6|R m)* ʔK=Ԝ2ǰ:Vy?'? "K\1M#͚<AxF2e'xgWۅIaPs1tVCaS`Q]Ͻg'1̂>ɡOfVUYAw}%e42}yx}gh{A_Wԏ$\K 1T4)<z+j,ODk;Iw 9KNE% bÅFi=踺'O~%.vpl0}(4l:FzGg uى3T+J"#Xx/bW_̝8.&+൜u*}^ _w30`ρA[Y8ݰK(YN"x* I%z {p"iS5ݛc8aFYD2m(o^SϚLYLn11{~B7@'s~är-NMwZ !NSn˝g Pce%f }-+kL_  £ ȻmF~O&p3d/zZ i;4칕1&B5} T5ޭeWZ}o9Xo;n9Xw{Cx SIf-f;B'd/tm?twӏ(]@6Zbq6K_ƷP2%漘c*4{O>J膳e|z](z.v5 ] kOiy](6s]ƨJpKn(zL_!M3y42d"|Pw qY %(lLU{I]A[HF&iKWp)Ϟɞ(%u`"^ ` mnR}b1Ѻ%y#:$5:]RĪw=Gy fq֑1"cf&OepRclDYra SdջMp b |`^Jda*UeD{QLr1(h|VgzҫA"~ c%3l/ynljT]';r3c7Ցtɡ#wݶe==4 o=S8®wڄû~z+O(d';؟#`zڛD(O Aը@p15ZՒuƐx$  1JG3)OQo7C$d?Ssvs_~y ^,dfm d(EOU2ּ뚹 zgE԰ORn^vC)iϯ`)" boij4wӕK@67/K4jQS0CD{([AfO_;)|i/*]Y 8&p;SF%rP M_I};e?"tmLJ2e <~}h7p<𕍤Dhs^aJYH}РR% Wt,ƉtB*A_{,O|[> . ȼmE_r/`bi\ )ʩ~>D4I;Ӡ,E qKZ5Wqp57 f(Ltxk}}5g=8,5/iޱ![pw U W4U.Q61~\ԏQ3\W=zOHn:Gh%rŤHmAvOd8N+9hJ7 matnQ)c7}ȋ"}"I}4A~y ; .hsyCgSALʋP@ ֖ c'hl+JEtmUIlKœW4me&67f@3GLo0 }>,f!_TM7b'* 4R M|QJIRWsEP)\Q85P;yv6*hnym4|BtY Z8ĻZ( k C`_nO9E}/<3%F?b#iʩ~u U݌40 1J"Qc+ݸc#] iYd>r^Z`Yud<ͧ׸y\9NV>t L8IנݕJ1"K5:??TvZdk_A^:'  /}ܕ+-&̼qUZoMDRXad"•Ήw,"GIAm^j޶:GVwၡ2'!GІxO[շHdҔ{KCDom']kmX[qۍ A݃`&GAVjU|$ j-4& ,>=0ԭZ:àf,1 !uf|cXR=3 -vnP ]GL:ؐ6glLɡzX+Y,#cLMGgjE%'TJI =Bl~RaNsD m&ը`1X{Q:`IW5|}v}ΘqCb18-6W veiG&\=QDKj?'FRiV3+3>3<޻5DW}'@;a>GPbd2:~C&!-HlLL!<+&{wa`F_Mw2cdTMt4o~GsZHB-?\֏.P*Và}4 !y% jPa.EO)w9H1\QOvTH( ldvA$yY~kǂEJ M˜]PDʢʸaF=!ǼJ/ڬI ~fFwΠd36a#L3es*SՙCsڼ BoʓQU$q<}LX,cB ݍf$gO7;.n>l)̽&/T72P cMKl ['w Io>ez`H=FƹSΞ[&th g[+Onx״o|ϧs}l1 ͱA;}XeSIG;˳v>[lmL2J{] i职coH})ߧԓ-,Ĩ4ILj/ߢGjRyd@雀ix˲x"1˘Fq*gqsʾ X`^t\xFWu7pQx,(l##RҹK?v^J3GM ?uߊ˒|X`Jrx9943X'/5xB_B7< q-p"@* w-rS~N;W۳YkjRq"קgsy'kIeqH_ӑ?ԯ9(z:^,rKUAg 2=Tj.a&~cI%V@&?H,>z=ەI\Q /uU6M(RA {4 mpYaYϤ RU+a&7j6^Q -uj KRg@.YĦD q@<>q_`SrAߪ\y ._~02vc)IH]Sۈ*: "ګs>f7y?4BE"u<%n~`-#6mKHݧ8cvxW̉}TN2A~fx>^5O30Лz:_) "Q~1A; 3Qኊșϴ,:hi5*b| C|4{8ZSח'|"0V8YLl]IRn:.