nss-pkcs11-devel-3.44.0-7.el7_7> H HtxHF]j ?*}}tf9vfnD X ,YB|9Nd+87ad11c4c07bc6ab65e4bba1b1e5a550b715637f ր33iF]j ?*}} #H6s]&߾lnD:pЊvB @T>8?d " Z GMT         =  L    T6(h8pv9 Hv:QvGX H݌ I XY\ ]@ ^bdeflt u( v\w x Cnss-pkcs11-devel3.44.07.el7_7Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.]sl7.fnal.govScientific LinuxScientific LinuxMPLv2.0Scientific LinuxDevelopment/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686 n@GCB:n \\\\\\\\\\] ],],a35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c445420084d8e437864a3876f2c8a240c14d43da2d8d36a700afb9ec49b85b38da73d8fea772e9b142ab1627b66104e6f489ab8853d16b66ebd865b6501d3ba5013rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.44.0-7.el7_7.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-32)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.44.0-7.el7_73.44.03.0.4-14.6.0-14.0-15.2-14.11.3]B]@]\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775910)- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.44.0-7.el7_73.44.0-7.el7_73.44.0-7.el7_7nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablescpioxz9i686-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !XS!] crv(vX0}PkgZ6dKfDV S"&G% ~#vJGTs=~zPn>1(dz+}'R(?qUߋ ۞X=`-NR~J@GaV}UIwc$Tf)Y>^L@OqXBf/tvrPQQէb~R}u94sqmHf<J2 cɄM Hc0UT6⩢jF<[;?P!c%bNPǢ0"dNDc*D\ƫH $!/ 'SڻZPaQ&;Egd7/pܙ*ZOMU_A@V.lP ٙh+Ø1f mQec,ݫjxICu*dDRFPN']Ҙz%ǤQieYd{9e%XS7oŏU[T5A~WU xߛ=̈́SL[ʏBBIJ/A'eߺjlmQ`UuZ|ݼx9'1Lcm퍇e\6dyUutܛD mn,rrNTaU N#-i!&] /Jc5U١b8[s41NS&Auwqģ=8?D9'{XL-``xjc4qcNˏ1^،M ȦJTǝg5tyŀ0N.үO$ A>'M&Vo|u ,qu#U3ge۞u`.>b[AT f( 0ڜGwT U *q.En>Y&ekUFD RAI6fUBO>h0= /)/!8$׾>n\/6Q\y,}qJ @NZ,1SOfAS4ɲULc]z*ytb^[A0&]$B!Lw$3HAE;wuW /uyM K"%_0M$\IJG#);'Aُ/h%jXuY-^Wdm/l 9yC_7PAD3Eg=dlvưFH>27,' E-?sza*Hdy@t_\ MʠkOSdF0 n-e|(v>HҹFcX,ioԿehA4`H_LS[g"Ll prT42&X[qD\͎xNO= ku-b.9c'*[MrP<؎Y {Iv-ܪ\^?]O)͜T(>i|iͫӱ*X^9dgHl>SRAZT~#SEj6!}Ta~UP@+gqRN Ṛp`xf  iXgֿjڢz=}ad3"[ߋk> קq`yL8yolA p 堲]ZݸZ7& RĕpߴoV"xrjݓJޙEiԓۙAf|1$] 9l/qbua)4 Y\ `^f=`BZp ai">WJrǝ%@Yz XA^stW%cN*e9&^P\'9D$(e@kR6 ykt^5axm @D:j'25s4ȼx˾ ]GL\NH/@?%4'DZ]KؓGU6jGz}bR>]fiZ mٷcy\|oj> Wz^@p0*\@:e ev'҉YY3|D;p.\Hgc@)$^fSl^j9lxسW wNJO -j=х+[d6;!h^9W_T=PYژa}m m=9d+DGbsu22=-gU-B"E1#DoXwQ%+H3%VbEJ}9< )$"eS4s,D9Q3r:zFlbMf}$(]5Nl62o)F.Y!$jIwЕ7!7 B#cѵ%F(Xa p٥Vo]`_L^ h 7`cFnNjg-SPd{ ryv2)gDfJg+nk&yL LFH?V>f'ߨFH녃.r-Y\񁞠n#a?H>D` T.Y=HB@{B_Aċ{}6+áXqO`KV.l!g?"niD +O:TaM0bah\,4DE Yx#ԓXs0@̓C$4 &=4Kޯ 4#1FhN6?;QR%]@Wzo`.N:vv[QFB/姻d&r= q],4H(`U>CL=*)9[W$RR8Cи/75gFM-̤+xOTF-ـ;ʤ!Z#|$^+e#/bQ\Y716"0vدn*g@!