nss-softokn-freebl-devel-3.101.0-7.el8_10 > 6 6_6 3!pQp)Tξ7]mtZ`fU ]mtZ`]:98HNDq+ S[u;lhH1zsV#Vs*Wȣ;>ڬ{[̽MO&WI O~!˲7f\_ژ@K\$PL9M'efDޏBδw6Bh5acgS,HiT˅e_TD0n QM]҆ X7MTS˪" t:% 5(N_%O`c';5aH3z6xUUv3郴OxBnAq<ˠXmwI=Sm0RiW iʀ~X"Jʛ/:X|$9 Ť=ŰX))CGlqvSLnJ&XFf/;!Pv"MyTHGMk ,iOݲJ15O0)iŵ˗ᩘg͋}Bx0coSp&$4 ڠ>p9?xd# , { $)/7 Ua     *HdP(}89 :_GxHIXY\]^Wbvdefltuv(,2tCnss-softokn-freebl-devel3.101.07.el8_10Header and Library files for doing development with the Freebl library for NSSNSS Softoken Cryptographic Module Freebl Library Development Tools This package supports special needs of some PKCS #11 module developers and is otherwise considered private to NSS. As such, the programming interfaces may change and the usual NSS binary compatibility commitments do not apply. Developers should rely only on the officially supported NSS public API.f\ord1-prod-a64build001.svc.aws.rockylinux.org OKojiRockyMPLv2.0infrastructure@rockylinux.orgUnspecifiedhttp://www.mozilla.org/projects/security/pki/nss/linuxaarch64(;p2  O Nfc4fc4fc4fc4fc4fc4fa790184d9a90b8a3994aba4aad22b0ea752a3796f2d7bd0e7f32aba78478fb2d6bcfb3cc9f08841821c58832a90c3a36af073633195eacf738858cfe37311d4e9e070ddbcd13e6b9b0df1e1f33e097714a17d39e68cdb47ca38c960f10261d568826ed56865726f7a45ccc3695d324d2022c783440c915c5c277a738316e0c7ac5c01a374f357412f29c2a584ca9fb2c884d61b7f76126486b5fd22399d3fa8b19323ad25f2dead60960cbd421dd55a450c096c5d878e811061c0994f0df93335c23daf7a71e184048067d2c710a4704a7b40f3ee25dbff0902c85ec250e82ca4rootrootrootrootrootrootrootrootrootrootrootrootrootrootnss-3.101.0-7.el8_10.src.rpmnss-softokn-freebl-develnss-softokn-freebl-devel(aarch-64)nss-softokn-freebl-static    nss-softokn-freebl(aarch-64)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.101.0-7.el8_103.0.4-14.6.0-14.0-15.2-14.14.3fKfxff@fqvf@e@e@epb@e\d˖d\@d\@dxb@b@bγby@bba@blbbb@a@@`E`ݮ@` @`ٹ`̊`9@`Ȗ@`D`r_@_^@___@__"@_"@_"@_!d_@_ L_ _@^^@@^@^ۅ@^4]N@]]߶]e@]M@]µ]L]]^@\F@\Q\\\\\\@\I\I\U@\ `\l@[[[u[#@[[W[O+[M@[ZZw@Z|;Zo Zo Zg#Z ZZZ@Y+@Y{YY@Yn@YV@Y@YyYm@Yg`YJ_Y1S@XX@XX @XXYX@X@XX~@Xx@XoX>@X*X@WW@Wt@W~Wv[@WrfWoWm WbWQq@WPWJWDB@W4p@W@Wo@W@VV޾V޾V@VяVIVɦV@V@V=@V@V@VO @VHsVEV3[V UYU@UU@U@U>Ua@Ug@U[%UUU @T@Ts@TTء@T@TÉ@TT@T@T?@T:m@T"@S@S<@S@S@S @SSSSpShS(5@S@SRy@RJ@R@RR@RSRR@Rm@Rg@RD!R@RRR|Q@Q*@QQ@QKQ@QQW@Qw@Q]k@QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.101.0-7Bob Relyea - 3.101.0-6Bob Relyea - 3.101.0-3Bob Relyea - 3.101.0-2Bob Relyea - 3.101.0-1Frantisek Krenzelok - 3.90.0-7Bob Relyea - 3.90.0-6Bob Relyea - 3.90.0-5Bob Relyea - 3.90.0-4Bob Relyea - 3.90.0-3.1Bob Relyea - 3.90.0-3Bob Relyea - 3.90.0-2Bob Relyea - 3.90.0-1Bob Relyea - 3.79.0-11Bob Relyea - 3.79.0-10Bob Relyea - 3.79.0-9Bob Relyea - 3.79.0-8Bob Relyea - 3.79.0-7Bob Relyea - 3.79.0-6Bob Relyea - 3.79.0-5Bob Relyea - 3.79.0-4Bob Relyea - 3.79.0-3Bob Relyea - 3.79.0-2Bob Relyea - 3.79.0-1Bob Relyea - 3.67.0-7Bob Relyea - 3.67.0-6Bob Relyea - 3.67.0-5Bob Relyea - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1.1Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-17Bob Relyea - 3.53.1-16Bob Relyea - 3.53.1-15Bob Relyea - 3.53.1-14Bob Relyea - 3.53.1-13Bob Relyea - 3.53.1-12Bob Relyea - 3.53.1-11Bob Relyea - 3.53.1-10Daiki Ueno - 3.53.1-9Daiki Ueno - 3.53.1-8Bob Relyea - 3.53.1-7Daiki Ueno - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Daiki Ueno - 3.53.0-1Bob Relyea - 3.44.0-15Bob Relyea - 3.44.0-14Bob Relyea - 3.44.0-13Daiki Ueno - 3.44.0-12Bob Relyea - 3.44.0-11Daiki Ueno - 3.44.0-10Bob Relyea - 3.44.0-9Bob Relyea - 3.44.0-8Daiki Ueno - 3.44.0-7Daiki Ueno - 3.44.0-6Daiki Ueno - 3.44.0-5Bob Relyea - 3.44.0-4.1Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Bob Relyea - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.41.0-5Bob Relyea - 3.41.0-4Daiki Ueno - 3.41.0-3Daiki Ueno - 3.41.0-2Daiki Ueno - 3.41.0-1Daiki Ueno - 3.39.0-1.5Bob Relyea - 3.39.0-1.4Daiki Ueno - 3.39.0-1.3Daiki Ueno - 3.39.0-1.2Daiki Ueno - 3.39.0-1.1Daiki Ueno - 3.39.0-1.0Daiki Ueno - 3.38.0-1.2Daiki Ueno - 3.38.0-1.1Daiki Ueno - 3.38.0-1.0Kai Engert - 3.36.1-1.2Daiki Ueno - 3.36.1-1.1Daiki Ueno - 3.36.1-1.0Daiki Ueno - 3.36.0-1.0Fedora Release Engineering - 3.35.0-5Kai Engert - 3.35.0-4Kai Engert - 3.35.0-3Daiki Ueno - 3.35.0-2Daiki Ueno - 3.34.0-2Daiki Ueno - 3.33.0-6Kai Engert - 3.33.0-5Kai Engert - 3.33.0-4Kai Engert - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.32.1-2Daiki Ueno - 3.32.0-4Kai Engert - 3.32.0-3Daiki Ueno - 3.32.0-2Fedora Release Engineering - 3.31.0-6Fedora Release Engineering - 3.31.0-5Daiki Ueno - 3.31.0-4Daiki Ueno - 3.31.0-3Daiki Ueno - 3.31.0-2Daiki Ueno - 3.30.2-3Daiki Ueno - 3.30.2-2Kai Engert - 3.30.0-3Daiki Ueno - 3.30.0-2Kai Engert - 3.29.1-3Daiki Ueno - 3.29.1-2Daiki Ueno - 3.29.0-3Daiki Ueno - 3.29.0-2Daiki Ueno - 3.28.1-6Daiki Ueno - 3.28.1-5Daiki Ueno - 3.28.1-4Daiki Ueno - 3.28.1-3Daiki Ueno - 3.28.1-2Daiki Ueno - 3.27.2-2Daiki Ueno - 3.27.0-5Kai Engert - 3.27.0-4Daiki Ueno - 3.27.0-3Daiki Ueno - 3.27.0-2Daiki Ueno - 3.26.0-2Elio Maldonado - 