pki-ca-10.5.9-13.el7_6$>KvxiÆf(ٷ>7?d   D        ( F L Tdd d td d nd q(dvd}ddT\  4 (d8l9@:GJhdHOdIUdXVYV\Wd]\d^vbzFd{e{f{l{t{8dudvX wdx,dCpki-ca10.5.913.el7_6Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\.x86-02.bsys.centos.org$CentOSGPLv2CentOS BuildSystem System Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=m)?1l[#t#1J6 ] S }F}F+ g%~~[G7(b)e%{xZ_,,zb+z 0foxJ76'P8bu}E% *S*L$,kI,A,:+A+3u9 #%##"vS "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9Q][  T \71 0VCCF6CQ& "Y"\><bc q  dF r- ~->E,g=tB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤\.[!T\.\.|\.|\-\.|\.|[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|\.|\-[!T\-\-\-[!T[!T\-\-[!T\-\-[!T\-\-[!T\-[!T\-\-\-\-[!T\-\-\-[!T\-\-\-\-\-\-\-[!T[!T\-[!T\-[!T\-\-[!T\-\-\-\-\-\-\-[!T\-\-[!T[!T\-\-\-\-\-\-[!T[!T\-[!T\-\-\-[!T\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\.|[!T\.|\.|\.|[!T[!T\.|[!T[!T[!T\.|\.|\.|\.|\.|\.|\.|\.|\.|[!T\-\.}[!T\.|[!T[!T[!T[!T[!T[!T[!T\.}[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!Td6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00ebc9f4fe357967b70735e8b1091f8429563a9849391c931795aad650fa346f84f1c0db21c1fc4acad6d16f5e0260cba0977a50fc158e19852e36dea21e4cdfd8e0c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c82a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f62024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69ab635b3107b5f152b0d109c594d30b345a411367f6225df121e338c02536f4dfd9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dd2dc066f3dc6e0a46b42f17b9fa4c739b1cbf2c27cc9197f6900945a14f7207dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c208143ceadf7a4386c8b19a8dae483ad52f07039a7f985a5a012116a83883e9d4b788f7a808a87edef183779c0d3a4609363857aa1c21aacb86257582c018280d9d2cfc0e1f19c31633f0c71cca13eda286d22f389ce2bebcf1d29d022c94a9b98ccec6ab0adfb82d3929e5d571d2157ef9a4f77464b001ce8efc8319164394d24cc15bf06ff8deef0927b695d326de82058ba233500878642d560d2bc0bde3ebe95a1c60cc56866c750a59a70c6c134ea6459a77a973abc6953b85309f450a0225274f6866c00a09bc7b40baef850cc8c932dd5ec5b3666c1854665fc8314f568fe5c75ff340c4644dc3499e6b91f1321a1e4ce4f3dd892e93d10b3ca6cd22b741cde4e4825e5c30f60418a624f71213672f8040d0abce578035e96d3cfa8de606de27d407a3f3e9a4650c1c1b49be68239732577372cf2638f71daecd3d9292b015b7cfeac0813d63b114d76e67a8c22c532fb7f106404980376d572db56a38d141c99eb75104d02d3384b36b75f08d4d13f4cf24e42364783df0678c22541bf7e72fc1b0d55c2c7c01b8a0431a070a2410fca6f1c57e22fd46e46ca8d70c901d805f3129d3d149048bca7afff85777cf6f6b502dfc4253a442b2f7a9b00f0d5b1cb51d5103d982fe861db8608b9edb8e6a32969827fe15e870062c2098dcfbdfb0449d1ca26f2daaae39a9311c9fa0dd5b893f2d5129603101c157a5fb796c27d5f9419ea7524076f8a57670bc6f788415eb5690027ef28cc39ce90569d3380048f939487192af8665cda4b1b35b3dfea4a1c88a3fa4f052a3bc35163175399b6e65e4554f66f7d822b2a27361c9c86c7c9560a3c110f75fdbe0439a989bce076df1d2b34c197e900b7b4d2e0476aece85deb1df7d3f3e3740c40a7701995a24819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4f27679bdb8f5e22e5f5623a74dbcda8215e1909aec6d2505892815dbd40c28931a3aa4dc5921c73ba193f68279daae894ef8af35f159e5ddada1e021aad9e9667a9c2f38efb90b6c24f51d41dbee3f3c346121658f5684e87d429c23a5bc49642b2003d3f805f392607559ed637c22974104ae7d4b5b88b111123db4809082d0f8ee5de3a92fef6b095b834c2dd5ec6c40df918fac07d177bbf434d2b510579dfe269c7f1960df6caedc2f3692eee7091fe359a17bd5559408927e255d762599d4b4655eecc878c1f117bff3640f17544c97364564e4b8e1131f647469468ac8b98bae2e037dcbef1de8eb0f38442e4c7dc024cc5da72898d19f68b8c50297d95b807591f098bd9a92be058f06cd18e076c431b88352201c21d594372d91c650c283fff6879a0b3247f04440a68d98a9deaad95fb463171008420832e7887c33a299c24ef69dd7310d4cb5f802827678c6d7ad7416ac1650da7ededdd1e91128e35e898cc31c4fed5f61bc2e2cb1ec2684aaab5f4a94b3cc5e84d42a84ba57d7d2d050b1ac4574a95547657812d919aa67d3cc17fad85c654e07bb16d8e5626a15b3831ae5fca439f780bc42ea11a05c5cdace1aee43a44102d7464f99f5f4a9f410e0c510402b3afee5025043ed21d22539fa3c0ee158306802cc6a503704a7b2e29c02f8f828bc173cde8a4c84b3b89b5ba563e2971d788f0457431e48b037a2ba523a398b6eef9396b5742d8aa7836133ecf70521ba6fb92bcbd6bf9ccc1abba3f9952ad3f8b9607d631b7c81eb29c8a67291ede8108d056535e598eb1bfe09e39d96c5dbad89b4150cde9f1a03f197b83ca2e4cc50edf44962834813f62a01fe68f324ff4944b30313f9a3e5c5653aae04dbfb1f6c6103de05fe49412fa73129b301e02d384032f942e8f6230fa47c38e2d46a139cf67edfea801e6e2cb9d4dc74c7f55a5fa8279332a8d9d9b14a2064536946e146ef6f13e47ea8882c61bdb1b53aa72d0876c47446ce5720c0254a1169c9715dd1ed7e38beb6d5989320ddcabe2e59a209706beacd214bd086484765ec380d412eca3e8e8d94168387f25227f78f8984070a35f6d12dbaa53b68db1f959601d93cd4116518abe99ab7dcc55fa24ef8f29cb36fc3efc8d31433c21da3cdc7d34b9419be658f77b1679883b53475e19ac1d885575ed8fd1f57b816fa4c39ad963db7af6201cef60c2212bcb9b1264e5b18901a9d6564d44486b891f48e7eab808db0b4657882b46208bb6ac06404bec58bc67603c82f5aa843f8d6a0932888960673ccaff71f3a56334c73021a9cd152d5f2f45cd84d76d5d9b2012793b7cf442bc9b59229542b1abe7c1c069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798e2619ed8cbabd811ee5c8d0ca7e626402ca55f2c3fa970f32ab7c316b2a8d5d4d69a75b878b4e1946387fa6a3706d02ea456fe19b71853b81a878b883dda336b0d4dd3d7f01030b858e33670175f53907a29f8274650e18882b6d66b764f3f75cf53c764ffbcb836b094b4e17ce7756752c89cfa1f737754e7a643f5e988ecc541a4aad51af047ec1e4d89e6d0b466a2b4b5c693aa295649d4c4bc3d716c9397ef5d9b0f4d416a8bdf8f4f0c2e8fcb6a2af6e77b23b916b1c96a1a203633f0bbd917d2bf9eb5a64b45b7deb287801a3468ce15c19c3abc1a8658a66b78ee0b0199ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feecf3d85f33ab93a1a8eda5c558d6b58645d65a16f751ba49cd2f38d722f7f194a8f0e34e2bfc62b110b7684acbc69634cb1f3bcf794758933c1473a7c76ce5636f3c0e875934735735e2db4672ec26b0aecd71513a79bed49c7b7ea5c5cd37f8ee461c0b933bba0823e8cd935dce4511eaa3c9eadb61383dd9912cead9ff1ebea43bd42c72c877ce5b21fb4116fca2e25685173e25371b56d4164d378dd8784f0953d6e2c6c8829a2ce64212275c8ae0b5c8bf1c111a1f0aa4de5c57595fe23eaef3d7f0b60a6f59f1d19ed845bb8eb80999b8d5f95e01c28f8a027ed715ee2e70f196246ff270db8566b5229dcd8c978fbfdd8f45970bf5c940ee56ac2266819112