nss-util-3.90.0-7.el8_10 > 6 6_6 3!pQp)Tξ7]mtZ`fO ]mtZ`pd-boisŹi0P`Cl4-ĸPr^Uc5u}q HfHv'+Կ~IBXH  ó@é88%nZ—!wLq6_~B2@YPM约,TCcF$lDhmb% hEMcV5iGNGRjISkWkN;9+a ?^~˻tqeѕfN s'4nO1A` D]TB k:r'rNAѣ.ȭxy_ekXMMgÑReUD?j^$F3^%+%rze1%?4Eo&C@4\o1Z|D%?e9~`v'h?'-]3$hy q~bUs/T-mL@SM hxRg6)ZqT2t˳qxGh&>Z.|Zuΐ^i{:3똹;ac?h WWy56߶[џ!HBPFx.w*דR_Ը}6ͭ$ nWnY-7mW5rMKdX[{OT6ngzH g*9շ,3{(ɭ˅^H3/pPl۠AX 5z >!X>p<h?Xd   G /5<T ` l    4LjD(89 :^GLHdI|XY\ ]$^xbdZe_fbldt|uvwTxly! TCnss-util3.90.07.el8_10Network Security Services Utilities LibraryUtilities for Network Security Services and the Softoken modulefNord1-prod-x86build003.svc.aws.rockylinux.orgXKojiRockyMPLv2.0infrastructure@rockylinux.orgUnspecifiedhttp://www.mozilla.org/projects/security/pki/nss/linuxi686"֤FAAA큤fNfNfNfNɍfNd|N6c627559090df9495e0815727277702b76535e33dfb7b6e0268198be29acdd72a20c1a32d1f8102432360b42e932869f7c11c7cdbacf9cac554c422132af47f4../../../../usr/lib/libnssutil3.sorootrootrootrootrootrootrootrootrootrootrootrootnss-3.90.0-7.el8_10.src.rpmlibnssutil3.solibnssutil3.so(NSSUTIL_3.12)libnssutil3.so(NSSUTIL_3.12.3)libnssutil3.so(NSSUTIL_3.12.5)libnssutil3.so(NSSUTIL_3.12.7)libnssutil3.so(NSSUTIL_3.13)libnssutil3.so(NSSUTIL_3.14)libnssutil3.so(NSSUTIL_3.15)libnssutil3.so(NSSUTIL_3.17.1)libnssutil3.so(NSSUTIL_3.21)libnssutil3.so(NSSUTIL_3.24)libnssutil3.so(NSSUTIL_3.25)libnssutil3.so(NSSUTIL_3.31)libnssutil3.so(NSSUTIL_3.33)libnssutil3.so(NSSUTIL_3.38)libnssutil3.so(NSSUTIL_3.39)libnssutil3.so(NSSUTIL_3.59)libnssutil3.so(NSSUTIL_3.82)libnssutil3.so(NSSUTIL_3.90)nss-utilnss-util(x86-32)@@@@@@@@@@@@@     @libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libdl.so.2libnspr4.solibplc4.solibplds4.solibpthread.so.0libpthread.so.0(GLIBC_2.0)nsprrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)4.35.0-13.0.4-14.6.0-14.0-15.2-14.14.3f@e@e@epb@e\d˖d\@d\@dxb@b@bγby@bba@blbbb@a@@`E`ݮ@` @`ٹ`̊`9@`Ȗ@`D`r_@_^@___@__"@_"@_"@_!d_@_ L_ _@^^@@^@^ۅ@^4]N@]]߶]e@]M@]µ]L]]^@\F@\Q\\\\\\@\I\I\U@\ `\l@[[[u[#@[[W[O+[M@[ZZw@Z|;Zo Zo Zg#Z ZZZ@Y+@Y{YY@Yn@YV@Y@YyYm@Yg`YJ_Y1S@XX@XX @XXYX@X@XX~@Xx@XoX>@X*X@WW@Wt@W~Wv[@WrfWoWm WbWQq@WPWJWDB@W4p@W@Wo@W@VV޾V޾V@VяVIVɦV@V@V=@V@V@VO @VHsVEV3[V UYU@UU@U@U>Ua@Ug@U[%UUU @T@Ts@TTء@T@TÉ@TT@T@T?@T:m@T"@S@S<@S@S@S @SSSSpShS(5@S@SRy@RJ@R@RR@RSRR@Rm@Rg@RD!R@RRR|Q@Q*@QQ@QKQ@QQW@Qw@Q]k@QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.90.0-7Bob Relyea - 3.90.0-6Bob Relyea - 3.90.0-5Bob Relyea - 3.90.0-4Bob Relyea - 3.90.0-3.1Bob Relyea - 3.90.0-3Bob Relyea - 3.90.0-2Bob Relyea - 3.90.0-1Bob Relyea - 3.79.0-11Bob Relyea - 3.79.0-10Bob Relyea - 3.79.0-9Bob Relyea - 3.79.0-8Bob Relyea - 3.79.0-7Bob Relyea - 3.79.0-6Bob Relyea - 3.79.0-5Bob Relyea - 3.79.0-4Bob Relyea - 3.79.0-3Bob Relyea - 3.79.0-2Bob Relyea - 3.79.0-1Bob Relyea - 3.67.0-7Bob Relyea - 3.67.0-6Bob Relyea - 3.67.0-5Bob Relyea - 3.67.0-4Bob Relyea - 3.67.0-3Bob Relyea - 3.67.0-2Bob Relyea - 3.67.0-1Bob Relyea - 3.66.0-2Bob Relyea - 3.66.0-1.1Bob Relyea - 3.66.0-1Bob Relyea - 3.53.1-17Bob Relyea - 3.53.1-16Bob Relyea - 3.53.1-15Bob Relyea - 3.53.1-14Bob Relyea - 3.53.1-13Bob Relyea - 3.53.1-12Bob Relyea - 3.53.1-11Bob Relyea - 3.53.1-10Daiki Ueno - 3.53.1-9Daiki Ueno - 3.53.1-8Bob Relyea - 3.53.1-7Daiki Ueno - 3.53.1-6Bob Relyea - 3.53.1-5Bob Relyea - 3.53.1-4Daiki Ueno - 3.53.1-3Daiki Ueno - 3.53.1-2Daiki Ueno - 3.53.1-1Daiki Ueno - 3.53.0-1Bob Relyea - 3.44.0-15Bob Relyea - 3.44.0-14Bob Relyea - 3.44.0-13Daiki Ueno - 3.44.0-12Bob Relyea - 3.44.0-11Daiki Ueno - 3.44.0-10Bob Relyea - 3.44.0-9Bob Relyea - 3.44.0-8Daiki Ueno - 3.44.0-7Daiki Ueno - 3.44.0-6Daiki Ueno - 3.44.0-5Bob Relyea - 3.44.0-4.1Bob Relyea - 3.44.0-4Daiki Ueno - 3.44.0-3Bob Relyea - 3.44.0-2Daiki Ueno - 3.44.0-1Daiki Ueno - 3.41.0-5Bob Relyea - 3.41.0-4Daiki Ueno - 3.41.0-3Daiki Ueno - 3.41.0-2Daiki Ueno - 3.41.0-1Daiki Ueno - 3.39.0-1.5Bob Relyea - 3.39.0-1.4Daiki Ueno - 3.39.0-1.3Daiki Ueno - 3.39.0-1.2Daiki Ueno - 3.39.0-1.1Daiki Ueno - 3.39.0-1.0Daiki Ueno - 3.38.0-1.2Daiki Ueno - 3.38.0-1.1Daiki Ueno - 3.38.0-1.0Kai Engert - 3.36.1-1.2Daiki Ueno - 3.36.1-1.1Daiki Ueno - 3.36.1-1.0Daiki Ueno - 3.36.0-1.0Fedora Release Engineering - 3.35.0-5Kai Engert - 3.35.0-4Kai Engert - 3.35.0-3Daiki Ueno - 3.35.0-2Daiki Ueno - 3.34.0-2Daiki Ueno - 3.33.0-6Kai Engert - 3.33.0-5Kai Engert - 3.33.0-4Kai Engert - 3.33.0-3Daiki Ueno - 3.33.0-2Daiki Ueno - 3.32.1-2Daiki Ueno - 3.32.0-4Kai Engert - 3.32.0-3Daiki Ueno - 3.32.0-2Fedora Release Engineering - 3.31.0-6Fedora Release Engineering - 3.31.0-5Daiki Ueno - 3.31.0-4Daiki Ueno - 3.31.0-3Daiki Ueno - 3.31.0-2Daiki Ueno - 3.30.2-3Daiki Ueno - 3.30.2-2Kai Engert - 3.30.0-3Daiki Ueno - 3.30.0-2Kai Engert - 3.29.1-3Daiki Ueno - 3.29.1-2Daiki Ueno - 3.29.0-3Daiki Ueno - 3.29.0-2Daiki Ueno - 3.28.1-6Daiki Ueno - 3.28.1-5Daiki Ueno - 3.28.1-4Daiki Ueno - 3.28.1-3Daiki Ueno - 3.28.1-2Daiki Ueno - 3.27.2-2Daiki Ueno - 3.27.0-5Kai Engert - 3.27.0-4Daiki Ueno - 3.27.0-3Daiki Ueno - 3.27.0-2Daiki Ueno - 3.26.0-2Elio Maldonado - 3.25.0-6Elio Maldonado - 3.25.0-5Elio Maldonado - 3.25.0-4Elio Maldonado - 3.25.0-3Elio Maldonado - 3.25.0-2Kamil Dudka - 3.24.0-3Elio Maldonado - 3.24.0-2.3Elio Maldonado - 3.24.0-2.2Elio Maldonado - 3.24.0-2.1Elio Maldonado - 3.24.0-2.0Elio Maldonado - 3.23.0-9Elio Maldonado - 3.23.0-8Elio Maldonado - 3.23.0-7Elio Maldonado - 3.23.0-6Elio Maldonado - 3.23.0-5Elio Maldonado - 3.23.0-4Elio Maldonado - 3.23.0-3Elio Maldonado - 3.23.0-2Elio Maldonado - 3.22.2-2Elio Maldonado - 3.22.1-3Elio Maldonado - 3.22.1-1Elio Maldonado - 3.22.0-3Elio Maldonado - 3.22.0-2Fedora Release Engineering - 3.21.0-7Elio Maldonado - 3.21.0-6Michal Toman - 3.21.0-5Elio Maldonado - 3.21.0-4Elio Maldonado - 3.21.0-3Elio Maldonado Batiz - 3.21.1-2Elio Maldonado - 3.20.1-2Elio Maldonado - 3.20.0-6Elio Maldonado - 3.20.0-5Elio Maldonado - 3.20.0-4Elio Maldonado - 3.20.0-3Elio Maldonado - 3.20.0-2Elio Maldonado - 3.19.3-2Elio Maldonado - 3.19.2-3Kai Engert - 3.19.2-2Kai Engert - 3.19.1-2Kai Engert - 3.19.0-2Kai Engert - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.17.4-5Till Maas - 3.17.4-4Elio Maldonado - 3.17.4-3Elio Maldonado - 3.17.4-2Elio Maldonado - 3.17.4-1Ville Skyttä - 3.17.3-4Elio Maldonado - 3.17.3-3Elio Maldonado - 3.17.3-2Elio Maldonado - 3.17.3-1Elio Maldonado - 3.17.2-2Elio Maldonado - 3.17.2-1Kai Engert - 3.17.1-1Kevin Fenzi - 3.17.0-2Elio Maldonado - 3.17.0-1Fedora Release Engineering - 3.16.2-4Elio Maldonado - 3.16.2-3Tom Callaway - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.16.1-4Fedora Release Engineering - 3.16.1-3Jaromir Capik - 3.16.1-2Elio Maldonado - 3.16.1-1Elio Maldonado - 3.16.0-1Elio Maldonado - 3.15.5-2Elio Maldonado - 3.15.5-1Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Peter Robinson 3.15.4-2Elio Maldonado - 3.15.4-1Elio Maldonado - 3.15.3.1-1Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-7Elio Maldonado - 3.15.1-6Elio Maldonado - 3.15.1-5Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-1Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.15-0.1.beta1.2Elio Maldonado - 3.15-0.1.beta1.1Kai Engert - 3.14.3-12Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Allow for shorter ecdsa signatures by padding them to full length- Fix ecc DER wrapping.- Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes- FIPS review changes - add PORT_SafeZero to avoid compiler optimizing a way zeroing memory. - update the indicators for this release - allow hashing of longer than int32 values in a single PKCS #11 call.- Fix expired certs in tests - Fix CVE-2023-5388- add indicators for pbkdf2 - add camellia to pkcs12 doc files - fix ems policy bug - disable ech- fix the change log- rebase to NSS 3.90- Fix CVE-2023-0767- Fix QA found failures: - remove extra '+' from sslpolicy.txt file causing test error values - only use GRND_RANDOM if the kernel is in FIPS mode.- FIPS 140-3 changes- Update fips default for pk12util to AES rather than TDES - Fix bug in pkcs12 files with null passwords- Better fix for test regressions- fix nss.spec so it works in a rhel-8.1.0 buildroot- FIPS 140-3 changes - Reject Small RSA keys, 1024 bit keys are marked as FIP OK when verifying, reject signature keys by policy - Allow applications to retrigger selftests on demand.- Fix pkgconfig output- NSR Coverity fix changed selfserv from passive to active, change it back- Fix regressions found in test suites.- Rebase to NSS 3.79 - Set FIPS Module ID - skip attribute verification on attributes with default values - don't export trust objects if they are default trust objects from dbm - add dbtool to nss-tools- Fix CVE 2021 43527- Fix ssl alert issue- Fix issue with reading databases that were updated using unpatched versions of nss- Better fix for the sdb timeout. The issue wasn't a race, it was the sqlite timeout waiting to begin a transaction under heavy thread usage.- Fix sdb race condition- Fix coverity issues- Rebase to NSS 3.67- Restore old pkcs12 defaults.- build nss for older nspr so we can pass gating with the new nspr in the build root- Rebase to NSS 3.66- Fix various corner cases with ike v1 app b support.- Fix the following CVE - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC.- Revert some policy changes the generate ABI runtime issues.- Add support for enable/disable in policy. Now if your policy file has disallow=x enable=y it will act just like our other libraries.- Add OAEP interface so applications can wrap keys with RSA-OAEP rather than RSA-PKCS-1.- fips need to reject small primes even if they are approved - code to autodetect whether or not to use the cache needs to do so in a way that doesn't mess with filesystem negative file caching. - add kdf selftests- Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8)- Disable dh timing test because it's unreliable on s390- Explicitly enable upgradedb/sharedb test cycles- Disable Delegated Credentials for TLS- Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked.- Update nss-rsa-pkcs1-sigalgs.patch to the upstream version- Include required checks for dh and ecdh key generation in FIPS mode.- Add better checks for dh derive operations in FIPS mode.- Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417)- Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945)- Update to NSS 3.53.1- Update to NSS 3.53- Fix swapped CMAC PKCS #11 values. - Fix data alignment crash in CMAC.- Fix coverify scan issue- Fix endian problem in SP-800 108 code.- Install cmac.h required by blapi.h (#1764513) - Fix out-of-bounds write in NSC_EncryptUpdate (#1775913)- Add SP-800 108 Generalized kdf- Check policy against hash algorithms used for ServerKeyExchange (#1730039)- Add CMAC- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for all the CKM_NSS_IKE*_DERIVE mechanism.- Backport fixes from 3.44.1- Add continuous RNG test required by FIPS - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism- Rebuild with the correct build target- rebuild to try to retrigger CI tests- Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa- Disable TLS 1.3 under FIPS mode - Disable RSASSA-PKCS1-v1_5 in TLS 1.3 - Fix post-handshake auth transcript calculation if SSL_ENABLE_SESSION_TICKETS is set - Revert the change to use XDG basedirs (mozilla#818686)- Add ike mechanisms in softokn - Add FIPS checks in softoken- Update to NSS 3.44 - Define NSS_SEED_ONLY_DEV_URANDOM=1 to exclusively use getentropy - Use %autosetup - Clean up manual pages generation - Clean up %check - Remove prelink dependency, which is not available in RHEL-8 - Remove upstreamed patches- Update manual pages to reflect recent changes in commands- Make sure corresponding public keys are created when importing private keys.