nss-pkcs11-devel-3.53.1-7.el7_9>t  DH`p`$ƨ-9MuM&PyXmp ǎ4fE-pqxMIqy0fVe>܈/zm_¸CoDbvy_r$ /{Z #%egIp (;ښ+EP/,ہ$?x|H: ֖ DMBkFn"V~8ӹ'Nih åIᙔŒ3͌U.I::[yotuS[bzѭСGrDZ3E+ˁ Ru2#ܜ. `{X8( 5[{r:r=٤yd%Df7?d " Z OU\         E  T    ( \>(p8x~9 p~:S:~G$ HX I XY\ ] ^bdgelfolqt u vw xP Cnss-pkcs11-devel3.53.17.el7_9Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.`jx86-01.bsys.centos.orgL:CentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64 n@GCB:n +^L^L^L^L^L^L^L^L^L^L`e`e`ea35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c4408ab7c652feaa82f0a9efaf97209c13a2a38a121330daaaa8e897a94454233a0769fc4f445c0f4ea3f0cc8df0a8e5f4f912c6eee84a07b9d0f28bf7d824b36acrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.53.1-7.el7_9.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-64)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.53.1-7.el7_93.53.13.0.4-14.6.0-14.0-15.2-14.11.3`?z@`3`.V`@_%Y@_"@_*@]B]@]]S\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.53.1-7Bob Relyea - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Bob Relyea - 3.44.0-8Bob Relyea - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto- Update to CVE 2020-256423 TLS flood DOS attack patch.- Fix CVE 2020-256423 TLS flood DOS Attack.- Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic change in nss-softokn.- Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles- Disable TLS 1.3 by default- Rebase to NSS 3.53.1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)- Fix pkix name constraints processing to only process the common name if the certusage you are checking is IPSEC or SSL Server.- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.53.1-7.el7_93.53.1-7.el7_93.53.1-7.el7_9nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib64/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !#,] b2u Q{K!2Jz ijoA~#,ZvC<0_VJzַ̲~K:qJNv>'PAT780P;`6ݘ)G?dpM17/P3^ .v(i2䒏~SPth!z< ϬIfU,*=w,<[fB+;0\7hݥCx ;Ca1U*od eZQ:"2CO"rȍwr24d2_ӵAQ|/ɷ%BPe.%p\y[-m@d AȑzN(%`nDv(L&p c ۃEsј SLf rZ@jV\aSZg+N'?сI׭2YQ%luAi[!Kv0SM}y =Qa> =}2A7.e9GXAa3ZD zl@YHzGxا4lWEm:Z L캰oZ=Ins;J/z.!76|HC("yȌ.8';IJƳQ{xcuL ͧl#6_%(/M)/a@]bH]d#MM@;&7tgy& :Y4 |c#Qw<+JuĥǾ&3nHNqo.|ckd&噷\sVB{Y1$ L._Q?FiL7<|!C4l3 3)8.AF:VpMCɞAq|seg6^v"fPt ?Ζ2&kgyp ڬ%$P@t4U ?#S\1NLMd ,j"Z+SD"QYسJP<8֘;wK詶J#pބGl\UDx: 9g}q3PøǹZO)csy˸$뢄kLS~}s=W#T$AHDv$Ax bdZe;w(L.G{# VeDΛJF7ex@S4΀,4w7c FA}ɎFǭ(%X`%@3I O:2Qt-oSQpY̚KоNX@)W 2hTbeDTQtY656anο-!c_E:Oӆļ*ޯ)*Bh+QjCyU {nvu7Qs BʔZ|uij`Ŕ1Bm V@!Brǔƣ Q™O0f*rTm& C6.#=E7}†zN6?-ޟEm҄:T_f~(a}c|E2hqҠO[ ɵ6o3kɣт# SD|$k.U\= /: _@Ⱦd2X2$|饥kc W7")ߔt:bzVrV L0D-8ФA;jg)?-c5v:-= R63A(λC譝wuFnq?Ű|:6'$ذ1Vت[>=~>b t@LF0QM#&Urߞ?