í«îÛ    openCryptoki-3.17.0-150400.4.8.1                                                    Ž­è         <   >     ,     è            ê          ì          •”‰ cäÎ6p¯ž9Û|‚¦8ý“d?ÿÚÈ•
Jš×èrxº’ð'Ž×sKçàæB¼>:ºˆôiGÚÄ:nòh¼¯¤)ãôÇ°*·o5èö6=/q^’’LöÔ6{r”MwµXNJÙ:Ì?¨*¨^	B¶›PîW¢lW’(ò&ƒk±^˜£‘…Š°1r‚~½šG†á¸òYÊœS”Ô¨ÏÀÁÄ$;éÃ¥ù¸§â5iuª.'ùŸVÊD­\§[Ó¨!òÜé§It{Y	%’ 1õf1Ç5òqCÈÎãþÿ˜›Çw¿¢lY²êûLÛ[ÓÏÅ7<òV¶Ï>@Øù¬!ˆ‹©$€‚á@ŸÖuåïT\HP6ê&Ç%ƒ² •‹C   >   ÿÿÿÀ       Ž­è       F  }¤   ?     }”      d            è           é           ê           ì   	   #     í   	   p     î     l     ï     p     ñ     x     ò     |     ó     •     ö     ¶     ÷     ¾     ø   	  Ô     ü     ê     ý          þ          ÿ     $           ñ          
Õ          Ü          T   '       ð   '  	     >   '  
     Œ   '       (   '       O   '       €   '          '       ß   '       °          Ü   '       x          °   $       @   $        j   $  (      ¹     8      À   .  9     !x   .  :     $S   .  =     n	     >     n     ?     n     @     n!     F     n)     G     n<   '  H     nØ   '  I     ot   '  X     oœ     Y     o¨     \     oä   '  ]     p€   '  ^     rÂ     b     t     c     t½     d     uD     e     uI     f     uL     l     uN     u     u`   '  v     uü     w     {(   '  x     {Ä   '  y     |`   5  z     }4     “     }D     Æ     }H     ä     }N     å     }   C openCryptoki 3.17.0 150400.4.8.1 An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware The PKCS#11 version 2.11 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).   cäÎ6sheep71  ÞSUSE Linux Enterprise 15 SUSE LLC <https://www.suse.com/> CPL-1.0 https://www.suse.com/ Productivity/Security https://github.com/opencryptoki/opencryptoki linux x86_64 
if [ -x /usr/bin/systemctl ]; then							
	test -n "$FIRST_ARG" || FIRST_ARG="$1"						
	[ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || :	
											
	for service in pkcsslotd.service ; do							
		sysv_service=${service%.*}						
											
		if [ ! -e /usr/lib/systemd/system/$service ] &&				
		   [ ! -e /etc/init.d/$sysv_service ]; then				
			mkdir -p /run/systemd/rpm/needs-preset				
			touch /run/systemd/rpm/needs-preset/$service			
			      								
		elif [ -e /etc/init.d/$sysv_service ] &&				
		     [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then		
			/usr/sbin/systemd-sysv-convert --save $sysv_service || :	
			mkdir -p /run/systemd/rpm/needs-sysv-convert			
			touch /run/systemd/rpm/needs-sysv-convert/$service		
		fi									
	done										
fi											

# autobuild:/work/cd/lib/misc/group
# openCryptoki    pkcs11:x:64:
/usr/sbin/groupadd -g 64 -r pkcs11 2>/dev/null || true
/usr/sbin/usermod -a -G pkcs11 root # Symlink from /var/lib/opencryptoki to /etc/pkcs11
if [ ! -L /etc/pkcs11 ] ; then
	if [ -e /etc/pkcs11/pk_config_data ] ; then
		mv /etc/pkcs11/* /var/lib/opencryptoki
		cd /etc && rm -rf pkcs11 && \
			ln -sf /var/lib/opencryptoki pkcs11
	fi
fi
/sbin/ldconfig

[ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && 
	/usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/opencryptoki.conf || : 


if [ -x /usr/bin/systemctl ]; then							
	test -n "$FIRST_ARG" || FIRST_ARG="$1"						
	[ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || :	
											
	if [ "$YAST_IS_RUNNING" != "instsys" ]; then					
		/usr/bin/systemctl daemon-reload || :					
	fi										
	for service in pkcsslotd.service ; do							
		sysv_service=${service%.*}						
											
		if [ -e /run/systemd/rpm/needs-preset/$service ]; then			
			/usr/bin/systemctl preset $service || :				
			rm "/run/systemd/rpm/needs-preset/$service" || :		
			      								
		elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then		
			/usr/sbin/systemd-sysv-convert --apply $sysv_service || :	
			rm "/run/systemd/rpm/needs-sysv-convert/$service" || :		
			touch /var/lib/systemd/migrated/$sysv_service || :		
		fi									
	done										
fi 
test -n "$FIRST_ARG" || FIRST_ARG="$1"							
if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then				
	# Package removal, not upgrade							
	/usr/bin/systemctl --no-reload disable pkcsslotd.service || :				
	(
		test "$YAST_IS_RUNNING" = instsys && exit 0
		test -f /etc/sysconfig/services -a \
		     -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services
		test "$DISABLE_STOP_ON_REMOVAL" = yes -o \
		     "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0
		/usr/bin/systemctl stop pkcsslotd.service
	) || : 		
fi if [ -L /etc/pkcs11 ] ; then
	rm /etc/pkcs11
fi

