libfreebl3-x86-3.19.2-107.1e>UA4kk:i-*U?U$j4p-;n /l*GBsUM^84π@s/>5?d  O GMR      <HI(l8tL9L: L>GHIXY\4]@^abcdeflClibfreebl3-x863.19.2107.1Freebl library for the Network Security ServicesNetwork Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. Applications built with NSS can support SSL v3, TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. This package installs the freebl library from NSS.Ubuild19Z{openSUSE 11.4openSUSEMPL-2.0http://bugs.opensuse.orgSystem/Librarieshttp://www.mozilla.org/projects/security/pki/nss/linuxia64/sbin/ldconfig -r /emul/ia32-linux /sbin/ldconfigVA큤UUUd9db83fd1042c9dea01a9cc54b3d661acae1db1b0ef2afb972835fb4d8769a04rootrootrootrootrootrootmozilla-nss-3.19.2-107.1.src.rpmlibfreebl3.solibfreebl3.so(NSSRAWHASH_3.12.3)libfreebl3.so(NSSprivate_3.11)libfreebl3.so(libfreebl3.so)libfreebl3-x86libfreebl3-x86(x86-32)   @@@@@@@@@@ glibc-x86ia32el/bin/shrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libdl.so.2libdl.so.2(GLIBC_2.0)libdl.so.2(GLIBC_2.1)rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.6-14.8.0UUJ@UjU`kU8UTTT?@T!`Tk@SSSkqS,)S S@R@RjR@RRFQֵ@Q@QzQ@Qm=@QNQ/FQ@Q P,PZP)P+@OȮO@OF*@O= 4.9- update to 3.15.4 * required for Firefox 27 * regular CA root store update (1.96) * Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. * Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. * When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality * Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. * Implemented OCSP server functionality for testing purposes (httpserv utility). * Support SHA-1 signatures with TLS 1.2 client authentication. * Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. * Added the -w command-line option to pp: don't wrap long output lines. New functions * CERT_ForcePostMethodForOCSP * CERT_GetSubjectNameDigest * CERT_GetSubjectPublicKeyDigest * SSL_PeerCertificateChain * SSL_RecommendedCanFalseStart * SSL_SetCanFalseStartCallback New types * CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST. - removed obsolete char.patch- update to 3.15.3.1 (bnc#854367) * includes certstore update (1.95) (bmo#946351) (explicitely distrust AC DG Tresor SSL)- adapt specfile to ppc64le- update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605- update to 3.15.2 (bnc#842979) * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739)- fix 32bit requirement, it's without () actually- update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)- update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes- Add Source URL, see https://en.opensuse.org/SourceUrls- disable tests with expired certificates (nss-disable-expired-testcerts.patch) - add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements (bug-834091.patch; bmo#834091)- update to 3.14.3 * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch - add aarch64 support- added system-sqlite.patch (bmo#837799) * do not depend on latest sqlite just for a #define - enable system sqlite usage again- update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage - disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash- updated CA database (nssckbi-1.93.patch) * MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST- update to 3.14.1 RTM * minimal requirement for Gecko 20 * several bugfixes- update to 3.14 RTM * Support for TLS 1.1 (RFC 4346) * Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) * Support for AES-CTR, AES-CTS, and AES-GCM * Support for Keying Material Exporters for TLS (RFC 5705) * Support for certificate signatures using the MD5 hash algorithm is now disabled by default * The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. * Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default - disabled OCSP testcases since they need external network (nss-disable-ocsp-test.patch)- update to 3.13.6 RTM * root CA update * other bugfixes- update to 3.13.5 RTM- update to 3.13.4 RTM * fixed some bugs * fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2- update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204)- update to 3.13.2 RTM * requirement with Gecko >= 11 - removed obsolete patches * ckbi-1.88 * pkcs11n-header-fix.patch- fix spec file syntax for qemu-workaround- Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)- update to 3.13.1 RTM * better SHA-224 support (bmo#647706) * fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - update to 3.13.0 RTM * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * SHA-224 is supported * Ported to iOS. (Requires NSPR 4.9.) * Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Added NSS_GetVersion to return the NSS version string * Added experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096)- explicitely distrust DigiCert Sdn. Bhd (bnc#728520, bmo#698753) - make sure NSS_NoDB_Init does not try to use wrong certificate databases (CVE-2011-3640, bnc#726096, bmo#641052)- Workaround qemu-arm bugs.- explicitely distrust/override DigiNotar certs (bmo#683261) (trustdb version 1.87)- removed DigiNotar root certificate from trusted db (bmo#682927, bnc#714931)- fixed typo in summary of mozilla-nss (libsoftokn3)- update to 3.12.11 RTM * no upstream release notes available- Linux3.0 is the new Linux2.6 (make it build)- Do not include build dates in binaries, messes up build compare- update to 3.12.10 RTM * no changes except internal release information- update to 3.12.10beta1 * root CA