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617daad735276d8f629cb6936827ba522b93d7c51e58390c8c1684fa41cfd7868114935a11ddd421f4f82e7bdef41b3a248dd3c2276ff47446295aa34a1effb6e8e67e6342a29b068d647a27a919928efd5f2b1d22b27fde5aea876d77b345912d7867773345a21b121518fe70a56bdc8c7683cd6883b74781267b6223503405827dfe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121393548048afe663a7cd33536c81b530e559e6e8c13229f820c4dbc167383ba72607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab8fca203559c8bfd115dba0a393f9f573f8a100d9302dee0f78d3207bf2a4c02828b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6abf19d91086ce880a7a6bd91c1a5bf27c0c3d01e4e646f7617136f75c6876ba7e9bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e046bf1169d8c217afe1ccb628d6dc722d255413ae0b658637effa7b39bf832bd1b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.9-13.el7_63.0.4-14.6.0-14.0-15.2-14.11.3\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd10.5.9-13.el7_6    pki-ca-10.5.9LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profiledb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.9//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !#,]"k%f9z(+ ͥ07pff!pڀx/XԳE;'XaavneЧQ?GTޚt~ak~u14F4w:^Jc3[/:pյ J0j{+::W>w8 t|/󯫫e{MC!b2 =ZxjkA5zf>.L8N;$F@|jo^ZJ Lq*Gobjkceev٥&m55Z,:˖ ̣0p$e,O,T8eˤsSSx2< 5? `1ʾ7.RHi\OE6gwꬉU'$j|zr{Un;w9ն"I< -8v+ǻerBQV Dr/=lѡ<̒*Zu/Qs"p2l|7mY!3ݷ;ǫ_eg L#5kÚ PU9a~3D9bRA+?bƘd|Y^XA#bx+CzB,+"')/߸SR4 mNWhs:q)P5Z}"fk(-̠RA`ާ~@$Oѥ)H.ۑelSj)34E@ւв_&~^@ZtkU34K Sw|_ ej ;<7P4{&; pP|PNkJ ?jf'WVw,M6AāJZ]1Kp.  ܹU3{V4g恠 ~n',vSOA[y mJ qӄ-`MGb6殻iD֢i{ /"T SOzC0#U, 6qNˠW4PB@Ҫw ~B8Rp}]b^vN h5p/ydaŷ$У}Q{\ ۈ1^54v~6rM7zMb_#> :ӽ-ƀX=5pYgmS9XCcўc9"c[ {mNS3Gd/&t(@!]tK.t.zvą=7s!3h$,42ƳAW|%A!{Z)wvRf-o[:}B(Vsd$MW{(6YeazAͱGjM4>s'wf?Oc-vӣժXZzH7N ( +(ĿrpL-ȹ9RNCVWSY.[չX+> M0\Ĝ݈YWokCkE bD&OϹO/`B fŻ2BU\Qc6c_6Qb/.(B" 0qKFVs 26كdM'L|ݙJOXfnA7RaȒ$7$+?xg8.m(Bzlm7%񘜵MoRf,hhE$a }\A jm:ngN2+q>:gL_];8 sNvOSfdi2\j,L]B4c*D*\[7X#G?CB\!~ xr'JΫxUWQAgm|^5qB覱zaj!"?&)yFH| sEZ@L)&w2@ƚ+_ǁQ.߿>~N?zCLݫ1VROi_ *aqV_PNR7֏c}|HYl/#`تΌ%J %vomY.t"S_lXhtW tֹ>{q ɱ{]9})a%aBL ]~5qmDm8矪|'KX=bث䞷 K*'_Yν)g:?&:ii6ވU^KV-tpaI퓯|q&o,  5|uozv#K ~Z@48SJ^'Ghsmxn? pcV?{d=C^< .lZRiE7uV?ϲ7kY@4o꒚qu'$9Zk|쉌7_aiU!$J/ݰ Æ*XDɞfSY$ -U )N$V숲"uԯ++oW^~wѺ `f&*`фjCwRH[ㄜ'=i͛V9+%; Л<˺R #fȉ+R?v>rQ^P/#I c`*~I 񋾈P^FxUUܪmhB) ֈp ࣖ)Eڗql+өޤ7ח\b-H\{va?YXAgW+*H]-VvލhP@Vn,چ@ aP dAaƔf叮 O;R Wg*}c c֪PU Sqa]ͭ4Mw'vtI7xɈt([ t'GI= =YĤn?K}yR>?=SZ-ARF5GY-g?uӦu1OXMm+6z%S[0;VeO b\*/\`yg;+R& M!R Kd+AHSɠ  e: Һۘ~'$T.^z 'o@TEPBF SƢ M{+@' ȸLg&G;vYg}KzKwöV)s.=6#d8lYpDe877PE|<0$N.n=˛UzM*yaOHevy@auZ Lv'Ӑ kV|w m*Kw;^ m}¯+~ڟ̷!1Ko BH髵rhuK۽YU H"*,tkB8Ԭr9kyYG^4YX1^*ZykdcZ¬Sl.ሆ?2] rOĨa~ ϰRB݁㧴5,%? `tT˛@Cd"54k*0U/@)!$دx+rCmս)UN&b[~ux#>O[)}: N 89|xϱ{+n bcig灘XL,sDOC:eNYc̖1.e$=p93~,:4mһLmCfJ,.՛IK܅ߎI&lUi5Gi\C8HZtB)#+5DS3K@=6XrKgcP zWµ9yKzQ)h3;I`@p-#,W²#LIF_y]r .YB MBKS0n,xV5Χ6 DN3/,Ǐzuki"!'ڏ0bGISJey6 d] ,F#T-U1!}I<TU熅 kw[Y8UvDuV6:L%/w|.-a3CPJfF\˕r46噁 DNT"䰱]aA`6*S̎}ޠZ]A!]l۔gl-d/U5I6xt9{ QM!7l3[hFoD{z &+Qm|*IywkZy>~`/1t-^toćyxډJ7ͤ7@W#r79w_/H"^L1pV.;Q"rC&}P<-쫼-vj]rdx1.І?//`"s˯ͻpWxPhɗ3[ L[1ӈq xX"ZaTTtZh᷒.Mp^rNVk^yvD?Hь{Rlb}yR ghE@ 8@λ2U 9;l9p\(KݪxO{o;e4TyIś9Ih;u,]~J8%"!r(c=, 9Z^R s5cZݎ!y}C _H+Z4@u.[VUǓ.\dֶ\3myyqk;1OCض{a} V%!qڽ"j j_AE;ݛ9n!M-ۧV,{;(:kys1 Pb]9tNNM%?0tJ:g1@fKoI/Djm-f0xw Q LF`턉yusFngQM^(Tr 3xu@ u-3;JC`u'X~ĸ!(Sy+ߖǴAת2LNtg)`Y=4;f]cvd8rCg z[T :+Wq3Xɶ HzưS;3;޾cPt^k1kqZt#0 Fzc. oa9'*3nwWƫkzJfhPVJ#[]R+|Gߘ&9Vi}vٗsUH_4J ]ZJ)8q BUg#rQBump_-(O6-pt]Q(QF3êb0'OAR@m9Bj:m!8 RйJU̳h-6>a-aNB xY򻅫)F2#K; p3xKOh\@Mkȯ _ ^x#o23,l?18 T2xh I(, )dqW7h L s+/XwOZٹ~7^Q%raƶ76NugL7 oڢ =dVp?@ B;k3&|oMo|z˴Wdp 'SP+kW 79tFnCm4 -PUڰZ=wSNӤգoK}hRI0[*{M2>qgP‰C@u{/?Q(\WWMJgΜ1b5B6ڿ9=`jC#לΚMk1hVY kY#PЌJKw>c)oоQ,޿;:-%DU_Dz |gm+2E1hP!43 q,HGZx {.Jw7O$ֵȄ3*lAC+Qm-bX7(>0uYu'tzlH_Rn.3ǹ+n\Dtod(*A oM: CĹ1NMws24J|jѧHV{DZdW4v/D/V%Ϝ* yGl&T3v's^ɺ‡y-tF@?/,Rb gؤ Xzr08`|# "Y;Qo#ެ8:7 35U}g|hSU%" ES|JjyJUl ìQCl}(f*EShQvp+RvߺY4Qs r(n4m\+!^C.YQj *S@CB⏍k^†=:/lz{p wڎE-*cya\ "h4AǗA rsy|ds㭀;tKNbI:hn)9 P̘\XxL IjعgO {]H0%f C2oc(8Nfm_hWd!fkQs&u a{{E5/sn>q^=|P\,-CS23 Z)kT)\+Jb ]M:BBo{Oòa4X^X0Mo8]%ޤ7q$@ζES+_ ORc\tȊ3$S}pȝ?Bqʅ^_ SϔߤhMH(Hnn%nBZ*nok!mWl{9=*,Akin۲oKKU #'֕p^!_X#$V j0 6i|܊qi6:S9ڕvl^{9jJ`hFʕ` b;JmtDan@H',qL ;*(pvGpA2 lMsZ7&hy3wC]ş$Af=$ѹX|:}"E%Nyð-ң]S1<G-IGqFu Hm5H_8rW˴ykyth!|SN̈́ۏsq7ڙq2],o)C`vl@[-PZ}*yFU"ƖUã[J.f`4^R,hx.Q@Ơ8-4!o2cAF.!F66fr`P:+^"v"{HPAL ؃JW+K ꛆ!Q+[O|jL4Z/C.qU۽ 7Na"yA|F;%4\$r\\Y!SL8C[W]%2 (*l)(I Fw$&A=P:lRR2O.^AGԂ*B4\K[ElĒн}A. mCcIF0ZL4LJPf3dVbc[qil789o' bڸl1d{4ߒVRO6j栎^|VK8\k!o 0xSŋ6ODb> \gNKTZM6`!hKn_Z \b&Ό. dG%"U`c'j \c0IEwI;׭Un sѶ py?tx-+ڰUP6\,2JI SϑG(('2M\ DFaf+96Pt.dVO\cլm _5nث /!)ܼ^? ] P`<~e)0 n/4C\r5ClPQLs)b@_ߵO<) ݈".f) 6:0{}]A˓>=4=XAcfCDy'JeP#-B!Tq> Pٴz_+*qx$̸{f ²* 0c 4Yc7 F^1 >i-vr:Iš\C$X7 JcuJExEԦcP+Q9TnUqSWOk佢_9שp!ٕ"?NmK cNc(d.I=~(xHh廿Pu,J 뛲'z"辘aP>`MƃPmDp{mbƌ,{)\8A)(x1 ln&YT;_럜Bf_Xkzq#7^:팢 D}]'$<Ϛ&91A-KۅI_v#n\gRnhqYfCyvU՜^NkX|]Jw7FB©= ḚF# C$j<3^s8Z`V{C+TAյ %nK7|FN:^8qn't3KY F2_Cϋjݓgx)p 5W1v8ǐBJ{c*{QGs{-ĎNVzT@IT'a;DrE 3$0hsGJ 'ɤ*h*h Ftt"bY.S@Pq)ҁ gḐư>Ĺ"y8̃LDcP ̀0Ձr|JT1iE|d׫l +;@ {IN r?!3aDٟ_Aq75x]tP4Z{|??Zj.^ZW񑡃wQH"\%2']QZ2{`#鱟y cq2X&RP6~W9u^yo_`:_ 2HV ڕo ҇:oB)Xs?qŐKHЗ*qX$t&Gɦ᧶Xh[ʙ1!*8Gf'Aޜo;:0Kccj"ٿYsh6_/= ˺#6 tE'jlH֛$?$:Ч\|Wш捖g_5*Jijq.ųSbb,vQ: 0~v7 j"lO:/*R_, &3c42;3gX:bPX"x{4(qHk6,M qD8 ?1vk~n6/0޸x3G': ra㮠(&_0r|'ѩE:Qt+ѯp veǴ0U\bhAn p*3k RK\z%+uuɼ/q§7+\?Q)sPs6 oN:=T HdBQ(<:eӐaL|M<7Jh>ݳ +o\ӶSwb|.H Buiq̻2LrRVItP4Elkw߿eK6kH.Q6zÛob iN r\ f+$vJ֌\R,)ӕC0)v:3XB5)'e$g"k0@=.O6/vBko,(YLFS( *sঔ'fkLTBn <<,*o:vE)I;O~9km^b}6xkJ]B`2>7Kn?}W(\;}! nKzHN 8KŒES1? tYdF= pes?t(+J`;b9đJm$+(Ol_Lfdg;ѣX &.e{P,VL$Z# S}\E"LSwf;OT82J Er)2&3Q'ߧkeҔwRh!jcy&5{T;_V0v4Tu)qY*.2&vviޱH 9I#-#cF nq8g"9"\s*n=8FąR6TD%QK'WAlvđwvԛbFe48r(1OFR<<"@w'E%i.ŏj)^\(]탕A)`GgE^CHaϝeVbdDDJ*_1:zcs42%qbX[[ۗ$(g'\4cZ f˷Kv7+$[^ |_XXK0L8.EsZ ScY,ItEbyW:WQu6N_a͹VVR9oFV+g]jʈN/"m3iurwg=Ԅ5FBv&6`!*ˈ8-8 +1ۧ",9 óF)5T*Zp\ ГU=BERAىtY䆆<kr s뵕*H :bLK'QHQFW.܇\}]v,EY#-zdjߦ#:ƥ^NIv4WO\3܈"(=lAA@^3\3}@ֹkKG^${3`qn{a% ѸsX [-4vm4lv\Z(sELȡ:^wIҧuT# 7(+u v;k!׸I2+.m*3Y†sɫNqJCRsk+կjJ\|NhNg-B,Jeè qD\Ԕ9W)9ByȺHZ? vN`A3`xQKt,4 y.XuvO?YN-WN1Bx1#E<KKyb`ŋC]ɇA{$#C$ Z-] : /  3(O/^])*/C|bē@icsR%v{R8H%̧!