nss-devel-3.28.4-1.0.el7_3$>nLpt~\Y2>8?d   Q CIP4 4 4 4 4 4 4444   (@8HJ9pJ:XJG4H4IԠ4XY\ 4]4^׼bdصeغfؽlؿt4u٨4vxwL4x4yCnss-devel3.28.41.0.el7_3Development libraries for Network Security ServicesHeader and Library files for doing development with Network Security Services.Xrc1bm.rdu2.centos.org CentOSMPLv2.0CentOS BuildSystem Development/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64  YRCyQ@V`VpV'~@U6@U6@UAU@UUUݪ@UUȒ@UU@U'U3@UUx&Ux&Uq@U?v@U8U0U-@U'@U:TTq@TTto@Td@T)IS@S@Sہ@S@SnS@RJ@RRUR۾@R۾@R@R@Rx@RΏ@RkR@R;RiR@Rz/@Rv:Rt@RrF@Ro@Ro@RnQRe@RW@RSR@QQQ@QKQ@QQW@Q'@Qq1QNQ9Q7/Q#@QQ @P!@PՠP @PqP@P@PAPXPd@Pd@PPP@PP5@PPnP;a@P(@P H@O;O;O@OiO@O@O}O~OiOYOX@OOdO&@O!@@OO@O@N>@N>@NNܲ@N`NؽNN@NuN;@Np@Nf @NA!@N*NpM@MWMc@MM@M@MMfH@M^_@MZjMS@MQ0@MQ0@MQ0@MQ0@MK@MGMF@M6@M-MM@Ls@LOLLZ@L6LdL@L*@L@LA@LL@L4Lx@Lx@Li(@Lf@L_L_LT@L0L0L K @KsKsKKCKCKCK]KMKLd@KD{@K<@K5K4@K,@K+nK*@K K@K@K@KJݦ@J - 3.28.4-1.0Daiki Ueno - 3.28.2-1.6Daiki Ueno - 3.28.2-1.5Daiki Ueno - 3.28.2-1.4Daiki Ueno - 3.28.2-1.3Daiki Ueno - 3.28.2-1.2Daiki Ueno - 3.28.2-1.1Daiki Ueno - 3.28.2-1.0Kai Engert - 3.21.3-2Kai Engert - 3.21.3-1.1Daiki Ueno - 3.21.3-1Kai Engert - 3.21.0-17Kai Engert - 3.21.0-16Kai Engert - 3.21.0-15Kai Engert - 3.21.0-14Elio Maldonado - 3.21.0-13Elio Maldonado - 3.21.0-12Elio Maldonado - 3.21.0-11Elio Maldonado - 3.21.0-10Kai Engert - 3.21.0-9Kai Engert - 3.21.0-8Elio Maldonado - 3.21.0-7Kai Engert - 3.21.0-6Kai Engert - 3.21.0-5Elio Maldonado - 3.21.0-2Elio Maldonado - 3.21.0-1Elio Maldonado - 3.19.1-19Kai Engert - 3.19.1-18Elio Maldonado - 3.19.1-17Elio Maldonado - 3.19.1-16Elio Maldonado - 3.19.1-15Elio Maldonado - 3.19.1-14Elio Maldonado - 3.19.1-13Elio Maldonado - 3.19.1-12Elio Maldonado - 3.19.1-11Elio Maldonado - 3.19.1-10Elio Maldonado - 3.19.1-9Elio Maldonado - 3.19.1-8Elio Maldonado - 3.19.1-7Elio Maldonado - 3.19.1-6Kai Engert - 3.19.1-5Elio Maldonado - 3.19.1-4Elio Maldonado - 3.19.1-3Elio Maldonado - 3.19.1-2Elio Maldonado - 3.19.1-1Kai Engert - 3.18.0-6Kai Engert - 3.18.0-5Elio Maldonado - 3.18.0-4Elio Maldonado - 3.18.0-3Elio Maldonado - 3.18.0-2Elio Maldonado - 3.18.0-1Elio Maldonado - 3.16.2.3-5Elio Maldonado - 3.16.2.3-4Elio Maldonado - 3.16.2.3-3Elio Maldonado - 3.16.2.3-2Elio Maldonado - 3.16.2-10Elio Maldonado - 3.16.2-9Elio Maldonado - 3.16.2-4Elio Maldonado 3.16.2-3Elio Maldonado - 3.16.2-2Elio Maldonado - 3.16.2-1Elio Maldonado - 3.15.4-6Elio Maldonado - 3.15.4-5Elio Maldonado - 3.15.4-4Elio Maldonado - 3.15.4-3Daniel Mach - 3.15.4-2Elio Maldonado - 3.15.3-9Elio Maldonado - 3.15.3-8Elio Maldonado - 3.15.3-7Elio Maldonado - 3.15.3-6Elio Maldonado - 3.15.3-5Elio Maldonado - 3.15.3-4Daniel Mach - 3.15.3-3Elio Maldonado - 3.15.3-2Elio Maldonado - 3.15.3-1Elio Maldonado - 3.15.2-10Elio Maldonado - 3.15.2-9Elio Maldonado - 3.15.2-8Elio Maldonado - 3.15.2-7Elio Maldonado - 3.15.2-6Elio Maldonado - 3.15.2-5Elio Maldonado - 3.15.2-4Elio Maldonado - 3.15.2-3Elio Maldonado - 3.15.2-2Elio Maldonado - 3.15.2-1Elio Maldonado - 3.15.1-4Elio Maldonado - 3.15.1-3Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15.1-2Elio Maldonado - 3.15-6Elio Maldonado - 3.15-5emaldona - 3.15-4emaldona - 3.15-3Elio Maldonado - 3.15-2Elio Maldonado - 3.15-1Elio Maldonado - 3.14.3-13.0Kai Engert - 3.14.3-12.0Kai Engert - 3.14.3-11Kai Engert - 3.14.3-10Kai Engert - 3.14.3-9Elio Maldonado - 3.14.3-1Elio Maldonado - 3.14.2-2Elio Maldonado - 3.14.2-1Kai Engert - 3.14.1-3Elio Maldonado - 3.14.1-2Elio Maldonado - 3.14.1-1Elio Maldonado - 3.14-12Elio Maldonado - 3.14-11Elio Maldonado - 3.14-10Elio Maldonado - 3.14-9Elio Maldonado - 3.14-8Elio Maldonado - 3.14-7Elio Maldonado - 3.14-6Elio Maldonado - 3.14-5Elio Maldonado - 3.14-4Elio Maldonado - 3.14-3Elio Maldonado - 3.14-2Elio Maldonado - 3.14-1Elio Maldonado - 3.14-0.1.rc.1Kai Engert - 3.13.6-1Elio Maldonado - 3.13.5-8Elio Maldonado - 3.13.5-7Fedora Release Engineering - 3.13.5-6Elio Maldonado - 3.13.5-5Elio Maldonado - 3.13.5-4Elio Maldonado - 3.13.5-3Elio Maldonado - 3.13.5-2Elio Maldonado - 3.13.5-1Elio Maldonado - 3.13.4-3Elio Maldonado - 3.13.4-2Elio Maldonado - 3.13.4-1Elio Maldonado - 3.13.3-4Elio Maldonado - 3.13.3-3Elio Maldonado - 3.13.3-2Elio Maldonado - 3.13.3-1Tom Callaway - 3.13.1-13Elio Maldonado - 3.13.1-12Fedora Release Engineering - 3.13.1-11Elio Maldonado - 3.13.1-11Elio Maldonado - 3.13.1-10elio maldonado - 3.13.1-9Elio Maldonado - 3.13.1-8Elio Maldonado - 3.13.1-7Elio Maldonado - 3.13.1-6Elio Maldonado - 3.13.1-5Elio Maldonado Batiz - 3.13.1-4Elio Maldonado - 3.13.1-2Elio Maldonado - 3.13.1-1Elio Maldonado - 3.13-1Elio Maldonado - 3.13-0.1.rc0.1Elio Maldonado - 3.12.11-3Kai Engert - 3.12.11-2Elio Maldonado - 3.12.11-1Elio Maldonado - 3.12.10-6Michael Schwendt - 3.12.10-5Elio Maldonado - 3.12.10-4Dennis Gilmore - 3.12.10-3Elio Maldonado - 3.12.10-2Elio Maldonado - 3.12.10-1Elio Maldonado - 3.12.10-0.1.beta1Elio Maldonado - 3.12.9-15Elio Maldonado - 3.12.9-14Elio Maldonado - 3.12.9-13Elio Maldonado - 3.12.9-12Elio Maldonado - 3.12.9-11Elio Maldonado - 3.12.9-10Elio Maldonado - 3.12.9-9Fedora Release Engineering - 3.12.9-8Elio Maldonado - 3.12.9-7Christopher Aillon - 3.12.9-6Elio Maldonado - 3.12.9-5Elio Maldonado - 3.12.9-4Elio Maldonado - 3.12.9-3Elio Maldonado - 3.12.9-2Elio Maldonado - 3.12.9-1Elio Maldonado - 3.12.9-0.1.beta2Elio Maldonado - 3.12.8.99.2-1Elio Maldonado - 3.12.8.99.1-1Elio Maldonado - 3.12.8-9Elio Maldonado - 3.12.8-8Elio Maldonado - 3.12.8-7Elio Maldonado - 3.12.8-6Elio Maldonado - 3.12.8-5Elio Maldonado - 3.12.8-4Elio Maldonado - 3.12.8-3Elio Maldonado - 3.12.8-2Elio Maldonado - 3.12.8-1Elio Maldonado - 3.12.7.99.4-1Elio Maldonado - 3.12.7.99.3-2Elio Maldonado - 3.12.7.99.3-1Elio Maldonado - 3.12.7-3Elio Maldonado - 3.12.7-2Elio Maldonado - 3.12.7-1Elio Maldonado - 3.12.6-12Elio Maldonado - 3.12.6-11Elio Maldonado - 3.12.6-10Elio Maldonado - 3.12.6-9Dennis Gilmore - 3.12.6-8Elio Maldonado - 3.12.6-7Elio Maldonado - 3.12.6-6Elio Maldonado - 3.12.6-5Elio Maldonado - 3.12.6-4Elio Maldonado - 3.12.6-3Elio Maldonado - 3.12.6-2Elio Maldonado - 3.12.6-1.2Elio Maldonado - 3.12.6-1.1Elio Maldonado - 3.12.6-1Elio Maldonado - 3.12.5-8Elio Maldonado - 3.12.5-5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.13.2Elio Maldonado - 3.12.5-1.13.1Elio Maldonado - 3.12.5-1.13Elio Maldonado - 3.12.5-1.11Elio