pki-ca-10.5.9-13.el7_6$>Yb؜MzϥȨ&cC>7?d   D        ( F L Tdd d td d nd q(dvd}ddT\  4 (d8l9@:GJhdHOdIUdXVYV\Wd]\d^vbzFd{e{f{l{t{8dudvX wdx,dCpki-ca10.5.913.el7_6Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\.x86-02.bsys.centos.org$CentOSGPLv2CentOS BuildSystem System Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=m)?1l[#t#1J6 ] S }F}F+ g%~~[G7(b)e%{xZ_,,zb+z 0foxJ76'P8bu}E% *S*L$,kI,A,:+A+3u9 #%##"vS "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9Q][  T \71 0VCCF6CQ& "Y"\><bc q  dF r- ~->E,g=tB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤\.[!T\.\.|\.|\-\.|\.|[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|\.|\-[!T\-\-\-[!T[!T\-\-[!T\-\-[!T\-\-[!T\-[!T\-\-\-\-[!T\-\-\-[!T\-\-\-\-\-\-\-[!T[!T\-[!T\-[!T\-\-[!T\-\-\-\-\-\-\-[!T\-\-[!T[!T\-\-\-\-\-\-[!T[!T\-[!T\-\-\-[!T\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\.|[!T\.|\.|\.|[!T[!T\.|[!T[!T[!T\.|\.|\.|\.|\.|\.|\.|\.|\.|[!T\-\.}[!T\.|[!T[!T[!T[!T[!T[!T[!T\.}[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!Td6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00ebc9f4fe357967b70735e8b1091f8429563a9849391c931795aad650fa346f84f1c0db21c1fc4acad6d16f5e0260cba0977a50fc158e19852e36dea21e4cdfd8e0c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c82a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f62024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69ab635b3107b5f152b0d109c594d30b345a411367f6225df121e338c02536f4dfd9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dd2dc066f3dc6e0a46b42f17b9fa4c739b1cbf2c27cc9197f6900945a14f7207dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c208143ceadf7a4386c8b19a8dae483ad52f07039a7f985a5a012116a83883e9d4b788f7a808a87edef183779c0d3a4609363857aa1c21aacb86257582c018280d9d2cfc0e1f19c31633f0c71cca13eda286d22f389ce2bebcf1d29d022c94a9b98ccec6ab0adfb82d3929e5d571d2157ef9a4f77464b001ce8efc8319164394d24cc15bf06ff8deef0927b695d326de82058ba233500878642d560d2bc0bde3ebe95a1c60cc56866c750a59a70c6c134ea6459a77a973abc6953b85309f450a0225274f6866c00a09bc7b40baef850cc8c932dd5ec5b3666c1854665fc8314f568fe5c75ff340c4644dc3499e6b91f1321a1e4ce4f3dd892e93d10b3ca6cd22b741cde4e4825e5c30f60418a624f71213672f8040d0abce578035e96d3cfa8de606de27d407a3f3e9a4650c1c1b49be68239732577372cf2638f71daecd3d9292b015b7cfeac0813d63b114d76e67a8c22c532fb7f106404980376d572db56a38d141c99eb75104d02d3384b36b75f08d4d13f4cf24e42364783df0678c22541bf7e72fc1b0d55c2c7c01b8a0431a070a2410fca6f1c57e22fd46e46ca8d70c901d805f3129d3d149048bca7afff85777cf6f6b502dfc4253a442b2f7a9b00f0d5b1cb51d5103d982fe861db8608b9edb8e6a32969827fe15e870062c2098dcfbdfb0449d1ca26f2daaae39a9311c9fa0dd5b893f2d5129603101c157a5fb796c27d5f9419ea7524076f8a57670bc6f788415eb5690027ef28cc39ce90569d3380048f939487192af8665cda4b1b35b3dfea4a1c88a3fa4f052a3bc35163175399b6e65e4554f66f7d822b2a27361c9c86c7c9560a3c110f75fdbe0439a989bce076df1d2b34c197e900b7b4d2e0476aece85deb1df7d3f3e3740c40a7701995a24819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4f27679bdb8f5e22e5f5623a74dbcda8215e1909aec6d2505892815dbd40c28931a3aa4dc5921c73ba193f68279daae894ef8af35f159e5ddada1e021aad9e9667a9c2f38efb90b6c24f51d41dbee3f3c346121658f5684e87d429c23a5bc49642b2003d3f805f392607559ed637c22974104ae7d4b5b88b111123db4809082d0f8ee5de3a92fef6b095b834c2dd5ec6c40df918fac07d177bbf434d2b510579dfe269c7f1960df6caedc2f3692eee7091fe359a17bd5559408927e255d762599d4b4655eecc878c1f117bff3640f17544c97364564e4b8e1131f647469468ac8b98bae2e037dcbef1de8eb0f38442e4c7dc024cc5da72898d19f68b8c50297d95b807591f098bd9a92be058f06cd18e076c431b88352201c21d594372d91c650c283fff6879a0b3247f04440a68d98a9deaad95fb463171008420832e7887c33a299c24ef69dd7310d4cb5f802827678c6d7ad7416ac1650da7ededdd1e91128e35e898cc31c4fed5f61bc2e2cb1ec2684aaab5f4a94b3cc5e84d42a84ba57d7d2d050b1ac4574a95547657812d919aa67d3cc17fad85c654e07bb16d8e5626a15b3831ae5fca439f780bc42ea11a05c5cdace1aee43a44102d7464f99f5f4a9f410e0c510402b3afee5025043ed21d22539fa3c0ee158306802cc6a503704a7b2e29c02f8f828bc173cde8a4c84b3b89b5ba563e2971d788f0457431e48b037a2ba523a398b6eef9396b5742d8aa7836133ecf70521ba6fb92bcbd6bf9ccc1abba3f9952ad3f8b9607d631b7c81eb29c8a67291ede8108d056535e598eb1bfe09e39d96c5dbad89b4150cde9f1a03f197b83ca2e4cc50edf44962834813f62a01fe68f324ff4944b30313f9a3e5c5653aae04dbfb1f6c6103de05fe49412fa73129b301e02d384032f942e8f6230fa47c38e2d46a139cf67edfea801e6e2cb9d4dc74c7f55a5fa8279332a8d9d9b14a2064536946e146ef6f13e47ea8882c61bdb1b53aa72d0876c47446ce5720c0254a1169c9715dd1ed7e38beb6d5989320ddcabe2e59a209706beacd214bd086484765ec380d412eca3e8e8d94168387f25227f78f8984070a35f6d12dbaa53b68db1f959601d93cd4116518abe99ab7dcc55fa24ef8f29cb36fc3efc8d31433c21da3cdc7d34b9419be658f77b1679883b53475e19ac1d885575ed8fd1f57b816fa4c39ad963db7af6201cef60c2212bcb9b1264e5b18901a9d6564d44486b891f48e7eab808db0b4657882b46208bb6ac06404bec58bc67603c82f5aa843f8d6a0932888960673ccaff71f3a56334c73021a9cd152d5f2f45cd84d76d5d9b2012793b7cf442bc9b59229542b1abe7c1c069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798e2619ed8cbabd811ee5c8d0ca7e626402ca55f2c3fa970f32ab7c316b2a8d5d4d69a75b878b4e1946387fa6a3706d02ea456fe19b71853b81a878b883dda336b0d4dd3d7f01030b858e33670175f53907a29f8274650e18882b6d66b764f3f75cf53c764ffbcb836b094b4e17ce7756752c89cfa1f737754e7a643f5e988ecc541a4aad51af047ec1e4d89e6d0b466a2b4b5c693aa295649d4c4bc3d716c9397ef5d9b0f4d416a8bdf8f4f0c2e8fcb6a2af6e77b23b916b1c96a1a203633f0bbd917d2bf9eb5a64b45b7deb287801a3468ce15c19c3abc1a8658a66b78ee0b0199ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feecf3d85f33ab93a1a8eda5c558d6b58645d65a16f751ba49cd2f38d722f7f194a8f0e34e2bfc62b110b7684acbc69634cb1f3bcf794758933c1473a7c76ce5636f3c0e875934735735e2db4672ec26b0aecd71513a79bed49c7b7ea5c5cd37f8ee461c0b933bba0823e8cd935dce4511eaa3c9eadb61383dd9912cead9ff1ebea43bd42c72c877ce5b21fb4116fca2e25685173e25371b56d4164d378dd8784f0953d6e2c6c8829a2ce64212275c8ae0b5c8bf1c111a1f0aa4de5c57595fe23eaef3d7f0b60a6f59f1d19ed845bb8eb80999b8d5f95e01c28f8a027ed715ee2e70f196246ff270db8566b5229dcd8c978fbfdd8f45970bf5c940ee56ac2266819112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617daad735276d8f629cb6936827ba522b93d7c51e58390c8c1684fa41cfd7868114935a11ddd421f4f82e7bdef41b3a248dd3c2276ff47446295aa34a1effb6e8e67e6342a29b068d647a27a919928efd5f2b1d22b27fde5aea876d77b345912d7867773345a21b121518fe70a56bdc8c7683cd6883b74781267b6223503405827dfe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121393548048afe663a7cd33536c81b530e559e6e8c13229f820c4dbc167383ba72607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab8fca203559c8bfd115dba0a393f9f573f8a100d9302dee0f78d3207bf2a4c02828b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6abf19d91086ce880a7a6bd91c1a5bf27c0c3d01e4e646f7617136f75c6876ba7e9bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e046bf1169d8c217afe1ccb628d6dc722d255413ae0b658637effa7b39bf832bd1b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.9-13.el7_63.0.4-14.6.0-14.0-15.2-14.11.3\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd10.5.9-13.el7_6    