nss-pkcs11-devel-3.36.0-7.el7_5>t  DH`p[$ƨo. <'i Bת†)N_Thw#{Q#:oLtWL%yG=(vzA#[\S.b> !vB)Nw4va!sMw\aKI™az83vЁ j'8.>)y&uo7$>PfsZbDj$H-`|NXYaB5&@?weZ ]ͩC2v$ +V*HE}edkTs*KNO]pJսc%܎ 1={тLiAk\}+>,yP5ؾ`֚$1HpK!9{6W86 #(n>~c07}ZvQOŽ4Vϳd2,d#pQvf|jedN eSK͸14f8GٍC ɷr ʫ'NX6[Jc71da505b3a1d5e8c1e27be94a13374032b0643acٸ[$ƨ#e w,^hk:E 5ti9 /[n@mkw&%`}S͢DBFvLNwۘrLF9 8$א<)WcFJNK"7CQyBΫsv5* K) Q(p8xd9 d:NdG8 Hl IԠ X԰YԼ\ ] ^ըbdֱeֶfֹlֻt u v<wd xט Cnss-pkcs11-devel3.36.07.el7_5Development libraries for PKCS #11 (Cryptoki) using NSSLibrary files for developing PKCS #11 modules using basic NSS low level services.[x86-01.bsys.centos.orgCentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686 n@GCB:n Zi(Zi(Zi(Zi(Zi(Zi(Zi(Zi(Zi(Zi([[[a35ece673d12028eb93987be84491b4a5978b26acbed9391ea7c623d892114892314809e560ccd8db3aa7c73a76761c6dfdc9970766418eda2ccf5d82d7c8c87d17c98658d22e1d43bebb72e5c2fa70d38b4813cc365664cb7e012c1c205945a44468d9015bc778365581b64aa8389d29b1253027c339f0db50c4fa4041b182610323e003c49ea719ba9d58bcc8cd25e0cb04b9ef477e86532dd49ce5aab7de426ea03608b467e5d895ef62414d18e48c7eef62075092710067aa35ab7da79c77a0eecf6f3406b0ac94bde7ea8963f1ed4bdc05c48bade64adbbe3f942607a58424de03c781dc5f6985867d3c8905ef675f7f2bef4bc52abc6e523484afb4882dc8e6a0a79dc11903d89226d4fd9a1a2e6d15433c2f77b7176b727c3d2980b1b616dd39c3520cedf4a0b72c67baa0de3103d894baa8631e24020c157d21a2473f5ee187ae698bfebcb2b4df6e21edbc3d95b5ec709756e1cd6a1c3d83fca1c449c54f94ed563bb9ec241b40bf3b70efe5139dbe2d949b122c553457275bf90d87dab7ad9dcf63212081ab492d89495b523fa749fa16b792b81eefa60281f269erootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.36.0-7.el7_5.src.rpmnss-pkcs11-develnss-pkcs11-devel(x86-32)nss-pkcs11-devel-static     nss-develnss-softokn-freebl-develrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.36.0-7.el7_53.36.03.0.4-14.6.0-14.0-15.2-14.11.3[Z؄Z3@ZЛZ2@ZkZw@Z\ZOhZN@Z Y@Y|YB@Y@Y@Y@Y@YJYg`Y1S@Y i@Y i@Y @Y.Y@YXX~@X•@XO@XO@XBX@XX@XWu WrfWc@Wc@WBWo@Wo@Wo@WW WW@Vn@V@V>@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.36.0-7Daiki Ueno - 3.36.0-6Daiki Ueno - 3.36.0-5Daiki Ueno - 3.36.0-4Daiki Ueno - 3.36.0-3Daiki Ueno - 3.36.0-2Daiki Ueno - 3.36.0-1Daiki Ueno - 3.34.0-4Daiki Ueno - 3.34.0-3Daiki Ueno - 3.34.0-2Daiki Ueno - 3.34.0-1Daiki Ueno - 3.34.0-0.1.beta1Daiki Ueno - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.33.0-1Daiki Ueno - 3.28.4-14Daiki Ueno - 3.28.4-13Daiki Ueno - 3.28.4-12Daiki Ueno - 3.28.4-11Daiki Ueno - 3.28.4-10Daiki Ueno - 3.28.4-9Kai Engert - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)- Exercise SSL tests which only run under non-FIPS setting- Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h- Work around modutil -changepw error if the old and new passwords are both empty in FIPS mode- Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running- Set NSS_FORCE_FIPS=1 in %build - Revert the changes to tests assuming the default DB type- Rebase to NSS 3.36- Re-enable nss-is-token-present-race.patch- Temporarily