pki-ca-10.5.9-13.el7_6$>Hi#X yPX}D;L>7?d   D        ( F L Tdd d td d nd q(dvd}ddT\  4 (d8l9@:GJhdHOdIUdXVYV\Wd]\d^vbzFd{e{f{l{t{8dudvX wdx,dCpki-ca10.5.913.el7_6Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\.x86-02.bsys.centos.org$CentOSGPLv2CentOS BuildSystem System Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=m)?1l[#t#1J6 ] S }F}F+ g%~~[G7(b)e%{xZ_,,zb+z 0foxJ76'P8bu}E% *S*L$,kI,A,:+A+3u9 #%##"vS "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9Q][  T \71 0VCCF6CQ& "Y"\><bc q  dF r- ~->E,g=tB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤\.[!T\.\.|\.|\-\.|\.|[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|\.|\-[!T\-\-\-[!T[!T\-\-[!T\-\-[!T\-\-[!T\-[!T\-\-\-\-[!T\-\-\-[!T\-\-\-\-\-\-\-[!T[!T\-[!T\-[!T\-\-[!T\-\-\-\-\-\-\-[!T\-\-[!T[!T\-\-\-\-\-\-[!T[!T\-[!T\-\-\-[!T\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\.|[!T\.|\.|\.|[!T[!T\.|[!T[!T[!T\.|\.|\.|\.|\.|\.|\.|\.|\.|[!T\-\.}[!T\.|[!T[!T[!T[!T[!T[!T[!T\.}[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!Td6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00ebc9f4fe357967b70735e8b1091f8429563a9849391c931795aad650fa346f84f1c0db21c1fc4acad6d16f5e0260cba0977a50fc158e19852e36dea21e4cdfd8e0c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c82a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f62024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69ab635b3107b5f152b0d109c594d30b345a411367f6225df121e338c02536f4dfd9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dd2dc066f3dc6e0a46b42f17b9fa4c739b1cbf2c27cc9197f6900945a14f7207dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c208143ceadf7a4386c8b19a8dae483ad52f07039a7f985a5a012116a83883e9d4b788f7a808a87edef183779c0d3a4609363857aa1c21aacb86257582c018280d9d2cfc0e1f19c31633f0c71cca13eda286d22f389ce2bebcf1d29d022c94a9b98ccec6ab0adfb82d3929e5d571d2157ef9a4f77464b001ce8efc8319164394d24cc15bf06ff8deef0927b695d326de82058ba233500878642d560d2bc0bde3ebe95a1c60cc56866c750a59a70c6c134ea6459a77a973abc6953b85309f450a0225274f6866c00a09bc7b40baef850cc8c932dd5ec5b3666c1854665fc8314f568fe5c75ff340c4644dc3499e6b91f1321a1e4ce4f3dd892e93d10b3ca6cd22b741cde4e4825e5c30f60418a624f71213672f8040d0abce578035e96d3cfa8de606de27d407a3f3e9a4650c1c1b49be68239732577372cf2638f71daecd3d9292b015b7cfeac0813d63b114d76e67a8c22c532fb7f106404980376d572db56a38d141c99eb75104d02d3384b36b75f08d4d13f4cf24e42364783df0678c22541bf7e72fc1b0d55c2c7c01b8a0431a070a2410fca6f1c57e22fd46e46ca8d70c901d805f3129d3d149048bca7afff85777cf6f6b502dfc4253a442b2f7a9b00f0d5b1cb51d5103d982fe861db8608b9edb8e6a32969827fe15e870062c2098dcfbdfb0449d1ca26f2daaae39a9311c9fa0dd5b893f2d5129603101c157a5fb796c27d5f9419ea7524076f8a57670bc6f788415eb5690027ef28cc39ce90569d3380048f939487192af8665cda4b1b35b3dfea4a1c88a3fa4f052a3bc35163175399b6e65e4554f66f7d822b2a27361c9c86c7c9560a3c110f75fdbe0439a989bce076df1d2b34c197e900b7b4d2e0476aece85deb1df7d3f3e3740c40a7701995a24819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4f27679bdb8f5e22e5f5623a74dbcda8215e1909aec6d2505892815dbd40c28931a3aa4dc5921c73ba193f68279daae894ef8af35f159e5ddada1e021aad9e9667a9c2f38efb90b6c24f51d41dbee3f3c346121658f5684e87d429c23a5bc49642b2003d3f805f392607559ed637c22974104ae7d4b5b88b111123db4809082d0f8ee5de3a92fef6b095b834c2dd5ec6c40df918fac07d177bbf434d2b510579dfe269c7f1960df6caedc2f3692eee7091fe359a17bd5559408927e255d762599d4b4655eecc878c1f117bff3640f17544c97364564e4b8e1131f647469468ac8b98bae2e037dcbef1de8eb0f38442e4c7dc024cc5da72898d19f68b8c50297d95b807591f098bd9a92be058f06cd18e076c431b88352201c21d594372d91c650c283fff6879a0b3247f04440a68d98a9deaad95fb463171008420832e7887c33a299c24ef69dd7310d4cb5f802827678c6d7ad7416ac1650da7ededdd1e91128e35e898cc31c4fed5f61bc2e2cb1ec2684aaab5f4a94b3cc5e84d42a84ba57d7d2d050b1ac4574a95547657812d919aa67d3cc17fad85c654e07bb16d8e5626a15b3831ae5fca439f780bc42ea11a05c5cdace1aee43a44102d7464f99f5f4a9f410e0c510402b3afee5025043ed21d22539fa3c0ee158306802cc6a503704a7b2e29c02f8f828bc173cde8a4c84b3b89b5ba563e2971d788f0457431e48b037a2ba523a398b6eef9396b5742d8aa7836133ecf70521ba6fb92bcbd6bf9ccc1abba3f9952ad3f8b9607d631b7c81eb29c8a67291ede8108d056535e598eb1bfe09e39d96c5dbad89b4150cde9f1a03f197b83ca2e4cc50edf44962834813f62a01fe68f324ff4944b30313f9a3e5c5653aae04dbfb1f6c6103de05fe49412fa73129b301e02d384032f942e8f6230fa47c38e2d46a139cf67edfea801e6e2cb9d4dc74c7f55a5fa8279332a8d9d9b14a2064536946e146ef6f13e47ea8882c61bdb1b53aa72d0876c47446ce5720c0254a1169c9715dd1ed7e38beb6d5989320ddcabe2e59a209706beacd214bd086484765ec380d412eca3e8e8d94168387f25227f78f8984070a35f6d12dbaa53b68db1f959601d93cd4116518abe99ab7dcc55fa24ef8f29cb36fc3efc8d31433c21da3cdc7d34b9419be658f77b1679883b53475e19ac1d885575ed8fd1f57b816fa4c39ad963db7af6201cef60c2212bcb9b1264e5b18901a9d6564d44486b891f48e7eab808db0b4657882b46208bb6ac06404bec58bc67603c82f5aa843f8d6a0932888960673ccaff71f3a56334c73021a9cd152d5f2f45cd84d76d5d9b2012793b7cf442bc9b59229542b1abe7c1c069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798e2619ed8cbabd811ee5c8d0ca7e626402ca55f2c3fa970f32ab7c316b2a8d5d4d69a75b878b4e1946387fa6a3706d02ea456fe19b71853b81a878b883dda336b0d4dd3d7f01030b858e33670175f53907a29f8274650e18882b6d66b764f3f75cf53c764ffbcb836b094b4e17ce7756752c89cfa1f737754e7a643f5e988ecc541a4aad51af047ec1e4d89e6d0b466a2b4b5c693aa295649d4c4bc3d716c9397ef5d9b0f4d416a8bdf8f4f0c2e8fcb6a2af6e77b23b916b1c96a1a203633f0bbd917d2bf9eb5a64b45b7deb287801a3468ce15c19c3abc1a8658a66b78ee0b0199ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feecf3d85f33ab93a1a8eda5c558d6b58645d65a16f751ba49cd2f38d722f7f194a8f0e34e2bfc62b110b7684acbc69634cb1f3bcf794758933c1473a7c76ce5636f3c0e875934735735e2db4672ec26b0aecd71513a79bed49c7b7ea5c5cd37f8ee461c0b933bba0823e8cd935dce4511eaa3c9eadb61383dd9912cead9ff1ebea43bd42c72c877ce5b21fb4116fca2e25685173e25371b56d4164d378dd8784f0953d6e2c6c8829a2ce64212275c8ae0b5c8bf1c111a1f0aa4de5c57595fe23eaef3d7f0b60a6f59f1d19ed845bb8eb80999b8d5f95e01c28f8a027ed715ee2e70f196246ff270db8566b5229dcd8c978fbfdd8f45970bf5c940ee56ac2266819112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617daad735276d8f629cb6936827ba522b93d7c51e58390c8c1684fa41cfd7868114935a11ddd421f4f82e7bdef41b3a248dd3c2276ff47446295aa34a1effb6e8e67e6342a29b068d647a27a919928efd5f2b1d22b27fde5aea876d77b345912d7867773345a21b121518fe70a56bdc8c7683cd6883b74781267b6223503405827dfe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121393548048afe663a7cd33536c81b530e559e6e8c13229f820c4dbc167383ba72607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab8fca203559c8bfd115dba0a393f9f573f8a100d9302dee0f78d3207bf2a4c02828b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6abf19d91086ce880a7a6bd91c1a5bf27c0c3d01e4e646f7617136f75c6876ba7e9bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e046bf1169d8c217afe1ccb628d6dc722d255413ae0b658637effa7b39bf832bd1b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.9-13.el7_63.0.4-14.6.0-14.0-15.2-14.11.3\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd10.5.9-13.el7_6    pki-ca-10.5.9LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profiledb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.9//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !#,]"k%Y6z(+ Ͷ, b+󌟕UDFTg5ۤݗ[?be% ڍhj,c5Q TGKIOXeDHQS[dHK 6|X'ݒWz&Zij@ vvZ"$x!O\̜;}y<.vscϕ-_FŬ6 ~J=23  F ͣ@7i$%8D엂-F@:t.? q_=:- 0cXC͈=? {jzm ҇ö,%ƒ PQc' ?1iOʲf;$E mO&ABkĨ3§2= @U7&8TG  ?qx64hN *fJA 8w-6!bݔľ/<% 1|}Х(Ӷ8;>8r\at#xk +`igAR "ʴuI~M3]J]Τ$HFܷ2q3u5+tF Ld$|U'O@ȼs=Oe>|2خ<ډ.siLKӠˤE"gV,*FD2OWը5FIl1G;iPqI&[@d*%8UjŽ~`0,t|:o'QY{mnowL01b́SЙҩCzSX+㯦P6E9AKQK:( n+V,Ne#ݚWf,T4㻼|}^SDb) :w*c=l6ގP8LU֍_Uo_'R:!OյRuj(U6@4la;$T/GKNF'U7+Xl9{bGg 4 7cֳ4$(qS%3808;T! cM`z%ٗ>u?7Ȓy4:fL/%`WUe9=HJo/}⾎/M Luy\PzL ZI7ո SvM``rֲ!ob?#@Ys!/"2]OTҜQ-d Ptm_ b^CO&uw? 9\ EWe^h CC9fqǜDn>Cb>x/!m-6ukP8T>zHQSwc/hapucKH{T&ɼoq7q/{ n؆ a()A'X&:],oݛ+!ם}ΫKBKQ4(yS*(XEA-TF~L 4M2v$>/[Uum vp -{O|fU'k!"@ ^/q@8r+VU)W,B7W?pI)9`@d|7xX. [Ws\ <RC %h=FA a06;;!DJqn Z$p6d5NnuMD)ʠF1 ZZ"::dVF9hX}ǚY軰ɪ_PplPS* y-2d~բ)zJd(&AfL?hV9mwP>gڗ.K09&PeL$_xGĠښ"\Pո%.JK]oDT$Q c@7 mUd8x0oZ{wI` ƹ¡WoK^8rAݮ?WeAg`%( d'ڶ9 oϣ8T TlKZX*F#9藒C^劔KH w9=(juFyW-Yu^VD잯۩U(d?LY)ȩ3 (ZD%`wкG=DY7b_#٪ 5#Ӹ n nމӯjmo[.Q@R L/] \M" Ei 4jM5?y%*5qJjKŐ(\hUcܠߵtF 4Ps,CĚW 3o=0Z/75t ݿף&1y'um1 3-OH $댰Vv^Au5;j_ޒ<s#̓CINOd=K2F0: cH#6Wx*eG{6z3!4t^zN^S)L +N 홒.{w`[\B[J!Zo3D~}2c_xٝPfAzmDŽ2]ya:K9|J]MLDLayۋ ~0kٺ!ƨrC`Ō?~xħ[&Scn2.CL#E\goyo QZT2j_U]ԉ*a ^SEX!Y;V @QH,=uJ&ZBߕ;h)u78m6 P@"-gSеksm8C)琽2>"9 #ÅC4WIPtM+26yz$Յ _I Ni_uO).p4T=1-4Ϸ_\vXTbE +~V6#IzZB՝*5Ckt 1KT/}w&9@&~R*DB3$X=7cr"ݡ\6 ʵQ0X*ENyʱ˻M0IghL#TD@sT=EtZ (d`5N5+kx hro/z3%֗=|KީR[$R)\0 R]h/C͖{uc*LR橯9`jsB̔y{;bnЯdW2s/E' ثX43NgxF?̐ʦhKDfݼ!}U_XrbFlbB 89Up{b37R8an3ciq?NASIiBTm]qN.*׮8̖-▚;-! _xցtAjM$~`AHyRG6ASW!}dצh<3<O x h$MP~k:u38(=*%Fm\A"n o}:#L^7ǘ"HMhDŽDž!Ӡ__#{_QT:0(8ì ?{Pihsm Q_҆E,%V5}C~dB\@G1䇺XЈ>7LS^/6SԒ݃֕T#(#4xm;^͈\8#&pHoKN-ZșovyApm;X^y¤hfMXUuCƥ6چ*eJБ67,9eRJN []_Z!I7iSTޣ'i nU8K#.=Ϙn2׏mYf3\ W=#kpix¸HVc)ZpsEl108)vY-E&,J &#Ǵ#n\mGʺ^psbJO@"9 dG.}͆qup .cSlFn^ѯSzVsLdzXLDa1s$B0&1k`J mdnɣai$iFEXpalӬ>;_u^ʢ C$Uŧ~hg gL*?1ֵ,U}LI̻wvt%b=)F)Xa,+Ѱ3Qg*G(?+ Ivr8cd},a[# p{{V1r!~4{9e;+"u| C}sDƻ[ )9XNc:+ؙ 4?x[IuNj A{+/"/ОFG #!UV2|b]ɝY|Dz5>t$,JO=;PpLȌ*",by dc٩#fd8čqv*\;h _TwnMʁ,Cߥտ*IMk}UȐ*Ѩ(^8I?t?YfTCAE 愧JOKNz(t^Ў[$DkplJ8?:y[6g%鵸TknZsϵj).Xjvާ;(@LV_:na1B#Ofl)ӎa*hڀ9?eYN}DNvL(ԯhڧd% ,fp#﹎'mW u/ax3TZ! ..w0@.Bl{ЄJM w#̥qQGZdUL졙! KhXj积fqDJ" 6Z2h?z7JMa# ɔ_/?TF* M<{7jw*5 FT[QD/f6n'Mp/ jVmt"q-ѩfzٍoNcHbAEbLR/fsBu  xdfencKu3 K I(()un2ON6}FN~"</֕B;3G m K5[J}㞾w '*qxR5NT]@hB.uDA*P&piSu;z4%0q`DzD$"߈Z fFj#bݎÄ|>q+VH%J`.3#owWk¸K BӴJ:iZaЗ)qX NǬ6㕻w}=dUQS8aC$Ka>;&C9 %VrvK#WA A]N =hΦV^W.[<*V+[,p$VI* QdK udz`U^B}^2`譈܍_Jm4'!!aPW :t5QD Bjk1m !ܘ›۠9nS{P{OdCX:JWPlDrc0H(¬aW2pWW+jXkʬe~.V]auX“7Dd5ܯ]ޝ߆\qQ$kߥouHL  {rҪͭZtudV2? A(|yLF-xo0mÙqgZ@Ϫ-k;.;V "UBK%l$s.p{R/v_~y 4;W%`9ኚͫ?W ,z/+O;d-"tʂNY1'rh}+y K!ɱ /2;A;BdnQŊRKvQE?"e_AXCIH},xtHv$g{؍ƱD;ͫ]O5b-~wuFk.';^fU6خ:*;Mz3c<-۷Dc! 0;c<]NJjhO>Lu$'%'r0Ίl5-5FszΝX4S{[euStL$Hwg5F72^\ 2D r fgj]_{$?f-Vv|;eͱ,޿wknM<n17 KzqO[VX5WE.uKw:{کwdǙbjj/ W4(uMB}T_tH˫&pmP#K|Jގa@ +qhMꥲ F9]U—3ؙat1RM:#.raO{@~A@Q:WAe9l Vb,;8Qp.Aͅɸx t?o4gn./*9'Ml0$ڭcIi4 cyR L%?vҷ9{ZŶzFPFO M lڇVS#t<&2UA;*$ tw5vsBxK}3 L?1'qf@Xw$jrԕy;ld`[|_KTa4X8YmPTD.J{< 1Z4aD4]B3*Z9Ɓd ƒI"!I"otQgzdh'/ٱƔ1Rl0J/1CU)ւ͒Rhݗ"8.?պiQ7hcSdo "Ij" 2B l8%yOoȧp͎4n灗(Sl2l Yۑ}vDYY:[BY*\'z8r}Bj iQaK{f6!dwYiLvET,ܖ?vt ]bk--7Y&auZW ۧJrb1]DIm]Z`1|Ž?ɉ>`jmTgH"Τ5GO9&3:'kp9Di(K.C_ oTK,d}zx^,V}%=1L*bʏ(hZ~H!%;6--#lg^ԗ-7Ȫ30Xt󖰊kd (ʈ6\fFAg% *T2) ͉$Rua. eJG`KkIĄݯ|J-&SYmi«v;'N( !ⅈd7𘏲=X'3ń5ZKbȌNAVUv_;GapK^ ~hLsqk? 7,(Q 7cn/15`^gW_`H tA1J,zoжԩj짱 g'v;G`D:2eCV/6n9]e8?'m Qo#x"o!B>0 @X˰V"}Ka<"9 z9 ޘTF%)CD=}y꣨S-SS5_7^ GTO<%j ѯYX^N%a(l{KTO9;cMzk>I`PU 'jRȜ ~/Rl_\DzܬģqڎΞB'>S ;I!3T;swj,RRp  }by ptPSH:/W>aJ4acil)gyZ gG/-װywc*AJk " B X00/%'ꙥq)o+A4V/\4b5d塂tW$@|*Y{-57k>IĦ6΁#ڿ/j$*OS0(R}ԛNaAJ,#Ź $R, ¼$9{,0OnEn恪N)D}L+/\N60H|(z0z(qM蜑j ŽE wx/]i_?V]:A9$cB3J8-Kvr0gjg+?\>#@"3K.285w FI'"ƬB?C6]Ҵ?%3 ܟ h?-}& 9?3TZz02u"2b-cR:=hi~Ws(>dcX5F.ܴţLuVdz&ZS}y(:ɫ qlYLs٪*EOlS9-ms8`mLwQ_5 DW|WkA :j*+X:6kOm7{: H~gQJK9:O>kg^F$y'c NHK`РcTEX5,UTe:vm i^D懗S>{c9yQ'hGn$)>5M/Y&uKn=&Ag|x`g(RZ/Fqxc_&k f;k~+JKu>l)ˮ;+ 4dԄY[\ӳi9A_:|H5ㇵƔEp\|R"׏[Wbi{fl "MݒcqÈpZln?T`M@"}-_ٖ Y jClL-2uA=CI[R9M TG_][z:|zүuGJDl0GL MK>WeL$j"L`= apk~@ ]+Y\9(hȱ]&ƓrYj\f3:vHEUyIZG4l[ Ykx{hKX6Pthuylt $vHK#Q˸NJMu!Ԑ8l=X b.8<4YvNx!kvEdYY| 9bAGnبdN.R{vZNOȥ-$x 1hGs' bL7jJi׹]%KBkǏ ?v _~Ƽk߇N9/:tfNwR.9& ) ih3YȮ=/U3Mɪ_o֗;} DR-ێ Q2slw(/\7.y?wTmקLwchLO|V3k$qh9/Nj.(r|^gNC[E[[M@@xv}'-E.5 6de_a{9EU(90_X!;1DT14<^)kmDVtP֥[k?< Ѫt-zdl37 Qf;N t73PE-f\>SKՓ.nȒ|@Z8Ό,o)JOuʁiX dQc^tvbh%F~^@I; s87w("KkY.OK|Ox։~QBqv5Cp Gѣ.A.j[$]!›by(@b1z2)WF(5bv@N~bP`/Bw4žxymuXtYd?D6*B5b5d.d/e"dv:ƿ-c$ׅ \9ڄLT#݋$P<t[GU!ߑmӣjE 3*2M52 `Of' iE{0#%cwo۸&wQ܊( yU<-ß*`ޅ^5ꑪJN1( Ƶ$1f\I4hjUę'B QCA3P7f,0 . 'G?|n[$'ວ/cKfץ[ &2<2Fqdˁs"K~L1uJ XwI u*TbWHےxp)_:5lo4wǰ,ZVEN`RպP`|Wo~ʍ}A!>\\%~ãXJ^Jnʥ+b|u[jb",p4W5sÊ~r~A겖`2љ7=PԿR+(mɨ덈yx !)`Q:8hΉ-d',dV,<_xٔ &Sv|!/҃ βJv6BVK8|H+tjcF:T06T ͤĐy% Lgtoa 6/fi;jkѴ;otG `ܣ5xb|~!9tbŒth%v4+oxM7hJhDڧ/?x4)hPQ:5wۆd<~3@1^.Fo' MhWubl}iElBBűn[]c' 3d!@t ֵtF rYd dCnhN"v|b,9(D9;VTdR{DI12.I$%+l TZ2Q`å\e:}HsndoҰcDc- NL61TnG7ך=Yhh 盺~JтCۼ~o?Q>81:P׏ĪQ"jXKvo{ KWwRMb  r&v}fkmi+ƫwȒqt'ep$Ľ6'zI'ʹqE쳒IS;׽Fqj0 29"CR .