nss-devel-3.28.4-1.0.el7_3$>y(}:eġ7mJb>8H?8d   Q CIP4 4 4 4 4 4 4444   (@8HJ9pJ:XJG4H4IԠ4XY\ 4]4^׼bdeflt 4u4vڬwۀ4xP4y 4Cnss-devel3.28.41.0.el7_3Development libraries for Network Security ServicesHeader and Library files for doing development with Network Security Services.Xƃc1bm.rdu2.centos.org CICentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxi686  YRCyQ@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.28.4-1.0Daiki Ueno - 3.28.2-1.6Daiki Ueno - 3.28.2-1.5Daiki Ueno - 3.28.2-1.4Daiki Ueno - 3.28.2-1.3Daiki Ueno - 3.28.2-1.2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Kai Engert - 3.21.3-2Kai Engert - 3.21.3-1.1Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Rebase to NSS 3.28.4- Restore ssl-server-min-key-sizes.patch - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W- Always enable gtests for supported features - Prevent ABI incompatibilty of SECKEYECPublicKey- Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Remove %nss_cycles setting, which was also mistakenly added- Reorder cipher suites for compatibility - Re-enable BUILD_OPT, mistakenly disabled in the previous build- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Mozilla #1314604 / Red Hat CVE-2016-8635- rebuild- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build  !"#$%&'()*+,-./012343.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4nss-confignss3cert.hcertdb.hcertt.hcmmf.hcmmft.hcms.hcmsreclist.hcmst.hcrmf.hcrmft.hcryptohi.hcryptoht.hjar-ds.hjar.hjarfile.hkey.hkeyhi.hkeyt.hkeythi.hnss.hnssckbi.hnsspem.hocsp.hocspt.hp12.hp12plcy.hp12t.hpk11func.hpk11pqg.hpk11priv.hpk11pub.hpk11sdr.hpkcs12.hpkcs12t.hpkcs7t.hpreenc.hsechash.hsecmime.hsecmod.hsecmodt.hsecpkcs5.hsecpkcs7.hsmime.hssl.hsslerr.hsslproto.hsslt.hlibcrmf.anss.pcnss-config.1.gz/usr/bin//usr/include//usr/include/nss3//usr/lib//usr/lib/pkgconfig//usr/share/man/man1/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnuPOSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textcurrent