+W_Écx VJ:ģni$J P(Fzdd" =+4SۑQC_ v ӛTNĢmnB#\T(;>CkM([喳 q .$>9?*K`3.SZ82 ԁ]+2q;?C$o9Q6\qyj>#)gaK(~!Ln@8IGFOQ dsR[`V̡{U6),zX GZ為\?U4;xbMEבA& mڴU' ;0%$ !+NJ6t~4W i3D3Xyo-!vW[qѱKֳ_M7"X4Nf H']U:T _jf8іڦ/y%R*чX49#X5˃e :S-\qLTA?ÐG͸}#Ai%17d6r ?_?Pc5LhyU G.7v7Z:(`Z!syNfiT5lY(* 4>0-&aGʁtŞ%lLSY| 8#gnCᅬɣ.LDŽȎ{̎ǵHݯ}jqA T3낪#?uul>KpF;CN~l~@i}5/7tlD}0_(R݄Y[ (4U(t ?I3/*FP[AI| u՟U(cWwׇFk޲d9SXIBRY$: ]1enHTiALX'WNP[D# hݺ#SXċjwX|^Tـ^*MLxr"v$$WWz'ȿXcnt(IJj1mt*C] 6YU5wPF,5PsI]yi;%S[s?x 4z~lb܏r a u4q/$p$.˓qIƮp )8IDw`7'c`]&0>*ۇ?6<}jo<<@~ R{CRTkfZ-w0l+l++Ɯ%!2Rlё.anOBmPQPau !ZրG_]cOm$~jCh]iv`ɟ.Ʈr0zd>lz)@JPU91>Ϸ(Awho啛]`ܭɆTe&]MHv:_LEVGE4.tz:-yTWZQ%4M6EŚRϡ]$Il^*^wX mQ`/6W4o:lje ._w瀃S̹Nix2pQ]M\XWW4.ͼDC-|D.07xuGTrw"sLtco5zhH ߱+OH](8 ]o=|&EN$GP+d+2HK7wnۿ< nHJP,ۈQQP`]sF-쟏X4wR2 ?ZUg[ۋt~.Jc>r iħz }:Ez10z 792‚S?(W/$;hؤM9EE:5Bh<_Q"\fK-N*`Sэ7ϛqDn?eF9! 4)lɁqL/D\69lkz@񬭇 f+3z3*pu`E4rHGKAƿ8ŦQ9J|m ė M;mtr\Yi\m1ZEW)wU2sA r fe h7C!YyDB ݀a-]Gx%Zz'GXgNxZiO9@pǮsXS G"jױ"(ؽ9U*]63GlHǑ)l u|Sb#_N>02C !A/K8umo8'_%)䫃<] ƿ]'s S;{{:Z=hq1aA_|V/:L`J|cZ ,aBD. %jՠ8ː$#~ҲJ;8)?F4IId,W%JH$+,*|Cþ=˃pڨmǷ.}!t#{$֚o)/ogbDN3vk.ƍC&ms82YhnhSw` :6oQ(cbŜZh'rM_Q*[sKpdi)LRns)E?u9<9Pyy6|1e,w'yLy??-ckM$L3ё¯NnbpL̀Y.Øx5BƦl({lla3> B-V\!BfG8gǿbB*c3"RCOrWM ,_?byO(oҜsݣ1b# _Do'Ipya#sЫֲlfPLnxz$<zw6\!opSޔI$C dpd "' = 3_ʮTWR\%}py(鉌"BӲkl|Y\N?s(K>sJj| L @)EG/:TkJܾ]Nnӻ1F4eX^Z"ȑfG' :O7|6D ~^{pZnQ $YA(52f_@JA K8cXVelInl+FCԆga,?jޱr4ٰ</j+ ~[׫E-"BT@Di׍k5ŋiZṙ&(˧ҌbWcR8͝}LաXM$ Z3%@_yX48XGKo4  Y%IUi!Pq~4P}҆~nEЧRzow6P5vHNt,UsMڽZ]aib#wC.?*-OcvJ;v\q8m%E/-Aiʌ)?$~'8f:gCޓFEMS"qf>krE~]Pm5]Q)%,f`D! Gf&?lPv9cc;˓U&'o-H@ki#xW/mE< M&.Q終6}06cWu]U I^vX@zکed$B/QH\k掛yeftΙPOc4iwK4{C;0hhF (cahP:ϟ ]{tV'gڴw/)XO0NT"/O$Th?w9_.^CE;C*?*4mH_DcNdN:_|*=>T5Nu0 2i9S\NDc}UU7.3X $yqަㄇm~&IZM39qUuءɭKdCNOC6 ?9`}V^8km/'$L9#k7&$ߛh.HEɧk(2| [վQSrZejʳ8vϒt9O2mkv;{h`Y|蒕,+rez5츣] +%za _%<%?ޔt ym)|o] . hd+L#[@inBzy \^cף@Bx#$) d\;nKy);A"ǝ8kMݶ-^ Iq9 ֒@lo>YkWs qF;YW:aFE -nTxǂ~R_Mmܞ6~2.R60-hM|M SŔ.ZDMXD>ԞrD}ǡmu<@b>I{B5~Zޏe%jt4q|PgP֜\F{ܑleh)'LP׸ܷNF"o4Qa-.f*iDPf%d{~Q8F" 94|߁bYNɏ99^AT $¨!w~ʿsŒ!LBHJU SQo?}bի?n0"dXW`u#"&;8WKJxcNbݘ~Ӣ ַH>t!_X 5B&7- +fx|NLRwwN.{:5 7% CrAև@>vv$/IJ{ALw~uMJD_Y>!(]au)U^YpV)-xT/٠(G23 4""YV*-#MI'd9'վ#FXlRc-=M˞kK@^Ɓ {ڨᆰ3`r}yQjI[B],P?G.7),{i Ny95ö#`柀}y&}mhwB L n~ׂb̢TP0k 4@hte?_d۪-b t &z9T6u M8JVB-A}_LN~ Q*)o(udW5 {4?blxpsNEڒ{l*՗ r3 LÔHa2a' #}9WW=:~6נ j i$j؁|,'4&r-wTq6MbJc|z[hŚ`D܆D fdh{Fls?vPժz_>4V}!