openssl-perl-1:1.1.1k-12.el8_9 > 6 6_6 3!pQp)Tξ7]mtZ`e ]mtZ`W>GC"z{θnBGlӬƒ4XVk]cmEa~׮K&qCرqyTN V,wxx["9)"}qcuDj`=: mNepM{xQtvٿIлyLiLu4US$fI=6a?|c[Q;G 2VJils&2Z"iII+Jgye/28J~w(&;IXv-3X5GYz{)RKbA`=P:R@EPG0a"zX(55fΣ wS6X;GE"2&ornu\VPx:0]?7dP&*8W >>̂%M((xE0bJ"22bd522059af8fc5cf97dd9dcaa99fd5f1efd35172db87c3ff7ae4418642d348d03d4c776aa693e01241ef50596f7eedbbabbbe7473!pQp)Tξ7]mtZ`e ]mtZ`} :R74%Vmv. BDl{]7n+irVq7^E3O͚6[fV:Y96wL=DT #,KnTH후c:H=Gn 7gfGݹ&պ$84󊷪Kq2X.3 *S E$?3X&BwUQ.n|uypWP;G# D@R :TqS/&G*Rq7 hVʅ|œL5,׽^xO? 8mW%g6w_=Zb2}.<ǜkzYKoj2vK^iJWiz;( 8s4ʟHzo-BUuMN]mڔBTV*@=WX%k~_ᑭBp=?d  $ G @DIOc        P      E  (89 `:\G@ Ht I XY\ ] ^bdeflt uP vw x< yp|Copenssl-perl1.1.1k12.el8_9Perl scripts provided with OpenSSLOpenSSL is a toolkit for supporting cryptography. The openssl-perl package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit.e}eord1-prod-a64build004.svc.aws.rockylinux.orgsKojiRockyOpenSSL and ASL 2.0infrastructure@rockylinux.orgUnspecifiedhttp://www.openssl.org/linuxaarch64/ AAAAA큤e|e|e|e|e|e|e|e|e|e|e|e|e|2131b48fe02e4002892237e04715e4f37eb2183693165ebc8a0cdc75e35174da0799b5e54d2535a8ac85bb2b3a68775e6e04b59e9f3238a9b472a62e78b39bf738b4c4e741894d4355bc4c5a8a4b60a5b9ca73fe1c1b9e7dbddd5e706f64edb78a2d0cf7c9181e285ed2fea3fd80296cf877e0baf710309b2b5f7e331b760c620a2373c45bb984e1d1d65065eb57de74cb1ad97c77043bdc24495d4fd81dd57atsget.plrehash.1ssl.gztsget.1ssl.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssl-1.1.1k-12.el8_9.src.rpmopenssl-perlopenssl-perl(aarch-64)@    /usr/bin/perlopenssl(aarch-64)perl-interpreterrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)1:1.1.1k-12.el8_93.0.4-14.6.0-14.0-15.2-14.14.3ehy@eTe1@cb?b'b; a@`t`s`"@`@`@`y|@`a@_$__@^^(@^א^V@^x^`^M#@]]]@]|@]*]@]A]@]@\ \\g\s@\s@\@[@[ā@[@[ @[#@[@[[~[qr[qr[[ @[Xf@[H@[(@[)ZlZ@Z@Z@Z|;Zs@ZWQZ2gYZ@Y@YyYlYg`YP@YMYBvY5GY1S@X@XXXX[@XAb@X>@X43@X%Xx@W%W%W@W@W WjWW@Wq@W(Vn@Vm@VVՄ@V=@VV@Vs@Vf@VetVa@VI@U5@Ub@U@UU~@UKSUKSU?v@U8U&iU @UT\@Ts@TTTmTFJT?@T7@T @S@SS@Sj@S @SQ@SDS@SS[S@Sj @SB@S=M@S&R@RRy@R߲R@R1@R@RRR RiR|@Ro@Ri R^R[REs@R@-@R<8R:@R1R/ R' R$}R7R7RR@QQdQ@Q*@Q@Qޞ@QLQLQQsQGQ#i@Q#i@Q#i@Q @PO@PPpP@PM@P H@P P O@OjOE@O8OOOr@O}@O`@OTON@O1@OONˎN@NyNg\NTN.@N&@MM۝MVM@MS@MQ0@MK@M=iLLL[@Lr@L)@L+1LKK@KK"@KKzKuBKV@KO@KMKEK y@KKKJJ@JJ`@J@JH@J@J@J#JJ@J@J:JjJf@JI@JB@I@Io@I@II3IJI@I@I}Iq@Iq@IpvIpvIo%@H@HCH=I@H;H1kG"G@G}GaGUA@GSGV@GaFFF;@E}H@EnEe@EIE @EDfDГD@DDp@D@D4D4DDc'@D2_C@CCZCqCBC@C{@Cp@CX@CLC B=BBo~BlBgBM7BK@BJB$Y@B#B#B LAAʳ@A@A@A@A@Ab@@͓@@X@5@@b@V@@PT@O@@Dw@@=@2@@,@@,@@*@@ @ ??@?@?~@?z?yp@?yp@?yp@?x?r?r?q@?p5?hL?I@???? U@? @>@>@>>>@>@>v>@>@>G>E>x[>u>e>]>Sq>Sq>K>G@>.>'@>%M@>d@>>{@==(====O@=I"=G@=G@=E.@=?@=5\@=@<@<<@<@@<@ - 1:1.1.1k-12Clemens Lang - 1:1.1.1k-11Clemens Lang - 1:1.1.1k-10Dmitry Belyavskiy - 1:1.1.1k-9Dmitry Belyavskiy - 1:1.1.1k-8Clemens Lang - 1:1.1.1k-7Clemens Lang - 1:1.1.1k-6Sahana Prasad - 1:1.1.1k-5Sahana Prasad - 1:1.1.1k-4Sahana Prasad - 1:1.1.1k-3Dmitry Belyavskiy - 1:1.1.1k-2Sahana Prasad 1.1.1k-1Daiki Ueno 1.1.1g-16Dmitry Belyavski 1.1.1g-15Sahana Prasad 1.1.1g-14Sahana Prasad 1.1.1g-13Tomáš Mráz 1.1.1g-12Tomáš Mráz 1.1.1g-11Tomáš Mráz 1.1.1g-9Tomáš Mráz 1.1.1g-7Tomáš Mráz 1.1.1g-6Tomáš Mráz 1.1.1g-5Tomáš Mráz 1.1.1g-1Tomáš Mráz 1.1.1c-15Tomáš Mráz 1.1.1c-14Tomáš Mráz 1.1.1c-12Tomáš Mráz 1.1.1c-9Tomáš Mráz 1.1.1c-8Tomáš Mráz 1.1.1c-7Tomáš Mráz 1.1.1c-6Tomáš Mráz 1.1.1c-5Tomáš Mráz 1.1.1c-4Tomáš Mráz 1.1.1c-3Tomáš Mráz 1.1.1c-2Tomáš Mráz 1.1.1c-1Tomáš Mráz 1.1.1b-6Tomáš Mráz 1.1.1b-5Tomáš Mráz 1.1.1b-3Tomáš Mráz 1.1.1b-1Tomáš Mráz 1.1.1-8Tomáš Mráz 1.1.1-7Tomáš Mráz 1.1.1-6Tomáš Mráz 1.1.1-5Tomáš Mráz 1.1.1-4Tomáš Mráz 1.1.1-3Tomáš Mráz 1.1.1-2Tomáš Mráz 1.1.1-1Tomáš Mráz 1.1.1-0.pre9.1Tomáš Mráz 1.1.1-0.pre8.4Tomáš Mráz 1.1.1-0.pre8.3Tomáš Mráz 1.1.1-0.pre8.2Tomáš Mráz 1.1.1-0.pre8Fedora Release Engineering - 1:1.1.0h-6Tomáš Mráz 1.1.0h-5Tomáš Mráz 1.1.0h-4Tomáš Mráz 1.1.0h-3Tomáš Mráz 1.1.0h-2Tomáš Mráz 1.1.0h-1Tomáš Mráz 1.1.0g-6Fedora Release Engineering - 1:1.1.0g-5Tomáš Mráz 1.1.0g-4Tomáš Mráz 1.1.0g-3Tomáš Mráz 1.1.0g-2Tomáš Mráz 1.1.0g-1Fedora Release Engineering - 1:1.1.0f-9Fedora Release Engineering - 1:1.1.0f-8Tomáš Mráz 1:1.1.0f-7Petr Pisar - 1:1.1.0f-6Tomáš Mráz 1.1.0f-5Tomáš Mráz 1.1.0f-4Tomáš Mráz 1.1.0f-3Tomáš Mráz 1.1.0f-2Tomáš Mráz 1.1.0f-1Tomáš Mráz 1.1.0e-1Fedora Release Engineering - 1:1.1.0d-3Tomáš Mráz 1.1.0d-2Tomáš Mráz 1.1.0d-1Tomáš Mráz 1.1.0c-5Tomáš Mráz 1.1.0c-4Tomáš Mráz 1.1.0c-3Tomáš Mráz 1.1.0c-2Tomáš Mráz 1.1.0c-1Tomáš Mráz 1.1.0b-4Tomáš Mráz 1.1.0b-3Tomáš Mráz 1.1.0b-2Tomáš Mráz 1.1.0b-1Richard W.M. Jones - 1:1.0.2j-2Tomáš Mráz 1.0.2j-1David Woodhouse 1.0.2i-2Tomáš Mráz 1.0.2i-1Tomáš Mráz 1.0.2h-3Tomáš Mráz 1.0.2h-2Tomáš Mráz 1.0.2h-1Tomáš Mráz 1.0.2g-4Tom Callaway - 1.0.2g-3Tomáš Mráz 1.0.2g-2Tomáš Mráz 1.0.2g-1Fedora Release Engineering - 1:1.0.2f-2Tomáš Mráz 1.0.2f-1Tomáš Mráz 1.0.2e-5Tomáš Mráz 1.0.2e-4Tomáš Mráz 1.0.2e-3Tomáš Mráz 1.0.2e-2Tomáš Mráz 1.0.2e-1Tomáš Mráz 1.0.2d-3Tom Callaway 1.0.2d-2Tomáš Mráz 1.0.2d-1Tomáš Mráz 1.0.2c-3Fedora Release Engineering - 1:1.0.2c-2Tomáš Mráz 1.0.2c-1Peter Robinson 1.0.2a-4Tomáš Mráz 1.0.2a-3Tomáš Mráz 1.0.2a-2Tomáš Mráz 1.0.2a-1Tomáš Mráz 1.0.1k-7Tomáš Mráz 1.0.1k-6Tomáš Mráz 1.0.1k-5Tomáš Mráz 1.0.1k-4Till Maas - 1:1.0.1k-3Tomáš Mráz 1.0.1k-2Tomáš Mráz 1.0.1k-1Tomáš Mráz 1.0.1j-3Tomáš Mráz 1.0.1j-2Tomáš Mráz 1.0.1j-1Tomáš Mráz 1.0.1i-5Tomáš Mráz 1.0.1i-4Fedora Release Engineering - 1:1.0.1i-3Tomáš Mráz 1.0.1i-2Tomáš Mráz 1.0.1i-1Tom Callaway 1.0.1h-6Tomáš Mráz 1.0.1h-5Tomáš Mráz 1.0.1h-4Tomáš Mráz 1.0.1h-3Fedora Release Engineering - 1:1.0.1h-2Tomáš Mráz 1.0.1h-1Peter Robinson 1.0.1g-2Tomáš Mráz 1.0.1g-1Dennis Gilmore - 1.0.1e-44Tomáš Mráz 1.0.1e-43Tomáš Mráz 1.0.1e-42Tomáš Mráz 1.0.1e-41Tomáš Mráz 1.0.1e-40Tomáš Mráz 1.0.1e-39Tomáš Mráz 1.0.1e-38Tomáš Mráz 1.0.1e-37Tomáš Mráz 1.0.1e-36Tomáš Mráz 1.0.1e-35Tomáš Mráz 1.0.1e-34Tomáš Mráz 1.0.1e-33Tomáš Mráz 1.0.1e-32Tomáš Mráz 1.0.1e-31Tomáš Mráz 1.0.1e-30Tomáš Mráz 1.0.1e-29Tomáš Mráz 1.0.1e-28Tom Callaway - 1.0.1e-27Tomáš Mráz 1.0.1e-26Tomáš Mráz 1.0.1e-25Tomáš Mráz 1.0.1e-24Tomáš Mráz 1.0.1e-23Tomáš Mráz 1.0.1e-22Kyle McMartin 1.0.1e-21Tomas Mraz 1.0.1e-20Tomas Mraz 1.0.1e-19Tomas Mraz 1.0.1e-18Tomas Mraz 1.0.1e-17Tomas Mraz 1.0.1e-16Tomas Mraz 