pki-ca-10.5.9LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profiledb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.9//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !#, ]"k%Y6z(+ ͤaaۊ z~dUfn2Z3uy䳶DejbBUkV!AD ,2 m&ӿ5SG~ ]/D׵n馺)Ҟ ++d?~%y4Qo2b+{DfGpnjqg}]=y|,=L2|Z 96, t6܋ &lg0 k$q'٤\;nBP~5x37'4#`5a@2Qwop"]WF΍*B^\ C6ׯm H ߿+ZfΉ$w:#!neP˲CRq(?akj^Fʂ򍃱.?8 &l9u/SH +jqOs$Wz -MBmUPFcLdjde&/7Y9 yZ)`juBdt}0S,jUN3oC[c%.#)92̤UCW?tCjJVdFm\:T;M8HWU2,MҭJLgdHO_ ;aSv$: *+HY&gי_PS&!h6E~ejJ9]vͪBNTa}nYG ߺ7&;89geB/g !@ޅXX܎Oӻ >IbONߠ  v6EJZ 8/m$)#J r;n -O61lRLfAn迎I[_jC!+I(p֤> CKz!WFKف\Ɠɽ ˉq?x ܴF8l kG>ȹ~Rѓe6ŷ̥9 ځǃreaڤ2 .Fȿ}#4^j W9 ww`/+9]D`+GuȞ"(H:6%ABZ=z[T-g Qip !?ڡX7-hs*]C6'R-TwG`?A(P"N "ܛ1_9/shxD9wb $?xHyUgS~TU1;'rL$fn҇W%pi<<{l%ծa ckݝ Ij/y`S0퍃 3F=ia-9߭n/Sʭ/JUCk(s-,g,ot^(~b&B#NBBZ;}}y$mWöӈp͐Rk&х29A… }ʳv8m x'hhA_Ls$sQAmXޅw ҍ"(|e*oΆFイ["ػ F( vA.oLv9U!)`0gOSq5!/rÉ@ަ&wlz2UVpjŦ͔ZXXs>%5~MEa쯋 _dլ .zDR`E gpL#˻o{ R!}{ov l` M}ӘLkOB|P$:iyuW˝62aT\JHG dn;Ŭ]X}MAxRIzp 6 DRX F3wj}'GXD0:+d.N&g,|ǧX6_jzlsDw p[812֍L[9 %u,_/ $Q/̩C'!$JE$aQVzNg౉CYC2j06C?l쉯\K8cAEBǻyۓ~+#oߦ_15J=p/Ѵ-|$ﴇ0ix$Nŝpo Ea4ˬf4[[I4}*t =X,e~Cq#tqK=.$ռn .+ YJ1r)?yQq#܍q)r 7H>hEe8P~};i_HN,9A5.S/QaPZB^ClzQm+E888PZ;g32r=~iU<9fHu);?Cy{KĜӵGzAz펛7467PB;a"IzvhYV!Mr)>>3Tp&!CK[ʇłB'm 1r0Dx#aO?ΪNjS)*a(QaŅ0S#rd3(!.jSعB~^M4=CUXGF|vI7ʾQ)R{Yg 㳋>W^o6p{W4.H #.! h1olY ҿ *z_*l $5 J.ߖWɏBWvw:''e uO}Q箘%m|^bE|z}`$iEk~F#R9&}fFNo0!͊e"SH'+^q,vi{ r M 0ݷ+ m9[.Dҧo3ēSNm_5Y:%e) RfB?!uio/QbčjBa:@cyM8;[4eX\X{qֈ㸎BJRto8 ֏a °2ſ4Y݋@_N;'6|UP+ʺ=Ӆ@bͥ1Gſ_tB6kW;Ȥ{7϶ruRWV[ǁ\bHF8Gm8XF PI-|O?o-Xc,׺&c:O>2U-a[ECjOм*wW:Zzyd5?yn7@1469L=tr- ;$y6܅ZėρJN޻#beQ7:i~ u!츤5I-YIsVc?M>Ed9 톻XyIczc촼ߓȾb$mpR"ɌE2D]O[TʤyW6'd4J{Ilut8LlB3kCim! ftX*"B&R$IGugK@Rw䳕[q:ߠ_D Xc]Q /$P̈$C0naґ3~Yd?Ra\O+p+W>!Rl{V4rW#?Ev汩n袖t|͐%DeƑY-:^&tB,'F3`IX+3j&sdx9)>҆]i~|kl+ZxT4#wd_9<_LY#YpM*pB kG_Lk Pp*vaswTʎvsE#.8 5o#i)B -Kay8!>ȝ0Ȏ;e8}v琤J(9\H[I}]e~&/G$|RV XW)"ʾR2)Ed`7s\[H!8$)\4{ 4"zh)6(W-v}8⾡0vk F ,wuמzUQj!)ο7H-7SҘ:XqOETOTY NiTyh]7'Y(!y#x3SmS&[Ak+j\kc[@̔0 k\Rp2୧. Jghwk7a܊isiE0)aC(ZRCN=K` v@Ȑ*yxUsŽn^*-4/|+,ĸT>FlfARtNjm=,  {CIroGIEE/q*vԐ˺崏==~o4,<jdAM#0K[W:?QPĥ,s}i$e/w0y\y@24qFq&9SB {0(s"GyT#(*GAurLgWg[W-$_^O_Eh6a$۪H [ދw'yզ %Lf7D?̉X%@=r3{5ːbJNUzذywHG6J"$NiQMPUb`8 F"YxWBGlSW5Sܪ-W0hA ޭ YA?@Gw2k6[8Dkؗb"f@T꼿聰jz [`N 2{b7O 뵱[d?aΛ^+i#-P7ln{3qӗoOe{%7FDI y )e.-޳k5"zê"iÁ&eXɸ?ڪlo17 7|jPFrsℾ`p$Z,G5U6֖ 6Q-7z*W:/>L;u$t1?%#oJ Ư󛋻t:M*殝\VD #:`T…>bPζ#jRa tq8%<ݕRp IeZ|tDXصEkѴuP[\VԦ"ghӬoP?7:4*x9aFՠER;_qůhÅNB fnd'`{j̓ApR䦨($ ;j|H GڏvKUҿcf$uFseհN;Fj1UzM܌/Mn#(>1M *;P ܚˢ dŠᵀ: 4T[m& Csu?ھ@,HQvKu8BvrĽ8%mƀe<8 ,0>U/~}7XX=iK/Xs;e .;5!1ԧAw1餌Nv:awЇ $~$чiisʝ~Q[JM&WMWb?k Kq "bbE{Zf?ԥ twY Ha [oRf=،ƃ!_:v>3fe3Yh=Dں:"0m=3XȒٖ"fǗBnj+́SHȆ()s]b0Gmp).@¾'fKN' 1!wK?Q } :-E+!.PRd6E'M| =`^:*%)3lL^F8=VD^Y`*WډJa F n iSHo6!/VL:yJV3>v($t MNzwu$ OLzqH2jJB>&'(nS~;@~iJi"A{N-Lo$( ܵ!}w";T賣H"lSmjkaty_D#]zI&Bo볲5Cp`*\5.Jo?mP"T6|ǁ:,9eqBtN9v(nW˫wVw2oĪ!9JssuqusxV9K5qڴͱMj *?T 9.70;1b%SRm0?s29z9|+BL?@%**POJaV^XFV7,=e*8a"X{$#oIuԲ([>H۱95'u-{1mjօo ǭ\&>o *_JT`2a31^k _Xٝ!7Bxmɹԍ(J.AQ=!ã9ܻhr䅴UBqX5*<4[+.W݉[(S:7%1pMr4J[j(up֞8a' '&w"@`&*o65DՃއ.y&}UDI~ㅋw E!$ś SǮpG07HYKa¢J>>,N;: tu]bh|Y>=76UT=K#YL:);7lۭfj\,`0 +Jirf&]8 Wl g[IMAsiL6|[m9k'7fݞM !x[h歐 cP"JͶ?NӇ'l7v`FӶ-_ke'@/àgngd|՘w$Չ C#޼.HB3' IDQhEa̮lUܕ>M|®ZtaOW-ܿ 9kDlG6̐k lR&'!5`L|^%YhrkEDٺ<7j('H3Ǯ 'kIF2d"/Sם-ă"G&}=oشsaxmCeheBOz8LC:й# \pb=mQʐ/}`7 yz`w  b^lлN+Sz$K<0w0ZoJŘ?rAnE'旱;`ŝ#(_ h1Jmm7*zf6v=-S*(sYd}K>>ERP>uMbƏƙ5PSyp,TI40K2M'>P-e!3;Ajի``\-ImŇΆpxZ=\׽<{G}S4@+5aQ0j"=B|uU#V7`F%VT;IV]r$tHs6l$jO+cxPo[b%J nD Y- .*{u;h%Kl7ʮA?[0BXd=;CSMDG#<=qn)͙ i7UwP ZmUJmkD&qS/h zɾ4C<-^{yNI'n/ք!}h+Ϯ*vB\ Pؑ it.6mOw#U0(쮳z9T=γΚkQ I[-WӇ>z)0 6 S3Il0>mhvrCY6n!8)peֈ^@pHý-M4w4AeixT\7=li,SL&kV Vvu\wJM_RZaEm\”ir@owV͜#(N6I_< V-EpjlJ0A-lpO~4&F_CHdoQFxz$d[oR0y ᮶p7f=^Gѯlܫ*ģ@jw>FruA6ƢbEPﺓ#urt7[gcWx4rS*;"B:OX=U 3$+ja6hlϝ`';}QY"x EDo-*x;=DemЊf{KKCix3%/.-(!a֝,{,7`8;-MS2.`NXh]OZB :~DkӤr';ppn : RErk%MSG#E˹R@m&FU )ƻ-'.gÓx||i ]i$zpk`R/d7QJKfD fvF(>jdJMfƊgcgl0`\Ӕw)N%u dC^Mf^̌Y۹✯kX7\!: s}53M3y1/T"FzhFx'~lo*'T}˝rM&'Q <梌O_v"gV fSԣugW,e* SHX֛"DZkG҉[H'xqld~5.X$7>Ȱݭ-l3T!"eWƈR/8YrU?6Kq#,/O0RzSF.>$ O5|mJYenZ(J\'uRouLR20mp[i&> cSu#DB.?4A BǴ#qd`BƩ $_^afpl8O}f@).o yz>* v*(ھ 1ԪuT!Iy'ܙ-x-#qG9^ډni p]U8o+(-EǧL>!I_+ɉSch-ppO:JD}]YX”> l_.y(wR˖pw*9)G|S"FF"Rg4Ɲ; fD[k* "c"}e76LV`‚NH| qCa GO{WkTFv- !0K'7/%Z+U)Bpc &/w}q;e?oU%Z/7\*l'mlԏP&z&[GS2s6^{G̓& M5FӚtSpUfKE2Uuё {|T:wDe>R!Jeɕ7sSL2 M^N4+uXe4]-IK*2ጳg6hb ŌyhnUz6csKbݸK.j?+#0O5z˚PxAh~7A{u=ǹbjtM\ㅭ Vև+,Z_v#[q8RF˕r ϩI~B'Էf:QkW]gÎ%V_T=C&{ ̻t 0.24_),V0EnXdB/- {w5)CSe,ٺ{-|D4n1Nsa"GZ=@哓Hv,`\r,_vd? @+#vC3}4ʬ K6d׈ bg(LW%}|ROAw^/g6R/Al}!l\i2'nQ>rzp<[|W51@;CV:ts븟ؼ$"vcq%!n2%QƑJQ LzD*ok^o#Pm cWߺ﷼ >cnaՆ!jGu}SO~Xo3Q]&@lqP5E T] 7*{$ޟ0o]?˫tXͧMxh1LӡAEB|^7 cFMۦyc$ #L$m!S]aAgm`O=pnT1VC7x}g}(l>kYB_Nr' 263pZy.~鱵ĕ⒟ϱQm岀ܤ8]M[@"1҈ ZFb1 >Z5y&-乴Ɉ(sЫ7@&8X}5S!}|@ԉ Foh?d@F@܋ z˽zkdX4I)Vk18CQ#+إT_~wέ%R6ձ-#`{@]7BfG99-(\9f@?=e[**}S}]n0וxi[Ƹw|9J 'SSq-?7l=/m*M>_'[/Q_4Cv z)r)bJڿ)!*~eS ЏZ;~Sukp/&mG &itgum_fD8ĵ`[+L"k FK/?fy]he,~xOҳa|&<_#9ᾱ.e;lyf0ٝ[oLu9SZE^oRȦF>ǔ nIn M6C>.XOJ%0ka_+fV5z DQ)S2{!ڦCUM$uG d0.<ݛy$1{y3+G_ "J0(|-Lѵ.~sLD&"cO<ڠj#+ m%`Dowji-c)u'nl##ͯі mML| U&ˌi-Ûmu褻줞6U7vv4`48.uDR?o2M$LxH89G9.bSfUۃ̦ %r'*CWmSH_@dAT8E$* Si)li5'OjDbbq~H89 UiqsDk`Ltqъ+>GKTcҩ~ gnjc]ɔwלwS~2 Mn{d h *[p];Pn/ k=!qu109k費sM:|쑉>YRT{#$ %KUoou-L BAH[T%EDS%mf(;ft5~ 4`I5boj!#DkH,pOeL! A"vR츋}^6@b*8fwyt-[UnGnWj9 9BE FCI^ py'+xhJ.me u zz,-W~+&x"sͧ,{Z+) sW=blogWrbfx*|X@O2WJMJ?BX w\!5>>8Oy\6;a#UH~␴K /s/_ #My۷\z*~͆?B(u4\Ir2,v0\PqF&RkG,ǘƥU?rkm׫RDΆ J[,\w;hC ;Ye ݑr.1uTq/*?'