nss-util-3.53.1-17.el8_3 >  A _9U]W?@nb&o$'JF)*&[Ye;mtGQ̶DWכp%o)(AFhU| I>u97 6lEeoNk@E L80Ʉ*n{7 3@J4O ۟'Vo}i#x-gc^>,Ɠ.v&^c&L go!@T3!Hʍ=D?AIr/HngJ׹τ`{@T(gvXW )UiJoGqbSH^q{1؊7L#X~l;5ю^HgXAFɱۯ(r|u>n6l:w(cw6/H*܁{R#z fEbl7ԉv7ɯ~pרoɮOoH60XדWhQ_o6ba6074e3b7db12ba952d5f582cf20ab98d6cd79a4e0e6893da517b7de094b147009d873ad07bfc434ff0ba66e2e26b1d2b863d9̉_9U]Ma kk#!z6]8gQ;8ɮfYy#{Űg=ȷ̓trϭy`1,8RX)&2;RaU7YFկ[ܣ3(|ɜ*0)@4kfV<@X-d7KMwj-eFq<`䒘Kc71@-ZôX|%\E~Xu(U|-CJS)ƀSF/An`pdkG{SXAsbZ~ fn_'dꕾu^j%/;k'ph+K m-#KYPoHn|˓}8@!dzJy.gӞ+["<(1x&QH`no~*Pe݋qօLnMtmʮbrA? }FP@rdB/W+jC>]3a m겅,38~7\T D,/Kc0bX>p<?d   G "(0H T ` x  (@^|,l(8 9 :YGHH`IxXY\]^lbd eflt0uHv`wx y8Cnss-util3.53.117.el8_3Network Security Services Utilities LibraryUtilities for Network Security Services and the Softoken module_%aarch64-03.mbox.centos.org^TCentOSCentOSMPLv2.0CentOS Buildsys Unspecifiedhttp://www.mozilla.org/projects/security/pki/nss/linuxaarch64$FAAA큤_%_%_%_[_%^L8e50c416a9336b018835980c1433e18726266578db1ed6384f160fd0af6926b1a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4../../../../usr/lib64/libnssutil3.sorootrootrootrootrootrootrootrootrootrootrootrootnss-3.53.1-17.el8_3.src.rpmlibnssutil3.so()(64bit)libnssutil3.so(NSSUTIL_3.12)(64bit)libnssutil3.so(NSSUTIL_3.12.3)(64bit)libnssutil3.so(NSSUTIL_3.12.5)(64bit)libnssutil3.so(NSSUTIL_3.12.7)(64bit)libnssutil3.so(NSSUTIL_3.13)(64bit)libnssutil3.so(NSSUTIL_3.14)(64bit)libnssutil3.so(NSSUTIL_3.15)(64bit)libnssutil3.so(NSSUTIL_3.17.1)(64bit)libnssutil3.so(NSSUTIL_3.21)(64bit)libnssutil3.so(NSSUTIL_3.24)(64bit)libnssutil3.so(NSSUTIL_3.25)(64bit)libnssutil3.so(NSSUTIL_3.31)(64bit)libnssutil3.so(NSSUTIL_3.33)(64bit)libnssutil3.so(NSSUTIL_3.38)(64bit)libnssutil3.so(NSSUTIL_3.39)(64bit)libnssutil3.so(NSSUTIL_3.59)(64bit)nss-utilnss-util(aarch-64)@@@@@@@@@@     @ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libdl.so.2()(64bit)libnspr4.so()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)nsprrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)4.25.03.0.4-14.6.0-14.0-15.2-14.14.3_@_^@___@__"@_"@_"@_!d_@_ L_ _@^^@@^@^ۅ@^4]N@]]߶]e@]M@]µ]L]]^@\F@\Q\\\\\\@\I\I\U@\ `\l@[[[u[#@[[W[O+[M@[ZZw@Z|;Zo Zo Zg#Z ZZZ@Y+@Y{YY@Yn@YV@Y@YyYm@Yg`YJ_Y1S@XX@XX @XXYX@X@XX~@Xx@XoX>@X*X@WW@Wt@W~Wv[@WrfWoWm WbWQq@WPWJWDB@W4p@W@Wo@W@VV޾V޾V@VяVIVɦV@V@V=@V@V@VO @VHsVEV3[V UYU@UU@U@U>Ua@Ug@U[%UUU @T@Ts@TTء@T@TÉ@TT@T@T?@T:m@T"@S@S<@S@S@S @SSSSpShS(5@S@SRy@RJ@R@RR@RSRR@Rm@Rg@RD!R@RRR|Q@Q*@QQ@QKQ@QQW@Qw@Q]k@QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.53.1-17Bob Relyea - 3.53.1-16Bob Relyea - 3.53.1-15Bob Relyea - 3.53.1-14Bob Relyea - 3.53.1-13Bob Relyea - 3.53.1-12Bob Relyea - 3.53.1-11Bob Relyea - 3.53.1-10Daiki Ueno - 3.53.1-9Daiki Ueno - 3.53.1-8Bob Relyea - 3.53.1-7Daiki Ueno - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Daiki Ueno - 3.53.0-1Bob Relyea - 3.44.0-15Bob Relyea - 3.44.0-14Bob Relyea - 3.44.0-13Daiki Ueno - 3.44.0-12Bob Relyea - 3.44.0-11Daiki Ueno - 3.44.0-10Bob Relyea - 3.44.0-9Bob Relyea - 3.44.0-8Daiki Ueno - 3.44.0-7Daiki Ueno - 3.44.0-6Daiki Ueno - 3.44.0-5Bob Relyea - 3.44.0-4.1Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Bob Relyea - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.41.0-5Bob Relyea - 3.41.0-4Daiki Ueno - 3.41.0-3Daiki Ueno - 3.41.0-2Daiki Ueno - 3.41.0-1Daiki Ueno - 3.39.0-1.5Bob Relyea - 3.39.0-1.4Daiki Ueno - 3.39.0-1.3Daiki Ueno - 3.39.0-1.2Daiki Ueno - 3.39.0-1.1Daiki Ueno - 3.39.0-1.0Daiki Ueno - 3.38.0-1.2Daiki Ueno - 3.38.0-1.1Daiki Ueno - 3.38.0-1.0Kai Engert - 3.36.1-1.2Daiki Ueno - 3.36.1-1.1Daiki Ueno - 3.36.1-1.0Daiki Ueno - 3.36.0-1.0Fedora Release Engineering - 3.35.0-5Kai Engert - 3.35.0-4Kai Engert - 3.35.0-3Daiki Ueno - 3.35.0-2Daiki Ueno - 3.34.0-2Daiki Ueno - 3.33.0-6Kai Engert - 3.33.0-5Kai Engert - 3.33.0-4Kai Engert - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.32.1-2Daiki Ueno - 3.32.0-4Kai Engert - 3.32.0-3Daiki Ueno - 3.32.0-2Fedora Release Engineering - 3.31.0-6Fedora Release Engineering - 3.31.0-5Daiki Ueno - 3.31.0-4Daiki Ueno - 3.31.0-3Daiki Ueno - 3.31.0-2Daiki Ueno - 3.30.2-3Daiki Ueno - 3.30.2-2Kai Engert - 3.30.0-3Daiki Ueno - 3.30.0-2Kai Engert - 3.29.1-3Daiki Ueno - 3.29.1-2Daiki Ueno - 3.29.0-3Daiki Ueno - 3.29.0-2Daiki Ueno - 3.28.1-6Daiki Ueno - 3.28.1-5Daiki Ueno - 3.28.1-4Daiki Ueno - 3.28.1-3Daiki Ueno - 3.28.1-2Daiki Ueno - 3.27.2-2Daiki Ueno - 3.27.0-5Kai Engert - 3.27.0-4Daiki Ueno - 3.27.0-3Daiki Ueno - 3.27.0-2Daiki Ueno - 3.26.0-2Elio Maldonado - 3.25.0-6Elio Maldonado - 3.25.0-5Elio Maldonado - 3.25.0-4Elio Maldonado - 3.25.0-3Elio Maldonado - 3.25.0-2Kamil Dudka - 3.24.0-3Elio Maldonado - 3.24.0-2.3Elio Maldonado - 3.24.0-2.2Elio Maldonado - 3.24.0-2.1Elio Maldonado - 3.24.0-2.0Elio Maldonado - 3.23.0-9Elio Maldonado - 3.23.0-8Elio Maldonado - 3.23.0-7Elio Maldonado - 3.23.0-6Elio Maldonado - 3.23.0-5Elio Maldonado - 3.23.0-4Elio Maldonado - 3.23.0-3Elio Maldonado - 3.23.0-2Elio Maldonado - 3.22.2-2Elio Maldonado - 3.22.1-3Elio Maldonado - 3.22.1-1Elio Maldonado - 3.22.0-3Elio Maldonado - 3.22.0-2Fedora Release Engineering - 3.21.0-7Elio Maldonado - 3.21.0-6Michal Toman - 3.21.0-5Elio Maldonado - 3.21.0-4Elio Maldonado - 3.21.0-3Elio Maldonado Batiz - 3.21.1-2Elio Maldonado - 3.20.1-2Elio Maldonado - 3.20.0-6Elio Maldonado - 3.20.0-5Elio Maldonado - 3.20.0-4Elio