maldonado - 3.12.5-1.9Elio Maldonado - 3.12.5-2.7Elio Maldonado - 3.12.5-1.6Elio Maldonado - 3.12.5-1.5Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1.1Elio Maldonado - 3.12.5-1Elio Maldonado - 3.12.4-14.1Elio Maldonado - 3.12.4-13.1Elio Maldonado - 3.12.4-13Elio Maldonado - 3.12.4-12Elio Maldonado - 3.12.4-11Elio Maldonado - 3.12.4-10Elio Maldonado - 3.12.4-8Elio Maldonado - 3.12.4-6Elio Maldonado - 3.12.4-5Elio Maldonado - 3.12.4-4Elio Maldonado - 3.12.4-3Elio Maldonado - 3.12.4-2Elio Maldonado - 3.12.4-1Elio Maldonado - 3.12.3.99.3-30Elio Maldonado - 3.12.3.99.3-29Elio Maldonado - 3.12.3.99.3-28Elio Maldonado - 3.12.3.99.3-27Elio Maldonado - 3.12.3.99.3-26Elio Maldonado - 3.12.3.99.3-25Warren Togami - 3.12.3.99.3-24Elio Maldonado - 3.12.3.99.3-23Elio Maldonado - 3.12.3.99.3-22Elio Maldonado - 3.12.3.99.3-21Elio Maldonado - 3.12.3.99.3-20Elio Maldonado - 3.12.3.99.3-19Elio Maldonado - 3.12.3.99.3-18Elio Maldonado - 3.12.3.99.3-16Dennis Gilmore - 3.12.3.99.3-15Dennis Gilmore - 3.12.3.99.3-14Dennis Gilmore - 3.12.3.99.3-13Dennis Gilmore - 3.12.3.99.3-12Elio Maldonado+emaldona@redhat.com - 3.12.3.99.3-11Elio Maldonado - 3.12.3.99.3-10Dennis Gilmore - 3.12.3.99.3-9Elio Maldonado - 3.12.3.99.3-7.1Fedora Release Engineering - 3.12.3.99.3-7Elio Maldonado - 3.12.3.99.3-6Elio Maldonado - 3.12.3.99.3-5Elio Maldonado - 3.12.3.99.3-4Kai Engert - 3.12.3.99.3-3Kai Engert - 3.12.3.99.3-2Kai Engert - 3.12.3-7Kai Engert - 3.12.3-4Kai Engert - 3.12.3-3Kai Engert - 3.12.3-2Kai Engert - 3.12.2.99.3-7Kai Engert - 3.12.2.99.3-6Kai Engert - 3.12.2.99.3-5Kai Engert - 3.12.2.99.3-4Kai Engert - 3.12.2.99.3-3Kai Engert - 3.12.2.99.3-2Kai Engert - 3.12.2.99.3-1Fedora Release Engineering - 3.12.2.0-4Kai Engert - 3.12.2.0-3Dennis Gilmore - 3.12.1.1-4Kai Engert - 3.12.1.1-3Kai Engert - 3.12.1.1-2Kai Engert - 3.12.1.0-2Kai Engert - 3.12.0.3-7Kai Engert - 3.12.0.3-6Kai Engert - 3.12.0.3-3Kai Engert - 3.12.0.3-2Kai Engert - 3.12.0.1-1Jesse Keating - 3.11.99.5-2Kai Engert - 3.11.99.5-1Kai Engert - 3.11.99.4-1Kai Engert - 3.11.99.3-6Kai Engert - 3.11.99.3-5Kai Engert - 3.11.99.3-4Kai Engert - 3.11.99.3-3Kai Engert - 3.11.99.3-2Kai Engert - 3.11.99.3-1Kai Engert - 3.11.99.2b-3Kai Engert - 3.11.99.2b-2Kai Engert - 3.11.99.2-2Kai Engert - 3.11.99.2-1Kai Engert - 3.11.7-10Rob Crittenden - 3.11.7-9Kai Engert - 3.11.7-8Bob Relyea - 3.11.7-7Kai Engert - 3.11.7-6Kai Engert - 3.11.7-5Kai Engert - 3.11.7-4Kai Engert - 3.11.7-3Kai Engert - 3.11.7-2Kai Engert - 3.11.5-2Kai Engert - 3.11.5-1Bob Relyea - 3.11.4-4Kai Engert - 3.11.4-1Kai Engert - 3.11.3-2Kai Engert - 3.11.3-1Kai Engert - 3.11.2-2Jesse Keating - 3.11.2-1.1Kai Engert - 3.11.2-1Kai Engert - 3.11.1-2Kai Engert - 3.11.1-1Kai Engert - 3.11-4Jesse Keating - 3.11-3.2Jesse Keating - 3.11-3.1Ray Strode 3.11-3Christopher Aillon 3.11-2Christopher Aillon 3.11-1Christopher Aillon 3.11-0.cvs.2Christopher Aillon 3.11-0.cvsKai Engert Rob Crittenden 3.10-1- Rebase to NSS 3.28.4- Restore ssl-server-min-key-sizes.patch - Disable TLS_ECDHE_{RSA,ECDSA}_WITH_AES_128_CBC_SHA256 by default - Enable 4 AES_256_GCM_SHA384 ciphersuites, enabled by the downstream patch in the previous release - Fix crash with tstclnt -W- Always enable gtests for supported features - Prevent ABI incompatibilty of SECKEYECPublicKey- Add patch to fix bash syntax error in tests/ssl.sh - Build with support for SSLKEYLOGFILE - Disable the use of RSA-PSS with SSL/TLS- Remove %nss_cycles setting, which was also mistakenly added- Reorder cipher suites for compatibility - Re-enable BUILD_OPT, mistakenly disabled in the previous build- Remove mistakenly added R: nss-pem- Rebase to NSS 3.28.2 - Remove NSS_ENABLE_ECC and NSS_ECC_MORE_THAN_SUITE_B setting, which is no-op now - Enable gtests when requested - Remove nss-646045.patch and fix-nss-test-filtering.patch, which are not necessary - Remove sslauth-no-v2.patch and nss-sslstress-txt-ssl3-lower-value-in-range.patch, as SSLv2 is already disabled in upstream - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits - Remove local patches for SHA384 cipher suites (now supported in upstream): dhe-sha384-dss-support.patch, client_auth_for_sha384_prf_support.patch, nss-fix-client-auth-init-hashes.patch, nss-map-oid-to-hashalg.patch, nss-enable-384-cipher-tests.patch, nss-fix-signature-and-hash.patch, fix-allowed-sig-alg.patch, tests-extra.patch - Remove upstreamed patches: rh1238290.patch, fix-reuse-of-session-cache-entry.patch, flexible-certverify.patch, call-restartmodules-in-nssinit.patch- Mozilla #1314604 / Red Hat CVE-2016-8635- rebuild- Rebase to NSS 3.21.3 - Resolves: #1383887- remove additional false duplicates from sha384 downstream patches- enable ssl_gtests (without extended master secret tests), Bug 1298692 - call SECMOD_RestartModules in nss_Init, Bug 1317691- escape all percent characters in all changelog comments- Support TLS 1.2 certificate_verify hashes other than PRF, backported fix from NSS 3.25 (upstream bug 1179338).- Fix reuse of session cache entry - Resolves: Bug 1241172 - Certificate verification fails with multiple https urls- Fix a flaw in %check for nss not building on arm - Resolves: Bug 1200856- Cleanup: Remove unnecessary %posttrans script from nss.spec - Resolves: Bug 1174201- Merge fixes from the rhel-7.2 branch - Fix a bogus %changelog entry - Resolves: Bug 1297941- Rebuild to require the latest nss-util build and nss-softokn build.- Update the minimum nss-softokn build required at runtime.