- Fix the last change - Add --no-reload option to update-crypto-policies to avoid unnecessary restart of daemons- Restore LDFLAGS injection when linking DSO- Update to NSS 3.41 - Consolidate nss-util, nss-softokn, and nss into a single source package- Fix the last commit- Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU- Backport upstream fixes for rhbz#1649026, rhbz#1608895, rhbz#1644854 - Document PKCS #11 URI - Add warning when adding module with modutil while p11-kit is enabled- Update nss-dsa.patch to not advertise DSA signature algorithm - Update PayPal test certs for testing- Backport "DSA" keyword in crypto-policies- Update to NSS 3.39- Fix LDFLAGS injection when linking DSO- Install crypto-policies configuration file for https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules - Port enable-fips-when-system-is-in-fips-mode.patch from RHEL-7 - Use %ldconfig_scriptlets - Remove needless use of %defattr, by Jason Tibbitts- Update to NSS 3.38- Backport upstream addition of nss-policy-check utility, rhbz#1428746, includes required fixes for mozbz#1296263 and mozbz#1474875- Switch the default DB type to SQL - Enable SSLKEYLOGFILE- Update to NSS 3.36.1 - Remove nss-3.14.0.0-disble-ocsp-test.patch - Fix partial injection of LDFLAGS - Remove NSS_NO_PKCS11_BYPASS, which is no-op in upstream- Update to NSS 3.36.0 - Add gcc-c++ to BuildRequires (C++ is needed for gtests) - Make test failure detection robuster- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Fix a compiler error with gcc 8, mozbz#1434070 - Set NSS_FORCE_FIPS=1 at %build time, and remove from %check.- Stop pulling in nss-pem automatically, packages that need it should depend on it, rhbz#1539401- Update to NSS 3.35.0- Update to NSS 3.34.0- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka- Fix test script- Update tests to be compatible with default NSS DB changed to sql (the default was changed in the nss-util package).- rhbz#1505487, backport upstream fixes required for rhbz#1496560- Update to NSS 3.33.0- Update to NSS 3.32.1- Update iquote.patch to really prefer in-tree headers over system headers- NSS libnssckbi.so has already been obsoleted by p11-kit-trust, rhbz#1484449- Update to NSS 3.32.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Backport mozbz#1381784 to avoid deadlock in dnf- Move signtool to %_libdir/nss/unsupported-tools, for: https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation- Rebase to NSS 3.31.0- Enable gtests- Rebase to NSS 3.30.2 - Enable TLS 1.3- Backport upstream mozbz#1328318 to support crypto policy FUTURE.- Rebase to NSS 3.30.0 - Remove upstreamed patches- Backport mozbz#1334976 and mozbz#1336487.- Rebase to NSS 3.29.1- Disable TLS 1.3, following the upstream change- Rebase to NSS 3.29.0 - Suppress -Werror=int-in-bool-context warnings with GCC7- Work around pkgconfig -> pkgconf transition issue (releng#6597)- Disable TLS 1.3 - Add "Conflicts" with packages using older Mozilla codebase, which is not compatible with NSS 3.28.1 - Remove NSS_ECC_MORE_THAN_SUITE_B setting, as it was removed in upstream- Add "Conflicts" with older firefox packages which don't have support for smaller curves added in NSS 3.28.1- Fix incorrect version specification in %nss_{util,softokn}_version, pointed by Elio Maldonado- Rebase to NSS 3.28.1 - Remove upstreamed patch for disabling RSA-PSS - Re-enable TLS 1.3- Rebase to NSS 3.27.2- Revert the previous fix for RSA-PSS and use the upstream fix instead- Disable the use of RSA-PSS with SSL/TLS. #1383809- Disable TLS 1.3 for now, to avoid reported regression with TLS to version intolerant servers- Rebase to NSS 3.27.0 - Remove upstreamed ectest patch- Rebase to NSS 3.26.0 - Update check policy file patch to better match what was upstreamed - Remove conditionally ignore system policy patch as it has been upstreamed - Skip ectest as well as ecperf, which are built as part of nss-softokn - Fix rpmlint error regarding %define usage- Incorporate some changes requested in upstream review and commited upstream (#1157720)- Add support for conditionally ignoring the system policy (#1157720) - Remove unneeded test scripts patches in order to run more tests - Remove unneeded test data modifications from the spec file- Remove obsolete patch and spurious lines from the spec file (#1347336)- Cleanup spec file and patches and add references to bugs filed upstream- Rebase to nss 3.25- decouple nss-pem from the nss package (#1347336)- Apply the patch that was last introduced - Renumber and reorder some of the patches - Resolves: Bug 1342158- Allow application requests to disable SSL v2 to succeed - Resolves: Bug 1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails- Rebase to NSS 3.24.0 - Restore setting the policy file location - Make ssl tests scripts aware of policy - Ajust tests data expected result for policy- Bootstrap build to rebase to NSS 3.24.0 - Temporarily not setting the policy file location- Change POLICY_FILE to "nss.config"- Change POLICY_FILE to "nss.cfg"- Change the POLICY_PATH to "/etc/crypto-policies/back-ends" - Regenerate the check policy patch with hg to provide more context- Fix typo in the last %changelog entry- Load policy file if /etc/pki/nssdb/policy.cfg exists - Resolves: Bug 1157720 - NSS should enforce the system-wide crypto policy- Remove unused patch rendered obsolete by pem update- Update pem sources to latest from nss-pem upstream - Resolves: Bug 1300652 - [PEM] insufficient input validity checking while loading a private key- Rebase to NSS 3.23- Rebase to NSS 3.22.2- Fix ssl2/exp test disabling to run all the required tests- Rebase to NSS 3.22.1- Update .gitignore as part of updating to nss 3.22- Update to NSS 3.22- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Resolves: Bug 1299040 - Enable ssl_gtests upstream test suite - Remove 