-GϬHM%Y .ORqӯPB*f =O K[282!n6 QV'P^WP[S7AY JMk ux|~Óxl#l58\>يJSwӃ$z{Yl .kX /8ԻC\Dv6gQVC+BC})?HGSg +=)9avAڥ4!/|!huXSA%tlu[:I+ۈCm ]Me(MPN*aL:Z{~wDcG~$ ! O0FXT7T:/ ௅|EW&D%;d̈́E֓G!d~eSlv,%Xӟ-**VLbxjN|7Nm5*{kPEe5c}PsWo|,\4 d,24$n+cd1n7 J䷮DfC,KVbiC7?9O4 7KV*aҡb@} ! 8,I%9G4 3r9ƚo HnYmdfc\R5himE#`B, <3EvVh8E\[Z AzM' n2I&l|l㠹BWaLœKeFdMУjdL黀b[/= F+_32TکM4G F^IPʕxhHIՍpA\V1y."/,({Ƨ~ۅ}Km=c%rԡp 6!ZxqZ'3 X9T :mI+6gLb""x[|V72apglln wK 2A#7aPA1;vjO92Ʀ2 `Y1I^eӂicov =QiV|"u 7tu@Ƽ=dd*5I )KK~4! M7wti5y2E!i$'k5"_WU1Æ3z[N[~ *6jT9PI0:Wfp^d=HK3Jn~kJ݀0U^D2CA':q}>4| .qt `ⶲj;)` ܺ/(Yh] DQyہ-ĥ#~ WK8.Yz؍Z nƒ:?ܳ.WX٥grH}E-ew6JǗdsٰ f3/T~_F[DM%%1kh[tkfN'4(4nxe*#,4&cTe:g?̈G σC6ˤGg@p8}rDšӯtg9V;Sv1abs49?`ȯp`(SG!QlY,1{'ˤ"tUn; ,齀lS٫|2}*5:6qɳA>R߽Pg;! }'_n;B(Knq Q]C!ĩneݢtUZߡRb?}ufWv7ރv8f 6NmydFF3gR6L:xO{hqAXA#[(Qk[^l+ 3} _rֱ:{|b>N/䒌UI[|87|Sf&;͜vRTjnCd{ J2{6L޴$Z q 'kwܶ`z+e8upC#FOZO `oMQ<ܩz3xtz@x|.跞٥rt-9*E̮_+<)U:Iur@NlR hB:􃸏NW!՛g8c2(l6 (u Zd-Qu6krU%gtMQS 00pRB6{6!P:T?ouu"VgRƟA{O)Y.]fJN;<)!u]V}A})Oagp9m?&垶h_λOJ CKNXf4`w-,H1uJ>9\}wadYU1%l,'I=3ĠrEܞ7w#*'ΞYee㽶UݗNu+!cWϫ]о"0eIN%9sR* @Q3W<ʣ'&sk@q(8. .[#v-(TD/W1&0nB6Uf8R8Juϴ/[ˍ5ӎd@x הּ^2XkYo޶}#`]vkDO"tOޯSYXE&38ԁq7Wh+%LI ~ֽpV8lq(pMPBz5MzQ6.:cX`I03._nB!#3P4BFג$f!E /NiRKmzwBq(q}nIFE_7L|g;EL9$g5nPZL&%Fze%;jC ,ۛHфu[. ? aV,Q5KA-Foh}YR0<.CV/8MpdW4,(j]ܿ m~/v{e 6$Eb5HJ O<먋zMGnVNm!^*f6+m>60z Jm+VQJHZ"!t-|'Z:qRxs-VR`h}Vo)CcYՍv_wpNjvUXo<>γS ?W9Q_SR@y}9u2GJ0Xq80WK6-h?Hm7 5zQvPq-n!:¯7I' cJ0 6oo>Eh/)ĸ3QL- e:1-8,bemԨg֯Kc=5H`"nrwgaw =_X^`A~_fZV3Xx;J 7< [ @_s}\ak+)N$T,| qBe7T1Y*Ԝ0I5? 1Y(EjLz L)y% +{rƒttLGW̄ أ#i.p#w;y`Uۋ8ZkK(Ȅ}C=&αPcy-cZ-RgN$`dVob;D6@|hRiߛ"@|{ fkI㽎L'0FMeNw`UQ?D 'xPS8%rP.eI n{TWY!~*z"hkJl7B'c5GʏHqp6`XX`Ԁ^3Ehc9,| 5]De{PKt&_NcD2̾@AqcVy-t_$a[cu9fo\Vi ^)dՃ84} L>OG|6ij^C)$tԏX 5r]6{Z8#u%2~k\~n.:^2"XnC,լ0 "+w`̨Ht<aPItv!鞼df/醧NXxd>V!5Zg#(AaV"ŋTR9 ԆBףr1GkcK1\NC1y>*htc{d.3NuBzN$K%UGƶMb8nledNS :e љc7#&U0Kt%̺ k4{snp7vHNL4;&u ؈bcuǒ$cug0R輑5h#CVy[w; 22IʖQ2L!6ZbT] !^L*B5Pٵt] *MQVVe*7n'3EdX/2 S۝uDͫ=؁KpyҽIMroEЩdxͩY5R"c]XKiwt5až!gC/Cb~ Cc^/ⷂh-pNu밊k7g>A7vqq`gGLͱi {:xAq D̦/׳W!0)KQݶI6K- IIxNVKN+H\N~Զn}vnIA`Ո(8Ndz&PO{ňP3:x!6>! ͽ`bh,|&g7g3%N!X3vTXwGJX&)gѨ[l' ItẀK/0t{x^9 +Oϱ<"dID[_0 6Jimӊ*AEX!=PbpА5pW !m0L~*>]TJkuz~PmY/|} 9v(J:(",%VM>%fb}ӑ$\U0ʗW>SdhB\zw>y\T jnjSX($c8jG!ԤBUufn=(ΟHEƳca. l0&㶪Ì5p{I![ bX#RVk t513D3Cs/qV_Tͩ,NvlI$,Ϧs@ (xmu^ k=/)Z-rh+O,_Z dvV>Dtr֝AvCc#ecBkd\Q1}8YHD Y"GICD0p:-75Akuf <[;'C+HaHkݑdef6]dB`&\+o HV>17<(oFdx[Xd+H:_OFb #o^(gg8wDa52>BAn؇9 $z❫V'/'؛d"wgF .ږ2ˆ~,6 RU.x=Z[@~k؞&|6䤐SsT4vƒ!ПWIi) %ŀ*_c"Z$:5t~U#Vcw{:8D2^O vYALU YhbiC/>I4t_Z/i)p؞BS9>W`l`TfNgƖBEu s؟"u^<.,3ѩ ^dKq+yMO䳿N ;sTJ()SmQ_goJ7QfPd|Vj(+^u%[^3pffCh178CO}W%j`[):>ݞڑ3>} uxvŒ±3`!\5'urJ! ٍmYo[\HVsYo%͖DbhMCAJ櫜NGY\%+#e~0SE}3ճ-:dnKvK*GWĨL0 h/;Yq z]#Fasa!x8v}GgNT4ڠgV/{@,řHhg{i_t);K_xoTlx!'+Bv0g|c6(z7]ۇدuDWHN@@+01}ۋN EdLh9gU /Gu!RPv( OYB>}|чoT71W|!t0M߽x:XU1ek;8acg0n|2,zz o8+'y=˛o68sd_Z//h%}sAP:h_y7+$^ ւJ2gFX"?y%7OO*}Rͽ>)A/ЧPv"Ap%k ^I];  Ji$R7)\B(RVa]L7's=Qʻ\%gP}Tܘ'C3vFNV`jEHl]`*$^ԃy @?S>ޠtdVċ;=OS)pi!6'{ܑh@8,#EIn$M"U9I$ESc AEIҮ^ wWJE.AvPxeHwV7gEt?vFY^)ʴtq@xN1PUڃlKY6$"ڃ[@[:&H$GՕq=)KHafL q$1UtB-[ۻr P4E^9Rߋ,.s)3ȽeD(9۝0whhh>OS[ ۇ529_@A^[֛;`EP;^HD`* OOLj{;|Ec=IT`E׻-+Kn2^J,IK+FJ[sa*f=VÜK3wH.'^^QilhLHc"VoH.A7 C,wtŋcp"hPC(%VJʬ$BL^ќۓBIl0}k%vmXC5XT ~p'e!곇 U])v Q3F$H%A[I >$l]u ʪR$xs(}cOk]žsۣ6I_kn7[ob|HxmJ&6ah`;Gc;|_iRax劤)o`<{\+vR)# 6Ȧ[D#x3˝T;v,|͏?d琞/ ~4%/;5\"2 9*vc. \$_M*~F3xk"5L7? i.JPN-'ۆ]e݃G5?|o_3rG=$'ELTȓBLrkpb%W=k}pu%,bK(i\C@c0ʼnۊGHz W_]0/%PQz;d`)&ٲfӤJ|`%jS7N>"CP+Ecf*(aªe ->tV&5P~܎5ڷ+vyfg3T\RͤlhXM|)Ɗ s˺h<rM۬"J,(=hC0çooLH*!F ?Ƒ.ԕ,n ϓ=Ɓϛ"< *J uDژ9]vW untj9fGE g=98/zȆ9Cj@+,8]2 Жo!ES$#;ӓ(0)-ԁ28MNX.K3Nt,ŽGq^ Aoڈa!}#^w'jyMYƦ趮(cu;uԊap=equy*b<JU 1p'0Nnf\\}Z$5ܭʊK۲כFT7DIߵo1e{"ǻ::ޑl]F`5f^h_"dKzZ?j .%gIqP3XlWϜ-5 m LrcP7m%Nx'qۄHrs9l G!a'F KE;ܧc]--LWYLͥCSC7a"g ʄ+t_%^]$!UrK&Y l[ƨL!uw6_Y K `B{:hEE_C$.+X5 HKLgsG m 'CS$T S2;shh IåDMJϵoF(9ƩAdϝ]fy{iN~`6f-`8 9@j$o+iB8+H?/BaT # )T|`;sߍ " &0_'X$ {V\e\1w~Cdtqs7дTG]gOr"U(1lfԀg>{n*ڭማkv>z 2:Ԛ!g\r\_ǍGs jkp05PIFmI5Oֆ6 V3ʈW_JٱrXh D]yZbER+Aċh;jz/!O|!ifg7<%}#vVAGLh|Q 8=A@B|jB먷a~QrBrKmE;CyP*ܯE+~۸Gb(#74ibe#/ޭ~l exٱuiHۏW s@'qQhMSuSa[aYo=[#I%ֆ +Ä@\.$(V7?) Pgqjf*vCri6֣p }QUDS^|q =P"O+T00oˤ\NWPOrRYC ^5?: VgHgr{-K*oz#ZSl`P e=W(KC?ZZ"ݞ$se*4$ac y-^wE&6/-yScGTCvķ< D軧i"EBS JB'5e_D`U=4>roHxtij$}t21)F|w#ùj_~P– ϕ='ϤbK-*b=4,1h3!%*?\fg5j>%@P7#׽(%_S|;YB+F6TN&6t-,qjzS̔I>5v}T*c)y+rP(KR])R'1|ټ2bSO΍JSޗ}vڄ29;P.i!v Z؂^LˢC/Ǧ}k3CH%MPd3*)Y@+bW01!j\ $J SC w*ZƱXv(нi꟥hr{M285^S; ?gȾ7Qp0/ 3#i_hyoIVfjÎ#}m/|$VD5%)oM It.KL% U{Ea+%e|\֨QdoSJ8EʾĪ- >N+'h qFMBdp'b aN ̒Io$8VSjnD(jC>353o Ny6BϫdmXڬV)P{;,E~IoR\-,^3mݳ"2E2YdDbdAמrpH\uh7gy*Q{9I5e9&:WDv9pS񪆲Y7x"n;&5m j~͕5;&t,*V1Y SqsfpO0$#ا`^`i}~R&|1ZclO4#= ׄjI"stV:Ykb#l0 %֗(DƒjIgaI0@@#Vqx #Yڳ#0e]P~v6{ p} t8Cvi;VD`2c^xJN@E/{xOb(+# Rf!w,Si=B_c\w ,%*,:M8~x1"@wmiX2ynky"Tdpоm#iW{3xb2b)$kG*-UvG[sl˟1/!rWIYy8$|yVupV</)66og1e{z9AW i+xdǜ!sQcYy `+_gda>wYoّQbͺ9CτUdֺuG}"l4is52 H`k"${ b)}eP)B]1)/dKWk|9Fo/Vst A.#n}u$FP.rE:<ZlYuVc<(6o%M!KXNhJQ(§Jn0 ^P9ԟT/l rV7܃fg*t rmZb58>$V\NrWVމgDTQ?!S) ߈?c24*>秮EO, zЌg!eJVyT)߾2rb89y@h`oev.Ŏoas@/*(Q۹G1* %kqMh.MchE`i ,9io3Ja!̟I =N}3.8Jyh?_4#1:!SnuHf`\ozc3y_#bOҥ_E̻)F0NeK %|z}鴳ia #oYL203sx${dM ]k$ĩY넲VЙ v@-}?^c]XfxŃPMv<|ط̽]U8dubG<{w޺ JR3z-Y7f0cKP D(5]#繡Ҟrw _"]̂׌ sl̿źtUicXmszt8:β툠f ?Us 'C6Z sn 0wl]mȣ1ԟ2.Tc(%(h' @=j:5C3/js@=Leb1T݁yvo=X\0/\;) BJD#mLQPX IBLQ;kn_~)LS} 1sfi m#< ?pC?f '^n{M֒l0.,L 8&\ETԢ7tC@9 8P;t}PLcW B CpG5NvJ)-!`L7 /N_#p`\j?d-C,gD5oتRڍS'y bs"SvW#RBeg&c-ԔDUHDdm UJO:eL3|V]BǢ55^El_&йE5)(ߤVM,F^#|Av5'%ÁEH55E*A N s?L~7YNK Wla߅_j' 3Y+raf9^%П#kW44)4kw"Sj\U käo{KVWfS H:}%Aw NgKSkj6[Z^1T"o O|1E,ɖK,6lZ )[-Üo3Ș\u1}cro™[yw -}`Zw4l6 v~ vg-t\SiկGLLUyA¦Zc:Q'όHREz][]zހxzJp8!Q}$Jnf@z=Y4痗 eb*[)h>&I4Y7Föt˿`ug1Iҫf%Yz?WOǚ@z-ܚLJlDZ0Yӹ†UԨ-b&$Q?*!{(k*y_p t&iNv2ZG)I0Mg[*n~ΗjO3u܇dim],'/,.JF Lý |Mۼ=NygZz4`බAwԠ$NOIP\( SwAdexHha$ݮW\Jkk?ivRj:C o\Wcږ.VIa'װ9.OJ8/DAXV\S+ ܛÍ| ]ϕ~*&ɇM>OLKsAG!ܣܮF V<$ؚQQ*yK\E ݪO;K\Bn"]{u܌.ӆ_-}hN^bF0؛Q}VaY[ :U*ͷq5^Ch hmZ-ViGŽ./cPvk_G]x1&?XۂOw"՚6uawlc~afg:-zJHv=" c~i,N"8>dffN]d`5 #AIޠEY9i9d->G%p븎q2 .Gb MrqɌvK3Ry&\Jd4H ZEM4Ѽ3&LsV(gnjm45W^cVbL#Z4~8ectQ܈N9 ?=s a2ȑzjY}weX2ѯ#OLړ*郼%^g^f#sќ./+Yܢ-J=Kbf['WG{"^aqI(P)5mjy3t]Fm.\ϥsfgl"OӚIF7koffG+\-ԌI`bbO 9lTWAGiRKO7x& $Hn,ƱݭL5o.Ų(qR,4DA_ dD->GsJ^OM侨NV\OžM>]j%2@Z{ZaqJn>v.VX$:s$bpR5Sdfx4`;5V,GFbʯE %RO~d.ZjԎ9B9F3s<,{ݚr\=5s HH,szu:E/ʲܜ>c!~Iч?nw=yǻd.}P7aOf^sQngZYU=,}p>^!!A {~iG+aQs<9[?PK$ yز `3&S?֌ )zZuԾ%dz۬ѐS&ՕAQ e`ߙߑmx*[^ixԅC*VXj_*e!