openCryptoki-3.23.0-150600.3.14.1<>,i{qyp9|I2ΩlVc[Pz0/sץ]b%Ԇȃw* n P\8qMw=}\}ZpBG ҰnBK]6eM[hlǹ1:5!2!.wvfA _/1m({PV015BJRC\uQLfwJ_v4dSmD)%ϤxԒwqHI "Wiuqn>Ip?`d $ qlp| !'  (E<E E PE dE !)E !xE"E#E%Z%E&&%'%*%(+8+=9,=:0U==>? @FG4EHHEI\EXY\E]E^bcd0e5f8l:uLEv`wHEx\Eyp^z\CopenCryptoki3.23.0150600.3.14.1An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic HardwareThe PKCS#11 version 2.11 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).i{qys390zl35SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Productivity/Securityhttps://github.com/opencryptoki/opencryptokilinuxs390x if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in pkcsslotd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: # openCryptoki pkcsslotd:x:64: getent group pkcs11 2>/dev/null || /usr/sbin/groupadd -g 64 -r pkcs11 2>/dev/null || true getent passwd pkcsslotd 2>/dev/null || /usr/sbin/useradd -g pkcs11 -r pkcsslotd -s /sbin/nologin -d /run/opencryptoki 2>/dev/null || true /usr/sbin/usermod -a -G pkcs11 root# Symlink from /var/lib/opencryptoki to /etc/pkcs11 if [ ! -L /etc/pkcs11 ] ; then if [ -e /etc/pkcs11/pk_config_data ] ; then mv /etc/pkcs11/* /var/lib/opencryptoki cd /etc && rm -rf pkcs11 && \ ln -sf /var/lib/opencryptoki pkcs11 fi fi /sbin/ldconfig [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/opencryptoki.conf || : if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in pkcsslotd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable pkcsslotd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop pkcsslotd.service ) || : fiif [ -L /etc/pkcs11 ] ; then rm /etc/pkcs11 fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in pkcsslotd.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart pkcsslotd.service ) || : fi fi Vb nX YXِ`X@H@x]b<$<2+#]b!);eyd x]bA큤AAA큤A큤A큤AAAAAAAAAAAAi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qwi{qwi{qwi{qwi{qwi{qwi{qwi{qwi{qwi{qwi{qvi{qvi{qvi{qxeeei{queeeeei{q/ei{qseei{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qvi{qva7a6ed1f8ef40f782e69a31ca790c25f063cde2b038f445223f2220e9d1c70c1d1caf69263a134911257446bdb220b17b4913459189c9d970e9c6945a653d042efb892098d67bb43dcf0f3d3a158ac2578e98a8dd4d407c6d06c9e8e5a9a3517b8d87c198065312838eb2f058bf837482f6eb14a2a213f5387902ae2978ddcd6ac50fa97a1d87fe2d758956ea138706d4fe45374224a65f7b02cde5c6921100895944fc8c290df6c84cbe9a9357310caae76cdca02e92ba36c032fecb433ff9f556dd2932605ef0c1deac1235de039b05901d764f224da372e1a845187b315ebd21d517200c5b08b3afda7832cf51121bcc4577d49345ed3f8c2d917df1afd0c0ba2a9e35b5e177f657c952327fc690fc20390221dabd150017442203f6af543f4a92f3b2214c796e4e521ff0217131f2f3056e8565d9c0f9ad03f62ebc9785f6fb849de60e4dcc6452cba77676e3a5c0f27fb9b3a632ef54f3065fea2194ebb430798c734333076d7f9b0a1ed8a9c3d49cf299280ee109438b2fd7871bce31d6496fce0bcafa13f4b6b4daceee19482087f01d62895f90eb3b62c39e7431113eb06c231fa4761dd6699c08c5475a66235dc0762e4a0481c304abf5d6e6b2c7da6c881db214672b64afb9933c8370743dece22d99cf30238b043fcc4a27fc82044881754c037d60393796b1cbc9c8016f40fcd478a8d8aa0e3b94dc5447c762b0189a9cb682fee58e1bb6ba7d60cf343f355b874e845f0f07b01306acac84e38cba597debb07c858865f4a2557e541d8097de14772e477b46401a329a92a03e095944fc8c290df6c84cbe9a9357310caae76cdca02e92ba36c032fecb433ff9f029ef5db4494260773e0c79258a72ce924616c594fcf8f5041b49627eba9bb09138507de5b9a136467f41aa4eee84b7a0c883d118bfcc50e96ca05f7c23cef136e983e86b2292d8a9738d75462d87654dad7ecd4061c593d92eb33f8c99622bbe3d475bd868be2c6f7c4ab1fd551aa7d4a28cd3f45986a4a94766f51526784f80943affd464a7c8941d05115eaa2df274bcb96891a14cdbc3b928dfdab4a37b771716ffcf8e4559d268ed9dac99988bed2eb95043a8fb2244aa08ab8ae1c7231504d88f1ac3bed5233ef3c83c2f3996843666015d7bd240ba864c541e97d35f559633e1eaf1f4f4ac317f76ecd9afc63c66519bd97d40f82154037368acea81a280a8db0c0423968e6158b32f7c5e6896134ba19cc399cbee1b0aec8bb9ac8cc6d8001cee4d5deabe400d23363f7e1aa5b958cb355fc