nss-pkcs11-devel-3.67.0-4.el7_9>t  DH`pai$ƨEePH`)#Pv^ٴna(<ꍧ;\ 8R<%Fwqc+ۃ|q{Cx=H̉ +[um Q}@o&J,}klh*˖=;ڑ@' =lLS<2WSME\ʨԥxW0A[Eomi07U giΖn'w)qG-@`_ 3̹o:+&B 2q6-;%7lR}4"ݽU4oC*ݔw4JWZ[]Ӭ|sVn&p)Fޢ7 Bϊ)&Q%U)4UKx͠fd#4Z?)ưX,em$x5G#(g5OUM+ BQJ[<܊R^).o_&V ^@u׿}}BN \Bp0FЈ^f1fbc3eb2889352037ac3454c25a513de1f358b0pai$ƨkX@fuvx%_qJr_x⑈[d:Esw~H[R}lİp:]cjcA6^_X ao>Zow~/yXAҴ.R.k sQQyAwGnKդXYy㸳,&8:oVUes ot'r6Oum.0ڴLy$RѩGtM7˛ڮNĕڽfWq6EcvŗHexkmò gbyB$l}yN f'kZNVPnҙ5,8) z5fc6 C.шO5(`ڪo˅A7<YuIcΰ پznh\t}IH@]O'%4٦!kw ,%Z&̠I*t%|gpX71d.]q>7?d " Z OU\         E  T    ( \>(p8x9 :TTGT H I XY\ ]< ^bdeflt u$ vXw x Cnss-pkcs11-devel3.67.04.el7_9Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.ax86-02.bsys.centos.orgCentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686 n@GCB:nx``````````aaaa35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c44a34ccf1d3f2d962ee660f2f4167cdd6509ce65922432da3a3b58374db2ddbea189c8e603488c62c5b3978636b1de359cbb2c07413f627f9fa238ab74b3a42777rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.67.0-4.el7_9.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-32)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.67.0-4.el7_93.53.13.0.4-14.6.0-14.0-15.2-14.11.3a@@a@`@``Ȗ@`@`?z@`3`.V`@_%Y@_"@_*@]B]@]]S\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-7Bob Relyea - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Bob Relyea - 3.44.0-8Bob Relyea - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- fix CVE-2021-43527- revert sql default language in man pages - fix SEC_PKCS12EnableCipher so python-nss tests will still work.- fix sdb timeout issue - fix incorrect ssl alerts in Signature scheme processing- Rebase to NSS 3.67- restore pkcs12 defaults- Rebase to NSS 3.66- Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto- Update to CVE 2020-256423 TLS flood DOS attack patch.- Fix CVE 2020-256423 TLS flood DOS Attack.- Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic change in nss-softokn.- Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles- Disable TLS 1.3 by default- Rebase to NSS 3.53.1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)- Fix pkix name constraints processing to only process the common name if the certusage you are checking is IPSEC or SSL Server.- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.67.0-4.el7_93.67.0-4.el7_93.67.0-4.el7_9nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablescpioxz2i686-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !#,H] b2u Q{LQأ;D%T^(UYymYGA+lj,Ç %!S^BT4Q{S=2S\+jBTfp}%DN qͿJ#Uυ ϭ$&gOn6AML[(;ՅEL4LBG%ZB eHv)ztY y i\ p]WD̓70J?r`P%rh+Q{zE~d7sUmE%C(޶0IO0(TϲZG!'