pki-ca-10.5.9-13.el7_6$>u1VKU⌢>7?d   D        ( F L Tdd d td d nd q(dvd}ddT\  4 (d8l9@:GJhdHOdIUdXVYV\Wd]\d^vbzFd{e{f{l{t{8dudvX wdx,dCpki-ca10.5.913.el7_6Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\.x86-02.bsys.centos.org$CentOSGPLv2CentOS BuildSystem System Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=m)?1l[#t#1J6 ] S }F}F+ g%~~[G7(b)e%{xZ_,,zb+z 0foxJ76'P8bu}E% *S*L$,kI,A,:+A+3u9 #%##"vS "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9Q][  T \71 0VCCF6CQ& "Y"\><bc q  dF r- ~->E,g=tB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤\.[!T\.\.|\.|\-\.|\.|[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|\.|\-[!T\-\-\-[!T[!T\-\-[!T\-\-[!T\-\-[!T\-[!T\-\-\-\-[!T\-\-\-[!T\-\-\-\-\-\-\-[!T[!T\-[!T\-[!T\-\-[!T\-\-\-\-\-\-\-[!T\-\-[!T[!T\-\-\-\-\-\-[!T[!T\-[!T\-\-\-[!T\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\.|[!T\.|\.|\.|[!T[!T\.|[!T[!T[!T\.|\.|\.|\.|\.|\.|\.|\.|\.|[!T\-\.}[!T\.|[!T[!T[!T[!T[!T[!T[!T\.}[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!Td6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00ebc9f4fe357967b70735e8b1091f8429563a9849391c931795aad650fa346f84f1c0db21c1fc4acad6d16f5e0260cba0977a50fc158e19852e36dea21e4cdfd8e0c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c82a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f62024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69ab635b3107b5f152b0d109c594d30b345a411367f6225df121e338c02536f4dfd9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dd2dc066f3dc6e0a46b42f17b9fa4c739b1cbf2c27cc9197f6900945a14f7207dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c208143ceadf7a4386c8b19a8dae483ad52f07039a7f985a5a012116a83883e9d4b788f7a808a87edef183779c0d3a4609363857aa1c21aacb86257582c018280d9d2cfc0e1f19c31633f0c71cca13eda286d22f389ce2bebcf1d29d022c94a9b98ccec6ab0adfb82d3929e5d571d2157ef9a4f77464b001ce8efc8319164394d24cc15bf06ff8deef0927b695d326de82058ba233500878642d560d2bc0bde3ebe95a1c60cc56866c750a59a70c6c134ea6459a77a973abc6953b85309f450a0225274f6866c00a09bc7b40baef850cc8c932dd5ec5b3666c1854665fc8314f568fe5c75ff340c4644dc3499e6b91f1321a1e4ce4f3dd892e93d10b3ca6cd22b741cde4e4825e5c30f60418a624f71213672f8040d0abce578035e96d3cfa8de606de27d407a3f3e9a4650c1c1b49be68239732577372cf2638f71daecd3d9292b015b7cfeac0813d63b114d76e67a8c22c532fb7f106404980376d572db56a38d141c99eb75104d02d3384b36b75f08d4d13f4cf24e42364783df0678c22541bf7e72fc1b0d55c2c7c01b8a0431a070a2410fca6f1c57e22fd46e46ca8d70c901d805f3129d3d149048bca7afff85777cf6f6b502dfc4253a442b2f7a9b00f0d5b1cb51d5103d982fe861db8608b9edb8e6a32969827fe15e870062c2098dcfbdfb0449d1ca26f2daaae39a9311c9fa0dd5b893f2d5129603101c157a5fb796c27d5f9419ea7524076f8a57670bc6f788415eb5690027ef28cc39ce90569d3380048f939487192af8665cda4b1b35b3dfea4a1c88a3fa4f052a3bc35163175399b6e65e4554f66f7d822b2a27361c9c86c7c9560a3c110f75fdbe0439a989bce076df1d2b34c197e900b7b4d2e0476aece85deb1df7d3f3e3740c40a7701995a24819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4f27679bdb8f5e22e5f5623a74dbcda8215e1909aec6d2505892815dbd40c28931a3aa4dc5921c73ba193f68279daae894ef8af35f159e5ddada1e021aad9e9667a9c2f38efb90b6c24f51d41dbee3f3c346121658f5684e87d429c23a5bc49642b2003d3f805f392607559ed637c22974104ae7d4b5b88b111123db4809082d0f8ee5de3a92fef6b095b834c2dd5ec6c40df918fac07d177bbf434d2b510579dfe269c7f1960df6caedc2f3692eee7091fe359a17bd5559408927e255d762599d4b4655eecc878c1f117bff3640f17544c97364564e4b8e1131f647469468ac8b98bae2e037dcbef1de8eb0f38442e4c7dc024cc5da72898d19f68b8c50297d95b807591f098bd9a92be058f06cd18e076c431b88352201c21d594372d91c650c283fff6879a0b3247f04440a68d98a9deaad95fb463171008420832e7887c33a299c24ef69dd7310d4cb5f802827678c6d7ad7416ac1650da7ededdd1e91128e35e898cc31c4fed5f61bc2e2cb1ec2684aaab5f4a94b3cc5e84d42a84ba57d7d2d050b1ac4574a95547657812d919aa67d3cc17fad85c654e07bb16d8e5626a15b3831ae5fca439f780bc42ea11a05c5cdace1aee43a44102d7464f99f5f4a9f410e0c510402b3afee5025043ed21d22539fa3c0ee158306802cc6a503704a7b2e29c02f8f828bc173cde8a4c84b3b89b5ba563e2971d788f0457431e48b037a2ba523a398b6eef9396b5742d8aa7836133ecf70521ba6fb92bcbd6bf9ccc1abba3f9952ad3f8b9607d631b7c81eb29c8a67291ede8108d056535e598eb1bfe09e39d96c5dbad89b4150cde9f1a03f197b83ca2e4cc50edf44962834813f62a01fe68f324ff4944b30313f9a3e5c5653aae04dbfb1f6c6103de05fe49412fa73129b301e02d384032f942e8f6230fa47c38e2d46a139cf67edfea801e6e2cb9d4dc74c7f55a5fa8279332a8d9d9b14a2064536946e146ef6f13e47ea8882c61bdb1b53aa72d0876c47446ce5720c0254a1169c9715dd1ed7e38beb6d5989320ddcabe2e59a209706beacd214bd086484765ec380d412eca3e8e8d94168387f25227f78f8984070a35f6d12dbaa53b68db1f959601d93cd4116518abe99ab7dcc55fa24ef8f29cb36fc3efc8d31433c21da3cdc7d34b9419be658f77b1679883b53475e19ac1d885575ed8fd1f57b816fa4c39ad963db7af6201cef60c2212bcb9b1264e5b18901a9d6564d44486b891f48e7eab808db0b4657882b46208bb6ac06404bec58bc67603c82f5aa843f8d6a0932888960673ccaff71f3a56334c73021a9cd152d5f2f45cd84d76d5d9b2012793b7cf442bc9b59229542b1abe7c1c069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798e2619ed8cbabd811ee5c8d0ca7e626402ca55f2c3fa970f32ab7c316b2a8d5d4d69a75b878b4e1946387fa6a3706d02ea456fe19b71853b81a878b883dda336b0d4dd3d7f01030b858e33670175f53907a29f8274650e18882b6d66b764f3f75cf53c764ffbcb836b094b4e17ce7756752c89cfa1f737754e7a643f5e988ecc541a4aad51af047ec1e4d89e6d0b466a2b4b5c693aa295649d4c4bc3d716c9397ef5d9b0f4d416a8bdf8f4f0c2e8fcb6a2af6e77b23b916b1c96a1a203633f0bbd917d2bf9eb5a64b45b7deb287801a3468ce15c19c3abc1a8658a66b78ee0b0199ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feecf3d85f33ab93a1a8eda5c558d6b58645d65a16f751ba49cd2f38d722f7f194a8f0e34e2bfc62b110b7684acbc69634cb1f3bcf794758933c1473a7c76ce5636f3c0e875934735735e2db4672ec26b0aecd71513a79bed49c7b7ea5c5cd37f8ee461c0b933bba0823e8cd935dce4511eaa3c9eadb61383dd9912cead9ff1ebea43bd42c72c877ce5b21fb4116fca2e25685173e25371b56d4164d378dd8784f0953d6e2c6c8829a2ce64212275c8ae0b5c8bf1c111a1f0aa4de5c57595fe23eaef3d7f0b60a6