nss-pkcs11-devel-3.90.0-2.el7_9>  HLk|e17 $ƨ]RJ(y%*%J9M/|[$vX: e f=_G!KLFkO~^ %׉ϸʃCq(t_5)L.M]0Ac#jt#2ܩ ހ#mlXvڅFh(xzazݦצz+jcB+~ jv cz]mb\ 5Qml $?].~2CB$:O$fA Ŀ\-VF ۩d{c̙-{ Cmlr-a=؜ 9dfw4(q2OGKd;O`vƄyO*Iq:6L"#KW}4'szn($l!wk/wXEQ["F%DLS#5^ tdXd0-cAK2 6VTD(B>:8*̲ PGܐG-v@>7h?Xd " Z OU\         E  T    ( \>(p8x9 :UG H I( X8YD\t ] ^0bjd9e>fAlCt\ u vw x TCnss-pkcs11-devel3.90.02.el7_9Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.e1-/x86-01.bsys.centos.orgCentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686 n@GCB:nZd|Nd|Nd|Nd|Nd|Nd|Nd|Nd|Nd|Nd|Ne1-%e1-.e1-.a35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c44e6038d14f2822cdb8e409fda3ce93c963d16e4b88db48f867861a6f16e028d649dfb4e5271f7d88d26d17e0acc55a1942f0cb4f90cf9dc5fac9b372a2d9a4a46rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.90.0-2.el7_9.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-32)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.90.0-2.el7_93.90.03.0.4-14.6.0-14.0-15.2-14.11.3dd@dxb?by@bb@a@@a@`@``Ȗ@`@`?z@`3`.V`@_%Y@_"@_*@]B]@]]S\\\P\@\g\-@\\7\C@\@\@\\|\s[k@[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.90.0-2Bob Relyea - 3.90.0-1Bob Relyea - 3.79.0-5Bob Relyea - 3.79.0-4Bob Relyea - 3.79.0-3Bob Relyea - 3.79.0-2Bob Relyea - 3.79.0-1Bob Relyea - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-7Bob Relyea - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Bob Relyea - 3.44.0-8Bob Relyea - 3.44.0-7Bob Relyea - 3.44.0-6Bob Relyea - 3.44.0-5Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Daiki Ueno - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.43.0-9Daiki Ueno - 3.43.0-8Daiki Ueno - 3.43.0-7Daiki Ueno - 3.43.0-6Daiki Ueno - 3.43.0-5Bob Relyea - 3.43.0-4Daiki Ueno - 3.43.0-3Bob Relyea - 3.43.0-2Daiki Ueno - 3.43.0-1Bob Relyea - 3.36.0-8.1Bob Relyea - 3.36.0-8Daiki Ueno - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- fix EMS bug - disbale ECH - fix gtests in spec file - restore missing test case- Rebase to NSS 3.90- fix CVE-2023-0767- fix regression for pkcs12.- fix crash in curl. better fix for the regression below- fix regressions found in test suite- Rebase to NSS 3.79 - Set FIPS Module ID- fix CVE-2021-43527- revert sql default language in man pages - fix SEC_PKCS12EnableCipher so python-nss tests will still work.- fix sdb timeout issue - fix incorrect ssl alerts in Signature scheme processing- Rebase to NSS 3.67- restore pkcs12 defaults- Rebase to NSS 3.66- Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto- Update to CVE 2020-256423 TLS flood DOS attack patch.- Fix CVE 2020-256423 TLS flood DOS Attack.- Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic change in nss-softokn.- Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles- Disable TLS 1.3 by default- Rebase to NSS 3.53.1- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.- back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712)- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)- Fix pkix name constraints processing to only process the common name if the certusage you are checking is IPSEC or SSL Server.- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set- Skip sysinit gtests properly - Fix shell syntax error in tests/ssl/ssl.sh - Regenerate manual pages- Rebase to NSS 3.44 - Restore fix-min-library-version-in-SSLVersionRange.patch to keep SSL3 supported in the code level while it is disabled by policy - Skip TLS 1.3 tests under FIPS mode- Ignore system policy when running %check- Fix policy string- Don't override date in man-pages - Revert the change to use XDG basedirs (mozilla#818686) - Enable SSL2 compatible ClientHello by default - Disable SSL3 and RC4 by default- Make "-V ssl3:" option work with tools- Fix regression in MD5 disablement- add certutil documentation- Restore complete removal of SSLv2 - Disable SSLv3 - Move signtool to unsupported directory- Expand IPSEC usage to include ssl and email certs. Remove special processing of the usage based on the critical flag- Rebase to NSS 3.43- move key on unwrap failure and retry.- Update the cert verify code to allow a new ipsec usage and follow RFC 4945- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.90.0-2.el7_93.90.0-2.el7_93.90.0-2.el7_9nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablescpioxz2i686-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !#,G] b2u Q{LV+?[c]%LtŝrIT}K̍ݵ`Jf;ǾzSqw YMQ^_#YKj%S5+uKL& 7\kFJFv|\)d@9;rZvU0U0bBo],}a(4`DjVuëBKާ^4}OIH|L9CASWMŻ?"j{Z 1B흘E蛤kjlSJEQ1wCz%Z[wΈ`K2%6u;O_jr27Vdvрt,=R[wĨ\9(xY.k)3ʟDUB%؍ڙU辷}M yֻtX-)9+}xi[HѤ^iLUOsn<y^KGwV}nQnVmn!Wg#!9Y%B;h֪2Crss {ʑ@x &H%["oh92D*OOƦvN<Ώװ+e$6T$Y[^5aYB@@_@>*yz̛Net(Ny4yAEɚsҊWi"7 g} SW!,m>iH 4D3"4ZVq :R5aCRϥt8}\g3f 嗘kߜ rT!Z'PD/a2Eߣ[Z"jBoe(t?3p6@Kfy^{= ٵ)N*u:J>Vo[;}z~?.c-, MMNwvttC, u>J8rrzծ:w<^ rhrN!-;E;;y#)V*7 }\iŭ7O.V**4ټ^z%rͅ˝?1NI0\u$eXt||.++:#nrTszZޏu9YySrm/‘:q`D(tիJj :L!zt>XCz~χRa"xJ*VFJĥ|0oF6hD&g'i;<0.ck¦j*LZ.tJA-DvV:rf=PeOkhT49܃.r '[t/+Ozut(#sۛ/r2. \A\'!|R^?5՝嗤h:Nnr ~a5Hqʆ{?dˎ!H4)V3hY_'(m@27.?gW ˃@^e'[ EؑD*SZ[+UЇ8N4knlTR}iV}2rLA,\ʾΎF6d#i^~V봝r[4:1%p 6 ~ii j}!ųݐsE-=GmۭVgF-T7TUk) 'nƦfŴ]Ui`LV ]psB%ȯLlX!zXA,ܠK6:+&%!VN sR*qz5Q-~ lc#t!^ķ(I߼ӗ6k\/ FPѬYV,LAQ\=3AW}˓n@闶YA9 QJdekHI-~@9C7+$dkE?xie&ܤ7XLzm 'WI@*f~? Xt dÄcKnjJc ׆Knf`?t7AP١߿LqPmiȦlBIl_b(8)'NEiknNC&}gQ" 6tA,NBFY"pшWݰ #EI: aLQ-m ȩ{J`ԉ0:U'\*wp:[:|ju;CuWmbߖ}G9LH4Ɇ׭v,B%3SXGQi.ZIj[-k*53%w3+rN%+] I0R+>wyZ߷kF,7~˘2~kpOVor"4ʜ ;7OqgYe*Y}l]^IėĖ&F\i`\"F=dw: KWg=d@L/XmtuAjUuu7׽a}j[CȬQf2hã6zU1 |!xQj^l~"WcQ8b4Y<p )oRƎ}_\j~w*?4^-|wjZނ޻9CQHL Udb4.cS-8tjJ0X />]Bvض܀}sXBQee/3eW\Dܺl3C5"L!B̒/1U/S(kojiF= k1'#~kPJ :\%I+M^_fc~:Țlm)nq >y6'l@@퀽νLlo/Sxr9\N|>"5bEg-yXS.\p8!0Z-մj;|Ug,B <>iYr܎ܚ\e_B@UkB*EB)yݻvWDT\,$v3zbs ²?[侞ōW|@1l'~=̽d 7 ~'6##JeCϵ,a#8 F&[tŔ M_oc5cQܐfj zIaoɃ2~WVZSd9+Y3'<)2ʇ)z=\صLzksWAgY{PղeJS7̎'oF+fS#ΏI(Y*:![3S h@liݯHSoTb_nwydKm%Z40K/\݄D'9%am2m;dD0Ֆ =kll)\c$` U?9G㄂U.>{DD│X7S|Z^kS4>ͣ"vީxTV™X~)m͈-AVn[d߅D| mm9g ˓Om:gqtU70S1ǖ, ʵ0#x^Ɗs:onjXMH;0͕5tcc=|[Pt?/T+.*Mez L%fH*.@]7NC]no.R^ |D!"Wv>h3!*NLGsN@` | /o8\X8PADz {dU+vl5^OT׵-<뙝Dlir|MNeony_ 1(v1TlH1Xu?7Ūd)8T f}\$Z*{;ly\̤(qtTf֘ljEUN?zd$bJZC:f"s5 )&ҫWuEfhmX u mof@6æT)ጜ*!V3&C5N QO؀S,+?pZ363a<&u0*CluCT°2Vd݀MS5;1ձ9RBuݧDxΛOC j:,?t1˪C/c(E>r-1AmBhAϷQ[Pp\Ca +GY B¼פ7iXysbsE"(!