=a)@s RAy&Ji?Wr@OlEUr{sZy>O*]?,Oqy/H_v.ϔ~6ЛDKj܄BquUhu0aOPv @ԅ()FG&[Q0F'D/058E3\# FX뾭RMY4slz< Zh5ЏˋĻ_WRu߫kNQP Ӯt>> 679:y-<ž1Wt0VUlyrk%`WV 8;a&:VoknйTBQ/.+/o0M,E(/-^4VaMiҬ?lY0;'lzX?-hU;}f-M.ܒ8tfؼNqt ~*<_籘ĄNv -!RdM5nY  "-ZJ.^}-u05׺>4x8ou͟ށFG[ kh4cl?$H5Ie?,! I>Cvn_A57D/qJb4-pvj+?2)zz:6㶸}L%\grScZ)s;`Ó+*(}{\ۿ[ 3n6#xgPB?#4U/w9saߠR2oj06 )n,j#޽!gr Ve3<t.^9~)C+8_o$h; xHy8Dp;qBj: Shb''B'HHؤ^|L6*^9`%'IMi\E.RmQnOh->t,B3 ? -t. so9={C5_9ڷˁ5vhNKxhE_/J#+<\qɎȕDT Ku"XBa5\?Dڪ*mXEv^J_`s00cb#po|$ FTlIJ Z#'hNٞENY --{0E#efe%"r+9lY qE;0IncĩagAr:M$/ZB|ݳf#0:~e<!-UsyK޹u=It19lP1ra!tVA>>/mXdO"DH^eQ& CWT [rk%[K1V>ao@:)I_6i錍>ae*zX84;܌ B׷IfZwgM9k1/&@-@)Vŗz|"2|AdO6yU8o^6Yr uxNhˡ VȞ a2_Qj}d!_'tm Cɳ+*^ y\J-bƺ[l8S]#G|"U? }mu~ͳ _qq9Xfkk;,Y/n|cMץݬ|Iz$Msn 1~#] 5r3uccYıoܦc:նJɚďŝ#m> {l/ >ڂ D^D%Xr3šObBWJiev5td (kthL^tT :u/Lq/k)dk%sLZi)&WlJxc֓%ţ`^ComHPͨ?u|c;F?:ڛ'^dF0!M0ͨ')bz@9sc5ʂ!q,#MoZ A#BMō&x>=>T%ﮧ`x SjI os/xiKͷԾS}qH.ZS%^5,]ZOxrK~R XX77klIƐ1o47m]Nț <p6=Vp wmњ3.sтGIY#K.x)^+کSRJzKBVۺ+.#Q#a8pC<2`:^BX{ٴQmvC_' ebU=N.2P4Ama=apZ@$,ArQsјH ~g1j[ĈNR6pTGỴա'u%d al}úTw>^j2^ 0}g] lMd72Xg𳶩1(f2=]fۆ׬V' ;@ L8A  PAd4 CPC 53疠_yX;qTЂO>N;@J)C;]p%WIn$VEPvsZ{}׶ C5ѵQUʉ\N4UU,lW .+De<~g2-'dQ]"oGnO[:IQa)kusAߘ|QDs4Bԥ+#sd`5SXH6&S.ŁL6TH#'6,b93t\KteUqq r66G/+U 7|0O2? T$-1&y [Ahq@\9qBу~E^v@&#xFUE4y$.>Ď#onn:4`.P??Qq4k1-lzM8|lZtPPXj'61\InNXIe@N/ye4Ы0sU@M*` M?pJeP1L:C>M~0ŌvҎet2'(T|h@%}m@Rv~ ODѵ֗ԎV~bNk6Omݛl-~e70;ZIDEk| OqwJLTVf٢FDWePZim)܅ ?63%,$!z$/V;^0`L ?ń7O܌JA5 v m~~l]W8D)UfH,ۂВz\qEU'3Yi+HZb/P׈?5. 1 SOl;*ùdvK,:O٠JfX`U'Y!~=m,بt7VL쿋{feh3X̶߳5QozAӎtlP:jf-WoL@4ţOLJP1&otKiHg︁i۶*A =A}/xͥ7(TU*n[ KSpR$1U9pwv;_Wq.:Z5wQ]EIjÉ78JzYÈ8bY(C,{D1p mQ0G7ޟf`i:E$|0hoaj6]Hlj&א(Q:kBψE+cBkwC;3MN#1,g}ߣ[O2EU*$bW$5=$Sn?Ʀ7#6rQPm){|,LKh'g5GH&Ǟ p%s9Tv%#GH6w) [dy)P=DE?5l鹠g$h9HUIl4aQ qq5ˆw1InكR5 5l@pH[!cQ-A(sRgVjW\icĠϨoV+Q%- =:ƿDJ X`mSqV(Z0\'Es/yę~o/X 6S8OMzg+(_ֆ&VOҔPz| DapcXpW^^y;=we*mYʡeYH/e`du /^%QW|Hv )t,9SaY`f&qf1/r6eRk6R-IW(\-s8z+]Z}MX׃)@1۞%@>N켽{ى\?qx%S>n׿"jaD9Aw\mZe ݈{MMN A0.!=Ʃ;&+jAmQRU07;; aJ,Jm_fyoqޑ &bݴ 8 QQ~-Hj#pAaSRmiඕѣ9܁H٧̯9bD8a8GXΌ؛ k&Q-Rz3ןnqsW''h$Ɇ3{8I}P8mӟՌ/b4w{BΓH$6k KcG_C4k U6 ָOW&hX =,ԓG!YdTNG0hEd,ɣu9ϫ榃Wa_6aתq(8#7f ,CM4)h,ij] WI{K Qlۮ3VhuGFK͵es:hD >/W\s΁TKN1ɒh$jR3ge{W#FE7xu %;S4K@G6jSZ|\ʗC&K!ycv9rҖRDo~0J$,B^8 ~}kM5 PdB[bnpźQI:$_{ܚkhK-]k^[q t(P],GP;zN8r!u .882>sɲ\DɎ~=/t$0c4X{D+ЭLPZI~8-oc DqI% t*Ǩ_q;SEq7 Ua0I->}WHmTrf=Ci[Q"KI dpB>$>ݪކ0d(YfѻH9<;|(NE$,-QN]H3_Ⳇ9p=0{P#փgW) Œ` _}%ʍ_TLَ~꩙_m y'Ow'n| 0bV6 9qiz邡6Vo/%g9]3k5_^ h&ϺϢ|4зX-5DXw%eK~8(J PG*G=1^1#] lLr*:m3*lƨJĐlix;/D+ʠQc玽$:}321:BmEa== 4 7Srn# $qmޏ6diUT/}0|SүyúT7ᮮS(3(^ŸWĮy3EE3N:QYQ[=e[/T +*٩G ajΩ Ŕ=m:ss<7g=9JW^3JC#5VŐ]3uL_?Q28OȠLh4vh0`g]ܗ뺈v3|f\F[̢"I28y*bCSwjS[ #uW[Ychf_uªjݹudGU $խc%C~VIc(>#apYA5X)6_f_u$,E~e%hcu'r;p[֨ySYư-ٲ$Y"JX-`ݮ(G9~ #LM0E^apȷ`,Ϣ!2kAf Z_@Mc^Ϧ`аԾ`ݍv"t-En Ï[6& >0\AXޏoN,3%}N?