Maldonado - 3.20.0-3Elio Maldonado - 3.20.0-2Elio Maldonado - 3.19.3-2Elio Maldonado - 3.19.2-3Kai Engert - 3.19.2-2Kai Engert - 3.19.1-2Kai Engert - 3.19.0-2Kai Engert - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.17.4-5Till Maas - 3.17.4-4Elio Maldonado - 3.17.4-3Elio Maldonado - 3.17.4-2Elio Maldonado - 3.17.4-1Ville Skyttä - 3.17.3-4Elio Maldonado - 3.17.3-3Elio Maldonado - 3.17.3-2Elio Maldonado - 3.17.3-1Elio Maldonado - 3.17.2-2Elio Maldonado - 3.17.2-1Kai Engert - 3.17.1-1Kevin Fenzi - 3.17.0-2Elio Maldonado - 3.17.0-1Fedora Release Engineering - 3.16.2-4Elio Maldonado - 3.16.2-3Tom Callaway - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.16.1-4Fedora Release Engineering - 3.16.1-3Jaromir Capik - 3.16.1-2Elio Maldonado - 3.16.1-1Elio Maldonado - 3.16.0-1Elio Maldonado - 3.15.5-2Elio Maldonado - 3.15.5-1Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Peter Robinson 3.15.4-2Elio Maldonado - 3.15.4-1Elio Maldonado - 3.15.3.1-1Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-7Elio Maldonado - 3.15.1-6Elio Maldonado - 3.15.1-5Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-1Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.15-0.1.beta1.2Elio Maldonado - 3.15-0.1.beta1.1Kai Engert - 3.14.3-12Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Fix various corner cases with ike v1 app b support.- Fix the following CVE - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC.- Revert some policy changes the generate ABI runtime issues.- Add support for enable/disable in policy. Now if your policy file has disallow=x enable=y it will act just like our other libraries.- Add OAEP interface so applications can wrap keys with RSA-OAEP rather than RSA-PKCS-1.- fips need to reject small primes even if they are approved - code to autodetect whether or not to use the cache needs to do so in a way that doesn't mess with filesystem negative file caching. - add kdf selftests- Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8)- Disable dh timing test because it's unreliable on s390- Explicitly enable upgradedb/sharedb test cycles- Disable Delegated Credentials for TLS- Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked.- Update nss-rsa-pkcs1-sigalgs.patch to the upstream version- Include required checks for dh and ecdh key generation in FIPS mode.- Add better checks for dh derive operations in FIPS mode.- Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417)- Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945)- Update to NSS 3.53.1- Update to NSS 3.53- Fix swapped CMAC PKCS #11 values. - Fix data alignment crash in CMAC.- Fix coverify scan issue- Fix endian problem in SP-800 108 code.- Install cmac.h required by blapi.h (#1764513) - Fix out-of-bounds write in NSC_EncryptUpdate (#1775913)- Add SP-800 108 Generalized kdf- Check policy against hash algorithms used for ServerKeyExchange (#1730039)- Add CMAC- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE*_DERIVE mechanism.- Backport fixes from 3.44.1- Add continuous RNG test required by FIPS - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism- Rebuild with the correct build target- rebuild to try to retrigger CI tests- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set - Revert the change to use XDG basedirs (mozilla#818686)- Add ike mechanisms in softokn - Add FIPS checks in softoken- Update to NSS 3.44 - Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy - Use %autosetup - Clean up manual pages generation - Clean up %check - Remove prelink dependency, which is not available in RHEL-8 - Remove upstreamed patches- Update manual pages to reflect recent changes in commands- Make sure corresponding public keys are created when importing private keys.- Fix the last change - Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons- Restore LDFLAGS injection when linking DSO- Update to NSS 3.41 - Consolidate nss-util, nss-softokn, and nss into a single source package- Fix the last commit- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854 - Document PKCS #11 URI - Add warning when adding module with modutil while p11-kit is enabled- Update nss-dsa.patch to not advertise DSA signature algorithm - Update PayPal test certs for testing- Backport "DSA" keyword in crypto-policies- Update to NSS 3.39- Fix LDFLAGS injection when linking DSO- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules - Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7 - Use %ldconfig_scriptlets - Remove needless use of %defattr, by Jason Tibbitts- Update to NSS 3.38- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875- Switch the default DB type to SQL - Enable SSLKEYLOGFILE- Update to NSS 3.36.1 - Remove nss-3.14.0.0-disble-ocsp-test.patch - Fix partial injection of LDFLAGS - Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream- Update to NSS 3.36.0 - Add gcc-c++ to BuildRequires (C++ is needed for gtests) - Make test failure detection robuster- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Fix a compiler error with gcc 8, mozbz#1434070 - Set NSS_FORCE_FIPS=1 at %build time, and remove from %check.- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401- Update to NSS 3.35.0- Update to NSS 3.34.0- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka- Fix test script- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package).