Č>J_xtӮk4z`+U)@lҪfv2?* Uf?vnwa-235QݬuҸvܵG00KrIjGwu.ZX&?2`MylNἨ*(9n\.Ow06:͔if>ҡ8T]\vyl<|)S hmN3PY*lD:xgXw O7ڸΉ1`@pt[ 0ֿƾY7IX@lQܙ@cZ*\*(r{bRh P&\0,~s%>$ruQ2mHPb0֘悍Ĭ@F S4XB7A:4,G(3_0u,XqBJĀȒiK}' C~۳Gh<֬YxSdfsQD cd [y T13+^>F kY'!I:f>^ **tYy"\Ѯ"ݛQ8c?w-578uua^SZOSOˑ Vz T-ւ=>͘8^ZLW{ $J AJ )EhMq1,߆jYfa(q['C۾r1t`~g+ەFy @a<{U]=Q1!/Cbvk?9D\DbD,{îa[%HL"h[Dh[&$#Va@a4(r D;KtPF+)iKu Ta֭Ō۵Io<#jEא$PsίB6npV8_@BaP_h1:;J^ڥc(r46bbcg,94 pu'm*m ry8zV;N>p! 0-BRE`/BfWֹزcQرQv |VՖ'3H!$0v{b~SO41ghlLhfH͌$QXu)5ZWÊJuc%:A?5=tkC"]S(*K1KE <%(ҩO>nuCjn#5L *"CѣteJWv}^^ijCCKD+Z:CEZ)g?R*z`6Ecg,@$RP2n?:%0SA0Y?f<_6d~_=Hv{T *!) ynRV/U;EhKĶIW{SYWیRP{ݻ>H[oPë]JpҧGxdIn^ 0:'oxKڂA3KP:GqW[Cg²*ȩ`*ٶD=5\DFIQSH"[{oWP-{mɊAumu6dr <5|{[E]dQBý'`u:[ |##oi%{巳VgGgw ɻx9R pUj"nd/;!kR'Fs/~!SAԃM893?l'輹cxp,A` 1r9*Sإ+.ټe›z*5gewlY5SZVi0' 9yGet2yOT{#ӹ7PS{}{wPq=&ȥLb Q=q]5\|p}O}TpD}TLl?M]D/MkUhq "q^ǠO܁yfN׋m'iJ҆]!=6ZA4\2k)\prMX qLƲgicGΪ*beAn0BRFRT (龸~%QT}$POd_ /'f6Z.yS0ժ|ԌpV.X) kU].C؃,[r5KVo^̈̚Hߎ9ٲ49`7  D:5ǂq€vPWmgq6 y:VB`:Ab?г#WL  +zv*t^MeK?!~ѐ3 3 y"dx|05 ûf8AZ+zک2j?O`J ӰvL@Hj\twR sz#=##^0M둊Mn})Y̵bw@R~"v:24So$w=$yfvQ (R36ioJڦ1x&.nXA J!4U$/ Nx)#ט砊%|!,V9}jGmDN"_TꀜB,4b%fov: ߜmp߲z_^$󢾺Ts7[ Li%H6?q)%DOGLk;c_7b DDяV#sS"tHa]QAqf9'ܩFMA\/{95J"lp#E"ft wnPwȍ9ir&`coA -e'BOvhDP2SwѪ.@_7hPsc*oN;~k~4UmF1g%u,bFжC#<N咑3ÑrHbW.w(_;rY2Wk4] `A/w̯QvWelYV^+:Ś?+f5SAZ]>CGb$b}+,8e^s+k!zVYj KJgV{ύ)R# 'zk[*.ّ0"BBsC,2D >R؍ɵu<7-˞ f^B^]gP@o<89Ͳ\ۧ ;W@ t=~pٛp5 nrS߄\FQaϕTթt9َ>.zMh+"#pNkQ83aܤv=L՛4;޸+nؽ6հoѯ$z~=:ҲK浆+zF+)+̃]{@i!'_u%K4]@.R!"ėWb';bjTv9HMd,"i z0xs@ L:[?