- Delete duplicates from one table- Fix missing support for sha384/dsa in certificate_request- Merge fixes from the rhel-7.2 branch - Fix the SigAlgs sent in certificate_request - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests- Fix sha384 support and testing patches- Rebase to NSS-3.21- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Fix a mockbuild reported bad %if condition when using the __isa_bits macro instead of list of 64-bit architectures - Change the test to %if 0%{__isa_bits} == 64 as required for building the srpm which is noarch - Resolves: Bug 1289884- Rebuild against updated NSPR- Change the required_softokn_build_version back to -13 - Ensure we use nss-softokn-3.16.2.3-13.el7_1- Fix check for public key size of DSA certificates - Use size of prime P not the size of dsa.publicValue- Reorder the cipher suites and enable two more by default- Update the required_softokn_build_version to -14 - Add references to bugs filed upstream for new patches - Merge ocsp stapling and sslauth sni tests patches into one- Reorder the cipher suites and enable two more by default - Fix some of the ssauth sni and ocsp stapling tests- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers - Enable ECDSA cipher suites by default, a subset of the ones requested- Support TLS > 1.0 by support while still allowing to connect to SSL3 only servers- Fix to correctly report integrity mechanism for TLS_RSA_WITH_AES_256_GCM_SHA384- Fix checks to skip ssl2/export cipher suites tests to not skip needed tests - Fix libssl ssl2/export disabling patch to handle NULL cipher cases - Enable additional cipher suites by default- Add links to filed upstream bugs to better track patches in spec file- Package listsuites as part of the unsupported tools- Bump the release tag- Incremental patches to fix SSL/TLS test suite execution, fix the earlier SHA384 patch, and inform clients to use SHA384 with certificate_verify if required by NSS.- Add support for sha384 tls cipher suites - Add support for server-side hde key exchange - Add support for DSS+SHA256 ciphersuites- Reenable a patch that had been mistakenly disabled- Build against nss-softokn-3.16.2.3-9- Rebase to nss-3.19.1 - Resolves: Bug 1228913 - Rebase to nss-3.19.1 for CVE-2015-4000 [RHEL-7.1]- Backport mozbz#1155922 to support SHA512 signatures with TLS 1.2- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)- Update and reeneable nss-646045.patch on account of the rebase - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Resolves: Bug 1200898 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]- Reverse the sense of a test in patch to fix pk12util segfault - Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Fix race condition - Resolves: Bug 1094468 - 389-ds-base server reported crash in stan_GetCERTCertificate - under the replication replay failure condition- Resolves: Bug 1174527 - Segfault in pk12util when using -l option with certain .p12 files- Restore patch for certutil man page - supply missing options descriptions - Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3- Resolves: Bug 1158161 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap- Resolves: Bug 1145434 - CVE-2014-1568 - Using a release number higher than on rhel-7.0 branch- Fix crash in stan_GetCERTCertificate - Resolves: Bug 1094468- Generic 32/64 bit platform detection (fix ppc64le build) - Resolves: Bug 1125619 - nss fails to build on arch: ppc64le (missing dependencies) - Fix contributed by Peter Robinson - Fix libssl and test patches that disable ssl2 support - Resolves: Bug 1123435 - Replace expired PayPal test certificate with current one- Rebase to nss-3.16.2 - Resolves: Bug 1103252 - Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31) - Fix test failure detection in the %check section - Move removal of unwanted source directories to the end of the %prep section - Update various patches on account of the rebase - Remove unused patches rendered obsolete by the rebase- Disallow disabling the internal module - Resolves: Bug 1056036 - nss segfaults with opencryptoki module- Pick up a fix from rhel-6 and fix an rpm conflict - Don't hold issuer cert handles in crl cache - Resolves: Bug 1034409 - deadlock in trust domain and object lock - Move nss shared db files to the main package - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Update pem sources to latest from nss-pem upstream - Pick up pem module fixes verified on RHEL and applied upstream - Remove no loger needed pem patches on acccount on this update - Add comments documenting the iquote.patch - Resolves: Bug 1054457 - CVE-2013-1740- Remove spurious man5 wildcard entry as all manpages are listed by name - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Mass rebuild 2014-01-24- Rebase to nss-3.15.4 - Resolves: Bug 1054457 - CVE-2013-1740 nss: false start PR_Recv information disclosure security issue - Remove no longer needed patches for manpages that were applied upstream - Remove no longer needed patch to disable ocsp stapling tests - Update iquote.patch on account of upstream changes - Update and rename patch to pem/rsawrapr.c on account of upstream changes - Use the pristine upstream sources for nss without repackaging - Avoid unneeded manual step which may introduce errors- Fix the spec file to apply the nss ecc list patch for bug 752980 - Resolves: Bug 752980 - Support ECDSA algorithm in the nss package via puggable ecc- Move several nss-sysinit manpages tar archives to the %files - Resolves: Bug 1050163 - Same files in two packages create rpm conflict- Fix a coverity scan compile time warning for the pem module - Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Resolves: Bug 1002271 - NSS pem module should not require unique base file names- Improve pluggable ECC support for ECDSA - Resolves: Bug 752980 - [7.0 FEAT] Support ECDSA algorithm in the nss package- Mass rebuild 2013-12-27- Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1040284 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-7.0]- Update to NSS_3_15_3_RTM - Resolves: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741- Fix path to script and remove -- from some options in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit worong path and other flaws- Fix certutil man page options names to be consistent with help - Resolves: rhbz#948495 - man page scan results for nss - Remove incorrect count argument in status description in nss-sysinit man page - Resolves: rhbz#982723 - man page of nss-sysinit incorrect option descriptions- Fix patch for disabling ssl2 in ssl to correctly set error code - Fix syntax error reported in the build.log even tough it succeeds - Add patch top ignore setpolicy result - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites - Resolves: rhbz#1026677 - Attempt to run ipa-client-install fails- Fix bash syntax error in patch for disabling ssl2 tests - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in ssl disabling patches for both library and tests - Add s390x to the multilib_arches definition used for alt_ckbi - Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Fix errors in nss-sysinit manpage options descriptions - Resolves: rhbz#982723- Enable fips when system is in fips mode - Resolves: rhbz#852023 - FIPS mode detection does not work- Remove unused and obsoleted patches - Related: rhbz#1012656- Add description of the certutil's --email option to it's manpage - Resolves: rhbz#Bug 948495 - Man page scan results for nss- Rebase to nss-3.15.2 - Resolves: rhbz#1012656 - pick up NSS 3.15.2 to fix CVE-2013-1739 and disable MD5 in OCSP/CRL- Install symlink to nss-sysinit.sh without the .sh suffix - Resolves: rhbz#982723 - nss-sysinit man page has wrong path for the script- Resolves: rhbz#1001841 - Disable SSL2 and the export cipher suites- Add upstream bug URL for a patch subitted upstream and remove obsolete script- Update to NSS_3_15_1_RTM - Apply various fixes to the man pages and add new ones - Enable the iquote.patch to access newly introduced types - Add man page for pkcs11.txt configuration file and cert and key databases - Add missing option descriptions for {cert|cms|crl}util - Resolves: rhbz#948495 - Man page scan results for nss - Resolves: rhbz#982723 - Fix path to script in man page for nss-sysinit- Use the unstripped source tar ball- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts - Resolves: rhbz#606020 - nss security tools lack man pages- Build nss without softoken or util sources in the tree - Resolves: rhbz#689918- Update ssl-cbc-random-iv-by-default.patch- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config- Update to NSS_3_15_RTM- Reactivate nss-ssl-cbc-random-iv-off-by-default.patch- Add upstream patch to fix rhbz#872761- Update expired test certificates (fixed in upstream bug 852781)- Fix incorrect post/postun scripts. Fix broken links in posttrans.- Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement.- Update to NSS_3_14_3_RTM - sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3 - Resolves: rhbz#908257 - CVE-2013-1620 nss: TLS CBC padding timing attack - Resolves: rhbz#896651 - PEM module trashes private keys if login fails - Resolves: rhbz#909775 - specfile support for AArch64 - Resolves: rhbz#910584 - certutil -a does not produce ASCII output- Allow building nss against older system sqlite- Update to NSS_3_14_2_RTM- Update to NSS_3_14_1_WITH_CKBI_1_93_RTM- Require nspr >= 4.9.4 - Fix changelog invalid dates- Update to NSS_3_14_1_RTM- Bug 879978 - Install the nssck.api header template where mod_revocator can access it - Install nssck.api in /usr/includes/nss3/templates- Bug 879978 - Install the nssck.api header template in a place where mod_revocator can access it - Install nssck.api in /usr/includes/nss3- Bug 870864 - Add support in NSS for Secure Boot- Disable bypass code at build time and return failure on attempts to enable at runtime - Bug 806588 - Disable SSL PKCS #11 bypass at build time- Fix pk11wrap locking which fixes 'fedpkg new-sources' and 'fedpkg update' hangs - Bug 872124 - nss-3.14 breaks fedpkg new-sources - Fix should be considered preliminary since the patch may change upon upstream approval- Add a dummy source file for testing /preventing fedpkg breakage - Helps test the fedpkg new-sources and upload commands for breakage by nss updates - Related to Bug 872124 - nss 3.14 breaks fedpkg new-sources- Fix a previous unwanted merge from f18 - Update the SS_SSL_CBC_RANDOM_IV patch to match new sources while - Keeping the patch disabled while we are still in rawhide and - State in comment that patch is needed for both stable and beta branches - Update .gitignore to download only the new sources- Fix the spec file so sechash.h gets installed - Resolves: rhbz#871882 - missing header: sechash.h in nss 3.14- Update the license to MPLv2.0- Use only -f when removing unwanted headers- Add secmodt.h to the headers installed by nss-devel - nss-devel must install secmodt.h which moved from softoken to pk11wrap with nss-3.14- Update to NSS_3_14_RTM- Update to NSS_3_14_RC1 - update nss-589636.patch to apply to httpdserv - turn off ocsp tests for now - remove no longer needed patches - remove headers shipped by nss-util- Update to NSS_3_13_6_RTM- Rebase pem sources to fedora-hosted upstream to pick up two fixes from rhel-6.3 - Resolves: rhbz#847460 - Fix invalid read and free on invalid cert load - Resolves: rhbz#847462 - PEM module may attempt to free uninitialized pointer - Remove unneeded fix gcc 4.7 c++ issue in secmodt.h that actually undoes the upstream fix- Fix pluggable ecc support- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Fix checkin comment to prevent unwanted expansions of percents- Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1- Resolves: rhbz#833529 - revert unwanted change to nss.pc.in- Resolves: rhbz#833529 - Remove unwanted space from the Libs: line on nss.pc.in- Update to NSS_3_13_5_RTM- Resolves: Bug 812423 - nss_Init leaks memory, fix from RHEL 6.3- Resolves: Bug 805723 - Library needs partial RELRO support added - Patch coreconf/Linux.mk as done on RHEL 6.2- Update to NSS_3_13_4_RTM - Update the nss-pem source archive to the latest version - Remove no longer needed patches - Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name- Resolves: Bug 805723 - Library needs partial RELRO support added- Cleanup of the spec file - Add references to the upstream bugs - Fix typo in Summary for sysinit- Pick up fixes from RHEL - Resolves: rhbz#800674 - Unable to contact LDAP Server during winsync - Resolves: rhbz#800682 - Qpid AMQP daemon fails to load after nss update - Resolves: rhbz#800676 - NSS workaround for freebl bug that causes openswan to drop connections- Update to NSS_3_13_3_RTM- fix issue with gcc 4.7 in secmodt.h and C++11 user-defined literals- Resolves: Bug 784672 - nss should protect against being called before nss_Init- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Deactivate a patch currently meant for stable branches only- Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request- Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed- Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV- Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl- Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible- Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support- Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi- Fix broken dependencies by updating the nss-util and nss-softokn versions- Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM- Update to NSS_3_13_RTM- Update to NSS_3_13_RC0- Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)- Update builtins certs to those from NSSCKBI_1_87_RTM- Update to NSS_3_12_11_RTM- Indicate the provenance of stripped source tarball (#688015)- Provide virtual -static package to meet guidelines (#609612).- Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)- make the testsuite non fatal on arm arches- Fix crmf hard-coded maximum size for wrapped private keys (#703656)- Update to NSS_3_12_10_RTM- Update to NSS_3_12_10_BETA1- Implement PEM logging using NSPR's own (#695011)- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)- Add a missing requires for pkcs11-devel (#675196)- Run the test suites in the check section (#677809)- Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches - Fix to swap internal key slot on fips mode switches- Revert patches for 499444 until all c++ reserved words are found and extirpated- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix cms header to not use c++ reserved word (#676036) - Reenable patches for bug 499444- Revert patches for 499444 as they use a C++ reserved word and cause compilation of Firefox to fail- Fix the earlier infinite recursion patch (#499444) - Remove a header that now nss-softokn-freebl-devel ships- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)- Update the cacert trust patch per upstream review requests (#633043)- Fix to honor the user's cert trust preferences (#633043) - Remove obsoleted patch- Update to 3.12.9- Rebuilt according to fedora pre-release package naming guidelines- Update to NSS_3_12_9_BETA2 - Fix libpnsspem crash when cacert dir contains other directories (#642433)- Update to NSS_3_12_9_BETA1- Update pem source tar with fixes for 614532 and 596674 - Remove no longer needed patches- Update PayPalEE.cert test certificate which had expired- Tell rpm not to verify md5, size, and modtime of configurations file- Fix certificates trust order (#643134) - Apply nss-sysinit-userdb-first.patch last- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)- Fix invalid %postun scriptlet (#639248)- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787) - Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)- Add posttrans scriptlet (#636787)- Update to 3.12.8 - Prevent disabling of nss-sysinit on package upgrade (#636787) - Create pkcs11.txt with correct permissions regardless of umask (#636792) - Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801) - Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)- NSS 3.12.8 RC0- Fix nss-util_version and nss_softokn_version required to be 3.12.7.99.3- NSS 3.12.8 Beta3 - Fix unclosed comment in renegotiate-transitional.patch- Change BuildRequries to available version of nss-util-devel- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch - Add comments regarding an unversioned provides which triggers rpmlint warning - Build requires nss-softokn-devel >= 3.12.7- Update to 3.12.7- Apply the patches to fix rhbz#614532- Removed pem sourecs as they are in the cache- Add support for PKCS#8 encoded PEM RSA private key files (#614532)- Fix nsssysinit to return userdb ahead of systemdb (#603313)- Require and BuildRequire >= the listed version not =- Require nss-softoken 3.12.6- Fix SIGSEGV within CreateObject (#596674)- Update pem source tar to pick up the following bug fixes: - PEM - Allow collect objects to search through all objects - PEM - Make CopyObject return a new shallow copy - PEM - Fix memory leak in pem_mdCryptoOperationRSAPriv- Update the test cert in the setup phase- Add sed to sysinit requires as setup-nsssysinit.sh requires it (#576071) - Update PayPalEE test cert with unexpired one (#580207)- Fix ns.spec to not require nss-softokn (#575001)- rebuilt with all tests enabled- Using SSL_RENEGOTIATE_TRANSITIONAL as default while on transition period - Disabling ssl tests suites until bug 539183 is resolved- Update to 3.12.6 - Reactivate all tests - Patch tools to validate command line options arguments- Fix curl related regression and general patch code clean up- retagging- Fix SIGSEGV on call of NSS_Initialize (#553638)- New version of patch to allow root to modify ystem database (#547860)- Temporarily disabling the ssl tests- Fix nsssysinit to allow root to modify the nss system database (#547860)- Fix an error introduced when adapting the patch for rhbz #546211- Remove left over trace statements from nsssysinit patching- Fix a misconstructed patch- Fix nsssysinit to enable apps to use system cert store, patch contributed by David Woodhouse (#546221) - Fix spec so sysinit requires coreutils for post install scriplet (#547067) - Fix segmentation fault when listing keys or certs in the database, patch contributed by Kamil Dudka (#540387)- Fix nsssysinit to set the default flags on the crypto module (#545779) - Remove redundant header from the pem module- Remove unneeded patch- Retagging to include missing patch- Update to 3.12.5 - Patch to allow ssl/tls clients to interoperate with servers that require renogiation- Retagging- Require nss-softoken of same architecture as nss (#527867) - Merge setup-nsssysinit.sh improvements from F-12 (#527051)- User no longer prompted for a password when listing keys an empty system db (#527048) - Fix setup-nsssysinit to handle more general formats (#527051)- Fix syntax error in setup-nsssysinit.sh- Fix sysinit to be under mozilla/security/nss/lib- Add nss-sysinit activation/deactivation script- Install blank databases and configuration file for system shared database - nsssysinit queries system for fips mode before relying on environment variable- Restoring nssutil and -rpath-link to nss-config for now - 522477- Add the nss-sysinit subpackage- Installing shared libraries to %{_libdir}- Retagging to pick up new sources- Update pem enabling source tar with latest fixes (509705, 51209)- PEM module implements memory management for internal objects - 509705 - PEM module doesn't crash when processing malformed key files - 512019- Remove symbolic links to shared libraries from devel - 521155 - No rpath-link in