&A0)˃)Pvg&C{iu{"NZJ!Ƈ1Py.k Gw]斆DK&'Ņ0~EǺ=s8ۂ @\=NLЅI7(ǟ' >=ډ1 ^=Fu ?qX9fޖWPOpL6^G,UiCwÚ%<4_TiJنo*rqL_YfLcH@ 7UēEdЙN.jmsTfzVWpM<IDM#_-aW eH}=h dS`,e*C O2}'@|ÂGI_lYpNX=};O vVECu&~dfer\S0,X~.FRXgR|众vԟF3nVFyӮ(WoX'ʴkZǝpxYhP^~ spZ_&}D BEg5GcMt$,N9Z C*FoAnMbj !,'MhI]V+ bZj\dRY1c]2hPQL%x]' -뫳8BC8/]i7ʬqdh`ҳΜ5\ !fHub]G%3.䔏Q;pȪ,3o;tMل՟u Y^@uKraֳ&-&ncVJ?FKMR ^,^U ;f0l!: x&f^sI31\V4=aONܣhBb7zZ`L˯-MQjNR(.`x]2x6{H!W;<\w7/*cqINxYA5r%A"Cᄌ,Eot=Qꠐ:mLGq+UL)RP=.EfX~zFLȽJ YqXk$! ͏O6l%-9ap @b?9ZE@T4V50sMؕ4+͗RoNwysɐjvYn%Z[_&W7Ӣnp>UxnZo!$uU=ӐS-ޠxp];]gcT>'6S4x|A(qޕMu$2NjI0&;m\D$IR2^}T濺zURkO=$#(-1UB%tSCL&s6NY:SLE3[4/r'.'<xu8C[psg5xEmC:IhQJrZ#;!k@%ڄY ZI4w<绘-2T\5t ?/#*!&95m(l!M@۴U|ѕ8NܛձeaH/MEdCQӝ]QnޜѠE;}EyA߀AXs,3,Tc12|A᭖Ho/JhZ ?Ö)a4Ђإ(YtYӣS~/t>g[WU;жenX^(Ԛx|y3+w[>i nNBy" C"UK2X;&b=pKgJOS-U . (qL5vk4:{pD<"_U\hSWs3ckl0jrHC vjDHHͫ9^/BhU,QجLcR`b6`EV)i)5qE 9j?%Be%.vCHIGڇ|Z?m0.]av넽 MQ>f# YUPErg9 #@I֊U| (BVKd]_&7\9u/ BN9RFh m3\I+n"k{`"ݻ7oѶ!nx5N`!㝾K@ʽU F\>mS(]edAv[v͢[ijDPlI~Kkּ€*_! 0 #VO<8i{܀\iW?SlR_GGhbϦ(\abp͛"aBG'~Wng9BȓF_PvB)RSc ω\N=Dz`ވh2$'iBe!΄*PF aQL=襃8I(⊔noH~]]G*Y5\A`^P.a6[,]Fr@d,q'\*禍BOУ#s-"gVy9?p`@n@Wg)z\ '̶Cʳ#9,b_X.B_zo1yyݲ D!Y6pϲfOtM CȎ;pAk PPFKg˷LG*žijR*,3 +0Nt'$>SeI~;Mv0xI4&Ei|kXG*VyX5. `S={n5Щ~<*O!uqd섹,}Ho5dզ>i#J08~#9Q.)k\\ ÊrYi1NrmX+nT+:ivjha3gюDO}fQ.Ir'! w"(+u?S33-P&:$+LXBO Mg55iC;Q5qoհw(> JMZY" d6>uc䬻>)csGie(qU:[L9T9DXg2-N4j#N]sub6sBJ+ۨL36+!o;.袆N;B9.ooZx[ 7 ȦI9jd6ra`y:W!g73愰ثt2E9vnjUUymW(&A`Iy7Nh9Yו!>Fp]-$DH&i!\ aHw\$/ίq*$ WU+lC}Q&SggYպ4? C+P_ފ w*}{nA]"[gC,UάZkܒYRcɅԟ2-42 Q}|elv48ޏG"m8,}H*3bF_T4ynlzJN&mV\+{Hp,) լ.hCg==F=:a1XP;Y/7x2mxi붖yN-^:ȰǵoA,󑯥z.2ǘo#*v36^* aYP̧nD@Go-x;7c-ݷ9F k)r8 żL s-ȏ}v[uP ai0 oZ;JݡHщzƚws )~Q `9hHQJ|IKNo ag@vWt.OgpFW:(}B%6ZrhCk=Z*@GЅ|q.U[dcAdOd},:<s\xdC.ml{Q <”VSd D>Jmp?G3EHk˨&Qb YҍW sAk]+=F qE^Fi ,"7Ap-^3ȮD ~E`>01 Tv:PYRПL5/ Z FW2wy%H u2 f섭KV!KYd*Llv-DLVI8O%fR%?thե/5tA$"TWI6xz8Fx/a6Q͗5Mj&vMU 0Z.i]f2B8ȅ&892'4J,GVsM9ln-39{ P]YTߢluYyNLeF$9Wc5)wӷ] kj"΢Y,&rD ҊГAas7xOLG{h~gy}@bynpVϒT ρ @N㦥x#5QOCךFyտDLhd݇O1{} Q/Ճ)FGWCg1E]c >'G2>u7o%)'&ʩiU+M(tB9笗ZW̨v4X uw{:br T/k(\͑8#7zy%Nqu(ԬnZ;uL֔y3fΎV$mr{A #5Ԅ|o8v^ h`ΩTƜhU,ER=+ 0a}1q>;1L3N=H+]5DAڤ Oa‚qXHD0L]99M3‰W L_9-樦2'T%ѓskz77#M^c:i58w^ z0#= },B_s춼p?M2,,:򺕴 Ƚ@60i?F &ۨB!:Y $JDSbyLՈ{R^L&;DdKTKQu ^<8!uIM'?լR[`eB0f6?܆0ʑ,= ҼŠl/m})q颠;^I{cO/r p)!5m1=F)Nrsm> ܤ0BP"~~ȜXgWWD l3mIg?t]UI%l~yYcT>M3@!4X碠/L?Ӄ nX-&B$.!∊V˦ҷK_ʸ\B 69!ϝh{W0x|5;2=N`TüBQK@HE`bӐLɝ4/g{Ƨ)i7=[ IC\U?Ra_ :vq<)4 tRoGjsX,Aኛo{3{2=߇a5 $rGF}oc؋I3+_PO^3s{JTdڿrfi%.,f&s5. [il+KF(ǫ-wKxs?C"BbA4)]Tv6<s8Vy.17)cA_(۸VlU&,>PA- ؽo0T-!W} f1nhO7-(mC`eh{m5t"yAY=C IU;TWnۭ_owxBf^U T 2@x6qq=-O"pK'wBWYʲrΖqF ft>M jU[{ө6Ny'OuK(8*H8yOiT X>1sm! qf:a~dH q) 'tytrT#Q-Wё)jb~2n[ rQ)x"I-yVKs@􇹣,R,\蟳6 [ndzCT=2l̊ Puo|?Ċ$;좠~}чX.l+t$ߠ/U n}/FeyBÍ0}b;"}TCMB3jL((%f{?A]67WO@)Rq+lP3\ ָbQ XM!z)9%w#{c'h@FW\ۢyr a{wP`o +zGa:}}4E NL}oBC+b i18kd|V`u$ lSR@ڎnԻ+.H֒y~ iB VjiրtU񯼂}rR?Ѣ^ ]|\@ 0\ )j87R.6ldG;P*d;>T@SPgK%n2(1mcr4Ϝ/}.И_µaÓe7Kf @2lQs]yp)ʒN,Xr_We@\|-$cf@26J$ !h.I뙢w6f$HU/Dlwr^JZ daivW(tFh糺? 3qIΎ^i>[two"k.w@~U-"/y [g5.acBk,֛I?jEnQ{@=_|_64Ǽl(Ѯ+JC 9 #pzHQ,rljcM<6 B?KUI/va=&֬X*7-Qϗ`[@fINPv !袜5|`'1Q 8,]_^d_`jFN_mKg 6i"JSi^+H h*/أM=S W8AF mI} 8|HPC!FC٬toi[U<H@3JwNjW~"zmg'ӱ6BF ,hG\*Vzy]tfy:,j@L% `Fk}z 7sjvW0cŃ{vY\ (xwGio;kj,&€E=$ӯ@A0 +}Vh ƚG@#5L2Xd0+eӯ#9KSjz%ŬDpBB;*u JX5Vf߲LUݢ-fwvAsNu9_@{~% K p,lB6] P_JX~ԥ'OrI,I'{[Ra~D;2t~,1p\Im /a=F {:9Lm˸,gLqil/<8JodCSlW G!͟qI/,C!KZ7uF([װX<]vBQ JF [N ̂6)ѯ0%4J fj+yJ@MCāGBS]4 ^XOݐ,`rnm&W˖ єwQ3nI *Q4WO ͌q^?LAĨ7L- J^3  !Oc6xa0MIؚ̮ Wj[Bt϶}ګ~&f:`m=wyMs kJX`5ݙP`ǩ!B[I9(2 !?nZ;qo1**o\ďv׈"ewPsY[e+q,;i#b8y(=+8\/D^c˱xk0AvbǾ;2ـV:jUL!٧0zj7@}&8ɳJ5> 1Ẅ́#g~1^ta:e|ZaNǰ%1ӟeq>э/8L;$ a)UUͥظ!R#؅UmV6}'J#u;HUcϚ1Y|KEbhQ<2䢆+i}d5c!6WPL)%?#D*峁O#p` Gl\ıacE a[![[dÌ+}RA [BgBJh$P}T'ǺYV ;]'' F߶5\ T(|5c?{s.r-GD,Pea} &Gi}``yHwxc#K`S1ڥ%:;1Y";_ &e|!yĬ=̯ǣ2L Ia0D^W>i/B+4үx wQF)\GFl >ٔZ6.vˬfO ꟭&7A S驖pqv oR2kþߋ 4 EZ.V}۾51v"!Sdbz[(Mh GZy;Hu]ly|Ǜ'E#Zzi{>|!öp(gu%@A_2ePP|C"j-aUPXtړzE/Qopy:Z7euWDŽsy rRM!wSI<'ENn?qO񚙤p?%W^LqD%FcTexty,_,HP-n  (EJ~"Oe$ݍ9Z-m}φ/qҒXsGdI2+q!u|/E`;4tp xe+B+QˈMI;͘þk\kgntǾ-%( =檼\f=IRvS^N{+{.-dtFoFK姬դOiZlOQ0 ԏ$o79]FZ^d9M+ w9Byy,3cķkIbTKFZ.y 76l8WKlB_U.#K*|Kŋr0arJ^]Jӎ o/ϝnG.YUT6ٍxoŠMQZFZF`Jdvx눶*S=C §"{GV%NXZҼF B&cTUFU}(k,ߴ &`/(?׭(L57%fř/sx)Zds F_SC*$3}B"ͱR4NX NjAcP$8РXrVP")#umߨO :6pծZM vmq+~sjD@-J/33@gGb駹GZϾ˕ ]y=5csˊp?{ft죾mG` x,&97^ߜXz-dBߧn2Ux"~,Wʿ [ z m"AC*zyqtx9gM#;t3` \zop5N9%])/yÕm?8M `vw`%xѷdw<Bl8t-I0[EKoGyUqoJzF/OAZ (I nt'zy .LͷC5 +3Vl/2oU'||3U€?Pp|.';Eq&:mUBttQtQa5dhXM3SͿ]L{|ПrvM~.ج6Y#X(Oke(0!޻ JlCA{نC/i|`^Z/a}ăǍ[mhvH2r{:}NjSmkȼ.SbOsż2/X=UkaT}UNH;Da$oKt/Od}oXv" pUL/P-WÛ8hNCyh~Qڥ򙸄{Gt:bnK3A~ D5]${rsokW˔~8_ߓ;ǬXQSH<[iX>EDL;pERuheE)b:hv>N C5#8hX=%>Í.8mTT NA'?Hቅ(0ͫ^%78IpZd̝!6i1^Fx[-YwGedN,pS)p:C?pEdct8ݴv ~˷ǥ#5N:@jI f%N D'-YT6P-Cը*8Gp\`Bi+fDGKs5*#[m @^8L bJjVFE+@'%}5;JX0%wUB<ϡ]jPRj|,B Mw.`Oʑ(" )\!\\Xz 0 }\f]9k(O`^lK̈k1,Z0';椞o ^2 cU֮@SIB|$BV++M)dfDs5s[bN2^br3h<-g9~~ E>Mϴwo'mUF0σj]26Bt6yp6m@;`7`U:P"`OLUEx|%2MZuTžS\Kc=>_Xj/5Ո0k.۠}2ogاC@tӻrK# L wz7e_/p %W!'C8K熓| As[v)=/?")>?iv%*i!TnE.+K<it "x}^.%т".֘[=\eg*sv+NnB$s0.GLHmHR(M˝wg%Q)cLV3 X虮t =n]pXׯ,>>ҊFtAP3 T^VrgRNhTOuӤ#M3i5cɻ->ƧN;m"_,KLyk'<}e8ŜzXgЛs`TŝA2XHX eT2nHPNR5I[f,M ]aZջ>D@?#ͽ"IkI֨zu@LH`/;[Eᆖ\nD+'?rZӺNcP(vTxqz?Ԧ[+֍DM4H৷Y:%A2\ Xo yXRv,PIwXX2u"2)̊d4nz'-f49٣d qR'ddYDN%91tRיQzF1\cK"JB9o?&g 첧X-. +Cjs}PG>!bB }.ΔCWK v(-m,>x豃IM}U@$H,_\+/#ʁӼjަֺΓ#vRawR;-Y5zϜ)l/);eR EcU!W%»+\{=!M$8>xYVX#ѝsG^Х [خ+۳}Ļ;W1r-?j oqmp]t>P7*u\_V NF饖g]Nf񙉍GB qSRD =~ 2QR,4A}C¿2%5pHVN:Fꢊ9[LZ@J_ʣed+2R-n.#/81)3M­YG%mkdb(ùM &N N?R+{ 6p:8J @/@9APhU/\olsM&6M}܊_,LXӧ|rcAoXaþGQCwi%-lLELK> ,Ϫ:!>EϠύ!N6.d\p c*V8rEɽG8$zҘX ( n"̚4:)Yuci(ʹjDJցir~[Aކ- # Q=P%@! sذiTDSo`wQ#W<:)'Z^QbyGL$$YG W&tpnN3 1HD'4sԆP; i$',t36-|HspyG'Hb\K;:/`{Ċ9=፯8j|^ló]Q|Zow ]p/f&]Lxp.3kKeZ ҥM2N:~L@;LiYmEio ܋psva!lS53YWě=尅1͹=w[kf1EIԁT_F4uL=0wJ`n=O;'| Cbȅ6Vsz,E KuxUQΈM Ӻ>}^ p'zqXICD^~ʞ#e#۠q*)&ԗe!Mˆd 4ϒJQmуǜ-xk3nB̖n0pQDռX 8E9pcw߮>e@AtClsɜr"aA^ݏ_ǘ%O{l&ܿe 1CȺ :yroe\W$?'$)l L\33Џlf.o}Z bl}dph }uV{Ÿ`|̀Tzӏrs>[M`<(o*C_*^sRFY0bɼr%褱{pݮ[,L Bwz9Sᖠ&FFӄ[b `4 6;۔^W&a&u; "*hZ}- \qh`sF1Y:55l^ƞ.