#&㻜@O ܯz ݾ Y ڌP={VyaJߋM'% ΞOHl&4)AB%beeMmZfn#[ZijVՉL$];F̿YҪ9ٿU7ѐu]Ls0HGT5+˺[+g@~X8dI܎ s{~B=nioBEQXOcaq~Sw`Fv&@5Sr!0g>= l+\፤&*ΌG:q0}H9G?qdkF~xƊHmjZ]';0"?:Wjy"\s/<έ|N骀D(6VDúcQO\/T0%^xKBE54 gp)J(A5ee6 /:;Q58z U`cjZ?6$w`G`E|Clu#"KA{8W{IUJfn٘1zE# M 㛯$p✼^(z}6+0SC $Mvb$|Y'JF@v$gů-5_[ ;D0^/֭~ Gw7)-"|, KB~PbjR5UpOŹ`wd67 X6uĖAA ʙiiRj,,nο)X&K+]J#saHC:$@N+7sR@iGcMq.*l(}(oĨA{`Ԃ&ى{L79 if|T\!10vSKWPNPafdg~)iA\uYC3l2$Lq#:b&9nш=U-ԑl ĂF)~Ĭ0D0W 䮦 OK slO,HjpcNpVshvr2-D'Ie}#uY&5#}%V[bѦ)އGUc]'HVy֡fbq0$yAn1؍zǼW&o#c_JÂ<؅+ aQ}gT# $6DD'hKF \rögcOAT+:H-c{ז0_*ROKB8W壺+_vK3aȅ`ژn3;*ب[TUSepäLxOXPDüBb/'؈\3nVd]=q57v .!A0-{3/s{$}̪%h:-WB|8&D<|$'{c93QNoպθB|_(=n {tc|]YľfoU0b}QU~b~.Uu@tզ×t[XؖHNW+rHWfͰǟ7(:K;|aRA ~jU#=63ILrޟmޚ&BѵmJb#+[yeFH-me G eAp*~>قp8YZ8rdAp6b)QJ!hb{)U\f|H|U1t'U; ,4*K FW{ճou(52Ef'2Na#옩mhe9b6tX9@Hlo(p8M` G#4}N Hu2hlO onn`0ZI}GL]rU#qOҺxP۳ D(P͏l䘧cO/W瑀1bvA0Gl/ ڑ@~ .<|RA=~HSi |ىDNg<6X5N tZ5?\X0$!(Se="K;M+AP.U:-.g 1W.wwa V: c=Qqۿ*zTwYeK)ږ0TpbxÁT,.<cn##bxҴyitT1wG4a,å!%% 4BYNt)hw#_F5;܏\a,虤OnSܜDK C Vw.7W!E4}2i](nL{PhneH_Enhg2ߢ4px-+g:X<@ḺiBp~yl/dw'9Y q @ōi95c $;+q9Q$rKAhj90S2ɰ?aFis g^M7}slײCYј,(+9}C氟0_bZ 9BP #WŃ"3;ڈ׉qiіunfXRl+k4]b ڠ0pG K;R%T/};QXv. CeWnUK/FlԗDŽ:gfBb1ϫ8"|A%"Uᗅ qDrG8)<VîAʓ$[/eM1OBMYM9ԭa(H.&dׄhsm m2]i8 t%Ia||}Pڸ81 3DK! Z0 Bܷzt;[)s=3Gղh BpG&xr y̆E+D\5F(,"T<$m)}rȱX!<1Ñ`:S2gT1!0ŨK1OI̅O@֣ Lc[g~C(~j'>$K6(^-(!*r!͇HTKCah_KF="p%]I{E"UeRRgedFY',Vj<34u/뢯KRl(7eG-42#?Bώ*QOpn4<fmUQr@ {tM$:rp7Bʆƨ |l" 8`րswkVa9md+8rke,޳ .6v,G8%z}7?y`Ad& f@{dӳr/*Xv0B6^B)k'ҥ<6']aY)'Mz_ wI&;;,߆uDnɭ֗wK{Ys #$M~o߄"*ۢQy5@xVI1IC">x_\5s9MIg #P&uG ?ȵ'_|ZruAQNqZdWG9f zu-u<)yCOvS f~n5 J;W~i՚p@NyQ[Aļ;vc$I=XujR{ǫC(|⅚ZäT3l +ҫ..&>'E09Xv6~I[ WV`OkՄz,77p-E PTq6Ҁ1zgѶ1I- 92 92Hp!_:ǀAWg'Ш`HPr8"o_{T3r$AI2uu zOz#a|[F:;GqW<=$!,!o[jFz[-P]3}A ^ٓTR=MFʀ|Mh}BAņNMV%˿G A`@v!'rS!i&' a94&gBPyACe"fdp&柢uiń}u޴@˱)FFmTaDb>`UXRt[ȲV3`$IW _Ux” RI=`b.TK HYIc3Y'M+@"7xӏk3ϙ˨;7vvkŝ=P6Gw+}+H,]/m6%<`.In/J=z,:!Og{2oiQN׮#ʎw<%~u_Z(k*%mT APwuj5pbyu"FBN4nTr5X=M\uN ,#"xq ւ}7S6vu5[czI<}n98Ds[3y'#cNo;+gᢄ0m(bLF)bQMѯ Ra80g^3N9+ j:)YmoIr))OUWa}E>,Cr鱿NhѓYNED6"0+ Z3~En{gyZbOF%׉dtfe%@~E+Pr~)B_] * V%ʟQ=Guj! r@q_Z'H͠LX Q"߿E ¾mXhj .*hO ׫&lPgȜkdGE KH`Cy z%GT7YO4TS_hvI14~_S=*ܱxeu=uK!DQ}wȳu^&3A4Rkg0X6i͸/8QiW*b٢ 靿UY :iz2gEzh" A61+̂˞gB7KsCA0yAsSs}?v,_NI73?N}g:~xEc=Znwb]„(#c' cv7 2*j ㄄$SZ T4y2ژ|_K{`Yz {?-ZE,m?I}n7q_w3i) ="\ )l* ^S0s^HOOIjy)pϲ- iY`Hّ-bz9 =H&֞g9dq4Ԍ>kU%؎YgX#VH)_7pzZxr]ppø+ˎs+>m!iYBI0pIN5Boo,8`p(Q.FOSm#Yq32G9Oޢm4EGXy$u[ ?͇^6n 6r**->O@oR/,Kk\Y0`#j8W0_O1+/9D*@P:ISQ(s$ޯC')Pܲ0Bl"Z4j7R.,K߻y 9!D>U&luRn:|\ ~fZߙP E9'Os&VKD03k I\<&TI`>%$ErTI$1Ҏ N] agDlcx\RW5M)i "]v#*KֻK&7P[g>VK=SÇ3[mjhj;dhPjR9<ۦl .b=;fo%G|0K_T?9x Vb@rn Ę Ģ털\YBt8 9@Emrdt8!:{uوc80X5o( Elf$fQE38VicC( aL$jK+S܁}%Cjïzsyza\ָ^J =V!Cih!R3ezR3@mq:Njoe_)5]j_3~,v yiBGzxT9KIg˸Me?Xc;\.bg9Ƥ~X/9^K}+%>xO鮲x`$1`Zhܷlo4IbKU=VDz>IQw]?sXZʾK|U wTc85äCCUV>ظ'd>H]toqL _voGQܪÌUw@WF("9L3Vѓ(!㏠;DI] .vr`)wgIT5^|)#Qs3RHFW1|P׌#=_DFۘ+Bg:WhJ !3|e9enhD`2&ׅQTY fMI'2=0;1RX%=s1\AOBP 1E+L9Fh%>L!Sc T~WhR UȞMi1k`M~ƫ_`H쀲HjjȱHrݦ-o%l"|mJxf$׭@fa'K_EHPPD?Mbdu9>RP4Iy2uԋTseO:<)݉c!qi=vsLbRY]j|-Q b}tعX lKՔCyqltxk FV9BS*(j:qP*<skf.3<~ %i VGT_ǠQ|)]i==u ugl;W~43<*_n_H۫%O; xe;沙͡c HJңC{X;u$!: uUL#q0feWpDL0-tc#هEFJm|h|K!Unw XԮ6*'HnGJ0P|d>DPfs_"W9́lz$5*/׍^I3}_(b.E OIYqlGOtINXvGbR!