6ffe87107ab5e51242a21220787f6e6a28949bd0dc38abe4e1ab96427e69f75f40624f0d104fcb9585b5cba597debb07c858865f4a2557e541d8097de14772e477b46401a329a92a03e095944fc8c290df6c84cbe9a9357310caae76cdca02e92ba36c032fecb433ff9f527ab63544f21c2abc4c8faeba47324bfabef5e1a2cb6c042aa9cc463920eb77765b90a44e331a6955b50480fe567f1a4b114803bdfa9fc4fa1d1b10d3a4adf6151a4b7d47a3d340fdc9cb49013587519315eb9107ccf59a534748f264ccf21fc929ae5c8434f261b6715b1886ae6ed51628786104e7f64d74adac19f0cb35dc7da270707e961178ad3f1566e5e1b3f7262d7ce30d02cafb9c88c432a619e9e6b725968b0bd89ba1234416c6ebf5ae8523745fd1cc8209b709eae0f7f85a0e34e896c17286deb4f5a19c03b1669699f51c2b7868676a6894f08eb89d624d7112e0b4f7ec1c616c0840e2ef6e19d7769d872d7f9208228c1c8efb86d107043cb543335648dcf45afd97ef369b1612e152049a7a81d50eb79f27aac68d611413054a092931971ef9235edad944aa49db3b02a412a9e4f3e50b899abeedaa27378c861ec4420811c00176b1cbfb5870d8e6305426cc833ccf68c58bbd54d30c736e2d256e89409199a43d8f61793becc63c9bc8766e990392cfa9a8dc0c6bc9c9302feb0b4cf9ba952ec172f8a799767269fc3770c209a79a81ba4b4e2972c4ce890446bc83cdcf9ac4c4587923ed2db167486fa2a7c47438e95d279e98438c20d3d6d1e54b3845b0f44f876d1147be85ee890095b76ccc3f96513cc9088aabe836a522794d49cae7c22169b77e71a0e7bf662c1a9956a05166343825d44d6981b1cba597debb07c858865f4a2557e541d8097de14772e477b46401a329a92a03e095944fc8c290df6c84cbe9a9357310caae76cdca02e92ba36c032fecb433ff9fservicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpkcs11pkcs11rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11openCryptoki-3.23.0-150600.3.14.1.src.rpmconfig(openCryptoki)group(pkcs11)openCryptokiopenCryptoki(s390-64)user(pkcs11) @@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/usr/sbin/groupadd/usr/sbin/useradd/usr/sbin/usermodconfig(openCryptoki)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.2.3)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libc.so.6(GLIBC_2.9)(64bit)libcap.so.2()(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libudev.so.1()(64bit)libudev.so.1(LIBUDEV_183)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd3.23.0-150600.3.14.13.0.4-14.6.0-14.0-15.2-14.14.3i{Khg+Z@ff@epeem@e 0@dp@cc=@ccc6@bb@b; aqV@a ``Ȗ@`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@nikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comtabraham@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.commeissner@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.comnikolay.gueorguiev@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Applied a patch (bsc#1257116, CVE-2026-23893) * openCryptoki-SLE15-SP6-CVE-2026-23893.patch- Applied a patch (bsc#1248002) * ocki-3.23-PKCSSLOTD-Remove-the-use-of-MD5.patch - Added riscv64 to openCryptoki_64bit_arch - Updated the patch * ocki-3.23-remove-make-install-chgrp.patch- improve handling of user/group. use existing user/group if they exist. create user/group if not (bsc#1225876)- Amended the .spec file accorinding to the recommendation in (bsc#1225876)- Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf)- Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch- provide user(pkcs11) and group(pkcs11)- Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch- Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes- Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch- Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch.- Added patch for compile errors * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch -- Changed spec file to use %autosetup instead of %setup.- Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the following patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch- Updated spec file to set permissions on /etc/opencryptoki/strength.conf to be owned by root:pkcs11 with permissions of 640. (bsc#1205566)- Upgrade to version 3.19.0 (jsc#PED-616) + openCryptoki 3.19 - CCA: check for expected master key verification patterns at token init - CCA: check master key verification pattern of created keys to be as expected - EP11: check for expected wrapping key verification pattern at token init - EP11: check wrapping key verification pattern of created keys to be as expected - p11sak/pkcsconf: display PKCS#11 URIs - p11sak: add support for IBM specific Dilithium keys - p11sak: allow to list keys filtered by label - common: add support for dual-function cryptographic functions - Add support for C_SessionCancel function (PKCS#11 v3.0) - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER) - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE) - Bug fixes + openCryptoki 3.18 - Default to FIPS compliant token data format (tokversion = 3.12) - Add support for restricting usage of mechanisms and keys via a global policy - Add support for statistics counting of mechanism usage - ICA/EP11: Support libica version 4 - p11sak tool: Allow to set different attributes for public and private keys - Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated version named ocki-3.19-remove-make-install-chgrp.patch to fit the current state of the source. - Removed the following obsolete patches: openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch- Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch for bsc#1202106. One test of the gen_purpose test cases fails with C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token.- Made the following changes for bsc#1199862 "Please install p11sak_defined_attrs.conf." * Replaced ocki-3.11-remove-make-install-chgrp.patch with ocki-3.17-remove-make-install-chgrp.patch to remove the "-g pkcs11" parameter from the install command in the Makefile * Updated the spec file to include /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file with the necessary permissions and group ownership.- Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM mechanism does not show up as supported by the EP11 token when an upgraded EP11 host library is used. * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch- Upgraded to version 3.17.0 (jsc#SLE-18326) + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW fallbacks * openCryptoki 3.16 - EP11: protected-key option - EP11: support attribute-bound keys - CCA: import and export of secure key objects - Bug fixes - Removed the following obsolete patches: ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch ocki-3.15.1-Fix-compiling-with-c.patch ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch- Added the following patches for bsc#1188879: * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch When modifying opencryptoki.conf during token migration, put quotes around strings that contain spaces, e.g. for the slot description and manufacturer. * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch When migrating a slot the opencryptoki.conf file is modified. If it contains slots that already contain the 'tokversion = x.y' keyword, this is accidentally removed when migrating another slot. * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch Change the code to use the pid file that pkcsslotd creates, and check if the process with the pid contained in the pid file still exists and runs pkcsslotd. * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch Always quote the value of 'description' and 'manufacturer'. Quote the value of 'stdll', 'confname', and 'tokname' if it contains spaces, and never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch- Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976)- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macro/bin/sh/bin/sh/bin/sh/bin/shs390zl35 1769697657  !"#$%&'()*+,-./0123456789:;<=>?