nss-pkcs11-devel-3.53.1-3.el7_9> H HtxHF_yF ?*}}&Xkͫ0y,Aj=["ÚGVgSHaz40999770ba942bb3c34daca2294cf6c05d3f44d6`xeڝrY K F_yF ?*}}sVYa.&\N% O҂U$fMS>8?d " Z GMT         =  L    T6(h8pz9 Xz:RvzGL H߀ Iߴ XY\ ]4 ^bdeflt u vwD xx Cnss-pkcs11-devel3.53.13.el7_9Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services._wsl7.fnal.govL:Scientific LinuxScientific LinuxMPLv2.0Scientific LinuxDevelopment/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64 n@GCB:n +^L^L^L^L^L^L^L^L^L^L_w_w_wa35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c4475ac4fc422b2622355571ce4a288f9575d4f27cd3f901f8c5f53d53f747d0ff1ad5d08d6915770268db2f899d0676f3fe61728fd5022fd57cab1e072c56df58crootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.53.1-3.el7_9.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-64)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.53.1-3.el7_93.53.13.0.4-14.6.0-14.0-15.2-14.11.3_%Y@_"@_*@]B]@]]S\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Bob Relyea - 3.44.0-8Bob Relyea - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles- Disable TLS 1.3 by default- Rebase to NSS 3.53.1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)- Fix pkix name constraints processing to only process the common name if the certusage you are checking is IPSEC or SSL Server.- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.53.1-3.el7_93.53.1-3.el7_93.53.1-3.el7_9nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib64/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !XS] crv(vX0. yYj$Y0 ? ГLv\ GR?~9'Ѓ D~cu5gGђxxTvm2C*IH o;1Dd(\ԬPS(\TމM n"h1+ݞr,DfgYEψ0^vTϢ b;$-]8}W!Wmu\DqbXc3lkp` YDjNyYϫo+4N$!rүl4ԟDȁLe,]J\5~}*V?*ZZ))؏g3/l0jJ S8 ZH amRECj+#R`Ÿ`%>1/tQQ w:bq^ |aUJ8~犵Řk)c >,d7&~mn6* N"pazrא.BNhH^S_L4BֺDVdf yhT Jw_^## s.9 v+=Cz1xdCEE5xj ]۪3(SEN^yɴM7QM ZTGoN'-2@Z Ƴrnz hV,l\R`c?_}OܥV} ߰+/S8`@ݮayZ> j7~߃UV'x]rsh7: ŒT >bX>"Zݾe(Gd{㻜2.&ҮZP_]PnJU+G|K xfbKMKSUg}I puy Э(_P1`/H~ C'!e8;'͚?2SwbpWQv"A`+Zv߂W_#-^ 7i߁|D+@d l!2 fShX5Wwip0蹖Ql*C JT:џi#iٕB3Z+Kd|RT۳qٛjNXpRߏl(({Z;jQ8_HaawnAm`zBƌ-RhG 0u` lr[k!=^r|?|bUz^D)ۡʶ̅O&#`qlb2뇿5;$d_q+l63aO5rp׳aJcҍzbρem缟0mѕWsϪ6=bɸ'v(yBMNz /,"1!*)c pBU+#D勫(Qx|q]!)b\+$tА4T`QF#&5D j«1&E)\igBI`8!)˜D=7k1cŮ=ɡc/#Ǎ~DK<m'ڠ! TN){3N3Ov8psY!5q8&«m PoSαZR ,V࿘x-|x>( )IAk;hw{h&,TPpT?P!8p;dDKsG&Ufu3XNKeF9g7kpw֌%rDRp7*|@r{+#Geσ 1v4 =gpoԫqo֪*bbuwᆕ<+XoFnf{a-V&A:e`hm5d(՞o0 )t"eO&MusO!:Ci:2܇Hi0#:NeYE"fs~(hHnvojƋ"](@ϭA\t%2J=R%ʴx"@+Eqf i^`1wRUPLN{^GUo&8AUj'A8yIam)!dK:61 qy".BFކtZm 6mȌԸÓGBuK.B ֶm@V/Ko(o'y#A:[3+Sѯ*zW Uఉ$Gҫ->hEZ^![j˙Ԧ;ӈP3[q% &ر$٩MS -Ogk\Бk h5"гmuC|򿲱5uSYp"G&AʂpUؚol\"}[UYuz{o2ORvi3k9}F!"z.d Gܪ!74YܕD&fE V 3]oH OOʜb .XR f!Xߧ:-ŝy.