³n/se5OOƓW7I;p3[MN6L?!{ A7zȝBPBF>5j4dHEZ6 ,8[^.':8DґSВu|!tgwgޕ])A恴"&ϯSP^N8a7 jWYo>}&pf. D- z!vUT9ן\oF c}QofM8=ܼB3xBLlU5ޜB5 I*YKFz>,c.K$.=݊TLzZ[{Lo.k 6I!QVIJ;y۫;XV;]LZyxz[_Aj! 3%jԲE",MId&˻-` GܢVW_3?CB Ibwqڮ饺eiQ_mk*PyPy#G~2 v9pW7=%˯ h XZRdhVakNP8cMҐMUgDl3Jǃl4(X :/jYO=t.!r D]xJb?ݸ>GD,:5XaxblH"0לOqҾ1gx-=+]" ^6>Qx3Ai<_ vc%yLbd0N3TQsiw>Dn_ 9}yKe%d r Uxi980 5VЬ?5k-q (ckA4[ϸִTw1Q4 d/s6?SH.&;ur咂 촢x8Hurz*^wgc4k+C5dKMm\K]p%cLjvsfSnv@Lv%rp{KɻKʭ|3 uOXUb"n[t %(i/.T-e!fހ d )*;.A[g. hݲ&p+XK<`Md7Rl\mO@4[ 8li8m`P,.5N} / а¥O^(5hs$^OΦEP +tߙ?&ǫ5r]-|a ^\_ + a(@,;"R \}90*4˖x%UH9ՠe*R2^45E/Zgo/gfz'\P$_C<רhZ:Xu5\i=b!08d&SmА\X~R>xTd]8%|%Nwt!|_c8x Bu~('t]q»q~adcgkׇ9Vwonۀ6 ~p';NeLN2甦ne y?YqF&}xi.ԉTc@-,~w?!&5:$I`c5#}k{-n}="mHLgBMY^!3J}N=fQoB|w=  !%dN:]BuY^Њ1$~F5` s\!>"J7!7TCOo;r߅?bBɈ8M6*P~?ӀHmc[I=,PCO} K_ǓR^d=em`F$*V@ղPLJ6.1h|Kܷ3fJ!I1FГie9W&Fw߸2oЪQ3@`Af2JKW./} ԝ6#b(]1g#NekmnCw8mg.OS&Qɨ<"p/ze-jl~o:.ji~:\ӠA!HpBեdt9WƧ$*; qbBk K2O|KoD7xZ0DI7Ms8T9Ĉt{K+"Bĝ]+AD$ZZ16L<>(GE9( 4:Hs4-j-$>CIxG q44Sx5|)Yrtڪr: 9WjtWޞ}Yb G=ɏm`YtJ_;W7#}5֨Rԁ\HU$YQ xө.K;L"!Z|\`lW.-oGuN`Wt,C0l6&:=q4Nʟ]+d$Pkʡ,t:8V":H#5p2uKIt Am4d(=ʃ!U4CWر0CE@'Zk}':DUŎj$#)+WUi۳xD<:$b)/(lsAf :'Z$۳2͛(J ,o4D>r$MtfcS+ZOw4ٲԼj~x޽[U߇Tq%QAl}ҸsMm=zb(w&iqYJ`9]o(IN2[x;`` CFB7i1ݚlG'?fc&ֵk4/4]Q*Jˈ\˱Wt¸l4yVs`߸B,Vt7!FUj5d,qAϲ"ER`C$V[պ+:`g毻SR̤æ $hOX}@PH%_> NL'v%.u̩~w'&(7sYWrc<\t &W`^IZnE4$(m Ex@\qhXR|LVU +H0bȑ>aC$tַ^DVL3E7"E) 0QX@360vσnR˫:RQ<72tV ^O4upCҨi8usbfAĵSrOmϋYx8e)Իj$%- m U[SfF']Օ Khi*|ݡ&[%M_OqTpIWd`40,Uf#>62*ܢ΄|zt@Qn;洞^2VA@f`3) bY)~3|ɗZxۦ mzI 0yS,Vm"ou$~u͕-<%}q'zElM J~^$ृaygdgZV/vMIK9Qa-/}Q>Ӗ+vw " k1>t\cMO.mHh&m,-M*~pyV/~Z(GE|W{oZp~-7u$!NÍ$zXk M=AeYQ@T+ej'+u T->㋻]4h^;gӕY8<ȶ8Sߚ^z!9JRi.W;E|<=(0Y1/ܤ(y`Yfw0L]q>}RwL;Mo1Cg">0t2>t}|GdC# &l E]E;Fb5Ff0imUdUs,YxҷvYD Os'$M fçZ\D[vY>+7,Ki'^{DisK`hZyɔDS,ȅiSCbdދDE^Na/].fP;p~gBo`8 #ܔV^~~mœP: )[l$p:[$'肳 ka& 3i?2nyT¦KK|K3w ͗}(c1#QaoФĎ<'k gW;s{ 'Sr>tCAE-9H]s)4hu8sݥ ,`EG`{Af>ͦW9mfؖAgAU@iZ)xus⃓|mK{(c))t ߠ D6aiJߕh͖j!N=zIyعq z)K'z [Ȳrv=p%JnbbL$EW%s$R.M}bM0My6Fd8AK*/`cc~zsZEcN2w|]d2<[7JOG3L892}ؖQ~4S{89dND ٜJ NK13\[v<jX!t7ldo9N *XhV F] c;bɢd3}Ÿ)  A\Nq GĬ_N{pe`NQ=:YF@@\%55lF tuOZ ̌ȷӍNTX[@?يZ}%kF.+Қu4Zɖ.)Ɇc`sEzdVVB8o{J1Qs_7WX OU ɨ2aDHQ3`g +L{G`M*nhKLZ,wI9s'4w~1LdZ{X%:ԘF >KM?1OP0k Oi=LѸضuV!ְόy4Y|X~9/eT[ |tQ&7b{AT\JFȚ@Ww%\$= \MJm6gv7*-) :E{?Cw<: 25)B7ODl \wr23@c9~=Iad6QJd9,@gìQQ6:{{l,xhrί^lU;.h%& K׭C X>!$[}vHY( #iak~{I,LEʀ1P h *k{ZIf'n%Ü%0b%mn$xVn@ns}ىӽ7kUo@{TK)#dd̼LeLQGE3)-U8b@MVݸ5ޒoS 8ߒN+<̻czR߀$=(a9mMw~!Ffh F~yttg,ҙS.kT"/ Ld&eO`%N Wcpw}YT/M_ׄCh}Zv j5#*[=ldm 94Bx:)983ˣo{^=8(MTC\ 2޻߸(je*XR,dEi뷺҄: fמx:G_D?0a`)lb92+ep<90t~JW~X~Kn 86rc`Q(>sYw N>TmKpqȦWjºưfv֋ gU͍蛸IK\*il8*qW`36w^t3q@-` ~åz2|5uE)SFMR;=[p!2ᘣ8^2 jv+V@8Sʃ-^5fNj~=tWwZXQ)= 1=@M.KJE0>Ւl9F'jY0CA滎Ri֋֦AdDl{_w8[D"M WP9\od HKy:/k2c mj1x}^mu 4d$I<,R }=0mG7]-ST*Yh [÷R~X߁d60xcb qX A%+()5+r̰gmw1htKe׭KΆ}&m"N0s1O;mLkY?7h;"L^EVhGr6<0ݺ;TngYRqxwx)y>l݊ d=}!,̓hYq"z9NoZvUe_reI a~p5ԃg3ӸE>9gVg}|Zi-Y|#gFxb֠8qZ)Yђ-#iW'gN|(\\g}1BQ?3${෰:ez_iu FwcNڜY &d;"ke,#!GWO !