nss-devel-3.28.4-8.el7$>xԻBBYn>8?d   M  ?EL33 ~3 3 3 c3 3d3c3b|3H   (8O9O:Y2OG׌3HX3I$3XXYh\٘3]d3^'b܅dTeYf\l^tt3u@3v w3x3yxCnss-devel3.28.48.el7Development libraries for Network Security ServicesHeader and Library files for doing development with Network Security Services.Ylc1bm.rdu2.centos.org ?CentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686  YRCyQ@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.28.4-8Daiki Ueno - 3.28.4-7Daiki Ueno - 3.28.4-6Daiki Ueno - 3.28.4-5Daiki Ueno - 3.28.4-4Daiki Ueno - 3.28.4-3Daiki Ueno - 3.28.4-2Daiki Ueno - 3.28.3-5Daiki Ueno - 3.28.3-4Daiki Ueno - 3.28.3-3Daiki Ueno - 3.28.3-2Daiki Ueno - 3.28.2-3Daiki Ueno - 3.28.2-2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Include CKBI 2.14 and updated CA constraints from NSS 3.28.5- Update nss-pk12util.patch to include fix from mozbz#1353724.- Update nss-alert-handler.patch with the upstream fix from mozbz#1360207.- Fix zero-length record treatment for stream ciphers and SSLv2- Correctly set policy file location when building- Reorder ChaCha20-Poly1305 cipher suites, as suggested in: https://bugzilla.redhat.com/show_bug.cgi?id=1373158#c9- Rebase to NSS 3.28.4 - Update nss-pk12util.patch with backport of mozbz#1353325- Switch default hash algorithm used by tools from SHA-1 to SHA-256 - Avoid race condition in nssSlot_IsTokenPresent() - Enable SHA-2 and AES in pk12util - Disable RSA-PSS for now- Utilize CKA_NSS_MOZILLA_CA_POLICY attribute, patch by Kai Engert - Backport changes adding SSL alert callbacks from upstream - Add nss-check-policy-file.patch from Fedora - Install policy config in /etc/pki/nss-legacy/nss-rhel7.config- Make sure 32bit nss-pem always be installed with 32bit nss in multlib environment, patch by Kamil Dudka - Enable new algorithms supported by the new nss-softokn- Rebase to NSS 3.28.3 - Bump required