í«îÛpki-symkey-10.5.16-6.el7_7Žèä>ÔH HètìxíˆHïÐˆF^:¿ °´?*}}<×ŸU$Ky‰¾Ñ9L˜ªçJ3{¹ŸRä[Fû¤9]†æÀ`ò0òàìµ3214ad34c99214e2f156665df403545dfe5e4c6ep´ÿ±UiÔÀPúá‚UË§¯ˆF^:¿ °´?*}}°gŸqÂÂ¶¬ Fj©¶s\Ðß§Ÿg_»£¶lÒYœ#KVi¯O'õ˜ >ÿÿÿŽè<àÄ?à´dèé êì í 7î \ï `ñ pò tó …ö –÷ œø ü Êý èþ î ø 4 ù -Fh|¸!<!J!(š8¤û9û:@LûBÜA GÜ¸HÜÌIÜàXÜèYÜøZÝ, [ÝP \Ý˜]Ý¬^ÝæbÞGdÞÞeÞãfÞælÞètßußvß(wà xà4yàH“à°Cpki-symkey10.5.166.el7_7Symmetric Key JNI PackageThe Symmetric Key Java Native Interface (JNI) package supplies various native symmetric key operations to Java programs. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.^:nSsl7.fnal.gov•WScientific LinuxScientific LinuxGPLv2Scientific LinuxSystem Environment/Librarieshttp://pki.fedoraproject.org/linuxx86_64«P@=l¤AííAí¤^:n+^:n^:n^:n+\4>65c7df25cfeaeb4dd03186753fb344c20017de211404a02d4402d261563fdac1fa2171b294b7eb59d4781381cb64809545c856d2a24227bdc8b6f3da2c9aabd94ebdd7856deb0dc436aefe4e011ec7767f08fd4c9617a42488e46c1280f2071erootrootrootrootrootrootrootrootrootrootpki-core-10.5.16-6.el7_7.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿlibsymkey.so()(64bit)pki-symkeypki-symkey(x86-64)symkey@@@@@@@@@@@@@@@@@@@@@@@@ @ java-1.8.0-openjdk-headlessjpackage-utilsjsslibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libm.so.6()(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnss3.so(NSS_3.10.2)(64bit)libnss3.so(NSS_3.12.3)(64bit)libnss3.so(NSS_3.2)(64bit)libnss3.so(NSS_3.4)(64bit)libnss3.so(NSS_3.6)(64bit)libnss3.so(NSS_3.9)(64bit)libnssutil3.so()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)nssrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)rpmlib(PayloadIsXz)0:1.7.5-104.4.6-13.28.33.0.4-14.6.0-14.0-15.2-14.11.3]¤c@]v>À]Z@]u@\¥ñÀ\ˆ@\f©À\T4À\Rã@\À\U@\½À[Öö@[{þÀ[l,À[`O@[UÃ@[>@[d@[Á@[oÀ[@ZËUÀZ´ì@ZŠ¼@ZÀZxG@Zg#ÀZ.s@Zþ@Z ÚÀZñÀYûÀYè“ÀY¿µ@Y·Ì@YšË@YoIÀYl¦ÀYG¼ÀY>‚@Y5GÀY-^ÀY$$@Y"ÒÀY¯@Y#@Xô®@XØþÀXÇÛ@X½O@X*ÀXR…ÀXOâÀX!¾@X&ÀX2@Wû‚ÀWÒ¤@WÎ¯ÀWÄ#ÀW¼:ÀW±®ÀW¨t@W{¡@Wu ÀWgÚÀWV·@WV·@WV·@WV·@WV·@WV·@W 10.5.16-6Dogtag Team 10.5.16-5Dogtag Team 10.5.16-4Dogtag Team 10.5.16-3Dogtag Team 10.5.16-2Dogtag Team 10.5.16-1Dogtag Team 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1754845 - number range depletion when multiple clones created from same master (ftweedal) - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1750277 - CC: missing audit event for CS acting as TLS client [rhel-7.7.z] (cfu) - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1743122 - RHCS-9 CA clone SSL server cert not issued with its custom SAN extension, RHEL-7.6 and HSM [rhel-7.7.z] (edewata) - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1638379 - PKI startup initialization process should not depend on LDAP operational attributes [ftweedal] - ########################################################################## - # RHCS 9.5: - ########################################################################## - Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.5.16 in RHCS 9.5- ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1491453 - Need Method to Include SKI in CA Signing Certificate Request [ftweedal] - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Updated jss dependencies - ########################################################################## - # RHEL 7.7: - ########################################################################## - Bugzilla Bug #1633422 - Rebase pki-core from 10.5.1 to 10.5.16 (RHEL) - ########################################################################## - # RHCS 9.5: - ########################################################################## - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)symkeypki-consolepki-core-debugpki-ocsppki-tkspki-tpsredhat-pkiredhat-pki-console-themeredhat-pki-server-theme€10.5.16-6.el7_710.5.16-6.el7_710.5.16-6.el7_710.5.16-6.el7_710.3.010.2.610.3.010.3.010.3.010.3.010.3.010.3.0symkey.jarsymkeylibsymkey.sopki-symkey-10.5.16LICENSE/usr/lib/java//usr/lib64//usr/lib64/symkey//usr/share/doc//usr/share/doc/pki-symkey-10.5.16/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)directoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=22bb127b65aab1ded78cd42780769f27774128ba, strippedASCII textPR RRRRR RRRRRRRRRRRRRRRR RRR?ÿÿü@ý7zXZ áû¡!ÏXÌá˜Ÿ‹È] Ýcœrv¡À(ñvX0²€A–xHÍm|‚Ø¨Ë¥ë²¶n$•:Ë ùÐíÜ7.sÂÎžYq+Šµä+=¥€¤Ø«G ÑËžÝGØée?Ç©…À›}w‹\®¤T“öë0—J¢ä$Ð•ü¢²ØJ(oEy¤«4ý/ÅèYš6¹ uÊAËÏEþÚ¶_æ6…¿€®»Âaµz4Ea*¡$kLy¾à]lÖ´·fÇØ”î<-•(¥JêÔÏŽ€OàOKB«Ôai™=º¬¡„ÿ:&¨ß‹àÿ¦oøŒO+OlÇ*SV\oð »ÌËäìK©ð¡XsC¤"s¹0SÅoúO;a=ì#‰¶S€8šh¦ÖÚ´‡ˆ¶´ðx$—›ïþEO" ý]¼8Ê¸ ð`vŽOóË3Ýj;Wfëj{ñƒ_4@³¦…µLê¥-!.€ù“!v—æ¿®U™aÐ[}©@§®™Ú8=ªÕ°¤øUaÍIôN+K1öÏ†²ö ÆfÔ±nßßý-Æ3½-G1I=‘‚ÌoÙü>*’‡Ë›ŠÑªO”‘9é¶rDuðëÓIvÃ©\½TWwÚï-–õE/&NMÁ=Ú§(O'XÚÊfG‘ÿæ-<Ý#£‰Žy>´-¾6}‰¿ÞQKÈRñÕÞ›\˜yFe‚U°8Ë‡Â—ÒEßÜâ˜Žá Ü(ç ÖºR¶M\õ*»Înìõöþ,t·ÎgYÉ úüÿt›–ú3X²‚p3„5ü2žÛ¥“éi€„&@ ˜^¬vSÜQöÎ9ôÅ¹"ºG¥8Bø:Ô…Í1×¯½U¤Cp*tó´Hwè§zòR]—%´ÊLÚ;Â¡ù¶2g1½tàÙã«F—(»º Ðôy÷J(zØð‚ÿJëüzÚµdG“"Û,êÑÑÀÓb}¬î d™/@Õtø÷p¼hN Ôn4à ;ûßÅ°M`õ¡“?1ŒKìo.=tiñýŸì.úãZ/’V Maë´ÜÎº+å;"„.riåêï)ƒ®p.rö^:MVÒgòjé™ö†Œôï~j…ì¬,JU®h1ÿÚÃ2RJFÓº8Xî¡ü\ºpÂe„|iù‚ä”Jkƒ·Ò@ˆEbY(;±šjÿþç„št•/}gÜH85ó¤k_5¥¾Û–¸´&hoLë÷CNË «Ðý@ežñ)òIª%fÞSà[ÎÕ<R+ˆÆã!.€s»¨ýO’pì-¥[Q÷m#1òv¿}Òg¾fay»Ð¾Ž™âæq‘ª6ª˜u’'½™IÀ‘±Þv¼œGô\!Á³áàO¿hóe›¡FE;Œæ>'yÿßwàYš¬ÄEuˆìÖMLÑNx¸ÖU‰þe£Ô?ê‚Ä+\Èí¨Ú ˆOJmäUðÐJ‘n]¶ê2_Å†ø'ˆãFþˆÜÊ–¡¶¡frP;U_Ó05ç#ŽáT,«ê ÷¡·Â £Ó"íj&¤N¯:5¤ø/®+`¿ÑL µ-é±6ëõÒtŸ’µÜÈ¥éoÕ™_V(jÖßKí‘í9ß³Bóoú¨l9•Œeduá¦ãAUÇmñ7Î~N¢\80f¾=Ô?“aƒß§ïhù_u6¼u‡¶Wwve•®ßÉ-åzPÍ˜‘Ó“^–½#‘çÙRGþÅ~TšNâmŽÓ<ÁU(ýª·Ô©`I´r¯ÿ³ð©(²$/ jˆ®†‹Že9.Ë]'~¢‰[›$Fj9pâŠŠíÆ›š*\-'§¾Š Æ“„g–‹Í%óË´j=CúP”òº¡–lÄµ—°läØÁB=}‘wCû‹…ìó´zôµG;û›–3ž–Î÷Ü¸\áè€Í÷oðk-õ;‚5Ò]›õ^íåž!ÓÆùWy¡c,– L×ò˜ÂÌ¼œ‹þ›’zÈÊñÞå9¼›[v¸¡œAW‹;@Q„pD]¯|‘;®Ú•Ó8©~ýÔS±§é¬Ÿ²}Zã‘–¾UUNæ=õñ´/&}?#È›ú:9È.Ü¿Ž|‚:½3Ö³* jïiòTWjNY_wrîx^ÿµKóÐ„§±ÂG"Ý¦H)m+iå=ˆísfÍð+B Á)U3’Úiäµ;²|²Ú÷¨ÌÓ~$¤l™S™Ëè†×dbS}Ð…Ž„{‚_f»N\ÿÔÞå0Æ ñ ú3y¨ïn`¨ÛQ^…î>ÌØç'p^V[Ÿ%tÓW.R.Å8‹Ý¨*ê)øøÖÑZœ¼QRãÍ®-8G_š°©çsøísbç¸µ‹úŸ| ^Ê°ŠCtôd7ñ“tíQ¶È¡måwPE'EÁ-ˆ¿û_ÿ~Qîd6@¸->ÀÇô¾}(+xWÖÎä+Í¶ Hx¯ºådûÞ‡¨_RÊS¨µS3|è¹Ê ©¬¸Ë"é$|÷–ì(ö¶e¨VÙËå§âPE½Ö=F¿=X»zXûWÑãcÁÍ¼Ã²oì=ú°!ŸáŽ'ç'€%ýœê§Uä06Šç0¤ u[/&YÅõm¥sêô%Ð™êÞÈS&Ù²g©ÇÙû}}¹IÊèõ²¼âoø/˜¿Ê 0³.±p-ÂY*FaáXzÓ›^Œ<4Y`cÆ’V Us“ÙÑç ÓKR¯®©ºÚˆ±€o0Tr1ŒI!ãö]Ç'”ò1+³™ÅÆà[§²U/`¿86¼äÒ¾*N=}¬u=ƒÂÐX-ì‘)*ÞHDaÝP#]WhïüÜ¾)†¤ÙÓ÷èßZÿ• ¦³áT’…pñ.Ä¥Ùú€Øà±’iÂ@>Î[±b áqñ/ÿŽ ×¢I§xÏm)‘ÔlÝ9@ûŠâ5eúä’¦mçI›¤aQM7}t—"¹O´†MHd¢§ÌsTåùózÿ”Œ|š¸fÞ.ŸÝú°ø€ãç gÎ‹¶zF Wç66€=,Î» »övöµ{ƒjµŠÎzÅ0¯\|{–ºã¯¹=£±A)q#9OÐó;ë}üÊ£¾©·L§QWÕü¢ÉË›Ú¶¹æŠÕUYüpƒLPbñ[Äà Q•©_þú¨''¥†hÂ¤ ×œªd£Ï´ÛoÇ`º±ûgìê{‹.óÏ~ ×mµÄ,žAÐgY²(« 6™&ÊÃtÛ%NíÜ´A'F…Ë¿ ½ ²ôÞ‡¹¹£!}–Ïø:Ú¿eùý;TX.È¼|™Ü™† ÖædA_àò°-“D²WÜ€þ#!ººÓû9>Û!,Í#:ïE½°6jÃ±1´ØZ n¿ÊÉ{€Û0ÅÛz"åÈô9 µ>î]ÂT;~W7F”VVMÔñw“_ ó-Gƒ$ÌÈlñ4Ât†ÈäóÉ k!!Û+c…WLHF¼â¤ xÊ9ªd‹\ÑÝ[|€¹ðÃ½„![$ZãµŽ•b?Üº%Ý d‚ÎÙé¸½Ùt¯|°RnÚÄvžŠ¬ðóþ=&+0‰“]Bg|ýÁ6©úüåÏ’þãióè}žI5CÙú]É«!!ú4=Àý˜è —o£ù¦†@©Ž’-'¯Å‡6Üõª/”‡Ð‡³v6.Õ´™ºàµD+‹f®¯ëW›3O§2v”Nº¯ƒã’.m¸KBDV ã›òÜPÙžšÚÞo©d(Ó®¥µÅñšÐOl»Ü‚VnÇLå)ÙÅkLñ5NþZÞ´5Ò.Öûë;Þ+Úôîìao÷l(©&×5©YZµ™{ÄÃšžšzt6³}/¦ÿ¼ tºâ9@ÐåäqÐWÁLûÇÚ¡ïêîú1êOÐÚŽ6Xƒ‘ÒéhÖ5mm)™5$l8öœÐ¡}Ú¢D}BíÉQ7ÀÒªäþÐý ‰µÉÒYÁ¸'Ne'<]s6P{°ÀÍ¶dåªP÷]<Íá¨ÁUî È ÖAíNå“¹ÌT#VW¥«z½5— =3–·ÂÎÑŸÓüíƒ»O_A~/íÑ‚áCËÞCÚ“ägƒuæÚ£Òùø×ŽÜÄ21ËtÆCU©À}”Ðß© :¥à’¶ƒ-õZ ßåÜD§¤¬wU#wö EMìÉê¤ôŒ .ƒf˜í!IŠ©ç½Ë5Eniß«9kDÂ´—4ñ»b¬L!F?'i8ç‹¬h:@Q*æ?ÇÎ˜å`°t²õCÌúwu&þZßbQ°äYŸ'ëÎ¢è÷Ø;Jàr"Ýì—&\‡˜5qÃ«Òz·òIó.¹¥ì)^¡~z#ê¿¶Nï¦,HOÕH‹WÀZhR)è‹Ü}¤¾Ô¦Î˜ØKyêÎžòì; \ÉÌz'ì·Â»7’Sô#z;:¿ ÙIŽÁHž£bÓ6™záˆrÍ“´¢Óƒ-/þ°¯›N¦:éŸÇýpƒW³Ø"û50•‘‹¯M·ŠwQNDg†õ3jRêœß˜ ÷ê!