1.0.1e-15Petr Pisar - 1:1.0.1e-14Tomas Mraz 1.0.1e-13Tomas Mraz 1.0.1e-12Tomas Mraz 1.0.1e-11Petr Pisar - 1:1.0.1e-10Tomas Mraz 1.0.1e-9Tomas Mraz 1.0.1e-8Tomas Mraz 1.0.1e-7Tomas Mraz 1.0.1e-6Peter Robinson 1.0.1e-5Tomas Mraz 1.0.1e-4Tomas Mraz 1.0.1e-3Tomas Mraz 1.0.1e-2Tomas Mraz 1.0.1e-1Tomas Mraz 1.0.1c-12Tomas Mraz 1.0.1c-11Tomas Mraz 1.0.1c-10Tomas Mraz 1.0.1c-9Tomas Mraz 1.0.1c-8Tomas Mraz 1.0.1c-7Fedora Release Engineering - 1:1.0.1c-6Tomas Mraz 1.0.1c-5Tomas Mraz 1.0.1c-4Tomas Mraz 1.0.1c-3Tomas Mraz 1.0.1c-2Tomas Mraz 1.0.1c-1Tomas Mraz 1.0.1b-1Tomas Mraz 1.0.1a-1Tomas Mraz 1.0.1-3Tomas Mraz 1.0.1-2Tomas Mraz 1.0.1-1Tomas Mraz 1.0.1-0.3.beta3Tomas Mraz 1.0.1-0.2.beta3Tomas Mraz 1.0.1-0.1.beta2Tomas Mraz 1.0.0g-1Tomas Mraz 1.0.0f-1Tomas Mraz 1.0.0e-4Tomas Mraz 1.0.0e-3Tomas Mraz 1.0.0e-2Tomas Mraz 1.0.0e-1Tomas Mraz 1.0.0d-8Tomas Mraz 1.0.0d-7Tomas Mraz 1.0.0d-6Tomas Mraz 1.0.0d-5Tomas Mraz 1.0.0d-4Tomas Mraz 1.0.0d-3Tomas Mraz 1.0.0d-2Tomas Mraz 1.0.0d-1Fedora Release Engineering - 1.0.0c-4Tomas Mraz 1.0.0c-3Tomas Mraz 1.0.0c-2Tomas Mraz 1.0.0c-1Tomas Mraz 1.0.0b-3Tomas Mraz 1.0.0b-2Tomas Mraz 1.0.0b-1Tomas Mraz 1.0.0a-3Tomas Mraz 1.0.0a-2Tomas Mraz 1.0.0a-1Tomas Mraz 1.0.0-5Tomas Mraz 1.0.0-4Tomas Mraz 1.0.0-3Tomas Mraz 1.0.0-2Tomas Mraz 1.0.0-1Tomas Mraz 1.0.0-0.22.beta5Tomas Mraz 1.0.0-0.21.beta5Tomas Mraz 1.0.0-0.20.beta5Tomas Mraz 1.0.0-0.19.beta4Tomas Mraz 1.0.0-0.18.beta4Tomas Mraz 1.0.0-0.17.beta4Tomas Mraz 1.0.0-0.16.beta4Tomas Mraz 1.0.0-0.15.beta4Tomas Mraz 1.0.0-0.14.beta4Tomas Mraz 1.0.0-0.13.beta4Tomas Mraz 1.0.0-0.12.beta4Tomas Mraz 1.0.0-0.11.beta4Tomas Mraz 1.0.0-0.10.beta3Tomas Mraz 1.0.0-0.9.beta3Tomas Mraz 1.0.0-0.8.beta3Tomas Mraz 1.0.0-0.7.beta3Tomas Mraz 1.0.0-0.6.beta3Tomas Mraz 1.0.0-0.5.beta3Tomas Mraz 1.0.0-0.4.beta3Tomas Mraz 1.0.0-0.3.beta3Tomas Mraz 1.0.0-0.2.beta3Tomas Mraz 1.0.0-0.1.beta3Fedora Release Engineering - 0.9.8k-7Bill Nottingham Tomas Mraz 0.9.8k-6Tomas Mraz 0.9.8k-5Tomas Mraz 0.9.8k-4Tomas Mraz 0.9.8k-3Tomas Mraz 0.9.8k-2Tomas Mraz 0.9.8k-1Tomas Mraz 0.9.8j-10Tomas Mraz 0.9.8j-9Fedora Release Engineering - 0.9.8j-8Tomas Mraz 0.9.8j-7Tomas Mraz 0.9.8j-6Tomas Mraz 0.9.8j-5Tomas Mraz 0.9.8j-4Tomas Mraz 0.9.8j-3Tomas Mraz 0.9.8j-2Tomas Mraz 0.9.8j-1Tomas Mraz 0.9.8g-11Joe Orton 0.9.8g-10Tomas Mraz 0.9.8g-9Tomas Mraz 0.9.8g-8Tom "spot" Callaway 0.9.8g-7Joe Orton 0.9.8g-6Fedora Release Engineering - 0.9.8g-5Tomas Mraz 0.9.8g-4Tomas Mraz 0.9.8g-3Tomas Mraz 0.9.8g-2Tomas Mraz 0.9.8g-1Joe Orton 0.9.8b-17Tomas Mraz 0.9.8b-16Tomas Mraz 0.9.8b-15Tomas Mraz 0.9.8b-14Tomas Mraz 0.9.8b-13Tomas Mraz 0.9.8b-12Tomas Mraz 0.9.8b-11Tomas Mraz 0.9.8b-10Tomas Mraz 0.9.8b-9Tomas Mraz 0.9.8b-8Tomas Mraz 0.9.8b-7Tomas Mraz 0.9.8b-6Tomas Mraz - 0.9.8b-5Alexandre Oliva - 0.9.8b-4.1Tomas Mraz - 0.9.8b-4Tomas Mraz Jesse Keating - 0.9.8b-3.1Tomas Mraz - 0.9.8b-3Joe Orton Tomas Mraz - 0.9.8b-2Tomas Mraz - 0.9.8b-1Tomas Mraz - 0.9.8a-6Jesse Keating - 0.9.8a-5.2Jesse Keating - 0.9.8a-5.1Tomas Mraz 0.9.8a-5Jesse Keating Tomas Mraz 0.9.8a-4Tomas Mraz 0.9.8a-3Tomas Mraz 0.9.8a-2Tomas Mraz 0.9.8a-1Tomas Mraz 0.9.7f-11Tomas Mraz 0.9.7f-10Tomas Mraz 0.9.7f-9Phil Knirsch 0.9.7f-8Tomas Mraz 0.9.7f-7Tomas Mraz 0.9.7f-6Joe Orton 0.9.7f-5Tomas Mraz 0.9.7f-4Tomas Mraz 0.9.7f-3Tomas Mraz 0.9.7f-2Tomas Mraz 0.9.7f-1Tomas Mraz 0.9.7e-3Tomas Mraz 0.9.7e-2Tomas Mraz 0.9.7e-1Tomas Mraz Joe Orton 0.9.7a-46Phil Knirsch 0.9.7a-45Nalin Dahyabhai 0.9.7a-44Nalin Dahyabhai 0.9.7a-43Nalin Dahyabhai 0.9.7a-42Nalin Dahyabhai 0.9.7a-41Phil Knirsch 0.9.7a-40Elliot Lee Phil Knirsch 0.9.7a-38Nalin Dahyabhai 0.9.7a-37Nalin Dahyabhai 0.9.7a-36Joe Orton 0.9.7a-35Phil Knirsch Nalin Dahyabhai 0.9.7a-34Nalin Dahyabhai 0.9.7a-33Elliot Lee Phil Knirsch 0.9.7a-32Phil Knirsch 0.9.7a-31Elliot Lee Phil Knirsch 0.9.7a-29Phil Knirsch 0.9.7a-28Nalin Dahyabhai Joe Orton 0.9.7a-27Tim Waugh 0.9.7a-26Nalin Dahyabhai 0.9.7a-25Phil Knirsch 0.9.7a-24Nalin Dahyabhai 0.9.7a-22.1Nalin Dahyabhai 0.9.7a-22Nalin Dahyabhai 0.9.7a-23Joe Orton Nalin Dahyabhai 0.9.7a-22Nalin Dahyabhai 0.9.7a-21Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai 0.9.7a-20Nalin Dahyabhai Matt Wilson 0.9.7a-19Phil Knirsch 0.9.7a-18Nalin Dahyabhai 0.9.7a-17Nalin Dahyabhai 0.9.7a-10.9Nalin Dahyabhai 0.9.7a-16Nalin Dahyabhai 0.9.7a-15Nalin Dahyabhai 0.9.7a-14Nalin Dahyabhai 0.9.7a-13Phil Knirsch 0.9.7a-12Nalin Dahyabhai 0.9.7a-9.9Nalin Dahyabhai 0.9.7a-11Nalin Dahyabhai 0.9.7a-10Nalin Dahyabhai 0.9.7a-9Nalin Dahyabhai Nalin Dahyabhai Elliot Lee 0.9.7a-8Phil Knirsch 0.9.7a-7Nalin Dahyabhai 0.9.7a-6Nalin Dahyabhai 0.9.7a-5Nalin Dahyabhai 0.9.7a-4Nalin Dahyabhai 0.9.7a-3Nalin Dahyabhai 0.9.7a-2Nalin Dahyabhai 0.9.7a-1Nalin Dahyabhai 0.9.7-8Elliot Lee 0.9.7-7Nalin Dahyabhai 0.9.7-6Tim Powers Phil Knirsch 0.9.7-4Nalin Dahyabhai Bill Nottingham 0.9.7-3Nalin Dahyabhai 0.9.7-2Nalin Dahyabhai 0.9.7-1Nalin Dahyabhai 0.9.7-0Nalin Dahyabhai Nalin Dahyabhai 0.9.6b-30Elliot Lee 0.9.6b-29hammer.3Nalin Dahyabhai 0.9.6b-29Nalin Dahyabhai 0.9.6b-28Nalin Dahyabhai 0.9.6b-27Nalin Dahyabhai 0.9.6b-26Nalin Dahyabhai 0.9.6b-25Nalin Dahyabhai 0.9.6b-24Nalin Dahyabhai 0.9.6b-23Tim Powers Tim Powers Nalin Dahyabhai 0.9.6b-20Nalin Dahyabhai 0.9.6b-19Nalin Dahyabhai 0.9.6b-17, 0.9.6b-18Gary Benson stronghold-0.9.6c-2Gary Benson Nalin Dahyabhai 0.9.6b-15Nalin Dahyabhai 0.9.6b-13Florian La Roche 0.9.6b-11Gary Benson stronghold-0.9.6c-1Florian La Roche Nalin Dahyabhai 0.9.6b-9Nalin Dahyabhai Nalin Dahyabhai 0.9.6b-8Nalin Dahyabhai 0.9.6b-7Nalin Dahyabhai 0.9.6b-6Nalin Dahyabhai 0.9.6b-5Nalin Dahyabhai 0.9.6b-4Nalin Dahyabhai Nalin Dahyabhai 0.9.6b-3Nalin Dahyabhai 0.9.6b-2Nalin Dahyabhai Nalin Dahyabhai 0.9.6b-1Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Florian La Roche Nalin Dahyabhai Joe Orton stronghold-0.9.6a-1Joe Orton Joe Orton Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Florian La Roche Nalin Dahyabhai Nalin Dahyabhai Florian La Roche Than Ngo Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Bill Nottingham Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Nalin Dahyabhai Florian La Roche Florian La Roche Florian La Roche Bernhard Rosenkrdnzer Bernhard Rosenkrdnzer Bernhard Rosenkrdnzer - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239- Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286- Fix no-ec build Resolves: rhbz#2071020- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2092462 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090372 - Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098279- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Resolves: rhbz#2067146- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#2005402- Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly set to TLS 1.2. However, if the patch is reverted, it has an effect on the "ssl_reject_handshake" feature in nginx. Although, this feature will continue to work, TLS 1.3 protocol becomes unavailable/disabled. This is already known - https://trac.nginx.org/nginx/ticket/2071#comment:1 As per https://github.com/openssl/openssl/issues/16075#issuecomment-879939938, nginx could early callback instead of servername callback. - Resolves: rhbz#1978214 - Related: rhbz#1934534- Cleansup the peer point formats on renegotiation - Resolves rhbz#1965362- Fixes FIPS_selftest to work in FIPS mode. Resolves: rhbz#1940085 - Using safe primes for FIPS DH self-test- Update to version 1.1.1k- Use AI_ADDRCONFIG only when explicit host name is given - Allow only curves defined in RFC 8446 in TLS 1.3- Remove 2-key 3DES test from FIPS_selftest- Fix CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT - Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing- Fix CVE-2020-1971 ediparty null pointer dereference- Implemented new FIPS requirements in regards to KDF and DH selftests - Disallow certificates with explicit EC parameters- Further changes for SP 800-56A rev3 requirements- Rewire FIPS_drbg API to use the RAND_DRBG - Use the well known DH groups in TLS even for 2048 and 1024 bit parameters- Disallow dropping Extended Master Secret extension on renegotiation - Return alert from s_server if ALPN protocol does not match - SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration- Add FIPS selftest for PBKDF2 and KBKDF- Allow only well known DH groups in the FIPS mode- update to the 1.1.1g release - FIPS module installed state definition is modified- add selftest of the RAND_DRBG implementation- fix incorrect error return value from FIPS_selftest_dsa - S390x: properly restore SIGILL signal handler- additional fix for the edk2 build- disallow use of SHA-1 signatures in TLS in FIPS mode- fix CVE-2019-1547 - side-channel weak encryption vulnerability - fix CVE-2019-1563 - padding oracle in CMS API - fix CVE-2019-1549 - ensure fork safety of the DRBG - fix handling of non-FIPS allowed EC curves in FIPS mode - fix TLS compliance issues- backported ARM performance fixes from master- backport of S390x ECC CPACF enhancements from master - FIPS mode: properly disable 1024 bit DSA key generation - FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - FIPS mode: allow AES-CCM ciphersuites- make the code suitable for edk2 build- backport of SSKDF from master- backport of KBKDF and KRB5KDF from master- do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code- update to the 1.1.1c release- adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode- Fix small regressions related to the rebase- FIPS compliance fixes- update to the 1.1.1b release - EVP_KDF API backport from master - SSH KDF implementation for EVP_KDF API backport from master - add S390x chacha20-poly1305 assembler support from master branch- make openssl ts default to using SHA256 digest- use /dev/urandom for seeding the RNG in FIPS POST- make SECLEVEL=3 work- fix defects found in Coverity scan- drop SSLv3 support- drop the TLS-1.3 version revert- disable RC4-MD5 ciphersuites completely- update to the final 1.1.1 version - for consistent support of security policies we build RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2 - use only /dev/urandom if getrandom() is not available - disable SM4- update to the latest 1.1.1 beta version - temporarily revert TLS-1.3 to draft 28 version- bidirectional shutdown fixes from upstream- do not put error on stack when using fixed protocol version with the default config (#1615098)- load crypto policy config file from the default config- update to the latest 1.1.1 beta version- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild- fix FIPS RSA key generation failure- ppc64le is not multilib arch (#1584994)- fix regression of c_rehash (#1562953)- fix FIPS symbol versions- update to upstream version 1.1.0h - add Recommends for openssl-pkcs11- one more try to apply RPM_LD_FLAGS properly (#1541033) - dropped unneeded starttls xmpp patch (#1417017)- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- apply RPM_LD_FLAGS properly (#1541033)- silence the .rnd write failure as that is auxiliary functionality (#1524833)- put the Makefile.certificate in pkgdocdir and drop the requirement on make- update to upstream version 1.1.0g- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- make s_client and s_server work with -ssl3 option (#1471783)- perl dependency renamed to perl-interpreter - disable verification of all insecure hashes- make DTLS work (#1462541)- enable 3DES SSL ciphersuites, RC4 is kept disabled (#1453066)- only release thread-local key if we created it (from upstream) (#1458775)- update to upstream version 1.1.0f - SRP and GOST is now allowed, note that GOST support requires adding GOST engine which is not part of openssl anymore- update to upstream version 1.1.0e - add documentation of the PROFILE=SYSTEM special cipher string (#1420232)- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- applied upstream fixes (fix regression in X509_CRL_digest)- update to upstream version 1.1.0d- preserve new line in fd BIO BIO_gets() as other BIOs do- FIPS mode fixes for TLS- revert SSL_read() behavior change - patch from upstream (#1394677) - fix behavior on client certificate request in renegotiation (#1393579)- EC curve NIST P-224 is now allowed, still kept disabled in TLS due to less than optimal security- update to upstream version 1.1.0c- use a random seed if the supplied one did not generate valid parameters in dsa_builtin_paramgen2()- do not break contract on return value when using dsa_builtin_paramgen2()- fix afalg failure on big endian- update to upstream version 1.1.0b- Add flags for riscv64.