ar archivepkgconfig filetroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)RPRRR?7zXZ !PH6]"k%jocÍdڴ4;ClCCa>q\`Pư?l?1l=vJc ~{BjT(D@V% 9%<M$]tz\4pt,@%. qEqӰ1xF9!Sv]cFQU%oMvZQ 66P:_Uje~t7Zc|GmXi*+ Iy1)I.PX\vSC&"N|Vf ajE7GfӧVDcKqv|uWiP!8<`STG/A>y"-m`h^jO9ds[ ϜM<0cSXy֓q?"/șdYqky;"*ǐ$h DjEeBFf"2= $2' i!SLpv2R㤡jԏb؃lU-S8pl HknJC3bXK"bpIC?yэtY/eOwj'cC'LH:gIbRD+5q,+VR@ܞT.@tI򗀿&]IԊ(u ,v: ͜=8ِSUa :]3CA[$3r7lL?e^:Údn!lݰԖj̲bE }Oe5w{sڥK)GHzV^L:7xfЏ 99ll8N7ywI;[tOgP!E# ]8q v+ g}ۖ y^x.ɧDtpz}Hk>]8j#ʯ'W?-j.c066K}#zN7cai#&u"(_&Jv/fr^XJ((4 Z00D:J_b=d+R"lE4r(%y FNY)F^ hN[ebUeLWWhHE?O+Βv+]mVNwͭT,Z"_B1E^Ȁh"T-t&Og>p!/ ٦h /yɇfzc`$*VeRY uVD ^CPltn>Im:M^uwkI!9>|y먫rQ/lG%12WH4ĤANq"̘1 Ո'_QcX꾨1kF*|y3JEÏ(ޚ329:Ly950;r`gv8S:Lb'QsWn+}V!;ڨf),+捦2e)TG4}|=ω?{MU<QWͧCL+I$AXUEX)\i}EVCJCo,@0ʼnq3 (6WyaPH ^ьA XREbuk"Io+uv"%ŊD&.WU)zAPy^:ۀ1}7@_#Ӂz7 ^H*?wG_L+}0I:SrE~)"/'#@oA=& uؠ[׏skA ZQ+C}n5>YLw?Ǒq'bAE|,*kmtڂr *AZ,8|c;%V Hĕ$)E%$IA*='zb7SC\8e_M]p)[ss!fvG~>d.<τ8aQնYu~ Sof\E:s}e,4C^š7s1vC/;l]07T8J4YVSk*Wl]tȮ`EI+la"v3F\>"@&dAF$"H=lx 0gwC^_l1C)o/ /uzp"pCcR ӎ!or)e[ٛH27Hf& =n>aj B+[Ni< *I@qh^L"^؁mp/[a70UNԑOdL΄0 >fIN | @<16Ŝ|@VOh;*;OV`h^FVh8{y/tS"|1qa۴)牉m=/s}'ųB%"ͱ0̏F(P>~ЋPN֢!wd$Q|RbrS8{?/HAQ-/ u>q-ʐwbs, H_>ڶ^wzT_ϡ51J[$:f[}F϶M"_{GplzA_mSw믫-}5*<^ ^܂iE?gXcS6>C-JKM'ŕ51#^Nsؒ6e/?B)BQԍoPfkk3wI[M"u$ގ|+¶5Wf,P֡˄gw3WC~m`<a\ +el(އP-[gLʙQ/EHWgg.筢c*3<ì\D2Yi@_7ƥeUe.0(9$ *IjnGH]tj)a[4؋JPsBϋQVK -T?F1@*J xW@LEHuCP52:"ȣUe-hgN@`AC3ڴ3ˆD4Ihh**;-b+YWLۖm=ɛ!3<<7D.X8Mh^Tz9#lfBէ nܬu'm B 8 &:Zm4\(Z>u,.2M-Z(3JopU܉lf2ȤBZ&Oo҂l̴ٗTӞ"{2ZOzP$HWci:P=p.o,xNV#kUYhdaFk}݊fGX$8r`8֍Jֻ".J> X7X _5$#WxX1$n8 m~B lXOt./WƔ`RK!DlA['C>r,LngaauwGŒ'Q`n'-m:ex/?