f59f1d19ed845bb8eb80999b8d5f95e01c28f8a027ed715ee2e70f196246ff270db8566b5229dcd8c978fbfdd8f45970bf5c940ee56ac2266819112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617daad735276d8f629cb6936827ba522b93d7c51e58390c8c1684fa41cfd7868114935a11ddd421f4f82e7bdef41b3a248dd3c2276ff47446295aa34a1effb6e8e67e6342a29b068d647a27a919928efd5f2b1d22b27fde5aea876d77b345912d7867773345a21b121518fe70a56bdc8c7683cd6883b74781267b6223503405827dfe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121393548048afe663a7cd33536c81b530e559e6e8c13229f820c4dbc167383ba72607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab8fca203559c8bfd115dba0a393f9f573f8a100d9302dee0f78d3207bf2a4c02828b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6abf19d91086ce880a7a6bd91c1a5bf27c0c3d01e4e646f7617136f75c6876ba7e9bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e046bf1169d8c217afe1ccb628d6dc722d255413ae0b658637effa7b39bf832bd1b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.9-13.el7_63.0.4-14.6.0-14.0-15.2-14.11.3\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd10.5.9-13.el7_6    pki-ca-10.5.9LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profiledb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.9//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !#,I]"k%nVz(+ ͥ3º*F;VIFPNZUĕ_yQ |1NzlUU~{3N@ x'\6cQ<#$i=⃪v ytt@u -VVR Ma>FMv+y`qꞪM,ݗDN>ipiJYuncM;IK(B+!y}T SL5Ujx7U'Z6~< X{+ !>dvLJa\ ׿c#7Oƈ ;][.1 <aK67,_Kb^<0px?K ZY*2N蘣zne| 7 XT\3n%C4mf"kM!pDe߰k@D '[8$KcJAՔiSgNB"5yPDs* Yhl7q@SMsXKxePHB *s~mDҨo3::>^OM8'i>þ-촦Tw@ty\+/ ]Nju[i_#Z`x.EҼ$lAHd{î-à :J/]ܤ]3!?hFE\_$֓fBy:X!6fAa;KqrņC!K,]a?ynw..\i 8DR촚i Ed N<뙜#zsI׶sՍd m$C0\d" 7Qb Ki+_bAﲩLceύda@3R.s?vlS)K27a6O.+U;RPڤl􄢡usi2L00?ePmyՌ/St7pŕ_e=@X>bWYKS#nEܨV?ri&氮a"[]T;qZla Njɤ&2^zznx&s"4TPl&jӶ=@I:IF?qz.ŗHiY"⤄ߐiڋx{RY6?ZNCdWĭoe!Co<ျŁ[ڼ`:+Fݙ5>4uP׋ƷHc*D[4+i :v/w7v EIdA*ɫN k[>j"hgrwo[%eNM}=u (}7˯':Cqㅤ@S!/1uUD#s"P¨hp .-4CN'GiO@}u=7pc VyW0>T3~Z,0V9 ί?Ճ(<9dQ,)8)*.R- >^sۙ>bj=Q6DxbL%m#kqr*yQ1%0 {Q؊,\mK+|{'y󕡾FA!(VNX _J(L>[-a[AT5b!8[]fDX%Cٜ͋tR"ijiz5DYClD%ۈLAnrR"<7ׁ*h퐝8 RxT 4&%Wvb&>G>o2@n`RbXzt F)Up(0I }^9ɇB}1+>WUBW*f&%&i{ ' x13Gm[/C}ʳ7i5Œ!`2#Qek>81M.(NhŘƓ!\XrF"O!16 9+;R̠vxɌU{iȿxٹSײ{hNԔ=J_^ddV^eGrzY&~l %-gGٚC#4A x.P "蓷ryNۑR$K͔1 /rJ"j²)N\σ4$/Sxd^f}9KL"ol^h̅8[F8OCI[6R qA<dYc_q;j ˰,H=;Cd<'ܣǜcIy.qKF͡0pSϊlyjz-)MrwX,ndӀ}Vĭk%3خ,gh)%-|f V}Uͽ>my㕳ɂŮE^!67RR*LϙvvH⤯Z<Y# K{%ʻȆdDB2 1Y;7"RWp vTFX懐r !U9KMg'7nV=t'uDFqH%1Pdv"R^2h qb?1vZnU 2B]pX}ua.LD1 hJÄ5e&UKg_FkjDNw^ro0;Hg2* iߖ }|J#}_ۊ?=[@ߦ<1bw&f[OAƉr]1731OxH*k&҇~1X3΃ \aMYlg%i~N/O])sX-k\ UW ϳ5 ^/Ǯg*>IU4c>)Ҭ|ܟm1덄9 ZN /<(yHrŒ]s6=@RRKEE' 徧t{E} xdF/sqS>yT7Mq8t*[gS$^G˃zIyHeT̾U) EcW&eF?%L{C0kvQ<(qn&/<9(mq=f $˓њhma?8}eMW{:\7!=W6f r!q؈ܣ ɺǽ0tlgQuqW:BA^|iY/ iXFӱR\ok/,RdNjuEx;";|dXcJ^Yqt(Y@:p-K(!!Cj6ao&D#UZ$^PZ*,L0Shg!ox "w/2b0rJWxVz7y+ L6YOMFAG_ @-tq 2|>2 &Ma% |GXP^߫*l,'S!N!:4%djǖxLJw"/,OlNSTH-@#' #<൮fEN߈Jt tN $,0L-}A d֑Fd7m&Vb VD"35+n,M5p!:휦5*'H6l'͏.y2 B AOj)?./TY♏R݁BP@y[;*HA6ZVn &fb)j3tVaػg;WQ^GoD,QFvoֿђ+ TSx@<)Zm|!@[}sbWYd #{4URD\0İCkFvbS*A2RFKg0xFQn%@?pgI2ac`5|;.A!K]'DMZKn=fdW`L&h8PÇ&N&~>I\.D2fXF[}ZA+fpfBU~G;/p1p'K?p8N@YD~@* (1fy;n@cN~;-]~X6Ckl#>Ǟpa:8'I%9Hl/DKYEeZ2+ig?џNx $+0w-|@(,FB'V(@c1rUw [=uLftgmm&ioWjoאfbCQ> Jg쟣VD[ 8brHXi}_5[SΫv·]fid|X+p[+}k 3[rxFхv " vOѴ@F㦺֮"YЌ⥻ʨ. lb񆶣i KkKtiE(9,7R4sh+@!{nxFɑ?/<=N((,Qj݃sk;&"ֽ*Vչ/f>>9T8~sO Th/p#(S?qQT׉s,6S#wN.vH)#fB9S{Y^ԡ^To!v 6n6o#@W:mf%Rеf:ފWޙ~Naz2j] KY)h4<:uNm 'D#z?a T{.=-K??vkȲk~|^C&M 69>U>H# ~ ">^'Eҟ&ZfrSk<痕YX4X/'F̔ `ԴIꈔGZ4eaM+R(M 5ڱ͂hr}٠5B-Lnf9“_ r+5fP)|m'q,a>8p)*H1EQHI 6,i-I} RWUj`za}|7nыo_ v?I6cMz$~_ Z)0l?qQ?W^ʌvaxw_JwA5yy+µZn0tjp\06юEX,ۖzRTSHZ;}};B~D){$@7>!5νa~O ?1EőMkM\6#iFpR ļN^]jǛŋD!}e'ѭvtt"v"`OJtTuW!a4Y팻][D!W:?Aw\%V@w:;ʣ!umxYί2d`I`mQd]Xn~ /7Ǵ23,IX Ko\<^NzB*3jΠ cBRb&k^WẦ,5;PmNYp)֑< 袷it@K<$ʬ1VwRf(Ouc0?cV?l$"J ݙEْPCmUv4d/wμ^ YĉFma=(PV.)?'cpaxQ_"r;Նx /<^ mHS6ap- /GR;o5>@fiLЁV}tO? Y)b9;_e- N'x.3"n:O!oGY^0(%qcc&'r` $;y۶_>\ ˲r't)jL4{:jQ *(Op#iONuv/WalS7b]O^0Q%A5hH_Ojc0YA:dF^Xd=bw+af8*Fso6K'W~/TY8D Vşk̓<݆vsqLR|kNLly0+u6t`ßx$~^cxanG"C}z*Y(+`ۻpŜ>p)`u)$/Bv23Ƹݲ0JՃyNc|6‰PDgQ*tKNXxesRKx|&`69y Y| -ەX,C4r\=5e)|V^k &- >v $n:#ZQ *__7I {IZw>w0a\dԉn +GwQFsN׸;2VJYZ~fSs'lL5YB$O;Z# {`y7*{|7zb,g甇愮,`\cP`hosd R' F8j0,;ZG?zԨR8M٢琑gk(v80S}j]]c70YUy*A$N&j͟=P@ D>ۡ^[#:RF;gtV?)VP#oYG$sbguP@%jRU. 5{4}-G|;2rkz-,L6YW96-5goYEwu[GX'ؒpk>N=(b'Q8x_iz7zb:բWiV-KGٵVɞ(£SǡGК65d)T4%#ffx >#2e_Nv9lU4]Q[.FcUGk`~Κrxb]XnP5_Q`&z3Z wϡb64H-uXԙg[ =vܰN|TNjiVh:ѻPyP!/S=IQҊ )EWz7CNݘ,609p_59 fz /{iO^Z6@Kjx{ss a0 =.4\1ERP*jDSgjx=#!/cΥBrBΎLAcsՄ$σQ{Ec9##lZhJfCr M!s߭/]kU\3dNn^x;ߘ F#:1_aX!54ڧ$)1ui>e x-RAxi4J7kVNj-kWeo(8tȋtI^4tW_ M{czA?P \ Y3_6=S[.i~r/o^FdkL~uŁbr~YMyqpr" zMJQ 82{Z 'w0#t&E3, ؊)_=g|;Kpۉ 婡״bI[y7E@& T>.xG2h屢5y']fjjk>žj^/9.fRY?COIL}zBSzu3hh,1L7蒀<%~@;fmskfh6X /Gd&:zi0|%7ZR /0oVscg<.X_3tGxhqC Q0:+Ͼx5I[~\orxXgfM FDWG'@7~/L#xiyOט`^ײe!\ jotJU̵3?rPsjNڒ܍4 KL2cƐ@^̽VԡƐn,+MJ29dUY;e+D4(L-O91ւ!P:JPJ`53ݖrq⒃%VW ~8seОQŴrNUWziNEXhu0@i$bC ?hytڮ4$ 2;m ӫ:u5?1- Tg}[QO 8Iz ro}gF1[xC%@ܔͽY9P3B(~w,_>_֞gleqJqapTek0BodJU~4.Lq>}sq]eF)1RmC|\nOYElCF7*:|q߆Zk8]\ ES"Z>ai6 ۯ;oepF9<_3ԈoS"Fn<{j|L>2YQl#J[p웯uTYj>KQ: ;kvk Yׂ56Tuk~R*=zw[fݴ911ELRHGSxMe>+J c=vNƴ .z}%ʖsMwRE?n&  8E6T+칮k{l|Y-9Ԩ[Պ&ʧj:N*WB1fN ͠/B[aptRĹ0tڕl8=hs}tXNqUoJQ)3ő+Lm4-lCxUQL)(GfULhD2յ%lӛi6!tst32VJ"$98Ю iY*~gGx`9.z智Brs]muU y 78jOE4<9ClC2\@M IQLr_HnF&˛O8'=n[t!9mWƢg*ϜycG7zF~\""^AF+|#O<(9эYmO yh \"G]ԯ caŬxz&&ܒbw|q3P ϐ4tj> 1WgpQ?Y}>eZ/7 /nZJ$uy1xcS5jicP(Y軮a܅V+k8;ք8g=kv`3UW˒J@5=5988!sJ$-⪸HOfx(S@'dͤSLmwǒ$iT1 B-8TTHz~0Hڗˠt:}6PC\~lŖ)ycS)KSt_ $? |q[U&+3$(nǖXPbz h?Gw"=SllgݕRcR$`d^w廙Pmb(ڻ;(m8 @NC+G'+ȤZ&bAUŠC&ҼO4^hy*3X+ }B`))hE; np}KlecrN3<阫΅D;f؎GO1kyO q-rS r8'Gі'^W HA|d3fp ȓ?˱\S("k2 );)5/L-Ywe/΀ؖZgKI"4 ;>Ibl5]+|iھ: ÓvNbiVȦhjL!oxiosܟן4<:V?=KLjRJm E][[^% ]N}cY,l"[&ރ:'Rl%eVy>8P @A/<T<}`_~n&hv]K'+]WM;hal BMnBBF*nM|w@6V[eH*cfA2_d(1wvvVg]jO3wܟ<`}u'U"y`'y TsξRcoeN( ͺDPX~mZca RPQΌk#ߣ:A EA+NAIU7\~0oe0'4:Mj.i3fMG[j,v+"8(4tbPbr[ګO>+k)r%ALQQ(:7`l9]Ppo|,zu/7qI+PPH ^b.sĆ~/sp׭"6b./trf@RNMTU \ev_5dZxig':Kv+rw5`#(]tDv.