'export NSS_DISABLE_GTESTS=1' go ssl_gtests are built - Use %define when specifying the nss_tests to run- Add 64-bit MIPS to multilib arches- Update %{nss_util_version} and %{nss_softokn_version} to 3.21.0 - Resolves: Bug 1284095 - all https fails with sec_error_no_token- Add references to bugs filed upstream- Update to NSS 3.21 - Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set- Update to NSS 3.20.1- Enable ECC cipher-suites by default [hrbz#1185708] - Split the enabling patch in two for easier maintenance - Remove unused patches rendered obsolete by prior rebase- Enable ECC cipher-suites by default [hrbz#1185708] - Implement corrections requested in code review- Enable ECC cipher-suites by default [hrbz#1185708]- Fix patches that disable ssl2 and export cipher suites support - Fix libssl patch that disable ssl2 & export cipher suites to not disable RSA_WITH_NULL ciphers - Fix syntax errors in patch to skip ssl2 and export cipher suite tests - Turn ssl2 off by default in the tstclnt tool - Disable ssl stress tests containing TLS RC4 128 with MD5- Update to NSS 3.20- Update to NSS 3.19.3- Create on the fly versions of sslcov.txt and sslstress.txt that disable tests for SSL2 and EXPORT ciphers- Update to NSS 3.19.2- Update to NSS 3.19.1- Update to NSS 3.19- Replace expired test certificates, upstream bug 1151037- Update to nss-3.18.0 - Resolves: Bug 1203689 - nss-3.18 is available- Disable export suites and SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code- Commented out the export NSS_NO_SSL2=1 line to not disable ssl2 - Backing out from disabling ssl2 until the patches are fixed- Disable SSL2 support at build time - Fix syntax errors in various shell scripts - Resolves: Bug 1189952 - Disable SSL2 and the export cipher suites- Update to nss-3.17.4- Own the %{_datadir}/doc/nss-tools dir- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer - Install pp man page in %{_datadir}/doc/nss-tools/pp.1 - Use %{_mandir} instead of /usr/share/man as more generic- Install pp man page in alternative location - Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer- Update to nss-3.17.3 - Resolves: Bug 1171012 - nss-3.17.3 is available- Resolves: Bug 994599 - Enable TLS 1.2 by default- Update to nss-3.17.2- Update to nss-3.17.1 - Add a mechanism to skip test suite execution during development work- Rebuild for rpm bug 1131960- Update to nss-3.17.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Replace expired PayPal test cert with current one to prevent build failure- fix license handling- Update to nss-3.16.2- Remove unwanted source directories at end of %prep so it truly does it - Skip the cipher suite already run as part of the nss-softokn build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Replacing ppc64 and ppc64le with the power64 macro - Related: Bug 1052545 - Trivial change for ppc64le in nss spec- Update to nss-3.16.1 - Update the iquote patch on account of the rebase - Improve error detection in the %section - Resolves: Bug 1094702 - nss-3.16.1 is available- Update to nss-3.16.0 - Cleanup the copying of the tools man pages - Update the iquote.patch on account of the rebase- Restore requiring nss_softokn_version >= 3.15.5- Update to nss-3.15.5 - Temporarily requiring only nss_softokn_version >= 3.15.4 - Fix location of sharedb files and their manpages - Move cert9.db, key4.db, and pkcs11.txt to the main package - Move nss-sysinit manpages tar archives to the main package - Resolves: Bug 1066877 - nss-3.15.5 is available - Resolves: Bug 1067091 - Move sharedb files to the %files section- Revert previous change that moved some sysinit manpages - Restore nss-sysinit manpages tar archives to %files sysinit - Removing spurious wildcard entry was the only change needed- Add explanatory comments for iquote.patch as was done on f20- Update pem sources to latest from nss-pem upstream - Pick up pem fixes verified on RHEL and applied upstream - Fix a problem where same files in two rpms created rpm conflict - Move some nss-sysinit manpages tar archives to the %files the - All man pages are listed by name so there shouldn't be wildcard inclusion - Add support for ppc64le, Resolves: Bug 1052545- ARM tests pass so remove ARM conditional- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM) - Resolves: Bug 1049229 - nss-3.15.4 is available - Update pem sources to latest from the interim upstream for pem - Remove no longer needed patches - Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken - Update iquote.patch on account of upstream changes- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM) - Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Resolves: Bug 1040192 - nss-3.15.3.1 is available- Bump the release tag- Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws - Fix option descriptions for setup-nsssysinit manpage - Fix man page of nss-sysinit wrong path and other flaws - Document email option for certutil manpage - Remove unused patches- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245]- Use the full sources from upstream - Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird- Update to NSS_3_15_2_RTM - Update iquote.patch on account of modified prototype on cert.h installed by nss-devel- Update pem sources to pick up a patch applied upstream which a faulty merge had missed - The pem module should not require unique file basenames- Update pem sources to the latest from interim upstream- Resolves: rhbz#996639 - Minor bugs in nss man pages - Fix some typos and improve description and see also sections- Cleanup spec file to address most rpmlint errors and warnings - Using double percent symbols to fix macro-in-comment warnings - Ignore unversioned-explicit-provides nss-system-init per spec comments - Ignore invalid-url Source0 as it comes from