#ͱ {xI+gp$dDy|EmLDN7ǽ'U^fE&(L>' 0s0'cXPv s4^3r,ǡ;/+[tiD:9<8mPQz9 @^'v/Ÿ%^dbSf_Iv788KbːB;z! &4u 6gsC$icyhw[1eˤSۏ7MޫssX.gaw G @g K)x8>kI3A֋32d?&h?W?k~5ȫ8l и'@6Vai',:d-{/ITU}g(TUcD ѪW_%J-lGr'\;Fkd1N M̶ϞQfG\L(,ABv46[?>M=$QC4;Pä-GZ :(24t]qh^Iٞ0usb`5SSX|ڵ|x7u%&[І?0qܹo9ͱ(Uw)0 *= jQ24 U'#@7nS\LJ*{ ډf`',Gi! ۈ}pbЯa6. ˧16{=2(7%bKpɎ m0_vfI r l>G-r/[}d "ŀgJh.9_X,|vBZMv#q[Ux`!=Ys7 D2gx؇M,%&%l0s}hboi!%YE*@(嚝jm9&X*r4!_$g@Gx3$S/MO!uBZQ{`MI|J"bgâ+_ C.qiGRYZu7y k'*4*ㅴ\ ׇ7K3[I; P daW}$f@asQI233U)*vSicN-Eī9T^&96<s<\D j/&YgK9W=9Fs7/HB:zW3 "?fߍ: 3+>b0GfjI3)݌]5OQQ!?摾 fNDeHüv2,W傛˔O5y՞H"&۩Vd e 4S&A\~-߹I}z{aoK[8pjyڳAk|ěh!Q3=~Ki20uKx6Wo^%2N"s\Q}ؔMYkOb ѷog!闸#q炧5ރ=% EܥYcƞ7o-?nT' ʗG֞c!{=ʁvu>fW ŀ9W5/ҖdN -:x)sB>d9mgX-~[o׀ۊ{Uv1![ml^8KW ѓv'Cg.>Ta`*ڮ-3~OF?08?4H|a? =bP=@t*^ 2.ȯ=!BSo v[ӶE*i( ĝ fib\0O ƻjIi"eCB@Q$GUWT{IUau~gnkS쾉mY JBX9#Ā,g\*V6EHT˅Fvpq1޴*\c/hc͚77 Ɛf G06jRgp O(!,v^JdL) `yuitrBeJ?.Vb|&BW~PmG_FS)Mm-b^S (팃sI`uCQ #i@"t}M oތ4l](0RLNhY;r=,ɪ5\U沬l"\Y5rQp儭;G̀3B_+.?nlM21ouÇoYPuC%g^?vqkjo$~l"BKb)bd7ffK)1'\ҷ9:Vje# -!"-}k BE\ DvWoX4P叵zcňt&֚neB d?b<8(ӁãI$n%apAx: pfK7꼄5F< i]4{@]vG"04!hnvΆ1d' [|ZǐYMX| 1CC_h̖[p7Q|+ jTO۽=,N42XkxT6X1 w99 _>6GЛA0@UcCjJgmZ8 \gkgR|֪{uzOTR@0f ztLjn/*m|0O,_v14luꌀx$`M[#9S)6Pf:3oJMO il[ uQLu⅂P!n& ;?O>@.EC0 `K:yx<(p- s1Fd@A-q{A CYuRb͕us{q7 n{rg5 ie&@pG}§֊/n6C"q>E9Vg_(oI#[!+N@ 6?. {HP!ZWaw`c  I"70 cQZF< / o_#O*Htim=O I銌 ?OS+}BSyjc6fwps4^.$充 urC.`7#xndo4e_^D" "81tG7mOL/fx G">DrFu, F1 ]EQ|'{L99IEJ%זp tJQh[{C^HxO;+/%ϮJ{Cc eЖ -)n愌^/cڵLElp4Q_CuW5aY(LuCK1(X.y1eLôYgzzuLlz1xj'qF(*YMjT>!3;uI"lJtm'/{{]e?{$D ψkT,>4&FɁAVxnV-a4!#Ϧc޶ h{ _[/Sa~L,2.qLpS85i71Y!!H|3p۲ԪKo ~ņ "EWHO#~!8էk}')ΦӖ ZkN 'f9łxEսT~Ò 7\&c ;˛c j"Wi+cXew}7'MdExƫ!A4 5hώMC^jx>28{ѷ3y bmF*27_ؑ2+jcJp N.{"aHxbW?B&]8>QW~4 (OnM=&B'RCgHg]9"74*v3uC^l4/f&Y0%XMA118`%Y<4$/s .+aiR)z /2qH(v^G5I+&Ӹ̤ވO  $,(czigNhr*YvG?ѣAY Lvq&ڤ!Ⱥ52>!^'H:4}X_EiKZ#RDMX0. %^|~_:xᆯidם%9^0.ٸ)q<8_8gpH OYz3ߴ'͵O <C!嬃<׃y'd=bRTy]*ZauNm$5̚pVVDB]7:Pq1a33{HO,4{y\(,ekh`w~vByJTVdR۴{fҕ\yltQ]ehA.K[!#z`j{PSbkd66'[`@AsU{7{ WV<sǢ.۫Aw"4)2*W/[<HT9VrTT9SuN{+ѡm^M'ĴȐg<LhO; ߚ9qV[3ZbP{<ԤHݚzFV 9}=oE}N|t$6llUwAUW,IIJͩy22 eqC6v lSy#N1};(d9BeUW`y'u&Pzv'98Wj@sI7l$()D(b*/ɍqlɥ҇O'V |@}D/c|ϔlƗF=]r+0l8NWl4¦߶GLv|7rA)/\Ao2 4I?$3[)rƒö Mc_MIs)0ؐ!8V5!~SivsOʨj{*2 aĠs (W$+fסѳ\-.blM#R`Թ;W\2=nDgg-!:; C|?ݴd4=5RW7{&d>hd]HGLD)?E_ƒX">Cc׻:L:7`B֖D6͗_eU"PXKQs:Sm{4;Z^43s(`Rb#ȉQqd ^aN&/StxY=c*;(e?> *jϿ\wfTd-QRs]0U L䁑 n"XѧUuex~tP UZKKx~nipkb8ÂAeMvwJtHvIe#GKp<.ENB%{ ЪvRL6iFeʪ>T5S+n?1i* C3!fK|ki:nI G$'Jj`ǁ5ؿVDk7 kr[ԷsmʖTkv-po΂Q.^QhlٶAJy*L,[_<Z@UjnOxhnޞi!Қ^>*GuG{䎈OyH9jV,jog'6%ۭ~,*S'F6[ɟjq ;G'wIߒደ(R#̤HEB͘Cqj]/3ٌ=cMI-xh/c__ }QhX8*3~%?E+W+_b#-LxQ ԙ8RS}!BG ;޺JjQ}|xx(q=3Rl|VO /e: h>]ܨ"eϺ{F ĿGn[ e|tts;nh3<2/U8ŸX\^L4KZ\jul7HG| ! vڊxYl9ܤP@}NADCCwxoWhMD CC9_ڏPqI$3Gp)55R^ʥοVt&yҁm? B,SNm`({rQFFϙk:eT"NE0!   8@x?