ÊT62Ê¯â0¹ÊGa@(c¿¯uËÅF<ô¤BÖU~xÍëÿÞåã¶»²é«u- Ð¿…ÿQtÒíÊúKƒé´Š{Þè>{;ŠjŒÒjõxèŸ’ÿŒŽŸ¡`Êè¼/LÙŠv£“àÙ-”±¹Kÿ$ ¨xô>î?»7ž‹ŸÄìµ‘`¬X¦XÛ8"ÝbšúQ„«pÊ[Îª>W“ÂJƒHç¾ê˜C6y>dÿQŸ‹±]zd€›ç6P´‹ÿ(r¸RÃö¡uSôÎ½ËÀR}:o)ï˜ýKéÂ\oO•Š¹šEêí^I]ÿáÏM(Þ¤Æƒ¹‚‰Ü1T³Rðî‹ÝU´ÒàŸÞ-& hñQ‹†áÃ÷ÒCjMZª\ýÂ}[˜Ûã¤I6Ò÷äzÓ’ÿ¶ÄæÉÉó¿®XâPZ`Ëƒ^JókÁ,· ä-ùL¹[#jå&æÆðJFücµgT»$>#ÍôžçÏ¿<xïtš¾Ìø ‚iµ¢\.$_ `*$˜â\¸sÄ4,ð Äç|Ž{|í#T_.i³O·FeŠ\¸p+D›†W¾Cj0j³JÄæ~âRÂÝ:vOÅßã¤ñÎ>i†«>ãn+ûK¿ò 0oQÁêç¤kIÉðà-‡ûæNÅ"g[k„0=FëM"¯ùÖŠÃJ5ÎL×£¹Ô®ßÖgGãñ´ã(o £üÿÓLá(„[Û£Ë°ÃPœTn-÷`YlKžÂ¯{Î´¹‘É›ÿõµ~œÎ´ßàä=Ôïj²¯®69Øi;¹É&ÿN™5µýí»MjÌE£ H" Ák|PgrÐž4úËµí6¦lmh SKÔñeÔ}H<%Ñíðr0¦×‹CåUÃþíl†²ºÇF£Ý[yoEË•ì|]Êy³®ü^ü°È›‚œsV¿1£a5`5fÝ1W¾•äïà‚rŒs²G_åÁ)Ô”»ÔÂ ˆ;c¯;_‰mfÏËBF Îå-'1É´Qx§%¤åyðŠxvÐa»Á™RK×õ6cÇ:¦›íŸKIÓh³ãî»Ù2¸dÚPàWôXÆGx¬ZÕ¸Ë©šÂ+Þ"G†ÔÖÍ(ñê§éR9;¼ˆù2;yý\\&Š•pC£¸`Ò0ŽDù*Ø¡æDu·ËÆ·þ¿HJ· ÝGÔ«ºœ&ˆ•ã›4noå˜ëM}V0&öŽ§¹‡ûüíê™ÂŒý¢&º!jÎpåðIkWÁ®‡L‘XHæ ±g|Œ«œs˜¬4ä+ m}ß•õ¦RW•^ö¸ÓÞ÷4ËËèáû.rðÄ1ÁþÔSkÜšº¾Y†arÇºÍµŒ4¥ÝŠÍá<ˆsqJaðýÊùX;Ó3DÒ¹HÏÏ¬«ù³ôsˆÀ¦'»¤Þ«ÀSÝÁ&Zw‚±ÄÖe`È4”€_Çm§S¯–¡µ$ê` {AF8Õýîõmc-b| â™-BW@Ïä ž7jµe—1CÀºJg_¥ß³êË¤÷†ÍÞ%=¤>£4\3¼„ðRá«™WôÀÓCV[vmµ<¨Ù)œûô©@l_ó’åHò_€ÔÛÄdÙcô9{`¶¿¤’û¸~êr2²~wNHP_˜TuÚæ?A\ÍVÏª˜MÜÆJ_˜CvrBïò•s#œ<¸'ó×°)‹;— T®ÙçQŒ2±“il‹^bÈïùšW•¯re‡ËIþ„•É†e…ýñ˜Ú¹Ê/.â‚LðýÝxgª€ì&‰~yž\bâyJÆö,Õ#vNÉZ~‡…s0k¨ÛQè×þÜÒ1<Óøûð <Ÿ¢3š22 -Nû™p EîCîu ŒoHzÎ'@ÐTÄf?ûôHÇDe¨Ë~!9`¿¿yvMPÜXÄQ¥·Bôf‡YÏñOZ QÀ?:R"‹•;HàÓòAÂjñäó5z¬U3dI™µ±¦—K}=¨ÔàFLÕEï‚ÄÉr”Å»MzDÌ:õ7rhÉ¦Èç¶K„Ä1§öXw2/ºè1fØv¦òÜÈÐòVÊ!îK¸Jgœ®Œ(èiKŸ¿œ Bÿ=N¦açü@éÝÏ£±û¾D’¥½¶VÂVSWÓ®¯âãítfàççÛäP‡¤éD@Lbú¹Ž‰(÷VÂ“Í¨O½Ü‰?ˆ,ËR%¥/Ö9«ÄÀ“´’'›vØ'“´qVÉêÓ¾FüºàR©ó ~É¡·:qÖ×©áï©~9A½ôfâjÜ•à¯ø³Mò@ævJ‡‰ÌBÉuXhi²†ôW~§êÆÐCºä,\áÿ?WõÏÑO"T*-UºÏS€%‹Urö]áA~=Ý¯c–ÏbÏCkB–jCÇÌVtòª¥ùÓf9r£2?œwˆ[ÁÔÎFà¡‹¯%Ä\˜äôoã}×;˜«‰]Ë¥s5ÚzÛÅZÁ2£SL46\*úHØ¥_œúÕq”½èyËD-Ë/ízV×Éæ¿ê.>Âþhûú¨!+~r¹±ò ‰Z\2×u(:6ê‚NŽs Ù×R‡)eHE2:cÆP„Ñ€X¨ÄõmO¸àÌÅ¼Q÷é`~ónä9~ä†:³ÿ.;wyˆÉ"yœx3-a†jÃwéÖ#ù£gÅÖõç+þBä”gêÚ'Æ»÷³[óh=‚¤’½†ëÂ!BCY¨ª/_~lñ•Øv ’”äåÒŒ,|-zÕ·ªÄ‡Ó’ò4žŸg“õD|Â!{Œ]‘‰* àc¸<˜Ò±3æ;YämžLÔ €“5î> EØzÄ{Ý[„Ê5+4§çÿåu8 ¦™Œ¥U…84SÝ´Yò?0Þ5ø1¦@Ce;-Ã…’^¥6Î²)ªé¸¢ÉÎGÓ´ÈÑoz`ÓOŒùßù¥8¯«Okô¡»…ÁV+Ð *\_oã<.o1ï©¡^B4n S×Úá ‘3¯¿‘ñ8Å5û}q³ÞÃZæë!õÔ¦ S„,òÿK]Ð·Ñä1Òˆ”›WUèBf1ýêòÛŽô²÷Ê†8§ˆ™óÐ’íŠ$f¥j£Ú/_z‡‘’D5Ó“úƒÄÀ™ÌAË„r‘ù:ugðå»LPn§RÉ;ð j`þœ×íË=ñ?œú&IÃA9‘4Ï1YK¹Ó4ý˜8Ö„ªKjƒ¯m/FÛeÿF¥‘r‹ýa9›# ®~ á–Ú÷CˆÖ·w÷€é.*9ŠéCjû63¯o6ªYT¸î3Öºª’¹²ŸYëVåêBÐy/èqß¾J’æÚAGÀkj‡Úiò:ÿ¤Ç‹»ŸTClg&®ÕO°½2È½Ä¶_rÝ\aÐ*HÕÚŽULÞ8xª‰4™b-(Áizª$A›g¸áCÏëLo´I\ Õ –kM1’*È?É‹õ8«óy¶z@”áH‹§-rÐ„Ž]÷1|€Ë¾N „)^÷×–å$ýŸQ_H5#æð½ÚÒÏÄ”µÎ œ&Óì‚3tm {)¤ï#bDç²K$…¨×S7í[±‰ñžœk¶T#é—Y-YO‘£i-»àu™,Ù—óŽkwÄÎÕÑš¯ž˜Ð˜ù$)ûj¤ŸëÖ÷uW\ÒÏí3ÜÛg\´â}Ë2tšczšïØòëœyÈ°Â„·Çšg;ÍéŒ ¸R3j'i²‰4m¯õ¬RRôkÄßà ™ýa¯D>Z3Ã!]ÛôSöòjp0žAöªæ_ôfÎV«ƒªh}Ò{®É·Ê!ñÖ8÷ Z§óè„²ÎÐ®·iÆëæª—±åyìO(m«™ÙŽß°²&Ÿ¸º²Xíë¾§’ª³ge¹Ã˜›EÛéü¾é[ÊBp|; Ã×®vj¬y)ÂŒ©€´DªäðØ`70’v/È6„5ã8Õ®‚m(9ÀÏzöµÐßî†ë®Kž1=A6—ê9ž”v@c9êƒ¦×X¯">aÅË%âÆao¢<µÊTµ*Žšóç›Û¯¥¦§Œ32½ž‹SÑöYòN‡ëÕ÷€·fØ†©zRª½Š!2 á5Y7–8E_…ÇËAà-nJkáä¯üY»ã{ó¿ieIïËt¾¾¹7Ç…ÿßvtî’-› vºPÂ¼qñ —úÆ”]©iFCïÔÂ¶¹VŽ¾«•Ø7¦í®™w”Òvç_ƒJ!sˆ5_¬Ñ®m…ÿ¹-NeìYîRÄ‘üè5\y¿¬ÊÂI›s¨Ï]‘À²ïœ[™«•i²ÍÂüWƒÜÓ[b×:Fi?¤JÖ´´àHì´1›‹ôÎÌýüj·ÊîVu Ëyë«fþÃHÅCU^‹cQ:*q“¬UÂÆkg7¡}âŠ_h^•×>Z3ªi]‡ü’ŽcÕ¼P„ÚËù¿;öö KÎRqXMZtÄQ®5Y$ ˆÑÃ=ÂGƒ÷umÂy){{¹ñL²pÂ¨ZA(LG®ÜùþÀŒU´”Ý:Ø`ÕkdPˆî‰-Lž'-ÞÜúéÎ£xQµ8A×úøÞb_ zIcÎöæ¯Çutð[à°ÌÖìícŸë©kÑ^xX[Ù^I%ÈxDïô/;•›$Å3ª´¼ÊæÙLü9xÕ%â”K¦€KØ£Š{Xv!> Y‘”ƒ¦ûÏ‚Ô]Gù2,À;É)ÝÃëæÒS:³Ë×7•WöpR¯]9QÄgˆ¯=þG?ÀŠ1 —ÔtYå 7Ùkê®û¼‹×à¢0â³;Ó(\µâÎ?ð}‚ç~žJ¨ñ×?‚×ƒ^k_J…BË»ÊÈ˜¦‰'éáŸƒ«ü›ü"aWcÝ¡×X}k(šâþ—É&#9Ú˜ë0,HÓž é]5wSVÅfŒ<®âGBin]R? ÇoV*pŽ%î‘ÀB§¼25—Û˜’ª:-òŠz¥Î–áÈ½Í6u~Ìö!«Û…1þy¥ÄÌ½åz,ïö[{LÅck‰‘Ê¸šÊ¹VIÎ‡[®Úh…Ù†-¸n%ã •¸A’²ÁÑÑyÅàZîPYí)|«†…dr¿÷æbžjð}:VS]€t%qè‹!j#8¦³Æ7§æ[gÜƒèR=ôBô-zø‹d¿’ïyj“ÚQ„>`„£í›ÊÂ/—„U9ŸôJ¹7©!¤Dúï—˜eé€0jDŒ‘LËlY`Øù(²/o2aÃ¾º:£ÊÙ?è ëÌÃiùòŸ ñL^`.¬¶ÎO(KÚ.jšáRç=HQ¸h®Àq22ÂøQ¢Û«m)~õÖ?¯¬"â6«‘Î^èXË\¹QžåFü<[€† (¨Ñ‚°!œŸÑ›Æ({÷ì‹^pás@JñhN¨œç&ë«Wßf´Ã—¢µmŽÿCítUÉ¦Ô?º“ë+¯aï/RðláÔ"›g¬Ñ™„‚´+^™ó4 âU™„{ÍSáèØ)hqJ«GËVe´Oº$pô~yzé]™£Ö©œË°0>löaNê ó=oûuêl~«lŠÛv(T—kýÙ2,®ÄŒ“?