disable nss-is-token-present-race.patch- Backport necessary changes from 3.35- Rebase to NSS 3.34- Rebase to NSS 3.34.BETA1- Disable TLS 1.3- Enable TLS 1.3- Rebase to NSS 3.33 - Disable TLS 1.3, temporarily disable failing gtests (Skip13Variants) - Temporarily disable race.patch and nss-3.16-token-init-race.patch, which causes a deadlock in newly added test cases - Remove upstreamed patches: moz-1320932.patch, nss-tstclnt-optspec.patch, nss-1334976-1336487-1345083-ca-2.14.patch, nss-alert-handler.patch, nss-tools-sha256-default.patch, nss-is-token-present-race.patch, nss-pk12util.patch, nss-ssl3gthr.patch, and nss-transcript.patch- Add backward compatibility to pk12util regarding faulty PBES2 AES encryption- Update iquote.patch to prefer nss.h from the source- Add backward compatibility to pk12util regarding password encoding- Backport patch to simplify transcript calculation for CertificateVerify - Enable TLS 1.3 and RSA-PSS - Disable some upstream tests failing due to downstream ciphersuites changes- Work around yum crash due to new NSPR symbol being used in nss-sysinit, patch by Kai Engert- Fix typo in nss-sni-c-v-fix.patch- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build 3.36.0-7.el7_53.36.0-7.el7_53.36.0-7.el7_5nssbase.hnssbaset.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssck.apilibnssb.alibnssckfw.a/usr/include/nss3//usr/include/nss3/templates//usr/lib/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablescpioxz2i686-redhat-linux-gnuC source, ASCII textcurrent ar archive?7zXZ !#,L] b2u Q{Kpڰr]Lgq 33=~|sq?G\6xw*CpeR_q\x%V2|Êw*6Us%ǦT/, }3^DQ *-D1X5xM()5\j1(Y I36g:WiZQDu7D:Gs9n-yIpAd.SڬB Ys4ӝjżOطtqH5|# |[Ү+Y Jcbg=ڲ[t3m % Ҵ4Jv98(G6EDQES ;ogge쮎 z)jO$6V+f|bb>r~E:FS`ֻ* ^YgVv*' fD^`g^0D$SՐzPGl"ǺPc3۲̊{0_ ZM{뗨 |pġcԛl#*=e*EpUI=vv7nB¥6dإm:<}(4(U͇He6,JioFIDL5@Ϻƫ)ޮTE>2x[x$~ ɑ==y^NR[ٹɼ1z嶧8cهÑh8jY.Nk$#WOI# QZwl{k+vZ:DMP2`SQd)kTMƱRH|2C?=RqG@þ|NcdjakN0lV$P6%->&b6ճp3:26\Q~@V)I,ct,x\|׮}얊 z鮸# F m%Z,?s ;O8r#&\`OԻy{jLA`˨>cO;~Fb/-2xH/zeqą:j],z\S[$1l {8dAc-H-"ۓBN/bz ȯ)u⾸mL7s%_ʀg/=܉pNrf`S mom2'FF%ZU}@BX8zdb`LVmsҶ(Όx K(-^oy4ZYկtbekzXn^YÓE ]B)GE8u?)V$6iZKfp$6n/-duDEI`)'ُ3v+`gjP<)WN#^SXqÏt&G(EQ}S~y,iQN|C:e%$\ȼLᔶl`\&tB]\&b%y=9*Un.kmƈAx&{l(x_˖$ AQ~!t5?Nb 1ycOFx\VT{e1~2T!1''~Tbub+#Q95aֲ_^1H4j߫?aLSd 7%UX1~̷eS|Lp>ut}O(ȶL8 f*~HݱqXNDh$e푆_wK"+wY-OY '@bd,PP ^- F z>Q48Ğ{Qquj l٣b30 Q^w[1:R;Hʒ'g:m8=a33Aw0H&TIO>1ǍFLlAwi/"V5M4i}Mk i.BssI,#vzuͪbѢǼ p`IN923yuʲ3!:$UP`շv10\zw!A!v{XzR"6tT IqTH-HIHv_;-<*jSDp9 ]Mj!U'a4FC&oCzYpL8$pk{SހNԏ[k\OwRGAL/6G;;"5CiM}wpe=WTȎ}}wCV:%8F/!EI 0 `~,DDC|t49kp:Ђ M g \Y,(xkeIHUT>p`AQ̾/QPjAi (>Y*@Ls7 p {ǝ &r5\5 O৏u/Ջ\K2Z:V}L/F 7GR]w9Bu~@_;X Ì+OP%{sq%PH*y2="J26P"-FW! ,ynjXź_?_75c8UUqV!9N1\s~dh\*@҅Q_W4Rbܰw(U`9[ם8 a7^4 7+ޙIӌi1Aw@{`ymUl3V @nuO!l1ARf'ʔzpo z0I+搤1ySkH/T¦;q5pzs9lux0oغ6jrٵN)Ŋq"@Km`ܮ#DrtF.lJspqQV?w"`'["-jo=d vGcC& σ dɲ9AD\ v&WۮYJHfzTdXzxeԈIsX@P˞lUvnc{_12>޷pI?>FL1+v"/1ܙm4nEj]!s IÃ5o,M1\l>j=dL+MIƖD{?I32~3_j8[>z vFU3tG !