%" ?qBq-s4`*1W]#1M/刦x]7*NfTWv[Z5=\kt.6}ԎL=&W:^򈭚6 U  J2Z?E_r]FA15-{܍=:i4}lFr ac&'sʐ1KLDJC+$UQyTÿY2RWK~h2"[^4!rd;W\n:Pbܿ>?4䣚rGD:0{bs=W^w7/(ʈPUn6mJuޢyLSQ\|ODw Vnei8sO/v&`veJ g7!A81ٺzz.LlB4[{eq7^A xpVA=a+d7 #~xڐ ,Ng LFк?o:2 J,<'avT$F_aPRU2Pgp6ۇ@bU&Hs q 7A b+_#ctdXZi:L,C |#aXPV>w3{J ׺ WH X~nj@).gXE~L|]tqol(r#mwZ%GQB/I9ص0g$qZV_Yxk1vhg-]\슲`,Pn}ICw :ܴ=T$ zyn5{NԼlYnapr{sro(+0B׬Zuŏ.M>#ݍ)C?]S8,w#/ϩ)ugVdUt\e /z=bX,ر mS4L3D5ʙ򲉛h%cCկw3cÜMv>k"%)#pc.)Vx< I* $/!tF)n}_,|΃?zk+ӕ9JMZ8NMArچ,:Δ,6Hye8c\2Bp3 ͗%ueg M|ϲTp]xaM5=J:/^#uʎ-kFǑqFyYyJt{wbRٴ?v(]Uz`LW޶O,QYiA6-Ys4Ӎp .^&=į<-K 2o9c>/lS[D_;Bd7Sq(|n~X*Z`7 1#l5p33ߍòc#A/T1*)5M n)gٜņ`$f0"򫲼]z%ǵ b'$ЄǦ-δ% }dr ˞Sx!6g9\;aaera MĒKTPf>[a!n2>FޮU`"LcroCZ`ݑa׻ (v7N:݈&#%'Y QR3l&B"ф0HjǰAčkU:x̓)`(w@l ]Dv5W q*S@V&Cvn*'L*R0~^ 7YvD()~Y\Nl2G>6ha5ePEِE v,+CC XI61ecֱ@PElԆ,> \ / 'ܿ .Pk`vBy_^1J|/e娨VN^BID$ȈU\;j`锠&~"q8yG+e8"HAop*g+ZNҚ)fS0oA)Ry7J#<`Y:'s[)/4Xp0U%lP5yO@w+K,y;:I'3Oan8t]=TC KJ=W6h)GjケIU^PhdŲ0 I7nu'hOfܤW' D#֒S>pNt= ZNOCTLsnWFֺ|3nj]98- V‹:_OD3) ! 'uʧ*`" J5Re Hk5kJ~8"ztٺ0uE,YQ>߷%hY (v}Q|׫6Gmq6NgFЛq`"i>]<2hXytitxgDG$cu,S"H R׏8L;9g$aӞd`  r&m^1P bo&%itubQ+An+V*"w;DmJV=i}BC-QP% Q !잓´N6~':3r(i*rv : ԕyUpI38Ԯ 5}k:yZlB5*JlY~7yΆߔ[q3i`on&T(tu9IC C? V*j^w4!؍ɂsfxxq;w R[>P!ߤjuWY8oF/m*Aw.PbQ~>`O38zl if(81,W<8?H9&'oCCuW0J-V SldZiapܷټVx7c~"͉>w:r* dkH#.sNaq`kHqv.՝,)P#qn%՛:ݷmB|t.SX`5%œ 6=-dvIwx}MU+$ƻ=oeh(xaڜNxMjuP9ͳ c{HSXaL4Hb,d$]')ؔ Nhjwό;lް" /U{hfYB+9ROt(Oo b3׭>O|k,Hyd4ӖZt\r N>o33 9!*6Ώm6P}'*Mm>iy;TFt #>)v <&D2`گ#@Kt[PT`}ӕm^}Q;wXQ2f,H KPg4'K4j&1)/5z?ѫiq!C]F)YcP)P'za0:1՘؅rSz}AT"1qMs B4Z%xW#.xrKP#lN+%3h odR"̨M/G01 527..0 =w(̐\1lF%TPڹ4E=M^=C6q]2[-<6u!gMɃ|/}6phdmX e)h<-% DA̠ZA<'e:o`T3fRZ*{h a;ȶYX 9M+d =p7$մ[ucO h_Bg,w1"f*(m߬5TC*MqR z N- FcVQ[yE`rgQru6iqy?EiN2Q@xKn@_{ԲϔPrtY.Iyk|cwHCX=4L‰`9(d34q9j=߭=Y:kAh#qߜ 9'8OEӆ_[\ωqa`f#9T)c>W]nTh?59>RV$zN?5ŁnI o !C=C?$1#}qtGc쮘SL09dZ~he`Ewx%1$a'[6kϬjH{kgI[q8kzJ7f*(,rK;ow)ռp`]|.%oy#q!-7ʘGF0o)Ϯs,E8)mo'%7ԏyܱjS>|4:7haC`7J•6o# qe^@u*Ƕ d&I p.+r^먟2 Xh)c,?(֫4@!#:lxsX ], <򷞉j_ֶ?Ogy4SJLA,9T!Mjxs~,BED1EY:7r=WPcAgi[QUH˂L o.g[ ۱G7,;*`DVP?Wҁ5aA9d$F#k(@yjsc^4N'fKAj2@{Ɓ |,Wg|_,}+/Us7^LPwT@8"nbYR001 DULm ZR WQ牀$\+mu7vRJP-?(o0fQ)Uu RŽz &R~3z7#h*? tYw?: XvccE? EsXP֫iڶ;qe~? T/ٜvƺP.敿]ç)$J32ĺ1T1["ҊMͺRX`$?I Y_xaA}Kǭ~U[EH & "|drefvB<-ܖ[=NŒ*wlL:E.U ?kph [oڗ`S%uhu -DRn zPcw㡗iU^fל^dd}h<\8GCw>rH|C1%amU(kvW޽<\ޜR݌0=}mB-^d8)ta+`)cu6^&Q,TG4¸;IfTixDk83sT굥B >&3"XU:Fxl\ɼ,\浲Ӱȏ^Bvdoc8[آ4s lb%@*sy) ~zz5[UJe >|.i!