/B)kpߑå=Wx0jmd#.>a#5.WG絠d/j/0K\Nہ}V(EG(VgKGiÚi[NH[3|Ti$IރE <}!)ՙwӦ_']U+? :R9G5NòU52i1$ vCis>#׿^<zdp_ ~d?dzV.Y}\+ Vz5f\"jO4m! =JV'__S"Ù,\H^Xiĕk\h9RaC36pd9Z5bf{ ;e9NN(:Uz)ͻ^n㴓1l[\waP X_G@GJ.J׼n JB] 2sB{ثR-W *"R I4y*N :"DRQ|Y\v,?\w.lnwG ژyhtH]*^P;UUpWڋ;7zO2s1,l2sK֛"pa`y:c}ߡVH|1/aLF㡎b?$,z5 YXT?~o͚dJ2 ac>VHRꋩDNXjr  mưl+HiVw t]3FG'7xaBt9I/鼗օaЇ8FMV4m5Ȅdʂ'Rb䮥jkeۮ |2-(ʶZkl_2naPV 3蓒+f4P27 !24Vi}JG&$_&z' F`]E29;zi(b!(ZǹL E%]}hybUZI}oMmUƏhd{]|K RD8r4_a4TU)VPlG9s$(w_VM`z*6(D`/ xrI rD!Rli]e֔US`f`"|mJH)i0F¦Ԇ O]Dx!—R]m#{Os $o{t]JS|忱5s͟XHXݯ|47svO9!*1M[H5iJg߅;[8IwoDm-&@} Nс$SD/cRٍi۶!v,k5 Uv #0ip&X٫ vAnUG} | :QnrHk•J81yO).;~.h,+Ȼ㪿Ԃw׌/!G nO}tbTjAc&w Ajn)erj6 kTdzub4ÖFtqv=D c~d*|!V PWC=˻D{ 3[qҟB9s۟.V@ uXn.)8Xl L~͉x M8,m2  ^&7n 犟$h@4wc[ʯY_kVZ]ЖԆ+ RYYhBmfyLn?~ɹo̷"63) Wo X!~g]\B%?rԛgscŽ>{n/oE1}1JKG60~Oo}3ru&=.pޛN4@?֡)6z 㭦 )]g5)P!n@ђ*m<EUfnCdLXH40)&Ya4)2K)3v%wWLlҲKAu5<ԯPvr,*w_e2}(ٿ͇_={k#:vn uyStBJ;:f}@p8hEakAc n2hlPqe`.a85M`&ΙgF9}Z{iMnk-APEFgfl~3u:3Sp!l?dz22 K0Iw(o]`˭OBg:U߄{;tڙl6vvdxd!D2+P1~" .PjLN̴qs D_ZWdYra0 EDy 6;S[V8kŽ +KfthͺZS}=ɽhņPokxM|8$WXΙFkUv<4xvJ]J+fƾ{/@̦ڧc=ZBFMp3WfmȷO-,,]!ŀǂ b<`yg$a>K^B})~ FS*/sL C61Y2v0/ݏSg u,.Uk1 VX-dztG=\d73BAX\ׇZkc}Ec8IAh- shכA$YXО$M@hRuoI*Β_1ͯ4 #Mekg~#:UJ4\Y|lˆ%}b@kk [E VDM#._\f8AATigqXgt[Ԟ q('!mejČɐхӫ' Lbpx7\;c]b<OFZbƌ5Ѯf 54Ԋ{ܸ-rIMеmK`4q3q?QI29"%3uؑbg9Mb/SR~I9g0Zr N7l~lJZm[~Nb[2 ō͖%B۲&(BҴ?}.UfUhcd(O(gy&?a߷w7tXHކSgQW]ݐS[AYۂd}ܸ,~~8ULܥ[%J1+ xu$ Ѝ ™]9C\A͆,ƙ) -Ib~uriKMr b1)4Ǵږ^VuNu? QR{c"jRq4 !VtHxu}_a+ȟ2.̂!B t:~"Q~22>k6vH{݁+QW[î()u) -us"a48Mu Rl~glIð5B"fҝ"xg|^?u^Urˊ4 URLlnC&rCYGֳe }ဃ]'%>_=}ڽL;]q ykBicM,ݙ8=K`_3ghGKܞم:( f6 Y)9 '+HwwG|r@)ڲ?ֶ\Cz^5W7v=va4Rsy̎WϠ9јNbQ]O_RopmM\AJ Uhw[ד 3 [}|w:uZDT گwI]46r!9n兤Q˄ n&jRtg3[HYU+Yq]fnzsAYZʣPiS]G)8,$ #9hŗa j$b緓63`!3gN2.Tc-|;&Nɑ{Wt/ڽchm@cp_qKc`?ӛ;Dj\)^zMo.z8A6@}8dH4<+.*#M?^ "ܞC k36]0t[7v_,ȊtԞm O8V5++.O(Nlۺ6\?E>յ)sщ) KpW!HBcS 9 VnvW\3Wisϥ#x|4drN;j:Ni]K58/U6mMG3KYb?'%:; +;}gYnrg|{iZv̡k6R ;JW*_P [ɰmH %n>(NИ7x#S@WKB*1cH1Q}lzr&c-&Z1ȵ,%Y\Iga@Gv ]Jh)`704qBnJ'khoP]<`H~49̾Y{t*A<{vDU˝yG JIa}2~.O|+dW 8xe1 Kqdztc8}- ÂFVEɉThM9lSz,y]mjv_8SZdC=8Yl(G-ں$cby0A?L"3,0AÅ`_g@*| ^Zk' $MߗHAfxbȞ?QQN2z_eh-LPm~Σ}J4L.I*Lʈ?aU k\ceg i1ab{t|1ŀXtsL).Y {3暈 p4u9iD1)ů Eb7{'fxb,,j#)~u{mP$(5IT4z»+ډ_1=_v&jwPYJ?e7o~5U[bB%NRaPTLzm8aZf5Qb0<7aǸe,ÞCL"Ԟb US݌]+mr2.߇q}=SqHҟuBM $6Bs~!pp]~$nx9JtT (GX=QղgM1<_J?9ԯ9 `}w=nHl5X&@9(,G}އm6S5.$ڒb5'O{XD>pQ+ȵjɅe==?Lor&}Ph53i?L]q*꺋v ?GykҰTɪ[PB399@;7QY`zr!\W/7nHfUJ* +(g H7rФZ|\N).jبђN DG; ^4s8Ep[̘ iq^:y>;2RI֚Fce[N־:ܮ 4u| Uc g߁"V:#Caes'p,l N`}X=26w@~DZkM{]P9]Ho6( ? BCP-A;#$(~BV-œ ޟ3@9 n;_tk*w>9\6D@=z˩~}|ȞLnIW!y(q竺}$6T%1l 'Zq#rE:Υe}KFUн9̀8Kh9Cܹ#3Dr.Hv&ЌL}ag~;.i; !d/.RlqoD\LHEf$ď?RpX# qQ}t]A2=c*2*M)9|eq ;$oJtKYc 7Jūi>DUm'*ZXB1pS }h\wni\tjl0Ԥ˽W#y)=1el"tҋ0kcU88 \m#!&,|'4A~/_B;2.^L)S!,\p9}[+b;?V lNYRrAMJU?|i zUm=`83il}uOKJs]0, b?R]\!ڑѐw䝖{U^hr/w]*O:(|YrTͥ%2/E(vGm)`j4;_殏.P<%z_>@. O5F,ee(kmw/vV>[3D\E[Q` t֔Geu-p>]meƴzb!ӡ ^́F  fO%$J 銟bi8ÏC>i6-|C 7Gv@ AsLA?jiQޚoU'gV]‰'O hR]0ׇiZ\ŒJr@7'Z3e4`,f^+F/\BY.tQh= V8Ց=,VhcJwdfj鐅΀N@o\ 56On:Oϭ#=[2#\0)R J\Kȫqi Yl.d]^LVqCk/\%:chR}NIk$ NX;7~$ TEn)tz+%;EdӀtCEkņg]]g(.1N -j #@eԺv&hys.]WHyeo  )z^sYaeT):AdI)[ЬnJJ QUZ _+ hzm8#)fk A21q.O˻'t#ۑ|wڞ ]rz;wM"D HiTB|RB躴3w32<l>1p_۲W!_/ bvgr}[6LMuGayC-rvnQ 4WԆ_gQ>$wDK{#d,PN.|#/b9JJZY S^VeKC|qpS~LR0g=}L*#);*|hlJ%.„mYd+-2_|R`;q: BŸP)~/O=tTrV wdPRm9K.j)zakPs﹞@yǧͅ W LbU$& včn (\N(ܼ5d2\&.@>XssP;$KE)HRR:%@Iif@^ESeD`eK<-4S\_[rbeX>ye^ ~K/(QkM5h$dDdn$bͦu(`Y<~^2i^V\oE/~Kqnn#E= 1:\ٺ}S`ub[\9GhI"ģCh Hn*!埶CB'_i17vmѲB2Fmo/,_0WуGY/2-gM[rԀټz2 jƓe-fυIjN1Cx8WEчTZ{WCLhaPwuJ(2C@"_,Axw_#H4ƩbAw<CBuw08=F^EYLelZ su}GcWg re{ڹc$((jZ ˆW CAXanF2B4L:)+yUZ0`cMΒ7p7~Q, %7_~oq~O濃qWlma 9tf$Q<~/vjiIc t8hWLUwB"Z U.͎C x~^H8PVeCVS,F+̻&Vgk-D$LثN6,ˑK4%m-iG#N4=Tئgo_oEꗞ\;Ig^*JP^G:jnX`Ԧ 6tb$+530aMf\_eeUvÂgXzO%v.wWz=lpWXH}9P3E 졃Q 3^+ǤtrT9MB"an`JMѲ{ѳ"$M-W5[!FbZβ25EK6UͽtY#n6_%<#/H qsKrݧ_ <ِmcJu,"APEPY3K,BAӊqrKZFjw+^+Pݽ4j[8Tz:~y͋KEkSpF֭ Wі4Cv4lIhH>T26_fZrfܠga%&<3F5-rF[qC!/ F `/_HuoHne{orE=AARGk=*mԐ -܆pHZ$'G T}cu gņOl$I۵)ov]pRwU//)dlVȝǎpi}7=3U?3KBѕqS׽b KUglg4q\x7'^s[wi+1(S#@7h/CpH@~w~⾈Iq2HX'g"֚e~yہm/BYb{D気^MPԖ U[ιzU Z? TUs9gY2l}`v,|J1RQSO~ 7_"^g!C^`Y=OhYs41tr /rd.9(l Yl ɲƻ ,ΗLF8HsMR0ͮZȱG:DL& y=Wi `ZAZcW7gab/y m^س& yIe3݊P$5`tK5V<ӼEnSPJ_4 "T͵ׂD,y<6L~Df$١&g!@Q 4()zDka$\7Vr _["v\z°҅n7V(=?o3 蕂1NkaYqr'k\ߵiSݠlc*Cykh$Kɫ&Y>o(}%]XeH`҂-Xvci)iyVytTʴ?\-C\,$\+ 3@ B{ӻHB [jӻwy i^tpQ NZQsѫe 4Xħ?H/ lE Z?FaW_d(Ltlj 6zCJ$N5;\(DYϞI} /ZqFPmPq@=DpmU>on J–u pLZ1]#l^rcmNqr&{Q 5/EP32e鄜W =Xϣ3IclEК](FLȊ>{vL<}iQGIo hL\R٢B9ZI"/3I>I#tۚ0$2?pV ve<#oD_(Kf9+yh,f6I@]QG~ Sqh1B}O]!0c|'mH2>!Q#F, LtLs軌u n=९x%# 1a96NB8(n#ڤo֜UlW]< Fp |C~`_e⊽C ~2/DWFNP ҋmv0\`k@|wj0`-^2͐I,y&#u5֧:/ɭIiKCLa<"+lM0d-,kH6}7Qҭ+ʼnFe AI9u+T<8pCZ؝ЪP @8$4JT^ @<6g: Qqzoj:ڈl+qa_]m>}HjT]XH ct]?6(w;0on$VZoӽ KLKr;z+HfȤgD~9}&вjvlr1KmF+8,R:h3$Iԑ[" I2ŀ6j J [LqF,E%J!CG;lN60%j٥ %C7Kv1>wXMC8p AB򯢹Ez };*LL[fQe91?"O.J}ȆM\滵} bܜ{m*QlG.B=qw)]&͉͗߉kHrYw v_23kR>w3W(sruLAB)&f}VE"'$͙#@g*;'YI\*ݷ,5">CQt/P`,O/sChC=BBUy_LjS0iBk6 *!3P>ԷGXaL~:>/M" Iasi>qlB z!gB|;g^3HGB$H1x0dkrOɰ׵ ne5s TB2 )3uNKg:yXXv:J\ V ěW8bŇ@Tr@PX;kxӯW83):pJjl gss*PjPy@ -(iJ;cʄtԍM3. ik "#V:p6ɨI[ ̾R4_e8@5h3>"ӈh1ĬsʢMO:j$O :C'GQF/[B\4HߒXsYM;HJ AH i*],@sP_s@6U^37šIRmxε]X"oÛu;5vi7\e}EeHy9q6>oΈԔsQE"2ĺ8bN9!BL/0xPr;f,:I^X}RzweQ/yQ_4zr4^Ezo =+0+c9Z=L6*E|vXkmaA5(:)fϻQߛK)4T9Imv )'8mͶz04iҺMV2IHi|`wdaⵔH܂uoRwf-[*ދѢԵ, \wk͇Bx|9U*ag-:yZW**UŌ( |G)Xshδr_HF4 2Jw L=ǽ1`&%fI`1m &Y2 &Gaƚb~1 o@ܖD bEBy ݷz%$S nİҜfWm#7=g4{~((}ϳ[1tc.pf]㷂?-7=`zsڀ볖S^BŦ[RCMY '4glkݻz^sYgtl}[򃲹=J{$lM9Y;dmÖ U1˽ˑc<=m)?Y=y2>H$~QȺJ]deWt 6}l9PR+ZKkLNU*Oo<0މtӧ|f8M-Á;)rt5Y47Cd3lxCiXh8Jִ&8n +MBiZN[P6w-fuȎBGÆ13sbrjU',r ekeÓS}}&@M–,Ո:%<k>+E&+9Khul,;M湭=AJ-}c(ɉYUp^w=Ked2DC eoǘI6VDWtҏKFU9(L1X]J%a͞,Z !!+k +1m8hܷ5`ed`bPкG_Bmɴ,ڙ m3=£lf.ԧ믉m[{+F 8U*x1fM":o RR35ݿ|_WڻmԻƱ!F:lOYD󕺀/jЊ,y"]jΪ~`_0_XTf͜Y'm$mvp-lZm3ƚU0MYA;C` Bk˰9F4nZ][;%F^%$kf+sZyD{ȋ}`ȪDc Nksw'?(WTD dIcl'LLSgp5 . }9!3"|컱,$-416֗ zr=9?ߚߑ۰t_OB/EkF*.hzP;eQ]КTe;2 5J~ߧiN*6-CB_~54:"$]еLJ~+Ṇ}kJ*\/\bc#Dw 쉘0}cq (A7ieҵѶ Q=W5zv^4Q#{XQRKPL>MD']c$ݰhvڝ:`5J( PܸP-z=5\x{ z@H $+6\?bY(QX&F@7Y H/\na`VЫ'5C0kѝ5gDEeͻLaQiB oZ rʿ̢Վ`f#x6>I (@=3H,R렦5E`n):qO҇, r_jCUSgoX`'Sw9/4qhtx(P3\lF n+/6,do1%fު@vF^3xD zTp[#{[%*,rI%u 2Ĩ-1J8 1'9 !6X(cw)ۓ#~_l{l+jV;-#Uw7Zi9myȉ#C-yL􏎅=Je\2Eiuoܫ/9 "f؄W߈KGu)`1g# I~R[c2$k]P}*2Mm"1!UV RA:F\ulmJ!cN׍{a>_{9W՛/5M 8ب[2TЏ)1:4\:cQ^lZلnZU ,eQ,Bu %:n454F8ZFE14oue@EGΛeT;QP߬H2TKt¡ѭڪbJbIvΆ *j 9ʨzi/̝bEnY0 t$M)bdg{3InC!BJI|u>+#oxB9@Ƿ6 #4`9|"*wFgIH[YKӭ8Z)DV/V_qܗdxx 6/;P2T)0E jT߶I0IEboWiApRH? wrktڢ|K7O‘~I(rTmcX_ah;%w6zAKn}Y;|E7h*S4)œ?hⵌsc &mG9ƀwpP7p {Q\8E{݅""B a&ݲ8@jlj(Wn[hi1Zp8[(R((Plem/~QKQSs7PD'8YV^"+ҋ8Mz&Y4lDq@/8_ ą .Bqrcq MSRaOq Yy*(#+rLEU\*Wŵ C]Y wA=!