ѻ0B-<&"$.ek"S0o3>O~̷/118\2PסvߙXbOݹ|H=" JL-5C8@4a/gJ]Ia@Ku~ m${@v'rFd- O 'ex$ "Kuk]>'tבP 2薭r;”Ѝ:&`E7$1{^|ds\q@{p>kOJBҼRdD&H gku9f?LC$3Ҍd6+jH;S4h[v]k,FP:l_{dUzjKy3W!\n"TL,Q /Y42/ ("e"7{ +6^6CtW3 z=o=G5JDZO/689iE2Jڮ5FM~y>MK',VM9/c_,0*@V.*4-n@ ݒ’aLXqcX3V٦`iw 9l;0yJ6n@k6zNlJ١| BHa0n޸SoD:[כ)' @BfCJe h~/7s/6fLy&|Ko='zhZwU78\i.5M>]x0.e}N B|f4sR6QD mYLQO2}r !>Q7Pio9}&Ge2g}{ʎ )g[O7IhPB3A|KboL\Ԭ T]GފOl)W S VA6o~Wc ᘴIXa *9^\;=ep'DLXǜ } ng s I%n,#ɆYSNа(i"d^BT&ށrr6|5͐m5FN̶JC=!%A$ֵтr=Řo=Q>zlCS+ @2DcЅXa+KXRrBFnsԃ36řfe]5t(ԗe4G_zφ؇iKzJ&f30Ѷ :Sa R@c' 2CwSE;WF*u!N-c vxH[7ERNnY,b4դzWMߪ~j"V bzѴgs XlD~U+c RzS! Du 5f+X-f%c 4<"EQM*tSTr3FkDHʍnaw B;"6e^o8llfqm-j I)˾ | 9=sOYiƚ}Z3E*rGG|~Q$x~1-O2\P+=m[D>clK6"ݖ6!wYL%i>Mw1Q|N xQ!uآXz"'ox<bB(cp.{)olmz$d2V4I)5ƒ \[ۢEGٰpA4gXzxX&E ƋEXk'itB4crB[-[-dfO,GZsuNuVǒ^ͤD`L\̘],Ĩk3N_zeD \^_gEr倴Wp[VcCIQo0ҷ@_`|#ܸLJ.+W>_vz=K>~jk'XK\l{с eˉW8IZSp@ɂ˥uվP0RZjbHQû?۠6ܭY~{6Am./kN1ݎp~f<1ɮ !qBsUM=h B$;zD0emUf(!֢axo9F'U[.-bѽˊOӉ>S8e>$-v:LhdOJVSoiglIa&幹)5X1bÍ8 -ٍz=R`׳?QR{ĠYE|OAgHme|GPƪŤ.:Rt4bn!{^oCfծ?_QyJM%dBG%Mt9EE!F,(@O͌OG +;3hEn ٩MO4\4APyytCQ׽P u}wT^;fMQ\8g maxvс8~ZD *D+Pvii٥P S>tbSDPF\_V(H/l2~0]yt;9nFÎᾋ=¯zb~.]i6 LQvr&ϭѫSŮP\M+NC8=ŘZЁ1Sk2ehȇ•kuhʤdyhӔK=MWگ@#tv=1_MRۑVQ[n [/xok,W`*fu)o KdQ<2J!0yE|!:5v&\?q]'FN&RC^WrNոė1H,[zL-aҾĂر]jf䍑Iv " 1[c1"#<NJAnX[O=ob. LHMY,3DCgȝd"7~pO\O!pbY{!{oٱĥM0: T2pÖ#.,E1W##09owiMhmcRLkIδ G|DEPuVH#bJ(†_kzǏњs0)^F~RL&Uo<)Ghu>ADDj'+-A tMiV@c^U74$$P_1QxA Xߢdfa dvACUr _^ TI[BZE2$w` ҏIKzp}8{ 9l`uM1I*_IUBzbV |:S}䧂A"6[oF,s2؜79%2V[#|`GU@!+xJſXo[xpv+_ S=q`YI1mbVi4ڑM(~釙8wQ*A^EA W)wtq]e *~>u.LoUɎ(Fv bG u߿rgc {Nkp*aw+Bۼ`u+1{FsDr`& Khy JAKg t s"NRjR/e9a=N-ZxD蛆X=]ȝeuh숤chR %5P~q~+YA^A aaVUp̛axnAO zs V2keZ ;v\x܄Y/?m+l~>f "fY!|L1m`5<9x#eU)CΔVSNw*;lbE5:ɹ2{ЁrѠP$Nx8T1[)!e+ v}owlh)yՃ: Nha/5N%e&eA ৘:zVq2Nv(@&T,O݌m }HIFgiF~S"ь wD  )gxJܬ$_ 3C-ˡlW.! ?( :y~P\aا 9ݛ88I3zFXxT7)=W|+20}1uJ(ssKJTQUI߽,ϱIyBԯ' Uhż>v_<ƶCO\Iɰ}ɟʼnɑK:kLx`cֶk{pwn/ixr7Y3n=uX 8㗺3" 灈6IRq׭P9˿s8WGO}Da^/%Dr" `~M6f) ;-5%WR~ U)lwW_DaN@OgS%hd|Y< =#S$:w2:ҝZܠ|%簢oBm]v>fez@^ôMSnm(}Ti~.,Z d&)v& \&B d_nW,X.sJ`%>U,>J^᮪WbuA~DҏCUŠp8YZȶ81M\;*(Ng0@s-ZT7h|>dxiG@]1bfAU:\hz( zO26) KREvbA_r;1)5ri?wEqJtoaė9yxWe%iMFo!zL}{&MPǡߞ5 I3fSTRB `.87ɩn#WV }\&䀙:fZ 4杮g+ecT$sDޖj!zQdG[/taݾ^O4X7f=_0DIV; R`5H.3Y@֩Z>.=0S;K}}ߔVT4mFz߃AO+Y(zR/z,҇),8^/SVK4#-g͝xrdz_ rkX#9lؑjMN'5 W#3؃sҞmKURvS$J2_%'Cg[PY;+^zg%r,K҈ 1pbW;I1Z$>F[fiaXF.ZrC3QRya6G҇R:F ||ˤ0謩\w=jC8:2td呱cUL)cr;J+l)ֲK)n2eK\%+96Hd8@D{&WLL70`y)vM`#';)ަ8u@F۞dG׽Y^ås!gwsitز,pM]|5Bc6~ʭ3!0A}N֦JV/ak[VJK,oIݴ)ö>yot(mce!3Sτ23*tB5ڰ{;0p6e.@[፺ GUT4rw Ƭ)"=FHoM07*.fZGkXI<$HPɺSGѨ5#,K&P<,|%;Y/lNG{REoTâ7 v~/nKZjw[ґ ¬t.wu9p =~h qlْ@PPˋIQ{'3Cq9܏ΒY>0a#z}2?V̍z4o p";x]Z%Bu^qS2m4oRJЏ Jv+OA vB\}\}/`%i`hz@Z$Bz[KƂ1S1 ƎdN1O-Qh@PgY׺8 6OV ZF5Gغz6XME%X*Z,>ĵBfP43'nTkVmEtJ95<7N/I?ҬKDkBk]oPhk(J⫝̸F#fۊ@J b`Ķ&%Q@ <-KߙQPԹ^ǐ4L-_"Y 5ߔx9,On`̩nZB޳-FyfNFq?1$wVgֆE.3R HU33Y$(`q;Ss(!``ڋp_Z`. :" :ڰR9~w{+EN!z%J{O JtNvzY~\ey=q]fasBbƼpdtIQŻZ Ě}3 FN |7U:!QK6R+fo;{w>$$k$]6"-=1w L-2rE8{rP=p{%(^5mz|aE&p?m&HAHxco.̞X iw C#1g%C0bB nTBx9,?NƝ?OR2&8MθrOޓ&~䵆it)FkPY ?8 a5oS Z&hA0!@'ŵQ/ %!O_fwʞÌÆCmoKjjNu;!UUB]u}FC NM?}^I!4D~9&f̢YFu:`:SrGkjBlf<)%H-Ʃؓ70|ݻ .bR/4Dkx xMʮkXLN(Elb+ 6rdΗ7"xzܬ!AWNhγ% ʽï/izC"&t3mp Blt^ى&ey |xba2,Xܕwcf  @4BhgHṙPhM~.c0SsRO>q1ȃz5ɊiGT,3 ""qJQ2OQ+ݭO^4PQ@gւπ_W.89(3|63)5Y͟ł|~mJ`CCwU߀U*6MwJ\BwjDUk" 7>1(OSnwa vg/&Hxhm@Q_f'sCeqRA,T z&)Xȁ.$rzHBKNT!c 2Y8q򣠡Jhߥ(ex&㴊füOp޵2]?i/ #NO s~iklW~3@x6Ug)YN/}Z č$|i.*4RL~eۀ>>^xd |BJMΨ`$M*U9WKvN'YOJjB<ܼ;XUROgup }oCSS *~'u=eYAXB,g[0ߠf7ꏲe8-s'm, 1?ANu `,(0t$.mZ=`^h4P_x#uM´)y4tjɽUCe:6pu>DZ}iZ'xz(_J;%l6heLjslK׿>IuB[U9\HO-so_7ƅ!JMD&T`݀crTZi!|5cJ)$u}OuUZH4d)Zۈ͉p kSBJc`qkbbg{Yzc(8 sSbcvj(R=WAH!٬0e|ϲ#ʹ4Jا(Zo7Es17"u4eGbC}:hPO OI>rK!@ͱ<=v%򳯾1 N!=xEok"Z 1 !+h˚~58ojOiԷfM2&zX2:ÔV{*LCc =`5WѮ*[fUB}t(6:¥IKzwۭ;jṋfe}aRF"~ק}31w`tg`|.g&F s:f&%qS:Fx9(ts/ [[:8{{zte/H'6=!̣89rj0 Ú:^^7Avt *0^$u?<"ju ʲPP_[ID4TgIڵ4krnBAzЕEg}ƓBҗp4XA<5|C`8Q " G{)L(\@&4 {BZ䊣UEVe> * [R:왗fi|8e\+)6*v(xnaSSN( ƥs`  )ɚZK' nvGb; '\BY¥1fé-4Y|ݑ+:a9~>m;3eZER/ k1jqAAW%Qn^:_]!{$?ŕ]Bj2[ܿ`",B=~j!twUܚ~6){vW&@IX뀡,2 };<4Vq; rOh)FenvR驸֤Y^XIo'XTc@UYkĮ!$Bx\Ns%\Gu.4Jmj 8Ņ+crc8Wkn~ُIyS:IJ!P:>3nߋ"жRa|˘dϗ|x3U-$2R,R/&ۆg1KGzdDoy"f>SE*Utl bC9ps7~A%}Uevke \iI||o[Lgy_ hAė6FRhPJVR21gY;4TeWQETB7ofƌ̟9Ne e p !xǑ6Ѱ-n\TiFQpul'4|-E+B?B8/3'WH̺ڔ{G-@iIdy;X!l^hR/&+={ lfA15cJ+JzE`.f4 1\?@Ur<쥇aI:N@W_'ࣃt6 A{JIp:!Xɛ0 \<eM%,,}I%yO <֠<k hsy/c1h‡ŕ2KKj^.ݣ\MV 4Ѹfn-OvP=OE)W-ч y!2Į0wXY@*#/G Hjhj< 5NZK2+JNM%od˻5/"`ݔ{znuipe=WYB4[$ؤ:q Pmv/ExGubeawhDڸ9z0A4 QVV*Jv3fy_DžD?e!\4! GxMKdDz`ioQy2g48)bNCetO`ehc}ʤea={jRv̍#Rk:,Z)^@}&|}^̦6;|1j-]`M?l12ΝB5I"Iocm.TnOs-- /):k/Ie`d,+b;sԴ;W_*z_ e *"de9k%[ u6ڹߑC7xu'%Bd6`'UC;ƂsiM-],}0A5>zpx2ŪoLǶHm{A pxkAڵ# Y 9m"1~%rDU`w; Z.Nە+8בnK8eTIU 5>w=7SJ_7HϦÁֽ[8*sM_[]GJe2{uR6uGӯepCL;F;D\_,5r1d&.ҫxF*BL-&+a,=cx1u U*bEczzKt$v{}8߀%hX  tH4fu~Gzvn)WL=@ٲ$#$F63oە榧 L/~"o5ҼQr]vNy}-nqYHMʍ>"dkX{ͣ,) V8b }zL'z(#Fj(S'@ɄO[e"d ٪)B1vAC݃<~dN[!cuc,8dNo֝<{nU DZdϋ 8oAۍ~U35-d=_X%FjЬnV!, Im=` JkDe~>XXj=/?껦$a~}xs99G3+=s0ID "&ߚ,/'^E4m'(/m%m9[lql9Dꏠ ii nL~A\YX8fYsEo{w(V˛: \ ×|%LӱKƒRQ:Wt4YD.cM*#RVAe(LA}cJ,Ah718]c %vIfEN&ҮN$s[O"Q~'Y=Hl>y/T>!cd-$)7-b,ױZO[~*hpv)Z ] vSS1\6%K)@4bR>) rͮǚ?rnva31oO'7멋ڽ+żT};ŋmsdmh 5G=%Fa #ӝnb.s%="Lq<ɃT]ߨ[f\x 4IPftj)Z\Ʌqb_֯xOq>en}}Ąؾm覒sy?EOI) /g5ᩳ}ބsuӼKI6FZ!ӯ5dp|;1&$E놞$5.l=XDLGo\M<^n!a=`#x"SP '1>_^@}T%jBx 1BԠXϮlu3Npg~ 3ǎA~A<ǦEɓ"u'ܦG(fŵ㥮 MQz9xJjp-؏ۭffA%hwfKؤ f#W_gy}$OWZ1䍠Z>ڕdmmJ#P^tNc甄%Ɗ>rv]Z^wZo;|%d>ST-1iw FEBKԨ8 LE d6߱LMSCc8a8-fZ9)۝ o Lfzh|&Eh%J;+|_nf7Pgęt _ b݂p\w5E6폑^6? _Uٽרxd¯< ۻ7l  ?zJz"WZ(m ,*RV.Ҿunٕk?OVx_& <մ1(P*aZ R\%-Z>FINx=s6}M`}g9oAś| E-Mr:2pLsΌe_ .T_ Fv*`O{Fkci0.{t{ ;${Z j: *;v7Sϰ7c&h52׭jiMoӜyY܀0nQ`ڊyOʧm^J%@>dT]1h:v#q +438umIc v8\Tbo nɁRVj`֐RaTES.„B;-#b|Bvct&ddWu;ΉlFld(<+R3l,vǡnYz,~Ak:&Z9Aka[ kEoDwE!5i ~ȸwKΖLoAKé@Nhж9 )aF :9'xv7!9%MI0P+';tr Eu>f wC%0kA)"sS'Kb!H,g1=ݖhʠ\dI T_f 򃬚&"ݦgԘVd}WÚ`Olsͪ~2Dd3;=b;)ik[w8GN e]ۨ;j8%qL!QM R@~.MdC߭y4PC8\%7&Cq 5 `[T4* ?SK .nQ5[e#{kp/* ?zTļB3>*+/ T7jCwc dkC׻%!-A.7#h?ODgm?[BZ< E0z S'OiG R< CEy!V0y0lBjJخtuLQ6+5]R_7!8czgU0q>ܤm/jNJ/ O~w0Sg>m) tl_ @_'9/a[/[ʬ *oC=g5UVN$701h8qm|X<+o\&[vvFZx<WJPxmWcjPC0 mG?qZ`EQ]u'haWfg'/`)m"^e(,1y]-R吸{/LajLppFm;=ӿOf$ )=e O_eq"D؞R| x8ƗR:A@ԛyG7x5`70\1g'xF3r4QȬiUm0Y6<Ipn.E;rKͱzL/N֮g>Caέ`.)2*^sxs$ZeJ뀱j}ǰM'k%E]X DAR&Fmf8E!