nss-pkcs11-devel-3.67.0-4.el7_9> H HtxHFaK ?*}}ka@OMH$bFaK ?*}}YɭyIFxC))т.N2rWgH S>8?d " Z GMT         =  L    T6(h8p9 :TLGL H I XY\ ]4 ^bdeflt u vwD xx Cnss-pkcs11-devel3.67.04.el7_9Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.a7sl7.fnal.govL:Scientific LinuxScientific LinuxMPLv2.0Scientific LinuxDevelopment/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64 n@GCB:n +``````````a aaa35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c44401329b75b8b64af6f2d36e8c21d293baefc0bf921ec4ef9c307cbbf2a54bee68ff16addc46460fc89e15dcdcf2c0f7803186c761eace430c292dfc8efd51520rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.67.0-4.el7_9.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-64)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.67.0-4.el7_93.53.13.0.4-14.6.0-14.0-15.2-14.11.3a@@a@`@``Ȗ@`@`?z@`3`.V`@_%Y@_"@_*@]B]@]]S\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-7Bob Relyea - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Bob Relyea - 3.44.0-8Bob Relyea - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- fix CVE-2021-43527- revert sql default language in man pages - fix SEC_PKCS12EnableCipher so python-nss tests will still work.- fix sdb timeout issue - fix incorrect ssl alerts in Signature scheme processing- Rebase to NSS 3.67- restore pkcs12 defaults- Rebase to NSS 3.66- Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto- Update to CVE 2020-256423 TLS flood DOS attack patch.- Fix CVE 2020-256423 TLS flood DOS Attack.- Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic change in nss-softokn.- Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles- Disable TLS 1.3 by default- Rebase to NSS 3.53.1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)- Fix pkix name constraints processing to only process the common name if the certusage you are checking is IPSEC or SSL Server.- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.67.0-4.el7_93.67.0-4.el7_93.67.0-4.el7_9nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib64/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !XS] crv(vX0$*jk vުڱ5S[94\C$ W5 y)-,BЦ$v҆JTV1=•.AMґ6C$OH!8"mNm(E׉{ǵJP+eORC)W9oVREf,P.#19Ģcv>~l)JحH^C_e@͝xj4;ErzqyomEBZHH֑{Eؓo\{0iNŖM'}.ߢ8x1[gr} _: @#Z  #ḠL,ҞۼUi6A"&Qb ?x?,CrH10$`[M-ŽoJ:$͸Pŋ_YݩW)rYtuY}o~T,)Bv(wtȫQAh8VaR9f +/\ٻ 62_ 6JZS6wXF3K:QKjj]،NF# p{1dW\g^V ~<#ݳQoe 6?O)"VőqzUgib 2,gy9ڈFcҕji*ifb *$i)sp+8E{}HݟSFa)i$Њ+Ce{d|4_sV:dd=w' 7$4YeVteaP| 0^'єYؒnR [qLv3(xkd~IK6QE;&VPUdU 8(މnP5V[f p{T_)3?-aY[wp8sR=P'E(Yxi1~I8? +BM ݡ bWALu^^Q"ryN Kʗa?