=:tRJtΪmZG-*PC#-2g^dsWqTB,fh+T@zDXc.Uh565g^qZ(D{{YOqEdY;Þ>2WD14rqC"h^RɃ_ 4;灑Xg!XأrmZ)oTM?tȱNVЦ= VqV:ƘOZD/׊@P<z#. (OIJiw*qq-2Ec4h?ƿ5~W8Zǿ~.jWVsp5Í 8H OﵥBLmnӀAy7I=Jis2L/ F/^ oAyzs)^ViC{aL( : O[_A#B4WzC\.3vEPvjq-/+ǭqdc:zqފ**< I57$û$g&\>@XIgyUgfBS+[@_$Fs2rszf9hE[ 7!XMA C*3݂:H嚗nޓU\&=?mCyw)\c|ڒW72vN56{kS]j8L)J%qdRs$Y0.,N!,ϥ% bA4;-: =xsCVfO-`.]f;8t q3^@$)b%}[7#mMFG(pNfA=s=ⱿzUJ^ @0(tR"$YLao"3r1B'P,us."m ֨`0xWcZZU=P籥"WIBoZ݈ 1DEbfw_*EyN7 D;SGHq{: 3'eCu_PCDo~cD.ه+Qz<59at@cFRy%!|TؑLDA02M:ĽZ$%Rٔ"Z@\);Կ-ePJ]|l,Z)`uTl+Ŗg4I{.êd9_N[5XVa:}^ƚ_ٹ$+?(/Мz7|OV%._W &:Rj^#In\K.Uax:ey:|-{C!. }Y|Ǚ) :zj!r|& r_uCl,iZOaUS!s<-"ʔ&f0ijs}ٻ4%չo7 ?NsCfSi}@bKd*Lh,BVx,fhJsk9l giu2s[zmAv4glLuu]yqcG] NS03jCʑbAĐӛ k+R( -YtϿln3ї$1MHlnzTA oyxm)>zC9x)؃Mq+k mz^]nQn^j4R} yPGƕX:@.´E.}2s|Z|d ~#ZXg_6˸m/QK˽u5TDoZN=Yc%JTJy*Ό"Օ'َ!ʘeg-4۟T2>S h?ꅉ)@ie;uԡWڴ[U u(lM 1K!ST/s ]yjR<(g䰂3eM'!D(JX DjVd,2&݆GfcJabXQL*ãPѵo{"9uo#ѮM`< :d ~'ż5P(Ю:8==P ՛!Wy6 P jdX[7@( R tBJ6_W֠>%(?d@EdLX& g@^ctB--MzZ&}m];#tB#|k)׳i,rt3e[2SUc@j& бƆWj;hw!ͮ DuT@UbUe$up5.*b;/j(Hq%]4?&7 CMV!3,tzk]|t}%uݱ-`F MeϷn=(9KO ]Aך҄JLy{n: h׳AFF$-*)4ݝ[o,G@a~&ƶm Lڢʅv'Oo VR 0&r9- ڈJUTqա2 6[*^_q>߸YuЅ wCj_p5.cTq}q*Ӓfy?DZVAռOJ$LO J}I]Nd.UD!ZKa٦h W2]\F݆ۘSWX.0#aț#4lnL[ e)mDoN ME)0OTk~IuK7d]E59ǰi+-s(i qYCsZ fXp^ gi{Q` XqCC >F †CRϱgĭW4ۚ#v<+n_āE&(vq!}W_O t.KԼZn -7Q Ӷ z&}JޣV9A.F<K8Z=痑( V̵_0D̙&j_u9@AKgkGIӱkt^`CoG7!vHn.EiRWhўdKv|N2d,|>on(i9$˦MҞ)PFY0JwR>{)ʴǶlQqDMwr%gsrRSnkZ }rg&SM4"62VX@x'9ߝ}>" yDL0D9A>`Ο%׏cIfwvАu6p^ WAC9A&"q^b?SiEfq{TK*=Y96>nEKmcU!C&M=8*3XNɯ7x{߬.aMFC ק_=I@v=4F"@"sΈ2c}r ,O]j#i7?CEAsbD#"Yg.:"k쏟VE~q#ff9HmRL:fAξE#~Q9%2{{4>0<,8cr3`gDHrQ[ rǁ1:ƯJ)|C_uCd .:^sHDۇ᣹r@!4<,q ~ l;.}r[D8Cxy.y >zhPV9FY5ɓ]RSX(5mj xAǰiؐ@΋olYMEV!