version of nss-softokn- Remove %nss_cycles setting, which was also mistakenly added - Re-enable BUILD_OPT, mistakenly disabled in the previous build - Prevent ABI incompatibilty of SECKEYECPublicKey - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W - Always enable gtests for supported features - Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Decouple nss-pem from the nss package - Resolves: #1316546- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build  !"#$%&'()*+,-./01233.28.4-8.el73.28.4-8.el73.28.4-8.el73.28.4nss-confignss3cert.hcertdb.hcertt.hcmmf.hcmmft.hcms.hcmsreclist.hcmst.hcrmf.hcrmft.hcryptohi.hcryptoht.hjar-ds.hjar.hjarfile.hkey.hkeyhi.hkeyt.hkeythi.hnss.hnssckbi.hocsp.hocspt.hp12.hp12plcy.hp12t.hpk11func.hpk11pqg.hpk11priv.hpk11pub.hpk11sdr.hpkcs12.hpkcs12t.hpkcs7t.hpreenc.hsechash.hsecmime.hsecmod.hsecmodt.hsecpkcs5.hsecpkcs7.hsmime.hssl.hsslerr.hsslproto.hsslt.hlibcrmf.anss.pcnss-config.1.gz/usr/bin//usr/include//usr/include/nss3//usr/lib//usr/lib/pkgconfig//usr/share/man/man1/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnuPOSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textcurrent ar archivepkgconfig filetroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)RPRRR?7zXZ !PH6ߓJ]"k%jocÍdڴ48ITeX;X0Jg9װ5wCYlfSmA ‚e6֬j 9/1bI1bxWW*QX3Q)B dïe}& PE=ȄVߊվLccY4+ͤ;yX'E4|s3H{?8mb4r7Y gtckE#wC*7q$A%#0h*A/=-GOT:΃u[0X\OqN6[&F Srgzް= gǔ7 @X TUe~SR4!WiJݺ~|_p_ 0mgA 9[ϲ0 7 ?rngg%BQɃE#Ҕ-w[^h&g`Q$QbVkW.֥E#"4CNE|`9Jׂf2W@W\Y.W'nn{lQ\ /@n~-@|F'e'0$A\鄉)ۛP?W|1V}ae<ʘrEeHô&?loRNN?;'&7YUg_>JlW^9[4ԇn91&XTx] fB&Mѣ忒spl [%UtIo&cLǏH];Gf>v({|il3f`o{c.֩;1p+O neY ?s ܟ.ʵĪyˀZ3^D_Pqlld+`..Í/WNƮFZÍi6 4*_4yJANM_3$ZNX:-%٭`R{υ)ck]Yfz_t~奰gD:(2 l[dofVYX Q R=0w5lff{(<&|6MWD#67RN5=?d-|D{=m:"g9wuO-3sɉ6h-û: n4PgT^^2T Ihv)Rg |Kؗh{rNjwDžk> Ka`P1YދtbR,5ǹb X8x`(*frC`̎oN I˛'\*yl"˧ !