mozilla-nss-devel-3.19.2-107.1e>UAQnJhq"c_d+?U{$j>P vIlL( %( Oūg1ajS>5? d ! X *08ee e `e e e @eeee|   (8L9(L:#RLFZGpeHeIeXY \0e]e^bcBdeflzCmozilla-nss-devel3.19.2107.1Network (Netscape) Security Services development filesNetwork Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v3, TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.U{cloud1242.openSUSE 11.4openSUSEMPL-2.0http://bugs.opensuse.orgDevelopment/Libraries/Otherhttp://www.mozilla.org/projects/security/pki/nss/linuxx86_64 -/  XOoC7nd'[b3 ( }@G8A :o X|Xo-0$  JmqFg>+" 4-(sF^ w56VYQ=eDpY|B(4Mj  !|NfA큤UqUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUpUqUqUqUq2e3d9c44159b112805242b343dbc070cf3e341f8e5d97d945fd0f44078867e8edab7816d5b1c8fb72f05eb89743e2db66b9756b6af681501317e8dda3b79da6d6a0bbcfaf2cfd8824afa52cf5569bc31bc9cb32850052ba0b5c34dc6e4bd5a4aae541755dca2687286bbed2798af41439d215730a71c8ba4908e83f1d585153a378eb82b43b0fba3c551489c6661c4a4e1681c79b82b2a07ce4bd7af2019f2c3a2b4859cd730b77b239e50963e05feb025bd5bddc46d2b183abec8d594d4652e3fa19cf62237f4c8efa1abb5ba3c5f15a3e9d746ca4a51ff7a7472a7daf6512276b84a0ff878c8901a99dd76c61c652d24afc07e0357027f2415eb4dd2997bd4568feebd07e39ef347f11c8d3b9f23ed46d6fdd07bd25ed9f0ce481344fb5e6d5fbb2dbbbed8c7350e0cf97e9544732348f0e2f655ab3ad9404c0163027e2a2e660af1ccc3f5543d51a3fe99632dab164e0da946a14ec43a447c3a5c35c126c95153357b7baa30565c6ae3796c5cf9f6a90a1986a3222724498f010bf58519690acc6d5cf73c5ddff2bd8f5e8d8bb1e8063a08183b0bca6ccb3267cbbb34dc8c546e2f0721badeb9e7b2c6876ab8caba998636c8b4d840796bd27b1b3981575715af5edcdbe56a21d0b6437c0d1c985edd8ea6cd6742c84088eb07807c192aad17e2af62b88665a90145937fec99a2c39822cc072d8848d1c2b40bca13a10110d4bcf2d8bdb83ff780057be8f0703262922e038ed3c1d3e3b8212cd200aa92859602a6856ec8128489640e12b21e20a337b1b163e29ae83a57beb7e59d5fdb50a1ef62f354209e62c48270c82f7fc2a0591bd72c6f30720fccf3009531e8bc3224020ee67dc9d2926cbc56cc5890783ef84010bb22f1e2eabad1781438f79ee2d454fe2e05c80ecc0eeadbf9425ca7cdcda50298d269702b7d5006bd98fbcba2d2f6c98570ac7b76bb37392352f4e34278c90ccfba6ae1de0f6725f5df96882dcf37adc3a0b6c6d88510121912686da3d6e1194a49e09a10d02f0469c5b5820594f9dfc50c9662ed619fe0f3cf3cf54774867d75a237ae2cd1305b0b79095776bb483bbdd77e79a088c2b30da46d41e6e9c9172b9b78961de287b31caf987fed73c945cdc1e8d09c5c6f8eee3e6946f63f5ad16e70c503a9273b83e6cad2731b490cb18bb627acbf2be3b30c01da6c839ca869b8c3ab1e154097f3e00d014c21bcbee82680615d47fcf9fc6998b9aea47182911f99575adab7e2d3a97124f59b745e13647edfa1d1a347c91b6566fae0bf7454778f982d1834bccdedfd585b486ef2a21fba9794686bc185f25713bf51ce30761eb2c6772a06dadb22fa3935fda8141d7915345837fb5b4a2490dc8a6695d60d46a9fab2412849aed26799bfe6ca21a47bade73377c972dbfaa2f3491b32a0e121732780cdc2dbed17f5caa2640833da1b34032c8d21445a47f46d485217271d651651860ac1b3ec0bc6b3648f2eeb846e540f1b13e05e4abf0a0f71fa93dd3fdad6b96391e319cd792b542b90417751d6e4a2452e83086c140ba769e4437c669b5d1d6ff7f5160443f06d3d0e659d84a4edac052d61d6a7df36d36ff97b5c54aa8b650e55c6411c0c38cec13815eb2b262dc7bcccef8d0b3cb8889f77444dff2584176b7ade06be00d42335328e4f58feca9d380f4db3cd15a6935bfbe562c60ba8a52119246909b98055bec26168c83a5d4e8941b49471225fa69cd1913a117fbcb256d6d6849b0c34df6e7d075511638046b84410b27160901e5eb906e4f05617040a96e2bbb47d0eafc1fdc2dba0044018