$lmE; )XC4d>)ȉzAJ=Ti IEXHƦ%;xbT9&Ena!V薑RDG HWr,T]S] Y؂ %ĒVL8UׇdSm&zmLџe~IW[|) 4mlXH $11^ScŋhS>q="2:&V|87F~l?DY?ePͩJõ~=uQj&ȥo?8RSmsuUnh k{P|B݃o\)|.ϖۇCq׼;j7⻥'(Sx?JwJ CE#p=s)k]荛سCz ^WnS0>O<|zgVOYN3{v_a5ݟƙmal< y.}9wU0K$o+⼉ "A|Ӹy&#$l5*4%^xtܼ)2YOIb@ȿv%&c?xS9aiBu|Q/* j|ijӾP9w 7G?^۴W(o'uvgvo\@8ň~>edxHw.e"fPc>FbT6=)³kRcD{{K" =njS{&еr~E+z* K$v'^B+`Nǣ]tz =0m,U'8x.Ǎ`lgPғ!=M(t w1L AaEtvFSPNf,6?"`sC/~F-] _&̍ y#g ~h |_X0X"˖D#o0zu!pJRο4WAmľ뻬UȺr6s!<<͆QϐE0tW53#_1Ū:5dvqQF1Ԫ6S'ulag"ajC ?/5$xzH<&yB}~ӯSn:? 7ÉWF;er `5U9#Ŧ v` kzQc~vN]ZsO HU)L]%(8}Z2} V_F"y.>PZ!Y*SXW9G'>*-Oɹ31S}&{g2C3GM!ITX1ew&bܔykV(7XV{ם}RFEb_NVRdCh˦ .#滧p3 3u6KS0]1$l-Dd'}+Yd'.J MV`!IxgOq[8ue&jΰJg ?8bHC7l/꒎c)FmXSa%}:LDN6b+Y,$Sced})^鐽}-€Qպ҅7ۭ j̾x1yܩyRRHW0Dɗ(@)mf 7]V7lVҔ{:s@ s|t!j*' ’w8~y])m}"~a.;Y%,=[WUR)P ՃYlHH^#ڝ\!E'B+DIiLuKe3^l0 bw-KQso8@#?s?[̄ p)\?>6*O# —E*O4_n`ifVb8_Vj4Gb@0c.ҥ`#o*?86h60>md\#SHhO8b#jWǴ濵cxGRVr7O09TΙi>p8 8\{^U=aHnLޑ ME`4z7becj=GAQDMxr?d.!N[Ц7TW`Qgrj mV>M ەemlҬVR4ݣPZ0I+r5Y-xu*%!E(Mk ԉC` /rnwlO/`-_@X{,dGaƛQ]Pz*;wۦCu{P4Zo|XEV ş.ez2k4…)v z7 j!~QZNp3cb]mPc"cC,2 ;yyip"t 0>xK}Å9}Dݦb$v];P2~h-]|xř58&j4_jM;đ'Ђ@qߜ_@!&'Lu죘SID_!ͫp 2nds%( <=cG;W"LFErߐ 6ITX##E(tul[P0OFX&}rek\\LV&}V@b v{eCq92kβJ=1@c.A[1TEhLQ^!EZ#rp4Eji1SH*AUMVb$f>`$RC. '߳Q#$.8ϺĉK(ɡz&&* C[{baTE[ƪ{0?sZWsx /kLZe({o8%C|# !םv0 1i@#͙ \"R~*+09 )|g`vIBsfdΊE;::қ:^kOd%(9 OƪZtKEC欟nnN"]ݷ %8MHLh6hk6YކwΤ\Ox_3#|[{}fa.\L% 7 N4,"z6 T#) A#8b!s|w~&2 潷,pRX,\k&lҒy]nGbtD*:lI0iQg(e D+Wzcl mvq`"߉]Rۋ0cNA5xc,E1Cʉԥ;Ȝ 7E؂'C[:VЫ __2(5W-0OhX!:W /;/+$'=b+df(wd+I!{2~hI3Ѩ`GYGM+'( `$*4 Xc--oW xڸ;k5N_.AXeYs&dR0wDbCDZNkTO͒z/7y# D*C -ǺƇSЯ~orI[h/•/pX,㲸 `ڶ1&w$;fq&wn, +WK+d :~uAk5C0z~^:s)p7\ء<7LVAݓ5I`x`{MeӅ9jY]>rjyT6}aP{i7/ӡvFoHm7YK8Uqk8@ѽtd2Џc*A <.RԒa )PgW`74(5[`0vP*9<-D0˟2p2 .ߴJX, tQهUpL҃|-ȅ)(H]Fob+я*כʫ>'u#T/ 28P.g脲mdq:[40X$os6i &(LrAgGoAH8#A@S)RH#"RQ)a,8ꕤӤrb wSMxPsm/T6;:N羔QKCmb;sV=b[<`X~ ϭWY*%=CF֠~{3SVN1"P9Rn0T7?@PY3'We8 Lզydc['҂ 6qhwb.Zwv816MD||<:egïDچgEWsBd`7rrAԾd8Tmĥ&\fDIEpruI8N< oMjq͡Y-AuUamH;JQ&m"Gr%żd zUtɭ`j[&nhe뛊_͙|#OXOf~pQ_ÙUq&OAxUJӟh%|7./#2gS/~WV:8YkGm}EX{w.]W6bBZ4DzS*tΑx׊V2`dWzA `ԆVe㓐W.3#՝ZIysjB{ 6'Sgm" /„>4Ar QDdl#ʫ78N蹼>f#1ClE2'ca0#R"dSjIZ>vA1ΗEĮX˅GgMmZ"W7u-|cZaL빅&BQoÒYgl vҥpZb y7.jJ{"dY[<PVc\3%1޳~M,'t;A-LjᇤJIk<IX#)fjt3qhjtElb{yȆ/FIAvֲb -4ah~hC$*ʨW|)o jOvA{^.U!7KHZ;yc:1$lPv٣)td>oc0,0Jo2l{TlYvr/l]Qx,eB;8t7Ѯx%7&B!EEٓ ABҢ繟.̇h̋O1rL=o~*9@q{5mhZ%?bxbQ5Y3毶UEjAFO9$ps?фMz60:@y6IkW.ސ ] Ƶ6CzXr :G4CK|Os>Uٙٳ YI6JgQvŇ;u_nvfL;/lo}gYjk:,)i_}OEW>xhˎ?$ɔK:Zjڬ؜4__~J-fb LXQ'me6A/ Fyg=Ehw PPi` I{Ps*0BЏKjͬKC!"YCdרs76u2bt;[<v|>MR_ֿ >[2|UO1·b!wX1 =w!vvbaOľ!% =tSFP0#^zF;ӣY2珠\Y8HʖII-y*9G2%(`~\UMW4Gh7*.ˏ,zFZK`l9lzļ%hjb5ͧͩ1w5r2Hs?fjqPܥF.G ~Tjo#oWN>eRԒ( ؁.yy>b5 P}T%%P`R jp]в/Ni*KLPz p^X0;?d0x6jK~Og̖%{Ys'ʞadg/dCTU*=PJ(<:/ Z#P)My0p< rzJ(S%ZhAPZe".6vU3|GP ?TM,"hr×aY@i3JEty"ˀ%GQ߅S ai##gD{~a2|kѣ+σR1CijdcA@?mXsɉ~6јPjF$f%l^~ FV7B zȍ3aKuQ;csu[nGJATGڙ&џxDtn߬* @Xߖ+5Xb^V뵕 'T& A> JG#pA>fкt !aPcEJEvpT 9`;j림]zڍ'LZ0@ʲIq,~&gQed]q?'W2 Fy~ K(7 &[FVo!{?.ҟSxGIJTi+GOZ8+%5łE~x- 1AeSîne_*1j|+y|޹r17b7Ӕ Y^ \.caYzmI&adW)օ> W}{ԟO {^?btI45N|tLCޙ};2iB VD#9q.