@ABCDE3.23.0-150600.3.14.13.23.0-150600.3.14.13.23.0-150600.3.14.1 opencryptokiccatok.confep11cpfilter.confep11tok.confopencryptoki.confp11sak_defined_attrs.confstrength.confpkcsslotd.serviceopencryptoki.confopencryptokistdllp11sakpkcsccapkcsconfpkcsep11_migratepkcsep11_sessionpkcsicsfpkcsslotdpkcsstatspkcstok_migratercpkcsslotdopencryptokipolicy-example.confstrength-example.confopenCryptokiFAQREADME.cca_stdllREADME.develREADME.ep11_stdllREADME.icsf_stdllREADME.token_dataREADME.tpm_stdllcoding_style.mddoc.mkopenCryptoki-TFAQ.htmlopencryptoki-howto.mdpolicy-example.confstrength-example.confsystem_resourcesp11sak.1.gzpkcscca.1.gzpkcsconf.1.gzpkcsep11_migrate.1.gzpkcsep11_session.1.gzpkcshsm_mk_change.1.gzpkcsicsf.1.gzpkcsstats.1.gzpkcstok_migrate.1.gzopencryptoki.conf.5.gzp11sak_defined_attrs.conf.5.gzpolicy.conf.5.gzstrength.conf.5.gzopencryptoki.7.gzpkcsslotd.8.gzopencryptokipolicy-example.confstrength-example.confopencryptokiccatokTOK_OBJep11tokTOK_OBJicsfliteTOK_OBJswtokTOK_OBJtpmopencryptoki/etc//etc/opencryptoki//usr/lib/systemd/system//usr/lib/tmpfiles.d//usr/lib64//usr/lib64/opencryptoki//usr/sbin//usr/share/doc//usr/share/doc/opencryptoki//usr/share/doc/packages//usr/share/doc/packages/openCryptoki//usr/share/man/man1//usr/share/man/man5//usr/share/man/man7//usr/share/man/man8//usr/share//usr/share/opencryptoki//var/lib//var/lib/opencryptoki//var/lib/opencryptoki/ccatok//var/lib/opencryptoki/ep11tok//var/lib/opencryptoki/lite//var/lib/opencryptoki/swtok//var/log/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:42499/SUSE_SLE-15-SP6_Update/734b43a78ec51d2cf7ee4aedddb9dbff-openCryptoki.SUSE_SLE-15-SP6_Updatedrpmxz5s390x-suse-linux directoryAlgol 68 source, ASCII textASCII text, with very long linesASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=8cf0ddb506decf381ac2e30b4b4515fe3bf73dfa, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=17d3d39a1e695ef658ef468b0a544da8d14bb5c3, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=d489d1863598768d6ffc2b50422e299e80e062aa, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=146c48d996ff468398b21771da21512ece34eb5c, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=e1b29f6fdd79224894a4e30faf0ade1b312b698f, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=4abcbb3f26c1f083d213c59d9cfaf3dbf1cae47b, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=5cfe10010ae44c2159fac9db8f48eaebe596719a, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=9d63ee452f33354b9505093c40f11686c1da0ade, for GNU/Linux 4.3.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=5dbf1aa639d5ffd1e05372da32b3326e76d6a1b5, for GNU/Linux 4.3.0, strippedHTML document, UTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)Algol 68 source, ASCII text (gzip compressed data, max compression, from Unix) !+6BPV  RR RRRRRRR R R RRRR RRRRR RRRRRRRRRRR RRRRR RR RRR RRRR RRR RRRR RRRRRRRRR RRRRRRRRRRRRR RR RRRRRRRR RRRRRRRR RR"mBrsystemd-sysvcompatutf-80efce83df7a9644adca5ac6a9b214e77d6b899a6332a14084383355f02ae673a?p7zXZ !t/.;]"k%GN, V!I?0:ADDQ>鎦Eo8M3T /lB[^t32%V݊{V_gH{BP &^+"Sͧo|)3~͆7pUdwZ5R='Y6h]q%::ڢVDwV9>K*>׌ ~Jѫœ"^gÕ*1ZXYmf&2ߥ)UbaođTRS0Mc_!P2Wox'Yi/Y)+5jq]SF L& /51(?5Xo£Ohb&\1GUs.H?C6Y >$#*1njNI:}>7B <c!]uyv#R{$U` .ZڹZNLiim7="w?S׊jZ:0H W!4U3=ciy;L Z^H1d,([W^Kïh$ V>:>JmP$_Ooʾ@Hcf@90䟭Nӕ5iVIU;Pwƹ.F3b}IR\`sT(eFh#i' Xe\*e,ֆkP%,rf5C !/BcZ k"xݨYlfubFm]/XNʧbS.*ޗx}umR6b`hjn(] ’L\mit$!y.wU{ȜƹG@, zx_1~bkYTWS7p##^;XGpTSUА _Ӓ 'p]6B~j58#T?`,mWrkI3X5(GLdf%k]49t zIW,@^v!}W2"lƊc[2wh|(; m5Y>FїS?9a_lm@rx44p_`ǬVo, aS¦Wd|،#Iz~S諚xdUY:+?$ip7T˘2=\. '뾕gՄ~v`^0S>bAk֡qR ϨeQO@Iq1 t7BO$*pn%#j1ij&q[9f +"'-65lLvAiZs29vFϲ^Ybe=sg gy/i6B{fn[ՆAeϛ^qhD Q'%c#˼]wUd+1TVy}=FI zUJ8Ah&IlcaeVw6"شM=+٭Cb|ޖw a ]0?ܲ9JcQ+r[!K K(S>/t!Vy,"mU* bW4F0>ژԲ7s)+10BL)5=s -RXޜe72/Ty~+0Ei;@Dm3#qiqݕ6(a$EW›pZ,o7Q8ei:%u`u) _|lZ)ݱQ-hNPi8 `+)8096*RJ=-Qj-k [+Y,!Xb$Ƌol T14X'cj+ҌcgPe!DƋ#=+%zC떳Zt<%٦ξr =VL?pf?!