<>5@/nh:'/Y>lO-aer%@j7M;!.kiI;Cz12`oϞ'g8p"l$HȰQgOwsg3>Ej_z?e3$V\G(<^>m6.MMϮŒPt,vH"7,"Ra_dTSbS-^?K·`sNNnZ˯+~h)nN'oy|Zґ U )IWu,UGaE(0 =q%BV8m@Qؔ}4RDjIA? L]i,Y9@^9ᴁ1M * =<^M^lJW2%#BݰeOo$_z9I z#f|wNHM Iz3-TZS'cmap 0.eNPѕwI Vz\=eTHcdK< 6F/C''k#.Y·_}mo9uG);_WdM$n_7B{T*!`r.Gr ,Y˕HYGe)DĖ#'IbVVڤе<^+Uwݼd0dX8G~q ͸vA2M( P%Y,{ q xr&vl pvMxIROk)L/b|&˼ \D}>yQ{DثH -3i4{_ߵE7ƴz* >ƴhʉ;#i066W|<[ >CEM  %bWƲ0-  Q:E>cyx1æ_ϺFyLIpdAķ'%授r:nށPGh/+t*nc1E]˄ nL=փ:8ef%zbR}/Ht'Y92ZaCx.ݹfʓ Y͹q_f1$eH]{(+6#}&@2K_ Ś8niv<1~&) -6,eOE'.,lIVӮ?] }Xn|6n}X;%@RHJmXS-HS>U7a&>-%l VќgzțT3)vKÁt=s)VsGk6l\ex∉HRi=P W_FL*2ڧ,f򪀿:fqEP(W2j>pΛͬK1K0yDJr5brg%QIX\* S'ӨS{t{xDp`N]+?O`H<[X70H[31^ 7Rso"ۓPD2q4^ͫƕQ6h,  =QN#d0m5U4-=iN2Fp!C[É.iTv}:[Kjk%8b j'+ IEY+1c#޾YkcFM;x|]Xo%`_ D*`-#xstõeY2\զ5%9'מ[j|ѝQY5y7Ld+\^ BI/~ݾOz0,j}H#:v<]hmٺ8" `8sI\B'^?oib&Rĸ_GrT#͋)'cұ5<~+y5OEU*El}OF0.@2w7qѬ/J;WlOE[@^uEBY`P'7Sca.Q$ZsMEf7#Z rӹ\)|ՄJ۪3ebǾTcC`[slED#/ ME _g}4 "U!.?O%ۅ@ݣf>v:+]>N@1 7=+nM1CRWN8 .up HkixpzPO| =T3zn90eY_R,!N~m 5J1T@Oô 2p*)alA.*dnCObS|.:&T ,q/OZY^aa[l8ێm-RИG򥱇hJ"\9MƳ"#l=2[-gbZXTTsAhHќ0ȹ}ׇF?x7k4 ϒ`--e]F >~0h-w4 R)4{tY,6a06شlEis`5k"s"l\TP Ԑ/~ zp `$$bCz.1/Ӥ;#^: v Ϊb/V` QXI[e1/a2%f"nT|Fb*ӟl(k4_ր)$!:N<ُfKP: io:3'{iGnMwI5o"x| *M[:Auw:'s䣿:|[g/.'2 $F{ɭ |@+A0JI jʙ(GD5 UhJ =vK}/:qFg>h ^E뺔riyq\aoWoqGQyԇdWbE]Dlvf/ow 9|!M+CᘭJ̜'6Q\h#M陯($36ġ+̪n l$d6jC Po ,\*-m Iu+hDNcx|L֎մQ)Rz"鎋}*eo:ѮU?f_"3|n "h䙈 #W.ۻQF\Yӛ/4kAòO) {G%69YK W˱ WMu>D^y]1$Vgu8gX(:t=m& 6j&IdF.w.-rWgW_p5 ZSuaXKq TOor"@H ) H~j;g1ܴCs>&!WzЕH i ͔$ƺDh!0?6A` )մoAkr8ӫpZDS* etʼENtN~,eTӦTo@xNLTcFoX)KSEv+f1tώ+a(^!.=JMJKdCZy^YL.O 2Xccto59u!%v^h6c>ƅ#ԶdH=cL;IBP)ұX 9l9QSA r6‹1A i2WE)Tۃt[kBz-XZp>zd[Qg;G\}Dd;",i3y<~u{4B\AC%^ >;C# scCj0e$ѝaoJD=mb˧̹"EooP}cle{b0Q^QMzuW28Vd+Uރ$Ḟ$^$) ݋?.|mqBYRPS7-+7bEem9qѤBc!R Z{ɖhT$XK`3X%_WWwbx>4H?6 8vQv{vtu@ufWQkMw9R"~4DDWFҸ/+º0yDq@7nNgHXzO?0ӧ|Iԙk: 2(Y[w4C aqMxX4h6Yr1);rLzlȱ;k>Y]Ճ$jH*mNu&1?'b?rxYeZ d O|<YޟΙ>4(bY1b\Nn\pWEM?O InvSE%t$]RL'èr0I,bLppne';,GIKIxo&^"OkP2PF'J=.4tv&kB@RH%B| | Kbuu0zjm}N,t`DaO@ynEВUJoh>ۇeR,z΍p_xgljVt9GzOxs:GgGd026~WiÐSmu$ H Mr;F 7t5?ٗ޸*<'1""xmw+6^E=;εF~^8.Fez꼶vN-tQj@Gl^W#xn5s,5yDz,AإB2U %JS½C;]cWbP|Iz`ben\fl e̤G_N4xjz%q20gPoqTlQ-2{%>RI{>+BIoB\PE%  2,P.cJbGucLjNkkcɩ M:tV}WV]9QFR/}.]$xjPdhQ\/&&Q\DoDO,0-?, uuQJv0nvHh<)5BEߓy![$ze!L@'>U0+#Hi^)R6H$PG߫Ω#<8E{NG5-܄{;IiuPi m ">(wGnp*v%L.[bVF e;[G,TfLLJMGֈ.r|i&g[({q愖2VIqOp*;iM_Q'(oFm&kH) ]&  u(SR &K#_(ն 12dIgDD5=J qwO̺Ӡ15旊snţh/OoRmW׾0E0'A**-spT1i ؔP/xؽ&OL>b+GG':6樲PwP%@UQ2WzĂٟ'@&@+Fڊ!:Q-]y u%le0xA"a0-E\ 0&*:ֶe4*doQߑ")Mȵl~7~Ԏ2&c9" N?tjK*Wspկ9^ s&ٙ*QZYNd$]xZ 4s0R&``;Tp;z^SoQ"@i Y؊}5,CE䓖,XfU<]D̮kF i%]|.m)d \{5Bj{ȕG@mRYuC*l'+fkTWB'i;*/Zٖ]JjN$<-kšOɥ!FTl>,5,<mD`>"ù@Zx`쫍J}; E `bvvވKәC争w=`Dl%dK~䍵- ܒ,~_ 'ޤ0 x/c7%ο,dG4{>nMr2XW&M4)7M3(f Ӎv4{~ZRoSKĪZ3R%Z6-Az&* +ss1+&Q"}2ch"Ӓ#f≙6ltL+#^|$ mOY.~5yqr79\%hᯟ!ܽlsN1JI,N}WQ:sU!*ߖ k@;hέ`~*{f:NIWFJ(G=F锅gd|M?+HswltՁes)fkq q0'6Uv`#[¹R#L$tADl&}K5F)=tpoJe)vgsFe5DlYVpU?*7vU8ڛ{ծm =G0%!&U*(0/ GuR 24EF&V43mQB0DdcWi|xF.dF#JU6g6%^D!nm*_֣$تE.e% .'T}wWZH&mf8Hv񰠛7G;(Cu2PJc'ؓBCreY4nI{*=okxg+ Ur$} % E)Ө7OLu事4&Vzux=YMY+t]<C7q_n4k+\<YZT/,IY26XL8W"l,boqџO{f0l#Eu9 #7x(:zKdm*@{k5 L' m-`F} ,tw MX!e@ďJ(u#8ZeLVd۫@}b~+4"kcӵdDR c􈥻y ^88C2,k*TBJpB9g(&U5~ s,I/A4 kH X4GBu,|l/*rFkx$u-n7ͷ&5I?#y2#.%RuXf˥F=M"QT6@Sa3*Vs`IKk߽\flBƙ 0\טct*)L9f@D1gEa]yO҂Ӛ_)1=KK\=c޲M;Кrd#Ez|qtRN4n>Ձrky,uۖ~鯐d >f6Mxh^:*Dp#ކ9 4Iopүp!zCk~gFR22s\٣hY2| ໒Fk4 bD^#::2Ǿd`ұ{٠nr1( ý'nߌ֯Ȯ4C9v|zsl9^҇#^#@9VngT0c.LA5|Q [SM/zz~ Yhq ̝NIG{&u5E?(t>xF^zӼWu4SK @sNIfgY?}cFH8Ԡn<"哲:#O81Ad z(و?ϊ]b\Z!f7;jXw=29q,SnYPe/PA _ĕ|ck#6dLd_s;\Ak6FWc9fVq\9Bꜞ̸.&]'/nAAꠊa:ڱO$+ Q`EYd7 i{"" ='Cq>LٺCma{.E&|ugknPa&gkoձ RIW v7-b@d/ >"b@HکЇ,_4hرRuՀ&95 Qnₗq9d, 2KfNXBT) = |) |C&>{EMO {걞@I%hZZL( 79#Nc%^7>oY7Yeu&9ͼ|i)[64 V UU%.b A;3ЊO7v=:+گ]64?t68W^G(Gϋ{tt[ÓSܱ,}몏q?5&$l6n?qr&w 03A)q*9Vƪ,mZ}v~Y-2-H/莗L-^)Qc9YnXL;){h5Hж<5k}]$9x(0N(+ e**.W(f)@)9_/6VÉ]HqFݷDՔXU;x&,A/ؠRϪIa=Z~(2'S G2}w{ZY[t{d/ 0L>Eubm-|ӆ݆xV=?XNθ"cƵ'mY\Ny77.F$ nnX ǵN[JS||jl/@3<Y-D~[ߔDPOp?(3Rs@<(9^YVmz*hSv&iqt~j YN:LCf7U8-w2S}ʅ¢X yht׺; v߳mb鞣 ь#HnS枡`p:CX z;yֹjY8?:Ϧ Yd,ȇwaXa8`pE`Mu>*a_ЉF]paO]{ ="Ǩ`k֑բ}(@͘Am;d+tfjB (JgoN7L|CG0uZ'?,ٻx6W(YEP|) ?8VR5[ՂŶάfo]2T6a RQz䍢x L'@!StFES2jX)"TxIҮ׏q_yEߟ%Cs v-u3Ghbբ©PhjwSklݷ -5 *S&% iG+}?W^R>fl2=&%4:#DPEnI:fMF',vĉf>-0-b$E$ gd]l D$ sEW{#P2<\|_ [ C_(7EoԵC' <sC}#Z oȘ5_}9avR,ӠsvK[jG|][6seߟv钎jc,#{ 1A~e}.l`ex*@@ڎ7MsLs w{ 1ܢ8V桼Ƭ#XQb2KEI(o͢^7p3Wgkx؏{w*3wT3ypj? NGэO0{'jqˊql|[d6j45deUcdHo%҃ݲ jmUT|V #@1G<^WoL@U:ʾ׭қ 7 sXmR ?(2zp_#@,wZIBɊr Ç h`Kp&M5C7bnu*4P\:N0RzDpXW5ɺ770sGzĿGpY6(Gp^1*&m$~Rn&$.J A\m9T q5!~FLA$UgZXZe ɩ~=0i ?E*Ff-F4q64A_7^[h.Bt1`I ?̵yx|qqFp),+P0)]Sy1yn%&b< 2M ]EU~Ͱr6>6bi<8Q&H'aI\Y>́ZY>n‰sYh;EISs4`ƾR]q*}d^3Կ`Bi]>8%>p mku|ZïӮUF/6' \MR}c67rUIJAx4t%FnuEoG$Oac G^28.gx)MO_AvE؋P'  >#xAC0beIˤ{%"u.î/oYO1byѻBSd\놵%I¾Ω: NrѦ1Y p"9c dOXt,ļ21o{/+S*ҩ#R)26 !=XngSDsLLh-Uv#\MiAC^g\6BY=[;Yz]'vhu: vāp:9}b^8gam J~2c>M(b2מB`L ;U3<6#KHd{l (L![%(Յ-["`j ="0D,&$O?άqbo0UL:H:SZ프u L%F2n  zU;5=:6ֳ-dH< ux*GK_b))[z~`p*?؄IT+.i1Sk3W"y#Õ EWb)&e3bV|H嵋U]5EV=1tj4;:1B30k޺xJ[O wں1Z{p+`6[ '+@_ FMvK{JPRV(V¨5tXьϋ. u{y@4kS9LY w-Q=7 Sv/󬢑<(!mv Jnm.*pJy$5.8Г@f gerq rӪqϯgn3js]?6B(mUs$$z_h=w _Ё [zеWdZPFQ/4sךy<X?;Jf>)~Vg3!G kPOoK5 翮MtVFE7 3Us3v,!CMJNcԤXyI}3bH&@|Ϣ0 \1nUPrSL{SoDy؃ Ҿ5zAR;7ٕVM+YREr?!,K6L̔5[Ce5@:n qFxD]o1$|._'0;vY ;-; k#"HAv .6t#AR{Ibuzum1_lVb{I_mzK(i 'vx_?nn=SB-S>6l -H|bhe"d᫳'ujWXON+'5D {>>:q+z"t6_lKk$u3>;v麺Aj21C=)5ؑVcj\zB9z9ƼzCk O.WmDӆXWHM>J>go>KRٔ8?$maE@oӃ}Ԛ (뤔RY ؜ixiOc,$޳];S nn0{ ۆFI#J5GƯaY)LW8fYAJu)l ^# EQHtI'X>LSvwcf}9 h,3vs wo! c;7*5cs;oPCx3TN)h#sv@Ѕ2C_7xt>>D]͒Ƌ]v[j8+rb޲P#;Ңĩ?!sg/BUG}&K]ܹ\by㝶7>kp yFE vs(ÿ7F[b %$)'rQawTvjϹzodH(?1(A 0Rsԝ[K"3ٻZ]|$nbvp-chzv$t CX]8.&>.+23#ols6О ytl:[B1͏QǗABL?`T fXe-ٞrP$_& %}fUn<9RDS{Tڀ9{!6Zl~ac6 x 397A:S|~"p&n`#ޟm>}zRxhd.MSY㙣,ԡ}:FB@6Xi#_/< +׀LH.bx&eQxIWGBsbwf: FCſc/9"׬u ]t N+Fo جk*XGoz{kWom $IlM~a^Nf@MW}Ɋi"~"F ۤhO#}CB] a2\몺6mY bRǿ_YC6M*!uP5xj W7^hJig!G:c$?-%*Y! pd" k?R%;'§*%dcXjź^) ro&洙`dm֨ M ,;CjFNs rRz7HPW3qZd"/i`y`hZ䛗EuSHjB/ t3")nR}I03KFJ- $LMԏ 'ϕ.k?6CF`>gKhՀ%.? f^Dm Qu4?-̨ vHjK O?