ɨǩr ؈ $t#i "d)sqvڥ<Τ(rv>18Vӫ]": dLxZZЏ6w20(݉6d QąMmpە:Vt~^33r'3@&X `:=D<4QQvT4JO~iDshPĔZ=| }҅)e.c!hi9&m]w=fvg{]<ʾߕ}5b߷YVl :>WtFUWi@Sn:{t.\Gp0WQ3)My5$H#bI)ik6 k pqA?|:;ޘ4GMcd(:YJ4M ^ ?2Wϡ#3%;Նz%|9L;Z)vJ&3_%|V }s, BnV˸MEטsw'dm)Vij>܅W^!7k[1O [{o T `t;tfϣ"(I "^ 9"WJSW+em_hv#P*Ol_YGA{q~gGa,Zf`A !Axsm =8gij)_;}FS᰾ :b"ȋX_I#\+A$eњ >LX0|bd&,3=e\c ۴ 43I"h!/ ;l߾x]T˯h24CQ'>ㄸqD+ \\^k][7QGz!Qc}S$^f 补M I-ȣؐ<7D~i{| -ݛ/H) 'ljG١_QaRB4zuwT})nˀb4тK#Y{|ʞ;Y0D@`rȁ_-Cz)}$h.]O-?ڠ{F/?䡢o4w'e $6 ꛮ$T vMre)/ onD*V8_@`,%QU2sT:.,b$1nbO䣦5VIɆB[P)e*gGZHggb-@]J\U_8q13Sa׷%|Y@z@u^ݤ|.bӲ3n ,{wڡ>gfuo3#bjTCVG#E o)b^[7|mUCUQ|ZӨ|j /8ǹռܸP&|TFjjsOHc'gRh UddIz ↇ?̍(xzftxiL/znPR+|yщ=O8l'v8i\P&LHxjY7f^~&hR=0Šܡ,6¨ "S."~{' (,BSm)6J""T81fn9=TJ?IaumfJ@.OZh 1RFl9Ub#|I@tGG ]&^QCi@"DCpE8Zᅏ}tz)WIhTc~(J_keϋ(G1> dcwM6:,`r`?7Dzʜk`9[n*&wj59Gvғ@sAJSs /kCZg? r>/ f,d r`(ÇF}gέT}h툋8\ }3Bx$&\5JP[_UV2ˣA+0:z1k~/s*Ic2k UdlO k:hZC"Dk@ ԦeY%Ԭ_o @^3-ȭ0h /n9>-\ͧmc]¬\J0ӁPmɄ9J84o̕ӦGh YyB"w_IR5Fsabgj45\jj Uzqqi}XCM!ٝuz^R=С)=?Nkh#?rW:&7SIFw;P['E(ϖp;K(Uq,яn/ Y΀FY-ӕ$P֜N VDSpI4z׫_rRX2QC%LFpEG>绮H|;Rl.bZjq#v, 6h= wA.RYMZ*9:emUأJfQYZN5AN}3TmmtǙo*nP3#!F~L0zylPqU7d̆Ad^J1;~Odlh<:N|ౚR-rϙS&M%Qp9_$k.Mo P_UR:mCzD?-I@}B&@*#o 6MVV^-?# i4xz@I B.B6 1%]zNk,P0P}.?/!huN}_>8dW.Ԃלcnx 4yvuqns\/FC{Cו-YGѹǡsfلU=Q/ {< u<'sqflRB '[Ҧ%};TSl܈1 /t0@q~}4Yp6O6\-t7lA"d { X:3  6a6f -aTvam8&{|X5O MFRMOS"6DU{M[CYx‚zǐڐuby_QӃ`b⸣/LRIuz0S[v,\:Tj+H+_ F##7^71nam:H6{r]:`0,/x.B3`ȠeմI9e-2hJ) )_ #_<gD/˛`6PTMT[\@D ,ҽnaS˔…0,ʿs|]1O /fy~FS~6) }{9h$z7-*FMAeb-XF @jV`+TKȄ\seܓPVAڮQvAFz:Ciܚc+'V(!`v }1-ṷ;GsVbEe+\S6W ' ɪ7Oi\`bH{Vn xVx&n58FFƣbLv_qr y2ZR8$*ٳv1aH^$'45K@OS K%bDYt'rYk7?B[bEA9!bYn]dDBNqUw9"IvlB|R%o0V{x~,Bi>w(^̯ǹ_3İSt x:*@MuBŁKqiA Y 12 vsqH wJAeay/ZI gϧƂ ^O RZަ6gW*@K $oET7#^wmQ0cB4i<-'227ZflѶ ͜zwgy*i$\C@rD7]9ZBntۿ"J0>( 74dkE֮ݱr1/d'^SXҐ/198;Jbb² ^L'M{J0e7VT'#fceIih1+  \,V!0慄D {F#qbԂA>m:ue ZZDF y=Y[CKfan_Nb/G(!%2"ϩ.?Ê-x֝sM1.Q#DP$6Od`dTtJr[P{Jl($c䕈^N.I?_OQz.мR\|eUpSV /OEnWZ+R$0RI7.BWÕ֥SY\}MLvHk|1}0Ƃ'jK!<(a}2qs6 C2p,v7504c,BrQ/\E|T 2bҝ l'KZ<V3 !tyݜBtbh^sy]y9_vH rdP y }/R<{ g1bwjL:]\ /K4˒ hk|F8.?-X/D~a^z;so9Z +&Qb؂gSM'0@=d)F8[#h/W'<ѨwçL<پH:̗Kv\ׄ Myp}H/F~,7BMq40P 5뚀,@|=<[F P8q)ld5țr;sjӇ{^ڼGY]BBr<C4.{]nx-DbKedG~x_g߱,7rbqk 41[9 {,`=5۳O`20uhʧX;sj\h4|D,| BtGXN#Q6>o|/=6d&b|rzLi!o#+y5ߏ$ ƶɎB032QtrzsX%;ޏ9j_ȍcbFJ9h)OZjXUOp0!8/cHzit=ܭ݌IZʶ~ .0LWPW7jd׋5xjY >amfH2Ñy{ K4[TFO= ZZ6ݲ "'-ؘ3Rmп&P}rnμQezgVAR;M?ѻi԰*'l4cfT'q[d-G+-q77 (ݪ3dhۅ^,pzV%+v+KѩP79 `u6!