@Ab氷GL&C`zͼS+m49m0@wnhoKZ12xq/I|g;V"KY3+fPt*w#M2gh6A~sԫj+=Cfk'Hq "'5wgx/'暂jCDtTqGe3#6_d 0+/tvVTľ| E"v|9u8E^!WL8rg@TËU%,$[*dJ.FD$'ޯe$н9$Ɏ/rw#Pm|)J@TFTbY:bTm+C R>‡3QtZ4 N1ֈq4f>](Q3.I\X|9 twSt:/*Q~to5pga;h &G9,&N@<|n q2q)UpŘ~W'oy|TB'%5 fmrxBẤp8`D15V {o3rV)Q$Ύ jSޏaF:ٙfͬ7BgN dWBbZ}_C`Ux(cP});Mp d`Qg\~3^^$'/@'W=Q&.W3Iu &GIX JdooZ WzlIP)qjIU> r⚅VmC1R.b/l?xbʓ >$˖_ڌ*$>og+DD xbskpmM FC>ojz=}s<%wUbn!A'sr__lw?8甌uʨğ殽l!]Sbpcte6xVZgٺa8w6! y[/j3x\oi7m62Uģ %h,P؀%AaR}5!υh>[EUu69*,&}>L#2[ < ~Z%C]R< *x[L:Nu쁥zFvhтKڶ':ݘ@W[lAz ] #Ĥ6sx 5;PdHP5&U6Jo0H@T y\[kYt^7KIw.e}^ql]:n~R%Ф#ƚ7# ?LCJ% 𓛸~&ŠV{TuL_2م7WM9}::an-Q8!Yzv-RvaÃB@Z. ʎ-Ωȑ3љɇ`SSbj_3a ^iT`c!b/=qy2G@E_dv:x2" )Lk bڼޡJ$Y6N5 9MG 2FYoL,}hlC=>#[8(^KL|ALUe-&[ikZ:f oSJ3pI~\.7ebO[} kkl/vZ:w[b_OY@oih8/ mS15VLeNZ~.qd/c4vy|a:(RGcNʦ٣'7D-ƽ~7JX;{ ajZ<4Pie7 LL 9mgXT?~XϺ\?-`{fb̨[ɓYkIkPV>|'8` G'xZx1@4>;K)@ j|igۭbH@т _{2VN! MNp6ÿ́tXEX;oTy80 ,iWsMmUf a8wj _t3a%Z+ 7)1)~$vwr)E D25k$674cs] BB`\<:a $zk͍2P7+WK1t* #95'TnMwM>gAUpaaRqIoÄ= mWXSPڈS![L\g @frj\ivS!V3!B'V|7'ЪчXqدŘsR6cI2NvuzslfݸgU)͍vR)#5O5moؑlmU=c-^d9 Fbch`UPC<7v~#IQ9{ L4N!?%PhmB#{k(ݏMY)mdJV9+I%swKԿAu]ZqΫ@i15sF%Fn*S`4 HTQq2*ľ{'+l9SL&6iAK9SI +ZLںJ8^k\Y^;& dTo UBZ Yђ.yfCꖔ`FU1>:t h៫V3$wg'z"Psw+g&ڊ4JWYbe=[=?yQvDaFG"H$DӥخE>M"rg= Uz *.UܒY}+Syt]ƽwG|9e##sJP@V#|1N { K[Xx| ҄ZT+?6>,ҏ$I^> uCv@󜥻(Y-h,~ӧb^yLwehO~S T ?[0k+ymi͞6Uܡ]hnWw|.bz؃e"#:RVPsF+232ч p},kWŭ,EMg͘ D I E,5%Q +b,5KsQO?Nk'oQۿVr Đd2eJ2 ≜&&Ճ (P'|*bI˫T ZuT#Eo镛!q˽v`YRi?/(ICBPK|I^0{quwcjHxN=ډe_4a`aT+;dؿ.{L̈[xMYCF0r^^FgQyϬg7$E8gj8)̬b ݲ|_~Q s q/Y=z]yȖ̈́`j;O;WzYܸ$C+k0SRzm[ R6&g""1 ND!~ImnwUn7QT48c̅ 7pqaCkv'~ FYk 2l0g.ups5{dwI١n /~6pu/ $(!^zarH''{pn _B㨾m>3I`bw$O:q|?c}l@4+ZX8pWyD'+ؘvWc?oxFr,Kl)(jVtn Plc >aKOYNtz gƘPpyv;eF'36zl4Jsڸb^oF?UY⦎tJHTNTOnpg TweF+u4#76ʈ,}B`=Xtkrpň}NU6 +*v )41C;i72>»wQZ䏲=VLS%MnK@\Tx1a'{*0#jV>(K-4S7 5]{^-l3>e1, /:o?wi!_D2& rPuNs+K9_`AFݐeWC&[SH s+̒A( TliVs/KX!fq}B}YF;5`E ?d*nb%|v|K&ERnȷSjep_} 0slnGfʯq챓ZLj"cf:l"(<50[pKnM&SXr3Bi0J)` Xxl ds=2Wp >Gn!N3c/)?ui`'wzը4u*˨ PI~S;;'i)t7mC˷G.A7DhQ%m8f~ 9->'gr-;_7s94i^[~@ ] VSw@IsGբ 0 kf`m:{UX|%䐍sU>{I A/Mfk)1HMley q×?UlPQ kORQT+ ɦ羿@uKz~TUm*sqIOjCs-I c(A}+C-ZO/:.O;TZ3xJ|>hJRCMr"+hdXHs驒&> fL_KF ;̿Ix2)0a ԘE#b@oA4x&̀gpM9iކ6|w>+{ݨ JET߯tRBC u^ ! ~sv(2muO0ZW<6\7rAvQֲl\(q$6s))b]ׇ=QkԽxR9@R…:|΍&ϒy}ToQk_ _ B'3Ţ&UI}>2<m vnNJoñ|Qʼntop,s3BcKu ĘG}4J_3pHz)i9\VğerA HEU@CGi<Ⳇ˾ùn"Ư8rzD7M0|PiW9.I|qj`6'KcD|M2qBnDI}:_zh$M?$UF[FͦN)Bߑ4հ27Fu ac>7MjFyJA9}.8#!V\Zp-/ž3 tݏ[Mu"UI, XVSyV2#z+L2& ;ra!Ɋ F퇉>l6Bn.b$ :9& UkH3Ė$.{^T z]j'7 (qg'`V=lNw*%tMb5J3g6[kerB[f[: xx EgȿcH9P+X}BUQ#z,Jvd` HDWbrגz4zhZiMG1|%ΌwfӔHBM*j)aLݜ.`'h%=A_ bREU$d{fRE gP2fT'Q;V9n}AM(_=v3'85=G?aM@h2|kwX'p\0]LMknbְmn%ٳg¢ԾY+m %4ptBpS5}hs^/!Gなu,PP8 x?辬LŬ`.1L134ӈ$l"!$MD8!šFjAn"5*_ː,VHn.1h6a;I]=#u1.ri?ڹI"P0P 3óy-찱s;1i SĞIl7@Jɗ˥ߞK^mY 1A@qSW7/Q]x ai\ߘJ("dW C}E5<.ܛrcxZS_-f<#!̯X|?x ܑSMՆ^L0 \l:䵀 BߌAT`)112`˸3 v|A erSR mאU0K*:żytF\c,GS[FdjF[q.n&n(a@C) :ZHx rv*=Ԙ++ |jpEdOGJàv܆&Q`ُ>QoDݍalEOrY~䅹14ລ1#Qo([PG\bV,Gx]yxfut/w̺tT&==F<A@??9b y)˖[$ Te4;Eyt:'-tI.#4Xzk{,$qөPVUΕL )F]6Cȼ=M38>Ldy5E]LJFsew_<73 {bKw^ɓLCDmQ92u]L8W tZttY9@,.;ySD_2dN5ZjL։"=gٿ6Sby] "VZ*yUp=?Dml,2"\h$ 6(im:]xWbl7ǟH?o'$ɜZnQޗS3# a?zXȗ[ c; UEi=sNQ{VݫaѭPzr]hS!AGZ 8oP~1Ndp-P0E0#yғ?obE*v|QF~7}+ gBt!fY=6j!_1_ԘݰaebhGF'r7˦xR`^Nؑ㮆iUSӴ._eV_LhSy .H xxDY81W{#A7 [zŴjm\hD:/yqKG ']-+\wH %rf}7ūGE(J7>:#8TӦ$<ޑk*bqp쨯aTrձ <⒯ogM98y^;s;qF{$##+ ",`Y4^Bi'txef\:` uȓ C_~.>stw8De޿uI-\0N5}/{&Eϙf8qDCMz?yuI% LXl?~Z#b#9<ئю+ 6:Ա=Y^!)jVX\.T]ď0hЛט,𲫝s ͦU"(g؃B>$7VCIQWюcx3=(o<)*SG*b~D p婨8Kv3&Ҏ%bq>͍"I.RE b!GXeC ~Ħw9\%J/z˿ׅBV{[r_}z{XoXj6 4V Za}[E'DpTD )mAj#Cu;_qNc57[/} ""c2e2xkYtAD[};G7\@T.cayiWy4cX]]eb9)x-%8TNC2] SKt>&ՇڂQɸJq!ƪ!4kBt5[aE5S|WpaSC 1g\ Qjrm|*P\phă\R:}9[[DR< C%oW} LswoI:ˏD5תK7^a>T^[9ćWP;=dj/<0Me`Ƣ r||.P;__X.CBd#_}# %S.5u<'g4rf!אOb|-'nB)R]jŧ%gZyYMքzzk$İсq\Sz_9,C]pg_? Jör6sX+ѭ$yM8mSɩF ~U+=\ 7煦`E}g&H|zξ;{ <+ (9~4}&G0_WCB TO![]9 Mk ~*+5>Ts,'oZ2mn~=M(  =5oi%ǎKAگNQc'?!avLL7_k'L!5~[\_0JQV=P;ǸS2!R|WE3&9E)Hnqxɲ]i<0-03)HBKrɵEַ@sF\$jȷS1CW?e]YɌ# Ym,^O `0u0#/pSW"ICnJz!gHugnT<:1ۆ%2 &jDvx^0w!8^%Oշ '6HLڏՉpiX|;0_vV-#r'jЏe ZM1̷SG{Mya  'b+t Z3c4)28 KMcufk7c(2խK frjV)4?umZ8 \/hFsFT.85zGߗR b>CVn6F؀K2$~wu'!{qaʙK :g'2oҚϑJ:|_[wYԟխy=祰IjY?vPUX+Z &*׭n;:`^&{|! 8R("9]!]>_n&!=B>){șckMh?^v/L*㸑DF2]\m]e峻49fϸt0T>zReboD9^7ex!ٙrZ]JcaS"VTՍ:4u]+sxGIر &un8cO[y#,HЗ/ReK^HSOѯ{Iwa 6ZV\)ׁSRiVƞ7-tҘUEzգK nb$ckhZ} nrWU[ J@Cb`4B~+T'qKr+8htr[/oЁ/xXM}"&tUr/_)sc /ohGW=^L;/tDRȬ>M NrЇM{p7dgP+/ٻakBО@.Esk$MO;cQY,o}?rD=WJiF ꂳ,kbX(_0x&DIUvT$4;ktiMz%Fvzv+Nl:fI[ÿoi ,b$@3/.b "N/:kbR1㼓X3i;-1|<5^F΂iab>`esej"$3Gr]O,eIgSuYQ|9N$jě<.Is]e?MNr&SX&S^ܡ֔.4KGVQ5蚮7)h`%kg`&$ͺ=}Iw@21 == b^z jȘ&OF1\lŮY$]F$Qruv>T8bH Kikk~}K@7Q.#6wH 'Ofbbf`2|lrQ#WlB 1IZVW#m]D_jb\4DOgmv3xr4}bj3?tgך wY*8+T:`.jekg>\pnfbZ ;^}H Ẓ; qvՋ0b#ui Dϵzκ~j|<ޥ,` ?&hج[S5ܨ 1i A[*=6B&ZFmqC{Ry[UNՏ+ף@Wʯ3 ua@ƊDVW˰ L]?")"?KuZ̠u/;$qh(8 uVhGȌ]豹[ b[02XU m%]هZWg[x&S\{Kk1z+Y`R+ճ3V&ψ*hK5;"mqXy=j ~չv{<<߾kOH}>:BSMl[`G?_*Oˊ׷5eN}T5k5/{BխsPî#2E%P<kB#hxtEVVPR doӍcGT&~3{pȂ M`bF{ghYvBy S9SBK4uЌډ-rHuScE޷#>stM) uCdM]uw:"PCО1_%D I'ڗq ?Zʱ\혍UJ 1æTMra0kW.: 'Dvf~?BieQM5\e I﯂FMNb=g0ۓI'"2ܵǼ |.NЯG'\p sΪOUlkS]\+[H. Ajtn9E(pI yŪ,`fn6'qk\Ü/Ix{v!dP`;U_nsK8Do]ta_2"HJ.ř! Veu4;2%!i 85G6mMQ Dd\Xkőnz-T80Q")l1/0Pc[J#z_o ӂ7y<̬I,᱉YInIf1s< ?u,#=T&qUpm|1Rw< -W/Yi j6 l"Y:T:=չuO@,ǵm_6*T#cajT (#8#SBIW[]w-'"6H>vlid_ kM# צfNRKCV즳p=7Xm~g{5uA5;-D-{ll2[}Ps :nHC<߈ ѯX5CvY57|O/E+Yi3/m|?CakSU&+:S}˞Jjmzk)NCj/ w=euNHhwG/=("2nW* 2ねua4!Uw-:@.`pAl;"͵Tw?)^@|N ΛeM"V]$wƒm>)iWZ|~.N*ָ+=DG[)AR3 (盅:Ƌ[ϩ8La?]8Fuf᎜xʼ % ,ONF~5T)k"-Wg] W4[c~4K{x= gѽ؆vB36Rn]Y U=&"%Jvckn}%vdY43@E\U.ǁy`fxr'GULy WkE3%JY*va"r3sGeٷJBctQt&t"f؊V̽k X`]w,ƴEQZ=pl\b|7" 3,`I?=4Tay= L|m[)_yw/DZ_@1n^}4]s\ztP򋏸 -Kw^P薚LeX ,46wjhGf* [?)VNz~.Fwf1!FV-ӚRmyp6n xˍ@#2~@$ 1ܠ+mZ x\)UK'}v)X}o˭UZToca< OZ>3<*]hN{j/{"bqVnN Q33M/3ŪDqalЮ|;C)Mt]$;ţ9ebɕmb\蚛n>_c?[h6oވ #`cJkAK-۰WT>"rP<ߌ)no4AfOԆ"7iR)9Bhw1mT]\g^'qS~kؿf{ ñ{SCwk&}Sd ?|P=\5TԚ Rqx&T.L+KմsyIa >%'ȃH 0<U\Nۓx0ӲS1]cIGZM3>1fX^:ABĿ\J<7aKr_hˢ E81IXdT}T<]O#;NDE`uo ,ӗ_!<Α7dFÂ=sB_v/ȟ8:3gQ姴nS%Kq6z6q #w"@uXA8~\ç9QD't7{E9{nЕGa0LJ(ۆ~G!Ŵ8@/{;h,ܲх(1.9D!K0:/6HRr$ 2IoEŅ7nBj.0;#1S nN҅Qf_+ʹs'݄nRH JmPsBj)Kr)0 )0j(o'Ts5SPо *$̔+6gT‘1TIН]۪-@i |OqB)7:$#RW A8gXaixy[RT^M³1=rLrnlzT ;i\hP~s9P# :օuO e9!['_ rƐlE._ SAsф4:b/jfj2`#6.G^ě)d)Y͓hLDBuzKȽI> #7\ ..}6ͧKD (+gv4^)SFϬ([h<1dom !Ɍ{öKPc+tlXUAZߥ[ZeP?M|1wɸQ屙Ѓ)Ӱ888^e^30(@zSj 7 `H-2 '9GSָpe91_"xt[:D"뿂T"N&o$b0윖.I\-$g>R2 UK`/ [5rߘđ>- *˧%@(/'5b ԀyY*=9*ceN{5خk)THDψM*tqZĆ^fSn$z!?tS6p:]GͱBiHQ6%3[r8x4p^9:! At5qPE͆ d'R=ф 흰Ӏ޶}z$wn󆔐3;| _$#YM?yoMSXKcƓYN"4M@* n3 lt҄'?