- rhbz#1505487, backport upstream fixes required for rhbz#1496560- Update to NSS 3.33.0- Update to NSS 3.32.1- Update iquote.patch to really prefer in-tree headers over system headers- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449- Update to NSS 3.32.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Backport mozbz#1381784 to avoid deadlock in dnf- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation- Rebase to NSS 3.31.0- Enable gtests- Rebase to NSS 3.30.2 - Enable TLS 1.3- Backport upstream mozbz#1328318 to support crypto policy FUTURE.- Rebase to NSS 3.30.0 - Remove upstreamed patches- Backport mozbz#1334976 and mozbz#1336487.- Rebase to NSS 3.29.1- Disable TLS 1.3, following the upstream change- Rebase to NSS 3.29.0 - Suppress -Werror=int-in-bool-context warnings with GCC7- Work around pkgconfig -> pkgconf transition issue (releng#6597)- Disable TLS 1.3 - Add "Conflicts" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1 - Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream- Add "Conflicts" with older firefox packages which don't have support for smaller curves added in NSS 3.28.1- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado- Rebase to NSS 3.28.1 - Remove upstreamed patch for disabling RSA-PSS - Re-enable TLS 1.3- Rebase to NSS 3.27.2- Revert the previous fix for RSA-PSS and use the upstream fix instead- Disable the use of RSA-PSS with SSL/TLS. #1383809- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers- Rebase to NSS 3.27.0 - Remove upstreamed ectest patch- Rebase to NSS 3.26.0 - Update check policy file patch to better match what was upstreamed - Remove conditionally ignore system policy patch as it has been upstreamed - Skip ectest as well as ecperf, which are built as part of nss-softokn - Fix rpmlint error regarding %define usage- Incorporate some changes requested in upstream review and commited upstream (#1157720)- Add support for conditionally ignoring the system policy (#1157720) - Remove unneeded test scripts patches in order to run more tests - Remove unneeded test data modifications from the spec file- Remove obsolete patch and spurious lines from the spec file (#1347336)- Cleanup spec file and patches and add references to bugs filed upstream- Rebase to nss 3.25- decouple nss-pem from the nss package (#1347336)- Apply the patch that was last introduced - Renumber and reorder some of the patches - Resolves: Bug 1342158- Allow application requests to disable SSL v2 to succeed - Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails- Rebase to NSS 3.24.0 - Restore setting the policy file location - Make ssl tests scripts aware of policy - Ajust tests data expected result for policy- Bootstrap build to rebase to NSS 3.24.0 - Temporarily not setting the policy file location- Change POLICY_FILE to "nss.config"- Change POLICY_FILE to "nss.cfg"- Change the POLICY_PATH to "/etc/crypto-policies/back-ends" - Regenerate the check policy patch with hg to provide more context- Fix typo in the last %changelog entry- Load policy file if /etc/pki/nssdb/policy.cfg exists - Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy- Remove unused patch rendered obsolete by pem update- Update pem sources to latest from nss-pem upstream - Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key- Rebase to NSS 3.23- Rebase to NSS 3.22.2- Fix ssl2/exp test disabling to run all the required tests- Rebase to NSS 3.22.1- Update .gitignore as part of updating to nss 3.22- Update to NSS 3.22- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite - Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built - Use %define when specifying the nss_tests to run- Add 64-bit MIPS to multilib arches- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0 - Resolves: Bug 1284095 - all https fails with sec_error_no_token- Add references to bugs filed upstream- Update to NSS 3.21 - Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set- Update to NSS 3.20.1- Enable ECC cipher-suites by default [hrbz#1185708] - Split the enabling patch in two for easier maintenance - Remove unused patches rendered obsolete by prior rebase- Enable ECC cipher-suites by default [hrbz#1185708] - Implement corrections requested in code review- Enable ECC cipher-suites by default [hrbz#1185708]- Fix patches that disable ssl2 and export cipher suites support - Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers - Fix syntax errors in patch to skip ssl2 and export cipher suite tests - Turn ssl2 off by default in the tstclnt tool - Disable ssl stress tests containing TLS RC4 128 with MD5- Update to NSS 3.20- Update to NSS 3.19.3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers- Update to NSS 3.19.2- Update to NSS 3.19.1- Update to NSS 3.19- Replace expired test certificates, upstream bug 1151037- Update to nss-3.18.0 - Resolves: Bug 1203689 - nss-3.18 is available- Disable export suites and SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2 - Backing out from disabling ssl2 until the patches are fixed- Disable SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Update to nss-3.17.4- Own the %{_datadir}/doc/nss-tools dir- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer - Install pp man page in %{_datadir}/doc/nss-tools/pp.1 - Use %{_mandir} instead of /usr/share/man as more generic- Install pp man page in alternative location - Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Update to nss-3.17.3 - Resolves: Bug 1171012 - nss-3.17.3 is available- Resolves: Bug 994599 - Enable TLS 1.2 by default- Update to nss-3.17.2- Update to nss-3.17.1 - Add a mechanism to skip test suite execution during development work- Rebuild for rpm bug 1131960- Update to nss-3.17.