+t/uC}_"R51)ȑ7Icf<*(xp5DadYf|B=Pdr09w LRW,ZbЋϒbBF$lK&;#26*2`FnaՎK:ƅ_~%="|7`vZ}dGM >FbH5Ob1 긗C=nK Hpz.F6FbW Y4OHL9oW |/{KFb!b93(+-gy, ˟m{|/У ; Y3]:! lJJYޡ6 3Pf܉w"4 خX^l/ϊT:B'գ# Gvw-MG[%Kn/fnwdۃwBZtza+O&:W>|ٮ#UQ!]ʚu zy1"яmȕ[U)[m#'_)|L%Ia:ʸE4G8PU_h|]o`mG+NhͯpWY+/7nVj! zFy@=%YuH J[!(rd*Ca'A3˭ˏRqQlPR6̉$ /M\$H=TKV杻 V5 *y4oLX8} SBeBI9*bxB~m[Ⱥ+sRЂ5;$ ?ct%'jHs@)&շ.y%S!t<;4{7F"S .CDuoSƣ,(nY`/ҕ{~.  Ənoʮ:n6mwu1T~ot Wٯ.H.c?@ƭHF =/*<" ),R٫Gx?U&_ DOZg纇/CANoE?ǃulOZ"Cpdbǿ7KEm,.#<,R cU\!vp@8Mxn~iwW<Јw}?TP!ڛQ{͵"ZF4b.1$m-jRA{+Bb7F"j7{N6H#:0 Rn%AʅWopVtpK3U0*Jp(h O{[nցz'ˉrpeDLY2Urԟ;mKRZEw'c5+|ܙw14յl(7CrD6O@щE[>g܈@@}}7^;V `F}ㇽGN{*8-JltSg?r'Ct_@f 4j/O9}CcV 0OXlᛇ9u/3^"E=ZR2*;}aw%w[)+ iR'F+j@xϺ=kwt7ɦаoLKOC9mmxn<(2X,`]I*,5Sl.e)T{ N[eyhn* $x}jN-|lz,*3dYS_ Q7v I/U<^W;b0+5*5 }~cVϧŽR"l~@ɦ)"|2 6PQ$M-/AP9 CrYyRlMKj= ο0`i<ڰZ rMEv2Z/ 4'w%=eL5[AۏÌz(01JzL(,rءn4$X煪jt7EGMuSY%An#^X$WVY7Sv0O~G {Ab=EQDi,q2:T׬p~r<}  =iƎ&i$ICхχ3?:p] XDc9đ̬k/rUr'xh}*@ꌔV~6qs7`T&_۰ ܈!Zy`* AC<׭1f$S< s*- W+=E ҀSpp)"r5)Aqq9-.# S#f1yF2VQ Ɔ@-^E #<:!nQ$i]$QY B*]f71r]o%уQcH`cz{D4\_h%-R{uuDsXj/r1dl pg_JY@GgEhy]P{gtv?#?fj*K'}^ 1@y{h/׾c.32 ͡e&i?]2"`Y-)ڃ' /5#[l^q{Xfe4-P QŠp؃OcOL4px¨䏹wJ *"LØs)4tSܗ7ŵa Ue۬ȕ9쮰 >ߣz]ӰĤRpvUgCo&:0BGUɶB75"ޗ̉^w*/BnV':(s(>kao/DYNq6Ny5t4L2r ^ G|IZ~Zٜd;}??3w[ߨd/f!#]ҮDb h,[$.Yvx[Xo4~ /gO#6^P4`'Դx[1.i݃FWHudv}[R{=7l$Qx$שT|;BVЖs| H2]ʿS|`iuֺ|R^ t{{VGnf{Rq6B X$,CeKmqq -ja`X K7rT6H\X'.o3۴Q|D kvwLchW4O SH( 2D~}䀷ki&+g7,}@H䴲໅ BOGyl Ewv*m@l U3n%~r`baMҰX i&x! _N@6P4֨ zo[S3B&CU ]KWOًlξw}X<~"mgT, {-WJSDm_!=/BiJOjU:{ݰXG1OfeQ۵ib` He޿@v/ %:p牳7Db Z+n͆I T38ul E+_㡤8\ƥB?hEWV"cYU?>9#b:^w A,i+ "t ruA=lݒ8=E EaY=+2T ?a.~Ƽ%ǃ[.RU*i.6WOQ1Ct*?9cH#JDMF%#TEr"y=@8˂T}/ɲ' P!ѣDž6b6Vf*+%e;a6lq΍, Wn O!L˪6~FU3uQOb䟽aC睆 Bəť&``jӳ@ZK82Ls2y.VWZQjɁ}aۤ0`mڪ Zg[D+Ct>V~y>/ m>,`ׅF)iFYҨzAB5?G(WBB͹vkַycHn4P_uqxaz0kAS׆:Ps }=r-*r'(j1R*=.DhކK5 Vmҩ,ݻd@K#zbU J[rI0ҙJfS^e2 gL*a{Nh=uPA[t)yȳ{!q65Ϭudk$@]9=UtnV],fIOA7rYai2Ã1]jE ixna'l Ʀ!3mWy`y1:K[D VyRN)Eni&9Tx4L縏IBfŪ۩a wT6p-@v1uimkk/~6,včA?R93O Q m&]gt~Hq֏u#WI/3^^\KȬ #"LA$^@$"?@s|h>| uxo%@VgiMr_1ZN(8c]Oڴ jRRe~[%_q3z98K=Ӿ?=<3S JRu9TcdqߨT(>oem QB&4LGϓWYLb"| Y[7vӺ95D -z]M})*l1;n plwF߉X*zňad>A"lo!> bt)h$v~4A 0KuZjv&zFڅMMID.Q9G Dv!xRi{N='Ezhrck7"$1~NN}~F*͍oL\xqP2YBS!TOb ~ LL\yl>}fLZݓaA6`>`(  ` IN*4}Ãڸ[VL#m7Y$@~uD*[T ^|{2=86YF_P!CLt9p'; F޿ l?MߐGw>vIKjCUP*TޙHkw_c$r<6T|P%;uV8gZ 5 .%kkBx$J f%oRù /@֚hU,FB6U ~JQլ 0dZ*l>y˗_aB!P1u^'S8Wq _jo ޭh@zz" lI-uΧ<4A*I.JY)szs 4pΈPZ2xa_O? {FFm$G\>)W˂^s.2()亥t4#ۏt[ 8ǐMI{FwU3< p~Yx+h>d蓎ݥ4rBVz=L"|>Д]"[ZED\Nӱ˩P2?ﲜk 5(Q2*ɝuD`@g|c!X~-^M~`9n]$50Ftd$!