(6Jr|RPU0/ FOm2 W'`D@uȹZjg]ÜlʛB9(Q&?e|gVIBKPm6!4m_q4rNh-\/ Rlė P 6_{Ēam|2m:duX9yCZ\5I&dN } &[Qu-+d*g_{L䃽x@]?aEBتh_|h@ 381DbR[.qj /[5EN,ǯyEi8o VsE6yBi=#\D@3'_,zçIi4Gg )f|1=6会gJd(&f+Hhw~3ole(\b d|幹GjEz&5$nZu%Iz/  @HH#:37C3Ȟ'9Z/WTo}"PM+{ЃtJ'BXCru2ǯ9vy()uM_< +P;y*~T[o\ #~^AĈh@'HCf? J#E G,۰T@O)`weJa]p;Ag!Qκ@Sx-ۋ}ݐÈhxi,i9_a(^`JW ໳r&Z_]LrRaQH*J$՛&- ͬe RqF]jCgo0=oSy]o XO='%sI M,Ɵ>-!i$$2S5E~;ή03'0D:ref!?~*d7N;ḿnEXIӳ–ss%&H}faPcP˗hT)pI峵N9OAC-s j)fX$4dr܋ĿkIkBȸ=܋`ez?qk(UJu)Wq^1✆iSl\xGPza. J3*3]ܐyYVĒg>\,b8c]t*Mu O$λTkCKQ&}@-UVl5[AE!R{ijO[ G;e`w[9<}Lj9XKS! R$Bvp/v~YXK仫R:NcA 1ʇ^&p,A~/pSd3}xQF./Lʼnz֐Or"ϊ˜Q&m 9Nc1TUȎF7BriEnZjg4T__+cGa NϦQ('Ҍq Qiʗ; щUGyghĺM{˩ V-~9:Ӄ|,Fڭ! 1S2[❍[L7 j]:luͯ~rY{}ܦ;)H(EwsSڽӏ$Ayb8L'-|">s]ZҲ)Iq|M/h 1ɮ!)f،EAK&#V#XbÁ@4,;PPt5K NI=@z!&; brX'a8 !#G_\QqAȽ+f4~; ^e38{?V_ɟ0{aR6u3[gַ4y3y+;%@9Q>) 0ki䈉bM#EA971wA^f鎶 D<9dShbb),KN@ŽHbDqm% 1/aG$Xc;o?h+gvwdEk*\& *;?ɑ-ӓ$ j/^f{Ws,'*|00 Qafldؾj$H'Sxd>$g]xb]y֛/S8uݹdAG65)c0!:7Z"^mvz{]>ˎ9{ G"|e~/)i^3[w#yl}y AGh?ueLVwFs&6V^HX?`/`(wJ߈,ޘ@&*  /Ee^=R;6B#D80B vuY(4n%Lu@.rc0noantռeۡ&합$MR7u_%#xV4pWekHlJN*k1vnډАB=eilv[)W1ȏAW8igB]k>߯ ,_p!aZ<ܼYeDg͕p5_S:0j$S!K%\mEȻ!w1^~k/V&9xF?rpR:yA ųeL潴M#NKƅ-5‡* *Nfx+ۄ'"~ء`/i26olpQPi2ߌ$>|QL{dR`sWqE50; A+1wNKp8XkV-}6_a!,bS$&!什taR2T4yM !yKeD{C䖚49l{_c=8uG5mVXAC~NbdWK%][V*"w&EL^]u@qYHUt1M.{A?)fxdZHKMN1Imz$גC-f0}~}mlwNF_ʜ_ S#1 bҍbxgaW` ˜A| (Z .1в5IeTf~Ib 8 -Q0?Nb2?x'#Ic,-1P&zbJvk\UŎp碃ч:]6Xcr@Kb`Iˤd~2eJ8]~L?<Ϲ0UrR,p2zؿċ";n YX`<z Og;~: xf3.L嫶_ω}JQCz:>$n7xcMg2J)_&YWYɢr~ 4&=`,xQxjHKeTcck5߹2w+<퀮4i/GsnEGF]$(m 'J346wKPZCpʩTR3/wԔe*XQO zt8k6r̈́S}|%V+*{꾐z-΅x0mU[+4YCwx uN^tHmuaYy`CI!~u^\A5y,01SLF~o<~4OsBSD֥!<ܙ&|IC/rnĂݻ7A!89USGb :tSV\wF m]qgҚ߃I?G Ӎ;= (+GpnrËP*{ZC]sZ-\Z `|4~l5]'ߢ͊sHM?D7PU!Lʼn^r ޕ#T8wʘflk:[abVYqULe?.L 9J,=']UI띄{oI|hY-v/aw_YIyp0Jyt= V{zFכ51)(Wtd$@@dD?1.n0Lj1`ƔV2Xi_lCo&W:2qgZ"'9.\_POt?3DYduM/&jiĸ:2`,u6@N1'F3Nl|.!we< X{&?D N`Y%/%>}  ?L0bTHAX-{ V7w/dž! E6\} UzGg`k4WyPKR?