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Replace expired PayPal test cert with current one to prevent build failure- fix license handling- Update to nss-3.16.2- Remove unwanted source directories at end of %prep so it truly does it - Skip the cipher suite already run as part of the nss-softokn build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Replacing ppc64 and ppc64le with the power64 macro - Related: Bug 1052545 - Trivial change for ppc64le in nss spec- Update to nss-3.16.1 - Update the iquote patch on account of the rebase - Improve error detection in the %section - Resolves: Bug 1094702 - nss-3.16.1 is available- Update to nss-3.16.0 - Cleanup the copying of the tools man pages - Update the iquote.patch on account of the rebase- Restore requiring nss_softokn_version >= 3.15.5- Update to nss-3.15.5 - Temporarily requiring only nss_softokn_version >= 3.15.4 - Fix location of sharedb files and their manpages - Move cert9.db, key4.db, and pkcs11.txt to the main package - Move nss-sysinit manpages tar archives to the main package - Resolves: Bug 1066877 - nss-3.15.5 is available - Resolves: Bug 1067091 - Move sharedb files to the %files section- Revert previous change that moved some sysinit manpages - Restore nss-sysinit manpages tar archives to %files sysinit - Removing spurious wildcard entry was the only change needed- Add explanatory comments for iquote.patch as was done on f20- Update pem sources to latest from nss-pem upstream - Pick up pem fixes verified on RHEL and applied upstream - Fix a problem where same files in two rpms created rpm conflict - Move some nss-sysinit manpages tar archives to the %files the - All man pages are listed by name so there shouldn't be wildcard inclusion - Add support for ppc64le, Resolves: Bug 1052545- ARM tests pass so remove ARM conditional- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) - Resolves: Bug 1049229 - nss-3.15.4 is available - Update pem sources to latest from the interim upstream for pem - Remove no longer needed patches - Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken - Update iquote.patch on account of upstream changes- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) - Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Resolves: Bug 1040192 - nss-3.15.3.1 is available- Bump the release tag- Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws - Fix option descriptions for setup-nsssysinit manpage - Fix man page of nss-sysinit wrong path and other flaws - Document email option for certutil manpage - Remove unused patches- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245]- Use the full sources from upstream - Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird- Update to NSS_3_15_2_RTM - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel- Update pem sources to pick up a patch applied upstream which a faulty merge had missed - The pem module should not require unique file basenames- Update pem sources to the latest from interim upstream- Resolves: rhbz#996639 - Minor bugs in nss man pages - Fix some typos and improve description and see also sections- Cleanup spec file to address most rpmlint errors and warnings - Using double percent symbols to fix macro-in-comment warnings - Ignore unversioned-explicit-provides nss-system-init per spec comments - Ignore invalid-url Source0 as it comes from the git lookaside cache - Ignore invalid-url Source12 as it comes from the git lookaside cache- Add man page for pkcs11.txt configuration file and cert and key databases - Resolves: rhbz#985114 - Provide man pages for the nss configuration files- Fix errors in the man pages - Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util - Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit- Update to NSS_3_15_1_RTM - Enable the iquote.patch to access newly introduced types- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Fix incorrect path that hid failed test from view - Add ocsp to the test suites to run but ... - Temporarily disable the ocsp stapling tests - Do not treat failed attempts at ssl pkcs11 bypass as fatal errors- Update to NSS_3_15_BETA1 - Update spec file, patches, and helper scripts on account of a shallower source tree- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build3.53.1-17.el8_33.53.1-17.el8_3.build-id4175f746c183073367b69901b674a04831fe56dflibnssutil3.sonss-utilCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/41//usr/lib64//usr/share/licenses//usr/share/licenses/nss-util/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4175f746c183073367b69901b674a04831fe56df, strippedASCII textPPPPPPPPP P P P P PPPPRR RRRRRRRRRutf-8b885c66b74e2ae31e8127e7f8f9e3b6aa776ed2039081a77b41720f7ce667925?@7zXZ !#, ] b2u jӫ`(xy LuxCQIݢ A-s#۽Yzonge9ͻ.G wZv q80 NaRpB2tvYƸ}:d*nhVZ Nq@FԌDf3-0cd,W"l+pv ׶<0r/uW+ȒcswxkM͗6WþzYKQ$p!