3.25.0-6Elio Maldonado - 3.25.0-5Elio Maldonado - 3.25.0-4Elio Maldonado - 3.25.0-3Elio Maldonado - 3.25.0-2Kamil Dudka - 3.24.0-3Elio Maldonado - 3.24.0-2.3Elio Maldonado - 3.24.0-2.2Elio Maldonado - 3.24.0-2.1Elio Maldonado - 3.24.0-2.0Elio Maldonado - 3.23.0-9Elio Maldonado - 3.23.0-8Elio Maldonado - 3.23.0-7Elio Maldonado - 3.23.0-6Elio Maldonado - 3.23.0-5Elio Maldonado - 3.23.0-4Elio Maldonado - 3.23.0-3Elio Maldonado - 3.23.0-2Elio Maldonado - 3.22.2-2Elio Maldonado - 3.22.1-3Elio Maldonado - 3.22.1-1Elio Maldonado - 3.22.0-3Elio Maldonado - 3.22.0-2Fedora Release Engineering - 3.21.0-7Elio Maldonado - 3.21.0-6Michal Toman - 3.21.0-5Elio Maldonado - 3.21.0-4Elio Maldonado - 3.21.0-3Elio Maldonado Batiz - 3.21.1-2Elio Maldonado - 3.20.1-2Elio Maldonado - 3.20.0-6Elio Maldonado - 3.20.0-5Elio Maldonado - 3.20.0-4Elio Maldonado - 3.20.0-3Elio Maldonado - 3.20.0-2Elio Maldonado - 3.19.3-2Elio Maldonado - 3.19.2-3Kai Engert - 3.19.2-2Kai Engert - 3.19.1-2Kai Engert - 3.19.0-2Kai Engert - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.17.4-5Till Maas - 3.17.4-4Elio Maldonado - 3.17.4-3Elio Maldonado - 3.17.4-2Elio Maldonado - 3.17.4-1Ville Skyttä - 3.17.3-4Elio Maldonado - 3.17.3-3Elio Maldonado - 3.17.3-2Elio Maldonado - 3.17.3-1Elio Maldonado - 3.17.2-2Elio Maldonado - 3.17.2-1Kai Engert - 3.17.1-1Kevin Fenzi - 3.17.0-2Elio Maldonado - 3.17.0-1Fedora Release Engineering - 3.16.2-4Elio Maldonado - 3.16.2-3Tom Callaway - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.16.1-4Fedora Release Engineering - 3.16.1-3Jaromir Capik - 3.16.1-2Elio Maldonado - 3.16.1-1Elio Maldonado - 3.16.0-1Elio Maldonado - 3.15.5-2Elio Maldonado - 3.15.5-1Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Peter Robinson 3.15.4-2Elio Maldonado - 3.15.4-1Elio Maldonado - 3.15.3.1-1Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-7Elio Maldonado - 3.15.1-6Elio Maldonado - 3.15.1-5Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-1Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.15-0.1.beta1.2Elio Maldonado - 3.15-0.1.beta1.1Kai Engert - 3.14.3-12Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- fix cms abi breakage - fix long password issue on pbmac encodings- fix param encoding in pkcs12 pbamac encoding - add support for certificate compression in selfserv and tstclient- Fix missing and inaccurate key length checks - Fix chacha timing issue- Fix MD-5 decode issue in pkcs #12 - turn off policy processing for pkcs12 and smime - update the restore defaults for pkcs12- Rebase to NSS 3.101- Allow for shorter ecdsa signatures by padding them to full length- Fix ecc DER wrapping.- Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes- FIPS review changes - add PORT_SafeZero to avoid compiler optimizing a way zeroing memory. - update the indicators for this release - allow hashing of longer than int32 values in a single PKCS #11 call.- Fix expired certs in tests - Fix CVE-2023-5388- add indicators for pbkdf2 - add camellia to pkcs12 doc files - fix ems policy bug - disable ech- fix the change log- rebase to NSS 3.90- Fix CVE-2023-0767- Fix QA found failures: - remove extra '+' from sslpolicy.txt file causing test error values - only use GRND_RANDOM if the kernel is in FIPS mode.- FIPS 140-3 changes- Update fips default for pk12util to AES rather than TDES - Fix bug in pkcs12 files with null passwords- Better fix for test regressions- fix nss.spec so it works in a rhel-8.1.0 buildroot- FIPS 140-3 changes - Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject signature keys by policy - Allow applications to retrigger selftests on demand.- Fix pkgconfig output- NSR Coverity fix changed selfserv from passive to active, change it back- Fix regressions found in test suites.- Rebase to NSS 3.79 - Set FIPS Module ID - skip attribute verification on attributes with default values - don't export trust objects if they are default trust objects from dbm - add dbtool to nss-tools- Fix CVE 2021 43527- Fix ssl alert issue- Fix issue with reading databases that were updated using unpatched versions of nss- Better fix for the sdb timeout. The issue wasn't a race, it was the sqlite timeout waiting to begin a transaction under heavy thread usage.- Fix sdb race condition- Fix coverity issues- Rebase to NSS 3.67- Restore old pkcs12 defaults.- build nss for older nspr so we can pass gating with the new nspr in the build root- Rebase to NSS 3.66- Fix various corner cases with ike v1 app b support.- Fix the following CVE - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC.- Revert some policy changes the generate ABI runtime issues.- Add support for enable/disable in policy. Now if your policy file has disallow=x enable=y it will act just like our other libraries.- Add OAEP interface so applications can wrap keys with RSA-OAEP rather than RSA-PKCS-1.