changes * filter certain bogus certs (bmo#642815) * fix minor memory leaks * other bugfixes- update to 3.12.9rc0 * fix minor memory leaks (bmo#619268) * fix crash in nss_cms_decoder_work_data (bmo#607058) * fix crash in certutil (bmo#620908) * handle invalid argument in JPAKE (bmo#609068)- update to 3.12.9beta2 * J-PAKE support (API requirement for Firefox >= 4.0b8)- replaced expired PayPal test certificate (fixing testsuite)- update to 3.12.8 RTM release * support TLS false start (needed for Firefox4) (bmo#525092) * fix wildcard matching for IP addresses (bnc#637290, bmo#578697) (CVE-2010-3170) * bugfixes- update to 3.12.7 RTM release * bugfix release * updated root CA list - removed obsolete patches- Disable testsuite on SPARC. Some tests fails, probably due to just bad timing/luck.- Use preloaded empty system database since creating with modutil leaves database in nonusable state- buildrequire pkg-config to fix provides- disabled a test using an expired cert (bmo#557071)- fixed builds for older dists where internal sqlite3 is used (nss-sqlitename.patch was not refreshed correctly) - fixed baselibs.conf as is not a valid identifier- update to 3.12.6 RTM release * added mozilla-nss-sysinit subpackage - change renegotiation behaviour to the old default for a transition phase- split off libsoftokn3 subpackage to allow mixed NSS installation- added mozilla-nss-certs baselibs (bnc#567322)- split mozilla-nss-certs from main package - added rpmlintrc to ignore expected warnings - added baselibs.conf as source- updated builtin certs (version 1.77)- rebased patches to apply w/o fuzz- update to 3.12.4 RTM release- update to recent snapshot (20090806) - libnssdbm3.so has to be signed starting with 3.12.4- update to NSS 3.12.4pre snapshot - rebased existing patches - enable testsuite again (was disabled accidentally before)- update to NSS 3.12.3.1 (upstream use in FF 3.5.1) (bmo#504611) * RNG_SystemInfoForRNG called twice by nsc_CommonInitialize (bmo#489811; other changes are unrelated to Linux) - moved shlibsign to tools package again (as it's not needed at library install time anymore) - use %{_libexecdir} for the tools- Temporary testsuite fix for Factory (bnc#509308) (malloc.patch) - remove the post scriptlet which created the *.chk files and use a RPM feature to create them after debuginfo stuff- updated builtin root certs by updating to NSS_3_12_3_WITH_CKBI_1_75_RTM tag which is supposed to be the base for Firefox 3.5.0 - PreReq coreutils in the main package already as "rm" is used in its %post script - disable testsuite for this moment as it crashes on Factory currently for an unknown reason- renew Paypal certs to fix testsuite errors (bmo#491163)- update to version 3.12.3 RTM * default behaviour changed slightly but can be set up backward compatible using environment variables https://developer.mozilla.org/En/NSS_reference/NSS_environment_variables * New Korean SEED cipher * Some new functions in the nss library: CERT_RFC1485_EscapeAndQuote (see cert.h) CERT_CompareCerts (see cert.h) CERT_RegisterAlternateOCSPAIAInfoCallBack (see ocsp.h) PK11_GetSymKeyHandle (see pk11pqg.h) UTIL_SetForkState (see secoid.h) NSS_GetAlgorithmPolicy (see secoid.h) NSS_SetAlgorithmPolicy (see secoid.h) - created libfreebl3 subpackage and build it w/o nspr and nss deps - added patch to make all ASM noexecstack - create the softokn3 and freebl3 checksums at installation time (moved shlibsign to the main package to achieve that) - applied upstream patch to avoid OSCP test failures (bmo#488646) - applied upstream patch to fix libjar crashes (bmo#485145)/bin/sh 4 4 43.19.2-107.13.19.2-107.1liblibfreebl3.chklibfreebl3.so/emul/ia32-linux//emul/ia32-linux/lib/-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:341/openSUSE_Evergreen_11.4/e2eed42f6e563af65caa82779a40b72c-mozilla-nss.openSUSE_Evergreen_11.4drpmlzma5ia64-suse-linux?]"k%{U}dx#(; WJ_v 45ؿQCL]׶3-v/|P$lEZ3h|omY)c,aӁR98*nʃ\q{+Nsk T8I^*pznA6ra'wA/!W`0&TSЄ"Q4QBӊ a3:BH3Ƣe-::lA*>) Pzv e*)|T;7>0=.ItxA1C(Y#|MAɆSz 'e+٩Yg)$哏eb^X}j)&wUX蠒d ;&/FNX{*ʚd_-vkfXAdV8ǘWSp.A=)qJBfHy=bY ;Ř|؏ tsfq< ©7+EE — dl XuX=x$Xop [)Ʌ\lc Tq|i۸ g 07Yig ikLCO9y(d+`iʹ 1 ݦ$ C?eEEZ*MV`z@Q,"V9 Bz"/fk!#+Uŋ+7j[Ύ:JDrU.RN/@ O\jVּ+^WžX*:\r뾺 &p` ,)FzL3A:^Q)M8ȄYxqnY:ݕ&AcЌ׌̐e+wPCsg]$l*C%CItsLԔ@ڧl ͜/<&x8O>WOC}?~zi[4_*ZrO&vl#CW"=CIyCÎp iPEN'mW"#ˢ>+;ֿJL!wC[vk"OX?\v.JVʠ@5%b̯Ƈ:x[tEqioa>)d[y[CCOܤSbsIOjoˠhqjދ02lu2ۆ+Bś$t: .[oq>~0u)I@@)~D#4Yg$Ŀ6cFuW!aY]2ƭ$ bqCl1]31O`Lʬe[LXf#Zf_Y k-:+~ HK&&g%d&0NQCM14R:M"O;j2M' 5')^8XǡOh@v ȗlFx[x6^8GC]>ƒXEx WE<8 3VI_IAgnāo{Xif^N&H!`esCyR>s+~!qHƟƫDjo=O @0X CÖڔ,)'Yc `_OɾMgSn G#_j!'}.>0ݡa<܂ڃ(7%uR3[};/ z|frԪhkbs24m4hH;bLgK΢xGEQ**0td#$ӳh0jro ,_]!]G@|31?'CCX ­t(ᐜn<5k(fJhPՄ ֆuBp:|\zaKo~]w:2 c,uA{ѻ"zm<7s}g?anޭR"V1u6)Ђ* KDgp_x= "9фJGZ1Mh8|V*u )g]FߔpO )PAJHmLXR<*Vh[ÐKV- 7mG<II7Oj)+D*4x@e:L;vf-ۓق)G5#_'Yim[fpH`٠~9ׯ%пr \dZ\0QNo;:L2-Y2e3cZ(P%2@H_-KK]ZMKC%rW3.тw7Tp$*SjzPs>7۴''1)) .1fb5b-]5I[%Kѩ5Ӧqկb%"HVa|\ֿ|El vV"kt 8/XuLT}K[܋pOt>tҶ#IEZat{ZOz,UKA9 -1xSz֒/274K MJ:[iYo&D[f|E/4弞~ t| #GzxVYݽHieDBrz2hҹKaMSc7ڔ#2f΀ZEym@T)C?eHUb n@7p>=Xtd"Ų'L@ړsɔh;>.GcV\epA7QZm_g Q՟D;[_H?EnÉP,1,K p% 3bhw`*͘YL7iA__4~4T_Ypv ^GoFdDZN-L g{[~78oq~WKQp5:9(bM`0\#=3kt|[r -Zkq9<ݳΌXUA_h'vs3>P8 P F4tZa%Pj+QbT/EI͗B% 9 W;PCB%_u++_[G.Vz( Xn> .:\?!w*3d<@d%Aiݱ^:t#aBzuL̈́]"1? 絬vmXo>*)7ulHÐ< 6e99췅fo&Tq֛();_ҒY/c,WCC?fA U*9=E3`XS1 jVrU@9u%a*[>i|Ƞ+=]21( E,5dZ+rkxy!