^wk3(D."9Lo|[Hem,"U(k֚v@g|? M9H\4>RJFE[rvY\E=vYH"qKD В8[Յ7 ͡ЮXѨĽrsE(e?s0>˚F}rTqL<;*0byn"?T4u s NLZB lݪ{nwY*]GXC*'y[-G +bS'wR43r e!T2y+ d/|I{vGޓo$ y8~/ cKxI XBɨ)2Z%FsIj~MvKsWf`TXE@l tCJw _L#E@pBI;rA(؅5r."6A`}ifmeʋ{X7[I}xQ&@A~&V=#Z )LME+W/9@ylb/u^FR3n.uE/|xŬuf5c`z݈)A 0rb5&A1(xc@DkrLÅ}q=3wܣ6*ބ N(LwzyJćixyUI\4mFhY94LD|BI,ytr 0xCMX'I$׻ۮ6[Gr%v#tIB1F^!wPg'JLeڔ烏5k]H4k[B4P ~NӔk咽@hBSsKs?tZLA`#" -ɅC#ݕ\T[OAqsd#8s`ev,rn×YϢumeJu-xT Gkn4iI[tgܠ-bURG@ [Z2$Y)FMWv0q 10QȂVN:exrmֲ1~U'dR1 s+!Ln]H/Ӕ_P&/Y]1zCrr1>,Hy ,g+j\l( V0ָhknSwu/0 vU)NS,(O,Q 2v+m`Pu̐UeB؋.%C0Q! .kʧ?ޓD;^ !ƈ=է L p3&"Q)e T&,O&Ė/ Ӛ܉ڨ-1)KIl/Nؘ0pPLLy1r-"$kD!Hr~Ka)a~F[%D֪B7W9:FDyt7OO1*7H4KJԃP = QD!i8Cwt؜-e"8ŗOzl2M8 h'̆Xc Z5qB (FZ/nS=1=9U sFO[9(}1>As2Y|[Jb(WI҃Ֆ!귉~" P^>$TZΠϼ#PB@φ3Y(80: % Q EP0ڌ,2:#T@kbj6mfBVB1We*|Yt.JEB'k:׳%5ܙ >kRzl혾{\{zS^4ZWd1Hq{"c"yNxcH s7_xxkԯ632? e3C`>$b{9Y#?pVU>F!rIؤUnx,FʹNhG {q)E(mր Xۯl5SNO-0f3XMwڧW$!H mϿx%Bk A;X&Qλ?<JSܛٕZ73k;EXfL=YS nv\T!~ ibErآ2a$ſ:ƙ"Hnpps8Ԣ\GL,LTm+I \Dg GYk %pJe<*ֺW3*UeVom0+t5)W[A7=?N!lNnzCVCL bӘt c,,௰[еa&TRvGr{A1!N;)ރĢY>m-Y?TVl:&fJ)@EBqD*ղf$ G]h=N B!h;1"i <<5ōMcg$dɅuxlCo 9w.6a#9Y "a :;cHp$T^Obx=)e*DN5PFK[9Tq#* gk01b(׏TZapss!Ɲ u-.KaIh(ЉA@ |woRKS\Qc'gtR"/Q"B"U܆ '^-"ժjҿ;{r yǾmcڝ/deZHPR>"?Cw8VSskVJ_2$WѼ] -Vc#b64ozCj?wfJPw&E~,s[c'Ӊ*)cC~K. UPg 5=V)zq˱HoK7L!xuwC:{ H m͢u;g H5F:c!E$%Z-r-LVX1BภvI`D *N [1X)@񅧧O 3l@!eyk\P) P7mn C[$NG8ȱƔS'Gwa.lu\5h:BcP@Y^cI47ܭŔrc."Aw1nsVTʭe?֤QƐZ}VҶFZD#wV9%Νfw'!<| N ;ܠ O@Tl˦%Ä Y~ʱ T2%CM[H~ KbنgTE ȶ.HH|1v^sW"77S[wYƋNzgx8f$OX/#*Ɇ7qo9JͲϓ響-w\ w9tƷ#e]28)_m@uj wYU ROfkQwe`ceU柠~\\ MlEm]U[DOh륁oISfczw3rcP ZwCnLEPF݋+%3՛ПgaJ7̤<9T켧xsBkCj++"{qEVpFp'Q/''uM,QgYF|>c|^{ ƠgVGGr* qB#57A,-{YMDK)~: jl:ԫ#uHN6UZcC+cxrE_5_1*)Jc>_DZ^y,~Wo+rw2ȘhZeN,fK@_QY3 4sN/k.q,́PYW N\wӁv%QID!'LiL'cuOY}:Q _4n>Vxw{ :C>1-x1ۭƝI˳Yc⁧o^IᏌFU a (BIg ^ld%솀ʯ3>$ _%Civ<.y2tzXnȘY 7(omިXb_? d,I"½" %dWHTyNT+j03é _r1X6KيHl (1ᥐOKUˈ9!btyOOVP{#oA &馤`Y1Gׅ}s߶ (X!0J#s?=z,/2 MΔxbAm'ypH0ݤM/ H.Jx0V׆TxoDE9t}_&TJbr#\CehM4\ F- K!qն=y$eK. 'Sӏj] A ̔)5~)Ꝍ{9M>"w^ `B40@[jQk!{e@ llvQ)B-MpURe3=s{HUЛ#)Dh}%kHDNWr6ȘZgC@LBR\t+ZzNKK9n1]"ECA16/֙U}2aSw>Mƶǖ"owux.Mf0)zKKyZPY{ U֎WG\ 5GsDY{8sֿkQCγRZ%#6^,i*Â;?؝ 4( yl5 N]:FVC[+~h$Q5i"Ͷ[匪a&5=/lay(k E#G8GekH1RmކZ<R *YpjJ,P* |6whF(i0 vA>g` YbA?}̰U\oe:OMEM5K2rs eYQ}\%[UU{v7WCwapHz?2v'ҕvB<WX%w ]Ӣ&.q~;3gW}=:eg!tcj '{p% ˗(QtjK1 z{25?&wv??Ejo,\CnvG>M D~'KADUtDk|,w).k`8TOHg2">+EL!)Bt*P&\]EpdЗFMh7|%f-}AK>'g乴B;I."5 وiTƹ^vU?& (@q,n]i x^A$\܅k|)'}.9Ǘ;t5էGnŮc:}e \fa\>=h H7(g:G+tb!T>6c#.tnJݻ< wpwyNUhAjY].#G7-gڲGq+!+RZF|,O8Wc74}3 ơ$*͙ޑ'aW%v.yڔl=W뗹RAUFܿ]# Evae 7U,[813J1BCUp銽Z seiupGҢB63tϕ'Y[o8)>uofSpw]~ie18~ Wr7&a^kEa7].;0\z3sYoPDĎ9cU3"%J q{ `lEΚ"7'Ctz㸉e7<qTlo\LTB8Y`οLH E-D4goG~[iws,џCG$:E"seei'߉9vҊ4<﵂llL ETS_p˜<,VH(mD9Y\tξrɫQ'@(jS벴ڹτaN:"A9F$f3Ϝ!P !n @4Dxiݎp ']Pb ƻCL)NY4ݛIU! X/0YFo[pR]VBT ]}eX}7Fz%z$4Noa>z4*+ >H%Po hxx4h&[[U*~T5yL\yLy4&`Ɗ|i_:W!Rƃ4GzD3RYN\P4Uʩh//& f_ׅL!qx3x|t RQq(vv=i7\]C#]G+gG2sOٜwLՋLf*n~t״_-HN@ePٌ^.B)V)q,"B=\L?D-k:::Y Z0 [5;]K}4_Eh`x=27Ǝ7ؒ4SM>jAE@v6䕐J 6t9 顴`H7K+?7ӡ!Z`̷g3}u$µVdTG!g˛h[ku 1H*Au}e(zhz|6ԝeceV)dኅHp[6U0!Vh1D=eUU ]P/⧶f]Y\%ʤ~SL軦cMٝTmXh"]NpC4tE9;ʄuΡ5]AdZD}kNZ1\Yo(̉T雷iΏ"t'x$%uy>ӏ ,6YߨC`/Rp0f۽MxPq D} >DBz+@ -\nr ')g>fR«+Ls~K׭RpY;JZ#*d&f2("ԛɪl7%awf۵ŸټPϲ[LK `ۼғKrh,kTҘ~C6jѺ*G;:pؤ~O^(UQpVKsqQ/ce/O-j|6D;m5 ˏ] O!bh%@谵aƴva(^]vIr} lB0Q?!]]~,V$ U.05pfTeTLGS(r8 /;>4ژ5eڷN!v̪?d ve\?&'PyFN,!z-DvJsJ ȗb\Pd8Fx;Op|\@s :\{Hhh@(]15Qw"ؽew 鯊OKfN`}uj? {o\ЯICK Dq&-7t4LE̛,E5"ދ[s>Dn%k[5}AZjOhQ eOP>}BxeSU*Ww;q"+~(yyDrg/@O]+ DC%RHI.IFNp8oQm äp#P_h&۴td Ffu5<)xN.רCA{,Ss-L7 wPK5?Gq pG9_ware@*I*s}4fItqnP;S#P}>I][8 6عf#nwγnNB eZZ`18-uv]#V2 AN15Rj+1g1a0i\m'דλ+(HaCzA[9k5(¸̤B'#Ųs!ѽ]|ÈRYnј츖m ~\ږ,ȃ|a1 =<%&È)RT>&HZZ}T[ENNߕ( #]g$u"!;:NA_1dQ8]Ml2*Ew6rp#! ҃?\/toQ ѸVWT?n袪fΥ#$O{y//.tKb@ ~ ߴһtW#~tzX}P:[@'A#NZaO]S#4VD-XV겡cq;,d ߴʁ=RJrdW#6͗gK~T`'=*[QR>Bvk)UE)4nEnNIr w:ʼ2\WRҳ]$OLZ<6f&$nR>UE.E[aҲl婂= 5HKx'™/-7lܛF,+gWtcWSS4ť>% 5bNjN>%u51ESSQt#͓5;j8?8 n^#!܁mN .MA5g7M%@Ki5׼1.dQ/'?vÁ e,1m{ {MŖT,A7Q#>l;~1!ˋZyn+U[y;ЕFD+ د@s\"PM漏>+yI<: 2R]1arz0dgx} ]k YSE!)U͚#uB \v*@)#@*Ÿg q&o{J>aT|}$:7Xq7>fW2v^l( f;ZG\]  K.> RBNtPP5բF11dDsD7`)1#M#91:Sӵyqy8q > ,HJJ,S*p|=& /Oy {%ڱhT\L!A|+%$$)P"H\l\;'01qwzd}VP.