ܝH6~T_ua[28 =S5jVC')5E{F,bp߸Ps)kM]*Ia_"FtdGG ]@abQKD0:2ie4 7;NuVȭ'yܴ6 ɠ0-[$|J a\9mϯC ^_32ĬFe2N==L:A $^-.sֳ{b&;XBP<}gPk!:=T6 <#!E(B5*JQ E-i/II`֬ir9OCyK?^.3-됣)ۅ2DLw'xhmţ;l*'}u w&"^F=)'*_y0<h! ]љ1Af߸7;cE̿5)ilXŅcgS<ښ=fUb b> (5gHruqm_R+k:@GNP\GZcaw9(nL2aݪ-̢ )//U˖P xn*ylfq迿lzd2٣@ $S{n{hMmhe.`1{uꯩgX8!æmHO!fTeY,"skghrv' PUyfzґ+P6z>Ussq%9-ʕ 'Gr|Ϗtyz9 b6ޞ ]c2^ i4muXm,<_zV\Oo9s kbmoЖdlZz(ՎZ0.${ؔ9n͡:c>ٍer`EЋCS܁ӦU*?{>P^徠Cq)&f*3K!ƜR'b3O`NMsBF54^eFN !e NI }.IĨj'2P+NNsR¢lӷMW!s1Elr>`d4md*jrP \/lfjP&ȕ Ϳp^QhV7 x s'B,uVk.ÆnCI(""<{t 3]c)Nh:^..dMj-yv)One[>_Za%| RDF ?X/o(z8MG/(9(h[9uT|ց}ܺ4eaJC:Nm-=%QS/J&ȩiA08@E"gW|) e 8apA[:o2i5|&ÕԠU\TjQ&eRyvzYIb^+ *ײI657݉qQ.|Bщ>#+`Ň۔Ro A-Hr*JPy &fx  fRI1.69iÊE }U;l &ZPd"JqB8u1FY&Ys*RSeک7ɏ[ k8k;8y.^/<1ꢺ{J^359La)*dJag. 5wm]bj2*$,'9LX#p ~xZ'.[]Rfq|;kгT_HbˈZ4O}5/Uȸr,l ɩ>rKt)ZPz V=brWB.I,L䂘ƝwP-'w'HXl^ුXŮ4H я.OE ʓv͔!1"oJxޠl>FGff`UP_?HhIzZK9Gk ԶYuX|&6[ZabJw8x5OOj2~2=LH2:vMk߸ aFA} <F't42Њz!׺^sDZB2W$!L&ۗ.Ϻ?aY֌`D1;xyUi^T4eA# #iK%%t*TތAt },?J]A qbajeɌwHQW- 3Or: .MN.ߺY%] ~uG#JѵHn L[tCQD<5 @h"^=x[ (gNAk~RP6s񯎬`EVNwhp>‡ `ѭF*+tuejݎ ]y.+hzA@I7饠YT/7),h•agi W׈{@F(҉2G g]Cђ֗$QbDo6q̃ޫ@^+X^J;3]z!^NG!rpF [2ul \tK68Bi# N8Hǔ|mwȕBwLiVW,V baPn]1_h;TWFJ[;?̶n?wxҀ!#E0UB/^|4hmG|#lC!E Ա dSd T8uA YjwX)_뇁?}K=Lz- rL To,0L]:2`WLXfLarjUPÎZ`MR9j-@]6EiWxʇuCvJ wVT=8LwmQ"EtU* IV"6{DZrMܾ8vߺ\NxoSLd#Z'qL̓`|('I";&o |ZW2ۤEfdw||ͺ"+pX*2"X0j(0ץFI4C{2U[: uz|?NdZeK%)&t/[1[ϫ 9 ZvhFϻ ӋU3isrV&ѾX!-0G ڗ4q]nbVaNkO@&֞6y_5>"x >m&A,*5'MWo7:!xiӗ:l(';~} .V<x j:ݰm5X+fl<)TC *z SRlciGq 2<-}=b'S4B:  ,b7Q_/q cW`]$+Jw&LdI1#ȫP QXy6LjmZ"NwމeHsM JGΓ tGzާ7gP/kvI^' : L T<.^KjR~i?j '=)y46uUpt) ‡A-!;ژjCp4;of g6b&/ק_O0>1 Wqy4HG0A[YCv{[Etƅy|:z[ (pŋyݍ7%YwKޒ7M` Un4gՊYc:2Y!Ml:sy{-(苭S Գڠ"25@ g8Yυ?:))`/zGn#\(v8%7-MdpD" ZyH]̈́`y*Z gڐNaԐ 7 u+B lh0?b00eI˚MOy=ɭ6:m|N/ot,qyQW^wgW01wnŰEeMr.Ҫ\c[Ma*=g}! s5%МFDJ~Z)WÆ'Xf 0b" {Vz3U^_;ׇܫ8g7Y7H紪U8T)>i(!.ПG ց)23JƐCG')':qNML):N BBd 7,:.*(f"+Y:!hұ^)   -OŘ^_nLvRHwHUZ ~ 2Pm]bX= Yexw}ؕCW+,)y6Ĭis̘=ی^rHh%{G|ky~ĒK(I m9=GJ{MXG.7X?[.NU>>m-HBb-OR{+ ,"mfY&"iW[/?H$;mB4etؑgF9p{~q:o7JEbXk7 m2-M5s  Pi[<"|},U G'eySH' NwVx#.׋ GkXu6*jt.!RL;tP`}N.[kJ7p?_Qf0=h}#^=IBj ̇pV-yZr6mFy܌|D9rM² uMߗ74ADpy9CE^M~)2YC#Sas7v|߱_؁oǛo:h8|!'Q˔賙)c0+Y4q?3#A|/w|zY @lKI q KnZ H +ǝ{E&vd/5i52 },]ߔ/L>6lNo~ڡ1k4<}1J#L2 Fr ;636 "/ا_xByܿF1IV( גkˋҎVFI- t͉ЖЊO^qaL?c↖eR yTZ@|#olyia7{!AOh^صdܐ[qQ p%"iY7mR(GDxF0g#3GB_S&I1%qwUnYo4|v4QOTAOVA3UJ{(,}YGyJثD>5ݭ2O%Y Gn(NTrZdVByB" [ɦ?b0wG< 5XnUWZWȬ8bɬ=$k:Y)R( 8=7CĪbfYd_a҂t [.C 9e S:D^I0#C_-rt13ed110IJWY l1W~)nE^٬fI`l2'坩ks eZKDzփdɹu #,/}dF4kljj~ yM90*wl88D,O:Nud}Ղ7-ArjPkUgt+Rx9tIR(v I}&IaYn;WpxQK} ZIaqU=d@עM[:4MKT۶|s; n6*\*42P H-u\ae;$ 2vpl;&VoBjԪ62 3cR)ގlx? pˌFR9Y0A5+p=;Dx0(VաUBErȅyÁМN,;Ohi|%AqoYQ%bϳږtK2mFCA.U4Bs$ ;AIFM8LV4ePt&9,j 2S1[q;g(uG  RӍXl YP,R\Pmjr(K T̪ m\SO8Vk3!NFs`dt1~~0(t5`Fn$KTX\ !Rg%!!LL[bp7]Cl@\i"䘔l)?!