@$i" %M\<)Z3;bdljUBxnW>KS${4T,9>aj蘐2|1]]]^.U0ӞI;/_},Ơm8 BtAZ m% 9_VsԺ`:(gˈ_b+WRla)rg }bH˹Q/6+NE8l:"M^o} v'QafIJj[I$w3kS`Xˎj2PU;}JVaT=ˤwv_.όNDS`L;b'Wx\м7saڸ ,%C2[+"߁/PߌC9PKԒ6R8L{C9OPNW{\k,Jh1*C*`]GO7fjk'c5ݽ:˖hŒ~ T"E3uM5d;y<1X(Q_mIn/o;ȳ@,jQiL_ð$q|z%)ܲXcETX]%ba.;9Gc+BbVJ,H@Coؓ?vMWVG6Re7l-~&;,s>y 'MWGP0l|D*G7Pϫ8M4qWoM6ilbYUj1 )Tּ>pD}T⋨Kl@AB8jV?g}^p}`N&NUk)*4B˩|զ}|;y6Tw X:KBh+AN`#{Dx$|Քk{T4 YZ6Z-*ˢla$E ^ v }{*9oQ$ Ǩ 颜4&~sߛB7U骾 i ] ,{'&SF ;erd¢ԽRγ!~b1k23QK4G6MiHut{Do~a.= Ҵ;{,;bTOY؉EUnJlIr ĦOãl=ΩGNZ ?>j\;t{uB~OA\Ȗؘs;f0s~E*0z4:x^ l-׫ JP<9Y<cN_%[7ϚC_E Wi?*G-9{{&aNsg,LXɲ]TH0?sHhp/I2|OI]lq(;9!E>-&r *`M B/6aO3VXD:r"+is aC5c$p\ϰEJ6Trѽ꾾er!ĺd@ qƞ-(p>b]w w%9:%MuIhހhnZ :܂sIkGnP4+k)b 7 u cu/QAJ?{edS&؅!>]RYn,GqwkFcp@d$> [W\ ՠLuPXW]{9RX"UU*!ASA,Apqb]ЫYmΫ9l1jg,cvB \=8pJ>*~A.}+hxl@VqII@t R~_.UP`˯X'Fr^l1C$bgmB.Ŗ)b6/_o1f2 #h[J>˰Xl⬧?ֿǺ&=|pHN悕׻0bcɁ &NE΁D^<&5BJvpjnThQker^CޙFX8Ƭ]Jz }syɧ@djj{lpʋq²' q)[ugwq3Th a`r6=.1ҏVBn3ԩg ug+yӜm[wi&cAqT=o6k!9_o S fEVdܙܵdz,֙J$DfFXzLA68Y\x N6if15/DzG^FPRU7fKx.\Mt{ő3y_bXα} ȄqO@2ȸmHx[;Ҥ)q:N4M\>2CqCq-!-OI3.myCGoaN]@~kDkq |fI\QDF& S9gya@w\OJ%K*3Q@C} 2ʙkۖ%.W|~?*c̵Fm光+>ީ:J?H9DCǜt4{l×x6Xj2x٬ @p~nѤ.4Pf{X]i]j]ߋkX-)lf_+v /QP\#qjeӻzO:Yfb[M%:| _Eg6m:M\.A\,t:7*G#AE<{Fń aZܞB)HR&1Z@x8P/R祅bK "S=E"^Emg+SӅ;zZ4+ hiq|ey݊O{c6c֬abVI]gNdc`\6kEÓV ̏NUGK>Z %ᝥғF݋=L vĨe95lX`(T=w2C-Եn.? X="9#4 y< PܸرޮGd(`i۬#hkLE?'t89ZT[/l*8ݘqh2U)Ɨ iBޝdWnbh).6:(y;͹‹bS+N0ׇl7YhvcB!y[͔ECȌTn m׊6J/ȝWQK0%X}}׿߸~)v 'IFVΝq),DSgnz^=,);cSo }N0w}4LCzdҋfl,fLYc_"$Z_FM7tgY;"AFdH'6*:-no Uìg@R7)eR_G)U{A!rmcn/?|.?򑥪\@_Ҳu2!Cj|2K{*2kS[(#oG@(&uAwSUDJsS" 2AEBE֝rsBqr ߐ$o~)* fQ`SKum Q=C%"z/ ,Uƅ7pϮN 12f T ?iuaNI3v[H&+ӓ~/aG_O_U@lﬧ%E?+9bWL<< xiB *&eh/q54ć+#/e^>l~tP-ԟV =0r2}x7H,W\sp:l{fXDm*MbyR:tSRC |0" *Fa@ :ׁ]K@3בt~w"jY?Q3 tkhgYpo5~-44Z}Jsa0ID}VU4op8 R%T tjRϲd78$Pͥ-/H\J 0yߏߐ9g.EUEvjb}? +b [+:e?.ΐ In19@z2: 1 /X `".<ˌ~k= _+]R321(黧\ 7+,"o?{-jqY& g4EtN)"2'/1vU)N'KRx[%]> 6Go4as%P,GdvX8eAQ\R< ǝ9% 4Y O/@sw|m:-lV5NlY)/#(gL!VE|ɻqkag“pI8|=.V]ě4tZvVFPKeMU;m$#BEܱR_1t,@8k=R A^zvj61] *;7+ Ffqơf[X^q>ƻu?}0esKZ[CQYo-vzrd8*VܾF:3!g~ #C^pM$jI BȤ"]!mCXmfp,iy3D!VjìNsk2&T@fOI~ȥ¶*Ăc!Ak+x|R vuܹۨ>C5nk3x:3Ԑ*ϧM_},=N-J,t,&{chx(Lgb=ꮕx81o$̇G޶BF%;D#`I .$X]%_;F3K>d~/97:rpgZff$!szL  s&wTWqx9joIm =]D4Jsi6KȆlZ/uV6Z<ƒ!,To Eq.^k=nOd47@{y< ߃@6pz3 NGvɖb B }|{ݹV=d_^ԁO7uG'dY?.~}^❂&i>-<.WźL| Q]. (*Bb.tƾCxdPJ\ֽ]~`2 .̲or"~I/'%Zd}#);HM JD\' (%t iqF)X>Wd=%S59gއ5ْ#;#5jQ5''ѠdQ  mk Ӽ@:P^Y\loh'G/P#<0fZv[\k@p | 1h4v`!FY}[B0BBCb'3ǰ0Ɉ.CT@usͩl#ԛSҗ(/[  ai/ߑsN9&'29+IW: 'xL8,ȶVK)`$=)leF̿!r_i\VL(cB.S=ik]"ύevb(OamΕ9|$e6͌$0dszާKnm/^0:gP:n4LjtoъX[4r<9Z TjN~9tR"#*^1DK_|ϠKCf r']q7?