~Pvo[UVH0^un3&뭴lJ~(]Mk iRT,K䘝zDgtg'oSœNu MC~tf5BD=Olr/Xl^ >PA:}cteIԇxԴk}L2?,TaJwc>\VBԛt{4 nYExMJ#%|"q8d_FlVO5Ͷ 3K˘Ȭ] I.yqᆢVwp4 =EKh`oʝ2rQƃ0,e"8] &DMkf) *cAHYX $2hQh6'DZ8KUč~l^6K| mPJܡJpa!Ѻk; sKN8 @Ń&b(;(qᷗůկ!# D1'ڧF;[}Ӛ%4deHɀз-'ط̭S^iI8vS+(@ 7\?AX~s( q~Ժߢf~u0F%,( kA@f*5ecϚG%s-,%j+\w&l M_I᳻n܂,ﶹWЂdkNUi2x H~1"t{φ v'9nA5:wl+#J%8]6/? +ИzA#4JGDF26,dt쵘 s٭zp&Ǧ3g^z"zw:rNƴex?ſd닎dF?Z(ͫ'*F c ;l 5v-ua;`½sCmy>M7=ξ3Z{$Q-}ZBc5>bR]It ]'(3.[_d WQnCu.?\g|6 [Py5@yr"(lqU*5dxr& |MAkxH]oy=|ʘ*p' a2u-ͬFk`)`x'A"XC8H4jf9 կCQ Ldwϼ~Gj*#8 ̐#sG#h]R:NboWB&=o^KqznSz'{Ne8ΞΌc+'sɣEh)קGWX/QONhqN|?#oNAN?>[G,jszw9oxUAyJ9S;( qـ=¸&V+H,@`B'FĒoHdb8 W?:jw)1R b-Q zqܚz)MYӯ ULQ7HO4y88mۭΫZAm.ZV{w^{3Rn&*o\{6rfSN2 bQbLqCUZ,[`QFY[U史j^1 ׾,xBŇ:6@P;yttk7U(Xv`iлKp%t}_nQӗ=X* AE~$! OR'Tk[բr{< "FsCyu^ǫ8H_Vlt`Yw{mbZ#E |fXrs7递\}ZYB+yĴ }D^:='ؔT$_r*|}'pP nws/V1,Z稩*46¦1I⃜G5T}x$4aڞ`3P  Dp*//@p3vh!YS¯1ɿtxۀoXkf<\e|='?"fDՂ'l>EJ W4_Pv* ccl%whiz3;gHTmAu@N\QYM3=lͽ!-T{-.Zd[Ӗj-? O~!O8x."OP>A^SE!]J5ĸJ&h /R!YTpi Uy[ -#H6S`9bџXIX2=IRƍx/:p[irg\⥱lȃL9!mHe5GRVO`lF9cRV=͎w9 g+4Rp|?jzUi}t0 U&"Qފz0nl Ҙ9.BV#UOBfr-f x*FU>b̰)nYD84OWK.N*Tt O1_\EaEL=Zyt9%Q$=6aUe<솘 Dvy.`@bWc&ՈzHl0|ç V$54ٗGw H?<=xB/=MggZƖr*F˜G ;J,T97%-S6PX1\'hp턖tܹ{eEAc5g dtt$\(uT "da O $N&d3XqYgK߬'D6,2a,K١}a?26iˆDAfJ$s?i_*z#gSTe绒7t?1\MFsIA̠'iOk#2 ?%sg6d%'#Pe_:˰*@@ZN|fl:sM1 dfKz Bo !oN0}"goKKfH)ߠCn7%ΛpYZu32+[5ݴ\B! o%'}mQ^_ؿBL[O(nEm_P-$ziEQ^~e8:8txFysֹL|Zn&k"emSց ]cJT[Oh UЫ-3-R'qۀH_JdՅ j.hdRy9\?TWfJV:%]7BG~#> ѵ 6{c @v0[OB*`j72TfKIA94϶BW }<?ޚ}~ ,1ī=@#_rħ5JvGHyQJȓnDDihnK"3'̇TU"i&ݜI.;C'A 5\ٯEd6=+B5jUg~CLSUOsA#V#zkЄ^zZaVyx-n ~{ dGVU@ה_AO2XA",0f d.1N#zAP逫~4~HwKjُ[up?!:4!1̻/^EQl~[.z-el5}3|-]k5Kr ǎ\Br*R& PbEQդ$sI]_F#,p5FoQ8ԸO>@wK~P_T}m, 0"rqwL ~^2Ά&#fGKߓ)b9$b-bޒ$=u,TיCr&G %6!LsJ@Ţ_~8ݵTTju8؉IEh~v"i;rj?(W<'p-&Vy֚ܲ$?-GI1w!Ɩ$]ҿv=[ @%e3BGCڱm)CrFb:$8c,;1;3'b ē>k ?y oab.3|Do&`d%96 Q"2;QL3yӹպ׫7R\eSy[6y LkK a!`T7tEO>h|N__*<:RY?4h yqֶ;{ݨH.b%mFv(K@ ScVc 9۹ 6{tv2'ڲ[J>(iZ&n秞_Zt`H>{鹽-Ȟ&h x126.