Œ¹hü Î…ÓÏŸKkêëIF½CŽc}¯*×B{ˆ};çV˜$¥°4†ÔZœ¹í*üÖÐÑ§;¾¹öI«6x*î0ÁÃ‡|"O})«Úî6Ù/}öK t<ûÕÙt½êZÖ4h¤ tÖ¼º½Èi@Ç!K=‘ðz<¼¨|p×ŽÊüx¼WCÊž–XÙ Å^Q°|±ÃçUt«]‡ºeSžFÃÝ–Jë¡Åª¼=ÚXdHæáCÛñ‰ß¿‚i}™2jUÄÓÈÛ íYuÍæ÷ Q…>A"ý¼.dÓƒö•Rcbgã´€É«<é5ŠsryÕúÁ9÷Ñ\Ý%ù°nHÔj3?D ¬Ú‚!fÎ¸ª¯ÅÄ¿»ŒÞ®xôìóœàÊ3'ÜðîÖe¥´€ÝP¹šÆƒg‡gGQŸ«Ý¹w?òÎ$P=ÁÎ4ßr¡†¦—ØÕwŠmú©•–š„¶ª!¹éÈb¬ÿŸì;4½úJÑ–—Ñ¿40ê‚–:G‹Á0R¢ò!—fÔŒpIEíªÞBÂœóôÓP`DYOA „iy5£«’Z–"›üéyG!ÚJ./=y§ŸR5ù¼üÍ?Ë±ˆ$¤ƒKÎNÔpjõñ´¦#Ü-gu}|Ê›¥ŠNZ§%hmÊP›÷Áù‘aˆ¶é)|xkX0\{bk¥t©gä†ÑD–]f$þ¬c&ÇÞâ3Q˜ß¯ƒ„“¼ ù›ë‡D{DÃ ¼}k¨ÅIg˜œrN£Œ|qãí¬ý¯®†R~1„.€í@. 'Km,N¤¼ðãó¡¶_âˆÏjŠ:†‰Ügje‡€B“þ–š=(¾Ž1Ó!,0öîàð´N¡¢£³@š‚žD$3ê–²GÏ±ØÈãc“.ôhFNöQ—/&fÀ§È.¥)pÏÙz¼Mä,“ ô!‡Å lÎhÄZO¡Êà'pˆ ³ôÞLÑ–=’Õ è6§sÀ]ƒ®7ÍMïJF H®›mL¡bÓ æ£è¤WŒ¼×†#• È¸_»uXŸ%ÐÒ ŸMôé+à®äZ”¡ÆV©W%pæGt¯·”y2b‹·N&pâì”ÉŒq½5—‚UÞbÕ'§‰å`¼gzÅð?P.Òb¨ëÇN¦„)YxiDBãð-8›*}ê*Šrrhp&4óË*k}ânéËŠŸŽAA-ø¿¢®QØ7ï(µÏúåã?†E<_'£ˆ>÷Š¤$Š¤p0gæ‰ÂFÖ„!Xï;Ùc«4W ÓžÄ€É6þ nxJ=~Ñ:cüÒœtûð6ž qõî`ŠmgsÏ‡¦Ñ½ì®C¢`Î_$ÿœ:á(Ø‘¥ÀâdN££"Ý}’l"6'õ3ÒM ÉšWÑÙázÊAÍtR“®õÏÀJ|Ä„žSŠ€«s~4¤¬J®ŠKxª¯Óbš&€zï-¦RÖþ~xˆ¶!VÙŒFÓ1‡>Þ˜¹„Ã¾]Ò²x(*i%áðÁ†,èPÇšò† èKC(ÃÎÊâö—ˆ”É¼¿Ó-ªw›s>-rýiL&*xAqKEÇª ¼·ÍG â!ù#M¹¹ãI«FŠq÷¦o•‘›Pàˆ©UžÄˆi }Xv%×ùX~D>šëÃ ùB² “S–âšjšŒ»ô½)P›€}7Úâü’¦JáòeŒ‚®!2ïòÏ^ütÊ‰n7eMq?üÜÆ.U}äúÕ±6XõñOm2ßË¯°2F£·PuŠÅG®YšÃqp€‘f¹åñÊºvŠÖ"íwù‰Âm’øÊéÈ”»ô °¸¢OaÄ½¤ìïŸ ž(ðCŽI|É^ÑN x:Ï’™ÝÑ«j3LÜ<Äç-•ˆ_Pñÿr¢…_/V–ç:²5kÅ“q¯(æ¨R.“¼Ý¦ˆ9wA™QÛVA²O 'tôòo)úäI]%(UdR à¬æ™áP[m1p\‚E†m5½’*ç‘}ãŒ;Úh¸:dï&(÷Éê‰“[OTaÅšm'á\{ÿ±AS“‚·„„¤CØpþÜ1êLkÚ‹W>@dË4·J±´,‡[ÿQ*Öl!¦¡-#øk`y¦ ß¦Sf1Ó«]”O•rÏòsöÝ 33÷ˆf<}VfpÁhÆêd˜¤¹\(Ø3^ÙÃ¿ôRä=t,Ð…L×BòXb85Ò›ìE~eè §únÍóíÜò…ÄAü¬Qº”UÚ¶ú§¶i 8½íÁŒJ¼RQà}‰=c³! ;ŸïOÆšÝQÆ¤GQÔ~âÏÃîŽ$YV’(k'j~ß¢Ñ¨àòû9 ®þz6;)#xÛ ºü<á%ã¾2Y¦í|‘mÅŒO5`7!Yg¡ùÔÏŠ®—*†I´@¨è¬3wØJ‡6êµ6€^ÞÝH™†mágU´ÞŸ(ï}!æû._oLÒz zTÈ¤U=W¢ÔG ã…ÍÕrÛ…÷ž/î^zÐ„±²ÈmF¸SÁ™õäiOëÁ¬Š 0÷pðªh~ÛG}¨Â©Õé²_øcr\6ÜøoN?“õ·ØOU/äs–Ä´— :u–§¥üü·å½!‚âœÞÕ(G›4ê×ëS¼ÛÐðJ?ÁV« Ì¿˜ ŠFóOeãÄI8u< ž&BfÌí}ã$èYÞÌJös<;3Øb£ªFéœW&_ñ>ž–¨»WÁdÊ…†ûßÜ(•©"¨°²]¿lÚ„ ó¤™ña´WÎøx¿?HgG¨$CáökÀ|^xr!Â&Â¦B+ý»FF¤„:tÙ`ÝDG¨•<ØKÙõåL-ãáüƒÉˆ6m6¬xBÓ‚sÖ ®ALÞrÉ7(ƒ”Ä\OÐûi%ég·_où¨&3ÅŽp%®ÒT—waÆ a×8€GÊ–C¹aÁR”Œº&6’”Þ¯éšmbEzÿ8xÿ"oUÝMv2ŠlUùž%ÄRÔL¯ ¨ T{Œ-©¨s)ROv"*=|´¾xßž®’KÍšS?ì0éj$†wö>†cSËN‡ž‰! úb‡QÞ>øocEƒ¯ì]·§òdÝ„Ò+?M_7ôÍ‚X¥ôÊ˜¿Yt«“ç¹w‚‡M<žƒÚL°á&UBñß€g“®€I‡"EÂ^CË]TüæY"qIY÷V¦ÑÓ‚Öš$ÙÀÏ õçzšÝ@ýÆ™ _¬Eò1—…—èê)FÍÈÚc×NrQ^ç–øé- Y–©C¿{G¤ÀÎó¬¡§Íšù5aãEéMÌ†9+2–$ôØQ0Áã?zÚh‚ê«Ž‚ÛGâÕU‹—stÜFPQ%#œv”_¹Ó#”Ãü8ÅÀÕ;]·“®W‘r‘ÑÜ©‘z¼œsœ@Vd±|FmÓæäI˜ç½‘ñÄ]ßDUÙ'i!W‡ìÌ§þô÷9‘ïôa…¡r¬³£RGçºìdÇ¾ÊÓ¨"ñÕáÄ’ K¹;Mø5ƒCî¦®U/Zgan[[{Í„¼RÒ²NÑcc|5Œ|AÈü¢[ñŒP(²š*ñÂu¤:hüß?üæ4|WVTÞè¤¢¨ÿå„j6¥|*?i j4ŠN ¤Ž Ta ìOF ÿ}&ŠsG˜RC®¼À û×1¹éãáƒŒBiÇsHX L€Æ/4êpQ®îò`&gämGÏIµ“Ë !|è¶ø]ãÙˆy]ß4ßÎêü§44rJ/ú”÷k€Š„O@’$PCJ Òo÷²uÓ"JÍ’¬0«D˜À¬0#$V±°|YÉN(AÀ’ö'Û÷{ä054ÕN•ˆ^)5ŒÕqÞ3ZXI8Ç+#Å+ß¼pH–Â™/‰mä‰¶ˆ”A•É\¡^H¨²ëóx4R×éR8*ÊŽnùšnÂ`ÐéÄ›¾¹Ø›tU_4@3|uƒ¯ÇiK"`ÿmFVÛiª+ì¨ÿ¡€“ùÅhI»Ü6ÂBæ2„´÷dFèé,3ÐK£ÕRÊ)ØõNJnÇ§»ßºMUâÛšZð‡¯#·«¸U§+^H©Vï6ÀÓÙ*H;XÃ$ãÜ¾¦6ví&Í¦ÎQÙŒÀÝK3T” Ø2gmâ>¢ê rÏÞ>¥&µ0ÑšNá–"`[Vñ¡Í5Òë†¾üépNw0P7Å`X5Òèõp?€wiØ+ÐO¦ô@o„7û×õGJÌèÛ‹¢+ÃÇïVf½ÿ‡ï–&Í?|W?ð¸> ö w¹“ŸA„ËŽÆ´ÚÏú¥ Ü@z/”ö¦v*c{ìU.³Ñ¼`””7ÎHsÇœ‡ ãxŒá¼äÄ™JŒr:ÇMï¬ÇÝ7ØªÖåå†! p‚Dn• ÝUØ{°¦ž^jájc†!ÁèÖJË3÷ýTõM¢åMŸ‚h9Âùr3GQ¥+ì_ê¤þšOd8oQ+‡µ…’¿A†ƒ„=×¿Ö=GÎ¯§`$»¾bóR›vGicÙÿ÷õíÅ” êK!#ßÚÔ¯v?67nß¿ß¯‚;c,X;5µ§USã'oŽ(ý>¥6í‚¨1S•‹Lo&Yl+Ÿ1„o})²êv3ýSfrÅ}pÕ?7öR7pÀ-c”Ø|2G™z¹Dé0m b¡u×$: ¦EóíFÂgs8ˆ¸‘[ª¯æS¿ÔØ#ö”h.—Kd¿Og€ŒSÝAJŠæ&¥h ¡åÅ0˜æž2ŽdJ…ã™#Ú}®–ŒS¬À‚üû¨`Ì GTŒ¶Ý¡Ç'Xt ˜ž3áÞ–Dˆ¬…y~!ëAc¦â÷ƒ|½â?GAv&Ñ<Çë7s$lŠ®Å#=h^/Ëœç³q€ÂW}ÅFæY)RüEòB|åZzãMÖAlsŒH8'O¤Îdû‡åøO o‹4Ž×´ó†,ë§ˆ°ÎÅYIXmúa&üT¢‡Çã»ÈuûÇ÷’á¢—ã¢ëÞ\ýÚUâûúz£X4—uLF¡¤'†T\«‘…»µÈ‚&È³˜OÃYÎ²Å‹&Þx[êícèÏv(¦À5Ú#“i@)Ù® ª–pòÃuø†þ”Æ ´fÑ@fÏ j†á[Å%LÛsVÇþÝ0²rQú¨£€y,ñ€œÈMÄÇÀ[«Üê¾>RÅñQ€Ç#ñdó™ÌNë%õþ‰ÊF„MˆÃ <ÿ ‡C=¼»=õ4JLvÖâî_ïíxŒaä¼6qº×ê®\)¡IXxv‡àžÌcˆ’r„5üvU…¼\,èmÇ>%ž‚€ÌÉ Úæ`|EZœÍ iäÐ^ñÕg à‚þÊíRùŒQ -ÏænµÚÈèp&dËÕ¡_h‹¦µŸjÚ~vïLyÁî…@ãÇDÏwìÃû½ /=X×20Ú…ñÃy°Ã¯± ÝOËØ¼b÷qÄ‡WqÆë–ˆð7ø#1ñÞqøÌ•"=õ¼ßFÇW>by»ÚÆç2lš–hE¡A>AØb(«Ã¨Òl÷è{nŒègòÝ‰v–oþpwP©÷{ižIç"D¢f~Ô¬M™ÞaÕ–E¿½È¬ÖÝs‘uØÕj]ûNEBÆAgk¡'a«ðË~yþ° ævÕCôÞ~¥2þÙÒ˜¤†<-~ Az‹T«Ä×*&kÎ:•ýFM˜öÿ°G“HÄòþÃN%ãôö/ë®/®|š0i~gGi÷ý^ÆëM²:¬yª¡ô–'\ª6õ Šçƒ£ë²’FRŸ)ƒ9?