Ĕ1n= t͍ͯ o-Dkݘ`D?UD4Z;q hG,8a9. 9k|5Y:4Sp S>DtTtDcC@G۱-hPќL}2~%.r˜6O]B 9HKH<5%BhȺ|XE}(3榸#npH a@%\02xVzRW9_E$n',VvǁAG(^=f\,#g5 bNv^ĀȘ@'Qþ!'l^ ?xM7ZFXaN*ߕctE2>cC/6{&{lMVŮː @dgGl HVLQ'{+~bǚGPݭ'^~Ԫ}Hp~q^ q~y -#=n< S!&d{r:%rᆃ}>;xd׬kνQ1{~c ovX:ʮF}un4p y6ar;\/ 7py+>peOW X'"D_v/X'ĵp+wrV(}aهO&+\]h}acܳAK)ufcC) #iy& 8L0ώV͹I UϞ{3 !^gw_+]7;RX (lǓPm:H7'л.Feɱg!9Q&ݲ66" ?$xuh8᱃T2l/?}jJtN FK0kS-I3Mnd3\NV˥Ō3؀ऩë82L$d>*= \oYX]Z1&=<ۚ t0 j4a9E wR3E{ 6^};Ef69 RwJmխ0F?zDP];tO|mAMRd'7gO5:^VRg>ջ·9i:/pRpk^ԦJ)_]5#v@UE!7j=#Vce&]::2cs|ϋ9 kH6X~vwJ8(nIO)BOG8w\\:ˉCC+l-ӔuVIu>;C:]AA-īVmK(ROQ( '1ߣu0n+Cs1+x4QbCzX"+\bcF>WBk=0v=/p*m=u2cpPAȸW׾hQœ>Fip zLg_dJ^D?g5@(c۪L vÈqYN+`"ax`fwȖ$o9F-@'Ag:=X*&d}4Ek ?DP;k$7SD1T0AJT)<,$I zNj]!2V큙G)@o4T0Y$汛4%ipX*7ϝoۅBD>|ڊ0oD0[Y^TFe!r/?w2Ӕ+De\~ Zy3`PݴޔS3,0^~{#⡀_I:&էze}W +b #51K|: Qʡ6 4ɓ%CE=Cԡʴ?FQw/Ƙ0#CKLR;xVѷ'QWc#ekJ `*9/5K wH m]\? ȝ䗼!Ƭ]J"9~#zyX5%K+b$ 1³nP]C;+Ҿ Y2Rz4bQ:23!^3K M"-5#H1>0RpJ!_F 7o^W5O"nEMpJs$u6D/2Wr, Jx.ByRit8C% ,gjasi0'|x@Wbݚ:Fy`e(3T= 2CrMAJRW }:OZ[Pd]tHpvϏ@%D0r7X0m]L&W>Go^UH"HHFWYm[~T% @ol+:eT:on{s1D OU0[3H.)\(%ZNW6$τC[Lךe)TBaazP5Mh1[`YKn C3ZEreL0xTh; 6%T}diJ *W#P zm%PsZA$?ep­7Zt^&s-STt7Z|Vk19lMMWB4hf퇢 t -#ffaQF 뽲PI$t+Yx^){h5*TGAV5ZPhJyuݼk MQYh>:g'du/`{LM]8?1/c1ܬ=n&ݵeKjL4g]K@'GBTR>\Yq!*t6al04/U4E|6 M(Ͳ^ԩBdT{THXVzh ZN^=ƀ7ׁ tEwޕ[|NB'j$0Α[_/{+I Ś-X5 jZQ*ڨQvLMR5# D=)ԓ5o=d7(5q]Sqp/u""3[fU+-ZOFd4(%IʇGIAڮ$U$ U.#UUVoFb) [.%_p;9(3d;^7bb8m0uGȕӖ$\!CRdEǝ3N"LWUdrS#H)K foCGf62SWG|!H'9 Ud;eKF%NBZ ,bx*H Asø*EB<I{fyt8 x|*%YA'ͩK EYDƬvQ[. )JP v+F!yZfrIxœgaRf:(TcZ s+ND3ȀjRGVe8RoFpuiX*vsd^K*k_e[Ԩ4J܏ԇ$@_BoR0qn5#08[zeGO ڲ V]tv/iN:s,ŞH9o0EG 1.L׎ve7TaQgkd06 Q7Zj_G4܄+Ce˰֖¥u􉂒 |"ߕ5-3̍iAqrnxԍ#vHɨL|s}X-/=닣m{ʖ=V§BcۺktZJy`xFySl[kv [YIù#^Mtfk=sZLaǮ{zC(͵K& e5_Z(O08 "OӂvOSaAu@ 8m|I.ؿX(EU;D-# HdvotAgt!li*M[3GQ=hIӚvqhMFZo/N~րY4WuL~mDYBYS,Te4E0(3®WņrrBr eyN1eH{Nz:ndCV>ro\J9;ɰQ)#EI#D)sR6B5oS|i( M{ƤW彤B) QnƻJ 6YFԙ@?#CQ8uEN 4 'YUlETZNUwKξ%;[-?UZ+){.:5IJT]Pj-OuIf[n[ wVw(/enN1b|q/+ GJ60e{AS(&[ s"n%Ŀ]&ܑ֕8m1b\HZ"-eE8UQ&P; (3)A^J?I LDbV5#[ w +y  ")&Xu2` vX?Bal>ck#}MjWM(Y(f#>BPV.Z8;l)|!ə=;*"+ˆw c0ˉCj-Jn ^Etz`:8Sٮ@op[Löd+JOUO$jR왙JdbAT<(&ք=L@S5^<heR.Ӭk'; -j>ٚI!/U p|,EFP]˙@3D9LꮡKC@o)|)ڿtU[2dV_"i@< >6_M+†!)݉7eqt:e\dP]T'| d\sȉvA/Y0/2 6Z3.UX'MZqljg5hu~ԱɄ9ZW: <٬=lO{cpR8slk\PWQ@޺-8_*smF+sy&q\5}W1H-+XH"WRo_-$*1c<&*}F_rpgt8 А;NilSy^>)H$!.GZj&q%O  Ra]˛}?ʕm0Ga`,_Fxݑ|JغO ~/RZ:EEWoAⲱ╠ݔ= u1d>>Y3ض3֐q~[B,9gÎE ?$RPA}֠; O;b_ti<>"\i0wηj*:6e-cn;/ٶ1n1aLzjt4ƜdpsS}IOڳB* J")]z6='RFT跘`n" &&ޫjCG+T,d]4 뫥ީP؂lm,]pꄫce~bV gơd*V{vG(.؏'<)Zs7Eo֡MAn%[Քg3xy*yvh¦7& a|еDŽm?񥐰em.lsv©;BPcCuTV) MX^F{挧Y;iba8cL#4ړaV xIsqd?~!%KP7,La: -i.eЍH~u0lk Nυ8GpZdv0&e}ԍ) ![$qJBKHu0)*m&FiX(^A,;"dOYZŬ;*0׃@Y!Fdze"(|o!vsG}Jk$oTUrWHtM04_ܢ-$#o,{J1! "( [Wm3u!\n2gm5'PUo KThyG *l`=Z %om>\I6I):2ոuγNK)p`Ւl݄x`eZHH*D)cV$@}uZ7#Ͽ6Q|Bs/׌e@[e V1({&crQc_$ԏ?P/:s9+d^{6(iT(Q8`^o*!(Frw[5BN\B\9 /W+VI%Ho7B7!ʟYKha֧ h~\dJl~ 0mRdzW<[VWl9n#hЛVjiMh1Ѽ691 ˆ~5ϷE";k Q>&c[O)r,͏p3D0m"E,AC?gT1Э@PUŖp!IqKV-D̾Md~DC5ZgvH Q烾`|]274`P[:x)<K P i5;jb9.žс9bRoeD_3rsCd)_B$K:㼃TnO J b;Ԇa):r Ӊ+-*™o߿o[>G-ZAcMjZDJ 58Xf1e|aX}te eXy2y0.866v?F,+cpQ F,l.,FN~LIt 1O߀YFx@A =΋z34i|{knuI 17Ѧq5VJ^C9eNf?i2[L+sEDR՚TRcɗ峝O]!y",82Y%]g6! jnGG7St[MKV/?ݾ&s+sX|n>@ YN,I.j&޾\74.7^Zrd9<;\ԴXI}^{&ʁsEcoWBjl3 9My_Wsܣ/8Y Fr!^#9X;}ޖ@]\sD*#џ]s#-fO1F&IvZ8As[)2VV_uѢ4~}b(m(Y+-*DN#\Pg/OBtt'O\xv֮s9G{Xq >_kqZ)/ f-t`9͓J[PT۔4FB &CijEqOԇ"jPF%ޗ9q5<0w=_veïJSEuMvxl%=zJq׋ɃMkxrdA~;sԥ>!ȗ+P/8 _;ͨhR?ZҩlTs?%#.qBp zQZAE[ 2Bcl|5`M8핖y5@.(ǫ;ݵBLKvO+_4Y3u-`ۦl&}/-w6Wмt 4>z0hAC+k!S$ P"og.fuZЛEvL!{zDMSxuѺ\Y.UN, =0Erb 7I,}F%7"(BS齠}@/`~@ٚ YI2 ?c_ΎDu!%M߯Ñ=eHM;w{4\c,!X\&'eH0B̪ Lmv-.]r80W (k4E!ܠޫRV ~ bi= nјTM]hᏨm2% ) O\RK*YY(rps0ȴNզji80kWa_ߍ-;Y԰TL{=D@3KH(xfd/6Ie{IcY"H8KmNΒd`je-R(n EpwyO.I+os7}7茺D/r_b i !?󑂯/ox}٠BDy~ Ti2?V)[E \#=_ߊX_HZeyV| *MT츜l,Z,XQ]NJR^ڙW#JaN^M͈^4Q&8T4ǎcx*pZSH3vD;uzp(M@0]喞MCM-\2i rMufrnt0)շ:Lv+ˮm5^T{Fؙ=G@^v%^苻BeT2N7%}!ʼn80|!'űpoŽH+vuI 6܂EAGogɍ._d>[1]$h\O(c߷m%EͪFM6#|1^pW^װ|DNm9=L&34Y},`aqxkNY^v'&Lzդ几q!h}V&WOevyJO&VoՕbiFlBrD،^Z&N՝+f3l@k`+ĨPte2UG>,ab%8.N _$Bz˒,]87ZY%Mc(G "oӸ!/KKis*x˚ JEh=Ut6,RB#haƏIMg6CX+3SsMFn^q7"9~HNa 5E<`0_>1b@i 6vNG ɽbo6Ѫbٝ&SREjAC&}gC,CE4ZN8N)NͅY M AI1guo#|&^2IiH/,8Dv] 90Ζ \+= ^<3ȏA̽=ٌ8OYmɂ&thQ=/VU#٢$L`BЯ2Z ܟV`Fb {']\<{ nXmZ! G2R"ƫ5' 9N>E'+v7bm?zOp*1Ԗ<`jB]1~س믥Ƿua0+o`uOt|P6`7OO5}och:IOiV-M $^du_t sg(p(/ufvB~. rf\KFʅF(<fpjҧڴ?pwIyT!v˨rn3hyշ?NL%\mgm*:fMoco&#+sXg$ W p[fzG+5CΡ/;G 5ucu(Nū6_0feFxraeS׉]+>SAH٤@)x`TBϒ`y/bc~EZļ ~܊WTT8Wa&T tZi]ru,B@{P2AmdyrvĒDr%y?bRz' s={B擼nDx]i_VL/Ǡk7Z4}H+BUbyş yj7eSߒc:Jy9趙 /ʉFSBmv? q˯-ga\ xElآ RZvM2`eԖ69mfkB1&c t7;Ru_sO&v<(MWt8 G\B(26c4 p2g6t埘wS J ?)Iet_dlF |>R^؎H5:[eAm ɾԻ">m!lql"vA!Lc{$Gѵ&a85W WgDUy٣Rd졣eB)4G*:1'ĺW Y>Wڭ=N3+x' ƆPbsR61?2K q!^HgŽ]85g>P EL ]dnLﳴ9\v%}GmLqN<~Rke rQ|9K;qYauPlR;ijAz kGEȆ)Mv8'*&zʬ[2AaT~H4 '*m*7m;wSĒඊeRļH1b6Dai$/!Y5VXس;Q޼w0?z&eǾ4& "o[_xn?W*ku@I8*8vTØ=Y{ߔxkk+o{iu!|>#-@Kkm"7P}=5NcfH6 B0 15o3R8*ExQFhEofezR՚zppX&8x4٢v½#}!wD]^5Inz@|B6nRc7p2rS1 `GFJ7{byӀ_kѐwn0)\R>:j[4n8dEYC4  +'v;* .JEyp<+>̒%iZZʘSC>Ɍb8كXO?qdgo>޲u4,}* tY@u}\>H>q ǍF3?rBMR@S};iB^@ͤHo&ݽ/We Y۰E&gO5T #% ҾKEj"pyYaA6[!桾ZE'JUGYI1 7EWe=:U{g N^SU$HZv$H@8A3DP n#<$p&̀ $Ol{7O2H'Y#%[׿@Q *Ơ[f!uųmܮq^Ĝnr\Ԕ Kw=>cdȍjʉw hQGV >gkmZAW4vv=۪/j*;vD"UI:(QD}1Y,m`Ԩ Gڳ·242 g2D:Qň'Z81!(F?+E}.;ectCLovfrw 2J{6]s7+*(l6Q8]ʆv[%ކM%'J-srJqM5MNnɅԼOB?uYrTUJH$K:1Zذ dw\ $.A֠ڀh+x(-7'kxwt#y]j\ E!!!,9w"9 INY`SxK ZDY=F'0zI+7=_EŘ:d KZ?P*!-D w!q[% C/ZC$R`sw$w=Ѫ4P;f Q>cJ*_lLS? [Ct_Н-ˌ^0"{7Yh"4ͲNrmFN fڨl\"#!-Ie=Ի ,0J05V?$U%p; ?&AVx:抛9ڐ7m*/"WZF]LAuQ18tmvlRՔr͆O@_\֬EÏG؄5(܋KDCKYYAJy1UW̑jܗCr0;N8\R2@q iZ\n'KV+ZK[#J] vI AQ+‰Ie"@aGOvȕ[( Ym]NMiZ_b(3u]Vl_DVRJg!*PuȞoY9zwxyt e,QbŦR }ܽXQk cRΡV<#fEj Ъb*yqUD]T ^HNx4DJg?qx KM@_ PvS HU' [b4h[X܎o]Qk- V׽&CJڹn)f`ѷ@  A;GP5NzM,zk'[](}#MIt*tХeԮ*4i$DI+#j Xbv@E_zk <@1.c ʔ)WL?ZE@۸ 4ijq~q L<3y׿Fr&@!҉x%Ӆn&1DZsgF0qh>׬VS~˶aYNS΂*Qa Q -cQV[D]q 9u@w|د1/%0! l/j79 nq]F@UL(wخ[Kԗ1s`;K1ޏ˯$A V]udu ?|u8GNFO\--M!q^q[zK'6 > grb Cx.f(t~Fژ"ͻ_Řdu]aT6kHR,RBEm!G)7+YwȦތ~NLv` s\9%Ny -!W?,3ɏqoIaqgq!g.ߥx) %hr L2FfU8& jW!xEW_J(X sڡD"I̕dWI3S^Ii)A%sS[X?Ht?(/*@)_1Gٔ''^@O!Ϧ,S (VGTF >»^Qr#ܪ[zēm[R:Џ\]dd&s\/kgԹG_"J<:]̦93l, 4@rb&Dk4z9%`lH-ʲ:;#9$ Mڎu ];QueG3~`)Fv,1|t݈U\e\h>Ad㕑SCMe۳.)N-+̹w+;7'_5Y0"f$S2% l 8$j귙 (!