nss-softokn-config- Update to 3.12.4- Fix FORTIFY_SOURCE buffer overflows in test suite on ppc and ppc64 - bug 519766 - Fixed requires and buildrequires as per recommendations in spec file review- Restoring patches 2 and 7 as we still compile all sources - Applying the nss-nolocalsql.patch solves nss-tools sqlite dependency problems- restore require sqlite- Don't require sqlite for nss- Ensure versions in the requires match those used when creating nss.pc- Remove nss-prelink.conf as signed all shared libraries moved to nss-softokn - Add a temprary hack to nss.pc.in to unblock builds- caolan's nss.pc patch- Bump the release number for a chained build of nss-util, nss-softokn and nss- Fix nss-config not to include nssutil - Add BuildRequires on nss-softokn and nss-util since build also runs the test suite- disabling all tests while we investigate a buffer overflow bug- disabling some tests while we investigate a buffer overflow bug - 519766- remove patches that are now in nss-softokn and - remove spurious exec-permissions for nss.pc per rpmlint - single requires line in nss.pc.in- Fix BuildRequires: nss-softokn-devel release number- fix nss.pc.in to have one single requires line- cleanups for softokn- remove the softokn subpackages- don install the nss-util pkgconfig bits- remove from -devel the 3 headers that ship in nss-util-devel- kill off the nss-util nss-util-devel subpackages- split off nss-softokn and nss-util as subpackages with their own rpms - first phase of splitting nss-softokn and nss-util as their own packages- must install libnssutil3.since nss-util is untagged at the moment - preserve time stamps when installing various files- dont install libnssutil3.so since its now in nss-util- Fix spec file problems uncovered by Fedora_12_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- removed two patch files which are no longer needed and fixed previous change log number- updated pem module incorporates various patches - fix off-by-one error when computing size to reduce memory leak. (483855) - fix data type to work on x86_64 systems. (429175) - fix various memory leaks and free internal objects on module unload. (501080) - fix to not clone internal objects in collect_objects(). (501118) - fix to not bypass initialization if module arguments are omitted. (501058) - fix numerous gcc warnings. (500815) - fix to support arbitrarily long password while loading a private key. (500180) - fix memory leak in make_key and memory leaks and return values in pem_mdSession_Login (501191)- add patch for bug 502133 upstream bug 496997- rebuild with higher release number for upgrade sanity- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75- re-enable test suite - add patch for upstream bug 488646 and add newer paypal certs in order to make the test suite pass- add conflicts info in order to fix bug 499436- ship .chk files instead of running shlibsign at install time - include .chk file in softokn-freebl subpackage - add patch for upstream nss bug 488350- Update to NSS 3.12.3- temporarily disable the test suite because of bug 494266- fix softokn-freebl dependency for multilib (bug 494122)- introduce separate nss-softokn-freebl package- disable execstack when building freebl- add upstream patch to fix bug 483855- build nspr-less freebl library- Update to NSS_3_12_3_BETA4- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- update to NSS_3_12_2_RC1 - use system zlib- add sparc64 to the list of 64 bit arches- bug 456847, move pkgconfig requirement to devel package- Update to NSS_3_12_1_RC2- NSS 3.12.1 RC1- fix bug bug 429175 in libpem module- bug 456847, add Requires: pkgconfig- nss package should own /etc/prelink.conf.d folder, rhbz#452062 - use upstream patch to fix test suite abort- Update to NSS_3_12_RC4- Update to NSS_3_12_RC2- Zapping old Obsoletes/Provides. No longer needed, causes multilib headache.- Update to NSS_3_12_BETA3- NSS 3.12 Beta 2 - Use /usr/lib{64} as devel libdir, create symbolic links.- Apply upstream patch for bug 417664, enable test suite on pcc.- Support concurrent runs of the test suite on a single build host.- disable test suite on ppc- disable test suite on ppc64- Build against gcc 4.3.0, use workaround for bug 432146 - Run the test suite after the build and abort on failures.* NSS 3.12 Beta 1- move .so files to /lib- NSS 3.12 alpha 2b- upstream patches to avoid calling netstat for random data- NSS 3.12 alpha 2- Add /etc/prelink.conf.d/nss-prelink.conf in order to blacklist our signed libraries and protect them from modification.- Fix off-by-one error in the PEM module- fix a C++ mode compilation error- Add 3.12 ckfw and libnsspem- Updated license tag- Ensure the workaround for mozilla bug 51429 really get's built.- Better approach to ship freebl/softokn based on 3.11.5 - Remove link time dependency on softokn- Fix unowned directories, rhbz#233890- Update to 3.11.7, but freebl/softokn remain at 3.11.5. - Use a workaround to avoid mozilla bug 51429.- Fix rhbz#230545, failure to enable FIPS mode - Fix rhbz#220542, make NSS more tolerant of resets when in the middle of prompting for a user password.- Update to 3.11.5 - This update fixes two security vulnerabilities with SSL 2 - Do not use -rpath link option - Added several unsupported tools to tools package- disable ECC, cleanout dead code- Update to 3.11.4- Revert the attempt to require latest NSPR, as it is not yet available in the build infrastructure.- Update to 3.11.3- Add /etc/pki/nssdb- rebuild- Update to 3.11.2 - Enable executable bit on shared libs, also fixes debug info.- Enable Elliptic Curve Cryptography (ECC)- Update to 3.11.1 - Include upstream patch to limit curves- add --noexecstack when compiling assembler on x86_64- bump again for double-long bug on ppc(64)- rebuilt for new gcc4.1 snapshot and glibc changes- rebuild- Update file list for the devel packages- Update to 3.11- Add patch to allow building on ppc* - Update the pkgconfig file to Require nspr- Initial import into Fedora Core, based on a CVS snapshot of the NSS_3_11_RTM tag - Fix up the pkcs11-devel subpackage to contain the proper headers - Build with RPM_OPT_FLAGS - No need to have rpath of /usr/lib in the pc file- Adressed review comments by Wan-Teh Chang, Bob Relyea, Christopher Aillon.- Initial build  !"