eddc9bf5b10a49aa989b98cf7471bfbe2a930c006d32351b8ee34b47ad7d78e0ff58b6521c55a3c4958ee66b06b4ad1181f0076410c02852ef6d8d2a2969319f0ee35b11d5cad9f41662e5dffaf657e0f204f2ce780dfc079ff5b5fa68fb0799421befff70ff2f320da6daa5adc7a7d49d7adb9f81ab36f661062dcab3d987c46e2828e9e86b09cd1734aeeff335a4334c75fee0094a90320a6c44a7b5d7e4f841591187ef4708177f251abd571eb57c5a0a5d402af071e77378765909138855fecd1e7f31148e09dd271a6223681f4994610b8045f81adf30fcc83a6de57f41294003e20ec25be95ac411e0bc515b47a8a718adebbb8bc1fefb092094beb3a368cdf56ada9d292f7476ddcccb557733149b26ddb4611eae5b6ae274950207f00f86fa1e72a9ed4a4cec207ea517e7bd1db592365752f8f435dfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmozilla-nss-3.19.2-107.1.src.rpmpkgconfig(nss)mozilla-nss-develmozilla-nss-devel(x86-64)    @@@  libfreebl3libsoftokn3mozilla-nspr-develmozilla-nssrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)rpmlib(VersionedDependencies)/bin/sh/usr/bin/pkg-configpkgconfig(nspr)rpmlib(PayloadIsLzma)4.93.19.2-107.14.0-13.0.4-13.0.3-14.10.84.4.6-14.8.0UUJ@UjU`kU8UTTT?@T!`Tk@SSSkqS,)S S@R@RjR@RRFQֵ@Q@QzQ@Qm=@QNQ/FQ@Q P,PZP)P+@OȮO@OF*@O= 4.9- update to 3.15.4 * required for Firefox 27 * regular CA root store update (1.96) * Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. * Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. * When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality * Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. * Implemented OCSP server functionality for testing purposes (httpserv utility). * Support SHA-1 signatures with TLS 1.2 client authentication. * Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. * Added the -w command-line option to pp: don't wrap long output lines. New functions * CERT_ForcePostMethodForOCSP * CERT_GetSubjectNameDigest * CERT_GetSubjectPublicKeyDigest * SSL_PeerCertificateChain * SSL_RecommendedCanFalseStart * SSL_SetCanFalseStartCallback New types * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST. - removed obsolete char.patch- update to 3.15.3.1 (bnc#854367) * includes certstore update (1.95) (bmo#946351) (explicitely distrust AC DG Tresor SSL)- adapt specfile to ppc64le- update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605- update to 3.15.2 (bnc#842979) * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739)- fix 32bit requirement, it's without () actually- update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)- update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes- Add Source URL, see https://en.opensuse.org/SourceUrls- disable tests with expired certificates (nss-disable-expired-testcerts.patch) - add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements (bug-834091.patch; bmo#834091)- update to 3.14.3 * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch - add aarch64 support- added system-sqlite.patch (bmo#837799) * do not depend on latest sqlite just for a #define - enable system sqlite usage again- update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage - disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash- updated CA database (nssckbi-1.93.patch) * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST- update to 3.14.1 RTM * minimal requirement for Gecko 