the git lookaside cache - Ignore invalid-url Source12 as it comes from the git lookaside cache- Add man page for pkcs11.txt configuration file and cert and key databases - Resolves: rhbz#985114 - Provide man pages for the nss configuration files- Fix errors in the man pages - Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util - Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit- Update to NSS_3_15_1_RTM - Enable the iquote.patch to access newly introduced types- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Fix incorrect path that hid failed test from view - Add ocsp to the test suites to run but ... - Temporarily disable the ocsp stapling tests - Do not treat failed attempts at ssl pkcs11 bypass as fatal errors- Update to NSS_3_15_BETA1 - Update spec file, patches, and helper scripts on account of a shallower source tree- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build3.90.0-7.el8_103.90.0-7.el8_10.build-id349220175a8f7cb91e1710c94a7b049436e82ef1libnssutil3.sonss-utilCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/34//usr/share/licenses//usr/share/licenses/nss-util/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnudirectoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=349220175a8f7cb91e1710c94a7b049436e82ef1, strippedASCII text!PPPPPPPPP P P P P PPPPPPR RRRRRRR R RR RRRutf-866dd7a4a4e0e346df56c94bb3917029187c99c1529b3a55cd96083a24937c05d?@7zXZ !#,m] b2u jӫ`(y0/!-;?iBFqzm v=eg ǷìjKJ83 *m3-B,gLYL_*x)v(Na+OMcJU$^v OvPkG ^G_w!3\H& V4n>̆.ARih$" ǩk?V\3yImdVrq}9vU/ _Uמ@qNʻb9#l7 Z QB\^sĂeeCYI^z)To/BH'^멓{ &bOhЖUz9WϐR^&I CLDC=J$J8 KQEu[GR1Vy hA&]|WUd y?UJ9%rxwDI];c6Rɾs*B!}Orƻb-DF=cX-t1@MehйZ0agsi cSpV \'cVH.>'&0GIGWgx:pI~)) ˲jQkfЈoƏ_S6"r}lv76t9;XuDn6UN *LUs, OD+2l٤R]fsVc|U ;HGU=Cj#2'1޺mI"{4#PgVښc-`]TqwtLxtÌ]9A?6QT„z:YÕհЁ ]{{0nsȼD(QӃLjil{r㟞~&DZ嘭(:X'FsQ 'kwsB7LL#+|_;ֶmŠ/hx[g# NuX4.!ǡƾ]SoĽ!'hTǏ[\T JT2] /VRC6jDhH[ZNZcjp`;ؖS7}VxVMYg;}@0 a@Pw|^uk>m&{-=^Dz7ݵ^`m0kL:>'x{d~2BM=2b$㌸(-&+"[{t\ :[ >_|;X9A" 1N H5/T,ZU& I+z\aG7&0Tys2UɣQ.4pkJ 0 z[|eMAaR/!%//UUS&6mc"Om?)VCbRk$c1m~@aӻ/}T.Q(u b_Xu# K S=ʒډ1.P ]YGP?~S&],]ȩ`x}|F ܫ7GyY Sbeya_[%н@zCW0#f0Dm* dȱZ6hgPS?|ϸGbu߷'2=+B?Mqʀ*Kܺxg%\ {pY%}[hy$PGU$Zzkb,R:1{EQ7-s$mfdcsTLсSr%~w.MWlySu`) 5467Vc {Q*e0Ӻ^/ 3tW%w&]QYuFyl}]:z`;K<=zR{2ձ>XtԐ :C*1F?]"VI3RlfJ-z-M5 ҊvP1ӥɢ@ds֍:+ ԩJt1Lz$ E)?lZ7@ܷ%nqQH473 Uw`ث:p\rJd`Ԟ 4ř) $TOq>#RGJtfJFmjq$Sìg@ Z@|ى1afsU=jF5RP'c>LN$>9t[B%K2?#BHbn?;Jvjo Щ۲$'ˍ`%끠A>+{ʔ֪Q&+._=j̟~on2<3l\[l )C +EXa^C dN2ej&VnXR,'I 3]m32YƉ1tA^Uliˢp] D7U(:5ʚ/cٸoeֳo9%?W J- M6pn|rcVL&-[6W8r \z0U?K̒VRdL)W U~sFNtPӾ#Ҕ|z[lϥM7ȇĮ۽\l˿IclTs" yy5}黪JsGŠѯݵII!fT*39j*}l^wcg\m1\:|;⹩:UEɛ /Cr`q-oŴ(>RUӾ$3 IJAH6tY=CP*Of^m;׵_ݨpaӹOD0Z=yǚ,)zW2Ʉ5I>A̢6+&\|.9zm#-FPwVV&،\n6o]wXKE#fj߮ɺ.2"R2,/'u(Pzccyާ3j_iTcZRb/$mꉆDI*9p(^X8̀ Wj!ekә (xѭ \,X!}D9SHZ qa} m~Q:.F2!?A&˗o =wLGbLZE=m[Mآj\MsyvIv_{tYv@?1^ vo5t3ٹ]XCRZ%7Gj[M);^-1voD$! WfV$ix >F 'q j!Vs7:z=MR/&*FC#ӎʞ<~b= =b&7q+mPH߄ud+[5֩XFx |*(ږx,oOR)% Gn1I|j聾#xܓEty-26m15JaGm$it2)iWHDHz/&a`D.7x_QT[bn]'SӈrvM}(Sft/Q{į&5ggvf8L8;zFl3xP 1BSRӽBmHqJpؓg(k]ƂQv X.cڗ%:~Q Ħ"\?``C%63-rKbT+],V|[d47tf_oDxȞ@2x4̭l2~O* `ìɟ@Ao}Rt oV^ XDgW0x5$MK[֌-sb%E6CUO( c [c}aد|wBꂐKaPVaur R{U{@Ś_.BM^xG:FޥRTT%:UBk+T1M>wb7zr8GsCKh,zD`SM{'U> gT߬_ "y} rr:f2؝'nyyw1ݟ1($>Sѭ!h ʧ ' e PڟݰYJ[ =bH #xD2(M]k] I\v5y\yY2DTyl@t0>ucWj?2?]L?zm6zhY阬A:' 6!U}!qma:L5HYK^YST.[(6=d=eDﴲDln_:\ճշNr86G$'RZn#R;^OG3E9r#E ħOvvɯ|"ݸ-6j RSņoזOV"IYN-&Dhu 29ASm'x{"K4,3˼?MhqXMܴEr_$̐NЂc¿P"D2ͣ*L1:13TPˬ rɢFkmKX?("]e?V]۽kׯ2@ [i(֌ԯ! i\{Gi(jTuti@ޥӃ;v8Od*!% ^>sCy. ZBN&l K5?)|$P[8W:{baM50F AD*E$F~clTƙQYP$ʡ&?>?:2l (?;Wo7k@e8#VsR1!}ٛ_B% Oi0Q]E.!2eO2#8 5` "eoFJDT(aOLY7 a+C{[o=|ޒ-bZxlvbհ_+^}9O *7Kc8);`?;^leY~2X>6h\o ~!Jopyϯ'_ {gmdT;QRylÊ/_털MysOJ3%-؛Du1+UA@CE2E5-U &\^ xd:JY*fR詬ѽg = h=o-? kb{cR9ČlT@-5( g*T]r6oh@yGU=PfԨ"/vh0k>~A:<u6=]8BV>iiY ƁZMrTR GpKR3cת'TKk ?Q|i KI8Cws!̸PѱG񈵅RUzlp̹|=Ck7u8st:ƍWN+=Wޛ@ z3 ʹFI]dj/ wB0TH"049:uaO܀8ǫhW!usF92D6٧PXD#ޭRQkG[4BPRJd3s @W1迈(VX+Qy)PΏ*⤹Ufg^d5\Q}lԽAqhjZ",x%%p >h7 q/j#:JDklz*n%c,P2"VzʭZDp~ 1JW:.ʞ:}cJ٨԰whFj^*F"Z]?l>.5 Aͥ_`Jj$epSu򀼒zqbz@cYq Nk~7h474J ZZ^\בTJ aZ}B{5 #[tvV$Ǖ\s PquB'*CSOF7/TѨLȠ~z)_&*߸#K ĊgbNtՊl!I3Şm3H蝷fۚkdGJDA*AϞiƾW{rAS-t 1Go HXXja1~^Iva 3sU&7B fzg/F\J܆!nf> GPnM,'4jݗ ?HL :YyDu6sP+(#Mqi-qq~4 XCOR' bmT! |byaL=v ` C.sBҳ⣢xt,tմS0O2:Tz {铦p75 p˖itZ D 6Z`Ë3Z\  ) )n<ߎ-ehă_# -fE C>N_q,.Wh RYR܉Њl@dcf=qς^AA5ٙl;D'Ђ: ୑jD[ '|vcԊ59,9׬pZT?Oѹ0Pe]ƒMr/:`-I{!i#hlcLڭB<~ذR¡Yle9Q h ڞ0LDUFGpI]Z-4czuΧ-!R,hOsc%t+Ƈ}cW<{(Kbѱ/ :=ɁY}|@ͥDYFxbX`{?+QHw$h*_2JStRx_1aW.$1Si R6e`&gL$_gѯ?翬p~)[F4`Dǐ/zPvL7*R7{@@$z_tnyз' 'Q= E6/mUSRN__r@y^gĨo8ыA!}l왷f&#}ƈרije͸,8Gf'o%űQZʗ<<͋C{&&LREgbOΙ]#gkwzRadrRTFLܚDֺ Uk-ZTO:~>޷*MW㎻܃ 0 m<|_;H t\µM^CctZ$82qby_}nxɖHF 85kup0'ܣl;m!΂Pf$ f"~lEjxV#37s*<r?qXaΪ O0;W$^6pg .axLpޚV9uMZD̨p'C3[yDMvtӻ1:YkM("d/P& yKt))1Tt9=.Ǐ2aM5M5#T,tǖS& @t Ի k 6ΖKV02cf"9qn/E揘y˞Sgy}W)9왏pJ>[-K4u@w5n3!(h@EZ{Yp>q{v TGǴ&9͑/$X\3)q@#6zTUq皃"9{޴rZ1zտi{9VI?~VֳxA(U+;w^dɰw(;4>z_boÓ:W&l{S( ~;1;Q~>026%_9KCF BQz~UENJ "A-Z IVZl&YH$CX8XR-2]&G%M 8-L>x;'cwV͝їyq]xrm^;] yJNhm"n gsy!݉||4* Wb՞y׺AsU{%` O[Ym:"4͸G'&̪tr"4eP]r9# NIqb3NٟLgdt43)=]+?eǟV.÷ [ OsGqCI6'̱75,ur'du)ZٟQ쑴-~d״/P&=wOھYLƩ,A٩mlE)ݟZnūG]]Scc'K cVb;3 Pr w:aaBU1<~Ɠٵ! D'?́ uWELҟyB lc[Ai_iM/7r1# dsǂd-J8emK/#$p:.] yFG!J:J;2Rc}+u-ެ~ApkTƜ_)Gd蔬o}@OJՋ`0 >H4Rڢm1d~KIwL-B_j6].ాZJ@C_E*D[Vt62E5'3L]o%(/5't:R_FR6+kd5ώN}0C5w'=!saP`1 "Q3O{/:JfD냊[%rz?(JpP+Р0*L0:tlz Gn)^фSqIܒ U g=h7s:Xsay#MeuHklJ9SeKyBo@hW-09w<,<=wx>&00 ߩdyzm2PUuerIYη\/S߉ߝ@wF)C͊ؔ,02wb LpJp!CI}I!Y?rwT0 ex٘ }}Ӱ=~(&k4-)*BVO8F@e1O Ws`Te08 ."s?~ 9|Ӂ2PTq2rDuRa[;m"bݬӹ,<pKt*HӼHvn:o(Q7) #у+g(^y!K(7Ŗ.$&sb9R>!_KD $ y 21dYi˲ L*>ꕚG'ϟ§/N2I*Zxd>KX<ӎ,8yaa8W/C:%`<a HSV2 ]0!p%+sJ];%1Z lcdQ]]&KoII )ɘ3@9>AXw3N*9H;(n^pRjQя x @r=^| v )HI2.:AmNދz%M#gKjώW*1$qxjR$)x=Nn ,VwIy>KLjuQmyΣ#C;rILlV}qM_ }R`@sߊTSkI ` G;$,H,&5Шe懳#5KNQiޔ?*rVI $nU}SB&өuL5/GaLIC馊 jP_~#-zU\k1均rD9VrQ g<( E%E'?rDN_8T=BmI&moZo.xBg2p/%v 5ngQv& qm, 7:%cI*H4'eOw4(OYQ]yqvz@TWҍ'P_%yV]Ɛ>?b踞V!Lkyƃ^#Ќ0Ȯ*aKnڞ}7d)XU]p̎W cr:Z3G\OF BMs,WU'g {(dZ-f[7N" ^+!