/~O?d#$ˏ7 M(nFq [߷wHmP;.wc=-<= v7Ľ(~Iq?k~Q'F_Go(>gG_ݬGRWR|%/PM6IA* U^mYALd%H OUdwd3DLXȶM[UFiHGQx]LPYu1&\e2mժ@ceckfjes/T RLt3RSDj}(6UE576Eu쮋[ۣXnmׅĂk;7[;GDV)+ٯ*g&Sv. ZR 6¡^UʗNEcuTLP*$ҩ+MD 4stS4J9eQcxF'i"4v9 =jlP *UF[7/UW"o`MQv7<`^Ŗ>2僖2U\ѐ]OWdnUm8uͰuvn9)1%d*Kg'P P]y>๡=KnZ Cǻ=*'4׼cz҉5[*+qD v.cb kݜh2 Z^]31hMU-~t8쒍s9іl(Iz&0^ 2sdQljѰP]1TmfUٯVl۵oKǔ?X{0t:@} E"^yA:9`?;iLܥ6Wm,q-Q=Jg=r#dJ vGczŢpWws&͔ٝp|%SLӏѮLd)(ܕ %TѰs䉣LIK:,KUrƟ9Od wx#^x U9zuJw< GMjް +ɱbV7MՁ `a9Z9rUS]Sa۩(`;_]Sǽ-Iv/Q)r,\Q%'^⫢ڞP]T?@\@`n45R)>?rk{]d,_b8)D&@gDʽ9+Q;l0|l(z7 ;4Wi0LMDۄϱ L`Ts0[?-.8 pfA΃sR΀ ǃ@IY.Mى̀w$뀯*T Zđކl LSxnچnj^ɔc_ r9]UtȮLlpD2&XsZRedQ=dLw2毇L\pJJxdB]uҩ3:X;̙e 'Fn)g g"]@ 瀬QsArO XS И[=;sY)-4nM  ,k(ϯ45; ݻZ>*"MϮ.BQ3$,ukV<M/0ӽy@oa-*GsM%#) &haxWc"+-+fEvu2TpnNaȤ+q)gZk0شd=W2ɏ9|t @Kxr-+v!-c!4=D$f654w6S6YIo(#vֶ5>^:GS(^&y&Y__O^]3ba#ԔyEeSwREu rYbqy89.A+ nV:$ H*=kwJwh/zw ? E~Z mv0XZڵ -u:jC%r>W.1#2ȵC;R;ЎBI6-jh-cg,m9ȥ\[fh1d`k)CKk}UfhvC;V;Ўg C;Q;NST~:Ng33 ,lC;G;7 "s0e .gpvݤlh0mv;Swsh; ^vv=]y[ۆ}}IKR}}UAGm$CG^SѢæFQq<Lje)?D3A[~?  b~'zڕUv }2 c`{v]Y&s2)f~j uCMi@2Exül+ HʖM"ֈ@*BT_*C(W2 PS5ىAṬZ Rbȵ<4Ќ+FmVfhh oooQϘ"]l SAw>iwu&ef(([yo߾ e+y!K sIϝSa{܅ -Lߛ4mRt,׻eΊY{r-_B{.mݲ\SZa.c r#G0QCn[TeWV z*msn!͎d1Lv/uZi7%Yc2NIo|ʐ i9%HSɶ>ra;M*{l<3YlC#5y<,t.cnw}ٟp=_^` EX^bKe grMZ -USx{' OfR٪fޣJmGQP"D68JeVbbɚiB`Ie uuCuY(asIc^)&uCAt J;R JZt'@^ٖH39OGS3w䕆o$uH`ȫՆF^*S-M 'V}^K%jNҠvy]Mksr ÷-|窊BK?y-^]5kC_2" y0_ y%{Ŷ3)'POǐ[ʅy nKo81bV,XUmVpv#BzwIm*=c]5>yW_nNTc3&S;Ќva-9Ԧ1ƹ4dEH+=d56-{I3(@rT7>#=0m+gin,hK8>ZOۡ>sw茲' u: A\a޺ Ѥ܆wOhwO'}M^#/Ԓ8n1LPܣUPHI=xu^\yvWJXnq{Ѵ/QدR'|}{ꥂ*Ր!y!##\hinѼm=VOMl o\HF~PL]9ʧL#:|`Lن|T>F!l)Y7m ɝ 8K6{͞s-Mhl w1Iy!Yyj_ |F4Go'WEC{q/(LwlB+NIC\?s|0ѐf-8 +݋mv&n1D3oyffcꎳ!_壼C\͙/ n+8A[ xTUȪqiʯ<5f"lEۨ G>I_`jc[sw2 ^#znZ`Z:;C.ߠEq̩@ "@iȷ|gMB]zz72%iJdn1k\7ӆPdЛ&59a|[c?(T(+O lZ'UѤ7xSBReEU`ϟF WkKdH m32sJ(FvSݢZ%_^xfBq\@+[#+Zz.φ!(4w.{_EF;7U VQ/R_Cٗ~^gk1tL&Em7$;|p6|g!?`S I>]4"vʊј&|OhSt[.ӣMI"^ ҔcE켒MR>UQ(݃=$R1f h= lu W%K˫Reڒ,k-+r=L(;@DFd"60P*\i?DC8m@g`qOȴwo"7q_@څH_n'p0W!ptF*#RҺ*'6hcIT#@Qq('%FaS,H?m")<j4P,C8!%E/jȜKK&3bq%(kO@&`aKɐfټ+R +Uu×0C@>o4ʷu@t );43R~ '<Ĝ7q`}kvJ!@Zz= #)7pAc&`Kpt#<*/(Q=3~/qg-Vd:{E[># dȠ1Z*^iu`KWoKMlXKX˵ yOp|ymB2A qW:mW2?h~RhU*Şbs㋀`)Ίsq^AXdF}Vm(IuYUn ?uP9*G}ے4츧}=;xP\D,rW+8)vəCR\oXGhP"P:eN@ 8Su~M'3xa{Gu"ƒb(c+E^\XGrxp:"EzR7_y ާ@.@a"rbK3}oI:? LΨad0ȈR, X_ͤX^\CpR,64o&6DגejpkDC2вElUK~8b5׮/(Bu `-UNIqS܂: *J:^ˋD'x۳@5A4z`h@\No- ~f[RImҩnw8Ik8@$Voia_/SmфYYk4ě0\ǀ;06ξS_2wZa)Zyq#xtgnd@WQWOww bVw@m:PN*5/`+ڟ ^tpn}a>0h7{^}`$5Ӫ~iORA2GyBoCo. 7-RnjHSZ}U PK*?KE-~WV~P2ח^D4!j|Ծ 8Nh r#E ey':G 8ZeGȴ%B“*~͇}qԔɷ8P D{kTZ;^jiQ*ӸE2H)8pM7jnWrS&0 Qoڠ}%,`O2tO<ʵC^ö438`G\׵vkR})>~nG:fPtבֳC]p- 'EunANIޗR9w%dgO[~ ) `:뽯\o_Yw^fx]D"9IFqZv4~S U֬^x"m@鈷ETsE |0yaZzS''v!ݎ'ßsJK4^,>Q%/Ej"* YI̋VL ϽlIKN (vn<ڇWV[6;X-cģ֚ՙD璪Ӹm0[JO`N~{qצjHv8\!<9{]#V-j@N,TH G&K~!(c=UJE?XIähA$؉JlbcIu& ^ ?ާkp9c\, ndvZmvĉ} -ڮ[F5#Dx+zCZ)Njȵܓ}V'(IXL֒1e؆cQ3n͈k9ǭy1s3k&| ^CHIæIkK+ˍUJuAFXN-R]٧(0&y@:Vxgt>Mfwjrrg7Rh[O$)Eԙs'I?( 0[S(W% ޺ .յFu؎n^(7G`U54zeU`6gTмzU]vo3 JG=Cqʩua۩mҪ_[TJKNc )b!gCw&{S@I"aSJ AaB'#SIJ U? i‘s3(oǑu y|TQX fԆo&-ᜐh u C$:aKR%vG켰^_ERm@U;{T[>먲7}&˃+ /҂2@MQlcz'{`=_ˮjtep18asR)` &"WwElpH=H4ıPIyP–(4oÄ"O(/iC";SFQ-/ݐi'^J aԥV0:KxuT;TC+q|,RK:xv"p67fgHəuۤWjÒVv,Vd(y\:udHUJS ׏c[DKP'$G=ݵ&1nzI:ќ;VMh?UFnO bjVV؟X߹^g=6Rׅhy#*}!u'c_mP3Q4#nvV .J֠c*ֵ8eڌGMk-z7D"#nq\%e)&ya9q:k*qGEY;ᶡ4"&M;vRI/M |~,v*"^]i8< .ɯlcj\[B- SredAKۭVjR~ZBwB;:2=QFSi;a$u|$1LXܭ`X< gz^Fɝf?#0rn1H3j'ݦw^ߴF03taΨ-Iu2(FTdeYd;%+Ke;FM+@Wq{2@Hw%?rg8NCۀR]j'F6W=ʃ,m'Nd>}dXG*IȔsL|je "EnjV+ɮ._+ B t.X]FШ#s2rx(\ݶ0&'>kQHE"5/ =Jv.}5G,O._{bz` $E׼PZvSLZe Q-Gvm6U(c2T+D6lT:=dG7a\#Ff8+z~${yv,t5EY4.%ֵAWIk{!>+`Nq"s xTi!tо0_xS_ɄuœDo `J5%ʋzЅ;3a{JWÊg b/Y3k}ls{s>Vmo[L<3L$>~#-HJڒǧQvL\ ě\toաh𛋮ަ=9'2<d!wVtd χ𹑇/k_IF~#ƣtVcc?^Ǎ&Qߓ:ea/\⅏x2K__p%*/r<\O!(g5~c:& Ɵc|m]v1_K1t/{b8܈oz|'|n!x 24N0^y35nfw_ /&mS[^XŷpmSh`ݘ{wGc|`斂KJ@xa%v.v3!@rH eZi^T J C|tģxdGx4lh*rˠy p"xGkh#mţxG@<'ţxtNYx1@< ,C *jǙI\DK,Cdhd:p|$?@8-Gh?A~N+tߠ7pQǑq\'r)ja}DeXDĀ abCI$"I{T~ߒFpdā#1M2dBrJz$II#}Hcҗ4%I+2#I{2t!#b$~)Qdo3r9GS` GIx0 C~n@ 4('pVGxut4@ \8r`$_r H=L%7_L7q&2Jȅd!Nd..& ȝ,!wG㷟#/\n"7< +^mP%/w5`/YS}ˬ6A +(eT) Y+7’11E)cKA,ddG)Y rhOVz_#h) VbJv؁AAWc+uŁ7@Ńl8.T|fXAa*)׍,~!:$=J aP3 @ސ(QLWޡR򪰼 #$ .@y|(= vόG&mq$ ySrn)L 0@ q7*|dR.ÅA Ep1pIHuо.-Gee0=6QaGumB>G5|l|X$C~: К|ArFC00!X5k)@Gjq?c?_h/38:qq@ )҇˱+R.L)zTWܾՂ^OF0k94I]l9`NM)7q)7rif,an)[Q![`+P,,ĺ > `뇅+_1<) ·̔;dypaJ9,Ƥ܉pWQ]$J_SKH-OaS G ^YR2$CrŐ) )Gc&luRX+t!Te|e҅H[*Y/ w1ass9 KFFfZڤS ](TTaT"jdj4.I0&##4V4XCy^PF`3m [h3J{6ޢ-a'm)ͅ4<8Jۓִ $DOCdL&>d*K.tڟ̢:\Or/IVB4Eh= 5{5lS<>=^@~cM/^L5 zMi3:{[zA,ڟΥ t7##"!n;bIG>]Nѧt ]B_/t=]F7_MPT 1FF-J9.Y $EUWC&>O1T5Ր@n'+5~JmO6H~KH)t dbhGny@_|Pm2 hrrn&0 M_,^>Lژ?|T3 S qR =NC|ձ|yR cCj J;~f"˒laTVτ) WAX`H9% H h6G!͈~2^ {`-bLq BCw@݉ n@߅hgؽS0~31j̦}XK?t/2/`/oI1 ZMrBdŜ),$\0HژiH~EGPU=#G_AE3D7jn^Ҿ0|S"2t+C: yz ( "}%dv|Sf8 ]m5v;XοCO1ļ¯G% \ 3pκ^F1*hp-=Y?nNCAcZ ]Pa312\,5AU2.gp5K(q_q_/BZ`6Qdx/1eXLl <46 im84agB6G*+al~6Lb"6bS`6װ" e>v<\xM-|&Z8 ']4*Ҕ sN@z=yXlswRxm% !)ĭS`+el/S[D d`9Ib嚃Sp.jU%^ՍXM"?/RNtfZ5XS;uf[fjSSb\͕^qSG2Rit}As,{e?Z+mMnby[9I%?(m1_;%62A  #hҾ.!hc]ADNѵ.tl iUcD] TtndK:GWͮ ȓ'.NJäI1sKPa{Ob>T>hC[vײnή7D6ӈT (6J*#L2&,T|iB`+.I]f}D丱0iA'7)LZ`A>Yi~.zyʚ0m%0=*e@*vGd?!"$+jAK;j!(?P Cq4'lV pr.6L> X$BR@׫AӔNmiHto耧!h2Xߔ^ g1rP6bXy /]luI;Dw\ 77VЊD6ؐ; 21E(}XE&~_T΋ɤ:3blK LDZ=tޭ^D˜Uv@RRtZ/%D"4¼IFwCXGx_H DB,(kE]5 (ЌahDv8&];2 zLe&%N6?2)B#BHemTCʐxߜqs2Ή):LhxKLeDA7)t6(h+Btf`G{l%=s܌9FE%U, VؓS1Yʘs XlZX50u! 0ڥXOz4sYDIhF~'?9#&dzfl#b##c+ɏR0˨XdL4266rv,ظx?LhdR,9sdr42OF#pLF. pE#}Ilz.ȌXc#W'WF#W"̊̎E5Eω-z\\ v}lb'7F#796-yɭȂ؆Y[ڢ`w~Y[靱_򓻣{h?i)K_t?OqS,˚Ydl(?#<~]yOvB(F) g%SJ*OVxÛ*鼹҈U2xҘwQ2y7%P~J6 ?SiG*-xҒ6R7_&r1\) >aj #?2!DȓT[PB$I]W\=\=1z$1<)VXxJE[] hUNQJ.etT34Q@S+FeNJİP#ŢxnxP')4d j =Whx3t2x y 6Iyׂ…0?  ,#/WPE\JGG_\AްMmt$ v8LJ(,?)>?)PJs*h$7pj1Һ )A "C !32.Rt(Z?1/+y) ~L*#Jɛl?=gyv[]^ݧc"ѱ*N4a </ V^S.1:fppE=[2#OD0!=\yTe $+@(r*+Rʓ0Ly F+Oxe LSaR p"ܣ(` ^;1<+U+r{THH)'Ef2M +{-Q R6\R=s:!9hG)#"I봩é勝Zq4e~Ni&Bq| Ō%-OY:[fzK{_c[A>.AJ'lfboJβ5ltgmv<{ygo$?bp"RAVHo o$i2qa‹8d4G&"|o2T7f7"ϸYrdr  trqb6].Br3͒q|ݐE~*|\[*!W9\Ԁ05 MJ50_+}aX1xRlRNfSJ1U%DW $MM"o /Wlr3Wj yAM%4NA5RiIMhs5f\r#!58kQ=2GNkD'F D0 t!