_B; _3sc$YLUA+iѣ<۱k#bߝuBU"=;f A yBkqqC x У TjQo(dGl['[aԛ&es /5AGD M6S}_Y3o UiL22^cX=N+0"i"\ϜTˏcC2A7?#7gH,4M}||99to:]U(@>PT {1\_jv61EcùB 1mgHa_escB/{B#&d^L814>1<.*-M0]:Gο%^&İ~ .Q#p)ˌd?b'tpfG][$Gq\zbnOSn#1UΠ Fq-c kqOhׂ49ų(Uf&(o!c?Uo4aj78u" }-؋p~P8<"&ʎc*v9kTƻYo*> >- ?tV1 1AXsل:"c-5;EI#q+;_"8czߥd6Q lnhWE2ϙ3?G;S.; H-[&"o2K~ fRcv`T~Lhg!yd=j/'f.Ğ7^3}^ <ԉP*ωt@p!z5MdjWQq-  LtyQJvtIuJ]0)_WX]Gt TlX>y;8o@B]0X C>I2*k*#O4Z-, ü?/ys|JW|]K"0F)8@2=!]g'Jc5:Ѧ%#My*ÐM7!F_5i.p< zOt1F mbHtvmz;$beQ$ދ]A*4lgtHnjLuH ,ط7%Oq6HP;w4Lzi40&gu 0K4kq#ϛjru< )%3j]漪nĪKm-*dFc mhXi%2^Y&11ъE såG%~".0-4: p,yt 1a.-hO4@nQ *8XzuګypBhV:ngp5]XqJKKoȒΆ7CFbD݈hWTBƹ< >H83;se[LE/@WiNP1%19wpTg@:dZ~aztkw;&k;Lr)cd&E UӷDe*ga^M`ͺ8tĹ'~7Ъ 4UB UFG SczHaViu:-h!:Ђ a+8"F>e:tJ'UTޯZ3t5,G76C3 C>  /aA.mIgNjМG53-6yK&vJ#c|s\K?p?|,ӼCmBrcH'kEc3iJJZOv.>>Tl;JzRE]}OZ #O!N~8ϮO>!A\IЉF R?jN卒1GqB>B?*9~\>"qZ1[doE ;zj )&uoa@@䦳g&O 8z-9F3U>*qӱ{.Lѕdƒb'eSԌVISnӤ"E[a Ln<$mitM'D<; 1#FMQ>r3=A$pJe@yӨV޴7,7́LT ta$HCvseuҽl Q%4902"enfFbuHAFtTg4DC_2. BpE 1LqF ,Lr?H[@]U D!ķN3^L.`E~3#P;u`t_D~8-.g7%2\+d\L+~~5ǔ"`լc-,GY12W011}@2ڹ67,<=W&s{q6VHxR=ᗮj֧P_ Hٵ랚K匹e/9Fx);PxZ%µY}fd~ʹQ۪߲,3*pBA:\|#uZf8fO?H{L Cs߶JUrFPK8J>@Omnqc1HAaE/zɻϵ](촛 ;!C~PI7cTSLEهۛm=,\Lp2A`xCzdi1;- ;, T?Q\SCUug8LezӑD^ V[kĥcsJ:nbh _2~]< yo"3@텿|_N`p"SԪ ݗBC~,YZ;{XɃ)8s0{s,rRuY1El|NT_YT2\'<;WӶ鏸Gxc1Q?>;M*{l<3YlC#5y<,t.cnw}ٟp=_^` EX^bKe grMZ -USx{' OfR٪fޣJmGQP"D68JeVbbɚiB`Ie uuCuY(asIc^)&uCAt J;R JZt'@^ٖH39OGS3w䕆o$uH`ȫՆF^*S-M 'V}^K%jNҠvy]Mksr ÷-|窊BK?y-^]5kC_2" y0_ y%{Ŷ3)'POǐ[ʅy nKo81bV,XUmVpv#BzwIm*=c]5>yW_nNTc3&S;Ќva-9Ԧ1ƹ4dEH+=d56-{I3(@rT7>#=0m+gin,hK8>ZOۡ>sw茲' u: A\a޺ Ѥ܆wOhwO'}M^#/Ԓ8n1LPܣUPHI=xu^\yvWJXnq{Ѵ/QدR'|}{ꥂ*Ր!y!##\hinѼm=VOMl o\HF~PL]9ʧL#:|`Lن|T>F!l)Y7m ɝ 8K6{͞s-Mhl w1Iy!Yyj_ |F4Go'WEC{q/(LwlB+NIC\?s|0ѐf-8 +݋mv&n1D3oyffcꎳ!_壼C\͙/ n+8A[ xTUȪqiʯ<5f"lEۨ G>I_`jc[sw2 ^#znZ`Z:;C.ߠEq̩@ "@iȷ|gMB]zz72%iJdn1k\7ӆPdЛ&59a|[c?(T(+O lZ'UѤ7xSBReEU`ϟF WkKdH m32sJ(FvSݢZ%_^xfBq\@+[#+Zz.φ!(4w.{_EF;7U VQ/R_Cٗ~^gk1tL&Em7$;|p6|g!?`S I>]4"vʊј&|OhSt[.ӣMI"^ ҔcE켒MR>UQ(݃=$R1f h= lu W%K˫Reڒ,k-+r=L(;@DFd"60P*\i?DC8m@g`qOȴwo"7q_@څH_n'p0W!ptF*#RҺ*'6hcIT#@Qq('%FaS,H?m")<j4P,C8!%E/jȜKK&3bq%(kO@&`aKɐfټ+R +Uu×0C@>o4ʷu@t );43R~ '<Ĝ7q`}kvJ!@Zz= #)7pAc&`Kpt#<*/(Q=3~/qg-Vd:{E[># dȠ1Z*^iu`KWoKMlXKX˵ yOp|ymB2A qW:mW2?h~RhU*Şbs㋀`)Ίsq^AXdF}Vm(IuYUn ?uP9*G}ے4츧}=;xP\D,rW+8)vəCR\oXGhP"P:eN@ 8Su~M'3xa{Gu"ƒb(c+E^\XGrxp:"EzR7_y ާ@.@a"rbK3}oI:? LΨad0ȈR, X_ͤX^\CpR,64o&6DגejpkDC2вElUK~8b5׮/(Bu `-UNIqS܂: *J:^ˋD'x۳@5A4z`h@\No- ~f[RImҩnw8Ik8@$Voia_/SmфYYk4ě0\ǀ;06ξS_2wZa)Zyq#xtgnd@WQWOww bVw@m:PN*5/`+ڟ ^tpn}a>0h7{^}`$5Ӫ~iORA2GyBoCo. 7-RnjHSZ}U PK*?KE-~WV~P2ח^D4!j|Ծ 8Nh r#E ey':G 8ZeGȴ%B“*~͇}qԔɷ8P D{kTZ;^jiQ*ӸE2H)8pM7jnWrS&0 Qoڠ}%,`O2tO<ʵC^ö438`G\׵vkR})>~nG:fPtבֳC]p- 'EunANIޗR9w%dgO[~ ) `:뽯\o_Yw^fx]D"9IFqZv4~S U֬^x"m@鈷ETsE |0yaZzS''v!ݎ'ßsJK4^,>Q%/Ej"* YI̋VL ϽlIKN (vn<ڇWV[6;X-cģ֚ՙD璪Ӹm0[JO`N~{qצjHv8\!<9{]#V-j@N,TH G&K~!(c=UJE?XIähA$؉JlbcIu& ^ ?ާkp9c\, ndvZmvĉ} -ڮ[F5#Dx+zCZ)Njȵܓ}V'(IXL֒1e؆cQ3n͈k9ǭy1s3k&| ^CHIæIkK+ˍUJuAFXN-R]٧(0&y@:Vxgt>Mfwjrrg7Rh[O$)Eԙs'I?( 0[S(W% ޺ .յFu؎n^(7G`U54zeU`6gTмzU]vo3 JG=Cqʩua۩mҪ_[TJKNc )b!gCw&{S@I"aSJ AaB'#SIJ U? i‘s3(oǑu y|TQX fԆo&-ᜐh u C$:aKR%vG켰^_ERm@U;{T[>먲7}&˃+ /҂2@MQlcz'{`=_ˮjtep18asR)` &"WwElpH=H4ıPIyP–(4oÄ"O(/iC";SFQ-/ݐi'^J aԥV0:KxuT;TC+q|,RK:xv"p67fgHəuۤWjÒVv,Vd(y\:udHUJS ׏c[DKP'$G=ݵ&1nzI:ќ;VMh?UFnO bjVV؟X߹^g=6Rׅhy#*}!u'c_mP3Q4#nvV .J֠c*ֵ8eڌGMk-z7D"#nq\%e)&ya9q:k*qGEY;ᶡ4"&M;vRI/M |~,v*"^]i8< .ɯlcj\[B- SredAKۭVjR~ZBwB;:2=QFSi;a$u|$1LXܭ`X< gz^Fɝf?#0rn1H3j'ݦw^ߴF03taΨ-Iu2(FTdeYd;%+Ke;FM+@Wq{2@Hw%?rg8NCۀR]j'F6W=ʃ,m'Nd>}dXG*IȔsL|je "EnjV+ɮ._+ B t.X]FШ#s2rx(\ݶ0&'>kQHE"5/ =Jv.}5G,O._{bz` $E׼PZvSLZe Q-Gvm6U(c2T+D6lT:=dG7a\#Ff8+z~${yv,t5EY4.%ֵAWIk{!>+`Nq"s xTi!tо0_xS_ɄuœDo `J5%ʋzЅ;3a{JWÊg b/Y3k}ls{s>Vmo[L<3L$>~#-HJڒǧQvL\ ě\toաh𛋮ަ=9'2<d!wVtd χ𹑇/k_IF~#ƣtVcc?^Ǎ&Qߓ:ea/\⅏x2K__p%*/r<\O!(g5~c:& Ɵc|m]v1_K1t/{b8܈oz|'|n!x 24N0^y35nfw_ /&mS[^XŷpmSh`ݘ{wGc|`斂KJ@xa%v.v3!@rH eZi^T J C|tģxdGx4lh*rˠy p"xGkh#mţxG@<'ţxtNYx1@< ,C *jǙI\DK,Cdhd:p|$?@8-Gh?A~N+tߠ7pQǑq\'r)ja}DeXDĀ abCI$"I{T~ߒFpdā#1M2dBrJz$II#}Hcҗ4%I+2#I{2t!#b$~)Qdo3r9GS` GIx0 C~n@ 4('pVGxut4@ \8r`$_r H=L%7_L7q&2Jȅd!Nd..& ȝ,!wG㷟#/\n"7< +^mP%/w5`/YS}ˬ6A +(eT) Y+7’11E)cKA,ddG)Y rhOVz_#h) VbJv؁AAWc+uŁ7@Ńl8.T|fXAa*)׍,~!:$=J aP3 @ސ(QLWޡR򪰼 #$ .@y|(= vόG&mq$ ySrn)L 0@ q7*|dR.ÅA Ep1pIHuо.-Gee0=6QaGumB>G5|l|X$C~: К|ArFC00!X5k)@Gjq?c?_h/38:qq@ )҇˱+R.L)zTWܾՂ^OF0k94I]l9`NM)7q)7rif,an)[Q![`+P,,ĺ > `뇅+_1<) ·̔;dypaJ9,Ƥ܉pWQ]$J_SKH-OaS G ^YR2$CrŐ) )Gc&luRX+t!Te|e҅H[*Y/ w1ass9 KFFfZڤS ](TTaT"jdj4.I0&##4V4XCy^PF`3m [h3J{6ޢ-a'm)ͅ4<8Jۓִ $DOCdL&>d*K.tڟ̢:\Or/IVB4Eh= 5{5lS<>=^@~cM/^L5 zMi3:{[zA,ڟΥ t7##"!n;bIG>]Nѧt ]B_/t=]F7_MPT 1FF-J9.Y $EUWC&>O1T5Ր@n'+5~JmO6H~KH)t dbhGny@_|Pm2 hrrn&0 M_,^>Lژ?|T3 S qR =NC|ձ|yR cCj J;~f"˒laTVτ) WAX`H9% H h6G!͈~2^ {`-bLq BCw@݉ n@߅hgؽS0~31j̦}XK?t/2/`/oI1 ZMrBdŜ),$\0HژiH~EGPU=#G_AE3D7jn^Ҿ0|S"2t+C: yz ( "}%dv|Sf8 ]m5v;XοCO1ļ¯G% \ 3pκ^F1*hp-=Y?nNCAcZ ]Pa312\,5AU2.gp5K(q_q_/BZ`6Qdx/1eXLl <46 im84agB6G*+al~6Lb"6bS`6װ" e>v<\xM-|&Z8 ']4*Ҕ sN@z=yXlswRxm% !)ĭS`+el/S[D d`9Ib嚃Sp.jU%^ՍXM"?/RNtfZ5XS;uf[fjSSb\͕^qSG2Rit}As,{e?Z+mMnby[9I%?(m1_;%62A  #hҾ.!hc]ADNѵ.tl iUcD] TtndK:GWͮ ȓ'.NJäI1sKPa{Ob>T>hC[vײnή7D6ӈT (6J*#L2&,T|iB`+.I]f}D丱0iA'7)LZ`A>Yi~.zyʚ0m%0=*e@*vGd?!"$+jAK;j!(?P Cq4'lV pr.6L> X$BR@׫AӔNmiHto耧!h2Xߔ^ g1rP6bXy /]luI;Dw\ 77VЊD6ؐ; 21E(}XE&~_T΋ɤ:3blK LDZ=tޭ^D˜Uv@RRtZ/%D"4¼IFwCXGx_H DB,(kE]5 (ЌahDv8&];2 zLe&%N6?2)B#BHemTCʐxߜqs2Ή):LhxKLeDA7)t6(h+Btf`G{l%=s܌9FE%U, VؓS1Yʘs XlZX50u! 0ڥXOz4sYDIhF~'?9#&dzfl#b##c+ɏR0˨XdL4266rv,ظx?LhdR,9sdr42OF#pLF. pE#}Ilz.ȌXc#W'WF#W"̊̎E5Eω-z\\ v}lb'7F#796-yɭȂ؆Y[ڢ`w~Y[靱_򓻣{h?i)K_t?OqS,˚Ydl(?#<~]yOvB(F) g%SJ*OVxÛ*鼹҈U2xҘwQ2y7%P~J6 ?SiG*-xҒ6R7_&r1\) >aj #?2!DȓT[PB$I]W\=\=1z$1<)VXxJE[] hUNQJ.etT34Q@S+FeNJİP#ŢxnxP')4d j =Whx3t2x y 6Iyׂ…0?  ,#/WPE\JGG_\AްMmt$ v8LJ(,?)>?)PJs*h$7pj1Һ )A "C !32.Rt(Z?1/+y) ~L*#Jɛl?=gyv[]^ݧc"ѱ*N4a </ V^S.1:fppE=[2#OD0!=\yTe $+@(r*+Rʓ0Ly F+Oxe LSaR p"ܣ(` ^;1<+U+r{THH)'Ef2M +{-Q R6\R=s:!9hG)#"I봩é勝Zq4e~Ni&Bq| Ō%-OY:[fzK{_c[A>.AJ'lfboJβ5ltgmv<{ygo$?bp"RAVHo o$i2qa‹8d4G&"|o2T7f7"ϸYrdr  trqb6].Br3͒q|ݐE~*|\[*!W9\Ԁ05 MJ50_+}aX1xRlRNfSJ1U%DW $MM"o /Wlr3Wj yAM%4NA5RiIMhs5f\r#!58kQ=2GNkD'F D0 t!