ݥG׽9Z-i j7m#_:՚cz9! {tĈ*D‰z*qS63ZٳԺoR>z>;x-np:FԻKU.#R5h_#LcLfLJ^Bq Q2m'~8V?eeUWbp܀{41z󿛘&+f`Vrk'MG89e]F`#׌wѐ& Kw<g&;"O)K\5-!Ը|<rː[>?X(b\7jt01Z)=0ޫo;X遳F.aYe=k΂v -4Ȫڵݳ@a?Vhz⻰F'vMҀ]MwO6gj7$QU!m\@Q6#nǡ$E"_Q}5,v;ѪI]Wioee7@oJMuM?eFil 4F-$q-׃IQcao'cRBrkuXO^"Q1"m-ʯ۶OJgB4z!Co, ,H8Ⱥc+1"-f{PytW*T'ཾ<EM3|J񄜢o߇ˬ*PwUU3 gDי0p t"=HŪ̧Vκ״QQ|r;l?S>%Z4mJvպdY'o `DLc:k}{= 4zHV5⸇ H 0Zķn&iK&ԫ@{=iQc/Ģ.,m`h+`c6fbt L4͂U0ι X"|wB3uY!_Oꨋnɲ"HWCXw.K|ΉkT],aGs߄9yLUcJ-h=SQ+`冒m>v'OY bvt٥$Gi8;FW4O'ߓXE jLKE ]I,^`?؁턀w؛l < ثkY0Ƽю+`ҳs!/xg) ܆Mu0)xk>sLuJuFԝL'j`NɥW=Fz4z ~A,F)D')q+ MDciMc{"L—KO% 3ɕoBB[HKD͙ =:Zm l ʼnA8PE>i k@C'alغp^t_ ./\׭RmlޅYvċ6˘ ('g?a X5G -nhf(sz+ڀ':yU%+ sP3?؎mUseY$nH0ET!Ό~s۳rSRi;X5XIP |-?}_9XmTd0Ma 5@zF\1O*9tU=d *DE6]t |'x[ocUMrH ²W[=H@K[Oi6,@K`Thg)oI5sA{q4.1D0-T1wy Dg0cNd_D*yhF?EA:[M>f=SA;WQɮh .D: A`3x,Jm/SP[fzeG3(>ΐokhQ9dImMN߸/N(;KdrU )ߡCRک>zKqvAZaR` vaOF\ʑ;Zѕ鍮l=j.ޞN|jwmFDc؋_[Ф-j;10bm,J2*SVA@;T<O i',L/YJ(VQa4\b&@t}NJ_tK#1ls *ھv)59n(Rn\ Z@j@}^Q e} ׽[ɤտLu0$m}_JK 97)=Q*tX(ZGs{,/Pw[7[Atn)RgV8#jdˆxě`>1m}'_rV:|opu'#&UWeuWR?#`Հo+8CZ/PjĹKbӨxyJMUey2pb !u-r_LLpJD$T6 s(Mp6 nfb=k.E۟D\w vn@ק`]a+9nC{>|eӞj.F=c\{ܠuc>}\E72{6 Vo; 5 F#dwG߼Fȋqq1I UnQAjUGgk>2IՒ/!ʴd/JN:o 8M/Rz>Ԉ/grT_b 5eHGtC.R96Sbu wٴ%1;GgYM), s4%Gܪ@~ 1J*i,[ rFEnG``ǟr$ ;ŃThW% )X(׳? On>_4v>n z ef-U@h ^+G6Er4Zǒ + ^{Nܕ8Rx_]pS(Yqԑ纹Q~Pf^?N ֜N[#ҖH.vZx;V(h0Yo )5c*N{ ΁\<1\l2_bH! goV\"qyaڊO|ӗj L/+rԐҎ)uD׍f_EIB\w`(ͩzT&K*?CP+o^0*̞tV#E 6tuB*Oaߠ.m16. ¼b!sTǁt 2nӋ#Mkhx.2r W6 CV1N }] vj$;ʴ=Šf "o/  ,Ř<4rze9` QRT) 0@ J1IAS`}~xaPEm6zh}Id]^=GIr#R~!J!0OȒ )|!}>.~c3mhK>\A Wܛ0  L+,z+IQzK\lFq'/ qۥ?fr»=ܖ6|O|bb2F"'!6:+w'e~Pjv8pl/Y"y'xKȎ!<$`=v,W9ɧɵ2b5R?ҵ+ Cٰj&0|Aj)պ0s_LD?.v `෧gYlt@*..( ,YYT9ňgpGgNR౎%YJ&X(9YWD4QpCNYgUfge*)bPqK s%ZJ~tOmՒ G -P?akD2<̰\I`% bRr`VQ7 Rojۯs8=\giwZnV9+sy.I0X 9h&c3L9 n b(IPb +xj L4gGx Xx%..Ad/೘hJ?@If4۶>,.G]`3D<^ S"7`ҡ\YD]9+q^KX#I&c{7*̠lڶsZ/&)2v5n]i,z?r2f 224vpGT*BR3Ĉ4i6]ŭvP\\#\*^E/R_}k=T|ؤeT~{['P Z}˛\IhUVEAFTojw@M7 jqG@Wgĝ{dw+8BMIs$8QI4MGg谾]Ԡ3gw 3AȒD4nP;7l+Lr$hcǟn7ͨ',pSxmcCC:{q~skC~ɴc`r$OJ(wլ ʰdPJCg_W9H7&)r5\>ڢ[Y!Tsf"Mt6#د:KNր}GrQ?$3-pe`ϗfcKIX\UŒ!j +ߣ9ǫ?H$vo-mZ5`TU'4BwWT|\;gkmB9l~@W lvvGu01&ft:QAGwH$vJӜQF<(j`gvXѯ>G|-N͖wPbfW\ӥ AҘF}^`aNrgC0*ˊ_Tu~/ojO7[8(v־;&@ p; 5#'PȟHPX~ׅwy=܃Q^@s8~8g%&'zh'{ׯ2u,k|Q;'>j탖$MK\? 2$0gg:>Ck"PhVUܬ@VMU/E>9@4R)^@G 7(8_X"2 V(Wz>˓+%IP×͹WY2'13pn^ orud֢.l~U30.m+-kr\p6P͆*I#?'K[\$ "r) wO cE(iR&FK`iaa^U !˫DdέjgV\ziJ~++Íxf2Ѝ(O\tBOn;E,^`ݚ6j 0WN*DT3fF0nL6j0%-ǂQ |n|cPhtW;\'ONxors(H? V̲ث~r\#Z=KqtvNm%VpؗAfk&'&:R8S8K蟛)鍄w"6QӋߊU4~G?f |XOTl(Qrhx6( PekH 幨M؝ }D\Ds+J};p8c $0".IE؏0 Zjs;0g}1,av3(Zl+g&PcE&}KѕAy\\Q'*7YbSK*vo=1 tIil] 5yT48/E d>ZWk:Zq=^BJ[f+ρu,rʋ}F{:|ޛ-iiz(#6Gx+T60pbla?;P`[(TU4o]r * ҶNBr~YqE[ eȁ(\@,kS`EaR;&Wz'{ t.{6j1G2a~A9E-HcErg rͥOFR:mUM̏$d^a B)vgd qїQP0+=E:}dsȌ I}ʁbw9TlPy9+x҃j"KZL/=]8eMKXZ"tNT7*BaX's޾`RJ@ l+X*P_1B;$60׍BtY"e)<2SBԕC뙿 O~@;n{uq+>a/h~/gb)0._W}m6iBެH!c-ڞYd-Tt[ً\OȠ ;=JTdP k$`_[15{lؙݣub (uz4P D\V80ӏ]\xo24=W`\1"ss#]|gtAהݏZëy߷V=Yߠh cJ*nh"(rSs$A|)s ) dnB8OF>FnW%\4d G ~WO>(͑c7\@sa8&"g 3ڴf7g oؽ5M>j9EoH {{9iKpVS~MLoE[X/2ĉhF?ɗ^q!+^EצHZOZ B J|CJVMƓywӍؾ4QEکL4_n"` Ќ)pW&=.