{0·N'3`6\ʝD / )0 ۝G($4NXe_? &ov1SV/u%FyHeݵ4-vXԡuM]jԠ|U"CV&%&%4T2*1JYFuiRٱp.Hq +rRj@[?5%MɓzRvђ4s9M -@\Iܱ p*adٴdo̪4E76TuTPutjil4Tk&O~X"Q\VN8P4w58C\x ?5"5js#Mrމ`k#qס._{}$_ 252n1+@Nd"Ʊ$E3hֿ44PrJnzd0WY- (É.E 7xޢ)`A􇑍/A(Sh\cՕ0E]szI>7a4<>ϪBZ /Zx[}>R_ԗ{I]MPIZJ2ELz[Hu+ꔯ6r&Tݎ2[ISw;. U%K*#F~J.u/PGQ$)QP]oimOhwG:XL_YoH=LWctտ#tzUiZCw~Fpa=j:34i `IK`D6DKfvgjlilњeZS֜Z#-Z6FkMOryGmyW-ZG^u⓵|օߠu勴vKɟzߠT=~@Ŀ!vB$i#(2kHzB-kVTx aQ1>Y깲@/ׅ78i,_N@ F"]/$\\ +\aO ao]s hS,VwQA0,͋E΂eUa^漪K Z|k#Xô{GC 2N2hM,h/׵,T9`WBv688&@km"&AT' iUbwi>Gb/4]d/U8%wUzEk\HI's9g*O@˲B(Ҽ'C7[dWf웛(v<{H;.0O@^v k9GO@]"~:dk3 GkWBm6kZQ$:$цԍpv3,n'[mg*ՐCF#u@ Lu7*Ed$|%z9%Z7ŦNPLjky$`.^ !|CQg@ OS#u >0 :Ht.3atgppxPiaprd_0D{&jmK_D~AETj0?.By8Ɓ0Q6LuVvHv@NT ݴw=75-^eSpi}|v*N!  ͏ pDnuѲcY_gK.[ԘF5N!nvz($cx|)^BۏDxh_lg7p0_GjI$⯆Q(2NCћ7>BYl=/~HaƹS' }=B&] Nz{t"B/ iX href0ϭWͫͫFjmEN܊; 9]l҉F-ĠG=8tKJaM  !@VQxnieQԅB*VI0+1+k x.ӋyzDH&SEP #( D z'?H'!UCWT'i0Bgp<]u xX7an=)Pa ވ(zIFzXoJfޒt;z[]>z';9_J.лyzOIgrB'jlҵi\_OXkn};ЎJAkO) Pq) |IyDd_"3 K2Wom/x#O{S?7 Wd_4sܫΫrz_8XG;rE^葄ܕ"*7i=Nv0@ @%! eS~@, hv#p^CBgy8X/KIp~ܢOP S` KiJؤ_ ~O~%> ~g?\IoŮ?63KNE&G4jjIDjy$*2BE\ޞ".Rq_TnRZ}\ף6yf ?#:kH?M^ÒHJ)ӛ"7G2zQlpa:ہlGJ[#7t Zj_b:d"wP:#_(vxr(U6 cć5B1wA @ohχE_۠~;r;`.`~RƽX9\G9QxQ_ [1W2ة/ ) 8?O՟%>}-bb/Hpk2j]q' 9q2 >S-2eZݛj)#+( wRd`T-.h-TU-"6ZW鶆uNix^('}rB!IenW?9dK.$ql; ~D!ш-WlF#H2#ɼ$ l!n $d]p TzåtI>>ZJ'4GZD-\,(`ZB#_+ha_! |m`@/A{GNz2ڤ%BOlr~>VP j!YDV8t' +E"4FWҧŶ~H';굪3.` }=u=񅠥7lUKwe򔦬8 <,kfa>+Tb!9!ZQl<UED P^N_Fȹ :Y$,0}9L_ B? SJ &>ch݈n*%yk !o+ #J)S᱕[$l_=bLhynT $Wy5x}Yw# \ ͂ih!f)ͱ´rAk2F~;Tn}#R6×˥?MqsFC6*~2KK\ѐMB {bZ"j5ia=$ 0ݹktW(I`N؅+"ǮaK黎$B͌i4)I,R_`=?)ҼbE1=QLO'm9Rg)#k3#7 gp|8 o]0w%\ ] |`o6 G|`FX¾w+-|w>w?={$t߃$˷-#}+HJ2з =AFVI5B_1{%|/|/|/|2FWBkrͷi}u -RmE}l߻4{v}@{>|ɾ"tK:w^sO^ iISTMy65\SkTC+P49MY'(5+ϓbop by-\Jy DQ÷4]ySmw< Ha'RH5TA^eJ;KuU*qUp).gcL="NI /Bne54q"H3;Re_h%uPÓsVF-$XqI((Y5ɫtJ y-=4X+txe(!41IMdD׀."*+"s/쇯I$p O"tc(Ԉ8aJQԫA wEO 7; |p(s|4q|'&_ ,0\j  5ta b' ija^-Ir7Xuzu@3/M)/D4ל  E\}XϢ dG(\ϯE}$ɿЗu&/ yw1Z[ {=$UX.Hyo*kpak s*X"GGmF.eѦ.N 7BBNraI'% (9lH(O&3BNfÜ 68gݑ8FCAӨ(QeB 5t2lif<j4~Vf9N|sʮ`SM 5u:Dl9/ig\.Ns9igN*8-7K9b.Ӳbl:ZV،50! )nvZ(7Xj(g3N모㠓#Ju]U䔲+E̖$: a m<6gB1JNsRvm14 %Eq(4)$ήZ>'q+R,QG!.(n"| u;{}PzC(݈soPa6_ݭRI\'o2jFM22O$Q7"'Wj| ~l|Jw0EA1~gaucdqdԒ&MBb¤d&'J:2-L IdL)WOو3ZCS4̤&M0|=lIǛhC7[6tٖ7ѻ\Aٞn4;ҷNtٙ~jv?]71lf>lٗM5Al9-0DzEv9kcgef![i`^3Gm93'Ds2olN-1lmi ?NoO%tBhR =uz#d;򮿖C?k{d Ք5MP.ު)iǚGB~"jgՔ/4~Dch>MR4e[?b=3`-6 ~H2Bw;鸃"R8`w*efդ8އ5>4O:_ü>|1OwyՇ?Nj<&&֖%`F!(0\!;4 f΄lJhe΂6lho^=90М C1i^ SbzʜsF׼ 6o'[s>6o=Ҽ N j."baIZw {H7~|ÑENfx{u}¬<$z7{($ r= WOGմ<]*$rPj:\h:階R7~`HIB36UhtRN!C` [ F IЋB!=7討f}N 0*Y~xD8OBc)hj>50,|ye>gka"6_pjr 3_}Mb`)}XZ1VTi;I%u斲aْB BխF<"0heHhԖ: 8+ף-a?y'#ru c.0aH,s;0wA |a| w`.o'q(XBy \L){A`P6E"7%ث<[=t/hwX^0&byݥ2B 29g~3_0ȕYc~7=wu0C!A:0ŎC]qQ u}l?[96=< #xB\%͞/OlZ?A[g,g%%y~*XƞVb1PiytJ| 7[@=[gB.MvF he9Ϲ6ȬQ0cؕ ǡ 0ƬsS8wjap Xs%`*)^ hT:? -'Pib){o;;G.FĞyS$PG[ (_vHVH VGuD-k/WIe8)r=cݍd{ֽlin-At/9d[Kjc0z&$Y8*Ysp垍5}Xr6ƫ &|G߁? cIV ]݊1yT'Au8]ԯ(V f#7XاB<6A.. Cń PTDx<*]ݐ.p9aoX/!ox膂&d 3 Pk2čJ(`U͈ xz\`A5)[2)~ӪNF)RJ,dՇb1~I#K Mm3T7 6>rKԡ-hgXn&ɰ`Ht,g@F ?(vBr z(>1r=Y¹g|gpd탅^GAN?y/xʬ(A ޴Nv޳jaΫ6mJlNmd*ij$mE $d'v2lqLUvm;z1$wYn;g璥vYacvf)ynFް[ve$حGa [vkJ6Աsi ;Av{zݎј>aU>@v'G!K"|$ҔZMIZ(ihM4ǡqwojJRb .x H/Xu%n}PJ].L~$w!xKNMOUga2QEChUrxIOqt[њl)8yB]5b./#Jytb>Y McWr|i$dК- R;a"xT'[[opce4vخ6\OB ϼNtC[?O?Vj]fHK O F;)$11JrTUwD7ۈJ| ?#dG^_z?J4#/O7xv_ ɨePZƛߴ*px9Z܀P:~k_i{:⮓]#N 3 üY覙N8~JKer< w@$Y|}1MeD;*73b~& n9Aj`7}~KF] a, l;4{@Wt@_/ (?L@n>VC1Lx|dN,x٣G{,b =$ӞBS#|ɞϾ /!#K(2ɹ 2;L$35d}rZFѾ 9d} žorwbr¾w" 9ݴ}?mg?DW [Iq:~^d?IOy&zm?K﵋ 9"}~k&z@%[j&^{RkPr5`ˬ.Xj@|TC RR-;K"`k*Tŝk~oy-Z/ݵ;=^[@ U hB!\q-įƋI傊$gYV _/ ׊m[E?ϩ'E>f8& cζ@7C]ik9v%߀v6dt A:g;` &d{7L߅ PQ* ?jGi ުt?Vt⭩ȒLvuWIm؟Cc{/\U#?Xe TڨmsR.dƗC4e]~.;Sפ^y1`)/ˣ&_e7A=@4 "]biS ISSWj|jyMu[[L-70xC5$6XAWY\Qm+xnJyp#}l9kZ?H_B#d:ـc_CNF΅^d2%S` O.EHBj )Pn,GgMGg + ~$d2A 2 FPD! :I&8Lb4$ Lf,l.պ}Z]@ATZ/uivkk(̖ sǜ39w< /8>6V|q_iMo4G>֌␌}'憠`Qd\iL$? 1+4ʌD*T0F8YdL8Lilci4Sq&f"O7ьQt<͔'(TlY LT"tJ͘Ke ŒSi*eIfFeh.,AjU)PE&:MfB +TmԘ5 ՙiF3hBLTorj0K0 5Ɍse,ll(ZNgjWh]_ijk̘Em&ZeAo":E&6h| MƌM2s҄L˺%.EaP(bƕ(&LiC>7ʹ._Is.f9T㛚:ju֎~ Rƽ]p+[a{!&Drw cr,s`Cj3'h}d6r24n_0> m5HeMxco40Sy= a GWh(4:F|XXɣgoF)_Ǡ㇢)OQm(9,U$_[ NחfH, {XJ3ZAP##Q_O}[zO2A +R,.p #uҩZOKP|5-N^au=Э3?>}0'^C(J|uGca_,,rl% ƚI}XO/ }Q]=+hT|YtdJuI5uYi|pf7gH1D*I-؁ͲtVV74Ҍ[zcZfeeh4auβtFjfDݞ ^Ͱ8*C.󚖇8pAYʹpGz>8p#TEUM/pnt3Mu=.}gܱN8ƞX`(j'e:4WzBoC4⵴xgDJZ_Z2s$e9rBɈJ6\֬zɱ?!pa-P4 y}NYb0rfہ1ȹ)%#xE?^;n~o,A6Ey^_+WL;m_]fo9{}11w{ gd>Ng;ߥxfO;GsAL89"@XGY\1yXt4;~<)[*tFq5+r ]i6ǣ#ڄqDXtDkN$k f+&NJ\28Yeץe 9^9} k6%DR,"Z9BFár;cx3F/1x]%97I}Ӣ=F9@.˳: A`7dJ͝;PXzX6LnVhLBa{kq\\zC]|yAhmC ^aGk4qHX.4ǚ10KP31 K10шhb,g ]s6{,t&Hir/d*݃@MP//1ԠAбp7 sj)͜b_|^m@_] )!6yfϘW/|̈́F^C039iLЙ~O,`lmdum ^ݘd$~Xk(JʩE X{@_k<`r.k҇|T4nWMfҲYZcXڏ+T;Gv-RMHJ+/ac61>nAii"0Pƍ>'|đ(OeGxӼlr9:x *r 'eڃ햓1(wN{ڮӘ/^Re^]4iI>{FrEig]喚hYn<3::$Yjxb,g_=G/mDz]߃vKF$lWö$ض8qٹ:n9vQq*I+\}ԪTq(l*ٺSʼnNqZ-J h_4Aa>T\E 쭼]p Mds#';GG77RTg'ɂ OS#S N3;}t)vxځ죷 }WkFu: 0a1ӽchĻ5xOb|h >6܍O SK%Vca>H O(>3_F >RQ_PqqZdꑅ8yf52ݺUQX Sɨ]p7胯|kCRvAWOIZKl#I8?Q?s +,לv :wu)!|kO܌CL;.lq-~0x4-ij=*M NX`f[B`obUa.SVBDD{ A3d!!YSIUnQn\)EC^0rAnsxa/nBlܓl^ 2pIjnw:zChc!S-j]ԏqI. WjVϱʥU.U K* ٹعR!f$*qM >v0U`=et"p-Ct26<` Vi!>9-t:3h xrP959qF!#FT`k!\\l.rf8倧p é`/2bWqհ[MQ.٥OmCixհ+T8^VWʥU.;v5ʛX-HmB1F;ٴ Qt>ȍpd|Vs.sX1ԃ(Q 4!o!Tj?#/;Qw. Oyt~0²/8v).{9;D~Q,:Ky,𘌚.^FgB\EyT/ kus/xtԢ:$I,t TUpJ4ko.{ٚs_!ַWŕLr|,פHp#eJ.\Ev]ߎp=P㦭qVwɉt0Vt'Lw\4'}\=fzMsI h_*L9V 9L9ok̟A"f/K:S3b& 96v%6 meBPEQ@NںkibvW-R NЙN;ʼn <}(O C;GRH蜳=ϋ_ "/zB̋A\@6t)øw0GF +xы;9w%Lpb-I_+t)}bЏE'ڒ@Qap1-a[9}ri[欖ӵd{96b5{j{D9kŜacC"t\} ׅ@AW$7UcaѧJíKB 5{kekLc7|aUs'L] ǽ&as( \Θ sZ3sӲnq}VW*"1$S1m+2 #/1r֎jPdOgd<6OdgRc㓉# DK6S7 7U| C*i$VPHԘNfɱ['ciba#2.2liXrUSjU?' ۯ\ƘZEjTSL ʠKJ'q!ÙTҲj; bEf6w=Zf)ELISxZůkoTcX%Dg |M&LjR6:K6.&4dW,%x|긑#'-gJJҿkeݞ ɊmV)"k SrW%nMۍ ,&*a tȔnZb?!- صC0 -{PMt[OV3M$pӮFP%Y͢NeK _'heWFIծ6 aXC :db(}fLjiòoO';UśIJvOY!$l А@uC[~$:?/8PmgΰZ\I]|(!!k5K`k/q7JF٨ۈ.x"֭4Lesvss9 M2MTExSb/vzƩیJF{9e!euc^ˣ.%/ɎZ&U(6%3 jDpЏ$tu{J}vи)Yp>/t0J _߀ktroR8|D߽ܰ@zkŗ7ܭg9P$0x}S ;,'}4E¢.nw!mjzk#< *tFl#(<Xz'W$O&5g) zΣ/i މ3/(oX]:>- e Ը兴eW *7 )7eWuۂ :qw5WD{Epԓ;O6l;K+aOPu_GPGg_/[>)xGEEY@b ,"l&hVVXI 2[؃N{Dlg =#Fq#~ z?${# 7 3|*9>>(~d{/s~LB 迯^|PK!5 +com/netscape/ca/serviceCheckChallenge.classWit7ci0D`@PB l#V! "Q,'5ci, i6$mhh4i$ YB$YMKt=zH}#`[{߽k}e/{İ׆o IR葰OBZFFn q^8h!Waw;]P%Om->{l2>hhc>$&a ۰1Gd<(Ya!;>%)Sb 'e<))©g lX'd|Z8gmN/Hg̉:!Jx ='Lz'zu늅U]eT:2ȉ k s(:_am-XT UOF gOɨQ-L|},obﺆъ TKjMDnU;43%Ὅjۈ0eA ;v7˒`Kb(Dʼy% g(U]7T20i[ǵdTۢf2R-#=ҙGE |mzBz:dPLK\E$OT66D#P. qVhPĻ0fB(Sj$ * 5Bp/N@pc`hEKSZ|榎@KKs ô+8%e"ἂ/+%3$)*4Yx$-i5):\Eeʂf$*h=LLO|2,V> Xt$x]"u!XNf$TEI]#|cg{ޤ&(Ycagc|kwue ZKLSc ?