*Q?^l 9& nuqO#uY u|7rϳ:7@f6QL-MwRv YnzQ8F`҈yAT>W7)4 yv0\ꚝSV( ܓ@!cƞoUbۗŪ> /&̡ka.@w ZlIWpnNȪ2OV%{\E`ЎUhUAvrZc7^,t|g[6}gRxT0pWRI^R{d,EJy\RG) S%,~F<Mcw2 x%>~S݉vJG⺇OUbߋSPU6޹!ktY!Y,cPmpEah8^ EKq ĊqzE, Ka;'afsNO"8LZ}{CwrrrOÈ?`LxMuٺs mGFn}^gݶҀ-ώ 3qmXV]{_'-zr/l޼L7 V%eDN"dЧu}}3E9HrΡU[5TOcs  ah+y襯v A5kh/8)*+|ؐk!okCc `NžGDBN7'bM\A\JT1p/* `e"b"gIg?H5PG.k[3:g[Tw$ƙ-&zfQ[Յ`` e5 kU&a]aKx zcMQ$`@GM1 "Ԗ7]'.UA8)̧>3_X[lH٤jzDB4HhA!Tᖽ&oE۪APCB]!$ou^0i}|*?*qǠg L/ӏœ0^X?aXo.}Z0Bm?Nf}b8[,(!+!4~ga$ jG /7^:M G돂ڿY!kϏϊ;ȭiভ:yՑp9^½E܁PU JxԅVeY_d,uw~O(hREً9)aZT>B+>V7e;vR/iHml7Y/ޯime%$O'SR PY"TcaGr"8**;FL= 2)ReƽܖQ8kR(eKMM'3c.[ą1Vſj'VMhӷ;} / Ht<=4C:ySU?@wy ]sͩ8Psbo.>o}I/JR Jno < 1Ib-o=%O85l#g'f¨vFyke  E'J. Ic~T=0tY4Y8CtY2q7@{<'vn5T2Q@rT; qK/Z zj79עvd,Y8 $fa\}!^PXɌϧ wx+#tUvWXkK([-(8\NT5*7{A-0 `X+͵<00;5R,󡄗>D)1.*cRVE̟HVf-XO-+[84`~9]u`>^v;ֈ[@CbTk:x!qŧ][BTsqm~YX/"Ie~ou*CX]Kgp{M#5$4{X>xyV{W!ږ_!I_WXvVE./x>cϱnvXC%3!S55$i)+Ne?[ $|HY/`VPa2"¸GF>Y:Fr֧ZۼH҆fcQddo`/7̀*%p}8Ld;HDAֱ^_JRt".8k=`TͤVQldѷqo[$y*I0vAlQEdFBy >5"k gӏMOTw~h:.;Y414Ԟ.HxN_TQmM^r. bӷ V3r-Z$vӎq{o{U|fLO^d9HEHYT(;(6gӵbiƉR8GSyBk;$[#%?㹀ܾxM^QǂNH5+5`w|Ҭ'f']i>nl4T[ɯP"> -ցkG:tpS19UwcV#*xi= ދwO{9r}H 6r%aEq,?y6jĬ~ ud5iY;aq<^6P6MQ%Vr(WI[!P!T8WjBogxflzV+š{"];[ZNU;̸|y#= ݯ@їEM~:/- c߷V8tc MGdѨ_]߮ԟG7kIA& XDhi^;"eOxj_$ GAAOCE"^:М%iGuoHB.+F='~`KI3V`ųtW~=n:irµJ>F+yS!u>T5 ښ F%=_Jv3S-e?/ ȧ]#=h=;u y1ٍϐ<~)xӼƇ'e>b4v΄pǥȫ^$0eE ]#TEwm{O* ~jwSU@d/Viq㷹ZFlE,1#|hI^UӼMgnguaUmẍQF,>*Q+ڑFv٭<2ݕI"V mR@Z5ɼw1f?y]1b+*MJ_I8 Qw`w9* BDaq%8T);yBP pc&EY_E,.m xI l p^)ؖ~"r9 by6RVxbPt3 }\).f˫ amQ^ĝ>֖(YT^qn2i-1= pS $' pvF;n8̛/%qLG.sic6 )ޜjMLvd:x5lKxekzEsԇFP -"kf'9/ZAEOdZK=5u-U5qfbۃ%ѡY'瞺΍Ȩ롷 =oT:"7S]{Ɩ'*. ;rZAp?7ߨ?#?w$.&5 LվXh_d`]_[+>Ł0#M}q}򀽘.iPpmܨm*I3]/]!OFgp)>4/`/"Nz#AAE;ϳpU~) PG@/n^J,Ӎ vVC K42yCP?P̡iT"7݉}@39(\zT"(H`#G^F^H1q= .b6 8j 7+c]LpVo{s<LfƤz쯍ퟫ5 W;.#!©ؓvGzj(v(>5'o, яQ\\ZɅ98 ѽJƚwq6 7/TZCIm;Mto騖K7^%̛B7(2qW:xy(dRݸªF.3H&oAkkLqV,a^`DQC!Q&"xݐ#ȷ7~U'Y0Hǜn~^"Z7=FDh"/u?]c0+4݌ずb wL&NvGX90*D؊gC|jq66!DPWO2+ iy2oØsj**J\;5"WI=zp׉/a9 a,s =~eܾʛAQ 9ŭ˸ TƄьޫ +6'rDgVF*tclͣxrBn |ryt,z\k8T5I!֗b:ű~n1x97!>0El~6l\d:U84 cW.)I+CqPOF$bJ;bTǀU2AL&X 7 oBǷ7N?8U|RHzN *@j$ R[J Plݣjgb.v96N1h&BW?19b 4Yz{'/iB{Fڇ0lmr`DdA%(1sq=%IF{=fqwE&Jnp?ozܿhorHֈLo9)_- rza†7փ;(taBѢ/#sg@doA1%>"{vA{WW0s {Ea&rOzeY}@Kh^USR CA: C٘sr>o=Ho?Um"W䐙vRqboPAv0ua][VGpcGqZќ~g}b6Tŗ d㼲Fq~dSTaЊo\V}6(Qt:t -H [RMRe5/{jQ3*}ny6=i+S̈!*3@qP`K@iy(zU+6a?|<^|uĎ6Jm ,nMң==~ŇdV$Kʶ9Rrԩ6WSbt:k.c"Zyam-kA $#kzp|Փ-݅wW { Гұ)Zcb4#-,şukۂiN"|qy/WX4[([7ZkcPhkF)7v$xr[{A~BR;i ^ɆŋhUHN ^оͧDHM YM$0\|K;9@ktY`i8i0_|e)3վ{|-⳾XJ/Jb:7XB۹S7`eNyLn/`9 !^0Z_[ \眼F'Xup@(K.a^Trzk"+AX#Mҥ,B+2Ot`1پ%]Jʹna" V 9[>Ct#\܃h"xŭK#V:Imyo1r2Н1B(Rbr>3 X< Fs_&VXq=% :4U*VjW]nȇ, j Qunoqo@3ITSrIt15(N.EՀeĝ;DMJIΦ ճ\li {bZldE1 0'TeIN!y\CI|׽<ũ m)D Px)ơ ]=F7ΞJ_pL$j&\x&|s/3DfŃ?Y|5fbZ`o[\aŵ7%J'9^@Ii߹ ^'2v$߂Hkᠴ:msb@qL~cKp?