~?7,K{:5u?U$1OIܣЫtTt1Ɗro?܁:!?Fҏ%#* ZXK9bSR&_;e\T@a?bOXd}"8X9ݩH@߀PWo8$-Wؾ'tb PP햦3s<"^xfwc['vx{a_DNl\T*sTGB 9PPf:pk!Nթ<gjzvЄE𻕈CbDEMa9H,`ld$JWx lt:˘(u<:6@ UƀskEviV OBzJiki6'ۓWT{+$`2U>b]4"8pރޚW +;TlTrUo/O+vxri:'Epg mE>E*mU7ƪ"\9 WWyO@#j*X-IŅ6#r0Mx.>԰zKSHB:x#/lsR#±5 d [ZNf3qHUAZ;.:Fa$Z(+;̃tQλ\1j=Ly7i"#G`z5 1ē3R6 WA&:^ɁuW)kk:~?Amv┅##}HS'}s3!)~z`hAOn]dVڞ %۶j4k=UvNgcmyg Ԥ~7416k)eTUQJ혧!U[$Y{lFok-^T ;+7 I yN;cdR<$^T,̀^BվKfQWcKZa[F>FpֻXF =OdZ^1l Ndw`ua0<1p''Xd'p%əc^ 1jِfUBrPH XDlkCڥt 'G!:KY{z>~Iw=+ǥ5pcg~~ M`s'^AwЪ>6OpnjNt8&nL&ƽ5Ԝz#4RƽjI*O3'tz tf9fXs&@0.R 7c?#*xTk3r҂@o|2"n0!EUX잊4I>[jk)%I= =d ucլۏ%jU< Wg؏r0K^jmk4Ȓφ }!+硴qtJv`U)O *xI.ohOE )ۭX ۲!5Tq~Gn8A:( 8fpT*΂$za|l^fNwFgϹۑґccR^t\(I>QRS6Q(qE䲶~&_ oDPUJBQEq4gH0my[ :ە =pֱgҹB3F;p)T7 E$Q \^x$wwi@ @s䥁;f?-C}lVfbufnw.-TIy~E-I^;a K 'wP4&=ڿYo $Uҥ7+XDA6Xyjأ1Ukw_!Ђa-}¼KV.v$(IͤDKm XDUSF=r/6֜o X޻:72[E>$P,`A:kȔw6S]]qUpA>4ǁx4 IӢ'D }O9k[fO1슡?,簲!ȟoz.Afp0 ]vEϷE}k+m{\;r MtV&&$d&n8J ʔm8;ŻBL@ou °|[0wѨ+LG5j`Bˌya#g~ sغͽh饻uʶzEu@pss拓r ==;;H/?= &GQ%'WȄ"KtÁ1?[" s0YA:x- .|/sqjbɧ-^`˟ڼ$~hc\H q+Yd^B|vjđDZ,/:'[]@ryY)b;&BESJw&YY^^>Pd(Q`+mcp#m9K@MrU^D&[Sӕ2>9x)|H덿W)MKRDm\7<{\Zso N*ȑ0~ N٥Z_rKQg3|E;/T̅ez/r`drҹkZBh8Xeg"b~T(jZ% Lc)73_S h88 tfm ºK9T԰+͠|_hPsWH̎kdZn!$ϛ}H$D\T\95L}io.d0򂗖 6k~=#^RU׻(em" Ӷi&@z9B氍:g%s ?V'!C/o3Ot"*QAtq@% E.Z$> D^>'-ͤ`=q5 Ke{')͍o"}w8Orsn7/U(}_S6$Lz3)Kee@_*޹B(&xņ⛇Ԇe 6%e,:hd8]{ڇ.㱏|螔j>ř0;`(y/CT8v/jK$+q4Im!G 启L55[Y%>' Ng:fWVkB+sc@KzjuTǎ+/3du"m&fTt_GdUʋ2D-UFذ*O#i}4Lvd]fB? bד0#tL~Nssu4wWv.pj,fX!u;HrPYzVVYuEkN#kuɾ>ʣ}o5[sf9 HV²ʺ)^;0t>j BQ^>'hߠh ZkcG{ 6suuk .Omt{DLs&`eFL> D2Y# r<{bۄؼ 9lWի,yY)"0)kDsqSaeYZmg+`gx{2l$(WAk4o#A%-gnDžiLP*`fYxAtQAՉM On{$#ŗS!19 ơ6]aICpbu-~b۸5t7k[~"ڶpX.5uO;^. Ufg# ^鵶ÿ-Lѻ{#OJ-QwLY=4Y"=͖Qm"o9z[(!j\ mx*?̴AN:s+0.^"(涥A<҃&ٞ ']__KWQ~c`Q)r=zo (_P~xҽ%-9\+y.WS;%?H? ~xO>ZZhq~E :b+gC/t]Y:x&{7 Lԏn1ɉAbWh |i 6[!qAXyw%dKqK:͕/QZcyJӥoy. pjG"ja^Ni)Lw#Lk:q.ot WC9%==?iŷY?k+l.; S(@V[op_p7V`Pn*(+^'쇭kHpB3Խ|]\r;ƞs*2ZW.̅!t6a5<7ixR&E{~ Ƈo, bל^"c.Þr.W~xhq&)ƧZ'dS!KQ-,hWlM53 兣:oɺlъDIkPWc(hxw= = ¬ Vr>vK V| D uf=?4áӜfdb¥M_n&gy Ѐgrͪ7u88قwp1P^~DuOQFbKǾ {FÄyx\@mE|LŌڷP b+ŒEHb51.;zjZ[[SP]J7H^5ElgnD֓W #NsaC!G89ơ=F92~M,NO:I6 =Nٵ`җCT+]%Tgp^i>gS iǍݔ<;\LL[NLa $')6f+O Dw[8kx'6]i 20 .-k-ى# Bot_hmb%ՏECFu#[pе(<)iZ nR_џ _>1rY:a5@t$-*j)8ݝNV}DvsU-VpWح`J)0_Ո. Qvjwe}X)JFKl9WV-2!:{՚Sr},7P3 mj5KҗC%J#̉$I;Q@ 6eڄo7vvîxeSS@RԚws'-jt-l+%ae$hecdaZt4UG{B6Jq >gS^01`H"SG}/aw2"YR ( $qE24Y_?I1 *T5enk0MGirXW*8R9{4  ֢PnW^ D !Kl]ӑIˠ_lG h0 @2|2:ڼ'SI=ooѵ,Z$@/s*pfX!_bߦ8i\҂ 'Z]+1>Y>/IU{Zc8%G7H+~n75GG dhDӷJT; cT[bb6eճ!i.