&j3Q$;]+'=zD"GMi䃗zVs}BGH\t(@%8goٞYNG mΦyܢ|JT~5ϜxS}Yt :+?qA`xDd3*&Ց#@ӖUMϿc^dwrf$N4d]edB .Xׁ|C,7yq:CXN"˩G6H6dkxrK/z\ p_ہ/'^QJ:SDrX?h 4pY-M&Ėv`u nS%o"˘L7EXM*{s5rSn=&#%B\u0ǮIRI8l$lo:xg}'jN;6d V(X콕0~(~C#`Oti\z|v kٗ0`Ā@[2b2hn ZE;|r\ZSTLB0ZBc8Vhݏ=X0̡߅t#fa.p%<9vFo?cg Q/R2sRBm;4_/zv=Tjbdi‘?Tɲ1N@XA%$So V !8_tM *6"ew8E']$? \`PJ\rۯ_L͖)r=`>͐mEk D;Ɏ[sY9YbV|R"|Lzu|⚍ӧ/ʀS!ȝtads5( |ãnV v ӢQ%z/LoLf `sY sa/Pq@,d XK2}>! j WW1g FV7I+ ~"=ra-k뜬=*rN; TK}{ۥ?PLYf!'3ל6Tdޔma疂Rr{5(v;Y`'敟}Pb|*F5v:fmZQL4s/hn` ek %OyjvOdo%}U97FB:ڬ2(*N+p#4)!hF}Ep>Ψ}wf=gv+λ֌}A9k/ /$. OYib{kB[;Nwuy^>HluV~I fb^C~:ygWCU3DO= fӑ Ĉ%-F;{n2epVm$ Uxs` {hrKi'ɱS_ĚiFjxJu|g֢ܾLë$L5w QđH%+8q~=B r ֿzzM2~풏OZzWbWfFJ!.S)QƖ`J'2ı.a .IP$~<<~+ʇƑ N1Sc?Q2ziI ZjI }e*,8V\gL1e5`@Ȗ0RֶpUTnߝWܯb#]/)݉;"mƘQȆ\7m_M-sng:R5[T!4PcChc;&7'aP2t=[w3n*!0Qףkp'u̫.@wewc@M1yn.^pp  ZZeQ֨-d?N[큨8nʊDjTUA[݄[i}Dd:^¥Qlۍ.߼ՋYCRLӕ#NKzT+:AI`^zKvfY :t Ɵv?o;ȫBvmt\.Ln8WBgjۀt33}u ΩDҠݖ^Kr駱< b bg1MqtXi]WH7D~:8T@A1Ni(\WyWDsi#OpB[U% MIJ0ЯuuoD+?A# ѻUk,EvUJߺ_)7Ge/lN]'"5ȰfMNءmnS$ П0H)B9wLoɍR{/ flnZQ5Tj+Ľ(?_FC~fB*HQiQVp>IG}V DGvi/ksߟ3奄:02ZN+d\L}R"jFv̉BF8ד>o-Z*q҃0cCC зS>4? +?[w-]FmT Zە >6CmC},G͆i3Gqh1︌*@zn۹hTδIQɦ }<qR#ps E1-0 ^~[7G}*l1' Q+AU[Uzt8^WA w\WŕV %_{0]/\ˌ|9g)oNԺ07ZM@a 9J͊m%zl~̡zʃ~~J-6CUdnTD'jB%NKT6MvQ̡3 /$PA, Mη|MbgWvG~&t2 # Na_PRtG ? ~ޖIkn+]H\°T%Eb }52ۤ{ _m_Nʢ jP`Eg-LdkVuҸZJ"?FC9XdT6K[!TW>+ F4s.y5&~p;-^H岮眓&>X>5r`=pj4i27 zNhUy{Ѣp;P13NGE˼csQAӤ~O xv2 8.6,j=3%H929L@MlHNliL*Z Dߣ=p#k!3~b+>:km4oNxO#}ժRe HEYh(2nkf !;](Gm(zցv[e8& +) BXuAA޻B"7]uh!\1oGdSt!aK#H0uYJ76s;TsA`G͸ҖjJN ݽx8ś I@]m7)ܞh, >mqyhuG(0fNh~ؖnt+=һ.(寑X  7p#Lsh%ǤkW+Ւ*3v0wԺbVo`-\)N6x%o)\M_RY?ܼ/X/k>֘ 62 /gR ^v|x}鋂ܡG@:?%m-bnp~m`%҅MXokw LaP(?O7(84*d}fydhIqC7 K`+>i Te6Ӗ ]@ߌOQ-z׳c d@6l/+fH-1 nF|Xo0.X뾊q՛{k*g v!:]QrZ$׍R:.|3/Rb$>%g.m.$š#EPblPCU.Q@hc~7WoA6"uQ!