㧩9]CC/ʔ8g`hTpWV=y1_ߵC5Ľu':ɲk!iqy =/Tt*O5^h綼Ik#<'3Aq˓L_h$k5R 3!JN?/U0wJ}TZw0jhO믏|l5lһo[UqkBo+׏2qЃX*dr\i 4cٞv_e}oaOu5rb"Kr!c=3o'BX_Y]G^ZC3 X/)5 [:&abh*byĤt"Jp-&f# _-Hw\ϸG@% e[̶} g= Ljy}P}7Ɵ]R}Tn/-c7'n RsONvsW 8#aJl> nqzn/OuĮ"an QK-f YGxJ4-ډRDB5'y|88ֵ O ,MPMvʹK @qSvm!l?)SK.9A]>q1[>i΋Ĥ|`wմ(#JCAeʚٯPvW7bM`ẃx򣈠=}J\!-zj]--z{g?5f)aΊ 9%&fF{H]Ki[ؓw̷_.Clް˹z[N̤]/f `7#d5,;;Η 5CKnEK -y;8C!)^ʨ,.\,y}UQ;Cji;4 f܀C4雷8)b-VOzKpR$=ף@^0C0XIbV։=Pd\5VlI1+ -֪y\ n(J Ȑ \5sD _83ƄBHxVOt?7﹃h Ԃ Ht~%m+W]ALv*Hhy k 1wl'y:d}51_uʼnhfn4d_y߈%Im !G=/D W{꾴zadA I#{Umpϱf^;‚nxNu;JHm餂snڊ/;{bZ+ `+N (-׻dap=ٷu.^"bXGmeghtZI 4l\E[I}fj<'%!f 9#}{̩AyR$nѨN.H 쌟m)]ŗMO-]SlGK+4bX8䶀cltDZ~h35"&WO(mg/hi?AԊ)<ѻ+Ʒ[ fOѢmA.ux0G al{Xq+j¾Ӻُ"DY =B<f`rU{k!\k5fgP>XV,L0=&Myy~ eeiDEDWS.TA~?O)xtu{{|4k_hv[M$;vȇ!^N)ɕ7{L.Bu F1wPԞ峽POZP|qcdD%ct;0 W"7E{|A#B](DTq\.jŷvV=.k;b'HܘZ\o85m\:Sy Z>.EI-AYw|=q9ӱV cy4#o>Bf:]skɜZw3]@hXϚw ڠ/BeG:iu_d jTi})K{M35tzx.d=݌/~Q][P Mz{N)n+\!XG4Pd4WP L#WFQ|~&IԱsɋ3Ş .Ӛc-znAl>=wyAZi{'Pv3wj~femh]9 Ѯf6ëA~1> h8-왹'* Z囡ZnI=} R Fx37R1=/  sE|6zxAâ>,NV,J5ÔcY[@Z[큄w]˻G?Ȭ#6 mq,8<7 %vrT 74Sރ1%j蓖|zuD mL.tNVlTl?l+#cUsV]z^02ܠ3g!8,qidi&78>;Nu)eC[yhf>4J^Nt7}LG^1F^jAw lHLrca3PQ2-7!#*&RDGI^,XMt5+ep&m72Y=`w,9Z ,A XRyra?*؍e6Y|RλPήbU*K4FYc# 5bZ|rf NPBt"x] k-Ran)s嘰6weL*:DxC,z:7}€&9F=ɷ a`n/:9d$ݬT6?^}4 bG(Ir5I`8 2PgPtXE%Rϙs>>U|k)b[9bXU|CސObqf{[ώ?RtȦÿ́#% eְ7]bLwB71Cm0#Gm-4D# f f\I(⃵y}7c.|?O yYvo}5~)nUɄƍ ;l+}NkQS³z@ bS'fxEqLIiywwqF'؋Ua@dK:fsRU[~/Ҿ@.rR_4eXOXQ,ӭ-$80ņUJAjDO[ C[X,CNUG{Nb%wD^t EVGl'΄y {&l6ȌO5vt{[׭Vcİ\UrV *,'&,݇Fi(ʝG?܁*iWr3 K=A5!a.6] _%OCm1ъ*y܍bPU4ý?!S_qJn2> K\Rtˋ9IThy :}ϛ(Ks~cT{}'OF*Z[5Gv{|fE7#%lRAX]*崁J*cGXF30stj+{V3 |J=_=X` \$ |ftcfRE:U;wC5i_F_B#xIyӄznql.qLԑNC&W ,TNxa:Çݵ&HSX?k N9 .0Sv-i8%6AdZ ˾։rPqK26Ѓ>dPä́94UY;|\qr)U4uX=Pk_P9}Sc+'׌*~ mUӕB2jFpDGFm{?e~ʵOY~@I ёJ}!+}Ce͢ÐL lM\k گ@shX.*?NTf Tq'ko9: &gxlZTL S.