^zbU $\my6e6M"pOxcJf73ޤi1iœ)q~:@]NƾBᄡ{]=&u c9BV!Whk"0;g.v܇KVO(q(&ϖLO @g'Ψ[4|8u>ɩ`^]2$ 𓬉N aa8 5)۩.kC D3ÉW~^Q!@ <"E.PЪUu&W&L3r`ݶ~(M2Vc^T->X>Bl,{e:Z7f6-XUim^TY3П@!^6)ifˢI#ϴ, H 09+36>EttςDC+)˸nJ%CqP] AtEDbF_4I1O )t'DehJu Y6/YмByݳ JweL(AAᗝwaBd!K.M% ?Yj"V]&S[-5["Y޸n^:/MsL0/ϲ*Q/E%;i}Se#{S;e|C%peW Ɩ] E&(,[K7^"*^bͿP"G~i@%JÁL5`w)~v p Ƹ1彜Y\Eϡhˉ.~qH=}^j$PH;t%_uI4ދN(sP":ۈepoH3g0(.)D5kuɹC`4gD h hk tŹxsOD"yNwX]8JhvO-ycK[A _Em?Xh9re/CɔyкCj̞-X@,7`b"}h/5H#{Uٛ R09^҈ ϣz4ѿ# Hˮ !nJ].|Ĩl++]ޛ~rކ/KQt$hT#61g;T+5H5Rc6<8r8 G)ipǫedz;V(릭:M!d^shkWӼ<85”a]k,"խ_gR%M(||7hDWP^&]:Bq{ĢBﶢ g{kW:폚s`VIw_O Tp:χKuzBtPmam#&7z:R[ƹ#־F8m)чSTBߝ6}⑵<0 mek5;'d"Pǂ0,]\a6g/hYȹ8u`m˛QXF#pH@/G"3/DBSp_:RX|5u:Sjstρ=AՒ>' NZfwY1rV~y? b*bU%pbF N#؎E2fƫ.:Y_ - <}JU٢sWe(m9#Xf>We" MCKŒAb^] Bd4mrE G:CsvRD٥%iuEh1@g+A +>~e;ccXFRsx- 2Szju~4pA¤#LB"G"M{ItS0#vIIHqsBЫ&vq6"eTk żd 9v%/@e>Y">I."3E&By %#V,6۠0c9Z 0ћVSyQTr ;s t"j2;]b飷aT3(BjZ~{_f[ ?>b𾧺'oIzJ'ɩfyHlReCu p_ia{RS߮ fR fٙrH~ a3"tS:[B;n#CC7R~ZAz] nw/>aƛܙϧMETc0OᕤKTIcM^l'jGMd/į_Lmt25L۴״kk &U2IuAWPH pQ= r>~qEp;wy_xI/]J 4*֓fv<^"j"P'dN^CS(NTP NjWP5zU^O].ti\*6pG :j+SsCdn(^:Y-T'YqEa{p[\0uC#"..\ޡdvoGV-7P:zWDBc at#X;*|EM=m ͖]$S+_6n{- v'XR^Wn:x? K_뚠,hu? U1;,zEv.BgG^:ϭ:HMKgt/^>V9fE+ ̍&:0Us96`wjq< e<`czxeԊaI(Feo4o{⺲xkv6G"OϷ;#aj2 q]̙`LݢB(@ o7K`UOGTrynr<b)DƚC\2$KxlZ~})E$JM\+v䫭9bDžBb80U/%~bJ45?V`׼iMڈr|˹E4khwj)Qzxg4FN/e(`4sAu.OTYEP,<ɷ3"Vmllg2Y'Y2OFFotDocZ3TB2sK_x@${5[ C2;<>ڕ_D rù摭?]=vs}K$jזo:Р\U1J1}r ϏV .6imL"x)O2dpi$aNj;N/" "V|bb{)o4&4sAKj}mQ@Q/bp: i<P|u\{$1cvS[*uwp Fb,z$#7H*xGx!9P!(mVRZC"#h=H#-xlX1 BV+]ȋLVػ/tٞ#R_sJ;Sկ.х;#dȍ`mˁn**HZYLwn:ڝZCX3K⧋` b-o$9#X0JD^/7bm?{|AH!VLS2e[?6wmǾ(k M!Ҵ(.Q0Pd@l8G5o{\ Q 0\jv{yDar_l$L#v%JK=^9HQ2;J=ˉ|0@@{8#%Wp> Y,M[bN{^`4ĐY5ޡ{*B2 WuѢCq?25w@@}PcJ|d]1}Is&?a /_mVtzO3"mV=>؞KGvZ];^"kF%APf8 G{rQ֣b/F_E%Ӡcݭ78d ʠH !į֖흵#iU@[ZӚN90S3= KcpZU+0np`8k'{XKlb{ѽ`"$rU$0 MN$ ϐ{a4ɡ]ZH?EVD[x6# 3HuI:=6*e^pMfeɿɺtPaIhYAXVodUۨ^ZFv$@3qIӪ֚ Ĕ6sʇ ̎g[4_ Bx㵎S7Z$$m0&F?ͫX~{̙oQrv VۈrfYFF8 J3.Iٖ4Ҕ?*YҲ*t҉4!7LYhxSb]_2ٴ~=d/oTfX'6G "mD_TCy=%YRjPWߋ@kgh ı? JQ -prs[~Y}ֳIM>p+fZ;Mj$RpTf?Qs9l(E+]Mծ2i$@Vsd HKӼb=5E_=Ϣֶ"kQ/ C &BK;|WuB5^~M;2%y 4/fd…Cjզ1$V~E:AbU}1Au0"zSiWӠ'_t|%\[Pko]r{ffu2@)<d2y+:qm@';S׽Q߯0xU,+wv1EjF`ix1}pm+}fK?7'V%zü\%]B͏cuIg depBկWiAP CV[R5*p/tCYg C.GJ'c4Uz^Ǝn* mb9 hIoD'0k (aU 9 b#T^/5#eq,"xtű+_WCȢ톟!͈ c[8ⴽiQn+ ɏus)"mv eگ/#~~%|51ty:>ٯ4u^xǁ/?[I[F|KI[T}oգ>5 Ff2^7Ւ}HoQo1s=ϔ,9xg>t)=bRX_ h6ΗW5F,i  v,t>"e\yisX"<~ aj=CYI;ЋL>SEU-%|58w8ힰД+n.kmρH(vV__e *;!