|"%[qͨs$M+/өL><m~r eΎ֥l nB/SRNl}:(<`ZYƩ}?fpQ;c0wT)A<àp]v<(oCm^&00 4"gN^3?{pCLSu-Ab1I1\U<I[V L`wu#).D_1(/9:Xv׷o+O-Q5O{BM?Q̧mkM24KWQV#fţ'x?jxhjo7߻zUh=XwUOw`q&h>PX<Oy \tm!!i42|6/%4 0j;F )] NڕM(lP N&ܵ<]{v Ԫ9;nD;0# ]OK 'Mg@OX>qC @IlVoH51;S%:J/TY瞌wdRdR0ٹh0 8F t oL"K fRBlth1^L(-˻#PbN:W4:;<3PTBғWTG7A%4*0i.LD2U;1Ӏ G5^gm*坭I~HXt]XȤ%;HB2z Θ|6ܣsz6Ql"ɖr9rDq PǥBBEkƨy) v1A_4ޫiTժ>L)&m v4r;ofddG=ٗfM< %peLE2Ů63@hl♇[&nY ACmV>:8%f3e;(hav|A-M:,Igg6 -V1p-`,ךj?6:ETmj4{GjpˀZa<9 <;\A(:tle;Q5!C#z/D\" wӌTMrb$Liļy]`u_ܫMN}ڸvDd_I-6I%j!+6c~K]z(LRk8NH7VO8FARy>]nP]'Ia-:j/CsNiJo-o~p2;Ow~#󸦅RU6zY:ɜ+nBm\OD-џKO2?:ϛflP0۝Y/YRYB8_E9Q ݬ 6T_,s͘A,d) O'5.J'̩c6FAv?g~,}ܝi\H}JA|2<{Gzwy2#8UCe>65` D÷5j"M~By6: Qw;zK΅^kI%CH9? @Xjw'@5py>'@Q$QSN#mT%E ʮ[T_$ AgŸh9[vcX6wNL1H[*5z̄\lco #*b׷yOw( B?l& SAS*|:^XX0d,49h"1zK>Z7['{NyH djYT)Oy~lX JES7əoL$|yYV䇧 pηb[hᣄy—՛h'9%MOtd՛uYo.G9HQShՇFrl͒tAZrG"&oi0=rN~ 4g( Trͳ& + S%S`2;yq-hF9(Yd)͢*hK O3dO:HSۂ;8BbDzkk) yB%ekrAނlx?/]@.Y1Q#W٪(ag,N(ycj<zaT )ڞm̠྾zA@qv}ާ{[l5'T3"J*sLbWo82s{ؼ:`q viZ\>tY_|כP[Lj`0N-#V˝P+ //߮ö}}F^9_=V9` dw2o Xd&(5Is/Qr'0 )i:&l)xUTf*sujehQ ,S([p7f땾w]R%RX^hyIB/ZdfvGc.9 Χg%,уQ')°0?R-Vg<h+T72\֟rWt.ӀEJ[6E-SY^x`;B?\D:&81(n˓w#bͻ{Cw>)x<ħ@D%NgE+*&z]h]gh46Zgl+^Hۘ&(mWfp%pwHY&a;F$G8N x Y}doG0-d@ɬS%NKy۲qLZӇىE\Y_g-]$" a8#=`>b0iZm-/x %&O)3ݺKQg(sj&Zjo1ӬFÆmK2ϧ|~y[F,ws(ko~r/)623`$!ްorR9ufKM-m^];ݰɰn%?3o`w=du;ڻT"f4 11B Nr7NQ In9Flɖ " D%g9 crN7_hcaWKװ - \e|śܹCN;JfEXv=Lↁ7q v# t, Bi56r)5-x5ݩ,]bM&?h@ >DF"<-z/5db<:4 r E㗛 ڣӹe:V/5ztZUژ V'KA諑/߼43R?k8>6SJ ܼo%,(ҁ_g-$(8` 83VCjrɌ(Ъ T{3x/âU}WofQA. @-l ̀<'WUdфyt=q-Co+6/| W8bȂ&oq EyPgL2]{5d=VkʝU΄cP7xIdBy#Yj)ftX.iȲO/`*ƍSII#Ƭ)A7M)FAkڢl*Fov3˩<HI'RX2LOkZNaig]"٥G׹sCxWG ^7ljX=D21|u%iڅ{48b!'UksڠOp0Œ1jfuP ۮm%!PQʕ[֔g/̙=X`K/lS`L~z>1}0JyZXgGk1|:DU\(`x$h}ɛs<D[3 CbzJe!.+ң6/ O iPKuͥAPE Dܓ(Rhjq.gÉ`E y# \Tq8N׷fL;##} ghaSx+킎PTs|tzAQL^ 39["ت""[ۍS@j]wXJh&*Ҿ&rU%T&fY4I-4SU8}pPlD!\0և /R XCv~BM<z}t^b]|eءxpIS,$[tXсbR*1SvxWkJ6wm+kǍ z ݖcxQD#7 V.=޴N}d3oi?PES3cߦr#N[/$`H04%_|fi ML^TNQ(2_L3V꙽[><5W\-[70)MI)壵.\@A siv\EnYև''ҥml̫uIR#z<35@G]HBR܈-vH$*R'^i@3!a@v#JĿ@.dgw7yae_gks K>c/2&PivjUз =AC90*K!=LB 8(5zy.' -k * 1Lj2v7C'Uct/">*諷bb詐M&թMXXs0 .zF79ݖ#_v:IMw1fXVT{-!0Ş!dmgdOctb&|恩Mp3 S2Yb+^{>TY?ɘ.zp YvӃF}TQv(4LK 32!݅Sh?'iJwG5Z7cw}G +ugx J4bCNқI"ȷ*O$wo3ENYPVݮ jj.MXh9ypZqw&]9 )/D<2PR]9~')Y4^$ y_hޟ K1 DJkyU61mTxKJ(Fcྌ9Dqɢtp8N\ǯ?3 3 7:i o¸ >)AZ4r9.9+äyY%{K&Q"YJZ 7T2$> LAb̸^RRVb5 թHyChiw¨QB{?܍ d#FBVump16"fr:zk;/>܅_XnhݻNj*GQ$^ZX40)Q |[(xQ0yd ij [\c[N7Rx/+ 'Fۦӑn4ap\rxx1afHi hc 1STAM>2+f)EHC~x!vP6ӦݮLͺ,8Iy|&GlTCV_-%9`2Dz*3H`C RZ i+H1U{>xs((Ƥ"hnF`z0nE͠x?cdZfj}oU?QjGp#v\Z>Zox#3#{̫_꺵|;6a!