- fips need to reject small primes even if they are approved - code to autodetect whether or not to use the cache needs to do so in a way that doesn't mess with filesystem negative file caching. - add kdf selftests- Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8)- Disable dh timing test because it's unreliable on s390- Explicitly enable upgradedb/sharedb test cycles- Disable Delegated Credentials for TLS- Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked.- Update nss-rsa-pkcs1-sigalgs.patch to the upstream version- Include required checks for dh and ecdh key generation in FIPS mode.- Add better checks for dh derive operations in FIPS mode.- Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417)- Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945)- Update to NSS 3.53.1- Update to NSS 3.53- Fix swapped CMAC PKCS #11 values. - Fix data alignment crash in CMAC.- Fix coverify scan issue- Fix endian problem in SP-800 108 code.- Install cmac.h required by blapi.h (#1764513) - Fix out-of-bounds write in NSC_EncryptUpdate (#1775913)- Add SP-800 108 Generalized kdf- Check policy against hash algorithms used for ServerKeyExchange (#1730039)- Add CMAC- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE*_DERIVE mechanism.- Backport fixes from 3.44.1- Add continuous RNG test required by FIPS - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism- Rebuild with the correct build target- rebuild to try to retrigger CI tests- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set - Revert the change to use XDG basedirs (mozilla#818686)- Add ike mechanisms in softokn - Add FIPS checks in softoken- Update to NSS 3.44 - Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy - Use %autosetup - Clean up manual pages generation - Clean up %check - Remove prelink dependency, which is not available in RHEL-8 - Remove upstreamed patches- Update manual pages to reflect recent changes in commands- Make sure corresponding public keys are created when importing private keys.- Fix the last change - Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons- Restore LDFLAGS injection when linking DSO- Update to NSS 3.41 - Consolidate nss-util, nss-softokn, and nss into a single source package- Fix the last commit- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854 - Document PKCS #11 URI - Add warning when adding module with modutil while p11-kit is enabled- Update nss-dsa.patch to not advertise DSA signature algorithm - Update PayPal test certs for testing- Backport "DSA" keyword in crypto-policies- Update to NSS 3.39- Fix LDFLAGS injection when linking DSO- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules - Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7 - Use %ldconfig_scriptlets - Remove needless use of %defattr, by Jason Tibbitts- Update to NSS 3.38- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875- Switch the default DB type to SQL - Enable SSLKEYLOGFILE- Update to NSS 3.36.1 - Remove nss-3.14.0.0-disble-ocsp-test.patch - Fix partial injection of LDFLAGS - Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream- Update to NSS 3.36.0 - Add gcc-c++ to BuildRequires (C++ is needed for gtests) - Make test failure detection robuster- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Fix a compiler error with gcc 8, mozbz#1434070 - Set NSS_FORCE_FIPS=1 at %build time, and remove from %check.- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401- Update to NSS 3.35.0- Update to NSS 3.34.0- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka- Fix test script- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package).- rhbz#1505487, backport upstream fixes required for rhbz#1496560- Update to NSS 3.33.0- Update to NSS 3.32.1- Update iquote.patch to really prefer in-tree headers over system headers- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449- Update to NSS 3.32.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Backport mozbz#1381784 to avoid deadlock in dnf- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation- Rebase to NSS 3.31.0- Enable gtests- Rebase to NSS 3.30.2 - Enable TLS 1.3- Backport upstream mozbz#1328318 to support crypto policy FUTURE.- Rebase to NSS 3.30.0 - Remove upstreamed patches- Backport mozbz#1334976 and mozbz#1336487.- Rebase to NSS 3.29.1- Disable TLS 1.3, following the upstream change- Rebase to NSS 3.29.0 - Suppress -Werror=int-in-bool-context warnings with GCC7- Work around pkgconfig -> pkgconf transition issue (releng#6597)- Disable TLS 1.3 - Add "Conflicts" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1 - Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream- Add "Conflicts" with older firefox packages which don't have support for smaller curves added in NSS 3.28.1- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado- Rebase to NSS 3.28.1 - Remove upstreamed patch for disabling RSA-PSS - Re-enable TLS 1.3- Rebase to NSS 3.27.2- Revert the previous fix for RSA-PSS and use the upstream fix instead- Disable the use of RSA-PSS with SSL/TLS. #1383809- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers- Rebase