nss-devel-3.28.4-1.0.el7_3$>۩w%aեT:>>8?d   Q CIP4 4 4 4 4 4 4444   (@8HJ9pJ:XJG4H4IԠ4XY\ 4]4^׼bdصeغfؽlؿt4u٨4vxwL4x4yCnss-devel3.28.41.0.el7_3Development libraries for Network Security ServicesHeader and Library files for doing development with Network Security Services.Xrc1bm.rdu2.centos.org CentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64  YRCyQ@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.28.4-1.0Daiki Ueno - 3.28.2-1.6Daiki Ueno - 3.28.2-1.5Daiki Ueno - 3.28.2-1.4Daiki Ueno - 3.28.2-1.3Daiki Ueno - 3.28.2-1.2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Kai Engert - 3.21.3-2Kai Engert - 3.21.3-1.1Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Rebase to NSS 3.28.4- Restore ssl-server-min-key-sizes.patch - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W- Always enable gtests for supported features - Prevent ABI incompatibilty of SECKEYECPublicKey- Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Remove %nss_cycles setting, which was also mistakenly added- Reorder cipher suites for compatibility - Re-enable BUILD_OPT, mistakenly disabled in the previous build- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Mozilla #1314604 / Red Hat CVE-2016-8635- rebuild- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build  !"#$%&'()*+,-./012343.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4nss-confignss3cert.hcertdb.hcertt.hcmmf.hcmmft.hcms.hcmsreclist.hcmst.hcrmf.hcrmft.hcryptohi.hcryptoht.hjar-ds.hjar.hjarfile.hkey.hkeyhi.hkeyt.hkeythi.hnss.hnssckbi.hnsspem.hocsp.hocspt.hp12.hp12plcy.hp12t.hpk11func.hpk11pqg.hpk11priv.hpk11pub.hpk11sdr.hpkcs12.hpkcs12t.hpkcs7t.hpreenc.hsechash.hsecmime.hsecmod.hsecmodt.hsecpkcs5.hsecpkcs7.hsmime.hssl.hsslerr.hsslproto.hsslt.hlibcrmf.anss.pcnss-config.1.gz/usr/bin//usr/include//usr/include/nss3//usr/lib64//usr/lib64/pkgconfig//usr/share/man/man1/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuPOSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textcurrent ar archivepkgconfig filetroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)RPRRR?7zXZ !PH6]"k%nÍdڴ4AGc5jq^lP2A)6c]5-_0?AkJmV`3ne?ہqqˑ笚AU7JD䭬pq }$C 11?9q:,I`㹦 yYYՏ6Ռ_G, Aؔ4cLI w+-;KqmG&~N1(GRZ{˪;<t4x(}2e.W'%nAEDY=U@Qym< q&}KC't<.H _ "|lhYUŊk/v̐K|rm#MtL? lcB\nPM _B*aj嶙øUBBWFvŞW*vZ[Gn| ?֓ofAkfFtO3ի\ UXg \>1X*Y9@3+*PdR &hiөg'<*LTk"nĠwV4!ܔ5,큃lOfܼF[X6brV, E'Hʠ5s5539T:$a`/gDԔ;2rn  :EnT}ߢݫO8}=tBy6Rw6_ݿޗNvf{Djn2;۫'i)⪾: ^އXD |Z{Q63 !xy> 7/$H)T|X_[Ur930cAy7 >&j.Y`Cdޥ]3p wW%9IVk.Ji9yFf߶e49廥18^w*aKwqpk! vn^Oցa12J-/gRL }_$Rҧιy!S@rJ4W{^( koks` F(#*{T X2g)vn=%fmWP> ]Ư1\?Gkڂz_*1@ۋBMCW{o^Pqs*F6%ZScy D54D#kJO&H``3NE^4iVO;e>H bP ,5jţmyUP^gyW`D3-uÍ5$ ӀbİV)etrrOg iٶ9j[jw`'fg3Yqo*Dkmz#&c=&kD]Ve\dIpSiGᶜŶZ ?._M.4﷧DJcjW\|!OθuuPJO2Con0|kd`B'[V=e >ۆkYe5xVGGMWfֵ7>8J|C|*z2Kى v2gcmv5?\ Y:x )C%8x=&@Gg |3rO>~vs,X1{jb@%x`8\>Sp̢Wóm,CҪiŚh[fBDg#Ќ@db?KI?a:lj> w+8ee7r"g~D  5u=oqڋ%]=i5esq/>FxdafJH9i@R>5ԔQ|@[TAN{Hjci/EMIb0<ǝ@PR-|ۂf%H!LA gh*rI:7bj:\s z|̽s~OX_2N^9}\|]8L-s┡vi vh6BdaSC {|A#d{SDO-Ud"#E='0Õ@)**+@AYY\R 4.rI19|})"-]4 Q\FD 8YQ0(U TںP!'֣L?W:_ Dm|H&$bS-~h;* y눹1/X+(g 8L,Lt %xMyE#g_Zac}!?LM5eTBv,jdR'qsvL$W vFdIQ xγGP`TJyUS{Kz{O0e8AL9~rQ1 r Sk_¶vS I݉SL.pe5 (LJ=U=!Y׀3sZ.,r2F+5Se3'(w^LsL(Pi@z,a{'0`o'tŵz{CdT&\2 jM=*`ѫVMtjpD1Z_ֵDA2{RZfiҋzK f/>=EpN}Oa3/WEZk8A-`bxan_/zgsIaځ\ͷ$ .]|qva H>-Z(x#R4A{QX`*8OV{}E}XB]'/1d^q`i?Bita;_b1[.NfީzXH:rRƣ*ׅ[*msY$%bs-~ThJbXrDsFo)wv݋!