{0·N'3`6\ʝD / )0 ۝G($4NXe_? &ov1SV/u%FyHeݵ4-vXԡuM]jԠ|U"CV&%&%4T2*1JYFuiRٱp.Hq +rRj@[?5%MɓzRvђ4s9M -@\Iܱ p*adٴdo̪4E76TuTPutjil4Tk&O~X"Q\VN8P4w58C\x ?5"5js#Mrމ`k#qס._{}$_ 252n1+@Nd"Ʊ$E3hֿ44PrJnzd0WY- (É.E 7xޢ)`A􇑍/A(Sh\cՕ0E]szI>7a4<>ϪBZ /Zx[}>R_ԗ{I]MPIZJ2ELz[Hu+ꔯ6r&Tݎ2[ISw;. U%K*#F~J.u/PGQ$)QP]oimOhwG:XL_YoH=LWctտ#tzUiZCw~Fpa=j:34i `IK`D6DKfvgjlilњeZS֜Z#-Z6FkMOryGmyW-ZG^u⓵|օߠu勴vKɟzߠT=~@Ŀ!vB$i#(2kHzB-kVTx aQ1>Y깲@/ׅ78i,_N@ F"]/$\\ +\aO ao]s hS,VwQA0,͋E΂eUa^漪K Z|k#Xô{GC 2N2hM,h/׵,T9`WBv688&@km"&AT' iUbwi>Gb/4]d/U8%wUzEk\HI's9g*O@˲B(Ҽ'C7[dWf웛(v<{H;.0O@^v k9GO@]"~:dk3 GkWBm6kZQ$:$цԍpv3,n'[mg*ՐCF#u@ Lu7*Ed$|%z9%Z7ŦNPLjky$`.^ !|CQg@ OS#u >0 :Ht.3atgppxPiaprd_0D{&jmK_D~AETj0?.By8Ɓ0Q6LuVvHv@NT ݴw=75-^eSpi}|v*N!  ͏ pDnuѲcY_gK.[ԘF5N!nvz($cx|)^BۏDxh_lg7p0_GjI$⯆Q(2NCћ7>BYl=/~HaƹS' }=B&] Nz{t"B/ iX href0ϭWͫͫFjmEN܊; 9]l҉F-ĠG=8tKJaM  !@VQxnieQԅB*VI0+1+k x.ӋyzDH&SEP #( D z'?H'!UCWT'i0Bgp<]u xX7an=)Pa ވ(zIFzXoJfޒt;z[]>z';9_J.лyzOIgrB'jlҵi\_OXkn};ЎJAkO) Pq) |IyDd_"3 K2Wom/x#O{S?7 Wd_4sܫΫrz_8XG;rE^葄ܕ"*7i=Nv0@ @%! eS~@, hv#p^CBgy8X/KIp~ܢOP S` KiJؤ_ ~O~%> ~g?\IoŮ?63KNE&G4jjIDjy$*2BE\ޞ".Rq_TnRZ}\ף6yf ?#:kH?M^ÒHJ)ӛ"7G2zQlpa:ہlGJ[#7t Zj_b:d"wP:#_(vxr(U6 cć5B1wA @ohχE_۠~;r;`.`~RƽX9\G9QxQ_ [1W2ة/ ) 8?O՟%>}-bb/Hpk2j]q' 9q2 >S-2eZݛj)#+( wRd`T-.h-TU-"6ZW鶆uNix^('}rB!IenW?9dK.$ql; ~D!ш-WlF#H2#ɼ$ l!n $d]p TzåtI>>ZJ'4GZD-\,(`ZB#_+ha_! |m`@/A{GNz2ڤ%BOlr~>VP j!YDV8t' +E"4FWҧŶ~H';굪3.` }=u=񅠥7lUKwe򔦬8 <,kfa>+Tb!9!ZQl<UED P^N_Fȹ :Y$,0}9L_ B? SJ &>ch݈n*%yk !o+ #J)S᱕[$l_=bLhynT $Wy5x}Yw# \ ͂ih!f)ͱ´rAk2F~;Tn}#R6×˥?MqsFC6*~2KK\ѐMB {bZ"j5ia=$ 0ݹktW(I`N؅+"ǮaK黎$B͌i4)I,R_`=?)ҼbE1=QLO'm9Rg)#k3#7 gp|8 o]0w%\ ] |`o6 G|`FX¾w+-|w>w?={$t߃$˷-#}+HJ2з =AFVI5B_1{%|/|/|/|2FWBkrͷi}u -RmE}l߻4{v}@{>|ɾ"tK:w^sO^ iISTMy65\SkTC+P49MY'(5+ϓbop by-\Jy DQ÷4]ySmw< Ha'RH5TA^eJ;KuU*qUp).gcL="NI /Bne54q"H3;Re_h%uPÓsVF-$XqI((Y5ɫtJ y-=4X+txe(!41IMdD׀."*+"s/쇯I$p O"tc(Ԉ8aJQԫA wEO 7; |p(s|4q|'&_ ,0\j  5ta b' ija^-Ir7Xuzu@3/M)/D4ל  E\}XϢ dG(\ϯE}$ɿЗu&/ yw1Z[ {=$UX.Hyo*kpak s*X"GGmF.eѦ.N 7BBNraI'% (9lH(O&3BNfÜ 68gݑ8FCAӨ(QeB 5t2lif<j4~Vf9N|sʮ`SM 5u:Dl9/ig\.Ns9igN*8-7K9b.Ӳbl:ZV،50! )nvZ(7Xj(g3N모㠓#Ju]U䔲+E̖$: a m<6gB1JNsRvm14 %Eq(4)$ήZ>'q+R,QG!.(n"| u;{}PzC(݈soPa6_ݭRI\'o2jFM22O$Q7"'Wj| ~l|Jw0EA1~gaucdqdԒ&MBb¤d&'J:2-L IdL)WOو3ZCS4̤&M0|=lIǛhC7[6tٖ7ѻ\Aٞn4;ҷNtٙ~jv?]71lf>lٗM5Al9-0DzEv9kcgef![i`^3Gm93'Ds2olN-1lmi ?NoO%tBhR =uz#d;򮿖C?k{d Ք5MP.ު)iǚGB~"jgՔ/4~Dch>MR4e[?b=3`-6 ~H2Bw;鸃"R8`w*efդ8އ5>4O:_ü>|1OwyՇ?Nj<&&֖%`F!(0\!;4 f΄lJhe΂6lho^=90М C1i^ SbzʜsF׼ 6o'[s>6o=Ҽ N j."baIZw {H7~|ÑENfx{u}¬<$z7{($ r= WOGմ<]*$rPj:\h:階R7~`HIB36UhtRN!C` [ F IЋB!=7討f}N 0*Y~xD8OBc)hj>50,|ye>gka"6_pjr 3_}Mb`)}XZ1VTi;I%u斲aْB BխF<"0heHhԖ: 8+ף-a?y'#ru c.0aH,s;0wA |a| w`.o'q(XBy \L){A`P6E"7%ث<[=t/hwX^0&byݥ2B 29g~3_0ȕYc~7=wu0C!A:0ŎC]qQ u}l?[96=< #xB\%͞/OlZ?A[g,g%%y~*XƞVb1PiytJ| 7[@=[gB.MvF he9Ϲ6ȬQ0cؕ ǡ 0ƬsS8wjap Xs%`*)^ hT:? -'Pib){o;;G.FĞyS$PG[ (_vHVH VGuD-k/WIe8)r=cݍd{ֽlin-At/9d[Kjc0z&$Y8*Ysp垍5}Xr6ƫ &|G߁? cIV ]݊1yT'Au8]ԯ(V f#7XاB<6A.. Cń PTDx<*]ݐ.p9aoX/!ox膂&d 3 Pk2čJ(`U͈ xz\`A5)[2)~ӪNF)RJ,dՇb1~I#K Mm3T7 6>rKԡ-hgXn&ɰ`Ht,g@F ?(vBr z(>1r=Y¹g|gpd탅^GAN?y/xʬ(A ޴Nv޳jaΫ6mJlNmd*ij$mE $d'v2lqLUvm;z1$wYn;g璥vYacvf)ynFް[ve$حGa [vkJ6Աsi ;Av{zݎј>aU>@v'G!K"|$ҔZMIZ(ihM4ǡqwojJRb .x H/Xu%n}PJ].L~$w!xKNMOUga2QEChUrxIOqt[њl)8yB]5b./#Jytb>Y McWr|i$dК- R;a"xT'[[opce4vخ6\OB ϼNtC[?O?Vj]fHK O F;)$11JrTUwD7ۈJ| ?#dG^_z?J4#/O7xv_ ɨePZƛߴ*px9Z܀P:~k_i{:⮓]#N 3 üY覙N8~JKer< w@$Y|}1MeD;*73b~& n9Aj`7}~KF] a, l;4{@Wt@_/ (?L@n>VC1Lx|dN,x٣G{,b =$ӞBS#|ɞϾ /!#K(2ɹ 2;L$35d}rZFѾ 9d} žorwbr¾w" 9ݴ}?mg?DW [Iq:~^d?IOy&zm?K﵋ 9"}~k&z@%[j&^{RkPr5`ˬ.Xj@|TC RR-;K"`k*Tŝk~oy-Z/ݵ;=^[@ U hB!\q-įƋI傊$gYV _/ ׊m[E?ϩ'E>f8& cζ@7C]ik9v%߀v6dt A:g;` &d{7L߅ PQ* ?jGi ުt?Vt⭩ȒLvuWIm؟Cc{/\U#?Xe TڨmsR.dƗC4e]~.;Sפ^y1`)/ˣ&_e7A=@4 "]biS ISSWj|jyMu[[L-70xC5$6XAWY\Qm+xnJyp#}l9kZ?H_B#d:ـc_CNF΅^d2%S` O.EHBj )Pn,GgMGg + ~$d2A 2 FPD! :I&8Lb4$ Lf,l.պ}Z]@ATZ/uivkk(̖ sǜ39w< /8>6V|q_iMo4G>֌␌}'憠`Qd\iL$? 1+4ʌD*T0F8YdL8Lilci4Sq&f"O7ьQt<͔'(TlY LT"tJ͘Ke ŒSi*eIfFeh.,AjU)PE&:MfB +TmԘ5 ՙiF3hBLTorj0K0 5Ɍse,ll(ZNgjWh]_ijk̘Em&ZeAo":E&6h| MƌM2s҄L˺%.EaP(bƕ(&LiC>7ʹ._Is.f9T㛚:ju֎~ Rƽ]p+[a{!&Drw cr,s`Cj3'h}d6r24n_0> m5HeMxco40Sy= a GWh(4:F|XXɣgoF)_Ǡ㇢)OQm(9,U$_[ NחfH, {XJ3ZAP##Q_O}[zO2A +R,.p #uҩZOKP|5-N^au=Э3?>}0'^C(J|uGca_,,rl% ƚI}XO/ }Q]=+hT|YtdJuI5uYi|pf7gH1D*I-؁ͲtVV74Ҍ[zcZfeeh4auβtFjfDݞ ^Ͱ8*C.󚖇8pAYʹpGz>8p#TEUM/pnt3Mu=.}gܱN8ƞX`(j'e:4WzBoC4⵴xgDJZ_Z2s$e9rBɈJ6\֬zɱ?!pa-P4 y}NYb0rfہ1ȹ)%#xE?^;n~o,A6Ey^_+WL;m_]fo9{}11w{ gd>Ng;ߥxfO;GsAL89"@XGY\1yXt4;~<)[*tFq5+r ]i6ǣ#ڄqDXtDkN$k f+&NJ\28Yeץe 9^9} k6%DR,"Z9BFár;cx3F/1x]%97I}Ӣ=F9@.˳: A`7dJ͝;PXzX6LnVhLBa{kq\\zC]|yAhmC ^aGk4qHX.4ǚ10KP31 K10шhb,g ]s6{,t&Hir/d*݃@MP//1ԠAбp7 sj)͜b_|^m@_] )!6yfϘW/|̈́F^C039iLЙ~O,`lmdum ^ݘd$~Xk(JʩE X{@_k<`r.k҇|T4nWMfҲYZcXڏ+T;Gv-RMHJ+/ac61>nAii"0Pƍ>'|đ(OeGxӼlr9:x *r 'eڃ햓1(wN{ڮӘ/^Re^]4iI>{FrEig]喚hYn<3::$Yjxb,g_=G/mDz]߃vKF$lWö$ض8qٹ:n9vQq*I+\}ԪTq(l*ٺSʼnNqZ-J h_4Aa>T\E 쭼]p Mds#';GG77RTg'ɂ OS#S N3;}t)vxځ죷 }WkFu: 0a1ӽchĻ5xOb|h >6܍O SK%Vca>H O(>3_F >RQ_PqqZdꑅ8yf52ݺUQX Sɨ]p7胯|kCRvAWOIZKl#I8?Q?s +,לv :wu)!|kO܌CL;.lq-~0x4-ij=*M NX`f[B`obUa.SVBDD{ A3d!!YSIUnQn\)EC^0rAnsxa/nBlܓl^ 2pIjnw:zChc!S-j]ԏqI. WjVϱʥU.U K* ٹعR!f$*qM >v0U`=et"p-Ct26<` Vi!>9-t:3h xrP959qF!#FT`k!\\l.rf8倧p é`/2bWqհ[MQ.٥OmCixհ+T8^VWʥU.;v5ʛX-HmB1F;ٴ Qt>ȍpd|Vs.sX1ԃ(Q 4!o!Tj?#/;Qw. Oyt~0²/8v).{9;D~Q,:Ky,𘌚.^FgB\EyT/ kus/xtԢ:$I,t TUpJ4ko.{ٚs_!ַWŕLr|,פHp#eJ.\Ev]ߎp=P㦭qVwɉt0Vt'Lw\4'}\=fzMsI h_*L9V 9L9ok̟A"f/K:S3b& 96v%6 meBPEQ@NںkibvW-R NЙN;ʼn <}(O C;GRH蜳=ϋ_ "/zB̋A\@6t)øw0GF +xы;9w%Lpb-I_+t)}bЏE'ڒ@Qap1-a[9}ri[欖ӵd{96b5{j{D9kŜacC"t\} ׅ@AW$7UcaѧJíKB 5{kekLc7|aUs'L] ǽ&as( \Θ sZ3sӲnq}VW*"1$S1m+2 #/1r֎jPdOgd<6OdgRc㓉# DK6S7 7U| C*i$VPHԘNfɱ['ciba#2.2liXrUSjU?' ۯ\ƘZEjTSL ʠKJ'q!ÙTҲj; bEf6w=Zf)ELISxZůkoTcX%Dg |M&LjR6:K6.&4dW,%x|긑#'-gJJҿkeݞ ɊmV)"k SrW%nMۍ ,&*a tȔnZb?!- صC0 -{PMt[OV3M$pӮFP%Y͢NeK _'heWFIծ6 aXC :db(}fLjiòoO';UśIJvOY!$l А@uC[~$:?/8PmgΰZ\I]|(!!k5K`k/q7JF٨ۈ.x"֭4Lesvss9 M2MTExSb/vzƩیJF{9e!euc^ˣ.%/ɎZ&U(6%3 jDpЏ$tu{J}vи)Yp>/t0J _߀ktroR8|D߽ܰ@zkŗ7ܭg9P$0x}S ;,'}4E¢.nw!mjzk#< *tFl#(<Xz'W$O&5g) zΣ/i މ3/(oX]:>- e Ը兴eW *7 )7eWuۂ :qw5WD{Epԓ;O6l;K+aOPu_GPGg_/[>)xGEEY@b ,"l&hVVXI 2[؃N{Dlg =#Fq#~ z?