to NSS 3.27.0 - Remove upstreamed ectest patch- Rebase to NSS 3.26.0 - Update check policy file patch to better match what was upstreamed - Remove conditionally ignore system policy patch as it has been upstreamed - Skip ectest as well as ecperf, which are built as part of nss-softokn - Fix rpmlint error regarding %define usage- Incorporate some changes requested in upstream review and commited upstream (#1157720)- Add support for conditionally ignoring the system policy (#1157720) - Remove unneeded test scripts patches in order to run more tests - Remove unneeded test data modifications from the spec file- Remove obsolete patch and spurious lines from the spec file (#1347336)- Cleanup spec file and patches and add references to bugs filed upstream- Rebase to nss 3.25- decouple nss-pem from the nss package (#1347336)- Apply the patch that was last introduced - Renumber and reorder some of the patches - Resolves: Bug 1342158- Allow application requests to disable SSL v2 to succeed - Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails- Rebase to NSS 3.24.0 - Restore setting the policy file location - Make ssl tests scripts aware of policy - Ajust tests data expected result for policy- Bootstrap build to rebase to NSS 3.24.0 - Temporarily not setting the policy file location- Change POLICY_FILE to "nss.config"- Change POLICY_FILE to "nss.cfg"- Change the POLICY_PATH to "/etc/crypto-policies/back-ends" - Regenerate the check policy patch with hg to provide more context- Fix typo in the last %changelog entry- Load policy file if /etc/pki/nssdb/policy.cfg exists - Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy- Remove unused patch rendered obsolete by pem update- Update pem sources to latest from nss-pem upstream - Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key- Rebase to NSS 3.23- Rebase to NSS 3.22.2- Fix ssl2/exp test disabling to run all the required tests- Rebase to NSS 3.22.1- Update .gitignore as part of updating to nss 3.22- Update to NSS 3.22- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite - Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built - Use %define when specifying the nss_tests to run- Add 64-bit MIPS to multilib arches- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0 - Resolves: Bug 1284095 - all https fails with sec_error_no_token- Add references to bugs filed upstream- Update to NSS 3.21 - Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set- Update to NSS 3.20.1- Enable ECC cipher-suites by default [hrbz#1185708] - Split the enabling patch in two for easier maintenance - Remove unused patches rendered obsolete by prior rebase- Enable ECC cipher-suites by default [hrbz#1185708] - Implement corrections requested in code review- Enable ECC cipher-suites by default [hrbz#1185708]- Fix patches that disable ssl2 and export cipher suites support - Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers - Fix syntax errors in patch to skip ssl2 and export cipher suite tests - Turn ssl2 off by default in the tstclnt tool - Disable ssl stress tests containing TLS RC4 128 with MD5- Update to NSS 3.20- Update to NSS 3.19.3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers- Update to NSS 3.19.2- Update to NSS 3.19.1- Update to NSS 3.19- Replace expired test certificates, upstream bug 1151037- Update to nss-3.18.0 - Resolves: Bug 1203689 - nss-3.18 is available- Disable export suites and SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2 - Backing out from disabling ssl2 until the patches are fixed- Disable SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Update to nss-3.17.4- Own the %{_datadir}/doc/nss-tools dir- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer - Install pp man page in %{_datadir}/doc/nss-tools/pp.1 - Use %{_mandir} instead of /usr/share/man as more generic- Install pp man page in alternative location - Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Update to nss-3.17.3 - Resolves: Bug 1171012 - nss-3.17.3 is available- Resolves: Bug 994599 - Enable TLS 1.2 by default- Update to nss-3.17.2- Update to nss-3.17.1 - Add a mechanism to skip test suite execution during development work- Rebuild for rpm bug 1131960- Update to nss-3.17.