‘X @)m0vňQFox.ula U}0bм.K)nBU/I(Bv\x8A}li>kx{f\3fT{uT9}K9T?:b=sh3wq E3GOdRYZ$n|aסGoЧpab.T*X!U 7Vϥ/&]`M̶vSg:ubfeD0wϲDm8*ϵUASUq79ZE᠄_vRZЙB]'DZa'%$hiATOCs3Ѭ%&πw?h2z3PB ^,}1\ks=/S܂œYHozwa^cёDo?w2SNV< (i\4C1Mr)@B,Szvʪ#x&{(z$w'w,ԅm}&>]I\To/\/ wo|@mNEEz Mlt9߫)l2(WlXv N"Wue\t`gh>دPˆ;\䏹݀A'.G҄UmZ+c>M7U_>ςG>gƦƔe^Yq;y9*[N"Y( 0 kTɎ^"#gJ!Ρ6Q6dh>$\؝3.|f)r3N,gYD+vXtonY7#_ldG8v KfmIhi$t1im-~4Lqxpku=}ŐKq"1'̂8vv&UU><=#7vP? 5AXt sW)* "#822"r'w=ICcѷMܓ+S<=kvW8~=5->m6~lt- X<;I8Ce}u9Z9w#+Ճm9XY$( BԾiu]ai>߁fͅR]`ᆿw// =c ѩ>d"kOJu8iJ/ϔ[YY/4^-?kbjp;ҿœݕ D|':OR"Y`CtP PMCJu28ՠ۩u҂FZa1Oޝm%WRެ~m4^:¼7k`ԫqS||,陘uN:s}vq-ڷiHo#@ff18|NE Z|MLrp5m]73:ɒqiJHa"AIxWXn"ӝn[PNna'G1p8Exhs}RВ)Ai$/2 .ѹ%2ߧDF,5JJ?TGUkb8 qYns^MR5zf_Қ~&긳H& Γ[y44Ä{ǥ4{_ț?z&,Os]ςۜ4Yf|5}:hW^}Ә|SCҍ 9(3n dgsqDI'ab=CV? F38-nE;xF%|< qؠȇn2BX˯" WR4yas@lAzw.TNv4"{oW3}mBm:, `I$\xN(3oOpEIJQr\ =*w rGnJ(#Cȧ KyrD9U5>?JQ@r24:ـ^SlS)۽`1$:ue)5_ `m lcSU׮Ş(u)-;5>-ePϢ j׼:Ú(%e8ԱE!lJ0 Ѹ ƪ0jwOHed;N흼D;f| *~1^#fL86bsƻ(-]"PbӋVB7(H_N~ iD6L_7Hop{ŕ!*ecpVF6wy=B#v1#||!8#.^óӟ3^Bu2VXY[ w}?×/ˇz Cʪp K*6Fx}RRkY-Z4+AˍEeҰS)"R_g*~0Eoj-2 MXD2&l5<- ѝG'Y'|7Jʼn̚y`vk9di$\5ؚex=3=;S,-YaO)/]:ԟL j0'Wſk2ըr %.=ӥ]h`Wa3whٰ[tݷjIQ"*ǁ4b{C-?Y)g˯ !}_V_͑R;u?6r tOJw) lkO36,>~&r&5 T{4/ߝ ,Hp(h0}MC3-:F%ImehPz)1kLfO:0ŧRy]:8MDoi(. +I{N| I>=~q0k}.-" 3шHOiId} l-&ȫ(gsa`29t}v4*cMP, RݽFA?0$vBzl#U,߾Y=_#T]}oKrs?WwR)Ք1C={$ڭ"Og%2h(~8зt~")"VXY WMLiUM[]^ӠEkZpD1R-aݕ.YL]H|Z_*A0&:bZ7uL* {y=JV5S>6Pl᪆ԻO[T%e&f3]Ec}E?]< lL&%^(.#!ZNTlS|aO:*]{D:WDN|Y`yaÔW]+` ½<4~QzeE-<61r/gX{5J #ƞV ­b`'c)5( DZt5sC:Ⴑ3\|h1d(}1S9<$[;V߶pͶ]2YO 2ұqBR-<:Ykr"[Y#0z2Yg\`B8pCsXS"H9(cC3ഀ9 m"H0 7<Zdp3xOe` Hc 7D&U'Hξ -(f iK,گe/ MǏ/~bq?ndiODt~QmCUWAucȔY.[OnGxl) ehH Իo7jtf_!x?|2>ppKob)LO:]XA W~3k2|F_dW˚QbL?s ?d \f4Eoa?%HvF{,7n<2Mc?m+Тt`usGeg*"1z0;_(Ĩ\~+B,)Gdt*Kx].UZkR"<#fFaW&;@Hn*%P=גA W ޗb%RrlOmuJ'Ȳ0E=-,:Ѥz1vl&.hȐ\<3 88z\p_لǂl7zCdrP!9`DA?BIQc$R4;:2," $?#ڏ*ܘ$-=:ִGxcu)>+\(Oi\ "EU7N UuF/ eV C}sVC>؋ǖ^Q6A *g=iЮ7Do 15e~)KrC<'9쫉:{g# p۝3{Klh ²yo}]ED,ac8t9]=u>Wq.'3eWߕvK)jGܶ@qN6K}iΈSD-DC6f0bu!nQ \>БM%3Ԙ&5KU(j?'۸ 6KgtYh7@-@tßÊΏOK+ =^4{-Ivlp4}K!q;`ϮN*.Je {lu B~Z1 8mlMS%ƔLw"BO sD]dkdlkzb]Oy6gtqhnu0-DLC%yT='vC#6 SbR^4&|(iq\Y(IY2WɈI~x߬~MAgq%#k6&gg\@ق4wsEFtBhЊ~ 'Vԇѯ2ۤVy qaY?gvT6oǽ3>yGPL!6PpOvx<$#-%6)/fe9}+/H mi}A7eXBqdMm02/[C\KBCpW8 S:ՖJݸm>4~xudRu>?_.bgZIO$` ɀ:muN<,T/Lu0AzPڞ[x[ N6 &ϲ`:>r\1?f?Kh=&L>ir.èO2blcK@<ZZx,}faT$(NƼA4VC,l춂N5ȅiΌo.[Sj*y91F>ׇsTkP>3ycp-, )AG mC#q4LEsMosvK*7>ᅤJ9%OofpL/'3$`+0Nm!?Tľ/Q+w '+8Gjd++ ^wGۅxG3~=cEI韭aZ  Y8sk_`h=c?s1ʠHg(,H72Iz}V4ݟl K+n<yOYZfVl{Ⱥ,)eB.R -QI *䌌lŨBl֨j'V0Pl~20/ӜبGvEwr[[,9mifIWg"e:źp$3 ٵSBqyec. @$Z;M1 GX#*~<·I,fD\5;/6jdYݍB0?ZZAߎۂ^.c;[qdk>syr7>g~hW:9L]Dؖ%ZU>1k^q)q лhewJ*W̓ QjGaC#R% S&w8Q $wM%D]OW@yNsl HދTM*}at=Yh܂a;No&l H?/MfIё.whN)ߵ|=tA=#Hb}'EaZon-$BNI` qT&L̻UPHWE^9C ex@}OM75XziHzF:]~pat /Rf.$)!sҎ",W@[F6A8摸8Ϻ#,)_yJihs%TmU+ 3Y;0]X}=UئCcjGqư.~ndAEGc7>Aƴl< Jz+B8*dСgs%{[ Aw"/Ei+et'Hc5Uw[L}.Gۼ# T:E zb-eGP4MV#TQh) ?f#2FU_̎=3ˇý^3a"XS|:tp7{ kzSRi%@HR`D2O`foT|aHX=HEU@+H3Sf3{-8č3fWbj:$pNwmV1HK>FQ;U7Dњ3'(-ؕ+9t<ɳX6OdLg9^KP ;"Na'⋸8ɓdcg Q jOlEkJ>4q,9&YuE`@y̯o$;ӕTNV!Sڟ|+=a>KsL$R\ Uo22CK %CPeh4:A׹I}4cyg{-JnI5)h` BjA1_܁^m\6yJ'SL>=_0faCcٛk wƗ:ǕjN k2 PM.