浳VU@eAe DT>7ԏlL'WPȬ]}Õm-"ɭkNRs6u;"̊ԮU|:TrpM7m^yAMq`sIL5:~m[ӊ9ǫ6?6>u4J81_NxeWe00Tۇ}up hU s^rGFe/$uh\GK=֌'jc:CQ$~˙eOB[G]\܃,/x:5ծG"ZHo13qf(n:}-fݹu"V-w/ڊ(R k&S!L$Ớհ&[<,eτTBڸ?2Ϋ!Ec8ŷS7H@M8[%\`Ee7-gy*߾ UװrX'Uh7=|&s{s87⤜wOwAA*a%pMS@LɊZH s= `Tt |5źꍍd3"r] pi4O#d7ΙL-pN8Tyru#XqN9chbĚ)3\)&4*6\T q\1G jܲlZ`w/u$'꛿7k~/^} hu5a;qo[_NT4Rޑ%5x*\_BT ?.؞hzd' +M0zԼ= 3b.\WD%$5V)P"' &-#R-ǭ._CX Y2HB"x cxܙ,ԐR $x/!=·.sn㽙M/wH3E*$k akA(n>LFB`X%R ) j^Gpx1~ vhX椊au]k\AE'0.v{3SMX_YonM+N Z|$ʈxę$5w%.J\Așwr3f=G0) +3%.l_#*R~AN)0Y<]q߁'!:b>KI4qR|e(,mLqҘzp Kr3T;()u Rt~p_TlEd N9iJv'V*-̫v {R?q66Bk49m&?Gי'_+4\Y127z&2'RO'$%y*KD!ah(ӳ,6`q,OkM.*_k -Mzư@S6,6uSdْF-ڮTXm2\}&I/iҦ826hI򊅋roV=0H.[ mp3DUSF~&qa] Nxb3|'P+8h cp j %⧱M^>)u7WnD􎆿FY3k.JájYdM?,62>r_K{3g9Rn\@5M |"֣`kD-s@ۿsaaUTL,9U-Gq'5vb4zvK:m}&̈́WGl6plvM @=+ M=kQ-E%4Eaml-Ba,r] BbgwFڽdޘ#WJ'ˋq@es[=_>.UE&ӫ<`"i|+ 21$>b]Mc&*X6kyMi  6)iˮc,JVHm i[? 6;J d"i8" "Ĉ?Шtcjƽh_znw;)=O S*' PWW~,F??Ld(ǵ$t֐;[^In|a2 *)¸۠[^$Rh.L3f*Z֦Apjt=ٍ.4 hVCi+2uRQ\6 POX[!@ٱfNW$'E*&.fjp{.NAڣK%\eso=T9媿]q^*ϋ ǜK18>3l9&8R%S/2 V֦dG;ʩҩ){J4-F^AQ!Т3P/ 9K$ox3Mlʕ`LzRH˺K_K>c&T;3tD2Cݭi[[ U(GNԮ0"-/gXL Ő9U&m``n+g|ֵP-mI2^(rj;G2=q]`>.,h8+5'bm&~܏O|IZd qP 翎୚{n>y3wN> Ѣ`zdurE#vTRaFUVZ.FϝgPם: oجϋi={ X؍cg)r*!c: `Xnp@VT[1LNʸ_hv~( q]vtH(]RUk΂X+u󫅕$ȄGANF'Y6ޖv^C`…] }bw;,5a`/::ͰKKg4|raCRԁQT@4*pdgJp ^(\r:Rg^AG׶%p!f(J9Ԫi+K23ZR9;I:u)tKu:Ym"uڮUz APٳS>5UZpԂHk4VƑنSc-ݔI V' ȕqW <̥ϙVzneSUvUT!&wA M_ߣX l.)],&'FfU"#!-MZ\hp:dl# %=;dz;cb3}Jgv3DmcмؙbѮՁCE@`H(mO`ٳ)>R\aRKQz,5YfOmji:."\{!tkȽjLPuZfd4 ,.n;,[¿EӶ iؑ~DgBo:8dq60x#K7#| #QCL?o KkDT$㙴bUKƲh-vo9J k-b,]nZ_ ~zW^lEg~tU 8_;2O#OD_O \5>($Z'v ÑĮ'y'q%oBkpTO|hr_\6Xj㯺dr%iCKX:^ŻLNӇ>/6SwnVE.Xվu(FFӣ )mX\,mqvS=R.!1m`v6z.R6P#Ĉ/%K,xV ivܿdN?O:e7{ueKzJM# 7f`B.+s*VX7c7^ދ5w/ET"7\;N`ç"Bv5O90~£[jOZoydv]Kx`$\3= ,yGw, C-_9[mZCרu_jKme1Oưzga]m/xlmC& ފatqu` vG bP`&aWX!&vֱ.ɤPh64=4|D:MQI"$%bmD/Vf/iE_jVi!Ko:a\2DM6ۼLum?f#'`قpBEZWv=%zcrWu&iEJ-1:d1*g*OQΜ" U)xHLD0Fon'o=$gDnsOM!ɉ} )nYױnXgE˸^уIޙ5Z)V~Ye8p@E4ވ{Nr*EYDZͩCF6 ue˨I$C!uNVENw8Cz [d턛 }M)k&5s,C߈HiW߳+3&l7a"Fr]đr:Ch_[HGэTNr"F=~ i7#Ūvsc7 k $ j*B%qDZ{4%Mv/|Ԗ ׁ3NƄI/ (iL{ ̀&@I0F^+|XL5)klȖ]BpUcry&I|^Q<^-z669>?zc ws'lgEg)t}T(k)B,ҤE H)1fi^Cu Hvy>3-EkW0zKc˻ho^y[\ UV.3c7'QZfl > p&sWѯ^S!ie/3u 5d^֔,ȫN {MVʺ_ڤ Qg{X#,cZo! #t }墘I SŴ?p00&1<Vpr/UPW)4iAtk$P[T4KfB`vy\Ri]ev}̈El@-C1ݼl{HS>vۈ._kQYWBR X0 ]'#|/;Tkn%Bf:~ˆ)|8cPzLY`W#0ZRc#7|SAm4&CۿqzsϺu.sSZgRşن:cI$G߁O;LisCSżC֥+4!::X2Js9|xAc; a<{>$}v8܅F)>Lf7&;O~ 0]@r)֝2w7,<4%*ePg:2o[(K*d8⣰x3ִ7boN**IϐLiXQ<tPd# zYEʼn5*HslmeTU)]Ui]tZ *?aU٭{鮽ٕϘ 8V w̺G^+РGY==jWAXDNK0񼫔V^WwJOӧb}/<*V'1}aMC淎poѩ "xkO >dzlT9)O?zʃZ!`T+ MPwiNxKUMioQYP'TKS &jtۓEf3+A_$a̔582H4[r9}2i,yV8 غԡPK׍Y0PCrQIыWvn\-A1{Xa9à}>\>K7ߌ照ZNl-0#ށ/fGjZ Kbo]뼊.KL[oJP.1Jpt%J\g[xXſkOc. Z0OTPi#b5wn愀-. B(sZⷨ*H1'd2l [C KԮ Ȋ> +zGúϪ+X%HW׻6;'8~ު8uƔ>ib/=q]=<@.jj` G<)%^B#,!