|-:<\ |&7O(XInYuS+crЈr;a_4L:fB=_-dmvoxF-철#dF΋b;E'Rl,!%+:'Ppi6=4 @$3EZt1:=Aa>x{r+Nu%C44_Hb1&#0ܰÑ~d̂r/ -8 UFS7$AF'B )~E zhQ[$VaRn=f5k!fzSƍ)\O`@K![Iۚ߉6+Cx"݋'ÓО76dJ5 50B-< MŌR)ٚM7լ|[.Ŵc;΢E?LKih9DguLEn\o a]:dYU?I+aߋ߀xKz-BDw{+&|/;1d=?#_{r)tx~d.6ye/8/iƠJ܋¥ͽGCdFB$ZXX2JeoXF7*v(5API^JQ#Vb0 _胀Emȁxç4rb̈ׯ.80pB3ae󩔁 :Q2Jk_9ay#AFU9[Э23Gz],DĐ ot>CScN A4!jhgḐVgMXR;%ig{Q y aSaa TxLt']+盬ț LH]/D@=ws4O`BI*DW[scvx6ѽ`XXxԊs -ve#l3k"-3\ XR98wHQ$c:_*Ac0Y܎:cr$͵2ao@d4E@]W]мqb?BJ(XMz.Q{*{j:bexˤ|.N%!?|0^ow|JSMS(sƱhJơN!Wr`}LuT%>GͳiPbHfWr7jyO1[Mލ@ dsָe*#(᷾`q/3ħĖ6^|F}mPF)ήBnJuki_J<ؕ9rr} \Moʶpq\ b;*\tɯ35H‚|dcN:zSqI%Y>zXzZGTZok]iV& AGK1kf%kQ\ݾy7ЭNMQ>|I"~3&`Ġ%1Cimz+DP$uc.?E"wƒeӷm2dFewlI.WȔ0NRgiAi/Ѝegyk[ Dдt$ҥp[EI~ۘw`M\le9#zdi>Eg7eOg/0Z!=x D|КI sS7^UNKf3D|Wuϲ!9fe2s&9r&ľ:t7fWGfZtFUܻHoSZ̀YYd} X!G1%P5X{p5W-U"M R]{i˸Co\$@rtP ys $-[F[XsKvd%\.*I?r +81}ZdVxM,xv L 6MQBY\t,&z?\1*!'b6U:/iz2>y {ņ8ա1|ncM]wŚY٫!%tcl_9@R6辯 tM;}$+8-&dw| N,Ccf&󈊅q+\uk_3:NN+ ;tr#ݙ׃sUϴIιE7HtwrB7[W Łyzidfh?&+XɄ`w=F֖+QraNfle7epj `qFyCm)R#`{ 0VU|&)7 b`?&D<ꩵͩ Jv C}qLJ Jfr <&upݺ") S4 jfڟeD>L t5leOTsȏghAJoKyR8LIJ9'Ns6 k\Yx*ckC#(dm/ K`Vlq 过韃(%{`Jx\RxT|M9â5_mLVg@BϏ}j8Y<:6 ia>kt]uڨg4$O24YJJ5R5꺾UP4j$p~1nS]KySN^ޯE`PvB([0Ӹi?5 X}I|Ru~fZ9t`f5tM FVwRAYBDktTwh*Xs@$^LƋBv/%<:&Q=ԉX P~ي{ 81𕚬K~r{>a?FV쯌,NZW[֏5H?DnÕCFE3 ,V+) 0Q 24?!t;OiB1r^ƢdOcv^IcM Ӹ g`%zv" mC;Ths|&GY ̚vb~2LY"wN;C/j˚D^_YS>7W%dT ԡ?"B?#JHWixRf#"1X\nFzH/0.~ʩ(Śi/ɸ>̴eսfջG=Y Ą>"ӆR.ATUgw~Q>iSЎ а?*z(^rΣH"-〖"@$SZNKB^llKxU#q|ߐx*tCt!EĨj;>Slէr qw] ZHVgSΩp 8֘W֚ HB?ӰzJ~]SW7 )ZaڝjmWKc`t˱U"$39KӺ8~}53(d?iI}7cDAE;ٖz#giK]Ȓ}9(FU]٨/MW29ŀqZs#N\tkVMH$aȓE r+PτKBrӏuesX|U,-1ylrZp,G|v5X@r eBNnkfK8$?*& :A(`b"7̴] 36p A70r]`}eN;%4H{L966Pa6\5[/M+iØ}FQ;pő'01;qH4՞ӆ%Pwm;lߍQ:pY-]mkZ锷b$Z-_B{.mݲ\SZa.c r#G0QCn[TeWV z*msn!͎d1Lv/uZi7%Yc2NIo|ʐ i9%HSɶ>ra;M*{l<3YlC#5y<,t.cnw}ٟp=_^` EX^bKe grMZ -USx{' OfR٪fޣJmGQP"D68JeVbbɚiB`Ie uuCuY(asIc^)&uCAt J;R JZt'@^ٖH39OGS3w䕆o$uH`ȫՆF^*S-M 'V}^K%jNҠvy]Mksr ÷-|窊BK?y-^]5kC_2" y0_ y%{Ŷ3)'POǐ[ʅy nKo81bV,XUmVpv#BzwIm*=c]5>yW_nNTc3&S;Ќva-9Ԧ1ƹ4dEH+=d56-{I3(@rT7>#=0m+gin,hK8>ZOۡ>sw茲' u: A\a޺ Ѥ܆wOhwO'}M^#/Ԓ8n1LPܣUPHI=xu^\yvWJXnq{Ѵ/QدR'|}{ꥂ*Ր!y!##\hinѼm=VOMl o\HF~PL]9ʧL#:|`Lن|T>F!l)Y7m ɝ 8K6{͞s-Mhl w1Iy!Yyj_ |F4Go'WEC{q/(LwlB+NIC\?s|0ѐf-8 +݋mv&n1D3oyffcꎳ!_壼C\͙/ n+8A[ xTUȪqiʯ<5f"lEۨ G>I_`jc[sw2 ^#znZ`Z:;C.ߠEq̩@ "@iȷ|gMB]zz72%iJdn1k\7ӆPdЛ&59a|[c?(T(+O lZ'UѤ7xSBReEU`ϟF WkKdH m32sJ(FvSݢZ%_^xfBq\@+[#+Zz.φ!(4w.{_EF;7U VQ/R_Cٗ~^gk1tL&Em7$;|p6|g!?`S I>]4"vʊј&|OhSt[.ӣMI"^ ҔcE켒MR>UQ(݃=$R1f h= lu W%K˫Reڒ,k-+r=L(;@DFd"60P*\i?DC8m@g`qOȴwo"7q_@څH_n'p0W!ptF*#RҺ*'6hcIT#@Qq('%FaS,H?m")<j4P,C8!%E/jȜKK&3bq%(kO@&`aKɐfټ+R +Uu×0C@>o4ʷu@t );43R~ '<Ĝ7q`}kvJ!@Zz= #)7pAc&`Kpt#<*/(Q=3~/qg-Vd:{E[># dȠ1Z*^iu`KWoKMlXKX˵ yOp|ymB2A qW:mW2?h~RhU*Şbs㋀`)Ίsq^AXdF}Vm(IuYUn ?uP9*G}ے4츧}=;xP\D,rW+8)vəCR\oXGhP"P:eN@ 8Su~M'3xa{Gu"ƒb(c+E^\XGrxp:"EzR7_y ާ@.@a"rbK3}oI:? LΨad0ȈR, X_ͤX^\CpR,64o&6DגejpkDC2вElUK~8b5׮/(Bu `-UNIqS܂: *J:^ˋD'x۳@5A4z`h@\No- ~f[RImҩnw8Ik8@$Voia_/SmфYYk4ě0\ǀ;06ξS_2wZa)Zyq#xtgnd@WQWOww bVw@m:PN*5/`+ڟ ^tpn}a>0h7{^}`$5Ӫ~iORA2GyBoCo. 7-RnjHSZ}U PK*?KE-~WV~P2ח^D4!j|Ծ 8Nh r#E ey':G 8ZeGȴ%B“*~͇}qԔɷ8P D{kTZ;^jiQ*ӸE2H)8pM7jnWrS&0 Qoڠ}%,`O2tO<ʵC^ö438`G\׵vkR})>~nG:fPtבֳC]p- 'EunANIޗR9w%dgO[~ ) `:뽯\o_Yw^fx]D"9IFqZv4~S U֬^x"m@鈷ETsE |0yaZzS''v!ݎ'ßsJK4^,>Q%/Ej"* YI̋VL ϽlIKN (vn<ڇWV[6;X-cģ֚ՙD璪Ӹm0[JO`N~{qצjHv8\!<9{]#V-j@N,TH G&K~!(c=UJE?XIähA$؉JlbcIu& ^ ?ާkp9c\, ndvZmvĉ} -ڮ[F5#Dx+zCZ)Njȵܓ}V'(IXL֒1e؆cQ3n͈k9ǭy1s3k&| ^CHIæIkK+ˍUJuAFXN-R]٧(0&y@:Vxgt>Mfwjrrg7Rh[O$)Eԙs'I?( 0[S(W% ޺ .յFu؎n^(7G`U54zeU`6gTмzU]vo3 JG=Cqʩua۩mҪ_[TJKNc )b!gCw&{S@I"aSJ AaB'#SIJ U? i‘s3(oǑu y|TQX fԆo&-ᜐh u C$:aKR%vG켰^_ERm@U;{T[>먲7}&˃+ /҂2@MQlcz'{`=_ˮjtep18asR)` &"WwElpH=H4ıPIyP–(4oÄ"O(/iC";SFQ-/ݐi'^J aԥV0:KxuT;TC+q|,RK:xv"p67fgHəuۤWjÒVv,Vd(y\:udHUJS ׏c[DKP'$G=ݵ&1nzI:ќ;VMh?UFnO bjVV؟X߹^g=6Rׅhy#*}!u'c_mP3Q4#nvV .J֠c*ֵ8eڌGMk-z7D"#nq\%e)&ya9q:k*qGEY;ᶡ4"&M;vRI/M |~,v*"^]i8< .ɯlcj\[B- SredAKۭVjR~ZBwB;:2=QFSi;a$u|$1LXܭ`X< gz^Fɝf?#0rn1H3j'ݦw^ߴF03taΨ-Iu2(FTdeYd;%+Ke;FM+@Wq{2@Hw%?rg8NCۀR]j'F6W=ʃ,m'Nd>}dXG*IȔsL|je "EnjV+ɮ._+ B t.X]FШ#s2rx(\ݶ0&'>kQHE"5/ =Jv.}5G,O._{bz` $E׼PZvSLZe Q-Gvm6U(c2T+D6lT:=dG7a\#Ff8+z~${yv,t5EY4.%ֵAWIk{!>+`Nq"s xTi!tо0_xS_ɄuœDo `J5%ʋzЅ;3a{JWÊg b/Y3k}ls{s>Vmo[L<3L$>~#-HJڒǧQvL\ ě\toաh𛋮ަ=9'2<d!wVtd χ𹑇/k_IF~#ƣtVcc?^Ǎ&Qߓ:ea/\⅏x2K__p%*/r<\O!(g5~c:& Ɵc|m]v1_K1t/{b8܈oz|'|n!x 24N0^y35nfw_ /&mS[^XŷpmSh`ݘ{wGc|`斂KJ@xa%v.v3!@rH eZi^T J C|tģxdGx4lh*rˠy p"xGkh#mţxG@<'ţxtNYx1@< ,C *jǙI\DK,Cdhd:p|$?@8-Gh?A~N+tߠ7pQǑq\'r)ja}DeXDĀ abCI$"I{T~ߒFpdā#1M2dBrJz$II#}Hcҗ4%I+2#I{2t!#b$~)Qdo3r9GS` GIx0 C~n@ 4('pVGxut4@ \8r`$_r H=L%7_L7q&2Jȅd!Nd..& ȝ,!wG㷟#/\n"7< +^mP%/w5`/YS}ˬ6A +(eT) Y+7’11E)cKA,ddG)Y rhOVz_#h) VbJv؁AAWc+uŁ7@Ńl8.T|fXAa*)׍,~!:$=J aP3 @ސ(QLWޡR򪰼 #$ .@y|(= vόG&mq$ ySrn)L 0@ q7*|dR.ÅA Ep1pIHuо.-Gee0=6QaGumB>G5|l|X$C~: К|ArFC00!X5k)@Gjq?c?_h/38:qq@ )҇˱+R.L)zTWܾՂ^OF0k94I]l9`NM)7q)7rif,an)[Q![`+P,,ĺ > `뇅+_1<) ·̔;dypaJ9,Ƥ܉pWQ]$J_SKH-OaS G ^YR2$CrŐ) )Gc&luRX+t!Te|e҅H[*Y/ w1ass9 KFFfZڤS ](TTaT"jdj4.I0&##4V4XCy^PF`3m [h3J{6ޢ-a'm)ͅ4<8Jۓִ $DOCdL&>d*K.tڟ̢:\Or/IVB4Eh= 5{5lS<>=^@~cM/^L5 zMi3:{[zA,ڟΥ t7##"!n;bIG>]Nѧt ]B_/t=]F7_MPT 1FF-J9.Y $EUWC&>O1T5Ր@n'+5~JmO6H~KH)t dbhGny@_|Pm2 hrrn&0 M_,^>Lژ?|T3 S qR =NC|ձ|yR cCj J;~f"˒laTVτ) WAX`H9% H h6G!͈~2^ {`-bLq BCw@݉ n@߅hgؽS0~31j̦}XK?t/2/`/oI1 ZMrBdŜ),$\0HژiH~EGPU=#G_AE3D7jn^Ҿ0|S"2t+C: yz ( "}%dv|Sf8 ]m5v;XοCO1ļ¯G% \ 3pκ^F1*hp-=Y?nNCAcZ ]Pa312\,5AU2.gp5K(q_q_/BZ`6Qdx/1eXLl <46 im84agB6G*+al~6Lb"6bS`6װ" e>v<\xM-|&Z8 ']4*Ҕ sN@z=yXlswRxm% !)ĭS`+el/S[D d`9Ib嚃Sp.jU%^ՍXM"?/RNtfZ5XS;uf[fjSSb\͕^qSG2Rit}As,{e?Z+mMnby[9I%?(m1_;%62A  #hҾ.!hc]ADNѵ.tl iUcD] TtndK:GWͮ ȓ'.NJäI1sKPa{Ob>T>hC[vײnή7D6ӈT (6J*#L2&,T|iB`+.I]f}D丱0iA'7)LZ`A>Yi~.zyʚ0m%0=*e@*vGd?!"$+jAK;j!(?P Cq4'lV pr.6L> X$BR@׫AӔNmiHto耧!h2Xߔ^ g1rP6bXy /]luI;Dw\ 77VЊD6ؐ; 21E(}XE&~_T΋ɤ:3blK LDZ=tޭ^D˜Uv@RRtZ/%D"4¼IFwCXGx_H DB,(kE]5 (ЌahDv8&];2 zLe&%N6?2)B#BHemTCʐxߜqs2Ή):LhxKLeDA7)t6(h+Btf`G{l%=s܌9FE%U, VؓS1Yʘs XlZX50u! 0ڥXOz4sYDIhF~'?9#&dzfl#b##c+ɏR0˨XdL4266rv,ظx?LhdR,9sdr42OF#pLF. pE#}Ilz.ȌXc#W'WF#W"̊̎E5Eω-z\\ v}lb'7F#796-yɭȂ؆Y[ڢ`w~Y[靱_򓻣{h?i)K_t?OqS,˚Ydl(?