ǢW,Wz>fdd6e,[fs 𹏧@\RZ qg5#: "DH@CU|F9#d~B[bD#Ee*TQI9wk!vA">|G Ϋ*ƷNNͩ/2mDE>: V?V@W4 B6M8(qhzuI8xCR7w&SP5oopp0\ڢHآЪO9 aHAǐ`_+.7@2&[棍toX--T,;KjΥ2% #f#vvW|6Oq~*|דw8GpnDzS,42 JXɍ$.z O~:|77˭`μՒ߭aLؽ'x;}wy35r|<_ba^a= ~v  щ˫"kwǑqg6,@r h\^g,W܁%Jw4:5FnE@L9(KJ<,z Z} g)oxQljf"c3b=mj邘U#䏼"'@Yi )g a>On<̆IKHsP,aRn?l{~kی*u̓?%ÃCXh#5qY, |SkK'F;,14rn cUkxJ;Փh-#ZOqNvTmQ}A9 QY $Ix''KS̱$!=J| Hqgfp}#H UwnO2CdYcjQF]RԵ< WqHP?8_=XVwG6bPQcbߘ YDC/H\V9s>- 6 l LhčAf8Si\*0U J毸=ِf)j}-\P䯢Ijsl~=™xɧ_ZWedc αDWBN4d_ܹbs#ybeU1r~hфٺ \Jn:R I4DӦVX Իԍ2iI lާS^bhqlLOqU /~z9r09 (Q8~& `óvJe W0t@Ӎ XҀ׌M)s9xd,U+t z’Q-r c b"@^"xp+6#f_r(yXN93G'ɰl%O)/c0dZu]n GS㚘կ.v!bD͠'Xk 2ӼՓ%!ztDc~<׈1[e\9bVau/0?X2p23ʯ9=VE=q+pI7zxSݣͼ^46 T'c߮a#cX<o*ak_7"laK;G\rl)4w3,˒/Q{c]F+6te8'ꃃ_c^I@[6hL%ځ_স~|M1(׆]Lၢyjjҍ*-Lѯn5PC%i])$k"2.wD8 Y+UL\H鱴J(\7K?O!*;Z-ACe@ ,z,\w ̖4uIuL$6tSfd ))15')QԬccݛ'hMuE7eԒ1(Zl&8Q*Ǫ_I&DaZ ۑJy.Dj4"D-"ӳdӉ-7`9lFiߗ~8a!n>nG%QISmIRJ0D:: r/ܓ"c?9KG6.ѕYu8M?DvLyq~z<<_Jm9?pxfmVC+5r'/K N`kY.7gQ W΂jA~ѓxu9x@8n#f󸜩2ኊzj8LH* Y]}/1x{|sO+@r`S:s:n!汱áY~̴8!x; I_3/B4Bv˾d4xGi< i:V_2>'t(mhn!|{W}(6X@c}E? Iss25 ~Xm7:&te {/!shdF3|EIR(Z@[DV_GwD$9 1y$㖌[,Ef s$D7(+̜sCiC 2Q"< کj&s|9O?fv.徤LJh/^BGRw .v Œ-Ą!]\tnuӐ{7|XZߜ+h勑~BΒ4*XL :s-걜K5d;ijHbJxW% T/y0`9W{\ROƒ:p,ŕ,O%p$ Mqlsd)P9c$;+[YUmX h.`A %cwh_ր?]ljmDXYTfNp, j2-8zmh ^y>|\[ /u0S3"+M^[0-ITq!W:15ԅ/ V9& `ًvBYWaEAd&0z>dumHڞ*E5 yϨ/xѪ`hr5>aYqm0+u;u"ж3Rp :[ )~2puPZ'ps]&K(c2phC kY9S?hQ#<*E]3!p/=lR6<;]\8QK1mmJt"vi)֩Aw!I̴ YYU]e]{ďڛ. &;h<#Ltyp8=ûJ9)RQja #:}\g @u{oC S?zCCkCl:} x3BXfv:._Q{Ֆ+XR](UΨ U;-z1&Y/Уe܉\znm_qGqGC.[ KEC4׶AӜr6~~9iK-_87mc`B VGx :2/j؈'> d_ K _E~KbF$93W Q :g*}dG=hmf[zXlS!HJO%^LEʒo§kB a3Z`F)&V*1qS⃷X4'"`xSˇ2$S_feta# ރw<=֒oy>Kb:dv}يȶl{@c1Rf`ADAiɻM´PsRrnT@ a!+@ X3Dd-aM4stHm`nZ"pI|q*!;1'7m;jSUOj(+%vcZV6!% lƭhiz~no?A Fr4XS&.#[|``Q}*)4 h )1Ξ k!ĩЮAނaTW K`QO뇨v za%} ,/L(lj:("bl8Dt7#N}ŒVbm>_CWȷuCcݧ%&k!Nb y ӭ1:y_Po̶EW)]l2X!س^R۪}Lj W@LA[Ks8*q(ò#3JGx \flB*kNC?$/sy VG~T$c-V3Ké\AE $B{eY+}9E][q-k}2[@"YykFllC2ej\+Vtrڽu%}~4y!ى[B9.y&قy28Jvh āpOq<~7Z`9K?_&1=p)9& *3n0%jS$Od9 HK c>CH{>@㓷 )^.І`ΚfWMǣ(0~FA,_Mp.{Ke:{OJEATCB)^k0aZE3Mofa!zܞSͰ/sR=cVE.8 q W`ݴSV $h\H#o2eE壳81%40|c7 G YO+dIi9(Pi] N5OBѻCC%z%0~4DFf AnyEӌjG=we{kFi+5rAuөwdYj$Ta9 = 3[ ? S#xf^oP4,L"C"`Ƌ[MhS\Iws)@A18L;vPO8iVmc* ?!~~R Uڼ^{p]W[7f*xI2 VzT:G~dN"6 p)[=E*d-cMF9L,]kr~#>[M*yOj(##d%ejou+C$h[RbEd1kWuVhkrpDs =](y4}OV83Uz/^I ,П m`DX;5 >/Еcq D"L' (A> ץEpr$DwVF\bBc, @+?&](,- roeƮPUndf@YȒyWrm^Tj!z|bN>UT(c)lk+(nfE-bND8gI{2QXm7%yحޔoªN9q,`bCY,c=آ7Ήƈ5heu(Z^ҎJ &ur&1E0C&mblݳVm2oey䐧zL܍n[e$ dsGPeQ4NJ9Wl2߆/eh戆OVS\@#6Gw=F7 LGb "L7FZΞ,cOR<&bԱ?u4vQ0y&zSnʃIҴ m?5#Y6@V~luf*YW@9q,EN8Qr\@4nz)E{T`)?`ax9 j5f38LպL:Tp |V>s \K%6:> h&^|"a~MBadd. >9%Ueջ/$?-k.J5>"QAs W{XvŅ:;g'bTv-0OmDHM \{Υp_SƴIai΋Rk=/[_R㫹e1ḇ>lU{ؖbQص-%Y19Ձ:M|ط0WN.=  d]a,p swEotuj ΜL* 3vbb&rʊn`ovo˽ T ~ Yߒ4`(AR]D\j310wOW,>wŔ*slUBF3oI's75!]:f6@0̊ $gnv^R x`2q ޱ5- qZ@=_x yjO\ J&.D@E`͚B"a\h*,iBbPd=vɳ*.