{sg~]+ ^‘<.jsRu/.@~GX ke}G'{bVԫrYЀbUU*:09G:lY  1]%`$d=";?WNDyA!V:,t/'hdۑ;2{+nEݯ2w`r"ZzU0c)De3[IBK>A1<69́XM.F&)1@'% DI 4R.\WNHܓj[Zs!až A2)},;IlG,w Bry?.YKE[U>ߧoj˨OdnBLTSڄ\Cnr1B7>F_OԘ0xQ@e0+i2TjXwb`hܯޣSosgƎH tʛPdǾWkڿLųWP2zmҖ-ǧ$zu]Byr'9-2Pc+0~j#3k{ysGWf`IcFO];z J&E_<ߌl>7d@٣z, o2wur[Yt'TޡZ 2xW_U3}zTuv _KCy073k8 1Y*4T}̹SgCn_ Qg4XȨܵ ea_ Yd;+m? Cl/f= D=EU4EAtrR}<Vvg݉Bgڜ{`;+Qq}7~Ԯ;oҹv[c~>P.ST"uNs@̧ @ϩD<9>ĥ"h&ǃHb1' 2#Bm`@h/86 i`{l6 &ރɲ9 +XtƑhGo5eEbnPN0 ܿXsD0lEq`=m.IlFܥ6'~q5Ev=oUwrn',|trzFIVDIFwنnG:̊*cwĸ&,R9P|J9?@r\n\8w􌊤O/&7Xtb^ tN48@XP™Rr=)fC3M;?%lp")krZJݘ'a*-)aluܳ/pOc$4r+'N]"B G6k.N-U0U/ڝd7GeKFGݝE/]u<*Eo脄Dh"OFLI@,P}\t{6&zg1F7IC}^nqDMe(= _Vk ES C6䄼*洑kOdM1 tyx O2`'n ~0Vm& EJ Vp}# P 7o>[,‘qhha,BS_(C_ *[pԜ^xٗo@OBnZֹ3JأHX?#:Fc"TT\uY)`q~ф?S:UDZ9"+ېPq=ʙ^xP*ZH!|EM]Hw 1r-sK?*1cXB13qL,tb7^%n`ͷ?sv5-x/9mQV: D&JT7~jbqu!y/d+=&k_Sa1P̷s(m9K_[5y>wd[}wMdHoCQ px#1Ũut|3'Uϔ+x~딸$[) {El8+6@PF1æ5B2@CÚ7%hϊuʿ] 9"cD.ڄ5(H! mY]N3sJzX%%5A'*b<.,egl wxmocƔW+׈0䛥";yE% -7?u=83"w2oI2RK$r!Hdi+Q;Z@:ܕ]`TkhQ95Km9e@:}d;A[eÈ5qKi4k8}ĝ>~!Q4>w .^3\}/_U8UqKoyH!ՌHz#1 YkJTp4'Bst-o$w/IÈy;Ǜ \¤JnBV.%C0-  /Zyb0c6p~5JbA[&h{C3 6;~ۡXUjV8Gg`K> U1sZlaUg3?I*`as8 ʲOjy=mfn_?q( ` A?1!&vh=6İnj:ЈjɐZG3=r՛ҽ>v"+jn$W&=hGPwWAZw:P,4/E'Y:7xBrjp;.1EĐ1z<l"CZ+4$xTѸ0ҨGI}:cSඍmM7nD#|թDe=l]74,On``H<-#"UEc>l:җ9Rtz.~ ht)kq׭rme.gryHu CAzqwa:בOrPqo^?T&#$`#` ?(/'Lۭ܄ڏWftbN4*,L4 wCʄE6|H0l#4|X[|yǏuKPC_Fer)^]qlʋ2=J5@;Zo(?X&PPIUF6.z8ᆙVGGs+'{7FQ K4~n$^l U/!l9SP ZB|vT0dzx|mUYxyW(^'hpўuT]J @P{ĴzAf>%ب&O@yu';"֜j` x,cl<$nm^t@duS}L/E&2:+ T(Sy9klS-wdHCU`2;tkf:RZO7yr6):c- |=z)T'`y%|d DZ\r}}[u~gԖq Cdφe ufZ8L ;~qξ&JM#܄mի%{+ki0s7r6hqa9'ĺ@28`R6ۭJ~Gr3$pUaÑTg)L^XYrɖn$yҒlM|kFfu,;MKk I BFK@K ^ V[aa4Ќ5WwIsC( pQvqMLʥ  ~Ɗayth_\+b!9УCqd>v>E:)oy`ʓe"I–揀S2M\/tuYBY>@8n*5{bfs]L9)ǐACHOld]oTjspK8 j"-dD3mi0Lq V">iғPA(ByqK85@W2Q~-4M!Ȑ]eZ>7T/Q7yN"G6օ5(րYvFaf]K#DW[]5ZnөPrwuNϮI1Nd6(N/.lhF 6;W3Ə'>7p])L'dXR@jbl,|?D^r{,yVӸл8pk,L1 Fe5uGV^j"jy+&kT6`uNcmP*SȘd\o [n݉7*p8pxMcqDWPIIypCFqءٱHٞ`;91Rsү6%!>=~0?22Zd+1*Hq@ Mbdgqcy4gφW4I _WzysSRSw~w( fKl;Ա^sl1LΡ/x/$VOdT݊Vͥij*mtjCHRGk#աH9Wk^ʗx'֧/lS eV/J[S(@<F i,s! L[-7KX!LlQ2+Z&ar{; uIJ>JmLN)BgyșjǭF+ ?i0"Q jdf`c  7h ظGZmoA'D|C~Ԩ$hK>ٕ'N}sy-\C醨Ǔ."'9]VƮ aN*^r"xrw[Axy/qTSpT?R" 9ӌjt-?|;Dk|;wX҆E(GL}Yf K=[{~=CS,p]7B$($h:wi h7s+PVoЈM%|++2;+>y.@}Nj/-ƐPߐ,-+U s(eQb3|{2NGlN̢z2?_>M>YV |k0s_3öGk d퉷ù/vdbZl!-HHXHeb { o540,KA|+ղf} \7\)Q $ ܣe ͆*?Z'a\_{/t!l9!w4̿u둺A1MZyS8ag@ a a,>ERzv #=<]żXU2l?PKiօyyj;: 7Jɬ'=A6xYVධUOfn=73OUja*GH*YI8J|BCS*wlbSU`mzB \K'ݛ kŸZwȗB}X(*j(;)6l{SzDmeEbF  YZ