20 * several bugfixes- update to 3.14 RTM * Support for TLS 1.1 (RFC 4346) * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) * Support for AES-CTR, AES-CTS, and AES-GCM * Support for Keying Material Exporters for TLS (RFC 5705) * Support for certificate signatures using the MD5 hash algorithm is now disabled by default * The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. * Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default - disabled OCSP testcases since they need external network (nss-disable-ocsp-test.patch)- update to 3.13.6 RTM * root CA update * other bugfixes- update to 3.13.5 RTM- update to 3.13.4 RTM * fixed some bugs * fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2- update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204)- update to 3.13.2 RTM * requirement with Gecko >= 11 - removed obsolete patches * ckbi-1.88 * pkcs11n-header-fix.patch- fix spec file syntax for qemu-workaround- Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)- update to 3.13.1 RTM * better SHA-224 support (bmo#647706) * fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - update to 3.13.0 RTM * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * SHA-224 is supported * Ported to iOS. (Requires NSPR 4.9.) * Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Added NSS_GetVersion to return the NSS version string * Added experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096)- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753) - make sure NSS_NoDB_Init does not try to use wrong certificate databases (CVE-2011-3640, bnc#726096, bmo#641052)- Workaround qemu-arm bugs.- explicitely distrust/override DigiNotar certs (bmo#683261) (trustdb version 1.87)- removed DigiNotar root certificate from trusted db (bmo#682927, bnc#714931)- fixed typo in summary of mozilla-nss (libsoftokn3)- update to 3.12.11 RTM * no upstream release notes available- Linux3.0 is the new Linux2.6 (make it build)- Do not include build dates in binaries, messes up build compare- update to 3.12.10 RTM * no changes except internal release information- update to 3.12.10beta1 * root CA changes * filter certain bogus certs (bmo#642815) * fix minor memory leaks * other bugfixes- update to 3.12.9rc0 * fix minor memory leaks (bmo#619268) * fix crash in nss_cms_decoder_work_data (bmo#607058) * fix crash in certutil (bmo#620908) * handle invalid argument in JPAKE (bmo#609068)- update to 3.12.9beta2 * J-PAKE support (API requirement for Firefox >= 4.0b8)- replaced expired PayPal test certificate (fixing testsuite)- update to 3.12.8 RTM release * support TLS false start (needed for Firefox4) (bmo#525092) * fix wildcard matching for IP addresses (bnc#637290, bmo#578697) (CVE-2010-3170) * bugfixes- update to 3.12.7 RTM release * bugfix release * updated root CA list - removed obsolete patches- Disable testsuite on SPARC. Some tests fails, probably due to just bad timing/luck.