(o{8Ѵ/53wlg9M2[u@}&1%hg85`Njd"z֞{޻5Ǒd\?jTe sg?"m1~U`ne:-`pU-m酻+ TJ'E(Ҋ0;().'l4ˣvG=1Ip9<*2k2}GVݦz{ S44J&~cs5ͽ֭]eˌ;9P_3RnG_|6ԏW}dQn<=W!` чĩdeizʭgm=>كiC?5$g=!gUu] BhRX rI9Y58 H^^h+ð-. 䔜G8IUW|EDo 611Dn. ը7s5*lA9- AGL5+Z@D*MM>gs7u`ȦdA78},- 0wƵU"o5pWx>Wr։> I7Te!cS@c% ^'Ɩ,M~`c[d)Ɵ'<s9I 1 N裌Sc lpwLQ[$~u A{C]xeʚyNXkx(x[WA"\lTi'e{zJ[#O]'À249EB7%z]{!m-PudmٷZeHxG_9ViHi:; LwW$SyޘLghhG-!d+\t-;Shom%X! -o(ÛBX:ICcJn)-be@d4Ԛ2Kl6n6=ΠupcAݏ&PU#^ ҄[Pݪ?Txh]̼eeƏ"ڏ9hy  I[2ᄗݭ=B k5`LjytwyA?Jx; TM g?F], )֭iZ Q= 8僄1_5;إ:kf).v火fEz[B!v-LGt ,+j [2 {bMZ $DQn"qOHAt, , ErP[J VvA,={*'WވN K`e,EMctR ~2˼;ڇT | YYYd;.y0;0=NaUSNޡ{%5\`8]DZMvKrƪmE6RVPُ 3 b!$Q#b v*K"ր0BNNβaB $2&0ABaRV9n&C-_ޞ+L>]z6A,}uK.*[~.[xr&2yy";Tokߤ= KAW1(/$3!+4B@mabnnbذ~% j齈dc rSB>8 AKCsr:PWz;H# b8jl@em7{Hqdٗ\M_폤y5SOz7B,2~}"JyE ݮ7,[-n&ghPGu٧[ӓu9>b ^FΚ!_*3oAm({lJdLh-H ]Jǒv:b#P*EFs2e1`Dm7"ACI:+8ȬRh)ʉgw&/4K 30L h~ŭMocHt:L)FGTi1-Lu?'^ EE Ͽ*Ci=;;բCW@csoӹ5<M-BtQBm N `E@QJR񠷦[sqRmzyL1@m 4~QdeSg7⌟XQ&0uq7xQu%e_08(Ez0.mtUL=͒+€`Zz/Mۂ@g]SOBJLHl3; }eNT{|^sRFsJ,JkA=Љ\>Nmk |yeT_[V+KH_ݴ,y_b73S܉-g[>N!Զx-(cX_?{FkH`Q ME txگw]][^n6etm(_2`&l}˫S ( % i~G#IWplveG(;Y"\QA*ͨ4?ʟo EVG[C|>jvCvJ"B헻BnTXc;"k 垬iwCyUe<ڮ ҥ2qnVcݼTm411 ^a 6 &$U"dqgFrڥڷJs9͹cYK[1emc(5DjAWy` d=²J*%]Et y0nj X/AlMȼuPi9  1k#yl}z a'QĴBN27aʸ&gNU:ֱCc 5SzzrZѓ˧w9ӬY>0 EUL$Id[c4;c~(DG㩇Kam&Vԇe)$p=UŒ{AXg7 ŭcfpm| <:<m碮peE!׽މ;]؏97.b6|ԢI }4k8bg}ǽ?LH|s):8(.U yr?nZlSf9()ܬ{S|P/ϩp`>("J^n?d{r0M)R{0g"]YYP8A0Yov<ذJo _FqH3氹Sp4w#s0 2x=N<%+Evp|2%gHQR;^bڬգNa MdWYyJz{V[0nm8p4}" |wB 4^٫h;پ]ImDpcX I/bUMAR$">‡7QYէl#~:OtAr Z;!-UN~6 M;ΌIVzGqi֤/AD3Λ0/\W~̫&PU2nĤh Q//"+0|rl,#6fy]guWGQrr\\~[ 1ZLLcZxr\;ۄ>}%"'!Hu֗Vir&HM! <56]Sh^UgX}OvmD?hvjoU !LA5qc01ɳ, DұC;.cg;P=*0w=:PܳDY?6F:qirk{qqHhY`Ğl8ded89OҸ¨(tӦs`>ЋSx 2{Q1ճY]QsP".22Y16;hRPz>V~U~Y dߓ.K@rgfh rIœ'YٜPqGTuuXL8Gy`2-f7ZГb9'&(R2 ^'8V-B _K?h(*凃c ,1C'(CQwbo.M,Z}7݀m34@_;.,c› v wʕAЂVmHxfmncMO4[GHLp{ߴ3GOp]y!