ÝSIZJ%E BcjRt/n̘JHX$a\K_0' :H{DT[%5ـI} Uv+AgĎ@Ě1عqc>O-w}Tυ-;ȇxa'dwV9W>ىH0 ~LEy<#xM{ y80v9Ny6B?| &BIhztas.=eR%Y_UZ@bJգuךVT邺:X֟OL\a7#!bI}>Sc~MO -!fC Iإ%` .a5݆§βs& +2_r8HC,3lp.[`횓#>R;J>\uПi[t*A ) bRKT4d#50LvTR_H[!SH"U˫ІЅ ԩ65vDn5LvSA7cxcOH-F]-n=|b݌,/%3)}Ѱ._c߽(JOZB.8RٛZ_N!h5훸{,5'vk +:|^աw&qMhA1Њ}s.%kTx.sV 3MBpEKC|.ʼn4Rձ._̐[aӨ;?Gtl'[E5K.JY憊RCUAFht3dX ۓm]7UR&WzDXunT=qx\wp<|0lO!ڷLhg{ުykuJQ<"nJTڰ~=: wfVjf%q #æ<I#NVzd6f[PyVA0נ9OV]Kзߜpa aM,!P,y`&9`n3VNL[|:U8R&N@56c3Ya sv{K":\ P@f= ܞc&M%={˼$: 5z_n&BF'(18ȈO-=KtoהK5]ض&/o1Dk"1e_Z$GM5K52KYgr3p=rvbo.nSy]q&f\ \bfjĨL#!EhE!k)3A갸G)-7vu'<}*)79zQbDwJ1H-OJB~qc@VD-RCZ+0\)ťc_.nb%]LԲlW\D K"rYdg&qѿ:ѻ%;4‘٧v5{߀&dн=A1LT<ҳ\+jϚ<1<#oPD /~"%{*whͼ[94ccq[D>'$Ө -T|.Jom8 rf"ApF;?uv793ُh [#&oHGtlݕ; 8_@79* %[mW| M='L-. >ʔkmHrRaX @Kg cyZ=s| tLƀ}Rѿo e^p+dc C5Rg^Kb KjP짷q켹#wks pO,*͸ XCDVCV3yE:4 2wS#M 9jdGՍ&ڔ8/~;qeTWdM z 9ZQĬ0n;kнtf3\fH,ul Uu~mVŌ_ٛQH75podMVmϺBA^Na dH<.N4/)C|9ʒXM5_/=͟AjXed$ @8͚bG 4Xs 9{v6OǢ9r[Q&KI])^Ӫ03NM'`v}h> %ΰ%IcMf~2mY/0,˾1N(!M:"˫\U168IliX١_V"=`zm(ZsG&yM( a9q5S컔m#)&aLK 5S&u a&O cH%JPq>^ޢB59xjˆ@:/:)BKX9Uf?%ьzr PQHԔzaփCЇ&iKI]AvDMY{_Qx(gs^5߶3[AOcݕ r~1myq;`Нz+#Xt;,N {+m{QR[HF}7$H7|P=y}›(P@IyM?% XB@$2G"纘0bi $켰vvAο>%unBzA$hr^='Gǫ )a*hMg(e.Љ[oˏ:AЧU7 G:h?&뱛qڟOA3,uX88@ 8qZqf&)J,q6~b`g/D#D3G z5.y^Q<[y  k8JG:N9{"F#my N H.1ɼ}O5e04 ?àWG[ 2̈t,3Q/=|} ˱qשhEhG4gQi*޽3 (|94`ZUA;1SU2j!}dRfQ'+3,B5`5dɥ{N$[_>Y䖬ށW(lkNlsԤ, %4uH ΫkI6h6!+k cS/%uN!уl#r&% K*<0O55&!]AΖ?^uu]it./E4> 8'8o K̠~K tA| N?*j}..W҄TS3a^rG+<$p-<ͯԓx118ax;>6ύFo mT벴{H " ƔrcՇvY6y 4d1Ŷ?3!%vȍl2=H}2}ihIqc$SXZGOWF[qc}CHhՀ'v72P6(M@Ϻ=ϡ 5tw`Bsk1?] O#׻tQs#fYD!]Օc>^x#^Lp#N:G}ؾ*c>+M_!+ Ucp%.θ xiP7C.H NkuZhUpP^92Y7 ʾ1+7MV?x2:Ā -MDs1i=bu$z.8`z\ )R5>}5 63ܓuewXܞ ܘg澮z#1?_;0K45 yBu=%&KeO1l8_ KLz_!JqMIq("iL$8& uSN{WgW'ɍ͌F(c4@G},;w,d/SG?6ڱ68&%p_L(ȯ@ݓCE!ҳlw0fK+'AA[n(W-u,ɂUx s L)$(VH`  M$/3)Iʂ߬v1f}=؍WK .5y\P'>\ f5钰7?iރ=>>#`-},ЩԒjĥ"O~~ńX|$&\])pi)!`"XhJJX)=fHM+bDn^z'0g4qDsjUEr9pt}RALG:0V+=u"b BǺM}2'(PeE2kE9Ke&!AN2IѺǏw"DNm ۜS7BYux+r|%M`Pp`vkEO<E弨3"l߱2v@3:e3C ,̕k˦ڲƌei&H!OL !$xYа 'Q,bm@=&Vr\j:@#<~ϐ&sS8Mk e p䚗, =ŦYqf#_='3R BGDR'2CHyUӟ&71CNxgXAGeGUpPׂ wƯ'HOg#y멺qO!G]HHcEtPYVDv^ҕ# ?8Ib?ؚx=KljU!b\}q-[xsZbu͐{ 1^#r#uXeסI $Yw8O)f~ IT) F|^?CRM5f̵nW[ujpC᷁hmLҭa~JM#8#o9 QkS]|`z *LeQT%db=yJJվ ՛e%tp)te){K<-^,U>X7Nñڅ$z@\J۸s^L|庎lF1NzѨdS>qE$PUsIS@[}spa]ȇuY4߬q&v idlMgĖ[ ]\?2NtN//h^7L|{`Jp }*C`ZJ.'Cgbt%>nO#EV(l8 ӓ"Kgn_1KʵX^9IpLbxmsS\PC[%:,#>u6. ᜱ; + V3Hz eqH(T0A: y4w 79ᅆ8 \7Y ×UM&%;IĴJ "iHz.d}R ELGȃ*/}:i%}e}D,8צH " `[pRGR^z`gK5g*I)ώh ^7 ro 6Ra(nnR޽=1_1[Hd| H'j-K _"ξY]1B{Qq1EU-hMF@T{@˒U O0y7VEi6DpZxi{@ ·Y{Zܸ#dg<5Q~U!Nzɭg~z(5wQ/zZY *M8FWCk>4Z:mUݖZT;l5@YsjzQE~}sTxo']~j^@ĿhB5.N2D͜Y CR(,bŌi]'S+-MMq=#;%* :2zMp[);O@.|%T:j6quaf0P-`4V-`OC۽݈ឲmAFu*BM6^K5!D"ۤ8{5V[T] "SY4 J̀z|% g8>yi)zvP_0ÅC ^թU^QqWqcbr XUH5#$$'FF+nV@ssa67>\̦j.4modֈxd/N*U8bx7N_mǻo 7kHãYfnBOࢗX ,j@8gEtܜx)q3Ӊ;UZ{aQ;pr PE' A"7y60CZk]7vLiRM<*2a42d#[&w CU(w Ԅݝ~+eX_\&1Vg9]ONSFwi2N4KEXX2'ҋ.@hü2VJ3TC;<5A c hU퍧5Q=*NȷӞm41q6hل~{H% KZ١ʼn{j!dwhK%c‰D2Wqo!g4Z"n n1ޅ[ۏ6wbV WI!SIoWߺ%Bbŀ JH$")Ph:B^d\[9O7  yGԊ:C%Yw8I2Ow36^eD<vdד\ {Jcs{s.fD0Dyp-acftw|M5_d;:"V: Q[UB8`~<߱>fVE|ԥ )&_R ] BlK/cVmK:H|LsƭKs4v%*5㨇EO{Z! 檝TYsk7ڔ2U6de5NH/VƳ9TꣵdzM-O-[ WAhIBUa5r_jZii_`8 fP+Mͺ UգM38vg8ɾu-9I~x>a pƒ)\3ez6Mb`/A}AD#X}4eAos,d lߧ"kj7$r7*FwJ?Kwljm/[={DGvpV*4w^Cyʣ5|tOIU9 coFtv)زt}+% ,(mMRf8MMqlTpY 򾿸A 6,ɩuz_gfoF"hJV27S(50ߔ|z,|+)fi"l)yz}>^: ww\D%e.@xm348T7f }+wxri`#W2'>'"ZAԼbi_|w :q'A ֨y1pxL\!;4_ /z (s>3t-hT|9@A=A]XI+KkVg8ちfAd%[#`}AZJ;reΙcJq FQԖ p[ubHkCq4B4_Vwʓ ~3U{0Y1ĬR" }S,ʯQh6'xle9]ޝ Z=fo6.KLWHm:lR=@ڑI|ش,0҆mQ&"X?Oz19$q͟E,'_GRZ ^xcY{O͟3eVsrAr\F)Yr,II$1,ˍPJ6բGƮ>j-PTn瀿{JHBrJE3U+V(j c̡q;ndkefo>*`7_buXuݎoζD[wuNl`8X8gӔ'O9*=eT||_\ֆL=_uئ};_ǃsX5μ#W6_エmyu#v-G(pU2'8wz`%Z1FaיIa9ah@*nԚ oEl+gt;L7(%zHqZ[_|h/f%^w\e EVȫO1bTnZUD%3VUh;vKKk#NnԬIo"x8?U tBdK=2UB 8 !ScX7~܈\#k4:.(/~4KR.]m@ߞ8SJHm.t$V^|s>iZN*9QgeۻY$O?܏9 ' on, &H7lV9y޲T#P:jP>\]@ n}]"MZX0X9C95r5MLRlZJ* M9j E\2WDrJz, mA#C&<MC@a04߾ ɠqD!