test -n "$FIRST_ARG" || FIRST_ARG="$1"							

if [ $1 -eq 0 ]; then									
	# Package removal								
	for service in pkcsslotd.service ; do							
		sysv_service="${service%.*}"						
		rm "/var/lib/systemd/migrated/$sysv_service" || :			
	done										
fi											
if [ -x /usr/bin/systemctl ]; then							
	/usr/bin/systemctl daemon-reload || :						
fi											

if [ "$FIRST_ARG" -ge 1 ]; then								
	# Package upgrade, not uninstall						
	if [ -x /usr/bin/systemctl ]; then						
		(
			test "$YAST_IS_RUNNING" = instsys && exit 0
			test -f /etc/sysconfig/services -a \
			     -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services
			test "$DISABLE_RESTART_ON_UPDATE" = yes -o \
			     "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0
			/usr/bin/systemctl try-restart pkcsslotd.service
		) || : 	
	fi										
fi          «  H   ô   ö         zè  Û ð q  m`         <  #E  t  +Å    °  •  Ù ä  ‡™  ¦  
Ç  f  Þ  ”  ­  ì  ¥                          Aí¤ ¤¤AíAíííííí¡ÿAí¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤AíAøAøAøAøAø                                                                              cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ4cäÎ4cäÎ4cäÎ4cäÎ4cäÎ5cäÎ5afÌqafÌqcäÎ2afÌqafÌqafÌqafÌqafÌqcäÎafÌqafÌqcäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3cäÎ3 98280bc9001d0d68ca55a7899331984c50b00f014e77e5e0f0e63dfb89af32df 6fec92dba11cc3cea7cc80f158af4aaec647ab7acc919a6a7bc310dfaf27310e eeb703d64d788c0b59436f118bdce9daaf271e5d6fd1494061c36b8d80d61c62 5fd7fc308cf962bcb684d6cdc5beea6a73292672928a0f42501747ee9437fd53   67692fb65feeffa90f781949793c5e2b8685ce0fe0f64762f94d362cf81a85fd 196a9b39021eec429e56ea1b06c5972750ebca9dbb05e3be1b364c3d5d4023bb ca9ba2d9b86d01e1e75d4359efcf57122b0cce9a95b2addf59978933be766b9e 45dcdbeda07cf4fd94f55e70eb25cbcf67b51b1968c137fd70833ed2585f1100 b43f29c785a1cea87b7d3062de34b3c8c43de7d1fc9795cdbb0724f7ccf8c481   029ef5db4494260773e0c79258a72ce924616c594fcf8f5041b49627eba9bb09 9631c9b59e8e32a6c472980ede85dbeafa9e3fc0a85b5767f8bba03a5753ce29 302d4d0705ee4d21eeddecd0976ed9fa2968fb5c8ac8926053fcebd89d2148b3 f45fb846c91c67aaca4ec8b16895cc4e866bdab6aeec4590fab7dff38bf24769 56c19832040e616229fccab7722cc257701f49491bfdbcc148fe7a337c78a3be b523efde58ab48bf9296de1d6e653df25e5ece6c46cefc5e784bee35229293cb abdea5371cc35022291b43ea4e71a443537dec87b190405e7824070c0840c294 59633e1eaf1f4f4ac317f76ecd9afc63c66519bd97d40f82154037368acea81a 6d8001cee4d5deabe400d23363f7e1aa5b958cb355fc6ffe87107ab5e51242a2 2d6df522305260b2df3067d99231f31a440ddea5d4d28ae5d20b1da2ec01a41e cb1d7d3dda05f44d0effbaa1a6d2c9da5242fb4a707ea0caf6f6625bb66f3dea efbbf29e7d1b9060c15895fb4b1e7e3be658f36ea323e41f88ac877f58cb5589 1765e922966b1a9b7a795558db0f752a99bbbf6077f54e4c8fecdbc82e40e65d dcb114c9b0ca6dde4de887ab436fedc50761e72689cc1864fe364a52e905d63c 3fdae524c94c9f9cbe8d0d3b49620f048f0f8a4c5f34787dd42a3112721ff31e 19145addc0c486e65e67407733032a069ca4c966119328f9296a6b1e43acb305 6740ecb5a22e5af7419cf6c372faea9cf422d8b761440020070cd0ef76edce78 82b1bea34ea9fea8bcde4df504274b2c4d44afea1b283cba72101f9786ded778 aff282fedf24b5f7fa8a1c44dcfbf068d1af7470685002ec5012ceefe6a7481f                   service                                                                                                                                                                     root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root pkcs11 root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root pkcs11 pkcs11 pkcs11 pkcs11 pkcs11 pkcs11 openCryptoki-3.17.0-150400.4.8.1.src.rpm    ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿconfig(openCryptoki) openCryptoki openCryptoki(x86-64)          	              @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
  
  
  