^1 \D1>@'`-꩟\l@5M ;-x=5^*{UuH^ڨ3|c=M"=~ZM~7s% |/ͯ;حLʝ1O c|X&nocZ{VW7Z-928fИKRr-x傢CzwQnHՎ =riݨR\ʇl_Jbbќ$vΦe6N~iij~>QHS9x.{>.pEJ4/h͏ubaIZ^bL/)&|~X1[r qg:?w W]]|J-$xP'0Lz7m}6l!l%y+kጵp!u讋.bF-r/mf] N.&Q;oRȯ."ӧ#߀Kf8Z漀i8/\{VKxh)xC  "K^.⧍Nу68ydH {,%R\Re^:s4!0Vޑ UuZQ GJM)-#<1"ȁF] oWKp/TZ;Uƽ#]I+IjxGQC0a2-ُ!(z,SEs/ gg+-γmwjBvq'b)IT f ܊%${!ꚼXnhҨu)K;O.H2i]I "oȇdxuw1t.yQ7mac~lxedش5?s22y锶bd_d@gK'@d_'H8U\:l'˥f[G`B|g2/uu-q VFH4={jȂڻuġř,12٥!,I#) ᬀ̰0F`÷IA{Yn`wgb`"OiJ]3;÷ȅ7}cRJQGKճQy 7e^(K=V ^FyђC*Ȭj+# Py-^a3o$_&Ydw"=쮕&.瓒=J\#v Dy;/ޢЙ)is/Wzl> %8*b!AcpR"{LA]t3_Ě"nk8E9duܞsqFtr_0F.] XBIcıE'WcIlpBUdؚ"-yzd䷛x*MrT`ځ2,b# J2_HvҏJ[ܩDDDW3%%&åKTI8qZL@إod',o k׿UעHW5zZLjТ-&LMY[^O.,:yL AGyGS;kQ-.rtA&,߲/}#+[x%=9V|LYO{1X@N>*:,Q*MqzEv1l)Ul˥JҜeZ`N{ .D0xǵT2s^6z`lZgz9"Pim^pBYL\iYJ@?5QڧXWP$=e>mMТ媇UID3ú$pVYjμc.$J3XYao_6E=3}٣X@{qc2⊍!VmIv* ƻnS(Ue0a!Q"wQǠmx7 RLvϪh|',/a"B/󙐻.e` *=ztcإԫ˯[[DOEHp>Ub\h*bx<'T-jy *t9١" !1{$Lwk;8dO )U*i,Prv)u9ؔ,ux%9[<[EE:9lNUYTHA]U!ss31̊PIK$,"AOwr)7/{TL@oLu/a<OB/[bPFt`(9>]o/i9OCh_ZH=bвJBTx |~F͉2o> *aـ,CAf EpgT_?fʐLRb ecJ_Ao(GEzQmf0hȮZ)H}o?m!n^l疓`/}9G%5c=k^.AMdk4nBe?R^*8L~kE2g 7m鿰Yɴ,9M,@l.`q/>>Ł )|ƷB,tӍ /"a}ŗK1;RnQ|]U `$_r v!pc|laL$ . 1%WjZ*dkdž6 U l0b}>ѣvÎ_7DzCb25E*uLb3 {Z4%nAX,UuݷNS[a`ڇvt❂#&eҔea\ ilrr-H:̊UKsU,Y#ɓw1y8̕*wrúLeڜY) `=\Tɧ|f_U.%"Z̓{*r9Ns.H2/+WUϢ'f']nDi[۹"f0<UCɤcU}_VJeb@<~lm 8  j4Pk9Odn5Qv! U̅2$|)ǭ>LtX`kiܢX7q-iX9 %UPnvp\pdY8IF0%ܯp'w `g KzQ}v7^`CCuFX~,>Nz:D=߄ 9Vd6ㅶwLzPUqp벢&OZu2~E`51@%NSnƉ4Ψ9a&| 3zl; 겴@@,9&k*pׄl8,j-9ރOGKY1Юpn>i(jw!95~c|\5 J0?K|KO͝. ܫo8TH#&UK;y gn@(HT~)n v7ԫ7Ωt,yۃa70H 쨶+Qi'ՔmOMe˵aI'B1+ n@$΍AEY$΋L/E p]Gx,E`m_}*C/`0dcw ޅpqӃՃڸe%gdYhoH~V*̹O6TY1:g<=NxxL3k,g/@>Ac`&6 UZSC8=^Ǟd;0JNH:YɟC_ 1Gf%g+=n,sfܮ;j03 ao9BɂvQUs4բcW Ly Q;kͨs&"+j$(ŶtՍl7 DJ8!Bn(t3su PՄPb1/beJ)?\iX:k I`69Z`s}5Ʊق͌{=7b@7!ؿM9ȯL/ҹ¹KL!qmyr)ׇ-с Vl?I}bbdHIN.l^ ^pŌzt݌}_M|Θ)GY#& 3{0W8d</okHgm৪8{ZVӪGs+42[sfhh~M[;Cĩ5%vZž]>~}TVjN1 h"ÐSd;E@ΙG. BXKh-RXQk]B2P?,Yh3 ,H6 #[8SSx(Ƭ%- 'U~Up&=`߱iue6"q,tRBnE:acje( ӡ 1떭 rVBiR7:Vp : U2a>A ,\6ዪ\/| FFrkdqҩPVsLܢNg+_?sh 6NA\TxHd2rv_eFGu%vN!7arD[H+ݗ/s?N8K'L|}=xa9L_cBάbW=?wPǴk 1MC%e,AT{ϋH3.