}f7b5goVLP;KthC7cIb/pT ީP N3{]2YIi'BG [ -&o ܯÅ fB"{_XĻ#r[ z>/g;CA>`}uM#5jKJ * \S2]n 5 ?zRN| 3΅iDM[T=PNeQ3(^}؅r*;buWFԽg9 !a༟1q˙cd?H_ė+=qroV&ǢJ5m5BMmPFٍӓ]Z ҮlpY<Tzr[WZwJf]q+L)8ǒ@)T1NCVւZ5U*x'85lJLɾ8]<}"MPX$pf*eoLxڷLK@` ӠF 2=,Y!V;n&#\V8oGtBe'Qs7HjaS2\,_l"G{|Úh[35ȥY`WarJDڏL?) [UYt|lbOV*GPOvm$(V}Y}~Cęj(ӯ͆ Z3Gޮۥ;m,rKG ƻdy9lշO8ZE+@ ٶcx:j[j[c/'j bO2wRU,D`^O %%S: my<.KaRV^3|L0oiF3中Ͽ1m^.LN@H94|jM 1!7a,Lnx/V`tnR[5~TUFQXRuey j+u5N稉 K .nib \[HWd l[#V=Pz7~P+Kų^&FZ/뤭o%0 1['Jťq`w'x!'vwdOQd%od!-I3 n  8x:tG -e^fpEG7/G ZlܧN<MO8ɭ*C/ǟڸ' Arje>6^m@5ckRGeNe~2ȶ(l*U!,k[j_s^@<|v4f^[^*}/ T|GB~T ]ٕYG4kV 2:'?@䭘Y bD|K=])n£ {O  jU<@( ;ՏElF~9{Rp3 8̵ŌHѭp:xW 1(LsBc)\G?"bp 1}Z̶6- sBH9gńG?]GBB8paiE*h}/B4zY/׈|h1<,O#ܰ8j@X?j? FDsI~cqJ=, a``t+-o:@cK$zClWzE]anhsG%X3n:V޿' SlOqY#iжektl6ܐ\{R DH P_eV'a[tȎ !f҇BeB? ;Nj9Erֹ5GODK#XwFr%*%܂^=Y$p\;\+=y6~&Ll48$ݔ?!p^5+8l\<ߧo98񼯊 LmCj62?lJu4ߴ3Gz +?GBŐ(ڿȖ҂X䜿g zjB NPW3twY- X5o$1E-K<% ~K_8`L͖^pKIxEv؜8LDAS\^':[xN $F3_Rtrۻbv5WO<^ H }%*[B1l QUMbh sO}qrm-B.I{ ̾PzX!' f '((RF۾".A9DȦ_4S$4Q|chE F\Fa-bI߅M=$'FȷdDj!\cUw %N NAq@_w@U|Xd+.Gݏ YڨU rܮ`va~1?q^ktu>g7 ^n{{tTW-0G~3M98egs}p6J \qFJ0A:KO~jĻB92{Ot*=k?F`Qik]XЌ_z5{|hk9玳h[1FcbŅo'&W;mw[H*OēMYo4AIToWJ? V]|-e^mM}ِ>KIw-!a*q!"т4|~v™/}o볩Xp!ߨl}MLr`/JT4o0]4ۜPa` ĘMqɒ;Y^@aF ;() RK iBcPЙ1f;V)bxn^Bt*JTQ0KcL(yŁ1SQχp'ܯR`h94zǗm!&âMw<)REO:dDge]ф^(kqH/၏BQ ; ']e XK ;,64xPȹG\ī͒-\rX?z/Bݪg.cp/ py7Kn 3roItWXp{8\1Il-ccox|EIyry@9EUV+f: h[nFgۊ'yL2ˎTފ|I1%<۪ wrF?Ȑ]t4}R5 gNztf~](_y4f*`XkGl~֪({s5z{-kf[f+# 퓒3ĵÐi{Au8<01WJ:V;ݹٌ|Դ8?72ZSP630'r'sVM2g+/}݈A @ek]*,9:(o4}(-@4Rz'g]_5 |Yl-2='g?Р/w)a! F$ :dK5o¸!3WVSe6Dw?YF. Y3 xg4j͈yabo*81GWSs;GQRkSyY)<.`6L?E1(a ۷z+*LI5/%bF8ʥd}L)"bvsŔa1$ ?2-eGƢťd"|d煚8ЙKPX9XVr}Qd/|0XW'vƂWZAF"!dΊ49+DŃR>lX.b- 3?Uq:lE4fgw蚜(4/PK|`)oXFkv >J.ɳ /Y ,'jv IhGC K m?K:}ZeMnO$7!?XOz:i1fnZvj6O06DN` #Y8 EuN֐O cXBM+Jnhd?_ᕴ"z.y~hUxD i=Q { Ŏٕ*'"*.ahɫØԑL _6< De8;gzEą`TP#>֋LIM]:PmyṚ9O#2*YeIќx?ya}~99OG|ecu&/cxS| {ڳ.54Pf IiwN3djZ&(yvG@MW53cM`GђeK`r:nX34Z> &6b|n#E8^U;>1 Łz&J7 ɩ:Gجrk_6^e׍דdUJSjzg!.H3b\oF kM눋uޫojq4سN׸I!M$]c.j^ҫ8@5\%&dgv6?}T8i%[bͱ (K!]4\x[Uٴ$TqB sXJ!R`+83yаQ-(QՙWr\ TOZ6ZGF4pi}sM?RX%2aOaMYó8ѷn@E %J =uDD;pZ̡9ZگUTC蝈=fZDpw~P|n#WxjBlccЗqS3z `szOj! 숀.` yYDR]Υ8~aڬ*D>Oc']Qrx&جYY K\a Ф⬤ K.CfRCTejaq?AQ'ńT~n] IEz顼[rٟR^ SD*tNUY`ɲ0];{keLCE{aQ 6} L١${>bQD&Opn셃 dƁ:NH{aM/LV `J;GDGPG@Ό]1ET$a) VYq-BAT+5!2jq(Pg%4v–3TP%&s 0o 8yސDW5ysy(BFVUb /uS0b,4frΊ:EWlDz"w PS:Z%S6fxvZ5 :zw2j2, XyZ"fM`!"F+>j/]YX6%l/e&kBA[=]־|Kjo8ʃe&r/+i dk/212xbcPoWA$E4g\DNc%sL 4 %6񰩁~%elh_/ ?~ hT]ŝpgP0>MKSS>Lx`ϗӓ~^@'_Yv=I _~v&ފj-2+lRm^q hێ@8^OU,Sti%B|.hH| -0D?䝙FbQ` amnNc>Wፔ7 iKU})~j`bS~\/Ji F+ seўljղb םeٳ+ Jzpkf9ϬBA^˵דz.;'lBg2H RvTC{1R{ 0u C|:A3/vd,o],ikؗ-=FIhX.H[.B[l}t7,jGGA))܁=tt, KŞ<㛈׊):r'Կ>6ծ{J h; =g_/I;j.u#8P˂ӞJce1킖b7x__qߌ=Ұ_ nU/aIٜJO{;m`epS+*Z;]֪Z?uf4g.ˏ &4"&CҏM6BF8o⦚NTRdgHEA_  ̯cTA+< 1JLe5ΤKCRyffyvYR<=F6]xI(mʃĽv ^Sfx6-"a(eA*|~X^%f%O{I\%:urknJDSdm!8F{쩝O[=,MWmzT!5/'Ԧ'ra DjX6X?/ǯ2 &)ZQB:V2Sf& je`"2 oqC^;5wTQl3~!aP%_ Y_u|7+d3iB5tz7txrZA%Qz4-5, 5 H Qw{t2,Ơ:%rEF=T*=+*acYI}#;?/OD;EG#8ZW)  yṆh5\uHAcC,^0g)gJBFy=bup,Edlbn; vf79'>O<ʾjgsWORo;|r-U4PX2{Ζyi@SػAԠfcŇ3͛.G@$%5MzFnɰ#ɴv|0W}ܰ_hkC-M%L CueQ=$DhWs3 nV5ݻI^0va4^>ǸZV}lXí:wk=%B0oHh˺HIh:dXMVܮ-06 :\yb%֎)ŔR׭ɨ&-? |t}q= ¯/IU?8G3G g|/ {As&Y:/gBc!t D7V[ii\av=|*@e:%VXvzK?C*o%V `8gxd;"fici)dT-`3OԾKNm'S_]Y"h}t|=v zW3w[#u&? 