            /bin/sh /bin/sh /bin/sh /bin/sh /usr/sbin/groupadd /usr/sbin/usermod config(openCryptoki) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.2)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libc.so.6(GLIBC_2.8)(64bit) libc.so.6(GLIBC_2.9)(64bit) libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) liblber-2.4.so.2()(64bit) libldap_r-2.4.so.2()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) librt.so.1()(64bit) librt.so.1(GLIBC_2.2.5)(64bit) rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz) systemd systemd systemd systemd       3.17.0-150400.4.8.1                      3.0.4-1 4.6.0-1 4.0-1 5.2-1     4.14.3 bóÀb˜¦@b;ÀaqV@aÒÀ`ÑÐÀ`È–@`+³À`²À`	lÀ_"À^!@]äüÀ]ÊžÀ]Ÿ@]nUÀ\f©À\&@[ÿÔÀ[î±@[í_ÀZÕáÀZ¢w@ZòÀY.°@Y£ÀXìÅ@XÏÄ@XªÚ@X~@X2@WÈ@W›E@WŽ@W•ÀW^ @WE“ÀW†@V<–@VqÀUÕÁ@UÓ@U#ÆÀU#ÆÀU#ÆÀT‘p@mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com kukuk@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com jengelh@inai.de mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com jjolly@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com mpost@suse.com jjolly@suse.com jjolly@suse.com jjolly@suse.com jjolly@suse.com crrodriguez@opensuse.org crrodriguez@opensuse.org crrodriguez@opensuse.org p.drouand@gmail.com - Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
  for bsc#1202106. One test of the gen_purpose test cases fails with
  C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token. - Made the following changes for bsc#1199862 "Please install
  p11sak_defined_attrs.conf."
  * Replaced ocki-3.11-remove-make-install-chgrp.patch with
    ocki-3.17-remove-make-install-chgrp.patch to remove the
    "-g pkcs11" parameter from the install command in the Makefile
  * Updated the spec file to include
    /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file
    with the necessary permissions and group ownership. - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM
  mechanism does not show up as supported by the EP11 token when an
  upgraded EP11 host library is used.
  * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
  * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch - Upgraded to version 3.17.0 (jsc#SLE-18326)
  + openCryptoki 3.17
  - tools: added function to list keys to p11sak
  - common: added support for OpenSSL 3.0
  - common: added support for event notifications
  - ICA: added SW fallbacks
  * openCryptoki 3.16
  - EP11: protected-key option
  - EP11: support attribute-bound keys
  - CCA: import and export of secure key objects
  - Bug fixes
- Removed the following obsolete patches:
  ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
  ocki-3.15.1-Fix-compiling-with-c.patch
  ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
  ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
  ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
  ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
  ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
  ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
  ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
  ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
  ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
  ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch - Added the following patches for bsc#1188879:
  * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
    When modifying opencryptoki.conf during token migration, put quotes
    around strings that contain spaces, e.g. for the slot description and
    manufacturer.
  * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
    When migrating a slot the opencryptoki.conf file is modified. If it
    contains slots that already contain the 'tokversion = x.y' keyword,
    this is accidentally removed when migrating another slot.
  * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
    Change the code to use the pid file that pkcsslotd creates, and check
    if the process with the pid contained in the pid file still exists and
    runs pkcsslotd.
  * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
    Always quote the value of 'description' and 'manufacturer'. Quote the
    value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
    never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'. - Added the following patches for bsc#1182726 " p11sak list-key segfault"
  * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
    Added NULL pointer to avoid double free() for the list-key and
    remove-key commands.
  * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
    Note that two hunks that were unrelated to fixing the running
    code were removed from this patch.
  * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch - Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
  When constructing an OpenSSL EC public or private key from PKCS#11
  attributes or ECDH public data, check that the key is valid, i.e. that
  the point is on the curve.
  (bsc#1185976) - Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
  (bsc#1182120)
  Fix pkcscca migration fails with usr/sb2 is not a valid slot ID
- Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
  (bsc#1182190)
  Fix a segmentation fault of the sess_opstate test on the Soft Token - Added the following patches for bsc#1179319
  * Fix compiling with C++:
    ocki-3.15.1-Fix-compiling-with-c.patch
  * Added error message handling for p11sak remove-key command.
    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch - Don't require pwdutils for build, dropped long ago and not needed - Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.1
  - Bug fixes
  * openCryptoki 3.15.0
  - common: conform to PKCS 11 3.0 Baseline Provider profile
  - Introduce new vendor defined interface named "Vendor IBM"
  - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
  - CCA: support key wrapping
  - SOFT: support ECC
  - p11sak tool: add remove-key command
  - Bug fixes
  * openCryptoki 3.14.0
  - EP11: Dilitium support stage 2
  - Common: Rework on process and thread locking
  - Common: Rework on btree and object locking
  - ICSF: minor fixes
  - TPM, ICA, ICSF: support multiple token instances
  - new tool p11sak
  * openCryptoki 3.13.0
  - EP11: Dilithium support
  - EP11: EdDSA support
  - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch - Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
  The EP11 token may fail to import an ECC public key. Function
  C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case. - Upgraded to version 3.12.1 (bsc#1157863)
  * Fix pkcsep11_migrate tool - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
  * Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch - Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card. - Upgraded to version 3.11.1 (Fate#327837)
  Bug fixes.
- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch - Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
  (bsc#1123988) - Do not ignore errors from groupadd. If groupadd fails,
  installation ought not to proceed because files would have the
  wrong ownership. - Don't hide error messages from the groupadd command. To eliminate
  a potentially common one, check to see if the pkcs11 group is
  already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
  the output from spec-cleaner. Removed a couple of obsolete lines.
- Removed obsolete check for whether systemd is in use or not. - Upgraded to version 3.11.0 (Fate#325685)
  * opencryptoki 3.11.0
    EP11 enhancements
    A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
  properly to 3.11, and renamed it to
  ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch - Upgraded to version 3.10.0 (Fate#325685)
  * opencryptoki 3.10.0
    Add support to ECC on ICA token and to common code.
    Add SHA224 support to SOFT token.
    Improve pkcsslotd logging.
    Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
    Fix tracing of session id.
    Fix and improve testcases.
    Fix spec file permission for log directory.
    Fix build warnings.
  * opencryptoki 3.9.0
    Fix token reinitialization
    Fix conditional man pages
    EP11 enhancements
    EP11 EC Key import
    Increase RSA max key length
    Fix broken links on documentation
    Define CK_FALSE and CK_TRUE macros
    Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
  entries for files under /var/lock/opencryptoki/ - Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  (bsc#1086678) - Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617) - Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
  * v3.8.2
    Update man pages.