`Hf0n6L8BKHx0D""@3zG}0[L+g`lWM l'.wO!2 ;xaV-2K1=2Pd/_QIp1K֎H<9Tij&X\uRe<>IX7΅s.k ӳo|)d?¸nON=fbilnO~sY!y2axf--"'1!'ϻ#l"W![߀qIzz:D\X/F(Rs16;ƣXu.gE[QgZ{݅Gr)*aXRrYM}D | 7RQXjv%0AIB>21h,I nWwgj 몲#`b# '8][o5fٳggOU%sc(vI"rE"F)IlvHB&IzJaKrI6|~UrnLJ8x*!^LiÖ((IAX|0^Duz1kUNH2{yjUWea}zͼFHD  Ai]|;RzJ3,tXгRX2y+sA,`"lS<^u<; wՐ"E44,/B^:ɶ7_w'M U-HRa*]uQ0f>ʮ+f' @{2V}Ox%Yw m;>B$ߠ OyI _# !bXlY&@K,ZrԽa˓P nt">QIm g!H @{̧ն~Cu3:׿-cIl[#=z;q-փp5eXVcn{0@´t]$$J5%fT*+mP뀍a|m72 ȕ [?1#jMS//h~>m}p"; yhu9^~,moW2%[ ln GVYTmJ3 h}EHO?c n:I^j*k N>(^ҫE)4>£N4N]7S]BMGh •H ԗ+85->uT/NuJ g75Ӧ $ndmRZV,)p|s3:nhE( %Ý~ T"0k5 F_t05yEbzeL@륋֫:+~0%HB] KU/T~g ݙ3؁fɜ~fUS"OX ~580V؅˾<]ߨV4ɾ2B>Whffahr;&Ox. wgC~[#djn$/妕szV)xm7&b0쉵4q %xyL"C>- :5 bMGoDMB;BZl\щ<74ku.W(*D{w (M<&)+peT6#@Ô|]{iQ~X.M=ƘQK#$%g'BS4EI{}=f [-}Xʫ6i%ݐ6Gh[3<-H_&%2܍$ t.V²}3(5ˤ^r^[&om0ZR6\tAYؾqwϭqK/Jm߷J/?D"pgZqkxV_rH8gمQeU'BSz^C垸!D3, #5?'z\7Jrh;nTlVcj0wHTW %sGUP|vҶ#;~ܨ_Db\l``I.]QLQV0?o4.f^Js'E Uߠsx'D$120ېD _~@.Cs *st߉+R%;vII&M}՘td=򆾭e  lbYd^}oIw[يvb5\u}Ef) MCAQ@פtё1MĜieq*B͚Nc؁76l AĕoI.Y5LT9ӐGR<&xzʕpmqV~lO.-cuDxفuوWK |qq*zvґ Dx&0Aٔ**0iH omѻ?hv]Jx} %6ЛS+)Z,&`t78q \ZB+5vpUxP(32DJIbѧWQw= UW1,SP3|Plf.|3I@KVF# 'J(-][=<@z&4~>@[@RloGnL,9W4S"KɌnj/& KуAyr"=!v)PIk~F] $\6& 9Y6B&ֻyXL{SVz`65}w:@im:\V2SVG։_j.@lRW/fKY.nߞHP=o% NR}:xĸ#&6VZ`0 bl؀oxGƺuE6:j4:n#iֆU{q\*DA0Ͱ@R&.6y0W2S<`r71B): :ڸhYͻh 4ȣUֻ_gݳӑ|Ljm68F4[4ٶù8ȷ?i-z{Ď7Ex.6|g X}ٶB|헚 ,r}xM*N |͗^*ۤ&8H Pё"B?'J b{Yoo%,#Nlian(lC@%B1wh{gDVg_z}:{ZH& } Ycu{.kE$ ĐIg"ÞoH-E6&Рs2["僮#@*E`#e\!% $笉ii]'%PթI@G ؎Z]Xaibչ_X7mLEsnb q0~VlvTޫtj:a܅3_9D\C oA-•!}d;tB_Y"ɏ'+裠T`%p7=nV%9v8<$:; /(r"][(f/WS 1։ipJ{Q&})mS [Rnƚ,U) ep]ѫ#p׬£ua [V"Rq+AJjQ}G:~8&'^nWO&Wu(zґoȵ>5ֲ:#] `Ƀ|C+d%thϛYg$]A8}\pj/NQ)z]z ͮvjzwli[𞅰"W ( {Iq6B IOh}_jt=|N죜V\-3?ͰA!ۑj3WS gQML#FynPg9,CaPG.A:r#=APlXWvD~U;yqs3PUe+g^?;6|;JnK[H%R,[ m*fv!o6HªX'nfMGNpLF[0J`ȔVZoDi6~dO =9إWQB)l5\'OjY?7&)JhFQe20@:bRI[&J0RgIM0$t0wxCo> :}6,~< xSM8 50Dn@qIy |o.2s؄ڕyJ梡S,;+_m*Vva }BQ-]f6OީЫ(56+KUZ/f#mșjBtqzk7L As;.e+w}R}0+3gjg_no̩[$.wV=]X8d+%}܌`Ҿ%@lVQ]Uhe(so';`x kaV3ᚫicCPJ]֕vaƃ=h˫AZFY'L~MP*l"u1JlnJjV.1^P fl5(#,$6rJVoM?گ3T1[@ݷ1꒮VQ9=q6q ϤEb*՗5ppة?؞%&5W&?hgܚJeA65 ;:~XC m J +_`e|4J!M/l/ҖeDn0+h";NZ8ی8/k/ax4'4fLvՃzOBZ1GGt7Qs}UǗoq15)ݤD'еѨQ 9GZˆ/b,Mi.Ƴ AV6ypà:q4/Gy  k"t sN֎NHNKp@ƲGAN( M jdM6i9M`Uy,<VnVVQ[y.^S\AC Zטb$ ]:+O׶LGD  `M_z]oZ"7@RN΍F]1*zt6nz~ôAf˄F!Z7{;s.PF !y:1tKK=Xm_||TQSb16} 2HkmN>Ͽy9oUr,o=Չ%"aCٿ 2Q4aӛ 1uͼNlRĭ:U;'0"Îh?,й'71Vr LڸwϱvGr"ڋe@I}ߚ`_fc =M@&ݭL OPNt)l<Լ4vIq=)Q!