({;) 9N ?I2(s6qGhpSD)Z*֪AA@=&)b\c:,n=7m ƽdo2Ck{3EޛSkT9MPKt|\MD.&VtLţu*CSV.i"Y|'l 5؜ᒑ%< %tgX4w < 0Simw3S`Iyy@d1z CL7`m(Q`횳l^و7m6i}]uQ$!{iGd=_w;6J0r|Ղ:`YébhLq gϹ^w>פ+OxQ8pXp? $:~|w+ h6'DpK,̷UdDǏrй qHFWB_q9X( ǎcK4-1qۡ&rH ƹwG/\\?Qly g$`Tݘh4j9ER)Hl"'I+(:, U#ݞX+#X2vbTJӏάEe$F{-^:NLzc٠?Y>[)2lj_g*{rKB&=ECo7A2:ˀ7u'Ы'DJT |}ޞ =MIjtqE2wA06E,' m%|]f; ;\(!C|# Y\W.>?oïM5ֶ>j \'vwk0||u1b$n0TqcV lYܮu2o:ٝ :yduEX"j8g-`ܧ ֤Bvadu-3v卝QޭxPn4R͕X6h02IY>~ӑntbvM6M2h^+ әD:$B@HFhalr34_G?hv7ߦ}yi+G/ȜUСz>qP)HYVF2#%n[{b˪IYhRRd.;6 4ڥDs2-A;PT'}aM.V7d ~ X<ӆ/ܿ `Tƒ ~|OJ9lle</=<{~W.W4+Oj94=1ᩏ͚|l xJLl[j\KwOtQK?umqx6Re*֊ǂCN-/([sЩ;;Q rx8{d=2?5y C9\w R`c b>-ilɵhiK>NXf s|D<P"MmLm-ks}gsxó~2E'WڥtڌA݂"eKZ"ëwMQ`nlNŻ&L5LdZqM `3aYNaӯq!bkm~_m]Fݏůj7hv ֊0Uv(3="Q+[D6B\F,M>['{'˧ @p=$)3ּOҸhAM:,ޘ3c_p3m4kyk+b!dRo:lVKhq/ j\p`bhp/y}x5|W9PDtw426`Yy0H:c'+rF]::\]2- ļ(5c;ZhZNr8`S;Lc8`Vjm);ѡ&ݝ/m#DTvk$/[/R%~q#Ry&Îzu/ w|ޢܩM$!&po$!>zs/bVn hR7I]!딷Y< u.k[pq3Z]j݊kM;$J$yyN=N$Ǿi)Җ2"V` 3_:٣[9Hȅ4a '^gymյE1-y*~sb)Kڟ5 &Ob6f oimW* \\Y^H*FVFNw(y2ig̶%T+:?Ƽjx{' mf7xbKGrCejiJ:L_zmS:oVkٍ:zb9\h(p@G%Eqq eƸXSyq6hN@V4>.t74v mS CpXĽI|"N]''s*)DsDt.1%1q* %'.+;T'u=UslB%6]czZ0AݸxXWN~XNjOK_عɗ@\ @էgȴIBƘ ]=܃_2YVI~.l3__Ġ**!U>Nm0ƛ MB̝ϟ"Ӥl["D'6-D3|#=N ( )mPMlX {IJgskH!"FֺKfKӻWA|R Hܚ <R]AOVdiN+E` ̍8(R6a/嘓!vۑ@#`D.x"=HPKg&qop4@XcD*v/VЀ1ai$/ZxjLQ&aؐk54?43b 1mԦN+)gms#DS#l5э4\+vH|нsK 8ʚؖW'^(q$Z_P_k-}}i$>2i aHy8 y[nfK@  StÍ?4U_t]h;r7RYs f1D TJ,f}9Y4t@ry9~J~$IγhKmH۔nmmW9m:~P)uۇrb B R {T+u hZrG[Cw[9(@smu`vc8|I~eRԓUqTľI*$@ڿVriC" n$jH$K8g뼕x]ưLh@1 ,v\U%a _n] Z9ՙtW!nȢq2 5T5p*ߧP-46щ X9fּe愮jd%;N X%jqďlN+wu1Z<.SIWu,P:YVpoL>|`:g`uQ5WqD۶ۣ 7tרDV|z د>ZEKˎ!teCVĔ^et}P#5瀕-Fov3ԃoU 6Vf BFW~ߐWf^T510ZJK9 {0Me%:̲b/F Б|-=F=%LJbP)(~Y\(LvY[bDȽOܨ2˩4L1γP ܀ FRAgkK0 KISU*zFʥl0OY2=]2]o>H.*#^o6xkH,V&^jF$ңYSv3Ⱥ%SD ͡n*5~Lnkw茔YODj~[VaO3wywCm(o,䄤ZQ5Lpyv6&7qi dIgH<ӉzhBPcD"jŧ9vbS>;*v$YeZX"pf/_t,*x{ F iH6[O$8jQ32@`U>:3o%qhlwFl\P[Z &]kr# K,xs㙄GH2ݿHq))3긿 T S|N}c9Cm"64.&]BM?=|l%nH43 1.{ޞobfjJPI|_ۑO_2b=G5Ol/ogԠ/ `$|f>uԲ5-g{]4=ݤOiv3l J"`j6MC[I)&:j!EZgt%ܳfIi-1 d#2W?H̰ }m3BJfY6?.VC46w▪[O7@+B~=z>&0/>$ Oef k=gB}b 8&VTOUR VIx$E ; Pؘ̳̏OE'cZ3fǧxUFn NM5aApI#15bxCS5w)a=ǧx'P@EV4<^5=`ňAJ/aTL\rw*QT60 tP&]Қbnvf꜌0s[̱͈ee,$8wSZ9cQ`_q:߱ѡXNiZH 놮`ɩw-+6q[Х=s@V4>Ɵd=S~gMmMgij~pgև] z1{S$XEuY1Z,eJC,w̌Z^p2ǯ*a`UEē3)ҧ>(UFY{"eb8.tQ*sqy:2%D;\8q$6?cۯ$HyRptI{`XZazs4LJ1򦯉}͸yJN.FcO>Юvn>`:d?^SC@/M0u)in۩L\B]Y=Ylj[(خ$R l#Q.N˂BԘvt ]zz9wBRedzTQ Hmd5ER!ګ'Oie (G*yȳB<8  H #d1dCk@sh=?Q- !{.NIB_2:]:6 `j*Ch׿=gIfHrURYV͍䣽aQe˚N,yt{M9d4"9u::{f2c}w#xyK ۵4T| hSL8oh-B 0vZ3SdA~Yԥ0aC(pOGبuS$#  ƴ2oOLaUrL%o;?LJ'^ (`LhyeO":VvmJJ37F\}Kf MamL6LW w%l v hOHw^#g)$%tx8&5Myg{v9aEK"cJWKLE;1D1k5z*ixN';# c&;to@? ҽVC2X|#Dc`3cқC1= ع72z>T=<׉w*VPdx]#URv=n2jG5NTk #PRYO2 GWe`8[$0,2ܢ#IWKA_fe4UxYǙ?H_^*[GCU#aE=& kNXHiAr> pziF3;a||B OnNLJ-9 0cJ.5{+k|̬V *CWc0b#ff{ GUXtI&7ɐp37iiW;֬(%-oU2#ah[XOיִ&mEJ7YM>[ qESW2=dI *;V܉`v,zU69~R2ؾh"dʠ~4TvW2^qk׆TsHԝeqz܎iBe@ݵ標ֈs t|^*)Lʦ *.&N/NH!'4&yL88bN^W";zlk p%ـ-a% -8c<2zeY?cZ8VcU:HGjŅ pq{x}ҟdR*貁SACiKYr8J܂nw`ퟘ2Z}ut!1rN GV2|֦. pA,G񷂬on,)9лynkd wa`=㉯1sGVKAWIlK'5C\$RNVvwd±)JDDL@'Hw %rg7FNo&h%j?30T\?