- minor upstream release 1.0.2j fixing regression from previous release- Fix enginesdir in libcrypto.c (#1375361)- minor upstream release 1.0.2i fixing security issues - move man pages for perl based scripts to perl subpackage (#1377617)- fix regression in Cisco AnyConnect VPN support (#1354588)- require libcrypto in libssl.pc (#1301301)- minor upstream release 1.0.2h fixing security issues- disable SSLv2 support altogether (without ABI break)- enable RC5- reenable SSL2 in the build to avoid ABI break (it does not make the openssl vulnerable to DROWN attack)- minor upstream release 1.0.2g fixing security issues- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- minor upstream release 1.0.2f fixing security issues - add support for MIPS secondary architecture- document some options of openssl speed command- enable sctp support in DTLS- remove unimplemented EC method from header (#1289599)- the fast nistp implementation works only on little endian architectures- minor upstream release 1.0.2e fixing moderate severity security issues - enable fast assembler implementation for NIST P-256 and P-521 elliptic curves (#1164210) - filter out unwanted link options from the .pc files (#1257836) - do not set serial to 0 in Makefile.certificate (#1135719)- fix sigill on some AMD CPUs (#1278194)- re-enable secp256k1 (bz1021898)- minor upstream release 1.0.2d fixing a high severity security issue- fix the aarch64 build- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- minor upstream release 1.0.2c fixing multiple security issues- Add aarch64 sslarch details- fix some 64 bit build targets- add alternative certificate chain discovery support from upstream- rebase to 1.0.2 branch- drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field)- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0293 - triggerable assert in SSLv2 server- fix bug in the CRYPTO_128_unwrap()- fix bug in the RFC 5649 support (#1185878)- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code- test in the non-FIPS RSA keygen for minimal distance of p and q similarly to the FIPS RSA keygen- new upstream release fixing multiple security issues- disable SSLv3 by default again (mail servers and possibly LDAP servers should probably allow it explicitly for legacy clients)- update the FIPS RSA keygen to be FIPS 186-4 compliant- new upstream release fixing multiple security issues- copy negotiated digests when switching certs by SNI (#1150032)- add support for RFC 5649- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- drop RSA X9.31 from RSA FIPS selftests - add Power 8 optimalizations- new upstream release fixing multiple moderate security issues - for now disable only SSLv2 by default- fix license handling- disable SSLv2 and SSLv3 protocols by default (can be enabled via appropriate SSL_CTX_clear_options() call)- use system profile for default cipher list- make FIPS mode keygen bit length restriction enforced only when OPENSSL_ENFORCE_MODULUS_BITS is set - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- new upstream release 1.0.1h- Drop obsolete and irrelevant docs - Move devel docs to appropriate package- new upstream release 1.0.1g - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - fail on hmac integrity check if the .hmac file is empty- pull in upstream patch for CVE-2014-0160 - removed CHANGES file portion from patch for expediency- add support for ppc64le architecture (#1072633)- properly detect encryption failure in BIO - use 2048 bit RSA key in FIPS selftests- use the key length from configuration file if req -newkey rsa is invoked- print ephemeral key size negotiated in TLS handshake (#1057715) - add DH_compute_key_padded needed for FIPS CAVS testing- make expiration and key length changeable by DAYS and KEYLEN variables in the certificate Makefile (#1058108) - change default hash to sha256 (#1062325)- make 3des strength to be 128 bits instead of 168 (#1056616)- fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1- fix CVE-2013-6449 - crash when version in SSL structure is incorrect - more FIPS validation requirement changes- drop weak ciphers from the default TLS ciphersuite list - add back some symbols that were dropped with update to 1.0.1 branch - more FIPS validation requirement changes- fix locking and reseeding problems with FIPS drbg- additional changes required for FIPS validation- disable verification of certificate, CRL, and OCSP signatures using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set- add back support for secp521r1 EC curve - add aarch64 to Configure (#969692)- fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)- do not advertise ECC curves we do not support (#1022493)- only ECC NIST Suite B curves support - drop -fips subpackage- resolve bugzilla 319901 (phew! only took 6 years & 9 days)- make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode- avoid dlopening libssl.so from libcrypto (#1010357)- fix small memory leak in FIPS aes selftest- fix segfault in openssl speed hmac in the FIPS mode- document the nextprotoneg option in manual pages original patch by Hubert Kario- [arm] use elf auxv to figure out armcap.c instead of playing silly games with SIGILL handlers. (#1006474)- try to avoid some races when updating the -fips subpackage- use version-release in .hmac suffix to avoid overwrite during upgrade- allow deinitialization of the FIPS mode- always perform the FIPS selftests in library constructor if FIPS module is installed- add -fips subpackage that contains the FIPS module files- fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes- Perl 5.18 rebuild- additional manual page fix - use symbol versioning also for the textual version- additional manual page fixes- use _prefix macro- Perl 5.18 rebuild- add openssl.cnf.5 manpage symlink to config.5- add relro linking flag- add support for the -trusted_first option for certificate chain verification- fix build of manual pages with current pod2man (#959439)- Enable ARM optimised build- fix random bad record mac errors (#918981)- fix up the SHLIB_VERSION_NUMBER- disable