̔njEH$ u9`}<'> NYpJde\7@i:bVp:g$BīME0 \ IB NK qn;[m=]~4or33?KĿ9Ye޵p =<hT<3"g\&ZIq/pL"2s 4(]`{ݳ/r>,"' ̀ 2$KHFlbS@G3H-gUwN/ hmCZats4LEx}\/@ rKF/]4pQeЂ҉y7u8R=_}G(Lt=udڝK&څJ RO Z }ϐ ZJƒ]m`Ď6BF^aCϋU '=˕so*&9DBŴ3d2' &I6u Vt ԬH.:Q`!f1gb"0RbZWC $"2z͸ApTdS ` ]_k"XeR/)}:tLj -Է݅ƁzW?&r&\,@ҳp>>T%QÛh2ow~>ÂU"rT:h:EJ~7Hsnpne{9R)pJuWr Ml-2NtD5"~3 U&S@0/jutiS"sEsSчU9*aFV2dUi細Bo3ODD= 5 g1q@v%b@.Y?jpJ(w?nF G7X2B1] L Im07xHo<~Jv]` &\Ohl%WIBbt:ގ'?QZlG|)$'`u՘9ݾ<ҩxc%k~ CbVKJst.sC{1ll/H 6P|At#(}i133w rصe~+y硙C͋d/T[Xv1NaVi$y̵Q)=M7EWC*ܙ<1VD|sƭaS/T9Sa~GxtIt9zNB{K.X'WK{J:F9m#zX5|^snX꼥C9ٮB:o:Oml–>d|3j HjD,RVfp۸Y {VlAI8BC7$Y=55;gUI '<ɞtݎe?5C=0mw)mGZ%>v$NvX \]՗| qF3SΕFGՏ|-=qiOKph^˼ />%K=[ـ9?>ZgYKH;LQx~18,X_A+/ RIe" tѪX[3q5 AK8v; Oaq(pV08؂ZHͅ7Ŧ`* Q ]|`.~MHA`C7 Za'M˺kJ=Ԧ 2X-AqMf4REG 8҆ q݌ HFEruݡÓ>X'4*?) ԟ 3 8C7|%C G{fd#I#GҌx'p3JIob*N}ߏz"kh) ZmS^s!kxyD]fHRb.wMKj8khKy;$k?I ۰qg^'TG&e)Wi'>P=Lgg/5;D0q;6ɻ9?K96r nTtRhG^:68bປ;v:Kنݶ@cS5Q9@I]EMQWsh 8]Bej)>g̋%{J7oj´%MI'289jU;4EB|M7ˎ5Vӫ*-|P }?p54L ^'C¿j(ጞٳ م;l:aUЙ(v*'e[k;oM.Ўͪ|8;.A]uFU}\륧@4z-OK# >cުǼmR6f(G, sӐ~(yq5GP^X9QHO|(xJ#0qdỴ\4.8·ǘy"!!_ f S,a56L5obhMOF`ت̜+I$o.ݐnAR*uXv[%'ON1y?9#D[y .)Ʊiǯh*Nz?BM#T[8k(ámoݠ]uX]NΊWx莤6ʦK~|ZHr^r˦k3i&N=r8d|S DM#՘ϙ6.$1vݛV j}9r7lA; \ZxZ*&g.k`L>EТ)v|  #s!6BE l!gl%T/7#>»F8>qoO b#tNY~j? ډ 'ò(կP(@K.+) JPxM]!#`;"NA:,IMЏO4n~*M"Z4ϙp#_Jw- wf=.lxS!O.3\|j~~4ku6pXwZlz?j8.2N(cH["-R ߆s*56Y{3ymτd@k$5}屏0YcoO$ RTQޡ攽l_gpGٶ#P.B@WDt˓$ IC]#,3T([*sCSE%Lc|K ^c8!V'O !Nf LJ@aZؔXW?y;:͛$0N ;2 Y )G ZuXp*6z;$S4]H;T)DU]iP'ڻ Nt@'sC0{B֟>|0ip|4 @<}Ij8ˎ/rHп:NAX َX1*x. XĞ4k1|=uxX)+nT-а-b4.pX4ɢSvuZ5I 0XSF{@*lRW?ysԮ>T/ʭς(`.|&Q 7\03p=OeF[Ǝv;z7|x걖pngl G* t\uc2CK\Ȱ͇tH6Q}ɤ: J~j:S0as}u9. 9 . șaN놌J;PX.nAR8|Gb^P>%V0q:4:fHb(F$`2*/e`r03}npy1oUUM@r'81ʿp3BbNɑ\v=q85<5 vr!5ʥ̈Ep)S]-P\3܇ZT2!S%}.Q':O.431nw VD&iڇˌM)4ʯTByħ6-[q}2T&#-" T m0&]$:MEe==M ]\/bI7;gԨ5ͱy>{EMF#/JՈ󷦶۫8&72ǻkd-t&Qq9QA7?OW4"@a &vlA;kn dO~pzϼVMp V=1Χ.GK$.10w*ロtf- E]g;nn-VUS [^^3[y nTu&Qgc$H+N3I56M1Cj씫wfZd#s9(OLzKdn!r_=pi-g|R= jե}˔1O{vTUl,`hJJVjS|O"`pՄ@ ut۷ /;]LfF,qș6mu9V[0i? mz'sS$]'u/i'eU(nߒh|>LU2|g?sg";JLCàgo§ t Քޑaie07b9PXJ1|yn uF2ɒֿJ1H<9d&VͭfLs4Im)s>k\kC|^?{R3n`I&nWZxFT~l{)U2dV&DԏxK`In%ePF@H4*;@F h&FG !p}QN!&B5UNeJ[8R iRP0qb2bl~vqb߾o] a@)8]P]bj?3X>h% L[CJGB]M1̞N-sd>(C)!b(zp5]vEi0Ӻڪάܓ<CXtYPjDLqW[BWayvu!M5f-37$#XMat&?RR፨vMһ8|3;*%gZgԊwpq̅ݴJg±&pm\.J+x foZkޙʢ]T=dîq@#!"bt ^`]/ti_,xpg@b ?],'E 4) 3\&*wo1I}'W򜭪(g7_xiWl4-Mk+ˍ%,G+T-1^/32%[{~cL6+>Q+kIED <٦? ]nyK]uf0I]dWLLl4a]>AF|)ְ9vz/ܖ3L&{yl]a< /)DYnK|4&ھUiMa0$;sZqDr_̶h ZY}yހ/+fV3/`dߌjd mtr<sQOtlQ,ET Wno* 1L_j];oO@2ieevqǵI|EI.