ҹxUYy@x.-\5ɡHF *O")*2J9hIfɀ&[I™^EHv쇄A.4 )Z@"6Vl(Hmf!a,V~3~$ԡNO4]d-ň <7$XݗzRRrε1fP1jް2D{4U cH3 A<]ϧU>BïHt>ZI Luuc2Q3inK/w xpx畂*}w Lndh5J'o<`u~¶jcBd໦3UW*qQƈRA;,5nhcU\%3PIg7".LAw f`1cPvr1c>km SMЏ/Dꢯ.Co wm_+~6An^dMzi9rD(8gWL=9}Jk-@(۱sU#8MՅUr溴 c-xyvUP_X !C^F;"a'Ocɩj> u v-`~bKk31]Egl =SIJ%w UHl >06Zmh[3smW@).+凄L(Q'CflWGP&WeiBОf:=a2ŪI2 PP.F_|I LdlqKTT0r ,UU;بgﮉ |#GG.ءM\(xL,8ٔ¡1wv0:n2|kWb:![۱.L%DVAHlҧ|Dc34<-Zܴe3rFvXLF˒o8[4&w.)/X{$]%U nLm'LC,n_?*,HSV3#}dǪ «R0s#{}n)~ |b a \S#~}B\!61w{\I{ȗ)P 6PTk~Dv]}?դfftkK7\Ut]aVsǏ}M)A`WfT&T4,z+B]7ߺOV,̫&9O<ӏj `33YvԪ˘l> ?s,|ud*:<z?M<.z劵DvqGGo$R!TEd8zA;$1UW7伌Ufr=_6kNftG\KJ{QSF-etցhhedny*C5&Z rUӸfѩ=Ot"׽*yS5"C-HTvh1[{~1vfoPq!Tt~o4W%x@lbFK=hp`<>7xoИJc̘ j&nUgӹ(7;G 1B*OK;s@`B8UlK4:QYt}mp4B."v[ef8"%mfH:ŕn$aXy ̳Р-p]Φ@踉mញX7/l.&eM0z_B&Ms` 1SHꂤQ$ߙS) [bsZaAvil ޫ/U.!iVp4Z[y^u&j9OĥjuUsߩ`+P=nA=dmjg1)*3jZŭrb1Tjj{ +_#E`a<Ot["o\6*L m<)T{ŗ]NT\?QFO=6Hۇ0#JMz=c(\J иId/ G=lLSh'9=w)u~|gYu܊& aFX(UN=|k}4N椏ҫݹ@f3L3H=qCVB–*Kx6kMzi r(P|6rYY+_ =0fP-]߾SID%D@I[ QlP!sV9rb?*A^AzFjsWtXb'\5i= * `RM pݔ˯Pc*i(z[PʨЖT!j,Ԏ8ŃWAyUẉp@7/;;Jo/tUT:GQl7OT$Iqeбͺ9[J(;l>?8ػ "?>fm38?}#tVL-iMc%;i%mfg NKɌAVVUuE.ǂsg zQ:e'7.b6B#QnPsP~qgl5Ea,~2_HM[* L`;ՂDY8[Z]څZS꿶 4 /;;ӑHqC(.t-*/Kir>S"9郐R-##iTk >YzB)t'ZeP z_ȢAyN S-ܓeVOMiۑ]Q δgFeeN7N Yz;Ú/l,S1E([ q֒y$FZ%@Z. V?\`g1Ң]~!O 4i~9$+0 W /sѣ=nTdiViե.%6Vŷ9AY\)b|ɤLJL~ʈ:u9+L)tpaY7g\+{ɢ3[]MyqZO>0K~(Tަ!f9qDM3nȀWp r7⌊=i>NP{EPwU=bo~7k.C.āL..ziimˆ!Ú):^rl{i. vԤDk(͕^2Pg'\r-]qh]"GFd,,`/;IBjbΙ/ꤠ}pY $ܰ&Ɵ/V(ϯ ӼNB?3B.m-P]5"AuCy&j@ QeGqAPq$Z;h=8|;Q~_,h5ͯ@H ?a͒X.kC8bzONweJ\#%2w$yULl4gt|LR>Gf X'VoN'bҩ14Ԧ_bO뜻B"Jv{/tG8rZõ g4B{Ļ5}m'e=)GNju%cIV~YY:SqуHz=!܊IHU՝2;tEYYrCW;r3E:SGѐalzPJRd-tr& }HHjC# [3m ܘY$/8iW`RL@q8s-/`*W:!xeڟ]iV3{4Q0S~DwGʳ<2J1~#+B`L >py:iCkic8| 1 7y=E2{cHpvoζdg>RڱYN jv6NE,wZ*Q˥Yie+tfk>d UqWT%Zb1hl p+?4r S*ttG4xФW:ށ8TNlc FEh-{dbJƩ%\(fq`_6 k}^aok\ɗ9m ϴW:\S)GqFG'GA玡$CpDhES>XO3K|]=LfcEmyI4#9Cۆ)O(yPp]}D*+;ͤz鑨rwܟ섇SLl `r`sc>htc\h*$qQ6a2F +K,}wurBAڏvC  S9qm 2d]q{u !*Y"wV yf-82+5^ UG`ܕ?~!k:p(nyߙ1!rNzA=͋yƂK59ceh+[fBJCJ sPҿqqYP.uEϾ@5uYk%pgh4ڃ`Lhq87eԁVA"n֏O q2#\94W"Sz&wfZFx2k)tp'ճőqeaƆ"$ڮi;Y\/HPӸ4d>RfR<7< ɍO{FP|Wr8t!As;(@bvEIKhLjFP:|%r#e^6^6bļ ZqpK Q7w`6$Ĝ  cc 8&L[cKް}-,hT ,1ve)!* Yti2l! tD$54/+aKz. %"~g7/C "6ͣv W*-) !e@&r;򈺲$TkD|dcqV' WJ6O* Du 4s~!c?r. s:XGk-tD Y3Qp2mL% !wyb&}8TE1 cᢡ!"YtxUjkG8G ̠<r OXY /=?_Lkg|ё_+dT֦# 3>C1#d"ua0WۻWRBC?I9 h:9!uk[*ihq{G Dڛiͣ~{[9t8M9#L?EH$ uOn[_,yyk xwyQ^$s6O뾲1s(M}y/ۥRHj PBcO&V+ U/ NZ-Ug}nte0Hw0yѕ7VNǃbYdh-Ua? Xk&~)*emw;%)n{_pz]w& ND8% FYZ37.c@ 30Ժ94Pl4l]W`Spɳ}G[5? 6Pѫhۊ5W7РY)"5m!yKFaƨf}(czBpk(ΠGŠoz]9>7(\ m%H.XEAG,^t=E)z5¼L[U,}'hvahJlڐaĞBǐ`Ҩ-_oܱĨW4¤^1]YKoOG"Rpj41RηbCI0meoGn,tSPfq1ۭ4]aal wKW@]T8ω +ߩQI{`v89qk 2#:;!