ZLIB loading by default (due to CRIME attack)- new upstream version- more fixes from upstream - fix errors in manual causing build failure (#904777)- add script for renewal of a self-signed cert by Philip Prindeville (#871566) - allow X509_issuer_and_serial_hash() produce correct result in the FIPS mode (#881336)- do not load default verify paths if CApath or CAfile specified (#884305)- more fixes from upstream CVS - fix DSA key pairwise check (#878597)- use 1024 bit DH parameters in s_server as 512 bit is not allowed in FIPS mode and it is quite weak anyway- add missing initialization of str in aes_ccm_init_key (#853963) - add important patches from upstream CVS - use the secure_getenv() with new glibc- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- use __getenv_secure() instead of __libc_enable_secure- do not move libcrypto to /lib - do not use environment variables if __libc_enable_secure is on - fix strict aliasing problems in modes- fix DSA key generation in FIPS mode (#833866) - allow duplicate FIPS_mode_set(1) - enable build on ppc64 subarch (#834652)- fix s_server with new glibc when no global IPv6 address (#839031) - make it build with new Perl- new upstream version- new upstream version- new upstream version fixing CVE-2012-2110- add Kerberos 5 libraries to pkgconfig for static linking (#807050)- backports from upstream CVS - fix segfault when /dev/urandom is not available (#809586)- new upstream release- add obsoletes to assist multilib updates (#799636)- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17 - new upstream release from the 1.0.1 branch - fix s390x build (#798411) - versioning for the SSLeay symbol (#794950) - add -DPURIFY to build flags (#797323) - filter engine provides - split the libraries to a separate -libs package - add make to requires on the base package (#783446)- new upstream release from the 1.0.1 branch, ABI compatible - add documentation for the -no_ign_eof option- new upstream release fixing CVE-2012-0050 - DoS regression in DTLS support introduced by the previous release (#782795)- new upstream release fixing multiple CVEs- move the libraries needed for static linking to Libs.private- do not use AVX instructions when osxsave bit not set - add direct known answer tests for SHA2 algorithms- fix missing initialization of variable in CHIL engine- new upstream release fixing CVE-2011-3207 (#736088)- drop the separate engine for Intel acceleration improvements and merge in the AES-NI, SHA1, and RC4 optimizations - add support for OPENSSL_DISABLE_AES_NI environment variable that disables the AES-NI support- correct openssl cms help output (#636266) - more tolerant starttls detection in XMPP protocol (#608239)- add support for newest Intel acceleration improvements backported from upstream by Intel in form of a separate engine- allow the AES-NI engine in the FIPS mode- add API necessary for CAVS testing of the new DSA parameter generation- add support for VIA Padlock on 64bit arch from upstream (#617539) - do not return bogus values from load_certs (#652286)- clarify apps help texts for available digest algorithms (#693858)- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode- listen on ipv6 wildcard in s_server so we accept connections from both ipv4 and ipv6 (#601612) - fix openssl speed command so it can be used in the FIPS mode with FIPS allowed ciphers- new upstream version fixing CVE-2010-4180- replace the revert for the s390x bignum asm routines with fix from upstream- revert upstream change in s390x bignum asm routines- new upstream version fixing CVE-2010-3864 (#649304)- make SHLIB_VERSION reflect the library suffix- openssl man page fix (#609484)- new upstream patch release, fixes CVE-2010-0742 (#598738) and CVE-2010-1633 (#598732)- pkgconfig files now contain the correct libdir (#593723)- make CA dir readable - the private keys are in private subdir (#584810)- a few fixes from upstream CVS - move libcrypto to /lib (#559953)- set UTC timezone on pod2man run (#578842) - make X509_NAME_hash_old work in FIPS mode- update to final 1.0.0 upstream release- make TLS work in the FIPS mode- gracefully handle zero length in assembler implementations of OPENSSL_cleanse (#564029) - do not fail in s_server if client hostname not resolvable (#561260)- new upstream release- fix CVE-2009-4355 - leak in applications incorrectly calling CRYPTO_free_all_ex_data() before application exit (#546707) - upstream fix for future TLS protocol version handling- add support for Intel AES-NI- upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft- fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS- add better error reporting for the unsafe renegotiation- fix build on s390x- disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot- keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check- update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final.- fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342)- fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION()- fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127)- temporarily disable x86_64 camellia assembler code (#521127)- fix openssl dgst -dss1 (#520152)- drop the compat symlink hacks- constify SSL_CIPHER_description()- fix WWW:Curl:Easy reference in tsget- enable MD-2- update to new major upstream release- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- do not build special 'optimized' versions for i686, as that's the base arch in Fedora now- abort if selftests failed and random number generator is polled - mention EVP_aes and EVP_sha2xx routines in the manpages - add README.FIPS - make CA dir absolute path (#445344) - change default length for RSA key generation to 2048 (#484101)- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 (DTLS DoS problems) (#501253, #501254, #501572)- support compatibility DTLS mode for CISCO AnyConnect (#464629)- correct the SHLIB_VERSION define- add support for multiple CRLs with same subject - load only dynamic engine support in FIPS mode- update to new upstream release (minor bug fixes, security fixes and machine code optimizations only)- move libraries to /usr/lib (#239375)- add a static