ď ~7?%+~>{9 r\W+Zo7[*BjStZ%SbdWJGE;,01&#_kkKп5 ؈?Ϣ| ],j\YR_𖂿o'%Uad+4n-wtwSR I} Z=@!&l]c Mhi5_fh֨CU1cb5=,]MMx`z*/)]+CU"ԏ :l!|#2t'gk^^$bȡtp\me"Zw4e8]ڬ,Q&pwbR"Â-`n֙ȬzZl*s"w8nP1|҉Kg!\͉TZSВh]dJ`2_mG@iOID;E;Ar]`鱍ԧ=ĵ3̞zؒ,J5) e p0N:i/.jˌ0jbƑ6S5⺀ivuv lt*ĠH1rWߘw#ưRUāf YvXH0l&q$OBh~D=fgarW>s|-Frm ԌȠx#˄-dr J^~JF8x=ʹKx6t.IB9dp1t PcXp a M§!`82yUtryx%ss68ysŜ9bW`L\:f!0t %fc檗3wNdsX6Ŏs(Z%4䰔v8%6͖+;!T0)qKdn36mҡ o=*2X\-z۩O)ҏNe˩:jN]~iaE>ӚJUNm;, h7VӇB枧/P[)k p&,X̷b)oojkv| 7]ha'*@ߍ8Wa]8£8ʻq0ߋ~yī<7>x7ߏV{d!fKbVaQ˶cPz 퐰SBjp %&M؋!d W4Ҁ jtϳJǚ!D[T}sXv_qW `Rppy"qXͧ)CUS@b #TG?Z867t $DƼ|@+p`zFQz+aSj ^0-ygI.:h0'8OiB~^Ж\lm]t-R!ͅ&墦6]Haw;^/c_8cQϛ"PXd<ݿOY܄3xŏWшQ+>֌xf0G>Dt&9qI?0%6сGڇ ǴغMf}xO)bPbYRʺckjEW4rlkYT%qTGU;e8+ RZ Mg8KYU¡Clb *C|\ o\k(j)[5Wng*(n;J4x27p4b\aQKSW,۴HUK' aeхuYЇw%#+hKAc|14Uѭp*Ƒ6Ù-}[תBN (3 hR(HCY`8wPbI]¢+ T[W"c܊ EP0%n1 d* NDٺe &*`HC;&@&td*M$3ىtb\ GB"1 mM*υ`4|zQ%ҎE 5NW8elEj^{ $uhb2\EfMvZԝn$s F?[%*ZBֹo2)0urSBTJ0hV1#*~ 䎥yQ,]2j*Azj.t Ux+0 3/߇&!Gt2 L0,.$){7p!7k@f6gXCs?ptp-hX @`n݃G XuXC_'ږ'zzn j[p< 1tbnD^^/2/UdO6i\4- Цچ^iZ$fw~yq#_qg ~g.Xt:=g~wv__ Aaф`4MFҋe!я?qg1$#Űwɸۋ#rTQzL=^}Cŀ纘{#C`^d8!N )yTAKaihhid-k8dzi2zB)kv2xRFi&6_k"zfYkÍEb eԸQsD6B ҒCAg(êO*?q*ml!o2GvQ3 Ad<@ɕQ"Ta6fs]@ XVE+M+"'ǒA`G\ab"В}40֦x*>88C# G-_*SxX# c2WRhR(eaaTrt$A4<3"5O3W$NO깜0,馡ahFzZvфF SŜgCؑ8ai^."fQlcAE2^ 5ҥM2EeKRbPu{ExMxCƛ 7,>K '*T}H@4;xZIaDF grȩ-}RɰɎ?[Zov" aѬ|°ɱ3C%)nRIengd[SdɌ8-"W?.j"-+*TxQ(?2wҋES2hR7O{>Xmה|R*pd#j#T5n[+$ ;#Uv3,p4. 9N:diJ昢" -m5\ٶA YkUMɍ2Ks% iiSD^23K[ m7qf|I5]%=͓amd5](QaMTZ51t:JF ^/t鹆tI|sp'N $@|E4IIaVaA#8Po gwY1@K r-`) 60ܠ@Q\guM<{\.HN4df#N76TX#U[M jxNV. 3ךQX‰jix,+z55}P1- 9erп/pL_b`pEMΩF][ gc6lLSڑ@z[]멜Ve,p\Ræ`cc)/Uyݵe&=cW][YU];jfTlg|۰h «lkx]6]挺J{1amTa3tb6e`v  6d9ǝ89=ͭM)h ظ`X;eB}'ĭrfyyb+6WwK\{ b}1q09<*oj3W'2ԉP`_ >_5͆w:&#,[UQ+DVrjbY؆O@Q~両.Ozi^Ug)>uϞ.$26"wg5W@S̃rb 粼K|Ź -F$Z&L?9%i?&r؛e 7|<@82 KB"!/sB<Ϸ_ 醹41ҿ࿼ {2p[la>!sr?;S1LL+]^NSRUШ^6G6S /[" V<!CfKȤ\ #5Sp<y9шvRAlnLKf=A* K\0(8~y\xWWf(5McdJ omV*f|U᰿c91ɞAR_?(YrwxsʳL>FH$ 9ʈ&v&{.|a _<N =ԿCn wic;(O92Cۆ>cҌ8I:]Ҥ " '(Fn+V^<QYdwb GQkc] Qt2yT£QCaOވqsc(&8ҳȣ(\^jI.ö8lS8܊69:=SAA09Ƥ4$+))&Cse=nxIJهD,keudˈ8rz#X}j'ȱOcY@&2Hgb=?x&tbxKtRNK*Y3qz-^؁܃|kqk,)e)+L[͐RRKDl@ wYPi6w ȧsP̲tT*G5j棉bN p9- jJj-t>VQQS:i1vVoO>Sw7~ ݇jCp؋HP'cz % لYO**а;ÅPVgNnګ'60C;LI'FAK+YJOBC`+7oPK!h #com/netscape/ca/serviceRevoke.classVypW=oWM(;-qeib)(:Dk)ky(VvZ W%Zt G)CΡ 0$YI%F}oO, xZ^܌N/D\%$d$[Mv) x1!/»Z0 ;d-b)B#bq8䡓1 )q X[9((D %䡍-N2&eL^17eWlqIx@hAgy`ڥ1aӲK֤1Xٌٝahe}nZٌɰfF#K"e YvKu11wE<[0i 9:J󪺂 {fVcbS62{ Aʂ1xs % hV } nmL WYi)ZZ9-+Ƈ܊I⠂[aݢeD@:K*d)c8>-8-LaU_&SZ:IGSt"9K&z ՜Am>SxH >34Rh,v(t=ZtJJi|x!df6[nVSdq9&pO=LO fTj ŰZfI+\Bԏ8㪸*%%^z֥uZd3:E6'EܴT-&ȰhkX,_4 ,OP=*;O嵒gÆ;Aªn1i^j“};̝BgxFZqCGۖvcUԔQ:(Sdj?!\Ы뙼Q1 ǪS,W!H{)>}h:Zy?4~y=<?a~xy>cE>>O>'%=p~?\W~FL3Hb`zSRr΃Hɳιp0/eS0-SnɸF< ˅_l¢ .ɝ/%,_q᫄NxF.d6fL;4r4-;o-ICEyz*4l3`Z)Ҁ+b*i ݧlHy2)hvZ⩌911cfW(P􂙷Xby2<#ФF+AxMG4sv*zvJR]<o+x/(8Gvd@h|hZH\W|W|vn.ScqMhHB=Mt=6rHEK ~fh@;cKܵp#ÃZBt[cl+ xL.ȄP/tyKZ%wjڰϪX6K.n?O\*x ?cȵ6ɬe3yU&L~UsxpU/+oVcX$׆6̘7Vݶ]58 5L8i0 ?O ke6ӵ%Nh'5}L$R-\k79\Bł2LN\̞785:sLrm_)&sxXpqn,ﬢWwOk0 fڌ7UmUV%_0s-{@w6.Cm2+F,˸$|ຜPħo7,ozM;PK>s.x'+`k_A(b37wV.boUV],E ^C0ZV.:&DIgENKG;qwϒ \TY.&4褭Q6 N PJgp~"O** F ' }B_(J"Qܙ*Mw7Q8ie6sXU95*ga9\.vBaW8Q ViQy,;g B1Ɠdr!OQxJt>3ϴqJ\pDRaƳch*[s#V疈3qzCaݹJt zj=A+|bBDToQ?b3hQV;X?&/m`M ް+ һ3i*O5ҝ!  |mφt^w^aDgI<+a=o,GĂƧtSFLMcD (VLil`|(Ӳ Ա?RI[h, ~#. )j}(KfÛ^}pit;iף5/f*=&htbdޘᗭg/t1l]Fzu)=jƗg/_Wj|_zy\nk|?E|o?a747f mݡP,KRY?yoj~0oY5 ߪwm vIhF4UHf֔=fdl W p8K{{5CNH__+W5*5z~4rVluhG, vG{yw vե25 ^)"}|FS' 4d|W :I-Dڐ|0V #Z(#ްL܍<ٞz$P0oEABtY#[vz~izZ@/PARz!ӔAjouUz [T^U ӜĊ7g 4P?!c2Dbzxun*jn',FY n ё-Ȭ){j]6`&T!ȷt\oJj?)3NJB\bg?@iR+a+AyTJA~ VBj\KffVa[G0%X 7}>=ըDSu)M]nMILfhn4>ďK^xB')d\?#YvэI_a8U5 LESҢFY~N_J"3eP,3b'HyW5? R_T32,nRD0_5~EP$TTT/ualMULIr7#遲n)\TZꮮj*_]jaY*WCcSe{ki\ Ư bzoC72_Nқok ]S1Xнǣ7Ib2> kF=j b# vOYouaD*BQqVHYRz'!JT0*3l㘉e/(kpIs30h6OmT\ס /# RO'uFP,2DN^yWkJhAuyu.zn co`3gy|>cܢK7Ou+G~g ~!Ȇ D*xO$!siMiJ :|X*X,PMC[{\ qn@hș 4R3X ud&ac~ @A~.ؿJQtgL e8X R3I*1dfK3B9€{n4fv)| K쓾)eӺ^ҋwVWFuhomBithyڢ2\ :Őz^xY!hof~)MYXJlӴY*A$EC5>OG;QrL&0ʇ#e VD+5dҐa'`CDGaz'Ito2YDS̥#paոD$NHc WKH)W`if $"LD<'\ }yN 5ZbO+,0݇NXkD}^8SjrH$YMHP0@Sh$TQH/:ϷOqosh17>d/e އA;qͣ,\\`^ѻn0f..Rʬ9ɐ"c=dk좜2vM8VnҘn+i((q쥼2ًj' Pϗ`DF$8h];SGٽ:M]G#=4ȡtј2[IcwC!=\N+i"'5jZCgFex6Эt6=LN6z6=XTR=B*n L' ;? ߆ꌻ%YqQk;i-&4wD./ʇاv4M]t~a+CqC3qJ{ahQ bqGchMT\; L31mf@[hK;&P~eAB] 텦 u faŕ,V.J ܥ (40N[l6;3K'`rIFsW`2JS]EsjP_ #&Kxh}f + ~(BD"=ȾN XfF`2<6M6졅++QbŻhJ5Ր!Sl(H'Ǎz"HxQoQ]\wCGauku/;0yzjfG"RD2CnpUFԲ>z3 7 ΖY3\ JXĴ*عK,})wӲ,Z[z0*1_1 y4RIuheUwXeRt+eن`F\[ȎɍNjLu ,۝%M~Ecj6(k0$^[;܍{1Q0$d !sh"q!s,0y?ø?O}Y#_er?q}{{o?vx{<]bIjKOz9W-)(}ȝ'rwКM}?# c$ʿb+xwԧπρ#H_CtY>[X lIår9粛5^Cy5[yŤƖD}d{ (9 ) xSE=?py]t~'}kw&GuKpgY.52d,#d܁ 6 h ę, Lq+8cfS,0yr b3l{fE23 s#Y#A BttA|V X71,E )pϠ8AeLԓ2Pw1,B@+@Nƥ,\UܶM[NR)m@N4%I[*ee2dޛҀ /( (EW w q_A\?Y$3Ʉ|ͽ{{;CBMC\i ȀAvΫuhBOwĠf Pp!b ^g9p  .R `Ep!rxWo-:\[ x\5 k5VxyCD{4Qr}:|@Cʽs#|i7 p' [n ^CܧL 2ijiF<ã{|{5_4x'͗yLU>t]ƽu a8 [<]|[h]C\{:|r# ~l$񗹴L;4&ERkGnxŕ4Ln3Вg K4G:=ߍ:vhfdNd8u~>L;&EehS3}5a{B w؇DN[Na:/g^ tC[Rir@!mf>IeMhL@{{pLK\_\V84xVr^Ը4T7Ne^!)ȄA鐊tޤY÷hx%y0R#q+륈j2vujF^T`D ߪ@4QHWGD9iisp6]I4Jëd}vΉ[d`9Sqk/Q 0njx· N)8Sx^|˶H6 #g]W; r7,F`w{=kED^E%ޕaٍx͍ K*јJ MNx{Da/U-Ѓe!oXaE::ۨ :"M|=HHg *3\1u3tZe%pK4eR!(ޢ`qhM:Ӗ= Nӱdffx o+~Y1l(ޮhv2I,)3lÙ6í޻F$E»-ؙCv:O£ vަ~|@$3}R0>g~?G.O }S%2>+x5]DJo WX_HH! kصuW֞>5RuƱpo2'~DW PQ-Y3>D$mL2ftz8zT|'ٽx*k,)pc!q:>TDOi?cxruQ/guQs/4L)d`n˥ ^7qlQn~ b8w{lY;{ErDRoY-VhV[w{'MYGkPG?__A, Ua;bEÿ8[U~ Ey|we >|X3"h=˹g47?LhOS4ʌM2%? _aEMILfE!!Lq—P$1% ;Nv4ˋA͍ VJ)AGtsim4+/@]s^*mus+ŶR%JjRW`JNǕ4\R)9]Prl,%g9 8qA+ir|M.Pr\b\4s>-f9n4؇S$7jztZJ)Q%L1J+u+߰R֌ e>҅]uLZQojY, ~.[9\8{kw6N@'V <]o춀jDgr2 a ;BKvv,wLo:Z8bqv6ebQ0l|j3(n?E}ϼ.1qDw_7Rr?5!Ra .Vدlik:ŧJ=091Р_Ȍ)X>f)/㓞+qp; 蒦kԑYE7 jCЖԈ?Ĩ wdRPEL+Nl GS.pwYLksJoƯ e;܍h(j@͓Jk+,׀ls':5U!W):ԄlbGBwTӐ3o=աǠ'R9BNɴlx'gPI)!:šdEnRftK9P|"<|%}asJ-JKCb-v%TIi5R;4w!6/QFCsHJmja;cj D+bV/Q`s- |qnUد0mV[-㫄qj,'f*r.3ʊm (N؀ Z'BG#:"f\/SdSn#*4eEfC*!8h<))>H dl&&M8#/ ]p}tM̺ nft&_9cKӽ|w%h#Z(/%* FW+hNVQI}?<{D.!u,RK|h, mzSRH90_ÿ 0ljLeGI!|4ws\:I_j}wp+SDsP9E![˕#0%j (AiFl~xL2qta pdƘUg.Wz䆬y[&amO@~:Ugc~u`֕ i7 ghv dvS!R&\v-e3_%v=ӯNo=&o]T+!G[^ T9P.a|6(eMVN=$Hh-5g]@F ,}~ڰ^^z3J|: ,R'FH0|4$I ,?A7IIHv<Ɵab9ʦq CƦ6^ɛ3#Enfo UqSY};fTG 6R-gR;Y%࣑k¾[D IZj$Cq c>SĴd@S2x%V 9z@I8 Qvw]e/ ~ 7ӣY:d B=5#|^p#ob}[>ĵ(o`QƊ MYq/!