î}  7 rZ|nėǨJI~c+0>yo%!mܻ*͙ZE'F@A5#W=0уWK7*.ɺ5lQ+Oj4o_p+,pHZC(q eY@⃖prQ@I(~?dċDGIخp80^#$iEQJ$Л$X\qfVM,6`L:Zsam@:+)qVl1`"=R@SKOͬ)FFM;Kaoq)U)HZ7au{amB OWD΍]@#e:B0ȴ0zpv{  F@ąO̶/:AyW3ԣS=lnzjK29+)m5C5ql$Mjhmp'VcŴW>Sk܏ eie軗B<;&%' sq`ϪW/6㊝FlZ'E-E2;}NKsdbn.o7%V ȝyq Ϳ{-مNzm)h%t5PjiBQ;_ Jր?!S28{ 5zBt'5M+hV ֔a^m-z sQ:~bk%I ?6CHzlKg[6𨦃JW1TI|VB#a~CZܻ&{_k!;;2pKjpdހPOqedgwzXx3 a?bW>"Է{ˎ_]@Agr!V:K΍2s<.6 psw$E7ZVC. עvYFTYMڰ2bBa 8%tFYt;-}.:>Bx_)=#ޗ&@7>B# nEXckidIr%Sg:uLתjCٮ_lNIj~#wID [/:pO)O~v7 tn| 5,槔 JNUecvq.׹M 2P;^՟Uȇ=yؕ#S)?Ot>7^ Iכ+CKYB ɶ: (fe0Z1[P(GKTjlvT1̡>-,k5$ҫ{{9z:Bj5jT}f kL^`t3ZXH7NuxfU9tӌ)&?,0LuPJ"I6 >ׄ N](Ap!J9s>D<*Vǘ "OQ1HasRYJO[' m` g|k\||ƨ]lږ<$jA%qh "+Qbcr͗[Yb3f}XjJYbmם-Mn7fԧQ+0 oz8eGCInHӘ#6Ę[j -rb_td2Wg<ԙ&?[mNEA1Xsj -J LFe3 [H?ŝ990;nG篕ൟXPD/[vVxD3 S3`:CbazGNHY Ē pT"ywȟw6iTg{4/6I.A?a4&6%( \VVF7[HopaDg$wibj%J'aX,]E-FR| ;֔ʇb.K`Zvn9IKSmq*J/?Vá0>~h0R5 LB$DwEQ)JmRXO!kY&- 0e}WF.&<-INU5.Tz'~ NbmYgNY=W_ za~8^ G%CZZ"H# Zceb8r͈ h){w#aK LTT6!-svĚhhi[ C݀_<ͭm'ˌcʰQ" (F ucWyY |>Щ{UZx݀LyoeC4Dݴmm%h8jl:a!zTzNhvM7 DNEw 7vW0pFcɔlǗ}D(4JN Ea2miZL@`KTcV:i8/Cw l7^ܥ׃aQ_-\,O%52|x8EfƷ)&ap=Q~,~m/}Tt1pcEЇp~xBG/+`nE^s=$* LuB{aHFYCb Wb[ .ǟȅ?h4 {4d'݊.0A/.k_梃*.}tDžVĂ&,kf;)yj|jq'OpLumpţPU,# *c;̺TDx//Z"Pc !_EY Xk@cgJfbTWZ`6œt)MdFϡRpϔb]tFү8RPm.u*Afo^jke[x)^:b dɔxlGWߐ7<-ͨ?rsD[>/T-f7W ֭c|JuQi8fYZ 1UB'ßn7¯,1 :G$6% CDҀABg_0y\IK[Ts? 0~llW}|qZ B9񍝮(cj9$rX 3I&Dl[3"(ܚ `bM].ٌDCblipkA bB<@Sgy_7L63_Džv6vՕM9D|7jS2+,nB ^[ppKE`u6HhėƛFT9R54?n_fƏVK(nH~'+D4j^U Dv"meXZ@![4>i`-wr SwߵQ$wgZª/.dɦx*e#c&\J:_ok34@ttf8aoJAf\b;$%ӂΐ\;{Mp4<]7 6 }(zt(C!!gL8Pu{=^1Fh|*|JD0k|* $92tkewwPhmcSC=D .:g}<^9}㈁`s+xNU\M+esq)R! FiU/ߖi*luŸBOe]4s1tCadhB? .EPj%s.VӉ$^}_-,*&Nbw- -aej@.cL߿'O,E+ 6YV$n _!hBߩ8hsQwi5yZ* Wƥv:>[ڰ|-彭|R/j?f3-nRMPv&kk4XT+a^+gK U&pNG@$ cX!tX=2n*Qy?