%T_m5fPNso}A8w)4k ٭qU_F$#7V"|!R1V-8S IL;IEb?!mBYMd]I Ul+iQQ,+і-g[zYD2 HG6:%o0yEY#`HoTwTdaQD.针SR_!8٬[X i)*Iod4ză[0?&K本gk{DiSMO&CyH#SKį2i8R њdF_RVLu{%Zq )>ZmFG:H'^t JJ#YmkӲeJ*bлE!ɛ{Fv7Vm{D+tSryхa >Vp?|{3`V&p}<[R.:2nLlpi8oƝb6-ނ:.S$o&ʅ@JABt^OeI#Ƙ߽q^S'ǚt.k75SH+?lbցՂI$nou[l]'lm\2M9U 4J$u-z̷<3^J 34.V'y)ӣAۯҗߺA gAڈ=w-E| wڡgMvCٛP\*P\7{%=GXuɻ:Sz¨- AU3u %Y*҂†Sܤ^\ߚI6wDk=XivYF&֛u ij [qW".#GһESRbؑ}h1m <%&SaʢR_)߼1'*zg=@"$(8R~߯Jنa*3qN}I'Oy, aR۠J'K "mm@s`׷c p4X;'+DEŃ[X>WKtjG{~|)y]Gp,Ό1zMEZ 7yX"_mZX C#I"cf/PE唀I 9EiT:tk*@B7S=a˖I.b;P+V=mx͓ewŐs _[H)w̢0+Ni 72fUI:;aE:WhRU*︩keQIN@u߲S.ћnmp=y?~n@`8Gdc  ?{ @{yVla }Gq` qNx\V;.n<'? tȖLDetD xy\-/.nFEg1'dTs~K4/u;b'3 MZ\0Dfq;>yQ̮[C.m *O$nH,6LM c\[1M!-ah"{'}MU٠ E6过3(;ArQ=*S{TCpk * \e?o0BIY!?vkHq$w*'M/IuqV;Mo(K¤c [{½k&C 4<%^ gqV9dБJ%'܌!> =8zߜ2o:TcwG'!N &x H~wX;8~|1@[׬ImN[9#ȮJ WhӦ 2l[2{5 +v"ϰPaYuLc8V[BOHl;О_iB.!iOsh>۝@MX莎}xor\pͩv M*1m^w"Ha5p,hV'yL0+-q Pׄ\^*;Tk/LQ^ / շ 1t糌I6Wk0w.}K)ƑsbѻeBg5E_ [ ǬvWPm2%*#"Ǖעrs6n0Q 5yræ:c7[L8Z?s̶- /.w"M96Ds:/c^UUֿNKh0aժrvH.O!L ?^5bfKT=5g{JB^D\0S 75%dSAlpZ'o+oqEֿܘq2:! i~,|. r!*Q䷍ʐoKIL&[|_M98Gc0Id gEZgJ.pm(N&m lu1Z,d_?e~B/9:QC% Wl6"hV)O?v]7!F|{%:IF³bEADtQxٮFyĦOJE}\sI+ib,b;eVPNzVgI_ɳ>PQo(Mf]TvV|TֻƷM$!:Z)tzAYdq:WG%yL u~f\,[VRzg7MssPG32ʝ` )RSpVIb<%t@ b/qRsi,s2j4x>D6ݙi P8oDaAg9Z$1,7`-H ?Y:_=?XRs^t> #) Sw=5D݋^p}#3>8[}Γ9ږiq@;3.EI8wV?Yo TDհ8)B 3k#ba [5 ;u!_~΄D1*\(K\vVʜ q=Lq\*߂;!V2wP /{6WէѪdj̖xfXXjl[d3-Zq9LM*7IpƘvTEVd^4Z"S#HZѹuviewK <-RBEsbCͤ+޿Y<  )fϡ Ls|8-B :JDa+G -:=/V˒Wj*Ǩ 9oK?ũ" ǥ>^(NPB|*v_UiL35Su.H]% 9 d5,rW8 SQ(\8T&Qh1_IK., M8oRX;k'gνŧP2 f4efˑrԹ/6aE5̐n j2*zd52yJB"\)z@=ѣ? fRHR*5dQ|/NPmEGa/K<6'A|0&!sH~cb`-n ݲc Lȣ2)|tf |r.L+ה$`"aO%H4݌V~$Q +Δb&?*Tsw 5^/8_cTU[0w7rZ箔~%_͚l%р}d֜]ܽgZ>S=ƹ3He$,ONƕ~2N:H6ިwl1H/?{[;]2Y*'(ԅ߬:,3w$J=BkE-j ͒/31|җg*#^<4MU 1k`~*>7Pv!r$TCZ1t+Voǥ\_*(M)x\vܨ,qǜmB`-w;0xRՈ8^㓁/ -VJ D[MC'gŸ͐)E/~юXE\;lѕf_.i7$p=~+fAo ǫҟ `` :۶*B# bc3=zX~W罍w!7C`*W%iҝ2#\nnC!J-&Px4 YBWIH;{ 2{L!*Jg 7ӌkw)ÿ炗Ĥ(~Y&(\D:YoqMqvÎre Ȣ&~۫w2sBl*u1 =P1u-&P&*-oR]$o|!uӱ0(iJ@",L|r3q;LzP8n[㤕v-f>[|/#LŎ0Pv~!@ o6c{i!ѹLX"}2YkpZ{4 Օ\\\"۲ZZ薬[ZZ/bsPLݚnԹi.88xlz ߮|UNl01s&d: fTuSlc!c+jFLl儷CTyk(p#Hrf<#{֕/871K!KiН L4\|SJ9Y. .c\be)` 2NCBTQ"&b' pxw`B*EeY6fXL*;*}c| p14BkƠ&x %ܠ0m^Yv`–o̥=[x wyg5lpU_Uⵑ=o1cenxC !G Y-ZtkCu^mf 80OˢWJqmK?{h-)U? +]k5KeMݡI?8Zz"gm2P,¯EJ*ӆ8VٹXZ O~`]SE[o}4Vd?yCCzs! E#T^HcG;GGZ#L`fR}o UMhsgz@yQq?=q,$CM" FnՖ1P4AnWBŨ[ٖgl m$QʑB?z6͐;џv}na4]4ZS3>5QKOEƴ=iEyR/d?P&ɊD"P0/Ř9#0hWl[SKp,F*q}&ȳ=J)c40zbIB:=~;p)xB#%p4^Faq肬<yF!4Q4 K0u^ +|-dwAI3V>P-;T>%rRMifj4MLHpF)\\lqLiЇՐ Z>o8+ȳޝf&0_S{7a>VFHO$@Qm|bY|7iy!FBXqcpB4"BB]fŗҍ+4Cp C}* , Wf|*ށ:k uvLH>XP:#(ԳdDh>OY3^ϸɋȳc3TjU3r {b%<$q1=.6\c)l7IX$ Xy  #f+4IwV5OnRzDK@@3E>bHWr`j)1'(if:žVx6‰ǦgB-{&`02[#7nнv;L#:BHqk*I>:/ݷL"P:~Sr|\0Aub[tZ˘K)񎋓X OVhkm&}`54 3R+p HB2?(g*ZTb7'{P^}y#zaH|'g {#ӔtpMOKw:Mzև~5jte*~0z\jSxVpi".l a?(Πe](_^K~z\%d5Q+Os9oK_d+Y%c59m*3w ?a;a- (4i\ʦWޚuk+;FF8"m5AL;HrOlD- iϨwDQvkѫMM؉7%a6(T_]&F_Gڿ;D&be {#Geą06][}|T"I/Fl$Wk3T?{vOESH1UO"W+*VE 3jd1VVw^)xv>Y ^~́)Qȹ #D89q`נH~‹KB@=P] "f9$fMI~^?Qt6V_ Pӹ`Ti*'5I oj+xlƳ5?5Km=xsltZӧfGtȍĤ3Y@̥NVfp@5|n'do`^U2@6+'/Ehjhݓңp'@}^pއ dgR |zwyT, d?Uj~KH"OX$L6Wz+k?rJה~@7L⫝̸+_3j '/N,QPrȪ+纳eYjru<-A Ob_\w LvFoƥ 8=M (R^Sw-06lK/dtGstSԨ25)I4ًlSt_O٤E^oY /0i?#bu[>8gH~~C\.ߐU6R>=LgQ ol$&W>>Q۰5/X82MNTtfzP˄RrD./Msz(T΂ c^Un*VR]_ GAB#!aq Nඍ;OP}kRɈOG] - |i-z=QM#0R7 XӫIwLI.RBOˠVu{qIpsye.;Ibߵн&=iEDa2ik%uک:>r/Uu&ۼ?NtqڌqU0{X\]Aiy <$M.cV̝uY~=]4cJ="N0)R\a3 Va9m3WO)ipn솹m~8z L#&2Ht>+Rl#oe=&Mo:d끺,']/e 0h{(z#9LPIdž`i 53),j; Sx)ðL5Weٞz q` VȢ*tMnloV3BM̒HHKpV|E+}w-gJ5vݩ]˺gb r`ڢIAsf l rPq%+.X){-/_5fz2R61tV7 X/yȤ3Drw,?} F ;d%_ >tyAm{T;'%łH(P7')KI(6rC42/kZeH&5m({Kw8֠^%?ZqՂ\1 !Rt:s#`2ձtE4|m1r СwsvQ,Ԫz]LW} Y${groB50~{x-#iOMZ! ET]c@}9lDXKIKJՊPj7F#ftdO$J eB+oS=rS̡:6)P ^{{z'&X@3.vߘPR#7Lju`_@0n>6}Yl魘 29_4yk@kiъOm'z͆ k˺ >tV%0iLо^9ɾ8)Җ8`T<E{31%nQVGkSR_yrظ[DqviNTid{ ^2lbSKiVi9+mgN#w՘vBo:t w`mxhNeg/C͌ӫ^XԳ(fإh]XQЩ ' c^> Dl_-}H61ȁfQA@y#nyP|?PY<АZg#K֨3#Nox4 @i'?>Y?o&+A oh'sWVD{'k;CzBJ4X( u!ԍlq WAaMWKkCY4ýz_C8•IHmq,5&WpZYSfk2tOE?'ۼX"O!EdPJ71 8!kFk%LBd(  ,4?:XPP${q(Fa~ЬT  v/qt&]$`S').O[K[ E]&)46Hןt Ӡ~EBUU # 0bw4{Kd. /dE281?ՙʠ7&:Ѿbޮ|3Y I>PWrJ4&+Djٔ K}d.o?z^OAe͠3”ϖFw!ihZPER[N`9v3fMLe <`cVfNkŝT1T8&Z _7`pfj15լ!%MN /L Y7䱣t.męZiI Hh)|zt)mLy"Ȯ6J* ).)ԇ3s]8e0q5,hA_jyسS_{;8kJ+ ,j@d. (𖸚W򾥽GHËHr{Vۉ'{DHQ#$5uf=?㓓gH eiCbLJN콇؊]JC'G49z{owG5i&ob=(X +7}9BD"EBTZR lqur> ǗlhS I+$Pˈ"1ULB7Y__B6܏nY7y&A.=>{*3eJE_~:?'cP+ X )pxNib.T*P%^(~^`øl44=>}r6$Hy Q{O ͌ЍR9r/3I!?.[Uě Cqon6plMce2#y"=U=RAv0' )F+kb%%g/}FGibqubSE/BBNYoJdQ}PC]]c h TɌc6TZB|EVP v5\|AB'GҳD͋811h<rڠMwbJ~CS=h^̉+dF):NG G4~F9sT=&.vsgT_ .yuea?b4ؓNh;"H|!p-B.fODD{Ž^tD_s[ĽUtL.SI*Roi~.\34G"D¹.GjsVMݺs8ʸ E%Fk]e X"a]z$z`5xq78m!51冎C[ʛZ!Z/}|/'@^B57KeI-ZZi/]ʹd,Hǐ|n#&hY&;}mVA?Gϭ-Ǔǚ}r)5fɶF%}f+rzP ^9m`rҝ{e`BN,,ѦwȎ=Uz+*ml[=(cSQV|u&z@hM[8˿|{KgPIm8s[V;Vfc{t(s!ڳ}t[8P1|9V{ k!\x#T6֦R ɦQV!kӌ=𝭞4 gW00H.+8/TwolNXfNkڣ,NU=Hl̠w7Ο ?┐Hk9 i*=?VB`mTa ҉U3"AY9Vm|^c'_(+\Rv˱0O<]mLjB[sPn%9g8fmvI˄z,KHܤK5H:gj70iX+ٯ8oDޭwLz~STSb6aMVxs$zv9>J(^o‡n?hPC>}O^ ܾr.*O'97$@̫gue>}$k7@`nƶg6`  i0C/Zmr*M V)Q)42w@6(a!km *Sݔ Q-ll ўB xS b+m(X^NWTsM#@)X,9,ndhAد;zh<~F8'[햽k {Cm_wQ> .jԎ_^ɔj [\#~}k9SQ%/qtԺI>T,fW,B-WGJU I5fx4|L=3]+)| ~C7>}0b1;P&~/8N ZMyB ώ&pemo2bPDIm-~0VVjD9 3  ŨNLf(!:CӗnwM *1zS G50"D^r+D,oB۪(TE (:@8NdnA9MvuP1Bo6 5 K_;D|yƛg|Ci,>}oYO#lۉ >aNC. (f")8RnmN'\琵Wg|QyT(2jy;?1hz\j!:푕:kz3=ߒaaX~墯{>Hb77kztSK +N1xw:urq`#Ҋ?yƃ]y `О;|]@O8VR#"eqs&;ut]RrPkXaA-_,zXn%z>>Pa,@p%jlWhapTnebzmO7*p0mw] % oB6V>Lb)e: \m:Wo(Yu&ķझ-# ۍ6uʭ󭶦Vai9r^nltة)/XPFh bj3z?X#L R6h$Lj^(oR@pcĜqo [cW|Xɝї^ UYMP.PaNJ+>0dw\iϋ wR%>V1{U-fl8-N߬r&+; 2kSn:T翾?kmfL=Pu7U[p.