_ˆy›RN’sŒj#Þ}vß$‚TÊœ¸‚¨ü3 WSìp¹durb¬ ¹²’½ƒÔl0‡÷à×;Ó`AUs¥lB u Ei¯¸íBKÉ¥Êª¬¢Ð#oxÿJR¤+úr BpÆ‹ü³©¥7B”rØJâ£¢ñdåFn@àßUFî[Nm% Sàd!é¨™u¶®Æ3ýÃkú³Î;00ø±ŠßÔnÓ%@23bÙL‚çÌÝŸxfEˆäÞxò¤ý´jéi™õšºþ;"c>ÅXŽŸ)‰àÀûíäJqZô±ª™ö\»XëBK§¡cÄ\oLÄª{ÊØ;Ñß…2.?ŽN «l0‘ž`‰ûÜFZÓc”BCtiP,žåˆøóL2ZùÇÍJ3•Íâ=kNä|‹Dy—Éü¹%q‚¸;|b‹l tòÕ¡hÆËÀIŽ±"Þr¬ù dšEº„áˆÄ³î1M¹ipÙÝ¶‡›+¬[‹ó÷mÖOOéÑÀƒ™>GÞ©”·dªc4ÓÔû¾„»u‹Jt‘eÊ¥m$ëŠC¹ñltíDu…‰ên–2W¹NIŒÀ°AéIh\ß¤ƒDIúÔI-ãÔÈ‚”B06Í®hB£oÕÏ¨]v Ôpû*= Gµƒx®Tn‡‹R•vù`§Ÿ—H6P®Å==F!pJù0“Ÿ'.‘Äþ‰ŽÝ¹:ø…ˆ7i>qáÄÝ¨žZ$Žg;`A¹#?c,v+ärß¥C*Â8c3·\›¹ŠTº ¾ê`Ï YKÆü&?ÕéDG œ ØT¸}DûÀ±uv’›´JÒ¸”tÁÕ<ó#cxŽÖ·¼UÁàÐÆƒ;ý†[$~àã¾LªúW,‘½zbMÒy—òÜÜ<ž(f\VÛŽË" ?“oÆb.ÔiÔâ=Z³p Öò“-tí[r~šLœs9uvqsZ=€$²üôXÐ5^Þ•Êê©äVÄ Ú,&l]Ê ¼ £Rük30P*ó6z Aù¼p>5Ó‰ÑÊ6Ú}1‡Ü2G.L÷gQ_o‚<1AM”º½ag°ñ3#Zc%úÄI»SQúH*;v ÈxêÎ˜šúøêkXï£œ_T+¾¨”M,˜á{©Úv9Fû˜ww]Òvƒþîy?B\j¡ež B@$ñí¼Î”evÔ¤hÝ¥D2Z`î Ñ¹Å»ÔÊeµ5FVÁx²-§1v wK°·~/c`~HŒð€‹vÀ${”™›„Gí lz<Þ_S¥³žuÖ¸IÑM,.jæ¼:K`‡€õ- &*$æ…ÛªæÐè1£ùc.Æ‡l¾ˆUj%)äP6sµ„Ÿ¯)üÀÎ‹Ù$0–² -Ð&¬òõ ‘ÊÄs’°´;²ÈÌÁeûz3÷IÒ"Ÿ;Fž)ü(™êyeçÔ]å¤ˆ¸¶×6µDq0©K€š0M1ŠJË÷d' Xx¢•¤ÍÇ3³RÜÄF˜»pbijÓzó£o„QUNdW†ü°ž³a)¾ö[Q›@²ÂLÒð,øµCz[ÌYþi9æCÏ£vÓ˜5Ø#Mõ“ÉTýp˜ó1×ÛAh“ýúÿ¿#ëEÊ–ÿ¯ÓIkî¤½ œ5òØ¹¢ @bTîf¡Å 7nó$2' ‡%_S±‚¬ÞQµðæ²ß›°£ŸázB < üãvï¬´n²M*E¹ž…'€û~ƒ}óRtk¤ÉðÁ Ö*¡µÔZWBÚ¡m³)ÉþZaòw°Þúy™Í¾öv‹ 7Õ4\GMl=ï»BeƒÀ[Ñ°ãÓÚÞJqºNÉ70æèÙ^uÚUôVƒ’SC.]¡Y§kÿFoù÷$îGwzHû=oª XO#w^†ˆPó`IêVûZìèã=ÈlÚóÒìiª8PÀ¥RL^EVºyy.ñf–öOŠ>½:3Ý¤Àé`–t‹A,p#kËžršÌ-úRZÒî ¤îÔå‡‹Å2:'ÎG N Ây\;îª§m'=Q?^òJÝË.å&wŽÊŸ¯)ð8®M<„â4'ÈÌî)¦!²š&,ÖÚK°a@™8LæŠ?š’³530k]°\rp™÷wWÈtd-ÖÅA9Ãl2‡O:¯‚ÄfÕóþ÷6*@ùPP°ƒÊTÅ¿žþ‹ÑŽÀTæÒšÅßŽ)¦˜Éü›™/²€‡‚NïêÅzlSÊýç.ÖæÃ{wPÜ°ëÃTÕ¡ñùìy]Î½È~ÿ\>ì‚üÞˆ§ÿ÷¤]äì”H€²Ö¬¥gâîNI‘"þ¹º˜ @bJ}Äñ¯ß²bºEw.‘êûÞ í«Ðä‡È7Cê‹£ÉxWS8þ"rJ2ž;RÙÖ‹Øu" :jßòµL§tÚ; ßœ©±ç°¿Üñ $Xwµ·|SþÅZÍýâÖ“™€[I«8m¦} ùCˆÞ]Ò8×G¤˜K6ÏjAƒoK™U {mðÞ¼`¶Y)â×ÛAåsdÀXøþŽ³w<¿‚ÇQ/Â³Ïø·iûf*ÿÐøús«Þ\8æ¨u#Øêëu#^Ç„îš sŠôÙ·ÂÍ9äÖØŠF«ÎÐm¬+Ùm_ÏÛ+À”Ô.†MAJ=ôéžKša:@×·#U5nq˜–Ú¦œv>ãîm ÖÀŠNœ¥[G N4<ÙÀ;9Ì-[Ã¾KÔQŽá2ßÉÈ ‘€ºä˜Uûs’miþø—Y6˜cæMz4¼1Ñ‚PjÉCfÌŽ¾ÞÖ‚ëšôd/ýØÎÄM9µ¸zw@þ·¨s¾ÚGŠ¤ñÀ’¡UCÈ£ çMb¹³4UhÑíLCòG‹¬D -\¡£Ï>ÊŽT¥ÙxüUíÈ¦4éô«>˜½ê´õ@M4…´Þ¯ëöá¨;þž°d(Dot$|V:&õA9¶èwI2HŠq¡ŒaažlÍ¥‘šMÅvü²ôüâÜ–ŠJ€5–†X6Æã„#ª6ãöîG€âp€dƒÍ¹–}&×¤z›Æš sµò;ƒÈÌîñ®¤¯YŒpôYz+e .ÂVûd&/¤†Úò±Z8e W¯íbÄ|çè™tx.%äÌ{˜ªqûÉ% \áÐ£Œëé¡¨?¾°ô¼]Br‰£LW¼û´ìÎ&èaé#¡¶ÄEà¯KÌ½¦t–Ýa*ÅŽþ¡¶,ë²«æAB¸Ú.¤ À²Wà*p/g˜Qîah*;åp¾v4êÙäÉËÈ6×æXv´µÆG0^vzõ8’t³Wó?•ULWx“öR ø øn¸ž°û¥ASÓÒ‡?;ß8BáYîÇëñH>“Äs˜Ý‹Á•wìÍFñPZƒÃ¡¯[¦ü8d–š2Mõ˜%‰Š¯crñ#ì³¬±-öwŸsŠêò^ÀaŠŸ¸iAg ;áÿ÷ð®¾ÆíÿŽî¢x%+xÿ9ïÀ÷:§Pkw_.ñsƒˆ=~þ)¾7Dá“z;©™t§`mS¸Ý<Ö±w÷biÿµç× ¹¨/äÝŠƒdž6˜aïÕÖ‡×Ã(°´bqWÉ¨DEæiŽ¯#U Kõ¥:žtÿŸÙCÈ;{G¡ýX¹”DÅ„’Ý{¥§~½Œ7¢Á6Ôæâf]H”€pâÁLËC[wh®™ÆàœZKÁZÎ>–ú$^$6íßL?Í¢gOI>Û'¤’Ú|ª0æqMZÞ-Œ½ÈÔ½9£ÛV³pBN&ç±WÐæ&LÉ‹+\ )–ùAìÍð¬˜=WzD/#úì©glž‡ÈKó¬¥@îxuEQÞ»F³+û½a•£d›BLxtä>Hh† !nªlO¼«»n¸§a$ážDD Ûõ8íñ—³¿6~ŸCYS£šBs°dT¯9ULI~¬è¯ñžÞçZðXÏK£à’¸jfÎæoo¾dMPÄÑáo5Ç(4Yªæ47x*UÉ0‹t‰Þ}ÚF™Avµ2¢UBÂW~FOm¥ç?ÿN¼“ü|~"9Ý´z^Ðì¥M ²Ïžb6ÏM‚ª;Mè,G©3çv’F[ùdp#À$kKwÐ~Ö®Ø·—Kã|’á^îï â±E·É =‡ããdƒ²íakñ4Û$Ã•þÐ*CÕî¹ HøŽ ËÈ_¢Ö©IòY–o¶_ 7«>|Qâb«©P- å~ý9Nˆ‘dZ™¿ˆZ>õá8&‘Kûzxuõ„)E±,ëëŒhÏpeüK*x!V²;âÊxÉÏ‹bû@åTzÊi~ÜÎÚ/2hÎš4z ïä~sû3`]\´Ü:i_Á7Ò|z¾ÊBz&†©]*LÐv12#|‡Eý~…¹mýl®PZç—`M›23$Û¬XÊz²›¸ñö:iÂL1žh›ã¼íQ%æàéïfôÞfB¥£º†4Ö7øú2oiIõ?bd—Ù›fÍá¤©Æ…[“…þgï.>ÇÈp„˜ìúí¾b×ªpµ+%gÁ…˜úXpÚƒØ#R¿7WÿæK=jädÙ6|bÃ'7¸Eƒ=!P œrÎJÉÎs‘Dð²dL×>TwKéÀo@¢>úŽµÎŽ]H–*6A·ƒ?àFÖþÿZyî,ž?Î…U±Ú™j2…à Åç—m¯c¥3É¯ ¨®«éúåˆL‹Í ŽÏÄt‡+~DhýìÁxÎÉû6qKƒñ‚K9!“þz@ *fõÛ&¨È=÷²‹®1fÑz›Í üó;GiUÇÝÎø<ª*»œ³|®ò+’vjÖ÷ö5^8¿=Ä×I[ÞæI{‘TÂY ÒåFV%¸eAòEkWR’åC6÷\Îea!·h!Îyþz µîã/W^q€&fU£ƒie]Ï‚snò7å*·–|Ø‘ýFg|j²bÍ O¥>êÂ5¤†¸€´Š ®)'ÔBÐéqî<xÂáÀÑuyDƒÉAUÕ”ÍÚö!