³ndq,XY}iu-U6eL_}Kw&Yi xq:D™neSdq k-AFvS }6ڮ) Vq@2Dvz!޿7m=RH0 7K/&ʏrM|'g+ >5 7U%iI r <(r%Z _<nE8Lޒޥ* 4pdeG7jtQR|A1`haa enHC}{fq(v K۾wC++I LzҞ/Q^+g9e*΋%6(>&>g(&Ŵ9Wv4XB9;9Vxf%2;ξi>~/)qDݛenL쳐Us0 o&9'QmА.Lm9 F4) YA4Ry0eЍ}5Zgsmk7f1NL`i +TBΏZ!+ Bl/TL1N]sl:`Q~iV2_(TwPO3߸NV3#@+^?&x;Lݚ]qgP~E'if "T m/9G lf()}Y|鱯‘0V ‰M ){jޅx+sGE"cǓY$"ayH1N oqw(ٶ;UNN1ٹJl&j\Y?%L4f(vJaXKUAt }֨w})PķS%SAhū1FCQm+Ł;Y7|lMC'kxZ/so-pHw&3ze\E±jvCӗ~dVw_tsg! 1${xboUH^hçG{HI8\e`Z ߧ0TgD!UuKP?^٨qY|yҴChg@񚓯}ڝ^=H^b\dH|3Llcmtl]@5Q jetه4iY8 /ynQ'%_5|6d t7Xt`k[ZTE7L:d$ ח.* SKk?e{}*R_PT[WTld~þݦV(be|"T}^c w0%v}Ώ@ ~ͷc~M]CN)LqDv%pL#Ub={Dhe%AEϒ<ĵ2)q;6!T/~k@L < !Pqs0eaOǭ].02HV5rO`s,"Z'O|'p )~ -Һl4Lh&8 F--Z<KU{og@WLExp֘5*dҩJćex8mo%z6(L+]96f!8J#~t?g#~œ#C'Rq%i/r 7g@z\d .a{Q} taPVH'է^ZtE#u4YvZfk3#\+al8)=u!2f6A c*ޠd&*qSm2#+I[khEI]Z笕XgN Y6Fn=vنUAӯ,T # g>j_ U<6gGy9+3DQJ/2Bƞ o 5Tr+-> ncv˸ߙ!}"#Juۮ >\Ƥ^R'v/v ]bTV[o;%zbʕj$7H ، u$8)֪N^ ŀU.0Z?ƗD Otin1m;jEuLֶ Kܭ݊#oˇVV7- p7d9|MQM= o׽mo&9UzE{ǺQ+B&"uvl.CQns!i&l[1Zű5(o:nC 7~ Hޑfɠ>=4F)6B0(8*(=rH0~ˁ p] CqFxK`sTp-IM m(e= U;62҇:xG2*E6+e g+āl=QaDCd6K{vQF$ Yx&s0CKl8Wt SXűP k~%.];n #MMP@-g[^+4YE7Vs DXwm eiӋs25G+n寥GCh@:#6Y/fd=3I=JvIS7Gj_ jnN dV?_v},%jw8VE%x_˜P9Vh RF?B/<`d<v&6`"*Jw֐MûNlYyJ*XTAZ)7x =q7=e1bd,s Ge=I_`<@z?"?qodXc;QV9{+lO8Rtk^2-)ftΤ0ak6]iZUy!/[~)44F/6.yF1`O8Yer y3IazK\UY x ҉?[)zW .$>lmx_ZrZ*؍J0lB/#IgPj6zx6XSJpHPkHd@4d?D}/_K]'@ß}wp 0ϡn)z@9>gՁ+ܯSQWiy\"LyN*,`2Za2,C5>δ+XhI7؉4{mM3-~Z#i4 UwʚӤyB W/iVqڬ|y^ ~3Y6\}rZzR;|vy9._f!=4TP߳ t9F+آ9`%w!yN!"9wb*A8((_ @/SDvܚB}iBN`ᢉ$[1^sHȦD/a_4ƲbɓV B %C$#Br<$KFVgs r >K ]; ^ӴZcǂBmtpKf&mx/m!?fQh,R)+n>Z&,iW& &X@xCZ'r*G]7%?Y+Q{ {{lƫ~|v[nϾ24!Ǎ*sW^{n{f;?1wH" w*_=Le'')IVaU돸&.{z]h*/*CL4i6bPg_^7I7<%d} 9/OΜ״ rv r5rsQ~3Ϧ`HO0i6yw@>d pPGՅu/Z]XNKB+o0|Zuoe?]~R|gJ7J}EfXEkLɧqL"dKL] ϡr%2N#ob`'Eߧ[$f3CFXD ;& 6g?aCkxmJ:hyhW oϔ$j,EUVLN1P{?1TnлVP0IVD6Pp^wa'Ubeƺ!n^(_#[sm1 1΍~uW]} k{,NBDBE9Q0=wJT~jt C$ٶ; (uU"Yx΅ئ[MxBhC&t.Q9L nNm#H/ead[xEJI^Zj/ ilՆ٦Gu6!sT}׿l P՟3T1[<&Hc 8)N̊Ue(J#iN5hغp8 uΑXzF.