Ӟ[F<._J+zSNVaB3XFHⶌ_¬q! kU"2qxOWDx{c䮠^q6Ff-S7Z+z0=שDX^ܓnFޝ#@Ş%d[r"ܗ 4ȴ[ㆾoNy`f[<17WJڐ5ڃsJ( +: $ʨ %cjj*Ig:P+ <08=s1y G?~#xx/'kaBsRvu׸Mx`W欹~c!P -d귚a~0;tAQCe{Ѣw>f @=/t2Ы2dq=cSb 3T%EwJwԋX&&Jޕ'$\׶/:m2I`YY K'-Z4L"RҡMR"G.i?'Mtm#qȄ %y5ȰƆ[448`%PXq+Vc@w+[_!lުm eLщBrt *s]r"/ 0]l$x8:V6@ a!v,XRڦZ^JdrD YJ׃Ƒ*,ǦKM|BLR:f^8IYץ!dI2c tKݞ@!&1#y6R7Tx5;Jy~F>f. >19 oDn*xb[>j_7ϼ5󈅟7ʉیNߐY. U d۽n܁8ϠO/ T.n7s <xQs 6_6$f 8Z*PkxՀP(|rj(A, GIu2Bxgkk$nϪ](BpPE W6݉]Q^zkA;ՉjA48HwݔǞQԸ1${*迸L o6_$ɡ ɹ'stf\WGS7h2{R(IeE1-QCt=)'ԟ`mgOiQ\wZfU)Qk|M#[{rI6 DF!!Z ?Dg+=;&So8̚i\Kr״M1{.׼ZBNGߌ >sՂG /5^ P]=jk+4и,V2I£ 0v֊B9GjVٍ|:c,#  cxOsP_aߠ,f$5iX8P.|͎q'8#F~Z0wnNhxaT.Y.0!^E]D^8:U}V\8U:sD`W,'^əmSMͪ>l՝ᗮb56o_tU%G\+5u0{f"10 >br€%uo[ F|ЂEArp蠞70.N|( ,d3ۦS*ȟ$y5hihيs$t.C޷~:$RV+ %5G&@.Ӝזr&^y#-:\ ҷ̖F7ZR]+૦ ildsݘcZذP jA8maE!>v]3-c1M]/Ga->_* rGzx>QDWa}jA vT@ֱAwTp}oJ#Q@Kh3[cfaxq)Cy`hϷzw裵c U7d#Q9­jm~uvdj<#eNGT`t{i{0/T@,?qH!Yto-N%Ba--!_{I\v@g"wX8@;\&Ir. Z6AU;d*ZEcsʡ&"Qū>k 8%RǺ1YD/y%5cf=#TK1p?ؤz/ ,n8fkqu' :;W=k2[d1F$g.^@ʿRnqdS$DkkҌ;YmF\]°՝w/C3MMCRZ--IOnѧ5vT+CIFI[8D:og׭@5jC( Jo@[Ú6m,MMbQ5@ l>d95bҼUnk?0⧏N+v[x l "0``(^1)"6!0EBK|X+*𰌱V]S !"h@>n``d_)g" ] E4TB9VSڋ7LT]h{d+/5RVGЪ"(CB4RѼd\Bpy^ [&DNEMTު@)ҩYhE:%3hOpC5jb}?+WI R|`W!?QAֱ1%bZ-#9[5nBW""%KEr n^3vV>hΆw`w(r#^D%4{;)q{BuO]Z:ĄY.{t_:Tʅ@x2 ׉>0\&6"Eg@f &VN#ɡO.vY: q fT/siUYBsEdY'*"q?߯R[*a7D =;ytޞ5Qpy)0J&+ubٸՠNAM W[]B16CW9:W4Z >, ;}Ee1{dvJ"Oku y";>sݩAFz$9l)e^_4Jq߫^zt;Y`F>}!x 3c/_O*{-Hnʲe_ $ km+¾nUDt 0kJym]\~k ;`r8nK,> b?-5o9T(}íơ;vIwAYQ05HJ2$r I]JdNJҞW!I7dVd kU$PE堜cp'䟫Vl}x-9V{4BɃJ'Ʒb)G"Ѿ+s5sh&NzY.&Օc~lnNC9Ң"1XPqn8Ζ1]tݟW7y8@eKˋ$k+=ESѯsIX\ƙ@HW)Iwѿ1XD{1 aKzM$xU{g L{~:G! !=Z0)֔Qb@ڎ<mN^G g?m$tqy[C$Fw[̾$6HZI<4|oU>Ibo20'~6E/v{>)GK{m#1f7ԡdBmBƏlQ3%ni$ 3/KiyڟҏgfoFv G&Mu6KePp:P:ZW^YQaBxHǮj`WqKC9$很meuE]zX]J&(Ԃq5I>(ltHvY2'(9.S^>Y `X~q:M\=6yNűhЪ$8l6xLZ#k˥/B<7_yl ~ci]`_J-bzmJDtZ%sd{Xb'yx*Pc12`Zlkq#hvl&a(7@NwG0iD.#xR<y ǟ+sCn06+a;}0v1r 0fd뀶C 䨼YiqV>FOI&O9Dg3vLzVǀD~.ZZ% a"v+'=W#A3 5T{PD]%#ƆPv BhUj~YZ9Jr5A=Q{yܮ3|F9hGi$^do㺋 n{ԚLURq]?YjJp t` 0\?m`'A[#+~Ħ[Pۘ5`pE/>Sn;+SR,p:q nx3W?(Yw& [S(m_#63sͩbF՝82;ȏ$yW`x O-QaE[!)(8wxhJݱ0g$,$M.Y!OInjoj9(Dm7B}X&8ƾO-*H ʶAwS5QRA!od,0. qIsGv\w EV*?,Qcij[cZ8*x͟@EplM=!Ŷ`R>]DP ^[ަh@R XJmI^@`3(S&?F -Œ %75E i+&Zo(!T=ڗ?&n $4WOq p/g0]޸4横e5N~7yܯR]2tY(MUy#B) 8rZJGA gIoq<2rMNiCTs5A};y wgsഖ RR7C}Q%̨~TܰFCpw`wQISɺ5(i͢TC&@CN̽iJI- ]j V_f{jH;^wۍh 84σ>xeQ8QW\)G'sR: u X)5/9%#oӔ5UW+FqH]WfH{'`xED` }.qxo!ՅDihoQVpuEas b欖}23)p.[ؼS q2 -J"jҁaƥM@Sx@X5]RV֋PW,nC%`hzjE|B+i xW2aѻK!+x伆}VIC+#Omow-ZJpLx97y'2DG8gk&w(p죅k\pP R$FTlfF?4pEOS97HjF̧9#Bksg }*\'S!}s|i~,~A%ʪ-Eg˯!Fvv1' v>Q ze?9.D>P=3y^WSJݸq*dm!j/80bmگLl;/-V;|4׌W?suA( 1x0<VpRaӐDb-&똿F'a\}J?_Fң`W$ZNw`ƬL'{U ȨGBVY^&y¾8NTL_Hbz q^eû Ke3O\(SaGRPwXrfCVM|6U]飶wtNfJr}3j^vE]®L`&2cA#?1e ia]c<]Ui̜{c9t9pV 6u'ф 9wruv6{67v <OG!wB\맹Kp= @mP$ !@&ϥ>Oa4i+Hfp|EN6zUPl//L/ E^ۂ9CiDۖaҒ@y]ea+Щ 5YaDzKU_c- 1Icd=|7M. חtP|sC 2~% F3)-o|TDzHTP~)۠k{d s|yW%)D8 ̳hk '6$UNqE96lV/c`uwv}@s9~ܜ,A0ɄÄf/ ,I<lOr7 ;ʶhmc:E®hD_sUoN!Tuuۃl%qNxzMқ4tBuA򔀵/cSI; _6Rb3u+d*CX y>([Dɣ3Gw3V8%.Qӗm%QnIJ!8s@X籶Χr!GJ+?}ڼ"Sq\PmFxI$xm@K6$OmxE O,]is{di2-}cCjO ")(=Hb`&Z,lُ: H*^E6e?Z:&vt/*&%546 qb>EB\֫5]kH# MEu z?ˇ A ݌ .qrC ė9WoTUIf ] :ؽbp)vX}!hWYqqi;]u{ݎ9Zfp.TVmwOݮcb#F/~ -r~WxhVΘi.4~a3sE5w^9`M$j3S'ķ mM 6;gRY;wa!m;!`h xV׎:QO/Qk9hG/툒#dmr)Oi,A j : IIҝF;17Dju܃rṾ/b$[1~X9l-5F|oq>G珋w +wY&#ACڽxEM4f,\*aWldE!i+K%H4n8sLW<w^dOcg;e5}_V*zzd&\X4 vSJzh#/v5Xn t8P~1!W^ީ(ν*ޣ Y)fqڙ$s>Rv7"I 1xCIJCڸTGcΉ.}.Ig8}EaWPG>5tPݗqk&SP=1~)B'0~K޵Xxc.{%ޥD W9B"T7L%{lڱm?UBm T(wUa+#P/>F~lz=>[&/|m~3Z $!^n,2sQ'^zQ.tQL)23W [9~9tmZj]j%wJ _ [!hҟ,B&_a/f;4tbIw)Zd 9 ׾M Dxqx`}`䄖tZt_z04x!1*s,M (F':~LW:iWbAqXS[r=h4o"BE'h7Ru6n  '&g7i9MwK=tp&9Ǔ}d8`'XDMA6ԓH6=1VB7IdlˁS@clgg{|UsjxLJ uT.@=9JGdxAP[aӳ26CJ@.WS ;ƨ\SNqxA8C+a)l6~8v4|t=}ä>"9Tw ΣXtiؓ9\)/$)iqi0);}K<:F -lCv}I8a?BNsqd_2cNӉiQ.ǃQ AW!"0AcKP<8Dvx[BQzR"&!h-5K+J'50sJfe4K󡰥PؙMם56Rt62YА?ZbFʹa:SM)&kAy1tz =_A}Iy7 P֠i{5cƒ 8,ҔUA'Y~~\q!'33wӱ4LB Ƙ۵5r!#9]>5,El&@/kN}.~ʛ3l8Pw;QVcxSQ,BHd\H ;}5b=FaP+E0V6X@Vb믂sRz!np.=:XiB8'2`DoIhܑ#xBfU\ENXzhJiEO5'(p1 r$)g)[jq$˹jaSwȾLD&~aمU;~K;5ȈFeNcqՅ#fق3aHq-C{8t WO]_Kmd 0ϵwE}.M`c,[&yo;/[!7{ B8WKouQMͬы})uO;+.z,۸k!i\ ,jW]`!1f1'uO%yՊާ1yf-1gt+9y )8 R5g_y\Ak?u^4 vXWزEB܄dC?)X7I(^aĉs9f)-9=7'vMo#v^Iu1Q6zxB(Kc0vpSN:OP7"E, O=ɦ6%ha#1$JW?Iݾ ] %Mo_K+K=O $S?~t!ӤLh [Fo+xh1 Q Ie_(BM0uS| p@w]<70yKF11#}乹'If|lW7X PO_p&]p9a?0|w#sH ePn\N qΛʔw3 YE Ts^TXZP;_#` OqdI%쓼G ,u~P?G#$0FAqkZI.L5ҊQ`r ^=Q食63Cx=+K3'#s _Uf&$ndӤ4^ߖl SrN]v5ჄqlN"JJeyw]V n0|DDH\EQmf0N=Ih6*[uM*Qv*c}ң!!,Ԭj'_j`,.5? SMsEa]2!adMpZ=n `Rco~4tz,W%yt -Ѵ"pi谧O*E+"ujӅSq9v 'gIHE>x_gU rR J@xR^QLv(7> ۵~1fQ_^>6گ)_bIPqf#x3,%(?JxЀ h[^q!7_DEc.+p:Rv-C"lEGEO:N*R[`Ҿ.z&a6s~{ 6GPeSF g(L|[5}$CUd%FEHƱ?B8דS yptͷqu( cj> &8ӑp-P:y3: !ReaMK c)\}}I+6te)OWu[\ MԮp>tߝj[cRy_.[ X;78jx%{w%Rmgz0mąIoև2/2 d$v&?I17F0 fj*LamhZD@㎙W"Kwڵ42\)\r&e`nG>n/tx+^nfi ñlSL痡q CrfML<0_ S|-^oնA:HP"DB~߃l)L\VևLCA@&tH۠ɸ~lQZ{DmE?xƠqhꭝSauyp^xP#2W68t+B 8r˚f7 |[,Xa6IƯ=>ă sPhK]puE&g]9Llɺ <2ѱ̪1VA)8ni̡M g͏yQBd JЂ/z#\vKTz|d0{a!ML0>81"ݭe= _6j0k9=Xk${!s `fsdhz66EtZ[Z-1TݷB p1r$ZrSޢڹnIoZe<@4H9U{qT ?Tm z1W)ֲ瞳]jTySIA-«sm\l=DwnJ~xǸƍ.G_ΚXZż~;;G8UOY髰窛_aёZ )XWյPҀdđ?h`4 06k@gפVIե@ Rڭm)EX"o:F/!:"BgdNQϞz^[QҤ@3F24[ltثޘ `7,lz w{WvO=@Z'ssU0"(?ēbdjqMU6YXhȲU*J xZu=XqS>b]tTbEE<+jP}S GA`m⋰y=k|Hq:Pj) dͽ SWq Mz93&,U.0zAm+Drw57v@H+%F#} Mx ƂխǢe\4eUyF oT}cbDSۼ9_|4z gs^ BCsZ]>"1ww Y:XRۂ ,Y '+|Y@+EhYR W vhr/ϔRP7!UA1q9j)6y덃R ȦjXIyvQ 4~6S)kyN^Cm ~Q}`^Qp 싃w[w*Ϯ%QU1ٱy1=r-w*4!. 