^ _.laޜ-0rJ,GohNij/?fg*Z+\SE '.Y '҈@}0F>IY˦ұ.qB7DEB,Ht OF}pXN< m ~hSq=NVA?`C(+!) 3fo_3&~\mTI:X9uKPEI|qmJH׷Tt.7lFŻ$<} !#K'aY%̈\ n,m<'f* qS%C@f SMʕ0< L G0~'2Y&S<)<ӛUVglLc t" dI)G4O:V{A(k3M>{mV~h3l.hm9?kX mgPb]6a9i;)$a|E[IQ j&ĭV ֺ2 M gexpWgnGzV-h,.e+GыFWE ٜ;_l5Hk5CF!dw[mf@ |8 7E\؍ObKuF] T8:N.1xJG9S 'h+Tk'["_AF<İ׸9 $n·_=?g5{va"z2j!6fw&RB@cl-R̡{=8%"F7-PGP*shُxr5CG6z ydL9%kJ6b?_;M{g#ZdX>$>Wу`cnFX! &L>PKt?=>G@-kF͋ Sq&g(&6j$Mdդ֢‰bN$*`ت0Cǰ-o&YOM CCNL邞AY+`K? RSƲbvpʰ+yҡpC V0CJnALZz 5=^n-6JZ؂%݁bXB FK'2MCIyp%0+@={4h`:lµ$>ޝyHjzP~|mժ]M "Hm~GCIDPf gsAx]Bc.+A@d٭ωUD-x[c uƣؖ܇E&`Ƕdrypb+Qؼs{anj@dEnW 5ܛl6w ,8[o=СuEȧtF <ݵyh6\J\wpQ"D|"/Km^$huo`xt*ig}/SKcϩ!ݮN* ?vep<-˅R(=#YXM_COk׹&maM ٢E_!o[`zf#cKL!iq]"NO~yT9ӄ`=3G`/:z ̐kg됤C,@[ %-8h@ ]KVHhWCBx{X2((πJNLs+犻᎚!>ڜ+cӂR cb9Yr"@\&5?eɝ8¿:HDil-@l!>ʟ vܝ[/vr/`뼋 3ziͧǢUK埃|9fH̥hfL͘);=t7sQTQE9}1>f.h#;V66Gi4q3|NnEѧG ;EߧY&76M&s>ۭv1Lt?Uf0 WK*?Va =53[O{)B%[JZj^Pbn-~3P%>4>BXBsMQ|b-cC"\!i, ڣƒ$G|p Leinn2PvnM]R&ME8­ϥԂDw|ެ~f*9kaaWV|;eUIУ\E8?WúnQr5|Uʡy C?kfIW@Vݖ#/r4#tOU[v%Ri޼HK-׳?>[<HtZ;sPa g!1G +8ϱ`RcźT< FխP&;MvMsz|۸PӼUvpUvRn,f*&pw ?`* (O(x4`Nwnn$37,k'L"фyeGTU6 !2ϻxz7#O'nG_í6h)1ԗ2!k43o`8->e24ۅ^rڋ} -U* /) w(߶'ug(,dW}uQlgub`Hi7~:!c"ZٖtdG*]:XL ̯_*`L^v{]< >SD::"$؅}|W 7C:Ob0@@9aaM|1i:بV$괠4*Q+Y1T$%J4{ꃿn됚i^x~֝tPCrwi^.| `Ȼvnƅhdq4-fF'"2E)/V:AJWOR;\Sp FjiŚFvr9W?1J[,9NWM1M l|O&E8q Dv߈r]D]G~­?("­n`mz,xXʬ <߹w^j%+7vX?ͪT^YVk&.KYzV3=8+GR!.++ Ns`^ӘsK^N!X4H馒[O76;Dj1FGPes*(7mk~F"^>Ud#2|=6V-% ['V LLہ &1>"_S?CJ(֞oN+t>>WRW5?9ll7^Gt7bɷ9 &ĻJj4 y /6 "<Yn6JmŕԐf!2ǓOU'j9;w6Ocū ߗM?XpM-{]1co]X!)R]~!thDۗvx6 T5̂)v|Z#~hfNr8n[`f~QEgHqD4P|A=@ (hXcaلAOF{+t6Eq&*}RR@w]mFB[N{WtSL%I}cgfvHⲽ \Xhu\ܢ}޽eB. J_4\@aXu𹒺v_׳ԣ y(| _wP |Ӑ}.L-]d/f[^7Ai|Tj|{)h[W>z-ؗ?brO> &uJ" `g3Gjץɛ ;V3Oiyg(m+hQz^pJtOQjWB9^cGytjࢗZ#Ιʣ'M:ꩤoZn?Kn9nFl"x]PT^V:Yul,LC=SD; !d&܇9uƨB=Ұ9N@+'r:5v-01.bTP&u􆜿~2&ds&̴LQY{'{|dQa5L 11鱓Q8_>^Si Eo\F)ϧkJ"]Lao:6坖ט̓>Qp$?rLZ㦿M}?  oD"A *Z]7S;tB΁b ҅Dbѱl,T.iLJn_Xkߤ Hs7RjR=GT˩M<ѻڼNKo]/C?\Nͬa4سŐ&b%=؄@Ze8f}Gׅ'pTw$3|I*enZO=Z;LQtfRָP&j?43_5’+< G![1M)aqxk򛨷.8Ug Õ3I{w>Vne^:MC`dbH{Anh)>eRU ޽M9MJcȰ'ZBִ$X'^>9aS4G;:WOPqWO3#mJ*f1cA@ `h֡D{rG03er;9o5"&xd(Qӹ#ۗN,¸s y+¯}NW9Y?V3hz5Bvʝr9ʇlk&r%Ӊni3'dڗ'_ ~@fdQ>g̾]k] 6\ cgFّ ߝ[L-i4H%%:oN7*~W- l [5{к&^ȍI8~+ŧAizIy,f.ND\Ŷz;~~x qJQ*Mˌ'gWPcM)l\n[F/T#eP))ŘxMunީԑiJ@.DZQ_$N*{745Qsb *Ad#}17\a<{1X֦(>NrnŇܨ8ZӺwwb,PX߶':͕o^VĎ(,pqӿBx/ z0@{ݠDej{|_D!ᤦfQC7Xqaq=bJ"bwZ>Of/ 'p0C/z7u"% ׉lú}꫹5a:Cn$? V ֽAUMJ(a j;#p) 4Q`K5$κTmeCnHjit10Km^U 66'ڄ,\=f"ԏl"h97M/J.8I3kU2D]tp\̊Jg `BbLPܮ%X"`@> aoY_mfF/&DANBoWAu&Fu_Wb~NV97H u-C(SK%MI[n8D_pOy܌ :߬\$ ~&Be. ^[Ɲ Mգ12e."@1)xBC 2oT|5b#4Ů.5TtT3 n|.`p Pװ`LR q`lz0d?D+<~pS%Bc$o}@z [̹% }ޙMKQ?!dp8Pw--?r;r'4T? ύ=u(ޏw U]:";/Jh )T[5_ %fT#j)n:UH2)yx;c* Tn))_Chd9CG*waQRL@XJNLO3}Q*^ :rm98:G>u= Q؝YBd ~jԐ_8PLe;(01-g)EhO78 bij]A7%UX;mU(@&YoC~NC}qk'A?_Nȹ9_ ঠm{5m0!x|XeD@B=vA,M%$6 L"dY8I &F#bּ@Ii!F ތ?M :R%g|2MnPʿ5gV/X;Mք;ҭDC{V3xI*#ˉ@/b0{/[YOz%iwWvlhy>CGzhb>ֻuf2jQJLϫF=3ɚR+e0ʨ@8]67pͫ9_ׂז \줙3WOg"=N \@ @K&bk-c0!M|ךN-Ŧo^:BQY_[ C UZK}&+$#8V5Qq2{0!M%ԣ5|`4Ȟ]nf~S3U_'ްYzh/mnkޅqtM똀-~j)YžE=K",Q(;x\ )ޢll׈P|FЈtulQX|^gP*7QΏ`uҗ.hH(OA ӾCh3x'ǘ#FɈbռ ]Kq(k nޘG ۵44h?qFe[Π^dD(П0&|ؤ{7h u#;U6dPwGF%0~~xEb5R( Zۡ"r/t\eߝuzlOʮQNnW{ vU:(cѧ}py ?11u;SP~ުر3-?d9c큝WRglY'B,B|OKo Hd^:1]*./=Ad>% ӆoUq{N gNbiGn&rXak2Ma[MfdZ{foz|uCQB7;7"\rlWT ʗgpvA&Z+աmie t[H0O/Oq !ǶZhia}Rc1Mkp&I}XxǾMq"7 ٭N'+LNX)#4I]Rɹ:5<4r4ҒchHj#k %IsiW _Nuf1N-V伥 +ZXf8٘G:}߯vI.C>E:9YĵG&XmWs`i()]8[ܒYP#f)'u QjEiIe;U;BÝ/40|^CP}Rb62 "63Cw2 _PClCQ*Z A0{אYtQSyAT8t:s HxG:{N.lW=nӨ~)YM\8FkNoզc[x(Ps} ^7?>g̙+77HH5t0(Qj"CKTTPi/Q-HkKMHZ(? -u8ˤT95E˓ Y^ϱ,68juH0oB}^22sP ~4_owm%48gbQRpo4ө`G |Ch/ a[WL(.'B"40\&x*Ȉk|294:y{+,߃z))eEJ gNklZ˳Dw6(yb`ҳcc$ =$ 6=,->a_j9۹q=mF5&n/o _lţJnKpVD08ɟE!=V tM7%3ݻܾBȨx||%߇L{fH&IW@oL#[ڧ?A-̑kq<ɞ~ GsE~i]ʱFq]ǰqCZ3jq<8RFy_٫K4qn6Ka2 3&`~tbzۙsk8z#f 9֟ή0{O2I9ݞos"k!Vm&p+q_7߹F= \'+60 Gi#C,v!x tk_ɚ24gmESiȦ{G?~ 9"!"

nbĬkI{F: RTW*x2)VaF'b(Iks@ cnA+Y`<0YtKIO9&kcYdl#NorwRPc;"\7{ BqM<:[Q¥RwvyX*0 F#V!\L=8P37"D@ў0ttFfO"oz)&W\qSvGXVfֳeB?!g%=dm5S&,e{s+ l'͎FbЦS!Ke*)tfCyC$0WSf;W -Szͦ} :wT7'~OT]Ш,St nmKxd3u)v?}יF\~ 5"]UBVHGl"s)̓2u!9WT~Sӊe^|nc:ik1-3DO| N <?eODUۿ[8R[pՃ%I׬9*F$00]/\p·$7ks+䄭k?YuEcH]oa8%(v=xxlf9NCೠ LWH7"ُO f<[/N9E_N1:}q9g<3Wm98'4غ:S_ù7 IGXJGP?Y Zyeܞ/дpja b {4tEYŠLR°o|P,"./'נfh[ w$$$g.%8l1#MI`#HtUkwΤ*@Ì]ܷ'ɴkO qToFS:_ZL//':J (Qڊr^qY5cļʈ9sCA6Gj(QK܊2#LR "j'.WVToJ-Uֲ( ➖}oD?3#ͤcfV`*ĥ}s0<'7ϵfAF`1k;ór=֩ =1%̽ y  s'Od;*UhKti550<'>Vʱ@S^ђ2eU3 gw~.EOD}Hڊxhq8Ձ<"S7z^>*,9v٩U2 N'Eii3CC-HacR*&MS/M[A9R|,iҤt|#C@T9;oDZG9K䏀J<% T|~ cc#k{.yIЌ ^Q|1Kz)T1hg(x:ET(3Wj)hrgN 2xfӷEP;n/ W XKԎsL? ̿ņhx<Q6QVEMGNJK'Et_w.d0"Ǜ5H^9e͋=ez͖E.p?{AgCb`{ކYI?/iO݌w|[ ZpI@S@$g  ioP5~5A1{=}D̋)3E?נ-Ť.]n*W..!P!GTjIWeg(0֦m-CM}Lܠ7 2 ;l'Ft]FlbabnbޞM2X4'}1"kU Fol4N<NiHt{K|}P^8&ߖ 1(TWXVA$bPEyN|Zؓjl*ޫZ6!=3>hYQQv ,Kҋj;u'(zdց!MU{XBx6ڃ`}a4"}"`b?7w,*qS~j1@2@m(ZF.1+S t91Hm]y-@sH%>ުmGOӭ.]y.o`Łԅ`)l9} Y%D,_KM6u_Cbw+en3L}e;%1Eiwb&z7)v`4K~;k Kh).lSƽ}};v NXbE?ͩp>R%|Yu CP!Nw[)'-GYLd*c]+7]fՐb 6XY1JPt2eL105gY%?&bN@}BkB=>a-.V`+U/җW%+u{SOBU<:YG".F~JXwƁ6fKO |8nByJ9Vam8<-chi.OM[;k(6"6az[oèE0-J>(.a}"IG(mN"IQyzq}g2jWFm?ՔrrJ0Î^(a^v@ "y#1E`a'Ay3̀IhÚ;@bu2 ^ry5 'T~!;yP<8 rc*&!ղΪ Dv,L A0WPexΩŕND8-`;XОett?暱xh<()W|߆_5xF [n_q!5zGziӸr3;h;4~ht&εvӳEއ Z/k!LO@!qD7[etȾ̐,uןύ+`ȥ`R-<8Yb&j7fWsPJTy.hHe]\K|72aizXކ G)&J$2BLfY(A"!Ir<馫י^UO;0PBЬ t[5Un[NxZ(KOձ7i 2 UJ!/iA{ݶOj:?ǻ59N!G kb`JԑttMw4 n2Jw+{q4Km `&,DT1`Wu J&mqXOOZ!&p7_C\;QظT 7rU9UXDSx@Penu -rZK,Y\fFzg)?ߎD汆-OVUZE|s`\~# 8mG,zĿM`Wb´A(.To(K*/ɪ)3It,z{Y/=ˡGŠ=(%RVUYy},'Y> k}ɍ uUw2gWpMWC N䎄ТfX"ºcp$7(xBoeJÊ\7n~Ewּal!VNin:#dy^f5=!xc!YHazuWt^1 _rkok.Q8GDdG2`y$ ;woe50ہZD_=}mm^<:>b:TɦLFؐo`/Dzm/~X)ѳ=*Y%K,HHuM 8Ie%KEVFE):QPԤX*ٵ(_Kԓp8FoloZj0RE66s GR6"!›#xy[_a(i)eG\Eu`1J'*hl2Ea9PYh=X0U]&:GMܰӸxwW똱dG3:4c炓cX&om@팆 `DPUח7R嚜 ii{8WiכӹhxMlsECRڼäoV0IjAqx/-Hd :.%6H9ɶP"/FEhb4?w M{ux6Rw2K#<'M7זQˏ_m{bp2K;aDzmF?0v;<FjH"Y1G y ْZT;3WI~3-P:-λKN12j.r-O:eqd ɐ:??̢"Y=Zg. iffܑr(3w^Ԃ^gqb)ȶ+B ~E*. |/}o}cI+gϨ$،L~|\Y^TJ3ckCذ~f@I|7Eo(jlij9x&ﮞ4f`1x'àɁ "9pi@ձuv{*D 2)xXMŵr߰ۚl}UXavEuIx Dz(0&GXAAΨϒ cK M)DkRv&NHz|̱R pWb#jwd F Kny F6ôB5bȌDkV2޽Gٙ¨%Q1<ZgO=䘾|K#8Hh};U),Tt s1 }CsE?HKB_.