|+rFgoLٔ;#?MBwG`8XsDN-6g ַze;HR>T#]#i:,aki("~ЮH_fb֘},𧉂ؤȐD 2Vn AC:|?zb:I?Cvu I*ǟk^m=hGn،!c'T;=uHmit[5)`mI?7Bj+EƆ[{8&x9t,6V@$-RՎy򡥮qgP]]EkGvGЀ?DpgЃ/dĺ_FejF] ybWfv;=maɖ_U4V';:z!NT 3ryz#O?g9H=W]vMe;`Nφk9>gT.Z_2m$hhW63pK1} 8H .4=#E;D GZsss; ʝV/2gmTj70{>O[ sE|&b8JW~xsVR1I\2.Z9x‡u6?=!Y#Z et}Tnt Y%>E{,}Ko ʛe&%@[[{WC&pMWV%aG\Cf{pG豝ZR74W<>\ _.ҒMVgMdɗjϢZ,c G7"&:lUh]3G"Ua܂G~-:FQ ]iP:7 ejC \ j4cK(?^O+BuǬi{0KhN-*N>$(lIւWh= [u̝(I ƄII)GFioHGm`N;5kLV]!Ee|K{qkآťSqsMFmg8Ѝ7LpWmS>YgL3Yh@`ZZJ4^I"2 |ph׵dDz[P]M&5d~B.a 9>]sCUeH5p2`nt+a7r/aTKgUweV(S:øm{L)ith:F.p}G$Y*ߍ3\f_&n}߰xE}yD^BX[m&X'm69+?)y-vl+߻Jk6ZzѪZ|:a?hGr^2j ǂk{*n@76)fr'ruFtQT8=vM_qAa DRVAlm3'm3Me-y ةuo 2̿iIB0~:- PۂXu}- <²_ o)xXFzlM8wU٦X lnI=p9~Pom>=aU),2fZt5ٵNhAmQcണ(7 8vpKٕ9a.K[OcfHܯ+&e~Ҩ O]U5'?H?b}Y[mcF߲Pc}en>:X'h:)}.9LѭkPbhN~Lar<mk;꟥x&G ӛBdT>Y'PC) UHzVb "d4$1џztGPn#ԅ%$=rS.z;3W M*Q;0~|}j7{4hMq3M( -Eum ap%ߚ=tZ]~3ǓM/ŗ!R;_q㕮ВFkδSC 6R2@liJ`Ɠt^x ʺ:?O\xMwQIAo<0zԁSi-MpT?y?]H%|xT<3DkZ:G L-H4^нHߤn<!NI pH؊Gb0@UMTݦ o77Bfl$ XAj}"C {x;LRjn;ŭcW99{`Mi ́@-̇*RE\78"fmB湩"w Rd,Mž#?4NRđb=qz7,;.OPbj~ N \JWdxZJw ыvӎB]o}wհjzBF]~#cHcY7G3%ҰC e0ZI,? w_2o c&%7+R;_w9>Kmb:hKn`dvyTHqOzڇ%zt2"`U(UT` 7 ޞ4Gh+![d3U <ݴ5_2o&&dBxp' _Rs!}o,WC3KnZ/9[!Y"cgoPfH1 w#-JQ\h3IB8qfh>) clfE;cޱ "4ҽl2a,{MEo&]BI٪ڱ2ZV`G>NOy}xv/ruь`UpOBHԨ׊%s;'&+GWAǯE z[i~e\/&^?6 ƾ$}"-Š3FYaZ~' zpx}]a˂:(*R5h' YToD$mlfl "USi瞩^;ju1~|tCɲjp-k?lO2S;ҡ^~w>Up Nxu JH3Kn:)[Z<⾮i׾Rb=w45? KxYT¦=oqwh0x<& B,xԆWj)Ȩ *\! Ka$vd-1pƮ'o74T 4D.'-@w1eF9Si)MP ]E)C PK"SXs~1:َw=Вm US Vј>lN೶:xF߱ە} /=@W?0"iؓec]a@%dBtgbhikSpE 9cJU\k cnz(du%tXdҞ4Zsy[y\Gي;*df둠/O>x\7LM5ctMO쭸 !k+@,)ai `o0T*?rtJEgzQؓFgTY '&)gĈHeŹQG.Łtfh3[>>W\Z >Fwó9vYg?ibq|3%G2gEko= !.Ill'Q-]ql|Dڸ öٵUiGnTUJ q"vKT.boP d@4b^74i[ւ{awO߭B4(r K 7c0D7 .2ka5ꬊc?%֗qkJpfgdxBl.%NM'.'a}Dv"uE*H u8 zW_