%i..T۱+18).ɤvKHӭh?RO.p G^ z9k|<[Tj3MMoʆ&.B`۱%^%&gwãI Ƙ{<-5F@ ά.a u"h㊫',UGQbb߉3vu.)oL`2:}ǻkȎd{Җ4/V3nQ̾Z(/-A}Dc7H5د,%<{ȍؠ(\[(ON  MU/-B#\4HKӵ͈-9UPU:NsҒ+7Mrl]b3z^# j! .`ƅ@WF~qQ쬗H,=j^Nn.FJZnMK9 %P,lgOʮX Dcʅũ(-=4rlsS'ԫ874:" ^`GtUۮSL caSu:BPV\,=KNx` _GŐq.irJ8z׳D7Li!m⦉8-i/؞4۔̃v =pis_tBdKeQm>]g`x{aDx%:r  -ϤXE+S>fV.(An$$&ox-os62F)-g:9JeNp8qE<#d U uf11Xh,l#PRV+CuѾC-eXFF_)]KOk[~BRA 垔om?}t*XE ]CR ̊PU..Qærn>jf]ly(`ٌ+ҲXla%@HTSj/g,fH*T)ɡrŠZt4%qtͨw60j3=zDvZCvz&Wok\lE;k3蛚P{d\d_ $74N4t3]֛Z(T%ȳW0:{4Z qUZtxص@KW$sꇍTU+N%.j[Bh"w36zCrOɥMgtPvmszz-Z徭6!-%\b;^wӀ7{﫛aV c'\OeU(--Á{P]7(KbBVTDTkW<.U l@" LE[.{٧i%ҚP{! &1$/}wIo+-^fA1XkŝQȞDl!^%svxdY/UӦ"mZk SSG+JXY/ض:fʉޠg&{D3O_hsPѽggYf&{҆*k(1S ߐ1 A" VyB*qqy !ZsG30a/` 4N\G|B~43Uo/ŽWo3@wtvg_~(@]j;G tF?xVL=txp=86A>+uZ{ුf=j;tf#[m $zL1wW_Q')P d:IJZX1)]IҺrk/óGX q*,8Õ7n># MuQxYч`Jqj /Au{G @ $Po,$[L %;m<5b(D%׋iOnq_I*D+327>>\a6|F F,k )i#R$.Ûךey`` ;GT?T؞GN3q):0Kz@Rf@wu #%ԇw(>ݵwX_c^K?R R37m=0F;܊߾+,RErI3~!y`1Lr-֢XٴH=Q$SKlm[3:_súV8.WnӜuc ,8+T؜)̌Qٳ? ݘ O9A$h_=0Y"}'37y˜:Umv[Wj oj< dKt4<ꭋ]k'A6e2xWcs`AFg .՚S@yj 7d0I;K %߇ˌG]Xf=Y2vbNU 9B9%F+HkuTiy!PoXJJ5тX]aȮbWs\->UpdCbINx0v]zxy}T؄e^ls5[}xmeCXbJ|mAJPqBDfMF ;չh@D !5dtQju<+:◱]yK5{O ?8ߢUUHy/1-c a\2lHM qY9Sf7G$~gHr :<:Цzl&uRA m%M.[h1&v Zyؚ#$ni#&ǣ@3Cg_aa0 F.bR~MN+D/FizΣ9mIhk@ d*AV #N_a R])w}Lm7ǖz ^rN{0R M޹ꡜ\T's$p d9> Q~6c {@:33뜜j3RR,b*e$zb}T1n%}v-5?R fft@_b?Kܡ!sҩc;? (ʬC2 ]>F 3I" QtѥY?w)4vK^P?,2p+vc|-ݾ$YPВtPT)jUYv"&v9V.cqoRٿ`!}dgJ!bx`9<BeA HE$DΉ!m>mZD/y@]P/d]XB$ËG)1bEs# =s<;[ߛqMIW`|Č(SL 3ٺYۂ՗045YY6M;K_6Q ϫ,H6%mٶn.BB,jE peᎧ(Iֻ 8tfXͶ/ `%Q',)+~Aޏ54XLσZ!=x[+?Ѵ~X!B$$WݚWE/hNs^ĽAcA*L٪X8%juS(3Wռ}(Kh߹Acű=|t&2+q1hE:Z1MlqUmчi dl9TӾG8;eW3rhw~XcN8D@,֨8ݗG)/bm1t3awD< #t,d:@֋"Ou.c໅֘UZ{PN< [,OܟPv{{s/T5OZqi#4D.\!bJ; rlUp -l0=S~%Ҥ}h9ehP hJ1;rs6 ӕU]iik%/I GCϸJ{]0Yr{h%s+joW6wA+j0Bd jVODx+i"#%2i;]j=LVo'QtimkCÃYapL/6}Y0եw\մs<2 oVnE%xg=~g/ŬG u9s!/WКŀ>ށR(\Xs)fu!V>oKA߹Ʉ<_hލn7矣7jʵ6K)sOƳ$U,,׳5UGޤ5 zr:#-?@zS:"B%[ [z[$Un3)tSb2yu-^Tw$RӅѼ$#°Z/0("")s3m.=ZSeQ~]mF qP؂UfvJ'7~?fU[#[ÀH: ;!w|ޥp^hpv9RdUZ/ VQh 2,^@W>&b$|Eכ>KVΖLS% WQAhZO!0fhdVmֶ'\hDOuqND'Z+UďЛ›Xe/O jȀgd ١ {\_!m} +`!t}[dYC96Js8@ ,SڛKXUX՘BݚDOb\`E_Dd)bH@38f!_IV;wTleSbPa;STj; ,i/{:@Y(NSiE K8u|m6IJby@J0?dm$&c 0(9+*1_TmMlmyWtc콠k=up5YC"TɺF#Ik8a+U3!܍fED-뇉&']seԀ"r\ׇggE;؞ oAY)YD dۮBGS:dP=Kgwa,kU'Z2͍l$>dRxF4-;ٔD| pӐq6?+Z;atZ0I U.Z8IM&.W-;ȼ\,r${jo9h,R@NuB]eT?@V^ .f ֞:*3U:F0uǠ*Akrˉ}?[ MJEqy'Hi$7a΄z24@q2Z.mBN$ͳjR8s1mIWJ׏2e4m^YoT?(^c+17"ـ9%{mZ|KX8z6Tp *t 'IIIwD`!FSOo!/JSSK2k."32~CH(ܪ`Bڐ(F+#㉰/5t蛑;rHy< 2,G9bT5XT:?m8K[.؄>qOړ)*097xب 16~!Tbx8YkkC%!M"s$ԯ4hm=F$GY4Lgˀ"{.