    Improve ock_tests for parallel execution.
    Fix FindObjectsInit for hidden HW-feature.
    Fix to allow vendor defined hardware features.
    Fix unresolved symbols.
    Fix tracing.
    Code/project cleanup.
  * v3.8.1
    Fix TPM data-structure reset function.
    Fix error message when dlsym fails.
    Update configure.ac
    Update travis.
  * v3.8.0
    Multi token instance feature.
    Added possibility to run opencryptoki with transactional memory or locks
    (--enable-locks on configure step).
    Updated documentation.
    Fix segfault on ec_test.
    Bunch of small fixes. - Removed ARM architectures from the build list until gcc6 becomes
  available for SLES. (bsc#1039510). - Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
  - Update example spec file
  - Performance improvement. Moving from mutexes to transactional memory.
  - Add ECDSA SHA2 support for EP11 and CCA.
  - Fix declaration of inline functions.
  - Fix wrong testcase and ber en/decoding for integers.
  - Check for 'flex' and 'YACC' on configure.
  - EP11 config file rework.
  - Add enable-debug on travis build.
  - Add testcase for C_GetOperationState/C_SetOperationState.
  - Upgrade License to CPL-1.0
  - Ica token: fix openssh/ibmpkcs11 engine/libica crash.
  - Fix segfault and logic in hardware feature test.
  - Fix spelling of documentation and manuals.
  - Fix the retrieval of p from a generated rsa key.
  - Coverity scan fixes - incompatible pointer type and unused variables. - Added libica-tools to the BuildRequires due to repackaging of libica. - Modified the spec file
  - Changed libca3-devel BuildRequires to just libica-devel
  - Check for systemd in the 32bit postun scriptlet. - Upgraded to version 3.6.2 (fate#321451)
  - Support OpenSSL-1.1.
  - Add Travis CI support.
  - Update autotools scripts and documentation.
  - Fix SegFault when a invalid session handle is passed in
    SC_EncryptUpdate and SC_DecryptUpdate.
- Updated spec file to use libica3-devel instead of libica2-devel. - Upgraded to version 3.6.1 (fate#321451)
  - opencryptoki 3.6.1
  - Fix SOFT token implementation of digest functions.
  - Replace deprecated OpenSSL interfaces.
  - opencryptoki 3.6
  - Replace deprecated libica interfaces.
  - Performance improvement for ICA.
  - Improvement in documentation on system resources.
  - Improvement in testcases.
  - Added support for rc=8, reasoncode=2028 in icsf token.
  - Fix for session handle not set in session issue.
  - Multiple fixes for lock and log directories.
  - Downgraded a syslog error to warning.
  - Multiple fixes based on coverity scan results.
  - Added pkcs11 mapping for icsf reason code 72 for return code 8.
  - opencryptoki 3.5.1
  - Fix Illegal Intruction on pkcscca tool.
  - Removed the following obsolete patches:
  - ocki-3.5-sanity-checking.patch
  - ocki-3.5-icsf-reasoncode72-support.patch
  - ocki-3.5-downgrade-syslogerror.patch
  - ocki-3.5-icsf-sessionhandle-missing-fix.patch
  - ocki-3.5-icsf-reasoncode-2028-added.patch
  - ocki-3.5-added-NULLreturn-check.patch
  - ocki-3.5-create-missing-tpm-token-lock-directory.patch
  - ocki-3.5-fix-pkcscca-calls.patch - Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081) - Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867). - Added %doc FAQ to the spec file (bsc#991168). - Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
  (bsc#989602). - Added the following patches (bsc#986854)
  - ocki-3.5-icsf-reasoncode72-support.patch
  - ocki-3.5-icsf-coverity-memoryleakfix.patch
  - ocki-3.5-downgrade-syslogerror.patch
  - ocki-3.5-icsf-sessionhandle-missing-fix.patch
  - ocki-3.5-icsf-reasoncode-2028-added.patch
  - ocki-3.5-added-NULLreturn-check.patch - Added ocki-3.5-sanity-checking.patch (bsc#983496).
- Added %dir entry for %{_localstatedir}/log/opencryptoki/
  (bsc#983990) - Upgraded to openCryptoki 3.5 (bsc#978005).
  - Full Coverity scan fixes.
  - Fixes for compiler warnings.
  - Added support for C_GetObjectSize in icsf token.
  - Various bug fixes and memory leak fixes.
  - Removed global read permissions from token files
  - Added missing PKCS#11v2.2 constants.
  - Fix for symbol resolution issue seen in Fedora 22 and 23 for
    ep11 and cca tokens.
  - Improvements in socket read operation when a token comes up.
  - Replaced 32 bit CCA API declarations with latest header from
    version 5.0 libsculcca rpm. - Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
- Changed BuildRequires for openssl-devel to specify >= 1.0
  Contrary to what the README says, version 0.9.7 isn't
  sufficient.
- Removed the redundant DESTDIR= parameter from the %make_install
- Removed the following obsolete patches
  opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
    same place) Also reverted the changed to openCryptoki-tmp.conf to match.
  ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
  ocki-3.1-fix-implicit-decl.patch
  ocki-3.1-fix-init_d-path.patch
  ocki-3.1-fix-libica-link.patch
  ocki-3.2_01_fix-return-type-error.patch
  ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  ocki-3.2_05_icsf_ldap_handles.patch
  ocki-3.2_06_icsf_sign_verify.patch
- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
  ocki-3.1-remove-make-install-chgrp.patch - Get a new ldap handle for each session opened in the icsf token,
    once the user has authenticated. (bsc#953347,LTC#130078)
  - ocki-3.2_05_icsf_ldap_handles.patch
  - ocki-3.2_06_icsf_sign_verify.patch - Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  - Fixed two public key object inclusion in EP11 token (bsc#946808)
- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  - Fixed failure to import ECDSA because of lack of attribute (bsc#948114) - Fixed BuildRequires: libica2-devel
- Added ocki-3.2_01_fix-return-type-error.patch
- Changing doc/README.ep11_stdll to unix-style EOL
  - Added BuildRequires: dos2unix
- Removed globbing in %files and specified libraries to include (bsc#942162) - Updated to openCryptoki v3.2 (FATE#318240)
- Removed unnecessary patches:
  - ocki-3.1_01_ep11_makefile.patch
  - ocki-3.1_02_ep11_m_init.patch
  - ocki-3.1_03_ock_obj_mgr.patch
  - ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  - ocki-3.1_05_ep11_readme_update.patch
  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  - ocki-3.1_06_0005-Small-reworks.patch
  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  - ocki-3.1_07_0001-Man-page-corrections.patch
  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch - Also create parent directory /run/lock/opencryptoki in
  tmpfiles snippet if it does not exists. - spec: do not use -D__USE_BSD, a glibc-internal macro
  which no longer has any meaning. - spec: use %{_unitdir}  %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
  /run/lock instead of /var/lock. - Update to version 3.2
  +New pkcscca tool. Currently it assists in migrating cca private token
  objects from opencryptoki version 2 to the clear key encryption method
  used in opencryptoki version 3. Includes a manpage for pkcscca tool.
  Changes to README.cca_stdll to assist in using the CCA token and
  migrating the private token objects.
  + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
  + Various bugfixes.
  + New testcases for various crypto algorithms.
- Only depend on insserv if builded with sysvinit support
- Remove obsolete patches; merged on upstream release
  + ocki-3.1_01_ep11_makefile.patch
  + ocki-3.1_02_ep11_m_init.patch
  + ocki-3.1_03_ock_obj_mgr.patch
  + ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  + ocki-3.1_05_ep11_readme_update.patch
  + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  + ocki-3.1_06_0005-Small-reworks.patch
  + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  + ocki-3.1_07_0001-Man-page-corrections.patch
  + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
  + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Project is now hosted on sourceforge; fix the Url
- Remove cvs related stuff; tarball is produced by upstream
- Use %configure macro instead of manually defined options
- Build with parallel support; use %{?_smp_mflags} macro /bin/sh /bin/sh /bin/sh /bin/sh sheep71 1675939382                                                                                                                                                 	   
                                                                      !   "   #   $   %   &   '                                                3.17.0-150400.4.8.1 3.17.0-150400.4.8.1 3.17.0-150400.4.8.1                                                                                	   	   	   	   
   