=/t RXM 6$#H߼ .GRQ_'|Yjт} 3(]q 1[:^_K.lA[FCOۛzn}c(Y; 8S6"3/C $\`w9,E!RIoӟfjC]#A7\W4\ /N* Ŏ9)yt0B+p> |YSYYWON`xgrύ_J\2$w09I/}^E% ߕ! -p%koy63 _JJFd3B)d%~;r?G,i-~NM+K_FȌV:Os);Y?W3ə/#s$ qZ+kߩ-OAw\ Fclܛ`w ?Y}p>PrT;i8У]O¹+&fi4&Oyv"Z٩{f >ݩ f6S;,O^F{,QdRqV5nkT7L%uFTVq-fzI+ nT"m9\˱X>,;Wciwaz;;,{3JeUh{} N V ^,&g_yJ]VLtD_K)of U0.;+46< oDm KQ9ceq]w(ٖǷ_9ҒJ*, ~1qL!iT1in0~ְa2T]P^p5 M8Sa՞]\Hɵ1W_ 66*t+!\G n߹fH77-? rGj!p!ff9jŊ[TH%up7CÃ<+f$T*-~܈2 ֫U6mK~kI!(vxC G,U`./^w͢.]t"Y5.IE=W2@DeH# v `|C'aFai`xC`FPq廆;(Ns&inOSum[10T b~@-{D:G驫(x᝼%AEz֞٭bU, #quj>Sn'lb+(m4>8p].ɡK0N ս u N&OQ3@ #;EYŒ/+/9W s҅}9e^a9י+)Yq=O) =jň bRV=Es=E/'TAY >7mKޟF 4qd+K331roS X Tqn6BǦ8AyI{5۷ FxS7¨u5Fwzo\}+c j )ͫ7 X"e.)ih Rdد@Kn xSϷjоNԈUau}Đʰ*֙<5s|Zl; pq=kZT~R:"C^F&fV hpyuf&.QIuhmdKl|eJ[ͳ䜾0B@9f :w \: lBB;`zGԵ"dy…\pM1mB3s{If=N^`oc2HºܧsmT;FW$N ?<N;~4!KS'/.cόK M}NEYJqsmkˈj3|&PDPo̩¦Cm2P>_z|SSI|$QT ۘJf(\5Pd^:CA7\߲3sJF{\,4 P9ɒx poL 1F08_#`jQw*|r%(y#EOr0Gl q($L~[H}rTN]^8ї&H%go'*쫎4n ^,9W^Ӥ5pӓI3BBtnjbS> D]3uVX[k4(lBT5UK5yDOJ9bXSV ܛCzPK-N[zٰ[jSmT9zU @F(w"RjY._^2kZ\MړTxA? jaYxc*fbSrQ϶ XndQ&ϣmU7\$Q\ާึxK&xw͌mG%j(b底˳oh#lYJ{03G֏ D yMoε.MIYܑSzľTWR,H>=~}89B%- 0۲#fԳ6yUt XEmQwˆ9u dw\UABҝ%R/AlAv %CckQ̸߳~#HM%2.m{cGF*N J)bd4 JY=V|:ƿ)+M\/u)Ǯ~M9YE#}o w|נ'񫖪ҭ0TC4ǮI+].LG [NFI\hVqi+{TU7Mh(՚e*aLQ;P.'߅&l#CIo]$ܳ!KyB>`͙L2}8 >ͺsz.R΢>-$zUÛكѣ`HCqY]C S٭$f gJ:Y!b`GxIpa!JuWYo)GKr5 IO_P)@k s i![E{)1#]B&AžHIأBԋ?MԾװI=τ1jW(fv"AӐH'l!'R3J0ٶV<XyaEڳ=fBhL;KI6.\<6-29aD*-+?k[l͵jҾtCmc$,iP#qTp E{l乮P!>"?PBBT06.hYaO!+WQprd:ȣU6$ޅ=DW8Ңmm^s=f!ޙ#͇^N~tH mZaג}aC;` lsg$ lK^9iʁ8ț{vg`ϼf#Y1c6[[ p3AB+]6U&-$2ƭnNwQм֧g?Sh{%?zn@5;| y! :K# z}fq|ɓˍ彑 lBY]{\(\u:(窒*vk`ʗK!mz5PҜM* ܠ @?ݝ j>GtKԋB?.sv[l&](EB:iQq1D O| ph,_ }"SoHu!@~}G`Bδ,  {( j\x8 Olvo7Ʉy{bᗿyA"g]n<5+M?Bʑ >`5E->Vڽ0`uΎ )1>?J[JN78NMq) G4SIϏIAZQLV.)!,c[ܰ؃D1u+DiכYfI_xe3,ϯm\7T[=ڒ< PSU^eӨI n''Y#x-(^]؈ĘY; N$դ9:m†lXpoQ=ԗ9?HYK%%ZVZ۠5HN&{H#!7r"pqRqf(!ϐzŷeBg>[̿ ^Rۿhϛ‘_=fmsקdip3ĉ!1rudt˘idFؼjٜY9=2eN镚Sn?ɼ w*FwYB^+hFh$.b?PH'%= 1sաf&H]0hBE8Oc&]CZiT1o +>g$sx!FF}=SNm$beR+(>vZ:)~=!wTB0`.ķKدى,qHj=PBdbOK߽ɺt,%\mr3=FTvVа#z/u #6 JlWm 3b#[O^68Y ="Ϸov/;@k6B^LQRb)O7piݐvBK}\gES "V2]=G:][!ӂL(4ٝY)Z"gTܙ@Hθ<7fzR<3~bQ Ϗv=bN{_yÁ J:ZDƅ= .ϳE'0 ,dZ bhF!nş4d8A5rkpze,ZJB^x <| 5U9^LG'E@ ęw* e1) (J @ V3BblR-Ww+\g?vU^, sCʊfF,*oAhj0Aҩ!6b*|稗V|4V:2%*y|li itDd#B v hD;ٶotFNqgKLZ0iEwpt;j.%k< rDĶI{,)^S@Zk@A>:lDޭ.vy/]Y4"ǝu6$$McF |;*ixN)hQMGXbpAs!yyR{ Ћs^F|~lKP8.ԜL? _/+&X_!3ꏣ2hx2e#D6+}sr%@27uUf? fVYjw0'9!@4+{"x؈HG3:'E ]QG r!Es`c6na_%uGu8zYtF[QHZk'4Cv)8SZP]`k9ist/A}N(6liDNѝӏ k8g pshCk-#^0 W `+6+!