&S]Y I#;]0޾RiDrUPʯ{&+gp39VST.c)&D^E˷uXc`^&5\**ўfQ ]F}W`9L'ɈA[\aDkww`.4Քr9&(ZQMÑH-|XT EN,uE$?6oq["|af3q0/ ! o 8/ywe-|%YY+$)H;uqcOA3UjjꤗF*xbܝCp=lҮzJN:yma1Ktfٗ >_Fs2u)eyO\dш3<)(*Ӂpkvg1k;]pQMnig(ԛt;"PH੉22I,!c_!C?V!dcr6&YpE[.j/t~쫤Y6LB|M!=K![p\^yiAlwAo$'3/S ;_m(MN ׮uMD**3`"X6fc ^-[IxK JnLˬn bXH(=.'J#'LY$ȿ$|p2.b]m@T+RbrQ޺-?#ZR=g%86ɏ}Əo.uPBŏPd|d.[ <`1Rkr3ejOv1&0{5]pdDy h c$cQLpB@as"d" 4wM% /3uXO"HIzB稁?bB<4 I5Ւbej"œvy@)U׏ Y1vۈnt^:%}j%evS.Ͽ5KrYeris^閴]ʄ!3WzFyi2ѴӎcU9RSvmA}:@e>9z/$r&&5M|ƅ xjօtZ+J!(JK#XL$[oe+("6C"XGCR3-Ds\ !y=Tԭɧ-0̀_W9ARo˫͏&8|yH"nh٩0W0 \Bh34(M4EⰧ`(&%o- u(Q^./wx| ,61b,Z#Pi]&k4ުK6\@OzP` "aǦh }:o؆lݻ:TLxA,Ek$ VFyLSN(u|5zpS46Jl[_[YYOMFrS+t(vv( @moʄ/.pAӎ 7("˳q6 3N|:ŧ J EV:%y$y/ɿlϷU \-t F-IR7sY߅KTzn.v2YK4߷˧sS|8Ǜ4t-fVuS Ċ)7P>F'6_EԵox*#!&rgnm[N ϓr;P\B,-(-LM1\!y@_5 6q%ӰNX25໴wMx&F-Ց0`K2X⦱!s>D-'#@#fX+nxq|l%x lNԵ s1$A`+]8RwpdN/aFl|I>7%c]cjGdyC;'pԄ35UJpa-6t/mz!MMとӺJdT[x-A@ )i[j.zngIf yC%o}JzwFP@"Oa OD&>sTk*[y9k%uto[2ܹޔsN(_Vy iNuԠ=#?5b-VZp_M oP̃G9o/{kJ>X4SNܯf:$c[砏(ԙn$7yaWhv[y gAāP=5ڕ/,3e wYȓR¦r?DM_4k5\3LnEо~,YFwuoX!y1SR [*D:̃ʺjdnEiJ!эi9aPe#V^$>uaWO({Y &MP,s"@hܢ-z~B+pݳ[|AR7RwB@Ɔk`Nj)laK]G~nTcgeSb@V9*h!&~Z $oKkn ۸y C\sNtK#xf8 \t&t NH!ƍJ~ TȰ0L5[nvwOF-O O^чnJbDy#4іo}?yxwi907u=$4=fL8ʊ#Us"b,M/;0 _ ; Y_N`>QDtxQ\޷ U[RBIתUgϜK)Dr(C"'<0Inזli29?#ϣ8<6DžNw$Ȝ>as rcLvt;>F>+5hP:Q̋Յ=A!Rm B4xEǽlf-Fm)٢i]V,hf,l!?39)dW{1un[G0A҈;^Vڭ&MV>j w>Zz6șwS:ͩ@q^Ce%dBf[tn[58M?{|XW+c ab\{8LO>WJOMҏΦ`vu! n6d_PlJ %JTպMǧ Rw% KCG$,K}(<6aS{+y0HS{6+\#:+Pg =BS] `X;ʙQT|pő-Yq 0F=چ- Lɒ!wFEr$ڭ;*RBapq}xJ!0Bu0p.3-Ͻ:t5 !k囤XP!.1'v=$dˬv-%d^]( ncRqQl՘.zR D B`"xa50IIh3 BPJEbs䩦kuct C M5vQ%q+Żr=virS 64`v>hsVw[Td-)8+_YҧI02tJ(-~lc#9rEKǞ}twӕm:6 :F.jIУp%lWiw.11츰FZrˬz=Ou<W3lu_D0djsAt6qzIμ)e!zcP$HYcVL֮Ԫ@nntwVbޤsk97r!889Y갏VdOvOx"8H`'U/AY,Ҕ{G/;_za(ɷâTY'},#Fي1מD9*;e^v\ dF~v 8\?}B?Qv.[svxPxfc0\x/O> xN -fE /cTV:/Q hEa 8@UhRƔ=1n?wX1Gd8@2Khjgq 0zvU; S/V˔dloJz?NsBslp3; tuI AYo:{s2.~-UF]Twm e[:*`m q-g:o:{WQЂPA}y+Z%} r#iWp[5+bV kCY2T$P}/U!/q9s.U؎c$qجz+3,a22Wf(E,!PV3 A / F=aF*"ې %(7iu#WuhE]x?-QeT> ^$_ѻZl/ EW0D?D:$vgh:{$3k>Ut=S[2pg@tyU;Gss@ZOm|RT==hjgހc/G/-u&`vBnl4%e[s7I'*/JMMG+Y9&ՔzE܊ia6:/_ ={qQ 8V9a:riJl9%.td*QRs%?9*ӕC'S%ts~Fe,..Jz%WŘ5xoQhG"$w2ʓu* [}e,8޺{N禫X.fa1׹Qa`=. A| 2a4ZP b]=w#/+=(J!:(rmelI+6Dd1j'I.̥8L]\s .रWz0Zg=0X|.a흭BZ!#pg<~ID cLQs<05dyL}ˏ` }7Ϡчgzx %0T $VgR 0 ${D8Q9f vV ?ϞK4uYXx+!'}vS|Q n zO'Ipy*bfސ$3'4FRf/oHd2E43u%0?b7Spw8 Sm,USw%qzb|X9tq2[ bNSRƘҝwgMHj;=K'9f`a8Qd)Qfl5W 4]ؘe"ϙ\|ǣ%,JϚ]iȘ:'+͑O!ٜ3_Dr &@aП 1rdڼ۪I '(xTL">lL %q3[؁'D1Tlm 3y^jQL|{@o[V(vݝX4ub2'"P_RGf=o6V V34HETPy%9NZk +qB;GJv&RFW価:aŶj&TJ64TSk򉯫4yI-*G /+jN,"$AqLafYV,{Ji' z(> ?H"ݠg !