}R{=ZÛReV]EopJMo2<+VVP?>eUd40>~7i*,dl}l*ӣ97y?F͠%׈h=^Ňb|C$M_tW?TtӚd5aCZBߎ.c\.tV-^`HWK0:#И  YM4.XpvxfIVǚ >-ʶ!=ķBCg,5^ iOf22G1?wL<ؽ.K\W;Wh%IpjbifbL\3XRVIBUCH#H }W?I$*Ӯ- "5Qx. (RSXvub2&'@c D*-Bē5mxt.WX>* \q`:_/]]Foq<}1!ڇl)r=IRHn2k/U`ڈgxf $sktP;Ne|y6Y1OqV&L]44IFK>u˰nTl\6XuTd3I䊙+_>AόTA/D'jU}NZXvq)= #ڟsu3޸|GT!-*tKK|V|%M6K[IsY33ګpTzqdb%ao|Ҡ">q7Kn]FXp<9>$t x'0b;(WO؂d4G^A_s dhϵ#q,GN_Q[GCQؒnM% \H3aӞQj?>ds_6hLrWA@6_ԯևeMlaY>-0z ihXb(=grSfAD/,~5jGYj dFMt*c1jPoxj⽄G HcM `LEtj(>\Wg78QU 1d̵~ ??@'dǔox(8"(+)ͩ,$_ {{AgD{=9湔M)5DUֈ |6Ѷ4c`V͟B=y wR,o/6ʜI*o['/ ySƍT>! ^O k|)N9⦕: RQUt7ZQYM(ES JNJ M|eFע2e Al"*YSsr)e` +SFz3U idv/,m:NýVl_7oU\XFHePJ XqO8@+QnnS %נ}@Z w'ENAmr;Aˌ&E9TbtB.}0\WJHxd;{%4=yFQOQhV)NSch4M-Ic}VC  R:^B– D<-\~k!h$1h[o!p1_cUB(WM5dy:xټ"5PZ;!?l/"sjM]/TGƞP^qoQ4y'#=FZ[zGЛM.]ZwPoá$Q"maAGXsQ=#r_秅wCs2n #v@GXwJB{IYT+sSbĐ bE%di;fN5[\0BB+Gfք|ђho/*BX)we}OZ ;koA␃2 K4]/Z-V#N9IT L̂Q-r"C | kb˂鵣BƚmZ!}`/W.ّΠifGT@^, 2T¬%".đJ_bt7",_19Ttt/.m)ejmXF-n}.p#.;(C3 _VcwiBFE4뜦PȺ4 Zۺ ~ ͣ 52+WMoAC *C.& R6V$bYUW aK9Q0ClA[* jCL+H]ׇccߵJJV*x,İfnގ$m"=B3FF+v{h%6l\a'Yۈ8wRp$+I=Z(Ox_P>V^ N UyWTE=,( =tY9ݖe^< qU[ؓ( `@Dڳ&#R>V#_#~jUoۏO2";[Nlx '%Y6ˠ iwpcv}PW!0pOM(sI:X癍r܌nSm]z*vÚb6o"ͣuKs"eXca;*;pUf Lk90eLPf2LMR.Q!߰݇qp^LyqvN2}y;lVUf-tʿEXU3fu,g#JQ/~{0Q1Ày'J@G{b|{eeHY6̄ղƗ*CylҐt탂̆,A/)_Gv\NC6ӧ05c+xid`-l5Ǣ[ s (t׏^y2Bm_Sx?ٰJI3 ~J.eÁ 2Z_._n 8ZY&awΔ.|K?Y:O/~/hyo50|9}88?=_vLb遢EA.$2V DZۦ݌@RSEҲ ~3k$Lyͼ-15k 2ݼ%1oodiFΙOp$*-XwJմc!֣Tر?yɖߪeF3p3}5=}y9XL2ǫ&GMf%=6hx-NaqDґ%?ĵKQ`0YLHБl9oaoc9,bR qR ,$.å>Ų&BDkHB?X~tpj$Iz^´; C)л.ޢ(cl:5I0ܚ~ ={|>DٗJ9If4#K)2BFջ\y Sٓ7STzL+r Z5~l`}|=*ʧjG=gF|RcFC5g*t0IJt2P?k}7@Lؚ [6@S[E;P &\T2!ř Ӏ#F5z$9刣Jk7w2|楲ꎫA>arJSEhB^|~6YfЋ-ED(nC ֬hdtAcqzB A:MD-VϭIMn;E'sE&-ifaqmqIi}^ h'A <}IFec+֎5,(vMk\rx7wDWv3+)m!mWg]gΊ2@ &ANڇ VRdk}rYmAc{@"O>>vj"䝞[*|湁0vWf+P,8ފ"^RD~yTv*R&۔}@C xb۟ZA|NDHF7yx(Z/ZtDKUh=T1Z9X<ɤQƖ)vdJ$v>%*:EswǮeajʟň)ݡ%SuznʏW}XHؤ}DK>B_K+ 4B ov@YF TվBG-6YYt+@BY玙M3vdr̀`cK[5C@j&׭{23-W.rkN l$ɇ|mu~!3#b-Hc| nE9uWq|"~mgj ?LiFYC˂8 1DrpsÖ;IPښH^3&;V-&{ ݥ/ a%%)arYcޓq>e;VNF5482$,Xs>/BY^lF>lYmz#۹UƝX\m4,2vONTvj=6Ax5R }p6͉ļ?732깁V"-YyogW{i8Ej‚gqrAEl1ݩwaSAUوwC-ūbwxM,a7㎸A#u-Xe`7S4֮5H/N12 rg%6X7LpR1h g`ʽ: a/,c<7Tu;J^@W2 ߎƜ(6úh>LVs[rAnyd<՟ ==< qlOdu1O"ENjdy3xSPvkpTH\{6V5` 05޺te~Jh\'QWH{'#6s%0 @dYKFDl_/ہ~g6H\:r2^[`8 PQ"4Xyql; 'o34Gl6lP t"=]}зp/vÌ6>@6"iPЁdt9>RFyU("=crV$\ĉ ;c;8G#&1ʇu?dd9GbY$55X'; Jcyat'ׄi? Ѽj1g?;\v|xu撛Ow83ٗ0Z(a8<#(b6T0Kvةz;۪׋Ҝ{ܓX"İiH*s~wP`K*W PXV.f,ώlx눣ѷѨ?ljtwfyFS7`ץÖ́!j9¾JARKsÁf[@ ZۂC)\8/I tg,,-DXPN]B R]8O[QmI׮+P,F A/E ãt5  i%&j- {(DUHAcY.h9+crw ?T,ޯHtP?RIBAm@Q:w[ w9\W;A<SKs R7;$8'p qR;nFu4ZNهapD*t0q(}o ]?DqEsG~ |"ж ax6g+* fU¤h &{Z:J ⊞ 3"GUZ=F+ ĝL /߲x'rjg83ۜ s_ٖ%I,5zwjKut7AH*9)R t%%#P`QT; į,0)|U!CXr?G2  VP!