(RQRua {GۨZfAAnZ˕b1m/V6[B44yR#&~5Bqmi@UBj_g]P*fF Ea#5w*vqNBmBE߅XTpv%.EbG~ )JMYP!_ꩌ7Q+D9<uF/T]rg{w) 4XzC#} bM__Tbܧ&)1Ow[rN.B11gV&wgC &m~\7pQ$`_*%*#j4.R_ǭ0l?CI}83 L|HVP'3,?8AQj2qA N0G$-`"@os3IAiQ gKDR ,:rn>SB~.t:] 4.e`LuFӰ3r_v@԰Y8+lÍu4:@RgVN;w C"PA/ZԔ8ypΝVlGڝQ_5&{ˆ@%!FU&/Ħ樮:ȉQ$Crlg3]=#b@• ؏8eR-.9w0d{ [x+Azբ=DUڨ7OIX>|J,͂SܮCז-DMӚΊv{qcU)/{Vc&0ۗoHŀ,P SR qKC4s_q0s߰l`aSgL3˨QFo?xǡeq×2ȝg}sPoTRdB 0S"OS+gky*iɇ8ؙsgG#dCXɑ)@[ӕx !"'ST-YdZpdQ7;\s>Q kV.!n }} ӦZ = =WƱh I;ζ7xT ЇR`z=.܆gJB;S‹KSP"*t1iL7ӮE306݆w{r^w1%驋hjɸyl _9CoUnRly;[`F% HjTeAB|O&FstFM9ϋ"X o=tV RfjbaʀcQY?;rcGǿ9~B,BLzg,'v*ܷg͌0cy5yKɋR}%8!N7zLiBqǮc!DXP"ķ#Kj 0|Ov-@a#vB6"0kYMZPHvCF{ G#h~1+D'|CŵVB_&A%K?;$#QdA,9l7oWުqm8'm`-{"__12 L{mk4:lj QtU1_%P$T=V "+d6]p{G ҿ|zL˳~S̤)5#eC.uz$3d;HbZAc7r&{L aPoPdI{*Y[ɍ?e}H|-[E:qI`$7]4zsOX4qel.;|kg!R[]{`s&P)Ft7oVpt~$H'"|S׭처}pH7| T[eU\Iy>i|jsHtcߗREq+eY52-teC*~ i#s,M<M Kn!~.ޛ]g2.֟M+*wV_,O>u%EgL٦d)ꕪp`#ECXAٿl sct.~d6%?x&մ}'әaa TΎƁ˨ WJ=v"PڞQ6¢=ƭHL#y :vՖd[DufjdhbVI 8R(ՠ5k OiJ=ΌX!) WT'MgVuMcz칉>SE3"^n]91Z5&x Ju!gn_C97ٔz:T>cH0Z̑Vݕ_"_}qx"jqHQ )"Ɣ;X}XWTF  ><S~sT <=/0A%zR:쯳QQ=8H$%,}WgEU;3hp>.`lPWqc to>N3WGe%ݺBaԋLUJsaq@Q; MBV ycx R:q+hhzt |V9 f&.CL*äm}_z<j.rB/&4,i4\zu"ʎSNҼ6õ1cr=b+\ $?.y-n?AQ]o߱YX% f,8k߳@@YhT&7qxm1S,TqާQh:5FlS~gLo/F%s cdrє#;(ޅ)gxB'xWQ\lb\4CjtaB2KxdO0ζeވr #J >oԵbzZxyKPymx )= п>TC+ioTvT |t#$Ӛz`T*UZh0fAJQ\\Ur *.mWRW#j:eJ:(w?;dzlRAjvXno'?ֱK2UfZqe6T t?_l#AXX:H-SU@ҋqfw1FFhLdtVa (f-1UE-goBLt{Tkt@UBLF.d@@2JSWQ@|}&Tª3g7A8,iQuÜHU:Z J*h:ԆɯrSDٕO F?xg!$"Z寁c{~}3xe2],x:@S`| o5́.(nssDB&AZ䑏N+8 '~_ { AL؞:h#~~i\R^z0(ujnMzTq1]UNb|~tYpyT#8!^7Gu7#ӢMq_WKF(2J5-FŒxō-o8tg.NbzN4fJMx'g/יT4QAqNVTG[EFo~=h*9#9x5ޏngY#F2ykq86d +6?Z|YGY{ Zut$!TXGY` f ٱ@B Zfw ;.2 D{b꫐s%u[[:`й+ Q ؉vaE.85'lW}xUMI*+49WK֢Y`-$:29G *wQuMĊx; ck.ʜ!67-v87S @AgQL׬UlqF >k~ 8Yu?j_B< 26mW;:j~%9CגY: a^#4PYkQg?0D`)>gX\ͻٱ'6]tzCIQU H|C[r 8P`z&PS2 6`v1nȞ* .K(K`a[ë3;At һ5+ +;aj]s3#({nj^R PzO`6@늌{JӜJD;ehu$'q n+nnn㇛["oJʂ ¨70pgtWC6loIE:YJnte-0= >3hv/ .ލeT]"RHS2sAf-BQPqЬZH-yX eX`)pBQPi5g+㬡$шO u㲶o[x&&Z$ MXE(fSDv9>J {{K&zP?ݐaN|] V,۲N3e~,RB;w+G/w=mxJdmVA]";Wƕ~.KxR&ٷwNٴu&l/iЭUy:a ?暞 GC|IWKΞWyXweJ?P9J1'2.b^2&̶NDj1nx)!6;c|Sm-J»:qf;Zc2+9QFW3(&vhn9Z+wRYH?i+Z4^n0Ԣs󵾐bXJ PwA )MxU&J8U&?H*xuދvD-ՅXi87pO=h[qGC^f!p؂sBwad<YCO?122BkŷS߶6iud2=+Y2sN.DX73+ c2[[(6T&j{O* [c9>%-Sm.yܶ2}K?Id c<@=KpW޼-\ y97Mu`0zy8ZXCbRۛ < La[!AK߭B n\&~^ }pE+K!¤/ _IMx;L]xWO5ï++N˕gzsyy6TX!s?3аekѫNy9":K5儬u6$.S/OX㑩"ؑδrFǟ ٮD~ 0tm|}Jtb cb"RWf٘?xXӇYc4E#GCO6ET@N\aΗq!r!B pگŜxӊQdpdD|`~g01Ru]&{~>#(.~gY0GiFZ+-x!ѕITwع1?Kf^kwP~SYg]'% ֲcЇ\Yubd nkot?Ģ}^z Kjc`1-RdO#01&XݧG'O*u,Kܿ4Z!!MKLJ4nj 830VРzZA XWVL^t+?[mg>d$XoICizIv\'0T"O^ KV^N4_U8=zmGfhaCo/nbAC<@d9N_lsSo{:h>4M@ GٷSJs* hX yo5_E#`TNK#֛޿S&mF*9BN:MT]@wYeNSfMĝ pOuY"䁻>vDO?(kReS{IEbqܞZ^úDu>:n3Lȹزi|^H8Ir< ?[sE3fvE],& ̤/yQRAݞ-ɟR$\))JTE0m* 0Ҕ"zC꺊+|U:Y; £a*gm%EȰ};2`Fx1 ;QRF+ZLz͉S;ˎ, UKc7$m*j(ͻ*e.4|=ĂU{6b;8uX`\p7WqD(W:}Ȝp59Q846_+/NDQ> kwlx 9iuæ^tg3Q5J6D|㊵ |+>}qdT8mdDG NtHx$:?y]G+"_|!b@]DzF<]!jnUWw̕cD.hy:I)^,3Sۄ~}]x w ~Gn>#yd>#Pv_+g$G)*xU'ۏzNݶ-BG1s.uVj+@r0fFKy,0i5t:MV<}@}>]>kJ C}`%df:deB=k@3`%?XEUl˒@⽺O50:yTlǠGLh(./d #ѫ@++M_amq߰Xxӈ5Do_r3{L 0XRr] kza,>xOZAGSJ,Dd |R}7|dY9"4a19b,-;%9W11C~AUձZRG%,3csQ1XQ {p v~a3m۪q= %VQi(* DE?c=ET*Iw L\~R~ /0utqzV=#SU_bP)ocLar^1S 旆t2٫f.!'1|iQ]-L'9pפ#9= yF'Rc.* f ƮC΅fئ2kټt#:b'2䪪~RFױA,mV\mo84ޜO 2⍋v3B^0 +g>9k\uzF"zpQ6hfQvy -Gn84-՘^x#vPkZF2fnWo8 re3k@A|@=0]ư]""Wj}-Xe5+O~5 ? _"(E P _A_$  tzJdt֫uG:'/ڧ_9_s3Y?6 -hN`_WkOm|J\n=Fjgxp 3aV11׍r!g 2/w!CY"fk9=;YsO ᔷ6+w9a!! M%:%M0)6> ||(Ii,5qqhQPU<I!Tb%3/pT~ZJ3TA֙l-[*n:loy'U>4݇W÷t'\;.X)*Raгrv7S X5l$m׹$y@n]TYbr"'8IS8/>0`KLd&f: Lq46~gLfOf](~WKtE!PC,s552tG3F ,Ϫ!;܃Jed3ślzʝ-\ ÿW@[®VIZmP9o=*S omg\{ M5wYX>{ĶGW$`\~;Ӭ4t'!)YT9r{xתKWջ$9G-y}gQXm DM *1ZZ2!5*2w>\=7e=gүDw%קO[D 6!o/TucxsʙbK.4W?ԋwn̜@[PuIQaPsf%٨I`qdq]w_Fa*,J?/w.I‘;b iW: DsM1OΕ̨; Vo,uɷG4Q=B Px^|eկxKFJA5šE cDXik֌sZ`pO3t.iU>;RaCXG p(]']g|nEN!H !rQ.]ֺQa&Rc3iGEN&J( ?'hٷU>oR㠐Brtp^_v~E*Nj' Đp{׏p\^'(w,`!֙Dp7&_= 3WbK*c 3Lgi:Laي:P.Wn)2x2CK2Փ'$)|`o昕Gp@A֎shIS)KeHb3w,KQ)]Q_տ&On-?*;G"eWq40B tqJ;"6{uzڄ>PsNYzV܎~U]u/YxbQh7ed"ĸ'"+$ޓKCc=G\hI^pۄ[e/BmfoQ/=Ⱥ>8j= ?J=<>|D])U-v"F}3fZ4xG '"+G'$|ƌ*{/|r{31w]b2D˞31$q}ӒB c!et^4zksGpn^J-Ī$+e^]>9qL?b$v `T,A/ķ$lE>-n3h7*2x 5PrA)рU\OHJ+5Y0Y(Ƈ`.MP"\潞P_}`6S.=*/KIC( 5r"3#rOkUWXATNc cC5BΌ YIGΟR_!#? \s}ɡRH.`q9Wq7u:t\63% &=*}tH Yn֙\Nxb i9ՙGo7I&7$ &.$Q>Cnշ gVuo| 0oZ[zѧNO&^Uw+8:QIV!bqX;mwc'TCF'YIY|7ug4k'WjHV^QQ[2.W{~ɺ?Q՚M\&4-{:R;MZ1뗽oBM.[ݡ ΰ@4? 7wŽ ^}D.DH_)E%M#vyGEo"\Heg' ŶʬEэ ؐ[gtX⧗/qO1娜4kX>=S*9V.d%OtB?dIe$k*+ rgvui6݃vk5X1&C~^wøX3 V{nۛ$˩As(h>b[oPg_{1$YtNEpf_uMSP'?Eþ[6$\)AokG-p+IM a# U "GjGa~?ֶ$<5^i: qa 8LjuWypO3>2 @`ʇ TI X,G7"}wMvJ#;Y`OxkoIoH%E~!'%zŖO!^ ia~R8n8X4 r㛨>5)z'աN4pKک(! KL KU( 58rp7U*_jk,́+c_jv;wM&b@HVnu]oR71fjGOT7c~P Ӓg7F]y{ltF? A,%%pOE+C9ʿT=u8sAMc܌RTD3QeZ)wli[cDN1h,Ԏ,NvEp[=̅7i!" $qmj{t*n`=faPاD.UcK(TW"5Uא`1;|P J8ciFOfW? ]_QY?!~>P =CS?m]5R8=)ϔ 9-Gkґ q hǴ $cR[군~o h AvOh("hbk}m[2iɤG3Or6в}&#-@_Ώ;NfNBm'ϺX"m=N[MEt=\98^_yuUbaWĵ\5cĴDX%j w/R7l?<Īk*.@zD.MB$~gLS:6^\I'Ғ(*.RDKsk@CC~!Wc}o626ؤ2Om̳XDT!,Q"Z<JM+C I\F6VCm4 c}̚T)E(lo5@< ы3H'#I[[{q:mU ,{R6d9Qb`L,I;K<\Sxo]PJC.^N|7 8C/f\n~g(R5x<$?%W3iMDPćKբj1vIh>)蛃HѫvCrc`*wF^f/Ĝ#MRRxJ`e#)RK_\:xs<6'P/CVZэ?Y-ލ){wi0\j:f}[U^ElS /I8DS/ ݞN< hュǭ  _*jBrp( < ӭwb,zk;[DzBE:|cƄ'h uz'hZDD`ĎܞAt͒Qˋ=J]Dq%'ssH㦟[d[%Sހ{d2RossSrWsOlMN|nJܷ 9wAC-hn=]<]W4"abNTwP* څ܃n|ퟆŷcOA:GpլC8ډM?OW#f0ٙr !5;N_1Hb#ƨ@ B61$oZtEÇ֔sd E+)J0[OTYxcIŰ#i)}c"͇`#vzd#S:tg]_A4&Y|57qȣ^w{ϺKbԆzmm}&wP dmcί7JJA=2\V%ѥgWt YsE|P+na>)pV0u@wMDcSFbT<=1$  L.{@(fhPJule_K@euX P97Nd`A{2$)]J(u8L419Wh11ʎvZsQ=GH/*0T9[qιʗ&>0]Z82 ۭ/_9ܨU.CH'Xm ZF۝:; yvkdFO4ƀj[^QQWщ1-%vd_ uW~*5/Ëw/JDh p\[XV>8 fSY a])|T\nƂD^YMiyBݸ2Aw"wl^M :Cr< ȡYejhwhyv+쪃#Cϓk꜄BkqC:YJ ښiĆ3? EҰ?`}ȑ& 2w{/vEZTd" Ql({ѯC!QE0Ub.)xj7{73=N+~=%N\U#R"=7PG[2-%qȨ=*O#EрĐ|=*( PeF8mHo?(|n$Iπ,n6Պ'TXM!tWPW~[çPlWbx2Ҳ(n傝HJKŀLV =0ԴF+}UP&}Y;1ި?hX) m6,Sq Imn.2uOk 2XDVa4O*SfJP:Zb#Kck*=/f*@T0rRW6_(Q"a< X3,}U0Lrin9Z8d:eGUsZ&0j;Ifъ\'睛k/_g]z/uK۸ 3NK4 {-Ӛ+-pXB #Xt̬5@1oӓKWԕLsu=lTOԻl3&5o8uw@0٭"1jiZnu[ennU8zM"zS` "٢ʶ"t"-6x_`$K᳼Z3 jLuF8f `>C#),fQ/ɉ"ȴLr $4z2t؂ Q[mG@d0}zIc? ƕ.íwu ‹ W ?.[p6 /IIWq-)]W(olUi1 Z.