<ّh_| '9ڿZ [濌P r'|O痐JVHL9i}붏f\@RҾ^gkQ36?ߝHAXYwC-HSO,{ԯB]/m/|ۗB04`|JZO9-C6(@ܣbzruC^ \=Uvm1qk>&Z mЛ!2u9ano8 Z~+!zܮXeKEJsŻ2 ;)ǠRæ)=e+lfܳ[.1I(;ƽGJ1+O}t&~;m A[`(BFmC^lst՘w}M^d6^;Y 7F w6[ã vnbNH]0 MlmVD5ZC ǰ篵l#?riwA wD jIcMq|9J$(( a{HNЌسƘ g%?ɔт!QSq_h(Y6 a[ 7˜zK+>7TQ7/`\ wMuh7Ms7շd \^'Wl> #+}vi#4"=,z="2N[|c,uRO.j: j_R\ov&`X<wko|K<:kq`;vUDYwd057*$ŮBRT5wNEr0{K:N[eHι};˾=_2hCyUZ, :hrbd0{6`:!+vD= $1.'Fe;e os6qɻbZTB}`KAAαl'\,c.us=߷`ha'>w.ez;<5˅iD!>4 f7w_L2XbGBa&(gpcpIlb u7+_K~ +gT^NMp*wC(}b"*kX4}dFS) 9Ue,G8/ ¡#U,my =2~l!͍Dr}!Au  ~s5/l !'+;PhWGz*PDfg)ɩ+"MSVL THU8rhП+Nke(Ed ˬΌ mn8Zva>|Y3**R6.j-bvmŠ0oygd}Jw~^o$|S}!v}Fj~߳vKz1Bi@Di|za|FDžht_錼W;cIP6@D/TCDz$*.͸d Z3xǻ0HoR Q]Zn0bpj;BXO5崀|"к0:Қ 6ωŽKZ/c]H0fTͱ+Khvlw6WU ][3I3w[ TfX}Y{uW\=`1ޞ?Xply"$`Iʣ pAxpwc|"/7+11H{s4a끭&DҘMmdz&]G}…=ψR%<κݓu_J=m̴G߱ o%P8*i*vQ Z8E)qXF X6c &:4fZΫ(+{xjLQ*dKpTZ!Bo5{Wv#SFe(ZBϖ3& He^'i,qS ! Wzk=JT JL:j%u꓿e%۶/ 7qƊ&9Ga͈,USֲKDY {hI cxo3Pk.{|D4%R0j2s 3:uQ;1{\<];=-pZ$4_׹m{m:{s!{;av'a-h(C9M[Ԡ/@"hv;@:'iLDHaȒ޷y}o f:tLZG4['VYVu VяbHep} $T J6~pTt"> P4aLo#¼ OU9蜆Ei]dp=t(]tQ@pDfo<Ǣ\L/OaW~)_\whX(pi2_#)4Ɉ*DJ]_JH?LXrOv4!<=((9u6Y>!Ll~UbNj8 OՎZebEڴ wDI#)5tĕNa5ع դTPćS: IľCkߎkUG$D*g B$H|Y?N#KJ%exUFA@u|E㶎E14Ma͌l\_>35~._--531|u֔)d$Z哳n}(":|Қhf7؜^ 6Pz׵*xM@ZKn_f] 0xřqXZk"rrFf6|t@ $UI7 f  3-#Y:G@=D)4<ji'Ɔ 謴1KXqFPa=~{fNi=RW_]±„R+k 4Du y!ENgX1XOBN)2Cv( gGz$jg)1E DH1@rش#{3ْ]SgvNGO?;%t+Bp TYPj v$ We &> OrE?՟j蠛-Cu9d!p}N+AgH>?=t}CQVBZ6 yItI#B  BIgo>=*S أR^ÏxenSuϢVEh P[j>7R/C>.抅0JrFw|D:çp<-nU6{ږV6|>t_ײMZ1p*`&|:#4xXOInǂXd HkՔZ1MD|/ 33m# ~Ŭ!5s8ã7DW-ܙCEU{NPpDl|NֱMxbgB6*wZK, r &*x|Ȳ/+yiDrL.Hj<-#c_ G{2ltũl?4'=Њwtj Kkj-9tvTg0h&DbS]E8e.Ӵ5}%ل/IݞXizo:x0&YşbD)[,[oCX_ag&LS<3o7FiV_gL2wx$T0,<N PW{:۩W@jB 0MY:Lhj駖B1ne`/<(FariiGo J$ZϤpсDNDxzġL5y2 {Wԑa߰EGyHj<[uʨ׀A{zf81~7䍃|]aYs[z`HTFhYqQU>:09-űxO!S CPԜu/b(?bӫaDW^!\ϱp&^F;Tr}a(+I^'^ Ć!+VJrvpJoO !nOhx!^Oyt/6AIa|o r1+%]޽j{=cl}>dL"*\`x%tOݤubpQVy^D|Bg֐{C>$4<dRwҨrGmLmyבW |WG2?gLvP83YA}+[ !fL_[9,\3^3etBrzC,_1mUX6&JQcUfb˸!G)u71 [_P-&NCɝhu yOlӠ!e+9/tvV J\_1]kClAYPL (L{nbz/\?ŤZoe| YS6=DD- P`4euGDqͣ 6 ?xf;OID J fei*y`#z#;b@J%53C :9:)QЪhcg2]U:2d:P= !V󬄔$BtvbܾDt^y6{J3ABi"uhD5k'dgїKpmQi%6`in1/[]v]솫iWf&38w3ZJ o7~cq+; X)Eh8Qlcs\tm ҙKsOK^nN~FsG$ 8B0Sv}Ovy%x,IhZ (]ܽffNVl&J P*ԣ(6c? 뛺V3(z+I%c$&gy I>P?ҭ;DŽm9s Kwi\t!+o=3a)ܰ\.2*{t*z(}E\6,N; #IRO%@,cלT$]>aԯ~ҽC@v9E6 QIP9͝BZ@Ӏ*aXߠH/~>A%ȅH\rYmr (x疳=:X"- >ӾlVIxY* eU62JyO#0LIlE#69mӼ_G!埩*w΍.ߌՆ/˄;W1AmVTN1i'|}WOStE+~K]-O̫kxV=(X#]%'; Pn\-]AAzR( 5xs23QpK{ ؆Ά4~/VzV: 5eW{[Evy_6L[o΃oS[pM $#;r2pC5JWqN&XcڕUA.FX=DF8&[۹=SK!B[n_Y=_u)^2"@R3 1aA5 (wtb6oR:4k#k\+]?0>i)N:Wxp▦vP@X>=a<"p8 m",4nbȀwq=ނw&p䡘sdk{@3Fx704A@e9<|@8 ePscYˉ  /–dXDf6r]C^̡Mwp{\fm4I646!7=5 ܤvΰ$U 󮥎EPa6]7+yϙd4P5 d'(_E}s+Auwp9;d»Yp|;',m3tL=JxH0CO? ]QFc 8"-owWwW2 ?