#<~]yOvB(F) g%SJ*OVxÛ*鼹҈U2xҘwQ2y7%P~J6 ?SiG*-xҒ6R7_&r1\) >aj #?2!DȓT[PB$I]W\=\=1z$1<)VXxJE[] hUNQJ.etT34Q@S+FeNJİP#ŢxnxP')4d j =Whx3t2x y 6Iyׂ…0?  ,#/WPE\JGG_\AްMmt$ v8LJ(,?)>?)PJs*h$7pj1Һ )A "C !32.Rt(Z?1/+y) ~L*#Jɛl?=gyv[]^ݧc"ѱ*N4a </ V^S.1:fppE=[2#OD0!=\yTe $+@(r*+Rʓ0Ly F+Oxe LSaR p"ܣ(` ^;1<+U+r{THH)'Ef2M +{-Q R6\R=s:!9hG)#"I봩é勝Zq4e~Ni&Bq| Ō%-OY:[fzK{_c[A>.AJ'lfboJβ5ltgmv<{ygo$?bp"RAVHo o$i2qa‹8d4G&"|o2T7f7"ϸYrdr  trqb6].Br3͒q|ݐE~*|\[*!W9\Ԁ05 MJ50_+}aX1xRlRNfSJ1U%DW $MM"o /Wlr3Wj yAM%4NA5RiIMhs5f\r#!58kQ=2GNkD'F D0 t!{0·N'3`6\ʝD / )0 ۝G($4NXe_? &ov1SV/u%FyHeݵ4-vXԡuM]jԠ|U"CV&%&%4T2*1JYFuiRٱp.Hq +rRj@[?5%MɓzRvђ4s9M -@\Iܱ p*adٴdo̪4E76TuTPutjil4Tk&O~X"Q\VN8P4w58C\x ?5"5js#Mrމ`k#qס._{}$_ 252n1+@Nd"Ʊ$E3hֿ44PrJnzd0WY- (É.E 7xޢ)`A􇑍/A(Sh\cՕ0E]szI>7a4<>ϪBZ /Zx[}>R_ԗ{I]MPIZJ2ELz[Hu+ꔯ6r&Tݎ2[ISw;. U%K*#F~J.u/PGQ$)QP]oimOhwG:XL_YoH=LWctտ#tzUiZCw~Fpa=j:34i `IK`D6DKfvgjlilњeZS֜Z#-Z6FkMOryGmyW-ZG^u⓵|օߠu勴vKɟzߠT=~@Ŀ!vB$i#(2kHzB-kVTx aQ1>Y깲@/ׅ78i,_N@ F"]/$\\ +\aO ao]s hS,VwQA0,͋E΂eUa^漪K Z|k#Xô{GC 2N2hM,h/׵,T9`WBv688&@km"&AT' iUbwi>Gb/4]d/U8%wUzEk\HI's9g*O@˲B(Ҽ'C7[dWf웛(v<{H;.0O@^v k9GO@]"~:dk3 GkWBm6kZQ$:$цԍpv3,n'[mg*ՐCF#u@ Lu7*Ed$|%z9%Z7ŦNPLjky$`.^ !|CQg@ OS#u >0 :Ht.3atgppxPiaprd_0D{&jmK_D~AETj0?.By8Ɓ0Q6LuVvHv@NT ݴw=75-^eSpi}|v*N!  ͏ pDnuѲcY_gK.[ԘF5N!nvz($cx|)^BۏDxh_lg7p0_GjI$⯆Q(2NCћ7>BYl=/~HaƹS' }=B&] Nz{t"B/ iX href0ϭWͫͫFjmEN܊; 9]l҉F-ĠG=8tKJaM  !@VQxnieQԅB*VI0+1+k x.ӋyzDH&SEP #( D z'?H'!UCWT'i0Bgp<]u xX7an=)Pa ވ(zIFzXoJfޒt;z[]>z';9_J.лyzOIgrB'jlҵi\_OXkn};ЎJAkO) Pq) |IyDd_"3 K2Wom/x#O{S?7 Wd_4sܫΫrz_8XG;rE^葄ܕ"*7i=Nv0@ @%! eS~@, hv#p^CBgy8X/KIp~ܢOP S` KiJؤ_ ~O~%> ~g?\IoŮ?63KNE&G4jjIDjy$*2BE\ޞ".Rq_TnRZ}\ף6yf ?#:kH?M^ÒHJ)ӛ"7G2zQlpa:ہlGJ[#7t Zj_b:d"wP:#_(vxr(U6 cć5B1wA @ohχE_۠~;r;`.`~RƽX9\G9QxQ_ [1W2ة/ ) 8?O՟%>}-bb/Hpk2j]q' 9q2 >S-2eZݛj)#+( wRd`T-.h-TU-"6ZW鶆uNix^('}rB!IenW?9dK.$ql; ~D!ш-WlF#H2#ɼ$ l!n $d]p TzåtI>>ZJ'4GZD-\,(`ZB#_+ha_! |m`@/A{GNz2ڤ%BOlr~>VP j!YDV8t' +E"4FWҧŶ~H';굪3.` }=u=񅠥7lUKwe򔦬8 <,kfa>+Tb!9!ZQl<UED P^N_Fȹ :Y$,0}9L_ B? SJ &>ch݈n*%yk !o+ #J)S᱕[$l_=bLhynT $Wy5x}Yw# \ ͂ih!f)ͱ´rAk2F~;Tn}#R6×˥?MqsFC6*~2KK\ѐMB {bZ"j5ia=$ 0ݹktW(I`N؅+"ǮaK黎$B͌i4)I,R_`=?)ҼbE1=QLO'm9Rg)#k3#7 gp|8 o]0w%\ ] |`o6 G|`FX¾w+-|w>w?={$t߃$˷-#}+HJ2з =AFVI5B_1{%|/|/|/|2FWBkrͷi}u -RmE}l߻4{v}@{>|ɾ"tK:w^sO^ iISTMy65\SkTC+P49MY'(5+ϓbop by-\Jy DQ÷4]ySmw< Ha'RH5TA^eJ;KuU*qUp).gcL="NI /Bne54q"H3;Re_h%uPÓsVF-$XqI((Y5ɫtJ y-=4X+txe(!41IMdD׀."*+"s/쇯I$p O"tc(Ԉ8aJQԫA wEO 7; |p(s|4q|'&_ ,0\j  5ta b' ija^-Ir7Xuzu@3/M)/D4ל  E\}XϢ dG(\ϯE}$ɿЗu&/ yw1Z[ {=$UX.Hyo*kpak s*X"GGmF.eѦ.N 7BBNraI'% (9lH(O&3BNfÜ 68gݑ8FCAӨ(QeB 5t2lif<j4~Vf9N|sʮ`SM 5u:Dl9/ig\.Ns9igN*8-7K9b.Ӳbl:ZV،50! )nvZ(7Xj(g3N모㠓#Ju]U䔲+E̖$: a m<6gB1JNsRvm14 %Eq(4)$ήZ>'q+R,QG!.(n"| u;{}PzC(݈soPa6_ݭRI\'o2jFM22O$Q7"'Wj| ~l|Jw0EA1~gaucdqdԒ&MBb¤d&'J:2-L IdL)WOو3ZCS4̤&M0|=lIǛhC7[6tٖ7ѻ\Aٞn4;ҷNtٙ~jv?]71lf>lٗM5Al9-0DzEv9kcgef![i`^3Gm93'Ds2olN-1lmi ?NoO%tBhR =uz#d;򮿖C?k{d Ք5MP.ު)iǚGB~"jgՔ/4~Dch>MR4e[?b=3`-6 ~H2Bw;鸃"R8`w*efդ8އ5>4O:_ü>|1OwyՇ?Nj<&&֖%`F!(0\!;4 f΄lJhe΂6lho^=90М C1i^ SbzʜsF׼ 6o'[s>6o=Ҽ N j."baIZw {H7~|ÑENfx{u}¬<$z7{($ r= WOGմ<]*$rPj:\h:階R7~`HIB36UhtRN!C` [ F IЋB!=7討f}N 0*Y~xD8OBc)hj>50,|ye>gka"6_pjr 3_}Mb`)}XZ1VTi;I%u斲aْB BխF<"0heHhԖ: 8+ף-a?y'#ru c.0aH,s;0wA |a| w`.o'q(XBy \L){A`P6E"7%ث<[=t/hwX^0&byݥ2B 29g~3_0ȕYc~7=wu0C!A:0ŎC]qQ u}l?[96=< #xB\%͞/OlZ?A[g,g%%y~*XƞVb1PiytJ| 7[@=[gB.MvF he9Ϲ6ȬQ0cؕ ǡ 0ƬsS8wjap Xs%`*)^ hT:? -'Pib){o;;G.FĞyS$PG[ (_vHVH VGuD-k/WIe8)r=cݍd{ֽlin-At/9d[Kjc0z&$Y8*Ysp垍5}Xr6ƫ &|G߁? cIV ]݊1yT'Au8]ԯ(V f#7XاB<6A.. Cń PTDx<*]ݐ.p9aoX/!ox膂&d 3 Pk2čJ(`U͈ xz\`A5)[2)~ӪNF)RJ,dՇb1~I#K Mm3T7 6>rKԡ-hgXn&ɰ`Ht,g@F ?(vBr z(>1r=Y¹g|gpd탅^GAN?y/xʬ(A ޴Nv޳jaΫ6mJlNmd*ij$mE $d'v2lqLUvm;z1$wYn;g璥vYacvf)ynFް[ve$حGa [vkJ6Աsi ;Av{zݎј>aU>@v'G!K"|$ҔZMIZ(ihM4ǡqwojJRb .x H/Xu%n}PJ].L~$w!xKNMOUga2QEChUrxIOqt[њl)8yB]5b./#Jytb>Y McWr|i$dК- R;a"xT'[[opce4vخ6\OB ϼNtC[?O?Vj]fHK O F;)$11JrTUwD7ۈJ| ?#dG^_z?J4#/O7xv_ ɨePZƛߴ*px9Z܀P:~k_i{:⮓]#N 3 üY覙N8~JKer< w@$Y|}1MeD;*73b~& n9Aj`7}~KF] a, l;4{@Wt@_/ (?L@n>VC1Lx|dN,x٣G{,b =$ӞBS#|ɞϾ /!#K(2ɹ 2;L$35d}rZFѾ 9d} žorwbr¾w" 9ݴ}?mg?DW [Iq:~^d?IOy&zm?K﵋ 9"}~k&z@%[j&^{RkPr5`ˬ.Xj@|TC RR-;K"`k*Tŝk~oy-Z/ݵ;=^[@ U hB!\q-įƋI傊$gYV _/ ׊m[E?ϩ'E>f8& cζ@7C]ik9v%߀v6dt A:g;` &d{7L߅ PQ* ?jGi ުt?Vt⭩ȒLvuWIm؟Cc{/\U#?Xe TڨmsR.dƗC4e]~.;Sפ^y1`)/ˣ&_e7A=@4 "]biS ISSWj|jyMu[[L-70xC5$6XAWY\Qm+xnJyp#}l9kZ?H_B#d:ـc_CNF΅^d2%S` O.EHBj )Pn,GgMGg + ~$d2A 2 FPD! :I&8Lb4$ Lf,l.պ}Z]@ATZ/uivkk(̖ sǜ39w< /8>6V|q_iMo4G>֌␌}'憠`Qd\iL$? 1+4ʌD*T0F8YdL8Lilci4Sq&f"O7ьQt<͔'(TlY LT"tJ͘Ke ŒSi*eIfFeh.,AjU)PE&:MfB +TmԘ5 ՙiF3hBLTorj0K0 5Ɍse,ll(ZNgjWh]_ijk̘Em&ZeAo":E&6h| MƌM2s҄L˺%.EaP(bƕ(&LiC>7ʹ._Is.f9T㛚:ju֎~ Rƽ]p+[a{!&Drw cr,s`Cj3'h}d6r24n_0> m5HeMxco40Sy= a GWh(4:F|XXɣgoF)_Ǡ㇢)OQm(9,U$_[ NחfH, {XJ3ZAP##Q_O}[zO2A +R,.p #uҩZOKP|5-N^au=Э3?>}0'^C(J|uGca_,,rl% ƚI}XO/ }Q]=+hT|YtdJuI5uYi|pf7gH1D*I-؁ͲtVV74Ҍ[zcZfeeh4auβtFjfDݞ ^Ͱ8*C.󚖇8pAYʹpGz>8p#TEUM/pnt3Mu=.}gܱN8ƞX`(j'e:4WzBoC4⵴xgDJZ_Z2s$e9rBɈJ6\֬zɱ?!pa-P4 y}NYb0rfہ1ȹ)%#xE?^;n~o,A6Ey^_+WL;m_]fo9{}11w{ gd>Ng;ߥxfO;GsAL89"@XGY\1yXt4;~<)[*tFq5+r ]i6ǣ#ڄqDXtDkN$k f+&NJ\28Yeץe 9^9} k6%DR,"Z9BFár;cx3F/1x]%97I}Ӣ=F9@.˳: A`7dJ͝;PXzX6LnVhLBa{kq\\zC]|yAhmC ^aGk4qHX.4ǚ10KP31 K10шhb,g ]s6{,t&Hir/d*݃@MP//1ԠAбp7 sj)͜b_|^m@_] )!6yfϘW/|̈́F^C039iLЙ~O,`lmdum ^ݘd$~Xk(JʩE X{@_k<`r.k҇|T4nWMfҲYZcXڏ+T;Gv-RMHJ+/ac61>nAii"0Pƍ>'|đ(OeGxӼlr9:x *r 'eڃ햓1(wN{ڮӘ/^Re^]4iI>{FrEig]喚hYn<3::$Yjxb,g_=G/mDz]߃vKF$lWö$ض8qٹ:n9vQq*I+\}ԪTq(l*ٺSʼnNqZ-J h_4Aa>T\E 쭼]p Mds#';GG77RTg'ɂ OS#S N3;}t)vxځ죷 }WkFu: 0a1ӽchĻ5xOb|h >6܍O SK%Vca>H O(>3_F >RQ_PqqZdꑅ8yf52ݺUQX Sɨ]p7胯|kCRvAWOIZKl#I8?Q?s +,לv :wu)!|kO܌CL;.lq-~0x4-ij=*M NX`f[B`obUa.SVBDD{ A3d!!YSIUnQn\)EC^0rAnsxa/nBlܓl^ 2pIjnw:zChc!S-j]ԏqI. WjVϱʥU.U K* ٹعR!f$*qM >v0U`=et"p-Ct26<` Vi!>9-t:3h xrP959qF!#FT`k!\\l.rf8倧p é`/2bWqհ[MQ.٥OmCixհ+T8^VWʥU.;v5ʛX-HmB1F;ٴ Qt>ȍpd|Vs.sX1ԃ(Q 4!o!Tj?#/;Qw. Oyt~0²/8v).{9;D~Q,:Ky,𘌚.^FgB\EyT/ kus/xtԢ:$I,t TUpJ4ko.{ٚs_!ַWŕLr|,פHp#eJ.\Ev]ߎp=P㦭qVwɉt0Vt'Lw\4'}\=fzMsI h_*L9V 9L9ok̟A"f/K:S3b& 96v%6 meBPEQ@NںkibvW-R NЙN;ʼn <}(O C;GRH蜳=ϋ_ "/zB̋A\@6t)øw0GF +xы;9w%Lpb-I_+t)}bЏE'ڒ@Qap1-a[9}ri[欖ӵd{96b5{j{D9kŜacC"t\} ׅ@AW$7UcaѧJíKB 5{kekLc7|aUs'L] ǽ&as( \Θ sZ3sӲnq}VW*"1$S1m+2 #/1r֎jPdOgd<6OdgRc㓉# DK6S7 7U| C*i$VPHԘNfɱ['ciba#2.2liXrUSjU?' ۯ\ƘZEjTSL ʠKJ'q!