subpackage- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- must also verify checksum of libssl.so in the FIPS mode - obtain the seed for FIPS rng directly from the kernel device - drop the temporary symlinks- drop the temporary triggerpostun and symlinking in post - fix the pkgconfig files and drop the unnecessary buildrequires on pkgconfig as it is a rpmbuild dependency (#481419)- add temporary triggerpostun to reinstate the symlinks- no pairwise key tests in non-fips mode (#479817)- even more robust test for the temporary symlinks- try to ensure the temporary symlinks exist- new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493)- do not add tls extensions to server hello for SSLv3 either- move root CA bundle to ca-certificates package- fix CVE-2008-0891 - server name extension crash (#448492) - fix CVE-2008-1672 - server key exchange message omit crash (#448495)- super-H arch support - drop workaround for bug 199604 as it should be fixed in gcc-4.3- sparc handling- update to new root CA bundle from mozilla.org (r1.45)- Autorebuild for GCC 4.3- merge review fixes (#226220) - adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)- set default paths when no explicit paths are set (#418771) - do not add tls extensions to client hello for SSLv3 (#422081)- enable some new crypto algorithms and features - add some more important bug fixes from openssl CVS- update to latest upstream release, SONAME bumped to 7- update to new CA bundle from mozilla.org- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) - add alpha sub-archs (#296031)- rebuild- use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys (#250577) - make ssl session cache id matching strict (#233599)- allow building on ARM architectures (#245417) - use reference timestamps to prevent multilib conflicts (#218064) - -devel package must require pkgconfig (#241031)- detect duplicates in add_dir properly (#206346)- the previous change still didn't make X509_NAME_cmp transitive- make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050)- aliasing bug in engine loading, patch by IBM (#213216)- CVE-2006-2940 fix was incorrect (#208744)- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)- set buffering to none on stdio/stdout FILE when bufsize is set (#200580) patch by IBM- rebuild with new binutils (#200330)- add a temporary workaround for sha512 test failure on s390 (#199604)- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) - add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS- rebuild- dropped libica and ica engine from build- update to new CA bundle from mozilla.org; adds CA certificates from netlock.hu and startcom.org- fixed a few rpmlint warnings - better fix for #173399 from upstream - upstream fix for pkcs12- upgrade to new version, stays ABI compatible - there is no more linux/config.h (it was empty anyway)- fix stale open handles in libica (#177155) - fix build if 'rand' or 'passwd' in buildroot path (#178782) - initialize VIA Padlock engine (#186857)- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779)- rebuilt- fix build (-lcrypto was erroneusly dropped) of the updated libica - updated ICA engine to 1.3.6-rc3- disable builtin compression methods for now until they work properly (#173399)- don't set -rpath for openssl binary- new upstream version - patches partially renumbered- updated IBM ICA engine library and patch to latest upstream version- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)- add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (constant time fixes for DSA, bn assembler div on ppc arch, initialize memory on realloc)- Updated ICA engine IBM patch to latest upstream version.- fix CAN-2005-0109 - use constant time/memory access mod_exp so bits of private key aren't leaked by cache eviction (#157631) - a few more fixes from upstream 0.9.7g- use poll instead of select in rand (#128285) - fix Makefile.certificate to point to /etc/pki/tls - change the default string mask in ASN1 to PrintableString+UTF8String- update to revision 1.37 of Mozilla CA bundle- move certificates to _sysconfdir/pki/tls (#143392) - move CA directories to _sysconfdir/pki/CA - patch the CA script and the default config so it points to the CA directories- uninitialized variable mustn't be used as input in inline assembly - reenable the x86_64 assembly again- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken - disable broken bignum assembly on x86_64- reenable optimizations on ppc64 and assembly code on ia64 - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed - added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903)- libcrypto shouldn't depend on libkrb5 (#135961)- rebuild- new upstream source, updated patches - added patch so we are hopefully ABI compatible with upcoming 0.9.7f- Support UTF-8 charset in the Makefile.certificate (#134944) - Added cmp to BuildPrereq- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)- rebuild- rebuild- rebuild- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)- Include latest libica version with important bugfixes- rebuilt- Updated ICA engine IBM patch to latest upstream version.- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)- handle %{_arch}=i486/i586/i686/athlon cases in the intermediate header (#124303)- add security fixes for CAN-2004-0079, CAN-2004-0112- Fixed libica filespec.- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix the intermediate header- add an intermediate which points to the right arch-specific opensslconf.h on multilib arches- rebuilt- Updated libica to latest upstream version 1.3.5.- Update ICA crypto engine patch from IBM to latest version.- rebuilt- rebuilt- Fixed libica build.- add "-ldl" to link flags added for Linux-on-ARM (#99313)- updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root- Fix link line for libssl (bug #111154).- add dependency on zlib-devel for the -devel package, which depends on zlib symbols because we enable zlib for libssl (#102962)- Use /dev/urandom instead of PRNG for libica. - Apply libica-1.3.5 fix for /dev/urandom in icalinux.c - Use latest ICA engine patch from IBM.- rebuild- rebuild (22 wasn't actually built, fun eh?)