^wmA\LK~0kYte92{^ ^?\E5o e %`ENzNn]B2,&Bx7naH`OShxR螭7 kRg\kZ 2Sra/kY-p8=݀m (Fž^UwK|B")8aF rI +Zt;;Zc82I3?[h7Td-VJ2eF%-k{tAFeǙ Y"Q#G.\IjNrĎFϻ4'Gaw2U9[kZk?4qIɚ~Væ$nnu5D|͞S1ջF-S*xT67.6Rstm_SYtƟώxGM`4q 'b e8T[#1*S)^O+냢l6bOoVmZNwהDl`9Hp lE}2od9(y D TOGR@Z,~÷jcy*5 هINE ~]E (Kn9\'悋>\x٧㼶_{b{N^T일i,tVZ k=cUzprhW#~_X߽J?]}5|zH /e6ỴWew%cf(%OUHJiwʭqejq#n(L&~Ƀܕn:}Jwbw'bRmg ]&d[G,rE#04)ླy.2$~Jw]]I,/?7hMuL9[7/vp|5K?\R @i[8'P9aUn,&ԏwxpù 6&*ׯn;[Y{M=FYKK;⬶X7X]tn93{ewS_"ڙq:'>ډ SU۰z78WbG[RUZax`#7X_d l^K'O MY+zǴxP4bc$ ,{s#9"[V< (rg3Ks-bO;TWB~(f 4?6o5 -㏻0ꁘؖi"O t3MD}r^C/ f\HCIl6K%ɬ$%Sxizn/npKdؐfdzMկQYiq5>Y>[sD\):+rbAzMl|X,՞,у v) ޟ7FxihzP$Qsb| . kR WVcD"B9) sm,j Rޚ˜sWJ3cg25ͭ%`i?=:\IuH(n2l[ P9i!9FRC*.qCu~KCR\6L9ҩ Rw< rk7.UC,<x:R9<|,e)8kjoA~ xBa O߆9EǍy^uXI<=vK1=s9fѧaպPewE߇7 E1`\%B`d O9%N[yQa-CV Tp*JMAvL pm*K,Fڑ[rA RVaM+η8WM_MJ1Lj^cGV!2v,~Q3\n=&v;7%MӋZ|_-蓹`C.m. OM -] v7-eʡP'bӋ 韣{";՛$cPmU:p3cΛZ;g3 t /tm#kpjš'ϪǷ2sxV9OhQdAօM5y*aAŶԫM u6{+.w)3/\hr'P9R=ֲg%/=yrR@UQ``n.e_%]I'ww^%ƃQ*jrZ(J~m|/l荫 .h_x,Pķ$SA&$|)Yjm BYZ1$).gUQ&x3D5|Q}fvـL*x:$LALF$t5*;"լ!%o0J6XcyXڮٔ/-Ǘ~5]'r‘R\އo=rM*Wmj)O`,{Ôoo h]8^ṉl٭Pz"5F>EO {]|\6?}` uT?L:YbRtzC,AR"+{h+HUxZ؟4=J;* 56onuF$*w,Փ8rz;ɂJ{| ] 7nJ2D#0jfkNoirM]*SzI*ZXlIaBݳ~3[ J@dHBU2`*#lv5ws܀QlSޥ|bުKoAYR/ulQP mCNULKF>;O_GTB2O|RCB@OabH-E&YgH.C9_>?Bg1=khc$%n;2oV+ n#xB2 ]G_uW1ap} 8d剫إ(4>jKBx^ ԟqklN*2yu U-L_JӚAàjGι5Yg VB Q~yRbm=!^9λo) U(N%x3pRYSJ6C-dL'CvKۏ! o0"{kUκ$jWbwyЮ\\|.r|p2zX;~ނmݪF >֒Kј\V5e;%o=̩wZhRh"++W9 DF7Q-*]ҟy@ˁ/y(>}wL!J FVGâuqs9r2!4O"E֚MH8$7,4`54L2 ? 1w3~BEq7Wlq)&{ \U"j")1z*B Ք*O9bdR}oS a?8X5zxg<&5$n1.=du ӳ\aV"mTi*'{x6Ser!NG- 5i:l._M /`0ŊEH`h}M>>ۊ&N=k>4d;v+r-q=KJw1[`$\ YSK.6d)H Fy*= sdaVlfd*iOtu~)c'Lõr ,A]J˳`j?GaX:!TcOF*@E:81aɟVQ[Ҫ-4dc2y &x BTkΆ=Mn|HzX;Zű{4@Q ;#le75~YOw0^ {sߍyq [tkiw?4+9ZTY$PBb~h9^- PʚįjVLJ8sDB6.* |~qDnd֨LADV@r{ mIKQ;e=Lv8*Vm$,TIll de^]ϱ iD%.?[0IKUw,ٙhRnl(3X]|qRk?`&'NJGVhx(j[Q0T8Y]Dl쿣,x ?6u {:,dtrCg>$D!91#CksWFp+6=qlX:DQm&T}"Z:-r"Ҋ͵0fhʫXǗ(x^U( 4w2'{w#KXT26u3% 4yb}]>ǒ.&g̴TEWl¼o tkG.-1jc '‰L,kQ!Rb=>q`gQN0>98yNbhwys^~8 'G WȌ)".uD#@?l`B $2;,fBX(*P2H!+u _TTO'W2kb>GsrUG7 XYs 'i-ml=t vj<+~DO?F*.?j/.-$5b Kd_GӪV0aR W<_;^e`AiyRF^ReZWM茏Ɂ_#aQ* B_9+$H'%>+|v)?rRBMEq+Hڗ}"z#cA eї\MVr/,=D OD7RO=؉99w7̸T@~`3<'X 樍j~ωU 5Nً72Г;<YLht_ş3S\R~ڭVY|i5m3Հ'_]ƮO gw/󧲧p#沰uQ pŚ-ezҭ\8 Xlf$jfEѵ~`6OO[π 6'*rkqs. &0YFQrf.J|~qK^UĔVpGǂ1tS+ B*hV&X,{ +47Udinmw_B2mCSDŽ1~KHL'Cq6j*%%BѦe՛-?'7S0]K(g Huo}?u%$d{KWBoē\F}3YeTcO5{PZEnSr3֟P@l`pGNUg 0;byd*_{\`vyj9zjAwɿ&a{hP<*O P;mA-l_Qo%%y?߫|쀳 q)T&uL_ M怏y>]JLQFv>?^+w!^*r!aE l`k_ӓۧg3Tވg5!W=pGmmEro`eQyIop ݩMR LYGle+g=Ug[[CT#7c7|ΥҪRl\5Y+R>vvd@LG]egz%(Xj'lTj}fD#7;ԫ}gܰ -.WU@,]01(}a;Dac&jOf5žTyO823*f-|}uq[+1S&q?v&r߇Jyq weH@n>({юQZ&c d+hxzPHa+2Ƈ53X~Bmo X#Jpb l1|H?M 63SVl=r=YW̟K 2mJ4)K{nGv)`6PCha/ kx|!:EhH_UBǜ\b#KRJ?Na{|*In}&O!(tl /vg!IņSbZ!LT>[\>WO6\xߜ@n΋.%`WM:#f/xfdj{ܮ2Kq ¨R;U%%׃圱XC[ :*'=i~by.| ȍ< Hڇ-7ā0J<}:M8pʧe@abM4CZMAx?xL/\B}F C8[lSSX^REcNj3,!Ɲ뇫GC|H9g1JFh۩|x|r#M5sQڵ4,S WUЇj7)|`geP(X (x +3EITy+uޕNR-Bl/I4i&淞4b19Ymݤij_gmk>Q|'݄ȯHH9!)Ӣb+sfwymr0tj}YcpW,EVPYږEĖkÀ9-f)Uq Y}J!Ia(TNXܑ.B"z2 EZ5cGV -oIBlju(Rfi9( iߵcomRAD"\7uQ4ڦs;?i/; "(9cutdu1^4s4inNCu!@o/U9P?r0J3`Z=x0'_KZ\= 6!s7H@,D/k)_ё!.‚X[4ƻZ D&Lb', G5Ima z[ B)9IKLv?ڄ0=&q<̣nGYDl~:J66úo:Yey<2o`\Q%G5]WcMetZH@2=ňOOd. /Vǿ n[m[a_alUJ6vEffvey ٟxM-:YV)hDE!WS=oI?/T/-znҫrl:4P6MEPQ;`s9#Iˤ&q/Nh KIC=1gx{M`93]oE5 sP P?sDH"Xaq/ڙ-Vo,HKc[@%EX …X-ɭ:%b3-UH˃xFtWpO$Ekmiy^u?<[ F E Jdz#t^wJ$.Q"09:+R~%dk:jKsqOv b s2vHڌ6}G &/I]M&y_VTL_&;%?#6a|24sgnڙ11 ?g yBkM{2ALQ5z o`BxѤc1 /q?8i Ep1(͇!.%}.2@SĆ3;| n`w{ :"bӝf%3|gYѮ#]qF\eͮr JMd5CPm2$gOyڌ6=GjB)2{vV jJOϊ00+& ذoWآ8 m:!E3"`s]/@ɘ~u! tA5 NWH.\ X(/zRzvu&*P'W8]ldp: 1 }IsJRp?qq4j H>Sg3fClv˥@Z_@&<̍ UZUf]`l8u4|~=hX5t+1q Ѽ7ovHX>pQk^!fD[YzU3) 5n ~z~4m4nʶ~[zv;B*4Rp TĽ_c;o-]~G0Oa~Pwq32-}."m 0Ҹ+'x r,E-5X217곟 JG8 j|e\×ZFC8 =SIε`i B5"> +bBbsB\Ϙw+4IYgig]_ˡl#o`ҷ&j-#i|f#OY5 ` 02.|1}eYZ]ˇxx/A:1T}:sXRAosiشda ~S?Ҹw8jRMMD<_\%<~}=4eJs2 c4X"#1G"[Aq+<OcQ\Uty:ct\d'ظɮmv^mjj}MeN7VBWk{g2R0<@ir/z4XacOo;6ϭ[P΄(=u2MۭV 3f˓^MX"F35^|| $'_P{*Z66呫8fWxA&b*ܹJ}hXh':[2W4P4Tg{1g:Jo2cTP1Ez ;-*-y1JqT 2],]`(7Um Lw5   ӧɷWb1'^'S JfR[v QҸ gt%zW'N,2c u@ ҭ ŊI/x,)uGiL%矽{QCB]?󠞧ރm^0a'к}4Q|]t >{&,pdM [~3o "^'={abc?:x[b9T0((^|_P68K+QQXqQOWk7 {焇E?:z]>maӹwue}Br3t~z6hȘQ␍pw9(݆$:˗A[.jaCx^i_/=k= nUGAO7?;,% acq<-%',;gG 9z3!mU7z t_Sy^\k<}]3%$+s%g(l{gl;-(ŁgDmePհ7} 6D H<#mu-i?E obe?F6>xV^y & &5p_jHjD2+ycܹ<1R0^/G&Ҏ4lTnjSRէ^SmW<_VB'*#3$O) LbTr/iY&i"7zAyxе}VN)@ 'ԕbrU&Dk*^/ssxM%'lp%ⵆXBmmC["*3P oCYB08Rk[|ocɑiP}#w_@=-²0>p'>vs1EGk#"EF3Tc &δ#/߾2Ve)pq E)F^;}1@ -a˪WQR_^r5"Wնr`6]6a:seaL{{* MRVq/ xK//V%0w"bv)xTCPƇ-eLcZM맭0Ä$>LTqf1H}˔q3`igZK2OwuhW5 Uy{=BxvtsY|~7$ p}__ '@ _pnB8q.2:0EL)S0=PL%3| "f 3fI`2<23)YC2fC^&:ΰ4J}Z;RܼG2-gLLBz{Eᔉ^T90Z 6!i]I) t_s/Z;ɴGkw51dh-#qvztrd:ۡ]לe ڨ~7厉~&դMCv`cŝ|&J~r^3;A2oy ,V4x]MVNHtU2ev`slCh J7d9mirӉABH>DCpqGl SXjO&҆56V[ qh|9{(?}¡$@> ġh|s (@m"1YodB̖G4I v BrTjo6~o(?G-eQ"1==s2kj~ɒž)rMZc/TOmQ}[eYJ3Zj !yd2W/^WӞU.kY Qr0[ A"&fEmmxYxƬC}s;L|b)-'+3`8H\ChkG@C3UXS3kY φ㧔q0CKjNG G ݹz$غt[f:j!?F5j3QF?5eFH?Q7 k2 Ŏ9M(?("ԃȭZ -i"K mog3=j`-( e/4@D4/5OB}hؓ5%vs\l3 \{(}CPqPdފ6V[|lC|[wVOl`cۜ6{⹎RZS|"YuY b}Yê8K# t3ZНB'r~N ,1Um.=2l~&3]lIAȸOR,zY/ 9:?呈is?U]N820Jxצ Qҷj]?F P t&!%$6Aah Ao׸E+*F fPSx-K˔lEurTYf5G }믟*e0G9"c i(FR˛,Pfz|W.gBm!),drk\yKgQ"Vh@N4\Gw _zæ+}]`N2Q8]b o21-9ۏӔ +^iءLީ^.H~b`٬is~bcʔ4!aqk# NÉӑܚY @:!:z&2R6b > j3EwCDAw!ZMhDN,0BK4&  ?ꮫe6/)51Hd,Iu b]UZg^ @' [!;3g87SΌ^z9ػErCF-:w=Cos$`肃*6qho;.MllHſދH+y迵\yFoi]oB?8pЏ`o2jy5Z#LC*^ :gFzkhlAKˆG!E:XZ:Gܶ!Kŷ)nYϯ2H],j"dE8 `_L`BpϕV08$Ĝ)wQ[ &@5irF]ѦsタÂi8*=8`?^菬C?R<&{cbLLc{X3! Ι%HAiHyr_Q9tA+L nf= `#oʳݚ  o!ۀˎ:jP%CK(~+j8H'amnưUisߕêZLjc0 !<=ƚ>zKvÏPK]bUhURXR PXM '= Iu HYѲ:9k'-FC:&kH=ͧv;ωj{sC*oN+.,fӛ-^TҒ%C&\MHaio/C1c<\m7lǬMz98n5{L}kc9qx$` ta r剥%EX;WMR PJ`Cv[)9|"iȳyTh(FC+_NZ,W"B>(b=ȫgQ5/Lj ,HNi{c}P! %Ōt .N)eQm0b (ӝq-$TT2rӛcc݈6nv7@b(w?9TqfP~OKuΗLܝ}|t~"}n ?Z__Z+WOR{8 l|'M C: ]FemTON>zUuRRm[uXlk.k(iZHY"*<>\)Lmyc  V o X952e]rI!HhYo7u Fy40{iIG 3*!a<OJڛEꈵD]cu{'`]+G"Խm%md|xWsٛTأ94Әڥ6u5m,=SQ0cY=ƞiwPޢ`~UPcR -(bO_C&XqCҲ.W9IvNL< A\F/Dzv!^_z; IP-7"RU $1 u^܀?vnF+B%SO{#Љ2:h)ژ)DѢWH-t+&&vTO0 6&z{B:h:LWdq |O~HAz1TEUCz}ܞ'y}/L3e'Q lH{/'!UF0om ݧ3lD%gqqoQNݓ,cq6q.