%OOv^aQpY>S _F }gf70Z밬 ±RFC+Y~ n* A H{}kkhz_UxBSy')6"%a|rCckYA,~E1X@bˏ9"e,߮qM mk|i6 [Иj 5~pþ@%-{ ` ~0nBʡ߾W._k&GgP9_/-Uϝ;T[h`OFt\QwC&-ȗ#5ty^3%T 967 "qy9qA>cA^Q>i@j=`?-tN \$@}9m5TDKIvgf}lx.(1Xk%˽cPgvSe߂VAbNKR ީ0W?9$~PwQ]̖a8a~ ׂrV0KFܰvj0b.ZOFHiq u G7ԣ3 v![<Ĵňn -JV9saž&vDe-Qmsj)7ʄ\M.YKT0v)RqDVƦ̄K=RLa7-$%Yle(slFSTй 9jEbKs0/[`Cu[Qb%b{DlTC@6ɲ(dg*k8@G]B * +){vTqG.|Ms=m3Z,,w?%_xwol$U-_j._VV) c#t++-MvBgů4ep=Rla6أ(̏J/60*gNjlJ2*E:HQH7M@JPعn/NKPhL ]M K~ ̮{ &op\]IPY@ jgq7h65m]y)~YK40n֠bEl>^\Lk?rԹy F>;Ms~jB#1}Զ`:cC]oߑ"\>+] s,dR&`fS-"#oaCcT*B =o}^K{Zh+nSQ:is^>;B";pA3;g k# afNf.)mbP(^%\,J}cmh!mϰ0*=!uљ`Xy̖ND5vO:gwHj"=ʐPV%ⴸ-JTʶ|cPUjwt]d>=3w#6D9iðe=`C o#@Aᛶž갓(K-`l4߆i\^#Z-p"~n%'^S)Qב4uSq#!nYfN)=AF7fw3.xsSzUM# ȋ #asC)1KI {'c-b3.>.2fؐ(߬}os\-&XdR|::mӇXsRS9 V'h G-^w0J`i&A>lTQ5&} E0@]eӵN)2cD]{fDDM}EGו?TQ۰p~pI X]!Iv)N~Vtp"2¿IY_19/EOѳ}KTXBF9IɆ؂2>T'8 MI夆6sXm؜>34ɜ1%~HX.ywoj/AY,E8ϟ/€WAǑ/TAkɌ!, Q JR[rC?ޭk*>QJ=!(ÈV+$HӾ3J9fC&fZ0Xm,QYOsj~_vrCr%2|6>_NJ9pu=?k05 :/]ƶœp5w]"mxZyA[Ȥ{ CCkQ 㓠w3r7ْJ0ГIzC{H;'ߴn|C?̭qLc#R 8ۗɍ! ']LcS `8(H(qѠ-P7#[:.uT8]Shl8&-^]RyKur~mA%L3y,fO`꒷!u/K!6:R>ŤHVkDC{> Ðn NfE\\̍c 0E ] @,c,JORFVTrJX퓥'>G64yΰM0@ߝrG#ȎΞj~J Gv g *mI\ 2W)To| rk8M({bhU];jS>/D:ɝӥ^Sq(cf<`xB8,aJ'ا[dg?pYfcQ;7ch[iΡ3]0-xЉ`Mm/n"uo` wb. lKwj[ NpXΕ$B\J]clݜkQT܀47eTu(;l?oÆ%R>TܹLo)y]gll:LG#)3q/ӈ%}]j^Κg{b[gժ7>yA٣Ш (\ _Rr,2Vh>(ׂfA},&l!P pf/zTTм+]q4L] r"++S^0_C*"g2NJO2; 0W2"B!$NM0m`rAj\rF8g@#)݂w9$طм3sFH$8ZL5Q2bG~G|z"m7$/;ia2W4d҄t ƣԆfʓ=rDnπ{R&j脰Xс:pY6<`6ρpG71`Nj c&/d@ۂPM&s&┾{ES#k` lC,7pG. $k4'0dB[P5NX"I׺ڧU(1K^-]#U;!.y5ek(fǤxvnta1F{dlu/AvرDdwb:7 F9Z4䜠i*-U/=%6L'@7_΅)O))ChMnG~o l~m]Ъa;.^fF~c, a864nFA ? d /axG$0Gs/8Phݮ^xᩇ_阉4]1.,`gӢ)Y"=!S'g?U/Y3`3I;/a Dؾce Q`Y{C\̠]O9v}R)JBKƐ9:DB@);Re20SnE-Q=Xi 5R,&oU nH=<i(ZC оRǹFU i["SGI uq$k} E焯=h }{w} [٥\NYV #3}aAG"3L+ֻǷ3E**DgRإp]e;DzTّ^`6Rk3{/CU5Zr4-M3/Q~y1Bu rNE^aMHk g/_#1\.s"Huār9S@$}F|KcɃ#N#dj"́ \ZaD#y .