${# 7 3|*9>>(~d{/s~LB 迯^|PK!5 +com/netscape/ca/serviceCheckChallenge.classWit7ci0D`@PB l#V! "Q,'5ci, i6$mhh4i$ YB$YMKt=zH}#`[{߽k}e/{İ׆o IR葰OBZFFn q^8h!Waw;]P%Om->{l2>hhc>$&a ۰1Gd<(Ya!;>%)Sb 'e<))©g lX'd|Z8gmN/Hg̉:!Jx ='Lz'zu늅U]eT:2ȉ k s(:_am-XT UOF gOɨQ-L|},obﺆъ TKjMDnU;43%Ὅjۈ0eA ;v7˒`Kb(Dʼy% g(U]7T20i[ǵdTۢf2R-#=ҙGE |mzBz:dPLK\E$OT66D#P. qVhPĻ0fB(Sj$ * 5Bp/N@pc`hEKSZ|榎@KKs ô+8%e"ἂ/+%3$)*4Yx$-i5):\Eeʂf$*h=LLO|2,V> Xt$x]"u!XNf$TEI]#|cg{ޤ&(Ycagc|kwue ZKLSc ?ď ~7?%+~>{9 r\W+Zo7[*BjStZ%SbdWJGE;,01&#_kkKп5 ؈?Ϣ| ],j\YR_𖂿o'%Uad+4n-wtwSR I} Z=@!&l]c Mhi5_fh֨CU1cb5=,]MMx`z*/)]+CU"ԏ :l!|#2t'gk^^$bȡtp\me"Zw4e8]ڬ,Q&pwbR"Â-`n֙ȬzZl*s"w8nP1|҉Kg!\͉TZSВh]dJ`2_mG@iOID;E;Ar]`鱍ԧ=ĵ3̞zؒ,J5) e p0N:i/.jˌ0jbƑ6S5⺀ivuv lt*ĠH1rWߘw#ưRUāf YvXH0l&q$OBh~D=fgarW>s|-Frm ԌȠx#˄-dr J^~JF8x=ʹKx6t.IB9dp1t PcXp a M§!`82yUtryx%ss68ysŜ9bW`L\:f!0t %fc檗3wNdsX6Ŏs(Z%4䰔v8%6͖+;!T0)qKdn36mҡ o=*2X\-z۩O)ҏNe˩:jN]~iaE>ӚJUNm;, h7VӇB枧/P[)k p&,X̷b)oojkv| 7]ha'*@ߍ8Wa]8£8ʻq0ߋ~yī<7>x7ߏV{d!fKbVaQ˶cPz 퐰SBjp %&M؋!d W4Ҁ jtϳJǚ!D[T}sXv_qW `Rppy"qXͧ)CUS@b #TG?Z867t $DƼ|@+p`zFQz+aSj ^0-ygI.:h0'8OiB~^Ж\lm]t-R!ͅ&墦6]Haw;^/c_8cQϛ"PXd<ݿOY܄3xŏWшQ+>֌xf0G>Dt&9qI?0%6сGڇ ǴغMf}xO)bPbYRʺckjEW4rlkYT%qTGU;e8+ RZ Mg8KYU¡Clb *C|\ o\k(j)[5Wng*(n;J4x27p4b\aQKSW,۴HUK' aeхuYЇw%#+hKAc|14Uѭp*Ƒ6Ù-}[תBN (3 hR(HCY`8wPbI]¢+ T[W"c܊ EP0%n1 d* NDٺe &*`HC;&@&td*M$3ىtb\ GB"1 mM*υ`4|zQ%ҎE 5NW8elEj^{ $uhb2\EfMvZԝn$s F?[%*ZBֹo2)0urSBTJ0hV1#*~ 䎥yQ,]2j*Azj.t Ux+0 3/߇&!Gt2 L0,.$){7p!7k@f6gXCs?ptp-hX @`n݃G XuXC_'ږ'zzn j[p< 1tbnD^^/2/UdO6i\4- Цچ^iZ$fw~yq#_qg ~g.Xt:=g~wv__ Aaф`4MFҋe!я?qg1$#Űwɸۋ#rTQzL=^}Cŀ纘{#C`^d8!N )yTAKaihhid-k8dzi2zB)kv2xRFi&6_k"zfYkÍEb eԸQsD6B ҒCAg(êO*?q*ml!o2GvQ3 Ad<@ɕQ"Ta6fs]@ XVE+M+"'ǒA`G\ab"В}40֦x*>88C# G-_*SxX# c2WRhR(eaaTrt$A4<3"5O3W$NO깜0,馡ahFzZvфF SŜgCؑ8ai^."fQlcAE2^ 5ҥM2EeKRbPu{ExMxCƛ 7,>K '*T}H@4;xZIaDF grȩ-}RɰɎ?[Zov" aѬ|°ɱ3C%)nRIengd[SdɌ8-"W?.j"-+*TxQ(?2wҋES2hR7O{>Xmה|R*pd#j#T5n[+$ ;#Uv3,p4. 9N:diJ昢" -m5\ٶA YkUMɍ2Ks% iiSD^23K[ m7qf|I5]%=͓amd5](QaMTZ51t:JF ^/t鹆tI|sp'N $@|E4IIaVaA#8Po gwY1@K r-`) 60ܠ@Q\guM<{\.HN4df#N76TX#U[M jxNV. 3ךQX‰jix,+z55}P1- 9erп/pL_b`pEMΩF][ gc6lLSڑ@z[]멜Ve,p\Ræ`cc)/Uyݵe&=cW][YU];jfTlg|۰h «lkx]6]挺J{1amTa3tb6e`v  6d9ǝ89=ͭM)h ظ`X;eB}'ĭrfyyb+6WwK\{ b}1q09<*oj3W'2ԉP`_ >_5͆w:&#,[UQ+DVrjbY؆O@Q~両.Ozi^Ug)>uϞ.$26"wg5W@S̃rb 粼K|Ź -F$Z&L?9%i?&r؛e 7|<@82 KB"!/sB<Ϸ_ 醹41ҿ࿼ {2p[la>!sr?;S1LL+]^NSRUШ^6G6S /[" V<!CfKȤ\ #5Sp<y9шvRAlnLKf=A* K\0(8~y\xWWf(5McdJ omV*f|U᰿c91ɞAR_?(YrwxsʳL>FH$ 9ʈ&v&{.|a _<N =ԿCn wic;(O92Cۆ>cҌ8I:]Ҥ " '(Fn+V^<QYdwb GQkc] Qt2yT£QCaOވqsc(&8ҳȣ(\^jI.ö8lS8܊69:=SAA09Ƥ4$+))&Cse=nxIJهD,keudˈ8rz#X}j'ȱOcY@&2Hgb=?x&tbxKtRNK*Y3qz-^؁܃|kqk,)e)+L[͐RRKDl@ wYPi6w ȧsP̲tT*G5j棉bN p9- jJj-t>VQQS:i1vVoO>Sw7~ ݇jCp؋HP'cz % لYO**а;ÅPVgNnګ'60C;LI'FAK+YJOBC`+7oypW=oWM(;-qeib)(:Dk)ky(VvZ W%Zt G)CΡ 0$YI%F}oO, xZ^܌N/D\%$d$[Mv) x1!/»Z0 ;d-b)B#bq8䡓1 )q X[9((D %䡍-N2&eL^17eWlqIx@hAgy`ڥ1aӲK֤1Xٌٝahe}nZٌɰfF#K"e YvKu11wE<[0i 9:J󪺂 {fVcbS62{ Aʂ1xs % hV } nmL WYi)ZZ9-+Ƈ܊I⠂[aݢeD@:K*d)c8>-8-LaU_&SZ:IGSt"9K&z ՜Am>SxH >34Rh,v(t=ZtJJi|x!df6[nVSdq9&pO=LO fTj ŰZfI+\Bԏ8㪸*%%^z֥uZd3:E6'EܴT-&ȰhkX,_4 ,OP=*;O嵒gÆ;Aªn1i^j“};̝BgxFZqCGۖvcUԔQ:(Sdj?!\Ы뙼Q1 ǪS,W!H{)>}h:Zy?4~y=<?a~xy>cE>>O>'%=p~?\W~FL3Hb`zSRr΃Hɳιp0/eS0-SnɸF< ˅_l¢ .ɝ/%,_q᫄NxF.d6fL;4r4-;o-ICEyz*4l3`Z)Ҁ+b*i ݧlHy2)hvZ⩌911cfW(P􂙷Xby2<#ФF+AxMG4sv*zvJR]<o+x/(8Gvd@h|hZH\W|W|vn.ScqMhHB=Mt=6rHEK ~fh@;cKܵp#ÃZBt[cl+ xL.ȄP/tyKZ%wjڰϪX6K.n?O\*x ?cȵ6ɬe3yU&L~UsxpU/+oVcX$׆6̘7Vݶ]58 5L8i0 ?O ke6ӵ%Nh'5}L$R-\k79\Bł2LN\̞785:sLrm_)&sxXpqn,ﬢWwOk0 fڌ7UmUV%_0s-{@w6.Cm2+F,˸$|ຜPħo7,ozM;PK>s.x'+`k_A(b37wV.boUV],E ^C0ZV.:&DIgENKG;qwϒ \TY.&4褭Q6 N PJgp~"O** F ' }B_(J"Qܙ*Mw7Q8ie6sXU95*ga9\.vBaW8Q ViQy,;g B1Ɠdr!OQxJt>3ϴqJ\pDRaƳch*[s#V疈3qzCaݹJt zj=A+|bBDToQ?b3hQV;X?&/m`M ް+ һ3i*O5ҝ!  |mφt^w^aDgI<+a=o,GĂƧtSFLMcD (VLil`|(Ӳ Ա?RI[h, ~#. )j}(KfÛ^}pit;iף5/f*=&htbdޘᗭg/t1l]Fzu)=jƗg/_Wj|_zy\nk|?E|o?a747f mݡP,KRY?yoj~0oY5 ߪwm vIhF4UHf֔=fdl W p8K{{5CNH__+W5*5z~4rVluhG, vG{yw vե25 ^)"}|FS' 4d|W :I-Dڐ|0V #Z(#ްL܍<ٞz$P0oEABtY#[vz~izZ@/PARz!ӔAjouUz [T^U ӜĊ7g 4P?!c2Dbzxun*jn',FY n ё-Ȭ){j]6`&T!ȷt\oJj?)3NJB\bg?@iR+a+AyTJA~ VBj\KffVa[G0%X 7}>=ըDSu)M]nMILfhn4>ďK^xB')d\?#YvэI_a8U5 LESҢFY~N_J"3eP,3b'HyW5? R_T32,nRD0_5~EP$TTT/ualMULIr7#遲n)\TZꮮj*_]jaY*WCcSe{ki\ Ư bzoC72_Nқok ]S1Xнǣ7Ib2> kF=j b# vOYouaD*BQqVHYRz'!JT0*3l㘉e/(kpIs30h6OmT\ס /# RO'uFP,2DN^yWkJhAuyu.zn co`3gy|>cܢK7Ou+G~g ~!Ȇ D*xO$!siMiJ :|X*X,PMC[{\ qn@hș 4R3X ud&ac~ @A~.ؿJQtgL e8X R3I*1dfK3B9€{n4fv)| K쓾)eӺ^ҋwVWFuhomBithyڢ2\ :Őz^xY!hof~)MYXJlӴY*A$EC5>OG;QrL&0ʇ#e VD+5dҐa'`CDGaz'Ito2YDS̥#paոD$NHc WKH)W`if $"LD<'\ }yN 5ZbO+,0݇NXkD}^8SjrH$YMHP0@Sh$TQH/:ϷOqosh17>d/e އA;qͣ,\\`^ѻn0f..Rʬ9ɐ"c=dk좜2vM8VnҘn+i((q쥼2ًj' Pϗ`DF$8h];SGٽ:M]G#=4ȡtј2[IcwC!=\N+i"'5jZCgFex6Эt6=LN6z6=XTR=B*n L' ;? ߆ꌻ%YqQk;i-&4wD./ʇاv4M]t~a+CqC3qJ{ahQ bqGchMT\; L31mf@[hK;&P~eAB] 텦 u faŕ,V.J ܥ (40N[l6;3K'`rIFsW`2JS]EsjP_ #&Kxh}f + ~(BD"=ȾN XfF`2<6M6졅++QbŻhJ5Ր!Sl(H'Ǎz"HxQoQ]\wCGauku/;0yzjfG"RD2CnpUFԲ>z3 7 ΖY3\ JXĴ*عK,})wӲ,Z[z0*1_1 y4RIuheUwXeRt+eن`F\[ȎɍNjLu ,۝%M~Ecj6(k0$^[;܍{1Q0$d !sh"q!s,0y?ø?O}Y#_er?q}{{o?vx{<]bIjKOz9W-)(}ȝ'rwКM}?# c$ʿb+xwԧπρ#H_CtY>[X lIår9粛5^Cy5[yŤƖD}d{ (9 ) xSE=?py]t~'}kw&GuKpgY.52d,#d܁ 6 h ę, Lq+8cfS,0yr b3l{fE23 s#Y#A BttA|V X71,E )pϠ8AeLԓ2Pw1,B@+@Nƥ,\UܶM[NR)m@N4%I[*ee2dޛҀ /( (EW w q_A\?Y$3Ʉ|ͽ{{;CBMC\i ȀAvΫuhBOwĠf Pp!b ^g9p  .R `Ep!rxWo-:\[ x\5 k5VxyCD{4Qr}:|@Cʽs#|i7 p' [n ^CܧL 2ijiF<ã{|{5_4x'͗yLU>t]ƽu a8 [<]|[h]C\{:|r# ~l$񗹴L;4&ERkGnxŕ4Ln3Вg K4G:=ߍ:vhfdNd8u~>L;&EehS3}5a{B w؇DN[Na:/g^ tC[Rir@!mf>IeMhL@{{pLK\_\V84xVr^Ը4T7Ne^!)ȄA鐊tޤY÷hx%y0R#q+륈j2vujF^T`D ߪ@4QHWGD9iisp6]I4Jëd}vΉ[d`9Sqk/Q 0njx· N)8Sx^|˶H6 #g]W; r7,F`w{=kED^E%ޕaٍx͍ K*јJ MNx{Da/U-Ѓe!oXaE::ۨ :"M|=HHg *3\1u3tZe%pK4eR!(ޢ`qhM:Ӗ= Nӱdffx o+~Y1l(ޮhv2I,)3lÙ6í޻F$E»-ؙCv:O£ vަ~|@$3}R0>g~?G.O }S%2>+x5]DJo WX_HH! kصuW֞>5RuƱpo2'~DW PQ-Y3>D$mL2ftz8zT|'ٽx*k,)pc!q:>TDOi?cxruQ/guQs/4L)d`n˥ ^7qlQn~ b8w{lY;{ErDRoY-VhV[w{'MYGkPG?__A, Ua;bEÿ8[U~ Ey|we >|X3"h=˹g47?LhOS4ʌM2%? _aEMILfE!!Lq—P$1% ;Nv4ˋA͍ VJ)AGtsim4+/@]s^*mus+ŶR%JjRW`JNǕ4\R)9]Prl,%g9 8qA+ir|M.Pr\b\4s>-f9n4؇S$7jztZJ)Q%L1J+u+߰R֌ e>҅%je ?Bi b^heXZ:;e3rEJ.V-l2}ْJ/Wh*[>Ƿk䘂>HJ-L2d>FjbSUr y7k:%[/OHܠFAH*DnO̽Sw*Nfrܛ<ΐgR++Uޮ^R;yij2oj') `5mUE$!