>$,4NUZ?9Dςj{cDkI 7XThØrg3b&04[:HW7̿2=MJ-y5۲kPnmP(3CG FIDCz+DRe9itƇa5 _`o ,'_ԥ`K#ˢ&cWcS]T[m )0UJ3HhĢ+o +I"Հx[=1YԊSeRV$b/ȐJ(焢4E [U bS}":1|nTÓ $׿:eɲ;*HmgobEZhJ tpaᓸ#*/RHiMPeWz +ۡ~P> hlq%p]8o_XW"bQn ArwsN[ |(2,۴F߆ŗ4[ b~|u>\M9f^9rhޤ>ɱ%\]9I8OVAsKp)x!}t&.'JUUX:&)N=ߢf F!<97̬4DVb5J_d\Wb!IL{.CKK&-D^:/x)~ +c\dX3X[_RW\'N^tȂ~e :GvcJ+_pmc썑A9fPW#|<%FkmI{Eb+!3+,Jfyzu*7dw{ڥ4V$0A X0-}9DL=~ItL)N]Q( ѝsh3I6 Lx4⫐1,dfqJ  RO͟hڛ q qAR2Wt6jX`Nej{ RiY/s`GlRz},Eٯ V-)al~鋃\%ϔY?sWZK6}EFn{Uzg'@)aS/8"ssk`pPƒ"f+6)XP$krRm1IqQ ьAC7E{_df54&*х7E.3LZ0aiET?a!ʲ"SMɜ+=ؤEd>xew#ngYR;2walߎK8HK}-mk9\97~ECP+3N+Zr$=l!٠luLuhuLb)h?sѓChE^m}; >}qac^I^# 唧ښW$ UDbWڟ5bs+"L2*<YQ>bb6]-mZ6w[ċ$w4G1x08'&a4U=@¢lȡhq!(3Zc֟ɓsn,Q.yDaIg%XX;6c5 P4Mȇ Q,WӫDiz\O9nށ;pV]䌏S;B@S^$ATXxզC|`̋?SylҊ OPI\<[có~b-g(H1}WUR셞О2q,cREV=i ![cZ[xgsc:zSP)ؘj,%J>PnU5v ad*~c]|m%MHJ!c$ì jxT̽4{ z:i)NOVZ:yRt&)pWW1l?ʹN3\ Ԗ+{H$Rz:M1W BnZ%pUOpXԡV?Pu,vwtm]}'[~ߌ ُ"}eW_-rH:q9B܅pf݌>EfYN4'/:)m^"P sGj8] 3MY16 qQ0.5ۭ?vi:곧pNq2m'M&ӡ1\oO MOnyUsp=-7>_G؃J1(< n|ia#"D䥨z=oS=z0Ҩzl:?fQ?iCX2k;bvytWPJd_ x Hk۫O>NemL)ѤQ/؎ѽM^<> jEIfTV"F@p(~2N @fsA߲R(, ;W6-4,D'=>U"_,"ՅnbjtxM/MjO*븃AbT]7&` | b| J}Woo"wNl*!ǩ^8 iG}a_nYa]߅';OL\=/}>+;9hyG[T?icIb ߍRB3 ;H0 5`Ʈ|ljǏ&c Zlc+L4=ҩ(D5='h@P" [Z/v31jqCX"*:jh:Iӌnx1\ѕhVJ!b =\ T[Zu2ւY4L&1?^ _V^tK˙[Q%KV]<-V5D%0͇2Ǟ8Ϟ]5LtInC6w#)0X\fPggrC{X %Kʲ\jVGb,kRWcB(6 ֓^jxfV@1NDҮ!_rG%dEKg!fzO!;2⢔-N8y7ohxSI 'e[W9F^/Qw q1_۰R;K/ґK$͈&ufhAr` a jof]qgCCltJoGIn"~_lV|`s:q+F-FSsD  T"` ohTԤMp8sL2vSЇbj{-| ,, ˕&1y$(rSAǪd",%W8`Ci7KuIPRB\op}9:]o@oVfnfHɬCQW">\K]z{R;#p+̚0mwy lVD烓6X+ٞU\U(0*5{8S)g~TߜcV x-m0Bkw3dHK?q-7UC&벘Ӈ"42VxC? 9n{*5+î8IY\ ǝȈۿJ9lQTvÏ٥O*K|+VBv/6{>8_Rպ_Fzb";WeW_C}wY_G9q =e +u3 5Zb)Egʔ~HQ.\DPX$U{)m3J'N$z i'.PJr0_$cYINr!Iq>@Pa`[l/5EmyKNpb6!ģ6Wy"+ܷ[.,.Ϥ&Wn&y89S^&T+mHU|$X2Kv%B}v!c25X, < P7$!$C\ O@$w@e,xe(~"擆̺[гmyĸ9<šk/ԧ:1?O\"i)TT)L38@5N{Ec,_ty߼O:(R#fXR7Im=&Y'|`CC1U=n7*[QԇN-]_JݾY{7dY ?h@r3s)hEuk։gū&LK`ek6d($A#(D8K#dh{@@+po0nLjL>8"  3Ud7ēqsvX e(Vfs>c^8&;m;HJA(nH5Cx>d*jX.{S`))Vl@mjꥆ3>XqTx dKO?l\.Dс8t7$Hlo_q$&|h%X4RQ{rg:Wajс]arrZp/sgʕU]9 N7=_8v˓xBl$^ROiRS˕j8 '>qM@}DدS9{TTiWsUq*ioiO3yk`/*l4_J-xR}Z-4\Zlk`yT9UT"G&廁&IQPZ#lFوoClfRa bxrBBv-Vj8s1J^7)F<)r8;G=*\)4vBR?eɏ|[KzVw?;+#&f# <Q 3eL(\#i Kg B y 6`PkIň42]ʅMͶ+b0"I<>&.r% fOy,)[頸CmO$=@3J AY[ &bqjp`}G<(pvVoUTػg}=8OVu 6B ڐo("y4NsD/DL.jM8+A왓C4|?Yh|o{UUJ+'c90IC# ~dF2h|3+Lv"uAXO5_.Nu#T/b$E§05Nyx)7,i+`㺥gE:ݡ_L߱h†G< kP%/5v g9 F-o;ZۣtR=x:/s brE\OH7n]eHMvX8@!tTԁ7DsZ|@ζ5]gzSA(&BI"YjXu3>l)N‰W{Jc‘ G$S)LCJhƺ)i,)-бN0'NxX8U#A*AB@c ,ą'}_fա+u<u&٠# Œ-(Wx^_)_S\e/ uiڐIUOIQax ڞGIDjvI0l}w>R"rS{)Ͱuhm'b0S澱~*G60P!tLؘ8zug,o'rA2az5}L=qg5iGT6L 4Ba9##~a.m11ñynޒ7 K+h緽lNB!-d'd/6x*;Z06Y҂ ݇W;A8s,pBnxRw C莵E3;ԩCcܛT7՘ƴ$*ѩ.1'z EDw!i z$f{T K_)۶/$ƾ+`kV@^ Y(*Cl/Ƨ&,y]{A KiW b,žvIizB`w/yJ *}pye 52U  Kn'#mB'˒!.eHh '6GxZ@~ÈŲv/54{XwV|Iyz=WNmhɆ-vPMh}w?xWFme)mY5ƶqjwS~ OJPReP>h)'{lgO\fIbs^dݙ'X,HNeLiף 5?C?|y(TΡ *K8kr7jV{ia(F 5NCbԫ6z8mP emW0nP}ӥ/(c괩>'RY[]E0TQM[9..A ML 7(͂ mvyZm-32@ֺZq TΖۆVRkW'(}@^?@[Nr5GHZTz9E@678JM3\,/:?V *Ԫ0`@[qݥn/?>D;B#Vs&9ᘇvMq#d_6[J=0o&An%s1&旱A00q:UG-ZO|l3A WTR,#>#?j^5Hx0Ȋ>({}7sMZ!t)1:uw6^1!G MN?Յvj hSLԷ._K~L:D२'wl:b,-XQy_՚ 6=veRO756TB~JTžo]**p~ $q q\gT_vwaD+h"?~oΚ͐k/|Iڪ<Qwv'0cjA3sDfMNC5u \KA/[۴]QM?QzPc" ^\^BGuH.YR zEl*̈́؝dSpW^3 }U՚aDTFL';$}!),vk˒/Q^!дZՔTIs0lz@E-+FREX ǒk޷2n^Xzh_l / XhL#(zI0HQ;Z<$*X#%le;1} VCػ1mž:nƙPgf,bN6wX$ܔ&^>٥(f)H:U7P>Q}HV7oo-m:TԣP3$eb3ЎoЬ: )J@*Z/ +ΪL߉o) AW.e{%sʺma@>ގNC0}piy}ń]q&3@30w)gw|_"j_ĺ @w!B!2iOkoutHѶ?TvgNk!'~cO@R|2>Zs(MVϔ b~{;BywAE\lUW5rp[8D ǡ8=G{PyEzܟ#.h0):qml+pcϟvP`MVm&3Ny(3Q+" r3֏+)/L)b> i`?A¤ GS3:g9Wi~ cXzuq{T#Y'p\h O0OzM@1Rc RɳjZ֍&d Ru`T< b#{Sn!؅G,<.Woti6 p+Li:3 ԆdfE\ïv[Y 0"Af8obS(&Kۇ%4p7)ܠqИ=5Rz28}%1Vt+" w3kH-^H=]Vϱ _&Ge71ݺU'yk-6Kƣ!ahưq'.s%cRTW#`a24<  T;czh~xfځ`уp ľZU883f/neqirr0 ^w>cc3=Qʊ1/}_JxJ[ŀ*1 Q30{{@/(c>&~#+2:GQXTVsjopZiD9H}HV^N~"xJsz N(p/#7)Xk-6$HM2Yr7uJDu5^= lOH5) *Y4\k̀1R :n/L]3AN{epB`]wߪ{|0&[Vb[ c]o q&\Ofܦ'跧^`$ޣ\zM!5Ա[ђƠ& {/84ܞ*FI\´`B+Y ^騌Jo(HHJi>;e'n}}98Sُ`HȰ\MgJV5f d*d]hm$z 6/U:NJI3vءg~ Wnw)L,*-x5VlRnx9oc(ZCDјe':'Jv@pL}2GNY0FvN3dn;.םRKbYZnCʀ_uS` z/\3!\i7_V).xpJ%0BPbM`q-D#=!;c.