Ʈ=q);:8EFi2W+oIXWGJ.AGF,"cѺ˝ =w /&5`Sw&V룭|7>N\ch#>o]W-y[ (AF61>P/AUg@:AxL n5 tϏ[*o?*GGFgnA,6hikw^"jdWC+ wL%!M·eyj]YoDP^"?Dry/d T/8e$ sk~ Ʊek-n T法NIl9O7;Z7ϭP-;nRc}gԸTU[Rwqƪ^&*p_#iٳވ:xW`1?04pyw\t#c.\ElL 3YΒ4\WNzaA>’% )~:.L2Q 9Ѐr-Z8r⒂`Wtڠv0vڣdnסzwJ$PˬE?ҋ 3R=\P^7N}Y[ϥϳEVLeBX04FQ RܫA𙀈%.  /@ل~,;C,*-4!Q`ys-vrمN$փsi"#jo3H{|"`uk*T=\.1#)]FFڒk/bӍr4ҥ `u@l_a-I}F]+dKԵJF5 rj+lwn+ ά{r^[Dh%01x9xR q5v[!.nkL֨@Fp\ad|aK ^n}%$ήf^"r{\P]8'⋦z,~o,MfCKdDWl8B6צsȍ@-lzKcsUqe>2\\pˡ3u!{E~01my41O3]!dJ/Jc ngMAFMGHHcri[nMփ+VC~ 0 CQ%ȴʼn"Lt1h !ek,,w%ؒi"Qϯ;ΒPݱWxk V>rLa`9 8{$gX~֘\l aTuRkGDu+=ra4ao>íLsǑ2$L5q vy;c6Z'@ W՚|8~P/Kkju pv*K( e-Bk-^-OE[%f٠44UV |Q$HBھ9lMlyt+txvwnC9+(]v,1@/ ݂jҎ:,_ 3V.7W=N̗ Œ& ۂEӳ&5nhdI}dk%xa^ZF?E15lT>ZP&pƚ#B⬾X[_@!$p2dS.>T$( 尥/يK{bEV|htCitt#^^8i_GЎ.׫)p,(tSҼ{ <ͻ Z `1u1q9$IdԘTU*VY7=.$k!Z~K)Гc+z8OGńW\4ً$1Oؔns_Ɂ$y<IKW1 !Wğsf5oH0o#3ǭO%/i6GT䲌ǚh\;n'~!( Y&;OqM_~̌s20G \/ c[_+La:.dT]ipY {vd-p՚PT "RudSzk 7:W/8\ϸWz QyK[) aք֪tխ5|&%_|qI5%ðz @6o:EoiXZ<=seɅ3QB*0I~XV^ GZg)>۝-5QlOa>^_,^D_r%UC | &+,*pJk" /7XQ,pUQ(39 %qkX`q'%s|eݯ 0WŲ...u%'k> 6qeb&8VyD@T]%GGo@wQ`]Ώ>|̴JRy:$!nؚOkvY2eR_pʓU”-{2pY*Zlk>Ă+lawxUzw˰>G]{J$?dwє ſʣUhiU~D!NXb&r"E>Y5oX-j.LT1.<'߼JizLndpi,[7gnsQ!aI%6I6Whp{fyHRq&5 &)`x-?b~-}G ^eox!L9İ}1V;RBC' _I @ĵK-A~?=;;H V4PsuV{06į=dxU "3ob]j"Fε3~z1i&Zp_#2rs,(߼b+ۂ'jdB+mW4EIՃxΰZ k6M5z-ӓ#?gQ&Ԁ"M#k<YuF=^B~=@ϬÍ6j6FEo]f!g \j'd]пLupr߇>2E Q9jJvwy9~m DQ@t7skqʏ['P_HYV}{Z|!Uk[t4^QZ_G3!! Ѯ)*r6_=UB|ZwxC6`Okܺoƙv=j16[0NzӡT|yx@L7#N9_X'`'I6G='BԚ^T(&E_Iafds˗sndĺ]7λfͱ/Yh+*F1HRzkt:`Q懺eH vlFx.Ζ.; a#IB Ѯ`T/5.`K/a+ߣB0FSCvGƲÊr5O_'cnvNӄ+_ *^ӊh]3pe_HQ:Y")YFV?˴?j] 4?Ook;xٽTp_<"QXD&qPE(cm~:.ά 擑NbU#<{:8_Dİ>/tCd%v"oR0<'Ov\I(ŷFv)O 0uѶF.a mb1P8׫!\>=V1Xͮyp|!d9(Mu!vlsmdoKb`b:/X` _0W5dnsnM L RlnҦrOV\3@`g9̩f?J҃~o'I=R'0pcyA ,Z`r@ZTмCrܜ:M;xޏNc&ȓW揇 ɠ^|=8dG Gwm 2KʼnB`p;=d=[s4-fC]xD>Im22 neL Kf%4YŠS vl;ANEvu"qM#ܯk. ur2=8Zg ]îK{H +lP *_]J}EyY>+ jp҉{`nClB 48frh? nCsid3!pj-xtdk0E}/;<+=#"00zp|crgRW7]>K}Z|/2c)Lr,դ=&g1$gܸKw$gCahNU0df1t3\ΧtVS3#m2^Ds& ݮe> B'`%+YBg6f *<&o ,-UCPF1W 8 'X.E=[lEzff4{/, /Gh , ;'(dziϫ9Aw/eli9U^ 6؉25u?Z MRHIJ8)i.*?F!Q?˭kB`RHeDhfE뿘!@W)~FqL9.?N<ƒzBYܛѷ`ˁ$zơS/-]=ўPjN{ +l 4XsUAeE.鲎s a:AF4 w07eqNJ .c%<*6MuZqԧ&=R5b_zs_C#a,! [MD*Mգ5zIkIu7 K;2w8zc\6†zJIXx{l)Tv Yy(s]X&3m*XbFepj$)81 ة|6@qGm#*Yj<IHD{6$y:rP-+-oXWM.YZܵ}0(ñ$ 졤'n8%XK4Q(9TN#ZcmyKzRW~VbIfXd~wG rrHARry%c9 ?w "W5͘ӳȼgDX`BՉr}aYJ2^^kAG˩%$WR?S;4=H![D:&0zBKy|VB> &^pw|z`CCR/]ѲVnYZ%킜fτZ ,0,=# b)wM gh C\ԂR?!k\J0ZQS>[WNjN/n&2b#%J&vK$̱$馸[gTGBs ,d[ dQ_w==֯0([O €'mF> Nn&)LCm3tX`'K0VN*kZͭ NN߭Z/zW'G _9RxTI,P|PFU9A\OGLvsbdbVaUAW璘H<^`}L!>$H TYw @\`9u )Jsou}e2,}t2 <{赀T8\hTCK3B`[s&T6nm&(i?SE?jO $bdPwe6xۡ CbF* 1XLE5=m"W>}gC.q!ӧq܈_+\g}aiV$m;lN0*jׄD^φy";:a&7Gvi_BgO㒂Ϣ,esz.v׆ǬP >[ߊ |5 Q`8gtZ;҈_`1N` #IwfUlجx=>q +P_A?+t<P0=bq=?͆kqS'bHԜ뜐G(:xm$O~>bC']1a 9e]5aqBkj8*3MV YAɰ ˭ aeQw cio3a ى8(T1j8^+ (k (T3>U^/7Z?bL 4 C6Iɢ9!8$&q=eM0F%o^aG_1f[ǸCY|İ<\.1)fᒴ<z Q^:2@dQ]9iw<:]?ϛ|`Nb_ދbtDpFN8,L;$tR+iMŸ훚rf&ݣ^݄?FٸWr1Yn!ǂ_?XCSsW7]Bf6Γ$aĝl*˨]qtVu. *kyx3|9"!+R6NXc,{'GM @ Հ?D]LI&LBZLLt~sZP6"}f| 9K0_6ɔ$u18ChblDuojSDo#y>-9pkpu2Y?w;}ɲi?l±=`s*etxǘ#^}i9>UjH5P+ p 9;ɥI[D(<\oc)N+4g5kd )NdOO4Si8K@C=B3C[@ИmO]sjCͼN^ϙ:GnwOߐ@H&HQv[8E 2iD'qr+~6,U 8/a8>t^w-q5Pȷ~$HTeSŷy_LOI+ @zZH|`PՉș^XBkXM+Z~u*Vn(xJfuğ:nL;0(ߊi1+Дͤ CE_Ly@:!p_Z\y1 y@fDzg80ϖ5FkB#2)wd:#*(%:*ϭC;2Ѷb #RNcFUbArr 7GiάGM~reh8$4~4K99&;g_m[*^wUD5~xH!;I59Ym.-Ᏽ>ŹE$ޣjA$lrk}gajlgXb K9'& g܏V+gJ Ӈ*4=jКf. Y}yAhu-CWD>! LXvW0V 0pߧGH_Y^ZVgE*|н?ŦUhOCXZ 1FHf"sWء[&񯙠A.!(q''ٱil ē i3Id)O5tJcZ: '&BKsϼj]ɲN:CN ;TwXS t]k]j>xwr}IAʞ %scA ^N)37pA&9FI"Ih+CȖhEws"q:}8ZkH\/'qykHz;y Z/z$qmcyZ+rc5ܜQT̑\O?^5kCd_`-/)Abi՛f;"cWwR<{I`O}sj)`H\&JS SdmeSΟspy&ղie*tb+AX{[L,$CbE alovxet3~Tw,#CZu|ZB`CFQeZ̈R{9l;U8^Ѵ89CjkOCp_4O~Om)Qb˰V  r([ >^ {sVRx?Ud+Nx/5omMKõhYJ«&EIHS_#'xKW dkM2}Ĕg]Nw/q^}UE N2*q-7&雷p?mzϜ#((=#=k٫K?YPUx@:,0"='"+BY }j}ZuX5i|o Riz0?_Ÿkz&$ p,CĒ}^>^Qq3'j#;BnQ 5==G(jt OoKxi"z5"nLi5E+Y`#>@.0rN-4cPʍwBс6+6d ucN){&\gtX3qK6Кc޿i(wV "ٞ9.h;Fκa8[\qb7fկ|2wbmgbkx{T4I,&d\g)'å\甫Ǝ,z9} E =xui= z%!q{&xQ]@xwUxEPOb`di8NZc$U;=\Ύx { /7O`<U`CM-ݭ tDHĜ_ BTfƍi~5D|ۍyNsgfpgl͇̜i UDU |}D+ƓFټ)rW)nA_]A?fKPySP~1j:F3cLމl50xMBDТp-!-a7kRkjٞeJ nҫ5 b 0y (Z(8oz9-3>!m-vc7 Ogճ&uD:MJU~NfzNɩd. !յ?UPXvX{8"h='(c>F=bNDس-}.bkzkMTO?$Yee'67cֲǮyźYV >=9YLII|^l0E~^=C+mۿGRH[,>&ngN~)8za$++@y5yB4YQ|E$(`UJJA=ˋD@%CDH2ODXG`4k"_ITt|WoK6r2# FaZ"Uy!@.]S`;xr55,,/̊Mn2d-^WLډDzE$Eƕ*J#rͮ bMqD]W2ʀ;,%TY_ ݥӱ*U_pP@w…JHPJs7ĚMEA岦O3[)wZqL(Mʩax@@uUajvOE}?wEg7t` *οF,ԥ:FجdMJ[ܩOoh ru߷Gh`m4I5m3|e^7d zXGM%y aRBiـ~g/;K B4L2`ծ2ecP3< [$|#ʑ_|~W%SH9TN"eʑ4[|-wg8憎VDA矆pi1}ڦ&9!M" ~? +?H S[5~M|^"BN{+>xar"G蛻3!g?LXb-vF V4˝a@ICy=.dd`J0.= Sfksq+u8ێ Dw;HYlNoeYVZ1dݘ!2A"TkI\nˍjKkn9cIR&,{>`z ϵf!yӪ V/19_LR\d1? ym-8K%}ɉ:#{cZvO/5i4 \GDo,T!|;ͮ" h,ms7Q%Xr>?\؝,6|;cCY= Rcb33v 50/=*v񴊄Y0hD[^Հjz~b":3E &4j_ .p1{4pz00olu]piZnаi :,Im> )I[Oݥ@iSDi5),_Q0^uHf0a<;xɌ Mo{3c )ݐv zٟ) ۥmf̧*8/>v5+w]M]A@)W"KFP ;BK~ QD&uu) P8|O-DҢrĢlW钇z#TB@!k/o*!:`+sRs5&>\롺M'ݓ{Wsl0T]U*i'G߾@[٥Iot͐,0Q!ݫsF恷f%_z¥ ""i=w*nO}3.b|GyTW+ <@2P[;+Mz#?s *d?|NѐsVnU=N=w[KųU9[08R:D"B֤2>ۨ`p|͚m+|fm3x^O-\SM BH?SdᯎkȼB\22n"әYS.16l/@;)lt>6EA3Ьf5'QY-13Xd/,\}%j)Id;Ktpň1eInDEB$T j-=9$S }6: IW&]Fq\!6INIM^/i꛽#ubu hy%#:/Gϴ_ڹB+bfu5L`!;&bi`B&6.T؍wI$L"@6QZax"': S>xf&i͠s3fy ƠT.iļCWj%_$>) ?$ #ǾWX9NSipu#2zJy21|}B =?2Έ$~H **R^q%n f3CQ]XR7K9ʸu$4;#\t'*䎂6qZ)_sÂ0t]N϶67 ^/yG5 2CLL.օi DJ4:sPL{l?.Ҫ09]Wܖ"˝Iޢ&cUܦVopC>B@iEv Ocvv'F0)wmTl*^r;qL(.%"xG?S#Vj3 ƴQ5!gCZ@5ĭa( ;R,.91 M)eFV3i̬-(>֕ywErGv-+SV%3JD”6:Q='iRvLF6e|`}TEi}=J{27+2+f #T=c4BA2 PLU2$Q0ExIxc_a>#Rk_T4w_z0`Ed8\6x5eP4F?Eݚ%+듎\zKS Kԏb*r^<9lFHayCh36 a &,=!")B76$Qڭ,UWnK:[oR9Zzw-EA$5zlƩtK&Rɱ?2Y'K>\$|#<1X>(H|I޾ ˏ!:4&ijE %8WgIs%yȑF& xd"\Nw&uv?!%e:9!*z̞.4mɐ ٠vĞӲ)m($ )&`Y_|mMl_Y5Ky <4hsVX?Q&!K@tNqMrǎ-yJ m jsE+EIonGRbx*֎w(bl!]%M( uq!3إp$Gyz..8Rf-$oovL7y$N coɃ"ΪPɟq"t% 5v -lY/;` SNmf> ]cj{J,[-.w')Q|;u`o`۹R_d;EnPi^ LozذxqاR"4Tvz|87Y)ًCVA :k[!=߯8sG=F< Y_61 :!S࣮QTV}gR瞨X`QkK- p,dL!ұ%҂U猉y&HNm$Zœe%L|@<ε@RS&gI7yUц>wե L5Ë3B3X`7Ռ[u$5^'Cz Bq@lL]/J1ih!' n-9/WkXM`iECqѼ#T?S扷<3_o2 I W&3$ m(C) NKge6> b \T\4-16Е,sO/llt2'M+@ tTQQǐk:q=(AYh9Pccİʛ>ǭx_ƸRx5hY3h3WiPϳx~un鍍O;Z#WVBkD1r(B?4'h do;#?bY[C)@ےBO)Db>bT]Ӳ},jD".^ /Jkp$heؒrC3Bt|fj;ːX Ҕ{>r=Ok[iTs=j3gznrz#1hlp[M|P}h\| N+R9$uAvǞY;ڀEjez%.a#a`Wn9\dqq}f*՞]|5T\yeSULD(Ejbo4v[ б-zsOЂjWk8ī7?4zqO4 Mo"\54,9AMR!h)mP>!=m0m9~SAO[ضZfI9zBm-{8:X!(h/`bSlvVhwjtcNzUCtA};ڱp|!V8{ UNgfd(~>uX/:ScđBݿ|p P&q\]f9xsQYLIr-Kјwb} Ǚju&$ pXBs[*?j2XOٗao R?ffe=ksri ` YZ