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Replace expired PayPal test cert with current one to prevent build failure- fix license handling- Update to nss-3.16.2- Remove unwanted source directories at end of %prep so it truly does it - Skip the cipher suite already run as part of the nss-softokn build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Replacing ppc64 and ppc64le with the power64 macro - Related: Bug 1052545 - Trivial change for ppc64le in nss spec- Update to nss-3.16.1 - Update the iquote patch on account of the rebase - Improve error detection in the %section - Resolves: Bug 1094702 - nss-3.16.1 is available- Update to nss-3.16.0 - Cleanup the copying of the tools man pages - Update the iquote.patch on account of the rebase- Restore requiring nss_softokn_version >= 3.15.5- Update to nss-3.15.5 - Temporarily requiring only nss_softokn_version >= 3.15.4 - Fix location of sharedb files and their manpages - Move cert9.db, key4.db, and pkcs11.txt to the main package - Move nss-sysinit manpages tar archives to the main package - Resolves: Bug 1066877 - nss-3.15.5 is available - Resolves: Bug 1067091 - Move sharedb files to the %files section- Revert previous change that moved some sysinit manpages - Restore nss-sysinit manpages tar archives to %files sysinit - Removing spurious wildcard entry was the only change needed- Add explanatory comments for iquote.patch as was done on f20- Update pem sources to latest from nss-pem upstream - Pick up pem fixes verified on RHEL and applied upstream - Fix a problem where same files in two rpms created rpm conflict - Move some nss-sysinit manpages tar archives to the %files the - All man pages are listed by name so there shouldn't be wildcard inclusion - Add support for ppc64le, Resolves: Bug 1052545- ARM tests pass so remove ARM conditional- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) - Resolves: Bug 1049229 - nss-3.15.4 is available - Update pem sources to latest from the interim upstream for pem - Remove no longer needed patches - Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken - Update iquote.patch on account of upstream changes- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) - Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Resolves: Bug 1040192 - nss-3.15.3.1 is available- Bump the release tag- Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws - Fix option descriptions for setup-nsssysinit manpage - Fix man page of nss-sysinit wrong path and other flaws - Document email option for certutil manpage - Remove unused patches- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245]- Use the full sources from upstream - Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird- Update to NSS_3_15_2_RTM - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel- Update pem sources to pick up a patch applied upstream which a faulty merge had missed - The pem module should not require unique file basenames- Update pem sources to the latest from interim upstream- Resolves: rhbz#996639 - Minor bugs in nss man pages - Fix some typos and improve description and see also sections- Cleanup spec file to address most rpmlint errors and warnings - Using double percent symbols to fix macro-in-comment warnings - Ignore unversioned-explicit-provides nss-system-init per spec comments - Ignore invalid-url Source0 as it comes from the git lookaside cache - Ignore invalid-url Source12 as it comes from the git lookaside cache- Add man page for pkcs11.txt configuration file and cert and key databases - Resolves: rhbz#985114 - Provide man pages for the nss configuration files- Fix errors in the man pages - Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util - Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit- Update to NSS_3_15_1_RTM - Enable the iquote.patch to access newly introduced types- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Fix incorrect path that hid failed test from view - Add ocsp to the test suites to run but ... - Temporarily disable the ocsp stapling tests - Do not treat failed attempts at ssl pkcs11 bypass as fatal errors- Update to NSS_3_15_BETA1 - Update spec file, patches, and helper scripts on account of a shallower source tree- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build3.101.0-7.el8_103.101.0-7.el8_103.101.0-7.el8_10alghmac.hblapi.hblapit.hcmac.hlowkeyi.hlowkeyti.hlibfreebl.a/usr/include/nss3//usr/lib64/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnuC source, ASCII textcurrent ar archiveutf-87cf300aea69a7078d5ce12a97c8ef0e85e903847c39c0c0877887bdcfe26dd28?p7zXZ !#,ڟ׹] b2u Q{MRޔ Ǐ[G&R /mT`skuIJ󥵿+X£k $,-w^ >(:%&LkZȋ垜lꁹgI'uiXML!Nj@1X8B]1A]LKHmkFa0__AY9ߚe-]ߘtd[+{2B$x-_yBHX_,jv7dHǚBl; Y65i4F~!E@I MTb^ms; ̨C NоrJ-VG\peD{ fDuS5\ R 1*5(CBUp`n*u;@]zt~Lǿn*ȂO z z z|+ 8!},⊟>cXg:߬[5@>uF|D5)` *JG-?,O[s]v*Ń g-I53boHB+w <@JZA_}-$h 9)V.emu`^ (n9cLk &ɵ:@)`sZ@_RيBш=>~5ªF+>VS|c(VV8/Xzho>ܖ_#*MQRjF6'ݫ&u R@`x!Bu_+y#*w56c[ӡ"skQocGsM@';␘j*5S !|, 3f&+rLW*CEv.ƈٗj$W fլU\ 5&Ă\/P~5QS7 8gy{:s _{vK)6.GX,)g-+uJnRG~]{%GRJ\e.~T\o>؈.47f=)Z5ewB6z6^4$uܕh4<7,PRQ~(c[MvwE=c. N%HiA4Ϫ2Kl3WKI{p6 /1 5 ?97oúAF*U5zAjK77)EA )UE*eìV'!}h3tn43&M: ShuPrϦn^n[C}MU,)Zy$)5Ӵ{A؇$Y9,xed?i,ԐJJ#;7̲8*eq핣~!i]^sogz_ ]zSB}ФbQ0M&F2L7Lj)AR0K1N'Luc9u֓V?*E3.F5`s_K;ʀt/_Ӭmj3SS .\-qk[ᆅ*JD޹pLUl-Ҷ@axB/Bl ӎGkl>Z ьc}hiK?\nuhr e &)H96XB '=_\1؉>%x)'w7O=UVKM +]l#u* tzp?9.)'Xx}c͖(3DGXDi=yr7O{V2V`f^ MPZ~t"٠J Y4f@І0w.SX{jsxrBa[ ׯDpDkjnPՌq2UҰasг\dbFb)-֙Jwt*!1ó{ry*a&V7(iViO%J ʏ;HG[:Wm{g|}ly?T%;7ڏzdN(kS "қ|nX8%x:"17dQtQY =k7e Ǟz=ڊI]kX8#ԧ4t"#u] qqA^VjkkmT_[3H"|3L= E,v/+ y*6rYxsh W|\-gAby9KG?U]|w( ,2N5V{.h kb\ݮY{~z¡2t xt8Y|5:4>dG2NG+"E(Io[5ƋI״d"Sp9%;aW%6VYZ߲!N)Nx<#s pYY(:{Ū|zmrL,"rLeo{5ף 0D 5Ʒ$tWm`~H! N^ \=)؜{i^;%^%AjʹR *]ȴAWWRw]L|EOQV*rGO/cgّ39Te%0zr5%p\~G&RC֢NT=bVC!T`A/|H_ajXm@'nvx<;^tet](mwJXOۺ*u<^8ʞœLE6S&rkt:?D/U.