- Use preloaded empty system database since creating with modutil leaves database in nonusable state- buildrequire pkg-config to fix provides- disabled a test using an expired cert (bmo#557071)- fixed builds for older dists where internal sqlite3 is used (nss-sqlitename.patch was not refreshed correctly) - fixed baselibs.conf as is not a valid identifier- update to 3.12.6 RTM release * added mozilla-nss-sysinit subpackage - change renegotiation behaviour to the old default for a transition phase- split off libsoftokn3 subpackage to allow mixed NSS installation- added mozilla-nss-certs baselibs (bnc#567322)- split mozilla-nss-certs from main package - added rpmlintrc to ignore expected warnings - added baselibs.conf as source- updated builtin certs (version 1.77)- rebased patches to apply w/o fuzz- update to 3.12.4 RTM release- update to recent snapshot (20090806) - libnssdbm3.so has to be signed starting with 3.12.4- update to NSS 3.12.4pre snapshot - rebased existing patches - enable testsuite again (was disabled accidentally before)- update to NSS 3.12.3.1 (upstream use in FF 3.5.1) (bmo#504611) * RNG_SystemInfoForRNG called twice by nsc_CommonInitialize (bmo#489811; other changes are unrelated to Linux) - moved shlibsign to tools package again (as it's not needed at library install time anymore) - use %{_libexecdir} for the tools- Temporary testsuite fix for Factory (bnc#509308) (malloc.patch) - remove the post scriptlet which created the *.chk files and use a RPM feature to create them after debuginfo stuff- updated builtin root certs by updating to NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the base for Firefox 3.5.0 - PreReq coreutils in the main package already as "rm" is used in its %post script - disable testsuite for this moment as it crashes on Factory currently for an unknown reason- renew Paypal certs to fix testsuite errors (bmo#491163)- update to version 3.12.3 RTM * default behaviour changed slightly but can be set up backward compatible using environment variables https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables * New Korean SEED cipher * Some new functions in the nss library: CERT_RFC1485_EscapeAndQuote (see cert.h) CERT_CompareCerts (see cert.h) CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h) PK11_GetSymKeyHandle (see pk11pqg.h) UTIL_SetForkState (see secoid.h) NSS_GetAlgorithmPolicy (see secoid.h) NSS_SetAlgorithmPolicy (see secoid.h) - created libfreebl3 subpackage and build it w/o nspr and nss deps - added patch to make all ASM noexecstack - create the softokn3 and freebl3 checksums at installation time (moved shlibsign to the main package to achieve that) - applied upstream patch to avoid OSCP test failures (bmo#488646) - applied upstream patch to fix libjar crashes (bmo#485145)cloud124 14370709711٨ٯٰٱٲٳٴٵٶٷٸٹٺٻټٽپٿ     3.19.23.19.2-107.13.19.2-107.1nss-confignss3base64.hblapit.hcert.hcertdb.hcertt.hciferfam.hcmmf.hcmmft.hcms.hcmsreclist.hcmst.hcrmf.hcrmft.hcryptohi.hcryptoht.hecl-exp.hhasht.hjar-ds.hjar.hjarfile.hkey.hkeyhi.hkeyt.hkeythi.hnss.hnssb64.hnssb64t.hnssbase.hnssbaset.hnssckbi.hnssckepv.hnssckft.hnssckfw.hnssckfwc.hnssckfwt.hnssckg.hnssckmdt.hnssckt.hnssilckt.hnssilock.hnsslocks.hnsslowhash.hnssrwlk.hnssrwlkt.hnssutil.hocsp.hocspt.hp12.hp12plcy.hp12t.hpk11func.hpk11pqg.hpk11priv.hpk11pub.hpk11sdr.hpkcs11.hpkcs11f.hpkcs11n.hpkcs11p.hpkcs11t.hpkcs11u.hpkcs12.hpkcs12t.hpkcs1sig.hpkcs7t.hportreg.hpreenc.hsecasn1.hsecasn1t.hseccomon.hsecder.hsecdert.hsecdig.hsecdigt.hsecerr.hsechash.hsecitem.hsecmime.hsecmod.hsecmodt.hsecoid.hsecoidt.hsecpkcs5.hsecpkcs7.hsecport.hshsign.hsmime.hssl.hsslerr.hsslproto.hsslt.hutilmodt.hutilpars.hutilparst.hutilrename.hlibcrmf.alibnssb.alibnssckfw.anss.pc/usr/bin//usr/include//usr/include/nss3//usr/lib64//usr/lib64/pkgconfig/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:341/openSUSE_Evergreen_11.4/e2eed42f6e563af65caa82779a40b72c-mozilla-nss.openSUSE_Evergreen_11.4drpmlzma5x86_64-suse-linux(![-g~?]"k%וkH^T@wM}nՋ׹Ҁr*Miʤwl2ʡn7oVpkE'&B_ Rg`=#ðP̩6CE|; vi'f@KeDSYw˃a]uKX|lFiYqEO¼p$j>90VC͜(v]/̆)wH<1MjM I3]@ ܡ.F߬HkP$q7\S%-!&vj"i;}U>JJAhZ]=]7aZTKNdYLZ %};n%-E8%-\1b)"PO脩Ŭs} fk*'N}D5Ќ 4[^;3M뼼LG?0hB܇;-D/?'/$<hp@l48;E8tNyKatAUGK.<&R(MD%?17HZ~\1 grUQ-@/6߼_?0|aN,Gvȉ6!^U`KX?jn|ic&'5юQxpˤ6/4ٺsN;8E:8q܌J0j~HMǎ4Y[t^&.5P[0i[|,TEEnf*zMuE GeMվ R\!i:旲Nr:G3+Ծ\4_l[. CF<{,A2KDp74Ce q;LA@7&T<;o1gtGkN̠'y&H/Z@ Gy kAqGj ESǯ:J2+EJVصV|'ҒW§d^:z?͚}ȼ-4WUYT?n@OGAbL\I*fj yUwpsG%^DPu}"ifP/JHu R "}:7vcnMô K4>'Y'0̻X і,mjJyDur؏؟!dC96~e5ɻytpDӘ9Jx5V|KmLُBr~y^JV 2eVD$n$BoE͕,O &(E}-OCvfo^oVBH'7=V_ꬋ+50pW $GUU27G26(3< {sC|;ygBueJ&{)78zJ AK|Fꚩ?pKlP 9!zafHq'.5E$9wrh|aA/ã)6EcȍK;>hLrR- n\b[Rz\Xn w=mTr&q[m엔Y/w| Uz{-9PT,vou1rnp"5%5 <>'o:~h_@k᛽@&p }NO3DAv$4HI6Bm7[/PV,]ġR1cKTO O[:m}`sWa/a u2n=.=+%ªA,LoQ "QF%IY]^$U?8udSJT1%Iol}"ˮ\ǣJ%hb('JՇ?/A]='9#ւi9UR]a|A}ait5`quU=-1Iqͩ3Zg5sfyq Qu%DĘnf;P3k&]Fn`>\ZMRJFx&JpekZHA@5{U5(X>XۂUq3_ח76oL awjY2Ŷ\qHn&wR$ ?Ma.S48/ӳFfm*f) q :TKsؒg1cUQ "aHC"B.^ǩB֓t"!RJɒՖ`1&4`XXi7G]-E 3\H$7U!s(3U4sy4Hf'PvyW%n%4H;*Gj}urO(!ΜfSkitsUtOu (FkiTJf]lq5l/_feT YH %ZH$bv)4DTP4Dfͦr+˻pUGt6'_PDJ̄'|}Ȃq`DzY|D;$,>_ScPֱkٰgzuipfy&Јe>¶¤+&$p ̈#?,!9R-,D.*eҿ :nln?lj*G5U@_HBqާ^kuq#ً7 vi &/&~֓uHA.eRH;d eW(lEjEn_n2_l&f 0')Ћ 7G{g8|c=V=0V9KX[Le3LO$Kdr2Sg;OƿEU#+:if1q>$0eÖhDWf߷6ܤ8&7Ôuf7 Tn⊲C/#py,>*vB@?#|y;^V\~:ݒ"n} wwe/kvCdVajϫMdZ:جeaoT j vH׸v&: u RKX:-d `C@ZE z‴6bZa~l^S!':PǔUDI b\~m\'02L,u QIcõS9os?EF(x| W_)yh uSO^=3A;'7Xb[, ml-EՓ-ⶭQFoy2J8:</п3]!$B]K٬32a8Lj{OB[k>Hc\?tJ&>c F,l^F7S`g?)kuO4/֫9a?Zm^-j]$Xp46d*p [1_wJJR3yXSն)U)>O )tb~HRWmV邂Qy(]a8PT)촓U#ԤS L?>Ym;f`knMud ;Rg@! ο4d[}z]8ђO#gȖ36T~$j-n3nJ-s&&:AǴhR|iuC_뇫dL g$6cΜE][3fjXi#/]olhmݒ>c7ҤhBWes0?'2X娡 h~wWg+3ҿa*bP]S}$ߥv혶bx9 iog F5N-7-h /ݸg[!rhDul+Y  jgx#|UbI<]4ҟ2[h^{s8jr7d$#]NL/b N2sǵs,d3&GۉJa6 +7Xr#a# zMrKhXu U*:Hrw[%F,]'>ٝ_s!jsvI>B.<-_pϢ(mˈֹ_{9ԃIބل3!qidf0R;+8)#Z;U6qpݜCh3(^[6!I_hG#'o攋q1]N Y Wm9Aۯ )(3{f}Ѧjw!}qfs~B(Δh@E.f˯ Dg`KK }2Ul*w,*va*#&>"u跏<4.3m7QݽmcA/ 8y w9ApYce!/[\ٲbƍs ggEJnmڅyX T&^􋥪 "_AnZ~A-''u\;䰄Kݓnxz QA?˂gٴω->PPKQލi|i @"DRCʹȟSmEdV YʁhK硟$ f^&5˳|l,gJ( es^#wN/_{BG;Ҡ6N*6  .6de-ؚ:U~VUi`63,Q3#ԙ%$N_CļyȌ*Ac 5e>sm*\yA5_aM%KrׁB2^4=?5уYt7 j# &Fڛ7A+rjÁR}}:..nRI]Cl#%;E5 f-3577k/ngujւRXUAĭ/u hshڬBv=ŇVee".:,EIz^Q+}56Q ,*[G6y[D9yx~c_5s# ?V wz1ab9bG&9؄?P t߮j*fk/h>^Gtjs]5Y^+ _iVwt?݄$E7l:N2 TuM̭ekq]eĈڏ2CD.є'`yl18% h݌yB8BZo WS>#Q' zMX^ePk3M$dq0EAs>jZkxLo{~hI$ZWG>*{CvD [A&ݠ sMRҾx,ya7j h:z\5 ۧN3K U)50 )i+zʩq*,ONTA98*`>U94짰Z|J].DĥPzUܫuۗA[/d"VӗA ɿ@= I[ӐϗIDb-ZsHY肵RXʂw<@08G8ƶ%]W*R?.!8'  z^x[P$yr*tR'TL5iZ{/=$Yx]b++uk>qUO'"g 3Eg[da!v<~ h7y'¸(uhArIzQMLֻ(vtҳ-ȘaIWSˌ,!^`|̓q| Hf"/ߎyfԄIj Ds/.@\ab9MZQj/!Qؤisb(BYom/_}~8Zm&իx;f@O Ǝ7K`c|bƶԟ{~{pcju2kq862_xkdpEb˻^-9Ս`J<Z}XM FJ=Ub\Vo0maf8nd 4DZj?IVb& cH5>|2 T-&?'d׾A'zfpSؿTu~?{"8kI e ah ˎ懇 o>p=iߎ7فMQytSRlp(v)CE ~ X %ɷtWž%5W+,g樑zhZ緵_/nՍt&i؅B@ˑ* S~5#!Kt~0TMːE\}m)G/(SۏGB݁ciLj$cyJci