#$%&'()*+,-./012343.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4-1.0.el7_33.28.4nss-confignss3cert.hcertdb.hcertt.hcmmf.hcmmft.hcms.hcmsreclist.hcmst.hcrmf.hcrmft.hcryptohi.hcryptoht.hjar-ds.hjar.hjarfile.hkey.hkeyhi.hkeyt.hkeythi.hnss.hnssckbi.hnsspem.hocsp.hocspt.hp12.hp12plcy.hp12t.hpk11func.hpk11pqg.hpk11priv.hpk11pub.hpk11sdr.hpkcs12.hpkcs12t.hpkcs7t.hpreenc.hsechash.hsecmime.hsecmod.hsecmodt.hsecpkcs5.hsecpkcs7.hsmime.hssl.hsslerr.hsslproto.hsslt.hlibcrmf.anss.pcnss-config.1.gz/usr/bin//usr/include//usr/include/nss3//usr/lib64//usr/lib64/pkgconfig//usr/share/man/man1/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuPOSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textcurrent ar archivepkgconfig filetroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)RPRRR?7zXZ !PH6ᱹN]"k%nÍdڴ4Yk(`4TEB9J&@Xylzm^y" œp$Xv} ,M*y~uo灤N3s_<*GOjXqS5@//;kh2/}[/ e =~i+.Jj94-j:|O~mR~m1:CS/@p6齉&Y%\k6C9K-LoSrz)/&h8\c"DMD@CZIZL JVe0هHD9X%T/74w3We^n9tϩ.IEf, wxj|VԌw!h++oib0(<]#m@)JE ] XqfuMRؾ Q.5Z#Qx'j׳w59&bj#N$Ŝba?Qf76t O5s$RF^ëpK$Y>](QP.lh- oQr+ v^jnZ`8b*̛džASz8zQA6zXS`7s+ EKmM:WM ~v?.7tǁ5@RZCLAlO?N0)U KSSymx+XE!_h@rJΝ<(zN!!#PIh 9` l!lc4Ba5vpcNH{Hn #sƹ q bpXd90QV)%ME+9J#:+l;Ro b쟶Ɋ a'y]ʳz"jkZ潿X/2c~e*܉)/$ 3F;zUgRA'(LāO ,. o;*jCd*[I 6NUI`֮c݋Q? 9 AK#2mjؾs1f 3jP!lQQoIҥ.'O 湩?k=*4QmSwz՘ vr!n8#>hMTӢE3,|ٴfGk }'Ȓ`c?nL|U:)M^ǕD! oNķr<@c ^NtݠKU*PBm/:$TIFÙe2UN.p: :Q< ߤIKN󮋲oGڢ2_@T笖9]0~CO KS/'6ס1aWWR` &#ZɃ9Ch©Ŵ`f&1nM)Zf)ì*_IA4΄# v(sĭePKPhx<74jnE+ ֟n [Rm@kzp.QGܧ#ZFvYS^4 Nm<3ϫ~m'n𥘶BĄU!,irk7œY蘙#@%% icFEå?u/4m~kC^g_T7{-[M^7;G#AEMdY)o!"PqljOKyg%C(=!? bi]ÙӘ䞽ؖCu!;G*YCl{(>Y#0W&+E% 1f`KSK7yq%]1%VZm{w"6,@9::lI͚`Ko$A7F.iFu n5E̛=-& USNFE!sLP,Nv ՞Q, 3aB%`:J z. mҊ U`:/294h[;}ggu5h:Ğ+=Ƶj6~~a5.ߦhkOֆL1'.,\(A`Z{ri_Fdv&HEjyTiYYЉc[OXm }_a:<$H-g]#G`Ez<xyrbBHV knO#DW zQ73gY&8iS`/Onԫ|t6|T>bFħFO>Sg; ٩mYID*],ռPŷ5gn` fUfuƠ!1̷lHȲTf +ͲIP` K^,|7_^am <; ֐@Tx`*t( `kxŖU[@i KEȉ>@TMZ8rOIt9 ͅL2H 5vX pL}=SޣxљjNpSn>N̵>,،%"{fyB@ϤAC /^;8=C(^m*4/WR=M#,rB@4+HeULO]zޏqNx i9Q#>`OFjpawFS)4_7|acU,Hɒghi@ӜHk\}(.6o m $(<:gp YƴB f1a)&:[ =z:5 Y!\7QxD'=Vf@R;a"n{@5dm { WŅ<6l(O`xbo*"7BHhӮ9;4Tѷ+(gY`Ғ;Ahz3?<-Q6Hv q 74)R:\&j^IZ3 `VY0ݔһĠ{,7KCقH6#cp2-YL<Ps1?ME]e-j\\d;͔'7"ژ0|KM bϧ]Zp"_@#J/8ʾ1[~b]:[/eJ &7/"H&t3*'!Oznalf7T+[y1_{ɮZ.؁gO=q^Ku] |AJ!7"MBu>>5VO_&[8̛\<'.Rl"k\"6~2p!&"r4-OGfx"2~Jt<u0w]lp^B3'*UU;YHE-*#u Q疡1ia OzFGٙ|Ґ[3 fԠ$8ȷa45^*ϟU籋:ЭQ=d>5^G?UO5ƲtqH9hSPQL>Z{]kE+fģ2[s9q:ڿ4{cTȍwdr,ht׻Pc۸Q{e #И婴&uo;f ~Y9'!wL 76 M4vk m;w=zQR z?[BO<04A5U>Q|Jwl1v_Z3 = s5 YJ;sMC09qu qgRVL,+]rmSp_;<hMeM>;K6F1~3%mo:җ!*RO=/2 }>rGݺV,}VPIH1mp.&7HnP] ;ȤMhE2hQ+ 7CNL{;ٻ)O6( mĬi]lx3ZШ.|*5Bx-UqM6]Wjs,)xxfAor>?!. Brs%~oBiaoe;wZz:.RE Y1'')1RG[!]~R18dZ\[/=7޸u٣Q,sf!{cl'L>s…Xqfݒ#6 m޼{Hѻ<@/!+/[M@}%Bw_*(׹/R[+ YW(DH$C EPrFMl˫،Pi_ 3rt$8uҸCsәZǮrj̖v$Sj(o27+C"M7wc AJ4d<Z=ZB2 &|lţx E:5CG} »gr@/{Uǜiԅ|߇/{1L]݌r QW*CG¥Fpbgxg 7 U&y-)A>APIhwi4D$Q s"7;Ɖ0~}~G}bBJ*'qMV_' m%kE|693Ôdm5yem+]skRl|lxqبcn_1>QgÅ%Ğ s.͝ܐz]hLf]x[n^p/ t˛8^3Z^ZtnTaoxԧx*mcvc1;L@,`43<4S? W0bw¹NA(kd fβ(cf)6{@$G;P;tNU%x b+l|s!g/nHEKXbeܡ~uH2_SBkKv>lI)WBi8m3^c4+ #jJM"Gbn8H+`Z=wHPk'f)& cQAָ`'vzjcGMk5x՛Nbr- %Zi.IKk Ύ-zOg5S7ct*_ M{,Z") u؊%0T3h0Ѧd,FFҵnHJ;UcMD7yJ 1,^^)bZ1!P6@Щƒ&zS0RƋ{!M } jh,DHS LIOc~۱xETf9HPN${F(f@1Vp wNG7`G;lPl9@P^NQ #;YȨlˌP6=IIqH P柼7hӸ4':Á! 1D|r@%q#ZNl,\DfV3_L){[ nw@ZDԲ@Io*TML'-VE!/P.]FS=4ε1͖ 5X7͠43 20vm%hxlLwXvF^ ̫wxCM Ԧg hs2(eҧ~YjB|v{T8hS> = _-`C~Fpn#7&~yv  8Mb#8vA£MGeqGpkwĐDd#V/c:kD[n[c1W̰+z0Fs]-IyPPt99lh!]@UK9MWav70h9.*f\NaCN#_R3ޝ%=>I`\>k%0u30'_,S&N7?%LMU8vh͓YI7ȸTʪp z rߩ[*[1zaZ7?Ky##Bjt)'y14P2Ŝ-]9"97yٯ"mJ mw@Q`;F.*amla8!?5DPs{کUMx=5m$RyQy/]#:Ӌːvd62#ϠFƝBA-DwѠ`b\4{_WEٿ7QlCC9TDz}=ג"$MmoNSF [Qr&CAxmqMΣ#4![4.[w-@>mI:ET8*ё OٌZ&:n+[ fOΊkNq+:șdpU'l?2$Ybxy$LF-| R'|OqIx?ޥ3=Of3KLJZcN>5vl Y$ dpňLF)N%Zb aXW)SgtZ<+EQutya)cO9ʷ4h \g*pL~N:ˆ]JRƾ:wdXn#[3?0S'ȡf \lSgzR  g'@^!55Vcoki&蒙ވT4&frI%iϞH57^ЙRnMC8i<1&[pl_jK Kz\} AK$*f^\cEEan'ƢR!V \cOA$Lifj+wa{ھ'}&ӹaC_QLWcdob02u{RGLg<̐jQj4 + D/o\LӫQh_IC [` zT0,=d04HЏV>SbONM&w_P~ .9 s U3+* Tlܚ!cf ozgpF4^ּ<˚a O*puOA}lĽsRå;£0IU>WJėFyJ:~~ ƛ,Ф[?B'vVͲJk#qX|-bf$LgS<*aޣl, P21t31XkQna8 0 2OW[DY~NCI :2)slJ,Z},~, K.IMZRq*- 9ȒMx.8UK/o+tTF0ʊϓ>w9һtd@%'E._<{dTǻ6W&Ɔ*<g0b`+)ȍ&!5ngnGu&&[>SW7ĠBZ!c91"1/dmxAp TмfA N{LAUK wm ؼ\6'-0U̜. ~u5]jSp#]8e?c%Tlxsy0/(4$V|',E&!8=[,_ %~ _&< `'1Y~VS> u:'RqA4Y3T9\ћَED! ^]MۅM'͆LO,(rw:% uMjc]{áJ ^|bYXgAx՞Oǖ{Jrd`ׯBm4▫5gr*o(C8M0t{V .EWmuM=1\VH-P?#eþĴUX<_:16~#F e,QHZu4¯roU,q ;!l@,}e2 f2ۓG-?}8}̪b 'vq|`}12{od5ygW6s/سu-=lz+}gF>p~ZR7J&y}$&^fwIDUP$X'cF7 EќHJ$%\ k("+UGrdYE 2 f0 Ur_GrC6 }ԳRG>iڷlY"$D$v$xoK^k6nߠ!C6)||S}_GuJ@`۪+=(x.6Nrڟ-6]Xm17ۻ!:{笡PTVq`Zl@`*=$=tvO+aPKG-.v|> 6 ei)9UoZnΠ=~s QYtk01;̙U974h;QeĆjl,gcsOQzKW  jSsHxE. 0]ڎofӉjS^B,[1(* սy#ZE=Ӽ.J6n0ۚ$D QWEgsX{~i\ :}܌M.:3XB=T멥 *Z6 7n]zplNÕL3E{pّ)UyGz>!p&A]@m.0O\k\WOes&p9Flw ҵq2p>'„߰IuMR{M~9Fx\{lqFN_wr::6Q<<̈"v,zA@ac Sc$[QoF o)@`B|bk|9oT@|||tkqvË kxN=҅mrJ^T0Ƽi?"p>T4MkK'7#xMsF~ zpSKRݎ0[%7)[{A\SУt rB}JiȊNFg잧 S h P +Z]d,_ b!D@j..nYTJ:y[W$#F5 |Y #AF94Ix6/}wvI΢FV;s8j6"D&NI{7\WᎦ}K;Fn&:QVF!E%LUX \借T)=ރ']uAR Zr<ζ ܍\»>4͇SL돻qAԒ[ƍ+Er1#R9PZn~'&Z8v'%甤r z~(-<ՙ9Ͻ< ,cU#!ȉAp\YI*˛73bj^!fIp@_1RS$y:<1֌тioav嘛5FK c N$l4S<[J0:1̽3}Ԫ8fh1Gy).{r I.͘]IOo I)T1iB~bP5!%vaݺ]6! %WׯwsfQoYWzۮ ᑞ׭AMsoǗ1}<ƇOS L!`+]~g #{3؎.ԃٶfW1 J:[](xVv -xobT ܲyL[!s᧭ Ve-(ֶmbJM-ܐ<~Tg/:^i{^0j3a7eĩUz>N"}%A"%|)MX!@gFݓNc?zѐ8}j:cFwa= *0ėdZQaJiPɧ",(7óN)Pb>eRl;J6;{)ayyy[wrb}_L:w^|<$؃}9Z Z4/&Mqܥs!&])>~AV#C@ I>CeMZ/wzRdTf h?(yww ħqZ)i 꽉a&BWyͧ~6Ҫo5'L!{9~ 2 מnp.!f5+ٸܛ2-օ`L[9`T4RMnZDUE^8,_@:BNk5&\Q*&tp[& !2z,G7͚]Jlx!ZT0YW*nxh݇x l)멓1 4zqUvD@tHr 7a[ ZX4 ZL6ZTknsVwϯԐcXC|ux?e/%ڧ7Kl)x29orpA&TDj76"ڝ'>JE렎9%YMюF0.z0 g'kzX#nD/%{Y!?A\( <ĥ9 SEE'v>g.j9"l%ŵΣΐm2Ď=3!eeqh4n'49&VȬ _jŘa > WoL53G7>P FZ\]Zj#rU˜30IejFj6>W6*C62 v hl$GA c37gR}rAA\?vuspqHyxvLjU+_"\ndf(g#꼔' W =PKuåh*a͸8An /"KwM-I&voݲ;݊kDW>0h® rǗ_%YԼc̖:)qnxH} %Nv}DA58בHYHHw1~H]ȍvuIHydzeTkU sBM IH}"Lz) )Bj8$ڹz;]ܴX3Lj y4ˍoa7l.,+]DԚm [nVϼ+hj)gl ZY~xީVh~PTɽ}&p.@ݛ͗cfki/!~Q]P^40> @w0BZbwKx:%~SsNxւIS <դ˦CL Z!;=2] '{>ԉykiXK3sHd@ѢNR6rmm:,6ky^[K?$*3 | tɶ}_V{X;xȤ99MvF6q뤲5ҰRϒIq/V\SR>C^C~q;j31eT]C[`9ib]~ϼǼ 9~CˊҶ"Yz2Ae*O|zwE ϽL.)wv\2n#_#Zږ/G n0Qvز=삏o+Z^ohEN:0Ecy}۽s) u] 3ywXF֏0L>58$ \d-B$J1J2HOQS*>+,5wvUH״c{j%6єKI f3(D㡁=;HIH!EձHW#֏-?`~: { _+8?.sↅ3e 8ĎuPt JD*ף}Z %,r~2tJ?T ^׍7yJ]8/϶-%Ssծ7:Rr\^aGStp2IkBJ{t$OS>t542Edh0kMYDk恡G7LU8Tفd"ݺ.7;㩨_t n# CmѸ-p@~^sv`AYn=XwZ'l %/$l527z\P^r29kǞT + bIpú` 1p6+xȚ'v)wEP|r.8\?/m gnH[.