-h!"jbbG=o@ 'pzX6ZhTd)~X"@0t- ,fŎc7^@e.;X3,-f%W^͟(1踘AM Y6^ǝ$5DoPYC^Jbc"nm8`yjD9XG}`ơ-1v߿޴_>n2 dɓeHoq0o2P]54zv쏓X3,ΙO,]^~ )[i1)⣸߻+.b<0hI j:) ``Y]'Hݙ?"Q@)!˦- :GNAEŘn iGkq=StRуi5i9fڔ؜s ᰛH}ZC2V+vNNPWq'*)D:~'$yT)TRƟ{imV?kyukʓnȼ9\~ _ANtW3lSAu DnDS#kZ .b%sF-Xܮ[:jlS۠eSYbŰ*HHՔ$4e^AL=VHmU.L?1ȕBM*ךxJCͨٝdC^VejIuniRot`ؾAg^}ZڐG͂e8"T8X@#&zmYIu2S%h2>e8}p|[9*M&*Gv4an|B:%}Q.O 9a~!s?c`#.R-${U;b둡!MʜSi^2c.Oc94`%:[eٻ8!U .RdR)UwP4-7<9*S'v7 cz{۰Vl*U`5:UPee=¯TA]3oj@G7{Q- knmxZJA<܂W_C4F'@ěL|:40fV/(4 D"6e@ڸ׈`!"+ |OQ*l3;F%c*<ܳNMa[t160z) -ȲFS-vv>+mttp!3Y VliQYӁ%VAȩޙC\7UhK i94oN Ďu{Lp{uĬ &)K{ %ye5^8fT!˼> tGS'| u4f"<|{Czktz}ZN^ `lmc?v]=Є9 zK"m*%!1զQ[7} ``)yR5ѣ`R3UG1UN}5Dw .%NbŞ^'O~t|Oԍ\O9ng9eqwiFg&hQp@;`LJ$e*7=K`\ B8H(R*+oTf- `%$g+/Aq<\C#{j&PB2fyG.A\UCcϿ{&0W>S''nUI)GzAǦ5swN:s2%!.#Qe5I]f@c!Yq˛@mVq!Ϡ'*=ˉXYGaĶ ,Ҧ#^ח1ZYd 9(8 Ș%R3\W'y0;gUAVւiP5)GzbЧ u $-SbJ޶5 sɘB"ٷ% 7 9z;6GaGvӉ8N;dَ4t8>[\&ڴcݦmNeb9Q~2mLB8{[lwe樄}%`^>~缂i3 ~-t41Vwy|Hꔮ;*!T uvmYϸ@XGj;AGKjڳ3o0H<țGYY ²}(2:’6q+'ªQc Ҵ,| 9G(=Łm|R.(9, OSWwf"h^aIEe [.>㱄TT^^|F}^IFY:"Ʉ)f0esN85oىJP}ϱT XuBd-͋H|*#}i?i %8T%ħ|Ơr#B<Jv' p$;%1%lMlGNΣP]ۊʥnЁU |>Gطsh*)At UNV£'I!bljS1ùe'uJ$5/9>K4*! {$z`vMD-OsỳԲ5&i3!0/ziD }[p=م7ӻ|GHK D|蜭φL\hEmV˺pבO>[̲Ma@\r]o}NH}@J'\Mfe . YQ܆i6#%a4P^({67AzBQ5M&p,8e{x*LL>$`l:ߺDN6݋>/͚ˢ`B8~46?bCvY>UZ)jC @Ǘr:`>&%3L<*,{Ah)>}IÂuwD* d9փ0r+7g8DТ.wnE\@7haLObphK @,>T`_y j{:n~HM~ S}|~>?i7u.5z y/-A^Fȏvo*|bE]LUwHm$y>({2:iʗWРW9?8]R<Â{"Hbˆ(YY.]>yh[:k mP3ħuK9m;toGc!.y4;P!hAR.J1w6= 1o?~R-46~.k1i) R꟠ncT?ߏB,˸]<`W|Ra1` BvF; - [z#yHI߸K K.4qk!-jW5BElDW2s;7FcxćF F"e/6dm+m_|ĭb,(xL;\5 y\q~FbHQw߶0#89ϸWٙuJ&eO'i,@XioQ8,DyLAb]+DwQ1|tl!X;ahT=;5 X,ZTP +4~Q|**g2] 7(`HQqg#f4};=c,;-7nM[m/"DGR@j@g%sc17 C{H-A>Y@J>y:7Cm7IT$GZږ[ 5E(rM!v(6<5*nhCcR+|b8TuyL#+ިwEsoN"W0$i(Gֹƒΰ%9^=L\ _5{۹Aj;YQwPnfh`jjТg[L,uY.H͞ⅈ<"f^LKT{"Y&{ʆK8B>gy|v>:KzAҿ7ws/ğ_X_oJ%8ζR*Hͷ)wJtCUo;% ::FI$d7 v01w0~Ҟ,YQ sX Њ:,"X #GxT^pKpJF@m07Ȁ;F ҽ֟˻"Yl@o -Mr!_# h58emCTn_8e)l/47+'ywj Fxa ${ R; B~erQWs.\ yp,SYĂ\HwSv3K*%??֘5VmJwS=uM#_u6z."o#"o7S(A%\ѯ 6b*-?MI{ -4"!4SۻGvU:?JWoVтQsn؜]C*2s^.떘"xΥ۸tW? )o2+~j2dώE@ݱTTJ;)(,^!YǑ{^\΢20抍MlJʬ&,w~>BȁDx]gIxgd{wD䯢e|eT9>yǘ"iمE2塼 "䍐#샅)*|rRzM o)#27y:@vKY@ ;U~\.|lWy=x)Fl9)[BxJi",M] 9gOQE*1욋7&n#mn% G'D݆r9-nCu̞;Q2psbÖ$s~Fݽ|n<.t${9Y[#QS"8g8D.J]TwD{26E` _SUDGڋN6BZà1?oxSXFUl:) tu6z J Ey``Ld"d?.ZCT-6&>J+u] 8;|3Q { ¦!}Qң/±zrQ Ŷd5nXvE#81Hi{@ņKbυgqM)T\q>28-{z` hw$T}uLhR< \0eI7!1=T[ 5 >گi_$@h i_pڹ:9vޏ#Ά$41~d)[w ވ%G.!ƧR}\ Z^ ճRxނǠ[Z _>?Nb̦%Q0`-Fe{g5_rL;;.; WY㕎~7~K)%ckH" HBhDk0bΫDrqA=1zKr^b8t_?`ulGktL -{>\rei,DX.k)/6:NG=.Mo/kc—Rf+M=G1,eϱЎJ?db?