`[o~nq1T2/4­\|c:1éNtn/: Zi2(Kǐ*XͽuG +=BDB=Ys`uvFŜn&6.6O;&XY *0WyaD\?a0$0:H@&S>y"U++z&U4%Nz߫!;Ιvx52Ѐטm[PAMT31uRQv;Nn~=TpعIݯqr$:o:k;mHQu_&ukFOB( $1Gj*?.Wzu}=S9CCa-O~Cݎ6S7.踗ó(U[NpNwM-forj&Ĵ%]L fsM??M)޸B:&țm ҆kU%úl<(> u*RCR9 #4yRZcq7 x)T,` ]0M.[iOאPɎ-ߓcOͥ"\++Sx8M(]mh*)&((x耛3{dtA%q ; @n޾3 ˦, Mt^_7ZOgbHH))Ȉ]%:V-Eu\lC 4M0XIaf+]Itm έ$ /g;A(#<['ܣ5b;k)vr7FT9aׯ3Uo_k rMIg* ơxMꚓv2bO]0ښaEZ_'7c8D½I2* py'^"0wۑ b>޿X/GQ|8fe> V!Ho'>Ź5Ǒ5byYĩV.h?;T ^o.~ٖ%(wuJ j. kE@T:S,4F|aw%wjk:aϻtB$>v>V؆(NBjhu0ډi>G->y`.)ŷ'MS I#iUoEEB'Y%)'>$&D!עL݊{X4˴OW@H.i혟iOFn~]pxϏWmeۑȥJ'gyqR E's'w] ^ jC1R߀~qZђc.kXu)vF?h_)ǵR; Bˬ|y;Ϥ^y؜%y)\ye]+Y98XXRTWN>wUQF./;>2}D!㬮UA<#N==1"t<E?q!;ʋ-=zNV yGc߅<+0X5Ssԃ ?$nD&oz5(R'"|ڃZ%\'^>΄\TpA fRV٪?~ щ)y%*TgAG܃\eojF>&KеH9NE|EzȜDv >G/>Ã7;dݚFs9F|0$0_nq.: RK:nW -9 )hBoT͖u.˙SDH6(owlL ̂*^K|' ì4#6S$}Ixb$yx)s8w}6-@mL")uNA.ӖLA"3c aηf‚fa9  \{7s㙍/!** O2xǨ3ػGEG (޶< st<*A<Ԗʄ&CfGYГFvF FOOUaAxiCnPUMK5rK֬RVIUVp}DzP{&ڇٮ(9G11^RP}k>ֲmʍҟECqj&q[=$|mބ'="2hB_%^I/RQg,huRX/*_Pks\t d`_ܙqCHXnNWuٗ[[$G}e6Y& M r BsH֎-a>T|'X֚,UFaiDlg_*|i2dD WejY[l;jɹl&L˛I>/ v*10q(Rg p ~`w+ytT!}Mzn7 [bkDĕ:G鮚vd$`!o@\`e%|H=t+WV֣P-L <,IlFz@*h7.()~mAn4l<˱qD1:΀Ӹ kg@ЅRHTRBQ@ vaV'q,*ůxM1͸J!$%T^j%Nv͞9qF Dc Syq@{)?gbmPR;rдBaCU"'~![NМW̐cS{OVM4yzZ_0 r2>wńdV[k. {l]:y﷋FWI(iqO[˃'dz%S 25}U}7hħ2[w4#c{ R:n0J>RgJ/.LoBftYOd$z6izjz5xr:غor[1o/vIi.SW8BVս1<,'v E B`>`󣯪ę=w(QqaJ7V> N8 ێ8LBs$/]uӮ(![LMAH93˅ p!s<IGmI~xuK.U#eKRUz˶ x.)s3+7$.WK/CH쩢BV4B[m VU[Kp6$^v_~rGY&yrvrݔIH9c<R4sBP4Ñ? 91hE$.-@> 00&ڢ.r6"b6[9n0:X>yTVX ȟ2mv+3 =s$"E?gkY"yG.dž,\<48qBPx} mhm8npd?|rٶ0(A&'藏̀݇ Lp?P?Z*`cE]MzTYN{$iObi+6h9x,9];&aTzcA[=a]Ӣ叢rG^iMos$Ev`'iŀY} ɛ-ʪԽ? %a~权| 0 )Ȥ1hzr hY%ZzOC*5C./.2';~-u2ID8oYc"' UHZ ,%`Ji r*/̵E^/*v.a!{|cm+{a5ڇ~c=jt\3Q! 8:[@:9WBq]&wf'd-وͅ%0:6".<3Y7%RCjȬul $f)Ww 1$9֙Jg9fć AC[턫r:#T|,+pd;Ѧ;k:?B1L]yW.yT*COPLdW#F+zP|Ye\H=fLT`k6ki' b@0,"3ʃHۉ>H}# C|7}ףza]yUE:3K_Uoo Pim`b8bAq nr;/Nqtg~mײ8TTC=F MlariWRBԍjyԾգ"5d';{aeEcRᛈ`b[9lqQyq5B8w["]_!tM6{Ug]_ޠ:6Nu 4k3OVp|>YZGoamBk{%kzG+u_l,љ,tEcsRIX2b*k1VT%+j_J.o&]`QITOap%7VZ !@S캝Ad^*5% ב)7Sa؀+qfq9((ɅQ΁Tz_Vr寫,KR=DaN>*PT F޷PYF<>)׵?ߺܾ8+|<:$+ 8KFLeD#ra o½ MRh-ё5?k zHbkIC\ V?-ZROE' A?H+ҞM{qynp6;Nɶ$8jR>I*ȋ-]sfJ&E T[rua_[MM-QTttb@en=u_03xPsS&N_&%wYF{2oQ弨~(cIQMMaݘ<ԩbd1]Q ش `(6s EmlAǓ+=<4H3j[DžۋF$5Z4ym>;zG4HE&G`Y,#0!JO-Jɸ)^qk uQx`YiM= (Tr'pM$9F10V"ֿ@Ԑ^S\G4GQ7Z U.LQ=+8F#&:?[wБ;Mm֔ r!qcNkBbZimEfl°/Kf<~DxW26_!ax$v2u3̃}J~t#r7,߭jH8\:nיizskOPI95YCj2rzKZx$ʕ1L *ޙW%4qҌI#q#!<ן_1>a򆱈԰T赾Z͛]_^($3>cӡZu)Ƽhk0K1aYn:6r=9;1H0HyQB2&l>xFvF ܦC rdӇGm~qk$PͯzX$CPp_ h=^T7A&+i^*ZQ%ύ^kwNi\ch$rpr]t.Jpıma@/}p[5GP EDĚK7[.Gb7p hYM d[JR`49Q5 0p[Eū vМ<4T? I(IҁI{>ܻz뽿a=2[ßsme)QV:ȜؚNIi%6KRqb,a+Ri3]aEr=3Լ>!]2)0gt8,potou75waѥXKG`ĸ[6y0)7?Y87CibV Zkqifxo߆˸J$:g!4" (!XWqVC%UԺOB2[4NΏz#/na]A@`OV<pݠԄ\ ZA\n: =קZن<آ`@tLZj gАM-왅GBrq51뤛XL0_KOK=ovHDseoC7=yh6)LF^k߆Ս_kǖw韠z|mg|-1[" NZ*̩(ӏLpo{uR3q5ZK-J6<MOyF+r.d,c!#S#q