ԓǶ=ypptwR>)` r,eg¬&(߹ݱ\=WQsܰgmtP/r]&'W/Q!b%AW#14->CM僰mn%[&Pz{7|TGgQn~v;)׸uD\J1X t43" PS#Ԁ|QCOlg7k#bNG ,XnL3g(0a_8y1ڮ=Vtm@YE? iP )Joox7}LTd}B0vPNJ u&r\r~4*CɆr%N8ȇVwz֏tze)hB>J4\fyh;"OCo9?)eƣ7b"6>rc$UU^jmdWFtaOؼ'dEaq-maFɛp^A)k"K&Qïv[d 7ewG+פ?8FouIV&>9a73dt(*ʔj"ߠt?fHFp~[Ç׌fl톖|2 ak"QhnI Gv;8QM\lZ25[H b37/L^0&,FCw9Z{ o#4ٶN̽x (t 0@CJԋ}T}ف`#y6뽾ZQ}TXSH2%n]&RȖ#쳷e;s"DU_[^669DdxRsV`L\eF"J@Yl1nYϱxip]cHҘ۩%5p/hTOMXVΝ`jkhK ܦX#P劵ak.ιH9՛="q?M}"A꫕mU䌠sohYC.Z2 O#ax8{Y;9IYs z.d#FY*]bɬd}df/ϜjyH m\m`u4BenwT?/%j0F򅢏^&|fz(F4'27we"౴.EsMF5~v C10Tʄ 5}mlDMKPҝ'Ay8Ҁd>_fޠ) K}W Rm~8 9/ Ӧ/}UfyO*^V3 3849v"FuOY62)3%£G>{OyW7d3ucBl² F5+D%$ӵ~:hedhzHr_P?MCˆjA+?X g(MXQOyW׹Y;,QVg y]YS9MyCp?EU>j /ۋy+=[ZxPڜJPp6J*˃  }D ] L;B/39L6rG+ְVtAQ7eۥkNf3&Ҳ/4&7Y"L^Mb PVx^@B3IG)Z&n9v&d40hX6S?潢: MpNg~5Ƹs|ٛ9, ;n&'(dvVprL]pYZ,!TRfO_ta+Hn{҆\E!~H/)9wkFY2?(U\~%5l/]ik;UdV/(.=SS``=fk1 `Ҿxٜ7A!:A#xmbU >6"& d9D0+԰ɾ!Cä=OO3 bȝ[k\4\F] yŊ;:3к[.:h8~Ȁ-SB *WݫlK  )D/ q6KMN C2Gj//:AH+ oZ̸[[vkPe7F 㫣շPs&Q,q0_dy$c(3 c-~(֐KdN:F]kx銏ky9ء[rد${ /мYTWWbcg46lcqE(?`p -d8rx p!z̼+kcibW}ugY 鎏>!i:M}fԔǥAԷ x_\SQ_8 JJ5}({ԟeJ5{~s)2SK1-@Nw_$@Mlan>9T%ނ MlY'kODb54rqц3熊8P.̛aO[l$[w\b&j@ڕ/[OP |0@4z'LEhNk"AXzbxNLT[}2GpiYrTCwkF ST\KV1=f ."13.q!5]"`>$ap'(ubwrs{f4x o=KTc-AIaTxҎhBuԚ2>bj~yfE{{ % Zpڮ-Dj?LEn;R迎 ၿ'u倔SZtݶzkLTOmH0i>Ux~5!yu>0Bv>]e,\_ =F!r,3qg{ ?T).ajFN|@b^9Obv@qLie}̜a} 7铛!,ZaK6da/+? 97G@־bbSAݛLdBz-ٷO e^C(꼡w6rdGSMTGh;N3)ݏV{N"PkCTLᩎ7,κ=6&5VIҨQwd-l( A]Oǹ77Sͣ'Pʳ"?@NgfkP3>u@.ERtdoxWL t<׀U`ŒBV3*Bt+^ >QÑ%dxtDU$EJzְR;ފ7^б {a oU}g6hkqJ?l7r=+R {E{fG \V<6q[k'ٓBpLL6#kTVtզ-LY=3jN؍^cC~v4 !:$V$ zּvoQ5Zm3_Tzϒvv4=Ԋ֑1&} HH%MFcj)#Cgxr<<#5~_>_*ՈFjw@Wu ғ!uF?@pKef+u>C4|=!#ϧbwJz.h89egw#9v[YLXCBJT>/%O, Oa+lv\>L-86i^BFe͇ot%՝y,)%P#ЬzO3G&7a>/oCήѧ.c"O-n+7y9qnPjR*L{=fc 1V[?͔xQO(@A4oNk7šaF;m#c7Eć2rH>n~`c^ձ;0R4F8URK/XHY] Z6!i9{U@Jja5n]u a:} A6E{C:7]Fj+I !j,>ㅆ:[k,f3ȼo"M?qUijUh@,ߵ!S0դYOh- oRQw+$zKqTO~%}<ԅz``1]Nj8V(:D#c;U(t~#9q+"!œRe!@H937b]eU}숄y ԿWj}' mF[ĺHg}3bpTp7A]aA{J%ǽ"-h}<=eVi؎ C:N뭜tt ,zh;`WM[th[q'RRB!S㋫>d{rq#NROLEd\Mmp~$:ԎWwlG,p=bGK&F<)Wb.5!~}qk<[[xԸzj~%qq{>,csWpX wTv>&ݒ.zuID> Dx)؟|G|^͉w3X];a22Q+XneJ2!ȕF;>$\3>hut}s>$(!,ĥY虁>:)` m02?gp~n}<}D4paBRc)V Jlq:56ܽiSw|$xUc}h m 3JH 6 iޣ2#[=A3:)WL jmѸ¡%S7=Z-:c|gR7<'<:?ZY=cm OBa6:.ȴOGx!+,mnjٔ첬;vBPyv!ܩI1!تnz'`K{UL{@.E=vB$ך[Wt![߷Q: @[ <**em^GX$ 37!|OVX Fx넠"5#a+Sl.03rKwDD=SN-Tx1a\XD7>ږAZf"8:?{FAU~rT y@IdNU@A"Pщ?u|UD1.K'AϘ͵3 {+$| P?wۤ(utpN 3F^LCd[9d <[!<O@j ]}ti]EHT8 ,"& rM "cnemlcR)]GG#`UsIϫPQ |ֺ'; T%3&+Z*iVQ'^%rl`ȧ-2^EKt2ܸ4]MJ@a^-!XZk\BgRёg!o7~*Ӣ˙/P(LQ PʯH=aknH&SY{!q ˸+Xer> #ð_W/Ze 1ZY#[V ƺXY9͔N;EcnQmv1ˬFծ%uo`t[""׈gX?@Bo+'~}!;Ȼ s%7dAXNd8쿈*XqT=)9QZ$X4Zbu4'G- dv@qh9r n=3yz׵TlP9U,4u>BV#μdHR).JWS")'h+xґ> 읝)jHcjѰhNT Aل,2 :c). Xs g(yb3z2D6N{!Q(~E=<6]Iǿ>ʼi*#ůRT_!EҼFV'*< 1VћD>+iX[e’QIO%_T5DP^E;*1ԢZ q a7 RNUeac+5U6q(m"k=y&Rpɸ5eVD$4TOTRM0FVjn/wޱH! p痪̝`e%gs# cY8*МoP X*RJ^X힗4vŌA2wJ!sZsmd![ʮ5 A4/**{a !S;œ[[bR)}^h2?~aT f r-&ԤիL>Ve632d}@}tGZ㤦[}KPEVsLBPsv72f4hIqCZa~%z#ˤD%먦9+~$\?o?;[ۯzy/:ѕ:Mҥ#3F'MV~:*/ s^`TQެRX7dQ"cDno#jłaehL9RP5J0vH4\$ ҍO_2i|p`;:XƹropA#Ӫ')T;ͥwga汮~JN444]q%j KD)*|Gj8U[i B4*2q@gA{g;F:z* Рf"sg@kibiIEл:-evwGlEg#XsFP-U#:ȇze^h\n ުSMl Br730HBǩG9&ySC*NFYH(3eSTMQٵN$jP^dα\%sQ[}ȶYXv ~@bޠrVrhKJUȼVn5KOxaQPGN4"R]Jng;TQtӆCg v@.z1Ts 秾{^^VAYgԃ'.s2wr-p TGa#]KCG_m0cVUY}>k2pR3B[T myD:[H1-Mm{Taͻy8v:Rc #.ZR|LjlOUW>p䖽Ϩb;~2njZ 9 Ek0ŝU+ԪUkhTq \ӕc vhB>wJLtNY%d;} k|ϴ9qz\%cEALgUxO ufTR518)JC!F`L~TU4i5S$ɫW`Bw ϴց㻝7r:f)HN6aWӪ-frˀ:gDngL_mr$3HBh _Dd}.P/vlQ0E`KKomU#p [.uKg2A;mXG7"Y"dxrU4MӝN_aM+Ϡr 2'=Ŋ)7#cic +RП7'.kC;emYȦ }u=GnXwm.fƛyWLKRіYv6:1uJidZ B5-Siq9UU!FB?rp370ٓحz[xSUZOY)՚94ۄgMzH-F:GJ䧁y[F1,"@ZhM zE"Gq탛a_x+!pBWm ө3Gf4Rky{Ywx[O!V4,M1 O Lz t|DLǬ MN 3Όt@J)nn!8m…=z%(2P h /X9j<{3ՔBϓKfn0>nǐQ2# |fˀ 1KA7TF-2Ə`uHF12'gnTVMb< >Șڼ}C[:O^BVaP2 ]y)dQ l35]Ec9f5}bO Qkj %Fj R'~Xߒs$r` !HFj]x=ҾEר#U-|։ q9OǑi'01ǩ}CuD n2D'2#VQ\98 2XJU-X3u[B鳄#%Fcӎv'c1 bg!fQoyT \s{%#Yácnv- qjMz~,2+a~N!i/RztCQec5=rQj]tDdl3 cM_kORղleSr{x;߷#M2Tfe]d< (5WT-/p%8Bp?IC࢑,+@&rUB}pi"D}^}"M 7 X8|u }-u~p׍]ߢ>,AxXI/]n>hD_u.]lҊyJ\tp߰&X77)IiW$Z)%ϱi9En[伤`+vh F #N[wwca1M1p^ hlhuџQVvo+YNfR #j`C35iLZޢu bIp]jdr܈lL0,RPp%$!|Y&ڿ$J-,19;w-.K0Ҁz'IcLoX\Zz{%iE'pz@"8f47/j/Rm?[?L^%.dA{ ":2D$`ώ%d1>aP+ۃWZE}Km qYYSԆSɗ5TCLhޚk.L.6NNM<iHFtp%O̩Ao0]0 ${_VUN^s{&Bֆ8|3ت,^$pS ˆ8c!#2cڷӍ]}ϩ VQmZSL8oIyouMnF ! i3]7jlɰfmYTIi@xs) Kw~`2]ڵmCTvl%(QeQghb3`??2`nǢyA S1:qrڄN-k#R~N2ڢ)de\O*ԇO`8d}O3Ru&~lᅚ|?J" U*n.KZdX5 j*d<)B/R;Dl*->M= 镹S 0^?}&|F?\<~ҽ8zj*VL^ƅZlK͘㑷R6 ɚ:%5Ip^}Lf[G=A* /F P pXMUu+6L(nwg\fm jq&a{A)\M/hWLR/C[\T]$HhVQAzQ3\!hyίnJH i޵f=U:cC!៟q|%|ZwRFo( pLk<]7XSsٴS"[/\xn,\,ȗ*f1(YdMISh?͵7ǡIo3l ΀)=]9aB 2Wq%O-~ aeo!JD:O5C 2ZA_𴧱s̙A=O8*S8CbHov, еu o {ULziͪg{HV u3\bgȃ_ߪAWqwWJ}cpn< wo,8}|n Q^4E9|͒O%ސsKϾ;籂p_;ʡѱ!ݾ@tr/YW{G>op KDŖOdO)@4\Gl1Od`^KAߎw[Z={f-.Fzj;jE _RMgPBx,`4 D*Cm^~94*;= cV꘥zQ\yV2CYPJ Ufm[HkmL L"i[dlG*"-_s8ᡙ;ۥMn{^+Ӧ@:]nsb(aPfE?B2$ O/)xWH"F,vҮ5RL9=fp:_фgu. ؓn{>ųmJT[?Uf A="f?>,/E377\Q=7S>#br*[M! Nrwv=$x%|9;fl_:a`XC᭾W -$+ ;rF5ffU*:J G&'cJnJ;k#/~ _! }=JB9j"m\(3]K,%lܦ6-~T>Z sOg3u+Mbsr(d/9$,f< ƨG.(>ʛ+w@HQw*pGI ޮO6rz[Ii1sxؼ@}Z0Vã~$ (T&{kA 85bӇg!TB ]ѩJK(=#]Z=L4IfHhkɁ?q#S16yE4 0<]Xg%x; 8Q 7to3gU(& }_) 7y$Rl~4#aNDsik@Z,Xzڜ^uظПLW\QhJT4[K@#uvo<4@vR/YIڿ@O_?51;vԱَŪ̧3^x=͑9e֑p|]@};ۼ$C܉$5r˥EyH HAsi3G(Ֆ\ß\b)"UO\Dݴt+d%%Paz?IıkUU4²>PLGj-FK`o%vf9W߉* -HuòT>ݲ k cNȂB1e"4%+qCt(m>.6y9ˑt^=~"{U!0IH`ng%=f7Ba)?ExHcP=DQiE6/@j5w}6)d=W$^rY # K!{ H~g@+ux9BgyMOęEUpj=ej\}~/ Y`q{kEU_#X0H !p 5I w@?No&`)JԖ곷<;]MB#`B'PT}T0k`5&P!~d҅nff|u0ty_ < .9 cZv7,tjRATȉeZ1EMW ^m0=u!2 ~r3+qg|99mw:ZwF!I%ZZ1s6m?)M 1358}QPVN\OdB9蘬xzZNy rT  4b&޿<\ZS5n҇W.!|B:O _k'giߎA~ 4gk=ĻkD*'xk/9+cRsF+?2+x"JJJ.-ї% 8- oA_lƭ }.b2ŠHI fXV5Գ M̕(bmbX+wC;GbM!b!Ge S|Ȇ wV 5,I4eZkP,+Qm{N1ys^cr! t՚Pv=j֕"[; /H?hn/sfh_̽%EJ5wpyXR!V gӼm.uD5h*/6rm\CCx5 'mrypֿh昌*F)Htm1슾 c5X?섅Bٖl׶B>J+cE2}`Mcǻ cK@sԉĈ 0I@vcY>TUn ZDU"* 50{8TajrTƒ.D$('lH{NYMlD.zQ~BkYrԾ2jR ;S!/O- *gY"!|$hZ$X!g>vӖ}3|`* 9'T{tXs&L8sNʗlb1^R2h@A)ʼnjDX[Ȏ$8e̼&*b],fmVJA1gzϻAIVDvS#EVaA&7j$!n/gj30CHqףƎz'nG"uHDawgP82Ux.+h I ՃLoTñ҂{l},UAЖ*"¿txg8yZB#{xPϣbg5WFX? '8= gk-zE L׸MƔ4\< H< FGL,~ϐZ!rPŴZ&A9~C/In[9 ZK\md&Rq搎\W7SDtV3*^tW# aŲ;c/[% `cQW/&Th^$iw q"Ff3TfSOMݖN Id@ٽ]wմ4u)#=r@;{-S6{+X?(1~qއqI >T䁪=2,U/C̚ a?iu6M:n9Fsb/<=Y@Kekl1Ձ.LW9Ve&}&g-c%O j >k!V?цݳ`zOTx\֠&U7uuf!ݷ7~QH_4~`ov!vnG5 ~ig-220 { CˈmG3&Q ɻwe.K 7bQ*oP}}}XdF; ka<%*ŒÊhjpfQ|7;aXe}/Cki g929f-u}64F $BjZ)~"f5@^ SqXJ`jMP}hN%RC .EǙ!z>>^3˯CV mm%Nh*(YHլgƐݬC0m4I eGr9 6'4j+EPdqP ~䔴J7k- `5HFjg!DW+UDGl ޼Я3j@&eͻRһ I¦Y|̃4{ۡ"4X!ơ O*k  uRش{ƙgeLT\4@YRU x+5)bաײ(+ _$k )Hm2tuW }bl$j^mm>0!ʘsa\v kLśdـO2?ǿR?D%"igO6FgěE5`&=cO^= TJMն\fF5N%|ԊN=ϣۭɻ`eA|O+Z H?04i\P0г=kJ= {tc ]|Z +~wF<{״FlpZ* d&JtY GMdy^ΐ){Ooh-(d@zp$H y 󰾥i DN'PVI"`$I.(3Xi{QIBYKXoz>3-,Ɓj wE|EI NMDz <1BgZؓZd`;{2:-1} xaj]JBNܷ ݦ::0vwu4