ùl sP6E39sMՑ_sw+f ݀=;kFdW T< 2֨w$*zUrlH \" Lbn-[)yj2ѮI5j.E&\Gg3ΙK'S|5'+wz :0_̨aiԻl nTt-L]v-!b]ܬf;֊=Ӣ|O T.-y4*Lt /&VoՏd q6\J$rYny j&dd8;o_*6iH\+oܬڠh!ثz,P1ݝi|Zߏju dxw`~]ͤr{mulH|!Y"xYhfvff`ֹ;ӨnqM(Z 5D1*~ep=|NF+2RNm<1凢>w-M^ۧ -|i]g j?}K] q<驺>9^O]/9dm!αͨʏq5~;~%>5Fi'Ylk'5 f>TΝUJ1-9"wC@쨆yo~P| tRu>̤)B'{>%&eGvJlE_5략o5>+F8//OL5iq  &@STtT;!xpeFeʒu`'"`ka7Em[dbhF!0ϝ] ;b@t76L-2%hmgIk;1( jҌ2?KGB;(W/1Kr{;ſ=)(Ӗh8%gw5 &᠏wڳ.vni]eԺ&h] &026먰hf*Zn"!-yVG:.iBg7ХʯJJvmu43u޻ ՏP{( VnW'em/oOg)r*A[lۿQKed#/0rT8M[HF5;,jTB|J; $3ҷi $n´yb_'Y^Wp0b = C$[0GL˓% Q%8t/\?_'ʡ6bCwGaͨ+٨R@eՅytq_%r6& 18ݷIoj˿ +`ƒh9e$l|{dˊ5#awb?qm 0B6 `XGl ω L(0˸RLFeMW67#Rf::Fɽʧ$Nqm)`DF2bS黩T.MPgmݳwUmQ@VY3j)@ڜ_7/x|ј{ Bۃ/x0M薱 5}wdRվr6#O dPx+R`NzٍovXeU7mTؘ?|F3GX#CiIc&m%~~׉jԃNpԔ^΃-P:}j#ٚrOqkQ5+J \ZHխ*O 0 m' BA$]R-9@(>>[ {G/oEXeORT5|x쓤:ȼlf_ DEMe_{6DPl됙 CG5vI^1UʸryPNُSf@8OkxFZQɈ+@` -uQ_šFhE8垳z;`еhZMS7@O%p-8"MUQN z X 3Q/F\l!GWy-Z,"P:=p)}lſE^"`|X3MX ;BK3)rHg tBq!:w.Lȗ$AHfnXkȣ֌CO.[ MFpRualcW ~P͚HkREa<+|Dhc঻X6l9?V0R/06ŪO'{9M f+o|⍁#¬ w|oE,,pej溫=ր;'0Z=A3Q֗/d?.gA]tz;Q1S,"*N$ȍU4S[hBV$x c&P*\d>Œ$&O"tRyT3gz+WN{Ge?$*L"k5@Mv øxL5X]P6nA|B齹Yg<,o?=#J t gCR-:Wpޘ}E::An\+ِNpYsgP'>տED[JlaZc.v*RCw2.Tv]Sɽ(AWɎ"mrO75;v8g]O5aʅDT,oKJ -hBfwe\8Tʼn5rK#wI6djhK8YÛ̗A7 83͐r&5yoh&|_N`p"SԪ ݗBC~,YZ;{XɃ)8s0{s,rRuY1El|NT_YT2\'<;WӶ鏸Gxc1Q?>;M*{l<3YlC#5y<,t.cnw}ٟp=_^` EX^bKe grMZ -USx{' OfR٪fޣJmGQP"D68JeVbbɚiB`Ie uuCuY(asIc^)&uCAt J;R JZt'@^ٖH39OGS3w䕆o$uH`ȫՆF^*S-M 'V}^K%jNҠvy]Mksr ÷-|窊BK?y-^]5kC_2" y0_ y%{Ŷ3)'POǐ[ʅy nKo81bV,XUmVpv#BzwIm*=c]5>yW_nNTc3&S;Ќva-9Ԧ1ƹ4dEH+=d56-{I3(@rT7>#=0m+gin,hK8>ZOۡ>sw茲' u: A\a޺ Ѥ܆wOhwO'}M^#/Ԓ8n1LPܣUPHI=xu^\yvWJXnq{Ѵ/QدR'|}{ꥂ*Ր!y!##\hinѼm=VOMl o\HF~PL]9ʧL#:|`Lن|T>F!l)Y7m ɝ 8K6{͞s-Mhl w1Iy!Yyj_ |F4Go'WEC{q/(LwlB+NIC\?s|0ѐf-8 +݋mv&n1D3oyffcꎳ!_壼C\͙/ n+8A[ xTUȪqiʯ<5f"lEۨ G>I_`jc[sw2 ^#znZ`Z:;C.ߠEq̩@ "@iȷ|gMB]zz72%iJdn1k\7ӆPdЛ&59a|[c?(T(+O lZ'UѤ7xSBReEU`ϟF WkKdH m32sJ(FvSݢZ%_^xfBq\@+[#+Zz.φ!(4w.{_EF;7U VQ/R_Cٗ~^gk1tL&Em7$;|p6|g!?`S I>]4"vʊј&|OhSt[.ӣMI"^ ҔcE켒MR>UQ(݃=$R1f h= lu W%K˫Reڒ,k-+r=L(;@DFd"60P*\i?DC8m@g`qOȴwo"7q_@څH_n'p0W!ptF*#RҺ*'6hcIT#@Qq('%FaS,H?m")<j4P,C8!%E/jȜKK&3bq%(kO@&`aKɐfټ+R +Uu×0C@>o4ʷu@t );43R~ '<Ĝ7q`}kvJ!@Zz= #)7pAc&`Kpt#<*/(Q=3~/qg-Vd:{E[># dȠ1Z*^iu`KWoKMlXKX˵ yOp|ymB2A qW:mW2?h~RhU*Şbs㋀`)Ίsq^AXdF}Vm(IuYUn ?uP9*G}ے4츧}=;xP\D,rW+8)vəCR\oXGhP"P:eN@ 8Su~M'3xa{Gu"ƒb(c+E^\XGrxp:"EzR7_y ާ@.@a"rbK3}oI:? LΨad0ȈR, X_ͤX^\CpR,64o&6DגejpkDC2вElUK~8b5׮/(Bu `-UNIqS܂: *J:^ˋD'x۳@5A4z`h@\No- ~f[RImҩnw8Ik8@$Voia_/SmфYYk4ě0\ǀ;06ξS_2wZa)Zyq#xtgnd@WQWOww bVw@m:PN*5/`+ڟ ^tpn}a>0h7{^}`$5Ӫ~iORA2GyBoCo. 7-RnjHSZ}U PK*?KE-~WV~P2ח^D4!j|Ծ 8Nh r#E ey':G 8ZeGȴ%B“*~͇}qԔɷ8P D{kTZ;^jiQ*ӸE2H)8pM7jnWrS&0 Qoڠ}%,`O2tO<ʵC^ö438`G\׵vkR})>~nG:fPtבֳC]p- 'EunANIޗR9w%dgO[~ ) `:뽯\o_Yw^fx]D"9IFqZv4~S U֬^x"m@鈷ETsE |0yaZzS''v!ݎ'ßsJK4^,>Q%/Ej"* YI̋VL ϽlIKN (vn<ڇWV[6;X-cģ֚ՙD璪Ӹm0[JO`N~{qצjHv8\!<9{]#V-j@N,TH G&K~!(c=UJE?XIähA$؉JlbcIu& ^ ?ާkp9c\, ndvZmvĉ} -ڮ[F5#Dx+zCZ)Njȵܓ}V'(IXL֒1e؆cQ3n͈k9ǭy1s3k&| ^CHIæIkK+ˍUJuAFXN-R]٧(0&y@:Vxgt>Mfwjrrg7Rh[O$)Eԙs'I?( 0[S(W% ޺ .յFu؎n^(7G`U54zeU`6gTмzU]vo3 JG=Cqʩua۩mҪ_[TJKNc )b!gCw&{S@I"aSJ AaB'#SIJ U? i‘s3(oǑu y|TQX fԆo&-ᜐh u C$:aKR%vG켰^_ERm@U;{T[>먲7}&˃+ /҂2@MQlcz'{`=_ˮjtep18asR)` &"WwElpH=H4ıPIyP–(4oÄ"O(/iC";SFQ-/ݐi'^J aԥV0:KxuT;TC+q|,RK:xv"p67fgHəuۤWjÒVv,Vd(y\:udHUJS ׏c[DKP'$G=ݵ&1nzI:ќ;VMh?UFnO bjVV؟X߹^g=6Rׅhy#*}!u'c_mP3Q4#nvV .J֠c*ֵ8eڌGMk-z7D"#nq\%e)&ya9q:k*qGEY;ᶡ4"&M;vRI/M |~,v*"^]i8< .ɯlcj\[B- SredAKۭVjR~ZBwB;:2=QFSi;a$u|$1LXܭ`X< gz^Fɝf?#0rn1H3j'ݦw^ߴF03taΨ-Iu2(FTdeYd;%+Ke;FM+@Wq{2@Hw%?rg8NCۀR]j'F6W=ʃ,m'Nd>}dXG*IȔsL|je "EnjV+ɮ._+ B t.X]FШ#s2rx(\ݶ0&'>kQHE"5/ =Jv.}5G,O._{bz` $E׼PZvSLZe Q-Gvm6U(c2T+D6lT:=dG7a\#Ff8+z~${yv,t5EY4.%ֵAWIk{!>+`Nq"s xTi!tо0_xS_ɄuœDo `J5%ʋzЅ;3a{JWÊg b/Y3k}ls{s>Vmo[L<3L$>~#-HJڒǧQvL\ ě\toաh𛋮ަ=9'2<d!wVtd χ𹑇/k_IF~#ƣtVcc?^Ǎ&Qߓ:ea/\⅏x2K__p%*/r<\O!(g5~c:& Ɵc|m]v1_K1t/{b8܈oz|'|n!x 24N0^y35nfw_ /&mS[^XŷpmSh`ݘ{wGc|`斂KJ@xa%v.v3!@rH eZi^T J C|tģxdGx4lh*rˠy p"xGkh#mţxG@<'ţxtNYx1@< ,C *jǙI\DK,Cdhd:p|$?@8-Gh?A~N+tߠ7pQǑq\'r)ja}DeXDĀ abCI$"I{T~ߒFpdā#1M2dBrJz$II#}Hcҗ4%I+2#I{2t!#b$~)Qdo3r9GS` GIx0 C~n@ 4('pVGxut4@ \8r`$_r H=L%7_L7q&2Jȅd!Nd..& ȝ,!wG㷟#/\n"7< +^mP%/w5`/YS}ˬ6A +(eT) Y+7’11E)cKA,ddG)Y rhOVz_#h) VbJv؁AAWc+uŁ7@Ńl8.T|fXAa*)׍,~!:$=J aP3 @ސ(QLWޡR򪰼 #$ .@y|(= vόG&mq$ ySrn)L 0@ q7*|dR.ÅA Ep1pIHuо.-Gee0=6QaGumB>G5|l|X$C~: К|ArFC00!X5k)@Gjq?c?_h/38:qq@ )҇˱+R.L)zTWܾՂ^OF0k94I]l9`NM)7q)7rif,an)[Q![`+P,,ĺ > `뇅+_1<) ·̔;dypaJ9,Ƥ܉pWQ]$J_SKH-OaS G ^YR2$CrŐ) )Gc&luRX+t!Te|e҅H[*Y/ w1ass9 KFFfZڤS ](TTaT"jdj4.I0&##4V4XCy^PF`3m [h3J{6ޢ-a'm)ͅ4<8Jۓִ $DOCdL&>d*K.tڟ̢:\Or/IVB4Eh= 5{5lS<>=^@~cM/^L5 zMi3:{[zA,ڟΥ t7##"!n;bIG>]Nѧt ]B_/t=]F7_MPT 1FF-J9.Y $EUWC&>O1T5Ր@n'+5~JmO6H~KH)t dbhGny@_|Pm2 hrrn&0 M_,^>Lژ?|T3 S qR =NC|ձ|yR cCj J;~f"˒laTVτ) WAX`H9% H h6G!͈~2^ {`-bLq BCw@݉ n@߅hgؽS0~31j̦}XK?t/2/`/oI1 ZMrBdŜ),$\0HژiH~EGPU=#G_AE3D7jn^Ҿ0|S"2t+C: yz ( "}%dv|Sf8 ]m5v;XοCO1ļ¯G% \ 3pκ^F1*hp-=Y?nNCAcZ ]Pa312\,5AU2.gp5K(q_q_/BZ`6Qdx/1eXLl <46 im84agB6G*+al~6Lb"6bS`6װ" e>v<\xM-|&Z8 ']4*Ҕ sN@z=yXlswRxm% !)ĭS`+el/S[D d`9Ib嚃Sp.jU%^ՍXM"?/RNtfZ5XS;uf[fjSSb\͕^qSG2Rit}As,{e?Z+mMnby[9I%?(m1_;%62A  #hҾ.!hc]ADNѵ.tl iUcD] TtndK:GWͮ ȓ'.NJäI1sKPa{Ob>T>hC[vײnή7D6ӈT (6J*#L2&,T|iB`+.I]f}D丱0iA'7)LZ`A>Yi~.zyʚ0m%0=*e@*vGd?!"$+jAK;j!(?P Cq4'lV pr.6L> X$BR@׫AӔNmiHto耧!h2Xߔ^ g1rP6bXy /]luI;Dw\ 77VЊD6ؐ; 21E(}XE&~_T΋ɤ:3blK LDZ=tޭ^D˜Uv@RRtZ/%D"4¼IFwCXGx_H DB,(kE]5 (ЌahDv8&];2 zLe&%N6?2)B#BHemTCʐxߜqs2Ή):LhxKLeDA7)t6(h+Btf`G{l%=s܌9FE%U, VؓS1Yʘs XlZX50u! 0ڥXOz4sYDIhF~'?9#&dzfl#b##c+ɏR0˨XdL4266rv,ظx?LhdR,9sdr42OF#pLF. pE#}Ilz.ȌXc#W'WF#W"̊̎E5Eω-z\\ v}lb'7F#796-yɭȂ؆Y[ڢ`w~Y[靱_򓻣{h?i)K_t?OqS,˚Ydl(?#<~]yOvB(F) g%SJ*OVxÛ*鼹҈U2xҘwQ2y7%P~J6 ?SiG*-xҒ6R7_&r1\) >aj #?2!DȓT[PB$I]W\=\=1z$1<)VXxJE[] hUNQJ.etT34Q@S+FeNJİP#ŢxnxP')4d j =Whx3t2x y 6Iyׂ…0?  ,#/WPE\JGG_\AްMmt$ v8LJ(,?)>?)PJs*h$7pj1Һ )A "C !32.Rt(Z?1/+y) ~L*#Jɛl?=gyv[]^ݧc"ѱ*N4a </ V^S.1:fppE=[2#OD0!=\yTe $+@(r*+Rʓ0Ly F+Oxe LSaR p"ܣ(` ^;1<+U+r{THH)'Ef2M +{-Q R6\R=s:!9hG)#"I봩é勝Zq4e~Ni&Bq| Ō%-OY:[fzK{_c[A>.AJ'lfboJβ5ltgmv<{ygo$?bp"RAVHo o$i2qa‹8d4G&"|o2T7f7"ϸYrdr  trqb6].Br3͒q|ݐE~*|\[*!W9\Ԁ05 MJ50_+}aX1xRlRNfSJ1U%DW $MM"o /Wlr3Wj yAM%4NA5RiIMhs5f\r#!58kQ=2GNkD'F D0 t!