3Z}ir,A-O(X@Lf11b `DcMwJ4SU"6`|wmW+1Sv)]MAdLl0`MC9Q#+eѴ /(|ͬ"lF5"DR Ѳ?/{+ ʢiwr3(xΕI{5ȫD (ފ+hLƱeAcB7{PO-\,)~JmS ^4eH PPa/XG}# 0h0)Tj' TGwvt7 he׎:)WGԁBFwihH} oS[I=W!"+ߟ YVg$P|~wacmLy,- tY<՝އ  7w?YPB q8 ]-Er4 =Zf%xE{#BV01ВG^cߐpr":5zNE TmxC7-;9Ⱦ(N1Է'TsDg6G iu< U0,UiT`r(-P?@mUR,|5Hv%`_&' $1<{'ō1TݧS2t62YJC?7O] aX&Qh3<3˗J<# ㉧!)~0[.y}v Է'JCO#D㎜[5blE#$k]1NxH= f*vIL?2>XN#vxg67 pEi__ Ev‚964ٕD6LK\4k8 M<'4$eL y0LCPa ȽҤS?"GbMy7[y1[-pxk^bk|cdn^js^Ŗb3؂kܾn$7v E"|^F IU;0^k۩|w]fv^,ΐ{wGFJ8oܕCG O ;̿ij ڐd z_XoWs+}!Ov~rM?.vxAT݀*U*ɨ#V6'hmE! ӊOd687uk62g( qPiXOu&7dh-!ʻZ#;(.3CY"b|l6t(Q!ޚ|z,ې.!~N+fYv6@9lnRhAd?tzD'hQwxY/-"voh{wjeY1NذI@``V`8>'0-/>V)o3|=3 a|!|hRS/!B.mߙo]B左x|<tRJө{bRސJ-56vF 4V4 2?G؂E 931ֶS n" )D^ûz:,Ƭ-SzevXUZ!QiI脜^UVy7,j+h 2_Y`p[FfP}z@#15MVH4ż/ӗerP[>7)k]07aCi3。̽056f<,fNn F[]eсgEeZеEZ2iF'Nu?&?uUĂf(//\{sϑ=Z~531v|pX`䟓L كīqRv0egs[4{'6ts!vg9<%.^?,fѳ\6T8B<䬏'别0ɟmچ[2oXώ`HIَ8+)MZRVPCH O4И QodU~ʗ_$Ȕܿa1H!'!9Kǚr>M(|[T?)w;IbM ^}~th^GyeUȄyAn 5%O:|p傣X @&|ta/a"A#M-wM"/a[ r9QYloő+jeWAGƢS\p0tWL8f7%x˄2ϙaC)_$mIbm%4P%Vk$; `oL;^d|X +hE ?BKq4E~*qokGh~*x:3!cTG8Ţ6&fЊK 3 )D|z)]?]! Y`ݎ0!ق/D:.Z4$l>6e#=#fٽ2CbHq[sjiF?ǒ}xŨz빈@^r˕:1wx&v;%Rw'qNXB]vZvsm0f/?x 9JK)G]w9HW5cQeznlKkkfi:9YR38gmPz;;҅bh x2j~jn1-BC=uWN[4E#PD3?HV_U;eiU@h_L^$Gh!Q5hIuJgv6UrFh`Q~b~ ]p k] HRp&Lǀ1Z7z^F;UrU^[P(AUջFzpVu%cyRur/2/&|Bluԩ#(~vͰgϜaQDϛ׮gy>}&,l5&]~vOޑ'g^0xW0 kt jGn،3ב~Q!ZJb/6u zU\וr8d0QhS}e4g=Se3'zB@A0;N'Zu\f׺Ո"zg+AT1jq`T+5mOcw.SLip,Aߏy݅m'4UסU}sg鼸WG4 墈Î.$(ZかXŁÚϝvUbe Ծ"Am_&QXR}`ZPPVBʓ  m\†Xx&zZJty%cߝNwM_؋>eQhRi>XiX\b[>Ej#M$>fkc[8ēU(L\tq/!`&Cy3닰@F^tΎ&9P/sebz5 C"Q8U#vpJX~t)W g5;q1Y;kJG*ok%1Nc{O@C:ðd)Gu6PBoiӭ2v O,O̓<$V 3%nZ #(@ RBqq pl~pn5A@J|&K*=BtP`|sJv(7ZoT±>[;섰ZuW|O*` ܠL%wCпݼd8gSo6/t2&5S*E`y@|'ZS yaSf֡K irV72#h9z ̈́a9.{&EXq/^pT6 T ?>w> daovQ9sJ2\?)ԀW2=3",K+[b_v((OyR`]yR'_}YB37YLo8.F6no\-0BGoIy&d J@+Ī3B 7 zk\ݳ#| 734^PziQC?dV ʻ뀢֞L]@WvJHWEAj}?'Bf&@5\"^M®ڔ`)]m&Yr|bnr' %ƴj :ԙJ^.®床9 z݂n_} !.$4N_RjT&%|nꛫ.MMŷ" drYdX/ VW돡"lds#YaC6N?OrkTrX 5<&x鎄 Y@qɯspם?wuw@x$)5ü˸jT$TEY^4b^p㣷YȢXΑ7K<[L ;hp z̚pgOTce-ߠ#s#PKL]?3}niU Z GvT]X*}Z! rRq˰itb1!wqd2͆&=΅7oWi$R!q,14cPO}xocF2?}~#BM{W-sV~?_|[ o t56{EDboCY FI p֟:N2<>6lL*W]o tiխ~q<$P`1-L4#+[o|DXὫwKb$xNª/w[}ׇOe8{.Aۉ3!--JϨaIXϛȂfg{"|c qRw'L9/U>ӂkL)t[ Tx;ⅉ@6vOVlŅKj0`kO!cpBԔ1k8{&g ,%* p`x<+hd 2y=Q3i< |X~k[H_U-v* ۺSJTx5Mx \>`8`FՔňޝ\^fTԨG|M;y]U3)dE\/59{ŭ #sex]|<])6{{hn1gXzƚ\ N\.yUѺZlpLϗL:!h]o>Vq̷|p]zMbS/Dq=<)l予W{a@֜?7IH'4kOFr\S Qқ,"3z9LGõ}sD.qpSL˟hX/*VะQiGΚu^['f.Ä]43:QYkWG>ceIt%F<{yi~͕ĞC6 @q`Jz A?d/طO ='%g>ydasŽLȂuBgehDۉT?j[|6CReت B9ї r/?1z?Il{vE8gSʶ׹'%ҺE*>g̴NaMg{׍/c_*GS-#nVM-]#h3M, 8q]P+ ɯjx(u*1uom;MV.V̞DTW4+qEi(gp?Qcz;>$>Y5};,wZvղOcDA2Ծh,n޷HM))tbRw3kq 'UpQ~< 54d@PmJYg 0eEs`1T dzY̟PМ}2@,?^P\8"!6RʼV y#afܧY6oSvZ?Q hMlBɼJayǪtqݮOz[i.~f[(r/?R'n)z H$X+oӉW4 7 S$e\_y_r%If^e B 3ڐ k4obupźC^aPo V#b <b\XSǮ6I[yg$6P;@^AIZ2EƖڨ7tůLA¤p0Ե_:8Lm=wRZiaX޾OpAtF)Y9fr2H =o ؛Ii".ۻ6"CX'7iNMLы7lEU)_5)=R5ܑS15jAjvȇm,CqT?rF37i6߲f! NUqAЩxm;Y)o``*wlڋ,$IqbBwϹ KVڜj7ʌet!tqa ]+@FԾDw:&Ǎ,MLa0O< 1e9D$k=Z=sET>~ug4X4%R&z=o3XPy)4M_Z4eh2o6KD+%#DpLi;oUWVхwsJѭ*_nRS?H:.-Sݤ]0K8@t 3zT`WE?]nƱQ*r&ޮb/B*2e;GR7V;}~m%O/?