-}z oK)AE6.x싐 ^6>1RH^1=(DC i{NzeF~=b&"1lX?83c*yyIΡ1.{r/d%BbˢHSepCA$p:!CAK`[ׯZV=uƗ^D>Y$*KbԦ*ˑ2G8TjDo;er=WqRdl?5qXd1I ¥[Eqq:VaXaćkha*H=MOhδr =߅¡E8y9 /7UՇ+f w&e^vz+ݺiU %Ua#r:XrUgrX)N(?,xL<~X) oHR~'x7'fЌY(UE1n dK&"p)t @չ#RBd] & ؘo3}([[ʔG;ޠK{1:m e=xUhlze~s(~t +6 ÆԖ/o/0lЃKkd6$\=KAhɼc0LN9,2pbRXWrRgqɍ31*O 7`n Շ'bI2T&B]Edl C,%~8}^Ü5O*$ :ʟ+H#vkd D8Pش3"xNYUH(&nv<5M2M$//7Cj6 =hua]grb\.p9?38y4?+cWn"zm^r|@RaPNuE7AAȿ2쏳SA5͕X-[ -_y|`&-TE0(YT6h s[̩(!5B*1,6F)iq"@ڴ1Z}Yu+ rc7fv( $ߵ_z9 ŌYpkկFBe~) CVyW<ARe&C9%/3sd["H/A@w(t0uߣ7|(K~x#vu >ʿ(]]{"%ѯ 23NReL C_IPB}#jޒ?1B)c\jyT8x&/H,*M7=4)f |v^(Ϋ*| /v QA(*%K$q+P$֣Xr1xBN' VĄ )L[o9d9[E1V-2p, 'P^F:L팮MJAu˸&pV͆;u 2MNRӣÉnt̋p"*7qVw2spV [=gDsCV_ѠOku/$DEavb[G킭g[ij:oS31EGC@0j _;+߅-d5-:]P$wqCMa5o95MP,<)nuZ  } f:|N_ cXqGf0~;d) 3ZdQ[8wi >M"%[p4mcI-<ؖa D)?9>Po9È -e "Bׄt3фݽ!Nx<2uYt9HJEg"KvKIj N݃^a imח(mcaSIlyMgwu2_yجJEiۣLhlb@y6S6qfB蠟J(LkFWI3+1ѤI9gqT٩o&%>WXF4j'+p/%_SWJܕ(OΧS8FnH>30^qϰrzhKV#1FF<3Ok]\ 5Nmydêx5dIF+U {6:=r4K<9?},6ﳉ4ಓ02TÑQVL6eP*+3٩$~Hfg ϱR 13TF _/$%<m&"5es~C?{ 7 (e8Gj{`|&M&,L½\myV5B$+m Np7IGLw[VxVh(JH1 cxM}{rꆭHOlO ^Ma3-i>ssa{=)>2y9&t;Im;L:|B&1kG]>6k D\4_o AsEODꯡK3K@b,{,Ee({ ܭ:N3gP%jjf+f`xF"ry' WJs>-5|B[ bYMBQCE=[ ǜ]SQoJu<<8?IzvȀU7i<*][̷E#WW2`m`(2>f^pmǎd=R;i=[PjÓ < _6U"T+{d#&Nj`.%|Qzma5D4wǧ_|dt|T" B @yPS C/oe\&v{`ɡVQȵqXkW@ iHϑ摩OH=.$GM\T\]Nd)hgvO cG7=_㴊m3Gxؾ˄,?p*TAcaL]BC R'J{ ޑ"ojv% @XGmVy'A6,56mϒK(} {V)2ȷ BD"?X&tI.]kf}R^s8WpX @pH_iޓqlNBȃ!'" kTNHy?JiZO2/%61,bk $^=0]0M+r*?n\̜3֍%5%4YW u 5:lk\(WL..{@0S~822/DMU*!9Z )ܑ6˩F: zr_ʴݎmюfxhsI`9 V|==Ut'?. YKťD 8_bA`KAcq(Ȭ{?yhkSISb3vE96!G^<_ 4j$1շmTz Z}J<:ZMQZ#iT  N]N%wTєRĴ(n`݌s8q@j #Ϡp4Gz#rO"<3puiwc 'RFx$ qI^re`ʷe런h+&UN;VRqo=q!YUu _^;B3s Q$fW2թ-WtjByi𚊢.s3搤_'݈|e$78iTrx_.\#m@0aj6$YQD:g(>bY3go7C_-nV(\\?rJ {(Ҥnow#t$['i¸4y"h%7ᄜ@}*1m{`J# ,U"wLNUJ)@uJΤ:Ϥwj~ha>Qt=O-k ;&:#g'cxotKS9!Ӈ:e> %E:߫|t$zps+[صZ IE_+OQ7??V 6yhT<4C*񟏴IT -@{Xv nr/T/XroqO Pu~ 7U:UA?v2F5_{tpa١Hi焓)?)! 3m(r(ag^,5 RSs;nj+WU#?DH4'LeŽc3nC UN[b#8n 5~ɎIW!~mtv6nDHJGG81yBxE#leTo'kV,nۇ5*T'~o"dO9 ]dJf%C䀋1+@j* ':.\V"ZRc70i/*ٹg Y suԵ"YϥDju4% 9A8QF}+mz`ʢ]xUaKZvW#UJ~DYu7!{={dؚ/([d=BY8-mYْ&4¯L1sGҒp_ E|$ઞGSrL}7ԓQ]f]TcߒR{mDwގu+úk'5e O5AGz.*D'L=2ޝAY\3vS3(MJeaNϕ~,80KGz$;qЌ`Ȃjz 6E a9=_q2al On<ݥ3jwҕ-GmM{q@-æObG؎}^q&"ge%y I,A4@^P~!L˧_'tT*+o(olWx,>'_~(٥$+嶃H85a*ÿ+^@mk~C5_ư&"-CJ T%|\[W_,P16 VHdĶϮ)[O"6N4jޟn֓ 1(xT`Gr]i)R4[ &\U?;_2ÛRȌV9c5/1i8dH<3o/GKy17R. 8-ԬdfskUi+Nl '! |  k,l'VJ_ HpasuMzbS֣kӹ؜ 8~2^16o";!JmnCw߄**2rR8 5L|ی# |]Enn#Ƈ#[O zɞtɉ P:2A 8=NYTkQN6vZ>}ɫIeQcrLzUo睃.4iDZa$Ϡb|ӓ'PRaE"{y,h3bbSA 6HYQ}$=9Fj,9$>|r(3șK&=c"Z'aGJij~ `pZTA6hqO^na^Ma-}<;NPp)K1pSzoz"@aJeTRYql#/zCMg( C:*EOPorz"5񐒛2S=xNspt9=WOb,7H6&;߄'VU*_(*dbBVŠӵۄCl~q I5esCZjui_|Jv@n90`6how"EN=;{2Lm1JգÖtse - qNGa&‹iB3s Ah t9 Wq1'g_,yFCqu{InI^ P[mUj,,{61J R)2z&w<)|JA1ne5z#"tg=@ OeQRHiݪ^57QO:f-r qВ\9حԉKZ!7ƺKmh@}@$QC.e΂<̙ c{q2*@&w븕 ֍C}4PBXc:枥S K8-3Cq^Og3:3h$oCf%y^MNj|`ZHs:EnQ5g#4_ᘳBe'&.O G{QtQ>x+˭Խ]AFSz(ɀ?.