{0·N'3`6\ʝD / )0 ۝G($4NXe_? &ov1SV/u%FyHeݵ4-vXԡuM]jԠ|U"CV&%&%4T2*1JYFuiRٱp.Hq +rRj@[?5%MɓzRvђ4s9M -@\Iܱ p*adٴdo̪4E76TuTPutjil4Tk&O~X"Q\VN8P4w58C\x ?5"5js#Mrމ`k#qס._{}$_ 252n1+@Nd"Ʊ$E3hֿ44PrJnzd0WY- (É.E 7xޢ)`A􇑍/A(Sh\cՕ0E]szI>7a4<>ϪBZ /Zx[}>R_ԗ{I]MPIZJ2ELz[Hu+ꔯ6r&Tݎ2[ISw;. U%K*#F~J.u/PGQ$)QP]oimOhwG:XL_YoH=LWctտ#tzUiZCw~Fpa=j:34i `IK`D6DKfvgjlilњeZS֜Z#-Z6FkMOryGmyW-ZG^u⓵|օߠu勴vKɟzߠT=~@Ŀ!vB$i#(2kHzB-kVTx aQ1>Y깲@/ׅ78i,_N@ F"]/$\\ +\aO ao]s hS,VwQA0,͋E΂eUa^漪K Z|k#Xô{GC 2N2hM,h/׵,T9`WBv688&@km"&AT' iUbwi>Gb/4]d/U8%wUzEk\HI's9g*O@˲B(Ҽ'C7[dWf웛(v<{H;.0O@^v k9GO@]"~:dk3 GkWBm6kZQ$:$цԍpv3,n'[mg*ՐCF#u@ Lu7*Ed$|%z9%Z7ŦNPLjky$`.^ !|CQg@ OS#u >0 :Ht.3atgppxPiaprd_0D{&jmK_D~AETj0?.By8Ɓ0Q6LuVvHv@NT ݴw=75-^eSpi}|v*N!  ͏ pDnuѲcY_gK.[ԘF5N!nvz($cx|)^BۏDxh_lg7p0_GjI$⯆Q(2NCћ7>BYl=/~HaƹS' }=B&] Nz{t"B/ iX href0ϭWͫͫFjmEN܊; 9]l҉F-ĠG=8tKJaM  !@VQxnieQԅB*VI0+1+k x.ӋyzDH&SEP #( D z'?H'!UCWT'i0Bgp<]u xX7an=)Pa ވ(zIFzXoJfޒt;z[]>z';9_J.лyzOIgrB'jlҵi\_OXkn};ЎJAkO) Pq) |IyDd_"3 K2Wom/x#O{S?7 Wd_4sܫΫrz_8XG;rE^葄ܕ"*7i=Nv0@ @%! eS~@, hv#p^CBgy8X/KIp~ܢOP S` KiJؤ_ ~O~%> ~g?\IoŮ?63KNE&G4jjIDjy$*2BE\ޞ".Rq_TnRZ}\ף6yf ?#:kH?M^ÒHJ)ӛ"7G2zQlpa:ہlGJ[#7t Zj_b:d"wP:#_(vxr(U6 cć5B1wA @ohχE_۠~;r;`.`~RƽX9\G9QxQ_ [1W2ة/ ) 8?O՟%>}-bb/Hpk2j]q' 9q2 >S-2eZݛj)#+( wRd`T-.h-TU-"6ZW鶆uNix^('}rB!IenW?9dK.$ql; ~D!ш-WlF#H2#ɼ$ l!n $d]p TzåtI>>ZJ'4GZD-\,(`ZB#_+ha_! |m`@/A{GNz2ڤ%BOlr~>VP j!YDV8t' +E"4FWҧŶ~H';굪3.` }=u=񅠥7lUKwe򔦬8 <,kfa>+Tb!9!ZQl<UED P^N_Fȹ :Y$,0}9L_ B? SJ &>ch݈n*%yk !o+ #J)S᱕[$l_=bLhynT $Wy5x}Yw# \ ͂ih!f)ͱ´rAk2F~;Tn}#R6×˥?MqsFC6*~2KK\ѐMB {bZ"j5ia=$ 0ݹktW(I`N؅+"ǮaK黎$B͌i4)I,R_`=?)ҼbE1=QLO'm9Rg)#k3#7 gp|8 o]0w%\ ] |`o6 G|`FX¾w+-|w>w?={$t߃$˷-#}+HJ2з =AFVI5B_1{%|/|/|/|2FWBkrͷi}u -RmE}l߻4{v}@{>|ɾ"tK:w^sO^ iISTMy65\SkTC+P49MY'(5+ϓbop by-\Jy DQ÷4]ySmw< Ha'RH5TA^eJ;KuU*qUp).gcL="NI /Bne54q"H3;Re_h%uPÓsVF-$XqI((Y5ɫtJ y-=4X+txe(!41IMdD׀."*+"s/쇯I$p O"tc(Ԉ8aJQԫA wEO 7; |p(s|4q|'&_ ,0\j  5ta b' ija^-Ir7Xuzu@3/M)/D4ל  E\}XϢ dG(\ϯE}$ɿЗu&/ yw1Z[ {=$UX.Hyo*kpak s*X"GGmF.eѦ.N 7BBNraI'% (9lH(O&3BNfÜ 68gݑ8FCAӨ(QeB 5t2lif<j4~Vf9N|sʮ`SM 5u:Dl9/ig\.Ns9igN*8-7K9b.Ӳbl:ZV،50! )nvZ(7Xj(g3N모㠓#Ju]U䔲+E̖$: a m<6gB1JNsRvm14 %Eq(4)$ήZ>'q+R,QG!.(n"| u;{}PzC(݈soPa6_ݭRI\'o2jFM22O$Q7"'Wj| ~l|Jw0EA1~gaucdqdԒ&MBb¤d&'J:2-L IdL)WOو3ZCS4̤&M0|=lIǛhC7[6tٖ7ѻ\Aٞn4;ҷNtٙ~jv?]71lf>lٗM5Al9-0DzEv9kcgef![i`^3Gm93'Ds2olN-1lmi ?NoO%tBhR =uz#d;򮿖C?k{d Ք5MP.ު)iǚGB~"jgՔ/4~Dch>MR4e[?b=3`-6 ~H2Bw;鸃"R8`w*efդ8އ5>4O:_ü>|1OwyՇ?Nj<&&֖%`F!(0\!;4 f΄lJhe΂6lho^=90М C1i^ SbzʜsF׼ 6o'[s>6o=Ҽ N j."baIZw {H7~|ÑENfx{u}¬<$z7{($ r= WOGմ<]*$rPj:\h:階R7~`HIB36UhtRN!C` [ F IЋB!=7討f}N 0*Y~xD8OBc)hj>50,|ye>gka"6_pjr 3_}Mb`)}XZ1VTi;I%u斲aْB BխF<"0heHhԖ: 8+ף-a?y'#ru c.0aH,s;0wA |a| w`.o'q(XBy \L){A`P6E"7%ث<[=t/hwX^0&byݥ2B 29g~3_0ȕYc~7=wu0C!A:0ŎC]qQ u}l?[96=< #xB\%͞/OlZ?A[g,g%%y~*XƞVb1PiytJ| 7[@=[gB.MvF he9Ϲ6ȬQ0cؕ ǡ 0ƬsS8wjap Xs%`*)^ hT:? -'Pib){o;;G.FĞyS$PG[ (_vHVH VGuD-k/WIe8)r=cݍd{ֽlin-At/9d[Kjc0z&$Y8*Ysp垍5}Xr6ƫ &|G߁? cIV ]݊1yT'Au8]ԯ(V f#7XاB<6A.. Cń PTDx<*]ݐ.p9aoX/!ox膂&d 3 Pk2čJ(`U͈ xz\`A5)[2)~ӪNF)RJ,dՇb1~I#K Mm3T7 6>rKԡ-hgXn&ɰ`Ht,g@F ?(vBr z(>1r=Y¹g|gpd탅^GAN?y/xʬ(A ޴Nv޳jaΫ6mJlNmd*ij$mE $d'v2lqLUvm;z1$wYn;g璥vYacvf)ynFް[ve$حGa [vkJ6Աsi ;Av{zݎј>aU>@v'G!K"|$ҔZMIZ(ihM4ǡqwojJRb .x H/Xu%n}PJ].L~$w!xKNMOUga2QEChUrxIOqt[њl)8yB]5b./#Jytb>Y McWr|i$dК- R;a"xT'[[opce4vخ6\OB ϼNtC[?O?Vj]fHK O F;)$11JrTUwD7ۈJ| ?#dG^_z?J4#/O7xv_ ɨePZƛߴ*px9Z܀P:~k_i{:⮓]#N 3 üY覙N8~JKer< w@$Y|}1MeD;*73b~& n9Aj`7}~KF] a, l;4{@Wt@_/ (?L@n>VC1Lx|dN,x٣G{,b =$ӞBS#|ɞϾ /!#K(2ɹ 2;L$35d}rZFѾ 9d} žorwbr¾w" 9ݴ}?mg?DW [Iq:~^d?IOy&zm?K﵋ 9"}~k&z@%[j&^{RkPr5`ˬ.Xj@|TC RR-;K"`k*Tŝk~oy-Z/ݵ;=^[@ U hB!\q-įƋI傊$gYV _/ ׊m[E?ϩ'E>f8& cζ@7C]ik9v%߀v6dt A:g;` &d{7L߅ PQ* ?jGi ުt?Vt⭩ȒLvuWIm؟Cc{/\U#?Xe TڨmsR.dƗC4e]~.;Sפ^y1`)/ˣ&_e7A=@4 "]biS ISSWj|jyMu[[L-70xC5$6XAWY\Qm+xnJyp#}l9kZ?H_B#d:ـc_CNF΅^d2%S` O.EHBj )Pn,GgMGg + չ~$d2A 2 FPD! :I&8Lb4$ Lf,l.պ}Z]@ATZ/uivkk(̖ sǜ39w< /8>6V|q_iMo4G>֌␌}'憠`Qd\iL$? 1+4ʌD*T0F8YdL8Lilci4Sq&f"O7ьQt<͔'(TlY LT"tJ͘Ke ŒSi*eIfFeh.,AjU)PE&:MfB +TmԘ5 ՙiF3hBLTorj0K0 5Ɍse,ll(ZNgjWh]_ijk̘Em&ZeAo":E&6h| MƌM2s҄L˺%.EaP(bƕ(&LiC>7ʹ._Is.f9T㛚:ju֎~ Rƽ]p+[a{!&Drw cr,s`Cj3'h}d6r24n_0> m5HeMxco40Sy= a GWh(4:F|XXɣgoF)_Ǡ㇢)OQm(9,U$_[ NחfH, {XJ3ZAP##Q_O}[zO2A +R,.p #uҩZOKP|5-N^au=Э3?>}0'^C(J|uGca_,,rl% ƚI}XO/ }Q]=+hT|YtdJuI5uYi|pf7gH1D*I-؁ͲtVV74Ҍ[zcZfeeh4auβtFjfDݞ ^Ͱ8*C.󚖇8pAYʹpGz>8p#TEUM/pnt3Mu=.}gܱN8ƞX`(j'e:4WzBoC4⵴xgDJZ_Z2s$e9rBɈJ6\֬zɱ?!pa-P4 y}NYb0rfہ1ȹ)%#xE?^;n~o,A6Ey^_+WL;m_]fo9{}11w{ gd>Ng;ߥxfO;GsAL89"@XGY\1yXt4;~<)[*tFq5+r ]i6ǣ#ڄqDXtDkN$k f+&NJ\28Yeץe 9^9} k6%DR,"Z9BFár;cx3F/1x]%97I}Ӣ=F9@.˳: A`7dJ͝;PXzX6LnVhLBa{kq\\zC]|yAhmC ^aGk4qHX.4ǚ10KP31 K10шhb,g ]s6{,t&Hir/d*݃@MP//1ԠAбp7 sj)͜b_|^m@_] )!6yfϘW/|̈́F^C039iLЙ~O,`lmdum ^ݘd$~Xk(JʩE X{@_k<`r.k҇|T4nWMfҲYZcXڏ+T;Gv-RMHJ+/ac61>nAii"0Pƍ>'|đ(OeGxӼlr9:x *r 'eڃ햓1(wN{ڮӘ/^Re^]4iI>{FrEig]喚hYn<3::$Yjxb,g_=G/mDz]߃vKF$lWö$ض8qٹ:n9vQq*I+\}ԪTq(l*ٺSʼnNqZ-J h_4Aa>T\E 쭼]p Mds#';GG77RTg'ɂ OS#S N3;}t)vxځ죷 }WkFu: 0a1ӽchĻ5xOb|h >6܍O SK%Vca>H O(>3_F >RQ_PqqZdꑅ8yf52ݺUQX Sɨ]p7胯|kCRvAWOIZKl#I8?Q?s +,לv :wu)!|kO܌CL;.lq-~0x4-ij=*M NX`f[B`obUa.SVBDD{ A3d!!YSIUnQn\)EC^0rAnsxa/nBlܓl^ 2pIjnw:zChc!S-j]ԏqI. WjVϱʥU.U K* ٹعR!f$*qM >v0U`=et"p-Ct26<` Vi!>9-t:3h xrP959qF!#FT`k!\\l.rf8倧p é`/2bWqհ[MQ.٥OmCixհ+T8^VWʥU.;v5ʛX-HmB1F;ٴ Qt>ȍpd|Vs.sX1ԃ(Q 4!o!Tj?#/;Qw. Oyt~0²/8v).{9;D~Q,:Ky,𘌚.^FgB\EyT/ kus/xtԢ:$I,t TUpJ4ko.{ٚs_!ַWŕLr|,פHp#eJ.\Ev]ߎp=P㦭qVwɉt0Vt'Lw\4'}\=fzMsI h_*L9V 9L9ok̟A"f/K:S3b& 96v%6 meBPEQ@NںkibvW-R NЙN;ʼn <}(O C;GRH蜳=ϋ_ "/zB̋A\@6t)øw0GF +xы;9w%Lpb-I_+t)}bЏE'ڒ@Qap1-a[9}ri[欖ӵd{96b5{j{D9kŜacC"t\} ׅ@AW$7UcaѧJíKB 5{kekLc7|aUs'L] ǽ&as( \Θ sZ3sӲnq}VW*"1$S1m+2 #/1r֎jPdOgd<6OdgRc㓉# DK6S7 7U| C*i$VPHԘNfɱ['ciba#2.2liXrUSjU?' ۯ\ƘZEjTSL ʠKJ'q!ÙTҲj; bEf6w=Zf)ELISxZůkoTcX%Dg |M&LjR6:K6.&4dW,%x|긑#'-gJJҿkeݞ ɊmV)"k SrW%nMۍ ,&*a tȔnZb?!- صC0 -{PMt[OV3M$pӮFP%Y͢NeK _'heWFIծ6 aXC :db(}fLjiòoO';UśIJvOY!$l А@uC[~$:?/8PmgΰZ\I]|(!!k5K`k/q7JF٨ۈ.x"֭4Lesvss9 M2MTExSb/vzƩیJF{9e!euc^ˣ.%/ɎZ&U(6%3 jDpЏ$tu{J}vи)Yp>/t0J _߀ktroR8|D߽ܰ@zkŗ7ܭg9P$0x}S ;,'}4E¢.nw!mjzk#< *tFl#(<Xz'W$O&5g) zΣ/i މ3/(oX]:>- e Ը兴eW *7 )7eWuۂ :qw5WD{Epԓ;O6l;K+aOPu_GPGg_/[>)xGEEY@b ,"l&hVVXI 2[؃N{Dlg =#Fq#~ z?