%5٩ Yr&c|ir][Gɝ& 9]?dWl٫d:J*ʼk] pLy%wQ8"w#ە<99Oq8n(*j%ϕ4%Meot$K4vuF jgn htA&%ɤ Sd8Ľ47eɬIr+jȖT P%w )u$$ 6i0T>q 1pZQB"| |:v5MJvF*ǯ39sᔄ5Kd Aogw[z{zjm29#eVn $vz.rmgL`5`uUƄ+3XrCF>0#aw԰6ilc\i6Iy):a~a(? 4BVƚ"5i$0%y`kOW,m=+ɤ'厝}XG9kȡڵ!2.\Ve\ȑH[P^-~Ȃ A ؒuSt2qۦڌhy/,((R4lO:vX2]h1Ѧ/(tF*o4:wpT:vGY $>ݿɢZr->y`عlFCF<;e6pд8tnBt9z;V=gŪQ.ZfZS9(hK. Qڐl+z3ӒC +pczHTD!p,8c6>D$f͏*!Yzm1_Pj_FT?5>g.̛ g^2ySɁ iES@*_H`W扶(²&)ّZQV4Se#Q++W UN>0Ѯ֝hD̫)f$9`.줧7c0zT//^*_p,Bi/w$δỤӑܹ䓺˂^?8h1W$] uZܙ 0!XXMX!/+_,4UQکT6P !Lʦ͸uvrFvIczbUF_@T]kaj>ӈAyckri,:;& SDɗLP8TM$x|+15LχPr}$6eaj9-}\{?6v".KTt99.)͜F~^V 9_D3SkB+<-"{?TY-FקZJ,oDepP=#6k'NfWhX|m tU' K_FʾpV2ic-eEwq"krY}H} ~8?RgPn)yZ\EfgSZ.amfmxӜȶJS:\TI*D%9J %3겾i /hO[՝Dgoe 6A츟#.2_?UAU;T>3wU3ǿॕ=L]咜/űEdM<"YCǒbN#sumj#**@ee,YYa4vw6~@Ί۷#Eۍ7qkȘS \ hРR^cZ5;SKM;1*(Z,D+Kg S|Hb 7>p9ɛ](&MW?erq"Rh/oJ#8"Ԯҟ-G4|D#4-/A̝ZW{Ŵ{|qPwO8Qu¢m1")V!V!XK_h4X4CIY.O am+fC0th!lX_A0|=+fVXhl/X@k^# ~4xS)>Zh;{Q1Ŝk;`s]c6*oX>{q+ȢU/;{:vADL:,i6C@6, n(DQD ET`'mdqcAAdQqAe5s~'q}z]}ׇ>Yg4rw%wҀ>}>lGø)H]1c8H838^`6c1qSRGMgI;m {[Ҿ%Q 1~\FYB ;'BKue锣=FL ShPq%cѢ5fZd>88'}|Zx*( 퀦D⠥rslۯVVe spAGۯS9BQܕ˫@]J\  J46 W nр; eHBPJ%VcN4*rk\/#hVMcŒlzR :0(l';()%ܰM)vbCTBs u0D-o0_Em7*((\LeƇ%-S\'` y8w Zz}U9h V ̸hܬCIWIc *h7^#1z~ŵ*IWYU5Nx$#i/{!A,FW> ,cr\i`51>zcÍx>*Zzzy xk6s_[)݂.{>!>N>v| H"vKHeBzc 72h|'Lŏ2 ?@}xZ|*IU$]5j'UUiJ%Kj42h23Bрaǒ.ո,H\%:"W3fKŇ%]o'g?3?S̷ݒnٵEn#ؒMNQ8KzEh95$RĤ id-5lek0YKoV M0N0+5+W\-:qk썃Yƾ;s*=щN֪p0%7:uS' ˶}w5-QB.o$ERk s^`ee0ci ,f,-|Y%Et@)1T:a8IgtMSL&=Hzi郕52G Q)w22GJI.# sW-<5 iWʽD?Fhp(?QLYtC3e #gXnZ9S ]YYIh04$84f+Ac"hBB.24L/$8YoI>*[o ,8t :vF9,*YY`yuEMkIk̗̎B> 1{jS-QʫwQQBr"b]J<;xʣNT'y,<.I32J\Y ck<\GX I$#t_&14d>9q}88DHH&LB TxviZ.kQB*/ITz% ʗ|ЉgyVUWyp˄V4[Ktn&^@5=1^6 iհ vl[1XjV8q\nGiu ?e5zMTZ3wTn @"&'Q4*r-:: :&ɛx@6al6Ql MɬelWd\>Sʧ\sL=r#I<"v@RE $A"q96aEԬ%<߷RFB,Hz5+<{&ׯje"UtpNkwv偸|kD)-^׽7LP>Soer#NtI*!i#t.\iw^=n] )vFVW)1|^vm4Is;vj)U]+Yxf.dav at;]03c o:]r~;KۯwP$ı35ΐoP#~6A1D~9&QL㸟a<˕( ;TTT^%J!*Pi213c'M-IGIQdj,US#|Xknrz|Wɧb>ky3|W?s%Cu3h~Lt)\/`CU8@_%Dª64M}}[>Nx.ctZ*@xmP4an2 BҦ>4CbQTM>@`|i{{I̿<0yQ?MIf^MJLޜ5K!^IIwSQbNۆ?Nmvr֪*YK$[4Yb/׸.$T4s֣VlDh#H3vʚF٥4g.evDw:׷ poBx,uWxw .v@'| zQ/mʪmgX*.#NoRNSI??o/JbG)S*lQbq>Vbyq+L]T)4ҲH|D\Dtq&dl$uI _qT/@ǞDb`WjYOZ 'wvextiK0y x=ܓt- ],X&UWq"28N5+A ?'2%ҍNwLVD;ٹy>25şs%Ja0X[< WFԔ[ٕO@eZ_o |Ů+14/ݩ??Xh&[mB]HAkjo?Nv<p92|5 h;||;R`S&-]Fu=P v 8}SjόCR?9dv@ G0`(I:9d+稔q=&g} _Z[k~QCx+mē3&d Y̎3&WgFx03stEBgm6Ȼ1EkvrWb=%H1(y|Q,XD[{Zǵ“TˍUS-WS޽X`M\=+jEUftXXh?8xpkx%i^r!$MBuN \J_Nԇ0_@ AUUQFTՕ6H]Y_&%},h=LcgUH7)qO$!a⊒DMu26חzH<߽(vgv2=\ ~ xXA\x( ұH4d cns)g7C㒈܈|:ōcD ws3E55rciR:(.q.A7fhC_ a-]װd1B`gO1R DG5b#%#+QzC;9zN6`Q&OiQ:_;hY. >5Y԰1^U=} لMU٠T`~4@d) "䤹.rM3Uygcp%m9n*vYZj [4`uz/Yc񁒋]XJF)Mp%d9Fu(d3y6uқr`UNJGZOv6BhčTzm/U1~l?mr $b08Md4ʵG~pSCAHk-PQX/zcyL`rzkvC-X}8u 63FQe,k]t='=Ӣ[smufvjE${W -2kOnIe8pvs%.//z,9,n ߍCE s XGs4!y]dXq❬Boo5ي´HFSq%c ۘȸ4WZ)hx Gor٣^&XK>˗S%Pq"m7i\mLeoRvJ0x>nr9M)Ϝe]?_YD}B֯-bh~"<[: 0Vn,"2[sV6؆RWwgb0PAcbLkpj'D&oiDKB.ٔR(Twrܖ\r,QV'&6U-hjJW 9d•w]s0-IW sIT Xv*GvgD,}-> WSi`z>u 9LF(eO韙e^-^x D4<&'Q9 %(tT&7R٠RO;3" $S=Iob*5 ?t|$otTFiaIh bb;J:ق>P#q,!HԯG. Dz7yV"^;gK&1=gh ESF%q䬱؝0"RH5`7g\t>QGmdI%a o|SQP0Od-'Yu n0zd0Y"Ǜ 1{q1z{2ueق%_ Eu}1uezg`\@+mr$oP[^vQAM:T?UlаD5|dAO S[*NKîh!9MzMdVzQzPZNX:ԵߴނXyjHE bNAךP:f$@M TŽW([UGO8)q)Hh̦l. TAṽ?4[`0QVh݈~C^&lE5K!p0@X"|z_K7__ 'G ffE/k._ʹ)ڄ}؎=:eyk^+o711Zb ۉ$xah~JJvIudkza9[/Q2S?53(bW-t|TC84L'H,JSj6c8sOyZ1n B*/< 窊%Oể3AN28}N큈EDOH+XDjk`[s<2ޏacU&{FuYh["\mL[|$䢼44:@+_DZYAyԩVJ@XC{$ٸ6 /7%mpF FX$XDn2ũa|XmdȜ$ְM@advz>h6:TVߛ U %˜OPj.E"Hy,JV5Z舣)g4%CJ%oC=sK6 _ڳgZ(_.kZS44.Zp\MD|^Q(;a2H!^zr{BqFY\KKSPd<{A)!X\H`RhEΡErPW ӥ߈bÃ$2RCgFKG%!) a5}s$7lP!Uġ̕GuTS m9w%^c*-=C-ބXr1iG8g>ZE-qyp!{q'ة2pu`=y2+76f=b2">[(IZ$mwYO%d[ㄆ2mOt|Tѹ(_*}19|`v}_72R$v$Id)J ~eK A}1 0.i1 4)!1I *h[ _ւ\DuZC)*K.K[v3nk6 Al*KA~&vUdy6eި"g j-j<\zG0cmlsm</.-՗ruPfNp&{ ;Tl ЉBSp.6'8^SH6%{Zi@X)k\3 :*QFZ ZyQ܎U;Mr@})k0['`E@i=0͐Π0G+p`@l mx&y.]ٸ vA}vt"# ^^-'tCKs;Lm^*gYD2BѬ+v ^'jۣ8X$ܛn9XXEazrʹr4e]WUσƯ!LMi=!TGxeY'(u5 q}JaS500*xFb]RU$ 93B4,\ ThĿix8vO~+(QidA^o4szGM  aL@*k 4y!i {_A_-ڷOv]-P3bq_C0Y.J!#y{fCBeeUB%!]lPE$;6@U<3 q#`,@K(F!}$$QNܛޥŨ:y?*W$t)<'MD7Cн>~)D%:ݞb4X,#YA :30RgoŽ3_a**fVV u݇֔~.|Y)<ۿuS``AR/N^'e)yWJ>&o.Fs')ҞShǮw UDSqHW$eGVMt?Pq-{z`l.B_sB~IQMuVi {IWBʙg鈗dϯ'd['0| m ; nޞ݆$e7䑆 s$~75_~Aiq$@szOkYujF"ȼ&Î=XCoȟg:"sB@%0^Gm<{* }^@8i{JkPʈztOw,;)bJ|!f ]~?f ĦYʦ&R4j!4Qi1YX,Ci%*o\1߆Nu|,'l&rS4$*.j .et` I FT('zVq2CБ@ X"a<'85^ut17J2K2+iIvZ-Ŧ^ڢHa z$fkdgS/IYU[Tm;2SK !wXwύPoOU ݒYD4: 1ԇEBsv^ *|ĥΟuٱr՝~(j/(?jk;(uӜL4O!B2yymȃP:c2> dͤń-O/fk9n唒7U;G2bKBRe@0@yzN/ʯ>g X?4'6n&`N}.8T/uבqc78+ș Eͱ7}r隬o9u[(/|9O_P: >&˝ypAyx]7ф=yԘd6Td`` N959Ց)C_ ,nRmdVsB[$+n=L'7%|mloй%`Zr *}PWø!{%nmG|xZ=7&(^aˉ.L)1zCtkqej[97eF\]^`8" B5zF%g4-b ds?]}ěz>&ţJO6Phq7= ^VL [Da:a+~Gv/7tߠCwy8G!FSU8fbW3$P -*V8G27 a1^IK̓ԂzenMgqUfGH["&9 р1A BKeDZ.zdk,溺j64Q*tx J)ȶ}߅>xYx%ֻT8ZlOۙ@C]=4nXd#ngD ǘC !G~q=B=DVB5wl_e !?Z4|]+DYi2=Iٟ^RNH6H{.g:a@̴ڰWk\e7]%BvU:9ggnۉ0"5,I'YX°ZkfT5̣Rˠ&E3xV)"2ok~CF~~rpV@B &D60"R3[ɛ6L8) f00 fv?ryY:H/NSLOJBϭv<{U& ˿#鶶qdQMv6vK %h5Gl8!rڃhtG*)קSW^ 2l>dTBC^34b}[Ȥ:HuںbP:;frxJQb"^2*R}8{ERVY{ju$},U2G޷nx zV|g*%Wh[$*狄(aQ%}!U%@wupbO,'Z"c15wB4КjeV ]UcyMc|@B[닑_`?>RDjfM=Ì/^D w%I!-X,6➐rQc`C0BHֻ.NX[$;I_˄iVh$e&  '(HLyS c\JⶊZ|ފ+GB,r(ʴC5e}hs'$*޾FYgRBHHKUPNNB/vSE&i'#PDb#6kGIN]O;!Kw VlY3z!3Vese:G0_Q1U}: V1DtoT 8R9_rTT+\ >q_6?0M䎁 BMX87rcOݗ&1lplԨ>W+sr[7D]@)1E(j[_y o ]Z9[`jH }L}8;лfȤha(nqWFu?)c@G/$.]4(T&ۘ19b~,vq|>t{Y* pkP?''6" # t|nil r3'1 M-iAh[Q5'[(U.֓bFkHIۃLeȨΉ8 A2LKb])?SVDCC!"dduP c~48".pn#0bvWSੀțhÒ >MR*lWPT}0 tVf顺Bj[Gq*HG͢&nnǍڥ}). 1Bms7' 6?{8 lV_|gW7lKXhv:+8ؠ^t# sWyT.: u"#+$ǫYqx:yا>d)^2FggNܪ-D!׊823baMQ Ѝ}g9__y,'j(S)66z"{t>,}'z@ +722Bzr l ~ц!,\[se @ H_ S$JF,}lj K"hF_Vk`yXňWeԃUXWUtuK%1gP269& R3•> ͱ!R &wf:: ݰ*L獚p qך{fdD³R-Q i̝.o#eV^Tm90蔘'HiJ#l=Mmf}W 5VJ9Y$z~~<cz/'߈e<-G"o&duq+4BTN?\gyY5YѴ*s-7'$ nɉ!MŮ8Ya// 宇n: Eѐ `!E5HO3 ;,XPҺi!}(lfŽOlr,B*+Z>KW+|dž"48tzK;c]^}+}6 unZJoKX趣<>ZBm{YH&i z3 z#8Z؃oUQYeJLHҵՅY]&,~/-7{=YU$b8`"@S¹iq{@>,-k9NZ|pNs|)NՋ4PҴ-s6r6S4 Կ8FMI9`dCK4_`dQV{(f[ozߓ[W!8{NC.:T{2FguYBMiM<41B)8&`"leN&npZjm/2KI&`33}3H|B0WZ| 8*9+IaѤzQI5[K¶9Do.)o+#-ejXMPۇM+@}bzӟqNt La:p\<Uʬ%kF` wS1>|SګnU*UձkbN"lG {A]2لq D+ n5Q{߰|p!?DRG +3?FxuCDŌ)^Ղ܅w)Id!~}NW) u;۶A(,I?Mh+f^A)Ev5UPj>iQ E7Fb'`8x>~/5kq3o¼?K.q&/׽od[|sQBs_R>E*"տOEHdD[IR뀇\)(UKt5z̗+uLu6:h,LL;~8u0WP> Odfe]_7bop'fAi" |;9}YnɈ@ SJͤ4%`Ҡ5-VQ^I*o鴊@.8c&O`RN,.0in_^Y_Af:Nor4Դ>=!k2*a+3Ҥ% YZ