=º1/%÷DýA2ä$Ñ9ßhìW…™_¯Âš×=(™Ü€~ÕŸ‘šW;hÐO4íç·c(qû„”Ûqäý/1ÞÙ˜:ûI C‹mœí`Þ–q OÂÄF~7=ð~5±Æñ#ŽŒÈ>\KÖ¶%€a4^á¾ü$+Ø…P£Q®s¹bøìŽ‘ú½-ö4”Îú³Ù˜7eû–ø‡»)™|×qŸ¦v¡†©>ÚI’¤Øü<;ÀäÙ½Ù.aÂ…j–Ûg›.Éi;¦Öê€ÞDÎ…“¼·œ;¸»#÷61züaSñt‰½Rµ¼«‹árèx%Laõh,`AA€¹úX(”&%jaqÏ¦!¡¥Ñ¾ÎÒÃ,|NÌÃ-îG2iía™–¿®§{MFB‘Šîì@Ñ`Ã‚¹¿T¨8oVb;¦P.€àíC?ðs6„î$ž €¯”÷|Ä$ø!üðÛE–™á^Ägbð¬–ð(£v!cgšëî\p2´öîûslùònXÝõþ?q=(«øF%g‰èŒÉ½ à >d¦u(SèÅ÷ã¾¢íƒ– é=ÑÄžÉÑìŸe"?_É³óñž¯ »Æx°½rg¼²Åädk°—–7³c!ã‰ÒÈš±¹¨Åc¯«@ÒwýxzÂB²¯$M’ž <¸à6‚ô;A•ÖäY/Í:Ø$Î¥"‹0Æ ç0£?âa·gå+é©øÚŒšvàÂjêz¨¯¡b_QñÂëha¯îmó›pGgmUx¸é”bößÅ™³H«{SÉ*-²' q[VM]ïë¾ò9ÐÕ1Ç°¨ËÜ»1¯Ý±†/$üù&¨´Ë/VÐ€ƒñÔ Ê›X§„…~ù¡No¼™TqÅ™•ñí1°ï<7Æ7ÒŸÃ/ö¹ÙÄ ê»¦¼4®™õ•h"üƒ2¤ HŽ;pØÍÝ&(%Ë¨’Ê¿“Ï¬Þ"e°®EÅ“ aOT«%6Á‡yaakäý¬tÏxEçM‰[ÆÝà°É|%S`ô*¥%Gó~ñ·S}óCJ&Œ_0R-z? PŸâ¶ªü4Ké?—#®ìíädà`€ x¦ÑéÎ¾žè¸ ©œ·Ä¤Þ-€£]Æ|®¿PN½œ.ÑV×Že}«õLÊÁƒIÐ4ßêìÎt`Üuí7Ïì†Ð-w>û Æ"‰yŽVøë‘€vžŠ„¯ü§CÒï‹•‹Ñ(·¸-"Ðd;+KN‰üì{UEìæÆ¶.M@ÀwÞÖXÜ ,=œÞÉ4Tµœ‹sÛÜžN;ôo–ÙøÀê‹S–¤u‡FjÏêmßÒ–‡IqL9cíUdá#éÖGå œ¤oCiG‘Àq%bR¹K©!hÆ$:…Žs6ÎMmæ“CU&îâØ8Õ\Œ¡\±z“^S+¨ƒ¾´"hy¿öŽ; •/:ù°MÃTŽdhŠh° PNˆóˆ]‡óýƒYÜ†èÃ–¢óWãµ÷ø`ÆÌeeÛŽr‚7æš¯3†B6r÷FDÍHöŸgÐN.~`Â„¯ô}ðZ£(G€˜Œc&‡¿¿‘BÉ=ˆ6Íh tcF»9òÁÅZŒéJ>[`Ó’¾œ%ù¦9'È¥RxhH"G8õd—7eìä91Bx™ÔßJ/Ì“A¯æ¸e¦<Œk8‰×—ùë“Üi¸Û²&f7nNÅ,Æú5,# q[šíD8ï HD9¿:¦|¶9OLÕi5´_étN"$@šaSÜ¥$RÖÐã˜Õh”üo1K.¨ßÕƒ-ÛÙYWá^èëˆ>§4HHÛm„-,Ù¼™F—MOÉÂÿlÕò§,»,(mvY»&+•/\jÞx8|¬F?›f6BqoÔã0‡ïücV³¢}ñ(ù~êŽNL÷ædëì“ß”a*ÝÜÈ\DÇšâºw÷—)Ä/¹+}[ðARÀ¤»ÓEán¸oà"lc;zpùêÔ½ÙUK 6xFMH#ÅËÃóqó‘˜ÄJ>;U€Vˆe*d\Ý5èù6-ØñØå}¬G˜dIÏ’ÿÛaz½ –2Íd¡ÂAMÅáë'§ä¬w¸’ ÝË°"Pú™r†Â¿«Äƒ6Œ¦y˜IØü½+h5YG³‹½ÑE¼(’ö€›Åu…¼QƒT‹6\HˆIÖ»€J-OŒ/œè6U<‡ÕÝüA¢Žã—¾zIpgè&ý¤eÖ73¬ß² þáàÍ%¥';ÄB±ï¡›z·›îôÉQ°7;®›É¸•ã©¹“ÑG ‡‡r5E)Ì#évbèÏekyºÇû3t¸KŠ’R¨lUÚ€úûõ÷uV¾Wé]4I8*ƒšC`2Cºø Àvy‹6k( ôš…Â¦7L9JÐ 4Xä}´¬{ugS§¸)áÄp«) W€¦‘›|‡j’i…§²•¹i}ddvÜ_´Û‘ô|i(iehÅš ›ÐÅy¦Ã¡£é+ÔÆgÝ_ .Š”Ã ¶6 ùæÀšW-‡Ž“ú3p‹ôB…ªç»ð•9©+¬¡3@ßÙ~ù³ÄApÕì%€Ñ¬:½‘×ÌÕtTýë¥!‰BT³Æ,¨°ƒ¢#ªo ¦oKë«¼RÄ„½¯Ws6í#nô¾J¡¬µ½p¥£òC)oÝÿü_ XnX+™à¯Õ•»<àTIÊ iûú¹A¤^·«Ìæ×ëµ©©÷+âÁ@u–NGr%[é=FÇÐüÐ˜kÔ…îðÒÌöU"š’ÄƒNÛA¦—¢Ã¨ÐÁ©–|Ë½£”ïÕ±œ$›ƒ·…•ªÎ‘Ì"¹ ðÉ'õ÷Ë +;‡1—B» ™AÑ{¿~QšÃÎÈ[šÉ‘@—~Î©\ö¿OÔø>¨©ë„ÌªKl«˜vÃM¿ü“dB#¸Š˜×àå ¸[ýk1yBsWÛ/†ð+j‹—½ÖEò8÷="xYYÃ ÈÎ“½n¾½n¡íB‰±¥ÛêCžj¡÷à¾µ}âaœ‰èš²×ñ®àÅáÍ8.ÿuö~bŸ YlîÐÜí³#9Ð{úçß¦üç_Z=ôÔÁ!75•÷ÀƒÁðò1€©èÓc _åŸkêÖÊM¹í3QBµ hæ¼s£ŒÑæŒâ”ÝCÊ0µö/`»±£Ê{ÔdVg”B¶ŠW¶ÕŒxˆ¦±Š6ä‘%T*·šò£g'8°/±_Ó¬uÿq‹{ï•R‚Aéäš…«ˆo4„üË›³¢×1¯+ï®Ú÷Ó~µ<ÜâÚÇþaTKZlŸ[ÞGƒú\ ó·Ûm—J®~)pbnÝh+Q[ó‰Ç/e"Ø‘iy°ÄnK‚ þ‰x£€;y§ØäÈ,l;ÄëQÀ»B>-{bS€".ºpôÃ²]uJ°{òÜ²[k7.}ã.žÑÉ<“ú“ Ñ›n)¸æçK_b»BÍzh“©Ð<³J¦ÖMÃù¢Ú•õ%Ôøræá·ìÐ‹ÿÔdq{ÙåÀöÕ9VRÞf»ÎmçZN#ã/Ô›ß89?§RP'°+qÃ¢£1¿si}Ý=[“ [1Ê<ìä+BLÌd‚>Ru¹RÍXžÖÇrxèóWÊM½âÓgBº+š ÒËÁUûÙÙ€h®Y•rýM‚sì2Lf+mîvV ,m·mßkÖïE«><ÓÚÉu4hÀúŸöƒ›Ø%p)ß‘Õ1y™èú`9¡›áÆQŒf_É÷yÑœzK<ªó àŠ¤‚è3üv–î«ºÙ’Ut%ýï¬i¥w7ÞHûœ÷Ž1¯áDÃûù–ÿ®°ŒöÁbHÀj‹3à)´eaJrY;Ý£>åÎ>”ŒhÔ ÒW½¡“!ÅP{ ø¾ä™£5—À\Zãx]Âtò_sY‹Q«¢Â7Sc6Í&–L’ØèÁñb4ÊdúÈ”Ü:Üí¦ŠËIÍõ–A^Y!)½ÀKZ‘Såñ»Åh:ÂQš àMQZivŽ¾›5O#½âIÛ`Â˜õØÍçÉÚ®µÏˆ…}[Y* °ˆZzÿgöŠ}‹;[øÖ1øhVÁ`¬_'×|š*úáúº&â†$«ˆÁÀAaXÍA%ÓtŽ\svB–Z¿\7$ÿuÉÄK}õ¾m T2—òù$T’§D$©ÇúióôN²"yÚJŠyì 0|ÇùâŽ{AYH´áön´Dè´]®6]QOÆ–ªz6pAæe>2O‡4”Ò@$3ÀèŒ;|lãR6\ÌÝ6×m=û§>à2 Qªš8iNˆB¯è™)8ÔàæŽóëê=ÓCôCB4ÈUOZ|¯ìÕ’O(Ú÷écËûÊ4È(ËûÛ‰F¼Lê<àùÞ©Uk9ºBG%E\,ßð ‰ ‘‡ãŽ‘xi4Z6²Ü‰±¤[_Ph?²©TÎ®‘5a" ±eZçþ=OÜþÂÍ¤?Ý-k¥Ú¦XCLV´ý6×fp¯Ì"}ƒK9X'*™9¡Ñøc>ddSGD\L;qè‘t§Ž¡b³ ¬“|-b`a{t†Âótn$î¢Å2íŸ‘ËîËi]¡ãˆê^°ÐÈeõ¾¦Añ:¼ÇžîËÄèþÞö‚ÆçI–#‡'Ä¬¢Å/Øc.±ãL‹Q`ªKP¤-—¦6»Ž_þ)Ä&:o%Ù>€šú§WÊ*¨ÆLz›IÉ%ãÖ˜‡t¡°îeJ C~6•Çi£0F+Ð®üåÑ¥,"×¦fÝ¸gGI&•—øk©4šAe›6xØ-öCÙéõºÕxQ'“Œ}“©îªk#KuFXÂ ³€0k>(á¯DòGƒg¡ AÙ—È1dòìZ0Q&7LV¸ân~§4ÁgZ–ÁxK°üUüoñ H1ÐHþ)¨Ò®¶&ÏìxMûFª›´©)ABàÕ‡k¿™½V¿¸¤#‘I¶Páf–/äóoßFlÅ2Pïúwiÿˆñ0sîl]¢»ÞnDSô )ÒSIÍßJZµ[Öá(öXA¹%…ä™EêÏ¢,ON*Þj‹ø´yk!à¶Ù×8)•“©³Ò1µÍ´ÁÒuî-[=$–$˜°×ÂöG³4@ÄŸ”7®yÈ¡Ð*4[ŽÊ|Á«ÂÁÄ“æTÄÆâÉ!ƒ¶:ð:D™ãEÃ½@ª'0¥KÊµvš#vÔ„qŽ‡wÍ1=ñqIýÎÔ^7€jdDOBm5å§¢Ø9D¿Ð¨Ø‰€òOA«û|–/›ËN¬üFÇ%…¬9"ÍÇ+'—²ÿûZ²Ç·MÀÍ1†TÀ¬1•'¦&Jéº“S(ºMã¬šc|¾¥*‡%m,ÙÑ8‡ÎØ’X„ªÞ@±çuV³þÛdÓÙ€ÐÇz¾œmãyÆ½*Ð<êAU³æs`èVšî…sœ¶ˆ;•™Å¤ËÅ:^V¡T½j#0âÔè– ðÆî’<$E—ß-3æNïâ¯DX?u6ñ=¹§6ØYwÇoÐálå}_¿jK"\JÏsv‚zD$>™–ãç¼Ç“kçðˆtqðPø›³ nf¡ùÐÐ€á( 8ùëˆŸKäFdˆWd™ÂŽ…w¥e½°W9€Á!