ɍ2M(F‘L* }$|xWσ(OBw6琄FóM5' :1`sBW| < CqFH~ N$_/y7s>¢/ֲX˒q5< ,dc0\ObKyl>\hd^P,AL*D&mahX*hEG tJόDJv Yۺ{(.eSrmX3.-Pc\rɦClVMDJ],A= ̖T dO%U7L}ʇ6%㲖'ł.w^ H4bq[pW\ ԊY ts1Hruk$m 0xF 7I=0ÖD0V̥l,^@Uyz+ZL$v=U '(}BeBcgrqmi2@5a 쿛tU]*6Z/#l۶ӎlyZ ^ ¬l'G.CF,V!ۙ&ab~X;"zF_jruE(l̾RFzF"X%wu2%ȡI Cs rcI y nuYZ`NKPk1&ne|ugi,!צT-0r!*mZ&7R:XKe󖟳8N.p2G-0S>N>TY q^hN+$ۡV N#V(Hb;WR]QQJ4O5/}3;N֚?ť!>WBf2')h24ĥ]qAͰ#!)mDOw80Tjzp/^T hp&lZX2+0{ƌ;*ꗔI+5͈a5)c f'Y*%3թ ͡RuMz.RE> 2&j=d?|w*n&߀fwǼQTp;!D@D{ J;ٰ=W7xqg1_EM;o*ӄΆ,Em⡴p͖dxEv5]W`y!YWڢ/d\IoK9x@Y4N`)\5ľ 5 3$(2lqc6 'Vo?`Y}!`-TZt`Lxt;Psܺt⏟Hj#Syk?zLT6K:81˺G3(jYQSL&nGQO.I6[ jas5-^چup$#1JKLYW> ֬ݼ[1 Uu*CZGd77UbK[Q5 1&;' Eak>p*V075s0)Y~!0Pj@z^9aZ~ M̤[#HЈp%Iy-K=,F/HY}b 88Q\Nh[[^" 9DSכl{Gb)FVV9DbUMbu#ròaBnH9xQ^D_5yFh#1ɯ?L&!ux8谬Fabb'׈*rˎFAFzVyhf}9,^܅4غ~H P~لg4%ٮy%5b&|rGz0ڲE컏 O9kJ٬dk.}'qLƺ0> Rjh7ё1\;Ϯc{㰘o=XG0n\퍉%a/k 뒡BY?ăV*j&zV|zOBp>O Zf;-,ŗezI߸굮aLԥdvbR"?|u#NU!_)#kEѵY"&S:ߐq_h|,?_&B{`ߔ ]ĤqfKx%R<mVIv6>ٹ@{:iJ0ъ(o\?ՠpwJx.Sԇ˷IWΌU)G p BChw }r :) $?fE"-EȫV`X*|N+H"z6Q%.!t1=(gOrF %FVFd4W3(3ѹ oxʐpUQXibq@pb5\SU  NѮ"_aɐyRi1ٶ@f?|=}XPnen1UTz*mOq\jP77VO-KjղٱHT1v_ J| qʕTV#w)iOC~bgkDH|T k*і1Uýie.IvQfT !abP1hTz/Wt̤2JPB6LJwY U,<=jЁ%JzfQa̽Θ=b5YWotACXbtQh-^&]N`ֺأ3p9:9"wlP1;VءlM^LfadCS,}`kXgˌ^dU8TE,  \)>'W{naU{ w:-X<,5$2ч[ݚt6at`ni)8~)#|՗1CZec+({ tL) ;C;gjq QXUYv7*^J3T>4_^;⃎ !ͨ5wu! ҆ zB\<1 rPYu06]|w>]*a!:N+/~>E)ơ&[gـY/AOj iֆ| 8TNU$9e^(Oˮ'9`0mifaEeOx;~@/ߩ`=Jʸ'onȒ{-R Mu~a ;iÄqʼ`1 OHpf t${}”U 8]}CzuT:8:(i =t6Y5ԗ+E[?|l!V.^vU>0A3G,޶xKPe>ð7#;OQi-)nfX' x`s;s 3AUx<ădq.") uq9QީO9"0l9I_.69˂ʼn,yl?̡I U#68 C]3"c${6To)*\fn+g1 YAA !lk]]81aެn6K^}P=*왯k˔}.^ Cd76 ^Xu7|ϓ30.PK3 G&^:Β /GD0 ƃ !cML^^LչhuvT|ĽǞ=si-rxX#hto~LTfZC>jg"9)% jCGzfqEùs՗t9Pa::2[qZwN0]p׺x 6"eC`ɑGYZx\K0*L*όX;GEVQǒ^\f\p{]a^Vp+`D6&OUijx:^gYQc_16:ۅ {.!vyZڥ,8RGeDe/tq|]vUp62qP/c5J+ŷ6FPw.b=Pqy@rmEIӣA{1Y S@? #˥ ~DŽnkO,>mbӟǮ#U[)qEGKc{bعT P)KfFSH"qwRC7I]}j3%i"| =uo1(sHTOJF^]& A{K2bB0դ]F%{C~8t=ިUDؖ& (xhؕL:SNBTužM!t"SJ\ [&DΧ\cH\l"R)!~H8?TpV3EgS %Q{ۗ,əݷt,wwO"~>ûW{|w71'fMog7v8`MǻGԋPK4R8BqWMC)^Ak z5􏏺{*H'*Gȩ>˳7ro]u8qXYMZ pRTbL¢sDfM1mHow U7q_Qwϓjc9= c8M?qײ=_4l+QopI@+yu&EyJ &CjA{>W|;<٦扢=W~0v>>#7iTrSsЭ6Ѱ!?|H*ejS<0=#K&a}xJ8IBFhZMGS&Y7 3)(`/BՀb."@L6$iN#q}p3$>ml}IQ#!D밼"W$Pay{Kd/WD͋&7EH),C!!!nXYN_^O׊kˑ|;Vd;86Yz8):݂y&Py#%iց$ðmai [}Um3Lw, oﬗz_.Ȥ=]D-DDM1Wҗ_&[8Zu#Ji)4tv<YLGo=%bT[rtZx99qIH:&!7&uMC_!A~‘y(C3T6;AG=U$8ϿkmVr PQZEdp7$0v( ^8.~⯁-.*f'$(]sαO[~[q`X($lGމ FIAwUL95kGmw?vԍ /{О\7 uo$K\(ym.!W+ƳT[+"f ͨϼ[.뺁%cPRT \*bKtY#kA*g#v,Hu ґ6h]6ߴe 0.