%k)vT,! GH¥h+Q18%Fðcf]0v|٦k,)>:D+Nq-yJ9{<^.3uE|,ʃvzʳFi30^US0bJK[Piޣӓ[7>C$_{R_b"pa*> ]vt ]vAD7g)%ޟAⱨ9sif{0aWjZ yVbjb+FS`rn%4GG\GXY fT4y۳l$bͲn"0ցH;&PR&94B]O,;8 giăUߋz5{=p sS< i60.+\pCM SphEN-8lݨ-&=ZX#ddh~=g6k(U+ cDEoԈ9Dn| :nZaQN-'0nv^]s b@"Hf\Pڄy ф"*~Qkan.Z^H~\=BD o%ɿ8>R8D2Ogø"Q ڌaM #я##Y*fLI6U(yl0nf&WC}p$ߙY7De[*p+B,e011~w3Q3o#߄0踭S3`/&_'i2;eX1͑ha_ǎ)NK lɑֽQ ʮ<:2E˟)!02*_|ߝm$n2}\7~҉jDWրK5 Q8fW`=e¾Sb"LjD ]hK5OH!tiA+>rkQ|@xqKbq^snF8MbбpD 'P"r3 x IEx KBW7xUfeXx|L;'Ḷhj'JfϊQ\a6|6 0Rlr; 2R `fRVm-rҵ)!ELm t3*BBHqHJvQG0B)H*=خ ЬlDSwGO=-Oa,'1o:'mhoT8_=+dr` %>-Eaj8s`<6~yJt Du q{KA* 9)Q87-EM_u<z7S.Q'NL lk5,@ނtil\ 8v)uYQ;ht۰МOdwcj͈T#\a 8]/(z*zW0B=-ĻِNϮ}.gRN Y jw{^ al,r45`ڵs8D $#Mz: ݠnW?wBG[^hhԷtBv=a`|=!R&]a%naCt@,|x†x!GN?aqgT|hwV?^BnҮѪ{--&,К~UOi`}kb]R,a+2ZuK궜&:T@$j6 P Sgq(T02I/^eEvZܡ&7kF{1F:+I*ssPi}NFOu#K׶eړL;xɃ*F)W|"b4}̠L_aUD2}/هQTqF+$J֑dz`cVQkWj?("GYd:I7u+>O({3lۼrJlj`|>dh4 5? Ѫ+To`ӹ̓*Li%Q$3n+R,bT'qIዝ#N9.%kBwW_%޲[c2r\8QR<k;xL#w'D kaDu DUŷw7]7 a <)dlCcznHt 6G }iG,s,VPdU!$]ʉBAD'U 3zVb?}%!א,}jm# `~6Q%BpK:h\k𥤰a BZ$bsb>jdW!լ߻/?^&<>$?Cw0SR1lJC׿Z J{ND0G}-azy4:^Ib<1`O{0DtwB 1i? ^wDDbVa`HʵrH T(sQoA,/,.A? xމj^c)s ȓ{)]yo-{y%2͌ͪJ;;2<>-摖WЧKpO9}%ki$u1d^74aPyIm3#࿧R;EJ>ob2&9BAvy6:o53^,A ]t"٩pTO66}[qܷw."LD͋FJ/F{.eXGus:jb$OSE#w?vjV66pGa:tӺV콲Hi/ ҆*r>: xǾȂnL䧠˙5nf9G[$6siynN4f{/.iz賤\'r,;1"Iӻ xzޠ' AjwLCH?u>=α2hRFKw0btb&AkbQd(gjn;w.S\ "nSS"i%9%Z2јWqRT\AL!+}+sdxiE@?$Ž4flMrcp?C)X TEMSW2GIvn|}=+z50.#!̣c[PYD31q0|&ɾz\ v >ū+9 kcYN!T}3u\Md8K,|{AQ/򔪅+&Ե+Kiycm;Ӄ*>l^cV3yMm۷M&^9:9!S$=9HvkF~Î/k~k6*HӸ?pGTQuwku#BZIfܑHUZqTQ|HH3tA4 FkG vA |) vvA{4 x2V<24)+ G>YzY<Ҿ`ar=͐kXzkKnCi&Aҫx}}ʃS8F?c&D-N绉@~DNɧQeqǾM]i#e|{An{ק;k`_wg~@1pIQr' +$PO@/@Wd_4&VV(HLy_C3yw"b-%!feDݍ#J4Jՠo`%sKY6#.zSr]8<(8c+BA&'P0C˴.ڕ|{I$ŭ(܈_r)F 0Vh= c =jctvȂWAU&)//#}ѝ|h~:R',`-SF#$g_X2[I"ĒV̞5_,,5/α< l^Shl>Wʼnf[#4 JB+Mn-q'[q1y5Gt 2j.Z e'-]&#@5>qքښ$in6eI^Ͼ{O0ta_q|"﨨;d$IN(V^; .8)W&T^/%@1URY&NF*_ה*إ4! -r|p{?`UR\]RD=t:Xtxi2Q1[])s,˿$nh#A"Ĉc1l TƫM1uU>\^ڜG1E{Cot2e%I= 3/8rS$CTʝL? ס ҮeP~:KrZx G5 jW@@ῐDpC3J$ Y9ˁ~RP 4#U&^}l" 7[GN춑$98jد}}UpMk^hH˨vT bIAS2$@4 :E=`"_;SqT3-j&Y_ͫB 3, e!kE-`/%ft;a{@[ K_wC!(x ~bKGyi8[쭆}-x l&ImSLwyi@/@]$sz~"$R~j^1Wzx 5Jws;؝Hv se2Sriw+X;Bp| kR9oc~n9) +7\Ǹ1ў8LN6Vp3¿FCLPh(< EVeQ :˜c3A9ѷœ:1޽,r֪J%Y.Y*,bgj@5R6v'=~2rҟ.B4^Cp,Cz^+tCwzHI*ox^Rͫp×̎([ 4}o39 K= Q t-4' kc,vB)~ot^d12^jꀌiD@M`߾Xg.t ?Y{-zCѓB}fQ$0i[*LܙԠcX#l]n(k ;jJ(lNTx+۔]OϔCSnaAÇDv#ǯy>uuBZ 'kuCw6WϯxC]uU:GRʃ/o>d%Ok_MՅm6(*Jqғm"MHgs Uv楜4)@ IF/evayz,b'bݮ~| @Ю2'mMI$ RL:IwS.2vb(s7SA:㋱\˫kj4.d߆KZ T;lxd?^8i g4Z(G21>oƦ(b'kxa:ƨuQW쀃0&Cl'^`*t.oy#1bsU)KuYY!x^`ݝߥȞu$-0ם!S6Y( IYcOx |$[X҄u!/nފOpdGӌyxȀ3  prs[#>"N is|joQquDto Lzlz+) iegM YJYE2 9=树yˋY^0 gkqIkX;fܚ&[GI1(%%2C.Q'ܲa VZṬ& JDFmeBfEGJ._gtj&uq0=2&kmϊTQ2o7f+ΖwSYWy9սBv 0}\HJݎݝMM$>DMkeʁP]zS^=k+o8/lKayH X]J<(_+}(꺜,p3{OaUmԥCȟZ>O#?'iE gسaԃ6~/WbDq&8[Zl3[8|[4U}(֮M]S>&BMg>.xYat uSP* ̙)eElxmKnj&-f} Y͉UlJ"%O+@m[?~`dET9@(y]|I˦礯Lo^0//Z.Dߣ|=Ag m{lbE\6xRX\3?[8ז~T&/+y8 UJMrβ??s 1,ZW'-1 ctG[UGa6)N2nIT n@GP{$9;wSV'{Eu 'Z}5|lZYdCYzc;nJ X+cf%P,1שeɐaB,v[n;,:Nypg)=갫\$^xz E|oۓN{=/ \lѢm%;2;:?gE`ev#9Zu#JaF @"k _ogdP((k02yIۺG)"͆%!T R1x|E1bfÙjįْdM:fi)ůX%s$ff~ᒍ U/'*18\mUQwS-0]>\ZB<>}r"c [b&ܛAúlxލrSohfRFe{d5TzKJXs|2G'7.A&)}UR_ho WjJa'eGW>OU.][`}ͫ+}N2uug sIђQ>hf|IFY֗Wcp}P=ÏQd]b 63P1A.2*4)Aơ?'صIQ2_tbOvu_u?8hm˗}4ǜGFD§#S,~gvߟ4l7fV XϥUxxbZzՂ<07 t8*+hU˚R|a2sķdxɍth@oaD&>c?8S;_g6@S}+|N \e'm*#߁_3)Qhj}E;)zW'&O{u5\iO(R(&Kd?\_/j KEEqLtiChtf[Js%7Jq ʓg+g 3#Dym*'+ 01/U4hzZ"38LvS$0ygb?Ay Mb};;J`*=^GN){zS渢'#9`}–bw2Zq"S~3z hG8 (>w'ˮߡW&NB Igk#g2ip:C%;NX N.-0LU ]}Lw@N7?j=P'=6'diK͔xg^ﰁ0.Ԙ]kxU+ ܱ)|<]o7> czn/l\{򯬮ӨE+BCP|߁,qՐ+A*Cfh,+BpL=[0;Qs/ `zr#|.;}6 ecmQݺ v:θ%1&oCbd?6$9/;),%?Ttc;'OF{<)|^8W?pVd95n@I"Ĝ_Vrn _hXF,&,Wy2ApMa0^OV \mGop>`KĕAyT23g jn!7H)`W!8x@VRIʔ# I6#.EPb1Soe> JO%9jH8ukrou#`B$ J94oDDz߿IJWhQ4 nhHC,f8BX9s)+:՜xE31#C N1f#tS$lG؃} AyUE42-̩O:.%byq J2*QR<_}B}AK4ƮQJZ*5٧.;O'tY51긣"G}jCSj䆏nq5aK6C=|6-0:6ZMDRY֏:Qit,#9d4!F14aSK޻h:HСM&-*ja~2dɽQq:0QeeO75zv0ۦθ,B:׆E4 K¼n$7έճjbQOzi} r'| Ҵ Uz gyIK]GL*1w3M Ej$k3qW$ B9*Ž`)' 0hrK+ &S3캤VlݾNأ \s);ҜJ:f])J;$;sIVD#hگ?tja)t0<_c{y"am^P !ėc-U'Jp* \!'^pe=eҍ% M ,ro맼E; $sJxE&$De|; :+j<У7\{He 95?ک!mp Mܑ;kKT{K;&vS5K}yŖ+o)9<= nVG%[l2Z}Z0bd>y]{T v֋VS%5oյ>%f=m,Ͻ wGGuUtmgQ`v&Y x.l|Qg~sӴ a%|W?i|hũYj6Ⱥm/gz#}ԦٴڀD+$? TL\hy IC,]<^$#M eNZBPi -՘K(&}].~=㜌xkq9'yD]$A: 3*LGdLFYCˋTN\H-Ͼ_'K5 ϗj}$sŦmg aOlKch;e*JsT qd+H[u.{=_adGc|3ֵ7W>մ^]̅&a:>H>4ɖZ5?>=`W| g!@vIsiɉOPB}yNKi;f5v@y9gf@J$u6/J&#t}R.c I)짒R|a0Zg8mŋ%c P{gs+_{($*| 2knW^B XWiC 4Ĭ 7iiqs}6Zb&:o6\L@u\,I{ ^y-Oc|36UJGϒg8]l[!!\ `Cq/(!+ȝL,ƤCc/沭@ZR68ٶ,h TxS3ZLy8TDA#9YpQ@Elܰ.$a<s!'WF+u,rL7Ѣm%fx%8x?m}2b3Psg7(Fg⒩,߮"\ߟ &j %YTw'Hr`sbnm/x x_Ll9EF5ULIn0DK/N-ϨwnQKL7Wt^2Ƥ֎aBȓ)A?VܡVWBT82L44?i#5f4+73"z +Fdo ևW2yn m0FIZrRҬR_y Ԁ<>GEF-u\ɸ Iͣf &FUp)ӌIij9l5_^V 0F?}m9n37~grpzB Sv5, &Cs_xpoL DϺks7oў dGY!w{wѳvU,U.,8'Qf է{OdK DvC)!/^ v FC,? )J5pHN}ſлhQu'Uى)A U Y0}8N1' ,^?1F1`k&9!uTٱ`xܣ-z?OcYrM]+5uL_D]lo;ڢm"FMCZF jk𧄾A+9JQ&6jF汇(:RjPqtXxu?}R7|cgY$^i?E8n Jc5[u%}$=FAf{BR܈a&'*lukv^ D: &J5pfV)/oc~nZn>/BOWIHLCF@OX L{ݭ7X 4-XFN仌@dϧI 1$IV%an㙳pT\p=L53i'dGbA:p =}dЪ65(&k#vx6Zy?M].mDz:1CnМx̖ ;ʳ:ի݊y7 u4XV:`YWj>c\2-&?L`q{Z6A08o.b:CyG?IR9i csSh Cv=މM(?hg 웜&,~==S$z{-(p^?