13Pk hq;6LnUR}Is;qmPx|͍&e?C}[թZdG ;!rf'*0wXff{#_^vuyA S:lNl݋O.DOx1Fcrh$CRj,fFB% f}W lg K1DQ >N9-ΈUOCQ&215'7!NI򷚰Z h~=ԱlWy xϾ.{U9-?lBITo&W cR> VăsD|brrF˾C(SIW؛Zǖuuh&$= lk52l=>zr"GH]匩#\^E6uWRjOn}A^l{!@余wJEƈ+`TjG+(6)c/*n< G7 E0 5lG{鰄X]k{a>cguO _(U%d5*OaՄ] ;aZA[Jӷ!],L}H} M|1IF2.?b/R8?^*YĄ /UneoQخ5F&'zBFpG+Tg~@Xۂi1gG핁2:l" sKz+K AW$;QJp[NVh x?7x5LX'сDv3qo?{ 4"f)I)ׄCqqR`$C 0 .Vɱ`c\f4e֦$W#FRJdA-m;j1ο at W|gl `k2!c:3 v6Aa UjxRZ fCR ֮KfAWԚHR %`r B-#"*2WAUMfS iҮ N&\88i؟!2S[a$?Y3^p }fQY UpaXW񑿋_ aQ+=Nz .pCA?Rѧ/VGL>%)D=rs   IxSJǖlKDk!CSQ fbMlIDV9µBY @waiJ1k _vISR sFl9.}Uz?BaEr Qc#voŎ e OYY|\\ |T?efHn#2#B #ސ_Q24&Mn pv^)Z`6`]_0m܏ן畭o{+ub,H1G}JN5暆oxn,񽖒Z|8W< FύU= Cн1CxCP*C~𷚡Mfʫŏ.X4nt@1{[ \ !u0Sv.;ad楱 NpzLڍںj2sU缷~ Aūtb.h (=e$EhVK[ \X_xζ%EuX, :_%(6]E?u9*\@K= =iw Ij$MY$4wr|v) T߉ fTvf]5h#y[[,Ho8GHcŮp=hސ/u:vʟ>q4TU\\3Kd~Dt$VܱYwoℸ*@Dop^j'x0zD)+oy"ggt`Nt3.=j SZþ1g58N]FEzTB?6ظD6"#eT«jwf٥'t(§2c!ȡǗnA܂Vm8H3qs;0Z7RBRrlZ)ك@\ˏ@VIDbv<9du{(2DZ!)!oO\Z6UyRȻ7}0Q_pIϼB(Y0\=aN9;}4ڕ"ƭ;Fթ1Phprn+xf&!>b^ڻhmݛeyUcSê[w۸BueOWUĨdM锚JP1fӦ2{zB,ͮ`ơ'VKXXSZX:D9ˋa/4Cr91 CMƼ ,3?bBJٛE/n*#6hH@8dOJ1ݱverkfYr3RspՅ%O-w֗:3*%bIkܾaWJ/U[ o r9k++ߥSCX}i?+:B&hd*$Ag7.axi*eXܧcT~Bvuҳ}{$RM\ͦ*XhhyVv gHŊnK54ߤ~! cϬ"W]obM̿ aq}O bgƋXŢ(Ǫ+ZJ07{^_׶*  #矏O a=gI4Jub5J9mBG@jb; a=Td{ܨe+ 7L-We#\(r*w[I6'gXG^f$v'>(W"4PQfY;ZNj43)^u@Vf$M%;ߺ45kCM GξoXyqV2:^sͷLkD}sC~] +?v_TڊESC4>e_2#O<[2 caPzR [xmtܛܟpJ^Y _x}6&5!솤79|{aXNDt1AXx<0"<0V;HB,?3;NqoLiL^v l&2aF]d$ڋcae<=Zv-@Hp~+C7*hiKQ;pCl\K~+an@Ⲙ//~Y&X]d!,akwҐ/;Q!s Ev;Vc*п'p%&<Ԓ͚h?XW* (!TqLcNj(Jѹ{Y8y qr{Y|vT=+h CJ&lܪr|^g(| ;q CGfyد1겖@ hJQBRia,ì}Ej{̡N1P+Wu VaZK& .li\;V[JlT#=s &(6Nc/;5&c ;&#e2G_WFGRHneY V,da, g {F=u>=YK,e>9|#w54s#Ib&!aЖ+!=m-ƁVC"oU"1zIֳaHVӬAұprNc(ã$DtC-+.*H%]*ĸM w68bK-UU6{!+ u 1$4*&;8imS}Sye3|yM3C[=-/=0] 6ZDp4x@ep \F( M w6)_6yxtirw?uFP*c 2E2V@ʾL?{kuF$3$q k41Bp^(Fg WH6m- .jGvV|hɓ_r*w.מk<@{vmX~ci/\`34{PK)9\-oԮF7ەSiѬ.¥ꁳ3Z[|j&,3 6ήSYkN9$+$.E`2UX^'[F?lJXxMIܫni"=Qhz~A Ϡ,E$eZwmoRJX[{ kQL;e{njxT\/bIB\e 8B&!ZM38ĥ76G|B142' pwYdfS٢'dX_m<#N5qN1e|)C kKMő0[a5FRe'z z\/:"B)?^ghBcLH_G&|h7ʐ36Cc( &7V/5AEzډo rBܰݥc[FMSoCzm uļ,: Y4{9r퀝Y6r穃\} F5 ?IPlV!)χMd-ZC֗hܚX^;ysP!paۇqv7w~1H>e3,y1k/%hWOs$!S1^/PD91n-:f3b%(9-I#\𜘰x 0\͈bvHG.sG##b#fGcը&iN*'?g66L?+~f8:s(SSEG%' {n;1VvO:͎/UR@3]puovD /j)^' _'򲎘ÙO'Ca9wu"b EaQܐ3:3kII+ 8qݛjy)Pw }0-$Z<JG""-+Y. @9C&Ϙ 0j5f?9H(n8Zp̖x?_&?Z5:y?XN-04Sȑˣ1)u}9y9ʹӰ6 nĢH}w]MKUq U8" !؆D/3N%+[8B* s/~Tl{In4H[o=~-ma N2rFˑHνH8sȹwsdք[j ysauaҥѕ ٹXFU;7-'%R^zj oo6ڰ8S<Gz?uu ůN|6uґѨ"i;K3[4B q[' Zn*rvM 1 kY :lY X" N)\p-H&NTNNۊ 8]$f7?_Aa_ P~ysBxvsO\Qs6{aZ,Pϼ*(Aeʕ9iF7 :_sh󪞽C&+bw+퍭:=BJ)ܒ m2w 6O`O5K+ }{kKd]B.w<-\afbO(0ExU3/>jL57vE؏e/ܒZqm|׸ rn)"lV:,Q "|LI)nϻF*RshAx^N9fuе`e}HsI_2cF\#W@Y)|S*Xr+h|MNTE? 4f*;Vi܏X1f;*zA4yK$>ÿeho,~&7*/NyW+Z*>`1oxoPZ`NreHrŜ7edA!ӆ/{+;/`IJ8J?M/,*O}\Y q aP >Ǣu !m(zJ ӏ*U>fhg π2DM{Fː*{lV-vL.CJzP|1J^rThZ@ p‰3$4?J.~] >noidcR\퍞'bc:?2ˉ<4C+z6[yxEGΎG!a8vg9m-@R襚ѫ'OTwNs3aZ[,ܢݝ'(~KAq ی<Í=3eE!v N:/`kDyaS6U;(JIt)(~wY)'pMJ?XɚʔIR٣V6`.nҔ/_Zy{zteX= Yz{_eBU&h w9,ќ5SQg~8p N1{C8#eTAzj2-4ύvmU=1ُ٩e^+Y̵ddt,n9䰒O*0PVL(I]ib7)|e?VKh]ѼpmsHC6L?_),p*2=p)PjBN~AWӈF&9ggp3}zE:HT%&ɜqSY/ ) `imf.|Q#yJ3Iu|dH!A| d{dw 4zUmVfMnmH9@aO@f7,&;\ mm|FLL7|R9=ӟ0_JA yN VEz*[l L`Hx!Wy47P9*cv`fUs+kF3j6Gegڴ`ނyW)wM@P 1D2t:scR3nrY猑ܤ#YX<}:&W Y'deD{UEegt6cL2/T_yq&Iy̝C'9԰/S8=ع eNCLr`z"0)!{DSid ~BU"EᤞlŢli:̟ .í,la{V%K1DȢ^܀QF|pk]f0+=u"~<&;`=aR\lT{=TKB3}]g|uӍ7,>+_>r*Oc~"a\靈"nCwWÃTcpfxIm:a/m9TxysTt9Gܯ?X^+d6JQxY7>˝te4b ?7Q @uB ]$Aе~KNqZpU1@x#כB?ٸD0j`ҋjGR'0RNfv0s 9E7󎤁J1z W] %<ݸgcPBfmqA53>=pY K`wڰi3t {SN9Ng MmQH2ͺFY?\k̝d:|Q֚Ƞge:V5Rb@s)Sn;Ny/s"nn * =pCXfUs+U#ZH14f; &!uS2AGF޵0ށ)&KQG ~:K+1Fg8iܬu6%STytPUv-d]I0On+iP&"Uj5jQy=%.(u!`*&*W/Վwtagޟ|;47҄pXۃ6'xWĪE 〜ͻ(O*KrappS?%ol^v ܟǶ>fq)ޤ"~T> f󏱬u{Qjr1Db*4vl*B(|ZA.M8}.WS/8Ub!n^u[;!<\ EHi@К#AѿK'*ˁm) zKT1-p UQn(+=PG֧EcC=W[$9@&fbuso}܀]-Z@P3d{Evm~PƾQ/:V~~LT>*EU+pkbf6nXd=Jq+p]lVm-1x!٣`.[r6ɔSs&hаd/$H< qV)矐5i-Guޫ_3r@ )5֌}]fHF%  nUK ӱcz U*Iy F=ȱ3 ':j {+LRk@zFs/gL1(eX"N2DN{އk g@#h4Uv<ݤD e9F3 w,.()SհiYv  ^D <.gXӫzI!ܪ+ Z#*b#v0|uΫ쨩0NL0Vh-lRbf) 5}]<⣧XMQ alR%t ` ;TϨXW;koז )0bda_`h>#[%yW0)CuCY!}:8 wFIE<!UO 5,]#׈]aЕ;b Ga,9oy)ƪx\DpIpw]=E5uFZL 3=?y*֣]g[ַw-VSZ fB*ZwMy.IdmiXX-S<A-ND3A-naf}n?cW={9^b9"H T*?ݩV=2Wu82N$F✇^h*,EULVPyM \=Ȓ 0[h :!PבϑPzXW7W 8ͅTbn۶Vs{ré*ٕX5[[sR%~V(:*NRBMUMU]=I a@u`tr)"M=;&K @tᶫ!H}:9ZyB Xk=fkV)<ELqֳγчr:2E|K\&PvOuEp 4pZk ֳyt23mڨ%" L 3."|6_?1J)o=??"OmPxňE(p sZ[=~v\щKɴq0x(SϑWKa\&~-ô7W%T-y+|^:2F@!h2BjC+>"󐼑(H K<eMS%;ŽjU8H0 mQeè|qKDa8鹨bt]uxΆc@!6Vc=Ql '34wG8̬΅Xvx?aߵC#u"AKʾ tg%pwM4&M}n_'~PV@ng] b&qUE{kD%g(N<"6sT⹿+۰c^'LV<WE~~ԛ_.*<-Ndfm1P|UG[lKnf-%="~9n8!m]/QQiIٷ?3|7U6 P7PtlâÅzQ~_'%/kkL.-'Ʃ,Prxп"s+yV4}iQ.5{'گbtbĜ-)bΑv`(E(k] hvZ3ۜ"?Z=#nzƔN)#g6M\SgYqj waMQaq@b_%O܆: r4G]8㌹@QmUfy2;ޙ#{57nF/HZ]~Xq|]EFY/>9F΂ jnYYERYG\ΎNj Nuj@*+ S#JfHq3)wiydwe4Jz!z1n9Ǫ"b3pW8oC,Zo*& p]Z>oJiv:YN&jth3ӑ9E\Z723/Z)>CLB0vcOsKe`&PN11ÛZ[ӆaR V6v5*I txwK!WX]'ꦺ,06h:JD@i8ɢEl kWJ '5\CUׯr^- ̸C~.cv>a8!i=`})pR`b!4s1 #j۽rVQiO}gW L8"Ë́! BqxhGE!92@\υF||:?]q‰ K! 5 ჆! F5-Esn5{,4<ô][ u3PcbR:UL~QH ºoҔaM3> ҽ™^x9`?ˀ4ad:{&LL݇>Phr:ܹRJ qut3`f fIM/ST^M6 qnlnJ(['[Qu\%vE9{~,Cqn1TRъȾnuWzjq`XK Td&P,L[saSf,K¬DkbK2 %RS0xMmUV$b6sNnE;C>}s,'\/1H1EyxQL UE [ #db+bk] LQ)}]B^ uX4is Jb@?K76l,Ĉ⹰qBs2HӚ3/i~+p(W1<,N /r[g{*v:_ K.f)A=,zh؋D*t~U.;2( +yG0yXN(/IfkIOvo0|wOdGz}RyhZKBPٍE> T<"+k)XA[IDbQ4"%I#;FeMV9`O5ԶiE+v;8lǻr~\7=Cgc==q,\;Q~7bUa@$V`t0Khj܋= \vGm$ <XWb 0]/\^RLyd0?C#lȣ 6dj;XS#;Y~]ҁIځR,:ʺB&ƛ>FgTxic*$9h\9*"oP.