`_Rxt S%uL@l1z#CY^GB4 g{G"~c)X? #b"KB#spV/RoP]|͸ j?g@jL{Ns(w`7'k! 1sXT!cͧ^WM@O]N{O1qJÖf`_/^f]Cr͐GSW+'ٍ_)FF<=ȭ5,_.witžs\3T:jdbg6[t1.J;#{dlXlO^h71SfS<6!~?zɌLtDϥZ2;!o7!|AnU2 @{֚a?}uB3m 2`pmT zb%  psD6 Gy8W$nܑV!Sw+zU;$ FxIs һ2hLoKh3ʐC3aΐ*2qʷ>LzaD吥C4 rZtScsX)/Tw]cyHu Eqc)vm fќ\7kgxC$Msi5i ŕԛ-Q%9{rPP7Jl/"pGy*!z#ڦP}Vic;A]|R(3؁T&!{M%W|XWkuuPwq5j,agq ~C ]-8.6f 1gIAd||p{2@7}G6*XNbrjˁ>Y9CɎgWk*+쿾\%B=Lre7&*̧sCkg4St4Idշ~$DryF-kźd<.gOU%"D3ք7 /|jp">-:QoL-$yϞ2FQuD0y6A64al ˜qjjN4kcE8nь)emptm0]v\{!u/$P~B򍴁1{ P. #X? י!_L4#04_Dܦ:صY;%2zIu{{1;"2ń=#}HD>hrm[*cEyz䥨DNl6.?F["VhׄCLx> Q6t"Rj.H]Xa ?/=v_Z'Á7 lM-ءrr!hN֯r5.E ]}۷.\A2]yH{>X-KlGDu[^{PJ'EwpZH7/D| Ersa;:NziOY\KaBয়6;to Pxhd'~ɹgҹ9WCv,}$4wJuwۘp T/qܧH0_9rXP+q,:u "~1T8dj9/]D.^-Zj> K/gLt3XHS  ӡ췺 ]d6N5HY7rZ~{vS=L}:Ґ)JLlB 8t1}gg.Hm-{%hӝf'?E1DHi 8U/9`ZR7yI}KY HiE!;Aܓ Tw&Z"j0 EPk߉$ * 2mt\Yԏø3n1'41wW2kMe-0g0/@#jfg6M5_9b=J(N}50wg?;m(@*&9 G-JݤW]Ң3zxf1e9?W76sVI|4[Ng:`V &nKRv y=H]*'+ A+r&Mmꔭ't5KKcpKuXGg%y7t.L3:.jdC 8nj޿OγY2k}";nD\ɭ0.GLfHř=E:IL@ VEB#4rlUլ GlkQhΕ̰֏{!ΐ:8ev~72()h:$*(  z]$ LLC J̻XivC "fN_@ݗ \nf3nw< K3η:fp)GwVGVDi>‘-5R$ی+S6@]\ߘww+RkÎS֫5M͙%o`&l1 gE^ZiRj\l ޔ":\̆M(/SCA`yzDm~4#W!D;Bx˷t@8aԻWo? BQG(ͨ6qH Ӭ4 Za,E-C[OacM̩{ <䢑:Gfl:7`% sTK׿}Jl!%hʋ*Y Ih,5Àl4%GQj9ԁ)IRٖtULӖ'DlFg(v38pο"# p7Jbyɐ=[eO! (T3^HwRt?2:M/9Qk;X8:471d+Vm3gD!əe~/R~vUZσ^3n\t΋M9TJ4ds O<.mP XR$ {xҤ(lÇһt}@ =5Y=*7,rSzى}F(lC_x[te:]ǶI{F9hWl_ٗ|M(9@c)%R2I@Ch<ꈉh;iLQeGD{x9I\iXqP}ʨ;`ϟ[P ˘.3(EWi^Fy7Msp)ƅJ0AP|gJօ+n:06q\OQ# &p3FrV& Uc5W%x8!h}hy8GXh!XOˋemֶ%iT| J AWdl7KxeBIB_Ie1W?}V sDi1?|!kL^Yiw IJwQ5u4m&)_tg$_& ;4_PMy$ڢ΢:cH6]'ڝ}LZ=X@Q*jhi}ej W~*@֝.wCo_`Iw)Hymc & ګH]GR=FRKb7WwME83sp9悮Ma}qj }v+99a)gNVEuҎ*%A:rZeXFB添؃4 ?rABUbs Cai?!ܻL(P~KYg"5!k Uw@~ :b_=fz *{l~2Qy--Sj2ۊ<nD`ž[c]1OcVd%*cF}gD1_Ay)g3c $S~cd؄AaM ,MZfV$!f}̃3 L 9lBD~\y;iE-1R ^ľttI6L%3,1H='[^Ovau$Y#1+pө8ぎc"|746MgI1H9r"iN_XՂw>YPz!\)'xR0944 '"[SPc{%dl\< ;Q՚<.x%A?slF'=SaFp82dl4`Bejs նΊ5$:byI(&全aXFI;ޘ.ޒ +TjYbX*xTjGIq-߭n]إkV BsOτ"K{u&KâHX2}o}1jh>)yX}l-͗ݟe_UNSr5!'53InV3l- Ê=¦uEU(X 6֨&G/eqn"y5'!:s- /ُDKb&:g8GbH(vB?ЬT 9RH)߃snGYD{a2|.]NEl6(SiK>o/+Uo_6ɪO"0JW[n>Ž_ ?X_Y/̔SsN+o}Cd>=dkx'~,Ď'IӌJa[8{>xUa[A0]MX365i29߯B6jED"!=ud=iS lȌ0K7nc h#wѪKCG^3;uyn0N>(*:*9%kV5fݵ6J UTP_j8MmnY܍D%(1ׇ^jN3#Fi Դ&Y+>87BzTUn%%t<q( mg&qYӬKhErgtnAHRDHkgZ]+r9H1l^I9|'m `{ɵTR>ѳ-_7!a ib$Ř)qAx=:콤w )ՏEM4e?3[ 6ea\/BpmKU%v9Mk•@!o3$ tRQ*ǯ\أͮtq6kͱ8 e!Ẍ́jwmi~SD4&gzSPV@YxQě?V+v**@i1>FYKf Fo 8,N%>xe}+Ýt;BӉxZ\pHOOBJ 8mwy@ЪѵpvHR"!'/47pPޅ빾l8X]" 0_{s:;a'yM?-N׺P$9jRzZݠ- }jC3V aW!ແ)e0nt`E*o59h] t;;o;]iDנS^t}]Kjΐ,J 5hUY+W*6v FC<(?u1VZ%LUqGZ5 q݁Oзd7KԂc_ɼd#T'ed{@(-l\u^nϮ~V:o$_tk7^y?yvpaL < = u0a(VV.3WF4@[gatĞm:e_MǼq"u$`xowqKe`|nhsStlgmWh>/|AL#R&&C`I !4qkOAy&KHh.Wz:1L.Gk^,6Pug;eA[3H1wxẀQ/gͷhclrĭH.Ա:Bm EkwFg8? 0u_>P=gco"tC_׸G5wU ^L]Z~[Ԗ7f=crmOc3VEhoHnWRS \2cKD!no@Gșy3ZX#GaveBRQPИ3֛z1Zt-o* {5-T2 c,"GG'U( vRM:e5(WY ta=I DRV|_ JaziܭyRr E9ccR}: @z0ӊMAAR1NMqχ=zmBGX>JB:L^!vdH,1N߱M."_8iwȒWZhO"B L~vNh]е僖 `j"\B<7N$N b )EER=YbrVߧJN 6f w>-b9aPt) CɴF8N?'/h;'6p APgOƐOI+2@@'=u;O3$`܇aJу$-駺h,jq?y?0lLRE[P'>-'%$SӜ.=&-n=$Gv_-碠@}!D._!u^>|Ax#hUXm۪,D[+B?<#'I7XۥkP3b%_AIe;)Y͈b0XO7 ҇DFj uTׁ_h@Xԋ3_يI5Nr-$Jo?&>]Ƹ&v,\g4|ne'|+2S,k-y3@|;>5 ST6 6# KcxB%q Fơώ@E`-יGLj ŏ1d ,-[ %h#b Y`ؽP(