@SC5HӨO/٪ lY@Zj%sr{V;M# u-,1fs>+4A@W/?\XD~_XOPB d~-E fq-(fxQA #=Fy&?B2;8u|FA]/<ގPlRzH4LFbW [sP^І>Jy(3c áϯfnI vOL?KX|L O&D^߱WIУx1BgRJ׭yYYI0`<_&8G@eܔtYL)#iMAd yݵgPP=e _/%ŸJaH5\yѮ"S+HigmUoఒ;v,Z2zCL&ɨy1on>jGYȪa?H\ Mۚ_HMjDJݭȋ*)Ѻuls E;ٳTf"kZZoۜj/Z`~1ri(NJx*sEfoVEٿހX9'uFҾj+̣L'?g,~t(Tۥ(I72ߒ.5^Jb8M1&WS6Vu臊-nܖ67?? !{·|Ԉ4v ,O+ƻQ`Was!?"b:Vָ -ҜiYbҩZHLY:asE`_C\X{k]eHBK_*x-3anEG/㉉ 7l&;R_dᨡ<̲Ʊv OpeV߻E"*q AX[Kd&YL>Bx_!(dnAͳ?Ac lgRH`#sW}笄f/!/Ik_ρulO,,_/K"aIgw"5'Sq=ps FYҺU=ʼ]mX.Aa=_IwˊWz _$i^ɍL tl{\p.4 y~&+?bdF4Df+bIgUjJi FE8,=DVI(.l} Vϳ{lˊ] 38*ታtc[-ۛfb ݒ LSƾaEiI UNQ}0DqٴDZљ2[o1 }= v [ѺAWI>8X4l9u&!QĨ<Z\C84beό:?&[<e8;Cn Yp)~EZf\h',-7=pl:8n] EH.Ҁ|_2{vhx.+Teo!xF@'EU/:JZCتY?;2h vz  am_oʱ/A:IYKؿDHwL+,W֤N8آ"/S|\?W<-1+O qZ 9Ȉ]~l#U59XCxh&3%w?~P`Bm_,ewAUEnjd\3y]IFHQ7ؖLSU7©8wVz|RVlN/mŞQE' N {1L9JM}Mp>4sLIlDZJiGT.ao]kp3WoSOiN ԑw6L5lXTV$cm ^@\|X6 4-OgMܸ3-V?RS~T9/r^&G"}ɻsI[~`U\VWyGM'Frڵd(d{ݯؓ6t x49 (nfkBs 1Vxp-:b&y$?^X|;L<",l=%}ү'T(vk @jlYP~\]*@)+o&9,&gV4Jx&2]1tGׄ_`V[$oKLWay|YEQyr:h(xJ2l0DXj'}Z<>ʢ_s'G~Dy('u*WBXSڡ犋Vxd,e ,p:g\J?z%? C\pr]!10JѤ &aho?ݣ,?Am`fr1DŽ`>ԥ|ě^L6&7(z4 lS”w6A1"\Қ0Mj bt0 `w +ryl>4};ԡeo8<¿Hzڝ4Հn=[o[Ir! >!bF崵0ZY į*f^xT=b!^7 dXI{dZe/gz(|wΖCDEr./B sP2qrb &A v($!J(I+p!rH?-S}uā鿝K<1(|,0^ՀXVh8`VlPjz_Z?=W40Q v 5$r"jDH.tѷ]_sG䀭@P(zm? 묡Adva~-nYÓ[ikUyE LcP*~ÎUcӤ?~u: akB#4bM-MQ&hF{4-V- 6؀B#tU -r@ %@0)jF F5nr= G0QWtle!#VT+~&~;ʲ~kDž* N@!~B2N Ky+vss|\ib~,*ͺgYOg6T?9 lT(.zZdI{!!IaUE"_ }UJsYJ8N?g:0wyA2$B:~׋Ic/\QpxH++9Ue\=s8%32Α)~B%W=g$AB{9hCƿJ w;s'P3< ixV}ЛW"ܵWk q/CU8|K1}cU1oY>s.~DZȍ (}C sٍ?o{DA}ϓE5ڂ 4Igo _`Bܐ:?X_5o=SOHm+.tDKݘ2ޢ>qJ HX8W}}qyHl 96l1mx( TrG7(e.`}jʐ mElr7믺d=+&SnR>_}pJTնֆؘm# yF)OVO(¯2֕CԾxݯi'7+RЏ=njqǚ@!