ÙTҲj; bEf6w=Zf)ELISxZůkoTcX%Dg |M&LjR6:K6.&4dW,%x|긑#'-gJJҿkeݞ ɊmV)"k SrW%nMۍ ,&*a tȔnZb?!- صC0 -{PMt[OV3M$pӮFP%Y͢NeK _'heWFIծ6 aXC :db(}fLjiòoO';UśIJvOY!$l А@uC[~$:?/8PmgΰZ\I]|(!!k5K`k/q7JF٨ۈ.x"֭4Lesvss9 M2MTExSb/vzƩیJF{9e!euc^ˣ.%/ɎZ&U(6%3 jDpЏ$tu{J}vи)Yp>/t0J _߀ktroR8|D߽ܰ@zkŗ7ܭg9P$0x}S ;,'}4E¢.nw!mjzk#< *tFl#(<Xz'W$O&5g) zΣ/i މ3/(oX]:>- e Ը兴eW *7 )7eWuۂ :qw5WD{Epԓ;O6l;K+aOPu_GPGg_/[>)xGEEY@b ,"l&hVVXI 2[؃N{Dlg =#Fq#~ z?${# 7 3|*9>>(~d{/s~LB 迯^|PK!5 +com/netscape/ca/serviceCheckChallenge.classWit7ci0D`@PB l#V! "Q,'5ci, i6$mhh4i$ YB$YMKt=zH}#`[{߽k}e/{İ׆o IR葰OBZFFn q^8h!Waw;]P%Om->{l2>hhc>$&a ۰1Gd<(Ya!;>%)Sb 'e<))©g lX'd|Z8gmN/Hg̉:!Jx ='Lz'zu늅U]eT:2ȉ k s(:_am-XT UOF gOɨQ-L|},obﺆъ TKjMDnU;43%Ὅjۈ0eA ;v7˒`Kb(Dʼy% g(U]7T20i[ǵdTۢf2R-#=ҙGE |mzBz:dPLK\E$OT66D#P. qVhPĻ0fB(Sj$ * 5Bp/N@pc`hEKSZ|榎@KKs ô+8%e"ἂ/+%3$)*4Yx$-i5):\Eeʂf$*h=LLO|2,V> Xt$x]"u!XNf$TEI]#|cg{ޤ&(Ycagc|kwue ZKLSc ?ď ~7?%+~>{9 r\W+Zo7[*BjStZ%SbdWJGE;,01&#_kkKп5 ؈?Ϣ| ],j\YR_𖂿o'%Uad+4n-wtwSR I} Z=@!&l]c Mhi5_fh֨CU1cb5=,]MMx`z*/)]+CU"ԏ :l!|#2t'gk^^$bȡtp\me"Zw4e8]ڬ,Q&pwbR"Â-`n֙ȬzZl*s"w8nP1|҉Kg!\͉TZSВh]dJ`2_mG@iOID;E;Ar]`鱍ԧ=ĵ3̞zؒ,J5) e p0N:i/.jˌ0jbƑ6S5⺀ivuv lt*ĠH1rWߘw#ưRUāf YvXH0l&q$OBh~D=fgarW>s|-Frm ԌȠx#˄-dr J^~JF8x=ʹKx6t.IB9dp1t PcXp a M§!`82yUtryx%ss68ysŜ9bW`L\:f!0t %fc檗3wNdsX6Ŏs(Z%4䰔v8%6͖+;!T0)qKdn36mҡ o=*2X\-z۩O)ҏNe˩:jN]~iaE>ӚJUNm;, h7VӇB枧/P[)k p&,X̷b)oojkv| 7]ha'*@ߍ8Wa]8£8ʻq0ߋ~yī<7>x7ߏV{d!fKbVaQ˶cPz 퐰SBjp %&M؋!d W4Ҁ jtϳJǚ!D[T}sXv_qW `Rppy"qXͧ)CUS@b #TG?Z867t $DƼ|@+p`zFQz+aSj ^0-ygI.:h0'8OiB~^Ж\lm]t-R!ͅ&墦6]Haw;^/c_8cQϛ"PXd<ݿOY܄3xŏWшQ+>֌xf0G>Dt&9qI?0%6сGڇ ǴغMf}xO)bPbYRʺckjEW4rlkYT%qTGU;e8+ RZ Mg8KYU¡Clb *C|\ o\k(j)[5Wng*(n;J4x27p4b\aQKSW,۴HUK' aeхuYЇw%#+hKAc|14Uѭp*Ƒ6Ù-}[תBN (3 hR(HCY`8wPbI]¢+ T[W"c܊ EP0%n1 d* NDٺe &*`HC;&@&td*M$3ىtb\ GB"1 mM*υ`4|zQ%ҎE 5NW8elEj^{ $uhb2\EfMvZԝn$s F?[%*ZBֹo2)0urSBTJ0hV1#*~ 䎥yQ,]2j*Azj.t Ux+0 3/߇&!Gt2 L0,.$){7p!7k@f6gXCs?ptp-hX @`n݃G XuXC_'ږ'zzn j[p< 1tbnD^^/2/UdO6i\4- Цچ^iZ$fw~yq#_qg ~g.Xt:=g~wv__ Aaф`4MFҋe!я?qg1$#Űwɸۋ#rTQzL=^}Cŀ纘{#C`^d8!N )yTAKaihhid-k8dzi2zB)kv2xRFi&6_k"zfYkÍEb eԸQsD6B ҒCAg(êO*?q*ml!o2GvQ3 Ad<@ɕQ"Ta6fs]@ XVE+M+"'ǒA`G\ab"В}40֦x*>88C# G-_*SxX# c2WRhR(eaaTrt$A4<3"5O3W$NO깜0,馡ahFzZvфF SŜgCؑ8ai^."fQlcAE2^ 5ҥM2EeKRbPu{ExMxCƛ 7,>K '*T}H@4;xZIaDF grȩ-}RɰɎ?[Zov" aѬ|°ɱ3C%)nRIengd[SdɌ8-"W?.j"-+*TxQ(?2wҋES2hR7O{>Xmה|R*pd#j#T5n[+$ ;#Uv3,p4. 9N:diJ昢" -m5\ٶA YkUMɍ2Ks% iiSD^23K[ m7qf|I5]%=͓amd5](QaMTZ51t:JF ^/t鹆tI|sp'N $@|E4IIaVaA#8Po gwY1@K r-`) 60ܠ@Q\guM<{\.HN4df#N76TX#U[M jxNV. 3ךQX‰jix,+z55}P1- 9erп/pL_b`pEMΩF][ gc6lLSڑ@z[]멜Ve,p\Ræ`cc)/Uyݵe&=cW][YU];jfTlg|۰h «lkx]6]挺J{1amTa3tb6e`v  6d9ǝ89=ͭM)h ظ`X;eB}'ĭrfyyb+6WwK\{ b}1q09<*oj3W'2ԉP`_ >_5͆w:&#,[UQ+DVrjbY؆O@Q~両.Ozi^Ug)>uϞ.$26"wg5W@S̃rb 粼K|Ź -F$Z&L?9%i?&r؛e 7|<@82 KB"!/sB<Ϸ_ 醹41ҿ࿼ {2p[la>!sr?;S1LL+]^NSRUШ^6G6S /[" V<!CfKȤ\ #5Sp<y9шvRAlnLKf=A* K\0(8~y\xWWf(5McdJ omV*f|U᰿c91ɞAR_?(YrwxsʳL>FH$ 9ʈ&v&{.|a _<N =ԿCn wic;(O92Cۆ>cҌ8I:]Ҥ " '(Fn+V^<QYdwb GQkc] Qt2yT£QCaOވqsc(&8ҳȣ(\^jI.ö8lS8܊69:=SAA09Ƥ4$+))&Cse=nxIJهD,keudˈ8rz#X}j'ȱOcY@&2Hgb=?x&tbxKtRNK*Y3qz-^؁܃|kqk,)e)+L[͐RRKDl@ wYPi6w ȧsP̲tT*G5j棉bN p9- jJj-t>VQQS:i1vVoO>Sw7~ ݇jCp؋HP'cz % لYO**а;ÅPVgNnګ'60C;LI'FAK+YJOBC`+7oPK!h #com/netscape/ca/serviceRevoke.classVypW=oWM(;-qeib)(:Dk)ky(VvZ W%Zt G)CΡ 0$YI%F}oO, xZ^܌N/D\%$d$[Mv) x1!/»Z0 ;d-b)B#bq8䡓1 )q X[9((D %䡍-N2&eL^17eWlqIx@hAgy`ڥ1aӲK֤1Xٌٝahe}nZٌɰfF#K"e YvKu11wE<[0i 9:J󪺂 {fVcbS62{ Aʂ1xs % hV } nmL WYi)ZZ9-+Ƈ܊I⠂[aݢeD@:K*d)c8>-8-LaU_&SZ:IGSt"9K&z ՜Am>SxH >34Rh,v(t=ZtJJi|x!df6[nVSdq9&pO=LO fTj ŰZfI+\Bԏ8㪸*%%^z֥uZd3:E6'EܴT-&ȰhkX,_4 ,OP=*;O嵒gÆ;Aªn1i^j“};̝BgxFZqCGۖvcUԔQ:(Sdj?!\Ы뙼Q1 ǪS,W!H{)>}h:Zy?4~y=<?a~xy>cE>>O>'%=p~?\W~FL3Hb`zSRr΃Hɳιp0/eS0-SnɸF< ˅_l¢ .ɝ/%,_q᫄NxF.d6fL;4r4-;o-ICEyz*4l3`Z)Ҁ+b*i ݧlHy2)hvZ⩌911cfW(P􂙷Xby2<#ФF+AxMG4sv*zvJR]<o+x/(8Gvd@h|hZH\W|W|vn.ScqMhHB=Mt=6rHEK ~fh@;cKܵp#ÃZBt[cl+ xL.ȄP/tyKZ%wjڰϪX6K.n?O\*x ?cȵ6ɬe3yU&L~UsxpU/+oVcX$׆6̘7Vݶ]58 5L8i0 ?O ke6ӵ%Nh'5}L$R-\k79\Bł2LN\̞785:sLrm_)&sxXpqn,ﬢWwOk0 fڌ7UmUV%_0s-{@w6.Cm2+F,˸$|ຜPħo7,ozM;PK>s.x'+`k_A(b37wV.boUV],E ^C0ZV.:&DIgENKG;qwϒ \TY.&4褭Q6 N PJgp~"O** F ' }B_(J"Qܙ*Mw7Q8ie6sXU95*ga9\.vBaW8Q ViQy,;g B1Ɠdr!OQxJt>3ϴqJ\pDRaƳch*[s#V疈3qzCaݹJt zj=A+|bBDToQ?b3hQV;X?&/m`M ް+ һ3i*O5ҝ!  |mφt^w^aDgI<+a=o,GĂƧtSFLMcD (VLil`|(Ӳ Ա?RI[h, ~#. )j}(KfÛ^}pit;iף5/f*=&htbdޘᗭg/t1l]Fzu)=jƗg/_Wj|_zy\nk|?E|o?a747f mݡP,KRY?yoj~0oY5 ߪwm vIhF4UHf֔=fdl W p8K{{5CNH__+W5*5z~4rVluhG, vG{yw vե25 ^)"}|FS' 4d|W :I-Dڐ|0V #Z(#ްL܍<ٞz$P0oEABtY#[vz~izZ@/PARz!ӔAjouUz [T^U ӜĊ7g 4P?!c2Dbzxun*jn',FY n ё-Ȭ){j]6`&T!ȷt\oJj?)3NJB\bg?@iR+a+AyTJA~ VBj\KffVa[G0%X 7}>=ըDSu)M]nMILfhn4>ďK^xB')d\?#YvэI_a8U5 LESҢFY~N_J"3eP,3b'HyW5? R_T32,nRD0_5~EP$TTT/ualMULIr7#遲n)\TZꮮj*_]jaY*WCcSe{ki\ Ư bzoC72_Nқok ]S1Xнǣ7Ib2> kF=j b# vOYouaD*BQqVHYRz'!JT0*3l㘉e/(kpIs30h6OmT\ס /# RO'uFP,2DN^yWkJhAuyu.zn co`3gy|>cܢK7Ou+G~g ~!Ȇ D*xO$!siMiJ :|X*X,PMC[{\ qn@hș 4R3X ud&ac~ @A~.ؿJQtgL e8X R3I*1dfK3B9€{n4fv)| K쓾)eӺ^ҋwVWFuhomBithyڢ2\ :Őz^xY!hof~)MYXJlӴY*A$EC5>OG;QrL&0ʇ#e VD+5dҐa'`CDGaz'Ito2YDS̥#paոD$NHc WKH)W`if $"LD<'\ }yN 5ZbO+,0݇NXkD}^8SjrH$YMHP0@Sh$TQH/:ϷOqosh17>d/e އA;qͣ,\\`^ѻn0f..Rʬ9ɐ"c=dk좜2vM8VnҘn+i((q쥼2ًj' Pϗ`DF$8h];SGٽ:M]G#=4ȡtј2[IcwC!=\N+i"'5jZCgFex6Эt6=LN6z6=XTR=B*n L' ;? ߆ꌻ%YqQk;i-&4wD./ʇاv4M]t~a+CqC3qJ{ahQ bqGchMT\; L31mf@[hK;&P~eAB] 텦 u faŕ,V.J ܥ (40N[l6;3K'`rIFsW`2JS]EsjP_ #&Kxh}f + ~(BD"=ȾN XfF`2<6M6졅++QbŻhJ5Ր!Sl(H'Ǎz"HxQoQ]\wCGauku/;0yzjfG"RD2CnpUFԲ>z3 7 ΖY3\ JXĴ*عK,})wӲ,Z[z0*1_1 y4RIuheUwXeRt+eن`F\[ȎɍNjLu ,۝%M~Ecj6(k0$^[;܍{1Q0$d !sh"q!s,0y?ø?O}Y#_er?q}{{o?vx{<]bIjKOz9W-)(}ȝ'rwКM}?# c$ʿb+xwԧπρ#H_CtY>[X lIår9粛5^Cy5[yŤƖD}d{ (9 ) xSE=?py]t~'}kw&GuKpgY.52d,#d܁ 6 h ę, Lq+8cfS,0yr b3l{fE23 s#Y#A BttA|V X71,E )pϠ8AeLԓ2Pw1,B@+@Nƥ,\UܶM[NR)m@N4%I[*ee2dޛҀ /( (EW w q_A\?Y$3Ʉ|ͽ{{;CBMC\i ȀAvΫuhBOwĠf Pp!b ^g9p  .R `Ep!rxWo-:\[ x\5 k5VxyCD{4Qr}:|@Cʽs#|i7 p' [n ^CܧL 2ijiF<ã{|{5_4x'͗yLU>t]ƽu a8 [<]|[h]C\{:|r# ~l$񗹴L;4&ERkGnxŕ4Ln3Вg K4G:=ߍ:vhfdNd8u~>L;&EehS3}5a{B w؇DN[Na:/g^ tC[Rir@!mf>IeMhL@{{pLK\_\V84xVr^Ը4T7Ne^!)