${# 7 3|*9>>(~d{/s~LB 迯^|PK!5 +com/netscape/ca/serviceCheckChallenge.classWit7ci0D`@PB l#V! "Q,'5ci, i6$mhh4i$ YB$YMKt=zH}#`[{߽k}e/{İ׆o IR葰OBZFFn q^8h!Waw;]P%Om->{l2>hhc>$&a ۰1Gd<(Ya!;>%)Sb 'e<))©g lX'd|Z8gmN/Hg̉:!Jx ='Lz'zu늅U]eT:2ȉ k s(:_am-XT UOF gOɨQ-L|},obﺆъ TKjMDnU;43%Ὅjۈ0eA ;v7˒`Kb(Dʼy% g(U]7T20i[ǵdTۢf2R-#=ҙGE |mzBz:dPLK\E$OT66D#P. qVhPĻ0fB(Sj$ * 5Bp/N@pc`hEKSZ|榎@KKs ô+8%e"ἂ/+%3$)*4Yx$-i5):\Eeʂf$*h=LLO|2,V> Xt$x]"u!XNf$TEI]#|cg{ޤ&(Ycagc|kwue ZKLSc ?ď ~7?%+~>{9 r\W+Zo7[*BjStZ%SbdWJGE;,01&#_kkKп5 ؈?Ϣ| ],j\YR_𖂿o'%Uad+4n-wtwSR I} Z=@!&l]c Mhi5_fh֨CU1cb5=,]MMx`z*/)]+CU"ԏ :l!|#2t'gk^^$bȡtp\me"Zw4e8]ڬ,Q&pwbR"Â-`n֙ȬzZl*s"w8nP1|҉Kg!\͉TZSВh]dJ`2_mG@iOID;E;Ar]`鱍ԧ=ĵ3̞zؒ,J5) e p0N:i/.jˌ0jbƑ6S5⺀ivuv lt*ĠH1rWߘw#ưRUāf YvXH0l&q$OBh~D=fgarW>s|-Frm ԌȠx#˄-dr J^~JF8x=ʹKx6t.IB9dp1t PcXp a M§!`82yUtryx%ss68ysŜ9bW`L\:f!0t %fc檗3wNdsX6Ŏs(Z%4䰔v8%6͖+;!T0)qKdn36mҡ o=*2X\-z۩O)ҏNe˩:jN]~iaE>ӚJUNm;, h7VӇB枧/P[)k p&,X̷b)oojkv| 7]ha'*@ߍ8Wa]8£8ʻq0ߋ~yī<7>x7ߏV{d!fKbVaQ˶cPz 퐰SBjp %&M؋!d W4Ҁ jtϳJǚ!D[T}sXv_qW `Rppy"qXͧ)CUS@b #TG?Z867t $DƼ|@+p`zFQz+aSj ^0-ygI.:h0'8OiB~^Ж\lm]t-R!ͅ&墦6]Haw;^/c_8cQϛ"PXd<ݿOY܄3xŏWшQ+>֌xf0G>Dt&9qI?0%6сGڇ ǴغMf}xO)bPbYRʺckjEW4rlkYT%qTGU;e8+ RZ Mg8KYU¡Clb *C|\ o\k(j)[5Wng*(n;J4x27p4b\aQKSW,۴HUK' aeхuYЇw%#+hKAc|14Uѭp*Ƒ6Ù-}[תBN (3 hR(HCY`8wPbI]¢+ T[W"c܊ EP0%n1 d* NDٺe &*`HC;&@&td*M$3ىtb\ GB"1 mM*υ`4|zQ%ҎE 5NW8elEj^{ $uhb2\EfMvZԝn$s F?[%*ZBֹo2)0urSBTJ0hV1#*~ 䎥yQ,]2j*Azj.t Ux+0 3/߇&!Gt2 L0,.$){7p!7k@f6gXCs?ptp-hX @`n݃G XuXC_'ږ'zzn j[p< 1tbnD^^/2/UdO6i\4- Цچ^iZ$fw~yq#_qg ~g.Xt:=g~wv__ Aaф`4MFҋe!я?qg1$#Űwɸۋ#rTQzL=^}Cŀ纘{#C`^d8!N )yTAKaihhid-k8dzi2zB)kv2xRFi&6_k"zfYkÍEb eԸQsD6B ҒCAg(êO*?q*ml!o2GvQ3 Ad<@ɕQ"Ta6fs]@ XVE+M+"'ǒA`G\ab"В}40֦x*>88C# G-_*SxX# c2WRhR(eaaTrt$A4<3"5O3W$NO깜0,馡ahFzZvфF SŜgCؑ8ai^."fQlcAE2^ 5ҥM2EeKRbPu{ExMxCƛ 7,>K '*T}H@4;xZIaDF grȩ-}RɰɎ?[Zov" aѬ|°ɱ3C%)nRIengd[SdɌ8-"W?.j"-+*TxQ(?2wҋES2hR7O{>Xmה|R*pd#j#T5n[+$ ;#Uv3,p4. 9N:diJ昢" -m5\ٶA YkUMɍ2Ks% iiSD^23K[ m7qf|I5]%=͓amd5](QaMTZ51t:JF ^/t鹆tI|sp'N $@|E4IIaVaA#8Po gwY1@K r-`) 60ܠ@Q\guM<{\.HN4df#N76TX#U[M jxNV. 3ךQX‰jix,+z55}P1- 9erп/pL_b`pEMΩF][ gc6lLSڑ@z[]멜Ve,p\Ræ`cc)/Uyݵe&=cW][YU];jfTlg|۰h «lkx]6]挺J{1amTa3tb6e`v  6d9ǝ89=ͭM)h ظ`X;eB}'ĭrfyyb+6WwK\{ b}1q09<*oj3W'2ԉP`_ >_5͆w:&#,[UQ+DVrjbY؆O@Q~両.Ozi^Ug)>uϞ.$26"wg5W@S̃rb 粼K|Ź -F$Z&L?9%i?&r؛e 7|<@82 KB"!/sB<Ϸ_ 醹41ҿ࿼ {2p[la>!sr?;S1LL+]^NSRUШ^6G6S /[" V<!CfKȤ\ #5Sp<y9шvRAlnLKf=A* K\0(8~y\xWWf(5McdJ omV*f|U᰿c91ɞAR_?(YrwxsʳL>FH$ 9ʈ&v&{.|a _<N =ԿCn wic;(O92Cۆ>cҌ8I:]Ҥ " '(Fn+V^<QYdwb GQkc] Qt2yT£QCaOވqsc(&8ҳȣ(\^jI.ö8lS8܊69:=SAA09Ƥ4$+))&Cse=nxIJهD,keudˈ8rz#X}j'ȱOcY@&2Hgb=?x&tbxKtRNK*Y3qz-^؁܃|kqk,)e)+L[͐RRKDl@ wYPi6w ȧsP̲tT*G5j棉bN p9- jJj-t>VQQS:i1vVoO>Sw7~ ݇jCp؋HP'cz % لYO**а;ÅPVgNnګ'60C;LI'FAK+YJOBC`+7oPK!h #com/netscape/ca/serviceRevoke.classVypW=oWM(;-qeib)(:Dk)ky(VvZ W%Zt G)CΡ 0$YI%F}oO, xZ^܌N/D\%$d$[Mv) x1!/»Z0 ;d-b)B#bq8䡓1 )q X[9((D %䡍-N2&eL^17eWlqIx@hAgy`ڥ1aӲK֤1Xٌٝahe}nZٌɰfF#K"e YvKu11wE<[0i 9:J󪺂 {fVcbS62{ Aʂ1xs % hV } nmL WYi)ZZ9-+Ƈ܊I⠂[aݢeD@:K*d)c8>-8-LaU_&SZ:IGSt"9K&z ՜Am>SxH >34Rh,v(t=ZtJJi|x!df6[nVSdq9&pO=LO fTj ŰZfI+\Bԏ8㪸*%%^z֥uZd3:E6'EܴT-&ȰhkX,_4 ,OP=*;O嵒gÆ;Aªn1i^j“};̝BgxFZqCGۖvcUԔQ:(Sdj?!\Ы뙼Q1 ǪS,W!H{)>}h:Zy?4~y=<?a~xy>cE>>O>'%=p~?\W~FL3Hb`zSRr΃Hɳιp0/eS0-SnɸF< ˅_l¢ .ɝ/%,_q᫄NxF.d6fL;4r4-;o-ICEyz*4l3`Z)Ҁ+b*i ݧlHy2)hvZ⩌911cfW(P􂙷Xby2<#ФF+AxMG4sv*zvJR]<o+x/(8Gvd@h|hZH\W|W|vn.ScqMhHB=Mt=6rHEK ~fh@;cKܵp#ÃZBt[cl+ xL.ȄP/tyKZ%wjڰϪX6K.n?O\*x ?cȵ6ɬe3yU&L~UsxpU/+oVcX$׆6̘7Vݶ]58 5L8i0 ?O ke6ӵ%Nh'5}L$R-\k79\Bł2LN\̞785:sLrm_)&sxXpqn,ﬢWwOk0 fڌ7UmUV%_0s-{@w6.Cm2+F,˸$|ຜPħo7,ozM;PK>s.x'+`k_A(b37wV.boUV],E ^C0ZV.:&DIgENKG;qwϒ \TY.&4褭Q6 N PJgp~"O** F ' }B_(J"Qܙ*Mw7Q8ie6sXU95*ga9\.vBaW8Q ViQy,;g B1Ɠdr!OQxJt>3ϴqJ\pDRaƳch*[s#V疈3qzCaݹJt zj=A+|bBDToQ?b3hQV;X?&/m`M ް+ һ3i*O5ҝ!  |mφt^w^aDgI<+a=o,GĂƧtSFLMcD (VLil`|(Ӳ Ա?RI[h, ~#. )j}(KfÛ^}pit;iף5/f*=&htbdޘᗭg/t1l]Fzu)=jƗg/_Wj|_zy\nk|?E|o?a747f mݡP,KRY?yoj~0oY5 ߪwm vIhF4UHf֔=fdl W p8K{{5CNH__+W5*5z~4rVluhG, vG{yw vե25 ^)"}|FS' 4d|W :I-Dڐ|0V #Z(#ްL܍<ٞz$P0oEABtY#[vz~izZ@/PARz!ӔAjouUz [T^U ӜĊ7g 4P?!c2Dbzxun*jn',FY n ё-Ȭ){j]6`&T!ȷt\oJj?)3NJB\bg?@iR+a+AyTJA~ VBj\KffVa[G0%X 7}>=ըDSu)M]nMILfhn4>ďK^xB')d\?#YvэI_a8U5 LESҢFY~N_J"3eP,3b'HyW5? R_T32,nRD0_5~EP$TTT/ualMULIr7#遲n)\TZꮮj*_]jaY*WCcSe{ki\ Ư bzoC72_Nқok ]S1Xнǣ7Ib2> kF=j b# vOYouaD*BQqVHYRz'!JT0*3l㘉e/(kpIs30h6OmT\ס /# RO'uFP,2DN^yWkJhAuyu.zn co`3gy|>cܢK7Ou+G~g ~!Ȇ D*xO$!siMiJ :|X*X,PMC[{\ qn@hș 4R3X ud&ac~ @A~.ؿJQtgL e8X R3I*1dfK3B9€{n4fv)| K쓾)eӺ^ҋwVWFuhomBithyڢ2\ :Őz^xY!hof~)MYXJlӴY*A$EC5>OG;QrL&0ʇ#e VD+5dҐa'`CDGaz'Ito2YDS̥#paոD$NHc WKH)W`if $"LD<'\ }yN 5ZbO+,0݇NXkD}^8SjrH$YMHP0@Sh$TQH/:ϷOqosh17>d/e އA;qͣ,\\`^ѻn0f..Rʬ9ɐ"c=dk좜2vM8VnҘn+i((q쥼2ًj' Pϗ`DF$8h];SGٽ:M]G#=4ȡtј2[IcwC!=\N+i"'5jZCgFex6Эt6=LN6z6=XTR=B*n L' ;? ߆ꌻ%YqQk;i-&4wD./ʇاv4M]t~a+CqC3qJ{ahQ bqGchMT\; L31mf@[hK;&P~eAB] 텦 u faŕ,V.J ܥ (40N[l6;3K'`rIFsW`2JS]EsjP_ #&Kxh}f + ~(BD"=ȾN XfF`2<6M6졅++QbŻhJ5Ր!Sl(H'Ǎz"HxQoQ]\wCGauku/;0yzjfG"RD2CnpUFԲ>z3 7 ΖY3\ JXĴ*عK,})wӲ,Z[z0*1_1 y4RIuheUwXeRt+eن`F\[ȎɍNjLu ,۝%M~Ecj6(k0$^[;܍{1Q0$d !sh"q!s,0y?ø?O}Y#_er?q}{{o?vx{<]bIjKOz9W-)(}ȝ'rwКM}?# c$ʿb+xwԧπρ#H_CtY>[X lIår9粛5^Cy5[yŤƖD}d{ (9 ) xSE=?py]t~'}kw&GuKpgY.52d,#d܁ 6 h ę, Lq+8cfS,0yr b3l{fE23 s#Y#A BttA|V X71,E )pϠ8AeLԓ2Pw1,B@+@Nƥ,\UܶM[NR)m@N4%I[*ee2dޛҀ /( (EW w q_A\?Y$3Ʉ|ͽ{{;CBMC\i ȀAvΫuhBOwĠf Pp!b ^g9p  .R `Ep!rxWo-:\[ x\5 k5VxyCD{4Qr}:|@Cʽs#|i7 p' [n ^CܧL 2ijiF<ã{|{5_4x'͗yLU>t]ƽu a8 [<]|[h]C\{:|r# ~l$񗹴L;4&ERkGnxŕ4Ln3Вg K4G:=ߍ:vhfdNd8u~>L;&EehS3}5a{B w؇DN[Na:/g^ tC[Rir@!mf>IeMhL@{{pLK\_\V84xVr^Ը4T7Ne^!)ȄA鐊tޤY÷hx%y0R#q+륈j2vujF^T`D ߪ@4QHWGD9iisp6]I4Jëd}vΉ[d`9Sqk/Q 0njx· N)8Sx^|˶H6 #g]W; r7,F`w{=kED^E%ޕaٍx͍ K*јJ MNx{Da/U-Ѓe!oXaE::ۨ :"M|=HHg *3\1u3tZe%pK4eR!(ޢ`qhM:Ӗ= Nӱdffx o+~Y1l(ޮhv2I,)3lÙ6í޻F$E»-ؙCv:O£ vަ~|@$3}R0>g~?G.O }S%2>+x5]DJo WX_HH! kصuW֞>5RuƱpo2'~DW PQ-Y3>D$mL2ftz8zT|'ٽx*k,)pc!q:>TDOi?cxruQ/guQs/4L)d`n˥ ^7qlQn~ b8w{lY;{ErDRoY-VhV[w{'MYGkPG?__A, Ua;bEÿ8[U~ Ey|we >|X3"h=˹g47?LhOS4ʌM2%? _aEMILfE!!Lq—P$1% ;Nv4ˋA͍ VJ)AGtsim4+/@]s^*mus+ŶR%JjRW`JNǕ4\R)9]Prl,%g9 8qA+ir|M.Pr\b\4s>-f9n4؇S$7jztZJ)Q%L1J+u+߰R֌ e>҅%je ?Bi b^heXZ:;e3rEJ.V-l2}ْJ/Wh*[>Ƿk䘂>HJ-L2d>FjbSUr y7k:%[/OHܠFAH*DnO̽Sw*Nfrܛ<ΐgR++Uޮ^R;yij2oj') `5mUE$!%5٩ Yr&c|ir][Gɝ& 9]?dWl٫d:J*ʼk] pLy%wQ8"w#ە<99Oq8n(*j%ϕ4%Meot$K4vuF jgn htA&%ɤ Sd8Ľ47eɬIr+jȖT P%w )u$$ 6i0T>q 1pZQB"| |:v5MJvF*ǯ39sᔄ5Kd Aogw[z{zjm29#eVn $vz.rmgL`5`uUƄ+3XrCF>0#aw԰6ilc\i6Iy):a~a(? 