                        opencryptoki opencryptoki.conf p11sak_defined_attrs.conf pkcsslotd.service opencryptoki.conf opencryptoki stdll p11sak pkcsconf pkcsicsf pkcsslotd pkcstok_migrate rcpkcsslotd openCryptoki FAQ README.cca_stdll README.ep11_stdll README.icsf_stdll README.pkcscca_migrate README.token_data README.tpm_stdll coding_style.md openCryptoki-TFAQ.html opencryptoki-howto.md system_resources p11sak.1.gz pkcsconf.1.gz pkcsicsf.1.gz pkcstok_migrate.1.gz opencryptoki.conf.5.gz p11sak_defined_attrs.conf.5.gz opencryptoki.7.gz pkcsslotd.8.gz opencryptoki icsf swtok TOK_OBJ tpm opencryptoki /etc/ /etc/opencryptoki/ /usr/lib/systemd/system/ /usr/lib/tmpfiles.d/ /usr/lib64/ /usr/lib64/opencryptoki/ /usr/sbin/ /usr/share/doc/packages/ /usr/share/doc/packages/openCryptoki/ /usr/share/man/man1/ /usr/share/man/man5/ /usr/share/man/man7/ /usr/share/man/man8/ /var/lib/ /var/lib/opencryptoki/ /var/lib/opencryptoki/swtok/ /var/log/ -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.suse.de/SUSE:Maintenance:27719/SUSE_SLE-15-SP4_Update/3b27e6d37faa7607a0a95a198fc2ee0f-openCryptoki.SUSE_SLE-15-SP4_Update drpm xz 5 x86_64-suse-linux                                                                          	   
                                                   directory ASCII text ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=812001a038ed6c56cd548124c360d491e569055e, for GNU/Linux 3.2.0, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ae08ce6d60490830a7c4124314d1b7f705e105cf, for GNU/Linux 3.2.0, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=4646e3dadf73d93fff3c8a06ce8ebd06d372c9e1, for GNU/Linux 3.2.0, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6b4b00b7f356608e2e0fe6f854e702d5d62dcac5, for GNU/Linux 3.2.0, stripped ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=e43b8dcd4e6456f8d1379efc84c3ed7753959483, for GNU/Linux 3.2.0, stripped  Algol 68 source, ASCII text HTML document, UTF-8 Unicode text UTF-8 Unicode text troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix) troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)                                      
         +                                                                                                                                           
      