>)QN;~"xʲ"FB211oDU [ۅ+ ɃIw6O{ui$ik`ͷzx__imdzW| m:L]raK1ڔѦtV7Gע42y7,&fT:P0F{2EwA֛Ko@&vT,^|v:?-U)Nu,MajUlX[uAP6MXF]-Yz#! Y^?NKTI(ZI;D(R/PMm5tZv9#_'_:fGPE-@sgs%S%s%!xN8ldJ8ue9ׯE7h%g7G-6t/6{ .h[@n2u o.`$ L`NLEpe+&nۅId w EӐ4 _ K\>,S QRf_OFKbI3dE/Q]k#wIRTbUY~Bvn _Jph=sf,1"կ]U+8@! ?M|c]{~HSI JR,AI{%>Vo[H]3],Ъؔoa3Է \ o}Zd߄k\,W_2f{si52nϨvМdZ1{#cGSOoSvޙsPkQȪM,Bg2ý Yկ-5!ҋ3 teT| R%X cx21,!ⅳ[^\TL^6t#ĈS݄H 7@vN^]ʞ2X6 s9%:g]|QT d3Ikf&,.(vLXmh ы Uk 2,&*i@s5i|# z~qýڍ=SרCxZsf)q3}xK~ٮj8E'XشK1$hSlnVԧ Z$?;ީHgeL c _Z.-|Ҷ tbQ͇2; 9ӵǒKO1 ;\Ri-kvh/TZu>> B^1-wSPoɁݴ`f-${),&׏߂Gs +8醣"VتC [}0D,uK>:LmV{D\YR4 n,@ߘ~]#Y3ـyݡWyQ{wřQ#ͪsve;+EM=_x}:T ZNM<{%(x".crEE劆GXj9UC\O&H&cМ-oEeepiЪm532DjE65o>)vaNuSRpξr k?&SR7R~DA4XXs(@vDo,ya'Eƫ3}rn-Só b]Tͳ*VstְkwPvO:ҦB,Z3-0\ڽ1Kx('9Z< {_~ypPK(^ai z̜4eOB;U8)4|Ƞ=j+et$`h^+P _:.&>w@ yBʂ-9 99u05C`z0%\VZhZ(Q烡#S߫*ժ [[G,cЕBN33Tx 4ilxUȝ\%#+אx΢[?R&LU'Vsؚ?F}4?WaG X]. LuQ~cpa҉tπѦKHJS=/-1u F7+%yє~0:VUg$((ą*ѰS3>'ᬳEϽAcBr}A\dM,D>$ s;+HfQSH͏M(ٗ"wbƒX+/h@Pw %3jQrP[|Q |c4 F}&p_@I toG=D/䍗0G>4^n1PdN9 Y}&T!Wkwj}<1eu& ӹ(Sz싍.1B !!$rM;+T^SwsLYל>W1R|Z4D5{.tʶN޲t*[oFϴ Azltv'['C5Vձҵ<~onXlޕ2dɫbt:h (l$)-o>r&FPRj!nXN$6v.ޡW$7@O#|,˒g ZU&ߑ lX3s1SXrL=j{]OPK1N(-bű:Kϗۘ'E5in~ԦLAF2~m, !H;Fj7sLQyMhq2 nY?cxٱR$'cX&J ܯfTomVU=NYQhWoqpkꦎzv?-sQx8IW`p+/s2W_1b63+`7-㕸o7ȵ1VЧ{* gՉlF mA_BtN#d^ʘ<1ӒfƯW̨ڣ<Y ICįx&6@a4˯)-?2@jmmD,oὢ,D"g8E U>8\T)wmgAu.M)su).KkE9BFW& ǝL}(twUz۱“~ǗT#}kgE~.k$-g†&a1n w2y?5 ܛl>z008C͖!W;Qͯ`|^JCIa?"ؔIˆ8Pb-ܿg1_ڭ^T@bĥ͢^:AA "U 9?*Cص2u.,,S91^1bV" >%mˇ -CO#JyQt'B:bk^j n͈{Xv9sF5tlڠDH}FFH%Y,3I&Q%̦^%J81yT3^Vݬ(WRxZh*vo?!"{* WҤj2*nzEN6NVax#FrGmi,_j)~U%L즫RrR SDp EUP幍"tFY`nWxdwx+qRu-F= Anw%" q6 /K rW7츜B-cǔFkq-9 |-fD`О0EZe\eڀ{+AhCXhbC8}y'fj~_q2ˮ%*ndB[T ަ~8-Ö< ۤY O~%@pzgoL ̮'7 a60q2Ȃ2[/U3CvD#֮b,}!RKˏT^ ">X8ܦq0hf$(l&%J㭋F `9buߨȅ}νvOhIUkCg"Y/wT98yT߫F ^@" r;0F%I[(Aq}1˶gE\,{;dRA;(pkb dpf>+dyiSG!llQ>&eG1#k4eDs0M@T H}p kMOBN]2M4 w}xsN$cȦ<+Lıt4r,щ&8D.8[zMg~%0[و[iA;)Y3w05vj7pP6ؾKxQ DԸ_œdU!CaYI,>#ۏI LP/J)l1mD B/qS#3#oo 1DOOHVK:}u4L:zްp 짵W%{@LG[;sӻ/U:Q[w[-b>;G拁S4C]T 9-7%US?I d|@; oBEQE;O—J!