`ȱ8Fi}x UQ̘S02@̦p3x2Dž`m^tp\ <Nȥ70@Tu<*5),+;iƻeVz(-'E E4=XGK mvbVMzk'ZZg)XAj2RfC{đ>~Pt\juLF_5笱N](ݤ/ ]/p*I9[=OPz;; p/&I;D*$_((U1~{wDJSCJ9BBUUhĈm0GJT:.1҈3UE7i+PÖ oNo0@jrn*\3ddhأO'#ڱC(ZU%B4C66(9ӹ.®A6 Q㴩cYea@o8D~YVuBEK٬XUkE5ًmK'uЕp=j~p[Wa>VuMދCAAD*5YC>T>WtNT>bSr$~&}t؋)p?_[~ _pnT0[i/fcKA j!a/KΚ$=儞Ed .3NȧDm4Cm@. `C`R,D ]REJVn=Uό~9š |3e _=|P2;st;bpv6۹kY a7d7!|]8h-Myp`mb4|VYH /%6 r d q1dݲv%EVMYƟsTƋK<@`ep>v,}Ѯ2R@U$X[;=\\9Sdٽ]BaG#Tr6BUz%Jq ,3C3DM8H^{z5w_h5}T=RlcCL=!!S ΐihTȦ߈7*hnw$w"=cq%:VJbm9֎G?^lk9g{WeW% bEў~6l-m=Cy)^>ik~ը#r7DF9v]e UFdGA'c>p+G^q4f{Gwb=0|7YV[Ξ~&VV_M_-e1]XijjEBVawe6mRb.D{aqٗPXKiu$LGlW[vӪ) bL[|wCM_mSˣ/M0N 4xͩ;'3Ȇ϶eo ĉ/M:l,e>Mt3xΓ=R$Yvذ1;< O/Ro|E)MGO/ĂBJ,Cu)A٠f;lt4ek3_Fb;.Kشq˽]\esKRզFD\ʃĎIo`ʎ βGՏcC*atgyXs ,zQ͔rQUB?|'>è61=`vƕtȝ"Ol x6ztz*"O}`O}-t9gl\8܇D]ǴH,E%VQq: %@0i1=R+>{M.5sP=T.7M{S27ٸMrXd ;"Rd % 0ܷ|fRt4lSsȱɔ$ Xw83ǁuޥe1JI<''H*>xT'}8~YSiaIu чj=9G Lu%)~]S M~'P/||1KYv"{Q0SxTg{b j2>u?D-=o`1͂Z}g3%Hw  ZSƇ7ѢC BlXfA=Oƪp\zTBZ-]?pZA:fe%ΣDu)ޥ,rV͕9?薕7$ݚMCsU#G(\1?j.@&GW5$]Ydȥ_i I f5&mIY%. ]W6*Qt/A9LFA[b ŨY} 3,,qopH'b&O :D\{CmSL̑?vMcxo,ԅQ  Hp OƩh-ԯRz`ڣ|&'ڷ74m蓩 5thD瀬,rL7W+ܿ6ߦ][^q gj[gn8Ҹ앤6_^2<Z )ò݈ۘ3Nq%L?G9A/`LZ([qqUZʼn5$o_eAm$g-@f׮>aǝ2 NAD() HEh˜DMjs7O?FomFn (+n+#W;62* Yz[ՙC9]A&Q *]Q uW`IJ\KW\+ }Ԇ"4bL7\cC .Ej9G9ƐZDXHaWY85`yfSpyb;_p@9O67Rϒ\}zCHm\@T8:L) -b}8-M%W5iKti7nZ>0Z]#-! #dM;M<4N+t؟ k[Ұ6HW#3W̡`Nl"o oRdm v.$u^KU %h-\T>cUa@Cw⃘0^Զ4]%Ap i'0#`drT)֦$_f,_IWEan508 tL*eF [-Pͷ\FwW8blZD(?ESL>?|.bKZ !H-$s4#j Q@̥ay#k rJX2Z +lỴ>?r'& છͽ kKBV }Uu//Yrgdl1}̑ǙoLSY%VTf9\})!+qz^JS#Eaџ* ,1yVFӆ(5e'ޓm@\D!Hl2:.K~ G9q&j֧>q |/,-) 4銓Oo7tWqJ47Όf5 zxm+I!o#m|5Al2|/I\ aG0)A4\x0&MӺ@|l&Ba1/_}f*&]#<;Xk'7< :*X͒:Yk@ ϬМ4|xcF@qT"|+jPT*qՌ2Z0Ľ*ԅ"p+ÝKcPGfƇeb-ʭXzN*/.JZ:n3W:F4BpR!áڀŽYG%4N`|!lGjoiz -2Oڽxz%v1/%Ϯ%u*k%< 999.̤+_]o )٨[bF;^J4{zӘ9դ\K?|/|XRRA4[S<z-5:W0 yJ/* Cꬔ;ݹQXC=֖]{,.QEϹg7l U4.zAAϝMPAbK?fjiowk={Mp✵(2{7~ϸ/IRhiq6`dxMlN[}bKg6 ,֊ F}rOՈw~.\W/I% ڗFR[2=}[^tu % 5v}mWPi7|F&N 65w %X a-(GX'hp2ރJ2dKÔGQ*M 9>.m님""eMh{Mc,ʫJ9~2S0Yh)Mg;%E +~WmlV,eFZrl.Kذ0ʸs+8F愊8?p 4f"#(Nh.&8k ˃@9A87K0unvцM -.2:ܵTA.g`WugmVZ[!*h#أg!j]9^z6 b=Aړa)[т]͂|Zh0Wix 7{ג$ b:Y#.v7zaZ=(}Q V 7p;v%l H9~ܒ45#knX /zi :{6,)Dh7b4P0pdI@oajiuv:=@q `sv^);F{iox00H|~ V+`_ ؍upKjt7hx_>#6/rN-<ׄe O`pZA`,8l /SK,N`X|Ȭc`K˭i$LɧLpp>;ߓ% }rxw}RCXe!Xdu!< co kZg3gb5漵G^uWpJy *kaǫ"g>y-WP rf氇Ğ4XMܣO8>& )|UvI- X\I:UpWީNћñȯ5Jo뫻tqd zpݴV2WskIAB֜<ե֨.f> >Ht% ϟ_gmJHQlgA:vB^`,r_;K=-J5_\}y3SC~rJ~*rbpFj{-}n")u:fG? ˿0F%gy0}9`+n0"e[!3~ oҍ2}&w)&Bs.@5!{V\T\٠ JX \Sں^B=}c\t@O8/pekNww]'\VL';AqgYY@XwP4.'] lU;"I0eO :FǵTXZP{ %cbڇCf$ye6 QKѕD(Nv餸A_sƖ9k'iTbe1%N 啰po]&,껟S)j#}7JF֒^$^ݎl?::.8ؼs?A|u})8IbaHkt@/7 "JQȌ/2 WmV4dvk7{ˮ/cd {GA|u/~6R(ڽuŸN)=Za'~ v\Ѩ4v=B2pY{)ޜ:Id8rX6cɏHKj *6N,AHiQGBhkC)7 b 쁛v_yXpT0.i20#y ANDے2aM,=*בb?HB n§ q3recW-jT{DЖڞ jBۈ1S414q{~#&Py,1A·- 1VŭrtY .N0 rbo#ɪnoU1wCErl`zLr\IlS-gԴ58ec Tdm`|RC'lC֑w/G$ p8[DwJy#8&MЌ8)ٳ}rw7E)|9.h2}5љ9I`ɣmE&TQ=2h<OqLA飭+wlm^l_QCEDifJ%RA-I@JHNp1(/UWJXGF~^ }gD5ݑ KfĜ}[rz],03085c֑k9\vIafLJJ *T}.~YƝX_Z|ܪ`#Ԓ./yf0\8otG% Pfa. o"%Y*BU͵HbW a\U=ψ}i>yEXQ'<3(Gܷc`ښTmvpR6;ZH =0w 1+5i~4Lod3fxnM7WA096r:C[Y#j{I9S?!@˒2 ml)(j=KgLlY^ ^Ji= 0c;rjAk)` SѮpatUz*F >fhJr̀~ :{5)zÛK 䜖W.6_ȪGqEz#~da `WSe P2S=?+kL$͵; hv7L|;"Le;rP1 $8q):s4}y#ĈJHT;A<{X!+ L`|:7T~`^rLƛ~(`` Z͕T B J.#lnHh HӵPm̞ԱUEh]Vr?dfct3o%- +oP ;ڇzDmmd8(YaVN},M$)xEOtvp9̚p*, ;̰BP ^|{x; ԝQ*ܘKQ+D,)ۺ3Btv.o8`M>FP m  e!sa$Qlfv¾^:Gl_ES[Hqr~c 8d5י`}Z$ؐ"Sy^>̺!Xf;Vx8N9::iN\ @Ӿ@ח"O,N!"ymp,xvl@t2*a/و Kl1݊ᨾW>S.bҋ7 cÕd5f<΃sO%OĀ@=YJaĢ:g2F󶮜C-PoC^OnhW\7='6 <'(E攖"0õ!/Or( P0napm2Oly*o~%<'{iU[xDAk>*ˠ2}uK?Ͻ1!ѸCW=ʃ3h٨ߡrxWI9>6蝕`w|'खu3ǓUN3N`k N;F33ݝᕥp/ڀDi@2LSϩS p!PKBg(%rOB#c#%/lm9!j|Q,DF3*C_! 9J#k;~^"WH6Q7$M]Kx9/|\ Q b `(ueO(]D'v`P&]/N}SL1P2 CL-XAU<|xM/nl'*K72))pBIy p8qP6S!}P0Bm <[29c+jw&tSuK/tp7 Ԓd2F3)ߟn3, ޏ[ 9tcZhP ̘BHOYX˝h"{ĥn rq[h12uo_^MLwDO,3 W: &hF sqY'ڎz/8Q|鴆S@55͕Y M`#=_XP#e=|Pqy%`]I.1+)[QxYs@8?dTA$Ӏ)xBo#΂hf5~M:D]9 mAS"423k@Qz @y`:BxݻSG;7x1z@hx ĩS_v)K~W,<y /w:{m a|Bd@i!Dr=X'DWYVqNKqʛM)WW1.}=dhgleUrl83QV2÷-oӸ8wm;^)RFwdT4^:8o ߠ, \^l4# EM^e9D=䉖됱% ^tC̀Xir20eksG%t!Mh/Mw{sp+~+,ᗔtX(/D{- RF g nK~`-(gw0BO˨ ]аVOV}o&Qp mFT^1o|qq,6QiW fcOafɠP$ #ƭf甋Nx-FTs$Ӫp}.poecZYo_H WrZ]Hrz hbdJj%ZކC[J"΂ ߊZam0DEj*H')ú`(b&魥w;dOS xjJG)0{C ]ުyރA 4|_^CEՀ 1'NYsݨs!0,(`TF/ks~giT᝙^C}s3.;Y])LC\ JF@x9ߎ6%{_N.͔c>cRs%ž IpZL .3uTgq>g)Pe|s1nUzQ&=הPo"qJ F~Ʋ GmfmtкKʴ ;*k__*Ụi#pxEE["^' +KC'՘#Gh3߂g&`7D0g؊S 9/ƢDÿabAE%OӬj_]PˁEь75#ݠ,@ 4P0  W&)I׊T4q9J_X8LlIEͲ^50U4fvMHUO'M@w=w ]\͸:]Mf5䧾hXvcvkawkpw&kGϟ~\6% ‡Sf)&½W1$Z3frp.<:*. hĭi'p!09Uwp@E$- r|LIg<'Qw+\H,{䊙Qcl0Lv¼3{%v$]2*u@̷*S sv[ل(,uĩҷV7 W) ^zn;i>4ڃ% %yzhŹ xt'x$AV5ΤM l)%U愩rtM:X8q:P1zeBXG]s;Cא٬4dO;h2D{ 6#_$oT <*+03$ Ms'rq3)b[|Hտ@ I| )vЎ_h'fq?2{(z׈fnU26] %V7T3(o9W_Nb"ۓ8m}Hאq_^~"|1adfXQx8;KV\ie-a6:ad_F ISW?N"Vd-ˣ[4J͇$IX/Cr&DYO|RD"wlk?`,"я$S2!\!3NHzl (l/`fe,( ş5)/]f(} p\P/\Zy_S.#CH 0u$| $S~UlZ V^`@g3yBt"ܩN@r7Is@DZ4 'P`tli^#&-GZ[gDCxg=TH=ҡJ;UlV(i̦l\T)F~`a3=;=ct[F" =j :Q=374QY6+o#W`v̈^q^^ҕy꧋ebJ!:aFԦ}^d5;(ZFCG %1f3=S˧5<}r6ݒ$KJIy(΅\ 06ɩ %8K&#KS$5žkĆĬT!fbZxL-{MyR#T4@괛c䍙?uƹ|d_4 ˖Y+zyg>`#p[G$^kykYZ5;pdvzͶ=u˰;]O/ "?Zoa'ݱݸ2S#pF}_/qMgEA-fdC=OQچmu켶ޮx^ɜ&2ZU!Ro&f~^VIPd #eƴܧLvsi&UxQ!#z , aE7C"@_ nݫ膆\or|io_]h<@VD.mCPyzf yJiús?N0x8Inf+<̄͐2qc} :aW AnG0h+,`k|J\v=QyO0.;m2ӹ ` z 0mFU@4OَN}17gat(Pu/=N,>Sj7 JHVJ4p$q]%# M)(ǩ'f&1}}cf9; p nd7l儌A`pi;)VfX824Q7}_cՕhwL5N2ayc ¶y$xh}X_%g=EQYLOj}ӷf/ؘrP$ tJf~H \kεRAxj~!ALu> X?kze"DE8WBKow5ihi&db4 Ku^t{gi?q~:@فLOzŏV0PӿWP"1 ޫ &0QעgKnXk*X̑4o_rAر (1)1REU)SB4 <#K=aZ,%ydt.<!s_*E.DN^zu bRC,ro5bgau:h`l̷|ӳFbt{9XS:g<|}O~g1S| f YkRB.Q͊ KB(97ÝP28eT{>;_Iy n:rhߝSȝC-_ԑ(;FD͹ȑ1j#ǂX,qY%!,qv3])  ^'0n V!a&P ӛzWPJSjBk(NG6W$K !5tjv ͙ o YZ