Ú߬*:g03Ea llUh$'<Hw.ԷWF`Wb ̦MavTx1!uhwV] nm')~ 5n_*C>%~{1`:EO`ch"..1%ĆVҭg"c HUD9MA*єډVwX-D3Ǘfv[.A*1\}\"ųVeJVhd>v1P4 ?$C0 3VBg٪N^ʬU3g._ڵ{] B *WU > Qd @j+ .JDx"¶AĮ2# #8=/ {⅘O9-hXc&&o'S1s2 V yT[oQB6Hn)׈NV[igmKGhhʄ*B+\ǁbm"R1auqd쏯"؆, AL· ?gl4HI+= 0 6^~(Gr{,23 {Z!U's^Mg  ) ;w+XCL;@87m4"Duw]ʯ wj AEĆ1g/$PSl+72p } 4vJ!`] o~kX!"b,Rv굡aJՕ@8BK2ꋈ>qоcMg4.9dK 3={oX|0BvXΥ0v3a#kj 5hFH-I7^v|*5R\d85[Ob5FYsy n=dOs&|r>[䫉S9RL@޷H:sDK+7g7o7wz+DCCRL&LRO!݆Piyjސ4[N( 3H]leduXEp࠘[ޭ@"dR{rG4[O8G_YG:n# JJ-#2\p]6bn& H͒)3ac?#`@4lfL:Td;Dڅil_0y ՝~B|gw:q4yaA):opǂˠnQ`dEx`12M(6K߂IuA`9[KKe[" zr5hR1^8ɃqKeQ6qxDY O2(6w8aICÇ9lcd(ś6{m.}E| ,+yWj `dc݈Q yOݿTL8`jaWcTЮng'9X09';LNH+"Adމ} ICJJoX??[.ϴ>KV68Td"4N*R[H8Z4; &ʵ >ثs p+Jg St+±Tݥ#SOpkȗ̢v>Cf8evdK"ۮ }0Ln5ݐ-3W㩾nĥy+H+~H~nRXGny- "t:^c$0ՂuZ, U cUdLifw Ii7^! YmXrA㾶RT:Z#yO[V[9y퉃L˛gLF㋫34_ ߜ\y N|80|MKV_➬G0m^^x(L[ϿOQ6۩шcP2=_ejsbNdmAMݢFb%+5;H Lq0-~2kOLn&m6tJXycH5vƪ, <_֮w.+ /_g@6"څ`wQ q]M&\[_ aykI? !3$]'3KAD.4\?xQ2vǿh6.{Q%4^8#u crʪe肦̘G 6EZ;oaw:eC ?uh@9.1%$wscߚ) ɔHMx)!;o>$cw1 +!.uWLz (XbEaV؋P8Ɔ]B0.zw~(V+ҸM_+^,W^_\ I ڢ>!a7 7Ъ—Áof'6 3NPy,o4{wR6yIiP\C0x{<'O@ڋ@^p}WO]Ca51 kb³ lh7r(к##B`]v즡gw!>7B SI+te>R\M|6Ub@I$9 (GVvդeνoBe{Pw.E'5H0q3w3)3@.wt@DCz-$uSPVi_n4/Yy0 @RS.fHn#{CcNduqEͧcKi j0PE!O9,O4lDfv3^N0#?P ,xkf4lx*Ϛ^EOSzlj")fA$W݃ froL+G6!GWZ'`#O]' J2t+F}ZRôc[-W'2CBX*Lq$f 6EݯtٍvN -t|dui'f*ŧeh+LH\yu6eUa>yE34ڀ/漽=$^<c@W#1z4{>lØ!7_BZ/6ZbO.D]jDOb<- A [cX?+>0㚂)*Hj k%̠AbO]dvhCI}Fy_e"zO)P!HDR-\{$$ :=5c8-^Yֻ+ԑ1|WOuKp:LkuVo."QLg[ MAo=m 4-WZ9T2vFHaddh=UkƲ-{;=9fX^U'Ć[p—/;kE3Օg4t?Hnՠ'(Z^NWNBn:|eHVV+eGD`؈?7?Hݤg &b_aWܿtWmJz!]xĨqt?,Rr'3 `ݭN{߾Bҿ?1u5@z|9Q^MJN? )E,;7,yG~A`լԻ7&9fN / \WޘVzdD*ɚ P~M0->@mގM PuJ0(:fa>Ŷ""VC{CĬ JA;Hv&HI=p^qEPebn> m2.hux{9,K-v?j4Y&y֌dDʣ~rPЕOv#)cPĖ;TEЛ2RqE U@Xc4`Ы0/?,/1n!? 5ɹA+ERQlk ^X­(Ր jN 'HGU.^)o*UxdxT.f;G0އϐ?k(JGޗt|Z@yMZ?1ai TUgn{rQq&pUUS}wkf H̥4Җ̑b ::.S&F\tx6ܛm!|QݝiEd22X22D]^ڭ`2{Ka,ī(7 :B*[d@xLDJU'Oa͑rT.)Q`M[T^TaLړ_vG [8"$@&Q݈@*+A ֝Ij[y,IKY;z`RT v^8Exnx-Q@-9M2= 2dޒ1_%-mX>}ኖ ?Uu0 ,VQ1[7#9spa]r_+ T?UO3aSX?Ӛ_A!܆/n(n]1<`>K+ ޥۥ[8+d'CeG8Mr|a;`ϲ`[d=RxI܌&ƱUQηy{2)D`#yNL<zxUzzY nJ;R\z ShKXX 34>3T;JṞ%mc',ԡd趁Gl'4QdH[ܸGƺJ奄JtʗƯ! 6`mN$t(%  c9]TT1Dm=eQ5%,Si%!&gM0/Ed0LID#(\J0~~޳9eՋ3FƎUnZ\!8 _u5iۭ,;-_MmXXCx! 7l|Ä=-.PRQMy&WcPҳރbvGWA3rt'}$-'F_w\1m6F[c`+`3\ɻt< W'ѝ,; n:1B-HF) PD$idQB[p(Wj 㛆;5[lMU% tt~ 69v']R1tߒ i_ zP(v P**uQ&q~fh39_%["R";v Iă]OlWB .I&6 Q|` [|Ge8Vd͈_lK67T۵ Ι_s;#Y(HMLU3Nh'n(|Ǣ) ;dE]2˱)#\3kU=UB.'/yx>#j5'n[fQ~Q Υ#WrZ@P}@͞lZzx&rbPvCkkGnmsv)Ygt)Jv,f~ž|D 5q~E‚74ƉbP0Z<0t0anJY-";<GK@6Hj'AmC<7#2LB7T{ z ~U?@)iN@ eqql\/X M5_/*s7'nZNF/wn#83qvwo0=؎|nMFΡ&%1% .E+ĕW]~|E2?s˝#]sa,jYYl9<[Ot.' #`g]:#J6 E~.Eˉ➝-ȉ..贻7r,XqC"H6zt"*b0Wfs;]imˏm` @ROwKlz1JcߛƉ)uv{ŝ(Z2Z cǞ90Ŧ&#qDoجiY6U^1y[*V_dvEk1MܫfX {W` H~H6//{{G{eiO)$h_`6U>/xmEjGQ^_ ;R{pt&w \cfϓ]"}llsޡ`אOҙUفvbE`N6T0 Bkt|ׅKѸ\ю *0S"b.ZW,QsGG }X'Tlchs\8PdnD Oʘ!(Č0åw?fʽ n,\OA}^yrPEvqYh\f#v\=BƟx%丹#яpEnڥep ܈=h(nQ5l:"wh\@k-Ts}@;XV SxQ]d;z"=̆yEyҁs\ 'da"I1dښV;$@`8{?8u\}ɫ!>ߏJUUsXyv/ps P 20nF)&%uc &đ c Y6uxH1ɂ2tӋx9+Ϝt˪aUJ;rbOax0gWVm҉F0+KsO|+x)[ZcQ j2xŤ3Cg267Ê |Jt6';st5v#DN#*8fH4x"p Xw3BvOŁz%|&89bcQ/'.