춏548!y(k&9o5}+9S}iDWA$Xq8 y`V2s#$o!NLǝ6|6]w .$Ņz.Jb]Y I>K?G}L/\-jDTeX/058J 3i#'(})l;vAZ{NT:~f}⽡/6$q7wr1\H״sM|~y؀n~gai„ŭ``X vUn)k萛t D+Fo= |SRwQLۑɐ=hdvZ+ڋ1cn4o/b'@ o=LVB[u:=OJyO⁤4XZwUy}ȉrW26+(Jܤѐp^5 E ,'vԕQ0{e,ܦD&*TUbAf-)wY&LuvI%4Z-FWˎ97e.U_Kn_c)Ljg{y/ ,W5LUF|fc:ìoo#bF[S+}W`_/ ]:;+Ǧx| Z&JƕnMWvŝ*wXk4z+ y8 ojKDE,WPZ9u0Dx’jW{%L Iidu3#O5eIs)e􀛐8Ȳ*tx>ě?&ת`ic[v.Hȧf-d*b['!O-/CM.N=;Un_r^*m͎=x5 }؍05ֳe<*1oY1E'yNLu Yv_3JRb,^E@3KTfN4F]w5kM_ 蝰H8VBKeL-kd!$OkW#\^ zjCKԆjv"h&Al[ڎqy4$#lP,߬NSB= *8O]"#Lklj|=n8lBcd;:.Xtkb e%Od&CP~z 0b>=VQ—A8ʀ1E[>n2igkZ6Gn'-íg R3j9&,t ꦣ tiax,:ŶuN (#>ˉmd_V/%g-Vgw#`C@VzH0=x=I[OSy%>UybL?J#Y!+5-gw;c8m\-3#TW?|?>Вdֽ IĂтVg5{o=f^ݧ~+,IP$0t0ՃqmX\uQ{Hq;) C>l2y:yO ɩ9%4î*ke멢hlIx6 >$*Tzþ Am U|mk? jgIwu[5 = oi,H&% <ȟv1Un 3 D$߱P-thclP:eڙ+!?]O۲Xx2ed$ݦr<-n[2 %T [%vTLpuj 5UfY6yEQ; _0ԙILwĠۗ&q~! "i#-ZL4 C8%Vv"V 󓶷"q' RfO2@$:t٫빗YK{BM,'f@'-[m9dz!sBzmd'حqy<š|XwϲOy cWk▦lµe&!J%&npRE »ݮ2jF碉I(~{'I)|VadE=i:-vx 1vQ~=^rWzf]Q]ϪcS{/yAe5Y߷޿2R,NQ)5']c"F ;x5e4Ɵ lwG*E3lJeFHeg(4#E5Uԍ*4fc6;v*P ocoꝇ3 G6iW/;^`T܉QM"tD0% ,[C2)x59xv"c-w;ƔjS.h(ϙzɰ>˾w Ia-S?{?Ѵ{P 9b%h?W٣.0sQt$ n›@$F},'rQيUQup}N_-$mdJqD\Z5˼B=SgܥLM*fg}kUo\,S9f޻^Y7<kvF4HHFjz~\D "-&٨\ ASMZy$'jQq ` $ _ ,CPhIDCO4r{D;e6C~(:+q&f\h*Y 5m?U'F7Lt15Y9wꝇG3R)'}f4z.c"Ų3ujN6a|,ƈ>v#ݨ!>5=C' Gp"Ό1X 9Re/*Vm|:H1I;;n!Pg@mIx'<0|䆑dPײiJ N6պ|wRk꼚!QT~fb0;[hzYLI9#9ͱY}-gzljxǛQ"6c_ҏv5`6݂ Qл"Ky&%:~@&mq62#54SpJȸοoQJ& u&_;ewq2C؄2{F910nB4dvSSMDaIP\;]!7M%<ޗ>^/M-5b>5cp"@c$eZD-MeRBdk9P{יj0fp\6m_9#͚3f"N%@I՞P!G_d7/͒{ꖡ^/eɏX=WGMT((w)$e>%h 9AM|~oC|^Kݠ /KwIzot*rl0hnBb>tFJFc1Fnw A';]>Tn"GG[tvWڂeHh V77>⠬'Oep0JH͌sUeu{2iH^[p!VY?M~-$; ޻;=$5Z+&4ڟc(;* twMW{UsR<JI{o2\R`f[nk2j8əsF 