- re-disable optimizations on ppc64- add a_mbstr.c fix for 64-bit platforms from CVS- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged as not needing executable stacks- rebuild- re-enable optimizations on ppc64- remove exclusivearch- only parse a client cert if one was requested - temporarily exclusivearch for %{ix86}- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) and heap corruption (CAN-2003-0545) - update RHNS-CA-CERT files - ease back on the number of threads used in the threading test- rebuild to fix gzipped file md5sums (#91211)- Updated libica to version 1.3.4.- rebuild- free the kssl_ctx structure when we free an SSL structure (#99066)- rebuild- lower thread test count on s390x- rebuild- disable assembly on arches where it seems to conflict with threading- Updated libica to latest upstream version 1.3.0- rebuild- rebuild- ubsec: don't stomp on output data which might also be input data- temporarily disable optimizations on ppc64- backport fix for engine-used-for-everything from 0.9.7b - backport fix for prng not being seeded causing problems, also from 0.9.7b - add a check at build-time to ensure that RSA is thread-safe - keep perlpath from stomping on the libica configure scripts- thread-safety fix for RSA blinding- rebuilt- Added libica-1.2 to openssl (featurerequest).- fix building with incorrect flags on ppc64- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's attack (CAN-2003-0131)- add patch to enable RSA blinding by default, closing a timing attack (CAN-2003-0147)- disable use of BN assembly module on x86_64, but continue to allow inline assembly (#83403)- disable EC algorithms- update to 0.9.7a- add fix to guard against attempts to allocate negative amounts of memory - add patch for CAN-2003-0078, fixing a timing attack- Add openssl-ppc64.patch- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), to get the right behavior when passed uninitialized context structures (#83766) - build with -mcpu=ev5 on alpha family (#83828)- rebuilt- Added IBM hw crypto support patch.- add missing builddep on sed- debloat - fix broken manpage symlinks- fix double-free in 'openssl ca'- update to 0.9.7 final- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)- add configuration stanza for x86_64 and use it on x86_64 - build for linux-ppc on ppc - start running the self-tests again- Merge fixes from previous hammer packages, including general x86-64 and multilib- rebuild- update asn patch to fix accidental reversal of a logic check- update asn patch to reduce chance that compiler optimization will remove one of the added tests- rebuild- add patch to fix ASN.1 vulnerabilities- add backport of Ben Laurie's patches for OpenSSL 0.9.6d- own {_datadir}/ssl/misc- automated rebuild- automated rebuild- free ride through the build system (whee!)- rebuild in new environment- merge RHL-specific bits into stronghold package, rename- add support for Chrysalis Luna token- disable AEP random number generation, other AEP fixes- only build subpackages on primary arches- on ia32, only disable use of assembler on i386 - enable assembly on ia64- fix sparcv9 entry- upgrade to 0.9.6c - bump BuildArch to i686 and enable assembler on all platforms - synchronise with shrimpy and rawhide - bump soversion to 3- delete BN_LLONG for s390x, patch from Oliver Paukstadt- update AEP driver patch- adjust RNG disabling patch to match version of patch from Broadcom- disable the RNG in the ubsec engine driver- tweaks to the ubsec engine driver- tweaks to the ubsec engine driver- update ubsec engine driver from Broadcom- move man pages back to %{_mandir}/man?/foo.?ssl from %{_mandir}/man?ssl/foo.? - add an [ engine ] section to the default configuration file- add a patch for selecting a default engine in SSL_library_init()- add patches for AEP hardware support - add patch to keep trying when we fail to load a cert from a file and there are more in the file - add missing prototype for ENGINE_ubsec() in engine_int.h- actually add hw_ubsec to the engine list- add in the hw_ubsec driver from CVS- update to 0.9.6b- move .so symlinks back to %{_libdir}- move shared libraries to /lib (#38410)- switch to engine code base- add a script for creating dummy certificates - move man pages from %{_mandir}/man?/foo.?ssl to %{_mandir}/man?ssl/foo.?- add s390x support- change two memcpy() calls to memmove() - don't define L_ENDIAN on alpha- Add 'stronghold-' prefix to package names. - Obsolete standard openssl packages.- Add BuildArch: i586 as per Nalin's advice.- Enable assembler on ix86 (using new .tar.bz2 which does include the asm directories).- make subpackages depend on the main package- adjust the hobble script to not disturb symlinks in include/ (fix from Joe Orton)- drop the m2crypo patch we weren't using- configure using "shared" as well- update to 0.9.6a - use the build-shared target to build shared libraries - bump the soversion to 2 because we're no longer compatible with our 0.9.5a packages or our 0.9.6 packages - drop the patch for making rsatest a no-op when rsa null support is used - put all man pages into
ssl instead of
- break the m2crypto modules into a separate package- use BN_LLONG on s390- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)- move c_rehash to the perl subpackage, because it's a perl script now- update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0- change hobble-openssl for disabling MD2 again- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it- disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)- fix s390 patch- added support s390- remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage- always build with -mcpu=ev5 on alpha- add a symlink from cert.pem to ca-bundle.crt- add a ca-bundle file for packages like Samba to reference for CA certificates- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)- add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4- fix some issues in building when it's not installed- make sure the headers we include are the ones we built with (aaaaarrgh!)