٭Y\bgt("D:-uD:)i;bwoCݾ_ Fr`&MTmz*%(oOkoߗ;ӓ?.~+6?x5]ccB.7&(`Ҽ:24]\ 5+KV8j<;NVj~,0 '.Ճf{EDB#G=\w9F`x4f&aW8K zÿX㇜8F ~49+;)b:sRa3mh]ic6qf]( pǭCWq< %Aۍ`6Bc?ޯ33jkJ;9tC*+9.+ȵ]j*j]qM/ԘT%az"ӄn@J!UVh{8+%"̨-%HhHǸ ,7p\ I~hMdIsd̄5MrDzBW`zmDu! "B1٣}f \L@I.0Ϲoi -9$7gmk<+U.NtDB粼7Up,Hzv 12lθȱ+HY]pP|$hOP\DYZ [q=N|iV߻9߶p-nO;%?:Ʌ#8b{7`*Tz@sS'X rw7/#pT'<%ߢ5dr~ǫ|L!tb(/wSlraڵty79/Ej$ɋr3$ ;N N1` -z@BϬs+ ۨ=^2m@$)TT>x'ňUB {_8?ܚ[6OGf2DqxQe~XwqIBr[8w0vHtBLϟY^Wz(VF6m<}OaWE?;5=:<]мmFKgSiGzR ` M :sUPtCu{f!rF}TQ3'iEC{ĂY_V~'-ڭaZ$ߣz;Q6vs%CFNウIAhb'g,Ыvxsnxez$hd!̘; S)e܌N>Đ;wCRTNnٖH' ś-n9Pb*(&+f?i-npmt|/b::񫍋xг<7.u8E?OGqU#\MQ\kRfI}XWB}Z06E,u2vX)gM#c,'fΓ$()am-c.$gi,%.W4d,> ;$uĶxoG %:̝USګǮNFEmdZ]O2*j,{m5 L+ۋzD)IOy)+-Lk\['I${S;ߌ:= Ϣʸ^xa:!D6\pRV(2Jp3h&t2TIfe(7M{ٱsR`w0l9%ZdcoM7 iK >S$_2BUD:<$F ZIʡOQ昅fQ]/pMRtďJb/mYufڥp9AWe|uOxq)0iGtX\էj[YCv\L1{o%Y$s4oN}#SEܧ=svspxVqJ3;xqDyij/ / q<٧%+`99[|@Í+Yvj~iYlǚb"BS}ڃ6xy{Yᝡޢ~umnlML r>a{U~ݗ ikU!A*2$։Ƀ̚wAowS4ks2wz :=䨚a 9J+wW:tǹ:Sm~DB.ن Jx%²*.Vsbke#m)Y $VU@E:;5QDNւ!xK\cHZ% )ghP~$X9cXTٌIuOX ׄH$sDȷ-m.nV*/^4? ɟ'vcx0FĢí%%{@=^t6g-OҹғtbL,u:)z-ֶ_.5>Z0L5ұ*@X+h i+ /@_vzPQ@D@X}%Τwcql a`2U(u_Baxi"Qi jh2ڼ ltX'X[ͽl}9^oԔA*s,i=(vD&0o vrpWYݴ}^7b!b; ǣ5i; 5#PfkRj }Cg#J)Q˼BYI@:-fIO8t#6ʘGK5f+qj.8z2̍qy5L{bȸ0ExQJt |WH$Idb)n`AV_~48o>)mJE+uTR׆Q|{ø>9Љ$ ׹T2Vb ʘã 5ܣ!V~EG&&bQN p6h':xEيybLu+㎉C-%>(;[*kH}Rȓt]]<ًe4p'f۹/n@':kVѽ7"  hLFL|aTY4.nK~BMz0EcTeFQlp17n3Q'6-"]9#rc u'U\|+ jJRKOvF^!IfϺpt~J<[?wTab7˶uj!6V~QV5K30!+ :d2Yi!w#x0k?bo;0l?1'ͤ.p?/9> ͭl$"9-қUģ{=<:yGZZ y+T1YpմzW$K)Fz wVG V)iTArur" #"] fd>A %be'>K~c7-26CΠ7 hq* U% qsvPֿw4"pg/Fs:乖[<u/BDTKۡ? ,OVwaX{Ag!CoS\(8Kqn|cUn}hi13[fÁ N/27u$ `r?U午KqVM N+{,{n@Sdmb^]D|MfX7"{bOЩhQ'ffvyR<\x;{a( CF~8ϡgmQ$g?N5zp!f(]#gK/[~Kc?U24CM?:]%0ɥLF{_ٙ<"wM:R첃D.G]ď`dg(&Őަ97Pɭ"IèPZGG תTr`qD|WW_aPcY\u<;iqa&m4I079%CF8l1L S0zc $ .`_'] vca54{_ZL0`H6lXYrgo%t>{0棰z8$UiL(:+qa Q&f3.E8]PPT?;Vy41*qaE< d6{ x:B9%-_&9s#r/,6%4vQسЖ3M+ZS-(ޔI͞6z:G_fnq1P>=J\.t7;D [xqllY\BOVM/Q0j!$HҏQV,]%+ 6{k5n0|VxP{E\m4̥l37[V 3W 04ECt[nmKDg_2ڴ46Źr+WhB^E'y-n9z:l\A$ID:/a׏{LC}{U f<lyL8}1P)nxӳG|x֙}|y8ƮKi'tl9H-Xι({;YރL#T(s;j׽+mkJLjOtm +'X&V}, 8mF#O$s- JvR~DL>/Zm?w3eij7_a<:v[kمaKj:`oƾ;Wrn/O(⯯i^ Ũ KDLKTUa,0XG:þ 0j? Ldf,s^(+%R[Y9;zdj6r<_} @e)bwqӵl_aCJ0e5#]NE<6U%ytud!\2 P&./lhXOqe'C*@߉agnAigseG }43M/xϓc˜0 ]΃F6EqEUGhC7X&(NR8(ok#&\)<פM 6c=+h*R6OqgNnKtm}@ n~+w9"M@>ٺf5!6äQpqtcrBUW;arJaJVEN&Ӱy3}P\kiƊhE|k-Wy$I 0H ҠA:M@A:pS:\͕9g3@iv]rc4PmݘlܖZ}*$L9a I(Ah4X:ht_ݣIvQ@NI҉;V;z)Ux)"k`~Hb>B@TKYbѠ+ItPmdq"I-!7Cg$b$KoW <֛Fp(F`7bħ]g/d}ӥ:qTDQ'? C ,?R½pW=;,{AXA(Ja(4IU fGbpiLC4-:#֙50̙>E>p=/%V_l̂GVY睍xn րicArmQK;rhkzJ0%,9 p AsX-,%/RѭCRj\{h^賯Ο 꾾 j6ei hqt*@LȋW%=U ҧ'~#Yo<0y^w1ئBԱ L6soEh99VsބGȔ Fk.&ݗ:փLO’@0_^QI]jhtbEƌ^90.tq8S.Yx<=?jqAmBF1AU[ϸ=xKMe(+Dÿcz*]\2]9JsՐҠtgh"GaKA7-uQNNoں[.H㤰C9'3FIo$VTEjH Uh۲qZ_^/CL'@-4.b7_Ud>&U>S]l_5WڅȚmݾmWYs"#'@eJphmCr %u4TznpZ55h֝¼w.hߖ:J*nalG"{iRjldd8hD\:sk ft<%D`#PSW5;6߽xU^Bsw}o) " iQ4_u_ErMylYwuo+{i|vչA3& 0m ؛%'x4~ p*Bn+IơV޾2l( 'ZA$ayՊ~?wgò^an,o>*N\}tDf×?̅pUL c$ɫ3i޼Kџ%5$M߯rc0Nmi#c=o4f뇥@A1YkG[It(ΝՋr):Y!井r{?ゑRU5lPzX{[7u I Uզ0hcwó?HQטHĘۉQ(`˓#@mOkQCЫi6Һ3s߽2M2Kx*54\σ.