=0@ $E<  H+0fN tvܛ;4g8NXh}OW-=6 s5Lz`P4 VG\ZZy~ z t࢟8]h'm,y[r^OBV s(:=D#,B/QKs+ b \R[)[uIsR_BRf}At< v4ݽ1qS",3d 6+Qp˛"vUߦ }q.t"=P^"p 7{2iAfuۇ;0Aװtyn RJF0դ(ئ-,9%;q#@DgKs }DU=D;|$(&y\*y MF2wctNȪp7>gڡ`B9|W ʹ.kH@;5OҨTf*!hDxK+8z9zKc(bi|.::4.R|VlnBɪt6w *1DM BZ J"2'ŸZC, SHwlׯneceiG:C )G]6~d.$(]KZHb5F?2"eҢrXP-<<ƁJ}1x`ܭ[ywKp-A{k^ ~'΢Vr-smYvyF2Yb!EqG#Ba-_?\ A{w CH̳/''Qs)ݟcxq萘ۏC: f'] 2QyKGZ_tJvb*A2ލG1qFa v Uk ʊjej65/( *ԫ)],5%gEQKWoufp{4|(D>N9g(Mc,XX B +zjޕGF*X?`؅Y+;SU-Vђ$d6>ܹ'e|`h\#$Bvp!R oNXR]ܺ|l)[g2V JYJߖ'FHqI&ZbΚrz] ?  <ۣ#-ER-JVcp3>՝ΐ;$h9%/.iErZ3{ܼgbNW='XV' 9 oɳTZH CE^g wa4ɿHV+y3ol U- [ns0bF%u7DxX0SQ>."Ue>>KX7 X3meIޒ:(|C"8a]pp!vi[Y6jYfkAȺ9 a`rVWCe+mab孌uvBf9c p-nz?_AkX%ߴsR&i>+|Ԓ lk?ޗ "B6hirEI8WTU%}7H0cd:wJ.9$$I/ϺRtFe(!Cy#y㨛8cfo+V*淴U}m1 >U!0&L_e>w4LNt,g_8 "p!&ryJb ?'`n;|!WbR9! HRI, جO7Ő؛ICٱ_~R "^*s~/.&bW_}m׎ ߉'~lMU8L~ËҘ8aN<.G ^Eg*vmgb$1d`oAK~U^膺u EWYU %E{xߧlBMa*lAW6/KQ_uEaug eL+Xf.9\Sva v&̀-nP=\++Lš/7êzܷQ3YRJOHǼMOͪs@">Rt~8#IijP5|2j9*<Uq_ҧyl\Io197吠;Rfvh~r~ZWѰ"Lҵifidtv2ŻP1* oE戮&Lߑi{S;j܉}Bp"m-Diz}P)Anp,xL$ nBe5(7 ОHbNg{ar蜐RXoR7JDk=$;Rtsp~.ާN1c]o#z'V\.N"2ȮIsH%;N#1&B@_|lFIiG{~SH"Z7~F88=VCzMv/rd,.ZմGaP%e_`WA0geF S&'>]w!d$ 7\:ZCd. S.ovp=-bM xO`yՐ% -A=[WhM%H 04}bw d.5!-/4A"SB,yXG8~@_/O jn[ ٍSII @ ?;u*d'!fJ/yXucrE:LfRօN.;(!Nͥ9?"8W:X@wXkW>I^787_FN VԸ=(,6|ekxA4hQ:]pz j=*Lb$iDRadh Z7qt!h\2^íK.JZyZPRa2,9c=&"*2+*ҵ vH(VBdTwZqaGe}usBTo to3X:ng Rxf]}#|) 4:4SAe/jJ5`4%]Σ_o;4HR՟,}#*ml Z&&L1i8@wV'L%7Z݊Ьɽc"b!}Z.fG3u6]waxEp=CQ3b!H8ho1Ή T,LqAv,v+Vy2$iM~/zuFK-3£)I!~o+@={ i:ѥz59m''l[ߦZNJcA0tj;dyCvgRN]c;l5.jSKlΐa>u&.}#:.c<*ઈ9U6jQj Kq~R q|gҶyubʾlo<1`:EhI.!YjPhW nu:SA+՗ʕ޿љ}nHɱjv<ΗAk+Vj%, *iky W$1xcIOaddشj#:ܰ*`>_ ![fIph~Kb$7o"99YR@uCP!c{ZrHs3 qa!F̃y fKuM#Uv >Ͷ<G~l~;Syv _!̦l$#8!`#R/f:qՀ[jCH5 Y09T'DFw][NV8;g̳s`!c\4,֫\әByL--%:Ov8=}74%<]mr5+e'nzᰍ+Gtkm'~ (lg:BO7\h!!۳/!F'$\RaVPRڰnwa0ơ]İeӗc/{?_TiAodqTo˯|uu[F  \L``K{9 -AkOЬRn@G J(.Zkx٠CVɦ)[ޚ$r|ݗ*`cI+_n]uPbNޙ 6,2L(c==pE-xE(lhyt8Vb<7x(N€ }wD=Òà/wb,lg*[>]{+, ,eꍱ156 (nG >bJCCU^w !5tq[~&9fp= `at0\r>||_w@7QS\ q[.jV$ E[HԦj@/{:T!qk_($2B),`з.qDsZx+gU.ٛi]7NDmPg7K)KӴ>* > >iʫG5pE%Ku%mzKl-9Θ;~-^8hY̤V>Ù+D;dݟ}) ZP UlX|Upp)%٣ *x@"b烍 f*Ylp'P ӯ>Է\8n3|Ŋ8'ysmr)* j+-SMApT-rE̒_uVd؉kTR!Y[9+v}Xhpl yj+.Ik^cS/0P\gXvQKB5|%XѷCMsrL٦GX ,22H*xIq'c?&C`Q Tk4RW.Po5c,wY B qr.h,uEW͊~AJB+&S4k9{Ͳ*!N[(j[zgo=[ [qNxnm.4TrJ]åGdE-UF:(poDf[L j&Sֿg83a3jq5~XAH /x<JM#hڬZYJńj_7h}_ JLӽ&f\8Hw-T^uYQjo'ބPy|B窛Z>hR9[jf\ ]TYGu%ƚMbzPgSj^_7s=U@\{5-Y/HCa= G @=n5߆j "Db}!