_%>Cbt@Azm8 z|,_T: +O~łC<#Hvqz_qkx_j7qQ{n~|#v$`፦ 5Yz28Ճqb+rd$C@LԩRtVKOm 3s]/ӗ͏A ÔaîQӵ}6 dHfQwmdo< TA>}:.ۉH%z6-a>HF^O4ÿT8h }yWZ"UU?襦C!l8Re"p1~(*OCX(Ph\=LJq5"]P"bbaםTsW0aIjߤ&|;l›NO3i kEggtc'GMK5RT#yck1)Oߵvl䭔 3y6!M|y?<"1ABqPe _#?piCy x^q`zK* 8׊. _`k1a?s ]? E1=I01#lr4n̆cQŧYA_6},_3x}A? bV]ޭhҜNsɗΩۧk gE`W?JjΒqx IF T&KFF)X/+@p_*D$Sٙ[ U%K"D[J@qke{MYiqK92A>̢cVs$}36OUXEV!=UgL9GB*)S?و,ýyV/@P=H qi^E$գSS%O!ڷ4-!z'|/ELӺW+GÑCc9+C$wӕ=e! 4^DH=d-[%2+ξ>xv(Ds2 astSuܗ hI^FQ"i8{RxQ[^B \-V"prVQ_SB}bY()Ί* ( Aco m<&^E+ Zj!qL!ɐQdЄF9o_tZ%urOF/HKi͂KV8]:caT,q#ff,M?' GI6ι#i'f)J6åH1vtmT^pF[*UEIFb| F+C,Ζ20NNb`av)\´@\J>|2[J/ 2Y$w+;{m6l\/m젊[v:Oۂ,EYlQ^ ƨ(Si m5bHJg9$LTB7{.2(0a`l V*v^Rϲ&t?ɦٮJcl4뎩8oc Yi'#u}xxSaA=ͻs-*v(y2_ jó˘":n[r g"{LCFm 6!߃sbh5T!zlweEo _cG;_$"u(Mݪb.qшcEͼ\yKH#d|͸^kF5dȀkggE-[~ͯ0:=יִ 6I!;&ӻ企Yo!h d`OcXv1ȞŌbzj}ؓz 9w M d"3QifP[+:l@FgGʆ#x)G!C RҦ ҈B؋dY9ʣ*SVeARh4p+Kq!TH]D)Nn;GX\0}+y 4%Np…%`,le2ϸreU8ws]1Β[;]^)nTIho^?YKRi|K ZeЀPO7z:{+yzŚ'5 ԝ$0yGWjAbɗ7m͐&=v;yIT hmɦz#-E3o֥GoY)4@X} ?ry+]+=n8PS1!AD ${ں~#&C) GN.R@*s,.l|l)ypY!Dq=L ^2cW\Wʽ'@♒<::VA7#tȻ_js8p$BpMGGA]L1)لNeqygR?6B7]ʗ ]ՠjС^׀$%AXuWO,˄tBsf7JdF1<єKЋ$ M XۑUВM3Z x{PЖy9bat:g\./ǩ4ggWxЗGJ NW( u!Xdq eULmAJVȽW(~w$VJ驵eD5-{CwDg=pDŝcqhFW1k_߿RHnؘZ LiG# df=%2C'yr7wO%Ėv|[evAncwPye6 1ZWћK*Ej*tCY0.; h!WVq|ZZAA׿Nxfj{iE!†T\ngޠ%kljp=!ժ;Le۹6̝Gr/"PraagsAE&O2 &mG㤯F/}5Bip=~ n&8G}!1y ӔxIvMx&G%oO oi [ml3`6`^C; @7]k0x- B6o_IJ tೊw 5԰ ngc }|rAG+Bc~%x0UX/ ݸ>0HWFj֚[q&0m6tlVߓX,GE ~]q2o%tbS .a|Smo<,ETcM/_ 7 =HUY}WF#o~VrzMR&$dļy¡G.GL _S0 >vnsA8RoN!bb|S}9V7%>:_9jҕYTk )W5Tx^cqRUIqrr,ϗƪSRuuLSu7sWx esk@7>"iVũbzNmwMdvA8aB1@QFeFW"؉l&206cEH zݔ!'KS" v[f]x,_R48)IECg o&Eq7q*4IE"FhGof2X(t,^`LoA yVCo$up,):H݂/Cs]'Sl)1He7$gxNLSe!\2r<$X"=LJC@:e7<OCΏKm2/ڇ |WbjqU>*6 g5 .*ʮ>O.+KC~}'HP CкSEeoG*pI3!kłZ)o3Y-  Tn8 7 egWU jC9ouY"JLC?b" Fp0t< m%s#. {4! bVE/k7AX*D v,r!M8϶ Yrd^Iu0H_ÐIȶEGn ,DOQikNt=p/z^xz|v'@ُ6*udz ,jIҍT.AUBw"yS4z`A vQel?3(mMۭ2*3!K.-o" e!D hh"%HhY1i96Wnk[!!M"0Pj~&7#sӅ?㋠ ]Ç0~}wҦ^iHHmPbEP>ߝ `!JQIЉ^ &.$O餧%]0YTB}M4vL(+T$+ H_I6DWO@}I2M,v^PenJ9`y@cͪ!=ₛ6^-DAEBЁ@;oG ɢ4x ʱ0fpFRx́+~u<re=$Ԡ*c%; ꙩo0tw~wF^cjL蹃:^{! ?7{Qhs,PF֏;yIk#N_g*\.BZ`kL,P !\~ɯ9~v{YځMR զ3ݑq䬼}v 6#;;] aH\zx{pȐ3QGyv2W*0[408/]wi!\mh<;O 3$$ިE\u: )*2qhV>wN~ 42 hmH(ľ/핆:Hj|y MYǮO/*?mC D1 0we-/* ܃lP|M Zr !,טGL#.s# _7m : )4Ax3ZjNνצx_HzOq.HNKY 8KDRݴ2QgeZHCp~-=O[zwT-|EǺF;)>^0 ,c 5$WN*mF/dIOi -\Nɴ㧳$Rd'Y"# cN gWLuО= +0 ~exx!