@& 9]$"qꙌ96k$` ? WAu7?@WTKcN{rZ` ۝>}yPeXW$6ee[Xiq+bT TUKH'ADsGIێP[^fÙx _er|#&i%F|J2קmƍ=0 )$ٯ[/i:F"[P}r\l7V1Ӻ4&BI$zbԔJӰm<`,^uۚqhOtœ]V8kQO2[an%o$ٗ5֩2l!UWVS@!_*n6D{}~}cpa{jb+|<Qcn '~m*.5Ã;`AIuBj2 5η'vv[HMI.BRd)t 2 $`dAQF ̌̇U.ƹKC2/RiBmr\bZx2=SmKuS}} Qrt`EM`M/E5b{ mT'f2/-p?\q֓EX7PĈ8za#8$r`z$ׂgӻk-]@FC -|>5ʻtq*VDnA~2[GQMH&E԰0]d$cCSnނU9H#iˠjTV˂wA}zϴp1&Bz8ZE 8kE=E82V#5Qms6+o__c"]`,ۃə{6_cE&BAuj8jE]A&(T5\#aI *2 }2QXi(>ZLz0x`J{1簌c~f5e˒SБɑ }yEtFO#c׺K4N^Ŵ\?ߓV%؜dD9 FQF^ܷF+; 8D:1U*=Ob^%LxSAMxCP@g,1[`5|Rk F*=4TGP$cpj?@wWM7>,!صyq5N\K$ @p" A/;)Hko%"OqA¥ E } ʾ>ů`tˤD$NG?jgOl! bO_;*@\e€0pսwH׀7RY5 X+e6AZTWifɿ7p<%ڜB2 mr1q;#v1O;|"n=e=/ ~w"Ow`2S jP} X a\ȇ~7| ߙbChD' m Nb˪c_@BI@^KʤlU"6=>c4""A/vp_-DW)&sRL)ņ#Q(! 8;amh\,Q5ྊj6$3c#+W" iZ$T&Q1HͺI+ )7aM9 <㠂 Kgi6fgږ,L$s:4Esl@5zmWZZ5 aBO!ϵ.)T#wUiL'HnBF6bH^<Ζ $ (;OiN΍6Ah(~} ^`PD`ry|>6ir7Ω5u"W '~) hAS'ѺXHlp%Tw>Z1vaәW_1ǚٯOa1֣k)~: 5_$>Xb0Bz8j%{SpDj)I r#.a$FwOjWQ@Dm L!7ב~lu;3ynNI)uN2-> /g\'߼NRG揜1δECPs T8 m,-noJl}U-s9g<-/AIneO+Pq,4 {@ex̥& 9q558'f) w2PE֐r29=U\6X!dyZ8͈y>p+>vp-6`s=vs7s:eC(=YS7izK Xy`QtlјVYeUo^ع!BeVd&}z Oq:&I"b4ZXhA}(r_xXOP(Ḧ@N VSj:89OA]XK8#q TB:'ڬM PB lFn˙:0$|DpݓY7wzM:t;al?g;Z˯O5lXUqbSS+Itλ#PYYEr YJXZ .OmG]o,O ۲)+YDO{s&h=DF}##8S%!(V]CSD͆gb4vχ^,xVт%ogY\BSOU?Qokk0/o^X8nz%ޱj!.@zZHf{Te#APIIuku6U:)ԈcR5LyJHWo^M"C!\S ^ul+u< 4}[w@6a֍kY!sG %\> ^TȹI4B79h<6=#V~H d͸x -2ĪOWj)-gi3)Pb9KɉKcDU4r: ΕB%xF˴f^;#'p2+׫=D u.2 ,B#^fd]7މ8qMs] I];En~SV6CrmmD=,/S[ ygYSR^FRb鴯 ǧovӟ8vǏ'v3>YT)i [vZܴѺk 3Y*1FQ:bT|E 5T4;d&vVqD[咙n>Q7:GۨZR[ f%m9 ',S@fi"Ÿ-rR;ovEN#{ͶF)}Zazl.G/Ȍ=M_%+>ov]]Hbli*/ ;yy; ȹa c&f,^e 6qt6dȘ,٠{DbV٢;:}wjcBp/j^jvzZ T79wn!G@)Iƛ:N)nDfs8IH ^f@oܢ kC .@ eړD2϶ه׷m ݹ7AYQHPکa?xU]+#1/p[TGjaF &\}1ZSFDtоb$<#d~ےM$Řןb1ذ] v${gC,t2E-F6ksPM=U諻V7}M\ؾwR֭%/)t8K#~ƌR.(İ$OVPD;فcѓ4:́嬎qvԆTZ.[yU]1=ѓ2 ۦ.%%ja 85B'Q}& ag",ⶶU0F\V@H,9RCSpڔAN]S)F;+cYB$WS ;@[I 4trv2LeSAĜS$XeQSjlڅHw*m i[ 0',k$NoPܟ ~P\4ǰQ?!.SxU9~coFCNN?:fLoVReFDdxUL rޮqVkŽ]v 1ժ3r< ~ܻ[F%Zc 4KewĞ.VFU绉E!x͙_,0L_[(N} '<0o/7"Cߐ#g-)U}:8&6ۊ7pu(]qQX]ZJmefa5xݓgVn1W?ֶBU`L.cG^QW{Ay|.EZqz sfGɋ\t$'VիXAJv k+g.7@ .H!RńbZYEIE%S ۵P[9Ds, 5 [rxcxpqpm:ѳDqZ w D KcR?+bG2y5`J} KBNuc):HWkXVq)-b?mSo-Q-zZ{e5Gm0@\<_쨼 \դR_էP^J=8E04|JI@gM+L뽍|=7ekR(`g9b⛸jԐr,fs^PznfW?*7?&Bǀp G9piû\y]hӚmr0mYLuj5!X)@k[DpR' $bҾ'5!lA"a6'Dp|g'D2FK=8):= ZQqG"3KTH%ų+D4˫vVhX?0wfЫ]^ސ[~VO"唍1Iؾhwm,m' K<#yEײbM?2iiX2jaM%Ozf9縥ꠛ$ m5+wd({es_2Ҭ''w*G~ᓷ8 skI-ubq>ramۋyй@dLBh>I< g(],J[mL(p;#)涾a$"gm~%^ℐD](@O"m#$S`+X\ *Jvb֙LsO~}a3`xk_q>Cy֏PAE&z4W*E.uy+mDYxF_H;앵<m`{ 3L Drءx>R\ش"ThCo@q2~o f (y5D D~&|o $JZw3Oџ/י'UH7 ﭩzRb|+܎ 5LKS4ʔZ lMz~i#v'y:Z tc9LZis3u`-9knTgu>M J*ts .viߪGã"F_A"b Adu*] _èD*bV4xZ6{nx2,`/ {xq\J(Nqk+s+A_jY`5! 槑L2yߚ$0)@J\})|vL*#H)_P4\Հm㵨ջ&BṔA#dʪUYlh-7g>vʪ0u)REJw!V犊LJ+kLXiͫٷ{_ sd|P؞ĸ S#UEsX˖gZ#}xo!Of@ T"ttԪiNz5deJIUs5E}$C'J!RSV?j0!<k0 #~A}"u0qO&CkvO(@a(5F>~bB4`%$* 03"\-AXy󲐠YvY x( y u7Ohwtvor5~3u($2PO܂PV`eVXU`O >M0M[B v|h` (_ 1fp!7K I柇8/,$ {qCKA^i b).5 z)WnF{tpƏ`vXiJnh+e4k;jpɂP|!#gi 2EP^6A#PVEx)s {?e{2UTN#jC8tq/}V+MIP#dwu qFwָm$Yygp008b/r+ lu*ߦ,TN۳mey9z >CW:3sr3M7"Z]Kز]aH<ЉC[Uy{XV;6 tܬ!w!%]a?;5 l ϙ^ `*طet4n5ir3<ݚbVN`k^̯Su4Xl8DD] 2hΏD?5lv r[ !p?^!(+=30vۍW+y3ã|wj(Sh`Ж+3 SJ%^;p&c0>4E)gGH]K1(ц+BB:ԛ2}c1[+x¨AuB= *>m~ŢWHmƇXQuh3gK{anirVtPhdBߥ.כ|'"i Dk摲 lޚ)ڸ ?ya^ou[MxDO#~ zKI X]^zBݽM0dhxACMǤ$75h@ˈ*l>B}MsKE]7TZ1Y\ k)jX/wʂ&ۜ9h//ӣ4_J-RV.5OPmvzr:MoQ,< /:dK3>ܻ234/%Ps2Mj/Ff(`i&EnRwSG;xd2]ũ:E珚3 }"tzx$q̪bK&r~9NG< _a@>  #oj\D~e0؈1Q3r? ZNK+۸aG\}nH6"+!ދHLm#_JE_GQ1R?蛁r%JD/\7]-w@Uϯ1  _ "l\E>(bcFjXq\v['82p/Y\EFP7ymhR`CqFш Edh w|5! Dq-k:@876J (Ҽ_A݀Jh@ٙ #ڄ-.Z Ut;V V3m*=FqNm*"X&3<6 FB:BMiל2ZqbW-amZ9xp6qPP11\ cֆ-i7"nz1jN(O }Vii6-E95ͭ2J6+{ v5؃~W % m"@\# mz@<}#y$$QF9Zt0j# O,4MOf&I06V4:2 [>=|Adøl+Vp=6>F%&bN*\< ?<:irxŸlJ#Q8J*г@Hw ֵI^S)MQ!\e)kpcWpqezyGAM?]M܃v஬4:E&J$`3 SQl?tT~>Z]^Ї)^\(u'n·[,lKա>Ek Fu@JU1iNˠy_]4v -Ӡ3uU]} ~dJgSA5PG;WidQ< >`UjSP2pd\8P%CLT٣wѾnk`y[ֽ'p~Xb$R& *`Q$rd38[+lgv Bh8k žbV\%7;hp|0=G67 ׉1&^z][Q KEa6dVfC2\r>>h^wom04KF$k|L99=R?|w[oE^_ㅞ%@Pϋ'҃"27>)KXS#f-<[ ˳`i)#]MuTh,D&NN6JG~~B"2M7Rp''J [@,_Uŧi