¯…NyK·žK½‰Fûáõ.ÏðŒÎ$_Ä¬É}}`<*£õ>—I)äRb)å‚;õŸËƒ5Ûd9"Ã44ÉÓRËNAkÃãÿ36J^f÷9GÎŒØhîÃê¾¢ÜF"†k|$Ûo<4+ÌD˜ïÁ+äFNgÎé3†áÀï#Ñ‰•¹.šÌñ1òRäÒS>G/~qÒ=ˆòº}Â~þ£¹fØüA'®e«d#_ÐªÝë•—_¡ºäH€ÿV`‘K‡üàkEîX%sV,€«=~rù·š/(M”u&\Ì‰[S8R"à=[¡§sÛ‘ç™ÞÍ!f×ý>{bðÇ”9wîŠžäu}ó$a‡ŒÁFT¦WbªG•"DSF®µ»àú\o<Áuà2V7Çd4?ÚS¢!Aü>V¨`[inŠ¾-Ápg¢)!Ý*\Kp)ÞU*Ýè8Æø”Íž"¨‹¡/äúÛþÚ“Ò›yj5<§ ÁÂjûÂf}Î*„¢Â8±¯òvì£¾þ'úIýRÚè×æ‡Ÿåôp±g’ËQêÌÊ_d'+TZw›ìqgqZkOÜþŸ°ÍúòZKß¥0UDcñ—‡æfÒKé¾¼‹„_v±áØS ª{ù;ëVU“u4Âƒ |÷Tøk‚_¼ë,¯%V˜RÑœƒšÖw47\×¾©³º÷pNF°h·ž ÔCÀóš€›4¡!¶@?(‘øª~¸'Ë–%-Ö¿ìVê1ŸµÌ':Ë¢Yæ³*½¨1$ß‚¼—¦®*³';=)½åÅÉ¦_z·_ŽFW¼#«ø=Lû‹x}–MVEègr§Äë÷6ý ÒP$EHhd0}°±O‰¸½ñ/Å¸Â³ÈWe´FWÚðRmP²åâ âì'‡çw¸/N[ö”óæís ÏñmS’²â?_bŒpö®ø °Æ£ÑŒ°âx]µ% uð~cF-ñÂü± Ü~syM'Ñ&k)õ\êçNï™’jðŸN¾Öþ'u÷P/Ð¼ý¾Ù<Ï¶*›µ«Èç·-WŽi!ï6¶c bŽÈ2áŒòõÙ÷õ³öÆB™¹e3ã^`}÷h»z„ˆlÇ0t™ ó–d‡ßZ³îRAìmßï/~UíC¬ö¶WKrÞ²ÙŒ|¤O<çÉ3ëodMýðÂ9(„Ã,PsÀøþ+ÙÝá…„8Dz¯¬ÇR¾…°:¥¹°G8‘Mø„U—Éœ–ÑhÝ˜l|IdÎŠÝÁµÁuž=õ2Àì¬’'Iý]Ø[L'Àã ÇqØ²×¦óZååÃ*åŽ—Î£ë’7mémìX:h(]›‚ZuÔ.æVÅ0¾E°‚Ç7A•/ž/²`=Uøªíö#W„|ÖŽXŸTÄÜ9ûÛò4bÿõõÓŽÉüv-ìš«¨^.Âêé_ÌÎcDS¢ëLÇ×XèJûTç=É ©ú0b“5>ff¾>½ÌUÚÇé´2£§—¸°@‹æ9§Ï÷²Z×u´fÌ2ùï‚ä˜ÑvÉÚp‚c?ìA=ÞìúÁãûªo—XÂk2_8(ÕçXht»ÖŒ‰7-taš¿¢°ê¸@ÁÙ˜áÅ>pØÇßÅå†p,‡cŠ’‚`5_ã†ËKóãA„Ý`ì9ß´‚½±B¹gÙªX 7'£2†áŠjÕ3«~ a„Æliæ¶þFYáeõD[/D [LÐ s' …h®öd'3Î^¢%I@cudÎ¼ŸV¦±ëÔÏoÅ4AÖÂÉS§i>Å 0£7Æýë²#¢ŒrrD3¬ÃÉT2JÆÌ@EÎEx¶ÊªÀ š#sÒa KÚ¨ Ìü¡"f®4`ÊßëCWr¯0Q*´C–¹Ë‰wk}%-Ä’a_Zª±ôŒ’€Ùn¯En'2„ñüç+tÄ]ixÀ`ä‡éQ·3RO“©Œ'á÷ËÕ.$‹ÆT¤…_žÍ¿tnfêò™€svQÄ‡MK =ìœ_ÜùÇaoþU»žYsËó4øØ³ï°à~1Z²&+K$¨ß%à§«cÓ–1{I þ€ôæC˜1«z¿¾ºÊÜ²!¨ÙÖKÃªxñø4tò‹Rì…y„Jy½º}ñVñ¯CîŸ &ˆ§ai6µ _Üh-Í³þý½å^<Å—þ*ÞíãÁ….î#¿,cÚò±-±ÖpYgžÎ ‡3]`4XšLÍl™lÒ™â?àþ+o¾|fì° þì}’†ö^ž-ëqéŒF)oº¥ ×6;‘+ü°ËûÅ¹¦ŸVXZ,ÄfaCrž@ÊƒSÊ%-ßP~ sö&’_GàÌïHûé]a~}ÉUýWéâYƒ›øC¸ìØš+EsîZ^2Œm÷/”;e_®V»£4¥&rqÀf5ó‚•$C×ï?y0,ò‹9§n›0Æ±R‰µˆŽtæ ß4SŸm.µ, I^TŒ()[þ{¡Í# 7Õ’À`Ö`¼Ô¼]¹üïÀDŽ$˜µ·µ8KJŠÊU"k §þ¢™5Á‰Og3°òRª#‹ôŸû¾ÀÀ%ðP€3¡âàË£¥XÁ”{©JÖz1eÇ´C“ãéÈûu (/ÙQ (é¥aJ¹µÇw$è•ÄÀ‘Ì}jO½\Î¶/gØçwO•ä¶ôŸ0"{H/Ã– Ø®ÓÖ¥1õz‰›ËIîÆu,ÊO ‡Ú»À—)fõ”=mˆ_ˆŸ”0Ô£Ád ¨ºøÙvÛ¾î#²kmå4Þ7žç›º.9Á¦ûŠÝYéSÌ8d$/À²lP‰wcš6«Çá'_Ì. Æ’'ÜX›ÎÿA$àCRÿ|·9õßUUŸ «±|›N¹>³€†÷M~k¹^¦«–ðÑgŸkÜÐèkÖÓÍ”çDlô=«;ƒuÌHLã—ãÇ ª1PG«ëOÕÿÒ€UWöûI UAV|†\G×j•1D(em¬"(oMV…B½‹ÙZ³\÷*YÔ5ì–ÅºP¼fÜº6ÎŽÇ¬†ø ŠÃÒèrq‰,bê† ÞÿÂÕ{æúÅs9òíÑægz£Ès_… Î->ùïÈP#YŒ"g Ja8~6ÊvHøÀËÌbCuPzZ©ØÁÜ‡Í/Í¦04¸õ7ív‘°l(Öô.ƒô:·:õç?Œ±lž•Á¡„X˜þÑ×é^|¤Wi3S]¹Ïü‰ÆQä¶˜)(j¨‹®Qiogêzê,QØj5ï’Ù eu£ÃFksýv™™ªÇÅhß¤AG°+“NÀ‰oKY;¾•wNªÑ nÿdF¦¦ÁŠ™æÿš¦¼$…¬°6RÒÒPÛÓøæôU™ã… ^¦·:>Ñ,g'¼Õ|{þ%.`I³Å)ˆ!ülÕÜWÔ‘Û¥áô':Ce€éÌecü‘ °Ú6Â—!ÿ>Bè§P[qlº†Y)…Wõö±A•xÈT °-iù}ðhžC°:Ô5(iõÒ~‘ºFMxL»a²šÉ4gK19¥Ž®m¯{úpHxXnj‹"‰ ËªëZE¢q pC¬i¾,hÅkoh|À±°†ÃëGêçL5ÇðV®CLJímÊCì9ñ«á[á„ã”‘¯¸fÁ\[”!C ™WÔ[Ö ¡k5KD8” a}_Àq—“ö7vëAj"é2ß0HµÑþûî&9”k˜ª-ï<ÈßàÞŽSï®‹X†"ÜlS&þõMÂÃ´ê%YôpÉZG»øâO7;sØm0…ie¸:ìr©Qš¸ÜÁ•àÚ”‚”“6¨Ô(Ëž2½°›‰¥c¾·}…ëÒ—ùèu«šúøáÙ8, f8ÜqYMy÷ùyÍ„ÐnçTJ³9$ï"zA+FŠÛø§P*7hü¶J0óÃ,O;ña§/' ?"ÙœZµßÁ¿Ù\«ÜþÇR…ô÷J¦D$^.Áý)]ªöÝ© §‰“ó,çÏÁçãë«ä/¨+Ò¬à9qìncÒÆ‹8x¥H#ðÑû!—“›}í‰W‘&ÓÕ`¹©Î0µúÓœ†Ç…#ò&vÕ ÄÇÑþE¨Dòª·ã&ÀÛR-ï[ÄÛÏóuCž¯#9Ò>!uxrÊ^L$2£:ôë«žBZ:¶³üF*„%O‡å3°ØüßLXO ÚIÎ%jÈY/40ŸÖú48‹¢À¢hZx-KßSAõfÝŠìØp\z,’L“š*Š®{jÅÝØ/éx·ˆú“(Ä †GŽ%.M“œ’Þ·Žëqÿaàv½Š?ÇñŒýM‹xÇ%˜~ ÝôÀëþ¤j™MŠ©AÛ–bšî1ßŸ–š9.´yÜMb÷:`!´yWE“×-=0%ùáÎz/ò$Ÿ½Ž3E_úïÀ%àC¦¯è+Eä/zõ‡®2®í_³(€òÞøUBÊ¾¬unŒ¤ t|ÓGß*9ï¶¨ „/åÏ÷~‰ŠuÆ*¼~+©À@‡ÙJL/ÉEÿ‘<µNú$ïèìØšûsKTA@ú–À—¾hgÅ°Ü©ËéBF+1DNVI×j…ý%n ->;qÆßV'êÐ¶›&Ù°˜\Ø«3FpÝ„@†üÛ86©8þV¤ë¹©ûy«b+®Es¬6CÕÏ«‡’äS’´¹¶‚zÐæx…égo1YÉ©ÑÊLëQFkoŒýÝ<û«û£‡‡4%»sÁƒ}•åŒt¤àúx†ú–©ÇI7LÚ Ï§xÊÃ?Qi[wÄ1:‰áÞõ‹U•«UOF’´¢É£Ï$_*Ø'íò >UÊO¢¬Ø>²*´Mµ3]±›20LÇ~sœÇ¯Iú€vcÖä£”à/¶Ý…¡.K‡Ô\½¾$ M¤ž›ÔG1OÀ¼”¼×.§*ë(À¯Ù‘³ÝŸË€hmÀ$Ým”6–ÊðvU(¿šG÷¥õîïl¬°+²dËt@“wé²=ý9ODvr‰B÷ê¡Çöò¥×G„¼hTÊó^ôÖyÊ»ÃOò¾ f‹úí¬Î˜Hµ Oß“{yUð÷ú•ç„Ž¼œš·-`RiS‹ðq¯<N}.LÜîfÐ?¢ÿ©)å/?©ÛDla §ADñ†È©%—¤ÌX©²[yÉ“ ö‘ÕÃØr3F¹Ý³¨ú¡À(ûœ_Pm!