&ZbkR12\et>JNH3;Zȿ`ގkxUFb)ʨbOqE'L-uc Les55c+>ZnLϪhE#MmHV܊$z6ܟHr$CAD@'WlL)2LWglV3~̸H3]ԝHaj6" +) X]~VT_?#zs! t׸>qM56D7xhM`aVFQB>66!=GW,Ph™+ݹx[L7̰9󪲊24ю?}fL#Yn_LDLL/9%hͦtSoG~}9y"ZH̟&F^[tVnSj6GE=J,%OX&> 1'tRAMf! &"s]#6A yfTEY5c&~p_m2ώALv|)6_`z8g^JZ_`):wl㨧H{ǵގ{i`F^OҩK86~: GðJ!̗a3}4"{GŌ3 =мfpV2IŲj # MejI^`Aczh*5kAn[|[QMNlEͧܔVfckD*ZԘG5I :< ;"0)]6/ Rߵы[,YIκ$kQro\=~u+#O4FU&[}a?;Iv1ɪv /~@P4>,[<% M);&lpFuDfzXvQlPC٦fpv23j%w0nR.oęYP|8}y"[C#D o -*Y:6PN?2n.7; S9E#}fk22YEE Ǭ ,ELMEYj XPphR#khOy[Hq4,VH==SEw2eM` ƘToMI{P^L_BӶuӋ ޭƏlvsX@] ~ϊOX8xg_>@-!%U%9><֖'|\cd905{#ZtDvWYg$j }RI?Nyf VBL ( 8ѫAqD%'8e+2pYP_bYn-ИfG6;3u}?N,-X/ARc.|،1oD+yƮS(陹#ޔk4뫣@2`}R@,>_Y"Kسq ɓfQLdQP#JCG&Lt|ݏFM>a)ɓlѭ9BtU ةgFu%rU |mtf]DvݤNzX|K]9d,Z쎕zcقI f" @t[=m#TlȨ#q[ᰑI[coU 9`R`]A73t#)D56{=nW0p>r_oR߸U*A]2:7*?ƫEܡ99~k\ĴpZ>@ԙ޴jwj+1l%lNe3Lt?*z~JJ\.vz3q^oL' )X69S."~Cߊ#3U%\Ooy3\cJhR25;*.c+Thór jƹ:ȱHfik H5 V5)Rk勄2\C5g0tw V@@n Tz.0AfNTq[J:ҜFeh`{FŕQ9 ඨu+ Ԃ}d"}mn2p*7u\ޗkhmT0{sr8U)z{'\q3Ak ԠuA^Tw9 95#ͺy,30\T~\#^'@Xpħg=*ivI=j!OHnx>H|ڧ-"T9Ä)K70W?Zl+nBor/V >,fai}MqzaqfSɮ/t׺ƩM+fLe~`g|}a& j%3R0Cn-I+lyŹ-Żv7IBy+ֱi.fLgWBڔb*O6NsD4O+aFv>Tb"Ut:0(=V$(wZ/Jtc ~- ppR̝Mm̢̞|mJH2K@qX5ľ}ѢbM$JH%69'"]AO+I;HK$YKP`!.ʨΧ&:l%U.Z@c;ZjPqU8-Q9o7n3'wE~>6(M ޏ,'GGRBMF9z6}*ϸ:eOrݭdүժR9ʱ$B0ڃ3\ΒVo;m&P[>JY3ؠY*;N Çp x؎#ߏϑcм\Pz'K1TTd%E M6DG [n.U5`ey%;$|^\ǝ:8a)N^kMrXUe4q;٣ }- jkHgjYk_Yz HޝZ)R!ȼBq^צь%ZpIN  n% hY;bB)ZkhRjkZ]gTZ0Ck%jMp8g{4urB吏'^14+ &χs.ԏ~N V"0~>#Z{`,!g@7Ƕq\U=&y3!P5x6].w(lb.\zk ^j9\ O. 3{t8_ !K_,pOM*:s J xurefԟ%T!\̱E~ Gt܂!+D^gA$ 0D.(N{?a?ZIĊ0|>6s{>l#.]u! ߢlDm)n>̰*o8ŕ,>k *KaG)Ĉ|b-5LeoN7B+9f!"EmwCr؂~\M}:vԯxi^vepfW8c794.jvțZm2-?ť^jEC'*s#qO:dTk~l27J,YL#. RM R6:#"'ے3?TQsiN |t}EA|Ov ]]!wpof蠼^]|,sOaKC?[m)?