(9:`H?J&ߡ ӈ2J-Ҧ;w&aM#E9O#&;-$ZSYa q#k"Xm^;8!w겠 7VĎ+Jp68hUʀ:)$)DŽ@"ͨ7$z$Un ɜA Ƞ^~Q隧7.]A eLEzK 3~lumH!V𭀓$5qi_:ZEf Ó佫n EBp8dH0Ȗ7(DiiYΗC| =)_0p:\%K͜CF;U'Y5b*&h_is1X&APdY+;Y0/Ц:X78W4ZkS"͏,&m,2A߷ܳm.RYvY(Jx% j֢-?_@"|t\) ,Jl&/NVNy4 )dGmܢuIx.`뙖 C%F>`.ev*`<+E:oL6aWˈ֙+P`΍`$Y$Rcq3&_(06K7&,FmE\N^Hמ X0̼tJ:ՉԞj%#nw~*i6ldqJYr itIXPo0 AMB[C?quKˀr1̯q۪+:bٔ^o=믊`h2]f- oQ7^Ecvj Vك=4O|?׳Ѥc*3+njF-^!\g+̫vwlGtOIx5h2kC&MinJԷ2-X#"&8q3@v.h\t0 ]h?JY!\i5y1,Un;3<@NR\TkHLRG]H-NRًe6W~v3wKܩJ9=s\Pu?ϝiLSznb6{7c \WRϲR*.'q"﹙ˎSm*vDAQFqjx`l 6WZ2y*lu"55cCbj[xO?wd(\0p( eh+PGQ@Y(.pD ~ [YoX-A:ATe0LjnlkIk7˒ۗiz{6&4x4yZ%I= D?EM("cQ5y?En"8vɔ:r u#R΄bQA#aDPeʹ+8Ǯ’ Aorw/,hs":ֳ~Eg#a~).xT~ #sSy͞kϝ\<(u!6~}dJ[`ؓ boA]`I# {}\ăg1tB-x :IAݔ~|#;ÿJ""Q:|-r5@1'u2| 0ip i%*E7&Aˣ80@tUwf(8Wyю85ҰZ뇡sb(!KoSNpj]D6k^MrM+ikwQteSWV˞[5cTH9wtSфI%vcZ=BӒ`cR+if/~9,r y`T-h}*Y eAw,`"?51O&-z7-!'f9F&  SϜ:};nTeIɎ(8> o.z۵K|x$=2 wplXM~ͬH,_8V+ݶNZ'r yvV.HGxñ*ip|L~iE)VJAy @jNS>AO4?/J}f~71H|nBl#ϛ&M1L{"fSsG~$H{Rx^Ӕ9F(0W\$Gx9B 툄vifgo>J[[ObGabox(5Y ˦$5یUv n KVķ5§I76D u1QeQ.̈3i~k`$_ϳYᘍ=N,{ {`}@ 8=|C38?.")ױd8%ۦV"nIrY2A)n-:U6 GvPfOs!OoQ* F I(قKeIJX@LI95Pe ʢg~BڪżgH=ǼT_J?4jS<\q%@x?tjJ y`~x1;8Oކ绬GIpuԷ<ﲑAn~?%iTC)eBEڞ\jA8f[Z;DuA}-IFe!il۝7P>M"4GvkC;wIնuf+RlْDXiQP9Sn0f6_3^3gZ4ZvTXnv@t:fvDkڏ!?3>x)2NZ){,3g6 jayqnW6qj.׉Y0XiOH* ڌXgeFrEO?Q_HO٠  es]8 > v51ErSdo3~U_8S?|I.&U& =gV˜`']6CzUncy$uȜd-]Dp#W t@h 5W!}hd:@ vDrmu7\'`Fsa7CޮG@J()x*Z?OU] TdUsB5ut X˂=w ԵڎMg.o_ @%>ڦ-c_RqVI*DA!(DS $qnSCoia1MLQ$Ӛͧ H Bmâe2 ;@ KL{h)>9H] pF+A=3K>%43N\Y}2.q~'' ױ`U'ÙΒ om?~n(r|-*z>JQԧ/͞`_Bxզ(n@C窌5'jpmwx "i#<ՔUyKΔ,JxUxЯtvsޔP g82{nɄeuAJz?U8)+ًm7:1Ɍ1 ^ *X> 'VmTTh?oO / OAisbR vnK6Np$9Q'&ţ99ۭf.p,PÏ\HyN`@*$ BOO uJA ܽ0Fv>."cynzi$>i,]}+5|hwxEg L+(usX~b|w = Š>ß7%ʃ'̇ag'~{_x|іh+#t}U-w[f2'c!O/(=IA:vS N}tjEikgb:bP7`6N&nkCy%6#g>!Mΰ]ptI}_%fi"S ! ӎVOQg hbz. mw!fx{If cARGf& \rS/lhނsr1#OO'#P ԗɡԸhmbSn1l\~u))ҴA06 /&^hzY9g0]dY}S?,j%>d vO O@+.u ˹cD*1#r&M>$Pvj^ay*VQ8g|sgS3LQFG.hV#9GqŃb UW4]k!1$s2@x 엫AY\C q3~ҭ&N~'1p9kW7L'-C厉~ۿ \Y8ZOG\F7%L[5^P>:Bd=IWB'sC*\,lNi0>1M%=?~ o7J:HND+'_Bv&8mܜa[?&78Jgs%H朢@{ȎLx pGD?ڿL#ۀ3_f1$ju!]Xd?^H@ tKy2 ʯu/`Ua`8)5EP퍋P]1K85R[R(.0 :j\ɪb9 ށH`?m (ɨIM۱/X8''#Ӽ-]L_ = oÁRtpB`=栰.WmIٚոisRkC!p؇{t& ZQuV1X[/%C '(-&%/{ .|t3݄Xka:?c) 9Efc<"D x`Hۭۧ{xwɘ`)e;c\ sݣ&y !wDH͕dE]1w)MK8,SR`uPyS˪pSﶱ;\9K蔇@?⥆=*%w;s[{G-AX\YiE+$! in !Yϱ%ygɺVP(]Ü_ Ué{~PJ@WH{6S|LE#7uaTq/5S 9T#x Br'a 6PeS]/WULrvePʫ4yF'ueT sa_szB!T:8l4v7gZQVO;2x4 >M\jdyՍK>hoG< Ͱ (8߰'X[pȼ+j>P^| =x1c7doh(L"'rÒΐQ .Ɔ_HRpAMa@[xۇ}hSafڱxȜz Gzy?Fa˱à(A/~x:6UOa6Yw⎆ &N i#{wÌFۑR~TG![J`>N<3Q_g2:k+,VF:e0ARuHO̫ۈ`[15VL{su\e ͨci\[ ! )gB,4!8p{tn qXi :dސANMׁRKmHEY?+$|%{뎆MNpLq6%Þ?et q%"#0##aǒ[MЊS+Bc2dYÆA~.E  YZ