      
                                                                                                            R  R  R  R  R  	R  
R  R  R  R  R  R  R  R  R  R  R  
R  R  R  R  R  R  R  R  R  R  
R  R  R  R  R  R  R  R  R  R  R  R  R  
R  R  R  R  R  R  R  R  R  R  
R  R  R  y§‘¬â^h\Ç½–î   utf-8 0116713da83f209773bf182d067c1fdf74d8857a7a4a62ee9cd1c409fb40f833        ?   ÿÿû    ý7zXZ  
áû¡ !   t/å£à'k'] "ÌkÀ%ˆî.‹ïÔsrÈÍ¿F½öòûV‘3vÆNJ¸Ö`Ó‘0rºÂ0ÀÿsiØvoØf¶½Ùy;…€¦®·Þ]¿êI×²Á- ±»ÞAÁfF” S‘5MìÒ˜»…Aa³]<!±¸·KÐ÷V"d“õºj/c7±!<×É©ú³÷¿¢Q÷va$ç¾±tMfš#6þ‘V…¨Pü*uÍAWˆã}{ðf“F)N“G¼_ 'à¯ÕG
6+¡8é±&Ò¹Úº0åñ¸fø'âîÞ1#ÑlžODÌ3æ˜‹K{Îe-äÿƒÁ-8WÂäCM0I?†Uê×ºâÝÑ%0X4.³K´dcL'Úó¸¸î‹RÿºÕwÇQ+ØÃ]&ç8%X–7Àþ!ÙUŠ°ÿfSˆïÿ´÷˜ïéËëÆ\=·
ncâ!²—¼/|ìGKP)’MO´Î{Öw éÆ`âàÜËÁT¸žg¥DKa\žþ‘'âÞõ¦ýÒ±>¦wo"!Bà½tåä*7èü,,‡Øçüûƒ~4ÇK[˜&ØB#Ó‘myãÉÝLôQ£xÖkþcJ9#¬š®Ø¿‚àh#´ßï’2j‘rì5‚›ÇSÎÂÿ©?+•qihoù€aaô„~”/ï¤'o#_aH¬¾—UZMëtY-)Æ¡{ŠŽÉ—“[ p-’¯ÊD
WâÙØCäU‰€aLŒZô4[Ù_àm˜*Üïy/5]	(Eš¦5d–¿D£†oŒç&ØÒäXš*JT~¤0Q"œ–—ˆ`b~Ç%³¯™·AâË•8.Ôw‘ŽŽ™¹Ò N°Wòyý¡yËÛHíH~ïÜ‘þ­0à ø^u4Œv1‹k;ŸeIêUc&_”Ø\÷nx…ðà¾æ
ü˜#ÜjM¿¸
c)øçå)îÏ¾°•ox'4JP†½ý¿ÐÎIq$h¼ÞkÜ>‡¶Å$m&ƒ>á”ûOÆÆÑT*ïûˆ/l0ž>Žör_ïCW¤Ü4&¼:%ri˜Y¢þëVC’qŠ}¯/À´ì.“®ŸÉµó¿ü6¥Ï“aÜÿøzFºñè?Ñ¯
¿–Ñ¹k=Ó‘`‰!Bôoa&M°ÞÔÏÐl´Œ&RDšØçÂSËaã»Ÿ-Œ¸Ÿpg¬$&´¥Ù½‘…<ø%À%ÈåW¿ç°ávy¬´¢2ÎVD½»	´×7ÌÕýä4sú`ê6+D{ÐñÇñ«v©¶¼ØlØÁò7U¼²Ç9Ìžeðô–ONËyx#Ìµ¢uÇÒ×Ü¶´5­ ñ¨f»Ã|8¹ýŽjþ…z¼ !š÷ÛÐ™Ý†á×ÇÃØ^Öýƒ¡^²#Àã0Ü”¬ä=[jìH¡›W¦²U\ýìå&Á
G°¾Ny¯c˜{Öé ›Š€$‡ÅÍÒ²S"¶n¦µ;¢ï\Ò9ë%YzéÑÒ
yB<…“•1d~ááÝqw»ç(ô¥D:ŽLˆr/&kÊÃ<Á!ªÞv‚
qRõ2!”óÜwgAc±[(>ðËU‰H¡ç	¢—¶Ó­ ÒO5q¡‡bg7/[öíƒm½h[ÓÎ·›ÿåŽ»ŒL+éZ#Snßi*—/ÔXŒ¤ ôx