@]d1l'}}K9 OND#R@ AuJ%ëXwj)R3H"rZuEWyxmĪ&Z5~^XOB,k} 1ⱜ ʚ}oyuwFn!%+`&:Z4#m ȿZF |?k⛦s]E=O\% n}/7#v_׶1xvc0?w| _)y}Nˣn3AkxM> fJϼ`{)a jVRr9R7~/SQ%A,=-4:q#tC׿'1!y'RlpKpSLڶUYX Cqwy3ŵ省ݾO@?UέB^hMv!ՠOHmkۼ2(t+̥W>L< [ݍC>bTħ-w!x(]ҶqP@2S=l't[Mv)8gӾ6Hm?2nWibci7~|; 䍅qNH3&?U ٥ݩ &Bx9yn[/;QP9C;<ٗu8mW hd*&!7&hzB"}!EKsd׫į{F fDfGe,Oͥ>dԥh~"oXZ,R7\q6aǸ%x"_ *RѬ(d~H:{Sf{]4zMF.}~3J梫@j VP|Jtn(}m*  G4U)P T&{fp"3؞Uᝐ^w\wY$I9JOh2'5Gx{͡`3QqSGz"7k^TݵA MDÜRȭ7UO4Ky*oReUۅP&1zGJ머}dcm Ia-,^;M|zXS__oB"!Q+X/.EXf>"֩_nOW.iZXG1!lk|4_2l Y%Tf/fQN&ż$=km+3)ƃ2hL/Y4vY0] tqFwlַ cv8',QoǙcV(QsAENЙyx]HJ͠i'Q9u[!XW.ğ]UK4/lWpkQgCelm(ۨ !h#|MêSaw czJ-a}GIH^2:(sCkWx\)(2YO`ARv)_,Z\eV.E̱ctTNL6k@Je+I1B+lm ƽQX 7ĊwUۄi%{ͻR%ˊZ>. A0g!!ӆKN3Y!c65H9p+gK A.˵$-BݿisHo̤bJ=lTv_Rhŧ6;Hքvx{IZBf\Dgd6uu|{5]֌w;; o#$ZV7/i3 ?[>aHQ[lݍWvC4kr؂ޕ\R6#yþ`VeS"v֖߹3 9s .yzBNi#V|JeΖ&.kџ#^v)ϑwʌsd\t&6sV+Ka_<6}~†<&McN䴻0H7V`)WԎ:=ن4ň?1<zgwOjbn+hO܂D076#Ŕv W _'k~*P>U%Lq+Nlr*ƿoA<0J?4TĜIm媫<sl(-jSϝ[k5g_ƍ`_`КyEnfd׏vQN:ޗQ69X'T3Վ s'7qX{vڶbXXzM)qwnQ6sI,͏YL첬hmM54߹2cZ]TnrxߵZ<P=/ t&\|Ȣ?%*ƃg6\=O8ο+2B:Sdk7 IRYD~u4Lb2mvK[g/I >{xt&dWႡFK:xN=0$Rt7j2 &׎n >ݸ (YYq*R饚Z^<'@!}J> <IB)=!3~?/cu0|3[|́lMFex[r)¯|y #zt}ҩ[Ĝ-e7)1u=\1lȺP9kxu((S605uzn<ꭞw ay@N47B/vofTj[:{1|!% ,}V>Pg^Jv\7np^3,fl&5JbaE{ )+ם<m%Z?}Vq> nnP lĺ}M#ZoSK!_;eQqVeNї8X#닷e!6ǒ$^AA1p|Y}E/LY܆2fσIe!bˍr =U~r8ARb,@s!mΑ+F 8Vͯ}s~ՐmϮٝkl3czQ?F;6L>h;sFs΅seo!CMÐ2{ڡ$U CkyR%E7wGP5\&T}<ɕ^ì?|~^RpDURDWYMu3x3ne\L}P@heN.4 ]Sj`6q-֓.J%RW>s,3{Uĵ^hzn/tyybt@^.Jי~.B 89t2e@l{\` _Ziw(R䭫/a~?^^)j^[sboSR: LB`?J FTMd6w4ש R#2v^jg g0Ћev~Z6(1l7=dU fQb7|6KyW=I0v h&*]5L[8jq_;"ftߪš0hHB Xq  o"10YI%fƏqq`ء袨o!zu] h(rM9zeMMLqCrfh;Oƴ܇GL]SJOtNeo*Nz X6wMu)Ubƶ 킗H뫱b(=]˯*zs йHB|vWe}Qs€fgF/Ӌ=`vp(^-\dMOyj )1#3<"8vJֲzƁ|-1P^DPӱ^<)$(!8љ䧓RKۦ~Vq`!/,b(F<.o2*)jHr I~^miCIOb9ij߶Xhz Ti.l ("4s}F#N뜓e X4!c5|A^56:ԖHS_LVh+/JɈ 'Kt 'kRS "p ›S⒵ LJv]T7W4*+mS]mSY9b.`)D 2÷!{2uF^c5Й'%݀UDS 7p2kc8a60zg H1{`ujA9._ q *Rnk/:i w1R\\oֹ$vD.OȖΟO [WƇ}IjrԪ98"H7~3 RQ@/%O~Khw5Sw~3Tzܠzl̰Q`Ҕ'i (>܍/ʛ\:Y71<ި(9` ?SohVo瞥'*hr @M!|_swr :G>RdL{ĄޮNw48HpeW!]>:ӆhx]n3K˕2I[5Qc g^F$_۶!#`xAt㨱ږ.+Pwiױ<I2E,ᾤrkd$мv8|[j8A@R=s"<`0ZZ=Pg3u 3yL. aKsZ+eFªjyr|yt;@7f_Xwb:RWx>a 2x#J@pi@4&n+'w&2`(*]]F3VȌI ν 6M钘D 5"Ma!sl(ZdlVx.Zj~=!JƖ|f,p7uiMdY }8Fv1c>Z%ram]Gƌ. B:/으  hY|?9tODmx.u8d,Jl A5$CeJ H! +]H:thƜD^Nv6|=iP%ثƒC?nⵀE4 7TtkԴ&k Kf&B訤! r[Û*n8q/J6l0쌘CapEZq@KeCzj1w` 5(;۩<_hrGU_v~ ź`Rӓ/}a.̪6TIvA#s| OFn;%f3hA\X6*=vCnRJo'se8U$!b@l,eH72oy?xkz&;;QaFiOMrnIVt mK\͹]<H ^>ƶX4R 1ZGU\$PMֆC1m*-;]Ѩf7p')+"š~E:7fo-l,MeȖh=4g^D>g? &qNRB}c3:Vn*xZih k)|1BxDP= d_0OŤ?WUk#e@!0N) %\HpRd=oB|;!+(QHP wgh*B <9wtR[`_q-ėFa_^͢ /=sG8< jF$%Is$_&Cledi2s+9D8*r~= bYrؖI翾Pv>t//y?hrk15dlup]!?3RI'$!9W5%)|-?XC 4]XF{Fӝ.g~PRh'kPK}ИڳJaJ.gTRhTSM}x{|jA!ܐLQ#~GߚlpV;팜4GlR+_5fMzXF;+>tS]ALfqVZӼ:3k_>F'/lҐ۳y>@&{RWl,(;aSH#rCtet -J)窅#j 9V6D`Z"pڳ*֋S&*&s;]+4ȷ%ʲ1+Td2m/syM:@r*~Fq'*zJKz̞ . ȅȊ~*NCp1Y~j7-Ϧ؂oLڔZ<@}kҜ 7 3yk:䴵:5B$'!1щfK阸rKqcOyu'90Pxc=6}pW5R9D H`)yJC`>˒ y&' e[ RVg[1d~NzLvG:KqѝIJX);0$(FRc0H|4$p>&aNqL3z]$BF&8VTZ̍4O Ą;NR#se#Iu CעY* .t5̂p EQa")K" hOё3ڣ7W"]suGJ0bRس^G`8ġ {N ][6+.<\Qx3_5P!ON@tffH/gFf\bK~;˜ *1UMUVC KrY i'P?:|0Tk9D ɟ갹_;^.:~ȈMt\Mt Q #'OasN \Z!s9iggG#yܔ SIݭExaIw6=ِZ\SLHJLh ˩\RϫFyr!9\(BR>έvz!bc"5t%a謑0*-j%vsWBRz!ّ) [ F.'Q;8s6gl9Uq J'-{Y(0'[{\WtQIh@V!mwT8pO6ڷ^(ֻTZPDnM$E6YD@T "9ގy7ԾNJ0gO3 ]mqhTt}orJ/!/שr1wQYMAk\P@Tg]_yXl{í9(2hZ9@˖X+YC@ -ɀ:) nskn1V[VDx;Gk䩾փhlCbGznZaHt9[M'KQ`. XWc$2.K;gS5v  ϮtK$:ADȪރ!] jT^*\Wp4z$O@>x >:0{a 4rV2C:6[y'w`|{SdMgvFmWŇݮլtOJ\ü߽}]nrWtRXX?>jsJAoGar,"´xg4S ac*)ήyx%m JCDŒ5., `ת4O=sB%n5Δ}ޔ!Fj;?\[lۆ 3G4S 9dprI3[*>YqO-Spl"nDodsm Md3`ĦOly$+`\c%b+=ms5m2]ˣxwϽWcS\ɕ&sKXN|y3[p6o6r'VsVo1@ G4{l/%e{@D9ms7pW.44`Zq7^ѐ|iMF$0+=( Gn {>$Nu; LNzBwp;,J8;b#3`>V4ǘ\sbd_|8Z-Trͭ&L\Oibu0IQvښ Ri4`RSDfȝ#R u/<=Za# w`Ip#a<Į.= Uձ#AgDnϥuJ2dJN| Eڂ'JK]X/&> {M`WUh-DapS|>RÂ%j~OvhmY「ZL7C^ud% _.X$%|JjN;Po8f7ı5IzKF-- UQY?\? GfDF'&&~ ZO$TP|ؓ2r䰴mY^)oi!u u k8B+TR=12\ms/̗jB~J yXusK bUBf>/0B)bcx$9Uߎ\A8L?E^lkw-@u.XX{eQkF<406}?В\3>'"x>6e#wCFW.pWT rA PWm8[U/nħ+ChTy]xC6عed(VVVE^\OYوJ U4NjyvXݥI*޳'CWka ~7Kqv8US`Kӯk !Pɴ24Bj4r˯ '&]mtS׮P ae=jo7T 3~;YhVc0pQ=}PTm r~>f_\ɬ V)`roi2oBϮ Ӌ%r T>Vg"Y11,X{BOrz\F6:vuay@ve4q |d23"}%068|+l7n q'zo]$>B65'RԍKwř׵d5|o{8evS&i%i"5+/~\[%6fDvǓ k'iNc 9qa*nD1DBW"RefjՀoTOPb?PZȓ)&Dg&>~N w@@cmJƼ-m # bZ½!XAI->=>도Tc_uʴ#F` A+ |%$Yk]g BOB챨3@:ke@\ d|ϦpIG^[:ĩJ{s0\+ay E\Mn~2`m\*)r0l}EyU>wJѴkw1a&U[ވPsSq" sxhڬmqxU< Z,8_gy %r7充xoML3hM{ZזbRFC<@V(D`T&tf,<ҌcT &@f<@#m!kI icR^8<8#4sijURxRa+<%7uBw@7LS 13m͎ WQ/BgZfֱSN&1sY0A7"mR_D/M2W ~~,l WC.8J-s|cs;>ΆP2A.qCĘu+2m9EgMMLܰv=4EЮJ"NcN$[2Λ ?/ٵOoJ")h ,#%σMImZt>7t|ʳ]sH= O8Gmtgcl&t4@ZF64F>/=be:zJc!QjhNP+^ dWGպ.Gs*Gn+:~;tI.=ad PѪƈsbQ/(s8ŨԀ̂\cFT"ؕŀ*Y>MSPBe pQ 8OK&~'3.L]t şpЗqM3)9W2bj4PU&՛uub7:`ܨV'6қѾEܛ^!eT׾Ll)ۏPyfx0&>'׏b->!qL(påW RT J:ZtӥB?Y0 nL {t|#O%=Ց?r6,1 '0(EߐnQ7Nw>ςt|DL}vía{ZfƸ>fPjK&aLwdytAѪK]E'}W=(8˹Vz߀ژrK  @(vT>?9X2 z/#+W|kpFQbJF]XDP] ݠM˔S?8 ",,8͛%T>%b3M; IGҘ & 7UpN^7\zzl MPQ>2T[n'Fuوq#sNԬݠB|"k?91=}wʫ]*#⸁9rSDK0Wn0`ZzR0WXGn"Pt:$1(9ɕr;[|R'c4&`$PwEr.P38Y{t~$fgJ@"o_:$;*bewJ`al}JP*&HѦW7$y_ <_7{N~h3ܡ1boqU$F[WYx+Ѿ{wLkX/(b(RLXrmy|tQ ,miwuĸ$! #'|bx\>?JNF .[䊩v|N!S3U"bo}@pV"aE[bN'ga`,{Oo[< XT6zPBG#'3JmW\h?Y;@]ra9ha *^1 ?`зdzHD{e/R\Y8pIO jwiJcJH7}iC;× yFug|%Gİؼj#/G1">PRu t&;Jzy^V =1`vsB$\/a3evBHڲ[O+>!Nhj5HRk]BVYz {ƅVQ\?h~;OAB+IMFŵ쎻wݿ{V3!ʠ%.Y2CltPBi<[ax(^;8Pt:WQd]U͜%,F }gv̇ʉ3&R1|f@F+?(;56v5eydW'Q:+FBp{CbDV HQO1N\C_8#gMKۮyփm(Gޟ <:/x 49;v~&[-EHÙEahS!䜸݁;FWZt8~K7 (e+W?ih8^+3k*3 s<^>OYlN7$Fs#t>'1il.I;25DOY&(t ^)9p?GBH]0˦hyܐ6uv-YLq ̃v"x+9r)UT+^sLʵM 婬oL;~n^әY( e}r?75,/$+NK޷T(y.kв#?>f$ov3I2<;k/+<ʜ).lM"$')ҧK\>H8SpةUSOJA9D bU%'RRKISK|ExؓlB]֥<|Mr3]:Nk>RŸ:P+/1lЭ7v:ç dt+%O.KһGgթl%K:[~(S2KtE!tr+IGMF,t#s(-+<*L+. bMWW\|oF<T#?.dU/K/ɵQqrF>XuQԼ{bf5.x #M%-4Kήjn !lqDI4; "w/Zg]ɦ>u\$\ уuOY&4{ラ̒3*5q,an ʜqz^{:8lǵHlf8 e,>GHQ2Ȭ'!_Y`d)C(ɭn"RYJS`fSZKuRT0O.o2PE'UbB +XmFTe*l`0 GȼBza fRjWHYe aEVy Hge|S64Cd:iS%\c#> &m`<Ay|GE\('t(SX) 8 D؞"Kb,+_$ 4&#lC dSv{kyhBb~ VSC^2޾Šǝ̆q0f-%"EZ<ŲCE DXujS 0 UA; ;l X7[I҆7]_MR^>*wAN}5}78>Ap扥{i!r4 ^G0D\N3OUwD 4Կ(G$Wxx|0aZSY?O Dyp jmYH^⪿5\~&(bRLh4 3ڨhVȗc7;Hhks r0~,xXOFi1`IVߦ9]ɲ% 3% Hv4S&WTX3Mt@|%x pY YZ