7&(Z]a(%7I‰y#hߗ &JIq Tjh Dܟrg 0zA]˕3H8F b8;K6\,rVaQ:OAz`QU,ՌyJjbKu2FDf`zFTwT%(N?H9BI$*[hmjw?w:z4O&Ⱦ0=9(HQReb.1[& n7)Nڜ\F&b 'a}z8_" Ԯz b+ȣNt+W `Ww a*|m,dh|({xYNwK͠e+8ۇ%;y#vFSŗ *=620Jw~_ g{Q;iB7ܟ=k֫aLhj]Dk '~ymyG}b|OFNX&7S_ }\I~ɴ!,Ef#@!Bn8]ԥ];nP5ěhf+~U(O@e~;A^7Z\3ٕ6@jjBn ,N_UhFğo%<1,*OūYnJf;*]~1Oz6Lcmn(ޟg8Zzxwi! El2}󉺓]  V)p?+4ӴKXl HZi!~S i:bd wս{B?cgdHKb67VW~Jj]zAF3:יsN5:wI-]&1 ]'q0Ԏk|#ꃦU! #?1}4xȇh(n)R,ïLVX)Vӝ=LWx)y/r%I.3-qB6?Y3,q!SP7<~S2[FԵ.:<,<[W.ǩ9+Ҙf;0[T;?ireDnm5FPHK[T@0*XJm0aךg'Z'=4L+oTCv?@Z#shYД觭 \A>UVZYcsG/Έ+JpN3" ʗ?mNp{i!X{-@zI4aW WߋEx|H"1櫥ύIK92ܰ ?D|C @P[c~B MļuS xgSԑ?_/'ͱ&[Jaғ-F$9 e2BfT 2 1uf*/( ׍R= oV [}<1 m1$$Il?5."Zzpٗ=DV'1>J*,KUnտ1%y"U)=-= 4xTZByLݰv (F`1@T^'AG XgL^64n 3ib셑N1t%fYcOpiΘ,}ylANcUpC^,ϻ)C؈~|03^Z?`]rfBuh6+C&;0MƬ'xkX5Ͱa^ח3JV~HE LYVm S@IS'e4%at\ŪHQX5@vBɑ)T|nyjTTCt[(+jN_›aw,C0яeT,otҒN%xYȰ^r@ϦԹ=<m':,yFUDs(ET-ɳh$'=ҫ8x?}o*?#t TE°tPY^7Rԝ)S鹆ŶK 3Lu 1faf@5i; o 3o(K|N\5J.— %X7/|rNIOi3gG"WZ kb6 L݉:jTQ#@WQhASRf77e ]GC[ kPEij6{1M}J0)`3zy0s!~nT) !Nq; 6C\2| 7ZfGQdz:2g'BKPg[X\QȆM7ߒrBB+ %sMwF!*5*'Yw'q&  xc5t 0>sc~E䞭 "B)ׯ:='DN٩C֩aoז'%_נ}֒<jߥGeY L.[Lוl| Ӵ5; ݑuր:uDþ3BAűVJ:اh28t"y'hJˀ7c54]U1/k80 ʒRU|h7{~΂Oa(a(Hͣ0T{/,+ݢ5*|L}v@{43}!Cޖr"( x3q _sCC#@(7^sh"P| lHAq1I@oy䠾?(YFh{6-odWT Q^,/GB3-H*lES/̼KZ[Xqr[m+kD"@[ڻh`J%s_${ڽ*Dpej"ʯdflͤ=[V}PᐁwegrN)jn^u5]0z=Xآa\JG }:?WNo3bHSglQ+7kjVyZ@%ʠ|g B>R\oD{-6qa@OLIozT3}hL"Xy`uWB˩dmH" )2j>GWae'e] Fq#8:4pBBBkJ-/0ݧě7R7162uwQ9MQyakzm!=iGr$Η;d˯^Jùrs~~h. }^2*zV m^F{.]{2Fdْr>\'9 9`'S&ǽԃƗYyD*<)70'53ZXyQzesuj' :Hu6AVj1͑ N-Vo龬7%DoȚ2yj7 |=h5<ZB_d`q]}v\i6E6מX\"Bzo2O]nߜ٩e=hs:,%kxՐM)=.A8b*j3st^@H5,.eE"ׄ ޛ_jU2OhL d@ b}UK;C9%ebvƑGIϴ Dҕ%b!.lՀشGo^˥pjGڝ[,c7 .9o=imwhQVY7W\cB6R(WnAa7ǂ!*C\F+c!7*aZ-A~cҚRṒnΜd rНg݋۸(i+ؒ\:Nf32:O ]2 ?˴%ݍ6Wr0ܣ\tbc;_!FDŽ1K? e4+4\LŅX/5#@q4.>ƙ`^?3>/[6kUXT*51.imU,,34#nj2>pE|r*+_xZb YZ