\Y}p (PhPw~ ^5ΜlnTi(.vw&תs*,zd1*{}j`)][+eSBEa0]`ZIDlyVfA?NpOHC~et[ JByDz^(./c(V3C 3(Z+ LJtΰLda/>w/'[XAb`pICo})Ih hdzڅRȯpN)z<亲1OZK/}_uLI*ٰ7H/Pv ^!|ڮģ:S~DUq,H\ڕ^?g>Cu(KSnc"I3 =M6qܖPL"p'?v-ŽYyWRag& w0j8Txu3lGakGX(՘D!-GP`@$=M)DJn&d#˨ՍfJN'UcȩծPaP9:-$̏/@P;,"P(DP= (D ͖\oRMz T脍|SOhc ʙy[:iN e zaH(6SAf/ًEag&!nAD-MҩƷm@/L6FR-bu&H[PҌ9lwmYX{G^-!Ŋ?hEkcb piS\-O,B~ӻ%9q~2ˠƈ!;9F쒪F칉]{т1e bŰ?sխ`;VuNNk5Gl! >:?Ȉz\s ٴÜ__ؗR}.-YݰQůq_tia"NV;q}bl' Zӟ鑱ib>ra+0wu8xYمȧq'#PBV!‡i9^J2B2NɌ:CPl`G6 IٽM^K-S!2 C?$a vNmPG> 5@A3dZHLûqK@/J0^`f /0By=/'#")L R(h7 pxrLD3:#>˼ XHr(r,qEAÈ㮱*t83f܎1{@Ujga&znHcNn*xp A P$,\Qhv!e T,4:#KꬒMgQOIzRUZgPC5hI}na$;F5uXĠ2ۯӷ<,CUkR](/BX*3z =o.vb %A69,Y _'O*"%SJ7#*bxXa"k3[ f/o8 fϭ;hp,|=kȗDF60|s]XU2N$hqX8/<_]*4? /#n9 m^1MK Y?lDǀ^Ovmv\dҟ13}e[k=[NDp 1[^.B| زΙ@BgԧmJ~0UB?Trզ\ݶ¥jY$w䶻8͈UrF>y՞Y.uˡ:h C=lQ+Cz8>d /uu)2CjrcO )<:+GR)miYL@޶HV _JTc܎7B|UD} o =r"a H,3COօ ‘*¡J#@@R^ l;ˇ.z*Ik@d~lm1($k1uYxhF[ɿ?}8siJ7l!)cݶsN_:އhVr2Bdah/+k難-v蚐$WA콫)cohs|Alaa]w?/`{Xͷ4T2g~t`BP-C52ĶR:v$\ p ;v{Яo)lx+9V:BIfsS|qic~'Qz6Tc:,1fv,(8Y~ Bkoe"&b= ױl6-i 4+{!:%c( 8؝QQgM)NY (@JˠV&h:l!,Y /. Fҝz1a Nݫp @=`#*YXa6'\SA 5gCSY#Q\ՇǔS}w8ƀ&jo }VY@33m`q]3 umMi6ҰiM|:1vN(i | ABŘlI‘}ką^9'cԨ  Xߗ* /- &o/3!V9òOjN63X=R}(Y.0C/d"hTBS`//#~xM`h%%^ZIϥ [ wQﴪ'bjBIi;c4<[ӨߪוB܃goy>%O,Phľ@4\eQ;5K| 2=ݭé˩/caiY<{2ČA -W.(58Sϲs>SK R_H\M675y[U( MV:P_gX@jtVyuƜn{-!Zj0s]:(cQRRE[Gr@/ӯ h"w<:W䈠oO$iJB_:[Lq섌B& Fj2X FD "=!8b M6C邮&-USj4K/mp#BKl|XtP* BkV{&s(F~aߗR Y̽K0>1A+Q6Km8÷/YtI=Q&INvuZ|&}'4͵t̔y1SH$o`ŠZiKqJ;4%Mz  =w"Fx?&0C?LirEݨp9PzE7k}OuRy7beuѱ_ Th8=6G"Tx?)>fAIv?|X RU^ 3Ep?"zcHVrhNEFǤ9O1cNXYQy\'#Lڹ(Yo\ޡ+=|%,0OjP}+ 0OBG XN(KMy:JA :r8iZ&)25T^cˆBKh w*M̝ b8oϨjLM*?{ m])_:>Jܭuxpq*M0 ճ4,\~bdDGϛJ\ԩ8Q$GXScDy΢8b K5!~d 䯩NND܂+ʵg億6R' Xѹth^\\D6}EkfWժ\S3Pi!