@ ˭l7h@]"SUϊ*S"Iv%3NN i:i Jb2Pi I !?Bqzӹ1?P8wO,φD_8$ޜsM^Nr.t|}Rj5-YCϻ&8h\'!L FNFa~ϙ`,c2Iښj@*T*!8O'|Eh7P&pgCkJ3]i_) gjķ[/5'D@Ոļ2v ̠@xqT6t oW,SćjcJF tu@5X4Ҟ d[U{ˑqb+_nT iuZ{9'8$5z"W뫷1 U$卄RBூiݺL(څW,vJ@i X cI@"3;P3 Fwô켞¦ jg;C3+%Qn{ߧ7 S6V|iF0R-qTޟڲWX\D|\:,VwbYug尞;y.G3}<`/lmXVkte3i|pRB_iRHRKl zBp3 KnWtW+t ea*P ~h|iZ v'Jl rFX+tu"ʈL?đF(8S,9ʙ ^;4i(b^r̬j]CKuz>7p*sB$5͘LrCQwh:(\(ћH%ʭzzS]\v.9|jUv+V;!vQCloT^&m(:gU`P淃4#tHV e3ILV? 30#:m,g"!ⅼ=b5d&UosUz1d+7ДϏdRe}vOS]^XCh](+/&U}.=.ӱnδLjl@q882 lG̳@-0la19o}x'}"M?5UWS`M[:;᷼bjy8Le뜲iZ,tzʿNHc> ێHNe rPѥ6O\d;R=U>תq.ŕ7{tt3؂J_PgKy/.MR-iRu#͚o4ŗvd|!tn`u6?kE9-"c[5,}aa.|!9{&` \w֭.h}d JbDUD iYTR_CB֭ QDDТ?:46z/ve/x)ste?&lQM/\ReG:% G7V\j&yίsǒڬKwc CGd}nI1% ?[>KMޅ@RS҄U$|4M^A5%qrtWݼ3ހpxw?BuY-ӞvQ|E?x8ZPmʙ Lř< SݛY?$d1cz*9ղzv9cn6_Jk2\C,eځ1JYWk^I?ܽlV`3OG~\کMVt82tˁ +q_tWJ JP\dkrZ*mrX?MƖ>˷oׇ&@ )3יm-L2rxJfA]5)m瀊 $gju_څ{FI.. YL&TU—pVy'TE*<ۦ(C]fhhwXCBXZCmH "2)Ě=iKfPJ>KᨛrwY-;9AEQ(O#Sr8 8d I5,%#0noҞ ŗ1E  Xn>&OV%W$V}m+P"~N};qz;zk {[g"71SxaQ5nLp~Ls|T5`367 //0h|@Ņ|P+"K#ig1e;zyr ;;ЀeC,Σ$+,ߨC7a u} $j|!C!6 t~bFhбLK%s2oo!Bc/v]H'LZL(}WT򎽰9dƉ/&}wlFpI;=kXz?jQ+c7: 랭ƚpK`͑&OSH `T e&_ŏ?W&ԀŸ5mPI Z,T^Ycz *D NN_V;[xD'']5w|9mV0JNap+ttΚ2 =֦ r6sd cWC1.<2^%<|X_V0KzF$.)}YLfpf^,eFh={y)KmoEͣ+vY;Y~Yi&05O'*woc)K9M`qsNB+m Uv+*@%-EY}]O\%14ؔp1t%{=Ie vj1|H"LN~V2>yu;Zjr~dࢽ^W[&Y;e,s})'WdtͳL[:tZ( _^28H6|?= JSG җSq };0?rexBQʚRwRW1zeo0&4u,i(sT.AG#%]r=H9dvwayy/2wYSW(/ s 7 a|o GDŽlD. ^HK>8;+Mܵ IcK b: (.H"d'E5?r$!Pf%In T! l+Pgk?"q :0@".Pc,cŀS`+ī//R{ø%<հ\bƃS7U|auQy$YpAf;΁0]/D%̄;=.BKd.$lKEgKo^w_ Elu2ճǒ]󎂆A<pWbT~.oAo\&HœJW򑱋ݬZ6!%dۆD}LtDT;~Q{1$e U vVC<$Spi_,㋁hr+N.9oÚaMckYNGZ6O&5qʙ57y ϢdMdW mﮮlۙ<g#CGJ xn?iP++\.!6~T>L MePPk㍱?Thrg8i ~Tp"5f@sgl5XLuy:+Y37ӳB}ص ^I+t']YW3ȶpe{$*1ꜿD媚 cjlFr$JnuDizA \k=6ATC^}BC{ZO+Y@L˵ 谭iaB =Pi!E~덋{`K6NPfw( 39~E5~_zE]Փ0z0axʭgPԁ/S"&r]J)~•1Zᔂ2.LnJ>v퇡+5YI:xo8fn7s8qSW+~X}rcO=vB :*ʃf[]OEnڽdn鐶 YZ