&0f籌p<|@ycOq'/l{l>>Viu0 yio97ҌW1EG&J7Uc&t>`X@cN*(ll< h~/Fs$5igA~Fj$'/;4 4(FGeUY!tݖM N`mcr_a5SN@< Q+38e.J=U_i$ZFŋݛPHŊ ޓ-T MrK%X,q$M HjP&-B8֊Ke~'N@xD6b9Ci0 W; Zǁ1W]3 G Eg'/x2LEq2"nß!!0rBKx:j~']0Yu`^a|1jƲtb'p/WlLxvQ <];qC=D댒4T?Wӱb ӹb  I󉋧x* KD|w-pEȇ:{t?&|3t%ǒ1X}rsV33v6qƑUjOQ_"TfSŇ¢R8WT@Hmʳy2e9BE[tŪ/Sg?mPOR3_nK75[  b.QtMgFU.`̃LSK6խO`HY) Iѕj VA 6:_lW0ӫ6;U!B@8߼a$ ^ ok3obzhUE*Щ~}t EŴ8{/P`f̦6Y(l:F1mRY4$fDȿ虷W3ʏϾͯ)D1I [qQ*%|φT({X,*>}!KC: snAM1j_kM>†)p58=4yb s\+.}!3C>@) ?ƺV1_U$Yjy5uHWOe\z?x#PX?55Y&7,|VsfHwG;c!1AD-nЍ7D?PCk9>~w-rI 7£|/afvtWLπ\#9Wpd ZMV:a)*kLW ,'Mk icàD^4@kWF p8c0MJ8>_4rH7)=DLIuΧ q5 8 t5έ9Z12\hػ#:n ]/ՎZ ]^8[e ؝N˜xܤ]4O/ۛROW4w86:9޹a2QqGHTkf,|>X-ye35'=s˦aB< ~~0U HL΅~P[uHwyܢtrE=6˩2Q !_,IML:iP1i>_dZlJcvSMwDwmH!vhYLPZҪTl)`B#OkvSCG֭AE(_Mj/ءtJgfW$p;L.;y t*YNOku]ks9fPsh84E^G2" WD_^,HۢiQny|4^Z"zи晖-7(ű+ײtrm_ICؔi[bW~z4m~3oC"!S,ͼ³1Bl7SqT|v.gtN_h1VkB75XqAW.n:?!;mK}fM }Í'%5#CH%P%17P`Jfڝ=& HP-~X ԴSweXKW`LqoSr w$IQ2)Z\R܂%)+Z=0G1xty".G֪"J5Wlk@<޷t`qԿU`f&җQ՟ xSyeS$g;}3_Cٙz!9??\B Oû-"w LaGb+ k{n~K׳aX}ARGQ+̮WQ!~@dA;`6mὭv- PN.:@kGd"A ey0.W W0eVK< NCt[{1'm!RqAMV!ekĞI~1_?QE7YB (_”1vᵫ*Y95-K@#S'BͰ"E}o[5wa%n{W9ۑVD3%SHXyO[\ *6tzYq0@ Nmnr%xlnݽ;i%XKi@ć58̪ J9ƷL U8 Y1_Ry{(7'qJ*GԦa0rɵ=ȡÐu2t{AvEriC,1x%cd+D D6˿ #xR≽͢LYLJ;񬼚kEXaKehKd\PL< W,s#Y55ɉ;vC7,@o6fLIK˕U+V+·K E=ȹjkm{ˮ@ `Nr d:[$Xy4 ;DD \|0+K%/EߵT!WQꭕY|EGSN2w\Tn1[Qf^p[|=i޹M\G3;cSDk2n<'T32Zx %)Y8)"˔$unB>@d~<39Y2G!yd$Cж83y{< ٱh=[i`qܲCPP0Ms"me*;s|c(d๑HFBT'p295wW#8F651%ʤ#kcs;vI_Vw^4NA6=~Y#'/=1/qEjs62 E-۰ҋ4%l`KkxenM*HXn&rU%0AFx%)$k[eræbzB{ N$La~6։`2M?ycih7=6 zQ@/|hN}iHt +b3צNWx]Zp?{pc L.p#Y 70![=aLꙵcfOj&50BTX=l%N HlDN ILM,.o|bu|!< }ĬcIX# "ST"Z8_\֡\2bkSq,-OZ-2<ۿa @WɞJxab( c6G҇E,[p@ >tgTJ݀yV+TerixSf>bɘA2@U>?RB;PrYô[~Cҝx0!V=~_m z!!KC["h8ebHPjTTX O9zr;`ZIܑ3bp#\W3 )OZ*Tۓ :+РMPAplVZ\kLa!12hC|\X^0V4u!?Pi¼ɔɃOoaG[b`61V>P[/3}Ji;}r [[p ʁ[3 %*Rxeh:KGH/4ޔ"jS{~ck͒~|!I58a*˷ DL*5&ՠ+&vy[ۃO@fj.`cӵEB>Ի*}%}MB=ƓZصJNӯXf(p0]dOuNZ'.LfVGYjWFo7쯰En_Kd<w͕BIߍ(&~e>ոgv`o}\{zl=%g9 ~\8G(+s8y`]zO%4O*<[xWTue=Ґ>m*L1(kԿ3f窖1::àQ"D/}rb5 ]eb^".pc^N3[V||^$Klg6 i2dFl w~Őf* yHqk> vZI @ocssY{XD1='hacm@TrWBDN*yXp?w6j.r)jhBOuRccυ-"(LbҔ pEB[&I"הX/mg,>qPYG6g9kI|/Z[ш+ArPe$03H uyw~(C`- dT-ZM!2ZlGI$"֖iq}M.v.JppR`JEb]7_:܍S8LW4RYEDvrRƐak`J~rL]+5abq]0WĎ /Esī Y< e[!γұd Q-p@2t9Z۪Cea5i߉%| Z {GfH /n )]cD,5Ϊ{F@\ݨaW( 2]ttqAy98R$LY0R=k`,բNw@b0E+zCN.Cβ> ?0qQD*i@/:ۀ-Fg ۑ؏x)8$i1Tù`=!EIZ`XM/"8|)Ql'|k1 bla "3M 71;/9oY{*k:.Յnub9Mi͒9 7WI1<B}Ao/fГwr49ĨY/4+ "o5`iC;1#>5%SOb=xl8ckaFfhlbUkv@j^g2Ѷȑ!L6%%La? ŘMLnPx"(uW}/.j*UyǑDP]8X0##ɗKӯܜB1ݘcdV[ > VoZ_gճ[GIR6Mir}*+`[`SXԱYP%}M%}]腠O!}7!č㋋4YfV,ᠢzuD2*wS ڋTLӰ1gnX5Jꀍ*U)JF1Q -sB*zo)e^zF,0C707VM챹tRRE*nttFVh $5{0FA/`ESZ͖1!s$Q~N=[$PVl5V(]2Fɑm!;9wrO&K-r>>dɗS<9(rN(q}BiDz,X~B]kz 6ΦX:2}_~=cVOb3rAN'z'6RUl\7J Bca\alHP iG2oz)<0wXڛ9}~{LVfz_`L=(A}>LE:|_~4,ƝVõNڈZ=ϥ3s}p:ю̯#P/<îd ]|R4ïO  k@D0H0wZ8W?Z##I_sߧ/.3bZHm +[-~`uKJ[(834 !<*1%jFЀgF1bXph/^tҿWAX&#6vjƴqhZ2d4)ޑl#9HW@g›ƔB~33Q_= epʑWX 5=Z Z=r#-PCfz65ɰ}0*C|ڍTW_Sct\ee{D9[ 23-=ڒ(6yт\) |E@g5q-o?w65D7bt;؉$±KH=|5Rt=V ƺ,^S;=)*W')ژmAm"P{3Jc6ōaF d] '!^6bt:r4dHY-oK$۬MiSuP7 41&EXsCfɳeY}Vf1pvnhPWj m3tvЧ$c2 52)Ehkj4%'\K,Zfik T0}xBfBEy3Hbf-:jY$OvӉMZQ%K};򡵏f&C YՀ&FoDǖ-mY&eA<1^qYIQ=t[q躢>;'GoIFٝke}3ąڨS>P!/­qnqs,왳ĴK'NA]c@X;.eƗФ z͎D2 ,|M^ %,am*ޙvzwwH=;{`^jI0/%9li.5TQ{Jc 9{E\lfGL -<6Y(g㏶@z0l`X)=%ԩNJpDs[.2hѮkq{S#/;93sh0~Sac~_c ="y{NJ_9[o>6玕F~^|3BUN t`, NkeU=>B5Z'e `m^rƻLeD!HR`"QQI1$ %  ښE˨46d"c&PpFш ޙл%Om]BЕdkiO@2]I1MB/tjx.5<q3>Ä/k^#d ՞Ip %+Aj܅II-7|P2 bwPb~\DgE E6θWXzܚlN{E{,'{"ķG!9s. 83Nn` U( T 2fV ҅k7Ԫ{{k >HNVzQ͟f :dWQG,)g:@J}Dra+oV%e:yMz|y @*qix(\ hLN)2Ztv#@^Ѣ{}h^2A`&1t w.DՅ:;Gpw빉vT<>~rL` *,$|`#Iƥ3:&& khQucFD/\rgξH6HB꡹96 L8r^ 9/T|I>ƶ\'/!qzdAn("?C7X4)S/gC'3J߹ˇES@C'ky.bwa*//~uqʏ4m$񟣍miU\>Q\j%p=C> Wp )܎u&?XPE5>| <2xK?YV1S@y8mFxb u;'Jm9L15D! C(V>¶0c_,D=)_G7!-}xBhW^E0)zu=b뀛B$r_A y>R<+ĭ @l {!- rȻZO asGNg;XKq+R^QҀ δ&~o?Ȩ$& Xb|mEdzqzE]! y XLS(b10ƨ+<}]Dp,ܻ lh\P]b _B<脤CMG'!!"R^_|OnXYrGCCr |vbi|y9mwr})*}y?U}pb[e1>/]E2MΛ nvh:)vmrb{gFi<\5*-;c@8?Y(+]!2@0Q`~߾F\i8s߮ZvcU|"WG&AԟiA'.UQH#;i("UbZk!EڌNX)F:AG 7)o-yaJjPh^"ZQ~mKxK$z?h'0XBhYwlkNx Kvk!nXÏ%g m*-/yRgcaôov 8H%KQb)6'Vl(̩>EKN:G?Q(;C9FOo첋Z Ƣ钯6#cȊ-.j! \'E &mH`7i=֖Cpx)4hGZMjzZJ\WlQ.~,,أTxB)SyO5IˋJdHL(FׁLTF&Id?A?d \1Z8,e9pM_Gd;乏#*^_)\ 1g5b$@|m2l-) \ɔV[eEE2En&0^U C] m2kaSo8Dɼ{R]"TtAjU#*J$ǟ5\=<o}s"ŊFb>P_PI_)Cu(j N88_M1+KCg:VicZ44R#3$ehwHZ7טx>Ҽ`q0?So^.ux+qMR|>(涷i&G ߧ S3{lTYdoʦ\уu~8 *7rP=qFuYUi; aWc2 >ݐ񟧿ب=$iXUk^'a_o9qX_akCr?lFo͂z #6Q9coF/Xj.+Qg ZD"|^'>7B{ isJ cyBׯ6bLB,hvcȉ o`wt܇JVTt;U$J-cF P:^~Ʈb˭zpDFc^Kh*S u2_ Ð5dUnH"s LtC[ t6^At-&yPe0- iiU˺(Ce~&|8 5bPHƻn;Vh_9;+߄y#m%;DOs |85$mx鉯V,h OxG\Q'ۦڤ,tF(STྮbq%Zad^G!+re8ڨr|DOQ`*EDVJ.g^_aLiOQ^DO~&nɜī懟}M'pWI]L! )!SD{1tU7 VH* hoc- Қ҇߶X&ل%=pL C}Qj[R} t'#B$<{V5rħox)0n9xTƘ-Fa͋H-PQTj:|+ch zBÓ3{5LQ_~W/,gk sU@ @.O 253Gʬ-x탐 A/c#=X+Agy9TLd0O1mä ۞ ]:S͡yꗝcAĽL% piucJx*6FD?c5#Q7)AaFπz<7*o{fJEbH Ի~$[1D]W->R5M+0ᆏS-xT|0 "tP;z8}.wb҂~e,nBذ;=>NSǹ!D)ڱM %l뙤x~. >TYΌcVZstQ9#]4,QOwmx_w'`FM^f^Vb2錓>T7PiApg*I,hr1\UN@1fr S9mL=)!W1L˓Qudf$Ș*Q><q 61ALXK mZKftQ`+lo /hN a i$MLLI2 7eUȜ=)`|~aD±sZ_3>s i-Pck*1E3/S%{ λv' ||`W; ۉ[z};+*A)m̬6ngMKm $[eniE>f_+ N}~x)*8ey{ŗ1m<\I)aB rƜƿP}-[-T9lqa3[8/ w77|atj6Mh_nck@.