- add Richard Henderson's patch for BN on ia64 - clean up the changelog- fix the building of python modules without openssl-devel already installed- byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) by marking them as .PRECIOUS- break out python extensions into a subpackage- tweak the makefile some more- disable MD2 support- disable MDC2 support- tweak the disabling of RC5, IDEA support - tweak the makefile- strip binaries and libraries - rework certificate makefile to have the right parts for Apache- use %{_perl} instead of /usr/bin/perl - disable alpha until it passes its own test suite- move the passwd.1 man page out of the passwd package's way- update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - move certificate makefile to another package - disable RC5, IDEA, RSA support - remove optimizations for now- Bero told me to move the Makefile into this package- add lib*.so symlinks to link dynamically against shared libs- update to 0.9.5 - run ldconfig directly in post/postun - add FAQ- Fix build on non-x86 platforms- move /usr/share/ssl/* from -devel to main package- inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS 1:1.1.1k-12.el8_91:1.1.1k-12.el8_9CAcertscrlnewcertsprivateCA.plc_rehashtsgettsget.plCA.pl.1ssl.gzc_rehash.1ssl.gzopenssl-tsget.1ssl.gztsget.1ssl.gz/etc/pki//etc/pki/CA//usr/bin//usr/share/man/man1/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryPerl script text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRutf-8d7742f547c4411060bcea0b0031782aa59ea9bcef1164c9c1494d691ff28185b?07zXZ !#,{S=] b2u jӫ`(y/;C-)s mx3 /UBnNIWys2(Z鄉DlLFSfGH~{fFFJi&#Z*̧=^TlτC}ΌSroJ~8O[()^4M  ޾n,+LRfGVFY#-}`؇e{INRlD_+Msx 7@؁S|:CQOb"?{Ip 7U0P!l#GXb[`.2Rߨ5EuD8X 9OG[}/x\2*~mc`IzV-M1,drlrT"+d4\o:9m3ſԓ+ccL I d&lq$i"n& Afsnk红&s.F1ۥE6Δ[jO^bC`&VJtJkR TR1v>i,i+ %(V8[T,B*82?dKMm8.~Ѩ|* z;+kdKvCeϝE[7Y>Ic##$qj ;PpDI3 q}+QB 0eTp/Ɂ$2۴PYTĨ̛AR솑~=HPoҼŠ$/5fz z03#rkROIN46Y^o9uk]~ÁV|DBEKDv,^ i+pCqn-=))Vm }lrA"sPdsPK[Lp<}Ǿ:ZpaRRbW!9 ֝2|=y 콥q6 jtymKg(=k&%vWFC˙<| m#o7ۦ?>>]Ms6Y*>|  oxv^,+־)|w򴎕eh[FI²4eB)A?OEMWiª\--dxWC<+ `MI!t!$OrfX|͕ٿ"h?Gm ڑ%\ԢˊFZkmޔ/ аCK])us*dj'A=*v'=6@(:.ʏ*KEH\H b56l#?V3]`Y#׵^- P93D?ky)'޼ k{L=e\KI Uv =N^t)| ]?G3DŽS:+RiT~V~|'CW7smś N2`jЍpIWrˮ{M:4ې};6! ?VT=j;M}ZqAlO4ax2YyZwг-|[a@]'U뀂_/{ {qlJiwȫ2 9wxKc*UDHTB~\bMh!SJɳ}P]g,G뵒uD @U|^7VaHMjy(=]wIh4 rS洖J˼ꤓ%Ϣ5<ΌW3g)9s<%52\U|Ϣ g^5R MG JfR(;+"KR=E~5M"X/u7fmB0&X3;dAlp|B@39v=3o ^}m&v,WM۟ӽzP 0(JHV4"=âEjJ}@D<pidj# oΣC`FfC8`Jdu!τ@jlԺiҦ3d( g'/F셟^U>Y~2^FdWvfJэxGozki|ĉlC?2Q^6w]_/ r3J:؋ٴ[et^Nn\T :^zRwj !Y^X{$/-Ֆgo"NE@g5͏BЇmV#RiZGrwKhg߇ۏ[D7/c:!`m9n**|_J$s04Ќ3vn$dْe<b~s&+4rY%3pX/ф'>AoVI| md;0C=R{W Nj~Of9=G,+304c3̟.u Iy$SU(}Y6.߼ĝ 15Y|G_q`b=⸚dr}[7]Ӹ!cb:ucL]vhZKD"jL/La  iQ;t hA "&:[HY7ārj"C 8oXbƈ K&Q主D$̏xoAx9("Y}%${Ȥsϣ;z, T2" KΖt4U4(EqzDzjiM9)xLFI٘K48 Ǿ50]xJ[e/.ć#"/* "+(=[fkx(x2esw$? rG-m WzJ~oT#q?a"}ϱK%H" 9C;S\ƨψ`.Zn+[\=mBy:%vf |/8eg.}b-+USlt1[_tPlt%o UA{;'"/l9O~{dj"ܒ~@WlKee,3頸{O'fJsn׆=|R^ Ve=)xYw+{QW| ꊴ#s } bRFAY?bX[Iz+n zk9$bYӊ|NdM£aԁоO\'eNDu|4'(VD#Y Zv34/]8t`bqX7|UԞVN.bugƂqp`?H?B:Gy-2h50(y8ʉVSC[$PdYD]W9-_Zd8}Y<s,CSz*rk4_˙GB:2=BܖS* 7BlR!WklHz(42Y$4mRN{~Pw eןrV WrZ_ܐ!KeBxՀ)B/)Ӎ̌rߺ/S\pUI_xv開|eP!urL>vX۲# ri$~.5\ ?Π8᳥:Iuyjv9?y_]#82l,9LmJ p`d3ҾQI6Lg\5rڢYTwrD;iދ`XIJ1AyS{P?" KfG1oU#V:-|ʤݑ bP){.M<ݏg8|jL2ٙ^*sGgG~[.c3+)"˾K0/mT}p Ч.xf-#v#,{XBRF]jd{&-r*0͓ (AW_0D*02`_^{ſjm_SAv$JaY/ma㑡O˒4-%^ {꾀|ûwbwNs>a{oQ@*Ha[e,-GJ$]JB!n)ZAQ|޾S98+sWn&-ʤzΉݬl:P+%cvk/E3Md9ѭ:WEqLN EqY`}pXHE6" |Dϛ͉͛\ňU3/̗ 35 RM43cSffc_F>=4:wZ['XR n]PSd:KӿnA{< :?2jd;I½]@w2 dST#lW/#k澵6l$^shڭAcd'bOtE#(HMĶ (I:T:š'QOe{{־ |Vl$ȲX,QRI㵤_K}B=FY\gz߃i 7!W=y-UjL#:*5k*荌!%Xyy"mu)@Cwy+6]ء;fh 9eVnaĥjFlMKhPkeJA?稰]|Ew#9\jmԩҴMV霢Ưꚬ#84;EHn=_Og0i6.,b1%RĖˁXfN~c\6ݜ@X'@dLr@xeUnuU.]A=gQ0NA[84aXk̈띚!LcM,1O!P cC&& ^0CW_2XbCԸdѿa"aKQσ-qTs )& >d~JӚpAx+OşD }i+U=kT6v=fnJ#J`>DKE:hX>$4ԐX,Ic_Sy0!}b .޸v8뗣S;eok,Vje ZS/:6(IS5eǻϗ?aih}\v-A9Q@+dKɾP'= C_Zݭʹ:N/¥S M=s5BԈ_,,)tRd4H{ =sO京B dBy|̐ҏq0l!ٟDBK]ڥWn ՛ j, @qUZ#8`lA9Q*ˮl\m`:3P}+آq嫼44Vm58Q+#/` NM1iIߑѿAdP^_dˡm1̥0 .x˴#L&p1aqسz}KbWY2n=mz3u \3s%q=@\ ) #5)-\n(Uk)SK堾W!Ì,)'0!x+-Ѡ_äbUhVTZǵY7>gxC$ lgo6r&Xy{>;aw%48r^S /lt /smp`G cƇU,AZ+eto7;bb;渷^S/͊9V vٌ߬Xʣ5bW1Ə¯;y3YN09w+ZxܭYA_/1WԢdΥҕFBX ͇^PDƷcZCb,V Hp_801 Hӹ7nБD,U R:la~M?M<fjCM%q0g#,=IqJv/0\C`]Bڇge sqUp$]}L$u{~,1vvs1AެH jScV93|]jW]M8oa͝m6.:V"RhE0723ef'2}++RMTMÈ g_za q("kZ9-@QO,y@2^g0S iKl֓岨ty -P}B ]60,Jb 1O0ԩ: e%5\|>'e,)42BprxSO4nn\zӅF q@N%Jc[@ 4vu_aIO9g/MH[ m{J qD@"3@t0 4z gNФOFz"!仞 h`p~fǺ3gLnML dO1Eurb5iM16Am*As(i;3SAkH[,ZAMnQ/G Uz3AL(7ԃKo^!_/O;4U;pSNlp>c՗j Em^I,AbIœy2IJ\q+*^4M:[w)dA-0QL 5Hzg@F +)I="ңi_u$NX8b[dzi av26v2A{ơjH `R5 $aA%@ZhO+;zu8CMucDMCc 62b $@` S?ǐ L9p?(*P$L98xJi*@Q!x! _7:j"b*cug1'LkAM<"`]A^8 FB濸DLBjs;ẙ. ߿T隈@h*~hՆc'}BJR[g[4ǀ8`H{l(>ƾ2?;ȗpy]bw18*bq 4ʽJ))Bd!F cPct]ϷN_# U5UdK`zR9&_@ߛѴYʳ]NܼO,Urm}nn=Ve>>raیS5խgl?G@;8u)eΫp:3 ms욑LN2!qGl{"P0 o!iaz# u{T^U ߿ 968K9 e(/~zab#sa!h@Ҧ eWn6}'."-`7M0kXMCo\/ϗ*-/!|9(@7jEJc*LҮF c/p)ÂMk%ԍ(6hF6^cʎ&,!%4 / =_]vm|q3䔰K\jx&"aN(#x?r}3͈AgT1DCH9rS5j)s QpJ6 rVtU&~R=c)&Jk߇9dL 8#t&SIӒX!r,ԘMwqZW&_wvqxMT&Qa ܻeS( 2Y,ͳjhJciX!beAkmXV9li )b`MDp575A3{K#b8xѸsx/D-ϐvl)kHq/~6łn7Qr`=37X6 [9{.shG|ar`E $\=Wsr-O6IL)Y8¶̘bqL=L_K' >.4*>Fݿ_ټ<UW }cpsH+7n5`Vu/ 9Fr? B%}N6 $572ly TPE-}&"D. ML'CC_XvgPrΘȶ -HP-蟏s>]SRp>DzArEbvx3ӃN])s/{v+vE r/]fA6)JzkIYrim 5E&Su`E)=&oF)EƫY7S(W/x ؚE4'Bʀu;dC*=ܝ#4Zaeր5{a#UWU)yk!dVπ_l eI5D_& }͚PL0LÔJi}]G9:A!4lv݀~;oKK#  *Ҥa`9P6Ĭ%1SPǿPCk?REe7BP"-YiT lc`4BXSP0MǁfqKHЋuUKL;i߁㔕MFrBǟob/gR|v4Vu' -y_Vޛ-ZJz *Q,Ͻ-pYkK!Iz;}DCwS ܧrA(A!Z$T[TTe#Jboz栙hUm)\O.w:92DL?;ژE~a' *$-t~ߡs4TB^)`H< Sw|ȉM'mW?+YeP_ 8s4p{Nһ@{X{ٞl/?YsUXx XjLoWs"gf\Wq>N&䀟:OtVHևc᪞qŖ*: $37CKB[ ?W7PObP8>{L?Y9ѕVn6@ 4Hr_/硋"G?`n3Rk8Dgl{9ȧ^:"M'-)d]hU2 t<8I/;Ɔ9̶&ډ`gI4_}Č /R8SӴNd7G3V8Uz\REyx*}6\,F#e>[2 qS&|94o[=of z7t〬1yK !-_?3F1-.ԝ}ت&.l:"{)ȫf }Qe|R8jᣑ-0ŕ@I f{>{RXZ @`f؊+#G1WrP_" OE[EXy՘%K2o#5k!J.*:38Ki:ilb:m* (jڽaQlIk@sT7䣑G:N:Vnɘk/&M, բ#F?&sJx&Ff*!{{ϲAOGW:\_fHgë_0wlLT̅T7J}0 euKXsmz,#E202e!E'$ wz.}/CQ#CskUgTo/۟1^EYzڇ _q%mtۆD&.FmpąMJtRd4* F%\Wp't gqے" g{;8f"XgmVՠFc}m`r ȧ*yD"$/#{zAq m?Ը3 |7K,m %%dBo7IpX ̀9z\5PZ2˛ <\!݄*12]քHXmLi+3J@<څ~af E}E^P^k][!JQD<3I-Z>_UY|#~#% -ӂ"Y38F'ge DUIm.!FW* Ar|2#z} wZ pGSeSF-h'% %sj{E{@8xG{Gj+ ؊$N{fcWcUp0K3$ NJO2q/2Pd۶t$*3l,l $q9` /5!eǸ>Kѩ&%Y^SIOcf2 s'`ƌ?BL/&è04u3&P #(8`kaqؘx ganos\rNBQ͐DpCᓋ)2Rj2U p l>XH(>9y3yRL_Dt WgVJk \DWgߍ&:*U[RkL=IoC֌ztyFĻelkk]ܽ:N)FV/Ods']_ -sRշm7*6 HReF"W=6$) {0r{PU3 B_^,1pZJ^U@.'̽*՝M`"Ot jh n_iRҷH+b=='k$aO=^w%:h4ky HBiyO` A mGH A-Rc8rmQq;I:y-וn(pKͅ 'r>>8F5ػS: }կ ;d~3ye`4mJ-zAJCK*FJ,=Ҳ=ˊ>#ߵ>rNj/vɬ4-Z6w5΁_ٕ>oTB/A:UH.ܷt^ѫrc/'Zԛuw]GAڕ'$U!` #RKD4ۃg0-/"^1NS.Nz`A"8iѭAׁ{!* YZ