ÌËwóZ&@æû•ÒÚTÚpƒ³0¦þ4»•p¥©, ªµšÉº‹zø×ù]Wä}ß7©IƒNP.‹x)Åå¤Œ ¶+ÇÏ¾zFøàR}<~c0¼6t[¶àuà·;wƒË‹-±'™4ª*3ÿ€{%›Eôw JŠvß¾³—oœyù_Yò¤¦$-ÃíµžžQŠWMŸX êd™Ã[¨|Fm"ŒÿÃÏ°lÎkÖ³Í˜ìâ§ZÅÔ…qšûHï7/ÒÆÿè@¬StL»–Û†ân„IV×b‚xŸ4X·2Î[˜JðïÌË÷UÙ'xòUþÒ´ðO4˜ðÆÐ{¹@ ½ÊA×5îg¨eMŒŠÑ®”=Í^1wUÇiÄ€£Ôhe /<~õËÌbv¹ß#%–àÛ$˜ÿŸNÖ›ßÇ¡Ÿ€Â·èçýlüð±ÛvìbpãK¤`Ûë5Ï@¡¡¹cIcì`&BÕ ÞD³iåMâ75uË·mqbO_ŠMFÑ$Y€¼Ÿx((VŸÖ&PïÿÜ+¥¹%÷²²¥eêI¡‹8£@Û`(g–°üq¬‘uÖz#*>‹wÒÖÙò_Ò÷À|rÃäíkžŒ˜ÒÇ¢„ËˆÝÎ‘‘E§êrù²0rùaè×W¹%¯SB»½iéÁ#9~Š«\ H•Š²àÊG3¢ÊÍÊÙ5xJncò¢»’^ØeŸ0‰ñòD,Ñ7OÊ}ÍŽ^}ÎëAËÉýÝÂoC>˜‰åN‚£3æZK2ŽbÖ™ó.sqõRîòª8˜¸íEÁæPE ¬¾Àeÿ05§£IÅ| Õ¾•ª©<â\€ª_<&¨~ææÙÞEv‡–³RuÇmÍ%_nc¶ŽXŒÉÕ.¥€tVyš…ÇÎ›ÍŒ6¯?/PmÆ!Çúî‰eÑ˜mK$ ÈYWãÃßŽ™ÙnûÃíÌ"dÿ+“&«œ„ZKâfžöh,(?&JIféÐh_8ç:Z2ˆªªxÈÏËÔQ5¥F²g8ÖÖÚ¬²‘ŒT4üZ¥™šs{üçãhñ¢¡ßm•|M=~ÒEGzéð7õ§QD}»ï]¨ëÑRUWp1Ve*ÿž °pÏ[B|ÕêSk.„‹œFÇˆEí´U^ÿ%éèlÌ‰«Á¿é ¾žû×ÐI$ÌÙŠÍjã[ÑÏ…©Ð3cÉhÕÂ 2=X‹÷®ƒÏ°C‹a6Ak XFþiE®P xCä VÓv\Q¨s‚ð ³Å™„à›íßå#»ªyÿk¬:8_¬i:Ò“c@5S£ÆY.-×aÁg¿A4ö€T6´%X<îW³mE–ÏÀ¶T£Ý2³;|Ï/«€ç©Ô Ëï‘Ÿh»Å1ø-ÎÎ‹¯r"ño§ç”èõA¯jBSò0;XcYtÜ® ÂÎŸÚÖyF˜o,Ùsa™eè®eü¸ MbÏ¾ÞÄÚ[ö‚—íÖÅ—µ“q>"CHÌ0ÁÅ’ôÓÝ¨9óSÕâÈŸÕ~v•™é¾¨ßèøtu5‡¸u¼¤>)ó™(Ÿx ¨ìUoøÌ+ÕSÔàÊÌýÆù úi÷yw–eÝ.Üm®/öö0o.Â¨¶‘AG.ì‹¬ÜjõbA~LX=x¨3¦&Ç²$ÁÇ°ã®enN*É‚2UG‘°½§*–I&QŒ\ô@ü«»¢§à¶ðÈžÚ!n\&ñ ç9§D¾c|~²zûk_öqâ=`^´`wò"b$ü–¼Ef&¸™ŸœFÌž¹ïOnwùYprÂRXTÎ{w¢ý<}ìH^;ƒˆMí`Ìa‰çLp%3 ð– ÇP‚§üéÎ,tÁ™îu_CìOaNsÙnÿ¥B2÷–˜Â(•L·_¢9$üBhM²?0×'(É]™?D·Ö¨@&†_Ñ†ûÈ³]’¦íïRÀž•¦!»iF9 »Ð*K>±€y„áŒËlBüÀXMÀŠšI³×m©wÓfŸR¶3Qnrc“v³õró60:@Àm™ÒO¯ ½ëÔ78|xr<Ô¢ãLXÈ¤3>³µ(²Lgƒµîj¿aÓ´‚ö=áç\Ÿl@ô\é¥iŠ;hþÛOµxqèjá±Áo:SçäGÔöd§‚bÍyaçb¦êQg#ño7»+ñß`]ýš!¸ŸÌ92ñãÑ¶J×µ nþAqæÄ<÷n3C#ï¢ V‘¡×Ï·"rnš×ÒGN¢»±}Ô–ªMaò¿bžü¨Ì*3àWAç‚ÃÑ{DÁö-!ï–·‡³È#µž7®H=:ŸÕ5ÎdÌ\oàcýÝ˜¦z÷–3 ðèeÿ×³¯·~Év·Þ‹À§ÊÜá%möàYhéŽTÓOAU:6›Àr 8J†~J«Ù`œT¤Š¿Ð/–+Ñ>8íQ2ÞŠžÝª<ùR·lnVÝ‚YóULæÞàôv„á;Î®è8‘Ìó(mA Ï$…†ðVUþF8 yK‡•Q,¹AÙüü’k(Å@ xÚâ›´#¶ûìžØÍQ)ÎmEü×†ÜÈ$Ò[Ã® ÈŽmq VßH¶;?RÞóìÌ6í¼ù2cŒxt©£g¡ñãí«ºþH«$?œ\÷üH©tíæŒïVnÙ=<_m-²[(€µê¨³ÎÒhk>j=£çÐLƒn¥9TSkýåûÕHé0Wb»':DiÎlé}º]8<Õúg¶Ù'^çoÁŠ»¿F+¸GTšî£þñÃîóç.në–{T,µo®qõüoÍ„yÏ½Ïùù SAÀ/¶4Vøvé‰[’ÀþYñ™ žÉº{ãi1‚EæN´QÁž$_L|KÄ†ƒ##RXAÜìŒ}¨œænD¯ƒþ”ëãÞ ã~ º4Zc”þµ!$˜)¾øœ»¤œtÉW †˜tÅtN¸Ý>¹§ñQ[Ä)+ˆÚÒ[òÇŽØˆÃæù0¨jÉŸy@äE‰›÷Ÿ=|Û‚]Ëß‹mÀüØcWüzÐÛ ònÚü÷AÀ(æçËt‚5õ2ÇHÒ>i3ÒXq”äh<Žñ\PéÚ»ta$ýÅ¾½38Æ} Î)ï$Àó×”Ñ¯?ˆ/‘/LÁ8YM/Kà`#V¶½œ‹1ÿ 7ÃÖö>òƒòánÏ”ô%ÐÂø^?W°&dxôhÙÝzæK£±—HIª¹ÓÂ@Œ7tõã|?{>fd&{j5ŒÜsô{OŒa²âymÏ¶¤ôÑ{§(à„ë[#U‡ÓùôÖµ—ÙÖÿ«æl<2ì!t^-ŠÄ]ÀšR–¤B^âÊ,»ólÆÄ‰jþ>Rˆ;ýÖó±hšD-JOåV@Óñ‡žƒÎÑƒ™&8p/KëôÐ€!·ë¡ns©+YÙl{ÝÐmvªöƒ1”ÛK—é0×Ç“Õ‡"ÖÓ«·^âäß¸qOô&üSÛæ¬pˆ'‡.„L´;Yé³ ª¯5„fXßUÔÀ¬ T§Õ¢¬öjÅ&8PˆÎònŽDMÙ– )˜aŸ¹èþÂôn5Ñ ÅBÞ8¨=§Ù6Ü®ÜMŽ9Qê6yéÿ!óD¤'¹VîÏqM2„qšw!ïL±mÖû{óƒ7øX'Û@½Š”ÛÃüUe¾†Œ1æ}K+ €#üªªœ•}•§´£T›îÜ '´h›zN[-t’*¬®-’ŠÃ!Žü]äx ¬Uƒ+SV¥„ˆ0Q¦3Ö]xÑc®ru‘ª¾®èþîÊu|ülY“SþbB-…ÈùŸÈéØãæjñLæu.‡®R—ºµ—*!ºÐîÇ•$$óÁå×Œ²Uæ+£Ô®O4žÂYƒ½Óÿê»$Û¨#%@%÷'qÐBVuÁ"6Öß's¶b™ãz ‚Óqt²&à¹ddAkfñSžR#Nµ"Tu»}†œ½)³#_X!!áêïÇ/"—óß],ìr·ïUèƒª°%k_ñRK@HeÜ®AûSs€Š°B^)~¨ãìÛfRÓVn(_þù 2«6ƒ†rmBµ¢ÜÃ" uµ~êW Œ¨rKP”Ý©¹¤å±%°e-{/>³(hˆ$¸-{/ò [Ñ }–Ä]æUX$§ ^Š¾6û’vtbÀø]¯Çãùá¬ÑI ¹‹ÀÐŽK#ÓuŸcyií›ÝSâ;BiZ)Í¸&X,ïg™eG#-bz÷ë‡a[ h„:P¯Ø5¡/» çÒð§Ñí~à‹XËHˆ·_ÛŸ÷ßØ-9xâ¨÷€A—Ü7Üke~4(£‰dX}ªˆW¬È¡'×ƒÃ™ˆ$;l¼ñytÙ±üéHåJ¸ øŒ˜ií®Æp”úxøïkŠ9Œ ±Ö:†’ºÒ-8ÎPâÏyö@ìŽ)…ÉêÃ)+µýÉèx×Û|«oËîãb< ãº°Š¶§gg˜8Lˆ~†!±Ak‘vE yeyÁ=ŒoqM“D2wø³[ÿùÁŒŸÛ^÷B³Ã¸›R-É.Ý‚÷ÔõqÆìMß·áhzòêeòì‚þ¯«Žƒ±Ëø/¯|½0Å"NƒMsm'ŒÆ|,ö»Ù+ñyÞy;&=ü#M¢b»Dc gZâe·Ž6ƒO—’°t”™Z¿×ù4§ÍfêµNSÄ ¡Bl³FNèŠ¿"NJÖ‹Qñóx•©/8kïæQ¬A‚€™[Ík%ôÕX÷%]¼„üYÙZú£ðš}mÿöááJÉ¿·ýpÿäÚºc¶S'>á"…ÌÎxµÈ0›ë·å|×„i^mg‹‚Îv¼A@9}¢n«ô”Õ%é´ª|L_Òûux‘ÁXL=Ó<HO¥aID)ºÚ*åŒ‰”úïY(ûk’›ä™uÿqÜoüd›ót^7£ìâp)î£)‘Ù×_ ð)$tbs«tPÇÕˆßÉåÅ*©e9»plÃÂ ñVGÌK»Î×•4ç×vÊœý «`ømÂ0é“ÔB¡ÖQÅ¢R½Ë“áÊûÆy|ºNs3*Êœi9V$V™‚1¡PGUUvO6 Dë~Ì[üÏ{Ç…J>+ìÜ»~‡ê} íÏdáv„ålA9€e›©Ái×u8ìÔ[è!ìÀnzÑ¡jbôûnŒr³uw^ ¤Åðeû¹ ¸Ô8¤a'ýÎÎ>ø³Oƒ\k¿È8ƒhCqêFª0é)-çH,Gæã¨Ãe<°6HC« ¿¾M>Õç±_Š-C®¢(ÐÀ/ê¤Œþ&Xy¯ÓfÒÉenˆï¼Ó•öE0•ni÷õ±0Ô¿¬†PÂxi8ìÎÈ g°XAÐl“…ŽëÝ_áƒ”Œðe7ÏCƒí…bƒòh¢ówtÛ,ô†·tXx…ÓS‘nœ†ÙõäÿF¦æ ÚO0¹’Ãêzü— ±˜Yï¥¶éß YZ