})agf*;mB+XW ]|xzN 59vm` A0+Z o9NqcA7H (}h_i$I  :7UkexJ{1 kV^GT`HV?0ys VxnA#n'MqPv1:r?"9/*}N:^%U~ezMǃä/{\«+2.e<8qU{ a}>+cJ\ εB Ֆv*R5/5.4n$U0P!\=o|qxFLV TԃfR,hw7ࠠ[]9:ud;b̷q 9B 2ʸ٫F3n6bDnj?B7)4e!mg/ƛH u#ϫ_Ã3˱'+mpVN%I-?j4먣^āRڱMm`,ˋyr?o 䏪i4(*AZNe]CZ_5+KT*T8kS TPl`:BGt'rUmgoo Y*)IZ,wX1kM>)j=n?Y ?9&H1FND1Uĝǎ, "mȤla#ѷf2tp4?FmN%`:jD/e 3NDSc@m-}YJ,!|x6CI:m%b2B!c>[Vx{} Gix d]|橤 uRZq1<~ٍS|c2ׯV3Z2LN۷6؏?i?B="*&2 f-xq8^detn):i]7VdC]Jv L^Iޒ~L$ҨAݗT !"L'C'JсQ`o+`g Eف2 ě9St)a^npIol7Vx J5jeTFIHƵT}نv䉡8%8慮rNAlKT,@;Ÿ"eg-v)\'ƟEoVS#Eu'а#J1ЗX_,JZ)wF6o&^r谴 ^ko1*~s! ڜJ,2g^a ч=tMw}=$`~ŵ-d0J?7Fa$\^†($-~{'|{.0S3oH輾! B %J)%`i<ԣ3~mNJ Ʌ )V!@ׇ9Mj-3*d i9#2U(WGa/ۃٖ@bIk1{G;390r.cY;<5>n3}|v {moG̷s,?M<?25*"rJ3Sφ6v*`>m.N5A+ppGMbo ђ3+~ĉ8o`yxƐb* {>[fL+9zTKBYܐ}ut'䑔J3ge6JLWtF_&mUU~!qke?zI=' y-j#ETD_bJvEUMgAQR?6 FIhzl5_ 9՚JE` 3=“^7IMW`pwӖnzjY71vAC/Ō g^xn7ylt>=P2S6TjٕO?̄P?+74$c34qf7P :q3"6Wj/ۣm 'Sad@!J]Ru(DN@1t|ٷ^6nIA8]~,0cwŝaȷĢ2z%1 M&+]2"ģ K7dɓI^jtVc? |_ &n a 5Ol/AЫl9˙>n?el|7"QM"`BrBC@z7dS5WT02!KӺ19jHg0qk 7 ާyU6dYŧxq i \[8?v;O,1}|>?$k~#g֎BD!D牅o ϳKUɰd8HQ*1M5Df_' \,GB'b*6QpW6Y\$,o_n4(_MhmVA'ѮaHt9Ў+B:(an+7'{"E oTG~|PW\}Idu@Cͧ}Bh&-%g+ V󉝉dYe4\ɘVr"/= >yEf Zs^WaK>a탱.Gs;˾坭)wh59)~P@ Eb}m%\ q(3;Hʫi_,[Z[ .BP ARD= WM0o5i2]V 9x)D:1Inz!@?$ V#$ 'q#ŀ5@@v_[y$P )`s fzhfnߓh،2z(QkLEݗm(ͻU[؍,5Ňme^b`wV7ְ>`XAed ٺ6u3׉"(le3TY ބWW4>L\M݌/lsTAhk.=A|\$TU%DV?ٞ? S',非.of%NVU+#C40\_(g#n̖jP$kfchrC.TlدfDVG#Q;ˎu 1 t۠6 (Q6UN4etZUt;?|ܴ#RTE+-3КcCZo}8Yum&k:`eȝn5qԲ$ <}5ѿObqWPM G|_kx"/?=8n(6˛6Y Ҟi@="cˇA!o`M'V,TA|T㭜g $ Q۰- ܜ*Pg<1FōNz@w0t#|sBEMUbPܙwT4Tsn lf0MVkU!ˢZw/ƽҴ$͠a= KF"܆a:4X]yVa%b{.=  ΃7u9xj|lmPy),C#wv ADoȷ7Z\Xt{>\w(%Z|^SrEjRW\v oQ,Iu `aE(i90T $Za]ôi6[Ձնip+vl1C3)J=.6k„eBCi Ji8uߧN&GW+-^4B4pʯ팇YXFAI4}{_fT!luk6UK=KAe>QEǞJfA`)[P"8~39̱L;b ӕgpՃa>Ktu]N.&ġ>Xi h?7Sy&<1Ƅ(hRoDAbI΁؛sNi*˽ x$76sEE*7u ,0k (?!ndYHwG啽*|lN-؊Vlbb mZ+kwN^B/g!l&2 [u94r- cYvO:yQ6̕ŚV AتG*f/Ya`#:8:a|_`C?(QM1}KҼ̈@-ۗZ~֞d*֛~(zOTUo0jT2wZ1x>fھ&"n+MۙĜ>X}j _lO0ߠ&QsJ}qCpb,/Ǒ6kz{ݿ?gQ8; +m<>esHZ{4D#PVga9QX@W)Q*+Ἧ]0炆~?PTǐSQa VdW0\\J{kfҮu?(>{of'ON&O>tv}'^>gڕ ("2e-F:aa #ggT mu@4r;X_xZX)gu٥c?aeKSܣX)\9'WljCŀ耟|+ ].Pdt{hGibߡ>|0ʑF'G6YE |nbd%/pf1ɎjꁑENsr |~UҬ)&=G !72RjHzEmJr>ʅs8&L%;$P-T(Vd1纳.R>zBLqW93a`Ƒ {ݖz䆴]1fEf89w n5"$H{εMcNEZΓڇ4r;"c_U5PDN4ʈ唃V=*مGV 3U͏d#V^7Bn=mѦnitLﲹwPDFGtOx{TbȄV@22P冷0" u`Zٻ{aVa+inM O3K$}rԋyXIXOˊO^ ćzZ>7_Ie)-赅_Ih0s`'wkvzہT@'yKΒk lOԩhH8* g-w@f=,M"H 7`שRfv>^X) Sˁ@H  ):nZPQc7KۓrP,=jp]H 9jT~6tHuY%m${{y$)IJYnG1t]RN#ta".RmFҏ ?;80vغ\BӲfM.*Il[Dkɟ%}p@3_^(~xϢfr)RQc{P@t.rcsi'U17]-g @'9&[}-M'-ě8n-Zr`.Z- {A/9)kҍQj 8`psOyj遀pD|R-G:Ľ5Z@P>PRXD/k=q}%6+_l\{&\K"T ӭgZk7wʭXrk|H] Weģ.y&WD?1a&aJp帰m$] ӥ.HR/8W:;S$|3}- Ee!yL, 7еuYAKP^q羁{{t튥LؔB(Xi~׎+G޹WA7ʽ3AWnoaI[ߺíGͤM93G2C[} &/|p#w5zلR&8>+}.