JéË‡¶3ç¨Ê¯ùIajqÌQ£cQZ°Làã2¸9ÿáÒ†íž\óè›Ü®Ý7$D†öÐ€üÔ`Ûf¯*§9P‰bu†þµÉ<3¤ÛTXU>ÐHƒçÜtûùzÐv^™~¹)$çN´‡LZ;¬+GV‘"¸GsJú@/‹GÇ½nõk…2ä;‡9ªq`É§O˜ßÜ-35+ä¸® ½ì_ëæîã.y,Î„¤¶OçxPrc\£‹ñKÞž*¨ÖœðOHXi¸ªÆ]©›ÂE€`­3žÜùæ]÷ƒû%Í_ÑwV¯“é~ˆÎb§0õ’‘‘´<žXÕ#•ÞÐÒ©îREê•°/~Ü»^Õ”£m­Y¨ÔØæÉ8»âO$ˆ1î&9ö2ÒÇ„5ÿTÌzñ`öP­ô¢=4ßJ9fýª¡ðWf
W«º3‹€r+5DíGi7šL¡ü«F„6–Ïd_z}Þ­Xú"e[OÃ—†5 ­hR¼Ç7
h7‡r‘Þ‰Ç ‚XïÞPË®@ž.ÐÎh+nœcŸ‚Ýáþ‚*7ç7¸ÅSŽ8˜-š½Ü£ÖJ—?CðVS¹$Èóª‰RFïú>_°}€–ŒNty,˜1ÔPÆ¸ôÈrÆÂ©ãKlÔ!Õ7<ôÔŒákp=WÃÿ£Š¹”Ï
0ÂPü—Œåi7û¡c2N0J'ÐHy	I9õF^«õ'ZPòjt3vXm¬@–:²[6W¨.l`¼³‘®“ë$Ò'®/âÅ¨¼à<eî¶Y¨%ÀÍ{ù‚ã:jÆšlé„ç;0²š›Þ²±Þ&bð/ò^Ì<öK…r]Z)ý•s€õþ*º!u’7¢ûvž®Ì;a]‹Ç @2S3Æh{ÓkÒHJ3Kçi€+tç‹<Pp4Uß&C«ãq3híPÝßA&+6‘sù†‡0–³w³”Ë‰ÔÁÙËP·UÅQ[YÒ’1(‚‚©{§ÿt¥ÐO•¶ÏÖV*p+?%ôíhÿCÊj5¹¿~´ÝW°†šñÌy³ÿUš[Hø_Ð•ºÖ9\Í¬?m—KÝÛ¯ž5‰òññùFn¸?ý%(³³PÐíNÛWDí9›;Ò¬„ÔzïðÜ:ç¼æ»åNTE^bu®¼áÕê?±ºÑ{ámû$qö].«u¸n C|ûäh«ÅuZ8ÎrÊ
…a3ubÚ³‡.x˜^œ)P”~'Z,"õžvg?XzI®êõ}‹µTã!»Ë¡§Û~=ÛXšà³qÅ„bRíÈst½6ãÐ$½$«·ø5“¿ñ-ÆJ1÷ôJÄCb\ÏÂg«ž¼%5ÕPD
àeFBWûR„Õ2gó°ÇÒ¤r=çm½B«œõM/
lÓ–Á  Zg°hÔî]r«ÒzaxYþÂ‹ÂLp—YÜ[²„¡i·‚×°Ž Iúç·Ç(TðDâjÜ8È]ûzÖèbyiå›JþbüÊQ÷Öú(>}ÅÙÙCrªñ}PÖÝZ¯¡š^-5,­gàôÕÎÔ1iTSpx×6QÁkÝÍ{ïô¾Gó.cv}T·q[‘Û_<mõoQÚ‰<‡æ—4jÍçËÙ õ³ü¹4&ªÈkì%ZO¸eî&m«îsÕ¶ÅOO›½¡¿BQF¾‚;5õbBÜïÅŸ&U¸é‰ê*¡yÛtÚXÖ’5wWyç#HL6AÝIÖbv¨íoiÚÇÌ|.À ÅF=:`G Ø«´˜5òžÉƒ°´ë‘!¦ð“l›†ÏQå+¹Nœ_7v4CSzºQÝ•?PEhåÖÖØ`[z$Á’	
Dfâ^”‡žJ>Jægƒ£-&„½’}‘ì„ÎÓç(5xëPM¿wTdýôY&ž‚•žµ¢*äèBÃe“‚Õ
¶~‚ùÓ¼˜›ñêïžfÇ¸Ì»÷Í–:;®?:;	øág]J$Ô—é´®<ž8ÌŒ~,z·¹¦Ç*[Át{š¾p¦SÞ¤ú„Þ¹Cø„§Qu­€4cµÊ:E	ÝI5|ÝélêÕ¡j;gäC]èÿ¹Á^Gˆƒ»’YUA—õ2ùà­[ô;¨ìïš£=Ý¼ËëšÝIâN~Ñ|GÜ¢uD8$0®]õn>\•.^T1rÙJ9w…–,§d|Ä‘tî±«®²ív/!ãÛPôì ¸Æxº)LÚÒ¡Òe‹E¯Šf‰šS—÷~oƒÄúˆ¯:/òÊÅŒ²èñ™×ÔØ’0aáÞÔ¸±hˆø#¼«³­úJ½ q	ÛCàÛ…oÎGÓ³è'¤¿ýBû[rPhåù¾ñ¤%e8àRjâšA‘n>±Óc‰úåÃïùrPôF·?ýIÂ: ÐÜ;xMqnHƒ–ÿD”b{ÔÒ)ªÍ1(%åŽ†YEg,MBL+gD »>[¹áðV¤b/o²7ÃôÏ78og¯—ŒÞ„¯SXïTº±»ûtd•¿Õ«rªÝÒpD•V	Ü™ô£%fñ[;¹ýô¸ËÃx&ö²Ê¯sÛgm¥Ÿ