4BVƚ"5i$0%y`kOW,m=+ɤ'厝}XG9kȡڵ!2.\Ve\ȑH[P^-~Ȃ A ؒuSt2qۦڌhy/,((R4lO:vX2]h1Ѧ/(tF*o4:wpT:vGY $>ݿɢZr->y`عlFCF<;e6pд8tnBt9z;V=gŪQ.ZfZS9(hK. Qڐl+z3ӒC +pczHTD!p,8c6>D$f͏*!Yzm1_Pj_FT?5>g.̛ g^2ySɁ iES@*_H`W扶(²&)ّZQV4Se#Q++W UN>0Ѯ֝hD̫)f$9`.줧7c0zT//^*_p,Bi/w$δỤӑܹ䓺˂^?8h1W$] uZܙ 0!XXMX!/+_,4UQکT6P !Lʦ͸uvrFvIczbUF_@T]kaj>ӈAyckri,:;& SDɗLP8TM$x|+15LχPr}$6eaj9-}\{?6v".KTt99.)͜F~^V 9_D3SkB+<-"{?TY-FקZJ,oDepP=#6k'NfWhX|m tU' K_FʾpV2ic-eEwq"krY}H} ~8?RgPn)yZ\EfgSZ.amfmxӜȶJS:\TI*D%9J %3겾i /hO[՝Dgoe 6A츟#.2_?UAU;T>3wU3ǿॕ=L]咜/űEdM<"YCǒbN#sumj#**@ee,YYa4vw6~@Ί۷#Eۍ7qkȘS \ hРR^cZ5;SKM;1*(Z,D+Kg S|Hb 7>p9ɛ](&MW?erq"Rh/oJ#8"Ԯҟ-G4|D#4-/A̝ZW{Ŵ{|qPwO8Qu¢m1")V!V!XK_h4X4CIY.O am+fC0th!lX_A0|=+fVXhl/X@k^# ~4xS)>Zh;{Q1Ŝk;`s]c6*oX>{q+ȢU/;{:vADL:,i6C@6, n(DQD ET`'mdqcAAdQqAe5s~'q}z]}ׇ>Yg4rw%wҀ>}>lGø)H]1c8H838^`6c1qSRGMgI;m {[Ҿ%Q 1~\FYB ;'BKue锣=FL ShPq%cѢ5fZd>88'}|Zx*( 퀦D⠥rslۯVVe spAGۯS9BQܕ˫@]J\  J46 W nр; eHBPJ%VcN4*rk\/#hVMcŒlzR :0(l';()%ܰM)vbCTBs u0D-o0_Em7*((\LeƇ%-S\'` y8w Zz}U9h V ̸hܬCIWIc *h7^#1z~ŵ*IWYU5Nx$#i/{!A,FW> ,cr\i`51>zcÍx>*Zzzy xk6s_[)݂.{>!>N>v| H"vKHeBzc 72h|'Lŏ2 ?@}xZ|*IU$]5j'UUiJ%Kj42h23Bрaǒ.ո,H\%:"W3fKŇ%]o'g?3?S̷ݒnٵEn#ؒMNQ8KzEh95$RĤ id-5lek0YKoV M0N0+5+W\-:qk썃Yƾ;s*=щN֪p0%7:uS' ˶}w5-QB.o$ERk s^`ee0ci ,f,-|Y%Et@)1T:a8IgtMSL&=Hzi郕52G Q)w22GJI.# sW-<5 iWʽD?Fhp(?QLYtC3e #gXnZ9S ]YYIh04$84f+Ac"hBB.24L/$8YoI>*[o ,8t :vF9,*YY`yuEMkIk̗̎B> 1{jS-QʫwQQBr"b]J<;xʣNT'y,<.I32J\Y ck<\GX I$#t_&14d>9q}88DHH&LB TxviZ.kQB*/ITz% ʗ|ЉgyVUWyp˄V4[Ktn&^@5=1^6 iհ vl[1XjV8q\nGiu ?e5zMTZ3wTn @"&'Q4*r-:: :&ɛx@6al6Ql MɬelWd\>Sʧ\sL=r#I<"v@RE $A"q96aEԬ%<߷RFB,Hz5+<{&ׯje"UtpNkwv偸|kD)-^׽7LP>Soer#NtI*!i#t.\iw^=n] )vFVW)1|^vm4Is;vj)U]+Yxf.dav at;]03c o:]r~;KۯwP$ı35ΐoP#~6A1D~9&QL㸟a<˕( ;TTT^%J!*Pi213c'M-IGIQdj,US#8y5>1eU^ oΖF#B15KH& 8s< Ŗ~@q@\QM*&GOs3i`8Øk_*fZ|7\dAٴZ;-Kȫsh]Y8h0Iѧ? JԒL$TTvHN5î %C\i SK'Eib)?U(sP×6y> (W]˵E9[I``A,>AW$w*WKp#KgrHC6 kSE-H/6)N%{oV24MݝbY,14VtZ(q.WIϤW^ t&[u{*,a+a#,͞DkI:)cYmB`^.ebzi/1?׻0 [^~BZ&o@Dmn/G#xv'$ҿߏ/g*c5דUv 2(\8y*}N<ȫPKTNTa#453>Eۖ|>ڍZ|H"1m8y-j Im 5LvMgbEe]8#Ia^ވV/BnwUfXy!ƊPU rD~-;2 |x&T{9&1G1(R $,E@kmw_1jP*TiًiL8[. RReTGOԆɜr@HGYhD&P-!Dzi ҕbj]q(H&OsEF;H JY +EPzNduGXFj4zegTSTϬ|7E~=FsOE ?R),pW~ q|w爎iTd<=`vx#~ttO`HXv'&qd؎j`3974Uf vŔ7.0a I,e }gh9S|d x sU:f?Rر7Eni4/$H4_Ҷj7.&_} z7Ho7v^mm$U8Nߘ/FO0#yk]8&A"ԓ :A[ƁT/%M;fato _1E!߃q*wb$2 zT-zaZU$A8B>֜B_и˗tād5A8^Ɨ`S@uA-[JJo2(ㅀ~s?NGƺ$CzcY򑾜̑Gj1.~9̀q~pBIGF`߾ < $L ms"ehg44=M-[clq=i&fa)a(`47 Y`Sru\u$M3^"c7ҭ?\tk]NtfIr ]>s/&ꂢ!GkE!Fphedm+MCzI])(vi@w?2y;`><&[Cz*I0aDȍIϠtm-^/O%\ vNO#=atTbA+|TcDH|3_Ģ!`{m8 8%2uvfX_sM=~yx4e7x3X MP2oCPCkGMD nv - HcVJ .^qβFqN[A'̮lma2 ˯&7$BL;8y`K~-Hh}]Yj?{0;$![&*5np8q3(F%(WZPnū{`$̆"^w, gԞOo<e#7 Ѱ9ÃC] urnƾ9۟㤞!t7{w f\m۝N]5UqYLJc(ӋYRkÓT?ڱnƇ5^_xP2\|"/KԆ #\{|Docu{}Asmm4TD:Ct3ӯr@:U4)֍}nbMf:Y7>}g3: vO%}ޛ 2P2T+;:FvDX~|3w>kj= QXF뼲&'F~E s;cXCk5W'gi%/' 箆IliDgMbqK ͟+b/"A. VW{|7ZwtHn,cj̆zlXIq c&S.ƠSaATS%ƶu&0Ʒ?^w?c%"c/-0a?@.&ß3M΃M;Vcf޾|7Q$ڏ|Kf } N3y-昘аKx*:WnBV%]bL dbʯ;@uW vܢ8(^(mݐ1r9n&Śe%87dz.0"EC:,4Ks JX\F-}N0 k_4v=byT݄XjTO\/a_`|x"ٓmu;JWgp?K ޠY yY`Tͥ!vӲ(QO/ n`cs'}"8)GWiX=P))&ys9?_j v6C'-3tcߏ9. %3:{1HM`Gջ\r-])ɥCH7+pF*T­ ; Q@H+XPaXSP1Nꓠj) MtkfEJH4Л\_:LSh}I,j)^F[Z_h Yiհ?`6Yc/{ĭtVQFBg&.3vO+9=nJ2j@sVkt_T\4d*YMIbE Xd?КAhw:.=^@ 6FMm/+l|^*"Y݇HsAQY~olƹexT8wk '_7#2mH8>. Ck|1aANfӅ%ť a7'"{ʔz,^k.dNXxK"=ID)$JkUwK[@.i=|ulAHN&yO[@B[CjB7z?\GLzD⍴VRQւQY%un}U+B7œtmve#\wHo%iOXWKDPpD8h -pP5VX(|0HqJhLKC#M$@m< -:݁7eLtK+kCC& axO:5 02Q"]v5ޠT1M~X&y,"7#]NO*ѭ^ %#O]ANƷfl5:h2wq*mwV ԷUk-Hqbnpo[’} > !|TcJxȻ}ǻ\Yx*k{`:wA+ 3R(S!o π֒Wk-E?Z!Ǽv-DC*or'Z7Ӑ[oȊ iCSaMSo9VlU~**@t6?*jn=vC)4DVzBoE_\w RpDtsկv°%Q4*gA{7MoDq!<3@V$R4 gdvoB)rkZadjUdП3B1G)S@>mYy 9V[O<$ Y/Rl!`u\5Dvw1׀lbm{gہ#W^l9?6n2Nf".͠ӈGoTV@=6>,[J0k6 [h[®s̠z_y_L~rC3b U-j{J4!}~ˁb5|p.nQE l=E.Iw(؅1VC=d0TWuWC>$].Q2ĕ1rwQՐ8VWZ`Bč,Z {'1mi"2Es0ǽ!EG6\Д>\- M  #SV W(Ȼ!9$S)̊(zHe60'FKT9ݡh- w t6p(V{L[."{q~?*Ϸg8Z2psfpk1ٹ.JUVMkIfR uB: ׄwYL0Ju Fv#e˴ GP B$j>"dp}^g+0RU%vCXY> vP~c'10].g2w#u0j鞫R[ Ujne+.B{d@ua/{D}#b]Xe1zwQDy^0 "-'TG<f%ki^>xbAE=˔}n9lבĿXv,T`f@wy,x hc:HsPIFM=5ZNơ.|xsegg' G_l ΠF/Ne1c}t“P0$R9l8 ][Aye>Z'/0K1Z6 ^{=2oȢ~Dh,ҫ;2?X;wb}Z*T.MSf)7m,q:v.k|>o:][2QXϳBwy䟑bR{>|5f|{_3Fl(zm>NX/ O0E!ĤmCgˍMLHYzISE44KݐyŅnε]Xo7YB6 [H4ygty0P )Y2u&7 iiN6cT林d|o о0jZj~c"bEyMw82Xu陋HfJ&9$?3O*;@rL>= ޙAz!y1g]Nfi`ӽ*a?!< 1Jx]:_T%W4 'h0,,QhCyz&BF:AqȄPaٻRh}W>Z d[+^ܺ2y{HtisIӘ#",nܭ~qna9BZCZYԥEjqW QpxoYo0PvzR+<\Uܠ]To396+BY{Rfuj<5=*ܹY-ə/Rx 7܎3g)NW`Z+fXy"a``c&=$2&wMo4aep2`#tElyE5̜NZ F47(ꩣta~+z0e-gl egl 8)(;8д(Gaoz@iDmmnA$a"beMٲy&`.d\Ϊ{}P$h.kQWm ^UVtflvE#UGo pX ! K%q\|%`Hh%X;zE[o>Gϓɿ%,+|kIf&Z 8 {z @ 5Wnme֫:>6xF_K/٦1]pʉ=d7I-e0vYI֯)<}vܭ::@- N/L0k =MY`c [4 qxn6ّv>bS:|u75eXu@ 0+z/_eVUym\v{{"M,y|=ǂ Aq|=ܵJ_>37Om7Aڗw`;7VݞW<9D`9!) *$[4ΛvgxQJt.`Sp'|\,]qsL5'Jinb>Bno\W6QŇX!TX whh nvYg^oX[di,U\U;P뀍%7k]jM Z J\:_րe&8CwJ| Mi"=pBgRrI. HQ>E 1%j4RTͫ䯼iz̅kDj3V5hmL5 %OՖ'`kS`:Fr`az s.3 x-(DąG`#8D #n:)ZZ!=kibrŚpV5]rҒUg"%{T'xO zLWeZ @l{uX| S3um=bȈ>Ȉmp0 &(V A+VWo"@H%[AN,%};K`ۀs '5&\~nExo3%Z=92M`>5#2+ʊ< R@U,k+'d4vcnVo,>aK#D79t*x^jk; n&%-H95Pj.!ҳ(U6DX Ȑb)3R[dfo`|Fʱ9Mmcµd(1DF)hJT_ uckNӯ"tZ)/`XJ7_T6E]4?tlG.{SU?ڜV[`^ȿ-yԫXF^\&#$OOg}|Q<:x]KXDQ~"/ˎ/ ,5-]-pcF-OQnBvFܯB;\B(}J_}\Ɩr{V *93zjry{:`H1HJBDky]*,5;ȵ]"e1*vBSћ_$N1w5"@Ug5fA ?' o7 JPzEPO'>VF$v\oawxj h[5> 4kw ɀreЬ&`U̻V5N*_B]vZ2PvQ#k/9Tљ&ѡM98 R6iM""%X$LU![[v;h[%3 w>q =#NdY۠hSywz׈%x*A މuk@P2V~w; +^"d= m!Agz(3#bz3 S)9 xFW3g,Rɻ҉Hj%JW.1Ŀ%~Z^e)O/SyY=$3__Fk3vR1H3ll H@]*DM_gB .bNBڨ >56ŸqD.آ>[_w~ 8aVF(+FjYӜe{rĶAՖT䡱'z/x}FC3IFRwWo?VF<ԫ@q<NjMddtz!f=HI  ci䃳Z}4hl>`"8A"V舝aVH͏KQ+ϣmDy`,i a'kqa,F\@x֥?3Z=5 \JәSސ4?Ω=CPdRPV'dRlZZS㑮.RMЖ"W=!-(߳'u{0hsj" $ f{fldJ1Et͹K{=FqU;621rd 4~?U4XNqԪ".927`C_>]d\,sz./X39-j*W uu_;?lsW! yZz c%K@p:y-PG#.&iJƹP^2PD cn]Q"/CP >ԉ' N66Wr5S_Nmuͩ9$ *w]툖 S-idZDO$ T4Z5g"0Q׺ZRtý~:gW*ta[Bb)=*fBgDG4: ZL^կh`[I2ec(kܓ}aݭUp9i pzֳ-y=&-K:[omS@ B_z.T_6oE.R2癃j 5vZoJ;(ƉP;ρ?yw"Ceg\K o*C'횲?0SaMv Q;Z^-8+0k C˃]`t~ʞE()#—-^!կխFX1S=KlR{IZ]B^D5̮﨓A"܈#4\=9Ы ۇ UL\-'&mB ɪc.WMT@ؖv'/}0ֳ7ɽ0BRd{ >iygk7`GY[". 15q%c#Iĵ|4NHC׮I(D* RۓcmjH kOy@/ &J[R rWkG[@-ze;䚁Uc֊'4T.{;+OTM81BJq|UYۥ2FJE/F'F>hOݿW_DKd 2/ϟ]t`H'$pX!@78E? dx*4B<]cѐzV;ffpe q+᥷QFj!"M]XfۿA`Z5aT/+7J<©IP{"Ib.qiӥ&R YZ