ȄA鐊tޤY÷hx%y0R#q+륈j2vujF^T`D ߪ@4QHWGD9iisp6]I4Jëd}vΉ[d`9Sqk/Q 0njx· N)8Sx^|˶H6 #g]W; r7,F`w{=kED^E%ޕaٍx͍ K*јJ MNx{Da/U-Ѓe!oXaE::ۨ :"M|=HHg *3\1u3tZe%pK4eR!(ޢ`qhM:Ӗ= Nӱdffx o+~Y1l(ޮhv2I,)3lÙ6í޻F$E»-ؙCv:O£ vަ~|@$3}R0>g~?G.O }S%2>+x5]DJo WX_HH! kصuW֞>5RuƱpo2'~DW PQ-Y3>D$mL2ftz8zT|'ٽx*k,)pc!q:>TDOi?cxruQ/guQs/4L)d`n˥ ^7qlQn~ b8w{lY;{ErDRoY-VhV[w{'MYGkPG?__A, Ua;bEÿ8[U~ Ey|we >|X3"h=˹g47?LhOS4ʌM2%? _aEMILfE!!Lq—P$1% ;Nv4ˋA͍ VJ)AGtsim4+/@]s^*mus+ŶR%JjRW`JNǕ4\R)9]Prl,%g9 8qA+ir|M.Pr\b\4s>-f9n4؇S$7jztZJ)Q%L1J+u+߰R֌ e>҅%je ?Bi b^heXZ:;e3rEJ.V-l2}ْJ/Wh*[>Ƿk䘂>HJ-L2d>FjbSUr y7k:%[/OHܠFAH*DnO̽Sw*Nfrܛ<ΐgR++Uޮ^R;yij2oj') `5mUE$!%5٩ Yr&c|ir][Gɝ& 9]?dWl٫d:J*ʼk] pLy%wQ8"w#ە<99Oq8n(*j%ϕ4%Meot$K4vuF jgn htA&%ɤ Sd8Ľ47eɬIr+jȖT P%w )u$$ 6i0T>q 1pZQB"| |:v5MJvF*ǯ39sᔄ5Kd Aogw[z{zjm29#eVn $vz.rmgL`5`uUƄ+3XrCF>0#aw԰6ilc\i6Iy):a~a(? 4BVƚ"5i$0%y`kOW,m=+ɤ'厝}XG9kȡڵ!2.\Ve\ȑH[P^-~Ȃ A ؒuSt2qۦڌhy/,((R4lO:vX2]h1Ѧ/(tF*o4:wpT:vGY $>ݿɢZr->y`عlFCF<;e6pд8tnBt9z;V=gŪQ.ZfZS9(hK. Qڐl+z3ӒC +pczHTD!p,8c6>D$f͏*!Yzm1_Pj_FT?5>g.̛ g^2ySɁ iES@*_H`W扶(²&)ّZQV4Se#Q++W UN>0Ѯ֝hD̫)f$9`.줧7c0zT//^*_p,Bi/w$δỤӑܹ䓺˂^?8h1W$] uZܙ 0!XXMX!/+_,4UQکT6P !Lʦ͸uvrFvIczbUF_@T]kaj>ӈAyckri,:;& SDɗLP8TM$x|+15LχPr}$6eaj9-}\{?6v".KTt99.)͜F~^V 9_D3SkB+<-"{?TY-FקZJ,oDepP=#6k'NfWhX|m tU' K_FʾpV2ic-eEwq"krY}H} ~8?RgPn)yZ\EfgSZ.amfmxӜȶJS:\TI*D%9J %3겾i /hO[՝Dgoe 6A츟#.2_?UAU;T>3wU3ǿॕ=L]咜/űEdM<"YCǒbN#sumj#**@ee,YYa4vw6~@Ί۷#Eۍ7qkȘS \ hРR^cZ5;SKM;1*(Z,D+Kg S|Hb 7>p9ɛ](&MW?erq"Rh/oJ#8"Ԯҟ-G4|D#4-/A̝ZW{Ŵ{|qPwO8Qu¢m1")V!V!XK_h4X4CIY.O am+fC0th!lX_A0|=+fVXhl/X@k^# ~4xS)>Zh;{Q1Ŝk;`s]c6*oX>{q+ȢU/;{:vADL:,i6C@6, n(DQD ET`'mdqcAAdQqAe5s~'q}z]}ׇ>Yg4rw%wҀ>}>lGø)H]1c8H838^`6c1qSRGMgI;m {[Ҿ%Q 1~\FYB ;'BKue锣=FL ShPq%cѢ5fZd>88'}|Zx*( 퀦D⠥rslۯVVe spAGۯS9BQܕ˫@]J\  J46 W nр; eHBPJ%VcN4*rk\/#hVMcŒlzR :0(l';()%ܰM)vbCTBs u0D-o0_Em7*((\LeƇ%-S\'` y8w Zz}U9h V ̸hܬCIWIc *h7^#1z~ŵ*IWYU5Nx$#i/{!A,FW> ,cr\i`51>zcÍx>*Zzzy xk6s_[)݂.{>!>N>v| H"vKHeBzc 72h|'Lŏ2 ?@}xZ|*IU$]5j'UUiJ%Kj42h23Bрaǒ.ո,H\%:"W3fKŇ%]o'g?3?S̷ݒnٵEn#ؒMNQ8KzEh95$RĤ id-5lek0YKoV M0N0+5+W\-:qk썃Yƾ;s*=щN֪p0%7:uS' ˶}w5-QB.o$ERk s^`ee0ci ,f,-|Y%Et@)1T:a8IgtMSL&=Hzi郕52G Q)w22GJI.# sW-<5 iWʽD?Fhp(?QLYtC3e #gXnZ9S ]YYIh04$84f+Ac"hBB.24L/$8YoI>*[o ,8t :vF9,*YY`yuEMkIk̗̎B> 1{jS-QʫwQQBr"b]J<;xʣNT'y,<.I32J\Y ck<\GX I$#t_&14d>9q}88DHH&LB TxviZ.kQB*/ITz% ʗ|ЉgyVUWyp˄V4[Ktn&^@5=1^6 iհ vl[1XjV8q\nGiu ?e5zMTZ3wTn @"&'Q4*r-:: :&ɛx@6al6Ql MɬelWd\>Sʧ\sL=r#I<"v@RE $A"q96aEԬ%<߷RFB,Hz5+<{&ׯje"UtpNkwv偸|kD)-^׽7LP>Soer#NtI*!i#ݠ9-6n7Ax9L_H/Vc_8w6 [44,{T"-SZ%X) {9)A@4-!~J<À 566R(\6Sg7cFg GdaCE_Umm>hȤ/-".%m|G놿~C;<Ӭz u 'i NcͭXzfxf|A$خfRu HzOӹRd=^}E-T^Om$4`0z'}L+)ƞQhmpAn 7UU<ɹrU ^Euy^wKRk[3nxs$M.s, Zsϖ;Rf.ʕqcAsr[^k΃&9FӬ>޼͗캫/z |AOuJi..̏lH=6 ,L@ȢrNuJ}GL.rL5v;*p@ ,M୼~Q &PfH0+qYs$@'U0[ 6ןfԿD..z^\Z~j 6[=Zjdٵ\hRW0|abXM)CD#[PdB L/Ro!?2JZOPbDVjW_b{ M!aҾO/k66(ۼ[Օ Gp)U/2ηXəj#c$$A.t> ZvoJOByǖ-p=@q}#tظ_2*G/LP %I@QSY 9]vJ;qcߠ.q;wJv>Ci?3@g+nC*aHlDmQ,[zyv ]l]_uA_e=4C(ͧC7r'] )kM *{2;t$6c P plz ((0ju 0x覹%۵65{\X{!>~| nc oo2ey$մɒg?͡X&'YHV蔱=|`w ̪d'1Ѧx9Ku ӄ@nDr3ۼ`*  ×\15chnkȨ̝o L[eAb3Uw.ϓiW.7.Qqt"ȉjц%v%4m'|"J O0%2N.VSƚ"/7Mz%ў;J8 Ch7eq?5Ä@̀X)s_鲲*l洘j W4Iv\3Dw/my̝@>z[;Q36I$|VDt)0c~%Q`gՅ,K$vs!Y675S,)@m5)֑~`\Mx!ر; G)RHr X9_HvP<%-.S=kʲlRiy+ 8/{h}"Š۬QF ŕMTnSA%7x:)Cmi?cG- X"N 0.i1׽mB~$h"faə(RqE8}~kݟOpDGUVF;JS-̯_`yhI&le^H-8{3TW0TunHKvwubQr9@Xl~}@I#@۹O7xtܦԉ*uCʲj҃C^cRZzvfqޟP܎s,0%K W2E$d l k7ȕ9 !~^$䊭{$HHϪ~R۞~PW&HVfDUsw$⿠zGٯGo媧W'MmոD9Z"Ag+7DyGgуS T49/nrH'P^h}m,f㰵Ƽ̌VU-fǶ?;+Ut+9]\V`'G9Cw=Qƶ qӼ+ng;fw1Vdeӈhw|EN(ÀG4'J: ZXTs眭-TjRp,:#vRm=fuVŠgoC>:6LƋ K)Ňe np}ġ:mbb| l{Xbc|sl]L_@gQ!e@>P2~pf{!{Q8&[$!KF|RB?_y{ V$(V;\_ȇlSc`/u ;P+KkMU?)u[hCOp5z>wO2:hs'/+aTa9̏d>g4Wn^:_tVBh#O C &]T;_eiJ ?aX%RjFG6Hj}2}\nw  zj5^땢<[]zXQ}^B1+BܝfP9ٞ@  vJ_ۋ(V-uJ/#ln: z7J߹Wtr{#t-I{f=Ftbi4j@ u&׫8d1*zɑx!c{p=Z$GCcR=i ,660#7;Яi^nUrnΈJ8$lpnP0>Zj~5;t1 $cS"Дf 9U,i+snjV1A}ڊ# t45pR֟ ~ł^+eN@iYCAc~.xVڅ*NfaA؝O uŒ9"?Ce @p@m2~?fWrYPjRC Z3wB0Vm):EO {X1hͻ=5gP 8[C+f5FXr>R\#h#lu45Jdsjb,u.Ԩ bxQ'i}L< 2>O$Tsmno^ʼxϐWc$jK}iLj" BK/:Ŀ;'X@4N'޹%.ZII^yyO3+cUH^"5t]^s+ Cv#1\ Kq=E)o`j jX{ބa.Xeʚ^Mj.X]=z gsZv*J3,UEA2Sar3= @T xZCg!7:5<|};J|2UER4;*E}5?ͦmt hr ٨n;to 9ߐ=CI Wؖԭ^ө0޵ruVGC*yqI[X Ӓ3i^z+Z y?N2ׇOº);; u V] Ҿ2z}x 32B6a{z[T"6 X*6K(9VdKW+)J#a*(A-ӋjMz'i.w0(7)xKsPݹl}? Ő_T`;*gT4~rt%"|VtTbշJNswEݯ\6#!2DA3"J?;hZƌiՔq(&Q\(*2xj"?+8->G%!y4qկmw8])@rV{vNdWwOFw}Tm}@V>h "0Q&l=OCIi^) 9Sy^p)|)/mVZ ~{PZ%,kf&ATa_* ]6AƋo!o' O>-$@٬=0[-d4Hѹs[g,7|0{c\hYf |*HZ@B}s9pG\ $Oodw`or7Aǩg<%`Y id';a$d@z Z>5-v!hhh0#N2t@߶{)@H A*ȉwj)^&?ynWxe=&-GI|;Pdn[MtQƵM_N#jm!vlAPƱ:Eabj9=eޛC,7 ss3^z\Wb&Vj}V+\w-Hod|IO|/ղ}0κKB03GdnpE{61|F4_-uh *̈V|yz BjB\m NPIm9ڌ3 2 ޸1V g%JzFD]5|#(g!:螬)x18Bj&fl?Cm4DQpWG NIMAPjc-OG"`%x ތ BP]Y&&Cq f0;"Njh+!|k/b%R}@3s$; >'رeA3 ⷱXBݾFs'3AK tl.$lf}SDpsMiS &2uZ#']| BeW:i%dž[C_B:!n(ed% Bđ1]7OojŤ#o '5;mbg&^q 1f7$^Zz\OjBK [ Nuw @SQyHhd2FdTfz H`r>w7r˪s+G(D9X(O}2C:&3-[[Ђٸxuh&iK-ydx4\*zK\XȒK\!OlFu|Yn|(5tUEFʊk3%X8Y$2^粢퐺02:Y( `浈STae~' *@΍:{z<|{z cF6sN,wId^Vݚ`C&E@t6v"k^PJ_(Ik%)pS[E\-\š!=煮# \4Dj(ԦCv~J+3]4@(zPaX0[D*D0[+ktBxectRVEo!uxjddR޷Ik+z*,s/ePbJMCW:sfD{w\ֵ׿ducYU6Bjw T<\i4Xvs;^>H.gjpd_KBVGح!^'H&HA%4AK^wwTSdύd>Z+iLPfe/R0נLk!?'8%g]\VJ7]#~ܾLMI /,-{o%SW{w;eM NOR|@˾K%8on".T5R10ȏV[8`9kUA)'Di_lF 2+ݡ@SKAb }O~T'GjgvNYo=k?1jW0ТFќ_W{jGI-+߲hXxx^ (lC]=+]7򣙥[d+M(nvߋ-wLؗW2H$NY'†u扠q&Yye?! / CY|KпIF|2f,hz^_!3Vӱ i'-2P`\z0n͟o c=] JJSCT:\Jv]Ҵ{{3 _.R&Z¡Gt6pl[q ݝpJ;#vZ(pGV'xE9OJB* !)Ă^ʡVG/3%UvhjuvZ!;]e@~`yYhy^d\Z <<ۧ^Tly)FU\ mGse܆1輵/w?ͤȌ. llO^hB@Y֍̼lSp 䉲7m" NI jW:VP#F\ˁt[k> RtECC<A6d8d95eSEOJ1\(/U.@&WH'@/n:$8IYĢ ʼnDrvBJw2FqF5'qΦB uNʻɚbC1 ^>F#e㱳Lz ޙu!KO=S hCׇA}U-͏p2>6GqDnKPn?{, %V&9eh ZeHs>玍L8_\F$LhfzU_ %A!H̃ yTj}=Oڲ>/%`ꡭxW{~8E2 f6j^\b"Oe.RdKk.(lTG9[cد:Dg2:7xV <4ci?ߧ~.%iª)bs_ciD}PF!Z6qWEwWy9t}Qs=š)Pl%0_ׄ'7ϫ~v}=m)b#lAEF33p))d.8;#B t[@?3pG@]ԏ^h*i#xB8nyhx+~T@tsJ3!R(SfD;gz ZD@xdWRwNIȊwc^"Q?(ه|skN\gOd,&INEIi"%FufJV O(K>-|ᯕ C]ywJH6U#Đ>l&xXTdB"@ՍII)W0hD4zpCJ>]K$In?:Uɇ,n ;PZ=ȺJ7>9IPm9.$OpMhkDj[R# ɯRFr'Zo쟯[[xEu, 8ev/*wJI/ݡ` ƃ魒G̏w7櫺\_-43Xg\ϐ&G(âyQR̖au+ @4im10X\xz@ƌ˃QhtdspżkTL \Kr7$Mĉ*Gd5MNdc\5H5x"kIrOmE!T eZpЯviIFi$p f|++CݷnqzsFmI1$26z: ۗ%K@)Ѣ=lw}WW%em"(m-¿ +kEWPV`