$Ul.;K}cdʱQb&]H~7^Fkdk24/Mi g}S\Dڏߦ=爥/=nn,-(l"+֡ԏt\H(#\o*~yZjm1Lқ>\]SpZgwlO!l˪#KK => JVRuzm'yzɝ@19U~쒿$JvU*zHGYG)(,&U+Rs SBAo1M"P{zxm^h[vآaMã('c2w_~a+Wf!(1xMgi -4Kv,>h\ƙCzӰaSZK"rғe &y*Ld2$Ig .mwAC?[mbh#(Y}Z"2|Ru@s_BhSxOI4R,Ѹ،${j F Bb'x+AW:ƃĢ02}y@l<+f;Gۦkur Z9(_How ƥCicu|ZTʴg <\yz:|Dk3t6 eZ0Df]>[HF)@Ye:2J#`Ag 9h ]M!B#fFaE~V%L{<>f0x iD|t[RW\J/Z* [tw{dWe) xI˅=j A/Uv"4z[љf|s)I1LS-ZE$V 9iZc=}ց|2턤PoLgkq!'HKOo2G /wG>y'>؝wdЁťۣ# v,Q܄#p!'co]LanCkI"`d[4P0I{ * O!5> էo #"bg K4q(-kDzU_h&|C]| ceCU:.2(H`Yˑ.5u?۴o/|lͲmDa)N+gk PVZW*(>7X=.Ej(K3+8JtBK>0)FIe9 AmH-RkF?2!'E|&xe8 ʋg} W^C S!ʻokxYN/.=+)KΪl={̺ XCoV1v.–ngxEgΉOMC#+ ?ƑL)V cg \ۃN6SfLMNUʂA0NaIttu+Rytm; `Y{ }\@IʑИ6:]or!ż1<%Cm.25m|H(ӻr;R:S9~4.(Gv%[ŒD%,=S{SgfWyd(2%\MwՄrQ1:k!cm1d}0B:AAz@+M(?`-1^9}UJsW u^In^m52: +ߜyͥCMRq5_y '+Et,fwRzA) 4 LɂvϻV.}\ڐ\-M-#B9uL ܑMX=]D7:"`. eu`qBaWZTG”#P!:} ;=kMP#Zi7OJْ7P Ě7?#{b?$MlͿՂ/_Q[ =0aZϦ>};W=Gs:1sK^-(Ŭ%3^xtdX 8F'=)λ]8T+7 }I\2464X $}MDvUswH|ႅ,+i}α_.(W7d4ۦf?\,^5 ޝLH~O_z$&‡_+)襫ՓlLPpDgQNha$"9B0C,MT~e0]V`Q|ɭY50x+ [78o4r@=W/"pmoݤF VUdNVr0$em ,Zd,W 78Erkyr2р`n fgΥo-!6&JiZcyx^P.MI.v1N"!Juq=V&l tbLu)sjv_ZqW>42]IύL2 2J]˅m\M§[ߊ ʟic{iܟb@eȨYڌi7 $BtJD"ftFL5N-0d5T;2>#tb}a py-,&R9cJ*(s<1Z.݄Z~l[A |¨fWA`TcMYCЮ\6G=8xi+A/'urXYUC(#>M!O8/N}s-ww&8תZb.J{K=ޞn+s7ݕ{t%prB*'+Ūr@wv߶q3{z?;HkDž"jzќa@aioI펑wӵ\j OY~t࿒5~NuBr"`m%X-~c"u-6"yl~J~fE1aM@]x =-@ JTS,?kܙVb\xr@#M0ʔ `?Yiz9T!6 ?>ƚK`!$8Q!J$ x%{lUÀoi2ښ{+/P,%i@y'="FH,bC.!JG:"gRx>TH(Z1viQxW;{s- ~1*[W I}!m/[Y02oVLHwnCz=ϕ02cd*%JsL6't8}|4C(co6vHݰeCT񪤙9%Jf J,)X>( 񐩣1=p~Q5!F? )bhj^<6=9[_8gj:̣ sC$gȓpT8D?uwgP\5.Nܷ ]3o'8_5c-.Dɫvr +i փvZ\jy4 rW=VPr( SĎZs;BMt҉]ꄛϟK:a\_%чrG ҂/C )O*jCܠ{9/ő߄o}8T:p cV=)*8I\m[ԏ\r47vH !4j_ji ]&PRg2m_vc qpdž p)c]lzɯF9yPyQB f+X: PZ4m zDZ!ڈW?|8b-\. vL ¶djR!u112E m!FJ~Ќ\j|Ja~lK  VŘ߃0"pk-W&P=K 5m@~sF'*iۈˤu1}mVn,fO;:o#•Oh Ի{G>4] I`>lGI. <7QEN_L]^L5 q˻"7T#*1>!O_zCu\n]wh6- @qQpqPXKhCgtpO%+X p$yԵ7!f[/73|s%fvʧ31W![nY=|nE,*hܫ'#4& **5-F~x\\=AtOo@* APҺQ%|EsµVy߶ 4̇3_0|D^ldgM#FҎaucN'`e< {\/D,^ɼYEgnQq *j1緮~'z8l5t=Eٯ?F`nZv |iD#ljx)Cet0WGEpLGzm)o˲I hvs|Xָ?j(m y$Jx3]ĸcu+ \D:_[^!I˹miF$4 z Vf;2axa{ G#kU#i oO(n#DPeIF6B*ynu'y e5K=*35eiehٯB3376QaknEdlQr^+=0Y֑^8݁ݷ0a#\dN̶×dK{v b2.ͩ7•ʗv Ұݬ4$؎b+ʡˍW/y:C<^vXf}ȫ^s~=qIa(pwĿ8C.StL&7ԥn"5>c;Um'- GIDL}g:[>PaCzɴ́f`ိIlc6ͥ{ 0uihME$s3L*I*{Ʊ (1`Qk>yt@ 34[>l5&\*)Jʌ s?e6y`@JnjЦhGLu $=W8qܟ)JWNDMR_miڝ˂2cA/GKB{z8҆aQܫeO+3!(*rEQyJ9/}LG;DE ^9]FR+߼Ș0&ͨ+E>(IAR&qWBrTC.?Ԣ54ҫEj/f{]5,ZapmĜGfY97c9I^ TB\QO$Z> ӚUP I՞ PlCڤX=ųE$u߉a s[4 0\\U7L0zɼ'n/xIQ~>6kfJ *CV1z)ڰ/;ςh”[[$몐:r%6V[J !.UoCΫAq=$?aFj8 wʼsOrTô,L8SO= d~Uצ6 nmqZA%.O3УWc caQ =i nƗfg]Df\4p/JB>O&61l둵>wClx) -4禬JOXBIR50k+$dxnP[K;?k1L Vh 7JۑL217vPaK}f΍kWtId*3w+&ź7g;ATʾ!