(=zGv l7jQ:pFV"qu|L?kPrDYw¢M!TB-UN\p*{wJ} ;V4AuY獥yxsCڋ+,ِHv7P j9S);sD6bRUвVʵG?Vdca{ 5tB1Zm9, @q\NQc# HL( oAH/B`wRYvI3eǤ۪֓4q`Nإ G =֋L~ٸc GG^J^ts53qJ3#<쌺cI]V͗ 㿷b ݰ[ֈT"a6mF!9+<5:BJR׭x,K+8;o^Z{gٳ ph0͞ 1%sJ2AowfaΗs"}?2usOg*QP@$=ag ^БFYz>e(D+xOB;RFK&!N3s47UQ)eoSt(5?Wm+瀶%IF٩Z꜏B5v1( W7Csx gRGmzwcTm`I_@+CMQ7W۽|lc#C(=BMyYr)RQef22&\.6=%EB@}1$\Pj./6hwbp]Y%=ёkbMTm3ݾb/̚ci-Bs&5X! @1Wa.`kO5'IN˖WE@v,TMy#oL9Oc'`, Ń D|\+8Ti?!!s~\jT49 *o p^\p`MDwʤUXܯ$Ӯޢh+/-U]+2)𯳰Xִ͘V$g^Hޓ,M4W-B뻑y|kJA5%1͇Ag)w.'Ǿ0;I>*(vtDߢ9cf͕μd!ln/'6^YYy!4*T5 v~e.r<`5(<5653xa Xu *!hN«ʣ#9W&{(# L!XMg`xsC(q DHvC1,4hI}CHnZ#]D3ұ-ȆmpӗJ;Y$8]g_"׉'6"Qʴj+}{mby<1dh%~ 71؃ObNدp%!ڠV4@;`X c!vUI_Yֽ Y&67QRlpF(NwL9WV'Rp:vHc'Qyʋ;+dda[Ӂ! t^JZ2OMݛ}rbBU$'x!>]CLwFM8 'º@р4k=L/7ȸply Ex iWDKt܃j;-n#Q)vŚ5gxx挀#IW!Rg-C0'f&Bl$YŻ** "Zj;p#LzU!eSɢ"d7QI/Pn \)k;B*Xbb"j[b;v m()/Ry͚pB> 2AEg Y-j^Sck8 ّ6cLLp8&1[CTUƊ"xqu0\c:$NAiZ%hx.)  16xgwwo\nE@^y/W9C>v.߇O }{UIwZ]jgh/w.0Xܿz ,)SrGsaxQK弶zf{:;nCѳҋw'w--RK.9\ChKnJP)ݹy$.bwQuCb~ 9탅qJ G|(qQL.L`dx9F\H s >@2g11>v?S:und/-o:E#'A.;/2bF>gAVE\w^QCKha$aXDnJ}Cܘ$ZO}uuB/(֛7nP| ,&3g.c\*_7BƏHLc9vFܱ#3`gZ Gzw9-]:'e0+TkhZG*)$KEW /#(Mj4v{'׊_ax2Jd|bë́ay|@5*Q-x-Y;)=@|q@ 'fna*܍nbO)s.-V7K͔lӥu}AhHkB=gq qfs &T^Zv7eCoQ0-Jh#.!w_aayal>IG(Ks]TƗ҂Jzwk#qT1}o7˜۰[W?fa8*¦NX w:5[k\nZO·d pQ%\yIv:Xf)Z#n֗j{ƙ)MQ+ք 0@{I3LwWfͫ^"'N@0sk0J/ZՑȎsRԷE ͤyN܈}ȺJ@7UЖ:7 &uIoצxU9>2K p2k+X}ܝ2v\#W6YMVsZWۍvKxAk B)Njv\lSjh&X7;cZ`yGݨU8P \XQ>_M!+4nXon>,s$ 12>rj&CvV{H٭L#x:Ym6hT.=^eۉGoeQRL8MSV냄wFZGm.e2+tmKrԮ&qb,ej+wS{u`C(zsy, 4Wߙ}lvA],Ԑ&䰤dK1KjR+Cjm'7.$AŗXtvˤrH4sr"9~?81Ýbg7?~m@;5x[lܾ}G{kQNd FKJGr98 Ųt9!}cV5Cⶤǒ>Z{Տlzm0%o-Bnd!x@8w l pW{&c25ZIYDT[A Ѭ~NK)8ݢ[6퍇òncn(7M#`#pݰ v\,)cEE6۹(ʳL+*!Xn ҉jϘ5>3M/աFhvLaWXU y:kE^,0@0y7I$"6Ūf9z존{߆@DXQ>/ilEPs똻Zm~fqvAr槡tHl W)h+z$Esi?sJBO5/?PW]bY'j>c)O8bi(GB9X\ րj :,kG|gRL1C: $,;~` JCu;: KWS].RI.u+!׊>lG8jp34TUpO7t5Gvr #'+1w;, Gf_y(ށ]>*lo _tqd3KHst>:[oMd#F`ɻkT:@dȴC+NHbB^VH'bl蘞tP{ZXQ ջőet HJB`d)Nhu")SfCx3.GWU/R~yk9zE*!),C|܎%omp!9XGD!Z LcNAEd1yՠÚ8;@vqEXL*p(Վk"x +0:Rgs&c&wp3?' 81&sx⹯Xe~$~uSt5qv{N}˒_{F=ӡxЩH|\BRDfFb/[rR#ەKy-xxb _0dd^6泑=7N5aBsIa̔ owzŦ@XȟGNnߓvhqI*gMrJg2ʒKAG[ji/ҩCk0*H+zqX$2 n g ~PxדCaMǬ[*Rx{waJ̚]Rm;)Q8m-'s%=]k@+g2a|*NQXS3GqzruHS Hkl}=Zm=ԲA@mxd}#9U6 DOx ݶԉ4}6`Mxw-zDl|kG"ICLCUiXg9T 07O7cAA;#95Uak hV#Hb^Pj|k\G hdJj&7Ծ}52x_%|deqkpØ~lj f[v~U^WZ{F)aC`G*ÿ^+2aB۟M?uԻ 3m=Do)ezaФuXy+ɑ/e<}ai#MQdʼͰBcy7|/tlȰ|Ri( yV a>fVӉ{-ş&-ؾ%֪T%=R%{[F]T~e}Jg l=T;͆d;VaK ;ECPi w9+Iը‹O=jy:q.)ɐ"4-A`' r#?vQ\j ZP3[Ps@p dMjy bp"S ,~g>E:is9,nIH]3[W[A@n`R_#{1~ .rI^.՞W?-UX\.)\bHw 5u҈M"]_j s̟\pcө~{v:=aGc$d@BF ٝ[%ʭ/Hʣ=߂63kE$d$go( 7'd* 4-WS5߷nK"|g ~<.>kйMS YPs t|PAY 'b:X~(N d:u!Ď,gP58J¶ YZ