#1ˀ1@ˢޭ anσye+&GepNX.a߇H'kKU^4 W;OdyEao ^BBk?VT^Td{rK?N-UQʫ:Dc jڽİrmJ:n@J +)wIx]ER_H$C1[Jm:]1a֞~&,g#akȠ<*0> "BNa`#$D0 0گ!O+ Od]ѿ`b}~T,Rv"vYՕT 4+Ư.$]7WһP54@hU,KP@Ns6<,2GL[ C1u|,Iw (YKnxӏK͕2TYu YWy%CXhf7%lZJ7cgvr͠W#‘8/&%v&L\ͷ-kyVc>'8䋧<( #*U}{SJW;%dcbi^wpRx5B\e-dR)=@Wќ6-I"6Wm4#F'Y\p,`TS{Z[횃)n<2)ӻ\z ̌uC-V4̈́%irt(yZV'fPKvwXXwǭ.ϋclbte*k1;nҫh"մU ϓFWjC#˽49l]֦{R%đ1},0DG=bڿUs8Ê\kˈChjk>>lfa Ӛ{#g򔶎"|s䑔{dǤ`VИ'tM0a5V_}K8ӥ;t&v$TwzQ@0ʁ uM ީGgBhE3q\]^'G+\Fzɣ>?WPaf*3TɁj; ׍}J?r;4<*x0?6pntڢO{dYOvZkLDqv29D"n_z);ur}q-<4᭟ W܍iY"ş?G\glG9%0~w ݬIO6xbpڠۋוV.;3rpж f&qf&'_` &':vkbX՜5joTgl_:% 2Y}C}XX=@2] JH#SUC#C 97>c^-%Ǵ{.TlhAv靸9r_GҪFpA4!su 8@yہA[IV _P٫17b-2~jL+Гʄv3ȽVu,Z"4ztJU'tb(:PnwNUTKpEWVq_3 l<5<%s3`x NOOJC=<>pcZ &rdKCUDb6a2#+UDsx}G,X#ؒY'݄( Y6H0GYGqu bdHi& Z c[F@miNZ<]jx*8 DMd::$@Q޲?XpO"'$z)_y y.4`Q*o˦Kv]HbΞ,da:Ƈ@O?\7;?e#WaAl@qs0&3dIewV %UXԟo%h'{CfN3_ 83"ʍGjǍԉnǶ>[ZAMUJN5 /)IZF팲aV^qzM4&U<=+m:K;E\uEnǙtŭ=o|z,7F 3&0Ge1Vk C!>.Enva-֍YӨ%k ܩO6D5*ͷu[lu,mAE;3̝,ZFDgĎ*zXTe31֯We=Qa࠺St O*ѶMoLd\[o7U+BuRpa1ُ:"դVRQvTbj3='\sv 8&~"31#*zd(mS5NvƶjJh Y KbnE癒} qp4VB_T:h$sx2,Eqd`5mZ&Î3GcxΠB6h@icqYyjn9+!H֨bͱfv=p5J@aRoWG.A}mQ6ȂXJ(ƒ"~O*Rp(P8gU7{qߠ=h`yxAAGx_(@.Mi¢nLFeW)`dَK5{32'.QNfm?ӊʦNcHa_l=#6@+5_̺+--U,*͜{˩3^ :1\) ։oȄ|iUvh`c+rr&)k{u\{#R p`9KbA!y ّP>M|EdrCԂ =Z RLfDϢ vodmdy `OQ[·> "^c0[6Tegs0ؼI:ΆާƂy;8Aπ pȒc@*Ω!S`3UX62ҌM-SAB<վz&4ڃһ:}?Pб֑؜ ͍y@].c<><0J"{war&Pipl\fAgL+e޾/5QO %o5i~약Ϥ#_gQ&-Dq1ΕJTNܐTsANpePmB؀a+D^~MJD +HQz~o@1UzUV1ط={3OPQ؇ ڳACgQfH~d:ZvS# >O 0Vl"%I` i4!PRA틑=h{a5 䳋W%j `r\x(@ND떡pLxb{q"nHښ93eev'3I=efP[Z <Ue(;& \ϬaX֍='snMԻ}pxG|gss 7ނ#_2 7bz!ͧ"c20[7`̾TYx]a]s(k^ 29bfa syl܈*&hQ3 kA/@$DMWt}ͩ@uldޥI~֠ѳPҜ0Iev9VL9uj8,XS8}PR˂:(9歒R2K0,a+s a9®JQjg1616GUJK AZv%b`wx=a,6ƘF,_K .IiYq6r0jC Z)Ǻhz#ڨbgMYP 1v<8/w aDewD8OOhY59CwC[ųf࿲RN; +]t2), y+<(8г+J= H6}Z N " ,ːAă"&"рW ˆ 3WFBxծYrtt@ &Kp$BP5 &ެGMyړ9Qe4=yjӧZ!+o3*vq+.ԛײ`Wx ÄvWҘ@pڑx:~n2Xm85omˤ0Zw g~F46+`_{]?RXʤ' :T_`3s{&/k4~sҸ }Ku)p"13A"U8?{sTZGfqфd ~OowrF|jKBoEc)1q$QֱNܨtM|K#F!n{3pKw+YOT6ؕw^8f^%o&HgEkkIm˱ :)[ r yyGe?inÂjqȄ6YDR.wu\۷.T}ف}|0هn%m(m7ﰗn6L/nH$Bh`\jfp.T.M{eLiXV.)dj2ՋFjȌz(GnZd=9RY5./|19<0 yUE:0eA!lׄ熠C7NCrOw"X*n0>s9{$'˗Y9:ʻts7?`R$28޳ plIUK-ͤHdJ_w'v =DR| v /Y:gT8sB@Dr4[ׁUtD/#ϾQRx3nHbvz^PlJy_xX;E6Xgz\2?er!_]XD'j5ϧh\-eZˢDU%J^IvZ8ir"mWg >UT#kt%Pȴ(e{X+Qk~5k,|ޗ` #~DVw [Sr?H㣴ɭxdT'8m?3s#IIUuxړSt%K'ՠO] 4zH๵2n'I 5͕!]Uy/֐/F9?mf5ILNM;-5n{CHWjw~E__ &@u۲(l㚒HcXtWA=DӸi3wUJ$B'$ Qf]V4vbS~bi?%6O L-¥2Pu]˸Is34UtSRz}l )aIތG#j%Q4DDW t9>< ?JkF`kpfYAg9w! 'cƵ.hUko!rPѷD3:9^r kS Bksų`zɐ-hHڶZ9OOd/KZ}l ?Mu x@a5 x51ey#`SqjE'o+H>;niWȹR{8a}| !|VtKLW!rQs"!K']ЦY-;oIfiݏ:VBWz~UW myd5|w+f"g:쐘@>a"l1S]kDz˘TTaaq00O3!EUNg<XWgJq"x2I诅,;h y|o4NM*:Nf{JzTpNar>p{(ƜcͶ,/e"hrbSnc3>4/')k:nyMyCSPmY?CKjƙu~ENRɔDM"{/207!B}eF냽w- 鐠YMEeLy`jej3cX  N3uDCx>ocWOޠ\ap;$I#D~ Lc)anLK|0vl0dzQ= upw^Ba3ihӗ['j,2ʊ:FU7yf޶ l0RWZtdlJQ$ɱfV AZ'RA\< n[Q}9C.zpN~} ><,z-ކg(Hq2y`XipaP#Yjw^+ ʿ5 X\nj⎺H.r~; 0o11Dik) ~O:?Rb<-XN1Xp~l6ճTJ,UEtQBg~҃ `" g?|b\AMy izdjͅ@~bYХN Ҵ:xH]jHalh+bG VtiSVWgS a?J'i@L޵nSJ alfRjiLUU\Nu@mEdAdt]w|RqEA ዱ2ۊ;ҩ5:,'Iύp؃؆M[lz(|H;0(G^eC k}Icڭu\ YZ