{uw<ͅGiQJn?"QIߞ6. ( mbӮu:ӷ b67B|jCfO ~vAQhBfi5l^ca,ia,EN^{#0hPo>/TLQ^e@DĐs=:H*?\E'y|os9λ&M$B;v$<zv(,,XabY Z"n ӺƩ:_#݊KvƇU-U$Ț\޲ҍ\q>(x2TK\8.yʱ;=E?cbQ9d3tXW,R8a#ے;2H*&&sHaľX/c2/=&}HOɣ^ӗP^gB*gN^ރ%TCb۵my *x#DN{wêÁc ĕ. 8~86x@G&ҋ!t_<ȆjSC=g otnHDx~vr3`(P~UC\KEs.73y]$!@ c`ʕ]&yK]v+` [.'2)fѥ׮]Jv/ym9 ab]xt,LZTr>s˖WCC-r7 VN, V+ k-6g65jӬaW,Ć}L@CSqbt OTvk< 3eD@#Me .OҬ=YϨu|OH6bCX?we>VktH|Xfl~I.h{-V:mF >q}11c{fy޽}1ފ2ޔ͚׍y0R/. >8޲^E;Y+i < R3XK"5,0i6͕pcU[x<o@ =J%&|.,4kw+Y;Xz@!4`ԨuxR ߉mbjMx MϪDaG?Bmj)> /rF03I;_33b^}8tEc])tDukMt76ݤW>09h%iz &۬e k%%r.:HY:ổ(-t?Q-Iz_E+\6Eʻ8XEhJ1LUzVbN_kA9oh0ǿlrC_oAҦ¥d K|Q4=Ud,SنPx+ /^ 9BFjFI},o5|!`?NCs))Wch8 0X FX;R ueo1Dtr)̬)-A54#ht+"eA,w0S8dJ{)G#Y> HDw/3Jjk8տFn0S*Q5tv?Ή֙i 瀉~Y~E3E|~{`Vg<.Ω I։5|qӋ+?&Pw0C|ރr(x,Q( ^9E2o\@8ʓ,F*|@{,Z_[m Sg#)D9V+Tg$ ur!x ,]yJS&K=Ie/U`o d~4Q&j/؆aTJus5>Ǟp_5Mq\4h>/@[)ͻiv[.U&q`pl턍f|I?ł\w4D*^-s7ZLXr$[UTT:vhzdG3w<P0IQlӸ#`Up\I0 @G 0p΄ ?`SdY4NGp W|Wn,+#=1Nra;a ^PsksVfΠJNR~Q*lXE$fIécdδQ?W3}a*o?lC+< pL{+Z{IÆo[1^ 9&qڵﴑfB )YfX guE[lHR*Sۖؐ'(bY j)FynXڧW*(aBT.|oK+o>j]97 `yoTI؂2)uss{_yY1{Ok7H^ N7Y8dk.'뀂Hsuv`=keщl2AdΫk<03 !Ǝ5--mr&0{f*\g@GϢmx 8oHEpc`g3NTp#K)up2-#r^:.e`[$*;]SOFlJmiˁWvex 7S9'Pip(A%f.]}y*gvgG(̽ /j=qF֧os?bZL]KrtcR sM}]} ^ tO\Rq9.ŵ2š7~R0fWC ̭tu]=nG%U_\5EK&U;̘y;Hsçc&ٯ!F 7s^1 Qd) mcǐ iܛ3oq+X"x"!mz~_G z$ǵf}g> [a7Z{Գm3ɦItԏ0mz.:6@N4imޑ%^ңt %~|xV VXg&&Rݞ1ʳ'SM6X;FXNW5M le¦@ӹ$ M;g`S͵XFb㳨yVvWw~]epBPn%ѾmR%^)Qm"ŵ `P[ɔifQhgpVro.ȞNOݥ&݆"@O<߷nq.P* /N3%UҠ<8۵FN#!ּ*;r~^jӧQ$!to'7Ja݃eF)ω~ LjcJ;TQqpcg?%k DbW.E n qU 6#ǙsQ%Hw]jjw,Ȩm_0u5n02Ж;48*%&psPP FUdwjw}mR;T˖Kב;}7<8|vIX'.pOo4S+pb B4' $Wm8g3?"7 w\ kSbgLv$ X fo]dU<#OC$놴CH[dIح (sMM\NGTtfeڦX J_ E!ZB7 +BD'R#cW`Z|F=52)i,5[5S!4U\Gw~,L߈BW WV -G*qdD:ڟ)C9zc,*ܿ+PWR-_̃X{]?ፓűl'=C_O!5T$b*gmb408 VuZtyd"x=6䬥K eIL= W/R|?OU"@K}Yb}),9 1ܤ囚$Kqsy'vO001#%w#p`vHoJ^"p0P5E5R'-,6{Йx"ubD-`6 ZKwXĒDw3d4uSlcg1X|U l,\n[-C/躜:P9?&u\P 9&í_ߵy\@%Qb~~$b>VfuhsR\i.*VX&8s9r'u)HXZ#Or֍KH;XXXki4a UI8 Q`&4bIr/YW;юfGFk6vRz ܨV!k$F0va'&J(t6ސ %4F![G2yߞx]c!:iCܗae[MS@Q O2qO #O1h'h H)ھw<)|Nc3BxH\gS͹Tޘrne)d7Մ9 F+ < -n]Q$+9v!aKV{c(5,֛YNv/l-0+L{0rs5BL7xlCZ4ʱzs[mv}SzU8m1,.%TI86; %,9V,bm^xZg~A i/QB԰ݴ#};%/.k';yYiu2F3wQ|S+ 8plR(d:q.@;bV`9zAOT/Y8$glA)(DZ ;m:^ R2kNKq1=Bj6#6U~(SG)IF kqŽJ ݕ?۳WSۘ|O†ir95_lx: qn@pET5LD!HhX3Kg{8d5IWQN'b|ױJVlu7-56wC1YV@sG_JefɱSkxJ35d7?'_E(Hx'QWNpV MCKƞxrI L7r+鈎z:h?@OuԯVĚ y{ARV?Ο]ta}[yY0mlY!( "-<׶xZ'1"2ӻߛo(h 5B7EdR#sB_Yj~@@mKĈ%X RD Rl xub d| 3r}yoYUc/_u%jWo5aZeu`pA/Oyvm q˂aV䱶5^d3jS 5yU<ʍfQaf)P֔$|8|S6VoC-]+9N%}<űU-v))ӏkj*ʝیglt(+ZQa9Vn@GJ>LZэ|"hlX9y8.fFmH,BbZn ˺G@+V}7?"WsT SB,/e*J4GxRϧeʛ7J(r I3U}j_w1{P7DQUI cgq-9 #K`'bf(%@;x:2*#ZWlV[QJ.