qa†Í47uwmèywåŠô¤xžI˜‘MZ¬o{ëâH‹´”çµ·;9jÿ}œ¶³„º÷±¿r¼ìë¥ë
0­ocÁW²nò¡+KÀ!'Ú[}…ßlëç£k%ïÙ¶ÿ×U´ƒP©‹¶ÅÐüÁ uŠ¹²_\&¿Ph[â
sðÌõ“ZôÌ­´ÃI 4ún´š‰Äü6	X3â1,¤¶g'f†5n{3G·Œ]Õ’çä¦µ«¯l¸Äw­BäÛŒ„Þ XSt_‚éê•qtˆ¥r4¢.´Æ>©lâÒ1za¤T9öæ`,gÃ‘`æ
9ó³×]úQŽds¿yò›¤¡6‘,A%è`þ¦0ëeL%˜”ñý«©=ÄètÚ"Þ·™º±Kmr±ö¿/«€_üç±Ô­áoÜÉ¡37UÅþÃFB9¸ˆâl{¹¨ÛUé±|@Ã¥†h~ëÜ7XÕäSëÏ° ´›´È1«x#©ªDiñÓh«8Ôâ,TÌùäò™„"oÍYÀ•]SÕòd‘:käu’4Y^TÈZ‡ˆl¬ó8Á„S'*ý¿lÚ­‡•ra*AyÌ òÂ Û³1Ïøâéëk_‡Êñ¤~ƒjÛÈ&ÏJñ{p7tŸ"Aô«ot!Z³]«š’‡º“3î•ˆŸî˜Ò8<­úÞWFT[}Iî«°y=œ
Áö+2"a”\Ci?ânô•€Ú‡ïÕ*:PFQuG3clã¼ w*ÆÃRŒæÄ€Üë¹Á ƒ°£ó«Ežü…jÙvÚ©»ìV_ûµÎLôU5rBðÜ§õ´—äh¶ŒHÕÝÜÉ7>‹0#Fþµ&£IB‘ìHMèFn8¥åtáÖNÉ¿úü
é"®P»E¥_z¾Ë_ØaÝÝ`H(• îuJX¥‰6Ò–»r*c7(RŒ³Ü„ŸWT Ñ˜žJv¨úTT‹U8;àó¼Åeáÿð\n
Sê+fØvM¨ó„BV|¯W.¢ÚM).HºU—‚E^Lˆ]Ù;J-teŽÈ”b<sÀ\ï÷ë¤€w8ß]¡Žéç¢‡G°x]‚2O¾,Õ90À&2&´èÍÎå6ò‘<¿…£<”=ÉƒádÞ{–Ióû«lyôÅãKFÙ3ðÖ¸öðD6ÓºÀù§Âïô[ìN8KZxoW–*…¿EÃiVX®€ô
qY+ŠèçÖ—B¯Cßíªnþ@ 4'ÚÉøìRÉRÐ–H¬ˆR‰ä¨?ƒ
Œ^L(Í÷PM‘Ù³ÝÙ(Pl²*c—HdK] "wga%ÎL„¿€àÕnb
¹õ2›_%dj‘ÁÐ¹6‡ëÊÛ(«R³!·QwbbÛÚ3ýW³lLFA€›­µêe¶Ö×@T]ÆónŠL|äE7¸[+èYe«ÕOÄ† 9ïž
B$@ž.HH-,âå„ud™‘áÅ¸£/‰°Xÿ-áæqƒ+"–­¦ç¿yú‡Ÿ©•ÐÅßñ„s!+4›Õ56)ŽîÂØñÆ ³ò{ÒÏæ‚3”’Xe\)òó•eÐËÙcÀ¹	ÏrÚT¦ªòÄFxˆ÷Qz’2„±Cé+ÐïþfÏ²î–„FÂÿ­¾cÐ(b†§ó[Vlœ×¬ï%!£ƒÎR¶ž’F>tâzH”z–E&S"ÂÒ»P¿{‘þsOq›%BB¾ÛD‘Ô¡À­‡}™°¨ýdMÎ)3‡¦).Êz•SbzÊ·à+Mã!í]©“´ =>NTÈ'd¡b Þ+Ðtþ&ñÝKj¢ŒˆYj•f\=z£3¼«©Ótò‹¨_â¨Ço,Š(¢)–w¯Gï
"Òl’^ü3NŠêˆÑºê¶A²´\’-éoA'Üs÷0àæ5¨0.f(†
òm%Á:)<s2Ú]
ßitF
ó0Q?Òë@{¥Â&t—»Ì£z´J$ÀM4O´uæ-›e¬‹L‡{v(wÑóm~îy†³äü×™yý’A¶@‹Æ#mIÏ:ÔÛÈK:Dþ£ t=ûAâÕ2<˜îÃ»Ï¹Øã	øÁ á^o†Ør3—ŠÒ#Ùø]+¤ÕH½\«¨ÜÍfÍf3cu3C¼EÊ»X€±A³,véïìµ‘•Òkó
Ó,äj‘
  žIiÜ„ˆl$wK5ucæÃk^a}ö@‰®ßªŸ‰Z…J Û&ìN  ß¼€¶éß    
YZ