҉դ?=89%k\~O=~ $+ v"/٫3#UZ6>^mg82U W_"qjSțXv9%&.eĿWsѬA$xt EمR+:8`U,VA/7-|7gxt5twtC=`Uwq-M'`gxXXn1F.4' ,fc(Ӗs ɳ`>E*klοB fw,Aj7Wa+0C\>noG:ĽdUڝn*[ $y9Pu7<~(h{LCIUl-ed1suʸ5bѹԌ i%}o~3T95LtΒ?&{A1PޟT,t= !M2ӵif]!rL%̾|]ݖ숄>WG{ g%3gn&IZXԸ }!CRe9 fzfT-X;s+]DbK%((,|N47oƨ\Ν߲OQX=72쯫$.LT}(cyTz {V I n0sRHgR ޫ~~x"zE֑laK[*ѣ"Sv~XB]Z[9+uh76 UGir.A>IJ)5dn/3e젼Ar:G[y厼 AoL C]"h.nA=lZȥlRH i:P&ͱG]]Iftwz*|6{aP _HO>siRwm_]RNߛgzđl-n5\kJ6*)DKkQ4I<DTT8 ݎqd#I]<;6@6X-\pDM$A!-G. ;*ku<2?Ab.*S 7aZMŔIa/_:Wb p1f]BoP';[:V3l"4x Jpm~nJg~թ|s3m3wg_O{_?zېC8Gִe۝U?,i5\ %0' \py p9_4Dw1v\X g[t# tެ0W#Vb>yVg>!432eej(ЯbZk{FOo=u.4du*H0G Z[ \l.4D2~IF3n$z!S4Ś},v~}`xݫI~aLiL7mZ^A!Y4Sѣ6wj%DяSqͯzȁ*x*}|3/%wl5VhdS80ۣZ!kiҝv0%F _QC 98m"ߤ+F#+@eqz^G#N:3ugRݴT|Q*i;&ɂ88(-1d?z|X}-;! 9`.`!FtXHQ^\{罏0[P@ן'[tH@;'!;|!Qx'*XK !V+m\Po fƜygldzeTWÁ#9x<%B>t_|"h!PNv \dCuR,Cd(->iֵyz ʐk0&Rw|J!_lX#ogC_tUCg1O?KF6Ղc2es&:@rϊE\H"hC hm *lZeseo&?3;wGlilӨCz\IDrYQEMPX$z@K"%< 11"IRsKZ f7oʀ"i-;f9ߔXb'e1f({[xp6sL6z0z{P%2 lJJIs/Q?;s!~_=pQ`|qRx.)7e0Y8&7Q5rv0;pGnEڑj0lۘ.uSQZ9v>NRR7ar0,8fh?. (kȷTdi]!*P|ֶ^%ǣA|C"Nmʅ&$`rQ1)G}p^%-˥TńWeQƙʙ6JLXgDS;G_$ ܊Zf8ߔe1yR''+iMwv`|S$,(_IŞn:ZQFNNT#D6^_1S?}/UHׇk | xyO=vNm^[p C@ICsN0/\ mҧN"I(OG:itzVs7Os|Ym x"="+CqR%#GnQej\w MT=-˴b3!s}C*F̠joҰB? pLVe)JD.Vʘ 1&' (!|QG9!*b$b&T2aOz;OC&keI31g͸!'2W̎P` #-Uk?WKOH׈WV4$w%i {8h=֘cUh\@$vʷ嬁_b`Q=Bz"eח`Ww(@C]|tk  }iށK.ikFF=9guYt]wOa}V~xJ*TdlGwfFOoc\69K[6(pt6s;NT÷AKNbfN\l\ ^nI+}S%ap;dg*l& 72T/̀vіM :4T7nn&#YLnɴ!zv`mv?>rfeBf9r:-IepN\=BGI)%wٺHRh#V{fOmP\ y؅gP/Aj\,p>u)O8Hk]0IZ"I}+;nC{9{8F`x>o doP~%$&]fh C`0quzP_4՗f_oz$zcSO i,(6kpvs ,+2wp OuuoM:!"T  K45Vy܃ֶP8cśS\ Sƫl{f!E\d321S?FGsYbnBu!Lhm}Gi5AZn!Ujq{qFnA[3YP˩Qq%)=K|Y0pKsp+B7 : 6q5GRD f 7ZL԰ YpeMMH:XvW@N=*1>.`fg߈3&Yp+ ++E 0쁀Q缡9).xKW{(LbsԆFFJ =G8B+ފT>j_n} M!0GI4}NvL]k4pRm[orFfxAcg M\E3?HM)WN݇갺߀#b=P1nLS!RY~cyyCﮮK UK墟٬JS|ݙps$q݉JD􆋟/џ̌:>}{YQ\!=TT9򛱅3q*A;)ktٝ,ObX9#0<IMb=(Tjԥ~2|5@D*3U{畭rz!Wo3$zkC7ArX?9D>т,Rz۷OF|8Aq&{>skoJQ}lߞ]xfLҞbㅄ"y,"XoǛI[=k|$MFNtwx8}~ÈsTXIT810,+a~dfox9!2~+ F'e4^j+niWقK 76=鬥HAx+3[ڐz:Q90=?OxX!1Bĺ- 0;#зM~K[f^2IB5?; atOU{MkTK ,.#CA@t?8ܟe^m"b₪ | eSSQ#qh'AYƣ#s>uD }V%L2c]\҅+~Kö#m5=>n >pW4׆>]C[*{lIX+k,,Y5 8-˼W$C?.qyM̀A3pUD͠H/2j!$7Mt|&g*#*eF3]pĕtۈA ?cGpī9^FTj'eT>m=S.:3UX =s>A I%r t2|߁a]YP4*c-GzQNGdQ]0=1!(-&%`\PӌqFoʞ{Wgd (]o8>`NWeHЍ#zǞ^ WS2 +97g G;% H{|t'6 #kf jBQ?_뫺`'o}.uH8 /mdaP{̮kmJN{ S,cN?ה&KK^Qa+bxqwșh~f+FķQnxpd!ө $ bfpxhN1x"en]$]&iǽl!>8;_&[Yql4O7#KmwKI| ]F`C%&'NV A%C<{_iZ+$] ? B.v軥^V;plZ;_Wm>rOclcrDs r&5UN&LFﱋCO}߬Ӑ%+G>DE&}J%S y_Z{@m'%̿e,!P<#XBWQ8𪞾1N4 /JurGQX$l. Hl#b n6яwp: #=N"fQ!j<8Khȴe YZ