{o˯.J-'ΠgZf_wu4M~EcDͿI |3='LKP۷$ǔub=$̪16/{6ۦ/j3iBq;⛚s0An+=ͲVuLwL͓Ԓ@BL'$xV硧Z^ .x9"JQATl9,>z\Q'/ G. C*u0SJuuŜVIZGC  zٹmU%NVJWV S&d-3A{<၆Nrc e} > 2ơ)ّ 2Č7G KI_er8!VJ(/ɚˀdHuqy$ 2 ĥlv?S<- \ϋRD>˅\:R$BV4UygnD@rn8z*#;@[\AŻ6e(Y}bA>vm8~ة s13Y `kutZ7tq)5[Y7Tƥ <1<77FD,һQ$ >G&* h>>Pc:yq>Q4y ߺ4L|ӥ588*]V@ kJs>dj؊By]4'8(AW3O9nܺh(Hg8%JcgตR?t!{Q3tg$B o"G+*qܗd%D]Ūcͫ=qD252>Et$iډ/n 7Ɂ0;=Nв8w 4i=k7tCfH).es Ke!EMJS^D286?5;zӶIss˗|?ڝLa+׵yZQdWӀR( CܻW鸷F} E`qk$e_Тk eG3Z}#K} Qz z}Nw#!Z?U>*U&rJTtV)7ުɯc}84 ߫tuNtQe;ZQ+R'=v'&?䃄+$^3ޘh6o/(̬bM/?'7zuje_?Ak%`M {׌qLl׷sZJs+aKܪ 8E'v,Q37Yniq72Vvh$pZ&n)<t|(l5K|V0/0*< sۿg Y1W}( FYV_ZG`S͠%<Éq}w2U!G=ɩܚGe:@ h$G)$Ƭ/rUfh;HRoϵikI3 ~A#A;;deW c֋G GEV^#:A7%l(M*$` ΰ0;tG &\ X%ɁwH(GbY`BSR(^1Tuޔy7;Tj9ewQA~5ymn& zG彼o(d:G(*j:k2d0>ϓ@KVl\ǐ"TQXs/c^jfLjG^A鼶7&"D<\0UK#XFz5N6WYm羦Cz]$u1I%k,GFYFQpWhWO+([sc @i;4}/eQl Vb-]/UhmT8#BF("[<r :Z"Îk 6`^O֫T}1BCź AGKH aQuB K^*ღuY..D·ۦvmh$EIrn@m66Ir1 &3 Ω➇e+,czvj7`^s4J(if/_KD< Z!ll/W\)g9Rxeo&6[!EV|XynB`«(9M 覶ʼnUP**+ǥG@MՙR&];*.6y+9Bnc0g(#!ﯞ"]pJ2XuRⲗ4lB|bud_>ύ-AVmiv8(~\B.,*2}ܛK+}4#WPZ+mut: svK vM`a]h~NdF-s|2;ZS8 o ]39R{ jyE(x4i!6;T0nǛQ nsUFoG*N'q})N 1C>f^+|ѝ^ &8[8\lyCO>]KL*8i:l'lK!Cp}Wy 5D~< : ϔn NPjT~Qbdb tkUS&.hW GSgN࿅Kz=H:)j-~)] by^B*).N?Cެ棢k_ eOͼt2y,ORWᷧ[CO [PboT,u0)xt75ψl֢ 4'7ǿƉ"T[٣K{}/Ń W?[Z,6?괗?qyBOF4Jqt:c] Oqc:ITr ל[1L3 qa<Ù)C&L_Vp^?ߕHZ!Ȍ :':[N;E|}Z̵̑M/_H˅/P&&8wQ[[P{Ֆ\ ѝAo"4]TzSG%2PBZ|ԨcřlM&[ȷ:t^ٗ",F{J.|EUzk&{'\*~eC_Y+l@Any_;;]IHuzfm!@~ӏi@%+|аty]p`DW9~ѫ2H8U@z >>D2%I jM895ƨ  o4m~$sya !}u̾H8@Ab=vNʶK4-U:ҍyfEo1IiиC`۞x˦/ וZ5qlO.˙R'ܦTLBZO~>6rqŷ؏HpHsP)rBWN:t ѝqɬ֢7MK!JECRIT h_s?x̞m-#[kՌ[cGݺbnSsA0A筩4ąC  pEFK֛jo5ӡZ%9$mDMdNSo`k']+Z @ 3~О[C o=xi1}N1 "N|@uR"FĶ\ mt cv3I%?;bZ2G4?—:b&޹4uJׁ}^ jn${RL#SbJ"ȣAdhqVt~yQ?W}`\^l(y9*@b1 5K7XB8zo h H: U~{2n~r!v8Q HB~F6(Wu_EtP>J91>>U̵A/Qݬ9rk=hqR'[N™۝nƺ%%֊7Mq 2˒Xw߿M$[DL!{f4|KՓj!;wf.}j_j/2̸że9IfSnh,95Ͱ r)NOlۏ*ݤu0,]v*ιaXDx* 27/D9QC׉`VS &ӑXY*`zz\\S4:Ho* Cښ | S"s_B\ :j J_>@}! h~;GloD,`Qt`+4zc3zYPtGP"eFZXx](zC~PTK2l_Gz;?h.B~ 9mf]3E)7?wq?UZD9b^")OAq6wBd:' - 5:o2}}E=?7םB3Ķc b%%d# O3Ev÷ {J = .9$%s[?q|Tr鹧PH(- wixY(p:LwJP Nh)ehH͈ԨRlSTcAJ| 5((H,_,:.ubo-=/yijگWɑK&y64] j[T|e l:%gƋjEivi+1SՅ4OTHI`[JCaAy6Z(5Q^'?v֎v-z{J SI:ң g5 y% O1q3B>TyITѕ.#p65G[w!^?^m3/!OF&$h(dRwH#q^LM`OXM&/UbƷ0^aIRfFeN1:^r !l0ƞjjؓosa}Ԃ ZW;M bJcI*&3n+q/DZp5?`}Mw/6=JY^<DoBN.0Cf.9۳^ojLv!ʹl9ePnz_\B g<:;bAs3~/sV6xkZǡ2`^ŕcNW{NGqM¿_bȯ:Um#C-{-_|fJspBq#2.VGa!M=ү6W ޜcƈ4΁k1{B!x͟r %D2Y]Iel.>hm8*"hNe?Nл/`G گD]>>{NBYevduq_U)3@, L4U *,GJ/k.O b*H/ I]4q8]sՕfUwC#z| tjNGQ/_F~l9#)YsW.1쬄[Zt\ nrnjPJ)Nf5.4,.B-W#1zV:'Rn;o0-ݬ² !1mʂ/AA3y}Lhuҟ#8:zb!)40dN=x H9U8]i$U,F]=Zl܁fW]nCjSnְ-.0A Hh6h"`PrqI^S W*IA<TAQ) }}Nm֑-75QS7 ~L.κ4N(vFCP1$z߇)C.l@rHԋ d> YZ