= j sj(D*{q[d%aR]J~)F'^I2xU<~:mWO26V$&kNn񓄱M~1@@'"k!4ʉU= jYuU&x}7)YI!ܑuRo]m Ȍplu]7G]/ne])AnFA")[ [I"*  eXd_ _kǞ_9c41"y2`xo o._R{Vds8Mio ]Ŋ*|A* gDXV'58-{in2W>Aau5jְ Q.a؜[Zʅ^S|tfAЍ蕈_ۉ0 l7U^ep)CΑE9p:zgG*,4&6]>$-*B _JƄ+Ԍ1 P{IJNMۄE.=nޖl'XGTȒM'N}xk5W:;I fKVw:z }|-rhܶ:(&YWÒGZ9'͡b,Kfx®0 vldt<V9rfa:~+*B^htŋ;l~+ϺBGztB@o֩/DY}xmgŠB% "%ՁSkI cGlD;\ D8+4 O[Hd@1U$ԍ"WM^XDU!K4}}IPרW@Xw,=7Mg/14e$?-ZUä~ӽ-f[WI~SJ\t;tLz~N6q#3^r-&_Qȼr =,*;^+OJ!$2*QB>(ě1p?Жk)Uc?!{q v`XKUEZ_C9ķNU_ʻ߿QKq] %ց칎TUB3oz~-3 H(+kՃh{qSߏ0*4xg"φ`̬ߊXw;Ɇ=}aAB_B9qwV+VjNrz+hԵ}uP( e=vc饛 mЦ:l 1z#Zޫ,\SnL3*x·NQ/r~U[ r|}1XVDB߁~ZjK72t,>yxd3Dp H*ws.]KŤ$KE++qO3' UJchBA%]7w7kyߥs[zY}2> HeJkޱ7%X*~4 @uy(B nLdP&'ll@Le/dJZ JBz/.LDK0_%9ҵfn`MjGLW'[rN[R o’\bCVꎎcV#|km!֥evZTbz|:GtT\|Uq'F8A#lֽsB2M<dߝs)Ug> 6tt0w*pHG;6kdpKE$&KRSOv0WJXATe7lJu飣P0 C\Y/0S_KR=igC3~VE8q-HzHtW>ڐp)y^˜꒯Bpz$oWem ޛR}hr Lj5V޳hV]N-?O]SƸ&5R.t_+I,`럎 e~a_`5![ΐ Njt'0£^g*Y$2Zzp ci9]KkGD=aAw\(;2oJBb< ?pt<j,vzdXp.|\Q%QEۓ? ,5v5?3FPwZUUyq"8YTfQOc_?7O/0D=Ks:Cg=5RE҇5q1="Ykn#dd|\o,IE!;$'LS }2ʌ\R9rl@Ir Ъ.&;)t2I؟,;>>-x:&'U&x|dla7[ 3sfLw+V0=]0p.z`D<;H*{\ 68I'mmfFbPx,fA`0Mm6F3Z-*'Hco4[ WZ+cÕñ%;|DEIϨsurl(}APN\"Y؀16xD~ȹt \b674Z(3H,*K2;ZJ<͡T|8w1Pvjp7]A$ysgY& *}&v)8[Rz'W>f,*P`VLTaZ)>%޽+K L{6UWXIO^w]}/Mr 0L3(cK3Gbtϑ Vk8\[ZK6W#$񱔃Ǿo W8<;$aXS`JdD UJNO$鍟{﬉]+ t~(K oьj̅09E8%e‡=XԛO*l6X~p(qN.?ys^20mu4Rۻ<|QRfh v1s0ln 23*ǰ4XvpWKsc?ܧ}9)7b5@ex躁sxP2 >;yq\_e pN?iM ~L6Lkڜ=kNCB)X{̲E*@o.$i~cf!;56~D\$iGv5ntAG8X Q4p7~zBh]*k,)^ܷ莣Fx*-κ3*gADM1 XM}AοTc;8:@9$ k%ÿ1t|߬ۧJƜ{qi{yC{%^&(Q3pj*js0ͱmhЗ!%] jJxOs0ю 8)BFQěP#!dcf J`[K@%A`"C/3@~I ?t瞅k _fT@ ڈ&ݒjĮM9TɁĮa < g3 9LVj-c*h-^Ɛt~ &0DY]_A\L]-ͭ.:@`I VP=蠝. VvRzD94bJ.wa ;黃=Apt ]g G4'5\7h퓽%vf 0Nĥ-!4tu0h:tʒ&,GvpHW|z*uPv=LRjq+aW}ֆ;K Gcr?| 4zӦd3#Ø5[%{ ԽU OVmF3ЈN {qwSYɜES `1"-*dS (GM/vLJzdΌ k>w}-˕ho鹔 ~ f<]llEA(>]O{TFceشB>!6k< C.R]+pbnz0sw TOJabS5y'`eNbihz/d}+R[CX_>wI;nr)9zczkÂ,P*>k}C_q4HZϠ|*ԬUƅq*p4]پ~SPeH Da~EnP[iW ^!7_[{i |ܒGD~Bxe'v;Mr]O3 -ط hC$>I('NJblj(2՗k\Wi1Șe+nn.%68(GKؗLϚ7~VkTۊB7$ôR3߭qB*Fs7O^L|=uqw5z;_6, cRaP£5CNƇL%m »N2I.4En'[$ 6%0.+[}-)0?d/.TfB#U Y rO9}:v v|zK Iv6a|;sDT3OM[xygt i EΝ=^6IQ JI[;6?16%^憾i}EK{ R7o%o5#-/ R,e)V>d|E|CRPdR9GXSS 7+9RBkKp;8B=S?e1=cG 1`@kޝ|w:uߥ:e&Jϩ.-}׏|(ͭ߆eanaw (вm4?x$BbJ>[]tʏ0woW#[.퉘wz[=@-I':*A(x>2Om䪆y+W` q?Y2wEBnStZ[ذo9Y!L*XK>YXTrw9B$bgeҜտifI~dbxF+'W<ϓD!!ox x_zepr*S=HJ"P;8zVr&kB%֋վiWEv+ըWɕShfq+&e1rEՠ= 7їq]ݓgs$ߛB=Iz2ҎX@AqH泹[1c|9#1n x-9pк G$!`h;+666ᔥ^:y:GY P>>Z91I ƺKΪvSO4UA@;yYfy8]<<95DhGNGXykioLX; ݐY>X~2Dd:zJ􇓋Q'IZZ+inx>'y"Nb;=|DlSt>f e-`U~3UR##VaTΏ@½SG7|50"|):2 e>$bZqGb1ۏNv=5 7v% LTdAc3iuf5K`fpd+UWj3jЪ՗W>o 2pEG8 ~5Ƒtx]wnGſJ;"9] jrG|S^k_LmDz ˻cTC,qG=CZ'MNRY ɭo6 h)R P[cj3)0e1Jdp7/0d\x?Km2xx |wV>oAVkЌc9b)bst57E1VD /HkҿN';g׎؝1Tht,ǹEȹ0U)LryX}-~T#ePuN@s4C,^rubChis~p%^F5\Ţl6k .#hW@@9pD.W#efo2fKM47)Wu0dKcXX>g_ -~G +k^"`o]tK'g+ZV+XCNGy摞EbB1R$u-Tq?`-=m>ł3`94%{$WóC@;seUn$W=A,hEg3 B|Cz_‚ qȘ.,AxyՖY}:GLM d'3*,Osj\ WzaOBo't[h4f)˓8@HyKŬoigA4͡{hJ3'xpmW(wi˧{ r9:n`oN*KfL?B&^dk|ԕO5GȏpQfg(;2*Ztz)ur.s:BT*͗hYyGLC6G @Q̍+|9sff1t\XX]b%՗VƆA1I 2Kމwern޸M5@4ns, 씙g+lڪ*2@kajQnW+$![qQe`ioTl6v&f掾@ s WM%jˉuS(d"2$@ʽiPDƵ /\"qg&'::tl؇V@bwV>@$GvfJbl貍(܂)Bhf1/;75y^-ge4_QЂl?n6 Y4S!I#MCLbj$Yᮨ SÎ'wv-twa;W66vU2- ·es˾#+)|!&B;co";k^@Z'x .fᮨeaT- Kע?b㏪̥CQ)$D)AIN[BaF .l5 ~ ) Q͟~ !j:g 5 >ۙF R^#V׷kEjoxd@KXU iȸkCH <0jGuq^//ۈ;W6مiBl:d,qEwSvcF$2~nIOzB!P8hn$4{f h (1ǥlHCqɺ;҃W|gS8?F  xb#ULwB~b)p̛0PˠjhQ/^`>V5#~L'{yA~[UpOb>7 9 U^5]87&>yRoZBk}=\=fJp(ag:7ֽXg9?(-8ۓhP4x6Tl+;~A qfkd)mYŸȹCL}&bUњBąh= zM:$ˤ].#Y+}Gt,N\,^v]:,lοo>p _88 +JR*l '8JBdg't6I >%3“?vd<%jx U$P-͜CI\6iLƩ1(0\h!I#&[ը/8M%\LɢEZpuv >y㝒2lFXDη`&ejE/-3F})npѺ ,#D㉥jMa-5 StK)[]$u`l2=PGQZf BkZa ]WRORAo"Zb1Pwz6,QnPlX!p/&|9@26=kA Jt"@jZ_mQcyBw`bLIy3<ApX1} @[CBq}Gl8?D$0":E> cPEQ:No>wQT|+Vxq-r32 <&Uq#`E-Sάr#8!\ɠ4 %h)p6:8@-" P/3O^9hj*[vҌ"t-@_g68>]7$vBA5 s˝K0Ny$(e2y=bHؾ> 05& M%`kX:dP?jxZLD>ǜbVR~G.k50wm0[dnc. Zڨ68:&]gL2z'x0'Djm/ctv43eHIfZj]a\mOԊ/`碐aiu`p+Lj hJw\бgO1qw_uVU5䖐HC9;T8iU૤=FxQc2F`u~IMM Rd擽@xZ:ǙMe /6UXlt)t% 1٢{f΂ ݪB6p^JA|_' |J6dYmW=y&3XXP00j%ʸYjjJC[_LUXVL`Tl+_TAq k&s'f-Zx^,o_#B@{@*qW.x▧{Ӓ cn|>Wu>k!?{ QS"IWx(TrF\(YU,vbxY6XVĸ"ƴUMh>AV[&@?z٭x8ch*i /^>=c?ۅ2{$*?:Yk_N¤g3ͯ91!plQܿ[ 4i-~F=F[\h nʼn\Oɞut|Jv.3)^mR)BȜ(V37~fl%X[C]Cu&.0b4K8qd^93)hp3+=(D8]5;ωd)6v `N7f!?!c-nf_Q ' -27A׮Tn\XXIwcM7zg2eWcXT@QaC*YI[I  WvmEg!BpͶSԪ)@3lb|ќQFM+ v 9YuDHt%]*ooo|r[M2<#t} ^tV= "<1=ȓF ﯴ{y<2=El-g1"j11 y;\:ZMi>*ܡutZ!f TuƐLqW"ăwجUTjkw:{#*8Iz4\@;q=CrW)qL>pj6`[QP2rI(hTwW ا*vΖQ!Dye x8캣h%/\4Krpq2uD13V98h;/*oZ?ss@)3*瞛?]еJ)w#)dhhU񬤐.;Ufꪣ7Q?g5c$׽#CpҢU313d>'Ij40HH%ГpqCEV=jS\{ R v%RwxdsTȅCS7clIQ/I6?(+m:لlsF\ISDwKt-~6G >Qj#W?n*?!@Zpt8KZ#p=ӟ )+s;$oKéa\Аmw(2ȇPC,؀-7|'CP:?_zIH&VW@lhvb#afC=h`/֎z.td|A&58б%BQ`J PMDcFʸ74XH/Ɇ8#&Kl=<=?„!q XѭYxb:N2>ދ,mE% ]fN'F2PgE`ըt !,H:q|NA#:xz1/]Dž跞޻/׍G1=Zlz”@T1Gp< @>H%OpR&Vv9O YhI9Ƣtp *X-Nbg`F jDŦӱUł6kZY@#(tO9o2;"硄79Q"lC~3ѾMZi.s3-)y[-*v>:A@x³Z'E΋0QThJeQ7M]5:qf+a ?>#֨n9VL! Rc'ώ(q]r"OiVc•z[𒢁c+o8\Q(2@6G@eQ9\BYhw)fEhӪ,;¿4u'IYv5wܧ zٓCT24\1,V;7H/ܗdN% 9D_904`)D$|=)@@I?=DSXA>KZ܊P8<9#$Кc.&_Qfka4ګ?4#'=0;zFp " 0g}yi8lf`ф E`Pv̊ƒ`%kJ|4@oڥ{اׯT[rEca;\z&Ffp[^ſeͭz,}z-̠$εQ[\QM^_S)6a kf6iCC]6[]("b]:{`N<^E$y]^ĕ9.Fٙ+olOUw97n(뇍\{Bf.PaDWp_$h+"b@ٳУO;1̩I^g/AVb YZ