~}g/!I,m56V 6e2 #Y%xKT)+5 "WT}cLs"Aq]9B*S_r )oB5%*)~kapXEB~:XDKT# ͷ[a@ldPU*_jV=hqs}'w#;)\S ItE93 Ǧ#:1it NuI[M9d}ؑJ[g~U-{X|o󗘖S͉ΰCɃ /ےF u cfyz2o~}g܀WL0]8c ]`gH6|(?KGY/-j">R@Q󬤑c#T k%c@ÅB4[D z(ϜNDnK3?WH).._.ړPg)JO9WH3:&Jؑ$eIA}AN5]i̪8:M[f黬p]2)~z*Qơ%>Nu)8RY8Ofis]ʢzs'[?}Fi e]T-gm$eAtC έhɵsd໽0*T96 ɗEwv`5;n c`YmXr%5S֪^EW(^\HR*"a1]4}t~dѯFA5tD-o^WsK&SryWvyȫ e ?ի7Cal٢p]rBe([:_4?ȯyMw(3 Q ,g^\Uˢ7(QF}[f3OO?r֟B^GH7A]n&97IkPʟ @0.#B3<14HbyfQI k{ͫ%bs~w$'\z*2skb+0b^>^Ue; 'MO7YCPia)hdl*7-۠WR 2FE|q:$ GfQ BB\S:$i1$Z9jT, fsk :cDL0Uʌ]kZi< [lO'q9(N~ԝl'>yYV##J[a{碔֤g;Asǩ"Z ~b)bK3x^oJo;s:l(3GT Ѵ )1}Oh&G;p86 Lr 9Vd^j k@ v,cbN"" >䎮- :jTDgWohj|ڿ{Q/Jb)Cfxs7 kDko ep^DB1s1_4PS ya؁qxt^oFEQf'I A7|M)CCIkڪnޱcj1$KK0X4NR '#.Z)&r;G Z$&XӊǠhvސnD2bzqNmLi#H:/WzUMaf;`g oOJMo>^:`:ɪJPs/vz|ZV7j5df#p贑GI3+ j' zwpEXp |@$Iȿ: :L\/I9ΑlHZXJ5H+B9`NK}wn\G8Z@Kih{+h@@2LN['v?|32cpz9@yQ6V5$[Obi) Zy `LOu5R Mv)YF&]L[B!-f܎ɐ*,{2W)q+IJr]m_sk2|Rjj`0wwȧQQ&h4dFtuRXh}rM̭k֪# aa$AH'1PZ;>#iD dTDp\LEc#c|]f2t /7<=NiQ+"=Y/Wef,]QZ~Y>n*؃ ,n >wArd۠GimvjZnfAL|KV خFHse0H8;8jB{$td5- ߭ĹB@( @&?*r8Hy4"]g E-6Aܥ_];VL8k}xӅ8Q/U+@I jœlUInz'Mm>יk MkB+>@${},Zciu'UiQEp:¹з39`ȴ%.5$? .ӑ>(Hb7 +@U1בDtUԋ{!>Tи9 *^O9Hda0hg!|PA嚍,[hzmMNpb%GAYRQtLD2+zo&lzx&54ḙ98h}lNoIdX:m_e`2eR=[B)oae%GC0p֧Nf65ّji\埖6?d" d#fQH.g^ҠoO&0ȇ+ 5J%&M 129+Y97Lj+[Q.~I4u9)xdq<*۹wFiZL?qgFbN?qò~ aM6",eW< "DTօ:OQ\@N#Ɛ/6)PcߚԄ-=q1`GS,$ѧKN-bE<U0 Ab+ cQqN9[yџ116(nn"%(b4a*@iG<M\A~v[L4m YuKC)'j$wKOj!=b"up]^jBhIa(wc+ ѧzU|eKh;j0e|S|TD0*rs;_XJuNh3$:yR/q7/6]fI2xVI,-\m~-\ȗЕ2 _@"~6şwG촬@su9}O߇]4j7XѭNr⹸[{Otד,.mܗ@ܱdki]pxͱhAwS iDN=ႭSPU oTT٬q3X2`089j+^tM1KƢ'bAG%AJză:}cx)nl{Q\9bd"fVƁ Jϊpo}AFD-;GzRK d\J1NiJWǤa.׀=ϪG{"wi@)5XT+ε7 #_K 1OuLΗ QhyJ6g#dWT#J] INdmeboN[bt 0>JKF[e&Ls#)H E6hNN(zδҊ7L;&Ҋg@R`DR(Tkv(ɻS*iikQRJ5$>ƭHy;8sҧ F&Uv q@hɒ 8u#jR,\܊KyʳAҀ! dA@ / C0`^$bw2ib+d:zR&;72I: BEHg),,s? "&r:<[En5&tS^Id('qdN<9Z52AcQw#fu{-j!l5E &JQm (ӭ*&5n^u:vTXj/$i/מ+ :u߇:ʻwԁaϼax:+Y~t`FW">sLDQyE$~{R^ySEl;WP'VߙͳX?}& `d1y Z]d2X2M)Q( rgIt| PT~dYmy0^W8lbӗZh2zA3t;sT<@dȑ?(S IxãD5I;,skFA.Cw1#~|!F.'MͰym8M:QEǶ$DIpHTDުVN^EvgGIъ fė9m]/:N QV~ͩU @$S8uwҡE-S|bnWad!5?C:C'2`=DVg\XKZR.#2SO':5Ɏ!BK3<>٦G/5 \_΃%W<5aF|\PwSqet+)ʋc.s_TiG~8xG;&)wZ_}&$\9yCϾeSzW]$ejМuߍ w7GmإNHBmns&[=_K6MqڲFQ>|{o¼ I.޹K0=vտsvfCe]N ?/j5A")T[-4`Sh3 ',":@bPKMi*igt֍錼PuL::AU("[‰'&ct;KrwP,C#{>,e#Dc}}8¦ G{mj> {\Mycok_l(bQ5ko SlV z]'{g]U\yv@/kiuԟ?''_C,͈^ qa<1 \QS 4x0BPQy3^MrTp̆Eٍ h $<[Wu@Z+^/<^JDtR3U /a,)+0]xz'0_0Kz~r ugŏysa}p)`,$A̓Q7VD,,a_-2}(0JX䅾0C<2mH_HвAIR70H鯟J٢#qL }<wTG|EO D's83.W=KM.O}"oRAQpf " |24yd&.=?:W k:y)7G]H9{\i.bu8' fCn0J-J+<8tMѦU+Ď8E*nf1nvg[gMKW)M52ʙ 1nCS X|FbB8ٗҙ 2|l/"D "s= Ob t3ˆ:] U˱ܢy׫tJ8 _s6j^Վq RD2`PcԞ~r nFK&{Gm%[ꨁdRَzk%y].}?XfXd(3ׅ ;%'BeZf3ĴvAG,#Pxeb]}+`Fi$frdퟑ[H_S T5 `z[ Ӄ]%ndor,hyPj!\\ZJa*xъb=.ܟC qqV"S#mw{؜9/hFIK-Es cGjZ=LA8 ?Iw#7ML`5a8XS JW~)\RbpZN!&)Ko᳿C hG0l!Eme7pi"[b&[N QiOzEN9Xo"f<+V昩S.]R0NP#$o+5pˇ!t; zu+SUMX(|buB>j+\QO̅D4N@ArrH(~˄?SP_R01Es2\?.nQry_6i(ठZ$b w%PGOÔ=gS K; v)KzZq=QMFq6+' S'ù1k~g>]u5NSgЖ8#h$) l>Baݶn)S$r|M~|* "dQL1r80\4?[4+ GЗKa}Є,~9.KV}h@KF&{ ?p0HʕO|ӂ䍱5H VY3 b[VHY t.-YN_٪,0[F[&N4`Xo[Ml+QڡEJ=9I8W޶dk<tύnP&F r6FN[m# R21˵QÌXUۖ[^& :s<3NJ9Ʈthɠ$:t 9؇E.Aa<ڐC4ꍪ}ޥ+&2~-J~M >\Z U#ᬽvfu\"Ijs ñ& xc},Ob!\%Libkgsk@O4̪%Y8'$JM'}4o4zClmvбUM|},{_Ѳ <ފ7MЬ٦r(1jED/T-JcwbdT^)N{2{Rw@ D\n!mDAɻjpyn~C|MbZ*O| ߔR[< Fy2sc5ζQo:jܓ/X^ٗ'<:O7FEja)cD;pt"ܚ K%6LnЁN5{Hf69Sͬ7&0t-n<="oY^Kx 2ʚIG{{`?HaYT} ,9.#ݡ&u0{: 15WڿM{:C'm?On[6 IB1{}kь ,u@iK;Ò(oE G^࿶vԖh8oBaM<2C=.6WT/!6ֱZxt֙)ÌaLyVT'da`]}Ō7ȧ]bӒsiަ8( t&=.؄1ڋa_dRZL= }8 6VcHɤKFfT8uNҏf3|vWң `$gq |j߆K % r--ir8r<<18r`8~Z{n.|1XT'R-9Qx[=Q8:ӯ#\׹^%P Gu:7oowYB1 YZ